packages/uadk_engine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Backport uadk engine patch for v1.0.1

Browse Source
This commit is contained in:
JiangShui 2023-08-04 16:24:25 +08:00
parent 6a6cdc7caa
commit 982f1ed10a
11 changed files with 1698 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch Normal file
View File

@ -0,0 +1,74 @@
From 36ea42a1d9556e937be5ebf47f41f66b51a29cb6 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Tue, 16 Aug 2022 09:57:18 +0800
Subject: uadk_digest: fix the full mac buffer length as doing long hash
Sha224 and Sha384 need full length mac buffer as doing long hash.
Depends-on:uadk 802878d71999("digest: fix mac buffer len as long hash")
Signed-off-by: Kai Ye <yekai13@huawei.com>
---
src/uadk_digest.c | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index b2646cb..63887e7 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -484,7 +484,7 @@ static void digest_priv_ctx_setup(struct digest_priv_ctx *priv,
{
priv->setup.alg = alg;
priv->setup.mode = mode;
- priv->req.out_buf_bytes = out_len;
+ priv->req.out_buf_bytes = MAX_DIGEST_LENGTH;
priv->req.out_bytes = out_len;
}
@@ -543,15 +543,30 @@ soft_init:
return digest_soft_init(priv->soft_ctx, priv->e_nid);
}
+static void digest_update_out_length(EVP_MD_CTX *ctx)
+{
+ struct digest_priv_ctx *priv =
+ (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
+
+ /* Sha224 and Sha384 need full length mac buffer as doing long hash */
+ if (priv->e_nid == NID_sha224)
+ priv->req.out_bytes = WD_DIGEST_SHA224_FULL_LEN;
+
+ if (priv->e_nid == NID_sha384)
+ priv->req.out_bytes = WD_DIGEST_SHA384_FULL_LEN;
+}
+
static int digest_update_inner(EVP_MD_CTX *ctx, const void *data, size_t data_len)
{
struct digest_priv_ctx *priv =
- (struct digest_priv_ctx *) EVP_MD_CTX_md_data(ctx);
+ (struct digest_priv_ctx *)EVP_MD_CTX_md_data(ctx);
const unsigned char *tmpdata = (const unsigned char *)data;
size_t left_len = data_len;
int copy_to_bufflen;
int ret;
+ digest_update_out_length(ctx);
+
priv->req.has_next = DIGEST_DOING;
while (priv->last_update_bufflen + left_len > DIGEST_BLOCK_SIZE) {
@@ -708,6 +723,12 @@ static int uadk_e_digest_final(EVP_MD_CTX *ctx, unsigned char *digest)
priv->req.in_bytes = priv->last_update_bufflen;
priv->e_nid = EVP_MD_nid(EVP_MD_CTX_md(ctx));
+ if (priv->e_nid == NID_sha224)
+ priv->req.out_bytes = WD_DIGEST_SHA224_LEN;
+
+ if (priv->e_nid == NID_sha384)
+ priv->req.out_bytes = WD_DIGEST_SHA384_LEN;
+
ret = async_setup_async_event_notification(&op);
if (unlikely(!ret)) {
fprintf(stderr, "failed to setup async event notification.\n");
--
1.8.3.1

59
0059-uadk_utils-fix-x86-local-build.patch Normal file
View File

@ -0,0 +1,59 @@
From 06fd1fe00a03bfbc7430ec8e1b1f7356f47da55d Mon Sep 17 00:00:00 2001
From: Zhangfei Gao <zhangfei.gao@linaro.org>
Date: Tue, 18 Oct 2022 15:39:11 +0800
Subject: uadk_utils: fix x86 local build
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
On x86 local build:
autoreconf -i
./configure --libdir=/usr/local/lib/engines-1.1/
make -j4
uadk_utils.c: In function uadk_memcpy:
uadk_utils.c:23:2: error: unknown register name q1 in asm
__asm__ __volatile__(
^
uadk_utils.c:23:2: error: unknown register name q0 in asm
uadk_utils.c:23:2: error: unknown register name x14 in asm
uadk_utils.c:23:2: error: unknown register name x5 in asm
uadk_utils.c:23:2: error: unknown register name x4 in asm
uadk_utils.c:23:2: error: unknown register name x3 in asm
With this patch, x86 build is OK
Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
---
src/uadk_utils.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/uadk_utils.c b/src/uadk_utils.c
index 2b34b3a..275a124 100644
--- a/src/uadk_utils.c
+++ b/src/uadk_utils.c
@@ -16,6 +16,8 @@
*/
#include "uadk_utils.h"
+#if defined(__AARCH64_CMODEL_SMALL__) && __AARCH64_CMODEL_SMALL__
+
#define UADK_MEM_IMPROVE_THRESHOLD 1024
static void *memcpy_large(void *dstpp, const void *srcpp, size_t len)
@@ -61,3 +63,12 @@ void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len)
else
return memcpy(dstpp, srcpp, len);
}
+
+#else
+
+void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len)
+{
+ return memcpy(dstpp, srcpp, len);
+}
+
+#endif
--
1.8.3.1

188
0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch Normal file
View File

