From patchwork Sun Sep 17 15:44:49 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
X-Patchwork-Id: 131514
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 499EA425C3;
	Sun, 17 Sep 2023 17:44:59 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 38E8940298;
	Sun, 17 Sep 2023 17:44:59 +0200 (CEST)
Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.20])
 by mails.dpdk.org (Postfix) with ESMTP id 127644025E
 for <dev@dpdk.org>; Sun, 17 Sep 2023 17:44:57 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1694965498; x=1726501498;
 h=from:to:cc:subject:date:message-id:mime-version:
 content-transfer-encoding;
 bh=Eg5e1Gi1XS3QbfR/ehECBQ4rGK+omPxYcviWPWd6SD4=;
 b=j+yEbQIgYcELQJTo+IYnxiGol802oj06PHBltkBTqgFbw46HmSA2U88S
 +IUmyJY2MrpXpL71OE/BWzrMoqcumyts+QaSdGlXBZphRMVtofk8UM1BI
 AWzVlhvLxXkGm6Gz2MABLgJPCapf/JwXqR64DIVN5WtBAd+HibaTNjU9F
 AogegL/OyzLltms+T7lyz/nz7YJkwKddgJUvV0lYrR0L2Pb3xpfHyZpjF
 3NZNvvgnMqK1eHEvc3J6ei3F+bo/y45b1eE7hwxGqEYB6y+hmv9Aaqg9j
 kx2dFuRloJetMeyNgFhhY0Rl11NJUf+sBNlvJCbvTiLcIPBXnAMElxd/r A==;
X-IronPort-AV: E=McAfee;i="6600,9927,10836"; a="369832440"
X-IronPort-AV: E=Sophos;i="6.02,154,1688454000"; d="scan'208";a="369832440"
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
 by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 17 Sep 2023 08:44:57 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10836"; a="888781861"
X-IronPort-AV: E=Sophos;i="6.02,154,1688454000"; d="scan'208";a="888781861"
Received: from silpixa00401012.ir.intel.com ([10.243.23.140])
 by fmsmga001.fm.intel.com with ESMTP; 17 Sep 2023 08:44:13 -0700
From: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
To: dev@dpdk.org
Cc: gakhil@marvell.com, kai.ji@intel.com, ciara.power@intel.com,
 Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
Subject: [PATCH] crypto/qat: add sm2 ecdsa
Date: Sun, 17 Sep 2023 15:44:49 +0000
Message-Id: <20230917154449.3509865-1-arkadiuszx.kusztal@intel.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Added SM2 ECDSA feature to the Intel QuickAssist Technology
symmetric crypto PMD.

Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Ciara Power <ciara.power@intel.com>
---
 doc/guides/cryptodevs/features/qat.ini        |  1 +
 doc/guides/cryptodevs/qat.rst                 |  1 +
 doc/guides/rel_notes/release_23_11.rst        |  3 +
 .../common/qat/qat_adf/icp_qat_fw_mmp_ids.h   | 18 ++++
 drivers/common/qat/qat_adf/qat_pke.h          | 20 +++++
 drivers/crypto/qat/qat_asym.c                 | 84 +++++++++++++++++++
 6 files changed, 127 insertions(+)

diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini
index 6358a43357..f41d29158f 100644
--- a/doc/guides/cryptodevs/features/qat.ini
+++ b/doc/guides/cryptodevs/features/qat.ini
@@ -94,6 +94,7 @@ RSA			= Y
 ECDSA                   = Y
 ECPM                    = Y
 ECDH                    = Y
+SM2                     = Y
 
 ;
 ; Supported Operating systems of the 'qat' crypto driver.
diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
index afdfb0bd22..e483c1a703 100644
--- a/doc/guides/cryptodevs/qat.rst
+++ b/doc/guides/cryptodevs/qat.rst
@@ -186,6 +186,7 @@ The QAT ASYM PMD has support for:
 * ``RTE_CRYPTO_ASYM_XFORM_ECDSA``
 * ``RTE_CRYPTO_ASYM_XFORM_ECPM``
 * ``RTE_CRYPTO_ASYM_XFORM_ECDH``
+* ``RTE_CRYPTO_ASYM_XFORM_SM2``
 
 Limitations
 ~~~~~~~~~~~
diff --git a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst
index 333e1d95a2..9eea5b079a 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -78,6 +78,9 @@ New Features
 * build: Optional libraries can now be selected with the new ``enable_libs``
   build option similarly to the existing ``enable_drivers`` build option.
