From patchwork Wed Jul 17 12:51:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 56624 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id EAFDE1BC20; Wed, 17 Jul 2019 14:54:33 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id 687611B9A0 for ; Wed, 17 Jul 2019 14:54:31 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jul 2019 05:54:31 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,274,1559545200"; d="scan'208";a="187552975" Received: from akusztax-mobl.ger.corp.intel.com ([10.104.12.189]) by fmsmga001.fm.intel.com with ESMTP; 17 Jul 2019 05:54:28 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com, shallyv@marvell.com, damianx.nowak@intel.com, Arek Kusztal Date: Wed, 17 Jul 2019 14:51:01 +0200 Message-Id: <20190717125111.11288-2-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.19.1.windows.1 In-Reply-To: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> References: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v4 01/11] cryptodev: change RSA API comments about primes X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" RSA modulus cannot be prime as its security basing on integer factorization. Signed-off-by: Arek Kusztal --- lib/librte_cryptodev/rte_crypto_asym.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h index 8672f21..02ec304 100644 --- a/lib/librte_cryptodev/rte_crypto_asym.h +++ b/lib/librte_cryptodev/rte_crypto_asym.h @@ -199,8 +199,8 @@ struct rte_crypto_rsa_priv_key_qt { */ struct rte_crypto_rsa_xform { rte_crypto_param n; - /**< n - Prime modulus - * Prime modulus data of RSA operation in Octet-string network + /**< n - Modulus + * Modulus data of RSA operation in Octet-string network * byte order format. */ @@ -409,7 +409,7 @@ struct rte_crypto_rsa_op_param { * over-written with generated signature. * * Length of the signature data will be equal to the - * RSA prime modulus length. + * RSA modulus length. */ enum rte_crypto_rsa_padding_type pad; From patchwork Wed Jul 17 12:51:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 56625 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id E62A71BDF2; Wed, 17 Jul 2019 14:54:48 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id D53D11BDF1 for ; Wed, 17 Jul 2019 14:54:47 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jul 2019 05:54:47 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,274,1559545200"; d="scan'208";a="187553005" Received: from akusztax-mobl.ger.corp.intel.com ([10.104.12.189]) by fmsmga001.fm.intel.com with ESMTP; 17 Jul 2019 05:54:45 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com, shallyv@marvell.com, damianx.nowak@intel.com, Arek Kusztal Date: Wed, 17 Jul 2019 14:51:02 +0200 Message-Id: <20190717125111.11288-3-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.19.1.windows.1 In-Reply-To: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> References: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v4 02/11] cryptodev: add cipher field to RSA op X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Asymmetric nature of RSA algorithm suggest to use additional field for output. In place operations still can be done by setting cipher and message pointers with the same memory address. Signed-off-by: Arek Kusztal --- lib/librte_cryptodev/rte_crypto_asym.h | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h index 02ec304..ab305a6 100644 --- a/lib/librte_cryptodev/rte_crypto_asym.h +++ b/lib/librte_cryptodev/rte_crypto_asym.h @@ -397,9 +397,33 @@ struct rte_crypto_rsa_op_param { /**< * Pointer to data * - to be encrypted for RSA public encrypt. - * - to be decrypted for RSA private decrypt. * - to be signed for RSA sign generation. * - to be authenticated for RSA sign verification. + * + * Octet-string network byte order format. + * + * This field is an input to RTE_CRYPTO_ASYM_OP_ENCRYPT + * operation, and output to RTE_CRYPTO_ASYM_OP_DECRYPT operation. + * + * When RTE_CRYPTO_ASYM_OP_DECRYPT op_type used underlying array + * should have been allocated with enough memory to hold plaintext + * output (bigger or equal to RSA key size). + */ + + + rte_crypto_param cipher; + /**< + * Pointer to data + * - to be decrypted for RSA private decrypt. + * + * Octet-string network byte order format. + * + * This field is an input to RTE_CRYPTO_ASYM_OP_DECRYPT + * operation, and output to RTE_CRYPTO_ASYM_OP_ENCRYPT operation. + * + * When RTE_CRYPTO_ASYM_OP_ENCRYPT op_type used underlying array + * should have been allocated with enough memory to hold cipher + * output (bigger or equal to RSA key size). */ rte_crypto_param sign; From patchwork Wed Jul 17 