From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 16BDCA0548; Tue, 11 Oct 2022 18:08:47 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5C16742D3F; Tue, 11 Oct 2022 18:08:39 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 2994C42C28 for ; Tue, 11 Oct 2022 18:08:38 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 29BED0oW029942; Tue, 11 Oct 2022 09:08:37 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=zpOym51X+wx/FzbzjLCDZake3NmeEv+9SBJe8jMlSXk=; b=O/J/7T0kYBUH1KFfWX8OrPfnc39BIbf2ipn9/ULOZZhyyA9yp5ZQg46Dx3tpI+/Lm5A9 IQCbnoeB/kLbvED/FSik4f0nJ1XZjr0HlWBvDr5qjWIjc1Mqwhe1gISQh/cD2NJ7+OER 8zq8bfshNIHMnXwnQzHBsChBn6uVA//bwe/akXZP669POTOrDdD+JWh0w/ix3l0DiWKp 5Ly0svTMpS1Fbt6dZMw1jfK0+x/Umz9pen5yjdH+S2PC3Wrp2UeMxXEMTlWgSfOQtkzP arta6+0YvaV+OtSddCvIGeOTOC/LHhVhi7v1NB3qUKmiDZd6bwd3r/ExWS//jP/pQlIP lw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3k40g5040a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 11 Oct 2022 09:08:37 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 11 Oct 2022 09:08:35 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Tue, 11 Oct 2022 09:08:35 -0700 Received: from localhost.localdomain (unknown [10.28.34.38]) by maili.marvell.com (Postfix) with ESMTP id CA52D3F7055; Tue, 11 Oct 2022 09:08:32 -0700 (PDT) From: Gowrishankar Muthukrishnan To: CC: Anoob Joseph , Fan Zhang , Brian Dooley , Akhil Goyal , , Gowrishankar Muthukrishnan Subject: [v4 2/3] examples/fips_validation: encode digest with hash OID Date: Tue, 11 Oct 2022 21:38:16 +0530 Message-ID: <20221011160817.66855-3-gmuthukrishn@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221011160817.66855-1-gmuthukrishn@marvell.com> References: <20221011092624.4123623-1-gmuthukrishn@marvell.com> <20221011160817.66855-1-gmuthukrishn@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: JtG3TaOuO7KfH5OqFXFs0fIrGmMGwwmG X-Proofpoint-GUID: JtG3TaOuO7KfH5OqFXFs0fIrGmMGwwmG X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-10-11_08,2022-10-11_02,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org FIPS RSA validation requires hash ddigest be encoded with ASN.1 value for digest info. Signed-off-by: Gowrishankar Muthukrishnan --- examples/fips_validation/main.c | 78 +++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c index 538c0c98e2..4af8d142e8 100644 --- a/examples/fips_validation/main.c +++ b/examples/fips_validation/main.c @@ -859,6 +859,63 @@ prepare_aead_op(void) return 0; } +static int +get_hash_oid(enum rte_crypto_auth_algorithm hash, uint8_t *buf) +{ + uint8_t id_sha512[] = {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, + 0x40}; + uint8_t id_sha384[] = {0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, + 0x30}; + uint8_t id_sha256[] = {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, + 0x20}; + uint8_t id_sha224[] = {0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, + 0x1c}; + uint8_t id_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, + 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, + 0x00, 0x04, 0x14}; + uint8_t *id = NULL; + int id_len = 0; + + switch (hash) { + case RTE_CRYPTO_AUTH_SHA1: + id = id_sha1; + id_len = sizeof(id_sha1); + break; + case RTE_CRYPTO_AUTH_SHA224: + id = id_sha224; + id_len = sizeof(id_sha224); + break; + case RTE_CRYPTO_AUTH_SHA256: + id = id_sha256; + id_len = sizeof(id_sha256); + break; + case RTE_CRYPTO_AUTH_SHA384: + id = id_sha384; + id_len = sizeof(id_sha384); + break; + case RTE_CRYPTO_AUTH_SHA512: + id = id_sha512; + id_len = sizeof(id_sha512); + break; + default: + id_len = -1; + break; + } + + if (id != NULL) + rte_memcpy(buf, id, id_len); + + return id_len; +} + static int prepare_rsa_op(void) { @@ -872,6 +929,27 @@ prepare_rsa_op(void) asym->rsa.padding.hash = info.interim_info.rsa_data.auth; if (env.digest) { + if (asym->rsa.padding.type == RTE_CRYPTO_RSA_PADDING_PKCS1_5) { + int b_len = 0; + uint8_t b[32]; + + b_len = get_hash_oid(asym->rsa.padding.hash, b); + if (b_len < 0) { + RTE_LOG(ERR, USER1, "Failed to get digest info for hash %d\n", + asym->rsa.padding.hash); + return -EINVAL; + } + + if (b_len) { + msg.len = env.digest_len + b_len; + msg.val = rte_zmalloc(NULL, msg.len, 0); + rte_memcpy(msg.val, b, b_len); + rte_memcpy(msg.val + b_len, env.digest, env.digest_len); + rte_free(env.digest); + env.digest = msg.val; + env.digest_len = msg.len; + } + } msg.val = env.digest; msg.len = env.digest_len; } else { -- 2.25.1