From: "Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com>
To: Akhil Goyal <gakhil@marvell.com>, "dev@dpdk.org" <dev@dpdk.org>
Cc: "Dooley, Brian" <brian.dooley@intel.com>
Subject: RE: [EXTERNAL] [PATCH v7 2/3] crypto/qat: add sm2 encryption/decryption function
Date: Fri, 25 Oct 2024 10:00:35 +0000 [thread overview]
Message-ID: <PH0PR11MB5013B62AFBB2A73F91FD1CBA9F4F2@PH0PR11MB5013.namprd11.prod.outlook.com> (raw)
In-Reply-To: <PH0PR18MB44914061636EC3699F18FC42D84E2@PH0PR18MB4491.namprd18.prod.outlook.com>
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Thursday, October 24, 2024 12:21 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Dooley, Brian <brian.dooley@intel.com>
> Subject: RE: [EXTERNAL] [PATCH v7 2/3] crypto/qat: add sm2
> encryption/decryption function
>
> > This commit adds SM2 elliptic curve based asymmetric encryption and
> > decryption to the Intel QuickAssist Technology PMD.
> >
> > Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
>
> You are again not using that capability flag RTE_CRYPTO_SM2_PARTIAL I
> thought you would add that by RC2.
Yes, I wanted to send some follow up for it because of the importance of the API patch, but since rc2 was moved I can do it properly this time,
if this can still be accepted.
>
> Also check asymmetric crypto openssl tests that are failing in CI for this
> patchset.
Fixed.
>
> > doc/guides/rel_notes/release_24_11.rst | 4 +
> > .../common/qat/qat_adf/icp_qat_fw_mmp_ids.h | 3 +
> > drivers/common/qat/qat_adf/qat_pke.h | 20 +++
> > drivers/crypto/qat/qat_asym.c | 140 +++++++++++++++++-
> > 4 files changed, 161 insertions(+), 6 deletions(-)
> >
> > diff --git a/doc/guides/rel_notes/release_24_11.rst
> > b/doc/guides/rel_notes/release_24_11.rst
> > index 0f91dae987..2404753e54 100644
> > --- a/doc/guides/rel_notes/release_24_11.rst
> > +++ b/doc/guides/rel_notes/release_24_11.rst
> > @@ -247,6 +247,10 @@ New Features
> > Added ability for node to advertise and update multiple xstat counters,
> > that can be retrieved using ``rte_graph_cluster_stats_get``.
> >
> > +* **Updated the QuickAssist Technology (QAT) Crypto PMD.**
> > +
> > + * Added SM2 encryption and decryption algorithms.
> > +
> >
> > Removed Items
> > -------------
> > diff --git a/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h
> > b/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h
> > index 630c6e1a9b..aa49612ca1 100644
> > --- a/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h
> > +++ b/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h
> > @@ -1542,6 +1542,9 @@ icp_qat_fw_mmp_ecdsa_verify_gfp_521_input::in
> in
> > @endlink
> > * @li no output parameters
> > */
> >
> > +#define PKE_ECSM2_ENCRYPTION 0x25221720 #define
> PKE_ECSM2_DECRYPTION
> > +0x201716e6
> > +
> > #define PKE_LIVENESS 0x00000001
> > /**< Functionality ID for PKE_LIVENESS
> > * @li 0 input parameter(s)
> > diff --git a/drivers/common/qat/qat_adf/qat_pke.h
> > b/drivers/common/qat/qat_adf/qat_pke.h
> > index f88932a275..ac051e965d 100644
> > --- a/drivers/common/qat/qat_adf/qat_pke.h
> > +++ b/drivers/common/qat/qat_adf/qat_pke.h
> > @@ -334,4 +334,24 @@ get_sm2_ecdsa_verify_function(void)
> > return qat_function;
> > }
> >
> > +static struct qat_asym_function
> > +get_sm2_encryption_function(void)
> > +{
> > + struct qat_asym_function qat_function = {
> > + PKE_ECSM2_ENCRYPTION, 32
> > + };
> > +
> > + return qat_function;
> > +}
> > +
> > +static struct qat_asym_function
> > +get_sm2_decryption_function(void)
> > +{
> > + struct qat_asym_function qat_function = {
> > + PKE_ECSM2_DECRYPTION, 32
> > + };
> > +
> > + return qat_function;
> > +}
> > +
> > #endif
> > diff --git a/drivers/crypto/qat/qat_asym.c
> > b/drivers/crypto/qat/qat_asym.c index 9e97582e22..991684135c 100644
