[PATCH v3 0/7] cryptodev: support digest message in SM2
This patch series fixes SM2 algorithm implementation to support digest message as input along with plain message as today. v3: - fixed minor issues in code rebase Gowrishankar Muthukrishnan (7): crypto/openssl: include SM2 in asymmetric capabilities cryptodev: add hash algorithms in asymmetric capability cryptodev: use generic EC xform params for SM2 cryptodev: set private and public keys in EC session cryptodev: add RNG capability in EC based xform crypto/cnxk: add SM2 support app/test: check asymmetric capabilities in SM2 test app/test/test_cryptodev_asym.c| 197 - app/test/test_cryptodev_sm2_test_vectors.h| 32 ++- doc/guides/cryptodevs/features/cn10k.ini | 1 + doc/guides/rel_notes/release_23_11.rst| 8 + drivers/common/cnxk/hw/cpt.h | 3 +- drivers/common/cnxk/roc_ae.c | 32 ++- drivers/common/cnxk/roc_ae.h | 21 +- drivers/common/cnxk/roc_ae_fpm_tables.c | 190 + drivers/common/cpt/cpt_mcode_defines.h| 18 ++ drivers/common/cpt/cpt_ucode_asym.h | 22 +- drivers/crypto/cnxk/cnxk_ae.h | 269 +- drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 17 ++ drivers/crypto/openssl/rte_openssl_pmd.c | 53 +--- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 55 +++- drivers/crypto/qat/qat_asym.c | 6 +- examples/fips_validation/main.c | 14 +- lib/cryptodev/cryptodev_trace.h | 9 + lib/cryptodev/cryptodev_trace_points.c| 3 + lib/cryptodev/rte_crypto_asym.h | 33 +-- lib/cryptodev/rte_cryptodev.c | 16 ++ lib/cryptodev/rte_cryptodev.h | 25 ++ lib/cryptodev/version.map | 1 + 23 files changed, 831 insertions(+), 196 deletions(-) -- 2.25.1
[PATCH v3 1/7] crypto/openssl: include SM2 in asymmetric capabilities
Include SM2 algorithm in the asymmetric capabilities supported
by OpenSSL PMD.
Fixes: 3b7d638fb11f ("crypto/openssl: support asymmetric SM2")
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Arkadiusz Kusztal
---
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 14 ++
1 file changed, 14 insertions(+)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 85a4fa3e55..2eb450fcfd 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -593,6 +593,20 @@ static const struct rte_cryptodev_capabilities
openssl_pmd_capabilities[] = {
},
}
},
+ { /* SM2 */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+ .op_types =
+ ((1<
[PATCH v3 2/7] cryptodev: add hash algorithms in asymmetric capability
Most of the asymmetric operations start with hash of the input.
But a PMD might also support only plain input (eg openssl).
Add a new field in asymmetric capability to declare support
for hash operations that PMD can support for the asymmetric
operations. Application can skip computing hash if PMD already
supports it.
Signed-off-by: Gowrishankar Muthukrishnan
---
app/test/test_cryptodev_asym.c | 52 ++--
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 1 +
lib/cryptodev/cryptodev_trace.h | 9
lib/cryptodev/cryptodev_trace_points.c | 3 ++
lib/cryptodev/rte_cryptodev.c| 16 ++
lib/cryptodev/rte_cryptodev.h| 19 +++
lib/cryptodev/version.map| 1 +
7 files changed, 97 insertions(+), 4 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 9820b80f7e..61f65823df 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1810,8 +1810,10 @@ _test_sm2_sign(bool rnd_secret)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+ const struct rte_cryptodev_asymmetric_xform_capability *capa;
struct rte_mempool *sess_mpool = ts_params->session_mpool;
struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_cryptodev_asym_capability_idx idx;
uint8_t dev_id = ts_params->valid_devs[0];
struct rte_crypto_op *result_op = NULL;
uint8_t output_buf_r[TEST_DATA_SIZE];
@@ -1822,6 +1824,12 @@ _test_sm2_sign(bool rnd_secret)
int ret, status = TEST_SUCCESS;
void *sess = NULL;
+ /* Check SM2 capability */
+ idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+ capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+ if (capa == NULL)
+ return -ENOTSUP;
+
/* Setup crypto op data structure */
op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
if (op == NULL) {
@@ -1838,7 +1846,10 @@ _test_sm2_sign(bool rnd_secret)
/* Setup asym xform */
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
- xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
+ xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+ else
+ xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -1993,8 +2004,10 @@ test_sm2_verify(void)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+ const struct rte_cryptodev_asymmetric_xform_capability *capa;
struct rte_mempool *sess_mpool = ts_params->session_mpool;
struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_cryptodev_asym_capability_idx idx;
uint8_t dev_id = ts_params->valid_devs[0];
struct rte_crypto_op *result_op = NULL;
struct rte_crypto_asym_xform xform;
@@ -2003,6 +2016,12 @@ test_sm2_verify(void)
int ret, status = TEST_SUCCESS;
void *sess = NULL;
+ /* Check SM2 capability */
+ idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+ capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+ if (capa == NULL)
+ return -ENOTSUP;
+
/* Setup crypto op data structure */
op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
if (op == NULL) {
@@ -2019,7 +2038,10 @@ test_sm2_verify(void)
/* Setup asym xform */
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
- xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
+ xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+ else
+ xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -2094,9 +2116,11 @@ _test_sm2_enc(bool rnd_secret)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+ const struct rte_cryptodev_asymmetric_xform_capability *capa;
struct rte_mempool *sess_mpool = ts_params->session_mpool;
struct rte_mempool *op_mpool = ts_params->op_mpool;
uint8_t output_buf[TEST_DATA_SIZE], *pbuf = NULL;
+ struct rte_cryptodev_asym_capability_idx idx;
uint8_t dev_id = ts_params->valid_devs[0];
struct rte_crypto_op *result_op = NULL;
struct rte_crypto_asym_xform xform;
@@ -2105,6 +2129,12 @@ _test_sm2_enc(bool rnd_secr
[PATCH v3 3/7] cryptodev: use generic EC xform params for SM2
SM2 curve could use generic EC xform as it is yet another EC.
This would also require SM2 curve ID enumerated
along with other curves, as listed in:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Arkadiusz Kusztal
---
app/test/test_cryptodev_asym.c | 40
app/test/test_cryptodev_sm2_test_vectors.h | 4 +-
doc/guides/rel_notes/release_23_11.rst | 2 +
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 3 --
lib/cryptodev/rte_crypto_asym.h | 19 +++---
5 files changed, 34 insertions(+), 34 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 61f65823df..95fef9b42a 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1846,10 +1846,7 @@ _test_sm2_sign(bool rnd_secret)
/* Setup asym xform */
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
- xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
- else
- xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
+ xform.ec.curve_id = input_params.curve;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -1867,6 +1864,11 @@ _test_sm2_sign(bool rnd_secret)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
+ asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+ else
+ asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
asym_op->sm2.message.data = input_params.message.data;
asym_op->sm2.message.length = input_params.message.length;
asym_op->sm2.pkey.data = input_params.pkey.data;
@@ -2038,10 +2040,7 @@ test_sm2_verify(void)
/* Setup asym xform */
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
- xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
- else
- xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
+ xform.ec.curve_id = input_params.curve;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -2059,6 +2058,11 @@ test_sm2_verify(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
+ asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+ else
+ asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
asym_op->sm2.message.data = input_params.message.data;
asym_op->sm2.message.length = input_params.message.length;
asym_op->sm2.pkey.data = input_params.pkey.data;
@@ -2150,10 +2154,7 @@ _test_sm2_enc(bool rnd_secret)
/* Setup asym xform */
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
- xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
- else
- xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
+ xform.ec.curve_id = input_params.curve;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -2171,6 +2172,11 @@ _test_sm2_enc(bool rnd_secret)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
+ asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+ else
+ asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
asym_op->sm2.message.data = input_params.message.data;
asym_op->sm2.message.length = input_params.message.length;
asym_op->sm2.pkey.data = input_params.pkey.data;
@@ -2340,10 +2346,7 @@ test_sm2_dec(void)
/* Setup asym xform */
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
- xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
- else
- xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
+ xform.ec.curve_id = input_params.curve;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -2361,6 +2364,11 @@ test_sm2_dec(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
+
[PATCH v3 4/7] cryptodev: set private and public keys in EC session
Set EC private and public keys into xform so that, it can be
maintained per session.
Signed-off-by: Gowrishankar Muthukrishnan
Change-Id: Ib8251987c805bc304f819bf13f94f310f225a0e3
---
app/test/test_cryptodev_asym.c | 60 ++--
drivers/common/cnxk/roc_ae.h | 18 ++
drivers/common/cpt/cpt_mcode_defines.h | 18 ++
drivers/common/cpt/cpt_ucode_asym.h | 22 +++
drivers/crypto/cnxk/cnxk_ae.h| 37
drivers/crypto/openssl/rte_openssl_pmd.c | 53 +
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 35
drivers/crypto/qat/qat_asym.c| 6 +-
examples/fips_validation/main.c | 14 +++--
lib/cryptodev/rte_crypto_asym.h | 18 ++
10 files changed, 158 insertions(+), 123 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 95fef9b42a..4c4bdb9861 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1503,6 +1503,12 @@ test_ecdsa_sign_verify(enum curve curve_id)
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA;
xform.ec.curve_id = input_params.curve;
+ xform.ec.pkey.data = input_params.pkey.data;
+ xform.ec.pkey.length = input_params.pkey.length;
+ xform.ec.q.x.data = input_params.pubkey_qx.data;
+ xform.ec.q.x.length = input_params.pubkey_qx.length;
+ xform.ec.q.y.data = input_params.pubkey_qy.data;
+ xform.ec.q.y.length = input_params.pubkey_qy.length;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -1524,8 +1530,6 @@ test_ecdsa_sign_verify(enum curve curve_id)
op->asym->ecdsa.message.length = input_params.digest.length;
op->asym->ecdsa.k.data = input_params.scalar.data;
op->asym->ecdsa.k.length = input_params.scalar.length;
- op->asym->ecdsa.pkey.data = input_params.pkey.data;
- op->asym->ecdsa.pkey.length = input_params.pkey.length;
/* Init out buf */
op->asym->ecdsa.r.data = output_buf_r;
@@ -1582,10 +1586,6 @@ test_ecdsa_sign_verify(enum curve curve_id)
/* Populate op with operational details */
op->asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
- op->asym->ecdsa.q.x.data = input_params.pubkey_qx.data;
- op->asym->ecdsa.q.x.length = input_params.pubkey_qx.length;
- op->asym->ecdsa.q.y.data = input_params.pubkey_qy.data;
- op->asym->ecdsa.q.y.length = input_params.pubkey_qx.length;
op->asym->ecdsa.r.data = asym_op->ecdsa.r.data;
op->asym->ecdsa.r.length = asym_op->ecdsa.r.length;
op->asym->ecdsa.s.data = asym_op->ecdsa.s.data;
@@ -1847,6 +1847,12 @@ _test_sm2_sign(bool rnd_secret)
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
xform.ec.curve_id = input_params.curve;
+ xform.ec.pkey.data = input_params.pkey.data;
+ xform.ec.pkey.length = input_params.pkey.length;
+ xform.ec.q.x.data = input_params.pubkey_qx.data;
+ xform.ec.q.x.length = input_params.pubkey_qx.length;
+ xform.ec.q.y.data = input_params.pubkey_qy.data;
+ xform.ec.q.y.length = input_params.pubkey_qy.length;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -1871,12 +1877,6 @@ _test_sm2_sign(bool rnd_secret)
asym_op->sm2.message.data = input_params.message.data;
asym_op->sm2.message.length = input_params.message.length;
- asym_op->sm2.pkey.data = input_params.pkey.data;
- asym_op->sm2.pkey.length = input_params.pkey.length;
- asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
- asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
- asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
- asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
asym_op->sm2.id.data = input_params.id.data;
asym_op->sm2.id.length = input_params.id.length;
if (rnd_secret) {
@@ -2041,6 +2041,12 @@ test_sm2_verify(void)
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
xform.ec.curve_id = input_params.curve;
+ xform.ec.pkey.data = input_params.pkey.data;
+ xform.ec.pkey.length = input_params.pkey.length;
+ xform.ec.q.x.data = input_params.pubkey_qx.data;
+ xform.ec.q.x.length = input_params.pubkey_qx.length;
+ xform.ec.q.y.data = input_params.pubkey_qy.data;
+ xform.ec.q.y.length = input_params.pubkey_qy.length;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -2065,12 +2071,6 @@ test_sm2_verify(void)
asym_op->sm2.message.data = input_params
[PATCH v3 5/7] cryptodev: add RNG capability in EC based xform
Elliptic curve based asymmetric operations use cryptographically
secure random number in its computation. If PMD supports RNG
for such ops, the application could skip computing on its own.
This patch adds new field in asymmetric capability to declare
this capability.
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Arkadiusz Kusztal
---
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 2 ++
lib/cryptodev/rte_cryptodev.h| 6 ++
2 files changed, 8 insertions(+)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 083ad63360..2862c294a9 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -604,6 +604,8 @@ static const struct rte_cryptodev_capabilities
openssl_pmd_capabilities[] = {
(1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
(1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
(1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+ {.internal_rng = 1
+ }
}
}
}
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 47c6fda25b..9f36e0323d 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -181,6 +181,12 @@ struct rte_cryptodev_asymmetric_xform_capability {
/**< Range of modulus length supported by modulus based xform.
* Value 0 mean implementation default
*/
+
+ uint8_t internal_rng;
+ /**< Availability of random number generator for Elliptic curve
based xform.
+* Value 0 means unavailable, and application should pass the
required
+* random value. Otherwise, PMD would internally compute the
random number.
+*/
};
uint64_t hash_algos;
--
2.25.1
[PATCH v3 7/7] app/test: check asymmetric capabilities in SM2 test
Check asymmetric capabilities such as SM3 hash support and
internal RNG and accordingly choose op params for SM2 test.
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Arkadiusz Kusztal
---
app/test/test_cryptodev_asym.c | 77 +++---
app/test/test_cryptodev_sm2_test_vectors.h | 28 +---
2 files changed, 57 insertions(+), 48 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 4c4bdb9861..f16dcc01f7 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -608,6 +608,7 @@ static inline void print_asym_capa(
break;
case RTE_CRYPTO_ASYM_XFORM_ECDSA:
case RTE_CRYPTO_ASYM_XFORM_ECPM:
+ case RTE_CRYPTO_ASYM_XFORM_SM2:
default:
break;
}
@@ -1806,7 +1807,7 @@ test_ecpm_all_curve(void)
}
static int
-_test_sm2_sign(bool rnd_secret)
+test_sm2_sign(void)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
@@ -1875,11 +1876,19 @@ _test_sm2_sign(bool rnd_secret)
else
asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
- asym_op->sm2.message.data = input_params.message.data;
- asym_op->sm2.message.length = input_params.message.length;
- asym_op->sm2.id.data = input_params.id.data;
- asym_op->sm2.id.length = input_params.id.length;
- if (rnd_secret) {
+ if (asym_op->sm2.hash == RTE_CRYPTO_AUTH_SM3) {
+ asym_op->sm2.message.data = input_params.message.data;
+ asym_op->sm2.message.length = input_params.message.length;
+ asym_op->sm2.id.data = input_params.id.data;
+ asym_op->sm2.id.length = input_params.id.length;
+ } else {
+ asym_op->sm2.message.data = input_params.digest.data;
+ asym_op->sm2.message.length = input_params.digest.length;
+ asym_op->sm2.id.data = NULL;
+ asym_op->sm2.id.length = 0;
+ }
+
+ if (capa->internal_rng != 0) {
asym_op->sm2.k.data = NULL;
asym_op->sm2.k.length = 0;
} else {
@@ -1928,7 +1937,7 @@ _test_sm2_sign(bool rnd_secret)
debug_hexdump(stdout, "s:",
asym_op->sm2.s.data, asym_op->sm2.s.length);
- if (!rnd_secret) {
+ if (capa->internal_rng == 0) {
/* Verify sign (by comparison). */
if (memcmp(input_params.sign_r.data, asym_op->sm2.r.data,
asym_op->sm2.r.length) != 0) {
@@ -1989,18 +1998,6 @@ _test_sm2_sign(bool rnd_secret)
return status;
};
-static int
-test_sm2_sign_rnd_secret(void)
-{
- return _test_sm2_sign(true);
-}
-
-__rte_used static int
-test_sm2_sign_plain_secret(void)
-{
- return _test_sm2_sign(false);
-}
-
static int
test_sm2_verify(void)
{
@@ -2064,19 +2061,28 @@ test_sm2_verify(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+
if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
else
asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
- asym_op->sm2.message.data = input_params.message.data;
- asym_op->sm2.message.length = input_params.message.length;
+ if (asym_op->sm2.hash == RTE_CRYPTO_AUTH_SM3) {
+ asym_op->sm2.message.data = input_params.message.data;
+ asym_op->sm2.message.length = input_params.message.length;
+ asym_op->sm2.id.data = input_params.id.data;
+ asym_op->sm2.id.length = input_params.id.length;
+ } else {
+ asym_op->sm2.message.data = input_params.digest.data;
+ asym_op->sm2.message.length = input_params.digest.length;
+ asym_op->sm2.id.data = NULL;
+ asym_op->sm2.id.length = 0;
+ }
+
asym_op->sm2.r.data = input_params.sign_r.data;
asym_op->sm2.r.length = input_params.sign_r.length;
asym_op->sm2.s.data = input_params.sign_s.data;
asym_op->sm2.s.length = input_params.sign_s.length;
- asym_op->sm2.id.data = input_params.id.data;
- asym_op->sm2.id.length = input_params.id.length;
RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
@@ -2116,7 +2122,7 @@ test_sm2_verify(void)
};
static int
-_test_sm2_enc(bool rnd_secret)
+test_sm2_enc(void)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
@@ -2185,7 +2191,8 @@ _test_sm2_enc(bool rnd_secret)
asym_op->sm2.message.data = input_params.message.data;
[PATCH v3 6/7] crypto/cnxk: add SM2 support
Add SM2 asymmetric algorithm support in cnxk PMD.
Signed-off-by: Gowrishankar Muthukrishnan
---
doc/guides/cryptodevs/features/cn10k.ini | 1 +
doc/guides/rel_notes/release_23_11.rst| 6 +
drivers/common/cnxk/hw/cpt.h | 3 +-
drivers/common/cnxk/roc_ae.c | 32 ++-
drivers/common/cnxk/roc_ae.h | 3 +-
drivers/common/cnxk/roc_ae_fpm_tables.c | 190 ++
drivers/crypto/cnxk/cnxk_ae.h | 232 +-
drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +-
.../crypto/cnxk/cnxk_cryptodev_capabilities.c | 17 ++
9 files changed, 481 insertions(+), 5 deletions(-)
diff --git a/doc/guides/cryptodevs/features/cn10k.ini
b/doc/guides/cryptodevs/features/cn10k.ini
index 55a1226965..15e2dd48a8 100644
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -103,6 +103,7 @@ Modular Inversion =
Diffie-hellman =
ECDSA = Y
ECPM= Y
+SM2 = Y
;
; Supported Operating systems of the 'cn10k' crypto driver.
diff --git a/doc/guides/rel_notes/release_23_11.rst
b/doc/guides/rel_notes/release_23_11.rst
index e9afae8030..b21e78c7a0 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -72,12 +72,18 @@ New Features
Also, make sure to start the actual text at the margin.
===
+
* build: Enabling deprecated libraries is now done using the new
``enable_deprecated_libraries`` build option.
* build: Optional libraries can now be selected with the new ``enable_libs``
build option similarly to the existing ``enable_drivers`` build option.
+* **Updated CNXK crypto driver.**
+
+ * Added SM2 algorithm support in asymmetric crypto operations.
+
+
Removed Items
-
diff --git a/drivers/common/cnxk/hw/cpt.h b/drivers/common/cnxk/hw/cpt.h
index 5e1519e202..ce57de8788 100644
--- a/drivers/common/cnxk/hw/cpt.h
+++ b/drivers/common/cnxk/hw/cpt.h
@@ -79,7 +79,8 @@ union cpt_eng_caps {
uint64_t __io reserved_23_33 : 11;
uint64_t __io pdcp_chain : 1;
uint64_t __io sg_ver2 : 1;
- uint64_t __io reserved_36_63 : 28;
+ uint64_t __io sm2 : 1;
+ uint64_t __io reserved_37_63 : 27;
};
};
diff --git a/drivers/common/cnxk/roc_ae.c b/drivers/common/cnxk/roc_ae.c
index 336b927641..e6a013d7c4 100644
--- a/drivers/common/cnxk/roc_ae.c
+++ b/drivers/common/cnxk/roc_ae.c
@@ -149,7 +149,37 @@ const struct roc_ae_ec_group ae_ec_grp[ROC_AE_EC_ID_PMAX]
= {
0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C,
0x34, 0xF1, 0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50,
0x3F, 0x00},
- .length = 66}}};
+ .length = 66},
+ },
+ {},
+ {},
+ {},
+ {
+ .prime = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00,
+ 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF},
+ .length = 32},
+ .order = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0x72, 0x03, 0xDF, 0x6B, 0x21,
+ 0xC6, 0x05, 0x2B, 0x53, 0xBB, 0xF4, 0x09,
+ 0x39, 0xD5, 0x41, 0x23},
+ .length = 32},
+ .consta = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00,
+ 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFC},
+ .length = 32},
+ .constb = {.data = {0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E,
+ 0x34, 0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65,
+ 0x09, 0xA7, 0xF3, 0x97, 0x89, 0xF5, 0x15,
+ 0xAB, 0x8F, 0x92, 0xDD, 0xBC, 0xBD, 0x41,
+ 0x4D, 0x94, 0x0E, 0x93},
+ .length = 32},
+ }};
int
roc_ae_ec_grp_get(struct roc_ae_ec_group **tbl)
diff --git a/drivers/common/cnxk/roc_ae.h b/drivers/common/cnxk/roc_ae.h
index d8ad0129b1..d459c5e680 100644
--- a/drivers/common/cnxk/roc_ae.h
+++ b/drivers/common/cnxk/roc_ae.h
@@ -34,7 +34,8 @@ typedef enum {
ROC_AE_EC_I
[PATCH v4 0/7] cryptodev: support digest message in SM2
This patch series fixes SM2 algorithm implementation to support digest message as input along with plain message as today. v4: - code rebase on next-crypto Gowrishankar Muthukrishnan (7): crypto/openssl: include SM2 in asymmetric capabilities cryptodev: add hash algorithms in asymmetric capability cryptodev: use generic EC xform params for SM2 cryptodev: set private and public keys in EC session cryptodev: add RNG capability in EC based xform crypto/cnxk: add SM2 support app/test: check asymmetric capabilities in SM2 test app/test/test_cryptodev_asym.c| 197 - app/test/test_cryptodev_sm2_test_vectors.h| 32 ++- doc/guides/cryptodevs/features/cn10k.ini | 1 + doc/guides/rel_notes/release_23_11.rst| 6 + drivers/common/cnxk/hw/cpt.h | 2 +- drivers/common/cnxk/roc_ae.c | 32 ++- drivers/common/cnxk/roc_ae.h | 21 +- drivers/common/cnxk/roc_ae_fpm_tables.c | 190 + drivers/common/cpt/cpt_mcode_defines.h| 18 ++ drivers/common/cpt/cpt_ucode_asym.h | 22 +- drivers/crypto/cnxk/cnxk_ae.h | 269 +- drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 17 ++ drivers/crypto/openssl/rte_openssl_pmd.c | 53 +--- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 55 +++- drivers/crypto/qat/qat_asym.c | 6 +- examples/fips_validation/main.c | 14 +- lib/cryptodev/cryptodev_trace.h | 9 + lib/cryptodev/cryptodev_trace_points.c| 3 + lib/cryptodev/rte_crypto_asym.h | 33 +-- lib/cryptodev/rte_cryptodev.c | 16 ++ lib/cryptodev/rte_cryptodev.h | 25 ++ lib/cryptodev/version.map | 1 + 23 files changed, 828 insertions(+), 196 deletions(-) -- 2.25.1
[PATCH v4 1/7] crypto/openssl: include SM2 in asymmetric capabilities
Include SM2 algorithm in the asymmetric capabilities supported
by OpenSSL PMD.
Fixes: 3b7d638fb11f ("crypto/openssl: support asymmetric SM2")
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Arkadiusz Kusztal
---
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 14 ++
1 file changed, 14 insertions(+)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 85a4fa3e55..2eb450fcfd 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -593,6 +593,20 @@ static const struct rte_cryptodev_capabilities
openssl_pmd_capabilities[] = {
},
}
},
+ { /* SM2 */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+ .op_types =
+ ((1<
[PATCH v4 2/7] cryptodev: add hash algorithms in asymmetric capability
Most of the asymmetric operations start with hash of the input.
But a PMD might also support only plain input (eg openssl).
Add a new field in asymmetric capability to declare support
for hash operations that PMD can support for the asymmetric
operations. Application can skip computing hash if PMD already
supports it.
Signed-off-by: Gowrishankar Muthukrishnan
---
app/test/test_cryptodev_asym.c | 52 ++--
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 1 +
lib/cryptodev/cryptodev_trace.h | 9
lib/cryptodev/cryptodev_trace_points.c | 3 ++
lib/cryptodev/rte_cryptodev.c| 16 ++
lib/cryptodev/rte_cryptodev.h| 19 +++
lib/cryptodev/version.map| 1 +
7 files changed, 97 insertions(+), 4 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 39de0bdac5..af323e02d9 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1810,8 +1810,10 @@ _test_sm2_sign(bool rnd_secret)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+ const struct rte_cryptodev_asymmetric_xform_capability *capa;
struct rte_mempool *sess_mpool = ts_params->session_mpool;
struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_cryptodev_asym_capability_idx idx;
uint8_t dev_id = ts_params->valid_devs[0];
struct rte_crypto_op *result_op = NULL;
uint8_t output_buf_r[TEST_DATA_SIZE];
@@ -1822,6 +1824,12 @@ _test_sm2_sign(bool rnd_secret)
int ret, status = TEST_SUCCESS;
void *sess = NULL;
+ /* Check SM2 capability */
+ idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+ capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+ if (capa == NULL)
+ return -ENOTSUP;
+
/* Setup crypto op data structure */
op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
if (op == NULL) {
@@ -1838,7 +1846,10 @@ _test_sm2_sign(bool rnd_secret)
/* Setup asym xform */
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
- xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
+ xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+ else
+ xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -1993,8 +2004,10 @@ test_sm2_verify(void)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+ const struct rte_cryptodev_asymmetric_xform_capability *capa;
struct rte_mempool *sess_mpool = ts_params->session_mpool;
struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_cryptodev_asym_capability_idx idx;
uint8_t dev_id = ts_params->valid_devs[0];
struct rte_crypto_op *result_op = NULL;
struct rte_crypto_asym_xform xform;
@@ -2003,6 +2016,12 @@ test_sm2_verify(void)
int ret, status = TEST_SUCCESS;
void *sess = NULL;
+ /* Check SM2 capability */
+ idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+ capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+ if (capa == NULL)
+ return -ENOTSUP;
+
/* Setup crypto op data structure */
op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
if (op == NULL) {
@@ -2019,7 +2038,10 @@ test_sm2_verify(void)
/* Setup asym xform */
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
- xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
+ xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+ else
+ xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -2094,9 +2116,11 @@ _test_sm2_enc(bool rnd_secret)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+ const struct rte_cryptodev_asymmetric_xform_capability *capa;
struct rte_mempool *sess_mpool = ts_params->session_mpool;
struct rte_mempool *op_mpool = ts_params->op_mpool;
uint8_t output_buf[TEST_DATA_SIZE], *pbuf = NULL;
+ struct rte_cryptodev_asym_capability_idx idx;
uint8_t dev_id = ts_params->valid_devs[0];
struct rte_crypto_op *result_op = NULL;
struct rte_crypto_asym_xform xform;
@@ -2105,6 +2129,12 @@ _test_sm2_enc(bool rnd_secr
[PATCH v4 3/7] cryptodev: use generic EC xform params for SM2
SM2 curve could use generic EC xform as it is yet another EC.
This would also require SM2 curve ID enumerated
along with other curves, as listed in:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Arkadiusz Kusztal
---
app/test/test_cryptodev_asym.c | 40
app/test/test_cryptodev_sm2_test_vectors.h | 4 +-
doc/guides/rel_notes/release_23_11.rst | 2 +
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 3 --
lib/cryptodev/rte_crypto_asym.h | 19 +++---
5 files changed, 34 insertions(+), 34 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index af323e02d9..514ea96b8b 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1846,10 +1846,7 @@ _test_sm2_sign(bool rnd_secret)
/* Setup asym xform */
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
- xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
- else
- xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
+ xform.ec.curve_id = input_params.curve;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -1867,6 +1864,11 @@ _test_sm2_sign(bool rnd_secret)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
+ asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+ else
+ asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
asym_op->sm2.message.data = input_params.message.data;
asym_op->sm2.message.length = input_params.message.length;
asym_op->sm2.pkey.data = input_params.pkey.data;
@@ -2038,10 +2040,7 @@ test_sm2_verify(void)
/* Setup asym xform */
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
- xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
- else
- xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
+ xform.ec.curve_id = input_params.curve;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -2059,6 +2058,11 @@ test_sm2_verify(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
+ asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+ else
+ asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
asym_op->sm2.message.data = input_params.message.data;
asym_op->sm2.message.length = input_params.message.length;
asym_op->sm2.pkey.data = input_params.pkey.data;
@@ -2150,10 +2154,7 @@ _test_sm2_enc(bool rnd_secret)
/* Setup asym xform */
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
- xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
- else
- xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
+ xform.ec.curve_id = input_params.curve;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -2171,6 +2172,11 @@ _test_sm2_enc(bool rnd_secret)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
+ asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
+ else
+ asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
+
asym_op->sm2.message.data = input_params.message.data;
asym_op->sm2.message.length = input_params.message.length;
asym_op->sm2.pkey.data = input_params.pkey.data;
@@ -2340,10 +2346,7 @@ test_sm2_dec(void)
/* Setup asym xform */
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
- xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
- else
- xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
+ xform.ec.curve_id = input_params.curve;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -2361,6 +2364,11 @@ test_sm2_dec(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
+
[PATCH v4 4/7] cryptodev: set private and public keys in EC session
Set EC private and public keys into xform so that, it can be
maintained per session.
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Ciara Power
---
app/test/test_cryptodev_asym.c | 60 ++--
drivers/common/cnxk/roc_ae.h | 18 ++
drivers/common/cpt/cpt_mcode_defines.h | 18 ++
drivers/common/cpt/cpt_ucode_asym.h | 22 +++
drivers/crypto/cnxk/cnxk_ae.h| 37
drivers/crypto/openssl/rte_openssl_pmd.c | 53 +
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 35
drivers/crypto/qat/qat_asym.c| 6 +-
examples/fips_validation/main.c | 14 +++--
lib/cryptodev/rte_crypto_asym.h | 18 ++
10 files changed, 158 insertions(+), 123 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 514ea96b8b..a2bb1f9336 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1503,6 +1503,12 @@ test_ecdsa_sign_verify(enum curve curve_id)
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA;
xform.ec.curve_id = input_params.curve;
+ xform.ec.pkey.data = input_params.pkey.data;
+ xform.ec.pkey.length = input_params.pkey.length;
+ xform.ec.q.x.data = input_params.pubkey_qx.data;
+ xform.ec.q.x.length = input_params.pubkey_qx.length;
+ xform.ec.q.y.data = input_params.pubkey_qy.data;
+ xform.ec.q.y.length = input_params.pubkey_qy.length;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -1524,8 +1530,6 @@ test_ecdsa_sign_verify(enum curve curve_id)
op->asym->ecdsa.message.length = input_params.digest.length;
op->asym->ecdsa.k.data = input_params.scalar.data;
op->asym->ecdsa.k.length = input_params.scalar.length;
- op->asym->ecdsa.pkey.data = input_params.pkey.data;
- op->asym->ecdsa.pkey.length = input_params.pkey.length;
/* Init out buf */
op->asym->ecdsa.r.data = output_buf_r;
@@ -1582,10 +1586,6 @@ test_ecdsa_sign_verify(enum curve curve_id)
/* Populate op with operational details */
op->asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
- op->asym->ecdsa.q.x.data = input_params.pubkey_qx.data;
- op->asym->ecdsa.q.x.length = input_params.pubkey_qx.length;
- op->asym->ecdsa.q.y.data = input_params.pubkey_qy.data;
- op->asym->ecdsa.q.y.length = input_params.pubkey_qx.length;
op->asym->ecdsa.r.data = asym_op->ecdsa.r.data;
op->asym->ecdsa.r.length = asym_op->ecdsa.r.length;
op->asym->ecdsa.s.data = asym_op->ecdsa.s.data;
@@ -1847,6 +1847,12 @@ _test_sm2_sign(bool rnd_secret)
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
xform.ec.curve_id = input_params.curve;
+ xform.ec.pkey.data = input_params.pkey.data;
+ xform.ec.pkey.length = input_params.pkey.length;
+ xform.ec.q.x.data = input_params.pubkey_qx.data;
+ xform.ec.q.x.length = input_params.pubkey_qx.length;
+ xform.ec.q.y.data = input_params.pubkey_qy.data;
+ xform.ec.q.y.length = input_params.pubkey_qy.length;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -1871,12 +1877,6 @@ _test_sm2_sign(bool rnd_secret)
asym_op->sm2.message.data = input_params.message.data;
asym_op->sm2.message.length = input_params.message.length;
- asym_op->sm2.pkey.data = input_params.pkey.data;
- asym_op->sm2.pkey.length = input_params.pkey.length;
- asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
- asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
- asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
- asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
asym_op->sm2.id.data = input_params.id.data;
asym_op->sm2.id.length = input_params.id.length;
if (rnd_secret) {
@@ -2041,6 +2041,12 @@ test_sm2_verify(void)
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
xform.ec.curve_id = input_params.curve;
+ xform.ec.pkey.data = input_params.pkey.data;
+ xform.ec.pkey.length = input_params.pkey.length;
+ xform.ec.q.x.data = input_params.pubkey_qx.data;
+ xform.ec.q.x.length = input_params.pubkey_qx.length;
+ xform.ec.q.y.data = input_params.pubkey_qy.data;
+ xform.ec.q.y.length = input_params.pubkey_qy.length;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -2065,12 +2071,6 @@ test_sm2_verify(void)
asym_op->sm2.message.data = input_params.message.data;
asym_op->sm2.
[PATCH v4 5/7] cryptodev: add RNG capability in EC based xform
Elliptic curve based asymmetric operations use cryptographically
secure random number in its computation. If PMD supports RNG
for such ops, the application could skip computing on its own.
This patch adds new field in asymmetric capability to declare
this capability.
