* [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT
@ 2019-10-22 14:04 Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 1/5] crypto/qat: add sessionless implementation to asym pmd Arek Kusztal
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: Arek Kusztal @ 2019-10-22 14:04 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, Arek Kusztal
This patchset adds session-less option, RSA algorithm, RSA-CRT algorithm
to Intel QuickAssist Technology PMD. It also adds session-less test cases
for those algorithms.
Test case for RSA signature with no padding will be sent in a later patch.
[1]crypto/qat: add sessionless implementation to asym pmd
- this patch adds sessionless option to QAT, already implemented
algorithms MOD EXP and MOD INV can be used with sessionless
[2]crypto/qat: add rsa implementation to asym pmd
- this patch adds option to use RSA with exponent private key
pair (n,d)
[3]crypto/qat: add rsa crt implementation to asym pmd
- this patch adds CRT option to RSA, to improve performance of
decryption and creating of signature
v4:
- fixed compilation issue
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Arek Kusztal (5):
crypto/qat: add sessionless implementation to asym pmd
crypto/qat: add rsa implementation to asym pmd
crypto/qat: add rsa crt implementation to asym pmd
test/crypto: add sessionless to asymmetric mod exp
test/crypto: add rsa tests to qat and openssl with no padding
app/test/test_cryptodev_asym.c | 207 +++++--
app/test/test_cryptodev_rsa_test_vectors.h | 226 ++++++++
doc/guides/cryptodevs/features/qat.ini | 4 +
doc/guides/cryptodevs/qat.rst | 1 +
doc/guides/rel_notes/release_19_11.rst | 8 +
.../qat/qat_adf/qat_pke_functionality_arrays.h | 27 +
drivers/crypto/qat/qat_asym.c | 634 ++++++++++++++++-----
drivers/crypto/qat/qat_asym.h | 29 +-
drivers/crypto/qat/qat_asym_capabilities.h | 21 +
drivers/crypto/qat/qat_asym_pmd.c | 5 +-
10 files changed, 972 insertions(+), 190 deletions(-)
--
2.1.0
^ permalink raw reply [flat|nested] 7+ messages in thread
* [dpdk-dev] [PATCH v4 1/5] crypto/qat: add sessionless implementation to asym pmd
2019-10-22 14:04 [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Arek Kusztal
@ 2019-10-22 14:04 ` Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 2/5] crypto/qat: add rsa " Arek Kusztal
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Arek Kusztal @ 2019-10-22 14:04 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, Arek Kusztal
This patch adds option to use asymmetric crypto pmd with
session-less support.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
doc/guides/cryptodevs/features/qat.ini | 1 +
doc/guides/rel_notes/release_19_11.rst | 4 +
drivers/crypto/qat/qat_asym.c | 328 ++++++++++++++++++++-------------
drivers/crypto/qat/qat_asym.h | 26 +--
drivers/crypto/qat/qat_asym_pmd.c | 3 +-
5 files changed, 208 insertions(+), 154 deletions(-)
diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini
index 0832e59..cef8015 100644
--- a/doc/guides/cryptodevs/features/qat.ini
+++ b/doc/guides/cryptodevs/features/qat.ini
@@ -13,6 +13,7 @@ OOP SGL In LB Out = Y
OOP LB In SGL Out = Y
OOP LB In LB Out = Y
Digest encrypted = Y
+Asymmetric sessionless = Y
;
; Supported crypto algorithms of the 'qat' crypto driver.
diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
index 066bb3c..a96d567 100644
--- a/doc/guides/rel_notes/release_19_11.rst
+++ b/doc/guides/rel_notes/release_19_11.rst
@@ -152,6 +152,10 @@ New Features
Added eBPF JIT support for arm64 architecture to improve the eBPF program
performance.
+* **Updated the Intel QuickAssist Technology (QAT) asymmetric crypto PMD.**
+
+ Added support for asymmetric session-less operations.
+
Removed Items
-------------
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 4ddb0e5..1145425 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -26,38 +26,23 @@ static int qat_asym_get_sz_and_func_id(const uint32_t arr[][2],
return -1;
}
-static void qat_asym_build_req_tmpl(void *sess_private_data,
- struct rte_crypto_asym_xform *xform)
+static inline void qat_fill_req_tmpl(struct icp_qat_fw_pke_request *qat_req)
{
-
- struct icp_qat_fw_pke_request *qat_req;
- struct qat_asym_session *session = sess_private_data;
-
- qat_req = &session->req_tmpl;
memset(qat_req, 0, sizeof(*qat_req));
qat_req->pke_hdr.service_type = ICP_QAT_FW_COMN_REQ_CPM_FW_PKE;
qat_req->pke_hdr.hdr_flags =
ICP_QAT_FW_COMN_HDR_FLAGS_BUILD
(ICP_QAT_FW_COMN_REQ_FLAG_SET);
- qat_req->pke_hdr.comn_req_flags = 0;
- qat_req->pke_hdr.resrvd1 = 0;
- qat_req->pke_hdr.resrvd2 = 0;
- qat_req->pke_hdr.kpt_mask = 0;
- qat_req->pke_hdr.kpt_rn_mask = 0;
- qat_req->pke_hdr.cd_pars.content_desc_addr = 0;
- qat_req->pke_hdr.cd_pars.content_desc_resrvd = 0;
- qat_req->resrvd1 = 0;
- qat_req->resrvd2 = 0;
- qat_req->next_req_adr = 0;
+}
- if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODEX) {
- qat_req->output_param_count = 1;
- qat_req->input_param_count = 3;
- } else if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODINV) {
- qat_req->output_param_count = 1;
- qat_req->input_param_count = 2;
- }
+static inline void qat_asym_build_req_tmpl(void *sess_private_data)
+{
+ struct icp_qat_fw_pke_request *qat_req;
+ struct qat_asym_session *session = sess_private_data;
+
+ qat_req = &session->req_tmpl;
+ qat_fill_req_tmpl(qat_req);
}
static size_t max_of(int n, ...)
@@ -90,6 +75,19 @@ static void qat_clear_arrays(struct qat_asym_op_cookie *cookie,
memset(cookie->output_array[i], 0x0, out_size);
}
+static void qat_clear_arrays_by_alg(struct qat_asym_op_cookie *cookie,
+ enum rte_crypto_asym_xform_type alg, int in_size, int out_size)
+{
+ if (alg == RTE_CRYPTO_ASYM_XFORM_MODEX)
+ qat_clear_arrays(cookie, QAT_ASYM_MODEXP_NUM_IN_PARAMS,
+ QAT_ASYM_MODEXP_NUM_OUT_PARAMS, in_size,
+ out_size);
+ else if (alg == RTE_CRYPTO_ASYM_XFORM_MODINV)
+ qat_clear_arrays(cookie, QAT_ASYM_MODINV_NUM_IN_PARAMS,
+ QAT_ASYM_MODINV_NUM_OUT_PARAMS, in_size,
+ out_size);
+}
+
static int qat_asym_check_nonzero(rte_crypto_param n)
{
if (n.length < 8) {
@@ -103,7 +101,7 @@ static int qat_asym_check_nonzero(rte_crypto_param n)
if (n.data[i] != 0x0)
break;
if (i == n.length - 1)
- return QAT_ASYM_ERROR_INVALID_PARAM;
+ return -(EINVAL);
}
} else if (*(uint64_t *)&n.data[
n.length - 8] == 0) {
@@ -114,57 +112,40 @@ static int qat_asym_check_nonzero(rte_crypto_param n)
if (n.data[i] != 0x0)
break;
if (i == n.length - 8)
- return QAT_ASYM_ERROR_INVALID_PARAM;
+ return -(EINVAL);
}
return 0;
}
-int
-qat_asym_build_request(void *in_op,
- uint8_t *out_msg,
- void *op_cookie,
- __rte_unused enum qat_device_gen qat_dev_gen)
+static int
+qat_asym_fill_arrays(struct rte_crypto_asym_op *asym_op,
+ struct icp_qat_fw_pke_request *qat_req,
+ struct qat_asym_op_cookie *cookie,
+ struct rte_crypto_asym_xform *xform)
{
- struct qat_asym_session *ctx;
- struct rte_crypto_op *op = (struct rte_crypto_op *)in_op;
- struct rte_crypto_asym_op *asym_op = op->asym;
- struct icp_qat_fw_pke_request *qat_req =
- (struct icp_qat_fw_pke_request *)out_msg;
- struct qat_asym_op_cookie *cookie =
- (struct qat_asym_op_cookie *)op_cookie;
-
- uint64_t err = 0;
+ int err = 0;
size_t alg_size;
size_t alg_size_in_bytes;
- uint32_t func_id;
-
- ctx = (struct qat_asym_session *)get_asym_session_private_data(
- op->asym->session, cryptodev_qat_asym_driver_id);
- rte_mov64((uint8_t *)qat_req, (const uint8_t *)&(ctx->req_tmpl));
- qat_req->pke_mid.opaque = (uint64_t)(uintptr_t)op;
-
- qat_req->pke_mid.src_data_addr = cookie->input_addr;
- qat_req->pke_mid.dest_data_addr = cookie->output_addr;
+ uint32_t func_id = 0;
- if (ctx->alg == QAT_PKE_MODEXP) {
- err = qat_asym_check_nonzero(ctx->sess_alg_params.mod_exp.n);
+ if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODEX) {
+ err = qat_asym_check_nonzero(xform->modex.modulus);
if (err) {
QAT_LOG(ERR, "Empty modulus in modular exponentiation,"
" aborting this operation");
- goto error;
+ return err;
}
alg_size_in_bytes = max_of(3, asym_op->modex.base.length,
- ctx->sess_alg_params.mod_exp.e.length,
- ctx->sess_alg_params.mod_exp.n.length);
+ xform->modex.exponent.length,
+ xform->modex.modulus.length);