@ -0,0 +1,188 @@
From 8c4f478b1e8965e592467be92d042c8b00c8c426 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:14:03 +0800
Subject: sm2: bugfix about segfault in sm2 ctrl function
When there is no available instance of hpre device, the sm2_init()
in uadk_engine will failed, the setting of sched_init() will failed,
so sched_init() will be NULL. If the sm2_ctrl() function still call
the sm2_update_sess() in this situation, and make wd_ecc_alloc_sess()
to call sched_init(), there will be a segfault.
The solution is to modify the status field of sm2_ctx, make the
variable 'init_status' to indicate the status of init operation:
'CTX_UNINIT' indicates the init operation has not been performed,
'CTX_INIT_SUCC' indicates the init operation has been succeeded,
'CTX_INIT_FAIL' indicates the init operation has been failed.
The sm2_update_sess() will only be called if the 'init_status' is
'CTX_INIT_SUCC'. Then there will be no segfault.
And when there is no available instance, it should switch to openssl
software method, so modify some return values to help finish this
process.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_sm2.c | 44 ++++++++++++++++++++++++++++++++------------
1 file changed, 32 insertions(+), 12 deletions(-)
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index fcca9f2..8a9adca 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -25,6 +25,12 @@
#include "uadk.h"
#include "uadk_pkey.h"
+enum {
+ CTX_INIT_FAIL = -1,
+ CTX_UNINIT,
+ CTX_INIT_SUCC
+};
+
typedef struct {
/* Key and paramgen group */
EC_GROUP *gen_group;
@@ -43,7 +49,7 @@ struct sm2_ctx {
const BIGNUM *prikey;
const EC_POINT *pubkey;
BIGNUM *order;
- bool is_init;
+ int init_status;
};
typedef struct sm2_ciphertext {
@@ -165,6 +171,7 @@ static int sm2_update_sess(struct sm2_ctx *smctx)
memset(&setup, 0, sizeof(setup));
setup.alg = "sm2";
+
if (smctx->ctx.md) {
setup.hash.cb = compute_hash;
setup.hash.usr = (void *)smctx->ctx.md;
@@ -189,6 +196,7 @@ static int sm2_update_sess(struct sm2_ctx *smctx)
if (smctx->sess)
wd_ecc_free_sess(smctx->sess);
+
smctx->sess = sess;
smctx->prikey = NULL;
smctx->pubkey = NULL;
@@ -636,7 +644,7 @@ static int sm2_sign_check(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
if (!smctx || !smctx->sess) {
fprintf(stderr, "smctx or sess NULL\n");
- return -EINVAL;
+ return UADK_DO_SOFT;
}
if (sig_sz <= 0) {
@@ -676,7 +684,7 @@ static int sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
if (ret)
goto do_soft;
- if (!smctx->is_init) {
+ if (smctx->init_status != CTX_INIT_SUCC) {
ret = UADK_DO_SOFT;
goto do_soft;
}
@@ -744,6 +752,13 @@ static int sm2_verify_check(EVP_PKEY_CTX *ctx,
const unsigned char *tbs,
size_t tbslen)
{
+ struct sm2_ctx *smctx = EVP_PKEY_CTX_get_data(ctx);
+
+ if (!smctx || !smctx->sess) {
+ fprintf(stderr, "smctx or sess NULL\n");
+ return UADK_DO_SOFT;
+ }
+
if (tbslen > SM2_KEY_BYTES)
return UADK_DO_SOFT;
@@ -772,7 +787,7 @@ static int sm2_verify(EVP_PKEY_CTX *ctx,
if (ret)
goto do_soft;
- if (!smctx->is_init) {
+ if (smctx->init_status != CTX_INIT_SUCC) {
ret = UADK_DO_SOFT;
goto do_soft;
}
@@ -853,7 +868,7 @@ static int sm2_encrypt_check(EVP_PKEY_CTX *ctx,
if (!smctx || !smctx->sess) {
fprintf(stderr, "smctx or sess NULL\n");
- return 0;
+ return UADK_DO_SOFT;
}
md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
@@ -897,7 +912,7 @@ static int sm2_encrypt(EVP_PKEY_CTX *ctx,
if (ret)
goto do_soft;
- if (!smctx->is_init) {
+ if (smctx->init_status != CTX_INIT_SUCC) {
ret = UADK_DO_SOFT;
goto do_soft;
}
@@ -953,7 +968,7 @@ static int sm2_decrypt_check(EVP_PKEY_CTX *ctx,
if (!smctx || !smctx->sess) {
fprintf(stderr, "smctx or sess NULL\n");
- return -EINVAL;
+ return UADK_DO_SOFT;
}
md = (smctx->ctx.md == NULL) ? EVP_sm3() : smctx->ctx.md;
@@ -1038,7 +1053,7 @@ static int sm2_decrypt(EVP_PKEY_CTX *ctx,
if (ret)
goto do_soft;
- if (!smctx->is_init) {
+ if (smctx->init_status != CTX_INIT_SUCC) {
ret = UADK_DO_SOFT;
goto do_soft;
}
@@ -1124,18 +1139,18 @@ static int sm2_init(EVP_PKEY_CTX *ctx)
ret = uadk_init_ecc();
if (ret) {
fprintf(stderr, "failed to uadk_init_ecc, ret = %d\n", ret);
- smctx->is_init = false;
+ smctx->init_status = CTX_INIT_FAIL;
goto end;
}
ret = sm2_update_sess(smctx);
if (ret) {
fprintf(stderr, "failed to update sess\n");
- smctx->is_init = false;
+ smctx->init_status = CTX_INIT_FAIL;
goto end;
}
- smctx->is_init = true;
+ smctx->init_status = CTX_INIT_SUCC;
end:
EVP_PKEY_CTX_set_data(ctx, smctx);
EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
@@ -1196,8 +1211,13 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
return 1;
case EVP_PKEY_CTRL_MD:
smctx->ctx.md = p2;
- if (sm2_update_sess(smctx))
+ if (smctx->init_status != CTX_INIT_SUCC)
+ return 1;
+
+ if (sm2_update_sess(smctx)) {
+ fprintf(stderr, "failed to set MD\n");
return 0;
+ }
return 1;
case EVP_PKEY_CTRL_GET_MD:
*(const EVP_MD **)p2 = smctx->ctx.md;
--
1.8.3.1

142
0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch Normal file
View File

@ -0,0 +1,142 @@
From e34a0bb0cc5c381f45877e05d927fd4bc5dc98f6 Mon Sep 17 00:00:00 2001
From: Hao Fang <fanghao11@huawei.com>
Date: Sat, 22 Oct 2022 15:27:20 +0800
Subject: uadk_engine: use HW_V2/HW_V3 to distinguish different hardware
platforms
Hardware version numbers are used to distinguish different hardware.
Signed-off-by: Hao Fang <fanghao11@huawei.com>
Tested-by: Junchong Pan <panjunchong@hisilicon.com>
---
src/uadk.h | 4 ++--
src/uadk_cipher.c | 22 +++++++++++-----------
test/sanity_test.sh | 8 ++++----
3 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h
index cd3447c..99c65c7 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -27,8 +27,8 @@
#define ENGINE_RECV_MAX_CNT 60000000
enum {
- KUNPENG920,
- KUNPENG930,
+ HW_V2,
+ HW_V3,
};
extern const char *engine_uadk_id;
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index c5bc7af..c6878c3 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -77,7 +77,7 @@ static int platform;
#define SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT 192
-static int cipher_920_nids[] = {
+static int cipher_hw_v2_nids[] = {
NID_aes_128_cbc,
NID_aes_192_cbc,
NID_aes_256_cbc,
@@ -93,7 +93,7 @@ static int cipher_920_nids[] = {
0,
};
-static int cipher_930_nids[] = {
+static int cipher_hw_v3_nids[] = {
NID_aes_128_cbc,
NID_aes_192_cbc,
NID_aes_256_cbc,
@@ -342,9 +342,9 @@ static int uadk_get_accel_platform(char *alg_name)
return 0;
if (!strcmp(dev->api, "hisi_qm_v2"))
- platform = KUNPENG920;
+ platform = HW_V2;
else
- platform = KUNPENG930;
+ platform = HW_V3;
free(dev);
return 1;
@@ -358,12 +358,12 @@ static int uadk_e_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
int size;
int i;
- if (platform == KUNPENG920) {
- size = (sizeof(cipher_920_nids) - 1) / sizeof(int);
- cipher_nids = cipher_920_nids;
+ if (platform == HW_V2) {
+ size = (sizeof(cipher_hw_v2_nids) - 1) / sizeof(int);
+ cipher_nids = cipher_hw_v2_nids;
} else {
- size = (sizeof(cipher_930_nids) - 1) / sizeof(int);
- cipher_nids = cipher_930_nids;
+ size = (sizeof(cipher_hw_v3_nids) - 1) / sizeof(int);
+ cipher_nids = cipher_hw_v3_nids;
}
if (!cipher) {
@@ -1073,7 +1073,7 @@ int uadk_e_bind_cipher(ENGINE *e)
}
bind_v2_cipher();
- if (platform > KUNPENG920)
+ if (platform > HW_V2)
bind_v3_cipher();
return ENGINE_set_ciphers(e, uadk_e_engine_ciphers);
@@ -1155,7 +1155,7 @@ void uadk_e_destroy_cipher(void)
pthread_spin_destroy(&engine.lock);
destroy_v2_cipher();
- if (platform > KUNPENG920)
+ if (platform > HW_V2)
destroy_v3_cipher();
}
diff --git a/test/sanity_test.sh b/test/sanity_test.sh
index 2c0c504..bdedc15 100755
--- a/test/sanity_test.sh
+++ b/test/sanity_test.sh
@@ -103,7 +103,7 @@ if [[ $algs =~ "RSA" ]]; then
openssl speed -elapsed -engine $engine_id -async_jobs 1 rsa4096
fi
-#ecdsa only supported in Kunpeng930 or later
+#ecdsa only supported in HW_V3 or later
if [[ $algs =~ "id-ecPublicKey" ]]; then
echo "testing ECDSA"
openssl speed -elapsed -engine $engine_id ecdsap224
@@ -116,21 +116,21 @@ if [[ $algs =~ "id-ecPublicKey" ]]; then
openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdsap521
fi
-#X25519 only supported in Kunpeng930 or later
+#X25519 only supported in HW_V3 or later
if [[ $algs =~ "X25519" ]]; then
echo "testing X25519"
openssl speed -elapsed -engine $engine_id ecdhx25519
openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhx25519
fi
-#X448 only supported in Kunpeng930 or later
+#X448 only supported in HW_V3 or later
if [[ $algs =~ "X448" ]]; then
echo "testing X448"
openssl speed -elapsed -engine $engine_id ecdhx448
openssl speed -elapsed -engine $engine_id -async_jobs 1 ecdhx448
fi
-#ecdh only supported in Kunpeng930 or later
+#ecdh only supported in HW_V3 or later
if [[ $algs =~ "id-ecPublicKey" ]]; then
echo "testing ECDH"
openssl speed -elapsed -engine $engine_id ecdhp192
--
1.8.3.1

