[PATCH] crypto/openssl: support cmac operations

[PATCH] crypto/openssl: support cmac operations

[Ashwin Sekhar T K]

Extend openssl crypto PMD to support CMAC operations.

Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
---
 drivers/crypto/openssl/openssl_pmd_private.h |  9 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 88 ++++++++++++++++++++
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 20 +++++
 3 files changed, 117 insertions(+)

diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index b2054b3754..6cc6fe1230 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -5,6 +5,7 @@
 #ifndef _OPENSSL_PMD_PRIVATE_H_
 #define _OPENSSL_PMD_PRIVATE_H_
 
+#include <openssl/cmac.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/des.h>
@@ -46,6 +47,7 @@ enum openssl_cipher_mode {
 enum openssl_auth_mode {
 	OPENSSL_AUTH_AS_AUTH,
 	OPENSSL_AUTH_AS_HMAC,
+	OPENSSL_AUTH_AS_CMAC,
 };
 
 /** private data structure for each OPENSSL crypto device */
@@ -137,6 +139,13 @@ struct openssl_session {
 				HMAC_CTX *ctx;
 				/**< pointer to EVP context structure */
 			} hmac;
+
+			struct {
+				const EVP_CIPHER *evp_algo;
+				/**< pointer to EVP algorithm function */
+				CMAC_CTX *ctx;
+				/**< pointer to EVP context structure */
+			} cmac;
 		};
 
 		uint16_t aad_length;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 6ac2dfff5a..bac55220c0 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -13,6 +13,7 @@
 #include <rte_cpuflags.h>
 
 #include <openssl/hmac.h>
+#include <openssl/cmac.h>
 #include <openssl/evp.h>
 
 #include "openssl_pmd_private.h"
@@ -569,6 +570,29 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 						xform->auth.key.data);
 		break;
 
+	case RTE_CRYPTO_AUTH_AES_CMAC:
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		sess->auth.cmac.ctx = CMAC_CTX_new();
+		switch (xform->auth.key.length) {
+		case 16:
+			sess->auth.cmac.evp_algo = EVP_aes_128_cbc();
+			break;
+		case 24:
+			sess->auth.cmac.evp_algo = EVP_aes_192_cbc();
+			break;
+		case 32:
+			sess->auth.cmac.evp_algo = EVP_aes_256_cbc();
+			break;
+		default:
+			return -EINVAL;
+		}
+		if (CMAC_Init(sess->auth.cmac.ctx,
+			      xform->auth.key.data,
+			      xform->auth.key.length,
+			      sess->auth.cmac.evp_algo, NULL) != 1)
+			return -EINVAL;
+		break;
+
 	case RTE_CRYPTO_AUTH_MD5:
 	case RTE_CRYPTO_AUTH_SHA1:
 	case RTE_CRYPTO_AUTH_SHA224:
@@ -727,6 +751,9 @@ openssl_reset_session(struct openssl_session *sess)
 		EVP_PKEY_free(sess->auth.hmac.pkey);
 		HMAC_CTX_free(sess->auth.hmac.ctx);
 		break;
+	case OPENSSL_AUTH_AS_CMAC:
+		CMAC_CTX_free(sess->auth.cmac.ctx);
+		break;
 	default:
 		break;
 	}
@@ -1262,6 +1289,58 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	return -EINVAL;
 }
 
+/** Process standard openssl auth algorithms with cmac */
+static int
+process_openssl_auth_cmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+		int srclen, CMAC_CTX *ctx)
+{
+	unsigned int dstlen;
+	struct rte_mbuf *m;
+	int l, n = srclen;
+	uint8_t *src;
+
+	for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
+			m = m->next)
+		offset -= rte_pktmbuf_data_len(m);
+
+	if (m == 0)
+		goto process_auth_err;
+
+	src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
+
+	l = rte_pktmbuf_data_len(m) - offset;
+	if (srclen <= l) {
+		if (CMAC_Update(ctx, (unsigned char *)src, srclen) != 1)
+			goto process_auth_err;
+		goto process_auth_final;
+	}
+
+	if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+		goto process_auth_err;
+
+	n -= l;
+
+	for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
+		src = rte_pktmbuf_mtod(m, uint8_t *);
+		l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
+		if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+			goto process_auth_err;
+		n -= l;
+	}
+
+process_auth_final:
+	if (CMAC_Final(ctx, dst, (size_t *)&dstlen) != 1)
+		goto process_auth_err;
+
+	CMAC_CTX_cleanup(ctx);
+
+	return 0;
+
+process_auth_err:
+	OPENSSL_LOG(ERR, "Process openssl cmac auth failed");
+	return -EINVAL;
+}
+
 /** Process standard openssl auth algorithms with hmac */
 static int
 process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
@@ -1558,6 +1637,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	int srclen, status;
 	EVP_MD_CTX *ctx_a;
 	HMAC_CTX *ctx_h;
+	CMAC_CTX *ctx_c;
 
 	srclen = op->sym->auth.data.length;
 
@@ -1580,6 +1660,14 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 				ctx_h);
 		HMAC_CTX_free(ctx_h);
 		break;
+	case OPENSSL_AUTH_AS_CMAC:
+		ctx_c = CMAC_CTX_new();
+		CMAC_CTX_copy(ctx_c, sess->auth.cmac.ctx);
+		status = process_openssl_auth_cmac(mbuf_src, dst,
+				op->sym->auth.data.offset, srclen,
+				ctx_c);
+		CMAC_CTX_free(ctx_c);
+		break;
 	default:
 		status = -1;
 		break;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 7d0da52a33..94b266d14e 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -392,6 +392,26 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CMAC (AUTH) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 16,
+					.increment = 4
+				},
+			}, }
+		}, }
+	},
 	{	/* 3DES CBC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-- 
2.25.1

RE: [PATCH] crypto/openssl: support cmac operations

[Zhang, Roy Fan]

Hi,

> -----Original Message-----
> From: Ashwin Sekhar T K <asekhar@marvell.com>
> Sent: Friday, June 10, 2022 5:29 PM
> To: dev@dpdk.org
> Cc: jerinj@marvell.com; skori@marvell.com; skoteshwar@marvell.com;
> pbhagavatula@marvell.com; kirankumark@marvell.com;
> psatheesh@marvell.com; asekhar@marvell.com; anoobj@marvell.com;
> gakhil@marvell.com; hkalra@marvell.com; ndabilpuram@marvell.com
> Subject: [PATCH] crypto/openssl: support cmac operations
> 
> Extend openssl crypto PMD to support CMAC operations.
> 
> Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
> ---

Although the patch passes all tests in openssl 1.1, but I see 95 tests failed on openssl 3.0.
Can you check that?

Regards,
Fan

[PATCH v2] crypto/ipsec_mb: enable support for arm64

[Ashwin Sekhar T K]

Enable support for arm64 architecture in ipsec_mb. x86
specific code is conditionally compiled only for x86
architecture builds. Other architectures will be unsupported.

Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
---
 drivers/crypto/ipsec_mb/ipsec_mb_private.c | 7 +++++++
 drivers/crypto/ipsec_mb/ipsec_mb_private.h | 3 ++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_private.c b/drivers/crypto/ipsec_mb/ipsec_mb_private.c
index aab42c360c..b555a28a0b 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_private.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_private.c
@@ -53,6 +53,9 @@ ipsec_mb_create(struct rte_vdev_device *vdev,
 	const char *name, *args;
 	int retval;
 
+#if defined(RTE_ARCH_ARM64)
+	vector_mode = IPSEC_MB_ARM64;
+#elif defined(RTE_ARCH_X86_64)
 	if (vector_mode == IPSEC_MB_NOT_SUPPORTED) {
 		/* Check CPU for supported vector instruction set */
 		if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX512F))
@@ -64,6 +67,10 @@ ipsec_mb_create(struct rte_vdev_device *vdev,
 		else
 			vector_mode = IPSEC_MB_SSE;
 	}
+#else
+	/* Unsupported architecture */
+	return -ENOTSUP;
+#endif
 
 	init_params.private_data_size = sizeof(struct ipsec_mb_dev_private) +
 		pmd_data->internals_priv_size;
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_private.h b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
index e2c240dfc0..d0a1bcc360 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_private.h
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
@@ -26,7 +26,8 @@ enum ipsec_mb_vector_mode {
 	IPSEC_MB_SSE,
 	IPSEC_MB_AVX,
 	IPSEC_MB_AVX2,
-	IPSEC_MB_AVX512
+	IPSEC_MB_AVX512,
+	IPSEC_MB_ARM64,
 };
 
 extern enum ipsec_mb_vector_mode vector_mode;
-- 
2.25.1

RE: [PATCH v2] crypto/ipsec_mb: enable support for arm64

[Zhang, Roy Fan]

> -----Original Message-----
> From: Ashwin Sekhar T K <asekhar@marvell.com>
> Sent: Thursday, June 30, 2022 4:41 PM
> To: dev@dpdk.org; Zhang, Roy Fan <roy.fan.zhang@intel.com>; De Lara Guarch,
> Pablo <pablo.de.lara.guarch@intel.com>
> Cc: jerinj@marvell.com; skori@marvell.com; skoteshwar@marvell.com;
> pbhagavatula@marvell.com; kirankumark@marvell.com;
> psatheesh@marvell.com; asekhar@marvell.com; anoobj@marvell.com;
> gakhil@marvell.com; hkalra@marvell.com; ndabilpuram@marvell.com
> Subject: [PATCH v2] crypto/ipsec_mb: enable support for arm64
> 
> Enable support for arm64 architecture in ipsec_mb. x86
> specific code is conditionally compiled only for x86
> architecture builds. Other architectures will be unsupported.
> 
> Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
> ---
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

[PATCH v2 0/1] crypto/openssl: add aes cmac support

[Ashwin Sekhar T K]

Add support for aes cmac operations.

v2:
 * Added support for openssl 3.0

Ashwin Sekhar T K (1):
  crypto/openssl: support aes cmac operations

 drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 142 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
 3 files changed, 169 insertions(+), 7 deletions(-)

-- 
2.25.1

[PATCH v2 1/1] crypto/openssl: support aes cmac operations

[Ashwin Sekhar T K]

Extend openssl crypto PMD to support AES CMAC operations.

Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
---
 drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 142 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
 3 files changed, 169 insertions(+), 7 deletions(-)

diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index 5963a67a08..c1aa5f550c 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -6,6 +6,7 @@
 #define _OPENSSL_PMD_PRIVATE_H_
 
 #include <openssl/evp.h>
+#include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/des.h>
 #include <openssl/rsa.h>
@@ -50,6 +51,7 @@ enum openssl_cipher_mode {
 enum openssl_auth_mode {
 	OPENSSL_AUTH_AS_AUTH,
 	OPENSSL_AUTH_AS_HMAC,
+	OPENSSL_AUTH_AS_CMAC,
 };
 
 /** private data structure for each OPENSSL crypto device */
@@ -145,6 +147,18 @@ struct openssl_session {
 # endif
 				/**< pointer to EVP context structure */
 			} hmac;
+
+			struct {
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+				EVP_MAC_CTX * ctx;
+				/**< pointer to EVP context structure */
+# else
+				const EVP_CIPHER *evp_algo;
+				/**< pointer to EVP algorithm function */
+				CMAC_CTX *ctx;
+				/**< pointer to EVP context structure */
+# endif
+			} cmac;
 		};
 
 		uint16_t aad_length;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5658b9db66..460f1e7be6 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -10,6 +10,7 @@
 #include <rte_malloc.h>
 #include <rte_cpuflags.h>
 
+#include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
 
@@ -592,6 +593,12 @@ static int
 openssl_set_session_auth_parameters(struct openssl_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+	char algo_name[MAX_OSSL_ALGO_NAME_SIZE];
+	OSSL_PARAM params[2];
+	const char *algo;
+	EVP_MAC *mac;
+# endif
 	/* Select auth generate/verify */
 	sess->auth.operation = xform->auth.op;
 	sess->auth.algo = xform->auth.algo;
@@ -636,6 +643,47 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		sess->auth.auth.ctx = EVP_MD_CTX_create();
 		break;
 
+	case RTE_CRYPTO_AUTH_AES_CMAC:
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+		if (xform->auth.key.length == 16)
+			algo = SN_aes_128_cbc;
+		else if (xform->auth.key.length == 24)
+			algo = SN_aes_192_cbc;
+		else if (xform->auth.key.length == 32)
+			algo = SN_aes_256_cbc;
+		else
+			return -EINVAL;
+
+		rte_memcpy(algo_name, algo, strlen(algo) + 1);
+		params[0] = OSSL_PARAM_construct_utf8_string(
+				OSSL_MAC_PARAM_CIPHER, algo_name, 0);
+		params[1] = OSSL_PARAM_construct_end();
+
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
+		sess->auth.cmac.ctx = EVP_MAC_CTX_new(mac);
+		EVP_MAC_free(mac);
+
+		if (EVP_MAC_init(sess->auth.cmac.ctx,
+				xform->auth.key.data,
+				xform->auth.key.length,
+				params) != 1)
+			return -EINVAL;
+# else
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		sess->auth.cmac.ctx = CMAC_CTX_new();
+		if (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_CBC,
+				    xform->auth.key.length,
+				    &sess->auth.cmac.evp_algo) != 0)
+			return -EINVAL;
+		if (CMAC_Init(sess->auth.cmac.ctx,
+			      xform->auth.key.data,
+			      xform->auth.key.length,
+			      sess->auth.cmac.evp_algo, NULL) != 1)
+			return -EINVAL;
+# endif
+		break;
+
 # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
@@ -645,15 +693,12 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		sess->auth.mode = OPENSSL_AUTH_AS_HMAC;
 
-		OSSL_PARAM params[2];
-		const char *algo;
 		algo = digest_name_get(xform->auth.algo);
 		if (!algo)
 			return -EINVAL;
-		char algo_name[MAX_OSSL_ALGO_NAME_SIZE];
 		rte_memcpy(algo_name, algo, (sizeof(algo)+1));
 
