* [RFC PATCH 1/2] cryptodev: rsa improvements
@ 2022-03-22 8:11 Arek Kusztal
2022-03-22 8:11 ` [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa Arek Kusztal
2022-03-22 8:53 ` [RFC PATCH 1/2] cryptodev: rsa improvements Kusztal, ArkadiuszX
0 siblings, 2 replies; 5+ messages in thread
From: Arek Kusztal @ 2022-03-22 8:11 UTC (permalink / raw)
To: dev; +Cc: gakhil, roy.fan.zhang, anoobj, Arek Kusztal
This commit reworks rsa implementation.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
app/test/test_cryptodev_asym.c | 90 +++++++------
app/test/test_cryptodev_asym_util.h | 4 +-
drivers/crypto/meson.build | 4 +-
drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++---
drivers/crypto/qat/dev/qat_asym_pmd_gen1.c | 2 +
drivers/crypto/qat/qat_asym.c | 28 ++--
lib/cryptodev/rte_crypto_asym.h | 202 +++++++++++++++++++++--------
7 files changed, 235 insertions(+), 131 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 573af2a537..71378cbdb2 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -75,6 +75,7 @@ queue_ops_rsa_sign_verify(void *sess)
struct rte_crypto_op *op, *result_op;
struct rte_crypto_asym_op *asym_op;
uint8_t output_buf[TEST_DATA_SIZE];
+ uint8_t input_sign[TEST_DATA_SIZE];
int status = TEST_SUCCESS;
/* Set up crypto op data structure */
@@ -90,14 +91,14 @@ queue_ops_rsa_sign_verify(void *sess)
/* Compute sign on the test vector */
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
- asym_op->rsa.message.data = rsaplaintext.data;
- asym_op->rsa.message.length = rsaplaintext.len;
- asym_op->rsa.sign.length = 0;
- asym_op->rsa.sign.data = output_buf;
- asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
+ asym_op->rsa.input.data = rsaplaintext.data;
+ asym_op->rsa.input.length = rsaplaintext.len;
+ asym_op->rsa.output.length = 0;
+ asym_op->rsa.output.data = output_buf;
+ asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
- debug_hexdump(stdout, "message", asym_op->rsa.message.data,
- asym_op->rsa.message.length);
+ debug_hexdump(stdout, "message", asym_op->rsa.input.data,
+ asym_op->rsa.input.length);
/* Attach asymmetric crypto session to crypto operations */
rte_crypto_op_attach_asym_session(op, sess);
@@ -120,13 +121,18 @@ queue_ops_rsa_sign_verify(void *sess)
goto error_exit;
}
- debug_hexdump(stdout, "signed message", asym_op->rsa.sign.data,
- asym_op->rsa.sign.length);
+ debug_hexdump(stdout, "signed message", asym_op->rsa.output.data,
+ asym_op->rsa.output.length);
asym_op = result_op->asym;
/* Verify sign */
+ memcpy(input_sign, asym_op->rsa.output.data, asym_op->rsa.output.length);
+ asym_op->rsa.input.data = input_sign;
+ asym_op->rsa.input.length = asym_op->rsa.output.length;
+ asym_op->rsa.message.data = rsaplaintext.data;
+ asym_op->rsa.message.length = rsaplaintext.len;
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
- asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
+ asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
/* Process crypto operation */
if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -181,14 +187,14 @@ queue_ops_rsa_enc_dec(void *sess)
/* Compute encryption on the test vector */
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
- asym_op->rsa.message.data = rsaplaintext.data;
- asym_op->rsa.cipher.data = cipher_buf;
- asym_op->rsa.cipher.length = 0;
- asym_op->rsa.message.length = rsaplaintext.len;
- asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
+ asym_op->rsa.input.data = rsaplaintext.data;
+ asym_op->rsa.output.data = cipher_buf;
+ asym_op->rsa.output.length = 0;
+ asym_op->rsa.input.length = rsaplaintext.len;
+ asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
- debug_hexdump(stdout, "message", asym_op->rsa.message.data,
- asym_op->rsa.message.length);
+ debug_hexdump(stdout, "message", asym_op->rsa.input.data,
+ asym_op->rsa.input.length);
/* Attach asymmetric crypto session to crypto operations */
rte_crypto_op_attach_asym_session(op, sess);
@@ -210,14 +216,14 @@ queue_ops_rsa_enc_dec(void *sess)
status = TEST_FAILED;
goto error_exit;
}
- debug_hexdump(stdout, "encrypted message", asym_op->rsa.message.data,
- asym_op->rsa.message.length);
+ debug_hexdump(stdout, "encrypted message", asym_op->rsa.input.data,
+ asym_op->rsa.input.length);
/* Use the resulted output as decryption Input vector*/
asym_op = result_op->asym;
- asym_op->rsa.message.length = 0;
+ asym_op->rsa.input.length = 0;
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
- asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
+ asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
/* Process crypto operation */
if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -270,20 +276,20 @@ test_cryptodev_asym_ver(struct rte_crypto_op *op,
case RTE_CRYPTO_ASYM_XFORM_RSA:
if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
data_size = xform_tc->rsa.n.length;
- data_received = result_op->asym->rsa.cipher.data;
+ data_received = result_op->asym->rsa.output.data;
data_expected = data_tc->rsa_data.ct.data;
} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
data_size = xform_tc->rsa.n.length;
data_expected = data_tc->rsa_data.pt.data;
- data_received = result_op->asym->rsa.message.data;
+ data_received = result_op->asym->rsa.output.data;
} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
data_size = xform_tc->rsa.n.length;
data_expected = data_tc->rsa_data.sign.data;
- data_received = result_op->asym->rsa.sign.data;
+ data_received = result_op->asym->rsa.output.data;
} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
data_size = xform_tc->rsa.n.length;
data_expected = data_tc->rsa_data.pt.data;
- data_received = result_op->asym->rsa.cipher.data;
+ data_received = result_op->asym->rsa.output.data;
}
break;
case RTE_CRYPTO_ASYM_XFORM_DH:
@@ -414,28 +420,28 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym *ts_params,
}
xform_tc.rsa.key_type = key_type;
- op->asym->rsa.pad = data_tc->rsa_data.padding;
+ op->asym->rsa.padding.type = data_tc->rsa_data.padding;
if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
- asym_op->rsa.message.data = data_tc->rsa_data.pt.data;
- asym_op->rsa.message.length = data_tc->rsa_data.pt.len;
- asym_op->rsa.cipher.data = result;
- asym_op->rsa.cipher.length = data_tc->rsa_data.n.len;
+ asym_op->rsa.input.data = data_tc->rsa_data.pt.data;
+ asym_op->rsa.input.length = data_tc->rsa_data.pt.len;
+ asym_op->rsa.output.data = result;
+ asym_op->rsa.output.length = data_tc->rsa_data.n.len;
} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
- asym_op->rsa.message.data = result;
- asym_op->rsa.message.length = data_tc->rsa_data.n.len;
- asym_op->rsa.cipher.data = data_tc->rsa_data.ct.data;
- asym_op->rsa.cipher.length = data_tc->rsa_data.ct.len;
+ asym_op->rsa.output.data = result;
+ asym_op->rsa.output.length = data_tc->rsa_data.n.len;
+ asym_op->rsa.input.data = data_tc->rsa_data.ct.data;
+ asym_op->rsa.input.length = data_tc->rsa_data.ct.len;
} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
- asym_op->rsa.sign.data = result;
- asym_op->rsa.sign.length = data_tc->rsa_data.n.len;
- asym_op->rsa.message.data = data_tc->rsa_data.pt.data;
- asym_op->rsa.message.length = data_tc->rsa_data.pt.len;
+ asym_op->rsa.output.data = result;
+ asym_op->rsa.output.length = data_tc->rsa_data.n.len;
+ asym_op->rsa.input.data = data_tc->rsa_data.pt.data;
+ asym_op->rsa.input.length = data_tc->rsa_data.pt.len;
} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
- asym_op->rsa.cipher.data = result;
- asym_op->rsa.cipher.length = data_tc->rsa_data.n.len;
- asym_op->rsa.sign.data = data_tc->rsa_data.sign.data;
- asym_op->rsa.sign.length = data_tc->rsa_data.sign.len;
+ asym_op->rsa.input.data = data_tc->rsa_data.sign.data;
+ asym_op->rsa.input.length = data_tc->rsa_data.sign.len;
+ asym_op->rsa.output.data = result;
+ asym_op->rsa.output.length = data_tc->rsa_data.n.len;
}
break;
case RTE_CRYPTO_ASYM_XFORM_DH:
diff --git a/app/test/test_cryptodev_asym_util.h b/app/test/test_cryptodev_asym_util.h
index 83dc265dd7..175a6a4307 100644
--- a/app/test/test_cryptodev_asym_util.h
+++ b/app/test/test_cryptodev_asym_util.h
@@ -11,8 +11,8 @@ static inline int rsa_verify(struct rsa_test_data *rsa_param,
struct rte_crypto_op *result_op)
{
if (memcmp(rsa_param->data,
- result_op->asym->rsa.message.data,
- result_op->asym->rsa.message.length))
+ result_op->asym->rsa.input.data,
+ result_op->asym->rsa.input.length))
return -1;
return 0;
}
diff --git a/drivers/crypto/meson.build b/drivers/crypto/meson.build
index 147b8cf633..4d83b45ca5 100644
--- a/drivers/crypto/meson.build
+++ b/drivers/crypto/meson.build
@@ -7,7 +7,7 @@ drivers = [
'bcmfs',
'caam_jr',
'ccp',
- 'cnxk',
+# 'cnxk',
'dpaa_sec',
'dpaa2_sec',
'ipsec_mb',
@@ -15,7 +15,7 @@ drivers = [
'mvsam',
'nitrox',
'null',
- 'octeontx',
+# 'octeontx',
'openssl',
'scheduler',
'virtio',
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index d80e1052e2..45cee47c5d 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1897,7 +1897,7 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
int ret = 0;
struct rte_crypto_asym_op *op = cop->asym;
RSA *rsa = sess->u.r.rsa;
- uint32_t pad = (op->rsa.pad);
+ uint32_t pad = (op->rsa.padding.type);
uint8_t *tmp;
cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
@@ -1918,47 +1918,47 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
switch (op->rsa.op_type) {
case RTE_CRYPTO_ASYM_OP_ENCRYPT:
- ret = RSA_public_encrypt(op->rsa.message.length,
- op->rsa.message.data,
- op->rsa.cipher.data,
+ ret = RSA_public_encrypt(op->rsa.input.length,
+ op->rsa.input.data,
+ op->rsa.output.data,
rsa,
pad);
if (ret > 0)
- op->rsa.cipher.length = ret;
+ op->rsa.output.length = ret;
OPENSSL_LOG(DEBUG,
"length of encrypted text %d\n", ret);
break;
case RTE_CRYPTO_ASYM_OP_DECRYPT:
- ret = RSA_private_decrypt(op->rsa.cipher.length,
- op->rsa.cipher.data,
- op->rsa.message.data,
+ ret = RSA_private_decrypt(op->rsa.input.length,
+ op->rsa.input.data,
+ op->rsa.output.data,
rsa,
pad);
if (ret > 0)
- op->rsa.message.length = ret;
+ op->rsa.output.length = ret;
break;
case RTE_CRYPTO_ASYM_OP_SIGN:
- ret = RSA_private_encrypt(op->rsa.message.length,
- op->rsa.message.data,
- op->rsa.sign.data,
+ ret = RSA_private_encrypt(op->rsa.input.length,
+ op->rsa.input.data,
+ op->rsa.output.data,
rsa,
pad);
if (ret > 0)
- op->rsa.sign.length = ret;
+ op->rsa.output.length = ret;
break;
case RTE_CRYPTO_ASYM_OP_VERIFY:
- tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
+ tmp = rte_malloc(NULL, op->rsa.input.length, 0);
if (tmp == NULL) {
OPENSSL_LOG(ERR, "Memory allocation failed");
cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
break;
}
- ret = RSA_public_decrypt(op->rsa.sign.length,
- op->rsa.sign.data,
+ ret = RSA_public_decrypt(op->rsa.input.length,
+ op->rsa.input.data,
tmp,
rsa,
pad);
@@ -1966,9 +1966,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
OPENSSL_LOG(DEBUG,
"Length of public_decrypt %d "
"length of message %zd\n",
- ret, op->rsa.message.length);
+ ret, op->rsa.input.length);
if ((ret <= 0) || (CRYPTO_memcmp(tmp, op->rsa.message.data,
- op->rsa.message.length))) {
