DPDK patches and discussions
 help / color / mirror / Atom feed
* [PATCH] crypto/openssl: support cmac operations
@ 2022-06-10 16:28 Ashwin Sekhar T K
  2022-06-17 10:11 ` Zhang, Roy Fan
  2022-06-30 15:41 ` [PATCH v2] crypto/ipsec_mb: enable support for arm64 Ashwin Sekhar T K
  0 siblings, 2 replies; 19+ messages in thread
From: Ashwin Sekhar T K @ 2022-06-10 16:28 UTC (permalink / raw)
  To: dev
  Cc: jerinj, skori, skoteshwar, pbhagavatula, kirankumark, psatheesh,
	asekhar, anoobj, gakhil, hkalra, ndabilpuram

Extend openssl crypto PMD to support CMAC operations.

Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
---
 drivers/crypto/openssl/openssl_pmd_private.h |  9 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 88 ++++++++++++++++++++
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 20 +++++
 3 files changed, 117 insertions(+)

diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index b2054b3754..6cc6fe1230 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -5,6 +5,7 @@
 #ifndef _OPENSSL_PMD_PRIVATE_H_
 #define _OPENSSL_PMD_PRIVATE_H_
 
+#include <openssl/cmac.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/des.h>
@@ -46,6 +47,7 @@ enum openssl_cipher_mode {
 enum openssl_auth_mode {
 	OPENSSL_AUTH_AS_AUTH,
 	OPENSSL_AUTH_AS_HMAC,
+	OPENSSL_AUTH_AS_CMAC,
 };
 
 /** private data structure for each OPENSSL crypto device */
@@ -137,6 +139,13 @@ struct openssl_session {
 				HMAC_CTX *ctx;
 				/**< pointer to EVP context structure */
 			} hmac;
+
+			struct {
+				const EVP_CIPHER *evp_algo;
+				/**< pointer to EVP algorithm function */
+				CMAC_CTX *ctx;
+				/**< pointer to EVP context structure */
+			} cmac;
 		};
 
 		uint16_t aad_length;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 6ac2dfff5a..bac55220c0 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -13,6 +13,7 @@
 #include <rte_cpuflags.h>
 
 #include <openssl/hmac.h>
+#include <openssl/cmac.h>
 #include <openssl/evp.h>
 
 #include "openssl_pmd_private.h"
@@ -569,6 +570,29 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 						xform->auth.key.data);
 		break;
 
+	case RTE_CRYPTO_AUTH_AES_CMAC:
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		sess->auth.cmac.ctx = CMAC_CTX_new();
+		switch (xform->auth.key.length) {
+		case 16:
+			sess->auth.cmac.evp_algo = EVP_aes_128_cbc();
+			break;
+		case 24:
+			sess->auth.cmac.evp_algo = EVP_aes_192_cbc();
+			break;
+		case 32:
+			sess->auth.cmac.evp_algo = EVP_aes_256_cbc();
+			break;
+		default:
+			return -EINVAL;
+		}
+		if (CMAC_Init(sess->auth.cmac.ctx,
+			      xform->auth.key.data,
+			      xform->auth.key.length,
+			      sess->auth.cmac.evp_algo, NULL) != 1)
+			return -EINVAL;
+		break;
+
 	case RTE_CRYPTO_AUTH_MD5:
 	case RTE_CRYPTO_AUTH_SHA1:
 	case RTE_CRYPTO_AUTH_SHA224:
@@ -727,6 +751,9 @@ openssl_reset_session(struct openssl_session *sess)
 		EVP_PKEY_free(sess->auth.hmac.pkey);
 		HMAC_CTX_free(sess->auth.hmac.ctx);
 		break;
+	case OPENSSL_AUTH_AS_CMAC:
+		CMAC_CTX_free(sess->auth.cmac.ctx);
+		break;
 	default:
 		break;
 	}
@@ -1262,6 +1289,58 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	return -EINVAL;
 }
 
+/** Process standard openssl auth algorithms with cmac */
+static int
+process_openssl_auth_cmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+		int srclen, CMAC_CTX *ctx)
+{
+	unsigned int dstlen;
+	struct rte_mbuf *m;
+	int l, n = srclen;
+	uint8_t *src;
+
+	for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
+			m = m->next)
+		offset -= rte_pktmbuf_data_len(m);
+
+	if (m == 0)
+		goto process_auth_err;
+
+	src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
+
+	l = rte_pktmbuf_data_len(m) - offset;
+	if (srclen <= l) {
+		if (CMAC_Update(ctx, (unsigned char *)src, srclen) != 1)
+			goto process_auth_err;
+		goto process_auth_final;
+	}
+
+	if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+		goto process_auth_err;
+
+	n -= l;
+
+	for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
+		src = rte_pktmbuf_mtod(m, uint8_t *);
+		l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
+		if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+			goto process_auth_err;
+		n -= l;
+	}
+
+process_auth_final:
+	if (CMAC_Final(ctx, dst, (size_t *)&dstlen) != 1)
+		goto process_auth_err;
+
+	CMAC_CTX_cleanup(ctx);
+
+	return 0;
+
+process_auth_err:
+	OPENSSL_LOG(ERR, "Process openssl cmac auth failed");
+	return -EINVAL;
+}
+
 /** Process standard openssl auth algorithms with hmac */
 static int
 process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
@@ -1558,6 +1637,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	int srclen, status;
 	EVP_MD_CTX *ctx_a;
 	HMAC_CTX *ctx_h;
+	CMAC_CTX *ctx_c;
 
 	srclen = op->sym->auth.data.length;
 
@@ -1580,6 +1660,14 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 				ctx_h);
 		HMAC_CTX_free(ctx_h);
 		break;
+	case OPENSSL_AUTH_AS_CMAC:
+		ctx_c = CMAC_CTX_new();
+		CMAC_CTX_copy(ctx_c, sess->auth.cmac.ctx);
+		status = process_openssl_auth_cmac(mbuf_src, dst,
+				op->sym->auth.data.offset, srclen,
+				ctx_c);
+		CMAC_CTX_free(ctx_c);
+		break;
 	default:
 		status = -1;
 		break;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 7d0da52a33..94b266d14e 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -392,6 +392,26 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CMAC (AUTH) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 16,
+					.increment = 4
+				},
+			}, }
+		}, }
+	},
 	{	/* 3DES CBC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-- 
2.25.1


^ permalink raw reply	[flat|nested] 19+ messages in thread

* RE: [PATCH] crypto/openssl: support cmac operations
  2022-06-10 16:28 [PATCH] crypto/openssl: support cmac operations Ashwin Sekhar T K
@ 2022-06-17 10:11 ` Zhang, Roy Fan
  2022-07-18  6:07   ` [PATCH v2 0/1] crypto/openssl: add aes cmac support Ashwin Sekhar T K
  2022-06-30 15:41 ` [PATCH v2] crypto/ipsec_mb: enable support for arm64 Ashwin Sekhar T K
  1 sibling, 1 reply; 19+ messages in thread
From: Zhang, Roy Fan @ 2022-06-17 10:11 UTC (permalink / raw)
  To: Ashwin Sekhar T K, dev
  Cc: jerinj, skori, skoteshwar, pbhagavatula, kirankumark, psatheesh,
	anoobj, gakhil, hkalra, ndabilpuram

Hi,

> -----Original Message-----
> From: Ashwin Sekhar T K <asekhar@marvell.com>
> Sent: Friday, June 10, 2022 5:29 PM
> To: dev@dpdk.org
> Cc: jerinj@marvell.com; skori@marvell.com; skoteshwar@marvell.com;
> pbhagavatula@marvell.com; kirankumark@marvell.com;
> psatheesh@marvell.com; asekhar@marvell.com; anoobj@marvell.com;
> gakhil@marvell.com; hkalra@marvell.com; ndabilpuram@marvell.com
> Subject: [PATCH] crypto/openssl: support cmac operations
> 
> Extend openssl crypto PMD to support CMAC operations.
> 
> Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
> ---

Although the patch passes all tests in openssl 1.1, but I see 95 tests failed on openssl 3.0.
Can you check that?

Regards,
Fan

^ permalink raw reply	[flat|nested] 19+ messages in thread

* [PATCH v2] crypto/ipsec_mb: enable support for arm64
  2022-06-10 16:28 [PATCH] crypto/openssl: support cmac operations Ashwin Sekhar T K
  2022-06-17 10:11 ` Zhang, Roy Fan
@ 2022-06-30 15:41 ` Ashwin Sekhar T K
  2022-07-04 14:47   ` Zhang, Roy Fan
  2022-07-27  8:29   ` Ruifeng Wang
  1 sibling, 2 replies; 19+ messages in thread
From: Ashwin Sekhar T K @ 2022-06-30 15:41 UTC (permalink / raw)
  To: dev, Fan Zhang, Pablo de Lara
  Cc: jerinj, skori, skoteshwar, pbhagavatula, kirankumark, psatheesh,
	asekhar, anoobj, gakhil, hkalra, ndabilpuram

Enable support for arm64 architecture in ipsec_mb. x86
specific code is conditionally compiled only for x86
architecture builds. Other architectures will be unsupported.

Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
---
 drivers/crypto/ipsec_mb/ipsec_mb_private.c | 7 +++++++
 drivers/crypto/ipsec_mb/ipsec_mb_private.h | 3 ++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_private.c b/drivers/crypto/ipsec_mb/ipsec_mb_private.c
index aab42c360c..b555a28a0b 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_private.c
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_private.c
@@ -53,6 +53,9 @@ ipsec_mb_create(struct rte_vdev_device *vdev,
 	const char *name, *args;
 	int retval;
 
+#if defined(RTE_ARCH_ARM64)
+	vector_mode = IPSEC_MB_ARM64;
+#elif defined(RTE_ARCH_X86_64)
 	if (vector_mode == IPSEC_MB_NOT_SUPPORTED) {
 		/* Check CPU for supported vector instruction set */
 		if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX512F))
@@ -64,6 +67,10 @@ ipsec_mb_create(struct rte_vdev_device *vdev,
 		else
 			vector_mode = IPSEC_MB_SSE;
 	}
+#else
+	/* Unsupported architecture */
+	return -ENOTSUP;
+#endif
 
 	init_params.private_data_size = sizeof(struct ipsec_mb_dev_private) +
 		pmd_data->internals_priv_size;
diff --git a/drivers/crypto/ipsec_mb/ipsec_mb_private.h b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
index e2c240dfc0..d0a1bcc360 100644
--- a/drivers/crypto/ipsec_mb/ipsec_mb_private.h
+++ b/drivers/crypto/ipsec_mb/ipsec_mb_private.h
@@ -26,7 +26,8 @@ enum ipsec_mb_vector_mode {
 	IPSEC_MB_SSE,
 	IPSEC_MB_AVX,
 	IPSEC_MB_AVX2,
-	IPSEC_MB_AVX512
+	IPSEC_MB_AVX512,
+	IPSEC_MB_ARM64,
 };
 
 extern enum ipsec_mb_vector_mode vector_mode;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 19+ messages in thread

* RE: [PATCH v2] crypto/ipsec_mb: enable support for arm64
  2022-06-30 15:41 ` [PATCH v2] crypto/ipsec_mb: enable support for arm64 Ashwin Sekhar T K
@ 2022-07-04 14:47   ` Zhang, Roy Fan
  2022-07-27  8:29   ` Ruifeng Wang
  1 sibling, 0 replies; 19+ messages in thread
From: Zhang, Roy Fan @ 2022-07-04 14:47 UTC (permalink / raw)
  To: Ashwin Sekhar T K, dev, De Lara Guarch, Pablo
  Cc: jerinj, skori, skoteshwar, pbhagavatula, kirankumark, psatheesh,
	anoobj, gakhil, hkalra, ndabilpuram

> -----Original Message-----
> From: Ashwin Sekhar T K <asekhar@marvell.com>
> Sent: Thursday, June 30, 2022 4:41 PM
> To: dev@dpdk.org; Zhang, Roy Fan <roy.fan.zhang@intel.com>; De Lara Guarch,
> Pablo <pablo.de.lara.guarch@intel.com>
> Cc: jerinj@marvell.com; skori@marvell.com; skoteshwar@marvell.com;
> pbhagavatula@marvell.com; kirankumark@marvell.com;
> psatheesh@marvell.com; asekhar@marvell.com; anoobj@marvell.com;
> gakhil@marvell.com; hkalra@marvell.com; ndabilpuram@marvell.com
> Subject: [PATCH v2] crypto/ipsec_mb: enable support for arm64
> 
> Enable support for arm64 architecture in ipsec_mb. x86
> specific code is conditionally compiled only for x86
> architecture builds. Other architectures will be unsupported.
> 
> Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
> ---
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

^ permalink raw reply	[flat|nested] 19+ messages in thread

* [PATCH v2 0/1] crypto/openssl: add aes cmac support
  2022-06-17 10:11 ` Zhang, Roy Fan
@ 2022-07-18  6:07   ` Ashwin Sekhar T K
  2022-07-18  6:07     ` [PATCH v2 1/1] crypto/openssl: support aes cmac operations Ashwin Sekhar T K
  0 siblings, 1 reply; 19+ messages in thread
From: Ashwin Sekhar T K @ 2022-07-18  6:07 UTC (permalink / raw)
  To: roy.fan.zhang
  Cc: anoobj, asekhar, dev, gakhil, hkalra, jerinj, kirankumark,
	ndabilpuram, pbhagavatula, psatheesh, skori, skoteshwar

Add support for aes cmac operations.

v2:
 * Added support for openssl 3.0

Ashwin Sekhar T K (1):
  crypto/openssl: support aes cmac operations

 drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 142 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
 3 files changed, 169 insertions(+), 7 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 19+ messages in thread

* [PATCH v2 1/1] crypto/openssl: support aes cmac operations
  2022-07-18  6:07   ` [PATCH v2 0/1] crypto/openssl: add aes cmac support Ashwin Sekhar T K
@ 2022-07-18  6:07     ` Ashwin Sekhar T K
  2022-07-18  9:12       ` [PATCH v3 0/1] crypto/openssl: add aes cmac support Ashwin Sekhar T K
  0 siblings, 1 reply; 19+ messages in thread
From: Ashwin Sekhar T K @ 2022-07-18  6:07 UTC (permalink / raw)
  To: roy.fan.zhang
  Cc: anoobj, asekhar, dev, gakhil, hkalra, jerinj, kirankumark,
	ndabilpuram, pbhagavatula, psatheesh, skori, skoteshwar

Extend openssl crypto PMD to support AES CMAC operations.

Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
---
 drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 142 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
 3 files changed, 169 insertions(+), 7 deletions(-)

diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index 5963a67a08..c1aa5f550c 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -6,6 +6,7 @@
 #define _OPENSSL_PMD_PRIVATE_H_
 
 #include <openssl/evp.h>
+#include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/des.h>
 #include <openssl/rsa.h>
@@ -50,6 +51,7 @@ enum openssl_cipher_mode {
 enum openssl_auth_mode {
 	OPENSSL_AUTH_AS_AUTH,
 	OPENSSL_AUTH_AS_HMAC,
+	OPENSSL_AUTH_AS_CMAC,
 };
 
 /** private data structure for each OPENSSL crypto device */
@@ -145,6 +147,18 @@ struct openssl_session {
 # endif
 				/**< pointer to EVP context structure */
 			} hmac;
+
+			struct {
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+				EVP_MAC_CTX * ctx;
+				/**< pointer to EVP context structure */
+# else
+				const EVP_CIPHER *evp_algo;
+				/**< pointer to EVP algorithm function */
+				CMAC_CTX *ctx;
+				/**< pointer to EVP context structure */
+# endif
+			} cmac;
 		};
 
 		uint16_t aad_length;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5658b9db66..460f1e7be6 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -10,6 +10,7 @@
 #include <rte_malloc.h>
 #include <rte_cpuflags.h>
 
+#include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
 
@@ -592,6 +593,12 @@ static int
 openssl_set_session_auth_parameters(struct openssl_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+	char algo_name[MAX_OSSL_ALGO_NAME_SIZE];
+	OSSL_PARAM params[2];
+	const char *algo;
+	EVP_MAC *mac;
+# endif
 	/* Select auth generate/verify */
 	sess->auth.operation = xform->auth.op;
 	sess->auth.algo = xform->auth.algo;
@@ -636,6 +643,47 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		sess->auth.auth.ctx = EVP_MD_CTX_create();
 		break;
 
+	case RTE_CRYPTO_AUTH_AES_CMAC:
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+		if (xform->auth.key.length == 16)
+			algo = SN_aes_128_cbc;
+		else if (xform->auth.key.length == 24)
+			algo = SN_aes_192_cbc;
+		else if (xform->auth.key.length == 32)
+			algo = SN_aes_256_cbc;
+		else
+			return -EINVAL;
+
+		rte_memcpy(algo_name, algo, strlen(algo) + 1);
+		params[0] = OSSL_PARAM_construct_utf8_string(
+				OSSL_MAC_PARAM_CIPHER, algo_name, 0);
+		params[1] = OSSL_PARAM_construct_end();
+
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
+		sess->auth.cmac.ctx = EVP_MAC_CTX_new(mac);
+		EVP_MAC_free(mac);
+
+		if (EVP_MAC_init(sess->auth.cmac.ctx,
+				xform->auth.key.data,
+				xform->auth.key.length,
+				params) != 1)
+			return -EINVAL;
+# else
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		sess->auth.cmac.ctx = CMAC_CTX_new();
+		if (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_CBC,
+				    xform->auth.key.length,
+				    &sess->auth.cmac.evp_algo) != 0)
+			return -EINVAL;
+		if (CMAC_Init(sess->auth.cmac.ctx,
+			      xform->auth.key.data,
+			      xform->auth.key.length,
+			      sess->auth.cmac.evp_algo, NULL) != 1)
+			return -EINVAL;
+# endif
+		break;
+
 # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
@@ -645,15 +693,12 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		sess->auth.mode = OPENSSL_AUTH_AS_HMAC;
 
-		OSSL_PARAM params[2];
-		const char *algo;
 		algo = digest_name_get(xform->auth.algo);
 		if (!algo)
 			return -EINVAL;
-		char algo_name[MAX_OSSL_ALGO_NAME_SIZE];
 		rte_memcpy(algo_name, algo, (sizeof(algo)+1));
 
