* [PATCH 1/3] crypto/qat: make immutable parameters constant
2022-08-17 6:55 [PATCH 0/3] crypto/qat: extend asymmetric crypto pmd Arek Kusztal
@ 2022-08-17 6:55 ` Arek Kusztal
2022-10-17 14:58 ` Power, Ciara
2022-08-17 6:55 ` [PATCH 2/3] crypto/qat: add ecdh key exchange algorithm Arek Kusztal
2022-08-17 6:55 ` [PATCH 3/3] crypto/qat: add ecdh public key verification Arek Kusztal
2 siblings, 1 reply; 5+ messages in thread
From: Arek Kusztal @ 2022-08-17 6:55 UTC (permalink / raw)
To: dev; +Cc: gakhil, kai.ji, Arek Kusztal
All pointers passed to functions that are not supposed
to have its data changed should be marked as constant.
Additionally session field should be checked only in
with session case.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
drivers/common/qat/qat_adf/qat_pke.h | 16 ++---
drivers/crypto/qat/qat_asym.c | 133 ++++++++++++++++++-----------------
drivers/crypto/qat/qat_ec.h | 2 +-
3 files changed, 76 insertions(+), 75 deletions(-)
diff --git a/drivers/common/qat/qat_adf/qat_pke.h b/drivers/common/qat/qat_adf/qat_pke.h
index 6c12bfd989..00e2b776dc 100644
--- a/drivers/common/qat/qat_adf/qat_pke.h
+++ b/drivers/common/qat/qat_adf/qat_pke.h
@@ -50,13 +50,13 @@ get_modexp_function2(uint32_t bytesize)
}
static struct qat_asym_function
-get_modexp_function(struct rte_crypto_asym_xform *xform)
+get_modexp_function(const struct rte_crypto_asym_xform *xform)
{
return get_modexp_function2(xform->modex.modulus.length);
}
static struct qat_asym_function
-get_modinv_function(struct rte_crypto_asym_xform *xform)
+get_modinv_function(const struct rte_crypto_asym_xform *xform)
{
struct qat_asym_function qat_function = { };
@@ -137,7 +137,7 @@ get_modinv_function(struct rte_crypto_asym_xform *xform)
}
static struct qat_asym_function
-get_rsa_enc_function(struct rte_crypto_asym_xform *xform)
+get_rsa_enc_function(const struct rte_crypto_asym_xform *xform)
{
struct qat_asym_function qat_function = { };
@@ -164,7 +164,7 @@ get_rsa_enc_function(struct rte_crypto_asym_xform *xform)
}
static struct qat_asym_function
-get_rsa_dec_function(struct rte_crypto_asym_xform *xform)
+get_rsa_dec_function(const struct rte_crypto_asym_xform *xform)
{
struct qat_asym_function qat_function = { };
@@ -191,7 +191,7 @@ get_rsa_dec_function(struct rte_crypto_asym_xform *xform)
}
static struct qat_asym_function
-get_rsa_crt_function(struct rte_crypto_asym_xform *xform)
+get_rsa_crt_function(const struct rte_crypto_asym_xform *xform)
{
struct qat_asym_function qat_function = { };
int nlen = xform->rsa.qt.p.length * 2;
@@ -219,7 +219,7 @@ get_rsa_crt_function(struct rte_crypto_asym_xform *xform)
}
static struct qat_asym_function
-get_ecdsa_verify_function(struct rte_crypto_asym_xform *xform)
+get_ecdsa_verify_function(const struct rte_crypto_asym_xform *xform)
{
struct qat_asym_function qat_function;
@@ -243,7 +243,7 @@ get_ecdsa_verify_function(struct rte_crypto_asym_xform *xform)
}
static struct qat_asym_function
-get_ecdsa_function(struct rte_crypto_asym_xform *xform)