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Arkadiusz Kusztal
---
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 2 ++
lib/cryptodev/rte_cryptodev.h| 6 ++
2 files changed, 8 insertions(+)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 083ad63360..2862c294a9 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -604,6 +604,8 @@ static const struct rte_cryptodev_capabilities
openssl_pmd_capabilities[] = {
(1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
(1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
(1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+ {.internal_rng = 1
+ }
}
}
}
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 3a1b4dc501..6c8f532797 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -181,6 +181,12 @@ struct rte_cryptodev_asymmetric_xform_capability {
/**< Range of modulus length supported by modulus based xform.
* Value 0 mean implementation default
*/
+
+ uint8_t internal_rng;
+ /**< Availability of random number generator for Elliptic curve
based xform.
+* Value 0 means unavailable, and application should pass the
required
+* random value. Otherwise, PMD would internally compute the
random number.
+*/
};
uint64_t hash_algos;
--
2.25.1
[PATCH v4 6/7] crypto/cnxk: add SM2 support
Add SM2 asymmetric algorithm support in cnxk PMD.
Signed-off-by: Gowrishankar Muthukrishnan
---
doc/guides/cryptodevs/features/cn10k.ini | 1 +
doc/guides/rel_notes/release_23_11.rst| 4 +
drivers/common/cnxk/hw/cpt.h | 2 +-
drivers/common/cnxk/roc_ae.c | 32 ++-
drivers/common/cnxk/roc_ae.h | 3 +-
drivers/common/cnxk/roc_ae_fpm_tables.c | 190 ++
drivers/crypto/cnxk/cnxk_ae.h | 232 +-
drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +-
.../crypto/cnxk/cnxk_cryptodev_capabilities.c | 17 ++
9 files changed, 478 insertions(+), 5 deletions(-)
diff --git a/doc/guides/cryptodevs/features/cn10k.ini
b/doc/guides/cryptodevs/features/cn10k.ini
index 53ee2a720e..4f542c6038 100644
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -104,6 +104,7 @@ Modular Inversion =
Diffie-hellman =
ECDSA = Y
ECPM= Y
+SM2 = Y
;
; Supported Operating systems of the 'cn10k' crypto driver.
diff --git a/doc/guides/rel_notes/release_23_11.rst
b/doc/guides/rel_notes/release_23_11.rst
index 53639543a6..401230a1c0 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -96,6 +96,10 @@ New Features
Added support for DOCSIS security protocol through the ``rte_security`` API
callbacks.
+* **Updated CNXK crypto driver.**
+
+ Added SM2 algorithm support in asymmetric crypto operations.
+
Removed Items
-
diff --git a/drivers/common/cnxk/hw/cpt.h b/drivers/common/cnxk/hw/cpt.h
index cad4ed7e79..cf9046bbfb 100644
--- a/drivers/common/cnxk/hw/cpt.h
+++ b/drivers/common/cnxk/hw/cpt.h
@@ -78,7 +78,7 @@ union cpt_eng_caps {
uint64_t __io sm4 : 1;
uint64_t __io reserved_23_34 : 12;
uint64_t __io sg_ver2 : 1;
- uint64_t __io reserved36 : 1;
+ uint64_t __io sm2 : 1;
uint64_t __io pdcp_chain_zuc256 : 1;
uint64_t __io reserved_38_63 : 26;
};
diff --git a/drivers/common/cnxk/roc_ae.c b/drivers/common/cnxk/roc_ae.c
index 336b927641..e6a013d7c4 100644
--- a/drivers/common/cnxk/roc_ae.c
+++ b/drivers/common/cnxk/roc_ae.c
@@ -149,7 +149,37 @@ const struct roc_ae_ec_group ae_ec_grp[ROC_AE_EC_ID_PMAX]
= {
0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C,
0x34, 0xF1, 0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50,
0x3F, 0x00},
- .length = 66}}};
+ .length = 66},
+ },
+ {},
+ {},
+ {},
+ {
+ .prime = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00,
+ 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF},
+ .length = 32},
+ .order = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0x72, 0x03, 0xDF, 0x6B, 0x21,
+ 0xC6, 0x05, 0x2B, 0x53, 0xBB, 0xF4, 0x09,
+ 0x39, 0xD5, 0x41, 0x23},
+ .length = 32},
+ .consta = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00,
+ 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFC},
+ .length = 32},
+ .constb = {.data = {0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E,
+ 0x34, 0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65,
+ 0x09, 0xA7, 0xF3, 0x97, 0x89, 0xF5, 0x15,
+ 0xAB, 0x8F, 0x92, 0xDD, 0xBC, 0xBD, 0x41,
+ 0x4D, 0x94, 0x0E, 0x93},
+ .length = 32},
+ }};
int
roc_ae_ec_grp_get(struct roc_ae_ec_group **tbl)
diff --git a/drivers/common/cnxk/roc_ae.h b/drivers/common/cnxk/roc_ae.h
index d8ad0129b1..d459c5e680 100644
--- a/drivers/common/cnxk/roc_ae.h
+++ b/drivers/common/cnxk/roc_ae.h
@@ -34,7 +34,8 @@ typedef enum {
ROC_AE_EC_ID_P160 = 5,
ROC_AE_EC_ID_P320 = 6,
ROC_AE_EC_ID_P512 = 7,
- ROC_AE_EC_ID_PMAX = 8
+ ROC_AE_EC_ID_SM2 = 8,
+ ROC_AE_EC_ID_PMAX
} roc_ae_ec_id;
/* Prime and order fields of built-in elliptic curves */
diff --git a/drivers/common/cnxk/roc_ae_fpm_t
[PATCH v4 7/7] app/test: check asymmetric capabilities in SM2 test
Check asymmetric capabilities such as SM3 hash support and
internal RNG and accordingly choose op params for SM2 test.
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Arkadiusz Kusztal
---
app/test/test_cryptodev_asym.c | 77 +++---
app/test/test_cryptodev_sm2_test_vectors.h | 28 +---
2 files changed, 57 insertions(+), 48 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index a2bb1f9336..94bb091df3 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -608,6 +608,7 @@ static inline void print_asym_capa(
break;
case RTE_CRYPTO_ASYM_XFORM_ECDSA:
case RTE_CRYPTO_ASYM_XFORM_ECPM:
+ case RTE_CRYPTO_ASYM_XFORM_SM2:
default:
break;
}
@@ -1806,7 +1807,7 @@ test_ecpm_all_curve(void)
}
static int
-_test_sm2_sign(bool rnd_secret)
+test_sm2_sign(void)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
@@ -1875,11 +1876,19 @@ _test_sm2_sign(bool rnd_secret)
else
asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
- asym_op->sm2.message.data = input_params.message.data;
- asym_op->sm2.message.length = input_params.message.length;
- asym_op->sm2.id.data = input_params.id.data;
- asym_op->sm2.id.length = input_params.id.length;
- if (rnd_secret) {
+ if (asym_op->sm2.hash == RTE_CRYPTO_AUTH_SM3) {
+ asym_op->sm2.message.data = input_params.message.data;
+ asym_op->sm2.message.length = input_params.message.length;
+ asym_op->sm2.id.data = input_params.id.data;
+ asym_op->sm2.id.length = input_params.id.length;
+ } else {
+ asym_op->sm2.message.data = input_params.digest.data;
+ asym_op->sm2.message.length = input_params.digest.length;
+ asym_op->sm2.id.data = NULL;
+ asym_op->sm2.id.length = 0;
+ }
+
+ if (capa->internal_rng != 0) {
asym_op->sm2.k.data = NULL;
asym_op->sm2.k.length = 0;
} else {
@@ -1928,7 +1937,7 @@ _test_sm2_sign(bool rnd_secret)
debug_hexdump(stdout, "s:",
asym_op->sm2.s.data, asym_op->sm2.s.length);
- if (!rnd_secret) {
+ if (capa->internal_rng == 0) {
/* Verify sign (by comparison). */
if (memcmp(input_params.sign_r.data, asym_op->sm2.r.data,
asym_op->sm2.r.length) != 0) {
@@ -1989,18 +1998,6 @@ _test_sm2_sign(bool rnd_secret)
return status;
};
-static int
-test_sm2_sign_rnd_secret(void)
-{
- return _test_sm2_sign(true);
-}
-
-__rte_used static int
-test_sm2_sign_plain_secret(void)
-{
- return _test_sm2_sign(false);
-}
-
static int
test_sm2_verify(void)
{
@@ -2064,19 +2061,28 @@ test_sm2_verify(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+
if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
else
asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
- asym_op->sm2.message.data = input_params.message.data;
- asym_op->sm2.message.length = input_params.message.length;
+ if (asym_op->sm2.hash == RTE_CRYPTO_AUTH_SM3) {
+ asym_op->sm2.message.data = input_params.message.data;
+ asym_op->sm2.message.length = input_params.message.length;
+ asym_op->sm2.id.data = input_params.id.data;
+ asym_op->sm2.id.length = input_params.id.length;
+ } else {
+ asym_op->sm2.message.data = input_params.digest.data;
+ asym_op->sm2.message.length = input_params.digest.length;
+ asym_op->sm2.id.data = NULL;
+ asym_op->sm2.id.length = 0;
+ }
+
asym_op->sm2.r.data = input_params.sign_r.data;
asym_op->sm2.r.length = input_params.sign_r.length;
asym_op->sm2.s.data = input_params.sign_s.data;
asym_op->sm2.s.length = input_params.sign_s.length;
- asym_op->sm2.id.data = input_params.id.data;
- asym_op->sm2.id.length = input_params.id.length;
RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
@@ -2116,7 +2122,7 @@ test_sm2_verify(void)
};
static int
-_test_sm2_enc(bool rnd_secret)
+test_sm2_enc(void)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
@@ -2185,7 +2191,8 @@ _test_sm2_enc(bool rnd_secret)
asym_op->sm2.message.data = input_params.message.data;
[PATCH v2] test/cryptodev: add modexp group tests
Add modexp tests for groups 5, 14, 15, 16, 17 and 18.
Signed-off-by: Gowrishankar Muthukrishnan
---
v2:
- rebase on main
---
app/test/test_cryptodev_asym.c | 48 +
app/test/test_cryptodev_mod_test_vectors.h | 989 -
2 files changed, 1036 insertions(+), 1 deletion(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 94bb091df3..c6334380d7 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -2745,6 +2745,30 @@ static struct unit_test_suite
cryptodev_openssl_asym_testsuite = {
test_rsa_sign_verify_crt),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_inv),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[0].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[0]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[1].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[1]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[2].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[2]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[3].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[3]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[4].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[4]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[5].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[5]),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
@@ -2796,6 +2820,30 @@ static struct unit_test_suite
cryptodev_octeontx_asym_testsuite = {
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
test_rsa_sign_verify_crt),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[0].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[0]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[1].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[1]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[2].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[2]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[3].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[3]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[4].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[4]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[5].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[5]),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
test_ecdsa_sign_verify_all_curve),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign),
diff --git a/app/test/test_cryptodev_mod_test_vectors.h
b/app/test/test_cryptodev_mod_test_vectors.h
index 0ffc958037..c773c37018 100644
--- a/app/test/test_cryptodev_mod_test_vectors.h
+++ b/app/test/test_cryptodev_mod_test_vectors.h
@@ -6,7 +6,7 @@
#ifndef TEST_CRYPTODEV_MOD_TEST_VECTORS_H_
#define TEST_CRYPTODEV_MOD_TEST_VECTORS_H_
-#define DATA_SIZE 512
+#define DATA_SIZE 1024
struct modex_test_data {
enum rte_crypto_asym_xform_type xform_type;
@@ -269,4 +269,991 @@ struct rte_crypto_asym_xform modinv_xform = {
}
};
+static const struct
+modex_test_data modex_group_test_cases[] = {
+{
+ .description = "Modula
[PATCH v1 0/4] test/cryptodev: add ECDH tests
This patch series adds ECDH testsuite. It also enables ECDH support in CNXK PMD. Gowrishankar Muthukrishnan (4): test/cryptodev: add ECDH tests crypto/cnxk: use generic EC opcodes crypto/cnxk: change order of ECFPM params crypto/cnxk: add ECDH support app/test/test_cryptodev_asym.c| 729 ++ app/test/test_cryptodev_asym_util.h | 12 + app/test/test_cryptodev_ecdh_test_vectors.h | 577 ++ app/test/test_cryptodev_ecdsa_test_vectors.h | 3 + doc/guides/cryptodevs/features/cn10k.ini | 1 + doc/guides/cryptodevs/features/cn9k.ini | 1 + drivers/common/cnxk/roc_ae.h | 21 +- drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 12 + drivers/crypto/cnxk/cnxk_ae.h | 240 -- drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 14 + 11 files changed, 1543 insertions(+), 69 deletions(-) create mode 100644 app/test/test_cryptodev_ecdh_test_vectors.h -- 2.25.1
[PATCH v1 1/4] test/cryptodev: add ECDH tests
Add ECDH tests.
Signed-off-by: Gowrishankar Muthukrishnan
---
app/test/test_cryptodev_asym.c | 729 +++
app/test/test_cryptodev_asym_util.h | 12 +
app/test/test_cryptodev_ecdh_test_vectors.h | 577 +++
app/test/test_cryptodev_ecdsa_test_vectors.h | 3 +
4 files changed, 1321 insertions(+)
create mode 100644 app/test/test_cryptodev_ecdh_test_vectors.h
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index c6334380d7..965e71d0bc 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -17,6 +17,7 @@
#include "test_cryptodev.h"
#include "test_cryptodev_dh_test_vectors.h"
#include "test_cryptodev_dsa_test_vectors.h"
+#include "test_cryptodev_ecdh_test_vectors.h"
#include "test_cryptodev_ecdsa_test_vectors.h"
#include "test_cryptodev_ecpm_test_vectors.h"
#include "test_cryptodev_mod_test_vectors.h"
@@ -1806,6 +1807,732 @@ test_ecpm_all_curve(void)
return overall_status;
}
+static int
+test_ecdh_priv_key_generate(enum curve curve_id)
+{
+ struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
+ const struct rte_cryptodev_asymmetric_xform_capability *capa;
+ struct rte_mempool *sess_mpool = ts_params->session_mpool;
+ struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_cryptodev_asym_capability_idx idx;
+ uint8_t dev_id = ts_params->valid_devs[0];
+ struct rte_crypto_asym_xform xform = {0};
+ struct rte_crypto_op *result_op = NULL;
+ uint8_t output_buf[TEST_DATA_SIZE];
+ struct rte_crypto_asym_op *asym_op;
+ struct rte_crypto_op *op = NULL;
+ int ret, status = TEST_SUCCESS;
+ uint16_t output_buflen = 0;
+ void *sess = NULL;
+ int curve;
+
+ /* Check ECDH capability */
+ idx.type = RTE_CRYPTO_ASYM_XFORM_ECDH;
+ capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+ if (capa == NULL)
+ return -ENOTSUP;
+
+ if (!(capa->op_types & (1 << RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE)))
+ return -ENOTSUP;
+
+ switch (curve_id) {
+ case SECP192R1:
+ curve = RTE_CRYPTO_EC_GROUP_SECP192R1;
+ output_buflen = 24;
+ break;
+ case SECP224R1:
+ curve = RTE_CRYPTO_EC_GROUP_SECP224R1;
+ output_buflen = 28;
+ break;
+ case SECP256R1:
+ curve = RTE_CRYPTO_EC_GROUP_SECP256R1;
+ output_buflen = 32;
+ break;
+ case SECP384R1:
+ curve = RTE_CRYPTO_EC_GROUP_SECP384R1;
+ output_buflen = 48;
+ break;
+ case SECP521R1:
+ curve = RTE_CRYPTO_EC_GROUP_SECP521R1;
+ output_buflen = 66;
+ break;
+ default:
+ RTE_LOG(ERR, USER1,
+ "line %u FAILED: %s", __LINE__,
+ "Unsupported curve id\n");
+ status = TEST_FAILED;
+ goto exit;
+ }
+
+ /* Setup crypto op data structure */
+ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+ if (op == NULL) {
+ RTE_LOG(ERR, USER1,
+ "line %u FAILED: %s", __LINE__,
+ "Failed to allocate asymmetric crypto "
+ "operation struct\n");
+ status = TEST_FAILED;
+ goto exit;
+ }
+ asym_op = op->asym;
+
+ /* Setup asym xform */
+ xform.next = NULL;
+ xform.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDH;
+ xform.ec.curve_id = curve;
+
+ ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
+ if (ret < 0) {
+ RTE_LOG(ERR, USER1,
+ "line %u FAILED: %s", __LINE__,
+ "Session creation failed\n");
+ status = (ret == -ENOTSUP) ? TEST_SKIPPED : TEST_FAILED;
+ goto exit;
+ }
+
+ /* Attach asymmetric crypto session to crypto operations */
+ rte_crypto_op_attach_asym_session(op, sess);
+
+ /* Populate op with operational details */
+ asym_op->ecdh.ke_type = RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE;
+
+ /* Init out buf */
+ asym_op->ecdh.priv_key.data = output_buf;
+ asym_op->ecdh.priv_key.length = output_buflen;
+
+ RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
+
+ /* Process crypto operation */
+ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+ RTE_LOG(ERR, USER1,
+ "line %u FAILED: %s", __LINE__,
+
[PATCH v1 2/4] crypto/cnxk: use generic EC opcodes
Use generic EC opcodes for sign and verify ops in ECDSA and SM2
implementations.
Signed-off-by: Gowrishankar Muthukrishnan
---
drivers/common/cnxk/roc_ae.h | 14 +++---
drivers/crypto/cnxk/cnxk_ae.h | 50 +++
2 files changed, 38 insertions(+), 26 deletions(-)
diff --git a/drivers/common/cnxk/roc_ae.h b/drivers/common/cnxk/roc_ae.h
index d459c5e680..eaf12ab254 100644
--- a/drivers/common/cnxk/roc_ae.h
+++ b/drivers/common/cnxk/roc_ae.h
@@ -5,9 +5,11 @@
#ifndef __ROC_AE_H__
#define __ROC_AE_H__
+#include "roc_platform.h"
+
/* AE opcodes */
#define ROC_AE_MAJOR_OP_MODEX 0x03
-#define ROC_AE_MAJOR_OP_ECDSA 0x04
+#define ROC_AE_MAJOR_OP_EC 0x04
#define ROC_AE_MAJOR_OP_ECC 0x05
#define ROC_AE_MINOR_OP_MODEX 0x01
#define ROC_AE_MINOR_OP_PKCS_ENC 0x02
@@ -15,8 +17,8 @@
#define ROC_AE_MINOR_OP_PKCS_DEC 0x04
#define ROC_AE_MINOR_OP_PKCS_DEC_CRT 0x05
#define ROC_AE_MINOR_OP_MODEX_CRT0x06
-#define ROC_AE_MINOR_OP_ECDSA_SIGN 0x01
-#define ROC_AE_MINOR_OP_ECDSA_VERIFY 0x02
+#define ROC_AE_MINOR_OP_EC_SIGN 0x01
+#define ROC_AE_MINOR_OP_EC_VERIFY0x02
#define ROC_AE_MINOR_OP_ECC_UMP 0x03
#define ROC_AE_MINOR_OP_ECC_FPM 0x04
@@ -38,6 +40,12 @@ typedef enum {
ROC_AE_EC_ID_PMAX
} roc_ae_ec_id;
+/* EC param1 fields */
+#define ROC_AE_EC_PARAM1_ECDSA (0 << 7)
+#define ROC_AE_EC_PARAM1_SM2 (1 << 7)
+#define ROC_AE_EC_PARAM1_NIST (0 << 6)
+#define ROC_AE_EC_PARAM1_NONNIST (1 << 6)
+
/* Prime and order fields of built-in elliptic curves */
struct roc_ae_ec_group {
struct {
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 09468d58b0..6e61ccb0c5 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -588,8 +588,8 @@ cnxk_ae_ecdsa_sign_prep(struct rte_crypto_ecdsa_op_param
*ecdsa,
dptr += p_align;
/* Setup opcodes */
- w4.s.opcode_major = ROC_AE_MAJOR_OP_ECDSA;
- w4.s.opcode_minor = ROC_AE_MINOR_OP_ECDSA_SIGN;
+ w4.s.opcode_major = ROC_AE_MAJOR_OP_EC;
+ w4.s.opcode_minor = ROC_AE_MINOR_OP_EC_SIGN;
w4.s.param1 = curveid | (message_len << 8);
w4.s.param2 = (p_align << 8) | k_len;
@@ -683,8 +683,8 @@ cnxk_ae_ecdsa_verify_prep(struct rte_crypto_ecdsa_op_param
*ecdsa,
dptr += p_align;
/* Setup opcodes */
- w4.s.opcode_major = ROC_AE_MAJOR_OP_ECDSA;
- w4.s.opcode_minor = ROC_AE_MINOR_OP_ECDSA_VERIFY;
+ w4.s.opcode_major = ROC_AE_MAJOR_OP_EC;
+ w4.s.opcode_minor = ROC_AE_MINOR_OP_EC_VERIFY;
w4.s.param1 = curveid | (message_len << 8);
w4.s.param2 = 0;
@@ -719,9 +719,9 @@ cnxk_ae_enqueue_ecdsa_op(struct rte_crypto_op *op,
static __rte_always_inline void
cnxk_ae_sm2_sign_prep(struct rte_crypto_sm2_op_param *sm2,
-struct roc_ae_buf_ptr *meta_buf,
-uint64_t fpm_table_iova, struct roc_ae_ec_group
*ec_grp,
-struct cnxk_ae_sess *sess, struct cpt_inst_s *inst)
+ struct roc_ae_buf_ptr *meta_buf,
+ uint64_t fpm_table_iova, struct roc_ae_ec_group *ec_grp,
+ struct cnxk_ae_sess *sess, struct cpt_inst_s *inst)
{
uint16_t message_len = sm2->message.length;
uint16_t pkey_len = sess->ec_ctx.pkey.length;
@@ -787,10 +787,12 @@ cnxk_ae_sm2_sign_prep(struct rte_crypto_sm2_op_param *sm2,
dptr += p_align;
/* Setup opcodes */
- w4.s.opcode_major = ROC_AE_MAJOR_OP_ECDSA;
- w4.s.opcode_minor = ROC_AE_MINOR_OP_ECDSA_SIGN;
+ w4.s.opcode_major = ROC_AE_MAJOR_OP_EC;
+ w4.s.opcode_minor = ROC_AE_MINOR_OP_EC_SIGN;
- w4.s.param1 = 2 | 1 << 7 | 1 << 6 | (message_len << 8);
+ /* prime length of SM2 curve is same as that of P256. */
+ w4.s.param1 = ROC_AE_EC_ID_P256 |
+ ROC_AE_EC_PARAM1_SM2 | ROC_AE_EC_PARAM1_NONNIST | (message_len
<< 8);
w4.s.param2 = (p_align << 8) | k_len;
w4.s.dlen = dlen;
@@ -800,10 +802,10 @@ cnxk_ae_sm2_sign_prep(struct rte_crypto_sm2_op_param *sm2,
static __rte_always_inline void
cnxk_ae_sm2_verify_prep(struct rte_crypto_sm2_op_param *sm2,
-struct roc_ae_buf_ptr *meta_buf,
-uint64_t fpm_table_iova,
-struct roc_ae_ec_group *ec_grp, struct cnxk_ae_sess
*sess,
-struct cpt_inst_s *inst)
+ struct roc_ae_buf_ptr *meta_buf,
+ uint64_t fpm_table_iova,
+ struct roc_ae_ec_group *ec_grp, struct cnxk_ae_sess
*sess,
+ struct cpt_inst_s *inst)
{
uint32_t message_len = sm2->message.length;
uint16_t o_offset, r_offset, s_offset;
@@ -881,10 +883,12 @@ cnxk_ae_sm2_ve
[PATCH v1 3/4] crypto/cnxk: change order of ECFPM params
Change order of ECFPM params to match changes in v2.0 microcode.
Signed-off-by: Gowrishankar Muthukrishnan
---
drivers/crypto/cnxk/cnxk_ae.h | 49 ++-
1 file changed, 20 insertions(+), 29 deletions(-)
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 6e61ccb0c5..f05ae4f4a1 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -923,7 +923,7 @@ static __rte_always_inline int
cnxk_ae_ecfpm_prep(struct rte_crypto_ecpm_op_param *ecpm,
struct roc_ae_buf_ptr *meta_buf, uint64_t *fpm_iova,
struct roc_ae_ec_group *ec_grp, uint8_t curveid,
- struct cpt_inst_s *inst, int cpt_ver)
+ struct cpt_inst_s *inst)
{
uint16_t scalar_align, p_align;
uint16_t dlen, prime_len;
@@ -942,34 +942,26 @@ cnxk_ae_ecfpm_prep(struct rte_crypto_ecpm_op_param *ecpm,
scalar_align = RTE_ALIGN_CEIL(ecpm->scalar.length, 8);
/*
-* Set dlen = sum(prime, scalar length, table address and
-* optionally ROUNDUP8(input point(x and y coordinates)).
+* Set dlen = sum(ROUNDUP8(input point(x and y coordinates), prime,
+* scalar length),
* Please note point length is equivalent to prime of the curve
*/
- if (cpt_ver == ROC_CPT_REVISION_ID_96XX_B0 || cpt_ver ==
ROC_CPT_REVISION_ID_96XX_C0 ||
- cpt_ver == ROC_CPT_REVISION_ID_98XX) {
- dlen = sizeof(fpm_table_iova) + 3 * p_align + scalar_align;
- memset(dptr, 0, dlen);
- *(uint64_t *)dptr = fpm_table_iova;
- dptr += sizeof(fpm_table_iova);
- memcpy(dptr, ecpm->scalar.data, ecpm->scalar.length);
- dptr += scalar_align;
- memcpy(dptr, ec_grp->prime.data, ec_grp->prime.length);
- dptr += p_align;
- memcpy(dptr, ec_grp->consta.data, ec_grp->consta.length);
- dptr += p_align;
- memcpy(dptr, ec_grp->constb.data, ec_grp->constb.length);
- dptr += p_align;
- } else {
- dlen = sizeof(fpm_table_iova) + p_align + scalar_align;
- memset(dptr, 0, dlen);
- memcpy(dptr, ecpm->scalar.data, ecpm->scalar.length);
- dptr += scalar_align;
- memcpy(dptr, ec_grp->prime.data, ec_grp->prime.length);
- dptr += p_align;
- *(uint64_t *)dptr = fpm_table_iova;
- dptr += sizeof(fpm_table_iova);
- }
+ dlen = sizeof(fpm_table_iova) + 3 * p_align + scalar_align;
+
+ memset(dptr, 0, dlen);
+
+ *(uint64_t *)dptr = fpm_table_iova;
+ dptr += sizeof(fpm_table_iova);
+
+ /* Copy scalar, prime */
+ memcpy(dptr, ecpm->scalar.data, ecpm->scalar.length);
+ dptr += scalar_align;
+ memcpy(dptr, ec_grp->prime.data, ec_grp->prime.length);
+ dptr += p_align;
+ memcpy(dptr, ec_grp->consta.data, ec_grp->consta.length);
+ dptr += p_align;
+ memcpy(dptr, ec_grp->constb.data, ec_grp->constb.length);
+ dptr += p_align;
/* Setup opcodes */
w4.s.opcode_major = ROC_AE_MAJOR_OP_ECC;
@@ -1224,8 +1216,7 @@ cnxk_ae_enqueue(struct cnxk_cpt_qp *qp, struct
rte_crypto_op *op,
ret = cnxk_ae_ecfpm_prep(&asym_op->ecpm, &meta_buf,
sess->cnxk_fpm_iova,
sess->ec_grp[sess->ec_ctx.curveid],
-sess->ec_ctx.curveid, inst,
-sess->lf->roc_cpt->cpt_revision);
+sess->ec_ctx.curveid, inst);
if (unlikely(ret))
goto req_fail;
break;
--
2.25.1
[PATCH v1 4/4] crypto/cnxk: add ECDH support
Add ECDH support in CNXK PMD.
Signed-off-by: Gowrishankar Muthukrishnan
---
doc/guides/cryptodevs/features/cn10k.ini | 1 +
doc/guides/cryptodevs/features/cn9k.ini | 1 +
drivers/common/cnxk/roc_ae.h | 7 +
drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 12 ++
drivers/crypto/cnxk/cnxk_ae.h | 143 --
drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +-
.../crypto/cnxk/cnxk_cryptodev_capabilities.c | 14 ++
7 files changed, 165 insertions(+), 15 deletions(-)
diff --git a/doc/guides/cryptodevs/features/cn10k.ini
b/doc/guides/cryptodevs/features/cn10k.ini
index 4f542c6038..ea8a22eb46 100644
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -102,6 +102,7 @@ DSA =
Modular Exponentiation = Y
Modular Inversion =
Diffie-hellman =
+ECDH= Y
ECDSA = Y
ECPM= Y
SM2 = Y
diff --git a/doc/guides/cryptodevs/features/cn9k.ini
b/doc/guides/cryptodevs/features/cn9k.ini
index bf0e1a98b2..d70771d9bd 100644
--- a/doc/guides/cryptodevs/features/cn9k.ini
+++ b/doc/guides/cryptodevs/features/cn9k.ini
@@ -96,6 +96,7 @@ DSA =
Modular Exponentiation = Y
Modular Inversion =
Diffie-hellman =
+ECDH= Y
ECDSA = Y
ECPM= Y
diff --git a/drivers/common/cnxk/roc_ae.h b/drivers/common/cnxk/roc_ae.h
index eaf12ab254..a9a08d9fb9 100644
--- a/drivers/common/cnxk/roc_ae.h
+++ b/drivers/common/cnxk/roc_ae.h
@@ -8,9 +8,11 @@
#include "roc_platform.h"
/* AE opcodes */
+#define ROC_AE_MAJOR_OP_RANDOM 0x32
#define ROC_AE_MAJOR_OP_MODEX 0x03
#define ROC_AE_MAJOR_OP_EC 0x04
#define ROC_AE_MAJOR_OP_ECC 0x05
+#define ROC_AE_MINOR_OP_RANDOM 0x00
#define ROC_AE_MINOR_OP_MODEX 0x01
#define ROC_AE_MINOR_OP_PKCS_ENC 0x02
#define ROC_AE_MINOR_OP_PKCS_ENC_CRT 0x03
@@ -46,6 +48,11 @@ typedef enum {
#define ROC_AE_EC_PARAM1_NIST (0 << 6)
#define ROC_AE_EC_PARAM1_NONNIST (1 << 6)
+typedef enum {
+ ROC_AE_ERR_ECC_PAI = 0x0b,
+ ROC_AE_ERR_ECC_POINT_NOT_ON_CURVE = 0x11
+} roc_ae_error_code;
+
/* Prime and order fields of built-in elliptic curves */
struct roc_ae_ec_group {
struct {
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index 5f181e8839..997110e3d3 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -860,6 +860,18 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp,
}
return;
+ } else if (cop->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC &&
+ cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION &&
+ cop->asym->ecdh.ke_type ==
RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY) {
+ if (likely(compcode == CPT_COMP_GOOD)) {
+ if (uc_compcode == ROC_AE_ERR_ECC_POINT_NOT_ON_CURVE) {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ return;
+ } else if (uc_compcode == ROC_AE_ERR_ECC_PAI) {
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+ return;
+ }
+ }
}
if (likely(compcode == CPT_COMP_GOOD)) {
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index f05ae4f4a1..ea11e093bf 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -236,6 +236,7 @@ cnxk_ae_fill_session_parameters(struct cnxk_ae_sess *sess,
break;
case RTE_CRYPTO_ASYM_XFORM_ECDSA:
/* Fall through */
+ case RTE_CRYPTO_ASYM_XFORM_ECDH:
case RTE_CRYPTO_ASYM_XFORM_ECPM:
case RTE_CRYPTO_ASYM_XFORM_ECFPM:
case RTE_CRYPTO_ASYM_XFORM_SM2:
@@ -920,7 +921,7 @@ cnxk_ae_enqueue_sm2_op(struct rte_crypto_op *op,
}
static __rte_always_inline int
-cnxk_ae_ecfpm_prep(struct rte_crypto_ecpm_op_param *ecpm,
+cnxk_ae_ecfpm_prep(rte_crypto_param *scalar,
struct roc_ae_buf_ptr *meta_buf, uint64_t *fpm_iova,
struct roc_ae_ec_group *ec_grp, uint8_t curveid,
struct cpt_inst_s *inst)
@@ -939,7 +940,7 @@ cnxk_ae_ecfpm_prep(struct rte_crypto_ecpm_op_param *ecpm,
inst->dptr = (uintptr_t)dptr;
p_align = RTE_ALIGN_CEIL(prime_len, 8);
- scalar_align = RTE_ALIGN_CEIL(ecpm->scalar.length, 8);
+ scalar_align = RTE_ALIGN_CEIL(scalar->length, 8);
/*
* Set dlen = sum(ROUNDUP8(input point(x and y coordinates), prime,
@@ -954,7 +955,7 @@ cnxk_ae_ecfpm_prep(struct rte_crypto_ecpm_op_param *ecpm,
dptr += sizeof(fpm_table_iova);
[PATCH v3] test/cryptodev: add modexp group tests
Add modexp tests for groups 5, 14, 15, 16, 17 and 18.
Signed-off-by: Gowrishankar Muthukrishnan
---
v3:
- Fixed test descriptions for clang requirement.
---
app/test/test_cryptodev_asym.c | 48 +
app/test/test_cryptodev_mod_test_vectors.h | 989 -
2 files changed, 1036 insertions(+), 1 deletion(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index db3180bdcb..7186725834 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -2745,6 +2745,30 @@ static struct unit_test_suite
cryptodev_openssl_asym_testsuite = {
test_rsa_sign_verify_crt),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_inv),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Modex Group 5 test",
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[0]),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Modex Group 14 test",
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[1]),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Modex Group 15 test",
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[2]),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Modex Group 16 test",
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[3]),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Modex Group 17 test",
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[4]),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Modex Group 18 test",
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[5]),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
@@ -2796,6 +2820,30 @@ static struct unit_test_suite
cryptodev_octeontx_asym_testsuite = {
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
test_rsa_sign_verify_crt),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Modex Group 5 test",
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[0]),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Modex Group 14 test",
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[1]),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Modex Group 15 test",
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[2]),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Modex Group 16 test",
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[3]),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Modex Group 17 test",
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[4]),
+ TEST_CASE_NAMED_WITH_DATA(
+ "Modex Group 18 test",
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[5]),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
test_ecdsa_sign_verify_all_curve),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_sm2_sign),
diff --git a/app/test/test_cryptodev_mod_test_vectors.h
b/app/test/test_cryptodev_mod_test_vectors.h
index 0ffc958037..c773c37018 100644
--- a/app/test/test_cryptodev_mod_test_vectors.h
+++ b/app/test/test_cryptodev_mod_test_vectors.h
@@ -6,7 +6,7 @@
#ifndef TEST_CRYPTODEV_MOD_TEST_VECTORS_H_
#define TEST_CRYPTODEV_MOD_TEST_VECTORS_H_
-#define DATA_SIZE 512
+#define DATA_SIZE 1024
struct modex_test_data {
enum rte_crypto_asym_xform_type xform_type;
@@ -269,4 +269,991 @@ struct rte_crypto_asym_xform modinv_xform = {
}
};
+static const struct
+modex_test_data modex_group_test_cases[] = {
+{
+ .description = "Modular Exponentiation tests for Group 5",
+ .xform_
[PATCH v5 0/4] app/dma-perf: PCI Dev and SG copy support
Improve dma-perf application to support PCI dev and SG copy, along with additional supports below: - validate copied memory - skip tests if not opted. v5: - Additional patches included to apply as one series. Amit Prakash Shukla (2): app/dma-perf: add skip support app/dma-perf: add PCI device support Gowrishankar Muthukrishnan (2): app/dma-perf: validate copied memory app/dma-perf: add SG copy support app/test-dma-perf/benchmark.c | 344 ++ app/test-dma-perf/config.ini | 56 ++ app/test-dma-perf/main.c | 136 +- app/test-dma-perf/main.h | 12 +- 4 files changed, 507 insertions(+), 41 deletions(-) -- 2.25.1
[PATCH v5 1/4] app/dma-perf: add skip support
From: Amit Prakash Shukla
Add support to skip running a dma-perf test-case.
