From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
To: <dev@dpdk.org>
Cc: <anoobj@marvell.com>, Akhil Goyal <gakhil@marvell.com>,
Fan Zhang <fanzhang.oss@gmail.com>, Kai Ji <kai.ji@intel.com>,
Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>,
Ciara Power <ciara.power@intel.com>,
Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Subject: [PATCH v4 4/7] cryptodev: set private and public keys in EC session
Date: Mon, 9 Oct 2023 19:24:51 +0530 [thread overview]
Message-ID: <72dc3358636243c5a26683ce378ef68f106460bc.1696859505.git.gmuthukrishn@marvell.com> (raw)
In-Reply-To: <cover.1696859505.git.gmuthukrishn@marvell.com>
Set EC private and public keys into xform so that, it can be
maintained per session.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Ciara Power <ciara.power@intel.com>
---
app/test/test_cryptodev_asym.c | 60 ++++++++++----------
drivers/common/cnxk/roc_ae.h | 18 ++++++
drivers/common/cpt/cpt_mcode_defines.h | 18 ++++++
drivers/common/cpt/cpt_ucode_asym.h | 22 +++----
drivers/crypto/cnxk/cnxk_ae.h | 37 ++++++++----
drivers/crypto/openssl/rte_openssl_pmd.c | 53 +----------------
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 35 ++++++++++++
drivers/crypto/qat/qat_asym.c | 6 +-
examples/fips_validation/main.c | 14 +++--
lib/cryptodev/rte_crypto_asym.h | 18 ++----
10 files changed, 158 insertions(+), 123 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 514ea96b8b..a2bb1f9336 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1503,6 +1503,12 @@ test_ecdsa_sign_verify(enum curve curve_id)
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA;
xform.ec.curve_id = input_params.curve;
+ xform.ec.pkey.data = input_params.pkey.data;
+ xform.ec.pkey.length = input_params.pkey.length;
+ xform.ec.q.x.data = input_params.pubkey_qx.data;
+ xform.ec.q.x.length = input_params.pubkey_qx.length;
+ xform.ec.q.y.data = input_params.pubkey_qy.data;
+ xform.ec.q.y.length = input_params.pubkey_qy.length;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
if (ret < 0) {
@@ -1524,8 +1530,6 @@ test_ecdsa_sign_verify(enum curve curve_id)
op->asym->ecdsa.message.length = input_params.digest.length;
op->asym->ecdsa.k.data = input_params.scalar.data;
op->asym->ecdsa.k.length = input_params.scalar.length;
- op->asym->ecdsa.pkey.data = input_params.pkey.data;
- op->asym->ecdsa.pkey.length = input_params.pkey.length;
/* Init out buf */
op->asym->ecdsa.r.data = output_buf_r;
@@ -1582,10 +1586,6 @@ test_ecdsa_sign_verify(enum curve curve_id)
/* Populate op with operational details */
op->asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
- op->asym->ecdsa.q.x.data = input_params.pubkey_qx.data;
- op->asym->ecdsa.q.x.length = input_params.pubkey_qx.length;
- op->asym->ecdsa.q.y.data = input_params.pubkey_qy.data;
- op->asym->ecdsa.q.y.length = input_params.pubkey_qx.length;
op->asym->ecdsa.r.data = asym_op->ecdsa.r.data;
op->asym->ecdsa.r.length = asym_op->ecdsa.r.length;
op->asym->ecdsa.s.data = asym_op->ecdsa.s.data;
@@ -1847,6 +1847,12 @@ _test_sm2_sign(bool rnd_secret)
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
xform.ec.curve_id = input_params.curve;
+ xform.ec.pkey.data = input_params.pkey.data;
+ xform.ec.pkey.length = input_params.pkey.length;
+ xform.ec.q.x.data = input_params.pubkey_qx.data;
