DPDK patches and discussions
 help / color / mirror / Atom feed
From: Akhil Goyal <gakhil@marvell.com>
To: "Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com>,
	"dev@dpdk.org" <dev@dpdk.org>
Cc: "Zhang, Roy Fan" <roy.fan.zhang@intel.com>
Subject: RE: [EXT] [PATCH v2 14/14] cryptodev: add asym algorithms capabilities
Date: Thu, 26 May 2022 15:00:08 +0000	[thread overview]
Message-ID: <CO6PR18MB448403AD00E61EAA406AF55FD8D99@CO6PR18MB4484.namprd18.prod.outlook.com> (raw)
In-Reply-To: <PH0PR11MB5013CFDE8F42E76DC6D62B969FD99@PH0PR11MB5013.namprd11.prod.outlook.com>



> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: Thursday, May 26, 2022 7:49 PM
> To: Akhil Goyal <gakhil@marvell.com>; dev@dpdk.org
> Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>
> Subject: RE: [EXT] [PATCH v2 14/14] cryptodev: add asym algorithms capabilities
> 
> 
> 
> > -----Original Message-----
> > From: Akhil Goyal <gakhil@marvell.com>
> > Sent: Thursday, May 26, 2022 2:54 PM
> > To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> > Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>
> > Subject: RE: [EXT] [PATCH v2 14/14] cryptodev: add asym algorithms
> capabilities
> >
> > > - Added asymmetric crypto algorithm specific capability struct.
> > > Included fields like random number capability, padding flags etc.
> > >
> > > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > ---
> > >  app/test-crypto-perf/main.c                  |  12 +-
> > >  app/test-eventdev/test_perf_common.c         |   2 +-
> > >  app/test/test_cryptodev_asym.c               | 210 +++++++++++++++++++++----
> --
> > >  app/test/test_event_crypto_adapter.c         |  16 +-
> > >  drivers/crypto/openssl/rte_openssl_pmd_ops.c | 128 +++++++---------
> > >  drivers/crypto/qat/dev/qat_asym_pmd_gen1.c   |  68 +++++++--
> > >  lib/cryptodev/rte_crypto_asym.h              |  48 ++++++
> > >  lib/cryptodev/rte_cryptodev.c                |  80 +++++++++-
> > >  lib/cryptodev/rte_cryptodev.h                |  75 +++++++++-
> > >  lib/cryptodev/version.map                    |   4 +
> > >  10 files changed, 495 insertions(+), 148 deletions(-)
> >
> > This would also need a change in documentation.
> >
> > >
> > > diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
> > > index 17e30a8e74..f8a4c9cdcf 100644
> > > --- a/app/test-crypto-perf/main.c
> > > +++ b/app/test-crypto-perf/main.c
> > > @@ -364,8 +364,8 @@ cperf_verify_devices_capabilities(struct
> > > cperf_options *opts,
> > >  	struct rte_cryptodev_sym_capability_idx cap_idx;
> > >  	const struct rte_cryptodev_symmetric_capability *capability;
> > >  	struct rte_cryptodev_asym_capability_idx asym_cap_idx;
> > > -	const struct rte_cryptodev_asymmetric_xform_capability
> > > *asym_capability;
> > > -
> > > +	const struct rte_cryptodev_asymmetric_capability *asym_capability;
> > > +	struct rte_crypto_mod_capability mod_capa = {0};
> > >
> > >  	uint8_t i, cdev_id;
> > >  	int ret;
> > > @@ -381,11 +381,11 @@ cperf_verify_devices_capabilities(struct
> > > cperf_options *opts,
> > >  			if (asym_capability == NULL)
> > >  				return -1;
> > >
> > > -			ret =
> > > rte_cryptodev_asym_xform_capability_check_modlen(
> > > -				asym_capability, opts->modex_data-
> > > >modulus.len);
> > > -			if (ret != 0)
> > > +			mod_capa.max_mod_size = opts->modex_data-
> > > >modulus.len;
> > > +			ret = rte_cryptodev_capa_check_mod(asym_capability,
> > > +						mod_capa);
> > > +			if (ret == 0)
> > >  				return ret;
> > > -
> > >  		}
> > >
> > >  		if (opts->op_type == CPERF_AUTH_ONLY || diff --git
> > > a/app/test-eventdev/test_perf_common.c b/app/test-
> > > eventdev/test_perf_common.c index b41785492e..ac8e6410ab 100644
> > > --- a/app/test-eventdev/test_perf_common.c
> > > +++ b/app/test-eventdev/test_perf_common.c
> > > @@ -846,7 +846,7 @@ cryptodev_sym_sess_create(struct prod_data *p,
> > > struct test_perf *t)  static void *  cryptodev_asym_sess_create(struct
> > > prod_data *p, struct test_perf *t)  {
> > > -	const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > +	const struct rte_cryptodev_asymmetric_capability *capability;
> > >  	struct rte_cryptodev_asym_capability_idx cap_idx;
> > >  	struct rte_crypto_asym_xform xform;
> > >  	void *sess;
> > > diff --git a/app/test/test_cryptodev_asym.c
> > > b/app/test/test_cryptodev_asym.c index 072dbb30f4..c531265642 100644
> > > --- a/app/test/test_cryptodev_asym.c
> > > +++ b/app/test/test_cryptodev_asym.c
> > > @@ -311,10 +311,11 @@ test_cryptodev_asym_op(struct
> > > crypto_testsuite_params_asym *ts_params,
> > >  	struct rte_crypto_asym_xform xform_tc;
> > >  	void *sess = NULL;
