[PATCH 0/3] crypto/qat: extend asymmetric crypto pmd

[PATCH 0/3] crypto/qat: extend asymmetric crypto pmd

[Arek Kusztal]

This patchset extends Intel QuickAssist Technology asymmetric crypto PMD.
Following features were added:
- ECDH algorithm handling
- EC point verification

Arek Kusztal (3):
  crypto/qat: make immutable parameters constant
  crypto/qat: add ecdh key exchange algorithm
  crypto/qat: add ecdh public key verification

 drivers/common/qat/qat_adf/qat_pke.h |  40 ++++-
 drivers/crypto/qat/qat_asym.c        | 283 +++++++++++++++++++++++++++--------
 drivers/crypto/qat/qat_ec.h          |   2 +-
 3 files changed, 250 insertions(+), 75 deletions(-)

-- 
2.13.6

[PATCH 1/3] crypto/qat: make immutable parameters constant

[Arek Kusztal]

All pointers passed to functions that are not supposed
to have its data changed should be marked as constant.
Additionally session field should be checked only in
with session case.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/common/qat/qat_adf/qat_pke.h |  16 ++---
 drivers/crypto/qat/qat_asym.c        | 133 ++++++++++++++++++-----------------
 drivers/crypto/qat/qat_ec.h          |   2 +-
 3 files changed, 76 insertions(+), 75 deletions(-)

diff --git a/drivers/common/qat/qat_adf/qat_pke.h b/drivers/common/qat/qat_adf/qat_pke.h
index 6c12bfd989..00e2b776dc 100644
--- a/drivers/common/qat/qat_adf/qat_pke.h
+++ b/drivers/common/qat/qat_adf/qat_pke.h
@@ -50,13 +50,13 @@ get_modexp_function2(uint32_t bytesize)
 }
 
 static struct qat_asym_function
-get_modexp_function(struct rte_crypto_asym_xform *xform)
+get_modexp_function(const struct rte_crypto_asym_xform *xform)
 {
 	return get_modexp_function2(xform->modex.modulus.length);
 }
 
 static struct qat_asym_function
-get_modinv_function(struct rte_crypto_asym_xform *xform)
+get_modinv_function(const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function = { };
 
@@ -137,7 +137,7 @@ get_modinv_function(struct rte_crypto_asym_xform *xform)
 }
 
 static struct qat_asym_function
-get_rsa_enc_function(struct rte_crypto_asym_xform *xform)
+get_rsa_enc_function(const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function = { };
 
@@ -164,7 +164,7 @@ get_rsa_enc_function(struct rte_crypto_asym_xform *xform)
 }
 
 static struct qat_asym_function
-get_rsa_dec_function(struct rte_crypto_asym_xform *xform)
+get_rsa_dec_function(const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function = { };
 
@@ -191,7 +191,7 @@ get_rsa_dec_function(struct rte_crypto_asym_xform *xform)
 }
 
 static struct qat_asym_function
-get_rsa_crt_function(struct rte_crypto_asym_xform *xform)
+get_rsa_crt_function(const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function = { };
 	int nlen = xform->rsa.qt.p.length * 2;
@@ -219,7 +219,7 @@ get_rsa_crt_function(struct rte_crypto_asym_xform *xform)
 }
 
 static struct qat_asym_function
-get_ecdsa_verify_function(struct rte_crypto_asym_xform *xform)
+get_ecdsa_verify_function(const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 
@@ -243,7 +243,7 @@ get_ecdsa_verify_function(struct rte_crypto_asym_xform *xform)
 }
 
 static struct qat_asym_function
-get_ecdsa_function(struct rte_crypto_asym_xform *xform)
+get_ecdsa_function(const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 
@@ -267,7 +267,7 @@ get_ecdsa_function(struct rte_crypto_asym_xform *xform)
 }
 
