[PATCH v2 0/4] crypto/qat: extend asymmetric crypto pmd

[PATCH v2 0/4] crypto/qat: extend asymmetric crypto pmd

[Arek Kusztal]

This patchset extends Intel QuickAssist Technology asymmetric crypto PMD.
Following features were added:
- ECDH algorithm handling
- EC point verification

Depends-on: series-25284 ("crypto/qat: fix uncleared cookies in asym")

v2:
- resolved compilation issues
- improved code structure

Arek Kusztal (4):
  crypto/qat: make immutable parameters constant
  crypto/qat: improve freeing of asym cookies
  crypto/qat: add ecdh key exchange algorithm
  crypto/qat: add ecdh public key verification

 doc/guides/cryptodevs/features/qat.ini |   7 +-
 doc/guides/cryptodevs/qat.rst          |   1 +
 doc/guides/rel_notes/release_22_11.rst |   4 +
 drivers/common/qat/qat_adf/qat_pke.h   |  40 ++++-
 drivers/common/qat/qat_device.c        |   2 +-
 drivers/common/qat/qat_device.h        |   4 +-
 drivers/crypto/qat/qat_asym.c          | 317 ++++++++++++++++++++++++---------
 drivers/crypto/qat/qat_ec.h            |   2 +-
 8 files changed, 274 insertions(+), 103 deletions(-)

-- 
2.13.6

[PATCH v2 1/4] crypto/qat: make immutable parameters constant

[Arek Kusztal]

All pointers passed to functions that are not supposed
to have its data changed should be marked as constant.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/common/qat/qat_adf/qat_pke.h | 16 +++----
 drivers/common/qat/qat_device.c      |  2 +-
 drivers/common/qat/qat_device.h      |  4 +-
 drivers/crypto/qat/qat_asym.c        | 90 +++++++++++++++++-------------------
 drivers/crypto/qat/qat_ec.h          |  2 +-
 5 files changed, 54 insertions(+), 60 deletions(-)

diff --git a/drivers/common/qat/qat_adf/qat_pke.h b/drivers/common/qat/qat_adf/qat_pke.h
index 6c12bfd989..00e2b776dc 100644
--- a/drivers/common/qat/qat_adf/qat_pke.h
+++ b/drivers/common/qat/qat_adf/qat_pke.h
@@ -50,13 +50,13 @@ get_modexp_function2(uint32_t bytesize)
 }
 
 static struct qat_asym_function
-get_modexp_function(struct rte_crypto_asym_xform *xform)
+get_modexp_function(const struct rte_crypto_asym_xform *xform)
 {
 	return get_modexp_function2(xform->modex.modulus.length);
 }
 
 static struct qat_asym_function
-get_modinv_function(struct rte_crypto_asym_xform *xform)
+get_modinv_function(const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function = { };
 
@@ -137,7 +137,7 @@ get_modinv_function(struct rte_crypto_asym_xform *xform)
 }
 
 static struct qat_asym_function
-get_rsa_enc_function(struct rte_crypto_asym_xform *xform)
+get_rsa_enc_function(const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function = { };
 
@@ -164,7 +164,7 @@ get_rsa_enc_function(struct rte_crypto_asym_xform *xform)
 }
 
 static struct qat_asym_function
-get_rsa_dec_function(struct rte_crypto_asym_xform *xform)
+get_rsa_dec_function(const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function = { };
 
@@ -191,7 +191,7 @@ get_rsa_dec_function(struct rte_crypto_asym_xform *xform)
 }
 
 static struct qat_asym_function
-get_rsa_crt_function(struct rte_crypto_asym_xform *xform)
+get_rsa_crt_function(const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function = { };
 	int nlen = xform->rsa.qt.p.length * 2;
@@ -219,7 +219,7 @@ get_rsa_crt_function(struct rte_crypto_asym_xform *xform)
 }
 
 static struct qat_asym_function
-get_ecdsa_verify_function(struct rte_crypto_asym_xform *xform)
+get_ecdsa_verify_function(const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 
@@ -243,7 +243,7 @@ get_ecdsa_verify_function(struct rte_crypto_asym_xform *xform)
 }
 
 static struct qat_asym_function
-get_ecdsa_function(struct rte_crypto_asym_xform *xform)
+get_ecdsa_function(const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 
@@ -267,7 +267,7 @@ get_ecdsa_function(struct rte_crypto_asym_xform *xform)
 }
 
 static struct qat_asym_function
-get_ecpm_function(struct rte_crypto_asym_xform *xform)
+get_ecpm_function(const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 
diff --git a/drivers/common/qat/qat_device.c b/drivers/common/qat/qat_device.c
index 30e5cdb573..fcf08a70c4 100644
--- a/drivers/common/qat/qat_device.c
+++ b/drivers/common/qat/qat_device.c
@@ -453,7 +453,7 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev __rte_unused,
 
