* [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT
@ 2019-10-22 14:04 Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 1/5] crypto/qat: add sessionless implementation to asym pmd Arek Kusztal
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: Arek Kusztal @ 2019-10-22 14:04 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, Arek Kusztal
This patchset adds session-less option, RSA algorithm, RSA-CRT algorithm
to Intel QuickAssist Technology PMD. It also adds session-less test cases
for those algorithms.
Test case for RSA signature with no padding will be sent in a later patch.
[1]crypto/qat: add sessionless implementation to asym pmd
- this patch adds sessionless option to QAT, already implemented
algorithms MOD EXP and MOD INV can be used with sessionless
[2]crypto/qat: add rsa implementation to asym pmd
- this patch adds option to use RSA with exponent private key
pair (n,d)
[3]crypto/qat: add rsa crt implementation to asym pmd
- this patch adds CRT option to RSA, to improve performance of
decryption and creating of signature
v4:
- fixed compilation issue
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Arek Kusztal (5):
crypto/qat: add sessionless implementation to asym pmd
crypto/qat: add rsa implementation to asym pmd
crypto/qat: add rsa crt implementation to asym pmd
test/crypto: add sessionless to asymmetric mod exp
test/crypto: add rsa tests to qat and openssl with no padding
app/test/test_cryptodev_asym.c | 207 +++++--
app/test/test_cryptodev_rsa_test_vectors.h | 226 ++++++++
doc/guides/cryptodevs/features/qat.ini | 4 +
doc/guides/cryptodevs/qat.rst | 1 +
doc/guides/rel_notes/release_19_11.rst | 8 +
.../qat/qat_adf/qat_pke_functionality_arrays.h | 27 +
drivers/crypto/qat/qat_asym.c | 634 ++++++++++++++++-----
drivers/crypto/qat/qat_asym.h | 29 +-
drivers/crypto/qat/qat_asym_capabilities.h | 21 +
drivers/crypto/qat/qat_asym_pmd.c | 5 +-
10 files changed, 972 insertions(+), 190 deletions(-)
--
2.1.0
^ permalink raw reply [flat|nested] 7+ messages in thread
* [dpdk-dev] [PATCH v4 1/5] crypto/qat: add sessionless implementation to asym pmd
2019-10-22 14:04 [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Arek Kusztal
@ 2019-10-22 14:04 ` Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 2/5] crypto/qat: add rsa " Arek Kusztal
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Arek Kusztal @ 2019-10-22 14:04 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, Arek Kusztal
This patch adds option to use asymmetric crypto pmd with
session-less support.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
doc/guides/cryptodevs/features/qat.ini | 1 +
doc/guides/rel_notes/release_19_11.rst | 4 +
drivers/crypto/qat/qat_asym.c | 328 ++++++++++++++++++++-------------
drivers/crypto/qat/qat_asym.h | 26 +--
drivers/crypto/qat/qat_asym_pmd.c | 3 +-
5 files changed, 208 insertions(+), 154 deletions(-)
diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini
index 0832e59..cef8015 100644
--- a/doc/guides/cryptodevs/features/qat.ini
+++ b/doc/guides/cryptodevs/features/qat.ini
@@ -13,6 +13,7 @@ OOP SGL In LB Out = Y
OOP LB In SGL Out = Y
OOP LB In LB Out = Y
Digest encrypted = Y
+Asymmetric sessionless = Y
;
; Supported crypto algorithms of the 'qat' crypto driver.
diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
index 066bb3c..a96d567 100644
--- a/doc/guides/rel_notes/release_19_11.rst
+++ b/doc/guides/rel_notes/release_19_11.rst
@@ -152,6 +152,10 @@ New Features
Added eBPF JIT support for arm64 architecture to improve the eBPF program
performance.
+* **Updated the Intel QuickAssist Technology (QAT) asymmetric crypto PMD.**
+
+ Added support for asymmetric session-less operations.
+
Removed Items
-------------
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 4ddb0e5..1145425 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -26,38 +26,23 @@ static int qat_asym_get_sz_and_func_id(const uint32_t arr[][2],
return -1;
}
-static void qat_asym_build_req_tmpl(void *sess_private_data,
- struct rte_crypto_asym_xform *xform)
+static inline void qat_fill_req_tmpl(struct icp_qat_fw_pke_request *qat_req)
{
-
- struct icp_qat_fw_pke_request *qat_req;
- struct qat_asym_session *session = sess_private_data;
-
- qat_req = &session->req_tmpl;
memset(qat_req, 0, sizeof(*qat_req));
qat_req->pke_hdr.service_type = ICP_QAT_FW_COMN_REQ_CPM_FW_PKE;
qat_req->pke_hdr.hdr_flags =
ICP_QAT_FW_COMN_HDR_FLAGS_BUILD
(ICP_QAT_FW_COMN_REQ_FLAG_SET);
- qat_req->pke_hdr.comn_req_flags = 0;
- qat_req->pke_hdr.resrvd1 = 0;
- qat_req->pke_hdr.resrvd2 = 0;
- qat_req->pke_hdr.kpt_mask = 0;
- qat_req->pke_hdr.kpt_rn_mask = 0;
- qat_req->pke_hdr.cd_pars.content_desc_addr = 0;
- qat_req->pke_hdr.cd_pars.content_desc_resrvd = 0;
- qat_req->resrvd1 = 0;
- qat_req->resrvd2 = 0;
- qat_req->next_req_adr = 0;
+}
- if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODEX) {
- qat_req->output_param_count = 1;
- qat_req->input_param_count = 3;
- } else if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODINV) {
- qat_req->output_param_count = 1;
- qat_req->input_param_count = 2;
- }
+static inline void qat_asym_build_req_tmpl(void *sess_private_data)
+{
+ struct icp_qat_fw_pke_request *qat_req;
+ struct qat_asym_session *session = sess_private_data;
+
+ qat_req = &session->req_tmpl;
+ qat_fill_req_tmpl(qat_req);
}
static size_t max_of(int n, ...)
@@ -90,6 +75,19 @@ static void qat_clear_arrays(struct qat_asym_op_cookie *cookie,
memset(cookie->output_array[i], 0x0, out_size);
}
+static void qat_clear_arrays_by_alg(struct qat_asym_op_cookie *cookie,
+ enum rte_crypto_asym_xform_type alg, int in_size, int out_size)
+{
+ if (alg == RTE_CRYPTO_ASYM_XFORM_MODEX)
+ qat_clear_arrays(cookie, QAT_ASYM_MODEXP_NUM_IN_PARAMS,
+ QAT_ASYM_MODEXP_NUM_OUT_PARAMS, in_size,
+ out_size);
+ else if (alg == RTE_CRYPTO_ASYM_XFORM_MODINV)
+ qat_clear_arrays(cookie, QAT_ASYM_MODINV_NUM_IN_PARAMS,
+ QAT_ASYM_MODINV_NUM_OUT_PARAMS, in_size,
+ out_size);
+}
+
static int qat_asym_check_nonzero(rte_crypto_param n)
{
if (n.length < 8) {
@@ -103,7 +101,7 @@ static int qat_asym_check_nonzero(rte_crypto_param n)
if (n.data[i] != 0x0)
break;
if (i == n.length - 1)
- return QAT_ASYM_ERROR_INVALID_PARAM;
+ return -(EINVAL);
}
} else if (*(uint64_t *)&n.data[
n.length - 8] == 0) {
@@ -114,57 +112,40 @@ static int qat_asym_check_nonzero(rte_crypto_param n)
if (n.data[i] != 0x0)
break;
if (i == n.length - 8)
- return QAT_ASYM_ERROR_INVALID_PARAM;
+ return -(EINVAL);
}
return 0;
}
-int
-qat_asym_build_request(void *in_op,
- uint8_t *out_msg,
- void *op_cookie,
- __rte_unused enum qat_device_gen qat_dev_gen)
+static int
+qat_asym_fill_arrays(struct rte_crypto_asym_op *asym_op,
+ struct icp_qat_fw_pke_request *qat_req,
+ struct qat_asym_op_cookie *cookie,
+ struct rte_crypto_asym_xform *xform)
{
- struct qat_asym_session *ctx;
- struct rte_crypto_op *op = (struct rte_crypto_op *)in_op;
- struct rte_crypto_asym_op *asym_op = op->asym;
- struct icp_qat_fw_pke_request *qat_req =
- (struct icp_qat_fw_pke_request *)out_msg;
- struct qat_asym_op_cookie *cookie =
- (struct qat_asym_op_cookie *)op_cookie;
-
- uint64_t err = 0;
+ int err = 0;
size_t alg_size;
size_t alg_size_in_bytes;
- uint32_t func_id;
-
- ctx = (struct qat_asym_session *)get_asym_session_private_data(
- op->asym->session, cryptodev_qat_asym_driver_id);
- rte_mov64((uint8_t *)qat_req, (const uint8_t *)&(ctx->req_tmpl));
- qat_req->pke_mid.opaque = (uint64_t)(uintptr_t)op;
-
- qat_req->pke_mid.src_data_addr = cookie->input_addr;
- qat_req->pke_mid.dest_data_addr = cookie->output_addr;
+ uint32_t func_id = 0;
- if (ctx->alg == QAT_PKE_MODEXP) {
- err = qat_asym_check_nonzero(ctx->sess_alg_params.mod_exp.n);
+ if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODEX) {
+ err = qat_asym_check_nonzero(xform->modex.modulus);
if (err) {
QAT_LOG(ERR, "Empty modulus in modular exponentiation,"
" aborting this operation");
- goto error;
+ return err;
}
alg_size_in_bytes = max_of(3, asym_op->modex.base.length,
- ctx->sess_alg_params.mod_exp.e.length,
- ctx->sess_alg_params.mod_exp.n.length);
+ xform->modex.exponent.length,
+ xform->modex.modulus.length);
