From: "Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com>
To: "dev@dpdk.org" <dev@dpdk.org>
Cc: "gakhil@marvell.com" <gakhil@marvell.com>,
"Zhang, Roy Fan" <roy.fan.zhang@intel.com>,
"anoobj@marvell.com" <anoobj@marvell.com>
Subject: RE: [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa
Date: Tue, 22 Mar 2022 10:23:17 +0000 [thread overview]
Message-ID: <PH0PR11MB501361ADC92ECBD5AB309BE69F179@PH0PR11MB5013.namprd11.prod.outlook.com> (raw)
In-Reply-To: <PH0PR11MB501320CF0A0358AA5212A9559F179@PH0PR11MB5013.namprd11.prod.outlook.com>
More explanation below.
> -----Original Message-----
> From: Kusztal, ArkadiuszX
> Sent: Tuesday, March 22, 2022 10:14 AM
> To: dev@dpdk.org
> Cc: gakhil@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> anoobj@marvell.com
> Subject: RE: [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa
>
> Hi,
>
> > -----Original Message-----
> > From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> > Sent: Tuesday, March 22, 2022 9:11 AM
> > To: dev@dpdk.org
> > Cc: gakhil@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> > anoobj@marvell.com; Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> > Subject: [RFC PATCH 2/2] test: add proper pkcs1 signature tests for
> > rsa
> >
> > This commit adds example pkcs1 signature tests.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> > app/test/test_cryptodev_asym.c | 249
> > +++++++++++++++++++++++++++++--
> > drivers/crypto/openssl/rte_openssl_pmd.c | 34 ++++-
> > lib/cryptodev/rte_crypto_asym.h | 6 +-
> > 3 files changed, 270 insertions(+), 19 deletions(-)
> >
> > diff --git a/app/test/test_cryptodev_asym.c
> > b/app/test/test_cryptodev_asym.c index 71378cbdb2..512eb34377 100644
> > --- a/app/test/test_cryptodev_asym.c
> > +++ b/app/test/test_cryptodev_asym.c
> > @@ -15,6 +15,7 @@
> >
> > #include <rte_cryptodev.h>
> > #include <rte_crypto.h>
> > +#include <openssl/rsa.h>
> >
> > #include "test_cryptodev.h"
> > #include "test_cryptodev_dh_test_vectors.h"
> > @@ -163,6 +164,222 @@ queue_ops_rsa_sign_verify(void *sess)
> > return status;
> > }
> >
> > +/* DPDK RFC RSA 22.07 */
> > +
> > +static uint8_t
> > +rsa_sign_pkcs_15_pt[] = {
> > + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
> > + 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
> > + 0x11, 0x12, 0x13, 0x14,
> > +};
> > +
> > +static uint8_t
> > +rsa_sign_pkcs_15_pt_sha256[] = {
> > + 0xB1, 0xB2, 0xB3, 0xB4, 0xA1, 0xA2, 0xA3, 0xA4,
> > + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
> > + 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
> > + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, };
> > +
> > +static uint8_t
> > +rsa_sign_pkcs_15_padded[] = {
> > + 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04,
> > + 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
> > + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
> > +};
> > +
> > +static uint8_t
> > +rsa_sign_pkcs_15_padded_digestinfo_sha1[] = {
> > + 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x30, 0x21, 0x30,
> > + 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
> > + 0x05, 0x00, 0x04, 0x14, 0x01, 0x02, 0x03, 0x04,
> > + 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
> > + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
> > +};
> > +
> > +static uint8_t
> > +rsa_sign_pkcs_15_padded_digestinfo_sha256[] = {
> > + 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x30, 0x31, 0x30,
> > + 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
> > + 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20,
> > + 0xB1, 0xB2, 0xB3, 0xB4, 0xA1, 0xA2, 0xA3, 0xA4,
> > + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
> > + 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
> > + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, };
> > +
> > +static void*
> > +rfc2207_rsa_sign_pkcs_15_sesscreat(void)
> > +{
> > + struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
> > + struct rte_mempool *sess_mpool = ts_params->session_mpool;
> > + uint8_t dev_id = ts_params->valid_devs[0];
> > + static void *sess = NULL;
> > + int ret;
> > +
> > + if (sess)
> > + return sess;
> > + ret = rte_cryptodev_asym_session_create(dev_id, &rsa_xform,
> > +sess_mpool, &sess);
> > +
> > + if (ret < 0) {
> > + RTE_LOG(ERR, USER1, "Session creation failed for "
> > + "sign_verify\n");
> > + return NULL;
> > + }
> > + return sess;
> > +}
> > +
> > +struct rfc2207_rsa_test_data
> > +{
> > + enum rte_crypto_rsa_padding_type type;
> > + rte_crypto_param input;
> > + enum rte_crypto_auth_algorithm hash; };
> > +
> [Arek] - rfc2207_rsa_test_data_ssl23 and rfc2207_rsa_test_data_pkcs15_sha1
> creates PKCS1_5 signature from same data, but signatures are different as
> RTE_CRYPTO_RSA_PADDING_SSL23 (PKCS1_5 flag in other patch) which is what
> we currently have in Cryptodev does not use AlgorithmIdentifier.
