[dpdk-dev v1 1/2] app/test: add diffie-hellman test cases

[dpdk-dev v1 1/2] app/test: add diffie-hellman test cases

[Kai Ji]

From: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>

Added Diffie-Hellman tests. This tests adding possibility
to check correctness of particular DH phases, which is not
possible with current tests cases.

Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
Signed-off-by: Kai Ji <kai.ji@intel.com>
---
 app/test/test_cryptodev_asym.c            | 262 ++++++++++++++++++
 app/test/test_cryptodev_dh_test_vectors.h | 318 ++++++++++++++++++++++
 2 files changed, 580 insertions(+)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 5b16dcab56..91550946e2 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -64,6 +64,39 @@ static uint32_t test_index;

 static struct crypto_testsuite_params_asym testsuite_params = { NULL };

+static void
+test_crypto_rand(int len, uint8_t *buffer)
+{
+	int i;
+
+	for (i = 0; i < len; ++i)
+		buffer[i] = (uint8_t)(rand() % ((uint8_t)-1)) | 1;
+}
+
+static int
+process_crypto_request(uint8_t dev_id, struct rte_crypto_op **op,
+				struct rte_crypto_op **result_op)
+{
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, op, 1) != 1) {
+		RTE_LOG(ERR, USER1,
+			"line %u FAILED: %s",
+			__LINE__, "Error sending packet for operation");
+		return -1;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, result_op, 1) == 0)
+		rte_pause();
+
+	if (*result_op == NULL) {
+		RTE_LOG(ERR, USER1,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to process asym crypto op");
+		return -1;
+	}
+	return 0;
+}
+
 static int
 queue_ops_rsa_sign_verify(void *sess)
 {
@@ -2196,6 +2229,219 @@ test_ecpm_all_curve(void)
 	return overall_status;
 }

+static void *
+dh_alice_bob_set_session(uint8_t dev_id,
+	struct rte_crypto_op *op,
+	const struct test_dh_group *group)
+{
+	struct rte_crypto_asym_xform xform = { };
+	void *sess = NULL;
+	int ret = 0;
+
+	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_DH;
+	xform.dh.g.data = group->g.data;
+	xform.dh.g.length = group->g.bytesize;
+	xform.dh.p.data = group->p.data;
+	xform.dh.p.length = group->p.bytesize;
+	ret = rte_cryptodev_asym_session_create(dev_id, &xform,
+			testsuite_params.session_mpool, &sess);
+	if (ret)
+		return NULL;
+
+	rte_crypto_op_attach_asym_session(op, sess);
+	return sess;
+}
+
+static void
+dh_alice_bob_gen_x(const struct test_dh_group *group,
+	uint8_t *private_data)
+{
+	test_crypto_rand(group->priv_ff_size, private_data);
+	if (private_data[0] > group->p.data[0])
+		private_data[0] = group->p.data[0] - 1;
+}
+
+static int
+dh_alice_bob_gen_y(struct rte_crypto_op *op,
+	const char *name,
+	const uint8_t dev_id,
+	uint8_t *y,
+	uint8_t *x,
+	const int ff_size)
+{
+	struct rte_crypto_op *result_op;
+	int ret = 0;
+
+	op->asym->dh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE;
+	op->asym->dh.pub_key.data = y;
+	op->asym->dh.priv_key.data = x;
+	op->asym->dh.priv_key.length = ff_size;
+
+	ret = process_crypto_request(dev_id, &op, &result_op);
+	TEST_ASSERT_SUCCESS(ret, "Failed to compute public key for %s", name);
+
+	return 0;
+}
+
+static int
+dh_alice_bob_shared_compute(uint8_t dev_id,
+	const char *name,
+	struct rte_crypto_op *op,
+	uint8_t *secret,
+	uint8_t *peer,
+	uint32_t peer_size)
+{
+	struct rte_crypto_op *result_op;
+	int ret = 0;
+
+	op->asym->dh.ke_type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE;
+	op->asym->dh.pub_key.data = peer;
+	op->asym->dh.pub_key.length = peer_size;
+	op->asym->dh.shared_secret.data = secret;
+
+	ret = process_crypto_request(dev_id, &op, &result_op);
+	TEST_ASSERT_SUCCESS(ret,
+		"Failed to compute shared secret for %s",
+		name);
+
+	return 0;
+}
+
+/* Diffie-Hellman test to verify the processed data */
+static int
+dh_alice_bob_verify(struct rte_crypto_op *alice_op,
+	struct rte_crypto_op *bob_op)
+{
+	int ret = 0;
+
+	/* Verify processed data */
+	ret = (alice_op->asym->dh.shared_secret.length ==
+			bob_op->asym->dh.shared_secret.length);
+	if (!ret) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+			"Alice's and Bob's shared secret length do not match.");
+		return TEST_FAILED;
+	}
+	ret = memcmp(alice_op->asym->dh.shared_secret.data,
+		alice_op->asym->dh.shared_secret.data,
+		bob_op->asym->dh.shared_secret.length);
+	if (ret) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+			"Alice's and Bob's shared secret do not match.");
+		return TEST_FAILED;
+	}
+	return TEST_SUCCESS;
+}
+
+static int
+test_dh_alice_and_bob(const void *test_data)
+{
+	uint8_t alice_x[TEST_DH_MOD_LEN] = { };
+	uint8_t alice_y[TEST_DH_MOD_LEN] = { };
+	uint8_t alice_secret[TEST_DH_MOD_LEN] = { };
+	uint8_t bob_x[TEST_DH_MOD_LEN] = { };
+	uint8_t bob_y[TEST_DH_MOD_LEN] = { };
+	uint8_t bob_secret[TEST_DH_MOD_LEN] = { };
+
+	const struct test_dh_group *group = test_data;
+	struct rte_crypto_op *alice_op = NULL;
+	struct rte_crypto_op *bob_op = NULL;
+	void *alice_session = NULL;
+	void *bob_session = NULL;
+
+	int ret = TEST_SUCCESS;
+	uint32_t alice_y_size = 0;
+	uint32_t bob_y_size = 0;
+	uint8_t dev_id = testsuite_params.valid_devs[0];
+
+	alice_op = rte_crypto_op_alloc(testsuite_params.op_mpool,
+			RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (alice_op == NULL) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+			"Cannot allocate alice_op");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+	bob_op = rte_crypto_op_alloc(testsuite_params.op_mpool,
+			RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (bob_op == NULL) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+			"Cannot allocate bob_op");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+
+	alice_session = dh_alice_bob_set_session(dev_id, alice_op,
+		group);
+	if (alice_session == NULL) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+			"Cannot allocate alice_session");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+	bob_session = dh_alice_bob_set_session(dev_id, bob_op,
+		group);
+	if (bob_session == NULL) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+			"Cannot allocate bob_session");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+
+	dh_alice_bob_gen_x(group, alice_x);
+	ret = dh_alice_bob_gen_y(alice_op, "Alice", dev_id,
+		alice_y, alice_x, group->priv_ff_size);
+	if (ret) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+		"Diffie-Hellman error\n");
+		goto error_exit;
+	}
+	alice_y_size = alice_op->asym->dh.pub_key.length;
+	dh_alice_bob_gen_x(group, bob_x);
+	ret = dh_alice_bob_gen_y(bob_op, "Bob", dev_id,
+		bob_y, bob_x, group->priv_ff_size);
+	if (ret) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+		"Diffie-Hellman error\n");
+		goto error_exit;
+	}
+	bob_y_size = bob_op->asym->dh.pub_key.length;
+
+	ret = dh_alice_bob_shared_compute(dev_id, "Alice", alice_op,
+		alice_secret, bob_y, bob_y_size);
+	if (ret) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+		"Diffie-Hellman error, error computing Alice's shared secret");
+		goto error_exit;
+	}
+
+	ret = dh_alice_bob_shared_compute(dev_id, "Bob", bob_op, bob_secret,
+		alice_y, alice_y_size);
+	if (ret) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+		"Diffie-Hellman error, error computing Bob's shared secret");
+		goto error_exit;
+	}
+
+	ret = dh_alice_bob_verify(alice_op, bob_op);
+	if (ret) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+		"Diffie-Hellman error");
+		goto error_exit;
+	}
+
+error_exit:
+	if (alice_session)
+		rte_cryptodev_asym_session_free(dev_id, alice_session);
+	if (bob_session)
+		rte_cryptodev_asym_session_free(dev_id, bob_session);
+	if (alice_op)
+		rte_crypto_op_free(alice_op);
+	if (bob_op != NULL)
+		rte_crypto_op_free(bob_op);
+	return ret;
+}
+
 static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
 	.suite_name = "Crypto Device OPENSSL ASYM Unit Test Suite",
 	.setup = testsuite_setup,
@@ -2215,6 +2461,22 @@ static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_inv),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_one_by_one),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Diffie-Hellman Alice and Bob group 14 ikev2 test",
+			ut_setup_asym, ut_teardown_asym,
+			test_dh_alice_and_bob, &test_dh_ikev2group_14),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Diffie-Hellman Alice and Bob group 15 ikev2 test",
+			ut_setup_asym, ut_teardown_asym,
+			test_dh_alice_and_bob, &test_dh_ikev2group_15),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Diffie-Hellman Alice and Bob group 16 ikev2 test",
+			ut_setup_asym, ut_teardown_asym,
+			test_dh_alice_and_bob, &test_dh_ikev2group_16),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Diffie-Hellman Alice and Bob group 24 ikev2 test",
+			ut_setup_asym, ut_teardown_asym,
+			test_dh_alice_and_bob, &test_dh_ikev2group_24),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_dh_test_vectors.h b/app/test/test_cryptodev_dh_test_vectors.h
index fe7510dcd3..6af677c614 100644
--- a/app/test/test_cryptodev_dh_test_vectors.h
+++ b/app/test/test_cryptodev_dh_test_vectors.h
@@ -10,6 +10,18 @@
 #define TEST_DATA_SIZE 4096
 #define TEST_DH_MOD_LEN 1024

+struct test_dh_group {
+	int id;
+	struct {
+		uint8_t *data;
+		uint32_t bytesize;
+	} g;
+	struct {
+		uint8_t *data;
+		uint32_t bytesize;
+	} p;
+	uint32_t priv_ff_size;
+};

 struct dh_test_param {
 	rte_crypto_param priv_key;
@@ -77,4 +89,310 @@ struct rte_crypto_asym_xform dh_xform = {
 	}
 };

