From patchwork Wed May 25 15:53:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 111838 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 14132A0555; Wed, 25 May 2022 19:05:13 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0390F40E2D; Wed, 25 May 2022 19:05:13 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id 0799040151 for ; Wed, 25 May 2022 19:05:10 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653498311; x=1685034311; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=h0aZ0OzjZnni2v3YKivOkEuo4tE4PZBVfV8sgen5HSI=; b=jWsp5/iO3M+6uljjaQUY/CidTh46zWaEAVIygfPcOE8URkYCU8wQ6WfK CNBew8nv4OfsqEdbn8ekNAJdmBlkqyEIADHzInECnNGAvfIhKAi/FRKiD BHL0fT8aK3CTvrtkhrnABW/6vZ+RQeWYjlWOKg/EGAeLgWWGbuZQo8kdM iIE8jalffTpcL+cYTEF+2VbxiWf5ImlCMxY13TS1WrqKb+6UI6KlKDZ+x zW6z2DMgVFBh0DnlbWsv8tCfJO0jVR1yHffdXLOz5xZ6qzPdL8j7yQaJT Jg2gU2B2t1cBSo5Yb7wQNn4V/Pjda0po9ExoIBseXTWCgOb4Ww5tboQrf Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="273596702" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="273596702" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 10:01:34 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="664502453" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by FMSMGA003.fm.intel.com with ESMTP; 25 May 2022 10:01:32 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 14/14] cryptodev: add asym algorithms capabilities Date: Wed, 25 May 2022 16:53:24 +0100 Message-Id: <20220525155324.9288-15-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - Added asymmetric crypto algorithm specific capability struct. Included fields like random number capability, padding flags etc. Signed-off-by: Arek Kusztal --- app/test-crypto-perf/main.c | 12 +- app/test-eventdev/test_perf_common.c | 2 +- app/test/test_cryptodev_asym.c | 210 +++++++++++++++++++++------ app/test/test_event_crypto_adapter.c | 16 +- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 128 +++++++--------- drivers/crypto/qat/dev/qat_asym_pmd_gen1.c | 68 +++++++-- lib/cryptodev/rte_crypto_asym.h | 48 ++++++ lib/cryptodev/rte_cryptodev.c | 80 +++++++++- lib/cryptodev/rte_cryptodev.h | 75 +++++++++- lib/cryptodev/version.map | 4 + 10 files changed, 495 insertions(+), 148 deletions(-) diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c index 17e30a8e74..f8a4c9cdcf 100644 --- a/app/test-crypto-perf/main.c +++ b/app/test-crypto-perf/main.c @@ -364,8 +364,8 @@ cperf_verify_devices_capabilities(struct cperf_options *opts, struct rte_cryptodev_sym_capability_idx cap_idx; const struct rte_cryptodev_symmetric_capability *capability; struct rte_cryptodev_asym_capability_idx asym_cap_idx; - const struct rte_cryptodev_asymmetric_xform_capability *asym_capability; - + const struct rte_cryptodev_asymmetric_capability *asym_capability; + struct rte_crypto_mod_capability mod_capa = {0}; uint8_t i, cdev_id; int ret; @@ -381,11 +381,11 @@ cperf_verify_devices_capabilities(struct cperf_options *opts, if (asym_capability == NULL) return -1; - ret = rte_cryptodev_asym_xform_capability_check_modlen( - asym_capability, opts->modex_data->modulus.len); - if (ret != 0) + mod_capa.max_mod_size = opts->modex_data->modulus.len; + ret = rte_cryptodev_capa_check_mod(asym_capability, + mod_capa); + if (ret == 0) return ret; - } if (opts->op_type == CPERF_AUTH_ONLY || diff --git a/app/test-eventdev/test_perf_common.c b/app/test-eventdev/test_perf_common.c index b41785492e..ac8e6410ab 100644 --- a/app/test-eventdev/test_perf_common.c +++ b/app/test-eventdev/test_perf_common.c @@ -846,7 +846,7 @@ cryptodev_sym_sess_create(struct