alg_size = alg_size_in_bytes << 3;
if (qat_asym_get_sz_and_func_id(MOD_EXP_SIZE,
sizeof(MOD_EXP_SIZE)/sizeof(*MOD_EXP_SIZE),
&alg_size, &func_id)) {
- err = QAT_ASYM_ERROR_INVALID_PARAM;
- goto error;
+ return -(EINVAL);
}
alg_size_in_bytes = alg_size >> 3;
@@ -173,54 +154,54 @@ qat_asym_build_request(void *in_op,
, asym_op->modex.base.data,
asym_op->modex.base.length);
rte_memcpy(cookie->input_array[1] + alg_size_in_bytes -
- ctx->sess_alg_params.mod_exp.e.length
- , ctx->sess_alg_params.mod_exp.e.data,
- ctx->sess_alg_params.mod_exp.e.length);
+ xform->modex.exponent.length
+ , xform->modex.exponent.data,
+ xform->modex.exponent.length);
rte_memcpy(cookie->input_array[2] + alg_size_in_bytes -
- ctx->sess_alg_params.mod_exp.n.length,
- ctx->sess_alg_params.mod_exp.n.data,
- ctx->sess_alg_params.mod_exp.n.length);
+ xform->modex.modulus.length,
+ xform->modex.modulus.data,
+ xform->modex.modulus.length);
cookie->alg_size = alg_size;
qat_req->pke_hdr.cd_pars.func_id = func_id;
+ qat_req->input_param_count = QAT_ASYM_MODEXP_NUM_IN_PARAMS;
+ qat_req->output_param_count = QAT_ASYM_MODEXP_NUM_OUT_PARAMS;
#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
- QAT_DP_HEXDUMP_LOG(DEBUG, "base",
+ QAT_DP_HEXDUMP_LOG(DEBUG, "ModExp base",
cookie->input_array[0],
alg_size_in_bytes);
- QAT_DP_HEXDUMP_LOG(DEBUG, "exponent",
+ QAT_DP_HEXDUMP_LOG(DEBUG, "ModExp exponent",
cookie->input_array[1],
alg_size_in_bytes);
- QAT_DP_HEXDUMP_LOG(DEBUG, "modulus",
+ QAT_DP_HEXDUMP_LOG(DEBUG, " ModExpmodulus",
cookie->input_array[2],
alg_size_in_bytes);
#endif
- } else if (ctx->alg == QAT_PKE_MODINV) {
- err = qat_asym_check_nonzero(ctx->sess_alg_params.mod_inv.n);
+ } else if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODINV) {
+ err = qat_asym_check_nonzero(xform->modinv.modulus);
if (err) {
QAT_LOG(ERR, "Empty modulus in modular multiplicative"
" inverse, aborting this operation");
- goto error;
+ return err;
}
alg_size_in_bytes = max_of(2, asym_op->modinv.base.length,
- ctx->sess_alg_params.mod_inv.n.length);
+ xform->modinv.modulus.length);
alg_size = alg_size_in_bytes << 3;
- if (ctx->sess_alg_params.mod_inv.n.data[
- ctx->sess_alg_params.mod_inv.n.length - 1] & 0x01) {
+ if (xform->modinv.modulus.data[
+ xform->modinv.modulus.length - 1] & 0x01) {
if (qat_asym_get_sz_and_func_id(MOD_INV_IDS_ODD,
sizeof(MOD_INV_IDS_ODD)/
sizeof(*MOD_INV_IDS_ODD),
&alg_size, &func_id)) {
- err = QAT_ASYM_ERROR_INVALID_PARAM;
- goto error;
+ return -(EINVAL);
}
} else {
if (qat_asym_get_sz_and_func_id(MOD_INV_IDS_EVEN,
sizeof(MOD_INV_IDS_EVEN)/
sizeof(*MOD_INV_IDS_EVEN),
&alg_size, &func_id)) {
- err = QAT_ASYM_ERROR_INVALID_PARAM;
- goto error;
+ return -(EINVAL);
}
}
@@ -230,27 +211,93 @@ qat_asym_build_request(void *in_op,
, asym_op->modinv.base.data,
asym_op->modinv.base.length);
rte_memcpy(cookie->input_array[1] + alg_size_in_bytes -
- ctx->sess_alg_params.mod_inv.n.length
- , ctx->sess_alg_params.mod_inv.n.data,
- ctx->sess_alg_params.mod_inv.n.length);
+ xform->modinv.modulus.length
+ , xform->modinv.modulus.data,
+ xform->modinv.modulus.length);
cookie->alg_size = alg_size;
qat_req->pke_hdr.cd_pars.func_id = func_id;
+ qat_req->input_param_count =
+ QAT_ASYM_MODINV_NUM_IN_PARAMS;
+ qat_req->output_param_count =
+ QAT_ASYM_MODINV_NUM_OUT_PARAMS;
#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
- QAT_DP_HEXDUMP_LOG(DEBUG, "base",
+ QAT_DP_HEXDUMP_LOG(DEBUG, "ModInv base",
cookie->input_array[0],
alg_size_in_bytes);
- QAT_DP_HEXDUMP_LOG(DEBUG, "modulus",
+ QAT_DP_HEXDUMP_LOG(DEBUG, "ModInv modulus",
cookie->input_array[1],
alg_size_in_bytes);
#endif
+ } else {
+ QAT_LOG(ERR, "Invalid asymmetric crypto xform");
+ return -(EINVAL);
+ }
+ return 0;
+}
+
+int
+qat_asym_build_request(void *in_op,
+ uint8_t *out_msg,
+ void *op_cookie,
+ __rte_unused enum qat_device_gen qat_dev_gen)
+{
+ struct qat_asym_session *ctx;
+ struct rte_crypto_op *op = (struct rte_crypto_op *)in_op;
+ struct rte_crypto_asym_op *asym_op = op->asym;
+ struct icp_qat_fw_pke_request *qat_req =
+ (struct icp_qat_fw_pke_request *)out_msg;
+ struct qat_asym_op_cookie *cookie =
+ (struct qat_asym_op_cookie *)op_cookie;
+ int err = 0;
+
+ op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+ if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+ ctx = (struct qat_asym_session *)
+ get_asym_session_private_data(
+ op->asym->session, cryptodev_qat_asym_driver_id);
+ if (unlikely(ctx == NULL)) {
+ QAT_LOG(ERR, "Session has not been created for this device");
+ goto error;
+ }
+ rte_mov64((uint8_t *)qat_req, (const uint8_t *)&(ctx->req_tmpl));
+ err = qat_asym_fill_arrays(asym_op, qat_req, cookie, ctx->xform);
+ if (err) {
+ op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+ goto error;
+ }
+ } else if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
+ qat_fill_req_tmpl(qat_req);
+ err = qat_asym_fill_arrays(asym_op, qat_req, cookie,
+ op->asym->xform);
+ if (err) {
+ op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+ goto error;
+ }
+ } else {
+ QAT_DP_LOG(ERR, "Invalid session/xform settings");
+ op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+ goto error;
}
+ qat_req->pke_mid.opaque = (uint64_t)(uintptr_t)op;
+ qat_req->pke_mid.src_data_addr = cookie->input_addr;
+ qat_req->pke_mid.dest_data_addr = cookie->output_addr;
+
#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
QAT_DP_HEXDUMP_LOG(DEBUG, "qat_req:", qat_req,
sizeof(struct icp_qat_fw_pke_request));
#endif
+
return 0;
error:
+
+ qat_req->pke_mid.opaque = (uint64_t)(uintptr_t)op;
+
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "qat_req:", qat_req,
+ sizeof(struct icp_qat_fw_pke_request));
+#endif
+
qat_req->output_param_count = 0;
qat_req->input_param_count = 0;
qat_req->pke_hdr.service_type = ICP_QAT_FW_COMN_REQ_NULL;
@@ -259,42 +306,16 @@ qat_asym_build_request(void *in_op,
return 0;
}
-void
-qat_asym_process_response(void **op, uint8_t *resp,
- void *op_cookie)
+static void qat_asym_collect_response(struct rte_crypto_op *rx_op,
+ struct qat_asym_op_cookie *cookie,
+ struct rte_crypto_asym_xform *xform)
{
- struct qat_asym_session *ctx;
- struct icp_qat_fw_pke_resp *resp_msg =
- (struct icp_qat_fw_pke_resp *)resp;
- struct rte_crypto_op *rx_op = (struct rte_crypto_op *)(uintptr_t)
- (resp_msg->opaque);
+ size_t alg_size, alg_size_in_bytes = 0;
struct rte_crypto_asym_op *asym_op = rx_op->asym;
- struct qat_asym_op_cookie *cookie = op_cookie;
- size_t alg_size, alg_size_in_bytes;
-
- ctx = (struct qat_asym_session *)get_asym_session_private_data(
- rx_op->asym->session, cryptodev_qat_asym_driver_id);
-
- *op = rx_op;
- rx_op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
- if (cookie->error) {
- cookie->error = 0;
- rx_op->status = RTE_CRYPTO_OP_STATUS_ERROR;
- QAT_DP_LOG(ERR, "Cookie status returned error");
- } else {
- if (ICP_QAT_FW_PKE_RESP_PKE_STAT_GET(
- resp_msg->pke_resp_hdr.resp_status.pke_resp_flags)) {
- rx_op->status = RTE_CRYPTO_OP_STATUS_ERROR;
- QAT_DP_LOG(ERR, "Asymmetric response status returned error");
- }
- if (resp_msg->pke_resp_hdr.resp_status.comn_err_code) {
- rx_op->status = RTE_CRYPTO_OP_STATUS_ERROR;
- QAT_DP_LOG(ERR, "Asymmetric common status returned error");
- }
- }
+ if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODEX) {
+ rte_crypto_param n = xform->modex.modulus;
- if (ctx->alg == QAT_PKE_MODEXP) {
alg_size = cookie->alg_size;
alg_size_in_bytes = alg_size >> 3;
uint8_t *modexp_result = asym_op->modex.result.data;
@@ -302,42 +323,83 @@ qat_asym_process_response(void **op, uint8_t *resp,
if (rx_op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED) {
rte_memcpy(modexp_result +
(asym_op->modex.result.length -
- ctx->sess_alg_params.mod_exp.n.length),
+ n.length),
cookie->output_array[0] + alg_size_in_bytes
- - ctx->sess_alg_params.mod_exp.n.length,
- ctx->sess_alg_params.mod_exp.n.length
+ - n.length, n.length
);
rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
- QAT_DP_HEXDUMP_LOG(DEBUG, "modexp_result",
+ QAT_DP_HEXDUMP_LOG(DEBUG, "ModExp result",
cookie->output_array[0],
alg_size_in_bytes);
+
#endif
}
- qat_clear_arrays(cookie, 3, 1, alg_size_in_bytes,
- alg_size_in_bytes);
