* [dpdk-dev] [PATCH v1 0/2] Changes for RSA verify operation in OpenSSL PMD and unit tests
@ 2018-10-11 13:43 Akash Saxena
2018-10-11 13:43 ` [dpdk-dev] [PATCH v1 1/2] crypto/openssl: changes for RSA verify operation Akash Saxena
2018-10-11 13:43 ` [dpdk-dev] [PATCH v1 2/2] test/crypto: remove data verification at rsa " Akash Saxena
0 siblings, 2 replies; 8+ messages in thread
From: Akash Saxena @ 2018-10-11 13:43 UTC (permalink / raw)
To: pablo.de.lara.guarch
Cc: dev, akhil.goyal, shally.verma, ayuj.verma, Akash Saxena
In lib cryptodev, RSA verify operation inputs plain message text and
corresponding signature and expected to return
RTE_CRYPTO_OP_STATUS_SUCCESS/FAILURE on a signature match/mismatch.
Current OpenSSL PMD RSA verify implementation overrides application passed
sign input by decrypted output which isn't expected.
This patch addresses this issue in OpenSSL PMD. Now, OpenSSL PMD use tmp
buffer to store sign operation decrypted output and test application to
only check for STATUS_SUCCESS/FAILURE.
Signed-off-by: Ayuj Verma <ayuj.verma@caviumnetworks.com>
Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
---
Akash Saxena (2):
crypto/openssl: changes for RSA verify operation
test/crypto: check for operation status only at output of RSA verify
crypto operation
drivers/crypto/openssl/rte_openssl_pmd.c | 20 +++++++++++++-------
test/test/test_cryptodev_asym.c | 9 ++++++---
2 files changed, 19 insertions(+), 10 deletions(-)
--
2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* [dpdk-dev] [PATCH v1 1/2] crypto/openssl: changes for RSA verify operation
2018-10-11 13:43 [dpdk-dev] [PATCH v1 0/2] Changes for RSA verify operation in OpenSSL PMD and unit tests Akash Saxena
@ 2018-10-11 13:43 ` Akash Saxena
2018-10-16 13:15 ` Akhil Goyal
2018-10-16 13:17 ` Akhil Goyal
2018-10-11 13:43 ` [dpdk-dev] [PATCH v1 2/2] test/crypto: remove data verification at rsa " Akash Saxena
1 sibling, 2 replies; 8+ messages in thread
From: Akash Saxena @ 2018-10-11 13:43 UTC (permalink / raw)
To: pablo.de.lara.guarch
Cc: dev, akhil.goyal, shally.verma, ayuj.verma, Akash Saxena
Add tmp buffer to pass to OpenSSL sign API and memcmp output with
original plain text to verify signature match.
Set op->status = RTE_CRYPO_OP_STATUS_ERROR on signature mismatch.
Signed-off-by: Ayuj Verma <ayuj.verma@caviumnetworks.com>
Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 003116d..cc33fca 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1843,6 +1843,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
struct rte_crypto_asym_op *op = cop->asym;
RSA *rsa = sess->u.r.rsa;
uint32_t pad = (op->rsa.pad);
+ uint8_t *tmp;
+
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
switch (pad) {
case RTE_CRYPTO_RSA_PKCS1_V1_5_BT0:
@@ -1895,9 +1898,10 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
break;
case RTE_CRYPTO_ASYM_OP_VERIFY:
+ tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
ret = RSA_public_decrypt(op->rsa.sign.length,
op->rsa.sign.data,
- op->rsa.sign.data,
+ tmp,
rsa,
pad);
@@ -1905,13 +1909,15 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
"Length of public_decrypt %d "
"length of message %zd\n",
ret, op->rsa.message.length);
-
- if (memcmp(op->rsa.sign.data, op->rsa.message.data,
- op->rsa.message.length)) {
- OPENSSL_LOG(ERR,
- "RSA sign Verification failed");
- return -1;
+ if (ret > 0) {
+ if (memcmp(tmp, op->rsa.message.data,
+ op->rsa.message.length)) {
+ OPENSSL_LOG(ERR,
+ "RSA sign Verification failed");
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ }
}
+ rte_free(tmp);
break;
default:
--
2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* [dpdk-dev] [PATCH v1 2/2] test/crypto: remove data verification at rsa verify operation
2018-10-11 13:43 [dpdk-dev] [PATCH v1 0/2] Changes for RSA verify operation in OpenSSL PMD and unit tests Akash Saxena
2018-10-11 13:43 ` [dpdk-dev] [PATCH v1 1/2] crypto/openssl: changes for RSA verify operation Akash Saxena
@ 2018-10-11 13:43 ` Akash Saxena
2018-10-16 13:21 ` Akhil Goyal
1 sibling, 1 reply; 8+ messages in thread
From: Akash Saxena @ 2018-10-11 13:43 UTC (permalink / raw)
To: pablo.de.lara.guarch
Cc: dev, akhil.goyal, shally.verma, ayuj.verma, Akash Saxena
Change unit test app to check only for op->status =
RTE_CRYPTO_OP_STATUS_SUCCESS/ERROR instead of calling rsa_verify().