73
0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch Normal file
View File

@ -0,0 +1,73 @@
From 01580bb856fe7a2206990954b38d8213efd06098 Mon Sep 17 00:00:00 2001
From: Longfang Liu <liulongfang@huawei.com>
Date: Sat, 22 Oct 2022 15:31:24 +0800
Subject: uadk/engine: update the numa parameter of the scheduler
In the scenario where multiple devices are enabled at the
same time through environment variables, fixing a numa id
will make other devices unusable. When using the default
numa parameter, the scheduler will automatically allocate
device resources according to the CPU id of the thread,
so as to realize all devices.
Signed-off-by: Longfang Liu <liulongfang@huawei.com>
---
src/uadk_cipher.c | 4 ++--
src/uadk_digest.c | 3 ++-
src/uadk_rsa.c | 4 +++-
3 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index c6878c3..8e8c5f3 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -469,7 +469,6 @@ static handle_t sched_single_init(handle_t h_sched_ctx, void *sched_param)
return (handle_t)0;
}
- skey->numa_id = param->numa_id;
skey->type = param->type;
return (handle_t)skey;
@@ -881,7 +880,8 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv)
if (ret)
params.type = 0;
- params.numa_id = engine.numa_id;
+ /* Use the default numa parameters */
+ params.numa_id = -1;
priv->setup.sched_param = &params;
if (!priv->sess) {
priv->sess = wd_cipher_alloc_sess(&priv->setup);
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 63887e7..8370490 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -523,7 +523,8 @@ static int uadk_e_digest_init(EVP_MD_CTX *ctx)
return 0;
}
- params.numa_id = engine.numa_id;
+ /* Use the default numa parameters */
+ params.numa_id = -1;
priv->setup.sched_param = &params;
priv->sess = wd_digest_alloc_sess(&priv->setup);
if (unlikely(!priv->sess))
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index ef1739d..74852e7 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -881,7 +881,9 @@ static struct uadk_rsa_sess *rsa_get_eng_session(RSA *rsa, unsigned int bits,
rsa_sess->key_size = key_size;
rsa_sess->setup.key_bits = key_size << BIT_BYTES_SHIFT;
- params.numa_id = g_rsa_res.numa_id;
+
+ /* Use the default numa parameters */
+ params.numa_id = -1;
rsa_sess->setup.sched_param = &params;
rsa_sess->setup.is_crt = is_crt;
--
1.8.3.1

205
0063-uadk_engine-bugfix-side-effects-of-right-operand.patch Normal file
View File

@ -0,0 +1,205 @@
From 5b59c17f84d5a1f6e7c996a499f5a70059d89ee7 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:35:17 +0800
Subject: uadk_engine: bugfix side effects of right operand
The right operand of while condition may contains side effects,
variables change "rx_cnt++". Move 'rx_cnt++' from condition
to statement.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_cipher.c | 13 ++++++++-----
src/uadk_dh.c | 18 +++++++++++-------
src/uadk_digest.c | 13 ++++++++-----
src/uadk_pkey.c | 13 ++++++++-----
src/uadk_rsa.c | 14 +++++++++-----
5 files changed, 44 insertions(+), 27 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 8e8c5f3..9d4f692 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -516,11 +516,13 @@ static int uadk_e_cipher_poll(void *ctx)
do {
ret = wd_cipher_poll_ctx(idx, expt, &recv);
- if (recv == expt)
+ if (!ret && recv == expt)
return 0;
- else if (ret < 0 && ret != -EAGAIN)
- return ret;
- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ else if (ret == -EAGAIN)
+ rx_cnt++;
+ else
+ return -1;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -539,7 +541,8 @@ static int uadk_e_cipher_env_poll(void *ctx)
ret = wd_cipher_poll(expt, &recv);
if (ret < 0 || recv == expt)
return ret;
- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 37f84e9..2af2455 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -48,6 +48,7 @@
#define UADK_E_SUCCESS 1
#define UADK_E_FAIL 0
#define UADK_E_POLL_SUCCESS 0
+#define UADK_E_POLL_FAIL (-1)
#define UADK_E_INIT_SUCCESS 0
#define ENV_ENABLED 1
@@ -206,17 +207,19 @@ static int uadk_e_dh_poll(void *ctx)
{
__u64 rx_cnt = 0;
__u32 recv = 0;
- int expect = 1;
+ int expt = 1;
int idx = 1;
int ret;
do {
- ret = wd_dh_poll_ctx(idx, expect, &recv);
- if (recv == expect)
+ ret = wd_dh_poll_ctx(idx, expt, &recv);
+ if (!ret && recv == expt)
return UADK_E_POLL_SUCCESS;
- else if (ret < 0 && ret != -EAGAIN)
- return ret;
- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ else if (ret == -EAGAIN)
+ rx_cnt++;
+ else
+ return UADK_E_POLL_FAIL;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -283,7 +286,8 @@ static int uadk_e_dh_env_poll(void *ctx)
ret = wd_dh_poll(expt, &recv);
if (ret < 0 || recv == expt)
return ret;
- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 8370490..9568a98 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -343,11 +343,13 @@ static int uadk_e_digest_poll(void *ctx)
do {
ret = wd_digest_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv == expt)
+ if (!ret && recv == expt)
return 0;
- else if (ret < 0 && ret != -EAGAIN)
- return ret;
- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ else if (ret == -EAGAIN)
+ rx_cnt++;
+ else
+ return -1;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -366,7 +368,8 @@ static int uadk_e_digest_env_poll(void *ctx)
ret = wd_digest_poll(expt, &recv);
if (ret < 0 || recv == expt)
return ret;
- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 211f1cc..6920cff 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -110,11 +110,13 @@ static int uadk_ecc_poll(void *ctx)
do {
ret = wd_ecc_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv == expt)
+ if (!ret && recv == expt)
return 0;
- else if (ret < 0 && ret != -EAGAIN)
- return ret;
- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ else if (ret == -EAGAIN)
+ rx_cnt++;
+ else
+ return -1;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -153,7 +155,8 @@ static int uadk_e_ecc_env_poll(void *ctx)
ret = wd_ecc_poll(expt, &recv);
if (ret < 0 || recv == expt)
return ret;
- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 74852e7..bcdd6bc 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -48,6 +48,7 @@
#define UADK_E_FAIL 0
#define UADK_DO_SOFT (-0xE0)
#define UADK_E_POLL_SUCCESS 0
+#define UADK_E_POLL_FAIL (-1)
#define UADK_E_INIT_SUCCESS 0
#define CHECK_PADDING_FAIL (-1)
#define ENV_ENABLED 1
@@ -664,11 +665,13 @@ static int uadk_e_rsa_poll(void *ctx)
do {
ret = wd_rsa_poll_ctx(CTX_ASYNC, expt, &recv);
- if (recv == expt)
+ if (!ret && recv == expt)
return UADK_E_POLL_SUCCESS;
- else if (ret < 0 && ret != -EAGAIN)
- return ret;
- } while (ret == -EAGAIN && (rx_cnt++ < ENGINE_RECV_MAX_CNT));
+ else if (ret == -EAGAIN)
+ rx_cnt++;
+ else
+ return UADK_E_POLL_FAIL;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to recv msg: timeout!\n");
@@ -700,7 +703,8 @@ static int uadk_e_rsa_env_poll(void *ctx)
ret = wd_rsa_poll(expt, &recv);
if (ret < 0 || recv == expt)
return ret;
- } while (rx_cnt++ < ENGINE_RECV_MAX_CNT);
+ rx_cnt++;
+ } while (rx_cnt < ENGINE_RECV_MAX_CNT);
fprintf(stderr, "failed to poll msg: timeout!\n");
--
1.8.3.1