- } else if (ctx->alg == QAT_PKE_MODINV) {
+ } else if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODINV) {
+ rte_crypto_param n = xform->modinv.modulus;
+
alg_size = cookie->alg_size;
alg_size_in_bytes = alg_size >> 3;
uint8_t *modinv_result = asym_op->modinv.result.data;
if (rx_op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED) {
rte_memcpy(modinv_result + (asym_op->modinv.result.length
- - ctx->sess_alg_params.mod_inv.n.length),
+ - n.length),
cookie->output_array[0] + alg_size_in_bytes
- - ctx->sess_alg_params.mod_inv.n.length,
- ctx->sess_alg_params.mod_inv.n.length);
+ - n.length, n.length);
rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
- QAT_DP_HEXDUMP_LOG(DEBUG, "modinv_result",
+ QAT_DP_HEXDUMP_LOG(DEBUG, "ModInv result",
cookie->output_array[0],
alg_size_in_bytes);
#endif
}
- qat_clear_arrays(cookie, 2, 1, alg_size_in_bytes,
+ }
+ qat_clear_arrays_by_alg(cookie, xform->xform_type, alg_size_in_bytes,
alg_size_in_bytes);
+}
+
+void
+qat_asym_process_response(void **op, uint8_t *resp,
+ void *op_cookie)
+{
+ struct qat_asym_session *ctx;
+ struct icp_qat_fw_pke_resp *resp_msg =
+ (struct icp_qat_fw_pke_resp *)resp;
+ struct rte_crypto_op *rx_op = (struct rte_crypto_op *)(uintptr_t)
+ (resp_msg->opaque);
+ struct qat_asym_op_cookie *cookie = op_cookie;
+
+ if (cookie->error) {
+ cookie->error = 0;
+ if (rx_op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
+ rx_op->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ QAT_DP_LOG(ERR, "Cookie status returned error");
+ } else {
+ if (ICP_QAT_FW_PKE_RESP_PKE_STAT_GET(
+ resp_msg->pke_resp_hdr.resp_status.pke_resp_flags)) {
+ if (rx_op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
+ rx_op->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ QAT_DP_LOG(ERR, "Asymmetric response status"
+ " returned error");
+ }
+ if (resp_msg->pke_resp_hdr.resp_status.comn_err_code) {
+ if (rx_op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
+ rx_op->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ QAT_DP_LOG(ERR, "Asymmetric common status"
+ " returned error");
+ }
}
+ if (rx_op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+ ctx = (struct qat_asym_session *)get_asym_session_private_data(
+ rx_op->asym->session, cryptodev_qat_asym_driver_id);
+ qat_asym_collect_response(rx_op, cookie, ctx->xform);
+ } else if (rx_op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
+ qat_asym_collect_response(rx_op, cookie, rx_op->asym->xform);
+ }
+ *op = rx_op;
+
#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
QAT_DP_HEXDUMP_LOG(DEBUG, "resp_msg:", resp_msg,
sizeof(struct icp_qat_fw_pke_resp));
@@ -362,10 +424,6 @@ qat_asym_session_configure(struct rte_cryptodev *dev,
session = sess_private_data;
if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODEX) {
- session->sess_alg_params.mod_exp.e = xform->modex.exponent;
- session->sess_alg_params.mod_exp.n = xform->modex.modulus;
- session->alg = QAT_PKE_MODEXP;
-
if (xform->modex.exponent.length == 0 ||
xform->modex.modulus.length == 0) {
QAT_LOG(ERR, "Invalid mod exp input parameter");
@@ -373,20 +431,24 @@ qat_asym_session_configure(struct rte_cryptodev *dev,
goto error;
}
} else if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODINV) {
- session->sess_alg_params.mod_inv.n = xform->modinv.modulus;
- session->alg = QAT_PKE_MODINV;
-
if (xform->modinv.modulus.length == 0) {
QAT_LOG(ERR, "Invalid mod inv input parameter");
err = -EINVAL;
goto error;
}
- } else {
+ } else if (xform->xform_type >= RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
+ || xform->xform_type <= RTE_CRYPTO_ASYM_XFORM_NONE) {
QAT_LOG(ERR, "Invalid asymmetric crypto xform");
err = -EINVAL;
goto error;
+ } else {
+ QAT_LOG(ERR, "Asymmetric crypto xform not implemented");
+ err = -EINVAL;
+ goto error;
}
- qat_asym_build_req_tmpl(sess_private_data, xform);
+
+ session->xform = xform;
+ qat_asym_build_req_tmpl(sess_private_data);
set_asym_session_private_data(sess, dev->driver_id,
sess_private_data);
diff --git a/drivers/crypto/qat/qat_asym.h b/drivers/crypto/qat/qat_asym.h
index ce4839b..2959b07 100644
--- a/drivers/crypto/qat/qat_asym.h
+++ b/drivers/crypto/qat/qat_asym.h
@@ -17,7 +17,11 @@ typedef uint64_t large_int_ptr;
#define QAT_PKE_MAX_LN_SIZE 512
#define _PKE_ALIGN_ __attribute__((__aligned__(8)))
-#define QAT_ASYM_ERROR_INVALID_PARAM 0x01
+#define QAT_ASYM_MAX_PARAMS 8
+#define QAT_ASYM_MODINV_NUM_IN_PARAMS 2
+#define QAT_ASYM_MODINV_NUM_OUT_PARAMS 1
+#define QAT_ASYM_MODEXP_NUM_IN_PARAMS 3
+#define QAT_ASYM_MODEXP_NUM_OUT_PARAMS 1
struct qat_asym_op_cookie {
size_t alg_size;
@@ -33,27 +37,9 @@ struct qat_asym_op_cookie {
uint8_t output_array[MAX_PKE_PARAMS][QAT_PKE_MAX_LN_SIZE] _PKE_ALIGN_;
} _PKE_ALIGN_;
-enum qat_asym_alg {
- QAT_PKE_RSA,
- QAT_PKE_DH,
- QAT_PKE_DSA,
- QAT_PKE_MODEXP,
- QAT_PKE_MODINV,
-};
-
struct qat_asym_session {
- enum qat_asym_alg alg;
struct icp_qat_fw_pke_request req_tmpl;
- uint64_t flags;
- union {
- struct {
- rte_crypto_param n;
- rte_crypto_param e;
- } mod_exp;
- struct {
- rte_crypto_param n;
- } mod_inv;
- } sess_alg_params;
+ struct rte_crypto_asym_xform *xform;
};
int
diff --git a/drivers/crypto/qat/qat_asym_pmd.c b/drivers/crypto/qat/qat_asym_pmd.c
index c999799..71fd709 100644
--- a/drivers/crypto/qat/qat_asym_pmd.c
+++ b/drivers/crypto/qat/qat_asym_pmd.c
@@ -270,7 +270,8 @@ qat_asym_dev_create(struct qat_pci_device *qat_pci_dev)
cryptodev->dequeue_burst = qat_asym_pmd_dequeue_op_burst;
cryptodev->feature_flags = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
- RTE_CRYPTODEV_FF_HW_ACCELERATED;
+ RTE_CRYPTODEV_FF_HW_ACCELERATED |
+ RTE_CRYPTODEV_FF_ASYM_SESSIONLESS;
internals = cryptodev->data->dev_private;
internals->qat_dev = qat_pci_dev;
qat_pci_dev->asym_dev = internals;
--
2.1.0
^ permalink raw reply [flat|nested] 7+ messages in thread
* [dpdk-dev] [PATCH v4 2/5] crypto/qat: add rsa implementation to asym pmd
2019-10-22 14:04 [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 1/5] crypto/qat: add sessionless implementation to asym pmd Arek Kusztal
@ 2019-10-22 14:04 ` Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 3/5] crypto/qat: add rsa crt " Arek Kusztal
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Arek Kusztal @ 2019-10-22 14:04 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, Arek Kusztal
This commit adds rsa algorithm to asymmetric pmd
using pair (n, d) private key
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
doc/guides/cryptodevs/features/qat.ini | 2 +
doc/guides/cryptodevs/qat.rst | 1 +
doc/guides/rel_notes/release_19_11.rst | 2 +
.../qat/qat_adf/qat_pke_functionality_arrays.h | 18 ++
drivers/crypto/qat/qat_asym.c | 252 ++++++++++++++++++++-
drivers/crypto/qat/qat_asym.h | 2 +
drivers/crypto/qat/qat_asym_capabilities.h | 21 ++
drivers/crypto/qat/qat_asym_pmd.c | 3 +-
8 files changed, 299 insertions(+), 2 deletions(-)
diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini
index cef8015..374b523 100644
--- a/doc/guides/cryptodevs/features/qat.ini
+++ b/doc/guides/cryptodevs/features/qat.ini
@@ -14,6 +14,7 @@ OOP LB In SGL Out = Y
OOP LB In LB Out = Y
Digest encrypted = Y
Asymmetric sessionless = Y
+RSA PRIV OP KEY EXP = Y
;
; Supported crypto algorithms of the 'qat' crypto driver.
@@ -71,3 +72,4 @@ AES CCM (256) = Y
[Asymmetric]
Modular Exponentiation = Y
Modular Inversion = Y
+RSA = Y
diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
index ad685a7..8630e27 100644
--- a/doc/guides/cryptodevs/qat.rst
+++ b/doc/guides/cryptodevs/qat.rst
@@ -134,6 +134,7 @@ Limitations
* Big integers longer than 4096 bits are not supported.
* Queue pairs are not thread-safe (that is, within a single queue pair, RX and TX from different lcores is not supported).
+* RSA-2560, RSA-3584 are not supported
.. _building_qat:
diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
index a96d567..8603de7 100644
--- a/doc/guides/rel_notes/release_19_11.rst
+++ b/doc/guides/rel_notes/release_19_11.rst
@@ -156,6 +156,8 @@ New Features
Added support for asymmetric session-less operations.
+ Added support for RSA algorithm with pair (n, d) private key representation.