+ op->rsa.input.length))) {
OPENSSL_LOG(ERR, "RSA sign Verification failed");
cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
}
diff --git a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
index 4499fdaf2d..b84e2963b0 100644
--- a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
+++ b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
@@ -4,10 +4,12 @@
#include <rte_cryptodev.h>
#include <cryptodev_pmd.h>
+#include <rte_bitops.h>
#include "qat_asym.h"
#include "qat_crypto.h"
#include "qat_crypto_pmd_gens.h"
+
struct rte_cryptodev_ops qat_asym_crypto_ops_gen1 = {
/* Device related operations */
.dev_configure = qat_cryptodev_config,
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 479d5308cf..cb2b47acbb 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -345,9 +345,9 @@ rsa_set_pub_input(struct rte_crypto_asym_op *asym_op,
alg_bytesize = qat_function.bytesize;
if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
- switch (asym_op->rsa.pad) {
+ switch (asym_op->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
- SET_PKE_LN(cookie->input_array, asym_op->rsa.message,
+ SET_PKE_LN(cookie->input_array, asym_op->rsa.input,
alg_bytesize, 0);
break;
default:
@@ -358,9 +358,9 @@ rsa_set_pub_input(struct rte_crypto_asym_op *asym_op,
}
HEXDUMP("RSA Message", cookie->input_array[0], alg_bytesize);
} else {
- switch (asym_op->rsa.pad) {
+ switch (asym_op->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
- SET_PKE_LN(cookie->input_array, asym_op->rsa.sign,
+ SET_PKE_LN(cookie->input_array, asym_op->rsa.input,
alg_bytesize, 0);
break;
default:
@@ -454,9 +454,9 @@ rsa_set_priv_input(struct rte_crypto_asym_op *asym_op,
if (asym_op->rsa.op_type ==
RTE_CRYPTO_ASYM_OP_DECRYPT) {
- switch (asym_op->rsa.pad) {
+ switch (asym_op->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
- SET_PKE_LN(cookie->input_array, asym_op->rsa.cipher,
+ SET_PKE_LN(cookie->input_array, asym_op->rsa.input,
alg_bytesize, 0);
HEXDUMP("RSA ciphertext", cookie->input_array[0],
alg_bytesize);
@@ -469,9 +469,9 @@ rsa_set_priv_input(struct rte_crypto_asym_op *asym_op,
} else if (asym_op->rsa.op_type ==
RTE_CRYPTO_ASYM_OP_SIGN) {
- switch (asym_op->rsa.pad) {
+ switch (asym_op->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
- SET_PKE_LN(cookie->input_array, asym_op->rsa.message,
+ SET_PKE_LN(cookie->input_array, asym_op->rsa.input,
alg_bytesize, 0);
HEXDUMP("RSA text to be signed", cookie->input_array[0],
alg_bytesize);
@@ -519,7 +519,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
if (asym_op->rsa.op_type ==
RTE_CRYPTO_ASYM_OP_ENCRYPT) {
- uint8_t *rsa_result = asym_op->rsa.cipher.data;
+ uint8_t *rsa_result = asym_op->rsa.output.data;
rte_memcpy(rsa_result,
cookie->output_array[0],
@@ -527,9 +527,9 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
HEXDUMP("RSA Encrypted data", cookie->output_array[0],
alg_bytesize);
} else {
- uint8_t *rsa_result = asym_op->rsa.cipher.data;
+ uint8_t *rsa_result = asym_op->rsa.output.data;
- switch (asym_op->rsa.pad) {
+ switch (asym_op->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
rte_memcpy(rsa_result,
cookie->output_array[0],
@@ -545,9 +545,9 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
}
} else {
if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
- uint8_t *rsa_result = asym_op->rsa.message.data;
+ uint8_t *rsa_result = asym_op->rsa.output.data;
- switch (asym_op->rsa.pad) {
+ switch (asym_op->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
rte_memcpy(rsa_result,
cookie->output_array[0],
@@ -561,7 +561,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
return RTE_CRYPTO_OP_STATUS_ERROR;
}
} else {
- uint8_t *rsa_result = asym_op->rsa.sign.data;
+ uint8_t *rsa_result = asym_op->rsa.output.data;
rte_memcpy(rsa_result,
cookie->output_array[0],
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index cd24d4b07b..834e06b96b 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -50,6 +50,19 @@ enum rte_crypto_ec_group {
RTE_CRYPTO_EC_GROUP_SECP521R1 = 25,
};
+/**<
+ * When set, message instead of message digest should be
+ * provided as an input for signature generation
+ */
+#define RTE_CRYPTO_RSA_FLAG_PT
+/**<
+ * When set, algorithmIdentifier is not added to message digest,
+ * therefore not forming digestInfo struct. PKCS1 v1.5 padding
+ * is added without further changes.
+ */
+#define RTE_CRYPTO_RSA_FLAG_PKCS1_NO_ASN1
+
+
/**
* Asymmetric crypto transformation types.
* Each xform type maps to one asymmetric algorithm
@@ -118,6 +131,21 @@ enum rte_crypto_asym_op_type {
RTE_CRYPTO_ASYM_OP_LIST_END
};
+enum rte_crypto_mgf {
+ RTE_CRYPTO_MGF_DEFAULT,
+ /**< Default mask generation function */
+ RTE_CRYPTO_MGF_MGF1_SHA1,
+ /**< MGF1 function with SHA1 hash algorithm */
+ RTE_CRYPTO_MGF_MGF1_SHA224,
+ /**< MGF1 function with SHA224 hash algorithm */
+ RTE_CRYPTO_MGF_MGF1_SHA256,
+ /**< MGF1 function with SHA256 hash algorithm */
+ RTE_CRYPTO_MGF_MGF1_SHA384,
+ /**< MGF1 function with SHA384 hash algorithm */
+ RTE_CRYPTO_MGF_MGF1_SHA512,
+ /**< MGF1 function with SHA512 hash algorithm */
+};
+
/**
* Padding types for RSA signature.
*/
@@ -162,6 +190,11 @@ enum rte_crypto_rsa_priv_key_type {
* and the device supports CSRNG, 'data' should be set to NULL.
* The crypto parameter in question will not be used by the PMD,
* as it is internally generated.
+ *
+ * In case an allocated buffer is used to return data from the PMD,
+ * i.e. encrypted/decrypted data or signature, it should be allocated
+ * with enough memory to hold the expected output. The length field will be set
+ * with the length of the data returned by the PMD.
*/
typedef struct rte_crypto_param_t {
uint8_t *data;
@@ -170,6 +203,8 @@ typedef struct rte_crypto_param_t {
/**< IO address of data buffer */
size_t length;
/**< length of data in bytes */
+ uint32_t capacity;
+ /**< capacity of this buffer in bytes */
} rte_crypto_param;
/** Unsigned big-integer in big-endian format */
@@ -311,6 +346,62 @@ struct rte_crypto_mod_op_param {
};
/**
+ * RSA padding type
+ */
+struct rte_crypto_rsa_padding {
+ enum rte_crypto_rsa_padding_type type;
+ /**< Type of RSA padding */
+ enum rte_crypto_auth_algorithm hash;
+ /**<
+ * RSA padding hash function
+ *
+ * When a specific padding type is selected, the following rules applies:
+ * - RTE_CRYPTO_RSA_PADDING_NONE:
+ * This field is ignored by the PMD
+ *
+ * - RTE_CRYPTO_RSA_PADDING_PKCS1_5:
+ * When signing operation this field is used to determine value
+ * of the DigestInfo structure, therefore specifying which algorithm
+ * was used to create the message digest.
+ * When doing encryption/decryption this field is ignored for this
+ * padding type.
+ *
+ * - RTE_CRYPTO_RSA_PADDING_OAEP
+ * This field shall be set with the hash algorithm used
+ * in the padding scheme
+ *
+ * - RTE_CRYPTO_RSA_PADDING_PSS
+ * This field shall be set with the hash algorithm used
+ * in the padding scheme (and to create the input message digest)
+ */
+ enum rte_crypto_mgf mgf;
+ /**<
+ * RSA padding mask generation function
+ *
+ * Used only for OAEP and PSS padding, otherwise ignored
+ * by the PMD.
+ * If RTE_CRYPTO_MGF_DEFAULT is selected, the default mask generation
+ * function defined by RFC standard is used with the hash function
+ * selected in the hash field.
+ */
+ uint16_t saltlen;
+ /**<
+ * RSA PSS padding salt length
+ *
+ * Used only when RTE_CRYPTO_RSA_PADDING_PSS padding is selected,
+ * otherwise ignored.
+ */
+ rte_crypto_param label;
+ /**<
+ * RSA OAEP padding optional label
+ *
+ * Used only when RTE_CRYPTO_RSA_PADDING_OAEP padding is selected,
+ * otherwise ignored. If label.data == NULL, a default label (empty string)
+ * is used.
+ */
+};
+
+/**
* RSA operation params
*
*/
@@ -318,72 +409,77 @@ struct rte_crypto_rsa_op_param {
enum rte_crypto_asym_op_type op_type;
/**< Type of RSA operation for transform */
- rte_crypto_param message;
+ rte_crypto_param input;
/**<
- * Pointer to input data
- * - to be encrypted for RSA public encrypt.
- * - to be signed for RSA sign generation.
- * - to be authenticated for RSA sign verification.
+ * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
*
- * Pointer to output data
- * - for RSA private decrypt.
- * In this case the underlying array should have been
- * allocated with enough memory to hold plaintext output
- * (i.e. must be at least RSA key size). The message.length
- * field should be 0 and will be overwritten by the PMD
- * with the decrypted length.
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
+ * input should only be used along with cryptographically
+ * secure padding scheme.
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5
+ * input shall be no longer than public modulus minus 11.
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_OAEP
+ * input shall be no longer than public modulus -
+ * 2 * len(hash) - 2.
*
- * All data is in Octet-string network byte order format.
- */
-
- rte_crypto_param cipher;
- /**<
- * Pointer to input data
- * - to be decrypted for RSA private decrypt.
+ * When op_type == RTE_CRYPTO_ASYM_OP_SIGN:
+ *
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
+ * input should only be used along with cryptographically
+ * secure padding scheme. *
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
+ * RTE_CRYPTO_RSA_PADDING_PSS
+ * if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain
+ * the message to be signed, if this flag is not set, input shall contain
+ * the digest of the message to be signed.
*
- * Pointer to output data
- * - for RSA public encrypt.
- * In this case the underlying array should have been allocated
- * with enough memory to hold ciphertext output (i.e. must be
- * at least RSA key size). The cipher.length field should
- * be 0 and will be overwritten by the PMD with the encrypted length.
+ * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT:
+ *
+ * Input shall contain previously encrypted RSA message.
+ *
+ * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
+ *
+ * Input shall contain signature to be verified
*
- * All data is in Octet-string network byte order format.
*/
- rte_crypto_param sign;
+ union {
+ rte_crypto_param output;
+ rte_crypto_param message;
+ };
/**<
- * Pointer to input data
- * - to be verified for RSA public decrypt.
+ * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
+ *
+ * Output shall contain encrypted data, output.length shall
+ * be set to the length of encrypted data.
+ *
+ * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT/RTE_CRYPTO_ASYM_OP_SIGN:
+ *
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
+ * output shall contain decrypted/signed data, but all leading zeros
+ * shall be preserved. Therefore output.length should be
+ * equal to the length of the modulus.
*
- * Pointer to output data
- * - for RSA private encrypt.
- * In this case the underlying array should have been allocated
- * with enough memory to hold signature output (i.e. must be
- * at least RSA key size). The sign.length field should
- * be 0 and will be overwritten by the PMD with the signature length.