118
0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch Normal file
View File

@ -0,0 +1,118 @@
From f17c89d7d27b3a728232c7e641c2978db238a2f3 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:37:45 +0800
Subject: uadk_engine: cleanup static check warning of clangtidy tool
Cleanup the following warning:
1. Parameters of function should not be used as working
variable.
2. Cleanup uninitialized value.
3. Storage class should be specified after a type.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/e_uadk.c | 6 ++----
src/uadk_cipher.c | 9 +++++----
src/uadk_ec.c | 5 +++--
src/uadk_rsa.c | 16 ++++++++--------
4 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 77612d7..21ceb86 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -89,13 +89,11 @@ static const ENGINE_CMD_DEFN g_uadk_cmd_defns[] = {
}
};
-__attribute__((constructor))
-static void uadk_constructor(void)
+static void __attribute__((constructor)) uadk_constructor(void)
{
}
-__attribute__((destructor))
-static void uadk_destructor(void)
+static void __attribute__((destructor)) uadk_destructor(void)
{
}
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 9d4f692..14e2af2 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -749,17 +749,18 @@ static void ctr_iv_inc(uint8_t *counter, __u32 c)
{
uint32_t n = CTR_128BIT_COUNTER;
uint8_t *counter1 = counter;
+ __u32 c_value = c;
/*
* Since the counter has been increased 1 by the hardware,
* so the c need to decrease 1.
*/
- c = c - 1;
+ c_value -= 1;
do {
--n;
- c += counter1[n];
- counter1[n] = (uint8_t)c;
- c >>= BYTE_BITS;
+ c_value += counter1[n];
+ counter1[n] = (uint8_t)c_value;
+ c_value >>= BYTE_BITS;
} while (n);
}
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 37683cd..247b875 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -72,14 +72,15 @@ static void init_dtb_param(void *dtb, char *start,
__u32 dsz, __u32 bsz, __u32 num)
{
struct wd_dtb *tmp = dtb;
+ char *buff = start;
int i = 0;
while (i++ < num) {
- tmp->data = start;
+ tmp->data = buff;
tmp->dsize = dsz;
tmp->bsize = bsz;
tmp += 1;
- start += bsz;
+ buff += bsz;
}
}
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index bcdd6bc..7d25338 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -932,14 +932,14 @@ static int rsa_fill_prikey(RSA *rsa, struct uadk_rsa_sess *rsa_sess,
struct rsa_prikey_param *pri,
unsigned char *in_buf, unsigned char *to)
{
- struct wd_rsa_prikey *prikey;
- struct wd_dtb *wd_dq;
- struct wd_dtb *wd_dp;
- struct wd_dtb *wd_q;
- struct wd_dtb *wd_p;
- struct wd_dtb *wd_qinv;
- struct wd_dtb *wd_d;
- struct wd_dtb *wd_n;
+ struct wd_rsa_prikey *prikey = NULL;
+ struct wd_dtb *wd_qinv = NULL;
+ struct wd_dtb *wd_dq = NULL;
+ struct wd_dtb *wd_dp = NULL;
+ struct wd_dtb *wd_q = NULL;
+ struct wd_dtb *wd_p = NULL;
+ struct wd_dtb *wd_d = NULL;
+ struct wd_dtb *wd_n = NULL;
if (!(rsa_sess->is_prikey_ready) && (pri->is_crt)) {
wd_rsa_get_prikey(rsa_sess->sess, &prikey);
--
1.8.3.1

38
0065-uadk_engine-bugfix-enable-environment-variable.patch Normal file
View File

@ -0,0 +1,38 @@
From 7ef97aab7a5cd964241fe9879588ceb54a547003 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:53:53 +0800
Subject: uadk_engine: bugfix enable environment variable
When the 'alg_name' set by the user is valid, the 'env_enabled'
field should be set or returned.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/e_uadk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/e_uadk.c b/src/e_uadk.c
index 21ceb86..0a9e3e6 100644
--- a/src/e_uadk.c
+++ b/src/e_uadk.c
@@ -116,7 +116,7 @@ int uadk_e_is_env_enabled(const char *alg_name)
int i = 0;
while (i < len) {
- if (strcmp(uadk_env_enabled[i].alg_name, alg_name))
+ if (!strcmp(uadk_env_enabled[i].alg_name, alg_name))
return uadk_env_enabled[i].env_enabled;
i++;
}
@@ -130,7 +130,7 @@ static void uadk_e_set_env_enabled(const char *alg_name, __u8 value)
int i = 0;
while (i < len) {
- if (strcmp(uadk_env_enabled[i].alg_name, alg_name)) {
+ if (!strcmp(uadk_env_enabled[i].alg_name, alg_name)) {
uadk_env_enabled[i].env_enabled = value;
return;
}
--
1.8.3.1

537
0066-uadk_engine-cleanup-magic-number-and-comments.patch Normal file
View File