> > >  	struct rte_cryptodev_asym_capability_idx cap_idx;
> > > -	const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > +	const struct rte_cryptodev_asymmetric_capability *capability;
> > >  	uint8_t dev_id = ts_params->valid_devs[0];
> > >  	uint8_t input[TEST_DATA_SIZE] = {0};
> > >  	uint8_t *result = NULL;
> > > +	struct rte_crypto_mod_capability mod_capa = {0};
> > >
> > >  	int ret, status = TEST_SUCCESS;
> > >
> > > @@ -358,8 +359,10 @@ test_cryptodev_asym_op(struct
> > > crypto_testsuite_params_asym *ts_params,
> > >  		asym_op->modex.base.length = data_tc->modex.base.len;
> > >  		asym_op->modex.result.data = result;
> > >  		asym_op->modex.result.length = data_tc->modex.result_len;
> > > -		if
> > > (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> > > -				xform_tc.modex.modulus.length)) {
> > > +
> > > +		mod_capa.max_mod_size = xform_tc.modex.modulus.length;
> > > +		if  (!rte_cryptodev_capa_check_mod(capability,
> > > +			mod_capa)) {
> > >  			snprintf(test_msg, ASYM_TEST_MSG_LEN,
> > >  				"line %u "
> > >  				"FAILED: %s", __LINE__,
> > > @@ -378,8 +381,10 @@ test_cryptodev_asym_op(struct
> > > crypto_testsuite_params_asym *ts_params,
> > >  		asym_op->modinv.base.length = data_tc->modinv.base.len;
> > >  		asym_op->modinv.result.data = result;
> > >  		asym_op->modinv.result.length = data_tc->modinv.result_len;
> > > -		if
> > > (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> > > -				xform_tc.modinv.modulus.length)) {
> > > +
> > > +		mod_capa.max_mod_size = xform_tc.modinv.modulus.length;
> > > +		if  (!rte_cryptodev_capa_check_mod(capability,
> > > +			mod_capa)) {
> > >  			snprintf(test_msg, ASYM_TEST_MSG_LEN,
> > >  				"line %u "
> > >  				"FAILED: %s", __LINE__,
> > > @@ -963,38 +968,100 @@ ut_teardown_asym(void)
> > >  	rte_cryptodev_stop(ts_params->valid_devs[0]);
> > >  }
> > >
> > > -static inline void print_asym_capa(
> > > -		const struct rte_cryptodev_asymmetric_xform_capability
> > > *capa)
> > > +static void
> > > +print_rsa_capability(
> > > +	const struct rte_cryptodev_asymmetric_capability *capa)
> > >  {
> > >  	int i = 0;
> > >
> > > +	printf("\nSupported paddings:");
> > > +	for (; i < 32; i++) {
> > > +		if (capa->rsa.padding & RTE_BIT32(i))
> > > +			printf("\n - %s", rte_crypto_asym_rsa_padding[i]);
> > > +	}
> > > +	printf("\nSupported hash functions:");
> > > +	for (i = 0; i < 32; i++) {
> > > +		if (capa->rsa.hash & RTE_BIT32(i))
> > > +			printf("\n - %s", rte_crypto_auth_algorithm_strings[i]);
> > > +	}
> > > +	printf("\nMaximum key size: ");
> > > +	if (capa->rsa.max_key_size == 0)
> > > +		printf("Unlimited");
> > > +	else
> > > +		printf("%hu", capa->rsa.max_key_size); }
> > > +
> > > +static void
> > > +print_supported_curves(uint64_t curves) {
> > > +	int i = 0;
> > > +
> > > +	printf("\nSupported elliptic curves:");
> > > +	for (; i < 64; i++) {
> > > +		if (curves & RTE_BIT64(i))
> > > +			printf("\n - %s", rte_crypto_curves_strings[i]);
> > > +	}
> > > +}
> > > +
> > > +static inline void print_asym_capa(
> > > +		const struct rte_cryptodev_asymmetric_capability *capa) {
> > >  	printf("\nxform type: %s\n===================\n",
> > >  			rte_crypto_asym_xform_strings[capa->xform_type]);
> > > -	printf("operation supported -");
> > >
> > > -	for (i = 0; i < RTE_CRYPTO_ASYM_OP_LIST_END; i++) {
> > > -		/* check supported operations */
> > > -		if (rte_cryptodev_asym_xform_capability_check_optype(capa,
> > > i))
> > > -			printf(" %s",
> > > -					rte_crypto_asym_op_strings[i]);
> > > -		}
> > > -		switch (capa->xform_type) {
> > > -		case RTE_CRYPTO_ASYM_XFORM_RSA:
> > > -		case RTE_CRYPTO_ASYM_XFORM_MODINV:
> > > -		case RTE_CRYPTO_ASYM_XFORM_MODEX:
> > > -		case RTE_CRYPTO_ASYM_XFORM_DH:
> > > -		case RTE_CRYPTO_ASYM_XFORM_DSA:
> > > -			printf(" modlen: min %d max %d increment %d",
> > > -					capa->modlen.min,
> > > -					capa->modlen.max,
> > > -					capa->modlen.increment);
> > > +	switch (capa->xform_type) {
> > > +	case RTE_CRYPTO_ASYM_XFORM_MODEX:
> > > +	case RTE_CRYPTO_ASYM_XFORM_MODINV:
> > > +		printf("Maximum size of modulus: ");
> > > +		if (capa->mod.max_mod_size == 0)
> > > +			printf("Unlimited");
> > > +		else
> > > +			printf("%hu", capa->mod.max_mod_size);
> > >  		break;
> > > -		case RTE_CRYPTO_ASYM_XFORM_ECDSA:
> > > -		case RTE_CRYPTO_ASYM_XFORM_ECPM:
> > > -		default:
> > > -			break;
> > > -		}
> > > -		printf("\n");
> > > +	case RTE_CRYPTO_ASYM_XFORM_RSA:
> > > +		print_rsa_capability(capa);
> > > +		break;
> > > +	case RTE_CRYPTO_ASYM_XFORM_DH:
> >
> > ECDH?? I hope it will be added once it is tested in this app.