+get_ecdsa_function(const struct rte_crypto_asym_xform *xform)
{
struct qat_asym_function qat_function;
@@ -267,7 +267,7 @@ get_ecdsa_function(struct rte_crypto_asym_xform *xform)
}
static struct qat_asym_function
-get_ecpm_function(struct rte_crypto_asym_xform *xform)
+get_ecpm_function(const struct rte_crypto_asym_xform *xform)
{
struct qat_asym_function qat_function;
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 19931791c4..374452020a 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -129,7 +129,7 @@ cleanup_crt(struct qat_asym_op_cookie *cookie,
static void
cleanup(struct qat_asym_op_cookie *cookie,
- struct rte_crypto_asym_xform *xform, int alg_size)
+ const struct rte_crypto_asym_xform *xform, int alg_size)
{
if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODEX)
cleanup_arrays(cookie, QAT_ASYM_MODEXP_NUM_IN_PARAMS,
@@ -175,7 +175,7 @@ check_zero(rte_crypto_param n)
}
static struct qat_asym_function
-get_asym_function(struct rte_crypto_asym_xform *xform)
+get_asym_function(const struct rte_crypto_asym_xform *xform)
{
struct qat_asym_function qat_function;
@@ -195,10 +195,10 @@ get_asym_function(struct rte_crypto_asym_xform *xform)
}
static int
-modexp_set_input(struct rte_crypto_asym_op *asym_op,
- struct icp_qat_fw_pke_request *qat_req,
+modexp_set_input(struct icp_qat_fw_pke_request *qat_req,
struct qat_asym_op_cookie *cookie,
- struct rte_crypto_asym_xform *xform)
+ const struct rte_crypto_asym_op *asym_op,
+ const struct rte_crypto_asym_xform *xform)
{
struct qat_asym_function qat_function;
uint32_t alg_bytesize, func_id, in_bytesize;
@@ -245,8 +245,8 @@ modexp_set_input(struct rte_crypto_asym_op *asym_op,
static uint8_t
modexp_collect(struct rte_crypto_asym_op *asym_op,
- struct qat_asym_op_cookie *cookie,
- struct rte_crypto_asym_xform *xform)
+ const struct qat_asym_op_cookie *cookie,
+ const struct rte_crypto_asym_xform *xform)
{
rte_crypto_param n = xform->modex.modulus;
uint32_t alg_bytesize = cookie->alg_bytesize;
@@ -265,10 +265,10 @@ modexp_collect(struct rte_crypto_asym_op *asym_op,
}
static int
-modinv_set_input(struct rte_crypto_asym_op *asym_op,
- struct icp_qat_fw_pke_request *qat_req,
+modinv_set_input(struct icp_qat_fw_pke_request *qat_req,
struct qat_asym_op_cookie *cookie,
- struct rte_crypto_asym_xform *xform)
+ const struct rte_crypto_asym_op *asym_op,
+ const struct rte_crypto_asym_xform *xform)
{
struct qat_asym_function qat_function;
uint32_t alg_bytesize, func_id;
@@ -305,8 +305,8 @@ modinv_set_input(struct rte_crypto_asym_op *asym_op,
static uint8_t
modinv_collect(struct rte_crypto_asym_op *asym_op,
- struct qat_asym_op_cookie *cookie,
- struct rte_crypto_asym_xform *xform)
+ const struct qat_asym_op_cookie *cookie,
+ const struct rte_crypto_asym_xform *xform)
{
rte_crypto_param n = xform->modinv.modulus;
uint8_t *modinv_result = asym_op->modinv.result.data;
@@ -326,10 +326,10 @@ modinv_collect(struct rte_crypto_asym_op *asym_op,
}
static int
-rsa_set_pub_input(struct rte_crypto_asym_op *asym_op,
