> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusz...@intel.com>
> Sent: Thursday, May 26, 2022 7:49 PM
> To: Akhil Goyal <gak...@marvell.com>; dev@dpdk.org
> Cc: Zhang, Roy Fan <roy.fan.zh...@intel.com>
> Subject: RE: [EXT] [PATCH v2 14/14] cryptodev: add asym algorithms
> capabilities
>
>
>
> > -----Original Message-----
> > From: Akhil Goyal <gak...@marvell.com>
> > Sent: Thursday, May 26, 2022 2:54 PM
> > To: Kusztal, ArkadiuszX <arkadiuszx.kusz...@intel.com>; dev@dpdk.org
> > Cc: Zhang, Roy Fan <roy.fan.zh...@intel.com>
> > Subject: RE: [EXT] [PATCH v2 14/14] cryptodev: add asym algorithms
> capabilities
> >
> > > - Added asymmetric crypto algorithm specific capability struct.
> > > Included fields like random number capability, padding flags etc.
> > >
> > > Signed-off-by: Arek Kusztal <arkadiuszx.kusz...@intel.com>
> > > ---
> > > app/test-crypto-perf/main.c | 12 +-
> > > app/test-eventdev/test_perf_common.c | 2 +-
> > > app/test/test_cryptodev_asym.c | 210
> > > +++++++++++++++++++++----
> --
> > > app/test/test_event_crypto_adapter.c | 16 +-
> > > drivers/crypto/openssl/rte_openssl_pmd_ops.c | 128 +++++++---------
> > > drivers/crypto/qat/dev/qat_asym_pmd_gen1.c | 68 +++++++--
> > > lib/cryptodev/rte_crypto_asym.h | 48 ++++++
> > > lib/cryptodev/rte_cryptodev.c | 80 +++++++++-
> > > lib/cryptodev/rte_cryptodev.h | 75 +++++++++-
> > > lib/cryptodev/version.map | 4 +
> > > 10 files changed, 495 insertions(+), 148 deletions(-)
> >
> > This would also need a change in documentation.
> >
> > >
> > > diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
> > > index 17e30a8e74..f8a4c9cdcf 100644
> > > --- a/app/test-crypto-perf/main.c
> > > +++ b/app/test-crypto-perf/main.c
> > > @@ -364,8 +364,8 @@ cperf_verify_devices_capabilities(struct
> > > cperf_options *opts,
> > > struct rte_cryptodev_sym_capability_idx cap_idx;
> > > const struct rte_cryptodev_symmetric_capability *capability;
> > > struct rte_cryptodev_asym_capability_idx asym_cap_idx;
> > > - const struct rte_cryptodev_asymmetric_xform_capability
> > > *asym_capability;
> > > -
> > > + const struct rte_cryptodev_asymmetric_capability *asym_capability;
> > > + struct rte_crypto_mod_capability mod_capa = {0};
> > >
> > > uint8_t i, cdev_id;
> > > int ret;
> > > @@ -381,11 +381,11 @@ cperf_verify_devices_capabilities(struct
> > > cperf_options *opts,
> > > if (asym_capability == NULL)
> > > return -1;
> > >
> > > - ret =
> > > rte_cryptodev_asym_xform_capability_check_modlen(
> > > - asym_capability, opts->modex_data-
> > > >modulus.len);
> > > - if (ret != 0)
> > > + mod_capa.max_mod_size = opts->modex_data-
> > > >modulus.len;
> > > + ret = rte_cryptodev_capa_check_mod(asym_capability,
> > > + mod_capa);
> > > + if (ret == 0)
> > > return ret;
> > > -
> > > }
> > >
> > > if (opts->op_type == CPERF_AUTH_ONLY || diff --git
> > > a/app/test-eventdev/test_perf_common.c b/app/test-
> > > eventdev/test_perf_common.c index b41785492e..ac8e6410ab 100644
> > > --- a/app/test-eventdev/test_perf_common.c
> > > +++ b/app/test-eventdev/test_perf_common.c
> > > @@ -846,7 +846,7 @@ cryptodev_sym_sess_create(struct prod_data *p,
> > > struct test_perf *t) static void * cryptodev_asym_sess_create(struct
> > > prod_data *p, struct test_perf *t) {
> > > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > + const struct rte_cryptodev_asymmetric_capability *capability;
> > > struct rte_cryptodev_asym_capability_idx cap_idx;
> > > struct rte_crypto_asym_xform xform;
> > > void *sess;
> > > diff --git a/app/test/test_cryptodev_asym.c
> > > b/app/test/test_cryptodev_asym.c index 072dbb30f4..c531265642 100644
> > > --- a/app/test/test_cryptodev_asym.c
> > > +++ b/app/test/test_cryptodev_asym.c
> > > @@ -311,10 +311,11 @@ test_cryptodev_asym_op(struct
> > > crypto_testsuite_params_asym *ts_params,
> > > struct rte_crypto_asym_xform xform_tc;
> > > void *sess = NULL;
> > > struct rte_cryptodev_asym_capability_idx cap_idx;
> > > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > + const struct rte_cryptodev_asymmetric_capability *capability;
> > > uint8_t dev_id = ts_params->valid_devs[0];
> > > uint8_t input[TEST_DATA_SIZE] = {0};