+ * For other types of padding, output should contain
+ * decrypted data, and output.length shall be set to the length
+ * of decrypted data.
+ *
+ * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
+ *
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
+ * output shall contain the public key decrypted signature.
+ * All leading zeroes shall be preserved.
+ *
+ * For other padding types, the message should be set with data for the
+ * signature to be compared with.
*
- * All data is in Octet-string network byte order format.
*/
- enum rte_crypto_rsa_padding_type pad;
- /**< RSA padding scheme to be used for transform */
-
- enum rte_crypto_auth_algorithm md;
- /**< Hash algorithm to be used for data hash if padding
- * scheme is either OAEP or PSS. Valid hash algorithms
- * are:
- * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
- */
+ struct rte_crypto_rsa_padding padding;
+ /**< RSA padding information */
- enum rte_crypto_auth_algorithm mgf1md;
- /**<
- * Hash algorithm to be used for mask generation if
- * padding scheme is either OAEP or PSS. If padding
- * scheme is unspecified data hash algorithm is used
- * for mask generation. Valid hash algorithms are:
- * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
- */
+ uint64_t flags;
+ /**< RSA configuration flags */
};
/**
--
2.13.6
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa
2022-03-22 8:11 [RFC PATCH 1/2] cryptodev: rsa improvements Arek Kusztal
@ 2022-03-22 8:11 ` Arek Kusztal
2022-03-22 9:13 ` Kusztal, ArkadiuszX
2022-03-22 8:53 ` [RFC PATCH 1/2] cryptodev: rsa improvements Kusztal, ArkadiuszX
1 sibling, 1 reply; 5+ messages in thread
From: Arek Kusztal @ 2022-03-22 8:11 UTC (permalink / raw)
To: dev; +Cc: gakhil, roy.fan.zhang, anoobj, Arek Kusztal
This commit adds example pkcs1 signature tests.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
app/test/test_cryptodev_asym.c | 249 +++++++++++++++++++++++++++++--
drivers/crypto/openssl/rte_openssl_pmd.c | 34 ++++-
lib/cryptodev/rte_crypto_asym.h | 6 +-
3 files changed, 270 insertions(+), 19 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 71378cbdb2..512eb34377 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -15,6 +15,7 @@
#include <rte_cryptodev.h>
#include <rte_crypto.h>
+#include <openssl/rsa.h>
#include "test_cryptodev.h"
#include "test_cryptodev_dh_test_vectors.h"
@@ -163,6 +164,222 @@ queue_ops_rsa_sign_verify(void *sess)
return status;
}
+/* DPDK RFC RSA 22.07 */
+
+static uint8_t
+rsa_sign_pkcs_15_pt[] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+ 0x11, 0x12, 0x13, 0x14,
+};
+
+static uint8_t
+rsa_sign_pkcs_15_pt_sha256[] = {
+ 0xB1, 0xB2, 0xB3, 0xB4, 0xA1, 0xA2, 0xA3, 0xA4,
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+};
+
+static uint8_t
+rsa_sign_pkcs_15_padded[] = {
+ 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+};
+
+static uint8_t
+rsa_sign_pkcs_15_padded_digestinfo_sha1[] = {
+ 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x30, 0x21, 0x30,
+ 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
+ 0x05, 0x00, 0x04, 0x14, 0x01, 0x02, 0x03, 0x04,
+ 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+};
+
+static uint8_t
+rsa_sign_pkcs_15_padded_digestinfo_sha256[] = {
+ 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x30, 0x31, 0x30,
+ 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+ 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20,
+ 0xB1, 0xB2, 0xB3, 0xB4, 0xA1, 0xA2, 0xA3, 0xA4,
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+};
+
+static void*
+rfc2207_rsa_sign_pkcs_15_sesscreat(void)
+{
+ struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+ struct rte_mempool *sess_mpool = ts_params->session_mpool;
+ uint8_t dev_id = ts_params->valid_devs[0];
+ static void *sess = NULL;
+ int ret;
+
+ if (sess)
+ return sess;
+ ret = rte_cryptodev_asym_session_create(dev_id, &rsa_xform, sess_mpool, &sess);
+
+ if (ret < 0) {
+ RTE_LOG(ERR, USER1, "Session creation failed for "
+ "sign_verify\n");
+ return NULL;
+ }
+ return sess;
+}
+
+struct rfc2207_rsa_test_data
+{
+ enum rte_crypto_rsa_padding_type type;
+ rte_crypto_param input;
+ enum rte_crypto_auth_algorithm hash;
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_ssl23 = {
+ .type = RTE_CRYPTO_RSA_PADDING_SSL23,
+ .input.data = rsa_sign_pkcs_15_pt,
+ .input.length = sizeof(rsa_sign_pkcs_15_pt),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_ssl23_padded = {
+ .type = RTE_CRYPTO_RSA_PADDING_NONE,
+ .input.data = rsa_sign_pkcs_15_padded,
+ .input.length = sizeof(rsa_sign_pkcs_15_padded),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_pkcs15_sha1 = {
+ .type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
+ .hash = RTE_CRYPTO_AUTH_SHA1,
+ .input.data = rsa_sign_pkcs_15_pt,
+ .input.length = sizeof(rsa_sign_pkcs_15_pt),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_pkcs15_digestinfo_sha1 = {
+ .type = RTE_CRYPTO_RSA_PADDING_NONE,
+ .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha1,
+ .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha1),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_pkcs15_sha256 = {
+ .type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
+ .hash = RTE_CRYPTO_AUTH_SHA256,
+ .input.data = rsa_sign_pkcs_15_pt_sha256,
+ .input.length = sizeof(rsa_sign_pkcs_15_pt_sha256),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_pkcs15_digestinfo_sha256 = {
+ .type = RTE_CRYPTO_RSA_PADDING_NONE,
+ .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha256,
+ .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha256),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_pkcs15_oaep = {
+ .type = RTE_CRYPTO_RSA_PADDING_NONE,
+ .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha256,
+ .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha256),
+};
+
+static int
+rfc2207_rsa_sign_pkcs_15(const void *test_data)
+{
+ struct crypto_testsuite_params_asym *ts_params;
+ uint8_t dev_id;
+ struct rte_crypto_op *op, *result_op;
+ struct rte_crypto_asym_op *asym_op;
+ struct rte_mempool *op_mpool;
+ void *sess;
+ uint8_t result[TEST_DATA_SIZE];
+ const struct rfc2207_rsa_test_data *tdata = test_data;
+
+ ts_params = &testsuite_params;
+ dev_id = ts_params->valid_devs[0];
+ op_mpool = ts_params->op_mpool;
+ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+ if (op == NULL) {
+ RTE_LOG(ERR, USER1, "Failed to allocate asymmetric crypto "
+ "operation struct\n");
+ return TEST_FAILED;
+ }
+
+ sess = rfc2207_rsa_sign_pkcs_15_sesscreat();
+ if (sess == NULL) {
+ RTE_LOG(ERR, USER1, "Failed to allocate asymmetric crypto "
+ "operation struct\n");
+ return TEST_FAILED;
+ }
+
+ asym_op = op->asym;
+ asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
+ asym_op->rsa.padding.type = tdata->type;
+ asym_op->rsa.padding.hash = tdata->hash;
+ asym_op->rsa.input = tdata->input;
+ asym_op->rsa.output.data = result;
+
+ rte_crypto_op_attach_asym_session(op, sess);
+
+ /* Process crypto operation */
+ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+ RTE_LOG(ERR, USER1, "Error sending packet for encryption\n");
+ return -1;
+ }
+
+ while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+ rte_pause();
+
+ if (result_op == NULL) {
+ RTE_LOG(ERR, USER1, "Failed to process encryption op\n");
+ return -1;
+ }
+
+ printf("\nOutput len = %lu", asym_op->rsa.output.length);
+ rte_hexdump(stdout, "Signature", asym_op->rsa.output.data, asym_op->rsa.output.length);
+
+ return 0;
+}
+
+/* !---! DPDK RFC RSA 22.07 */
+
static int
queue_ops_rsa_enc_dec(void *sess)
{
@@ -2147,20 +2364,32 @@ static struct unit_test_suite cryptodev_openssl_asym_testsuite = {
.setup = testsuite_setup,
.teardown = testsuite_teardown,
.unit_test_cases = {
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_capability),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dsa),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_capability),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_dsa),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_dh_keygenration),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_rsa_sign_verify),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_rsa_enc_dec_crt),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_rsa_sign_verify_crt),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_inv),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_one_by_one),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_mod_inv),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_mod_exp),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_one_by_one),
+ TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_ssl23", ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_ssl23),
+ TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_ssl23_padded", ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_ssl23_padded),
+ TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_sha1", ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_pkcs15_sha1),
+ TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_digestinfo_sha1", ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_pkcs15_digestinfo_sha1),
+ TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_sha256", ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_pkcs15_sha256),
+ TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_digestinfo_sha256", ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_pkcs15_digestinfo_sha256),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 45cee47c5d..32da143ea0 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1899,11 +1899,24 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
RSA *rsa = sess->u.r.rsa;
uint32_t pad = (op->rsa.padding.type);
uint8_t *tmp;
+ int sha;
+
+ switch (op->rsa.padding.hash) {
+ case RTE_CRYPTO_AUTH_SHA1:
+ sha = NID_sha1;
+ break;
+ case RTE_CRYPTO_AUTH_SHA256:
+ sha = NID_sha256;
+ break;
+ default:
+ sha = NID_sha1;
+ }
cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
switch (pad) {
case RTE_CRYPTO_RSA_PADDING_PKCS1_5:
+ case RTE_CRYPTO_RSA_PADDING_SSL23:
pad = RSA_PKCS1_PADDING;
break;
case RTE_CRYPTO_RSA_PADDING_NONE:
@@ -1941,13 +1954,20 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
break;
case RTE_CRYPTO_ASYM_OP_SIGN:
- ret = RSA_private_encrypt(op->rsa.input.length,
- op->rsa.input.data,
- op->rsa.output.data,
- rsa,
- pad);
- if (ret > 0)
- op->rsa.output.length = ret;
+ if (op->rsa.padding.type != RTE_CRYPTO_RSA_PADDING_PKCS1_5) {
+ ret = RSA_private_encrypt(op->rsa.input.length,
+ op->rsa.input.data,
+ op->rsa.output.data,
+ rsa,
+ pad);
+ if (ret > 0)
+ op->rsa.output.length = ret;
+ } else {
+ ret = RSA_sign(sha, op->rsa.input.data, op->rsa.input.length,
+ op->rsa.output.data, (unsigned int *)&op->rsa.output.length, rsa);
+ if (ret == 0)
+ ret = -1;
+ }
break;
case RTE_CRYPTO_ASYM_OP_VERIFY:
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 834e06b96b..b3906b08e3 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -149,6 +149,7 @@ enum rte_crypto_mgf {
/**
* Padding types for RSA signature.
*/
+ #define TEMP
enum rte_crypto_rsa_padding_type {
RTE_CRYPTO_RSA_PADDING_NONE = 0,
/**< RSA no padding scheme */
@@ -160,6 +161,7 @@ enum rte_crypto_rsa_padding_type {
/**< RSA PKCS#1 OAEP padding scheme */
RTE_CRYPTO_RSA_PADDING_PSS,
/**< RSA PKCS#1 PSS padding scheme */
+ TEMP RTE_CRYPTO_RSA_PADDING_SSL23,
RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
};
@@ -426,7 +428,7 @@ struct rte_crypto_rsa_op_param {
*
* If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
* input should only be used along with cryptographically
- * secure padding scheme. *
+ * secure padding scheme.
* If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
* RTE_CRYPTO_RSA_PADDING_PSS
* if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain
@@ -434,7 +436,7 @@ struct rte_crypto_rsa_op_param {
* the digest of the message to be signed.
*
* When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT:
- *
+ *
* Input shall contain previously encrypted RSA message.