@ -0,0 +1,537 @@
From 20049f2becb9cc339276d4839f6d9f909273f5a5 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:54:51 +0800
Subject: uadk_engine: cleanup magic number and comments
Use macros to replace magic numbers and related operations.
Simplify code comments and unify style.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk_cipher.c | 4 +---
src/uadk_dh.c | 5 ++---
src/uadk_digest.c | 2 +-
src/uadk_ec.c | 51 ++++++++++++++++++++++++++-------------------------
src/uadk_ecx.c | 40 +++++++++++++++++++++++-----------------
src/uadk_pkey.c | 9 ++++-----
src/uadk_pkey.h | 6 +++++-
src/uadk_rsa.c | 25 ++++++++++---------------
src/uadk_sm2.c | 23 ++++++++++++-----------
9 files changed, 84 insertions(+), 81 deletions(-)
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index 14e2af2..de5f078 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -480,13 +480,11 @@ static __u32 sched_single_pick_next_ctx(handle_t sched_ctx,
struct sched_params *key = (struct sched_params *)sched_key;
if (sched_mode) {
- /* async */
if (key->type == WD_CIPHER_ENCRYPTION)
return CTX_ASYNC_ENC;
else
return CTX_ASYNC_DEC;
} else {
- /* sync */
if (key->type == WD_CIPHER_ENCRYPTION)
return CTX_SYNC_ENC;
else
@@ -744,7 +742,7 @@ static void async_cb(struct wd_cipher_req *req, void *data)
}
}
-/* increment counter (128-bit int) by c */
+/* Increment counter (128-bit int) by c */
static void ctr_iv_inc(uint8_t *counter, __u32 c)
{
uint32_t n = CTR_128BIT_COUNTER;
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 2af2455..6356872 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -603,7 +603,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p,
if (!ag_bin)
return UADK_E_FAIL;
- /* malloc a contiguous chunk of memory */
+ /* Malloc a contiguous chunk of memory */
apriv_key_bin = OPENSSL_malloc(key_size * DH_PARAMS_CNT);
if (!apriv_key_bin)
goto free_ag;
@@ -615,7 +615,7 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p,
memset(ap_bin, 0, key_size);
memset(out_pri, 0, key_size);
- /* construct data block of g */
+ /* Construct data block of g */
ret = dh_set_g(g, key_size, ag_bin, dh_sess);
if (!ret)
goto free_apriv;
@@ -623,7 +623,6 @@ static int dh_fill_genkey_req(const BIGNUM *g, const BIGNUM *p,
dh_sess->req.xbytes = BN_bn2bin(priv_key, apriv_key_bin);
dh_sess->req.pbytes = BN_bn2bin(p, ap_bin);
dh_sess->req.x_p = (void *)apriv_key_bin;
- /* the output from uadk */
dh_sess->req.pri = out_pri;
dh_sess->req.pri_bytes = key_size;
dh_sess->req.op_type = WD_DH_PHASE1;
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 9568a98..9d009a9 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -71,7 +71,7 @@ static struct digest_engine engine;
struct evp_md_ctx_st {
const EVP_MD *digest;
- /* functional reference if 'digest' is ENGINE-provided */
+ /* Functional reference if 'digest' is ENGINE-provided */
ENGINE *engine;
unsigned long flags;
void *md_data;
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 247b875..9b48ae7 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -27,23 +27,23 @@
#include "uadk.h"
#define ECC128BITS 128
-#define ECC192BITS 192
-#define ECC224BITS 224
-#define ECC256BITS 256
-#define ECC320BITS 320
-#define ECC384BITS 384
-#define ECC521BITS 521
+#define ECC192BITS 192
+#define ECC224BITS 224
+#define ECC256BITS 256
+#define ECC320BITS 320
+#define ECC384BITS 384
+#define ECC521BITS 521
struct curve_param {
- /* prime */
+ /* Prime */
BIGNUM *p;
- /* ecc coefficient 'a' */
+ /* ECC coefficient 'a' */
BIGNUM *a;
- /* ecc coefficient 'b' */
+ /* ECC coefficient 'b' */
BIGNUM *b;
- /* base point */
+ /* Base point */
const EC_POINT *g;
- /* order of base point */
+ /* Order of base point */
const BIGNUM *order;
};
@@ -176,7 +176,6 @@ free_ctx:
static int get_smallest_hw_keybits(int bits)
{
- /* ec curve order width */
if (bits > ECC384BITS)
return ECC521BITS;
else if (bits > ECC320BITS)
@@ -283,7 +282,7 @@ static int eckey_check(const EC_KEY *eckey)
return -1;
}
- /* field GF(2m) is not supported by uadk */
+ /* Field GF(2m) is not supported by uadk */
if (!uadk_prime_field(group))
return UADK_DO_SOFT;
@@ -336,22 +335,25 @@ static int set_digest(handle_t sess, struct wd_dtb *e,
unsigned int dlen = sdgst->dsize;
BIGNUM *m;
- if (dlen << UADK_BITS_2_BYTES_SHIFT > order_bits) {
+ if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits) {
m = BN_new();
/* Need to truncate digest if it is too long: first truncate
* whole bytes
*/
- dlen = (order_bits + 7) >> UADK_BITS_2_BYTES_SHIFT;
+ dlen = BITS_TO_BYTES(order_bits);
if (!BN_bin2bn(dgst, dlen, m)) {
fprintf(stderr, "failed to BN_bin2bn digest\n");
BN_free(m);
return -1;
}
- /* If still too long, truncate remaining bits with a shift */
- if (dlen << UADK_BITS_2_BYTES_SHIFT > order_bits &&
- !BN_rshift(m, m, 8 - (order_bits & 0x7))) {
+ /* If the length of digest is still longer than the length
+ * of the base point order, truncate remaining bits with a
+ * shift to that length
+ */
+ if (dlen << TRANS_BITS_BYTES_SHIFT > order_bits &&
+ !BN_rshift(m, m, DGST_SHIFT_NUM(order_bits))) {
fprintf(stderr, "failed to truncate input digest\n");
BN_free(m);
return -1;
@@ -743,7 +745,7 @@ err:
static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req)
{
- unsigned char buff[SM2_KEY_BYTES * 2 + 1] = {UADK_OCTET_STRING};
+ unsigned char buff[ECC_POINT_SIZE(SM2_KEY_BYTES) + 1] = {UADK_OCTET_STRING};
struct wd_ecc_point *pubkey = NULL;
struct wd_dtb *privkey = NULL;
const EC_GROUP *group;
@@ -768,8 +770,8 @@ static int set_key_to_ec_key(EC_KEY *ec, struct wd_ecc_req *req)
return -ENOMEM;