> > > uint8_t *result = NULL;
> > > + struct rte_crypto_mod_capability mod_capa = {0};
> > >
> > > int ret, status = TEST_SUCCESS;
> > >
> > > @@ -358,8 +359,10 @@ test_cryptodev_asym_op(struct
> > > crypto_testsuite_params_asym *ts_params,
> > > asym_op->modex.base.length = data_tc->modex.base.len;
> > > asym_op->modex.result.data = result;
> > > asym_op->modex.result.length = data_tc->modex.result_len;
> > > - if
> > > (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> > > - xform_tc.modex.modulus.length)) {
> > > +
> > > + mod_capa.max_mod_size = xform_tc.modex.modulus.length;
> > > + if (!rte_cryptodev_capa_check_mod(capability,
> > > + mod_capa)) {
> > > snprintf(test_msg, ASYM_TEST_MSG_LEN,
> > > "line %u "
> > > "FAILED: %s", __LINE__,
> > > @@ -378,8 +381,10 @@ test_cryptodev_asym_op(struct
> > > crypto_testsuite_params_asym *ts_params,
> > > asym_op->modinv.base.length = data_tc->modinv.base.len;
> > > asym_op->modinv.result.data = result;
> > > asym_op->modinv.result.length = data_tc->modinv.result_len;
> > > - if
> > > (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> > > - xform_tc.modinv.modulus.length)) {
> > > +
> > > + mod_capa.max_mod_size = xform_tc.modinv.modulus.length;
> > > + if (!rte_cryptodev_capa_check_mod(capability,
> > > + mod_capa)) {
> > > snprintf(test_msg, ASYM_TEST_MSG_LEN,
> > > "line %u "
> > > "FAILED: %s", __LINE__,
> > > @@ -963,38 +968,100 @@ ut_teardown_asym(void)
> > > rte_cryptodev_stop(ts_params->valid_devs[0]);
> > > }
> > >
> > > -static inline void print_asym_capa(
> > > - const struct rte_cryptodev_asymmetric_xform_capability
> > > *capa)
> > > +static void
> > > +print_rsa_capability(
> > > + const struct rte_cryptodev_asymmetric_capability *capa)
> > > {
> > > int i = 0;
> > >
> > > + printf("\nSupported paddings:");
> > > + for (; i < 32; i++) {
> > > + if (capa->rsa.padding & RTE_BIT32(i))
> > > + printf("\n - %s", rte_crypto_asym_rsa_padding[i]);
> > > + }
> > > + printf("\nSupported hash functions:");
> > > + for (i = 0; i < 32; i++) {
> > > + if (capa->rsa.hash & RTE_BIT32(i))
> > > + printf("\n - %s", rte_crypto_auth_algorithm_strings[i]);
> > > + }
> > > + printf("\nMaximum key size: ");
> > > + if (capa->rsa.max_key_size == 0)
> > > + printf("Unlimited");
> > > + else
> > > + printf("%hu", capa->rsa.max_key_size); }
> > > +
> > > +static void
> > > +print_supported_curves(uint64_t curves) {
> > > + int i = 0;
> > > +
> > > + printf("\nSupported elliptic curves:");
> > > + for (; i < 64; i++) {
> > > + if (curves & RTE_BIT64(i))
> > > + printf("\n - %s", rte_crypto_curves_strings[i]);
> > > + }
> > > +}
> > > +
> > > +static inline void print_asym_capa(
> > > + const struct rte_cryptodev_asymmetric_capability *capa) {
> > > printf("\nxform type: %s\n===================\n",
> > > rte_crypto_asym_xform_strings[capa->xform_type]);
> > > - printf("operation supported -");
> > >
> > > - for (i = 0; i < RTE_CRYPTO_ASYM_OP_LIST_END; i++) {
> > > - /* check supported operations */
> > > - if (rte_cryptodev_asym_xform_capability_check_optype(capa,
> > > i))
> > > - printf(" %s",
> > > - rte_crypto_asym_op_strings[i]);
> > > - }
> > > - switch (capa->xform_type) {
> > > - case RTE_CRYPTO_ASYM_XFORM_RSA:
> > > - case RTE_CRYPTO_ASYM_XFORM_MODINV:
> > > - case RTE_CRYPTO_ASYM_XFORM_MODEX:
> > > - case RTE_CRYPTO_ASYM_XFORM_DH:
> > > - case RTE_CRYPTO_ASYM_XFORM_DSA:
> > > - printf(" modlen: min %d max %d increment %d",
> > > - capa->modlen.min,
> > > - capa->modlen.max,
> > > - capa->modlen.increment);
> > > + switch (capa->xform_type) {
> > > + case RTE_CRYPTO_ASYM_XFORM_MODEX:
> > > + case RTE_CRYPTO_ASYM_XFORM_MODINV:
> > > + printf("Maximum size of modulus: ");
> > > + if (capa->mod.max_mod_size == 0)
> > > + printf("Unlimited");
> > > + else
> > > + printf("%hu", capa->mod.max_mod_size);
> > > break;
> > > - case RTE_CRYPTO_ASYM_XFORM_ECDSA:
> > > - case RTE_CRYPTO_ASYM_XFORM_ECPM:
> > > - default:
> > > - break;
> > > - }
> > > - printf("\n");
> > > + case RTE_CRYPTO_ASYM_XFORM_RSA:
> > > + print_rsa_capability(capa);
> > > + break;
> > > + case RTE_CRYPTO_ASYM_XFORM_DH:
> >
> > ECDH?? I hope it will be added once it is tested in this app.
