From patchwork Thu Oct 20 15:09:39 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
X-Patchwork-Id: 118829
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 48FC5A0553;
	Thu, 20 Oct 2022 18:18:52 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 84C1C410FC;
	Thu, 20 Oct 2022 18:18:42 +0200 (CEST)
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 by mails.dpdk.org (Postfix) with ESMTP id C69B64280B
 for <dev@dpdk.org>; Thu, 20 Oct 2022 18:18:39 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1666282719; x=1697818719;
 h=from:to:cc:subject:date:message-id:in-reply-to: references;
 bh=Sr2wIIKIj+0VuUYFakAJi1hnKas5TzsEODabhckExzY=;
 b=R1VaoLsiZOT+nrLGxvbJ9DEQhHX+egxlxVkqij09vXp6k+N2+ZZl02xa
 hBnD7ejMsggJqT1aLv2xqbqF/8a/P4HwbfSo+Jyu4zXmZvQyvyfzIvT6H
 rQxR8u2fm26UALarXD1Zdi6n5VboCyphDtMhcIGPwkvHM6+HDtH+5/8VX
 mhRs/PquVeE0AehoyV/VQaXURmCdw4Fvon1hxcnhh1nBRmNh8KzAoQdS/
 0JAlHTvG1QzL3BIShIE+/C0ULGAiPgOgsevvoR5gzy1Xz6VnGBxfv4oY7
 YtZzQ6fcdntKnLFvKZx0ucPlAd3HyUpcV9rlvc8IOIQsxjvPWRvvTD7BB g==;
X-IronPort-AV: E=McAfee;i="6500,9779,10506"; a="287161691"
X-IronPort-AV: E=Sophos;i="5.95,199,1661842800"; d="scan'208";a="287161691"
Received: from orsmga002.jf.intel.com ([10.7.209.21])
 by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 20 Oct 2022 09:18:39 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6500,9779,10506"; a="629913459"
X-IronPort-AV: E=Sophos;i="5.95,199,1661842800"; d="scan'208";a="629913459"
Received: from silpixa00399302.ir.intel.com ([10.237.214.136])
 by orsmga002.jf.intel.com with ESMTP; 20 Oct 2022 09:18:38 -0700
From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
To: dev@dpdk.org
Cc: gakhil@marvell.com, kai.ji@intel.com,
 Arek Kusztal <arkadiuszx.kusztal@intel.com>
Subject: [PATCH v2 3/4] crypto/qat: add ecdh key exchange algorithm
Date: Thu, 20 Oct 2022 16:09:39 +0100
Message-Id: <20221020150940.62465-4-arkadiuszx.kusztal@intel.com>
X-Mailer: git-send-email 2.13.6
In-Reply-To: <20221020150940.62465-1-arkadiuszx.kusztal@intel.com>
References: <20221020150940.62465-1-arkadiuszx.kusztal@intel.com>
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

This commit adds ECDH algorithm to Intel QuickAssist
Technology driver.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
---
 doc/guides/cryptodevs/features/qat.ini |  7 ++-
 doc/guides/cryptodevs/qat.rst          |  1 +
 doc/guides/rel_notes/release_22_11.rst |  4 ++
 drivers/crypto/qat/qat_asym.c          | 98 +++++++++++++++++++++++++++++++++-
 4 files changed, 106 insertions(+), 4 deletions(-)

diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini
index 4508becc56..5ba5546160 100644
--- a/doc/guides/cryptodevs/features/qat.ini
+++ b/doc/guides/cryptodevs/features/qat.ini
@@ -84,8 +84,11 @@ CHACHA20-POLY1305 = Y
 ;
 [Asymmetric]
 Modular Exponentiation  = Y
-Modular Inversion		= Y
-RSA						= Y
+Modular Inversion	= Y
+RSA			= Y
+ECDSA                   = Y
+ECPM                    = Y
+ECDH                    = Y
 
 ;
 ; Supported Operating systems of the 'qat' crypto driver.
diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
index 494fc7fd68..2d895e61ac 100644
--- a/doc/guides/cryptodevs/qat.rst
+++ b/doc/guides/cryptodevs/qat.rst
@@ -178,6 +178,7 @@ The QAT ASYM PMD has support for:
 * ``RTE_CRYPTO_ASYM_XFORM_RSA``
 * ``RTE_CRYPTO_ASYM_XFORM_ECDSA``
 * ``RTE_CRYPTO_ASYM_XFORM_ECPM``
+* ``RTE_CRYPTO_ASYM_XFORM_ECDH``
 
