* [PATCH] cryptodev: add asymmetric operational capability
@ 2024-09-05 18:17 Gowrishankar Muthukrishnan
2024-10-04 18:12 ` [PATCH v2] " Gowrishankar Muthukrishnan
0 siblings, 1 reply; 8+ messages in thread
From: Gowrishankar Muthukrishnan @ 2024-09-05 18:17 UTC (permalink / raw)
To: dev, arkadiuszx.kusztal, Akhil Goyal, Fan Zhang, Ankur Dwivedi,
Anoob Joseph, Tejasree Kondoj, Kai Ji
Cc: FanZhangfanzhang.oss, jerinj, Gowrishankar Muthukrishnan
Asymmetric crypto algorithms such as SM2, EdDSA would need per op
capability and based on it, the input param to a crypto operation
is chosen wisely.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
app/test/test_cryptodev_asym.c | 24 ++++++++++------
.../crypto/cnxk/cnxk_cryptodev_capabilities.c | 14 +++++++++-
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 27 +++++++++++++++---
lib/cryptodev/rte_crypto_asym.h | 12 ++++++++
lib/cryptodev/rte_cryptodev.c | 21 ++++++++++++++
lib/cryptodev/rte_cryptodev.h | 28 +++++++++++++++++++
6 files changed, 113 insertions(+), 13 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index f0b5d38543..d9b260d50e 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -2611,7 +2611,8 @@ test_sm2_sign(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_SIGN, RTE_CRYPTO_SM2_PH))
asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
else
asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
@@ -2628,7 +2629,8 @@ test_sm2_sign(void)
asym_op->sm2.id.length = 0;
}
- if (capa->internal_rng != 0) {
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_RNG)) {
asym_op->sm2.k.data = NULL;
asym_op->sm2.k.length = 0;
} else {
@@ -2677,7 +2679,8 @@ test_sm2_sign(void)
debug_hexdump(stdout, "s:",
asym_op->sm2.s.data, asym_op->sm2.s.length);
- if (capa->internal_rng == 0) {
+ if (!rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_SIGN, RTE_CRYPTO_SM2_RNG)) {
/* Verify sign (by comparison). */
if (memcmp(input_params.sign_r.data, asym_op->sm2.r.data,
asym_op->sm2.r.length) != 0) {
@@ -2802,7 +2805,8 @@ test_sm2_verify(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_VERIFY, RTE_CRYPTO_SM2_PH))
asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
else
asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
@@ -2924,7 +2928,8 @@ test_sm2_enc(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_PH))
asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
else
asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
@@ -2932,7 +2937,8 @@ test_sm2_enc(void)
asym_op->sm2.message.data = input_params.message.data;
asym_op->sm2.message.length = input_params.message.length;
- if (capa->internal_rng != 0) {
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_RNG)) {
asym_op->sm2.k.data = NULL;
asym_op->sm2.k.length = 0;
} else {
@@ -2978,7 +2984,8 @@ test_sm2_enc(void)
debug_hexdump(stdout, "cipher:",
asym_op->sm2.cipher.data, asym_op->sm2.cipher.length);
- if (capa->internal_rng == 0) {
+ if (!rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_RNG)) {
if (memcmp(input_params.cipher.data, asym_op->sm2.cipher.data,
asym_op->sm2.cipher.length) != 0) {
status = TEST_FAILED;
@@ -3105,7 +3112,8 @@ test_sm2_dec(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_DECRYPT, RTE_CRYPTO_SM2_PH))
asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
else
asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 0d5d64b6e7..fb6f83dc25 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1194,7 +1194,19 @@ static const struct rte_cryptodev_capabilities caps_sm2[] = {
.xform_capa = {
.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
.op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
- (1 << RTE_CRYPTO_ASYM_OP_VERIFY))
+ (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
+ (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
+ (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+ .op_capa = {
+ {
+ .op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT,
+ .capa = ((1 << RTE_CRYPTO_SM2_PKE_KDF))
+ },
+ {
+ .op_type = RTE_CRYPTO_ASYM_OP_DECRYPT,
+ .capa = ((1 << RTE_CRYPTO_SM2_PKE_KDF))
+ }
+ }
}
}
}
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 1bbb855a59..c6fb5441f1 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -598,15 +598,34 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
{.asym = {
.xform_capa = {
.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
- .hash_algos = (1 << RTE_CRYPTO_AUTH_SM3),
.op_types =
((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
(1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
(1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
(1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
- {.internal_rng = 1
- }
- }
+ .op_capa = {
+ {
+ .op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT,
+ .capa = ((1 << RTE_CRYPTO_SM2_RNG) |
+ (1 << RTE_CRYPTO_SM2_PKE_KDF))
+ },
+ {
+ .op_type = RTE_CRYPTO_ASYM_OP_DECRYPT,
+ .capa = ((1 << RTE_CRYPTO_SM2_RNG) |
+ (1 << RTE_CRYPTO_SM2_PKE_KDF))
+ },
+ {
+ .op_type = RTE_CRYPTO_ASYM_OP_SIGN,
+ .capa = ((1 << RTE_CRYPTO_SM2_RNG) |
+ (1 << RTE_CRYPTO_SM2_PH))
+ },
+ {
+ .op_type = RTE_CRYPTO_ASYM_OP_VERIFY,
+ .capa = ((1 << RTE_CRYPTO_SM2_RNG) |
+ (1 << RTE_CRYPTO_SM2_PH))
+ }
+ },
+ },
}
}
},
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 39d3da3952..157f597d5d 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -633,6 +633,18 @@ struct rte_crypto_asym_xform {
};
};
+/**
+ * SM2 operation capabilities
+ */
+enum rte_crypto_sm2_op_capa {
+ RTE_CRYPTO_SM2_RNG,
+ /**< Random number generator supported in SM2 ops. */
+ RTE_CRYPTO_SM2_PH,
+ /**< Prehash message before crypto op. */
+ RTE_CRYPTO_SM2_PKE_KDF,
+ /**< KDF support in SM2 public key encryption */
+};
+
/**
* SM2 operation params.