> >
> > > + printf("Maximum group size: ");
> > > + if (capa->dh.max_group_size == 0)
> > > + printf("Unlimited");
> > > + else
> > > + printf("%hu", capa->dh.max_group_size);
> > > + printf("\nSupport for private key generation: ");
> > > + if (capa->dh.priv_key_gen)
> > > + printf("Yes");
> > > + else
> > > + printf("No");
> > > + break;
> > > + case RTE_CRYPTO_ASYM_XFORM_DSA:
> > > + printf("Maximum key size: ");
> > > + if (capa->dsa.max_key_size == 0)
> > > + printf("Unlimited");
> > > + else
> > > + printf("%hu", capa->dsa.max_key_size);
> > > + printf("\nSupport for random 'k' generation: ");
> > > + if (capa->dsa.random_k)
> > > + printf("Yes");
> > > + else
> > > + printf("No");
> > > + break;
> > > +
> > > + break;
> > > + case RTE_CRYPTO_ASYM_XFORM_ECDSA:
> > > + print_supported_curves(capa->ecdsa.curves);
> > > + printf("\nSupport for random 'k' generation: ");
> > > + if (capa->ecdsa.random_k)
> > > + printf("Yes");
> > > + else
> > > + printf("No");
> > > + break;
> > > + case RTE_CRYPTO_ASYM_XFORM_ECPM:
> > > + print_supported_curves(capa->ecpm.curves);
> > > + break;
> > > + default:
> > > + break;
> > > + }
> > > + printf("\n");
> > > }
> > >
> > > static int
> > > @@ -1006,7 +1073,7 @@ test_capability(void)
> > > const struct rte_cryptodev_capabilities *dev_capa;
> > > int i = 0;
> > > struct rte_cryptodev_asym_capability_idx idx;
> > > - const struct rte_cryptodev_asymmetric_xform_capability *capa;
> > > + const struct rte_cryptodev_asymmetric_capability *capa;
> > >
> > > rte_cryptodev_info_get(dev_id, &dev_info);
> > > if (!(dev_info.feature_flags &
> > > @@ -1023,7 +1090,7 @@ test_capability(void)
> > > dev_capa = &(dev_info.capabilities[i]);
> > > if (dev_info.capabilities[i].op ==
> > > RTE_CRYPTO_OP_TYPE_ASYMMETRIC) {
> > > - idx.type = dev_capa->asym.xform_capa.xform_type;
> > > + idx.type = dev_capa->asym.xform_type;
> > >
> > > capa = rte_cryptodev_asym_capability_get(dev_id,
> > > (const struct
> > > @@ -1386,10 +1453,11 @@ test_mod_inv(void)
> > > void *sess = NULL;
> > > int status = TEST_SUCCESS;
> > > struct rte_cryptodev_asym_capability_idx cap_idx;
> > > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > + const struct rte_cryptodev_asymmetric_capability *capability;
> > > uint8_t input[TEST_DATA_SIZE] = {0};
> > > int ret = 0;
> > > uint8_t result[sizeof(mod_p)] = { 0 };
> > > + struct rte_crypto_mod_capability mod_capa = {0};
> > >
> > > if (rte_cryptodev_asym_get_xform_enum(
> > > &modinv_xform.xform_type, "modinv") < 0) { @@ -1408,13
> > +1476,11 @@
> > > test_mod_inv(void)
> > > return TEST_SKIPPED;
> > > }
> > >
> > > - if (rte_cryptodev_asym_xform_capability_check_modlen(
> > > - capability,
> > > - modinv_xform.modinv.modulus.length)) {
> > > - RTE_LOG(ERR, USER1,
> > > - "Invalid MODULUS length specified\n");
> > > - return TEST_SKIPPED;
> > > - }
> > > + mod_capa.max_mod_size = modinv_xform.modinv.modulus.length;
> > > + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> > > + RTE_LOG(ERR, USER1, "Invalid MODULUS length specified\n");
> > > + return TEST_SKIPPED;
> > > + }
> > >
> > > ret = rte_cryptodev_asym_session_create(dev_id, &modinv_xform,
> > > sess_mpool, &sess);
> > > if (ret < 0) {
> > > @@ -1499,7 +1565,8 @@ test_mod_exp(void)
> > > void *sess = NULL;
> > > int status = TEST_SUCCESS;
> > > struct rte_cryptodev_asym_capability_idx cap_idx;
> > > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > + const struct rte_cryptodev_asymmetric_capability *capability;
> > > + struct rte_crypto_mod_capability mod_capa = {0};
> > > uint8_t input[TEST_DATA_SIZE] = {0};
> > > int ret = 0;
> > > uint8_t result[sizeof(mod_p)] = { 0 }; @@ -1522,12 +1589,11 @@
> > > test_mod_exp(void)
> > > return TEST_SKIPPED;
> > > }
> > >
> > > - if (rte_cryptodev_asym_xform_capability_check_modlen(
> > > - capability, modex_xform.modex.modulus.length)) {
> > > - RTE_LOG(ERR, USER1,
> > > - "Invalid MODULUS length specified\n");
> > > - return TEST_SKIPPED;
> > > - }
> > > + mod_capa.max_mod_size = modex_xform.modex.modulus.length;
> > > + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> > > + RTE_LOG(ERR, USER1, "Invalid MODULUS length specified\n");
> > > + return TEST_SKIPPED;
> > > + }
> > >
> > > /* Create op, create session, and process packets. 8< */
> > > op = rte_crypto_op_alloc(op_mpool,
> > > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > > @@ -1785,6 +1851,8 @@ test_ecdsa_sign_verify(enum curve curve_id)
> > > struct rte_crypto_asym_xform xform;
> > > struct rte_crypto_asym_op *asym_op;
> > > struct rte_cryptodev_info dev_info;
> > > + struct rte_cryptodev_asym_capability_idx idx;
> > > + const struct rte_cryptodev_asymmetric_capability *capabilities;
> > > struct rte_crypto_op *op = NULL;
> > > int ret, status = TEST_SUCCESS;
> > >
> > > @@ -1814,6 +1882,25 @@ test_ecdsa_sign_verify(enum curve curve_id)
> > >
> > > rte_cryptodev_info_get(dev_id, &dev_info);
> > >
> > > + struct rte_crypto_ecdsa_capability capa = {
> > > + .curves = RTE_BIT32(input_params.curve),
> > > + .random_k = 0
> > > + };
> > > +
> > > + idx.type = RTE_CRYPTO_ASYM_XFORM_ECDSA;
> > > + capabilities = rte_cryptodev_asym_capability_get(dev_id,
> > > + (const struct
> > > + rte_cryptodev_asym_capability_idx *) &idx);
