Hi Arek,
> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: Tuesday, October 31, 2023 9:27 PM
> To: dev@dpdk.org
> Cc: gakhil@marvell.com; Ji, Kai <kai.ji@intel.com>; Power, Ciara
> <ciara.power@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH v2] crypto/qat: add sm2 ecdsa
>
> Added SM2 ECDSA feature to the Intel QuickAssist Technology symmetric
> crypto PMD.
>
> Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
> ---
> v2:
> - fixed build issues
Acked-by: Ciara Power <ciara.power@intel.com>
@@ -94,6 +94,7 @@ RSA = Y
ECDSA = Y
ECPM = Y
ECDH = Y
+SM2 = Y
;
; Supported Operating systems of the 'qat' crypto driver.
@@ -186,6 +186,7 @@ The QAT ASYM PMD has support for:
* ``RTE_CRYPTO_ASYM_XFORM_ECDSA``
* ``RTE_CRYPTO_ASYM_XFORM_ECPM``
* ``RTE_CRYPTO_ASYM_XFORM_ECDH``
+* ``RTE_CRYPTO_ASYM_XFORM_SM2``
Limitations
~~~~~~~~~~~
@@ -195,6 +195,7 @@ New Features
* **Updated Intel QuickAssist Technology driver.**
* Enabled support for QAT 2.0c (4944) devices in QAT crypto driver.
+ * Added support for SM2 ECDSA algorithm.
* **Updated Marvell cnxk crypto driver.**
@@ -1524,6 +1524,24 @@ icp_qat_fw_mmp_ecdsa_verify_gfp_521_input::in in @endlink
* icp_qat_fw_mmp_kpt_ecdsa_sign_rs_gfp_521_output::s s @endlink
*/
+#define PKE_ECSM2_SIGN_RS 0x222116fe
+/**< Functionality ID for ECC SM2 Sign RS
+ * @li 3 input parameters : @link icp_qat_fw_mmp_ecsm2_sign_rs_input_s::k k
+ * @endlink @link icp_qat_fw_mmp_ecsm2_sign_rs_input_s::e e @endlink @link
+ * icp_qat_fw_mmp_ecsm2_sign_rs_input_s::d d @endlink
+ * @li 2 output parameters : @link icp_qat_fw_mmp_ecsm2_sign_rs_output_s::r r
+ * @endlink @link icp_qat_fw_mmp_ecsm2_sign_rs_output_s::s s @endlink
+ */
+#define PKE_ECSM2_VERIFY 0x29241743
+/**< Functionality ID for ECC SM2 Signature Verify
+ * @li 5 input parameters : @link icp_qat_fw_mmp_ecsm2_verify_input_s::e e
+ * @endlink @link icp_qat_fw_mmp_ecsm2_verify_input_s::r r @endlink @link
+ * icp_qat_fw_mmp_ecsm2_verify_input_s::s s @endlink @link
+ * icp_qat_fw_mmp_ecsm2_verify_input_s::xp xp @endlink @link
+ * icp_qat_fw_mmp_ecsm2_verify_input_s::yp yp @endlink
+ * @li no output parameters
+ */
+
#define PKE_LIVENESS 0x00000001
/**< Functionality ID for PKE_LIVENESS
* @li 0 input parameter(s)
@@ -314,4 +314,24 @@ get_ec_verify_function(const struct rte_crypto_asym_xform *xform)
return qat_function;
}
+static struct qat_asym_function
+get_sm2_ecdsa_sign_function(void)
+{
+ struct qat_asym_function qat_function = {
+ PKE_ECSM2_SIGN_RS, 32
+ };
+
+ return qat_function;
+}
+
+static struct qat_asym_function
+get_sm2_ecdsa_verify_function(void)
+{
+ struct qat_asym_function qat_function = {
+ PKE_ECSM2_VERIFY, 32
+ };
+
+ return qat_function;
+}
+
#endif
@@ -904,6 +904,77 @@ ecdh_collect(struct rte_crypto_asym_op *asym_op,
return RTE_CRYPTO_OP_STATUS_SUCCESS;
}
+static int
+sm2_ecdsa_sign_set_input(struct icp_qat_fw_pke_request *qat_req,
+ struct qat_asym_op_cookie *cookie,
+ const struct rte_crypto_asym_op *asym_op,
+ const struct rte_crypto_asym_xform *xform)
+{
+ const struct qat_asym_function qat_function =
+ get_sm2_ecdsa_sign_function();
+ const uint32_t qat_func_alignsize =
+ qat_function.bytesize;
+
+ SET_PKE_LN(asym_op->sm2.k, qat_func_alignsize, 0);
