Most of the asymmetric operations start with hash of the input.
But a PMD might also support only plain input (eg openssl).
Add a new field in asymmetric capability to declare support
for hash operations that PMD can support for the asymmetric
operations. Application can skip computing hash if PMD already
supports it.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukri...@marvell.com>
---
 app/test/test_cryptodev_asym.c               | 52 ++++++++++++++++++--
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  1 +
 lib/cryptodev/cryptodev_trace.h              |  9 ++++
 lib/cryptodev/cryptodev_trace_points.c       |  3 ++
 lib/cryptodev/rte_cryptodev.c                | 16 ++++++
 lib/cryptodev/rte_cryptodev.h                | 19 +++++++
 lib/cryptodev/version.map                    |  1 +
 7 files changed, 97 insertions(+), 4 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 39de0bdac5..af323e02d9 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1810,8 +1810,10 @@ _test_sm2_sign(bool rnd_secret)
 {
        struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
        struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+       const struct rte_cryptodev_asymmetric_xform_capability *capa;
        struct rte_mempool *sess_mpool = ts_params->session_mpool;
        struct rte_mempool *op_mpool = ts_params->op_mpool;
+       struct rte_cryptodev_asym_capability_idx idx;
        uint8_t dev_id = ts_params->valid_devs[0];
        struct rte_crypto_op *result_op = NULL;
        uint8_t output_buf_r[TEST_DATA_SIZE];
@@ -1822,6 +1824,12 @@ _test_sm2_sign(bool rnd_secret)
        int ret, status = TEST_SUCCESS;
        void *sess = NULL;
 
+       /* Check SM2 capability */
+       idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+       capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+       if (capa == NULL)
+               return -ENOTSUP;
+
        /* Setup crypto op data structure */
        op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
        if (op == NULL) {
@@ -1838,7 +1846,10 @@ _test_sm2_sign(bool rnd_secret)
        /* Setup asym xform */
        xform.next = NULL;
        xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-       xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+       if (rte_cryptodev_asym_xform_capability_check_hash(capa, 
RTE_CRYPTO_AUTH_SM3))
+               xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+       else
+               xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
 
        ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, 
&sess);
        if (ret < 0) {
@@ -1993,8 +2004,10 @@ test_sm2_verify(void)
 {
        struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
        struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+       const struct rte_cryptodev_asymmetric_xform_capability *capa;
        struct rte_mempool *sess_mpool = ts_params->session_mpool;
        struct rte_mempool *op_mpool = ts_params->op_mpool;
+       struct rte_cryptodev_asym_capability_idx idx;
        uint8_t dev_id = ts_params->valid_devs[0];
        struct rte_crypto_op *result_op = NULL;
        struct rte_crypto_asym_xform xform;
@@ -2003,6 +2016,12 @@ test_sm2_verify(void)
        int ret, status = TEST_SUCCESS;
        void *sess = NULL;
 
+       /* Check SM2 capability */
+       idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+       capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+       if (capa == NULL)
+               return -ENOTSUP;
+
        /* Setup crypto op data structure */
        op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
        if (op == NULL) {
@@ -2019,7 +2038,10 @@ test_sm2_verify(void)
        /* Setup asym xform */
        xform.next = NULL;
        xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-       xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+       if (rte_cryptodev_asym_xform_capability_check_hash(capa, 
RTE_CRYPTO_AUTH_SM3))
+               xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+       else
+               xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
 
        ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, 
&sess);
        if (ret < 0) {
@@ -2094,9 +2116,11 @@ _test_sm2_enc(bool rnd_secret)
 {
        struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
        struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+       const struct rte_cryptodev_asymmetric_xform_capability *capa;
        struct rte_mempool *sess_mpool = ts_params->session_mpool;
        struct rte_mempool *op_mpool = ts_params->op_mpool;
        uint8_t output_buf[TEST_DATA_SIZE], *pbuf = NULL;
+       struct rte_cryptodev_asym_capability_idx idx;
        uint8_t dev_id = ts_params->valid_devs[0];
        struct rte_crypto_op *result_op = NULL;
        struct rte_crypto_asym_xform xform;
@@ -2105,6 +2129,12 @@ _test_sm2_enc(bool rnd_secret)
        int ret, status = TEST_SUCCESS;
        void *sess = NULL;
 
+       /* Check SM2 capability */
+       idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+       capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+       if (capa == NULL)
+               return -ENOTSUP;
+
        /* Setup crypto op data structure */
        op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
        if (op == NULL) {
@@ -2120,7 +2150,10 @@ _test_sm2_enc(bool rnd_secret)
        /* Setup asym xform */
        xform.next = NULL;
        xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-       xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+       if (rte_cryptodev_asym_xform_capability_check_hash(capa, 
RTE_CRYPTO_AUTH_SM3))
+               xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+       else
+               xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
 
        ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, 
&sess);
        if (ret < 0) {
@@ -2273,8 +2306,10 @@ test_sm2_dec(void)
 {
        struct crypto_testsuite_params_asym *ts_params = &testsuite_params;
        struct crypto_testsuite_sm2_params input_params = sm2_param_fp256;
+       const struct rte_cryptodev_asymmetric_xform_capability *capa;
        struct rte_mempool *sess_mpool = ts_params->session_mpool;
        struct rte_mempool *op_mpool = ts_params->op_mpool;
+       struct rte_cryptodev_asym_capability_idx idx;
        uint8_t dev_id = ts_params->valid_devs[0];
        struct rte_crypto_op *result_op = NULL;
        uint8_t output_buf_m[TEST_DATA_SIZE];
@@ -2284,6 +2319,12 @@ test_sm2_dec(void)
        int ret, status = TEST_SUCCESS;
        void *sess = NULL;
 
