[PATCH] crypto/qat: add sm2 ecdsa

DPDK patches and discussions
 help / color / mirror / Atom feed

From: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
To: dev@dpdk.org
Cc: gakhil@marvell.com, kai.ji@intel.com, ciara.power@intel.com,
	Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
Subject: [PATCH] crypto/qat: add sm2 ecdsa
Date: Sun, 17 Sep 2023 15:44:49 +0000	[thread overview]
Message-ID: <20230917154449.3509865-1-arkadiuszx.kusztal@intel.com> (raw)

Added SM2 ECDSA feature to the Intel QuickAssist Technology
symmetric crypto PMD.

Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
 doc/guides/cryptodevs/features/qat.ini        |  1 +
 doc/guides/cryptodevs/qat.rst                 |  1 +
 doc/guides/rel_notes/release_23_11.rst        |  3 +
 .../common/qat/qat_adf/icp_qat_fw_mmp_ids.h   | 18 ++++
 drivers/common/qat/qat_adf/qat_pke.h          | 20 +++++
 drivers/crypto/qat/qat_asym.c                 | 84 +++++++++++++++++++
 6 files changed, 127 insertions(+)

diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini
index 6358a43357..f41d29158f 100644
--- a/doc/guides/cryptodevs/features/qat.ini
+++ b/doc/guides/cryptodevs/features/qat.ini
@@ -94,6 +94,7 @@ RSA			= Y
 ECDSA                   = Y
 ECPM                    = Y
 ECDH                    = Y
+SM2                     = Y
 
 ;
 ; Supported Operating systems of the 'qat' crypto driver.
diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
index afdfb0bd22..e483c1a703 100644
--- a/doc/guides/cryptodevs/qat.rst
+++ b/doc/guides/cryptodevs/qat.rst
@@ -186,6 +186,7 @@ The QAT ASYM PMD has support for:
 * ``RTE_CRYPTO_ASYM_XFORM_ECDSA``
 * ``RTE_CRYPTO_ASYM_XFORM_ECPM``
 * ``RTE_CRYPTO_ASYM_XFORM_ECDH``
+* ``RTE_CRYPTO_ASYM_XFORM_SM2``
 
