-
Notifications
You must be signed in to change notification settings - Fork 129
/
Copy pathqat_fips.h
357 lines (322 loc) · 11.1 KB
/
qat_fips.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
/* ====================================================================
*
*
* BSD LICENSE
*
* Copyright(c) 2023-2024 Intel Corporation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*
* ====================================================================
*/
/*****************************************************************************
* @file qat_fips.h
*
* This file provides an interface to perform qat fips test
*
*****************************************************************************/
/* macros defined to allow use of the cpu get and set affinity functions */
#ifndef QAT_FIPS_H
# define QAT_FIPS_H
# ifndef _GNU_SOURCE
# define _GNU_SOURCE
# endif
# ifndef __USE_GNU
# define __USE_GNU
# endif
# include <stdlib.h>
# include <string.h>
# include <pthread.h>
# ifndef __FreeBSD__
# include <sched.h>
# else
# include <pthread_np.h>
# include <sys/types.h>
# include <sys/sysctl.h>
# include <unistd.h>
# include <errno.h>
# endif
# include <sys/time.h>
# include <signal.h>
# include <sys/ipc.h>
# include <sys/shm.h>
# include <sys/types.h>
# include <openssl/async.h>
# include <openssl/provider.h>
# include <openssl/self_test.h>
# include <openssl/types.h>
# include <openssl/core.h>
# include <openssl/core_dispatch.h>
# include <openssl/types.h>
# include <openssl/params.h>
# include <openssl/core_names.h>
# include <openssl/rsa.h>
# include <openssl/evp.h>
# include <openssl/rand.h>
# include <openssl/sha.h>
# include <openssl/err.h>
# include <openssl/evp.h>
# include <openssl/async.h>
# include <openssl/e_os2.h>
# include <openssl/bio.h>
# include <openssl/x509.h>
# include <openssl/conf.h>
# include <openssl/txt_db.h>
# include <openssl/ocsp.h>
# include <openssl/http.h>
# include <openssl/safestack.h>
# include <openssl/store.h>
# include <openssl/param_build.h>
# include "e_qat.h"
# include "qat_utils.h"
# include "qat_provider.h"
# include "qat_prov_rsa.h"
# define OPENSSL_NO_DES
# include <openssl/kdf.h>
# include "qat_self_test_data.inc"
# define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0]))
# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */
# define FIPS_KEY_STRING "f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813"
# define FORMAT_BINARY 2 /* Generic binary */
# define BUFSIZE 4096
# define INSTALL_STATUS_VAL "INSTALL_QAT_SELF_TEST_KATS_RUN"
# define INTEGRITY_SIGLEN 72
# define INTEGRITY_PUB_KEYLENGTH 65
# define INTEGRITY_BUF_SIZE 32
# define OSSL_PROV_FIPS_PARAM_INSTALL_VERSION "install-version"
# define VERSION_VAL "1"
# define OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS "conditional-errors"
# define OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS "security-checks"
# define OSSL_PROV_FIPS_PARAM_MODULE_MAC "module-mac"
# define OSSL_PROV_FIPS_PARAM_INSTALL_MAC "install-mac"
# define OSSL_PROV_FIPS_PARAM_INSTALL_STATUS "install-status"
# define B_FORMAT_TEXT 0x8000
# define FORMAT_UNDEF 0
# define FORMAT_TEXT (1 | B_FORMAT_TEXT)/* Generic text */
# define FORMAT_BINARY 2 /* Generic binary */
# define FORMAT_BASE64 (3 | B_FORMAT_TEXT)/* Base64 */
# define FORMAT_ASN1 4 /* ASN.1/DER */
# define FORMAT_PEM (5 | B_FORMAT_TEXT)
# define FORMAT_PKCS12 6
# define FORMAT_SMIME (7 | B_FORMAT_TEXT)
# define FORMAT_ENGINE 8 /* Not really a file format */
# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT)/* PEM RSAPublicKey format */
# define FORMAT_ASN1RSA 10 /* DER RSAPublicKey format */
# define FORMAT_MSBLOB 11 /* MS Key blob format */
# define FORMAT_PVK 12 /* MS PVK file format */
# define FORMAT_HTTP 13 /* Download using HTTP */
# define FORMAT_NSS 14 /* NSS keylog format */
struct async_args_callback {
int job_ready;
int i;
};
struct qat_self_test_result {
const char *type[10];
const char *desc[10];
int result[10];
};
typedef struct qat_self_test_result QAT_SELF_TEST_RESULT;
extern QAT_SELF_TEST_RESULT *qat_signature_result;
extern QAT_SELF_TEST_RESULT *qat_kas_result;
extern QAT_SELF_TEST_RESULT *qat_cipher_result;
extern QAT_SELF_TEST_RESULT *qat_digest_result;
extern QAT_SELF_TEST_RESULT *qat_mac_result;
extern QAT_SELF_TEST_RESULT *qat_kdf_result;
extern QAT_SELF_TEST_RESULT *qat_async_signature_result;
extern QAT_SELF_TEST_RESULT *qat_async_kas_result;
extern QAT_SELF_TEST_RESULT *qat_async_cipher_result;
