This commit adds example pkcs1 signature tests.
Signed-off-by: Arek Kusztal <arkadiuszx.kusz...@intel.com>
---
app/test/test_cryptodev_asym.c | 249 +++++++++++++++++++++++++++++--
drivers/crypto/openssl/rte_openssl_pmd.c | 34 ++++-
lib/cryptodev/rte_crypto_asym.h | 6 +-
3 files changed, 270 insertions(+), 19 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 71378cbdb2..512eb34377 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -15,6 +15,7 @@
#include <rte_cryptodev.h>
#include <rte_crypto.h>
+#include <openssl/rsa.h>
#include "test_cryptodev.h"
#include "test_cryptodev_dh_test_vectors.h"
@@ -163,6 +164,222 @@ queue_ops_rsa_sign_verify(void *sess)
return status;
}
+/* DPDK RFC RSA 22.07 */
+
+static uint8_t
+rsa_sign_pkcs_15_pt[] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+ 0x11, 0x12, 0x13, 0x14,
+};
+
+static uint8_t
+rsa_sign_pkcs_15_pt_sha256[] = {
+ 0xB1, 0xB2, 0xB3, 0xB4, 0xA1, 0xA2, 0xA3, 0xA4,
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+};
+
+static uint8_t
+rsa_sign_pkcs_15_padded[] = {
+ 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+};
+
+static uint8_t
+rsa_sign_pkcs_15_padded_digestinfo_sha1[] = {
+ 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x30, 0x21, 0x30,
+ 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
+ 0x05, 0x00, 0x04, 0x14, 0x01, 0x02, 0x03, 0x04,
+ 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14,
+};
+
+static uint8_t
+rsa_sign_pkcs_15_padded_digestinfo_sha256[] = {
+ 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x30, 0x31, 0x30,
+ 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+ 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20,
+ 0xB1, 0xB2, 0xB3, 0xB4, 0xA1, 0xA2, 0xA3, 0xA4,
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+};
+
+static void*
+rfc2207_rsa_sign_pkcs_15_sesscreat(void)
+{
+ struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+ struct rte_mempool *sess_mpool = ts_params->session_mpool;
+ uint8_t dev_id = ts_params->valid_devs[0];
+ static void *sess = NULL;
+ int ret;
+
+ if (sess)
+ return sess;
+ ret = rte_cryptodev_asym_session_create(dev_id, &rsa_xform, sess_mpool,
&sess);
+
+ if (ret < 0) {
+ RTE_LOG(ERR, USER1, "Session creation failed for "
+ "sign_verify\n");
+ return NULL;
+ }
+ return sess;
+}
+
+struct rfc2207_rsa_test_data
+{
+ enum rte_crypto_rsa_padding_type type;
+ rte_crypto_param input;
+ enum rte_crypto_auth_algorithm hash;
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_ssl23 = {
+ .type = RTE_CRYPTO_RSA_PADDING_SSL23,
+ .input.data = rsa_sign_pkcs_15_pt,
+ .input.length = sizeof(rsa_sign_pkcs_15_pt),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_ssl23_padded = {
+ .type = RTE_CRYPTO_RSA_PADDING_NONE,
+ .input.data = rsa_sign_pkcs_15_padded,
+ .input.length = sizeof(rsa_sign_pkcs_15_padded),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_pkcs15_sha1 = {
+ .type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
+ .hash = RTE_CRYPTO_AUTH_SHA1,
+ .input.data = rsa_sign_pkcs_15_pt,
+ .input.length = sizeof(rsa_sign_pkcs_15_pt),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_pkcs15_digestinfo_sha1 = {
+ .type = RTE_CRYPTO_RSA_PADDING_NONE,
+ .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha1,
+ .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha1),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_pkcs15_sha256 = {
+ .type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
+ .hash = RTE_CRYPTO_AUTH_SHA256,
+ .input.data = rsa_sign_pkcs_15_pt_sha256,
+ .input.length = sizeof(rsa_sign_pkcs_15_pt_sha256),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_pkcs15_digestinfo_sha256 = {
+ .type = RTE_CRYPTO_RSA_PADDING_NONE,
+ .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha256,
+ .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha256),
+};
+
+struct rfc2207_rsa_test_data
+rfc2207_rsa_test_data_pkcs15_oaep = {
+ .type = RTE_CRYPTO_RSA_PADDING_NONE,
+ .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha256,
+ .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha256),
+};
+
+static int
+rfc2207_rsa_sign_pkcs_15(const void *test_data)
+{
+ struct crypto_testsuite_params_asym *ts_params;
+ uint8_t dev_id;
+ struct rte_crypto_op *op, *result_op;
+ struct rte_crypto_asym_op *asym_op;
+ struct rte_mempool *op_mpool;
+ void *sess;
+ uint8_t result[TEST_DATA_SIZE];
+ const struct rfc2207_rsa_test_data *tdata = test_data;
+
+ ts_params = &testsuite_params;
+ dev_id = ts_params->valid_devs[0];
+ op_mpool = ts_params->op_mpool;
+ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+ if (op == NULL) {
+ RTE_LOG(ERR, USER1, "Failed to allocate asymmetric crypto "
+ "operation struct\n");
+ return TEST_FAILED;
+ }
+
+ sess = rfc2207_rsa_sign_pkcs_15_sesscreat();
+ if (sess == NULL) {
+ RTE_LOG(ERR, USER1, "Failed to allocate asymmetric crypto "
+ "operation struct\n");
+ return TEST_FAILED;
+ }
+
+ asym_op = op->asym;
+ asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
+ asym_op->rsa.padding.type = tdata->type;
+ asym_op->rsa.padding.hash = tdata->hash;
+ asym_op->rsa.input = tdata->input;
+ asym_op->rsa.output.data = result;
+
+ rte_crypto_op_attach_asym_session(op, sess);
+
+ /* Process crypto operation */
+ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+ RTE_LOG(ERR, USER1, "Error sending packet for encryption\n");