Signed-off-by: Ayuj Verma <ayuj.verma@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
---
test/test/test_cryptodev_asym.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/test/test/test_cryptodev_asym.c b/test/test/test_cryptodev_asym.c
index 2fdfc1d..a899f99 100644
--- a/test/test/test_cryptodev_asym.c
+++ b/test/test/test_cryptodev_asym.c
@@ -153,10 +153,13 @@ test_rsa_sign_verify(void)
goto error_exit;
}
status = TEST_SUCCESS;
- int ret = 0;
- ret = rsa_verify(&rsaplaintext, result_op);
- if (ret)
+ if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+ RTE_LOG(ERR, USER1,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to process asym crypto op");
status = TEST_FAILED;
+ goto error_exit;
+ }
error_exit:
--
2.7.4
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-dev] [PATCH v1 1/2] crypto/openssl: changes for RSA verify operation
2018-10-11 13:43 ` [dpdk-dev] [PATCH v1 1/2] crypto/openssl: changes for RSA verify operation Akash Saxena
@ 2018-10-16 13:15 ` Akhil Goyal
2018-10-16 13:17 ` Akhil Goyal
1 sibling, 0 replies; 8+ messages in thread
From: Akhil Goyal @ 2018-10-16 13:15 UTC (permalink / raw)
To: Akash Saxena, pablo.de.lara.guarch; +Cc: dev, shally.verma, ayuj.verma
On 10/11/2018 7:13 PM, Akash Saxena wrote:
> Add tmp buffer to pass to OpenSSL sign API and memcmp output with
> original plain text to verify signature match.
> Set op->status = RTE_CRYPO_OP_STATUS_ERROR on signature mismatch.
>
> Signed-off-by: Ayuj Verma<ayuj.verma@caviumnetworks.com>
> Signed-off-by: Akash Saxena<akash.saxena@caviumnetworks.com>
> Signed-off-by: Shally Verma<shally.verma@caviumnetworks.com>
> ---
> drivers/crypto/openssl/rte_openssl_pmd.c | 20 +++++++++++++-------
> 1 file changed, 13 insertions(+), 7 deletions(-)
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-dev] [PATCH v1 1/2] crypto/openssl: changes for RSA verify operation
2018-10-11 13:43 ` [dpdk-dev] [PATCH v1 1/2] crypto/openssl: changes for RSA verify operation Akash Saxena
2018-10-16 13:15 ` Akhil Goyal
@ 2018-10-16 13:17 ` Akhil Goyal
1 sibling, 0 replies; 8+ messages in thread
From: Akhil Goyal @ 2018-10-16 13:17 UTC (permalink / raw)
To: Akash Saxena, pablo.de.lara.guarch; +Cc: dev, shally.verma, ayuj.verma
On 10/11/2018 7:13 PM, Akash Saxena wrote:
> Add tmp buffer to pass to OpenSSL sign API and memcmp output with
> original plain text to verify signature match.
> Set op->status = RTE_CRYPO_OP_STATUS_ERROR on signature mismatch.
