Hi Fiona,

Sorry for the delay in response and thanks for the feedback. I have
included the suggested changes for v2. Please find comments inline.
[Umesh] Sure, I will be adding mod inverse, DH, ECDH and DSA in the next
version.
[Umesh] Plan is to be include all the curves supported in libcrypto.
Please share your thoughts on dividing the curves based on their type,
ie binary curves and prime curves? For binary curves, the prime modulus
parameter is expected to hold the polynomial and degree.
[Umesh] These are the encryption/signature schemes specified in PKCSv2.2
[RFC 8017] standard to be used while performing RSA operations. We may
use RSA OAEP encoding and PSS signature scheme instead of blocktype 1
padding for RSA sign and blocktype 2 for RSA public encryption.
[Umesh] modlen does seem to be redundant with the presence of length
param for prime modulus. Will remove this.
[Umesh] I do agree that input data is unlikely to be presented to
crypto_op APIs as mbufs. Wanted opinion of others in the community
before deciding whether to omit mbufs or not.
[Umesh] Sure.
[Umesh] Capability for non-ECC operations(RSA/DH/DSA/MODEXP/MODINV] are
decided by the range of modlength.
For ECC operations(ECDH,ECDSA,FECC), the capability for the operation is
decided by whether the curves is supported or not. Support for the curve
is a bit-field with each bit, corresponding to the enumerated value in the
curve list, representing each curve. Dividing the curves by their type,
binary/prime, helps in this scenario.
For ex in the curve list above, turning on bit in the third position in
the curve capability field enables support for RTE_CRYPTO_FECC_CURVE_P192.

Please share your thoughts. Should there by any other factor deciding on
the capability for a particular asymmetric operation?
Unlike symmetric operations, sessions will be unlikely be used for a
long duration. What is your opinion on asymmetric operations working only
in SESSION_LESS mode?

Added asymmetric xform structures, operation definitions, operation
parameters. Added asymmetric algorithms RSA, DH, ECDH, DSA, ECDSA,
MODEXP, FECC, MOD-INVERSE. Added curves (all curves supported by
libcrypto as of now).

Signed-off-by: Umesh Kartha <***@caviumnetworks.com>
---
lib/librte_cryptodev/rte_crypto_asym.h | 1124 ++++++++++++++++++++++++++++++++
1 file changed, 1124 insertions(+)
create mode 100644 lib/librte_cryptodev/rte_crypto_asym.h