+ xform.ec.q.x.length = input_params.pubkey_qx.length;
+ xform.ec.q.y.data = input_params.pubkey_qy.data;
+ xform.ec.q.y.length = input_params.pubkey_qy.length;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
if (ret < 0) {
@@ -1871,12 +1877,6 @@ _test_sm2_sign(bool rnd_secret)
asym_op->sm2.message.data = input_params.message.data;
asym_op->sm2.message.length = input_params.message.length;
- asym_op->sm2.pkey.data = input_params.pkey.data;
- asym_op->sm2.pkey.length = input_params.pkey.length;
- asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
- asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
- asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
- asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
asym_op->sm2.id.data = input_params.id.data;
asym_op->sm2.id.length = input_params.id.length;
if (rnd_secret) {
@@ -2041,6 +2041,12 @@ test_sm2_verify(void)
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
xform.ec.curve_id = input_params.curve;
+ xform.ec.pkey.data = input_params.pkey.data;
+ xform.ec.pkey.length = input_params.pkey.length;
+ xform.ec.q.x.data = input_params.pubkey_qx.data;
+ xform.ec.q.x.length = input_params.pubkey_qx.length;
+ xform.ec.q.y.data = input_params.pubkey_qy.data;
+ xform.ec.q.y.length = input_params.pubkey_qy.length;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
if (ret < 0) {
@@ -2065,12 +2071,6 @@ test_sm2_verify(void)
asym_op->sm2.message.data = input_params.message.data;
asym_op->sm2.message.length = input_params.message.length;
- asym_op->sm2.pkey.data = input_params.pkey.data;
- asym_op->sm2.pkey.length = input_params.pkey.length;
- asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
- asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
- asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
- asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
asym_op->sm2.r.data = input_params.sign_r.data;
asym_op->sm2.r.length = input_params.sign_r.length;
asym_op->sm2.s.data = input_params.sign_s.data;
@@ -2155,6 +2155,12 @@ _test_sm2_enc(bool rnd_secret)
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
xform.ec.curve_id = input_params.curve;
+ xform.ec.pkey.data = input_params.pkey.data;
+ xform.ec.pkey.length = input_params.pkey.length;
+ xform.ec.q.x.data = input_params.pubkey_qx.data;
+ xform.ec.q.x.length = input_params.pubkey_qx.length;
+ xform.ec.q.y.data = input_params.pubkey_qy.data;
+ xform.ec.q.y.length = input_params.pubkey_qy.length;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
if (ret < 0) {
@@ -2179,12 +2185,6 @@ _test_sm2_enc(bool rnd_secret)
asym_op->sm2.message.data = input_params.message.data;
asym_op->sm2.message.length = input_params.message.length;
- asym_op->sm2.pkey.data = input_params.pkey.data;
- asym_op->sm2.pkey.length = input_params.pkey.length;
- asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
- asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
- asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
- asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
if (rnd_secret) {
asym_op->sm2.k.data = NULL;
asym_op->sm2.k.length = 0;
@@ -2347,6 +2347,12 @@ test_sm2_dec(void)
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
xform.ec.curve_id = input_params.curve;
+ xform.ec.pkey.data = input_params.pkey.data;