 
+* **Updated Intel QuickAssist Technology (QAT) crypto driver.**
+
+  * Added support for SM2 ECDSA algorithm.
 
 Removed Items
 -------------
diff --git a/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h b/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h
index 00813cffb9..630c6e1a9b 100644
--- a/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h
+++ b/drivers/common/qat/qat_adf/icp_qat_fw_mmp_ids.h
@@ -1524,6 +1524,24 @@ icp_qat_fw_mmp_ecdsa_verify_gfp_521_input::in in @endlink
  * icp_qat_fw_mmp_kpt_ecdsa_sign_rs_gfp_521_output::s s @endlink
  */
 
+#define PKE_ECSM2_SIGN_RS 0x222116fe
+/**< Functionality ID for ECC SM2 Sign RS
+ * @li 3 input parameters : @link icp_qat_fw_mmp_ecsm2_sign_rs_input_s::k k
+ * @endlink @link icp_qat_fw_mmp_ecsm2_sign_rs_input_s::e e @endlink @link
+ * icp_qat_fw_mmp_ecsm2_sign_rs_input_s::d d @endlink
+ * @li 2 output parameters : @link icp_qat_fw_mmp_ecsm2_sign_rs_output_s::r r
+ * @endlink @link icp_qat_fw_mmp_ecsm2_sign_rs_output_s::s s @endlink
+ */
+#define PKE_ECSM2_VERIFY 0x29241743
+/**< Functionality ID for ECC SM2 Signature Verify
+ * @li 5 input parameters : @link icp_qat_fw_mmp_ecsm2_verify_input_s::e e
+ * @endlink @link icp_qat_fw_mmp_ecsm2_verify_input_s::r r @endlink @link
+ * icp_qat_fw_mmp_ecsm2_verify_input_s::s s @endlink @link
+ * icp_qat_fw_mmp_ecsm2_verify_input_s::xp xp @endlink @link
+ * icp_qat_fw_mmp_ecsm2_verify_input_s::yp yp @endlink
+ * @li no output parameters
+ */
+
 #define PKE_LIVENESS 0x00000001
 /**< Functionality ID for PKE_LIVENESS
  * @li 0 input parameter(s)
diff --git a/drivers/common/qat/qat_adf/qat_pke.h b/drivers/common/qat/qat_adf/qat_pke.h
index 4b09e76dbb..f88932a275 100644
--- a/drivers/common/qat/qat_adf/qat_pke.h
+++ b/drivers/common/qat/qat_adf/qat_pke.h
@@ -314,4 +314,24 @@ get_ec_verify_function(const struct rte_crypto_asym_xform *xform)
 	return qat_function;
 }
 
+static struct qat_asym_function
+get_sm2_ecdsa_sign_function(void)
+{
+	struct qat_asym_function qat_function = {
+		PKE_ECSM2_SIGN_RS, 32
+	};
+
+	return qat_function;
+}
+
+static struct qat_asym_function
+get_sm2_ecdsa_verify_function(void)
+{
+	struct qat_asym_function qat_function = {
+		PKE_ECSM2_VERIFY, 32
+	};
+
+	return qat_function;
+}
+
 #endif
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 7abd513423..8f2872ed62 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -904,6 +904,77 @@ ecdh_collect(struct rte_crypto_asym_op *asym_op,
 	return RTE_CRYPTO_OP_STATUS_SUCCESS;
 }
 
+static int
+sm2_ecdsa_sign_set_input(struct icp_qat_fw_pke_request *qat_req,
+		struct qat_asym_op_cookie *cookie,
+		const struct rte_crypto_asym_op *asym_op,
+		__rte_unused const struct rte_crypto_asym_xform *xform)
+{
+	const struct qat_asym_function qat_function =
+		get_sm2_ecdsa_sign_function();
+	const uint32_t qat_func_alignsize =
+		qat_function.bytesize;
+
+	SET_PKE_LN(asym_op->sm2.k, qat_func_alignsize, 0);
+	SET_PKE_LN(asym_op->sm2.message, qat_func_alignsize, 1);
+	SET_PKE_LN(asym_op->sm2.pkey, qat_func_alignsize, 2);
+
+	cookie->alg_bytesize = qat_function.bytesize;
+	cookie->qat_func_alignsize = qat_function.bytesize;
