[v1,3/6] cryptodev: add hash support in asymmetric capability
Checks
Commit Message
Most of the asymmetric operations start with hash of the input.
Add a new field in asymmetric capability to declare support
for hash operations that PMD can support for the asymmetric
operations. Application can skip computing hash if PMD already
supports it.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 1 +
lib/cryptodev/cryptodev_trace.h | 9 +++++++++
lib/cryptodev/cryptodev_trace_points.c | 3 +++
lib/cryptodev/rte_crypto_asym.h | 3 +++
lib/cryptodev/rte_cryptodev.c | 16 ++++++++++++++++
lib/cryptodev/rte_cryptodev.h | 19 +++++++++++++++++++
lib/cryptodev/version.map | 1 +
7 files changed, 52 insertions(+)
Comments
Hi Gowrishankar,
> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> Sent: Thursday, August 10, 2023 11:35 AM
> To: dev@dpdk.org
> Cc: anoobj@marvell.com; Akhil Goyal <gakhil@marvell.com>; Fan Zhang
> <fanzhang.oss@gmail.com>; Ji, Kai <kai.ji@intel.com>; Gowrishankar
> Muthukrishnan <gmuthukrishn@marvell.com>
> Subject: [v1 3/6] cryptodev: add hash support in asymmetric capability
>
> Most of the asymmetric operations start with hash of the input.
> Add a new field in asymmetric capability to declare support for hash operations
> that PMD can support for the asymmetric operations. Application can skip
> computing hash if PMD already supports it.
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
> drivers/crypto/openssl/rte_openssl_pmd_ops.c | 1 +
> lib/cryptodev/cryptodev_trace.h | 9 +++++++++
> lib/cryptodev/cryptodev_trace_points.c | 3 +++
> lib/cryptodev/rte_crypto_asym.h | 3 +++
> lib/cryptodev/rte_cryptodev.c | 16 ++++++++++++++++
> lib/cryptodev/rte_cryptodev.h | 19 +++++++++++++++++++
> lib/cryptodev/version.map | 1 +
> 7 files changed, 52 insertions(+)
>
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 0f88669f41..0b3601db40 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> @@ -598,6 +598,7 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
> {.asym = {
> .xform_capa = {
> .xform_type =
> RTE_CRYPTO_ASYM_XFORM_SM2,
> + .hash_algos = (1 << RTE_CRYPTO_AUTH_SM3),
> .op_types =
> ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
> (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | diff --
> git a/lib/cryptodev/cryptodev_trace.h b/lib/cryptodev/cryptodev_trace.h index
> aab44af96b..935f0d564b 100644
> --- a/lib/cryptodev/cryptodev_trace.h
> +++ b/lib/cryptodev/cryptodev_trace.h
> @@ -520,6 +520,15 @@ RTE_TRACE_POINT(
> rte_trace_point_emit_int(ret);
> )
>
> +RTE_TRACE_POINT(
> + rte_cryptodev_trace_asym_xform_capability_check_hash,
> + RTE_TRACE_POINT_ARGS(uint64_t hash_algos,
> + enum rte_crypto_auth_algorithm hash, int ret),
> + rte_trace_point_emit_u64(hash_algos);
> + rte_trace_point_emit_int(hash);
> + rte_trace_point_emit_int(ret);
> +)
> +
> RTE_TRACE_POINT(
> rte_cryptodev_trace_count,
> RTE_TRACE_POINT_ARGS(uint8_t nb_devs), diff --git
> a/lib/cryptodev/cryptodev_trace_points.c
> b/lib/cryptodev/cryptodev_trace_points.c
> index e2303fdb52..8c47ab1e78 100644
> --- a/lib/cryptodev/cryptodev_trace_points.c
> +++ b/lib/cryptodev/cryptodev_trace_points.c
> @@ -144,6 +144,9 @@
> RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_ch
> eck_modlen,
>
> RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_ch
> eck_optype,
> lib.cryptodev.asym.xform.capability.check.optype)
>
> +RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_c
> heck_hash,
> + lib.cryptodev.asym.xform.capability.check.hash)
> +
> RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_cpu_crypto_process,
> lib.cryptodev.sym.cpu.crypto.process)
>
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 8b5794fb7c..51f5476c6e 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -377,6 +377,9 @@ struct rte_crypto_dsa_xform { struct
> rte_crypto_ec_xform {
> enum rte_crypto_curve_id curve_id;
> /**< Pre-defined ec groups */
> +
> + enum rte_crypto_auth_algorithm hash;
[Arek] I think that session should only contain information that are constant across its lifetime. Here we decided to have a curve id, but this could be curve + key. But hash may be different for any op, additionally this xform is used for key exchange; multiplication or potentially encryption/decryption., which usually does not need any hash. I would have it in the op.
