From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
by inbox.dpdk.org (Postfix) with ESMTP id E3A7F45AF3;
Wed, 9 Oct 2024 16:17:05 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
by mails.dpdk.org (Postfix) with ESMTP id 7B53C427DF;
Wed, 9 Oct 2024 16:16:54 +0200 (CEST)
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.17])
by mails.dpdk.org (Postfix) with ESMTP id 72A5C427D8
for <dev@dpdk.org>; Wed, 9 Oct 2024 16:16:52 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
t=1728483413; x=1760019413;
h=from:to:cc:subject:date:message-id:in-reply-to: references;
bh=SC7qIAF4sB5yMruccXrYF34El0r+Aa7EiiM26CrUQOM=;
b=ciFlo2hkSb5mmUoiCT2cZr0LDhprM6Ch1xrZHJDlC7ob/RBoU78BPeTe
87P7Q9tYtWcNs5sgcW3caceUfL5+Kd5g+cTfXbuNAINQvNsc7KKb6LNcK
NUPjkuFt9XLJlXG9ukuWLoZFWlp236ke/wK9tYKeHRpY1jsRtqhN2u0mP
d6/Guh/YDbmV9oNc8Vtb8zP/LXnXjaCH/N+QUeTTA2pU7r5WcqADYBcph
0PSKg8T3O6HyXBEC4FR1qKviSbWl9ruCmojz+QRG27ixvM3OpQWEljF55
AMAush5MFbLkK+Gekz5XGszAYDQ9yijFyO4AHTRJ6IiK8pf+3yPj5d12o g==;
X-CSE-ConnectionGUID: aAGE7U9oTpuLDMDzfqDlow==
X-CSE-MsgGUID: i9eu7SZOQN2osjajyBGAKw==
X-IronPort-AV: E=McAfee;i="6700,10204,11220"; a="27666315"
X-IronPort-AV: E=Sophos;i="6.11,190,1725346800"; d="scan'208";a="27666315"
Received: from fmviesa010.fm.intel.com ([10.60.135.150])
by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
09 Oct 2024 07:16:52 -0700
X-CSE-ConnectionGUID: 0ZNxhexrREKnR/QzzJmAOw==
X-CSE-MsgGUID: WHpINhngQ5+8zOZrRwbSQQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.11,190,1725346800"; d="scan'208";a="76585230"
Received: from silpixa00399302.ir.intel.com ([10.237.214.22])
by fmviesa010.fm.intel.com with ESMTP; 09 Oct 2024 07:16:50 -0700
From: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
To: dev@dpdk.org
Cc: gakhil@marvell.com, brian.dooley@intel.com,
Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
Subject: [PATCH v5 3/4] crypto/qat: add sm2 encryption/decryption function
Date: Wed, 9 Oct 2024 14:01:46 +0100
Message-Id: <20241009130147.38280-4-arkadiuszx.kusztal@intel.com>
X-Mailer: git-send-email 2.13.6
In-Reply-To: <20241009130147.38280-1-arkadiuszx.kusztal@intel.com>
References: <20241008181433.57591-3-arkadiuszx.kusztal@intel.com>
<20241009130147.38280-1-arkadiuszx.kusztal@intel.com>
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
This commit adds SM2 elliptic curve based asymmetric
encryption and decryption to the Intel QuickAssist
Technology PMD.
Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
doc/guides/cryptodevs/features/qat.ini | 1 +
doc/guides/rel_notes/release_24_11.rst | 4 +
drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h | 3 +
drivers/common/qat/qat_adf/qat_pke.h | 20 ++++
drivers/crypto/qat/qat_asym.c | 140 +++++++++++++++++++++++-
5 files changed, 162 insertions(+), 6 deletions(-)
diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini
index f41d29158f..219dd1e011 100644
--- a/doc/guides/cryptodevs/features/qat.ini
+++ b/doc/guides/cryptodevs/features/qat.ini
@@ -71,6 +71,7 @@ ZUC EIA3 = Y
AES CMAC (128) = Y
SM3 = Y
SM3 HMAC = Y
+SM2 = Y
;
; Supported AEAD algorithms of the 'qat' crypto driver.
diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst
index e0a9aa55a1..e56824310b 100644
--- a/doc/guides/rel_notes/release_24_11.rst
+++ b/doc/guides/rel_notes/release_24_11.rst
@@ -67,6 +67,10 @@ New Features
The new statistics are useful for debugging and profiling.
+* **Updated the QuickAssist Technology (QAT) Crypto PMD.**
+
+ * Added SM2 encryption and decryption algorithms.