 __rte_weak int
 qat_asym_dev_create(struct qat_pci_device *qat_pci_dev __rte_unused,
-		struct qat_dev_cmd_param *qat_dev_cmd_param __rte_unused)
+		const struct qat_dev_cmd_param *qat_dev_cmd_param __rte_unused)
 {
 	return 0;
 }
diff --git a/drivers/common/qat/qat_device.h b/drivers/common/qat/qat_device.h
index d1512f3b89..26055b875f 100644
--- a/drivers/common/qat/qat_device.h
+++ b/drivers/common/qat/qat_device.h
@@ -158,8 +158,8 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev __rte_unused,
 		struct qat_dev_cmd_param *qat_dev_cmd_param);
 
 int
-qat_asym_dev_create(struct qat_pci_device *qat_pci_dev __rte_unused,
-		struct qat_dev_cmd_param *qat_dev_cmd_param);
+qat_asym_dev_create(struct qat_pci_device *qat_pci_dev,
+		const struct qat_dev_cmd_param *qat_dev_cmd_param);
 
 int
 qat_sym_dev_destroy(struct qat_pci_device *qat_pci_dev __rte_unused);
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 05ca95319b..6a079424b9 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -129,7 +129,7 @@ cleanup_crt(struct qat_asym_op_cookie *cookie,
 
 static void
 cleanup(struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_xform *xform)
 {
 	if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODEX)
 		cleanup_arrays(cookie, QAT_ASYM_MODEXP_NUM_IN_PARAMS,
@@ -178,7 +178,7 @@ check_zero(rte_crypto_param n)
 }
 
 static struct qat_asym_function
-get_asym_function(struct rte_crypto_asym_xform *xform)
+get_asym_function(const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 
@@ -198,10 +198,10 @@ get_asym_function(struct rte_crypto_asym_xform *xform)
 }
 
 static int
-modexp_set_input(struct rte_crypto_asym_op *asym_op,
-		struct icp_qat_fw_pke_request *qat_req,
+modexp_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 	uint32_t alg_bytesize, func_id, in_bytesize;
@@ -248,8 +248,8 @@ modexp_set_input(struct rte_crypto_asym_op *asym_op,
 
 static uint8_t
 modexp_collect(struct rte_crypto_asym_op *asym_op,
-		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct qat_asym_op_cookie *cookie,
+		const struct rte_crypto_asym_xform *xform)
 {
 	rte_crypto_param n = xform->modex.modulus;
 	uint32_t alg_bytesize = cookie->alg_bytesize;
@@ -268,10 +268,10 @@ modexp_collect(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
-modinv_set_input(struct rte_crypto_asym_op *asym_op,
-		struct icp_qat_fw_pke_request *qat_req,
+modinv_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 	uint32_t alg_bytesize, func_id;
@@ -308,8 +308,8 @@ modinv_set_input(struct rte_crypto_asym_op *asym_op,
 
 static uint8_t
 modinv_collect(struct rte_crypto_asym_op *asym_op,
-		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct qat_asym_op_cookie *cookie,
+		const struct rte_crypto_asym_xform *xform)
 {
 	rte_crypto_param n = xform->modinv.modulus;
 	uint8_t *modinv_result = asym_op->modinv.result.data;
@@ -329,10 +329,10 @@ modinv_collect(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
-rsa_set_pub_input(struct rte_crypto_asym_op *asym_op,
-		struct icp_qat_fw_pke_request *qat_req,
+rsa_set_pub_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 	uint32_t alg_bytesize, func_id;
@@ -385,10 +385,10 @@ rsa_set_pub_input(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
-rsa_set_priv_input(struct rte_crypto_asym_op *asym_op,
-		struct icp_qat_fw_pke_request *qat_req,
+rsa_set_priv_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 	uint32_t alg_bytesize, func_id;
@@ -478,10 +478,10 @@ rsa_set_priv_input(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
-rsa_set_input(struct rte_crypto_asym_op *asym_op,
-		struct icp_qat_fw_pke_request *qat_req,
+rsa_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
 {
 	qat_req->input_param_count =
 			QAT_ASYM_RSA_NUM_IN_PARAMS;
@@ -491,15 +491,15 @@ rsa_set_input(struct rte_crypto_asym_op *asym_op,
 	if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT ||
 			asym_op->rsa.op_type ==
 				RTE_CRYPTO_ASYM_OP_VERIFY) {
-		return rsa_set_pub_input(asym_op, qat_req, cookie, xform);
+		return rsa_set_pub_input(qat_req, cookie, asym_op, xform);
 	} else {
-		return rsa_set_priv_input(asym_op, qat_req, cookie, xform);
+		return rsa_set_priv_input(qat_req, cookie, asym_op, xform);
 	}
 }
 
 static uint8_t
 rsa_collect(struct rte_crypto_asym_op *asym_op,
-		struct qat_asym_op_cookie *cookie)
+		const struct qat_asym_op_cookie *cookie)
 {
 	uint32_t alg_bytesize = cookie->alg_bytesize;
 
