* [PATCH 1/3] crypto/openssl: include private exponent in RSA session
@ 2025-06-20 8:19 Gowrishankar Muthukrishnan
2025-06-20 8:19 ` [PATCH 2/3] test/crypto: fix RSA test vector as per RFC 8017 Gowrishankar Muthukrishnan
2025-06-20 8:19 ` [PATCH 3/3] test/crypto: fix RSA decrypt op validation Gowrishankar Muthukrishnan
0 siblings, 2 replies; 3+ messages in thread
From: Gowrishankar Muthukrishnan @ 2025-06-20 8:19 UTC (permalink / raw)
To: dev, Kai Ji, Ashish Gupta, Shally Verma, Sunila Sahu
Cc: anoobj, Akhil Goyal, Gowrishankar Muthukrishnan, stable
If private exponent is available, it should be included within
RSA session as per RFC 8017 (A.1.2). OpenSSL 1.1.1 implementation
rely on this private exponent, to implicitly reject invalid cipher.
Hence, check if it is available for session and include it.
Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
Cc: stable@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 04e018f3df..d3aa396c76 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -1025,7 +1025,7 @@ static int openssl_set_asym_session_parameters(
if (rsa == NULL)
goto err_rsa;
- if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) {
+ if (xform->rsa.d.length > 0) {
d = BN_bin2bn(
(const unsigned char *)xform->rsa.d.data,
xform->rsa.d.length,
@@ -1034,7 +1034,9 @@ static int openssl_set_asym_session_parameters(
RSA_free(rsa);
goto err_rsa;
}
- } else {
+ }
+
+ if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_QT) {
p = BN_bin2bn((const unsigned char *)
xform->rsa.qt.p.data,
xform->rsa.qt.p.length,
--
2.25.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 2/3] test/crypto: fix RSA test vector as per RFC 8017
2025-06-20 8:19 [PATCH 1/3] crypto/openssl: include private exponent in RSA session Gowrishankar Muthukrishnan
@ 2025-06-20 8:19 ` Gowrishankar Muthukrishnan
2025-06-20 8:19 ` [PATCH 3/3] test/crypto: fix RSA decrypt op validation Gowrishankar Muthukrishnan
1 sibling, 0 replies; 3+ messages in thread
From: Gowrishankar Muthukrishnan @ 2025-06-20 8:19 UTC (permalink / raw)
To: dev, Akhil Goyal, Fan Zhang, Shally Verma, Ayuj Verma,
Arkadiusz Kusztal, Kanaka Durga Kotamarthy
Cc: anoobj, Gowrishankar Muthukrishnan, stable
As per RFC 8017 (A.1.2), RSA private key should be represented
with both exponent and CRT forms of data for inter operability.
Fixes: a379799cbaaf ("test/crypto: add RSA key type CRT")
Cc: stable@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
app/test/test_cryptodev_asym.c | 16 ++++++++---
app/test/test_cryptodev_rsa_test_vectors.h | 32 +++++-----------------
2 files changed, 19 insertions(+), 29 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index fcaf73aa1a..a5f3eae41d 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -260,6 +260,7 @@ test_rsa_sign_verify(void)
struct rte_mempool *sess_mpool = ts_params->session_mpool;
struct rte_cryptodev_asym_capability_idx idx;
uint8_t dev_id = ts_params->valid_devs[0];
+ struct rte_crypto_asym_xform xform;
void *sess = NULL;
struct rte_cryptodev_info dev_info;
int ret, status = TEST_SUCCESS;
@@ -280,7 +281,10 @@ test_rsa_sign_verify(void)
return TEST_SKIPPED;
}
- ret = rte_cryptodev_asym_session_create(dev_id, &rsa_xform, sess_mpool, &sess);
+ memcpy(&xform, &rsa_xform, sizeof(rsa_xform));
+ xform.rsa.key_type = RTE_RSA_KEY_TYPE_EXP;
+
+ ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
if (ret < 0) {
RTE_LOG(ERR, USER1, "Session creation failed for "
@@ -306,6 +310,7 @@ test_rsa_enc_dec(void)
struct rte_mempool *sess_mpool = ts_params->session_mpool;
struct rte_cryptodev_asym_capability_idx idx;
uint8_t dev_id = ts_params->valid_devs[0];
+ struct rte_crypto_asym_xform xform;
void *sess = NULL;
struct rte_cryptodev_info dev_info;
int ret, status = TEST_SUCCESS;
@@ -326,7 +331,10 @@ test_rsa_enc_dec(void)
return TEST_SKIPPED;
}
- ret = rte_cryptodev_asym_session_create(dev_id, &rsa_xform, sess_mpool, &sess);
+ memcpy(&xform, &rsa_xform, sizeof(rsa_xform));
+ xform.rsa.key_type = RTE_RSA_KEY_TYPE_EXP;
+
+ ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
if (ret < 0) {
RTE_LOG(ERR, USER1, "Session creation failed for enc_dec\n");
@@ -371,7 +379,7 @@ test_rsa_sign_verify_crt(void)
return TEST_SKIPPED;
}
- ret = rte_cryptodev_asym_session_create(dev_id, &rsa_xform_crt, sess_mpool, &sess);
+ ret = rte_cryptodev_asym_session_create(dev_id, &rsa_xform, sess_mpool, &sess);
if (ret < 0) {
RTE_LOG(ERR, USER1, "Session creation failed for "
@@ -417,7 +425,7 @@ test_rsa_enc_dec_crt(void)
return TEST_SKIPPED;
}
- ret = rte_cryptodev_asym_session_create(dev_id, &rsa_xform_crt, sess_mpool, &sess);
+ ret = rte_cryptodev_asym_session_create(dev_id, &rsa_xform, sess_mpool, &sess);
if (ret < 0) {
RTE_LOG(ERR, USER1, "Session creation failed for "