12:51:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 56626 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id CB8E51BDFB; Wed, 17 Jul 2019 14:54:50 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id F36051BDF9 for ; Wed, 17 Jul 2019 14:54:49 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jul 2019 05:54:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,274,1559545200"; d="scan'208";a="187553012" Received: from akusztax-mobl.ger.corp.intel.com ([10.104.12.189]) by fmsmga001.fm.intel.com with ESMTP; 17 Jul 2019 05:54:47 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com, shallyv@marvell.com, damianx.nowak@intel.com, Arek Kusztal Date: Wed, 17 Jul 2019 14:51:03 +0200 Message-Id: <20190717125111.11288-4-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.19.1.windows.1 In-Reply-To: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> References: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v4 03/11] crypto/openssl: add cipher field to openssl RSA implementation X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This commit adds cipher field to openssl pmd to comfort to API change. Signed-off-by: Arek Kusztal --- drivers/crypto/openssl/rte_openssl_pmd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 7c8bf0d..71ae320 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1867,19 +1867,19 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, case RTE_CRYPTO_ASYM_OP_ENCRYPT: ret = RSA_public_encrypt(op->rsa.message.length, op->rsa.message.data, - op->rsa.message.data, + op->rsa.cipher.data, rsa, pad); if (ret > 0) - op->rsa.message.length = ret; + op->rsa.cipher.length = ret; OPENSSL_LOG(DEBUG, "length of encrypted text %d\n", ret); break; case RTE_CRYPTO_ASYM_OP_DECRYPT: - ret = RSA_private_decrypt(op->rsa.message.length, - op->rsa.message.data, + ret = RSA_private_decrypt(op->rsa.cipher.length, + op->rsa.cipher.data, op->rsa.message.data, rsa, pad); From patchwork Wed Jul 17 12:51:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 56627 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id B40BC1BDE3; Wed, 17 Jul 2019 14:54:54 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id AFA761BE03 for ; Wed, 17 Jul 2019 14:54:52 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jul 2019 05:54:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,274,1559545200"; d="scan'208";a="187553023" Received: from akusztax-mobl.ger.corp.intel.com ([10.104.12.189]) by fmsmga001.fm.intel.com with ESMTP; 17 Jul 2019 05:54:50 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com, shallyv@marvell.com, damianx.nowak@intel.com, Arek Kusztal Date: Wed, 17 Jul 2019 14:51:04 +0200 Message-Id: <20190717125111.11288-5-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.19.1.windows.1 In-Reply-To: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> References: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v4 04/11] test: add cipher field to RSA test X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch adds cipher field to RSA test cases Signed-off-by: Arek Kusztal --- app/test/test_cryptodev_asym.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index 4dee164..8391545 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -164,6 +164,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess) uint8_t dev_id = ts_params->valid_devs[0]; struct rte_crypto_op *op, *result_op; struct rte_crypto_asym_op *asym_op; + uint8_t cipher_buf[TEST_DATA_SIZE] = {0}; int ret, status = TEST_SUCCESS; /* Set up crypto op data structure */ @@ -180,6 +181,8 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess) asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT; asym_op->rsa.message.data = rsaplaintext.data; + asym_op->rsa.cipher.data = cipher_buf; + asym_op->rsa.cipher.length = 0; asym_op->rsa.message.length = rsaplaintext.len; asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2; From patchwork Wed Jul 17 12:51:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 56628 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 4FCF01BE09; Wed, 17 Jul 2019 14:54:56 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 150B61BE06 for ; Wed, 17 Jul 2019 14:54:54 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jul 2019 05:54:54 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,274,1559545200"; d="scan'208";a="187553030" Received: from akusztax-mobl.ger.corp.intel.com ([10.104.12.189]) by fmsmga001.fm.intel.com with ESMTP; 17 Jul 2019 05:54:52 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com, shallyv@marvell.com, damianx.nowak@intel.com, Arek Kusztal Date: Wed, 17 Jul 2019 14:51:05 +0200 Message-Id: <20190717125111.11288-6-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.19.1.windows.1 In-Reply-To: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> References: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v4 05/11] cryptodev: add information about message format when signing with RSA X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch adds information about format of the message should have before sending it to the signing operation when using RSA algorithm. Signed-off-by: Arek Kusztal --- lib/librte_cryptodev/rte_crypto_asym.