From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8717EA0471 for ; Wed, 17 Jul 2019 12:26:37 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 151721B53; Wed, 17 Jul 2019 12:26:36 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id BDFF51041 for ; Wed, 17 Jul 2019 12:26:33 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jul 2019 03:26:32 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,274,1559545200"; d="scan'208";a="167925791" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by fmsmga008.fm.intel.com with ESMTP; 17 Jul 2019 03:26:32 -0700 Received: from fmsmsx153.amr.corp.intel.com (10.18.125.6) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 17 Jul 2019 03:26:32 -0700 Received: from hasmsx108.ger.corp.intel.com (10.184.198.18) by FMSMSX153.amr.corp.intel.com (10.18.125.6) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 17 Jul 2019 03:26:32 -0700 Received: from HASMSX109.ger.corp.intel.com ([169.254.3.134]) by hasmsx108.ger.corp.intel.com ([169.254.9.15]) with mapi id 14.03.0439.000; Wed, 17 Jul 2019 13:26:29 +0300 From: "Kusztal, ArkadiuszX" To: Shally Verma , "dev@dpdk.org" CC: "akhil.goyal@nxp.com" , "Trahe, Fiona" Thread-Topic: [EXT] [PATCH v3 05/11] cryptodev: add information about message format when signing with RSA Thread-Index: AQHVPAfD/VZ9HQjSsEe6U179GxEeyabOZJsAgAAzUuA= Date: Wed, 17 Jul 2019 10:26:28 +0000 Message-ID: <06EE24DD0B19E248B53F6DC8657831551B280911@hasmsx109.ger.corp.intel.com> References: <20190716185304.12592-1-arkadiuszx.kusztal@intel.com> <20190716185304.12592-6-arkadiuszx.kusztal@intel.com> In-Reply-To: Accept-Language: pl-PL, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.600.7 dlp-reaction: no-action x-originating-ip: [10.184.70.11] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [EXT] [PATCH v3 05/11] cryptodev: add information about message format when signing with RSA X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > -----Original Message----- > From: Shally Verma [mailto:shallyv@marvell.com] > Sent: Wednesday, July 17, 2019 12:08 PM > To: Kusztal, ArkadiuszX ; dev@dpdk.org > Cc: akhil.goyal@nxp.com; Trahe, Fiona > Subject: RE: [EXT] [PATCH v3 05/11] cryptodev: add information about > message format when signing with RSA >=20 >=20 >=20 > > -----Original Message----- > > From: Arek Kusztal > > Sent: Wednesday, July 17, 2019 12:23 AM > > To: dev@dpdk.org > > Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma > > ; Arek Kusztal > > Subject: [EXT] [PATCH v3 05/11] cryptodev: add information about > > message format when signing with RSA > > > > External Email > > > > ---------------------------------------------------------------------- > > This patch adds information about format of the message should have > > before sending it to the signing operation when using RSA algorithm. > > > > Signed-off-by: Arek Kusztal > > --- > > lib/librte_cryptodev/rte_crypto_asym.h | 9 +++++++++ > > 1 file changed, 9 insertions(+) > > > > diff --git a/lib/librte_cryptodev/rte_crypto_asym.h > > b/lib/librte_cryptodev/rte_crypto_asym.h > > index 16c86c9..ad484de 100644 > > --- a/lib/librte_cryptodev/rte_crypto_asym.h > > +++ b/lib/librte_cryptodev/rte_crypto_asym.h > > @@ -408,6 +408,15 @@ struct rte_crypto_rsa_op_param { > > * When RTE_CRYPTO_ASYM_OP_DECRYPT op_type used length in > bytes > > * of this field needs to be greater or equal to the length of > > * corresponding RSA key in bytes. > > + * > > + * When RTE_CRYPTO_ASYM_OP_SIGN op_type used and following > > padding > > + * type: > > + * - padding PKCS1_5: > > + * data provided should contain `algorithmIdentifier` in DER encoded > > + * format concatenated with message digest (as per spec rfc8017 9.2) > [Shally] I have reservations here and I think I asked this before too. Fo= r > PKCSV1.5, Currently there it only support output format as defined RSASP1 > section 5.2.1 . Means PMD does not apply EMSA-PKCS1-v1_5-ENCODE (M, > emLen) defined in rfc8017 Sec 9.2 which includes applying hash on input > message and other things. So, Are we extending spec here ? 1) It is to the contrary what we have in only test case we got for RSA sign= ature, as we set padding: asym_op->rsa.sign.data =3D output_buf; asym_op->rsa.pad =3D RTE_CRYPTO_RSA_PKCS1_V1_5_BT1; But current openssl pmd implementation does not create digest nor adds DER.= So user needs to pass it. It can be only RSASP1 but only with PADDING_NONE selected, and in this case= full padding would have to be provided. 2) We cannot extend as we do not specify really in here, there is no inform= ation what data format user should provide. >=20 > > + * - padding PSS > > + * data provided should contain message digest of the message > > + * to be signed > > */ > > > > > > -- > > 2.1.0