[v2,4/4] crypto/qat: add ecdh public key verification
Checks
Commit Message
This commit adds verification option for elliptic curve
points when used along ECDH algorithm.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
drivers/common/qat/qat_adf/qat_pke.h | 24 +++++++++++++++
drivers/crypto/qat/qat_asym.c | 58 +++++++++++++++++++++++++++++++++++-
2 files changed, 81 insertions(+), 1 deletion(-)
Comments
Code may need rebase, otherwise
Acked-by: Kai Ji <kai.ji@intel.com>
> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: Thursday, October 20, 2022 4:10 PM
> To: dev@dpdk.org
> Cc: gakhil@marvell.com; Ji, Kai <kai.ji@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH v2 4/4] crypto/qat: add ecdh public key verification
>
> This commit adds verification option for elliptic curve points when used along
> ECDH algorithm.
>
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
<snip>
> +
> + cookie->alg_bytesize = curve[curve_id].bytesize;
> + cookie->qat_func_alignsize = qat_func_alignsize;
> + qat_req->pke_hdr.cd_pars.func_id = func_id;
> + qat_req->input_param_count =
> + 5;
[KJ] do we need new line here ?
> + qat_req->output_param_count =
> + 0;
> +
> + HEXDUMP("x", cookie->input_array[0], qat_func_alignsize);
> + HEXDUMP("y", cookie->input_array[1], qat_func_alignsize);
> + HEXDUMP("p", cookie->input_array[2], qat_func_alignsize);
> + HEXDUMP("a", cookie->input_array[3], qat_func_alignsize);
> + HEXDUMP("b", cookie->input_array[4], qat_func_alignsize);
> +
> + return 0;
> +}
> +
> static uint8_t
> ecdh_collect(struct rte_crypto_asym_op *asym_op,
> const struct qat_asym_op_cookie *cookie) @@ -830,6 +877,9
> @@ ecdh_collect(struct rte_crypto_asym_op *asym_op,
> uint32_t qat_func_alignsize = cookie->qat_func_alignsize;
> uint32_t ltrim = qat_func_alignsize - alg_bytesize;
>
> + if (asym_op->ecdh.ke_type ==
> RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY)
> + return RTE_CRYPTO_OP_STATUS_SUCCESS;
> +
> if (asym_op->ecdh.ke_type ==
> RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
> asym_op->ecdh.pub_key.x.length = alg_bytesize;
> asym_op->ecdh.pub_key.y.length = alg_bytesize; @@ -870,8
> +920,14 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req,
> case RTE_CRYPTO_ASYM_XFORM_ECPM:
> return ecpm_set_input(qat_req, cookie, asym_op, xform);
> case RTE_CRYPTO_ASYM_XFORM_ECDH:
> - return ecdh_set_input(qat_req, cookie,
> + if (asym_op->ecdh.ke_type ==
> + RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY) {
> + return ecdh_verify_set_input(qat_req, cookie,
> asym_op, xform);
> + } else {
> + return ecdh_set_input(qat_req, cookie,
> + asym_op, xform);
> + }
> default:
> QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto
> xform");
> return -EINVAL;
> --
> 2.13.6
@@ -290,4 +290,28 @@ get_ecpm_function(const struct rte_crypto_asym_xform *xform)
return qat_function;
}
+static struct qat_asym_function
+get_ec_verify_function(const struct rte_crypto_asym_xform *xform)
+{
+ struct qat_asym_function qat_function;
+
+ switch (xform->ec.curve_id) {
+ case RTE_CRYPTO_EC_GROUP_SECP256R1:
+ qat_function.func_id = MATHS_POINT_VERIFY_GFP_L256;
+ qat_function.bytesize = 32;
+ break;
+ case RTE_CRYPTO_EC_GROUP_SECP384R1:
+ qat_function.func_id = MATHS_POINT_VERIFY_GFP_L512;
+ qat_function.bytesize = 64;
+ break;
+ case RTE_CRYPTO_EC_GROUP_SECP521R1:
+ qat_function.func_id = MATHS_POINT_VERIFY_GFP_521;
+ qat_function.bytesize = 66;
+ break;
+ default:
+ qat_function.func_id = 0;
+ }
+ return qat_function;
+}
+
#endif
@@ -821,6 +821,53 @@ ecdh_set_input(struct icp_qat_fw_pke_request *qat_req,
return 0;
}
+static int
+ecdh_verify_set_input(struct icp_qat_fw_pke_request *qat_req,
+ struct qat_asym_op_cookie *cookie,
+ const struct rte_crypto_asym_op *asym_op,
+ const struct rte_crypto_asym_xform *xform)
+{
+ struct qat_asym_function qat_function;
+ uint32_t qat_func_alignsize, func_id;
+ int curve_id;
+
+ curve_id = pick_curve(xform);
+ if (curve_id < 0) {
+ QAT_LOG(DEBUG, "Incorrect elliptic curve");
+ return -EINVAL;
+ }
+
+ qat_function = get_ec_verify_function(xform);
+ func_id = qat_function.func_id;
+ if (func_id == 0) {
+ QAT_LOG(ERR, "Cannot obtain functionality id");
+ return -EINVAL;
+ }
+ qat_func_alignsize = RTE_ALIGN_CEIL(qat_function.bytesize, 8);
+
+ SET_PKE_LN(asym_op->ecdh.pub_key.x, qat_func_alignsize, 0);
+ SET_PKE_LN(asym_op->ecdh.pub_key.y, qat_func_alignsize, 1);
+ SET_PKE_LN_EC(curve[curve_id], p, 2);
+ SET_PKE_LN_EC(curve[curve_id], a, 3);
+ SET_PKE_LN_EC(curve[curve_id], b, 4);
+
+ cookie->alg_bytesize = curve[curve_id].bytesize;
+ cookie->qat_func_alignsize = qat_func_alignsize;
+ qat_req->pke_hdr.cd_pars.func_id = func_id;
+ qat_req->input_param_count =
+ 5;
+ qat_req->output_param_count =
+ 0;
+
+ HEXDUMP("x", cookie->input_array[0], qat_func_alignsize);
+ HEXDUMP("y", cookie->input_array[1], qat_func_alignsize);
+ HEXDUMP("p", cookie->input_array[2], qat_func_alignsize);
+ HEXDUMP("a", cookie->input_array[3], qat_func_alignsize);
+ HEXDUMP("b", cookie->input_array[4], qat_func_alignsize);
+
+ return 0;
+}
+
static uint8_t
ecdh_collect(struct rte_crypto_asym_op *asym_op,
const struct qat_asym_op_cookie *cookie)
@@ -830,6 +877,9 @@ ecdh_collect(struct rte_crypto_asym_op *asym_op,
uint32_t qat_func_alignsize = cookie->qat_func_alignsize;
uint32_t ltrim = qat_func_alignsize - alg_bytesize;
+ if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY)
+ return RTE_CRYPTO_OP_STATUS_SUCCESS;
+
if (asym_op->ecdh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
asym_op->ecdh.pub_key.x.length = alg_bytesize;
asym_op->ecdh.pub_key.y.length = alg_bytesize;
@@ -870,8 +920,14 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req,
case RTE_CRYPTO_ASYM_XFORM_ECPM:
return ecpm_set_input(qat_req, cookie, asym_op, xform);
case RTE_CRYPTO_ASYM_XFORM_ECDH:
- return ecdh_set_input(qat_req, cookie,
+ if (asym_op->ecdh.ke_type ==
+ RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY) {
+ return ecdh_verify_set_input(qat_req, cookie,
asym_op, xform);
+ } else {
+ return ecdh_set_input(qat_req, cookie,
+ asym_op, xform);
+ }
default:
QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform");
return -EINVAL;