crypto/openssl: add SM2 capabilities

Include capabilities for SM2 operations.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-b

crypto/openssl: add SM2 capabilities

Include capabilities for SM2 operations.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>

show more ...

cryptodev: move RSA padding information into xform

RSA padding information could be a xform entity rather than part of
crypto op, as it seems associated with hashing algorithm used for
the entire cr

cryptodev: move RSA padding information into xform

RSA padding information could be a xform entity rather than part of
crypto op, as it seems associated with hashing algorithm used for
the entire crypto session, where this algorithm is used in message
digest itself. Even in virtIO standard spec, this info is associated
in the asymmetric session creation. Hence, moving this info from
crypto op into xform structure.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

crypto/openssl: support EdDSA

Support EdDSA crypto algorithm in OpenSSL PMD.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Kai Ji <kai.ji@intel.com>

drivers: remove redundant newline from logs

Fix places where two newline characters may be logged.

Cc: stable@dpdk.org

Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Chengwen

drivers: remove redundant newline from logs

Fix places where two newline characters may be logged.

Cc: stable@dpdk.org

Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Chengwen Feng <fengchengwen@huawei.com>

show more ...

crypto/openssl: make per-QP auth context clones

Currently EVP auth ctxs (e.g. EVP_MD_CTX, EVP_MAC_CTX) are allocated,
copied to (from openssl_session), and then freed for every auth
operation (ie. p

crypto/openssl: make per-QP auth context clones

Currently EVP auth ctxs (e.g. EVP_MD_CTX, EVP_MAC_CTX) are allocated,
copied to (from openssl_session), and then freed for every auth
operation (ie. per packet). This is very inefficient, and avoidable.

Make each openssl_session hold an array of structures, containing
pointers to per-queue-pair cipher and auth context copies. These are
populated on first use by allocating a new context and copying from the
main context. These copies can then be used in a thread-safe manner by
different worker lcores simultaneously. Consequently the auth context
allocation and copy only has to happen once - the first time a given qp
uses an openssl_session. This brings about a large performance boost.

Throughput performance uplift measurements for HMAC-SHA1 generate on
Ampere Altra Max platform:
1 worker lcore
| buffer sz (B) | prev (Gbps) | optimised (Gbps) | uplift |
|-----------------+---------------+--------------------+----------|
| 64 | 0.63 | 1.42 | 123.5% |
| 256 | 2.24 | 4.40 | 96.4% |
| 1024 | 6.15 | 9.26 | 50.6% |
| 2048 | 8.68 | 11.38 | 31.1% |
| 4096 | 10.92 | 12.84 | 17.6% |

8 worker lcores
| buffer sz (B) | prev (Gbps) | optimised (Gbps) | uplift |
|-----------------+---------------+--------------------+----------|
| 64 | 0.93 | 11.35 | 1122.5% |
| 256 | 3.70 | 35.30 | 853.7% |
| 1024 | 15.22 | 74.27 | 387.8% |
| 2048 | 30.20 | 91.08 | 201.6% |
| 4096 | 56.92 | 102.76 | 80.5% |

Cc: stable@dpdk.org

Signed-off-by: Jack Bond-Preston <jack.bond-preston@foss.arm.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Reviewed-by: Wathsala Vithanage <wathsala.vithanage@arm.com>

show more ...

crypto/openssl: make per-QP cipher context clones

Currently EVP_CIPHER_CTXs are allocated, copied to (from
openssl_session), and then freed for every cipher operation (ie. per
packet). This is very

crypto/openssl: make per-QP cipher context clones

Currently EVP_CIPHER_CTXs are allocated, copied to (from
openssl_session), and then freed for every cipher operation (ie. per
packet). This is very inefficient, and avoidable.

Make each openssl_session hold an array of pointers to per-queue-pair
cipher context copies. These are populated on first use by allocating a
new context and copying from the main context. These copies can then be
used in a thread-safe manner by different worker lcores simultaneously.
Consequently the cipher context allocation and copy only has to happen
once - the first time a given qp uses an openssl_session. This brings
about a large performance boost.

Throughput performance uplift measurements for AES-CBC-128 encrypt on
Ampere Altra Max platform:
1 worker lcore
| buffer sz (B) | prev (Gbps) | optimised (Gbps) | uplift |
|-----------------+---------------+--------------------+----------|
| 64 | 1.51 | 2.94 | 94.4% |
| 256 | 4.90 | 8.05 | 64.3% |
| 1024 | 11.07 | 14.21 | 28.3% |
| 2048 | 14.03 | 16.28 | 16.0% |
| 4096 | 16.20 | 17.59 | 8.6% |

8 worker lcores
| buffer sz (B) | prev (Gbps) | optimised (Gbps) | uplift |
|-----------------+---------------+--------------------+----------|
| 64 | 3.05 | 23.74 | 678.8% |
| 256 | 10.46 | 64.86 | 520.3% |
| 1024 | 40.97 | 113.80 | 177.7% |
| 2048 | 73.25 | 130.21 | 77.8% |
| 4096 | 103.89 | 140.62 | 35.4% |

Cc: stable@dpdk.org

Signed-off-by: Jack Bond-Preston <jack.bond-preston@foss.arm.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Reviewed-by: Wathsala Vithanage <wathsala.vithanage@arm.com>

show more ...

crypto/openssl: fix memory leaks in asym session

Numerous memory leaks were detected by ASAN
in the OpenSSL PMD asymmetric code path.

