Skip to content

Commit 4660ff0

Browse files
venkatesh6911Yogaraj-Alamenda
venkatesh6911
authored and
Yogaraj-Alamenda
committed
Fix OpenSSL SW fallback usecase for RSA provider sign and verify.
Signed-off-by: Venkatesh J <[email protected]>
1 parent 8927741 commit 4660ff0

File tree

1 file changed

+127
-32
lines changed

1 file changed

+127
-32
lines changed

qat_prov_sign_rsa.c

Lines changed: 127 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -484,6 +484,7 @@ int QAT_RSA_padding_add_PKCS1_PSS_mgf1(QAT_RSA *rsa, unsigned char *EM,
484484
* ASN.1 DigestInfo structure (unless the digest type is NID_md5_sha1), applies PKCS#1 v1.5
485485
* padding, and performs the RSA private key operation.
486486
*
487+
* @param prsactx Pointer to the provider RSA context.
487488
* @param type NID of the digest algorithm used (e.g., NID_sha256).
488489
* @param m Pointer to the message digest to sign.
489490
* @param m_len Length of the message digest.
@@ -493,8 +494,8 @@ int QAT_RSA_padding_add_PKCS1_PSS_mgf1(QAT_RSA *rsa, unsigned char *EM,
493494
*
494495
* @return 1 on success, 0 on failure.
495496
*/
496-
int QAT_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
497-
unsigned char *sigret, unsigned int *siglen,
497+
int QAT_RSA_sign(void *prsactx, int type, const unsigned char *m, unsigned int m_len,
498+
unsigned char *sigret, size_t *sigLen, size_t sigsize, unsigned int *siglen,
498499
QAT_RSA *rsa)
499500
{
500501
int encrypt_len, ret = 0;
@@ -525,8 +526,21 @@ int QAT_RSA_sign(int type, const unsigned char *m, unsigned int m_len,
525526
QATerr(ERR_LIB_RSA, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
526527
goto err;
527528
}
528-
encrypt_len = qat_rsa_private_encrypt((int)encoded_len, encoded, sigret, rsa,
529-
RSA_PKCS1_PADDING);
529+
530+
if (qat_hw_rsa_offload || qat_sw_rsa_offload) {
531+
encrypt_len = qat_rsa_private_encrypt((int)encoded_len, encoded, sigret,
532+
rsa, RSA_PKCS1_PADDING);
533+
} else {
534+
typedef int (*fun_ptr)(void *prsactx, unsigned char *sigret,
535+
size_t *sigLen, size_t sigsize,
536+
const unsigned char *m,
537+
size_t m_len);
538+
fun_ptr fun = get_default_rsa_signature().sign;
539+
if (!fun)
540+
goto err;
541+
return fun(prsactx, sigret, sigLen, sigsize, m, m_len);
542+
}
543+
530544
if (encrypt_len <= 0)
531545
goto err;
532546

@@ -544,7 +558,7 @@ static int rsa_sign_directly(QAT_PROV_RSA_CTX *prsactx, unsigned char *sig,
544558
{
545559
size_t rsasize = QAT_RSA_size(prsactx->rsa);
546560
size_t mdsize = rsa_get_md_size(prsactx);
547-
int ret;
561+
int ret = 0;
548562

549563
if (!qat_prov_is_running())
550564
return 0;
@@ -580,15 +594,28 @@ static int rsa_sign_directly(QAT_PROV_RSA_CTX *prsactx, unsigned char *sig,
580594
}
581595
memcpy(prsactx->tbuf, tbs, tbslen);
582596
prsactx->tbuf[tbslen] = RSA_X931_hash_id(prsactx->mdnid);
583-
ret = qat_rsa_private_encrypt(tbslen + 1, prsactx->tbuf,
584-
sig, prsactx->rsa, RSA_X931_PADDING);
597+
if (qat_hw_rsa_offload || qat_sw_rsa_offload) {
598+
ret = qat_rsa_private_encrypt(tbslen + 1, prsactx->tbuf,
599+
sig, prsactx->rsa,
600+
RSA_X931_PADDING);
601+
} else {
602+
typedef int (*fun_ptr)(void *prsactx, unsigned char *sig,
603+
size_t *siglen, size_t sigsize,
604+
const unsigned char *tbs,
605+
size_t tbslen);
606+
fun_ptr fun = get_default_rsa_signature().sign;
607+
if (!fun)
608+
return 0;
609+
return fun(prsactx, sig, siglen, sigsize, tbs, tbslen);
610+
}
585611
clean_tbuf(prsactx);
586612
break;
587613