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h index ab305a6..4a86610 100644 --- a/lib/librte_cryptodev/rte_crypto_asym.h +++ b/lib/librte_cryptodev/rte_crypto_asym.h @@ -408,9 +408,17 @@ struct rte_crypto_rsa_op_param { * When RTE_CRYPTO_ASYM_OP_DECRYPT op_type used underlying array * should have been allocated with enough memory to hold plaintext * output (bigger or equal to RSA key size). + * + * When RTE_CRYPTO_ASYM_OP_SIGN op_type used and following padding + * type: + * - padding PKCS1_5: + * data provided should contain `algorithmIdentifier` in DER encoded + * format concatenated with message digest (as per spec rfc8017 9.2) + * - padding PSS + * data provided should contain message digest of the message + * to be signed */ - rte_crypto_param cipher; /**< * Pointer to data From patchwork Wed Jul 17 12:51:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 56629 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 9A3B61BE22; Wed, 17 Jul 2019 14:55:06 +0200 (CEST) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id 3897B1BE1F for ; Wed, 17 Jul 2019 14:55:02 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jul 2019 05:55:01 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,274,1559545200"; d="scan'208";a="187553043" Received: from akusztax-mobl.ger.corp.intel.com ([10.104.12.189]) by fmsmga001.fm.intel.com with ESMTP; 17 Jul 2019 05:54:58 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com, shallyv@marvell.com, damianx.nowak@intel.com, Arek Kusztal Date: Wed, 17 Jul 2019 14:51:06 +0200 Message-Id: <20190717125111.11288-7-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.19.1.windows.1 In-Reply-To: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> References: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v4 06/11] cryptodev: remove RSA PKCS1 BT0 padding X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" BT0 block type padding after rfc2313 has been discontinued. Signed-off-by: Arek Kusztal --- lib/librte_cryptodev/rte_crypto_asym.h | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h index 4a86610..5e05de5 100644 --- a/lib/librte_cryptodev/rte_crypto_asym.h +++ b/lib/librte_cryptodev/rte_crypto_asym.h @@ -112,17 +112,9 @@ enum rte_crypto_asym_op_type { enum rte_crypto_rsa_padding_type { RTE_CRYPTO_RSA_PADDING_NONE = 0, /**< RSA no padding scheme */ - RTE_CRYPTO_RSA_PKCS1_V1_5_BT0, - /**< RSA PKCS#1 V1.5 Block Type 0 padding scheme - * as described in rfc2313 - */ - RTE_CRYPTO_RSA_PKCS1_V1_5_BT1, - /**< RSA PKCS#1 V1.5 Block Type 01 padding scheme - * as described in rfc2313 - */ - RTE_CRYPTO_RSA_PKCS1_V1_5_BT2, - /**< RSA PKCS#1 V1.5 Block Type 02 padding scheme - * as described in rfc2313 + RTE_CRYPTO_RSA_PADDING_PKCS1_5, + /**< RSA PKCS#1 PKCS1-v1_5 padding scheme. For signatures block type 01, + * for encryption block type 02 are used. */ RTE_CRYPTO_RSA_PADDING_OAEP, /**< RSA PKCS#1 OAEP padding scheme */ From patchwork Wed Jul 17 12:51:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 56630 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 584E81BE31; Wed, 17 Jul 2019 14:55:09 +0200 (CEST) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id D5D3D1BE1B for ; Wed, 17 Jul 2019 14:55:04 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jul 2019 05:55:04 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,274,1559545200"; d="scan'208";a="187553063" Received: from akusztax-mobl.ger.corp.intel.com ([10.104.12.189]) by fmsmga001.fm.intel.com with ESMTP; 17 Jul 2019 05:55:02 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com, shallyv@marvell.com, damianx.nowak@intel.com, Arek Kusztal Date: Wed, 17 Jul 2019 14:51:07 +0200 Message-Id: <20190717125111.11288-8-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.19.1.windows.1 In-Reply-To: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> References: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v4 07/11] openssl: remove RSA PKCS1_5 BT0 padding X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch removes RSA PKCS1_5 BT0 padding from openssl PMD. Signed-off-by: Arek Kusztal --- drivers/crypto/openssl/rte_openssl_pmd.