From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 159FB454FF; Wed, 26 Jun 2024 10:51:32 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9FDE842E76; Wed, 26 Jun 2024 10:51:31 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 951BF42E6E for ; Wed, 26 Jun 2024 10:50:04 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 45Q8ngiS023031; Wed, 26 Jun 2024 01:50:03 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=pfpt0220; bh=E p2cCLBLdO/Ill2Bm+ECjJ4JZM54DMLQw5nk778VBQA=; b=GC50h4rA+zSnrAMCy bwNI8D5JIYDm7L1WHGPTocvuiGd4AemELSPvojKT8clQDuhgmPD6HdPpap0vdsrJ FWL1Ob4tIvkq/k78+wZV1R/vZ26Q0z2uZO5tzFzUXAop2gAj0nV8JdSvy0KLCliu fO5SZrzzArICr0UU8I/1SiV0KJiOgJ400J/9J5ekKmUQRvYnSIeefpe5aDsqvWGj YaKJKwMviJSPpw2E5OuIDNwwdhl3wfeypYD86r/t878BHBJ9nT/jWIGkS2oQByyv rJ92oGXAM3C3uDNonqNxhbaXOR2qxa77v6ppIA7awceCiWApP9/dQydpQ+hlETxN cf7MA== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 400ftng017-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 26 Jun 2024 01:50:03 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Wed, 26 Jun 2024 01:48:28 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1544.4 via Frontend Transport; Wed, 26 Jun 2024 01:48:27 -0700 Received: from BG-LT91401.marvell.com (BG-LT91401.marvell.com [10.28.168.34]) by maili.marvell.com (Postfix) with ESMTP id EB9913F707B; Wed, 26 Jun 2024 01:48:25 -0700 (PDT) From: Gowrishankar Muthukrishnan To: , Ciara Power CC: Anoob Joseph , Akhil Goyal , Gowrishankar Muthukrishnan Subject: [PATCH v2 6/6] app/crypto-perf: support ECDSA Date: Wed, 26 Jun 2024 14:17:45 +0530 Message-ID: <20240626084747.1595-7-gmuthukrishn@marvell.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20240626084747.1595-1-gmuthukrishn@marvell.com> References: <20240615115309.2678-1-gmuthukrishn@marvell.com> <20240626084747.1595-1-gmuthukrishn@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: AUVz_NGtZVmDo-udDfKfjivTMmZL9hU8 X-Proofpoint-GUID: AUVz_NGtZVmDo-udDfKfjivTMmZL9hU8 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-06-26_03,2024-06-25_01,2024-05-17_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Added support for ECDSA SECP256R1 curve SIGN and VERIFY operations. Signed-off-by: Gowrishankar Muthukrishnan --- app/test-crypto-perf/cperf_ops.c | 57 ++++++++++++++ app/test-crypto-perf/cperf_options.h | 2 + app/test-crypto-perf/cperf_options_parsing.c | 10 ++- app/test-crypto-perf/cperf_test_common.c | 1 + app/test-crypto-perf/cperf_test_vectors.c | 83 ++++++++++++++++++++ app/test-crypto-perf/cperf_test_vectors.h | 12 +++ app/test-crypto-perf/main.c | 18 +++++ doc/guides/tools/cryptoperf.rst | 1 + 8 files changed, 182 insertions(+), 2 deletions(-) diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c index f0860a46c0..62b165124f 100644 --- a/app/test-crypto-perf/cperf_ops.c +++ b/app/test-crypto-perf/cperf_ops.c @@ -34,6 +34,39 @@ cperf_set_ops_asym_modex(struct rte_crypto_op **ops, } } +static void +cperf_set_ops_asym_ecdsa(struct rte_crypto_op **ops, + uint32_t src_buf_offset __rte_unused, + uint32_t dst_buf_offset __rte_unused, uint16_t nb_ops, + void *sess, + const struct cperf_options *options, + const struct cperf_test_vector *test_vector __rte_unused, + uint16_t iv_offset __rte_unused, + uint32_t *imix_idx __rte_unused, + uint64_t *tsc_start __rte_unused) +{ + uint16_t i; + + for (i = 0; i < nb_ops; i++) { + struct rte_crypto_asym_op *asym_op = ops[i]->asym; + + ops[i]->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + rte_crypto_op_attach_asym_session(ops[i], sess); + + asym_op->ecdsa.op_type = options->asym_op_type; + asym_op->ecdsa.message.data = options->secp256r1_data->message.data; + asym_op->ecdsa.message.length = options->secp256r1_data->message.length; + + asym_op->ecdsa.k.data = options->secp256r1_data->k.data; + asym_op->ecdsa.k.length = options->secp256r1_data->k.length; + + asym_op->ecdsa.r.data = options->secp256r1_data->sign_r.data; + asym_op->ecdsa.r.length = options->secp256r1_data->sign_r.length; + asym_op->ecdsa.s.data = options->secp256r1_data->sign_s.data; + asym_op->ecdsa.s.length = options->secp256r1_data->sign_s.length; + } +} + static void cperf_set_ops_asym_sm2(struct rte_crypto_op **ops, uint32_t src_buf_offset __rte_unused, @@ -974,6 +1007,27 @@ cperf_create_session(struct rte_mempool *sess_mp, return asym_sess; } + if (options->op_type == CPERF_ASYM_SECP256R1) { + xform.next = NULL; + xform.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA; + xform.ec.curve_id = options->secp256r1_data->curve; + xform.ec.pkey.data = options->secp256r1_data->pkey.data; + xform.ec.pkey.length = options->secp256r1_data->pkey.length; + xform.ec.q.x.data = options->secp256r1_data->pubkey_qx.data; + xform.ec.q.x.length = options->secp256r1_data->pubkey_qx.length; + xform.ec.q.y.data = options->secp256r1_data->pubkey_qy.data; + xform.ec.q.y.length = options->secp256r1_data->pubkey_qy.length; + + ret = rte_cryptodev_asym_session_create(dev_id, &xform, + sess_mp, &asym_sess); + if (ret < 0) { + RTE_LOG(ERR, USER1, "ECDSA Asym session create failed\n"); + return NULL; + } + + return asym_sess; + } + if (options->op_type == CPERF_ASYM_SM2) { xform.next = NULL; xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2; @@ -1294,6 +1348,9 @@ cperf_get_op_functions(const struct cperf_options *options, case CPERF_ASYM_MODEX: op_fns->populate_ops = cperf_set_ops_asym_modex; break; + case CPERF_ASYM_SECP256R1: + op_fns->populate_ops = cperf_set_ops_asym_ecdsa; + break; case CPERF_ASYM_SM2: op_fns->populate_ops = cperf_set_ops_asym_sm2; break; diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h index d730ae18d0..9364c030c0 100644 --- a/app/test-crypto-perf/cperf_options.h +++ b/app/test-crypto-perf/cperf_options.h @@ -87,6 +87,7 @@ enum cperf_op_type { CPERF_DOCSIS, CPERF_IPSEC, CPERF_ASYM_MODEX, + CPERF_ASYM_SECP256R1, CPERF_ASYM_SM2, CPERF_TLS, }; @@ -165,6 +166,7 @@ struct cperf_options { uint8_t imix_distribution_count; struct cperf_modex_test_data *modex_data; uint16_t modex_len; + struct cperf_ecdsa_test_data *secp256r1_data; struct cperf_sm2_test_data *sm2_data; enum rte_crypto_asym_op_type asym_op_type; enum rte_crypto_auth_algorithm asym_hash_alg; diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c index 49609e560e..b6ed9c8a57 100644 --- a/app/test-crypto-perf/cperf_options_parsing.c +++ b/app/test-crypto-perf/cperf_options_parsing.c @@ -11,6 +11,7 @@ #include #include "cperf_options.h" +#include "cperf_test_common.h" #include "cperf_test_vectors.h" #define AES_BLOCK_SIZE 16 @@ -37,7 +38,7 @@ usage(char *progname) " --desc-nb N: set number of descriptors for each crypto device\n" " --devtype TYPE: set crypto device type to use\n" " --optype cipher-only / auth-only / cipher-then-auth / auth-then-cipher /\n" - " aead / pdcp / docsis / ipsec / modex / sm2 / tls-record : set operation type\n" + " aead / pdcp / docsis / ipsec / modex / secp256r1 / sm2 / tls-record : set operation type\n" " --sessionless: enable session-less crypto operations\n" " --out-of-place: enable out-of-place crypto operations\n" " --test-file NAME: set the test vector file path\n" @@ -483,6 +484,10 @@ parse_op_type(struct cperf_options *opts, const char *arg) cperf_op_type_strs[CPERF_ASYM_MODEX], CPERF_ASYM_MODEX }, + { + cperf_op_type_strs[CPERF_ASYM_SECP256R1], + CPERF_ASYM_SECP256R1 + }, { cperf_op_type_strs[CPERF_ASYM_SM2], CPERF_ASYM_SM2 @@ -1064,6 +1069,7 @@ cperf_options_default(struct cperf_options *opts) #endif opts->modex_data = (struct cperf_modex_test_data *)&modex_perf_data[0]; + opts->secp256r1_data = &secp256r1_perf_data; opts->sm2_data = &sm2_perf_data; opts->asym_op_type = RTE_CRYPTO_ASYM_OP_SIGN; } @@ -1488,7 +1494,7 @@ cperf_options_dump(struct cperf_options *opts) printf("#\n"); printf("# number of queue pairs per device: %u\n", opts->nb_qps); printf("# crypto operation: %s\n", cperf_op_type_strs[opts->op_type]); - if (opts->op_type == CPERF_ASYM_SM2) + if (opts->op_type == CPERF_ASYM_SM2 || opts->op_type == CPERF_ASYM_SECP256R1) printf("# asym operation type: %s\n", rte_crypto_asym_op_strings[opts->asym_op_type]); printf("# sessionless: %s\n", opts->sessionless ? "yes" : "no"); diff --git a/app/test-crypto-perf/cperf_test_common.c b/app/test-crypto-perf/cperf_test_common.c index 14ca9e964a..33bee43c93 100644 --- a/app/test-crypto-perf/cperf_test_common.c +++ b/app/test-crypto-perf/cperf_test_common.c @@ -306,6 +306,7 @@ bool cperf_is_asym_test(const struct cperf_options *options) { if (options->op_type == CPERF_ASYM_MODEX || + options->op_type == CPERF_ASYM_SECP256R1 || options->op_type == CPERF_ASYM_SM2) return true; diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c index 5ea5333029..19c56b46bd 100644 --- a/app/test-crypto-perf/cperf_test_vectors.c +++ b/app/test-crypto-perf/cperf_test_vectors.c @@ -804,6 +804,55 @@ cperf_modex_test_data modex_perf_data[10] = { } }; +static uint8_t secp256r1_pkey[] = { + 0x51, 0x9b, 0x42, 0x3d, 0x71, 0x5f, 0x8b, 0x58, + 0x1f, 0x4f, 0xa8, 0xee, 0x59, 0xf4, 0x77, 0x1a, + 0x5b, 0x44, 0xc8, 0x13, 0x0b, 0x4e, 0x3e, 0xac, + 0xca, 0x54, 0xa5, 0x6d, 0xda, 0x72, 0xb4, 0x64 +}; + +static uint8_t secp256r1_qx[] = { + 0x1c, 0xcb, 0xe9, 0x1c, 0x07, 0x5f, 0xc7, 0xf4, + 0xf0, 0x33, 0xbf, 0xa2, 0x48, 0xdb, 0x8f, 0xcc, + 0xd3, 0x56, 0x5d, 0xe9, 0x4b, 0xbf, 0xb1, 0x2f, + 0x3c, 0x59, 0xff, 0x46, 0xc2, 0x71, 0xbf, 0x83 +}; + +static uint8_t secp256r1_qy[] = { + 0xce, 0x40, 0x14, 0xc6, 0x88, 0x11, 0xf9, 0xa2, + 0x1a, 0x1f, 0xdb, 0x2c, 0x0e, 0x61, 0x13, 0xe0, + 0x6d, 0xb7, 0xca, 0x93, 0xb7, 0x40, 0x4e, 0x78, + 0xdc, 0x7c, 0xcd, 0x5c, 0xa8, 0x9a, 0x4c, 0xa9 +}; + +static uint8_t secp256r1_k[] = { + 0x94, 0xa1, 0xbb, 0xb1, 0x4b, 0x90, 0x6a, 0x61, + 0xa2, 0x80, 0xf2, 0x45, 0xf9, 0xe9, 0x3c, 0x7f, + 0x3b, 0x4a, 0x62, 0x47, 0x82, 0x4f, 0x5d, 0x33, + 0xb9, 0x67, 0x07, 0x87, 0x64, 0x2a, 0x68, 0xde +}; + +static uint8_t secp256r1_sign_r[] = { + 0xf3, 0xac, 0x80, 0x61, 0xb5, 0x14, 0x79, 0x5b, + 0x88, 0x43, 0xe3, 0xd6, 0x62, 0x95, 0x27, 0xed, + 0x2a, 0xfd, 0x6b, 0x1f, 0x6a, 0x55, 0x5a, 0x7a, + 0xca, 0xbb, 0x5e, 0x6f, 0x79, 0xc8, 0xc2, 0xac +}; + +static uint8_t secp256r1_sign_s[] = { + 0x8b, 0xf7, 0x78, 0x19, 0xca, 0x05, 0xa6, 0xb2, + 0x78, 0x6c, 0x76, 0x26, 0x2b, 0xf7, 0x37, 0x1c, + 0xef, 0x97, 0xb2, 0x18, 0xe9, 0x6f, 0x17, 0x5a, + 0x3c, 0xcd, 0xda, 0x2a, 0xcc, 0x05, 0x89, 0x03 +}; + +static uint8_t secp256r1_message[] = { + 0x44, 0xac, 0xf6, 0xb7, 0xe3, 0x6c, 0x13, 0x42, + 0xc2, 0xc5, 0x89, 0x72, 0x04, 0xfe, 0x09, 0x50, + 0x4e, 0x1e, 0x2e, 0xfb, 0x1a, 0x90, 0x03, 0x77, + 0xdb, 0xc4, 0xe7, 0xa6, 0xa1, 0x33, 0xec, 0x56 +}; + static uint8_t fp256_pkey[] = { 0x77, 0x84, 0x35, 0x65, 0x4c, 0x7a, 0x6d, 0xb1, 0x1e, 0x63, 0x0b, 0x41, 0x97, 0x36, 0x04, 0xf4, @@ -1282,6 +1331,40 @@ uint8_t ipsec_plaintext[2048] = { 0x75, 0x67, 0x00, 0x01 }; +/** ECDSA secp256r1 elliptic curve test params */ +struct +cperf_ecdsa_test_data secp256r1_perf_data = { + .pubkey_qx = { + .data = secp256r1_qx, + .length = sizeof(secp256r1_qx), + }, + .pubkey_qy = { + .data = secp256r1_qy, + .length = sizeof(secp256r1_qy), + }, + .k = { + .data = secp256r1_k, + .length = sizeof(secp256r1_k), + }, + .sign_r = { + .data = secp256r1_sign_r, + .length = sizeof(secp256r1_sign_r), + }, + .sign_s = { + .data = secp256r1_sign_s, + .length = sizeof(secp256r1_sign_s), + }, + .pkey = { + .data = secp256r1_pkey, + .length = sizeof(secp256r1_pkey), + }, + .message = { + .data = secp256r1_message, + .length = sizeof(secp256r1_message), + }, + .curve = RTE_CRYPTO_EC_GROUP_SECP256R1 +}; + /** SM2 Fp256 elliptic curve test params */ struct cperf_sm2_test_data sm2_perf_data = { diff --git a/app/test-crypto-perf/cperf_test_vectors.h b/app/test-crypto-perf/cperf_test_vectors.h index a218081d6e..d46cbbc2c8 100644 --- a/app/test-crypto-perf/cperf_test_vectors.h +++ b/app/test-crypto-perf/cperf_test_vectors.h @@ -107,6 +107,17 @@ struct cperf_modex_test_data { } result; }; +struct cperf_ecdsa_test_data { + rte_crypto_param pubkey_qx; + rte_crypto_param pubkey_qy; + rte_crypto_param pkey; + rte_crypto_param k; + rte_crypto_param sign_r; + rte_crypto_param sign_s; + rte_crypto_param message; + int curve; +}; + struct cperf_sm2_test_data { rte_crypto_param pubkey_qx; rte_crypto_param pubkey_qy; @@ -135,6 +146,7 @@ extern uint8_t aad[]; extern uint8_t digest[2048]; extern struct cperf_modex_test_data modex_perf_data[10]; +extern struct cperf_ecdsa_test_data secp256r1_perf_data; extern struct cperf_sm2_test_data sm2_perf_data; #endif diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c index 2f39edbe6a..989ff456bb 100644 --- a/app/test-crypto-perf/main.c +++ b/app/test-crypto-perf/main.c @@ -45,6 +45,7 @@ const char *cperf_op_type_strs[] = { [CPERF_DOCSIS] = "docsis", [CPERF_IPSEC] = "ipsec", [CPERF_ASYM_MODEX] = "modex", + [CPERF_ASYM_SECP256R1] = "ecdsa_p256r1", [CPERF_ASYM_SM2] = "sm2", [CPERF_TLS] = "tls-record" }; @@ -225,6 +226,7 @@ cperf_initialize_cryptodev(struct cperf_options *opts, uint8_t *enabled_cdevs) }; switch (opts->op_type) { + case CPERF_ASYM_SECP256R1: case CPERF_ASYM_SM2: case CPERF_ASYM_MODEX: conf.ff_disable |= (RTE_CRYPTODEV_FF_SECURITY | @@ -364,6 +366,22 @@ cperf_verify_devices_capabilities(struct cperf_options *opts, } + if (opts->op_type == CPERF_ASYM_SECP256R1) { + asym_cap_idx.type = RTE_CRYPTO_ASYM_XFORM_ECDSA; + asym_capability = rte_cryptodev_asym_capability_get(cdev_id, &asym_cap_idx); + if (asym_capability == NULL) + return -1; + + if (!rte_cryptodev_asym_xform_capability_check_optype(asym_capability, + opts->asym_op_type)) + return -1; + + if (asym_capability->internal_rng != 0) { + opts->secp256r1_data->k.data = NULL; + opts->secp256r1_data->k.length = 0; + } + } + if (opts->op_type == CPERF_ASYM_SM2) { asym_cap_idx.type = RTE_CRYPTO_ASYM_XFORM_SM2; asym_capability = rte_cryptodev_asym_capability_get(cdev_id, &asym_cap_idx); diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst index 8cfb194f10..6d1d50f237 100644 --- a/doc/guides/tools/cryptoperf.rst +++ b/doc/guides/tools/cryptoperf.rst @@ -175,6 +175,7 @@ The following are the application command-line options: pdcp docsis modex + ecdsa_p256r1 sm2 ipsec tls-record -- 2.25.1