+ xform.ec.pkey.length = input_params.pkey.length;
+ xform.ec.q.x.data = input_params.pubkey_qx.data;
+ xform.ec.q.x.length = input_params.pubkey_qx.length;
+ xform.ec.q.y.data = input_params.pubkey_qy.data;
+ xform.ec.q.y.length = input_params.pubkey_qy.length;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
if (ret < 0) {
@@ -2371,12 +2377,6 @@ test_sm2_dec(void)
asym_op->sm2.cipher.data = input_params.cipher.data;
asym_op->sm2.cipher.length = input_params.cipher.length;
- asym_op->sm2.pkey.data = input_params.pkey.data;
- asym_op->sm2.pkey.length = input_params.pkey.length;
- asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
- asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
- asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
- asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
/* Init out buf */
asym_op->sm2.message.data = output_buf_m;
diff --git a/drivers/common/cnxk/roc_ae.h b/drivers/common/cnxk/roc_ae.h
index c972878eff..d8ad0129b1 100644
--- a/drivers/common/cnxk/roc_ae.h
+++ b/drivers/common/cnxk/roc_ae.h
@@ -67,6 +67,24 @@ struct roc_ae_ec_group {
struct roc_ae_ec_ctx {
/* Prime length defined by microcode for EC operations */
uint8_t curveid;
+
+ /* Private key */
+ struct {
+ uint8_t data[66];
+ unsigned int length;
+ } pkey;
+
+ /* Public key */
+ struct {
+ struct {
+ uint8_t data[66];
+ unsigned int length;
+ } x;
+ struct {
+ uint8_t data[66];
+ unsigned int length;
+ } y;
+ } q;
};
/* Buffer pointer */
diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h
index e6dcb7674c..b337dbc68d 100644
--- a/drivers/common/cpt/cpt_mcode_defines.h
+++ b/drivers/common/cpt/cpt_mcode_defines.h
@@ -364,6 +364,24 @@ struct cpt_ec_group {
struct cpt_asym_ec_ctx {
/* Prime length defined by microcode for EC operations */
uint8_t curveid;
+
+ /* Private key */
+ struct {
+ uint8_t data[66];
+ unsigned int length;
+ } pkey;
+
+ /* Public key */
+ struct {
+ struct {
+ uint8_t data[66];
+ unsigned int length;
+ } x;
+ struct {
+ uint8_t data[66];
+ unsigned int length;
+ } y;
+ } q;
};
struct cpt_asym_sess_misc {
diff --git a/drivers/common/cpt/cpt_ucode_asym.h b/drivers/common/cpt/cpt_ucode_asym.h
index 1105a0c125..e1034bbeb4 100644
--- a/drivers/common/cpt/cpt_ucode_asym.h
+++ b/drivers/common/cpt/cpt_ucode_asym.h
@@ -633,12 +633,13 @@ static __rte_always_inline void
cpt_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
struct asym_op_params *ecdsa_params,
uint64_t fpm_table_iova,
- uint8_t curveid)
+ struct cpt_asym_sess_misc *sess)
{
struct cpt_request_info *req = ecdsa_params->req;
uint16_t message_len = ecdsa->message.length;
phys_addr_t mphys = ecdsa_params->meta_buf;
- uint16_t pkey_len = ecdsa->pkey.length;
+ uint16_t pkey_len = sess->ec_ctx.pkey.length;
+ uint8_t curveid = sess->ec_ctx.curveid;
uint16_t p_align, k_align, m_align;
uint16_t k_len = ecdsa->k.length;
uint16_t order_len, prime_len;
@@ -688,7 +689,7 @@ cpt_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
memcpy(dptr + o_offset, ec_grp[curveid].order.data, order_len);
dptr += p_align;
- memcpy(dptr + pk_offset, ecdsa->pkey.data, pkey_len);
+ memcpy(dptr + pk_offset, sess->ec_ctx.pkey.data, pkey_len);
dptr += p_align;
memcpy(dptr, ecdsa->message.data, message_len);
@@ -735,14 +736,15 @@ static __rte_always_inline void