-		EVP_MAC *mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+		mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
 		sess->auth.hmac.ctx = EVP_MAC_CTX_new(mac);
 		EVP_MAC_free(mac);
 		if (get_auth_algo(xform->auth.algo,
@@ -817,6 +862,13 @@ openssl_reset_session(struct openssl_session *sess)
 		EVP_MAC_CTX_free(sess->auth.hmac.ctx);
 # else
 		HMAC_CTX_free(sess->auth.hmac.ctx);
+# endif
+		break;
+	case OPENSSL_AUTH_AS_CMAC:
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		EVP_MAC_CTX_free(sess->auth.cmac.ctx);
+# else
+		CMAC_CTX_free(sess->auth.cmac.ctx);
 # endif
 		break;
 	default:
@@ -1354,10 +1406,14 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	return -EINVAL;
 }
 
+
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
-/** Process standard openssl auth algorithms with hmac */
+# endif
+
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+/** Process standard openssl auth algorithms with hmac/cmac */
 static int
-process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+process_openssl_auth_mac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 		int srclen, EVP_MAC_CTX *ctx)
 {
 	size_t dstlen;
@@ -1459,6 +1515,58 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	OPENSSL_LOG(ERR, "Process openssl auth failed");
 	return -EINVAL;
 }
+
+/** Process standard openssl auth algorithms with cmac */
+static int
+process_openssl_auth_cmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+		int srclen, CMAC_CTX *ctx)
+{
+	unsigned int dstlen;
+	struct rte_mbuf *m;
+	int l, n = srclen;
+	uint8_t *src;
+
+	for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
+			m = m->next)
+		offset -= rte_pktmbuf_data_len(m);
+
+	if (m == 0)
+		goto process_auth_err;
+
+	src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
+
+	l = rte_pktmbuf_data_len(m) - offset;
+	if (srclen <= l) {
+		if (CMAC_Update(ctx, (unsigned char *)src, srclen) != 1)
+			goto process_auth_err;
+		goto process_auth_final;
+	}
+
+	if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+		goto process_auth_err;
+
+	n -= l;
+
+	for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
+		src = rte_pktmbuf_mtod(m, uint8_t *);
+		l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
+		if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+			goto process_auth_err;
+		n -= l;
+	}
+
+process_auth_final:
+	if (CMAC_Final(ctx, dst, (size_t *)&dstlen) != 1)
+		goto process_auth_err;
+
+	CMAC_CTX_cleanup(ctx);
+
+	return 0;
+
+process_auth_err:
+	OPENSSL_LOG(ERR, "Process openssl cmac auth failed");
+	return -EINVAL;
+}
 # endif
 /*----------------------------------------------------------------------------*/
 
@@ -1700,9 +1808,11 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	EVP_MD_CTX *ctx_a;
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
 	EVP_MAC_CTX *ctx_h;
+	EVP_MAC_CTX *ctx_c;
 	EVP_MAC *mac;
 # else
 	HMAC_CTX *ctx_h;
+	CMAC_CTX *ctx_c;
 # endif
 
 	srclen = op->sym->auth.data.length;
@@ -1724,7 +1834,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 		ctx_h = EVP_MAC_CTX_new(mac);
 		ctx_h = EVP_MAC_CTX_dup(sess->auth.hmac.ctx);
 		EVP_MAC_free(mac);
-		status = process_openssl_auth_hmac(mbuf_src, dst,
+		status = process_openssl_auth_mac(mbuf_src, dst,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
 # else
@@ -1734,6 +1844,24 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
 		HMAC_CTX_free(ctx_h);
+# endif
+		break;
+	case OPENSSL_AUTH_AS_CMAC:
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
+		ctx_c = EVP_MAC_CTX_new(mac);
+		ctx_c = EVP_MAC_CTX_dup(sess->auth.cmac.ctx);
+		EVP_MAC_free(mac);
+		status = process_openssl_auth_mac(mbuf_src, dst,
+				op->sym->auth.data.offset, srclen,
+				ctx_c);
+# else
+		ctx_c = CMAC_CTX_new();
+		CMAC_CTX_copy(ctx_c, sess->auth.cmac.ctx);
+		status = process_openssl_auth_cmac(mbuf_src, dst,
+		                op->sym->auth.data.offset, srclen,
+		                ctx_c);
+		CMAC_CTX_free(ctx_c);
 # endif
 		break;
 	default:
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 3e24ef94f7..f7ddbf9c73 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -394,6 +394,26 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CMAC (AUTH) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 16,
+					.increment = 4
+				},
+			}, }
+		}, }
+	},
 	{	/* 3DES CBC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-- 
2.25.1


^ permalink raw reply	[flat|nested] 19+ messages in thread

* [PATCH v3 0/1] crypto/openssl: add aes cmac support
  2022-07-18  6:07     ` [PATCH v2 1/1] crypto/openssl: support aes cmac operations Ashwin Sekhar T K
@ 2022-07-18  9:12       ` Ashwin Sekhar T K
  2022-07-18  9:12         ` [PATCH v3 1/1] crypto/openssl: support aes cmac operations Ashwin Sekhar T K
  0 siblings, 1 reply; 19+ messages in thread
From: Ashwin Sekhar T K @ 2022-07-18  9:12 UTC (permalink / raw)
  To: asekhar
  Cc: anoobj, dev, gakhil, hkalra, jerinj, kirankumark, ndabilpuram,
	pbhagavatula, psatheesh, roy.fan.zhang, skori, skoteshwar

Add support for aes cmac operations.

v2:
 * Added support for openssl 3.0
v3:
 * Fixed checkpatch warnings.

Ashwin Sekhar T K (1):
  crypto/openssl: support aes cmac operations

 drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 142 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
 3 files changed, 169 insertions(+), 7 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 19+ messages in thread

* [PATCH v3 1/1] crypto/openssl: support aes cmac operations
  2022-07-18  9:12       ` [PATCH v3 0/1] crypto/openssl: add aes cmac support Ashwin Sekhar T K
@ 2022-07-18  9:12         ` Ashwin Sekhar T K
  2022-07-18  9:18           ` [PATCH v4 0/1] crypto/openssl: add aes cmac support Ashwin Sekhar T K
  0 siblings, 1 reply; 19+ messages in thread
From: Ashwin Sekhar T K @ 2022-07-18  9:12 UTC (permalink / raw)
  To: asekhar
  Cc: anoobj, dev, gakhil, hkalra, jerinj, kirankumark, ndabilpuram,
	pbhagavatula, psatheesh, roy.fan.zhang, skori, skoteshwar

Extend openssl crypto PMD to support AES CMAC operations.

Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
---
 drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 142 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
 3 files changed, 169 insertions(+), 7 deletions(-)

diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index 5963a67a08..18900b5c61 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -6,6 +6,7 @@
 #define _OPENSSL_PMD_PRIVATE_H_
 
 #include <openssl/evp.h>
+#include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/des.h>
 #include <openssl/rsa.h>
@@ -50,6 +51,7 @@ enum openssl_cipher_mode {
 enum openssl_auth_mode {
 	OPENSSL_AUTH_AS_AUTH,
 	OPENSSL_AUTH_AS_HMAC,
+	OPENSSL_AUTH_AS_CMAC,
 };
 
 /** private data structure for each OPENSSL crypto device */
@@ -145,6 +147,18 @@ struct openssl_session {
 # endif
 				/**< pointer to EVP context structure */
 			} hmac;
+
+			struct {
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+				EVP_MAC_CTX *ctx;
+				/**< pointer to EVP context structure */
+# else
+				const EVP_CIPHER *evp_algo;
+				/**< pointer to EVP algorithm function */
+				CMAC_CTX *ctx;
+				/**< pointer to EVP context structure */
+# endif
+			} cmac;
 		};
 
 		uint16_t aad_length;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5658b9db66..ce195c21d5 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -10,6 +10,7 @@
 #include <rte_malloc.h>
 #include <rte_cpuflags.h>
 
+#include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
 
@@ -592,6 +593,12 @@ static int
 openssl_set_session_auth_parameters(struct openssl_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+	char algo_name[MAX_OSSL_ALGO_NAME_SIZE];
+	OSSL_PARAM params[2];
+	const char *algo;
+	EVP_MAC *mac;
+# endif
 	/* Select auth generate/verify */
 	sess->auth.operation = xform->auth.op;
 	sess->auth.algo = xform->auth.algo;
@@ -636,6 +643,47 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		sess->auth.auth.ctx = EVP_MD_CTX_create();
 		break;
 
+	case RTE_CRYPTO_AUTH_AES_CMAC:
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+		if (xform->auth.key.length == 16)
+			algo = SN_aes_128_cbc;
+		else if (xform->auth.key.length == 24)
+			algo = SN_aes_192_cbc;
+		else if (xform->auth.key.length == 32)
+			algo = SN_aes_256_cbc;
+		else
+			return -EINVAL;
+
+		rte_memcpy(algo_name, algo, strlen(algo) + 1);
+		params[0] = OSSL_PARAM_construct_utf8_string(
+				OSSL_MAC_PARAM_CIPHER, algo_name, 0);
+		params[1] = OSSL_PARAM_construct_end();
+
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
+		sess->auth.cmac.ctx = EVP_MAC_CTX_new(mac);
+		EVP_MAC_free(mac);
+
+		if (EVP_MAC_init(sess->auth.cmac.ctx,
+				xform->auth.key.data,
+				xform->auth.key.length,
+				params) != 1)
+			return -EINVAL;
+# else
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		sess->auth.cmac.ctx = CMAC_CTX_new();
+		if (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_CBC,
+				    xform->auth.key.length,
+				    &sess->auth.cmac.evp_algo) != 0)
+			return -EINVAL;
+		if (CMAC_Init(sess->auth.cmac.ctx,
+			      xform->auth.key.data,
+			      xform->auth.key.length,
+			      sess->auth.cmac.evp_algo, NULL) != 1)
+			return -EINVAL;
+# endif
+		break;
+
 # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
@@ -645,15 +693,12 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		sess->auth.mode = OPENSSL_AUTH_AS_HMAC;
 