@@ -559,10 +559,10 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
-ecdsa_set_input(struct rte_crypto_asym_op *asym_op,
-		struct icp_qat_fw_pke_request *qat_req,
+ecdsa_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 	uint32_t qat_func_alignsize, func_id;
@@ -662,7 +662,7 @@ ecdsa_set_input(struct rte_crypto_asym_op *asym_op,
 
 static uint8_t
 ecdsa_collect(struct rte_crypto_asym_op *asym_op,
-		struct qat_asym_op_cookie *cookie)
+		const struct qat_asym_op_cookie *cookie)
 {
 	uint32_t alg_bytesize = cookie->alg_bytesize;
 	uint32_t qat_func_alignsize = cookie->qat_func_alignsize;
@@ -686,10 +686,10 @@ ecdsa_collect(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
-ecpm_set_input(struct rte_crypto_asym_op *asym_op,
-		struct icp_qat_fw_pke_request *qat_req,
+ecpm_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
 {
 	struct qat_asym_function qat_function;
 	uint32_t qat_func_alignsize, func_id;
@@ -738,7 +738,7 @@ ecpm_set_input(struct rte_crypto_asym_op *asym_op,
 
 static uint8_t
 ecpm_collect(struct rte_crypto_asym_op *asym_op,
-		struct qat_asym_op_cookie *cookie)
+		const struct qat_asym_op_cookie *cookie)
 {
 	uint8_t *x = asym_op->ecpm.r.x.data;
 	uint8_t *y = asym_op->ecpm.r.y.data;
@@ -759,27 +759,22 @@ ecpm_collect(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
-asym_set_input(struct rte_crypto_asym_op *asym_op,
-		struct icp_qat_fw_pke_request *qat_req,
+asym_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
-		struct rte_crypto_asym_xform *xform)
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
 {
 	switch (xform->xform_type) {
 	case RTE_CRYPTO_ASYM_XFORM_MODEX:
-		return modexp_set_input(asym_op, qat_req,
-				cookie, xform);
+		return modexp_set_input(qat_req, cookie, asym_op, xform);
 	case RTE_CRYPTO_ASYM_XFORM_MODINV:
-		return modinv_set_input(asym_op, qat_req,
-				cookie, xform);
+		return modinv_set_input(qat_req, cookie, asym_op, xform);
 	case RTE_CRYPTO_ASYM_XFORM_RSA:
-		return rsa_set_input(asym_op, qat_req,
-				cookie, xform);
+		return rsa_set_input(qat_req, cookie, asym_op, xform);
 	case RTE_CRYPTO_ASYM_XFORM_ECDSA:
-		return ecdsa_set_input(asym_op, qat_req,
-				cookie, xform);
+		return ecdsa_set_input(qat_req, cookie, asym_op, xform);
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
-		return ecpm_set_input(asym_op, qat_req,
-				cookie, xform);
+		return ecpm_set_input(qat_req, cookie, asym_op, xform);
 	default:
 		QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform");
 		return -EINVAL;
@@ -824,8 +819,7 @@ qat_asym_build_request(void *in_op, uint8_t *out_msg, void *op_cookie,
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
 		goto error;
 	}
-	err = asym_set_input(asym_op, qat_req, cookie,
-			xform);
+	err = asym_set_input(qat_req, cookie, asym_op, xform);
 	if (err) {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
 		goto error;
@@ -1265,7 +1259,7 @@ qat_asym_init_op_cookie(void *op_cookie)
 
 int
 qat_asym_dev_create(struct qat_pci_device *qat_pci_dev,
-		struct qat_dev_cmd_param *qat_dev_cmd_param)
+		const struct qat_dev_cmd_param *qat_dev_cmd_param)
 {
 	struct qat_cryptodev_private *internals;
 	struct rte_cryptodev *cryptodev;
diff --git a/drivers/crypto/qat/qat_ec.h b/drivers/crypto/qat/qat_ec.h
index bbd0b31949..0e02722c18 100644
--- a/drivers/crypto/qat/qat_ec.h
+++ b/drivers/crypto/qat/qat_ec.h
@@ -264,7 +264,7 @@ static struct elliptic_curve curve[] = {
 };
 
 static int
-pick_curve(struct rte_crypto_asym_xform *xform)
+pick_curve(const struct rte_crypto_asym_xform *xform)
 {
 	switch (xform->ec.curve_id) {
 	case RTE_CRYPTO_EC_GROUP_SECP256R1:
-- 
2.13.6

[PATCH v2 2/4] crypto/qat: improve freeing of asym cookies

[Arek Kusztal]