> > > +
> > > + if (capabilities == NULL) {
> > > + status = TEST_SKIPPED;
> > > + goto exit;
> > > + }
> > > + if (!rte_cryptodev_capa_check_ecdsa(capabilities, capa)) {
> > > + status = TEST_SKIPPED;
> > > + goto exit;
> > > + }
> > > +
> > > /* Setup crypto op data structure */
> > > op = rte_crypto_op_alloc(op_mpool,
> > > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > > if (op == NULL) {
> > > @@ -1962,6 +2049,8 @@ test_ecdsa_sign_verify_all_curve(void)
> > > status = test_ecdsa_sign_verify(curve_id);
> > > if (status == TEST_SUCCESS) {
> > > msg = "succeeded";
> > > + } else if (status == TEST_SKIPPED) {
> > > + continue;
> > > } else {
> > > msg = "failed";
> > > overall_status = status;
> > > @@ -1987,6 +2076,8 @@ test_ecpm(enum curve curve_id)
> > > struct rte_crypto_asym_xform xform;
> > > struct rte_crypto_asym_op *asym_op;
> > > struct rte_cryptodev_info dev_info;
> > > + struct rte_cryptodev_asym_capability_idx idx;
> > > + const struct rte_cryptodev_asymmetric_capability *capabilities;
> > > struct rte_crypto_op *op = NULL;
> > > int ret, status = TEST_SUCCESS;
> > >
> > > @@ -2016,6 +2107,24 @@ test_ecpm(enum curve curve_id)
> > >
> > > rte_cryptodev_info_get(dev_id, &dev_info);
> > >
> > > + struct rte_crypto_ecdsa_capability capa = {
> > > + .curves = RTE_BIT32(input_params.curve)
> > > + };
> > > +
> > > + idx.type = RTE_CRYPTO_ASYM_XFORM_ECPM;
> > > + capabilities = rte_cryptodev_asym_capability_get(dev_id,
> > > + (const struct
> > > + rte_cryptodev_asym_capability_idx *) &idx);
> > > +
> > > + if (capabilities == NULL) {
> > > + status = TEST_SKIPPED;
> > > + goto exit;
> > > + }
> > > + if (!rte_cryptodev_capa_check_ecdsa(capabilities, capa)) {
> > > + status = TEST_SKIPPED;
> > > + goto exit;
> > > + }
> > > +
> > > /* Setup crypto op data structure */
> > > op = rte_crypto_op_alloc(op_mpool,
> > > RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
> > > if (op == NULL) {
> > > @@ -2124,6 +2233,8 @@ test_ecpm_all_curve(void)
> > > status = test_ecpm(curve_id);
> > > if (status == TEST_SUCCESS) {
> > > msg = "succeeded";
> > > + } else if (status == TEST_SKIPPED) {
> > > + continue;
> > > } else {
> > > msg = "failed";
> > > overall_status = status;
> > > @@ -2162,7 +2273,12 @@ static struct unit_test_suite
> > > cryptodev_qat_asym_testsuite = {
> > > .setup = testsuite_setup,
> > > .teardown = testsuite_teardown,
> > > .unit_test_cases = {
> > > + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > > test_capability),
> > > TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > test_one_by_one),
> > > + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > > + test_ecdsa_sign_verify_all_curve),
> > > + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym,
> > > + test_ecpm_all_curve),
> > > TEST_CASES_END() /**< NULL terminate unit test array */
> > > }
> > > };
> >
> > I think patch need to be split for adding test app changes.
> >
> >
> > > diff --git a/app/test/test_event_crypto_adapter.c
> > > b/app/test/test_event_crypto_adapter.c
> > > index 2ecc7e2cea..9a62241371 100644
> > > --- a/app/test/test_event_crypto_adapter.c
> > > +++ b/app/test/test_event_crypto_adapter.c
> > > @@ -450,7 +450,7 @@ test_session_with_op_forward_mode(void)
> > > static int
> > > test_asym_op_forward_mode(uint8_t session_less) {
> > > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > + const struct rte_cryptodev_asymmetric_capability *capability;
> > > struct rte_cryptodev_asym_capability_idx cap_idx;
> > > struct rte_crypto_asym_xform xform_tc;
> > > union rte_event_crypto_metadata m_data; @@ -458,6 +458,7 @@
> > > test_asym_op_forward_mode(uint8_t session_less)
> > > struct rte_crypto_asym_op *asym_op;
> > > struct rte_crypto_op *op;
> > > uint8_t input[4096] = {0};
> > > + struct rte_crypto_mod_capability mod_capa = {0};
> > > uint8_t *result = NULL;
> > > struct rte_event ev;
> > > void *sess = NULL;
> > > @@ -503,8 +504,9 @@ test_asym_op_forward_mode(uint8_t session_less)
> > > asym_op->modex.base.length = modex_test_case.base.len;
> > > asym_op->modex.result.data = result;
> > > asym_op->modex.result.length = modex_test_case.result_len;
> > > - if (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> > > - xform_tc.modex.modulus.length)) {
> > > +
> > > + mod_capa.max_mod_size = xform_tc.modex.modulus.length;
> > > + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> > > RTE_LOG(INFO, USER1,
> > > "line %u FAILED: %s", __LINE__,
> > > "Invalid MODULUS length specified"); @@ -784,7
> > +786,7 @@
> > > test_session_with_op_new_mode(void)
> > > static int
> > > test_asym_op_new_mode(uint8_t session_less) {
> > > - const struct rte_cryptodev_asymmetric_xform_capability *capability;
> > > + const struct rte_cryptodev_asymmetric_capability *capability;
> > > struct rte_cryptodev_asym_capability_idx cap_idx;
> > > struct rte_crypto_asym_xform xform_tc;
> > > union rte_event_crypto_metadata m_data; @@ -792,6 +794,7 @@
> > > test_asym_op_new_mode(uint8_t session_less)
> > > struct rte_crypto_asym_op *asym_op;
> > > struct rte_crypto_op *op;
> > > uint8_t input[4096] = {0};
> > > + struct rte_crypto_mod_capability mod_capa = {0};
> >
> > Can you move this above to maintain reverse Xmas tree?
