uadk_provider: adapt rsa with several padding modes #251
Conversation
|
编译很多warning, 看下ci log uadk_prov_dh.c: In function 'uadk_keymgmt_dh_gen': |
For better code organization and maintainability, original RSA algorithm is splited into four functional components, including key generation, encryption/decryption, signing/verification, and public interface functions. Signed-off-by: lizhi <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
… padding modes Several utility functions are introduced to the RSA implementation. These functions are designed to adapt the existing RSA implementation to support multiple padding modes, enhancing the Extensibility of the cryptographic operations. Signed-off-by: lizhi <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
…padding modes Add support for RSA signature padding modes with OpenSSL provider mechanism, including RSA_X931_PADDING and RSA_PKCS1_PSS_PADDING. Test with: openssl dgst -sha256 -sign privkey.pem -sigopt rsa_padding_mode:x931 -out signature.bin message.txt openssl dgst -sha256 -verify pubkey.pem -sigopt rsa_padding_mode:x931 -signature signature.bin message.txt openssl dgst -sha256 -sign privkey.pem -sigopt rsa_padding_mode:pss -out signature.bin message.txt openssl dgst -sha256 -verify pubkey.pem -sigopt rsa_padding_mode:pss -signature signature.bin message.txt Signed-off-by: lizhi <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
…H_TLS padding modes Add support for RSA encryption padding modes with OpenSSL provider mechanism, including RSA_PKCS1_OAEP_PADDING and RSA_PKCS1_WITH_TLS_PADDING. Test with: openssl pkeyutl -encrypt -in test.txt -out encrypted.bin -pubin -inkey public.pem -pkeyopt rsa_padding_mode:oaep openssl pkeyutl -decrypt -in encrypted.bin -out decrypted.txt -inkey private.pem -pkeyopt rsa_padding_mode:oaep openssl s_server -provider uadk_provider -accept 4333 -cert server.pem -www -cipher AES256-SHA openssl s_client -provider uadk_provider -connect localhost:4333 Signed-off-by: lizhi <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
…obal variables Introduce global variables to cache hardware version, reducing repeated device queries. Signed-off-by: lizhi <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
Unified provider success and failure return values, and moved return value macros to uadk_prov.h for better consistency and maintainability. Signed-off-by: lizhi <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
uadk_engine will support some algorithms in the OpenSSL 3.0 scenario. Currently, the framework has adapted to some of these algorithms. However, when executing the SM3 algorithm, an error related to SM2 is reported. This is because OpenSSL 3.0 has removed SM2 from the engine scenario in methmods, causing the failure. A fix is needed. At the same time, the differences in the pkey_ctx structure between the two OpenSSL versions were resolved, enabling the engine to support the x25519 and x448 algorithms on OpenSSL 3.0. Signed-off-by: Zhushuai Yin <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
When creating new dh, set the flags from the method and call the initialization function. In addition, remove unnecessary parameter checks. Signed-off-by: Weili Qian <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
add some general optimization compilation options, security enhancement options, linker security options, etc. Signed-off-by: Zhushuai Yin <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
Delete several unused functions in asymmetric encryption algorithm to improve code clarity. Signed-off-by: lizhi <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
Fix a null pointer dereference bug in RSA X931 mode. Signed-off-by: lizhi <[email protected]> Signed-off-by: JiangShui Yang <[email protected]>
|
ok |
3 participants
Add support for multiple RSA padding modes with OpenSSL provider mechanism.
decryption.