-		EVP_MAC *mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+		mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
 		sess->auth.hmac.ctx = EVP_MAC_CTX_new(mac);
 		EVP_MAC_free(mac);
 		if (get_auth_algo(xform->auth.algo,
@@ -817,6 +862,13 @@ openssl_reset_session(struct openssl_session *sess)
 		EVP_MAC_CTX_free(sess->auth.hmac.ctx);
 # else
 		HMAC_CTX_free(sess->auth.hmac.ctx);
+# endif
+		break;
+	case OPENSSL_AUTH_AS_CMAC:
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		EVP_MAC_CTX_free(sess->auth.cmac.ctx);
+# else
+		CMAC_CTX_free(sess->auth.cmac.ctx);
 # endif
 		break;
 	default:
@@ -1354,10 +1406,14 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	return -EINVAL;
 }
 
+
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
-/** Process standard openssl auth algorithms with hmac */
+# endif
+
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+/** Process standard openssl auth algorithms with hmac/cmac */
 static int
-process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+process_openssl_auth_mac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 		int srclen, EVP_MAC_CTX *ctx)
 {
 	size_t dstlen;
@@ -1459,6 +1515,58 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	OPENSSL_LOG(ERR, "Process openssl auth failed");
 	return -EINVAL;
 }
+
+/** Process standard openssl auth algorithms with cmac */
+static int
+process_openssl_auth_cmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+		int srclen, CMAC_CTX *ctx)
+{
+	unsigned int dstlen;
+	struct rte_mbuf *m;
+	int l, n = srclen;
+	uint8_t *src;
+
+	for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
+			m = m->next)
+		offset -= rte_pktmbuf_data_len(m);
+
+	if (m == 0)
+		goto process_auth_err;
+
+	src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
+
+	l = rte_pktmbuf_data_len(m) - offset;
+	if (srclen <= l) {
+		if (CMAC_Update(ctx, (unsigned char *)src, srclen) != 1)
+			goto process_auth_err;
+		goto process_auth_final;
+	}
+
+	if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+		goto process_auth_err;
+
+	n -= l;
+
+	for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
+		src = rte_pktmbuf_mtod(m, uint8_t *);
+		l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
+		if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+			goto process_auth_err;
+		n -= l;
+	}
+
+process_auth_final:
+	if (CMAC_Final(ctx, dst, (size_t *)&dstlen) != 1)
+		goto process_auth_err;
+
+	CMAC_CTX_cleanup(ctx);
+
+	return 0;
+
+process_auth_err:
+	OPENSSL_LOG(ERR, "Process openssl cmac auth failed");
+	return -EINVAL;
+}
 # endif
 /*----------------------------------------------------------------------------*/
 
@@ -1700,9 +1808,11 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	EVP_MD_CTX *ctx_a;
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
 	EVP_MAC_CTX *ctx_h;
+	EVP_MAC_CTX *ctx_c;
 	EVP_MAC *mac;
 # else
 	HMAC_CTX *ctx_h;
+	CMAC_CTX *ctx_c;
 # endif
 
 	srclen = op->sym->auth.data.length;
@@ -1724,7 +1834,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 		ctx_h = EVP_MAC_CTX_new(mac);
 		ctx_h = EVP_MAC_CTX_dup(sess->auth.hmac.ctx);
 		EVP_MAC_free(mac);
-		status = process_openssl_auth_hmac(mbuf_src, dst,
+		status = process_openssl_auth_mac(mbuf_src, dst,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
 # else
@@ -1734,6 +1844,24 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
 		HMAC_CTX_free(ctx_h);
+# endif
+		break;
+	case OPENSSL_AUTH_AS_CMAC:
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
+		ctx_c = EVP_MAC_CTX_new(mac);
+		ctx_c = EVP_MAC_CTX_dup(sess->auth.cmac.ctx);
+		EVP_MAC_free(mac);
+		status = process_openssl_auth_mac(mbuf_src, dst,
+				op->sym->auth.data.offset, srclen,
+				ctx_c);
+# else
+		ctx_c = CMAC_CTX_new();
+		CMAC_CTX_copy(ctx_c, sess->auth.cmac.ctx);
+		status = process_openssl_auth_cmac(mbuf_src, dst,
+		                op->sym->auth.data.offset, srclen,
+		                ctx_c);
+		CMAC_CTX_free(ctx_c);
 # endif
 		break;
 	default:
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 3e24ef94f7..f7ddbf9c73 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -394,6 +394,26 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CMAC (AUTH) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 16,
+					.increment = 4
+				},
+			}, }
+		}, }
+	},
 	{	/* 3DES CBC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-- 
2.25.1

[PATCH v3 0/1] crypto/openssl: add aes cmac support

[Ashwin Sekhar T K]

Add support for aes cmac operations.

v2:
 * Added support for openssl 3.0
v3:
 * Fixed checkpatch warnings.

Ashwin Sekhar T K (1):
  crypto/openssl: support aes cmac operations

 drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 142 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
 3 files changed, 169 insertions(+), 7 deletions(-)

-- 
2.25.1

[PATCH v3 1/1] crypto/openssl: support aes cmac operations

[Ashwin Sekhar T K]

Extend openssl crypto PMD to support AES CMAC operations.

Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
---
 drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 142 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
 3 files changed, 169 insertions(+), 7 deletions(-)

diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index 5963a67a08..18900b5c61 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -6,6 +6,7 @@
 #define _OPENSSL_PMD_PRIVATE_H_
 
 #include <openssl/evp.h>
+#include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/des.h>
 #include <openssl/rsa.h>
@@ -50,6 +51,7 @@ enum openssl_cipher_mode {
 enum openssl_auth_mode {
 	OPENSSL_AUTH_AS_AUTH,
 	OPENSSL_AUTH_AS_HMAC,
+	OPENSSL_AUTH_AS_CMAC,
 };
 
 /** private data structure for each OPENSSL crypto device */
@@ -145,6 +147,18 @@ struct openssl_session {
 # endif
 				/**< pointer to EVP context structure */
 			} hmac;
+
+			struct {
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+				EVP_MAC_CTX *ctx;
+				/**< pointer to EVP context structure */
+# else
+				const EVP_CIPHER *evp_algo;
+				/**< pointer to EVP algorithm function */
+				CMAC_CTX *ctx;
+				/**< pointer to EVP context structure */
+# endif
+			} cmac;
 		};
 
 		uint16_t aad_length;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5658b9db66..ce195c21d5 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -10,6 +10,7 @@
 #include <rte_malloc.h>
 #include <rte_cpuflags.h>
 
+#include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
 
@@ -592,6 +593,12 @@ static int
 openssl_set_session_auth_parameters(struct openssl_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+	char algo_name[MAX_OSSL_ALGO_NAME_SIZE];
+	OSSL_PARAM params[2];
+	const char *algo;
+	EVP_MAC *mac;
+# endif
 	/* Select auth generate/verify */
 	sess->auth.operation = xform->auth.op;
 	sess->auth.algo = xform->auth.algo;
@@ -636,6 +643,47 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		sess->auth.auth.ctx = EVP_MD_CTX_create();
 		break;
 
