DPDK-dev Archive on lore.kernel.org
 help / color / Atom feed
From: "Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com>
To: Shally Verma <shallyv@marvell.com>, "dev@dpdk.org" <dev@dpdk.org>
Cc: "akhil.goyal@nxp.com" <akhil.goyal@nxp.com>,
	"Trahe, Fiona" <fiona.trahe@intel.com>
Subject: Re: [dpdk-dev] [EXT] [PATCH v3 05/11] cryptodev: add information about message format when signing with RSA
Date: Wed, 17 Jul 2019 10:26:28 +0000
Message-ID: <06EE24DD0B19E248B53F6DC8657831551B280911@hasmsx109.ger.corp.intel.com> (raw)
In-Reply-To: <BN6PR1801MB2052F326034096B13A60327FADC90@BN6PR1801MB2052.namprd18.prod.outlook.com>



> -----Original Message-----
> From: Shally Verma [mailto:shallyv@marvell.com]
> Sent: Wednesday, July 17, 2019 12:08 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: RE: [EXT] [PATCH v3 05/11] cryptodev: add information about
> message format when signing with RSA
> 
> 
> 
> > -----Original Message-----
> > From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > Sent: Wednesday, July 17, 2019 12:23 AM
> > To: dev@dpdk.org
> > Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> > <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > Subject: [EXT] [PATCH v3 05/11] cryptodev: add information about
> > message format when signing with RSA
> >
> > External Email
> >
> > ----------------------------------------------------------------------
> > This patch adds information about format of the message should have
> > before sending it to the signing operation when using RSA algorithm.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> >  lib/librte_cryptodev/rte_crypto_asym.h | 9 +++++++++
> >  1 file changed, 9 insertions(+)
> >
> > diff --git a/lib/librte_cryptodev/rte_crypto_asym.h
> > b/lib/librte_cryptodev/rte_crypto_asym.h
> > index 16c86c9..ad484de 100644
> > --- a/lib/librte_cryptodev/rte_crypto_asym.h
> > +++ b/lib/librte_cryptodev/rte_crypto_asym.h
> > @@ -408,6 +408,15 @@ struct rte_crypto_rsa_op_param {
> >  	 * When RTE_CRYPTO_ASYM_OP_DECRYPT op_type used length in
> bytes
> >  	 * of this field needs to be greater or equal to the length of
> >  	 * corresponding RSA key in bytes.
> > +	 *
> > +	 * When RTE_CRYPTO_ASYM_OP_SIGN op_type used and following
> > padding
> > +	 * type:
> > +	 * - padding PKCS1_5:
> > +	 * data provided should contain `algorithmIdentifier` in DER encoded
> > +	 * format concatenated with message digest (as per spec rfc8017 9.2)
> [Shally] I have reservations here and I think I asked this before too. For
> PKCSV1.5, Currently there it only support output format as defined RSASP1
> section 5.2.1 . Means PMD does not apply EMSA-PKCS1-v1_5-ENCODE (M,
> emLen) defined in rfc8017 Sec 9.2 which includes applying hash on input
> message and other things. So, Are we extending spec here ?

1) It is to the contrary what we have in only test case we got for RSA signature, as we set padding:
	asym_op->rsa.sign.data = output_buf;
	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
But current openssl pmd implementation does not create digest nor adds DER. So user needs to pass it.

It can be only RSASP1 but only with PADDING_NONE selected, and in this case full padding would have to be provided.


2) We cannot extend as we do not specify really in here, there is no information what data format user should provide.


> 
> > +	 * - padding PSS
> > +	 * data provided should contain message digest of the message
> > +	 * to be signed
> >  	 */
> >
> >
> > --
> > 2.1.0


  reply index

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-16 18:52 [dpdk-dev] [PATCH v3 00/11] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
2019-07-16 18:52 ` [dpdk-dev] [PATCH v3 01/11] cryptodev: change RSA API comments about primes Arek Kusztal
2019-07-17  7:32   ` [dpdk-dev] [EXT] " Shally Verma
2019-07-17  8:39     ` Kusztal, ArkadiuszX
2019-07-16 18:52 ` [dpdk-dev] [PATCH v3 02/11] cryptodev: add cipher field to RSA op Arek Kusztal
2019-07-17  7:39   ` [dpdk-dev] [EXT] " Shally Verma
2019-07-17 16:01     ` Kusztal, ArkadiuszX
2019-07-16 18:52 ` [dpdk-dev] [PATCH v3 03/11] crypto/openssl: add cipher field to openssl RSA implementation Arek Kusztal
2019-07-17  7:50   ` [dpdk-dev] [EXT] " Shally Verma
2019-07-16 18:52 ` [dpdk-dev] [PATCH v3 04/11] test: add cipher field to RSA test Arek Kusztal
2019-07-17  7:41   ` [dpdk-dev] [EXT] " Shally Verma
2019-07-17  8:27     ` Kusztal, ArkadiuszX
2019-07-17  9:42     ` Kusztal, ArkadiuszX
2019-07-17 12:54       ` Shally Verma
2019-07-18 12:44         ` Trahe, Fiona
2019-07-19  4:10           ` Shally Verma
2019-07-16 18:52 ` [dpdk-dev] [PATCH v3 05/11] cryptodev: add information about message format when signing with RSA Arek Kusztal
2019-07-17 10:07   ` [dpdk-dev] [EXT] " Shally Verma
2019-07-17 10:26     ` Kusztal, ArkadiuszX [this message]
2019-07-16 18:52 ` [dpdk-dev] [PATCH v3 06/11] cryptodev: remove RSA PKCS1 BT0 padding Arek Kusztal
2019-07-17 10:09   ` [dpdk-dev] [EXT] " Shally Verma
2019-07-16 18:53 ` [dpdk-dev] [PATCH v3 07/11] openssl: remove RSA PKCS1_5 " Arek Kusztal
2019-07-17 10:18   ` [dpdk-dev] [EXT] " Shally Verma
2019-07-16 18:53 ` [dpdk-dev] [PATCH v3 08/11] test: remove RSA PKCS1_5 BT0 padding from test cases Arek Kusztal
2019-07-17 10:10   ` [dpdk-dev] [EXT] " Shally Verma
2019-07-16 18:53 ` [dpdk-dev] [PATCH v3 09/11] cryptodev: add RSA padding none description Arek Kusztal
2019-07-17 10:17   ` [dpdk-dev] [EXT] " Shally Verma
2019-07-17 10:40     ` Kusztal, ArkadiuszX
2019-07-16 18:53 ` [dpdk-dev] [PATCH v3 10/11] test: add pkcs1_5 padding simulation Arek Kusztal
2019-07-17 10:22   ` [dpdk-dev] [EXT] " Shally Verma
2019-07-17 10:28     ` Kusztal, ArkadiuszX
2019-07-16 18:53 ` [dpdk-dev] [PATCH v3 11/11] test: add RSA PKCS1_5 padding case when no padding selected Arek Kusztal

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=06EE24DD0B19E248B53F6DC8657831551B280911@hasmsx109.ger.corp.intel.com \
    --to=arkadiuszx.kusztal@intel.com \
    --cc=akhil.goyal@nxp.com \
    --cc=dev@dpdk.org \
    --cc=fiona.trahe@intel.com \
    --cc=shallyv@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK-dev Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/dpdk-dev/0 dpdk-dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dpdk-dev dpdk-dev/ https://lore.kernel.org/dpdk-dev \
		dev@dpdk.org dpdk-dev@archiver.kernel.org
	public-inbox-index dpdk-dev


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/ public-inbox