RE: [v1 3/6] cryptodev: add hash support in asymmetric capability
From: Kusztal, ArkadiuszX <hidden>
Date: 2023-09-26 20:03:11
Hi Gowrishankar,
quoted hunk ↗ jump to hunk
-----Original Message----- From: Gowrishankar Muthukrishnan <redacted> Sent: Thursday, August 10, 2023 11:35 AM To: dev@dpdk.org Cc: anoobj@marvell.com; Akhil Goyal <redacted>; Fan Zhang [off-list ref]; Ji, Kai [off-list ref]; Gowrishankar Muthukrishnan [off-list ref] Subject: [v1 3/6] cryptodev: add hash support in asymmetric capability Most of the asymmetric operations start with hash of the input. Add a new field in asymmetric capability to declare support for hash operations that PMD can support for the asymmetric operations. Application can skip computing hash if PMD already supports it. Signed-off-by: Gowrishankar Muthukrishnan <redacted> --- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 1 + lib/cryptodev/cryptodev_trace.h | 9 +++++++++ lib/cryptodev/cryptodev_trace_points.c | 3 +++ lib/cryptodev/rte_crypto_asym.h | 3 +++ lib/cryptodev/rte_cryptodev.c | 16 ++++++++++++++++ lib/cryptodev/rte_cryptodev.h | 19 +++++++++++++++++++ lib/cryptodev/version.map | 1 + 7 files changed, 52 insertions(+)diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.cb/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 0f88669f41..0b3601db40 100644--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c@@ -598,6 +598,7 @@ static const struct rte_cryptodev_capabilitiesopenssl_pmd_capabilities[] = { {.asym = { .xform_capa = { .xform_type = RTE_CRYPTO_ASYM_XFORM_SM2, + .hash_algos = (1 << RTE_CRYPTO_AUTH_SM3), .op_types = ((1<<RTE_CRYPTO_ASYM_OP_SIGN) | (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | diff -- git a/lib/cryptodev/cryptodev_trace.h b/lib/cryptodev/cryptodev_trace.h index aab44af96b..935f0d564b 100644--- a/lib/cryptodev/cryptodev_trace.h +++ b/lib/cryptodev/cryptodev_trace.h@@ -520,6 +520,15 @@ RTE_TRACE_POINT( rte_trace_point_emit_int(ret); ) +RTE_TRACE_POINT( + rte_cryptodev_trace_asym_xform_capability_check_hash, + RTE_TRACE_POINT_ARGS(uint64_t hash_algos, + enum rte_crypto_auth_algorithm hash, int ret), + rte_trace_point_emit_u64(hash_algos); + rte_trace_point_emit_int(hash); + rte_trace_point_emit_int(ret); +) + RTE_TRACE_POINT( rte_cryptodev_trace_count, RTE_TRACE_POINT_ARGS(uint8_t nb_devs), diff --gita/lib/cryptodev/cryptodev_trace_points.c b/lib/cryptodev/cryptodev_trace_points.c index e2303fdb52..8c47ab1e78 100644--- a/lib/cryptodev/cryptodev_trace_points.c +++ b/lib/cryptodev/cryptodev_trace_points.c@@ -144,6 +144,9 @@RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_ch eck_modlen, RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_ch eck_optype, lib.cryptodev.asym.xform.capability.check.optype) +RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_c heck_hash, + lib.cryptodev.asym.xform.capability.check.hash) + RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_cpu_crypto_process, lib.cryptodev.sym.cpu.crypto.process)diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 8b5794fb7c..51f5476c6e 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h@@ -377,6 +377,9 @@ struct rte_crypto_dsa_xform { structrte_crypto_ec_xform { enum rte_crypto_curve_id curve_id; /**< Pre-defined ec groups */ + + enum rte_crypto_auth_algorithm hash;
[Arek] I think that session should only contain information that are constant across its lifetime. Here we decided to have a curve id, but this could be curve + key. But hash may be different for any op, additionally this xform is used for key exchange; multiplication or potentially encryption/decryption., which usually does not need any hash. I would have it in the op.
quoted hunk ↗ jump to hunk
+ /**< Hash algorithm used in EC op. */ }; /**diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c indexc49d342b17..041d3074db 100644--- a/lib/cryptodev/rte_cryptodev.c +++ b/lib/cryptodev/rte_cryptodev.c@@ -718,6 +718,22 @@ rte_cryptodev_asym_xform_capability_check_modlen( return ret; } +bool +rte_cryptodev_asym_xform_capability_check_hash( + const struct rte_cryptodev_asymmetric_xform_capability *capability, + enum rte_crypto_auth_algorithm hash) +{ + bool ret = false; + + if (capability->hash_algos & (1 << hash)) + ret = true; + + rte_cryptodev_trace_asym_xform_capability_check_hash( + capability->hash_algos, hash, ret); + + return ret; +} + /* spinlock for crypto device enq callbacks */ static rte_spinlock_trte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h index64810c9ec4..536e082244 100644--- a/lib/cryptodev/rte_cryptodev.h +++ b/lib/cryptodev/rte_cryptodev.h@@ -189,6 +189,9 @@ struct rte_cryptodev_asymmetric_xform_capability { * random value. Otherwise, PMD would internally compute therandom number. */ }; + + uint64_t hash_algos; + /**< Bitmask of hash algorithms supported for op_type. */ }; /**@@ -348,6 +351,22 @@ rte_cryptodev_asym_xform_capability_check_modlen( const struct rte_cryptodev_asymmetric_xform_capability *capability, uint16_t modlen); +/** + * Check if hash algorithm is supported. + * + * @param capability Asymmetric crypto capability. + * @param hash Hash algorithm. + * + * @return + * - Return true if the hash algorithm is supported. + * - Return false if the hash algorithm is not supported. + */ +__rte_experimental +bool +rte_cryptodev_asym_xform_capability_check_hash( + const struct rte_cryptodev_asymmetric_xform_capability *capability, + enum rte_crypto_auth_algorithm hash); + /** * Provide the cipher algorithm enum, given an algorithm string *diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map indexae8d9327b4..3c2d1780e0 100644--- a/lib/cryptodev/version.map +++ b/lib/cryptodev/version.map@@ -54,6 +54,7 @@ EXPERIMENTAL { rte_cryptodev_asym_get_xform_enum; rte_cryptodev_asym_session_create; rte_cryptodev_asym_session_free; + rte_cryptodev_asym_xform_capability_check_hash; rte_cryptodev_asym_xform_capability_check_modlen; rte_cryptodev_asym_xform_capability_check_optype; rte_cryptodev_sym_cpu_crypto_process; --2.25.1