DPDK patches and discussions
 help / color / mirror / Atom feed
From: Kai Ji <kai.ji@intel.com>
To: dev@dpdk.org
Cc: gakhil@marvell.com, stable@dpdk.org,
	Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>,
	Kai Ji <kai.ji@intel.com>
Subject: [dpdk-dev v2 3/3] app/test: add ecdsa kat sessionless tests
Date: Wed, 15 Mar 2023 02:34:57 +0800	[thread overview]
Message-ID: <20230314183457.13918-4-kai.ji@intel.com> (raw)
In-Reply-To: <20230314183457.13918-1-kai.ji@intel.com>

From: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>

Added sessionless ECDSA known answer test cases to
QAT asym crypto testsuite.

Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
Signed-off-by: Kai Ji <kai.ji@intel.com>
---
 app/test/test_cryptodev_asym.c | 209 +++++++++++++++++++++++++++++++++
 1 file changed, 209 insertions(+)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index fd5c5788b2..cc603ae805 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -2232,6 +2232,191 @@ test_ecpm_all_curve(void)
 	return overall_status;
 }

+/*
+ * ECDSA Signature generation function
+ */
+static int
+test_ecdsa_sign(const void *input_vector)
+{
+	const struct crypto_testsuite_ecdsa_params *test_vector = input_vector;
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_crypto_op *op;
+	struct rte_crypto_op *result_op = NULL;
+	struct rte_crypto_asym_xform xform = {
+		.next = NULL,
+		.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
+		.ec.curve_id = test_vector->curve
+	};
+	uint8_t R[test_vector->sign_r.length];
+	uint8_t S[test_vector->sign_s.length];
+	const uint8_t dev_id = ts_params->valid_devs[0];
+	int ret = TEST_SUCCESS;
+
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to allocate asymmetric crypto "
+				"operation struct\n");
+		return TEST_FAILED;
+	}
+	/*
+	 * Set input data
+	 * - Sessionless operation, no session will be created. User is responsible
+	 * for taking care of xform lifetime -> in case of ECDSA no keys are stored
+	 * in xform so it is not security crucial to clear data, although it is
+	 * recommended to clear xform anyway.
+	 * - Generation of signature pair R, S.
+	 * - Message is a digest of message to be signed.
+	 * - k is a random integer in interval (1, n - 1)
+	 * - pkey is a private key
+	 */
+	op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
+	op->asym->xform = &xform;
+	op->asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
+	op->asym->ecdsa.message.data = test_vector->digest.data;
+	op->asym->ecdsa.message.length = test_vector->digest.length;
+	op->asym->ecdsa.k.data = test_vector->scalar.data;
+	op->asym->ecdsa.k.length = test_vector->scalar.length;
+	op->asym->ecdsa.pkey.data = test_vector->pkey.data;
+	op->asym->ecdsa.pkey.length = test_vector->pkey.length;
+
+	/*
+	 * Set output data
+	 * Signature pair R, S. Positive integers.
+	 */
+	op->asym->ecdsa.r.data = R;
+	op->asym->ecdsa.s.data = S;
+
+	/* Sending packet for signature generation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Error sending packet for operation\n");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+	/* Waiting for packet to be dequeued */
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"ECDSA generation failed.\n");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+
+	/* Generated signature R, S */
+	debug_hexdump(stdout, "R:", result_op->asym->ecdsa.r.data,
+			result_op->asym->ecdsa.r.length);
+	debug_hexdump(stdout, "S:", result_op->asym->ecdsa.s.data,
+			result_op->asym->ecdsa.s.length);
+
+error_exit:
+	rte_crypto_op_free(op);
+	return ret;
+}
+
+/*
+ * ECDSA Signature verification function
+ */
+static int
+test_ecdsa_verify(const void *input_vector)
+{
+	const struct crypto_testsuite_ecdsa_params *test_vector = input_vector;
+	struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+	struct rte_mempool *op_mpool = ts_params->op_mpool;
+	struct rte_crypto_op *op;
+	struct rte_crypto_op *result_op = NULL;
+	struct rte_crypto_asym_xform xform = {
+		.next = NULL,
+		.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
+		.ec.curve_id = test_vector->curve
+	};
+	const uint8_t dev_id = ts_params->valid_devs[0];
+	int ret = TEST_SUCCESS;
+
+	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+	if (op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to allocate asymmetric crypto "