*
* When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
--
2.13.6
^ permalink raw reply related [flat|nested] 5+ messages in thread
* RE: [RFC PATCH 1/2] cryptodev: rsa improvements
2022-03-22 8:11 [RFC PATCH 1/2] cryptodev: rsa improvements Arek Kusztal
2022-03-22 8:11 ` [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa Arek Kusztal
@ 2022-03-22 8:53 ` Kusztal, ArkadiuszX
1 sibling, 0 replies; 5+ messages in thread
From: Kusztal, ArkadiuszX @ 2022-03-22 8:53 UTC (permalink / raw)
To: dev; +Cc: gakhil, Zhang, Roy Fan, anoobj
Hi,
> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: Tuesday, March 22, 2022 9:11 AM
> To: dev@dpdk.org
> Cc: gakhil@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> anoobj@marvell.com; Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Subject: [RFC PATCH 1/2] cryptodev: rsa improvements
>
> This commit reworks rsa implementation.
>
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
> app/test/test_cryptodev_asym.c | 90 +++++++------
> app/test/test_cryptodev_asym_util.h | 4 +-
> drivers/crypto/meson.build | 4 +-
> drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++---
> drivers/crypto/qat/dev/qat_asym_pmd_gen1.c | 2 +
> drivers/crypto/qat/qat_asym.c | 28 ++--
> lib/cryptodev/rte_crypto_asym.h | 202 +++++++++++++++++++++--------
> 7 files changed, 235 insertions(+), 131 deletions(-)
>
> diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
> index 573af2a537..71378cbdb2 100644
> --- a/app/test/test_cryptodev_asym.c
> +++ b/app/test/test_cryptodev_asym.c
> @@ -75,6 +75,7 @@ queue_ops_rsa_sign_verify(void *sess)
> struct rte_crypto_op *op, *result_op;
> struct rte_crypto_asym_op *asym_op;
> uint8_t output_buf[TEST_DATA_SIZE];
> + uint8_t input_sign[TEST_DATA_SIZE];
> int status = TEST_SUCCESS;
>
> /* Set up crypto op data structure */
> @@ -90,14 +91,14 @@ queue_ops_rsa_sign_verify(void *sess)
> /* Compute sign on the test vector */
> asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
>
> - asym_op->rsa.message.data = rsaplaintext.data;
> - asym_op->rsa.message.length = rsaplaintext.len;
> - asym_op->rsa.sign.length = 0;
> - asym_op->rsa.sign.data = output_buf;
> - asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
> + asym_op->rsa.input.data = rsaplaintext.data;
> + asym_op->rsa.input.length = rsaplaintext.len;
> + asym_op->rsa.output.length = 0;
> + asym_op->rsa.output.data = output_buf;
> + asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
>
> - debug_hexdump(stdout, "message", asym_op->rsa.message.data,
> - asym_op->rsa.message.length);
> + debug_hexdump(stdout, "message", asym_op->rsa.input.data,
> + asym_op->rsa.input.length);
>
> /* Attach asymmetric crypto session to crypto operations */
> rte_crypto_op_attach_asym_session(op, sess); @@ -120,13 +121,18
> @@ queue_ops_rsa_sign_verify(void *sess)
> goto error_exit;
> }
>
> - debug_hexdump(stdout, "signed message", asym_op->rsa.sign.data,
> - asym_op->rsa.sign.length);
> + debug_hexdump(stdout, "signed message", asym_op->rsa.output.data,
> + asym_op->rsa.output.length);
> asym_op = result_op->asym;
>
> /* Verify sign */
> + memcpy(input_sign, asym_op->rsa.output.data, asym_op-
> >rsa.output.length);
> + asym_op->rsa.input.data = input_sign;
> + asym_op->rsa.input.length = asym_op->rsa.output.length;
> + asym_op->rsa.message.data = rsaplaintext.data;
> + asym_op->rsa.message.length = rsaplaintext.len;
> asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
> - asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
> + asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
>
> /* Process crypto operation */
> if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { @@ -181,14
> +187,14 @@ queue_ops_rsa_enc_dec(void *sess)
> /* Compute encryption on the test vector */
> asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
>
> - asym_op->rsa.message.data = rsaplaintext.data;
> - asym_op->rsa.cipher.data = cipher_buf;
> - asym_op->rsa.cipher.length = 0;
> - asym_op->rsa.message.length = rsaplaintext.len;
> - asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
> + asym_op->rsa.input.data = rsaplaintext.data;
> + asym_op->rsa.output.data = cipher_buf;
> + asym_op->rsa.output.length = 0;
> + asym_op->rsa.input.length = rsaplaintext.len;
> + asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
>
> - debug_hexdump(stdout, "message", asym_op->rsa.message.data,
> - asym_op->rsa.message.length);
> + debug_hexdump(stdout, "message", asym_op->rsa.input.data,
> + asym_op->rsa.input.length);
>
> /* Attach asymmetric crypto session to crypto operations */
> rte_crypto_op_attach_asym_session(op, sess); @@ -210,14 +216,14
> @@ queue_ops_rsa_enc_dec(void *sess)
> status = TEST_FAILED;
> goto error_exit;
> }
> - debug_hexdump(stdout, "encrypted message", asym_op-
> >rsa.message.data,
> - asym_op->rsa.message.length);
> + debug_hexdump(stdout, "encrypted message", asym_op-
> >rsa.input.data,
> + asym_op->rsa.input.length);
>
> /* Use the resulted output as decryption Input vector*/
> asym_op = result_op->asym;
> - asym_op->rsa.message.length = 0;
> + asym_op->rsa.input.length = 0;
> asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
> - asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
> + asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
>
> /* Process crypto operation */
> if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { @@ -270,20
> +276,20 @@ test_cryptodev_asym_ver(struct rte_crypto_op *op,
> case RTE_CRYPTO_ASYM_XFORM_RSA:
> if (op->asym->rsa.op_type ==
> RTE_CRYPTO_ASYM_OP_ENCRYPT) {
> data_size = xform_tc->rsa.n.length;
> - data_received = result_op->asym->rsa.cipher.data;
> + data_received = result_op->asym->rsa.output.data;
> data_expected = data_tc->rsa_data.ct.data;
> } else if (op->asym->rsa.op_type ==
> RTE_CRYPTO_ASYM_OP_DECRYPT) {
> data_size = xform_tc->rsa.n.length;
> data_expected = data_tc->rsa_data.pt.data;
> - data_received = result_op->asym->rsa.message.data;
> + data_received = result_op->asym->rsa.output.data;
> } else if (op->asym->rsa.op_type ==
> RTE_CRYPTO_ASYM_OP_SIGN) {
> data_size = xform_tc->rsa.n.length;
> data_expected = data_tc->rsa_data.sign.data;
> - data_received = result_op->asym->rsa.sign.data;
> + data_received = result_op->asym->rsa.output.data;
> } else if (op->asym->rsa.op_type ==
> RTE_CRYPTO_ASYM_OP_VERIFY) {
> data_size = xform_tc->rsa.n.length;
> data_expected = data_tc->rsa_data.pt.data;
> - data_received = result_op->asym->rsa.cipher.data;
> + data_received = result_op->asym->rsa.output.data;
> }
> break;
> case RTE_CRYPTO_ASYM_XFORM_DH:
> @@ -414,28 +420,28 @@ test_cryptodev_asym_op(struct
> crypto_testsuite_params_asym *ts_params,
> }
>
> xform_tc.rsa.key_type = key_type;
> - op->asym->rsa.pad = data_tc->rsa_data.padding;
> + op->asym->rsa.padding.type = data_tc->rsa_data.padding;
>
> if (op->asym->rsa.op_type ==
> RTE_CRYPTO_ASYM_OP_ENCRYPT) {
> - asym_op->rsa.message.data = data_tc-
> >rsa_data.pt.data;
> - asym_op->rsa.message.length = data_tc-
> >rsa_data.pt.len;
> - asym_op->rsa.cipher.data = result;
> - asym_op->rsa.cipher.length = data_tc->rsa_data.n.len;
> + asym_op->rsa.input.data = data_tc->rsa_data.pt.data;
> + asym_op->rsa.input.length = data_tc->rsa_data.pt.len;
> + asym_op->rsa.output.data = result;
> + asym_op->rsa.output.length = data_tc->rsa_data.n.len;
> } else if (op->asym->rsa.op_type ==
> RTE_CRYPTO_ASYM_OP_DECRYPT) {
> - asym_op->rsa.message.data = result;
> - asym_op->rsa.message.length = data_tc-
> >rsa_data.n.len;
> - asym_op->rsa.cipher.data = data_tc->rsa_data.ct.data;
> - asym_op->rsa.cipher.length = data_tc->rsa_data.ct.len;
> + asym_op->rsa.output.data = result;
> + asym_op->rsa.output.length = data_tc->rsa_data.n.len;
> + asym_op->rsa.input.data = data_tc->rsa_data.ct.data;
> + asym_op->rsa.input.length = data_tc->rsa_data.ct.len;
> } else if (op->asym->rsa.op_type ==
> RTE_CRYPTO_ASYM_OP_SIGN) {
> - asym_op->rsa.sign.data = result;
> - asym_op->rsa.sign.length = data_tc->rsa_data.n.len;
> - asym_op->rsa.message.data = data_tc-
> >rsa_data.pt.data;
> - asym_op->rsa.message.length = data_tc-
> >rsa_data.pt.len;
> + asym_op->rsa.output.data = result;
> + asym_op->rsa.output.length = data_tc->rsa_data.n.len;
> + asym_op->rsa.input.data = data_tc->rsa_data.pt.data;
> + asym_op->rsa.input.length = data_tc->rsa_data.pt.len;
> } else if (op->asym->rsa.op_type ==
> RTE_CRYPTO_ASYM_OP_VERIFY) {
> - asym_op->rsa.cipher.data = result;
> - asym_op->rsa.cipher.length = data_tc->rsa_data.n.len;
> - asym_op->rsa.sign.data = data_tc->rsa_data.sign.data;
> - asym_op->rsa.sign.length = data_tc->rsa_data.sign.len;
> + asym_op->rsa.input.data = data_tc-
> >rsa_data.sign.data;
> + asym_op->rsa.input.length = data_tc-
> >rsa_data.sign.len;
> + asym_op->rsa.output.data = result;
> + asym_op->rsa.output.length = data_tc->rsa_data.n.len;
> }
> break;
> case RTE_CRYPTO_ASYM_XFORM_DH:
> diff --git a/app/test/test_cryptodev_asym_util.h
> b/app/test/test_cryptodev_asym_util.h
> index 83dc265dd7..175a6a4307 100644
> --- a/app/test/test_cryptodev_asym_util.h
> +++ b/app/test/test_cryptodev_asym_util.h
> @@ -11,8 +11,8 @@ static inline int rsa_verify(struct rsa_test_data
> *rsa_param,
> struct rte_crypto_op *result_op)
> {
> if (memcmp(rsa_param->data,
> - result_op->asym->rsa.message.data,
> - result_op->asym->rsa.message.length))
> + result_op->asym->rsa.input.data,
> + result_op->asym->rsa.input.length))
> return -1;
> return 0;
> }
> diff --git a/drivers/crypto/meson.build b/drivers/crypto/meson.build index
> 147b8cf633..4d83b45ca5 100644
> --- a/drivers/crypto/meson.build
> +++ b/drivers/crypto/meson.build
> @@ -7,7 +7,7 @@ drivers = [
> 'bcmfs',
> 'caam_jr',
> 'ccp',
> - 'cnxk',
> +# 'cnxk',
> 'dpaa_sec',
> 'dpaa2_sec',
> 'ipsec_mb',
> @@ -15,7 +15,7 @@ drivers = [
> 'mvsam',
> 'nitrox',
> 'null',
> - 'octeontx',
> +# 'octeontx',
> 'openssl',
> 'scheduler',
> 'virtio',
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index d80e1052e2..45cee47c5d 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -1897,7 +1897,7 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
> int ret = 0;
> struct rte_crypto_asym_op *op = cop->asym;
> RSA *rsa = sess->u.r.rsa;
> - uint32_t pad = (op->rsa.pad);
> + uint32_t pad = (op->rsa.padding.type);