cpt_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
struct asym_op_params *ecdsa_params,
uint64_t fpm_table_iova,
- uint8_t curveid)
+ struct cpt_asym_sess_misc *sess)
{
struct cpt_request_info *req = ecdsa_params->req;
uint32_t message_len = ecdsa->message.length;
phys_addr_t mphys = ecdsa_params->meta_buf;
+ uint16_t qx_len = sess->ec_ctx.q.x.length;
+ uint16_t qy_len = sess->ec_ctx.q.y.length;
+ uint8_t curveid = sess->ec_ctx.curveid;
uint16_t o_offset, r_offset, s_offset;
- uint16_t qx_len = ecdsa->q.x.length;
- uint16_t qy_len = ecdsa->q.y.length;
uint16_t r_len = ecdsa->r.length;
uint16_t s_len = ecdsa->s.length;
uint16_t order_len, prime_len;
@@ -802,10 +804,10 @@ cpt_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
memcpy(dptr, ec_grp[curveid].prime.data, prime_len);
dptr += p_align;
- memcpy(dptr + qx_offset, ecdsa->q.x.data, qx_len);
+ memcpy(dptr + qx_offset, sess->ec_ctx.q.x.data, qx_len);
dptr += p_align;
- memcpy(dptr + qy_offset, ecdsa->q.y.data, qy_len);
+ memcpy(dptr + qy_offset, sess->ec_ctx.q.y.data, qy_len);
dptr += p_align;
memcpy(dptr, ec_grp[curveid].consta.data, prime_len);
@@ -852,10 +854,10 @@ cpt_enqueue_ecdsa_op(struct rte_crypto_op *op,
uint8_t curveid = sess->ec_ctx.curveid;
if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_SIGN)
- cpt_ecdsa_sign_prep(ecdsa, params, fpm_iova[curveid], curveid);
+ cpt_ecdsa_sign_prep(ecdsa, params, fpm_iova[curveid], sess);
else if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
cpt_ecdsa_verify_prep(ecdsa, params, fpm_iova[curveid],
- curveid);
+ sess);
else {
op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
return -EINVAL;
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 209bcd0b43..2aa39d2226 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -198,6 +198,21 @@ cnxk_ae_fill_ec_params(struct cnxk_ae_sess *sess,
return -EINVAL;
}
+ if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_ECPM)
+ return 0;
+
+ ec->pkey.length = xform->ec.pkey.length;
+ if (xform->ec.pkey.length)
+ rte_memcpy(ec->pkey.data, xform->ec.pkey.data, xform->ec.pkey.length);
+
+ ec->q.x.length = xform->ec.q.x.length;
+ if (xform->ec.q.x.length)
+ rte_memcpy(ec->q.x.data, xform->ec.q.x.data, xform->ec.q.x.length);
+
+ ec->q.y.length = xform->ec.q.y.length;
+ if (xform->ec.q.y.length)
+ rte_memcpy(ec->q.y.data, xform->ec.q.y.data, xform->ec.q.y.length);
+
return 0;
}
@@ -502,10 +517,11 @@ static __rte_always_inline void
cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
struct roc_ae_buf_ptr *meta_buf,
uint64_t fpm_table_iova, struct roc_ae_ec_group *ec_grp,
- uint8_t curveid, struct cpt_inst_s *inst)
+ struct cnxk_ae_sess *sess, struct cpt_inst_s *inst)
{
uint16_t message_len = ecdsa->message.length;
- uint16_t pkey_len = ecdsa->pkey.length;
+ uint16_t pkey_len = sess->ec_ctx.pkey.length;
+ uint8_t curveid = sess->ec_ctx.curveid;
uint16_t p_align, k_align, m_align;
uint16_t k_len = ecdsa->k.length;
uint16_t order_len, prime_len;
@@ -555,7 +571,7 @@ cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
memcpy(dptr + o_offset, ec_grp->order.data, order_len);
dptr += p_align;
- memcpy(dptr + pk_offset, ecdsa->pkey.data, pkey_len);
+ memcpy(dptr + pk_offset, sess->ec_ctx.pkey.data, pkey_len);
dptr += p_align;
memcpy(dptr, ecdsa->message.data, message_len);