> >
> > > uint8_t *result = NULL;
> > > void *sess = NULL;
> > > uint32_t cap;
> > > @@ -835,8 +838,9 @@ test_asym_op_new_mode(uint8_t session_less)
> > > asym_op->modex.base.length = modex_test_case.base.len;
> > > asym_op->modex.result.data = result;
> > > asym_op->modex.result.length = modex_test_case.result_len;
> > > - if (rte_cryptodev_asym_xform_capability_check_modlen(capability,
> > > - xform_tc.modex.modulus.length)) {
> > > +
> > > + mod_capa.max_mod_size = xform_tc.modex.modulus.length;
> > > + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) {
> > > RTE_LOG(INFO, USER1,
> > > "line %u FAILED: %s", __LINE__,
> > > "Invalid MODULUS length specified"); diff --git
> > > a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > > b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > > index 16ec5e15eb..e734fc2a69 100644
> > > --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > > +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> > > @@ -7,6 +7,7 @@
> > > #include <rte_common.h>
> > > #include <rte_malloc.h>
> > > #include <cryptodev_pmd.h>
> > > +#include <rte_bitops.h>
> > >
> > > #include "openssl_pmd_private.h"
> > > #include "compat.h"
> > > @@ -470,103 +471,82 @@ static const struct rte_cryptodev_capabilities
> > > openssl_pmd_capabilities[] = {
> > > }, }
> > > }, }
> > > },
> > > - { /* RSA */
> > > + { /* Modular exponentiation */
> > > .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > {.asym = {
> > > - .xform_capa = {
> > > - .xform_type =
> > > RTE_CRYPTO_ASYM_XFORM_RSA,
> > > - .op_types = ((1 <<
> > > RTE_CRYPTO_ASYM_OP_SIGN) |
> > > - (1 << RTE_CRYPTO_ASYM_OP_VERIFY)
> > > |
> > > - (1 <<
> > > RTE_CRYPTO_ASYM_OP_ENCRYPT) |
> > > - (1 <<
> > > RTE_CRYPTO_ASYM_OP_DECRYPT)),
> > > - {
> > > - .modlen = {
> > > - /* min length is based on openssl rsa keygen */
> > > - .min = 30,
> > > - /* value 0 symbolizes no limit on max length */
> > > - .max = 0,
> > > - .increment = 1
> > > - }, }
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
> > > + .mod = {
> > > + .max_mod_size = 0
> > > + }
> > > }
> > > - },
> > > }
> > > },
> > > - { /* modexp */
> > > + { /* Modular multiplicative inverse */
> > > .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > {.asym = {
> > > - .xform_capa = {
> > > - .xform_type =
> > > RTE_CRYPTO_ASYM_XFORM_MODEX,
> > > - .op_types = 0,
> > > - {
> > > - .modlen = {
> > > - /* value 0 symbolizes no limit on min length */
> > > - .min = 0,
> > > - /* value 0 symbolizes no limit on max length */
> > > - .max = 0,
> > > - .increment = 1
> > > - }, }
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
> > > + .mod = {
> > > + .max_mod_size = 0
> > > + }
> > > }
> > > - },
> > > }
> > > },
> > > - { /* modinv */
> > > + { /* RSA */
> > > .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > {.asym = {
> > > - .xform_capa = {
> > > - .xform_type =
> > > RTE_CRYPTO_ASYM_XFORM_MODINV,
> > > - .op_types = 0,
> > > - {
> > > - .modlen = {
> > > - /* value 0 symbolizes no limit on min length */
> > > - .min = 0,
> > > - /* value 0 symbolizes no limit on max length */
> > > - .max = 0,
> > > - .increment = 1
> > > - }, }
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
> > > + .rsa = {
> > > + .padding =
> > > +
> > > RTE_BIT32(RTE_CRYPTO_RSA_PADDING_NONE) |
> > > +
> > > RTE_BIT32(RTE_CRYPTO_RSA_PADDING_PKCS1_5),
> > > + .hash =
> > > + RTE_BIT32(RTE_CRYPTO_AUTH_MD5)
> > > |
> > > + RTE_BIT32(RTE_CRYPTO_AUTH_SHA1)
> > > |
> > > +
> > > RTE_BIT32(RTE_CRYPTO_AUTH_SHA224) |
> > > +
> > > RTE_BIT32(RTE_CRYPTO_AUTH_SHA256) |
> > > +
> > > RTE_BIT32(RTE_CRYPTO_AUTH_SHA384) |
> > > +
> > > RTE_BIT32(RTE_CRYPTO_AUTH_SHA512),
> > > + .max_key_size = 0
> > > + }
> > > }
> > > - },
> > > }
> > > },
> > > - { /* dh */
> > > + { /* Diffie-Hellman */
> > > .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > {.asym = {
> > > - .xform_capa = {
> > > - .xform_type =
> > > RTE_CRYPTO_ASYM_XFORM_DH,
> > > - .op_types =
> > > -
> > > ((1<<RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE) |
> > > - (1 <<
> > > RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE |
> > > - (1 <<
> > > -
> > > RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE))),
> > > - {
> > > - .modlen = {
> > > - /* value 0 symbolizes no limit on min length */
> > > - .min = 0,
> > > - /* value 0 symbolizes no limit on max length */
> > > - .max = 0,
> > > - .increment = 1
> > > - }, }
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_DH,
> > > + .dh = {
> > > + .max_group_size = 0,
> > > + .priv_key_gen = 1
> > > + }
> > > }
> > > - },
> > > }
> > > },
> > > - { /* dsa */
> > > + { /* DSA */
> > > .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > {.asym = {
> > > - .xform_capa = {
> > > - .xform_type =
> > > RTE_CRYPTO_ASYM_XFORM_DSA,
> > > - .op_types =
> > > - ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
> > > - (1 << RTE_CRYPTO_ASYM_OP_VERIFY)),
> > > - {
> > > - .modlen = {
> > > - /* value 0 symbolizes no limit on min length */
> > > - .min = 0,
> > > - /* value 0 symbolizes no limit on max length */
> > > - .max = 0,
> > > - .increment = 1
> > > - }, }
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA,
> > > + .dsa = {
> > > + .max_key_size = 0,
> > > + .random_k = 1
> > > + }
> > > + }
> > > + }
> > > + },
> > > + { /* ECDSA */
> > > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > + {.asym = {
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
> > > + .ecdsa = {
> > > + .curves =
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP192R1) |
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP224R1) |
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP384R1) |
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1),
> > > + .random_k = 1
> > > + }
> > > }
> > > - },
> > > }
> > > },
> > >
> >
> > Do not combine PMD changes for capabilities in cryptodev patch for new APIs.