diff --git lib/librte_cryptodev/rte_crypto_asym.h lib/librte_cryptodev/rte_crypto_asym.h
new file mode 100644
index 0000000..36a8b4f
--- /dev/null
+++ lib/librte_cryptodev/rte_crypto_asym.h
@@ -0,0 +1,1124 @@
+/*
+ * BSD LICENSE
+ *
+ * Copyright (C) Cavium networks Ltd. 2017.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Cavium Networks nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _RTE_CRYPTO_ASYM_H_
+#define _RTE_CRYPTO_ASYM_H_
+
+/**
+ * @file rte_crypto_asym.h
+ *
+ * RTE Definitions for Asymmetric Cryptography
+ *
+ * Defines asymmetric algorithms and modes, as well as supported
+ * asymmetric crypto operations.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <string.h>
+#include <stdint.h>
+#include <rte_mbuf.h>
+#include <rte_memory.h>
+#include <rte_mempool.h>
+#include <rte_common.h>
+#include "rte_crypto_sym.h"
+
+typedef struct rte_crypto_xform_param_t {
+ uint8_t *data;
+ size_t length;
+} rte_crypto_xform_param;
+
+typedef struct rte_crypto_op_param_t {
+ uint8_t *data;
+ phys_addr_t phys_addr;
+ size_t length;
+} rte_crypto_op_param;
+
+/** Asymmetric crypto transformation types */
+enum rte_crypto_asym_xform_type {
+ RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED = 0,
+ RTE_CRYPTO_ASYM_XFORM_RSA,
+ RTE_CRYPTO_ASYM_XFORM_MODEX,
+ RTE_CRYPTO_ASYM_XFORM_DH,
+ RTE_CRYPTO_ASYM_XFORM_ECDH,
+ RTE_CRYPTO_ASYM_XFORM_DSA,
+ RTE_CRYPTO_ASYM_XFORM_ECDSA,
+ RTE_CRYPTO_ASYM_XFORM_FECC,
+ RTE_CRYPTO_ASYM_XFORM_MODINV,
+ RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
+};
+
+/**
+ * RSA operation type variants
+ */
+enum rte_crypto_rsa_optype {
+ RTE_CRYPTO_RSA_OP_NOT_SPECIFIED = 1,
+ /**< RSA operation unspecified */
+ RTE_CRYPTO_RSA_OP_PUBLIC_ENCRYPT,
+ /**< RSA public encrypt operation */
+ RTE_CRYPTO_RSA_OP_PRIVATE_DECRYPT,
+ /**< RSA private decrypt operation */
+ RTE_CRYPTO_RSA_OP_SIGN,
+ /**< RSA private key signature operation */
+ RTE_CRYPTO_RSA_OP_VERIFY,
+ /**< RSA public key verification operation */
+ RTE_CRYPTO_RSA_OP_LIST_END
+};
+
+/**
+ * Padding types for RSA signature.
+ */
+enum rte_crypto_rsa_padding_type {
+ RTE_CRYPTO_RSA_PADDING_NOT_SPECIFIED = 1,
+ /**< RSA no padding scheme */
+ RTE_CRYPTO_RSA_PADDING_BT1,
+ /**< RSA PKCS#1 padding BT1 scheme */
+ RTE_CRYPTO_RSA_PADDING_BT2,
+ /**< RSA PKCS#1 padding BT2 scheme */
+ RTE_CRYPTO_RSA_PADDING_OAEP,
+ /**< RSA PKCS#1 OAEP padding scheme */
+ RTE_CRYPTO_RSA_PADDING_PSS,
+ /**< RSA PKCS#1 PSS padding scheme */
+ RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
+};
+
+/**
+ * Modular exponentiaion operation type variants
+ */
+enum rte_crypto_modex_optype {
+ RTE_CRYPTO_MODEX_OP_NOT_SPECIFIED = 1,
+ /**< ModEx operation type unspecified */
+ RTE_CRYPTO_MODEX_OP_MODEX,
+ /**< Modex operation modular exponentiation */
+ RTE_CRYPTO_MODEX_OP_LIST_END
+};
+
+/**
+ * Modular Inverse operation type variants
+ */
+enum rte_crypto_modeinv_optype {
+ RTE_CRYPTO_MODINV_OP_NOT_SPECIFIED = 1,
+ /**< ModInv operation type unspecified */
+ RTE_CRYPTO_MODINV_OP_MODINV,
+ /**< ModInv operation modular Inverse */
+ RTE_CRYPTO_MODEX_OP_LIST_END
+};
+
+/**
+ * DSA operation type variants
+ */
+enum rte_crypto_dsa_optype {
+ RTE_CRYPTO_DSA_OP_NOT_SPECIFIED = 1,
+ /**< DSA operation unspecified */
+ RTE_CRYPTO_DSA_OP_SIGN,
+ /**< DSA private key signature operation */
+ RTE_CRYPTO_DSA_OP_VERIFY,
+ /**< DSA public key verification operation */
+ RTE_CRYPTO_DSA_OP_LIST_END
+};
+
+
+/**
+ * ECDSA operation type variants
+ */
+enum rte_crypto_ecdsa_optype {
+ RTE_CRYPTO_ECDSA_OP_NOT_SPECIFIED = 1,
+ /**< ECDSA operation unspecified */
+ RTE_CRYPTO_ECDSA_OP_SIGN,
+ /**< ECDSA private key signature operation */
+ RTE_CRYPTO_ECDSA_OP_VERIFY,
+ /**< ECDSA public key verification operation */
+ RTE_CRYPTO_ECDSA_OP_LIST_END
+};
+
+/**
+ * Diffie Hellman Key operation variants
+ */
+enum rte_crypto_dh_optype {
+ RTE_CRYPTO_DH_OP_NOT_SPECIFIED = 1,
+ /**< DH operation unspecified */
+ RTE_CRYPTO_DH_OP_KEY_GENERATION,
+ /**< DH private/public key generation operation */
+ RTE_CRYPTO_DH_OP_KEY_COMPUTATION,
+ /**< DH private key computation operation */
+ RTE_CRYPTO_DH_OP_LIST_END
+};
+
+/**
+ * Elliptic Curve Diffie Hellman Key operation variants
+ */
+enum rte_crypto_ecdh_optype {
+ RTE_CRYPTO_ECDH_OP_NOT_SPECIFIED = 1,
+ /**< ECDH operation unspecified */
+ RTE_CRYPTO_ECDH_OP_KEY_GENERATION,
+ /**< ECDH private/public key generation operation */
+ RTE_CRYPTO_ECDH_OP_KEY_CHECK,
+ /**< ECDH public key validity check operation */
+ RTE_CRYPTO_ECDH_OP_KEY_COMPUTATION,
+ /**< ECDH private key computation operation */
+ RTE_CRYPTO_ECDH_OP_LIST_END
+};
+
+/**
+ * Fundamental ECC operation type variants.
+ */
+enum rte_crypto_fecc_optype {
+ RTE_CRYPTO_FECC_OP_NOT_SPECIFIED = 1,
+ /**< FECC operation type unspecified */
+ RTE_CRYPTO_FECC_OP_POINT_ADD,
+ /**< Fundamental ECC point addition operation */
+ RTE_CRYPTO_FECC_OP_POINT_DBL,
+ /**< Fundamental ECC point doubling operation */
+ RTE_CRYPTO_FECC_OP_POINT_MULTIPLY,
+ /**< Fundamental ECC point multiplication operation */
+ RTE_CRYPTO_FECC_OP_LIST_END
+};
+
+/**
+ * ECC list of curves.
+ */
+enum rte_crypto_ec_prime_curve {
+ RTE_CRYPTO_EC_CURVE_NOT_SPECIFIED = -1,
+ /**< Unspecified or empty curve id */
+ RTE_CRYPTO_EC_CURVE_secp112r1,
+ /**< SECG/WTLS curve over a 112 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp112r2,
+ /**< SECG curve over a 112 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp128r1,
+ /**< SECG curve over a 128 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp128r2,
+ /**< SECG curve over a 128 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp160k1,
+ /**< SECG curve over a 160 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp160r1,
+ /**< SECG curve over a 160 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp160r2,
+ /**< SECG/WTLS curve over a 160 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp192k1,
+ /**< SECG curve over a 192 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp224k1,
+ /**< SECG curve over a 224 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp224r1,
+ /**< NIST/SECG curve over a 224 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp256k1,
+ /**< SECG curve over a 256 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp384r1,
+ /**< NIST/SECG curve over a 384 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp521r1,
+ /**< NIST/SECG curve over a 521 bit prime field */
+ RTE_CRYPTO_EC_CURVE_prime192v1,
+ /**< NIST/X9.62/SECG curve over a 192 bit prime field */
+ RTE_CRYPTO_EC_CURVE_prime192v2,
+ /**< X9.62 curve over a 192 bit prime field */
+ RTE_CRYPTO_EC_CURVE_prime192v3,
+ /**< X9.62 curve over a 192 bit prime field */
+ RTE_CRYPTO_EC_CURVE_prime239v1,
+ /**< X9.62 curve over a 239 bit prime field */
+ RTE_CRYPTO_EC_CURVE_prime239v2,
+ /**< X9.62 curve over a 239 bit prime field */
+ RTE_CRYPTO_EC_CURVE_prime239v3,
+ /**< X9.62 curve over a 239 bit prime field */
+ RTE_CRYPTO_EC_CURVE_prime256v1,
+ /**< X9.62/SECG curve over a 256 bit prime field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls6,
+ /**< SECG/WTLS curve over a 112 bit prime field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls7,
+ /**< SECG/WTLS curve over a 160 bit prime field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls8,
+ /**< WTLS curve over a 112 bit prime field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls9,
+ /**< WTLS curve over a 160 bit prime field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls12,
+ /**< WTLS curve over a 224 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP160r1,
+ /**< RFC 5639 curve over a 160 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP160t1,
+ /**< RFC 5639 curve over a 160 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP192r1,
+ /**< RFC 5639 curve over a 192 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP192t1,
+ /**< RFC 5639 curve over a 192 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP224r1,
+ /**< RFC 5639 curve over a 224 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP224t1,
+ /**< RFC 5639 curve over a 224 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP256r1,
+ /**< RFC 5639 curve over a 256 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP256t1,
+ /**< RFC 5639 curve over a 256 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP320r1,
+ /**< RFC 5639 curve over a 320 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP320t1,
+ /**< RFC 5639 curve over a 320 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP384r1,
+ /**< RFC 5639 curve over a 384 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP384t1,
+ /**< RFC 5639 curve over a 384 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP512r1,
+ /**< RFC 5639 curve over a 512 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP512t1,
+ /**< RFC 5639 curve over a 512 bit prime field */
+ RTE_CRYPTO_EC_CURVE_x25519,
+ /**< Curve 25519 */
+ RTE_CRYPTO_EC_CURVE_LIST_END
+};
+
+enum rte_crypto_ec_binary_curve {
+ RTE_CRYPTO_EC_CURVE_NOT_SPECIFIED = -1,
+ /**< Unspecified or empty curve id */
+ RTE_CRYPTO_EC_CURVE_sect113r1,
+ /**< SECG curve over a 113 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect113r2,
+ /**< SECG curve over a 113 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect131r1,
+ /**< SECG/WTLS curve over a 131 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect131r2,
+ /**< SECG curve over a 131 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect163k1,
+ /**< NIST/SECG/WTLS curve over a 163 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect163r1,
+ /**< SECG curve over a 163 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect163r2,
+ /**< NIST/SECG curve over a 163 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect193r1,
+ /**< SECG curve over a 193 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect193r2,
+ /**< SECG curve over a 193 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect233k1,
+ /**< NIST/SECG/WTLS curve over a 233 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect233r1,
+ /**< NIST/SECG/WTLS curve over a 233 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect239k1,
+ /**< SECG curve over a 239 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect283k1,
+ /**< NIST/SECG curve over a 283 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect283r1,
+ /**< NIST/SECG curve over a 283 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect409k1,
+ /**< NIST/SECG curve over a 409 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect409r1,
+ /**< NIST/SECG curve over a 409 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect571k1,
+ /**< NIST/SECG curve over a 571 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect571r1,
+ /**< NIST/SECG curve over a 571 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2pnb163v1,
+ /**< X9.62 curve over a 163 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2pnb163v2,
+ /**< X9.62 curve over a 163 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2pnb163v3,
+ /**< X9.62 curve over a 163 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2pnb176v1,
+ /**< X9.62 curve over a 176 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2tnb191v1,
+ /**< X9.62 curve over a 191 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2tnb191v2,
+ /**< X9.62 curve over a 191 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2tnb191v3,
+ /**< X9.62 curve over a 191 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2pnb208w1,
+ /**< X9.62 curve over a 208 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2tnb239v1,
+ /**< X9.62 curve over a 239 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2tnb239v2,
+ /**< X9.62 curve over a 239 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2tnb239v3,
+ /**< X9.62 curve over a 239 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2pnb272w1,
+ /**< X9.62 curve over a 272 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2pnb304w1,
+ /**< X9.62 curve over a 304 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2tnb359v1,
+ /**< X9.62 curve over a 359 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2pnb368w1,
+ /**< X9.62 curve over a 368 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2tnb431r1,
+ /**< X9.62 curve over a 431 bit binary field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls1,
+ /**< WTLS curve over a 113 bit binary field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls3,
+ /**< NIST/SECG/WTLS curve over a 163 bit binary field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls4,
+ /**< SECG curve over a 113 bit binary field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls5,
+ /**< X9.62 curve over a 163 bit binary field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls10,
+ /**< NIST/SECG/WTLS curve over a 233 bit binary field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls11,
+ /**< NIST/SECG/WTLS curve over a 233 bit binary field */
+ RTE_CRYPTO_EC_CURVE_LIST_END
+};
+
+/**
+ * Elliptic curve point format
+ */
+struct rte_crypto_ec_point {
+ struct {
+ int length;
+ uint8_t *data;
+ phys_addr_t phys_addr;
+ /**< phys_addr is used only for points passed in the
+ * asym_op structure.
+ */
+ } x;
+ /**< X co-ordinate */
+
+ struct {
+ int length;
+ uint8_t *data;
+ phys_addr_t phys_addr;
+ /**< phys_addr is used only for points passed in the
+ * operation structure
+ */
+ } y;
+ /**< Y co-ordinate */
+};
+
+/**
+ * Elliptic curve type
+ */
+enum rte_crypto_ec_curve_type {
+ RTE_CRYPTO_EC_CURVE_TYPE_UNDEFINED,
+ /**< Curve type undefined */
+ RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD,
+ /**< EC curve defined over a prime field */
+ RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD,
+ /**< EC curve defined over a binary field */
+ RTE_CRYPTO_EC_CURVE_LIST_END
+};
+
+/**
+ * Elliptic curve id
+ */
+struct rte_crypto_ec_curve_id {
+ RTE_STD_C11
+ union {
+ enum rte_crypto_ec_prime_curve pcurve;
+ enum rte_crypto_ec_binary_curve bcurve;
+ }
+};
+
+/**
+ * Asymmetric RSA transform data
+ *
+ * This structure contains data required to perform RSA crypto
+ * transform. If all CRT components are filled, RSA private key
+ * operations @ref RTE_CRYPTO_RSA_OP_SIGN and @ref
+ * RTE_CRYPTO_RSA_OP_PRIVATE_DECRYPT uses CRT method for crypto
+ * transform.
+ */
+struct rte_crypto_rsa_xform {
+
+ rte_crypto_xform_param n;
+ /**< n - Prime modulus
+ * Prime modulus data of RSA operation in Octet-string network
+ * byte order format.
+ */
+
+ rte_crypto_xform_param e;
+ /**< e - Public key exponent
+ * Public key exponent used for RSA public key operations in Octet-
+ * string network byte order format.
+ */
+
+ rte_crypto_xform_param d;
+ /**< d - Private key exponent
+ * Private key exponent used for RSA private key operations in
+ * Octet-string network byte order format.
+ */
+
+ rte_crypto_xform_param p;
+ /**< p - Private key component P
+ * Private key component of RSA parameter required for CRT method
+ * of private key operations in Octet-string network byte order
+ * format.
+ */
+
+ rte_crypto_xform_param q;
+ /**< q - Private key component Q
+ * Private key component of RSA parameter required for CRT method
+ * of private key operations in Octet-string network byte order
+ * format.
+ */
+
+ rte_crypto_xform_param dP;
+ /**< dP - Private CRT component
+ * Private CRT component of RSA parameter required for CRT method
+ * RSA private key operations in Octet-string network byte order
+ * format.
+ * dP = d mod ( p - 1 )
+ */
+
+ rte_crypto_xform_param dQ;
+ /**< dQ - Private CRT component
+ * Private CRT component of RSA parameter required for CRT method
+ * RSA private key operations in Octet-string network byte order
+ * format.
+ * dQ = d mod ( q - 1 )
+ */
+
+ rte_crypto_xform_param qInv;
+ /**< qInv - Private CRT component
+ * Private CRT component of RSA parameter required for CRT method
+ * RSA private key operations in Octet-string network byte order
+ * format.
+ * qInv = inv q mod p
+ */
+};
+
+/** Asymmetric Modular exponentiation transform data
+ *
+ * This structure contains data required to perform modular exponentation
+ * crypto transform. If all CRT components are valid, crypto transform
+ * operation follows CRT method.
+ */
+struct rte_crypto_modex_xform {
+