@@ -583,13 +599,14 @@ static __rte_always_inline void
cnxk_ae_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
struct roc_ae_buf_ptr *meta_buf,
uint64_t fpm_table_iova,
- struct roc_ae_ec_group *ec_grp, uint8_t curveid,
+ struct roc_ae_ec_group *ec_grp, struct cnxk_ae_sess *sess,
struct cpt_inst_s *inst)
{
uint32_t message_len = ecdsa->message.length;
+ uint16_t qx_len = sess->ec_ctx.q.x.length;
+ uint16_t qy_len = sess->ec_ctx.q.y.length;
+ uint8_t curveid = sess->ec_ctx.curveid;
uint16_t o_offset, r_offset, s_offset;
- uint16_t qx_len = ecdsa->q.x.length;
- uint16_t qy_len = ecdsa->q.y.length;
uint16_t r_len = ecdsa->r.length;
uint16_t s_len = ecdsa->s.length;
uint16_t order_len, prime_len;
@@ -649,10 +666,10 @@ cnxk_ae_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param *ecdsa,
memcpy(dptr, ec_grp->prime.data, prime_len);
dptr += p_align;
- memcpy(dptr + qx_offset, ecdsa->q.x.data, qx_len);
+ memcpy(dptr + qx_offset, sess->ec_ctx.q.x.data, qx_len);
dptr += p_align;
- memcpy(dptr + qy_offset, ecdsa->q.y.data, qy_len);
+ memcpy(dptr + qy_offset, sess->ec_ctx.q.y.data, qy_len);
dptr += p_align;
memcpy(dptr, ec_grp->consta.data, prime_len);
@@ -685,10 +702,10 @@ cnxk_ae_enqueue_ecdsa_op(struct rte_crypto_op *op,
if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_SIGN)
cnxk_ae_ecdsa_sign_prep(ecdsa, meta_buf, fpm_iova[curveid],
- ec_grp[curveid], curveid, inst);
+ ec_grp[curveid], sess, inst);
else if (ecdsa->op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
cnxk_ae_ecdsa_verify_prep(ecdsa, meta_buf, fpm_iova[curveid],
- ec_grp[curveid], curveid, inst);
+ ec_grp[curveid], sess, inst);
else {
op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
return -EINVAL;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5e8624cebe..c234882417 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -2673,12 +2673,8 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
{
EVP_PKEY_CTX *kctx = NULL, *sctx = NULL, *cctx = NULL;
struct rte_crypto_asym_op *op = cop->asym;
- OSSL_PARAM_BLD *param_bld = NULL;
- OSSL_PARAM *params = NULL;
+ OSSL_PARAM *params = sess->u.sm2.params;
EVP_PKEY *pkey = NULL;
- BIGNUM *pkey_bn = NULL;
- uint8_t pubkey[64];
- size_t len = 0;
int ret = -1;
cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
@@ -2686,50 +2682,6 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
if (cop->asym->sm2.k.data != NULL)
goto err_sm2;
- param_bld = OSSL_PARAM_BLD_new();
- if (!param_bld) {
- OPENSSL_LOG(ERR, "failed to allocate params\n");
- goto err_sm2;
- }
-
- ret = OSSL_PARAM_BLD_push_utf8_string(param_bld,
- OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0);
- if (!ret) {
- OPENSSL_LOG(ERR, "failed to push params\n");
- goto err_sm2;
- }
-
- pkey_bn = BN_bin2bn((const unsigned char *)op->sm2.pkey.data,
- op->sm2.pkey.length, pkey_bn);
-
- memset(pubkey, 0, RTE_DIM(pubkey));
- pubkey[0] = 0x04;
- len += 1;
- memcpy(&pubkey[len], op->sm2.q.x.data, op->sm2.q.x.length);
- len += op->sm2.q.x.length;
- memcpy(&pubkey[len], op->sm2.q.y.data, op->sm2.q.y.length);
- len += op->sm2.q.y.length;
-
- ret = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY,
- pkey_bn);
- if (!ret) {
- OPENSSL_LOG(ERR, "failed to push params\n");
- goto err_sm2;
- }
-
- ret = OSSL_PARAM_BLD_push_octet_string(param_bld,
