From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
To: dev@dpdk.org
Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, anoobj@marvell.com,
Arek Kusztal <arkadiuszx.kusztal@intel.com>
Subject: [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa
Date: Tue, 22 Mar 2022 08:11:28 +0000 [thread overview]
Message-ID: <20220322081128.23733-2-arkadiuszx.kusztal@intel.com> (raw)
In-Reply-To: <20220322081128.23733-1-arkadiuszx.kusztal@intel.com>
This commit adds example pkcs1 signature tests.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
app/test/test_cryptodev_asym.c | 249 +++++++++++++++++++++++++++++--
drivers/crypto/openssl/rte_openssl_pmd.c | 34 ++++-
lib/cryptodev/rte_crypto_asym.h | 6 +-
3 files changed, 270 insertions(+), 19 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 71378cbdb2..512eb34377 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -15,6 +15,7 @@
#include <rte_cryptodev.h>
#include <rte_crypto.h>
+#include <openssl/rsa.h>
#include "test_cryptodev.h"
#include "test_cryptodev_dh_test_vectors.h"
@@ -163,6 +164,222 @@ queue_ops_rsa_sign_verify(void *sess)
return status;
}
+/* DPDK RFC RSA 22.07 */
+
+static uint8_t
+rsa_sign_pkcs_15_pt[] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+ 0x11, 0x12, 0x13, 0x14,
+};
+
+static uint8_t
+rsa_sign_pkcs_15_pt_sha256[] = {
+ 0xB1, 0xB2, 0xB3, 0xB4, 0xA1, 0xA2, 0xA3, 0xA4,
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+};
+
+static uint8_t
+rsa_sign_pkcs_15_padded[] = {
+ 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+};
+
+static uint8_t
+rsa_sign_pkcs_15_padded_digestinfo_sha1[] = {
+ 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x30, 0x21, 0x30,
+ 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
+ 0x05, 0x00, 0x04, 0x14, 0x01, 0x02, 0x03, 0x04,
+ 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+};
+
+static uint8_t
+rsa_sign_pkcs_15_padded_digestinfo_sha256[] = {
+ 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x30, 0x31, 0x30,
+ 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+ 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20,
+ 0xB1, 0xB2, 0xB3, 0xB4, 0xA1, 0xA2, 0xA3, 0xA4,
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+};
+
+static void*
+rfc2207_rsa_sign_pkcs_15_sesscreat(void)
+{
+ struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+ struct rte_mempool *sess_mpool = ts_params->session_mpool;
+ uint8_t dev_id = ts_params->valid_devs[0];
+ static void *sess = NULL;
+ int ret;
+
+ if (sess)
+ return sess;
+ ret = rte_cryptodev_asym_session_create(dev_id, &rsa_xform, sess_mpool, &sess);
+
+ if (ret < 0) {
+ RTE_LOG(ERR, USER1, "Session creation failed for "
+ "sign_verify\n");
+ return NULL;
+ }
+ return sess;
+}
+
+struct rfc2207_rsa_test_data
+{
+ enum rte_crypto_rsa_padding_type type;
+ rte_crypto_param input;
+ enum rte_crypto_auth_algorithm hash;
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_ssl23 = {
+ .type = RTE_CRYPTO_RSA_PADDING_SSL23,
+ .input.data = rsa_sign_pkcs_15_pt,
+ .input.length = sizeof(rsa_sign_pkcs_15_pt),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_ssl23_padded = {
+ .type = RTE_CRYPTO_RSA_PADDING_NONE,
+ .input.data = rsa_sign_pkcs_15_padded,
+ .input.length = sizeof(rsa_sign_pkcs_15_padded),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_pkcs15_sha1 = {
+ .type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
+ .hash = RTE_CRYPTO_AUTH_SHA1,
+ .input.data = rsa_sign_pkcs_15_pt,
+ .input.length = sizeof(rsa_sign_pkcs_15_pt),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_pkcs15_digestinfo_sha1 = {
+ .type = RTE_CRYPTO_RSA_PADDING_NONE,
+ .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha1,
+ .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha1),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_pkcs15_sha256 = {
+ .type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
+ .hash = RTE_CRYPTO_AUTH_SHA256,
+ .input.data = rsa_sign_pkcs_15_pt_sha256,
+ .input.length = sizeof(rsa_sign_pkcs_15_pt_sha256),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_pkcs15_digestinfo_sha256 = {
+ .type = RTE_CRYPTO_RSA_PADDING_NONE,
+ .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha256,
+ .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha256),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_pkcs15_oaep = {
+ .type = RTE_CRYPTO_RSA_PADDING_NONE,
+ .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha256,
+ .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha256),
+};
+
+static int
+rfc2207_rsa_sign_pkcs_15(const void *test_data)
+{
+ struct crypto_testsuite_params_asym *ts_params;
+ uint8_t dev_id;
+ struct rte_crypto_op *op, *result_op;
+ struct rte_crypto_asym_op *asym_op;
+ struct rte_mempool *op_mpool;
+ void *sess;
+ uint8_t result[TEST_DATA_SIZE];
+ const struct rfc2207_rsa_test_data *tdata = test_data;
+
+ ts_params = &testsuite_params;
+ dev_id = ts_params->valid_devs[0];
+ op_mpool = ts_params->op_mpool;
+ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+ if (op == NULL) {
+ RTE_LOG(ERR, USER1, "Failed to allocate asymmetric crypto "
+ "operation struct\n");
+ return TEST_FAILED;
+ }
+
+ sess = rfc2207_rsa_sign_pkcs_15_sesscreat();
+ if (sess == NULL) {
+ RTE_LOG(ERR, USER1, "Failed to allocate asymmetric crypto "
+ "operation struct\n");
+ return TEST_FAILED;
+ }
+
+ asym_op = op->asym;
+ asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
+ asym_op->rsa.padding.type = tdata->type;
+ asym_op->rsa.padding.hash = tdata->hash;
+ asym_op->rsa.input = tdata->input;
+ asym_op->rsa.output.data = result;
+
+ rte_crypto_op_attach_asym_session(op, sess);
+
+ /* Process crypto operation */
+ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+ RTE_LOG(ERR, USER1, "Error sending packet for encryption\n");
+ return -1;
+ }
+
+ while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+ rte_pause();
+
+ if (result_op == NULL) {
+ RTE_LOG(ERR, USER1, "Failed to process encryption op\n");
+ return -1;
+ }
+
+ printf("\nOutput len = %lu", asym_op->rsa.output.length);
+ rte_hexdump(stdout, "Signature", asym_op->rsa.output.data, asym_op->rsa.output.length);
+
+ return 0;
+}
+
+/* !---! DPDK RFC RSA 22.07 */
+
static int
queue_ops_rsa_enc_dec(void *sess)
{
@@ -2147,20 +2364,32 @@ static struct unit_test_suite cryptodev_openssl_asym_testsuite = {
.setup = testsuite_setup,
.teardown = testsuite_teardown,
.unit_test_cases = {
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_capability),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dsa),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_capability),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_dsa),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_dh_keygenration),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_rsa_sign_verify),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_rsa_enc_dec_crt),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_rsa_sign_verify_crt),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_inv),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_one_by_one),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_mod_inv),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_mod_exp),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_one_by_one),
+ TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_ssl23", ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_ssl23),
+ TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_ssl23_padded", ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_ssl23_padded),
+ TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_sha1", ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_pkcs15_sha1),
+ TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_digestinfo_sha1", ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_pkcs15_digestinfo_sha1),
+ TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_sha256", ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_pkcs15_sha256),
+ TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_digestinfo_sha256", ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_pkcs15_digestinfo_sha256),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 45cee47c5d..32da143ea0 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1899,11 +1899,24 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
RSA *rsa = sess->u.r.rsa;
uint32_t pad = (op->rsa.padding.type);
uint8_t *tmp;
+ int sha;
+
+ switch (op->rsa.padding.hash) {
+ case RTE_CRYPTO_AUTH_SHA1:
+ sha = NID_sha1;
+ break;
+ case RTE_CRYPTO_AUTH_SHA256:
+ sha = NID_sha256;
+ break;
+ default:
+ sha = NID_sha1;
+ }
cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
switch (pad) {
case RTE_CRYPTO_RSA_PADDING_PKCS1_5:
+ case RTE_CRYPTO_RSA_PADDING_SSL23:
pad = RSA_PKCS1_PADDING;
break;
case RTE_CRYPTO_RSA_PADDING_NONE:
@@ -1941,13 +1954,20 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
break;
case RTE_CRYPTO_ASYM_OP_SIGN:
- ret = RSA_private_encrypt(op->rsa.input.length,
- op->rsa.input.data,
- op->rsa.output.data,
- rsa,
- pad);
- if (ret > 0)
- op->rsa.output.length = ret;
+ if (op->rsa.padding.type != RTE_CRYPTO_RSA_PADDING_PKCS1_5) {
+ ret = RSA_private_encrypt(op->rsa.input.length,
+ op->rsa.input.data,
+ op->rsa.output.data,
+ rsa,
+ pad);
+ if (ret > 0)
+ op->rsa.output.length = ret;
+ } else {
+ ret = RSA_sign(sha, op->rsa.input.data, op->rsa.input.length,
+ op->rsa.output.data, (unsigned int *)&op->rsa.output.length, rsa);
+ if (ret == 0)
+ ret = -1;
+ }
break;
case RTE_CRYPTO_ASYM_OP_VERIFY:
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 834e06b96b..b3906b08e3 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -149,6 +149,7 @@ enum rte_crypto_mgf {
/**
* Padding types for RSA signature.
*/
+ #define TEMP
enum rte_crypto_rsa_padding_type {
RTE_CRYPTO_RSA_PADDING_NONE = 0,
/**< RSA no padding scheme */
@@ -160,6 +161,7 @@ enum rte_crypto_rsa_padding_type {
/**< RSA PKCS#1 OAEP padding scheme */
RTE_CRYPTO_RSA_PADDING_PSS,
/**< RSA PKCS#1 PSS padding scheme */
+ TEMP RTE_CRYPTO_RSA_PADDING_SSL23,
RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
};
@@ -426,7 +428,7 @@ struct rte_crypto_rsa_op_param {
*
* If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
* input should only be used along with cryptographically
- * secure padding scheme. *
+ * secure padding scheme.
* If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
* RTE_CRYPTO_RSA_PADDING_PSS
* if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain
@@ -434,7 +436,7 @@ struct rte_crypto_rsa_op_param {
* the digest of the message to be signed.
*
* When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT:
- *
+ *
* Input shall contain previously encrypted RSA message.
*
* When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
--
2.13.6
next prev parent reply other threads:[~2022-03-22 8:11 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-22 8:11 [RFC PATCH 1/2] cryptodev: rsa improvements Arek Kusztal
2022-03-22 8:11 ` Arek Kusztal [this message]
2022-03-22 9:13 ` [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa Kusztal, ArkadiuszX
2022-03-22 10:23 ` Kusztal, ArkadiuszX
2022-03-22 8:53 ` [RFC PATCH 1/2] cryptodev: rsa improvements Kusztal, ArkadiuszX
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220322081128.23733-2-arkadiuszx.kusztal@intel.com \
--to=arkadiuszx.kusztal@intel.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).