*/
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 682c9f49d0..0b3fa28e54 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -628,6 +628,27 @@ rte_cryptodev_asym_xform_capability_check_hash(
return ret;
}
+int
+rte_cryptodev_asym_xform_capability_check_opcap(
+ const struct rte_cryptodev_asymmetric_xform_capability *capability,
+ enum rte_crypto_asym_op_type op_type, uint8_t cap)
+{
+ int ret = 0;
+
+ if (!(capability->op_types & (1 << op_type)))
+ return ret;
+
+ for (int i = 0; i < RTE_CRYPTO_ASYM_OP_LIST_END; i++) {
+ if (capability->op_capa[i].op_type != op_type)
+ continue;
+
+ if (capability->op_capa[i].capa & (1 << cap))
+ ret = 1;
+ }
+
+ return ret;
+}
+
/* spinlock for crypto device enq callbacks */
static rte_spinlock_t rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index bec947f6d5..37d6f4a1a6 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -157,6 +157,15 @@ struct rte_cryptodev_symmetric_capability {
};
};
+/**
+ * Asymmetric Crypto Operation Capability
+ */
+struct rte_cryptodev_asymmetric_op_capability {
+ enum rte_crypto_asym_op_type op_type;
+ uint32_t capa;
+ /**< Bitmask of capabilities supported for op_type. */
+};
+
/**
* Asymmetric Xform Crypto Capability
*/
@@ -185,6 +194,9 @@ struct rte_cryptodev_asymmetric_xform_capability {
* Value 0 means unavailable, and application should pass the required
* random value. Otherwise, PMD would internally compute the random number.
*/
+
+ struct rte_cryptodev_asymmetric_op_capability op_capa[RTE_CRYPTO_ASYM_OP_LIST_END];
+ /**< Operation specific capabilities. */
};
uint64_t hash_algos;
@@ -359,6 +371,22 @@ rte_cryptodev_asym_xform_capability_check_hash(
const struct rte_cryptodev_asymmetric_xform_capability *capability,
enum rte_crypto_auth_algorithm hash);
+/**
+ * Check if op capability is supported
+ *
+ * @param capability Description of the asymmetric crypto capability.
+ * @param op_type op type
+ * @param cap op capability
+ *
+ * @return
+ * - Return 1 if the op capability is supported
+ * - Return 0 if unsupported
+ */
+int
+rte_cryptodev_asym_xform_capability_check_opcap(
+ const struct rte_cryptodev_asymmetric_xform_capability *capability,
+ enum rte_crypto_asym_op_type op_type, uint8_t cap);
+
/**
* Provide the cipher algorithm enum, given an algorithm string
*
--
2.21.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v2] cryptodev: add asymmetric operational capability
2024-09-05 18:17 [PATCH] cryptodev: add asymmetric operational capability Gowrishankar Muthukrishnan
@ 2024-10-04 18:12 ` Gowrishankar Muthukrishnan
2024-10-08 17:06 ` Kusztal, ArkadiuszX
2024-10-09 7:11 ` [PATCH v3 1/3] " Gowrishankar Muthukrishnan
0 siblings, 2 replies; 8+ messages in thread
From: Gowrishankar Muthukrishnan @ 2024-10-04 18:12 UTC (permalink / raw)
To: dev, arkadiuszx.kusztal, Akhil Goyal, Fan Zhang, Ankur Dwivedi,
Anoob Joseph, Tejasree Kondoj, Kai Ji
Cc: FanZhangfanzhang.oss, jerinj, Gowrishankar Muthukrishnan
Asymmetric crypto algorithms such as SM2, EdDSA would need per op
capability and based on it, the input param to a crypto operation
is chosen wisely.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
v2:
- op_capa is array of int instead of structure.
- compilation issues addressed.
