<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=Windows-1252"> </head> <body> <div dir="auto" style="color: rgb(33, 33, 33); background-color: rgb(255, 255, 255);"> Thanks for your response. Let me go through these details and will ping you in case of any query.<span></span></div> <div id="ms-outlook-mobile-signature" dir="auto"> <div><br> </div> Get <a href="https://aka.ms/AAb9ysg">Outlook for Android</a></div> <hr style="display:inline-block;width:98%" tabindex="-1"> <div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Ji, Kai <kai.ji@intel.com><br> <b>Sent:</b> Friday, April 1, 2022 7:20:52 PM<br> <b>To:</b> Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; ossama ahmed <ossamaahmedmughal@hotmail.com>; users@dpdk.org <users@dpdk.org><br> <b>Cc:</b> Zhang, Roy Fan <roy.fan.zhang@intel.com><br> <b>Subject:</b> RE: OpenSSL Crypto Poll Mode Driver</font> <div> </div> </div> <style>  </style> <div lang="EN-IE" link="blue" vlink="purple" style="word-wrap:break-word"> <div class="x_WordSection1"> <p class="x_MsoNormal">FYI: The support of Openssl 3.0 lib in Openssl cryptodev PMD is working in progress, the following API changes current made into RSA routine in PMD: </p> <p class="x_MsoNormal"> </p> <p class="x_MsoNormal"><span lang="EN-US">Deprecated RSA_private_encrypt() & RSA_public_decrypt() replaced with </span>EVP_PKEY_encrypt() & EVP_PKEY_decrypt() for rsa enc/dec ops</p> <p class="x_MsoNormal"><span lang="EN-US">Deprecated </span>RSA_sing() & RSA_verify() replaced with EVP_PKEY_sign() & EVP_PKEY_verify_recover() for rsa sign/verfy ops</p> <p class="x_MsoNormal"> </p> <p class="x_MsoNormal">The EVP APIs offer flexible configurations where digest algorithm/ padding can be defined. E.g:</p> <p class="x_MsoNormal"> </p> <p class="x_MsoNormal">EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) </p> <p class="x_MsoNormal">EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()</p> <p class="x_MsoNormal"> </p> <p class="x_MsoNormal">Regards</p> <p class="x_MsoNormal"> </p> <p class="x_MsoNormal">Kai </p> <p class="x_MsoNormal"> </p> <div style="border:none; border-left:solid blue 1.5pt; padding:0cm 0cm 0cm 4.0pt"> <div> <div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0cm 0cm 0cm"> <p class="x_MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com> <br> <b>Sent:</b> Friday, April 1, 2022 2:41 PM<br> <b>To:</b> ossama ahmed <ossamaahmedmughal@hotmail.com>; users@dpdk.org<br> <b>Cc:</b> Zhang, Roy Fan <roy.fan.zhang@intel.com>; Ji, Kai <kai.ji@intel.com><br> <b>Subject:</b> RE: OpenSSL Crypto Poll Mode Driver</span></p> </div> </div> <p class="x_MsoNormal"> </p> <p class="x_MsoNormal"><span lang="EN-US">Hi Ossama,</span></p> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> <p class="x_MsoNormal"><span lang="EN-US">Please see answers inline with [Arek]</span></p> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> <div style="border:none; border-left:solid blue 1.5pt; padding:0cm 0cm 0cm 4.0pt"> <div> <div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0cm 0cm 0cm"> <p class="x_MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> ossama ahmed <<a href="mailto:ossamaahmedmughal@hotmail.com">ossamaahmedmughal@hotmail.com</a>> <br> <b>Sent:</b> Friday, April 1, 2022 1:18 PM<br> <b>To:</b> <a href="mailto:users@dpdk.org">users@dpdk.org</a><br> <b>Subject:</b> Fw: OpenSSL Crypto Poll Mode Driver</span></p> </div> </div> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> <div> <p class="x_MsoNormal"><span lang="EN-US" style="font-size:12.0pt; color:black"> </span></p> </div> <div> <div> <p class="x_MsoNormal"><span lang="EN-US" style="font-size:12.0pt; color:black"> </span></p> </div> <div id="x_Signature"> <div> <p><span lang="EN-US">Sent from <a href="http://aka.ms/weboutlook">Outlook</a></span></p> </div> </div> </div> <div class="x_MsoNormal" align="center" style="text-align:center"><span lang="EN-US"> <hr size="2" width="98%" align="center"> </span></div> <div id="x_divRplyFwdMsg"> <p class="x_MsoNormal"><b><span lang="EN-US" style="color:black">From:</span></b><span lang="EN-US" style="color:black"> ossama ahmed<br> <b>Sent:</b> Friday, April 1, 2022 11:10 AM<br> <b>To:</b> <a href="mailto:users-request@dpdk.org">users-request@dpdk.org</a> <<a href="mailto:users-request@dpdk.org">users-request@dpdk.org</a>><br> <b>Subject:</b> OpenSSL Crypto Poll Mode Driver</span><span lang="EN-US"> </span> </p> <div> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> </div> </div> <div> <p class="x_MsoNormal"><span lang="EN-US">Hello, </span></p> <div> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US">I would like to highlight following issues in OpenSSL Crypto Poll Mode Driver and OpenSSL vdev related to RSA Sign and Verify operations.