[v2,14/14] cryptodev: add asym algorithms capabilities
Checks
Commit Message
- Added asymmetric crypto algorithm specific capability struct.
Included fields like random number capability, padding flags etc.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
app/test-crypto-perf/main.c | 12 +-
app/test-eventdev/test_perf_common.c | 2 +-
app/test/test_cryptodev_asym.c | 210 +++++++++++++++++++++------
app/test/test_event_crypto_adapter.c | 16 +-
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 128 +++++++---------
drivers/crypto/qat/dev/qat_asym_pmd_gen1.c | 68 +++++++--
lib/cryptodev/rte_crypto_asym.h | 48 ++++++
lib/cryptodev/rte_cryptodev.c | 80 +++++++++-
lib/cryptodev/rte_cryptodev.h | 75 +++++++++-
lib/cryptodev/version.map | 4 +
10 files changed, 495 insertions(+), 148 deletions(-)
Comments
> - Added asymmetric crypto algorithm specific capability struct.
> Included fields like random number capability, padding flags etc.
>
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
> app/test-crypto-perf/main.c | 12 +-
> app/test-eventdev/test_perf_common.c | 2 +-
> app/test/test_cryptodev_asym.c | 210 +++++++++++++++++++++------
> app/test/test_event_crypto_adapter.c | 16 +-
> drivers/crypto/openssl/rte_openssl_pmd_ops.c | 128 +++++++---------
> drivers/crypto/qat/dev/qat_asym_pmd_gen1.c | 68 +++++++--
> lib/cryptodev/rte_crypto_asym.h | 48 ++++++
> lib/cryptodev/rte_cryptodev.c | 80 +++++++++-
> lib/cryptodev/rte_cryptodev.h | 75 +++++++++-
> lib/cryptodev/version.map | 4 +
> 10 files changed, 495 insertions(+), 148 deletions(-)
This would also need a change in documentation.
>
> diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
> index 17e30a8e74..f8a4c9cdcf 100644
> --- a/app/test-crypto-perf/main.c
> +++ b/app/test-crypto-perf/main.c
> @@ -364,8 +364,8 @@ cperf_verify_devices_capabilities(struct cperf_options
> *opts,
> struct rte_cryptodev_sym_capability_idx cap_idx;
> const struct rte_cryptodev_symmetric_capability *capability;
> struct rte_cryptodev_asym_capability_idx asym_cap_idx;
> - const struct rte_cryptodev_asymmetric_xform_capability
> *asym_capability;
> -
> + const struct rte_cryptodev_asymmetric_capability *asym_capability;
> + struct rte_crypto_mod_capability mod_capa = {0};
>
> uint8_t i, cdev_id;
> int ret;
> @@ -381,11 +381,11 @@ cperf_verify_devices_capabilities(struct
> cperf_options *opts,
> if (asym_capability == NULL)
> return -1;
>
> - ret =
> rte_cryptodev_asym_xform_capability_check_modlen(
> - asym_capability, opts->modex_data-
> >modulus.len);
> - if (ret != 0)
> + mod_capa.max_mod_size = opts->modex_data-
> >modulus.len;
> + ret = rte_cryptodev_capa_check_mod(asym_capability,
> + mod_capa);
> + if (ret == 0)
> return ret;
> -
> }
>
> if (opts->op_type == CPERF_AUTH_ONLY ||
> diff --git a/app/test-eventdev/test_perf_common.c b/app/test-
> eventdev/test_perf_common.c
> index b41785492e..ac8e6410ab 100644
> --- a/app/test-eventdev/test_perf_common.c
> +++ b/app/test-eventdev/test_perf_common.c
> @@ -846,7 +846,7 @@ cryptodev_sym_sess_create(struct prod_data *p, struct
> test_perf *t)
> static void *
> cryptodev_asym_sess_create(struct prod_data *p, struct test_perf *t)
> {
> - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> + const struct rte_cryptodev_asymmetric_capability *capability;
> struct rte_cryptodev_asym_capability_idx cap_idx;
> struct rte_crypto_asym_xform xform;
> void *sess;
> diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
> index 072dbb30f4..c531265642 100644
> --- a/app/test/test_cryptodev_asym.c
> +++ b/app/test/test_cryptodev_asym.c
> @@ -311,10 +311,11 @@ test_cryptodev_asym_op(struct
> crypto_testsuite_params_asym *ts_params,
> struct rte_crypto_asym_xform xform_tc;
> void *sess = NULL;
> struct rte_cryptodev_asym_capability_idx cap_idx;
> - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> + const struct rte_cryptodev_asymmetric_capability *capability;
> uint8_t dev_id = ts_params->valid_devs[0];
> uint8_t input[TEST_DATA_SIZE] = {0};
> uint8_t *result = NULL;
> + struct rte_crypto_mod_capability mod_capa = {0};
>
> int ret, status = TEST_SUCCESS;
>
> @@ -358,8 +359,10 @@ test_cryptodev_asym_op(struct
> crypto_testsuite_params_asym *ts_params,
> asym_op->modex.base.length = data_tc->modex.base.len;
> asym_op->modex.result.data = result;
> asym_op->modex.result.length = data_tc->modex.result_len;
> - if
> (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> - xform_tc.modex.modulus.length)) {
> +
> + mod_capa.max_mod_size = xform_tc.modex.modulus.length;
> + if (!rte_cryptodev_capa_check_mod(capability,
> + mod_capa)) {
> snprintf(test_msg, ASYM_TEST_MSG_LEN,
> "line %u "
> "FAILED: %s", __LINE__,
> @@ -378,8 +381,10 @@ test_cryptodev_asym_op(struct
> crypto_testsuite_params_asym *ts_params,
> asym_op->modinv.base.length = data_tc->modinv.base.len;
> asym_op->modinv.result.data = result;
> asym_op->modinv.result.length = data_tc->modinv.result_len;
> - if
> (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> - xform_tc.modinv.modulus.length)) {
> +
> + mod_capa.max_mod_size = xform_tc.modinv.modulus.length;
> + if (!rte_cryptodev_capa_check_mod(capability,
> + mod_capa)) {
> snprintf(test_msg, ASYM_TEST_MSG_LEN,
> "line %u "
> "FAILED: %s", __LINE__,
> @@ -963,38 +968,100 @@ ut_teardown_asym(void)
> rte_cryptodev_stop(ts_params->valid_devs[0]);
> }
>
> -static inline void print_asym_capa(
> - const struct rte_cryptodev_asymmetric_xform_capability
> *capa)
> +static void
> +print_rsa_capability(
> + const struct rte_cryptodev_asymmetric_capability *capa)
> {
> int i = 0;
>
> + printf("\nSupported paddings:");
> + for (; i < 32; i++) {
> + if (capa->rsa.padding & RTE_BIT32(i))
> + printf("\n - %s", rte_crypto_asym_rsa_padding[i]);
> + }
> + printf("\nSupported hash functions:");
> + for (i = 0; i < 32; i++) {
> + if (capa->rsa.hash & RTE_BIT32(i))
> + printf("\n - %s", rte_crypto_auth_algorithm_strings[i]);
> + }
> + printf("\nMaximum key size: ");
> + if (capa->rsa.max_key_size == 0)
> + printf("Unlimited");
> + else
> + printf("%hu", capa->rsa.max_key_size);
> +}
> +
> +static void
> +print_supported_curves(uint64_t curves)
> +{
> + int i = 0;
> +
> + printf("\nSupported elliptic curves:");
> + for (; i < 64; i++) {
> + if (curves & RTE_BIT64(i))
> + printf("\n - %s", rte_crypto_curves_strings[i]);
> + }
> +}
> +
> +static inline void print_asym_capa(
> + const struct rte_cryptodev_asymmetric_capability *capa)
> +{
> printf("\nxform type: %s\n===================\n",
> rte_crypto_asym_xform_strings[capa->xform_type]);
> - printf("operation supported -");
>
> - for (i = 0; i < RTE_CRYPTO_ASYM_OP_LIST_END; i++) {
> - /* check supported operations */
> - if (rte_cryptodev_asym_xform_capability_check_optype(capa,
> i))
> - printf(" %s",
> - rte_crypto_asym_op_strings[i]);
> - }
> - switch (capa->xform_type) {
> - case RTE_CRYPTO_ASYM_XFORM_RSA:
> - case RTE_CRYPTO_ASYM_XFORM_MODINV:
> - case RTE_CRYPTO_ASYM_XFORM_MODEX:
> - case RTE_CRYPTO_ASYM_XFORM_DH:
> - case RTE_CRYPTO_ASYM_XFORM_DSA:
> - printf(" modlen: min %d max %d increment %d",
> - capa->modlen.min,
> - capa->modlen.max,
> - capa->modlen.increment);
> + switch (capa->xform_type) {
> + case RTE_CRYPTO_ASYM_XFORM_MODEX:
> + case RTE_CRYPTO_ASYM_XFORM_MODINV:
> + printf("Maximum size of modulus: ");
> + if (capa->mod.max_mod_size == 0)
> + printf("Unlimited");
> + else
> + printf("%hu", capa->mod.max_mod_size);
> break;
> - case RTE_CRYPTO_ASYM_XFORM_ECDSA:
> - case RTE_CRYPTO_ASYM_XFORM_ECPM:
> - default:
> - break;
> - }
> - printf("\n");
> + case RTE_CRYPTO_ASYM_XFORM_RSA:
> + print_rsa_capability(capa);
> + break;
> + case RTE_CRYPTO_ASYM_XFORM_DH:
ECDH?? I hope it will be added once it is tested in this app.
> + printf("Maximum group size: ");
> + if (capa->dh.max_group_size == 0)
> + printf("Unlimited");
> + else
> + printf("%hu", capa->dh.max_group_size);
> + printf("\nSupport for private key generation: ");
> + if (capa->dh.priv_key_gen)
> + printf("Yes");
> + else
> + printf("No");
> + break;
> + case RTE_CRYPTO_ASYM_XFORM_DSA:
> + printf("Maximum key size: ");
> + if (capa->dsa.max_key_size == 0)
> + printf("Unlimited");
> + else
> + printf("%hu", capa->dsa.max_key_size);
> + printf("\nSupport for random 'k' generation: ");
> + if (capa->dsa.random_k)
> + printf("Yes");
> + else
> + printf("No");
> + break;
> +
> + break;
> + case RTE_CRYPTO_ASYM_XFORM_ECDSA:
> + print_supported_curves(capa->ecdsa.curves);
> + printf("\nSupport for random 'k' generation: ");
> + if (capa->ecdsa.random_k)
> + printf("Yes");
> + else
> + printf("No");
> + break;
> + case RTE_CRYPTO_ASYM_XFORM_ECPM:
> + print_supported_curves(capa->ecpm.curves);
> + break;
> + default:
> + break;
> + }
> + printf("\n");
> }
>
> static int
> @@ -1006,7 +1073,7 @@ test_capability(void)
> const struct rte_cryptodev_capabilities *dev_capa;
> int i = 0;
> struct rte_cryptodev_asym_capability_idx idx;
> - const struct rte_cryptodev_asymmetric_xform_capability *capa;
> + const struct rte_cryptodev_asymmetric_capability *capa;
>
> rte_cryptodev_info_get(dev_id, &dev_info);
> if (!(dev_info.feature_flags &
> @@ -1023,7 +1090,7 @@ test_capability(void)
> dev_capa = &(dev_info.capabilities[i]);
> if (dev_info.capabilities[i].op ==
> RTE_CRYPTO_OP_TYPE_ASYMMETRIC) {
> - idx.type = dev_capa->asym.xform_capa.xform_type;
> + idx.type = dev_capa->asym.xform_type;
>
> capa = rte_cryptodev_asym_capability_get(dev_id,
> (const struct
> @@ -1386,10 +1453,11 @@ test_mod_inv(void)
> void *sess = NULL;
> int status = TEST_SUCCESS;
> struct rte_cryptodev_asym_capability_idx cap_idx;
> - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> + const struct rte_cryptodev_asymmetric_capability *capability;
> uint8_t input[TEST_DATA_SIZE] = {0};
> int ret = 0;
> uint8_t result[sizeof(mod_p)] = { 0 };
> + struct rte_crypto_mod_capability mod_capa = {0};
>
> if (rte_cryptodev_asym_get_xform_enum(
> &modinv_xform.xform_type, "modinv") < 0) {
> @@ -1408,13 +1476,11 @@ test_mod_inv(void)
> return TEST_SKIPPED;
> }
>
> - if (rte_cryptodev_asym_xform_capability_check_modlen(
> - capability,
> - modinv_xform.modinv.modulus.length)) {
> - RTE_LOG(ERR, USER1,
> - "Invalid MODULUS length specified\n");
> - return TEST_SKIPPED;
> - }
> + mod_capa.max_mod_size = modinv_xform.modinv.modulus.length;
> + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> + RTE_LOG(ERR, USER1, "Invalid MODULUS length specified\n");
> + return TEST_SKIPPED;
> + }
>
> ret = rte_cryptodev_asym_session_create(dev_id, &modinv_xform,
> sess_mpool, &sess);
> if (ret < 0) {
> @@ -1499,7 +1565,8 @@ test_mod_exp(void)
> void *sess = NULL;
> int status = TEST_SUCCESS;
> struct rte_cryptodev_asym_capability_idx cap_idx;
> - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> + const struct rte_cryptodev_asymmetric_capability *capability;
> + struct rte_crypto_mod_capability mod_capa = {0};
> uint8_t input[TEST_DATA_SIZE] = {0};
> int ret = 0;
> uint8_t result[sizeof(mod_p)] = { 0 };
> @@ -1522,12 +1589,11 @@ test_mod_exp(void)
> return TEST_SKIPPED;
> }
>
> - if (rte_cryptodev_asym_xform_capability_check_modlen(
> - capability, modex_xform.modex.modulus.length)) {
> - RTE_LOG(ERR, USER1,
> - "Invalid MODULUS length specified\n");
> - return TEST_SKIPPED;
> - }
> + mod_capa.max_mod_size = modex_xform.modex.modulus.length;
> + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> + RTE_LOG(ERR, USER1, "Invalid MODULUS length specified\n");
> + return TEST_SKIPPED;
> + }
>
> /* Create op, create session, and process packets. 8< */
> op = rte_crypto_op_alloc(op_mpool,
> RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> @@ -1785,6 +1851,8 @@ test_ecdsa_sign_verify(enum curve curve_id)
> struct rte_crypto_asym_xform xform;
> struct rte_crypto_asym_op *asym_op;
> struct rte_cryptodev_info dev_info;
> + struct rte_cryptodev_asym_capability_idx idx;
> + const struct rte_cryptodev_asymmetric_capability *capabilities;
> struct rte_crypto_op *op = NULL;
> int ret, status = TEST_SUCCESS;
>
> @@ -1814,6 +1882,25 @@ test_ecdsa_sign_verify(enum curve curve_id)
>
> rte_cryptodev_info_get(dev_id, &dev_info);
>
> + struct rte_crypto_ecdsa_capability capa = {
> + .curves = RTE_BIT32(input_params.curve),
> + .random_k = 0
> + };
> +
> + idx.type = RTE_CRYPTO_ASYM_XFORM_ECDSA;
> + capabilities = rte_cryptodev_asym_capability_get(dev_id,
> + (const struct
> + rte_cryptodev_asym_capability_idx *) &idx);
> +
> + if (capabilities == NULL) {
> + status = TEST_SKIPPED;
> + goto exit;
> + }
> + if (!rte_cryptodev_capa_check_ecdsa(capabilities, capa)) {
> + status = TEST_SKIPPED;
> + goto exit;
> + }
> +
> /* Setup crypto op data structure */
> op = rte_crypto_op_alloc(op_mpool,
> RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> if (op == NULL) {
> @@ -1962,6 +2049,8 @@ test_ecdsa_sign_verify_all_curve(void)
> status = test_ecdsa_sign_verify(curve_id);
> if (status == TEST_SUCCESS) {
> msg = "succeeded";
> + } else if (status == TEST_SKIPPED) {
> + continue;
> } else {
> msg = "failed";
> overall_status = status;
> @@ -1987,6 +2076,8 @@ test_ecpm(enum curve curve_id)
> struct rte_crypto_asym_xform xform;
> struct rte_crypto_asym_op *asym_op;
> struct rte_cryptodev_info dev_info;
> + struct rte_cryptodev_asym_capability_idx idx;
> + const struct rte_cryptodev_asymmetric_capability *capabilities;
> struct rte_crypto_op *op = NULL;
> int ret, status = TEST_SUCCESS;
>
> @@ -2016,6 +2107,24 @@ test_ecpm(enum curve curve_id)
>
> rte_cryptodev_info_get(dev_id, &dev_info);
>
> + struct rte_crypto_ecdsa_capability capa = {
> + .curves = RTE_BIT32(input_params.curve)
> + };
> +
> + idx.type = RTE_CRYPTO_ASYM_XFORM_ECPM;
> + capabilities = rte_cryptodev_asym_capability_get(dev_id,
> + (const struct
> + rte_cryptodev_asym_capability_idx *) &idx);
> +
> + if (capabilities == NULL) {
> + status = TEST_SKIPPED;
> + goto exit;
> + }
> + if (!rte_cryptodev_capa_check_ecdsa(capabilities, capa)) {
> + status = TEST_SKIPPED;
> + goto exit;
> + }
> +
> /* Setup crypto op data structure */
> op = rte_crypto_op_alloc(op_mpool,
> RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> if (op == NULL) {
> @@ -2124,6 +2233,8 @@ test_ecpm_all_curve(void)
> status = test_ecpm(curve_id);
> if (status == TEST_SUCCESS) {
> msg = "succeeded";
> + } else if (status == TEST_SKIPPED) {
> + continue;
> } else {
> msg = "failed";
> overall_status = status;
> @@ -2162,7 +2273,12 @@ static struct unit_test_suite
> cryptodev_qat_asym_testsuite = {
> .setup = testsuite_setup,
> .teardown = testsuite_teardown,
> .unit_test_cases = {
> + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> test_capability),
> TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> test_one_by_one),
> + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> + test_ecdsa_sign_verify_all_curve),
> + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> + test_ecpm_all_curve),
> TEST_CASES_END() /**< NULL terminate unit test array */
> }
> };
I think patch need to be split for adding test app changes.
> diff --git a/app/test/test_event_crypto_adapter.c
> b/app/test/test_event_crypto_adapter.c
> index 2ecc7e2cea..9a62241371 100644
> --- a/app/test/test_event_crypto_adapter.c
> +++ b/app/test/test_event_crypto_adapter.c
> @@ -450,7 +450,7 @@ test_session_with_op_forward_mode(void)
> static int
> test_asym_op_forward_mode(uint8_t session_less)
> {
> - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> + const struct rte_cryptodev_asymmetric_capability *capability;
> struct rte_cryptodev_asym_capability_idx cap_idx;
> struct rte_crypto_asym_xform xform_tc;
> union rte_event_crypto_metadata m_data;
> @@ -458,6 +458,7 @@ test_asym_op_forward_mode(uint8_t session_less)
> struct rte_crypto_asym_op *asym_op;
> struct rte_crypto_op *op;
> uint8_t input[4096] = {0};
> + struct rte_crypto_mod_capability mod_capa = {0};
> uint8_t *result = NULL;
> struct rte_event ev;
> void *sess = NULL;
> @@ -503,8 +504,9 @@ test_asym_op_forward_mode(uint8_t session_less)
> asym_op->modex.base.length = modex_test_case.base.len;
> asym_op->modex.result.data = result;
> asym_op->modex.result.length = modex_test_case.result_len;
> - if (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> - xform_tc.modex.modulus.length)) {
> +
> + mod_capa.max_mod_size = xform_tc.modex.modulus.length;
> + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> RTE_LOG(INFO, USER1,
> "line %u FAILED: %s", __LINE__,
> "Invalid MODULUS length specified");
> @@ -784,7 +786,7 @@ test_session_with_op_new_mode(void)
> static int
> test_asym_op_new_mode(uint8_t session_less)
> {
> - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> + const struct rte_cryptodev_asymmetric_capability *capability;
> struct rte_cryptodev_asym_capability_idx cap_idx;
> struct rte_crypto_asym_xform xform_tc;
> union rte_event_crypto_metadata m_data;
> @@ -792,6 +794,7 @@ test_asym_op_new_mode(uint8_t session_less)
> struct rte_crypto_asym_op *asym_op;
> struct rte_crypto_op *op;
> uint8_t input[4096] = {0};
> + struct rte_crypto_mod_capability mod_capa = {0};
Can you move this above to maintain reverse Xmas tree?