> > --- a/drivers/crypto/qat/qat_asym.c
> > +++ b/drivers/crypto/qat/qat_asym.c
> > @@ -933,6 +933,15 @@ sm2_ecdsa_sign_set_input(struct
> > icp_qat_fw_pke_request *qat_req,
> > qat_req->input_param_count = 3;
> > qat_req->output_param_count = 2;
> >
> > + HEXDUMP("SM2 K test", asym_op->sm2.k.data,
> > + cookie->alg_bytesize);
> > + HEXDUMP("SM2 K", cookie->input_array[0],
> > + cookie->alg_bytesize);
> > + HEXDUMP("SM2 msg", cookie->input_array[1],
> > + cookie->alg_bytesize);
> > + HEXDUMP("SM2 pkey", cookie->input_array[2],
> > + cookie->alg_bytesize);
> > +
> > return RTE_CRYPTO_OP_STATUS_SUCCESS; }
> >
> > @@ -983,6 +992,114 @@ sm2_ecdsa_sign_collect(struct rte_crypto_asym_op
> > *asym_op,
> > return RTE_CRYPTO_OP_STATUS_SUCCESS; }
> >
> > +static int
> > +sm2_encryption_set_input(struct icp_qat_fw_pke_request *qat_req,
> > + struct qat_asym_op_cookie *cookie,
> > + const struct rte_crypto_asym_op *asym_op,
> > + const struct rte_crypto_asym_xform *xform) {
> > + const struct qat_asym_function qat_function =
> > + get_sm2_encryption_function();
> > + const uint32_t qat_func_alignsize =
> > + qat_function.bytesize;
> > +
> > + SET_PKE_LN(asym_op->sm2.k, qat_func_alignsize, 0);
> > + SET_PKE_LN(xform->ec.q.x, qat_func_alignsize, 1);
> > + SET_PKE_LN(xform->ec.q.y, qat_func_alignsize, 2);
> > +
> > + cookie->alg_bytesize = qat_function.bytesize;
> > + cookie->qat_func_alignsize = qat_function.bytesize;
> > + qat_req->pke_hdr.cd_pars.func_id = qat_function.func_id;
> > + qat_req->input_param_count = 3;
> > + qat_req->output_param_count = 4;
> > +
> > + HEXDUMP("SM2 K", cookie->input_array[0],
> > + qat_func_alignsize);
> > + HEXDUMP("SM2 Q.x", cookie->input_array[1],
> > + qat_func_alignsize);
> > + HEXDUMP("SM2 Q.y", cookie->input_array[2],
> > + qat_func_alignsize);
> > +
> > + return RTE_CRYPTO_OP_STATUS_SUCCESS; }
> > +
> > +static uint8_t
> > +sm2_encryption_collect(struct rte_crypto_asym_op *asym_op,
> > + const struct qat_asym_op_cookie *cookie) {
> > + uint32_t alg_bytesize = cookie->alg_bytesize;
> > +
> > + rte_memcpy(asym_op->sm2.c1.x.data, cookie->output_array[0],
> > alg_bytesize);
> > + rte_memcpy(asym_op->sm2.c1.y.data, cookie->output_array[1],
> > alg_bytesize);
> > + rte_memcpy(asym_op->sm2.kp.x.data, cookie->output_array[2],
> > alg_bytesize);
> > + rte_memcpy(asym_op->sm2.kp.y.data, cookie->output_array[3],
> > alg_bytesize);
> > + asym_op->sm2.c1.x.length = alg_bytesize;
> > + asym_op->sm2.c1.y.length = alg_bytesize;
> > + asym_op->sm2.kp.x.length = alg_bytesize;
> > + asym_op->sm2.kp.y.length = alg_bytesize;
> > +
> > + HEXDUMP("c1[x1]", cookie->output_array[0],
> > + alg_bytesize);
> > + HEXDUMP("c1[y]", cookie->output_array[1],
> > + alg_bytesize);
> > + HEXDUMP("kp[x]", cookie->output_array[2],
> > + alg_bytesize);
> > + HEXDUMP("kp[y]", cookie->output_array[3],
> > + alg_bytesize);
> > + return RTE_CRYPTO_OP_STATUS_SUCCESS; }
> > +
> > +
> > +static int
> > +sm2_decryption_set_input(struct icp_qat_fw_pke_request *qat_req,
> > + struct qat_asym_op_cookie *cookie,
> > + const struct rte_crypto_asym_op *asym_op,
> > + const struct rte_crypto_asym_xform *xform) {
> > + const struct qat_asym_function qat_function =
> > + get_sm2_decryption_function();
> > + const uint32_t qat_func_alignsize =
> > + qat_function.bytesize;
> > +
> > + SET_PKE_LN(xform->ec.pkey, qat_func_alignsize, 0);
> > + SET_PKE_LN(asym_op->sm2.c1.x, qat_func_alignsize, 1);
> > + SET_PKE_LN(asym_op->sm2.c1.y, qat_func_alignsize, 2);
> > +
> > + cookie->alg_bytesize = qat_function.bytesize;
> > + cookie->qat_func_alignsize = qat_function.bytesize;
> > + qat_req->pke_hdr.cd_pars.func_id = qat_function.func_id;
> > + qat_req->input_param_count = 3;
> > + qat_req->output_param_count = 2;
> > +
> > + HEXDUMP("d", cookie->input_array[0],