+ rte_crypto_xform_param modulus;
+ /**< modulus
+ * Prime modulus of the modexp transform operation in Octet-string
+ * network byte order format.
+ */
+
+ rte_crypto_xform_param exponent;
+ /**< exponent
+ * Private exponent of the modexp transform operation in
+ * Octet-string network byte order format.
+ */
+};
+
+/** Asymmetric DH transform data
+ * This structure contains data used to perform DH key
+ * computation
+ */
+struct rte_crypto_dh_xform {
+ rte_crypto_xform_param p;
+ /**< p : Prime modulus data
+ * DH prime modulous data in Octet-string network byte order format.
+ */
+
+ rte_crypto_xform_param g;
+ /**< g : Generator
+ * DH group generator data in Octet-string network byte order
+ * format.
+ */
+
+ rte_crypto_xform_param priv_key;
+ /**< priv_key
+ * DH private key data in Octet-string network byte order format.
+ */
+
+ rte_crypto_xform_param pub_key;
+ /**< pub_key
+ * DH public key data in Octet-string network byte order format.
+ */
+};
+
+/**Asymmetric ECDH transform data
+ * This structure contains data required to perform ECDH crypto
+ * transform
+ */
+struct rte_crypto_ecdh_xform {
+
+ enum rte_crypto_ec_curve_type curve_type;
+ /**< ECDH curve type: Prime vs Binary */
+
+ struct rte_crypto_ec_curve_id curve_id;
+
+ rte_crypto_xform_param n;
+ /**< n : order
+ * ECDH curve order data in Octet-string network byte order format.
+ */
+
+ rte_crypto_xform_param p;
+ /**< p:
+ * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD:
+ * p holds the prime modulus data in Octet string format.
+ *
+ * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD:
+ * p holds reduction polynomial co-efficients and degree.
+ */
+
+ rte_crypto_xform_param a;
+ /**< Co-efficient 'a' of curve equation data in Octet-string network
+ * byte order format.
+ */
+
+ rte_crypto_xform_param b;
+ /**< Co-efficient 'b' of curve equation data in Octet-string network
+ * byte order format.
+ */
+
+ struct rte_crypto_ec_point G;
+ /**< G: EC curve generator
+ * EC curve generator point data in Octet-string network byte order
+ * format.
+ */
+
+ rte_crypto_xform_param pkey;
+ /**< pkey: Private key
+ * Private key data for ECDH operation in Octet-string network byte
+ * order format.
+ */
+
+ struct rte_crypto_ecpoint Q;
+ /**< Q: Public key point
+ * Public key point data of ECDH operation in Octet-string network
+ * byte order format.
+ */
+
+ int h;
+ /**< Co-factor of the curve */
+};
+
+/** Asymmetric Digital Signature transform operation
+ *
+ * This structure contains data required to perform asymmetric
+ * digital signature crypto transform.
+ */
+struct rte_crypto_dsa_xform {
+
+ rte_crypto_xform_param p;
+ /**< p - Prime modulus
+ * Prime modulus data for DSA operation in Octet-string network byte
+ * order format.
+ */
+
+ rte_crypto_xform_param q;
+ /**< q : Order of the subgroup
+ * Order of the subgroup data in Octet-string network byte order
+ * format.
+ * q % (p-1) = 0
+ */
+
+ rte_crypto_xform_param g;
+ /**< g: Generator of the subgroup
+ * Generator data in Octet-string network byte order format.
+ */
+
+ rte_crypto_xform_param x;
+ /**< x: Private key of the signer
+ * Private key data in Octet-string network byte order format.
+ * Private key is valid only for signature generation operation.
+ */
+
+ rte_crypto_xform_param y;
+ /**< y : Public key of the signer.
+ * Public key data of the signer in Octet-string network byte order
+ * format.
+ * y = g^x mod p
+ */
+};
+
+/** Asymmetric ECDSA transform data
+ *
+ * This structure contains data required to perform ECDSA crypto
+ * transform.
+ */
+struct rte_crypto_ecdsa_xform {
+
+ enum rte_crypto_ec_curve_type curve_type;
+ /**< ECDSA curve type: Prime vs Binary */
+
+ struct rte_crypto_ec_curve_id curve_id;
+ /**< EC curve ID */
+
+ rte_crypto_xform_param n;
+ /**< n : order
+ * ECDH curve order data in Octet-string network byte order format.
+ */
+
+ rte_crypto_xform_param p;
+ /**< p:
+ * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD:
+ * p holds the prime modulus data in Octet string format.
+ *
+ * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD:
+ * p holds reduction polynomial co-efficients and degree.
+ */
+
+ rte_crypto_xform_param a;
+ /**< Co-efficient 'a' of curve equation data in Octet-string network
+ * byte order format.
+ */
+
+ rte_crypto_xform_param b;
+ /**< Co-efficient 'b' of curve equation data in Octet-string network
+ * byte order format.
+ */
+
+ struct rte_crypto_ecpoint G;
+ /**< G: EC curve generator
+ * EC curve generator point data in Octet-string network byte order
+ * format.
+ */
+
+ rte_crypto_xform_param pkey;
+ /**< pkey: Private key
+ * Private key data of the signer for ECDSA signature generation
+ * operation in Octet-string network byte format. Parameter is
+ * invalid or unsed for signature verification.
+ */
+
+ struct rte_crypto_ecpoint Q;
+ /**< Q: Public key point
+ * Public key point data of ECDSA operation in Octet-string network
+ * byte order format.
+ */
+
+ int h;
+ /**< Co-factor of the curve */
+};
+
+/** Asymmetric modular inverse transform operation
+ * This structure contains data required to perform
+ * asymmetric modular inverse crypto transform
+ */
+struct rte_crypto_modinv_xform {
+};
+
+/** Asymmetric Fundamental ECC transform operation
+ *
+ * This structure contains data required to perform asymmetric
+ * fundamental ECC crypto transform.
+ */
+struct rte_crypto_fecc_xform {
+
+ enum rte_crypto_ec_curve_type curve_type;
+ /**< FECC curve type: Prime vs Binary */
+
+ struct rte_crypto_ec_curve_id curve_id;
+ /**< EC curve ID */
+
+ rte_crypto_xform_param order;
+ /**< order : ECC curve order
+ * Curve order data in Octet-string network byte order format.
+ */
+
+ rte_crypto_xform_param prime;
+ /**< prime : Curve prime modulus data
+ * Prime modulus data in Octet-string network byte order format.
+ */
+
+ struct rte_crypto_ec_point G;
+ /**< G: curve generator point
+ * Curve generator point data in Octet-string network byte order
+ * format.
+ */
+
+ rte_crypto_xform_param a;
+ /**< Co-efficient 'a' of curve equation data in Octet-string network
+ * byte order format.
+ */
+
+ rte_crypto_xform_param b;
+ /**< Co-efficient 'a' of curve equation data in Octet-string network
+ * byte order format.
+ */
+
+ int h;
+ /**< Co-factor of the curve */
+
+};
+
+/**
+ * Asymmetric crypto transform data
+ *
+ * This structure contains the data required to perform the
+ * asymmetric crypto transformation operation. The field op
+ * determines the asymmetric algorithm for transformation.
+ */
+struct rte_crypto_asym_xform {
+ struct rte_crypto_asym_xform *next;
+ enum rte_crypto_asym_xform_type xform_type;
+ /**< Asymmetric algorithm for crypto transform */
+
+ RTE_STD_C11
+ union {
+ struct rte_crypto_rsa_xform rsa;
+ struct rte_crypto_fecc_xform fecc;
+ struct rte_crypto_modex_xform modex;
+ struct rte_crypto_ecdsa_xform ecdsa;
+ struct rte_crypto_ecdh_xform ecdh;
+ struct rte_crypto_dsa_xform dsa;
+ };
+};
+
+struct rte_cryptodev_asym_session;
+
+/**
+ * Crypto operation session type. This is used to specify whether a crypto
+ * operation has session structure attached for immutable parameters or if all
+ * operation information is included in the operation data structure.
+ */
+enum rte_crypto_asym_op_sess_type {
+ RTE_CRYPTO_ASYM_OP_WITH_SESSION,
+ /**< Session based crypto operation */
+ RTE_CRYPTO_ASYM_OP_SESSIONLESS
+ /**< Session-less crypto operation */
+};
+
+/**
+ * Asymmetric Cryptographic Operation.
+ *
+ * This structure contains data relating to performing asymmetric cryptographic
+ * operation.
+ *
+ */
+struct rte_crypto_asym_op {
+
+ enum rte_crypto_asym_op_sess_type sess_type;
+ enum rte_crypto_asym_xform_type type;
+
+ RTE_STD_C11
+ union {
+ enum rte_crypto_rsa_optype rsa_op;
+ /**< Type of RSA operation for transform */;
+ enum rte_crypto_modex_optype modex_op;
+ /**< Type of modular exponentiation operation */
+ enum rte_crypto_ecdsa_optype ecdsa_op;
+ /**< ECDSA crypto xform operation type */
+ enum rte_crypto_fecc_optype fecc_op;
+ /**< ECDSA crypto xform operation type */
+ enum rte_crypto_dsa_optype dsa_op;
+ /**< DSA crypto xform operation type */
+ };
+
+ RTE_STD_C11
+ union {
+ struct rte_cryptodev_asym_session *session;
+ /**< Handle for the initialised session context */
+ struct rte_crypto_asym_xform *xform;
+ /**< Session-less API crypto operation parameters */
+ };
+
+ RTE_STD_C11
+ union {
+
+ struct {
+ rte_crypto_op_param message;
+ /**<
+ * Pointer to data
+ * - to be encrypted for RSA public encrypt.
+ * - to be decrypted for RSA private decrypt.
+ * - to be signed for RSA sign generation.
+ * - to be authenticated for RSA sign verification.
+ */
+
+ rte_crypto_op_param sign;
+ /**<
+ * Pointer to RSA signature data. If operation is RSA
+ * sign @ref RTE_CRYPTO_RSA_OP_SIGN, buffer will be
+ * over-written with generated signature.
+ *
+ * Length of the signature data will be equal to the
+ * RSA prime modulus length.
+ */
+
+ enum rte_crypto_rsa_padding_type pad;
+ /**< RSA padding scheme to be used for transform */
+
+ enum rte_crypto_auth_algorithm md;
+ /**< Hash algorithm to be used for data hash if padding
+ * scheme is either OAEP or PSS. Valid hash algorithms
+ * are:
+ * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ */
+
+ enum rte_crypto_auth_algorithm mgf1md;
+ /**<
+ * Hash algorithm to be used for mask generation if
+ * padding scheme is either OAEP or PSS. If padding
+ * scheme is unspecified data hash algorithm is used
+ * for mask generation. Valid hash algorithms are:
+ * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ */
+ } rsa;
+
+ struct {
+ rte_crypto_op_param pub_key;
+ /**<
+ * If DH operation type is
+ * KEY_GENERATION:
+ * if priv_key and public key are provided, the keys
+ * are copied to DH xform structure, else key pair is
+ * generated and stored in DH xform structure.
+ * pub_key data should be in Octet-string network
+ * byte order format.
+ *
+ * KEY_COMPUTATION:
+ * pub_key holds the key shared by peer during DH
+ * key exchange. pub_key data is written as Octet-
+ * string network byte order format.
+ */
+ RTE_STD_C11
+ union {
+ rte_crypto_op_param priv_key;
+ /**<
+ * If DH operation type is KEY_GENERATION, and
+ * priv_key is provided, the key is copied to
+ * DH xform structure, else generated and stored
+ * in DH xform structure. priv_key data is in
+ * in Octet-string network byte order format.
+ */
+ rte_crypto_op_param shared_key;
+ /*
+ * If DH operation type is KEY_COMPUTATION:
+ * shared_key holds the shared secret
+ * computed. shared_key is written as
+ * Octet-string network byte order format.
+ */
+ };
+ } dh;
+
+ struct {
+ rte_crypto_op_param base;
+ /**<
+ * Pointer to base of modular exponentiation data in
+ * Octet-string network byte order format.
+ */
+ } modex;
+
+ struct {
+ rte_crypto_op_param priv_key;
+ /**<
+ * If ECDH operation type is KEY_GENERATION, and
+ * priv_key is provided, the key is copied to ECDH
+ * xform structure, else generated and stored in
+ * ECDH xform structure in Octet-string network byte
+ * order.
+ * If ECDH operation type is KEY_COMPUTATION:
+ * priv_key holds the 'X' co-ordinate of the shared
+ * secret EC point computed in Octet-string network
+ * byte order.
+ */
+
+ rte_crypto_ec_point pub_key;
+ /**<
+ * If ECDH operation type is
+ * KEY_GENERATION:
+ * if priv_key and public key are provided, the keys
+ * are copied ECDH xform structure, else key pair is
+ * generated and stored in ECDH xform structure.
+ *
+ * KEY_COMPUTATION:
+ * pub_key holds peer's public key during ECDH
+ * key exchange in Octet-string network byte order.
+ */
+ } ecdh;
+
+ struct {
+ rte_crypto_op_param message;
+ /**<
+ * Pointer to data
+ * - to be signed for ECDSA signature generation.
+ * - to be authenticated for ECDSA sign verification.
+ */
+
+ rte_crypto_op_param sign;
+ /**<
+ * Pointer to ECDSA signature. If operation type is
+ * @ref RTE_CRYPTO_ECDSA_OP_VERIFY this buffer will be
+ * over-written with the signature.
+ *
+ * Length of ECDSA signature will be less than twice the
+ * length of prime modulus length.
+ */
+
+ rte_crypto_op_param k;
+ /**<
+ * Pointer to random scalar to be used for generation
+ * of ECDSA signature @ref RTE_CRYPTO_ECDSA_OP_SIGN.
+ * It is invalid if operation is ECDSA verify.
+ * Scalar data is in Octet-string network byte order
+ * format.
+ *
+ * Length of scalar K should be less than the prime
+ * modulus of the curve
+ */
+ } ecdsa;
+
+ struct {
+
+ rte_crypto_op_param message;
+ /**<
+ * Pointer to data
+ * - to be signed for DSA signature generation.
+ * - to be authenticated for DSA sign verification.
+ *
+ * Length of data to be signed, if is more than
+ * prime modulus length, is truncated to length of
+ * prime modulus.
+ */
+
+ rte_crypto_op_param k;
+ /**<
+ * Pointer to random scalar to be used for DSA
+ * signature generation. K should be a non-zero number
+ * less than q. k is in Octet-string network byte
+ * order format.
+ */
+
+ } dsa;
+
+ struct {
+ struct rte_crypto_ec_point p;
+ /**<
+ * Pointer to primary curve point for fundamental
+ * ECC operation. Data is in Octet-string network
+ * byte order format.
+ * Length of data in bytes cannot exceed the prime
+ * modulus length of the curve.
+ */
+
+ struct rte_crypto_ec_point q;
+ /**<
+ *
+ * Pointer to secondary curve point for fundamental
+ * ECC operation. Data is in Octet-string network
+ * byte order format.
+ *
+ * Length of data in bytes cannot exceed the prime
+ * modulus length of the curve. This point is valid
+ * only for point addition optype
+ * RTE_CRYPTO_FECC_OP_POINT_ADD crypto transform.
+ */
+
+ rte_crypto_op_param k;
+ /**<
+ * Pointer to scalar data to be used only for point
+ * multiplication @ref RTE_CRYPTO_FECC_OP_POINT_MULTIPLY
+ * crypto transform. Data is in Octet-string network
+ * byte order format.
+ *
+ * Length of data in bytes cannot exceed the prime
+ * modulus length of the curve.
+ */
+
+ struct rte_crypto_ec_point r;
+ /**<
+ * Pointer to the resultant point on the curve after
+ * fundamental ECC crypto transform. Data is in
+ * Octet-string network byte order format.
+ * Length of data in bytes cannot exceed the prime
+ * modulus length of the curve.
+ */
+
+ } fecc;
+
+ struct {
+
+ rte_crypto_op_param prime;
+ /**<
+ * Pointer to the prime modulus data for modular
+ * inverse operation in Octet-string network byte
+ * order format.
+ */
+
+ rte_crypto_op_param base;
+ /**<
+ * Pointer to the base for the modular inverse
+ * operation in Octet-string network byte order
+ * format.
+ */
+ } modinv;
+ };
+
+} __rte_cache_aligned;
+
+
+
+/**
+ * Reset the fields of an asymmetric operation to their default values.
+ *
+ * @param op The crypto operation to be reset.
+ */
+static inline void
+__rte_crypto_asym_op_reset(struct rte_crypto_asym_op *op)
+{
+ memset(op, 0, sizeof(*op));
+
+ op->sess_type = RTE_CRYPTO_ASYM_OP_SESSIONLESS;
+}
+
+
+/**
+ * Allocate space for asymmetric crypto xforms in the private data space of the
+ * crypto operation. This also defaults the crypto xform type to
+ * RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED and configures the chaining of the xforms
+ * in the crypto operation
+ *
+ * @return
+ * - On success returns pointer to first crypto xform in crypto operations chain
+ * - On failure returns NULL
+ */
+static inline struct rte_crypto_asym_xform *
+__rte_crypto_asym_op_asym_xforms_alloc(struct rte_crypto_asym_op *asym_op,
+ void *priv_data, uint8_t nb_xforms)
+{
+ struct rte_crypto_asym_xform *xform;
+
+ asym_op->xform = xform = (struct rte_crypto_asym_xform *)priv_data;
+
+ do {
+ xform->type = RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED;
+ xform = xform->next = --nb_xforms > 0 ? xform + 1 : NULL;
+ } while (xform);
+
+ return asym_op->xform;
+}
+
+
+/**
+ * Attach a session to an asymmetric crypto operation
+ *
+ * @param asym_op crypto operation
+ * @param sess cryptodev session
+ */
+static inline int
+__rte_crypto_asym_op_attach_asym_session(struct rte_crypto_asym_op *asym_op,
+ struct rte_cryptodev_asym_session *sess)
+{
+ asym_op->session = sess;
+ asym_op->sess_type = RTE_CRYPTO_ASYM_OP_WITH_SESSION;
+
+ return 0;
+}
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _RTE_CRYPTO_ASYM_H_ */