alg_size = alg_size_in_bytes << 3;
if (qat_asym_get_sz_and_func_id(MOD_EXP_SIZE,
sizeof(MOD_EXP_SIZE)/sizeof(*MOD_EXP_SIZE),
&alg_size, &func_id)) {
- err = QAT_ASYM_ERROR_INVALID_PARAM;
- goto error;
+ return -(EINVAL);
}
alg_size_in_bytes = alg_size >> 3;
@@ -173,54 +154,54 @@ qat_asym_build_request(void *in_op,
, asym_op->modex.base.data,
asym_op->modex.base.length);
rte_memcpy(cookie->input_array[1] + alg_size_in_bytes -
- ctx->sess_alg_params.mod_exp.e.length
- , ctx->sess_alg_params.mod_exp.e.data,
- ctx->sess_alg_params.mod_exp.e.length);
+ xform->modex.exponent.length
+ , xform->modex.exponent.data,
+ xform->modex.exponent.length);
rte_memcpy(cookie->input_array[2] + alg_size_in_bytes -
- ctx->sess_alg_params.mod_exp.n.length,
- ctx->sess_alg_params.mod_exp.n.data,
- ctx->sess_alg_params.mod_exp.n.length);
+ xform->modex.modulus.length,
+ xform->modex.modulus.data,
+ xform->modex.modulus.length);
cookie->alg_size = alg_size;
qat_req->pke_hdr.cd_pars.func_id = func_id;
+ qat_req->input_param_count = QAT_ASYM_MODEXP_NUM_IN_PARAMS;
+ qat_req->output_param_count = QAT_ASYM_MODEXP_NUM_OUT_PARAMS;
#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
- QAT_DP_HEXDUMP_LOG(DEBUG, "base",
+ QAT_DP_HEXDUMP_LOG(DEBUG, "ModExp base",
cookie->input_array[0],
alg_size_in_bytes);
- QAT_DP_HEXDUMP_LOG(DEBUG, "exponent",
+ QAT_DP_HEXDUMP_LOG(DEBUG, "ModExp exponent",
cookie->input_array[1],
alg_size_in_bytes);
- QAT_DP_HEXDUMP_LOG(DEBUG, "modulus",
+ QAT_DP_HEXDUMP_LOG(DEBUG, " ModExpmodulus",
cookie->input_array[2],
alg_size_in_bytes);
#endif
- } else if (ctx->alg == QAT_PKE_MODINV) {
- err = qat_asym_check_nonzero(ctx->sess_alg_params.mod_inv.n);
+ } else if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODINV) {
+ err = qat_asym_check_nonzero(xform->modinv.modulus);
if (err) {
QAT_LOG(ERR, "Empty modulus in modular multiplicative"
" inverse, aborting this operation");
- goto error;
+ return err;
}
alg_size_in_bytes = max_of(2, asym_op->modinv.base.length,
- ctx->sess_alg_params.mod_inv.n.length);
+ xform->modinv.modulus.length);
alg_size = alg_size_in_bytes << 3;
- if (ctx->sess_alg_params.mod_inv.n.data[
- ctx->sess_alg_params.mod_inv.n.length - 1] & 0x01) {
+ if (xform->modinv.modulus.data[
+ xform->modinv.modulus.length - 1] & 0x01) {
if (qat_asym_get_sz_and_func_id(MOD_INV_IDS_ODD,
sizeof(MOD_INV_IDS_ODD)/
sizeof(*MOD_INV_IDS_ODD),
&alg_size, &func_id)) {
- err = QAT_ASYM_ERROR_INVALID_PARAM;
- goto error;
+ return -(EINVAL);
}
} else {
if (qat_asym_get_sz_and_func_id(MOD_INV_IDS_EVEN,
sizeof(MOD_INV_IDS_EVEN)/
sizeof(*MOD_INV_IDS_EVEN),
&alg_size, &func_id)) {
- err = QAT_ASYM_ERROR_INVALID_PARAM;
- goto error;
+ return -(EINVAL);
}
}
@@ -230,27 +211,93 @@ qat_asym_build_request(void *in_op,
, asym_op->modinv.base.data,
asym_op->modinv.base.length);
rte_memcpy(cookie->input_array[1] + alg_size_in_bytes -
- ctx->sess_alg_params.mod_inv.n.length
- , ctx->sess_alg_params.mod_inv.n.data,
- ctx->sess_alg_params.mod_inv.n.length);
+ xform->modinv.modulus.length
+ , xform->modinv.modulus.data,
+ xform->modinv.modulus.length);
cookie->alg_size = alg_size;
qat_req->pke_hdr.cd_pars.func_id = func_id;
+ qat_req->input_param_count =
+ QAT_ASYM_MODINV_NUM_IN_PARAMS;
+ qat_req->output_param_count =
+ QAT_ASYM_MODINV_NUM_OUT_PARAMS;
#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
- QAT_DP_HEXDUMP_LOG(DEBUG, "base",
+ QAT_DP_HEXDUMP_LOG(DEBUG, "ModInv base",
cookie->input_array[0],
alg_size_in_bytes);
- QAT_DP_HEXDUMP_LOG(DEBUG, "modulus",
+ QAT_DP_HEXDUMP_LOG(DEBUG, "ModInv modulus",
cookie->input_array[1],
alg_size_in_bytes);
#endif
+ } else {
+ QAT_LOG(ERR, "Invalid asymmetric crypto xform");
+ return -(EINVAL);
+ }
+ return 0;
+}
+
+int
+qat_asym_build_request(void *in_op,
+ uint8_t *out_msg,
+ void *op_cookie,
+ __rte_unused enum qat_device_gen qat_dev_gen)
+{
+ struct qat_asym_session *ctx;
+ struct rte_crypto_op *op = (struct rte_crypto_op *)in_op;
+ struct rte_crypto_asym_op *asym_op = op->asym;
+ struct icp_qat_fw_pke_request *qat_req =
+ (struct icp_qat_fw_pke_request *)out_msg;
+ struct qat_asym_op_cookie *cookie =
+ (struct qat_asym_op_cookie *)op_cookie;
+ int err = 0;
+
+ op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+ if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+ ctx = (struct qat_asym_session *)
+ get_asym_session_private_data(
+ op->asym->session, cryptodev_qat_asym_driver_id);
+ if (unlikely(ctx == NULL)) {
+ QAT_LOG(ERR, "Session has not been created for this device");
+ goto error;
+ }
+ rte_mov64((uint8_t *)qat_req, (const uint8_t *)&(ctx->req_tmpl));
+ err = qat_asym_fill_arrays(asym_op, qat_req, cookie, ctx->xform);
+ if (err) {
+ op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+ goto error;
+ }
+ } else if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
+ qat_fill_req_tmpl(qat_req);
+ err = qat_asym_fill_arrays(asym_op, qat_req, cookie,
+ op->asym->xform);
+ if (err) {
+ op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+ goto error;
+ }
+ } else {
+ QAT_DP_LOG(ERR, "Invalid session/xform settings");
+ op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+ goto error;
}
+ qat_req->pke_mid.opaque = (uint64_t)(uintptr_t)op;
+ qat_req->pke_mid.src_data_addr = cookie->input_addr;
+ qat_req->pke_mid.dest_data_addr = cookie->output_addr;
+
#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
QAT_DP_HEXDUMP_LOG(DEBUG, "qat_req:", qat_req,
sizeof(struct icp_qat_fw_pke_request));
#endif
+
return 0;
error:
+
+ qat_req->pke_mid.opaque = (uint64_t)(uintptr_t)op;
+
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "qat_req:", qat_req,
+ sizeof(struct icp_qat_fw_pke_request));
+#endif
+
qat_req->output_param_count = 0;
qat_req->input_param_count = 0;
qat_req->pke_hdr.service_type = ICP_QAT_FW_COMN_REQ_NULL;
@@ -259,42 +306,16 @@ qat_asym_build_request(void *in_op,
return 0;
}
-void
-qat_asym_process_response(void **op, uint8_t *resp,
- void *op_cookie)
+static void qat_asym_collect_response(struct rte_crypto_op *rx_op,
+ struct qat_asym_op_cookie *cookie,
+ struct rte_crypto_asym_xform *xform)
{
- struct qat_asym_session *ctx;
- struct icp_qat_fw_pke_resp *resp_msg =
- (struct icp_qat_fw_pke_resp *)resp;
- struct rte_crypto_op *rx_op = (struct rte_crypto_op *)(uintptr_t)
- (resp_msg->opaque);
+ size_t alg_size, alg_size_in_bytes = 0;
struct rte_crypto_asym_op *asym_op = rx_op->asym;
- struct qat_asym_op_cookie *cookie = op_cookie;
- size_t alg_size, alg_size_in_bytes;
-
- ctx = (struct qat_asym_session *)get_asym_session_private_data(
- rx_op->asym->session, cryptodev_qat_asym_driver_id);
-
- *op = rx_op;
- rx_op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
- if (cookie->error) {
- cookie->error = 0;
- rx_op->status = RTE_CRYPTO_OP_STATUS_ERROR;
- QAT_DP_LOG(ERR, "Cookie status returned error");
- } else {
- if (ICP_QAT_FW_PKE_RESP_PKE_STAT_GET(
- resp_msg->pke_resp_hdr.resp_status.pke_resp_flags)) {
- rx_op->status = RTE_CRYPTO_OP_STATUS_ERROR;
- QAT_DP_LOG(ERR, "Asymmetric response status returned error");
- }
- if (resp_msg->pke_resp_hdr.resp_status.comn_err_code) {
- rx_op->status = RTE_CRYPTO_OP_STATUS_ERROR;
- QAT_DP_LOG(ERR, "Asymmetric common status returned error");
- }
- }
+ if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODEX) {
+ rte_crypto_param n = xform->modex.modulus;
- if (ctx->alg == QAT_PKE_MODEXP) {
alg_size = cookie->alg_size;
alg_size_in_bytes = alg_size >> 3;
uint8_t *modexp_result = asym_op->modex.result.data;
@@ -302,42 +323,83 @@ qat_asym_process_response(void **op, uint8_t *resp,
if (rx_op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED) {
rte_memcpy(modexp_result +
(asym_op->modex.result.length -
- ctx->sess_alg_params.mod_exp.n.length),
+ n.length),
cookie->output_array[0] + alg_size_in_bytes
- - ctx->sess_alg_params.mod_exp.n.length,
- ctx->sess_alg_params.mod_exp.n.length
+ - n.length, n.length
);
rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
- QAT_DP_HEXDUMP_LOG(DEBUG, "modexp_result",
+ QAT_DP_HEXDUMP_LOG(DEBUG, "ModExp result",
cookie->output_array[0],
alg_size_in_bytes);
+
#endif
}
- qat_clear_arrays(cookie, 3, 1, alg_size_in_bytes,
- alg_size_in_bytes);
