From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CA79245AD4; Mon, 7 Oct 2024 11:50:17 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BA339402EA; Mon, 7 Oct 2024 11:50:17 +0200 (CEST) Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) by mails.dpdk.org (Postfix) with ESMTP id E63FD4026C for ; Mon, 7 Oct 2024 11:50:15 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1728294616; x=1759830616; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=9lRYFb5g4uCTTb8MRxCcYFV0AlJCa5oovylKmXXot8I=; b=X6MZtN4xmz2Y1d/PafCJ5Vp70svihmuFEYpbUutG5TNeuGuGIde3yfjx GUAIF1Cfro3teLHb4qBRWiuVfU0Wg8YnhGmLKd8ErEWjtOw3TYCOnLYne c09iPWmeQx9ItqovB8o5rdDy3Olvl09xHvabALQ3ykGlFTm6bjE4m6UKf ghCP813SLcE1sdSTvH543hM0stAmCl/5l+EThs7KIrW9KHyR7gGeX3pHG rT2am04SjXapGcRmKRzIXCm29QqgKEeQye/BfuRTZPThAixgyzKu3re+a Eu4aK9JUh53UaL7xZEeRGnM0Jb4Fcqv33EKvCvqkPHl2KpYhKBoz3iq+e g==; X-CSE-ConnectionGUID: Yoex29lRRtKuiJb8BPNPlQ== X-CSE-MsgGUID: O2HJBsnwQLe/VuGGvsfTiQ== X-IronPort-AV: E=McAfee;i="6700,10204,11217"; a="30319182" X-IronPort-AV: E=Sophos;i="6.11,184,1725346800"; d="scan'208,217";a="30319182" Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Oct 2024 02:50:15 -0700 X-CSE-ConnectionGUID: /FTgu50KR8yFy2odZCXizg== X-CSE-MsgGUID: wdCAzzohTyqSrHuPnMbiwQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.11,184,1725346800"; d="scan'208,217";a="74991228" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by fmviesa006.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 07 Oct 2024 02:50:15 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 7 Oct 2024 02:50:14 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 7 Oct 2024 02:50:13 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39 via Frontend Transport; Mon, 7 Oct 2024 02:50:13 -0700 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.57.41) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.39; Mon, 7 Oct 2024 02:50:13 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BK4gU0PfxKoMQU8QEq33FBjgCBaeMv3uX8OZ9kQRLYqy+pU4eU9Olt3oImrU17ZLGv64ygSS1M27Z0qrWTxqwXeqZ3HqCP3GE9diP6vR30Q26+oRl0kpVXssmbSxMQglMzeZ3qZvqA8YAgeKELoptM93tHjtq251ohabW/pEKbtNbvBwa0Z3HdSrpY+UvNEunTNeh+qFMAma5ecNLrAkLtHDaJufw3uTWv8yYt7d43UiOKQDW4tWCSkPO5Sr15QrbXzzjtWZhj1pxr+Ot+R6dUK1jPc0DYB40l3aXjP/QYEY2XL0bpeU9P8TMOhF3BvHiXq8zT8ZjJg7Xp9Cq/l8Mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QOvy57abu1OnhkmTKyC2bl5QgMREFRB2nqyf/jq8Vy0=; b=hA81OMwzUahGFC/Y/rlUD3MF/s2y/A3aviLikb0FiCFIDL5cCdBqWqYBBWifBZoozshYx/GMdeUTrvx9rtULWS73f9u2yA9Ebj0UdwH/mc/9aG/uVg1pQr/CNuEf2gUh84Dm0vFdbgt0VVX2SxlL0Kq4/Zx4cVkA5ZMRKvSZ18TRHmJTd4Kj8By3PMkZuicNeTPLqHyApbyBza7wdr0AnnlJ1YzhETlPnaCKoU91U+B96JRW8/0ThEwTnm3PvD0TfgePkc0CG8P6YmY/6nQBVRWsyFpEWxN6/kZ8qMtmJxqYfER4PS1KUIc087g6DTsLm+QCD6mnreDSpK/BIewAEg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from DS0PR11MB7458.namprd11.prod.outlook.com (2603:10b6:8:145::13) by SJ2PR11MB8568.namprd11.prod.outlook.com (2603:10b6:a03:56c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8026.22; Mon, 7 Oct 2024 09:50:09 +0000 Received: from DS0PR11MB7458.namprd11.prod.outlook.com ([fe80::1a9e:53a6:9603:8f79]) by DS0PR11MB7458.namprd11.prod.outlook.com ([fe80::1a9e:53a6:9603:8f79%4]) with mapi id 15.20.8026.020; Mon, 7 Oct 2024 09:50:02 +0000 From: "Ji, Kai" To: Gowrishankar Muthukrishnan , "dev@dpdk.org" CC: Anoob Joseph , "Richardson, Bruce" , "jerinj@marvell.com" , "fanzhang.oss@gmail.com" , "Kusztal, ArkadiuszX" , "jack.bond-preston@foss.arm.com" , "Marchand, David" , "hemant.agrawal@nxp.com" , "De Lara Guarch, Pablo" , "Trahe, Fiona" , "Doherty, Declan" , "matan@nvidia.com" , "ruifeng.wang@arm.com" , "Akhil Goyal" Subject: Re: [PATCH v6 2/6] crypto/openssl: support EDDSA Thread-Topic: [PATCH v6 2/6] crypto/openssl: support EDDSA Thread-Index: AQHbFjcpWfdugDt6aEi3R9CshfxgaLJ7EAG2 Date: Mon, 7 Oct 2024 09:50:02 +0000 Message-ID: References: <20241004053059.319-1-gmuthukrishn@marvell.com> <20241004082623.714-1-gmuthukrishn@marvell.com> <20241004082623.714-2-gmuthukrishn@marvell.com> In-Reply-To: <20241004082623.714-2-gmuthukrishn@marvell.com> Accept-Language: en-GB, en-US, en-IE Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: DS0PR11MB7458:EE_|SJ2PR11MB8568:EE_ x-ms-office365-filtering-correlation-id: 0a8ea4cc-6384-4fa9-cb6d-08dce6b56a6b x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; ARA:13230040|1800799024|376014|7416014|366016|38070700018; x-microsoft-antispam-message-info: =?us-ascii?Q?Ifm6N7myQENy4HYdq5k1nav7Xp6sQG2GmRq2iDjqC473v3/bF/+i6O3xdE2M?= =?us-ascii?Q?Aqb6Of6aZJmIpi9ZJTAEJiu54AFDTQTPJu59qcFDZJrqB4xksvP0BZtnNYfe?= =?us-ascii?Q?oGxG5VIKO1NsCC6thhjeQi0bnl+7nCRpUsLtPYm37MAKBN4/QP+dVCz7M2P2?= =?us-ascii?Q?L3f8Q2wWSEIELTdHseUUGuguwahfIH63ELRm9aclgbIDAwpRNj8u/mUxi1e8?= =?us-ascii?Q?X5EzYm/pI7YVXPIkX0GmKAYIJG26a1S3hvtDMGRMx95LuGRJvvys1yPdMzCu?= =?us-ascii?Q?FCVtqAk8mlcW+H0CDTC8qc68XmMUb7l5plqsh9dAGsdkXlFB9v1VHJyp+nzp?