-		OSSL_PARAM params[2];
-		const char *algo;
 		algo = digest_name_get(xform->auth.algo);
 		if (!algo)
 			return -EINVAL;
-		char algo_name[MAX_OSSL_ALGO_NAME_SIZE];
 		rte_memcpy(algo_name, algo, (sizeof(algo)+1));
 
-		EVP_MAC *mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+		mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
 		sess->auth.hmac.ctx = EVP_MAC_CTX_new(mac);
 		EVP_MAC_free(mac);
 		if (get_auth_algo(xform->auth.algo,
@@ -817,6 +862,13 @@ openssl_reset_session(struct openssl_session *sess)
 		EVP_MAC_CTX_free(sess->auth.hmac.ctx);
 # else
 		HMAC_CTX_free(sess->auth.hmac.ctx);
+# endif
+		break;
+	case OPENSSL_AUTH_AS_CMAC:
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		EVP_MAC_CTX_free(sess->auth.cmac.ctx);
+# else
+		CMAC_CTX_free(sess->auth.cmac.ctx);
 # endif
 		break;
 	default:
@@ -1354,10 +1406,14 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	return -EINVAL;
 }
 
+
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
-/** Process standard openssl auth algorithms with hmac */
+# endif
+
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+/** Process standard openssl auth algorithms with hmac/cmac */
 static int
-process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+process_openssl_auth_mac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 		int srclen, EVP_MAC_CTX *ctx)
 {
 	size_t dstlen;
@@ -1459,6 +1515,58 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	OPENSSL_LOG(ERR, "Process openssl auth failed");
 	return -EINVAL;
 }
+
+/** Process standard openssl auth algorithms with cmac */
+static int
+process_openssl_auth_cmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+		int srclen, CMAC_CTX *ctx)
+{
+	unsigned int dstlen;
+	struct rte_mbuf *m;
+	int l, n = srclen;
+	uint8_t *src;
+
+	for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
+			m = m->next)
+		offset -= rte_pktmbuf_data_len(m);
+
+	if (m == 0)
+		goto process_auth_err;
+
+	src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
+
+	l = rte_pktmbuf_data_len(m) - offset;
+	if (srclen <= l) {
+		if (CMAC_Update(ctx, (unsigned char *)src, srclen) != 1)
+			goto process_auth_err;
+		goto process_auth_final;
+	}
+
+	if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+		goto process_auth_err;
+
+	n -= l;
+
+	for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
+		src = rte_pktmbuf_mtod(m, uint8_t *);
+		l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
+		if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+			goto process_auth_err;
+		n -= l;
+	}
+
+process_auth_final:
+	if (CMAC_Final(ctx, dst, (size_t *)&dstlen) != 1)
+		goto process_auth_err;
+
+	CMAC_CTX_cleanup(ctx);
+
+	return 0;
+
+process_auth_err:
+	OPENSSL_LOG(ERR, "Process openssl cmac auth failed");
+	return -EINVAL;
+}
 # endif
 /*----------------------------------------------------------------------------*/
 
@@ -1700,9 +1808,11 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	EVP_MD_CTX *ctx_a;
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
 	EVP_MAC_CTX *ctx_h;
+	EVP_MAC_CTX *ctx_c;
 	EVP_MAC *mac;
 # else
 	HMAC_CTX *ctx_h;
+	CMAC_CTX *ctx_c;
 # endif
 
 	srclen = op->sym->auth.data.length;
@@ -1724,7 +1834,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 		ctx_h = EVP_MAC_CTX_new(mac);
 		ctx_h = EVP_MAC_CTX_dup(sess->auth.hmac.ctx);
 		EVP_MAC_free(mac);
-		status = process_openssl_auth_hmac(mbuf_src, dst,
+		status = process_openssl_auth_mac(mbuf_src, dst,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
 # else
@@ -1734,6 +1844,24 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
 		HMAC_CTX_free(ctx_h);
+# endif
+		break;
+	case OPENSSL_AUTH_AS_CMAC:
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
+		ctx_c = EVP_MAC_CTX_new(mac);
+		ctx_c = EVP_MAC_CTX_dup(sess->auth.cmac.ctx);
+		EVP_MAC_free(mac);
+		status = process_openssl_auth_mac(mbuf_src, dst,
+				op->sym->auth.data.offset, srclen,
+				ctx_c);
+# else
+		ctx_c = CMAC_CTX_new();
+		CMAC_CTX_copy(ctx_c, sess->auth.cmac.ctx);
+		status = process_openssl_auth_cmac(mbuf_src, dst,
+				op->sym->auth.data.offset, srclen,
+				ctx_c);
+		CMAC_CTX_free(ctx_c);
 # endif
 		break;
 	default:
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 3e24ef94f7..f7ddbf9c73 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -394,6 +394,26 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CMAC (AUTH) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 16,
+					.increment = 4
+				},
+			}, }
+		}, }
+	},
 	{	/* 3DES CBC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-- 
2.25.1


^ permalink raw reply	[flat|nested] 19+ messages in thread

* [PATCH v4 0/1] crypto/openssl: add aes cmac support
  2022-07-18  9:12         ` [PATCH v3 1/1] crypto/openssl: support aes cmac operations Ashwin Sekhar T K
@ 2022-07-18  9:18           ` Ashwin Sekhar T K
  2022-07-18  9:18             ` [PATCH v4 1/1] crypto/openssl: support aes cmac operations Ashwin Sekhar T K
  2022-07-18 13:57             ` [PATCH v4 0/1] crypto/openssl: add aes cmac support Ji, Kai
  0 siblings, 2 replies; 19+ messages in thread
From: Ashwin Sekhar T K @ 2022-07-18  9:18 UTC (permalink / raw)
  To: asekhar
  Cc: anoobj, dev, gakhil, hkalra, jerinj, kirankumark, ndabilpuram,
	pbhagavatula, psatheesh, roy.fan.zhang, skori, skoteshwar

Add support for aes cmac operations.

v2:
 * Added support for openssl 3.0
v3:
 * Fixed checkpatch warnings.
v4:
 * Fixed more checkpatch warnings.

Ashwin Sekhar T K (1):
  crypto/openssl: support aes cmac operations

 drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 142 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
 3 files changed, 169 insertions(+), 7 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 19+ messages in thread

* [PATCH v4 1/1] crypto/openssl: support aes cmac operations
  2022-07-18  9:18           ` [PATCH v4 0/1] crypto/openssl: add aes cmac support Ashwin Sekhar T K
@ 2022-07-18  9:18             ` Ashwin Sekhar T K
  2022-07-18 16:25               ` [PATCH v5 0/1] crypto/openssl: add aes cmac support Ashwin Sekhar T K
  2022-07-18 13:57             ` [PATCH v4 0/1] crypto/openssl: add aes cmac support Ji, Kai
  1 sibling, 1 reply; 19+ messages in thread
From: Ashwin Sekhar T K @ 2022-07-18  9:18 UTC (permalink / raw)
  To: asekhar
  Cc: anoobj, dev, gakhil, hkalra, jerinj, kirankumark, ndabilpuram,
	pbhagavatula, psatheesh, roy.fan.zhang, skori, skoteshwar

Extend openssl crypto PMD to support AES CMAC operations.

Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
---
 drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 142 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
 3 files changed, 169 insertions(+), 7 deletions(-)

diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index 5963a67a08..de164d70d9 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -6,6 +6,7 @@
 #define _OPENSSL_PMD_PRIVATE_H_
 
 #include <openssl/evp.h>
+#include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/des.h>
 #include <openssl/rsa.h>
@@ -50,6 +51,7 @@ enum openssl_cipher_mode {
 enum openssl_auth_mode {
 	OPENSSL_AUTH_AS_AUTH,
 	OPENSSL_AUTH_AS_HMAC,
+	OPENSSL_AUTH_AS_CMAC,
 };
 
 /** private data structure for each OPENSSL crypto device */
@@ -145,6 +147,18 @@ struct openssl_session {
 # endif
 				/**< pointer to EVP context structure */
 			} hmac;
+
+			struct {
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+				EVP_MAC_CTX * ctx;
+				/**< pointer to EVP context structure */
+# else
+				const EVP_CIPHER * evp_algo;
+				/**< pointer to EVP algorithm function */
+				CMAC_CTX * ctx;
+				/**< pointer to EVP context structure */
+# endif
+			} cmac;
 		};
 
 		uint16_t aad_length;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5658b9db66..ce195c21d5 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -10,6 +10,7 @@
 #include <rte_malloc.h>
 #include <rte_cpuflags.h>
 
+#include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
 
@@ -592,6 +593,12 @@ static int
 openssl_set_session_auth_parameters(struct openssl_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+	char algo_name[MAX_OSSL_ALGO_NAME_SIZE];
+	OSSL_PARAM params[2];
+	const char *algo;
+	EVP_MAC *mac;
+# endif
 	/* Select auth generate/verify */
 	sess->auth.operation = xform->auth.op;
 	sess->auth.algo = xform->auth.algo;
@@ -636,6 +643,47 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		sess->auth.auth.ctx = EVP_MD_CTX_create();
 		break;
 
+	case RTE_CRYPTO_AUTH_AES_CMAC:
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+		if (xform->auth.key.length == 16)
+			algo = SN_aes_128_cbc;
+		else if (xform->auth.key.length == 24)
+			algo = SN_aes_192_cbc;
+		else if (xform->auth.key.length == 32)
+			algo = SN_aes_256_cbc;
+		else
+			return -EINVAL;
+
+		rte_memcpy(algo_name, algo, strlen(algo) + 1);
+		params[0] = OSSL_PARAM_construct_utf8_string(
+				OSSL_MAC_PARAM_CIPHER, algo_name, 0);
+		params[1] = OSSL_PARAM_construct_end();
+
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
+		sess->auth.cmac.ctx = EVP_MAC_CTX_new(mac);
+		EVP_MAC_free(mac);
+
+		if (EVP_MAC_init(sess->auth.cmac.ctx,
+				xform->auth.key.data,
+				xform->auth.key.length,
+				params) != 1)
+			return -EINVAL;
+# else
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		sess->auth.cmac.ctx = CMAC_CTX_new();
+		if (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_CBC,
+				    xform->auth.key.length,
+				    &sess->auth.cmac.evp_algo) != 0)
+			return -EINVAL;
+		if (CMAC_Init(sess->auth.cmac.ctx,
+			      xform->auth.key.data,
+			      xform->auth.key.length,
+			      sess->auth.cmac.evp_algo, NULL) != 1)
+			return -EINVAL;
+# endif
+		break;
+
 # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
@@ -645,15 +693,12 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		sess->auth.mode = OPENSSL_AUTH_AS_HMAC;
 
-		OSSL_PARAM params[2];
-		const char *algo;
 		algo = digest_name_get(xform->auth.algo);
 		if (!algo)
 			return -EINVAL;
-		char algo_name[MAX_OSSL_ALGO_NAME_SIZE];
 		rte_memcpy(algo_name, algo, (sizeof(algo)+1));
 
-		EVP_MAC *mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+		mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
 		sess->auth.hmac.ctx = EVP_MAC_CTX_new(mac);
 		EVP_MAC_free(mac);
 		if (get_auth_algo(xform->auth.algo,
@@ -817,6 +862,13 @@ openssl_reset_session(struct openssl_session *sess)
 		EVP_MAC_CTX_free(sess->auth.hmac.ctx);
 # else
 		HMAC_CTX_free(sess->auth.hmac.ctx);
+# endif
+		break;
+	case OPENSSL_AUTH_AS_CMAC:
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		EVP_MAC_CTX_free(sess->auth.cmac.ctx);
+# else
+		CMAC_CTX_free(sess->auth.cmac.ctx);
 # endif
 		break;
 	default:
@@ -1354,10 +1406,14 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	return -EINVAL;
 }
 
+
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
-/** Process standard openssl auth algorithms with hmac */
+# endif
+
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+/** Process standard openssl auth algorithms with hmac/cmac */
 static int
-process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+process_openssl_auth_mac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 		int srclen, EVP_MAC_CTX *ctx)
 {
 	size_t dstlen;
@@ -1459,6 +1515,58 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	OPENSSL_LOG(ERR, "Process openssl auth failed");
 	return -EINVAL;
 }
+
+/** Process standard openssl auth algorithms with cmac */
+static int
+process_openssl_auth_cmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+		int srclen, CMAC_CTX *ctx)
+{
+	unsigned int dstlen;
+	struct rte_mbuf *m;
+	int l, n = srclen;
+	uint8_t *src;
+
+	for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
+			m = m->next)
+		offset -= rte_pktmbuf_data_len(m);
+
+	if (m == 0)
+		goto process_auth_err;
+
+	src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
+
+	l = rte_pktmbuf_data_len(m) - offset;
+	if (srclen <= l) {
+		if (CMAC_Update(ctx, (unsigned char *)src, srclen) != 1)
+			goto process_auth_err;
+		goto process_auth_final;
+	}
+
+	if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+		goto process_auth_err;
+
+	n -= l;
+
+	for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
+		src = rte_pktmbuf_mtod(m, uint8_t *);
+		l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
+		if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+			goto process_auth_err;
+		n -= l;
+	}
+
+process_auth_final:
+	if (CMAC_Final(ctx, dst, (size_t *)&dstlen) != 1)
+		goto process_auth_err;
+
+	CMAC_CTX_cleanup(ctx);
+
+	return 0;
+
+process_auth_err:
+	OPENSSL_LOG(ERR, "Process openssl cmac auth failed");
+	return -EINVAL;
+}
 # endif
 /*----------------------------------------------------------------------------*/
 
@@ -1700,9 +1808,11 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	EVP_MD_CTX *ctx_a;
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
 	EVP_MAC_CTX *ctx_h;
+	EVP_MAC_CTX *ctx_c;
 	EVP_MAC *mac;
 # else
 	HMAC_CTX *ctx_h;
+	CMAC_CTX *ctx_c;
 # endif
 
 	srclen = op->sym->auth.data.length;
@@ -1724,7 +1834,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 		ctx_h = EVP_MAC_CTX_new(mac);
 		ctx_h = EVP_MAC_CTX_dup(sess->auth.hmac.ctx);
 		EVP_MAC_free(mac);
-		status = process_openssl_auth_hmac(mbuf_src, dst,
+		status = process_openssl_auth_mac(mbuf_src, dst,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
 # else
@@ -1734,6 +1844,24 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
 		HMAC_CTX_free(ctx_h);
+# endif
+		break;
+	case OPENSSL_AUTH_AS_CMAC:
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
+		ctx_c = EVP_MAC_CTX_new(mac);
+		ctx_c = EVP_MAC_CTX_dup(sess->auth.cmac.ctx);
+		EVP_MAC_free(mac);
+		status = process_openssl_auth_mac(mbuf_src, dst,
+				op->sym->auth.data.offset, srclen,
+				ctx_c);
+# else
+		ctx_c = CMAC_CTX_new();
+		CMAC_CTX_copy(ctx_c, sess->auth.cmac.ctx);
+		status = process_openssl_auth_cmac(mbuf_src, dst,
+				op->sym->auth.data.offset, srclen,
+				ctx_c);
+		CMAC_CTX_free(ctx_c);
 # endif
 		break;
 	default:
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 3e24ef94f7..f7ddbf9c73 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -394,6 +394,26 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CMAC (AUTH) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 16,
+					.increment = 4
+				},
+			}, }
+		}, }
+	},
 	{	/* 3DES CBC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-- 
2.25.1


^ permalink raw reply	[flat|nested] 19+ messages in thread

* RE: [PATCH v4 0/1] crypto/openssl: add aes cmac support
  2022-07-18  9:18           ` [PATCH v4 0/1] crypto/openssl: add aes cmac support Ashwin Sekhar T K
  2022-07-18  9:18             ` [PATCH v4 1/1] crypto/openssl: support aes cmac operations Ashwin Sekhar T K
@ 2022-07-18 13:57             ` Ji, Kai
  2022-07-18 16:18               ` Ashwin Sekhar Thalakalath Kottilveetil
  1 sibling, 1 reply; 19+ messages in thread
From: Ji, Kai @ 2022-07-18 13:57 UTC (permalink / raw)
  To: Ashwin Sekhar T K
  Cc: anoobj, dev, gakhil, hkalra, jerinj, kirankumark, ndabilpuram,
	pbhagavatula, psatheesh, Zhang, Roy Fan, skori, skoteshwar

Hi Ashwin,

There is duplication of OPENSSL_VERSION_NUMBER check in v4,  right before process_openssl_auth_mac(). 
Are you planning to enable CMAC unit test case in cryptodev_openssl_autotest ?

Regards

Kai 


> -----Original Message-----
> From: Ashwin Sekhar T K <asekhar@marvell.com>
> Sent: Monday, July 18, 2022 10:19 AM
> To: asekhar@marvell.com
> Cc: anoobj@marvell.com; dev@dpdk.org; gakhil@marvell.com;
> hkalra@marvell.com; jerinj@marvell.com; kirankumark@marvell.com;
> ndabilpuram@marvell.com; pbhagavatula@marvell.com;
> psatheesh@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> skori@marvell.com; skoteshwar@marvell.com
> Subject: [PATCH v4 0/1] crypto/openssl: add aes cmac support
> 
> Add support for aes cmac operations.
> 
> v2:
>  * Added support for openssl 3.0
> v3:
>  * Fixed checkpatch warnings.
> v4:
>  * Fixed more checkpatch warnings.
> 
> Ashwin Sekhar T K (1):
>   crypto/openssl: support aes cmac operations
> 
>  drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
>  drivers/crypto/openssl/rte_openssl_pmd.c     | 142 ++++++++++++++++++-
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
>  3 files changed, 169 insertions(+), 7 deletions(-)
> 
> --
> 2.25.1


^ permalink raw reply	[flat|nested] 19+ messages in thread

* RE: [PATCH v4 0/1] crypto/openssl: add aes cmac support
  2022-07-18 13:57             ` [PATCH v4 0/1] crypto/openssl: add aes cmac support Ji, Kai
@ 2022-07-18 16:18               ` Ashwin Sekhar Thalakalath Kottilveetil
  0 siblings, 0 replies; 19+ messages in thread
From: Ashwin Sekhar Thalakalath Kottilveetil @ 2022-07-18 16:18 UTC (permalink / raw)
  To: Ji, Kai
  Cc: Anoob Joseph, dev, Akhil Goyal, Harman Kalra,
	Jerin Jacob Kollanukkaran, Kiran Kumar Kokkilagadda,
	Nithin Kumar Dabilpuram, Pavan Nikhilesh Bhagavatula,
	Satheesh Paul Antonysamy, Zhang, Roy Fan, Sunil Kumar Kori,
	Satha Koteswara Rao Kottidi

Hi Kai,

Will fix the is duplication of OPENSSL_VERSION_NUMBER check.