Improve the way that cookies are freed and cleared.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/qat/qat_asym.c | 73 ++++++++++++++++++++-----------------------
 1 file changed, 34 insertions(+), 39 deletions(-)

diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 6a079424b9..a77f7bfcd0 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -70,27 +70,33 @@ static const struct rte_driver cryptodev_qat_asym_driver = {
 	} while (0)
 
 #define SET_PKE_LN(what, how, idx) \
-		rte_memcpy(cookie->input_array[idx] + how - \
-			what.length, \
-			what.data, \
-			what.length)
+	rte_memcpy(cookie->input_array[idx] + how - \
+		what.length, \
+		what.data, \
+		what.length)
 
 #define SET_PKE_LN_EC(curve, p, idx) \
-		rte_memcpy(cookie->input_array[idx] + \
-			qat_func_alignsize - curve.bytesize, \
-			curve.p.data, curve.bytesize)
+	rte_memcpy(cookie->input_array[idx] + \
+		qat_func_alignsize - curve.bytesize, \
+		curve.p.data, curve.bytesize)
 
 #define SET_PKE_9A_IN(what, idx) \
-		rte_memcpy(&cookie->input_buffer[idx * \
-			qat_func_alignsize] + \
-			qat_func_alignsize - what.length, \
-			what.data, what.length)
+	rte_memcpy(&cookie->input_buffer[idx * \
+		qat_func_alignsize] + \
+		qat_func_alignsize - what.length, \
+		what.data, what.length)
 
 #define SET_PKE_9A_EC(curve, p, idx) \
-		rte_memcpy(&cookie->input_buffer[idx * \
-			qat_func_alignsize] + \
-			qat_func_alignsize - curve.bytesize, \
-			curve.p.data, curve.bytesize)
+	rte_memcpy(&cookie->input_buffer[idx * \
+		qat_func_alignsize] + \
+		qat_func_alignsize - curve.bytesize, \
+		curve.p.data, curve.bytesize)
+
+#define PARAM_CLR(what) \
+	do { \
+		memset(what.data, 0, what.length); \
+		rte_free(what.data);	\
+	} while (0)
 
 static void
 request_init(struct icp_qat_fw_pke_request *qat_req)
@@ -98,8 +104,8 @@ request_init(struct icp_qat_fw_pke_request *qat_req)
 	memset(qat_req, 0, sizeof(*qat_req));
 	qat_req->pke_hdr.service_type = ICP_QAT_FW_COMN_REQ_CPM_FW_PKE;
 	qat_req->pke_hdr.hdr_flags =
-			ICP_QAT_FW_COMN_HDR_FLAGS_BUILD
-			(ICP_QAT_FW_COMN_REQ_FLAG_SET);
+		ICP_QAT_FW_COMN_HDR_FLAGS_BUILD
+		(ICP_QAT_FW_COMN_REQ_FLAG_SET);
 }
 
 static void
@@ -1146,40 +1152,29 @@ qat_asym_session_get_private_size(struct rte_cryptodev *dev __rte_unused)
 static void
 session_clear_modexp(struct rte_crypto_modex_xform *modex)
 {
-	memset(modex->modulus.data, 0, modex->modulus.length);
-	rte_free(modex->modulus.data);
-	memset(modex->exponent.data, 0, modex->exponent.length);
-	rte_free(modex->exponent.data);
+	PARAM_CLR(modex->modulus);
+	PARAM_CLR(modex->exponent);
 }
 
 static void
 session_clear_modinv(struct rte_crypto_modinv_xform *modinv)
 {
-	memset(modinv->modulus.data, 0, modinv->modulus.length);
-	rte_free(modinv->modulus.data);
+	PARAM_CLR(modinv->modulus);
 }
 
 static void
 session_clear_rsa(struct rte_crypto_rsa_xform *rsa)
 {
-	memset(rsa->n.data, 0, rsa->n.length);
-	rte_free(rsa->n.data);
-	memset(rsa->e.data, 0, rsa->e.length);
-	rte_free(rsa->e.data);
+	PARAM_CLR(rsa->n);
+	PARAM_CLR(rsa->e);
 	if (rsa->key_type == RTE_RSA_KEY_TYPE_EXP) {
-		memset(rsa->d.data, 0, rsa->d.length);
-		rte_free(rsa->d.data);
+		PARAM_CLR(rsa->d);
 	} else {
-		memset(rsa->qt.p.data, 0, rsa->qt.p.length);
-		rte_free(rsa->qt.p.data);
-		memset(rsa->qt.q.data, 0, rsa->qt.q.length);
-		rte_free(rsa->qt.q.data);
-		memset(rsa->qt.dP.data, 0, rsa->qt.dP.length);
-		rte_free(rsa->qt.dP.data);
-		memset(rsa->qt.dQ.data, 0, rsa->qt.dQ.length);
-		rte_free(rsa->qt.dQ.data);
-		memset(rsa->qt.qInv.data, 0, rsa->qt.qInv.length);
-		rte_free(rsa->qt.qInv.data);
+		PARAM_CLR(rsa->qt.p);
+		PARAM_CLR(rsa->qt.q);
+		PARAM_CLR(rsa->qt.dP);
+		PARAM_CLR(rsa->qt.dQ);
+		PARAM_CLR(rsa->qt.qInv);
 	}
 }
 