= =?us-ascii?Q?jkO7RcZyTtQxw4oswfLqAEZhmg4/YCRvOCTQx/nxUP6p8IkpglcgIp5h5ZxW?= =?us-ascii?Q?cx6eHLklKnX+K7WQrcruSsMkayvXI7v/dJIDRsWjDXXUCsJRBsemROoGYrw6?= =?us-ascii?Q?HPd/BItsyYlqwrh9/GxLGdI3glwqpi9K0Ufpr7Dz+n7y/CgGcdy9pb13bIjb?= =?us-ascii?Q?UHURUdBFTtOT7nenpyUGePYjolF3ChyQQ9QD2UBz37XUR5K6dgNzyjWu9TCs?= =?us-ascii?Q?Z0fW0Bqg+SzZ/6VmFQdHuVlIdepcNGOrpumb0uEagopHKE/KAYiv1lZmozQn?= =?us-ascii?Q?QLGhrrjvuKP3F3CsZBoA2FhGyjhVAOdu+HVODfdelPqRusJ91Ow2zO2MEPPh?= =?us-ascii?Q?nwptXfDTVna5Z+zLsO61ZFgtCQrZww1J61euO0Npt1GTKxhZhprwOsmjVKXm?= =?us-ascii?Q?w1EYk8PbZYr1TW92Cf4YcnU29meXIRRIWm+YJCJFqkthi8u2tIZaJAyRaI9G?= =?us-ascii?Q?Dl+zcyQR+svkQ7ps1tYnSl+WdeM77PLtdcdR0hy3PR/1F0BNXi7GWlSYFR78?= =?us-ascii?Q?3f02KLVNk6+nji19ClMhRblpNqmtQnfqwyj49SbT69OWA6/mvhZPJG2xbfyg?= =?us-ascii?Q?LCpEhnbFFp/jbowvYC/UGppHbJptUJQhIM6M5mCeVNrIZi65nkwL328p9F5q?= =?us-ascii?Q?gKnjYHgZlCbcI/c5Ffw2A55qDlwTrlqaehRsCm8peR1R4WCYyXok0FL6uPI2?= =?us-ascii?Q?ggM8w2YY2g9jP9sO/kGg+UhDq1xg6CpGs0xe8Kvoi36VtU5t74flmVswMuPp?= =?us-ascii?Q?yUC/ZU126ZxbCT9dIABglaOrdVDFUYUjLoHKPzVrEl27rr1zpD7ADCuadcxo?= =?us-ascii?Q?+WFnJdjL4YvM83iENsLsvWEd2s4vcMQYHEpehQPwHG6rgltvPN/dRKrdwliM?= =?us-ascii?Q?lPQE5SSggt6TvHPm8TGwcczhkwgYtUDPxLLccGCccyECe2k5bwyfzSbIUHSB?= =?us-ascii?Q?EUS3F8f0GuxAcSjyb6X0RHg5cUXtXqyNImiLQ/+yZbXrSQ=3D=3D?= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DS0PR11MB7458.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(1800799024)(376014)(7416014)(366016)(38070700018); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?xkQfKwht0bReTrzycnzU1JBDqpyK84pEWv4+5bHeX804SJrkWjM4eW9kF3D+?= =?us-ascii?Q?OVXt/pP2/5gRaxNxJfBEzN2eCTp9mxcO/CKzD0snrxqQVMZCaCVj96/sQX28?= =?us-ascii?Q?IW9ONuickSH40xTKT9rF8YJzsnxIIG/ygkbrZkB5t6pr+aSIvwGB0pZnbAsE?= =?us-ascii?Q?0GmQjkmGMHiaOxh7a22wrXyNHDuc1jdHTH7tX5oXdec9+dH3pcq3l/XKQ2P4?= =?us-ascii?Q?uNUFfXJirX7DKkaL5wyGS/rK6vJICcGa4gzyKKm5xQQLuEairQmJRdovyL5A?= =?us-ascii?Q?d6TvyuWzawa99CslvrWwU8ncqwpQ4gCu5QnMb6gNWb+hIAV/etUx6p2ATLOb?= =?us-ascii?Q?ohIhceOApnIsh5/kIX/5hnumn2o64QQ2xIoTItR1i30ZGMrIBrPDbV34AksW?= =?us-ascii?Q?TqetyVAvVpIXGPHsZjAF35KKFqsHIM2VVXEc92OWU8IU8jAgYDe1ePL+pfzl?= =?us-ascii?Q?SWg84uxtpvATa5x6khEgO0bQcdfjMzjiQKNMKFoWB7Smv79VoCCdfa/MQipM?= =?us-ascii?Q?6UmwEbHJOLSMvnn/vKHuGUzaPMN+6Mg77/N+BudmCpccnbWD4inmxL+Ue8VU?= =?us-ascii?Q?X69soVP6etIZr/KVmBsGfvg8s10iGV8Wy9kUfGej4Ww1Ie9/G/InqMDWamcW?= =?us-ascii?Q?u9v7sKEeJ0g3WpdgNQSCQo6PbWR09r9x6r8UySwGymreVWbfrxgOvKCK96b0?= =?us-ascii?Q?AA4DG0y95nDeIJZ6bDG267dA/ZJ/rgDlZR4LJlLA8/P8bIyH7OKEZ/G1gbwf?= =?us-ascii?Q?rlUTQ1vWAE1e1DlBRxfE3u73bRPNv9y9EBpNu1aaY3jOXbW6PdRcOl4jSPBL?= =?us-ascii?Q?PcZrhYDI8WTiZmUPfbZOlexeqvHpmPsFnzzRuq/dkZlzOsJSc7vkNeTCGx3N?= =?us-ascii?Q?i+jeRI/QJ6dl7DHAxgJgIJJE+RiXwJ7cHgW9rTgjotn33w44zZLOD9g3lMwc?= =?us-ascii?Q?eaQFFuBPkenMCPS4mHO2llmdEltTmsYk2xX7iI8KMW3tXZy3Kb8LvftPM5wc?= =?us-ascii?Q?6bnQ2F2b73qzutt26/6Wtmu7yHLNsCClxAstt8axLzfGZJQ5J5ynjGWPj7o+?= =?us-ascii?Q?Z0J7Q2eMu1YxTptY1UB35UHjVxTYcmXfF60ZGIGfBuKtCW75ymgjQgiwpO6d?= =?us-ascii?Q?uEhZTAzlVRzN2pJExew95vAG1qS0sq05yFFaekFLdamNMLRAxwvV36uz3P9C?= =?us-ascii?Q?ne5geYuMSlEiMD1E3/uJRNMC/YKEypN1RTkvEhMYFizRMEPlGt43SoQMq8Sp?= =?us-ascii?Q?Gqc5NrmQou2AWdKKkxv6xp1n9sKeglDkvYlxn0GBP/ckPH8SUNSHtnqGCLfx?= =?us-ascii?Q?ajDmLMvvDCm4KRK7zz4n50Tb5cRp1jQuRA963roCvdRiuzJoP1aTLe6+bWOD?= =?us-ascii?Q?bQiq89X3UXK1jTENQw3CmPnEH8QNWQcEj6ZUQ6pm2KqkuMYE3Kgon1wLlFqL?= =?us-ascii?Q?zMOSHqvY7xIxFnY+W2uqbiyywppsTpES1tN+buAzHDaCwXWnW5fjqf6S81ss?= =?us-ascii?Q?FwmeXQuDGiM3BkDlnd4aOQw4Az9U64+aoa8MiqNMSznFlNgnwgaSNAGxLSpB?= =?us-ascii?Q?XKJj7Uu2SZhCsFSo+ac=3D?= Content-Type: multipart/alternative; boundary="_000_DS0PR11MB7458F0D2EFAE85FB9955CC92817D2DS0PR11MB7458namp_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB7458.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0a8ea4cc-6384-4fa9-cb6d-08dce6b56a6b X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2024 09:50:02.8190 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 3ZNO2dULa/ugfFr9q+Jvt0KwhVa44kdve+z/LGbcyEhTp33r3p6RVsl5m07Otki29Zwpuo/fBseB/N7zkcz8sg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR11MB8568 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org --_000_DS0PR11MB7458F0D2EFAE85FB9955CC92817D2DS0PR11MB7458namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Acked-by: Kai Ji ________________________________ From: Gowrishankar Muthukrishnan Sent: 04 October 2024 09:26 To: dev@dpdk.org ; Ji, Kai Cc: Anoob Joseph ; Richardson, Bruce ; jerinj@marvell.com ; fanzhang.oss@gmail.com= ; Kusztal, ArkadiuszX ; jack.bond-preston@foss.arm.com ; Marcha= nd, David ; hemant.agrawal@nxp.com ; De Lara Guarch, Pablo ; Trahe,= Fiona ; Doherty, Declan ;= matan@nvidia.com ; ruifeng.wang@arm.com ; Akhil Goyal ; Gowrishankar Muthukrishnan Subject: [PATCH v6 2/6] crypto/openssl: support EDDSA Support EDDSA crypto algorithm in OpenSSL PMD. Signed-off-by: Gowrishankar Muthukrishnan --- doc/guides/cryptodevs/features/openssl.ini | 1 + drivers/crypto/openssl/openssl_pmd_private.h | 13 ++ drivers/crypto/openssl/rte_openssl_pmd.c | 223 +++++++++++++++++++ drivers/crypto/openssl/rte_openssl_pmd_ops.c | 131 +++++++++++ 4 files changed, 368 insertions(+) diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/crypto= devs/features/openssl.ini index b64c8ec4a5..0540c075dc 100644 --- a/doc/guides/cryptodevs/features/openssl.ini +++ b/doc/guides/cryptodevs/features/openssl.ini @@ -66,6 +66,7 @@ Modular Exponentiation =3D Y Modular Inversion =3D Y Diffie-hellman =3D Y SM2 =3D Y +EDDSA =3D Y ; ; Supported Operating systems of the 'openssl' crypto driver. diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/= openssl/openssl_pmd_private.h index 0282b3d829..7dd97f1c72 100644 --- a/drivers/crypto/openssl/openssl_pmd_private.h +++ b/drivers/crypto/openssl/openssl_pmd_private.h @@ -231,10 +231,23 @@ struct __rte_cache_aligned openssl_asym_session { #endif } s; struct { + uint8_t curve_id; +#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) + EC_GROUP * group; + BIGNUM *priv_key; +#endif + } ec; + struct { #if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) OSSL_PARAM * params; #endif } sm2; + struct { + uint8_t curve_id; +#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) + OSSL_PARAM * params; +#endif + } eddsa; } u; }; /** Set and validate OPENSSL crypto session parameters */ diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/open= ssl/rte_openssl_pmd.c index e10a172f46..4e4d06403b 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -2849,6 +2849,45 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop= , } +static int +process_openssl_ecfpm_op_evp(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + const EC_GROUP *ecgrp =3D sess->u.ec.group; + EC_POINT *ecpt =3D NULL; + BN_CTX *ctx =3D NULL; + BIGNUM *n =3D NULL; + int ret =3D -1; + + n =3D BN_bin2bn((const unsigned char *) + cop->asym->ecpm.scalar.data, + cop->asym->ecpm.scalar.length, + BN_new()); + + ctx =3D BN_CTX_new(); + if (!ctx) + goto err_ecfpm; + + if (!EC_POINT_mul(ecgrp, ecpt, n, NULL, NULL, ctx)) + goto err_ecfpm; + + if (cop->asym->flags & RTE_CRYPTO_ASYM_FLAG_PUB_KEY_COMPRESSED) { + unsigned char *buf =3D cop->asym->ecpm.r.x.data; + size_t sz; + + sz =3D EC_POINT_point2oct(ecgrp, ecpt, POINT_CONVERSION_COM= PRESSED, buf, 0, ctx); + if (!sz) + goto err_ecfpm; + + cop->asym->ecpm.r.x.length =3D sz; + } + +err_ecfpm: + BN_CTX_free(ctx); + BN_free(n); + return ret; +} + static int process_openssl_sm2_op_evp(struct rte_crypto_op *cop, struct openssl_asym_session *sess) @@ -3074,6 +3113,158 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *co= p, return ret; } +static int +process_openssl_eddsa_op_evp(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + static const char * const instance[] =3D {"Ed25519", "Ed25519ctx", = "Ed25519ph", + "Ed448", "Ed448ph"}; + EVP_PKEY_CTX *kctx =3D NULL, *sctx =3D NULL, *cctx =3D NULL; + const uint8_t curve_id =3D sess->u.eddsa.curve_id; + struct rte_crypto_asym_op *op =3D cop->asym; + OSSL_PARAM *params =3D sess->u.eddsa.params; + OSSL_PARAM_BLD *iparam_bld =3D NULL; + OSSL_PARAM *iparams =3D NULL; + uint8_t signbuf[128] =3D {0}; + EVP_MD_CTX *md_ctx =3D NULL; + EVP_PKEY *pkey =3D NULL; + size_t signlen; + int ret =3D -1; + + cop->status =3D RTE_CRYPTO_OP_STATUS_ERROR; + + iparam_bld =3D OSSL_PARAM_BLD_new(); + if (!iparam_bld) + goto err_eddsa; + + if (op->eddsa.instance =3D=3D RTE_CRYPTO_EDCURVE_25519CTX) { + OSSL_PARAM_BLD_push_octet_string(iparam_bld, "context-strin= g", + op->eddsa.context.data, op->eddsa.context.length); + + } + + OSSL_PARAM_BLD_push_utf8_string(iparam_bld, "instance", + instance[op->eddsa.instance], strlen(instance[op->eddsa.ins= tance])); + + iparams =3D OSSL_PARAM_BLD_to_param(iparam_bld); + if (!iparams) + goto err_eddsa; + + switch (op->eddsa.op_type) { + case RTE_CRYPTO_ASYM_OP_SIGN: + { + if (curve_id =3D=3D RTE_CRYPTO_EC_GROUP_ED25519) + kctx =3D EVP_PKEY_CTX_new_from_name(NULL, "= ED25519", NULL); + else + kctx =3D EVP_PKEY_CTX_new_from_name(NULL, "= ED448", NULL); + + if (kctx =3D=3D NULL || EVP_PKEY_fromdata_init(kctx= ) <=3D 0 || + EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEY= PAIR, params) <=3D 0) + goto err_eddsa; + + md_ctx =3D EVP_MD_CTX_new(); + if (!md_ctx) + goto err_eddsa; + + sctx =3D EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NUL= L); + if (!sctx) + goto err_eddsa; + + EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); + +#if (OPENSSL_VERSION_NUMBER >=3D 0x30300000L) + if (!EVP_DigestSignInit_ex(md_ctx, NULL, NULL, NULL= , NULL, pkey, iparams)) + goto err_eddsa; +#else + if (op->eddsa.instance =3D=3D RTE_CRYPTO_EDCURVE_25= 519 || + op->eddsa.instance =3D=3D RTE_CRYPTO_EDCURV= E_448) { + if (!EVP_DigestSignInit(md_ctx, NULL, NULL,= NULL, pkey)) + goto err_eddsa; + } else + goto err_eddsa; +#endif + + if (!EVP_DigestSign(md_ctx, NULL, &signlen, op->edd= sa.message.data, + op->eddsa.message.length)) + goto err_eddsa; + + if (signlen > RTE_DIM(signbuf)) + goto err_eddsa; + + if (!EVP_DigestSign(md_ctx, signbuf, &signlen, op->= eddsa.message.data, + op->eddsa.message.length)) + goto err_eddsa; + + memcpy(op->eddsa.sign.data, &signbuf[0], signlen); + op->eddsa.sign.length =3D signlen; + } + break; + case RTE_CRYPTO_ASYM_OP_VERIFY: + { + if (curve_id =3D=3D RTE_CRYPTO_EC_GROUP_ED25519) + kctx =3D EVP_PKEY_CTX_new_from_name(NULL, "= ED25519", NULL); + else + kctx =3D EVP_PKEY_CTX_new_from_name(NULL, "= ED448", NULL); + + if (kctx =3D=3D NULL || EVP_PKEY_fromdata_init(kctx= ) <=3D 0 || + EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_PUB= LIC_KEY, params) <=3D 0) + goto err_eddsa; + + md_ctx =3D EVP_MD_CTX_new(); + if (!md_ctx) + goto err_eddsa; + + sctx =3D EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NUL= L); + if (!sctx) + goto err_eddsa; + + EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); + +#if (OPENSSL_VERSION_NUMBER >=3D 0x30300000L) + if (!EVP_DigestVerifyInit_ex(md_ctx, NULL, NULL, NU= LL, NULL, pkey, iparams)) + goto err_eddsa; +#else + if (op->eddsa.instance =3D=3D RTE_CRYPTO_EDCURVE_25= 519 || + op->eddsa.instance =3D=3D RTE_CRYPTO_EDCURV= E_448) { + if (!EVP_DigestVerifyInit(md_ctx, NULL, NUL= L, NULL, pkey)) + goto err_eddsa; + } else + goto err_eddsa; +#endif + + signlen =3D op->eddsa.sign.length; + memcpy(&signbuf[0], op->eddsa.sign.data, op->eddsa.= sign.length); + + ret =3D EVP_DigestVerify(md_ctx, signbuf, signlen, = op->eddsa.message.data, + op->eddsa.message.length); + if (ret =3D=3D 0) + goto err_eddsa; + } + break; + default: + /* allow ops with invalid args to be pushed to + * completion queue + */ + cop->status =3D RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + goto err_eddsa; + } + + ret =3D 0; + cop->status =3D RTE_CRYPTO_OP_STATUS_SUCCESS; +err_eddsa: + OSSL_PARAM_BLD_free(iparam_bld); + + if (sctx) + EVP_PKEY_CTX_free(sctx); + + if (cctx) + EVP_PKEY_CTX_free(cctx); + + if (pkey) + EVP_PKEY_free(pkey); + + return ret; +} #else static int process_openssl_rsa_op(struct rte_crypto_op *cop, @@ -3174,6 +3365,15 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, return 0; } +static int +process_openssl_ecfpm_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + RTE_SET_USED(cop); + RTE_SET_USED(sess); + return -ENOTSUP; +} + static int process_openssl_sm2_op(struct rte_crypto_op *cop, struct openssl_asym_session *sess) @@ -3182,6 +3382,15 @@ process_openssl_sm2_op(struct rte_crypto_op *cop, RTE_SET_USED(sess); return -ENOTSUP; } + +static int +process_openssl_eddsa_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + RTE_SET_USED(cop); + RTE_SET_USED(sess); + return -ENOTSUP; +} #endif static int @@ -3230,6 +3439,13 @@ process_asym_op(struct openssl_qp *qp, struct rte_cr= ypto_op *op, process_openssl_dsa_verify_op(op, sess); else op->status =3D RTE_CRYPTO_OP_STATUS_INVALID_ARGS; +#endif + break; + case RTE_CRYPTO_ASYM_XFORM_ECFPM: +#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) + retval =3D process_openssl_ecfpm_op_evp(op, sess); +#else + retval =3D process_openssl_ecfpm_op(op, sess); #endif break; case RTE_CRYPTO_ASYM_XFORM_SM2: @@ -3237,6 +3453,13 @@ process_asym_op(struct openssl_qp *qp, struct rte_cr= ypto_op *op, retval =3D process_openssl_sm2_op_evp(op, sess); #else retval =3D process_openssl_sm2_op(op, sess); +#endif + break; + case RTE_CRYPTO_ASYM_XFORM_EDDSA: +#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) + retval =3D process_openssl_eddsa_op_evp(op, sess); +#else + retval =3D process_openssl_eddsa_op(op, sess); #endif break; default: diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/= openssl/rte_openssl_pmd_ops.c index b7b612fc57..0725184653 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -593,6 +593,16 @@ static const struct rte_cryptodev_capabilities openssl= _pmd_capabilities[] =3D { }, } }, + { /* ECFPM */ + .op =3D RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym =3D { + .xform_capa =3D { + .xform_type =3D RTE_CRYPTO_ASYM_XFORM_ECFPM= , + .op_types =3D 0 + } + } + } + }, { /* SM2 */ .op =3D RTE_CRYPTO_OP_TYPE_ASYMMETRIC, {.asym =3D { @@ -610,6 +620,20 @@ static const struct rte_cryptodev_capabilities openssl= _pmd_capabilities[] =3D { } } }, + { /* EDDSA */ + .op =3D RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym =3D { + .xform_capa =3D { + .xform_type =3D RTE_CRYPTO_ASYM_XFORM_EDDSA= , + .hash_algos =3D (1 << RTE_CRYPTO_AUTH_SHA51= 2 | + 1 << RTE_CRYPTO_AUTH_SHAKE_2= 56), + .op_types =3D + ((1<=3D 0x30000000L) + EC_GROUP *ecgrp =3D NULL; + + asym_session->xfrm_type =3D xform->xform_type; + + switch (xform->ec.curve_id) { + case RTE_CRYPTO_EC_GROUP_SECP192R1: + ecgrp =3D EC_GROUP_new_by_curve_name(NID_secp192k1)= ; + break; + case RTE_CRYPTO_EC_GROUP_SECP224R1: + ecgrp =3D