[PATCH 0/2] test: add elliptic curve tests

[PATCH 0/2] test: add elliptic curve tests

[Arek Kusztal]

This patchset adds new test cases that can be used to verify
elliptic curve algorithms like ECDSA, ECDH, etc.

Depends-on: series-24333 ("crypto/qat: extend asymmetric crypto pmd")

Arek Kusztal (2):
  test/crypto: add ecdsa qat test cases
  test/crypto: add ecdh tests

 app/test/test_cryptodev_asym.c         | 553 +++++++++++++++++++++++++++++++++
 app/test/test_cryptodev_ecdh_vectors.h | 144 +++++++++
 2 files changed, 697 insertions(+)
 create mode 100644 app/test/test_cryptodev_ecdh_vectors.h

-- 
2.13.6

[PATCH 1/2] test/crypto: add ecdsa qat test cases

[Arek Kusztal]

This commit adds ECDSA test cases to Intel QuickAssist
Technology testsuite.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_asym.c | 196 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 196 insertions(+)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index fc1a727472..0fea47c42e 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -2190,6 +2190,178 @@ test_ecpm_all_curve(void)
 	return overall_status;
 }
 
+/*
+ * ECDSA Signature generation function
+ */
+static int
+test_ecdsa_sign(const void *input_vector)
+{
+	const struct crypto_testsuite_ecdsa_params *test_vector = input_vector;
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_crypto_op *op;
+	struct rte_crypto_op *result_op = NULL;
+	struct rte_crypto_asym_xform xform = {
+		.next = NULL,
+		.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
+		.ec.curve_id = test_vector->curve
+	};
+	uint8_t R[test_vector->sign_r.length];
+	uint8_t S[test_vector->sign_s.length];
+	const uint8_t dev_id = ts_params->valid_devs[0];
+
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to allocate asymmetric crypto operation struct\n"
+			);
+		return TEST_FAILED;
+	}
+	/*
+	 * Set input data
+	 * - Sessionless operation, no session will be created. User is
+	 * responsible for taking care of xform lifetime -> in case of ECDSA
+	 * no keys are stored in xform so it is not security crucial to clear
+	 * data, although it is recommended to clear xform anyway.
+	 * - Generation of signature pair R, S.
+	 * - Message is a digest of message to be signed.
+	 * - k is a random integer in interval (1, n - 1)
+	 * - pkey is a private key
+	 */
+	op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
+	op->asym->xform = &xform;
+	op->asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
+	op->asym->ecdsa.message.data = test_vector->digest.data;
+	op->asym->ecdsa.message.length = test_vector->digest.length;
+	op->asym->ecdsa.k.data = test_vector->scalar.data;
+	op->asym->ecdsa.k.length = test_vector->scalar.length;
+	op->asym->ecdsa.pkey.data = test_vector->pkey.data;
+	op->asym->ecdsa.pkey.length = test_vector->pkey.length;
+
+	/*
+	 * Set output data
+	 * Signature pair R, S. Positive integers.
+	 */
+	op->asym->ecdsa.r.data = R;
+	op->asym->ecdsa.s.data = S;
+
+	/* Sending packet for signature generation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Error sending packet for operation\n");
+		return TEST_FAILED;
+	}
+	/* Waiting for packet to be dequeued */
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		return TEST_FAILED;
+	}
+
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"ECDSA generation failed.\n");
+		return TEST_FAILED;
+	}
+
+	/* Generated signature R, S */
+	debug_hexdump(stdout, "R:", result_op->asym->ecdsa.r.data,
+			result_op->asym->ecdsa.r.length);
+	debug_hexdump(stdout, "S:", result_op->asym->ecdsa.s.data,
+			result_op->asym->ecdsa.s.length);
+
+	return TEST_SUCCESS;
+}
+
+/*
+ * ECDSA Signature verification function
+ */
+static int
+test_ecdsa_verify(const void *input_vector)