- OSSL_PKEY_PARAM_PUB_KEY, pubkey, len);
- if (!ret) {
- OPENSSL_LOG(ERR, "failed to push params\n");
- goto err_sm2;
- }
-
- params = OSSL_PARAM_BLD_to_param(param_bld);
- if (!params) {
- OPENSSL_LOG(ERR, "failed to push params\n");
- goto err_sm2;
- }
-
switch (op->sm2.op_type) {
case RTE_CRYPTO_ASYM_OP_ENCRYPT:
{
@@ -2940,9 +2892,6 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
if (pkey)
EVP_PKEY_free(pkey);
- if (param_bld)
- OSSL_PARAM_BLD_free(param_bld);
-
return ret;
}
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 6252a36f94..083ad63360 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -1303,6 +1303,9 @@ static int openssl_set_asym_session_parameters(
#ifndef OPENSSL_NO_SM2
OSSL_PARAM_BLD *param_bld = NULL;
OSSL_PARAM *params = NULL;
+ BIGNUM *pkey_bn = NULL;
+ uint8_t pubkey[64];
+ size_t len = 0;
int ret = -1;
param_bld = OSSL_PARAM_BLD_new();
@@ -1318,6 +1321,38 @@ static int openssl_set_asym_session_parameters(
goto err_sm2;
}
+ ret = OSSL_PARAM_BLD_push_utf8_string(param_bld,
+ OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0);
+ if (!ret) {
+ OPENSSL_LOG(ERR, "failed to push params\n");
+ goto err_sm2;
+ }
+
+ pkey_bn = BN_bin2bn((const unsigned char *)xform->ec.pkey.data,
+ xform->ec.pkey.length, pkey_bn);
+
+ ret = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY,
+ pkey_bn);
+ if (!ret) {
+ OPENSSL_LOG(ERR, "failed to push params\n");
+ goto err_sm2;
+ }
+
+ memset(pubkey, 0, sizeof(pubkey));
+ pubkey[0] = 0x04;
+ len += 1;
+ memcpy(&pubkey[len], xform->ec.q.x.data, xform->ec.q.x.length);
+ len += xform->ec.q.x.length;
+ memcpy(&pubkey[len], xform->ec.q.y.data, xform->ec.q.y.length);
+ len += xform->ec.q.y.length;
+
+ ret = OSSL_PARAM_BLD_push_octet_string(param_bld,
+ OSSL_PKEY_PARAM_PUB_KEY, pubkey, len);
+ if (!ret) {
+ OPENSSL_LOG(ERR, "failed to push params\n");
+ goto err_sm2;
+ }
+
params = OSSL_PARAM_BLD_to_param(param_bld);
if (!params) {
OPENSSL_LOG(ERR, "failed to push params\n");
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 7abd513423..0f196ace30 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -593,7 +593,7 @@ ecdsa_set_input(struct icp_qat_fw_pke_request *qat_req,
qat_func_alignsize =
RTE_ALIGN_CEIL(qat_function.bytesize, 8);
- SET_PKE_9A_IN(asym_op->ecdsa.pkey, 0);
+ SET_PKE_9A_IN(xform->ec.pkey, 0);
SET_PKE_9A_IN(asym_op->ecdsa.message, 1);
SET_PKE_9A_IN(asym_op->ecdsa.k, 2);
SET_PKE_9A_EC(curve[curve_id], b, 3);
@@ -635,8 +635,8 @@ ecdsa_set_input(struct icp_qat_fw_pke_request *qat_req,
SET_PKE_9A_EC(curve[curve_id], n, 7);
SET_PKE_9A_EC(curve[curve_id], x, 6);
SET_PKE_9A_EC(curve[curve_id], y, 5);
- SET_PKE_9A_IN(asym_op->ecdsa.q.x, 4);
- SET_PKE_9A_IN(asym_op->ecdsa.q.y, 3);
+ SET_PKE_9A_IN(xform->ec.q.x, 4);
+ SET_PKE_9A_IN(xform->ec.q.y, 3);
SET_PKE_9A_EC(curve[curve_id], a, 2);
SET_PKE_9A_EC(curve[curve_id], b, 1);
SET_PKE_9A_EC(curve[curve_id], p, 0);
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index fed5596f36..7ae2c6c007 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -1006,8 +1006,6 @@ prepare_ecdsa_op(void)
asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
asym->ecdsa.message.data = msg.val;
asym->ecdsa.message.length = msg.len;
- asym->ecdsa.pkey.data = vec.ecdsa.pkey.val;
- asym->ecdsa.pkey.length = vec.ecdsa.pkey.len;