> >
> > > +		printf("Maximum group size: ");
> > > +		if (capa->dh.max_group_size == 0)
> > > +			printf("Unlimited");
> > > +		else
> > > +			printf("%hu", capa->dh.max_group_size);
> > > +		printf("\nSupport for private key generation: ");
> > > +		if (capa->dh.priv_key_gen)
> > > +			printf("Yes");
> > > +		else
> > > +			printf("No");
> > > +		break;
> > > +	case RTE_CRYPTO_ASYM_XFORM_DSA:
> > > +		printf("Maximum key size: ");
> > > +		if (capa->dsa.max_key_size == 0)
> > > +			printf("Unlimited");
> > > +		else
> > > +			printf("%hu", capa->dsa.max_key_size);
> > > +		printf("\nSupport for random 'k' generation: ");
> > > +		if (capa->dsa.random_k)
> > > +			printf("Yes");
> > > +		else
> > > +			printf("No");
> > > +		break;
> > > +
> > > +		break;
> > > +	case RTE_CRYPTO_ASYM_XFORM_ECDSA:
> > > +		print_supported_curves(capa->ecdsa.curves);
> > > +		printf("\nSupport for random 'k' generation: ");
> > > +		if (capa->ecdsa.random_k)
> > > +			printf("Yes");
> > > +		else
> > > +			printf("No");
> > > +		break;
> > > +	case RTE_CRYPTO_ASYM_XFORM_ECPM:
> > > +		print_supported_curves(capa->ecpm.curves);
> > > +		break;
> > > +	default:
> > > +		break;
> > > +	}
> > > +	printf("\n");
> > >  }
> > >
> > >  static int
> > > @@ -1006,7 +1073,7 @@ test_capability(void)
> > >  	const struct rte_cryptodev_capabilities *dev_capa;
> > >  	int i = 0;
> > >  	struct rte_cryptodev_asym_capability_idx idx;
> > > -	const struct rte_cryptodev_asymmetric_xform_capability *capa;
> > > +	const struct rte_cryptodev_asymmetric_capability *capa;
> > >
> > >  	rte_cryptodev_info_get(dev_id, &dev_info);
> > >  	if (!(dev_info.feature_flags &
> > > @@ -1023,7 +1090,7 @@ test_capability(void)
> > >  		dev_capa = &(dev_info.capabilities[i]);
> > >  		if (dev_info.capabilities[i].op ==
> > >  				RTE_CRYPTO_OP_TYPE_ASYMMETRIC) {
> > > -			idx.type = dev_capa->asym.xform_capa.xform_type;
> > > +			idx.type = dev_capa->asym.xform_type;
> > >
> > >  			capa = rte_cryptodev_asym_capability_get(dev_id,
> > >  				(const struct
> > > @@ -1386,10 +1453,11 @@ test_mod_inv(void)
> > >  	void *sess = NULL;
> > >  	int status = TEST_SUCCESS;
> > >  	struct rte_cryptodev_asym_capability_idx cap_idx;
> > > -	const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > +	const struct rte_cryptodev_asymmetric_capability *capability;
> > >  	uint8_t input[TEST_DATA_SIZE] = {0};
> > >  	int ret = 0;
> > >  	uint8_t result[sizeof(mod_p)] = { 0 };
> > > +	struct rte_crypto_mod_capability mod_capa = {0};
> > >
> > >  	if (rte_cryptodev_asym_get_xform_enum(
> > >  		&modinv_xform.xform_type, "modinv") < 0) { @@ -1408,13
> > +1476,11 @@
> > > test_mod_inv(void)
> > >  		return TEST_SKIPPED;
> > >  	}
> > >
> > > -	if (rte_cryptodev_asym_xform_capability_check_modlen(
> > > -		capability,
> > > -		modinv_xform.modinv.modulus.length)) {
> > > -		RTE_LOG(ERR, USER1,
> > > -				 "Invalid MODULUS length specified\n");
> > > -				return TEST_SKIPPED;
> > > -		}
> > > +	mod_capa.max_mod_size = modinv_xform.modinv.modulus.length;
> > > +	if  (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> > > +		RTE_LOG(ERR, USER1, "Invalid MODULUS length specified\n");
> > > +		return TEST_SKIPPED;
> > > +	}
> > >
> > >  	ret = rte_cryptodev_asym_session_create(dev_id, &modinv_xform,
> > > sess_mpool, &sess);
> > >  	if (ret < 0) {
> > > @@ -1499,7 +1565,8 @@ test_mod_exp(void)
> > >  	void *sess = NULL;
> > >  	int status = TEST_SUCCESS;
> > >  	struct rte_cryptodev_asym_capability_idx cap_idx;
> > > -	const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > +	const struct rte_cryptodev_asymmetric_capability *capability;
> > > +	struct rte_crypto_mod_capability mod_capa = {0};
> > >  	uint8_t input[TEST_DATA_SIZE] = {0};
> > >  	int ret = 0;
> > >  	uint8_t result[sizeof(mod_p)] = { 0 }; @@ -1522,12 +1589,11 @@
> > > test_mod_exp(void)
> > >  		return TEST_SKIPPED;
> > >  	}
> > >
> > > -	if (rte_cryptodev_asym_xform_capability_check_modlen(
> > > -			capability, modex_xform.modex.modulus.length)) {
> > > -		RTE_LOG(ERR, USER1,
> > > -				"Invalid MODULUS length specified\n");
> > > -				return TEST_SKIPPED;
> > > -		}
> > > +	mod_capa.max_mod_size = modex_xform.modex.modulus.length;
> > > +	if  (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> > > +		RTE_LOG(ERR, USER1, "Invalid MODULUS length specified\n");
> > > +		return TEST_SKIPPED;
> > > +	}
> > >
> > >  	/* Create op, create session, and process packets. 8< */
> > >  	op = rte_crypto_op_alloc(op_mpool,
> > > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > > @@ -1785,6 +1851,8 @@ test_ecdsa_sign_verify(enum curve curve_id)
> > >  	struct rte_crypto_asym_xform xform;
> > >  	struct rte_crypto_asym_op *asym_op;
> > >  	struct rte_cryptodev_info dev_info;
> > > +	struct rte_cryptodev_asym_capability_idx idx;
> > > +	const struct rte_cryptodev_asymmetric_capability *capabilities;
> > >  	struct rte_crypto_op *op = NULL;
> > >  	int ret, status = TEST_SUCCESS;
> > >
> > > @@ -1814,6 +1882,25 @@ test_ecdsa_sign_verify(enum curve curve_id)
> > >
> > >  	rte_cryptodev_info_get(dev_id, &dev_info);
> > >
> > > +	struct rte_crypto_ecdsa_capability capa = {
> > > +		.curves = RTE_BIT32(input_params.curve),
> > > +		.random_k = 0
> > > +	};
> > > +
> > > +	idx.type = RTE_CRYPTO_ASYM_XFORM_ECDSA;
> > > +	capabilities = rte_cryptodev_asym_capability_get(dev_id,
> > > +		(const struct
