DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH v2 0/2] Changes for RSA verify operation in OpenSSL PMD and unit tests
@ 2018-10-25 10:00 Akash Saxena
  2018-10-25 10:00 ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: changes for RSA verify operation Akash Saxena
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Akash Saxena @ 2018-10-25 10:00 UTC (permalink / raw)
  To: pablo.de.lara.guarch
  Cc: dev, akhil.goyal, Verma, Shally, Verma, Ayuj, Saxena, Akash

v2:
Added NULL check for tmp buffer allocation failure. 

v1:
In lib cryptodev, RSA verify operation inputs plain message text and
corresponding signature and expected to return
RTE_CRYPTO_OP_STATUS_SUCCESS/FAILURE on a signature match/mismatch.
Current OpenSSL PMD RSA verify implementation overrides application passed
sign input by decrypted output which isn't expected.

This patch addresses this issue in OpenSSL PMD. Now, OpenSSL PMD use tmp
buffer to store sign operation decrypted output and test application to
only check for STATUS_SUCCESS/FAILURE.

---
Akash Saxena (2):
  crypto/openssl: changes for RSA verify operation
  test/crypto: remove data verification at rsa verify operation

 drivers/crypto/openssl/rte_openssl_pmd.c | 22 +++++++++++++++-------
 test/test/test_cryptodev_asym.c          |  9 ++++++---
 2 files changed, 21 insertions(+), 10 deletions(-)

-- 
2.7.4

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [dpdk-dev] [PATCH v2 1/2] crypto/openssl: changes for RSA verify operation
  2018-10-25 10:00 [dpdk-dev] [PATCH v2 0/2] Changes for RSA verify operation in OpenSSL PMD and unit tests Akash Saxena
@ 2018-10-25 10:00 ` Akash Saxena
  2018-11-02 11:25   ` Akhil Goyal
  2018-10-25 10:01 ` [dpdk-dev] [PATCH v2 2/2] test/crypto: remove data verification at rsa " Akash Saxena
  2018-11-02 11:44 ` [dpdk-dev] [PATCH v2 0/2] Changes for RSA verify operation in OpenSSL PMD and unit tests Akhil Goyal
  2 siblings, 1 reply; 6+ messages in thread
From: Akash Saxena @ 2018-10-25 10:00 UTC (permalink / raw)
  To: pablo.de.lara.guarch
  Cc: dev, akhil.goyal, Verma, Shally, Verma, Ayuj, Saxena, Akash

Add tmp buffer to pass to OpenSSL sign API and memcmp output with
original plain text to verify signature match.
Set op->status = RTE_CRYPO_OP_STATUS_ERROR on signature mismatch.

Signed-off-by: Ayuj Verma <ayuj.verma@caviumnetworks.com>
Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 003116d..11ea0d1 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1843,6 +1843,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
 	struct rte_crypto_asym_op *op = cop->asym;
 	RSA *rsa = sess->u.r.rsa;
 	uint32_t pad = (op->rsa.pad);
+	uint8_t *tmp;
+
+	cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	switch (pad) {
 	case RTE_CRYPTO_RSA_PKCS1_V1_5_BT0:
@@ -1895,9 +1898,15 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
 		break;
 
 	case RTE_CRYPTO_ASYM_OP_VERIFY:
+		tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
+		if (tmp == NULL) {
+			OPENSSL_LOG(ERR, "Memory allocation failed");
+			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+			break;
+		}
 		ret = RSA_public_decrypt(op->rsa.sign.length,
 				op->rsa.sign.data,
-				op->rsa.sign.data,
+				tmp,
 				rsa,
 				pad);
 
@@ -1905,13 +1914,12 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
 				"Length of public_decrypt %d "
 				"length of message %zd\n",
 				ret, op->rsa.message.length);
-
-		if (memcmp(op->rsa.sign.data, op->rsa.message.data,
-					op->rsa.message.length)) {
-			OPENSSL_LOG(ERR,
-					"RSA sign Verification failed");
-			return -1;
+		if ((ret <= 0) || (memcmp(tmp, op->rsa.message.data,
+				op->rsa.message.length))) {
+			OPENSSL_LOG(ERR, "RSA sign Verification failed");
+			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
 		}
+		rte_free(tmp);
 		break;
 
 	default:
-- 
2.7.4

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [dpdk-dev] [PATCH v2 2/2] test/crypto: remove data verification at rsa verify operation
  2018-10-25 10:00 [dpdk-dev] [PATCH v2 0/2] Changes for RSA verify operation in OpenSSL PMD and unit tests Akash Saxena
  2018-10-25 10:00 ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: changes for RSA verify operation Akash Saxena
@ 2018-10-25 10:01 ` Akash Saxena
  2018-11-02 11:26   ` Akhil Goyal
  2018-11-02 11:44 ` [dpdk-dev] [PATCH v2 0/2] Changes for RSA verify operation in OpenSSL PMD and unit tests Akhil Goyal
  2 siblings, 1 reply; 6+ messages in thread
From: Akash Saxena @ 2018-10-25 10:01 UTC (permalink / raw)
  To: pablo.de.lara.guarch
  Cc: dev, akhil.goyal, Verma, Shally, Verma, Ayuj, Saxena, Akash

Change unit test app to check only for op->status =
RTE_CRYPTO_OP_STATUS_SUCCESS/ERROR instead of calling rsa_verify().