---
app/test/test_cryptodev_asym.c | 24 ++++++++++++-------
.../crypto/cnxk/cnxk_cryptodev_capabilities.c | 8 ++++++-
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 17 +++++++++----
lib/cryptodev/rte_crypto_asym.h | 12 ++++++++++
lib/cryptodev/rte_cryptodev.c | 16 +++++++++++++
lib/cryptodev/rte_cryptodev.h | 23 ++++++++++++++++++
lib/cryptodev/version.map | 3 +++
7 files changed, 89 insertions(+), 14 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index f0b5d38543..d9b260d50e 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -2611,7 +2611,8 @@ test_sm2_sign(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_SIGN, RTE_CRYPTO_SM2_PH))
asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
else
asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
@@ -2628,7 +2629,8 @@ test_sm2_sign(void)
asym_op->sm2.id.length = 0;
}
- if (capa->internal_rng != 0) {
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_RNG)) {
asym_op->sm2.k.data = NULL;
asym_op->sm2.k.length = 0;
} else {
@@ -2677,7 +2679,8 @@ test_sm2_sign(void)
debug_hexdump(stdout, "s:",
asym_op->sm2.s.data, asym_op->sm2.s.length);
- if (capa->internal_rng == 0) {
+ if (!rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_SIGN, RTE_CRYPTO_SM2_RNG)) {
/* Verify sign (by comparison). */
if (memcmp(input_params.sign_r.data, asym_op->sm2.r.data,
asym_op->sm2.r.length) != 0) {
@@ -2802,7 +2805,8 @@ test_sm2_verify(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_VERIFY, RTE_CRYPTO_SM2_PH))
asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
else
asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
@@ -2924,7 +2928,8 @@ test_sm2_enc(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_PH))
asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
else
asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
@@ -2932,7 +2937,8 @@ test_sm2_enc(void)
asym_op->sm2.message.data = input_params.message.data;
asym_op->sm2.message.length = input_params.message.length;
- if (capa->internal_rng != 0) {
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_RNG)) {
asym_op->sm2.k.data = NULL;
asym_op->sm2.k.length = 0;
} else {
@@ -2978,7 +2984,8 @@ test_sm2_enc(void)
debug_hexdump(stdout, "cipher:",
asym_op->sm2.cipher.data, asym_op->sm2.cipher.length);
- if (capa->internal_rng == 0) {
+ if (!rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_RNG)) {
if (memcmp(input_params.cipher.data, asym_op->sm2.cipher.data,
asym_op->sm2.cipher.length) != 0) {
status = TEST_FAILED;
@@ -3105,7 +3112,8 @@ test_sm2_dec(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_DECRYPT, RTE_CRYPTO_SM2_PH))
asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
else
asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 0d5d64b6e7..0a19fc732b 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1194,7 +1194,13 @@ static const struct rte_cryptodev_capabilities caps_sm2[] = {
.xform_capa = {
.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
.op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
- (1 << RTE_CRYPTO_ASYM_OP_VERIFY))
+ (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
+ (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
+ (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+ .op_capa = {
+ (1 << RTE_CRYPTO_SM2_PKE_KDF),
+ (1 << RTE_CRYPTO_SM2_PKE_KDF),
+ }
}
}
}
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index b7b612fc57..6f81bcb110 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -598,15 +598,22 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
{.asym = {
.xform_capa = {
.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
- .hash_algos = (1 << RTE_CRYPTO_AUTH_SM3),
.op_types =
- ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
+ ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
(1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
(1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
(1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
- {.internal_rng = 1
- }
- }
+ .op_capa = {
+ (1 << RTE_CRYPTO_SM2_RNG) |
+ (1 << RTE_CRYPTO_SM2_PKE_KDF),
+ (1 << RTE_CRYPTO_SM2_RNG) |
+ (1 << RTE_CRYPTO_SM2_PKE_KDF),
+ (1 << RTE_CRYPTO_SM2_RNG) |
+ (1 << RTE_CRYPTO_SM2_PH),
+ (1 << RTE_CRYPTO_SM2_RNG) |
+ (1 << RTE_CRYPTO_SM2_PH)
+ },
+ },
}
}
},
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 39d3da3952..157f597d5d 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -633,6 +633,18 @@ struct rte_crypto_asym_xform {
};
};
+/**
+ * SM2 operation capabilities
+ */
+enum rte_crypto_sm2_op_capa {
+ RTE_CRYPTO_SM2_RNG,
+ /**< Random number generator supported in SM2 ops. */
+ RTE_CRYPTO_SM2_PH,
+ /**< Prehash message before crypto op. */
+ RTE_CRYPTO_SM2_PKE_KDF,
+ /**< KDF support in SM2 public key encryption */
+};
+
/**
* SM2 operation params.
*/
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 682c9f49d0..d3d8e25b39 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -628,6 +628,22 @@ rte_cryptodev_asym_xform_capability_check_hash(
return ret;
}
+int
+rte_cryptodev_asym_xform_capability_check_opcap(
+ const struct rte_cryptodev_asymmetric_xform_capability *capability,
+ enum rte_crypto_asym_op_type op_type, uint8_t cap)
+{
+ int ret = 0;
+
+ if (!(capability->op_types & (1 << op_type)))
+ return ret;
+
+ if (capability->op_capa[op_type] & (1 << cap))
+ ret = 1;
+
+ return ret;
+}
+
/* spinlock for crypto device enq callbacks */
static rte_spinlock_t rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index bec947f6d5..aa6ef3a94d 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -185,6 +185,9 @@ struct rte_cryptodev_asymmetric_xform_capability {
* Value 0 means unavailable, and application should pass the required
* random value. Otherwise, PMD would internally compute the random number.
*/
+
+ uint32_t op_capa[RTE_CRYPTO_ASYM_OP_LIST_END];
+ /**< Operation specific capabilities. */
};
uint64_t hash_algos;
@@ -359,6 +362,26 @@ rte_cryptodev_asym_xform_capability_check_hash(
const struct rte_cryptodev_asymmetric_xform_capability *capability,
enum rte_crypto_auth_algorithm hash);
+/**
+ * @warning
+ * @b EXPERIMENTAL: this API may change without prior notice.
+ *
+ * Check if op capability is supported
+ *
+ * @param capability Description of the asymmetric crypto capability.
