[dpdk-dev] [EXT] [PATCH v3 05/11] cryptodev: add information about message format when signing with RSA

Kusztal, ArkadiuszX arkadiuszx.kusztal at intel.com
Wed Jul 17 12:26:28 CEST 2019

Previous message: [dpdk-dev] [EXT] [PATCH v3 05/11] cryptodev: add information about message format when signing with RSA
Next message: [dpdk-dev] [PATCH v3 06/11] cryptodev: remove RSA PKCS1 BT0 padding
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


> -----Original Message-----
> From: Shally Verma [mailto:shallyv at marvell.com]
> Sent: Wednesday, July 17, 2019 12:08 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal at intel.com>; dev at dpdk.org
> Cc: akhil.goyal at nxp.com; Trahe, Fiona <fiona.trahe at intel.com>
> Subject: RE: [EXT] [PATCH v3 05/11] cryptodev: add information about
> message format when signing with RSA
> 
> 
> 
> > -----Original Message-----
> > From: Arek Kusztal <arkadiuszx.kusztal at intel.com>
> > Sent: Wednesday, July 17, 2019 12:23 AM
> > To: dev at dpdk.org
> > Cc: akhil.goyal at nxp.com; fiona.trahe at intel.com; Shally Verma
> > <shallyv at marvell.com>; Arek Kusztal <arkadiuszx.kusztal at intel.com>
> > Subject: [EXT] [PATCH v3 05/11] cryptodev: add information about
> > message format when signing with RSA
> >
> > External Email
> >
> > ----------------------------------------------------------------------
> > This patch adds information about format of the message should have
> > before sending it to the signing operation when using RSA algorithm.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal at intel.com>
> > ---
> >  lib/librte_cryptodev/rte_crypto_asym.h | 9 +++++++++
> >  1 file changed, 9 insertions(+)
> >
> > diff --git a/lib/librte_cryptodev/rte_crypto_asym.h
> > b/lib/librte_cryptodev/rte_crypto_asym.h
> > index 16c86c9..ad484de 100644
> > --- a/lib/librte_cryptodev/rte_crypto_asym.h
> > +++ b/lib/librte_cryptodev/rte_crypto_asym.h
> > @@ -408,6 +408,15 @@ struct rte_crypto_rsa_op_param {
> >  	 * When RTE_CRYPTO_ASYM_OP_DECRYPT op_type used length in
> bytes
> >  	 * of this field needs to be greater or equal to the length of
> >  	 * corresponding RSA key in bytes.
> > +	 *
> > +	 * When RTE_CRYPTO_ASYM_OP_SIGN op_type used and following
> > padding
> > +	 * type:
> > +	 * - padding PKCS1_5:
> > +	 * data provided should contain `algorithmIdentifier` in DER encoded
> > +	 * format concatenated with message digest (as per spec rfc8017 9.2)
> [Shally] I have reservations here and I think I asked this before too. For
> PKCSV1.5, Currently there it only support output format as defined RSASP1
> section 5.2.1 . Means PMD does not apply EMSA-PKCS1-v1_5-ENCODE (M,
> emLen) defined in rfc8017 Sec 9.2 which includes applying hash on input
> message and other things. So, Are we extending spec here ?

1) It is to the contrary what we have in only test case we got for RSA signature, as we set padding:
	asym_op->rsa.sign.data = output_buf;
	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
But current openssl pmd implementation does not create digest nor adds DER. So user needs to pass it.

It can be only RSASP1 but only with PADDING_NONE selected, and in this case full padding would have to be provided.


2) We cannot extend as we do not specify really in here, there is no information what data format user should provide.


> 
> > +	 * - padding PSS
> > +	 * data provided should contain message digest of the message
> > +	 * to be signed
> >  	 */
> >
> >
> > --
> > 2.1.0

Previous message: [dpdk-dev] [EXT] [PATCH v3 05/11] cryptodev: add information about message format when signing with RSA
Next message: [dpdk-dev] [PATCH v3 06/11] cryptodev: remove RSA PKCS1 BT0 padding
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list