}
- memcpy(buff + 1, pubkey->x.data, SM2_KEY_BYTES * 2);
- tmp = BN_bin2bn(buff, SM2_KEY_BYTES * 2 + 1, NULL);
+ memcpy(buff + 1, pubkey->x.data, ECC_POINT_SIZE(SM2_KEY_BYTES));
+ tmp = BN_bin2bn(buff, ECC_POINT_SIZE(SM2_KEY_BYTES) + 1, NULL);
ptr = EC_POINT_bn2point(group, tmp, point, NULL);
BN_free(tmp);
if (!ptr) {
@@ -1029,7 +1031,7 @@ static int ecdh_compkey_init_iot(handle_t sess, struct wd_ecc_req *req,
in_pkey.x.dsize = BN_bn2bin(pkey_x, (unsigned char *)in_pkey.x.data);
in_pkey.y.dsize = BN_bn2bin(pkey_y, (unsigned char *)in_pkey.y.data);
- /* set public key */
+ /* Set public key */
ecdh_in = wd_ecxdh_new_in(sess, &in_pkey);
if (!ecdh_in) {
fprintf(stderr, "failed to new ecxdh in\n");
@@ -1075,7 +1077,7 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req)
}
key_size_std = (unsigned int)(EC_GROUP_get_degree(group) +
- UADK_ECC_PADDING) >> UADK_BITS_2_BYTES_SHIFT;
+ UADK_ECC_PADDING) >> TRANS_BITS_BYTES_SHIFT;
key_size_x = pubkey->x.dsize;
key_size_y = pubkey->y.dsize;
if ((key_size_x > key_size_std) || (key_size_y > key_size_std)) {
@@ -1088,9 +1090,8 @@ static int ecdh_set_key_to_ec_key(EC_KEY *ecdh, struct wd_ecc_req *req)
* tag - 1 byte
* point_x - [key_size_std] bytes
* point_y - [key_size_std] bytes
- * so the malloc size is: key_size_std * 2 + 1
*/
- buff_size = key_size_std * 2 + 1;
+ buff_size = ECC_POINT_SIZE(key_size_std) + 1;
x_shift = key_size_std - key_size_x + 1;
y_shift = buff_size - key_size_y;
buff = (unsigned char *)OPENSSL_malloc(buff_size);
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index df23156..67042a3 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -295,33 +295,39 @@ static int ecx_keygen_set_pkey(EVP_PKEY *pkey, struct ecx_ctx *ecx_ctx,
memcpy(ecx_key->pubkey, (const unsigned char *)pubkey->x.data,
key_size);
- /* trans public key from big-endian to little-endian */
+ /* Trans public key from big-endian to little-endian */
ret = reverse_bytes(ecx_key->pubkey, key_size);
if (!ret) {
fprintf(stderr, "failed to trans public key\n");
return UADK_E_FAIL;
}
- /* trans private key from big-endian to little-endian */
+ /* Trans private key from big-endian to little-endian */
ret = reverse_bytes(ecx_key->privkey, key_size);
if (!ret) {
fprintf(stderr, "failed to trans private key\n");
return UADK_E_FAIL;
}
/*
- * This is a pretreatment of X25519/X448, as described in RFC 7748:
- * For X25519, in order to decode 32 random bytes as an integer
- * scaler, set the three LSB of the first byte and MSB of the last
- * to zero, set the second MSB of the last byte to 1.
- * For X448, set the two LSB of the first byte to 0, and MSB of the
- * last byte to 1. Decode in little-endian mode.
+ * This is a pretreatment of X25519/X448 described in RFC 7748.
+ * In order to decode the random bytes as an integer scaler, there
+ * are some special data processing. And use little-endian mode for
+ * decoding.
*/
if (ecx_ctx->nid == EVP_PKEY_X25519) {
- ecx_key->privkey[0] &= 248;
- ecx_key->privkey[X25519_KEYLEN - 1] &= 127;
- ecx_key->privkey[X25519_KEYLEN - 1] |= 64;
+ /* Set the three LSB of the first byte to 0 */
+ ecx_key->privkey[0] &= 0xF8;
+
+ /* Set the MSB of the last byte to 0 */
+ ecx_key->privkey[X25519_KEYLEN - 1] &= 0x7F;
+
+ /* Set the second MSB of the last byte to 1 */
+ ecx_key->privkey[X25519_KEYLEN - 1] |= 0x40;
} else if (ecx_ctx->nid == EVP_PKEY_X448) {
- ecx_key->privkey[0] &= 252;
- ecx_key->privkey[X448_KEYLEN - 1] |= 128;
+ /* Set the two LSB of the first byte to 0 */
+ ecx_key->privkey[0] &= 0xFC;
+
+ /* Set the MSB of the last byte to 1 */
+ ecx_key->privkey[X448_KEYLEN - 1] |= 0x80;
}
ret = EVP_PKEY_assign(pkey, ecx_ctx->nid, ecx_key);
@@ -494,7 +500,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req,
struct wd_ecc_in *ecx_in;
int ret;
- /* trans public key from little-endian to big-endian */
+ /* Trans public key from little-endian to big-endian */
ret = reverse_bytes(peer_ecx_key->pubkey, key_size);
if(!ret) {
fprintf(stderr, "failed to trans public key\n");
@@ -521,7 +527,7 @@ static int ecx_compkey_init_iot(struct ecx_ctx *ecx_ctx, struct wd_ecc_req *req,
uadk_ecc_fill_req(req, WD_ECXDH_COMPUTE_KEY, ecx_in, ecx_out);
- /* trans public key from big-endian to little-endian */
+ /* Trans public key from big-endian to little-endian */
ret = reverse_bytes(peer_ecx_key->pubkey, key_size);
if (!ret) {
fprintf(stderr, "failed to trans public key\n");
@@ -553,7 +559,7 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx,
struct wd_dtb prikey;
int ret;
- /* trans private key from little-endian to big-endian */
+ /* Trans private key from little-endian to big-endian */
ret = reverse_bytes(ecx_key->privkey, key_size);
if (!ret) {
fprintf(stderr, "failed to trans private key\n");
@@ -569,7 +575,7 @@ static int ecx_derive_set_private_key(struct ecx_ctx *ecx_ctx,
return UADK_E_FAIL;
}
- /* trans private key from big-endian to little-endian */
+ /* Trans private key from big-endian to little-endian */
ret = reverse_bytes(ecx_key->privkey, key_size);
if (!ret) {
fprintf(stderr, "failed to trans private key\n");
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 6920cff..6b5ae9a 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -44,7 +44,7 @@ struct ecc_res_config {
int numa_id;
};
-/* ecc global hardware resource is saved here */
+/* ECC global hardware resource is saved here */
struct ecc_res {
struct wd_ctx_config *ctx_res;
int pid;
@@ -123,7 +123,7 @@ static int uadk_ecc_poll(void *ctx)
return -ETIMEDOUT;
}
-/* make resource configure static */
+/* Make resource configure static */