</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> </div> <blockquote style="margin-top:5.0pt; margin-bottom:5.0pt"> <div> <p class="x_MsoNormal"><u><span lang="EN-US">ISSUES:</span></u><span lang="EN-US"></span></p> </div> <blockquote style="margin-top:5.0pt; margin-bottom:5.0pt"> <div> <p class="x_MsoNormal"><b><span lang="EN-US">ISSUE1 (RSA_private_encrypt and RSA_public_decrypt)</span></b><span lang="EN-US"></span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US">With respect to <a href="https://www.openssl.org/docs/manmaster/man3/RSA_private_encrypt.html"> https://www.openssl.org/docs/manmaster/man3/RSA_private_encrypt.html</a> .Both of the functions are deprecated. Applications should instead use EVP_PKEY_sign_init_ex, EVP_PKEY_sign, EVP_PKEY_verify_recover_init, and EVP_PKEY_verify_recover.</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> </div> <p class="x_MsoNormal"><span lang="EN-US">Although I understand that due to compatibility reasons, DPDK is using native (in my case on Ubuntu 20.04.1 its 1.1.1f version of) OpenSSL but With respect</span></p> <p class="x_MsoNormal"><span lang="EN-US">to OpenSSL's version 1.1.1f APIs "RSA_private_encrypt" and "RSA_public_decrypt" but in case of RSA_PKCS1_PADDING it is recomended that when generating or verifying</span></p> <p class="x_MsoNormal"><span lang="EN-US">PKCS #1 signatures, RSA_sign(3) and RSA_verify(3) should be used.</span></p> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> <p class="x_MsoNormal"><b><span lang="EN-US">POSSIBLE SOLUTION</span></b><span lang="EN-US"></span></p> <p class="x_MsoNormal"><span lang="EN-US">1. Use RSA_sign, RSA_verify, EVP_DigestSignFinal, EVP_DigestSign etc instead.</span></p> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> <p class="x_MsoNormal"><span lang="EN-US">[Arek] – RSA_sign and RSA_verify are now deprecated too.</span></p> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> <p class="x_MsoNormal"><span lang="EN-US">2. Append algorithm identifier field to digest before signing. Details can be found in section EMSA-PKCS1-v1_5 availbel on <a href="https://datatracker.ietf.org/doc/html/rfc8017#section-9.2">https://datatracker.ietf.org/doc/html/rfc8017#section-9.2</a></span></p> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> <p class="x_MsoNormal"><span lang="EN-US">For example in case if RSA is using SHA256 for digest generation then DigestInfo value is:</span></p> <p class="x_MsoNormal"><span lang="EN-US">SHA-256: (0x)30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 || H where H is the digest of data</span></p> <p class="x_MsoNormal"><span lang="EN-US">Hence appropriate AIDs (i.e algorithm identifiers) must be appended to digest. Once this done then in case of RSA_PKCS1_PADDING, APIs RSA_private_encrypt and RSA_public_decrypt are compatible with RSA_sign, RSA_verify, EVP_DigestSignFinal, EVP_DigestSign and verify respectively.</span></p> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> <p class="x_MsoNormal"><span lang="EN-US">[Arek] – yes, you are perfectly correct, this Is general Cryptodev API problem. Proposals to fix that were sent already:</span></p> <p class="x_MsoNormal"><span lang="EN-US"><a href="https://patchwork.dpdk.org/project/dpdk/list/?series=22203">https://patchwork.dpdk.org/project/dpdk/list/?series=22203</a>. </span></p> <p class="x_MsoNormal"><span lang="EN-US">When PKCS1 we should not worry about algorithmIdentifier from user perspective, although there was an option to do PKCS1 padding without it too (pre tls1.2 PKCS1.5 padding was used with 36 bytes hash concatenation for example), discussion was started on dev mailing list. As for OpenSSL PMD simultaneously we are working to fix that.</span></p> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> <p class="x_MsoNormal"><b><span lang="EN-US">ISSUE2 (</span></b><b><span lang="EN-US" style="font-size:10.5pt; color:black; background:white">OpenSSL Crypto Poll Mode Driver vs RSA PSS Padding</span></b><b><span lang="EN-US">)</span></b><span lang="EN-US"></span></p> <div> <p class="x_MsoNormal"><span lang="EN-US">Current DPDK's OpenSSL Crypto Poll Mode Driver fails to verify signature generated using RSA PSS Padding. Also with respect to latest version of DPDK there is no handling available in OpenSSL Crypto Poll Mode Driver for RTE_CRYPTO_RSA_PADDING_PSS. Current implementation handles only RTE_CRYPTO_RSA_PADDING_NONE and</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US">RTE_CRYPTO_RSA_PADDING_PKCS1_5 for signing and verification.</span></p> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> <p class="x_MsoNormal"><span lang="EN-US">[Arek] – yes, PSS should be implemented too. Registration of openssl random engine should allow us to check known answer tests too not only PWCT, could you resend your proposal to dev list?</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US">1. EVP_DigestSignFinal, EVP_DigestSign etc instead.