Signed-off-by: Amit Prakash Shukla
---
app/test-dma-perf/config.ini | 2 ++
app/test-dma-perf/main.c | 23 +++
app/test-dma-perf/main.h | 1 +
3 files changed, 26 insertions(+)
diff --git a/app/test-dma-perf/config.ini b/app/test-dma-perf/config.ini
index b550f4b23f..4d59234b2a 100644
--- a/app/test-dma-perf/config.ini
+++ b/app/test-dma-perf/config.ini
@@ -36,6 +36,8 @@
; If you do not specify a result file, one will be generated with the same
name as the configuration
; file, with the addition of "_result.csv" at the end.
+; "skip" To skip a test-case set skip to 1.
+
[case1]
type=DMA_MEM_COPY
mem_size=10
diff --git a/app/test-dma-perf/main.c b/app/test-dma-perf/main.c
index e5bccc27da..61260fa072 100644
--- a/app/test-dma-perf/main.c
+++ b/app/test-dma-perf/main.c
@@ -320,6 +320,7 @@ load_configs(const char *path)
const char *case_type;
const char *lcore_dma;
const char *mem_size_str, *buf_size_str, *ring_size_str,
*kick_batch_str;
+ const char *skip;
int args_nr, nb_vp;
bool is_dma;
@@ -339,6 +340,13 @@ load_configs(const char *path)
for (i = 0; i < nb_sections; i++) {
snprintf(section_name, CFG_NAME_LEN, "case%d", i + 1);
test_case = &test_cases[i];
+
+ skip = rte_cfgfile_get_entry(cfgfile, section_name, "skip");
+ if (skip && (atoi(skip) == 1)) {
+ test_case->is_skip = true;
+ continue;
+ }
+
case_type = rte_cfgfile_get_entry(cfgfile, section_name,
"type");
if (case_type == NULL) {
printf("Error: No case type in case %d, the test will
be finished here.\n",
@@ -523,6 +531,21 @@ main(int argc, char *argv[])
printf("Running cases...\n");
for (i = 0; i < case_nb; i++) {
+ if (test_cases[i].is_skip) {
+ printf("Test case %d configured to be skipped.\n\n", i
+ 1);
+ snprintf(output_str[0], MAX_OUTPUT_STR_LEN, "Skip the
test-case %d\n",
+i + 1);
+
+ fd = fopen(rst_path_ptr, "a");
+ if (!fd) {
+ printf("Open output CSV file error.\n");
+ return 0;
+ }
+ output_csv(true);
+ fclose(fd);
+ continue;
+ }
+
if (!test_cases[i].is_valid) {
printf("Invalid test case %d.\n\n", i + 1);
snprintf(output_str[0], MAX_OUTPUT_STR_LEN, "Invalid
case %d\n", i + 1);
diff --git a/app/test-dma-perf/main.h b/app/test-dma-perf/main.h
index f65e264378..be89cb2b65 100644
--- a/app/test-dma-perf/main.h
+++ b/app/test-dma-perf/main.h
@@ -41,6 +41,7 @@ struct lcore_dma_map_t {
struct test_configure {
bool is_valid;
+ bool is_skip;
uint8_t test_type;
const char *test_type_str;
uint16_t src_numa_node;
--
2.25.1
[PATCH v5 2/4] app/dma-perf: add PCI device support
From: Amit Prakash Shukla
Add support to test performance for "device to memory" and
"memory to device" data transfer.
Signed-off-by: Amit Prakash Shukla
---
app/test-dma-perf/benchmark.c | 67 +++
app/test-dma-perf/config.ini | 37 +++
app/test-dma-perf/main.c | 67 +++
app/test-dma-perf/main.h | 6
4 files changed, 170 insertions(+), 7 deletions(-)
diff --git a/app/test-dma-perf/benchmark.c b/app/test-dma-perf/benchmark.c
index 0601e0d171..523f2fbb5a 100644
--- a/app/test-dma-perf/benchmark.c
+++ b/app/test-dma-perf/benchmark.c
@@ -127,17 +127,54 @@ cache_flush_buf(__rte_unused struct rte_mbuf **array,
#endif
}
+static int
+vchan_data_populate(uint32_t dev_id, struct rte_dma_vchan_conf *qconf,
+ struct test_configure *cfg)
+{
+ struct rte_dma_info info;
+
+ qconf->direction = cfg->transfer_dir;
+
+ rte_dma_info_get(dev_id, &info);
+ if (!(RTE_BIT64(qconf->direction) & info.dev_capa))
+ return -1;
+
+ qconf->nb_desc = cfg->ring_size.cur;
+
+ switch (qconf->direction) {
+ case RTE_DMA_DIR_MEM_TO_DEV:
+ qconf->dst_port.pcie.vfen = 1;
+ qconf->dst_port.port_type = RTE_DMA_PORT_PCIE;
+ qconf->dst_port.pcie.coreid = cfg->dcoreid;
+ qconf->dst_port.pcie.vfid = cfg->vfid;
+ qconf->dst_port.pcie.pfid = cfg->pfid;
+ break;
+ case RTE_DMA_DIR_DEV_TO_MEM:
+ qconf->src_port.pcie.vfen = 1;
+ qconf->src_port.port_type = RTE_DMA_PORT_PCIE;
+ qconf->src_port.pcie.coreid = cfg->scoreid;
+ qconf->src_port.pcie.vfid = cfg->vfid;
+ qconf->src_port.pcie.pfid = cfg->pfid;
+ break;
+ case RTE_DMA_DIR_MEM_TO_MEM:
+ case RTE_DMA_DIR_DEV_TO_DEV:
+ break;
+ }
+
+ return 0;
+}
+
/* Configuration of device. */
static void
-configure_dmadev_queue(uint32_t dev_id, uint32_t ring_size)
+configure_dmadev_queue(uint32_t dev_id, struct test_configure *cfg)
{
uint16_t vchan = 0;
struct rte_dma_info info;
struct rte_dma_conf dev_config = { .nb_vchans = 1 };
- struct rte_dma_vchan_conf qconf = {
- .direction = RTE_DMA_DIR_MEM_TO_MEM,
- .nb_desc = ring_size
- };
+ struct rte_dma_vchan_conf qconf = { 0 };
+
+ if (vchan_data_populate(dev_id, &qconf, cfg) != 0)
+ rte_exit(EXIT_FAILURE, "Error with vchan data populate.\n");
if (rte_dma_configure(dev_id, &dev_config) != 0)
rte_exit(EXIT_FAILURE, "Error with dma configure.\n");
@@ -159,7 +196,6 @@ configure_dmadev_queue(uint32_t dev_id, uint32_t ring_size)
static int
config_dmadevs(struct test_configure *cfg)
{
- uint32_t ring_size = cfg->ring_size.cur;
struct lcore_dma_map_t *ldm = &cfg->lcore_dma_map;
uint32_t nb_workers = ldm->cnt;
uint32_t i;
@@ -176,7 +212,7 @@ config_dmadevs(struct test_configure *cfg)
}
ldm->dma_ids[i] = dev_id;
- configure_dmadev_queue(dev_id, ring_size);
+ configure_dmadev_queue(dev_id, cfg);
++nb_dmadevs;
}
@@ -308,6 +344,7 @@ setup_memory_env(struct test_configure *cfg, struct
rte_mbuf ***srcs,
unsigned int buf_size = cfg->buf_size.cur;
unsigned int nr_sockets;
uint32_t nr_buf = cfg->nr_buf;
+ uint32_t i;
nr_sockets = rte_socket_count();
if (cfg->src_numa_node >= nr_sockets ||
@@ -360,6 +397,22 @@ setup_memory_env(struct test_configure *cfg, struct
rte_mbuf ***srcs,
return -1;
}
+ if (cfg->transfer_dir == RTE_DMA_DIR_DEV_TO_MEM) {
+ for (i = 0; i < nr_buf; i++) {
+ /* Using mbuf structure to hold remote iova address. */
+ rte_mbuf_iova_set(*srcs[i], (rte_iova_t)cfg->raddr);
+ ((*srcs)[i])->data_off = 0;
+ }
+ }
+
+ if (cfg->transfer_dir == RTE_DMA_DIR_MEM_TO_DEV) {
+ for (i = 0; i < nr_buf; i++) {
+ /* Using mbuf structure to hold remote iova address. */
+ rte_mbuf_iova_set(*dsts[i], (rte_iova_t)cfg->raddr);
+ ((*dsts)[i])->data_off = 0;
+ }
+ }
+
return 0;
}
diff --git a/app/test-dma-perf/config.ini b/app/test-dma-perf/config.ini
index 4d59234b2a..cddcf93c6e 100644
--- a/app/test-dma-perf/config.ini
+++ b/app/test-dma-perf/config.ini
@@ -38,6 +38,23 @@
; "skip" To skip a test-case set skip to 1.
+; Parameters to be configured for data transfers from "mem to dev" and "dev to
mem":
+;
==
+; "direction" denotes the direction of data transfer. It can take 3 values:
+;0 - m
[PATCH v5 3/4] app/dma-perf: validate copied memory
Validate copied memory to ensure DMA copy did not fail.
Signed-off-by: Gowrishankar Muthukrishnan
---
app/test-dma-perf/benchmark.c | 23 +--
app/test-dma-perf/main.c | 16 +++-
app/test-dma-perf/main.h | 2 +-
3 files changed, 33 insertions(+), 8 deletions(-)
diff --git a/app/test-dma-perf/benchmark.c b/app/test-dma-perf/benchmark.c
index 523f2fbb5a..c31f1aba93 100644
--- a/app/test-dma-perf/benchmark.c
+++ b/app/test-dma-perf/benchmark.c
@@ -12,6 +12,7 @@
#include
#include
#include
+#include
#include "main.h"
@@ -397,6 +398,11 @@ setup_memory_env(struct test_configure *cfg, struct
rte_mbuf ***srcs,
return -1;
}
+ for (i = 0; i < nr_buf; i++) {
+ memset(rte_pktmbuf_mtod((*srcs)[i], void *), rte_rand(),
buf_size);
+ memset(rte_pktmbuf_mtod((*dsts)[i], void *), 0, buf_size);
+ }
+
if (cfg->transfer_dir == RTE_DMA_DIR_DEV_TO_MEM) {
for (i = 0; i < nr_buf; i++) {
/* Using mbuf structure to hold remote iova address. */
@@ -416,10 +422,10 @@ setup_memory_env(struct test_configure *cfg, struct
rte_mbuf ***srcs,
return 0;
}
-void
+int
mem_copy_benchmark(struct test_configure *cfg, bool is_dma)
{
- uint16_t i;
+ uint32_t i;
uint32_t offset;
unsigned int lcore_id = 0;
struct rte_mbuf **srcs = NULL, **dsts = NULL;
@@ -434,6 +440,7 @@ mem_copy_benchmark(struct test_configure *cfg, bool is_dma)
uint32_t avg_cycles_total;
float mops, mops_total;
float bandwidth, bandwidth_total;
+ int ret = 0;
if (setup_memory_env(cfg, &srcs, &dsts) < 0)
goto out;
@@ -507,6 +514,16 @@ mem_copy_benchmark(struct test_configure *cfg, bool is_dma)
rte_eal_mp_wait_lcore();
+ for (i = 0; i < (nr_buf / nb_workers) * nb_workers; i++) {
+ if (memcmp(rte_pktmbuf_mtod(srcs[i], void *),
+ rte_pktmbuf_mtod(dsts[i], void *),
+ cfg->buf_size.cur) != 0) {
+ printf("Copy validation fails for buffer number %d\n",
i);
+ ret = -1;
+ goto out;
+ }
+ }
+
mops_total = 0;
bandwidth_total = 0;
avg_cycles_total = 0;
@@ -558,4 +575,6 @@ mem_copy_benchmark(struct test_configure *cfg, bool is_dma)
rte_dma_stop(ldm->dma_ids[i]);
}
}
+
+ return ret;
}
diff --git a/app/test-dma-perf/main.c b/app/test-dma-perf/main.c
index 9640356592..3b79694137 100644
--- a/app/test-dma-perf/main.c
+++ b/app/test-dma-perf/main.c
@@ -87,20 +87,24 @@ output_header(uint32_t case_id, struct test_configure
*case_cfg)
output_csv(true);
}
-static void
+static int
run_test_case(struct test_configure *case_cfg)
{
+ int ret = 0;
+
switch (case_cfg->test_type) {
case TEST_TYPE_DMA_MEM_COPY:
- mem_copy_benchmark(case_cfg, true);
+ ret = mem_copy_benchmark(case_cfg, true);
break;
case TEST_TYPE_CPU_MEM_COPY:
- mem_copy_benchmark(case_cfg, false);
+ ret = mem_copy_benchmark(case_cfg, false);
break;
default:
printf("Unknown test type. %s\n", case_cfg->test_type_str);
break;
}
+
+ return ret;
}
static void
@@ -145,8 +149,10 @@ run_test(uint32_t case_id, struct test_configure *case_cfg)
case_cfg->scenario_id++;
printf("\nRunning scenario %d\n", case_cfg->scenario_id);
- run_test_case(case_cfg);
- output_csv(false);
+ if (run_test_case(case_cfg) < 0)
+ printf("\nTest fails! skipping this scenario.\n");
+ else
+ output_csv(false);
if (var_entry->op == OP_ADD)
var_entry->cur += var_entry->incr;
diff --git a/app/test-dma-perf/main.h b/app/test-dma-perf/main.h
index 617f62f085..3d75edd1de 100644
--- a/app/test-dma-perf/main.h
+++ b/app/test-dma-perf/main.h
@@ -66,6 +66,6 @@ struct test_configure {
uint64_t raddr;
};
-void mem_copy_benchmark(struct test_configure *cfg, bool is_dma);
+int mem_copy_benchmark(struct test_configure *cfg, bool is_dma);
#endif /* MAIN_H */
--
2.25.1
[PATCH v5 4/4] app/dma-perf: add SG copy support
Add SG copy support.
Signed-off-by: Gowrishankar Muthukrishnan
---
app/test-dma-perf/benchmark.c | 274 +-
app/test-dma-perf/config.ini | 19 ++-
app/test-dma-perf/main.c | 34 -
app/test-dma-perf/main.h | 5 +-
4 files changed, 292 insertions(+), 40 deletions(-)
diff --git a/app/test-dma-perf/benchmark.c b/app/test-dma-perf/benchmark.c
index c31f1aba93..b363d28f15 100644
--- a/app/test-dma-perf/benchmark.c
+++ b/app/test-dma-perf/benchmark.c
@@ -46,6 +46,10 @@ struct lcore_params {
uint16_t test_secs;
struct rte_mbuf **srcs;
struct rte_mbuf **dsts;
+ struct rte_dma_sge *src_sges;
+ struct rte_dma_sge *dst_sges;
+ uint8_t src_ptrs;
+ uint8_t dst_ptrs;
volatile struct worker_info worker_info;
};
@@ -86,21 +90,31 @@ calc_result(uint32_t buf_size, uint32_t nr_buf, uint16_t
nb_workers, uint16_t te
}
static void
-output_result(uint8_t scenario_id, uint32_t lcore_id, char *dma_name, uint16_t
ring_size,
- uint16_t kick_batch, uint64_t ave_cycle, uint32_t
buf_size, uint32_t nr_buf,
- float memory, float bandwidth, float mops, bool is_dma)
+output_result(struct test_configure *cfg, struct lcore_params *para,
+ uint16_t kick_batch, uint64_t ave_cycle, uint32_t
buf_size,
+ uint32_t nr_buf, float memory, float bandwidth, float
mops)
{
- if (is_dma)
- printf("lcore %u, DMA %s, DMA Ring Size: %u, Kick Batch Size:
%u.\n",
- lcore_id, dma_name, ring_size, kick_batch);
- else
+ uint16_t ring_size = cfg->ring_size.cur;
+ uint8_t scenario_id = cfg->scenario_id;
+ uint32_t lcore_id = para->lcore_id;
+ char *dma_name = para->dma_name;
+
+ if (cfg->is_dma) {
+ printf("lcore %u, DMA %s, DMA Ring Size: %u, Kick Batch Size:
%u", lcore_id,
+ dma_name, ring_size, kick_batch);
+ if (cfg->is_sg)
+ printf(" DMA src ptrs: %u, dst ptrs: %u",
+ para->src_ptrs, para->dst_ptrs);
+ printf(".\n");
+ } else {
printf("lcore %u\n", lcore_id);
+ }
printf("Average Cycles/op: %" PRIu64 ", Buffer Size: %u B, Buffer
Number: %u, Memory: %.2lf MB, Frequency: %.3lf Ghz.\n",
ave_cycle, buf_size, nr_buf, memory,
rte_get_timer_hz()/10.0);
printf("Average Bandwidth: %.3lf Gbps, MOps: %.3lf\n", bandwidth, mops);
- if (is_dma)
+ if (cfg->is_dma)
snprintf(output_str[lcore_id], MAX_OUTPUT_STR_LEN,
CSV_LINE_DMA_FMT,
scenario_id, lcore_id, dma_name, ring_size, kick_batch,
buf_size,
nr_buf, memory, ave_cycle, bandwidth, mops);
@@ -167,7 +181,7 @@ vchan_data_populate(uint32_t dev_id, struct
rte_dma_vchan_conf *qconf,
/* Configuration of device. */
static void
-configure_dmadev_queue(uint32_t dev_id, struct test_configure *cfg)
+configure_dmadev_queue(uint32_t dev_id, struct test_configure *cfg, uint8_t
ptrs_max)
{
uint16_t vchan = 0;
struct rte_dma_info info;
@@ -190,6 +204,10 @@ configure_dmadev_queue(uint32_t dev_id, struct
test_configure *cfg)
rte_exit(EXIT_FAILURE, "Error, no configured queues reported on
device id. %u\n",
dev_id);
+ if (info.max_sges < ptrs_max)
+ rte_exit(EXIT_FAILURE, "Error, DMA ptrs more than supported by
device id %u.\n",
+ dev_id);
+
if (rte_dma_start(dev_id) != 0)
rte_exit(EXIT_FAILURE, "Error with dma start.\n");
}
@@ -202,8 +220,12 @@ config_dmadevs(struct test_configure *cfg)
uint32_t i;
int dev_id;
uint16_t nb_dmadevs = 0;
+ uint8_t ptrs_max = 0;
char *dma_name;
+ if (cfg->is_sg)
+ ptrs_max = RTE_MAX(cfg->src_ptrs, cfg->dst_ptrs);
+
for (i = 0; i < ldm->cnt; i++) {
dma_name = ldm->dma_names[i];
dev_id = rte_dma_get_dev_id_by_name(dma_name);
@@ -213,7 +235,7 @@ config_dmadevs(struct test_configure *cfg)
}
ldm->dma_ids[i] = dev_id;
- configure_dmadev_queue(dev_id, cfg);
+ configure_dmadev_queue(dev_id, cfg, ptrs_max);
++nb_dmadevs;
}
@@ -253,7 +275,7 @@ do_dma_submit_and_poll(uint16_t dev_id, uint64_t *async_cnt,
}
static inline int
-do_dma_mem_copy(void *p)
+do_dma_plain_mem_copy(void *p)
{
struct lcore_params *para = (struct lcore_params *)p;
volatile struct worker_info *worker_info = &(para->worker_info);
@@ -306,6 +328,65 @@ do_dma_mem_copy(
[PATCH] maintainers: update for DMA perf app
Add co-maintainer for DMA perf app. Signed-off-by: Gowrishankar Muthukrishnan --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index 4083658697..b81eb1d5c0 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -1773,6 +1773,7 @@ F: doc/guides/testpmd_app_ug/ DMA device performance tool M: Cheng Jiang +M: Gowrishankar Muthukrishnan F: app/test-dma-perf/ F: doc/guides/tools/dmaperf.rst -- 2.25.1
[v1] examples/fips_validation: remove unused include file
Remove invoking include for sys/random.h which is not actually used by app. Signed-off-by: Gowrishankar Muthukrishnan --- examples/fips_validation/fips_validation_rsa.c | 1 - 1 file changed, 1 deletion(-) diff --git a/examples/fips_validation/fips_validation_rsa.c b/examples/fips_validation/fips_validation_rsa.c index 43ff2a0634..f675b51051 100644 --- a/examples/fips_validation/fips_validation_rsa.c +++ b/examples/fips_validation/fips_validation_rsa.c @@ -5,7 +5,6 @@ #include #include #include -#include #include #include -- 2.25.1
[v1] examples/fips_validation: fix test output for AES GMAC decrypt
AES GMAC decrypt test should output only whether test passed or
failed.
Signed-off-by: Gowrishankar Muthukrishnan
---
examples/fips_validation/fips_validation_gcm.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/examples/fips_validation/fips_validation_gcm.c
b/examples/fips_validation/fips_validation_gcm.c
index 1b141501f0..a80d8b3e4d 100644
--- a/examples/fips_validation/fips_validation_gcm.c
+++ b/examples/fips_validation/fips_validation_gcm.c
@@ -330,11 +330,16 @@ parse_test_gcm_json_writeback(struct fips_val *val)
json_object_set_new(json_info.json_write_case,
PT_JSON_STR,
json_string(info.one_line_text));
} else {
- json_object_set_new(json_info.json_write_case,
PT_JSON_STR,
- json_string(""));
+ json_object_set_new(json_info.json_write_case,
"testPassed",
+ json_true());
}
} else {
- json_object_set_new(json_info.json_write_case,
"testPassed", json_false());
+ if (!info.interim_info.gcm_data.is_gmac)
+ json_object_set_new(json_info.json_write_case,
PT_JSON_STR,
+ json_string(""));
+ else
+ json_object_set_new(json_info.json_write_case,
"testPassed",
+ json_false());
}
}
--
2.25.1
RE: [EXT] [PATCH v1] examples/fips_validation: parse block error fix
Acked-by: Gowrishankar Muthukrishnan
Thanks.
> -Original Message-
> From: Brian Dooley
> Sent: Monday, October 24, 2022 4:07 PM
> To: Brian Dooley
> Cc: dev@dpdk.org; Gowrishankar Muthukrishnan
> ; Akhil Goyal
> Subject: [EXT] [PATCH v1] examples/fips_validation: parse block error fix
>
> External Email
>
> --
> When parsing request files check for file type. This fix will remove
> dependence on command line parameter for using libjansson
>
> Fixes: 0f42f3d6034c ("examples/fips_validation: share callback with multiple
> keys")
> Cc: gmuthukri...@marvell.com
> Signed-off-by: Brian Dooley
> ---
> examples/fips_validation/fips_validation.c | 22 ++
> 1 file changed, 10 insertions(+), 12 deletions(-)
>
> diff --git a/examples/fips_validation/fips_validation.c
> b/examples/fips_validation/fips_validation.c
> index 363e17a6f3..5a2a5f86e6 100644
> --- a/examples/fips_validation/fips_validation.c
> +++ b/examples/fips_validation/fips_validation.c
> @@ -638,10 +638,11 @@ parse_uint8_hex_str(const char *key, char *src,
> struct fips_val *val)
> /*
>* Offset not applicable in case of JSON test vectors.
>*/
> - RTE_SET_USED(key);
> -#else
> - src += strlen(key);
> + if (info.file_type == FIPS_TYPE_JSON) {
> + RTE_SET_USED(key);
> + } else
> #endif
> + src += strlen(key);
>
> len = strlen(src) / 2;
>
> @@ -669,18 +670,16 @@ parse_uint8_hex_str(const char *key, char *src,
> struct fips_val *val)
> return 0;
> }
>
> -#ifdef USE_JANSSON
> int
> parser_read_uint32_val(const char *key, char *src, struct fips_val *val) {
> - RTE_SET_USED(key);
> +#ifdef USE_JANSSON
> + if (info.file_type == FIPS_TYPE_JSON) {
> + RTE_SET_USED(key);
>
> - return parser_read_uint32(&val->len, src);
> -}
> -#else
> -int
> -parser_read_uint32_val(const char *key, char *src, struct fips_val *val) -{
> + return parser_read_uint32(&val->len, src);
> + }
> +# endif
> char *data = src + strlen(key);
> size_t data_len = strlen(data);
> int ret;
> @@ -701,7 +700,6 @@ parser_read_uint32_val(const char *key, char *src,
> struct fips_val *val)
>
> return ret;
> }
> -#endif
>
> int
> parser_read_uint32_bit_val(const char *key, char *src, struct fips_val *val)
> --
> 2.25.1
[v1, 00/10] fips_validation application improvements
This patch series adds support for SHA3, SHAKE, AES-CCM JSON test vectors and fixes existing algorithms to support NIST test vectors. Gowrishankar Muthukrishnan (10): examples/fips_validation: fix MCT output for SHA examples/fips_validation: add SHA3 validation examples/fips_validation: fix integer parse in test case examples/fips_validation: add SHAKE validation examples/fips_validation: add CCM JSON validation examples/fips_validation: add ECDSA keygen support examples/fips_validation: add SHA3 algorithms in ECDSA test examples/fips_validation: fix AES GCM validation tests examples/fips_validation: fix AES XTS to read seq number examples/fips_validation: add extra space in JSON buffer doc/guides/sample_app_ug/fips_validation.rst | 7 +- examples/fips_validation/fips_validation.c| 31 ++- examples/fips_validation/fips_validation.h| 10 +- .../fips_validation/fips_validation_ccm.c | 132 .../fips_validation/fips_validation_ecdsa.c | 56 + .../fips_validation/fips_validation_gcm.c | 12 +- .../fips_validation/fips_validation_hmac.c| 8 + .../fips_validation/fips_validation_sha.c | 91 ++-- .../fips_validation/fips_validation_xts.c | 13 +- examples/fips_validation/main.c | 196 +- 10 files changed, 467 insertions(+), 89 deletions(-) -- 2.25.1
[v1, 01/10] examples/fips_validation: fix MCT output for SHA
MCT test for SHA need not print message string along
with digest value.
Fixes: d5c247145c2 ("examples/fips_validation: add parsing for SHA")
Signed-off-by: Gowrishankar Muthukrishnan
---
examples/fips_validation/fips_validation_sha.c | 8 ++--
examples/fips_validation/main.c| 13 +
2 files changed, 7 insertions(+), 14 deletions(-)
diff --git a/examples/fips_validation/fips_validation_sha.c
b/examples/fips_validation/fips_validation_sha.c
index c5da2cc623..178ea492d3 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -182,7 +182,7 @@ parse_test_sha_json_writeback(struct fips_val *val)
static int
parse_test_sha_mct_json_writeback(struct fips_val *val)
{
- json_t *tcId, *msg, *md, *resArr, *res;
+ json_t *tcId, *md, *resArr, *res;
struct fips_val val_local;
tcId = json_object_get(json_info.json_test_case, "tcId");
@@ -208,11 +208,7 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
res = json_object();
- writeback_hex_str("", info.one_line_text, &val[1]);
- msg = json_string(info.one_line_text);
- json_object_set_new(res, "msg", msg);
-
- val_local.val = val[0].val + vec.pt.len;
+ val_local.val = val->val + vec.pt.len;
val_local.len = vec.cipher_auth.digest.len;
writeback_hex_str("", info.one_line_text, &val_local);
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 622f8b5a6e..cc585e8418 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2268,8 +2268,7 @@ fips_mct_sha_test(void)
#define SHA_EXTERN_ITER100
#define SHA_INTERN_ITER1000
#define SHA_MD_BLOCK 3
- /* val[0] is op result and other value is for parse_writeback callback
*/
- struct fips_val val[2] = {{NULL, 0},};
+ struct fips_val val = {NULL, 0};
struct fips_val md[SHA_MD_BLOCK], msg;
int ret;
uint32_t i, j;
@@ -2328,7 +2327,7 @@ fips_mct_sha_test(void)
return ret;
}
- ret = get_writeback_data(&val[0]);
+ ret = get_writeback_data(&val);
if (ret < 0)
return ret;
@@ -2337,7 +2336,7 @@ fips_mct_sha_test(void)
memcpy(md[1].val, md[2].val, md[2].len);
md[1].len = md[2].len;
- memcpy(md[2].val, (val[0].val + vec.pt.len),
+ memcpy(md[2].val, (val.val + vec.pt.len),
vec.cipher_auth.digest.len);
md[2].len = vec.cipher_auth.digest.len;
}
@@ -2348,9 +2347,7 @@ fips_mct_sha_test(void)
if (info.file_type != FIPS_TYPE_JSON)
fprintf(info.fp_wr, "COUNT = %u\n", j);
- val[1].val = msg.val;
- val[1].len = msg.len;
- info.parse_writeback(val);
+ info.parse_writeback(&val);
if (info.file_type != FIPS_TYPE_JSON)
fprintf(info.fp_wr, "\n");
@@ -2361,7 +2358,7 @@ fips_mct_sha_test(void)
rte_free(vec.pt.val);
- free(val[0].val);
+ free(val.val);
free(msg.val);
return 0;
--
2.25.1
[v1, 02/10] examples/fips_validation: add SHA3 validation
Add support in fips_validation to parse SHA3 algorithms.
Signed-off-by: Gowrishankar Muthukrishnan
---
doc/guides/sample_app_ug/fips_validation.rst | 5 +-
examples/fips_validation/fips_validation.h| 1 +
.../fips_validation/fips_validation_hmac.c| 8 ++
.../fips_validation/fips_validation_sha.c | 20 +++--
examples/fips_validation/main.c | 76 +--
5 files changed, 61 insertions(+), 49 deletions(-)
diff --git a/doc/guides/sample_app_ug/fips_validation.rst
b/doc/guides/sample_app_ug/fips_validation.rst
index 50d23c789b..55837895fe 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -64,8 +64,9 @@ ACVP
* AES-CTR (128,192,256) - AFT, CTR
* AES-GMAC (128,192,256) - AFT
* AES-XTS (128,256) - AFT
-* HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
-* SHA (1, 256, 384, 512) - AFT, MCT
+* HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256,
SHA3_384, SHA3_512)
+* SHA (1, 224, 256, 384, 512) - AFT, MCT
+* SHA3 (224, 256, 384, 512) - AFT, MCT
* TDES-CBC - AFT, MCT
* TDES-ECB - AFT, MCT
* RSA
diff --git a/examples/fips_validation/fips_validation.h
b/examples/fips_validation/fips_validation.h
index 565a5cd36e..6c1bd35849 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -205,6 +205,7 @@ struct sha_interim_data {
/* keep algo always on top as it is also used in asym digest */
enum rte_crypto_auth_algorithm algo;
enum fips_sha_test_types test_type;
+ uint8_t md_blocks;
};
struct gcm_interim_data {
diff --git a/examples/fips_validation/fips_validation_hmac.c
b/examples/fips_validation/fips_validation_hmac.c
index e0721ef028..f1cbc18435 100644
--- a/examples/fips_validation/fips_validation_hmac.c
+++ b/examples/fips_validation/fips_validation_hmac.c
@@ -37,6 +37,10 @@ struct hash_size_conversion {
{"32", RTE_CRYPTO_AUTH_SHA256_HMAC},
{"48", RTE_CRYPTO_AUTH_SHA384_HMAC},
{"64", RTE_CRYPTO_AUTH_SHA512_HMAC},
+ {"28", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
+ {"32", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
+ {"48", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
+ {"64", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
};
static int
@@ -81,6 +85,10 @@ struct hash_size_conversion json_algorithms[] = {
{"HMAC-SHA2-256", RTE_CRYPTO_AUTH_SHA256_HMAC},
{"HMAC-SHA2-384", RTE_CRYPTO_AUTH_SHA384_HMAC},
{"HMAC-SHA2-512", RTE_CRYPTO_AUTH_SHA512_HMAC},
+ {"HMAC-SHA3-224", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
+ {"HMAC-SHA3-256", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
+ {"HMAC-SHA3-384", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
+ {"HMAC-SHA3-512", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
};
struct fips_test_callback hmac_tests_json_vectors[] = {
diff --git a/examples/fips_validation/fips_validation_sha.c
b/examples/fips_validation/fips_validation_sha.c
index 178ea492d3..8b68f5ed36 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -32,6 +32,10 @@ struct plain_hash_size_conversion {
{"32", RTE_CRYPTO_AUTH_SHA256},
{"48", RTE_CRYPTO_AUTH_SHA384},
{"64", RTE_CRYPTO_AUTH_SHA512},
+ {"28", RTE_CRYPTO_AUTH_SHA3_224},
+ {"32", RTE_CRYPTO_AUTH_SHA3_256},
+ {"48", RTE_CRYPTO_AUTH_SHA3_384},
+ {"64", RTE_CRYPTO_AUTH_SHA3_512},
};
int
@@ -96,12 +100,17 @@ static struct {
static struct plain_hash_algorithms {
const char *str;
enum rte_crypto_auth_algorithm algo;
+ uint8_t md_blocks;
} json_algorithms[] = {
- {"SHA-1", RTE_CRYPTO_AUTH_SHA1},
- {"SHA2-224", RTE_CRYPTO_AUTH_SHA224},
- {"SHA2-256", RTE_CRYPTO_AUTH_SHA256},
- {"SHA2-384", RTE_CRYPTO_AUTH_SHA384},
- {"SHA2-512", RTE_CRYPTO_AUTH_SHA512},
+ {"SHA-1", RTE_CRYPTO_AUTH_SHA1, 3},
+ {"SHA2-224", RTE_CRYPTO_AUTH_SHA224, 3},
+ {"SHA2-256", RTE_CRYPTO_AUTH_SHA256, 3},
+ {"SHA2-384", RTE_CRYPTO_AUTH_SHA384, 3},
+ {"SHA2-512", RTE_CRYPTO_AUTH_SHA512, 3},
+ {"SHA3-224", RTE_CRYPTO_AUTH_SHA3_224, 1},
+ {"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
+ {"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
+ {"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
};
struct fips_test_callback sha_t
[v1, 04/10] examples/fips_validation: add SHAKE validation
Add support in fips_validation to parse SHAKE algorithms.