588614
case RSA_PKCS1_PADDING:
589615
{
590-
unsigned int sltmp;
591-
ret = QAT_RSA_sign(prsactx->mdnid, tbs, tbslen, sig, &sltmp,
616+
unsigned int sltmp = 0;
617+
ret = QAT_RSA_sign(prsactx, prsactx->mdnid, tbs, tbslen, sig,
618+
siglen, sigsize, &sltmp,
592619
prsactx->rsa);
593620
if (ret <= 0) {
594621
QATerr(ERR_LIB_PROV, ERR_R_RSA_LIB);
@@ -600,7 +627,7 @@ static int rsa_sign_directly(QAT_PROV_RSA_CTX *prsactx, unsigned char *sig,
600627

601628
case RSA_PKCS1_PSS_PADDING:
602629
{
603-
int saltlen;
630+
int saltlen = -1;
604631

605632
if (rsa_pss_restricted(prsactx)) {
606633
switch (prsactx->saltlen) {
@@ -636,14 +663,15 @@ static int rsa_sign_directly(QAT_PROV_RSA_CTX *prsactx, unsigned char *sig,
636663
QATerr(ERR_LIB_PROV, ERR_R_RSA_LIB);
637664
return 0;
638665
}
639-
if (qat_hw_offload || qat_sw_offload) {
666+
if (qat_hw_rsa_offload || qat_sw_rsa_offload) {
640667
ret = qat_rsa_private_encrypt(RSA_size(prsactx->rsa), prsactx->tbuf,
641668
sig, prsactx->rsa, RSA_NO_PADDING);
642669
}
643670
else {
644671
typedef int (*fun_ptr)(void *prsactx, unsigned char *sig,
645672
size_t *siglen, size_t sigsize,
646-
const unsigned char *tbs, size_t tbslen);
673+
const unsigned char *tbs,
674+
size_t tbslen);
647675
fun_ptr fun = get_default_rsa_signature().sign;
648676
if (!fun)
649677
return 0;
@@ -659,13 +687,14 @@ static int rsa_sign_directly(QAT_PROV_RSA_CTX *prsactx, unsigned char *sig,
659687
return 0;
660688
}
661689
} else {
662-
if (qat_hw_offload || qat_sw_offload) {
690+
if (qat_hw_rsa_offload || qat_sw_rsa_offload) {
663691
ret = qat_rsa_private_encrypt(tbslen, tbs, sig, prsactx->rsa,
664692
prsactx->pad_mode);
665693
} else {
666694
typedef int (*fun_ptr)(void *prsactx, unsigned char *sig,
667695
size_t *siglen, size_t sigsize,
668-
const unsigned char *tbs, size_t tbslen);
696+
const unsigned char *tbs,
697+
size_t tbslen);
669698
fun_ptr fun = get_default_rsa_signature().sign;
670699
if (!fun)
671700
return 0;
@@ -1231,8 +1260,30 @@ static int digest_sz_from_nid(int nid)
12311260
}
12321261
}
12331262

