diff mbox series

[v2,4/4] crypto/qat: add ecdh public key verification

Message ID	20221020150940.62465-5-arkadiuszx.kusztal@intel.com (mailing list archive)
State	Accepted, archived
Delegated to:	akhil goyal
Headers	From: Arek Kusztal <arkadiuszx.kusztal@intel.com> To: dev@dpdk.org Cc: gakhil@marvell.com, kai.ji@intel.com, Arek Kusztal <arkadiuszx.kusztal@intel.com> Subject: [PATCH v2 4/4] crypto/qat: add ecdh public key verification Date: Thu, 20 Oct 2022 16:09:40 +0100 Message-Id: <20221020150940.62465-5-arkadiuszx.kusztal@intel.com> In-Reply-To: <20221020150940.62465-1-arkadiuszx.kusztal@intel.com> References: <20221020150940.62465-1-arkadiuszx.kusztal@intel.com> Precedence: list Errors-To: dev-bounces@dpdk.org
Series	crypto/qat: extend asymmetric crypto pmd \| [v2,0/4] crypto/qat: extend asymmetric crypto pmd [v2,1/4] crypto/qat: make immutable parameters constant [v2,2/4] crypto/qat: improve freeing of asym cookies [v2,3/4] crypto/qat: add ecdh key exchange algorithm [v2,4/4] crypto/qat: add ecdh public key verification

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	warning	apply issues

Commit Message

Arkadiusz Kusztal Oct. 20, 2022, 3:09 p.m. UTC

  This commit adds verification option for elliptic curve
points when used along ECDH algorithm.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/common/qat/qat_adf/qat_pke.h | 24 +++++++++++++++
 drivers/crypto/qat/qat_asym.c        | 58 +++++++++++++++++++++++++++++++++++-
 2 files changed, 81 insertions(+), 1 deletion(-)

Comments

Ji, Kai Oct. 24, 2022, 11:26 a.m. UTC | #1

Code may need rebase, otherwise 

Acked-by: Kai Ji <kai.ji@intel.com>

> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: Thursday, October 20, 2022 4:10 PM
> To: dev@dpdk.org
> Cc: gakhil@marvell.com; Ji, Kai <kai.ji@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH v2 4/4] crypto/qat: add ecdh public key verification
> 
> This commit adds verification option for elliptic curve points when used along
> ECDH algorithm.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
<snip>
> +
> +	cookie->alg_bytesize = curve[curve_id].bytesize;
> +	cookie->qat_func_alignsize = qat_func_alignsize;
> +	qat_req->pke_hdr.cd_pars.func_id = func_id;
> +	qat_req->input_param_count =
> +			5;
[KJ] do we need new line here ?
> +	qat_req->output_param_count =
> +			0;
> +
> +	HEXDUMP("x", cookie->input_array[0], qat_func_alignsize);
> +	HEXDUMP("y", cookie->input_array[1], qat_func_alignsize);
> +	HEXDUMP("p", cookie->input_array[2], qat_func_alignsize);
> +	HEXDUMP("a", cookie->input_array[3], qat_func_alignsize);
> +	HEXDUMP("b", cookie->input_array[4], qat_func_alignsize);
> +
> +	return 0;
> +}
> +
>  static uint8_t
>  ecdh_collect(struct rte_crypto_asym_op *asym_op,
>  		const struct qat_asym_op_cookie *cookie) @@ -830,6 +877,9
> @@ ecdh_collect(struct rte_crypto_asym_op *asym_op,
>  	uint32_t qat_func_alignsize = cookie->qat_func_alignsize;
>  	uint32_t ltrim = qat_func_alignsize - alg_bytesize;
> 
> +	if (asym_op->ecdh.ke_type ==
> RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY)
> +		return RTE_CRYPTO_OP_STATUS_SUCCESS;
> +
>  	if (asym_op->ecdh.ke_type ==
> RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
>  		asym_op->ecdh.pub_key.x.length = alg_bytesize;
>  		asym_op->ecdh.pub_key.y.length = alg_bytesize; @@ -870,8
> +920,14 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req,
>  	case RTE_CRYPTO_ASYM_XFORM_ECPM:
>  		return ecpm_set_input(qat_req, cookie, asym_op, xform);
>  	case RTE_CRYPTO_ASYM_XFORM_ECDH:
> -		return ecdh_set_input(qat_req, cookie,
> +		if (asym_op->ecdh.ke_type ==
> +			RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY) {
> +			return ecdh_verify_set_input(qat_req, cookie,
>  				asym_op, xform);
> +		} else {
> +			return ecdh_set_input(qat_req, cookie,
> +				asym_op, xform);
> +		}
>  	default:
>  		QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto
> xform");
>  		return -EINVAL;
> --
> 2.13.6

diff mbox series

Patch

diff --git a/drivers/common/qat/qat_adf/qat_pke.h b/drivers/common/qat/qat_adf/qat_pke.h
index 00e2b776dc..4b09e76dbb 100644
--- a/drivers/common/qat/qat_adf/qat_pke.h
+++ b/drivers/common/qat/qat_adf/qat_pke.h
@@ -290,4 +290,28 @@  get_ecpm_function(const struct rte_crypto_asym_xform *xform)
 	return qat_function;
 }
 