[Arek] - this patch is not meant to be applied, but only to show what kind of problem we are dealing with right now in terms of RSA padding.
And why OpenSSL RSA_private_encrypt is not doing proper signature, but still this option may be in Cryptodev (pre TLS1.1) as a different padding or RSA flag.
>
> > +struct rfc2207_rsa_test_data
> > +rfc2207_rsa_test_data_ssl23 = {
> > + .type = RTE_CRYPTO_RSA_PADDING_SSL23,
> > + .input.data = rsa_sign_pkcs_15_pt,
> > + .input.length = sizeof(rsa_sign_pkcs_15_pt), };
> > +
> > +struct rfc2207_rsa_test_data
> > +rfc2207_rsa_test_data_ssl23_padded = {
> > + .type = RTE_CRYPTO_RSA_PADDING_NONE,
> > + .input.data = rsa_sign_pkcs_15_padded,
> > + .input.length = sizeof(rsa_sign_pkcs_15_padded), };
> > +
> > +struct rfc2207_rsa_test_data
> > +rfc2207_rsa_test_data_pkcs15_sha1 = {
> > + .type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
> > + .hash = RTE_CRYPTO_AUTH_SHA1,
> > + .input.data = rsa_sign_pkcs_15_pt,
> > + .input.length = sizeof(rsa_sign_pkcs_15_pt), };
> > +
> > +struct rfc2207_rsa_test_data
> > +rfc2207_rsa_test_data_pkcs15_digestinfo_sha1 = {
> > + .type = RTE_CRYPTO_RSA_PADDING_NONE,
> > + .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha1,
> > + .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha1),
> > +};
> > +
> > +struct rfc2207_rsa_test_data
> > +rfc2207_rsa_test_data_pkcs15_sha256 = {
> > + .type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
> > + .hash = RTE_CRYPTO_AUTH_SHA256,
> > + .input.data = rsa_sign_pkcs_15_pt_sha256,
> > + .input.length = sizeof(rsa_sign_pkcs_15_pt_sha256),
> > +};
> > +
> > +struct rfc2207_rsa_test_data
> > +rfc2207_rsa_test_data_pkcs15_digestinfo_sha256 = {
> > + .type = RTE_CRYPTO_RSA_PADDING_NONE,
> > + .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha256,
> > + .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha256),
> > +};
> > +
> > +struct rfc2207_rsa_test_data
> > +rfc2207_rsa_test_data_pkcs15_oaep = {
> > + .type = RTE_CRYPTO_RSA_PADDING_NONE,
> > + .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha256,
> > + .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha256),
> > +};
> > +
> > +static int
> > +rfc2207_rsa_sign_pkcs_15(const void *test_data) {
> > + struct crypto_testsuite_params_asym *ts_params;
> > + uint8_t dev_id;
> > + struct rte_crypto_op *op, *result_op;
> > + struct rte_crypto_asym_op *asym_op;
> > + struct rte_mempool *op_mpool;
> > + void *sess;
> > + uint8_t result[TEST_DATA_SIZE];
> > + const struct rfc2207_rsa_test_data *tdata = test_data;
> > +
> > + ts_params = &testsuite_params;
> > + dev_id = ts_params->valid_devs[0];
> > + op_mpool = ts_params->op_mpool;
> > + op = rte_crypto_op_alloc(op_mpool,
> > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > + if (op == NULL) {
> > + RTE_LOG(ERR, USER1, "Failed to allocate asymmetric crypto "
> > + "operation struct\n");
> > + return TEST_FAILED;
> > + }
> > +
> > + sess = rfc2207_rsa_sign_pkcs_15_sesscreat();
> > + if (sess == NULL) {
> > + RTE_LOG(ERR, USER1, "Failed to allocate asymmetric crypto "
> > + "operation struct\n");
> > + return TEST_FAILED;
> > + }
> > +
> > + asym_op = op->asym;
> > + asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
> > + asym_op->rsa.padding.type = tdata->type;
> > + asym_op->rsa.padding.hash = tdata->hash;
> > + asym_op->rsa.input = tdata->input;
> > + asym_op->rsa.output.data = result;
> > +
> > + rte_crypto_op_attach_asym_session(op, sess);
> > +
> > + /* Process crypto operation */
> > + if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