 Limitations
 ~~~~~~~~~~~
diff --git a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst
index 333e1d95a2..9eea5b079a 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -78,6 +78,9 @@ New Features
 * build: Optional libraries can now be selected with the new ``enable_libs``
   build option similarly to the existing ``enable_drivers`` build option.
 
+* **Updated Intel QuickAssist Technology (QAT) crypto driver.**
+
+  * Added support for SM2 ECDSA algorithm.
 
 Removed Items
 -------------
diff --git a/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h b/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h
index 00813cffb9..630c6e1a9b 100644
--- a/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h
+++ b/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h
@@ -1524,6 +1524,24 @@ icp_qat_fw_mmp_ecdsa_verify_gfp_521_input::in in @endlink
  * icp_qat_fw_mmp_kpt_ecdsa_sign_rs_gfp_521_output::s s @endlink
  */
 
+#define PKE_ECSM2_SIGN_RS 0x222116fe
+/**< Functionality ID for ECC SM2 Sign RS
+ * @li 3 input parameters : @link icp_qat_fw_mmp_ecsm2_sign_rs_input_s::k k
+ * @endlink @link icp_qat_fw_mmp_ecsm2_sign_rs_input_s::e e @endlink @link
+ * icp_qat_fw_mmp_ecsm2_sign_rs_input_s::d d @endlink
+ * @li 2 output parameters : @link icp_qat_fw_mmp_ecsm2_sign_rs_output_s::r r
+ * @endlink @link icp_qat_fw_mmp_ecsm2_sign_rs_output_s::s s @endlink
+ */
+#define PKE_ECSM2_VERIFY 0x29241743
+/**< Functionality ID for ECC SM2 Signature Verify
+ * @li 5 input parameters : @link icp_qat_fw_mmp_ecsm2_verify_input_s::e e
+ * @endlink @link icp_qat_fw_mmp_ecsm2_verify_input_s::r r @endlink @link
+ * icp_qat_fw_mmp_ecsm2_verify_input_s::s s @endlink @link
+ * icp_qat_fw_mmp_ecsm2_verify_input_s::xp xp @endlink @link
+ * icp_qat_fw_mmp_ecsm2_verify_input_s::yp yp @endlink
+ * @li no output parameters
+ */
+
 #define PKE_LIVENESS 0x00000001
 /**< Functionality ID for PKE_LIVENESS
  * @li 0 input parameter(s)
diff --git a/drivers/common/qat/qat_adf/qat_pke.h b/drivers/common/qat/qat_adf/qat_pke.h
index 4b09e76dbb..f88932a275 100644
--- a/drivers/common/qat/qat_adf/qat_pke.h
+++ b/drivers/common/qat/qat_adf/qat_pke.h
@@ -314,4 +314,24 @@ get_ec_verify_function(const struct rte_crypto_asym_xform *xform)
 	return qat_function;
 }
 
+static struct qat_asym_function
+get_sm2_ecdsa_sign_function(void)
+{
+	struct qat_asym_function qat_function = {
+		PKE_ECSM2_SIGN_RS, 32
+	};
+
+	return qat_function;
+}
+
+static struct qat_asym_function
+get_sm2_ecdsa_verify_function(void)
+{
+	struct qat_asym_function qat_function = {
+		PKE_ECSM2_VERIFY, 32
+	};
+
+	return qat_function;
+}
+
 #endif
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 7abd513423..8f2872ed62 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -904,6 +904,77 @@ ecdh_collect(struct rte_crypto_asym_op *asym_op,
 	return RTE_CRYPTO_OP_STATUS_SUCCESS;
 }
 
+static int
+sm2_ecdsa_sign_set_input(struct icp_qat_fw_pke_request *qat_req,
+		struct qat_asym_op_cookie *cookie,
+		const struct rte_crypto_asym_op *asym_op,
+		__rte_unused const struct rte_crypto_asym_xform *xform)
+{
+	const struct qat_asym_function qat_function =
+		get_sm2_ecdsa_sign_function();
+	const uint32_t qat_func_alignsize =
+		qat_function.bytesize;
+
+	SET_PKE_LN(asym_op->sm2.k, qat_func_alignsize, 0);
+	SET_PKE_LN(asym_op->sm2.message, qat_func_alignsize, 1);
+	SET_PKE_LN(asym_op->sm2.pkey, qat_func_alignsize, 2);
+
+	cookie->alg_bytesize = qat_function.bytesize;
+	cookie->qat_func_alignsize = qat_function.bytesize;
+	qat_req->pke_hdr.cd_pars.func_id = qat_function.func_id;
+	qat_req->input_param_count = 3;
+	qat_req->output_param_count = 2;
+
+	return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
+static int
+sm2_ecdsa_verify_set_input(struct icp_qat_fw_pke_request *qat_req,
+		struct qat_asym_op_cookie *cookie,
+		const struct rte_crypto_asym_op *asym_op,
+		__rte_unused const struct rte_crypto_asym_xform *xform)
+{
+	const struct qat_asym_function qat_function =
+		get_sm2_ecdsa_verify_function();
+	const uint32_t qat_func_alignsize =
+		qat_function.bytesize;
+
+	SET_PKE_LN(asym_op->sm2.message, qat_func_alignsize, 0);
+	SET_PKE_LN(asym_op->sm2.r, qat_func_alignsize, 1);
+	SET_PKE_LN(asym_op->sm2.s, qat_func_alignsize, 2);
+	SET_PKE_LN(asym_op->sm2.q.x, qat_func_alignsize, 3);
+	SET_PKE_LN(asym_op->sm2.q.y, qat_func_alignsize, 4);
+
+	cookie->alg_bytesize = qat_function.bytesize;
+	cookie->qat_func_alignsize = qat_function.bytesize;
+	qat_req->pke_hdr.cd_pars.func_id = qat_function.func_id;
+	qat_req->input_param_count = 5;
+	qat_req->output_param_count = 0;
+
+	return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
+static uint8_t
+sm2_ecdsa_sign_collect(struct rte_crypto_asym_op *asym_op,
+		const struct qat_asym_op_cookie *cookie)
+{
+	uint32_t alg_bytesize = cookie->alg_bytesize;
+
+	if (asym_op->sm2.op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
+		return RTE_CRYPTO_OP_STATUS_SUCCESS;
+
+	rte_memcpy(asym_op->sm2.r.data, cookie->output_array[0], alg_bytesize);
+	rte_memcpy(asym_op->sm2.s.data, cookie->output_array[1], alg_bytesize);
+	asym_op->sm2.r.length = alg_bytesize;
+	asym_op->sm2.s.length = alg_bytesize;
+
+	HEXDUMP("SM2 R", cookie->output_array[0],
+		alg_bytesize);
+	HEXDUMP("SM2 S", cookie->output_array[1],
+		alg_bytesize);
+	return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
 static int
 asym_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
@@ -934,6 +1005,15 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req,
 			return ecdh_set_input(qat_req, cookie,
 				asym_op, xform);
 		}
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+		if (asym_op->sm2.op_type ==
+			RTE_CRYPTO_ASYM_OP_VERIFY) {
+			return sm2_ecdsa_verify_set_input(qat_req, cookie,
+						asym_op, xform);
+		} else {
+			return sm2_ecdsa_sign_set_input(qat_req, cookie,
+					asym_op, xform);
+		}
 	default:
 		QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform");
 		return -EINVAL;
@@ -1022,6 +1102,8 @@ qat_asym_collect_response(struct rte_crypto_op *op,
 		return ecpm_collect(asym_op, cookie);
 	case RTE_CRYPTO_ASYM_XFORM_ECDH:
 		return ecdh_collect(asym_op, cookie);
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+		return sm2_ecdsa_sign_collect(asym_op, cookie);
 	default:
 		QAT_LOG(ERR, "Not supported xform type");
 		return  RTE_CRYPTO_OP_STATUS_ERROR;
@@ -1293,6 +1375,8 @@ qat_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
 	case RTE_CRYPTO_ASYM_XFORM_ECDH:
 		session_set_ec(qat_session, xform);
 		break;
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+		break;
 	default:
 		ret = -ENOTSUP;
 	}
-- 
2.25.1

next             reply	other threads:[~2023-09-17 15:44 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-17 15:44 Arkadiusz Kusztal [this message]
2023-10-23  9:28 ` Power, Ciara
2023-10-27 19:24 ` [EXT] " Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230917154449.3509865-1-arkadiuszx.kusztal@intel.com \
    --to=arkadiuszx.kusztal@intel.com \
    --cc=ciara.power@intel.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=kai.ji@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).