-- 
2.13.6

[PATCH v2 3/4] crypto/qat: add ecdh key exchange algorithm

[Arek Kusztal]

This commit adds ECDH algorithm to Intel QuickAssist
Technology driver.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 doc/guides/cryptodevs/features/qat.ini |  7 ++-
 doc/guides/cryptodevs/qat.rst          |  1 +
 doc/guides/rel_notes/release_22_11.rst |  4 ++
 drivers/crypto/qat/qat_asym.c          | 98 +++++++++++++++++++++++++++++++++-
 4 files changed, 106 insertions(+), 4 deletions(-)

diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini
index 4508becc56..5ba5546160 100644
--- a/doc/guides/cryptodevs/features/qat.ini
+++ b/doc/guides/cryptodevs/features/qat.ini
@@ -84,8 +84,11 @@ CHACHA20-POLY1305 = Y
 ;
 [Asymmetric]
 Modular Exponentiation  = Y
-Modular Inversion		= Y
-RSA						= Y
+Modular Inversion	= Y
+RSA			= Y
+ECDSA                   = Y
+ECPM                    = Y
+ECDH                    = Y
 
 ;
 ; Supported Operating systems of the 'qat' crypto driver.
diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
index 494fc7fd68..2d895e61ac 100644
--- a/doc/guides/cryptodevs/qat.rst
+++ b/doc/guides/cryptodevs/qat.rst
@@ -178,6 +178,7 @@ The QAT ASYM PMD has support for:
 * ``RTE_CRYPTO_ASYM_XFORM_RSA``
 * ``RTE_CRYPTO_ASYM_XFORM_ECDSA``
 * ``RTE_CRYPTO_ASYM_XFORM_ECPM``
+* ``RTE_CRYPTO_ASYM_XFORM_ECDH``
 