>
> Signed-off-by: Ayuj Verma <ayuj.verma@caviumnetworks.com>
> Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
> Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
> ---
> drivers/crypto/openssl/rte_openssl_pmd.c | 20 +++++++++++++-------
> 1 file changed, 13 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
> index 003116d..cc33fca 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -1843,6 +1843,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
> struct rte_crypto_asym_op *op = cop->asym;
> RSA *rsa = sess->u.r.rsa;
> uint32_t pad = (op->rsa.pad);
> + uint8_t *tmp;
> +
> + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
>
> switch (pad) {
> case RTE_CRYPTO_RSA_PKCS1_V1_5_BT0:
> @@ -1895,9 +1898,10 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
> break;
>
> case RTE_CRYPTO_ASYM_OP_VERIFY:
> + tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
> ret = RSA_public_decrypt(op->rsa.sign.length,
> op->rsa.sign.data,
> - op->rsa.sign.data,
> + tmp,
> rsa,
> pad);
Null checking of tmp is not done if rte_malloc fails. Please correct it.
>
> @@ -1905,13 +1909,15 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
> "Length of public_decrypt %d "
> "length of message %zd\n",
> ret, op->rsa.message.length);
> -
> - if (memcmp(op->rsa.sign.data, op->rsa.message.data,
> - op->rsa.message.length)) {
> - OPENSSL_LOG(ERR,
> - "RSA sign Verification failed");
> - return -1;
> + if (ret > 0) {
> + if (memcmp(tmp, op->rsa.message.data,
> + op->rsa.message.length)) {
> + OPENSSL_LOG(ERR,
> + "RSA sign Verification failed");
> + cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> + }
> }
> + rte_free(tmp);
> break;
>
> default:
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-dev] [PATCH v1 2/2] test/crypto: remove data verification at rsa verify operation
2018-10-11 13:43 ` [dpdk-dev] [PATCH v1 2/2] test/crypto: remove data verification at rsa " Akash Saxena
@ 2018-10-16 13:21 ` Akhil Goyal
2018-10-22 12:29 ` Verma, Shally
0 siblings, 1 reply; 8+ messages in thread
From: Akhil Goyal @ 2018-10-16 13:21 UTC (permalink / raw)
To: Akash Saxena, pablo.de.lara.guarch; +Cc: dev, shally.verma, ayuj.verma
On 10/11/2018 7:13 PM, Akash Saxena wrote:
> Change unit test app to check only for op->status =
> RTE_CRYPTO_OP_STATUS_SUCCESS/ERROR instead of calling rsa_verify().
>
> Signed-off-by: Ayuj Verma <ayuj.verma@caviumnetworks.com>
> Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
> ---
> test/test/test_cryptodev_asym.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/test/test/test_cryptodev_asym.c b/test/test/test_cryptodev_asym.c
> index 2fdfc1d..a899f99 100644
> --- a/test/test/test_cryptodev_asym.c
> +++ b/test/test/test_cryptodev_asym.c
> @@ -153,10 +153,13 @@ test_rsa_sign_verify(void)
> goto error_exit;
> }
> status = TEST_SUCCESS;
> - int ret = 0;
> - ret = rsa_verify(&rsaplaintext, result_op);
> - if (ret)
> + if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
> + RTE_LOG(ERR, USER1,
> + "line %u FAILED: %s",
> + __LINE__, "Failed to process asym crypto op");
> status = TEST_FAILED;
> + goto error_exit;
> + }
>
> error_exit:
>
What about test_rsa_enc_dec? Do you need to remove verify from that as well?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-dev] [PATCH v1 2/2] test/crypto: remove data verification at rsa verify operation
2018-10-16 13:21 ` Akhil Goyal
@ 2018-10-22 12:29 ` Verma, Shally
2018-10-24 13:09 ` Akhil Goyal
0 siblings, 1 reply; 8+ messages in thread
From: Verma, Shally @ 2018-10-22 12:29 UTC (permalink / raw)
To: Akhil Goyal, Saxena, Akash, pablo.de.lara.guarch; +Cc: dev, Verma, Ayuj
>-----Original Message-----
>From: dev <dev-bounces@dpdk.org> On Behalf Of Akhil Goyal
>Sent: 16 October 2018 18:51
>To: Saxena, Akash <Akash.Saxena@cavium.com>; pablo.de.lara.guarch@intel.com
>Cc: dev@dpdk.org; Verma, Shally <Shally.Verma@cavium.com>; Verma, Ayuj <Ayuj.Verma@cavium.com>
>Subject: Re: [dpdk-dev] [PATCH v1 2/2] test/crypto: remove data verification at rsa verify operation
>
>External Email
>
>On 10/11/2018 7:13 PM, Akash Saxena wrote:
>> Change unit test app to check only for op->status =
>> RTE_CRYPTO_OP_STATUS_SUCCESS/ERROR instead of calling rsa_verify().