> > + qat_func_alignsize);
> > + HEXDUMP("c1[x]", cookie->input_array[1],
> > + qat_func_alignsize);
> > + HEXDUMP("c1[y]", cookie->input_array[2],
> > + qat_func_alignsize);
> > +
> > + return RTE_CRYPTO_OP_STATUS_SUCCESS; }
> > +
> > +
> > +static uint8_t
> > +sm2_decryption_collect(struct rte_crypto_asym_op *asym_op,
> > + const struct qat_asym_op_cookie *cookie) {
> > + uint32_t alg_bytesize = cookie->alg_bytesize;
> > +
> > + rte_memcpy(asym_op->sm2.kp.x.data, cookie->output_array[0],
> > alg_bytesize);
> > + rte_memcpy(asym_op->sm2.kp.y.data, cookie->output_array[1],
> > alg_bytesize);
> > + asym_op->sm2.kp.x.length = alg_bytesize;
> > + asym_op->sm2.kp.y.length = alg_bytesize;
> > +
> > + HEXDUMP("kp[x]", cookie->output_array[0],
> > + alg_bytesize);
> > + HEXDUMP("kp[y]", cookie->output_array[1],
> > + alg_bytesize);
> > + return RTE_CRYPTO_OP_STATUS_SUCCESS; }
> > +
> > static int
> > asym_set_input(struct icp_qat_fw_pke_request *qat_req,
> > struct qat_asym_op_cookie *cookie,
> > @@ -1015,14 +1132,20 @@ asym_set_input(struct icp_qat_fw_pke_request
> > *qat_req,
> > asym_op, xform);
> > }
> > case RTE_CRYPTO_ASYM_XFORM_SM2:
> > - if (asym_op->sm2.op_type ==
> > - RTE_CRYPTO_ASYM_OP_VERIFY) {
> > + if (asym_op->sm2.op_type ==
> > RTE_CRYPTO_ASYM_OP_ENCRYPT) {
> > + return sm2_encryption_set_input(qat_req, cookie,
> > + asym_op, xform);
> > + } else if (asym_op->sm2.op_type ==
> > RTE_CRYPTO_ASYM_OP_DECRYPT) {
> > + return sm2_decryption_set_input(qat_req, cookie,
> > + asym_op, xform);
> > + } else if (asym_op->sm2.op_type ==
> > RTE_CRYPTO_ASYM_OP_VERIFY) {
> > return sm2_ecdsa_verify_set_input(qat_req, cookie,
> > asym_op, xform);
> > - } else {
> > + } else if (asym_op->sm2.op_type ==
> > RTE_CRYPTO_ASYM_OP_SIGN) {
> > return sm2_ecdsa_sign_set_input(qat_req, cookie,
> > asym_op, xform);
> > }
> > + break;
> > default:
> > QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto
> xform");
> > return -EINVAL;
> > @@ -1114,7 +1237,13 @@ qat_asym_collect_response(struct rte_crypto_op
> > *op,
> > case RTE_CRYPTO_ASYM_XFORM_ECDH:
> > return ecdh_collect(asym_op, cookie);
> > case RTE_CRYPTO_ASYM_XFORM_SM2:
> > - return sm2_ecdsa_sign_collect(asym_op, cookie);
> > + if (asym_op->sm2.op_type ==
> > RTE_CRYPTO_ASYM_OP_ENCRYPT)
> > + return sm2_encryption_collect(asym_op, cookie);
> > + else if (asym_op->sm2.op_type ==
> > RTE_CRYPTO_ASYM_OP_DECRYPT)
> > + return sm2_decryption_collect(asym_op, cookie);
> > + else
> > + return sm2_ecdsa_sign_collect(asym_op, cookie);
> > +
> > default:
> > QAT_LOG(ERR, "Not supported xform type");
> > return RTE_CRYPTO_OP_STATUS_ERROR; @@ -1386,9 +1515,8
> @@
> > qat_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
> > case RTE_CRYPTO_ASYM_XFORM_ECDSA:
> > case RTE_CRYPTO_ASYM_XFORM_ECPM:
> > case RTE_CRYPTO_ASYM_XFORM_ECDH:
> > - session_set_ec(qat_session, xform);
> > - break;
> > case RTE_CRYPTO_ASYM_XFORM_SM2:
> > + session_set_ec(qat_session, xform);
> > break;
> > default:
> > ret = -ENOTSUP;
> > --
> > 2.17.1
next prev parent reply other threads:[~2024-10-25 10:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-23 8:19 [PATCH v7 0/3] add ec points to sm2 op Arkadiusz Kusztal
2024-10-23 8:19 ` [PATCH v7 1/3] cryptodev: " Arkadiusz Kusztal
2024-10-23 8:19 ` [PATCH v7 2/3] crypto/qat: add sm2 encryption/decryption function Arkadiusz Kusztal
2024-10-24 10:20 ` [EXTERNAL] " Akhil Goyal
2024-10-25 10:00 ` Kusztal, ArkadiuszX [this message]
2024-10-23 8:19 ` [PATCH v7 3/3] app/test: add test sm2 C1/Kp test cases Arkadiusz Kusztal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PH0PR11MB5013B62AFBB2A73F91FD1CBA9F4F2@PH0PR11MB5013.namprd11.prod.outlook.com \
--to=arkadiuszx.kusztal@intel.com \
--cc=brian.dooley@intel.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).