 static struct qat_asym_function
-get_ecpm_function(struct rte_crypto_asym_xform *xform)
+get_ecpm_function(const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 19931791c4..374452020a 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -129,7 +129,7 @@ cleanup_crt(struct qat_asym_op_cookie *cookie,
 
 static void
 cleanup(struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform, int alg_size)
+		const struct rte_crypto_asym_xform *xform, int alg_size)
 {
 	if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODEX)
 		cleanup_arrays(cookie, QAT_ASYM_MODEXP_NUM_IN_PARAMS,
@@ -175,7 +175,7 @@ check_zero(rte_crypto_param n)
 }
 
 static struct qat_asym_function
-get_asym_function(struct rte_crypto_asym_xform *xform)
+get_asym_function(const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 
@@ -195,10 +195,10 @@ get_asym_function(struct rte_crypto_asym_xform *xform)
 }
 
 static int
-modexp_set_input(struct rte_crypto_asym_op *asym_op,
-		struct icp_qat_fw_pke_request *qat_req,
+modexp_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 	uint32_t alg_bytesize, func_id, in_bytesize;
@@ -245,8 +245,8 @@ modexp_set_input(struct rte_crypto_asym_op *asym_op,
 
 static uint8_t
 modexp_collect(struct rte_crypto_asym_op *asym_op,
-		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct qat_asym_op_cookie *cookie,
+		const struct rte_crypto_asym_xform *xform)
 {
 	rte_crypto_param n = xform->modex.modulus;
 	uint32_t alg_bytesize = cookie->alg_bytesize;
@@ -265,10 +265,10 @@ modexp_collect(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
-modinv_set_input(struct rte_crypto_asym_op *asym_op,
-		struct icp_qat_fw_pke_request *qat_req,
+modinv_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 	uint32_t alg_bytesize, func_id;
@@ -305,8 +305,8 @@ modinv_set_input(struct rte_crypto_asym_op *asym_op,
 
 static uint8_t
 modinv_collect(struct rte_crypto_asym_op *asym_op,
-		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct qat_asym_op_cookie *cookie,
+		const struct rte_crypto_asym_xform *xform)
 {
 	rte_crypto_param n = xform->modinv.modulus;
 	uint8_t *modinv_result = asym_op->modinv.result.data;
@@ -326,10 +326,10 @@ modinv_collect(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
-rsa_set_pub_input(struct rte_crypto_asym_op *asym_op,
-		struct icp_qat_fw_pke_request *qat_req,
+rsa_set_pub_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 	uint32_t alg_bytesize, func_id;
@@ -382,10 +382,10 @@ rsa_set_pub_input(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
-rsa_set_priv_input(struct rte_crypto_asym_op *asym_op,
-		struct icp_qat_fw_pke_request *qat_req,
+rsa_set_priv_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 	uint32_t alg_bytesize, func_id;
@@ -475,10 +475,10 @@ rsa_set_priv_input(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
-rsa_set_input(struct rte_crypto_asym_op *asym_op,
-		struct icp_qat_fw_pke_request *qat_req,
+rsa_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
 {
 	qat_req->input_param_count =
 			QAT_ASYM_RSA_NUM_IN_PARAMS;
@@ -488,15 +488,15 @@ rsa_set_input(struct rte_crypto_asym_op *asym_op,
 	if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT ||
 			asym_op->rsa.op_type ==
 				RTE_CRYPTO_ASYM_OP_VERIFY) {
-		return rsa_set_pub_input(asym_op, qat_req, cookie, xform);
+		return rsa_set_pub_input(qat_req, cookie, asym_op, xform);
 	} else {
-		return rsa_set_priv_input(asym_op, qat_req, cookie, xform);
+		return rsa_set_priv_input(qat_req, cookie, asym_op, xform);
 	}
 }
 
 static uint8_t
 rsa_collect(struct rte_crypto_asym_op *asym_op,
-		struct qat_asym_op_cookie *cookie)
+		const struct qat_asym_op_cookie *cookie)
 {
 	uint32_t alg_bytesize = cookie->alg_bytesize;
 