prod_data *p, struct test_perf *t) static void * cryptodev_asym_sess_create(struct prod_data *p, struct test_perf *t) { - const struct rte_cryptodev_asymmetric_xform_capability *capability; + const struct rte_cryptodev_asymmetric_capability *capability; struct rte_cryptodev_asym_capability_idx cap_idx; struct rte_crypto_asym_xform xform; void *sess; diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index 072dbb30f4..c531265642 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -311,10 +311,11 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym *ts_params, struct rte_crypto_asym_xform xform_tc; void *sess = NULL; struct rte_cryptodev_asym_capability_idx cap_idx; - const struct rte_cryptodev_asymmetric_xform_capability *capability; + const struct rte_cryptodev_asymmetric_capability *capability; uint8_t dev_id = ts_params->valid_devs[0]; uint8_t input[TEST_DATA_SIZE] = {0}; uint8_t *result = NULL; + struct rte_crypto_mod_capability mod_capa = {0}; int ret, status = TEST_SUCCESS; @@ -358,8 +359,10 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym *ts_params, asym_op->modex.base.length = data_tc->modex.base.len; asym_op->modex.result.data = result; asym_op->modex.result.length = data_tc->modex.result_len; - if (rte_cryptodev_asym_xform_capability_check_modlen(capability, - xform_tc.modex.modulus.length)) { + + mod_capa.max_mod_size = xform_tc.modex.modulus.length; + if (!rte_cryptodev_capa_check_mod(capability, + mod_capa)) { snprintf(test_msg, ASYM_TEST_MSG_LEN, "line %u " "FAILED: %s", __LINE__, @@ -378,8 +381,10 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym *ts_params, asym_op->modinv.base.length = data_tc->modinv.base.len; asym_op->modinv.result.data = result; asym_op->modinv.result.length = data_tc->modinv.result_len; - if (rte_cryptodev_asym_xform_capability_check_modlen(capability, - xform_tc.modinv.modulus.length)) { + + mod_capa.max_mod_size = xform_tc.modinv.modulus.length; + if (!rte_cryptodev_capa_check_mod(capability, + mod_capa)) { snprintf(test_msg, ASYM_TEST_MSG_LEN, "line %u " "FAILED: %s", __LINE__, @@ -963,38 +968,100 @@ ut_teardown_asym(void) rte_cryptodev_stop(ts_params->valid_devs[0]); } -static inline void print_asym_capa( - const struct rte_cryptodev_asymmetric_xform_capability *capa) +static void +print_rsa_capability( + const struct rte_cryptodev_asymmetric_capability *capa) { int i = 0; + printf("\nSupported paddings:"); + for (; i < 32; i++) { + if (capa->rsa.padding & RTE_BIT32(i)) + printf("\n - %s", rte_crypto_asym_rsa_padding[i]); + } + printf("\nSupported hash functions:"); + for (i = 0; i < 32; i++) { + if (capa->rsa.hash & RTE_BIT32(i)) + printf("\n - %s", rte_crypto_auth_algorithm_strings[i]); + } + printf("\nMaximum key size: "); + if (capa->rsa.max_key_size == 0) + printf("Unlimited"); + else + printf("%hu", capa->rsa.max_key_size); +} + +static void +print_supported_curves(uint64_t curves) +{ + int i = 0; + + printf("\nSupported elliptic curves:"); + for (; i < 64; i++) { + if (curves & RTE_BIT64(i)) + printf("\n - %s", rte_crypto_curves_strings[i]); + } +} + +static inline void print_asym_capa( + const struct rte_cryptodev_asymmetric_capability *capa) +{ printf("\nxform type: %s\n===================\n", rte_crypto_asym_xform_strings[capa->xform_type]); - printf("operation supported -"); - for (i = 0; i < RTE_CRYPTO_ASYM_OP_LIST_END; i++) { - /* check supported operations */ - if (rte_cryptodev_asym_xform_capability_check_optype(capa, i)) - printf(" %s", - rte_crypto_asym_op_strings[i]); - } - switch (capa->xform_type) { - case