From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7A34945AA3; Fri, 4 Oct 2024 20:13:06 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4D23A42EAF; Fri, 4 Oct 2024 20:13:06 +0200 (CEST) Received: from mx0a-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id CFC034028E for ; Fri, 4 Oct 2024 20:13:04 +0200 (CEST) Received: from pps.filterd (m0431384.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 494E9331015845; Fri, 4 Oct 2024 11:13:04 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=pfpt0220; bh=/ R3Jtnb9PRwgoboM/Ye3YPmrpI0wXmsVH0qOycxWkQo=; b=L4YWCFB6aDFE9qvJ9 JMDVNE2zTLyzSFL1vadcTJKbztoherclBPCTaLgpKDj6U8MqRZDpui9aqFw+zIhd Q1Hp0s4cGnod9rs/ACkhlEi3z6KlG4cEvjQm7CanEHNpAKfoRmRWjLSc/WB4pPak 1jqrBBMvFPCSMK5e/My24AXJou+fgJvM/JI3+1+qXmhh1JesHsMffdFTsczsJQkR Q4OqckaU8B9XAYPXfCNCJHABgdcHJ/izbHI1RhwH0keMOQoi1kGL78GSVdwAqMQj qYKUkxyejdGPAOC1/XD70jsU2LxM2Eqe+NZ9gVrG7Lz9QP+cYa5v5ECzB2mlkzbv vbYeA== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 42204rah1w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 04 Oct 2024 11:13:03 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Fri, 4 Oct 2024 11:13:02 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1544.4 via Frontend Transport; Fri, 4 Oct 2024 11:13:02 -0700 Received: from BG-LT91401.marvell.com (BG-LT91401.marvell.com [10.28.168.34]) by maili.marvell.com (Postfix) with ESMTP id 948CA3F7057; Fri, 4 Oct 2024 11:12:58 -0700 (PDT) From: Gowrishankar Muthukrishnan To: , , Akhil Goyal , Fan Zhang , Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj , Kai Ji CC: , , "Gowrishankar Muthukrishnan" Subject: [PATCH v2] cryptodev: add asymmetric operational capability Date: Fri, 4 Oct 2024 23:42:51 +0530 Message-ID: <20241004181255.916-1-gmuthukrishn@marvell.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20240905181725.2040-1-gmuthukrishn@marvell.com> References: <20240905181725.2040-1-gmuthukrishn@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: MEi1sZXBdUeEfe4t66aRiIM9fXUFgW3p X-Proofpoint-ORIG-GUID: MEi1sZXBdUeEfe4t66aRiIM9fXUFgW3p X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.687,Hydra:6.0.235,FMLib:17.0.607.475 definitions=2020-10-13_15,2020-10-13_02,2020-04-07_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Asymmetric crypto algorithms such as SM2, EdDSA would need per op capability and based on it, the input param to a crypto operation is chosen wisely. Signed-off-by: Gowrishankar Muthukrishnan --- v2: - op_capa is array of int instead of structure. - compilation issues addressed. --- app/test/test_cryptodev_asym.c | 24 ++++++++++++------- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 8 ++++++- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 17 +++++++++---- lib/cryptodev/rte_crypto_asym.h | 12 ++++++++++ lib/cryptodev/rte_cryptodev.c | 16 +++++++++++++ lib/cryptodev/rte_cryptodev.h | 23 ++++++++++++++++++ lib/cryptodev/version.map | 3 +++ 7 files changed, 89 insertions(+), 14 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index f0b5d38543..d9b260d50e 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -2611,7 +2611,8 @@ test_sm2_sign(void) /* Populate op with operational details */ asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_SIGN; - if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) + if (rte_cryptodev_asym_xform_capability_check_opcap(capa, + RTE_CRYPTO_ASYM_OP_SIGN, RTE_CRYPTO_SM2_PH)) asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3; else asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; @@ -2628,7 +2629,8 @@ test_sm2_sign(void) asym_op->sm2.id.length = 0; } - if (capa->internal_rng != 0) { + if (rte_cryptodev_asym_xform_capability_check_opcap(capa, + RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_RNG)) { asym_op->sm2.k.data = NULL; asym_op->sm2.k.length = 0; } else { @@ -2677,7 +2679,8 @@ test_sm2_sign(void) debug_hexdump(stdout, "s:", asym_op->sm2.s.data, asym_op->sm2.s.length); - if (capa->internal_rng == 0) { + if (!rte_cryptodev_asym_xform_capability_check_opcap(capa, + RTE_CRYPTO_ASYM_OP_SIGN, RTE_CRYPTO_SM2_RNG)) { /* Verify sign (by comparison). */ if (memcmp(input_params.sign_r.data, asym_op->sm2.r.data, asym_op->sm2.r.length) != 0) { @@ -2802,7 +2805,8 @@ test_sm2_verify(void) /* Populate op with operational details */ asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_VERIFY; - if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) + if (rte_cryptodev_asym_xform_capability_check_opcap(capa, + RTE_CRYPTO_ASYM_OP_VERIFY, RTE_CRYPTO_SM2_PH)) asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3; else asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; @@ -2924,7 +2928,8 @@ test_sm2_enc(void) /* Populate op with operational details */ asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT; - if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) + if (rte_cryptodev_asym_xform_capability_check_opcap(capa, + RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_PH)) asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3; else asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; @@ -2932,7 +2937,8 @@ test_sm2_enc(void) asym_op->sm2.message.data = input_params.message.data; asym_op->sm2.message.length = input_params.message.length; - if (capa->internal_rng != 0) { + if (rte_cryptodev_asym_xform_capability_check_opcap(capa, + RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_RNG)) { asym_op->sm2.k.data = NULL; asym_op->sm2.k.length = 0; } else { @@ -2978,7 +2984,8 @@ test_sm2_enc(void) debug_hexdump(stdout, "cipher:", asym_op->sm2.cipher.data, asym_op->sm2.cipher.length); - if (capa->internal_rng == 0) { + if (!rte_cryptodev_asym_xform_capability_check_opcap(capa, + RTE_CRYPTO_ASYM_OP_ENCRYPT, RTE_CRYPTO_SM2_RNG)) { if (memcmp(input_params.cipher.data, asym_op->sm2.cipher.data, asym_op->sm2.cipher.length) != 0) { status = TEST_FAILED; @@ -3105,7 +3112,8 @@ test_sm2_dec(void) /* Populate op with operational details */ asym_op->sm2.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT; - if (rte_cryptodev_asym_xform_capability_check_hash(capa, RTE_CRYPTO_AUTH_SM3)) + if (rte_cryptodev_asym_xform_capability_check_opcap(capa, + RTE_CRYPTO_ASYM_OP_DECRYPT, RTE_CRYPTO_SM2_PH)) asym_op->sm2.hash = RTE_CRYPTO_AUTH_SM3; else asym_op->sm2.hash = RTE_CRYPTO_AUTH_NULL; diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 0d5d64b6e7..0a19fc732b 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -1194,7 +1194,13 @@ static const struct rte_cryptodev_capabilities caps_sm2[] = { .xform_capa = { .xform_type = RTE_CRYPTO_ASYM_XFORM_SM2, .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | - (1 << RTE_CRYPTO_ASYM_OP_VERIFY)) + (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | + (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | + (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), + .op_capa = { + (1 << RTE_CRYPTO_SM2_PKE_KDF), + (1 << RTE_CRYPTO_SM2_PKE_KDF), + } } } } diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index b7b612fc57..6f81bcb110 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -598,15 +598,22 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { {.asym = { .xform_capa = { .xform_type = RTE_CRYPTO_ASYM_XFORM_SM2, - .hash_algos = (1 << RTE_CRYPTO_AUTH_SM3), .op_types = - ((1<op_types & (1 << op_type))) + return ret; + + if (capability->op_capa[op_type] & (1 << cap)) + ret = 1; + + return ret; +} + /* spinlock for crypto device enq callbacks */ static rte_spinlock_t rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER; diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h index bec947f6d5..aa6ef3a94d 100644 --- a/lib/cryptodev/rte_cryptodev.h +++ b/lib/cryptodev/rte_cryptodev.h @@ -185,6 +185,9 @@ struct rte_cryptodev_asymmetric_xform_capability { * Value 0 means unavailable, and application should pass the required * random value. Otherwise, PMD would internally compute the random number. */ + + uint32_t op_capa[RTE_CRYPTO_ASYM_OP_LIST_END]; + /**< Operation specific capabilities. */ }; uint64_t hash_algos; @@ -359,6 +362,26 @@ rte_cryptodev_asym_xform_capability_check_hash( const struct rte_cryptodev_asymmetric_xform_capability *capability, enum rte_crypto_auth_algorithm hash); +/** + * @warning + * @b EXPERIMENTAL: this API may change without prior notice. + * + * Check if op capability is supported + * + * @param capability Description of the asymmetric crypto capability. + * @param op_type op type + * @param cap op capability + * + * @return + * - Return 1 if the op capability is supported + * - Return 0 if unsupported + */ +__rte_experimental +int +rte_cryptodev_asym_xform_capability_check_opcap( + const struct rte_cryptodev_asymmetric_xform_capability *capability, + enum rte_crypto_asym_op_type op_type, uint8_t cap); + /** * Provide the cipher algorithm enum, given an algorithm string * diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map index 594c501855..5d40b7fed0 100644 --- a/lib/cryptodev/version.map +++ b/lib/cryptodev/version.map @@ -87,6 +87,9 @@ EXPERIMENTAL { # added in 24.03 __rte_cryptodev_trace_qp_depth_used; + + # added in 24.11 + rte_cryptodev_asym_xform_capability_check_opcap; }; INTERNAL { -- 2.21.0