- } else if (ctx->alg == QAT_PKE_MODINV) {
+ } else if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODINV) {
+ rte_crypto_param n = xform->modinv.modulus;
+
alg_size = cookie->alg_size;
alg_size_in_bytes = alg_size >> 3;
uint8_t *modinv_result = asym_op->modinv.result.data;
if (rx_op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED) {
rte_memcpy(modinv_result + (asym_op->modinv.result.length
- - ctx->sess_alg_params.mod_inv.n.length),
+ - n.length),
cookie->output_array[0] + alg_size_in_bytes
- - ctx->sess_alg_params.mod_inv.n.length,
- ctx->sess_alg_params.mod_inv.n.length);
+ - n.length, n.length);
rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
- QAT_DP_HEXDUMP_LOG(DEBUG, "modinv_result",
+ QAT_DP_HEXDUMP_LOG(DEBUG, "ModInv result",
cookie->output_array[0],
alg_size_in_bytes);
#endif
}
- qat_clear_arrays(cookie, 2, 1, alg_size_in_bytes,
+ }
+ qat_clear_arrays_by_alg(cookie, xform->xform_type, alg_size_in_bytes,
alg_size_in_bytes);
+}
+
+void
+qat_asym_process_response(void **op, uint8_t *resp,
+ void *op_cookie)
+{
+ struct qat_asym_session *ctx;
+ struct icp_qat_fw_pke_resp *resp_msg =
+ (struct icp_qat_fw_pke_resp *)resp;
+ struct rte_crypto_op *rx_op = (struct rte_crypto_op *)(uintptr_t)
+ (resp_msg->opaque);
+ struct qat_asym_op_cookie *cookie = op_cookie;
+
+ if (cookie->error) {
+ cookie->error = 0;
+ if (rx_op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
+ rx_op->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ QAT_DP_LOG(ERR, "Cookie status returned error");
+ } else {
+ if (ICP_QAT_FW_PKE_RESP_PKE_STAT_GET(
+ resp_msg->pke_resp_hdr.resp_status.pke_resp_flags)) {
+ if (rx_op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
+ rx_op->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ QAT_DP_LOG(ERR, "Asymmetric response status"
+ " returned error");
+ }
+ if (resp_msg->pke_resp_hdr.resp_status.comn_err_code) {
+ if (rx_op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
+ rx_op->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ QAT_DP_LOG(ERR, "Asymmetric common status"
+ " returned error");
+ }
}
+ if (rx_op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
+ ctx = (struct qat_asym_session *)get_asym_session_private_data(
+ rx_op->asym->session, cryptodev_qat_asym_driver_id);
+ qat_asym_collect_response(rx_op, cookie, ctx->xform);
+ } else if (rx_op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
+ qat_asym_collect_response(rx_op, cookie, rx_op->asym->xform);
+ }
+ *op = rx_op;
+
#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
QAT_DP_HEXDUMP_LOG(DEBUG, "resp_msg:", resp_msg,
sizeof(struct icp_qat_fw_pke_resp));
@@ -362,10 +424,6 @@ qat_asym_session_configure(struct rte_cryptodev *dev,
session = sess_private_data;
if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODEX) {
- session->sess_alg_params.mod_exp.e = xform->modex.exponent;
- session->sess_alg_params.mod_exp.n = xform->modex.modulus;
- session->alg = QAT_PKE_MODEXP;
-
if (xform->modex.exponent.length == 0 ||
xform->modex.modulus.length == 0) {
QAT_LOG(ERR, "Invalid mod exp input parameter");
@@ -373,20 +431,24 @@ qat_asym_session_configure(struct rte_cryptodev *dev,
goto error;
}
} else if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_MODINV) {
- session->sess_alg_params.mod_inv.n = xform->modinv.modulus;
- session->alg = QAT_PKE_MODINV;
-
if (xform->modinv.modulus.length == 0) {
QAT_LOG(ERR, "Invalid mod inv input parameter");
err = -EINVAL;
goto error;
}
- } else {
+ } else if (xform->xform_type >= RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
+ || xform->xform_type <= RTE_CRYPTO_ASYM_XFORM_NONE) {
QAT_LOG(ERR, "Invalid asymmetric crypto xform");
err = -EINVAL;
goto error;
+ } else {
+ QAT_LOG(ERR, "Asymmetric crypto xform not implemented");
+ err = -EINVAL;
+ goto error;
}
- qat_asym_build_req_tmpl(sess_private_data, xform);
+
+ session->xform = xform;
+ qat_asym_build_req_tmpl(sess_private_data);
set_asym_session_private_data(sess, dev->driver_id,
sess_private_data);
diff --git a/drivers/crypto/qat/qat_asym.h b/drivers/crypto/qat/qat_asym.h
index ce4839b..2959b07 100644
--- a/drivers/crypto/qat/qat_asym.h
+++ b/drivers/crypto/qat/qat_asym.h
@@ -17,7 +17,11 @@ typedef uint64_t large_int_ptr;
#define QAT_PKE_MAX_LN_SIZE 512
#define _PKE_ALIGN_ __attribute__((__aligned__(8)))
-#define QAT_ASYM_ERROR_INVALID_PARAM 0x01
+#define QAT_ASYM_MAX_PARAMS 8
+#define QAT_ASYM_MODINV_NUM_IN_PARAMS 2
+#define QAT_ASYM_MODINV_NUM_OUT_PARAMS 1
+#define QAT_ASYM_MODEXP_NUM_IN_PARAMS 3
+#define QAT_ASYM_MODEXP_NUM_OUT_PARAMS 1
struct qat_asym_op_cookie {
size_t alg_size;
@@ -33,27 +37,9 @@ struct qat_asym_op_cookie {
uint8_t output_array[MAX_PKE_PARAMS][QAT_PKE_MAX_LN_SIZE] _PKE_ALIGN_;
} _PKE_ALIGN_;
-enum qat_asym_alg {
- QAT_PKE_RSA,
- QAT_PKE_DH,
- QAT_PKE_DSA,
- QAT_PKE_MODEXP,
- QAT_PKE_MODINV,
-};
-
struct qat_asym_session {
- enum qat_asym_alg alg;
struct icp_qat_fw_pke_request req_tmpl;
- uint64_t flags;
- union {
- struct {
- rte_crypto_param n;
- rte_crypto_param e;
- } mod_exp;
- struct {
- rte_crypto_param n;
- } mod_inv;
- } sess_alg_params;
+ struct rte_crypto_asym_xform *xform;
};
int
diff --git a/drivers/crypto/qat/qat_asym_pmd.c b/drivers/crypto/qat/qat_asym_pmd.c
index c999799..71fd709 100644
--- a/drivers/crypto/qat/qat_asym_pmd.c
+++ b/drivers/crypto/qat/qat_asym_pmd.c
@@ -270,7 +270,8 @@ qat_asym_dev_create(struct qat_pci_device *qat_pci_dev)
cryptodev->dequeue_burst = qat_asym_pmd_dequeue_op_burst;
cryptodev->feature_flags = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
- RTE_CRYPTODEV_FF_HW_ACCELERATED;
+ RTE_CRYPTODEV_FF_HW_ACCELERATED |
+ RTE_CRYPTODEV_FF_ASYM_SESSIONLESS;
internals = cryptodev->data->dev_private;
internals->qat_dev = qat_pci_dev;
qat_pci_dev->asym_dev = internals;
--
2.1.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [dpdk-dev] [PATCH v4 2/5] crypto/qat: add rsa implementation to asym pmd
2019-10-22 14:04 [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 1/5] crypto/qat: add sessionless implementation to asym pmd Arek Kusztal
@ 2019-10-22 14:04 ` Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 3/5] crypto/qat: add rsa crt " Arek Kusztal
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Arek Kusztal @ 2019-10-22 14:04 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, Arek Kusztal
This commit adds rsa algorithm to asymmetric pmd
using pair (n, d) private key
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
doc/guides/cryptodevs/features/qat.ini | 2 +
doc/guides/cryptodevs/qat.rst | 1 +
doc/guides/rel_notes/release_19_11.rst | 2 +
.../qat/qat_adf/qat_pke_functionality_arrays.h | 18 ++
drivers/crypto/qat/qat_asym.c | 252 ++++++++++++++++++++-
drivers/crypto/qat/qat_asym.h | 2 +
drivers/crypto/qat/qat_asym_capabilities.h | 21 ++
drivers/crypto/qat/qat_asym_pmd.c | 3 +-
8 files changed, 299 insertions(+), 2 deletions(-)
diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini
index cef8015..374b523 100644
--- a/doc/guides/cryptodevs/features/qat.ini
+++ b/doc/guides/cryptodevs/features/qat.ini
@@ -14,6 +14,7 @@ OOP LB In SGL Out = Y
OOP LB In LB Out = Y
Digest encrypted = Y
Asymmetric sessionless = Y
+RSA PRIV OP KEY EXP = Y
;
; Supported crypto algorithms of the 'qat' crypto driver.
@@ -71,3 +72,4 @@ AES CCM (256) = Y
[Asymmetric]
Modular Exponentiation = Y
Modular Inversion = Y
+RSA = Y
diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
index ad685a7..8630e27 100644
--- a/doc/guides/cryptodevs/qat.rst
+++ b/doc/guides/cryptodevs/qat.rst
@@ -134,6 +134,7 @@ Limitations
* Big integers longer than 4096 bits are not supported.
* Queue pairs are not thread-safe (that is, within a single queue pair, RX and TX from different lcores is not supported).
+* RSA-2560, RSA-3584 are not supported
.. _building_qat:
diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
index a96d567..8603de7 100644
--- a/doc/guides/rel_notes/release_19_11.rst
+++ b/doc/guides/rel_notes/release_19_11.rst
@@ -156,6 +156,8 @@ New Features
Added support for asymmetric session-less operations.
+ Added support for RSA algorithm with pair (n, d) private key representation.