- struct icp_qat_fw_pke_request *qat_req,
+rsa_set_pub_input(struct icp_qat_fw_pke_request *qat_req,
struct qat_asym_op_cookie *cookie,
- struct rte_crypto_asym_xform *xform)
+ const struct rte_crypto_asym_op *asym_op,
+ const struct rte_crypto_asym_xform *xform)
{
struct qat_asym_function qat_function;
uint32_t alg_bytesize, func_id;
@@ -382,10 +382,10 @@ rsa_set_pub_input(struct rte_crypto_asym_op *asym_op,
}
static int
-rsa_set_priv_input(struct rte_crypto_asym_op *asym_op,
- struct icp_qat_fw_pke_request *qat_req,
+rsa_set_priv_input(struct icp_qat_fw_pke_request *qat_req,
struct qat_asym_op_cookie *cookie,
- struct rte_crypto_asym_xform *xform)
+ const struct rte_crypto_asym_op *asym_op,
+ const struct rte_crypto_asym_xform *xform)
{
struct qat_asym_function qat_function;
uint32_t alg_bytesize, func_id;
@@ -475,10 +475,10 @@ rsa_set_priv_input(struct rte_crypto_asym_op *asym_op,
}
static int
-rsa_set_input(struct rte_crypto_asym_op *asym_op,
- struct icp_qat_fw_pke_request *qat_req,
+rsa_set_input(struct icp_qat_fw_pke_request *qat_req,
struct qat_asym_op_cookie *cookie,
- struct rte_crypto_asym_xform *xform)
+ const struct rte_crypto_asym_op *asym_op,
+ const struct rte_crypto_asym_xform *xform)
{
qat_req->input_param_count =
QAT_ASYM_RSA_NUM_IN_PARAMS;
@@ -488,15 +488,15 @@ rsa_set_input(struct rte_crypto_asym_op *asym_op,
if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT ||
asym_op->rsa.op_type ==
RTE_CRYPTO_ASYM_OP_VERIFY) {
- return rsa_set_pub_input(asym_op, qat_req, cookie, xform);
+ return rsa_set_pub_input(qat_req, cookie, asym_op, xform);
} else {
- return rsa_set_priv_input(asym_op, qat_req, cookie, xform);
+ return rsa_set_priv_input(qat_req, cookie, asym_op, xform);
}
}
static uint8_t
rsa_collect(struct rte_crypto_asym_op *asym_op,
- struct qat_asym_op_cookie *cookie)
+ const struct qat_asym_op_cookie *cookie)
{
uint32_t alg_bytesize = cookie->alg_bytesize;
@@ -560,10 +560,10 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
}
static int
-ecdsa_set_input(struct rte_crypto_asym_op *asym_op,
- struct icp_qat_fw_pke_request *qat_req,
+ecdsa_set_input(struct icp_qat_fw_pke_request *qat_req,
struct qat_asym_op_cookie *cookie,
- struct rte_crypto_asym_xform *xform)
+ const struct rte_crypto_asym_op *asym_op,
+ const struct rte_crypto_asym_xform *xform)
{
struct qat_asym_function qat_function;
uint32_t qat_func_alignsize, func_id;
@@ -663,7 +663,7 @@ ecdsa_set_input(struct rte_crypto_asym_op *asym_op,
static uint8_t
ecdsa_collect(struct rte_crypto_asym_op *asym_op,
- struct qat_asym_op_cookie *cookie)
+ const struct qat_asym_op_cookie *cookie)
{
uint32_t alg_bytesize = cookie->alg_bytesize;
uint32_t qat_func_alignsize = cookie->qat_func_alignsize;
@@ -687,10 +687,10 @@ ecdsa_collect(struct rte_crypto_asym_op *asym_op,
}
static int
-ecpm_set_input(struct rte_crypto_asym_op *asym_op,
- struct icp_qat_fw_pke_request *qat_req,
+ecpm_set_input(struct icp_qat_fw_pke_request *qat_req,