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 71ae320..2f55528 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1848,9 +1848,7 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; switch (pad) { - case RTE_CRYPTO_RSA_PKCS1_V1_5_BT0: - case RTE_CRYPTO_RSA_PKCS1_V1_5_BT1: - case RTE_CRYPTO_RSA_PKCS1_V1_5_BT2: + case RTE_CRYPTO_RSA_PADDING_PKCS1_5: pad = RSA_PKCS1_PADDING; break; case RTE_CRYPTO_RSA_PADDING_NONE: From patchwork Wed Jul 17 12:51:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 56631 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 687731BE3A; Wed, 17 Jul 2019 14:55:12 +0200 (CEST) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id 5212C1BE24 for ; Wed, 17 Jul 2019 14:55:07 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jul 2019 05:55:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,274,1559545200"; d="scan'208";a="187553072" Received: from akusztax-mobl.ger.corp.intel.com ([10.104.12.189]) by fmsmga001.fm.intel.com with ESMTP; 17 Jul 2019 05:55:05 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com, shallyv@marvell.com, damianx.nowak@intel.com, Arek Kusztal Date: Wed, 17 Jul 2019 14:51:08 +0200 Message-Id: <20190717125111.11288-9-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.19.1.windows.1 In-Reply-To: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> References: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v4 08/11] test: remove RSA PKCS1_5 BT0 padding from test cases X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch removes RSA PKCS1_5 BT0 padding from test cases Signed-off-by: Arek Kusztal --- app/test/test_cryptodev_asym.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index 8391545..0e1277b 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -93,7 +93,7 @@ queue_ops_rsa_sign_verify(struct rte_cryptodev_asym_session *sess) asym_op->rsa.message.data = rsaplaintext.data; asym_op->rsa.message.length = rsaplaintext.len; asym_op->rsa.sign.data = output_buf; - asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1; + asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5; debug_hexdump(stdout, "message", asym_op->rsa.message.data, asym_op->rsa.message.length); @@ -125,7 +125,7 @@ queue_ops_rsa_sign_verify(struct rte_cryptodev_asym_session *sess) /* Verify sign */ asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY; - asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1; + asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5; /* Process crypto operation */ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { @@ -184,7 +184,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess) asym_op->rsa.cipher.data = cipher_buf; asym_op->rsa.cipher.length = 0; asym_op->rsa.message.length = rsaplaintext.len; - asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2; + asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5; debug_hexdump(stdout, "message", asym_op->rsa.message.data, asym_op->rsa.message.length); @@ -215,7 +215,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess) /* Use the resulted output as decryption Input vector*/ asym_op = result_op->asym; asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT; - asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2; + asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5; /* Process crypto operation */ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { From patchwork Wed Jul 17 12:51:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 56632 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id E81A31BE37; Wed, 17 Jul 2019 14:55:14 +0200 (CEST) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id BC3AC1BE33 for ; Wed, 17 Jul 2019 14:55:09 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jul 2019 05:55:09 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,274,1559545200"; d="scan'208";a="187553081" Received: from akusztax-mobl.ger.corp.intel.com ([10.104.12.189]) by fmsmga001.fm.intel.com with ESMTP; 17 Jul 2019 05:55:07 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com, shallyv@marvell.com, damianx.nowak@intel.com, Arek Kusztal Date: Wed, 17 Jul 2019 14:51:09 +0200 Message-Id: <20190717125111.11288-10-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.19.1.windows.1 In-Reply-To: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> References: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v4 09/11] cryptodev: add RSA padding none description X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch adds RSA padding none description. Signed-off-by: Arek Kusztal --- lib/librte_cryptodev/rte_crypto_asym.