+	case RTE_CRYPTO_AUTH_AES_CMAC:
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+		if (xform->auth.key.length == 16)
+			algo = SN_aes_128_cbc;
+		else if (xform->auth.key.length == 24)
+			algo = SN_aes_192_cbc;
+		else if (xform->auth.key.length == 32)
+			algo = SN_aes_256_cbc;
+		else
+			return -EINVAL;
+
+		rte_memcpy(algo_name, algo, strlen(algo) + 1);
+		params[0] = OSSL_PARAM_construct_utf8_string(
+				OSSL_MAC_PARAM_CIPHER, algo_name, 0);
+		params[1] = OSSL_PARAM_construct_end();
+
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
+		sess->auth.cmac.ctx = EVP_MAC_CTX_new(mac);
+		EVP_MAC_free(mac);
+
+		if (EVP_MAC_init(sess->auth.cmac.ctx,
+				xform->auth.key.data,
+				xform->auth.key.length,
+				params) != 1)
+			return -EINVAL;
+# else
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		sess->auth.cmac.ctx = CMAC_CTX_new();
+		if (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_CBC,
+				    xform->auth.key.length,
+				    &sess->auth.cmac.evp_algo) != 0)
+			return -EINVAL;
+		if (CMAC_Init(sess->auth.cmac.ctx,
+			      xform->auth.key.data,
+			      xform->auth.key.length,
+			      sess->auth.cmac.evp_algo, NULL) != 1)
+			return -EINVAL;
+# endif
+		break;
+
 # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
@@ -645,15 +693,12 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		sess->auth.mode = OPENSSL_AUTH_AS_HMAC;
 
-		OSSL_PARAM params[2];
-		const char *algo;
 		algo = digest_name_get(xform->auth.algo);
 		if (!algo)
 			return -EINVAL;
-		char algo_name[MAX_OSSL_ALGO_NAME_SIZE];
 		rte_memcpy(algo_name, algo, (sizeof(algo)+1));
 
-		EVP_MAC *mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+		mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
 		sess->auth.hmac.ctx = EVP_MAC_CTX_new(mac);
 		EVP_MAC_free(mac);
 		if (get_auth_algo(xform->auth.algo,
@@ -817,6 +862,13 @@ openssl_reset_session(struct openssl_session *sess)
 		EVP_MAC_CTX_free(sess->auth.hmac.ctx);
 # else
 		HMAC_CTX_free(sess->auth.hmac.ctx);
+# endif
+		break;
+	case OPENSSL_AUTH_AS_CMAC:
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		EVP_MAC_CTX_free(sess->auth.cmac.ctx);
+# else
+		CMAC_CTX_free(sess->auth.cmac.ctx);
 # endif
 		break;
 	default:
@@ -1354,10 +1406,14 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	return -EINVAL;
 }
 
+
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
-/** Process standard openssl auth algorithms with hmac */
+# endif
+
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+/** Process standard openssl auth algorithms with hmac/cmac */
 static int
-process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+process_openssl_auth_mac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 		int srclen, EVP_MAC_CTX *ctx)
 {
 	size_t dstlen;
@@ -1459,6 +1515,58 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	OPENSSL_LOG(ERR, "Process openssl auth failed");
 	return -EINVAL;
 }
+
+/** Process standard openssl auth algorithms with cmac */
+static int
+process_openssl_auth_cmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+		int srclen, CMAC_CTX *ctx)
+{
+	unsigned int dstlen;
+	struct rte_mbuf *m;
+	int l, n = srclen;
+	uint8_t *src;
+
+	for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
+			m = m->next)
+		offset -= rte_pktmbuf_data_len(m);
+
+	if (m == 0)
+		goto process_auth_err;
+
+	src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
+
+	l = rte_pktmbuf_data_len(m) - offset;
+	if (srclen <= l) {
+		if (CMAC_Update(ctx, (unsigned char *)src, srclen) != 1)
+			goto process_auth_err;
+		goto process_auth_final;
+	}
+
+	if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+		goto process_auth_err;
+
+	n -= l;
+
+	for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
+		src = rte_pktmbuf_mtod(m, uint8_t *);
+		l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
+		if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+			goto process_auth_err;
+		n -= l;
+	}
+
+process_auth_final:
+	if (CMAC_Final(ctx, dst, (size_t *)&dstlen) != 1)
+		goto process_auth_err;
+
+	CMAC_CTX_cleanup(ctx);
+
+	return 0;
+
+process_auth_err:
+	OPENSSL_LOG(ERR, "Process openssl cmac auth failed");
+	return -EINVAL;
+}
 # endif
 /*----------------------------------------------------------------------------*/
 
@@ -1700,9 +1808,11 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	EVP_MD_CTX *ctx_a;
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
 	EVP_MAC_CTX *ctx_h;
+	EVP_MAC_CTX *ctx_c;
 	EVP_MAC *mac;
 # else
 	HMAC_CTX *ctx_h;
+	CMAC_CTX *ctx_c;
 # endif
 
 	srclen = op->sym->auth.data.length;
@@ -1724,7 +1834,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 		ctx_h = EVP_MAC_CTX_new(mac);
 		ctx_h = EVP_MAC_CTX_dup(sess->auth.hmac.ctx);
 		EVP_MAC_free(mac);
-		status = process_openssl_auth_hmac(mbuf_src, dst,
+		status = process_openssl_auth_mac(mbuf_src, dst,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
 # else
@@ -1734,6 +1844,24 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
 		HMAC_CTX_free(ctx_h);
+# endif
+		break;
+	case OPENSSL_AUTH_AS_CMAC:
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
+		ctx_c = EVP_MAC_CTX_new(mac);
+		ctx_c = EVP_MAC_CTX_dup(sess->auth.cmac.ctx);
+		EVP_MAC_free(mac);
+		status = process_openssl_auth_mac(mbuf_src, dst,
+				op->sym->auth.data.offset, srclen,
+				ctx_c);
+# else
+		ctx_c = CMAC_CTX_new();
+		CMAC_CTX_copy(ctx_c, sess->auth.cmac.ctx);
+		status = process_openssl_auth_cmac(mbuf_src, dst,
+				op->sym->auth.data.offset, srclen,
+				ctx_c);
+		CMAC_CTX_free(ctx_c);
 # endif
 		break;
 	default:
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 3e24ef94f7..f7ddbf9c73 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -394,6 +394,26 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CMAC (AUTH) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 16,
+					.increment = 4
+				},
+			}, }
+		}, }
+	},
 	{	/* 3DES CBC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-- 
2.25.1

[PATCH v4 0/1] crypto/openssl: add aes cmac support

[Ashwin Sekhar T K]

Add support for aes cmac operations.

v2:
 * Added support for openssl 3.0
v3:
 * Fixed checkpatch warnings.
v4:
 * Fixed more checkpatch warnings.

Ashwin Sekhar T K (1):
  crypto/openssl: support aes cmac operations

 drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 142 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
 3 files changed, 169 insertions(+), 7 deletions(-)

-- 
2.25.1

[PATCH v4 1/1] crypto/openssl: support aes cmac operations

[Ashwin Sekhar T K]

Extend openssl crypto PMD to support AES CMAC operations.

Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
---
 drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 142 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
 3 files changed, 169 insertions(+), 7 deletions(-)

diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index 5963a67a08..de164d70d9 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -6,6 +6,7 @@
 #define _OPENSSL_PMD_PRIVATE_H_
 
 #include <openssl/evp.h>
+#include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/des.h>
 #include <openssl/rsa.h>
@@ -50,6 +51,7 @@ enum openssl_cipher_mode {
 enum openssl_auth_mode {
 	OPENSSL_AUTH_AS_AUTH,
 	OPENSSL_AUTH_AS_HMAC,
+	OPENSSL_AUTH_AS_CMAC,
 };
 
 /** private data structure for each OPENSSL crypto device */
@@ -145,6 +147,18 @@ struct openssl_session {
 # endif
 				/**< pointer to EVP context structure */
 			} hmac;
+
+			struct {
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+				EVP_MAC_CTX * ctx;
+				/**< pointer to EVP context structure */
+# else
+				const EVP_CIPHER * evp_algo;
+				/**< pointer to EVP algorithm function */
+				CMAC_CTX * ctx;
+				/**< pointer to EVP context structure */
+# endif
+			} cmac;
 		};
 
 		uint16_t aad_length;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5658b9db66..ce195c21d5 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -10,6 +10,7 @@
 #include <rte_malloc.h>
 #include <rte_cpuflags.h>
 
+#include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
 
@@ -592,6 +593,12 @@ static int
 openssl_set_session_auth_parameters(struct openssl_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+	char algo_name[MAX_OSSL_ALGO_NAME_SIZE];
+	OSSL_PARAM params[2];
+	const char *algo;
+	EVP_MAC *mac;
+# endif
 	/* Select auth generate/verify */
 	sess->auth.operation = xform->auth.op;
 	sess->auth.algo = xform->auth.algo;
@@ -636,6 +643,47 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		sess->auth.auth.ctx = EVP_MD_CTX_create();
 		break;
 
+	case RTE_CRYPTO_AUTH_AES_CMAC:
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+		if (xform->auth.key.length == 16)
+			algo = SN_aes_128_cbc;
+		else if (xform->auth.key.length == 24)
+			algo = SN_aes_192_cbc;
+		else if (xform->auth.key.length == 32)
+			algo = SN_aes_256_cbc;
+		else
+			return -EINVAL;
+
+		rte_memcpy(algo_name, algo, strlen(algo) + 1);
+		params[0] = OSSL_PARAM_construct_utf8_string(
+				OSSL_MAC_PARAM_CIPHER, algo_name, 0);
+		params[1] = OSSL_PARAM_construct_end();
+
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
+		sess->auth.cmac.ctx = EVP_MAC_CTX_new(mac);
+		EVP_MAC_free(mac);
+
+		if (EVP_MAC_init(sess->auth.cmac.ctx,
+				xform->auth.key.data,
+				xform->auth.key.length,
+				params) != 1)
+			return -EINVAL;
+# else
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		sess->auth.cmac.ctx = CMAC_CTX_new();
+		if (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_CBC,
+				    xform->auth.key.length,
+				    &sess->auth.cmac.evp_algo) != 0)
+			return -EINVAL;
+		if (CMAC_Init(sess->auth.cmac.ctx,
+			      xform->auth.key.data,
+			      xform->auth.key.length,
+			      sess->auth.cmac.evp_algo, NULL) != 1)
+			return -EINVAL;
+# endif
+		break;
+
 # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
@@ -645,15 +693,12 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		sess->auth.mode = OPENSSL_AUTH_AS_HMAC;
 
-		OSSL_PARAM params[2];
-		const char *algo;
 		algo = digest_name_get(xform->auth.algo);
 		if (!algo)
 			return -EINVAL;
-		char algo_name[MAX_OSSL_ALGO_NAME_SIZE];
 		rte_memcpy(algo_name, algo, (sizeof(algo)+1));
 
-		EVP_MAC *mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+		mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
 		sess->auth.hmac.ctx = EVP_MAC_CTX_new(mac);
 		EVP_MAC_free(mac);
 		if (get_auth_algo(xform->auth.algo,
@@ -817,6 +862,13 @@ openssl_reset_session(struct openssl_session *sess)
 		EVP_MAC_CTX_free(sess->auth.hmac.ctx);
 # else
 		HMAC_CTX_free(sess->auth.hmac.ctx);
+# endif
+		break;
+	case OPENSSL_AUTH_AS_CMAC:
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		EVP_MAC_CTX_free(sess->auth.cmac.ctx);
+# else
+		CMAC_CTX_free(sess->auth.cmac.ctx);
 # endif
 		break;
 	default:
@@ -1354,10 +1406,14 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	return -EINVAL;
 }
 
+
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
-/** Process standard openssl auth algorithms with hmac */
+# endif
+
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+/** Process standard openssl auth algorithms with hmac/cmac */
 static int
-process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+process_openssl_auth_mac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 		int srclen, EVP_MAC_CTX *ctx)
 {
 	size_t dstlen;
@@ -1459,6 +1515,58 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	OPENSSL_LOG(ERR, "Process openssl auth failed");
 	return -EINVAL;
 }
+
+/** Process standard openssl auth algorithms with cmac */
+static int
+process_openssl_auth_cmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+		int srclen, CMAC_CTX *ctx)
+{
+	unsigned int dstlen;
+	struct rte_mbuf *m;
+	int l, n = srclen;
+	uint8_t *src;
+
+	for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
+			m = m->next)
+		offset -= rte_pktmbuf_data_len(m);
+
+	if (m == 0)
+		goto process_auth_err;
+
+	src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
+
+	l = rte_pktmbuf_data_len(m) - offset;
+	if (srclen <= l) {
+		if (CMAC_Update(ctx, (unsigned char *)src, srclen) != 1)
+			goto process_auth_err;
+		goto process_auth_final;
+	}
+
+	if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+		goto process_auth_err;
+
+	n -= l;
+
+	for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
+		src = rte_pktmbuf_mtod(m, uint8_t *);
+		l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
+		if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+			goto process_auth_err;
+		n -= l;
+	}
+
+process_auth_final:
+	if (CMAC_Final(ctx, dst, (size_t *)&dstlen) != 1)
+		goto process_auth_err;
+
+	CMAC_CTX_cleanup(ctx);
+
+	return 0;
+
+process_auth_err:
+	OPENSSL_LOG(ERR, "Process openssl cmac auth failed");
+	return -EINVAL;
+}
 # endif
 /*----------------------------------------------------------------------------*/
 
@@ -1700,9 +1808,11 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	EVP_MD_CTX *ctx_a;
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
 	EVP_MAC_CTX *ctx_h;
+	EVP_MAC_CTX *ctx_c;
 	EVP_MAC *mac;
 # else
 	HMAC_CTX *ctx_h;
+	CMAC_CTX *ctx_c;
 # endif
 
 	srclen = op->sym->auth.data.length;
@@ -1724,7 +1834,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 		ctx_h = EVP_MAC_CTX_new(mac);
 		ctx_h = EVP_MAC_CTX_dup(sess->auth.hmac.ctx);
 		EVP_MAC_free(mac);
-		status = process_openssl_auth_hmac(mbuf_src, dst,
+		status = process_openssl_auth_mac(mbuf_src, dst,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
 # else
@@ -1734,6 +1844,24 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
 		HMAC_CTX_free(ctx_h);
+# endif
+		break;
+	case OPENSSL_AUTH_AS_CMAC:
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
+		ctx_c = EVP_MAC_CTX_new(mac);
+		ctx_c = EVP_MAC_CTX_dup(sess->auth.cmac.ctx);
+		EVP_MAC_free(mac);
+		status = process_openssl_auth_mac(mbuf_src, dst,
+				op->sym->auth.data.offset, srclen,
+				ctx_c);
+# else
+		ctx_c = CMAC_CTX_new();
+		CMAC_CTX_copy(ctx_c, sess->auth.cmac.ctx);
+		status = process_openssl_auth_cmac(mbuf_src, dst,
+				op->sym->auth.data.offset, srclen,
+				ctx_c);
+		CMAC_CTX_free(ctx_c);
 # endif
 		break;
 	default:
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 3e24ef94f7..f7ddbf9c73 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -394,6 +394,26 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CMAC (AUTH) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 16,
+					.increment = 4
+				},
+			}, }
+		}, }
+	},
 	{	/* 3DES CBC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-- 
2.25.1

RE: [PATCH v4 0/1] crypto/openssl: add aes cmac support

[Ji, Kai]

Hi Ashwin,

There is duplication of OPENSSL_VERSION_NUMBER check in v4,  right before process_openssl_auth_mac(). 
Are you planning to enable CMAC unit test case in cryptodev_openssl_autotest ?