Added asymmetric algorithm capability structures, operation error codes,
application helper functions. Added asymmetric algorithm/operation
variants, capability query APIs.

Signed-off-by: Umesh Kartha <***@caviumnetworks.com>
---
lib/librte_cryptodev/rte_crypto.h | 135 ++++++++++-
lib/librte_cryptodev/rte_cryptodev.c | 430 +++++++++++++++++++++++++++++++++++
lib/librte_cryptodev/rte_cryptodev.h | 334 +++++++++++++++++++++++++++
3 files changed, 896 insertions(+), 3 deletions(-)

diff --git lib/librte_cryptodev/rte_crypto.h lib/librte_cryptodev/rte_crypto.h
index 9019518..a8720bf 100644
--- lib/librte_cryptodev/rte_crypto.h
+++ lib/librte_cryptodev/rte_crypto.h
@@ -51,6 +51,7 @@
#include <rte_common.h>

#include "rte_crypto_sym.h"
+#include "rte_crypto_asym.h"

/** Crypto operation types */
enum rte_crypto_op_type {
@@ -58,6 +59,8 @@ enum rte_crypto_op_type {
/**< Undefined operation type */
RTE_CRYPTO_OP_TYPE_SYMMETRIC,
/**< Symmetric operation */
+ RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ /**< Asymmetric operation */
};