> > > +		rte_cryptodev_asym_capability_idx *) &idx);
> > > +
> > > +	if (capabilities == NULL) {
> > > +		status = TEST_SKIPPED;
> > > +		goto exit;
> > > +	}
> > > +	if (!rte_cryptodev_capa_check_ecdsa(capabilities, capa)) {
> > > +		status = TEST_SKIPPED;
> > > +		goto exit;
> > > +	}
> > > +
> > >  	/* Setup crypto op data structure */
> > >  	op = rte_crypto_op_alloc(op_mpool,
> > > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > >  	if (op == NULL) {
> > > @@ -1962,6 +2049,8 @@ test_ecdsa_sign_verify_all_curve(void)
> > >  		status = test_ecdsa_sign_verify(curve_id);
> > >  		if (status == TEST_SUCCESS) {
> > >  			msg = "succeeded";
> > > +		} else if (status == TEST_SKIPPED) {
> > > +			continue;
> > >  		} else {
> > >  			msg = "failed";
> > >  			overall_status = status;
> > > @@ -1987,6 +2076,8 @@ test_ecpm(enum curve curve_id)
> > >  	struct rte_crypto_asym_xform xform;
> > >  	struct rte_crypto_asym_op *asym_op;
> > >  	struct rte_cryptodev_info dev_info;
> > > +	struct rte_cryptodev_asym_capability_idx idx;
> > > +	const struct rte_cryptodev_asymmetric_capability *capabilities;
> > >  	struct rte_crypto_op *op = NULL;
> > >  	int ret, status = TEST_SUCCESS;
> > >
> > > @@ -2016,6 +2107,24 @@ test_ecpm(enum curve curve_id)
> > >
> > >  	rte_cryptodev_info_get(dev_id, &dev_info);
> > >
> > > +	struct rte_crypto_ecdsa_capability capa = {
> > > +		.curves = RTE_BIT32(input_params.curve)
> > > +	};
> > > +
> > > +	idx.type = RTE_CRYPTO_ASYM_XFORM_ECPM;
> > > +	capabilities = rte_cryptodev_asym_capability_get(dev_id,
> > > +		(const struct
> > > +		rte_cryptodev_asym_capability_idx *) &idx);
> > > +
> > > +	if (capabilities == NULL) {
> > > +		status = TEST_SKIPPED;
> > > +		goto exit;
> > > +	}
> > > +	if (!rte_cryptodev_capa_check_ecdsa(capabilities, capa)) {
> > > +		status = TEST_SKIPPED;
> > > +		goto exit;
> > > +	}
> > > +
> > >  	/* Setup crypto op data structure */
> > >  	op = rte_crypto_op_alloc(op_mpool,
> > > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > >  	if (op == NULL) {
> > > @@ -2124,6 +2233,8 @@ test_ecpm_all_curve(void)
> > >  		status = test_ecpm(curve_id);
> > >  		if (status == TEST_SUCCESS) {
> > >  			msg = "succeeded";
> > > +		} else if (status == TEST_SKIPPED) {
> > > +			continue;
> > >  		} else {
> > >  			msg = "failed";
> > >  			overall_status = status;
> > > @@ -2162,7 +2273,12 @@ static struct unit_test_suite
> > > cryptodev_qat_asym_testsuite  = {
> > >  	.setup = testsuite_setup,
> > >  	.teardown = testsuite_teardown,
> > >  	.unit_test_cases = {
> > > +		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > > test_capability),
> > >  		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > test_one_by_one),
> > > +		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > > +			     test_ecdsa_sign_verify_all_curve),
> > > +		TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > > +				test_ecpm_all_curve),
> > >  		TEST_CASES_END() /**< NULL terminate unit test array */
> > >  	}
> > >  };
> >
> > I think patch need to be split for adding test app changes.
> >
> >
> > > diff --git a/app/test/test_event_crypto_adapter.c
> > > b/app/test/test_event_crypto_adapter.c
> > > index 2ecc7e2cea..9a62241371 100644
> > > --- a/app/test/test_event_crypto_adapter.c
> > > +++ b/app/test/test_event_crypto_adapter.c
> > > @@ -450,7 +450,7 @@ test_session_with_op_forward_mode(void)
> > >  static int
> > >  test_asym_op_forward_mode(uint8_t session_less)  {
> > > -	const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > +	const struct rte_cryptodev_asymmetric_capability *capability;
> > >  	struct rte_cryptodev_asym_capability_idx cap_idx;
> > >  	struct rte_crypto_asym_xform xform_tc;
> > >  	union rte_event_crypto_metadata m_data; @@ -458,6 +458,7 @@
> > > test_asym_op_forward_mode(uint8_t session_less)
> > >  	struct rte_crypto_asym_op *asym_op;
> > >  	struct rte_crypto_op *op;
> > >  	uint8_t input[4096] = {0};
> > > +	struct rte_crypto_mod_capability mod_capa = {0};
> > >  	uint8_t *result = NULL;
> > >  	struct rte_event ev;
> > >  	void *sess = NULL;
> > > @@ -503,8 +504,9 @@ test_asym_op_forward_mode(uint8_t session_less)
> > >  	asym_op->modex.base.length = modex_test_case.base.len;
> > >  	asym_op->modex.result.data = result;
> > >  	asym_op->modex.result.length = modex_test_case.result_len;
> > > -	if (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> > > -			xform_tc.modex.modulus.length)) {
> > > +
> > > +	mod_capa.max_mod_size = xform_tc.modex.modulus.length;
> > > +	if  (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> > >  		RTE_LOG(INFO, USER1,
> > >  			"line %u FAILED: %s", __LINE__,
> > >  			"Invalid MODULUS length specified"); @@ -784,7
> > +786,7 @@
> > > test_session_with_op_new_mode(void)
> > >  static int
> > >  test_asym_op_new_mode(uint8_t session_less)  {
> > > -	const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > +	const struct rte_cryptodev_asymmetric_capability *capability;
> > >  	struct rte_cryptodev_asym_capability_idx cap_idx;
> > >  	struct rte_crypto_asym_xform xform_tc;
> > >  	union rte_event_crypto_metadata m_data; @@ -792,6 +794,7 @@
> > > test_asym_op_new_mode(uint8_t session_less)
> > >  	struct rte_crypto_asym_op *asym_op;
> > >  	struct rte_crypto_op *op;
> > >  	uint8_t input[4096] = {0};
> > > +	struct rte_crypto_mod_capability mod_capa = {0};
> >
> > Can you move this above to maintain reverse Xmas tree?
