From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 85A6745C75; Mon, 4 Nov 2024 10:36:26 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7C05740E03; Mon, 4 Nov 2024 10:36:19 +0100 (CET) Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) by mails.dpdk.org (Postfix) with ESMTP id F40CF40DCD for ; Mon, 4 Nov 2024 10:36:16 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1730712977; x=1762248977; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=TvKHeu++gBGrjV0Bs02QhnZtiL9VzwvcDlCgIkSp+kY=; b=SwvZpT2z61pFYoaUe4lO3OPWQjXK0Wct7b2S5FpQusYZOVaRCALCBKvh ZpXnkv4Fwv7o4anXWD6Z8HhZvvKH28m61URCIMiCOZPe/OJLTahUHsIig 0/KvPcnJH5/OsFBoh8QDzHyFLfJq3NTsc2iT5RhYjZesXMQoHjxH7MNE6 rAHmbWK8XeWO3aybXYLPF7Q1dz5z0cDammRzim2lMkM89JCECQxdlGDMz f2IOeP2q2u3ZKd38wNdivpw91I+31SU3IR0/Z2PXQih6+uRwic61UdpSz XHYPF1TSpRHT8yLAEiguyGHASysvcGK7wDdn5OZxTom13IYwc3/yvg5wq w==; X-CSE-ConnectionGUID: xQPLtcnYRA+90qKz3UiTgg== X-CSE-MsgGUID: dKdw7OvQRUCgHz0u1pVkZA== X-IronPort-AV: E=McAfee;i="6700,10204,11245"; a="29828810" X-IronPort-AV: E=Sophos;i="6.11,256,1725346800"; d="scan'208";a="29828810" Received: from fmviesa002.fm.intel.com ([10.60.135.142]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Nov 2024 01:36:16 -0800 X-CSE-ConnectionGUID: mxSkRdkgTCm3vba1F6sTnQ== X-CSE-MsgGUID: J9Vh0sdoRRKG1Z5wgLQ3Lg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,256,1725346800"; d="scan'208";a="106950453" Received: from silpixa00400308.ir.intel.com ([10.237.214.154]) by fmviesa002.fm.intel.com with ESMTP; 04 Nov 2024 01:36:15 -0800 From: Arkadiusz Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, brian.dooley@intel.com, Arkadiusz Kusztal Subject: [PATCH v8 2/3] crypto/qat: add sm2 encryption/decryption function Date: Mon, 4 Nov 2024 09:36:09 +0000 Message-Id: <20241104093610.20426-3-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20241104093610.20426-1-arkadiuszx.kusztal@intel.com> References: <20241104093610.20426-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org This commit adds SM2 elliptic curve based asymmetric encryption and decryption to the Intel QuickAssist Technology PMD. Depends-on: patch-147900 ("[v2] crypto/qat: fix ecdsa session handling") Signed-off-by: Arkadiusz Kusztal --- doc/guides/rel_notes/release_24_11.rst | 4 + .../common/qat/qat_adf/icp_qat_fw_mmp_ids.h | 3 + drivers/common/qat/qat_adf/qat_pke.h | 20 +++ drivers/crypto/qat/dev/qat_crypto_pmd_gen4.c | 72 ++++++++- drivers/crypto/qat/qat_asym.c | 140 +++++++++++++++++- 5 files changed, 232 insertions(+), 7 deletions(-) diff --git a/doc/guides/rel_notes/release_24_11.rst b/doc/guides/rel_notes/release_24_11.rst index ee9e2cea3c..0b2f1e75d3 100644 --- a/doc/guides/rel_notes/release_24_11.rst +++ b/doc/guides/rel_notes/release_24_11.rst @@ -251,6 +251,10 @@ New Features Added ability for node to advertise and update multiple xstat counters, that can be retrieved using ``rte_graph_cluster_stats_get``. +* **Updated the QuickAssist Technology (QAT) Crypto PMD.