/** Status of crypto operation */
@@ -75,6 +78,29 @@ enum rte_crypto_op_status {
* Symmetric operation failed due to invalid session arguments, or if
* in session-less mode, failed to allocate private operation material.
*/
+ RTE_CRYPTO_OP_STATUS_RSA_DATA_TOO_LARGE,
+ /**< Length of data to be encrypted/signed is too large */
+ RTE_CRYPTO_OP_STATUS_PKCS_DECRYPT_FAILED,
+ /**<
+ * PKCS decrypt operation failed due to bad padding.
+ */
+ RTE_CRYPTO_OP_STATUS_RSA_VERIFY_FAILED,
+ /**<
+ * PKCS RSA signature verification failed.
+ */
+ RTE_CRYPTO_OP_STATUS_ECDSA_INVALID_SIGNATURE,
+ /**<
+ * ECDSA signature generation failed due to either ECDSA_SIGN->r or
+ * ECDSA_SIGN->s component being invalid.
+ */
+ RTE_CRYPTO_OP_STATUS_ECDSA_VERIFY_FAILED,
+ /**<
+ * ECDSA signature verification failed.
+ */
+ RTE_CRYPTO_OP_STATUS_ECC_POINT_AT_INFINITY,
+ /**<
+ * ECC Operation failed due to point at infinity
+ */
RTE_CRYPTO_OP_STATUS_INVALID_ARGS,
/**< Operation failed due to invalid arguments in request */
RTE_CRYPTO_OP_STATUS_ERROR,
@@ -116,6 +142,8 @@ struct rte_crypto_op {
union {
struct rte_crypto_sym_op *sym;
/**< Symmetric operation parameters */
+ struct rte_crypto_asym_op *asym;
+ /**< Asymmetric operation parameters */
}; /**< operation specific parameters */
} __rte_cache_aligned;

@@ -141,6 +169,14 @@ struct rte_crypto_op {

__rte_crypto_sym_op_reset(op->sym);
break;
+ case RTE_CRYPTO_OP_TYPE_ASYMMETRIC:
+ /** Asymmetric operation structure starts after the end of the
+ * rte_crypto_op strucutre.
+ */
+ op->asym = (struct rte_crypto_asym_op *)(op + 1);
+ op->type = type;
+
+ __rte_crypto_asym_op_reset(op->asym);
default:
break;
}
@@ -303,13 +339,25 @@ struct rte_crypto_op_pool_private {
__rte_crypto_op_get_priv_data(struct rte_crypto_op *op, uint32_t size)
{
uint32_t priv_size;
+ int type = op->type;

if (likely(op->mempool != NULL)) {
priv_size = __rte_crypto_op_get_priv_data_size(op->mempool);

- if (likely(priv_size >= size))
- return (void *)((uint8_t *)(op + 1) +
+ if (likely(priv_size >= size)) {
+ switch (type) {
+ case RTE_CRYPTO_OP_TYPE_SYMMETRIC:
+ return (void *)((uint8_t *)(op + 1) +
sizeof(struct rte_crypto_sym_op));
+ break;
+ case RTE_CRYPTO_OP_TYPE_ASYMMETRIC:
+ return (void *)((uint8_t *)(op + 1) +
+ sizeof(struct rte_crypto_asym_op));
+ break;
+ default:
+ break;
+ }
+ }
}

return NULL;
@@ -320,7 +368,7 @@ struct rte_crypto_op_pool_private {
* If operation has been allocate from a rte_mempool, then the operation will
* be returned to the mempool.
*
- * @param op symmetric crypto operation
+ * @param op crypto operation
*/
static inline void
rte_crypto_op_free(struct rte_crypto_op *op)
@@ -410,6 +458,87 @@ struct rte_crypto_op_pool_private {
return __rte_crypto_sym_op_attach_sym_session(op->sym, sess);
}

+/**
+ * Allocate an asymmetric crypto operation in the private data of an mbuf.
+ *
+ * @param m mbuf which is associated with the crypto operation, the
+ * operation will be allocated in the private data of that
+ * mbuf.
+ *
+ * @returns
+ * - On success returns a pointer to the crypto operation.
+ * - On failure returns NULL.
+ */
+static inline struct rte_crypto_op *
+rte_crypto_asym_op_alloc_from_mbuf_priv_data(struct rte_mbuf *m)
+{
+ if (unlikely(m == NULL))
+ return NULL;
+
+ /*
+ * check that the mbuf's private data size is sufficient to contain a
+ * crypto operation
+ */
+ if (unlikely(m->priv_size < (sizeof(struct rte_crypto_op) +
+ sizeof(struct rte_crypto_asym_op))))
+ return NULL;
+
+ /* private data starts immediately after the mbuf header in the mbuf. */
+ struct rte_crypto_op *op = (struct rte_crypto_op *)(m + 1);
+
+ __rte_crypto_op_reset(op, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+
+ op->mempool = NULL;
+ op->asym->m_src = m;
+
+ return op;
+}
+
+/**
+ * Allocate space for asymmetric crypto xforms in the private data space of the
+ * crypto operation. This also defaults the crypto xform type and configures
+ * the chaining of the xforms in the crypto operation
+ *
+ * @return
+ * - On success returns pointer to first crypto xform in crypto operations chain
+ * - On failure returns NULL
+ */
+static inline struct rte_crypto_asym_xform *
+rte_crypto_op_asym_xforms_alloc(struct rte_crypto_op *op, uint8_t nb_xforms)
+{
+ void *priv_data;
+ uint32_t size;
+
+ if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_ASYMMETRIC))
+ return NULL;
+
+ size = sizeof(struct rte_crypto_asym_xform) * nb_xforms;
+
+ priv_data = __rte_crypto_op_get_priv_data(op, size);
+ if (priv_data == NULL)
+ return NULL;
+
+ return __rte_crypto_asym_op_asym_xforms_alloc(op->asym, priv_data,
+ nb_xforms);
+}
+
+
+/**
+ * Attach a session to a crypto operation
+ *
+ * @param op crypto operation, must be of type asymmetric
+ * @param sess cryptodev session
+ */
+static inline int
+rte_crypto_op_attach_asym_session(struct rte_crypto_op *op,
+ struct rte_cryptodev_asym_session *sess)
+{
+ if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_ASYMMETRIC))
+ return -1;
+
+ return __rte_crypto_asym_op_attach_asym_session(op->asym, sess);
+}
+
#ifdef __cplusplus
}
#endif
diff --git lib/librte_cryptodev/rte_cryptodev.c lib/librte_cryptodev/rte_cryptodev.c
index b65cd9c..abcdeb0 100644
--- lib/librte_cryptodev/rte_cryptodev.c
+++ lib/librte_cryptodev/rte_cryptodev.c
@@ -224,6 +224,385 @@ struct rte_cryptodev_callback {
}