> >
> > >  	uint8_t *result = NULL;
> > >  	void *sess = NULL;
> > >  	uint32_t cap;
> > > @@ -835,8 +838,9 @@ test_asym_op_new_mode(uint8_t session_less)
> > >  	asym_op->modex.base.length = modex_test_case.base.len;
> > >  	asym_op->modex.result.data = result;
> > >  	asym_op->modex.result.length = modex_test_case.result_len;
> > > -	if (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> > > -			xform_tc.modex.modulus.length)) {
> > > +
> > > +	mod_capa.max_mod_size = xform_tc.modex.modulus.length;
> > > +	if  (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> > >  		RTE_LOG(INFO, USER1,
> > >  			"line %u FAILED: %s", __LINE__,
> > >  			"Invalid MODULUS length specified"); diff --git
> > > a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > > b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > > index 16ec5e15eb..e734fc2a69 100644
> > > --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > > +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > > @@ -7,6 +7,7 @@
> > >  #include <rte_common.h>
> > >  #include <rte_malloc.h>
> > >  #include <cryptodev_pmd.h>
> > > +#include <rte_bitops.h>
> > >
> > >  #include "openssl_pmd_private.h"
> > >  #include "compat.h"
> > > @@ -470,103 +471,82 @@ static const struct rte_cryptodev_capabilities
> > > openssl_pmd_capabilities[] = {
> > >  			}, }
> > >  		}, }
> > >  	},
> > > -	{	/* RSA */
> > > +	{	/* Modular exponentiation */
> > >  		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > >  		{.asym = {
> > > -			.xform_capa = {
> > > -				.xform_type =
> > > RTE_CRYPTO_ASYM_XFORM_RSA,
> > > -				.op_types = ((1 <<
> > > RTE_CRYPTO_ASYM_OP_SIGN) |
> > > -					(1 << RTE_CRYPTO_ASYM_OP_VERIFY)
> > > |
> > > -					(1 <<
> > > RTE_CRYPTO_ASYM_OP_ENCRYPT) |
> > > -					(1 <<
> > > RTE_CRYPTO_ASYM_OP_DECRYPT)),
> > > -				{
> > > -				.modlen = {
> > > -				/* min length is based on openssl rsa keygen */
> > > -				.min = 30,
> > > -				/* value 0 symbolizes no limit on max length */
> > > -				.max = 0,
> > > -				.increment = 1
> > > -				}, }
> > > +			.xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
> > > +			.mod = {
> > > +				.max_mod_size = 0
> > > +				}
> > >  			}
> > > -		},
> > >  		}
> > >  	},
> > > -	{	/* modexp */
> > > +	{	/* Modular multiplicative inverse */
> > >  		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > >  		{.asym = {
> > > -			.xform_capa = {
> > > -				.xform_type =
> > > RTE_CRYPTO_ASYM_XFORM_MODEX,
> > > -				.op_types = 0,
> > > -				{
> > > -				.modlen = {
> > > -				/* value 0 symbolizes no limit on min length */
> > > -				.min = 0,
> > > -				/* value 0 symbolizes no limit on max length */
> > > -				.max = 0,
> > > -				.increment = 1
> > > -				}, }
> > > +			.xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
> > > +			.mod = {
> > > +				.max_mod_size = 0
> > > +				}
> > >  			}
> > > -		},
> > >  		}
> > >  	},
> > > -	{	/* modinv */
> > > +	{	/* RSA */
> > >  		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > >  		{.asym = {
> > > -			.xform_capa = {
> > > -				.xform_type =
> > > RTE_CRYPTO_ASYM_XFORM_MODINV,
> > > -				.op_types = 0,
> > > -				{
> > > -				.modlen = {
> > > -				/* value 0 symbolizes no limit on min length */
> > > -				.min = 0,
> > > -				/* value 0 symbolizes no limit on max length */
> > > -				.max = 0,
> > > -				.increment = 1
> > > -				}, }
> > > +			.xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
> > > +			.rsa = {
> > > +				.padding =
> > > +
> > > 	RTE_BIT32(RTE_CRYPTO_RSA_PADDING_NONE) |
> > > +
> > > 	RTE_BIT32(RTE_CRYPTO_RSA_PADDING_PKCS1_5),
> > > +				.hash =
> > > +					RTE_BIT32(RTE_CRYPTO_AUTH_MD5)
> > > |
> > > +					RTE_BIT32(RTE_CRYPTO_AUTH_SHA1)
> > > 	|
> > > +
> > > 	RTE_BIT32(RTE_CRYPTO_AUTH_SHA224) |
> > > +
> > > 	RTE_BIT32(RTE_CRYPTO_AUTH_SHA256) |
> > > +
> > > 	RTE_BIT32(RTE_CRYPTO_AUTH_SHA384) |
> > > +
> > > 	RTE_BIT32(RTE_CRYPTO_AUTH_SHA512),
> > > +				.max_key_size = 0
> > > +				}
> > >  			}
> > > -		},
> > >  		}
> > >  	},
> > > -	{	/* dh */
> > > +	{	/* Diffie-Hellman */
> > >  		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > >  		{.asym = {
> > > -			.xform_capa = {
> > > -				.xform_type =
> > > RTE_CRYPTO_ASYM_XFORM_DH,
> > > -				.op_types =
> > > -
> > > 	((1<<RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE) |
> > > -				(1 <<
> > > RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE |
> > > -				(1 <<
> > > -
> > > 	RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE))),
> > > -				{
> > > -				.modlen = {
> > > -				/* value 0 symbolizes no limit on min length */
> > > -				.min = 0,
> > > -				/* value 0 symbolizes no limit on max length */
> > > -				.max = 0,
> > > -				.increment = 1
> > > -				}, }
> > > +			.xform_type = RTE_CRYPTO_ASYM_XFORM_DH,
> > > +			.dh = {
> > > +				.max_group_size = 0,
> > > +				.priv_key_gen = 1
> > > +				}
> > >  			}
> > > -		},
> > >  		}
> > >  	},
> > > -	{	/* dsa */
> > > +	{	/* DSA */
> > >  		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > >  		{.asym = {
> > > -			.xform_capa = {
> > > -				.xform_type =
> > > RTE_CRYPTO_ASYM_XFORM_DSA,
> > > -				.op_types =
> > > -				((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
> > > -				(1 << RTE_CRYPTO_ASYM_OP_VERIFY)),
> > > -				{
> > > -				.modlen = {
> > > -				/* value 0 symbolizes no limit on min length */
> > > -				.min = 0,
> > > -				/* value 0 symbolizes no limit on max length */
> > > -				.max = 0,
> > > -				.increment = 1
> > > -				}, }
> > > +			.xform_type = RTE_CRYPTO_ASYM_XFORM_DSA,
> > > +			.dsa = {
> > > +				.max_key_size = 0,
> > > +				.random_k = 1
> > > +				}
> > > +			}
> > > +		}
> > > +	},
> > > +	{	/* ECDSA */
> > > +		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > +		{.asym = {
> > > +			.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
> > > +			.ecdsa = {
> > > +				.curves =
> > > +
> > > 	RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP192R1) |
> > > +
> > > 	RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP224R1) |
> > > +
> > > 	RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
> > > +
> > > 	RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP384R1) |
> > > +
> > > 	RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1),
> > > +				.random_k = 1
> > > +				}
> > >  			}
> > > -		},
> > >  		}
> > >  	},
> > >
> >
> > Do not combine PMD changes for capabilities in cryptodev patch for new APIs.
