From patchwork Tue Mar 22 08:11:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 108798 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 09019A04FF; Tue, 22 Mar 2022 09:11:48 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id F0334427EE; Tue, 22 Mar 2022 09:11:47 +0100 (CET) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mails.dpdk.org (Postfix) with ESMTP id 2F568410E5 for ; Tue, 22 Mar 2022 09:11:46 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647936706; x=1679472706; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=+zG2R8oJTWBuUQx3Zb0JjHcukYuR8mYxSL9NVut4+Fo=; b=mllH5ouLt4SVmli7aoaT/V0dhG74dtbGVlT3GtFjIAMcwU7cZd4Q0yz8 wLevy4w5rJsxpM9z00KmcdVWtCozZJF87rPO/SY0lCJCCBG4XF1dRvfaR yJ6sIN5h3ENSm7ZXpUIAIauHf6ExfPIUclFqMhIK/mrlbbvc/pNGL8Ede Bogp/DfrufPef+aB+M1yo7s511vqNtV/SjMMTkORWbp1iXeeFwOePbf70 neWkN/mAbZT9zusmqhyuri25aSn8zzp1M4oxCLZY0R7l84rVkJI+KW3H1 35ZC3k9k2/r56NLBBsFcgxLEEcYruodXEANPyY/dF6XHh18usADpGj1t/ g==; X-IronPort-AV: E=McAfee;i="6200,9189,10293"; a="255321320" X-IronPort-AV: E=Sophos;i="5.90,201,1643702400"; d="scan'208";a="255321320" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Mar 2022 01:11:40 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,201,1643702400"; d="scan'208";a="716833634" Received: from silpixa00400308.ir.intel.com ([10.237.214.95]) by orsmga005.jf.intel.com with ESMTP; 22 Mar 2022 01:11:38 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, anoobj@marvell.com, Arek Kusztal Subject: [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa Date: Tue, 22 Mar 2022 08:11:28 +0000 Message-Id: <20220322081128.23733-2-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220322081128.23733-1-arkadiuszx.kusztal@intel.com> References: <20220322081128.23733-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org This commit adds example pkcs1 signature tests. Signed-off-by: Arek Kusztal --- app/test/test_cryptodev_asym.c | 249 +++++++++++++++++++++++++++++-- drivers/crypto/openssl/rte_openssl_pmd.c | 34 ++++- lib/cryptodev/rte_crypto_asym.h | 6 +- 3 files changed, 270 insertions(+), 19 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index 71378cbdb2..512eb34377 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -15,6 +15,7 @@ #include #include +#include #include "test_cryptodev.h" #include "test_cryptodev_dh_test_vectors.h" @@ -163,6 +164,222 @@ queue_ops_rsa_sign_verify(void *sess) return status; } +/* DPDK RFC RSA 22.07 */ + +static uint8_t +rsa_sign_pkcs_15_pt[] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, + 0x11, 0x12, 0x13, 0x14, +}; + +static uint8_t +rsa_sign_pkcs_15_pt_sha256[] = { + 0xB1, 0xB2, 0xB3, 0xB4, 0xA1, 0xA2, 0xA3, 0xA4, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, +}; + +static uint8_t +rsa_sign_pkcs_15_padded[] = { + 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, + 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, +}; + +static uint8_t +rsa_sign_pkcs_15_padded_digestinfo_sha1[] = { + 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x30, 0x21, 0x30, + 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, + 0x05, 0x00, 0x04, 0x14, 0x01, 0x02, 0x03, 0x04, + 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, +}; + +static uint8_t +rsa_sign_pkcs_15_padded_digestinfo_sha256[] = { + 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x30, 0x31, 0x30, + 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, + 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20, + 0xB1, 0xB2, 0xB3, 0xB4, 0xA1, 0xA2, 0xA3, 0xA4, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, +}; + +static void* +rfc2207_rsa_sign_pkcs_15_sesscreat(void) +{ + struct crypto_testsuite_params_asym *ts_params = &testsuite_params; + struct rte_mempool *sess_mpool = ts_params->session_mpool; + uint8_t dev_id = ts_params->valid_devs[0]; + static void *sess = NULL; + int ret; + + if (sess) + return sess; + ret = rte_cryptodev_asym_session_create(dev_id, &rsa_xform, sess_mpool, &sess); + + if (ret < 0) { + RTE_LOG(ERR, USER1, "Session creation failed for " + "sign_verify\n"); + return NULL; + } + return sess; +} + +struct rfc2207_rsa_test_data +{ + enum rte_crypto_rsa_padding_type type; + rte_crypto_param