Multi-buffer ECDSA & ECDH p384 Software optimization

Support for ECDH p384 sign and ECDH p384 Keygen
and compute to the QAT SW Optimization.

Signed-off-by: Yogaraj Alamenda <[email protected]>

README.md

@@ -72,8 +72,8 @@ license contained in the file `LICENSE.GPL` within the `qat` folder.
 * Support for the Intel® QuickAssist Technology Driver Heartbeat feature.
 * Multi-buffer Software optimization. (Software Optimization using Intel® Crypto Multi-buffer Library)
     * RSA Support for Key size 2048
-    * ECDH Support for Montgomery EC Curve: X25519 and NIST Prime Curve: P-256
-    * ECDSA Support for NIST Prime Curve: P-256
+    * ECDH Support for Montgomery EC Curve: X25519 and NIST Prime Curve: P-256/P-384
+    * ECDSA Support for NIST Prime Curve: P-256/P-384
 * AES128-GCM, AES192-GCM and AES256-GCM. (Software Optimization using Intel® Multi-Buffer Crypto for IPsec Library)
 
 Note: RSA Padding schemes are handled by OpenSSL rather than offloaded, so the
@@ -1385,9 +1385,9 @@ config variable 'ServicesProfile' from its default value of 'DEFAULT' to 'CRYPTO
 ## Intel® QAT Software support for Asymmetric PKE and AES-GCM
 
 This Intel® QAT OpenSSL\* Engine supports Multi-buffer based software
-optimizations for asymmetric PKE algorithms RSA, ECDH X25519, ECDH P-256 and
-ECDSA P-256(sign) using the Intel® Crypto Multi-buffer library based on
-Intel® AVX-512 Integer Fused Multiply Add (IFMA) operations.
+optimizations for asymmetric PKE algorithms RSA, ECDH X25519, ECDH P-256/P-384
+and ECDSA P-256/P-384(sign) using the Intel® Crypto Multi-buffer library
+based on Intel® AVX-512 Integer Fused Multiply Add (IFMA) operations.
 
 This is done by batching up multiple requests maintained in queues and uses
 the OpenSSL asynchronous infrastructure to submit the batched requests upto 8
@@ -1408,6 +1408,7 @@ software tool chain that supports OpenSSL\* 1.1.1 and Intel® Crypto
 Multi-buffer library cloned from the [ipp-crypto][10] release version
 **IPP Crypto 2020 Update 3**. The crypto_mb library needs to be installed
 using the instructions in the Readme from [Crypto Multi-buffer Library][11].
+
 In addition to support QAT SW AES-GCM, prequisite is to have Intel®
 Multi-Buffer crypto for IPsec Library release version **v0.55** cloned from
 the [intel-ipsec-mb][12] repo and installed using the instructions from the
@@ -1457,6 +1458,10 @@ cd /path/to/openssl_install/bin
     ./openssl speed -engine qatengine -elapsed -async_jobs 8 ecdhp256
 * ECDSA P-256
     ./openssl speed -engine qatengine -elapsed -async_jobs 8 ecdsap256
+* ECDH P-384
+    ./openssl speed -engine qatengine -elapsed -async_jobs 8 ecdhp384
+* ECDSA P-384
+    ./openssl speed -engine qatengine -elapsed -async_jobs 8 ecdsap384
 * AES-128-GCM
     ./openssl speed -engine qatengine -elapsed -evp aes-128-gcm
 * AES-192-GCM

configure.ac

@@ -499,19 +499,19 @@ fi
 if test "x$enable_qat_sw_ecdsa" != "xno" -a "x$cflags_qat_sw" != "x"
 then
     enable_qat_sw_ecdsa="-DENABLE_QAT_SW_ECDSA"
-    AC_MSG_NOTICE([Offloading ECDSA P256 to Software(Multi-buffer)])
+    AC_MSG_NOTICE([Offloading ECDSA P256 & P384 to Software(Multi-buffer)])
 else
     enable_qat_sw_ecdsa="-DDISABLE_QAT_SW_ECDSA"
-    AC_MSG_NOTICE([Not Offloading ECDSA P256 to Software(Multi-buffer)])
+    AC_MSG_NOTICE([Not Offloading ECDSA P256 & P384 to Software(Multi-buffer)])
 fi
 
