[v1 3/6] cryptodev: add hash support in asymmetric capability

Kusztal, ArkadiuszX arkadiuszx.kusztal at intel.com
Tue Sep 26 22:03:04 CEST 2023
Previous message (by thread): [PATCH v2] power: support amd-pstate cpufreq driver
Next message (by thread): [v1 3/6] cryptodev: add hash support in asymmetric capability
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Gowrishankar,

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukrishn at marvell.com>
> Sent: Thursday, August 10, 2023 11:35 AM
> To: dev at dpdk.org
> Cc: anoobj at marvell.com; Akhil Goyal <gakhil at marvell.com>; Fan Zhang
> <fanzhang.oss at gmail.com>; Ji, Kai <kai.ji at intel.com>; Gowrishankar
> Muthukrishnan <gmuthukrishn at marvell.com>
> Subject: [v1 3/6] cryptodev: add hash support in asymmetric capability
> 
> Most of the asymmetric operations start with hash of the input.
> Add a new field in asymmetric capability to declare support for hash operations
> that PMD can support for the asymmetric operations. Application can skip
> computing hash if PMD already supports it.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn at marvell.com>
> ---
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c |  1 +
>  lib/cryptodev/cryptodev_trace.h              |  9 +++++++++
>  lib/cryptodev/cryptodev_trace_points.c       |  3 +++
>  lib/cryptodev/rte_crypto_asym.h              |  3 +++
>  lib/cryptodev/rte_cryptodev.c                | 16 ++++++++++++++++
>  lib/cryptodev/rte_cryptodev.h                | 19 +++++++++++++++++++
>  lib/cryptodev/version.map                    |  1 +
>  7 files changed, 52 insertions(+)
> 
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 0f88669f41..0b3601db40 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> @@ -598,6 +598,7 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
>  		{.asym = {
>  			.xform_capa = {
>  				.xform_type =
> RTE_CRYPTO_ASYM_XFORM_SM2,
> +				.hash_algos = (1 << RTE_CRYPTO_AUTH_SM3),
>  				.op_types =
>  				((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
>  				 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | diff --
> git a/lib/cryptodev/cryptodev_trace.h b/lib/cryptodev/cryptodev_trace.h index
> aab44af96b..935f0d564b 100644
> --- a/lib/cryptodev/cryptodev_trace.h
> +++ b/lib/cryptodev/cryptodev_trace.h
> @@ -520,6 +520,15 @@ RTE_TRACE_POINT(
>  	rte_trace_point_emit_int(ret);
>  )
> 
> +RTE_TRACE_POINT(
> +	rte_cryptodev_trace_asym_xform_capability_check_hash,
> +	RTE_TRACE_POINT_ARGS(uint64_t hash_algos,
> +		enum rte_crypto_auth_algorithm hash, int ret),
> +	rte_trace_point_emit_u64(hash_algos);
> +	rte_trace_point_emit_int(hash);
> +	rte_trace_point_emit_int(ret);
> +)
> +
>  RTE_TRACE_POINT(
>  	rte_cryptodev_trace_count,
>  	RTE_TRACE_POINT_ARGS(uint8_t nb_devs), diff --git
> a/lib/cryptodev/cryptodev_trace_points.c
> b/lib/cryptodev/cryptodev_trace_points.c
> index e2303fdb52..8c47ab1e78 100644
> --- a/lib/cryptodev/cryptodev_trace_points.c
> +++ b/lib/cryptodev/cryptodev_trace_points.c
> @@ -144,6 +144,9 @@
> RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_ch
> eck_modlen,
> 
> RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_ch
> eck_optype,
>  	lib.cryptodev.asym.xform.capability.check.optype)
> 
> +RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_c
> heck_hash,
> +	lib.cryptodev.asym.xform.capability.check.hash)
> +
>  RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_cpu_crypto_process,
>  	lib.cryptodev.sym.cpu.crypto.process)
> 
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 8b5794fb7c..51f5476c6e 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -377,6 +377,9 @@ struct rte_crypto_dsa_xform {  struct
> rte_crypto_ec_xform {
>  	enum rte_crypto_curve_id curve_id;
>  	/**< Pre-defined ec groups */
> +
> +	enum rte_crypto_auth_algorithm hash;
[Arek] I think that session should only contain information that are constant across its lifetime. Here we decided to have a curve id, but this could be curve + key. But hash may be different for any op, additionally this xform is used for key exchange; multiplication or potentially encryption/decryption., which usually does not need any hash. I would have it in the op.
> +	/**< Hash algorithm used in EC op. */
>  };
> 
>  /**
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c index
> c49d342b17..041d3074db 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -718,6 +718,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
>  	return ret;
>  }
> 
> +bool
> +rte_cryptodev_asym_xform_capability_check_hash(
> +	const struct rte_cryptodev_asymmetric_xform_capability *capability,
> +	enum rte_crypto_auth_algorithm hash)
> +{
> +	bool ret = false;
> +
> +	if (capability->hash_algos & (1 << hash))
> +		ret = true;
> +
> +	rte_cryptodev_trace_asym_xform_capability_check_hash(
> +		capability->hash_algos, hash, ret);
> +
> +	return ret;
> +}
> +
>  /* spinlock for crypto device enq callbacks */  static rte_spinlock_t
> rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
> 
> diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h index
> 64810c9ec4..536e082244 100644
> --- a/lib/cryptodev/rte_cryptodev.h
> +++ b/lib/cryptodev/rte_cryptodev.h
> @@ -189,6 +189,9 @@ struct rte_cryptodev_asymmetric_xform_capability {
>  		 * random value. Otherwise, PMD would internally compute the
> random number.
>  		 */
>  	};
> +
> +	uint64_t hash_algos;
> +	/**< Bitmask of hash algorithms supported for op_type. */
>  };
> 
>  /**
> @@ -348,6 +351,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
>  	const struct rte_cryptodev_asymmetric_xform_capability *capability,
>  		uint16_t modlen);
> 
> +/**
> + * Check if hash algorithm is supported.
> + *
> + * @param	capability	Asymmetric crypto capability.
> + * @param	hash		Hash algorithm.
> + *
> + * @return
> + *   - Return true if the hash algorithm is supported.
> + *   - Return false if the hash algorithm is not supported.
> + */
> +__rte_experimental
> +bool
> +rte_cryptodev_asym_xform_capability_check_hash(
> +	const struct rte_cryptodev_asymmetric_xform_capability *capability,
> +	enum rte_crypto_auth_algorithm hash);
> +
>  /**
>   * Provide the cipher algorithm enum, given an algorithm string
>   *
> diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map index
> ae8d9327b4..3c2d1780e0 100644
> --- a/lib/cryptodev/version.map
> +++ b/lib/cryptodev/version.map
> @@ -54,6 +54,7 @@ EXPERIMENTAL {
>  	rte_cryptodev_asym_get_xform_enum;
>  	rte_cryptodev_asym_session_create;
>  	rte_cryptodev_asym_session_free;
> +	rte_cryptodev_asym_xform_capability_check_hash;
>  	rte_cryptodev_asym_xform_capability_check_modlen;
>  	rte_cryptodev_asym_xform_capability_check_optype;
>  	rte_cryptodev_sym_cpu_crypto_process;
> --
> 2.25.1
Previous message (by thread): [PATCH v2] power: support amd-pstate cpufreq driver
Next message (by thread): [v1 3/6] cryptodev: add hash support in asymmetric capability
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the dev mailing list