extern QAT_SELF_TEST_RESULT *qat_async_digest_result;
extern QAT_SELF_TEST_RESULT *qat_async_mac_result;
extern QAT_SELF_TEST_RESULT *qat_async_kdf_result;
struct ossl_self_test_st {
/* local state variables */
const char *phase;
const char *type;
const char *desc;
OSSL_CALLBACK *cb;
/* callback related variables used to pass the state back to the user */
OSSL_PARAM params[4];
void *cb_arg;
};
typedef struct ossl_self_test_st OSSL_SELF_TEST;
struct test_params_t {
char *engine_id;
int *count;
const char *type;
int size;
ENGINE *e;
int print_output;
int verify;
int performance;
int enable_external_polling;
int enable_event_driven_polling;
int enable_async;
const char *prov_id;
OSSL_PROVIDER *prov;
size_t sigsize;
int use_callback_mode;
int enable_negative;
int curve;
int kdf;
char *tls_version;
char *digest_kdf;
int prf_op;
int hkdf_op;
int ecx_op;
int explicit_engine;
int sign_only;
int verify_only;
int encrypt_only;
int decrypt_only;
int async_jobs;
ASYNC_JOB **jobs;
ASYNC_WAIT_CTX **awcs;
void *additional_args;
OSSL_LIB_CTX *provctx;
const char *phase;
const char *desc;
OSSL_CALLBACK *cb;
OSSL_SELF_TEST *st;
/* callback related variables used to pass the state back to the user */
OSSL_PARAM params[4];
void *cb_arg;
int ondemand;
int co_existence;
};
typedef struct test_params_t TEST_PARAMS;
int QAT_SELF_TEST_kats(void *args);
struct async_additional_args_rsa {
int sign_only;
int verify_only;
int encrypt_only;
int decrypt_only;
int padding;
};
struct qat_evp_pkey_ctx_st {
/* Actual operation */
int operation;
/*
* Library context, property query, keytype and keymgmt associated with
* this context
*/
OSSL_LIB_CTX *libctx;
char *propquery;
const char *keytype;
/* If |pkey| below is set, this field is always a reference to keymgmt */
EVP_KEYMGMT *keymgmt;
union {
struct {
void *genctx;
} keymgmt;
struct {
EVP_KEYEXCH *exchange;
/*
* Opaque ctx returned from a providers exchange algorithm
* implementation OSSL_FUNC_keyexch_newctx()
*/
void *algctx;
} kex;
struct {
EVP_SIGNATURE *signature;
/*
* Opaque ctx returned from a providers signature algorithm
* implementation OSSL_FUNC_signature_newctx()
*/
void *algctx;
} sig;
struct {
EVP_ASYM_CIPHER *cipher;
/*
* Opaque ctx returned from a providers asymmetric cipher algorithm
* implementation OSSL_FUNC_asym_cipher_newctx()
*/
void *algctx;
} ciph;
struct {
EVP_KEM *kem;
/*
* Opaque ctx returned from a providers KEM algorithm
* implementation OSSL_FUNC_kem_newctx()
*/
void *algctx;
} encap;
} op;
/*
* Cached parameters. Inits of operations that depend on these should
* call evp_pkey_ctx_use_delayed_data() when the operation has been set
* up properly.
*/
struct {
/* Distinguishing Identifier, ISO/IEC 15946-3, FIPS 196 */
char *dist_id_name; /* The name used with EVP_PKEY_CTX_ctrl_str() */
void *dist_id; /* The distinguishing ID itself */
size_t dist_id_len; /* The length of the distinguishing ID */
/* Indicators of what has been set. Keep them together! */
unsigned int dist_id_set:1;
} cached_parameters;
/* Application specific data, usually used by the callback */
void *app_data;
/* Keygen callback */
EVP_PKEY_gen_cb *pkey_gencb;
/* implementation specific keygen data */
int *keygen_info;
int keygen_info_count;
/* Legacy fields below */
/* EVP_PKEY identity */
int legacy_keytype;
/* Method associated with this operation */
const EVP_PKEY_METHOD *pmeth;
/* Engine that implements this method or NULL if builtin */
ENGINE *engine;
/* Key: may be NULL */
EVP_PKEY *pkey;
/* Peer key for key agreement, may be NULL */
EVP_PKEY *peerkey;
/* Algorithm specific data */
void *data;
/* Indicator if digest_custom needs to be called */
unsigned int flag_call_digest_custom:1;
/*
* Used to support taking custody of memory in the case of a provider being
* used with the deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() API. This
* member should NOT be used for any other purpose and should be removed
* when said deprecated API is excised completely.
*/
BIGNUM *rsa_pubexp;
} /* QAT_EVP_PKEY_CTX */ ;
typedef struct qat_evp_pkey_ctx_st QAT_EVP_PKEY_CTX;
int qat_fips_self_test(void *qatctx, int ondemand, int co_ex_enabled);
void kat_self_test_init(int ondemand, int co_existence);
void fips_result(void);
int self_test_events(const OSSL_PARAM params[], void *arg);
int QAT_TlsPrf_Ops(void *args, unsigned char *out, size_t outlen,
const char *desc);
int add_params(OSSL_PARAM_BLD * bld, const ST_KAT_PARAM * params, BN_CTX *ctx);
int get_pub_key_from_file(char *in_name, unsigned char *out);
#endif