+static struct qat_asym_function
+get_ec_verify_function(const struct rte_crypto_asym_xform *xform)
+{
+	struct qat_asym_function qat_function;
+
+	switch (xform->ec.curve_id) {
+	case RTE_CRYPTO_EC_GROUP_SECP256R1:
+		qat_function.func_id = MATHS_POINT_VERIFY_GFP_L256;
+		qat_function.bytesize = 32;
+		break;
+	case RTE_CRYPTO_EC_GROUP_SECP384R1:
+		qat_function.func_id = MATHS_POINT_VERIFY_GFP_L512;
+		qat_function.bytesize = 64;
+		break;
+	case RTE_CRYPTO_EC_GROUP_SECP521R1:
+		qat_function.func_id = MATHS_POINT_VERIFY_GFP_521;
+		qat_function.bytesize = 66;
+		break;
+	default:
+		qat_function.func_id = 0;
+	}
+	return qat_function;
+}
+
 #endif
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index b49eca4b4a..c6a2028c93 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -821,6 +821,53 @@  ecdh_set_input(struct icp_qat_fw_pke_request *qat_req,
 	return 0;
 }
 
+static int
+ecdh_verify_set_input(struct icp_qat_fw_pke_request *qat_req,
+		struct qat_asym_op_cookie *cookie,
+		const struct rte_crypto_asym_op *asym_op,
+		const struct rte_crypto_asym_xform *xform)
+{
+	struct qat_asym_function qat_function;
+	uint32_t qat_func_alignsize, func_id;
+	int curve_id;
+
+	curve_id = pick_curve(xform);
+	if (curve_id < 0) {
+		QAT_LOG(DEBUG, "Incorrect elliptic curve");
+		return -EINVAL;
+	}
+
+	qat_function = get_ec_verify_function(xform);
+	func_id = qat_function.func_id;
+	if (func_id == 0) {
+		QAT_LOG(ERR, "Cannot obtain functionality id");
+		return -EINVAL;
+	}
+	qat_func_alignsize = RTE_ALIGN_CEIL(qat_function.bytesize, 8);
+
+	SET_PKE_LN(asym_op->ecdh.pub_key.x, qat_func_alignsize, 0);
+	SET_PKE_LN(asym_op->ecdh.pub_key.y, qat_func_alignsize, 1);
+	SET_PKE_LN_EC(curve[curve_id], p, 2);
+	SET_PKE_LN_EC(curve[curve_id], a, 3);
+	SET_PKE_LN_EC(curve[curve_id], b, 4);
+
+	cookie->alg_bytesize = curve[curve_id].bytesize;
+	cookie->qat_func_alignsize = qat_func_alignsize;
+	qat_req->pke_hdr.cd_pars.func_id = func_id;
+	qat_req->input_param_count =
+			5;
+	qat_req->output_param_count =
+			0;
+
+	HEXDUMP("x", cookie->input_array[0], qat_func_alignsize);
+	HEXDUMP("y", cookie->input_array[1], qat_func_alignsize);
+	HEXDUMP("p", cookie->input_array[2], qat_func_alignsize);
+	HEXDUMP("a", cookie->input_array[3], qat_func_alignsize);
+	HEXDUMP("b", cookie->input_array[4], qat_func_alignsize);
+
+	return 0;
+}
+
 static uint8_t
 ecdh_collect(struct rte_crypto_asym_op *asym_op,
 		const struct qat_asym_op_cookie *cookie)
@@ -830,6 +877,9 @@  ecdh_collect(struct rte_crypto_asym_op *asym_op,
 	uint32_t qat_func_alignsize = cookie->qat_func_alignsize;
 	uint32_t ltrim = qat_func_alignsize - alg_bytesize;
 
+	if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY)
+		return RTE_CRYPTO_OP_STATUS_SUCCESS;
+
 	if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
 		asym_op->ecdh.pub_key.x.length = alg_bytesize;
 		asym_op->ecdh.pub_key.y.length = alg_bytesize;
@@ -870,8 +920,14 @@  asym_set_input(struct icp_qat_fw_pke_request *qat_req,
 	case RTE_CRYPTO_ASYM_XFORM_ECPM:
 		return ecpm_set_input(qat_req, cookie, asym_op, xform);
 	case RTE_CRYPTO_ASYM_XFORM_ECDH:
-		return ecdh_set_input(qat_req, cookie,
+		if (asym_op->ecdh.ke_type ==
+			RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY) {
+			return ecdh_verify_set_input(qat_req, cookie,
 				asym_op, xform);
+		} else {
+			return ecdh_set_input(qat_req, cookie,
+				asym_op, xform);
+		}
 	default:
 		QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform");
 		return -EINVAL;