struct qat_asym_op_cookie *cookie,
- struct rte_crypto_asym_xform *xform)
+ const struct rte_crypto_asym_op *asym_op,
+ const struct rte_crypto_asym_xform *xform)
{
struct qat_asym_function qat_function;
uint32_t qat_func_alignsize, func_id;
@@ -739,7 +739,7 @@ ecpm_set_input(struct rte_crypto_asym_op *asym_op,
static uint8_t
ecpm_collect(struct rte_crypto_asym_op *asym_op,
- struct qat_asym_op_cookie *cookie)
+ const struct qat_asym_op_cookie *cookie)
{
uint8_t *x = asym_op->ecpm.r.x.data;
uint8_t *y = asym_op->ecpm.r.y.data;
@@ -760,27 +760,27 @@ ecpm_collect(struct rte_crypto_asym_op *asym_op,
}
static int
-asym_set_input(struct rte_crypto_asym_op *asym_op,
- struct icp_qat_fw_pke_request *qat_req,
+asym_set_input(struct icp_qat_fw_pke_request *qat_req,
struct qat_asym_op_cookie *cookie,
- struct rte_crypto_asym_xform *xform)
+ const struct rte_crypto_asym_op *asym_op,
+ const struct rte_crypto_asym_xform *xform)
{
switch (xform->xform_type) {
case RTE_CRYPTO_ASYM_XFORM_MODEX:
- return modexp_set_input(asym_op, qat_req,
- cookie, xform);
+ return modexp_set_input(qat_req, cookie,
+ asym_op, xform);
case RTE_CRYPTO_ASYM_XFORM_MODINV:
- return modinv_set_input(asym_op, qat_req,
- cookie, xform);
+ return modinv_set_input(qat_req, cookie,
+ asym_op, xform);
case RTE_CRYPTO_ASYM_XFORM_RSA:
- return rsa_set_input(asym_op, qat_req,
- cookie, xform);
+ return rsa_set_input(qat_req, cookie,
+ asym_op, xform);
case RTE_CRYPTO_ASYM_XFORM_ECDSA:
- return ecdsa_set_input(asym_op, qat_req,
- cookie, xform);
+ return ecdsa_set_input(qat_req, cookie,
+ asym_op, xform);
case RTE_CRYPTO_ASYM_XFORM_ECPM:
- return ecpm_set_input(asym_op, qat_req,
- cookie, xform);
+ return ecpm_set_input(qat_req, cookie,
+ asym_op, xform);
default:
QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform");
return -EINVAL;
@@ -790,28 +790,28 @@ asym_set_input(struct rte_crypto_asym_op *asym_op,
static int
qat_asym_build_request(void *in_op, uint8_t *out_msg, void *op_cookie,
- __rte_unused uint64_t *opaque,
+ __rte_unused uint64_t *opaque_data,
__rte_unused enum qat_device_gen qat_dev_gen)
{
struct rte_crypto_op *op = (struct rte_crypto_op *)in_op;
- struct rte_crypto_asym_op *asym_op = op->asym;
struct icp_qat_fw_pke_request *qat_req =
(struct icp_qat_fw_pke_request *)out_msg;
struct qat_asym_op_cookie *cookie =
(struct qat_asym_op_cookie *)op_cookie;
- struct rte_crypto_asym_xform *xform;
- struct qat_asym_session *qat_session = (struct qat_asym_session *)
- op->asym->session->sess_private_data;
- int err = 0;
-
- if (unlikely(qat_session == NULL)) {
- QAT_DP_LOG(ERR, "Session was not created for this device");
- goto error;
- }
+ const struct qat_asym_session *qat_session;
+ const struct rte_crypto_asym_xform *xform;
+ int error_no = 0;
op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
switch (op->sess_type) {
case RTE_CRYPTO_OP_WITH_SESSION:
+ qat_session = (struct qat_asym_session *)
+ op->asym->session->sess_private_data;
+ if (unlikely(qat_session == NULL)) {