+
Removed Items
-------------
diff --git a/drivers/common/qat/qat_adf/qat_pke_functionality_arrays.h b/drivers/common/qat/qat_adf/qat_pke_functionality_arrays.h
index 8adf209..3e40b86 100644
--- a/drivers/common/qat/qat_adf/qat_pke_functionality_arrays.h
+++ b/drivers/common/qat/qat_adf/qat_pke_functionality_arrays.h
@@ -49,4 +49,22 @@ static const uint32_t MOD_INV_IDS_EVEN[][2] = {
{ 4096, MATHS_MODINV_EVEN_L4096 },
};
+static const uint32_t RSA_ENC_IDS[][2] = {
+ { 512, PKE_RSA_EP_512 },
+ { 1024, PKE_RSA_EP_1024 },
+ { 1536, PKE_RSA_EP_1536 },
+ { 2048, PKE_RSA_EP_2048 },
+ { 3072, PKE_RSA_EP_3072 },
+ { 4096, PKE_RSA_EP_4096 },
+};
+
+static const uint32_t RSA_DEC_IDS[][2] = {
+ { 512, PKE_RSA_DP1_512 },
+ { 1024, PKE_RSA_DP1_1024 },
+ { 1536, PKE_RSA_DP1_1536 },
+ { 2048, PKE_RSA_DP1_2048 },
+ { 3072, PKE_RSA_DP1_3072 },
+ { 4096, PKE_RSA_DP1_4096 },
+};
+
#endif
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 1145425..070feb9 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -228,6 +228,171 @@ qat_asym_fill_arrays(struct rte_crypto_asym_op *asym_op,
cookie->input_array[1],
alg_size_in_bytes);
#endif
+ } else if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_RSA) {
+ err = qat_asym_check_nonzero(xform->rsa.n);
+ if (err) {
+ QAT_LOG(ERR, "Empty modulus in RSA"
+ " inverse, aborting this operation");
+ return err;
+ }
+
+ alg_size_in_bytes = xform->rsa.n.length;
+ alg_size = alg_size_in_bytes << 3;
+
+ qat_req->input_param_count =
+ QAT_ASYM_RSA_NUM_IN_PARAMS;
+ qat_req->output_param_count =
+ QAT_ASYM_RSA_NUM_OUT_PARAMS;
+
+ if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT ||
+ asym_op->rsa.op_type ==
+ RTE_CRYPTO_ASYM_OP_VERIFY) {
+
+ if (qat_asym_get_sz_and_func_id(RSA_ENC_IDS,
+ sizeof(RSA_ENC_IDS)/
+ sizeof(*RSA_ENC_IDS),
+ &alg_size, &func_id)) {
+ err = -(EINVAL);
+ QAT_LOG(ERR,
+ "Not supported RSA parameter size (key)");
+ return err;
+ }
+ alg_size_in_bytes = alg_size >> 3;
+ if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
+ switch (asym_op->rsa.pad) {
+ case RTE_CRYPTO_RSA_PADDING_NONE:
+ rte_memcpy(cookie->input_array[0] +
+ alg_size_in_bytes -
+ asym_op->rsa.message.length
+ , asym_op->rsa.message.data,
+ asym_op->rsa.message.length);
+ break;
+ default:
+ err = -(EINVAL);
+ QAT_LOG(ERR,
+ "Invalid RSA padding (Encryption)");
+ return err;
+ }
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA Message",
+ cookie->input_array[0],
+ alg_size_in_bytes);
+#endif
+ } else {
+ switch (asym_op->rsa.pad) {
+ case RTE_CRYPTO_RSA_PADDING_NONE:
+ rte_memcpy(cookie->input_array[0],
+ asym_op->rsa.sign.data,
+ alg_size_in_bytes);
+ break;
+ default:
+ err = -(EINVAL);
+ QAT_LOG(ERR,
+ "Invalid RSA padding (Verify)");
+ return err;
+ }
+
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, " RSA Signature",
+ cookie->input_array[0],
+ alg_size_in_bytes);
+#endif
+
+ }
+ rte_memcpy(cookie->input_array[1] +
+ alg_size_in_bytes -
+ xform->rsa.e.length
+ , xform->rsa.e.data,
+ xform->rsa.e.length);
+ rte_memcpy(cookie->input_array[2] +
+ alg_size_in_bytes -
+ xform->rsa.n.length,
+ xform->rsa.n.data,
+ xform->rsa.n.length);
+
+ cookie->alg_size = alg_size;
+ qat_req->pke_hdr.cd_pars.func_id = func_id;
+
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA Public Key",
+ cookie->input_array[1], alg_size_in_bytes);
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA Modulus",
+ cookie->input_array[2], alg_size_in_bytes);
+#endif
+ } else {
+ if (asym_op->rsa.op_type ==
+ RTE_CRYPTO_ASYM_OP_DECRYPT) {
+ switch (asym_op->rsa.pad) {
+ case RTE_CRYPTO_RSA_PADDING_NONE:
+ rte_memcpy(cookie->input_array[0]
+ + alg_size_in_bytes -
+ asym_op->rsa.cipher.length,
+ asym_op->rsa.cipher.data,
+ asym_op->rsa.cipher.length);
+ break;
+ default:
+ QAT_LOG(ERR,
+ "Invalid padding of RSA (Decrypt)");
+ return -(EINVAL);
+ }
+
+ } else if (asym_op->rsa.op_type ==
+ RTE_CRYPTO_ASYM_OP_SIGN) {
+ switch (asym_op->rsa.pad) {
+ case RTE_CRYPTO_RSA_PADDING_NONE:
+ rte_memcpy(cookie->input_array[0]
+ + alg_size_in_bytes -
+ asym_op->rsa.message.length,
+ asym_op->rsa.message.data,
+ asym_op->rsa.message.length);
+ break;
+ default:
+ QAT_LOG(ERR,
+ "Invalid padding of RSA (Signature)");
+ return -(EINVAL);
+ }
+ }
+
+ if (xform->rsa.key_type == RTE_RSA_KET_TYPE_QT) {
+ QAT_LOG(ERR, "RSA CRT not implemented");
+ return -(EINVAL);
+ } else if (xform->rsa.key_type ==
+ RTE_RSA_KEY_TYPE_EXP) {
+ if (qat_asym_get_sz_and_func_id(
+ RSA_DEC_IDS,
+ sizeof(RSA_DEC_IDS)/
+ sizeof(*RSA_DEC_IDS),
+ &alg_size, &func_id)) {
+ return -(EINVAL);
+ }
+ alg_size_in_bytes = alg_size >> 3;
+ rte_memcpy(cookie->input_array[1] +
+ alg_size_in_bytes -
+ xform->rsa.d.length,
+ xform->rsa.d.data,
+ xform->rsa.d.length);
+ rte_memcpy(cookie->input_array[2] +
+ alg_size_in_bytes -
+ xform->rsa.n.length,
+ xform->rsa.n.data,
+ xform->rsa.n.length);
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA ciphertext",
+ cookie->input_array[0],
+ alg_size_in_bytes);
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA d", cookie->input_array[1],
+ alg_size_in_bytes);
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA n", cookie->input_array[2],
+ alg_size_in_bytes);
+#endif
+
+ cookie->alg_size = alg_size;
+ qat_req->pke_hdr.cd_pars.func_id = func_id;
+ } else {
+ QAT_LOG(ERR, "Invalid RSA key type");
+ return -(EINVAL);
+ }
+ }
} else {
QAT_LOG(ERR, "Invalid asymmetric crypto xform");
return -(EINVAL);
@@ -354,6 +519,85 @@ static void qat_asym_collect_response(struct rte_crypto_op *rx_op,
alg_size_in_bytes);
#endif
}
+ } else if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_RSA) {
+
+ alg_size = cookie->alg_size;
+ alg_size_in_bytes = alg_size >> 3;
+ if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT ||
+ asym_op->rsa.op_type ==
+ RTE_CRYPTO_ASYM_OP_VERIFY) {
+ if (asym_op->rsa.op_type ==
+ RTE_CRYPTO_ASYM_OP_ENCRYPT) {
+ uint8_t *rsa_result = asym_op->rsa.cipher.data;
+
+ rte_memcpy(rsa_result,
+ cookie->output_array[0],
+ alg_size_in_bytes);
+ rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA Encrypted data",
+ cookie->output_array[0],
+ alg_size_in_bytes);
+#endif
+ } else if (asym_op->rsa.op_type ==
+ RTE_CRYPTO_ASYM_OP_VERIFY) {
+ uint8_t *rsa_result = asym_op->rsa.cipher.data;
+
+ switch (asym_op->rsa.pad) {
+ case RTE_CRYPTO_RSA_PADDING_NONE:
+ rte_memcpy(rsa_result,
+ cookie->output_array[0],
+ alg_size_in_bytes);
+ rx_op->status =
+ RTE_CRYPTO_OP_STATUS_SUCCESS;
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA Signature",
+ cookie->output_array[0],
+ alg_size_in_bytes);
+#endif
+ break;
+ default:
+ QAT_LOG(ERR, "Padding not supported");
+ rx_op->status =
+ RTE_CRYPTO_OP_STATUS_ERROR;
+ break;
+ }
+ }
+ } else {
+ if (asym_op->rsa.op_type ==
+ RTE_CRYPTO_ASYM_OP_DECRYPT) {
+ uint8_t *rsa_result = asym_op->rsa.message.data;
+
+ switch (asym_op->rsa.pad) {
+ case RTE_CRYPTO_RSA_PADDING_NONE:
+ rte_memcpy(rsa_result,
+ cookie->output_array[0],
+ alg_size_in_bytes);
+ break;
+ default:
+ QAT_LOG(ERR, "Padding not supported");
+ rx_op->status =
+ RTE_CRYPTO_OP_STATUS_ERROR;
+ break;
+ }
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA Decrypted Message",
+ rsa_result, alg_size_in_bytes);
+#endif
+ } else if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
+ uint8_t *rsa_result = asym_op->rsa.sign.data;
+
+ rte_memcpy(rsa_result,
+ cookie->output_array[0],
+ alg_size_in_bytes);
+ rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA Signature",
+ cookie->output_array[0],
+ alg_size_in_bytes);
+#endif
+ }
+ }
}
qat_clear_arrays_by_alg(cookie, xform->xform_type, alg_size_in_bytes,
alg_size_in_bytes);
@@ -393,7 +637,7 @@ qat_asym_process_response(void **op, uint8_t *resp,
if (rx_op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
ctx = (struct qat_asym_session *)get_asym_session_private_data(
- rx_op->asym->session, cryptodev_qat_asym_driver_id);
+ rx_op->asym->session, cryptodev_qat_asym_driver_id);
qat_asym_collect_response(rx_op, cookie, ctx->xform);
} else if (rx_op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
qat_asym_collect_response(rx_op, cookie, rx_op->asym->xform);
@@ -436,6 +680,12 @@ qat_asym_session_configure(struct rte_cryptodev *dev,
err = -EINVAL;
goto error;
}
+ } else if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_RSA) {