+
Removed Items
-------------
diff --git a/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h b/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h
index 630c6e1a9b..aa49612ca1 100644
--- a/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h
+++ b/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h
@@ -1542,6 +1542,9 @@ icp_qat_fw_mmp_ecdsa_verify_gfp_521_input::in in @endlink
* @li no output parameters
*/
+#define PKE_ECSM2_ENCRYPTION 0x25221720
+#define PKE_ECSM2_DECRYPTION 0x201716e6
+
#define PKE_LIVENESS 0x00000001
/**< Functionality ID for PKE_LIVENESS
* @li 0 input parameter(s)
diff --git a/drivers/common/qat/qat_adf/qat_pke.h b/drivers/common/qat/qat_adf/qat_pke.h
index f88932a275..ac051e965d 100644
--- a/drivers/common/qat/qat_adf/qat_pke.h
+++ b/drivers/common/qat/qat_adf/qat_pke.h
@@ -334,4 +334,24 @@ get_sm2_ecdsa_verify_function(void)
return qat_function;
}
+static struct qat_asym_function
+get_sm2_encryption_function(void)
+{
+ struct qat_asym_function qat_function = {
+ PKE_ECSM2_ENCRYPTION, 32
+ };
+
+ return qat_function;
+}
+
+static struct qat_asym_function
+get_sm2_decryption_function(void)
+{
+ struct qat_asym_function qat_function = {
+ PKE_ECSM2_DECRYPTION, 32
+ };
+
+ return qat_function;
+}
+
#endif
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index e43884e69b..3ce48a1486 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -932,6 +932,15 @@ sm2_ecdsa_sign_set_input(struct icp_qat_fw_pke_request *qat_req,
qat_req->input_param_count = 3;
qat_req->output_param_count = 2;
+ HEXDUMP("SM2 K test", asym_op->sm2.k.data,
+ cookie->alg_bytesize);
+ HEXDUMP("SM2 K", cookie->input_array[0],
+ cookie->alg_bytesize);
+ HEXDUMP("SM2 msg", cookie->input_array[1],
+ cookie->alg_bytesize);
+ HEXDUMP("SM2 pkey", cookie->input_array[2],
+ cookie->alg_bytesize);
+
return RTE_CRYPTO_OP_STATUS_SUCCESS;
}
@@ -983,6 +992,114 @@ sm2_ecdsa_sign_collect(struct rte_crypto_asym_op *asym_op,
}
static int
+sm2_encryption_set_input(struct icp_qat_fw_pke_request *qat_req,
+ struct qat_asym_op_cookie *cookie,
+ const struct rte_crypto_asym_op *asym_op,
+ const struct rte_crypto_asym_xform *xform)
+{
+ const struct qat_asym_function qat_function =
+ get_sm2_encryption_function();
+ const uint32_t qat_func_alignsize =
+ qat_function.bytesize;
+
+ SET_PKE_LN(asym_op->sm2.k, qat_func_alignsize, 0);
+ SET_PKE_LN(xform->ec.q.x, qat_func_alignsize, 1);
+ SET_PKE_LN(xform->ec.q.y, qat_func_alignsize, 2);
+
+ cookie->alg_bytesize = qat_function.bytesize;
+ cookie->qat_func_alignsize = qat_function.bytesize;
+ qat_req->pke_hdr.cd_pars.func_id = qat_function.func_id;
+ qat_req->input_param_count = 3;
+ qat_req->output_param_count = 4;
+
+ HEXDUMP("SM2 K", cookie->input_array[0],
+ qat_func_alignsize);
+ HEXDUMP("SM2 Q.x", cookie->input_array[1],
+ qat_func_alignsize);
+ HEXDUMP("SM2 Q.y", cookie->input_array[2],
+ qat_func_alignsize);
+
+ return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
+static uint8_t
+sm2_encryption_collect(struct rte_crypto_asym_op *asym_op,
+ const struct qat_asym_op_cookie *cookie)
+{
+ uint32_t alg_bytesize = cookie->alg_bytesize;
+
+ rte_memcpy(asym_op->sm2.C1.x.data, cookie->output_array[0], alg_bytesize);
+ rte_memcpy(asym_op->sm2.C1.y.data, cookie->output_array[1], alg_bytesize);
+ rte_memcpy(asym_op->sm2.kP.x.data, cookie->output_array[2], alg_bytesize);
+ rte_memcpy(asym_op->sm2.kP.y.data, cookie->output_array[3], alg_bytesize);
+ asym_op->sm2.C1.x.length = alg_bytesize;
+ asym_op->sm2.C1.y.length = alg_bytesize;
+ asym_op->sm2.kP.x.length = alg_bytesize;
+ asym_op->sm2.kP.y.length = alg_bytesize;
+
+ HEXDUMP("C1[x1]", cookie->output_array[0],
+ alg_bytesize);
+ HEXDUMP("C1[y]", cookie->output_array[1],
+ alg_bytesize);
+ HEXDUMP("kP[x]", cookie->output_array[2],
