cryptodev: support ECDSA

Asymmetric crypto library is extended to add ECDSA. Elliptic curve xform and ECDSA op params are introduced. Signed-off-by: Anoob Joseph <anoobj@marvell.com> Signed-off-by: Ayuj Verma <ayverma@marvell.com> Signed-off-by: Sunila Sahu <ssahu@marvell.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-01-15 18:13:36 +05:30 · 2020-01-15 18:13:36 +05:30 · 7bb4ea3246
commit 7bb4ea3246
parent b26ef1a11f
4 changed files with 93 additions and 5 deletions
--- a/doc/guides/cryptodevs/features/default.ini
+++ b/doc/guides/cryptodevs/features/default.ini
@ -104,8 +104,9 @@ CHACHA20-POLY1305 =
 ; Supported Asymmetric algorithms of a default crypto driver.
 ;
 [Asymmetric]
-RSA =
-DSA =
-Modular Exponentiation =
-Modular Inversion =
-Diffie-hellman =
+RSA                     =
+DSA                     =
+Modular Exponentiation  =
+Modular Inversion       =
+Diffie-hellman          =
+ECDSA                   =
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@ -64,6 +64,8 @@ New Features
 * **Added algorithms to cryptodev API.**

  * Chacha20-Poly1305 AEAD algorithm can now be supported in cryptodev.
+  * ECDSA (Elliptic Curve Digital Signature Algorithm) is added to
+    asymmetric crypto library specifications.


 Removed Items
--- a/lib/librte_cryptodev/rte_crypto_asym.h
+++ b/lib/librte_cryptodev/rte_crypto_asym.h
@ -27,6 +27,13 @@ extern "C" {

 #include "rte_crypto_sym.h"

+/**
+ * Buffer to hold crypto params required for asym operations.
+ *
+ * These buffers can be used for both input to PMD and output from PMD. When
+ * used for output from PMD, application has to ensure the buffer is large
+ * enough to hold the target data.
+ */
 typedef struct rte_crypto_param_t {
 	uint8_t *data;
 	/**< pointer to buffer holding data */
@ -81,6 +88,10 @@ enum rte_crypto_asym_xform_type {
 	/**< Modular Exponentiation
 	 * Perform Modular Exponentiation b^e mod n
 	 */
+	RTE_CRYPTO_ASYM_XFORM_ECDSA,
+	/**< Elliptic Curve Digital Signature Algorithm
+	 * Perform Signature Generation and Verification.
+	 */
 	RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
 	/**< End of list */
 };
@ -318,6 +329,40 @@ struct rte_crypto_dsa_xform {
 	 */
 };

+/**
+ * TLS named curves
+ * https://tools.ietf.org/html/rfc8422
+ */
+enum rte_crypto_ec_group {
+	RTE_CRYPTO_EC_GROUP_UNKNOWN  = 0,
+	RTE_CRYPTO_EC_GROUP_SECP192R1 = 19,
+	RTE_CRYPTO_EC_GROUP_SECP224R1 = 21,
+	RTE_CRYPTO_EC_GROUP_SECP256R1 = 23,
+	RTE_CRYPTO_EC_GROUP_SECP384R1 = 24,
+	RTE_CRYPTO_EC_GROUP_SECP521R1 = 25,
+};
+
+/**
+ * Structure for elliptic curve point
+ */
+struct rte_crypto_ec_point {
+	rte_crypto_param x;
+	/**< X coordinate */
+	rte_crypto_param y;
+	/**< Y coordinate */
+};
+
+/**
+ * Asymmetric elliptic curve transform data
+ *
+ * Structure describing all EC based xform params
+ *
+ */
+struct rte_crypto_ec_xform {
+	enum rte_crypto_ec_group curve_id;
+	/**< Pre-defined ec groups */
+};
+
 /**
 * Operations params for modular operations:
 * exponentiation and multiplicative inverse
@ -372,6 +417,11 @@ struct rte_crypto_asym_xform {

 		struct rte_crypto_dsa_xform dsa;
 		/**< DSA xform parameters */
+
+		struct rte_crypto_ec_xform ec;
+		/**< EC xform parameters, used by elliptic curve based
+		 * operations.
+		 */
 	};
 };

@ -515,6 +565,39 @@ struct rte_crypto_dsa_op_param {
 	 */
 };

+/**
+ * ECDSA operation params
+ */
+struct rte_crypto_ecdsa_op_param {
+	enum rte_crypto_asym_op_type op_type;
+	/**< Signature generation or verification */
+
+	rte_crypto_param pkey;
+	/**< Private key of the signer for signature generation */
+
+	struct rte_crypto_ec_point q;
+	/**< Public key of the signer for verification */
+
+	rte_crypto_param message;
+	/**< Input message digest to be signed or verified */
+
+	rte_crypto_param k;
+	/**< The ECDSA per-message secret number, which is an integer
+	 * in the interval (1, n-1)
+	 */
+
+	rte_crypto_param r;
+	/**< r component of elliptic curve signature
+	 *     output : for signature generation
+	 *     input  : for signature verification
+	 */
+	rte_crypto_param s;
+	/**< s component of elliptic curve signature
+	 *     output : for signature generation
+	 *     input  : for signature verification
+	 */
+};
+
 /**
 * Asymmetric Cryptographic Operation.
 *
@ -537,6 +620,7 @@ struct rte_crypto_asym_op {
 		struct rte_crypto_mod_op_param modinv;
 		struct rte_crypto_dh_op_param dh;
 		struct rte_crypto_dsa_op_param dsa;
+		struct rte_crypto_ecdsa_op_param ecdsa;
 	};
 };

--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@ -174,6 +174,7 @@ const char *rte_crypto_asym_xform_strings[] = {
 	[RTE_CRYPTO_ASYM_XFORM_MODINV]	= "modinv",
 	[RTE_CRYPTO_ASYM_XFORM_DH]	= "dh",
 	[RTE_CRYPTO_ASYM_XFORM_DSA]	= "dsa",
+	[RTE_CRYPTO_ASYM_XFORM_ECDSA]	= "ecdsa",
 };

 /**