 Limitations
 ~~~~~~~~~~~
diff --git a/doc/guides/rel_notes/release_22_11.rst b/doc/guides/rel_notes/release_22_11.rst
index 281ba2fc7f..36f1028107 100644
--- a/doc/guides/rel_notes/release_22_11.rst
+++ b/doc/guides/rel_notes/release_22_11.rst
@@ -254,6 +254,10 @@ New Features
   Added support for asymmetric crypto algorithms.
   See the :doc:`../sample_app_ug/fips_validation` for more details.
 
+* **Updated Intel QuickAssist Technology (QAT) asymmetric crypto driver.**
+
+  * Added support for ECDH key exchange algorithm.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index a77f7bfcd0..b49eca4b4a 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -765,6 +765,94 @@ ecpm_collect(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
+ecdh_set_input(struct icp_qat_fw_pke_request *qat_req,
+		struct qat_asym_op_cookie *cookie,
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
+{
+	struct qat_asym_function qat_function;
+	uint32_t qat_func_alignsize, func_id;
+	int curve_id;
+
+	curve_id = pick_curve(xform);
+	if (curve_id < 0) {
+		QAT_LOG(DEBUG, "Incorrect elliptic curve");
+		return -EINVAL;
+	}
+
+	qat_function = get_ecpm_function(xform);
+	func_id = qat_function.func_id;
+	if (func_id == 0) {
+		QAT_LOG(ERR, "Cannot obtain functionality id");
+		return -EINVAL;
+	}
+	qat_func_alignsize = RTE_ALIGN_CEIL(qat_function.bytesize, 8);
+
+	if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
+		SET_PKE_LN(asym_op->ecdh.priv_key, qat_func_alignsize, 0);
+		SET_PKE_LN_EC(curve[curve_id], x, 1);
+		SET_PKE_LN_EC(curve[curve_id], y, 2);
+	} else {
+		SET_PKE_LN(asym_op->ecdh.priv_key, qat_func_alignsize, 0);
+		SET_PKE_LN(asym_op->ecdh.pub_key.x, qat_func_alignsize, 1);
+		SET_PKE_LN(asym_op->ecdh.pub_key.y, qat_func_alignsize, 2);
+	}
+	SET_PKE_LN_EC(curve[curve_id], a, 3);
+	SET_PKE_LN_EC(curve[curve_id], b, 4);
+	SET_PKE_LN_EC(curve[curve_id], p, 5);
+	SET_PKE_LN_EC(curve[curve_id], h, 6);
+
+	cookie->alg_bytesize = curve[curve_id].bytesize;
+	cookie->qat_func_alignsize = qat_func_alignsize;
+	qat_req->pke_hdr.cd_pars.func_id = func_id;
+	qat_req->input_param_count =
+			QAT_ASYM_ECPM_IN_PARAMS;
+	qat_req->output_param_count =
+			QAT_ASYM_ECPM_OUT_PARAMS;
+
+	HEXDUMP("k", cookie->input_array[0], qat_func_alignsize);
+	HEXDUMP("xG", cookie->input_array[1], qat_func_alignsize);
+	HEXDUMP("yG", cookie->input_array[2], qat_func_alignsize);
+	HEXDUMP("a", cookie->input_array[3], qat_func_alignsize);
+	HEXDUMP("b", cookie->input_array[4], qat_func_alignsize);
+	HEXDUMP("q", cookie->input_array[5], qat_func_alignsize);
+	HEXDUMP("h", cookie->input_array[6], qat_func_alignsize);
+
+	return 0;
+}
+
+static uint8_t
+ecdh_collect(struct rte_crypto_asym_op *asym_op,
+		const struct qat_asym_op_cookie *cookie)
+{
+	uint8_t *x, *y;
+	uint32_t alg_bytesize = cookie->alg_bytesize;
+	uint32_t qat_func_alignsize = cookie->qat_func_alignsize;
+	uint32_t ltrim = qat_func_alignsize - alg_bytesize;
+
+	if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
+		asym_op->ecdh.pub_key.x.length = alg_bytesize;
+		asym_op->ecdh.pub_key.y.length = alg_bytesize;
+		x = asym_op->ecdh.pub_key.x.data;
+		y = asym_op->ecdh.pub_key.y.data;
+	} else {
+		asym_op->ecdh.shared_secret.x.length = alg_bytesize;
+		asym_op->ecdh.shared_secret.y.length = alg_bytesize;
+		x = asym_op->ecdh.shared_secret.x.data;
+		y = asym_op->ecdh.shared_secret.y.data;
+	}
+
+	rte_memcpy(x, &cookie->output_array[0][ltrim], alg_bytesize);
+	rte_memcpy(y, &cookie->output_array[1][ltrim], alg_bytesize);
+
+	HEXDUMP("X", cookie->output_array[0],
+		qat_func_alignsize);
+	HEXDUMP("Y", cookie->output_array[1],
+		qat_func_alignsize);
+	return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
+static int
 asym_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
 		const struct rte_crypto_asym_op *asym_op,
@@ -781,6 +869,9 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req,
 		return ecdsa_set_input(qat_req, cookie, asym_op, xform);
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 		return ecpm_set_input(qat_req, cookie, asym_op, xform);
+	case RTE_CRYPTO_ASYM_XFORM_ECDH:
+		return ecdh_set_input(qat_req, cookie,
+				asym_op, xform);
 	default:
 		QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform");
 		return -EINVAL;
@@ -867,6 +958,8 @@ qat_asym_collect_response(struct rte_crypto_op *op,
 		return ecdsa_collect(asym_op, cookie);
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 		return ecpm_collect(asym_op, cookie);
+	case RTE_CRYPTO_ASYM_XFORM_ECDH:
+		return ecdh_collect(asym_op, cookie);
 	default:
 		QAT_LOG(ERR, "Not supported xform type");
 		return  RTE_CRYPTO_OP_STATUS_ERROR;