Signed-off-by: Gowrishankar Muthukrishnan
---
doc/guides/sample_app_ug/fips_validation.rst | 1 +
examples/fips_validation/fips_validation.h| 4 +-
.../fips_validation/fips_validation_sha.c | 63 -
examples/fips_validation/main.c | 93 ++-
4 files changed, 154 insertions(+), 7 deletions(-)
diff --git a/doc/guides/sample_app_ug/fips_validation.rst
b/doc/guides/sample_app_ug/fips_validation.rst
index 55837895fe..4fc8297b34 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -67,6 +67,7 @@ ACVP
* HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256,
SHA3_384, SHA3_512)
* SHA (1, 224, 256, 384, 512) - AFT, MCT
* SHA3 (224, 256, 384, 512) - AFT, MCT
+* SHAKE (128, 256) - AFT, MCT, VOT
* TDES-CBC - AFT, MCT
* TDES-ECB - AFT, MCT
* RSA
diff --git a/examples/fips_validation/fips_validation.h
b/examples/fips_validation/fips_validation.h
index 6c1bd35849..8fcb5c8500 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -163,7 +163,8 @@ enum fips_ccm_test_types {
enum fips_sha_test_types {
SHA_KAT = 0,
SHA_AFT,
- SHA_MCT
+ SHA_MCT,
+ SHAKE_VOT
};
enum fips_rsa_test_types {
@@ -205,6 +206,7 @@ struct sha_interim_data {
/* keep algo always on top as it is also used in asym digest */
enum rte_crypto_auth_algorithm algo;
enum fips_sha_test_types test_type;
+ uint8_t min_outlen;
uint8_t md_blocks;
};
diff --git a/examples/fips_validation/fips_validation_sha.c
b/examples/fips_validation/fips_validation_sha.c
index 8b68f5ed36..7ce7d3744f 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -22,6 +22,9 @@
#define TESTTYPE_JSON_STR "testType"
#define PT_JSON_STR"msg"
+#define OUTLEN_JSON_STR"outLen"
+#define MINOUTLEN_JSON_STR "minOutLen"
+#define MAXOUTLEN_JSON_STR "maxOutLen"
struct plain_hash_size_conversion {
const char *str;
@@ -36,6 +39,8 @@ struct plain_hash_size_conversion {
{"32", RTE_CRYPTO_AUTH_SHA3_256},
{"48", RTE_CRYPTO_AUTH_SHA3_384},
{"64", RTE_CRYPTO_AUTH_SHA3_512},
+ {"16", RTE_CRYPTO_AUTH_SHAKE_128},
+ {"32", RTE_CRYPTO_AUTH_SHAKE_256},
};
int
@@ -89,12 +94,26 @@ struct fips_test_callback sha_tests_interim_vectors[] = {
};
#ifdef USE_JANSSON
+static int
+parse_interim_str(const char *key, char *src, struct fips_val *val)
+{
+ RTE_SET_USED(val);
+
+ if (strcmp(key, MINOUTLEN_JSON_STR) == 0)
+ info.interim_info.sha_data.min_outlen = atoi(src) / 8;
+ else if (strcmp(key, MAXOUTLEN_JSON_STR) == 0)
+ vec.cipher_auth.digest.len = atoi(src) / 8;
+
+ return 0;
+}
+
static struct {
uint32_t type;
const char *desc;
} sha_test_types[] = {
{SHA_MCT, "MCT"},
{SHA_AFT, "AFT"},
+ {SHAKE_VOT, "VOT"},
};
static struct plain_hash_algorithms {
@@ -111,10 +130,19 @@ static struct plain_hash_algorithms {
{"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
{"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
{"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
+ {"SHAKE-128", RTE_CRYPTO_AUTH_SHAKE_128, 1},
+ {"SHAKE-256", RTE_CRYPTO_AUTH_SHAKE_256, 1},
};
struct fips_test_callback sha_tests_json_vectors[] = {
{PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
+ {OUTLEN_JSON_STR, parser_read_uint32_bit_val,
&vec.cipher_auth.digest},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback sha_tests_interim_json_vectors[] = {
+ {MINOUTLEN_JSON_STR, parse_interim_str, NULL},
+ {MAXOUTLEN_JSON_STR, parse_interim_str, NULL},
{NULL, NULL, NULL} /**< end pointer */
};
#endif /* USE_JANSSON */
@@ -185,6 +213,11 @@ parse_test_sha_json_writeback(struct fips_val *val)
md = json_string(info.one_line_text);
json_object_set_new(json_info.json_write_case, "md", md);
+ if (info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_128 ||
+ info.interim_info.sha_data.algo == RTE_CRYPTO_AUTH_SHAKE_256)
+ json_object_set_new(json_info.json_write_case, "outLen",
+ json_integer(vec.cipher_auth.digest.len * 8));
+
return 0;
}
@@ -193,6 +226,11 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
{
json_t *tcI
[v1, 03/10] examples/fips_validation: fix integer parse in test case
Parsing integer value in test case vector does not store
it because only string was expected. This patch adds handling
for integer value as well.
Fixes: 58cc98801eb ("examples/fips_validation: add JSON parsing")
Signed-off-by: Gowrishankar Muthukrishnan
---
examples/fips_validation/fips_validation.c | 29 --
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/examples/fips_validation/fips_validation.c
b/examples/fips_validation/fips_validation.c
index f7a6d821ea..d3b6099d73 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -543,15 +543,28 @@ fips_test_parse_one_json_case(void)
for (i = 0; info.callbacks[i].key != NULL; i++) {
param = json_object_get(json_info.json_test_case,
info.callbacks[i].key);
- if (param) {
- strcpy(info.one_line_text, json_string_value(param));
- ret = info.callbacks[i].cb(
- info.callbacks[i].key, info.one_line_text,
- info.callbacks[i].val
- );
- if (ret < 0)
- return ret;
+ if (!param)
+ continue;
+
+ switch (json_typeof(param)) {
+ case JSON_STRING:
+ snprintf(info.one_line_text, MAX_LINE_CHAR, "%s",
+json_string_value(param));
+ break;
+
+ case JSON_INTEGER:
+ snprintf(info.one_line_text, MAX_LINE_CHAR,
"%"JSON_INTEGER_FORMAT,
+json_integer_value(param));
+ break;
+
+ default:
+ return -EINVAL;
}
+
+ ret = info.callbacks[i].cb(info.callbacks[i].key,
info.one_line_text,
+ info.callbacks[i].val);
+ if (ret < 0)
+ return ret;
}
return 0;
--
2.25.1
[v1, 05/10] examples/fips_validation: add CCM JSON validation
Add support in fips_validation to parse CCM JSON vectors.
Signed-off-by: Gowrishankar Muthukrishnan
---
doc/guides/sample_app_ug/fips_validation.rst | 1 +
examples/fips_validation/fips_validation.c| 2 +
examples/fips_validation/fips_validation.h| 3 +
.../fips_validation/fips_validation_ccm.c | 132 ++
examples/fips_validation/main.c | 3 +
5 files changed, 141 insertions(+)
diff --git a/doc/guides/sample_app_ug/fips_validation.rst
b/doc/guides/sample_app_ug/fips_validation.rst
index 4fc8297b34..613c5afd19 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -60,6 +60,7 @@ ACVP
* Supported test vectors
* AES-CBC (128,192,256) - AFT, MCT
* AES-GCM (128,192,256) - AFT
+* AES-CCM (128,192,256) - AFT
* AES-CMAC (128,192,256) - AFT
* AES-CTR (128,192,256) - AFT, CTR
* AES-GMAC (128,192,256) - AFT
diff --git a/examples/fips_validation/fips_validation.c
b/examples/fips_validation/fips_validation.c
index d3b6099d73..f840804009 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -460,6 +460,8 @@ fips_test_parse_one_json_vector_set(void)
/* Vector sets contain the algorithm type, and nothing else we need. */
if (strstr(algo_str, "AES-GCM"))
info.algo = FIPS_TEST_ALGO_AES_GCM;
+ else if (strstr(algo_str, "AES-CCM"))
+ info.algo = FIPS_TEST_ALGO_AES_CCM;
else if (strstr(algo_str, "AES-GMAC"))
info.algo = FIPS_TEST_ALGO_AES_GMAC;
else if (strstr(algo_str, "HMAC"))
diff --git a/examples/fips_validation/fips_validation.h
b/examples/fips_validation/fips_validation.h
index 8fcb5c8500..c4988053c1 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -338,6 +338,9 @@ fips_test_parse_one_json_case(void);
int
parse_test_gcm_json_init(void);
+int
+parse_test_ccm_json_init(void);
+
int
parse_test_hmac_json_init(void);
diff --git a/examples/fips_validation/fips_validation_ccm.c
b/examples/fips_validation/fips_validation_ccm.c
index 632999c1e4..0e3ee0d247 100644
--- a/examples/fips_validation/fips_validation_ccm.c
+++ b/examples/fips_validation/fips_validation_ccm.c
@@ -34,6 +34,18 @@
#define POS_KEYWORD"Pass"
#define NEG_KEYWORD"Fail"
+#define DIR_JSON_STR "direction"
+#define IVLEN_JSON_STR "ivLen"
+#define PTLEN_JSON_STR "payloadLen"
+#define AADLEN_JSON_STR"aadLen"
+#define TAGLEN_JSON_STR"tagLen"
+#define KEYLEN_JSON_STR"keyLen"
+#define PT_JSON_STR"pt"
+#define CT_JSON_STR"ct"
+#define KEY_JSON_STR "key"
+#define IV_JSON_STR"iv"
+#define AAD_JSON_STR "aad"
+
static int
parser_dvpt_interim(const char *key, char *src, struct fips_val *val)
{
@@ -206,6 +218,126 @@ struct ccm_test_types {
FIPS_TEST_ENC_AUTH_GEN},
};
+#ifdef USE_JANSSON
+static int
+parser_read_ccm_direction_str(__rte_unused const char *key, char *src,
+ __rte_unused struct fips_val *val)
+{
+ if (strcmp(src, "encrypt") == 0)
+ info.op = FIPS_TEST_ENC_AUTH_GEN;
+ else if (strcmp(src, "decrypt") == 0)
+ info.op = FIPS_TEST_DEC_AUTH_VERIF;
+
+ return 0;
+}
+
+static int
+parser_read_ccm_aad_str(const char *key, char *src, struct fips_val *val)
+{
+ struct fips_val tmp_val = {0};
+ uint32_t len = val->len;
+
+ /* CCM aad requires 18 bytes padding before the real content */
+ val->val = rte_zmalloc(NULL, len + 18, 0);
+ if (!val->val)
+ return -1;
+
+ if (parse_uint8_hex_str(key, src, &tmp_val) < 0)
+ return -1;
+
+ memcpy(val->val + 18, tmp_val.val, val->len);
+ rte_free(tmp_val.val);
+
+ return 0;
+}
+
+static int
+parse_read_ccm_ct_str(const char *key, char *src, struct fips_val *val)
+{
+ int ret;
+
+ val->len = vec.pt.len;
+
+ ret = parse_uint8_known_len_hex_str(key, src, val);
+ if (ret < 0)
+ return ret;
+
+ src += val->len * 2;
+
+ ret = parse_uint8_known_len_hex_str("", src, &vec.aead.digest);
+ if (ret < 0) {
+ rte_free(val->val);
+ memset(val, 0, sizeof(*val));
+ return ret;
+ }
+
+ return 0;
+}
+
+struct fips_test_callback ccm_tests_interim_json_vectors[] = {
+ {DIR_JSON_STR, parser_read_ccm_direction_str, NULL},
+ {IVLEN_JSON_STR, parser_read_uint32_bit_val, &vec.iv},
+ {PTLEN_JSON_STR, parser_read_uint32_bit_val, &vec.pt},
+ {AADLEN_JSON_STR
[v1, 06/10] examples/fips_validation: add ECDSA keygen support
Add support to validate ECDSA keygen mode tests.
Signed-off-by: Gowrishankar Muthukrishnan
---
.../fips_validation/fips_validation_ecdsa.c | 52 +++
examples/fips_validation/main.c | 13 +
2 files changed, 65 insertions(+)
diff --git a/examples/fips_validation/fips_validation_ecdsa.c
b/examples/fips_validation/fips_validation_ecdsa.c
index d47ab0b5d1..5c91abfc5a 100644
--- a/examples/fips_validation/fips_validation_ecdsa.c
+++ b/examples/fips_validation/fips_validation_ecdsa.c
@@ -295,6 +295,20 @@ parse_test_ecdsa_json_writeback(struct fips_val *val)
json_object_set_new(json_info.json_write_case,
"testPassed", json_true());
else
json_object_set_new(json_info.json_write_case,
"testPassed", json_false());
+ } else if (info.op == FIPS_TEST_ASYM_KEYGEN) {
+ json_t *obj;
+
+ writeback_hex_str("", info.one_line_text, &vec.ecdsa.pkey);
+ obj = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, "d", obj);
+
+ writeback_hex_str("", info.one_line_text, &vec.ecdsa.qx);
+ obj = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, "qx", obj);
+
+ writeback_hex_str("", info.one_line_text, &vec.ecdsa.qy);
+ obj = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, "qy", obj);
}
return 0;
@@ -367,6 +381,36 @@ parse_siggen_message_str(const char *key, char *src,
struct fips_val *val)
return ret;
}
+static int
+parse_keygen_tc_str(const char *key, char *src, struct fips_val *val)
+{
+ RTE_SET_USED(key);
+ RTE_SET_USED(src);
+ RTE_SET_USED(val);
+
+ if (info.op == FIPS_TEST_ASYM_KEYGEN) {
+ if (vec.ecdsa.pkey.val) {
+ rte_free(vec.ecdsa.pkey.val);
+ vec.ecdsa.pkey.val = NULL;
+ }
+
+ if (vec.ecdsa.k.val) {
+ rte_free(vec.ecdsa.k.val);
+ vec.ecdsa.k.val = NULL;
+ }
+
+ if (prepare_vec_ecdsa() < 0)
+ return -1;
+
+ if (prepare_vec_ecdsa_k() < 0)
+ return -1;
+
+ info.interim_info.ecdsa_data.pubkey_gen = 1;
+ }
+
+ return 0;
+}
+
static int
parse_sigver_randomvalue_str(const char *key, char *src, struct fips_val *val)
{
@@ -402,6 +446,11 @@ struct fips_test_callback ecdsa_sigver_json_vectors[] = {
{NULL, NULL, NULL} /**< end pointer */
};
+struct fips_test_callback ecdsa_keygen_json_vectors[] = {
+ {"tcId", parse_keygen_tc_str, &vec.pt},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
int
parse_test_ecdsa_json_init(void)
{
@@ -421,6 +470,9 @@ parse_test_ecdsa_json_init(void)
} else if (strcmp(mode_str, "sigVer") == 0) {
info.op = FIPS_TEST_ASYM_SIGVER;
info.callbacks = ecdsa_sigver_json_vectors;
+ } else if (strcmp(mode_str, "keyGen") == 0) {
+ info.op = FIPS_TEST_ASYM_KEYGEN;
+ info.callbacks = ecdsa_keygen_json_vectors;
} else {
return -EINVAL;
}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 1974dc959b..97190902aa 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -1758,6 +1758,19 @@ fips_run_test(void)
env.op = env.sym.op;
if (env.is_asym_test) {
+ if (info.op == FIPS_TEST_ASYM_KEYGEN &&
+ info.algo == FIPS_TEST_ALGO_ECDSA) {
+ env.op = env.asym.op;
+ test_ops.prepare_asym_xform = prepare_ecfpm_xform;
+ test_ops.prepare_asym_op = prepare_ecfpm_op;
+ ret = fips_run_asym_test();
+ if (ret < 0)
+ return ret;
+
+ info.interim_info.ecdsa_data.pubkey_gen = 0;
+ return ret;
+ }
+
vec.cipher_auth.digest.len = parse_test_sha_hash_size(
info.interim_info.rsa_data.auth);
test_ops.prepare_sym_xform = prepare_sha_xform;
--
2.25.1
[v1, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA test
Add SHA3 algorithms in ECDSA as supported.
Signed-off-by: Gowrishankar Muthukrishnan
---
examples/fips_validation/fips_validation_ecdsa.c | 4
1 file changed, 4 insertions(+)
diff --git a/examples/fips_validation/fips_validation_ecdsa.c
b/examples/fips_validation/fips_validation_ecdsa.c
index 5c91abfc5a..aef722d147 100644
--- a/examples/fips_validation/fips_validation_ecdsa.c
+++ b/examples/fips_validation/fips_validation_ecdsa.c
@@ -50,6 +50,10 @@ struct {
{RTE_CRYPTO_AUTH_SHA256, "SHA2-256"},
{RTE_CRYPTO_AUTH_SHA384, "SHA2-384"},
{RTE_CRYPTO_AUTH_SHA512, "SHA2-512"},
+ {RTE_CRYPTO_AUTH_SHA3_224, "SHA3-224"},
+ {RTE_CRYPTO_AUTH_SHA3_256, "SHA3-256"},
+ {RTE_CRYPTO_AUTH_SHA3_384, "SHA3-384"},
+ {RTE_CRYPTO_AUTH_SHA3_512, "SHA3-512"},
};
struct {
--
2.25.1
[v1, 09/10] examples/fips_validation: fix AES XTS to read seq number
Fix AES XTS test to read sequence number correctly.
Fixes: f8e431ed8f6 ("examples/fips_validation: add parsing for AES-XTS")
Signed-off-by: Gowrishankar Muthukrishnan
---
examples/fips_validation/fips_validation_xts.c | 13 +
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/examples/fips_validation/fips_validation_xts.c
b/examples/fips_validation/fips_validation_xts.c
index 531e3c688e..530df78ab4 100644
--- a/examples/fips_validation/fips_validation_xts.c
+++ b/examples/fips_validation/fips_validation_xts.c
@@ -34,6 +34,7 @@
#define DATAUNITLEN_JSON_STR "dataUnitLen"
#define PAYLOADLEN_JSON_STR"payloadLen"
#define TWEAKVALUE_JSON_STR"tweakValue"
+#define SEQNUMBER_JSON_STR "sequenceNumber"
#define PT_JSON_STR"pt"
#define CT_JSON_STR"ct"
@@ -95,14 +96,17 @@ parser_xts_read_keylen(const char *key, char *src, struct
fips_val *val)
static int
parser_xts_read_tweakval(const char *key, char *src, struct fips_val *val)
{
+ char num_str[4] = {0};
int ret;
- if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_HEX)
+ if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_HEX) {
ret = parse_uint8_hex_str(key, src, val);
- else if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_NUMBER)
- ret = parser_read_uint32_bit_val(key, src, val);
- else
+ } else if (info.interim_info.xts_data.tweak_mode ==
XTS_TWEAK_MODE_NUMBER) {
+ snprintf(num_str, RTE_DIM(num_str), "%x", atoi(src));
+ ret = parse_uint8_hex_str(key, num_str, val);
+ } else {
ret = -1;
+ }
return ret;
}
@@ -122,6 +126,7 @@ struct fips_test_callback xts_interim_json_vectors[] = {
struct fips_test_callback xts_enc_json_vectors[] = {
{KEY_JSON_STR, parse_uint8_known_len_hex_str,
&vec.cipher_auth.key},
{TWEAKVALUE_JSON_STR, parser_xts_read_tweakval, &vec.iv},
+ {SEQNUMBER_JSON_STR, parser_xts_read_tweakval, &vec.iv},
{PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
{NULL, NULL, NULL} /**< end pointer */
};
--
2.25.1
[v1, 08/10] examples/fips_validation: fix AES GCM validation tests
AES GCM validation tests fail in FIPS validation due to incorrect
fields populated in response file. This patch fixes them.
Fixes: 5b540bebac8e ("examples/fips_validation: fix GMAC decryption output")
Signed-off-by: Gowrishankar Muthukrishnan
---
examples/fips_validation/fips_validation_gcm.c | 12 +---
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/examples/fips_validation/fips_validation_gcm.c
b/examples/fips_validation/fips_validation_gcm.c
index a80d8b3e4d..bf08d1b995 100644
--- a/examples/fips_validation/fips_validation_gcm.c
+++ b/examples/fips_validation/fips_validation_gcm.c
@@ -79,7 +79,7 @@ parser_read_gcm_pt_len(const char *key, char *src,
if (ret < 0)
return ret;
- if (vec.pt.len == 0) {
+ if (info.algo == FIPS_TEST_ALGO_AES_GMAC && vec.pt.len == 0) {
info.interim_info.gcm_data.is_gmac = 1;
test_ops.prepare_sym_op = prepare_auth_op;
test_ops.prepare_sym_xform = prepare_gmac_xform;
@@ -296,6 +296,7 @@ parse_test_gcm_json_writeback(struct fips_val *val)
tmp_val.val = val->val;
tmp_val.len = vec.pt.len;
+ info.one_line_text[0] = '\0';
writeback_hex_str("", info.one_line_text, &tmp_val);
ct = json_string(info.one_line_text);
json_object_set_new(json_info.json_write_case,
CT_JSON_STR, ct);
@@ -326,6 +327,7 @@ parse_test_gcm_json_writeback(struct fips_val *val)
tmp_val.val = val->val;
tmp_val.len = vec.pt.len;
+ info.one_line_text[0] = '\0';
writeback_hex_str("", info.one_line_text,
&tmp_val);
json_object_set_new(json_info.json_write_case,
PT_JSON_STR,
json_string(info.one_line_text));
@@ -334,12 +336,8 @@ parse_test_gcm_json_writeback(struct fips_val *val)
json_true());
}
} else {
- if (!info.interim_info.gcm_data.is_gmac)
- json_object_set_new(json_info.json_write_case,
PT_JSON_STR,
- json_string(""));
- else
- json_object_set_new(json_info.json_write_case,
"testPassed",
- json_false());
+ json_object_set_new(json_info.json_write_case,
"testPassed",
+ json_false());
}
}
--
2.25.1
[v1, 10/10] examples/fips_validation: add extra space in JSON buffer
Current test buffer to copy input data of maximum possible length
did not account NULL character, due to which a last input character
is always ignored and it causes tests like RSA SIGVER for modulo
of 4096 bits to fail. This patch fixes it.
Fixes: 0b65d54f3a4 ("examples/fips_validation: fix JSON buffer size")
Signed-off-by: Gowrishankar Muthukrishnan
---
examples/fips_validation/fips_validation.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/fips_validation/fips_validation.h
b/examples/fips_validation/fips_validation.h
index c4988053c1..abc1d64742 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -247,7 +247,7 @@ struct ecdsa_interim_data {
* Esp, in asym op, modulo bits decide char buffer size.
* max = (modulo / 4)
*/
-#define FIPS_TEST_JSON_BUF_LEN (4096 / 4)
+#define FIPS_TEST_JSON_BUF_LEN ((4096 / 4) + 1)
struct fips_test_json_info {
/* Information used for reading from json */
--
2.25.1
[PATCH] common/cnxk: fix incorrect auth key length
Auth key length is stored as 8 bit value in SE context. It should
be larger enough to accommodate supported auth key length of 1024
bytes maximum, as in HMAC.
Fixes: a45859312ff ("common/cnxk: add SE definitions for symmetric crypto")
Signed-off-by: Gowrishankar Muthukrishnan
---
drivers/common/cnxk/roc_se.h | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h
index e9415f21a5..7d6afd26cb 100644
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -288,16 +288,15 @@ struct roc_se_ctx {
uint64_t enc_cipher : 8;
uint64_t hash_type : 8;
uint64_t mac_len : 8;
- uint64_t auth_key_len : 8;
+ uint64_t auth_key_len : 16;
uint64_t fc_type : 4;
uint64_t hmac : 1;
uint64_t zsk_flags : 3;
uint64_t k_ecb : 1;
uint64_t pdcp_ci_alg : 2;
uint64_t pdcp_auth_alg : 2;
- uint16_t ciph_then_auth : 1;
- uint16_t auth_then_ciph : 1;
- uint64_t rsvd : 17;
+ uint64_t ciph_then_auth : 1;
+ uint64_t auth_then_ciph : 1;
union cpt_inst_w4 template_w4;
/* Below fields are accessed by hardware */
struct se_ctx_s {
--
2.25.1
[PATCH] crypto/cnxk: fix order of ECFPM params
Fix the order of ECFPM parameters according to target board.
Fixes: 8e39b133235 ("crypto/cnxk: support fixed point multiplication")
Signed-off-by: Gowrishankar Muthukrishnan
---
drivers/crypto/cnxk/cnxk_ae.h | 48 ---
1 file changed, 28 insertions(+), 20 deletions(-)
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index adf719da73..f1183376d0 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -678,7 +678,7 @@ static __rte_always_inline int
cnxk_ae_ecfpm_prep(struct rte_crypto_ecpm_op_param *ecpm,
struct roc_ae_buf_ptr *meta_buf, uint64_t *fpm_iova,
struct roc_ae_ec_group *ec_grp, uint8_t curveid,
- struct cpt_inst_s *inst)
+ struct cpt_inst_s *inst, int cpt_ver)
{
uint16_t scalar_align, p_align;
uint16_t dlen, prime_len;
@@ -697,26 +697,33 @@ cnxk_ae_ecfpm_prep(struct rte_crypto_ecpm_op_param *ecpm,
scalar_align = RTE_ALIGN_CEIL(ecpm->scalar.length, 8);
/*
-* Set dlen = sum(ROUNDUP8(input point(x and y coordinates), prime,
-* scalar length),
+* Set dlen = sum(prime, scalar length, table address and
+* optionally ROUNDUP8(input point(x and y coordinates)).
* Please note point length is equivalent to prime of the curve
*/
- dlen = sizeof(fpm_table_iova) + 3 * p_align + scalar_align;
-
- memset(dptr, 0, dlen);
-
- *(uint64_t *)dptr = fpm_table_iova;
- dptr += sizeof(fpm_table_iova);
-
- /* Copy scalar, prime */
- memcpy(dptr, ecpm->scalar.data, ecpm->scalar.length);
- dptr += scalar_align;
- memcpy(dptr, ec_grp->prime.data, ec_grp->prime.length);
- dptr += p_align;
- memcpy(dptr, ec_grp->consta.data, ec_grp->consta.length);
- dptr += p_align;
- memcpy(dptr, ec_grp->constb.data, ec_grp->constb.length);
- dptr += p_align;
+ if (cpt_ver == ROC_CPT_REVISION_ID_96XX_C0) {
+ dlen = sizeof(fpm_table_iova) + 3 * p_align + scalar_align;
+ memset(dptr, 0, dlen);
+ *(uint64_t *)dptr = fpm_table_iova;
+ dptr += sizeof(fpm_table_iova);
+ memcpy(dptr, ecpm->scalar.data, ecpm->scalar.length);
+ dptr += scalar_align;
+ memcpy(dptr, ec_grp->prime.data, ec_grp->prime.length);
+ dptr += p_align;
+ memcpy(dptr, ec_grp->consta.data, ec_grp->consta.length);
+ dptr += p_align;
+ memcpy(dptr, ec_grp->constb.data, ec_grp->constb.length);
+ dptr += p_align;
+ } else {
+ dlen = sizeof(fpm_table_iova) + p_align + scalar_align;
+ memset(dptr, 0, dlen);
+ memcpy(dptr, ecpm->scalar.data, ecpm->scalar.length);
+ dptr += scalar_align;
+ memcpy(dptr, ec_grp->prime.data, ec_grp->prime.length);
+ dptr += p_align;
+ *(uint64_t *)dptr = fpm_table_iova;
+ dptr += sizeof(fpm_table_iova);
+ }
/* Setup opcodes */
w4.s.opcode_major = ROC_AE_MAJOR_OP_ECC;
@@ -947,7 +954,8 @@ cnxk_ae_enqueue(struct cnxk_cpt_qp *qp, struct
rte_crypto_op *op,
ret = cnxk_ae_ecfpm_prep(&asym_op->ecpm, &meta_buf,
sess->cnxk_fpm_iova,
sess->ec_grp[sess->ec_ctx.curveid],
-sess->ec_ctx.curveid, inst);
+sess->ec_ctx.curveid, inst,
+sess->lf->roc_cpt->cpt_revision);
if (unlikely(ret))
goto req_fail;
break;
--
2.25.1
RE: [v1 0/6] cryptodev: support digest message in SM2
Hi, Could these patches get some review ? Thanks, Gowrishankar > This patch series fixes SM2 algorithm implementation to support digest > message as input along with plain message as today. > > Gowrishankar Muthukrishnan (6): > crypto/openssl: include SM2 in asymmetric capabilities > cryptodev: add RNG capability in EC based xform > cryptodev: add hash support in asymmetric capability > cryptodev: use generic EC xform params for SM2 > app/test: check asymmetric capabilities in SM2 test > crypto/cnxk: add SM2 support > > app/test/test_cryptodev_asym.c| 131 ++ > app/test/test_cryptodev_sm2_test_vectors.h| 32 ++- > doc/guides/cryptodevs/features/cn10k.ini | 1 + > doc/guides/rel_notes/release_23_11.rst| 6 + > drivers/common/cnxk/hw/cpt.h | 3 +- > drivers/common/cnxk/roc_ae.c | 32 ++- > drivers/common/cnxk/roc_ae.h | 3 +- > drivers/common/cnxk/roc_ae_fpm_tables.c | 190 ++ > drivers/crypto/cnxk/cnxk_ae.h | 232 +- > drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +- > .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 17 ++ > drivers/crypto/openssl/rte_openssl_pmd_ops.c | 19 +- > lib/cryptodev/cryptodev_trace.h | 9 + > lib/cryptodev/cryptodev_trace_points.c| 3 + > lib/cryptodev/rte_crypto_asym.h | 15 +- > lib/cryptodev/rte_cryptodev.c | 16 ++ > lib/cryptodev/rte_cryptodev.h | 25 ++ > lib/cryptodev/version.map | 1 + > 18 files changed, 666 insertions(+), 71 deletions(-) > > -- > 2.25.1
[PATCH] crypto/openssl: fix memory leaks in SM2 ops
Fix memory leaks in SM2 ops, as reported by valgrind.
Signed-off-by: Gowrishankar Muthukrishnan
---
drivers/crypto/openssl/rte_openssl_pmd.c | 45 ++--
1 file changed, 26 insertions(+), 19 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5e8624cebe..c69889d522 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -2674,10 +2674,13 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
EVP_PKEY_CTX *kctx = NULL, *sctx = NULL, *cctx = NULL;
struct rte_crypto_asym_op *op = cop->asym;
OSSL_PARAM_BLD *param_bld = NULL;
+ ECDSA_SIG *ec_sign = NULL;
+ EVP_MD_CTX *md_ctx = NULL;
OSSL_PARAM *params = NULL;
+ EVP_MD *check_md = NULL;
EVP_PKEY *pkey = NULL;
BIGNUM *pkey_bn = NULL;
- uint8_t pubkey[64];
+ uint8_t pubkey[65];
size_t len = 0;
int ret = -1;
@@ -2787,10 +2790,7 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
{
unsigned char signbuf[128] = {0};
const unsigned char *signptr;
- EVP_MD_CTX *md_ctx = NULL;
const BIGNUM *r, *s;
- ECDSA_SIG *ec_sign;
- EVP_MD *check_md;
size_t signlen;
kctx = EVP_PKEY_CTX_new_from_name(NULL, "SM2", NULL);
@@ -2842,17 +2842,12 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
op->sm2.s.length = BN_num_bytes(s);
BN_bn2bin(r, op->sm2.r.data);
BN_bn2bin(s, op->sm2.s.data);
-
- ECDSA_SIG_free(ec_sign);
}
break;
case RTE_CRYPTO_ASYM_OP_VERIFY:
{
- unsigned char signbuf[128] = {0};
BIGNUM *r = NULL, *s = NULL;
- EVP_MD_CTX *md_ctx = NULL;
- ECDSA_SIG *ec_sign;
- EVP_MD *check_md;
+ unsigned char *signbuf;
size_t signlen;
kctx = EVP_PKEY_CTX_new_from_name(NULL, "SM2", NULL);
@@ -2902,19 +2897,16 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
goto err_sm2;
}
- r = NULL;
- s = NULL;
-
- signlen = i2d_ECDSA_SIG(ec_sign, (unsigned char
**)&signbuf);
- if (signlen <= 0)
+ signlen = i2d_ECDSA_SIG(ec_sign, 0);
+ signbuf = rte_malloc(NULL, signlen, 0);
+ signlen = i2d_ECDSA_SIG(ec_sign, &signbuf);
+ if (signlen <= 0) {
+ rte_free(signbuf);
goto err_sm2;
+ }
if (!EVP_DigestVerifyFinal(md_ctx, signbuf, signlen))
goto err_sm2;
-
- BN_free(r);
- BN_free(s);
- ECDSA_SIG_free(ec_sign);
}
break;
default:
@@ -2928,6 +2920,15 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
ret = 0;
cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
err_sm2:
+ if (ec_sign)
+ ECDSA_SIG_free(ec_sign);
+
+ if (check_md)
+ EVP_MD_free(check_md);
+
+ if (md_ctx)
+ EVP_MD_CTX_free(md_ctx);
+
if (kctx)
EVP_PKEY_CTX_free(kctx);
@@ -2943,6 +2944,12 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
if (param_bld)
OSSL_PARAM_BLD_free(param_bld);
+ if (params)
+ OSSL_PARAM_free(params);
+
+ if (pkey_bn)
+ BN_free(pkey_bn);
+
return ret;
}
--
2.25.1
RE: [EXT] [RFC] cryptodev: refactor sm2, add plain message flag
Hi,
> Actually hash should be moved outside of xform, we do not want to have a
> session per hash I think.
> Session should be per key, eventually per private key only.
> >
If a hardware does not support hashing plain input before any SM2 op,
It has to be first hashed in a separate session (based on hash alg), then
forward
the digest into current op. To support these two possible kind of inputs,
capability check as proposed can help the application. OpenSSL PMD for eg takes
only
plain text input (and it does internal hashing).
Would you think hash algo can change in the mid of session ? If not, it could be
a session attribute still.
> > To note, more than one hash algorithm needs to be supported as in
> > ECDSA for eg. so I made it bitmask of hash algorithms supported by PMD.
> > For SM2, today we set only SM3.
> >
> > With this, the application can check the xform capability and set op
> > params as shown in :
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__patches.dpdk.org_
> >
> project_dpdk_patch_f3be0a425170ee26a1396d34f52a&d=DwIFAg&c=nKjWec2
> b6R0
> > mOyPaz7xtfQ&r=EAtr-g7yUFhtOio8r2Rtm13Aqe4WVp_S_gHpcu6KFVo&m=PH-
> nP4_D0b
> > HFdQJbLclZO68l2-
> LQCCcvOX3vuHeUdkYYZe3kXzKWxsZ9bJa_SKww&s=88sPzV8cxNP2j
> > qfXzX1RjUhuU1U_jE8PB55ZFEG-SP4&e=
> > 8e07941f7ce5.1691658879.git.gmuthukri...@marvell.com/
> >
> > > rte_crypto_uint k;
> > > /**< Per-message secret number, which is an integer
> > >* in the interval (1, q-1).
> > > @@ -579,7 +575,12 @@ struct rte_crypto_ecdsa_op_param {
> > > /**< Public key of the signer for verification */
> > >
> > > rte_crypto_param message;
> > > - /**< Input message digest to be signed or verified */
> > > + /**<
> > > + * Pointer to the input data
> > > + * In case RTE_CRYPTO_ASYM_FLAG_PLAIN_INPUT flag is set in the
> > > op flags field,
> > > + * it is a message to be signed by the PMD.
