crypto/virtio: fix DER encoding of RSA public key
Checks
Commit Message
As per RFC 8017, RSA public key in ASN.1 should have only
modulus and exponent values. Add a separate encoding function
to follow this standard.
Fixes: 6fe6a7f7bcf ("crypto/virtio: add asymmetric RSA support")
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
drivers/crypto/virtio/virtio_cryptodev.c | 31 +++++++++++++++++++++++-
1 file changed, 30 insertions(+), 1 deletion(-)
Comments
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Saturday, May 10, 2025 4:11 PM
> To: dev@dpdk.org; Jay Zhou <jianjay.zhou@huawei.com>
> Cc: Anoob Joseph <anoobj@marvell.com>; Akhil Goyal <gakhil@marvell.com>;
> Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [PATCH] crypto/virtio: fix DER encoding of RSA public key
>
> As per RFC 8017, RSA public key in ASN.1 should have only
> modulus and exponent values. Add a separate encoding function
> to follow this standard.
>
> Fixes: 6fe6a7f7bcf ("crypto/virtio: add asymmetric RSA support")
Updated the Fixes tag
Fixes: 10702138f1a1 ("crypto/virtio: support asymmetric RSA")
Cc: stable@dpdk.org
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Applied to dpdk-next-crypto
Thanks.
@@ -1524,6 +1524,29 @@ virtio_crypto_asym_rsa_xform_to_der(
return len;
}
+static int
+virtio_crypto_asym_rsa_xform_to_public_der(
+ struct rte_crypto_asym_xform *xform,
+ uint8_t *der)
+{
+ uint8_t data[VIRTIO_CRYPTO_MAX_CTRL_DATA];
+ size_t tlen = 0, len;
+ uint8_t *tlv;
+
+ if (xform->xform_type != RTE_CRYPTO_ASYM_XFORM_RSA)
+ return -EINVAL;
+
+ tlv = data;
+ len = tlv_encode(tlv, 0x02, xform->rsa.n.data, xform->rsa.n.length);
+ tlen += len;
+ len = tlv_encode(tlv + tlen, 0x02, xform->rsa.e.data, xform->rsa.e.length);
+ tlen += len;
+
+ RTE_ASSERT(tlen < VIRTIO_CRYPTO_MAX_CTRL_DATA);
+ len = tlv_encode(der, 0x30, data, tlen);
+ return len;
+}
+
static int
virtio_crypto_asym_rsa_configure_session(
struct rte_crypto_rsa_xform *rsa,
@@ -1607,7 +1630,13 @@ virtio_crypto_asym_configure_session(
return ret;
}
- ret = virtio_crypto_asym_rsa_xform_to_der(xform, ctrl->data);
+ if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) {
+ ret = virtio_crypto_asym_rsa_xform_to_public_der(
+ xform, ctrl->data);
+ } else {
+ ret = virtio_crypto_asym_rsa_xform_to_der(xform,
+ ctrl->data);
+ }
if (ret <= 0) {
VIRTIO_CRYPTO_SESSION_LOG_ERR("Invalid RSA primitives");
return ret;