Regards

Kai 


> -----Original Message-----
> From: Ashwin Sekhar T K <asekhar@marvell.com>
> Sent: Monday, July 18, 2022 10:19 AM
> To: asekhar@marvell.com
> Cc: anoobj@marvell.com; dev@dpdk.org; gakhil@marvell.com;
> hkalra@marvell.com; jerinj@marvell.com; kirankumark@marvell.com;
> ndabilpuram@marvell.com; pbhagavatula@marvell.com;
> psatheesh@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> skori@marvell.com; skoteshwar@marvell.com
> Subject: [PATCH v4 0/1] crypto/openssl: add aes cmac support
> 
> Add support for aes cmac operations.
> 
> v2:
>  * Added support for openssl 3.0
> v3:
>  * Fixed checkpatch warnings.
> v4:
>  * Fixed more checkpatch warnings.
> 
> Ashwin Sekhar T K (1):
>   crypto/openssl: support aes cmac operations
> 
>  drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
>  drivers/crypto/openssl/rte_openssl_pmd.c     | 142 ++++++++++++++++++-
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
>  3 files changed, 169 insertions(+), 7 deletions(-)
> 
> --
> 2.25.1

RE: [PATCH v4 0/1] crypto/openssl: add aes cmac support

[Ashwin Sekhar Thalakalath Kottilveetil]

Hi Kai,

Will fix the is duplication of OPENSSL_VERSION_NUMBER check.

Some CMAC tests are already present. The number of successful tests in cryptodev_openssl_autotest increases by 4 with this change. I am not planning to add more.

Regards,
Ashwin Sekhar T K 

> -----Original Message-----
> From: Ji, Kai <kai.ji@intel.com>
> Sent: Monday, July 18, 2022 7:27 PM
> To: Ashwin Sekhar Thalakalath Kottilveetil <asekhar@marvell.com>
> Cc: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org; Akhil Goyal
> <gakhil@marvell.com>; Harman Kalra <hkalra@marvell.com>; Jerin Jacob
> Kollanukkaran <jerinj@marvell.com>; Kiran Kumar Kokkilagadda
> <kirankumark@marvell.com>; Nithin Kumar Dabilpuram
> <ndabilpuram@marvell.com>; Pavan Nikhilesh Bhagavatula
> <pbhagavatula@marvell.com>; Satheesh Paul Antonysamy
> <psatheesh@marvell.com>; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> Sunil Kumar Kori <skori@marvell.com>; Satha Koteswara Rao Kottidi
> <skoteshwar@marvell.com>
> Subject: [EXT] RE: [PATCH v4 0/1] crypto/openssl: add aes cmac support
> 
> External Email
> 
> ----------------------------------------------------------------------
> Hi Ashwin,
> 
> There is duplication of OPENSSL_VERSION_NUMBER check in v4,  right
> before process_openssl_auth_mac().
> Are you planning to enable CMAC unit test case in
> cryptodev_openssl_autotest ?
> 
> Regards
> 
> Kai
> 
> 
> > -----Original Message-----
> > From: Ashwin Sekhar T K <asekhar@marvell.com>
> > Sent: Monday, July 18, 2022 10:19 AM
> > To: asekhar@marvell.com
> > Cc: anoobj@marvell.com; dev@dpdk.org; gakhil@marvell.com;
> > hkalra@marvell.com; jerinj@marvell.com; kirankumark@marvell.com;
> > ndabilpuram@marvell.com; pbhagavatula@marvell.com;
> > psatheesh@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> > skori@marvell.com; skoteshwar@marvell.com
> > Subject: [PATCH v4 0/1] crypto/openssl: add aes cmac support
> >
> > Add support for aes cmac operations.
> >
> > v2:
> >  * Added support for openssl 3.0
> > v3:
> >  * Fixed checkpatch warnings.
> > v4:
> >  * Fixed more checkpatch warnings.
> >
> > Ashwin Sekhar T K (1):
> >   crypto/openssl: support aes cmac operations
> >
> >  drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
> >  drivers/crypto/openssl/rte_openssl_pmd.c     | 142
> ++++++++++++++++++-
> >  drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
> >  3 files changed, 169 insertions(+), 7 deletions(-)
> >
> > --
> > 2.25.1

[PATCH v5 0/1] crypto/openssl: add aes cmac support

[Ashwin Sekhar T K]

Add support for aes cmac operations.

v2:
 * Added support for openssl 3.0
v3:
 * Fixed checkpatch warnings.
v4:
 * Fixed further checkpatch warnings.
v5:
 * Fixed duplicated preprocessor checks.

Ashwin Sekhar T K (1):
  crypto/openssl: support aes cmac operations

 drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 138 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
 3 files changed, 165 insertions(+), 7 deletions(-)

-- 
2.25.1

[PATCH v5 1/1] crypto/openssl: support aes cmac operations

[Ashwin Sekhar T K]

Extend openssl crypto PMD to support AES CMAC operations.

Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
---
 drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 138 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
 3 files changed, 165 insertions(+), 7 deletions(-)

diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index 5963a67a08..c34fd9a546 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -6,6 +6,7 @@
 #define _OPENSSL_PMD_PRIVATE_H_
 
 #include <openssl/evp.h>
+#include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/des.h>
 #include <openssl/rsa.h>
@@ -50,6 +51,7 @@ enum openssl_cipher_mode {
 enum openssl_auth_mode {
 	OPENSSL_AUTH_AS_AUTH,
 	OPENSSL_AUTH_AS_HMAC,
+	OPENSSL_AUTH_AS_CMAC,
 };
 
 /** private data structure for each OPENSSL crypto device */
@@ -145,6 +147,18 @@ struct openssl_session {
 # endif
 				/**< pointer to EVP context structure */
 			} hmac;
+
+			struct {
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+				EVP_MAC_CTX * ctx;
+				/**< pointer to EVP context structure */
+# else
+				const EVP_CIPHER * evp_algo;
+				/**< pointer to EVP algorithm function */
+				CMAC_CTX *ctx;
+				/**< pointer to EVP context structure */
+# endif
+			} cmac;
 		};
 
 		uint16_t aad_length;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5658b9db66..a078038651 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -10,6 +10,7 @@
 #include <rte_malloc.h>
 #include <rte_cpuflags.h>
 