+ alg_bytesize);
+ HEXDUMP("kP[y]", cookie->output_array[3],
+ alg_bytesize);
+ return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
+
+static int
+sm2_decryption_set_input(struct icp_qat_fw_pke_request *qat_req,
+ struct qat_asym_op_cookie *cookie,
+ const struct rte_crypto_asym_op *asym_op,
+ const struct rte_crypto_asym_xform *xform)
+{
+ const struct qat_asym_function qat_function =
+ get_sm2_decryption_function();
+ const uint32_t qat_func_alignsize =
+ qat_function.bytesize;
+
+ SET_PKE_LN(xform->ec.pkey, qat_func_alignsize, 0);
+ SET_PKE_LN(asym_op->sm2.C1.x, qat_func_alignsize, 1);
+ SET_PKE_LN(asym_op->sm2.C1.y, qat_func_alignsize, 2);
+
+ cookie->alg_bytesize = qat_function.bytesize;
+ cookie->qat_func_alignsize = qat_function.bytesize;
+ qat_req->pke_hdr.cd_pars.func_id = qat_function.func_id;
+ qat_req->input_param_count = 3;
+ qat_req->output_param_count = 2;
+
+ HEXDUMP("d", cookie->input_array[0],
+ qat_func_alignsize);
+ HEXDUMP("C1[x]", cookie->input_array[1],
+ qat_func_alignsize);
+ HEXDUMP("C1[y]", cookie->input_array[2],
+ qat_func_alignsize);
+
+ return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
+
+static uint8_t
+sm2_decryption_collect(struct rte_crypto_asym_op *asym_op,
+ const struct qat_asym_op_cookie *cookie)
+{
+ uint32_t alg_bytesize = cookie->alg_bytesize;
+
+ rte_memcpy(asym_op->sm2.kP.x.data, cookie->output_array[0], alg_bytesize);
+ rte_memcpy(asym_op->sm2.kP.y.data, cookie->output_array[1], alg_bytesize);
+ asym_op->sm2.kP.x.length = alg_bytesize;
+ asym_op->sm2.kP.y.length = alg_bytesize;
+
+ HEXDUMP("kP[x]", cookie->output_array[0],
+ alg_bytesize);
+ HEXDUMP("kP[y]", cookie->output_array[1],
+ alg_bytesize);
+ return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
+static int
asym_set_input(struct icp_qat_fw_pke_request *qat_req,
struct qat_asym_op_cookie *cookie,
const struct rte_crypto_asym_op *asym_op,
@@ -1014,14 +1131,20 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req,
asym_op, xform);
}
case RTE_CRYPTO_ASYM_XFORM_SM2:
- if (asym_op->sm2.op_type ==
- RTE_CRYPTO_ASYM_OP_VERIFY) {
+ if (asym_op->sm2.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
+ return sm2_encryption_set_input(qat_req, cookie,
+ asym_op, xform);
+ } else if (asym_op->sm2.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
+ return sm2_decryption_set_input(qat_req, cookie,
+ asym_op, xform);
+ } else if (asym_op->sm2.op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
return sm2_ecdsa_verify_set_input(qat_req, cookie,
asym_op, xform);
- } else {
+ } else if (asym_op->sm2.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
return sm2_ecdsa_sign_set_input(qat_req, cookie,
asym_op, xform);
}
+ break;
default:
QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform");
return -EINVAL;
@@ -1113,7 +1236,13 @@ qat_asym_collect_response(struct rte_crypto_op *op,
case RTE_CRYPTO_ASYM_XFORM_ECDH:
return ecdh_collect(asym_op, cookie);
case RTE_CRYPTO_ASYM_XFORM_SM2:
- return sm2_ecdsa_sign_collect(asym_op, cookie);
+ if (asym_op->sm2.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT)
+ return sm2_encryption_collect(asym_op, cookie);
+ else if (asym_op->sm2.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT)
+ return sm2_decryption_collect(asym_op, cookie);
+ else
+ return sm2_ecdsa_sign_collect(asym_op, cookie);
+
default:
QAT_LOG(ERR, "Not supported xform type");
return RTE_CRYPTO_OP_STATUS_ERROR;
@@ -1385,9 +1514,8 @@ qat_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
case RTE_CRYPTO_ASYM_XFORM_ECDSA:
case RTE_CRYPTO_ASYM_XFORM_ECPM:
case RTE_CRYPTO_ASYM_XFORM_ECDH:
- session_set_ec(qat_session, xform);
- break;
case RTE_CRYPTO_ASYM_XFORM_SM2:
+ session_set_ec(qat_session, xform);
break;
default:
ret = -ENOTSUP;
--
2.13.6