/**
+ * Asymmetric crypto transform operation strings identifiers.
+ */
+
+const char *
+rte_crypto_asym_algorithm_strings[] = {
+ [RTE_CRYPTO_ASYM_XFORM_RSA] = "rsa",
+ [RTE_CRYPTO_ASYM_XFORM_MODEX] = "modexp",
+ [RTE_CRYPTO_ASYM_XFORM_DH] = "dh",
+ [RTE_CRYPTO_ASYM_XFORM_ECDH] = "ecdh",
+ [RTE_CRYPTO_ASYM_XFORM_DSA] = "dsa",
+ [RTE_CRYPTO_ASYM_XFORM_ECDSA] = "ecdsa",
+ [RTE_CRYPTO_ASYM_XFORM_MODINV] = "modinv",
+ [RTE_CRYPTO_ASYM_XFORM_FECC] = "fecc"
+};
+
+/**
+ * RSA crypto transform operation strings identifiers.
+ */
+const char *
+rte_crypto_rsa_operation_strings[] = {
+ [RTE_CRYPTO_RSA_OP_PUBLIC_ENCRYPT] = "public-encrypt",
+ [RTE_CRYPTO_RSA_OP_PRIVATE_DECRYPT] = "private-decrypt",
+ [RTE_CRYPTO_RSA_OP_SIGN] = "sign",
+ [RTE_CRYPTO_RSA_OP_VERIFY] = "verify"
+};
+
+/**
+ * DH crypto transform operation strings identifiers.
+ */
+const char *
+rte_crypto_dh_operation_strings[] = {
+ [RTE_CRYPTO_DH_OP_KEY_GENERATION] = "key-generate",
+ [RTE_CRYPTO_DH_OP_KEY_COMPUTATION] = "key-compute"
+};
+
+/**
+ * ECDH crypto transform operation strings identifiers.
+ */
+const char *
+rte_crypto_ecdh_operation_strings[] = {
+ [RTE_CRYPTO_ECDH_OP_KEY_GENERATION] = "key-generate",
+ [RTE_CRYPTO_ECDH_OP_KEY_CHECK] = "key-check",
+ [RTE_CRYPTO_ECDH_OP_KEY_COMPUTATION] = "key-compute"
+};
+
+/**
+ * DSA crypto transform operation strings identifiers.
+ */
+const char *
+rte_crypto_dsa_operation_strings[] = {
+ [RTE_CRYPTO_DSA_OP_SIGN] = "sign",
+ [RTE_CRYPTO_DSA_OP_VERIFY] = "verify"
+};
+
+/**
+ * ECDSA crypto transform operation strings identifiers.
+ */
+const char *
+rte_crypto_ecdsa_operation_strings[] = {
+ [RTE_CRYPTO_ECDSA_OP_SIGN] = "sign",
+ [RTE_CRYPTO_ECDSA_OP_VERIFY] = "verify"
+};
+
+/**
+ * F-ECC crypto transform operation strings identifiers.
+ */
+const char *
+rte_crypto_fecc_operation_strings[] = {
+ [RTE_CRYPTO_FECC_OP_POINT_ADD] = "point-add",
+ [RTE_CRYPTO_FECC_OP_POINT_DBL] = "point-double",
+ [RTE_CRYPTO_FECC_OP_POINT_MULTIPLY] = "point-multiply"
+};
+
+/**
+ * RSA crypto padding scheme strings identifiers.
+ */
+const char *
+rte_crypto_rsa_padding_scheme_strings[] = {
+ [RTE_CRYPTO_RSA_PADDING_BT1] = "bt1",
+ [RTE_CRYPTO_RSA_PADDING_BT2] = "bt2",
+ [RTE_CRYPTO_RSA_PADDING_OAEP] = "oaep",
+ [RTE_CRYPTO_RSA_PADDING_PSS] = "pss"
+};
+
+/**
+ * ECC prime field curve string identifiers.
+ */
+const char *
+rte_crypto_prime_curve_id_strings[] = {
+ [RTE_CRYPTO_EC_CURVE_secp112r1] = "secp112r1",
+ [RTE_CRYPTO_EC_CURVE_secp112r2] = "secp112r2",
+ [RTE_CRYPTO_EC_CURVE_secp128r1] = "secp128r1",
+ [RTE_CRYPTO_EC_CURVE_secp128r2] = "secp128r2",
+ [RTE_CRYPTO_EC_CURVE_secp160k1] = "secp160k1",
+ [RTE_CRYPTO_EC_CURVE_secp160r1] = "secp160r1",
+ [RTE_CRYPTO_EC_CURVE_secp160r2] = "secp160r2",
+ [RTE_CRYPTO_EC_CURVE_secp192k1] = "secp192k1",
+ [RTE_CRYPTO_EC_CURVE_secp224k1] = "secp224k1",
+ [RTE_CRYPTO_EC_CURVE_secp224r1] = "secp224r1",
+ [RTE_CRYPTO_EC_CURVE_secp256k1] = "secp256k1",
+ [RTE_CRYPTO_EC_CURVE_secp384r1] = "secp384r1",
+ [RTE_CRYPTO_EC_CURVE_secp521r1] = "secp521r1",
+ [RTE_CRYPTO_EC_CURVE_prime192v1] = "prime192v1",
+ [RTE_CRYPTO_EC_CURVE_prime192v2] = "prime192v2",
+ [RTE_CRYPTO_EC_CURVE_prime192v3] = "prime192v3",
+ [RTE_CRYPTO_EC_CURVE_prime239v1] = "prime239v1",
+ [RTE_CRYPTO_EC_CURVE_prime239v2] = "prime239v2",
+ [RTE_CRYPTO_EC_CURVE_prime239v3] = "prime239v3",
+ [RTE_CRYPTO_EC_CURVE_prime256v1] = "prime256v1",
+ [RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls6] =
+ "wap_wsg_idm_ecid_wtls6";
+ [RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls7] =
+ "wap_wsg_idm_ecid_wtls7";
+ [RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls8] =
+ "wap_wsg_idm_ecid_wtls8";
+ [RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls9] =
+ "wap_wsg_idm_ecid_wtls9";
+ [RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls12] =
+ "wap_wsg_idm_ecid_wtls12";
+ [RTE_CRYPTO_EC_CURVE_brainpoolP160r1] = "brainpoolP160r1",
+ [RTE_CRYPTO_EC_CURVE_brainpoolP160t1] = "brainpoolP160t1",
+ [RTE_CRYPTO_EC_CURVE_brainpoolP192r1] = "brainpoolP192r1",
+ [RTE_CRYPTO_EC_CURVE_brainpoolP192t1] = "brainpoolP192t1",
+ [RTE_CRYPTO_EC_CURVE_brainpoolP224r1] = "brainpoolP224r1",
+ [RTE_CRYPTO_EC_CURVE_brainpoolP224t1] = "brainpoolP224t1",
+ [RTE_CRYPTO_EC_CURVE_brainpoolP256r1] = "brainpoolP256r1",
+ [RTE_CRYPTO_EC_CURVE_brainpoolP256t1] = "brainpoolP256t1",
+ [RTE_CRYPTO_EC_CURVE_brainpoolP320r1] = "brainpoolP320r1",
+ [RTE_CRYPTO_EC_CURVE_brainpoolP320t1] = "brainpoolP320t1",
+ [RTE_CRYPTO_EC_CURVE_brainpoolP384r1] = "brainpoolP384r1",
+ [RTE_CRYPTO_EC_CURVE_brainpoolP384t1] = "brainpoolP384t1",
+ [RTE_CRYPTO_EC_CURVE_brainpoolP512r1] = "brainpoolP512r1",
+ [RTE_CRYPTO_EC_CURVE_brainpoolP512t1] = "brainpoolP512t1",
+ [RTE_CRYPTO_EC_CURVE_x25519] = "curve25519"
+};
+
+/**
+ * ECC binary field curve string identifiers.
+ */
+const char *
+rte_crypto_prime_curve_id_strings[] = {
+ [RTE_CRYPTO_EC_CURVE_sect113r1] = "sect113r1",
+ [RTE_CRYPTO_EC_CURVE_sect113r2] = "sect113r2",
+ [RTE_CRYPTO_EC_CURVE_sect131r1] = "sect131r1",
+ [RTE_CRYPTO_EC_CURVE_sect131r2] = "sect131r2",
+ [RTE_CRYPTO_EC_CURVE_sect163k1] = "sect163k1",
+ [RTE_CRYPTO_EC_CURVE_sect163r1] = "sect163r1",
+ [RTE_CRYPTO_EC_CURVE_sect163r2] = "sect163r2",
+ [RTE_CRYPTO_EC_CURVE_sect193r1] = "sect193r1",
+ [RTE_CRYPTO_EC_CURVE_sect193r2] = "sect193r2",
+ [RTE_CRYPTO_EC_CURVE_sect233k1] = "sect233k1",
+ [RTE_CRYPTO_EC_CURVE_sect233r1] = "sect233r1",
+ [RTE_CRYPTO_EC_CURVE_sect239k1] = "sect239k1",
+ [RTE_CRYPTO_EC_CURVE_sect283k1] = "sect283k1",
+ [RTE_CRYPTO_EC_CURVE_sect283r1] = "sect283r1",
+ [RTE_CRYPTO_EC_CURVE_sect409k1] = "sect409k1",
+ [RTE_CRYPTO_EC_CURVE_sect409r1] = "sect409r1",
+ [RTE_CRYPTO_EC_CURVE_sect571k1] = "sect571k1",
+ [RTE_CRYPTO_EC_CURVE_sect571r1] = "sect571r1",
+ [RTE_CRYPTO_EC_CURVE_c2pnb163v1] = "c2pnb163v1",
+ [RTE_CRYPTO_EC_CURVE_c2pnb163v2] = "c2pnb163v2",
+ [RTE_CRYPTO_EC_CURVE_c2pnb163v3] = "c2pnb163v3",
+ [RTE_CRYPTO_EC_CURVE_c2pnb176v1] = "c2pnb176v1",
+ [RTE_CRYPTO_EC_CURVE_c2tnb191v1] = "c2tnb191v1",
+ [RTE_CRYPTO_EC_CURVE_c2tnb191v2] = "c2tnb191v2",
+ [RTE_CRYPTO_EC_CURVE_c2tnb191v3] = "c2tnb191v3",
+ [RTE_CRYPTO_EC_CURVE_c2pnb208w1] = "c2pnb208w1",
+ [RTE_CRYPTO_EC_CURVE_c2tnb239v1] = "c2tnb239v1",
+ [RTE_CRYPTO_EC_CURVE_c2tnb239v2] = "c2tnb239v2",
+ [RTE_CRYPTO_EC_CURVE_c2tnb239v3] = "c2tnb239v3",
+ [RTE_CRYPTO_EC_CURVE_c2pnb272w1] = "c2pnb272w1",
+ [RTE_CRYPTO_EC_CURVE_c2pnb304w1] = "c2pnb304w1",
+ [RTE_CRYPTO_EC_CURVE_c2tnb359v1] = "c2tnb359v1",
+ [RTE_CRYPTO_EC_CURVE_c2pnb368w1] = "c2pnb368w1",
+ [RTE_CRYPTO_EC_CURVE_c2tnb431r1] = "c2tnb431r1",
+ [RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls1] =
+ "wap_wsg_idm_ecid_wtls1",
+ [RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls3] =
+ "wap_wsg_idm_ecid_wtls3",
+ [RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls4] =
+ "wap_wsg_idm_ecid_wtls4",
+ [RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls5] =
+ "wap_wsg_idm_ecid_wtls5",
+ [RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls10] =
+ "wap_wsg_idm_ecid_wtls10",
+ [RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls11] =
+ "wap_wsg_idm_ecid_wtls11"
+};
+
+int
+rte_cryptodev_get_cipher_algo_enum(enum rte_crypto_cipher_algorithm *algo_enum,
+ const char *algo_string)
+{
+ unsigned int i;
+
+ for (i = 1; i < RTE_DIM(rte_crypto_cipher_algorithm_strings); i++) {
+ if (strcmp(algo_string, rte_crypto_cipher_algorithm_strings[i])
+ == 0) {
+ *algo_enum = (enum rte_crypto_cipher_algorithm) i;
+ return 0;
+ }
+ }
+
+ /* Invalid string */
+ return -1;
+}
+
+int
+rte_cryptodev_get_auth_algo_enum(enum rte_crypto_auth_algorithm *algo_enum,
+ const char *algo_string)
+{
+ unsigned int i;
+
+ for (i = 1; i < RTE_DIM(rte_crypto_auth_algorithm_strings); i++) {
+ if (strcmp(algo_string, rte_crypto_auth_algorithm_strings[i])
+ == 0) {
+ *algo_enum = (enum rte_crypto_auth_algorithm) i;
+ return 0;
+ }
+ }
+
+ /* Invalid string */
+ return -1;
+}
+
+int
+rte_cryptodev_get_asym_algo_enum(enum rte_crypto_asym_xform_type *algo_enum,
+ const char *algo_string)
+{
+ unsigned int i;
+
+ for (i = 1; i < RTE_DIM(rte_crypto_asym_algorithm_strings); i++) {
+ if (strcmp(algo_string, rte_crypto_asym_algorithm_strings[i])
+ == 0) {
+ *algo_enum = (enum rte_crypto_asym_xform) i;
+ return 0;
+ }
+ }
+
+ /* Invalid string */
+ return -1;
+}
+
+int
+rte_cryptodev_get_rsa_op_enum(enum rte_crypto_rsa_optype *op_enum,
+ const char *op_string)
+{
+ unsigned int i;
+
+ for (i = 1; i < RTE_DIM(rte_crypto_rsa_operation_strings); i++) {
+ if (strcmp(op_string, rte_crypto_rsa_operation_strings[i])
+ == 0) {
+ *op_enum = (enum rte_crypto_rsa_optype) i;
+ return 0;
+ }
+ }
+
+ /* Invalid string */
+ return -1;
+}
+
+int
+rte_cryptodev_get_dh_op_enum(enum rte_crypto_dh_optype *op_enum,
+ const char *op_string)
+{
+ unsigned int i;
+
+ for (i = 1; i < RTE_DIM(rte_crypto_dh_operation_strings); i++) {
+ if (strcmp(op_string, rte_crypto_dh_operation_strings[i])
+ == 0) {
+ *op_enum = (enum rte_crypto_dh_optype) i;
+ return 0;
+ }
+ }
+
+ /* Invalid string */
+ return -1;
+}
+
+int
+rte_cryptodev_get_ecdh_op_enum(enum rte_crypto_ecdh_optype *op_enum,
+ const char *op_string)
+{
+ unsigned int i;
+
+ for (i = 1; i < RTE_DIM(rte_crypto_ecdh_operation_strings); i++) {
+ if (strcmp(op_string, rte_crypto_ecdh_operation_strings[i])
+ == 0) {
+ *op_enum = (enum rte_crypto_ecdh_optype) i;
+ return 0;
+ }
+ }
+
+ /* Invalid string */
+ return -1;
+}
+
+int
+rte_cryptodev_get_dsa_op_enum(enum rte_crypto_dsa_optype *op_enum,
+ const char *op_string)
+{
+ unsigned int i;
+
+ for (i = 1; i < RTE_DIM(rte_crypto_dsa_operation_strings); i++) {
+ if (strcmp(op_string, rte_crypto_dsa_operation_strings[i])
+ == 0) {
+ *op_enum = (enum rte_crypto_dsa_optype) i;
+ return 0;
+ }
+ }
+
+ /* Invalid string */
+ return -1;
+}
+
+int
+rte_cryptodev_get_ecdsa_op_enum(enum rte_crypto_ecdsa_optype *op_enum,
+ const char *op_string)
+{
+ unsigned int i;
+
+ for (i = 1; i < RTE_DIM(rte_crypto_rsa_operation_strings); i++) {
+ if (strcmp(op_string, rte_crypto_ecdsa_operation_strings[i])
+ == 0) {
+ *op_enum = (enum rte_crypto_ecdsa_optype) i;
+ return 0;
+ }
+ }
+
+ /* Invalid string */
+ return -1;
+}
+
+int
+rte_cryptodev_get_rsa_padding_enum(enum rte_crypto_rsa_padding_type *pad_enum,
+ const char *pad_string)
+{
+ unsigned int i;
+
+ for (i = 1; i < RTE_DIM(rte_crypto_rsa_padding_scheme_strings); i++) {
+ if (strcmp(op_string, rte_crypto_rsa_padding_scheme_strings[i])
+ == 0) {
+ *op_enum = (enum rte_crypto_rsa_padding_type) i;
+ return 0;
+ }
+ }
+
+ /* Invalid string */
+ return -1;
+}
+
+int
+rte_cryptodev_get_ec_curve_enum(struct rte_crypto_ec_curve_id *curve_id,
+ enum rte_crypto_ec_curve_type *curve_type,
+ const char *curve_string)
+{
+ unsigned int i;
+
+ for (i = 1; i < RTE_DIM(rte_crypto_prime_curve_id_strings); i++) {
+ if (strcmp(op_string, rte_crypto_prime_curve_id_strings[i])
+ == 0){
+ *curve_id.pcurve = (enum rte_crypto_ec_prime_curve) i;
+ *curve_type = RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD;
+ return 0;
+ }
+ }
+
+ for (i = 1; i < RTE_DIM(rte_crypto_binary_curve_id_strings); i++) {
+ if (strcmp(op_string, rte_crypto_binary_curve_id_strings[i])
+ == 0){
+ *curve_id.bcurve = (enum rte_crypto_ec_binary_curve) i;
+ *curve_type = RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD;
+ return 0;
+ }
+ }
+ /* Invalid string */
+ return -1;
+}
+/**
* The crypto auth operation strings identifiers.
* It could be used in application command line.
*/
@@ -369,6 +748,27 @@ struct rte_cryptodev_callback {