RTE_CRYPTO_ASYM_XFORM_RSA: - case RTE_CRYPTO_ASYM_XFORM_MODINV: - case RTE_CRYPTO_ASYM_XFORM_MODEX: - case RTE_CRYPTO_ASYM_XFORM_DH: - case RTE_CRYPTO_ASYM_XFORM_DSA: - printf(" modlen: min %d max %d increment %d", - capa->modlen.min, - capa->modlen.max, - capa->modlen.increment); + switch (capa->xform_type) { + case RTE_CRYPTO_ASYM_XFORM_MODEX: + case RTE_CRYPTO_ASYM_XFORM_MODINV: + printf("Maximum size of modulus: "); + if (capa->mod.max_mod_size == 0) + printf("Unlimited"); + else + printf("%hu", capa->mod.max_mod_size); break; - case RTE_CRYPTO_ASYM_XFORM_ECDSA: - case RTE_CRYPTO_ASYM_XFORM_ECPM: - default: - break; - } - printf("\n"); + case RTE_CRYPTO_ASYM_XFORM_RSA: + print_rsa_capability(capa); + break; + case RTE_CRYPTO_ASYM_XFORM_DH: + printf("Maximum group size: "); + if (capa->dh.max_group_size == 0) + printf("Unlimited"); + else + printf("%hu", capa->dh.max_group_size); + printf("\nSupport for private key generation: "); + if (capa->dh.priv_key_gen) + printf("Yes"); + else + printf("No"); + break; + case RTE_CRYPTO_ASYM_XFORM_DSA: + printf("Maximum key size: "); + if (capa->dsa.max_key_size == 0) + printf("Unlimited"); + else + printf("%hu", capa->dsa.max_key_size); + printf("\nSupport for random 'k' generation: "); + if (capa->dsa.random_k) + printf("Yes"); + else + printf("No"); + break; + + break; + case RTE_CRYPTO_ASYM_XFORM_ECDSA: + print_supported_curves(capa->ecdsa.curves); + printf("\nSupport for random 'k' generation: "); + if (capa->ecdsa.random_k) + printf("Yes"); + else + printf("No"); + break; + case RTE_CRYPTO_ASYM_XFORM_ECPM: + print_supported_curves(capa->ecpm.curves); + break; + default: + break; + } + printf("\n"); } static int @@ -1006,7 +1073,7 @@ test_capability(void) const struct rte_cryptodev_capabilities *dev_capa; int i = 0; struct rte_cryptodev_asym_capability_idx idx; - const struct rte_cryptodev_asymmetric_xform_capability *capa; + const struct rte_cryptodev_asymmetric_capability *capa; rte_cryptodev_info_get(dev_id, &dev_info); if (!(dev_info.feature_flags & @@ -1023,7 +1090,7 @@ test_capability(void) dev_capa = &(dev_info.capabilities[i]); if (dev_info.capabilities[i].op == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) { - idx.type = dev_capa->asym.xform_capa.xform_type; + idx.type = dev_capa->asym.xform_type; capa = rte_cryptodev_asym_capability_get(dev_id, (const struct @@ -1386,10 +1453,11 @@ test_mod_inv(void) void *sess = NULL; int status = TEST_SUCCESS; struct rte_cryptodev_asym_capability_idx cap_idx; - const struct rte_cryptodev_asymmetric_xform_capability *capability; + const struct rte_cryptodev_asymmetric_capability *capability; uint8_t input[TEST_DATA_SIZE] = {0}; int ret = 0; uint8_t result[sizeof(mod_p)] = { 0 }; + struct rte_crypto_mod_capability mod_capa = {0}; if (rte_cryptodev_asym_get_xform_enum( &modinv_xform.xform_type, "modinv") < 0) { @@ -1408,13 +1476,11 @@ test_mod_inv(void) return TEST_SKIPPED; } - if (rte_cryptodev_asym_xform_capability_check_modlen( - capability, - modinv_xform.modinv.modulus.length)) { - RTE_LOG(ERR, USER1, - "Invalid MODULUS length specified\n"); - return TEST_SKIPPED; - } + mod_capa.max_mod_size = modinv_xform.modinv.modulus.length; + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) { + RTE_LOG(ERR, USER1, "Invalid MODULUS length specified\n"); + return TEST_SKIPPED; + } ret = rte_cryptodev_asym_session_create(dev_id, &modinv_xform, sess_mpool, &sess); if (ret < 0) { @@ -1499,7 +1565,8 @@ test_mod_exp(void) void *sess = NULL; int status = TEST_SUCCESS; struct rte_cryptodev_asym_capability_idx