+static uint8_t test_dh_gen_2[] = {
+	0x2,
+};
+
+static uint8_t test_dh_ikev2group14_p[] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+	0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+	0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+	0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+	0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+	0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+	0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+	0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+	0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+	0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+	0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+	0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+	0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+	0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+	0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+	0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+	0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+	0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+	0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+	0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+	0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+	0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+	0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static uint8_t test_dh_ikev2group15_p[] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+	0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+	0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+	0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+	0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+	0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+	0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+	0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+	0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+	0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+	0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+	0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+	0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+	0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+	0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+	0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+	0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+	0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+	0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+	0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+	0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+	0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+	0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+	0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+	0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+	0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+	0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+	0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+	0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+	0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+	0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+	0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+	0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+	0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+	0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+	0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+	0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+	0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+	0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static uint8_t test_dh_ikev2group16_p[] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+	0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+	0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+	0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+	0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+	0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+	0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+	0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+	0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+	0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+	0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+	0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+	0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+	0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+	0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+	0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+	0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+	0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+	0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+	0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+	0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+	0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+	0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+	0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+	0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+	0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+	0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+	0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+	0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+	0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+	0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+	0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+	0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+	0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+	0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+	0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+	0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+	0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+	0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+	0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+	0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+	0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+	0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+	0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+	0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+	0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+	0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+	0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+	0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+	0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+	0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+	0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+	0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+	0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+	0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static uint8_t test_dh_ikev2group24_p[] = {
+	0x87, 0xA8, 0xE6, 0x1D, 0xB4, 0xB6, 0x66, 0x3C,
+	0xFF, 0xBB, 0xD1, 0x9C, 0x65, 0x19, 0x59, 0x99,
+	0x8C, 0xEE, 0xF6, 0x08, 0x66, 0x0D, 0xD0, 0xF2,
+	0x5D, 0x2C, 0xEE, 0xD4, 0x43, 0x5E, 0x3B, 0x00,
+	0xE0, 0x0D, 0xF8, 0xF1, 0xD6, 0x19, 0x57, 0xD4,
+	0xFA, 0xF7, 0xDF, 0x45, 0x61, 0xB2, 0xAA, 0x30,
+	0x16, 0xC3, 0xD9, 0x11, 0x34, 0x09, 0x6F, 0xAA,
+	0x3B, 0xF4, 0x29, 0x6D, 0x83, 0x0E, 0x9A, 0x7C,
+	0x20, 0x9E, 0x0C, 0x64, 0x97, 0x51, 0x7A, 0xBD,
+	0x5A, 0x8A, 0x9D, 0x30, 0x6B, 0xCF, 0x67, 0xED,
+	0x91, 0xF9, 0xE6, 0x72, 0x5B, 0x47, 0x58, 0xC0,
+	0x22, 0xE0, 0xB1, 0xEF, 0x42, 0x75, 0xBF, 0x7B,
+	0x6C, 0x5B, 0xFC, 0x11, 0xD4, 0x5F, 0x90, 0x88,
+	0xB9, 0x41, 0xF5, 0x4E, 0xB1, 0xE5, 0x9B, 0xB8,
+	0xBC, 0x39, 0xA0, 0xBF, 0x12, 0x30, 0x7F, 0x5C,
+	0x4F, 0xDB, 0x70, 0xC5, 0x81, 0xB2, 0x3F, 0x76,
+	0xB6, 0x3A, 0xCA, 0xE1, 0xCA, 0xA6, 0xB7, 0x90,
+	0x2D, 0x52, 0x52, 0x67, 0x35, 0x48, 0x8A, 0x0E,
+	0xF1, 0x3C, 0x6D, 0x9A, 0x51, 0xBF, 0xA4, 0xAB,
+	0x3A, 0xD8, 0x34, 0x77, 0x96, 0x52, 0x4D, 0x8E,
+	0xF6, 0xA1, 0x67, 0xB5, 0xA4, 0x18, 0x25, 0xD9,
+	0x67, 0xE1, 0x44, 0xE5, 0x14, 0x05, 0x64, 0x25,
+	0x1C, 0xCA, 0xCB, 0x83, 0xE6, 0xB4, 0x86, 0xF6,
+	0xB3, 0xCA, 0x3F, 0x79, 0x71, 0x50, 0x60, 0x26,
+	0xC0, 0xB8, 0x57, 0xF6, 0x89, 0x96, 0x28, 0x56,
+	0xDE, 0xD4, 0x01, 0x0A, 0xBD, 0x0B, 0xE6, 0x21,
+	0xC3, 0xA3, 0x96, 0x0A, 0x54, 0xE7, 0x10, 0xC3,
+	0x75, 0xF2, 0x63, 0x75, 0xD7, 0x01, 0x41, 0x03,
+	0xA4, 0xB5, 0x43, 0x30, 0xC1, 0x98, 0xAF, 0x12,
+	0x61, 0x16, 0xD2, 0x27, 0x6E, 0x11, 0x71, 0x5F,
+	0x69, 0x38, 0x77, 0xFA, 0xD7, 0xEF, 0x09, 0xCA,
+	0xDB, 0x09, 0x4A, 0xE9, 0x1E, 0x1A, 0x15, 0x97,
+};
+
+
+static uint8_t test_dh_ikev2group24_g[] = {
+	0x3F, 0xB3, 0x2C, 0x9B, 0x73, 0x13, 0x4D, 0x0B,
+	0x2E, 0x77, 0x50, 0x66, 0x60, 0xED, 0xBD, 0x48,
+	0x4C, 0xA7, 0xB1, 0x8F, 0x21, 0xEF, 0x20, 0x54,
+	0x07, 0xF4, 0x79, 0x3A, 0x1A, 0x0B, 0xA1, 0x25,
+	0x10, 0xDB, 0xC1, 0x50, 0x77, 0xBE, 0x46, 0x3F,
+	0xFF, 0x4F, 0xED, 0x4A, 0xAC, 0x0B, 0xB5, 0x55,
+	0xBE, 0x3A, 0x6C, 0x1B, 0x0C, 0x6B, 0x47, 0xB1,
+	0xBC, 0x37, 0x73, 0xBF, 0x7E, 0x8C, 0x6F, 0x62,
+	0x90, 0x12, 0x28, 0xF8, 0xC2, 0x8C, 0xBB, 0x18,
+	0xA5, 0x5A, 0xE3, 0x13, 0x41, 0x00, 0x0A, 0x65,
+	0x01, 0x96, 0xF9, 0x31, 0xC7, 0x7A, 0x57, 0xF2,
+	0xDD, 0xF4, 0x63, 0xE5, 0xE9, 0xEC, 0x14, 0x4B,
+	0x77, 0x7D, 0xE6, 0x2A, 0xAA, 0xB8, 0xA8, 0x62,
+	0x8A, 0xC3, 0x76, 0xD2, 0x82, 0xD6, 0xED, 0x38,
+	0x64, 0xE6, 0x79, 0x82, 0x42, 0x8E, 0xBC, 0x83,
+	0x1D, 0x14, 0x34, 0x8F, 0x6F, 0x2F, 0x91, 0x93,
+	0xB5, 0x04, 0x5A, 0xF2, 0x76, 0x71, 0x64, 0xE1,
+	0xDF, 0xC9, 0x67, 0xC1, 0xFB, 0x3F, 0x2E, 0x55,
+	0xA4, 0xBD, 0x1B, 0xFF, 0xE8, 0x3B, 0x9C, 0x80,
+	0xD0, 0x52, 0xB9, 0x85, 0xD1, 0x82, 0xEA, 0x0A,
+	0xDB, 0x2A, 0x3B, 0x73, 0x13, 0xD3, 0xFE, 0x14,
+	0xC8, 0x48, 0x4B, 0x1E, 0x05, 0x25, 0x88, 0xB9,
+	0xB7, 0xD2, 0xBB, 0xD2, 0xDF, 0x01, 0x61, 0x99,
+	0xEC, 0xD0, 0x6E, 0x15, 0x57, 0xCD, 0x09, 0x15,
+	0xB3, 0x35, 0x3B, 0xBB, 0x64, 0xE0, 0xEC, 0x37,
+	0x7F, 0xD0, 0x28, 0x37, 0x0D, 0xF9, 0x2B, 0x52,
+	0xC7, 0x89, 0x14, 0x28, 0xCD, 0xC6, 0x7E, 0xB6,
+	0x18, 0x4B, 0x52, 0x3D, 0x1D, 0xB2, 0x46, 0xC3,
+	0x2F, 0x63, 0x07, 0x84, 0x90, 0xF0, 0x0E, 0xF8,
+	0xD6, 0x47, 0xD1, 0x48, 0xD4, 0x79, 0x54, 0x51,
+	0x5E, 0x23, 0x27, 0xCF, 0xEF, 0x98, 0xC5, 0x82,
+	0x66, 0x4B, 0x4C, 0x0F, 0x6C, 0xC4, 0x16, 0x59,
+};
+
+static const struct test_dh_group test_dh_ikev2group_14 = {
+	.id = 0,
+	/*
+	 * Officially 14, ikev2
+	 */
+	.g = {
+		.data = test_dh_gen_2,
+		.bytesize = sizeof(test_dh_gen_2),
+	},
+	.p = {
+		.data = test_dh_ikev2group14_p,
+		.bytesize = sizeof(test_dh_ikev2group14_p),
+	},
+	.priv_ff_size = 256,
+};
+
+static const struct test_dh_group test_dh_ikev2group_15 = {
+	.id = 0,
+	/*
+	 * Officially 15, ikev2
+	 */
+	.g = {
+		.data = test_dh_gen_2,
+		.bytesize = sizeof(test_dh_gen_2),
+	},
+	.p = {
+		.data = test_dh_ikev2group15_p,
+		.bytesize = sizeof(test_dh_ikev2group15_p),
+	},
+	.priv_ff_size = 384,
+};
+
+static const struct test_dh_group test_dh_ikev2group_16 = {
+	.id = 0,
+	/*
+	 * Officially 16, ikev2
+	 */
+	.g = {
+		.data = test_dh_gen_2,
+		.bytesize = sizeof(test_dh_gen_2),
+	},
+	.p = {
+		.data = test_dh_ikev2group16_p,
+		.bytesize = sizeof(test_dh_ikev2group16_p),
+	},
+	.priv_ff_size = 512,
+};
+
+static const struct test_dh_group test_dh_ikev2group_24 = {
+	.id = 0,
+	/*
+	 * Officially 24, ikev2
+	 */
+	.g = {
+		.data = test_dh_ikev2group24_g,
+		.bytesize = sizeof(test_dh_ikev2group24_g),
+	},
+	.p = {
+		.data = test_dh_ikev2group24_p,
+		.bytesize = sizeof(test_dh_ikev2group24_p),
+	},
+	.priv_ff_size = 32,
+};
+
+static const struct test_dh_group test_ecdh_secp256r1 = {
+	.id = RTE_CRYPTO_EC_GROUP_SECP256R1,
+	.priv_ff_size = 32,
+};
+static const struct test_dh_group test_ecdh_secp384r1 = {
+	.id = RTE_CRYPTO_EC_GROUP_SECP384R1,
+	.priv_ff_size = 48,
+};
+static const struct test_dh_group test_ecdh_secp521r1 = {
+	.id = RTE_CRYPTO_EC_GROUP_SECP521R1,
+	.priv_ff_size = 64,
+};
+
+
 #endif /* TEST_CRYPTODEV_DH_TEST_VECTORS_H__ */
--
2.17.1

[dpdk-dev v1 2/2] app/test: add ecdh test cases

[Kai Ji]

From: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>

Added Elliptic-Curve Diffie Hellman test cases.

Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
Signed-off-by: Kai Ji <kai.ji@intel.com>
---
 app/test/test_cryptodev_asym.c              | 356 ++++++++++++++++++++
 app/test/test_cryptodev_ecdh_test_vectors.h | 144 ++++++++
 2 files changed, 500 insertions(+)
 create mode 100644 app/test/test_cryptodev_ecdh_test_vectors.h

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 91550946e2..9e475051e0 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -19,6 +19,7 @@
 #include "test_cryptodev_dsa_test_vectors.h"
 #include "test_cryptodev_ecdsa_test_vectors.h"
 #include "test_cryptodev_ecpm_test_vectors.h"
+#include "test_cryptodev_ecdh_test_vectors.h"
 #include "test_cryptodev_mod_test_vectors.h"
 #include "test_cryptodev_rsa_test_vectors.h"
 #include "test_cryptodev_asym_util.h"
@@ -2229,6 +2230,357 @@ test_ecpm_all_curve(void)
 	return overall_status;
 }