}

+const struct rte_cryptodev_asymmetric_capability *
+rte_cryptodev_asym_capability_get(uint8_t dev_id,
+ const struct rte_cryptodev_asym_capability_idx *idx)
+{
+ const struct rte_cryptodev_capabilities *capability;
+ struct rte_cryptodev_info dev_info;
+
+ rte_cryptodev_info_get(dev_id, &dev_info);
+
+ while ((capability == &dev_info.capabilities[i++])->op !=
+ RTE_CRYPTO_OP_TYPE_UNDEFINED) {
+ if (capability->op != RTE_CRYPTO_OP_TYPE_ASYMMETRIC)
+ continue;
+
+ if (capability->asym.xform_type == idx->type)
+ return &capability->asym;
+
+ }
+ return NULL;
+};
+
#define param_range_check(x, y) \
(((x < y.min) || (x > y.max)) || \
(y.increment != 0 && (x % y.increment) != 0))
@@ -404,6 +804,36 @@ struct rte_cryptodev_callback {
return 0;
}

+int
+rte_cryptodev_asym_capability_check_modlen(
+ const struct rte_cryptodev_asymmetric_capability *capability,
+ uint16_t modlen)
+{
+ if (param_range_check(modlen, capability.modlen))
+ return -1;
+
+ return 0;
+}
+
+#define curve_support_check(bitfield, curve) \
+ (bitfield & (1<<curve))
+
+int rte_cryptodev_asym_capability_check_curve(
+ const struct rte_cryptodev_asymmetric_capability *capability,
+ rte_crypto_ec_curve_type curve_type,
+ struct rte_crypto_ec_curve_id curve_id)
+{
+ uint64_t curve_field =
+ (curve_type == RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD) ?
+ capability->prime_bits:capability->binary_bits;
+
+ if (curve_support_check(curve_field, curve_id))
+ return 0;
+
+ return -1;
+
+}
+

const char *
rte_cryptodev_get_feature_name(uint64_t flag)
diff --git lib/librte_cryptodev/rte_cryptodev.h lib/librte_cryptodev/rte_cryptodev.h
index 88aeb87..f5f5a73 100644
--- lib/librte_cryptodev/rte_cryptodev.h
+++ lib/librte_cryptodev/rte_cryptodev.h
@@ -167,6 +167,161 @@ struct rte_cryptodev_symmetric_capability {
};
};

+/**
+ * Asymmetric Crypto Capability
+ *
+ * Capability for asymmetric crypto capabilities are divided as elliptic
+ * curve operations and non-elliptic curve operations. Capability for
+ * elliptic curve operations are dependent on the support for the curve
+ * used for the operation. Capability for non-elliptic curve operations
+ * are dependent on the length of prime modulus used for the operation.
+ *
+ * For non-elliptic curve operations (RSA/DSA/MODEXP/MODIN/DH):
+ * Capability is the param range of prime modulus
+ *
+ * For elliptic curve operations (ECDH/ECDSA/F-ECC) :
+ * Capability is the support for the operations on the curve.
+ *
+ *
+ * NOTE: The list of curves mentioned in the following structure are the
+ * curves supported by OpenSSL libcrypto presently. The curves were
+ * divided into prime or binary so as to use bitfield to determine the
+ * support for correspoding curve.
+ *
+ */
+struct rte_cryptodev_asymmetric_capability {
+ enum rte_crypto_asym_xform_type xform_type;
+ /**< Transform type: RSA/MODEXP/DH/ECDH/DSA/ECDSA/FECC/MODINV */
+ RTE_STD_C11
+ union {
+ struct rte_crypto_param_range mod_len;
+ /**< Range of modulus length supported for
+ * RSA
+ * MODEXP
+ * MODINV
+ * DH
+ */
+ struct {
+ RTE_STD_C11
+ union {
+ /**
+ * List or prime curves represented as a bit field.
+ */
+ struct{
+ uint64_t secp112r1 :1;
+ uint64_t secp112r2 :1;
+ uint64_t secp128r1 :1;
+ uint64_t secp128r2 :1;
+ uint64_t secp160k1 :1;
+ uint64_t secp160r1 :1;
+ uint64_t secp160r2 :1;
+ uint64_t secp192k1 :1;
+ uint64_t secp224k1 :1;
+ uint64_t secp224r1 :1;
+ uint64_t secp256k1 :1;
+ uint64_t secp384r1 :1;
+ uint64_t secp521r1 :1;
+ uint64_t prime192v1 :1;
+ uint64_t prime192v2 :1;
+ uint64_t prime192v3 :1;
+ uint64_t prime239v1 :1;
+ uint64_t prime239v2 :1;
+ uint64_t prime239v3 :1;
+ uint64_t prime256v1 :1;
+ uint64_t wap_wsg_idm_ecid_wtls6 :1;
+ uint64_t wap_wsg_idm_ecid_wtls7 :1;
+ uint64_t wap_wsg_idm_ecid_wtls8 :1;
+ uint64_t wap_wsg_idm_ecid_wtls9 :1;
+ uint64_t wap_wsg_idm_ecid_wtls12 :1;
+ uint64_t brainpoolP160r1 :1;
+ uint64_t brainpoolP160t1 :1;
+ uint64_t brainpoolP192r1 :1;
+ uint64_t brainpoolP192t1 :1;
+ uint64_t brainpoolP224r1 :1;
+ uint64_t brainpoolP224t1 :1;
+ uint64_t brainpoolP256r1 :1;
+ uint64_t brainpoolP256t1 :1;
+ uint64_t brainpoolP320r1 :1;
+ uint64_t brainpoolP320t1 :1;
+ uint64_t brainpoolP384r1 :1;
+ uint64_t brainpoolP384t1 :1;
+ uint64_t brainpoolP512r1 :1;
+ uint64_t brainpoolP512t1 :1;
+ uint64_t x25519 :1;
+ uint64_t unused :24;
+ } prime_curve;
+ /**<
+ * Supported prime curves for
+ * ECDH
+ * ECDSA
+ * FECC
+ */
+ uint64_t prime_bits;
+ };
+
+ RTE_STD_C11
+ union {
+ /**
+ * List or binary curves represented as a bit field.
+ */
+ struct {
+ uint64_t sect113r1 :1;
+ uint64_t sect113r2 :1;
+ uint64_t sect131r1 :1;
+ uint64_t sect131r2 :1;
+ uint64_t sect163k1 :1;
+ uint64_t sect163r1 :1;
+ uint64_t sect163r2 :1;
+ uint64_t sect193r1 :1;
+ uint64_t sect193r2 :1;
+ uint64_t sect233k1 :1;
+ uint64_t sect233r1 :1;
+ uint64_t sect239k1 :1;
+ uint64_t sect283k1 :1;
+ uint64_t sect283r1 :1;
+ uint64_t sect409k1 :1;
+ uint64_t sect409r1 :1;
+ uint64_t sect571k1 :1;
+ uint64_t sect571r1 :1;
+ uint64_t c2pnb163v1 :1;
+ uint64_t c2pnb163v2 :1;
+ uint64_t c2pnb163v3 :1;
+ uint64_t c2pnb176v1 :1;
+ uint64_t c2tnb191v1 :1;
+ uint64_t c2tnb191v2 :1;
+ uint64_t c2tnb191v3 :1;
+ uint64_t c2pnb208w1 :1;
+ uint64_t c2tnb239v1 :1;
+ uint64_t c2tnb239v2 :1;
+ uint64_t c2tnb239v3 :1;
+ uint64_t c2pnb272w1 :1;
+ uint64_t c2pnb304w1 :1;
+ uint64_t c2tnb359v1 :1;
+ uint64_t c2pnb368w1 :1;
+ uint64_t c2tnb431r1 :1;
+ uint64_t wap_wsg_idm_ecid_wtls1 :1;
+ uint64_t wap_wsg_idm_ecid_wtls3 :1;
+ uint64_t wap_wsg_idm_ecid_wtls4 :1;
+ uint64_t wap_wsg_idm_ecid_wtls5 :1;
+ uint64_t wap_wsg_idm_ecid_wtls10 :1;
+ uint64_t wap_wsg_idm_ecid_wtls11 :1;
+ uint64_t unused :24;
+ } binary_curve;
+ /**<
+ * Supported binary curves for
+ * ECDH
+ * ECDSA
+ * FECC
+ */
+ uint64_t binary_bits;
+ /**<
+ * Bitfield representing all binary curves.
+ */
+ };
+ } curves;
+ };
+};
+
/** Structure used to capture a capability of a crypto device */
struct rte_cryptodev_capabilities {
enum rte_crypto_op_type op;
@@ -176,6 +331,8 @@ struct rte_cryptodev_capabilities {
union {
struct rte_cryptodev_symmetric_capability sym;
/**< Symmetric operation capability parameters */
+ struct rte_cryptodev_asymmetric_capability asym;
+ /**< Asymmetric operation capability parameters */
};
};

