RE: [v1 3/6] cryptodev: add hash support in asymmetric capability

Tue, 26 Sep 2023 13:03:15 -0700 

Hi Gowrishankar,

> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukri...@marvell.com>
> Sent: Thursday, August 10, 2023 11:35 AM
> To: dev@dpdk.org
> Cc: ano...@marvell.com; Akhil Goyal <gak...@marvell.com>; Fan Zhang
> <fanzhang....@gmail.com>; Ji, Kai <kai...@intel.com>; Gowrishankar
> Muthukrishnan <gmuthukri...@marvell.com>
> Subject: [v1 3/6] cryptodev: add hash support in asymmetric capability
> 
> Most of the asymmetric operations start with hash of the input.
> Add a new field in asymmetric capability to declare support for hash 
> operations
> that PMD can support for the asymmetric operations. Application can skip
> computing hash if PMD already supports it.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukri...@marvell.com>
> ---
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c |  1 +
>  lib/cryptodev/cryptodev_trace.h              |  9 +++++++++
>  lib/cryptodev/cryptodev_trace_points.c       |  3 +++
>  lib/cryptodev/rte_crypto_asym.h              |  3 +++
>  lib/cryptodev/rte_cryptodev.c                | 16 ++++++++++++++++
>  lib/cryptodev/rte_cryptodev.h                | 19 +++++++++++++++++++
>  lib/cryptodev/version.map                    |  1 +
>  7 files changed, 52 insertions(+)
> 
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 0f88669f41..0b3601db40 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> @@ -598,6 +598,7 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
>               {.asym = {
>                       .xform_capa = {
>                               .xform_type =
> RTE_CRYPTO_ASYM_XFORM_SM2,
> +                             .hash_algos = (1 << RTE_CRYPTO_AUTH_SM3),
>                               .op_types =
>                               ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
>                                (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | diff --
> git a/lib/cryptodev/cryptodev_trace.h b/lib/cryptodev/cryptodev_trace.h index
> aab44af96b..935f0d564b 100644
> --- a/lib/cryptodev/cryptodev_trace.h
> +++ b/lib/cryptodev/cryptodev_trace.h
> @@ -520,6 +520,15 @@ RTE_TRACE_POINT(
>       rte_trace_point_emit_int(ret);
>  )
> 
> +RTE_TRACE_POINT(
> +     rte_cryptodev_trace_asym_xform_capability_check_hash,
> +     RTE_TRACE_POINT_ARGS(uint64_t hash_algos,
> +             enum rte_crypto_auth_algorithm hash, int ret),
> +     rte_trace_point_emit_u64(hash_algos);
> +     rte_trace_point_emit_int(hash);
> +     rte_trace_point_emit_int(ret);
> +)
> +
>  RTE_TRACE_POINT(
>       rte_cryptodev_trace_count,
>       RTE_TRACE_POINT_ARGS(uint8_t nb_devs), diff --git
> a/lib/cryptodev/cryptodev_trace_points.c
> b/lib/cryptodev/cryptodev_trace_points.c
> index e2303fdb52..8c47ab1e78 100644
> --- a/lib/cryptodev/cryptodev_trace_points.c
> +++ b/lib/cryptodev/cryptodev_trace_points.c
> @@ -144,6 +144,9 @@
> RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_ch
> eck_modlen,
> 
> RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_ch
> eck_optype,
>       lib.cryptodev.asym.xform.capability.check.optype)
> 
> +RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_c
> heck_hash,
> +     lib.cryptodev.asym.xform.capability.check.hash)
> +
>  RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_cpu_crypto_process,
>       lib.cryptodev.sym.cpu.crypto.process)
> 
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 8b5794fb7c..51f5476c6e 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -377,6 +377,9 @@ struct rte_crypto_dsa_xform {  struct
> rte_crypto_ec_xform {
>       enum rte_crypto_curve_id curve_id;
>       /**< Pre-defined ec groups */
> +
> +     enum rte_crypto_auth_algorithm hash;
[Arek] I think that session should only contain information that are constant 
across its lifetime. Here we decided to have a curve id, but this could be 
curve + key. But hash may be different for any op, additionally this xform is 
used for key exchange; multiplication or potentially encryption/decryption., 
which usually does not need any hash. I would have it in the op.
> +     /**< Hash algorithm used in EC op. */
>  };
> 
>  /**
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c 
> index
> c49d342b17..041d3074db 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -718,6 +718,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
>       return ret;
>  }
> 
> +bool
> +rte_cryptodev_asym_xform_capability_check_hash(
> +     const struct rte_cryptodev_asymmetric_xform_capability *capability,
> +     enum rte_crypto_auth_algorithm hash)
> +{
> +     bool ret = false;
> +
> +     if (capability->hash_algos & (1 << hash))
> +             ret = true;
> +
> +     rte_cryptodev_trace_asym_xform_capability_check_hash(
> +             capability->hash_algos, hash, ret);
> +
> +     return ret;
> +}
> +
>  /* spinlock for crypto device enq callbacks */  static rte_spinlock_t
> rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
> 
> diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h 
> index
> 64810c9ec4..536e082244 100644
> --- a/lib/cryptodev/rte_cryptodev.h
> +++ b/lib/cryptodev/rte_cryptodev.h
> @@ -189,6 +189,9 @@ struct rte_cryptodev_asymmetric_xform_capability {
>                * random value. Otherwise, PMD would internally compute the
> random number.
>                */
>       };
> +
> +     uint64_t hash_algos;
> +     /**< Bitmask of hash algorithms supported for op_type. */
>  };
> 
>  /**
> @@ -348,6 +351,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
>       const struct rte_cryptodev_asymmetric_xform_capability *capability,
>               uint16_t modlen);
> 
> +/**
> + * Check if hash algorithm is supported.
> + *
> + * @param    capability      Asymmetric crypto capability.
> + * @param    hash            Hash algorithm.
> + *
> + * @return
> + *   - Return true if the hash algorithm is supported.
> + *   - Return false if the hash algorithm is not supported.
> + */
> +__rte_experimental
> +bool
> +rte_cryptodev_asym_xform_capability_check_hash(
> +     const struct rte_cryptodev_asymmetric_xform_capability *capability,
> +     enum rte_crypto_auth_algorithm hash);
> +
>  /**
>   * Provide the cipher algorithm enum, given an algorithm string
>   *
> diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map index
> ae8d9327b4..3c2d1780e0 100644
> --- a/lib/cryptodev/version.map
> +++ b/lib/cryptodev/version.map
> @@ -54,6 +54,7 @@ EXPERIMENTAL {
>       rte_cryptodev_asym_get_xform_enum;
>       rte_cryptodev_asym_session_create;
>       rte_cryptodev_asym_session_free;
> +     rte_cryptodev_asym_xform_capability_check_hash;
>       rte_cryptodev_asym_xform_capability_check_modlen;
>       rte_cryptodev_asym_xform_capability_check_optype;
>       rte_cryptodev_sym_cpu_crypto_process;
> --
> 2.25.1

Reply via email to