@@ -560,10 +560,10 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
-ecdsa_set_input(struct rte_crypto_asym_op *asym_op,
-		struct icp_qat_fw_pke_request *qat_req,
+ecdsa_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 	uint32_t qat_func_alignsize, func_id;
@@ -663,7 +663,7 @@ ecdsa_set_input(struct rte_crypto_asym_op *asym_op,
 
 static uint8_t
 ecdsa_collect(struct rte_crypto_asym_op *asym_op,
-		struct qat_asym_op_cookie *cookie)
+		const struct qat_asym_op_cookie *cookie)
 {
 	uint32_t alg_bytesize = cookie->alg_bytesize;
 	uint32_t qat_func_alignsize = cookie->qat_func_alignsize;
@@ -687,10 +687,10 @@ ecdsa_collect(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
-ecpm_set_input(struct rte_crypto_asym_op *asym_op,
-		struct icp_qat_fw_pke_request *qat_req,
+ecpm_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 	uint32_t qat_func_alignsize, func_id;
@@ -739,7 +739,7 @@ ecpm_set_input(struct rte_crypto_asym_op *asym_op,
 
 static uint8_t
 ecpm_collect(struct rte_crypto_asym_op *asym_op,
-		struct qat_asym_op_cookie *cookie)
+		const struct qat_asym_op_cookie *cookie)
 {
 	uint8_t *x = asym_op->ecpm.r.x.data;
 	uint8_t *y = asym_op->ecpm.r.y.data;
@@ -760,27 +760,27 @@ ecpm_collect(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
-asym_set_input(struct rte_crypto_asym_op *asym_op,
-		struct icp_qat_fw_pke_request *qat_req,
+asym_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
 {
 	switch (xform->xform_type) {
 	case RTE_CRYPTO_ASYM_XFORM_MODEX:
-		return modexp_set_input(asym_op, qat_req,
-				cookie, xform);
+		return modexp_set_input(qat_req, cookie,
+				asym_op, xform);
 	case RTE_CRYPTO_ASYM_XFORM_MODINV:
-		return modinv_set_input(asym_op, qat_req,
-				cookie, xform);
+		return modinv_set_input(qat_req, cookie,
+				asym_op, xform);
 	case RTE_CRYPTO_ASYM_XFORM_RSA:
-		return rsa_set_input(asym_op, qat_req,
-				cookie, xform);
+		return rsa_set_input(qat_req, cookie,
+				asym_op, xform);
 	case RTE_CRYPTO_ASYM_XFORM_ECDSA:
-		return ecdsa_set_input(asym_op, qat_req,
-				cookie, xform);
+		return ecdsa_set_input(qat_req, cookie,
+				asym_op, xform);
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
-		return ecpm_set_input(asym_op, qat_req,
-				cookie, xform);
+		return ecpm_set_input(qat_req, cookie,
+				asym_op, xform);
 	default:
 		QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform");
 		return -EINVAL;
@@ -790,28 +790,28 @@ asym_set_input(struct rte_crypto_asym_op *asym_op,
 
 static int
 qat_asym_build_request(void *in_op, uint8_t *out_msg, void *op_cookie,
-			__rte_unused uint64_t *opaque,
+			__rte_unused uint64_t *opaque_data,
 			__rte_unused enum qat_device_gen qat_dev_gen)
 {
 	struct rte_crypto_op *op = (struct rte_crypto_op *)in_op;
-	struct rte_crypto_asym_op *asym_op = op->asym;
 	struct icp_qat_fw_pke_request *qat_req =
 			(struct icp_qat_fw_pke_request *)out_msg;
 	struct qat_asym_op_cookie *cookie =
 			(struct qat_asym_op_cookie *)op_cookie;
-	struct rte_crypto_asym_xform *xform;
-	struct qat_asym_session *qat_session = (struct qat_asym_session *)
-			op->asym->session->sess_private_data;
-	int err = 0;
-
-	if (unlikely(qat_session == NULL)) {
-		QAT_DP_LOG(ERR, "Session was not created for this device");
-		goto error;
-	}
+	const struct qat_asym_session *qat_session;
+	const struct rte_crypto_asym_xform *xform;
+	int error_no = 0;
 