input; + enum rte_crypto_auth_algorithm hash; +}; + +struct rfc2207_rsa_test_data +rfc2207_rsa_test_data_ssl23 = { + .type = RTE_CRYPTO_RSA_PADDING_SSL23, + .input.data = rsa_sign_pkcs_15_pt, + .input.length = sizeof(rsa_sign_pkcs_15_pt), +}; + +struct rfc2207_rsa_test_data +rfc2207_rsa_test_data_ssl23_padded = { + .type = RTE_CRYPTO_RSA_PADDING_NONE, + .input.data = rsa_sign_pkcs_15_padded, + .input.length = sizeof(rsa_sign_pkcs_15_padded), +}; + +struct rfc2207_rsa_test_data +rfc2207_rsa_test_data_pkcs15_sha1 = { + .type = RTE_CRYPTO_RSA_PADDING_PKCS1_5, + .hash = RTE_CRYPTO_AUTH_SHA1, + .input.data = rsa_sign_pkcs_15_pt, + .input.length = sizeof(rsa_sign_pkcs_15_pt), +}; + +struct rfc2207_rsa_test_data +rfc2207_rsa_test_data_pkcs15_digestinfo_sha1 = { + .type = RTE_CRYPTO_RSA_PADDING_NONE, + .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha1, + .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha1), +}; + +struct rfc2207_rsa_test_data +rfc2207_rsa_test_data_pkcs15_sha256 = { + .type = RTE_CRYPTO_RSA_PADDING_PKCS1_5, + .hash = RTE_CRYPTO_AUTH_SHA256, + .input.data = rsa_sign_pkcs_15_pt_sha256, + .input.length = sizeof(rsa_sign_pkcs_15_pt_sha256), +}; + +struct rfc2207_rsa_test_data +rfc2207_rsa_test_data_pkcs15_digestinfo_sha256 = { + .type = RTE_CRYPTO_RSA_PADDING_NONE, + .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha256, + .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha256), +}; + +struct rfc2207_rsa_test_data +rfc2207_rsa_test_data_pkcs15_oaep = { + .type = RTE_CRYPTO_RSA_PADDING_NONE, + .input.data = rsa_sign_pkcs_15_padded_digestinfo_sha256, + .input.length = sizeof(rsa_sign_pkcs_15_padded_digestinfo_sha256), +}; + +static int +rfc2207_rsa_sign_pkcs_15(const void *test_data) +{ + struct crypto_testsuite_params_asym *ts_params; + uint8_t dev_id; + struct rte_crypto_op *op, *result_op; + struct rte_crypto_asym_op *asym_op; + struct rte_mempool *op_mpool; + void *sess; + uint8_t result[TEST_DATA_SIZE]; + const struct rfc2207_rsa_test_data *tdata = test_data; + + ts_params = &testsuite_params; + dev_id = ts_params->valid_devs[0]; + op_mpool = ts_params->op_mpool; + op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC); + if (op == NULL) { + RTE_LOG(ERR, USER1, "Failed to allocate asymmetric crypto " + "operation struct\n"); + return TEST_FAILED; + } + + sess = rfc2207_rsa_sign_pkcs_15_sesscreat(); + if (sess == NULL) { + RTE_LOG(ERR, USER1, "Failed to allocate asymmetric crypto " + "operation struct\n"); + return TEST_FAILED; + } + + asym_op = op->asym; + asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN; + asym_op->rsa.padding.type = tdata->type; + asym_op->rsa.padding.hash = tdata->hash; + asym_op->rsa.input = tdata->input; + asym_op->rsa.output.data = result; + + rte_crypto_op_attach_asym_session(op, sess); + + /* Process crypto operation */ + if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { + RTE_LOG(ERR, USER1, "Error sending packet for encryption\n"); + return -1; + } + + while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0) + rte_pause(); + + if (result_op == NULL) { + RTE_LOG(ERR, USER1, "Failed to process encryption op\n"); + return -1; + } + + printf("\nOutput len = %lu", asym_op->rsa.output.length); + rte_hexdump(stdout, "Signature", asym_op->rsa.output.data, asym_op->rsa.output.length); + + return 0; +} + +/* !---! DPDK RFC RSA 22.07 */ + static int queue_ops_rsa_enc_dec(void *sess) { @@ -2147,20 +2364,32 @@ static struct unit_test_suite cryptodev_openssl_asym_testsuite = { .setup = testsuite_setup, .teardown = testsuite_teardown, .unit_test_cases = { - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_capability), - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_dsa), - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_capability), + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_dsa), + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_dh_keygenration), - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec), - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec), + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_rsa_sign_verify), - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec_crt), - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_rsa_sign_verify_crt), - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_inv), - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp), - TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_one_by_one), + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_mod_inv), + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_mod_exp), + TEST_CASE_ST_DISABLED(ut_setup_asym, ut_teardown_asym, test_one_by_one), + TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_ssl23", ut_setup_asym, ut_teardown_asym, + rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_ssl23), + TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_ssl23_padded", ut_setup_asym, ut_teardown_asym, + rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_ssl23_padded), + TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_sha1", ut_setup_asym, ut_teardown_asym, + rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_pkcs15_sha1), + TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_digestinfo_sha1", ut_setup_asym, ut_teardown_asym, + rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_pkcs15_digestinfo_sha1), + TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_sha256", ut_setup_asym, ut_teardown_asym, + rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_pkcs15_sha256), + TEST_CASE_NAMED_WITH_DATA("rfc2207_rsa_sign_pkcs_15_digestinfo_sha256", ut_setup_asym, ut_teardown_asym, + rfc2207_rsa_sign_pkcs_15, &rfc2207_rsa_test_data_pkcs15_digestinfo_sha256), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 45cee47c5d..32da143ea0 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1899,11 +1899,24 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, RSA *rsa = sess->u.r.rsa; uint32_t pad = (op->rsa.padding.type); uint8_t *tmp; + int sha; + + switch (op->rsa.padding.hash) { + case RTE_CRYPTO_AUTH_SHA1: + sha = NID_sha1; + break; + case RTE_CRYPTO_AUTH_SHA256: + sha = NID_sha256; + break; + default: + sha = NID_sha1; + } cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; switch (pad) { case RTE_CRYPTO_RSA_PADDING_PKCS1_5: + case RTE_CRYPTO_RSA_PADDING_SSL23: pad = RSA_PKCS1_PADDING; break; case RTE_CRYPTO_RSA_PADDING_NONE: @@ -1941,13 +1954,20 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, break; case RTE_CRYPTO_ASYM_OP_SIGN: - ret = RSA_private_encrypt(op->rsa.input.length, - op->rsa.input.data, - op->rsa.output.data, - rsa, - pad); - if (ret > 0) - op->rsa.output.length = ret; + if (op->rsa.padding.type != RTE_CRYPTO_RSA_PADDING_PKCS1_5) { + ret = RSA_private_encrypt(op->rsa.input.length, + op->rsa.input.data, + op->rsa.output.data, + rsa, + pad); + if (ret > 0) + op->rsa.output.length = ret; + } else { + ret = RSA_sign(sha, op->rsa.input.data, op->rsa.input.length, + op->rsa.output.data, (unsigned int *)&op->rsa.output.length, rsa); + if (ret == 0) + ret = -1; + } break; case RTE_CRYPTO_ASYM_OP_VERIFY: diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 834e06b96b..b3906b08e3 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -149,6 +149,7 @@ enum rte_crypto_mgf { /** * Padding types for RSA signature. */ + #define TEMP enum rte_crypto_rsa_padding_type { RTE_CRYPTO_RSA_PADDING_NONE = 0, /**< RSA no padding scheme */ @@ -160,6 +161,7 @@ enum rte_crypto_rsa_padding_type { /**< RSA PKCS#1 OAEP padding scheme */ RTE_CRYPTO_RSA_PADDING_PSS, /**< RSA PKCS#1 PSS padding scheme */ + TEMP RTE_CRYPTO_RSA_PADDING_SSL23, RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END }; @@ -426,7 +428,7 @@ struct rte_crypto_rsa_op_param { * * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE * input should only be used along with cryptographically - * secure padding scheme. * + * secure padding scheme. * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or * RTE_CRYPTO_RSA_PADDING_PSS * if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain @@ -434,7 +436,7 @@ struct rte_crypto_rsa_op_param { * the digest of the message to be signed. * * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT: - * + * * Input shall contain previously encrypted RSA message. * * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY: