From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 191D3454FF; Wed, 26 Jun 2024 10:49:10 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2C20C42EA5; Wed, 26 Jun 2024 10:48:49 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id ED33142EA6 for ; Wed, 26 Jun 2024 10:48:46 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 45Q4BjmH013873; Wed, 26 Jun 2024 01:48:46 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=pfpt0220; bh=m g/wQf8jHeWwyFx9G5pBd51J3x6Bl38/6g/QyiCTqeI=; b=UPZGcZx7NYz9cw7Ck gkSidbGmAJ3XeiSOSlGWPJcTzUBofFqULJ0oFMeYm7XVO/S9nBKyQS72h2ZA+xsS aJBRJFKafG40tlj3Sb/ybgiV1cLf4m+cfvIdqUKc6/KK8IWl+BSTeZGY/WX6jahz Mq6KwPP9MRsETJKAwOJhAzEQz8Sb/b5jgRi09TTtKD5OPwZyGu8qdWs3f0mM/j76 nwybVZ7pJBHtISL4G+vVZu7vS75xYk2QEyWx+F6JxDxOf0rPHus/kIcuyLa7ez+s jtw9tAE8jhZkTueltRrNa3Qz57s7lkHxMMz3SG0SF14t39EdF8QZPwKZqgiA5Y8M 5jRNw== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 4008qt9862-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 26 Jun 2024 01:48:45 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Wed, 26 Jun 2024 01:48:21 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1544.4 via Frontend Transport; Wed, 26 Jun 2024 01:48:21 -0700 Received: from BG-LT91401.marvell.com (BG-LT91401.marvell.com [10.28.168.34]) by maili.marvell.com (Postfix) with ESMTP id 7098B3F707B; Wed, 26 Jun 2024 01:48:19 -0700 (PDT) From: Gowrishankar Muthukrishnan To: , Ciara Power CC: Anoob Joseph , Akhil Goyal Subject: [PATCH v2 5/6] app/crypto-perf: support SM2 Date: Wed, 26 Jun 2024 14:17:44 +0530 Message-ID: <20240626084747.1595-6-gmuthukrishn@marvell.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20240626084747.1595-1-gmuthukrishn@marvell.com> References: <20240615115309.2678-1-gmuthukrishn@marvell.com> <20240626084747.1595-1-gmuthukrishn@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: fktdKf87oqLhWpfEuH9qkrwm3moXyelD X-Proofpoint-GUID: fktdKf87oqLhWpfEuH9qkrwm3moXyelD X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-06-26_03,2024-06-25_01,2024-05-17_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Akhil Goyal Added support for SM2 asymmetric crypto performance. A new command line option is added to specify asymmetric operation type `--asym-op Type`. Type can be sign/verify/encrypt/decrypt. Example command: ./dpdk-test-crypto-perf --vdev crypto_openssl -c 0x30 -- \ --devtype crypto_openssl --ptest throughput --optype sm2 \ --total-ops 10000 --asym-op sign Signed-off-by: Akhil Goyal --- app/test-crypto-perf/cperf_ops.c | 69 ++++++++++- app/test-crypto-perf/cperf_options.h | 6 + app/test-crypto-perf/cperf_options_parsing.c | 55 ++++++++- app/test-crypto-perf/cperf_test_common.c | 3 +- app/test-crypto-perf/cperf_test_vectors.c | 120 +++++++++++++++++++ app/test-crypto-perf/cperf_test_vectors.h | 25 ++++ app/test-crypto-perf/main.c | 61 ++++++++++ doc/guides/tools/cryptoperf.rst | 6 + 8 files changed, 341 insertions(+), 4 deletions(-) diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c