 	op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
 	switch (op->sess_type) {
 	case RTE_CRYPTO_OP_WITH_SESSION:
+		qat_session = (struct qat_asym_session *)
+			op->asym->session->sess_private_data;
+		if (unlikely(qat_session == NULL)) {
+			QAT_DP_LOG(ERR,
+				"Session was not created for this device");
+			goto error;
+		}
 		request_init(qat_req);
 		xform = &qat_session->xform;
 		break;
@@ -824,9 +824,9 @@ qat_asym_build_request(void *in_op, uint8_t *out_msg, void *op_cookie,
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
 		goto error;
 	}
-	err = asym_set_input(asym_op, qat_req, cookie,
-			xform);
-	if (err) {
+	error_no = asym_set_input(qat_req, cookie,
+			op->asym, xform);
+	if (error_no) {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 		goto error;
 	}
@@ -844,15 +844,15 @@ qat_asym_build_request(void *in_op, uint8_t *out_msg, void *op_cookie,
 	qat_req->output_param_count = 0;
 	qat_req->input_param_count = 0;
 	qat_req->pke_hdr.service_type = ICP_QAT_FW_COMN_REQ_NULL;
-	cookie->error |= err;
+	cookie->error |= error_no;
 
 	return 0;
 }
 
 static uint8_t
 qat_asym_collect_response(struct rte_crypto_op *op,
-		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct qat_asym_op_cookie *cookie,
+		const struct rte_crypto_asym_xform *xform)
 {
 	struct rte_crypto_asym_op *asym_op = op->asym;
 
@@ -877,14 +877,13 @@ static int
 qat_asym_process_response(void **out_op, uint8_t *resp,
 		void *op_cookie, __rte_unused uint64_t *dequeue_err_count)
 {
-	struct icp_qat_fw_pke_resp *resp_msg =
+	const struct icp_qat_fw_pke_resp *resp_msg =
 			(struct icp_qat_fw_pke_resp *)resp;
 	struct rte_crypto_op *op = (struct rte_crypto_op *)(uintptr_t)
 			(resp_msg->opaque);
 	struct qat_asym_op_cookie *cookie = op_cookie;
-	struct rte_crypto_asym_xform *xform;
-	struct qat_asym_session *qat_session = (struct qat_asym_session *)
-			op->asym->session->sess_private_data;
+	const struct rte_crypto_asym_xform *xform;
+	const struct qat_asym_session *qat_session;
 
 	if (cookie->error) {
 		cookie->error = 0;
@@ -909,6 +908,8 @@ qat_asym_process_response(void **out_op, uint8_t *resp,
 
 	switch (op->sess_type) {
 	case RTE_CRYPTO_OP_WITH_SESSION:
+		qat_session = (struct qat_asym_session *)
+			op->asym->session->sess_private_data;
 		xform = &qat_session->xform;
 		break;
 	case RTE_CRYPTO_OP_SESSIONLESS:
diff --git a/drivers/crypto/qat/qat_ec.h b/drivers/crypto/qat/qat_ec.h
index bbd0b31949..0e02722c18 100644
--- a/drivers/crypto/qat/qat_ec.h
+++ b/drivers/crypto/qat/qat_ec.h
@@ -264,7 +264,7 @@ static struct elliptic_curve curve[] = {
 };
 
 static int
-pick_curve(struct rte_crypto_asym_xform *xform)
+pick_curve(const struct rte_crypto_asym_xform *xform)
 {
 	switch (xform->ec.curve_id) {
 	case RTE_CRYPTO_EC_GROUP_SECP256R1:
-- 
2.13.6