+ if (xform->rsa.n.length == 0) {
+ QAT_LOG(ERR, "Invalid rsa input parameter");
+ err = -EINVAL;
+ goto error;
+ }
} else if (xform->xform_type >= RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
|| xform->xform_type <= RTE_CRYPTO_ASYM_XFORM_NONE) {
QAT_LOG(ERR, "Invalid asymmetric crypto xform");
diff --git a/drivers/crypto/qat/qat_asym.h b/drivers/crypto/qat/qat_asym.h
index 2959b07..b1dec8f 100644
--- a/drivers/crypto/qat/qat_asym.h
+++ b/drivers/crypto/qat/qat_asym.h
@@ -22,6 +22,8 @@ typedef uint64_t large_int_ptr;
#define QAT_ASYM_MODINV_NUM_OUT_PARAMS 1
#define QAT_ASYM_MODEXP_NUM_IN_PARAMS 3
#define QAT_ASYM_MODEXP_NUM_OUT_PARAMS 1
+#define QAT_ASYM_RSA_NUM_IN_PARAMS 3
+#define QAT_ASYM_RSA_NUM_OUT_PARAMS 1
struct qat_asym_op_cookie {
size_t alg_size;
diff --git a/drivers/crypto/qat/qat_asym_capabilities.h b/drivers/crypto/qat/qat_asym_capabilities.h
index f43c025..523b4da 100644
--- a/drivers/crypto/qat/qat_asym_capabilities.h
+++ b/drivers/crypto/qat/qat_asym_capabilities.h
@@ -37,6 +37,27 @@
} \
}, \
} \
+ }, \
+ { /* RSA */ \
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, \
+ {.asym = { \
+ .xform_capa = { \
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, \
+ .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | \
+ (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | \
+ (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | \
+ (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), \
+ { \
+ .modlen = { \
+ /* min length is based on openssl rsa keygen */ \
+ .min = 64, \
+ /* value 0 symbolizes no limit on max length */ \
+ .max = 512, \
+ .increment = 64 \
+ }, } \
+ } \
+ }, \
+ } \
} \
#endif /* _QAT_ASYM_CAPABILITIES_H_ */
diff --git a/drivers/crypto/qat/qat_asym_pmd.c b/drivers/crypto/qat/qat_asym_pmd.c
index 71fd709..78fc2d7 100644
--- a/drivers/crypto/qat/qat_asym_pmd.c
+++ b/drivers/crypto/qat/qat_asym_pmd.c
@@ -271,7 +271,8 @@ qat_asym_dev_create(struct qat_pci_device *qat_pci_dev)
cryptodev->feature_flags = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
RTE_CRYPTODEV_FF_HW_ACCELERATED |
- RTE_CRYPTODEV_FF_ASYM_SESSIONLESS;
+ RTE_CRYPTODEV_FF_ASYM_SESSIONLESS |
+ RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP;
internals = cryptodev->data->dev_private;
internals->qat_dev = qat_pci_dev;
qat_pci_dev->asym_dev = internals;
--
2.1.0
^ permalink raw reply [flat|nested] 7+ messages in thread
* [dpdk-dev] [PATCH v4 3/5] crypto/qat: add rsa crt implementation to asym pmd
2019-10-22 14:04 [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 1/5] crypto/qat: add sessionless implementation to asym pmd Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 2/5] crypto/qat: add rsa " Arek Kusztal
@ 2019-10-22 14:04 ` Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 4/5] test/crypto: add sessionless to asymmetric mod exp Arek Kusztal
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Arek Kusztal @ 2019-10-22 14:04 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, Arek Kusztal
This commit extends RSA implementation by CRT option
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
doc/guides/cryptodevs/features/qat.ini | 1 +
doc/guides/rel_notes/release_19_11.rst | 2 +
.../qat/qat_adf/qat_pke_functionality_arrays.h | 9 ++++
drivers/crypto/qat/qat_asym.c | 62 ++++++++++++++++++++--
drivers/crypto/qat/qat_asym.h | 1 +
drivers/crypto/qat/qat_asym_pmd.c | 3 +-
6 files changed, 74 insertions(+), 4 deletions(-)
diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini
index 374b523..6e350eb 100644
--- a/doc/guides/cryptodevs/features/qat.ini
+++ b/doc/guides/cryptodevs/features/qat.ini
@@ -15,6 +15,7 @@ OOP LB In LB Out = Y
Digest encrypted = Y
Asymmetric sessionless = Y
RSA PRIV OP KEY EXP = Y
+RSA PRIV OP KEY QT = Y
;
; Supported crypto algorithms of the 'qat' crypto driver.
diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
index 8603de7..6d34249 100644
--- a/doc/guides/rel_notes/release_19_11.rst
+++ b/doc/guides/rel_notes/release_19_11.rst
@@ -158,6 +158,8 @@ New Features
Added support for RSA algorithm with pair (n, d) private key representation.
+ Added support for RSA algorithm with quintuple private key representation.
+
Removed Items
-------------
diff --git a/drivers/common/qat/qat_adf/qat_pke_functionality_arrays.h b/drivers/common/qat/qat_adf/qat_pke_functionality_arrays.h
index 3e40b86..42ffbba 100644
--- a/drivers/common/qat/qat_adf/qat_pke_functionality_arrays.h
+++ b/drivers/common/qat/qat_adf/qat_pke_functionality_arrays.h
@@ -67,4 +67,13 @@ static const uint32_t RSA_DEC_IDS[][2] = {
{ 4096, PKE_RSA_DP1_4096 },
};
+static const uint32_t RSA_DEC_CRT_IDS[][2] = {
+ { 512, PKE_RSA_DP2_512 },
+ { 1024, PKE_RSA_DP2_1024 },
+ { 1536, PKE_RSA_DP2_1536 },
+ { 2048, PKE_RSA_DP2_2048 },
+ { 3072, PKE_RSA_DP2_3072 },
+ { 4096, PKE_RSA_DP2_4096 },
+};
+
#endif
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 070feb9..ae0dd79 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -352,10 +352,66 @@ qat_asym_fill_arrays(struct rte_crypto_asym_op *asym_op,
return -(EINVAL);
}
}
-
if (xform->rsa.key_type == RTE_RSA_KET_TYPE_QT) {
- QAT_LOG(ERR, "RSA CRT not implemented");
- return -(EINVAL);
+
+ qat_req->input_param_count =
+ QAT_ASYM_RSA_QT_NUM_IN_PARAMS;
+ if (qat_asym_get_sz_and_func_id(RSA_DEC_CRT_IDS,
+ sizeof(RSA_DEC_CRT_IDS)/
+ sizeof(*RSA_DEC_CRT_IDS),
+ &alg_size, &func_id)) {
+ return -(EINVAL);
+ }
+ alg_size_in_bytes = alg_size >> 3;
+
+ rte_memcpy(cookie->input_array[1] +
+ (alg_size_in_bytes >> 1) -
+ xform->rsa.qt.p.length
+ , xform->rsa.qt.p.data,
+ xform->rsa.qt.p.length);
+ rte_memcpy(cookie->input_array[2] +
+ (alg_size_in_bytes >> 1) -
+ xform->rsa.qt.q.length
+ , xform->rsa.qt.q.data,
+ xform->rsa.qt.q.length);
+ rte_memcpy(cookie->input_array[3] +
+ (alg_size_in_bytes >> 1) -
+ xform->rsa.qt.dP.length
+ , xform->rsa.qt.dP.data,
+ xform->rsa.qt.dP.length);
+ rte_memcpy(cookie->input_array[4] +
+ (alg_size_in_bytes >> 1) -
+ xform->rsa.qt.dQ.length
+ , xform->rsa.qt.dQ.data,
+ xform->rsa.qt.dQ.length);
+ rte_memcpy(cookie->input_array[5] +
+ (alg_size_in_bytes >> 1) -
+ xform->rsa.qt.qInv.length
+ , xform->rsa.qt.qInv.data,
+ xform->rsa.qt.qInv.length);
+ cookie->alg_size = alg_size;
+ qat_req->pke_hdr.cd_pars.func_id = func_id;
+
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "C",
+ cookie->input_array[0],
+ alg_size_in_bytes);
+ QAT_DP_HEXDUMP_LOG(DEBUG, "p",
+ cookie->input_array[1],
+ alg_size_in_bytes);
+ QAT_DP_HEXDUMP_LOG(DEBUG, "q",
+ cookie->input_array[2],
+ alg_size_in_bytes);
+ QAT_DP_HEXDUMP_LOG(DEBUG,
+ "dP", cookie->input_array[3],
+ alg_size_in_bytes);
+ QAT_DP_HEXDUMP_LOG(DEBUG,
+ "dQ", cookie->input_array[4],
+ alg_size_in_bytes);
+ QAT_DP_HEXDUMP_LOG(DEBUG,
+ "qInv", cookie->input_array[5],
+ alg_size_in_bytes);
+#endif
} else if (xform->rsa.key_type ==
RTE_RSA_KEY_TYPE_EXP) {
if (qat_asym_get_sz_and_func_id(
diff --git a/drivers/crypto/qat/qat_asym.h b/drivers/crypto/qat/qat_asym.h
index b1dec8f..551edc3 100644
--- a/drivers/crypto/qat/qat_asym.h
+++ b/drivers/crypto/qat/qat_asym.h
@@ -24,6 +24,7 @@ typedef uint64_t large_int_ptr;
#define QAT_ASYM_MODEXP_NUM_OUT_PARAMS 1
#define QAT_ASYM_RSA_NUM_IN_PARAMS 3
#define QAT_ASYM_RSA_NUM_OUT_PARAMS 1
+#define QAT_ASYM_RSA_QT_NUM_IN_PARAMS 6
struct qat_asym_op_cookie {
size_t alg_size;
diff --git a/drivers/crypto/qat/qat_asym_pmd.c b/drivers/crypto/qat/qat_asym_pmd.c
index 78fc2d7..c8a52b6 100644
--- a/drivers/crypto/qat/qat_asym_pmd.c
+++ b/drivers/crypto/qat/qat_asym_pmd.c
@@ -272,7 +272,8 @@ qat_asym_dev_create(struct qat_pci_device *qat_pci_dev)
cryptodev->feature_flags = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
RTE_CRYPTODEV_FF_HW_ACCELERATED |
RTE_CRYPTODEV_FF_ASYM_SESSIONLESS |
- RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP;
+ RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP |
+ RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT;
internals = cryptodev->data->dev_private;
internals->qat_dev = qat_pci_dev;
qat_pci_dev->asym_dev = internals;
--
2.1.0
^ permalink raw reply [flat|nested] 7+ messages in thread
* [dpdk-dev] [PATCH v4 4/5] test/crypto: add sessionless to asymmetric mod exp
2019-10-22 14:04 [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Arek Kusztal
` (2 preceding siblings ...)