+#include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
 
@@ -592,6 +593,12 @@ static int
 openssl_set_session_auth_parameters(struct openssl_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+	char algo_name[MAX_OSSL_ALGO_NAME_SIZE];
+	OSSL_PARAM params[2];
+	const char *algo;
+	EVP_MAC *mac;
+# endif
 	/* Select auth generate/verify */
 	sess->auth.operation = xform->auth.op;
 	sess->auth.algo = xform->auth.algo;
@@ -636,6 +643,47 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		sess->auth.auth.ctx = EVP_MD_CTX_create();
 		break;
 
+	case RTE_CRYPTO_AUTH_AES_CMAC:
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+		if (xform->auth.key.length == 16)
+			algo = SN_aes_128_cbc;
+		else if (xform->auth.key.length == 24)
+			algo = SN_aes_192_cbc;
+		else if (xform->auth.key.length == 32)
+			algo = SN_aes_256_cbc;
+		else
+			return -EINVAL;
+
+		rte_memcpy(algo_name, algo, strlen(algo) + 1);
+		params[0] = OSSL_PARAM_construct_utf8_string(
+				OSSL_MAC_PARAM_CIPHER, algo_name, 0);
+		params[1] = OSSL_PARAM_construct_end();
+
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
+		sess->auth.cmac.ctx = EVP_MAC_CTX_new(mac);
+		EVP_MAC_free(mac);
+
+		if (EVP_MAC_init(sess->auth.cmac.ctx,
+				xform->auth.key.data,
+				xform->auth.key.length,
+				params) != 1)
+			return -EINVAL;
+# else
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		sess->auth.cmac.ctx = CMAC_CTX_new();
+		if (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_CBC,
+				    xform->auth.key.length,
+				    &sess->auth.cmac.evp_algo) != 0)
+			return -EINVAL;
+		if (CMAC_Init(sess->auth.cmac.ctx,
+			      xform->auth.key.data,
+			      xform->auth.key.length,
+			      sess->auth.cmac.evp_algo, NULL) != 1)
+			return -EINVAL;
+# endif
+		break;
+
 # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
@@ -645,15 +693,12 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		sess->auth.mode = OPENSSL_AUTH_AS_HMAC;
 
-		OSSL_PARAM params[2];
-		const char *algo;
 		algo = digest_name_get(xform->auth.algo);
 		if (!algo)
 			return -EINVAL;
-		char algo_name[MAX_OSSL_ALGO_NAME_SIZE];
 		rte_memcpy(algo_name, algo, (sizeof(algo)+1));
 
-		EVP_MAC *mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+		mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
 		sess->auth.hmac.ctx = EVP_MAC_CTX_new(mac);
 		EVP_MAC_free(mac);
 		if (get_auth_algo(xform->auth.algo,
@@ -817,6 +862,13 @@ openssl_reset_session(struct openssl_session *sess)
 		EVP_MAC_CTX_free(sess->auth.hmac.ctx);
 # else
 		HMAC_CTX_free(sess->auth.hmac.ctx);
+# endif
+		break;
+	case OPENSSL_AUTH_AS_CMAC:
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		EVP_MAC_CTX_free(sess->auth.cmac.ctx);
+# else
+		CMAC_CTX_free(sess->auth.cmac.ctx);
 # endif
 		break;
 	default:
@@ -1355,9 +1407,9 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 }
 
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
-/** Process standard openssl auth algorithms with hmac */
+/** Process standard openssl auth algorithms with hmac/cmac */
 static int
-process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+process_openssl_auth_mac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 		int srclen, EVP_MAC_CTX *ctx)
 {
 	size_t dstlen;
@@ -1459,6 +1511,58 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	OPENSSL_LOG(ERR, "Process openssl auth failed");
 	return -EINVAL;
 }
+
+/** Process standard openssl auth algorithms with cmac */
+static int
+process_openssl_auth_cmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+		int srclen, CMAC_CTX *ctx)
+{
+	unsigned int dstlen;
+	struct rte_mbuf *m;
+	int l, n = srclen;
+	uint8_t *src;
+
+	for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
+			m = m->next)
+		offset -= rte_pktmbuf_data_len(m);
+
+	if (m == 0)
+		goto process_auth_err;
+
+	src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
+
+	l = rte_pktmbuf_data_len(m) - offset;
+	if (srclen <= l) {
+		if (CMAC_Update(ctx, (unsigned char *)src, srclen) != 1)
+			goto process_auth_err;
+		goto process_auth_final;
+	}
+
+	if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+		goto process_auth_err;
+
+	n -= l;
+
+	for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
+		src = rte_pktmbuf_mtod(m, uint8_t *);
+		l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
+		if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+			goto process_auth_err;
+		n -= l;
+	}
+
+process_auth_final:
+	if (CMAC_Final(ctx, dst, (size_t *)&dstlen) != 1)
+		goto process_auth_err;
+
+	CMAC_CTX_cleanup(ctx);
+
+	return 0;
+
+process_auth_err:
+	OPENSSL_LOG(ERR, "Process openssl cmac auth failed");
+	return -EINVAL;
+}
 # endif
 /*----------------------------------------------------------------------------*/
 
@@ -1700,9 +1804,11 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	EVP_MD_CTX *ctx_a;
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
 	EVP_MAC_CTX *ctx_h;
+	EVP_MAC_CTX *ctx_c;
 	EVP_MAC *mac;
 # else
 	HMAC_CTX *ctx_h;
+	CMAC_CTX *ctx_c;
 # endif
 
 	srclen = op->sym->auth.data.length;
@@ -1724,7 +1830,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 		ctx_h = EVP_MAC_CTX_new(mac);
 		ctx_h = EVP_MAC_CTX_dup(sess->auth.hmac.ctx);
 		EVP_MAC_free(mac);
-		status = process_openssl_auth_hmac(mbuf_src, dst,
+		status = process_openssl_auth_mac(mbuf_src, dst,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
 # else
@@ -1734,6 +1840,24 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
 		HMAC_CTX_free(ctx_h);
+# endif
+		break;
+	case OPENSSL_AUTH_AS_CMAC:
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
+		ctx_c = EVP_MAC_CTX_new(mac);
+		ctx_c = EVP_MAC_CTX_dup(sess->auth.cmac.ctx);
+		EVP_MAC_free(mac);
+		status = process_openssl_auth_mac(mbuf_src, dst,
+				op->sym->auth.data.offset, srclen,
+				ctx_c);
+# else
+		ctx_c = CMAC_CTX_new();
+		CMAC_CTX_copy(ctx_c, sess->auth.cmac.ctx);
+		status = process_openssl_auth_cmac(mbuf_src, dst,
+				op->sym->auth.data.offset, srclen,
+				ctx_c);
+		CMAC_CTX_free(ctx_c);
 # endif
 		break;
 	default:
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 3e24ef94f7..f7ddbf9c73 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -394,6 +394,26 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CMAC (AUTH) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 16,
+					.increment = 4
+				},
+			}, }
+		}, }
+	},
 	{	/* 3DES CBC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-- 
2.25.1

RE: [PATCH v5 1/1] crypto/openssl: support aes cmac operations

[Ji, Kai]