index a802281a71..f0860a46c0 100644 --- a/app/test-crypto-perf/cperf_ops.c +++ b/app/test-crypto-perf/cperf_ops.c @@ -10,7 +10,7 @@ #include "cperf_test_vectors.h" static void -cperf_set_ops_asym(struct rte_crypto_op **ops, +cperf_set_ops_asym_modex(struct rte_crypto_op **ops, uint32_t src_buf_offset __rte_unused, uint32_t dst_buf_offset __rte_unused, uint16_t nb_ops, void *sess, @@ -34,6 +34,47 @@ cperf_set_ops_asym(struct rte_crypto_op **ops, } } +static void +cperf_set_ops_asym_sm2(struct rte_crypto_op **ops, + uint32_t src_buf_offset __rte_unused, + uint32_t dst_buf_offset __rte_unused, uint16_t nb_ops, + void *sess, + const struct cperf_options *options, + const struct cperf_test_vector *test_vector __rte_unused, + uint16_t iv_offset __rte_unused, + uint32_t *imix_idx __rte_unused, + uint64_t *tsc_start __rte_unused) +{ + uint16_t i; + + for (i = 0; i < nb_ops; i++) { + struct rte_crypto_asym_op *asym_op = ops[i]->asym; + + ops[i]->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + rte_crypto_op_attach_asym_session(ops[i], sess); + + /* Populate op with operational details */ + asym_op->sm2.hash = options->asym_hash_alg; + + asym_op->sm2.op_type = options->asym_op_type; + asym_op->sm2.message.data = options->sm2_data->message.data; + asym_op->sm2.message.length = options->sm2_data->message.length; + asym_op->sm2.cipher.data = options->sm2_data->cipher.data; + asym_op->sm2.cipher.length = options->sm2_data->cipher.length; + asym_op->sm2.id.data = options->sm2_data->id.data; + asym_op->sm2.id.length = options->sm2_data->id.length; + + asym_op->sm2.k.data = options->sm2_data->k.data; + asym_op->sm2.k.length = options->sm2_data->k.length; + + asym_op->sm2.r.data = options->sm2_data->sign_r.data; + asym_op->sm2.r.length = options->sm2_data->sign_r.length; + asym_op->sm2.s.data = options->sm2_data->sign_s.data; + asym_op->sm2.s.length = options->sm2_data->sign_s.length; + } +} + + #ifdef RTE_LIB_SECURITY static void test_ipsec_vec_populate(struct rte_mbuf *m, const struct cperf_options *options, @@ -932,6 +973,27 @@ cperf_create_session(struct rte_mempool *sess_mp, } return asym_sess; } + + if (options->op_type == CPERF_ASYM_SM2) { + xform.next = NULL; + xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2; + xform.ec.curve_id = options->sm2_data->curve; + xform.ec.pkey.data = options->sm2_data->pkey.data; + xform.ec.pkey.length = options->sm2_data->pkey.length; + xform.ec.q.x.data = options->sm2_data->pubkey_qx.data; + xform.ec.q.x.length = options->sm2_data->pubkey_qx.length; + xform.ec.q.y.data = options->sm2_data->pubkey_qy.data; + xform.ec.q.y.length = options->sm2_data->pubkey_qy.length; + + ret = rte_cryptodev_asym_session_create(dev_id, &xform, + sess_mp, &asym_sess); + if (ret < 0) { + RTE_LOG(ERR, USER1, "SM2 Asym session create failed\n"); + return NULL; + } + + return asym_sess; + } #ifdef RTE_LIB_SECURITY /* * security only @@ -1230,7 +1292,10 @@ cperf_get_op_functions(const struct cperf_options *options, op_fns->populate_ops = cperf_set_ops_cipher; break; case CPERF_ASYM_MODEX: - op_fns->populate_ops = cperf_set_ops_asym; + op_fns->populate_ops = cperf_set_ops_asym_modex; + break; + case CPERF_ASYM_SM2: + op_fns->populate_ops = cperf_set_ops_asym_sm2; break; #ifdef RTE_LIB_SECURITY case CPERF_PDCP: diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h index be36c70be1..d730ae18d0 100644 --- a/app/test-crypto-perf/cperf_options.h +++ b/app/test-crypto-perf/cperf_options.h @@ -49,6 +49,8 @@ #define CPERF_DIGEST_SZ ("digest-sz") +#define CPERF_ASYM_OP ("asym-op") + #ifdef RTE_LIB_SECURITY #define CPERF_PDCP_SN_SZ ("pdcp-sn-sz") #define CPERF_PDCP_DOMAIN ("pdcp-domain") @@ -85,6 +87,7 @@ enum cperf_op_type { CPERF_DOCSIS, CPERF_IPSEC, CPERF_ASYM_MODEX, + CPERF_ASYM_SM2, CPERF_TLS, }; @@ -162,6 +165,9 @@ struct cperf_options { uint8_t imix_distribution_count; struct cperf_modex_test_data *modex_data; uint16_t modex_len; + struct cperf_sm2_test_data *sm2_data; + enum rte_crypto_asym_op_type asym_op_type; + enum rte_crypto_auth_algorithm asym_hash_alg; }; void diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c index 8c20974273..49609e560e 100644 --- a/app/test-crypto-perf/cperf_options_parsing.c +++ b/app/test-crypto-perf/cperf_options_parsing.c @@ -37,7 +37,7 @@ usage(char *progname) " --desc-nb N: set number of descriptors for each crypto device\n" " --devtype TYPE: set crypto device type to use\n" " --optype cipher-only / auth-only / cipher-then-auth / auth-then-cipher /\n" - " aead / pdcp / docsis / ipsec / modex / tls-record : set operation type\n" + " aead / pdcp / docsis / ipsec / modex / sm2 / tls-record : set operation type\n" " --sessionless: enable session-less crypto operations\n" " --out-of-place: enable out-of-place crypto operations\n" " --test-file NAME: set the test vector file path\n" @@ -61,6 +61,7 @@ usage(char *progname) " --csv-friendly: enable test result output CSV friendly\n" " --modex-len N: modex length, supported lengths are " "60, 128, 255, 448. Default: 128\n" + " --asym-op encrypt / decrypt / sign / verify : set asym operation type\n" #ifdef RTE_LIB_SECURITY " --pdcp-sn-sz N: set PDCP SN size N <5/7/12/15/18>\n" " --pdcp-domain DOMAIN: set PDCP domain \n" @@ -482,6 +483,10 @@ parse_op_type(struct cperf_options *opts, const char *arg) cperf_op_type_strs[CPERF_ASYM_MODEX], CPERF_ASYM_MODEX }, + { + cperf_op_type_strs[CPERF_ASYM_SM2], + CPERF_ASYM_SM2 + }, { cperf_op_type_strs[CPERF_TLS], CPERF_TLS @@ -861,6 +866,45 @@ parse_aead_aad_sz(struct cperf_options *opts, const char *arg) return parse_uint16_t(&opts->aead_aad_sz, arg); } +static int +parse_asym_op(struct cperf_options *opts, const char *arg) +{ + struct name_id_map asym_op_namemap[] = { + { + rte_crypto_asym_op_strings + [RTE_CRYPTO_ASYM_OP_ENCRYPT], + RTE_CRYPTO_ASYM_OP_ENCRYPT + }, + { + rte_crypto_asym_op_strings + [RTE_CRYPTO_ASYM_OP_DECRYPT], + RTE_CRYPTO_ASYM_OP_DECRYPT + }, + { + rte_crypto_asym_op_strings + [RTE_CRYPTO_ASYM_OP_SIGN], + RTE_CRYPTO_ASYM_OP_SIGN + }, + { + rte_crypto_asym_op_strings + [RTE_CRYPTO_ASYM_OP_VERIFY], + RTE_CRYPTO_ASYM_OP_VERIFY + } + }; + + int id = get_str_key_id_mapping(asym_op_namemap, + RTE_DIM(asym_op_namemap), arg); + if (id < 0) { + RTE_LOG(ERR, USER1, "invalid ASYM operation specified\n"); + return -1; + } + + opts->asym_op_type = (enum rte_crypto_asym_op_type)id; + + return 0; +} + + static int parse_csv_friendly(struct cperf_options *opts, const char *arg __rte_unused) { @@ -935,6 +979,8 @@ static struct option lgopts[] = { { CPERF_DIGEST_SZ, required_argument, 0, 0 }, + { CPERF_ASYM_OP, required_argument, 0, 0 }, + #ifdef RTE_LIB_SECURITY { CPERF_PDCP_SN_SZ, required_argument, 0, 0 }, { CPERF_PDCP_DOMAIN, required_argument, 0, 0 }, @@ -1017,6 +1063,9 @@ cperf_options_default(struct cperf_options *opts) opts->docsis_hdr_sz = 17; #endif opts->modex_data = (struct cperf_modex_test_data *)&modex_perf_data[0]; + + opts->sm2_data = &sm2_perf_data; + opts->asym_op_type = RTE_CRYPTO_ASYM_OP_SIGN; } static int @@ -1053,6 +1102,7 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts) { CPERF_AEAD_IV_SZ, parse_aead_iv_sz }, { CPERF_AEAD_AAD_SZ, parse_aead_aad_sz }, { CPERF_DIGEST_SZ, parse_digest_sz }, + { CPERF_ASYM_OP, parse_asym_op }, #ifdef RTE_LIB_SECURITY { CPERF_PDCP_SN_SZ, parse_pdcp_sn_sz }, { CPERF_PDCP_DOMAIN, parse_pdcp_domain }, @@ -1438,6 +1488,9 @@ cperf_options_dump(struct cperf_options *opts) printf("#\n"); printf("# number of queue pairs per device: %u\n", opts->nb_qps); printf("# crypto operation: %s\n", cperf_op_type_strs[opts->op_type]); + if (opts->op_type == CPERF_ASYM_SM2) + printf("# asym operation type: %s\n", + rte_crypto_asym_op_strings[opts->asym_op_type]); printf("# sessionless: %s\n", opts->sessionless ? "yes" : "no"); printf("# out of place: %s\n", opts->out_of_place ? "yes" : "no"); if (opts->test == CPERF_TEST_TYPE_PMDCC) diff --git a/app/test-crypto-perf/cperf_test_common.c b/app/test-crypto-perf/cperf_test_common.c index 0f1f0b72c1..14ca9e964a 100644 --- a/app/test-crypto-perf/cperf_test_common.c +++ b/app/test-crypto-perf/cperf_test_common.c @@ -305,7 +305,8 @@ cperf_mbuf_set(struct rte_mbuf *mbuf, bool cperf_is_asym_test(const struct cperf_options *options) { - if (options->op_type == CPERF_ASYM_MODEX) + if (options->op_type == CPERF_ASYM_MODEX || + options->op_type == CPERF_ASYM_SM2) return true; return false; diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c index de43d303a5..5ea5333029 100644 --- a/app/test-crypto-perf/cperf_test_vectors.c +++ b/app/test-crypto-perf/cperf_test_vectors.c @@ -804,6 +804,80 @@ cperf_modex_test_data modex_perf_data[10] = { } }; +static uint8_t fp256_pkey[] = { + 0x77, 0x84, 0x35, 0x65, 0x4c, 0x7a, 0x6d, 0xb1, + 0x1e, 0x63, 0x0b, 0x41, 0x97, 0x36, 0x04, 0xf4, + 0xec, 0x35, 0xee, 0x3b, 0x76, 0xc2, 0x34, 0x08, + 0xd9, 0x4a, 0x22, 