Hi all,
This is a continuation of thread we have had before but it would be easier when
new thread created.
Current RSA signature test takes as an input plaintext:
asym_op->rsa.message.data = rsaplaintext.data;
asym_op->rsa.message.length = rsaplaintext.len;
But we do not specify what input data provide should have.
Openssl implementation does
case RTE_CRYPTO_ASYM_OP_SIGN:
ret = RSA_private_encrypt(op->rsa.message.length,
But this function does not handle algorithmIdentifier
https://www.openssl.org/docs/manmaster/man3/RSA_private_encrypt.html
Which means that algorithIdentifier should be encoded together with message
digest,
Assuming rsaplaintext is a message digest created by SHA1.
Openssl PMD example:
Our plaintext (digest):
uint8_t input_2[] = { 0xf8, 0xba, 0x1a, 0x55, 0xd0, 0x2f, 0x85, 0xae,
0x96, 0x7b, 0xb6, 0x2f, 0xb6, 0xcd, 0xa8, 0xeb,
0x7e, 0x78, 0xa0, 0x50 };
Digest with DER prepended.
(RFC 8107 9.2 notes. 1)
uint8_t input[] = { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
0x02, 0x1a, 0x05, 0x00, 0x04, 0x14,
0xf8, 0xba, 0x1a, 0x55, 0xd0, 0x2f, 0x85, 0xae,
0x96, 0x7b, 0xb6, 0x2f, 0xb6, 0xcd, 0xa8, 0xeb,
0x7e, 0x78, 0xa0, 0x50 };
With these params both openssl functions below will return the same signature
(PKCS_1.5 is deterministic so it will be always the same)
RSA_private_encrypt( sizeof(input), input, op->rsa.sign.data, rsa, pad);
RSA_sign(NID_sha1, input_2, sizeof(input_2), output, (unsigned
int*)&op->rsa.sign.length, rsa );
Neither of these functions support PSS, so for openssl most probable way for
PSS would be something like:
- RSA_padding_add_PKCS1_PSS
- RSA_private_encrypt
And digest provided or created in openssl.
So the bottom line is:
rte_crypto_param message;
/**<
* Pointer to input data
* - to be encrypted for RSA public encrypt.
* - to be signed for RSA sign generation.
What we should say here (is it message, is it digest, is it in case pkcs1_5 der
+ digest)?
Regards,
Arek