> > > + * Otherwise, it is a message hash.
> > > + */
> > >
> > Please find above my comments for this flag.
> >
> > > rte_crypto_uint k;
> > > /**< The ECDSA per-message secret number, which is an integer @@
> > > -652,52 +653,20 @@ struct rte_crypto_asym_xform {
> > > };
> > > };
> > >
> > > -/**
> > > - * SM2 operation params.
> > > - */
> > > -struct rte_crypto_sm2_op_param {
> > > +struct rte_crypto_sm2_signature {
> >
> > Yeah, it will help picking params for the application easily.
> > Just a suggestion: could we retain _param suffix. Say
> > rte_crypto_sm2_sign_param.
> >
> > > enum rte_crypto_asym_op_type op_type;
> > > /**< Signature generation or verification. */
> >
> > Now op_type can either be sign/verify here.
> > > -
> > > - rte_crypto_uint pkey;
> > > - /**< Private key for encryption or sign generation. */
> > > -
> > > - struct rte_crypto_ec_point q;
> > > - /**< Public key for decryption or verification. */
> > > -
> > > rte_crypto_param message;
> > > /**<
> > > - * Pointer to input data
> > > - * - to be encrypted for SM2 public encrypt.
> > > - * - to be signed for SM2 sign generation.
> > > - * - to be authenticated for SM2 sign verification.
> > > - *
> > > - * Pointer to output data
> > > - * - for SM2 private decrypt.
> > > - * In this case the underlying array should have been
> > > - * allocated with enough memory to hold plaintext output
> > > - * (at least encrypted text length). The message.length field
> > > - * will be overwritten by the PMD with the decrypted length.
> > > - */
> > > -
> > > - rte_crypto_param cipher;
> > > - /**<
> > > - * Pointer to input data
> > > - * - to be decrypted for SM2 private decrypt.
> > > - *
> > > - * Pointer to output data
> > > - * - for SM2 public encrypt.
> > > - * In this case the underlying array should have been allocated
> > > - * with enough memory to hold ciphertext output (at least X bytes
> > > - * for prime field curve of N bytes and for message M bytes,
> > > - * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
> > > - * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > > - * be overwritten by the PMD with the encrypted length.
> > > + * Pointer to the input data
> > > + * In case RTE_CRYPTO_ASYM_FLAG_PLAIN_INPUT flag is set in the
> > > op flags field,
> > > + * it is a message to be signed by the PMD.
> > > + * Otherwise, it is a message hash.
> > >*/
> > Please find above my comments for this flag.
> >
> > > -
> > > rte_crypto_uint id;
> > > - /**< The SM2 id used by signer and verifier. */
> > > -
> > > + /**< The SM2 id used by signer and verifier.
> > > + * In case RTE_CRYPTO_ASYM_FLAG_PLAIN_INPUT flag is set this
> > > field is unused.
> > > + */
> > > rte_crypto_uint k;
> > > /**< The SM2 per-message secret number, which is an integer
> > >* in the interval (1, n-1).
> > > @@ -719,6 +688,46 @@ struct rte_crypto_sm2_op_param {
> > >*/
> > > };
> > >
> > > +struct rte_crypto_sm2_cipher {
> > > + enum rte_crypto_asym_op_type op_type;
> > > + /**< Ecryption or decryption. */
> > > + rte_
[PATCH] app/test: add modexp group tests
Add modexp tests for groups 5, 14, 15, 16, 17 and 18.
Signed-off-by: Gowrishankar Muthukrishnan
---
app/test/test_cryptodev_asym.c | 48 +
app/test/test_cryptodev_mod_test_vectors.h | 989 -
2 files changed, 1036 insertions(+), 1 deletion(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 9820b80f7e..0915784560 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -2698,6 +2698,30 @@ static struct unit_test_suite
cryptodev_openssl_asym_testsuite = {
test_rsa_sign_verify_crt),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_inv),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[0].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[0]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[1].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[1]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[2].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[2]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[3].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[3]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[4].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[4]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[5].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[5]),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
@@ -2749,6 +2773,30 @@ static struct unit_test_suite
cryptodev_octeontx_asym_testsuite = {
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
test_rsa_sign_verify_crt),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_mod_exp),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[0].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[0]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[1].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[1]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[2].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[2]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[3].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[3]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[4].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[4]),
+ TEST_CASE_NAMED_WITH_DATA(
+ modex_group_test_cases[5].description,
+ ut_setup_asym, ut_teardown_asym,
+ modular_exponentiation, &modex_group_test_cases[5]),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
test_ecdsa_sign_verify_all_curve),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
diff --git a/app/test/test_cryptodev_mod_test_vectors.h
b/app/test/test_cryptodev_mod_test_vectors.h
index 0ffc958037..c773c37018 100644
--- a/app/test/test_cryptodev_mod_test_vectors.h
+++ b/app/test/test_cryptodev_mod_test_vectors.h
@@ -6,7 +6,7 @@
#ifndef TEST_CRYPTODEV_MOD_TEST_VECTORS_H_
#define TEST_CRYPTODEV_MOD_TEST_VECTORS_H_
-#define DATA_SIZE 512
+#define DATA_SIZE 1024
struct modex_test_data {
enum rte_crypto_asym_xform_type xform_type;
@@ -269,4 +269,991 @@ struct rte_crypto_asym_xform modinv_xform = {
}
};
+static const struct
+modex_test_data modex_group_test_cases[] = {
+{
+ .description = "Modular Exponentiation tests for Group 5",
+
[PATCH v4 0/2] app/dma-perf: add SG copy support
Add SG copy support in dma-perf application. v4: - improvement in buffer allocation for perf validation. Gowrishankar Muthukrishnan (2): app/dma-perf: validate copied memory app/dma-perf: add SG copy support app/test-dma-perf/benchmark.c | 251 ++ app/test-dma-perf/config.ini | 17 +++ app/test-dma-perf/main.c | 46 ++- app/test-dma-perf/main.h | 5 +- 4 files changed, 283 insertions(+), 36 deletions(-) -- 2.25.1
[PATCH v4 1/2] app/dma-perf: validate copied memory
Validate copied memory to ensure DMA copy did not fail.
Fixes: 623dc9364dc ("app/dma-perf: introduce DMA performance test")
Signed-off-by: Gowrishankar Muthukrishnan
---
app/test-dma-perf/benchmark.c | 24 ++--
app/test-dma-perf/main.c | 16 +++-
app/test-dma-perf/main.h | 2 +-
3 files changed, 34 insertions(+), 8 deletions(-)
diff --git a/app/test-dma-perf/benchmark.c b/app/test-dma-perf/benchmark.c
index 0601e0d171..99e05436b9 100644
--- a/app/test-dma-perf/benchmark.c
+++ b/app/test-dma-perf/benchmark.c
@@ -12,6 +12,7 @@
#include
#include
#include
+#include
#include "main.h"
@@ -308,6 +309,7 @@ setup_memory_env(struct test_configure *cfg, struct
rte_mbuf ***srcs,
unsigned int buf_size = cfg->buf_size.cur;
unsigned int nr_sockets;
uint32_t nr_buf = cfg->nr_buf;
+ uint32_t i;
nr_sockets = rte_socket_count();
if (cfg->src_numa_node >= nr_sockets ||
@@ -360,13 +362,18 @@ setup_memory_env(struct test_configure *cfg, struct
rte_mbuf ***srcs,
return -1;
}
+ for (i = 0; i < nr_buf; i++) {
+ memset(rte_pktmbuf_mtod((*srcs)[i], void *), rte_rand(),
buf_size);
+ memset(rte_pktmbuf_mtod((*dsts)[i], void *), 0, buf_size);
+ }
+
return 0;
}
-void
+int
mem_copy_benchmark(struct test_configure *cfg, bool is_dma)
{
- uint16_t i;
+ uint32_t i;
uint32_t offset;
unsigned int lcore_id = 0;
struct rte_mbuf **srcs = NULL, **dsts = NULL;
@@ -381,6 +388,7 @@ mem_copy_benchmark(struct test_configure *cfg, bool is_dma)
uint32_t avg_cycles_total;
float mops, mops_total;
float bandwidth, bandwidth_total;
+ int ret = 0;
if (setup_memory_env(cfg, &srcs, &dsts) < 0)
goto out;
@@ -454,6 +462,16 @@ mem_copy_benchmark(struct test_configure *cfg, bool is_dma)
rte_eal_mp_wait_lcore();
+ for (i = 0; i < (nr_buf / nb_workers) * nb_workers; i++) {
+ if (memcmp(rte_pktmbuf_mtod(srcs[i], void *),
+ rte_pktmbuf_mtod(dsts[i], void *),
+ cfg->buf_size.cur) != 0) {
+ printf("Copy validation fails for buffer number %d\n",
i);
+ ret = -1;
+ goto out;
+ }
+ }
+
mops_total = 0;
bandwidth_total = 0;
avg_cycles_total = 0;
@@ -505,4 +523,6 @@ mem_copy_benchmark(struct test_configure *cfg, bool is_dma)
rte_dma_stop(ldm->dma_ids[i]);
}
}
+
+ return ret;
}
diff --git a/app/test-dma-perf/main.c b/app/test-dma-perf/main.c
index e5bccc27da..f917be4216 100644
--- a/app/test-dma-perf/main.c
+++ b/app/test-dma-perf/main.c
@@ -86,20 +86,24 @@ output_header(uint32_t case_id, struct test_configure
*case_cfg)
output_csv(true);
}
-static void
+static int
run_test_case(struct test_configure *case_cfg)
{
+ int ret = 0;
+
switch (case_cfg->test_type) {
case TEST_TYPE_DMA_MEM_COPY:
- mem_copy_benchmark(case_cfg, true);
+ ret = mem_copy_benchmark(case_cfg, true);
break;
case TEST_TYPE_CPU_MEM_COPY:
- mem_copy_benchmark(case_cfg, false);
+ ret = mem_copy_benchmark(case_cfg, false);
break;
default:
printf("Unknown test type. %s\n", case_cfg->test_type_str);
break;
}
+
+ return ret;
}
static void
@@ -144,8 +148,10 @@ run_test(uint32_t case_id, struct test_configure *case_cfg)
case_cfg->scenario_id++;
printf("\nRunning scenario %d\n", case_cfg->scenario_id);
- run_test_case(case_cfg);
- output_csv(false);
+ if (run_test_case(case_cfg) < 0)
+ printf("\nTest fails! skipping this scenario.\n");
+ else
+ output_csv(false);
if (var_entry->op == OP_ADD)
var_entry->cur += var_entry->incr;
diff --git a/app/test-dma-perf/main.h b/app/test-dma-perf/main.h
index f65e264378..658f22f673 100644
--- a/app/test-dma-perf/main.h
+++ b/app/test-dma-perf/main.h
@@ -59,6 +59,6 @@ struct test_configure {
uint8_t scenario_id;
};
-void mem_copy_benchmark(struct test_configure *cfg, bool is_dma);
+int mem_copy_benchmark(struct test_configure *cfg, bool is_dma);
#endif /* MAIN_H */
--
2.25.1
[PATCH v4 2/2] app/dma-perf: add SG copy support
Add SG copy support.
Signed-off-by: Gowrishankar Muthukrishnan
---
app/test-dma-perf/benchmark.c | 243 +-
app/test-dma-perf/config.ini | 17 +++
app/test-dma-perf/main.c | 34 -
app/test-dma-perf/main.h | 5 +-
4 files changed, 260 insertions(+), 39 deletions(-)
diff --git a/app/test-dma-perf/benchmark.c b/app/test-dma-perf/benchmark.c
index 99e05436b9..82eb2cebe9 100644
--- a/app/test-dma-perf/benchmark.c
+++ b/app/test-dma-perf/benchmark.c
@@ -46,6 +46,10 @@ struct lcore_params {
uint16_t test_secs;
struct rte_mbuf **srcs;
struct rte_mbuf **dsts;
+ struct rte_dma_sge *src_sges;
+ struct rte_dma_sge *dst_sges;
+ uint8_t src_ptrs;
+ uint8_t dst_ptrs;
volatile struct worker_info worker_info;
};
@@ -86,21 +90,31 @@ calc_result(uint32_t buf_size, uint32_t nr_buf, uint16_t
nb_workers, uint16_t te
}
static void
-output_result(uint8_t scenario_id, uint32_t lcore_id, char *dma_name, uint16_t
ring_size,
- uint16_t kick_batch, uint64_t ave_cycle, uint32_t
buf_size, uint32_t nr_buf,
- float memory, float bandwidth, float mops, bool is_dma)
+output_result(struct test_configure *cfg, struct lcore_params *para,
+ uint16_t kick_batch, uint64_t ave_cycle, uint32_t
buf_size,
+ uint32_t nr_buf, float memory, float bandwidth, float
mops)
{
- if (is_dma)
- printf("lcore %u, DMA %s, DMA Ring Size: %u, Kick Batch Size:
%u.\n",
- lcore_id, dma_name, ring_size, kick_batch);
- else
+ uint16_t ring_size = cfg->ring_size.cur;
+ uint8_t scenario_id = cfg->scenario_id;
+ uint32_t lcore_id = para->lcore_id;
+ char *dma_name = para->dma_name;
+
+ if (cfg->is_dma) {
+ printf("lcore %u, DMA %s, DMA Ring Size: %u, Kick Batch Size:
%u", lcore_id,
+ dma_name, ring_size, kick_batch);
+ if (cfg->is_sg)
+ printf(" DMA src ptrs: %u, dst ptrs: %u",
+ para->src_ptrs, para->dst_ptrs);
+ printf(".\n");
+ } else {
printf("lcore %u\n", lcore_id);
+ }
printf("Average Cycles/op: %" PRIu64 ", Buffer Size: %u B, Buffer
Number: %u, Memory: %.2lf MB, Frequency: %.3lf Ghz.\n",
ave_cycle, buf_size, nr_buf, memory,
rte_get_timer_hz()/10.0);
printf("Average Bandwidth: %.3lf Gbps, MOps: %.3lf\n", bandwidth, mops);
- if (is_dma)
+ if (cfg->is_dma)
snprintf(output_str[lcore_id], MAX_OUTPUT_STR_LEN,
CSV_LINE_DMA_FMT,
scenario_id, lcore_id, dma_name, ring_size, kick_batch,
buf_size,
nr_buf, memory, ave_cycle, bandwidth, mops);
@@ -130,7 +144,7 @@ cache_flush_buf(__rte_unused struct rte_mbuf **array,
/* Configuration of device. */
static void
-configure_dmadev_queue(uint32_t dev_id, uint32_t ring_size)
+configure_dmadev_queue(uint32_t dev_id, uint32_t ring_size, uint8_t ptrs_max)
{
uint16_t vchan = 0;
struct rte_dma_info info;
@@ -153,6 +167,10 @@ configure_dmadev_queue(uint32_t dev_id, uint32_t ring_size)
rte_exit(EXIT_FAILURE, "Error, no configured queues reported on
device id. %u\n",
dev_id);
+ if (info.max_sges < ptrs_max)
+ rte_exit(EXIT_FAILURE, "Error, DMA ptrs more than supported by
device id %u.\n",
+ dev_id);
+
if (rte_dma_start(dev_id) != 0)
rte_exit(EXIT_FAILURE, "Error with dma start.\n");
}
@@ -166,8 +184,12 @@ config_dmadevs(struct test_configure *cfg)
uint32_t i;
int dev_id;
uint16_t nb_dmadevs = 0;
+ uint8_t ptrs_max = 0;
char *dma_name;
+ if (cfg->is_sg)
+ ptrs_max = RTE_MAX(cfg->src_ptrs, cfg->dst_ptrs);
+
for (i = 0; i < ldm->cnt; i++) {
dma_name = ldm->dma_names[i];
dev_id = rte_dma_get_dev_id_by_name(dma_name);
@@ -177,7 +199,7 @@ config_dmadevs(struct test_configure *cfg)
}
ldm->dma_ids[i] = dev_id;
- configure_dmadev_queue(dev_id, ring_size);
+ configure_dmadev_queue(dev_id, ring_size, ptrs_max);
++nb_dmadevs;
}
@@ -217,7 +239,7 @@ do_dma_submit_and_poll(uint16_t dev_id, uint64_t *async_cnt,
}
static inline int
-do_dma_mem_copy(void *p)
+do_dma_plain_mem_copy(void *p)
{
struct lcore_params *para = (struct lcore_params *)p;
volatile struct worker_info *worker_info = &(para->worker_info);
@@ -270,6 +292,65 @@ do_dma_mem_copy(void *p)
return 0;
}
+s
RE: [v1 3/6] cryptodev: add hash support in asymmetric capability
Hi Arek,
> > rte_crypto_ec_xform {
> > enum rte_crypto_curve_id curve_id;
> > /**< Pre-defined ec groups */
> > +
> > + enum rte_crypto_auth_algorithm hash;
> [Arek] I think that session should only contain information that are constant
> across its lifetime. Here we decided to have a curve id, but this could be
> curve + key. But hash may be different for any op, additionally this xform is
> used for key exchange; multiplication or potentially encryption/decryption.,
> which usually does not need any hash. I would have it in the op.
Ack. I will send next version of this series with this modification.
Reason we had in xform is to stop app not to process enq if session creation
itself
would fail (without required capability).
In the next version of patch, you would see (2/7), you keys moved into session.
Thanks,
Gowrishankar
> > + /**< Hash algorithm used in EC op. */
> > };
> >
> > /**
> > diff --git a/lib/cryptodev/rte_cryptodev.c
> > b/lib/cryptodev/rte_cryptodev.c index c49d342b17..041d3074db 100644
> > --- a/lib/cryptodev/rte_cryptodev.c
> > +++ b/lib/cryptodev/rte_cryptodev.c
> > @@ -718,6 +718,22 @@
> rte_cryptodev_asym_xform_capability_check_modlen(
> > return ret;
> > }
> >
> > +bool
> > +rte_cryptodev_asym_xform_capability_check_hash(
> > + const struct rte_cryptodev_asymmetric_xform_capability
> *capability,
> > + enum rte_crypto_auth_algorithm hash) {
> > + bool ret = false;
> > +
> > + if (capability->hash_algos & (1 << hash))
> > + ret = true;
> > +
> > + rte_cryptodev_trace_asym_xform_capability_check_hash(
> > + capability->hash_algos, hash, ret);
> > +
> > + return ret;
> > +}
> > +
> > /* spinlock for crypto device enq callbacks */ static rte_spinlock_t
> > rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
> >
> > diff --git a/lib/cryptodev/rte_cryptodev.h
> > b/lib/cryptodev/rte_cryptodev.h index
> > 64810c9ec4..536e082244 100644
> > --- a/lib/cryptodev/rte_cryptodev.h
> > +++ b/lib/cryptodev/rte_cryptodev.h
> > @@ -189,6 +189,9 @@ struct rte_cryptodev_asymmetric_xform_capability
> {
> > * random value. Otherwise, PMD would internally compute
> the random
> > number.
> > */
> > };
> > +
> > + uint64_t hash_algos;
> > + /**< Bitmask of hash algorithms supported for op_type. */
> > };
> >
> > /**
> > @@ -348,6 +351,22 @@
> rte_cryptodev_asym_xform_capability_check_modlen(
> > const struct rte_cryptodev_asymmetric_xform_capability
> *capability,
> > uint16_t modlen);
> >
> > +/**
> > + * Check if hash algorithm is supported.
> > + *
> > + * @param capability Asymmetric crypto capability.
> > + * @param hashHash algorithm.
> > + *
> > + * @return
> > + * - Return true if the hash algorithm is supported.
> > + * - Return false if the hash algorithm is not supported.
> > + */
> > +__rte_experimental
> > +bool
> > +rte_cryptodev_asym_xform_capability_check_hash(
> > + const struct rte_cryptodev_asymmetric_xform_capability
> *capability,
> > + enum rte_crypto_auth_algorithm hash);
> > +
> > /**
> > * Provide the cipher algorithm enum, given an algorithm string
> > *
> > diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
> > index
> > ae8d9327b4..3c2d1780e0 100644
> > --- a/lib/cryptodev/version.map
> > +++ b/lib/cryptodev/version.map
> > @@ -54,6 +54,7 @@ EXPERIMENTAL {
> > rte_cryptodev_asym_get_xform_enum;
> > rte_cryptodev_asym_session_create;
> > rte_cryptodev_asym_session_free;
> > + rte_cryptodev_asym_xform_capability_check_hash;
> > rte_cryptodev_asym_xform_capability_check_modlen;
> > rte_cryptodev_asym_xform_capability_check_optype;
> > rte_cryptodev_sym_cpu_crypto_process;
> > --
> > 2.25.1
[PATCH v2 0/7] cryptodev: support digest message in SM2
This patch series fixes SM2 algorithm implementation to support digest message as input along with plain message as today. v2: - private and pubic keys stored per session. Gowrishankar Muthukrishnan (7): crypto/openssl: include SM2 in asymmetric capabilities cryptodev: set private and public keys in EC session cryptodev: add RNG capability in EC based xform cryptodev: add hash algorithms in asymmetric capability cryptodev: use generic EC xform params for SM2 app/test: check asymmetric capabilities in SM2 test crypto/cnxk: add SM2 support app/test/test_cryptodev_asym.c| 199 - app/test/test_cryptodev_sm2_test_vectors.h| 32 ++- doc/guides/cryptodevs/features/cn10k.ini | 1 + doc/guides/rel_notes/release_23_11.rst| 8 + drivers/common/cnxk/hw/cpt.h | 3 +- drivers/common/cnxk/roc_ae.c | 32 ++- drivers/common/cnxk/roc_ae.h | 21 +- drivers/common/cnxk/roc_ae_fpm_tables.c | 190 + drivers/common/cpt/cpt_mcode_defines.h| 18 ++ drivers/common/cpt/cpt_ucode_asym.h | 22 +- drivers/crypto/cnxk/cnxk_ae.h | 269 +- drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 17 ++ drivers/crypto/openssl/rte_openssl_pmd.c | 53 +--- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 55 +++- drivers/crypto/qat/qat_asym.c | 6 +- examples/fips_validation/main.c | 14 +- lib/cryptodev/cryptodev_trace.h | 9 + lib/cryptodev/cryptodev_trace_points.c| 3 + lib/cryptodev/rte_crypto_asym.h | 34 +-- lib/cryptodev/rte_cryptodev.c | 16 ++ lib/cryptodev/rte_cryptodev.h | 25 ++ lib/cryptodev/version.map | 1 + 23 files changed, 834 insertions(+), 196 deletions(-) -- 2.25.1
[PATCH v2 1/7] crypto/openssl: include SM2 in asymmetric capabilities
Include SM2 algorithm in the asymmetric capabilities supported
by OpenSSL PMD.
Fixes: 3b7d638fb11f ("crypto/openssl: support asymmetric SM2")
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Arkadiusz Kusztal
---
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 14 ++
1 file changed, 14 insertions(+)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 85a4fa3e55..2eb450fcfd 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -593,6 +593,20 @@ static const struct rte_cryptodev_capabilities
openssl_pmd_capabilities[] = {
},
}
},
+ { /* SM2 */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+ .op_types =
+ ((1<
[PATCH v2 2/7] cryptodev: set private and public keys in EC session
Set EC private and public keys into xform so that, it can be
maintained per session.
Signed-off-by: Gowrishankar Muthukrishnan
---
app/test/test_cryptodev_asym.c | 121 ++
drivers/common/cnxk/roc_ae.h | 18 ++
drivers/common/cpt/cpt_mcode_defines.h | 18 ++
drivers/common/cpt/cpt_ucode_asym.h | 22 +-
drivers/crypto/cnxk/cnxk_ae.h| 235 ++-
drivers/crypto/openssl/rte_openssl_pmd.c | 53 +
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 38 ++-
drivers/crypto/qat/qat_asym.c| 6 +-
examples/fips_validation/main.c | 14 +-
lib/cryptodev/rte_crypto_asym.h | 28 +--
10 files changed, 409 insertions(+), 144 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 9820b80f7e..0e7a9b5460 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1503,6 +1503,12 @@ test_ecdsa_sign_verify(enum curve curve_id)
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA;
xform.ec.curve_id = input_params.curve;
+ xform.ec.pkey.data = input_params.pkey.data;
+ xform.ec.pkey.length = input_params.pkey.length;
+ xform.ec.q.x.data = input_params.pubkey_qx.data;
+ xform.ec.q.x.length = input_params.pubkey_qx.length;
+ xform.ec.q.y.data = input_params.pubkey_qy.data;
+ xform.ec.q.y.length = input_params.pubkey_qy.length;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -1524,8 +1530,6 @@ test_ecdsa_sign_verify(enum curve curve_id)
op->asym->ecdsa.message.length = input_params.digest.length;
op->asym->ecdsa.k.data = input_params.scalar.data;
op->asym->ecdsa.k.length = input_params.scalar.length;
- op->asym->ecdsa.pkey.data = input_params.pkey.data;
- op->asym->ecdsa.pkey.length = input_params.pkey.length;
/* Init out buf */
op->asym->ecdsa.r.data = output_buf_r;
@@ -1582,10 +1586,6 @@ test_ecdsa_sign_verify(enum curve curve_id)
/* Populate op with operational details */
op->asym->ecdsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
- op->asym->ecdsa.q.x.data = input_params.pubkey_qx.data;
- op->asym->ecdsa.q.x.length = input_params.pubkey_qx.length;
- op->asym->ecdsa.q.y.data = input_params.pubkey_qy.data;
- op->asym->ecdsa.q.y.length = input_params.pubkey_qx.length;
op->asym->ecdsa.r.data = asym_op->ecdsa.r.data;
op->asym->ecdsa.r.length = asym_op->ecdsa.r.length;
op->asym->ecdsa.s.data = asym_op->ecdsa.s.data;
@@ -1653,10 +1653,10 @@ test_ecpm(enum curve curve_id)
struct crypto_testsuite_ecpm_params input_params;
void *sess = NULL;
uint8_t dev_id = ts_params->valid_devs[0];
+ struct rte_crypto_asym_xform xform = {0};
struct rte_crypto_op *result_op = NULL;
uint8_t output_buf_x[TEST_DATA_SIZE];
uint8_t output_buf_y[TEST_DATA_SIZE];
- struct rte_crypto_asym_xform xform;
struct rte_crypto_asym_op *asym_op;
struct rte_cryptodev_info dev_info;
struct rte_crypto_op *op = NULL;
@@ -1838,7 +1838,13 @@ _test_sm2_sign(bool rnd_secret)
/* Setup asym xform */
xform.next = NULL;
xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
- xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+ xform.ec.curve_id = input_params.curve;
+ xform.ec.pkey.data = input_params.pkey.data;
+ xform.ec.pkey.length = input_params.pkey.length;
+ xform.ec.q.x.data = input_params.pubkey_qx.data;
+ xform.ec.q.x.length = input_params.pubkey_qx.length;
+ xform.ec.q.y.data = input_params.pubkey_qy.data;
+ xform.ec.q.y.length = input_params.pubkey_qy.length;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool,
&sess);
if (ret < 0) {
@@ -1856,16 +1862,23 @@ _test_sm2_sign(bool rnd_secret)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
- asym_op->sm2.message.data = input_params.message.data;
- asym_op->sm2.message.length = input_params.message.length;
- asym_op->sm2.pkey.data = input_params.pkey.data;
- asym_op->sm2.pkey.length = input_params.pkey.length;
- asym_op->sm2.q.x.data = input_params.pubkey_qx.data;
- asym_op->sm2.q.x.length = input_params.pubkey_qx.length;
- asym_op->sm2.q.y.data = input_params.pubkey_qy.data;
- asym_op->sm2.q.y.length = input_params.pubkey_qy.length;
- asym_op->sm2.id.data = input_params.id.data;
- asym_op->sm2.id.length = input_params.id.length;
+ if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
+
[PATCH v2 3/7] cryptodev: add RNG capability in EC based xform
Elliptic curve based asymmetric operations use cryptographically
secure random number in its computation. If PMD supports RNG
for such ops, the application could skip computing on its own.
This patch adds new field in asymmetric capability to declare
this capability.
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Arkadiusz Kusztal
---
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 2 ++
lib/cryptodev/rte_cryptodev.h| 6 ++
2 files changed, 8 insertions(+)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 2a307aa839..e361b4ae14 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -603,6 +603,8 @@ static const struct rte_cryptodev_capabilities
openssl_pmd_capabilities[] = {
(1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
(1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
(1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+ {.internal_rng = 1
+ }
}
}
}
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 9246df90ef..0d2d9ef8c3 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -181,6 +181,12 @@ struct rte_cryptodev_asymmetric_xform_capability {
/**< Range of modulus length supported by modulus based xform.
* Value 0 mean implementation default
*/
+
+ uint8_t internal_rng;
+ /**< Availability of random number generator for Elliptic curve
based xform.
+* Value 0 means unavailable, and application should pass the
required
+* random value. Otherwise, PMD would internally compute the
random number.
+*/
};
};
--
2.25.1
[PATCH v2 4/7] cryptodev: add hash algorithms in asymmetric capability
Most of the asymmetric operations start with hash of the input.
But a PMD might also support only plain input (eg openssl).
Add a new field in asymmetric capability to declare support
for hash operations that PMD can support for the asymmetric
operations. Application can skip computing hash if PMD already
supports it.
Signed-off-by: Gowrishankar Muthukrishnan
---
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 1 +
lib/cryptodev/cryptodev_trace.h | 9 +
lib/cryptodev/cryptodev_trace_points.c | 3 +++
lib/cryptodev/rte_cryptodev.c| 16
lib/cryptodev/rte_cryptodev.h| 19 +++
lib/cryptodev/version.map| 1 +
6 files changed, 49 insertions(+)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index e361b4ae14..2862c294a9 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -598,6 +598,7 @@ static const struct rte_cryptodev_capabilities
openssl_pmd_capabilities[] = {
{.asym = {
.xform_capa = {
.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+ .hash_algos = (1 << RTE_CRYPTO_AUTH_SM3),
.op_types =
((1<hash_algos & (1 << hash))
+ ret = true;
+
+ rte_cryptodev_trace_asym_xform_capability_check_hash(
+ capability->hash_algos, hash, ret);
+
+ return ret;
+}
+
/* spinlock for crypto device enq callbacks */
static rte_spinlock_t rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 0d2d9ef8c3..9f36e0323d 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -188,6 +188,9 @@ struct rte_cryptodev_asymmetric_xform_capability {
* random value. Otherwise, PMD would internally compute the
random number.
*/
};
+
+ uint64_t hash_algos;
+ /**< Bitmask of hash algorithms supported for op_type. */
};
/**
@@ -346,6 +349,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
const struct rte_cryptodev_asymmetric_xform_capability *capability,
uint16_t modlen);
+/**
+ * Check if hash algorithm is supported.
+ *
+ * @param capability Asymmetric crypto capability.
+ * @param hashHash algorithm.
+ *
+ * @return
+ * - Return true if the hash algorithm is supported.
+ * - Return false if the hash algorithm is not supported.
+ */
+__rte_experimental
+bool
+rte_cryptodev_asym_xform_capability_check_hash(
+ const struct rte_cryptodev_asymmetric_xform_capability *capability,
+ enum rte_crypto_auth_algorithm hash);
+
/**
* Provide the cipher algorithm enum, given an algorithm string
*
diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
index ae8d9327b4..3c2d1780e0 100644
--- a/lib/cryptodev/version.map
+++ b/lib/cryptodev/version.map
@@ -54,6 +54,7 @@ EXPERIMENTAL {
rte_cryptodev_asym_get_xform_enum;
rte_cryptodev_asym_session_create;
rte_cryptodev_asym_session_free;
+ rte_cryptodev_asym_xform_capability_check_hash;
rte_cryptodev_asym_xform_capability_check_modlen;
rte_cryptodev_asym_xform_capability_check_optype;
rte_cryptodev_sym_cpu_crypto_process;
--
2.25.1
[PATCH v2 5/7] cryptodev: use generic EC xform params for SM2
SM2 curve could use generic EC xform as it is yet another EC.
This would also require SM2 curve ID enumerated
along with other curves, as listed in:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Arkadiusz Kusztal
---
app/test/test_cryptodev_sm2_test_vectors.h | 4 +++-
doc/guides/rel_notes/release_23_11.rst | 2 ++
lib/cryptodev/rte_crypto_asym.h| 6 ++
3 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/app/test/test_cryptodev_sm2_test_vectors.h
b/app/test/test_cryptodev_sm2_test_vectors.h
index 7a4ce70c10..3d2dba1359 100644
--- a/app/test/test_cryptodev_sm2_test_vectors.h
+++ b/app/test/test_cryptodev_sm2_test_vectors.h
@@ -17,6 +17,7 @@ struct crypto_testsuite_sm2_params {
rte_crypto_param id;
rte_crypto_param cipher;
rte_crypto_param message;
+ int curve;
};
static uint8_t fp256_pkey[] = {
@@ -123,7 +124,8 @@ struct crypto_testsuite_sm2_params sm2_param_fp256 = {
.cipher = {
.data = fp256_cipher,
.length = sizeof(fp256_cipher),
- }
+ },
+ .curve = RTE_CRYPTO_EC_GROUP_SM2
};
#endif /* __TEST_CRYPTODEV_SM2_TEST_VECTORS_H__ */
diff --git a/doc/guides/rel_notes/release_23_11.rst
b/doc/guides/rel_notes/release_23_11.rst
index 9746809a66..e9afae8030 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -97,6 +97,8 @@ Removed Items
* kni: Removed the Kernel Network Interface (KNI) library and driver.
+* crypto: Removed SM2 xform parameter in asymmetric xform.
+
API Changes
---
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index b72876240c..d75ef90b86 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -69,7 +69,8 @@ enum rte_crypto_curve_id {
RTE_CRYPTO_EC_GROUP_SECP224R1 = 21,
RTE_CRYPTO_EC_GROUP_SECP256R1 = 23,
RTE_CRYPTO_EC_GROUP_SECP384R1 = 24,
- RTE_CRYPTO_EC_GROUP_SECP521R1 = 25
+ RTE_CRYPTO_EC_GROUP_SECP521R1 = 25,
+ RTE_CRYPTO_EC_GROUP_SM2 = 41,
};
/**
@@ -637,9 +638,6 @@ struct rte_crypto_asym_xform {
/**< EC xform parameters, used by elliptic curve based
* operations.
*/
-
- struct rte_crypto_sm2_xform sm2;
- /**< SM2 xform parameters */
};
};
--
2.25.1
[PATCH v2 6/7] app/test: check asymmetric capabilities in SM2 test
Check asymmetric capabilities such as SM3 hash support and
internal RNG and accordingly choose op params for SM2 test.