asym->ecdsa.k.data = vec.ecdsa.k.val;
asym->ecdsa.k.length = vec.ecdsa.k.len;
@@ -1029,10 +1027,6 @@ prepare_ecdsa_op(void)
asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
asym->ecdsa.message.data = msg.val;
asym->ecdsa.message.length = msg.len;
- asym->ecdsa.q.x.data = vec.ecdsa.qx.val;
- asym->ecdsa.q.x.length = vec.ecdsa.qx.len;
- asym->ecdsa.q.y.data = vec.ecdsa.qy.val;
- asym->ecdsa.q.y.length = vec.ecdsa.qy.len;
asym->ecdsa.r.data = vec.ecdsa.r.val;
asym->ecdsa.r.length = vec.ecdsa.r.len;
asym->ecdsa.s.data = vec.ecdsa.s.val;
@@ -1570,6 +1564,9 @@ prepare_ecdsa_xform(struct rte_crypto_asym_xform *xform)
info.device_name, RTE_CRYPTO_ASYM_OP_SIGN);
return -EPERM;
}
+
+ xform->ec.pkey.data = vec.ecdsa.pkey.val;
+ xform->ec.pkey.length = vec.ecdsa.pkey.len;
break;
case FIPS_TEST_ASYM_SIGVER:
if (!rte_cryptodev_asym_xform_capability_check_optype(cap,
@@ -1578,6 +1575,11 @@ prepare_ecdsa_xform(struct rte_crypto_asym_xform *xform)
info.device_name, RTE_CRYPTO_ASYM_OP_VERIFY);
return -EPERM;
}
+
+ xform->ec.q.x.data = vec.ecdsa.qx.val;
+ xform->ec.q.x.length = vec.ecdsa.qx.len;
+ xform->ec.q.y.data = vec.ecdsa.qy.val;
+ xform->ec.q.y.length = vec.ecdsa.qy.len;
break;
default:
break;
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index e56c8c7816..39d3da3952 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -372,6 +372,12 @@ struct rte_crypto_dsa_xform {
struct rte_crypto_ec_xform {
enum rte_crypto_curve_id curve_id;
/**< Pre-defined ec groups */
+
+ rte_crypto_uint pkey;
+ /**< Private key */
+
+ struct rte_crypto_ec_point q;
+ /**< Public key */
};
/**
@@ -557,12 +563,6 @@ struct rte_crypto_ecdsa_op_param {
enum rte_crypto_asym_op_type op_type;
/**< Signature generation or verification */
- rte_crypto_uint pkey;
- /**< Private key of the signer for signature generation */
-
- struct rte_crypto_ec_point q;
- /**< Public key of the signer for verification */
-
rte_crypto_param message;
/**< Input message digest to be signed or verified */
@@ -643,12 +643,6 @@ struct rte_crypto_sm2_op_param {
enum rte_crypto_auth_algorithm hash;
/**< Hash algorithm used in EC op. */
- rte_crypto_uint pkey;
- /**< Private key for encryption or sign generation. */
-
- struct rte_crypto_ec_point q;
- /**< Public key for decryption or verification. */
-
rte_crypto_param message;
/**<
* Pointer to input data
--
2.25.1
next prev parent reply other threads:[~2023-10-09 13:55 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-10 9:35 [v1 0/6] cryptodev: support digest message in SM2 Gowrishankar Muthukrishnan
2023-08-10 9:35 ` [v1 1/6] crypto/openssl: include SM2 in asymmetric capabilities Gowrishankar Muthukrishnan
2023-09-26 19:53 ` Kusztal, ArkadiuszX
2023-08-10 9:35 ` [v1 2/6] cryptodev: add RNG capability in EC based xform Gowrishankar Muthukrishnan
2023-09-26 19:53 ` Kusztal, ArkadiuszX
2023-08-10 9:35 ` [v1 3/6] cryptodev: add hash support in asymmetric capability Gowrishankar Muthukrishnan
2023-09-26 20:03 ` Kusztal, ArkadiuszX
2023-09-27 5:55 ` Gowrishankar Muthukrishnan
2023-08-10 9:35 ` [v1 4/6] cryptodev: use generic EC xform params for SM2 Gowrishankar Muthukrishnan
2023-09-26 20:05 ` Kusztal, ArkadiuszX
2023-08-10 9:35 ` [v1 5/6] app/test: check asymmetric capabilities in SM2 test Gowrishankar Muthukrishnan
2023-09-26 20:05 ` Kusztal, ArkadiuszX