+
Removed Items
-------------
diff --git a/drivers/common/qat/qat_adf/qat_pke_functionality_arrays.h b/drivers/common/qat/qat_adf/qat_pke_functionality_arrays.h
index 8adf209..3e40b86 100644
--- a/drivers/common/qat/qat_adf/qat_pke_functionality_arrays.h
+++ b/drivers/common/qat/qat_adf/qat_pke_functionality_arrays.h
@@ -49,4 +49,22 @@ static const uint32_t MOD_INV_IDS_EVEN[][2] = {
{ 4096, MATHS_MODINV_EVEN_L4096 },
};
+static const uint32_t RSA_ENC_IDS[][2] = {
+ { 512, PKE_RSA_EP_512 },
+ { 1024, PKE_RSA_EP_1024 },
+ { 1536, PKE_RSA_EP_1536 },
+ { 2048, PKE_RSA_EP_2048 },
+ { 3072, PKE_RSA_EP_3072 },
+ { 4096, PKE_RSA_EP_4096 },
+};
+
+static const uint32_t RSA_DEC_IDS[][2] = {
+ { 512, PKE_RSA_DP1_512 },
+ { 1024, PKE_RSA_DP1_1024 },
+ { 1536, PKE_RSA_DP1_1536 },
+ { 2048, PKE_RSA_DP1_2048 },
+ { 3072, PKE_RSA_DP1_3072 },
+ { 4096, PKE_RSA_DP1_4096 },
+};
+
#endif
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 1145425..070feb9 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -228,6 +228,171 @@ qat_asym_fill_arrays(struct rte_crypto_asym_op *asym_op,
cookie->input_array[1],
alg_size_in_bytes);
#endif
+ } else if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_RSA) {
+ err = qat_asym_check_nonzero(xform->rsa.n);
+ if (err) {
+ QAT_LOG(ERR, "Empty modulus in RSA"
+ " inverse, aborting this operation");
+ return err;
+ }
+
+ alg_size_in_bytes = xform->rsa.n.length;
+ alg_size = alg_size_in_bytes << 3;
+
+ qat_req->input_param_count =
+ QAT_ASYM_RSA_NUM_IN_PARAMS;
+ qat_req->output_param_count =
+ QAT_ASYM_RSA_NUM_OUT_PARAMS;
+
+ if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT ||
+ asym_op->rsa.op_type ==
+ RTE_CRYPTO_ASYM_OP_VERIFY) {
+
+ if (qat_asym_get_sz_and_func_id(RSA_ENC_IDS,
+ sizeof(RSA_ENC_IDS)/
+ sizeof(*RSA_ENC_IDS),
+ &alg_size, &func_id)) {
+ err = -(EINVAL);
+ QAT_LOG(ERR,
+ "Not supported RSA parameter size (key)");
+ return err;
+ }
+ alg_size_in_bytes = alg_size >> 3;
+ if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
+ switch (asym_op->rsa.pad) {
+ case RTE_CRYPTO_RSA_PADDING_NONE:
+ rte_memcpy(cookie->input_array[0] +
+ alg_size_in_bytes -
+ asym_op->rsa.message.length
+ , asym_op->rsa.message.data,
+ asym_op->rsa.message.length);
+ break;
+ default:
+ err = -(EINVAL);
+ QAT_LOG(ERR,
+ "Invalid RSA padding (Encryption)");
+ return err;
+ }
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA Message",
+ cookie->input_array[0],
+ alg_size_in_bytes);
+#endif
+ } else {
+ switch (asym_op->rsa.pad) {
+ case RTE_CRYPTO_RSA_PADDING_NONE:
+ rte_memcpy(cookie->input_array[0],
+ asym_op->rsa.sign.data,
+ alg_size_in_bytes);
+ break;
+ default:
+ err = -(EINVAL);
+ QAT_LOG(ERR,
+ "Invalid RSA padding (Verify)");
+ return err;
+ }
+
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, " RSA Signature",
+ cookie->input_array[0],
+ alg_size_in_bytes);
+#endif
+
+ }
+ rte_memcpy(cookie->input_array[1] +
+ alg_size_in_bytes -
+ xform->rsa.e.length
+ , xform->rsa.e.data,
+ xform->rsa.e.length);
+ rte_memcpy(cookie->input_array[2] +
+ alg_size_in_bytes -
+ xform->rsa.n.length,
+ xform->rsa.n.data,
+ xform->rsa.n.length);
+
+ cookie->alg_size = alg_size;
+ qat_req->pke_hdr.cd_pars.func_id = func_id;
+
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA Public Key",
+ cookie->input_array[1], alg_size_in_bytes);
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA Modulus",
+ cookie->input_array[2], alg_size_in_bytes);
+#endif
+ } else {
+ if (asym_op->rsa.op_type ==
+ RTE_CRYPTO_ASYM_OP_DECRYPT) {
+ switch (asym_op->rsa.pad) {
+ case RTE_CRYPTO_RSA_PADDING_NONE:
+ rte_memcpy(cookie->input_array[0]
+ + alg_size_in_bytes -
+ asym_op->rsa.cipher.length,
+ asym_op->rsa.cipher.data,
+ asym_op->rsa.cipher.length);
+ break;
+ default:
+ QAT_LOG(ERR,
+ "Invalid padding of RSA (Decrypt)");
+ return -(EINVAL);
+ }
+
+ } else if (asym_op->rsa.op_type ==
+ RTE_CRYPTO_ASYM_OP_SIGN) {
+ switch (asym_op->rsa.pad) {
+ case RTE_CRYPTO_RSA_PADDING_NONE:
+ rte_memcpy(cookie->input_array[0]
+ + alg_size_in_bytes -
+ asym_op->rsa.message.length,
+ asym_op->rsa.message.data,
+ asym_op->rsa.message.length);
+ break;
+ default:
+ QAT_LOG(ERR,
+ "Invalid padding of RSA (Signature)");
+ return -(EINVAL);
+ }
+ }
+
+ if (xform->rsa.key_type == RTE_RSA_KET_TYPE_QT) {
+ QAT_LOG(ERR, "RSA CRT not implemented");
+ return -(EINVAL);
+ } else if (xform->rsa.key_type ==
+ RTE_RSA_KEY_TYPE_EXP) {
+ if (qat_asym_get_sz_and_func_id(
+ RSA_DEC_IDS,
+ sizeof(RSA_DEC_IDS)/
+ sizeof(*RSA_DEC_IDS),
+ &alg_size, &func_id)) {
+ return -(EINVAL);
+ }
+ alg_size_in_bytes = alg_size >> 3;
+ rte_memcpy(cookie->input_array[1] +
+ alg_size_in_bytes -
+ xform->rsa.d.length,
+ xform->rsa.d.data,
+ xform->rsa.d.length);
+ rte_memcpy(cookie->input_array[2] +
+ alg_size_in_bytes -
+ xform->rsa.n.length,
+ xform->rsa.n.data,
+ xform->rsa.n.length);
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA ciphertext",
+ cookie->input_array[0],
+ alg_size_in_bytes);
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA d", cookie->input_array[1],
+ alg_size_in_bytes);
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA n", cookie->input_array[2],
+ alg_size_in_bytes);
+#endif
+
+ cookie->alg_size = alg_size;
+ qat_req->pke_hdr.cd_pars.func_id = func_id;
+ } else {
+ QAT_LOG(ERR, "Invalid RSA key type");
+ return -(EINVAL);
+ }
+ }
} else {
QAT_LOG(ERR, "Invalid asymmetric crypto xform");
return -(EINVAL);
@@ -354,6 +519,85 @@ static void qat_asym_collect_response(struct rte_crypto_op *rx_op,
alg_size_in_bytes);
#endif
}
+ } else if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_RSA) {
+
+ alg_size = cookie->alg_size;
+ alg_size_in_bytes = alg_size >> 3;
+ if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT ||
+ asym_op->rsa.op_type ==
+ RTE_CRYPTO_ASYM_OP_VERIFY) {
+ if (asym_op->rsa.op_type ==
+ RTE_CRYPTO_ASYM_OP_ENCRYPT) {
+ uint8_t *rsa_result = asym_op->rsa.cipher.data;
+
+ rte_memcpy(rsa_result,
+ cookie->output_array[0],
+ alg_size_in_bytes);
+ rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA Encrypted data",
+ cookie->output_array[0],
+ alg_size_in_bytes);
+#endif
+ } else if (asym_op->rsa.op_type ==
+ RTE_CRYPTO_ASYM_OP_VERIFY) {
+ uint8_t *rsa_result = asym_op->rsa.cipher.data;
+
+ switch (asym_op->rsa.pad) {
+ case RTE_CRYPTO_RSA_PADDING_NONE:
+ rte_memcpy(rsa_result,
+ cookie->output_array[0],
+ alg_size_in_bytes);
+ rx_op->status =
+ RTE_CRYPTO_OP_STATUS_SUCCESS;
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA Signature",
+ cookie->output_array[0],
+ alg_size_in_bytes);
+#endif
+ break;
+ default:
+ QAT_LOG(ERR, "Padding not supported");
+ rx_op->status =
+ RTE_CRYPTO_OP_STATUS_ERROR;
+ break;
+ }
+ }
+ } else {
+ if (asym_op->rsa.op_type ==
+ RTE_CRYPTO_ASYM_OP_DECRYPT) {
+ uint8_t *rsa_result = asym_op->rsa.message.data;
+
+ switch (asym_op->rsa.pad) {
+ case RTE_CRYPTO_RSA_PADDING_NONE:
+ rte_memcpy(rsa_result,
+ cookie->output_array[0],
+ alg_size_in_bytes);
+ break;
+ default:
+ QAT_LOG(ERR, "Padding not supported");
+ rx_op->status =
+ RTE_CRYPTO_OP_STATUS_ERROR;
+ break;
+ }
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA Decrypted Message",
+ rsa_result, alg_size_in_bytes);
+#endif
+ } else if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
+ uint8_t *rsa_result = asym_op->rsa.sign.data;
+
+ rte_memcpy(rsa_result,
+ cookie->output_array[0],
+ alg_size_in_bytes);
+ rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "RSA Signature",
+ cookie->output_array[0],
+ alg_size_in_bytes);
+#endif
+ }
+ }
}
qat_clear_arrays_by_alg(cookie, xform->xform_type, alg_size_in_bytes,
alg_size_in_bytes);
@@ -393,7 +637,7 @@ qat_asym_process_response(void **op, uint8_t *resp,
if (rx_op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
ctx = (struct qat_asym_session *)get_asym_session_private_data(
- rx_op->asym->session, cryptodev_qat_asym_driver_id);
+ rx_op->asym->session, cryptodev_qat_asym_driver_id);
qat_asym_collect_response(rx_op, cookie, ctx->xform);
} else if (rx_op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) {
qat_asym_collect_response(rx_op, cookie, rx_op->asym->xform);
@@ -436,6 +680,12 @@ qat_asym_session_configure(struct rte_cryptodev *dev,
err = -EINVAL;
goto error;
}
+ } else if (xform->xform_type == RTE_CRYPTO_ASYM_XFORM_RSA) {