+{
+	const struct crypto_testsuite_ecdsa_params *test_vector = input_vector;
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_crypto_op *op;
+	struct rte_crypto_op *result_op = NULL;
+	struct rte_crypto_asym_xform xform = {
+		.next = NULL,
+		.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
+		.ec.curve_id = test_vector->curve
+	};
+	const uint8_t dev_id = ts_params->valid_devs[0];
+
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to allocate asymmetric crypto operation struct\n"
+			);
+		return TEST_FAILED;
+	}
+	/*
+	 * Set input data
+	 * - Sessionless operation, no session will be created. User is
+	 * responsible for taking care of xform lifetime -> in case of
+	 * ECDSA no keys are stored in xform so it is not security crucial to
+	 * clear data, although it is recommended to clear xform anyway.
+	 * - Verification of signature pair R, S.
+	 * - Message is a digest of message that was signed.
+	 * - q is a public key
+	 */
+	op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
+	op->asym->xform = &xform;
+	op->asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+	op->asym->ecdsa.message.data = test_vector->digest.data;
+	op->asym->ecdsa.message.length = test_vector->digest.length;
+	op->asym->ecdsa.q.x.data = test_vector->pubkey_qx.data;
+	op->asym->ecdsa.q.x.length = test_vector->pubkey_qx.length;
+	op->asym->ecdsa.q.y.data = test_vector->pubkey_qy.data;
+	op->asym->ecdsa.q.y.length = test_vector->pubkey_qx.length;
+	op->asym->ecdsa.r.data =  test_vector->sign_r.data;
+	op->asym->ecdsa.r.length =  test_vector->sign_r.length;
+	op->asym->ecdsa.s.data =  test_vector->sign_s.data;
+	op->asym->ecdsa.s.length =  test_vector->sign_s.length;
+
+	/* Sending packet for signature generation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Error sending packet for operation\n");
+		return TEST_FAILED;
+	}
+	/* Waiting for packet to be dequeued */
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		return TEST_FAILED;
+	}
+
+	/*
+	 * If result_op->status equals RTE_CRYPTO_OP_STATUS_SUCCESS
+	 * signature was verified correctly
+	 */
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"ECDSA verify failed.\n");
+		return TEST_FAILED;
+	}
+
+	return TEST_SUCCESS;
+}
+
 static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
 	.suite_name = "Crypto Device OPENSSL ASYM Unit Test Suite",
 	.setup = testsuite_setup,
@@ -2218,6 +2390,30 @@ static struct unit_test_suite cryptodev_qat_asym_testsuite  = {
 	.setup = testsuite_setup,
 	.teardown = testsuite_teardown,
 	.unit_test_cases = {
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp256r1 signature generation",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_sign, &ecdsa_param_secp256r1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp256r1 signature verification",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_verify, &ecdsa_param_secp256r1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp384r1 signature generation",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_sign, &ecdsa_param_secp384r1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp384r1 signature verification",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_verify, &ecdsa_param_secp384r1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp521r1 signature generation",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_sign, &ecdsa_param_secp521r1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp521r1 signature verification",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_verify, &ecdsa_param_secp521r1),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_one_by_one),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
-- 
2.13.6