2023-08-10 9:35 ` [v1 6/6] crypto/cnxk: add SM2 support Gowrishankar Muthukrishnan
2023-09-14 7:21 ` [v1 0/6] cryptodev: support digest message in SM2 Gowrishankar Muthukrishnan
2023-09-27 11:37 ` [PATCH v2 0/7] " Gowrishankar Muthukrishnan
2023-09-27 11:37 ` [PATCH v2 1/7] crypto/openssl: include SM2 in asymmetric capabilities Gowrishankar Muthukrishnan
2023-09-27 11:37 ` [PATCH v2 2/7] cryptodev: set private and public keys in EC session Gowrishankar Muthukrishnan
2023-09-28 12:44 ` Power, Ciara
2023-09-28 13:12 ` Gowrishankar Muthukrishnan
2023-09-27 11:37 ` [PATCH v2 3/7] cryptodev: add RNG capability in EC based xform Gowrishankar Muthukrishnan
2023-09-27 11:37 ` [PATCH v2 4/7] cryptodev: add hash algorithms in asymmetric capability Gowrishankar Muthukrishnan
2023-09-27 11:37 ` [PATCH v2 5/7] cryptodev: use generic EC xform params for SM2 Gowrishankar Muthukrishnan
2023-09-27 11:37 ` [PATCH v2 6/7] app/test: check asymmetric capabilities in SM2 test Gowrishankar Muthukrishnan
2023-09-27 11:37 ` [PATCH v2 7/7] crypto/cnxk: add SM2 support Gowrishankar Muthukrishnan
2023-09-28 17:09 ` [PATCH v3 0/7] cryptodev: support digest message in SM2 Gowrishankar Muthukrishnan
2023-09-28 17:09 ` [PATCH v3 1/7] crypto/openssl: include SM2 in asymmetric capabilities Gowrishankar Muthukrishnan
2023-09-28 17:09 ` [PATCH v3 2/7] cryptodev: add hash algorithms in asymmetric capability Gowrishankar Muthukrishnan
2023-09-28 17:09 ` [PATCH v3 3/7] cryptodev: use generic EC xform params for SM2 Gowrishankar Muthukrishnan
2023-09-28 17:09 ` [PATCH v3 4/7] cryptodev: set private and public keys in EC session Gowrishankar Muthukrishnan
2023-09-29 12:47 ` Power, Ciara
2023-09-28 17:09 ` [PATCH v3 5/7] cryptodev: add RNG capability in EC based xform Gowrishankar Muthukrishnan
2023-09-28 17:09 ` [PATCH v3 6/7] crypto/cnxk: add SM2 support Gowrishankar Muthukrishnan
2023-09-28 17:09 ` [PATCH v3 7/7] app/test: check asymmetric capabilities in SM2 test Gowrishankar Muthukrishnan
2023-10-09 13:54 ` [PATCH v4 0/7] cryptodev: support digest message in SM2 Gowrishankar Muthukrishnan
2023-10-09 13:54 ` [PATCH v4 1/7] crypto/openssl: include SM2 in asymmetric capabilities Gowrishankar Muthukrishnan
2023-10-09 13:54 ` [PATCH v4 2/7] cryptodev: add hash algorithms in asymmetric capability Gowrishankar Muthukrishnan
2023-10-09 13:54 ` [PATCH v4 3/7] cryptodev: use generic EC xform params for SM2 Gowrishankar Muthukrishnan
2023-10-09 13:54 ` Gowrishankar Muthukrishnan [this message]
2023-10-09 13:54 ` [PATCH v4 5/7] cryptodev: add RNG capability in EC based xform Gowrishankar Muthukrishnan
2023-10-09 13:54 ` [PATCH v4 6/7] crypto/cnxk: add SM2 support Gowrishankar Muthukrishnan
2023-10-09 13:54 ` [PATCH v4 7/7] app/test: check asymmetric capabilities in SM2 test Gowrishankar Muthukrishnan
2023-10-09 19:07 ` [PATCH v4 0/7] cryptodev: support digest message in SM2 Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=72dc3358636243c5a26683ce378ef68f106460bc.1696859505.git.gmuthukrishn@marvell.com \
--to=gmuthukrishn@marvell.com \
--cc=anoobj@marvell.com \
--cc=arkadiuszx.kusztal@intel.com \
--cc=ciara.power@intel.com \
--cc=dev@dpdk.org \
--cc=fanzhang.oss@gmail.com \
--cc=gakhil@marvell.com \
--cc=kai.ji@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).