+ if (xform->rsa.n.length == 0) {
+ QAT_LOG(ERR, "Invalid rsa input parameter");
+ err = -EINVAL;
+ goto error;
+ }
} else if (xform->xform_type >= RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
|| xform->xform_type <= RTE_CRYPTO_ASYM_XFORM_NONE) {
QAT_LOG(ERR, "Invalid asymmetric crypto xform");
diff --git a/drivers/crypto/qat/qat_asym.h b/drivers/crypto/qat/qat_asym.h
index 2959b07..b1dec8f 100644
--- a/drivers/crypto/qat/qat_asym.h
+++ b/drivers/crypto/qat/qat_asym.h
@@ -22,6 +22,8 @@ typedef uint64_t large_int_ptr;
#define QAT_ASYM_MODINV_NUM_OUT_PARAMS 1
#define QAT_ASYM_MODEXP_NUM_IN_PARAMS 3
#define QAT_ASYM_MODEXP_NUM_OUT_PARAMS 1
+#define QAT_ASYM_RSA_NUM_IN_PARAMS 3
+#define QAT_ASYM_RSA_NUM_OUT_PARAMS 1
struct qat_asym_op_cookie {
size_t alg_size;
diff --git a/drivers/crypto/qat/qat_asym_capabilities.h b/drivers/crypto/qat/qat_asym_capabilities.h
index f43c025..523b4da 100644
--- a/drivers/crypto/qat/qat_asym_capabilities.h
+++ b/drivers/crypto/qat/qat_asym_capabilities.h
@@ -37,6 +37,27 @@
} \
}, \
} \
+ }, \
+ { /* RSA */ \
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, \
+ {.asym = { \
+ .xform_capa = { \
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, \
+ .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | \
+ (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | \
+ (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | \
+ (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), \
+ { \
+ .modlen = { \
+ /* min length is based on openssl rsa keygen */ \
+ .min = 64, \
+ /* value 0 symbolizes no limit on max length */ \
+ .max = 512, \
+ .increment = 64 \
+ }, } \
+ } \
+ }, \
+ } \
} \
#endif /* _QAT_ASYM_CAPABILITIES_H_ */
diff --git a/drivers/crypto/qat/qat_asym_pmd.c b/drivers/crypto/qat/qat_asym_pmd.c
index 71fd709..78fc2d7 100644
--- a/drivers/crypto/qat/qat_asym_pmd.c
+++ b/drivers/crypto/qat/qat_asym_pmd.c
@@ -271,7 +271,8 @@ qat_asym_dev_create(struct qat_pci_device *qat_pci_dev)
cryptodev->feature_flags = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
RTE_CRYPTODEV_FF_HW_ACCELERATED |
- RTE_CRYPTODEV_FF_ASYM_SESSIONLESS;
+ RTE_CRYPTODEV_FF_ASYM_SESSIONLESS |
+ RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP;
internals = cryptodev->data->dev_private;
internals->qat_dev = qat_pci_dev;
qat_pci_dev->asym_dev = internals;
--
2.1.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [dpdk-dev] [PATCH v4 3/5] crypto/qat: add rsa crt implementation to asym pmd
2019-10-22 14:04 [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 1/5] crypto/qat: add sessionless implementation to asym pmd Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 2/5] crypto/qat: add rsa " Arek Kusztal
@ 2019-10-22 14:04 ` Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 4/5] test/crypto: add sessionless to asymmetric mod exp Arek Kusztal
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: Arek Kusztal @ 2019-10-22 14:04 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, Arek Kusztal
This commit extends RSA implementation by CRT option
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
doc/guides/cryptodevs/features/qat.ini | 1 +
doc/guides/rel_notes/release_19_11.rst | 2 +
.../qat/qat_adf/qat_pke_functionality_arrays.h | 9 ++++
drivers/crypto/qat/qat_asym.c | 62 ++++++++++++++++++++--
drivers/crypto/qat/qat_asym.h | 1 +
drivers/crypto/qat/qat_asym_pmd.c | 3 +-
6 files changed, 74 insertions(+), 4 deletions(-)
diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini
index 374b523..6e350eb 100644
--- a/doc/guides/cryptodevs/features/qat.ini
+++ b/doc/guides/cryptodevs/features/qat.ini
@@ -15,6 +15,7 @@ OOP LB In LB Out = Y
Digest encrypted = Y
Asymmetric sessionless = Y
RSA PRIV OP KEY EXP = Y
+RSA PRIV OP KEY QT = Y
;
; Supported crypto algorithms of the 'qat' crypto driver.
diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
index 8603de7..6d34249 100644
--- a/doc/guides/rel_notes/release_19_11.rst
+++ b/doc/guides/rel_notes/release_19_11.rst
@@ -158,6 +158,8 @@ New Features
Added support for RSA algorithm with pair (n, d) private key representation.
+ Added support for RSA algorithm with quintuple private key representation.
+
Removed Items
-------------
diff --git a/drivers/common/qat/qat_adf/qat_pke_functionality_arrays.h b/drivers/common/qat/qat_adf/qat_pke_functionality_arrays.h
index 3e40b86..42ffbba 100644
--- a/drivers/common/qat/qat_adf/qat_pke_functionality_arrays.h
+++ b/drivers/common/qat/qat_adf/qat_pke_functionality_arrays.h
@@ -67,4 +67,13 @@ static const uint32_t RSA_DEC_IDS[][2] = {
{ 4096, PKE_RSA_DP1_4096 },
};
+static const uint32_t RSA_DEC_CRT_IDS[][2] = {
+ { 512, PKE_RSA_DP2_512 },
+ { 1024, PKE_RSA_DP2_1024 },
+ { 1536, PKE_RSA_DP2_1536 },
+ { 2048, PKE_RSA_DP2_2048 },
+ { 3072, PKE_RSA_DP2_3072 },
+ { 4096, PKE_RSA_DP2_4096 },
+};
+
#endif
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 070feb9..ae0dd79 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -352,10 +352,66 @@ qat_asym_fill_arrays(struct rte_crypto_asym_op *asym_op,
return -(EINVAL);
}
}
-
if (xform->rsa.key_type == RTE_RSA_KET_TYPE_QT) {
- QAT_LOG(ERR, "RSA CRT not implemented");
- return -(EINVAL);
+
+ qat_req->input_param_count =
+ QAT_ASYM_RSA_QT_NUM_IN_PARAMS;
+ if (qat_asym_get_sz_and_func_id(RSA_DEC_CRT_IDS,
+ sizeof(RSA_DEC_CRT_IDS)/
+ sizeof(*RSA_DEC_CRT_IDS),
+ &alg_size, &func_id)) {
+ return -(EINVAL);
+ }
+ alg_size_in_bytes = alg_size >> 3;
+
+ rte_memcpy(cookie->input_array[1] +
+ (alg_size_in_bytes >> 1) -
+ xform->rsa.qt.p.length
+ , xform->rsa.qt.p.data,
+ xform->rsa.qt.p.length);
+ rte_memcpy(cookie->input_array[2] +
+ (alg_size_in_bytes >> 1) -
+ xform->rsa.qt.q.length
+ , xform->rsa.qt.q.data,
+ xform->rsa.qt.q.length);
+ rte_memcpy(cookie->input_array[3] +
+ (alg_size_in_bytes >> 1) -
+ xform->rsa.qt.dP.length
+ , xform->rsa.qt.dP.data,
+ xform->rsa.qt.dP.length);
+ rte_memcpy(cookie->input_array[4] +
+ (alg_size_in_bytes >> 1) -
+ xform->rsa.qt.dQ.length
+ , xform->rsa.qt.dQ.data,
+ xform->rsa.qt.dQ.length);
+ rte_memcpy(cookie->input_array[5] +
+ (alg_size_in_bytes >> 1) -
+ xform->rsa.qt.qInv.length
+ , xform->rsa.qt.qInv.data,
+ xform->rsa.qt.qInv.length);
+ cookie->alg_size = alg_size;
+ qat_req->pke_hdr.cd_pars.func_id = func_id;
+
+#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
+ QAT_DP_HEXDUMP_LOG(DEBUG, "C",
+ cookie->input_array[0],
+ alg_size_in_bytes);
+ QAT_DP_HEXDUMP_LOG(DEBUG, "p",
+ cookie->input_array[1],
+ alg_size_in_bytes);
+ QAT_DP_HEXDUMP_LOG(DEBUG, "q",
+ cookie->input_array[2],
+ alg_size_in_bytes);
+ QAT_DP_HEXDUMP_LOG(DEBUG,
+ "dP", cookie->input_array[3],
+ alg_size_in_bytes);
+ QAT_DP_HEXDUMP_LOG(DEBUG,
+ "dQ", cookie->input_array[4],
+ alg_size_in_bytes);
+ QAT_DP_HEXDUMP_LOG(DEBUG,
+ "qInv", cookie->input_array[5],
+ alg_size_in_bytes);
+#endif
} else if (xform->rsa.key_type ==
RTE_RSA_KEY_TYPE_EXP) {
if (qat_asym_get_sz_and_func_id(
diff --git a/drivers/crypto/qat/qat_asym.h b/drivers/crypto/qat/qat_asym.h
index b1dec8f..551edc3 100644
--- a/drivers/crypto/qat/qat_asym.h
+++ b/drivers/crypto/qat/qat_asym.h
@@ -24,6 +24,7 @@ typedef uint64_t large_int_ptr;
#define QAT_ASYM_MODEXP_NUM_OUT_PARAMS 1
#define QAT_ASYM_RSA_NUM_IN_PARAMS 3
#define QAT_ASYM_RSA_NUM_OUT_PARAMS 1
+#define QAT_ASYM_RSA_QT_NUM_IN_PARAMS 6
struct qat_asym_op_cookie {
size_t alg_size;
diff --git a/drivers/crypto/qat/qat_asym_pmd.c b/drivers/crypto/qat/qat_asym_pmd.c
index 78fc2d7..c8a52b6 100644
--- a/drivers/crypto/qat/qat_asym_pmd.c
+++ b/drivers/crypto/qat/qat_asym_pmd.c
@@ -272,7 +272,8 @@ qat_asym_dev_create(struct qat_pci_device *qat_pci_dev)
cryptodev->feature_flags = RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
RTE_CRYPTODEV_FF_HW_ACCELERATED |
RTE_CRYPTODEV_FF_ASYM_SESSIONLESS |
- RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP;
+ RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP |
+ RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT;
internals = cryptodev->data->dev_private;
internals->qat_dev = qat_pci_dev;
qat_pci_dev->asym_dev = internals;
--
2.1.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [dpdk-dev] [PATCH v4 4/5] test/crypto: add sessionless to asymmetric mod exp
2019-10-22 14:04 [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Arek Kusztal
` (2 preceding siblings ...)
