From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id DB81B41E93 for ; Tue, 14 Mar 2023 19:35:12 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5CA6742D1A; Tue, 14 Mar 2023 19:35:11 +0100 (CET) Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) by mails.dpdk.org (Postfix) with ESMTP id 03E0841611; Tue, 14 Mar 2023 19:35:08 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1678818909; x=1710354909; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=MgIMxc9nUpNHCuaE1dFmvcCAIrapEUwrvnYUePSCzP8=; b=loZGE0HlHFFTXs6zIg4X1coBtpfOj98fgyahiP/la4F9d+k4w6I7HHZI 1ZCbFKkxZPacTl8QKiiuZaM2oF59Um++yWsuYJDTLA2aj5QL1H/marSMU Sq1m8u5d7vc6ehF1n/oTThH3SAoRuOGGbkbD6vMF99vk6Awu2hYDyWm7n Cpbxble5Mpc69ymkT+QU5mcmaePK5M4U5bONOHY3QY/d0LSiU+/frWafU cvf4dAMjWKF2E9LYwXKVdGKPsiukSEOG/1+QxEEwnOqVIS/1j5X8ozeJL vlv+ObYvCcWAGgv8f2FBteZWu8y/X2f2kfUIZgzzrZmend5oOx1a6TZ+i g==; X-IronPort-AV: E=McAfee;i="6500,9779,10649"; a="400094169" X-IronPort-AV: E=Sophos;i="5.98,260,1673942400"; d="scan'208";a="400094169" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Mar 2023 11:35:08 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10649"; a="743423574" X-IronPort-AV: E=Sophos;i="5.98,260,1673942400"; d="scan'208";a="743423574" Received: from silpixa00400465.ir.intel.com ([10.55.128.39]) by fmsmga008.fm.intel.com with ESMTP; 14 Mar 2023 11:35:06 -0700 From: Kai Ji To: dev@dpdk.org Cc: gakhil@marvell.com, stable@dpdk.org, Arkadiusz Kusztal , Kai Ji Subject: [dpdk-dev v2 3/3] app/test: add ecdsa kat sessionless tests Date: Wed, 15 Mar 2023 02:34:57 +0800 Message-Id: <20230314183457.13918-4-kai.ji@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230314183457.13918-1-kai.ji@intel.com> References: <20230314001202.38306-1-kai.ji@intel.com> <20230314183457.13918-1-kai.ji@intel.com> X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org From: Arkadiusz Kusztal Added sessionless ECDSA known answer test cases to QAT asym crypto testsuite. Signed-off-by: Arkadiusz Kusztal Signed-off-by: Kai Ji --- app/test/test_cryptodev_asym.c | 209 +++++++++++++++++++++++++++++++++ 1 file changed, 209 insertions(+) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index fd5c5788b2..cc603ae805 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -2232,6 +2232,191 @@ test_ecpm_all_curve(void) return overall_status; } +/* + * ECDSA Signature generation function + */ +static int +test_ecdsa_sign(const void *input_vector) +{ + const struct crypto_testsuite_ecdsa_params *test_vector = input_vector; + struct crypto_testsuite_params_asym *ts_params = &testsuite_params; + struct rte_mempool *op_mpool = ts_params->op_mpool; + struct rte_crypto_op *op; + struct rte_crypto_op *result_op = NULL; + struct rte_crypto_asym_xform xform = { + .next = NULL, + .xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA, + .ec.curve_id = test_vector->curve + }; + uint8_t R[test_vector->sign_r.length]; + uint8_t S[test_vector->sign_s.length]; + const uint8_t dev_id = ts_params->valid_devs[0]; + int ret = TEST_SUCCESS; + + op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC); + if (op == NULL) { + RTE_LOG(ERR, USER1, + "line %u FAILED: %s", __LINE__, + "Failed to allocate asymmetric crypto " + "operation struct\n"); + return TEST_FAILED; + } + /* + * Set input data + * - Sessionless operation, no session will be created. User is responsible + * for taking care of xform lifetime -> in case of ECDSA no keys are stored + * in xform so it is not security crucial to clear data, although it is + * recommended to clear xform anyway. + * - Generation of signature pair R, S. + * - Message is a digest of message to be signed. + * - k is a random integer in interval (1, n - 1) + * - pkey is a private key + */ + op->sess_type = RTE_CRYPTO_OP_SESSIONLESS; + op->asym->xform = &xform; + op->asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN; + op->asym->ecdsa.message.data = test_vector->digest.data; + op->asym->ecdsa.message.length = test_vector->digest.length; + op->asym->ecdsa.k.data = test_vector->scalar.data; + op->asym->ecdsa.k.length = test_vector->scalar.length; + op->asym->ecdsa.pkey.data = test_vector->pkey.data; + op->asym->ecdsa.pkey.length = test_vector->pkey.length; + + /* + * Set output data + * Signature pair R, S. Positive integers. + */ + op->asym->ecdsa.r.data = R; + op->asym->ecdsa.s.data = S; + + /* Sending packet for signature generation */ + if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { + RTE_LOG(ERR, USER1, + "line %u FAILED: %s", __LINE__, + "Error sending packet for operation\n"); + ret = TEST_FAILED; + goto error_exit; + } + /* Waiting for packet to be dequeued */ + while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0) + rte_pause(); + + if (result_op == NULL) { + RTE_LOG(ERR, USER1, + "line %u FAILED: %s", __LINE__, + "Failed to process asym crypto op\n"); + ret = TEST_FAILED; + goto error_exit; + } + + if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { + RTE_LOG(ERR, USER1, + "line %u FAILED: %s", __LINE__, + "ECDSA generation failed.