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 3/5] crypto/qat: add rsa crt " Arek Kusztal
@ 2019-10-22 14:04 ` Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 5/5] test/crypto: add rsa tests to qat and openssl with no padding Arek Kusztal
2019-10-23 13:42 ` [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Akhil Goyal
5 siblings, 0 replies; 7+ messages in thread
From: Arek Kusztal @ 2019-10-22 14:04 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, Arek Kusztal
This commit adds asymmetric sessionless tests to mod exp.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
app/test/test_cryptodev_asym.c | 73 ++++++++++++++++++++++++++++--------------
1 file changed, 49 insertions(+), 24 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 6cc2f97..ea3005b 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -283,7 +283,7 @@ test_cryptodev_asym_ver(union test_case_structure *data_tc,
static int
test_cryptodev_asym_op(struct crypto_testsuite_params *ts_params,
union test_case_structure *data_tc,
- char *test_msg)
+ char *test_msg, int sessionless)
{
struct rte_crypto_asym_op *asym_op = NULL;
struct rte_crypto_op *op = NULL;
@@ -382,27 +382,31 @@ test_cryptodev_asym_op(struct crypto_testsuite_params *ts_params,
goto error_exit;
}
- sess = rte_cryptodev_asym_session_create(ts_params->session_mpool);
- if (!sess) {
- snprintf(test_msg, ASYM_TEST_MSG_LEN,
- "line %u "
- "FAILED: %s", __LINE__,
- "Session creation failed");
- status = TEST_FAILED;
- goto error_exit;
- }
-
- if (rte_cryptodev_asym_session_init(dev_id, sess, &xform_tc,
- ts_params->session_mpool) < 0) {
- snprintf(test_msg, ASYM_TEST_MSG_LEN,
- "line %u FAILED: %s",
- __LINE__, "unabled to config sym session");
- status = TEST_FAILED;
- goto error_exit;
- }
+ if (!sessionless) {
+ sess = rte_cryptodev_asym_session_create(ts_params->session_mpool);
+ if (!sess) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u "
+ "FAILED: %s", __LINE__,
+ "Session creation failed");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
- rte_crypto_op_attach_asym_session(op, sess);
+ if (rte_cryptodev_asym_session_init(dev_id, sess, &xform_tc,
+ ts_params->session_mpool) < 0) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "unabled to config sym session");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ rte_crypto_op_attach_asym_session(op, sess);
+ } else {
+ asym_op->xform = &xform_tc;
+ op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
+ }
RTE_LOG(DEBUG, USER1, "Process ASYM operation");
/* Process crypto operation */
@@ -433,7 +437,10 @@ test_cryptodev_asym_op(struct crypto_testsuite_params *ts_params,
goto error_exit;
}
- snprintf(test_msg, ASYM_TEST_MSG_LEN, "PASS");
+ if (!sessionless)
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "PASS");
+ else
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "SESSIONLESS PASS");
error_exit:
if (sess != NULL) {
@@ -451,7 +458,7 @@ test_cryptodev_asym_op(struct crypto_testsuite_params *ts_params,
}
static int
-test_one_case(const void *test_case)
+test_one_case(const void *test_case, int sessionless)
{
int status = TEST_SUCCESS;
char test_msg[ASYM_TEST_MSG_LEN + 1];
@@ -460,7 +467,8 @@ test_one_case(const void *test_case)
union test_case_structure tc;
memcpy(&tc, test_case, sizeof(tc));
- status = test_cryptodev_asym_op(&testsuite_params, &tc, test_msg);
+ status = test_cryptodev_asym_op(&testsuite_params, &tc, test_msg,
+ sessionless);
printf(" %u) TestCase %s %s\n", test_index++,
tc.modex.description, test_msg);
@@ -501,14 +509,31 @@ static int
test_one_by_one(void)
{
int status = TEST_SUCCESS;
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
uint32_t i = 0;
+ uint8_t dev_id = ts_params->valid_devs[0];
+ struct rte_cryptodev_info dev_info;
+ int sessionless = 0;
+
+ rte_cryptodev_info_get(dev_id, &dev_info);
+ if ((dev_info.feature_flags &
+ RTE_CRYPTODEV_FF_ASYM_SESSIONLESS)) {
+ sessionless = 1;
+ }
/* Go through all test cases */
test_index = 0;
for (i = 0; i < test_vector.size; i++) {
- if (test_one_case(test_vector.address[i]) != TEST_SUCCESS)
+ if (test_one_case(test_vector.address[i], 0) != TEST_SUCCESS)
status = TEST_FAILED;
}
+ if (sessionless) {
+ for (i = 0; i < test_vector.size; i++) {
+ if (test_one_case(test_vector.address[i], 1)
+ != TEST_SUCCESS)
+ status = TEST_FAILED;
+ }
+ }
TEST_ASSERT_EQUAL(status, 0, "Test failed");
return status;
--
2.1.0
^ permalink raw reply [flat|nested] 7+ messages in thread
* [dpdk-dev] [PATCH v4 5/5] test/crypto: add rsa tests to qat and openssl with no padding
2019-10-22 14:04 [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Arek Kusztal
` (3 preceding siblings ...)
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 4/5] test/crypto: add sessionless to asymmetric mod exp Arek Kusztal
@ 2019-10-22 14:04 ` Arek Kusztal
2019-10-23 13:42 ` [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Akhil Goyal
5 siblings, 0 replies; 7+ messages in thread
From: Arek Kusztal @ 2019-10-22 14:04 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, Arek Kusztal
This commit adds RSA tests to Intel QuickAssist Technology pmd
and OpenSSL pmd test suite for session and session-less cases
when PADDING_NONE selected
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
app/test/test_cryptodev_asym.c | 140 ++++++++++++++++--
app/test/test_cryptodev_rsa_test_vectors.h | 226 +++++++++++++++++++++++++++++
2 files changed, 351 insertions(+), 15 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index ea3005b..e49ab9d 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -54,6 +54,7 @@ struct crypto_unittest_params {
union test_case_structure {
struct modex_test_data modex;
struct modinv_test_data modinv;
+ struct rsa_test_data_2 rsa_data;
};
struct test_cases_array {
@@ -246,10 +247,12 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
return status;
}
static int
-test_cryptodev_asym_ver(union test_case_structure *data_tc,
- struct rte_crypto_op *result_op)
+test_cryptodev_asym_ver(struct rte_crypto_op *op,
+ struct rte_crypto_asym_xform *xform_tc,
+ union test_case_structure *data_tc,
+ struct rte_crypto_op *result_op)
{
- int status = TEST_SUCCESS;
+ int status = TEST_FAILED;
int ret = 0;
uint8_t *data_expected = NULL, *data_received = NULL;
size_t data_size = 0;
@@ -265,17 +268,35 @@ test_cryptodev_asym_ver(union test_case_structure *data_tc,
data_received = result_op->asym->modinv.result.data;
data_size = result_op->asym->modinv.result.length;
break;
+ case RTE_CRYPTO_ASYM_XFORM_RSA:
+ if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
+ data_size = xform_tc->rsa.n.length;
+ data_received = result_op->asym->rsa.cipher.data;
+ data_expected = data_tc->rsa_data.ct.data;
+ } else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
+ data_size = xform_tc->rsa.n.length;
+ data_expected = data_tc->rsa_data.pt.data;
+ data_received = result_op->asym->rsa.message.data;
+ } else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
+ data_size = xform_tc->rsa.n.length;
+ data_expected = data_tc->rsa_data.sign.data;
+ data_received = result_op->asym->rsa.sign.data;
+ } else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
+ data_size = xform_tc->rsa.n.length;
+ data_expected = data_tc->rsa_data.pt.data;
+ data_received = result_op->asym->rsa.cipher.data;