** + + * Added SM2 encryption and decryption algorithms. + Removed Items ------------- diff --git a/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h b/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h index 630c6e1a9b..aa49612ca1 100644 --- a/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h +++ b/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h @@ -1542,6 +1542,9 @@ icp_qat_fw_mmp_ecdsa_verify_gfp_521_input::in in @endlink * @li no output parameters */ +#define PKE_ECSM2_ENCRYPTION 0x25221720 +#define PKE_ECSM2_DECRYPTION 0x201716e6 + #define PKE_LIVENESS 0x00000001 /**< Functionality ID for PKE_LIVENESS * @li 0 input parameter(s) diff --git a/drivers/common/qat/qat_adf/qat_pke.h b/drivers/common/qat/qat_adf/qat_pke.h index f88932a275..ac051e965d 100644 --- a/drivers/common/qat/qat_adf/qat_pke.h +++ b/drivers/common/qat/qat_adf/qat_pke.h @@ -334,4 +334,24 @@ get_sm2_ecdsa_verify_function(void) return qat_function; } +static struct qat_asym_function +get_sm2_encryption_function(void) +{ + struct qat_asym_function qat_function = { + PKE_ECSM2_ENCRYPTION, 32 + }; + + return qat_function; +} + +static struct qat_asym_function +get_sm2_decryption_function(void) +{ + struct qat_asym_function qat_function = { + PKE_ECSM2_DECRYPTION, 32 + }; + + return qat_function; +} + #endif diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gen4.c b/drivers/crypto/qat/dev/qat_crypto_pmd_gen4.c index 6a5d6e78b9..493f33229e 100644 --- a/drivers/crypto/qat/dev/qat_crypto_pmd_gen4.c +++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gen4.c @@ -115,6 +115,38 @@ static struct rte_cryptodev_capabilities qat_sym_crypto_caps_gen4[] = { RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; +static struct rte_cryptodev_capabilities qat_asym_crypto_caps_gen4[] = { + QAT_ASYM_CAP(MODEX, + 0, 1, 512, 1), + QAT_ASYM_CAP(MODINV, + 0, 1, 512, 1), + QAT_ASYM_CAP(RSA, + ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | + (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | + (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | + (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), + 64, 512, 64), + { /* SM2 */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xform_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_SM2, + .op_types = + ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | + (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | + (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | + (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), + .op_capa = { + [RTE_CRYPTO_ASYM_OP_ENCRYPT] = (1 << RTE_CRYPTO_SM2_PARTIAL), + [RTE_CRYPTO_ASYM_OP_DECRYPT] = (1 << RTE_CRYPTO_SM2_PARTIAL), + }, + }, + } + } + }, + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() +}; + static int qat_sym_crypto_cap_get_gen4(struct qat_cryptodev_private *internals, const char *capa_memz_name, @@ -157,6 +189,44 @@ qat_sym_crypto_cap_get_gen4(struct qat_cryptodev_private *internals, return 0; } +static int +qat_asym_crypto_cap_get_gen4(struct qat_cryptodev_private *internals, + const char *capa_memz_name, + const uint16_t __rte_unused slice_map) +{ + const uint32_t size = sizeof(qat_asym_crypto_caps_gen4); + uint32_t i; + + internals->capa_mz = rte_memzone_lookup(capa_memz_name); + if (internals->capa_mz == NULL) { + internals->capa_mz = rte_memzone_reserve(capa_memz_name, + size, rte_socket_id(), 0); + if (internals->capa_mz == NULL) { + QAT_LOG(DEBUG, + "Error allocating memzone for capabilities"); + return -1; + } + } + + struct rte_cryptodev_capabilities *addr = + (struct rte_cryptodev_capabilities *) + internals->capa_mz->addr; + const struct rte_cryptodev_capabilities *capabilities = + qat_asym_crypto_caps_gen4; + const uint32_t capa_num = + size / sizeof(struct rte_cryptodev_capabilities); + uint32_t curr_capa = 0; + + for (i = 0; i < capa_num; i++) { + memcpy(addr + curr_capa, capabilities + i, + sizeof(struct