> uint8_t *result = NULL;
> void *sess = NULL;
> uint32_t cap;
> @@ -835,8 +838,9 @@ test_asym_op_new_mode(uint8_t session_less)
> asym_op->modex.base.length = modex_test_case.base.len;
> asym_op->modex.result.data = result;
> asym_op->modex.result.length = modex_test_case.result_len;
> - if (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> - xform_tc.modex.modulus.length)) {
> +
> + mod_capa.max_mod_size = xform_tc.modex.modulus.length;
> + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> RTE_LOG(INFO, USER1,
> "line %u FAILED: %s", __LINE__,
> "Invalid MODULUS length specified");
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 16ec5e15eb..e734fc2a69 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> @@ -7,6 +7,7 @@
> #include <rte_common.h>
> #include <rte_malloc.h>
> #include <cryptodev_pmd.h>
> +#include <rte_bitops.h>
>
> #include "openssl_pmd_private.h"
> #include "compat.h"
> @@ -470,103 +471,82 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
> }, }
> }, }
> },
> - { /* RSA */
> + { /* Modular exponentiation */
> .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> {.asym = {
> - .xform_capa = {
> - .xform_type =
> RTE_CRYPTO_ASYM_XFORM_RSA,
> - .op_types = ((1 <<
> RTE_CRYPTO_ASYM_OP_SIGN) |
> - (1 << RTE_CRYPTO_ASYM_OP_VERIFY)
> |
> - (1 <<
> RTE_CRYPTO_ASYM_OP_ENCRYPT) |
> - (1 <<
> RTE_CRYPTO_ASYM_OP_DECRYPT)),
> - {
> - .modlen = {
> - /* min length is based on openssl rsa keygen */
> - .min = 30,
> - /* value 0 symbolizes no limit on max length */
> - .max = 0,
> - .increment = 1
> - }, }
> + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
> + .mod = {
> + .max_mod_size = 0
> + }
> }
> - },
> }
> },
> - { /* modexp */
> + { /* Modular multiplicative inverse */
> .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> {.asym = {
> - .xform_capa = {
> - .xform_type =
> RTE_CRYPTO_ASYM_XFORM_MODEX,
> - .op_types = 0,
> - {
> - .modlen = {
> - /* value 0 symbolizes no limit on min length */
> - .min = 0,
> - /* value 0 symbolizes no limit on max length */
> - .max = 0,
> - .increment = 1
> - }, }
> + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
> + .mod = {
> + .max_mod_size = 0
> + }
> }
> - },
> }
> },
> - { /* modinv */
> + { /* RSA */
> .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> {.asym = {
> - .xform_capa = {
> - .xform_type =
> RTE_CRYPTO_ASYM_XFORM_MODINV,
> - .op_types = 0,
> - {
> - .modlen = {
> - /* value 0 symbolizes no limit on min length */
> - .min = 0,
> - /* value 0 symbolizes no limit on max length */
> - .max = 0,
> - .increment = 1
> - }, }
> + .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
> + .rsa = {
> + .padding =
> +
> RTE_BIT32(RTE_CRYPTO_RSA_PADDING_NONE) |
> +
> RTE_BIT32(RTE_CRYPTO_RSA_PADDING_PKCS1_5),
> + .hash =
> + RTE_BIT32(RTE_CRYPTO_AUTH_MD5)
> |
> + RTE_BIT32(RTE_CRYPTO_AUTH_SHA1)
> |
> +
> RTE_BIT32(RTE_CRYPTO_AUTH_SHA224) |
> +
> RTE_BIT32(RTE_CRYPTO_AUTH_SHA256) |
> +
> RTE_BIT32(RTE_CRYPTO_AUTH_SHA384) |
> +
> RTE_BIT32(RTE_CRYPTO_AUTH_SHA512),
> + .max_key_size = 0
> + }
> }
> - },
> }
> },
> - { /* dh */
> + { /* Diffie-Hellman */
> .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> {.asym = {
> - .xform_capa = {
> - .xform_type =
> RTE_CRYPTO_ASYM_XFORM_DH,
> - .op_types =
> -
> ((1<<RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE) |
> - (1 <<
> RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE |
> - (1 <<
> -
> RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE))),
> - {
> - .modlen = {
> - /* value 0 symbolizes no limit on min length */
> - .min = 0,
> - /* value 0 symbolizes no limit on max length */
> - .max = 0,
> - .increment = 1
> - }, }
> + .xform_type = RTE_CRYPTO_ASYM_XFORM_DH,
> + .dh = {
> + .max_group_size = 0,
> + .priv_key_gen = 1
> + }
> }
> - },
> }
> },
> - { /* dsa */
> + { /* DSA */
> .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> {.asym = {
> - .xform_capa = {
> - .xform_type =
> RTE_CRYPTO_ASYM_XFORM_DSA,
> - .op_types =
> - ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
> - (1 << RTE_CRYPTO_ASYM_OP_VERIFY)),
> - {
> - .modlen = {
> - /* value 0 symbolizes no limit on min length */
> - .min = 0,
> - /* value 0 symbolizes no limit on max length */
> - .max = 0,
> - .increment = 1
> - }, }
> + .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA,
> + .dsa = {
> + .max_key_size = 0,
> + .random_k = 1
> + }
> + }
> + }
> + },
> + { /* ECDSA */
> + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> + {.asym = {
> + .xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
> + .ecdsa = {
> + .curves =
> +
> RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP192R1) |
> +
> RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP224R1) |
> +
> RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
> +
> RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP384R1) |
> +
> RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1),
> + .random_k = 1
> + }
> }
> - },
> }
> },
>
Do not combine PMD changes for capabilities in cryptodev patch for new APIs.
> diff --git a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> index 4499fdaf2d..d5144bca84 100644
> --- a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> +++ b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> @@ -28,16 +28,64 @@ struct rte_cryptodev_ops qat_asym_crypto_ops_gen1 =
> {
> };
>
> static struct rte_cryptodev_capabilities qat_asym_crypto_caps_gen1[] = {
> - QAT_ASYM_CAP(MODEX,
> - 0, 1, 512, 1),
> - QAT_ASYM_CAP(MODINV,
> - 0, 1, 512, 1),
> - QAT_ASYM_CAP(RSA,
> - ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
> - (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
> - (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
> - (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
> - 64, 512, 64),
> + { /* Modular exponentiation */
> + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> + {.asym = {
> + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
> + .mod = {
> + .max_mod_size = 4096
> + }
> + }
> + }
> + },
> + { /* Modular multiplicative inverse */
> + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> + {.asym = {
> + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
> + .mod = {
> + .max_mod_size = 4096
> + }
> + }
> + }
> + },
> + { /* RSA */
> + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> + {.asym = {
> + .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
> + .rsa = {
> + .padding =
> +
> RTE_BIT32(RTE_CRYPTO_RSA_PADDING_NONE),
> + .hash = 0,
> + .max_key_size = 4096
> + }
> + }
> + }
> + },
> + { /* ECDSA */
> + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> + {.asym = {
> + .xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
> + .ecdsa = {
> + .curves =
> +
> RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
> +
> RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1),
> + .random_k = 0
> + }
> + }
> + }
> + },
> + { /* ECPM */
> + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> + {.asym = {
> + .xform_type = RTE_CRYPTO_ASYM_XFORM_ECPM,
> + .ecdsa = {
> + .curves =
> +
> RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
> +
> RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1)
> + }
> + }
> + }
> + },
> RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
> };
>
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index d90a7a1957..41b22450d3 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -41,6 +41,14 @@ rte_crypto_asym_ke_strings[];
> extern const char *
> rte_crypto_asym_op_strings[];
>
> +/** RSA padding type name strings */
> +extern const char *
> +rte_crypto_asym_rsa_padding[];
rte_crypto_asym_rsa_padding_strings
> +
> +/** Elliptic curves name strings */
> +extern const char *
> +rte_crypto_curves_strings[];
> +
> /**
> * Buffer to hold crypto params required for asym operations.
> *
> @@ -265,6 +273,46 @@ struct rte_crypto_rsa_padding {
> */
> };
>
> +struct rte_crypto_mod_capability {
> + uint16_t max_mod_size;
> + /**< Maximum supported modulus size in bytes, 0 means no limit */
> +};
> +
> +struct rte_crypto_rsa_capability {
> + uint32_t padding;
> + /**< List of supported paddings */
How is this list supposed to work?
I believe this should be enum to specify a single value.
Driver can maintain a static array to list all supported ones.
And application can query if a particular capability which it intend to use
Is supported by the PMD.
> + uint32_t hash;
> + /**< List of supported hash functions */
Same comment here as well
> + uint32_t max_key_size;
> + /**< Maximum supported key size in bytes, 0 means no limit */
> +};
> +
> +struct rte_crypto_dh_capability {
> + uint16_t max_group_size;
> + /**< Maximum group in bytes, 0 means no limit */
Maximum group size in bytes ...
> + uint8_t priv_key_gen;
> + /**< Does PMD supports private key generation generation */
Is it a flag? Please comment it properly.
> +};
> +
> +struct rte_crypto_dsa_capability {
> + uint16_t max_key_size;
> + /**< Maximum supported key size in bytes, 0 means no limit */
> + uint8_t random_k;
> + /**< Does PMD supports random 'k' generation */
Comments should not ask questions.
> +};
> +
> +struct rte_crypto_ecdsa_capability {
> + uint64_t curves;
> + /**< Supported elliptic curve ids */
Shouldn't this also be enum?
> + uint8_t random_k;
> + /**< Does PMD supports random 'k' generation */
Same comment as above.
> +};
> +
> +struct rte_crypto_ecpm_capability {
> + uint64_t curves;
> + /**< Supported elliptic curve ids */
Enum??
> +};
> +
> /**
> * Asymmetric RSA transform data
> *
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
> index 57ee6b3f07..b1ad1112fe 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -190,6 +190,27 @@ const char *rte_crypto_asym_ke_strings[] = {
> };
>
> /**
> + * RSA padding string identifiers
> + */
> +const char *rte_crypto_asym_rsa_padding[] = {
> + [RTE_CRYPTO_RSA_PADDING_NONE] =
> "RTE_CRYPTO_RSA_PADDING_NONE",
> + [RTE_CRYPTO_RSA_PADDING_PKCS1_5] =
> "RTE_CRYPTO_RSA_PADDING_PKCS1_5",
> + [RTE_CRYPTO_RSA_PADDING_OAEP] =
> "RTE_CRYPTO_RSA_PADDING_OAEP",
> + [RTE_CRYPTO_RSA_PADDING_PSS] =
> "RTE_CRYPTO_RSA_PADDING_PSS"
> +};
> +
> +/**
> + * Elliptic curves string identifiers
> + */
> +const char *rte_crypto_curves_strings[] = {
> + [RTE_CRYPTO_EC_GROUP_SECP192R1] =
> "RTE_CRYPTO_EC_GROUP_SECP192R1",
> + [RTE_CRYPTO_EC_GROUP_SECP224R1] =
> "RTE_CRYPTO_EC_GROUP_SECP224R1",
> + [RTE_CRYPTO_EC_GROUP_SECP256R1] =
> "RTE_CRYPTO_EC_GROUP_SECP256R1",
> + [RTE_CRYPTO_EC_GROUP_SECP384R1] =
> "RTE_CRYPTO_EC_GROUP_SECP384R1",
> + [RTE_CRYPTO_EC_GROUP_SECP521R1] =
> "RTE_CRYPTO_EC_GROUP_SECP521R1",
> +};
> +
> +/**
> * The private data structure stored in the sym session mempool private data.
> */
> struct rte_cryptodev_sym_session_pool_private_data {
> @@ -347,7 +368,7 @@ param_range_check(uint16_t size, const struct
> rte_crypto_param_range *range)
> return -1;
> }
>
> -const struct rte_cryptodev_asymmetric_xform_capability *
> +const struct rte_cryptodev_asymmetric_capability *
> rte_cryptodev_asym_capability_get(uint8_t dev_id,
> const struct rte_cryptodev_asym_capability_idx *idx)
> {
> @@ -363,8 +384,8 @@ rte_cryptodev_asym_capability_get(uint8_t dev_id,
> if (capability->op != RTE_CRYPTO_OP_TYPE_ASYMMETRIC)
> continue;
>
> - if (capability->asym.xform_capa.xform_type == idx->type)
> - return &capability->asym.xform_capa;
> + if (capability->asym.xform_type == idx->type)
> + return &capability->asym;
> }
> return NULL;
> };
> @@ -456,6 +477,59 @@ rte_cryptodev_asym_xform_capability_check_modlen(
> return 0;
> }
>
> +int
> +rte_cryptodev_capa_check_mod(
API name should be rte_cryptodev_mod_capa_check
Verb should come in the end.
Fix other APIs also.
> + const struct rte_cryptodev_asymmetric_capability *capa,
> + struct rte_crypto_mod_capability mod)
> +{
> + if (capa->mod.max_mod_size == 0)
> + return 1;
> +
> + if (mod.max_mod_size <= capa->mod.max_mod_size)
> + return 1;
> + else
> + return 0;
> +}
> +
> +int
> +rte_cryptodev_capa_check_rsa(
> + const struct rte_cryptodev_asymmetric_capability *capa,
> + struct rte_crypto_rsa_capability rsa)
> +{
> + if (rsa.padding != (capa->rsa.padding & rsa.padding))
> + return 0;
> + if (rsa.hash != (capa->rsa.hash & rsa.hash))
> + return 0;
> + if (capa->rsa.max_key_size == 0)
> + return 1;
> + if (rsa.max_key_size <= capa->rsa.max_key_size)
> + return 1;
> + else
> + return 0;
> +}
Can we have something similar to symmetric crypto/rte_security capabilities?
> +
> +int
> +rte_cryptodev_capa_check_ecdsa(
> + const struct rte_cryptodev_asymmetric_capability *capa,
> + struct rte_crypto_ecdsa_capability ecdsa)
> +{
> + if (ecdsa.curves != (capa->ecdsa.curves & ecdsa.curves))
> + return 0;
> + if (ecdsa.random_k == 1 && capa->ecdsa.random_k == 0)
> + return 0;
> + return 1;
> +}
> +
> +int
> +rte_cryptodev_capa_check_ecpm(
> + const struct rte_cryptodev_asymmetric_capability *capa,
> + struct rte_crypto_ecpm_capability ecpm)
> +{
> + if (ecpm.curves != (capa->ecpm.curves & ecpm.curves))
> + return 0;
> + return 1;
> +}
> +
> /* spinlock for crypto device enq callbacks */
> static rte_spinlock_t rte_cryptodev_callback_lock =
> RTE_SPINLOCK_INITIALIZER;
>
> diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
> index 2c2c2edeb7..6c5bd819b2 100644
> --- a/lib/cryptodev/rte_cryptodev.h
> +++ b/lib/cryptodev/rte_cryptodev.h
> @@ -184,6 +184,19 @@ struct rte_cryptodev_asymmetric_xform_capability {
> *
> */
> struct rte_cryptodev_asymmetric_capability {
> + enum rte_crypto_asym_xform_type xform_type;
> + /**< Asymmetric transform type */
> + uint32_t op_types;
> + /**< bitmask for supported rte_crypto_asym_op_type */
> + union {
> + struct rte_crypto_mod_capability mod;
> + struct rte_crypto_rsa_capability rsa;
> + struct rte_crypto_dh_capability dh;
> + struct rte_crypto_dsa_capability dsa;
> + struct rte_crypto_ecdsa_capability ecdsa;
> + struct rte_crypto_ecpm_capability ecpm;
> + };
> +
> struct rte_cryptodev_asymmetric_xform_capability xform_capa;
> };
>
> @@ -247,7 +260,7 @@ rte_cryptodev_sym_capability_get(uint8_t dev_id,
> * - Return NULL if the capability not exist.
> */
> __rte_experimental
> -const struct rte_cryptodev_asymmetric_xform_capability *
> +const struct rte_cryptodev_asymmetric_capability *
> rte_cryptodev_asym_capability_get(uint8_t dev_id,
> const struct rte_cryptodev_asym_capability_idx *idx);
>
> @@ -339,6 +352,66 @@ rte_cryptodev_asym_xform_capability_check_modlen(
> uint16_t modlen);
>
> /**
> + * Check if requested Modexp features are supported
> + *
> + * @param capability Description of the asymmetric crypto
> capability.
> + * @param mod Modexp requested capability.
> + *
> + * @return
> + * - Return 1 if the parameters are in range of the capability.
> + * - Return 0 if the parameters are out of range of the capability.
> + */
> +__rte_experimental
> +int
> +rte_cryptodev_capa_check_mod(
> + const struct rte_cryptodev_asymmetric_capability *capa,
> + struct rte_crypto_mod_capability mod);
> +/**
> + * Check if requested RSA features are supported
> + *
> + * @param capability Description of the asymmetric crypto
> capability.
> + * @param rsa RSA requested capability.
> + *
> + * @return
> + * - Return 1 if the parameters are in range of the capability.
> + * - Return 0 if the parameters are out of range of the capability.
> + */
> +__rte_experimental
> +int
> +rte_cryptodev_capa_check_rsa(
> + const struct rte_cryptodev_asymmetric_capability *capa,
> + struct rte_crypto_rsa_capability rsa);
> +/**
> + * Check if requested ECDSA features are supported
> + *
> + * @param capability Description of the asymmetric crypto
> capability.
> + * @param ecdsa ECDSA requested capability.
> + *
> + * @return
> + * - Return 1 if the parameters are in range of the capability.
> + * - Return 0 if the parameters are out of range of the capability.
> + */
> +__rte_experimental
> +int
> +rte_cryptodev_capa_check_ecdsa(
> + const struct rte_cryptodev_asymmetric_capability *capa,
> + struct rte_crypto_ecdsa_capability ecdsa);
> +/**
> + * Check if requested ECPM features are supported
> + *
> + * @param capability Description of the asymmetric crypto
> capability.
> + * @param ecpm ECPM requested capability.
> + *
> + * @return
> + * - Return 1 if the parameters are in range of the capability.
> + * - Return 0 if the parameters are out of range of the capability.
> + */
> +__rte_experimental
> +int
> +rte_cryptodev_capa_check_ecpm(
> + const struct rte_cryptodev_asymmetric_capability *capa,
> + struct rte_crypto_ecpm_capability ecpm);
> +/**
> * Provide the cipher algorithm enum, given an algorithm string
> *
> * @param algo_enum A pointer to the cipher algorithm
> diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
> index f0abfaa47d..4d93b9a947 100644
> --- a/lib/cryptodev/version.map
> +++ b/lib/cryptodev/version.map
> @@ -108,6 +108,10 @@ EXPERIMENTAL {
>
> #added in 22.07
> rte_cryptodev_session_event_mdata_set;
> + rte_cryptodev_capa_check_mod;
> + rte_cryptodev_capa_check_rsa;
> + rte_cryptodev_capa_check_ecdsa;
> + rte_cryptodev_capa_check_ecpm;
> };
>
> INTERNAL {
> --
> 2.13.6
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Thursday, May 26, 2022 2:54 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>
> Subject: RE: [EXT] [PATCH v2 14/14] cryptodev: add asym algorithms capabilities
>
> > - Added asymmetric crypto algorithm specific capability struct.