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h index 5e05de5..a021c5b 100644 --- a/lib/librte_cryptodev/rte_crypto_asym.h +++ b/lib/librte_cryptodev/rte_crypto_asym.h @@ -90,7 +90,10 @@ enum rte_crypto_asym_xform_type { */ enum rte_crypto_asym_op_type { RTE_CRYPTO_ASYM_OP_ENCRYPT, - /**< Asymmetric Encrypt operation */ + /**< RSA no padding scheme. + * In this case user is responsible for provision and verification + * of padding. + */ RTE_CRYPTO_ASYM_OP_DECRYPT, /**< Asymmetric Decrypt operation */ RTE_CRYPTO_ASYM_OP_SIGN, @@ -409,6 +412,11 @@ struct rte_crypto_rsa_op_param { * - padding PSS * data provided should contain message digest of the message * to be signed + * + * When padding field is set to RTE_CRYPTO_RSA_PADDING_NONE + * and RTE_CRYPTO_ASYM_OP_DECRYPT op_type used returned data size + * will be equal to the size of RSA key in bytes. All leading + * zeroes will be preserved. */ rte_crypto_param cipher; From patchwork Wed Jul 17 12:51:10 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 56633 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 6882B1BE49; Wed, 17 Jul 2019 14:55:17 +0200 (CEST) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id 867731BE3C for ; Wed, 17 Jul 2019 14:55:12 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jul 2019 05:55:12 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,274,1559545200"; d="scan'208";a="187553092" Received: from akusztax-mobl.ger.corp.intel.com ([10.104.12.189]) by fmsmga001.fm.intel.com with ESMTP; 17 Jul 2019 05:55:10 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com, shallyv@marvell.com, damianx.nowak@intel.com, Arek Kusztal Date: Wed, 17 Jul 2019 14:51:10 +0200 Message-Id: <20190717125111.11288-11-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.19.1.windows.1 In-Reply-To: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> References: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v4 10/11] test: add pkcs1_5 padding simulation X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch adds function to simulate pkcs1_5 padding, it serves nothing else than example. It provides no security and should not be used in security context. Signed-off-by: Arek Kusztal --- app/test/test_cryptodev_asym_util.h | 54 +++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/app/test/test_cryptodev_asym_util.h b/app/test/test_cryptodev_asym_util.h index b3d9fb4..f984166 100644 --- a/app/test/test_cryptodev_asym_util.h +++ b/app/test/test_cryptodev_asym_util.h @@ -1,10 +1,64 @@ /* SPDX-License-Identifier: BSD-3-Clause * Copyright(c) 2018 Cavium Networks + * Copyright (c) 2019 Intel Corporation */ #ifndef TEST_CRYPTODEV_ASYM_TEST_UTIL_H__ #define TEST_CRYPTODEV_ASYM_TEST_UTIL_H__ +/* + * Two functions below simulate pkcs 1.5 padding and serves only as an example, + * both offer no security. + */ +static inline int rsa_simulate_pkcs1_5_padding(int op, uint8_t *p, + int key_size, const uint8_t *src, int len) { + + int ps_len; + + if (len > key_size - 11) + return -1; + ps_len = key_size - len - 3; + + *(p++) = 0; + *(p++) = op ? 1 : 2; + if (op) { + while (ps_len--) + *(p++) = 0xFF; + } else { + while (ps_len--) { + *p = (uint8_t)rand(); + *p ^= !(*p); + p++; + } + } + + *(p++) = 0; + memcpy(p, src, len); + + return 0; +} + +static inline int rsa_simulate_strip_pkcs1_5_padding(uint8_t *src, + int key_size) { + uint8_t tmp[key_size], *orig_src = src; + int i = 1; + ++src; + while (*(src) && i < key_size) { + ++i; + ++src; + } + if (i == key_size) + return -1; + + ++i; + ++src; + + memcpy(tmp, src, key_size - i); + memcpy(orig_src, tmp, key_size - i); + return key_size - i; +} + + /* Below Apis compare resulted buffer to original test vector */ static inline int rsa_verify(struct rsa_test_data *rsa_param, From patchwork Wed Jul 17 12:51:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 56634 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 8F43B1BE50; Wed, 17 Jul 2019 14:55:22 +0200 (CEST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id 12E221BC20 for ; Wed, 17 Jul 2019 14:55:20 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jul 2019 05:55:19 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,274,1559545200"; d="scan'208";a="187553106" Received: from akusztax-mobl.ger.corp.intel.com ([10.104.12.189]) by fmsmga001.fm.intel.com with ESMTP; 17 Jul 2019 05:55:12 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com, shallyv@marvell.com, damianx.nowak@intel.com, Arek Kusztal Date: Wed, 17 Jul 2019 14:51:11 +0200 Message-Id: <20190717125111.11288-12-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.19.1.windows.1 