rte_cryptodev_capabilities)); + curr_capa++; + } + internals->qat_dev_capabilities = internals->capa_mz->addr; + + return 0; +} + static __rte_always_inline void enqueue_one_aead_job_gen4(struct qat_sym_session *ctx, struct icp_qat_fw_la_bulk_req *req, @@ -543,7 +613,7 @@ RTE_INIT(qat_asym_crypto_gen4_init) &qat_asym_crypto_ops_gen1; qat_asym_gen_dev_ops[QAT_VQAT].get_capabilities = qat_asym_gen_dev_ops[QAT_GEN4].get_capabilities = - qat_asym_crypto_cap_get_gen1; + qat_asym_crypto_cap_get_gen4; qat_asym_gen_dev_ops[QAT_VQAT].get_feature_flags = qat_asym_gen_dev_ops[QAT_GEN4].get_feature_flags = qat_asym_crypto_feature_flags_get_gen1; diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c index dfc52d1286..2459b02215 100644 --- a/drivers/crypto/qat/qat_asym.c +++ b/drivers/crypto/qat/qat_asym.c @@ -933,6 +933,15 @@ sm2_ecdsa_sign_set_input(struct icp_qat_fw_pke_request *qat_req, qat_req->input_param_count = 3; qat_req->output_param_count = 2; + HEXDUMP("SM2 K test", asym_op->sm2.k.data, + cookie->alg_bytesize); + HEXDUMP("SM2 K", cookie->input_array[0], + cookie->alg_bytesize); + HEXDUMP("SM2 msg", cookie->input_array[1], + cookie->alg_bytesize); + HEXDUMP("SM2 pkey", cookie->input_array[2], + cookie->alg_bytesize); + return RTE_CRYPTO_OP_STATUS_SUCCESS; } @@ -983,6 +992,114 @@ sm2_ecdsa_sign_collect(struct rte_crypto_asym_op *asym_op, return RTE_CRYPTO_OP_STATUS_SUCCESS; } +static int +sm2_encryption_set_input(struct icp_qat_fw_pke_request *qat_req, + struct qat_asym_op_cookie *cookie, + const struct rte_crypto_asym_op *asym_op, + const struct rte_crypto_asym_xform *xform) +{ + const struct qat_asym_function qat_function = + get_sm2_encryption_function(); + const uint32_t qat_func_alignsize = + qat_function.bytesize; + + SET_PKE_LN(asym_op->sm2.k, qat_func_alignsize, 0); + SET_PKE_LN(xform->ec.q.x, qat_func_alignsize, 1); + SET_PKE_LN(xform->ec.q.y, qat_func_alignsize, 2); + + cookie->alg_bytesize = qat_function.bytesize; + cookie->qat_func_alignsize = qat_function.bytesize; + qat_req->pke_hdr.cd_pars.func_id = qat_function.func_id; + qat_req->input_param_count = 3; + qat_req->output_param_count = 4; + + HEXDUMP("SM2 K", cookie->input_array[0], + qat_func_alignsize); + HEXDUMP("SM2 Q.x", cookie->input_array[1], + qat_func_alignsize); + HEXDUMP("SM2 Q.y", cookie->input_array[2], + qat_func_alignsize); + + return RTE_CRYPTO_OP_STATUS_SUCCESS; +} + +static uint8_t +sm2_encryption_collect(struct rte_crypto_asym_op *asym_op, + const struct qat_asym_op_cookie *cookie) +{ + uint32_t alg_bytesize = cookie->alg_bytesize; + + rte_memcpy(asym_op->sm2.c1.x.data, cookie->output_array[0], alg_bytesize); + rte_memcpy(asym_op->sm2.c1.y.data, cookie->output_array[1], alg_bytesize); + rte_memcpy(asym_op->sm2.kp.x.data, cookie->output_array[2], alg_bytesize); + rte_memcpy(asym_op->sm2.kp.y.data, cookie->output_array[3], alg_bytesize); + asym_op->sm2.c1.x.length = alg_bytesize; + asym_op->sm2.c1.y.length = alg_bytesize; + asym_op->sm2.kp.x.length = alg_bytesize; + asym_op->sm2.kp.y.length = alg_bytesize; + + HEXDUMP("c1[x1]", cookie->output_array[0], + alg_bytesize); + HEXDUMP("c1[y]", cookie->output_array[1], + alg_bytesize); + HEXDUMP("kp[x]", cookie->output_array[2], + alg_bytesize); + HEXDUMP("kp[y]", cookie->output_array[3], + alg_bytesize); + return RTE_CRYPTO_OP_STATUS_SUCCESS; +} + + +static int +sm2_decryption_set_input(struct icp_qat_fw_pke_request *qat_req, + struct