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Arkadiusz Kusztal
---
app/test/test_cryptodev_asym.c | 78 --
app/test/test_cryptodev_sm2_test_vectors.h | 28 +---
2 files changed, 64 insertions(+), 42 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 0e7a9b5460..bce6b0a9dd 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -608,6 +608,7 @@ static inline void print_asym_capa(
break;
case RTE_CRYPTO_ASYM_XFORM_ECDSA:
case RTE_CRYPTO_ASYM_XFORM_ECPM:
+ case RTE_CRYPTO_ASYM_XFORM_SM2:
default:
break;
}
@@ -1806,12 +1807,14 @@ test_ecpm_all_curve(void)
}
static int
-_test_sm2_sign(bool rnd_secret)
+test_sm2_sign(void)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+ const struct rte_cryptodev_asymmetric_xform_capability *capa;
struct rte_mempool *sess_mpool = ts_params->session_mpool;
struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_cryptodev_asym_capability_idx idx;
uint8_t dev_id = ts_params->valid_devs[0];
struct rte_crypto_op *result_op = NULL;
uint8_t output_buf_r[TEST_DATA_SIZE];
@@ -1822,6 +1825,12 @@ _test_sm2_sign(bool rnd_secret)
int ret, status = TEST_SUCCESS;
void *sess = NULL;
+ /* Check SM2 capability */
+ idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+ capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+ if (capa == NULL)
+ return -ENOTSUP;
+
/* Setup crypto op data structure */
op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
if (op == NULL) {
@@ -1879,7 +1888,7 @@ _test_sm2_sign(bool rnd_secret)
asym_op->sm2.id.length = 0;
}
- if (rnd_secret) {
+ if (capa->internal_rng != 0) {
asym_op->sm2.k.data = NULL;
asym_op->sm2.k.length = 0;
} else {
@@ -1928,7 +1937,7 @@ _test_sm2_sign(bool rnd_secret)
debug_hexdump(stdout, "s:",
asym_op->sm2.s.data, asym_op->sm2.s.length);
- if (!rnd_secret) {
+ if (capa->internal_rng == 0) {
/* Verify sign (by comparison). */
if (memcmp(input_params.sign_r.data, asym_op->sm2.r.data,
asym_op->sm2.r.length) != 0) {
@@ -1989,25 +1998,15 @@ _test_sm2_sign(bool rnd_secret)
return status;
};
-static int
-test_sm2_sign_rnd_secret(void)
-{
- return _test_sm2_sign(true);
-}
-
-__rte_used static int
-test_sm2_sign_plain_secret(void)
-{
- return _test_sm2_sign(false);
-}
-
static int
test_sm2_verify(void)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+ const struct rte_cryptodev_asymmetric_xform_capability *capa;
struct rte_mempool *sess_mpool = ts_params->session_mpool;
struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_cryptodev_asym_capability_idx idx;
uint8_t dev_id = ts_params->valid_devs[0];
struct rte_crypto_op *result_op = NULL;
struct rte_crypto_asym_xform xform;
@@ -2016,6 +2015,12 @@ test_sm2_verify(void)
int ret, status = TEST_SUCCESS;
void *sess = NULL;
+ /* Check SM2 capability */
+ idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+ capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+ if (capa == NULL)
+ return -ENOTSUP;
+
/* Setup crypto op data structure */
op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
if (op == NULL) {
@@ -2056,6 +2061,7 @@ test_sm2_verify(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+
if (rte_cryptodev_asym_xform_capability_check_hash(capa,
RTE_CRYPTO_AUTH_SM3))
asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
else
@@ -2077,8 +2083,6 @@ test_sm2_verify(void)
asym_op->sm2.r.length = input_params.sign_r.length;
asym_op->sm2.s.data = input_params.sign_s.data;
asym_op->sm2.s.length = input_params.sign_s.length;
- asym_op->sm2.id.data = input_params.id.data;
- asym_op->sm2.id.length = input_params.id.length;
RTE_LOG(DEBUG, USER1, "Process ASYM operation\n");
@@ -2118,13 +2122,15 @@ test_sm2_verify(void)
};
static int
-_test_sm2_enc(bool rnd_secret)
+test_sm2_enc(void)
{
struct crypto_testsuite_params_asym *ts_params = &testsui
[PATCH v2 7/7] crypto/cnxk: add SM2 support
Add SM2 asymmetric algorithm support in cnxk PMD.
Signed-off-by: Gowrishankar Muthukrishnan
---
doc/guides/cryptodevs/features/cn10k.ini | 1 +
doc/guides/rel_notes/release_23_11.rst| 6 +
drivers/common/cnxk/hw/cpt.h | 3 +-
drivers/common/cnxk/roc_ae.c | 32 ++-
drivers/common/cnxk/roc_ae.h | 3 +-
drivers/common/cnxk/roc_ae_fpm_tables.c | 190 ++
drivers/crypto/cnxk/cnxk_ae.h | 34 +++-
drivers/crypto/cnxk/cnxk_cryptodev.h | 2 +-
.../crypto/cnxk/cnxk_cryptodev_capabilities.c | 17 ++
9 files changed, 283 insertions(+), 5 deletions(-)
diff --git a/doc/guides/cryptodevs/features/cn10k.ini
b/doc/guides/cryptodevs/features/cn10k.ini
index 55a1226965..15e2dd48a8 100644
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -103,6 +103,7 @@ Modular Inversion =
Diffie-hellman =
ECDSA = Y
ECPM= Y
+SM2 = Y
;
; Supported Operating systems of the 'cn10k' crypto driver.
diff --git a/doc/guides/rel_notes/release_23_11.rst
b/doc/guides/rel_notes/release_23_11.rst
index e9afae8030..b21e78c7a0 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -72,12 +72,18 @@ New Features
Also, make sure to start the actual text at the margin.
===
+
* build: Enabling deprecated libraries is now done using the new
``enable_deprecated_libraries`` build option.
* build: Optional libraries can now be selected with the new ``enable_libs``
build option similarly to the existing ``enable_drivers`` build option.
+* **Updated CNXK crypto driver.**
+
+ * Added SM2 algorithm support in asymmetric crypto operations.
+
+
Removed Items
-
diff --git a/drivers/common/cnxk/hw/cpt.h b/drivers/common/cnxk/hw/cpt.h
index 5e1519e202..ce57de8788 100644
--- a/drivers/common/cnxk/hw/cpt.h
+++ b/drivers/common/cnxk/hw/cpt.h
@@ -79,7 +79,8 @@ union cpt_eng_caps {
uint64_t __io reserved_23_33 : 11;
uint64_t __io pdcp_chain : 1;
uint64_t __io sg_ver2 : 1;
- uint64_t __io reserved_36_63 : 28;
+ uint64_t __io sm2 : 1;
+ uint64_t __io reserved_37_63 : 27;
};
};
diff --git a/drivers/common/cnxk/roc_ae.c b/drivers/common/cnxk/roc_ae.c
index 336b927641..e6a013d7c4 100644
--- a/drivers/common/cnxk/roc_ae.c
+++ b/drivers/common/cnxk/roc_ae.c
@@ -149,7 +149,37 @@ const struct roc_ae_ec_group ae_ec_grp[ROC_AE_EC_ID_PMAX]
= {
0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C,
0x34, 0xF1, 0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50,
0x3F, 0x00},
- .length = 66}}};
+ .length = 66},
+ },
+ {},
+ {},
+ {},
+ {
+ .prime = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00,
+ 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF},
+ .length = 32},
+ .order = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0x72, 0x03, 0xDF, 0x6B, 0x21,
+ 0xC6, 0x05, 0x2B, 0x53, 0xBB, 0xF4, 0x09,
+ 0x39, 0xD5, 0x41, 0x23},
+ .length = 32},
+ .consta = {.data = {0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00,
+ 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFC},
+ .length = 32},
+ .constb = {.data = {0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E,
+ 0x34, 0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65,
+ 0x09, 0xA7, 0xF3, 0x97, 0x89, 0xF5, 0x15,
+ 0xAB, 0x8F, 0x92, 0xDD, 0xBC, 0xBD, 0x41,
+ 0x4D, 0x94, 0x0E, 0x93},
+ .length = 32},
+ }};
int
roc_ae_ec_grp_get(struct roc_ae_ec_group **tbl)
diff --git a/drivers/common/cnxk/roc_ae.h b/drivers/common/cnxk/roc_ae.h
index d8ad0129b1..d459c5e680 100644
--- a/drivers/common/cnxk/roc_ae.h
+++ b/drivers/common/cnxk/roc_ae.h
@@ -34,7 +34,8 @@ typedef enum {
ROC_AE_EC_I
RE: [PATCH] lib/cryptodev: move RSA padding information into xform
Hi Arek, > > RSA padding information could be a xform entity rather than part of > > crypto op, as it seems associated with hashing algorithm used for the > > entire crypto session, where this algorithm is used in message digest > > itself. Even in virtIO standard spec, this info is associated in the > > asymmetric session creation. Hence, moving this info from crypto op into > xform structure. > > With the current approach in with-session mode, we set the key in the PMD > only once and use it in different configurations. > In the case where padding is a session parameter, we need to have a session > for all padding variations, duplicating the private key occurrences in memory > for this reason only. > Even as per VirtIO asymmetric spec (below), padding info is per session as in virtio_crypto_rsa_session_para. https://github.com/oasis-tcs/virtio-spec/blob/master/device-types/crypto/description.tex#L736 To support VirtIO asymmetric op, this would be required. Thanks, Gowrishankar
[RFC 0/6] vhost: add asymmetric crypto support
This series of patches add asymmetric crypto support in vhost library and virtio PMD. Only RSA algorithm is enabled as a first step. To verify functionality in QEMU, you would need: https://github.com/qemu/qemu/commit/5c33f9783ace0b5e077060b220978d94fecb3e81 There is VirtIO specification change proposed for RSA support, and this series apply it at required places. https://lists.oasis-open.org/archives/virtio-comment/202305/msg00341.html In case, qemu crashes, check disabling VHOST_USER_PROTOCOL_F_CONFIG in virtio pmd, when the device starts. This issue was seen with older qemu but I'll check a bit closer. Gowrishankar Muthukrishnan (6): cryptodev: move RSA padding information into xform cryptodev: fix RSA xform for ASN.1 syntax vhost: add asymmetric RSA support crypto/virtio: add asymmetric RSA support examples/vhost_crypto: add asymmetric support app/test: add asymmetric tests for virtio pmd app/test/test_cryptodev_asym.c| 40 +- app/test/test_cryptodev_rsa_test_vectors.h| 28 + drivers/common/cpt/cpt_ucode_asym.h | 4 +- drivers/crypto/cnxk/cnxk_ae.h | 13 +- drivers/crypto/octeontx/otx_cryptodev_ops.c | 4 +- drivers/crypto/openssl/openssl_pmd_private.h | 1 + drivers/crypto/openssl/rte_openssl_pmd.c | 4 +- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 1 + drivers/crypto/qat/qat_asym.c | 17 +- .../virtio/virtio_crypto_capabilities.h | 19 + drivers/crypto/virtio/virtio_cryptodev.c | 388 ++-- drivers/crypto/virtio/virtio_rxtx.c | 233 +++- examples/fips_validation/main.c | 52 +- examples/vhost_crypto/main.c | 50 +- lib/cryptodev/cryptodev_pmd.h | 6 + lib/cryptodev/rte_crypto_asym.h | 8 +- lib/vhost/rte_vhost_crypto.h | 14 +- lib/vhost/vhost.c | 11 +- lib/vhost/vhost.h | 1 + lib/vhost/vhost_crypto.c | 551 -- lib/vhost/vhost_user.c| 4 + lib/vhost/vhost_user.h| 34 +- lib/vhost/virtio_crypto.h | 87 ++- 23 files changed, 1375 insertions(+), 195 deletions(-) -- 2.25.1
[RFC 1/6] cryptodev: move RSA padding information into xform
RSA padding information could be a xform entity rather than part of
crypto op, as it seems associated with hashing algorithm used for
the entire crypto session, where this algorithm is used in message
digest itself. Even in virtIO standard spec, this info is associated
in the asymmetric session creation. Hence, moving this info from
crypto op into xform structure.
Signed-off-by: Gowrishankar Muthukrishnan
---
app/test/test_cryptodev_asym.c | 4 --
app/test/test_cryptodev_rsa_test_vectors.h | 2 +
drivers/common/cpt/cpt_ucode_asym.h | 4 +-
drivers/crypto/cnxk/cnxk_ae.h| 13 +++--
drivers/crypto/octeontx/otx_cryptodev_ops.c | 4 +-
drivers/crypto/openssl/openssl_pmd_private.h | 1 +
drivers/crypto/openssl/rte_openssl_pmd.c | 4 +-
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 1 +
drivers/crypto/qat/qat_asym.c| 17 ---
examples/fips_validation/main.c | 52 +++-
lib/cryptodev/rte_crypto_asym.h | 6 +--
11 files changed, 58 insertions(+), 50 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 9820b80f7e..7a4b262ba9 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -79,7 +79,6 @@ queue_ops_rsa_sign_verify(void *sess)
asym_op->rsa.message.length = rsaplaintext.len;
asym_op->rsa.sign.length = RTE_DIM(rsa_n);
asym_op->rsa.sign.data = output_buf;
- asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
debug_hexdump(stdout, "message", asym_op->rsa.message.data,
asym_op->rsa.message.length);
@@ -111,7 +110,6 @@ queue_ops_rsa_sign_verify(void *sess)
/* Verify sign */
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
- asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
/* Process crypto operation */
if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -170,7 +168,6 @@ queue_ops_rsa_enc_dec(void *sess)
asym_op->rsa.cipher.data = cipher_buf;
asym_op->rsa.cipher.length = RTE_DIM(rsa_n);
asym_op->rsa.message.length = rsaplaintext.len;
- asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
debug_hexdump(stdout, "message", asym_op->rsa.message.data,
asym_op->rsa.message.length);
@@ -202,7 +199,6 @@ queue_ops_rsa_enc_dec(void *sess)
asym_op = result_op->asym;
asym_op->rsa.message.length = RTE_DIM(rsa_n);
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
- asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
/* Process crypto operation */
if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
diff --git a/app/test/test_cryptodev_rsa_test_vectors.h
b/app/test/test_cryptodev_rsa_test_vectors.h
index b4982014a2..0b8ed4caaa 100644
--- a/app/test/test_cryptodev_rsa_test_vectors.h
+++ b/app/test/test_cryptodev_rsa_test_vectors.h
@@ -345,6 +345,7 @@ struct rte_crypto_asym_xform rsa_xform = {
.next = NULL,
.xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
.rsa = {
+ .padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
.n = {
.data = rsa_n,
.length = sizeof(rsa_n)
@@ -366,6 +367,7 @@ struct rte_crypto_asym_xform rsa_xform_crt = {
.next = NULL,
.xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
.rsa = {
+ .padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
.n = {
.data = rsa_n,
.length = sizeof(rsa_n)
diff --git a/drivers/common/cpt/cpt_ucode_asym.h
b/drivers/common/cpt/cpt_ucode_asym.h
index 1105a0c125..42ab0edeea 100644
--- a/drivers/common/cpt/cpt_ucode_asym.h
+++ b/drivers/common/cpt/cpt_ucode_asym.h
@@ -327,7 +327,7 @@ cpt_rsa_prep(struct asym_op_params *rsa_params,
/* Result buffer */
rlen = mod_len;
- if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
+ if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
/* Use mod_exp operation for no_padding type */
vq_cmd_w0.s.opcode.minor = CPT_MINOR_OP_MODEX;
vq_cmd_w0.s.param2 = exp_len;
@@ -412,7 +412,7 @@ cpt_rsa_crt_prep(struct asym_op_params *rsa_params,
/* Result buffer */
rlen = mod_len;
- if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
+ if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
/*Use mod_exp operation for no_padding type */
vq_cmd_w0.s.opcode.minor = CPT_MINOR_OP_MODEX_CRT;
} else {
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 7ad259b7f4..063b6681cf 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -168,6 +168,9 @@ cnxk_ae
[RFC 2/6] cryptodev: fix RSA xform for ASN.1 syntax
As per ASN.1 syntax (RFC 3447 Appendix A.1.2), RSA private key
would need specification of quintuple along with private exponent.
It is up to the implementation to internally handle, but not at
RTE itself to make them exclusive each other. Removing union
on them allows asymmetric implementation in VirtIO to benefit from
the xform as per ASN.1 syntax.
Signed-off-by: Gowrishankar Muthukrishnan
---
lib/cryptodev/rte_crypto_asym.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index f0996816b9..afc5bdc874 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -310,7 +310,7 @@ struct rte_crypto_rsa_xform {
enum rte_crypto_rsa_priv_key_type key_type;
- union {
+ struct {
rte_crypto_uint d;
/**< the RSA private exponent */
struct rte_crypto_rsa_priv_key_qt qt;
--
2.25.1
[RFC 3/6] vhost: add asymmetric RSA support
Support asymmetric RSA crypto operations in vhost-user.
Signed-off-by: Gowrishankar Muthukrishnan
---
lib/cryptodev/cryptodev_pmd.h | 6 +
lib/vhost/rte_vhost_crypto.h | 14 +-
lib/vhost/vhost.c | 11 +-
lib/vhost/vhost.h | 1 +
lib/vhost/vhost_crypto.c | 551 +++---
lib/vhost/vhost_user.c| 4 +
lib/vhost/vhost_user.h| 34 ++-
lib/vhost/virtio_crypto.h | 87 +-
8 files changed, 655 insertions(+), 53 deletions(-)
diff --git a/lib/cryptodev/cryptodev_pmd.h b/lib/cryptodev/cryptodev_pmd.h
index 3bb3d95c13..bbda72a238 100644
--- a/lib/cryptodev/cryptodev_pmd.h
+++ b/lib/cryptodev/cryptodev_pmd.h
@@ -696,6 +696,12 @@ struct rte_cryptodev_asym_session {
uint8_t sess_private_data[];
};
+/**
+ * Helper macro to get session private data
+ */
+#define CRYPTODEV_GET_ASYM_SESS_PRIV(s) \
+ ((void *)(((struct rte_cryptodev_asym_session *)s)->sess_private_data))
+
#ifdef __cplusplus
}
#endif
diff --git a/lib/vhost/rte_vhost_crypto.h b/lib/vhost/rte_vhost_crypto.h
index 2b01ecda08..e03542de26 100644
--- a/lib/vhost/rte_vhost_crypto.h
+++ b/lib/vhost/rte_vhost_crypto.h
@@ -52,8 +52,10 @@ rte_vhost_crypto_driver_start(const char *path);
* @param cryptodev_id
* The identifier of DPDK Cryptodev, the same cryptodev_id can be assigned to
* multiple Vhost-crypto devices.
- * @param sess_pool
- * The pointer to the created cryptodev session pool.
+ * @param sym_sess_pool
+ * The pointer to the created cryptodev sym session pool.
+ * @param asym_sess_pool
+ * The pointer to the created cryptodev asym session pool.
* @param socket_id
* NUMA Socket ID to allocate resources on. *
* @return
@@ -62,7 +64,7 @@ rte_vhost_crypto_driver_start(const char *path);
*/
int
rte_vhost_crypto_create(int vid, uint8_t cryptodev_id,
- struct rte_mempool *sess_pool,
+ struct rte_mempool *sym_sess_pool, struct rte_mempool
*asym_sess_pool,
int socket_id);
/**
@@ -116,6 +118,10 @@ rte_vhost_crypto_fetch_requests(int vid, uint32_t qid,
* dequeued from the cryptodev, this function shall be called to write the
* processed data back to the vring descriptor (if no-copy is turned off).
*
+ * @param vid
+ * The identifier of the vhost device.
+ * @param qid
+ * Virtio queue index.
* @param ops
* The address of an array of *rte_crypto_op* structure that was dequeued
* from cryptodev.
@@ -130,7 +136,7 @@ rte_vhost_crypto_fetch_requests(int vid, uint32_t qid,
* The number of ops processed.
*/
uint16_t
-rte_vhost_crypto_finalize_requests(struct rte_crypto_op **ops,
+rte_vhost_crypto_finalize_requests(int vid, int qid, struct rte_crypto_op
**ops,
uint16_t nb_ops, int *callfds, uint16_t *nb_callfds);
#ifdef __cplusplus
diff --git a/lib/vhost/vhost.c b/lib/vhost/vhost.c
index c03bb9c6eb..675459e05b 100644
--- a/lib/vhost/vhost.c
+++ b/lib/vhost/vhost.c
@@ -631,8 +631,12 @@ alloc_vring_queue(struct virtio_net *dev, uint32_t
vring_idx)
/* Also allocate holes, if any, up to requested vring index. */
for (i = 0; i <= vring_idx; i++) {
- if (dev->virtqueue[i])
+ rte_spinlock_lock(&dev->virtqueue_lock);
+ if (dev->virtqueue[i]) {
+ rte_spinlock_unlock(&dev->virtqueue_lock);
continue;
+ }
+ rte_spinlock_unlock(&dev->virtqueue_lock);
vq = rte_zmalloc(NULL, sizeof(struct vhost_virtqueue), 0);
if (vq == NULL) {
@@ -642,13 +646,15 @@ alloc_vring_queue(struct virtio_net *dev, uint32_t
vring_idx)
return -1;
}
- dev->virtqueue[i] = vq;
init_vring_queue(dev, vq, i);
rte_rwlock_init(&vq->access_lock);
rte_rwlock_init(&vq->iotlb_lock);
vq->avail_wrap_counter = 1;
vq->used_wrap_counter = 1;
vq->signalled_used_valid = false;
+ rte_spinlock_lock(&dev->virtqueue_lock);
+ dev->virtqueue[i] = vq;
+ rte_spinlock_unlock(&dev->virtqueue_lock);
}
dev->nr_vring = RTE_MAX(dev->nr_vring, vring_idx + 1);
@@ -735,6 +741,7 @@ vhost_new_device(struct vhost_backend_ops *ops)
dev->postcopy_ufd = -1;
rte_spinlock_init(&dev->backend_req_lock);
dev->backend_ops = ops;
+ rte_spinlock_init(&dev->virtqueue_lock);
return i;
}
diff --git a/lib/vhost/vhost.h b/lib/vhost/vhost.h
index 9723429b1c..9ba8cca5d4 100644
--- a/lib/vhost/vhost.h
+++ b/lib/vhost/vhost.h
@@ -489,6 +489,7 @@ struct virtio_net {
int extbuf;
int linearbuf;
+ rte_spinlock_t virtqueue_lock;
struct vhost_virtqueue *virtqueue[VHOST_MAX
[RFC 4/6] crypto/virtio: add asymmetric RSA support
Asymmetric RSA operations (SIGN, VERIFY, ENCRYPT and DECRYPT) are
supported in virtio PMD.
Signed-off-by: Gowrishankar Muthukrishnan
---
.../virtio/virtio_crypto_capabilities.h | 19 +
drivers/crypto/virtio/virtio_cryptodev.c | 388 +++---
drivers/crypto/virtio/virtio_rxtx.c | 233 ++-
3 files changed, 572 insertions(+), 68 deletions(-)
diff --git a/drivers/crypto/virtio/virtio_crypto_capabilities.h
b/drivers/crypto/virtio/virtio_crypto_capabilities.h
index 03c30deefd..1b26ff6720 100644
--- a/drivers/crypto/virtio/virtio_crypto_capabilities.h
+++ b/drivers/crypto/virtio/virtio_crypto_capabilities.h
@@ -48,4 +48,23 @@
}, }\
}
+#define VIRTIO_ASYM_CAPABILITIES \
+ { /* RSA */ \
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,\
+ {.asym = { \
+ .xform_capa = { \
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,\
+ .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | \
+ (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | \
+ (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | \
+ (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), \
+ {.modlen = {\
+ .min = 1, \
+ .max = 1024,\
+ .increment = 1 \
+ }, }\
+ } \
+}, } \
+ }
+
#endif /* _VIRTIO_CRYPTO_CAPABILITIES_H_ */
diff --git a/drivers/crypto/virtio/virtio_cryptodev.c
b/drivers/crypto/virtio/virtio_cryptodev.c
index 4854820ba6..b2a9995c13 100644
--- a/drivers/crypto/virtio/virtio_cryptodev.c
+++ b/drivers/crypto/virtio/virtio_cryptodev.c
@@ -41,6 +41,11 @@ static void virtio_crypto_sym_clear_session(struct
rte_cryptodev *dev,
static int virtio_crypto_sym_configure_session(struct rte_cryptodev *dev,
struct rte_crypto_sym_xform *xform,
struct rte_cryptodev_sym_session *session);
+static void virtio_crypto_asym_clear_session(struct rte_cryptodev *dev,
+ struct rte_cryptodev_asym_session *sess);
+static int virtio_crypto_asym_configure_session(struct rte_cryptodev *dev,
+ struct rte_crypto_asym_xform *xform,
+ struct rte_cryptodev_asym_session *session);
/*
* The set of PCI devices this driver supports
@@ -53,6 +58,7 @@ static const struct rte_pci_id pci_id_virtio_crypto_map[] = {
static const struct rte_cryptodev_capabilities virtio_capabilities[] = {
VIRTIO_SYM_CAPABILITIES,
+ VIRTIO_ASYM_CAPABILITIES,
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
@@ -88,7 +94,7 @@ virtio_crypto_send_command(struct virtqueue *vq,
return -EINVAL;
}
/* cipher only is supported, it is available if auth_key is NULL */
- if (!cipher_key) {
+ if (session->ctrl.header.algo == VIRTIO_CRYPTO_SERVICE_CIPHER &&
!cipher_key) {
VIRTIO_CRYPTO_SESSION_LOG_ERR("cipher key is NULL.");
return -EINVAL;
}
@@ -104,19 +110,23 @@ virtio_crypto_send_command(struct virtqueue *vq,
/* calculate the length of cipher key */
if (cipher_key) {
- switch (ctrl->u.sym_create_session.op_type) {
- case VIRTIO_CRYPTO_SYM_OP_CIPHER:
- len_cipher_key
- = ctrl->u.sym_create_session.u.cipher
- .para.keylen;
- break;
- case VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING:
- len_cipher_key
- = ctrl->u.sym_create_session.u.chain
- .para.cipher_param.keylen;
- break;
- default:
- VIRTIO_CRYPTO_SESSION_LOG_ERR("invalid op type");
+ if (session->ctrl.header.algo == VIRTIO_CRYPTO_SERVICE_CIPHER) {
+ switch (ctrl->u.sym_create_session.op_type) {
+ case VIRTIO_CRYPTO_SYM_OP_CIPHER:
+ len_cipher_key =
ctrl->u.sym_create_session.u.cipher.para.keylen;
+ break;
+ case VIRTIO_CRYPTO_
[RFC 5/6] examples/vhost_crypto: add asymmetric support
Add symmetric support.
Signed-off-by: Gowrishankar Muthukrishnan
---
examples/vhost_crypto/main.c | 50 +---
1 file changed, 29 insertions(+), 21 deletions(-)
diff --git a/examples/vhost_crypto/main.c b/examples/vhost_crypto/main.c
index 02987ebd76..f9e2732d18 100644
--- a/examples/vhost_crypto/main.c
+++ b/examples/vhost_crypto/main.c
@@ -45,7 +45,8 @@ struct lcore_option {
struct vhost_crypto_info {
int vids[MAX_NB_SOCKETS];
uint32_t nb_vids;
- struct rte_mempool *sess_pool;
+ struct rte_mempool *sym_sess_pool;
+ struct rte_mempool *asym_sess_pool;
struct rte_mempool *cop_pool;
uint8_t cid;
uint32_t qid;
@@ -302,7 +303,8 @@ new_device(int vid)
return -ENOENT;
}
- ret = rte_vhost_crypto_create(vid, info->cid, info->sess_pool,
+ ret = rte_vhost_crypto_create(vid, info->cid, info->sym_sess_pool,
+ info->asym_sess_pool,
rte_lcore_to_socket_id(options.los[i].lcore_id));
if (ret) {
RTE_LOG(ERR, USER1, "Cannot create vhost crypto\n");
@@ -362,8 +364,8 @@ destroy_device(int vid)
}
static const struct rte_vhost_device_ops virtio_crypto_device_ops = {
- .new_device = new_device,
- .destroy_device = destroy_device,
+ .new_connection = new_device,
+ .destroy_connection = destroy_device,
};
static int
@@ -385,7 +387,7 @@ vhost_crypto_worker(void *arg)
for (i = 0; i < NB_VIRTIO_QUEUES; i++) {
if (rte_crypto_op_bulk_alloc(info->cop_pool,
- RTE_CRYPTO_OP_TYPE_SYMMETRIC, ops[i],
+ RTE_CRYPTO_OP_TYPE_UNDEFINED, ops[i],
burst_size) < burst_size) {
RTE_LOG(ERR, USER1, "Failed to alloc cops\n");
ret = -1;
@@ -409,20 +411,12 @@ vhost_crypto_worker(void *arg)
rte_cryptodev_enqueue_burst(
info->cid, info->qid, ops[j],
fetched);
- if (unlikely(rte_crypto_op_bulk_alloc(
- info->cop_pool,
- RTE_CRYPTO_OP_TYPE_SYMMETRIC,
- ops[j], fetched) < fetched)) {
- RTE_LOG(ERR, USER1, "Failed realloc\n");
- return -1;
- }
-
fetched = rte_cryptodev_dequeue_burst(
info->cid, info->qid,
ops_deq[j], RTE_MIN(burst_size,
info->nb_inflight_ops));
fetched = rte_vhost_crypto_finalize_requests(
- ops_deq[j], fetched, callfds,
+ info->vids[i], j, ops_deq[j],
fetched, callfds,
&nb_callfds);
info->nb_inflight_ops -= fetched;
@@ -455,7 +449,8 @@ free_resource(void)
continue;
rte_mempool_free(info->cop_pool);
- rte_mempool_free(info->sess_pool);
+ rte_mempool_free(info->sym_sess_pool);
+ rte_mempool_free(info->asym_sess_pool);
for (j = 0; j < lo->nb_sockets; j++) {
rte_vhost_driver_unregister(lo->socket_files[i]);
@@ -539,21 +534,34 @@ main(int argc, char *argv[])
goto error_exit;
}
- snprintf(name, 127, "SESS_POOL_%u", lo->lcore_id);
- info->sess_pool = rte_cryptodev_sym_session_pool_create(name,
+ snprintf(name, 127, "SYM_SESS_POOL_%u", lo->lcore_id);
+ info->sym_sess_pool =
rte_cryptodev_sym_session_pool_create(name,
SESSION_MAP_ENTRIES,
rte_cryptodev_sym_get_private_session_size(
info->cid), 0, 0,
rte_lcore_to_socket_id(lo->lcore_id));
- if (!info->sess_pool) {
- RTE_LOG(ERR, USER1, "Failed to create mempool");
+ if (!info->sym_sess_pool) {
+ RTE_LOG(ERR, USER1, "Failed to create sym session
mempool");
+ goto error_exit;
+ }
+
+ /* TODO: storing vhost_crypto_data_req (56 bytes) in user_data,
+
[RFC 6/6] app/test: add asymmetric tests for virtio pmd
Add asymmetric tests for Virtio PMD.
Signed-off-by: Gowrishankar Muthukrishnan
---
app/test/test_cryptodev_asym.c | 36 --
app/test/test_cryptodev_rsa_test_vectors.h | 26
2 files changed, 60 insertions(+), 2 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 7a4b262ba9..35172a2986 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -474,7 +474,7 @@ testsuite_setup(void)
for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
dev_id, qp_id, &ts_params->qp_conf,
- rte_cryptodev_socket_id(dev_id)),
+ (int8_t)rte_cryptodev_socket_id(dev_id)),
"Failed to setup queue pair %u on cryptodev %u ASYM",
qp_id, dev_id);
}
@@ -537,7 +537,7 @@ ut_setup_asym(void)
TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
ts_params->valid_devs[0], qp_id,
&ts_params->qp_conf,
- rte_cryptodev_socket_id(ts_params->valid_devs[0])),
+
(int8_t)rte_cryptodev_socket_id(ts_params->valid_devs[0])),
"Failed to setup queue pair %u on cryptodev %u",
qp_id, ts_params->valid_devs[0]);
}
@@ -2753,6 +2753,22 @@ static struct unit_test_suite
cryptodev_octeontx_asym_testsuite = {
}
};
+static struct unit_test_suite cryptodev_virtio_asym_testsuite = {
+ .suite_name = "Crypto Device VIRTIO ASYM Unit Test Suite",
+ .setup = testsuite_setup,
+ .teardown = testsuite_teardown,
+ .unit_test_cases = {
+ TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_capability),
+ TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
+ test_rsa_sign_verify),
+ TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
+ test_rsa_sign_verify_crt),
+ TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_rsa_enc_dec),
+ TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
test_rsa_enc_dec_crt),
+ TEST_CASES_END() /**< NULL terminate unit test array */
+ }
+};
+
static int
test_cryptodev_openssl_asym(void)
{
@@ -2821,6 +2837,22 @@ test_cryptodev_cn10k_asym(void)
return unit_test_suite_runner(&cryptodev_octeontx_asym_testsuite);
}
+static int
+test_cryptodev_virtio_asym(void)
+{
+ gbl_driver_id = rte_cryptodev_driver_id_get(
+ RTE_STR(CRYPTODEV_NAME_VIRTIO_PMD));
+ if (gbl_driver_id == -1) {
+ RTE_LOG(ERR, USER1, "virtio PMD must be loaded.\n");
+ return TEST_FAILED;
+ }
+
+ /* Use test suite registered for crypto_virtio PMD */
+ return unit_test_suite_runner(&cryptodev_virtio_asym_testsuite);
+}
+
+REGISTER_DRIVER_TEST(cryptodev_virtio_asym_autotest,
test_cryptodev_virtio_asym);
+
REGISTER_DRIVER_TEST(cryptodev_openssl_asym_autotest,
test_cryptodev_openssl_asym);
REGISTER_DRIVER_TEST(cryptodev_qat_asym_autotest, test_cryptodev_qat_asym);
diff --git a/app/test/test_cryptodev_rsa_test_vectors.h
b/app/test/test_cryptodev_rsa_test_vectors.h
index 0b8ed4caaa..52ba9a3055 100644
--- a/app/test/test_cryptodev_rsa_test_vectors.h
+++ b/app/test/test_cryptodev_rsa_test_vectors.h
@@ -358,6 +358,28 @@ struct rte_crypto_asym_xform rsa_xform = {
.d = {
.data = rsa_d,
.length = sizeof(rsa_d)
+ },
+ .qt = {
+ .p = {
+ .data = rsa_p,
+ .length = sizeof(rsa_p)
+ },
+ .q = {
+ .data = rsa_q,
+ .length = sizeof(rsa_q)
+ },
+ .dP = {
+ .data = rsa_dP,
+ .length = sizeof(rsa_dP)
+ },
+ .dQ = {
+ .data = rsa_dQ,
+ .length = sizeof(rsa_dQ)
+ },
+ .qInv = {
+ .data = rsa_qInv,
+ .length = sizeof(rsa_qInv)
+ },
}
}
};
@@ -377,6 +399,10 @@ struct rte_crypto_asym_xform rsa_xform_crt = {
.length = sizeof(rsa_e)
},
.key_type = RTE_RSA_KEY_TYPE_QT,
+ .d = {
+ .data = rsa_d,
+ .length = sizeof(rsa_d)
+ },
.qt
RE: [PATCH v2 2/7] cryptodev: set private and public keys in EC session
> > The cnxk changes should be in patch [v2,7/7] crypto/cnxk: add SM2 support. > Thanks Ciara. Minor issue in patches rebase. I'll send next version fixing it. Regards, Gowrishankar
[PATCH v1] test/crypto: remove unused stats in test setup
Remove unused stats in test setup.