struct ecc_res_config ecc_res_config = {
.sched = {
.sched_type = -1,
@@ -234,7 +234,7 @@ static int uadk_wd_ecc_init(struct ecc_res_config *config)
struct uacce_dev *dev;
int ret;
- /* ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */
+ /* The ctx is no difference for sm2/ecdsa/ecdh/x25519/x448 */
dev = wd_get_accel_dev("ecdsa");
if (!dev)
return -ENOMEM;
@@ -396,8 +396,7 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey)
return -EINVAL;
}
- /* pad and convert bits to bytes */
- buflen = (EC_GROUP_get_degree(group) + 7) / 8;
+ buflen = BITS_TO_BYTES(EC_GROUP_get_degree(group));
ecc_key = wd_ecc_get_key(sess);
prikey.data = (void *)bin;
prikey.dsize = BN_bn2binpad(d, bin, buflen);
diff --git a/src/uadk_pkey.h b/src/uadk_pkey.h
index b30c2de..6d1cc77 100644
--- a/src/uadk_pkey.h
+++ b/src/uadk_pkey.h
@@ -26,7 +26,6 @@
#define UADK_ECC_MAX_KEY_BITS 521
#define UADK_ECC_MAX_KEY_BYTES 66
#define UADK_ECC_CV_PARAM_NUM 6
-#define UADK_BITS_2_BYTES_SHIFT 3
#define SM2_KEY_BYTES 32
#define UADK_OCTET_STRING 4
#define UADK_ECC_PUBKEY_PARAM_NUM 2
@@ -34,6 +33,11 @@
#define UADK_ECDH_CV_NUM 8
#define ENV_ENABLED 1
#define UADK_E_INVALID (-2)
+#define TRANS_BITS_BYTES_SHIFT 3
+#define ECC_POINT_SIZE(n) ((n) * 2)
+#define GET_MS_BYTE(n) ((n) >> 8)
+#define GET_LS_BYTE(n) ((n) & 0xFF)
+#define DGST_SHIFT_NUM(n) (8 - ((n) & 0x7))
struct uadk_pkey_meth {
EVP_PKEY_METHOD *sm2;
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index 7d25338..e9a2c53 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -52,6 +52,9 @@
#define UADK_E_INIT_SUCCESS 0
#define CHECK_PADDING_FAIL (-1)
#define ENV_ENABLED 1
+#define PRIME_RETRY_COUNT 4
+#define GENCB_NEXT 2
+#define GENCB_RETRY 3
static RSA_METHOD *rsa_hw_meth;
@@ -173,11 +176,7 @@ static int rsa_prime_mul_res(int num, struct rsa_prime_param *param,
if (!BN_mul(param->r1, param->rsa_p, param->rsa_q, ctx))
return BN_ERR;
} else {
- /*
- * Use the number 3 to indicate whether
- * the generator has been found.
- */
- if (!BN_GENCB_call(cb, 3, num))
+ if (!BN_GENCB_call(cb, GENCB_RETRY, num))
return BN_ERR;
return BN_CONTINUE;
}
@@ -228,14 +227,11 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
*bitse -= bitsr[*num];
else
return -1;
- /*
- * Use the number 2 to indicate whether
- * a prime has been found.
- */
- ret = BN_GENCB_call(cb, 2, *n++);
+
+ ret = BN_GENCB_call(cb, GENCB_NEXT, *n++);
if (!ret)
return -1;
- if (retries == 4) {
+ if (retries == PRIME_RETRY_COUNT) {
*num = -1;
*bitse = 0;
retries = 0;
@@ -244,8 +240,8 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
retries++;
return BN_REDO;
}
- /* Use the number 3 to indicate whether the generator has been found. */
- ret = BN_GENCB_call(cb, 3, *num);
+
+ ret = BN_GENCB_call(cb, GENCB_RETRY, *num);
if (!ret)
return BN_ERR;
retries = 0;
@@ -320,8 +316,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
else
return BN_ERR;
- /* Use the number 2 to indicate whether a prime has been found. */
- if (!BN_GENCB_call(cb, 2, *n++))
+ if (!BN_GENCB_call(cb, GENCB_NEXT, *n++))
return BN_ERR;
return GET_ERR_FINISH;
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 8a9adca..578d2d8 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -34,12 +34,12 @@ enum {
typedef struct {
/* Key and paramgen group */
EC_GROUP *gen_group;
- /* message digest */
+ /* Message digest */
const EVP_MD *md;
/* Distinguishing Identifier, ISO/IEC 15946-3 */
uint8_t *id;
size_t id_len;
- /* id_set indicates if the 'id' field is set (1) or not (0) */
+ /* Indicates if the 'id' field is set (1) or not (0) */
int id_set;
} SM2_PKEY_CTX;
@@ -557,8 +557,7 @@ static size_t ec_field_size(const EC_GROUP *group)
if (!EC_GROUP_get_curve(group, p, a, b, NULL))
goto done;
- /* Pad and convert bits to bytes */
- field_size = (BN_num_bits(p) + 7) / 8;
+ field_size = BITS_TO_BYTES(BN_num_bits(p));
done:
BN_free(p);
@@ -1172,7 +1171,7 @@ static int sm2_set_ctx_id(struct sm2_ctx *smctx, int p1, const void *p2)
OPENSSL_free(smctx->ctx.id);
smctx->ctx.id = tmp_id;
} else {
- /* set null-ID */
+ /* Set null-ID */
OPENSSL_free(smctx->ctx.id);
smctx->ctx.id = NULL;
}
@@ -1231,7 +1230,7 @@ static int sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
*(size_t *)p2 = smctx->ctx.id_len;
return 1;
case EVP_PKEY_CTRL_DIGESTINIT:
- /* nothing to be inited, this is to suppress the error... */
+ /* Nothing to be inited, for suppress the error */
return 1;
default:
fprintf(stderr, "sm2 ctrl type = %d error\n", type);
@@ -1323,20 +1322,22 @@ static int check_digest_evp_lib(const EVP_MD *digest, EVP_MD_CTX *hash,
}
/* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */
- if (id_len >= (UINT16_MAX / 8)) {
+ if (id_len >= (UINT16_MAX >> TRANS_BITS_BYTES_SHIFT)) {
fprintf(stderr, "id too large\n");
return 0;
}
- entl = (uint16_t)(8 * id_len);
+ entl = (uint16_t)(id_len << TRANS_BITS_BYTES_SHIFT);
- e_byte = entl >> 8;
+ /* Update the most significant (first) byte of 'entl' */
+ e_byte = GET_MS_BYTE(entl);
if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
fprintf(stderr, "error evp lib\n");
return 0;
}
- e_byte = entl & 0xFF;
+ /* Update the least significant (second) byte of 'entl' */
+ e_byte = GET_LS_BYTE(entl);
if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
fprintf(stderr, "error evp lib\n");
return 0;
@@ -1516,7 +1517,7 @@ static int sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
return 0;
}
- /* get hashed prefix 'z' of tbs message */
+ /* Get hashed prefix 'z' of tbs message */
if (!sm2_compute_z_digest(z, md, smctx->ctx.id, smctx->ctx.id_len, ec))
return 0;
--
1.8.3.1