Signed-off-by: Ayuj Verma <ayuj.verma@caviumnetworks.com>
Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
---
 test/test/test_cryptodev_asym.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/test/test/test_cryptodev_asym.c b/test/test/test_cryptodev_asym.c
index 2fdfc1d..a899f99 100644
--- a/test/test/test_cryptodev_asym.c
+++ b/test/test/test_cryptodev_asym.c
@@ -153,10 +153,13 @@ test_rsa_sign_verify(void)
 		goto error_exit;
 	}
 	status = TEST_SUCCESS;
-	int ret = 0;
-	ret = rsa_verify(&rsaplaintext, result_op);
-	if (ret)
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s",
+				__LINE__, "Failed to process asym crypto op");
 		status = TEST_FAILED;
+		goto error_exit;
+	}
 
 error_exit:
 
-- 
2.7.4

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [dpdk-dev] [PATCH v2 1/2] crypto/openssl: changes for RSA verify operation
  2018-10-25 10:00 ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: changes for RSA verify operation Akash Saxena
@ 2018-11-02 11:25   ` Akhil Goyal
  0 siblings, 0 replies; 6+ messages in thread
From: Akhil Goyal @ 2018-11-02 11:25 UTC (permalink / raw)
  To: Akash Saxena, pablo.de.lara.guarch
  Cc: dev, Verma, Shally, Verma, Ayuj, Saxena, Akash



On 10/25/2018 3:30 PM, Akash Saxena wrote:
> Add tmp buffer to pass to OpenSSL sign API and memcmp output with
> original plain text to verify signature match.
> Set op->status = RTE_CRYPO_OP_STATUS_ERROR on signature mismatch.
>
> Signed-off-by: Ayuj Verma <ayuj.verma@caviumnetworks.com>
> Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
> Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
> ---
>   drivers/crypto/openssl/rte_openssl_pmd.c | 22 +++++++++++++++-------
>   1 file changed, 15 insertions(+), 7 deletions(-)
>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [dpdk-dev] [PATCH v2 2/2] test/crypto: remove data verification at rsa verify operation
  2018-10-25 10:01 ` [dpdk-dev] [PATCH v2 2/2] test/crypto: remove data verification at rsa " Akash Saxena
@ 2018-11-02 11:26   ` Akhil Goyal
  0 siblings, 0 replies; 6+ messages in thread
From: Akhil Goyal @ 2018-11-02 11:26 UTC (permalink / raw)
  To: Akash Saxena, pablo.de.lara.guarch
  Cc: dev, Verma, Shally, Verma, Ayuj, Saxena, Akash



On 10/25/2018 3:31 PM, Akash Saxena wrote:
> Change unit test app to check only for op->status =
> RTE_CRYPTO_OP_STATUS_SUCCESS/ERROR instead of calling rsa_verify().
>
> Signed-off-by: Ayuj Verma <ayuj.verma@caviumnetworks.com>
> Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
> Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
> ---
>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/2] Changes for RSA verify operation in OpenSSL PMD and unit tests
  2018-10-25 10:00 [dpdk-dev] [PATCH v2 0/2] Changes for RSA verify operation in OpenSSL PMD and unit tests Akash Saxena
  2018-10-25 10:00 ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: changes for RSA verify operation Akash Saxena
  2018-10-25 10:01 ` [dpdk-dev] [PATCH v2 2/2] test/crypto: remove data verification at rsa " Akash Saxena
@ 2018-11-02 11:44 ` Akhil Goyal
  2 siblings, 0 replies; 6+ messages in thread
From: Akhil Goyal @ 2018-11-02 11:44 UTC (permalink / raw)
  To: Akash Saxena, pablo.de.lara.guarch
  Cc: dev, Verma, Shally, Verma, Ayuj, Saxena, Akash



On 10/25/2018 3:30 PM, Akash Saxena wrote:
> v2:
> Added NULL check for tmp buffer allocation failure.
>
> v1:
> In lib cryptodev, RSA verify operation inputs plain message text and
> corresponding signature and expected to return
> RTE_CRYPTO_OP_STATUS_SUCCESS/FAILURE on a signature match/mismatch.
> Current OpenSSL PMD RSA verify implementation overrides application passed
> sign input by decrypted output which isn't expected.
>
> This patch addresses this issue in OpenSSL PMD. Now, OpenSSL PMD use tmp
> buffer to store sign operation decrypted output and test application to
> only check for STATUS_SUCCESS/FAILURE.
>
> ---
> Akash Saxena (2):
>    crypto/openssl: changes for RSA verify operation
>    test/crypto: remove data verification at rsa verify operation
>
>   drivers/crypto/openssl/rte_openssl_pmd.c | 22 +++++++++++++++-------
>   test/test/test_cryptodev_asym.c          |  9 ++++++---
>   2 files changed, 21 insertions(+), 10 deletions(-)
>
Applied to dpdk-next-crypto

Thanks.

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2018-11-02 11:44 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-10-25 10:00 [dpdk-dev] [PATCH v2 0/2] Changes for RSA verify operation in OpenSSL PMD and unit tests Akash Saxena
2018-10-25 10:00 ` [dpdk-dev] [PATCH v2 1/2] crypto/openssl: changes for RSA verify operation Akash Saxena
2018-11-02 11:25   ` Akhil Goyal
2018-10-25 10:01 ` [dpdk-dev] [PATCH v2 2/2] test/crypto: remove data verification at rsa " Akash Saxena
2018-11-02 11:26   ` Akhil Goyal
2018-11-02 11:44 ` [dpdk-dev] [PATCH v2 0/2] Changes for RSA verify operation in OpenSSL PMD and unit tests Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).