@@ -1099,7 +1192,7 @@ session_set_rsa(struct qat_asym_session *qat_session,
 }
 
 static void
-session_set_ecdsa(struct qat_asym_session *qat_session,
+session_set_ec(struct qat_asym_session *qat_session,
 			struct rte_crypto_asym_xform *xform)
 {
 	qat_session->xform.ec.curve_id = xform->ec.curve_id;
@@ -1129,7 +1222,8 @@ qat_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		break;
 	case RTE_CRYPTO_ASYM_XFORM_ECDSA:
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
-		session_set_ecdsa(qat_session, xform);
+	case RTE_CRYPTO_ASYM_XFORM_ECDH:
+		session_set_ec(qat_session, xform);
 		break;
 	default:
 		ret = -ENOTSUP;
-- 
2.13.6

[PATCH v2 4/4] crypto/qat: add ecdh public key verification

[Arek Kusztal]

This commit adds verification option for elliptic curve
points when used along ECDH algorithm.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/common/qat/qat_adf/qat_pke.h | 24 +++++++++++++++
 drivers/crypto/qat/qat_asym.c        | 58 +++++++++++++++++++++++++++++++++++-
 2 files changed, 81 insertions(+), 1 deletion(-)

diff --git a/drivers/common/qat/qat_adf/qat_pke.h b/drivers/common/qat/qat_adf/qat_pke.h
index 00e2b776dc..4b09e76dbb 100644
--- a/drivers/common/qat/qat_adf/qat_pke.h
+++ b/drivers/common/qat/qat_adf/qat_pke.h
@@ -290,4 +290,28 @@ get_ecpm_function(const struct rte_crypto_asym_xform *xform)
 	return qat_function;
 }
 
+static struct qat_asym_function
+get_ec_verify_function(const struct rte_crypto_asym_xform *xform)
+{
+	struct qat_asym_function qat_function;
+
+	switch (xform->ec.curve_id) {
+	case RTE_CRYPTO_EC_GROUP_SECP256R1:
+		qat_function.func_id = MATHS_POINT_VERIFY_GFP_L256;
+		qat_function.bytesize = 32;
+		break;
+	case RTE_CRYPTO_EC_GROUP_SECP384R1:
+		qat_function.func_id = MATHS_POINT_VERIFY_GFP_L512;
+		qat_function.bytesize = 64;
+		break;
+	case RTE_CRYPTO_EC_GROUP_SECP521R1:
+		qat_function.func_id = MATHS_POINT_VERIFY_GFP_521;
+		qat_function.bytesize = 66;
+		break;
+	default:
+		qat_function.func_id = 0;
+	}
+	return qat_function;
+}
+
 #endif
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index b49eca4b4a..c6a2028c93 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -821,6 +821,53 @@ ecdh_set_input(struct icp_qat_fw_pke_request *qat_req,
 	return 0;
 }
 
+static int
+ecdh_verify_set_input(struct icp_qat_fw_pke_request *qat_req,
+		struct qat_asym_op_cookie *cookie,
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
+{
+	struct qat_asym_function qat_function;
+	uint32_t qat_func_alignsize, func_id;
+	int curve_id;
+
+	curve_id = pick_curve(xform);
+	if (curve_id < 0) {
+		QAT_LOG(DEBUG, "Incorrect elliptic curve");
+		return -EINVAL;
+	}
+
+	qat_function = get_ec_verify_function(xform);
+	func_id = qat_function.func_id;
+	if (func_id == 0) {
+		QAT_LOG(ERR, "Cannot obtain functionality id");
+		return -EINVAL;
+	}
+	qat_func_alignsize = RTE_ALIGN_CEIL(qat_function.bytesize, 8);
+
+	SET_PKE_LN(asym_op->ecdh.pub_key.x, qat_func_alignsize, 0);
+	SET_PKE_LN(asym_op->ecdh.pub_key.y, qat_func_alignsize, 1);
+	SET_PKE_LN_EC(curve[curve_id], p, 2);
+	SET_PKE_LN_EC(curve[curve_id], a, 3);
+	SET_PKE_LN_EC(curve[curve_id], b, 4);
+
+	cookie->alg_bytesize = curve[curve_id].bytesize;
+	cookie->qat_func_alignsize = qat_func_alignsize;
+	qat_req->pke_hdr.cd_pars.func_id = func_id;
+	qat_req->input_param_count =
+			5;
+	qat_req->output_param_count =
+			0;
+
+	HEXDUMP("x", cookie->input_array[0], qat_func_alignsize);
+	HEXDUMP("y", cookie->input_array[1], qat_func_alignsize);
+	HEXDUMP("p", cookie->input_array[2], qat_func_alignsize);
+	HEXDUMP("a", cookie->input_array[3], qat_func_alignsize);
+	HEXDUMP("b", cookie->input_array[4], qat_func_alignsize);
+
+	return 0;
+}
+
 static uint8_t
 ecdh_collect(struct rte_crypto_asym_op *asym_op,
 		const struct qat_asym_op_cookie *cookie)
@@ -830,6 +877,9 @@ ecdh_collect(struct rte_crypto_asym_op *asym_op,
 	uint32_t qat_func_alignsize = cookie->qat_func_alignsize;
 	uint32_t ltrim = qat_func_alignsize - alg_bytesize;
 
+	if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY)
+		return RTE_CRYPTO_OP_STATUS_SUCCESS;
+
 	if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
 		asym_op->ecdh.pub_key.x.length = alg_bytesize;
 		asym_op->ecdh.pub_key.y.length = alg_bytesize;
@@ -870,8 +920,14 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req,
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 		return ecpm_set_input(qat_req, cookie, asym_op, xform);
 	case RTE_CRYPTO_ASYM_XFORM_ECDH:
-		return ecdh_set_input(qat_req, cookie,
+		if (asym_op->ecdh.ke_type ==
+			RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY) {