Some CMAC tests are already present. The number of successful tests in cryptodev_openssl_autotest increases by 4 with this change. I am not planning to add more.

Regards,
Ashwin Sekhar T K 

> -----Original Message-----
> From: Ji, Kai <kai.ji@intel.com>
> Sent: Monday, July 18, 2022 7:27 PM
> To: Ashwin Sekhar Thalakalath Kottilveetil <asekhar@marvell.com>
> Cc: Anoob Joseph <anoobj@marvell.com>; dev@dpdk.org; Akhil Goyal
> <gakhil@marvell.com>; Harman Kalra <hkalra@marvell.com>; Jerin Jacob
> Kollanukkaran <jerinj@marvell.com>; Kiran Kumar Kokkilagadda
> <kirankumark@marvell.com>; Nithin Kumar Dabilpuram
> <ndabilpuram@marvell.com>; Pavan Nikhilesh Bhagavatula
> <pbhagavatula@marvell.com>; Satheesh Paul Antonysamy
> <psatheesh@marvell.com>; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> Sunil Kumar Kori <skori@marvell.com>; Satha Koteswara Rao Kottidi
> <skoteshwar@marvell.com>
> Subject: [EXT] RE: [PATCH v4 0/1] crypto/openssl: add aes cmac support
> 
> External Email
> 
> ----------------------------------------------------------------------
> Hi Ashwin,
> 
> There is duplication of OPENSSL_VERSION_NUMBER check in v4,  right
> before process_openssl_auth_mac().
> Are you planning to enable CMAC unit test case in
> cryptodev_openssl_autotest ?
> 
> Regards
> 
> Kai
> 
> 
> > -----Original Message-----
> > From: Ashwin Sekhar T K <asekhar@marvell.com>
> > Sent: Monday, July 18, 2022 10:19 AM
> > To: asekhar@marvell.com
> > Cc: anoobj@marvell.com; dev@dpdk.org; gakhil@marvell.com;
> > hkalra@marvell.com; jerinj@marvell.com; kirankumark@marvell.com;
> > ndabilpuram@marvell.com; pbhagavatula@marvell.com;
> > psatheesh@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> > skori@marvell.com; skoteshwar@marvell.com
> > Subject: [PATCH v4 0/1] crypto/openssl: add aes cmac support
> >
> > Add support for aes cmac operations.
> >
> > v2:
> >  * Added support for openssl 3.0
> > v3:
> >  * Fixed checkpatch warnings.
> > v4:
> >  * Fixed more checkpatch warnings.
> >
> > Ashwin Sekhar T K (1):
> >   crypto/openssl: support aes cmac operations
> >
> >  drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
> >  drivers/crypto/openssl/rte_openssl_pmd.c     | 142
> ++++++++++++++++++-
> >  drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
> >  3 files changed, 169 insertions(+), 7 deletions(-)
> >
> > --
> > 2.25.1


^ permalink raw reply	[flat|nested] 19+ messages in thread

* [PATCH v5 0/1] crypto/openssl: add aes cmac support
  2022-07-18  9:18             ` [PATCH v4 1/1] crypto/openssl: support aes cmac operations Ashwin Sekhar T K
@ 2022-07-18 16:25               ` Ashwin Sekhar T K
  2022-07-18 16:25                 ` [PATCH v5 1/1] crypto/openssl: support aes cmac operations Ashwin Sekhar T K
  0 siblings, 1 reply; 19+ messages in thread
From: Ashwin Sekhar T K @ 2022-07-18 16:25 UTC (permalink / raw)
  To: asekhar
  Cc: anoobj, dev, gakhil, hkalra, jerinj, kirankumark, ndabilpuram,
	pbhagavatula, psatheesh, roy.fan.zhang, skori, skoteshwar

Add support for aes cmac operations.

v2:
 * Added support for openssl 3.0
v3:
 * Fixed checkpatch warnings.
v4:
 * Fixed further checkpatch warnings.
v5:
 * Fixed duplicated preprocessor checks.

Ashwin Sekhar T K (1):
  crypto/openssl: support aes cmac operations

 drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 138 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
 3 files changed, 165 insertions(+), 7 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 19+ messages in thread

* [PATCH v5 1/1] crypto/openssl: support aes cmac operations
  2022-07-18 16:25               ` [PATCH v5 0/1] crypto/openssl: add aes cmac support Ashwin Sekhar T K
@ 2022-07-18 16:25                 ` Ashwin Sekhar T K
  2022-07-18 16:54                   ` Ji, Kai
  0 siblings, 1 reply; 19+ messages in thread
From: Ashwin Sekhar T K @ 2022-07-18 16:25 UTC (permalink / raw)
  To: asekhar
  Cc: anoobj, dev, gakhil, hkalra, jerinj, kirankumark, ndabilpuram,
	pbhagavatula, psatheesh, roy.fan.zhang, skori, skoteshwar

Extend openssl crypto PMD to support AES CMAC operations.

Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
---
 drivers/crypto/openssl/openssl_pmd_private.h |  14 ++
 drivers/crypto/openssl/rte_openssl_pmd.c     | 138 ++++++++++++++++++-
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  20 +++
 3 files changed, 165 insertions(+), 7 deletions(-)

diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index 5963a67a08..c34fd9a546 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -6,6 +6,7 @@
 #define _OPENSSL_PMD_PRIVATE_H_
 
 #include <openssl/evp.h>
+#include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/des.h>
 #include <openssl/rsa.h>
@@ -50,6 +51,7 @@ enum openssl_cipher_mode {
 enum openssl_auth_mode {
 	OPENSSL_AUTH_AS_AUTH,
 	OPENSSL_AUTH_AS_HMAC,
+	OPENSSL_AUTH_AS_CMAC,
 };
 
 /** private data structure for each OPENSSL crypto device */
@@ -145,6 +147,18 @@ struct openssl_session {
 # endif
 				/**< pointer to EVP context structure */
 			} hmac;
+
+			struct {
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+				EVP_MAC_CTX * ctx;
+				/**< pointer to EVP context structure */
+# else
+				const EVP_CIPHER * evp_algo;
+				/**< pointer to EVP algorithm function */
+				CMAC_CTX *ctx;
+				/**< pointer to EVP context structure */
+# endif
+			} cmac;
 		};
 
 		uint16_t aad_length;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5658b9db66..a078038651 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -10,6 +10,7 @@
 #include <rte_malloc.h>
 #include <rte_cpuflags.h>
 
+#include <openssl/cmac.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
 
@@ -592,6 +593,12 @@ static int
 openssl_set_session_auth_parameters(struct openssl_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+	char algo_name[MAX_OSSL_ALGO_NAME_SIZE];
+	OSSL_PARAM params[2];
+	const char *algo;
+	EVP_MAC *mac;
+# endif
 	/* Select auth generate/verify */
 	sess->auth.operation = xform->auth.op;
 	sess->auth.algo = xform->auth.algo;
@@ -636,6 +643,47 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 		sess->auth.auth.ctx = EVP_MD_CTX_create();
 		break;
 
+	case RTE_CRYPTO_AUTH_AES_CMAC:
+# if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+		if (xform->auth.key.length == 16)
+			algo = SN_aes_128_cbc;
+		else if (xform->auth.key.length == 24)
+			algo = SN_aes_192_cbc;
+		else if (xform->auth.key.length == 32)
+			algo = SN_aes_256_cbc;
+		else
+			return -EINVAL;
+
+		rte_memcpy(algo_name, algo, strlen(algo) + 1);
+		params[0] = OSSL_PARAM_construct_utf8_string(
+				OSSL_MAC_PARAM_CIPHER, algo_name, 0);
+		params[1] = OSSL_PARAM_construct_end();
+
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
+		sess->auth.cmac.ctx = EVP_MAC_CTX_new(mac);
+		EVP_MAC_free(mac);
+
+		if (EVP_MAC_init(sess->auth.cmac.ctx,
+				xform->auth.key.data,
+				xform->auth.key.length,
+				params) != 1)
+			return -EINVAL;
+# else
+		sess->auth.mode = OPENSSL_AUTH_AS_CMAC;
+		sess->auth.cmac.ctx = CMAC_CTX_new();
+		if (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_CBC,
+				    xform->auth.key.length,
+				    &sess->auth.cmac.evp_algo) != 0)
+			return -EINVAL;
+		if (CMAC_Init(sess->auth.cmac.ctx,
+			      xform->auth.key.data,
+			      xform->auth.key.length,
+			      sess->auth.cmac.evp_algo, NULL) != 1)
+			return -EINVAL;
+# endif
+		break;
+
 # if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 	case RTE_CRYPTO_AUTH_MD5_HMAC:
 	case RTE_CRYPTO_AUTH_SHA1_HMAC:
@@ -645,15 +693,12 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
 	case RTE_CRYPTO_AUTH_SHA512_HMAC:
 		sess->auth.mode = OPENSSL_AUTH_AS_HMAC;
 