[PATCH 2/2] test/crypto: add ecdh tests

[Arek Kusztal]

This commit adds ECDH test cases based on rfc5114.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_asym.c         | 357 +++++++++++++++++++++++++++++++++
 app/test/test_cryptodev_ecdh_vectors.h | 144 +++++++++++++
 2 files changed, 501 insertions(+)
 create mode 100644 app/test/test_cryptodev_ecdh_vectors.h

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 0fea47c42e..a097023011 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -23,6 +23,7 @@
 #include "test_cryptodev_rsa_test_vectors.h"
 #include "test_cryptodev_asym_util.h"
 #include "test.h"
+#include "test_cryptodev_ecdh_vectors.h"
 
 #define TEST_NUM_BUFS 10
 #define TEST_NUM_SESSIONS 4
@@ -2362,6 +2363,358 @@ test_ecdsa_verify(const void *input_vector)
 	return TEST_SUCCESS;
 }
 
+/*
+ * This function is split into 3 steps: STEP1, STEP1.5, STEP2
+ * Steps 1 and 2 are just DH steps (Public key and shared secret generation).
+ * Step 1.5 is Public Key verification (if point belongs to elliptic curve)
+ */
+static int
+test_ecdh(const void *input_vector)
+{
+	const struct ECDH_test_vector *test_vector = input_vector;
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_crypto_asym_xform xform = {
+		.next = NULL,
+		.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDH,
+		.ec.curve_id = test_vector->curve_id
+	};
+	const uint8_t dev_id = ts_params->valid_devs[0];
+
+	uint8_t alice_x[test_vector->curve_bytesize],
+		alice_y[test_vector->curve_bytesize];
+	uint8_t bob_x[test_vector->curve_bytesize],
+		bob_y[test_vector->curve_bytesize];
+	uint8_t alice_xZ[test_vector->curve_bytesize],
+		alice_yZ[test_vector->curve_bytesize];
+	uint8_t bob_xZ[test_vector->curve_bytesize],
+		bob_yZ[test_vector->curve_bytesize];
+	struct rte_crypto_op *alice_op = NULL, *bob_op = NULL;
+
+	alice_op = rte_crypto_op_alloc(op_mpool,
+		RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	bob_op = rte_crypto_op_alloc(op_mpool,
+		RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+
+	/*
+	 * STEP 1a:
+	 * Generate Alice public key
+	 */
+
+	alice_op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
+	alice_op->asym->xform = &xform;
+	alice_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE;
+	alice_op->asym->ecdh.priv_key = test_vector->alice_d;
+	alice_op->asym->ecdh.pub_key.x.data = alice_x;
+	alice_op->asym->ecdh.pub_key.y.data = alice_y;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &alice_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		return -1;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &alice_op, 1) == 0)
+		rte_pause();
+
+	if (alice_op->asym->ecdh.pub_key.x.length !=
+			test_vector->alice_q.x.length) {
+		RTE_LOG(ERR, USER1,
+				"Incorrect Alice public key length (X coeff) Received length = %lu Expeceted length = %lu\n",
+				test_vector->alice_q.x.length,
+				alice_op->asym->ecdh.pub_key.x.length
+			);
+		goto error;
+	}
+	if (alice_op->asym->ecdh.pub_key.y.length !=
+			test_vector->alice_q.y.length) {
+		RTE_LOG(ERR, USER1,
+				"Incorrect Alice public key length (Y coeff) Received length = %lu Expeceted length = %lu\n",
+					test_vector->alice_q.y.length,
+					alice_op->asym->ecdh.pub_key.y.length
+				);
+		goto error;
+	}
+	if (memcmp(alice_op->asym->ecdh.pub_key.x.data,
+			test_vector->alice_q.x.data,
+			test_vector->alice_q.x.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice public key X\n");