+       /* Check SM2 capability */
+       idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
+       capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
+       if (capa == NULL)
+               return -ENOTSUP;
+
        /* Setup crypto op data structure */
        op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
        if (op == NULL) {
@@ -2299,7 +2340,10 @@ test_sm2_dec(void)
        /* Setup asym xform */
        xform.next = NULL;
        xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
-       xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+       if (rte_cryptodev_asym_xform_capability_check_hash(capa, 
RTE_CRYPTO_AUTH_SM3))
+               xform.sm2.hash = RTE_CRYPTO_AUTH_SM3;
+       else
+               xform.sm2.hash = RTE_CRYPTO_AUTH_NULL;
 
        ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, 
&sess);
        if (ret < 0) {
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c 
b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 2eb450fcfd..d5dc365064 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -598,6 +598,7 @@ static const struct rte_cryptodev_capabilities 
openssl_pmd_capabilities[] = {
                {.asym = {
                        .xform_capa = {
                                .xform_type = RTE_CRYPTO_ASYM_XFORM_SM2,
+                               .hash_algos = (1 << RTE_CRYPTO_AUTH_SM3),
                                .op_types =
                                ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
                                 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
diff --git a/lib/cryptodev/cryptodev_trace.h b/lib/cryptodev/cryptodev_trace.h
index aab44af96b..935f0d564b 100644
--- a/lib/cryptodev/cryptodev_trace.h
+++ b/lib/cryptodev/cryptodev_trace.h
@@ -520,6 +520,15 @@ RTE_TRACE_POINT(
        rte_trace_point_emit_int(ret);
 )
 
+RTE_TRACE_POINT(
+       rte_cryptodev_trace_asym_xform_capability_check_hash,
+       RTE_TRACE_POINT_ARGS(uint64_t hash_algos,
+               enum rte_crypto_auth_algorithm hash, int ret),
+       rte_trace_point_emit_u64(hash_algos);
+       rte_trace_point_emit_int(hash);
+       rte_trace_point_emit_int(ret);
+)
+
 RTE_TRACE_POINT(
        rte_cryptodev_trace_count,
        RTE_TRACE_POINT_ARGS(uint8_t nb_devs),
diff --git a/lib/cryptodev/cryptodev_trace_points.c 
b/lib/cryptodev/cryptodev_trace_points.c
index e2303fdb52..8c47ab1e78 100644
--- a/lib/cryptodev/cryptodev_trace_points.c
+++ b/lib/cryptodev/cryptodev_trace_points.c
@@ -144,6 +144,9 @@ 
RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_modlen,
 
RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_optype,
        lib.cryptodev.asym.xform.capability.check.optype)
 
+RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_asym_xform_capability_check_hash,
+       lib.cryptodev.asym.xform.capability.check.hash)
+
 RTE_TRACE_POINT_REGISTER(rte_cryptodev_trace_sym_cpu_crypto_process,
        lib.cryptodev.sym.cpu.crypto.process)
 
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 0f65992444..314710b5f4 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -610,6 +610,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
        return ret;
 }
 
+bool
+rte_cryptodev_asym_xform_capability_check_hash(
+       const struct rte_cryptodev_asymmetric_xform_capability *capability,
+       enum rte_crypto_auth_algorithm hash)
+{
+       bool ret = false;
+
+       if (capability->hash_algos & (1 << hash))
+               ret = true;
+
+       rte_cryptodev_trace_asym_xform_capability_check_hash(
+               capability->hash_algos, hash, ret);
+
+       return ret;
+}
+
 /* spinlock for crypto device enq callbacks */
 static rte_spinlock_t rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER;
 
diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h
index 9f07e1ed2c..3a1b4dc501 100644
--- a/lib/cryptodev/rte_cryptodev.h
+++ b/lib/cryptodev/rte_cryptodev.h
@@ -182,6 +182,9 @@ struct rte_cryptodev_asymmetric_xform_capability {
                 * Value 0 mean implementation default
                 */
        };
+
+       uint64_t hash_algos;
+       /**< Bitmask of hash algorithms supported for op_type. */
 };
 
 /**
@@ -340,6 +343,22 @@ rte_cryptodev_asym_xform_capability_check_modlen(
        const struct rte_cryptodev_asymmetric_xform_capability *capability,
                uint16_t modlen);
 
+/**
+ * Check if hash algorithm is supported.
+ *
+ * @param      capability      Asymmetric crypto capability.
+ * @param      hash            Hash algorithm.
+ *
+ * @return
+ *   - Return true if the hash algorithm is supported.
+ *   - Return false if the hash algorithm is not supported.
+ */
+__rte_experimental
+bool
+rte_cryptodev_asym_xform_capability_check_hash(
+       const struct rte_cryptodev_asymmetric_xform_capability *capability,
+       enum rte_crypto_auth_algorithm hash);
+
 /**
  * Provide the cipher algorithm enum, given an algorithm string
  *
diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map
index 20f7b24960..208919b819 100644
--- a/lib/cryptodev/version.map
+++ b/lib/cryptodev/version.map
@@ -51,6 +51,7 @@ EXPERIMENTAL {
        rte_cryptodev_asym_get_xform_enum;
        rte_cryptodev_asym_session_create;
        rte_cryptodev_asym_session_free;
+       rte_cryptodev_asym_xform_capability_check_hash;
        rte_cryptodev_asym_xform_capability_check_modlen;
        rte_cryptodev_asym_xform_capability_check_optype;
        rte_cryptodev_sym_cpu_crypto_process;
-- 
2.25.1

Reply via email to