> >
> >
> > > diff --git a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> > > b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> > > index 4499fdaf2d..d5144bca84 100644
> > > --- a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> > > +++ b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> > > @@ -28,16 +28,64 @@ struct rte_cryptodev_ops
> qat_asym_crypto_ops_gen1
> > > = {  };
> > >
> > >  static struct rte_cryptodev_capabilities qat_asym_crypto_caps_gen1[] = {
> > > -	QAT_ASYM_CAP(MODEX,
> > > -		0, 1, 512, 1),
> > > -	QAT_ASYM_CAP(MODINV,
> > > -		0, 1, 512, 1),
> > > -	QAT_ASYM_CAP(RSA,
> > > -			((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
> > > -			(1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
> > > -			(1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
> > > -			(1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
> > > -			64, 512, 64),
> > > +	{	/* Modular exponentiation */
> > > +		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > +		{.asym = {
> > > +			.xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
> > > +			.mod = {
> > > +				.max_mod_size = 4096
> > > +				}
> > > +			}
> > > +		}
> > > +	},
> > > +	{	/* Modular multiplicative inverse */
> > > +		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > +		{.asym = {
> > > +			.xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
> > > +			.mod = {
> > > +				.max_mod_size = 4096
> > > +				}
> > > +			}
> > > +		}
> > > +	},
> > > +	{	/* RSA */
> > > +		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > +		{.asym = {
> > > +			.xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
> > > +			.rsa = {
> > > +				.padding =
> > > +
> > > 	RTE_BIT32(RTE_CRYPTO_RSA_PADDING_NONE),
> > > +				.hash = 0,
> > > +				.max_key_size = 4096
> > > +				}
> > > +			}
> > > +		}
> > > +	},
> > > +	{	/* ECDSA */
> > > +		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > +		{.asym = {
> > > +			.xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
> > > +			.ecdsa = {
> > > +				.curves =
> > > +
> > > 	RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
> > > +
> > > 	RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1),
> > > +				.random_k = 0
> > > +				}
> > > +			}
> > > +		}
> > > +	},
> > > +	{	/* ECPM */
> > > +		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > +		{.asym = {
> > > +			.xform_type = RTE_CRYPTO_ASYM_XFORM_ECPM,
> > > +			.ecdsa = {
> > > +				.curves =
> > > +
> > > 	RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
> > > +
> > > 	RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1)
> > > +				}
> > > +			}
> > > +		}
> > > +	},
> > >  	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
> > >  };
> > >
> > > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > > b/lib/cryptodev/rte_crypto_asym.h index d90a7a1957..41b22450d3 100644
> > > --- a/lib/cryptodev/rte_crypto_asym.h
> > > +++ b/lib/cryptodev/rte_crypto_asym.h
> > > @@ -41,6 +41,14 @@ rte_crypto_asym_ke_strings[];  extern const char *
> > > rte_crypto_asym_op_strings[];
> > >
> > > +/** RSA padding type name strings */
> > > +extern const char *
> > > +rte_crypto_asym_rsa_padding[];
> >
> > rte_crypto_asym_rsa_padding_strings
> >
> > > +
> > > +/** Elliptic curves name strings */
> > > +extern const char *
> > > +rte_crypto_curves_strings[];
> > > +
> > >  /**
> > >   * Buffer to hold crypto params required for asym operations.
> > >   *
> > > @@ -265,6 +273,46 @@ struct rte_crypto_rsa_padding {
> > >  	 */
> > >  };
> > >
> > > +struct rte_crypto_mod_capability {
> > > +	uint16_t max_mod_size;
> > > +	/**< Maximum supported modulus size in bytes, 0 means no limit */ };
> > > +
> > > +struct rte_crypto_rsa_capability {
> > > +	uint32_t padding;
> > > +	/**< List of supported paddings */
> > How is this list supposed to work?
> > I believe this should be enum to specify a single value.
> > Driver can maintain a static array to list all supported ones.
> > And application can query if a particular capability which it intend to use Is
> > supported by the PMD.
> >
> > > +	uint32_t hash;
> > > +	/**< List of supported hash functions */
> > Same comment here as well
> >
> > > +	uint32_t max_key_size;
> > > +	/**< Maximum supported key size in bytes, 0 means no limit */ };
> > > +
> > > +struct rte_crypto_dh_capability {
> > > +	uint16_t max_group_size;
> > > +	/**< Maximum group  in bytes, 0 means no limit */
> > Maximum group size in bytes ...
> >
> > > +	uint8_t priv_key_gen;
> > > +	/**< Does PMD supports private key generation generation */
> > Is it a flag? Please comment it properly.
> >
> > > +};
> > > +
> > > +struct rte_crypto_dsa_capability {
> > > +	uint16_t max_key_size;
> > > +	/**< Maximum supported key size in bytes, 0 means no limit */
> > > +	uint8_t random_k;
> > > +	/**< Does PMD supports random 'k' generation */
> >
> > Comments should not ask questions.
> >
> > > +};
> > > +
> > > +struct rte_crypto_ecdsa_capability {
> > > +	uint64_t curves;
> > > +	/**< Supported elliptic curve ids */
> > Shouldn't this also be enum?
> >
> > > +	uint8_t random_k;
> > > +	/**< Does PMD supports random 'k' generation */
> >
> > Same comment as above.
> > > +};
> > > +
> > > +struct rte_crypto_ecpm_capability {
> > > +	uint64_t curves;
> > > +	/**< Supported elliptic curve ids */
> >
> > Enum??
> >
> > > +};
> > > +
> > >  /**
> > >   * Asymmetric RSA transform data
> > >   *
> > > diff --git a/lib/cryptodev/rte_cryptodev.c
> > > b/lib/cryptodev/rte_cryptodev.c index 57ee6b3f07..b1ad1112fe 100644
> > > --- a/lib/cryptodev/rte_cryptodev.c
> > > +++ b/lib/cryptodev/rte_cryptodev.c
> > > @@ -190,6 +190,27 @@ const char *rte_crypto_asym_ke_strings[] = {  };
> > >
> > >  /**
> > > + * RSA padding string identifiers
> > > + */
> > > +const char *rte_crypto_asym_rsa_padding[] = {
> > > +	[RTE_CRYPTO_RSA_PADDING_NONE] =
> > > "RTE_CRYPTO_RSA_PADDING_NONE",
> > > +	[RTE_CRYPTO_RSA_PADDING_PKCS1_5] =
> > > "RTE_CRYPTO_RSA_PADDING_PKCS1_5",
> > > +	[RTE_CRYPTO_RSA_PADDING_OAEP] =
> > > "RTE_CRYPTO_RSA_PADDING_OAEP",
> > > +	[RTE_CRYPTO_RSA_PADDING_PSS] =
> > > "RTE_CRYPTO_RSA_PADDING_PSS"
> > > +};
> > > +
> > > +/**
> > > + * Elliptic curves string identifiers  */ const char
> > > +*rte_crypto_curves_strings[] = {
> > > +	[RTE_CRYPTO_EC_GROUP_SECP192R1] =
> > > "RTE_CRYPTO_EC_GROUP_SECP192R1",
> > > +	[RTE_CRYPTO_EC_GROUP_SECP224R1] =
> > > "RTE_CRYPTO_EC_GROUP_SECP224R1",
> > > +	[RTE_CRYPTO_EC_GROUP_SECP256R1] =
> > > "RTE_CRYPTO_EC_GROUP_SECP256R1",
> > > +	[RTE_CRYPTO_EC_GROUP_SECP384R1] =
> > > "RTE_CRYPTO_EC_GROUP_SECP384R1",
> > > +	[RTE_CRYPTO_EC_GROUP_SECP521R1] =
> > > "RTE_CRYPTO_EC_GROUP_SECP521R1",
> > > +};
> > > +
> > > +/**
> > >   * The private data structure stored in the sym session mempool private
> data.