EC_GROUP_new_by_curve_name(NID_secp224r1)= ; + break; + case RTE_CRYPTO_EC_GROUP_SECP256R1: + ecgrp =3D EC_GROUP_new_by_curve_name(NID_secp256k1)= ; + break; + case RTE_CRYPTO_EC_GROUP_SECP384R1: + ecgrp =3D EC_GROUP_new_by_curve_name(NID_secp384r1)= ; + break; + case RTE_CRYPTO_EC_GROUP_SECP521R1: + ecgrp =3D EC_GROUP_new_by_curve_name(NID_secp521r1)= ; + break; + case RTE_CRYPTO_EC_GROUP_ED25519: + ecgrp =3D EC_GROUP_new_by_curve_name(NID_ED25519); + break; + case RTE_CRYPTO_EC_GROUP_ED448: + ecgrp =3D EC_GROUP_new_by_curve_name(NID_ED448); + break; + default: + break; + } + + asym_session->u.ec.curve_id =3D xform->ec.curve_id; + asym_session->u.ec.group =3D ecgrp; + break; +#else + OPENSSL_LOG(WARNING, "ECFPM unsupported for OpenSSL Version= < 3.0"); + return -ENOTSUP; +#endif + } case RTE_CRYPTO_ASYM_XFORM_SM2: { #if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) @@ -1440,6 +1505,66 @@ static int openssl_set_asym_session_parameters( #else OPENSSL_LOG(WARNING, "SM2 unsupported for OpenSSL Version = < 3.0"); return -ENOTSUP; +#endif + } + case RTE_CRYPTO_ASYM_XFORM_EDDSA: + { +#if (OPENSSL_VERSION_NUMBER >=3D 0x30300000L) + OSSL_PARAM_BLD *param_bld =3D NULL; + OSSL_PARAM *params =3D NULL; + int ret =3D -1; + + asym_session->u.eddsa.curve_id =3D xform->ec.curve_id; + + param_bld =3D OSSL_PARAM_BLD_new(); + if (!param_bld) { + OPENSSL_LOG(ERR, "failed to allocate params"); + goto err_eddsa; + } + + ret =3D OSSL_PARAM_BLD_push_utf8_string(param_bld, + OSSL_PKEY_PARAM_GROUP_NAME, "ED25519", sizeof("ED= 25519")); + if (!ret) { + OPENSSL_LOG(ERR, "failed to push params"); + goto err_eddsa; + } + + ret =3D OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_PK= EY_PARAM_PRIV_KEY, + xform->ec.pkey.data, xform->ec.pkey.length)= ; + if (!ret) { + OPENSSL_LOG(ERR, "failed to push params"); + goto err_eddsa; + } + + ret =3D OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_PK= EY_PARAM_PUB_KEY, + xform->ec.q.x.data, xform->ec.q.x.length); + if (!ret) { + OPENSSL_LOG(ERR, "failed to push params"); + goto err_eddsa; + } + + params =3D OSSL_PARAM_BLD_to_param(param_bld); + if (!params) { + OPENSSL_LOG(ERR, "failed to push params"); + goto err_eddsa; + } + + asym_session->u.eddsa.params =3D params; + OSSL_PARAM_BLD_free(param_bld); + + asym_session->xfrm_type =3D RTE_CRYPTO_ASYM_XFORM_EDDSA; + break; +err_eddsa: + if (param_bld) + OSSL_PARAM_BLD_free(param_bld); + + if (asym_session->u.eddsa.params) + OSSL_PARAM_free(asym_session->u.eddsa.params); + + return -1; +#else + OPENSSL_LOG(WARNING, "EDDSA unsupported for OpenSSL Version= < 3.3"); + return -ENOTSUP; #endif } default: @@ -1538,6 +1663,12 @@ static void openssl_reset_asym_session(struct openss= l_asym_session *sess) #if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) OSSL_PARAM_free(sess->u.sm2.params); #endif + break; + case RTE_CRYPTO_ASYM_XFORM_EDDSA: +#if (OPENSSL_VERSION_NUMBER >=3D 0x30300000L) + OSSL_PARAM_free(sess->u.eddsa.params); +#endif + break; default: break; } -- 2.21.0 --_000_DS0PR11MB7458F0D2EFAE85FB9955CC92817D2DS0PR11MB7458namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Acked-by: Kai Ji <kai.ji@intel.com>

From: Gowrishankar Muthukri= shnan <gmuthukrishn@marvell.com>
Sent: 04 October 2024 09:26
To: dev@dpdk.org <dev@dpdk.org>; Ji, Kai <kai.ji@intel.com&= gt;
Cc: Anoob Joseph <anoobj@marvell.com>; Richardson, Bruce <b= ruce.richardson@intel.com>; jerinj@marvell.com <jerinj@marvell.com>= ;; fanzhang.oss@gmail.com <fanzhang.oss@gmail.com>; Kusztal, Arkadius= zX <arkadiuszx.kusztal@intel.com>; jack.bond-preston@foss.arm.com <jack.bond-preston@foss.arm.com>; Marchand, David <david.marchand= @redhat.com>; hemant.agrawal@nxp.com <hemant.agrawal@nxp.com>; De = Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <= ;fiona.trahe@intel.com>; Doherty, Declan <declan.doherty@intel.com>= ;; matan@nvidia.com <matan@nvidia.com>; ruifeng.wang@arm.com <ruifen= g.wang@arm.com>; Akhil Goyal <gakhil@marvell.com>; Gowrishankar Mu= thukrishnan <gmuthukrishn@marvell.com>
Subject: [PATCH v6 2/6] crypto/openssl: support EDDSA
 
Support EDDSA crypto algorithm in OpenSSL PMD.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com><= br> ---
 doc/guides/cryptodevs/features/openssl.ini   |   = 1 +
 drivers/crypto/openssl/openssl_pmd_private.h |  13 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 22= 3 +++++++++++++++++++
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 131 +++++++++++
 4 files changed, 368 insertions(+)

diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/crypto= devs/features/openssl.ini
index b64c8ec4a5..0540c075dc 100644
--- a/doc/guides/cryptodevs/features/openssl.ini
+++ b/doc/guides/cryptodevs/features/openssl.ini
@@ -66,6 +66,7 @@ Modular Exponentiation =3D Y
 Modular Inversion =3D Y
 Diffie-hellman =3D Y
 SM2 =3D Y
+EDDSA =3D Y
 
 ;
 ; Supported Operating systems of the 'openssl' crypto driver.
diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/= openssl/openssl_pmd_private.h
index 0282b3d829..7dd97f1c72 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -231,10 +231,23 @@ struct __rte_cache_aligned openssl_asym_session {
 #endif
            &nb= sp;    } s;
            &nb= sp;    struct {
+            &n= bsp;          uint8_t curve_id= ;
+#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L)
+            &n= bsp;          EC_GROUP * group= ;
+            &n= bsp;          BIGNUM *priv_key= ;
+#endif
+            &n= bsp;  } ec;
+            &n= bsp;  struct {
 #if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L)
            &nb= sp;            OSSL_= PARAM * params;
 #endif
            &nb= sp;    } sm2;
+            &n= bsp;  struct {
+            &n= bsp;          uint8_t curve_id= ;
+#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L)
+            &n= bsp;          OSSL_PARAM * par= ams;
+#endif
+            &n= bsp;  } eddsa;
         } u;
 };
 /** Set and validate OPENSSL crypto session parameters */
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/open= ssl/rte_openssl_pmd.c
index e10a172f46..4e4d06403b 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -2849,6 +2849,45 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop= ,
 
 }
 
+static int
+process_openssl_ecfpm_op_evp(struct rte_crypto_op *cop,
+            &n= bsp;  struct openssl_asym_session *sess)
+{
+       const EC_GROUP *ecgrp =3D sess->u.= ec.group;
+       EC_POINT *ecpt =3D NULL;
+       BN_CTX *ctx =3D NULL;
+       BIGNUM *n =3D NULL;
+       int ret =3D -1;
+
+       n =3D BN_bin2bn((const unsigned char = *)
+            &n= bsp;          cop->asym->= ;ecpm.scalar.data,
+            &n= bsp;          cop->asym->= ;ecpm.scalar.length,
+            &n= bsp;          BN_new());
+
+       ctx =3D BN_CTX_new();
+       if (!ctx)
+            &n= bsp;  goto err_ecfpm;
+
+       if (!EC_POINT_mul(ecgrp, ecpt, n, NUL= L, NULL, ctx))
+            &n= bsp;  goto err_ecfpm;
+
+       if (cop->asym->flags & RTE_= CRYPTO_ASYM_FLAG_PUB_KEY_COMPRESSED) {
+            &n= bsp;  unsigned char *buf =3D cop->asym->ecpm.r.x.data;
+            &n= bsp;  size_t sz;
+
+            &n= bsp;  sz =3D EC_POINT_point2oct(ecgrp, ecpt, POINT_CONVERSION_COMPRESS= ED, buf, 0, ctx);
+            &n= bsp;  if (!sz)
+            &n= bsp;          goto err_ecfpm;<= br> +
+            &n= bsp;  cop->asym->ecpm.r.x.length =3D sz;
+       }
+
+err_ecfpm:
+       BN_CTX_free(ctx);
+       BN_free(n);
+       return ret;
+}
+
 static int
 process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
            &nb= sp;    struct openssl_asym_session *sess)
@@ -3074,6 +3113,158 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *co= p,
         return ret;
 }
 
+static int
+process_openssl_eddsa_op_evp(struct rte_crypto_op *cop,
+            &n= bsp;  struct openssl_asym_session *sess)
+{
+       static const char * const instance[] = =3D {"Ed25519", "Ed25519ctx", "Ed25519ph", +            &n= bsp;            = ;            &n= bsp;         "Ed448", &qu= ot;Ed448ph"};
+       EVP_PKEY_CTX *kctx =3D NULL, *sctx = =3D NULL, *cctx =3D NULL;
+       const uint8_t curve_id =3D sess->u= .eddsa.curve_id;
+       struct rte_crypto_asym_op *op =3D cop= ->asym;
+       OSSL_PARAM *params =3D sess->u.edd= sa.params;
+       OSSL_PARAM_BLD *iparam_bld =3D NULL;<= br> +       OSSL_PARAM *iparams =3D NULL;
+       uint8_t signbuf[128] =3D {0};
+       EVP_MD_CTX *md_ctx =3D NULL;
+       EVP_PKEY *pkey =3D NULL;
+       size_t signlen;
+       int ret =3D -1;
+
+       cop->status =3D RTE_CRYPTO_OP_STAT= US_ERROR;
+
+       iparam_bld =3D OSSL_PARAM_BLD_new();<= br> +       if (!iparam_bld)
+            &n= bsp;  goto err_eddsa;
+
+       if (op->eddsa.instance =3D=3D RTE_= CRYPTO_EDCURVE_25519CTX) {
+            &n= bsp;  OSSL_PARAM_BLD_push_octet_string(iparam_bld, "context-strin= g",
+            &n= bsp;          op->eddsa.con= text.data, op->eddsa.context.length);
+
+       }
+
+       OSSL_PARAM_BLD_push_utf8_string(ipara= m_bld, "instance",
+            &n= bsp;  instance[op->eddsa.instance], strlen(instance[op->eddsa.in= stance]));
+
+       iparams =3D OSSL_PARAM_BLD_to_param(i= param_bld);
+       if (!iparams)
+            &n= bsp;  goto err_eddsa;
+
+       switch (op->eddsa.op_type) {
+       case RTE_CRYPTO_ASYM_OP_SIGN:
+            &n= bsp;  {
+            &n= bsp;          if (curve_id =3D= =3D RTE_CRYPTO_EC_GROUP_ED25519)
+            &n= bsp;            = ;      kctx =3D EVP_PKEY_CTX_new_from_name(NULL, &= quot;ED25519", NULL);
+            &n= bsp;          else
+            &n= bsp;            = ;      kctx =3D EVP_PKEY_CTX_new_from_name(NULL, &= quot;ED448", NULL);
+
+            &n= bsp;          if (kctx =3D=3D = NULL || EVP_PKEY_fromdata_init(kctx) <=3D 0 ||
+            &n= bsp;            = ;      EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY= _KEYPAIR, params) <=3D 0)
+            &n= bsp;            = ;      goto err_eddsa;
+
+            &n= bsp;          md_ctx =3D EVP_M= D_CTX_new();
+            &n= bsp;          if (!md_ctx)
+            &n= bsp;            = ;      goto err_eddsa;
+
+            &n= bsp;          sctx =3D EVP_PKE= Y_CTX_new_from_pkey(NULL, pkey, NULL);
+            &n= bsp;          if (!sctx)
+            &n= bsp;            = ;      goto err_eddsa;
+
+            &n= bsp;          EVP_MD_CTX_set_p= key_ctx(md_ctx, sctx);
+
+#if (OPENSSL_VERSION_NUMBER >=3D 0x30300000L)
+            &n= bsp;          if (!EVP_DigestS= ignInit_ex(md_ctx, NULL, NULL, NULL, NULL, pkey, iparams))
+            &n= bsp;            = ;      goto err_eddsa;
+#else
+            &n= bsp;          if (op->eddsa= .instance =3D=3D RTE_CRYPTO_EDCURVE_25519 ||
+            &n= bsp;            = ;      op->eddsa.instance =3D=3D RTE_CRYPTO_EDC= URVE_448) {
+            &n= bsp;            = ;      if (!EVP_DigestSignInit(md_ctx, NULL, NULL,= NULL, pkey))
+            &n= bsp;            = ;            &n= bsp; goto err_eddsa;
+            &n= bsp;          } else
+            &n= bsp;            = ;      goto err_eddsa;
+#endif
+
+            &n= bsp;          if (!EVP_DigestS= ign(md_ctx, NULL, &signlen, op->eddsa.message.data,
+            &n= bsp;            = ;            &n= bsp; op->eddsa.message.length))
+            &n= bsp;            = ;      goto err_eddsa;
+
+            &n= bsp;          if (signlen >= RTE_DIM(signbuf))
+            &n= bsp;            = ;      goto err_eddsa;
+
+            &n= bsp;          if (!EVP_DigestS= ign(md_ctx, signbuf, &signlen, op->eddsa.message.data,
