From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0FEFD45911; Thu, 5 Sep 2024 20:17:37 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8F23B42794; Thu, 5 Sep 2024 20:17:36 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 63A454025C for ; Thu, 5 Sep 2024 20:17:34 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 485HYjOJ015126; Thu, 5 Sep 2024 11:17:33 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= cc:content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to; s=pfpt0220; bh=NxU8gBK6a7spkwl6Wc27u04 ePKvif245rWDAwrpQo+g=; b=k0fm1FOkoAC0BUQ0BVSHTEbHvvU5Adwo5WvZDRR jfER+LTHvdKA21Dnp747j3ibFU2oZ1W/kUirV+6+iuT+aiXFFaot7pc3i2srK+x4 9l0CSE2hg3JQt5kzK0o/RYM+H6iI3IocnnnIa4VWNGtHyp5bN459SFo8l+stdfoL CXuRsbHpCkQNdoy02NVDtlyCHo5rHuQvg2RyNu1V5Exo4a0bIz3J590EpIYx5IND 1Mftfpg8q3IEYez5Cxy0mMTWV3OdvsLBycrP1P+IwrTm2NcGF9SZWPdtD60D0TQU 47CmCojipo9skUil/3m6O/mEeUHRrdsvoIwGTQjHfPVWOug== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 41f8u4aegu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 05 Sep 2024 11:17:33 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Thu, 5 Sep 2024 11:17:32 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1544.4 via Frontend Transport; Thu, 5 Sep 2024 11:17:32 -0700 Received: from BG-LT91401.marvell.com (BG-LT91401.marvell.com [10.28.168.34]) by maili.marvell.com (Postfix) with ESMTP id DB0C53F70AC; Thu, 5 Sep 2024 11:17:28 -0700 (PDT) From: Gowrishankar Muthukrishnan To: , , Akhil Goyal , Fan Zhang , Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj , Kai Ji CC: , , "Gowrishankar Muthukrishnan" Subject: [PATCH] cryptodev: add asymmetric operational capability Date: Thu, 5 Sep 2024 23:47:23 +0530 Message-ID: <20240905181725.2040-1-gmuthukrishn@marvell.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: ylc7bcrjd51R-9hcVW9DKsg6qTfL5VJP X-Proofpoint-GUID: ylc7bcrjd51R-9hcVW9DKsg6qTfL5VJP X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-05_12,2024-09-05_01,2024-09-02_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Asymmetric crypto algorithms such as SM2, EdDSA would need per op capability and based on it, the input param to a crypto operation is chosen wisely. Signed-off-by: Gowrishankar Muthukrishnan --- app/test/test_cryptodev_asym.c | 24 ++++++++++------ .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 14 +++++++++- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 27 +++++++++++++++--- lib/cryptodev/rte_crypto_asym.h | 12 ++++++++ lib/cryptodev/rte_cryptodev.c | 21 ++++++++++++++ lib/cryptodev/rte_cryptodev.h | 28 +++++++++++++++++++ 6 files changed, 113 insertions(+), 13 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index f0b5d38543..d9b260d50e 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -2611,7 +2611,8 @@ test_sm2_sign(void) /* Populate op with operational details */ asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN; - if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) + if (rte_cryptodev_asym_xform_capability_check_opcap(capa, + RTE_CRYPTO_ASYM_OP_SIGN, RTE_CRYPTO_SM2_PH)) asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3; else asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; @@ -2628,7 +2629,8 @@ test_sm2_sign(void) asym_op->sm2.id.length = 0; } - if (capa->internal_rng != 0) { + if (rte_cryptodev_asym_xform_capability_check_opcap(capa, + RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_RNG)) { asym_op->sm2.k.data = NULL; asym_op->sm2.k.length = 0; } else { @@ -2677,7 +2679,8 @@ test_sm2_sign(void) debug_hexdump(stdout, "s:", asym_op->sm2.s.data, asym_op->sm2.s.length); - if (capa->internal_rng == 0) { + if (!rte_cryptodev_asym_xform_capability_check_opcap(capa, + RTE_CRYPTO_ASYM_OP_SIGN, RTE_CRYPTO_SM2_RNG)) { /* Verify sign (by comparison). */ if (memcmp(input_params.sign_r.data, asym_op->sm2.r.data, asym_op->sm2.r.length) != 0) { @@ -2802,7 +2805,8 @@ test_sm2_verify(void) /* Populate op with operational details */ asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY; - if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) + if (rte_cryptodev_asym_xform_capability_check_opcap(capa, + RTE_CRYPTO_ASYM_OP_VERIFY, RTE_CRYPTO_SM2_PH)) asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3; else asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; @@ -2924,7 +2928,8 @@ test_sm2_enc(void) /* Populate op with operational details */ asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT; - if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) + if (rte_cryptodev_asym_xform_capability_check_opcap(capa, + RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_PH)) asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3; else asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; @@ -2932,7 +2937,8 @@ test_sm2_enc(void) asym_op->sm2.message.data = input_params.message.data; asym_op->sm2.message.length = input_params.message.length; - if (capa->internal_rng != 0) { + if (rte_cryptodev_asym_xform_capability_check_opcap(capa, + RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_RNG)) { asym_op->sm2.k.data = NULL; asym_op->sm2.k.length = 0; } else { @@ -2978,7 +2984,8 @@ test_sm2_enc(void) debug_hexdump(stdout, "cipher:", asym_op->sm2.cipher.data, asym_op->sm2.cipher.length); - if (capa->internal_rng == 0) { + if (!rte_cryptodev_asym_xform_capability_check_opcap(capa, + RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_RNG)) { if (memcmp(input_params.cipher.data, asym_op->sm2.cipher.data, asym_op->sm2.cipher.length) != 0) { status = TEST_FAILED; @@ -3105,7 +3112,8 @@ test_sm2_dec(void) /* Populate op with operational details */ asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT; - if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) + if (rte_cryptodev_asym_xform_capability_check_opcap(capa, + RTE_CRYPTO_ASYM_OP_DECRYPT, RTE_CRYPTO_SM2_PH)) asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3; else asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 0d5d64b6e7..fb6f83dc25 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -1194,7 +1194,19 @@ static const struct rte_cryptodev_capabilities caps_sm2[] = { .xform_capa = { .xform_type = RTE_CRYPTO_ASYM_XFORM_SM2, .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | - (1 << RTE_CRYPTO_ASYM_OP_VERIFY)) + (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | + (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | + (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), + .op_capa = { + { + .op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT, + .capa = ((1 << RTE_CRYPTO_SM2_PKE_KDF)) + }, + { + .op_type = RTE_CRYPTO_ASYM_OP_DECRYPT, + .capa = ((1 << RTE_CRYPTO_SM2_PKE_KDF)) + } + } } } } diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 1bbb855a59..c6fb5441f1 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -598,15 +598,34 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { {.asym = { .xform_capa = { .xform_type = RTE_CRYPTO_ASYM_XFORM_SM2, - .hash_algos = (1 << RTE_CRYPTO_AUTH_SM3), .op_types = ((1<op_types & (1 << op_type))) + return ret; + + for (int i = 0; i < RTE_CRYPTO_ASYM_OP_LIST_END; i++) { + if (capability->op_capa[i].op_type != op_type) + continue; + + if (capability->op_capa[i].capa & (1 << cap)) + ret = 1; + } + + return ret; +} + /* spinlock for crypto device enq callbacks */ static rte_spinlock_t rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER; diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h index bec947f6d5..37d6f4a1a6 100644 --- a/lib/cryptodev/rte_cryptodev.h +++ b/lib/cryptodev/rte_cryptodev.h @@ -157,6 +157,15 @@ struct rte_cryptodev_symmetric_capability { }; }; +/** + * Asymmetric Crypto Operation Capability + */ +struct rte_cryptodev_asymmetric_op_capability { + enum rte_crypto_asym_op_type op_type; + uint32_t capa; + /**< Bitmask of capabilities supported for op_type. */ +}; + /** * Asymmetric Xform Crypto Capability */ @@ -185,6 +194,9 @@ struct rte_cryptodev_asymmetric_xform_capability { * Value 0 means unavailable, and application should pass the required * random value. Otherwise, PMD would internally compute the random number. */ + + struct rte_cryptodev_asymmetric_op_capability op_capa[RTE_CRYPTO_ASYM_OP_LIST_END]; + /**< Operation specific capabilities. */ }; uint64_t hash_algos; @@ -359,6 +371,22 @@ rte_cryptodev_asym_xform_capability_check_hash( const struct rte_cryptodev_asymmetric_xform_capability *capability, enum rte_crypto_auth_algorithm hash); +/** + * Check if op capability is supported + * + * @param capability Description of the asymmetric crypto capability. + * @param op_type op type + * @param cap op capability + * + * @return + * - Return 1 if the op capability is supported + * - Return 0 if unsupported + */ +int +rte_cryptodev_asym_xform_capability_check_opcap( + const struct rte_cryptodev_asymmetric_xform_capability *capability, + enum rte_crypto_asym_op_type op_type, uint8_t cap); + /** * Provide the cipher algorithm enum, given an algorithm string * -- 2.21.0