[PATCH 2/3] crypto/qat: add ecdh key exchange algorithm

[Arek Kusztal]

This commit adds ECDH algorithm to Intel QuickAssist
Technology driver.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/qat/qat_asym.c | 94 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)

diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 374452020a..34fb3f5a45 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -760,6 +760,95 @@ ecpm_collect(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
+ecdh_set_input(struct icp_qat_fw_pke_request *qat_req,
+		struct qat_asym_op_cookie *cookie,
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
+{
+	struct qat_asym_function qat_function;
+	uint32_t qat_func_alignsize, func_id;
+	int curve_id;
+
+	curve_id = pick_curve(xform);
+	if (curve_id < 0) {
+		QAT_LOG(DEBUG, "Incorrect elliptic curve");
+		return -EINVAL;
+	}
+
+	qat_function = get_ecpm_function(xform);
+	func_id = qat_function.func_id;
+	if (func_id == 0) {
+		QAT_LOG(ERR, "Cannot obtain functionality id");
+		return -EINVAL;
+	}
+	qat_func_alignsize = RTE_ALIGN_CEIL(qat_function.bytesize, 8);
+
+	if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
+		SET_PKE_LN(asym_op->ecdh.priv_key, qat_func_alignsize, 0);
+		SET_PKE_LN_EC(curve[curve_id], x, 1);
+		SET_PKE_LN_EC(curve[curve_id], y, 2);
+	} else {
+		SET_PKE_LN(asym_op->ecdh.priv_key, qat_func_alignsize, 0);
+		SET_PKE_LN(asym_op->ecdh.pub_key.x, qat_func_alignsize, 1);
+		SET_PKE_LN(asym_op->ecdh.pub_key.y, qat_func_alignsize, 2);
+	}
+	SET_PKE_LN_EC(curve[curve_id], a, 3);
+	SET_PKE_LN_EC(curve[curve_id], b, 4);
+	SET_PKE_LN_EC(curve[curve_id], p, 5);
+	SET_PKE_LN_EC(curve[curve_id], h, 6);
+
+	cookie->alg_bytesize = curve[curve_id].bytesize;
+	cookie->qat_func_alignsize = qat_func_alignsize;
+	qat_req->pke_hdr.cd_pars.func_id = func_id;
+	qat_req->input_param_count =
+			QAT_ASYM_ECPM_IN_PARAMS;
+	qat_req->output_param_count =
+			QAT_ASYM_ECPM_OUT_PARAMS;
+
+	HEXDUMP("k", cookie->input_array[0], qat_func_alignsize);
+	HEXDUMP("xG", cookie->input_array[1], qat_func_alignsize);
+	HEXDUMP("yG", cookie->input_array[2], qat_func_alignsize);
+	HEXDUMP("a", cookie->input_array[3], qat_func_alignsize);
+	HEXDUMP("b", cookie->input_array[4], qat_func_alignsize);
+	HEXDUMP("q", cookie->input_array[5], qat_func_alignsize);
+	HEXDUMP("h", cookie->input_array[6], qat_func_alignsize);
+
+	return 0;
+}
+
+static uint8_t
+ecdh_collect(struct rte_crypto_asym_op *asym_op,
+		const struct qat_asym_op_cookie *cookie,
+		const struct rte_crypto_asym_xform *xform)
+{
+	uint8_t *x, *y;
+	uint32_t alg_bytesize = cookie->alg_bytesize;
+	uint32_t qat_func_alignsize = cookie->qat_func_alignsize;
+	uint32_t ltrim = qat_func_alignsize - alg_bytesize;
+
+	if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
+		asym_op->ecdh.pub_key.x.length = alg_bytesize;
+		asym_op->ecdh.pub_key.y.length = alg_bytesize;
+		x = asym_op->ecdh.pub_key.x.data;
+		y = asym_op->ecdh.pub_key.y.data;
+	} else {
+		asym_op->ecdh.shared_secret.x.length = alg_bytesize;
+		asym_op->ecdh.shared_secret.y.length = alg_bytesize;
+		x = asym_op->ecdh.shared_secret.x.data;
+		y = asym_op->ecdh.shared_secret.y.data;
+	}
+
+	rte_memcpy(x, &cookie->output_array[0][ltrim], alg_bytesize);
+	rte_memcpy(y, &cookie->output_array[1][ltrim], alg_bytesize);
+
+	HEXDUMP("X", cookie->output_array[0],
+		qat_func_alignsize);
+	HEXDUMP("Y", cookie->output_array[1],
+		qat_func_alignsize);
+	return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
+static int
 asym_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
 		const struct rte_crypto_asym_op *asym_op,
@@ -781,6 +870,9 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req,
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 		return ecpm_set_input(qat_req, cookie,
 				asym_op, xform);
+	case RTE_CRYPTO_ASYM_XFORM_ECDH:
+		return ecdh_set_input(qat_req, cookie,
+				asym_op, xform);
 	default:
 		QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform");
 		return -EINVAL;
@@ -867,6 +959,8 @@ qat_asym_collect_response(struct rte_crypto_op *op,
 		return ecdsa_collect(asym_op, cookie);
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 		return ecpm_collect(asym_op, cookie);
+	case RTE_CRYPTO_ASYM_XFORM_ECDH:
+		return ecdh_collect(asym_op, cookie, xform);
 	default:
 		QAT_LOG(ERR, "Not supported xform type");
 		return  RTE_CRYPTO_OP_STATUS_ERROR;
-- 
2.13.6