> > Included fields like random number capability, padding flags etc.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> > app/test-crypto-perf/main.c | 12 +-
> > app/test-eventdev/test_perf_common.c | 2 +-
> > app/test/test_cryptodev_asym.c | 210 +++++++++++++++++++++------
> > app/test/test_event_crypto_adapter.c | 16 +-
> > drivers/crypto/openssl/rte_openssl_pmd_ops.c | 128 +++++++---------
> > drivers/crypto/qat/dev/qat_asym_pmd_gen1.c | 68 +++++++--
> > lib/cryptodev/rte_crypto_asym.h | 48 ++++++
> > lib/cryptodev/rte_cryptodev.c | 80 +++++++++-
> > lib/cryptodev/rte_cryptodev.h | 75 +++++++++-
> > lib/cryptodev/version.map | 4 +
> > 10 files changed, 495 insertions(+), 148 deletions(-)
>
> This would also need a change in documentation.
>
> >
> > diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
> > index 17e30a8e74..f8a4c9cdcf 100644
> > --- a/app/test-crypto-perf/main.c
> > +++ b/app/test-crypto-perf/main.c
> > @@ -364,8 +364,8 @@ cperf_verify_devices_capabilities(struct
> > cperf_options *opts,
> > struct rte_cryptodev_sym_capability_idx cap_idx;
> > const struct rte_cryptodev_symmetric_capability *capability;
> > struct rte_cryptodev_asym_capability_idx asym_cap_idx;
> > - const struct rte_cryptodev_asymmetric_xform_capability
> > *asym_capability;
> > -
> > + const struct rte_cryptodev_asymmetric_capability *asym_capability;
> > + struct rte_crypto_mod_capability mod_capa = {0};
> >
> > uint8_t i, cdev_id;
> > int ret;
> > @@ -381,11 +381,11 @@ cperf_verify_devices_capabilities(struct
> > cperf_options *opts,
> > if (asym_capability == NULL)
> > return -1;
> >
> > - ret =
> > rte_cryptodev_asym_xform_capability_check_modlen(
> > - asym_capability, opts->modex_data-
> > >modulus.len);
> > - if (ret != 0)
> > + mod_capa.max_mod_size = opts->modex_data-
> > >modulus.len;
> > + ret = rte_cryptodev_capa_check_mod(asym_capability,
> > + mod_capa);
> > + if (ret == 0)
> > return ret;
> > -
> > }
> >
> > if (opts->op_type == CPERF_AUTH_ONLY || diff --git
> > a/app/test-eventdev/test_perf_common.c b/app/test-
> > eventdev/test_perf_common.c index b41785492e..ac8e6410ab 100644
> > --- a/app/test-eventdev/test_perf_common.c
> > +++ b/app/test-eventdev/test_perf_common.c
> > @@ -846,7 +846,7 @@ cryptodev_sym_sess_create(struct prod_data *p,
> > struct test_perf *t) static void * cryptodev_asym_sess_create(struct
> > prod_data *p, struct test_perf *t) {
> > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > + const struct rte_cryptodev_asymmetric_capability *capability;
> > struct rte_cryptodev_asym_capability_idx cap_idx;
> > struct rte_crypto_asym_xform xform;
> > void *sess;
> > diff --git a/app/test/test_cryptodev_asym.c
> > b/app/test/test_cryptodev_asym.c index 072dbb30f4..c531265642 100644
> > --- a/app/test/test_cryptodev_asym.c
> > +++ b/app/test/test_cryptodev_asym.c
> > @@ -311,10 +311,11 @@ test_cryptodev_asym_op(struct
> > crypto_testsuite_params_asym *ts_params,
> > struct rte_crypto_asym_xform xform_tc;
> > void *sess = NULL;
> > struct rte_cryptodev_asym_capability_idx cap_idx;
> > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > + const struct rte_cryptodev_asymmetric_capability *capability;
> > uint8_t dev_id = ts_params->valid_devs[0];
> > uint8_t input[TEST_DATA_SIZE] = {0};
> > uint8_t *result = NULL;
> > + struct rte_crypto_mod_capability mod_capa = {0};
> >
> > int ret, status = TEST_SUCCESS;
> >
> > @@ -358,8 +359,10 @@ test_cryptodev_asym_op(struct
> > crypto_testsuite_params_asym *ts_params,
> > asym_op->modex.base.length = data_tc->modex.base.len;
> > asym_op->modex.result.data = result;
> > asym_op->modex.result.length = data_tc->modex.result_len;
> > - if
> > (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> > - xform_tc.modex.modulus.length)) {
> > +
> > + mod_capa.max_mod_size = xform_tc.modex.modulus.length;
> > + if (!rte_cryptodev_capa_check_mod(capability,
> > + mod_capa)) {
> > snprintf(test_msg, ASYM_TEST_MSG_LEN,
> > "line %u "
> > "FAILED: %s", __LINE__,
> > @@ -378,8 +381,10 @@ test_cryptodev_asym_op(struct
> > crypto_testsuite_params_asym *ts_params,
> > asym_op->modinv.base.length = data_tc->modinv.base.len;
> > asym_op->modinv.result.data = result;
> > asym_op->modinv.result.length = data_tc->modinv.result_len;
> > - if
> > (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> > - xform_tc.modinv.modulus.length)) {
> > +
> > + mod_capa.max_mod_size = xform_tc.modinv.modulus.length;
> > + if (!rte_cryptodev_capa_check_mod(capability,
> > + mod_capa)) {
> > snprintf(test_msg, ASYM_TEST_MSG_LEN,
> > "line %u "
> > "FAILED: %s", __LINE__,
> > @@ -963,38 +968,100 @@ ut_teardown_asym(void)
> > rte_cryptodev_stop(ts_params->valid_devs[0]);
> > }
> >
> > -static inline void print_asym_capa(
> > - const struct rte_cryptodev_asymmetric_xform_capability
> > *capa)
> > +static void
> > +print_rsa_capability(
> > + const struct rte_cryptodev_asymmetric_capability *capa)
> > {
> > int i = 0;
> >
> > + printf("\nSupported paddings:");
> > + for (; i < 32; i++) {
> > + if (capa->rsa.padding & RTE_BIT32(i))
> > + printf("\n - %s", rte_crypto_asym_rsa_padding[i]);
> > + }
> > + printf("\nSupported hash functions:");
> > + for (i = 0; i < 32; i++) {
> > + if (capa->rsa.hash & RTE_BIT32(i))
> > + printf("\n - %s", rte_crypto_auth_algorithm_strings[i]);
> > + }
> > + printf("\nMaximum key size: ");
> > + if (capa->rsa.max_key_size == 0)
> > + printf("Unlimited");
> > + else
> > + printf("%hu", capa->rsa.max_key_size); }
> > +
> > +static void
> > +print_supported_curves(uint64_t curves) {
> > + int i = 0;
> > +
> > + printf("\nSupported elliptic curves:");
> > + for (; i < 64; i++) {
> > + if (curves & RTE_BIT64(i))
> > + printf("\n - %s", rte_crypto_curves_strings[i]);
> > + }
> > +}
> > +
> > +static inline void print_asym_capa(
> > + const struct rte_cryptodev_asymmetric_capability *capa) {
> > printf("\nxform type: %s\n===================\n",
> > rte_crypto_asym_xform_strings[capa->xform_type]);
> > - printf("operation supported -");
> >
> > - for (i = 0; i < RTE_CRYPTO_ASYM_OP_LIST_END; i++) {
> > - /* check supported operations */
> > - if (rte_cryptodev_asym_xform_capability_check_optype(capa,
> > i))
> > - printf(" %s",
> > - rte_crypto_asym_op_strings[i]);
> > - }
> > - switch (capa->xform_type) {
> > - case RTE_CRYPTO_ASYM_XFORM_RSA:
> > - case RTE_CRYPTO_ASYM_XFORM_MODINV:
> > - case RTE_CRYPTO_ASYM_XFORM_MODEX:
> > - case RTE_CRYPTO_ASYM_XFORM_DH:
> > - case RTE_CRYPTO_ASYM_XFORM_DSA:
> > - printf(" modlen: min %d max %d increment %d",
> > - capa->modlen.min,
> > - capa->modlen.max,
> > - capa->modlen.increment);
> > + switch (capa->xform_type) {
> > + case RTE_CRYPTO_ASYM_XFORM_MODEX:
> > + case RTE_CRYPTO_ASYM_XFORM_MODINV:
> > + printf("Maximum size of modulus: ");
> > + if (capa->mod.max_mod_size == 0)
> > + printf("Unlimited");
> > + else
> > + printf("%hu", capa->mod.max_mod_size);
> > break;
> > - case RTE_CRYPTO_ASYM_XFORM_ECDSA:
> > - case RTE_CRYPTO_ASYM_XFORM_ECPM:
> > - default:
> > - break;
> > - }
> > - printf("\n");
> > + case RTE_CRYPTO_ASYM_XFORM_RSA:
> > + print_rsa_capability(capa);
> > + break;
> > + case RTE_CRYPTO_ASYM_XFORM_DH:
>
> ECDH?? I hope it will be added once it is tested in this app.
>
> > + printf("Maximum group size: ");
> > + if (capa->dh.max_group_size == 0)
> > + printf("Unlimited");
> > + else
> > + printf("%hu", capa->dh.max_group_size);
> > + printf("\nSupport for private key generation: ");
> > + if (capa->dh.priv_key_gen)
> > + printf("Yes");
> > + else
> > + printf("No");
> > + break;
> > + case RTE_CRYPTO_ASYM_XFORM_DSA:
> > + printf("Maximum key size: ");
> > + if (capa->dsa.max_key_size == 0)
> > + printf("Unlimited");
> > + else
> > + printf("%hu", capa->dsa.max_key_size);
> > + printf("\nSupport for random 'k' generation: ");
> > + if (capa->dsa.random_k)
> > + printf("Yes");
> > + else
> > + printf("No");
> > + break;
> > +
> > + break;
> > + case RTE_CRYPTO_ASYM_XFORM_ECDSA:
> > + print_supported_curves(capa->ecdsa.curves);
> > + printf("\nSupport for random 'k' generation: ");
> > + if (capa->ecdsa.random_k)
> > + printf("Yes");
> > + else
> > + printf("No");
> > + break;
> > + case RTE_CRYPTO_ASYM_XFORM_ECPM:
> > + print_supported_curves(capa->ecpm.curves);
> > + break;
> > + default:
> > + break;
> > + }
> > + printf("\n");
> > }
> >
> > static int
> > @@ -1006,7 +1073,7 @@ test_capability(void)
> > const struct rte_cryptodev_capabilities *dev_capa;
> > int i = 0;
> > struct rte_cryptodev_asym_capability_idx idx;
> > - const struct rte_cryptodev_asymmetric_xform_capability *capa;
> > + const struct rte_cryptodev_asymmetric_capability *capa;
> >
> > rte_cryptodev_info_get(dev_id, &dev_info);
> > if (!(dev_info.feature_flags &
> > @@ -1023,7 +1090,7 @@ test_capability(void)
> > dev_capa = &(dev_info.capabilities[i]);
> > if (dev_info.capabilities[i].op ==
> > RTE_CRYPTO_OP_TYPE_ASYMMETRIC) {
> > - idx.type = dev_capa->asym.xform_capa.xform_type;
> > + idx.type = dev_capa->asym.xform_type;
> >
> > capa = rte_cryptodev_asym_capability_get(dev_id,
> > (const struct
> > @@ -1386,10 +1453,11 @@ test_mod_inv(void)
> > void *sess = NULL;
> > int status = TEST_SUCCESS;
> > struct rte_cryptodev_asym_capability_idx cap_idx;
> > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > + const struct rte_cryptodev_asymmetric_capability *capability;
> > uint8_t input[TEST_DATA_SIZE] = {0};
> > int ret = 0;
> > uint8_t result[sizeof(mod_p)] = { 0 };
> > + struct rte_crypto_mod_capability mod_capa = {0};
> >
> > if (rte_cryptodev_asym_get_xform_enum(
> > &modinv_xform.xform_type, "modinv") < 0) { @@ -1408,13
> +1476,11 @@
> > test_mod_inv(void)
> > return TEST_SKIPPED;
> > }
> >
> > - if (rte_cryptodev_asym_xform_capability_check_modlen(
> > - capability,
> > - modinv_xform.modinv.modulus.length)) {
> > - RTE_LOG(ERR, USER1,
> > - "Invalid MODULUS length specified\n");
> > - return TEST_SKIPPED;
> > - }
> > + mod_capa.max_mod_size = modinv_xform.modinv.modulus.length;
> > + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> > + RTE_LOG(ERR, USER1, "Invalid MODULUS length specified\n");
> > + return TEST_SKIPPED;
> > + }
> >
> > ret = rte_cryptodev_asym_session_create(dev_id, &modinv_xform,
> > sess_mpool, &sess);
> > if (ret < 0) {
> > @@ -1499,7 +1565,8 @@ test_mod_exp(void)
> > void *sess = NULL;
> > int status = TEST_SUCCESS;
> > struct rte_cryptodev_asym_capability_idx cap_idx;
> > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > + const struct rte_cryptodev_asymmetric_capability *capability;
> > + struct rte_crypto_mod_capability mod_capa = {0};
> > uint8_t input[TEST_DATA_SIZE] = {0};
> > int ret = 0;
> > uint8_t result[sizeof(mod_p)] = { 0 }; @@ -1522,12 +1589,11 @@
> > test_mod_exp(void)
> > return TEST_SKIPPED;
> > }
> >
> > - if (rte_cryptodev_asym_xform_capability_check_modlen(
> > - capability, modex_xform.modex.modulus.length)) {
> > - RTE_LOG(ERR, USER1,
> > - "Invalid MODULUS length specified\n");
> > - return TEST_SKIPPED;
> > - }
> > + mod_capa.max_mod_size = modex_xform.modex.modulus.length;
> > + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> > + RTE_LOG(ERR, USER1, "Invalid MODULUS length specified\n");
> > + return TEST_SKIPPED;
> > + }
> >
> > /* Create op, create session, and process packets. 8< */
> > op = rte_crypto_op_alloc(op_mpool,
> > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > @@ -1785,6 +1851,8 @@ test_ecdsa_sign_verify(enum curve curve_id)
> > struct rte_crypto_asym_xform xform;
> > struct rte_crypto_asym_op *asym_op;
> > struct rte_cryptodev_info dev_info;
> > + struct rte_cryptodev_asym_capability_idx idx;
> > + const struct rte_cryptodev_asymmetric_capability *capabilities;
> > struct rte_crypto_op *op = NULL;
> > int ret, status = TEST_SUCCESS;
> >
> > @@ -1814,6 +1882,25 @@ test_ecdsa_sign_verify(enum curve curve_id)
> >
> > rte_cryptodev_info_get(dev_id, &dev_info);
> >
> > + struct rte_crypto_ecdsa_capability capa = {
> > + .curves = RTE_BIT32(input_params.curve),
> > + .random_k = 0
> > + };
> > +
> > + idx.type = RTE_CRYPTO_ASYM_XFORM_ECDSA;
> > + capabilities = rte_cryptodev_asym_capability_get(dev_id,
> > + (const struct
> > + rte_cryptodev_asym_capability_idx *) &idx);
> > +
> > + if (capabilities == NULL) {
> > + status = TEST_SKIPPED;
> > + goto exit;
> > + }
> > + if (!rte_cryptodev_capa_check_ecdsa(capabilities, capa)) {
> > + status = TEST_SKIPPED;
> > + goto exit;
> > + }
> > +
> > /* Setup crypto op data structure */
> > op = rte_crypto_op_alloc(op_mpool,
> > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > if (op == NULL) {
> > @@ -1962,6 +2049,8 @@ test_ecdsa_sign_verify_all_curve(void)
> > status = test_ecdsa_sign_verify(curve_id);
> > if (status == TEST_SUCCESS) {
> > msg = "succeeded";
> > + } else if (status == TEST_SKIPPED) {
> > + continue;
> > } else {
> > msg = "failed";
> > overall_status = status;
> > @@ -1987,6 +2076,8 @@ test_ecpm(enum curve curve_id)
> > struct rte_crypto_asym_xform xform;
> > struct rte_crypto_asym_op *asym_op;
> > struct rte_cryptodev_info dev_info;
> > + struct rte_cryptodev_asym_capability_idx idx;
> > + const struct rte_cryptodev_asymmetric_capability *capabilities;
> > struct rte_crypto_op *op = NULL;
> > int ret, status = TEST_SUCCESS;
> >
> > @@ -2016,6 +2107,24 @@ test_ecpm(enum curve curve_id)
> >
> > rte_cryptodev_info_get(dev_id, &dev_info);
> >
> > + struct rte_crypto_ecdsa_capability capa = {
> > + .curves = RTE_BIT32(input_params.curve)
> > + };
> > +
> > + idx.type = RTE_CRYPTO_ASYM_XFORM_ECPM;
> > + capabilities = rte_cryptodev_asym_capability_get(dev_id,
> > + (const struct
> > + rte_cryptodev_asym_capability_idx *) &idx);
> > +
> > + if (capabilities == NULL) {
> > + status = TEST_SKIPPED;
> > + goto exit;
> > + }
> > + if (!rte_cryptodev_capa_check_ecdsa(capabilities, capa)) {
> > + status = TEST_SKIPPED;
> > + goto exit;
> > + }
> > +
> > /* Setup crypto op data structure */
> > op = rte_crypto_op_alloc(op_mpool,
> > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > if (op == NULL) {
> > @@ -2124,6 +2233,8 @@ test_ecpm_all_curve(void)
> > status = test_ecpm(curve_id);
> > if (status == TEST_SUCCESS) {
> > msg = "succeeded";
> > + } else if (status == TEST_SKIPPED) {
> > + continue;
> > } else {
> > msg = "failed";
> > overall_status = status;
> > @@ -2162,7 +2273,12 @@ static struct unit_test_suite
> > cryptodev_qat_asym_testsuite = {
> > .setup = testsuite_setup,
> > .teardown = testsuite_teardown,
> > .unit_test_cases = {
> > + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > test_capability),
> > TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> test_one_by_one),
> > + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > + test_ecdsa_sign_verify_all_curve),
> > + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > + test_ecpm_all_curve),
> > TEST_CASES_END() /**< NULL terminate unit test array */
> > }
> > };
>
> I think patch need to be split for adding test app changes.
>
>
> > diff --git a/app/test/test_event_crypto_adapter.c
> > b/app/test/test_event_crypto_adapter.c
> > index 2ecc7e2cea..9a62241371 100644
> > --- a/app/test/test_event_crypto_adapter.c
> > +++ b/app/test/test_event_crypto_adapter.c
> > @@ -450,7 +450,7 @@ test_session_with_op_forward_mode(void)
> > static int
> > test_asym_op_forward_mode(uint8_t session_less) {
> > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > + const struct rte_cryptodev_asymmetric_capability *capability;
> > struct rte_cryptodev_asym_capability_idx cap_idx;
> > struct rte_crypto_asym_xform xform_tc;
> > union rte_event_crypto_metadata m_data; @@ -458,6 +458,7 @@
> > test_asym_op_forward_mode(uint8_t session_less)
> > struct rte_crypto_asym_op *asym_op;
> > struct rte_crypto_op *op;
> > uint8_t input[4096] = {0};
> > + struct rte_crypto_mod_capability mod_capa = {0};
> > uint8_t *result = NULL;
> > struct rte_event ev;
> > void *sess = NULL;
> > @@ -503,8 +504,9 @@ test_asym_op_forward_mode(uint8_t session_less)
> > asym_op->modex.base.length = modex_test_case.base.len;
> > asym_op->modex.result.data = result;
> > asym_op->modex.result.length = modex_test_case.result_len;
> > - if (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> > - xform_tc.modex.modulus.length)) {
> > +
> > + mod_capa.max_mod_size = xform_tc.modex.modulus.length;
> > + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> > RTE_LOG(INFO, USER1,
> > "line %u FAILED: %s", __LINE__,
> > "Invalid MODULUS length specified"); @@ -784,7
> +786,7 @@
> > test_session_with_op_new_mode(void)
> > static int
> > test_asym_op_new_mode(uint8_t session_less) {
> > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > + const struct rte_cryptodev_asymmetric_capability *capability;
> > struct rte_cryptodev_asym_capability_idx cap_idx;
> > struct rte_crypto_asym_xform xform_tc;
> > union rte_event_crypto_metadata m_data; @@ -792,6 +794,7 @@
> > test_asym_op_new_mode(uint8_t session_less)
> > struct rte_crypto_asym_op *asym_op;
> > struct rte_crypto_op *op;
> > uint8_t input[4096] = {0};
> > + struct rte_crypto_mod_capability mod_capa = {0};
>
> Can you move this above to maintain reverse Xmas tree?