Coverity issue: 373869
Fixes: 2c6dab9cd93 ("test/crypto: add RSA and Mod tests")
Cc: sta...@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan
---
app/test/test_cryptodev_asym.c | 5 -
1 file changed, 5 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index ef926c6229..3802cf8022 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -547,8 +547,6 @@ ut_setup_asym(void)
qp_id, ts_params->valid_devs[0]);
}
- rte_cryptodev_stats_reset(ts_params->valid_devs[0]);
-
/* Start the device */
TEST_ASSERT_SUCCESS(rte_cryptodev_start(ts_params->valid_devs[0]),
"Failed to start cryptodev %u",
@@ -561,7 +559,6 @@ static void
ut_teardown_asym(void)
{
struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
- struct rte_cryptodev_stats stats;
uint8_t dev_id = ts_params->valid_devs[0];
if (self->sess != NULL)
@@ -571,8 +568,6 @@ ut_teardown_asym(void)
self->op = NULL;
self->result_op = NULL;
- rte_cryptodev_stats_get(ts_params->valid_devs[0], &stats);
-
/* Stop the device */
rte_cryptodev_stop(ts_params->valid_devs[0]);
}
--
2.21.0
[PATCH v1] test/crypto: fix asymmetric capability test
Fix asymmetric capability test for below:
* Skip test if asymmetric crypto feature is not supported by device.
* Assert return value of RTE function to get asymmetric capability.
Coverity issue: 373365
Fixes: 2c6dab9cd93 ("test/crypto: add RSA and Mod tests")
Cc: sta...@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan
---
app/test/test_cryptodev_asym.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 3802cf8022..1d88832146 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -626,7 +626,7 @@ test_capability(void)
RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO)) {
RTE_LOG(INFO, USER1,
"Device doesn't support asymmetric. Test
Skipped\n");
- return TEST_SUCCESS;
+ return TEST_SKIPPED;
}
/* print xform capability */
@@ -641,6 +641,7 @@ test_capability(void)
capa = rte_cryptodev_asym_capability_get(dev_id,
(const struct
rte_cryptodev_asym_capability_idx *) &idx);
+ TEST_ASSERT_NOT_NULL(capa, "Failed to get asymmetric
capability");
print_asym_capa(capa);
}
}
--
2.21.0
[PATCH v1] test/crypto: fix comparison function for modex values
Fix comparison function used by modex test to check from
first non-zero value itself.
Coverity issue: 430125
Fixes: 2162d32c1c3 ("test/crypto: validate modex from first non-zero")
Cc: sta...@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan
---
app/test/test_cryptodev_asym.c | 21 +
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 1d88832146..f0b5d38543 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -3197,21 +3197,26 @@ static int send_one(void)
}
static int
-modular_cmpeq(const uint8_t *a, const uint8_t *b, size_t len)
+modular_cmpeq(const uint8_t *a, size_t a_len, const uint8_t *b, size_t b_len)
{
- const uint8_t *new_a = a, *new_b = b;
+ const uint8_t *new_a, *new_b;
size_t i, j;
/* Strip leading NUL bytes */
- for (i = 0; i < len; i++)
+ for (i = 0; i < a_len; i++)
if (a[i] != 0)
- new_a = &a[i];
+ break;
- for (j = 0; j < len; j++)
+ for (j = 0; j < b_len; j++)
if (b[j] != 0)
- new_b = &b[i];
+ break;
+
+ if (a_len - i != b_len - j)
+ return 1;
- if (i != j || memcmp(new_a, new_b, len - i))
+ new_a = &a[i];
+ new_b = &b[j];
+ if (memcmp(new_a, new_b, a_len - i))
return 1;
return 0;
@@ -3251,7 +3256,7 @@ modular_exponentiation(const void *test_data)
TEST_ASSERT_SUCCESS(send_one(),
"Failed to process crypto op");
- TEST_ASSERT_SUCCESS(modular_cmpeq(vector->reminder.data,
+ TEST_ASSERT_SUCCESS(modular_cmpeq(vector->reminder.data,
vector->reminder.len,
self->result_op->asym->modex.result.data,
self->result_op->asym->modex.result.length),
"operation verification failed\n");
--
2.21.0
[PATCH] doc: announce cryptodev change to support EDDSA
Announce the additions in cryptodev ABI to support EDDSA algorithm. Signed-off-by: Gowrishankar Muthukrishnan -- RFC: https://patches.dpdk.org/project/dpdk/patch/0ae6a1afadac64050d80b0fd7712c4a6a8599e2c.1701273963.git.gmuthukri...@marvell.com/ --- doc/guides/rel_notes/deprecation.rst | 4 1 file changed, 4 insertions(+) diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index 6948641ff6..fcbec965b1 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -147,3 +147,7 @@ Deprecation Notices will be deprecated and subsequently removed in DPDK 24.11 release. Before this, the new port library API (functions rte_swx_port_*) will gradually transition from experimental to stable status. + +* cryptodev: The enum ``rte_crypto_asym_xform_type`` and struct ``rte_crypto_asym_op`` + will be extended to include new values to support EDDSA. This will break + ABI compatibility with existing applications that use these data types. -- 2.21.0
[PATCH] doc: announce cryptodev changes to offload RSA in VirtIO
Announce cryptodev changes to offload RSA asymmetric operation in VirtIO PMD. Signed-off-by: Gowrishankar Muthukrishnan -- RFC: https://patches.dpdk.org/project/dpdk/patch/20230928095300.1353-2-gmuthukri...@marvell.com/ https://patches.dpdk.org/project/dpdk/patch/20230928095300.1353-3-gmuthukri...@marvell.com/ --- doc/guides/rel_notes/deprecation.rst | 11 +++ 1 file changed, 11 insertions(+) diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index 6948641ff6..26fec84aba 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -147,3 +147,14 @@ Deprecation Notices will be deprecated and subsequently removed in DPDK 24.11 release. Before this, the new port library API (functions rte_swx_port_*) will gradually transition from experimental to stable status. + +* cryptodev: The struct rte_crypto_rsa_padding will be moved from + rte_crypto_rsa_op_param struct to rte_crypto_rsa_xform struct, + breaking ABI. The new location is recommended to comply with + virtio-crypto specification. Applications and drivers using + this struct will be updated. + +* cryptodev: The rte_crypto_rsa_xform struct member to hold private key + in either exponent or quintuple format is changed from union to struct + data type. This change is to support ASN.1 syntax (RFC 3447 Appendix A.1.2). + This change will not break existing applications. -- 2.21.0
[PATCH] doc: announce vhost changes to support asymmetric operation
Announce vhost ABI changes to modify few functions to support asymmetric crypto operation. Signed-off-by: Gowrishankar Muthukrishnan -- RFC: https://patches.dpdk.org/project/dpdk/patch/20230928095300.1353-4-gmuthukri...@marvell.com/ --- doc/guides/rel_notes/deprecation.rst | 7 +++ 1 file changed, 7 insertions(+) diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index 6948641ff6..2f5c2c5a34 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -147,3 +147,10 @@ Deprecation Notices will be deprecated and subsequently removed in DPDK 24.11 release. Before this, the new port library API (functions rte_swx_port_*) will gradually transition from experimental to stable status. + +* vhost: The function ``rte_vhost_crypto_create`` will accept a new parameter + to specify rte_mempool for asymmetric crypto session. The function + ``rte_vhost_crypto_finalize_requests`` will accept two new parameters, + where the first one is to specify vhost device id and other one is to specify + the virtio queue index. These two modifications are required to support + asymmetric crypto operation in vhost crypto and will break ABI. -- 2.21.0
RE: [EXTERNAL] Re: [PATCH] doc: announce vhost changes to support asymmetric operation
Sure Jerin. I’ll drop this proposal as ABI versioning could help. Thanks. Looks like in this case adding new arguments to function. Could you check ABI versing helps here? It seems like it can be easy manged with ABI versioning.
RE: [PATCH] doc: announce cryptodev changes to offload RSA in VirtIO
> +* cryptodev: The struct rte_crypto_rsa_padding will be moved from > + rte_crypto_rsa_op_param struct to rte_crypto_rsa_xform struct, > + breaking ABI. The new location is recommended to comply with > + virtio-crypto specification. Applications and drivers using > + this struct will be updated. > + The problem here, I see is that there is one private key but multiple combinations of padding. Therefore, for every padding variation, we need to copy the same private key anew, duplicating it in memory. The only reason for me to keep a session-like struct in asymmetric crypto was exactly this. Each padding scheme in RSA has its own pros and cons (in terms of implementations as well). When we share the same private key for Sign (and its public key in case of Encryption) between multiple crypto ops (varying by padding schemes among cops), a vulnerable attack against one scheme could potentially open door to used private key in the session and hence take advantage on other crypto operations. I think, this could be one reason for why VirtIO spec mandates padding info as session parameter. Hence, more than duplicating in memory, private and public keys are secured and in catastrophe, only that session could be destroyed. Thanks, Gowrishankar Though padding schemes could be same > +* cryptodev: The rte_crypto_rsa_xform struct member to hold private key > + in either exponent or quintuple format is changed from union to > +struct > + data type. This change is to support ASN.1 syntax (RFC 3447 Appendix > A.1.2). > + This change will not break existing applications. This one I agree. RFC 8017 obsoletes RFC 3447. Thanks, Gowrishankar > -- > 2.21.0
RE: [PATCH] doc: announce cryptodev changes to offload RSA in VirtIO
Hi ArkadiuszX, > + > +* cryptodev: The struct rte_crypto_rsa_padding will be moved from > + rte_crypto_rsa_op_param struct to rte_crypto_rsa_xform struct, > + breaking ABI. The new location is recommended to comply with > + virtio-crypto specification. Applications and drivers using > + this struct will be updated. > + The problem here, I see is that there is one private key but multiple combinations of padding. Therefore, for every padding variation, we need to copy the same private key anew, duplicating it in memory. The only reason for me to keep a session-like struct in asymmetric crypto was exactly this. Each padding scheme in RSA has its own pros and cons (in terms of implementations as well). When we share the same private key for Sign (and its public key in case of Encryption) between multiple crypto ops (varying by padding schemes among cops), a vulnerable attack against one scheme could potentially open door to used private key in the session and hence take advantage on other crypto operations. I think, this could be one reason for why VirtIO spec mandates padding info as session parameter. Hence, more than duplicating in memory, private and public keys are secured and in catastrophe, only that session could be destroyed. Please share your thoughts. > +* cryptodev: The rte_crypto_rsa_xform struct member to hold private key > + in either exponent or quintuple format is changed from union to > +struct > + data type. This change is to support ASN.1 syntax (RFC 3447 Appendix > A.1.2). > + This change will not break existing applications. This one I agree. RFC 8017 obsoletes RFC 3447. Thanks, Gowrishankar > -- > 2.21.0
RE: [PATCH] doc: announce cryptodev changes to offload RSA in VirtIO
Hi, We need to fix padding info in DPDK as per VirtIO specification in order to support RSA in virtio devices. VirtIO-crypto specification and DPDK specification differs in the way padding is handled. With current DPDK & virtio specification, it is impossible to support RSA in virtio-crypto. If you think DPDK spec should not be modified, we will try to amend the virtIO spec to match DPDK, but since we do not know if the virtIO community would accept, can we merge the deprecation notice? Thanks, Gowrishankar ZjQcmQRYFpfptBannerEnd >>> +* cryptodev: The struct rte_crypto_rsa_padding will be moved from >>> + rte_crypto_rsa_op_param struct to rte_crypto_rsa_xform struct, >>> + breaking ABI. The new location is recommended to comply with >>> + virtio-crypto specification. Applications and drivers using >>> + this struct will be updated. >>> + >> The problem here, I see is that there is one private key but multiple >> combinations of padding. >> Therefore, for every padding variation, we need to copy the same private key >> anew, duplicating it in memory. >> The only reason for me to keep a session-like struct in asymmetric crypto >> was exactly this. > Each padding scheme in RSA has its own pros and cons (in terms of > implementations as well). > When we share the same private key for Sign (and its public key in case of > Encryption) between > multiple crypto ops (varying by padding schemes among cops), a vulnerable > attack against one scheme > could potentially open door to used private key in the session and hence take > advantage > on other crypto operations. > I think, this could be one reason for why VirtIO spec mandates padding info > as session parameter. > Hence, more than duplicating in memory, private and public keys are secured > and in catastrophe, > only that session could be destroyed. >>> +* cryptodev: The rte_crypto_rsa_xform struct member to hold private key >>> + in either exponent or quintuple format is changed from union to >>> +struct >>> + data type. This change is to support ASN.1 syntax (RFC 3447 Appendix >>> A.1.2). >>> + This change will not break existing applications. >>This one I agree. RFC 8017 obsoletes RFC 3447. > Thanks, > Gowrishankar
RE: [EXTERNAL] Re: [PATCH] doc: announce cryptodev change to support EDDSA
> It means we are not able to add an algo without breaking ABI. > Is it something we can improve? > Sure Thomas, we will address it in our patch, ensuring the long term solution as well. Regards, Gowrishankar
RE: [PATCH] doc: announce cryptodev changes to offload RSA in VirtIO
Hi Arek, > I do not have any particular security issues in mind here, and if PMD need to > copy keys internally, for alignment or padding purposes, redundancy problems > can be overcome. My concern was, that it is the more natural way of handling > the API; we have one key, multiple padding schemes, so we reflect this logic > in > the API. > > Both options are widely used; libcrypto, for example is setting padding within > session, other languages like Go, Rust are setting it as an argument to the > method of the key struct. > > If this is that problematic with VirtIO compatibility, I say this change is > okay. > Thank you for your input. I understand your concern. We ensure the impact Is nominal and make changes if needed. Thanks,
RE: [EXT] [PATCH] examples/fips_validation: fix link to libjansson
> -Original Message-
> From: David Marchand
> Sent: Tuesday, June 7, 2022 3:32 PM
> To: dev@dpdk.org
> Cc: tho...@monjalon.net; Fan Zhang ; Brian
> Dooley ; Gowrishankar Muthukrishnan
> ; Brandon Lo
> Subject: [EXT] [PATCH] examples/fips_validation: fix link to libjansson
>
> External Email
>
> --
> When compiling this example out of DPDK, linking the executable fails
> with:
>
> ## Building fips_validation
> /usr/bin/ld: /tmp/ccQjeHBg.o: in function `fips_test_init':
> fips_validation.c:(.text+0x7ab): undefined reference to `json_loadf'
> /usr/bin/ld: /tmp/ccQjeHBg.o: in function
> `fips_test_parse_one_json_vector_set':
> fips_validation.c:(.text+0xc2e): undefined reference to `json_object_get'
> /usr/bin/ld: fips_validation.c:(.text+0xc36): undefined reference to
> `json_string_value'
> /usr/bin/ld: /tmp/ccQjeHBg.o: in function
> `fips_test_parse_one_json_group':
> fips_validation.c:(.text+0xd00): undefined reference to `json_object_get'
> /usr/bin/ld: fips_validation.c:(.text+0xd14): undefined reference to
> `json_integer_value'
> ...
>
> Code in an example can't rely on RTE_HAS_JANSSON, because it only
> indicates that the jansson library was available at the time of dpdk
> compilation.
>
> Prefer a local build flag (like what is done in vm_power_manager).
> And add linking to libjansson, if available.
>
> Fixes: f556293fd58e ("examples/fips_validation: add JSON info to header")
>
> Signed-off-by: David Marchand
Acked-by: Gowrishankar Muthukrishnan
Thanks,
Gowrishankar
> ---
> examples/fips_validation/Makefile | 6 +
> examples/fips_validation/fips_validation.c| 10
> examples/fips_validation/fips_validation.h| 16 ++---
> .../fips_validation/fips_validation_aes.c | 4 ++--
> .../fips_validation/fips_validation_cmac.c| 4 ++--
> .../fips_validation/fips_validation_gcm.c | 12 +-
> .../fips_validation/fips_validation_hmac.c| 8 +++
> examples/fips_validation/main.c | 24 +--
> examples/fips_validation/meson.build | 1 +
> 9 files changed, 46 insertions(+), 39 deletions(-)
>
> diff --git a/examples/fips_validation/Makefile
> b/examples/fips_validation/Makefile
> index ff3cd4a87a..bca6647f55 100644
> --- a/examples/fips_validation/Makefile
> +++ b/examples/fips_validation/Makefile
> @@ -36,6 +36,12 @@ CFLAGS += -O3 $(shell $(PKGCONF) --cflags libdpdk)
> LDFLAGS_SHARED = $(shell $(PKGCONF) --libs libdpdk) LDFLAGS_STATIC =
> $(shell $(PKGCONF) --static --libs libdpdk)
>
> +JANSSON := $(shell $(PKGCONF) --exists jansson; echo $$?) ifeq
> +($(JANSSON), 0) LDFLAGS += $(shell $(PKGCONF) --libs jansson) CFLAGS +=
> +-DUSE_JANSSON endif
> +
> ifeq ($(MAKECMDGOALS),static)
> # check for broken pkg-config
> ifeq ($(shell echo $(LDFLAGS_STATIC) | grep 'whole-archive.*l:lib.*no-
> whole-archive'),)
> diff --git a/examples/fips_validation/fips_validation.c
> b/examples/fips_validation/fips_validation.c
> index 8cec172a5f..94e31abf83 100644
> --- a/examples/fips_validation/fips_validation.c
> +++ b/examples/fips_validation/fips_validation.c
> @@ -314,7 +314,7 @@ fips_test_init(const char *req_file_path, const char
> *rsp_file_path,
> }
>
> if (info.file_type == FIPS_TYPE_JSON) { -#ifdef RTE_HAS_JANSSON
> +#ifdef USE_JANSSON
> json_error_t error;
> json_info.json_root = json_loadf(info.fp_rd, 0, &error);
> if (!json_info.json_root) {
> @@ -322,10 +322,10 @@ fips_test_init(const char *req_file_path, const char
> *rsp_file_path,
> req_file_path, error.line, error.column);
> return -EINVAL;
> }
> -#else /* RTE_HAS_JANSSON */
> +#else /* USE_JANSSON */
> RTE_LOG(ERR, USER1, "No json library configured.\n");
> return -EINVAL;
> -#endif /* RTE_HAS_JANSSON */
> +#endif /* USE_JANSSON */
> }
>
> info.fp_wr = fopen(rsp_file_path, "w"); @@ -448,7 +448,7 @@
> fips_test_write_one_case(void)
> fprintf(info.fp_wr, "%s\n", info.vec[i]); }
>
> -#ifdef RTE_HAS_JANSSON
> +#ifdef USE_JANSSON
> int
> fips_test_parse_one_json_vector_set(void)
> {
> @@ -535,7 +535,7 @@ fips_test_parse_one_json_case(void)
>
> return 0;
> }
> -#endif /* RTE_HAS_JANSSON */
> +#endif /* USE_JANSSON */
>
> static int
> parser_read_uint64_hex(uint64_t *value, const char *p) diff --git
> a/exa
RE: [EXT] Re: [v9, 00/10] Add JSON vector set support to fips validation
Hi David, Do you mean this patch ? - https://patches.dpdk.org/project/dpdk/patch/20220607100203.1611166-1-david.march...@redhat.com/ I have acked this. @Akhil Goyal could this be merged ?. Thanks, Gowrishankar > -Original Message- > From: David Marchand > Sent: Monday, June 13, 2022 5:29 PM > To: Gowrishankar Muthukrishnan ; Zhang, Roy > Fan ; Akhil Goyal > Cc: dev@dpdk.org; Dooley, Brian ; > lylav...@iol.unh.edu; Anoob Joseph ; Archana > Muniganti ; Jerin Jacob Kollanukkaran > > Subject: [EXT] Re: [v9, 00/10] Add JSON vector set support to fips validation > > External Email > > -- > On Tue, Jun 7, 2022 at 11:48 AM David Marchand > wrote: > > On Tue, May 31, 2022 at 5:23 PM Akhil Goyal wrote: > > > > > > > > Subject: [v9, 00/10] Add JSON vector set support to fips > > > > > validation > > > > > > > > > > Adds a very basic introduction to JSON vector sets in the fips > > > > > validation example application. This patch set will only > > > > > introduce the AES-GCM test using a JSON request file because the > > > > > other algorithms need more information than what is given in the > > > > > new JSON format. > > > > > > > > > Series-acked-by: Fan Zhang > > > > > > Series Applied to dpdk-next-crypto > > > > This series breaks compiling the fips example out of DPDK. > > Gowri, Fan, Akhil, > > I disabled compilation checks for this example on my side. > Can you look into this? > > Thanks. > > -- > David Marchand
[PATCH v1] example/fips_validation: handle empty payload
Allocate atleast onebyte to handle empty payload in a test vector
when defined.
Fixes: 3d0fad56b74 ("examples/fips_validation: add crypto FIPS application")
Cc: sta...@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan
---
examples/fips_validation/fips_validation.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/fips_validation/fips_validation.c
b/examples/fips_validation/fips_validation.c
index 94e31abf83..324abccb14 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -630,7 +630,7 @@ parse_uint8_hex_str(const char *key, char *src, struct
fips_val *val)
val->val = NULL;
}
- val->val = rte_zmalloc(NULL, len, 0);
+ val->val = rte_zmalloc(NULL, len + 1, 0);
if (!val->val)
return -ENOMEM;
--
2.25.1
[PATCH v1] examples/fips_validation: add parsing for xts
Added function to parse algorithm for AES XTS test.
Signed-off-by: Gowrishankar Muthukrishnan
---
examples/fips_validation/fips_validation.c| 4 +-
examples/fips_validation/fips_validation.h| 17 ++-
.../fips_validation/fips_validation_xts.c | 126 ++
examples/fips_validation/main.c | 5 +
4 files changed, 150 insertions(+), 2 deletions(-)
diff --git a/examples/fips_validation/fips_validation.c
b/examples/fips_validation/fips_validation.c
index 324abccb14..f181363ef7 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -463,7 +463,9 @@ fips_test_parse_one_json_vector_set(void)
else if (strstr(algo_str, "CMAC"))
info.algo = FIPS_TEST_ALGO_AES_CMAC;
else if (strstr(algo_str, "AES-CBC"))
- info.algo = FIPS_TEST_ALGO_AES;
+ info.algo = FIPS_TEST_ALGO_AES_CBC;
+ else if (strstr(algo_str, "AES-XTS"))
+ info.algo = FIPS_TEST_ALGO_AES_XTS;
else
return -EINVAL;
diff --git a/examples/fips_validation/fips_validation.h
b/examples/fips_validation/fips_validation.h
index 69d738b718..8ae849c46f 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -34,13 +34,14 @@
enum fips_test_algorithms {
FIPS_TEST_ALGO_AES = 0,
+ FIPS_TEST_ALGO_AES_CBC,
FIPS_TEST_ALGO_AES_GCM,
FIPS_TEST_ALGO_AES_CMAC,
FIPS_TEST_ALGO_AES_CCM,
+ FIPS_TEST_ALGO_AES_XTS,
FIPS_TEST_ALGO_HMAC,
FIPS_TEST_ALGO_TDES,
FIPS_TEST_ALGO_SHA,
- FIPS_TEST_ALGO_AES_XTS,
FIPS_TEST_ALGO_MAX
};
@@ -170,7 +171,17 @@ struct gcm_interim_data {
uint8_t gen_iv;
};
+
#ifdef USE_JANSSON
+enum xts_tweak_modes {
+ XTS_TWEAK_MODE_HEX = 0,
+ XTS_TWEAK_MODE_NUMBER
+};
+
+struct xts_interim_data {
+ enum xts_tweak_modes tweak_mode;
+};
+
struct fips_test_json_info {
/* Information used for reading from json */
json_t *json_root;
@@ -207,6 +218,7 @@ struct fips_test_interim_info {
struct ccm_interim_data ccm_data;
struct sha_interim_data sha_data;
struct gcm_interim_data gcm_data;
+ struct xts_interim_data xts_data;
} interim_info;
enum fips_test_op op;
@@ -266,6 +278,9 @@ parse_test_cmac_json_init(void);
int
parse_test_aes_json_init(void);
+
+int
+parse_test_xts_json_init(void);
#endif /* USE_JANSSON */
int
diff --git a/examples/fips_validation/fips_validation_xts.c
b/examples/fips_validation/fips_validation_xts.c
index 5bb1966f6c..2de852c1fc 100644
--- a/examples/fips_validation/fips_validation_xts.c
+++ b/examples/fips_validation/fips_validation_xts.c
@@ -24,6 +24,22 @@
#define OP_ENC_STR "ENCRYPT"
#define OP_DEC_STR "DECRYPT"
+#define ALGO_JSON_STR "algorithm"
+#define TESTTYPE_JSON_STR "testType"
+#define DIR_JSON_STR "direction"
+#define KEYLEN_JSON_STR"keyLen"
+#define TWEAKMODE_JSON_STR "tweakMode"
+
+#define KEY_JSON_STR "key"
+#define DATAUNITLEN_JSON_STR "dataUnitLen"
+#define PAYLOADLEN_JSON_STR"payloadLen"
+#define TWEAKVALUE_JSON_STR"tweakValue"
+#define PT_JSON_STR"pt"
+#define CT_JSON_STR"ct"
+
+#define OP_ENC_JSON_STR"encrypt"
+#define OP_DEC_JSON_STR"decrypt"
+
static int
parse_interim_xts_enc_dec(const char *key,
__rte_unused char *text,
@@ -62,6 +78,116 @@ struct fips_test_callback xts_writeback_callbacks[] = {
{NULL, NULL, NULL} /**< end pointer */
};
+#ifdef RTE_HAS_JANSSON
+static int
+parser_xts_read_keylen(const char *key, char *src, struct fips_val *val)
+{
+ int ret;
+
+ ret = parser_read_uint32_bit_val(key, src, val);
+ if (ret < 0)
+ return ret;
+
+ val->len *= 2;
+ return 0;
+}
+
+struct fips_test_callback xts_dec_json_vectors[] = {
+ {KEY_JSON_STR, parse_uint8_known_len_hex_str,
&vec.cipher_auth.key},
+ {TWEAKVALUE_JSON_STR, parse_uint8_hex_str, &vec.iv},
+ {CT_JSON_STR, parse_uint8_hex_str, &vec.ct},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback xts_interim_json_vectors[] = {
+ {KEYLEN_JSON_STR, parser_xts_read_keylen, &vec.cipher_auth.key},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback xts_enc_json_vectors[] = {
+ {KEY_JSON_STR, parse_uint8_known_len_hex_str,
&vec.cipher_auth.key},
+ {TWEAKVALUE_JSON_STR, parse_uint8_hex_str, &vec
[PATCH v2] example/fips_validation: handle empty payload
Allocate at least onebyte to handle empty payload in a test vector
when defined.
Fixes: 3d0fad56b74 ("examples/fips_validation: add crypto FIPS application")
Cc: sta...@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan
---
v2:
- commit message corrections.
---
examples/fips_validation/fips_validation.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/fips_validation/fips_validation.c
b/examples/fips_validation/fips_validation.c
index 94e31abf83..324abccb14 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -630,7 +630,7 @@ parse_uint8_hex_str(const char *key, char *src, struct
fips_val *val)
val->val = NULL;
}
- val->val = rte_zmalloc(NULL, len, 0);
+ val->val = rte_zmalloc(NULL, len + 1, 0);
if (!val->val)
return -ENOMEM;
--
2.25.1
[PATCH v2] examples/fips_validation: add parsing for xts
Added function to parse algorithm for AES XTS test.
Signed-off-by: Gowrishankar Muthukrishnan
---
v2:
- build failure fixed if no jansson lib available.
---
examples/fips_validation/fips_validation.c| 4 +-
examples/fips_validation/fips_validation.h| 16 +-
.../fips_validation/fips_validation_xts.c | 141 ++
examples/fips_validation/main.c | 5 +
4 files changed, 164 insertions(+), 2 deletions(-)
diff --git a/examples/fips_validation/fips_validation.c
b/examples/fips_validation/fips_validation.c
index 324abccb14..f181363ef7 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -463,7 +463,9 @@ fips_test_parse_one_json_vector_set(void)
else if (strstr(algo_str, "CMAC"))
info.algo = FIPS_TEST_ALGO_AES_CMAC;
else if (strstr(algo_str, "AES-CBC"))
- info.algo = FIPS_TEST_ALGO_AES;
+ info.algo = FIPS_TEST_ALGO_AES_CBC;
+ else if (strstr(algo_str, "AES-XTS"))
+ info.algo = FIPS_TEST_ALGO_AES_XTS;
else
return -EINVAL;
diff --git a/examples/fips_validation/fips_validation.h
b/examples/fips_validation/fips_validation.h
index 69d738b718..d716b198c6 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -34,13 +34,14 @@
enum fips_test_algorithms {
FIPS_TEST_ALGO_AES = 0,
+ FIPS_TEST_ALGO_AES_CBC,
FIPS_TEST_ALGO_AES_GCM,
FIPS_TEST_ALGO_AES_CMAC,
FIPS_TEST_ALGO_AES_CCM,
+ FIPS_TEST_ALGO_AES_XTS,
FIPS_TEST_ALGO_HMAC,
FIPS_TEST_ALGO_TDES,
FIPS_TEST_ALGO_SHA,
- FIPS_TEST_ALGO_AES_XTS,
FIPS_TEST_ALGO_MAX
};
@@ -170,6 +171,15 @@ struct gcm_interim_data {
uint8_t gen_iv;
};
+enum xts_tweak_modes {
+ XTS_TWEAK_MODE_HEX = 0,
+ XTS_TWEAK_MODE_NUMBER
+};
+
+struct xts_interim_data {
+ enum xts_tweak_modes tweak_mode;
+};
+
#ifdef USE_JANSSON
struct fips_test_json_info {
/* Information used for reading from json */
@@ -207,6 +217,7 @@ struct fips_test_interim_info {
struct ccm_interim_data ccm_data;
struct sha_interim_data sha_data;
struct gcm_interim_data gcm_data;
+ struct xts_interim_data xts_data;
} interim_info;
enum fips_test_op op;
@@ -266,6 +277,9 @@ parse_test_cmac_json_init(void);
int
parse_test_aes_json_init(void);
+
+int
+parse_test_xts_json_init(void);
#endif /* USE_JANSSON */
int
diff --git a/examples/fips_validation/fips_validation_xts.c
b/examples/fips_validation/fips_validation_xts.c
index 5bb1966f6c..531e3c688e 100644
--- a/examples/fips_validation/fips_validation_xts.c
+++ b/examples/fips_validation/fips_validation_xts.c
@@ -24,6 +24,22 @@
#define OP_ENC_STR "ENCRYPT"
#define OP_DEC_STR "DECRYPT"
+#define ALGO_JSON_STR "algorithm"
+#define TESTTYPE_JSON_STR "testType"
+#define DIR_JSON_STR "direction"
+#define KEYLEN_JSON_STR"keyLen"
+#define TWEAKMODE_JSON_STR "tweakMode"
+
+#define KEY_JSON_STR "key"
+#define DATAUNITLEN_JSON_STR "dataUnitLen"
+#define PAYLOADLEN_JSON_STR"payloadLen"
+#define TWEAKVALUE_JSON_STR"tweakValue"
+#define PT_JSON_STR"pt"
+#define CT_JSON_STR"ct"
+
+#define OP_ENC_JSON_STR"encrypt"
+#define OP_DEC_JSON_STR"decrypt"
+
static int
parse_interim_xts_enc_dec(const char *key,
__rte_unused char *text,
@@ -62,6 +78,131 @@ struct fips_test_callback xts_writeback_callbacks[] = {
{NULL, NULL, NULL} /**< end pointer */
};
+#ifdef USE_JANSSON
+static int
+parser_xts_read_keylen(const char *key, char *src, struct fips_val *val)
+{
+ int ret;
+
+ ret = parser_read_uint32_bit_val(key, src, val);
+ if (ret < 0)
+ return ret;
+
+ val->len *= 2;
+ return 0;
+}
+
+static int
+parser_xts_read_tweakval(const char *key, char *src, struct fips_val *val)
+{
+ int ret;
+
+ if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_HEX)
+ ret = parse_uint8_hex_str(key, src, val);
+ else if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_NUMBER)
+ ret = parser_read_uint32_bit_val(key, src, val);
+ else
+ ret = -1;
+
+ return ret;
+}
+
+struct fips_test_callback xts_dec_json_vectors[] = {
+ {KEY_JSON_STR, parse_uint8_known_len_hex_str,
&vec.cipher_auth.key},
+ {TWEAKVALUE_JSON_STR, parser_xts_read_tweakval, &vec.iv},
+ {CT_JSON_STR, parse_uin
[PATCH v1] examples/fips_validation: add parsing for sha
Added function to parse algorithm for SHA test. Verified with SHA 1 and 256
vectors. SHA 384 and 512 has some issues with the way jansson objects are
created, which could be addressed separately.
Signed-off-by: Gowrishankar Muthukrishnan
---
examples/fips_validation/fips_validation.c| 2 +
examples/fips_validation/fips_validation.h| 10 +
.../fips_validation/fips_validation_sha.c | 188 ++
examples/fips_validation/main.c | 37 +++-
4 files changed, 226 insertions(+), 11 deletions(-)
diff --git a/examples/fips_validation/fips_validation.c
b/examples/fips_validation/fips_validation.c
index f181363ef7..12b9b03f56 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -466,6 +466,8 @@ fips_test_parse_one_json_vector_set(void)
info.algo = FIPS_TEST_ALGO_AES_CBC;
else if (strstr(algo_str, "AES-XTS"))
info.algo = FIPS_TEST_ALGO_AES_XTS;
+ else if (strstr(algo_str, "SHA"))
+ info.algo = FIPS_TEST_ALGO_SHA;
else
return -EINVAL;
diff --git a/examples/fips_validation/fips_validation.h
b/examples/fips_validation/fips_validation.h
index d716b198c6..5c1abcbd91 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -133,6 +133,7 @@ enum fips_ccm_test_types {
enum fips_sha_test_types {
SHA_KAT = 0,
+ SHA_AFT,
SHA_MCT
};
@@ -280,6 +281,15 @@ parse_test_aes_json_init(void);
int
parse_test_xts_json_init(void);
+
+int
+parse_test_sha_json_init(void);
+
+int
+parse_test_sha_json_algorithm(void);
+
+int
+parse_test_sha_json_test_type(void);
#endif /* USE_JANSSON */
int
diff --git a/examples/fips_validation/fips_validation_sha.c
b/examples/fips_validation/fips_validation_sha.c
index 34c364c75a..a2928618d7 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -17,6 +17,11 @@
#define SEED_STR "Seed = "
#define MCT_STR"Monte"
+#define ALGO_JSON_STR "algorithm"
+#define TESTTYPE_JSON_STR "testType"
+
+#define PT_JSON_STR"msg"
+
struct plain_hash_size_conversion {
const char *str;
enum rte_crypto_auth_algorithm algo;
@@ -62,6 +67,32 @@ struct fips_test_callback sha_tests_interim_vectors[] = {
{NULL, NULL, NULL} /**< end pointer */
};
+#ifdef USE_JANSSON
+static struct {
+ uint32_t type;
+ const char *desc;
+} sha_test_types[] = {
+ {SHA_MCT, "MCT"},
+ {SHA_AFT, "AFT"},
+};
+
+static struct plain_hash_algorithms {
+ const char *str;
+ enum rte_crypto_auth_algorithm algo;
+} json_algorithms[] = {
+ {"SHA-1", RTE_CRYPTO_AUTH_SHA1},
+ {"SHA2-224", RTE_CRYPTO_AUTH_SHA224},
+ {"SHA2-256", RTE_CRYPTO_AUTH_SHA256},
+ {"SHA2-384", RTE_CRYPTO_AUTH_SHA384},
+ {"SHA2-512", RTE_CRYPTO_AUTH_SHA512},
+};
+
+struct fips_test_callback sha_tests_json_vectors[] = {
+ {PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+#endif /* USE_JANSSON */
+
static int
parse_test_sha_writeback(struct fips_val *val) // !