+            &n= bsp;            = ;            &n= bsp; op->eddsa.message.length))
+            &n= bsp;            = ;      goto err_eddsa;
+
+            &n= bsp;          memcpy(op->ed= dsa.sign.data, &signbuf[0], signlen);
+            &n= bsp;          op->eddsa.sig= n.length =3D signlen;
+            &n= bsp;  }
+            &n= bsp;  break;
+       case RTE_CRYPTO_ASYM_OP_VERIFY:
+            &n= bsp;  {
+            &n= bsp;          if (curve_id =3D= =3D RTE_CRYPTO_EC_GROUP_ED25519)
+            &n= bsp;            = ;      kctx =3D EVP_PKEY_CTX_new_from_name(NULL, &= quot;ED25519", NULL);
+            &n= bsp;          else
+            &n= bsp;            = ;      kctx =3D EVP_PKEY_CTX_new_from_name(NULL, &= quot;ED448", NULL);
+
+            &n= bsp;          if (kctx =3D=3D = NULL || EVP_PKEY_fromdata_init(kctx) <=3D 0 ||
+            &n= bsp;            = ;      EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY= _PUBLIC_KEY, params) <=3D 0)
+            &n= bsp;            = ;      goto err_eddsa;
+
+            &n= bsp;          md_ctx =3D EVP_M= D_CTX_new();
+            &n= bsp;          if (!md_ctx)
+            &n= bsp;            = ;      goto err_eddsa;
+
+            &n= bsp;          sctx =3D EVP_PKE= Y_CTX_new_from_pkey(NULL, pkey, NULL);
+            &n= bsp;          if (!sctx)
+            &n= bsp;            = ;      goto err_eddsa;
+
+            &n= bsp;          EVP_MD_CTX_set_p= key_ctx(md_ctx, sctx);
+
+#if (OPENSSL_VERSION_NUMBER >=3D 0x30300000L)
+            &n= bsp;          if (!EVP_DigestV= erifyInit_ex(md_ctx, NULL, NULL, NULL, NULL, pkey, iparams))
+            &n= bsp;            = ;      goto err_eddsa;
+#else
+            &n= bsp;          if (op->eddsa= .instance =3D=3D RTE_CRYPTO_EDCURVE_25519 ||
+            &n= bsp;            = ;      op->eddsa.instance =3D=3D RTE_CRYPTO_EDC= URVE_448) {
+            &n= bsp;            = ;      if (!EVP_DigestVerifyInit(md_ctx, NULL, NUL= L, NULL, pkey))
+            &n= bsp;            = ;            &n= bsp; goto err_eddsa;
+            &n= bsp;          } else
+            &n= bsp;            = ;      goto err_eddsa;
+#endif
+
+            &n= bsp;          signlen =3D op-&= gt;eddsa.sign.length;
+            &n= bsp;          memcpy(&sign= buf[0], op->eddsa.sign.data, op->eddsa.sign.length);
+
+            &n= bsp;          ret =3D EVP_Dige= stVerify(md_ctx, signbuf, signlen, op->eddsa.message.data,
+            &n= bsp;            = ;            &n= bsp; op->eddsa.message.length);
+            &n= bsp;          if (ret =3D=3D 0= )
+            &n= bsp;            = ;      goto err_eddsa;
+            &n= bsp;  }
+            &n= bsp;  break;
+       default:
+            &n= bsp;  /* allow ops with invalid args to be pushed to
+            &n= bsp;   * completion queue
+            &n= bsp;   */
+            &n= bsp;  cop->status =3D RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+            &n= bsp;  goto err_eddsa;
+       }
+
+       ret =3D 0;
+       cop->status =3D RTE_CRYPTO_OP_STAT= US_SUCCESS;
+err_eddsa:
+       OSSL_PARAM_BLD_free(iparam_bld);
+
+       if (sctx)
+            &n= bsp;  EVP_PKEY_CTX_free(sctx);
+
+       if (cctx)
+            &n= bsp;  EVP_PKEY_CTX_free(cctx);
+
+       if (pkey)
+            &n= bsp;  EVP_PKEY_free(pkey);
+
+       return ret;
+}
 #else
 static int
 process_openssl_rsa_op(struct rte_crypto_op *cop,
@@ -3174,6 +3365,15 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,          return 0;
 }
 
+static int
+process_openssl_ecfpm_op(struct rte_crypto_op *cop,
+            &n= bsp;  struct openssl_asym_session *sess)
+{
+       RTE_SET_USED(cop);
+       RTE_SET_USED(sess);
+       return -ENOTSUP;
+}
+
 static int
 process_openssl_sm2_op(struct rte_crypto_op *cop,
            &nb= sp;    struct openssl_asym_session *sess)
@@ -3182,6 +3382,15 @@ process_openssl_sm2_op(struct rte_crypto_op *cop,          RTE_SET_USED(sess);
         return -ENOTSUP;
 }
+
+static int
+process_openssl_eddsa_op(struct rte_crypto_op *cop,
+            &n= bsp;  struct openssl_asym_session *sess)
+{
+       RTE_SET_USED(cop);
+       RTE_SET_USED(sess);
+       return -ENOTSUP;
+}
 #endif
 
 static int
@@ -3230,6 +3439,13 @@ process_asym_op(struct openssl_qp *qp, struct rte_cr= ypto_op *op,
            &nb= sp;            =         process_openssl_dsa_verify_op(op= , sess);
            &nb= sp;    else
            &nb= sp;            op-&g= t;status =3D RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+#endif
+            &n= bsp;  break;
+       case RTE_CRYPTO_ASYM_XFORM_ECFPM:
+#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L)
+            &n= bsp;  retval =3D process_openssl_ecfpm_op_evp(op, sess);
+#else
+            &n= bsp;  retval =3D process_openssl_ecfpm_op(op, sess);
 #endif
            &nb= sp;    break;
         case RTE_CRYPTO_ASYM_XFORM= _SM2:
@@ -3237,6 +3453,13 @@ process_asym_op(struct openssl_qp *qp, struct rte_cr= ypto_op *op,
            &nb= sp;    retval =3D process_openssl_sm2_op_evp(op, sess);
 #else
            &nb= sp;    retval =3D process_openssl_sm2_op(op, sess);
+#endif
+            &n= bsp;  break;
+       case RTE_CRYPTO_ASYM_XFORM_EDDSA:
+#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L)
+            &n= bsp;  retval =3D process_openssl_eddsa_op_evp(op, sess);
+#else
+            &n= bsp;  retval =3D process_openssl_eddsa_op(op, sess);
 #endif
            &nb= sp;    break;
         default:
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/= openssl/rte_openssl_pmd_ops.c
index b7b612fc57..0725184653 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -593,6 +593,16 @@ static const struct rte_cryptodev_capabilities openssl= _pmd_capabilities[] =3D {
            &nb= sp;    },
            &nb= sp;    }
         },
+       {      = /* ECFPM */
+            &n= bsp;  .op =3D RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+            &n= bsp;  {.asym =3D {
+            &n= bsp;          .xform_capa =3D = {
+            &n= bsp;            = ;      .xform_type =3D RTE_CRYPTO_ASYM_XFORM_ECFPM= ,
+            &n= bsp;            = ;      .op_types =3D 0
+            &n= bsp;            = ;      }
+            &n= bsp;          }
+            &n= bsp;  }
+       },
         {    &= nbsp;  /* SM2 */
            &nb= sp;    .op =3D RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
            &nb= sp;    {.asym =3D {
@@ -610,6 +620,20 @@ static const struct rte_cryptodev_capabilities openssl= _pmd_capabilities[] =3D {
            &nb= sp;    }
            &nb= sp;    }
         },