-		OSSL_PARAM params[2];
-		const char *algo;
 		algo = digest_name_get(xform->auth.algo);
 		if (!algo)
 			return -EINVAL;
-		char algo_name[MAX_OSSL_ALGO_NAME_SIZE];
 		rte_memcpy(algo_name, algo, (sizeof(algo)+1));
 
-		EVP_MAC *mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+		mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
 		sess->auth.hmac.ctx = EVP_MAC_CTX_new(mac);
 		EVP_MAC_free(mac);
 		if (get_auth_algo(xform->auth.algo,
@@ -817,6 +862,13 @@ openssl_reset_session(struct openssl_session *sess)
 		EVP_MAC_CTX_free(sess->auth.hmac.ctx);
 # else
 		HMAC_CTX_free(sess->auth.hmac.ctx);
+# endif
+		break;
+	case OPENSSL_AUTH_AS_CMAC:
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		EVP_MAC_CTX_free(sess->auth.cmac.ctx);
+# else
+		CMAC_CTX_free(sess->auth.cmac.ctx);
 # endif
 		break;
 	default:
@@ -1355,9 +1407,9 @@ process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 }
 
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
-/** Process standard openssl auth algorithms with hmac */
+/** Process standard openssl auth algorithms with hmac/cmac */
 static int
-process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+process_openssl_auth_mac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 		int srclen, EVP_MAC_CTX *ctx)
 {
 	size_t dstlen;
@@ -1459,6 +1511,58 @@ process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
 	OPENSSL_LOG(ERR, "Process openssl auth failed");
 	return -EINVAL;
 }
+
+/** Process standard openssl auth algorithms with cmac */
+static int
+process_openssl_auth_cmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
+		int srclen, CMAC_CTX *ctx)
+{
+	unsigned int dstlen;
+	struct rte_mbuf *m;
+	int l, n = srclen;
+	uint8_t *src;
+
+	for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
+			m = m->next)
+		offset -= rte_pktmbuf_data_len(m);
+
+	if (m == 0)
+		goto process_auth_err;
+
+	src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
+
+	l = rte_pktmbuf_data_len(m) - offset;
+	if (srclen <= l) {
+		if (CMAC_Update(ctx, (unsigned char *)src, srclen) != 1)
+			goto process_auth_err;
+		goto process_auth_final;
+	}
+
+	if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+		goto process_auth_err;
+
+	n -= l;
+
+	for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
+		src = rte_pktmbuf_mtod(m, uint8_t *);
+		l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
+		if (CMAC_Update(ctx, (unsigned char *)src, l) != 1)
+			goto process_auth_err;
+		n -= l;
+	}
+
+process_auth_final:
+	if (CMAC_Final(ctx, dst, (size_t *)&dstlen) != 1)
+		goto process_auth_err;
+
+	CMAC_CTX_cleanup(ctx);
+
+	return 0;
+
+process_auth_err:
+	OPENSSL_LOG(ERR, "Process openssl cmac auth failed");
+	return -EINVAL;
+}
 # endif
 /*----------------------------------------------------------------------------*/
 
@@ -1700,9 +1804,11 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 	EVP_MD_CTX *ctx_a;
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
 	EVP_MAC_CTX *ctx_h;
+	EVP_MAC_CTX *ctx_c;
 	EVP_MAC *mac;
 # else
 	HMAC_CTX *ctx_h;
+	CMAC_CTX *ctx_c;
 # endif
 
 	srclen = op->sym->auth.data.length;
@@ -1724,7 +1830,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 		ctx_h = EVP_MAC_CTX_new(mac);
 		ctx_h = EVP_MAC_CTX_dup(sess->auth.hmac.ctx);
 		EVP_MAC_free(mac);
-		status = process_openssl_auth_hmac(mbuf_src, dst,
+		status = process_openssl_auth_mac(mbuf_src, dst,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
 # else
@@ -1734,6 +1840,24 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
 		HMAC_CTX_free(ctx_h);
+# endif
+		break;
+	case OPENSSL_AUTH_AS_CMAC:
+# if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
+		ctx_c = EVP_MAC_CTX_new(mac);
+		ctx_c = EVP_MAC_CTX_dup(sess->auth.cmac.ctx);
+		EVP_MAC_free(mac);
+		status = process_openssl_auth_mac(mbuf_src, dst,
+				op->sym->auth.data.offset, srclen,
+				ctx_c);
+# else
+		ctx_c = CMAC_CTX_new();
+		CMAC_CTX_copy(ctx_c, sess->auth.cmac.ctx);
+		status = process_openssl_auth_cmac(mbuf_src, dst,
+				op->sym->auth.data.offset, srclen,
+				ctx_c);
+		CMAC_CTX_free(ctx_c);
 # endif
 		break;
 	default:
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 3e24ef94f7..f7ddbf9c73 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -394,6 +394,26 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
 			}, }
 		}, }
 	},
+	{	/* AES CMAC (AUTH) */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_AES_CMAC,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 8
+				},
+				.digest_size = {
+					.min = 4,
+					.max = 16,
+					.increment = 4
+				},
+			}, }
+		}, }
+	},
 	{	/* 3DES CBC */
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
 		{.sym = {
-- 
2.25.1


^ permalink raw reply	[flat|nested] 19+ messages in thread

* RE: [PATCH v5 1/1] crypto/openssl: support aes cmac operations
  2022-07-18 16:25                 ` [PATCH v5 1/1] crypto/openssl: support aes cmac operations Ashwin Sekhar T K
@ 2022-07-18 16:54                   ` Ji, Kai
  2022-08-26  8:52                     ` Akhil Goyal
  0 siblings, 1 reply; 19+ messages in thread
From: Ji, Kai @ 2022-07-18 16:54 UTC (permalink / raw)
  To: Ashwin Sekhar T K
  Cc: anoobj, dev, gakhil, hkalra, jerinj, kirankumark, ndabilpuram,
	pbhagavatula, psatheesh, Zhang, Roy Fan, skori, skoteshwar



> -----Original Message-----
> From: Ashwin Sekhar T K <asekhar@marvell.com>
> Sent: Monday, July 18, 2022 5:25 PM
> To: asekhar@marvell.com
> Cc: anoobj@marvell.com; dev@dpdk.org; gakhil@marvell.com;
> hkalra@marvell.com; jerinj@marvell.com; kirankumark@marvell.com;
> ndabilpuram@marvell.com; pbhagavatula@marvell.com;
> psatheesh@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>;
> skori@marvell.com; skoteshwar@marvell.com
> Subject: [PATCH v5 1/1] crypto/openssl: support aes cmac operations
> 
> Extend openssl crypto PMD to support AES CMAC operations.
> 
> Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
> ---
Acked-by: Kai Ji <kai.ji@intel.com>

^ permalink raw reply	[flat|nested] 19+ messages in thread

* RE: [PATCH v2] crypto/ipsec_mb: enable support for arm64
  2022-06-30 15:41 ` [PATCH v2] crypto/ipsec_mb: enable support for arm64 Ashwin Sekhar T K
  2022-07-04 14:47   ` Zhang, Roy Fan
@ 2022-07-27  8:29   ` Ruifeng Wang
  2022-07-27  8:48     ` Ashwin Sekhar Thalakalath Kottilveetil
  2022-08-26  8:45     ` Akhil Goyal
  1 sibling, 2 replies; 19+ messages in thread
From: Ruifeng Wang @ 2022-07-27  8:29 UTC (permalink / raw)
  To: Ashwin Sekhar T K, dev, Fan Zhang, Pablo de Lara
  Cc: jerinj, skori, skoteshwar, pbhagavatula, kirankumark, psatheesh,
	anoobj, gakhil, hkalra, ndabilpuram, nd

> -----Original Message-----
> From: Ashwin Sekhar T K <asekhar@marvell.com>
> Sent: Thursday, June 30, 2022 11:41 PM
> To: dev@dpdk.org; Fan Zhang <roy.fan.zhang@intel.com>; Pablo de Lara
> <pablo.de.lara.guarch@intel.com>
> Cc: jerinj@marvell.com; skori@marvell.com; skoteshwar@marvell.com;
> pbhagavatula@marvell.com; kirankumark@marvell.com;
> psatheesh@marvell.com; asekhar@marvell.com; anoobj@marvell.com;
> gakhil@marvell.com; hkalra@marvell.com; ndabilpuram@marvell.com
> Subject: [PATCH v2] crypto/ipsec_mb: enable support for arm64

Code change looks good to me.
Arm64 support is not fully enabled with this patch alone.
There is a patch to fix the remaining:
http://patches.dpdk.org/project/dpdk/patch/20220727081352.1333695-3-ruifeng.wang@arm.com/
Appreciate it if you can review that one.