cap_idx; - const struct rte_cryptodev_asymmetric_xform_capability *capability; + const struct rte_cryptodev_asymmetric_capability *capability; + struct rte_crypto_mod_capability mod_capa = {0}; uint8_t input[TEST_DATA_SIZE] = {0}; int ret = 0; uint8_t result[sizeof(mod_p)] = { 0 }; @@ -1522,12 +1589,11 @@ test_mod_exp(void) return TEST_SKIPPED; } - if (rte_cryptodev_asym_xform_capability_check_modlen( - capability, modex_xform.modex.modulus.length)) { - RTE_LOG(ERR, USER1, - "Invalid MODULUS length specified\n"); - return TEST_SKIPPED; - } + mod_capa.max_mod_size = modex_xform.modex.modulus.length; + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) { + RTE_LOG(ERR, USER1, "Invalid MODULUS length specified\n"); + return TEST_SKIPPED; + } /* Create op, create session, and process packets. 8< */ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC); @@ -1785,6 +1851,8 @@ test_ecdsa_sign_verify(enum curve curve_id) struct rte_crypto_asym_xform xform; struct rte_crypto_asym_op *asym_op; struct rte_cryptodev_info dev_info; + struct rte_cryptodev_asym_capability_idx idx; + const struct rte_cryptodev_asymmetric_capability *capabilities; struct rte_crypto_op *op = NULL; int ret, status = TEST_SUCCESS; @@ -1814,6 +1882,25 @@ test_ecdsa_sign_verify(enum curve curve_id) rte_cryptodev_info_get(dev_id, &dev_info); + struct rte_crypto_ecdsa_capability capa = { + .curves = RTE_BIT32(input_params.curve), + .random_k = 0 + }; + + idx.type = RTE_CRYPTO_ASYM_XFORM_ECDSA; + capabilities = rte_cryptodev_asym_capability_get(dev_id, + (const struct + rte_cryptodev_asym_capability_idx *) &idx); + + if (capabilities == NULL) { + status = TEST_SKIPPED; + goto exit; + } + if (!rte_cryptodev_capa_check_ecdsa(capabilities, capa)) { + status = TEST_SKIPPED; + goto exit; + } + /* Setup crypto op data structure */ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC); if (op == NULL) { @@ -1962,6 +2049,8 @@ test_ecdsa_sign_verify_all_curve(void) status = test_ecdsa_sign_verify(curve_id); if (status == TEST_SUCCESS) { msg = "succeeded"; + } else if (status == TEST_SKIPPED) { + continue; } else { msg = "failed"; overall_status = status; @@ -1987,6 +2076,8 @@ test_ecpm(enum curve curve_id) struct rte_crypto_asym_xform xform; struct rte_crypto_asym_op *asym_op; struct rte_cryptodev_info dev_info; + struct rte_cryptodev_asym_capability_idx idx; + const struct rte_cryptodev_asymmetric_capability *capabilities; struct rte_crypto_op *op = NULL; int ret, status = TEST_SUCCESS; @@ -2016,6 +2107,24 @@ test_ecpm(enum curve curve_id) rte_cryptodev_info_get(dev_id, &dev_info); + struct rte_crypto_ecdsa_capability capa = { + .curves = RTE_BIT32(input_params.curve) + }; + + idx.type = RTE_CRYPTO_ASYM_XFORM_ECPM; + capabilities = rte_cryptodev_asym_capability_get(dev_id, + (const struct + rte_cryptodev_asym_capability_idx *) &idx); + + if (capabilities == NULL) { + status = TEST_SKIPPED; + goto exit; + } + if (!rte_cryptodev_capa_check_ecdsa(capabilities, capa)) { + status = TEST_SKIPPED; + goto exit; + } + /* Setup crypto op data structure */ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC); if (op == NULL) { @@ -2124,6 +2233,8 @@ test_ecpm_all_curve(void) status = test_ecpm(curve_id); if (status == TEST_SUCCESS) { msg = "succeeded"; + } else if (status == TEST_SKIPPED) { + continue; } else { msg = "failed"; overall_status = status; @@ -2162,7 +2273,12 @@ static struct unit_test_suite cryptodev_qat_asym_testsuite = { .setup = testsuite_setup, .teardown = testsuite_teardown, .unit_test_cases = { + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_capability), TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_one_by_one), + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, + test_ecdsa_sign_verify_all_curve), + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, + test_ecpm_all_curve), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_event_crypto_adapter.c b/app/test/test_event_crypto_adapter.c index 2ecc7e2cea..9a62241371 100644 --- a/app/test/test_event_crypto_adapter.c +++ b/app/test/test_event_crypto_adapter.c @@ -450,7 +450,7 @@ test_session_with_op_forward_mode(void) static int test_asym_op_forward_mode(uint8_t session_less) { - const struct rte_cryptodev_asymmetric_xform_capability *capability; + const struct rte_cryptodev_asymmetric_capability *capability; struct rte_cryptodev_asym_capability_idx cap_idx; struct rte_crypto_asym_xform xform_tc; union rte_event_crypto_metadata m_data; @@ -458,6 +458,7 @@ test_asym_op_forward_mode(uint8_t session_less) struct rte_crypto_asym_op *asym_op; struct rte_crypto_op *op; uint8_t input[4096] = {0}; + struct rte_crypto_mod_capability mod_capa = {0}; uint8_t *result = NULL; struct rte_event ev; void *sess = NULL; @@ -503,8 +504,9 @@ test_asym_op_forward_mode(uint8_t session_less) asym_op->modex.base.length = modex_test_case.base.len; asym_op->modex.result.data = result; asym_op->modex.result.length = modex_test_case.result_len; - if (rte_cryptodev_asym_xform_capability_check_modlen(capability, - xform_tc.modex.modulus.length)) { + + mod_capa.max_mod_size = xform_tc.modex.modulus.length; + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) { RTE_LOG(INFO, USER1, "line %u FAILED: %s", __LINE__, "Invalid MODULUS length specified"); @@ -784,7 +786,7 @@ test_session_with_op_new_mode(void) static int test_asym_op_new_mode(uint8_t session_less) { - const struct rte_cryptodev_asymmetric_xform_capability *capability; + const struct rte_cryptodev_asymmetric_capability *capability; struct rte_cryptodev_asym_capability_idx cap_idx; struct rte_crypto_asym_xform xform_tc; union rte_event_crypto_metadata m_data; @@ -792,6 +794,7 @@ test_asym_op_new_mode(uint8_t session_less) struct rte_crypto_asym_op *asym_op; struct rte_crypto_op *op; uint8_t input[4096] = {0}; + struct rte_crypto_mod_capability mod_capa = {0}; uint8_t *result = NULL; void *sess = NULL; uint32_t cap; @@ -835,8 +838,9 @@ test_asym_op_new_mode(uint8_t session_less) asym_op->modex.base.length = modex_test_case.base.len; asym_op->modex.result.data = result; asym_op->modex.result.length = modex_test_case.result_len; - if (rte_cryptodev_asym_xform_capability_check_modlen(capability, - xform_tc.modex.modulus.length)) { + + mod_capa.max_mod_size = xform_tc.modex.modulus.length; + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) { RTE_LOG(INFO, USER1, "line %u FAILED: %s", __LINE__, "Invalid MODULUS length specified"); diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 16ec5e15eb..e734fc2a69 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -7,6 +7,7 @@ #include #include #include +#include #include "openssl_pmd_private.h" #include "compat.h" @@ -470,103 +471,82 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, } }, - { /* RSA */ + { /* Modular exponentiation */ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, {.asym = { - .xform_capa = { - .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, - .