+			return ecdh_verify_set_input(qat_req, cookie,
 				asym_op, xform);
+		} else {
+			return ecdh_set_input(qat_req, cookie,
+				asym_op, xform);
+		}
 	default:
 		QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform");
 		return -EINVAL;
-- 
2.13.6

RE: [PATCH v2 1/4] crypto/qat: make immutable parameters constant

[Ji, Kai]

Acked-by: Kai Ji <kai.ji@intel.com>

> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: Thursday, October 20, 2022 4:10 PM
> To: dev@dpdk.org
> Cc: gakhil@marvell.com; Ji, Kai <kai.ji@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH v2 1/4] crypto/qat: make immutable parameters constant
> 
> All pointers passed to functions that are not supposed to have its data
> changed should be marked as constant.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---

RE: [PATCH v2 2/4] crypto/qat: improve freeing of asym cookies

[Ji, Kai]

Acked-by: Kai Ji <kai.ji@intel.com>

> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: Thursday, October 20, 2022 4:10 PM
> To: dev@dpdk.org
> Cc: gakhil@marvell.com; Ji, Kai <kai.ji@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH v2 2/4] crypto/qat: improve freeing of asym cookies
> 
> Improve the way that cookies are freed and cleared.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---

RE: [PATCH v2 3/4] crypto/qat: add ecdh key exchange algorithm

[Ji, Kai]

Acked-by: Kai Ji <kai.ji@intel.com>

> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: Thursday, October 20, 2022 4:10 PM
> To: dev@dpdk.org
> Cc: gakhil@marvell.com; Ji, Kai <kai.ji@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH v2 3/4] crypto/qat: add ecdh key exchange algorithm
> 
> This commit adds ECDH algorithm to Intel QuickAssist Technology driver.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---

RE: [PATCH v2 4/4] crypto/qat: add ecdh public key verification

[Ji, Kai]

Code may need rebase, otherwise 

Acked-by: Kai Ji <kai.ji@intel.com>

> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: Thursday, October 20, 2022 4:10 PM
> To: dev@dpdk.org
> Cc: gakhil@marvell.com; Ji, Kai <kai.ji@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH v2 4/4] crypto/qat: add ecdh public key verification
> 
> This commit adds verification option for elliptic curve points when used along
> ECDH algorithm.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
<snip>
> +
> +	cookie->alg_bytesize = curve[curve_id].bytesize;
> +	cookie->qat_func_alignsize = qat_func_alignsize;
> +	qat_req->pke_hdr.cd_pars.func_id = func_id;
> +	qat_req->input_param_count =
> +			5;
[KJ] do we need new line here ?
> +	qat_req->output_param_count =
> +			0;
> +
> +	HEXDUMP("x", cookie->input_array[0], qat_func_alignsize);
> +	HEXDUMP("y", cookie->input_array[1], qat_func_alignsize);
> +	HEXDUMP("p", cookie->input_array[2], qat_func_alignsize);
> +	HEXDUMP("a", cookie->input_array[3], qat_func_alignsize);
> +	HEXDUMP("b", cookie->input_array[4], qat_func_alignsize);
> +
> +	return 0;
> +}
> +
>  static uint8_t
>  ecdh_collect(struct rte_crypto_asym_op *asym_op,
>  		const struct qat_asym_op_cookie *cookie) @@ -830,6 +877,9
> @@ ecdh_collect(struct rte_crypto_asym_op *asym_op,
>  	uint32_t qat_func_alignsize = cookie->qat_func_alignsize;
>  	uint32_t ltrim = qat_func_alignsize - alg_bytesize;
> 
> +	if (asym_op->ecdh.ke_type ==
> RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY)
> +		return RTE_CRYPTO_OP_STATUS_SUCCESS;
> +
>  	if (asym_op->ecdh.ke_type ==
> RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
>  		asym_op->ecdh.pub_key.x.length = alg_bytesize;
>  		asym_op->ecdh.pub_key.y.length = alg_bytesize; @@ -870,8
> +920,14 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req,
>  	case RTE_CRYPTO_ASYM_XFORM_ECPM:
>  		return ecpm_set_input(qat_req, cookie, asym_op, xform);
>  	case RTE_CRYPTO_ASYM_XFORM_ECDH:
> -		return ecdh_set_input(qat_req, cookie,
> +		if (asym_op->ecdh.ke_type ==
> +			RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY) {
> +			return ecdh_verify_set_input(qat_req, cookie,
>  				asym_op, xform);
> +		} else {
> +			return ecdh_set_input(qat_req, cookie,
> +				asym_op, xform);
> +		}
>  	default:
>  		QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto
> xform");
>  		return -EINVAL;
> --
> 2.13.6

RE: [EXT] [PATCH v2 0/4] crypto/qat: extend asymmetric crypto pmd

[Akhil Goyal]

> This patchset extends Intel QuickAssist Technology asymmetric crypto PMD.
> Following features were added:
> - ECDH algorithm handling
> - EC point verification
> 
> Depends-on: series-25284 ("crypto/qat: fix uncleared cookies in asym")
> 
Series applied to dpdk-next-crypto

Thanks.