qat_asym_op_cookie *cookie, + const struct rte_crypto_asym_op *asym_op, + const struct rte_crypto_asym_xform *xform) +{ + const struct qat_asym_function qat_function = + get_sm2_decryption_function(); + const uint32_t qat_func_alignsize = + qat_function.bytesize; + + SET_PKE_LN(xform->ec.pkey, qat_func_alignsize, 0); + SET_PKE_LN(asym_op->sm2.c1.x, qat_func_alignsize, 1); + SET_PKE_LN(asym_op->sm2.c1.y, qat_func_alignsize, 2); + + cookie->alg_bytesize = qat_function.bytesize; + cookie->qat_func_alignsize = qat_function.bytesize; + qat_req->pke_hdr.cd_pars.func_id = qat_function.func_id; + qat_req->input_param_count = 3; + qat_req->output_param_count = 2; + + HEXDUMP("d", cookie->input_array[0], + qat_func_alignsize); + HEXDUMP("c1[x]", cookie->input_array[1], + qat_func_alignsize); + HEXDUMP("c1[y]", cookie->input_array[2], + qat_func_alignsize); + + return RTE_CRYPTO_OP_STATUS_SUCCESS; +} + + +static uint8_t +sm2_decryption_collect(struct rte_crypto_asym_op *asym_op, + const struct qat_asym_op_cookie *cookie) +{ + uint32_t alg_bytesize = cookie->alg_bytesize; + + rte_memcpy(asym_op->sm2.kp.x.data, cookie->output_array[0], alg_bytesize); + rte_memcpy(asym_op->sm2.kp.y.data, cookie->output_array[1], alg_bytesize); + asym_op->sm2.kp.x.length = alg_bytesize; + asym_op->sm2.kp.y.length = alg_bytesize; + + HEXDUMP("kp[x]", cookie->output_array[0], + alg_bytesize); + HEXDUMP("kp[y]", cookie->output_array[1], + alg_bytesize); + return RTE_CRYPTO_OP_STATUS_SUCCESS; +} + static int asym_set_input(struct icp_qat_fw_pke_request *qat_req, struct qat_asym_op_cookie *cookie, @@ -1015,14 +1132,20 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req, asym_op, xform); } case RTE_CRYPTO_ASYM_XFORM_SM2: - if (asym_op->sm2.op_type == - RTE_CRYPTO_ASYM_OP_VERIFY) { + if (asym_op->sm2.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) { + return sm2_encryption_set_input(qat_req, cookie, + asym_op, xform); + } else if (asym_op->sm2.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) { + return sm2_decryption_set_input(qat_req, cookie, + asym_op, xform); + } else if (asym_op->sm2.op_type == RTE_CRYPTO_ASYM_OP_VERIFY) { return sm2_ecdsa_verify_set_input(qat_req, cookie, asym_op, xform); - } else { + } else if (asym_op->sm2.op_type == RTE_CRYPTO_ASYM_OP_SIGN) { return sm2_ecdsa_sign_set_input(qat_req, cookie, asym_op, xform); } + break; default: QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform"); return -EINVAL; @@ -1114,7 +1237,13 @@ qat_asym_collect_response(struct rte_crypto_op *op, case RTE_CRYPTO_ASYM_XFORM_ECDH: return ecdh_collect(asym_op, cookie); case RTE_CRYPTO_ASYM_XFORM_SM2: - return sm2_ecdsa_sign_collect(asym_op, cookie); + if (asym_op->sm2.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) + return sm2_encryption_collect(asym_op, cookie); + else if (asym_op->sm2.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) + return sm2_decryption_collect(asym_op, cookie); + else + return sm2_ecdsa_sign_collect(asym_op, cookie); + default: QAT_LOG(ERR, "Not supported xform type"); return RTE_CRYPTO_OP_STATUS_ERROR; @@ -1423,9 +1552,8 @@ qat_asym_session_configure(struct rte_cryptodev *dev __rte_unused, case RTE_CRYPTO_ASYM_XFORM_ECDSA: case RTE_CRYPTO_ASYM_XFORM_ECPM: case RTE_CRYPTO_ASYM_XFORM_ECDH: - ret = session_set_ec(qat_session, xform); - break; case RTE_CRYPTO_ASYM_XFORM_SM2: + ret = session_set_ec(qat_session, xform); break; default: ret = -ENOTSUP; -- 2.34.1