[PATCH 3/3] crypto/qat: add ecdh public key verification

[Arek Kusztal]

This commit adds verification option for elliptic curve
points when used along ECDH algorithm.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/common/qat/qat_adf/qat_pke.h | 24 +++++++++++++++
 drivers/crypto/qat/qat_asym.c        | 58 +++++++++++++++++++++++++++++++++++-
 2 files changed, 81 insertions(+), 1 deletion(-)

diff --git a/drivers/common/qat/qat_adf/qat_pke.h b/drivers/common/qat/qat_adf/qat_pke.h
index 00e2b776dc..4b09e76dbb 100644
--- a/drivers/common/qat/qat_adf/qat_pke.h
+++ b/drivers/common/qat/qat_adf/qat_pke.h
@@ -290,4 +290,28 @@ get_ecpm_function(const struct rte_crypto_asym_xform *xform)
 	return qat_function;
 }
 
+static struct qat_asym_function
+get_ec_verify_function(const struct rte_crypto_asym_xform *xform)
+{
+	struct qat_asym_function qat_function;
+
+	switch (xform->ec.curve_id) {
+	case RTE_CRYPTO_EC_GROUP_SECP256R1:
+		qat_function.func_id = MATHS_POINT_VERIFY_GFP_L256;
+		qat_function.bytesize = 32;
+		break;
+	case RTE_CRYPTO_EC_GROUP_SECP384R1:
+		qat_function.func_id = MATHS_POINT_VERIFY_GFP_L512;
+		qat_function.bytesize = 64;
+		break;
+	case RTE_CRYPTO_EC_GROUP_SECP521R1:
+		qat_function.func_id = MATHS_POINT_VERIFY_GFP_521;
+		qat_function.bytesize = 66;
+		break;
+	default:
+		qat_function.func_id = 0;
+	}
+	return qat_function;
+}
+
 #endif
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 34fb3f5a45..33e6ca045f 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -816,6 +816,53 @@ ecdh_set_input(struct icp_qat_fw_pke_request *qat_req,
 	return 0;
 }
 