> uint8_t *tmp;
>
> cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; @@ -1918,47
> +1918,47 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
>
> switch (op->rsa.op_type) {
> case RTE_CRYPTO_ASYM_OP_ENCRYPT:
> - ret = RSA_public_encrypt(op->rsa.message.length,
> - op->rsa.message.data,
> - op->rsa.cipher.data,
> + ret = RSA_public_encrypt(op->rsa.input.length,
> + op->rsa.input.data,
> + op->rsa.output.data,
> rsa,
> pad);
>
> if (ret > 0)
> - op->rsa.cipher.length = ret;
> + op->rsa.output.length = ret;
> OPENSSL_LOG(DEBUG,
> "length of encrypted text %d\n", ret);
> break;
>
> case RTE_CRYPTO_ASYM_OP_DECRYPT:
> - ret = RSA_private_decrypt(op->rsa.cipher.length,
> - op->rsa.cipher.data,
> - op->rsa.message.data,
> + ret = RSA_private_decrypt(op->rsa.input.length,
> + op->rsa.input.data,
> + op->rsa.output.data,
> rsa,
> pad);
> if (ret > 0)
> - op->rsa.message.length = ret;
> + op->rsa.output.length = ret;
> break;
>
> case RTE_CRYPTO_ASYM_OP_SIGN:
> - ret = RSA_private_encrypt(op->rsa.message.length,
> - op->rsa.message.data,
> - op->rsa.sign.data,
> + ret = RSA_private_encrypt(op->rsa.input.length,
> + op->rsa.input.data,
> + op->rsa.output.data,
> rsa,
> pad);
> if (ret > 0)
> - op->rsa.sign.length = ret;
> + op->rsa.output.length = ret;
> break;
>
> case RTE_CRYPTO_ASYM_OP_VERIFY:
> - tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
> + tmp = rte_malloc(NULL, op->rsa.input.length, 0);
> if (tmp == NULL) {
> OPENSSL_LOG(ERR, "Memory allocation failed");
> cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> break;
> }
> - ret = RSA_public_decrypt(op->rsa.sign.length,
> - op->rsa.sign.data,
> + ret = RSA_public_decrypt(op->rsa.input.length,
> + op->rsa.input.data,
> tmp,
> rsa,
> pad);
> @@ -1966,9 +1966,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
> OPENSSL_LOG(DEBUG,
> "Length of public_decrypt %d "
> "length of message %zd\n",
> - ret, op->rsa.message.length);
> + ret, op->rsa.input.length);
> if ((ret <= 0) || (CRYPTO_memcmp(tmp, op->rsa.message.data,
> - op->rsa.message.length))) {
> + op->rsa.input.length))) {
> OPENSSL_LOG(ERR, "RSA sign Verification failed");
> cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> }
> diff --git a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> index 4499fdaf2d..b84e2963b0 100644
> --- a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> +++ b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> @@ -4,10 +4,12 @@
>
> #include <rte_cryptodev.h>
> #include <cryptodev_pmd.h>
> +#include <rte_bitops.h>
> #include "qat_asym.h"
> #include "qat_crypto.h"
> #include "qat_crypto_pmd_gens.h"
>
> +
> struct rte_cryptodev_ops qat_asym_crypto_ops_gen1 = {
> /* Device related operations */
> .dev_configure = qat_cryptodev_config,
> diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
> index 479d5308cf..cb2b47acbb 100644
> --- a/drivers/crypto/qat/qat_asym.c
> +++ b/drivers/crypto/qat/qat_asym.c
> @@ -345,9 +345,9 @@ rsa_set_pub_input(struct rte_crypto_asym_op
> *asym_op,
> alg_bytesize = qat_function.bytesize;
>
> if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
> - switch (asym_op->rsa.pad) {
> + switch (asym_op->rsa.padding.type) {
> case RTE_CRYPTO_RSA_PADDING_NONE:
> - SET_PKE_LN(cookie->input_array, asym_op-
> >rsa.message,
> + SET_PKE_LN(cookie->input_array, asym_op->rsa.input,
> alg_bytesize, 0);
> break;
> default:
> @@ -358,9 +358,9 @@ rsa_set_pub_input(struct rte_crypto_asym_op
> *asym_op,
> }
> HEXDUMP("RSA Message", cookie->input_array[0],
> alg_bytesize);
> } else {
> - switch (asym_op->rsa.pad) {
> + switch (asym_op->rsa.padding.type) {
> case RTE_CRYPTO_RSA_PADDING_NONE:
> - SET_PKE_LN(cookie->input_array, asym_op->rsa.sign,
> + SET_PKE_LN(cookie->input_array, asym_op->rsa.input,
> alg_bytesize, 0);
> break;
> default:
> @@ -454,9 +454,9 @@ rsa_set_priv_input(struct rte_crypto_asym_op
> *asym_op,
>
> if (asym_op->rsa.op_type ==
> RTE_CRYPTO_ASYM_OP_DECRYPT) {
> - switch (asym_op->rsa.pad) {
> + switch (asym_op->rsa.padding.type) {
> case RTE_CRYPTO_RSA_PADDING_NONE:
> - SET_PKE_LN(cookie->input_array, asym_op-
> >rsa.cipher,
> + SET_PKE_LN(cookie->input_array, asym_op->rsa.input,
> alg_bytesize, 0);
> HEXDUMP("RSA ciphertext", cookie->input_array[0],
> alg_bytesize);
> @@ -469,9 +469,9 @@ rsa_set_priv_input(struct rte_crypto_asym_op
> *asym_op,
>
> } else if (asym_op->rsa.op_type ==
> RTE_CRYPTO_ASYM_OP_SIGN) {
> - switch (asym_op->rsa.pad) {
> + switch (asym_op->rsa.padding.type) {
> case RTE_CRYPTO_RSA_PADDING_NONE:
> - SET_PKE_LN(cookie->input_array, asym_op-
> >rsa.message,
> + SET_PKE_LN(cookie->input_array, asym_op->rsa.input,
> alg_bytesize, 0);
> HEXDUMP("RSA text to be signed", cookie-
> >input_array[0],
> alg_bytesize);
> @@ -519,7 +519,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
>
> if (asym_op->rsa.op_type ==
> RTE_CRYPTO_ASYM_OP_ENCRYPT) {
> - uint8_t *rsa_result = asym_op->rsa.cipher.data;
> + uint8_t *rsa_result = asym_op->rsa.output.data;
>
> rte_memcpy(rsa_result,
> cookie->output_array[0],
> @@ -527,9 +527,9 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
> HEXDUMP("RSA Encrypted data", cookie-
> >output_array[0],
> alg_bytesize);
> } else {
> - uint8_t *rsa_result = asym_op->rsa.cipher.data;
> + uint8_t *rsa_result = asym_op->rsa.output.data;
>
> - switch (asym_op->rsa.pad) {
> + switch (asym_op->rsa.padding.type) {
> case RTE_CRYPTO_RSA_PADDING_NONE:
> rte_memcpy(rsa_result,
> cookie->output_array[0],
> @@ -545,9 +545,9 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
> }
> } else {
> if (asym_op->rsa.op_type ==
> RTE_CRYPTO_ASYM_OP_DECRYPT) {
> - uint8_t *rsa_result = asym_op->rsa.message.data;
> + uint8_t *rsa_result = asym_op->rsa.output.data;
>
> - switch (asym_op->rsa.pad) {
> + switch (asym_op->rsa.padding.type) {
> case RTE_CRYPTO_RSA_PADDING_NONE:
> rte_memcpy(rsa_result,
> cookie->output_array[0],
> @@ -561,7 +561,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
> return RTE_CRYPTO_OP_STATUS_ERROR;
> }
> } else {
> - uint8_t *rsa_result = asym_op->rsa.sign.data;
> + uint8_t *rsa_result = asym_op->rsa.output.data;
>
> rte_memcpy(rsa_result,
> cookie->output_array[0],
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index cd24d4b07b..834e06b96b 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -50,6 +50,19 @@ enum rte_crypto_ec_group {
> RTE_CRYPTO_EC_GROUP_SECP521R1 = 25,
> };
>
> +/**<
> + * When set, message instead of message digest should be
> + * provided as an input for signature generation */ #define
> +RTE_CRYPTO_RSA_FLAG_PT /**<
[Arek] - this is introduced because drivers may differ in terms what should be provided as an input to the signature function.
OpenSSL even differ in that between versions (i.e. EVP_DigestSign will require message not digest, and no other option in 3.0).
> + * When set, algorithmIdentifier is not added to message digest,
> + * therefore not forming digestInfo struct. PKCS1 v1.5 padding
> + * is added without further changes.
> + */
> +#define RTE_CRYPTO_RSA_FLAG_PKCS1_NO_ASN1
[Arek] - this one I explained some time ago, (example in second patch of this series). OpenSSL PMD with current implementation does padding without properly filling DigestInfo struct, but in case something works this way (i.e. current OpenSSL PMD RSA_private_encrypt) there should be an option.
> +
> +
> /**
> * Asymmetric crypto transformation types.
> * Each xform type maps to one asymmetric algorithm @@ -118,6 +131,21 @@
> enum rte_crypto_asym_op_type {
> RTE_CRYPTO_ASYM_OP_LIST_END
> };
>
> +enum rte_crypto_mgf {
> + RTE_CRYPTO_MGF_DEFAULT,
> + /**< Default mask generation function */
> + RTE_CRYPTO_MGF_MGF1_SHA1,
> + /**< MGF1 function with SHA1 hash algorithm */
> + RTE_CRYPTO_MGF_MGF1_SHA224,
> + /**< MGF1 function with SHA224 hash algorithm */
> + RTE_CRYPTO_MGF_MGF1_SHA256,
> + /**< MGF1 function with SHA256 hash algorithm */
> + RTE_CRYPTO_MGF_MGF1_SHA384,
> + /**< MGF1 function with SHA384 hash algorithm */
> + RTE_CRYPTO_MGF_MGF1_SHA512,
> + /**< MGF1 function with SHA512 hash algorithm */ };
> +
[Arek] - this is not that necessary as probably MGF function will no change in near future but it is more conformant to the standard.
> /**
> * Padding types for RSA signature.
> */
> @@ -162,6 +190,11 @@ enum rte_crypto_rsa_priv_key_type {
> * and the device supports CSRNG, 'data' should be set to NULL.
> * The crypto parameter in question will not be used by the PMD,
> * as it is internally generated.
> + *
> + * In case an allocated buffer is used to return data from the PMD,
> + * i.e. encrypted/decrypted data or signature, it should be allocated
> + * with enough memory to hold the expected output. The length field
> + will be set
> + * with the length of the data returned by the PMD.
> */
> typedef struct rte_crypto_param_t {
> uint8_t *data;
> @@ -170,6 +203,8 @@ typedef struct rte_crypto_param_t {
> /**< IO address of data buffer */
> size_t length;
> /**< length of data in bytes */
> + uint32_t capacity;
> + /**< capacity of this buffer in bytes */
[Arek] - ultimately we could replace it with rte_crypto_vec, but if not I think this could be useful information.
> } rte_crypto_param;
>
> /** Unsigned big-integer in big-endian format */ @@ -311,6 +346,62 @@
> struct rte_crypto_mod_op_param { };
>
> /**
> + * RSA padding type
> + */
[Arek] - I have moved padding to separate struct as there are too many parameters (some of them lacking in current api), I think this could be easier readable.
Hash right now is used as an input parameter to PKCS1 signature function too.
> +struct rte_crypto_rsa_padding {
> + enum rte_crypto_rsa_padding_type type;
> + /**< Type of RSA padding */
> + enum rte_crypto_auth_algorithm hash;
[Arek] - unfortunately we cannot have here default as we use this unfortunate enum, unless we add new one for asymmetric crypto.
> + /**<
> + * RSA padding hash function
> + *
> + * When a specific padding type is selected, the following rules applies:
> + * - RTE_CRYPTO_RSA_PADDING_NONE:
> + * This field is ignored by the PMD
> + *
> + * - RTE_CRYPTO_RSA_PADDING_PKCS1_5:
> + * When signing operation this field is used to determine value
> + * of the DigestInfo structure, therefore specifying which algorithm
> + * was used to create the message digest.