250
0067-uadk_engine-cleanup-header-file.patch Normal file
View File

@ -0,0 +1,250 @@
From 1dd1503428df2b33f679f81b1541a4314fe0aa11 Mon Sep 17 00:00:00 2001
From: Zhiqi Song <songzhiqi1@huawei.com>
Date: Sat, 22 Oct 2022 15:56:54 +0800
Subject: uadk_engine: cleanup header file
Remove redundant header file and modify magic number.
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
---
src/uadk.h | 3 ---
src/uadk_async.c | 1 +
src/uadk_async.h | 2 +-
src/uadk_cipher.c | 1 +
src/uadk_dh.c | 1 +
src/uadk_digest.c | 2 ++
src/uadk_ec.c | 1 +
src/uadk_ecx.c | 2 +-
src/uadk_pkey.c | 5 ++++-
src/uadk_rsa.c | 6 +++++-
src/uadk_sm2.c | 7 +++++--
11 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/src/uadk.h b/src/uadk.h
index 99c65c7..30c099f 100644
--- a/src/uadk.h
+++ b/src/uadk.h
@@ -18,9 +18,6 @@
#ifndef UADK_H
#define UADK_H
#include <openssl/engine.h>
-#include <uadk/wd.h>
-#include <uadk/wd_sched.h>
-#include "uadk_utils.h"
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
#define ENV_STRING_LEN 256
diff --git a/src/uadk_async.c b/src/uadk_async.c
index 3f2e1db..2edd6ea 100644
--- a/src/uadk_async.c
+++ b/src/uadk_async.c
@@ -20,6 +20,7 @@
#include <string.h>
#include <sys/eventfd.h>
#include <unistd.h>
+#include <openssl/async.h>
#include "uadk.h"
#include "uadk_async.h"
diff --git a/src/uadk_async.h b/src/uadk_async.h
index 9bae3f4..8a4822e 100644
--- a/src/uadk_async.h
+++ b/src/uadk_async.h
@@ -19,8 +19,8 @@
#define UADK_ASYNC_H
#include <stdbool.h>
-#include <openssl/async.h>
#include <semaphore.h>
+#include <openssl/async.h>
#define ASYNC_QUEUE_TASK_NUM 1024
diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c
index de5f078..cc06429 100644
--- a/src/uadk_cipher.c
+++ b/src/uadk_cipher.c
@@ -22,6 +22,7 @@
#include <dlfcn.h>
#include <openssl/engine.h>
#include <uadk/wd_cipher.h>
+#include <uadk/wd_sched.h>
#include "uadk.h"
#include "uadk_async.h"
diff --git a/src/uadk_dh.c b/src/uadk_dh.c
index 6356872..680564c 100644
--- a/src/uadk_dh.c
+++ b/src/uadk_dh.c
@@ -23,6 +23,7 @@
#include <openssl/dh.h>
#include <string.h>
#include <uadk/wd_dh.h>
+#include <uadk/wd_sched.h>
#include "uadk.h"
#include "uadk_async.h"
diff --git a/src/uadk_digest.c b/src/uadk_digest.c
index 9d009a9..26a6272 100644
--- a/src/uadk_digest.c
+++ b/src/uadk_digest.c
@@ -25,8 +25,10 @@
#include <openssl/evp.h>
#include <uadk/wd_cipher.h>
#include <uadk/wd_digest.h>
+#include <uadk/wd_sched.h>
#include "uadk.h"
#include "uadk_async.h"
+#include "uadk_utils.h"
#define UADK_DO_SOFT (-0xE0)
#define CTX_SYNC 0
diff --git a/src/uadk_ec.c b/src/uadk_ec.c
index 9b48ae7..6106083 100644
--- a/src/uadk_ec.c
+++ b/src/uadk_ec.c
@@ -23,6 +23,7 @@
#include <openssl/err.h>
#include <openssl/ec.h>
#include <uadk/wd_ecc.h>
+#include <uadk/wd_sched.h>
#include "uadk_pkey.h"
#include "uadk.h"
diff --git a/src/uadk_ecx.c b/src/uadk_ecx.c
index 67042a3..b62f81d 100644
--- a/src/uadk_ecx.c
+++ b/src/uadk_ecx.c
@@ -14,7 +14,6 @@
* limitations under the License.
*
*/
-#include <errno.h>
#include <string.h>
#include <openssl/bn.h>
#include <openssl/engine.h>
@@ -24,6 +23,7 @@
#include <openssl/ec.h>
#include <openssl/evp.h>
#include <uadk/wd_ecc.h>
+#include <uadk/wd_sched.h>
#include "uadk_pkey.h"
#include "uadk.h"
diff --git a/src/uadk_pkey.c b/src/uadk_pkey.c
index 6b5ae9a..7b7a345 100644
--- a/src/uadk_pkey.c
+++ b/src/uadk_pkey.c
@@ -17,6 +17,7 @@
#include <openssl/engine.h>
#include <uadk/wd.h>
#include <uadk/wd_ecc.h>
+#include <uadk/wd_sched.h>
#include "uadk_async.h"
#include "uadk.h"
#include "uadk_pkey.h"
@@ -381,6 +382,7 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey)
const EC_GROUP *group;
struct wd_dtb prikey;
const BIGNUM *d;
+ size_t degree;
int buflen;
int ret;
@@ -396,7 +398,8 @@ int uadk_ecc_set_private_key(handle_t sess, const EC_KEY *eckey)
return -EINVAL;
}
- buflen = BITS_TO_BYTES(EC_GROUP_get_degree(group));
+ degree = EC_GROUP_get_degree(group);
+ buflen = BITS_TO_BYTES(degree);
ecc_key = wd_ecc_get_key(sess);
prikey.data = (void *)bin;
prikey.dsize = BN_bn2binpad(d, bin, buflen);
diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c
index e9a2c53..96c898f 100644
--- a/src/uadk_rsa.c
+++ b/src/uadk_rsa.c
@@ -20,6 +20,7 @@
#include <openssl/ossl_typ.h>
#include <openssl/rsa.h>
#include <uadk/wd_rsa.h>
+#include <uadk/wd_sched.h>
#include "uadk_async.h"
#include "uadk.h"
@@ -55,6 +56,7 @@
#define PRIME_RETRY_COUNT 4
#define GENCB_NEXT 2
#define GENCB_RETRY 3
+#define PRIME_CHECK_BIT_NUM 4
static RSA_METHOD *rsa_hw_meth;
@@ -210,7 +212,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
* key by using the modulus in a certificate. This is also covered
* by checking the length should not be less than 0x9.
*/
- if (!BN_rshift(param->r2, param->r1, *bitse - 4))
+ if (!BN_rshift(param->r2, param->r1, *bitse - PRIME_CHECK_BIT_NUM))
return BN_ERR;
bitst = BN_get_word(param->r2);
@@ -231,6 +233,7 @@ static int check_rsa_prime_sufficient(int *num, const int *bitsr,
ret = BN_GENCB_call(cb, GENCB_NEXT, *n++);
if (!ret)
return -1;
+
if (retries == PRIME_RETRY_COUNT) {
*num = -1;
*bitse = 0;
@@ -288,6 +291,7 @@ static int check_rsa_prime_useful(const int *n, struct rsa_prime_param *param,
BIGNUM *e_pub, BN_CTX *ctx, BN_GENCB *cb)
{
unsigned long err;
+
/*
* BN_sub(r,a,b) substracts b from a and place the result in r,
* r = a-b.
diff --git a/src/uadk_sm2.c b/src/uadk_sm2.c
index 578d2d8..b14fbcf 100644
--- a/src/uadk_sm2.c
+++ b/src/uadk_sm2.c
@@ -22,6 +22,7 @@
#include <openssl/ossl_typ.h>
#include <openssl/err.h>
#include <uadk/wd_ecc.h>
+#include <uadk/wd_sched.h>
#include "uadk.h"
#include "uadk_pkey.h"
@@ -550,6 +551,7 @@ static size_t ec_field_size(const EC_GROUP *group)
BIGNUM *a = BN_new();
BIGNUM *b = BN_new();
size_t field_size = 0;
+ size_t p_bits;
if (p == NULL || a == NULL || b == NULL)
goto done;
@@ -557,7 +559,8 @@ static size_t ec_field_size(const EC_GROUP *group)
if (!EC_GROUP_get_curve(group, p, a, b, NULL))
goto done;
- field_size = BITS_TO_BYTES(BN_num_bits(p));
+ p_bits = BN_num_bits(p);
+ field_size = BITS_TO_BYTES(p_bits);
done:
BN_free(p);
@@ -598,7 +601,7 @@ static int sm2_ciphertext_size(const EC_KEY *key,
* Integer and string are simple type; set constructed = 0, means
* primitive and definite length encoding.
*/
- sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER)
+ sz = ECC_POINT_SIZE(ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER))
+ ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING)
+ ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING);
*ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE);
--
1.8.3.1

15
uadk_engine.spec
View File

@ -1,7 +1,7 @@
Name: uadk_engine Name: uadk_engine
Summary: UADK Accelerator Engine Summary: UADK Accelerator Engine
Version: 1.0.0 Version: 1.0.0
Release: 8 Release: 9
License: Apache-2.0 License: Apache-2.0
Source: %{name}-%{version}.tar.gz Source: %{name}-%{version}.tar.gz
ExclusiveOS: linux ExclusiveOS: linux
@ -71,6 +71,16 @@ Patch0054: 0054-doc-Modify-maintainers.patch
Patch0055: 0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch Patch0055: 0055-rsa-modify-the-default-algorithm-of-keygen-soft-algo.patch
Patch0056: 0056-engine-initialize-resources-only-once.patch Patch0056: 0056-engine-initialize-resources-only-once.patch
Patch0057: 0057-engine-fix-function-type.patch Patch0057: 0057-engine-fix-function-type.patch
Patch0058: 0058-uadk_digest-fix-the-full-mac-buffer-length-as-doing-.patch
Patch0059: 0059-uadk_utils-fix-x86-local-build.patch
Patch0060: 0060-sm2-bugfix-about-segfault-in-sm2-ctrl-function.patch
Patch0061: 0061-uadk_engine-use-HW_V2-HW_V3-to-distinguish-different.patch
Patch0062: 0062-uadk-engine-update-the-numa-parameter-of-the-schedul.patch
Patch0063: 0063-uadk_engine-bugfix-side-effects-of-right-operand.patch
Patch0064: 0064-uadk_engine-cleanup-static-check-warning-of-clangtid.patch
Patch0065: 0065-uadk_engine-bugfix-enable-environment-variable.patch
Patch0066: 0066-uadk_engine-cleanup-magic-number-and-comments.patch
Patch0067: 0067-uadk_engine-cleanup-header-file.patch
%description %description
This package contains the UADK Accelerator Engine This package contains the UADK Accelerator Engine
@ -120,6 +130,9 @@ fi
/sbin/ldconfig /sbin/ldconfig
%changelog %changelog
* Fri Aug 19 2023 JiangShui Yang <yangjiangshui@h-partners.com> 1.0.0-9
- Backport uadk engine patch for v1.0.1
* Fri Aug 19 2023 JiangShui Yang <yangjiangshui@h-partners.com> 1.0.0-8 * Fri Aug 19 2023 JiangShui Yang <yangjiangshui@h-partners.com> 1.0.0-8
- Eable debuginfo for fix strip - Eable debuginfo for fix strip