+				"operation struct\n");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+	/*
+	 * Set input data
+	 * - Sessionless operation, no session will be created. User is responsible
+	 * for taking care of xform lifetime -> in case of ECDSA no keys are stored
+	 * in xform so it is not security crucial to clear data, although it is
+	 * recommended to clear xform anyway.
+	 * - Verification of signature pair R, S.
+	 * - Message is a digest of message that was signed.
+	 * - q is a public key
+	 */
+	op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
+	op->asym->xform = &xform;
+	op->asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+	op->asym->ecdsa.message.data = test_vector->digest.data;
+	op->asym->ecdsa.message.length = test_vector->digest.length;
+	op->asym->ecdsa.q.x.data = test_vector->pubkey_qx.data;
+	op->asym->ecdsa.q.x.length = test_vector->pubkey_qx.length;
+	op->asym->ecdsa.q.y.data = test_vector->pubkey_qy.data;
+	op->asym->ecdsa.q.y.length = test_vector->pubkey_qx.length;
+	op->asym->ecdsa.r.data =  test_vector->sign_r.data;
+	op->asym->ecdsa.r.length =  test_vector->sign_r.length;
+	op->asym->ecdsa.s.data =  test_vector->sign_s.data;
+	op->asym->ecdsa.s.length =  test_vector->sign_s.length;
+
+	/* Sending packet for signature generation */
+	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Error sending packet for operation\n");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+	/* Waiting for packet to be dequeued */
+	while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+		rte_pause();
+
+	if (result_op == NULL) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"Failed to process asym crypto op\n");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+
+	/*
+	 * If result_op->status equals RTE_CRYPTO_OP_STATUS_SUCCESS
+	 * signature was verified correctly
+	 */
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1,
+				"line %u FAILED: %s", __LINE__,
+				"ECDSA verify failed.\n");
+		ret = TEST_FAILED;
+		goto error_exit;
+	}
+
+error_exit:
+	rte_crypto_op_free(op);
+	return ret;
+}
+
 static int
 test_ecdh(const void *input_vector)
 {
@@ -2851,6 +3036,30 @@ static struct unit_test_suite cryptodev_qat_asym_testsuite  = {
 	.teardown = testsuite_teardown,
 	.unit_test_cases = {
 		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_one_by_one),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp256r1 signature generation",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_sign, &ecdsa_param_secp256r1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp256r1 signature verification",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_verify, &ecdsa_param_secp256r1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp384r1 signature generation",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_sign, &ecdsa_param_secp384r1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp384r1 signature verification",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_verify, &ecdsa_param_secp384r1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp521r1 signature generation",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_sign, &ecdsa_param_secp521r1),
+		TEST_CASE_NAMED_WITH_DATA(
+			"Test - ECDSA secp521r1 signature verification",
+			ut_setup_asym, ut_teardown_asym,
+			test_ecdsa_verify, &ecdsa_param_secp521r1),
 		TEST_CASE_NAMED_WITH_DATA(
 			"Test - ECDH secp256r1, RFC 5114 256",
 			ut_setup_asym, ut_teardown_asym,
--
2.17.1


      parent reply	other threads:[~2023-03-14 18:35 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-14  0:12 [dpdk-dev v1 1/2] app/test: add diffie-hellman test cases Kai Ji
2023-03-14  0:12 ` [dpdk-dev v1 2/2] app/test: add ecdh " Kai Ji
2023-03-14 10:54 ` [EXT] [dpdk-dev v1 1/2] app/test: add diffie-hellman " Akhil Goyal
2023-03-14 18:34 ` [dpdk-dev v2 0/3] app/test: add asymmetric " Kai Ji
2023-03-14 18:34   ` [dpdk-dev v2 1/3] app/test: add diffie-hellman " Kai Ji
2023-06-23 10:29     ` [EXT] " Gowrishankar Muthukrishnan
2023-03-14 18:34   ` [dpdk-dev v2 2/3] app/test: add ecdh " Kai Ji
2023-03-14 18:34   ` Kai Ji [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230314183457.13918-4-kai.ji@intel.com \
    --to=kai.ji@intel.com \
    --cc=arkadiuszx.kusztal@intel.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=stable@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).