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 3/5] crypto/qat: add rsa crt " Arek Kusztal
@ 2019-10-22 14:04 ` Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 5/5] test/crypto: add rsa tests to qat and openssl with no padding Arek Kusztal
2019-10-23 13:42 ` [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Akhil Goyal
5 siblings, 0 replies; 7+ messages in thread
From: Arek Kusztal @ 2019-10-22 14:04 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, Arek Kusztal
This commit adds asymmetric sessionless tests to mod exp.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
app/test/test_cryptodev_asym.c | 73 ++++++++++++++++++++++++++++--------------
1 file changed, 49 insertions(+), 24 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 6cc2f97..ea3005b 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -283,7 +283,7 @@ test_cryptodev_asym_ver(union test_case_structure *data_tc,
static int
test_cryptodev_asym_op(struct crypto_testsuite_params *ts_params,
union test_case_structure *data_tc,
- char *test_msg)
+ char *test_msg, int sessionless)
{
struct rte_crypto_asym_op *asym_op = NULL;
struct rte_crypto_op *op = NULL;
@@ -382,27 +382,31 @@ test_cryptodev_asym_op(struct crypto_testsuite_params *ts_params,
goto error_exit;
}
- sess = rte_cryptodev_asym_session_create(ts_params->session_mpool);
- if (!sess) {
- snprintf(test_msg, ASYM_TEST_MSG_LEN,
- "line %u "
- "FAILED: %s", __LINE__,
- "Session creation failed");
- status = TEST_FAILED;
- goto error_exit;
- }
-
- if (rte_cryptodev_asym_session_init(dev_id, sess, &xform_tc,
- ts_params->session_mpool) < 0) {
- snprintf(test_msg, ASYM_TEST_MSG_LEN,
- "line %u FAILED: %s",
- __LINE__, "unabled to config sym session");
- status = TEST_FAILED;
- goto error_exit;
- }
+ if (!sessionless) {
+ sess = rte_cryptodev_asym_session_create(ts_params->session_mpool);
+ if (!sess) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u "
+ "FAILED: %s", __LINE__,
+ "Session creation failed");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
- rte_crypto_op_attach_asym_session(op, sess);
+ if (rte_cryptodev_asym_session_init(dev_id, sess, &xform_tc,
+ ts_params->session_mpool) < 0) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "unabled to config sym session");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ rte_crypto_op_attach_asym_session(op, sess);
+ } else {
+ asym_op->xform = &xform_tc;
+ op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
+ }
RTE_LOG(DEBUG, USER1, "Process ASYM operation");
/* Process crypto operation */
@@ -433,7 +437,10 @@ test_cryptodev_asym_op(struct crypto_testsuite_params *ts_params,
goto error_exit;
}
- snprintf(test_msg, ASYM_TEST_MSG_LEN, "PASS");
+ if (!sessionless)
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "PASS");
+ else
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "SESSIONLESS PASS");
error_exit:
if (sess != NULL) {
@@ -451,7 +458,7 @@ test_cryptodev_asym_op(struct crypto_testsuite_params *ts_params,
}
static int
-test_one_case(const void *test_case)
+test_one_case(const void *test_case, int sessionless)
{
int status = TEST_SUCCESS;
char test_msg[ASYM_TEST_MSG_LEN + 1];
@@ -460,7 +467,8 @@ test_one_case(const void *test_case)
union test_case_structure tc;
memcpy(&tc, test_case, sizeof(tc));
- status = test_cryptodev_asym_op(&testsuite_params, &tc, test_msg);
+ status = test_cryptodev_asym_op(&testsuite_params, &tc, test_msg,
+ sessionless);
printf(" %u) TestCase %s %s\n", test_index++,
tc.modex.description, test_msg);
@@ -501,14 +509,31 @@ static int
test_one_by_one(void)
{
int status = TEST_SUCCESS;
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
uint32_t i = 0;
+ uint8_t dev_id = ts_params->valid_devs[0];
+ struct rte_cryptodev_info dev_info;
+ int sessionless = 0;
+
+ rte_cryptodev_info_get(dev_id, &dev_info);
+ if ((dev_info.feature_flags &
+ RTE_CRYPTODEV_FF_ASYM_SESSIONLESS)) {
+ sessionless = 1;
+ }
/* Go through all test cases */
test_index = 0;
for (i = 0; i < test_vector.size; i++) {
- if (test_one_case(test_vector.address[i]) != TEST_SUCCESS)
+ if (test_one_case(test_vector.address[i], 0) != TEST_SUCCESS)
status = TEST_FAILED;
}
+ if (sessionless) {
+ for (i = 0; i < test_vector.size; i++) {
+ if (test_one_case(test_vector.address[i], 1)
+ != TEST_SUCCESS)
+ status = TEST_FAILED;
+ }
+ }
TEST_ASSERT_EQUAL(status, 0, "Test failed");
return status;
--
2.1.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [dpdk-dev] [PATCH v4 5/5] test/crypto: add rsa tests to qat and openssl with no padding
2019-10-22 14:04 [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Arek Kusztal
` (3 preceding siblings ...)
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 4/5] test/crypto: add sessionless to asymmetric mod exp Arek Kusztal
@ 2019-10-22 14:04 ` Arek Kusztal
2019-10-23 13:42 ` [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Akhil Goyal
5 siblings, 0 replies; 7+ messages in thread
From: Arek Kusztal @ 2019-10-22 14:04 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, Arek Kusztal
This commit adds RSA tests to Intel QuickAssist Technology pmd
and OpenSSL pmd test suite for session and session-less cases
when PADDING_NONE selected
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
app/test/test_cryptodev_asym.c | 140 ++++++++++++++++--
app/test/test_cryptodev_rsa_test_vectors.h | 226 +++++++++++++++++++++++++++++
2 files changed, 351 insertions(+), 15 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index ea3005b..e49ab9d 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -54,6 +54,7 @@ struct crypto_unittest_params {
union test_case_structure {
struct modex_test_data modex;
struct modinv_test_data modinv;
+ struct rsa_test_data_2 rsa_data;
};
struct test_cases_array {
@@ -246,10 +247,12 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
return status;
}
static int
-test_cryptodev_asym_ver(union test_case_structure *data_tc,
- struct rte_crypto_op *result_op)
+test_cryptodev_asym_ver(struct rte_crypto_op *op,
+ struct rte_crypto_asym_xform *xform_tc,
+ union test_case_structure *data_tc,
+ struct rte_crypto_op *result_op)
{
- int status = TEST_SUCCESS;
+ int status = TEST_FAILED;
int ret = 0;
uint8_t *data_expected = NULL, *data_received = NULL;
size_t data_size = 0;
@@ -265,17 +268,35 @@ test_cryptodev_asym_ver(union test_case_structure *data_tc,
data_received = result_op->asym->modinv.result.data;
data_size = result_op->asym->modinv.result.length;
break;
+ case RTE_CRYPTO_ASYM_XFORM_RSA:
+ if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
+ data_size = xform_tc->rsa.n.length;
+ data_received = result_op->asym->rsa.cipher.data;
+ data_expected = data_tc->rsa_data.ct.data;
+ } else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
+ data_size = xform_tc->rsa.n.length;
+ data_expected = data_tc->rsa_data.pt.data;
+ data_received = result_op->asym->rsa.message.data;
+ } else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
+ data_size = xform_tc->rsa.n.length;
+ data_expected = data_tc->rsa_data.sign.data;
+ data_received = result_op->asym->rsa.sign.data;
+ } else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
+ data_size = xform_tc->rsa.n.length;
+ data_expected = data_tc->rsa_data.pt.data;
+ data_received = result_op->asym->rsa.cipher.data;
+ }
+ break;
case RTE_CRYPTO_ASYM_XFORM_DH:
case RTE_CRYPTO_ASYM_XFORM_DSA:
- case RTE_CRYPTO_ASYM_XFORM_RSA:
case RTE_CRYPTO_ASYM_XFORM_NONE:
case RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED:
default:
break;
}
ret = memcmp(data_expected, data_received, data_size);
- if (ret)
- status = TEST_FAILED;
+ if (!ret && data_size)
+ status = TEST_SUCCESS;
return status;
}
@@ -283,7 +304,8 @@ test_cryptodev_asym_ver(union test_case_structure *data_tc,
static int
test_cryptodev_asym_op(struct crypto_testsuite_params *ts_params,
union test_case_structure *data_tc,
- char *test_msg, int sessionless)
+ char *test_msg, int sessionless, enum rte_crypto_asym_op_type type,
+ enum rte_crypto_rsa_priv_key_type key_type)
{
struct rte_crypto_asym_op *asym_op = NULL;
struct rte_crypto_op *op = NULL;
@@ -368,9 +390,57 @@ test_cryptodev_asym_op(struct crypto_testsuite_params *ts_params,
goto error_exit;
}
break;
+ case RTE_CRYPTO_ASYM_XFORM_RSA:
+ result = rte_zmalloc(NULL, data_tc->rsa_data.n.len, 0);
+ op->asym->rsa.op_type = type;
+ xform_tc.rsa.e.data = data_tc->rsa_data.e.data;
+ xform_tc.rsa.e.length = data_tc->rsa_data.e.len;
+ xform_tc.rsa.n.data = data_tc->rsa_data.n.data;
+ xform_tc.rsa.n.length = data_tc->rsa_data.n.len;
+
+ if (key_type == RTE_RSA_KEY_TYPE_EXP) {
+ xform_tc.rsa.d.data = data_tc->rsa_data.d.data;
+ xform_tc.rsa.d.length = data_tc->rsa_data.d.len;
+ } else {
+ xform_tc.rsa.qt.p.data = data_tc->rsa_data.p.data;
+ xform_tc.rsa.qt.p.length = data_tc->rsa_data.p.len;
+ xform_tc.rsa.qt.q.data = data_tc->rsa_data.q.data;
+ xform_tc.rsa.qt.q.length = data_tc->rsa_data.q.len;
+ xform_tc.rsa.qt.dP.data = data_tc->rsa_data.dP.data;
+ xform_tc.rsa.qt.dP.length = data_tc->rsa_data.dP.len;
+ xform_tc.rsa.qt.dQ.data = data_tc->rsa_data.dQ.data;
+ xform_tc.rsa.qt.dQ.length = data_tc->rsa_data.dQ.len;
+ xform_tc.rsa.qt.qInv.data = data_tc->rsa_data.qInv.data;
+ xform_tc.rsa.qt.qInv.length = data_tc->rsa_data.qInv.len;
+ }
+
+ xform_tc.rsa.key_type = key_type;
+ op->asym->rsa.pad = data_tc->rsa_data.padding;
+
+ if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
+ asym_op->rsa.message.data = data_tc->rsa_data.pt.data;
+ asym_op->rsa.message.length = data_tc->rsa_data.pt.len;
+ asym_op->rsa.cipher.data = result;
+ asym_op->rsa.cipher.length = data_tc->rsa_data.n.len;
+ } else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
+ asym_op->rsa.message.data = result;
+ asym_op->rsa.message.length = data_tc->rsa_data.n.len;
+ asym_op->rsa.cipher.data = data_tc->rsa_data.ct.data;
+ asym_op->rsa.cipher.length = data_tc->rsa_data.ct.len;
+ } else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
+ asym_op->rsa.sign.data = result;
+ asym_op->rsa.sign.length = data_tc->rsa_data.n.len;
+ asym_op->rsa.message.data = data_tc->rsa_data.pt.data;
+ asym_op->rsa.message.length = data_tc->rsa_data.pt.len;
+ } else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
+ asym_op->rsa.cipher.data = result;
+ asym_op->rsa.cipher.length = data_tc->rsa_data.n.len;
+ asym_op->rsa.sign.data = data_tc->rsa_data.sign.data;
+ asym_op->rsa.sign.length = data_tc->rsa_data.sign.len;
+ }
+ break;
case RTE_CRYPTO_ASYM_XFORM_DH:
case RTE_CRYPTO_ASYM_XFORM_DSA:
- case RTE_CRYPTO_ASYM_XFORM_RSA:
case RTE_CRYPTO_ASYM_XFORM_NONE:
case RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED:
default:
@@ -429,7 +499,7 @@ test_cryptodev_asym_op(struct crypto_testsuite_params *ts_params,
goto error_exit;
}
- if (test_cryptodev_asym_ver(data_tc, result_op) != TEST_SUCCESS) {
+ if (test_cryptodev_asym_ver(op, &xform_tc, data_tc, result_op) != TEST_SUCCESS) {
snprintf(test_msg, ASYM_TEST_MSG_LEN,
"line %u FAILED: %s",
__LINE__, "Verification failed ");
@@ -460,18 +530,47 @@ test_cryptodev_asym_op(struct crypto_testsuite_params *ts_params,
static int
test_one_case(const void *test_case, int sessionless)
{
- int status = TEST_SUCCESS;
+ int status = TEST_SUCCESS, i = 0;
char test_msg[ASYM_TEST_MSG_LEN + 1];
/* Map the case to union */
union test_case_structure tc;
memcpy(&tc, test_case, sizeof(tc));
- status = test_cryptodev_asym_op(&testsuite_params, &tc, test_msg,
- sessionless);
-
- printf(" %u) TestCase %s %s\n", test_index++,
- tc.modex.description, test_msg);
+ if (tc.modex.xform_type == RTE_CRYPTO_ASYM_XFORM_MODEX
+ || tc.modex.xform_type == RTE_CRYPTO_ASYM_XFORM_MODINV) {
+ status = test_cryptodev_asym_op(&testsuite_params, &tc, test_msg,
+ sessionless, 0, 0);
+ printf(" %u) TestCase %s %s\n", test_index++,
+ tc.modex.description, test_msg);
+ } else {
+ for (i = 0; i < RTE_CRYPTO_ASYM_OP_LIST_END; i++) {
+ if (tc.modex.xform_type == RTE_CRYPTO_ASYM_XFORM_RSA) {
+ if (tc.rsa_data.op_type_flags & (1 << i)) {
+ if (tc.rsa_data.key_exp) {
+ status = test_cryptodev_asym_op(
+ &testsuite_params, &tc,
+ test_msg, sessionless, i,
+ RTE_RSA_KEY_TYPE_EXP);
+ }
+ if (status)
+ break;
+ if (tc.rsa_data.key_qt && (i ==
+ RTE_CRYPTO_ASYM_OP_DECRYPT ||
+ i == RTE_CRYPTO_ASYM_OP_SIGN)) {
+ status = test_cryptodev_asym_op(
+ &testsuite_params,
+ &tc, test_msg, sessionless, i,
+ RTE_RSA_KET_TYPE_QT);
+ }
+ if (status)
+ break;
+ }
+ }
+ }
+ printf(" %u) TestCase %s %s\n", test_index++,
+ tc.modex.description, test_msg);
+ }
return status;
}
@@ -502,6 +601,17 @@ load_test_vectors(void)
test_vector.address[test_vector.size] = &modinv_test_case[i];
test_vector.size++;
}
+ /* Load RSA vector*/
+ v_size = ARRAY_SIZE(rsa_test_case_list);
+ for (i = 0; i < v_size; i++) {
+ if (test_vector.size >= (TEST_VECTOR_SIZE)) {
+ RTE_LOG(DEBUG, USER1,
+ "TEST_VECTOR_SIZE too small\n");
+ return -1;
+ }
+ test_vector.address[test_vector.size] = &rsa_test_case_list[i];
+ test_vector.size++;
+ }
return 0;
}
diff --git a/app/test/test_cryptodev_rsa_test_vectors.h b/app/test/test_cryptodev_rsa_test_vectors.h
index 0dc0375..48a72e1 100644
--- a/app/test/test_cryptodev_rsa_test_vectors.h
+++ b/app/test/test_cryptodev_rsa_test_vectors.h
@@ -5,10 +5,236 @@
#ifndef TEST_CRYPTODEV_RSA_TEST_VECTORS_H__
#define TEST_CRYPTODEV_RSA_TEST_VECTORS_H__
+#include <stdint.h>
+
#include "rte_crypto_asym.h"
#define TEST_DATA_SIZE 4096
+struct rsa_test_data_2 {
+ enum rte_crypto_asym_xform_type xform_type;
+ const char *description;
+ uint64_t op_type_flags;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } pt;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } ct;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } sign;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } e;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } d;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } n;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } p;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } q;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } dP;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } dQ;
+ struct {
+ uint8_t data[DATA_SIZE];
+ uint16_t len;
+ } qInv;
+
+ uint16_t result_len;
+ enum rte_crypto_rsa_padding_type padding;
+ int key_exp;
+ int key_qt;
+};
+
+static const struct
+rsa_test_data_2 rsa_test_case_list[] = {
+ {
+ .description = "RSA Encryption Decryption "
+ "(n=128, pt=20, e=3) EXP, QT",
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
+ .op_type_flags = 1UL << RTE_CRYPTO_ASYM_OP_ENCRYPT |
+ 1UL << RTE_CRYPTO_ASYM_OP_DECRYPT,
+ .pt = {
+ .data = {
+ 0x00, 0x02, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0xbb,