+static int
+ecdh_verify_set_input(struct icp_qat_fw_pke_request *qat_req,
+		struct qat_asym_op_cookie *cookie,
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
+{
+	struct qat_asym_function qat_function;
+	uint32_t qat_func_alignsize, func_id;
+	int curve_id;
+
+	curve_id = pick_curve(xform);
+	if (curve_id < 0) {
+		QAT_LOG(DEBUG, "Incorrect elliptic curve");
+		return -EINVAL;
+	}
+
+	qat_function = get_ec_verify_function(xform);
+	func_id = qat_function.func_id;
+	if (func_id == 0) {
+		QAT_LOG(ERR, "Cannot obtain functionality id");
+		return -EINVAL;
+	}
+	qat_func_alignsize = RTE_ALIGN_CEIL(qat_function.bytesize, 8);
+
+	SET_PKE_LN(asym_op->ecdh.pub_key.x, qat_func_alignsize, 0);
+	SET_PKE_LN(asym_op->ecdh.pub_key.y, qat_func_alignsize, 1);
+	SET_PKE_LN_EC(curve[curve_id], p, 2);
+	SET_PKE_LN_EC(curve[curve_id], a, 3);
+	SET_PKE_LN_EC(curve[curve_id], b, 4);
+
+	cookie->alg_bytesize = curve[curve_id].bytesize;
+	cookie->qat_func_alignsize = qat_func_alignsize;
+	qat_req->pke_hdr.cd_pars.func_id = func_id;
+	qat_req->input_param_count =
+			5;
+	qat_req->output_param_count =
+			0;
+
+	HEXDUMP("x", cookie->input_array[0], qat_func_alignsize);
+	HEXDUMP("y", cookie->input_array[1], qat_func_alignsize);
+	HEXDUMP("p", cookie->input_array[2], qat_func_alignsize);
+	HEXDUMP("a", cookie->input_array[3], qat_func_alignsize);
+	HEXDUMP("b", cookie->input_array[4], qat_func_alignsize);
+
+	return 0;
+}
+
 static uint8_t
 ecdh_collect(struct rte_crypto_asym_op *asym_op,
 		const struct qat_asym_op_cookie *cookie,
@@ -826,6 +873,9 @@ ecdh_collect(struct rte_crypto_asym_op *asym_op,
 	uint32_t qat_func_alignsize = cookie->qat_func_alignsize;
 	uint32_t ltrim = qat_func_alignsize - alg_bytesize;
 
+	if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY)
+		return RTE_CRYPTO_OP_STATUS_SUCCESS;
+
 	if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
 		asym_op->ecdh.pub_key.x.length = alg_bytesize;
 		asym_op->ecdh.pub_key.y.length = alg_bytesize;
@@ -871,8 +921,14 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req,
 		return ecpm_set_input(qat_req, cookie,
 				asym_op, xform);
 	case RTE_CRYPTO_ASYM_XFORM_ECDH:
-		return ecdh_set_input(qat_req, cookie,
+		if (asym_op->ecdh.ke_type ==
+			RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY) {
+			return ecdh_verify_set_input(qat_req, cookie,
 				asym_op, xform);
+		} else {
+			return ecdh_set_input(qat_req, cookie,
+				asym_op, xform);
+		}
 	default:
 		QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform");
 		return -EINVAL;
-- 
2.13.6

RE: [PATCH 1/3] crypto/qat: make immutable parameters constant

[Power, Ciara]

Hi Arek,

> -----Original Message-----
> From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Sent: Wednesday 17 August 2022 07:56
> To: dev@dpdk.org
> Cc: gakhil@marvell.com; Ji, Kai <kai.ji@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH 1/3] crypto/qat: make immutable parameters constant
> 
> All pointers passed to functions that are not supposed to have its data
> changed should be marked as constant.
> Additionally session field should be checked only in with session case.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  drivers/common/qat/qat_adf/qat_pke.h |  16 ++---
>  drivers/crypto/qat/qat_asym.c        | 133 ++++++++++++++++++---------------
> --
>  drivers/crypto/qat/qat_ec.h          |   2 +-
>  3 files changed, 76 insertions(+), 75 deletions(-)

Acked-by: Ciara Power <ciara.power@intel.com>