+static int
+test_ecdh(const void *input_vector)
+{
+	const struct ECDH_test_vector *test_vector = input_vector;
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_crypto_asym_xform xform = {
+		.next = NULL,
+		.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDH,
+		.ec.curve_id = test_vector->curve_id
+	};
+	const uint8_t dev_id = ts_params->valid_devs[0];
+	uint8_t alice_x[test_vector->curve_bytesize],
+		alice_y[test_vector->curve_bytesize];
+	uint8_t bob_x[test_vector->curve_bytesize],
+		bob_y[test_vector->curve_bytesize];
+	uint8_t alice_xZ[test_vector->curve_bytesize],
+		alice_yZ[test_vector->curve_bytesize];
+	uint8_t bob_xZ[test_vector->curve_bytesize],
+		bob_yZ[test_vector->curve_bytesize];
+	struct rte_crypto_op *alice_op = NULL, *bob_op = NULL;
+
+	alice_op = rte_crypto_op_alloc(op_mpool,
+		RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	bob_op = rte_crypto_op_alloc(op_mpool,
+		RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+
+	/*
+	 * STEP 1a:
+	 * Generate Alice public key
+	 */
+
+	alice_op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
+	alice_op->asym->xform = &xform;
+	alice_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE;
+	alice_op->asym->ecdh.priv_key = test_vector->alice_d;
+	alice_op->asym->ecdh.pub_key.x.data = alice_x;
+	alice_op->asym->ecdh.pub_key.y.data = alice_y;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &alice_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		return -1;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &alice_op, 1) == 0)
+		rte_pause();
+
+	if (alice_op->asym->ecdh.pub_key.x.length !=
+			test_vector->alice_q.x.length) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice public key length (X coeff)\n");
+		RTE_LOG(ERR, USER1,
+			"Received length = %d Expected length = %d\n",
+			(unsigned int)test_vector->alice_q.x.length,
+			(unsigned int)alice_op->asym->ecdh.pub_key.x.length
+		);
+		goto error;
+	}
+	if (alice_op->asym->ecdh.pub_key.y.length !=
+			test_vector->alice_q.y.length) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice public key length (X coeff)\n");
+		RTE_LOG(ERR, USER1,
+			"Received length = %d Expected length = %d\n",
+			(unsigned int)test_vector->alice_q.y.length,
+			(unsigned int)alice_op->asym->ecdh.pub_key.y.length
+		);
+		goto error;
+	}
+	if (memcmp(alice_op->asym->ecdh.pub_key.x.data,
+			test_vector->alice_q.x.data,
+			test_vector->alice_q.x.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice public key X\n");
+		debug_hexdump(stdout, "Generated PublicKey x (Alice):",
+			alice_op->asym->ecdh.pub_key.x.data,
+			alice_op->asym->ecdh.pub_key.x.length);
+		goto error;
+	}
+	if (memcmp(alice_op->asym->ecdh.pub_key.y.data,
+			test_vector->alice_q.y.data,
+			test_vector->alice_q.y.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice public key Y\n");
+		debug_hexdump(stdout, "Generated PublicKey y (Alice):",
+				alice_op->asym->ecdh.pub_key.y.data,
+				alice_op->asym->ecdh.pub_key.y.length);
+		goto error;
+	}
+
+
+	/*
+	 * STEP 1b:
+	 * Generate Bob public key
+	 */
+
+	bob_op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
+	bob_op->asym->xform = &xform;
+	bob_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE;
+	bob_op->asym->ecdh.priv_key = test_vector->bob_d;
+	bob_op->asym->ecdh.pub_key.x.data = bob_x;
+	bob_op->asym->ecdh.pub_key.y.data = bob_y;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &bob_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		goto error;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &bob_op, 1) == 0)
+		rte_pause();
+
+	if (bob_op->asym->ecdh.pub_key.x.length !=
+			test_vector->bob_q.x.length) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's public key length (X coeff)\n");
+		RTE_LOG(ERR, USER1,
+			"Received length = %d Expected length = %d\n",
+			(unsigned int)test_vector->bob_q.x.length,
+			(unsigned int)bob_op->asym->ecdh.pub_key.x.length
+		);
+		goto error;
+	}
+	if (bob_op->asym->ecdh.pub_key.y.length !=
+			test_vector->bob_q.y.length) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's public key length (Y coeff)\n");
+		RTE_LOG(ERR, USER1,
+			"Received length = %d Expected length = %d\n",
+			(unsigned int)test_vector->bob_q.y.length,
+			(unsigned int)bob_op->asym->ecdh.pub_key.y.length
+		);
+		goto error;
+	}
+	if (memcmp(bob_op->asym->ecdh.pub_key.x.data,
+			test_vector->bob_q.x.data,
+			test_vector->bob_q.x.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's public key X\n");
+		debug_hexdump(stdout,
+			"Generated PublicKey x (bob):",
+			bob_op->asym->ecdh.pub_key.x.data,
+			bob_op->asym->ecdh.pub_key.x.length
+		);
+		goto error;
+	}
+	if (memcmp(bob_op->asym->ecdh.pub_key.y.data,
+			test_vector->bob_q.y.data,
+			test_vector->bob_q.y.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's public key Y\n");
+		debug_hexdump(stdout,
+			"Generated PublicKey y (bob):",
+			bob_op->asym->ecdh.pub_key.y.data,
+			bob_op->asym->ecdh.pub_key.y.length
+		);
+		goto error;
+	}
+
+	/*
+	 * STEP 1.5a:
+	 * Alice verifies Bob's public key, reusing op, other parameters
+	 * then already set, only what Alice needs to do is to set public
+	 * key of Bob and change key exchange type to VERIFY.
+	 */
+
+	alice_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY;
+	alice_op->asym->ecdh.pub_key.x.data = bob_x;
+	alice_op->asym->ecdh.pub_key.x.length =
+		bob_op->asym->ecdh.pub_key.x.length;
+	alice_op->asym->ecdh.pub_key.y.data = bob_y;
+	alice_op->asym->ecdh.pub_key.y.length =
+		bob_op->asym->ecdh.pub_key.y.length;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &alice_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		goto error;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &alice_op, 1) == 0)
+		rte_pause();
+
+	if (alice_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+			"line %u FAILED: %s", __LINE__,
+			"Failed to verify Bob's public key, it does not belongs to curve points\n"
+		);
+		return TEST_FAILED;
+	}
+
+	/*
+	 * STEP 1.5b:
+	 * Bob verifies Alice's public key, reusing op, other parameters
+	 * then already set, only what Bob needs to do is to set public
+	 * key of Alice and change key exchange type to VERIFY.
+	 */
+
+	bob_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY;
+	bob_op->asym->ecdh.pub_key.x.data = alice_x;
+	bob_op->asym->ecdh.pub_key.x.length =
+		alice_op->asym->ecdh.pub_key.x.length;
+	bob_op->asym->ecdh.pub_key.y.data = alice_y;
+	bob_op->asym->ecdh.pub_key.y.length =
+		alice_op->asym->ecdh.pub_key.y.length;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &bob_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		goto error;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &bob_op, 1) == 0)
+		rte_pause();
+
+	if (bob_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+			"line %u FAILED: %s", __LINE__,
+			"Failed to verify Alice's public key it does not belongs to curve points\n"
+		);
+		goto error;
+	}
+
+	/*
+	 * STEP 2a:
+	 * Alice generates shared secret Z, since Bob's public key was already
+	 * set when doing verification only key exchange type need to be changed,
+	 * and setting place where Z will be copied by the PMD.
+	 */
+
+	alice_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE;
+	alice_op->asym->ecdh.shared_secret.x.data = alice_xZ;
+	alice_op->asym->ecdh.shared_secret.y.data = alice_yZ;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &alice_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		goto error;
+	}
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &alice_op, 1) == 0)
+		rte_pause();
+
+	if (alice_op->asym->ecdh.shared_secret.x.length !=
+			test_vector->Z.x.length) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice's shared secret length X\n");
+		RTE_LOG(ERR, USER1,
+			"Received = %d Expected = %d\n",
+			(unsigned int)alice_op->asym->ecdh.shared_secret.x.length,
+			(unsigned int)test_vector->Z.x.length
+		);
+		goto error;
+	}
+	if (alice_op->asym->ecdh.shared_secret.y.length != test_vector->Z.y.length) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice's shared secret length Y\n");
+		RTE_LOG(ERR, USER1,
+			"Received = %d Expected = %d\n",
+			(unsigned int)alice_op->asym->ecdh.shared_secret.y.length,
+			(unsigned int)test_vector->Z.y.length
+		);
+		goto error;
+	}
+
+	if (memcmp(alice_op->asym->ecdh.shared_secret.x.data,
+			test_vector->Z.x.data,
+			test_vector->Z.x.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice's shared secret X\n");
+		debug_hexdump(stdout,
+			"Generated SharedSecret x (Alice):",
+			alice_op->asym->ecdh.shared_secret.x.data,
+			alice_op->asym->ecdh.shared_secret.x.length
+		);
+		goto error;
+	}
+	if (memcmp(alice_op->asym->ecdh.shared_secret.y.data,
+			test_vector->Z.y.data,
+			test_vector->Z.y.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice's shared secret Y\n");
+		debug_hexdump(stdout,
+			"Generated SharedSecret y (Alice):",
+			alice_op->asym->ecdh.shared_secret.y.data,
+			alice_op->asym->ecdh.shared_secret.y.length
+		);
+		goto error;
+	}
+
+	/*
+	 * STEP 2b:
+	 * Bob generates shared secret Z, since Alice's public key was already
+	 * set when doing verification only, key exchange type needs to be
+	 * changed, and setting place where Z will be copied by the PMD.
+	 */
+
+	bob_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE;
+	bob_op->asym->ecdh.shared_secret.x.data = bob_xZ;
+	bob_op->asym->ecdh.shared_secret.y.data = bob_yZ;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &bob_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		goto error;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &bob_op, 1) == 0)
+		rte_pause();
+
+	if (bob_op->asym->ecdh.shared_secret.x.length != test_vector->Z.x.length) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's shared secret length X\n");
+		RTE_LOG(ERR, USER1,
+			"Received = %d Expected = %d\n",
+			(unsigned int)bob_op->asym->ecdh.shared_secret.x.length,
+			(unsigned int)test_vector->Z.x.length
+		);
+		goto error;
+	}
+	if (bob_op->asym->ecdh.shared_secret.y.length != test_vector->Z.y.length) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's shared secret length Y\n");
+		RTE_LOG(ERR, USER1,
+			"Received = %d Expected = %d\n",
+			(unsigned int)bob_op->asym->ecdh.shared_secret.y.length,
+			(unsigned int)test_vector->Z.y.length
+		);
+		goto error;
+	}
+
+	if (memcmp(bob_op->asym->ecdh.shared_secret.x.data,
+			test_vector->Z.x.data,
+			test_vector->Z.x.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's shared secret X\n");
+		debug_hexdump(stdout,
+			"Generated SharedSecret x (Bob):",
+			bob_op->asym->ecdh.shared_secret.x.data,
+			bob_op->asym->ecdh.shared_secret.x.length
+		);
+		goto error;
+	}
+	if (memcmp(bob_op->asym->ecdh.shared_secret.y.data,
+			test_vector->Z.y.data,
+			test_vector->Z.y.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's shared secret Y\n");
+		debug_hexdump(stdout,
+			"Generated SharedSecret y (Bob):",
+			bob_op->asym->ecdh.shared_secret.y.data,
+			bob_op->asym->ecdh.shared_secret.y.length
+		);
+		goto error;
+	}
+
+	/* Both shared secret where correctly verified -> Test passed */
+
+	return TEST_SUCCESS;
+error:
+	rte_crypto_op_free(alice_op);
+	rte_crypto_op_free(bob_op);
+	return TEST_FAILED;
+}
+
 static void *
 dh_alice_bob_set_session(uint8_t dev_id,
 	struct rte_crypto_op *op,
@@ -2487,6 +2839,10 @@ static struct unit_test_suite cryptodev_qat_asym_testsuite  = {
 	.teardown = testsuite_teardown,
 	.unit_test_cases = {
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_one_by_one),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDH secp256r1, RFC 5114 256",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdh, &rfc5114_secp256r1),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_ecdh_test_vectors.h b/app/test/test_cryptodev_ecdh_test_vectors.h
new file mode 100644
index 0000000000..c8151302ed
--- /dev/null
+++ b/app/test/test_cryptodev_ecdh_test_vectors.h
@@ -0,0 +1,144 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (C) 2022 Intel Corporation
+ */
+
+#ifndef __TEST_CRYPTODEV_ECDH_VECTORS_H__
+#define __TEST_CRYPTODEV_ECDH_VECTORS_H__
+
+#include "rte_crypto_asym.h"
+
+/*
+ * Elliptic Curve Diffie-Hellman test vector struct
+ * Peers are named Alice and Bob
+ * q - is a public key
+ * d - is a private key
+ * Z - is a shared secret
+ */
+
+struct ECDH_test_vector {
+	enum rte_crypto_curve_id curve_id;
+	int curve_bytesize;
+	rte_crypto_uint alice_d;
+	rte_crypto_uint bob_d;
+	struct rte_crypto_ec_point alice_q;
+	struct rte_crypto_ec_point bob_q;
+	struct rte_crypto_ec_point Z;
+};
+
+/*
+ * Elliptic Curve Diffie-Hellman test
+ * It consist of three phases:
+ * - Generation of public key based on private key
+ * - Verification of peer's public key
+ * - Generation of shared secret
+ * Peers in tests are named Alice and Bob
+ */
+
+/* RFC 5114 256-bit Random ECP Group Data */
+
+/*
+ * Alice's parameters
+ */
+static uint8_t rfc5114_256b_dA[] = {
+	0x81, 0x42, 0x64, 0x14, 0x5F, 0x2F, 0x56, 0xF2,
+	0xE9, 0x6A, 0x8E, 0x33, 0x7A, 0x12, 0x84, 0x99,
+	0x3F, 0xAF, 0x43, 0x2A, 0x5A, 0xBC, 0xE5, 0x9E,
+	0x86, 0x7B, 0x72, 0x91, 0xD5, 0x07, 0xA3, 0xAF,
+};
+
+static uint8_t rfc5114_256b_x_qA[] = {
+	0x2A, 0xF5, 0x02, 0xF3, 0xBE, 0x89, 0x52, 0xF2,
+	0xC9, 0xB5, 0xA8, 0xD4, 0x16, 0x0D, 0x09, 0xE9,
+	0x71, 0x65, 0xBE, 0x50, 0xBC, 0x42, 0xAE, 0x4A,
+	0x5E, 0x8D, 0x3B, 0x4B, 0xA8, 0x3A, 0xEB, 0x15,
+};
+
+static uint8_t rfc5114_256b_y_qA[] = {
+	0xEB, 0x0F, 0xAF, 0x4C, 0xA9, 0x86, 0xC4, 0xD3,
+	0x86, 0x81, 0xA0, 0xF9, 0x87, 0x2D, 0x79, 0xD5,
+	0x67, 0x95, 0xBD, 0x4B, 0xFF, 0x6E, 0x6D, 0xE3,
+	0xC0, 0xF5, 0x01, 0x5E, 0xCE, 0x5E, 0xFD, 0x85,
+};
+
+/*
+ * Bob's parameters
+ */
+static uint8_t rfc5114_256b_dB[] = {
+	0x2C, 0xE1, 0x78, 0x8E, 0xC1, 0x97, 0xE0, 0x96,
+	0xDB, 0x95, 0xA2, 0x00, 0xCC, 0x0A, 0xB2, 0x6A,
+	0x19, 0xCE, 0x6B, 0xCC, 0xAD, 0x56, 0x2B, 0x8E,
+	0xEE, 0x1B, 0x59, 0x37, 0x61, 0xCF, 0x7F, 0x41,
+};
+
+static uint8_t rfc5114_256b_x_qB[] = {
+	0xB1, 0x20, 0xDE, 0x4A, 0xA3, 0x64, 0x92, 0x79,
+	0x53, 0x46, 0xE8, 0xDE, 0x6C, 0x2C, 0x86, 0x46,
+	0xAE, 0x06, 0xAA, 0xEA, 0x27, 0x9F, 0xA7, 0x75,
+	0xB3, 0xAB, 0x07, 0x15, 0xF6, 0xCE, 0x51, 0xB0,
+};
+
+static uint8_t rfc5114_256b_y_qB[] = {
+	0x9F, 0x1B, 0x7E, 0xEC, 0xE2, 0x0D, 0x7B, 0x5E,
+	0xD8, 0xEC, 0x68, 0x5F, 0xA3, 0xF0, 0x71, 0xD8,
+	0x37, 0x27, 0x02, 0x70, 0x92, 0xA8, 0x41, 0x13,
+	0x85, 0xC3, 0x4D, 0xDE, 0x57, 0x08, 0xB2, 0xB6,
+};
+
+static uint8_t rfc5114_256b_x_Z[] = {
+	0xDD, 0x0F, 0x53, 0x96, 0x21, 0x9D, 0x1E, 0xA3,
+	0x93, 0x31, 0x04, 0x12, 0xD1, 0x9A, 0x08, 0xF1,
+	0xF5, 0x81, 0x1E, 0x9D, 0xC8, 0xEC, 0x8E, 0xEA,
+	0x7F, 0x80, 0xD2, 0x1C, 0x82, 0x0C, 0x27, 0x88,
+};
+
+static uint8_t rfc5114_256b_y_Z[] = {
+	0x03, 0x57, 0xDC, 0xCD, 0x4C, 0x80, 0x4D, 0x0D,
+	0x8D, 0x33, 0xAA, 0x42, 0xB8, 0x48, 0x83, 0x4A,
+	0xA5, 0x60, 0x5F, 0x9A, 0xB0, 0xD3, 0x72, 0x39,
+	0xA1, 0x15, 0xBB, 0xB6, 0x47, 0x93, 0x6F, 0x50,
+};
+
+static struct ECDH_test_vector rfc5114_secp256r1 = {
+	.curve_id = RTE_CRYPTO_EC_GROUP_SECP256R1,
+	.curve_bytesize = 32,
+	.alice_d = {
+		.data = rfc5114_256b_dA,
+		.length = sizeof(rfc5114_256b_dA),
+	},
+	.alice_q = {
+		.x = {
+			.data = rfc5114_256b_x_qA,
+			.length = sizeof(rfc5114_256b_x_qA),
+		},
+		.y = {
+			.data = rfc5114_256b_y_qA,
+			.length = sizeof(rfc5114_256b_y_qA),
+		},
+	},
+	.bob_d = {
+		.data = rfc5114_256b_dB,
+		.length = sizeof(rfc5114_256b_dB)
+	},
+	.bob_q = {
+		.x = {
+			.data = rfc5114_256b_x_qB,
+			.length = sizeof(rfc5114_256b_x_qB),
+		},
+		.y = {
+			.data = rfc5114_256b_y_qB,
+			.length = sizeof(rfc5114_256b_y_qB),
+		},
+	},
+	.Z = {
+		.x = {
+			.data = rfc5114_256b_x_Z,
+			.length = sizeof(rfc5114_256b_x_Z),
+		},
+		.y = {
+			.data = rfc5114_256b_y_Z,
+			.length = sizeof(rfc5114_256b_y_Z),
+		}
+	}
+};
+
+#endif
--
2.17.1