+	qat_req->pke_hdr.cd_pars.func_id = qat_function.func_id;
+	qat_req->input_param_count = 3;
+	qat_req->output_param_count = 2;
+
+	return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
+static int
+sm2_ecdsa_verify_set_input(struct icp_qat_fw_pke_request *qat_req,
+		struct qat_asym_op_cookie *cookie,
+		const struct rte_crypto_asym_op *asym_op,
+		__rte_unused const struct rte_crypto_asym_xform *xform)
+{
+	const struct qat_asym_function qat_function =
+		get_sm2_ecdsa_verify_function();
+	const uint32_t qat_func_alignsize =
+		qat_function.bytesize;
+
+	SET_PKE_LN(asym_op->sm2.message, qat_func_alignsize, 0);
+	SET_PKE_LN(asym_op->sm2.r, qat_func_alignsize, 1);
+	SET_PKE_LN(asym_op->sm2.s, qat_func_alignsize, 2);
+	SET_PKE_LN(asym_op->sm2.q.x, qat_func_alignsize, 3);
+	SET_PKE_LN(asym_op->sm2.q.y, qat_func_alignsize, 4);
+
+	cookie->alg_bytesize = qat_function.bytesize;
+	cookie->qat_func_alignsize = qat_function.bytesize;
+	qat_req->pke_hdr.cd_pars.func_id = qat_function.func_id;
+	qat_req->input_param_count = 5;
+	qat_req->output_param_count = 0;
+
+	return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
+static uint8_t
+sm2_ecdsa_sign_collect(struct rte_crypto_asym_op *asym_op,
+		const struct qat_asym_op_cookie *cookie)
+{
+	uint32_t alg_bytesize = cookie->alg_bytesize;
+
+	if (asym_op->sm2.op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
+		return RTE_CRYPTO_OP_STATUS_SUCCESS;
+
+	rte_memcpy(asym_op->sm2.r.data, cookie->output_array[0], alg_bytesize);
+	rte_memcpy(asym_op->sm2.s.data, cookie->output_array[1], alg_bytesize);
+	asym_op->sm2.r.length = alg_bytesize;
+	asym_op->sm2.s.length = alg_bytesize;
+
+	HEXDUMP("SM2 R", cookie->output_array[0],
+		alg_bytesize);
+	HEXDUMP("SM2 S", cookie->output_array[1],
+		alg_bytesize);
+	return RTE_CRYPTO_OP_STATUS_SUCCESS;
+}
+
 static int
 asym_set_input(struct icp_qat_fw_pke_request *qat_req,
 		struct qat_asym_op_cookie *cookie,
@@ -934,6 +1005,15 @@ asym_set_input(struct icp_qat_fw_pke_request *qat_req,
 			return ecdh_set_input(qat_req, cookie,
 				asym_op, xform);
 		}
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+		if (asym_op->sm2.op_type ==
+			RTE_CRYPTO_ASYM_OP_VERIFY) {
+			return sm2_ecdsa_verify_set_input(qat_req, cookie,
+						asym_op, xform);
+		} else {
+			return sm2_ecdsa_sign_set_input(qat_req, cookie,
+					asym_op, xform);
+		}
 	default:
 		QAT_LOG(ERR, "Invalid/unsupported asymmetric crypto xform");
 		return -EINVAL;
@@ -1022,6 +1102,8 @@ qat_asym_collect_response(struct rte_crypto_op *op,
 		return ecpm_collect(asym_op, cookie);
 	case RTE_CRYPTO_ASYM_XFORM_ECDH:
 		return ecdh_collect(asym_op, cookie);
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+		return sm2_ecdsa_sign_collect(asym_op, cookie);
 	default:
 		QAT_LOG(ERR, "Not supported xform type");
 		return  RTE_CRYPTO_OP_STATUS_ERROR;
@@ -1293,6 +1375,8 @@ qat_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
 	case RTE_CRYPTO_ASYM_XFORM_ECDH:
 		session_set_ec(qat_session, xform);
 		break;
+	case RTE_CRYPTO_ASYM_XFORM_SM2:
+		break;
 	default:
 		ret = -ENOTSUP;
 	}