From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
To: <dev@dpdk.org>
Cc: Anoob Joseph <anoobj@marvell.com>,
Fan Zhang <roy.fan.zhang@intel.com>,
Brian Dooley <brian.dooley@intel.com>,
Akhil Goyal <gakhil@marvell.com>, <jerinj@marvell.com>,
Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Subject: [v2 6/7] examples/fips_validation: encode digest with hash OID
Date: Tue, 27 Sep 2022 11:30:39 +0530 [thread overview]
Message-ID: <70002880b18a7bda81c315ca542220e76f43b96b.1664258174.git.gmuthukrishn@marvell.com> (raw)
In-Reply-To: <e7c9578ea6bb9d5c9fba1bb227bf0b815dd76374.1664258174.git.gmuthukrishn@marvell.com>
FIPS RSA validation requires hash ddigest be encoded with ASN.1
value for digest info.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
examples/fips_validation/main.c | 78 +++++++++++++++++++++++++++++++++
1 file changed, 78 insertions(+)
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index ed86c10350..cfa01eae20 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -851,6 +851,63 @@ prepare_aead_op(void)
return 0;
}
+static int
+get_hash_oid(enum rte_crypto_auth_algorithm hash, uint8_t *buf)
+{
+ uint8_t id_sha512[] = {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x03, 0x05, 0x00, 0x04,
+ 0x40};
+ uint8_t id_sha384[] = {0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x02, 0x05, 0x00, 0x04,
+ 0x30};
+ uint8_t id_sha256[] = {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x01, 0x05, 0x00, 0x04,
+ 0x20};
+ uint8_t id_sha224[] = {0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x04, 0x05, 0x00, 0x04,
+ 0x1c};
+ uint8_t id_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
+ 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
+ 0x00, 0x04, 0x14};
+ uint8_t *id = NULL;
+ int id_len = 0;
+
+ switch (hash) {
+ case RTE_CRYPTO_AUTH_SHA1:
+ id = id_sha1;
+ id_len = sizeof(id_sha1);
+ break;
+ case RTE_CRYPTO_AUTH_SHA224:
+ id = id_sha224;
+ id_len = sizeof(id_sha224);
+ break;
+ case RTE_CRYPTO_AUTH_SHA256:
+ id = id_sha256;
+ id_len = sizeof(id_sha256);
+ break;
+ case RTE_CRYPTO_AUTH_SHA384:
+ id = id_sha384;
+ id_len = sizeof(id_sha384);
+ break;
+ case RTE_CRYPTO_AUTH_SHA512:
+ id = id_sha512;
+ id_len = sizeof(id_sha512);
+ break;
+ default:
+ id_len = -1;
+ break;
+ }
+
+ if (id != NULL)
+ rte_memcpy(buf, id, id_len);
+
+ return id_len;
+}
+
static int
prepare_rsa_op(void)
{
@@ -864,6 +921,27 @@ prepare_rsa_op(void)
asym->rsa.padding.hash = info.interim_info.rsa_data.auth;
if (env.digest) {
+ if (asym->rsa.padding.type == RTE_CRYPTO_RSA_PADDING_PKCS1_5) {
+ int b_len = 0;
+ uint8_t b[32];
+
+ b_len = get_hash_oid(asym->rsa.padding.hash, b);
+ if (b_len < 0) {
+ RTE_LOG(ERR, USER1, "Failed to get digest info for hash %d\n",
+ asym->rsa.padding.hash);
+ return -EINVAL;
+ }
+
+ if (b_len) {
+ msg.len = env.digest_len + b_len;
+ msg.val = rte_zmalloc(NULL, msg.len, 0);
+ rte_memcpy(msg.val, b, b_len);
+ rte_memcpy(msg.val + b_len, env.digest, env.digest_len);
+ rte_free(env.digest);
+ env.digest = msg.val;
+ env.digest_len = msg.len;
+ }
+ }
msg.val = env.digest;
msg.len = env.digest_len;
} else {
--
2.25.1
next prev parent reply other threads:[~2022-09-27 6:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-27 6:00 [v2 1/7] examples/fips_validation: fix parsing test group info Gowrishankar Muthukrishnan
2022-09-27 6:00 ` [v2 2/7] examples/fips_validation: add interim parse writeback Gowrishankar Muthukrishnan
2022-09-27 6:00 ` [v2 3/7] examples/fips_validation: add function to calculate SHA hash size Gowrishankar Muthukrishnan
2022-09-27 6:00 ` [v2 4/7] examples/fips_validation: fix buffer size to parse JSON string Gowrishankar Muthukrishnan
2022-09-27 6:00 ` [v2 5/7] examples/fips_validation: add asymmetric validation Gowrishankar Muthukrishnan
2022-09-27 6:00 ` Gowrishankar Muthukrishnan [this message]
2022-09-27 6:00 ` [v2 7/7] examples/fips_validation: randomize message for conformance test Gowrishankar Muthukrishnan
2022-09-27 7:26 [v2 0/7] FIPS asymmetric validation Gowrishankar Muthukrishnan
2022-09-27 7:26 ` [v2 6/7] examples/fips_validation: encode digest with hash OID Gowrishankar Muthukrishnan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=70002880b18a7bda81c315ca542220e76f43b96b.1664258174.git.gmuthukrishn@marvell.com \
--to=gmuthukrishn@marvell.com \
--cc=anoobj@marvell.com \
--cc=brian.dooley@intel.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=jerinj@marvell.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).