> >
> >
> > > diff --git a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> > > b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> > > index 4499fdaf2d..d5144bca84 100644
> > > --- a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> > > +++ b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
> > > @@ -28,16 +28,64 @@ struct rte_cryptodev_ops
> qat_asym_crypto_ops_gen1
> > > = { };
> > >
> > > static struct rte_cryptodev_capabilities qat_asym_crypto_caps_gen1[] = {
> > > - QAT_ASYM_CAP(MODEX,
> > > - 0, 1, 512, 1),
> > > - QAT_ASYM_CAP(MODINV,
> > > - 0, 1, 512, 1),
> > > - QAT_ASYM_CAP(RSA,
> > > - ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
> > > - (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
> > > - (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
> > > - (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
> > > - 64, 512, 64),
> > > + { /* Modular exponentiation */
> > > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > + {.asym = {
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
> > > + .mod = {
> > > + .max_mod_size = 4096
> > > + }
> > > + }
> > > + }
> > > + },
> > > + { /* Modular multiplicative inverse */
> > > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > + {.asym = {
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
> > > + .mod = {
> > > + .max_mod_size = 4096
> > > + }
> > > + }
> > > + }
> > > + },
> > > + { /* RSA */
> > > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > + {.asym = {
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
> > > + .rsa = {
> > > + .padding =
> > > +
> > > RTE_BIT32(RTE_CRYPTO_RSA_PADDING_NONE),
> > > + .hash = 0,
> > > + .max_key_size = 4096
> > > + }
> > > + }
> > > + }
> > > + },
> > > + { /* ECDSA */
> > > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > + {.asym = {
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_ECDSA,
> > > + .ecdsa = {
> > > + .curves =
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1),
> > > + .random_k = 0
> > > + }
> > > + }
> > > + }
> > > + },
> > > + { /* ECPM */
> > > + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> > > + {.asym = {
> > > + .xform_type = RTE_CRYPTO_ASYM_XFORM_ECPM,
> > > + .ecdsa = {
> > > + .curves =
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP256R1) |
> > > +
> > > RTE_BIT64(RTE_CRYPTO_EC_GROUP_SECP521R1)
> > > + }
> > > + }
> > > + }
> > > + },
> > > RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
> > > };
> > >
> > > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > > b/lib/cryptodev/rte_crypto_asym.h index d90a7a1957..41b22450d3 100644
> > > --- a/lib/cryptodev/rte_crypto_asym.h
> > > +++ b/lib/cryptodev/rte_crypto_asym.h
> > > @@ -41,6 +41,14 @@ rte_crypto_asym_ke_strings[]; extern const char *
> > > rte_crypto_asym_op_strings[];
> > >
> > > +/** RSA padding type name strings */
> > > +extern const char *
> > > +rte_crypto_asym_rsa_padding[];
> >
> > rte_crypto_asym_rsa_padding_strings
> >
> > > +
> > > +/** Elliptic curves name strings */
> > > +extern const char *
> > > +rte_crypto_curves_strings[];
> > > +
> > > /**
> > > * Buffer to hold crypto params required for asym operations.
> > > *
> > > @@ -265,6 +273,46 @@ struct rte_crypto_rsa_padding {
> > > */
> > > };
> > >
> > > +struct rte_crypto_mod_capability {
> > > + uint16_t max_mod_size;
> > > + /**< Maximum supported modulus size in bytes, 0 means no limit */ };
> > > +
> > > +struct rte_crypto_rsa_capability {
> > > + uint32_t padding;
> > > + /**< List of supported paddings */
> > How is this list supposed to work?
> > I believe this should be enum to specify a single value.
> > Driver can maintain a static array to list all supported ones.
> > And application can query if a particular capability which it intend to use
> > Is
> > supported by the PMD.
> >
> > > + uint32_t hash;
> > > + /**< List of supported hash functions */
> > Same comment here as well
> >
> > > + uint32_t max_key_size;
> > > + /**< Maximum supported key size in bytes, 0 means no limit */ };
> > > +
> > > +struct rte_crypto_dh_capability {
> > > + uint16_t max_group_size;
> > > + /**< Maximum group in bytes, 0 means no limit */
> > Maximum group size in bytes ...
> >
> > > + uint8_t priv_key_gen;
> > > + /**< Does PMD supports private key generation generation */
> > Is it a flag? Please comment it properly.
> >
> > > +};
> > > +
> > > +struct rte_crypto_dsa_capability {
> > > + uint16_t max_key_size;
> > > + /**< Maximum supported key size in bytes, 0 means no limit */
> > > + uint8_t random_k;
> > > + /**< Does PMD supports random 'k' generation */
> >
> > Comments should not ask questions.
> >
> > > +};
> > > +
> > > +struct rte_crypto_ecdsa_capability {
> > > + uint64_t curves;
> > > + /**< Supported elliptic curve ids */
> > Shouldn't this also be enum?