+ QAT_DP_LOG(ERR,
+ "Session was not created for this device");
+ goto error;
+ }
request_init(qat_req);
xform = &qat_session->xform;
break;
@@ -824,9 +824,9 @@ qat_asym_build_request(void *in_op, uint8_t *out_msg, void *op_cookie,
op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
goto error;
}
- err = asym_set_input(asym_op, qat_req, cookie,
- xform);
- if (err) {
+ error_no = asym_set_input(qat_req, cookie,
+ op->asym, xform);
+ if (error_no) {
op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
goto error;
}
@@ -844,15 +844,15 @@ qat_asym_build_request(void *in_op, uint8_t *out_msg, void *op_cookie,
qat_req->output_param_count = 0;
qat_req->input_param_count = 0;
qat_req->pke_hdr.service_type = ICP_QAT_FW_COMN_REQ_NULL;
- cookie->error |= err;
+ cookie->error |= error_no;
return 0;
}
static uint8_t
qat_asym_collect_response(struct rte_crypto_op *op,
- struct qat_asym_op_cookie *cookie,
- struct rte_crypto_asym_xform *xform)
+ const struct qat_asym_op_cookie *cookie,
+ const struct rte_crypto_asym_xform *xform)
{
struct rte_crypto_asym_op *asym_op = op->asym;
@@ -877,14 +877,13 @@ static int
qat_asym_process_response(void **out_op, uint8_t *resp,
void *op_cookie, __rte_unused uint64_t *dequeue_err_count)
{
- struct icp_qat_fw_pke_resp *resp_msg =
+ const struct icp_qat_fw_pke_resp *resp_msg =
(struct icp_qat_fw_pke_resp *)resp;
struct rte_crypto_op *op = (struct rte_crypto_op *)(uintptr_t)
(resp_msg->opaque);
struct qat_asym_op_cookie *cookie = op_cookie;
- struct rte_crypto_asym_xform *xform;
- struct qat_asym_session *qat_session = (struct qat_asym_session *)
- op->asym->session->sess_private_data;
+ const struct rte_crypto_asym_xform *xform;
+ const struct qat_asym_session *qat_session;
if (cookie->error) {
cookie->error = 0;
@@ -909,6 +908,8 @@ qat_asym_process_response(void **out_op, uint8_t *resp,
switch (op->sess_type) {
case RTE_CRYPTO_OP_WITH_SESSION:
+ qat_session = (struct qat_asym_session *)
+ op->asym->session->sess_private_data;
xform = &qat_session->xform;
break;
case RTE_CRYPTO_OP_SESSIONLESS:
diff --git a/drivers/crypto/qat/qat_ec.h b/drivers/crypto/qat/qat_ec.h
index bbd0b31949..0e02722c18 100644
--- a/drivers/crypto/qat/qat_ec.h
+++ b/drivers/crypto/qat/qat_ec.h
@@ -264,7 +264,7 @@ static struct elliptic_curve curve[] = {
};
static int
-pick_curve(struct rte_crypto_asym_xform *xform)
+pick_curve(const struct rte_crypto_asym_xform *xform)
{
switch (xform->ec.curve_id) {
case RTE_CRYPTO_EC_GROUP_SECP256R1:
--
2.13.6
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 2/3] crypto/qat: add ecdh key exchange algorithm
2022-08-17 6:55 [PATCH 0/3] crypto/qat: extend asymmetric crypto pmd Arek Kusztal
2022-08-17 6:55 ` [PATCH 1/3] crypto/qat: make immutable parameters constant Arek Kusztal
@ 2022-08-17 6:55 ` Arek Kusztal
2022-08-17 6:55 ` [PATCH 3/3] crypto/qat: add ecdh public key verification Arek Kusztal
2 siblings, 0 replies; 5+ messages in thread
From: Arek Kusztal @ 2022-08-17 6:55 UTC (permalink / raw)