RE: [EXT] [dpdk-dev v1 1/2] app/test: add diffie-hellman test cases

[Akhil Goyal]

> From: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
> 
> Added Diffie-Hellman tests. This tests adding possibility
> to check correctness of particular DH phases, which is not
> possible with current tests cases.
> 
> Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
> Signed-off-by: Kai Ji <kai.ji@intel.com>
This series will be deferred for next release as it is sent pretty late for this cycle.

[dpdk-dev v2 0/3] app/test: add asymmetric test cases

[Kai Ji]

This patch add in the new DH, ECDH and ECDSA asymc test cases.

Arkadiusz Kusztal (3):
  app/test: add diffie-hellman test cases
  app/test: add ecdh test cases
  app/test: add ecdsa kat sessionless tests

 app/test/test_cryptodev_asym.c              | 839 ++++++++++++++++++++
 app/test/test_cryptodev_dh_test_vectors.h   | 318 ++++++++
 app/test/test_cryptodev_ecdh_test_vectors.h | 144 ++++
 3 files changed, 1301 insertions(+)
 create mode 100644 app/test/test_cryptodev_ecdh_test_vectors.h

--
2.17.1

[dpdk-dev v2 1/3] app/test: add diffie-hellman test cases

[Kai Ji]

From: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>

Added Diffie-Hellman tests. This tests adding possibility
to check correctness of particular DH phases, which is not
possible with current tests cases.

Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
Signed-off-by: Kai Ji <kai.ji@intel.com>
---
 app/test/test_cryptodev_asym.c            | 264 ++++++++++++++++++
 app/test/test_cryptodev_dh_test_vectors.h | 318 ++++++++++++++++++++++
 2 files changed, 582 insertions(+)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 5b16dcab56..b9034b637a 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -64,6 +64,39 @@ static uint32_t test_index;

 static struct crypto_testsuite_params_asym testsuite_params = { NULL };

+static void
+test_crypto_rand(int len, uint8_t *buffer)
+{
+	int i;
+
+	for (i = 0; i < len; ++i)
+		buffer[i] = (uint8_t)(rand() % ((uint8_t)-1)) | 1;
+}
+
+static int
+process_crypto_request(uint8_t dev_id, struct rte_crypto_op **op,
+				struct rte_crypto_op **result_op)
+{
+	/* Process crypto operation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, op, 1) != 1) {
+		RTE_LOG(ERR, USER1,
+			"line %u FAILED: %s",
+			__LINE__, "Error sending packet for operation");
+		return -1;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, result_op, 1) == 0)
+		rte_pause();
+
+	if (*result_op == NULL) {
+		RTE_LOG(ERR, USER1,
+			"line %u FAILED: %s",
+			__LINE__, "Failed to process asym crypto op");
+		return -1;
+	}
+	return 0;
+}
+
 static int
 queue_ops_rsa_sign_verify(void *sess)
 {
@@ -809,6 +842,8 @@ testsuite_setup(void)
 	test_vector.size = 0;
 	load_test_vectors();

+	srand(time(NULL));
+
 	/* Device, op pool and session configuration for asymmetric crypto. 8< */
 	ts_params->op_mpool = rte_crypto_op_pool_create(
 			"CRYPTO_ASYM_OP_POOL",
@@ -2196,6 +2231,219 @@ test_ecpm_all_curve(void)
 	return overall_status;
 }

+static void *
+dh_alice_bob_set_session(uint8_t dev_id,
+	struct rte_crypto_op *op,
+	const struct test_dh_group *group)
+{
+	struct rte_crypto_asym_xform xform = { };
+	void *sess = NULL;
+	int ret = 0;
+
+	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_DH;
+	xform.dh.g.data = group->g.data;
+	xform.dh.g.length = group->g.bytesize;
+	xform.dh.p.data = group->p.data;
+	xform.dh.p.length = group->p.bytesize;
+	ret = rte_cryptodev_asym_session_create(dev_id, &xform,
+			testsuite_params.session_mpool, &sess);
+	if (ret)
+		return NULL;
+
+	rte_crypto_op_attach_asym_session(op, sess);
+	return sess;
+}
+
+static void
+dh_alice_bob_gen_x(const struct test_dh_group *group,
+	uint8_t *private_data)
+{
+	test_crypto_rand(group->priv_ff_size, private_data);
+	if (private_data[0] > group->p.data[0])
+		private_data[0] = group->p.data[0] - 1;
+}
+
+static int
+dh_alice_bob_gen_y(struct rte_crypto_op *op,
+	const char *name,
+	const uint8_t dev_id,
+	uint8_t *y,
+	uint8_t *x,
+	const int ff_size)
+{
+	struct rte_crypto_op *result_op;
+	int ret = 0;
+
+	op->asym->dh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE;
+	op->asym->dh.pub_key.data = y;
+	op->asym->dh.priv_key.data = x;
+	op->asym->dh.priv_key.length = ff_size;
+
+	ret = process_crypto_request(dev_id, &op, &result_op);
+	TEST_ASSERT_SUCCESS(ret, "Failed to compute public key for %s", name);
+
+	return 0;
+}
+
+static int
+dh_alice_bob_shared_compute(uint8_t dev_id,
+	const char *name,
+	struct rte_crypto_op *op,
+	uint8_t *secret,
+	uint8_t *peer,
+	uint32_t peer_size)
+{
+	struct rte_crypto_op *result_op;
+	int ret = 0;
+
+	op->asym->dh.ke_type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE;
+	op->asym->dh.pub_key.data = peer;
+	op->asym->dh.pub_key.length = peer_size;
+	op->asym->dh.shared_secret.data = secret;
+
+	ret = process_crypto_request(dev_id, &op, &result_op);
+	TEST_ASSERT_SUCCESS(ret,
+		"Failed to compute shared secret for %s",
+		name);
+
+	return 0;
+}
+
+/* Diffie-Hellman test to verify the processed data */
+static int
+dh_alice_bob_verify(struct rte_crypto_op *alice_op,
+	struct rte_crypto_op *bob_op)
+{
+	int ret = 0;
+
+	/* Verify processed data */
+	ret = (alice_op->asym->dh.shared_secret.length ==
+			bob_op->asym->dh.shared_secret.length);
+	if (!ret) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+			"Alice's and Bob's shared secret length do not match.");
+		return TEST_FAILED;
+	}
+	ret = memcmp(alice_op->asym->dh.shared_secret.data,
+		alice_op->asym->dh.shared_secret.data,
+		bob_op->asym->dh.shared_secret.length);
+	if (ret) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+			"Alice's and Bob's shared secret do not match.");
+		return TEST_FAILED;
+	}
+	return TEST_SUCCESS;
+}
+
+static int
+test_dh_alice_and_bob(const void *test_data)
+{
+	uint8_t alice_x[TEST_DH_MOD_LEN] = { };
+	uint8_t alice_y[TEST_DH_MOD_LEN] = { };
+	uint8_t alice_secret[TEST_DH_MOD_LEN] = { };
+	uint8_t bob_x[TEST_DH_MOD_LEN] = { };
+	uint8_t bob_y[TEST_DH_MOD_LEN] = { };
+	uint8_t bob_secret[TEST_DH_MOD_LEN] = { };
+
+	const struct test_dh_group *group = test_data;
+	struct rte_crypto_op *alice_op = NULL;
+	struct rte_crypto_op *bob_op = NULL;
+	void *alice_session = NULL;
+	void *bob_session = NULL;
+
+	int ret = TEST_SUCCESS;
+	uint32_t alice_y_size = 0;
+	uint32_t bob_y_size = 0;
+	uint8_t dev_id = testsuite_params.valid_devs[0];
+
+	alice_op = rte_crypto_op_alloc(testsuite_params.op_mpool,
+			RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (alice_op == NULL) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+			"Cannot allocate alice_op");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+	bob_op = rte_crypto_op_alloc(testsuite_params.op_mpool,
+			RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (bob_op == NULL) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+			"Cannot allocate bob_op");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+
+	alice_session = dh_alice_bob_set_session(dev_id, alice_op,
+		group);
+	if (alice_session == NULL) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+			"Cannot allocate alice_session");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+	bob_session = dh_alice_bob_set_session(dev_id, bob_op,
+		group);
+	if (bob_session == NULL) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+			"Cannot allocate bob_session");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+
+	dh_alice_bob_gen_x(group, alice_x);
+	ret = dh_alice_bob_gen_y(alice_op, "Alice", dev_id,
+		alice_y, alice_x, group->priv_ff_size);
+	if (ret) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+		"Diffie-Hellman error\n");
+		goto error_exit;
+	}
+	alice_y_size = alice_op->asym->dh.pub_key.length;
+	dh_alice_bob_gen_x(group, bob_x);
+	ret = dh_alice_bob_gen_y(bob_op, "Bob", dev_id,
+		bob_y, bob_x, group->priv_ff_size);
+	if (ret) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+		"Diffie-Hellman error\n");
+		goto error_exit;
+	}
+	bob_y_size = bob_op->asym->dh.pub_key.length;
+
+	ret = dh_alice_bob_shared_compute(dev_id, "Alice", alice_op,
+		alice_secret, bob_y, bob_y_size);
+	if (ret) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+		"Diffie-Hellman error, error computing Alice's shared secret");
+		goto error_exit;
+	}
+
+	ret = dh_alice_bob_shared_compute(dev_id, "Bob", bob_op, bob_secret,
+		alice_y, alice_y_size);
+	if (ret) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+		"Diffie-Hellman error, error computing Bob's shared secret");
+		goto error_exit;
+	}
+
+	ret = dh_alice_bob_verify(alice_op, bob_op);
+	if (ret) {
+		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
+		"Diffie-Hellman error");
+		goto error_exit;
+	}
+
+error_exit:
+	if (alice_session)
+		rte_cryptodev_asym_session_free(dev_id, alice_session);
+	if (bob_session)
+		rte_cryptodev_asym_session_free(dev_id, bob_session);
+	if (alice_op)
+		rte_crypto_op_free(alice_op);
+	if (bob_op != NULL)
+		rte_crypto_op_free(bob_op);
+	return ret;
+}
+
 static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
 	.suite_name = "Crypto Device OPENSSL ASYM Unit Test Suite",
 	.setup = testsuite_setup,
@@ -2215,6 +2463,22 @@ static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_inv),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp),
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_one_by_one),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Diffie-Hellman Alice and Bob group 14 ikev2 test",
+			ut_setup_asym, ut_teardown_asym,
+			test_dh_alice_and_bob, &test_dh_ikev2group_14),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Diffie-Hellman Alice and Bob group 15 ikev2 test",
+			ut_setup_asym, ut_teardown_asym,
+			test_dh_alice_and_bob, &test_dh_ikev2group_15),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Diffie-Hellman Alice and Bob group 16 ikev2 test",
+			ut_setup_asym, ut_teardown_asym,
+			test_dh_alice_and_bob, &test_dh_ikev2group_16),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Diffie-Hellman Alice and Bob group 24 ikev2 test",
+			ut_setup_asym, ut_teardown_asym,
+			test_dh_alice_and_bob, &test_dh_ikev2group_24),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_dh_test_vectors.h b/app/test/test_cryptodev_dh_test_vectors.h
index fe7510dcd3..6af677c614 100644
--- a/app/test/test_cryptodev_dh_test_vectors.h
+++ b/app/test/test_cryptodev_dh_test_vectors.h
@@ -10,6 +10,18 @@
 #define TEST_DATA_SIZE 4096
 #define TEST_DH_MOD_LEN 1024