 Limitations
 ~~~~~~~~~~~
diff --git a/doc/guides/rel_notes/release_22_11.rst b/doc/guides/rel_notes/release_22_11.rst
index 281ba2fc7f..36f1028107 100644
--- a/doc/guides/rel_notes/release_22_11.rst
+++ b/doc/guides/rel_notes/release_22_11.rst
@@ -254,6 +254,10 @@ New Features
   Added support for asymmetric crypto algorithms.
   See the :doc:`../sample_app_ug/fips_validation` for more details.
 
+* **Updated Intel QuickAssist Technology (QAT) asymmetric crypto driver.**
+
+  * Added support for ECDH key exchange algorithm.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index a77f7bfcd0..b49eca4b4a 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -765,6 +765,94 @@ ecpm_collect(struct rte_crypto_asym_op *asym_op,
 }
 
 static int
+ecdh_set_input(struct icp_qat_fw_pke_request *qat_req,
+		struct qat_asym_op_cookie *cookie,
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
+{
+	struct qat_asym_function qat_function;
+	uint32_t qat_func_alignsize, func_id;
+	int curve_id;
+
+	curve_id = pick_curve(xform);
+	if (curve_id < 0) {
+		QAT_LOG(DEBUG, "Incorrect elliptic curve");
+		return -EINVAL;
+	}
+
+	qat_function = get_ecpm_function(xform);
+	func_id = qat_function.func_id;
+	if (func_id == 0) {
+		QAT_LOG(ERR, "Cannot obtain functionality id");
+		return -EINVAL;
+	}
+	qat_func_alignsize = RTE_ALIGN_CEIL(qat_function.bytesize, 8);
+
+	if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
+		SET_PKE_LN(asym_op->ecdh.priv_key, qat_func_alignsize, 0);
+		SET_PKE_LN_EC(curve[curve_id], x, 1);
+		SET_PKE_LN_EC(curve[curve_id], y, 2);
+	} else {
+		SET_PKE_LN(asym_op->ecdh.priv_key, qat_func_alignsize, 0);
+		SET_PKE_LN(asym_op->ecdh.pub_key.x, qat_func_alignsize, 1);
+		SET_PKE_LN(asym_op->ecdh.pub_key.y, qat_func_alignsize, 2);
+	}
+	SET_PKE_LN_EC(curve[curve_id], a, 3);
+	SET_PKE_LN_EC(curve[curve_id], b, 4);
+	SET_PKE_LN_EC(curve[curve_id], p, 5);
+	SET_PKE_LN_EC(curve[curve_id], h, 6);
+
+	cookie->alg_bytesize = curve[curve_id].bytesize;
+	cookie->qat_func_alignsize = qat_func_alignsize;
+	qat_req->pke_hdr.cd_pars.func_id = func_id;
+	qat_req->input_param_count =
+			QAT_ASYM_ECPM_IN_PARAMS;
+	qat_req->output_param_count =
+			QAT_ASYM_ECPM_OUT_PARAMS;
+
+	HEXDUMP("k", cookie->input_array[0], qat_func_alignsize);
+	HEXDUMP("xG", cookie->input_array[1], qat_func_alignsize);
+	HEXDUMP("yG", cookie->input_array[2], qat_func_alignsize);
+	HEXDUMP("a", cookie->input_array[3], qat_func_alignsize);
+	HEXDUMP("b", cookie->input_array[4], qat_func_alignsize);
+	HEXDUMP("q", cookie->input_array[5], qat_func_alignsize);
+	HEXDUMP("h", cookie->input_array[6], qat_func_alignsize);
+
+	return 0;
+}
+
+static uint8_t
+ecdh_collect(struct rte_crypto_asym_op *asym_op,
+		const struct qat_asym_op_cookie *cookie)
+{
+	uint8_t *x, *y;
+	uint32_t alg_bytesize = cookie->alg_bytesize;
+	uint32_t qat_func_alignsize = cookie->qat_func_alignsize;
+	uint32_t ltrim = qat_func_alignsize - alg_bytesize;
+
+	if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
+		asym_op->ecdh.pub_key.x.length = alg_bytesize;
+		asym_op->ecdh.pub_key.y.length = alg_bytesize;
+		x = asym_op->ecdh.pub_key.x.data;
+		y = asym_op->ecdh.pub_key.y.data;
+	} else {
+		asym_op->ecdh.shared_secret.x.length = alg_bytesize;
+		asym_op->ecdh.shared_secret.y.length = alg_bytesize;
+		x = asym_op->ecdh.shared_secret.x.data;
+		y = asym_op->ecdh.shared_secret.y.data;
+	}
+
+	rte_memcpy(x, &cookie->output_array[0][ltrim], alg_bytesize);
+	rte_memcpy(y, &cookie->output_array[1][ltrim], alg_bytesize);
+
+	HEXDUMP("X", cookie->output_array[0],
+		qat_func_alignsize);
+	HEXDUMP("Y", cookie->output_array[1],
+		qat_func_alignsize);
+	return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
+static int
 asym_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
 		const struct rte_crypto_asym_op *asym_op,
@@ -781,6 +869,9 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req,
 		return ecdsa_set_input(qat_req, cookie, asym_op, xform);
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 		return ecpm_set_input(qat_req, cookie, asym_op, xform);
+	case RTE_CRYPTO_ASYM_XFORM_ECDH:
+		return ecdh_set_input(qat_req, cookie,
+				asym_op, xform);
 	default:
 		QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform");
 		return -EINVAL;
@@ -867,6 +958,8 @@ qat_asym_collect_response(struct rte_crypto_op *op,
 		return ecdsa_collect(asym_op, cookie);
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 		return ecpm_collect(asym_op, cookie);
+	case RTE_CRYPTO_ASYM_XFORM_ECDH:
+		return ecdh_collect(asym_op, cookie);
 	default:
 		QAT_LOG(ERR, "Not supported xform type");
 		return  RTE_CRYPTO_OP_STATUS_ERROR;
@@ -1099,7 +1192,7 @@ session_set_rsa(struct qat_asym_session *qat_session,
 }
 
 static void
-session_set_ecdsa(struct qat_asym_session *qat_session,
+session_set_ec(struct qat_asym_session *qat_session,
 			struct rte_crypto_asym_xform *xform)
 {
 	qat_session->xform.ec.curve_id = xform->ec.curve_id;
@@ -1129,7 +1222,8 @@ qat_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		break;
 	case RTE_CRYPTO_ASYM_XFORM_ECDSA:
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
-		session_set_ecdsa(qat_session, xform);
+	case RTE_CRYPTO_ASYM_XFORM_ECDH:
+		session_set_ec(qat_session, xform);
 		break;
 	default:
 		ret = -ENOTSUP;