DPDK usage discussions
 help / color / mirror / Atom feed
From: ossama ahmed <ossamaahmedmughal@hotmail.com>
To: "users@dpdk.org" <users@dpdk.org>
Subject: Fw: OpenSSL Crypto Poll Mode Driver
Date: Fri, 1 Apr 2022 11:17:33 +0000
Message-ID: <DB9P195MB12254755390BB7662CAB6873B2E09@DB9P195MB1225.EURP195.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <DB9P195MB12252F3886270BDBBE4047D2B2E09@DB9P195MB1225.EURP195.PROD.OUTLOOK.COM>

[-- Attachment #1: Type: text/plain, Size: 4742 bytes --]



Sent from Outlook<http://aka.ms/weboutlook>

________________________________
From: ossama ahmed
Sent: Friday, April 1, 2022 11:10 AM
To: users-request@dpdk.org <users-request@dpdk.org>
Subject: OpenSSL Crypto Poll Mode Driver

Hello,

I would like to highlight following issues in OpenSSL Crypto Poll Mode Driver and OpenSSL vdev related to RSA Sign and Verify operations.

ISSUES:
ISSUE1 (RSA_private_encrypt and RSA_public_decrypt)

With respect to https://www.openssl.org/docs/manmaster/man3/RSA_private_encrypt.html .Both of the functions are deprecated. Applications should instead use EVP_PKEY_sign_init_ex, EVP_PKEY_sign, EVP_PKEY_verify_recover_init, and EVP_PKEY_verify_recover.

Although I understand that due to compatibility reasons, DPDK is using native (in my case on Ubuntu 20.04.1 its 1.1.1f version of) OpenSSL but With respect
to OpenSSL's version 1.1.1f APIs "RSA_private_encrypt" and "RSA_public_decrypt" but in case of RSA_PKCS1_PADDING it is recomended that when generating or verifying
PKCS #1 signatures, RSA_sign(3) and RSA_verify(3) should be used.

POSSIBLE SOLUTION
1. Use RSA_sign, RSA_verify, EVP_DigestSignFinal, EVP_DigestSign etc instead.

2. Append algorithm identifier field to digest before signing. Details can be found in section EMSA-PKCS1-v1_5 availbel on https://datatracker.ietf.org/doc/html/rfc8017#section-9.2

For example in case if RSA is using SHA256 for digest generation then DigestInfo value is:
SHA-256: (0x)30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 || H where H is the digest of data
Hence appropriate AIDs (i.e algorithm identifiers) must be appended to digest. Once this done then in case of RSA_PKCS1_PADDING, APIs RSA_private_encrypt and RSA_public_decrypt are compatible with RSA_sign, RSA_verify, EVP_DigestSignFinal, EVP_DigestSign and verify respectively.

ISSUE2 (OpenSSL Crypto Poll Mode Driver vs RSA PSS Padding)
Current DPDK's OpenSSL Crypto Poll Mode Driver fails to verify signature generated using RSA PSS Padding. Also with respect to latest version of DPDK there is no handling available in OpenSSL Crypto Poll Mode Driver for RTE_CRYPTO_RSA_PADDING_PSS. Current implementation handles only RTE_CRYPTO_RSA_PADDING_NONE and
RTE_CRYPTO_RSA_PADDING_PKCS1_5 for signing and verification.

1. EVP_DigestSignFinal, EVP_DigestSign etc instead.

2. As coded in OpenSSL (crypto/rsa/rsa_pmeth.c +268):
else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
            int ret;
            if (!setup_tbuf(rctx, ctx))
                return -1;
            ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, RSA_NO_PADDING);

            if (ret <= 0)
                return 0;
            ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, rctx->md, rctx->mgf1md, rctx->tbuf, rctx->saltlen);
            if (ret <= 0)
                return 0;
            return 1;
        }
However, in order to use above implementation changes are required in OpenSSL Crypto Poll Mode Driver (drivers/crypto/openssl/rte_openssl_pmd.c +1945) for example

       case RTE_CRYPTO_ASYM_OP_VERIFY:
                tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
                if (tmp == NULL) {
                        OPENSSL_LOG(ERR, "Memory allocation failed");
                        cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
                        break;
                }
                ret = RSA_public_decrypt(op->rsa.sign.length,
                                op->rsa.sign.data,
                                tmp,
                                rsa,
                                pad);

                OPENSSL_LOG(DEBUG,
                                "Length of public_decrypt %d "
                                "length of message %zd\n",
                                ret, op->rsa.message.length);
                //FIXME
                if(pad == RSA_NO_PADDING && ret)
                        memcpy(op->rsa.message.data, tmp, op->rsa.sign.length);
                else if ((ret <= 0) || (CRYPTO_memcmp(tmp, op->rsa.message.data,
                                op->rsa.message.length))) {
                        OPENSSL_LOG(ERR, "RSA sign Verification failed");
                        cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
                }
                //FIXME
                rte_free(tmp);
                break;

                Complete details are availble in section 8.1.2 of https://datatracker.ietf.org/doc/html/rfc8017#section-8.1.2


I have handled the above mentioned issues in DPDK using my own custom implementation. I would love to share details if required for further clarification

Regards,
Ossama Ahmed Mughal

<http://aka.ms/weboutlook>

[-- Attachment #2: Type: text/html, Size: 10211 bytes --]

       reply	other threads:[~2022-04-01 11:17 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <DB9P195MB12252F3886270BDBBE4047D2B2E09@DB9P195MB1225.EURP195.PROD.OUTLOOK.COM>
2022-04-01 11:17 ` ossama ahmed [this message]
2022-04-01 13:40   ` Kusztal, ArkadiuszX
2022-04-01 14:20     ` Ji, Kai
2022-04-01 15:22       ` ossama ahmed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DB9P195MB12254755390BB7662CAB6873B2E09@DB9P195MB1225.EURP195.PROD.OUTLOOK.COM \
    --to=ossamaahmedmughal@hotmail.com \
    --cc=users@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK usage discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.dpdk.org/users/0 users/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 users users/ http://inbox.dpdk.org/users \
		users@dpdk.org
	public-inbox-index users

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.users


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git