> > >   */
> > >  struct rte_cryptodev_sym_session_pool_private_data { @@ -347,7 +368,7
> > > @@ param_range_check(uint16_t size, const struct
> > > rte_crypto_param_range *range)
> > >  	return -1;
> > >  }
> > >
> > > -const struct rte_cryptodev_asymmetric_xform_capability *
> > > +const struct rte_cryptodev_asymmetric_capability *
> > >  rte_cryptodev_asym_capability_get(uint8_t dev_id,
> > >  		const struct rte_cryptodev_asym_capability_idx *idx)  { @@ -
> > 363,8
> > > +384,8 @@ rte_cryptodev_asym_capability_get(uint8_t dev_id,
> > >  		if (capability->op != RTE_CRYPTO_OP_TYPE_ASYMMETRIC)
> > >  			continue;
> > >
> > > -		if (capability->asym.xform_capa.xform_type == idx->type)
> > > -			return &capability->asym.xform_capa;
> > > +		if (capability->asym.xform_type == idx->type)
> > > +			return &capability->asym;
> > >  	}
> > >  	return NULL;
> > >  };
> > > @@ -456,6 +477,59 @@
> > rte_cryptodev_asym_xform_capability_check_modlen(
> > >  	return 0;
> > >  }
> > >
> > > +int
> > > +rte_cryptodev_capa_check_mod(
> >
> > API name should be rte_cryptodev_mod_capa_check Verb should come in the
> > end.
> > Fix other APIs also.
> >
> > > +	const struct rte_cryptodev_asymmetric_capability *capa,
> > > +	struct rte_crypto_mod_capability mod) {
> > > +	if (capa->mod.max_mod_size == 0)
> > > +		return 1;
> > > +
> > > +	if (mod.max_mod_size <= capa->mod.max_mod_size)
> > > +		return 1;
> > > +	else
> > > +		return 0;
> > > +}
> > > +
> > > +int
> > > +rte_cryptodev_capa_check_rsa(
> > > +	const struct rte_cryptodev_asymmetric_capability *capa,
> > > +	struct rte_crypto_rsa_capability rsa) {
> > > +	if (rsa.padding != (capa->rsa.padding & rsa.padding))
> > > +		return 0;
> > > +	if (rsa.hash != (capa->rsa.hash & rsa.hash))
> > > +		return 0;
> > > +	if (capa->rsa.max_key_size == 0)
> > > +		return 1;
> > > +	if (rsa.max_key_size <= capa->rsa.max_key_size)
> > > +		return 1;
> > > +	else
> > > +		return 0;
> > > +}
> >
> > Can we have something similar to symmetric crypto/rte_security capabilities?
> In what way similar? There are mostly range checks in symmetric.

Please ignore this comment, I misinterpreted xforms with algos.
For each of the xforms we can have separate API to check.
All algos in that particular xform can be clubbed in same API.

> >
> > > +
> > > +int
> > > +rte_cryptodev_capa_check_ecdsa(
> > > +	const struct rte_cryptodev_asymmetric_capability *capa,
> > > +	struct rte_crypto_ecdsa_capability ecdsa) {
> > > +	if (ecdsa.curves != (capa->ecdsa.curves & ecdsa.curves))
> > > +		return 0;
> > > +	if (ecdsa.random_k == 1 && capa->ecdsa.random_k == 0)
> > > +		return 0;
> > > +	return 1;
> > > +}
> > > +
> > > +int
> > > +rte_cryptodev_capa_check_ecpm(
> > > +	const struct rte_cryptodev_asymmetric_capability *capa,
> > > +	struct rte_crypto_ecpm_capability ecpm) {
> > > +	if (ecpm.curves != (capa->ecpm.curves & ecpm.curves))
> > > +		return 0;
> > > +	return 1;
> > > +}
> > > +
> > >  /* spinlock for crypto device enq callbacks */  static rte_spinlock_t
> > > rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
> > >
> > > diff --git a/lib/cryptodev/rte_cryptodev.h
> > > b/lib/cryptodev/rte_cryptodev.h index 2c2c2edeb7..6c5bd819b2 100644
> > > --- a/lib/cryptodev/rte_cryptodev.h
> > > +++ b/lib/cryptodev/rte_cryptodev.h
> > > @@ -184,6 +184,19 @@ struct rte_cryptodev_asymmetric_xform_capability
> {
> > >   *
> > >   */
> > >  struct rte_cryptodev_asymmetric_capability {
> > > +	enum rte_crypto_asym_xform_type xform_type;
> > > +	/**< Asymmetric transform type */
> > > +	uint32_t op_types;
> > > +	/**< bitmask for supported rte_crypto_asym_op_type */
> > > +	union {
> > > +		struct rte_crypto_mod_capability mod;
> > > +		struct rte_crypto_rsa_capability rsa;
> > > +		struct rte_crypto_dh_capability dh;
> > > +		struct rte_crypto_dsa_capability dsa;
> > > +		struct rte_crypto_ecdsa_capability ecdsa;
> > > +		struct rte_crypto_ecpm_capability ecpm;
> > > +	};
> > > +
> > >  	struct rte_cryptodev_asymmetric_xform_capability xform_capa;  };
> > >
> > > @@ -247,7 +260,7 @@ rte_cryptodev_sym_capability_get(uint8_t dev_id,
> > >   *   - Return NULL if the capability not exist.
> > >   */
> > >  __rte_experimental
> > > -const struct rte_cryptodev_asymmetric_xform_capability *
> > > +const struct rte_cryptodev_asymmetric_capability *
> > >  rte_cryptodev_asym_capability_get(uint8_t dev_id,
> > >  		const struct rte_cryptodev_asym_capability_idx *idx);
> > >
> > > @@ -339,6 +352,66 @@
> > rte_cryptodev_asym_xform_capability_check_modlen(
> > >  		uint16_t modlen);
> > >
> > >  /**
> > > + * Check if requested Modexp features are supported
> > > + *
> > > + * @param	capability	Description of the asymmetric crypto
> > > capability.
> > > + * @param	mod		Modexp requested capability.
> > > + *
> > > + * @return
> > > + *   - Return 1 if the parameters are in range of the capability.
> > > + *   - Return 0 if the parameters are out of range of the capability.
> > > + */
> > > +__rte_experimental
> > > +int
> > > +rte_cryptodev_capa_check_mod(
> > > +	const struct rte_cryptodev_asymmetric_capability *capa,
> > > +	struct rte_crypto_mod_capability mod);
> > > +/**
> > > + * Check if requested RSA features are supported
> > > + *
> > > + * @param	capability	Description of the asymmetric crypto
> > > capability.