>
> > uint8_t *result = NULL;
> > void *sess = NULL;
> > uint32_t cap;
> > @@ -835,8 +838,9 @@ test_asym_op_new_mode(uint8_t session_less)
> > asym_op->modex.base.length = modex_test_case.base.len;
> > asym_op->modex.result.data = result;
> > asym_op->modex.result.length = modex_test_case.result_len;
> > - if (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> > - xform_tc.modex.modulus.length)) {
> > +
> > + mod_capa.max_mod_size = xform_tc.modex.modulus.length;
> > + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> > RTE_LOG(INFO, USER1,
> > "line %u FAILED: %s", __LINE__,
> > "Invalid MODULUS length specified"); diff --git
> > a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > index 16ec5e15eb..e734fc2a69 100644
> > --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > @@ -7,6 +7,7 @@
> > #include <rte_common.h>
> > #include <rte_malloc.h>
> > #include <cryptodev_pmd.h>
> > +#include <rte_bitops.h>
> >
> > #include "openssl_pmd_private.h"
> > #include "compat.h"
> > @@ -470,103 +471,82 @@ static const struct rte_cryptodev_capabilities
> > openssl_pmd_capabilities[] = {
> > }, }
> > }, }
> > },
> > - { /* RSA */
> > + { /* Modular exponentiation */
> > .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > {.asym = {
> > - .xform_capa = {
> > - .xform_type =
> > RTE_CRYPTO_ASYM_XFORM_RSA,
> > - .op_types = ((1 <<
> > RTE_CRYPTO_ASYM_OP_SIGN) |
> > - (1 << RTE_CRYPTO_ASYM_OP_VERIFY)
> > |
> > - (1 <<
> > RTE_CRYPTO_ASYM_OP_ENCRYPT) |
> > - (1 <<
> > RTE_CRYPTO_ASYM_OP_DECRYPT)),
> > - {
> > - .modlen = {
> > - /* min length is based on openssl rsa keygen */
> > - .min = 30,
> > - /* value 0 symbolizes no limit on max length */
> > - .max = 0,
> > - .increment = 1
> > - }, }
> > + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
> > + .mod = {
> > + .max_mod_size = 0
> > + }
> > }
> > - },
> > }
> > },
> > - { /* modexp */
> > + { /* Modular multiplicative inverse */
> > .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > {.asym = {
> > - .xform_capa = {
> > - .xform_type =
> > RTE_CRYPTO_ASYM_XFORM_MODEX,
> > - .op_types = 0,
> > - {
> > - .modlen = {
> > - /* value 0 symbolizes no limit on min length */
> > - .min = 0,
> > - /* value 0 symbolizes no limit on max length */
> > - .max = 0,
> > - .increment = 1
> > - }, }
> > + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
> > + .mod = {
> > + .max_mod_size = 0
> > + }
> > }
> > - },
> > }
> > },
> > - { /* modinv */
> > + { /* RSA */
> > .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > {.asym = {
> > - .xform_capa = {
> > - .xform_type =
> > RTE_CRYPTO_ASYM_XFORM_MODINV,
> > - .op_types = 0,
> > - {
> > - .modlen = {
> > - /* value 0 symbolizes no limit on min length */
> > - .min = 0,
> > - /* value 0 symbolizes no limit on max length */
> > - .max = 0,
> > - .increment = 1
> > - }, }
> > + .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
> > + .rsa = {
> > + .padding =
> > +
> > RTE_BIT32(RTE_CRYPTO_RSA_PADDING_NONE) |
> > +
> > RTE_BIT32(RTE_CRYPTO_RSA_PADDING_PKCS1_5),
> > + .hash =
> > + RTE_BIT32(RTE_CRYPTO_AUTH_MD5)
> > |
> > + RTE_BIT32(RTE_CRYPTO_AUTH_SHA1)
> > |
> > +
> > RTE_BIT32(RTE_CRYPTO_AUTH_SHA224) |
> > +
> > RTE_BIT32(RTE_CRYPTO_AUTH_SHA256) |
> > +
> > RTE_BIT32(RTE_CRYPTO_AUTH_SHA384) |
> > +
> > RTE_BIT32(RTE_CRYPTO_AUTH_SHA512),
> > + .max_key_size = 0
> > + }
> > }
> > - },
> > }
> > },
> > - { /* dh */
> > + { /* Diffie-Hellman */
> > .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > {.asym = {
> > - .xform_capa = {
> > - .xform_type =
> > RTE_CRYPTO_ASYM_XFORM_DH,
> > - .op_types =
> > -
> > ((1<<RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE) |
> > - (1 <<
> > RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE |
> > - (1 <<
> > -
> > RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE))),
> > - {
> > - .modlen = {
> > - /* value 0 symbolizes no limit on min length */
> > - .min = 0,
> > - /* value 0 symbolizes no limit on max length */
> > - .max = 0,
> > - .increment = 1
> > - }, }
> > + .xform_type = RTE_CRYPTO_ASYM_XFORM_DH,
> > + .dh = {
> > + .max_group_size = 0,
> > + .priv_key_gen = 1
> > + }
> > }
> > - },
> > }
> > },
> > - { /* dsa */
> > + { /* DSA */
> > .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > {.asym = {
> > - .xform_capa = {
> > - .xform_type =
> > RTE_CRYPTO_ASYM_XFORM_DSA,
> > - .op_types =
> > - ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
> > - (1 << RTE_CRYPTO_ASYM_OP_VERIFY)),
> > - {
> > - .modlen = {
> > - /* value 0 symbolizes no limit on min length */
> > - .min = 0,
> > - /* value 0 symbolizes no limit on max length */
> > - .max = 0,
> > - .increment = 1
> > - }, }
> > + .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA,
> > + .dsa = {
> > + .max_key_size = 0,
> > + .random_k = 1
> > + }
> > + }
> > + }
> > + },
> > + { /* ECDSA */
> > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > + {.asym = {
> > + .xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
> > + .ecdsa = {
> > + .curves =
> > +
> > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP192R1) |
> > +
> > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP224R1) |
> > +
> > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
> > +
> > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP384R1) |
> > +
> > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1),
> > + .random_k = 1
> > + }
> > }
> > - },
> > }
> > },
> >
>
> Do not combine PMD changes for capabilities in cryptodev patch for new APIs.
>
>
> > diff --git a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> > b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> > index 4499fdaf2d..d5144bca84 100644
> > --- a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> > +++ b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> > @@ -28,16 +28,64 @@ struct rte_cryptodev_ops qat_asym_crypto_ops_gen1
> > = { };
> >
> > static struct rte_cryptodev_capabilities qat_asym_crypto_caps_gen1[] = {
> > - QAT_ASYM_CAP(MODEX,
> > - 0, 1, 512, 1),
> > - QAT_ASYM_CAP(MODINV,
> > - 0, 1, 512, 1),
> > - QAT_ASYM_CAP(RSA,
> > - ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
> > - (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
> > - (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
> > - (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
> > - 64, 512, 64),
> > + { /* Modular exponentiation */
> > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > + {.asym = {
> > + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
> > + .mod = {
> > + .max_mod_size = 4096
> > + }
> > + }
> > + }
> > + },
> > + { /* Modular multiplicative inverse */
> > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > + {.asym = {
> > + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
> > + .mod = {
> > + .max_mod_size = 4096
> > + }
> > + }
> > + }
> > + },
> > + { /* RSA */
> > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > + {.asym = {
> > + .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
> > + .rsa = {
> > + .padding =
> > +
> > RTE_BIT32(RTE_CRYPTO_RSA_PADDING_NONE),
> > + .hash = 0,
> > + .max_key_size = 4096
> > + }
> > + }
> > + }
> > + },
> > + { /* ECDSA */
> > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > + {.asym = {
> > + .xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
> > + .ecdsa = {
> > + .curves =
> > +
> > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
> > +
> > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1),
> > + .random_k = 0
> > + }
> > + }
> > + }
> > + },
> > + { /* ECPM */
> > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > + {.asym = {
> > + .xform_type = RTE_CRYPTO_ASYM_XFORM_ECPM,
> > + .ecdsa = {
> > + .curves =
> > +
> > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
> > +
> > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1)
> > + }
> > + }
> > + }
> > + },
> > RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
> > };
> >
> > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > b/lib/cryptodev/rte_crypto_asym.h index d90a7a1957..41b22450d3 100644
> > --- a/lib/cryptodev/rte_crypto_asym.h
> > +++ b/lib/cryptodev/rte_crypto_asym.h
> > @@ -41,6 +41,14 @@ rte_crypto_asym_ke_strings[]; extern const char *
> > rte_crypto_asym_op_strings[];
> >
> > +/** RSA padding type name strings */
> > +extern const char *
> > +rte_crypto_asym_rsa_padding[];
>
> rte_crypto_asym_rsa_padding_strings
>
> > +
> > +/** Elliptic curves name strings */
> > +extern const char *
> > +rte_crypto_curves_strings[];
> > +
> > /**
> > * Buffer to hold crypto params required for asym operations.
> > *
> > @@ -265,6 +273,46 @@ struct rte_crypto_rsa_padding {
> > */
> > };
> >
> > +struct rte_crypto_mod_capability {
> > + uint16_t max_mod_size;
> > + /**< Maximum supported modulus size in bytes, 0 means no limit */ };
> > +
> > +struct rte_crypto_rsa_capability {
> > + uint32_t padding;
> > + /**< List of supported paddings */
> How is this list supposed to work?
> I believe this should be enum to specify a single value.
> Driver can maintain a static array to list all supported ones.
> And application can query if a particular capability which it intend to use Is
> supported by the PMD.
>
> > + uint32_t hash;
> > + /**< List of supported hash functions */
> Same comment here as well
>
> > + uint32_t max_key_size;
> > + /**< Maximum supported key size in bytes, 0 means no limit */ };
> > +
> > +struct rte_crypto_dh_capability {
> > + uint16_t max_group_size;
> > + /**< Maximum group in bytes, 0 means no limit */
> Maximum group size in bytes ...
>
> > + uint8_t priv_key_gen;
> > + /**< Does PMD supports private key generation generation */
> Is it a flag? Please comment it properly.
>
> > +};
> > +
> > +struct rte_crypto_dsa_capability {
> > + uint16_t max_key_size;
> > + /**< Maximum supported key size in bytes, 0 means no limit */
> > + uint8_t random_k;
> > + /**< Does PMD supports random 'k' generation */
>
> Comments should not ask questions.
>
> > +};
> > +
> > +struct rte_crypto_ecdsa_capability {
> > + uint64_t curves;
> > + /**< Supported elliptic curve ids */
> Shouldn't this also be enum?
>
> > + uint8_t random_k;
> > + /**< Does PMD supports random 'k' generation */
>
> Same comment as above.
> > +};
> > +
> > +struct rte_crypto_ecpm_capability {
> > + uint64_t curves;
> > + /**< Supported elliptic curve ids */
>
> Enum??
>
> > +};
> > +
> > /**
> > * Asymmetric RSA transform data
> > *
> > diff --git a/lib/cryptodev/rte_cryptodev.c
> > b/lib/cryptodev/rte_cryptodev.c index 57ee6b3f07..b1ad1112fe 100644
> > --- a/lib/cryptodev/rte_cryptodev.c
> > +++ b/lib/cryptodev/rte_cryptodev.c
> > @@ -190,6 +190,27 @@ const char *rte_crypto_asym_ke_strings[] = { };
> >
> > /**
> > + * RSA padding string identifiers
> > + */
> > +const char *rte_crypto_asym_rsa_padding[] = {
> > + [RTE_CRYPTO_RSA_PADDING_NONE] =
> > "RTE_CRYPTO_RSA_PADDING_NONE",
> > + [RTE_CRYPTO_RSA_PADDING_PKCS1_5] =
> > "RTE_CRYPTO_RSA_PADDING_PKCS1_5",
> > + [RTE_CRYPTO_RSA_PADDING_OAEP] =
> > "RTE_CRYPTO_RSA_PADDING_OAEP",
> > + [RTE_CRYPTO_RSA_PADDING_PSS] =
> > "RTE_CRYPTO_RSA_PADDING_PSS"
> > +};
> > +
> > +/**
> > + * Elliptic curves string identifiers */ const char
> > +*rte_crypto_curves_strings[] = {
> > + [RTE_CRYPTO_EC_GROUP_SECP192R1] =
> > "RTE_CRYPTO_EC_GROUP_SECP192R1",
> > + [RTE_CRYPTO_EC_GROUP_SECP224R1] =
> > "RTE_CRYPTO_EC_GROUP_SECP224R1",
> > + [RTE_CRYPTO_EC_GROUP_SECP256R1] =
> > "RTE_CRYPTO_EC_GROUP_SECP256R1",
> > + [RTE_CRYPTO_EC_GROUP_SECP384R1] =
> > "RTE_CRYPTO_EC_GROUP_SECP384R1",
> > + [RTE_CRYPTO_EC_GROUP_SECP521R1] =
> > "RTE_CRYPTO_EC_GROUP_SECP521R1",
> > +};
> > +
> > +/**
> > * The private data structure stored in the sym session mempool private data.
> > */
> > struct rte_cryptodev_sym_session_pool_private_data { @@ -347,7 +368,7
> > @@ param_range_check(uint16_t size, const struct
> > rte_crypto_param_range *range)
> > return -1;
> > }
> >
> > -const struct rte_cryptodev_asymmetric_xform_capability *
> > +const struct rte_cryptodev_asymmetric_capability *
> > rte_cryptodev_asym_capability_get(uint8_t dev_id,
> > const struct rte_cryptodev_asym_capability_idx *idx) { @@ -
> 363,8
> > +384,8 @@ rte_cryptodev_asym_capability_get(uint8_t dev_id,
> > if (capability->op != RTE_CRYPTO_OP_TYPE_ASYMMETRIC)
> > continue;
> >
> > - if (capability->asym.xform_capa.xform_type == idx->type)
> > - return &capability->asym.xform_capa;
> > + if (capability->asym.xform_type == idx->type)
> > + return &capability->asym;
> > }
> > return NULL;
> > };
> > @@ -456,6 +477,59 @@
> rte_cryptodev_asym_xform_capability_check_modlen(
> > return 0;
> > }
> >
> > +int
> > +rte_cryptodev_capa_check_mod(
>
> API name should be rte_cryptodev_mod_capa_check Verb should come in the
> end.
> Fix other APIs also.
>
> > + const struct rte_cryptodev_asymmetric_capability *capa,
> > + struct rte_crypto_mod_capability mod) {
> > + if (capa->mod.max_mod_size == 0)
> > + return 1;
> > +
> > + if (mod.max_mod_size <= capa->mod.max_mod_size)
> > + return 1;
> > + else
> > + return 0;
> > +}
> > +
> > +int
> > +rte_cryptodev_capa_check_rsa(
> > + const struct rte_cryptodev_asymmetric_capability *capa,
> > + struct rte_crypto_rsa_capability rsa) {
> > + if (rsa.padding != (capa->rsa.padding & rsa.padding))
> > + return 0;
> > + if (rsa.hash != (capa->rsa.hash & rsa.hash))
> > + return 0;
> > + if (capa->rsa.max_key_size == 0)
> > + return 1;
> > + if (rsa.max_key_size <= capa->rsa.max_key_size)
> > + return 1;
> > + else
> > + return 0;
> > +}
>
> Can we have something similar to symmetric crypto/rte_security capabilities?
In what way similar? There are mostly range checks in symmetric.
>
> > +
> > +int
> > +rte_cryptodev_capa_check_ecdsa(
> > + const struct rte_cryptodev_asymmetric_capability *capa,
> > + struct rte_crypto_ecdsa_capability ecdsa) {
> > + if (ecdsa.curves != (capa->ecdsa.curves & ecdsa.curves))
> > + return 0;
> > + if (ecdsa.random_k == 1 && capa->ecdsa.random_k == 0)
> > + return 0;
> > + return 1;
> > +}
> > +
> > +int
> > +rte_cryptodev_capa_check_ecpm(
> > + const struct rte_cryptodev_asymmetric_capability *capa,
> > + struct rte_crypto_ecpm_capability ecpm) {
> > + if (ecpm.curves != (capa->ecpm.curves & ecpm.curves))
> > + return 0;
> > + return 1;
> > +}
> > +
> > /* spinlock for crypto device enq callbacks */ static rte_spinlock_t
> > rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
> >
> > diff --git a/lib/cryptodev/rte_cryptodev.h
> > b/lib/cryptodev/rte_cryptodev.h index 2c2c2edeb7..6c5bd819b2 100644
> > --- a/lib/cryptodev/rte_cryptodev.h
> > +++ b/lib/cryptodev/rte_cryptodev.h
> > @@ -184,6 +184,19 @@ struct rte_cryptodev_asymmetric_xform_capability {
> > *
> > */
> > struct rte_cryptodev_asymmetric_capability {
> > + enum rte_crypto_asym_xform_type xform_type;
> > + /**< Asymmetric transform type */
> > + uint32_t op_types;
> > + /**< bitmask for supported rte_crypto_asym_op_type */
> > + union {
> > + struct rte_crypto_mod_capability mod;
> > + struct rte_crypto_rsa_capability rsa;
> > + struct rte_crypto_dh_capability dh;
> > + struct rte_crypto_dsa_capability dsa;
> > + struct rte_crypto_ecdsa_capability ecdsa;
> > + struct rte_crypto_ecpm_capability ecpm;
> > + };
> > +
> > struct rte_cryptodev_asymmetric_xform_capability xform_capa; };
> >
> > @@ -247,7 +260,7 @@ rte_cryptodev_sym_capability_get(uint8_t dev_id,
> > * - Return NULL if the capability not exist.
> > */
> > __rte_experimental
> > -const struct rte_cryptodev_asymmetric_xform_capability *
> > +const struct rte_cryptodev_asymmetric_capability *
> > rte_cryptodev_asym_capability_get(uint8_t dev_id,
> > const struct rte_cryptodev_asym_capability_idx *idx);
> >
> > @@ -339,6 +352,66 @@
> rte_cryptodev_asym_xform_capability_check_modlen(
> > uint16_t modlen);
> >
> > /**
> > + * Check if requested Modexp features are supported
> > + *
> > + * @param capability Description of the asymmetric crypto
> > capability.
> > + * @param mod Modexp requested capability.
> > + *
> > + * @return
> > + * - Return 1 if the parameters are in range of the capability.
> > + * - Return 0 if the parameters are out of range of the capability.
> > + */
> > +__rte_experimental
> > +int
> > +rte_cryptodev_capa_check_mod(
> > + const struct rte_cryptodev_asymmetric_capability *capa,
> > + struct rte_crypto_mod_capability mod);
> > +/**
> > + * Check if requested RSA features are supported
> > + *
> > + * @param capability Description of the asymmetric crypto
> > capability.
> > + * @param rsa RSA requested capability.
> > + *
> > + * @return
> > + * - Return 1 if the parameters are in range of the capability.
> > + * - Return 0 if the parameters are out of range of the capability.
> > + */
> > +__rte_experimental
> > +int
> > +rte_cryptodev_capa_check_rsa(
> > + const struct rte_cryptodev_asymmetric_capability *capa,
> > + struct rte_crypto_rsa_capability rsa);
> > +/**
> > + * Check if requested ECDSA features are supported
> > + *
> > + * @param capability Description of the asymmetric crypto
> > capability.
> > + * @param ecdsa ECDSA requested capability.
> > + *
> > + * @return
> > + * - Return 1 if the parameters are in range of the capability.
> > + * - Return 0 if the parameters are out of range of the capability.
> > + */
> > +__rte_experimental
> > +int
> > +rte_cryptodev_capa_check_ecdsa(
> > + const struct rte_cryptodev_asymmetric_capability *capa,
> > + struct rte_crypto_ecdsa_capability ecdsa);
> > +/**
> > + * Check if requested ECPM features are supported
> > + *
> > + * @param capability Description of the asymmetric crypto
> > capability.
> > + * @param ecpm ECPM requested capability.
> > + *
> > + * @return
> > + * - Return 1 if the parameters are in range of the capability.
> > + * - Return 0 if the parameters are out of range of the capability.
> > + */
> > +__rte_experimental
> > +int
> > +rte_cryptodev_capa_check_ecpm(
> > + const struct rte_cryptodev_asymmetric_capability *capa,
> > + struct rte_crypto_ecpm_capability ecpm);
> > +/**
> > * Provide the cipher algorithm enum, given an algorithm string
> > *
> > * @param algo_enum A pointer to the cipher algorithm
> > diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
> > index f0abfaa47d..4d93b9a947 100644
> > --- a/lib/cryptodev/version.map
> > +++ b/lib/cryptodev/version.map
> > @@ -108,6 +108,10 @@ EXPERIMENTAL {
> >
> > #added in 22.07
> > rte_cryptodev_session_event_mdata_set;
> > + rte_cryptodev_capa_check_mod;
> > + rte_cryptodev_capa_check_rsa;
> > + rte_cryptodev_capa_check_ecdsa;
> > + rte_cryptodev_capa_check_ecpm;
> > };
> >
> > INTERNAL {
> > --
> > 2.13.6
> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: Thursday, May 26, 2022 7:49 PM
> To: Akhil Goyal <gakhil@marvell.com>; dev@dpdk.org
> Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>
> Subject: RE: [EXT] [PATCH v2 14/14] cryptodev: add asym algorithms capabilities
>
>
>
> > -----Original Message-----
> > From: Akhil Goyal <gakhil@marvell.com>
> > Sent: Thursday, May 26, 2022 2:54 PM
> > To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> > Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>
> > Subject: RE: [EXT] [PATCH v2 14/14] cryptodev: add asym algorithms
> capabilities
> >
> > > - Added asymmetric crypto algorithm specific capability struct.
> > > Included fields like random number capability, padding flags etc.
> > >
> > > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > ---
> > > app/test-crypto-perf/main.c | 12 +-
> > > app/test-eventdev/test_perf_common.c | 2 +-
> > > app/test/test_cryptodev_asym.c | 210 +++++++++++++++++++++----
> --
> > > app/test/test_event_crypto_adapter.c | 16 +-
> > > drivers/crypto/openssl/rte_openssl_pmd_ops.c | 128 +++++++---------
> > > drivers/crypto/qat/dev/qat_asym_pmd_gen1.c | 68 +++++++--
> > > lib/cryptodev/rte_crypto_asym.h | 48 ++++++
> > > lib/cryptodev/rte_cryptodev.c | 80 +++++++++-
> > > lib/cryptodev/rte_cryptodev.h | 75 +++++++++-
> > > lib/cryptodev/version.map | 4 +
> > > 10 files changed, 495 insertions(+), 148 deletions(-)
> >
> > This would also need a change in documentation.
> >
> > >
> > > diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
> > > index 17e30a8e74..f8a4c9cdcf 100644
> > > --- a/app/test-crypto-perf/main.c
> > > +++ b/app/test-crypto-perf/main.c
> > > @@ -364,8 +364,8 @@ cperf_verify_devices_capabilities(struct
> > > cperf_options *opts,
> > > struct rte_cryptodev_sym_capability_idx cap_idx;
> > > const struct rte_cryptodev_symmetric_capability *capability;
> > > struct rte_cryptodev_asym_capability_idx asym_cap_idx;
> > > - const struct rte_cryptodev_asymmetric_xform_capability
> > > *asym_capability;
> > > -
> > > + const struct rte_cryptodev_asymmetric_capability *asym_capability;
> > > + struct rte_crypto_mod_capability mod_capa = {0};
> > >
> > > uint8_t i, cdev_id;
> > > int ret;
> > > @@ -381,11 +381,11 @@ cperf_verify_devices_capabilities(struct
> > > cperf_options *opts,
> > > if (asym_capability == NULL)
> > > return -1;
> > >
> > > - ret =
> > > rte_cryptodev_asym_xform_capability_check_modlen(
> > > - asym_capability, opts->modex_data-
> > > >modulus.len);
> > > - if (ret != 0)
> > > + mod_capa.max_mod_size = opts->modex_data-
> > > >modulus.len;
> > > + ret = rte_cryptodev_capa_check_mod(asym_capability,
> > > + mod_capa);
> > > + if (ret == 0)
> > > return ret;
> > > -
> > > }
> > >
> > > if (opts->op_type == CPERF_AUTH_ONLY || diff --git
> > > a/app/test-eventdev/test_perf_common.c b/app/test-
> > > eventdev/test_perf_common.c index b41785492e..ac8e6410ab 100644
> > > --- a/app/test-eventdev/test_perf_common.c
> > > +++ b/app/test-eventdev/test_perf_common.c
> > > @@ -846,7 +846,7 @@ cryptodev_sym_sess_create(struct prod_data *p,
> > > struct test_perf *t) static void * cryptodev_asym_sess_create(struct
> > > prod_data *p, struct test_perf *t) {
> > > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > + const struct rte_cryptodev_asymmetric_capability *capability;
> > > struct rte_cryptodev_asym_capability_idx cap_idx;
> > > struct rte_crypto_asym_xform xform;
> > > void *sess;
> > > diff --git a/app/test/test_cryptodev_asym.c
> > > b/app/test/test_cryptodev_asym.c index 072dbb30f4..c531265642 100644
> > > --- a/app/test/test_cryptodev_asym.c
> > > +++ b/app/test/test_cryptodev_asym.c
> > > @@ -311,10 +311,11 @@ test_cryptodev_asym_op(struct
> > > crypto_testsuite_params_asym *ts_params,
> > > struct rte_crypto_asym_xform xform_tc;
> > > void *sess = NULL;
> > > struct rte_cryptodev_asym_capability_idx cap_idx;
> > > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > + const struct rte_cryptodev_asymmetric_capability *capability;
> > > uint8_t dev_id = ts_params->valid_devs[0];
> > > uint8_t input[TEST_DATA_SIZE] = {0};
> > > uint8_t *result = NULL;
> > > + struct rte_crypto_mod_capability mod_capa = {0};
> > >
> > > int ret, status = TEST_SUCCESS;
> > >
> > > @@ -358,8 +359,10 @@ test_cryptodev_asym_op(struct
> > > crypto_testsuite_params_asym *ts_params,
> > > asym_op->modex.base.length = data_tc->modex.base.len;
> > > asym_op->modex.result.data = result;
> > > asym_op->modex.result.length = data_tc->modex.result_len;
> > > - if
> > > (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> > > - xform_tc.modex.modulus.length)) {
> > > +
> > > + mod_capa.max_mod_size = xform_tc.modex.modulus.length;
> > > + if (!rte_cryptodev_capa_check_mod(capability,
> > > + mod_capa)) {
> > > snprintf(test_msg, ASYM_TEST_MSG_LEN,
> > > "line %u "
> > > "FAILED: %s", __LINE__,
> > > @@ -378,8 +381,10 @@ test_cryptodev_asym_op(struct
> > > crypto_testsuite_params_asym *ts_params,
> > > asym_op->modinv.base.length = data_tc->modinv.base.len;
> > > asym_op->modinv.result.data = result;
> > > asym_op->modinv.result.length = data_tc->modinv.result_len;
> > > - if
> > > (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> > > - xform_tc.modinv.modulus.length)) {
> > > +
> > > + mod_capa.max_mod_size = xform_tc.modinv.modulus.length;
> > > + if (!rte_cryptodev_capa_check_mod(capability,
> > > + mod_capa)) {
> > > snprintf(test_msg, ASYM_TEST_MSG_LEN,
> > > "line %u "
> > > "FAILED: %s", __LINE__,
> > > @@ -963,38 +968,100 @@ ut_teardown_asym(void)
> > > rte_cryptodev_stop(ts_params->valid_devs[0]);
> > > }
> > >
> > > -static inline void print_asym_capa(
> > > - const struct rte_cryptodev_asymmetric_xform_capability
> > > *capa)
> > > +static void
> > > +print_rsa_capability(
> > > + const struct rte_cryptodev_asymmetric_capability *capa)
> > > {
> > > int i = 0;
> > >
> > > + printf("\nSupported paddings:");
> > > + for (; i < 32; i++) {
> > > + if (capa->rsa.padding & RTE_BIT32(i))
> > > + printf("\n - %s", rte_crypto_asym_rsa_padding[i]);
> > > + }
> > > + printf("\nSupported hash functions:");
> > > + for (i = 0; i < 32; i++) {
> > > + if (capa->rsa.hash & RTE_BIT32(i))
> > > + printf("\n - %s", rte_crypto_auth_algorithm_strings[i]);
> > > + }
> > > + printf("\nMaximum key size: ");
> > > + if (capa->rsa.max_key_size == 0)
> > > + printf("Unlimited");
> > > + else
> > > + printf("%hu", capa->rsa.max_key_size); }
> > > +
> > > +static void
> > > +print_supported_curves(uint64_t curves) {
> > > + int i = 0;
> > > +
> > > + printf("\nSupported elliptic curves:");
> > > + for (; i < 64; i++) {
> > > + if (curves & RTE_BIT64(i))
> > > + printf("\n - %s", rte_crypto_curves_strings[i]);
> > > + }
> > > +}
> > > +
> > > +static inline void print_asym_capa(
> > > + const struct rte_cryptodev_asymmetric_capability *capa) {
> > > printf("\nxform type: %s\n===================\n",
> > > rte_crypto_asym_xform_strings[capa->xform_type]);
> > > - printf("operation supported -");
> > >
> > > - for (i = 0; i < RTE_CRYPTO_ASYM_OP_LIST_END; i++) {
> > > - /* check supported operations */
> > > - if (rte_cryptodev_asym_xform_capability_check_optype(capa,
> > > i))
> > > - printf(" %s",
> > > - rte_crypto_asym_op_strings[i]);
> > > - }
> > > - switch (capa->xform_type) {
> > > - case RTE_CRYPTO_ASYM_XFORM_RSA:
> > > - case RTE_CRYPTO_ASYM_XFORM_MODINV:
> > > - case RTE_CRYPTO_ASYM_XFORM_MODEX:
> > > - case RTE_CRYPTO_ASYM_XFORM_DH:
> > > - case RTE_CRYPTO_ASYM_XFORM_DSA:
> > > - printf(" modlen: min %d max %d increment %d",
> > > - capa->modlen.min,
> > > - capa->modlen.max,
> > > - capa->modlen.increment);
> > > + switch (capa->xform_type) {
> > > + case RTE_CRYPTO_ASYM_XFORM_MODEX:
> > > + case RTE_CRYPTO_ASYM_XFORM_MODINV:
> > > + printf("Maximum size of modulus: ");
> > > + if (capa->mod.max_mod_size == 0)
> > > + printf("Unlimited");
> > > + else
> > > + printf("%hu", capa->mod.max_mod_size);
> > > break;
> > > - case RTE_CRYPTO_ASYM_XFORM_ECDSA:
> > > - case RTE_CRYPTO_ASYM_XFORM_ECPM:
> > > - default:
> > > - break;
> > > - }
> > > - printf("\n");
> > > + case RTE_CRYPTO_ASYM_XFORM_RSA:
> > > + print_rsa_capability(capa);
> > > + break;
> > > + case RTE_CRYPTO_ASYM_XFORM_DH:
> >
> > ECDH?? I hope it will be added once it is tested in this app.
> >
> > > + printf("Maximum group size: ");
> > > + if (capa->dh.max_group_size == 0)
> > > + printf("Unlimited");
> > > + else
> > > + printf("%hu", capa->dh.max_group_size);
> > > + printf("\nSupport for private key generation: ");
> > > + if (capa->dh.priv_key_gen)
> > > + printf("Yes");
> > > + else
> > > + printf("No");
> > > + break;
> > > + case RTE_CRYPTO_ASYM_XFORM_DSA:
> > > + printf("Maximum key size: ");
> > > + if (capa->dsa.max_key_size == 0)
> > > + printf("Unlimited");
> > > + else
> > > + printf("%hu", capa->dsa.max_key_size);
> > > + printf("\nSupport for random 'k' generation: ");
> > > + if (capa->dsa.random_k)
> > > + printf("Yes");
> > > + else
> > > + printf("No");
> > > + break;
> > > +
> > > + break;
> > > + case RTE_CRYPTO_ASYM_XFORM_ECDSA:
> > > + print_supported_curves(capa->ecdsa.curves);
> > > + printf("\nSupport for random 'k' generation: ");
> > > + if (capa->ecdsa.random_k)
> > > + printf("Yes");
> > > + else
> > > + printf("No");
> > > + break;
> > > + case RTE_CRYPTO_ASYM_XFORM_ECPM:
> > > + print_supported_curves(capa->ecpm.curves);
> > > + break;
> > > + default:
> > > + break;
> > > + }
> > > + printf("\n");
> > > }
> > >
> > > static int
> > > @@ -1006,7 +1073,7 @@ test_capability(void)
> > > const struct rte_cryptodev_capabilities *dev_capa;
> > > int i = 0;
> > > struct rte_cryptodev_asym_capability_idx idx;
> > > - const struct rte_cryptodev_asymmetric_xform_capability *capa;
> > > + const struct rte_cryptodev_asymmetric_capability *capa;
> > >
> > > rte_cryptodev_info_get(dev_id, &dev_info);
> > > if (!(dev_info.feature_flags &
> > > @@ -1023,7 +1090,7 @@ test_capability(void)
> > > dev_capa = &(dev_info.capabilities[i]);
> > > if (dev_info.capabilities[i].op ==
> > > RTE_CRYPTO_OP_TYPE_ASYMMETRIC) {
> > > - idx.type = dev_capa->asym.xform_capa.xform_type;
> > > + idx.type = dev_capa->asym.xform_type;
> > >
> > > capa = rte_cryptodev_asym_capability_get(dev_id,
> > > (const struct
> > > @@ -1386,10 +1453,11 @@ test_mod_inv(void)
> > > void *sess = NULL;
> > > int status = TEST_SUCCESS;
> > > struct rte_cryptodev_asym_capability_idx cap_idx;
> > > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > + const struct rte_cryptodev_asymmetric_capability *capability;
> > > uint8_t input[TEST_DATA_SIZE] = {0};
> > > int ret = 0;
> > > uint8_t result[sizeof(mod_p)] = { 0 };
> > > + struct rte_crypto_mod_capability mod_capa = {0};
> > >
> > > if (rte_cryptodev_asym_get_xform_enum(
> > > &modinv_xform.xform_type, "modinv") < 0) { @@ -1408,13
> > +1476,11 @@
> > > test_mod_inv(void)
> > > return TEST_SKIPPED;
> > > }
> > >
> > > - if (rte_cryptodev_asym_xform_capability_check_modlen(
> > > - capability,
> > > - modinv_xform.modinv.modulus.length)) {
> > > - RTE_LOG(ERR, USER1,
> > > - "Invalid MODULUS length specified\n");
> > > - return TEST_SKIPPED;
> > > - }
> > > + mod_capa.max_mod_size = modinv_xform.modinv.modulus.length;
> > > + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> > > + RTE_LOG(ERR, USER1, "Invalid MODULUS length specified\n");
> > > + return TEST_SKIPPED;
> > > + }
> > >
> > > ret = rte_cryptodev_asym_session_create(dev_id, &modinv_xform,
> > > sess_mpool, &sess);
> > > if (ret < 0) {
> > > @@ -1499,7 +1565,8 @@ test_mod_exp(void)
> > > void *sess = NULL;
> > > int status = TEST_SUCCESS;
> > > struct rte_cryptodev_asym_capability_idx cap_idx;
> > > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > + const struct rte_cryptodev_asymmetric_capability *capability;
> > > + struct rte_crypto_mod_capability mod_capa = {0};
> > > uint8_t input[TEST_DATA_SIZE] = {0};
> > > int ret = 0;
> > > uint8_t result[sizeof(mod_p)] = { 0 }; @@ -1522,12 +1589,11 @@
> > > test_mod_exp(void)
> > > return TEST_SKIPPED;
> > > }
> > >
> > > - if (rte_cryptodev_asym_xform_capability_check_modlen(
> > > - capability, modex_xform.modex.modulus.length)) {
> > > - RTE_LOG(ERR, USER1,
> > > - "Invalid MODULUS length specified\n");
> > > - return TEST_SKIPPED;
> > > - }
> > > + mod_capa.max_mod_size = modex_xform.modex.modulus.length;
> > > + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> > > + RTE_LOG(ERR, USER1, "Invalid MODULUS length specified\n");
> > > + return TEST_SKIPPED;
> > > + }
> > >
> > > /* Create op, create session, and process packets. 8< */
> > > op = rte_crypto_op_alloc(op_mpool,
> > > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > > @@ -1785,6 +1851,8 @@ test_ecdsa_sign_verify(enum curve curve_id)
> > > struct rte_crypto_asym_xform xform;
> > > struct rte_crypto_asym_op *asym_op;
> > > struct rte_cryptodev_info dev_info;
> > > + struct rte_cryptodev_asym_capability_idx idx;
> > > + const struct rte_cryptodev_asymmetric_capability *capabilities;
> > > struct rte_crypto_op *op = NULL;
> > > int ret, status = TEST_SUCCESS;
> > >
> > > @@ -1814,6 +1882,25 @@ test_ecdsa_sign_verify(enum curve curve_id)
> > >
> > > rte_cryptodev_info_get(dev_id, &dev_info);
> > >
> > > + struct rte_crypto_ecdsa_capability capa = {
> > > + .curves = RTE_BIT32(input_params.curve),
> > > + .random_k = 0
> > > + };
> > > +
> > > + idx.type = RTE_CRYPTO_ASYM_XFORM_ECDSA;
> > > + capabilities = rte_cryptodev_asym_capability_get(dev_id,
> > > + (const struct
> > > + rte_cryptodev_asym_capability_idx *) &idx);
> > > +
> > > + if (capabilities == NULL) {
> > > + status = TEST_SKIPPED;
> > > + goto exit;
> > > + }
> > > + if (!rte_cryptodev_capa_check_ecdsa(capabilities, capa)) {
> > > + status = TEST_SKIPPED;
> > > + goto exit;
> > > + }
> > > +
> > > /* Setup crypto op data structure */
> > > op = rte_crypto_op_alloc(op_mpool,
> > > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > > if (op == NULL) {
> > > @@ -1962,6 +2049,8 @@ test_ecdsa_sign_verify_all_curve(void)
> > > status = test_ecdsa_sign_verify(curve_id);
> > > if (status == TEST_SUCCESS) {
> > > msg = "succeeded";
> > > + } else if (status == TEST_SKIPPED) {
> > > + continue;
> > > } else {
> > > msg = "failed";
> > > overall_status = status;
> > > @@ -1987,6 +2076,8 @@ test_ecpm(enum curve curve_id)
> > > struct rte_crypto_asym_xform xform;
> > > struct rte_crypto_asym_op *asym_op;
> > > struct rte_cryptodev_info dev_info;
> > > + struct rte_cryptodev_asym_capability_idx idx;
> > > + const struct rte_cryptodev_asymmetric_capability *capabilities;
> > > struct rte_crypto_op *op = NULL;
> > > int ret, status = TEST_SUCCESS;
> > >
> > > @@ -2016,6 +2107,24 @@ test_ecpm(enum curve curve_id)
> > >
> > > rte_cryptodev_info_get(dev_id, &dev_info);
> > >
> > > + struct rte_crypto_ecdsa_capability capa = {
> > > + .curves = RTE_BIT32(input_params.curve)
> > > + };
> > > +
> > > + idx.type = RTE_CRYPTO_ASYM_XFORM_ECPM;
> > > + capabilities = rte_cryptodev_asym_capability_get(dev_id,
> > > + (const struct
> > > + rte_cryptodev_asym_capability_idx *) &idx);
> > > +
> > > + if (capabilities == NULL) {
> > > + status = TEST_SKIPPED;
> > > + goto exit;
> > > + }
> > > + if (!rte_cryptodev_capa_check_ecdsa(capabilities, capa)) {
> > > + status = TEST_SKIPPED;
> > > + goto exit;
> > > + }
> > > +
> > > /* Setup crypto op data structure */
> > > op = rte_crypto_op_alloc(op_mpool,
> > > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > > if (op == NULL) {
> > > @@ -2124,6 +2233,8 @@ test_ecpm_all_curve(void)
> > > status = test_ecpm(curve_id);
> > > if (status == TEST_SUCCESS) {
> > > msg = "succeeded";
> > > + } else if (status == TEST_SKIPPED) {
> > > + continue;
> > > } else {
> > > msg = "failed";
> > > overall_status = status;
> > > @@ -2162,7 +2273,12 @@ static struct unit_test_suite
> > > cryptodev_qat_asym_testsuite = {
> > > .setup = testsuite_setup,
> > > .teardown = testsuite_teardown,
> > > .unit_test_cases = {
> > > + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > > test_capability),
> > > TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > test_one_by_one),
> > > + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > > + test_ecdsa_sign_verify_all_curve),
> > > + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > > + test_ecpm_all_curve),
> > > TEST_CASES_END() /**< NULL terminate unit test array */
> > > }
> > > };
> >
> > I think patch need to be split for adding test app changes.