1234-
int QAT_RSA_verify(int type, const unsigned char *m, unsigned int m_len,
1235-
unsigned char *rm, size_t *prm_len,
1263+
/**
1264+
* @brief Verifies an RSA signature using PKCS#1 v1.5 padding.
1265+
*
1266+
* This function verifies an RSA signature by decrypting the signature using the public key,
1267+
* reconstructing the expected encoded digest, and comparing it to the decrypted value.
1268+
* It supports special cases for MD5/SHA1 (TLS 1.1 and earlier) and MDC2 digests, as well as
1269+
* generic digest types. If the signature is valid, the function can optionally recover the
1270+
* original digest value.
1271+
*
1272+
* @param prsactx Pointer to the provider RSA context.
1273+
* @param type NID of the digest algorithm used (e.g., NID_sha256).
1274+
* @param m Pointer to the message digest to verify against.
1275+
* @param m_len Length of the message digest.
1276+
* @param rm Output buffer for the recovered digest (may be NULL if not needed).
1277+
* @param prm_len Pointer to a size_t to receive the length of the recovered digest (may be NULL).
1278+
* @param sigbuf Input buffer containing the signature to verify.
1279+
* @param siglen Length of the signature buffer.
1280+
* @param rsa Pointer to the QAT_RSA key structure.
1281+
*
1282+
* @return 1 on successful verification, 0 on failure.
1283+
*/
1284+
int QAT_RSA_verify(void *prsactx, int type, const unsigned char *m,
1285+
unsigned int m_len, unsigned char *rm,
1286+
size_t *prm_len,
12361287
const unsigned char *sigbuf,
12371288
size_t siglen, QAT_RSA *rsa)
12381289
{
@@ -1253,8 +1304,19 @@ int QAT_RSA_verify(int type, const unsigned char *m, unsigned int m_len,
12531304
goto err;
12541305
}
12551306

1256-
len = qat_rsa_public_decrypt((int)siglen, sigbuf, decrypt_buf, rsa,
1257-
RSA_PKCS1_PADDING);
1307+
if (qat_hw_rsa_offload || qat_sw_rsa_offload) {
1308+
len = qat_rsa_public_decrypt((int)siglen, sigbuf, decrypt_buf, rsa,
1309+
RSA_PKCS1_PADDING);
1310+
}
1311+
else {
1312+
typedef int (*fun_ptr)(void *prsactx, const unsigned char *sigbuf,
1313+
size_t siglen, const unsigned char *m,
1314+
size_t m_len);
1315+
fun_ptr fun = get_default_rsa_signature().verify;
1316+
if (!fun)
1317+
return 0;
1318+
return fun(prsactx, sigbuf, siglen, m, m_len);
1319+
}
12581320
if (len <= 0)
12591321
goto err;
12601322
decrypt_len = len;
@@ -1714,8 +1776,19 @@ static int qat_signature_rsa_verify_recover(void *vprsactx,
17141776
case RSA_X931_PADDING:
17151777
if (!setup_tbuf(prsactx))
17161778
return 0;
1717-
ret = qat_rsa_public_decrypt(siglen, sig, prsactx->tbuf, prsactx->rsa,
1718-
RSA_X931_PADDING);
1779+
if (qat_hw_rsa_offload || qat_sw_rsa_offload) {
1780+
ret = qat_rsa_public_decrypt(siglen, sig, prsactx->tbuf,
1781+
prsactx->rsa,
1782+
RSA_X931_PADDING);
1783+
} else {
1784+
typedef int (*fun_ptr)(void *prsactx, const unsigned char *sig,
1785+
size_t siglen, const unsigned char *tbs,
1786+
size_t tbslen);
1787+
fun_ptr fun = get_default_rsa_signature().verify;
1788+
if (!fun)
1789+
return 0;
1790+
return fun(prsactx, sig, siglen, NULL, 0);
1791+
}
17191792
if (ret < 1) {
17201793
QATerr(ERR_LIB_PROV, ERR_R_RSA_LIB);
17211794
return 0;
@@ -1745,8 +1818,8 @@ static int qat_signature_rsa_verify_recover(void *vprsactx,
17451818
case RSA_PKCS1_PADDING:
17461819
{
17471820
size_t sltmp;
1748-
ret = QAT_RSA_verify(prsactx->mdnid, NULL, 0, rout, &sltmp,
1749-
sig, siglen, prsactx->rsa);
1821+
ret = QAT_RSA_verify(prsactx, prsactx->mdnid, NULL, 0, rout, &sltmp,
1822+
sig, siglen, prsactx->rsa);
17501823
if (ret <= 0) {
17511824
QATerr(ERR_LIB_PROV, ERR_R_RSA_LIB);
17521825
return 0;
@@ -1761,9 +1834,20 @@ static int qat_signature_rsa_verify_recover(void *vprsactx,
17611834
return 0;
17621835
}
17631836
} else {
1764-
ret = qat_rsa_public_decrypt(siglen, sig, rout, prsactx->rsa,
1765-
prsactx->pad_mode);
1766-
if (ret < 0) {
1837+
if (qat_hw_rsa_offload || qat_sw_rsa_offload) {
1838+
ret = qat_rsa_public_decrypt(siglen, sig, rout, prsactx->rsa,
1839+
prsactx->pad_mode);
1840+
} else {
1841+
typedef int (*fun_ptr)(void *prsactx, const unsigned char *sig,
1842+
size_t siglen, const unsigned char *tbs,
1843+
size_t tbslen);
1844+
fun_ptr fun = get_default_rsa_signature().verify;
1845+
if (!fun)
1846+
return 0;
1847+
return fun(prsactx, sig, siglen, NULL, 0);
1848+
}
1849+
1850+
if (ret < 0) {
17671851
QATerr(ERR_LIB_PROV, ERR_R_RSA_LIB);
17681852
return 0;
17691853
}
@@ -1784,7 +1868,7 @@ static int rsa_verify_directly(QAT_PROV_RSA_CTX *prsactx,
17841868
if (prsactx->md != NULL) {
17851869
switch (prsactx->pad_mode) {
17861870
case RSA_PKCS1_PADDING:
1787-
if (!QAT_RSA_verify(prsactx->mdnid, tbs, tbslen, NULL, NULL,
1871+
if (!QAT_RSA_verify(prsactx, prsactx->mdnid, tbs, tbslen, NULL, NULL,
17881872
sig, siglen, prsactx->rsa)) {
17891873
QATerr(ERR_LIB_PROV, ERR_R_RSA_LIB);
17901874
goto end;
@@ -1800,8 +1884,8 @@ static int rsa_verify_directly(QAT_PROV_RSA_CTX *prsactx,
18001884
break;
18011885
case RSA_PKCS1_PSS_PADDING:
18021886
{
1803-
int ret;
1804-
int saltlen;
1887+
int ret = 0;
1888+
int saltlen = -1;
18051889
size_t mdsize;
18061890