> + * When doing encryption/decryption this field is ignored for this
> + * padding type.
> + *
> + * - RTE_CRYPTO_RSA_PADDING_OAEP
> + * This field shall be set with the hash algorithm used
> + * in the padding scheme
> + *
> + * - RTE_CRYPTO_RSA_PADDING_PSS
> + * This field shall be set with the hash algorithm used
> + * in the padding scheme (and to create the input message digest)
> + */
> + enum rte_crypto_mgf mgf;
> + /**<
> + * RSA padding mask generation function
> + *
> + * Used only for OAEP and PSS padding, otherwise ignored
> + * by the PMD.
> + * If RTE_CRYPTO_MGF_DEFAULT is selected, the default mask
> generation
> + * function defined by RFC standard is used with the hash function
> + * selected in the hash field.
> + */
> + uint16_t saltlen;
> + /**<
> + * RSA PSS padding salt length
> + *
> + * Used only when RTE_CRYPTO_RSA_PADDING_PSS padding is
> selected,
> + * otherwise ignored.
> + */
> + rte_crypto_param label;
> + /**<
> + * RSA OAEP padding optional label
> + *
> + * Used only when RTE_CRYPTO_RSA_PADDING_OAEP padding is
> selected,
> + * otherwise ignored. If label.data == NULL, a default label (empty
> string)
> + * is used.
> + */
> +};
> +
> +/**
> * RSA operation params
> *
> */
[Arek] - biggest change here is that instead of message, cipher, signature there is input and output because:
1) Only two of these fields can be used in one operation:
2) Having same fields for input and output for different operations makes it more difficult to follow.
3) When SIGN_VERIFY for NONE PADDING (popular case) we should return decrypted signature so output is here the best option (unless we will drop verify option for NONE padding)
> @@ -318,72 +409,77 @@ struct rte_crypto_rsa_op_param {
> enum rte_crypto_asym_op_type op_type;
> /**< Type of RSA operation for transform */
>
> - rte_crypto_param message;
> + rte_crypto_param input;
> /**<
> - * Pointer to input data
> - * - to be encrypted for RSA public encrypt.
> - * - to be signed for RSA sign generation.
> - * - to be authenticated for RSA sign verification.
> + * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
> *
> - * Pointer to output data
> - * - for RSA private decrypt.
> - * In this case the underlying array should have been
> - * allocated with enough memory to hold plaintext output
> - * (i.e. must be at least RSA key size). The message.length
> - * field should be 0 and will be overwritten by the PMD
> - * with the decrypted length.
> + * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> + * input should only be used along with cryptographically
> + * secure padding scheme.
> + * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5
> + * input shall be no longer than public modulus minus 11.
> + * If padding.type = RTE_CRYPTO_RSA_PADDING_OAEP
> + * input shall be no longer than public modulus -
> + * 2 * len(hash) - 2.
> *
> - * All data is in Octet-string network byte order format.
> - */
> -
> - rte_crypto_param cipher;
> - /**<
> - * Pointer to input data
> - * - to be decrypted for RSA private decrypt.
> + * When op_type == RTE_CRYPTO_ASYM_OP_SIGN:
> + *
> + * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> + * input should only be used along with cryptographically
> + * secure padding scheme. *
> + * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
> + * RTE_CRYPTO_RSA_PADDING_PSS
> + * if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain
> + * the message to be signed, if this flag is not set, input shall contain
> + * the digest of the message to be signed.
> *
> - * Pointer to output data
> - * - for RSA public encrypt.
> - * In this case the underlying array should have been allocated
> - * with enough memory to hold ciphertext output (i.e. must be
> - * at least RSA key size). The cipher.length field should
> - * be 0 and will be overwritten by the PMD with the encrypted length.
> + * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT:
> + *
> + * Input shall contain previously encrypted RSA message.
> + *
> + * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
> + *
> + * Input shall contain signature to be verified
> *
> - * All data is in Octet-string network byte order format.
> */
>
> - rte_crypto_param sign;
> + union {
> + rte_crypto_param output;
> + rte_crypto_param message;
> + };
> /**<
> - * Pointer to input data
> - * - to be verified for RSA public decrypt.
> + * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
> + *
> + * Output shall contain encrypted data, output.length shall
> + * be set to the length of encrypted data.
> + *
> + * When op_type ==
> RTE_CRYPTO_ASYM_OP_DECRYPT/RTE_CRYPTO_ASYM_OP_SIGN:
> + *
> + * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> + * output shall contain decrypted/signed data, but all leading zeros
> + * shall be preserved. Therefore output.length should be
> + * equal to the length of the modulus.
> *
> - * Pointer to output data
> - * - for RSA private encrypt.
> - * In this case the underlying array should have been allocated
> - * with enough memory to hold signature output (i.e. must be
> - * at least RSA key size). The sign.length field should
> - * be 0 and will be overwritten by the PMD with the signature length.
> + * For other types of padding, output should contain
> + * decrypted data, and output.length shall be set to the length
> + * of decrypted data.
> + *
> + * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
> + *
> + * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> + * output shall contain the public key decrypted signature.
> + * All leading zeroes shall be preserved.
> + *
> + * For other padding types, the message should be set with data for the
> + * signature to be compared with.
> *
> - * All data is in Octet-string network byte order format.
> */
>
> - enum rte_crypto_rsa_padding_type pad;
> - /**< RSA padding scheme to be used for transform */
> -
> - enum rte_crypto_auth_algorithm md;
> - /**< Hash algorithm to be used for data hash if padding
> - * scheme is either OAEP or PSS. Valid hash algorithms
> - * are:
> - * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
> - */
> + struct rte_crypto_rsa_padding padding;
> + /**< RSA padding information */
>
> - enum rte_crypto_auth_algorithm mgf1md;
> - /**<
> - * Hash algorithm to be used for mask generation if
> - * padding scheme is either OAEP or PSS. If padding
> - * scheme is unspecified data hash algorithm is used
> - * for mask generation. Valid hash algorithms are:
> - * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
> - */
> + uint64_t flags;
> + /**< RSA configuration flags */
> };
>
> /**
> --
> 2.13.6
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa
2022-03-22 8:11 ` [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa Arek Kusztal
@ 2022-03-22 9:13 ` Kusztal, ArkadiuszX
2022-03-22 10:23 ` Kusztal, ArkadiuszX
0 siblings, 1 reply; 5+ messages in thread
From: Kusztal, ArkadiuszX @ 2022-03-22 9:13 UTC (permalink / raw)
To: dev; +Cc: gakhil, Zhang, Roy Fan, anoobj
Hi,
> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: Tuesday, March 22, 2022 9:11 AM
> To: dev@dpdk.org
> Cc: gakhil@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> anoobj@marvell.com; Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Subject: [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa
>
> This commit adds example pkcs1 signature tests.
>
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
> app/test/test_cryptodev_asym.c | 249
> +++++++++++++++++++++++++++++--
> drivers/crypto/openssl/rte_openssl_pmd.c | 34 ++++-
> lib/cryptodev/rte_crypto_asym.h | 6 +-
> 3 files changed, 270 insertions(+), 19 deletions(-)
>
> diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
> index 71378cbdb2..512eb34377 100644
> --- a/app/test/test_cryptodev_asym.c
> +++ b/app/test/test_cryptodev_asym.c
> @@ -15,6 +15,7 @@
>
> #include <rte_cryptodev.h>
> #include <rte_crypto.h>
> +#include <openssl/rsa.h>
>
> #include "test_cryptodev.h"
> #include "test_cryptodev_dh_test_vectors.h"
> @@ -163,6 +164,222 @@ queue_ops_rsa_sign_verify(void *sess)
> return status;
> }
>
> +/* DPDK RFC RSA 22.07 */
> +
> +static uint8_t
> +rsa_sign_pkcs_15_pt[] = {
> + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
> + 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
> + 0x11, 0x12, 0x13, 0x14,
> +};
> +
> +static uint8_t
> +rsa_sign_pkcs_15_pt_sha256[] = {
> + 0xB1, 0xB2, 0xB3, 0xB4, 0xA1, 0xA2, 0xA3, 0xA4,
> + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
> + 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
> + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, };
> +
> +static uint8_t
> +rsa_sign_pkcs_15_padded[] = {
> + 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04,
> + 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
> + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
> +};
> +
> +static uint8_t
> +rsa_sign_pkcs_15_padded_digestinfo_sha1[] = {
> + 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x30, 0x21, 0x30,
> + 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
> + 0x05, 0x00, 0x04, 0x14, 0x01, 0x02, 0x03, 0x04,
> + 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
> + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
> +};
> +
> +static uint8_t
> +rsa_sign_pkcs_15_padded_digestinfo_sha256[] = {
> + 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x30, 0x31, 0x30,
> + 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
> + 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20,
> + 0xB1, 0xB2, 0xB3, 0xB4, 0xA1, 0xA2, 0xA3, 0xA4,
> + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
> + 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
> + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, };
> +
> +static void*
> +rfc2207_rsa_sign_pkcs_15_sesscreat(void)
> +{
> + struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
> + struct rte_mempool *sess_mpool = ts_params->session_mpool;
> + uint8_t dev_id = ts_params->valid_devs[0];
> + static void *sess = NULL;
> + int ret;
> +
> + if (sess)
> + return sess;
> + ret = rte_cryptodev_asym_session_create(dev_id, &rsa_xform,
> +sess_mpool, &sess);
> +
> + if (ret < 0) {
> + RTE_LOG(ERR, USER1, "Session creation failed for "
> + "sign_verify\n");
> + return NULL;
> + }
> + return sess;
> +}
> +
> +struct rfc2207_rsa_test_data
> +{
> + enum rte_crypto_rsa_padding_type type;
> + rte_crypto_param input;
> + enum rte_crypto_auth_algorithm hash;
> +};
> +
[Arek] - rfc2207_rsa_test_data_ssl23 and rfc2207_rsa_test_data_pkcs15_sha1 creates PKCS1_5 signature from same data, but signatures are different as
RTE_CRYPTO_RSA_PADDING_SSL23 (PKCS1_5 flag in other patch) which is what we currently have in Cryptodev does not use AlgorithmIdentifier.
