uadk_provider: adapt rsa with several padding modes #250
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
|
可方便直接push到master,现在master上有ci,我再sync到devel |
For better code organization and maintainability, original RSA algorithm is splited into four functional components, including key generation, encryption/decryption, signing/verification, and public interface functions. Signed-off-by: lizhi <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
… padding modes Several utility functions are introduced to the RSA implementation. These functions are designed to adapt the existing RSA implementation to support multiple padding modes, enhancing the Extensibility of the cryptographic operations. Signed-off-by: lizhi <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
…padding modes Add support for RSA signature padding modes with OpenSSL provider mechanism, including RSA_X931_PADDING and RSA_PKCS1_PSS_PADDING. Test with: openssl dgst -sha256 -sign privkey.pem -sigopt rsa_padding_mode:x931 -out signature.bin message.txt openssl dgst -sha256 -verify pubkey.pem -sigopt rsa_padding_mode:x931 -signature signature.bin message.txt openssl dgst -sha256 -sign privkey.pem -sigopt rsa_padding_mode:pss -out signature.bin message.txt openssl dgst -sha256 -verify pubkey.pem -sigopt rsa_padding_mode:pss -signature signature.bin message.txt Signed-off-by: lizhi <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
…H_TLS padding modes Add support for RSA encryption padding modes with OpenSSL provider mechanism, including RSA_PKCS1_OAEP_PADDING and RSA_PKCS1_WITH_TLS_PADDING. Test with: openssl pkeyutl -encrypt -in test.txt -out encrypted.bin -pubin -inkey public.pem -pkeyopt rsa_padding_mode:oaep openssl pkeyutl -decrypt -in encrypted.bin -out decrypted.txt -inkey private.pem -pkeyopt rsa_padding_mode:oaep openssl s_server -provider uadk_provider -accept 4333 -cert server.pem -www -cipher AES256-SHA openssl s_client -provider uadk_provider -connect localhost:4333 Signed-off-by: lizhi <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
…obal variables Introduce global variables to cache hardware version, reducing repeated device queries. Signed-off-by: lizhi <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
Unified provider success and failure return values, and moved return value macros to uadk_prov.h for better consistency and maintainability. Signed-off-by: lizhi <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
uadk_engine will support some algorithms in the OpenSSL 3.0 scenario. Currently, the framework has adapted to some of these algorithms. However, when executing the SM3 algorithm, an error related to SM2 is reported. This is because OpenSSL 3.0 has removed SM2 from the engine scenario in methmods, causing the failure. A fix is needed. At the same time, the differences in the pkey_ctx structure between the two OpenSSL versions were resolved, enabling the engine to support the x25519 and x448 algorithms on OpenSSL 3.0. Signed-off-by: Zhushuai Yin <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
When creating new dh, set the flags from the method and call the initialization function. In addition, remove unnecessary parameter checks. Signed-off-by: Weili Qian <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
add some general optimization compilation options, security enhancement options, linker security options, etc. Signed-off-by: Zhushuai Yin <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
Delete several unused functions in asymmetric encryption algorithm to improve code clarity. Signed-off-by: lizhi <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
Fix a null pointer dereference bug in RSA X931 mode. Signed-off-by: lizhi <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support for multiple RSA padding modes with OpenSSL provider mechanism.
decryption.