+		debug_hexdump(stdout, "Generated PublicKey x (Alice):",
+			alice_op->asym->ecdh.pub_key.x.data,
+			alice_op->asym->ecdh.pub_key.x.length);
+		goto error;
+	}
+	if (memcmp(alice_op->asym->ecdh.pub_key.y.data,
+			test_vector->alice_q.y.data,
+			test_vector->alice_q.y.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice public key Y\n");
+		debug_hexdump(stdout, "Generated PublicKey y (Alice):",
+				alice_op->asym->ecdh.pub_key.y.data,
+				alice_op->asym->ecdh.pub_key.y.length);
+		goto error;
+	}
+
+
+	/*
+	 * STEP 1b:
+	 * Generate Bob public key
+	 */
+
+	bob_op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
+	bob_op->asym->xform = &xform;
+	bob_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE;
+	bob_op->asym->ecdh.priv_key = test_vector->bob_d;
+	bob_op->asym->ecdh.pub_key.x.data = bob_x;
+	bob_op->asym->ecdh.pub_key.y.data = bob_y;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &bob_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		goto error;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &bob_op, 1) == 0)
+		rte_pause();
+
+	if (bob_op->asym->ecdh.pub_key.x.length !=
+			test_vector->bob_q.x.length) {
+		RTE_LOG(ERR, USER1,
+			"Incorrect Bob's public key length (X coeff) Received length = %lu Expeceted length = %lu\n",
+			test_vector->bob_q.x.length,
+			bob_op->asym->ecdh.pub_key.x.length
+		);
+		goto error;
+	}
+	if (bob_op->asym->ecdh.pub_key.y.length !=
+			test_vector->bob_q.y.length) {
+		RTE_LOG(ERR, USER1,
+			"Incorrect Bob's public key length (Y coeff) Received length = %lu Expeceted length = %lu\n",
+			test_vector->bob_q.y.length,
+			bob_op->asym->ecdh.pub_key.y.length
+		);
+		goto error;
+	}
+	if (memcmp(bob_op->asym->ecdh.pub_key.x.data,
+			test_vector->bob_q.x.data,
+			test_vector->bob_q.x.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's public key X\n");
+		debug_hexdump(stdout,
+			"Generated PublicKey x (bob):",
+			bob_op->asym->ecdh.pub_key.x.data,
+			bob_op->asym->ecdh.pub_key.x.length
+		);
+		goto error;
+	}
+	if (memcmp(bob_op->asym->ecdh.pub_key.y.data,
+			test_vector->bob_q.y.data,
+			test_vector->bob_q.y.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's public key Y\n");
+		debug_hexdump(stdout,
+			"Generated PublicKey y (bob):",
+			bob_op->asym->ecdh.pub_key.y.data,
+			bob_op->asym->ecdh.pub_key.y.length
+		);
+		goto error;
+	}
+
+	/*
+	 * STEP 1.5a:
+	 * Alice verifies Bob's public key, reusing op, other parameters
+	 * then already set, only what Alice needs to do is to set public
+	 * key of Bob and change key exchange type to VERIFY.
+	 */
+
+	alice_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY;
+	alice_op->asym->ecdh.pub_key.x.data = bob_x;
+	alice_op->asym->ecdh.pub_key.x.length =
+		bob_op->asym->ecdh.pub_key.x.length;
+	alice_op->asym->ecdh.pub_key.y.data = bob_y;
+	alice_op->asym->ecdh.pub_key.y.length =
+		bob_op->asym->ecdh.pub_key.y.length;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &alice_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		goto error;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &alice_op, 1) == 0)
+		rte_pause();
+
+	if (alice_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to verify Bob's public key, it does not belongs to curve points\n"
+			);
+		return TEST_FAILED;
+	}
+
+	/*
+	 * STEP 1.5b:
+	 * Bob verifies Alice's public key, reusing op, other parameters
+	 * then already set, only what Bob needs to do is to set public