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | - (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | - (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | - (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), - { - .modlen = { - /* min length is based on openssl rsa keygen */ - .min = 30, - /* value 0 symbolizes no limit on max length */ - .max = 0, - .increment = 1 - }, } + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX, + .mod = { + .max_mod_size = 0 + } } - }, } }, - { /* modexp */ + { /* Modular multiplicative inverse */ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, {.asym = { - .xform_capa = { - .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX, - .op_types = 0, - { - .modlen = { - /* value 0 symbolizes no limit on min length */ - .min = 0, - /* value 0 symbolizes no limit on max length */ - .max = 0, - .increment = 1 - }, } + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV, + .mod = { + .max_mod_size = 0 + } } - }, } }, - { /* modinv */ + { /* RSA */ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, {.asym = { - .xform_capa = { - .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV, - .op_types = 0, - { - .modlen = { - /* value 0 symbolizes no limit on min length */ - .min = 0, - /* value 0 symbolizes no limit on max length */ - .max = 0, - .increment = 1 - }, } + .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, + .rsa = { + .padding = + RTE_BIT32(RTE_CRYPTO_RSA_PADDING_NONE) | + RTE_BIT32(RTE_CRYPTO_RSA_PADDING_PKCS1_5), + .hash = + RTE_BIT32(RTE_CRYPTO_AUTH_MD5) | + RTE_BIT32(RTE_CRYPTO_AUTH_SHA1) | + RTE_BIT32(RTE_CRYPTO_AUTH_SHA224) | + RTE_BIT32(RTE_CRYPTO_AUTH_SHA256) | + RTE_BIT32(RTE_CRYPTO_AUTH_SHA384) | + RTE_BIT32(RTE_CRYPTO_AUTH_SHA512), + .max_key_size = 0 + } } - }, } }, - { /* dh */ + { /* Diffie-Hellman */ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, {.asym = { - .xform_capa = { - .xform_type = RTE_CRYPTO_ASYM_XFORM_DH, - .op_types = - ((1<op != RTE_CRYPTO_OP_TYPE_ASYMMETRIC) continue; - if (capability->asym.xform_capa.xform_type == idx->type) - return &capability->asym.xform_capa; + if (capability->asym.xform_type == idx->type) + return &capability->asym; } return NULL; }; @@ -456,6 +477,59 @@ rte_cryptodev_asym_xform_capability_check_modlen( return 0; } +int +rte_cryptodev_capa_check_mod( + const struct rte_cryptodev_asymmetric_capability *capa, + struct rte_crypto_mod_capability mod) +{ + if (capa->mod.max_mod_size == 0) + return 1; + + if (mod.max_mod_size <= capa->mod.max_mod_size) + return 1; + else + return 0; +} + +int +rte_cryptodev_capa_check_rsa( + const struct rte_cryptodev_asymmetric_capability *capa, + struct rte_crypto_rsa_capability rsa) +{ + if (rsa.padding != (capa->rsa.padding & rsa.padding)) + return 0; + if (rsa.hash != (capa->rsa.hash & rsa.hash)) + return 0; + if (capa->rsa.max_key_size == 0) + return 1; + if (rsa.max_key_size <= capa->rsa.max_key_size) + return 1; + else + return 0; +} + +int +rte_cryptodev_capa_check_ecdsa( + const struct rte_cryptodev_asymmetric_capability *capa, + struct rte_crypto_ecdsa_capability ecdsa) +{ + if (ecdsa.curves != (capa->ecdsa.curves & ecdsa.curves)) + return 0; + if (ecdsa.random_k == 1 && capa->ecdsa.random_k == 0) + return 0; + return 1; +} + +int +rte_cryptodev_capa_check_ecpm( + const struct rte_cryptodev_asymmetric_capability *capa, + struct rte_crypto_ecpm_capability ecpm) +{ + if (ecpm.curves != (capa->ecpm.curves & ecpm.curves)) + return 0; + return 1; +} + /* spinlock for crypto device enq callbacks */ static rte_spinlock_t rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER; diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h index 2c2c2edeb7..6c5bd819b2 100644 --- a/lib/cryptodev/rte_cryptodev.h +++ b/lib/cryptodev/rte_cryptodev.h @@ -184,6 +184,19 @@ struct rte_cryptodev_asymmetric_xform_capability { * */ struct rte_cryptodev_asymmetric_capability { + enum rte_crypto_asym_xform_type xform_type; + /**< Asymmetric transform type */ + uint32_t op_types; + /**< bitmask for supported rte_crypto_asym_op_type */ + union { + struct rte_crypto_mod_capability mod; + struct rte_crypto_rsa_capability rsa; + struct rte_crypto_dh_capability dh; + struct rte_crypto_dsa_capability dsa; + struct rte_crypto_ecdsa_capability ecdsa; + struct rte_crypto_ecpm_capability ecpm; + }; + struct rte_cryptodev_asymmetric_xform_capability xform_capa; }; @@ -247,7 +260,7 @@ rte_cryptodev_sym_capability_get(uint8_t dev_id, * - Return NULL if the capability not exist. */ __rte_experimental -const struct rte_cryptodev_asymmetric_xform_capability * +const struct rte_cryptodev_asymmetric_capability * rte_cryptodev_asym_capability_get(uint8_t dev_id, const struct rte_cryptodev_asym_capability_idx *idx); @@ -339,6 +352,66 @@ rte_cryptodev_asym_xform_capability_check_modlen( uint16_t modlen); /** + * Check if requested Modexp features are supported + * + * @param capability Description of the asymmetric crypto capability. + * @param mod Modexp requested capability. + * + * @return + * - Return 1 if the parameters are in range of the capability. + * - Return 0 if the parameters are out of range of the capability. + */ +__rte_experimental +int +rte_cryptodev_capa_check_mod( + const struct rte_cryptodev_asymmetric_capability *capa, + struct rte_crypto_mod_capability mod); +/** + * Check if requested RSA features are supported + * + * @param capability Description of the asymmetric crypto capability. + * @param rsa RSA requested capability. + * + * @return + * - Return 1 if the parameters are in range of the capability. + * - Return 0 if the parameters are out of range of the capability. + */ +__rte_experimental +int +rte_cryptodev_capa_check_rsa( + const struct rte_cryptodev_asymmetric_capability *capa, + struct rte_crypto_rsa_capability rsa); +/** + * Check if requested ECDSA features are supported + * + * @param capability Description of the asymmetric crypto capability. + * @param ecdsa ECDSA requested capability. + * + * @return + * - Return 1 if the parameters are in range of the capability. + * - Return 0 if the parameters are out of range of the capability. + */ +__rte_experimental +int +rte_cryptodev_capa_check_ecdsa( + const struct rte_cryptodev_asymmetric_capability *capa, + struct rte_crypto_ecdsa_capability ecdsa); +/** + * Check if requested ECPM features are supported + * + * @param capability Description of the asymmetric crypto capability. + * @param ecpm ECPM requested capability. + * + * @return + * - Return 1 if the parameters are in range of the capability. + * - Return 0 if the parameters are out of range of the capability. + */ +__rte_experimental +int +rte_cryptodev_capa_check_ecpm( + const struct rte_cryptodev_asymmetric_capability *capa, + struct rte_crypto_ecpm_capability ecpm); +/** * Provide the cipher algorithm enum, given an algorithm string * * @param algo_enum A pointer to the cipher algorithm diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map index f0abfaa47d..4d93b9a947 100644 --- a/lib/cryptodev/version.map +++ b/lib/cryptodev/version.map @@ -108,6 +108,10 @@ EXPERIMENTAL { #added in 22.07 rte_cryptodev_session_event_mdata_set; + rte_cryptodev_capa_check_mod; + rte_cryptodev_capa_check_rsa; + rte_cryptodev_capa_check_ecdsa; + rte_cryptodev_capa_check_ecpm; }; INTERNAL {