+ }
+ break;
case RTE_CRYPTO_ASYM_XFORM_DH:
case RTE_CRYPTO_ASYM_XFORM_DSA:
- case RTE_CRYPTO_ASYM_XFORM_RSA:
case RTE_CRYPTO_ASYM_XFORM_NONE:
case RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED:
default:
break;
}
ret = memcmp(data_expected, data_received, data_size);
- if (ret)
- status = TEST_FAILED;
+ if (!ret && data_size)
+ status = TEST_SUCCESS;
return status;
}
@@ -283,7 +304,8 @@ test_cryptodev_asym_ver(union test_case_structure *data_tc,
static int
test_cryptodev_asym_op(struct crypto_testsuite_params *ts_params,
union test_case_structure *data_tc,
- char *test_msg, int sessionless)
+ char *test_msg, int sessionless, enum rte_crypto_asym_op_type type,
+ enum rte_crypto_rsa_priv_key_type key_type)
{
struct rte_crypto_asym_op *asym_op = NULL;
struct rte_crypto_op *op = NULL;
@@ -368,9 +390,57 @@ test_cryptodev_asym_op(struct crypto_testsuite_params *ts_params,
goto error_exit;
}
break;
+ case RTE_CRYPTO_ASYM_XFORM_RSA:
+ result = rte_zmalloc(NULL, data_tc->rsa_data.n.len, 0);
+ op->asym->rsa.op_type = type;
+ xform_tc.rsa.e.data = data_tc->rsa_data.e.data;
+ xform_tc.rsa.e.length = data_tc->rsa_data.e.len;
+ xform_tc.rsa.n.data = data_tc->rsa_data.n.data;
+ xform_tc.rsa.n.length = data_tc->rsa_data.n.len;
+
+ if (key_type == RTE_RSA_KEY_TYPE_EXP) {
+ xform_tc.rsa.d.data = data_tc->rsa_data.d.data;
+ xform_tc.rsa.d.length = data_tc->rsa_data.d.len;
+ } else {
+ xform_tc.rsa.qt.p.data = data_tc->rsa_data.p.data;
+ xform_tc.rsa.qt.p.length = data_tc->rsa_data.p.len;
+ xform_tc.rsa.qt.q.data = data_tc->rsa_data.q.data;
+ xform_tc.rsa.qt.q.length = data_tc->rsa_data.q.len;
+ xform_tc.rsa.qt.dP.data = data_tc->rsa_data.dP.data;
+ xform_tc.rsa.qt.dP.length = data_tc->rsa_data.dP.len;
+ xform_tc.rsa.qt.dQ.data = data_tc->rsa_data.dQ.data;
+ xform_tc.rsa.qt.dQ.length = data_tc->rsa_data.dQ.len;
+ xform_tc.rsa.qt.qInv.data = data_tc->rsa_data.qInv.data;
+ xform_tc.rsa.qt.qInv.length = data_tc->rsa_data.qInv.len;
+ }
+
+ xform_tc.rsa.key_type = key_type;
+ op->asym->rsa.pad = data_tc->rsa_data.padding;
+
+ if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
+ asym_op->rsa.message.data = data_tc->rsa_data.pt.data;
+ asym_op->rsa.message.length = data_tc->rsa_data.pt.len;
+ asym_op->rsa.cipher.data = result;
+ asym_op->rsa.cipher.length = data_tc->rsa_data.n.len;
+ } else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
+ asym_op->rsa.message.data = result;
+ asym_op->rsa.message.length = data_tc->rsa_data.n.len;
+ asym_op->rsa.cipher.data = data_tc->rsa_data.ct.data;
+ asym_op->rsa.cipher.length = data_tc->rsa_data.ct.len;
+ } else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
+ asym_op->rsa.sign.data = result;
+ asym_op->rsa.sign.length = data_tc->rsa_data.n.len;
+ asym_op->rsa.message.data = data_tc->rsa_data.pt.data;
+ asym_op->rsa.message.length = data_tc->rsa_data.pt.len;
+ } else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
+ asym_op->rsa.cipher.data = result;
+ asym_op->rsa.cipher.length = data_tc->rsa_data.n.len;
+ asym_op->rsa.sign.data = data_tc->rsa_data.sign.data;
+ asym_op->rsa.sign.length = data_tc->rsa_data.sign.len;
+ }
+ break;
case RTE_CRYPTO_ASYM_XFORM_DH:
case RTE_CRYPTO_ASYM_XFORM_DSA:
- case RTE_CRYPTO_ASYM_XFORM_RSA:
case RTE_CRYPTO_ASYM_XFORM_NONE:
case RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED:
default:
@@ -429,7 +499,7 @@ test_cryptodev_asym_op(struct crypto_testsuite_params *ts_params,
goto error_exit;
}
- if (test_cryptodev_asym_ver(data_tc, result_op) != TEST_SUCCESS) {
+ if (test_cryptodev_asym_ver(op, &xform_tc, data_tc, result_op) != TEST_SUCCESS) {
snprintf(test_msg, ASYM_TEST_MSG_LEN,
"line %u FAILED: %s",
__LINE__, "Verification failed ");
@@ -460,18 +530,47 @@ test_cryptodev_asym_op(struct crypto_testsuite_params *ts_params,
static int
test_one_case(const void *test_case, int sessionless)
{
- int status = TEST_SUCCESS;
+ int status = TEST_SUCCESS, i = 0;
char test_msg[ASYM_TEST_MSG_LEN + 1];
/* Map the case to union */
union test_case_structure tc;
memcpy(&tc, test_case, sizeof(tc));
- status = test_cryptodev_asym_op(&testsuite_params, &tc, test_msg,
- sessionless);
-
- printf(" %u) TestCase %s %s\n", test_index++,
- tc.modex.description, test_msg);
+ if (tc.modex.xform_type == RTE_CRYPTO_ASYM_XFORM_MODEX
+ || tc.modex.xform_type == RTE_CRYPTO_ASYM_XFORM_MODINV) {
+ status = test_cryptodev_asym_op(&testsuite_params, &tc, test_msg,
+ sessionless, 0, 0);
+ printf(" %u) TestCase %s %s\n", test_index++,
+ tc.modex.description, test_msg);
+ } else {
+ for (i = 0; i < RTE_CRYPTO_ASYM_OP_LIST_END; i++) {
+ if (tc.modex.xform_type == RTE_CRYPTO_ASYM_XFORM_RSA) {
+ if (tc.rsa_data.op_type_flags & (1 << i)) {
+ if (tc.rsa_data.key_exp) {
+ status = test_cryptodev_asym_op(
+ &testsuite_params, &tc,
+ test_msg, sessionless, i,
+ RTE_RSA_KEY_TYPE_EXP);
+ }
+ if (status)
+ break;
+ if (tc.rsa_data.key_qt && (i ==
+ RTE_CRYPTO_ASYM_OP_DECRYPT ||
+ i == RTE_CRYPTO_ASYM_OP_SIGN)) {
+ status = test_cryptodev_asym_op(
+ &testsuite_params,
+ &tc, test_msg, sessionless, i,
+ RTE_RSA_KET_TYPE_QT);
+ }
+ if (status)
+ break;
+ }
+ }
+ }
+ printf(" %u) TestCase %s %s\n", test_index++,
+ tc.modex.description, test_msg);
+ }
return status;
}
@@ -502,6 +601,17 @@ load_test_vectors(void)
test_vector.address[test_vector.size] = &modinv_test_case[i];
test_vector.size++;
}
+ /* Load RSA vector*/
+ v_size = ARRAY_SIZE(rsa_test_case_list);
+ for (i = 0; i < v_size; i++) {
+ if (test_vector.size >= (TEST_VECTOR_SIZE)) {
+ RTE_LOG(DEBUG, USER1,
+ "TEST_VECTOR_SIZE too small\n");
+ return -1;
+ }
+ test_vector.address[test_vector.size] = &rsa_test_case_list[i];
+ test_vector.size++;
+ }
return 0;
}
diff --git a/app/test/test_cryptodev_rsa_test_vectors.h b/app/test/test_cryptodev_rsa_test_vectors.h
index 0dc0375..48a72e1 100644
--- a/app/test/test_cryptodev_rsa_test_vectors.h
+++ b/app/test/test_cryptodev_rsa_test_vectors.h
@@ -5,10 +5,236 @@
#ifndef TEST_CRYPTODEV_RSA_TEST_VECTORS_H__
#define TEST_CRYPTODEV_RSA_TEST_VECTORS_H__
+#include <stdint.h>
+
#include "rte_crypto_asym.h"
#define TEST_DATA_SIZE 4096
+struct rsa_test_data_2 {
+ enum rte_crypto_asym_xform_type xform_type;
+ const char *description;
+ uint64_t op_type_flags;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } pt;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } ct;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } sign;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } e;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } d;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } n;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } p;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } q;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } dP;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } dQ;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } qInv;
+
+ uint16_t result_len;
+ enum rte_crypto_rsa_padding_type padding;
+ int key_exp;
+ int key_qt;
+};
+
+static const struct
+rsa_test_data_2 rsa_test_case_list[] = {
+ {
+ .description = "RSA Encryption Decryption "
+ "(n=128, pt=20, e=3) EXP, QT",
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
+ .op_type_flags = 1UL << RTE_CRYPTO_ASYM_OP_ENCRYPT |
+ 1UL << RTE_CRYPTO_ASYM_OP_DECRYPT,
+ .pt = {
+ .data = {