In-Reply-To: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> References: <20190717125111.11288-1-arkadiuszx.kusztal@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v4 11/11] test: add RSA PKCS1_5 padding case when no padding selected X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch adds an example how to use padding none option with RSA. Signed-off-by: Arek Kusztal --- app/test/test_cryptodev_asym.c | 46 +++++++++++++++++++++++++++++++++--------- 1 file changed, 37 insertions(+), 9 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index 0e1277b..fa5ddab 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -157,13 +157,15 @@ queue_ops_rsa_sign_verify(struct rte_cryptodev_asym_session *sess) } static int -queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess) +queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess, + enum rte_crypto_rsa_padding_type padding) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct rte_mempool *op_mpool = ts_params->op_mpool; uint8_t dev_id = ts_params->valid_devs[0]; struct rte_crypto_op *op, *result_op; struct rte_crypto_asym_op *asym_op; + uint8_t input_buf[TEST_DATA_SIZE] = {0}; uint8_t cipher_buf[TEST_DATA_SIZE] = {0}; int ret, status = TEST_SUCCESS; @@ -180,11 +182,19 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess) /* Compute encryption on the test vector */ asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT; - asym_op->rsa.message.data = rsaplaintext.data; asym_op->rsa.cipher.data = cipher_buf; asym_op->rsa.cipher.length = 0; - asym_op->rsa.message.length = rsaplaintext.len; - asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5; + asym_op->rsa.pad = padding; + + if (padding == RTE_CRYPTO_RSA_PADDING_NONE) { + rsa_simulate_pkcs1_5_padding(0, input_buf, rsa_xform.rsa.n.length, + rsaplaintext.data, rsaplaintext.len); + asym_op->rsa.message.length = rsa_xform.rsa.n.length; + asym_op->rsa.message.data = input_buf; + } else if (padding == RTE_CRYPTO_RSA_PADDING_PKCS1_5) { + asym_op->rsa.message.data = rsaplaintext.data; + asym_op->rsa.message.length = rsaplaintext.len; + } debug_hexdump(stdout, "message", asym_op->rsa.message.data, asym_op->rsa.message.length); @@ -215,7 +225,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess) /* Use the resulted output as decryption Input vector*/ asym_op = result_op->asym; asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT; - asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5; + asym_op->rsa.pad = padding; /* Process crypto operation */ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { @@ -233,6 +243,13 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess) goto error_exit; } status = TEST_SUCCESS; + + if (padding == RTE_CRYPTO_RSA_PADDING_NONE) { + result_op->asym->rsa.message.length = + rsa_simulate_strip_pkcs1_5_padding(result_op->asym->rsa.message.data, + rsa_xform.rsa.n.length); + } + ret = rsa_verify(&rsaplaintext, result_op); if (ret) status = TEST_FAILED; @@ -562,7 +579,7 @@ test_rsa_sign_verify(void) } static int -test_rsa_enc_dec(void) +test_rsa_enc_dec(enum rte_crypto_rsa_padding_type padding) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct rte_mempool *sess_mpool = ts_params->session_mpool; @@ -597,7 +614,7 @@ test_rsa_enc_dec(void) goto error_exit; } - status = queue_ops_rsa_enc_dec(sess); + status = queue_ops_rsa_enc_dec(sess, padding); error_exit: @@ -610,6 +627,16 @@ test_rsa_enc_dec(void) } static int +test_rsa_enc_dec_padding_none(void) { + return test_rsa_enc_dec(RTE_CRYPTO_RSA_PADDING_NONE); +} + +static int +test_rsa_enc_dec_padding_pkcs_1(void) { + return test_rsa_enc_dec(RTE_CRYPTO_RSA_PADDING_PKCS1_5); +} + +static int test_rsa_sign_verify_crt(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; @@ -692,7 +719,7 @@ test_rsa_enc_dec_crt(void) status = TEST_FAILED; goto error_exit; } - status = queue_ops_rsa_enc_dec(sess); + status = queue_ops_rsa_enc_dec(sess, RTE_CRYPTO_RSA_PADDING_PKCS1_5); error_exit: @@ -1767,7 +1794,8 @@ static struct unit_test_suite cryptodev_openssl_asym_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, test_capability), TEST_CASE_ST(ut_setup, ut_teardown, test_dsa), TEST_CASE_ST(ut_setup, ut_teardown, test_dh_keygenration), - TEST_CASE_ST(ut_setup, ut_teardown, test_rsa_enc_dec), + TEST_CASE_ST(ut_setup, ut_teardown, test_rsa_enc_dec_padding_none), + TEST_CASE_ST(ut_setup, ut_teardown, test_rsa_enc_dec_padding_pkcs_1), TEST_CASE_ST(ut_setup, ut_teardown, test_rsa_sign_verify), TEST_CASE_ST(ut_setup, ut_teardown, test_rsa_enc_dec_crt), TEST_CASE_ST(ut_setup, ut_teardown, test_rsa_sign_verify_crt),