\n"); + ret = TEST_FAILED; + goto error_exit; + } + + /* Generated signature R, S */ + debug_hexdump(stdout, "R:", result_op->asym->ecdsa.r.data, + result_op->asym->ecdsa.r.length); + debug_hexdump(stdout, "S:", result_op->asym->ecdsa.s.data, + result_op->asym->ecdsa.s.length); + +error_exit: + rte_crypto_op_free(op); + return ret; +} + +/* + * ECDSA Signature verification function + */ +static int +test_ecdsa_verify(const void *input_vector) +{ + const struct crypto_testsuite_ecdsa_params *test_vector = input_vector; + struct crypto_testsuite_params_asym *ts_params = &testsuite_params; + struct rte_mempool *op_mpool = ts_params->op_mpool; + struct rte_crypto_op *op; + struct rte_crypto_op *result_op = NULL; + struct rte_crypto_asym_xform xform = { + .next = NULL, + .xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA, + .ec.curve_id = test_vector->curve + }; + const uint8_t dev_id = ts_params->valid_devs[0]; + int ret = TEST_SUCCESS; + + op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC); + if (op == NULL) { + RTE_LOG(ERR, USER1, + "line %u FAILED: %s", __LINE__, + "Failed to allocate asymmetric crypto " + "operation struct\n"); + ret = TEST_FAILED; + goto error_exit; + } + /* + * Set input data + * - Sessionless operation, no session will be created. User is responsible + * for taking care of xform lifetime -> in case of ECDSA no keys are stored + * in xform so it is not security crucial to clear data, although it is + * recommended to clear xform anyway. + * - Verification of signature pair R, S. + * - Message is a digest of message that was signed. + * - q is a public key + */ + op->sess_type = RTE_CRYPTO_OP_SESSIONLESS; + op->asym->xform = &xform; + op->asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY; + op->asym->ecdsa.message.data = test_vector->digest.data; + op->asym->ecdsa.message.length = test_vector->digest.length; + op->asym->ecdsa.q.x.data = test_vector->pubkey_qx.data; + op->asym->ecdsa.q.x.length = test_vector->pubkey_qx.length; + op->asym->ecdsa.q.y.data = test_vector->pubkey_qy.data; + op->asym->ecdsa.q.y.length = test_vector->pubkey_qx.length; + op->asym->ecdsa.r.data = test_vector->sign_r.data; + op->asym->ecdsa.r.length = test_vector->sign_r.length; + op->asym->ecdsa.s.data = test_vector->sign_s.data; + op->asym->ecdsa.s.length = test_vector->sign_s.length; + + /* Sending packet for signature generation */ + if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { + RTE_LOG(ERR, USER1, + "line %u FAILED: %s", __LINE__, + "Error sending packet for operation\n"); + ret = TEST_FAILED; + goto error_exit; + } + /* Waiting for packet to be dequeued */ + while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0) + rte_pause(); + + if (result_op == NULL) { + RTE_LOG(ERR, USER1, + "line %u FAILED: %s", __LINE__, + "Failed to process asym crypto op\n"); + ret = TEST_FAILED; + goto error_exit; + } + + /* + * If result_op->status equals RTE_CRYPTO_OP_STATUS_SUCCESS + * signature was verified correctly + */ + if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { + RTE_LOG(ERR, USER1, + "line %u FAILED: %s", __LINE__, + "ECDSA verify failed.\n"); + ret = TEST_FAILED; + goto error_exit; + } + +error_exit: + rte_crypto_op_free(op); + return ret; +} + static int test_ecdh(const void *input_vector) { @@ -2851,6 +3036,30 @@ static struct unit_test_suite cryptodev_qat_asym_testsuite = { .teardown = testsuite_teardown, .unit_test_cases = { TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_one_by_one), + TEST_CASE_NAMED_WITH_DATA( + "Test - ECDSA secp256r1 signature generation", + ut_setup_asym, ut_teardown_asym, + test_ecdsa_sign, &ecdsa_param_secp256r1), + TEST_CASE_NAMED_WITH_DATA( + "Test - ECDSA secp256r1 signature verification", + ut_setup_asym, ut_teardown_asym, + test_ecdsa_verify, &ecdsa_param_secp256r1), + TEST_CASE_NAMED_WITH_DATA( + "Test - ECDSA secp384r1 signature generation", + ut_setup_asym, ut_teardown_asym, + test_ecdsa_sign, &ecdsa_param_secp384r1), + TEST_CASE_NAMED_WITH_DATA( + "Test - ECDSA secp384r1 signature verification", + ut_setup_asym, ut_teardown_asym, + test_ecdsa_verify, &ecdsa_param_secp384r1), + TEST_CASE_NAMED_WITH_DATA( + "Test - ECDSA secp521r1 signature generation", + ut_setup_asym, ut_teardown_asym, + test_ecdsa_sign, &ecdsa_param_secp521r1), + TEST_CASE_NAMED_WITH_DATA( + "Test - ECDSA secp521r1 signature verification", + ut_setup_asym, ut_teardown_asym, + test_ecdsa_verify, &ecdsa_param_secp521r1), TEST_CASE_NAMED_WITH_DATA( "Test - ECDH secp256r1, RFC 5114 256", ut_setup_asym, ut_teardown_asym, -- 2.17.1