> + /**< Hash algorithm used in EC op. */
> };
>
> /**
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c index
> c49d342b17..041d3074db 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -718,6 +718,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
> return ret;
> }
>
> +bool
> +rte_cryptodev_asym_xform_capability_check_hash(
> + const struct rte_cryptodev_asymmetric_xform_capability *capability,
> + enum rte_crypto_auth_algorithm hash)
> +{
> + bool ret = false;
> +
> + if (capability->hash_algos & (1 << hash))
> + ret = true;
> +
> + rte_cryptodev_trace_asym_xform_capability_check_hash(
> + capability->hash_algos, hash, ret);
> +
> + return ret;
> +}
> +
> /* spinlock for crypto device enq callbacks */ static rte_spinlock_t
> rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
>
> diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h index
> 64810c9ec4..536e082244 100644
> --- a/lib/cryptodev/rte_cryptodev.h
> +++ b/lib/cryptodev/rte_cryptodev.h
> @@ -189,6 +189,9 @@ struct rte_cryptodev_asymmetric_xform_capability {
> * random value. Otherwise, PMD would internally compute the
> random number.
> */
> };
> +
> + uint64_t hash_algos;
> + /**< Bitmask of hash algorithms supported for op_type. */
> };
>
> /**
> @@ -348,6 +351,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
> const struct rte_cryptodev_asymmetric_xform_capability *capability,
> uint16_t modlen);
>
> +/**
> + * Check if hash algorithm is supported.
> + *
> + * @param capability Asymmetric crypto capability.
> + * @param hash Hash algorithm.
> + *
> + * @return
> + * - Return true if the hash algorithm is supported.
> + * - Return false if the hash algorithm is not supported.
> + */
> +__rte_experimental
> +bool
> +rte_cryptodev_asym_xform_capability_check_hash(
> + const struct rte_cryptodev_asymmetric_xform_capability *capability,
> + enum rte_crypto_auth_algorithm hash);
> +
> /**
> * Provide the cipher algorithm enum, given an algorithm string
> *
> diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map index
> ae8d9327b4..3c2d1780e0 100644
> --- a/lib/cryptodev/version.map
> +++ b/lib/cryptodev/version.map
> @@ -54,6 +54,7 @@ EXPERIMENTAL {
> rte_cryptodev_asym_get_xform_enum;
> rte_cryptodev_asym_session_create;
> rte_cryptodev_asym_session_free;
> + rte_cryptodev_asym_xform_capability_check_hash;
> rte_cryptodev_asym_xform_capability_check_modlen;
> rte_cryptodev_asym_xform_capability_check_optype;
> rte_cryptodev_sym_cpu_crypto_process;
> --
> 2.25.1
Hi Arek,
> > rte_crypto_ec_xform {
> > enum rte_crypto_curve_id curve_id;
> > /**< Pre-defined ec groups */
> > +
> > + enum rte_crypto_auth_algorithm hash;
> [Arek] I think that session should only contain information that are constant
> across its lifetime. Here we decided to have a curve id, but this could be
> curve + key. But hash may be different for any op, additionally this xform is
> used for key exchange; multiplication or potentially encryption/decryption.,
> which usually does not need any hash. I would have it in the op.
Ack. I will send next version of this series with this modification.
Reason we had in xform is to stop app not to process enq if session creation itself
would fail (without required capability).
In the next version of patch, you would see (2/7), you keys moved into session.
Thanks,
Gowrishankar
> > + /**< Hash algorithm used in EC op. */
> > };
> >
> > /**
> > diff --git a/lib/cryptodev/rte_cryptodev.c
> > b/lib/cryptodev/rte_cryptodev.c index c49d342b17..041d3074db 100644
> > --- a/lib/cryptodev/rte_cryptodev.c
> > +++ b/lib/cryptodev/rte_cryptodev.c
> > @@ -718,6 +718,22 @@
> rte_cryptodev_asym_xform_capability_check_modlen(
> > return ret;
> > }
> >
> > +bool
> > +rte_cryptodev_asym_xform_capability_check_hash(
> > + const struct rte_cryptodev_asymmetric_xform_capability
> *capability,
> > + enum rte_crypto_auth_algorithm hash) {
> > + bool ret = false;
> > +
> > + if (capability->hash_algos & (1 << hash))
> > + ret = true;
> > +
> > + rte_cryptodev_trace_asym_xform_capability_check_hash(
> > + capability->hash_algos, hash, ret);
> > +
> > + return ret;
> > +}
> > +
> > /* spinlock for crypto device enq callbacks */ static rte_spinlock_t
> > rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
> >
> > diff --git a/lib/cryptodev/rte_cryptodev.h
> > b/lib/cryptodev/rte_cryptodev.h index
> > 64810c9ec4..536e082244 100644
> > --- a/lib/cryptodev/rte_cryptodev.h
> > +++ b/lib/cryptodev/rte_cryptodev.h
> > @@ -189,6 +189,9 @@ struct rte_cryptodev_asymmetric_xform_capability
> {
> > * random value. Otherwise, PMD would internally compute
> the random
> > number.
> > */
> > };
> > +
> > + uint64_t hash_algos;
> > + /**< Bitmask of hash algorithms supported for op_type. */
> > };
> >
> > /**
> > @@ -348,6 +351,22 @@
> rte_cryptodev_asym_xform_capability_check_modlen(
> > const struct rte_cryptodev_asymmetric_xform_capability
> *capability,
> > uint16_t modlen);
> >
> > +/**
> > + * Check if hash algorithm is supported.