> > + RTE_LOG(ERR, USER1, "Error sending packet for encryption\n");
> > + return -1;
> > + }
> > +
> > + while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
> > + rte_pause();
> > +
> > + if (result_op == NULL) {
> > + RTE_LOG(ERR, USER1, "Failed to process encryption op\n");
> > + return -1;
> > + }
> > +
> > + printf("\nOutput len = %lu", asym_op->rsa.output.length);
> > + rte_hexdump(stdout, "Signature", asym_op->rsa.output.data,
> > +asym_op->rsa.output.length);
> > +
> > + return 0;
> > +}
> > +
> > +/* !---! DPDK RFC RSA 22.07 */
> > +
> > static int
> > queue_ops_rsa_enc_dec(void *sess)
> > {
> > @@ -2147,20 +2364,32 @@ static struct unit_test_suite
> > cryptodev_openssl_asym_testsuite = {
> > .setup = testsuite_setup,
> > .teardown = testsuite_teardown,
> > .unit_test_cases = {
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > test_capability),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dsa),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_capability),
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_dsa),
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_dh_keygenration),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > test_rsa_enc_dec),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_rsa_enc_dec),
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_rsa_sign_verify),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_rsa_enc_dec_crt),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_rsa_sign_verify_crt),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > test_mod_inv),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > test_mod_exp),
> > - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > test_one_by_one),
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_mod_inv),
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_mod_exp),
> > + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
> > test_one_by_one),
> > +
> > TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_ssl23",
> > ut_setup_asym, ut_teardown_asym,
> > + rfc2207_rsa_sign_pkcs_15,
> > &rfc2207_rsa_test_data_ssl23),
> > +
> > TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_ssl23_pa
> > dded", ut_setup_asym, ut_teardown_asym,
> > + rfc2207_rsa_sign_pkcs_15,
> > &rfc2207_rsa_test_data_ssl23_padded),
> > +
> > TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_sha1",
> > ut_setup_asym, ut_teardown_asym,
> > + rfc2207_rsa_sign_pkcs_15,
> > &rfc2207_rsa_test_data_pkcs15_sha1),
> > +
> > TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_digestinf
> > o_sha1", ut_setup_asym, ut_teardown_asym,
> > + rfc2207_rsa_sign_pkcs_15,
> > &rfc2207_rsa_test_data_pkcs15_digestinfo_sha1),
> > +
> > TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_sha256",
> > ut_setup_asym, ut_teardown_asym,
> > + rfc2207_rsa_sign_pkcs_15,
> > &rfc2207_rsa_test_data_pkcs15_sha256),
> > +
> > TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_digestinf
> > o_sha256", ut_setup_asym, ut_teardown_asym,
> > + rfc2207_rsa_sign_pkcs_15,
> > +&rfc2207_rsa_test_data_pkcs15_digestinfo_sha256),
> > TEST_CASES_END() /**< NULL terminate unit test array */
> > }
> > };
> > diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> > b/drivers/crypto/openssl/rte_openssl_pmd.c
> > index 45cee47c5d..32da143ea0 100644
> > --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> > +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> > @@ -1899,11 +1899,24 @@ process_openssl_rsa_op(struct rte_crypto_op
> > *cop,