> >
> > > + uint8_t random_k;
> > > + /**< Does PMD supports random 'k' generation */
> >
> > Same comment as above.
> > > +};
> > > +
> > > +struct rte_crypto_ecpm_capability {
> > > + uint64_t curves;
> > > + /**< Supported elliptic curve ids */
> >
> > Enum??
> >
> > > +};
> > > +
> > > /**
> > > * Asymmetric RSA transform data
> > > *
> > > diff --git a/lib/cryptodev/rte_cryptodev.c
> > > b/lib/cryptodev/rte_cryptodev.c index 57ee6b3f07..b1ad1112fe 100644
> > > --- a/lib/cryptodev/rte_cryptodev.c
> > > +++ b/lib/cryptodev/rte_cryptodev.c
> > > @@ -190,6 +190,27 @@ const char *rte_crypto_asym_ke_strings[] = { };
> > >
> > > /**
> > > + * RSA padding string identifiers
> > > + */
> > > +const char *rte_crypto_asym_rsa_padding[] = {
> > > + [RTE_CRYPTO_RSA_PADDING_NONE] =
> > > "RTE_CRYPTO_RSA_PADDING_NONE",
> > > + [RTE_CRYPTO_RSA_PADDING_PKCS1_5] =
> > > "RTE_CRYPTO_RSA_PADDING_PKCS1_5",
> > > + [RTE_CRYPTO_RSA_PADDING_OAEP] =
> > > "RTE_CRYPTO_RSA_PADDING_OAEP",
> > > + [RTE_CRYPTO_RSA_PADDING_PSS] =
> > > "RTE_CRYPTO_RSA_PADDING_PSS"
> > > +};
> > > +
> > > +/**
> > > + * Elliptic curves string identifiers */ const char
> > > +*rte_crypto_curves_strings[] = {
> > > + [RTE_CRYPTO_EC_GROUP_SECP192R1] =
> > > "RTE_CRYPTO_EC_GROUP_SECP192R1",
> > > + [RTE_CRYPTO_EC_GROUP_SECP224R1] =
> > > "RTE_CRYPTO_EC_GROUP_SECP224R1",
> > > + [RTE_CRYPTO_EC_GROUP_SECP256R1] =
> > > "RTE_CRYPTO_EC_GROUP_SECP256R1",
> > > + [RTE_CRYPTO_EC_GROUP_SECP384R1] =
> > > "RTE_CRYPTO_EC_GROUP_SECP384R1",
> > > + [RTE_CRYPTO_EC_GROUP_SECP521R1] =
> > > "RTE_CRYPTO_EC_GROUP_SECP521R1",
> > > +};
> > > +
> > > +/**
> > > * The private data structure stored in the sym session mempool private
> data.
> > > */
> > > struct rte_cryptodev_sym_session_pool_private_data { @@ -347,7 +368,7
> > > @@ param_range_check(uint16_t size, const struct
> > > rte_crypto_param_range *range)
> > > return -1;
> > > }
> > >
> > > -const struct rte_cryptodev_asymmetric_xform_capability *
> > > +const struct rte_cryptodev_asymmetric_capability *
> > > rte_cryptodev_asym_capability_get(uint8_t dev_id,
> > > const struct rte_cryptodev_asym_capability_idx *idx) { @@ -
> > 363,8
> > > +384,8 @@ rte_cryptodev_asym_capability_get(uint8_t dev_id,
> > > if (capability->op != RTE_CRYPTO_OP_TYPE_ASYMMETRIC)
> > > continue;
> > >
> > > - if (capability->asym.xform_capa.xform_type == idx->type)
> > > - return &capability->asym.xform_capa;
> > > + if (capability->asym.xform_type == idx->type)
> > > + return &capability->asym;
> > > }
> > > return NULL;
> > > };
> > > @@ -456,6 +477,59 @@
> > rte_cryptodev_asym_xform_capability_check_modlen(
> > > return 0;
> > > }
> > >
> > > +int
> > > +rte_cryptodev_capa_check_mod(
> >
> > API name should be rte_cryptodev_mod_capa_check Verb should come in the
> > end.
> > Fix other APIs also.
> >
> > > + const struct rte_cryptodev_asymmetric_capability *capa,
> > > + struct rte_crypto_mod_capability mod) {
> > > + if (capa->mod.max_mod_size == 0)
> > > + return 1;
> > > +
> > > + if (mod.max_mod_size <= capa->mod.max_mod_size)
> > > + return 1;
> > > + else
> > > + return 0;
> > > +}
> > > +
> > > +int
> > > +rte_cryptodev_capa_check_rsa(
> > > + const struct rte_cryptodev_asymmetric_capability *capa,
> > > + struct rte_crypto_rsa_capability rsa) {
> > > + if (rsa.padding != (capa->rsa.padding & rsa.padding))
> > > + return 0;
> > > + if (rsa.hash != (capa->rsa.hash & rsa.hash))
> > > + return 0;
> > > + if (capa->rsa.max_key_size == 0)
> > > + return 1;
> > > + if (rsa.max_key_size <= capa->rsa.max_key_size)
> > > + return 1;
> > > + else
> > > + return 0;
> > > +}
> >
> > Can we have something similar to symmetric crypto/rte_security capabilities?
> In what way similar? There are mostly range checks in symmetric.
Please ignore this comment, I misinterpreted xforms with algos.
For each of the xforms we can have separate API to check.
All algos in that particular xform can be clubbed in same API.