 if test "x$enable_qat_sw_ecdh" != "xno" -a "x$cflags_qat_sw" != "x"
 then
     enable_qat_sw_ecdh="-DENABLE_QAT_SW_ECDH"
-    AC_MSG_NOTICE([Offloading ECDH P256 to Software(Multi-buffer)])
+    AC_MSG_NOTICE([Offloading ECDH P256 & P384 to Software(Multi-buffer)])
 else
     enable_qat_sw_ecdh="-DDISABLE_QAT_SW_ECDH"
-    AC_MSG_NOTICE([Not Offloading ECDH P256 to Software(Multi-buffer)])
+    AC_MSG_NOTICE([Not Offloading ECDH P256 & P384 to Software(Multi-buffer)])
 fi
 
 if test "x$enable_qat_hw_small_pkt_offload" = "xyes" -a "x$cflags_qat_hw" != "x"

e_qat.c

@@ -148,8 +148,13 @@
 
 /* Qat engine id declaration */
 const char *engine_qat_id = STR(QAT_ENGINE_ID);
+#ifdef QAT_HW
+const char *engine_qat_name =
+    "Reference implementation of QAT crypto engine(qat_hw) v0.6.4";
+#else
 const char *engine_qat_name =
-    "Reference implementation of QAT crypto engine v0.6.4";
+    "Reference implementation of QAT crypto engine(qat_sw) v0.6.4";
+#endif
 unsigned int engine_inited = 0;
 
 int qat_offload = 0;
@@ -224,11 +229,20 @@ mb_queue_ecdsap256_sign ecdsap256_sign_queue;
 mb_queue_ecdsap256_sign_setup ecdsap256_sign_setup_queue;
 mb_queue_ecdsap256_sign_sig ecdsap256_sign_sig_queue;
 
+/* ECDSA p384 */
+mb_queue_ecdsap384_sign ecdsap384_sign_queue;
+mb_queue_ecdsap384_sign_setup ecdsap384_sign_setup_queue;
+mb_queue_ecdsap384_sign_sig ecdsap384_sign_sig_queue;
+
 /* ECDH p256*/
 mb_flist_ecdh_keygen ecdh_keygen_freelist;
 mb_flist_ecdh_compute ecdh_compute_freelist;
 mb_queue_ecdhp256_keygen ecdhp256_keygen_queue;
 mb_queue_ecdhp256_compute ecdhp256_compute_queue;
+
+/* ECDH p384*/
+mb_queue_ecdhp384_keygen ecdhp384_keygen_queue;
+mb_queue_ecdhp384_compute ecdhp384_compute_queue;
 #endif
 
 const ENGINE_CMD_DEFN qat_cmd_defns[] = {
@@ -368,6 +382,7 @@ static int qat_engine_destroy(ENGINE *e)
 
 #ifdef QAT_SW
     multibuff_free_RSA_methods();
+    mb_free_EC_methods();
 #endif
 
 #if defined(QAT_SW_IPSEC) || defined(QAT_HW)
@@ -922,8 +937,8 @@ static int bind_qat(ENGINE *e, const char *id)
 