18071891
mdsize = rsa_get_md_size(prsactx);
@@ -1813,8 +1897,19 @@ static int rsa_verify_directly(QAT_PROV_RSA_CTX *prsactx,
18131897

18141898
if (!setup_tbuf(prsactx))
18151899
goto end;
1816-
ret = qat_rsa_public_decrypt(siglen, sig, prsactx->tbuf,
1817-
prsactx->rsa, RSA_NO_PADDING);
1900+
if (qat_hw_rsa_offload || qat_sw_rsa_offload) {
1901+
ret = qat_rsa_public_decrypt(siglen, sig, prsactx->tbuf,
1902+
prsactx->rsa, RSA_NO_PADDING);
1903+
} else {
1904+
typedef int (*fun_ptr)(void *prsactx, const unsigned char *sig,
1905+
size_t siglen, const unsigned char *tbs,
1906+
size_t tbslen);
1907+
fun_ptr fun = get_default_rsa_signature().verify;
1908+
if (!fun)
1909+
return 0;
1910+
return fun(prsactx, sig, siglen, tbs, tbslen);
1911+
}
1912+
18181913
if (ret <= 0) {
18191914
QATerr(ERR_LIB_PROV, ERR_R_RSA_LIB);
18201915
goto end;
@@ -1835,11 +1930,11 @@ static int rsa_verify_directly(QAT_PROV_RSA_CTX *prsactx,
18351930
goto end;
18361931
}
18371932
} else {
1838-
int verify_ret;
1933+
int verify_ret = 0;
18391934

18401935
if (!setup_tbuf(prsactx))
18411936
goto end;
1842-
if (qat_hw_offload || qat_sw_offload) {
1937+
if (qat_hw_rsa_offload || qat_sw_rsa_offload) {
18431938
verify_ret = qat_rsa_public_decrypt(siglen, sig, prsactx->tbuf,
18441939
prsactx->rsa,
18451940
prsactx->pad_mode);

0 commit comments

Comments
 (0)