Thanks.
> 
> Enable support for arm64 architecture in ipsec_mb. x86 specific code is
> conditionally compiled only for x86 architecture builds. Other architectures
> will be unsupported.
> 
> Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
> ---
>  drivers/crypto/ipsec_mb/ipsec_mb_private.c | 7 +++++++
> drivers/crypto/ipsec_mb/ipsec_mb_private.h | 3 ++-
>  2 files changed, 9 insertions(+), 1 deletion(-)
> 

<snip>

^ permalink raw reply	[flat|nested] 19+ messages in thread

* RE: [PATCH v2] crypto/ipsec_mb: enable support for arm64
  2022-07-27  8:29   ` Ruifeng Wang
@ 2022-07-27  8:48     ` Ashwin Sekhar Thalakalath Kottilveetil
  2022-08-26  8:45     ` Akhil Goyal
  1 sibling, 0 replies; 19+ messages in thread
From: Ashwin Sekhar Thalakalath Kottilveetil @ 2022-07-27  8:48 UTC (permalink / raw)
  To: Ruifeng Wang, dev, Fan Zhang, Pablo de Lara
  Cc: Jerin Jacob Kollanukkaran, Sunil Kumar Kori,
	Satha Koteswara Rao Kottidi, Pavan Nikhilesh Bhagavatula,
	Kiran Kumar Kokkilagadda, Satheesh Paul Antonysamy, Anoob Joseph,
	Akhil Goyal, Harman Kalra, Nithin Kumar Dabilpuram, nd

Hi Ruifeng,

Thanks for this. Initially, I had made a local hack to my IPSEC MB build script which was creating intel-ipsec-mb.h as a softlink to ipsec-mb.h .

Later I forgot to remove this hack. So I didn't catch this. 

Regards,
Ashwin Sekhar T K 

> -----Original Message-----
> From: Ruifeng Wang <Ruifeng.Wang@arm.com>
> Sent: Wednesday, July 27, 2022 1:59 PM
> To: Ashwin Sekhar Thalakalath Kottilveetil <asekhar@marvell.com>;
> dev@dpdk.org; Fan Zhang <roy.fan.zhang@intel.com>; Pablo de Lara
> <pablo.de.lara.guarch@intel.com>
> Cc: Jerin Jacob Kollanukkaran <jerinj@marvell.com>; Sunil Kumar Kori
> <skori@marvell.com>; Satha Koteswara Rao Kottidi
> <skoteshwar@marvell.com>; Pavan Nikhilesh Bhagavatula
> <pbhagavatula@marvell.com>; Kiran Kumar Kokkilagadda
> <kirankumark@marvell.com>; Satheesh Paul Antonysamy
> <psatheesh@marvell.com>; Anoob Joseph <anoobj@marvell.com>; Akhil
> Goyal <gakhil@marvell.com>; Harman Kalra <hkalra@marvell.com>; Nithin
> Kumar Dabilpuram <ndabilpuram@marvell.com>; nd <nd@arm.com>
> Subject: [EXT] RE: [PATCH v2] crypto/ipsec_mb: enable support for arm64
> 
> External Email
> 
> ----------------------------------------------------------------------
> > -----Original Message-----
> > From: Ashwin Sekhar T K <asekhar@marvell.com>
> > Sent: Thursday, June 30, 2022 11:41 PM
> > To: dev@dpdk.org; Fan Zhang <roy.fan.zhang@intel.com>; Pablo de Lara
> > <pablo.de.lara.guarch@intel.com>
> > Cc: jerinj@marvell.com; skori@marvell.com; skoteshwar@marvell.com;
> > pbhagavatula@marvell.com; kirankumark@marvell.com;
> > psatheesh@marvell.com; asekhar@marvell.com; anoobj@marvell.com;
> > gakhil@marvell.com; hkalra@marvell.com; ndabilpuram@marvell.com
> > Subject: [PATCH v2] crypto/ipsec_mb: enable support for arm64
> 
> Code change looks good to me.
> Arm64 support is not fully enabled with this patch alone.
> There is a patch to fix the remaining:
> https://urldefense.proofpoint.com/v2/url?u=http-
> 3A__patches.dpdk.org_project_dpdk_patch_20220727081352.1333695-2D3-
> 2Druifeng.wang-
> 40arm.com_&d=DwIFAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=pYk-QOhvnkU-
> _75y0NKSn535ZotEGI_E69Py3Ppondk&m=nIGG87_fioLU92q775kMzq4KXXGT
> 5MnFSBch7NESxGBy-cjDWvDRIxpVc-
> 1bktjm&s=cMiUUrOKfZfSMCLVfjm77R8K0aIB6lhpWhmNh_o0SGM&e=
> Appreciate it if you can review that one.
> 
> Thanks.
> >
> > Enable support for arm64 architecture in ipsec_mb. x86 specific code
> > is conditionally compiled only for x86 architecture builds. Other
> > architectures will be unsupported.
> >
> > Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
> > ---
> >  drivers/crypto/ipsec_mb/ipsec_mb_private.c | 7 +++++++
> > drivers/crypto/ipsec_mb/ipsec_mb_private.h | 3 ++-
> >  2 files changed, 9 insertions(+), 1 deletion(-)
> >
> 
> <snip>

^ permalink raw reply	[flat|nested] 19+ messages in thread

* RE: [PATCH v2] crypto/ipsec_mb: enable support for arm64
  2022-07-27  8:29   ` Ruifeng Wang
  2022-07-27  8:48     ` Ashwin Sekhar Thalakalath Kottilveetil
@ 2022-08-26  8:45     ` Akhil Goyal
  1 sibling, 0 replies; 19+ messages in thread
From: Akhil Goyal @ 2022-08-26  8:45 UTC (permalink / raw)
  To: Ruifeng Wang, Ashwin Sekhar T K, dev, Fan Zhang, Pablo de Lara
  Cc: Jerin Jacob Kollanukkaran, Sunil Kumar Kori,
	Satha Koteswara Rao Kottidi, Pavan Nikhilesh Bhagavatula,
	Kiran Kumar Kokkilagadda, Satheesh Paul Antonysamy, Anoob Joseph,
	Harman Kalra, Nithin Kumar Dabilpuram, nd

> > Subject: [PATCH v2] crypto/ipsec_mb: enable support for arm64
> 
> Code change looks good to me.
> Arm64 support is not fully enabled with this patch alone.
> There is a patch to fix the remaining:
> http://patches.dpdk.org/project/dpdk/patch/20220727081352.1333695-3-ruifeng.wang@arm.com/
> Appreciate it if you can review that one.
> 
> Thanks.
> >
> > Enable support for arm64 architecture in ipsec_mb. x86 specific code is
> > conditionally compiled only for x86 architecture builds. Other architectures
> > will be unsupported.
> >
> > Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
Applied to dpdk-next-crypto

Above patchset from Ruifeng is also merged.

Thanks.

^ permalink raw reply	[flat|nested] 19+ messages in thread

* RE: [PATCH v5 1/1] crypto/openssl: support aes cmac operations
  2022-07-18 16:54                   ` Ji, Kai
@ 2022-08-26  8:52                     ` Akhil Goyal
  0 siblings, 0 replies; 19+ messages in thread
From: Akhil Goyal @ 2022-08-26  8:52 UTC (permalink / raw)
  To: Ji, Kai, Ashwin Sekhar T K
  Cc: Anoob Joseph, dev, Harman Kalra, Jerin Jacob Kollanukkaran,
	Kiran Kumar Kokkilagadda, Nithin Kumar Dabilpuram,
	Pavan Nikhilesh Bhagavatula, Satheesh Paul Antonysamy, Zhang,
	Roy Fan, Sunil Kumar Kori, Satha Koteswara Rao Kottidi

> > Subject: [PATCH v5 1/1] crypto/openssl: support aes cmac operations
> >
> > Extend openssl crypto PMD to support AES CMAC operations.
> >
> > Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
> > ---
> Acked-by: Kai Ji <kai.ji@intel.com>

Applied to dpdk-next-crypto

Thanks.

^ permalink raw reply	[flat|nested] 19+ messages in thread

end of thread, other threads:[~2022-08-26  8:52 UTC | newest]

Thread overview: 19+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-10 16:28 [PATCH] crypto/openssl: support cmac operations Ashwin Sekhar T K
2022-06-17 10:11 ` Zhang, Roy Fan
2022-07-18  6:07   ` [PATCH v2 0/1] crypto/openssl: add aes cmac support Ashwin Sekhar T K
2022-07-18  6:07     ` [PATCH v2 1/1] crypto/openssl: support aes cmac operations Ashwin Sekhar T K
2022-07-18  9:12       ` [PATCH v3 0/1] crypto/openssl: add aes cmac support Ashwin Sekhar T K
2022-07-18  9:12         ` [PATCH v3 1/1] crypto/openssl: support aes cmac operations Ashwin Sekhar T K
2022-07-18  9:18           ` [PATCH v4 0/1] crypto/openssl: add aes cmac support Ashwin Sekhar T K
2022-07-18  9:18             ` [PATCH v4 1/1] crypto/openssl: support aes cmac operations Ashwin Sekhar T K
2022-07-18 16:25               ` [PATCH v5 0/1] crypto/openssl: add aes cmac support Ashwin Sekhar T K
2022-07-18 16:25                 ` [PATCH v5 1/1] crypto/openssl: support aes cmac operations Ashwin Sekhar T K
2022-07-18 16:54                   ` Ji, Kai
2022-08-26  8:52                     ` Akhil Goyal
2022-07-18 13:57             ` [PATCH v4 0/1] crypto/openssl: add aes cmac support Ji, Kai
2022-07-18 16:18               ` Ashwin Sekhar Thalakalath Kottilveetil
2022-06-30 15:41 ` [PATCH v2] crypto/ipsec_mb: enable support for arm64 Ashwin Sekhar T K
2022-07-04 14:47   ` Zhang, Roy Fan
2022-07-27  8:29   ` Ruifeng Wang
2022-07-27  8:48     ` Ashwin Sekhar Thalakalath Kottilveetil
2022-08-26  8:45     ` Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).