+	 * key of Alice and change key exchange type to VERIFY.
+	 */
+
+	bob_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY;
+	bob_op->asym->ecdh.pub_key.x.data = alice_x;
+	bob_op->asym->ecdh.pub_key.x.length =
+		alice_op->asym->ecdh.pub_key.x.length;
+	bob_op->asym->ecdh.pub_key.y.data = alice_y;
+	bob_op->asym->ecdh.pub_key.y.length =
+		alice_op->asym->ecdh.pub_key.y.length;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &bob_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		goto error;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &bob_op, 1) == 0)
+		rte_pause();
+
+	if (bob_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to verify Alice's public key, it does not belongs to curve points\n"
+			);
+		goto error;
+	}
+
+	/*
+	 * STEP 2a:
+	 * Alice generates shared secret Z, since Bob's public key was already
+	 * set when doing verification only key exchange type need to be
+	 * changed, and setting place where Z will be copied by the PMD.
+	 */
+
+	alice_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE;
+	alice_op->asym->ecdh.shared_secret.x.data = alice_xZ;
+	alice_op->asym->ecdh.shared_secret.y.data = alice_yZ;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &alice_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		goto error;
+	}
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &alice_op, 1) == 0)
+		rte_pause();
+
+	if (alice_op->asym->ecdh.shared_secret.x.length !=
+			test_vector->Z.x.length) {
+		RTE_LOG(ERR, USER1,
+				"Incorrect Alice's shared secret length X Received = %lu Expected = %lu\n",
+				alice_op->asym->ecdh.shared_secret.x.length,
+				test_vector->Z.x.length
+		);
+		goto error;
+	}
+	if (alice_op->asym->ecdh.shared_secret.y.length !=
+			test_vector->Z.y.length) {
+		RTE_LOG(ERR, USER1,
+				"Incorrect Alice's shared secret length Y Received = %lu Expected = %lu\n",
+				alice_op->asym->ecdh.shared_secret.y.length,
+				test_vector->Z.y.length
+		);
+		goto error;
+	}
+
+	if (memcmp(alice_op->asym->ecdh.shared_secret.x.data,
+			test_vector->Z.x.data,
+			test_vector->Z.x.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice's shared secret X\n");
+		debug_hexdump(stdout,
+			"Generated SharedSecret x (Alice):",
+			alice_op->asym->ecdh.shared_secret.x.data,
+			alice_op->asym->ecdh.shared_secret.x.length
+		);
+		goto error;
+	}
+	if (memcmp(alice_op->asym->ecdh.shared_secret.y.data,
+			test_vector->Z.y.data,
+			test_vector->Z.y.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice's shared secret Y\n");
+		debug_hexdump(stdout,
+			"Generated SharedSecret y (Alice):",
+			alice_op->asym->ecdh.shared_secret.y.data,
+			alice_op->asym->ecdh.shared_secret.y.length
+		);
+		goto error;
+	}
+
+	/*
+	 * STEP 2b:
+	 * Bob generates shared secret Z, since Alice's public key was already
+	 * set when doing verification only key exchange type need to be
+	 * changed, and setting place where Z will be copied by the PMD.
+	 */
+
+	bob_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE;
+	bob_op->asym->ecdh.shared_secret.x.data = bob_xZ;
+	bob_op->asym->ecdh.shared_secret.y.data = bob_yZ;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &bob_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		goto error;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &bob_op, 1) == 0)
+		rte_pause();
+
+	if (bob_op->asym->ecdh.shared_secret.x.length !=
+			test_vector->Z.x.length) {
+		RTE_LOG(ERR, USER1,