@@ -188,6 +345,13 @@ struct rte_cryptodev_sym_capability_idx {
} algo;
};

+/** Structure used to describe crypto algorithms
+ * Only algorithm is required to define the capabilites associated
+ * with the particular asymmetric operation.
+ */
+struct rte_cryptodev_asym_capability_idx {
+ enum rte_crypto_asym_xform_type type;
+};
/**
* Provide capabilities available for defined device and algorithm
*
@@ -203,6 +367,20 @@ struct rte_cryptodev_sym_capability_idx {
const struct rte_cryptodev_sym_capability_idx *idx);

/**
+ * Provide capabilities available for defined device and algorithm
+ *
+ * @param dev_id The identifier of the device.
+ * @param algo Description of crypto algorithms.
+ *
+ * @return
+ * - Return description of the asymmetric crypto capability if exist.
+ * - Return NULL if the capability not exist.
+ */
+const struct rte_cryptodev_asymmetric_capability *
+rte_cryptodev_asym_capability_get(uint8_t dev_id,
+ const struct rte_cryptodev_asym_capability_idx *idx);
+
+/**
* Check if key size and initial vector are supported
* in crypto cipher capability
*
@@ -238,6 +416,37 @@ struct rte_cryptodev_sym_capability_idx {
uint16_t key_size, uint16_t digest_size, uint16_t aad_size);

/**
+ * Check if modulus length is supported for asymmetric crypto operation over
+ * a finite field.
+ *
+ * @param capability Description of the asymmetric crypto capability.
+ * @param modlen Modulus length
+ *
+ * @return
+ * - Return 0 if the parameters are in range of the capability.
+ * - Return -1 if the parameters are out of range of the capability.
+ */
+int
+rte_cryptodev_asym_capability_check_modlen(
+ const struct rte_cryptodev_asymmetric_capability *capability,
+ uint16_t modlen);
+
+/**
+ * Check if curve provided is supported for ECC operations
+ * @param capability Description of the asymmetric crypto capability.
+ * @param curve_type Type of the curve (Binary or Prime)
+ * @param curve_id Curve ID of the curve to be checked for support.
+ *
+ * @return
+ * - Return 0 if the curve provided is supported in the capability.
+ * - Return -1 if the curve provided is unsupported in the capability.
+ */
+int rte_cryptodev_asym_capability_check_curve(
+ const struct rte_cryptodev_asymmetric_capability *capability,
+ rte_crypto_ec_curve_type curve_type,
+ struct rte_crypto_ec_curve_id curve_id);
+
+/**
* Provide the cipher algorithm enum, given an algorithm string
*
* @param algo_enum A pointer to the cipher algorithm
@@ -267,6 +476,131 @@ struct rte_cryptodev_sym_capability_idx {
rte_cryptodev_get_auth_algo_enum(enum rte_crypto_auth_algorithm *algo_enum,
const char *algo_string);

+/**
+ * Provide ECC curve enum and curve type from given curve name string.
+ *
+ * @param curve_id A pointer to the ECC curve ID enum to be
+ * filled.
+ * @param curve_type A pointer to the ECC curve type enum to be
+ * filled.
+ * @param curve_string Curve name string.
+ *
+ *
+ * @return
+ * - Return -1 if string is not valid.
+ * - Return 0 if the string is valid.
+ */
+int rte_cryptodev_get_ec_curve_enum(struct rte_crypto_ec_curve_id *curve_id,
+ enum rte_crypto_ec_curve_type *curve_type,
+ const char *curve_string);
+
+/**
+ * Provide asymmetric algorithm xform type for the given string.
+ *
+ * @param algo_enum Pointer to asymmetric xform enum to be filled.
+ *
+ * @param algo_string Asymmetric algorithm string.
+ *
+ * @return
+ * - Return -1 if string is not valid.
+ * - Return 0 if the string is valid.
+ */
+int
+rte_cryptodev_get_asym_algo_enum(enum rte_crypto_asym_xform_type *algo_enum,
+ const char *algo_string);
+
+/**
+ * Provide RSA operation type enum for the given string.
+ *
+ * @param op_enum Pointer to RSA operation type to be filled.
+ *
+ * @param op_string RSA operation type string.
+ *
+ * @return
+ * - Return -1 if string is not valid.
+ * - Return 0 if the string is valid.
+ */
+int
+rte_cryptodev_get_dh_op_enum(enum rte_crypto_dh_optype *op_enum,
+ const char *op_string);
+
+/**
+ * Provide DH operation type enum for the given string.
+ *
+ * @param op_enum Pointer to DH operation type enum to be filled.
+ *
+ * @param op_string DH operation type string.
+ *
+ * @return
+ * - Return -1 if string is not valid.
+ * - Return 0 if the string is valid.
+ */
+int
+rte_cryptodev_get_ecdh_op_enum(enum rte_crypto_ecdh_optype *op_enum,
+ const char *op_string);
+
+
+/**
+ * Provide ECDH operation type enum for the given string.
+ *
+ * @param op_enum Pointer to ECDH operation type enum to be filled.
+ *
+ * @param op_string ECDH operation type string.
+ *
+ * @return
+ * - Return -1 if string is not valid.
+ * - Return 0 if the string is valid.
+ */
+int
+rte_cryptodev_get_ecdh_op_enum(enum rte_crypto_ecdh_optype *op_enum,
+ const char *op_string);
+
+/**
+ * Provide DSA operation type enum for the given string.
+ *
+ * @param op_enum Pointer to DSA operation type enum to be filled.
+ *
+ * @param op_string DSA operation type string.
+ *
+ * @return
+ * - Return -1 if string is not valid.
+ * - Return 0 if the string is valid.
+ */
+int
+rte_cryptodev_get_dsa_op_enum(enum rte_crypto_dsa_optype *op_enum,
+ const char *op_string);
+
+
+/**
+ * Provide ECDSA operation type enum for the given string.
+ *
+ * @param op_enum Pointer to ECDSA operation type enum to be filled.
+ *
+ * @param op_string ECDSA operation type string.
+ *
+ * @return
+ * - Return -1 if string is not valid.
+ * - Return 0 if the string is valid.
+ */
+int
+rte_cryptodev_get_ecdsa_op_enum(enum rte_crypto_ecdsa_optype *op_enum,
+ const char *op_string);
+
+/**
+ * Provide RSA padding scheme enum for the given string.
+ *
+ * @param pad_enum Pointer to RSA padding scheme enum to be filled.
+ *
+ * @param pad_string Padding scheme as string
+ *
+ * @return
+ * - Return -1 if string is not valid.
+ * - Return 0 if the string is valid.
+ */
+int
+rte_cryptodev_get_rsa_padding_enum(enum rte_crypto_rsa_padding_type *pad_enum,
+ const char *pad_string);
+
/** Macro used at end of crypto PMD list */
#define RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() \
{ RTE_CRYPTO_OP_TYPE_UNDEFINED }