0x0d, 0x7f, 0xf6, 0xc6, 0x90 +}; + +static uint8_t fp256_qx[] = { + 0x7b, 0x24, 0xa3, 0x03, 0xcf, 0xb2, 0x22, 0xfa, + 0x4c, 0xb3, 0x88, 0x54, 0xf9, 0x30, 0xd1, 0x4d, + 0xe3, 0x50, 0xda, 0xba, 0xe6, 0xa7, 0x0b, 0x91, + 0x4c, 0x04, 0x0d, 0x5c, 0xe0, 0x8e, 0x86, 0xc5 +}; + +static uint8_t fp256_qy[] = { + 0xbc, 0x39, 0xe3, 0x19, 0x4e, 0xd2, 0x29, 0x22, + 0x5b, 0x37, 0x2d, 0xeb, 0xcc, 0x05, 0x52, 0x8d, + 0xb9, 0x40, 0xa3, 0xab, 0x3c, 0xbe, 0x16, 0x30, + 0x1c, 0xe4, 0xe8, 0x7f, 0xba, 0x6e, 0x0b, 0xae +}; + +static uint8_t fp256_k[] = { + 0x01, 0x04, 0x02, 0x05, 0x04, 0x06, 0x03, 0x07 +}; + +static uint8_t fp256_sign_r[] = { + 0x75, 0x2B, 0x8C, 0x15, 0x38, 0x10, 0xF6, 0xC0, + 0x28, 0xC9, 0x8A, 0x51, 0xD0, 0x62, 0x69, 0x4B, + 0xF6, 0x58, 0x06, 0xEB, 0xF1, 0x91, 0x1F, 0x15, + 0x8B, 0x08, 0x09, 0xF9, 0x88, 0x0A, 0x44, 0x24 +}; + +static uint8_t fp256_sign_s[] = { + 0x5A, 0x3C, 0x96, 0x3E, 0x1C, 0xB4, 0x19, 0xF9, + 0xD7, 0x78, 0xB8, 0xCE, 0xFF, 0x9D, 0xB1, 0x31, + 0x77, 0xDB, 0xA0, 0xFE, 0x84, 0x61, 0x1A, 0xD9, + 0x4E, 0xFF, 0x82, 0x13, 0x1C, 0xCA, 0x04, 0x75, +}; + +static uint8_t fp256_id[] = { + 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8 +}; + +static uint8_t fp256_message[] = { + 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x20, + 0x64, 0x69, 0x67, 0x65, 0x73, 0x74 +}; + +static uint8_t fp256_digest[] = { + 0x0F, 0xB5, 0xCE, 0xF3, 0x3C, 0xB7, 0xD1, 0x35, + 0xA9, 0x3A, 0xC7, 0xA7, 0x89, 0x2A, 0x6D, 0x9A, + 0xF3, 0x1E, 0xC5, 0x38, 0xD3, 0x65, 0x1B, 0xB9, + 0xDF, 0x5F, 0x7F, 0x4A, 0xD8, 0x89, 0x57, 0xF1 +}; + +static uint8_t fp256_cipher[] = { + 0x30, 0x78, 0x02, 0x21, 0x00, 0xAB, 0xBD, 0xE8, + 0xE8, 0x80, 0x93, 0x36, 0x77, 0xB6, 0x44, 0x47, + 0x6D, 0x00, 0xF6, 0x51, 0xC8, 0x80, 0x9C, 0x9E, + 0xD9, 0xEC, 0x36, 0x8A, 0x60, 0x8E, 0x26, 0x2D, + 0x71, 0x31, 0xB7, 0xC1, 0x38, 0x02, 0x21, 0x00, + 0xE1, 0xBF, 0x4C, 0x13, 0x7A, 0x87, 0x40, 0x32, + 0xF5, 0xA1, 0xE2, 0xA1, 0x3B, 0x83, 0xBF, 0x6B, + 0x3F, 0xFB, 0xC8, 0x13, 0x01, 0xDE, 0xCF, 0xC0, + 0xF4, 0x24, 0x66, 0x52, 0x89, 0xDA, 0x6D, 0x7A, + 0x04, 0x20, 0x8E, 0xFD, 0x52, 0x77, 0xC9, 0xE7, + 0x90, 0xD1, 0x17, 0x75, 0xDE, 0xEE, 0xF3, 0xE5, + 0x11, 0x0C, 0x5D, 0xE1, 0x3A, 0xB6, 0x2B, 0x72, + 0x60, 0xE5, 0xD5, 0xF3, 0x0F, 0xE2, 0x44, 0xDB, + 0xBC, 0x66, 0x04, 0x0E, 0x78, 0x2D, 0xC0, 0x3D, + 0x38, 0xA2, 0x42, 0xA4, 0x8E, 0x8B, 0xF5, 0x06, + 0x32, 0xFA +}; + uint8_t plaintext[2048] = { 0x71, 0x75, 0x83, 0x98, 0x75, 0x42, 0x51, 0x09, 0x94, 0x02, 0x13, 0x20, 0x15, 0x64, 0x46, 0x32, 0x08, 0x18, 0x91, 0x82, 0x86, 0x52, 0x23, 0x93, @@ -1208,6 +1282,52 @@ uint8_t ipsec_plaintext[2048] = { 0x75, 0x67, 0x00, 0x01 }; +/** SM2 Fp256 elliptic curve test params */ +struct +cperf_sm2_test_data sm2_perf_data = { + .pubkey_qx = { + .data = fp256_qx, + .length = sizeof(fp256_qx), + }, + .pubkey_qy = { + .data = fp256_qy, + .length = sizeof(fp256_qy), + }, + .k = { + .data = fp256_k, + .length = sizeof(fp256_k), + }, + .sign_r = { + .data = fp256_sign_r, + .length = sizeof(fp256_sign_r), + }, + .sign_s = { + .data = fp256_sign_s, + .length = sizeof(fp256_sign_s), + }, + .id = { + .data = fp256_id, + .length = sizeof(fp256_id), + }, + .pkey = { + .data = fp256_pkey, + .length = sizeof(fp256_pkey), + }, + .message = { + .data = fp256_message, + .length = sizeof(fp256_message), + }, + .digest = { + .data = fp256_digest, + .length = sizeof(fp256_digest), + }, + .cipher = { + .data = fp256_cipher, + .length = sizeof(fp256_cipher), + }, + .curve = RTE_CRYPTO_EC_GROUP_SM2 +}; + struct cperf_test_vector* cperf_test_vector_get_dummy(struct cperf_options *options) { diff --git a/app/test-crypto-perf/cperf_test_vectors.h b/app/test-crypto-perf/cperf_test_vectors.h index a3e431e5e6..a218081d6e 100644 --- a/app/test-crypto-perf/cperf_test_vectors.h +++ b/app/test-crypto-perf/cperf_test_vectors.h @@ -75,6 +75,16 @@ struct cperf_test_vector { uint32_t mlen; uint32_t elen; } modex; + + struct { + uint8_t *sign_r; + uint8_t *sign_s; + uint8_t *message; + uint8_t *cipher; + uint32_t sign_len; + uint32_t msg_len; + uint32_t cipher_len; + } sm2; }; struct cperf_modex_test_data { @@ -97,6 +107,20 @@ struct cperf_modex_test_data { } result; }; +struct cperf_sm2_test_data { + rte_crypto_param pubkey_qx; + rte_crypto_param pubkey_qy; + rte_crypto_param pkey; + rte_crypto_param k; + rte_crypto_param sign_r; + rte_crypto_param sign_s; + rte_crypto_param id; + rte_crypto_param cipher; + rte_crypto_param message; + rte_crypto_param digest; + int curve; +}; + struct cperf_test_vector* cperf_test_vector_get_dummy(struct cperf_options *options); @@ -111,5 +135,6 @@ extern uint8_t aad[]; extern uint8_t digest[2048]; extern struct cperf_modex_test_data modex_perf_data[10]; +extern struct cperf_sm2_test_data sm2_perf_data; #endif diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c index 780f22f399..2f39edbe6a 100644 --- a/app/test-crypto-perf/main.c +++ b/app/test-crypto-perf/main.c @@ -45,6 +45,7 @@ const char *cperf_op_type_strs[] = { [CPERF_DOCSIS] = "docsis", [CPERF_IPSEC] = "ipsec", [CPERF_ASYM_MODEX] = "modex", + [CPERF_ASYM_SM2] = "sm2", [CPERF_TLS] = "tls-record" }; @@ -224,6 +225,7 @@ cperf_initialize_cryptodev(struct cperf_options *opts, uint8_t *enabled_cdevs) }; switch (opts->op_type) { + case CPERF_ASYM_SM2: case CPERF_ASYM_MODEX: conf.ff_disable |= (RTE_CRYPTODEV_FF_SECURITY | RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO); @@ -362,6 +364,65 @@ cperf_verify_devices_capabilities(struct cperf_options *opts, } + if (opts->op_type == CPERF_ASYM_SM2) { + asym_cap_idx.type = RTE_CRYPTO_ASYM_XFORM_SM2; + asym_capability = rte_cryptodev_asym_capability_get(cdev_id, &asym_cap_idx); + if (asym_capability == NULL) + return -1; + + if (!rte_cryptodev_asym_xform_capability_check_optype(asym_capability, + opts->asym_op_type)) + return -1; + + if (rte_cryptodev_asym_xform_capability_check_hash(asym_capability, + RTE_CRYPTO_AUTH_SM3)) { + opts->asym_hash_alg = RTE_CRYPTO_AUTH_SM3; + if (opts->asym_op_type == RTE_CRYPTO_ASYM_OP_SIGN || + opts->asym_op_type == RTE_CRYPTO_ASYM_OP_VERIFY) { + opts->sm2_data->message.data = sm2_perf_data.message.data; + opts->sm2_data->message.length = + sm2_perf_data.message.length; + opts->sm2_data->id.data = sm2_perf_data.id.data; + opts->sm2_data->id.length = sm2_perf_data.id.length; + } + } else { + opts->asym_hash_alg = RTE_CRYPTO_AUTH_NULL; + if (opts->asym_op_type == RTE_CRYPTO_ASYM_OP_SIGN || + opts->asym_op_type == RTE_CRYPTO_ASYM_OP_VERIFY) { + opts->sm2_data->message.data = sm2_perf_data.digest.data; + opts->sm2_data->message.length = + sm2_perf_data.digest.length; + opts->sm2_data->id.data = NULL; + opts->sm2_data->id.length = 0; + } + } + if (asym_capability->internal_rng != 0) { + opts->sm2_data->k.data = NULL; + opts->sm2_data->k.length = 0; + } + if (opts->asym_op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) { + opts->sm2_data->message.data = sm2_perf_data.message.data; + opts->sm2_data->message.length = sm2_perf_data.message.length; + opts->sm2_data->cipher.data = sm2_perf_data.cipher.data; + opts->sm2_data->cipher.length = sm2_perf_data.cipher.length; + } else if (opts->asym_op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) { + opts->sm2_data->cipher.data = sm2_perf_data.cipher.data; + opts->sm2_data->cipher.length = sm2_perf_data.cipher.length; + opts->sm2_data->message.data = sm2_perf_data.message.data; + opts->sm2_data->message.length = sm2_perf_data.message.length; + } else if (opts->asym_op_type == RTE_CRYPTO_ASYM_OP_SIGN) { + opts->sm2_data->sign_r.data = sm2_perf_data.sign_r.data; + opts->sm2_data->sign_r.length = sm2_perf_data.sign_r.length; + opts->sm2_data->sign_s.data = sm2_perf_data.sign_s.data; + opts->sm2_data->sign_s.length = sm2_perf_data.sign_s.length; + } else if (opts->asym_op_type == RTE_CRYPTO_ASYM_OP_VERIFY) { + opts->sm2_data->sign_r.data = sm2_perf_data.sign_r.data; + opts->sm2_data->sign_r.length = sm2_perf_data.sign_r.length; + opts->sm2_data->sign_s.data = sm2_perf_data.sign_s.data; + opts->sm2_data->sign_s.length = sm2_perf_data.sign_s.length; + } + } + if (opts->op_type == CPERF_AUTH_ONLY || opts->op_type == CPERF_CIPHER_THEN_AUTH || opts->op_type == CPERF_AUTH_THEN_CIPHER) { diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst index facf412799..8cfb194f10 100644 --- a/doc/guides/tools/cryptoperf.rst +++ b/doc/guides/tools/cryptoperf.rst @@ -175,6 +175,7 @@ The following are the application command-line options: pdcp docsis modex + sm2 ipsec tls-record @@ -342,6 +343,11 @@ The following are the application command-line options: Set modex length for asymmetric crypto perf test. Supported lengths are 60, 128, 255, 448. Default length is 128. +* ``--asym-op `` + + Set Asymmetric crypto operation mode. + To be used with SM2 asymmetric crypto ops. Default is ``sign``. + * ``--tls-version `` Set TLS/DTLS protocol version for perf test (default is TLS1.2). -- 2.25.1