+struct test_dh_group {
+	int id;
+	struct {
+		uint8_t *data;
+		uint32_t bytesize;
+	} g;
+	struct {
+		uint8_t *data;
+		uint32_t bytesize;
+	} p;
+	uint32_t priv_ff_size;
+};

 struct dh_test_param {
 	rte_crypto_param priv_key;
@@ -77,4 +89,310 @@ struct rte_crypto_asym_xform dh_xform = {
 	}
 };

+static uint8_t test_dh_gen_2[] = {
+	0x2,
+};
+
+static uint8_t test_dh_ikev2group14_p[] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+	0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+	0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+	0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+	0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+	0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+	0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+	0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+	0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+	0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+	0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+	0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+	0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+	0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+	0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+	0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+	0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+	0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+	0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+	0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+	0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+	0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+	0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static uint8_t test_dh_ikev2group15_p[] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+	0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+	0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+	0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+	0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+	0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+	0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+	0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+	0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+	0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+	0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+	0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+	0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+	0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+	0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+	0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+	0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+	0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+	0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+	0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+	0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+	0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+	0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+	0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+	0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+	0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+	0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+	0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+	0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+	0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+	0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+	0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+	0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+	0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+	0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+	0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+	0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+	0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+	0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static uint8_t test_dh_ikev2group16_p[] = {
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+	0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+	0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+	0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+	0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+	0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+	0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+	0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+	0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+	0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+	0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+	0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+	0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+	0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+	0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+	0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+	0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+	0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+	0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+	0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+	0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+	0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+	0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+	0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+	0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+	0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+	0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+	0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+	0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+	0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+	0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+	0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+	0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+	0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+	0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+	0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+	0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+	0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+	0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+	0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+	0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+	0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+	0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+	0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+	0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+	0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+	0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+	0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+	0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+	0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+	0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+	0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+	0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+	0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+	0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+	0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+	0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+	0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+	0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+	0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static uint8_t test_dh_ikev2group24_p[] = {
+	0x87, 0xA8, 0xE6, 0x1D, 0xB4, 0xB6, 0x66, 0x3C,
+	0xFF, 0xBB, 0xD1, 0x9C, 0x65, 0x19, 0x59, 0x99,
+	0x8C, 0xEE, 0xF6, 0x08, 0x66, 0x0D, 0xD0, 0xF2,
+	0x5D, 0x2C, 0xEE, 0xD4, 0x43, 0x5E, 0x3B, 0x00,
+	0xE0, 0x0D, 0xF8, 0xF1, 0xD6, 0x19, 0x57, 0xD4,
+	0xFA, 0xF7, 0xDF, 0x45, 0x61, 0xB2, 0xAA, 0x30,
+	0x16, 0xC3, 0xD9, 0x11, 0x34, 0x09, 0x6F, 0xAA,
+	0x3B, 0xF4, 0x29, 0x6D, 0x83, 0x0E, 0x9A, 0x7C,
+	0x20, 0x9E, 0x0C, 0x64, 0x97, 0x51, 0x7A, 0xBD,
+	0x5A, 0x8A, 0x9D, 0x30, 0x6B, 0xCF, 0x67, 0xED,
+	0x91, 0xF9, 0xE6, 0x72, 0x5B, 0x47, 0x58, 0xC0,
+	0x22, 0xE0, 0xB1, 0xEF, 0x42, 0x75, 0xBF, 0x7B,
+	0x6C, 0x5B, 0xFC, 0x11, 0xD4, 0x5F, 0x90, 0x88,
+	0xB9, 0x41, 0xF5, 0x4E, 0xB1, 0xE5, 0x9B, 0xB8,
+	0xBC, 0x39, 0xA0, 0xBF, 0x12, 0x30, 0x7F, 0x5C,
+	0x4F, 0xDB, 0x70, 0xC5, 0x81, 0xB2, 0x3F, 0x76,
+	0xB6, 0x3A, 0xCA, 0xE1, 0xCA, 0xA6, 0xB7, 0x90,
+	0x2D, 0x52, 0x52, 0x67, 0x35, 0x48, 0x8A, 0x0E,
+	0xF1, 0x3C, 0x6D, 0x9A, 0x51, 0xBF, 0xA4, 0xAB,
+	0x3A, 0xD8, 0x34, 0x77, 0x96, 0x52, 0x4D, 0x8E,
+	0xF6, 0xA1, 0x67, 0xB5, 0xA4, 0x18, 0x25, 0xD9,
+	0x67, 0xE1, 0x44, 0xE5, 0x14, 0x05, 0x64, 0x25,
+	0x1C, 0xCA, 0xCB, 0x83, 0xE6, 0xB4, 0x86, 0xF6,
+	0xB3, 0xCA, 0x3F, 0x79, 0x71, 0x50, 0x60, 0x26,
+	0xC0, 0xB8, 0x57, 0xF6, 0x89, 0x96, 0x28, 0x56,
+	0xDE, 0xD4, 0x01, 0x0A, 0xBD, 0x0B, 0xE6, 0x21,
+	0xC3, 0xA3, 0x96, 0x0A, 0x54, 0xE7, 0x10, 0xC3,
+	0x75, 0xF2, 0x63, 0x75, 0xD7, 0x01, 0x41, 0x03,
+	0xA4, 0xB5, 0x43, 0x30, 0xC1, 0x98, 0xAF, 0x12,
+	0x61, 0x16, 0xD2, 0x27, 0x6E, 0x11, 0x71, 0x5F,
+	0x69, 0x38, 0x77, 0xFA, 0xD7, 0xEF, 0x09, 0xCA,
+	0xDB, 0x09, 0x4A, 0xE9, 0x1E, 0x1A, 0x15, 0x97,
+};
+
+
+static uint8_t test_dh_ikev2group24_g[] = {
+	0x3F, 0xB3, 0x2C, 0x9B, 0x73, 0x13, 0x4D, 0x0B,
+	0x2E, 0x77, 0x50, 0x66, 0x60, 0xED, 0xBD, 0x48,
+	0x4C, 0xA7, 0xB1, 0x8F, 0x21, 0xEF, 0x20, 0x54,
+	0x07, 0xF4, 0x79, 0x3A, 0x1A, 0x0B, 0xA1, 0x25,
+	0x10, 0xDB, 0xC1, 0x50, 0x77, 0xBE, 0x46, 0x3F,
+	0xFF, 0x4F, 0xED, 0x4A, 0xAC, 0x0B, 0xB5, 0x55,
+	0xBE, 0x3A, 0x6C, 0x1B, 0x0C, 0x6B, 0x47, 0xB1,
+	0xBC, 0x37, 0x73, 0xBF, 0x7E, 0x8C, 0x6F, 0x62,
+	0x90, 0x12, 0x28, 0xF8, 0xC2, 0x8C, 0xBB, 0x18,
+	0xA5, 0x5A, 0xE3, 0x13, 0x41, 0x00, 0x0A, 0x65,
+	0x01, 0x96, 0xF9, 0x31, 0xC7, 0x7A, 0x57, 0xF2,
+	0xDD, 0xF4, 0x63, 0xE5, 0xE9, 0xEC, 0x14, 0x4B,
+	0x77, 0x7D, 0xE6, 0x2A, 0xAA, 0xB8, 0xA8, 0x62,
+	0x8A, 0xC3, 0x76, 0xD2, 0x82, 0xD6, 0xED, 0x38,
+	0x64, 0xE6, 0x79, 0x82, 0x42, 0x8E, 0xBC, 0x83,
+	0x1D, 0x14, 0x34, 0x8F, 0x6F, 0x2F, 0x91, 0x93,
+	0xB5, 0x04, 0x5A, 0xF2, 0x76, 0x71, 0x64, 0xE1,
+	0xDF, 0xC9, 0x67, 0xC1, 0xFB, 0x3F, 0x2E, 0x55,
+	0xA4, 0xBD, 0x1B, 0xFF, 0xE8, 0x3B, 0x9C, 0x80,
+	0xD0, 0x52, 0xB9, 0x85, 0xD1, 0x82, 0xEA, 0x0A,
+	0xDB, 0x2A, 0x3B, 0x73, 0x13, 0xD3, 0xFE, 0x14,
+	0xC8, 0x48, 0x4B, 0x1E, 0x05, 0x25, 0x88, 0xB9,
+	0xB7, 0xD2, 0xBB, 0xD2, 0xDF, 0x01, 0x61, 0x99,
+	0xEC, 0xD0, 0x6E, 0x15, 0x57, 0xCD, 0x09, 0x15,
+	0xB3, 0x35, 0x3B, 0xBB, 0x64, 0xE0, 0xEC, 0x37,
+	0x7F, 0xD0, 0x28, 0x37, 0x0D, 0xF9, 0x2B, 0x52,
+	0xC7, 0x89, 0x14, 0x28, 0xCD, 0xC6, 0x7E, 0xB6,
+	0x18, 0x4B, 0x52, 0x3D, 0x1D, 0xB2, 0x46, 0xC3,
+	0x2F, 0x63, 0x07, 0x84, 0x90, 0xF0, 0x0E, 0xF8,
+	0xD6, 0x47, 0xD1, 0x48, 0xD4, 0x79, 0x54, 0x51,
+	0x5E, 0x23, 0x27, 0xCF, 0xEF, 0x98, 0xC5, 0x82,
+	0x66, 0x4B, 0x4C, 0x0F, 0x6C, 0xC4, 0x16, 0x59,
+};
+
+static const struct test_dh_group test_dh_ikev2group_14 = {
+	.id = 0,
+	/*
+	 * Officially 14, ikev2
+	 */
+	.g = {
+		.data = test_dh_gen_2,
+		.bytesize = sizeof(test_dh_gen_2),
+	},
+	.p = {
+		.data = test_dh_ikev2group14_p,
+		.bytesize = sizeof(test_dh_ikev2group14_p),
+	},
+	.priv_ff_size = 256,
+};
+
+static const struct test_dh_group test_dh_ikev2group_15 = {
+	.id = 0,
+	/*
+	 * Officially 15, ikev2
+	 */
+	.g = {
+		.data = test_dh_gen_2,
+		.bytesize = sizeof(test_dh_gen_2),
+	},
+	.p = {
+		.data = test_dh_ikev2group15_p,
+		.bytesize = sizeof(test_dh_ikev2group15_p),
+	},
+	.priv_ff_size = 384,
+};
+
+static const struct test_dh_group test_dh_ikev2group_16 = {
+	.id = 0,
+	/*
+	 * Officially 16, ikev2
+	 */
+	.g = {
+		.data = test_dh_gen_2,
+		.bytesize = sizeof(test_dh_gen_2),
+	},
+	.p = {
+		.data = test_dh_ikev2group16_p,
+		.bytesize = sizeof(test_dh_ikev2group16_p),
+	},
+	.priv_ff_size = 512,
+};
+
+static const struct test_dh_group test_dh_ikev2group_24 = {
+	.id = 0,
+	/*
+	 * Officially 24, ikev2
+	 */
+	.g = {
+		.data = test_dh_ikev2group24_g,
+		.bytesize = sizeof(test_dh_ikev2group24_g),
+	},
+	.p = {
+		.data = test_dh_ikev2group24_p,
+		.bytesize = sizeof(test_dh_ikev2group24_p),
+	},
+	.priv_ff_size = 32,
+};
+
+static const struct test_dh_group test_ecdh_secp256r1 = {
+	.id = RTE_CRYPTO_EC_GROUP_SECP256R1,
+	.priv_ff_size = 32,
+};
+static const struct test_dh_group test_ecdh_secp384r1 = {
+	.id = RTE_CRYPTO_EC_GROUP_SECP384R1,
+	.priv_ff_size = 48,
+};
+static const struct test_dh_group test_ecdh_secp521r1 = {
+	.id = RTE_CRYPTO_EC_GROUP_SECP521R1,
+	.priv_ff_size = 64,
+};
+
+
 #endif /* TEST_CRYPTODEV_DH_TEST_VECTORS_H__ */
--
2.17.1