+				"Incorrect Bob's shared secret length X Received = %lu Expected = %lu\n",
+				bob_op->asym->ecdh.shared_secret.x.length,
+				test_vector->Z.x.length
+		);
+		goto error;
+	}
+	if (bob_op->asym->ecdh.shared_secret.y.length !=
+			test_vector->Z.y.length) {
+		RTE_LOG(ERR, USER1,
+				"Incorrect Bob's shared secret length Y Received = %lu Expected = %lu\n",
+				bob_op->asym->ecdh.shared_secret.y.length,
+				test_vector->Z.y.length
+		);
+		goto error;
+	}
+
+	if (memcmp(bob_op->asym->ecdh.shared_secret.x.data,
+			test_vector->Z.x.data,
+			test_vector->Z.x.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's shared secret X\n");
+		debug_hexdump(stdout,
+			"Generated SharedSecret x (Bob):",
+			bob_op->asym->ecdh.shared_secret.x.data,
+			bob_op->asym->ecdh.shared_secret.x.length
+		);
+		goto error;
+	}
+	if (memcmp(bob_op->asym->ecdh.shared_secret.y.data,
+			test_vector->Z.y.data,
+			test_vector->Z.y.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's shared secret Y\n");
+		debug_hexdump(stdout,
+			"Generated SharedSecret y (Bob):",
+			bob_op->asym->ecdh.shared_secret.y.data,
+			bob_op->asym->ecdh.shared_secret.y.length
+		);
+		goto error;
+	}
+
+	/* Both shared secret where correctly verified -> Test passed */
+
+	return TEST_SUCCESS;
+error:
+	rte_crypto_op_free(alice_op);
+	rte_crypto_op_free(bob_op);
+	return TEST_FAILED;
+}
+
 static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
 	.suite_name = "Crypto Device OPENSSL ASYM Unit Test Suite",
 	.setup = testsuite_setup,
@@ -2391,6 +2744,10 @@ static struct unit_test_suite cryptodev_qat_asym_testsuite  = {
 	.teardown = testsuite_teardown,
 	.unit_test_cases = {
 		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDH secp256r1, RFC 5114 256 Random",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdh, &rfc5114_secp256r1),
+		TEST_CASE_NAMED_WITH_DATA(
 			"Test - ECDSA secp256r1 signature generation",
 			ut_setup_asym, ut_teardown_asym,
 			test_ecdsa_sign, &ecdsa_param_secp256r1),
diff --git a/app/test/test_cryptodev_ecdh_vectors.h b/app/test/test_cryptodev_ecdh_vectors.h
new file mode 100644
index 0000000000..553e33de38
--- /dev/null
+++ b/app/test/test_cryptodev_ecdh_vectors.h
@@ -0,0 +1,144 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (C) 2022 Intel Corporation
+ */
+
+#ifndef __TEST_CRYPTODEV_ECDH_VECTORS_H__
+#define __TEST_CRYPTODEV_ECDH_VECTORS_H__
+
+#include "rte_crypto_asym.h"
+
+/*
+ * Elliptic Curve Diffie-Hellman test vector struct
+ * Peers are named Alice and Bob
+ * q - is a public key
+ * d - is a private key
+ * Z - is a shared secret
+ */
+
+struct ECDH_test_vector {
+	enum rte_crypto_curve_id curve_id;
+	int curve_bytesize;
+	rte_crypto_uint alice_d;
+	rte_crypto_uint bob_d;
+	struct rte_crypto_ec_point alice_q;
+	struct rte_crypto_ec_point bob_q;
+	struct rte_crypto_ec_point Z;
+};
+
+/*
+ * Elliptic Curve Diffie-Hellman test
+ * It consist of three phases:
+ * - Generation of public key based on private key
+ * - Verification of peer's public key
+ * - Generation of shared secret
+ * Peers in tests are named Alice and Bob
+ */
+
+/* RFC 5114 256-bit Random ECP Group Data */
+
+/*
+ * Alice's parameters
+ */
+static uint8_t rfc5114_256b_dA[] = {
+	0x81, 0x42, 0x64, 0x14, 0x5F, 0x2F, 0x56, 0xF2,
+	0xE9, 0x6A, 0x8E, 0x33, 0x7A, 0x12, 0x84, 0x99,
+	0x3F, 0xAF, 0x43, 0x2A, 0x5A, 0xBC, 0xE5, 0x9E,
+	0x86, 0x7B, 0x72, 0x91, 0xD5, 0x07, 0xA3, 0xAF,