To: dev; +Cc: gakhil, kai.ji, Arek Kusztal
This commit adds ECDH algorithm to Intel QuickAssist
Technology driver.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
drivers/crypto/qat/qat_asym.c | 94 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 94 insertions(+)
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 374452020a..34fb3f5a45 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -760,6 +760,95 @@ ecpm_collect(struct rte_crypto_asym_op *asym_op,
}
static int
+ecdh_set_input(struct icp_qat_fw_pke_request *qat_req,
+ struct qat_asym_op_cookie *cookie,
+ const struct rte_crypto_asym_op *asym_op,
+ const struct rte_crypto_asym_xform *xform)
+{
+ struct qat_asym_function qat_function;
+ uint32_t qat_func_alignsize, func_id;
+ int curve_id;
+
+ curve_id = pick_curve(xform);
+ if (curve_id < 0) {
+ QAT_LOG(DEBUG, "Incorrect elliptic curve");
+ return -EINVAL;
+ }
+
+ qat_function = get_ecpm_function(xform);
+ func_id = qat_function.func_id;
+ if (func_id == 0) {
+ QAT_LOG(ERR, "Cannot obtain functionality id");
+ return -EINVAL;
+ }
+ qat_func_alignsize = RTE_ALIGN_CEIL(qat_function.bytesize, 8);
+
+ if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
+ SET_PKE_LN(asym_op->ecdh.priv_key, qat_func_alignsize, 0);
+ SET_PKE_LN_EC(curve[curve_id], x, 1);
+ SET_PKE_LN_EC(curve[curve_id], y, 2);
+ } else {
+ SET_PKE_LN(asym_op->ecdh.priv_key, qat_func_alignsize, 0);
+ SET_PKE_LN(asym_op->ecdh.pub_key.x, qat_func_alignsize, 1);
+ SET_PKE_LN(asym_op->ecdh.pub_key.y, qat_func_alignsize, 2);
+ }
+ SET_PKE_LN_EC(curve[curve_id], a, 3);
+ SET_PKE_LN_EC(curve[curve_id], b, 4);
+ SET_PKE_LN_EC(curve[curve_id], p, 5);
+ SET_PKE_LN_EC(curve[curve_id], h, 6);
+
+ cookie->alg_bytesize = curve[curve_id].bytesize;
+ cookie->qat_func_alignsize = qat_func_alignsize;
+ qat_req->pke_hdr.cd_pars.func_id = func_id;
+ qat_req->input_param_count =
+ QAT_ASYM_ECPM_IN_PARAMS;
+ qat_req->output_param_count =
+ QAT_ASYM_ECPM_OUT_PARAMS;
+
+ HEXDUMP("k", cookie->input_array[0], qat_func_alignsize);
+ HEXDUMP("xG", cookie->input_array[1], qat_func_alignsize);
+ HEXDUMP("yG", cookie->input_array[2], qat_func_alignsize);
+ HEXDUMP("a", cookie->input_array[3], qat_func_alignsize);
+ HEXDUMP("b", cookie->input_array[4], qat_func_alignsize);
+ HEXDUMP("q", cookie->input_array[5], qat_func_alignsize);
+ HEXDUMP("h", cookie->input_array[6], qat_func_alignsize);
+
+ return 0;
+}
+
+static uint8_t
+ecdh_collect(struct rte_crypto_asym_op *asym_op,
+ const struct qat_asym_op_cookie *cookie,
+ const struct rte_crypto_asym_xform *xform)
+{
+ uint8_t *x, *y;
+ uint32_t alg_bytesize = cookie->alg_bytesize;
+ uint32_t qat_func_alignsize = cookie->qat_func_alignsize;
+ uint32_t ltrim = qat_func_alignsize - alg_bytesize;
+
+ if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
+ asym_op->ecdh.pub_key.x.length = alg_bytesize;
+ asym_op->ecdh.pub_key.y.length = alg_bytesize;
+ x = asym_op->ecdh.pub_key.x.data;
+ y = asym_op->ecdh.pub_key.y.data;
+ } else {