[dpdk-dev v2 2/3] app/test: add ecdh test cases

[Kai Ji]

From: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>

Added Elliptic-Curve Diffie Hellman test cases.

Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
Signed-off-by: Kai Ji <kai.ji@intel.com>
---
 app/test/test_cryptodev_asym.c              | 366 ++++++++++++++++++++
 app/test/test_cryptodev_ecdh_test_vectors.h | 144 ++++++++
 2 files changed, 510 insertions(+)
 create mode 100644 app/test/test_cryptodev_ecdh_test_vectors.h

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index b9034b637a..fd5c5788b2 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -19,6 +19,7 @@
 #include "test_cryptodev_dsa_test_vectors.h"
 #include "test_cryptodev_ecdsa_test_vectors.h"
 #include "test_cryptodev_ecpm_test_vectors.h"
+#include "test_cryptodev_ecdh_test_vectors.h"
 #include "test_cryptodev_mod_test_vectors.h"
 #include "test_cryptodev_rsa_test_vectors.h"
 #include "test_cryptodev_asym_util.h"
@@ -2231,6 +2232,367 @@ test_ecpm_all_curve(void)
 	return overall_status;
 }

+static int
+test_ecdh(const void *input_vector)
+{
+	const struct ECDH_test_vector *test_vector = input_vector;
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_crypto_asym_xform xform = {
+		.next = NULL,
+		.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDH,
+		.ec.curve_id = test_vector->curve_id
+	};
+	const uint8_t dev_id = ts_params->valid_devs[0];
+	uint8_t alice_x[test_vector->curve_bytesize],
+		alice_y[test_vector->curve_bytesize];
+	uint8_t bob_x[test_vector->curve_bytesize],
+		bob_y[test_vector->curve_bytesize];
+	uint8_t alice_xZ[test_vector->curve_bytesize],
+		alice_yZ[test_vector->curve_bytesize];
+	uint8_t bob_xZ[test_vector->curve_bytesize],
+		bob_yZ[test_vector->curve_bytesize];
+	struct rte_crypto_op *alice_op = NULL, *bob_op = NULL;
+
+	alice_op = rte_crypto_op_alloc(op_mpool,
+		RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (alice_op == NULL) {
+		RTE_LOG(ERR, USER1, "Error when allocationg alice_op\n");
+		goto error;
+	}
+	bob_op = rte_crypto_op_alloc(op_mpool,
+		RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (bob_op == NULL) {
+		RTE_LOG(ERR, USER1, "Error when allocationg bob_op\n");
+		goto error;
+	}
+
+	/*
+	 * STEP 1a:
+	 * Generate Alice public key
+	 */
+
+	alice_op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
+	alice_op->asym->xform = &xform;
+	alice_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE;
+	alice_op->asym->ecdh.priv_key = test_vector->alice_d;
+	alice_op->asym->ecdh.pub_key.x.data = alice_x;
+	alice_op->asym->ecdh.pub_key.y.data = alice_y;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &alice_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		goto error;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &alice_op, 1) == 0)
+		rte_pause();
+
+	if (alice_op->asym->ecdh.pub_key.x.length !=
+			test_vector->alice_q.x.length) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice public key length (X coeff)\n");
+		RTE_LOG(ERR, USER1,
+			"Received length = %d Expected length = %d\n",
+			(unsigned int)test_vector->alice_q.x.length,
+			(unsigned int)alice_op->asym->ecdh.pub_key.x.length
+		);
+		goto error;
+	}
+	if (alice_op->asym->ecdh.pub_key.y.length !=
+			test_vector->alice_q.y.length) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice public key length (Y coeff)\n");
+		RTE_LOG(ERR, USER1,
+			"Received length = %d Expected length = %d\n",
+			(unsigned int)test_vector->alice_q.y.length,
+			(unsigned int)alice_op->asym->ecdh.pub_key.y.length
+		);
+		goto error;
+	}
+	if (memcmp(alice_op->asym->ecdh.pub_key.x.data,
+			test_vector->alice_q.x.data,
+			test_vector->alice_q.x.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice public key X\n");
+		debug_hexdump(stdout, "Generated PublicKey x (Alice):",
+			alice_op->asym->ecdh.pub_key.x.data,
+			alice_op->asym->ecdh.pub_key.x.length);
+		goto error;
+	}
+	if (memcmp(alice_op->asym->ecdh.pub_key.y.data,
+			test_vector->alice_q.y.data,
+			test_vector->alice_q.y.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice public key Y\n");
+		debug_hexdump(stdout, "Generated PublicKey y (Alice):",
+				alice_op->asym->ecdh.pub_key.y.data,
+				alice_op->asym->ecdh.pub_key.y.length);
+		goto error;
+	}
+
+
+	/*
+	 * STEP 1b:
+	 * Generate Bob public key
+	 */
+
+	bob_op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
+	bob_op->asym->xform = &xform;
+	bob_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE;
+	bob_op->asym->ecdh.priv_key = test_vector->bob_d;
+	bob_op->asym->ecdh.pub_key.x.data = bob_x;
+	bob_op->asym->ecdh.pub_key.y.data = bob_y;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &bob_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		goto error;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &bob_op, 1) == 0)
+		rte_pause();
+
+	if (bob_op->asym->ecdh.pub_key.x.length !=
+			test_vector->bob_q.x.length) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's public key length (X coeff)\n");
+		RTE_LOG(ERR, USER1,
+			"Received length = %d Expected length = %d\n",
+			(unsigned int)test_vector->bob_q.x.length,
+			(unsigned int)bob_op->asym->ecdh.pub_key.x.length
+		);
+		goto error;
+	}
+	if (bob_op->asym->ecdh.pub_key.y.length !=
+			test_vector->bob_q.y.length) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's public key length (Y coeff)\n");
+		RTE_LOG(ERR, USER1,
+			"Received length = %d Expected length = %d\n",
+			(unsigned int)test_vector->bob_q.y.length,
+			(unsigned int)bob_op->asym->ecdh.pub_key.y.length
+		);
+		goto error;
+	}
+	if (memcmp(bob_op->asym->ecdh.pub_key.x.data,
+			test_vector->bob_q.x.data,
+			test_vector->bob_q.x.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's public key X\n");
+		debug_hexdump(stdout,
+			"Generated PublicKey x (bob):",
+			bob_op->asym->ecdh.pub_key.x.data,
+			bob_op->asym->ecdh.pub_key.x.length
+		);
+		goto error;
+	}
+	if (memcmp(bob_op->asym->ecdh.pub_key.y.data,
+			test_vector->bob_q.y.data,
+			test_vector->bob_q.y.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's public key Y\n");
+		debug_hexdump(stdout,
+			"Generated PublicKey y (bob):",
+			bob_op->asym->ecdh.pub_key.y.data,
+			bob_op->asym->ecdh.pub_key.y.length
+		);
+		goto error;
+	}
+
+	/*
+	 * STEP 1.5a:
+	 * Alice verifies Bob's public key, reusing op, other parameters
+	 * then already set, only what Alice needs to do is to set public
+	 * key of Bob and change key exchange type to VERIFY.
+	 */
+
+	alice_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY;
+	alice_op->asym->ecdh.pub_key.x.data = bob_x;
+	alice_op->asym->ecdh.pub_key.x.length =
+		bob_op->asym->ecdh.pub_key.x.length;
+	alice_op->asym->ecdh.pub_key.y.data = bob_y;
+	alice_op->asym->ecdh.pub_key.y.length =
+		bob_op->asym->ecdh.pub_key.y.length;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &alice_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		goto error;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &alice_op, 1) == 0)
+		rte_pause();
+
+	if (alice_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+			"line %u FAILED: %s", __LINE__,
+			"Failed to verify Bob's public key, it does not belongs to curve points\n"
+		);
+		return TEST_FAILED;
+	}
+
+	/*
+	 * STEP 1.5b:
+	 * Bob verifies Alice's public key, reusing op, other parameters
+	 * then already set, only what Bob needs to do is to set public
+	 * key of Alice and change key exchange type to VERIFY.
+	 */
+
+	bob_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY;
+	bob_op->asym->ecdh.pub_key.x.data = alice_x;
+	bob_op->asym->ecdh.pub_key.x.length =
+		alice_op->asym->ecdh.pub_key.x.length;
+	bob_op->asym->ecdh.pub_key.y.data = alice_y;
+	bob_op->asym->ecdh.pub_key.y.length =
+		alice_op->asym->ecdh.pub_key.y.length;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &bob_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		goto error;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &bob_op, 1) == 0)
+		rte_pause();
+
+	if (bob_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+			"line %u FAILED: %s", __LINE__,
+			"Failed to verify Alice's public key it does not belongs to curve points\n"
+		);
+		goto error;
+	}
+
+	/*
+	 * STEP 2a:
+	 * Alice generates shared secret Z, since Bob's public key was already
+	 * set when doing verification only key exchange type need to be changed,
+	 * and setting place where Z will be copied by the PMD.
+	 */
+
+	alice_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE;
+	alice_op->asym->ecdh.shared_secret.x.data = alice_xZ;
+	alice_op->asym->ecdh.shared_secret.y.data = alice_yZ;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &alice_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		goto error;