 #ifdef QAT_SW
     if (!qat_offload) {
-        if (mbx_get_algo_info(MBX_ALGO_RSA_2K) ||
-            mbx_get_algo_info(MBX_ALGO_RSA_3K) ||
+        if (mbx_get_algo_info(MBX_ALGO_RSA_2K) &&
+            mbx_get_algo_info(MBX_ALGO_RSA_3K) &&
             mbx_get_algo_info(MBX_ALGO_RSA_4K)) {
             DEBUG("Multibuffer RSA Supported\n");
             if (!ENGINE_set_RSA(e, multibuff_get_RSA_methods())) {
@@ -933,17 +948,19 @@ static int bind_qat(ENGINE *e, const char *id)
             }
         }
         if (mbx_get_algo_info(MBX_ALGO_X25519)) {
-            DEBUG("Multibuffer X25519 Supported\n");
+            DEBUG("Multibuffer ECDH X25519 Supported\n");
             if (!ENGINE_set_pkey_meths(e, multibuff_x25519_pkey_methods)) {
                 WARN("ENGINE_set_pkey_meths failed\n");
                 QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_X25519_FAILURE);
                 goto end;
             }
         }
 
-        if (mbx_get_algo_info(MBX_ALGO_ECDHE_NIST_P256)
-            && mbx_get_algo_info(MBX_ALGO_ECDSA_NIST_P256)) {
-            DEBUG("Multibuffer ECDSA p256 & ECDH p256 Supported\n");
+        if (mbx_get_algo_info(MBX_ALGO_ECDHE_NIST_P256) &&
+            mbx_get_algo_info(MBX_ALGO_ECDHE_NIST_P384) &&
+            mbx_get_algo_info(MBX_ALGO_ECDSA_NIST_P256) &&
+            mbx_get_algo_info(MBX_ALGO_ECDSA_NIST_P384)) {
+            DEBUG("Multibuffer ECDSA p256/p384 & ECDH p256/p384 Supported\n");
             if (!ENGINE_set_EC(e, mb_get_EC_methods())) {
                 WARN("ENGINE_set_EC failed\n");
                 QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_EC_FAILURE);

e_qat.h

@@ -361,12 +361,21 @@ extern mb_queue_ecdsap256_sign ecdsap256_sign_queue;
 extern mb_queue_ecdsap256_sign_setup ecdsap256_sign_setup_queue;
 extern mb_queue_ecdsap256_sign_sig ecdsap256_sign_sig_queue;
 
+/* ECDSA p384 */
+extern mb_queue_ecdsap384_sign ecdsap384_sign_queue;
+extern mb_queue_ecdsap384_sign_setup ecdsap384_sign_setup_queue;
+extern mb_queue_ecdsap384_sign_sig ecdsap384_sign_sig_queue;
+
 /*ECDH p256*/
 extern mb_flist_ecdh_keygen ecdh_keygen_freelist;
 extern mb_flist_ecdh_compute ecdh_compute_freelist;
 extern mb_queue_ecdhp256_keygen ecdhp256_keygen_queue;
 extern mb_queue_ecdhp256_compute ecdhp256_compute_queue;
 
+/*ECDH p384*/
+extern mb_queue_ecdhp384_keygen ecdhp384_keygen_queue;
+extern mb_queue_ecdhp384_compute ecdhp384_compute_queue;
+
 typedef struct _mb_req_rates {
     int req_this_period;
     struct timespec previous_time;
@@ -384,8 +393,13 @@ extern mb_req_rates mb_x25519_derive_req_rates;
 extern mb_req_rates mb_ecdsap256_sign_req_rates;
 extern mb_req_rates mb_ecdsap256_sign_setup_req_rates;
 extern mb_req_rates mb_ecdsap256_sign_sig_req_rates;
+extern mb_req_rates mb_ecdsap384_sign_req_rates;
+extern mb_req_rates mb_ecdsap384_sign_setup_req_rates;
+extern mb_req_rates mb_ecdsap384_sign_sig_req_rates;
 extern mb_req_rates mb_ecdhp256_keygen_req_rates;
 extern mb_req_rates mb_ecdhp256_compute_req_rates;
+extern mb_req_rates mb_ecdhp384_keygen_req_rates;
+extern mb_req_rates mb_ecdhp384_compute_req_rates;
 # endif
 
 # define QAT_CMD_ENABLE_EXTERNAL_POLLING ENGINE_CMD_BASE