+ * @param op_type op type
+ * @param cap op capability
+ *
+ * @return
+ * - Return 1 if the op capability is supported
+ * - Return 0 if unsupported
+ */
+__rte_experimental
+int
+rte_cryptodev_asym_xform_capability_check_opcap(
+ const struct rte_cryptodev_asymmetric_xform_capability *capability,
+ enum rte_crypto_asym_op_type op_type, uint8_t cap);
+
/**
* Provide the cipher algorithm enum, given an algorithm string
*
diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
index 594c501855..5d40b7fed0 100644
--- a/lib/cryptodev/version.map
+++ b/lib/cryptodev/version.map
@@ -87,6 +87,9 @@ EXPERIMENTAL {
# added in 24.03
__rte_cryptodev_trace_qp_depth_used;
+
+ # added in 24.11
+ rte_cryptodev_asym_xform_capability_check_opcap;
};
INTERNAL {
--
2.21.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [PATCH v2] cryptodev: add asymmetric operational capability
2024-10-04 18:12 ` [PATCH v2] " Gowrishankar Muthukrishnan
@ 2024-10-08 17:06 ` Kusztal, ArkadiuszX
2024-10-09 3:38 ` Gowrishankar Muthukrishnan
2024-10-09 7:11 ` [PATCH v3 1/3] " Gowrishankar Muthukrishnan
1 sibling, 1 reply; 8+ messages in thread
From: Kusztal, ArkadiuszX @ 2024-10-08 17:06 UTC (permalink / raw)
To: Gowrishankar Muthukrishnan, dev, Akhil Goyal, Fan Zhang,
Ankur Dwivedi, Anoob Joseph, Tejasree Kondoj, Ji, Kai
Cc: FanZhangfanzhang.oss, jerinj
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
With some comments.
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Friday, October 4, 2024 8:13 PM
> To: dev@dpdk.org; Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; Akhil
> Goyal <gakhil@marvell.com>; Fan Zhang <fanzhang.oss@gmail.com>; Ankur
> Dwivedi <adwivedi@marvell.com>; Anoob Joseph <anoobj@marvell.com>;
> Tejasree Kondoj <ktejasree@marvell.com>; Ji, Kai <kai.ji@intel.com>
> Cc: FanZhangfanzhang.oss@gmail.com; jerinj@marvell.com; Gowrishankar
> Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [PATCH v2] cryptodev: add asymmetric operational capability
>
> Asymmetric crypto algorithms such as SM2, EdDSA would need per op capability
> and based on it, the input param to a crypto operation is chosen wisely.
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
> v2:
> - op_capa is array of int instead of structure.
> - compilation issues addressed.
> ---
> app/test/test_cryptodev_asym.c | 24 ++++++++++++-------
> .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 8 ++++++-
> drivers/crypto/openssl/rte_openssl_pmd_ops.c | 17 +++++++++----
> lib/cryptodev/rte_crypto_asym.h | 12 ++++++++++
> lib/cryptodev/rte_cryptodev.c | 16 +++++++++++++
> lib/cryptodev/rte_cryptodev.h | 23 ++++++++++++++++++
> lib/cryptodev/version.map | 3 +++
> 7 files changed, 89 insertions(+), 14 deletions(-)
>
> diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
> index f0b5d38543..d9b260d50e 100644
> --- a/app/test/test_cryptodev_asym.c
> +++ b/app/test/test_cryptodev_asym.c
> @@ -2611,7 +2611,8 @@ test_sm2_sign(void)
>
> /* Populate op with operational details */
> asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
> - if (rte_cryptodev_asym_xform_capability_check_hash(capa,
> RTE_CRYPTO_AUTH_SM3))
> + if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
> + RTE_CRYPTO_ASYM_OP_SIGN, RTE_CRYPTO_SM2_PH))
> asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
> else
> asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; @@ -2628,7
> +2629,8 @@ test_sm2_sign(void)
> asym_op->sm2.id.length = 0;
> }
>
> - if (capa->internal_rng != 0) {
> + if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
> + RTE_CRYPTO_ASYM_OP_ENCRYPT,
> RTE_CRYPTO_SM2_RNG)) {
> asym_op->sm2.k.data = NULL;
> asym_op->sm2.k.length = 0;
> } else {
> @@ -2677,7 +2679,8 @@ test_sm2_sign(void)
> debug_hexdump(stdout, "s:",
> asym_op->sm2.s.data, asym_op->sm2.s.length);
>
> - if (capa->internal_rng == 0) {
> + if (!rte_cryptodev_asym_xform_capability_check_opcap(capa,
> + RTE_CRYPTO_ASYM_OP_SIGN,
> RTE_CRYPTO_SM2_RNG)) {
> /* Verify sign (by comparison). */
> if (memcmp(input_params.sign_r.data, asym_op->sm2.r.data,
> asym_op->sm2.r.length) != 0) {
> @@ -2802,7 +2805,8 @@ test_sm2_verify(void)
> /* Populate op with operational details */
> asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
>
> - if (rte_cryptodev_asym_xform_capability_check_hash(capa,
> RTE_CRYPTO_AUTH_SM3))
> + if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
> + RTE_CRYPTO_ASYM_OP_VERIFY,
> RTE_CRYPTO_SM2_PH))
> asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
> else
> asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; @@ -2924,7
> +2928,8 @@ test_sm2_enc(void)
>
> /* Populate op with operational details */
> asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
> - if (rte_cryptodev_asym_xform_capability_check_hash(capa,
> RTE_CRYPTO_AUTH_SM3))
> + if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
> + RTE_CRYPTO_ASYM_OP_ENCRYPT,
> RTE_CRYPTO_SM2_PH))
> asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
> else
> asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; @@ -2932,7
> +2937,8 @@ test_sm2_enc(void)
> asym_op->sm2.message.data = input_params.message.data;
> asym_op->sm2.message.length = input_params.message.length;
>
> - if (capa->internal_rng != 0) {
> + if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
> + RTE_CRYPTO_ASYM_OP_ENCRYPT,
> RTE_CRYPTO_SM2_RNG)) {
> asym_op->sm2.k.data = NULL;
> asym_op->sm2.k.length = 0;
> } else {
> @@ -2978,7 +2984,8 @@ test_sm2_enc(void)
> debug_hexdump(stdout, "cipher:",
> asym_op->sm2.cipher.data, asym_op-
> >sm2.cipher.length);
>
> - if (capa->internal_rng == 0) {
> + if (!rte_cryptodev_asym_xform_capability_check_opcap(capa,
> + RTE_CRYPTO_ASYM_OP_ENCRYPT,
> RTE_CRYPTO_SM2_RNG)) {
> if (memcmp(input_params.cipher.data, asym_op-
> >sm2.cipher.data,
> asym_op->sm2.cipher.length) != 0) {
> status = TEST_FAILED;
> @@ -3105,7 +3112,8 @@ test_sm2_dec(void)
>
> /* Populate op with operational details */
> asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
> - if (rte_cryptodev_asym_xform_capability_check_hash(capa,
> RTE_CRYPTO_AUTH_SM3))
> + if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
> + RTE_CRYPTO_ASYM_OP_DECRYPT,
> RTE_CRYPTO_SM2_PH))
> asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
> else
> asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; diff --git
> a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
> b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
> index 0d5d64b6e7..0a19fc732b 100644
> --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
> +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
> @@ -1194,7 +1194,13 @@ static const struct rte_cryptodev_capabilities
> caps_sm2[] = {
> .xform_capa = {
> .xform_type =
> RTE_CRYPTO_ASYM_XFORM_SM2,
> .op_types = ((1 <<
> RTE_CRYPTO_ASYM_OP_SIGN) |
> - (1 <<
> RTE_CRYPTO_ASYM_OP_VERIFY))
> + (1 <<
> RTE_CRYPTO_ASYM_OP_VERIFY) |
> + (1 <<
> RTE_CRYPTO_ASYM_OP_ENCRYPT) |
> + (1 <<
> RTE_CRYPTO_ASYM_OP_DECRYPT)),
> + .op_capa = {
> + (1 << RTE_CRYPTO_SM2_PKE_KDF),
> + (1 << RTE_CRYPTO_SM2_PKE_KDF),
> + }
> }
> }
> }
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index b7b612fc57..6f81bcb110 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> @@ -598,15 +598,22 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
> {.asym = {
> .xform_capa = {
> .xform_type =
> RTE_CRYPTO_ASYM_XFORM_SM2,
> - .hash_algos = (1 << RTE_CRYPTO_AUTH_SM3),
> .op_types =
> - ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
> + ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
> (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
> (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
> (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
> - {.internal_rng = 1
> - }
> - }
Designated initializers could probably help with readability.
> + .op_capa = {
> +
[RTE_CRYPTO_ASYM_OP_ENCRYPT] = (1 << RTE_CRYPTO_SM2_RNG) |
> + (1 << RTE_CRYPTO_SM2_PKE_KDF),
> +
[RTE_CRYPTO_ASYM_OP_DECRYPT] = (1 << RTE_CRYPTO_SM2_RNG) |
> + (1 << RTE_CRYPTO_SM2_PKE_KDF),
> +
[RTE_CRYPTO_ASYM_OP_SIGN] = (1 << RTE_CRYPTO_SM2_RNG) |
> + (1 << RTE_CRYPTO_SM2_PH),
> +
[RTE_CRYPTO_ASYM_OP_VERIFY] = (1 << RTE_CRYPTO_SM2_RNG) |
> + (1 << RTE_CRYPTO_SM2_PH)
> + },
> + },
> }
Probably driver/test changes should be in different patches.
> }
> },
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 39d3da3952..157f597d5d 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -633,6 +633,18 @@ struct rte_crypto_asym_xform {
> };
> };
>
> +/**
> + * SM2 operation capabilities
> + */
> +enum rte_crypto_sm2_op_capa {
> + RTE_CRYPTO_SM2_RNG,
> + /**< Random number generator supported in SM2 ops. */
> + RTE_CRYPTO_SM2_PH,
> + /**< Prehash message before crypto op. */
> + RTE_CRYPTO_SM2_PKE_KDF,
> + /**< KDF support in SM2 public key encryption */ };
> +
> /**
> * SM2 operation params.
> */
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c index
> 682c9f49d0..d3d8e25b39 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -628,6 +628,22 @@ rte_cryptodev_asym_xform_capability_check_hash(
> return ret;
> }
>
> +int
> +rte_cryptodev_asym_xform_capability_check_opcap(
> + const struct rte_cryptodev_asymmetric_xform_capability *capability,
> + enum rte_crypto_asym_op_type op_type, uint8_t cap) {
> + int ret = 0;
> +
> + if (!(capability->op_types & (1 << op_type)))
> + return ret;
> +
> + if (capability->op_capa[op_type] & (1 << cap))
> + ret = 1;
> +
> + return ret;
> +}
> +
> /* spinlock for crypto device enq callbacks */ static rte_spinlock_t
> rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
>
> diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h index
> bec947f6d5..aa6ef3a94d 100644
> --- a/lib/cryptodev/rte_cryptodev.h
> +++ b/lib/cryptodev/rte_cryptodev.h
> @@ -185,6 +185,9 @@ struct rte_cryptodev_asymmetric_xform_capability {
> * Value 0 means unavailable, and application should pass the
> required
> * random value. Otherwise, PMD would internally compute the
> random number.