> >
> >
> > > diff --git a/app/test/test_event_crypto_adapter.c
> > > b/app/test/test_event_crypto_adapter.c
> > > index 2ecc7e2cea..9a62241371 100644
> > > --- a/app/test/test_event_crypto_adapter.c
> > > +++ b/app/test/test_event_crypto_adapter.c
> > > @@ -450,7 +450,7 @@ test_session_with_op_forward_mode(void)
> > > static int
> > > test_asym_op_forward_mode(uint8_t session_less) {
> > > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > + const struct rte_cryptodev_asymmetric_capability *capability;
> > > struct rte_cryptodev_asym_capability_idx cap_idx;
> > > struct rte_crypto_asym_xform xform_tc;
> > > union rte_event_crypto_metadata m_data; @@ -458,6 +458,7 @@
> > > test_asym_op_forward_mode(uint8_t session_less)
> > > struct rte_crypto_asym_op *asym_op;
> > > struct rte_crypto_op *op;
> > > uint8_t input[4096] = {0};
> > > + struct rte_crypto_mod_capability mod_capa = {0};
> > > uint8_t *result = NULL;
> > > struct rte_event ev;
> > > void *sess = NULL;
> > > @@ -503,8 +504,9 @@ test_asym_op_forward_mode(uint8_t session_less)
> > > asym_op->modex.base.length = modex_test_case.base.len;
> > > asym_op->modex.result.data = result;
> > > asym_op->modex.result.length = modex_test_case.result_len;
> > > - if (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> > > - xform_tc.modex.modulus.length)) {
> > > +
> > > + mod_capa.max_mod_size = xform_tc.modex.modulus.length;
> > > + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> > > RTE_LOG(INFO, USER1,
> > > "line %u FAILED: %s", __LINE__,
> > > "Invalid MODULUS length specified"); @@ -784,7
> > +786,7 @@
> > > test_session_with_op_new_mode(void)
> > > static int
> > > test_asym_op_new_mode(uint8_t session_less) {
> > > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > + const struct rte_cryptodev_asymmetric_capability *capability;
> > > struct rte_cryptodev_asym_capability_idx cap_idx;
> > > struct rte_crypto_asym_xform xform_tc;
> > > union rte_event_crypto_metadata m_data; @@ -792,6 +794,7 @@
> > > test_asym_op_new_mode(uint8_t session_less)
> > > struct rte_crypto_asym_op *asym_op;
> > > struct rte_crypto_op *op;
> > > uint8_t input[4096] = {0};
> > > + struct rte_crypto_mod_capability mod_capa = {0};
> >
> > Can you move this above to maintain reverse Xmas tree?
> >
> > > uint8_t *result = NULL;
> > > void *sess = NULL;
> > > uint32_t cap;
> > > @@ -835,8 +838,9 @@ test_asym_op_new_mode(uint8_t session_less)
> > > asym_op->modex.base.length = modex_test_case.base.len;
> > > asym_op->modex.result.data = result;
> > > asym_op->modex.result.length = modex_test_case.result_len;
> > > - if (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> > > - xform_tc.modex.modulus.length)) {
> > > +
> > > + mod_capa.max_mod_size = xform_tc.modex.modulus.length;
> > > + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> > > RTE_LOG(INFO, USER1,
> > > "line %u FAILED: %s", __LINE__,
> > > "Invalid MODULUS length specified"); diff --git
> > > a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > > b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > > index 16ec5e15eb..e734fc2a69 100644
> > > --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > > +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > > @@ -7,6 +7,7 @@
> > > #include <rte_common.h>
> > > #include <rte_malloc.h>
> > > #include <cryptodev_pmd.h>
> > > +#include <rte_bitops.h>
> > >
> > > #include "openssl_pmd_private.h"
> > > #include "compat.h"
> > > @@ -470,103 +471,82 @@ static const struct rte_cryptodev_capabilities
> > > openssl_pmd_capabilities[] = {
> > > }, }
> > > }, }
> > > },
> > > - { /* RSA */
> > > + { /* Modular exponentiation */
> > > .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > {.asym = {
> > > - .xform_capa = {
> > > - .xform_type =
> > > RTE_CRYPTO_ASYM_XFORM_RSA,
> > > - .op_types = ((1 <<
> > > RTE_CRYPTO_ASYM_OP_SIGN) |
> > > - (1 << RTE_CRYPTO_ASYM_OP_VERIFY)
> > > |
> > > - (1 <<
> > > RTE_CRYPTO_ASYM_OP_ENCRYPT) |
> > > - (1 <<
> > > RTE_CRYPTO_ASYM_OP_DECRYPT)),
> > > - {
> > > - .modlen = {
> > > - /* min length is based on openssl rsa keygen */
> > > - .min = 30,
> > > - /* value 0 symbolizes no limit on max length */
> > > - .max = 0,
> > > - .increment = 1
> > > - }, }
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
> > > + .mod = {
> > > + .max_mod_size = 0
> > > + }
> > > }
> > > - },
> > > }
> > > },
> > > - { /* modexp */
> > > + { /* Modular multiplicative inverse */
> > > .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > {.asym = {
> > > - .xform_capa = {
> > > - .xform_type =
> > > RTE_CRYPTO_ASYM_XFORM_MODEX,
> > > - .op_types = 0,
> > > - {
> > > - .modlen = {
> > > - /* value 0 symbolizes no limit on min length */
> > > - .min = 0,
> > > - /* value 0 symbolizes no limit on max length */
> > > - .max = 0,
> > > - .increment = 1
> > > - }, }
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
> > > + .mod = {
> > > + .max_mod_size = 0
> > > + }
> > > }
> > > - },
> > > }
> > > },
> > > - { /* modinv */
> > > + { /* RSA */
> > > .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > {.asym = {
> > > - .xform_capa = {
> > > - .xform_type =
> > > RTE_CRYPTO_ASYM_XFORM_MODINV,
> > > - .op_types = 0,
> > > - {
> > > - .modlen = {
> > > - /* value 0 symbolizes no limit on min length */
> > > - .min = 0,
> > > - /* value 0 symbolizes no limit on max length */
> > > - .max = 0,
> > > - .increment = 1
> > > - }, }
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
> > > + .rsa = {
> > > + .padding =
> > > +
> > > RTE_BIT32(RTE_CRYPTO_RSA_PADDING_NONE) |
> > > +
> > > RTE_BIT32(RTE_CRYPTO_RSA_PADDING_PKCS1_5),
> > > + .hash =
> > > + RTE_BIT32(RTE_CRYPTO_AUTH_MD5)
> > > |
> > > + RTE_BIT32(RTE_CRYPTO_AUTH_SHA1)
> > > |
> > > +
> > > RTE_BIT32(RTE_CRYPTO_AUTH_SHA224) |
> > > +
> > > RTE_BIT32(RTE_CRYPTO_AUTH_SHA256) |
> > > +
> > > RTE_BIT32(RTE_CRYPTO_AUTH_SHA384) |
> > > +
> > > RTE_BIT32(RTE_CRYPTO_AUTH_SHA512),
> > > + .max_key_size = 0
> > > + }
> > > }
> > > - },
> > > }
> > > },
> > > - { /* dh */
> > > + { /* Diffie-Hellman */
> > > .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > {.asym = {
> > > - .xform_capa = {
> > > - .xform_type =
> > > RTE_CRYPTO_ASYM_XFORM_DH,
> > > - .op_types =
> > > -
> > > ((1<<RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE) |
> > > - (1 <<
> > > RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE |
> > > - (1 <<
> > > -
> > > RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE))),
> > > - {
> > > - .modlen = {
> > > - /* value 0 symbolizes no limit on min length */
> > > - .min = 0,
> > > - /* value 0 symbolizes no limit on max length */
> > > - .max = 0,
> > > - .increment = 1
> > > - }, }
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_DH,
> > > + .dh = {
> > > + .max_group_size = 0,
> > > + .priv_key_gen = 1
> > > + }
> > > }
> > > - },
> > > }
> > > },
> > > - { /* dsa */
> > > + { /* DSA */
> > > .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > {.asym = {
> > > - .xform_capa = {
> > > - .xform_type =
> > > RTE_CRYPTO_ASYM_XFORM_DSA,
> > > - .op_types =
> > > - ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
> > > - (1 << RTE_CRYPTO_ASYM_OP_VERIFY)),
> > > - {
> > > - .modlen = {
> > > - /* value 0 symbolizes no limit on min length */
> > > - .min = 0,
> > > - /* value 0 symbolizes no limit on max length */
> > > - .max = 0,
> > > - .increment = 1
> > > - }, }
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA,
> > > + .dsa = {
> > > + .max_key_size = 0,
> > > + .random_k = 1
> > > + }
> > > + }
> > > + }
> > > + },
> > > + { /* ECDSA */
> > > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > + {.asym = {
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
> > > + .ecdsa = {
> > > + .curves =
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP192R1) |
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP224R1) |
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP384R1) |
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1),
> > > + .random_k = 1
> > > + }
> > > }
> > > - },
> > > }
> > > },
> > >
> >
> > Do not combine PMD changes for capabilities in cryptodev patch for new APIs.
> >
> >
> > > diff --git a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> > > b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> > > index 4499fdaf2d..d5144bca84 100644
> > > --- a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> > > +++ b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> > > @@ -28,16 +28,64 @@ struct rte_cryptodev_ops
> qat_asym_crypto_ops_gen1
> > > = { };
> > >
> > > static struct rte_cryptodev_capabilities qat_asym_crypto_caps_gen1[] = {
> > > - QAT_ASYM_CAP(MODEX,
> > > - 0, 1, 512, 1),
> > > - QAT_ASYM_CAP(MODINV,
> > > - 0, 1, 512, 1),
> > > - QAT_ASYM_CAP(RSA,
> > > - ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
> > > - (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
> > > - (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
> > > - (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
> > > - 64, 512, 64),
> > > + { /* Modular exponentiation */
> > > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > + {.asym = {
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
> > > + .mod = {
> > > + .max_mod_size = 4096
> > > + }
> > > + }
> > > + }
> > > + },
> > > + { /* Modular multiplicative inverse */
> > > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > + {.asym = {
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
> > > + .mod = {
> > > + .max_mod_size = 4096
> > > + }
> > > + }
> > > + }
> > > + },
> > > + { /* RSA */
> > > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > + {.asym = {
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
> > > + .rsa = {
> > > + .padding =
> > > +
> > > RTE_BIT32(RTE_CRYPTO_RSA_PADDING_NONE),
> > > + .hash = 0,
> > > + .max_key_size = 4096
> > > + }
> > > + }
> > > + }
> > > + },
> > > + { /* ECDSA */
> > > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > + {.asym = {
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
> > > + .ecdsa = {
> > > + .curves =
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1),
> > > + .random_k = 0
> > > + }
> > > + }
> > > + }
> > > + },
> > > + { /* ECPM */
> > > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > + {.asym = {
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_ECPM,
> > > + .ecdsa = {
> > > + .curves =
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1)
> > > + }
> > > + }
> > > + }
> > > + },
> > > RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
> > > };
> > >
> > > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > > b/lib/cryptodev/rte_crypto_asym.h index d90a7a1957..41b22450d3 100644
> > > --- a/lib/cryptodev/rte_crypto_asym.h
> > > +++ b/lib/cryptodev/rte_crypto_asym.h
> > > @@ -41,6 +41,14 @@ rte_crypto_asym_ke_strings[]; extern const char *
> > > rte_crypto_asym_op_strings[];
> > >
> > > +/** RSA padding type name strings */
> > > +extern const char *
> > > +rte_crypto_asym_rsa_padding[];
> >
> > rte_crypto_asym_rsa_padding_strings
> >
> > > +
> > > +/** Elliptic curves name strings */
> > > +extern const char *
> > > +rte_crypto_curves_strings[];
> > > +
> > > /**
> > > * Buffer to hold crypto params required for asym operations.
> > > *
> > > @@ -265,6 +273,46 @@ struct rte_crypto_rsa_padding {
> > > */
> > > };
> > >
> > > +struct rte_crypto_mod_capability {
> > > + uint16_t max_mod_size;
> > > + /**< Maximum supported modulus size in bytes, 0 means no limit */ };
> > > +
> > > +struct rte_crypto_rsa_capability {
> > > + uint32_t padding;
> > > + /**< List of supported paddings */
> > How is this list supposed to work?
> > I believe this should be enum to specify a single value.
> > Driver can maintain a static array to list all supported ones.
> > And application can query if a particular capability which it intend to use Is
> > supported by the PMD.
> >
> > > + uint32_t hash;
> > > + /**< List of supported hash functions */
> > Same comment here as well
> >
> > > + uint32_t max_key_size;
> > > + /**< Maximum supported key size in bytes, 0 means no limit */ };
> > > +
> > > +struct rte_crypto_dh_capability {
> > > + uint16_t max_group_size;
> > > + /**< Maximum group in bytes, 0 means no limit */
> > Maximum group size in bytes ...
> >
> > > + uint8_t priv_key_gen;
> > > + /**< Does PMD supports private key generation generation */
> > Is it a flag? Please comment it properly.
> >
> > > +};
> > > +
> > > +struct rte_crypto_dsa_capability {
> > > + uint16_t max_key_size;
> > > + /**< Maximum supported key size in bytes, 0 means no limit */
> > > + uint8_t random_k;
> > > + /**< Does PMD supports random 'k' generation */
> >
> > Comments should not ask questions.
> >
> > > +};
> > > +
> > > +struct rte_crypto_ecdsa_capability {
> > > + uint64_t curves;
> > > + /**< Supported elliptic curve ids */
> > Shouldn't this also be enum?
> >
> > > + uint8_t random_k;
> > > + /**< Does PMD supports random 'k' generation */
> >
> > Same comment as above.
> > > +};
> > > +
> > > +struct rte_crypto_ecpm_capability {
> > > + uint64_t curves;
> > > + /**< Supported elliptic curve ids */
> >
> > Enum??
> >
> > > +};
> > > +
> > > /**
> > > * Asymmetric RSA transform data
> > > *
> > > diff --git a/lib/cryptodev/rte_cryptodev.c
> > > b/lib/cryptodev/rte_cryptodev.c index 57ee6b3f07..b1ad1112fe 100644
> > > --- a/lib/cryptodev/rte_cryptodev.c
> > > +++ b/lib/cryptodev/rte_cryptodev.c
> > > @@ -190,6 +190,27 @@ const char *rte_crypto_asym_ke_strings[] = { };
> > >
> > > /**
> > > + * RSA padding string identifiers
> > > + */
> > > +const char *rte_crypto_asym_rsa_padding[] = {
> > > + [RTE_CRYPTO_RSA_PADDING_NONE] =
> > > "RTE_CRYPTO_RSA_PADDING_NONE",
> > > + [RTE_CRYPTO_RSA_PADDING_PKCS1_5] =
> > > "RTE_CRYPTO_RSA_PADDING_PKCS1_5",
> > > + [RTE_CRYPTO_RSA_PADDING_OAEP] =
> > > "RTE_CRYPTO_RSA_PADDING_OAEP",
> > > + [RTE_CRYPTO_RSA_PADDING_PSS] =
> > > "RTE_CRYPTO_RSA_PADDING_PSS"
> > > +};
> > > +
> > > +/**
> > > + * Elliptic curves string identifiers */ const char
> > > +*rte_crypto_curves_strings[] = {
> > > + [RTE_CRYPTO_EC_GROUP_SECP192R1] =
> > > "RTE_CRYPTO_EC_GROUP_SECP192R1",
> > > + [RTE_CRYPTO_EC_GROUP_SECP224R1] =
> > > "RTE_CRYPTO_EC_GROUP_SECP224R1",
> > > + [RTE_CRYPTO_EC_GROUP_SECP256R1] =
> > > "RTE_CRYPTO_EC_GROUP_SECP256R1",
> > > + [RTE_CRYPTO_EC_GROUP_SECP384R1] =
> > > "RTE_CRYPTO_EC_GROUP_SECP384R1",
> > > + [RTE_CRYPTO_EC_GROUP_SECP521R1] =
> > > "RTE_CRYPTO_EC_GROUP_SECP521R1",
> > > +};
> > > +
> > > +/**
> > > * The private data structure stored in the sym session mempool private
> data.
> > > */
> > > struct rte_cryptodev_sym_session_pool_private_data { @@ -347,7 +368,7
> > > @@ param_range_check(uint16_t size, const struct
> > > rte_crypto_param_range *range)
> > > return -1;
> > > }
> > >
> > > -const struct rte_cryptodev_asymmetric_xform_capability *
> > > +const struct rte_cryptodev_asymmetric_capability *
> > > rte_cryptodev_asym_capability_get(uint8_t dev_id,
> > > const struct rte_cryptodev_asym_capability_idx *idx) { @@ -
> > 363,8
> > > +384,8 @@ rte_cryptodev_asym_capability_get(uint8_t dev_id,
> > > if (capability->op != RTE_CRYPTO_OP_TYPE_ASYMMETRIC)
> > > continue;
> > >
> > > - if (capability->asym.xform_capa.xform_type == idx->type)
> > > - return &capability->asym.xform_capa;
> > > + if (capability->asym.xform_type == idx->type)
> > > + return &capability->asym;
> > > }
> > > return NULL;
> > > };
> > > @@ -456,6 +477,59 @@
> > rte_cryptodev_asym_xform_capability_check_modlen(
> > > return 0;
> > > }
> > >
> > > +int
> > > +rte_cryptodev_capa_check_mod(
> >
> > API name should be rte_cryptodev_mod_capa_check Verb should come in the
> > end.
> > Fix other APIs also.