diff --git a/app/test/test_cryptodev_rsa_test_vectors.h b/app/test/test_cryptodev_rsa_test_vectors.h
index 1b7b451387..9652b0d43a 100644
--- a/app/test/test_cryptodev_rsa_test_vectors.h
+++ b/app/test/test_cryptodev_rsa_test_vectors.h
@@ -340,7 +340,7 @@ uint8_t rsa_qInv[] = {
0x71, 0x94, 0xdd, 0xa0, 0xf5, 0x1e, 0x6d, 0xcc
};
-/** rsa xform using exponent key */
+/** rsa xform (of QT private key type by default) */
struct rte_crypto_asym_xform rsa_xform = {
.next = NULL,
.xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
@@ -354,29 +354,6 @@ struct rte_crypto_asym_xform rsa_xform = {
.data = rsa_e,
.length = sizeof(rsa_e)
},
- .key_type = RTE_RSA_KEY_TYPE_EXP,
- .d = {
- .data = rsa_d,
- .length = sizeof(rsa_d)
- }
- }
-};
-
-/** rsa xform using quintuple key */
-struct rte_crypto_asym_xform rsa_xform_crt = {
- .next = NULL,
- .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
- .rsa = {
- .padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
- .n = {
- .data = rsa_n,
- .length = sizeof(rsa_n)
- },
- .e = {
- .data = rsa_e,
- .length = sizeof(rsa_e)
- },
- .key_type = RTE_RSA_KEY_TYPE_QT,
.qt = {
.p = {
.data = rsa_p,
@@ -398,7 +375,12 @@ struct rte_crypto_asym_xform rsa_xform_crt = {
.data = rsa_qInv,
.length = sizeof(rsa_qInv)
},
- }
+ },
+ .d = {
+ .data = rsa_d,
+ .length = sizeof(rsa_d)
+ },
+ .key_type = RTE_RSA_KEY_TYPE_QT
}
};
--
2.25.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 3/3] test/crypto: fix RSA decrypt op validation
2025-06-20 8:19 [PATCH 1/3] crypto/openssl: include private exponent in RSA session Gowrishankar Muthukrishnan
2025-06-20 8:19 ` [PATCH 2/3] test/crypto: fix RSA test vector as per RFC 8017 Gowrishankar Muthukrishnan
@ 2025-06-20 8:19 ` Gowrishankar Muthukrishnan
1 sibling, 0 replies; 3+ messages in thread
From: Gowrishankar Muthukrishnan @ 2025-06-20 8:19 UTC (permalink / raw)
To: dev, Akhil Goyal, Fan Zhang, Shally Verma, Ayuj Verma,
Arkadiusz Kusztal, Kanaka Durga Kotamarthy
Cc: anoobj, Gowrishankar Muthukrishnan, stable
Following RSA encrypt op, same plaintext buffer is used as output
buffer for decrypt op, hence comparing plaintext buffer against
same buffer pointer in crypto op always succeed irrespective of
whether decrypt op succeeds or not. This patch fixes this issue
with a local buffer for crypto op.
Fixes: 5ae36995f10f ("test/crypto: move RSA enqueue/dequeue into functions")
Cc: stable@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
app/test/test_cryptodev_asym.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index a5f3eae41d..557eaf2706 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -175,7 +175,10 @@ queue_ops_rsa_enc_dec(void *sess)
struct rte_crypto_op *op, *result_op;
struct rte_crypto_asym_op *asym_op;
uint8_t cipher_buf[TEST_DATA_SIZE] = {0};
- int ret, status = TEST_SUCCESS;
+ uint8_t msg_buf[TEST_DATA_SIZE] = {0};
+ int ret, status;
+
+ memcpy(msg_buf, rsaplaintext.data, rsaplaintext.len);
/* Set up crypto op data structure */
op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
@@ -190,7 +193,7 @@ queue_ops_rsa_enc_dec(void *sess)
/* Compute encryption on the test vector */
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
- asym_op->rsa.message.data = rsaplaintext.data;
+ asym_op->rsa.message.data = msg_buf;
asym_op->rsa.cipher.data = cipher_buf;
asym_op->rsa.cipher.length = RTE_DIM(rsa_n);
asym_op->rsa.message.length = rsaplaintext.len;
@@ -225,6 +228,7 @@ queue_ops_rsa_enc_dec(void *sess)
asym_op = result_op->asym;
asym_op->rsa.message.length = RTE_DIM(rsa_n);
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
+ memset(asym_op->rsa.message.data, 0, asym_op->rsa.message.length);
/* Process crypto operation */
if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -241,11 +245,20 @@ queue_ops_rsa_enc_dec(void *sess)
status = TEST_FAILED;
goto error_exit;
}
- status = TEST_SUCCESS;
+
+ if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+ RTE_LOG(ERR, USER1, "Expected crypto op to succeed\n");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
ret = rsa_verify(&rsaplaintext, result_op);
- if (ret)
+ if (ret) {
status = TEST_FAILED;
+ goto error_exit;
+ }
+ status = TEST_SUCCESS;
error_exit:
rte_crypto_op_free(op);
--
2.25.1
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-06-20 8:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-06-20 8:19 [PATCH 1/3] crypto/openssl: include private exponent in RSA session Gowrishankar Muthukrishnan
2025-06-20 8:19 ` [PATCH 2/3] test/crypto: fix RSA test vector as per RFC 8017 Gowrishankar Muthukrishnan
2025-06-20 8:19 ` [PATCH 3/3] test/crypto: fix RSA decrypt op validation Gowrishankar Muthukrishnan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).