> >
> > > +
> > > +int
> > > +rte_cryptodev_capa_check_ecdsa(
> > > + const struct rte_cryptodev_asymmetric_capability *capa,
> > > + struct rte_crypto_ecdsa_capability ecdsa) {
> > > + if (ecdsa.curves != (capa->ecdsa.curves & ecdsa.curves))
> > > + return 0;
> > > + if (ecdsa.random_k == 1 && capa->ecdsa.random_k == 0)
> > > + return 0;
> > > + return 1;
> > > +}
> > > +
> > > +int
> > > +rte_cryptodev_capa_check_ecpm(
> > > + const struct rte_cryptodev_asymmetric_capability *capa,
> > > + struct rte_crypto_ecpm_capability ecpm) {
> > > + if (ecpm.curves != (capa->ecpm.curves & ecpm.curves))
> > > + return 0;
> > > + return 1;
> > > +}
> > > +
> > > /* spinlock for crypto device enq callbacks */ static rte_spinlock_t
> > > rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
> > >
> > > diff --git a/lib/cryptodev/rte_cryptodev.h
> > > b/lib/cryptodev/rte_cryptodev.h index 2c2c2edeb7..6c5bd819b2 100644
> > > --- a/lib/cryptodev/rte_cryptodev.h
> > > +++ b/lib/cryptodev/rte_cryptodev.h
> > > @@ -184,6 +184,19 @@ struct rte_cryptodev_asymmetric_xform_capability
> {
> > > *
> > > */
> > > struct rte_cryptodev_asymmetric_capability {
> > > + enum rte_crypto_asym_xform_type xform_type;
> > > + /**< Asymmetric transform type */
> > > + uint32_t op_types;
> > > + /**< bitmask for supported rte_crypto_asym_op_type */
> > > + union {
> > > + struct rte_crypto_mod_capability mod;
> > > + struct rte_crypto_rsa_capability rsa;
> > > + struct rte_crypto_dh_capability dh;
> > > + struct rte_crypto_dsa_capability dsa;
> > > + struct rte_crypto_ecdsa_capability ecdsa;
> > > + struct rte_crypto_ecpm_capability ecpm;
> > > + };
> > > +
> > > struct rte_cryptodev_asymmetric_xform_capability xform_capa; };
> > >
> > > @@ -247,7 +260,7 @@ rte_cryptodev_sym_capability_get(uint8_t dev_id,
> > > * - Return NULL if the capability not exist.
> > > */
> > > __rte_experimental
> > > -const struct rte_cryptodev_asymmetric_xform_capability *
> > > +const struct rte_cryptodev_asymmetric_capability *
> > > rte_cryptodev_asym_capability_get(uint8_t dev_id,
> > > const struct rte_cryptodev_asym_capability_idx *idx);
> > >
> > > @@ -339,6 +352,66 @@
> > rte_cryptodev_asym_xform_capability_check_modlen(
> > > uint16_t modlen);
> > >
> > > /**
> > > + * Check if requested Modexp features are supported
> > > + *
> > > + * @param capability Description of the asymmetric crypto
> > > capability.
> > > + * @param mod Modexp requested capability.
> > > + *
> > > + * @return
> > > + * - Return 1 if the parameters are in range of the capability.
> > > + * - Return 0 if the parameters are out of range of the capability.
> > > + */
> > > +__rte_experimental
> > > +int
> > > +rte_cryptodev_capa_check_mod(
> > > + const struct rte_cryptodev_asymmetric_capability *capa,
> > > + struct rte_crypto_mod_capability mod);
> > > +/**
> > > + * Check if requested RSA features are supported
> > > + *
> > > + * @param capability Description of the asymmetric crypto
> > > capability.
> > > + * @param rsa RSA requested capability.
> > > + *
> > > + * @return
> > > + * - Return 1 if the parameters are in range of the capability.
> > > + * - Return 0 if the parameters are out of range of the capability.
> > > + */
> > > +__rte_experimental
> > > +int
> > > +rte_cryptodev_capa_check_rsa(
> > > + const struct rte_cryptodev_asymmetric_capability *capa,
> > > + struct rte_crypto_rsa_capability rsa);
> > > +/**
> > > + * Check if requested ECDSA features are supported
> > > + *
> > > + * @param capability Description of the asymmetric crypto
> > > capability.
> > > + * @param ecdsa ECDSA requested capability.
> > > + *
> > > + * @return
> > > + * - Return 1 if the parameters are in range of the capability.
> > > + * - Return 0 if the parameters are out of range of the capability.
> > > + */
> > > +__rte_experimental
> > > +int
> > > +rte_cryptodev_capa_check_ecdsa(
> > > + const struct rte_cryptodev_asymmetric_capability *capa,
> > > + struct rte_crypto_ecdsa_capability ecdsa);
> > > +/**
> > > + * Check if requested ECPM features are supported
> > > + *
> > > + * @param capability Description of the asymmetric crypto
> > > capability.
> > > + * @param ecpm ECPM requested capability.
> > > + *
> > > + * @return
> > > + * - Return 1 if the parameters are in range of the capability.
> > > + * - Return 0 if the parameters are out of range of the capability.
> > > + */
> > > +__rte_experimental
> > > +int
> > > +rte_cryptodev_capa_check_ecpm(
> > > + const struct rte_cryptodev_asymmetric_capability *capa,
> > > + struct rte_crypto_ecpm_capability ecpm);
> > > +/**
> > > * Provide the cipher algorithm enum, given an algorithm string
> > > *
> > > * @param algo_enum A pointer to the cipher algorithm
> > > diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
> > > index f0abfaa47d..4d93b9a947 100644
> > > --- a/lib/cryptodev/version.map
> > > +++ b/lib/cryptodev/version.map
> > > @@ -108,6 +108,10 @@ EXPERIMENTAL {
> > >
> > > #added in 22.07
> > > rte_cryptodev_session_event_mdata_set;
> > > + rte_cryptodev_capa_check_mod;
> > > + rte_cryptodev_capa_check_rsa;
> > > + rte_cryptodev_capa_check_ecdsa;
> > > + rte_cryptodev_capa_check_ecpm;
> > > };
> > >
> > > INTERNAL {
> > > --
> > > 2.13.6