+	}
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &alice_op, 1) == 0)
+		rte_pause();
+
+	if (alice_op->asym->ecdh.shared_secret.x.length !=
+			test_vector->Z.x.length) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice's shared secret length X\n");
+		RTE_LOG(ERR, USER1,
+			"Received = %d Expected = %d\n",
+			(unsigned int)alice_op->asym->ecdh.shared_secret.x.length,
+			(unsigned int)test_vector->Z.x.length
+		);
+		goto error;
+	}
+	if (alice_op->asym->ecdh.shared_secret.y.length != test_vector->Z.y.length) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice's shared secret length Y\n");
+		RTE_LOG(ERR, USER1,
+			"Received = %d Expected = %d\n",
+			(unsigned int)alice_op->asym->ecdh.shared_secret.y.length,
+			(unsigned int)test_vector->Z.y.length
+		);
+		goto error;
+	}
+
+	if (memcmp(alice_op->asym->ecdh.shared_secret.x.data,
+			test_vector->Z.x.data,
+			test_vector->Z.x.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice's shared secret X\n");
+		debug_hexdump(stdout,
+			"Generated SharedSecret x (Alice):",
+			alice_op->asym->ecdh.shared_secret.x.data,
+			alice_op->asym->ecdh.shared_secret.x.length
+		);
+		goto error;
+	}
+	if (memcmp(alice_op->asym->ecdh.shared_secret.y.data,
+			test_vector->Z.y.data,
+			test_vector->Z.y.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Alice's shared secret Y\n");
+		debug_hexdump(stdout,
+			"Generated SharedSecret y (Alice):",
+			alice_op->asym->ecdh.shared_secret.y.data,
+			alice_op->asym->ecdh.shared_secret.y.length
+		);
+		goto error;
+	}
+
+	/*
+	 * STEP 2b:
+	 * Bob generates shared secret Z, since Alice's public key was already
+	 * set when doing verification only, key exchange type needs to be
+	 * changed, and setting place where Z will be copied by the PMD.
+	 */
+
+	bob_op->asym->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE;
+	bob_op->asym->ecdh.shared_secret.x.data = bob_xZ;
+	bob_op->asym->ecdh.shared_secret.y.data = bob_yZ;
+
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &bob_op, 1) != 1) {
+		RTE_LOG(ERR, USER1, "Error sending packet for sign\n");
+		goto error;
+	}
+
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &bob_op, 1) == 0)
+		rte_pause();
+
+	if (bob_op->asym->ecdh.shared_secret.x.length != test_vector->Z.x.length) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's shared secret length X\n");
+		RTE_LOG(ERR, USER1,
+			"Received = %d Expected = %d\n",
+			(unsigned int)bob_op->asym->ecdh.shared_secret.x.length,
+			(unsigned int)test_vector->Z.x.length
+		);
+		goto error;
+	}
+	if (bob_op->asym->ecdh.shared_secret.y.length != test_vector->Z.y.length) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's shared secret length Y\n");
+		RTE_LOG(ERR, USER1,
+			"Received = %d Expected = %d\n",
+			(unsigned int)bob_op->asym->ecdh.shared_secret.y.length,
+			(unsigned int)test_vector->Z.y.length
+		);
+		goto error;
+	}
+
+	if (memcmp(bob_op->asym->ecdh.shared_secret.x.data,
+			test_vector->Z.x.data,
+			test_vector->Z.x.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's shared secret X\n");
+		debug_hexdump(stdout,
+			"Generated SharedSecret x (Bob):",
+			bob_op->asym->ecdh.shared_secret.x.data,
+			bob_op->asym->ecdh.shared_secret.x.length
+		);
+		goto error;
+	}
+	if (memcmp(bob_op->asym->ecdh.shared_secret.y.data,
+			test_vector->Z.y.data,
+			test_vector->Z.y.length)
+	) {
+		RTE_LOG(ERR, USER1, "Incorrect Bob's shared secret Y\n");
+		debug_hexdump(stdout,
+			"Generated SharedSecret y (Bob):",
+			bob_op->asym->ecdh.shared_secret.y.data,
+			bob_op->asym->ecdh.shared_secret.y.length
+		);
+		goto error;
+	}
+
+	/* Both shared secret where correctly verified -> Test passed */
+
+	rte_crypto_op_free(alice_op);
+	rte_crypto_op_free(bob_op);
+	return TEST_SUCCESS;
+error:
+	rte_crypto_op_free(alice_op);
+	rte_crypto_op_free(bob_op);
+	return TEST_FAILED;
+}
+
 static void *
 dh_alice_bob_set_session(uint8_t dev_id,
 	struct rte_crypto_op *op,
@@ -2489,6 +2851,10 @@ static struct unit_test_suite cryptodev_qat_asym_testsuite  = {
 	.teardown = testsuite_teardown,
 	.unit_test_cases = {
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_one_by_one),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDH secp256r1, RFC 5114 256",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdh, &rfc5114_secp256r1),
 		TEST_CASES_END() /**< NULL terminate unit test array */
 	}
 };
diff --git a/app/test/test_cryptodev_ecdh_test_vectors.h b/app/test/test_cryptodev_ecdh_test_vectors.h
new file mode 100644
index 0000000000..c8151302ed
--- /dev/null
+++ b/app/test/test_cryptodev_ecdh_test_vectors.h
@@ -0,0 +1,144 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (C) 2022 Intel Corporation
+ */
+
+#ifndef __TEST_CRYPTODEV_ECDH_VECTORS_H__
+#define __TEST_CRYPTODEV_ECDH_VECTORS_H__
+
+#include "rte_crypto_asym.h"
+
+/*
+ * Elliptic Curve Diffie-Hellman test vector struct
+ * Peers are named Alice and Bob
+ * q - is a public key
+ * d - is a private key
+ * Z - is a shared secret
+ */
+
+struct ECDH_test_vector {
+	enum rte_crypto_curve_id curve_id;
+	int curve_bytesize;
+	rte_crypto_uint alice_d;
+	rte_crypto_uint bob_d;
+	struct rte_crypto_ec_point alice_q;
+	struct rte_crypto_ec_point bob_q;
+	struct rte_crypto_ec_point Z;
+};
+
+/*
+ * Elliptic Curve Diffie-Hellman test
+ * It consist of three phases:
+ * - Generation of public key based on private key
+ * - Verification of peer's public key
+ * - Generation of shared secret
+ * Peers in tests are named Alice and Bob
+ */
+
+/* RFC 5114 256-bit Random ECP Group Data */
+
+/*
+ * Alice's parameters
+ */
+static uint8_t rfc5114_256b_dA[] = {
+	0x81, 0x42, 0x64, 0x14, 0x5F, 0x2F, 0x56, 0xF2,
+	0xE9, 0x6A, 0x8E, 0x33, 0x7A, 0x12, 0x84, 0x99,
+	0x3F, 0xAF, 0x43, 0x2A, 0x5A, 0xBC, 0xE5, 0x9E,
+	0x86, 0x7B, 0x72, 0x91, 0xD5, 0x07, 0xA3, 0xAF,
+};
+
+static uint8_t rfc5114_256b_x_qA[] = {
+	0x2A, 0xF5, 0x02, 0xF3, 0xBE, 0x89, 0x52, 0xF2,
+	0xC9, 0xB5, 0xA8, 0xD4, 0x16, 0x0D, 0x09, 0xE9,
+	0x71, 0x65, 0xBE, 0x50, 0xBC, 0x42, 0xAE, 0x4A,
+	0x5E, 0x8D, 0x3B, 0x4B, 0xA8, 0x3A, 0xEB, 0x15,
+};
+
+static uint8_t rfc5114_256b_y_qA[] = {
+	0xEB, 0x0F, 0xAF, 0x4C, 0xA9, 0x86, 0xC4, 0xD3,
+	0x86, 0x81, 0xA0, 0xF9, 0x87, 0x2D, 0x79, 0xD5,
+	0x67, 0x95, 0xBD, 0x4B, 0xFF, 0x6E, 0x6D, 0xE3,
+	0xC0, 0xF5, 0x01, 0x5E, 0xCE, 0x5E, 0xFD, 0x85,
+};
+
+/*
+ * Bob's parameters
+ */
+static uint8_t rfc5114_256b_dB[] = {
+	0x2C, 0xE1, 0x78, 0x8E, 0xC1, 0x97, 0xE0, 0x96,
+	0xDB, 0x95, 0xA2, 0x00, 0xCC, 0x0A, 0xB2, 0x6A,
+	0x19, 0xCE, 0x6B, 0xCC, 0xAD, 0x56, 0x2B, 0x8E,
+	0xEE, 0x1B, 0x59, 0x37, 0x61, 0xCF, 0x7F, 0x41,
+};
+
+static uint8_t rfc5114_256b_x_qB[] = {
+	0xB1, 0x20, 0xDE, 0x4A, 0xA3, 0x64, 0x92, 0x79,
+	0x53, 0x46, 0xE8, 0xDE, 0x6C, 0x2C, 0x86, 0x46,
+	0xAE, 0x06, 0xAA, 0xEA, 0x27, 0x9F, 0xA7, 0x75,
+	0xB3, 0xAB, 0x07, 0x15, 0xF6, 0xCE, 0x51, 0xB0,
+};
+
+static uint8_t rfc5114_256b_y_qB[] = {
+	0x9F, 0x1B, 0x7E, 0xEC, 0xE2, 0x0D, 0x7B, 0x5E,
+	0xD8, 0xEC, 0x68, 0x5F, 0xA3, 0xF0, 0x71, 0xD8,
+	0x37, 0x27, 0x02, 0x70, 0x92, 0xA8, 0x41, 0x13,
+	0x85, 0xC3, 0x4D, 0xDE, 0x57, 0x08, 0xB2, 0xB6,
+};
+
+static uint8_t rfc5114_256b_x_Z[] = {
+	0xDD, 0x0F, 0x53, 0x96, 0x21, 0x9D, 0x1E, 0xA3,
+	0x93, 0x31, 0x04, 0x12, 0xD1, 0x9A, 0x08, 0xF1,
+	0xF5, 0x81, 0x1E, 0x9D, 0xC8, 0xEC, 0x8E, 0xEA,
+	0x7F, 0x80, 0xD2, 0x1C, 0x82, 0x0C, 0x27, 0x88,
+};
+
+static uint8_t rfc5114_256b_y_Z[] = {
+	0x03, 0x57, 0xDC, 0xCD, 0x4C, 0x80, 0x4D, 0x0D,
+	0x8D, 0x33, 0xAA, 0x42, 0xB8, 0x48, 0x83, 0x4A,
+	0xA5, 0x60, 0x5F, 0x9A, 0xB0, 0xD3, 0x72, 0x39,
+	0xA1, 0x15, 0xBB, 0xB6, 0x47, 0x93, 0x6F, 0x50,
+};
+
+static struct ECDH_test_vector rfc5114_secp256r1 = {
+	.curve_id = RTE_CRYPTO_EC_GROUP_SECP256R1,
+	.curve_bytesize = 32,
+	.alice_d = {
+		.data = rfc5114_256b_dA,
+		.length = sizeof(rfc5114_256b_dA),
+	},
+	.alice_q = {
+		.x = {
+			.data = rfc5114_256b_x_qA,
+			.length = sizeof(rfc5114_256b_x_qA),
+		},
+		.y = {
+			.data = rfc5114_256b_y_qA,
+			.length = sizeof(rfc5114_256b_y_qA),
+		},
+	},
+	.bob_d = {
+		.data = rfc5114_256b_dB,
+		.length = sizeof(rfc5114_256b_dB)
+	},
+	.bob_q = {
+		.x = {
+			.data = rfc5114_256b_x_qB,
+			.length = sizeof(rfc5114_256b_x_qB),
+		},
+		.y = {
+			.data = rfc5114_256b_y_qB,
+			.length = sizeof(rfc5114_256b_y_qB),
+		},
+	},
+	.Z = {
+		.x = {
+			.data = rfc5114_256b_x_Z,
+			.length = sizeof(rfc5114_256b_x_Z),
+		},
+		.y = {
+			.data = rfc5114_256b_y_Z,
+			.length = sizeof(rfc5114_256b_y_Z),
+		}
+	}
+};
+
+#endif
--
2.17.1

[dpdk-dev v2 3/3] app/test: add ecdsa kat sessionless tests

[Kai Ji]

From: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>

Added sessionless ECDSA known answer test cases to
QAT asym crypto testsuite.

Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
Signed-off-by: Kai Ji <kai.ji@intel.com>
---
 app/test/test_cryptodev_asym.c | 209 +++++++++++++++++++++++++++++++++
 1 file changed, 209 insertions(+)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index fd5c5788b2..cc603ae805 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -2232,6 +2232,191 @@ test_ecpm_all_curve(void)
 	return overall_status;
 }

+/*
+ * ECDSA Signature generation function
+ */
+static int
+test_ecdsa_sign(const void *input_vector)
+{
+	const struct crypto_testsuite_ecdsa_params *test_vector = input_vector;
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_crypto_op *op;
+	struct rte_crypto_op *result_op = NULL;
+	struct rte_crypto_asym_xform xform = {
+		.next = NULL,
+		.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
+		.ec.curve_id = test_vector->curve
+	};
+	uint8_t R[test_vector->sign_r.length];
+	uint8_t S[test_vector->sign_s.length];
+	const uint8_t dev_id = ts_params->valid_devs[0];
+	int ret = TEST_SUCCESS;
+
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to allocate asymmetric crypto "
+				"operation struct\n");
+		return TEST_FAILED;
+	}
+	/*
+	 * Set input data
+	 * - Sessionless operation, no session will be created. User is responsible
+	 * for taking care of xform lifetime -> in case of ECDSA no keys are stored
+	 * in xform so it is not security crucial to clear data, although it is
+	 * recommended to clear xform anyway.
+	 * - Generation of signature pair R, S.
+	 * - Message is a digest of message to be signed.
+	 * - k is a random integer in interval (1, n - 1)
+	 * - pkey is a private key
+	 */
+	op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
+	op->asym->xform = &xform;
+	op->asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
+	op->asym->ecdsa.message.data = test_vector->digest.data;
+	op->asym->ecdsa.message.length = test_vector->digest.length;
+	op->asym->ecdsa.k.data = test_vector->scalar.data;
+	op->asym->ecdsa.k.length = test_vector->scalar.length;
+	op->asym->ecdsa.pkey.data = test_vector->pkey.data;
+	op->asym->ecdsa.pkey.length = test_vector->pkey.length;
+
+	/*
+	 * Set output data
+	 * Signature pair R, S. Positive integers.
+	 */
+	op->asym->ecdsa.r.data = R;
+	op->asym->ecdsa.s.data = S;
+
+	/* Sending packet for signature generation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Error sending packet for operation\n");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+	/* Waiting for packet to be dequeued */
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"ECDSA generation failed.\n");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+
+	/* Generated signature R, S */
+	debug_hexdump(stdout, "R:", result_op->asym->ecdsa.r.data,
+			result_op->asym->ecdsa.r.length);
+	debug_hexdump(stdout, "S:", result_op->asym->ecdsa.s.data,
+			result_op->asym->ecdsa.s.length);
+
+error_exit:
+	rte_crypto_op_free(op);
+	return ret;
+}
+
+/*
+ * ECDSA Signature verification function
+ */
+static int
+test_ecdsa_verify(const void *input_vector)
+{
+	const struct crypto_testsuite_ecdsa_params *test_vector = input_vector;
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_crypto_op *op;
+	struct rte_crypto_op *result_op = NULL;
+	struct rte_crypto_asym_xform xform = {
+		.next = NULL,
+		.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
+		.ec.curve_id = test_vector->curve
+	};
+	const uint8_t dev_id = ts_params->valid_devs[0];
+	int ret = TEST_SUCCESS;
+
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to allocate asymmetric crypto "
+				"operation struct\n");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+	/*
+	 * Set input data
+	 * - Sessionless operation, no session will be created. User is responsible
+	 * for taking care of xform lifetime -> in case of ECDSA no keys are stored
+	 * in xform so it is not security crucial to clear data, although it is
+	 * recommended to clear xform anyway.
+	 * - Verification of signature pair R, S.
+	 * - Message is a digest of message that was signed.
+	 * - q is a public key
+	 */
+	op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
+	op->asym->xform = &xform;
+	op->asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+	op->asym->ecdsa.message.data = test_vector->digest.data;
+	op->asym->ecdsa.message.length = test_vector->digest.length;
+	op->asym->ecdsa.q.x.data = test_vector->pubkey_qx.data;
+	op->asym->ecdsa.q.x.length = test_vector->pubkey_qx.length;
+	op->asym->ecdsa.q.y.data = test_vector->pubkey_qy.data;
+	op->asym->ecdsa.q.y.length = test_vector->pubkey_qx.length;
+	op->asym->ecdsa.r.data =  test_vector->sign_r.data;
+	op->asym->ecdsa.r.length =  test_vector->sign_r.length;
+	op->asym->ecdsa.s.data =  test_vector->sign_s.data;
+	op->asym->ecdsa.s.length =  test_vector->sign_s.length;
+
+	/* Sending packet for signature generation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Error sending packet for operation\n");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+	/* Waiting for packet to be dequeued */
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+
+	/*
+	 * If result_op->status equals RTE_CRYPTO_OP_STATUS_SUCCESS
+	 * signature was verified correctly
+	 */
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"ECDSA verify failed.\n");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+
+error_exit:
+	rte_crypto_op_free(op);
+	return ret;
+}
+
 static int
 test_ecdh(const void *input_vector)
 {
@@ -2851,6 +3036,30 @@ static struct unit_test_suite cryptodev_qat_asym_testsuite  = {
 	.teardown = testsuite_teardown,
 	.unit_test_cases = {
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_one_by_one),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp256r1 signature generation",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_sign, &ecdsa_param_secp256r1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp256r1 signature verification",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_verify, &ecdsa_param_secp256r1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp384r1 signature generation",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_sign, &ecdsa_param_secp384r1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp384r1 signature verification",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_verify, &ecdsa_param_secp384r1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp521r1 signature generation",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_sign, &ecdsa_param_secp521r1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp521r1 signature verification",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_verify, &ecdsa_param_secp521r1),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Test - ECDH secp256r1, RFC 5114 256",
 			ut_setup_asym, ut_teardown_asym,
--
2.17.1

RE: [EXT] [dpdk-dev v2 1/3] app/test: add diffie-hellman test cases

[Gowrishankar Muthukrishnan]

> diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
> index 5b16dcab56..b9034b637a 100644
> --- a/app/test/test_cryptodev_asym.c
> +++ b/app/test/test_cryptodev_asym.c
> @@ -64,6 +64,39 @@ static uint32_t test_index;
> 
>  static struct crypto_testsuite_params_asym testsuite_params = { NULL };
> 
> +static void
> +test_crypto_rand(int len, uint8_t *buffer) {
Just a minor suggestion on params order here (below), for ease in readability.
test_crypto_rand(uint8_t *buffer, int len)

> +	int i;
> +
> +	for (i = 0; i < len; ++i)
> +		buffer[i] = (uint8_t)(rand() % ((uint8_t)-1)) | 1; }
rand() % UINT8_MAX easier ?
Also } in next line.

> +
> +static int
> +process_crypto_request(uint8_t dev_id, struct rte_crypto_op **op,
> +				struct rte_crypto_op **result_op)
> +{
> +	/* Process crypto operation */
> +	if (rte_cryptodev_enqueue_burst(dev_id, 0, op, 1) != 1) {
> +		RTE_LOG(ERR, USER1,
> +			"line %u FAILED: %s",
> +			__LINE__, "Error sending packet for operation");
> +		return -1;
> +	}
> +
> +	while (rte_cryptodev_dequeue_burst(dev_id, 0, result_op, 1) == 0)
> +		rte_pause();
> +
> +	if (*result_op == NULL) {
> +		RTE_LOG(ERR, USER1,
> +			"line %u FAILED: %s",
> +			__LINE__, "Failed to process asym crypto op");
> +		return -1;
> +	}
> +	return 0;
> +}
> +
>  static int
>  queue_ops_rsa_sign_verify(void *sess)
>  {
> @@ -809,6 +842,8 @@ testsuite_setup(void)
>  	test_vector.size = 0;
>  	load_test_vectors();
> 
> +	srand(time(NULL));
> +
>  	/* Device, op pool and session configuration for asymmetric crypto. 8<
> */
>  	ts_params->op_mpool = rte_crypto_op_pool_create(
>  			"CRYPTO_ASYM_OP_POOL",
> @@ -2196,6 +2231,219 @@ test_ecpm_all_curve(void)
>  	return overall_status;
>  }
> 
> +static void *
> +dh_alice_bob_set_session(uint8_t dev_id,
> +	struct rte_crypto_op *op,
> +	const struct test_dh_group *group)
> +{
> +	struct rte_crypto_asym_xform xform = { };
> +	void *sess = NULL;
> +	int ret = 0;
> +
> +	xform.xform_type = RTE_CRYPTO_ASYM_XFORM_DH;
> +	xform.dh.g.data = group->g.data;
> +	xform.dh.g.length = group->g.bytesize;
> +	xform.dh.p.data = group->p.data;
> +	xform.dh.p.length = group->p.bytesize;
> +	ret = rte_cryptodev_asym_session_create(dev_id, &xform,
> +			testsuite_params.session_mpool, &sess);
> +	if (ret)
> +		return NULL;
> +
> +	rte_crypto_op_attach_asym_session(op, sess);
> +	return sess;
> +}
> +
> +static void
> +dh_alice_bob_gen_x(const struct test_dh_group *group,
> +	uint8_t *private_data)
> +{
> +	test_crypto_rand(group->priv_ff_size, private_data);
> +	if (private_data[0] > group->p.data[0])
> +		private_data[0] = group->p.data[0] - 1; }
} in next line.

> +
> +static int
> +dh_alice_bob_gen_y(struct rte_crypto_op *op,
> +	const char *name,
> +	const uint8_t dev_id,
Could this order be dev_id, name, op etc ??

> +	uint8_t *y,
> +	uint8_t *x,
> +	const int ff_size)
> +{
> +	struct rte_crypto_op *result_op;
> +	int ret = 0;
> +
> +	op->asym->dh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE;
> +	op->asym->dh.pub_key.data = y;
> +	op->asym->dh.priv_key.data = x;
> +	op->asym->dh.priv_key.length = ff_size;
> +
> +	ret = process_crypto_request(dev_id, &op, &result_op);
> +	TEST_ASSERT_SUCCESS(ret, "Failed to compute public key for %s",
> name);
> +
> +	return 0;
> +}
> +
> +static int
> +dh_alice_bob_shared_compute(uint8_t dev_id,
> +	const char *name,
> +	struct rte_crypto_op *op,
> +	uint8_t *secret,
> +	uint8_t *peer,
> +	uint32_t peer_size)
> +{
> +	struct rte_crypto_op *result_op;
> +	int ret = 0;
> +
> +	op->asym->dh.ke_type =
> RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE;
> +	op->asym->dh.pub_key.data = peer;
> +	op->asym->dh.pub_key.length = peer_size;
> +	op->asym->dh.shared_secret.data = secret;
> +
> +	ret = process_crypto_request(dev_id, &op, &result_op);
> +	TEST_ASSERT_SUCCESS(ret,
> +		"Failed to compute shared secret for %s",
> +		name);
> +
> +	return 0;
> +}
> +
> +/* Diffie-Hellman test to verify the processed data */ static int
Patch format incorrect ?

> +dh_alice_bob_verify(struct rte_crypto_op *alice_op,
> +	struct rte_crypto_op *bob_op)
> +{
> +	int ret = 0;
> +
> +	/* Verify processed data */
> +	ret = (alice_op->asym->dh.shared_secret.length ==
> +			bob_op->asym->dh.shared_secret.length);
Is 0 length allowed ?

> +	if (!ret) {
> +		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
> +			"Alice's and Bob's shared secret length do not match.");
> +		return TEST_FAILED;
> +	}
> +	ret = memcmp(alice_op->asym->dh.shared_secret.data,
> +		alice_op->asym->dh.shared_secret.data,
> +		bob_op->asym->dh.shared_secret.length);
> +	if (ret) {
> +		RTE_LOG(ERR, USER1, "line %u FAILED: %s", __LINE__,
> +			"Alice's and Bob's shared secret do not match.");
> +		return TEST_FAILED;
> +	}
> +	return TEST_SUCCESS;
> +}
> +
<cut..>

> +static const struct test_dh_group test_dh_ikev2group_24 = {
> +	.id = 0,
> +	/*
> +	 * Officially 24, ikev2
> +	 */
> +	.g = {
> +		.data = test_dh_ikev2group24_g,
> +		.bytesize = sizeof(test_dh_ikev2group24_g),
> +	},
> +	.p = {
> +		.data = test_dh_ikev2group24_p,
> +		.bytesize = sizeof(test_dh_ikev2group24_p),
> +	},
> +	.priv_ff_size = 32,
> +};
> +
Below are suppose to be 2/3 patch right ?

> +static const struct test_dh_group test_ecdh_secp256r1 = {
> +	.id = RTE_CRYPTO_EC_GROUP_SECP256R1,
> +	.priv_ff_size = 32,
> +};
> +static const struct test_dh_group test_ecdh_secp384r1 = {
> +	.id = RTE_CRYPTO_EC_GROUP_SECP384R1,
> +	.priv_ff_size = 48,
> +};
> +static const struct test_dh_group test_ecdh_secp521r1 = {
> +	.id = RTE_CRYPTO_EC_GROUP_SECP521R1,
> +	.priv_ff_size = 64,
> +};
> +
> +
>  #endif /* TEST_CRYPTODEV_DH_TEST_VECTORS_H__ */
> --
> 2.17.1