+       {      = /* EDDSA */
+            &n= bsp;  .op =3D RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+            &n= bsp;  {.asym =3D {
+            &n= bsp;          .xform_capa =3D = {
+            &n= bsp;            = ;      .xform_type =3D RTE_CRYPTO_ASYM_XFORM_EDDSA= ,
+            &n= bsp;            = ;      .hash_algos =3D (1 << RTE_CRYPTO_AUTH= _SHA512 |
+            &n= bsp;            = ;            &n= bsp;        1 << RTE_CRYPTO_AUTH_S= HAKE_256),
+            &n= bsp;            = ;      .op_types =3D
+            &n= bsp;            = ;      ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
+            &n= bsp;            = ;       (1 << RTE_CRYPTO_ASYM_OP_VERIFY= )),
+            &n= bsp;          }
+            &n= bsp;  }
+            &n= bsp;  }
+       },
 
         RTE_CRYPTODEV_END_OF_CAPAB= ILITIES_LIST()
 };
@@ -1356,6 +1380,47 @@ static int openssl_set_asym_session_parameters(
            &nb= sp;    BN_free(pub_key);
            &nb= sp;    return -1;
         }
+       case RTE_CRYPTO_ASYM_XFORM_ECFPM:
+       {
+#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L)
+            &n= bsp;  EC_GROUP *ecgrp =3D NULL;
+
+            &n= bsp;  asym_session->xfrm_type =3D xform->xform_type;
+
+            &n= bsp;  switch (xform->ec.curve_id) {
+            &n= bsp;  case RTE_CRYPTO_EC_GROUP_SECP192R1:
+            &n= bsp;          ecgrp =3D EC_GRO= UP_new_by_curve_name(NID_secp192k1);
+            &n= bsp;          break;
+            &n= bsp;  case RTE_CRYPTO_EC_GROUP_SECP224R1:
+            &n= bsp;          ecgrp =3D EC_GRO= UP_new_by_curve_name(NID_secp224r1);
+            &n= bsp;          break;
+            &n= bsp;  case RTE_CRYPTO_EC_GROUP_SECP256R1:
+            &n= bsp;          ecgrp =3D EC_GRO= UP_new_by_curve_name(NID_secp256k1);
+            &n= bsp;          break;
+            &n= bsp;  case RTE_CRYPTO_EC_GROUP_SECP384R1:
+            &n= bsp;          ecgrp =3D EC_GRO= UP_new_by_curve_name(NID_secp384r1);
+            &n= bsp;          break;
+            &n= bsp;  case RTE_CRYPTO_EC_GROUP_SECP521R1:
+            &n= bsp;          ecgrp =3D EC_GRO= UP_new_by_curve_name(NID_secp521r1);
+            &n= bsp;          break;
+            &n= bsp;  case RTE_CRYPTO_EC_GROUP_ED25519:
+            &n= bsp;          ecgrp =3D EC_GRO= UP_new_by_curve_name(NID_ED25519);
+            &n= bsp;          break;
+            &n= bsp;  case RTE_CRYPTO_EC_GROUP_ED448:
+            &n= bsp;          ecgrp =3D EC_GRO= UP_new_by_curve_name(NID_ED448);
+            &n= bsp;          break;
+            &n= bsp;  default:
+            &n= bsp;          break;
+            &n= bsp;  }
+
+            &n= bsp;  asym_session->u.ec.curve_id =3D xform->ec.curve_id;
+            &n= bsp;  asym_session->u.ec.group =3D ecgrp;
+            &n= bsp;  break;
+#else
+            &n= bsp;  OPENSSL_LOG(WARNING, "ECFPM unsupported for OpenSSL Version= < 3.0");
+            &n= bsp;  return -ENOTSUP;
+#endif
+       }
         case RTE_CRYPTO_ASYM_XFORM= _SM2:
         {
 #if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L)
@@ -1440,6 +1505,66 @@ static int openssl_set_asym_session_parameters(
 #else
            &nb= sp;    OPENSSL_LOG(WARNING, "SM2 unsupported for OpenSS= L Version < 3.0");
            &nb= sp;    return -ENOTSUP;
+#endif
+       }
+       case RTE_CRYPTO_ASYM_XFORM_EDDSA:
+       {
+#if (OPENSSL_VERSION_NUMBER >=3D 0x30300000L)
+            &n= bsp;  OSSL_PARAM_BLD *param_bld =3D NULL;
+            &n= bsp;  OSSL_PARAM *params =3D NULL;
+            &n= bsp;  int ret =3D -1;
+
+            &n= bsp;  asym_session->u.eddsa.curve_id =3D xform->ec.curve_id;
+
+            &n= bsp;  param_bld =3D OSSL_PARAM_BLD_new();
+            &n= bsp;  if (!param_bld) {
+            &n= bsp;          OPENSSL_LOG(ERR,= "failed to allocate params");
+            &n= bsp;          goto err_eddsa;<= br> +            &n= bsp;  }
+
+            &n= bsp;  ret =3D OSSL_PARAM_BLD_push_utf8_string(param_bld,
+            &n= bsp;            OSSL= _PKEY_PARAM_GROUP_NAME, "ED25519", sizeof("ED25519"));<= br> +            &n= bsp;  if (!ret) {
+            &n= bsp;          OPENSSL_LOG(ERR,= "failed to push params");
+            &n= bsp;          goto err_eddsa;<= br> +            &n= bsp;  }
+
+            &n= bsp;  ret =3D OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_PKEY_PA= RAM_PRIV_KEY,
+            &n= bsp;            = ;      xform->ec.pkey.data, xform->ec.pkey.l= ength);
+            &n= bsp;  if (!ret) {
+            &n= bsp;          OPENSSL_LOG(ERR,= "failed to push params");
+            &n= bsp;          goto err_eddsa;<= br> +            &n= bsp;  }
+
+            &n= bsp;  ret =3D OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_PKEY_PA= RAM_PUB_KEY,
+            &n= bsp;            = ;      xform->ec.q.x.data, xform->ec.q.x.len= gth);
+            &n= bsp;  if (!ret) {
+            &n= bsp;          OPENSSL_LOG(ERR,= "failed to push params");
+            &n= bsp;          goto err_eddsa;<= br> +            &n= bsp;  }
+
+            &n= bsp;  params =3D OSSL_PARAM_BLD_to_param(param_bld);
+            &n= bsp;  if (!params) {
+            &n= bsp;          OPENSSL_LOG(ERR,= "failed to push params");
+            &n= bsp;          goto err_eddsa;<= br> +            &n= bsp;  }
+
+            &n= bsp;  asym_session->u.eddsa.params =3D params;
+            &n= bsp;  OSSL_PARAM_BLD_free(param_bld);
+
+            &n= bsp;  asym_session->xfrm_type =3D RTE_CRYPTO_ASYM_XFORM_EDDSA;
+            &n= bsp;  break;
+err_eddsa:
+            &n= bsp;  if (param_bld)
+            &n= bsp;          OSSL_PARAM_BLD_f= ree(param_bld);
+
+            &n= bsp;  if (asym_session->u.eddsa.params)
+            &n= bsp;          OSSL_PARAM_free(= asym_session->u.eddsa.params);
+
+            &n= bsp;  return -1;
+#else
+            &n= bsp;  OPENSSL_LOG(WARNING, "EDDSA unsupported for OpenSSL Version= < 3.3");
+            &n= bsp;  return -ENOTSUP;
 #endif
         }
         default:
@@ -1538,6 +1663,12 @@ static void openssl_reset_asym_session(struct openss= l_asym_session *sess)
 #if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L)
            &nb= sp;    OSSL_PARAM_free(sess->u.sm2.params);
 #endif
+            &n= bsp;  break;
+       case RTE_CRYPTO_ASYM_XFORM_EDDSA:
+#if (OPENSSL_VERSION_NUMBER >=3D 0x30300000L)
+            &n= bsp;  OSSL_PARAM_free(sess->u.eddsa.params);
+#endif
+            &n= bsp;  break;
         default:
            &nb= sp;    break;
         }
--
2.21.0

--_000_DS0PR11MB7458F0D2EFAE85FB9955CC92817D2DS0PR11MB7458namp_--