> > > + * @param	rsa		RSA requested capability.
> > > + *
> > > + * @return
> > > + *   - Return 1 if the parameters are in range of the capability.
> > > + *   - Return 0 if the parameters are out of range of the capability.
> > > + */
> > > +__rte_experimental
> > > +int
> > > +rte_cryptodev_capa_check_rsa(
> > > +	const struct rte_cryptodev_asymmetric_capability *capa,
> > > +	struct rte_crypto_rsa_capability rsa);
> > > +/**
> > > + * Check if requested ECDSA features are supported
> > > + *
> > > + * @param	capability	Description of the asymmetric crypto
> > > capability.
> > > + * @param	ecdsa		ECDSA requested capability.
> > > + *
> > > + * @return
> > > + *   - Return 1 if the parameters are in range of the capability.
> > > + *   - Return 0 if the parameters are out of range of the capability.
> > > + */
> > > +__rte_experimental
> > > +int
> > > +rte_cryptodev_capa_check_ecdsa(
> > > +	const struct rte_cryptodev_asymmetric_capability *capa,
> > > +	struct rte_crypto_ecdsa_capability ecdsa);
> > > +/**
> > > + * Check if requested ECPM features are supported
> > > + *
> > > + * @param	capability	Description of the asymmetric crypto
> > > capability.
> > > + * @param	ecpm		ECPM requested capability.
> > > + *
> > > + * @return
> > > + *   - Return 1 if the parameters are in range of the capability.
> > > + *   - Return 0 if the parameters are out of range of the capability.
> > > + */
> > > +__rte_experimental
> > > +int
> > > +rte_cryptodev_capa_check_ecpm(
> > > +	const struct rte_cryptodev_asymmetric_capability *capa,
> > > +	struct rte_crypto_ecpm_capability ecpm);
> > > +/**
> > >   * Provide the cipher algorithm enum, given an algorithm string
> > >   *
> > >   * @param	algo_enum	A pointer to the cipher algorithm
> > > diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
> > > index f0abfaa47d..4d93b9a947 100644
> > > --- a/lib/cryptodev/version.map
> > > +++ b/lib/cryptodev/version.map
> > > @@ -108,6 +108,10 @@ EXPERIMENTAL {
> > >
> > >  	#added in 22.07
> > >  	rte_cryptodev_session_event_mdata_set;
> > > +	rte_cryptodev_capa_check_mod;
> > > +	rte_cryptodev_capa_check_rsa;
> > > +	rte_cryptodev_capa_check_ecdsa;
> > > +	rte_cryptodev_capa_check_ecpm;
> > >  };
> > >
> > >  INTERNAL {
> > > --
> > > 2.13.6


      reply	other threads:[~2022-05-26 15:00 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-25 15:53 [PATCH v2 00/14] cryptodev: rsa, dh, ecdh changes Arek Kusztal
2022-05-25 15:53 ` [PATCH v2 01/14] cryptodev: redefine ec group enum Arek Kusztal
2022-05-26  9:40   ` [EXT] " Akhil Goyal
2022-05-25 15:53 ` [PATCH v2 02/14] cryptodev: reduce number of comments in asym xform Arek Kusztal
2022-05-26  9:52   ` [EXT] " Akhil Goyal
2022-05-26 10:03     ` Kusztal, ArkadiuszX
2022-05-25 15:53 ` [PATCH v2 03/14] cryptodev: separate key exchange operation enum Arek Kusztal
2022-05-26 10:57   ` [EXT] " Akhil Goyal
2022-05-26 11:06     ` Kusztal, ArkadiuszX
2022-05-26 11:09       ` Akhil Goyal
2022-05-25 15:53 ` [PATCH v2 04/14] cryptodev: remove comment about using ephemeral key in dsa Arek Kusztal
2022-05-26 11:02   ` [EXT] " Akhil Goyal
2022-05-25 15:53 ` [PATCH v2 05/14] cryptodev: clarify usage of private key in dh Arek Kusztal
2022-05-26 11:04   ` [EXT] " Akhil Goyal
2022-05-25 15:53 ` [PATCH v2 06/14] cryptodev: move dh type from xform to dh op Arek Kusztal
2022-05-26 11:23   ` [EXT] " Akhil Goyal
2022-05-25 15:53 ` [PATCH v2 07/14] cryptodev: add elliptic curve diffie hellman Arek Kusztal
2022-05-26 11:29   ` [EXT] " Akhil Goyal
2022-05-26 11:44     ` Kusztal, ArkadiuszX
2022-05-25 15:53 ` [PATCH v2 08/14] cryptodev: add public key verify option Arek Kusztal
2022-05-26 11:34   ` [EXT] " Akhil Goyal
2022-05-26 11:46     ` Kusztal, ArkadiuszX
2022-05-25 15:53 ` [PATCH v2 09/14] cryptodev: add asym op flags Arek Kusztal
2022-05-26 11:46   ` [EXT] " Akhil Goyal
2022-05-25 15:53 ` [PATCH v2 10/14] cryptodev: clarify usage of rsa padding hash Arek Kusztal
2022-05-26 11:56   ` [EXT] " Akhil Goyal
2022-05-25 15:53 ` [PATCH v2 11/14] cryptodev: move RSA padding into separate struct Arek Kusztal
2022-05-26 12:04   ` [EXT] " Akhil Goyal
2022-05-26 12:14     ` Kusztal, ArkadiuszX
2022-05-26 12:19       ` Akhil Goyal
2022-05-26 12:35         ` Kusztal, ArkadiuszX
2022-05-26 12:41           ` Akhil Goyal
2022-05-25 15:53 ` [PATCH v2 12/14] cryptodev: clarify rsa verify with none padding Arek Kusztal
2022-05-26 12:06   ` [EXT] " Akhil Goyal
2022-05-26 12:15     ` Kusztal, ArkadiuszX
2022-05-25 15:53 ` [PATCH v2 13/14] cryptodev: add salt length and optional label Arek Kusztal
2022-05-26 12:08   ` [EXT] " Akhil Goyal
2022-05-25 15:53 ` [PATCH v2 14/14] cryptodev: add asym algorithms capabilities Arek Kusztal
2022-05-26 12:54   ` [EXT] " Akhil Goyal
2022-05-26 14:19     ` Kusztal, ArkadiuszX
2022-05-26 15:00       ` Akhil Goyal [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CO6PR18MB448403AD00E61EAA406AF55FD8D99@CO6PR18MB4484.namprd18.prod.outlook.com \
    --to=gakhil@marvell.com \
    --cc=arkadiuszx.kusztal@intel.com \
    --cc=dev@dpdk.org \
    --cc=roy.fan.zhang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).