+ asym_op->ecdh.shared_secret.x.length = alg_bytesize;
+ asym_op->ecdh.shared_secret.y.length = alg_bytesize;
+ x = asym_op->ecdh.shared_secret.x.data;
+ y = asym_op->ecdh.shared_secret.y.data;
+ }
+
+ rte_memcpy(x, &cookie->output_array[0][ltrim], alg_bytesize);
+ rte_memcpy(y, &cookie->output_array[1][ltrim], alg_bytesize);
+
+ HEXDUMP("X", cookie->output_array[0],
+ qat_func_alignsize);
+ HEXDUMP("Y", cookie->output_array[1],
+ qat_func_alignsize);
+ return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
+static int
asym_set_input(struct icp_qat_fw_pke_request *qat_req,
struct qat_asym_op_cookie *cookie,
const struct rte_crypto_asym_op *asym_op,
@@ -781,6 +870,9 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req,
case RTE_CRYPTO_ASYM_XFORM_ECPM:
return ecpm_set_input(qat_req, cookie,
asym_op, xform);
+ case RTE_CRYPTO_ASYM_XFORM_ECDH:
+ return ecdh_set_input(qat_req, cookie,
+ asym_op, xform);
default:
QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform");
return -EINVAL;
@@ -867,6 +959,8 @@ qat_asym_collect_response(struct rte_crypto_op *op,
return ecdsa_collect(asym_op, cookie);
case RTE_CRYPTO_ASYM_XFORM_ECPM:
return ecpm_collect(asym_op, cookie);
+ case RTE_CRYPTO_ASYM_XFORM_ECDH:
+ return ecdh_collect(asym_op, cookie, xform);
default:
QAT_LOG(ERR, "Not supported xform type");
return RTE_CRYPTO_OP_STATUS_ERROR;
--
2.13.6
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 3/3] crypto/qat: add ecdh public key verification
2022-08-17 6:55 [PATCH 0/3] crypto/qat: extend asymmetric crypto pmd Arek Kusztal
2022-08-17 6:55 ` [PATCH 1/3] crypto/qat: make immutable parameters constant Arek Kusztal
2022-08-17 6:55 ` [PATCH 2/3] crypto/qat: add ecdh key exchange algorithm Arek Kusztal
@ 2022-08-17 6:55 ` Arek Kusztal
2 siblings, 0 replies; 5+ messages in thread
From: Arek Kusztal @ 2022-08-17 6:55 UTC (permalink / raw)
To: dev; +Cc: gakhil, kai.ji, Arek Kusztal
This commit adds verification option for elliptic curve
points when used along ECDH algorithm.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
drivers/common/qat/qat_adf/qat_pke.h | 24 +++++++++++++++
drivers/crypto/qat/qat_asym.c | 58 +++++++++++++++++++++++++++++++++++-
2 files changed, 81 insertions(+), 1 deletion(-)
diff --git a/drivers/common/qat/qat_adf/qat_pke.h b/drivers/common/qat/qat_adf/qat_pke.h
index 00e2b776dc..4b09e76dbb 100644
--- a/drivers/common/qat/qat_adf/qat_pke.h
+++ b/drivers/common/qat/qat_adf/qat_pke.h
@@ -290,4 +290,28 @@ get_ecpm_function(const struct rte_crypto_asym_xform *xform)
return qat_function;
}
+static struct qat_asym_function
+get_ec_verify_function(const struct rte_crypto_asym_xform *xform)
+{
+ struct qat_asym_function qat_function;
+
+ switch (xform->ec.curve_id) {
+ case RTE_CRYPTO_EC_GROUP_SECP256R1:
+ qat_function.func_id = MATHS_POINT_VERIFY_GFP_L256;
+ qat_function.bytesize = 32;
+ break;
+ case RTE_CRYPTO_EC_GROUP_SECP384R1:
+ qat_function.func_id = MATHS_POINT_VERIFY_GFP_L512;
+ qat_function.bytesize = 64;
+ break;