> -----Original Message-----
> From: Ashwin Sekhar T K <asekhar@marvell.com>
> Sent: Monday, July 18, 2022 5:25 PM
> To: asekhar@marvell.com
> Cc: anoobj@marvell.com; dev@dpdk.org; gakhil@marvell.com;
> hkalra@marvell.com; jerinj@marvell.com; kirankumark@marvell.com;
> ndabilpuram@marvell.com; pbhagavatula@marvell.com;
> psatheesh@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> skori@marvell.com; skoteshwar@marvell.com
> Subject: [PATCH v5 1/1] crypto/openssl: support aes cmac operations
> 
> Extend openssl crypto PMD to support AES CMAC operations.
> 
> Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
> ---
Acked-by: Kai Ji <kai.ji@intel.com>

RE: [PATCH v2] crypto/ipsec_mb: enable support for arm64

[Ruifeng Wang]

> -----Original Message-----
> From: Ashwin Sekhar T K <asekhar@marvell.com>
> Sent: Thursday, June 30, 2022 11:41 PM
> To: dev@dpdk.org; Fan Zhang <roy.fan.zhang@intel.com>; Pablo de Lara
> <pablo.de.lara.guarch@intel.com>
> Cc: jerinj@marvell.com; skori@marvell.com; skoteshwar@marvell.com;
> pbhagavatula@marvell.com; kirankumark@marvell.com;
> psatheesh@marvell.com; asekhar@marvell.com; anoobj@marvell.com;
> gakhil@marvell.com; hkalra@marvell.com; ndabilpuram@marvell.com
> Subject: [PATCH v2] crypto/ipsec_mb: enable support for arm64

Code change looks good to me.
Arm64 support is not fully enabled with this patch alone.
There is a patch to fix the remaining:
http://patches.dpdk.org/project/dpdk/patch/20220727081352.1333695-3-ruifeng.wang@arm.com/
Appreciate it if you can review that one.

Thanks.
> 
> Enable support for arm64 architecture in ipsec_mb. x86 specific code is
> conditionally compiled only for x86 architecture builds. Other architectures
> will be unsupported.
> 
> Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
> ---
>  drivers/crypto/ipsec_mb/ipsec_mb_private.c | 7 +++++++
> drivers/crypto/ipsec_mb/ipsec_mb_private.h | 3 ++-
>  2 files changed, 9 insertions(+), 1 deletion(-)
> 

<snip>

RE: [PATCH v2] crypto/ipsec_mb: enable support for arm64

[Ashwin Sekhar Thalakalath Kottilveetil]

Hi Ruifeng,

Thanks for this. Initially, I had made a local hack to my IPSEC MB build script which was creating intel-ipsec-mb.h as a softlink to ipsec-mb.h .

Later I forgot to remove this hack. So I didn't catch this. 

Regards,
Ashwin Sekhar T K 

> -----Original Message-----
> From: Ruifeng Wang <Ruifeng.Wang@arm.com>
> Sent: Wednesday, July 27, 2022 1:59 PM
> To: Ashwin Sekhar Thalakalath Kottilveetil <asekhar@marvell.com>;
> dev@dpdk.org; Fan Zhang <roy.fan.zhang@intel.com>; Pablo de Lara
> <pablo.de.lara.guarch@intel.com>
> Cc: Jerin Jacob Kollanukkaran <jerinj@marvell.com>; Sunil Kumar Kori
> <skori@marvell.com>; Satha Koteswara Rao Kottidi
> <skoteshwar@marvell.com>; Pavan Nikhilesh Bhagavatula
> <pbhagavatula@marvell.com>; Kiran Kumar Kokkilagadda
> <kirankumark@marvell.com>; Satheesh Paul Antonysamy
> <psatheesh@marvell.com>; Anoob Joseph <anoobj@marvell.com>; Akhil
> Goyal <gakhil@marvell.com>; Harman Kalra <hkalra@marvell.com>; Nithin
> Kumar Dabilpuram <ndabilpuram@marvell.com>; nd <nd@arm.com>
> Subject: [EXT] RE: [PATCH v2] crypto/ipsec_mb: enable support for arm64
> 
> External Email
> 
> ----------------------------------------------------------------------
> > -----Original Message-----
> > From: Ashwin Sekhar T K <asekhar@marvell.com>
> > Sent: Thursday, June 30, 2022 11:41 PM
> > To: dev@dpdk.org; Fan Zhang <roy.fan.zhang@intel.com>; Pablo de Lara
> > <pablo.de.lara.guarch@intel.com>
> > Cc: jerinj@marvell.com; skori@marvell.com; skoteshwar@marvell.com;
> > pbhagavatula@marvell.com; kirankumark@marvell.com;
> > psatheesh@marvell.com; asekhar@marvell.com; anoobj@marvell.com;
> > gakhil@marvell.com; hkalra@marvell.com; ndabilpuram@marvell.com
> > Subject: [PATCH v2] crypto/ipsec_mb: enable support for arm64
> 
> Code change looks good to me.
> Arm64 support is not fully enabled with this patch alone.
> There is a patch to fix the remaining:
> https://urldefense.proofpoint.com/v2/url?u=http-
> 3A__patches.dpdk.org_project_dpdk_patch_20220727081352.1333695-2D3-
> 2Druifeng.wang-
> 40arm.com_&d=DwIFAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=pYk-QOhvnkU-
> _75y0NKSn535ZotEGI_E69Py3Ppondk&m=nIGG87_fioLU92q775kMzq4KXXGT
> 5MnFSBch7NESxGBy-cjDWvDRIxpVc-
> 1bktjm&s=cMiUUrOKfZfSMCLVfjm77R8K0aIB6lhpWhmNh_o0SGM&e=
> Appreciate it if you can review that one.
> 
> Thanks.
> >
> > Enable support for arm64 architecture in ipsec_mb. x86 specific code
> > is conditionally compiled only for x86 architecture builds. Other
> > architectures will be unsupported.
> >
> > Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
> > ---
> >  drivers/crypto/ipsec_mb/ipsec_mb_private.c | 7 +++++++
> > drivers/crypto/ipsec_mb/ipsec_mb_private.h | 3 ++-
> >  2 files changed, 9 insertions(+), 1 deletion(-)
> >
> 
> <snip>

RE: [PATCH v2] crypto/ipsec_mb: enable support for arm64

[Akhil Goyal]

> > Subject: [PATCH v2] crypto/ipsec_mb: enable support for arm64
> 
> Code change looks good to me.
> Arm64 support is not fully enabled with this patch alone.
> There is a patch to fix the remaining:
> http://patches.dpdk.org/project/dpdk/patch/20220727081352.1333695-3-ruifeng.wang@arm.com/
> Appreciate it if you can review that one.
> 
> Thanks.
> >
> > Enable support for arm64 architecture in ipsec_mb. x86 specific code is
> > conditionally compiled only for x86 architecture builds. Other architectures
> > will be unsupported.
> >
> > Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
Applied to dpdk-next-crypto

Above patchset from Ruifeng is also merged.

Thanks.

RE: [PATCH v5 1/1] crypto/openssl: support aes cmac operations

[Akhil Goyal]

> > Subject: [PATCH v5 1/1] crypto/openssl: support aes cmac operations
> >
> > Extend openssl crypto PMD to support AES CMAC operations.
> >
> > Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
> > ---
> Acked-by: Kai Ji <kai.ji@intel.com>

Applied to dpdk-next-crypto

Thanks.