>>
>> Signed-off-by: Ayuj Verma <ayuj.verma@caviumnetworks.com>
>> Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
>> ---
>> test/test/test_cryptodev_asym.c | 9 ++++++---
>> 1 file changed, 6 insertions(+), 3 deletions(-)
>>
>> diff --git a/test/test/test_cryptodev_asym.c b/test/test/test_cryptodev_asym.c
>> index 2fdfc1d..a899f99 100644
>> --- a/test/test/test_cryptodev_asym.c
>> +++ b/test/test/test_cryptodev_asym.c
>> @@ -153,10 +153,13 @@ test_rsa_sign_verify(void)
>> goto error_exit;
>> }
>> status = TEST_SUCCESS;
>> - int ret = 0;
>> - ret = rsa_verify(&rsaplaintext, result_op);
>> - if (ret)
>> + if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
>> + RTE_LOG(ERR, USER1,
>> + "line %u FAILED: %s",
>> + __LINE__, "Failed to process asym crypto op");
>> status = TEST_FAILED;
>> + goto error_exit;
>> + }
>>
>> error_exit:
>>
>What about test_rsa_enc_dec? Do you need to remove verify from that as well?
No. in case of enc_dec, PMD just return decrypted o/p so, app need to do cross-verify data.
In case of RSA_VERIFY OP PMD internally does memcmp of plaintext to decrypted o/p and ensure
Pass / fail. So, doing it again at app level is redundant.
Thanks
Shally
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [dpdk-dev] [PATCH v1 2/2] test/crypto: remove data verification at rsa verify operation
2018-10-22 12:29 ` Verma, Shally
@ 2018-10-24 13:09 ` Akhil Goyal
0 siblings, 0 replies; 8+ messages in thread
From: Akhil Goyal @ 2018-10-24 13:09 UTC (permalink / raw)
To: Verma, Shally, Saxena, Akash, pablo.de.lara.guarch; +Cc: dev, Verma, Ayuj
>>> @@ -153,10 +153,13 @@ test_rsa_sign_verify(void)
>>> goto error_exit;
>>> }
>>> status = TEST_SUCCESS;
>>> - int ret = 0;
>>> - ret = rsa_verify(&rsaplaintext, result_op);
>>> - if (ret)
>>> + if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
>>> + RTE_LOG(ERR, USER1,
>>> + "line %u FAILED: %s",
>>> + __LINE__, "Failed to process asym crypto op");
>>> status = TEST_FAILED;
>>> + goto error_exit;
>>> + }
>>>
>>> error_exit:
>>>
>> What about test_rsa_enc_dec? Do you need to remove verify from that as well?
> No. in case of enc_dec, PMD just return decrypted o/p so, app need to do cross-verify data.
> In case of RSA_VERIFY OP PMD internally does memcmp of plaintext to decrypted o/p and ensure
> Pass / fail. So, doing it again at app level is redundant.
Ok
> Thanks
> Shally
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2018-10-24 13:09 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-10-11 13:43 [dpdk-dev] [PATCH v1 0/2] Changes for RSA verify operation in OpenSSL PMD and unit tests Akash Saxena
2018-10-11 13:43 ` [dpdk-dev] [PATCH v1 1/2] crypto/openssl: changes for RSA verify operation Akash Saxena
2018-10-16 13:15 ` Akhil Goyal
2018-10-16 13:17 ` Akhil Goyal
2018-10-11 13:43 ` [dpdk-dev] [PATCH v1 2/2] test/crypto: remove data verification at rsa " Akash Saxena
2018-10-16 13:21 ` Akhil Goyal
2018-10-22 12:29 ` Verma, Shally
2018-10-24 13:09 ` Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).