> >
> > > + const struct rte_cryptodev_asymmetric_capability *capa,
> > > + struct rte_crypto_mod_capability mod) {
> > > + if (capa->mod.max_mod_size == 0)
> > > + return 1;
> > > +
> > > + if (mod.max_mod_size <= capa->mod.max_mod_size)
> > > + return 1;
> > > + else
> > > + return 0;
> > > +}
> > > +
> > > +int
> > > +rte_cryptodev_capa_check_rsa(
> > > + const struct rte_cryptodev_asymmetric_capability *capa,
> > > + struct rte_crypto_rsa_capability rsa) {
> > > + if (rsa.padding != (capa->rsa.padding & rsa.padding))
> > > + return 0;
> > > + if (rsa.hash != (capa->rsa.hash & rsa.hash))
> > > + return 0;
> > > + if (capa->rsa.max_key_size == 0)
> > > + return 1;
> > > + if (rsa.max_key_size <= capa->rsa.max_key_size)
> > > + return 1;
> > > + else
> > > + return 0;
> > > +}
> >
> > Can we have something similar to symmetric crypto/rte_security capabilities?
> In what way similar? There are mostly range checks in symmetric.
Please ignore this comment, I misinterpreted xforms with algos.
For each of the xforms we can have separate API to check.
All algos in that particular xform can be clubbed in same API.
> >
> > > +
> > > +int
> > > +rte_cryptodev_capa_check_ecdsa(
> > > + const struct rte_cryptodev_asymmetric_capability *capa,
> > > + struct rte_crypto_ecdsa_capability ecdsa) {
> > > + if (ecdsa.curves != (capa->ecdsa.curves & ecdsa.curves))
> > > + return 0;
> > > + if (ecdsa.random_k == 1 && capa->ecdsa.random_k == 0)
> > > + return 0;
> > > + return 1;
> > > +}
> > > +
> > > +int
> > > +rte_cryptodev_capa_check_ecpm(
> > > + const struct rte_cryptodev_asymmetric_capability *capa,
> > > + struct rte_crypto_ecpm_capability ecpm) {
> > > + if (ecpm.curves != (capa->ecpm.curves & ecpm.curves))
> > > + return 0;
> > > + return 1;
> > > +}
> > > +
> > > /* spinlock for crypto device enq callbacks */ static rte_spinlock_t
> > > rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
> > >
> > > diff --git a/lib/cryptodev/rte_cryptodev.h
> > > b/lib/cryptodev/rte_cryptodev.h index 2c2c2edeb7..6c5bd819b2 100644
> > > --- a/lib/cryptodev/rte_cryptodev.h
> > > +++ b/lib/cryptodev/rte_cryptodev.h
> > > @@ -184,6 +184,19 @@ struct rte_cryptodev_asymmetric_xform_capability
> {
> > > *
> > > */
> > > struct rte_cryptodev_asymmetric_capability {
> > > + enum rte_crypto_asym_xform_type xform_type;
> > > + /**< Asymmetric transform type */
> > > + uint32_t op_types;
> > > + /**< bitmask for supported rte_crypto_asym_op_type */
> > > + union {
> > > + struct rte_crypto_mod_capability mod;
> > > + struct rte_crypto_rsa_capability rsa;
> > > + struct rte_crypto_dh_capability dh;
> > > + struct rte_crypto_dsa_capability dsa;
> > > + struct rte_crypto_ecdsa_capability ecdsa;
> > > + struct rte_crypto_ecpm_capability ecpm;
> > > + };
> > > +
> > > struct rte_cryptodev_asymmetric_xform_capability xform_capa; };
> > >
> > > @@ -247,7 +260,7 @@ rte_cryptodev_sym_capability_get(uint8_t dev_id,
> > > * - Return NULL if the capability not exist.
> > > */
> > > __rte_experimental
> > > -const struct rte_cryptodev_asymmetric_xform_capability *
> > > +const struct rte_cryptodev_asymmetric_capability *
> > > rte_cryptodev_asym_capability_get(uint8_t dev_id,
> > > const struct rte_cryptodev_asym_capability_idx *idx);
> > >
> > > @@ -339,6 +352,66 @@
> > rte_cryptodev_asym_xform_capability_check_modlen(
> > > uint16_t modlen);
> > >
> > > /**
> > > + * Check if requested Modexp features are supported
> > > + *
> > > + * @param capability Description of the asymmetric crypto
> > > capability.
> > > + * @param mod Modexp requested capability.
> > > + *
> > > + * @return
> > > + * - Return 1 if the parameters are in range of the capability.
> > > + * - Return 0 if the parameters are out of range of the capability.
> > > + */
> > > +__rte_experimental
> > > +int
> > > +rte_cryptodev_capa_check_mod(
> > > + const struct rte_cryptodev_asymmetric_capability *capa,
> > > + struct rte_crypto_mod_capability mod);
> > > +/**
> > > + * Check if requested RSA features are supported
> > > + *
> > > + * @param capability Description of the asymmetric crypto
> > > capability.
> > > + * @param rsa RSA requested capability.
> > > + *
> > > + * @return
> > > + * - Return 1 if the parameters are in range of the capability.
> > > + * - Return 0 if the parameters are out of range of the capability.
> > > + */
> > > +__rte_experimental
> > > +int
> > > +rte_cryptodev_capa_check_rsa(
> > > + const struct rte_cryptodev_asymmetric_capability *capa,
> > > + struct rte_crypto_rsa_capability rsa);
> > > +/**
> > > + * Check if requested ECDSA features are supported
> > > + *
> > > + * @param capability Description of the asymmetric crypto
> > > capability.
> > > + * @param ecdsa ECDSA requested capability.
> > > + *
> > > + * @return
> > > + * - Return 1 if the parameters are in range of the capability.
> > > + * - Return 0 if the parameters are out of range of the capability.
> > > + */
> > > +__rte_experimental
> > > +int
> > > +rte_cryptodev_capa_check_ecdsa(
> > > + const struct rte_cryptodev_asymmetric_capability *capa,
> > > + struct rte_crypto_ecdsa_capability ecdsa);
> > > +/**
> > > + * Check if requested ECPM features are supported
> > > + *
> > > + * @param capability Description of the asymmetric crypto
> > > capability.
> > > + * @param ecpm ECPM requested capability.
> > > + *
> > > + * @return
> > > + * - Return 1 if the parameters are in range of the capability.
> > > + * - Return 0 if the parameters are out of range of the capability.
> > > + */
> > > +__rte_experimental
> > > +int
> > > +rte_cryptodev_capa_check_ecpm(
> > > + const struct rte_cryptodev_asymmetric_capability *capa,
> > > + struct rte_crypto_ecpm_capability ecpm);
> > > +/**
> > > * Provide the cipher algorithm enum, given an algorithm string
> > > *
> > > * @param algo_enum A pointer to the cipher algorithm
> > > diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
> > > index f0abfaa47d..4d93b9a947 100644
> > > --- a/lib/cryptodev/version.map
> > > +++ b/lib/cryptodev/version.map
> > > @@ -108,6 +108,10 @@ EXPERIMENTAL {
> > >
> > > #added in 22.07
> > > rte_cryptodev_session_event_mdata_set;
> > > + rte_cryptodev_capa_check_mod;
> > > + rte_cryptodev_capa_check_rsa;
> > > + rte_cryptodev_capa_check_ecdsa;
> > > + rte_cryptodev_capa_check_ecpm;
> > > };
> > >
> > > INTERNAL {
> > > --
> > > 2.13.6
@@ -364,8 +364,8 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
struct rte_cryptodev_sym_capability_idx cap_idx;
const struct rte_cryptodev_symmetric_capability *capability;
struct rte_cryptodev_asym_capability_idx asym_cap_idx;
- const struct rte_cryptodev_asymmetric_xform_capability *asym_capability;
-
+ const struct rte_cryptodev_asymmetric_capability *asym_capability;
+ struct rte_crypto_mod_capability mod_capa = {0};
uint8_t i, cdev_id;
int ret;
@@ -381,11 +381,11 @@ cperf_verify_devices_capabilities(struct cperf_options *opts,
if (asym_capability == NULL)
return -1;
- ret = rte_cryptodev_asym_xform_capability_check_modlen(
- asym_capability, opts->modex_data->modulus.len);
- if (ret != 0)
+ mod_capa.max_mod_size = opts->modex_data->modulus.len;
+ ret = rte_cryptodev_capa_check_mod(asym_capability,
+ mod_capa);
+ if (ret == 0)
return ret;
-
}
if (opts->op_type == CPERF_AUTH_ONLY ||
@@ -846,7 +846,7 @@ cryptodev_sym_sess_create(struct prod_data *p, struct test_perf *t)
static void *
cryptodev_asym_sess_create(struct prod_data *p, struct test_perf *t)
{
- const struct rte_cryptodev_asymmetric_xform_capability *capability;
+ const struct rte_cryptodev_asymmetric_capability *capability;
struct rte_cryptodev_asym_capability_idx cap_idx;
struct rte_crypto_asym_xform xform;
void *sess;
@@ -311,10 +311,11 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym *ts_params,
struct rte_crypto_asym_xform xform_tc;
void *sess = NULL;
struct rte_cryptodev_asym_capability_idx cap_idx;
- const struct rte_cryptodev_asymmetric_xform_capability *capability;
+ const struct rte_cryptodev_asymmetric_capability *capability;
uint8_t dev_id = ts_params->valid_devs[0];
uint8_t input[TEST_DATA_SIZE] = {0};
uint8_t *result = NULL;
+ struct rte_crypto_mod_capability mod_capa = {0};
int ret, status = TEST_SUCCESS;
@@ -358,8 +359,10 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym *ts_params,
asym_op->modex.base.length = data_tc->modex.base.len;
asym_op->modex.result.data = result;
asym_op->modex.result.length = data_tc->modex.result_len;
- if (rte_cryptodev_asym_xform_capability_check_modlen(capability,
- xform_tc.modex.modulus.length)) {
+
+ mod_capa.max_mod_size = xform_tc.modex.modulus.length;
+ if (!rte_cryptodev_capa_check_mod(capability,
+ mod_capa)) {
snprintf(test_msg, ASYM_TEST_MSG_LEN,
"line %u "
"FAILED: %s", __LINE__,
@@ -378,8 +381,10 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym *ts_params,
asym_op->modinv.base.length = data_tc->modinv.base.len;
asym_op->modinv.result.data = result;
asym_op->modinv.result.length = data_tc->modinv.result_len;
- if (rte_cryptodev_asym_xform_capability_check_modlen(capability,
- xform_tc.modinv.modulus.length)) {
+
+ mod_capa.max_mod_size = xform_tc.modinv.modulus.length;
+ if (!rte_cryptodev_capa_check_mod(capability,
+ mod_capa)) {
snprintf(test_msg, ASYM_TEST_MSG_LEN,
"line %u "
"FAILED: %s", __LINE__,
@@ -963,38 +968,100 @@ ut_teardown_asym(void)
rte_cryptodev_stop(ts_params->valid_devs[0]);
}
-static inline void print_asym_capa(
- const struct rte_cryptodev_asymmetric_xform_capability *capa)
+static void
+print_rsa_capability(
+ const struct rte_cryptodev_asymmetric_capability *capa)
{
int i = 0;
+ printf("\nSupported paddings:");
+ for (; i < 32; i++) {
+ if (capa->rsa.padding & RTE_BIT32(i))
+ printf("\n - %s", rte_crypto_asym_rsa_padding[i]);
+ }
+ printf("\nSupported hash functions:");
+ for (i = 0; i < 32; i++) {
+ if (capa->rsa.hash & RTE_BIT32(i))
+ printf("\n - %s", rte_crypto_auth_algorithm_strings[i]);
+ }
+ printf("\nMaximum key size: ");
+ if (capa->rsa.max_key_size == 0)
+ printf("Unlimited");
+ else
+ printf("%hu", capa->rsa.max_key_size);
+}
+
+static void
+print_supported_curves(uint64_t curves)
+{
+ int i = 0;
+
+ printf("\nSupported elliptic curves:");
+ for (; i < 64; i++) {
+ if (curves & RTE_BIT64(i))
+ printf("\n - %s", rte_crypto_curves_strings[i]);
+ }
+}
+
+static inline void print_asym_capa(
+ const struct rte_cryptodev_asymmetric_capability *capa)
+{
printf("\nxform type: %s\n===================\n",
rte_crypto_asym_xform_strings[capa->xform_type]);
- printf("operation supported -");
- for (i = 0; i < RTE_CRYPTO_ASYM_OP_LIST_END; i++) {
- /* check supported operations */
- if (rte_cryptodev_asym_xform_capability_check_optype(capa, i))
- printf(" %s",
- rte_crypto_asym_op_strings[i]);
- }
- switch (capa->xform_type) {
- case RTE_CRYPTO_ASYM_XFORM_RSA:
- case RTE_CRYPTO_ASYM_XFORM_MODINV:
- case RTE_CRYPTO_ASYM_XFORM_MODEX:
- case RTE_CRYPTO_ASYM_XFORM_DH:
- case RTE_CRYPTO_ASYM_XFORM_DSA:
- printf(" modlen: min %d max %d increment %d",
- capa->modlen.min,
- capa->modlen.max,
- capa->modlen.increment);
+ switch (capa->xform_type) {
+ case RTE_CRYPTO_ASYM_XFORM_MODEX:
+ case RTE_CRYPTO_ASYM_XFORM_MODINV:
+ printf("Maximum size of modulus: ");
+ if (capa->mod.max_mod_size == 0)
+ printf("Unlimited");
+ else
+ printf("%hu", capa->mod.max_mod_size);
break;
- case RTE_CRYPTO_ASYM_XFORM_ECDSA:
- case RTE_CRYPTO_ASYM_XFORM_ECPM:
- default:
- break;
- }
- printf("\n");
+ case RTE_CRYPTO_ASYM_XFORM_RSA:
+ print_rsa_capability(capa);
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_DH:
+ printf("Maximum group size: ");
+ if (capa->dh.max_group_size == 0)
+ printf("Unlimited");
+ else
+ printf("%hu", capa->dh.max_group_size);
+ printf("\nSupport for private key generation: ");
+ if (capa->dh.priv_key_gen)
+ printf("Yes");
+ else
+ printf("No");
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_DSA:
+ printf("Maximum key size: ");
+ if (capa->dsa.max_key_size == 0)
+ printf("Unlimited");
+ else
+ printf("%hu", capa->dsa.max_key_size);
+ printf("\nSupport for random 'k' generation: ");
+ if (capa->dsa.random_k)
+ printf("Yes");
+ else
+ printf("No");
+ break;
+
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_ECDSA:
+ print_supported_curves(capa->ecdsa.curves);
+ printf("\nSupport for random 'k' generation: ");
+ if (capa->ecdsa.random_k)
+ printf("Yes");
+ else
+ printf("No");
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_ECPM:
+ print_supported_curves(capa->ecpm.curves);
+ break;
+ default:
+ break;
+ }
+ printf("\n");
}
static int
@@ -1006,7 +1073,7 @@ test_capability(void)
const struct rte_cryptodev_capabilities *dev_capa;
int i = 0;
struct rte_cryptodev_asym_capability_idx idx;
- const struct rte_cryptodev_asymmetric_xform_capability *capa;
+ const struct rte_cryptodev_asymmetric_capability *capa;
rte_cryptodev_info_get(dev_id, &dev_info);
if (!(dev_info.feature_flags &
@@ -1023,7 +1090,7 @@ test_capability(void)
dev_capa = &(dev_info.capabilities[i]);
if (dev_info.capabilities[i].op ==
RTE_CRYPTO_OP_TYPE_ASYMMETRIC) {
- idx.type = dev_capa->asym.xform_capa.xform_type;
+ idx.type = dev_capa->asym.xform_type;
capa = rte_cryptodev_asym_capability_get(dev_id,
(const struct
@@ -1386,10 +1453,11 @@ test_mod_inv(void)
void *sess = NULL;
int status = TEST_SUCCESS;
struct rte_cryptodev_asym_capability_idx cap_idx;
- const struct rte_cryptodev_asymmetric_xform_capability *capability;
+ const struct rte_cryptodev_asymmetric_capability *capability;
uint8_t input[TEST_DATA_SIZE] = {0};
int ret = 0;
uint8_t result[sizeof(mod_p)] = { 0 };
+ struct rte_crypto_mod_capability mod_capa = {0};
if (rte_cryptodev_asym_get_xform_enum(
&modinv_xform.xform_type, "modinv") < 0) {
@@ -1408,13 +1476,11 @@ test_mod_inv(void)
return TEST_SKIPPED;
}
- if (rte_cryptodev_asym_xform_capability_check_modlen(
- capability,
- modinv_xform.modinv.modulus.length)) {
- RTE_LOG(ERR, USER1,
- "Invalid MODULUS length specified\n");
- return TEST_SKIPPED;
- }
+ mod_capa.max_mod_size = modinv_xform.modinv.modulus.length;
+ if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
+ RTE_LOG(ERR, USER1, "Invalid MODULUS length specified\n");
+ return TEST_SKIPPED;
+ }
ret = rte_cryptodev_asym_session_create(dev_id, &modinv_xform, sess_mpool, &sess);
if (ret < 0) {
@@ -1499,7 +1565,8 @@ test_mod_exp(void)
void *sess = NULL;
int status = TEST_SUCCESS;
struct rte_cryptodev_asym_capability_idx cap_idx;
- const struct rte_cryptodev_asymmetric_xform_capability *capability;
+ const struct rte_cryptodev_asymmetric_capability *capability;
+ struct rte_crypto_mod_capability mod_capa = {0};
uint8_t input[TEST_DATA_SIZE] = {0};
int ret = 0;
uint8_t result[sizeof(mod_p)] = { 0 };
@@ -1522,12 +1589,11 @@ test_mod_exp(void)
return TEST_SKIPPED;
}
- if (rte_cryptodev_asym_xform_capability_check_modlen(
- capability, modex_xform.modex.modulus.length)) {
- RTE_LOG(ERR, USER1,
- "Invalid MODULUS length specified\n");
- return TEST_SKIPPED;
- }
+ mod_capa.max_mod_size = modex_xform.modex.modulus.length;
+ if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
+ RTE_LOG(ERR, USER1, "Invalid MODULUS length specified\n");
+ return TEST_SKIPPED;
+ }
/* Create op, create session, and process packets. 8< */
op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
@@ -1785,6 +1851,8 @@ test_ecdsa_sign_verify(enum curve curve_id)
struct rte_crypto_asym_xform xform;
struct rte_crypto_asym_op *asym_op;
struct rte_cryptodev_info dev_info;
+ struct rte_cryptodev_asym_capability_idx idx;
+ const struct rte_cryptodev_asymmetric_capability *capabilities;
struct rte_crypto_op *op = NULL;
int ret, status = TEST_SUCCESS;
@@ -1814,6 +1882,25 @@ test_ecdsa_sign_verify(enum curve curve_id)
rte_cryptodev_info_get(dev_id, &dev_info);
+ struct rte_crypto_ecdsa_capability capa = {
+ .curves = RTE_BIT32(input_params.curve),
+ .random_k = 0
+ };
+
+ idx.type = RTE_CRYPTO_ASYM_XFORM_ECDSA;
+ capabilities = rte_cryptodev_asym_capability_get(dev_id,
+ (const struct
+ rte_cryptodev_asym_capability_idx *) &idx);
+
+ if (capabilities == NULL) {
+ status = TEST_SKIPPED;
+ goto exit;
+ }
+ if (!rte_cryptodev_capa_check_ecdsa(capabilities, capa)) {
+ status = TEST_SKIPPED;
+ goto exit;
+ }
+
/* Setup crypto op data structure */
op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
if (op == NULL) {
@@ -1962,6 +2049,8 @@ test_ecdsa_sign_verify_all_curve(void)
status = test_ecdsa_sign_verify(curve_id);
if (status == TEST_SUCCESS) {
msg = "succeeded";
+ } else if (status == TEST_SKIPPED) {
+ continue;
} else {
msg = "failed";
overall_status = status;
@@ -1987,6 +2076,8 @@ test_ecpm(enum curve curve_id)
struct rte_crypto_asym_xform xform;
struct rte_crypto_asym_op *asym_op;
struct rte_cryptodev_info dev_info;
+ struct rte_cryptodev_asym_capability_idx idx;
+ const struct rte_cryptodev_asymmetric_capability *capabilities;
struct rte_crypto_op *op = NULL;
int ret, status = TEST_SUCCESS;
@@ -2016,6 +2107,24 @@ test_ecpm(enum curve curve_id)
rte_cryptodev_info_get(dev_id, &dev_info);