+ 0x00, 0x02, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xf8, 0xba, 0x1a, 0x55,
+ 0xd0, 0x2f, 0x85, 0xae, 0x96, 0x7b, 0xb6, 0x2f,
+ 0xb6, 0xcd, 0xa8, 0xeb, 0x7e, 0x78, 0xa0, 0x50
+ },
+ .len = 128,
+ },
+ .ct = {
+ .data = {
+ 0x3D, 0x8D, 0x2F, 0x85, 0xC0, 0xB7, 0x21, 0x3E,
+ 0x5B, 0x4A, 0x96, 0xB2, 0x85, 0x35, 0xAF, 0x0C,
+ 0x62, 0xE9, 0x73, 0xEF, 0x77, 0x76, 0x19, 0xD5,
+ 0x92, 0xF7, 0x1D, 0xB0, 0x15, 0x69, 0x65, 0x82,
+ 0x32, 0x30, 0x4E, 0x29, 0xE7, 0x83, 0xAD, 0x23,
+ 0x66, 0xD9, 0x91, 0x9B, 0xFF, 0x01, 0x10, 0x3B,
+ 0xB2, 0xF8, 0x78, 0x14, 0xD2, 0x6E, 0x3C, 0x59,
+ 0x6E, 0x1A, 0x90, 0x3C, 0x5A, 0xB3, 0x0B, 0x60,
+ 0xE2, 0x71, 0xCC, 0xF5, 0x0C, 0x57, 0x19, 0x03,
+ 0x5B, 0x04, 0x46, 0x7E, 0x13, 0x5B, 0xFF, 0x2C,
+ 0x01, 0x19, 0x75, 0x86, 0x6A, 0xAE, 0x60, 0xFB,
+ 0x0A, 0x4C, 0x14, 0x1A, 0xBC, 0x0E, 0x86, 0xF1,
+ 0x13, 0x10, 0xB3, 0x03, 0x8E, 0x66, 0x6F, 0xA5,
+ 0x53, 0x80, 0x5A, 0x91, 0xE6, 0x7C, 0x3C, 0x38,
+ 0x15, 0xB6, 0x69, 0x3E, 0xF6, 0x54, 0xB0, 0x60,
+ 0x83, 0xE9, 0x2B, 0xF3, 0x26, 0x53, 0x3E, 0x11
+ },
+ .len = 128,
+ },
+ .e = {
+ .data = {
+ 0x01, 0x00, 0x01
+ },
+ .len = 3,
+ },
+ .d = {
+ .data = {
+ 0x24, 0xd7, 0xea, 0xf4, 0x7f, 0xe0, 0xca, 0x31,
+ 0x4d, 0xee, 0xc4, 0xa1, 0xbe, 0xab, 0x06, 0x61,
+ 0x32, 0xe7, 0x51, 0x46, 0x27, 0xdf, 0x72, 0xe9,
+ 0x6f, 0xa8, 0x4c, 0xd1, 0x26, 0xef, 0x65, 0xeb,
+ 0x67, 0xff, 0x5f, 0xa7, 0x3b, 0x25, 0xb9, 0x08,
+ 0x8e, 0xa0, 0x47, 0x56, 0xe6, 0x8e, 0xf9, 0xd3,
+ 0x18, 0x06, 0x3d, 0xc6, 0xb1, 0xf8, 0xdc, 0x1b,
+ 0x8d, 0xe5, 0x30, 0x54, 0x26, 0xac, 0x16, 0x3b,
+ 0x7b, 0xad, 0x46, 0x9e, 0x21, 0x6a, 0x57, 0xe6,
+ 0x81, 0x56, 0x1d, 0x2a, 0xc4, 0x39, 0x63, 0x67,
+ 0x81, 0x2c, 0xca, 0xcc, 0xf8, 0x42, 0x04, 0xbe,
+ 0xcf, 0x8f, 0x6c, 0x5b, 0x81, 0x46, 0xb9, 0xc7,
+ 0x62, 0x90, 0x87, 0x35, 0x03, 0x9b, 0x89, 0xcb,
+ 0x37, 0xbd, 0xf1, 0x1b, 0x99, 0xa1, 0x9a, 0x78,
+ 0xd5, 0x4c, 0xdd, 0x3f, 0x41, 0x0c, 0xb7, 0x1a,
+ 0xd9, 0x7b, 0x87, 0x5f, 0xbe, 0xb1, 0x83, 0x41
+ },
+ .len = 128,
+ },
+ .n = {
+ .data = {
+ 0xb3, 0xa1, 0xaf, 0xb7, 0x13, 0x08, 0x00, 0x0a,
+ 0x35, 0xdc, 0x2b, 0x20, 0x8d, 0xa1, 0xb5, 0xce,
+ 0x47, 0x8a, 0xc3, 0x80, 0xf4, 0x7d, 0x4a, 0xa2,
+ 0x62, 0xfd, 0x61, 0x7f, 0xb5, 0xa8, 0xde, 0x0a,
+ 0x17, 0x97, 0xa0, 0xbf, 0xdf, 0x56, 0x5a, 0x3d,
+ 0x51, 0x56, 0x4f, 0x70, 0x70, 0x3f, 0x63, 0x6a,
+ 0x44, 0x5b, 0xad, 0x84, 0x0d, 0x3f, 0x27, 0x6e,
+ 0x3b, 0x34, 0x91, 0x60, 0x14, 0xb9, 0xaa, 0x72,
+ 0xfd, 0xa3, 0x64, 0xd2, 0x03, 0xa7, 0x53, 0x87,
+ 0x9e, 0x88, 0x0b, 0xc1, 0x14, 0x93, 0x1a, 0x62,
+ 0xff, 0xb1, 0x5d, 0x74, 0xcd, 0x59, 0x63, 0x18,
+ 0x11, 0x3d, 0x4f, 0xba, 0x75, 0xd4, 0x33, 0x4e,
+ 0x23, 0x6b, 0x7b, 0x57, 0x44, 0xe1, 0xd3, 0x03,
+ 0x13, 0xa6, 0xf0, 0x8b, 0x60, 0xb0, 0x9e, 0xee,
+ 0x75, 0x08, 0x9d, 0x71, 0x63, 0x13, 0xcb, 0xa6,
+ 0x81, 0x92, 0x14, 0x03, 0x22, 0x2d, 0xde, 0x55
+ },
+ .len = 128,
+ },
+ .p = {
+ .data = {
+ 0xdc, 0xba, 0x00, 0x01, 0x57, 0x93, 0xe3, 0x05,
+ 0xed, 0x61, 0x9a, 0xa3, 0xaf, 0x6a, 0xd3, 0x47,
+ 0x8f, 0x2d, 0x1e, 0x7f, 0x4d, 0x60, 0xc8, 0x8d,
+ 0x34, 0xb8, 0x17, 0x84, 0xbc, 0xd4, 0xe9, 0x79,
+ 0x95, 0x75, 0x19, 0x37, 0xe0, 0xcc, 0xfe, 0x4c,
+ 0x5d, 0x49, 0x53, 0x61, 0x29, 0xf1, 0xdc, 0x82,
+ 0x03, 0x96, 0x7d, 0x95, 0x4f, 0xdd, 0x3c, 0x0a,
+ 0x64, 0x8a, 0x43, 0x2f, 0x95, 0x4a, 0xed, 0xdd
+ },
+ .len = 64,
+ },
+ .q = {
+ .data = {
+ 0xd0, 0x56, 0x7a, 0x0a, 0xd5, 0x95, 0xa4, 0x85,
+ 0x53, 0x35, 0xa1, 0x48, 0x07, 0x6a, 0x7c, 0x08,
+ 0xe0, 0xfd, 0x4b, 0x88, 0x77, 0xa6, 0x15, 0x23,
+ 0x0f, 0xbf, 0x14, 0x46, 0x11, 0xee, 0x95, 0xc7,
+ 0x5e, 0x77, 0x65, 0xa2, 0xb5, 0x50, 0xdf, 0x19,
+ 0x07, 0xc7, 0x72, 0xdb, 0x29, 0xf6, 0x54, 0x86,
+ 0xe1, 0xb3, 0x97, 0x0a, 0x28, 0x64, 0x3a, 0x38,
+ 0xa6, 0x7d, 0x13, 0xc3, 0x79, 0xaa, 0x56, 0xd9
+ },
+ .len = 64,
+ },
+ .dP = {
+ .data = {
+ 0xc5, 0x43, 0x0d, 0x82, 0x25, 0x8c, 0xab, 0x55,
+ 0xbe, 0xc2, 0x7d, 0xfb, 0x4f, 0x68, 0x3f, 0x0e,
+ 0x32, 0xec, 0xf5, 0xd6, 0x7b, 0x86, 0xc5, 0x75,
+ 0x3c, 0xea, 0x51, 0x4a, 0x75, 0xa0, 0x2a, 0x50,
+ 0x58, 0xbb, 0xe0, 0x1f, 0xca, 0x2e, 0x2a, 0x0e,
+ 0x81, 0x48, 0x68, 0xd5, 0xeb, 0x30, 0x96, 0x0b,
+ 0x33, 0xbd, 0xa8, 0xda, 0x6a, 0x17, 0xa3, 0xf2,
+ 0xfd, 0xcb, 0x7b, 0x23, 0xe9, 0x5e, 0x9f, 0x99
+ },
+ .len = 64,
+ },
+ .dQ = {
+ .data = {
+ 0xbe, 0xff, 0xf9, 0x05, 0x43, 0xc8, 0xdc, 0x3b,
+ 0x0b, 0x0d, 0x28, 0xde, 0x73, 0x46, 0x11, 0x8e,
+ 0xc6, 0x4e, 0x11, 0xd8, 0x7b, 0xf0, 0xfc, 0x81,
+ 0xd7, 0x66, 0xd3, 0xbc, 0x65, 0xa6, 0x39, 0x14,
+ 0xbd, 0xab, 0x72, 0xb7, 0x57, 0xc9, 0x5b, 0xaf,
+ 0x83, 0xed, 0x3b, 0x84, 0x68, 0x15, 0x18, 0x6b,
+ 0x4c, 0x32, 0xac, 0x6f, 0x38, 0x96, 0xa2, 0xb5,
+ 0xdb, 0x14, 0xe2, 0x70, 0x9c, 0x73, 0x29, 0x09
+ },
+ .len = 64,
+ },
+ .qInv = {
+ .data = {
+ 0x59, 0xbd, 0xb1, 0x37, 0xeb, 0x4e, 0xcf, 0x68,
+ 0xe7, 0x85, 0x91, 0xbb, 0xc0, 0xdb, 0x8e, 0x41,
+ 0x91, 0x4a, 0xc0, 0xb1, 0xc5, 0xe8, 0x91, 0xf6,
+ 0xc7, 0x5a, 0x98, 0x1a, 0x8a, 0x0f, 0x45, 0xb2,
+ 0x5b, 0xff, 0x7a, 0x2d, 0x98, 0x89, 0x55, 0xd9,
+ 0xbf, 0x6e, 0xdd, 0x2d, 0xd4, 0xe8, 0x0a, 0xaa,
+ 0xae, 0x2a, 0xc4, 0x16, 0xb5, 0xba, 0xe1, 0x69,
+ 0x71, 0x94, 0xdd, 0xa0, 0xf5, 0x1e, 0x6d, 0xcc
+ },
+ .len = 64,
+ },
+ .padding = RTE_CRYPTO_RSA_PADDING_NONE,
+ .key_exp = 1,
+ .key_qt = 1,
+ }
+};
+
struct rsa_test_data {
uint8_t data[TEST_DATA_SIZE];
unsigned int len;
--
2.1.0
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT
2019-10-22 14:04 [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Arek Kusztal
` (4 preceding siblings ...)
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 5/5] test/crypto: add rsa tests to qat and openssl with no padding Arek Kusztal
@ 2019-10-23 13:42 ` Akhil Goyal
5 siblings, 0 replies; 7+ messages in thread
From: Akhil Goyal @ 2019-10-23 13:42 UTC (permalink / raw)
To: Arek Kusztal, dev; +Cc: fiona.trahe
>
> This patchset adds session-less option, RSA algorithm, RSA-CRT algorithm
> to Intel QuickAssist Technology PMD. It also adds session-less test cases
> for those algorithms.
> Test case for RSA signature with no padding will be sent in a later patch.
>
> [1]crypto/qat: add sessionless implementation to asym pmd
> - this patch adds sessionless option to QAT, already implemented
> algorithms MOD EXP and MOD INV can be used with sessionless
> [2]crypto/qat: add rsa implementation to asym pmd
> - this patch adds option to use RSA with exponent private key
> pair (n,d)
> [3]crypto/qat: add rsa crt implementation to asym pmd
> - this patch adds CRT option to RSA, to improve performance of
> decryption and creating of signature
>
> v4:
> - fixed compilation issue
>
> Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Series Applied to dpdk-next-crypto
Thanks.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-10-23 13:42 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-22 14:04 [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 1/5] crypto/qat: add sessionless implementation to asym pmd Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 2/5] crypto/qat: add rsa " Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 3/5] crypto/qat: add rsa crt " Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 4/5] test/crypto: add sessionless to asymmetric mod exp Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 5/5] test/crypto: add rsa tests to qat and openssl with no padding Arek Kusztal
2019-10-23 13:42 ` [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).