> */
> +
> + uint32_t op_capa[RTE_CRYPTO_ASYM_OP_LIST_END];
> + /**< Operation specific capabilities. */
> };
>
> uint64_t hash_algos;
> @@ -359,6 +362,26 @@ rte_cryptodev_asym_xform_capability_check_hash(
> const struct rte_cryptodev_asymmetric_xform_capability *capability,
> enum rte_crypto_auth_algorithm hash);
>
> +/**
> + * @warning
> + * @b EXPERIMENTAL: this API may change without prior notice.
> + *
> + * Check if op capability is supported
> + *
> + * @param capability Description of the asymmetric crypto
> capability.
> + * @param op_type op type
> + * @param cap op capability
> + *
> + * @return
> + * - Return 1 if the op capability is supported
> + * - Return 0 if unsupported
> + */
> +__rte_experimental
> +int
> +rte_cryptodev_asym_xform_capability_check_opcap(
> + const struct rte_cryptodev_asymmetric_xform_capability *capability,
> + enum rte_crypto_asym_op_type op_type, uint8_t cap);
> +
> /**
> * Provide the cipher algorithm enum, given an algorithm string
> *
> diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map index
> 594c501855..5d40b7fed0 100644
> --- a/lib/cryptodev/version.map
> +++ b/lib/cryptodev/version.map
> @@ -87,6 +87,9 @@ EXPERIMENTAL {
>
> # added in 24.03
> __rte_cryptodev_trace_qp_depth_used;
> +
> + # added in 24.11
> + rte_cryptodev_asym_xform_capability_check_opcap;
> };
>
> INTERNAL {
> --
> 2.21.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [PATCH v2] cryptodev: add asymmetric operational capability
2024-10-08 17:06 ` Kusztal, ArkadiuszX
@ 2024-10-09 3:38 ` Gowrishankar Muthukrishnan
0 siblings, 0 replies; 8+ messages in thread
From: Gowrishankar Muthukrishnan @ 2024-10-09 3:38 UTC (permalink / raw)
To: Kusztal, ArkadiuszX, dev, Akhil Goyal, Fan Zhang, Ankur Dwivedi,
Anoob Joseph, Tejasree Kondoj, Ji, Kai
Cc: FanZhangfanzhang.oss, Jerin Jacob
> Acked-by: Arkadiusz Kusztal <arkadiuszx. kusztal@ intel. com>
Thanks.
> With some comments.
>
<cut>
> > diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > index b7b612fc57..6f81bcb110 100644
> > --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > @@ -598,15 +598,22 @@ static const struct rte_cryptodev_capabilities
> > openssl_pmd_capabilities[] = {
> > {.asym = {
> > .xform_capa = {
> > .xform_type =
> > RTE_CRYPTO_ASYM_XFORM_SM2,
> > - .hash_algos = (1 <<
> RTE_CRYPTO_AUTH_SM3),
> > .op_types =
> > - ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
> > + ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
> > (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
> > (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
> > (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
> > - {.internal_rng = 1
> > - }
> > - }
> Designated initializers could probably help with readability.
> > + .op_capa = {
> > +
> [RTE_CRYPTO_ASYM_OP_ENCRYPT] = (1 << RTE_CRYPTO_SM2_RNG) |
> > + (1 << RTE_CRYPTO_SM2_PKE_KDF),
> > +
> [RTE_CRYPTO_ASYM_OP_DECRYPT] = (1 << RTE_CRYPTO_SM2_RNG) |
> > + (1 << RTE_CRYPTO_SM2_PKE_KDF),
> > +
> [RTE_CRYPTO_ASYM_OP_SIGN] = (1 << RTE_CRYPTO_SM2_RNG) |
> > + (1 << RTE_CRYPTO_SM2_PH),
> > +
> [RTE_CRYPTO_ASYM_OP_VERIFY] = (1 << RTE_CRYPTO_SM2_RNG) |
> > + (1 << RTE_CRYPTO_SM2_PH)
> > + },
> > + },
> > }
>
Ack.
> Probably driver/test changes should be in different patches.
>
Ack.
Regards,
Gowrishankar
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v3 1/3] cryptodev: add asymmetric operational capability
2024-10-04 18:12 ` [PATCH v2] " Gowrishankar Muthukrishnan
2024-10-08 17:06 ` Kusztal, ArkadiuszX
@ 2024-10-09 7:11 ` Gowrishankar Muthukrishnan
2024-10-09 7:11 ` [PATCH v3 2/3] test/crypto: check op capabilities in SM2 tests Gowrishankar Muthukrishnan
` (2 more replies)
1 sibling, 3 replies; 8+ messages in thread
From: Gowrishankar Muthukrishnan @ 2024-10-09 7:11 UTC (permalink / raw)
To: dev, arkadiuszx.kusztal, Akhil Goyal, Fan Zhang
Cc: Anoob Joseph, FanZhangfanzhang.oss, Kai Ji, jerinj,
Gowrishankar Muthukrishnan
Asymmetric crypto algorithms such as SM2, EdDSA would need per op
capability and based on it, the input param to a crypto operation
is chosen wisely.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
v3:
- Removed unused rte_crypto_sm2_op_capa enum value RTE_CRYPTO_SM2_PKE_KDF.
HW that needs it can add this enum.
- Test and driver changes split from it and follows within same series.