+ 0xbb, 0xbb, 0xbb, 0xbb, 0xf8, 0xba, 0x1a, 0x55,
+ 0xd0, 0x2f, 0x85, 0xae, 0x96, 0x7b, 0xb6, 0x2f,
+ 0xb6, 0xcd, 0xa8, 0xeb, 0x7e, 0x78, 0xa0, 0x50
+ },
+ .len = 128,
+ },
+ .ct = {
+ .data = {
+ 0x3D, 0x8D, 0x2F, 0x85, 0xC0, 0xB7, 0x21, 0x3E,
+ 0x5B, 0x4A, 0x96, 0xB2, 0x85, 0x35, 0xAF, 0x0C,
+ 0x62, 0xE9, 0x73, 0xEF, 0x77, 0x76, 0x19, 0xD5,
+ 0x92, 0xF7, 0x1D, 0xB0, 0x15, 0x69, 0x65, 0x82,
+ 0x32, 0x30, 0x4E, 0x29, 0xE7, 0x83, 0xAD, 0x23,
+ 0x66, 0xD9, 0x91, 0x9B, 0xFF, 0x01, 0x10, 0x3B,
+ 0xB2, 0xF8, 0x78, 0x14, 0xD2, 0x6E, 0x3C, 0x59,
+ 0x6E, 0x1A, 0x90, 0x3C, 0x5A, 0xB3, 0x0B, 0x60,
+ 0xE2, 0x71, 0xCC, 0xF5, 0x0C, 0x57, 0x19, 0x03,
+ 0x5B, 0x04, 0x46, 0x7E, 0x13, 0x5B, 0xFF, 0x2C,
+ 0x01, 0x19, 0x75, 0x86, 0x6A, 0xAE, 0x60, 0xFB,
+ 0x0A, 0x4C, 0x14, 0x1A, 0xBC, 0x0E, 0x86, 0xF1,
+ 0x13, 0x10, 0xB3, 0x03, 0x8E, 0x66, 0x6F, 0xA5,
+ 0x53, 0x80, 0x5A, 0x91, 0xE6, 0x7C, 0x3C, 0x38,
+ 0x15, 0xB6, 0x69, 0x3E, 0xF6, 0x54, 0xB0, 0x60,
+ 0x83, 0xE9, 0x2B, 0xF3, 0x26, 0x53, 0x3E, 0x11
+ },
+ .len = 128,
+ },
+ .e = {
+ .data = {
+ 0x01, 0x00, 0x01
+ },
+ .len = 3,
+ },
+ .d = {
+ .data = {
+ 0x24, 0xd7, 0xea, 0xf4, 0x7f, 0xe0, 0xca, 0x31,
+ 0x4d, 0xee, 0xc4, 0xa1, 0xbe, 0xab, 0x06, 0x61,
+ 0x32, 0xe7, 0x51, 0x46, 0x27, 0xdf, 0x72, 0xe9,
+ 0x6f, 0xa8, 0x4c, 0xd1, 0x26, 0xef, 0x65, 0xeb,
+ 0x67, 0xff, 0x5f, 0xa7, 0x3b, 0x25, 0xb9, 0x08,
+ 0x8e, 0xa0, 0x47, 0x56, 0xe6, 0x8e, 0xf9, 0xd3,
+ 0x18, 0x06, 0x3d, 0xc6, 0xb1, 0xf8, 0xdc, 0x1b,
+ 0x8d, 0xe5, 0x30, 0x54, 0x26, 0xac, 0x16, 0x3b,
+ 0x7b, 0xad, 0x46, 0x9e, 0x21, 0x6a, 0x57, 0xe6,
+ 0x81, 0x56, 0x1d, 0x2a, 0xc4, 0x39, 0x63, 0x67,
+ 0x81, 0x2c, 0xca, 0xcc, 0xf8, 0x42, 0x04, 0xbe,
+ 0xcf, 0x8f, 0x6c, 0x5b, 0x81, 0x46, 0xb9, 0xc7,
+ 0x62, 0x90, 0x87, 0x35, 0x03, 0x9b, 0x89, 0xcb,
+ 0x37, 0xbd, 0xf1, 0x1b, 0x99, 0xa1, 0x9a, 0x78,
+ 0xd5, 0x4c, 0xdd, 0x3f, 0x41, 0x0c, 0xb7, 0x1a,
+ 0xd9, 0x7b, 0x87, 0x5f, 0xbe, 0xb1, 0x83, 0x41
+ },
+ .len = 128,
+ },
+ .n = {
+ .data = {
+ 0xb3, 0xa1, 0xaf, 0xb7, 0x13, 0x08, 0x00, 0x0a,
+ 0x35, 0xdc, 0x2b, 0x20, 0x8d, 0xa1, 0xb5, 0xce,
+ 0x47, 0x8a, 0xc3, 0x80, 0xf4, 0x7d, 0x4a, 0xa2,
+ 0x62, 0xfd, 0x61, 0x7f, 0xb5, 0xa8, 0xde, 0x0a,
+ 0x17, 0x97, 0xa0, 0xbf, 0xdf, 0x56, 0x5a, 0x3d,
+ 0x51, 0x56, 0x4f, 0x70, 0x70, 0x3f, 0x63, 0x6a,
+ 0x44, 0x5b, 0xad, 0x84, 0x0d, 0x3f, 0x27, 0x6e,
+ 0x3b, 0x34, 0x91, 0x60, 0x14, 0xb9, 0xaa, 0x72,
+ 0xfd, 0xa3, 0x64, 0xd2, 0x03, 0xa7, 0x53, 0x87,
+ 0x9e, 0x88, 0x0b, 0xc1, 0x14, 0x93, 0x1a, 0x62,
+ 0xff, 0xb1, 0x5d, 0x74, 0xcd, 0x59, 0x63, 0x18,
+ 0x11, 0x3d, 0x4f, 0xba, 0x75, 0xd4, 0x33, 0x4e,
+ 0x23, 0x6b, 0x7b, 0x57, 0x44, 0xe1, 0xd3, 0x03,
+ 0x13, 0xa6, 0xf0, 0x8b, 0x60, 0xb0, 0x9e, 0xee,
+ 0x75, 0x08, 0x9d, 0x71, 0x63, 0x13, 0xcb, 0xa6,
+ 0x81, 0x92, 0x14, 0x03, 0x22, 0x2d, 0xde, 0x55
+ },
+ .len = 128,
+ },
+ .p = {
+ .data = {
+ 0xdc, 0xba, 0x00, 0x01, 0x57, 0x93, 0xe3, 0x05,
+ 0xed, 0x61, 0x9a, 0xa3, 0xaf, 0x6a, 0xd3, 0x47,
+ 0x8f, 0x2d, 0x1e, 0x7f, 0x4d, 0x60, 0xc8, 0x8d,
+ 0x34, 0xb8, 0x17, 0x84, 0xbc, 0xd4, 0xe9, 0x79,
+ 0x95, 0x75, 0x19, 0x37, 0xe0, 0xcc, 0xfe, 0x4c,
+ 0x5d, 0x49, 0x53, 0x61, 0x29, 0xf1, 0xdc, 0x82,
+ 0x03, 0x96, 0x7d, 0x95, 0x4f, 0xdd, 0x3c, 0x0a,
+ 0x64, 0x8a, 0x43, 0x2f, 0x95, 0x4a, 0xed, 0xdd
+ },
+ .len = 64,
+ },
+ .q = {
+ .data = {
+ 0xd0, 0x56, 0x7a, 0x0a, 0xd5, 0x95, 0xa4, 0x85,
+ 0x53, 0x35, 0xa1, 0x48, 0x07, 0x6a, 0x7c, 0x08,
+ 0xe0, 0xfd, 0x4b, 0x88, 0x77, 0xa6, 0x15, 0x23,
+ 0x0f, 0xbf, 0x14, 0x46, 0x11, 0xee, 0x95, 0xc7,
+ 0x5e, 0x77, 0x65, 0xa2, 0xb5, 0x50, 0xdf, 0x19,
+ 0x07, 0xc7, 0x72, 0xdb, 0x29, 0xf6, 0x54, 0x86,
+ 0xe1, 0xb3, 0x97, 0x0a, 0x28, 0x64, 0x3a, 0x38,
+ 0xa6, 0x7d, 0x13, 0xc3, 0x79, 0xaa, 0x56, 0xd9
+ },
+ .len = 64,
+ },
+ .dP = {
+ .data = {
+ 0xc5, 0x43, 0x0d, 0x82, 0x25, 0x8c, 0xab, 0x55,
+ 0xbe, 0xc2, 0x7d, 0xfb, 0x4f, 0x68, 0x3f, 0x0e,
+ 0x32, 0xec, 0xf5, 0xd6, 0x7b, 0x86, 0xc5, 0x75,
+ 0x3c, 0xea, 0x51, 0x4a, 0x75, 0xa0, 0x2a, 0x50,
+ 0x58, 0xbb, 0xe0, 0x1f, 0xca, 0x2e, 0x2a, 0x0e,
+ 0x81, 0x48, 0x68, 0xd5, 0xeb, 0x30, 0x96, 0x0b,
+ 0x33, 0xbd, 0xa8, 0xda, 0x6a, 0x17, 0xa3, 0xf2,
+ 0xfd, 0xcb, 0x7b, 0x23, 0xe9, 0x5e, 0x9f, 0x99
+ },
+ .len = 64,
+ },
+ .dQ = {
+ .data = {
+ 0xbe, 0xff, 0xf9, 0x05, 0x43, 0xc8, 0xdc, 0x3b,
+ 0x0b, 0x0d, 0x28, 0xde, 0x73, 0x46, 0x11, 0x8e,
+ 0xc6, 0x4e, 0x11, 0xd8, 0x7b, 0xf0, 0xfc, 0x81,
+ 0xd7, 0x66, 0xd3, 0xbc, 0x65, 0xa6, 0x39, 0x14,
+ 0xbd, 0xab, 0x72, 0xb7, 0x57, 0xc9, 0x5b, 0xaf,
+ 0x83, 0xed, 0x3b, 0x84, 0x68, 0x15, 0x18, 0x6b,
+ 0x4c, 0x32, 0xac, 0x6f, 0x38, 0x96, 0xa2, 0xb5,
+ 0xdb, 0x14, 0xe2, 0x70, 0x9c, 0x73, 0x29, 0x09
+ },
+ .len = 64,
+ },
+ .qInv = {
+ .data = {
+ 0x59, 0xbd, 0xb1, 0x37, 0xeb, 0x4e, 0xcf, 0x68,
+ 0xe7, 0x85, 0x91, 0xbb, 0xc0, 0xdb, 0x8e, 0x41,
+ 0x91, 0x4a, 0xc0, 0xb1, 0xc5, 0xe8, 0x91, 0xf6,
+ 0xc7, 0x5a, 0x98, 0x1a, 0x8a, 0x0f, 0x45, 0xb2,
+ 0x5b, 0xff, 0x7a, 0x2d, 0x98, 0x89, 0x55, 0xd9,
+ 0xbf, 0x6e, 0xdd, 0x2d, 0xd4, 0xe8, 0x0a, 0xaa,
+ 0xae, 0x2a, 0xc4, 0x16, 0xb5, 0xba, 0xe1, 0x69,
+ 0x71, 0x94, 0xdd, 0xa0, 0xf5, 0x1e, 0x6d, 0xcc
+ },
+ .len = 64,
+ },
+ .padding = RTE_CRYPTO_RSA_PADDING_NONE,
+ .key_exp = 1,
+ .key_qt = 1,
+ }
+};
+
struct rsa_test_data {
uint8_t data[TEST_DATA_SIZE];
unsigned int len;
--
2.1.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT
2019-10-22 14:04 [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Arek Kusztal
` (4 preceding siblings ...)
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 5/5] test/crypto: add rsa tests to qat and openssl with no padding Arek Kusztal
@ 2019-10-23 13:42 ` Akhil Goyal
5 siblings, 0 replies; 7+ messages in thread
From: Akhil Goyal @ 2019-10-23 13:42 UTC (permalink / raw)
To: Arek Kusztal, dev; +Cc: fiona.trahe
>
> This patchset adds session-less option, RSA algorithm, RSA-CRT algorithm
> to Intel QuickAssist Technology PMD. It also adds session-less test cases
> for those algorithms.
> Test case for RSA signature with no padding will be sent in a later patch.
>
> [1]crypto/qat: add sessionless implementation to asym pmd
> - this patch adds sessionless option to QAT, already implemented
> algorithms MOD EXP and MOD INV can be used with sessionless
> [2]crypto/qat: add rsa implementation to asym pmd
> - this patch adds option to use RSA with exponent private key
> pair (n,d)
> [3]crypto/qat: add rsa crt implementation to asym pmd
> - this patch adds CRT option to RSA, to improve performance of
> decryption and creating of signature
>
> v4:
> - fixed compilation issue
>
> Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Series Applied to dpdk-next-crypto
Thanks.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-10-23 13:42 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-22 14:04 [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 1/5] crypto/qat: add sessionless implementation to asym pmd Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 2/5] crypto/qat: add rsa " Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 3/5] crypto/qat: add rsa crt " Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 4/5] test/crypto: add sessionless to asymmetric mod exp Arek Kusztal
2019-10-22 14:04 ` [dpdk-dev] [PATCH v4 5/5] test/crypto: add rsa tests to qat and openssl with no padding Arek Kusztal
2019-10-23 13:42 ` [dpdk-dev] [PATCH v4 0/5] Add session-less, RSA, RSA-CRT to QAT Akhil Goyal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.