+ struct rte_crypto_ecdsa_capability capa = {
+ .curves = RTE_BIT32(input_params.curve)
+ };
+
+ idx.type = RTE_CRYPTO_ASYM_XFORM_ECPM;
+ capabilities = rte_cryptodev_asym_capability_get(dev_id,
+ (const struct
+ rte_cryptodev_asym_capability_idx *) &idx);
+
+ if (capabilities == NULL) {
+ status = TEST_SKIPPED;
+ goto exit;
+ }
+ if (!rte_cryptodev_capa_check_ecdsa(capabilities, capa)) {
+ status = TEST_SKIPPED;
+ goto exit;
+ }
+
/* Setup crypto op data structure */
op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
if (op == NULL) {
@@ -2124,6 +2233,8 @@ test_ecpm_all_curve(void)
status = test_ecpm(curve_id);
if (status == TEST_SUCCESS) {
msg = "succeeded";
+ } else if (status == TEST_SKIPPED) {
+ continue;
} else {
msg = "failed";
overall_status = status;
@@ -2162,7 +2273,12 @@ static struct unit_test_suite cryptodev_qat_asym_testsuite = {
.setup = testsuite_setup,
.teardown = testsuite_teardown,
.unit_test_cases = {
+ TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_capability),
TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_one_by_one),
+ TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
+ test_ecdsa_sign_verify_all_curve),
+ TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
+ test_ecpm_all_curve),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
@@ -450,7 +450,7 @@ test_session_with_op_forward_mode(void)
static int
test_asym_op_forward_mode(uint8_t session_less)
{
- const struct rte_cryptodev_asymmetric_xform_capability *capability;
+ const struct rte_cryptodev_asymmetric_capability *capability;
struct rte_cryptodev_asym_capability_idx cap_idx;
struct rte_crypto_asym_xform xform_tc;
union rte_event_crypto_metadata m_data;
@@ -458,6 +458,7 @@ test_asym_op_forward_mode(uint8_t session_less)
struct rte_crypto_asym_op *asym_op;
struct rte_crypto_op *op;
uint8_t input[4096] = {0};
+ struct rte_crypto_mod_capability mod_capa = {0};
uint8_t *result = NULL;
struct rte_event ev;
void *sess = NULL;
@@ -503,8 +504,9 @@ test_asym_op_forward_mode(uint8_t session_less)
asym_op->modex.base.length = modex_test_case.base.len;
asym_op->modex.result.data = result;
asym_op->modex.result.length = modex_test_case.result_len;
- if (rte_cryptodev_asym_xform_capability_check_modlen(capability,
- xform_tc.modex.modulus.length)) {
+
+ mod_capa.max_mod_size = xform_tc.modex.modulus.length;
+ if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
RTE_LOG(INFO, USER1,
"line %u FAILED: %s", __LINE__,
"Invalid MODULUS length specified");
@@ -784,7 +786,7 @@ test_session_with_op_new_mode(void)
static int
test_asym_op_new_mode(uint8_t session_less)
{
- const struct rte_cryptodev_asymmetric_xform_capability *capability;
+ const struct rte_cryptodev_asymmetric_capability *capability;
struct rte_cryptodev_asym_capability_idx cap_idx;
struct rte_crypto_asym_xform xform_tc;
union rte_event_crypto_metadata m_data;
@@ -792,6 +794,7 @@ test_asym_op_new_mode(uint8_t session_less)
struct rte_crypto_asym_op *asym_op;
struct rte_crypto_op *op;
uint8_t input[4096] = {0};
+ struct rte_crypto_mod_capability mod_capa = {0};
uint8_t *result = NULL;
void *sess = NULL;
uint32_t cap;
@@ -835,8 +838,9 @@ test_asym_op_new_mode(uint8_t session_less)
asym_op->modex.base.length = modex_test_case.base.len;
asym_op->modex.result.data = result;
asym_op->modex.result.length = modex_test_case.result_len;
- if (rte_cryptodev_asym_xform_capability_check_modlen(capability,
- xform_tc.modex.modulus.length)) {
+
+ mod_capa.max_mod_size = xform_tc.modex.modulus.length;
+ if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
RTE_LOG(INFO, USER1,
"line %u FAILED: %s", __LINE__,
"Invalid MODULUS length specified");
@@ -7,6 +7,7 @@
#include <rte_common.h>
#include <rte_malloc.h>
#include <cryptodev_pmd.h>
+#include <rte_bitops.h>
#include "openssl_pmd_private.h"
#include "compat.h"
@@ -470,103 +471,82 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
}, }
}, }
},
- { /* RSA */
+ { /* Modular exponentiation */
.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
{.asym = {
- .xform_capa = {
- .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
- .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
- (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
- (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
- (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
- {
- .modlen = {
- /* min length is based on openssl rsa keygen */
- .min = 30,
- /* value 0 symbolizes no limit on max length */
- .max = 0,
- .increment = 1
- }, }
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
+ .mod = {
+ .max_mod_size = 0
+ }
}
- },
}
},
- { /* modexp */
+ { /* Modular multiplicative inverse */
.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
{.asym = {
- .xform_capa = {
- .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
- .op_types = 0,
- {
- .modlen = {
- /* value 0 symbolizes no limit on min length */
- .min = 0,
- /* value 0 symbolizes no limit on max length */
- .max = 0,
- .increment = 1
- }, }
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
+ .mod = {
+ .max_mod_size = 0
+ }
}
- },
}
},
- { /* modinv */
+ { /* RSA */
.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
{.asym = {
- .xform_capa = {
- .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
- .op_types = 0,
- {
- .modlen = {
- /* value 0 symbolizes no limit on min length */
- .min = 0,
- /* value 0 symbolizes no limit on max length */
- .max = 0,
- .increment = 1
- }, }
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
+ .rsa = {
+ .padding =
+ RTE_BIT32(RTE_CRYPTO_RSA_PADDING_NONE) |
+ RTE_BIT32(RTE_CRYPTO_RSA_PADDING_PKCS1_5),
+ .hash =
+ RTE_BIT32(RTE_CRYPTO_AUTH_MD5) |
+ RTE_BIT32(RTE_CRYPTO_AUTH_SHA1) |
+ RTE_BIT32(RTE_CRYPTO_AUTH_SHA224) |
+ RTE_BIT32(RTE_CRYPTO_AUTH_SHA256) |
+ RTE_BIT32(RTE_CRYPTO_AUTH_SHA384) |
+ RTE_BIT32(RTE_CRYPTO_AUTH_SHA512),
+ .max_key_size = 0
+ }
}
- },
}
},
- { /* dh */
+ { /* Diffie-Hellman */
.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
{.asym = {
- .xform_capa = {
- .xform_type = RTE_CRYPTO_ASYM_XFORM_DH,
- .op_types =
- ((1<<RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE) |
- (1 << RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE |
- (1 <<
- RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE))),
- {
- .modlen = {
- /* value 0 symbolizes no limit on min length */
- .min = 0,
- /* value 0 symbolizes no limit on max length */
- .max = 0,
- .increment = 1
- }, }
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_DH,
+ .dh = {
+ .max_group_size = 0,
+ .priv_key_gen = 1
+ }
}
- },
}
},
- { /* dsa */
+ { /* DSA */
.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
{.asym = {
- .xform_capa = {
- .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA,
- .op_types =
- ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
- (1 << RTE_CRYPTO_ASYM_OP_VERIFY)),
- {
- .modlen = {
- /* value 0 symbolizes no limit on min length */
- .min = 0,
- /* value 0 symbolizes no limit on max length */
- .max = 0,
- .increment = 1
- }, }
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA,
+ .dsa = {
+ .max_key_size = 0,
+ .random_k = 1
+ }
+ }
+ }
+ },
+ { /* ECDSA */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
+ .ecdsa = {
+ .curves =
+ RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP192R1) |
+ RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP224R1) |
+ RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
+ RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP384R1) |
+ RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1),
+ .random_k = 1
+ }
}
- },
}
},
@@ -28,16 +28,64 @@ struct rte_cryptodev_ops qat_asym_crypto_ops_gen1 = {
};
static struct rte_cryptodev_capabilities qat_asym_crypto_caps_gen1[] = {
- QAT_ASYM_CAP(MODEX,
- 0, 1, 512, 1),
- QAT_ASYM_CAP(MODINV,
- 0, 1, 512, 1),
- QAT_ASYM_CAP(RSA,
- ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
- (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
- (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
- (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
- 64, 512, 64),
+ { /* Modular exponentiation */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
+ .mod = {
+ .max_mod_size = 4096
+ }
+ }
+ }
+ },
+ { /* Modular multiplicative inverse */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
+ .mod = {
+ .max_mod_size = 4096
+ }
+ }
+ }
+ },
+ { /* RSA */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
+ .rsa = {
+ .padding =
+ RTE_BIT32(RTE_CRYPTO_RSA_PADDING_NONE),
+ .hash = 0,
+ .max_key_size = 4096
+ }
+ }
+ }
+ },
+ { /* ECDSA */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
+ .ecdsa = {
+ .curves =
+ RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
+ RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1),
+ .random_k = 0
+ }
+ }
+ }
+ },
+ { /* ECPM */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_ECPM,
+ .ecdsa = {
+ .curves =
+ RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
+ RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1)
+ }
+ }
+ }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
@@ -41,6 +41,14 @@ rte_crypto_asym_ke_strings[];
extern const char *
rte_crypto_asym_op_strings[];
+/** RSA padding type name strings */
+extern const char *
+rte_crypto_asym_rsa_padding[];
+
+/** Elliptic curves name strings */
+extern const char *
+rte_crypto_curves_strings[];
+
/**
* Buffer to hold crypto params required for asym operations.
*
@@ -265,6 +273,46 @@ struct rte_crypto_rsa_padding {
*/
};
+struct rte_crypto_mod_capability {
+ uint16_t max_mod_size;
+ /**< Maximum supported modulus size in bytes, 0 means no limit */
+};
+
+struct rte_crypto_rsa_capability {
+ uint32_t padding;
+ /**< List of supported paddings */
+ uint32_t hash;
+ /**< List of supported hash functions */
+ uint32_t max_key_size;
+ /**< Maximum supported key size in bytes, 0 means no limit */
+};
+
+struct rte_crypto_dh_capability {
+ uint16_t max_group_size;
+ /**< Maximum group in bytes, 0 means no limit */
+ uint8_t priv_key_gen;
+ /**< Does PMD supports private key generation generation */
+};
+
+struct rte_crypto_dsa_capability {
+ uint16_t max_key_size;
+ /**< Maximum supported key size in bytes, 0 means no limit */
+ uint8_t random_k;
+ /**< Does PMD supports random 'k' generation */
+};
+
+struct rte_crypto_ecdsa_capability {
+ uint64_t curves;
+ /**< Supported elliptic curve ids */
+ uint8_t random_k;
+ /**< Does PMD supports random 'k' generation */
+};
+
+struct rte_crypto_ecpm_capability {
+ uint64_t curves;
+ /**< Supported elliptic curve ids */
+};
+
/**
* Asymmetric RSA transform data
*
@@ -190,6 +190,27 @@ const char *rte_crypto_asym_ke_strings[] = {
};
/**
+ * RSA padding string identifiers
+ */
+const char *rte_crypto_asym_rsa_padding[] = {
+ [RTE_CRYPTO_RSA_PADDING_NONE] = "RTE_CRYPTO_RSA_PADDING_NONE",
+ [RTE_CRYPTO_RSA_PADDING_PKCS1_5] = "RTE_CRYPTO_RSA_PADDING_PKCS1_5",
+ [RTE_CRYPTO_RSA_PADDING_OAEP] = "RTE_CRYPTO_RSA_PADDING_OAEP",
+ [RTE_CRYPTO_RSA_PADDING_PSS] = "RTE_CRYPTO_RSA_PADDING_PSS"
+};
+
+/**
+ * Elliptic curves string identifiers
+ */
+const char *rte_crypto_curves_strings[] = {
+ [RTE_CRYPTO_EC_GROUP_SECP192R1] = "RTE_CRYPTO_EC_GROUP_SECP192R1",
+ [RTE_CRYPTO_EC_GROUP_SECP224R1] = "RTE_CRYPTO_EC_GROUP_SECP224R1",
+ [RTE_CRYPTO_EC_GROUP_SECP256R1] = "RTE_CRYPTO_EC_GROUP_SECP256R1",
+ [RTE_CRYPTO_EC_GROUP_SECP384R1] = "RTE_CRYPTO_EC_GROUP_SECP384R1",
+ [RTE_CRYPTO_EC_GROUP_SECP521R1] = "RTE_CRYPTO_EC_GROUP_SECP521R1",
+};
+
+/**
* The private data structure stored in the sym session mempool private data.
*/
struct rte_cryptodev_sym_session_pool_private_data {
@@ -347,7 +368,7 @@ param_range_check(uint16_t size, const struct rte_crypto_param_range *range)
return -1;
}
-const struct rte_cryptodev_asymmetric_xform_capability *
+const struct rte_cryptodev_asymmetric_capability *
rte_cryptodev_asym_capability_get(uint8_t dev_id,
const struct rte_cryptodev_asym_capability_idx *idx)
{
@@ -363,8 +384,8 @@ rte_cryptodev_asym_capability_get(uint8_t dev_id,
if (capability->op != RTE_CRYPTO_OP_TYPE_ASYMMETRIC)
continue;
- if (capability->asym.xform_capa.xform_type == idx->type)
- return &capability->asym.xform_capa;
+ if (capability->asym.xform_type == idx->type)
+ return &capability->asym;
}
return NULL;
};
@@ -456,6 +477,59 @@ rte_cryptodev_asym_xform_capability_check_modlen(
return 0;
}
+int
+rte_cryptodev_capa_check_mod(
+ const struct rte_cryptodev_asymmetric_capability *capa,
+ struct rte_crypto_mod_capability mod)
+{
+ if (capa->mod.max_mod_size == 0)
+ return 1;
+
+ if (mod.max_mod_size <= capa->mod.max_mod_size)
+ return 1;
+ else
+ return 0;
+}
+
+int
+rte_cryptodev_capa_check_rsa(
+ const struct rte_cryptodev_asymmetric_capability *capa,
+ struct rte_crypto_rsa_capability rsa)
+{
+ if (rsa.padding != (capa->rsa.padding & rsa.padding))
+ return 0;
+ if (rsa.hash != (capa->rsa.hash & rsa.hash))
+ return 0;
+ if (capa->rsa.max_key_size == 0)
+ return 1;
+ if (rsa.max_key_size <= capa->rsa.max_key_size)
+ return 1;
+ else
+ return 0;
+}
+
+int
+rte_cryptodev_capa_check_ecdsa(
+ const struct rte_cryptodev_asymmetric_capability *capa,
+ struct rte_crypto_ecdsa_capability ecdsa)
+{
+ if (ecdsa.curves != (capa->ecdsa.curves & ecdsa.curves))
+ return 0;
+ if (ecdsa.random_k == 1 && capa->ecdsa.random_k == 0)
+ return 0;
+ return 1;
+}
+
+int
+rte_cryptodev_capa_check_ecpm(
+ const struct rte_cryptodev_asymmetric_capability *capa,
+ struct rte_crypto_ecpm_capability ecpm)
+{
+ if (ecpm.curves != (capa->ecpm.curves & ecpm.curves))
+ return 0;
+ return 1;
+}
+
/* spinlock for crypto device enq callbacks */
static rte_spinlock_t rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
@@ -184,6 +184,19 @@ struct rte_cryptodev_asymmetric_xform_capability {
*
*/
struct rte_cryptodev_asymmetric_capability {
+ enum rte_crypto_asym_xform_type xform_type;
+ /**< Asymmetric transform type */
+ uint32_t op_types;
+ /**< bitmask for supported rte_crypto_asym_op_type */
+ union {
+ struct rte_crypto_mod_capability mod;
+ struct rte_crypto_rsa_capability rsa;
+ struct rte_crypto_dh_capability dh;
+ struct rte_crypto_dsa_capability dsa;
+ struct rte_crypto_ecdsa_capability ecdsa;
+ struct rte_crypto_ecpm_capability ecpm;
+ };
+
struct rte_cryptodev_asymmetric_xform_capability xform_capa;
};
@@ -247,7 +260,7 @@ rte_cryptodev_sym_capability_get(uint8_t dev_id,
* - Return NULL if the capability not exist.
*/
__rte_experimental
-const struct rte_cryptodev_asymmetric_xform_capability *
+const struct rte_cryptodev_asymmetric_capability *
rte_cryptodev_asym_capability_get(uint8_t dev_id,
const struct rte_cryptodev_asym_capability_idx *idx);
@@ -339,6 +352,66 @@ rte_cryptodev_asym_xform_capability_check_modlen(
uint16_t modlen);
/**
+ * Check if requested Modexp features are supported
+ *
+ * @param capability Description of the asymmetric crypto capability.
+ * @param mod Modexp requested capability.
+ *
+ * @return
+ * - Return 1 if the parameters are in range of the capability.
+ * - Return 0 if the parameters are out of range of the capability.
+ */
+__rte_experimental
+int
+rte_cryptodev_capa_check_mod(
+ const struct rte_cryptodev_asymmetric_capability *capa,
+ struct rte_crypto_mod_capability mod);
+/**
+ * Check if requested RSA features are supported
+ *
+ * @param capability Description of the asymmetric crypto capability.
+ * @param rsa RSA requested capability.
+ *
+ * @return
+ * - Return 1 if the parameters are in range of the capability.
+ * - Return 0 if the parameters are out of range of the capability.
+ */
+__rte_experimental
+int
+rte_cryptodev_capa_check_rsa(
+ const struct rte_cryptodev_asymmetric_capability *capa,
+ struct rte_crypto_rsa_capability rsa);
+/**
+ * Check if requested ECDSA features are supported
+ *
+ * @param capability Description of the asymmetric crypto capability.
+ * @param ecdsa ECDSA requested capability.
+ *
+ * @return
+ * - Return 1 if the parameters are in range of the capability.
+ * - Return 0 if the parameters are out of range of the capability.
+ */
+__rte_experimental
+int
+rte_cryptodev_capa_check_ecdsa(
+ const struct rte_cryptodev_asymmetric_capability *capa,
+ struct rte_crypto_ecdsa_capability ecdsa);
+/**
+ * Check if requested ECPM features are supported
+ *
+ * @param capability Description of the asymmetric crypto capability.
+ * @param ecpm ECPM requested capability.
+ *
+ * @return
+ * - Return 1 if the parameters are in range of the capability.
+ * - Return 0 if the parameters are out of range of the capability.
+ */
+__rte_experimental
+int
+rte_cryptodev_capa_check_ecpm(
+ const struct rte_cryptodev_asymmetric_capability *capa,
+ struct rte_crypto_ecpm_capability ecpm);
+/**
* Provide the cipher algorithm enum, given an algorithm string
*
* @param algo_enum A pointer to the cipher algorithm
@@ -108,6 +108,10 @@ EXPERIMENTAL {
#added in 22.07
rte_cryptodev_session_event_mdata_set;
+ rte_cryptodev_capa_check_mod;
+ rte_cryptodev_capa_check_rsa;
+ rte_cryptodev_capa_check_ecdsa;
+ rte_cryptodev_capa_check_ecpm;
};
INTERNAL {