+ return -1;
+ }
+
+ while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+ rte_pause();
+
+ if (result_op == NULL) {
+ RTE_LOG(ERR, USER1, "Failed to process encryption op\n");
+ return -1;
+ }
+
+ printf("\nOutput len = %lu", asym_op->rsa.output.length);
+ rte_hexdump(stdout, "Signature", asym_op->rsa.output.data,
asym_op->rsa.output.length);
+
+ return 0;
+}
+
+/* !---! DPDK RFC RSA 22.07 */
+
static int
queue_ops_rsa_enc_dec(void *sess)
{
@@ -2147,20 +2364,32 @@ static struct unit_test_suite
cryptodev_openssl_asym_testsuite = {
.setup = testsuite_setup,
.teardown = testsuite_teardown,
.unit_test_cases = {
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_capability),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dsa),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_capability),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_dsa),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_dh_keygenration),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_rsa_enc_dec),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_rsa_sign_verify),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_rsa_enc_dec_crt),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_rsa_sign_verify_crt),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_inv),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp),
- TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_one_by_one),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_mod_inv),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_mod_exp),
+ TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym,
test_one_by_one),
+ TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_ssl23",
ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15,
&rfc2207_rsa_test_data_ssl23),
+
TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_ssl23_padded",
ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15,
&rfc2207_rsa_test_data_ssl23_padded),
+ TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_sha1",
ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15,
&rfc2207_rsa_test_data_pkcs15_sha1),
+
TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_digestinfo_sha1",
ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15,
&rfc2207_rsa_test_data_pkcs15_digestinfo_sha1),
+ TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_sha256",
ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15,
&rfc2207_rsa_test_data_pkcs15_sha256),
+
TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_digestinfo_sha256",
ut_setup_asym, ut_teardown_asym,
+ rfc2207_rsa_sign_pkcs_15,
&rfc2207_rsa_test_data_pkcs15_digestinfo_sha256),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
b/drivers/crypto/openssl/rte_openssl_pmd.c
index 45cee47c5d..32da143ea0 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1899,11 +1899,24 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
RSA *rsa = sess->u.r.rsa;
uint32_t pad = (op->rsa.padding.type);
uint8_t *tmp;
+ int sha;
+
+ switch (op->rsa.padding.hash) {
+ case RTE_CRYPTO_AUTH_SHA1:
+ sha = NID_sha1;
+ break;
+ case RTE_CRYPTO_AUTH_SHA256:
+ sha = NID_sha256;
+ break;
+ default:
+ sha = NID_sha1;
+ }
cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
switch (pad) {
case RTE_CRYPTO_RSA_PADDING_PKCS1_5:
+ case RTE_CRYPTO_RSA_PADDING_SSL23:
pad = RSA_PKCS1_PADDING;
break;
case RTE_CRYPTO_RSA_PADDING_NONE:
@@ -1941,13 +1954,20 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
break;
case RTE_CRYPTO_ASYM_OP_SIGN:
- ret = RSA_private_encrypt(op->rsa.input.length,
- op->rsa.input.data,
- op->rsa.output.data,
- rsa,
- pad);
- if (ret > 0)
- op->rsa.output.length = ret;
+ if (op->rsa.padding.type != RTE_CRYPTO_RSA_PADDING_PKCS1_5) {
+ ret = RSA_private_encrypt(op->rsa.input.length,
+ op->rsa.input.data,
+ op->rsa.output.data,
+ rsa,
+ pad);
+ if (ret > 0)
+ op->rsa.output.length = ret;
+ } else {
+ ret = RSA_sign(sha, op->rsa.input.data,
op->rsa.input.length,
+ op->rsa.output.data, (unsigned
int *)&op->rsa.output.length, rsa);
+ if (ret == 0)
+ ret = -1;
+ }
break;
case RTE_CRYPTO_ASYM_OP_VERIFY:
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 834e06b96b..b3906b08e3 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -149,6 +149,7 @@ enum rte_crypto_mgf {
/**
* Padding types for RSA signature.
*/
+ #define TEMP
enum rte_crypto_rsa_padding_type {
RTE_CRYPTO_RSA_PADDING_NONE = 0,
/**< RSA no padding scheme */
@@ -160,6 +161,7 @@ enum rte_crypto_rsa_padding_type {
/**< RSA PKCS#1 OAEP padding scheme */
RTE_CRYPTO_RSA_PADDING_PSS,
/**< RSA PKCS#1 PSS padding scheme */
+ TEMP RTE_CRYPTO_RSA_PADDING_SSL23,
RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
};
@@ -426,7 +428,7 @@ struct rte_crypto_rsa_op_param {
*
* If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
* input should only be used along with cryptographically
- * secure padding scheme. *
+ * secure padding scheme.
* If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
* RTE_CRYPTO_RSA_PADDING_PSS
* if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain
@@ -434,7 +436,7 @@ struct rte_crypto_rsa_op_param {
* the digest of the message to be signed.
*
* When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT:
- *
+ *
* Input shall contain previously encrypted RSA message.
*
* When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
--
2.13.6