{
@@ -108,3 +139,160 @@ parse_test_sha_init(void)
info.kat_check = rsp_test_sha_check;
return 0;
}
+
+#ifdef USE_JANSSON
+static int
+parse_test_sha_json_writeback(struct fips_val *val)
+{
+ struct fips_val val_local;
+ json_t *tcId, *md;
+
+ tcId = json_object_get(json_info.json_test_case, "tcId");
+
+ json_info.json_write_case = json_object();
+ json_object_set_new(json_info.json_write_case, "tcId", tcId);
+
+ val_local.val = val->val + vec.pt.len;
+ val_local.len = vec.cipher_auth.digest.len;
+
+ writeback_hex_str("", info.one_line_text, &val_local);
+ md = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, "md", md);
+
+ return 0;
+}
+
+static int
+parse_test_sha_mct_json_writeback(struct fips_val *val)
+{
+ json_t *tcId, *msg, *md, *resArr, *res;
+ struct fips_val val_local;
+
+ tcId = json_object_get(json_info.json_test_case, "tcId");
+ if (json_info.json_write_case) {
+ json_t *wcId;
+
+ wcId = json_object_get(json_info.json_write_case, "tcId");
+ if (!json_equal(tcId, wcId)) {
+ json_info.json_write_case = json_object();
+ json_object_set_new(json_info.json_write_case, "tcId",
tcId);
+ json_object_set_new(json_info.json_write_case,
"resultsArray",
+
RE: [EXT] Re: [PATCH v1] examples/fips_validation: add parsing for xts
Thanks David, I ack and have added your suggestions in V3. Regards, Gowrishankar
RE: [PATCH v1] examples/fips_validation: add parsing for sha
Hi Fan,
> > --- a/examples/fips_validation/main.c
> > +++ b/examples/fips_validation/main.c
> > @@ -1693,19 +1693,24 @@ fips_mct_sha_test(void)
> > #define SHA_EXTERN_ITER100
> > #define SHA_INTERN_ITER1000
> > #define SHA_MD_BLOCK 3
> > - struct fips_val val = {NULL, 0}, md[SHA_MD_BLOCK];
> > + struct fips_val val[2] = {{NULL, 0},}, md[SHA_MD_BLOCK], msg;
>
> I see to get around with the callback function limitation you extend the fips
> val
> to an array. Nice move! But if it is not too much trouble for you - please
> comment the purpose of the change - it will make the future maintenance much
> easier!
Yes, I have added a comment on why val is an array in V3 patch.
>
> > char temp[MAX_DIGEST_SIZE*2];
> > int ret;
> > uint32_t i, j;
> >
> > + msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
> > + msg.val = calloc(1, msg.len);
> > + memcpy(vec.cipher_auth.digest.val, vec.pt.val,
> > vec.cipher_auth.digest.len);
> > for (i = 0; i < SHA_MD_BLOCK; i++)
> > md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
> >
> > rte_free(vec.pt.val);
> > vec.pt.val = rte_malloc(NULL, (MAX_DIGEST_SIZE*SHA_MD_BLOCK), 0);
> >
> > - fips_test_write_one_case();
> > - fprintf(info.fp_wr, "\n");
> > + if (info.file_type != FIPS_TYPE_JSON) {
> > + fips_test_write_one_case();
> > + fprintf(info.fp_wr, "\n");
> > + }
> >
> > for (j = 0; j < SHA_EXTERN_ITER; j++) {
> >
> > @@ -1719,6 +1724,9 @@ fips_mct_sha_test(void)
> > vec.cipher_auth.digest.len);
> > md[2].len = vec.cipher_auth.digest.len;
> >
> > + for (i = 0; i < SHA_MD_BLOCK; i++)
> > + memcpy(&msg.val[i * md[i].len], md[i].val, md[i].len);
> > +
> > for (i = 0; i < (SHA_INTERN_ITER); i++) {
> >
> > memcpy(vec.pt.val, md[0].val,
> > @@ -1742,7 +1750,7 @@ fips_mct_sha_test(void)
> > return ret;
> > }
> >
> > - ret = get_writeback_data(&val);
> > + ret = get_writeback_data(&val[0]);
> > if (ret < 0)
> > return ret;
> >
> > @@ -1751,7 +1759,7 @@ fips_mct_sha_test(void)
> > memcpy(md[1].val, md[2].val, md[2].len);
> > md[1].len = md[2].len;
> >
> > - memcpy(md[2].val, (val.val + vec.pt.len),
> > + memcpy(md[2].val, (val[0].val + vec.pt.len),
> > vec.cipher_auth.digest.len);
> > md[2].len = vec.cipher_auth.digest.len;
> > }
> > @@ -1759,11 +1767,14 @@ fips_mct_sha_test(void)
> > memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
> > vec.cipher_auth.digest.len = md[2].len;
> >
> > - fprintf(info.fp_wr, "COUNT = %u\n", j);
> > -
> > - writeback_hex_str("", temp, &vec.cipher_auth.digest);
> > -
> > - fprintf(info.fp_wr, "MD = %s\n\n", temp);
> > + if (info.file_type != FIPS_TYPE_JSON) {
> > + fprintf(info.fp_wr, "COUNT = %u\n", j);
> > + writeback_hex_str("", temp, &vec.cipher_auth.digest);
> > + fprintf(info.fp_wr, "MD = %s\n\n", temp);
> > + }
> > + val[1].val = msg.val;
> > + val[1].len = msg.len;
> > + info.parse_writeback(val);
> > }
> >
> > for (i = 0; i < (SHA_MD_BLOCK); i++) @@ -1771,7 +1782,8 @@
> > fips_mct_sha_test(void)
> >
> > rte_free(vec.pt.val);
> >
> > - free(val.val);
> > + free(val[0].val);
>
> It took me a while to understand why you don't free val[1] ??.
> Nicely done anyway.
>
> > + free(msg.val);
> >
> > return 0;
> > }
> > @@ -1996,6 +2008,9 @@ fips_test_one_test_group(void)
> > case FIPS_TEST_ALGO_AES:
> > ret = parse_test_aes_json_init();
> > break;
> > + case FIPS_TEST_ALGO_SHA:
> > + ret = parse_test_sha_json_init();
> > + break;
> > default:
> > return -EINVAL;
> > }
> > --
> > 2.25.1
>
> Other than that
> Acked-by: Fan Zhang
Thanks.
[PATCH v3 0/3] example/fips_validation: add xts and sha json parsing
Add support in fips_validation to parse AES_XTS and SHA json vectors. v3: - individual patches for xts and sha are clubbed in this new series. Gowrishankar Muthukrishnan (3): examples/fips_validation: add aes_cbc specific enum examples/fips_validation: add parsing for xts examples/fips_validation: add parsing for sha examples/fips_validation/fips_validation.c| 6 +- examples/fips_validation/fips_validation.h| 26 ++- .../fips_validation/fips_validation_sha.c | 188 ++ .../fips_validation/fips_validation_xts.c | 141 + examples/fips_validation/main.c | 44 +++- 5 files changed, 392 insertions(+), 13 deletions(-) -- 2.25.1
[PATCH v3 1/3] examples/fips_validation: add aes_cbc specific enum
Add algorithm enum specifically for AES_CBC instead of relying on
AES as such.
Fixes: 8b8546aaedf ("examples/fips_validation: add parsing for AES-CBC")
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Fan Zhang
---
examples/fips_validation/fips_validation.c | 2 +-
examples/fips_validation/fips_validation.h | 1 +
examples/fips_validation/main.c| 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/examples/fips_validation/fips_validation.c
b/examples/fips_validation/fips_validation.c
index 324abccb14..68b5572db2 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -463,7 +463,7 @@ fips_test_parse_one_json_vector_set(void)
else if (strstr(algo_str, "CMAC"))
info.algo = FIPS_TEST_ALGO_AES_CMAC;
else if (strstr(algo_str, "AES-CBC"))
- info.algo = FIPS_TEST_ALGO_AES;
+ info.algo = FIPS_TEST_ALGO_AES_CBC;
else
return -EINVAL;
diff --git a/examples/fips_validation/fips_validation.h
b/examples/fips_validation/fips_validation.h
index 69d738b718..819236983d 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -34,6 +34,7 @@
enum fips_test_algorithms {
FIPS_TEST_ALGO_AES = 0,
+ FIPS_TEST_ALGO_AES_CBC,
FIPS_TEST_ALGO_AES_GCM,
FIPS_TEST_ALGO_AES_CMAC,
FIPS_TEST_ALGO_AES_CCM,
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index ceabea788e..9c4951595d 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -1781,6 +1781,7 @@ static int
init_test_ops(void)
{
switch (info.algo) {
+ case FIPS_TEST_ALGO_AES_CBC:
case FIPS_TEST_ALGO_AES:
test_ops.prepare_op = prepare_cipher_op;
test_ops.prepare_xform = prepare_aes_xform;
--
2.25.1
[PATCH v3 2/3] examples/fips_validation: add parsing for xts
Added function to parse algorithm for AES XTS test.
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Fan Zhang
---
v3:
- CBC related changes moved to 1/3 patch.
---
examples/fips_validation/fips_validation.c| 2 +
examples/fips_validation/fips_validation.h| 15 +-
.../fips_validation/fips_validation_xts.c | 141 ++
examples/fips_validation/main.c | 4 +
4 files changed, 161 insertions(+), 1 deletion(-)
diff --git a/examples/fips_validation/fips_validation.c
b/examples/fips_validation/fips_validation.c
index 68b5572db2..f181363ef7 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -464,6 +464,8 @@ fips_test_parse_one_json_vector_set(void)
info.algo = FIPS_TEST_ALGO_AES_CMAC;
else if (strstr(algo_str, "AES-CBC"))
info.algo = FIPS_TEST_ALGO_AES_CBC;
+ else if (strstr(algo_str, "AES-XTS"))
+ info.algo = FIPS_TEST_ALGO_AES_XTS;
else
return -EINVAL;
diff --git a/examples/fips_validation/fips_validation.h
b/examples/fips_validation/fips_validation.h
index 819236983d..d716b198c6 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -38,10 +38,10 @@ enum fips_test_algorithms {
FIPS_TEST_ALGO_AES_GCM,
FIPS_TEST_ALGO_AES_CMAC,
FIPS_TEST_ALGO_AES_CCM,
+ FIPS_TEST_ALGO_AES_XTS,
FIPS_TEST_ALGO_HMAC,
FIPS_TEST_ALGO_TDES,
FIPS_TEST_ALGO_SHA,
- FIPS_TEST_ALGO_AES_XTS,
FIPS_TEST_ALGO_MAX
};
@@ -171,6 +171,15 @@ struct gcm_interim_data {
uint8_t gen_iv;
};
+enum xts_tweak_modes {
+ XTS_TWEAK_MODE_HEX = 0,
+ XTS_TWEAK_MODE_NUMBER
+};
+
+struct xts_interim_data {
+ enum xts_tweak_modes tweak_mode;
+};
+
#ifdef USE_JANSSON
struct fips_test_json_info {
/* Information used for reading from json */
@@ -208,6 +217,7 @@ struct fips_test_interim_info {
struct ccm_interim_data ccm_data;
struct sha_interim_data sha_data;
struct gcm_interim_data gcm_data;
+ struct xts_interim_data xts_data;
} interim_info;
enum fips_test_op op;
@@ -267,6 +277,9 @@ parse_test_cmac_json_init(void);
int
parse_test_aes_json_init(void);
+
+int
+parse_test_xts_json_init(void);
#endif /* USE_JANSSON */
int
diff --git a/examples/fips_validation/fips_validation_xts.c
b/examples/fips_validation/fips_validation_xts.c
index 5bb1966f6c..531e3c688e 100644
--- a/examples/fips_validation/fips_validation_xts.c
+++ b/examples/fips_validation/fips_validation_xts.c
@@ -24,6 +24,22 @@
#define OP_ENC_STR "ENCRYPT"
#define OP_DEC_STR "DECRYPT"
+#define ALGO_JSON_STR "algorithm"
+#define TESTTYPE_JSON_STR "testType"
+#define DIR_JSON_STR "direction"
+#define KEYLEN_JSON_STR"keyLen"
+#define TWEAKMODE_JSON_STR "tweakMode"
+
+#define KEY_JSON_STR "key"
+#define DATAUNITLEN_JSON_STR "dataUnitLen"
+#define PAYLOADLEN_JSON_STR"payloadLen"
+#define TWEAKVALUE_JSON_STR"tweakValue"
+#define PT_JSON_STR"pt"
+#define CT_JSON_STR"ct"
+
+#define OP_ENC_JSON_STR"encrypt"
+#define OP_DEC_JSON_STR"decrypt"
+
static int
parse_interim_xts_enc_dec(const char *key,
__rte_unused char *text,
@@ -62,6 +78,131 @@ struct fips_test_callback xts_writeback_callbacks[] = {
{NULL, NULL, NULL} /**< end pointer */
};
+#ifdef USE_JANSSON
+static int
+parser_xts_read_keylen(const char *key, char *src, struct fips_val *val)
+{
+ int ret;
+
+ ret = parser_read_uint32_bit_val(key, src, val);
+ if (ret < 0)
+ return ret;
+
+ val->len *= 2;
+ return 0;
+}
+
+static int
+parser_xts_read_tweakval(const char *key, char *src, struct fips_val *val)
+{
+ int ret;
+
+ if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_HEX)
+ ret = parse_uint8_hex_str(key, src, val);
+ else if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_NUMBER)
+ ret = parser_read_uint32_bit_val(key, src, val);
+ else
+ ret = -1;
+
+ return ret;
+}
+
+struct fips_test_callback xts_dec_json_vectors[] = {
+ {KEY_JSON_STR, parse_uint8_known_len_hex_str,
&vec.cipher_auth.key},
+ {TWEAKVALUE_JSON_STR, parser_xts_read_tweakval, &vec.iv},
+ {CT_JSON_STR, parse_uint8_hex_str, &vec.ct},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+
+struct fips_test_callback xts_interim_json_vectors[] = {
+ {KEYLEN_JSON_ST
[PATCH v3 3/3] examples/fips_validation: add parsing for sha
Added function to parse algorithm for SHA test.
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Fan Zhang
---
v3:
- added a comment on flat array of fips_val for parse_writeback callback.
---
examples/fips_validation/fips_validation.c| 2 +
examples/fips_validation/fips_validation.h| 10 +
.../fips_validation/fips_validation_sha.c | 188 ++
examples/fips_validation/main.c | 39 +++-
4 files changed, 228 insertions(+), 11 deletions(-)
diff --git a/examples/fips_validation/fips_validation.c
b/examples/fips_validation/fips_validation.c
index f181363ef7..12b9b03f56 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -466,6 +466,8 @@ fips_test_parse_one_json_vector_set(void)
info.algo = FIPS_TEST_ALGO_AES_CBC;
else if (strstr(algo_str, "AES-XTS"))
info.algo = FIPS_TEST_ALGO_AES_XTS;
+ else if (strstr(algo_str, "SHA"))
+ info.algo = FIPS_TEST_ALGO_SHA;
else
return -EINVAL;
diff --git a/examples/fips_validation/fips_validation.h
b/examples/fips_validation/fips_validation.h
index d716b198c6..5c1abcbd91 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -133,6 +133,7 @@ enum fips_ccm_test_types {
enum fips_sha_test_types {
SHA_KAT = 0,
+ SHA_AFT,
SHA_MCT
};
@@ -280,6 +281,15 @@ parse_test_aes_json_init(void);
int
parse_test_xts_json_init(void);
+
+int
+parse_test_sha_json_init(void);
+
+int
+parse_test_sha_json_algorithm(void);
+
+int
+parse_test_sha_json_test_type(void);
#endif /* USE_JANSSON */
int
diff --git a/examples/fips_validation/fips_validation_sha.c
b/examples/fips_validation/fips_validation_sha.c
index 34c364c75a..a2928618d7 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -17,6 +17,11 @@
#define SEED_STR "Seed = "
#define MCT_STR"Monte"
+#define ALGO_JSON_STR "algorithm"
+#define TESTTYPE_JSON_STR "testType"
+
+#define PT_JSON_STR"msg"
+
struct plain_hash_size_conversion {
const char *str;
enum rte_crypto_auth_algorithm algo;
@@ -62,6 +67,32 @@ struct fips_test_callback sha_tests_interim_vectors[] = {
{NULL, NULL, NULL} /**< end pointer */
};
+#ifdef USE_JANSSON
+static struct {
+ uint32_t type;
+ const char *desc;
+} sha_test_types[] = {
+ {SHA_MCT, "MCT"},
+ {SHA_AFT, "AFT"},
+};
+
+static struct plain_hash_algorithms {
+ const char *str;
+ enum rte_crypto_auth_algorithm algo;
+} json_algorithms[] = {
+ {"SHA-1", RTE_CRYPTO_AUTH_SHA1},
+ {"SHA2-224", RTE_CRYPTO_AUTH_SHA224},
+ {"SHA2-256", RTE_CRYPTO_AUTH_SHA256},
+ {"SHA2-384", RTE_CRYPTO_AUTH_SHA384},
+ {"SHA2-512", RTE_CRYPTO_AUTH_SHA512},
+};
+
+struct fips_test_callback sha_tests_json_vectors[] = {
+ {PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+#endif /* USE_JANSSON */
+
static int
parse_test_sha_writeback(struct fips_val *val) // !
{
@@ -108,3 +139,160 @@ parse_test_sha_init(void)
info.kat_check = rsp_test_sha_check;
return 0;
}
+
+#ifdef USE_JANSSON
+static int
+parse_test_sha_json_writeback(struct fips_val *val)
+{
+ struct fips_val val_local;
+ json_t *tcId, *md;
+
+ tcId = json_object_get(json_info.json_test_case, "tcId");
+
+ json_info.json_write_case = json_object();
+ json_object_set_new(json_info.json_write_case, "tcId", tcId);
+
+ val_local.val = val->val + vec.pt.len;
+ val_local.len = vec.cipher_auth.digest.len;
+
+ writeback_hex_str("", info.one_line_text, &val_local);
+ md = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, "md", md);
+
+ return 0;
+}
+
+static int
+parse_test_sha_mct_json_writeback(struct fips_val *val)
+{
+ json_t *tcId, *msg, *md, *resArr, *res;
+ struct fips_val val_local;
+
+ tcId = json_object_get(json_info.json_test_case, "tcId");
+ if (json_info.json_write_case) {
+ json_t *wcId;
+
+ wcId = json_object_get(json_info.json_write_case, "tcId");
+ if (!json_equal(tcId, wcId)) {
+ json_info.json_write_case = json_object();
+ json_object_set_new(json_info.json_write_case, "tcId",
tcId);
+ json_object_set_new(json_info.json_write_case,
"resultsArray",
+
[PATCH v4 0/3] example/fips_validation: add xts and sha json parsing
Add support in fips_validation to parse AES_XTS and SHA json vectors. v4: - doc updates Gowrishankar Muthukrishnan (3): examples/fips_validation: add aes_cbc specific enum examples/fips_validation: add parsing for xts examples/fips_validation: add parsing for sha doc/guides/sample_app_ug/fips_validation.rst | 2 + examples/fips_validation/fips_validation.c| 6 +- examples/fips_validation/fips_validation.h| 26 ++- .../fips_validation/fips_validation_sha.c | 188 ++ .../fips_validation/fips_validation_xts.c | 141 + examples/fips_validation/main.c | 44 +++- 6 files changed, 394 insertions(+), 13 deletions(-) -- 2.25.1
[PATCH v4 1/3] examples/fips_validation: add aes_cbc specific enum
Add algorithm enum specifically for AES_CBC instead of relying on
AES as such.
Fixes: 8b8546aaedf ("examples/fips_validation: add parsing for AES-CBC")
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Fan Zhang
---
examples/fips_validation/fips_validation.c | 2 +-
examples/fips_validation/fips_validation.h | 1 +
examples/fips_validation/main.c| 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/examples/fips_validation/fips_validation.c
b/examples/fips_validation/fips_validation.c
index 324abccb14..68b5572db2 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -463,7 +463,7 @@ fips_test_parse_one_json_vector_set(void)
else if (strstr(algo_str, "CMAC"))
info.algo = FIPS_TEST_ALGO_AES_CMAC;
else if (strstr(algo_str, "AES-CBC"))
- info.algo = FIPS_TEST_ALGO_AES;
+ info.algo = FIPS_TEST_ALGO_AES_CBC;
else
return -EINVAL;
diff --git a/examples/fips_validation/fips_validation.h
b/examples/fips_validation/fips_validation.h
index 69d738b718..819236983d 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -34,6 +34,7 @@
enum fips_test_algorithms {
FIPS_TEST_ALGO_AES = 0,
+ FIPS_TEST_ALGO_AES_CBC,
FIPS_TEST_ALGO_AES_GCM,
FIPS_TEST_ALGO_AES_CMAC,
FIPS_TEST_ALGO_AES_CCM,
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index ceabea788e..9c4951595d 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -1781,6 +1781,7 @@ static int
init_test_ops(void)
{
switch (info.algo) {
+ case FIPS_TEST_ALGO_AES_CBC:
case FIPS_TEST_ALGO_AES:
test_ops.prepare_op = prepare_cipher_op;
test_ops.prepare_xform = prepare_aes_xform;
--
2.25.1
[PATCH v4 2/3] examples/fips_validation: add parsing for xts
Added function to parse algorithm for AES XTS test.
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Fan Zhang
---
v4:
- doc update
---
doc/guides/sample_app_ug/fips_validation.rst | 1 +
examples/fips_validation/fips_validation.c| 2 +
examples/fips_validation/fips_validation.h| 15 +-
.../fips_validation/fips_validation_xts.c | 141 ++
examples/fips_validation/main.c | 4 +
5 files changed, 162 insertions(+), 1 deletion(-)
diff --git a/doc/guides/sample_app_ug/fips_validation.rst
b/doc/guides/sample_app_ug/fips_validation.rst
index 43190bb696..41d2e0da13 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -61,6 +61,7 @@ ACVP
* AES-CBC (128,192,256) - AFT, MCT
* AES-GCM (128,192,256) - AFT
* AES-CMAC (128,192,256) - AFT
+* AES-XTS (128,256) - AFT
* HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
diff --git a/examples/fips_validation/fips_validation.c
b/examples/fips_validation/fips_validation.c
index 68b5572db2..f181363ef7 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -464,6 +464,8 @@ fips_test_parse_one_json_vector_set(void)
info.algo = FIPS_TEST_ALGO_AES_CMAC;
else if (strstr(algo_str, "AES-CBC"))
info.algo = FIPS_TEST_ALGO_AES_CBC;
+ else if (strstr(algo_str, "AES-XTS"))
+ info.algo = FIPS_TEST_ALGO_AES_XTS;
else
return -EINVAL;
diff --git a/examples/fips_validation/fips_validation.h
b/examples/fips_validation/fips_validation.h
index 819236983d..d716b198c6 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -38,10 +38,10 @@ enum fips_test_algorithms {
FIPS_TEST_ALGO_AES_GCM,
FIPS_TEST_ALGO_AES_CMAC,
FIPS_TEST_ALGO_AES_CCM,
+ FIPS_TEST_ALGO_AES_XTS,
FIPS_TEST_ALGO_HMAC,
FIPS_TEST_ALGO_TDES,
FIPS_TEST_ALGO_SHA,
- FIPS_TEST_ALGO_AES_XTS,
FIPS_TEST_ALGO_MAX
};
@@ -171,6 +171,15 @@ struct gcm_interim_data {
uint8_t gen_iv;
};
+enum xts_tweak_modes {
+ XTS_TWEAK_MODE_HEX = 0,
+ XTS_TWEAK_MODE_NUMBER
+};
+
+struct xts_interim_data {
+ enum xts_tweak_modes tweak_mode;
+};
+
#ifdef USE_JANSSON
struct fips_test_json_info {
/* Information used for reading from json */
@@ -208,6 +217,7 @@ struct fips_test_interim_info {
struct ccm_interim_data ccm_data;
struct sha_interim_data sha_data;
struct gcm_interim_data gcm_data;
+ struct xts_interim_data xts_data;
} interim_info;
enum fips_test_op op;
@@ -267,6 +277,9 @@ parse_test_cmac_json_init(void);
int
parse_test_aes_json_init(void);
+
+int
+parse_test_xts_json_init(void);
#endif /* USE_JANSSON */
int
diff --git a/examples/fips_validation/fips_validation_xts.c
b/examples/fips_validation/fips_validation_xts.c
index 5bb1966f6c..531e3c688e 100644
--- a/examples/fips_validation/fips_validation_xts.c
+++ b/examples/fips_validation/fips_validation_xts.c
@@ -24,6 +24,22 @@
#define OP_ENC_STR "ENCRYPT"
#define OP_DEC_STR "DECRYPT"
+#define ALGO_JSON_STR "algorithm"
+#define TESTTYPE_JSON_STR "testType"
+#define DIR_JSON_STR "direction"
+#define KEYLEN_JSON_STR"keyLen"
+#define TWEAKMODE_JSON_STR "tweakMode"
+
+#define KEY_JSON_STR "key"
+#define DATAUNITLEN_JSON_STR "dataUnitLen"
+#define PAYLOADLEN_JSON_STR"payloadLen"
+#define TWEAKVALUE_JSON_STR"tweakValue"
+#define PT_JSON_STR"pt"
+#define CT_JSON_STR"ct"
+
+#define OP_ENC_JSON_STR"encrypt"
+#define OP_DEC_JSON_STR"decrypt"
+
static int
parse_interim_xts_enc_dec(const char *key,
__rte_unused char *text,
@@ -62,6 +78,131 @@ struct fips_test_callback xts_writeback_callbacks[] = {
{NULL, NULL, NULL} /**< end pointer */
};
+#ifdef USE_JANSSON
+static int
+parser_xts_read_keylen(const char *key, char *src, struct fips_val *val)
+{
+ int ret;
+
+ ret = parser_read_uint32_bit_val(key, src, val);
+ if (ret < 0)
+ return ret;
+
+ val->len *= 2;
+ return 0;
+}
+
+static int
+parser_xts_read_tweakval(const char *key, char *src, struct fips_val *val)
+{
+ int ret;
+
+ if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_HEX)
+ ret = parse_uint8_hex_str(key, src, val);
+ else if (info.interim_info.xts_data.tweak_mode == XTS_TWEAK_MODE_NUMBER)
+ ret = parser_read_uint32_bit_val(key, src, val);
+ else
+
[PATCH v4 3/3] examples/fips_validation: add parsing for sha
Added function to parse algorithm for SHA test.
Signed-off-by: Gowrishankar Muthukrishnan
Acked-by: Fan Zhang
---
v4:
- doc update
---
doc/guides/sample_app_ug/fips_validation.rst | 1 +
examples/fips_validation/fips_validation.c| 2 +
examples/fips_validation/fips_validation.h| 10 +
.../fips_validation/fips_validation_sha.c | 188 ++
examples/fips_validation/main.c | 39 +++-
5 files changed, 229 insertions(+), 11 deletions(-)
diff --git a/doc/guides/sample_app_ug/fips_validation.rst
b/doc/guides/sample_app_ug/fips_validation.rst
index 41d2e0da13..4b68226665 100644
--- a/doc/guides/sample_app_ug/fips_validation.rst
+++ b/doc/guides/sample_app_ug/fips_validation.rst
@@ -63,6 +63,7 @@ ACVP
* AES-CMAC (128,192,256) - AFT
* AES-XTS (128,256) - AFT
* HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
+* SHA (1,256) - AFT, MCT
Application Information
diff --git a/examples/fips_validation/fips_validation.c
b/examples/fips_validation/fips_validation.c
index f181363ef7..12b9b03f56 100644
--- a/examples/fips_validation/fips_validation.c
+++ b/examples/fips_validation/fips_validation.c
@@ -466,6 +466,8 @@ fips_test_parse_one_json_vector_set(void)
info.algo = FIPS_TEST_ALGO_AES_CBC;
else if (strstr(algo_str, "AES-XTS"))
info.algo = FIPS_TEST_ALGO_AES_XTS;
+ else if (strstr(algo_str, "SHA"))
+ info.algo = FIPS_TEST_ALGO_SHA;
else
return -EINVAL;
diff --git a/examples/fips_validation/fips_validation.h
b/examples/fips_validation/fips_validation.h
index d716b198c6..5c1abcbd91 100644
--- a/examples/fips_validation/fips_validation.h
+++ b/examples/fips_validation/fips_validation.h
@@ -133,6 +133,7 @@ enum fips_ccm_test_types {
enum fips_sha_test_types {
SHA_KAT = 0,
+ SHA_AFT,
SHA_MCT
};
@@ -280,6 +281,15 @@ parse_test_aes_json_init(void);
int
parse_test_xts_json_init(void);
+
+int
+parse_test_sha_json_init(void);
+
+int
+parse_test_sha_json_algorithm(void);
+
+int
+parse_test_sha_json_test_type(void);
#endif /* USE_JANSSON */
int
diff --git a/examples/fips_validation/fips_validation_sha.c
b/examples/fips_validation/fips_validation_sha.c
index 34c364c75a..a2928618d7 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -17,6 +17,11 @@
#define SEED_STR "Seed = "
#define MCT_STR"Monte"
+#define ALGO_JSON_STR "algorithm"
+#define TESTTYPE_JSON_STR "testType"
+
+#define PT_JSON_STR"msg"
+
struct plain_hash_size_conversion {
const char *str;
enum rte_crypto_auth_algorithm algo;
@@ -62,6 +67,32 @@ struct fips_test_callback sha_tests_interim_vectors[] = {
{NULL, NULL, NULL} /**< end pointer */
};
+#ifdef USE_JANSSON
+static struct {
+ uint32_t type;
+ const char *desc;
+} sha_test_types[] = {
+ {SHA_MCT, "MCT"},
+ {SHA_AFT, "AFT"},
+};
+
+static struct plain_hash_algorithms {
+ const char *str;
+ enum rte_crypto_auth_algorithm algo;
+} json_algorithms[] = {
+ {"SHA-1", RTE_CRYPTO_AUTH_SHA1},
+ {"SHA2-224", RTE_CRYPTO_AUTH_SHA224},
+ {"SHA2-256", RTE_CRYPTO_AUTH_SHA256},
+ {"SHA2-384", RTE_CRYPTO_AUTH_SHA384},
+ {"SHA2-512", RTE_CRYPTO_AUTH_SHA512},
+};
+
+struct fips_test_callback sha_tests_json_vectors[] = {
+ {PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
+ {NULL, NULL, NULL} /**< end pointer */
+};
+#endif /* USE_JANSSON */
+
static int
parse_test_sha_writeback(struct fips_val *val) // !
{
@@ -108,3 +139,160 @@ parse_test_sha_init(void)
info.kat_check = rsp_test_sha_check;
return 0;
}
+
+#ifdef USE_JANSSON
+static int
+parse_test_sha_json_writeback(struct fips_val *val)
+{
+ struct fips_val val_local;
+ json_t *tcId, *md;
+
+ tcId = json_object_get(json_info.json_test_case, "tcId");
+
+ json_info.json_write_case = json_object();
+ json_object_set_new(json_info.json_write_case, "tcId", tcId);
+
+ val_local.val = val->val + vec.pt.len;
+ val_local.len = vec.cipher_auth.digest.len;
+
+ writeback_hex_str("", info.one_line_text, &val_local);
+ md = json_string(info.one_line_text);
+ json_object_set_new(json_info.json_write_case, "md", md);
+
+ return 0;
+}
+
+static int
+parse_test_sha_mct_json_writeback(struct fips_val *val)
+{
+ json_t *tcId, *msg, *md, *resArr, *res;
+ struct fips_val val_local;
+
+ tcId = json_object_get(json_info.json_test_case, "tcId");
+ if (json_info.json_write_case) {
+
[PATCH v1] examples/fips_validation: fix memory leak in sha test
There is wrong size used for allocation of digest buffer which in
some cases cause memory corruption. Also, fixed places where memory
leak is observed.
Fixes: 93d797d94f1 ("examples/fips_validation: add parsing for sha")
Signed-off-by: Gowrishankar Muthukrishnan
---
examples/fips_validation/fips_validation_sha.c | 10 --
examples/fips_validation/main.c| 1 +
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/examples/fips_validation/fips_validation_sha.c
b/examples/fips_validation/fips_validation_sha.c
index a2928618d7..538cb6647a 100644
--- a/examples/fips_validation/fips_validation_sha.c
+++ b/examples/fips_validation/fips_validation_sha.c
@@ -229,13 +229,19 @@ parse_test_sha_json_algorithm(void)
for (i = 0; i < RTE_DIM(phsc); i++) {
if (info.interim_info.sha_data.algo == phsc[i].algo) {
vec.cipher_auth.digest.len = atoi(phsc[i].str);
- vec.cipher_auth.digest.val = calloc(0,
vec.cipher_auth.digest.len * 8);
+ if (vec.cipher_auth.digest.val)
+ free(vec.cipher_auth.digest.val);
+
+ vec.cipher_auth.digest.val = calloc(1,
vec.cipher_auth.digest.len);
break;
}
}
- if (i == RTE_DIM(phsc))
+ if (i == RTE_DIM(phsc)) {
+ free(vec.cipher_auth.digest.val);
+ vec.cipher_auth.digest.val = NULL;
return -1;
+ }
return 0;
}
diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
index 6d52048b5c..8bd5a66889 100644
--- a/examples/fips_validation/main.c
+++ b/examples/fips_validation/main.c
@@ -2099,6 +2099,7 @@ fips_test_one_json_file(void)
json_info.json_vector_set = json_array_get(json_info.json_root,
vector_set_idx);
fips_test_one_vector_set();
json_array_append_new(json_info.json_write_root,
json_info.json_write_set);
+ json_incref(json_info.json_write_set);
}
json_dumpf(json_info.json_write_root, info.fp_wr, JSON_INDENT(4));
--
2.25.1