+ case RTE_CRYPTO_EC_GROUP_SECP521R1:
+ qat_function.func_id = MATHS_POINT_VERIFY_GFP_521;
+ qat_function.bytesize = 66;
+ break;
+ default:
+ qat_function.func_id = 0;
+ }
+ return qat_function;
+}
+
#endif
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 34fb3f5a45..33e6ca045f 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -816,6 +816,53 @@ ecdh_set_input(struct icp_qat_fw_pke_request *qat_req,
return 0;
}
+static int
+ecdh_verify_set_input(struct icp_qat_fw_pke_request *qat_req,
+ struct qat_asym_op_cookie *cookie,
+ const struct rte_crypto_asym_op *asym_op,
+ const struct rte_crypto_asym_xform *xform)
+{
+ struct qat_asym_function qat_function;
+ uint32_t qat_func_alignsize, func_id;
+ int curve_id;
+
+ curve_id = pick_curve(xform);
+ if (curve_id < 0) {
+ QAT_LOG(DEBUG, "Incorrect elliptic curve");
+ return -EINVAL;
+ }
+
+ qat_function = get_ec_verify_function(xform);
+ func_id = qat_function.func_id;
+ if (func_id == 0) {
+ QAT_LOG(ERR, "Cannot obtain functionality id");
+ return -EINVAL;
+ }
+ qat_func_alignsize = RTE_ALIGN_CEIL(qat_function.bytesize, 8);
+
+ SET_PKE_LN(asym_op->ecdh.pub_key.x, qat_func_alignsize, 0);
+ SET_PKE_LN(asym_op->ecdh.pub_key.y, qat_func_alignsize, 1);
+ SET_PKE_LN_EC(curve[curve_id], p, 2);
+ SET_PKE_LN_EC(curve[curve_id], a, 3);
+ SET_PKE_LN_EC(curve[curve_id], b, 4);
+
+ cookie->alg_bytesize = curve[curve_id].bytesize;
+ cookie->qat_func_alignsize = qat_func_alignsize;
+ qat_req->pke_hdr.cd_pars.func_id = func_id;
+ qat_req->input_param_count =
+ 5;
+ qat_req->output_param_count =
+ 0;
+
+ HEXDUMP("x", cookie->input_array[0], qat_func_alignsize);
+ HEXDUMP("y", cookie->input_array[1], qat_func_alignsize);
+ HEXDUMP("p", cookie->input_array[2], qat_func_alignsize);
+ HEXDUMP("a", cookie->input_array[3], qat_func_alignsize);
+ HEXDUMP("b", cookie->input_array[4], qat_func_alignsize);
+
+ return 0;
+}
+
static uint8_t
ecdh_collect(struct rte_crypto_asym_op *asym_op,
const struct qat_asym_op_cookie *cookie,
@@ -826,6 +873,9 @@ ecdh_collect(struct rte_crypto_asym_op *asym_op,
uint32_t qat_func_alignsize = cookie->qat_func_alignsize;
uint32_t ltrim = qat_func_alignsize - alg_bytesize;
+ if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY)
+ return RTE_CRYPTO_OP_STATUS_SUCCESS;
+
if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
asym_op->ecdh.pub_key.x.length = alg_bytesize;
asym_op->ecdh.pub_key.y.length = alg_bytesize;
@@ -871,8 +921,14 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req,
return ecpm_set_input(qat_req, cookie,
asym_op, xform);
case RTE_CRYPTO_ASYM_XFORM_ECDH:
- return ecdh_set_input(qat_req, cookie,
+ if (asym_op->ecdh.ke_type ==
+ RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY) {
+ return ecdh_verify_set_input(qat_req, cookie,
asym_op, xform);
+ } else {
+ return ecdh_set_input(qat_req, cookie,
+ asym_op, xform);
+ }
default:
QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform");
return -EINVAL;
--
2.13.6
^ permalink raw reply [flat|nested] 5+ messages in thread