+};
+
+static uint8_t rfc5114_256b_x_qA[] = {
+	0x2A, 0xF5, 0x02, 0xF3, 0xBE, 0x89, 0x52, 0xF2,
+	0xC9, 0xB5, 0xA8, 0xD4, 0x16, 0x0D, 0x09, 0xE9,
+	0x71, 0x65, 0xBE, 0x50, 0xBC, 0x42, 0xAE, 0x4A,
+	0x5E, 0x8D, 0x3B, 0x4B, 0xA8, 0x3A, 0xEB, 0x15,
+};
+
+static uint8_t rfc5114_256b_y_qA[] = {
+	0xEB, 0x0F, 0xAF, 0x4C, 0xA9, 0x86, 0xC4, 0xD3,
+	0x86, 0x81, 0xA0, 0xF9, 0x87, 0x2D, 0x79, 0xD5,
+	0x67, 0x95, 0xBD, 0x4B, 0xFF, 0x6E, 0x6D, 0xE3,
+	0xC0, 0xF5, 0x01, 0x5E, 0xCE, 0x5E, 0xFD, 0x85,
+};
+
+/*
+ * Bob's parameters
+ */
+static uint8_t rfc5114_256b_dB[] = {
+	0x2C, 0xE1, 0x78, 0x8E, 0xC1, 0x97, 0xE0, 0x96,
+	0xDB, 0x95, 0xA2, 0x00, 0xCC, 0x0A, 0xB2, 0x6A,
+	0x19, 0xCE, 0x6B, 0xCC, 0xAD, 0x56, 0x2B, 0x8E,
+	0xEE, 0x1B, 0x59, 0x37, 0x61, 0xCF, 0x7F, 0x41,
+};
+
+static uint8_t rfc5114_256b_x_qB[] = {
+	0xB1, 0x20, 0xDE, 0x4A, 0xA3, 0x64, 0x92, 0x79,
+	0x53, 0x46, 0xE8, 0xDE, 0x6C, 0x2C, 0x86, 0x46,
+	0xAE, 0x06, 0xAA, 0xEA, 0x27, 0x9F, 0xA7, 0x75,
+	0xB3, 0xAB, 0x07, 0x15, 0xF6, 0xCE, 0x51, 0xB0,
+};
+
+static uint8_t rfc5114_256b_y_qB[] = {
+	0x9F, 0x1B, 0x7E, 0xEC, 0xE2, 0x0D, 0x7B, 0x5E,
+	0xD8, 0xEC, 0x68, 0x5F, 0xA3, 0xF0, 0x71, 0xD8,
+	0x37, 0x27, 0x02, 0x70, 0x92, 0xA8, 0x41, 0x13,
+	0x85, 0xC3, 0x4D, 0xDE, 0x57, 0x08, 0xB2, 0xB6,
+};
+
+static uint8_t rfc5114_256b_x_Z[] = {
+	0xDD, 0x0F, 0x53, 0x96, 0x21, 0x9D, 0x1E, 0xA3,
+	0x93, 0x31, 0x04, 0x12, 0xD1, 0x9A, 0x08, 0xF1,
+	0xF5, 0x81, 0x1E, 0x9D, 0xC8, 0xEC, 0x8E, 0xEA,
+	0x7F, 0x80, 0xD2, 0x1C, 0x82, 0x0C, 0x27, 0x88,
+};
+
+static uint8_t rfc5114_256b_y_Z[] = {
+	0x03, 0x57, 0xDC, 0xCD, 0x4C, 0x80, 0x4D, 0x0D,
+	0x8D, 0x33, 0xAA, 0x42, 0xB8, 0x48, 0x83, 0x4A,
+	0xA5, 0x60, 0x5F, 0x9A, 0xB0, 0xD3, 0x72, 0x39,
+	0xA1, 0x15, 0xBB, 0xB6, 0x47, 0x93, 0x6F, 0x50,
+};
+
+static struct ECDH_test_vector rfc5114_secp256r1 = {
+	.curve_id = RTE_CRYPTO_EC_GROUP_SECP256R1,
+	.curve_bytesize = 32,
+	.alice_d = {
+		.data = rfc5114_256b_dA,
+		.length = sizeof(rfc5114_256b_dA),
+	},
+	.alice_q = {
+		.x = {
+			.data = rfc5114_256b_x_qA,
+			.length = sizeof(rfc5114_256b_x_qA),
+		},
+		.y = {
+			.data = rfc5114_256b_y_qA,
+			.length = sizeof(rfc5114_256b_y_qA),
+		},
+	},
+	.bob_d = {
+		.data = rfc5114_256b_dB,
+		.length = sizeof(rfc5114_256b_dB)
+	},
+	.bob_q = {
+		.x = {
+			.data = rfc5114_256b_x_qB,
+			.length = sizeof(rfc5114_256b_x_qB),
+		},
+		.y = {
+			.data = rfc5114_256b_y_qB,
+			.length = sizeof(rfc5114_256b_y_qB),
+		},
+	},
+	.Z = {
+		.x = {
+			.data = rfc5114_256b_x_Z,
+			.length = sizeof(rfc5114_256b_x_Z),
+		},
+		.y = {
+			.data = rfc5114_256b_y_Z,
+			.length = sizeof(rfc5114_256b_y_Z),
+		}
+	}
+};
+
+#endif
\ No newline at end of file
-- 
2.13.6

RE: [EXT] [PATCH 0/2] test: add elliptic curve tests

[Akhil Goyal]

> This patchset adds new test cases that can be used to verify
> elliptic curve algorithms like ECDSA, ECDH, etc.
> 
> Depends-on: series-24333 ("crypto/qat: extend asymmetric crypto pmd")
> 
> Arek Kusztal (2):
>   test/crypto: add ecdsa qat test cases
>   test/crypto: add ecdh tests
> 
>  app/test/test_cryptodev_asym.c         | 553
> +++++++++++++++++++++++++++++++++
>  app/test/test_cryptodev_ecdh_vectors.h | 144 +++++++++
>  2 files changed, 697 insertions(+)
>  create mode 100644 app/test/test_cryptodev_ecdh_vectors.h
> 
This series is adding cases only in qat specific test suite.
We should get away with such PMD specific test suites similar to what we did for symmetric cases.