> > RSA *rsa = sess->u.r.rsa;
> > uint32_t pad = (op->rsa.padding.type);
> > uint8_t *tmp;
> > + int sha;
> > +
> > + switch (op->rsa.padding.hash) {
> > + case RTE_CRYPTO_AUTH_SHA1:
> > + sha = NID_sha1;
> > + break;
> > + case RTE_CRYPTO_AUTH_SHA256:
> > + sha = NID_sha256;
> > + break;
> > + default:
> > + sha = NID_sha1;
> > + }
> >
> > cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
> >
> > switch (pad) {
> > case RTE_CRYPTO_RSA_PADDING_PKCS1_5:
> > + case RTE_CRYPTO_RSA_PADDING_SSL23:
> > pad = RSA_PKCS1_PADDING;
> > break;
> > case RTE_CRYPTO_RSA_PADDING_NONE:
> > @@ -1941,13 +1954,20 @@ process_openssl_rsa_op(struct rte_crypto_op
> > *cop,
> > break;
> >
> > case RTE_CRYPTO_ASYM_OP_SIGN:
> > - ret = RSA_private_encrypt(op->rsa.input.length,
> > - op->rsa.input.data,
> > - op->rsa.output.data,
> > - rsa,
> > - pad);
> > - if (ret > 0)
> > - op->rsa.output.length = ret;
> > + if (op->rsa.padding.type !=
> > RTE_CRYPTO_RSA_PADDING_PKCS1_5) {
> > + ret = RSA_private_encrypt(op->rsa.input.length,
> > + op->rsa.input.data,
> > + op->rsa.output.data,
> > + rsa,
> > + pad);
> > + if (ret > 0)
> > + op->rsa.output.length = ret;
> > + } else {
> > + ret = RSA_sign(sha, op->rsa.input.data, op-
> > >rsa.input.length,
> > + op->rsa.output.data, (unsigned
> > int *)&op->rsa.output.length, rsa);
> > + if (ret == 0)
> > + ret = -1;
> > + }
> > break;
> >
> > case RTE_CRYPTO_ASYM_OP_VERIFY:
> > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > b/lib/cryptodev/rte_crypto_asym.h index 834e06b96b..b3906b08e3 100644
> > --- a/lib/cryptodev/rte_crypto_asym.h
> > +++ b/lib/cryptodev/rte_crypto_asym.h
> > @@ -149,6 +149,7 @@ enum rte_crypto_mgf {
> > /**
> > * Padding types for RSA signature.
> > */
> > + #define TEMP
> > enum rte_crypto_rsa_padding_type {
> > RTE_CRYPTO_RSA_PADDING_NONE = 0,
> > /**< RSA no padding scheme */
> > @@ -160,6 +161,7 @@ enum rte_crypto_rsa_padding_type {
> > /**< RSA PKCS#1 OAEP padding scheme */
> > RTE_CRYPTO_RSA_PADDING_PSS,
> > /**< RSA PKCS#1 PSS padding scheme */
> > + TEMP RTE_CRYPTO_RSA_PADDING_SSL23,
> > RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
> > };
> >
> > @@ -426,7 +428,7 @@ struct rte_crypto_rsa_op_param {
> > *
> > * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> > * input should only be used along with cryptographically
> > - * secure padding scheme. *
> > + * secure padding scheme.
> > * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
> > * RTE_CRYPTO_RSA_PADDING_PSS
> > * if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain @@
> > -
> > 434,7 +436,7 @@ struct rte_crypto_rsa_op_param {
> > * the digest of the message to be signed.
> > *
> > * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT:
> > - *
> > + *
> > * Input shall contain previously encrypted RSA message.
> > *
> > * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
> > --
> > 2.13.6
next prev parent reply other threads:[~2022-03-22 10:23 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-22 8:11 [RFC PATCH 1/2] cryptodev: rsa improvements Arek Kusztal
2022-03-22 8:11 ` [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa Arek Kusztal
2022-03-22 9:13 ` Kusztal, ArkadiuszX
2022-03-22 10:23 ` Kusztal, ArkadiuszX [this message]
2022-03-22 8:53 ` [RFC PATCH 1/2] cryptodev: rsa improvements Kusztal, ArkadiuszX
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PH0PR11MB501361ADC92ECBD5AB309BE69F179@PH0PR11MB5013.namprd11.prod.outlook.com \
--to=arkadiuszx.kusztal@intel.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).