> > + *
> > + * @param capability Asymmetric crypto capability.
> > + * @param hash Hash algorithm.
> > + *
> > + * @return
> > + * - Return true if the hash algorithm is supported.
> > + * - Return false if the hash algorithm is not supported.
> > + */
> > +__rte_experimental
> > +bool
> > +rte_cryptodev_asym_xform_capability_check_hash(
> > + const struct rte_cryptodev_asymmetric_xform_capability
> *capability,
> > + enum rte_crypto_auth_algorithm hash);
> > +
> > /**
> > * Provide the cipher algorithm enum, given an algorithm string
> > *
> > diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
> > index
> > ae8d9327b4..3c2d1780e0 100644
> > --- a/lib/cryptodev/version.map
> > +++ b/lib/cryptodev/version.map
> > @@ -54,6 +54,7 @@ EXPERIMENTAL {
> > rte_cryptodev_asym_get_xform_enum;
> > rte_cryptodev_asym_session_create;
> > rte_cryptodev_asym_session_free;
> > + rte_cryptodev_asym_xform_capability_check_hash;
> > rte_cryptodev_asym_xform_capability_check_modlen;
> > rte_cryptodev_asym_xform_capability_check_optype;
> > rte_cryptodev_sym_cpu_crypto_process;
> > --
> > 2.25.1
@@ -598,6 +598,7 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
{.asym = {
.xform_capa = {
.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+ .hash_algos = (1 << RTE_CRYPTO_AUTH_SM3),
.op_types =
((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
(1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
@@ -520,6 +520,15 @@ RTE_TRACE_POINT(
rte_trace_point_emit_int(ret);
)
+RTE_TRACE_POINT(
+ rte_cryptodev_trace_asym_xform_capability_check_hash,
+ RTE_TRACE_POINT_ARGS(uint64_t hash_algos,
+ enum rte_crypto_auth_algorithm hash, int ret),
+ rte_trace_point_emit_u64(hash_algos);
+ rte_trace_point_emit_int(hash);
+ rte_trace_point_emit_int(ret);
+)
+
RTE_TRACE_POINT(
rte_cryptodev_trace_count,
RTE_TRACE_POINT_ARGS(uint8_t nb_devs),
@@ -144,6 +144,9 @@ RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_modlen,
RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_optype,
lib.cryptodev.asym.xform.capability.check.optype)
+RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_hash,
+ lib.cryptodev.asym.xform.capability.check.hash)
+
RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_cpu_crypto_process,
lib.cryptodev.sym.cpu.crypto.process)
@@ -377,6 +377,9 @@ struct rte_crypto_dsa_xform {
struct rte_crypto_ec_xform {
enum rte_crypto_curve_id curve_id;
/**< Pre-defined ec groups */
+
+ enum rte_crypto_auth_algorithm hash;
+ /**< Hash algorithm used in EC op. */
};
/**
@@ -718,6 +718,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
return ret;
}
+bool
+rte_cryptodev_asym_xform_capability_check_hash(
+ const struct rte_cryptodev_asymmetric_xform_capability *capability,
+ enum rte_crypto_auth_algorithm hash)
+{
+ bool ret = false;
+
+ if (capability->hash_algos & (1 << hash))
+ ret = true;
+
+ rte_cryptodev_trace_asym_xform_capability_check_hash(
+ capability->hash_algos, hash, ret);
+
+ return ret;
+}
+
/* spinlock for crypto device enq callbacks */
static rte_spinlock_t rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
@@ -189,6 +189,9 @@ struct rte_cryptodev_asymmetric_xform_capability {
* random value. Otherwise, PMD would internally compute the random number.
*/
};
+
+ uint64_t hash_algos;
+ /**< Bitmask of hash algorithms supported for op_type. */
};
/**
@@ -348,6 +351,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
const struct rte_cryptodev_asymmetric_xform_capability *capability,
uint16_t modlen);
+/**
+ * Check if hash algorithm is supported.
+ *
+ * @param capability Asymmetric crypto capability.
+ * @param hash Hash algorithm.
+ *
+ * @return
+ * - Return true if the hash algorithm is supported.
+ * - Return false if the hash algorithm is not supported.
+ */
+__rte_experimental
+bool
+rte_cryptodev_asym_xform_capability_check_hash(
+ const struct rte_cryptodev_asymmetric_xform_capability *capability,
+ enum rte_crypto_auth_algorithm hash);
+
/**
* Provide the cipher algorithm enum, given an algorithm string
*
@@ -54,6 +54,7 @@ EXPERIMENTAL {
rte_cryptodev_asym_get_xform_enum;
rte_cryptodev_asym_session_create;
rte_cryptodev_asym_session_free;
+ rte_cryptodev_asym_xform_capability_check_hash;
rte_cryptodev_asym_xform_capability_check_modlen;
rte_cryptodev_asym_xform_capability_check_optype;
rte_cryptodev_sym_cpu_crypto_process;