[v2,10/14] cryptodev: clarify usage of rsa padding hash
Checks
Commit Message
- Clarified usage of RSA padding hash.
It was not specified how to use hash for PKCS1_5
padding. This could lead to incorrect implementation.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
lib/cryptodev/rte_crypto_asym.h | 25 +++++++++++++++++++++----
1 file changed, 21 insertions(+), 4 deletions(-)
Comments
> - Clarified usage of RSA padding hash.
> It was not specified how to use hash for PKCS1_5
> padding. This could lead to incorrect implementation.
>
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
> lib/cryptodev/rte_crypto_asym.h | 25 +++++++++++++++++++++----
> 1 file changed, 21 insertions(+), 4 deletions(-)
>
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 1a57c0c532..1758aaa875 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -371,10 +371,27 @@ struct rte_crypto_rsa_op_param {
> /**< RSA padding scheme to be used for transform */
>
> enum rte_crypto_auth_algorithm md;
> - /**< Hash algorithm to be used for data hash if padding
> - * scheme is either OAEP or PSS. Valid hash algorithms
> - * are:
> - * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
> + /**<
> + * RSA padding hash function
Function->algorithm
> + *
> + * When a specific padding type is selected, the following rule apply:
> + * - RTE_CRYPTO_RSA_PADDING_NONE:
> + * This field is ignored by the PMD
> + *
> + * - RTE_CRYPTO_RSA_PADDING_PKCS1_5:
> + * When signing operation this field is used to determine value
For sign operation, this field is used...
> + * of the DigestInfo structure, therefore specifying which algorithm
> + * was used to create the message digest.
> + * When doing encryption/decryption this field is ignored for this
> + * padding type.
For encryption/decryption, this field is ignored.
> + *
> + * - RTE_CRYPTO_RSA_PADDING_OAEP
> + * This field shall be set with the hash algorithm used
> + * in the padding scheme
> + *
> + * - RTE_CRYPTO_RSA_PADDING_PSS
> + * This field shall be set with the hash algorithm used
> + * in the padding scheme (and to create the input message digest)
> */
>
> enum rte_crypto_auth_algorithm mgf1md;
> --
> 2.13.6
@@ -371,10 +371,27 @@ struct rte_crypto_rsa_op_param {
/**< RSA padding scheme to be used for transform */
enum rte_crypto_auth_algorithm md;
- /**< Hash algorithm to be used for data hash if padding
- * scheme is either OAEP or PSS. Valid hash algorithms
- * are:
- * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ /**<
+ * RSA padding hash function
+ *
+ * When a specific padding type is selected, the following rule apply:
+ * - RTE_CRYPTO_RSA_PADDING_NONE:
+ * This field is ignored by the PMD
+ *
+ * - RTE_CRYPTO_RSA_PADDING_PKCS1_5:
+ * When signing operation this field is used to determine value
+ * of the DigestInfo structure, therefore specifying which algorithm
+ * was used to create the message digest.
+ * When doing encryption/decryption this field is ignored for this
+ * padding type.
+ *
+ * - RTE_CRYPTO_RSA_PADDING_OAEP
+ * This field shall be set with the hash algorithm used
+ * in the padding scheme
+ *
+ * - RTE_CRYPTO_RSA_PADDING_PSS
+ * This field shall be set with the hash algorithm used
+ * in the padding scheme (and to create the input message digest)
*/
enum rte_crypto_auth_algorithm mgf1md;