> +struct rfc2207_rsa_test_data
> +rfc2207_rsa_test_data_ssl23 = {
> + .type = RTE_CRYPTO_RSA_PADDING_SSL23,
> + .input.data = rsa_sign_pkcs_15_pt,
> + .input.length = sizeof(rsa_sign_pkcs_15_pt), };
> +
> +struct rfc2207_rsa_test_data
> +rfc2207_rsa_test_data_ssl23_padded = {
> + .type = RTE_CRYPTO_RSA_PADDING_NONE,
> + .input.data = rsa_sign_pkcs_15_padded,
> + .input.length = sizeof(rsa_sign_pkcs_15_padded), };
> +
> +struct rfc2207_rsa_test_data
> +rfc2207_rsa_test_data_pkcs15_sha1 = {
> + .type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
> + .hash = RTE_CRYPTO_AUTH_SHA1,
> + .input.data = rsa_sign_pkcs_15_pt,
> + .input.length = sizeof(rsa_sign_pkcs_15_pt), };
> +
> +struct rfc2207_rsa_test_data
> +rfc2207_rsa_test_data_pkcs15_digestinfo_sha1 = {
> + .type = RTE_CRYPTO_RSA_PADDING_NONE,
> + .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha1,
> + .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha1),
> +};
> +
> +struct rfc2207_rsa_test_data
> +rfc2207_rsa_test_data_pkcs15_sha256 = {
> + .type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
> + .hash = RTE_CRYPTO_AUTH_SHA256,
> + .input.data = rsa_sign_pkcs_15_pt_sha256,
> + .input.length = sizeof(rsa_sign_pkcs_15_pt_sha256),
> +};
> +
> +struct rfc2207_rsa_test_data
> +rfc2207_rsa_test_data_pkcs15_digestinfo_sha256 = {
> + .type = RTE_CRYPTO_RSA_PADDING_NONE,
> + .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha256,
> + .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha256),
> +};
> +
> +struct rfc2207_rsa_test_data
> +rfc2207_rsa_test_data_pkcs15_oaep = {
> + .type = RTE_CRYPTO_RSA_PADDING_NONE,
> + .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha256,
> + .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha256),
> +};
> +
> +static int
> +rfc2207_rsa_sign_pkcs_15(const void *test_data) {
> + struct crypto_testsuite_params_asym *ts_params;
> + uint8_t dev_id;
> + struct rte_crypto_op *op, *result_op;
> + struct rte_crypto_asym_op *asym_op;
> + struct rte_mempool *op_mpool;
> + void *sess;
> + uint8_t result[TEST_DATA_SIZE];
> + const struct rfc2207_rsa_test_data *tdata = test_data;
> +
> + ts_params = &testsuite_params;
> + dev_id = ts_params->valid_devs[0];
> + op_mpool = ts_params->op_mpool;
> + op = rte_crypto_op_alloc(op_mpool,
> RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> + if (op == NULL) {
> + RTE_LOG(ERR, USER1, "Failed to allocate asymmetric crypto "
> + "operation struct\n");
> + return TEST_FAILED;
> + }
> +
> + sess = rfc2207_rsa_sign_pkcs_15_sesscreat();
> + if (sess == NULL) {
> + RTE_LOG(ERR, USER1, "Failed to allocate asymmetric crypto "
> + "operation struct\n");
> + return TEST_FAILED;
> + }
> +
> + asym_op = op->asym;
> + asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
> + asym_op->rsa.padding.type = tdata->type;
> + asym_op->rsa.padding.hash = tdata->hash;
> + asym_op->rsa.input = tdata->input;
> + asym_op->rsa.output.data = result;
> +
> + rte_crypto_op_attach_asym_session(op, sess);
> +
> + /* Process crypto operation */
> + if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
> + RTE_LOG(ERR, USER1, "Error sending packet for encryption\n");
> + return -1;
> + }
> +
> + while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
> + rte_pause();
> +
> + if (result_op == NULL) {
> + RTE_LOG(ERR, USER1, "Failed to process encryption op\n");
> + return -1;
> + }
> +
> + printf("\nOutput len = %lu", asym_op->rsa.output.length);
> + rte_hexdump(stdout, "Signature", asym_op->rsa.output.data,
> +asym_op->rsa.output.length);
> +
> + return 0;
> +}
> +
> +/* !---! DPDK RFC RSA 22.07 */
> +
> static int
> queue_ops_rsa_enc_dec(void *sess)
> {
> @@ -2147,20 +2364,32 @@ static struct unit_test_suite
> cryptodev_openssl_asym_testsuite = {
> .setup = testsuite_setup,
> .teardown = testsuite_teardown,
> .unit_test_cases = {
> - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> test_capability),
> - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dsa),
> - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> test_capability),
> + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> test_dsa),
> + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> test_dh_keygenration),
> - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> test_rsa_enc_dec),
> - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> test_rsa_enc_dec),
> + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> test_rsa_sign_verify),
> - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> test_rsa_enc_dec_crt),
> - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> test_rsa_sign_verify_crt),
> - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> test_mod_inv),
> - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> test_mod_exp),
> - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> test_one_by_one),
> + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> test_mod_inv),
> + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> test_mod_exp),
> + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> test_one_by_one),
> +
> TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_ssl23",
> ut_setup_asym, ut_teardown_asym,
> + rfc2207_rsa_sign_pkcs_15,
> &rfc2207_rsa_test_data_ssl23),
> +
> TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_ssl23_pa
> dded", ut_setup_asym, ut_teardown_asym,
> + rfc2207_rsa_sign_pkcs_15,
> &rfc2207_rsa_test_data_ssl23_padded),
> +
> TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_sha1",
> ut_setup_asym, ut_teardown_asym,
> + rfc2207_rsa_sign_pkcs_15,
> &rfc2207_rsa_test_data_pkcs15_sha1),
> +
> TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_digestinf
> o_sha1", ut_setup_asym, ut_teardown_asym,
> + rfc2207_rsa_sign_pkcs_15,
> &rfc2207_rsa_test_data_pkcs15_digestinfo_sha1),
> +
> TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_sha256",
> ut_setup_asym, ut_teardown_asym,
> + rfc2207_rsa_sign_pkcs_15,
> &rfc2207_rsa_test_data_pkcs15_sha256),
> +
> TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_digestinf
> o_sha256", ut_setup_asym, ut_teardown_asym,
> + rfc2207_rsa_sign_pkcs_15,
> +&rfc2207_rsa_test_data_pkcs15_digestinfo_sha256),
> TEST_CASES_END() /**< NULL terminate unit test array */
> }
> };
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index 45cee47c5d..32da143ea0 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -1899,11 +1899,24 @@ process_openssl_rsa_op(struct rte_crypto_op
> *cop,
> RSA *rsa = sess->u.r.rsa;
> uint32_t pad = (op->rsa.padding.type);
> uint8_t *tmp;
> + int sha;
> +
> + switch (op->rsa.padding.hash) {
> + case RTE_CRYPTO_AUTH_SHA1:
> + sha = NID_sha1;
> + break;
> + case RTE_CRYPTO_AUTH_SHA256:
> + sha = NID_sha256;
> + break;
> + default:
> + sha = NID_sha1;
> + }
>
> cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
>
> switch (pad) {
> case RTE_CRYPTO_RSA_PADDING_PKCS1_5:
> + case RTE_CRYPTO_RSA_PADDING_SSL23:
> pad = RSA_PKCS1_PADDING;
> break;
> case RTE_CRYPTO_RSA_PADDING_NONE:
> @@ -1941,13 +1954,20 @@ process_openssl_rsa_op(struct rte_crypto_op
> *cop,
> break;
>
> case RTE_CRYPTO_ASYM_OP_SIGN:
> - ret = RSA_private_encrypt(op->rsa.input.length,
> - op->rsa.input.data,
> - op->rsa.output.data,
> - rsa,
> - pad);
> - if (ret > 0)
> - op->rsa.output.length = ret;
> + if (op->rsa.padding.type !=
> RTE_CRYPTO_RSA_PADDING_PKCS1_5) {
> + ret = RSA_private_encrypt(op->rsa.input.length,
> + op->rsa.input.data,
> + op->rsa.output.data,
> + rsa,
> + pad);
> + if (ret > 0)
> + op->rsa.output.length = ret;
> + } else {
> + ret = RSA_sign(sha, op->rsa.input.data, op-
> >rsa.input.length,
> + op->rsa.output.data, (unsigned
> int *)&op->rsa.output.length, rsa);
> + if (ret == 0)
> + ret = -1;
> + }
> break;
>
> case RTE_CRYPTO_ASYM_OP_VERIFY:
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 834e06b96b..b3906b08e3 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -149,6 +149,7 @@ enum rte_crypto_mgf {
> /**
> * Padding types for RSA signature.
> */
> + #define TEMP
> enum rte_crypto_rsa_padding_type {
> RTE_CRYPTO_RSA_PADDING_NONE = 0,
> /**< RSA no padding scheme */
> @@ -160,6 +161,7 @@ enum rte_crypto_rsa_padding_type {
> /**< RSA PKCS#1 OAEP padding scheme */
> RTE_CRYPTO_RSA_PADDING_PSS,
> /**< RSA PKCS#1 PSS padding scheme */
> + TEMP RTE_CRYPTO_RSA_PADDING_SSL23,
> RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
> };
>
> @@ -426,7 +428,7 @@ struct rte_crypto_rsa_op_param {
> *
> * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> * input should only be used along with cryptographically
> - * secure padding scheme. *
> + * secure padding scheme.
> * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
> * RTE_CRYPTO_RSA_PADDING_PSS
> * if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain @@ -
> 434,7 +436,7 @@ struct rte_crypto_rsa_op_param {
> * the digest of the message to be signed.
> *
> * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT:
> - *
> + *
> * Input shall contain previously encrypted RSA message.
> *
> * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
> --
> 2.13.6
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa
2022-03-22 9:13 ` Kusztal, ArkadiuszX
@ 2022-03-22 10:23 ` Kusztal, ArkadiuszX
0 siblings, 0 replies; 5+ messages in thread
From: Kusztal, ArkadiuszX @ 2022-03-22 10:23 UTC (permalink / raw)
To: dev; +Cc: gakhil, Zhang, Roy Fan, anoobj
More explanation below.
> -----Original Message-----
> From: Kusztal, ArkadiuszX
> Sent: Tuesday, March 22, 2022 10:14 AM
> To: dev@dpdk.org
> Cc: gakhil@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> anoobj@marvell.com
> Subject: RE: [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa
>
> Hi,
>
> > -----Original Message-----
> > From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> > Sent: Tuesday, March 22, 2022 9:11 AM
> > To: dev@dpdk.org
> > Cc: gakhil@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> > anoobj@marvell.com; Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> > Subject: [RFC PATCH 2/2] test: add proper pkcs1 signature tests for
> > rsa
> >
> > This commit adds example pkcs1 signature tests.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> > app/test/test_cryptodev_asym.c | 249
> > +++++++++++++++++++++++++++++--
> > drivers/crypto/openssl/rte_openssl_pmd.c | 34 ++++-
> > lib/cryptodev/rte_crypto_asym.h | 6 +-
> > 3 files changed, 270 insertions(+), 19 deletions(-)
> >
> > diff --git a/app/test/test_cryptodev_asym.c
> > b/app/test/test_cryptodev_asym.c index 71378cbdb2..512eb34377 100644
> > --- a/app/test/test_cryptodev_asym.c
> > +++ b/app/test/test_cryptodev_asym.c
> > @@ -15,6 +15,7 @@
> >
> > #include <rte_cryptodev.h>
> > #include <rte_crypto.h>
> > +#include <openssl/rsa.h>
> >
> > #include "test_cryptodev.h"
> > #include "test_cryptodev_dh_test_vectors.h"
> > @@ -163,6 +164,222 @@ queue_ops_rsa_sign_verify(void *sess)
> > return status;
> > }
> >
> > +/* DPDK RFC RSA 22.07 */
> > +
> > +static uint8_t
> > +rsa_sign_pkcs_15_pt[] = {
> > + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
> > + 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
> > + 0x11, 0x12, 0x13, 0x14,
> > +};
> > +
> > +static uint8_t
> > +rsa_sign_pkcs_15_pt_sha256[] = {
> > + 0xB1, 0xB2, 0xB3, 0xB4, 0xA1, 0xA2, 0xA3, 0xA4,
> > + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
> > + 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
> > + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, };
> > +
> > +static uint8_t
> > +rsa_sign_pkcs_15_padded[] = {
> > + 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04,
> > + 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
> > + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
> > +};
> > +
> > +static uint8_t
> > +rsa_sign_pkcs_15_padded_digestinfo_sha1[] = {
> > + 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x30, 0x21, 0x30,
> > + 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
> > + 0x05, 0x00, 0x04, 0x14, 0x01, 0x02, 0x03, 0x04,
> > + 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
> > + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
> > +};
> > +
> > +static uint8_t
> > +rsa_sign_pkcs_15_padded_digestinfo_sha256[] = {
> > + 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x30, 0x31, 0x30,
> > + 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
> > + 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20,
> > + 0xB1, 0xB2, 0xB3, 0xB4, 0xA1, 0xA2, 0xA3, 0xA4,
> > + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
> > + 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
> > + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, };
> > +
> > +static void*
> > +rfc2207_rsa_sign_pkcs_15_sesscreat(void)
> > +{
> > + struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
> > + struct rte_mempool *sess_mpool = ts_params->session_mpool;
> > + uint8_t dev_id = ts_params->valid_devs[0];
> > + static void *sess = NULL;
> > + int ret;
> > +
> > + if (sess)
> > + return sess;
> > + ret = rte_cryptodev_asym_session_create(dev_id, &rsa_xform,
> > +sess_mpool, &sess);
> > +
> > + if (ret < 0) {
> > + RTE_LOG(ERR, USER1, "Session creation failed for "
> > + "sign_verify\n");
> > + return NULL;
> > + }
> > + return sess;
> > +}
> > +
> > +struct rfc2207_rsa_test_data
> > +{
> > + enum rte_crypto_rsa_padding_type type;
> > + rte_crypto_param input;
> > + enum rte_crypto_auth_algorithm hash; };
> > +
> [Arek] - rfc2207_rsa_test_data_ssl23 and rfc2207_rsa_test_data_pkcs15_sha1
> creates PKCS1_5 signature from same data, but signatures are different as
> RTE_CRYPTO_RSA_PADDING_SSL23 (PKCS1_5 flag in other patch) which is what
> we currently have in Cryptodev does not use AlgorithmIdentifier.