---
lib/cryptodev/rte_crypto_asym.h | 10 ++++++++++
lib/cryptodev/rte_cryptodev.c | 16 ++++++++++++++++
lib/cryptodev/rte_cryptodev.h | 23 +++++++++++++++++++++++
lib/cryptodev/version.map | 3 +++
4 files changed, 52 insertions(+)
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 39d3da3952..1adbe9c389 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -633,6 +633,16 @@ struct rte_crypto_asym_xform {
};
};
+/**
+ * SM2 operation capabilities
+ */
+enum rte_crypto_sm2_op_capa {
+ RTE_CRYPTO_SM2_RNG,
+ /**< Random number generator supported in SM2 ops. */
+ RTE_CRYPTO_SM2_PH,
+ /**< Prehash message before crypto op. */
+};
+
/**
* SM2 operation params.
*/
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 682c9f49d0..d3d8e25b39 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -628,6 +628,22 @@ rte_cryptodev_asym_xform_capability_check_hash(
return ret;
}
+int
+rte_cryptodev_asym_xform_capability_check_opcap(
+ const struct rte_cryptodev_asymmetric_xform_capability *capability,
+ enum rte_crypto_asym_op_type op_type, uint8_t cap)
+{
+ int ret = 0;
+
+ if (!(capability->op_types & (1 << op_type)))
+ return ret;
+
+ if (capability->op_capa[op_type] & (1 << cap))
+ ret = 1;
+
+ return ret;
+}
+
/* spinlock for crypto device enq callbacks */
static rte_spinlock_t rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index bec947f6d5..aa6ef3a94d 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -185,6 +185,9 @@ struct rte_cryptodev_asymmetric_xform_capability {
* Value 0 means unavailable, and application should pass the required
* random value. Otherwise, PMD would internally compute the random number.
*/
+
+ uint32_t op_capa[RTE_CRYPTO_ASYM_OP_LIST_END];
+ /**< Operation specific capabilities. */
};
uint64_t hash_algos;
@@ -359,6 +362,26 @@ rte_cryptodev_asym_xform_capability_check_hash(
const struct rte_cryptodev_asymmetric_xform_capability *capability,
enum rte_crypto_auth_algorithm hash);
+/**
+ * @warning
+ * @b EXPERIMENTAL: this API may change without prior notice.
+ *
+ * Check if op capability is supported
+ *
+ * @param capability Description of the asymmetric crypto capability.
+ * @param op_type op type
+ * @param cap op capability
+ *
+ * @return
+ * - Return 1 if the op capability is supported
+ * - Return 0 if unsupported
+ */
+__rte_experimental
+int
+rte_cryptodev_asym_xform_capability_check_opcap(
+ const struct rte_cryptodev_asymmetric_xform_capability *capability,
+ enum rte_crypto_asym_op_type op_type, uint8_t cap);
+
/**
* Provide the cipher algorithm enum, given an algorithm string
*
diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
index 594c501855..5d40b7fed0 100644
--- a/lib/cryptodev/version.map
+++ b/lib/cryptodev/version.map
@@ -87,6 +87,9 @@ EXPERIMENTAL {
# added in 24.03
__rte_cryptodev_trace_qp_depth_used;
+
+ # added in 24.11
+ rte_cryptodev_asym_xform_capability_check_opcap;
};
INTERNAL {
--
2.21.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v3 2/3] test/crypto: check op capabilities in SM2 tests
2024-10-09 7:11 ` [PATCH v3 1/3] " Gowrishankar Muthukrishnan
@ 2024-10-09 7:11 ` Gowrishankar Muthukrishnan
2024-10-09 7:11 ` [PATCH v3 3/3] crypto/openssl: include op capabilities for SM2 Gowrishankar Muthukrishnan
2024-10-09 20:29 ` [PATCH v3 1/3] cryptodev: add asymmetric operational capability Akhil Goyal
2 siblings, 0 replies; 8+ messages in thread
From: Gowrishankar Muthukrishnan @ 2024-10-09 7:11 UTC (permalink / raw)
To: dev, arkadiuszx.kusztal, Akhil Goyal, Fan Zhang
Cc: Anoob Joseph, FanZhangfanzhang.oss, Kai Ji, jerinj,
Gowrishankar Muthukrishnan
Check crypto op capabilities (prehash and RNG support) in SM2 tests.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
app/test/test_cryptodev_asym.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index f0b5d38543..d9b260d50e 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -2611,7 +2611,8 @@ test_sm2_sign(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_SIGN, RTE_CRYPTO_SM2_PH))
asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
else
asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
@@ -2628,7 +2629,8 @@ test_sm2_sign(void)
asym_op->sm2.id.length = 0;
}
- if (capa->internal_rng != 0) {
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_RNG)) {
asym_op->sm2.k.data = NULL;
asym_op->sm2.k.length = 0;
} else {
@@ -2677,7 +2679,8 @@ test_sm2_sign(void)
debug_hexdump(stdout, "s:",
asym_op->sm2.s.data, asym_op->sm2.s.length);
- if (capa->internal_rng == 0) {
+ if (!rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_SIGN, RTE_CRYPTO_SM2_RNG)) {
/* Verify sign (by comparison). */
if (memcmp(input_params.sign_r.data, asym_op->sm2.r.data,
asym_op->sm2.r.length) != 0) {
@@ -2802,7 +2805,8 @@ test_sm2_verify(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_VERIFY, RTE_CRYPTO_SM2_PH))
asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
else
asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
@@ -2924,7 +2928,8 @@ test_sm2_enc(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_PH))
asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
else
asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
@@ -2932,7 +2937,8 @@ test_sm2_enc(void)
asym_op->sm2.message.data = input_params.message.data;
asym_op->sm2.message.length = input_params.message.length;
- if (capa->internal_rng != 0) {
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_RNG)) {
asym_op->sm2.k.data = NULL;
asym_op->sm2.k.length = 0;
} else {
@@ -2978,7 +2984,8 @@ test_sm2_enc(void)
debug_hexdump(stdout, "cipher:",
asym_op->sm2.cipher.data, asym_op->sm2.cipher.length);
- if (capa->internal_rng == 0) {
+ if (!rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_RNG)) {
if (memcmp(input_params.cipher.data, asym_op->sm2.cipher.data,
asym_op->sm2.cipher.length) != 0) {
status = TEST_FAILED;
@@ -3105,7 +3112,8 @@ test_sm2_dec(void)
/* Populate op with operational details */
asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
- if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3))
+ if (rte_cryptodev_asym_xform_capability_check_opcap(capa,
+ RTE_CRYPTO_ASYM_OP_DECRYPT, RTE_CRYPTO_SM2_PH))
asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3;
else
asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL;
--
2.21.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v3 3/3] crypto/openssl: include op capabilities for SM2
2024-10-09 7:11 ` [PATCH v3 1/3] " Gowrishankar Muthukrishnan
2024-10-09 7:11 ` [PATCH v3 2/3] test/crypto: check op capabilities in SM2 tests Gowrishankar Muthukrishnan
@ 2024-10-09 7:11 ` Gowrishankar Muthukrishnan
2024-10-09 20:29 ` [PATCH v3 1/3] cryptodev: add asymmetric operational capability Akhil Goyal
2 siblings, 0 replies; 8+ messages in thread
From: Gowrishankar Muthukrishnan @ 2024-10-09 7:11 UTC (permalink / raw)
To: dev, arkadiuszx.kusztal, Kai Ji
Cc: Anoob Joseph, Akhil Goyal, FanZhangfanzhang.oss, jerinj,
Gowrishankar Muthukrishnan
Include capabilities for SM2 operations.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index b7b612fc57..3c2cbeeb5f 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -598,15 +598,20 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
{.asym = {
.xform_capa = {
.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
- .hash_algos = (1 << RTE_CRYPTO_AUTH_SM3),
.op_types =
- ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
+ ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
(1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
(1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
(1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
- {.internal_rng = 1
- }
- }
+ .op_capa = {
+ [RTE_CRYPTO_ASYM_OP_ENCRYPT] = (1 << RTE_CRYPTO_SM2_RNG),
+ [RTE_CRYPTO_ASYM_OP_DECRYPT] = (1 << RTE_CRYPTO_SM2_RNG),
+ [RTE_CRYPTO_ASYM_OP_SIGN] = (1 << RTE_CRYPTO_SM2_RNG) |
+ (1 << RTE_CRYPTO_SM2_PH),
+ [RTE_CRYPTO_ASYM_OP_VERIFY] = (1 << RTE_CRYPTO_SM2_RNG) |
+ (1 << RTE_CRYPTO_SM2_PH)
+ },
+ },
}
}
},
--
2.21.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [PATCH v3 1/3] cryptodev: add asymmetric operational capability
2024-10-09 7:11 ` [PATCH v3 1/3] " Gowrishankar Muthukrishnan
2024-10-09 7:11 ` [PATCH v3 2/3] test/crypto: check op capabilities in SM2 tests Gowrishankar Muthukrishnan
2024-10-09 7:11 ` [PATCH v3 3/3] crypto/openssl: include op capabilities for SM2 Gowrishankar Muthukrishnan
@ 2024-10-09 20:29 ` Akhil Goyal
2 siblings, 0 replies; 8+ messages in thread
From: Akhil Goyal @ 2024-10-09 20:29 UTC (permalink / raw)
To: Gowrishankar Muthukrishnan, dev, arkadiuszx.kusztal, Fan Zhang
Cc: Anoob Joseph, FanZhangfanzhang.oss, Kai Ji, Jerin Jacob,
Gowrishankar Muthukrishnan
> Subject: [PATCH v3 1/3] cryptodev: add asymmetric operational capability
>
> Asymmetric crypto algorithms such as SM2, EdDSA would need per op
> capability and based on it, the input param to a crypto operation
> is chosen wisely.
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
> v3:
> - Removed unused rte_crypto_sm2_op_capa enum value
> RTE_CRYPTO_SM2_PKE_KDF.
> HW that needs it can add this enum.
> - Test and driver changes split from it and follows within same series.
Series acked-by: Akhil Goyal <gakhil@marvell.com>
Arek's ack taken from v2.
Updated release notes
Applied to dpdk-next-crypto
Thanks.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2024-10-09 20:29 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-09-05 18:17 [PATCH] cryptodev: add asymmetric operational capability Gowrishankar Muthukrishnan
2024-10-04 18:12 ` [PATCH v2] " Gowrishankar Muthukrishnan
2024-10-08 17:06 ` Kusztal, ArkadiuszX
2024-10-09 3:38 ` Gowrishankar Muthukrishnan
2024-10-09 7:11 ` [PATCH v3 1/3] " Gowrishankar Muthukrishnan
2024-10-09 7:11 ` [PATCH v3 2/3] test/crypto: check op capabilities in SM2 tests Gowrishankar Muthukrishnan
2024-10-09 7:11 ` [PATCH v3 3/3] crypto/openssl: include op capabilities for SM2 Gowrishankar Muthukrishnan
2024-10-09 20:29 ` [PATCH v3 1/3] cryptodev: add asymmetric operational capability Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).