+ SET_PKE_LN(asym_op->sm2.message, qat_func_alignsize, 1);
+ SET_PKE_LN(xform->ec.pkey, qat_func_alignsize, 2);
+
+ cookie->alg_bytesize = qat_function.bytesize;
+ cookie->qat_func_alignsize = qat_function.bytesize;
+ qat_req->pke_hdr.cd_pars.func_id = qat_function.func_id;
+ qat_req->input_param_count = 3;
+ qat_req->output_param_count = 2;
+
+ return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
+static int
+sm2_ecdsa_verify_set_input(struct icp_qat_fw_pke_request *qat_req,
+ struct qat_asym_op_cookie *cookie,
+ const struct rte_crypto_asym_op *asym_op,
+ const struct rte_crypto_asym_xform *xform)
+{
+ const struct qat_asym_function qat_function =
+ get_sm2_ecdsa_verify_function();
+ const uint32_t qat_func_alignsize =
+ qat_function.bytesize;
+
+ SET_PKE_LN(asym_op->sm2.message, qat_func_alignsize, 0);
+ SET_PKE_LN(asym_op->sm2.r, qat_func_alignsize, 1);
+ SET_PKE_LN(asym_op->sm2.s, qat_func_alignsize, 2);
+ SET_PKE_LN(xform->ec.q.x, qat_func_alignsize, 3);
+ SET_PKE_LN(xform->ec.q.y, qat_func_alignsize, 4);
+
+ cookie->alg_bytesize = qat_function.bytesize;
+ cookie->qat_func_alignsize = qat_function.bytesize;
+ qat_req->pke_hdr.cd_pars.func_id = qat_function.func_id;
+ qat_req->input_param_count = 5;
+ qat_req->output_param_count = 0;
+
+ return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
+static uint8_t
+sm2_ecdsa_sign_collect(struct rte_crypto_asym_op *asym_op,
+ const struct qat_asym_op_cookie *cookie)
+{
+ uint32_t alg_bytesize = cookie->alg_bytesize;
+
+ if (asym_op->sm2.op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
+ return RTE_CRYPTO_OP_STATUS_SUCCESS;
+
+ rte_memcpy(asym_op->sm2.r.data, cookie->output_array[0], alg_bytesize);
+ rte_memcpy(asym_op->sm2.s.data, cookie->output_array[1], alg_bytesize);
+ asym_op->sm2.r.length = alg_bytesize;
+ asym_op->sm2.s.length = alg_bytesize;
+
+ HEXDUMP("SM2 R", cookie->output_array[0],
+ alg_bytesize);
+ HEXDUMP("SM2 S", cookie->output_array[1],
+ alg_bytesize);
+ return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
static int
asym_set_input(struct icp_qat_fw_pke_request *qat_req,
struct qat_asym_op_cookie *cookie,
@@ -934,6 +1005,15 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req,
return ecdh_set_input(qat_req, cookie,
asym_op, xform);
}
+ case RTE_CRYPTO_ASYM_XFORM_SM2:
+ if (asym_op->sm2.op_type ==
+ RTE_CRYPTO_ASYM_OP_VERIFY) {
+ return sm2_ecdsa_verify_set_input(qat_req, cookie,
+ asym_op, xform);
+ } else {
+ return sm2_ecdsa_sign_set_input(qat_req, cookie,
+ asym_op, xform);
+ }
default:
QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform");
return -EINVAL;
@@ -1022,6 +1102,8 @@ qat_asym_collect_response(struct rte_crypto_op *op,
return ecpm_collect(asym_op, cookie);
case RTE_CRYPTO_ASYM_XFORM_ECDH:
return ecdh_collect(asym_op, cookie);
+ case RTE_CRYPTO_ASYM_XFORM_SM2:
+ return sm2_ecdsa_sign_collect(asym_op, cookie);
default:
QAT_LOG(ERR, "Not supported xform type");
return RTE_CRYPTO_OP_STATUS_ERROR;
@@ -1293,6 +1375,8 @@ qat_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
case RTE_CRYPTO_ASYM_XFORM_ECDH:
session_set_ec(qat_session, xform);
break;
+ case RTE_CRYPTO_ASYM_XFORM_SM2:
+ break;
default:
ret = -ENOTSUP;
}