[Arek] - this patch is not meant to be applied, but only to show what kind of problem we are dealing with right now in terms of RSA padding.
And why OpenSSL RSA_private_encrypt is not doing proper signature, but still this option may be in Cryptodev (pre TLS1.1) as a different padding or RSA flag.
>
> > +struct rfc2207_rsa_test_data
> > +rfc2207_rsa_test_data_ssl23 = {
> > + .type = RTE_CRYPTO_RSA_PADDING_SSL23,
> > + .input.data = rsa_sign_pkcs_15_pt,
> > + .input.length = sizeof(rsa_sign_pkcs_15_pt), };
> > +
> > +struct rfc2207_rsa_test_data
> > +rfc2207_rsa_test_data_ssl23_padded = {
> > + .type = RTE_CRYPTO_RSA_PADDING_NONE,
> > + .input.data = rsa_sign_pkcs_15_padded,
> > + .input.length = sizeof(rsa_sign_pkcs_15_padded), };
> > +
> > +struct rfc2207_rsa_test_data
> > +rfc2207_rsa_test_data_pkcs15_sha1 = {
> > + .type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
> > + .hash = RTE_CRYPTO_AUTH_SHA1,
> > + .input.data = rsa_sign_pkcs_15_pt,
> > + .input.length = sizeof(rsa_sign_pkcs_15_pt), };
> > +
> > +struct rfc2207_rsa_test_data
> > +rfc2207_rsa_test_data_pkcs15_digestinfo_sha1 = {
> > + .type = RTE_CRYPTO_RSA_PADDING_NONE,
> > + .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha1,
> > + .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha1),
> > +};
> > +
> > +struct rfc2207_rsa_test_data
> > +rfc2207_rsa_test_data_pkcs15_sha256 = {
> > + .type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
> > + .hash = RTE_CRYPTO_AUTH_SHA256,
> > + .input.data = rsa_sign_pkcs_15_pt_sha256,
> > + .input.length = sizeof(rsa_sign_pkcs_15_pt_sha256),
> > +};
> > +
> > +struct rfc2207_rsa_test_data
> > +rfc2207_rsa_test_data_pkcs15_digestinfo_sha256 = {
> > + .type = RTE_CRYPTO_RSA_PADDING_NONE,
> > + .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha256,
> > + .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha256),
> > +};
> > +
> > +struct rfc2207_rsa_test_data
> > +rfc2207_rsa_test_data_pkcs15_oaep = {
> > + .type = RTE_CRYPTO_RSA_PADDING_NONE,
> > + .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha256,
> > + .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha256),
> > +};
> > +
> > +static int
> > +rfc2207_rsa_sign_pkcs_15(const void *test_data) {
> > + struct crypto_testsuite_params_asym *ts_params;
> > + uint8_t dev_id;
> > + struct rte_crypto_op *op, *result_op;
> > + struct rte_crypto_asym_op *asym_op;
> > + struct rte_mempool *op_mpool;
> > + void *sess;
> > + uint8_t result[TEST_DATA_SIZE];
> > + const struct rfc2207_rsa_test_data *tdata = test_data;
> > +
> > + ts_params = &testsuite_params;
> > + dev_id = ts_params->valid_devs[0];
> > + op_mpool = ts_params->op_mpool;
> > + op = rte_crypto_op_alloc(op_mpool,
> > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > + if (op == NULL) {
> > + RTE_LOG(ERR, USER1, "Failed to allocate asymmetric crypto "
> > + "operation struct\n");
> > + return TEST_FAILED;
> > + }
> > +
> > + sess = rfc2207_rsa_sign_pkcs_15_sesscreat();
> > + if (sess == NULL) {
> > + RTE_LOG(ERR, USER1, "Failed to allocate asymmetric crypto "
> > + "operation struct\n");
> > + return TEST_FAILED;
> > + }
> > +
> > + asym_op = op->asym;
> > + asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
> > + asym_op->rsa.padding.type = tdata->type;
> > + asym_op->rsa.padding.hash = tdata->hash;
> > + asym_op->rsa.input = tdata->input;
> > + asym_op->rsa.output.data = result;
> > +
> > + rte_crypto_op_attach_asym_session(op, sess);
> > +
> > + /* Process crypto operation */
> > + if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
> > + RTE_LOG(ERR, USER1, "Error sending packet for encryption\n");
> > + return -1;
> > + }
> > +
> > + while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
> > + rte_pause();
> > +
> > + if (result_op == NULL) {
> > + RTE_LOG(ERR, USER1, "Failed to process encryption op\n");
> > + return -1;
> > + }
> > +
> > + printf("\nOutput len = %lu", asym_op->rsa.output.length);
> > + rte_hexdump(stdout, "Signature", asym_op->rsa.output.data,
> > +asym_op->rsa.output.length);
> > +
> > + return 0;
> > +}
> > +
> > +/* !---! DPDK RFC RSA 22.07 */
> > +
> > static int
> > queue_ops_rsa_enc_dec(void *sess)
> > {
> > @@ -2147,20 +2364,32 @@ static struct unit_test_suite
> > cryptodev_openssl_asym_testsuite = {
> > .setup = testsuite_setup,
> > .teardown = testsuite_teardown,
> > .unit_test_cases = {
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > test_capability),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dsa),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_capability),
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_dsa),
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_dh_keygenration),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > test_rsa_enc_dec),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_rsa_enc_dec),
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_rsa_sign_verify),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_rsa_enc_dec_crt),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_rsa_sign_verify_crt),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > test_mod_inv),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > test_mod_exp),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > test_one_by_one),
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_mod_inv),
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_mod_exp),
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_one_by_one),
> > +
> > TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_ssl23",
> > ut_setup_asym, ut_teardown_asym,
> > + rfc2207_rsa_sign_pkcs_15,
> > &rfc2207_rsa_test_data_ssl23),
> > +
> > TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_ssl23_pa
> > dded", ut_setup_asym, ut_teardown_asym,
> > + rfc2207_rsa_sign_pkcs_15,
> > &rfc2207_rsa_test_data_ssl23_padded),
> > +
> > TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_sha1",
> > ut_setup_asym, ut_teardown_asym,
> > + rfc2207_rsa_sign_pkcs_15,
> > &rfc2207_rsa_test_data_pkcs15_sha1),
> > +
> > TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_digestinf
> > o_sha1", ut_setup_asym, ut_teardown_asym,
> > + rfc2207_rsa_sign_pkcs_15,
> > &rfc2207_rsa_test_data_pkcs15_digestinfo_sha1),
> > +
> > TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_sha256",
> > ut_setup_asym, ut_teardown_asym,
> > + rfc2207_rsa_sign_pkcs_15,
> > &rfc2207_rsa_test_data_pkcs15_sha256),
> > +
> > TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_digestinf
> > o_sha256", ut_setup_asym, ut_teardown_asym,
> > + rfc2207_rsa_sign_pkcs_15,
> > +&rfc2207_rsa_test_data_pkcs15_digestinfo_sha256),
> > TEST_CASES_END() /**< NULL terminate unit test array */
> > }
> > };
> > diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> > b/drivers/crypto/openssl/rte_openssl_pmd.c
> > index 45cee47c5d..32da143ea0 100644
> > --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> > +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> > @@ -1899,11 +1899,24 @@ process_openssl_rsa_op(struct rte_crypto_op
> > *cop,
> > RSA *rsa = sess->u.r.rsa;
> > uint32_t pad = (op->rsa.padding.type);
> > uint8_t *tmp;
> > + int sha;
> > +
> > + switch (op->rsa.padding.hash) {
> > + case RTE_CRYPTO_AUTH_SHA1:
> > + sha = NID_sha1;
> > + break;
> > + case RTE_CRYPTO_AUTH_SHA256:
> > + sha = NID_sha256;
> > + break;
> > + default:
> > + sha = NID_sha1;
> > + }
> >
> > cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
> >
> > switch (pad) {
> > case RTE_CRYPTO_RSA_PADDING_PKCS1_5:
> > + case RTE_CRYPTO_RSA_PADDING_SSL23:
> > pad = RSA_PKCS1_PADDING;
> > break;
> > case RTE_CRYPTO_RSA_PADDING_NONE:
> > @@ -1941,13 +1954,20 @@ process_openssl_rsa_op(struct rte_crypto_op
> > *cop,
> > break;
> >
> > case RTE_CRYPTO_ASYM_OP_SIGN:
> > - ret = RSA_private_encrypt(op->rsa.input.length,
> > - op->rsa.input.data,
> > - op->rsa.output.data,
> > - rsa,
> > - pad);
> > - if (ret > 0)
> > - op->rsa.output.length = ret;
> > + if (op->rsa.padding.type !=
> > RTE_CRYPTO_RSA_PADDING_PKCS1_5) {
> > + ret = RSA_private_encrypt(op->rsa.input.length,
> > + op->rsa.input.data,
> > + op->rsa.output.data,
> > + rsa,
> > + pad);
> > + if (ret > 0)
> > + op->rsa.output.length = ret;
> > + } else {
> > + ret = RSA_sign(sha, op->rsa.input.data, op-
> > >rsa.input.length,
> > + op->rsa.output.data, (unsigned
> > int *)&op->rsa.output.length, rsa);
> > + if (ret == 0)
> > + ret = -1;
> > + }
> > break;
> >
> > case RTE_CRYPTO_ASYM_OP_VERIFY:
> > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > b/lib/cryptodev/rte_crypto_asym.h index 834e06b96b..b3906b08e3 100644
> > --- a/lib/cryptodev/rte_crypto_asym.h
> > +++ b/lib/cryptodev/rte_crypto_asym.h
> > @@ -149,6 +149,7 @@ enum rte_crypto_mgf {
> > /**
> > * Padding types for RSA signature.
> > */
> > + #define TEMP
> > enum rte_crypto_rsa_padding_type {
> > RTE_CRYPTO_RSA_PADDING_NONE = 0,
> > /**< RSA no padding scheme */
> > @@ -160,6 +161,7 @@ enum rte_crypto_rsa_padding_type {
> > /**< RSA PKCS#1 OAEP padding scheme */
> > RTE_CRYPTO_RSA_PADDING_PSS,
> > /**< RSA PKCS#1 PSS padding scheme */
> > + TEMP RTE_CRYPTO_RSA_PADDING_SSL23,
> > RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
> > };
> >
> > @@ -426,7 +428,7 @@ struct rte_crypto_rsa_op_param {
> > *
> > * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> > * input should only be used along with cryptographically
> > - * secure padding scheme. *
> > + * secure padding scheme.
> > * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
> > * RTE_CRYPTO_RSA_PADDING_PSS
> > * if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain @@
> > -
> > 434,7 +436,7 @@ struct rte_crypto_rsa_op_param {
> > * the digest of the message to be signed.
> > *
> > * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT:
> > - *
> > + *
> > * Input shall contain previously encrypted RSA message.
> > *
> > * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
> > --
> > 2.13.6
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-03-22 10:23 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-22 8:11 [RFC PATCH 1/2] cryptodev: rsa improvements Arek Kusztal
2022-03-22 8:11 ` [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa Arek Kusztal
2022-03-22 9:13 ` Kusztal, ArkadiuszX
2022-03-22 10:23 ` Kusztal, ArkadiuszX
2022-03-22 8:53 ` [RFC PATCH 1/2] cryptodev: rsa improvements Kusztal, ArkadiuszX
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.