From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 71C94A0032; Wed, 17 Aug 2022 10:04:47 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 65F9F41611; Wed, 17 Aug 2022 10:04:35 +0200 (CEST) Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) by mails.dpdk.org (Postfix) with ESMTP id E2076427ED for ; Wed, 17 Aug 2022 10:04:32 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1660723473; x=1692259473; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=9Cdra7zbAC0Ny2MJrGTRUKrmwHoS2+kdkRI4Ya7XB5o=; b=GNjb7JeQYci/W4nMM3BonXNo3JXVod5AFDPu8PDV6I1ue1ddWwspbSFC LRyCbO8iBeCLyr/4/H+RPpHSSNmGT2dJfFhKj5f6nk1zrkAYiyb6q8Khj nBEQp/htdmDJdO5IZVrkcZy3E11nR7cyG8Oq/yIWzv8imCWM7mjeEL99i Nx7M9nBf/KftTM9dYBm13+nmsCn1/8hYRVY5VxJlGiXGXyDjMHlMcjfU1 VKPlg8/6kMhLNDeR+ZJaJe4N9WrhA3bzMMrUTuJ/IpduylBc/3yG176pA Xa70qot8NCbCtlzekw1Ix/JvUxE10ClgjRhwLt5z4IACHO/OnjItS5OIC Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10441"; a="354176580" X-IronPort-AV: E=Sophos;i="5.93,242,1654585200"; d="scan'208";a="354176580" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Aug 2022 01:04:32 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,242,1654585200"; d="scan'208";a="733595845" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by orsmga004.jf.intel.com with ESMTP; 17 Aug 2022 01:04:31 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, kai.ji@intel.com, Arek Kusztal Subject: [PATCH 3/3] crypto/qat: add ecdh public key verification Date: Wed, 17 Aug 2022 07:55:36 +0100 Message-Id: <20220817065536.79716-4-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220817065536.79716-1-arkadiuszx.kusztal@intel.com> References: <20220817065536.79716-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org This commit adds verification option for elliptic curve points when used along ECDH algorithm. Signed-off-by: Arek Kusztal --- drivers/common/qat/qat_adf/qat_pke.h | 24 +++++++++++++++ drivers/crypto/qat/qat_asym.c | 58 +++++++++++++++++++++++++++++++++++- 2 files changed, 81 insertions(+), 1 deletion(-) diff --git a/drivers/common/qat/qat_adf/qat_pke.h b/drivers/common/qat/qat_adf/qat_pke.h index 00e2b776dc..4b09e76dbb 100644 --- a/drivers/common/qat/qat_adf/qat_pke.h +++ b/drivers/common/qat/qat_adf/qat_pke.h @@ -290,4 +290,28 @@ get_ecpm_function(const struct rte_crypto_asym_xform *xform) return qat_function; } +static struct qat_asym_function +get_ec_verify_function(const struct rte_crypto_asym_xform *xform) +{ + struct qat_asym_function qat_function; + + switch (xform->ec.curve_id) { + case RTE_CRYPTO_EC_GROUP_SECP256R1: + qat_function.func_id = MATHS_POINT_VERIFY_GFP_L256; + qat_function.bytesize = 32; + break; + case RTE_CRYPTO_EC_GROUP_SECP384R1: + qat_function.func_id = MATHS_POINT_VERIFY_GFP_L512; + qat_function.bytesize = 64; + break; + case RTE_CRYPTO_EC_GROUP_SECP521R1: + qat_function.func_id = MATHS_POINT_VERIFY_GFP_521; + qat_function.bytesize = 66; + break; + default: + qat_function.func_id = 0; + } + return qat_function; +} + #endif diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c index 34fb3f5a45..33e6ca045f 100644 --- a/drivers/crypto/qat/qat_asym.c +++ b/drivers/crypto/qat/qat_asym.c @@ -816,6 +816,53 @@ ecdh_set_input(struct icp_qat_fw_pke_request *qat_req, return 0; } +static int +ecdh_verify_set_input(struct icp_qat_fw_pke_request *qat_req, + struct qat_asym_op_cookie *cookie, + const struct rte_crypto_asym_op *asym_op, + const struct rte_crypto_asym_xform *xform) +{ + struct qat_asym_function qat_function; + uint32_t qat_func_alignsize, func_id; + int curve_id; + + curve_id = pick_curve(xform); + if (curve_id < 0) { + QAT_LOG(DEBUG, "Incorrect elliptic curve"); + return -EINVAL; + } + + qat_function = get_ec_verify_function(xform); + func_id = qat_function.func_id; + if (func_id == 0) { + QAT_LOG(ERR, "Cannot obtain functionality id"); + return -EINVAL; + } + qat_func_alignsize = RTE_ALIGN_CEIL(qat_function.bytesize, 8); + + SET_PKE_LN(asym_op->ecdh.pub_key.x, qat_func_alignsize, 0); + SET_PKE_LN(asym_op->ecdh.pub_key.y, qat_func_alignsize, 1); + SET_PKE_LN_EC(curve[curve_id], p, 2); + SET_PKE_LN_EC(curve[curve_id], a, 3); + SET_PKE_LN_EC(curve[curve_id], b, 4); + + cookie->alg_bytesize = curve[curve_id].bytesize; + cookie->qat_func_alignsize = qat_func_alignsize; + qat_req->pke_hdr.cd_pars.func_id = func_id; + qat_req->input_param_count = + 5; + qat_req->output_param_count = + 0; + + HEXDUMP("x", cookie->input_array[0], qat_func_alignsize); + HEXDUMP("y", cookie->input_array[1], qat_func_alignsize); + HEXDUMP("p", cookie->input_array[2], qat_func_alignsize); + HEXDUMP("a", cookie->input_array[3], qat_func_alignsize); + HEXDUMP("b", cookie->input_array[4], qat_func_alignsize); + + return 0; +} + static uint8_t ecdh_collect(struct rte_crypto_asym_op *asym_op, const struct qat_asym_op_cookie *cookie, @@ -826,6 +873,9 @@ ecdh_collect(struct rte_crypto_asym_op *asym_op, uint32_t qat_func_alignsize = cookie->qat_func_alignsize; uint32_t ltrim = qat_func_alignsize - alg_bytesize; + if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY) + return RTE_CRYPTO_OP_STATUS_SUCCESS; + if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) { asym_op->ecdh.pub_key.x.length = alg_bytesize; asym_op->ecdh.pub_key.y.length = alg_bytesize; @@ -871,8 +921,14 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req, return ecpm_set_input(qat_req, cookie, asym_op, xform); case RTE_CRYPTO_ASYM_XFORM_ECDH: - return ecdh_set_input(qat_req, cookie, + if (asym_op->ecdh.ke_type == + RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY) { + return ecdh_verify_set_input(qat_req, cookie, asym_op, xform); + } else { + return ecdh_set_input(qat_req, cookie, + asym_op, xform); + } default: QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform"); return -EINVAL; -- 2.13.6