</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US">2. As coded in OpenSSL (crypto/rsa/rsa_pmeth.c +268):</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US">else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> int ret;</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> if (!setup_tbuf(rctx, ctx))</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> return -1;</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, RSA_NO_PADDING);</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> if (ret <= 0)</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> return 0;</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, rctx->md, rctx->mgf1md, rctx->tbuf, rctx->saltlen);</span></p> <p class="x_MsoNormal"><span lang="EN-US">[Arek] – whole openssl low level api is deprecated now, these functions as well so we wont be using it.</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> if (ret <= 0)</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> return 0;</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> return 1;</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> }</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US">However, in order to use above implementation changes are required in OpenSSL Crypto Poll Mode Driver (drivers/crypto/openssl/rte_openssl_pmd.c +1945) for example</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> case RTE_CRYPTO_ASYM_OP_VERIFY:</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> tmp = rte_malloc(NULL, op->rsa.sign.length, 0);</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> if (tmp == NULL) {</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> OPENSSL_LOG(ERR, "Memory allocation failed");</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> cop->status = RTE_CRYPTO_OP_STATUS_ERROR;</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> break;</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> }</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> ret = RSA_public_decrypt(op->rsa.sign.length,</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> op->rsa.sign.data,</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> tmp,</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> rsa,</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> pad);</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> OPENSSL_LOG(DEBUG,</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> "Length of public_decrypt %d "</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> "length of message %zd\n",</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> ret, op->rsa.message.length);</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> //FIXME</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> if(pad == RSA_NO_PADDING && ret) </span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> memcpy(op->rsa.message.data, tmp, op->rsa.sign.length);</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> else if ((ret <= 0) || (CRYPTO_memcmp(tmp, op->rsa.message.data,</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> op->rsa.message.length))) {</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> OPENSSL_LOG(ERR, "RSA sign Verification failed");</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> cop->status = RTE_CRYPTO_OP_STATUS_ERROR;</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> }</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> //FIXME</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> rte_free(tmp);</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> break;</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> </span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US"> Complete details are availble in section 8.1.2 of <a href="https://datatracker.ietf.org/doc/html/rfc8017#section-8.1.2">https://datatracker.ietf.org/doc/html/rfc8017#section-8.1.2</a></span></p> </div> </blockquote> </blockquote> <div> <p class="x_MsoNormal"><span lang="EN-US" style="font-size:12.0pt; color:black"> </span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US" style="font-size:12.0pt; color:black"> </span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US" style="font-size:12.0pt; color:black">I have handled the above mentioned issues in DPDK using my own custom implementation. I would love to share details if required for further clarification</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US" style="font-size:12.0pt; color:black"> </span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US" style="font-size:12.0pt; color:black">Regards,</span></p> </div> <div> <p class="x_MsoNormal"><span lang="EN-US" style="font-size:12.0pt; color:black">Ossama Ahmed Mughal</span></p> </div> <div> <div id="x_x_Signature"> <div> <p><span lang="EN-US"> </span></p> </div> </div> </div> </div> </div> </div> </div> </div> </body> </html>