These are now fixed to free all variables allocated
by OpenSSL

crypto/openssl: fix memory leaks in asym session

Numerous memory leaks were detected by ASAN
in the OpenSSL PMD asymmetric code path.

These are now fixed to free all variables allocated
by OpenSSL functions such as BN_bin2bn and
OSSL_PARAM_BLD_new.

Some need to exist until the op is processed,
for example the BIGNUMs associated with DSA.
The pointers for these are added to the private
asym session so they can be accessed later when calling free.

Some cases need to be treated differently if OpenSSL < 3.0.
It has slightly different handling of memory, as functions such as
RSA_set0_key() take over memory management of values,
so the caller should not free the values.

Fixes: 4c7ae22f1f83 ("crypto/openssl: update DSA routine with 3.0 EVP API")
Fixes: c794b40c9258 ("crypto/openssl: update DH routine with 3.0 EVP API")
Fixes: 3b7d638fb11f ("crypto/openssl: support asymmetric SM2")
Fixes: ac42813a0a7c ("crypto/openssl: add DH and DSA asym operations")
Fixes: d7bd42f6db19 ("crypto/openssl: update RSA routine with 3.0 EVP API")
Fixes: 9d91c3047dfd ("crypto/openssl: fix memory leaks in asym operations")
Cc: stable@dpdk.org

Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>

show more ...

crypto/openssl: fix memory leaks in asym operations

Fix memory leaks in Asymmetric ops, as reported by Valgrind.

Fixes: 4c7ae22f1f83 ("crypto/openssl: update DSA routine with 3.0 EVP API")
Fixes: c

crypto/openssl: fix memory leaks in asym operations

Fix memory leaks in Asymmetric ops, as reported by Valgrind.

Fixes: 4c7ae22f1f83 ("crypto/openssl: update DSA routine with 3.0 EVP API")
Fixes: c794b40c9258 ("crypto/openssl: update DH routine with 3.0 EVP API")
Fixes: 3b7d638fb11f ("crypto/openssl: support asymmetric SM2")
Fixes: ac42813a0a7c ("crypto/openssl: add DH and DSA asym operations")
Fixes: d7bd42f6db19 ("crypto/openssl: update RSA routine with 3.0 EVP API")
Cc: stable@dpdk.org

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Ciara Power <ciara.power@intel.com>

show more ...

crypto/openssl: remove null checks before free

Found with nullfree.cocci

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Kai Ji <kai.ji@intel.com>

cryptodev: add RNG capability in EC based xform

Elliptic curve based asymmetric operations use cryptographically
secure random number in its computation. If PMD supports RNG
for such ops, the applic

cryptodev: add RNG capability in EC based xform

Elliptic curve based asymmetric operations use cryptographically
secure random number in its computation. If PMD supports RNG
for such ops, the application could skip computing on its own.
This patch adds new field in asymmetric capability to declare
this capability.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>

show more ...

cryptodev: set private and public keys in EC session

The EC private and public keys can be maintained per session,
hence, moved these keys from per packet asym op to EC xform.

Signed-off-by: Gowris

cryptodev: set private and public keys in EC session

The EC private and public keys can be maintained per session,
hence, moved these keys from per packet asym op to EC xform.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Ciara Power <ciara.power@intel.com>

show more ...

cryptodev: use generic EC xform params for SM2

SM2 curve could use generic EC xform as it is yet another EC.
This would also require SM2 curve ID enumerated
along with other curves, as listed in:
ht

cryptodev: use generic EC xform params for SM2

SM2 curve could use generic EC xform as it is yet another EC.
This would also require SM2 curve ID enumerated
along with other curves, as listed in:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>

show more ...

cryptodev: add hash algorithms in asymmetric capability

Most of the asymmetric operations start with hash of the input.
But a PMD might also support only plain input (eg openssl).
Add a new field in

cryptodev: add hash algorithms in asymmetric capability

Most of the asymmetric operations start with hash of the input.
But a PMD might also support only plain input (eg openssl).
Add a new field in asymmetric capability to declare support
for hash operations that PMD can support for the asymmetric
operations. Application can skip computing hash if PMD already
supports it.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>

show more ...

crypto/openssl: fix SM2 asymmetric capabilities

Included SM2 algorithm in the asymmetric capabilities
supported by OpenSSL PMD.

Fixes: 3b7d638fb11f ("crypto/openssl: support asymmetric SM2")
Cc: st

crypto/openssl: fix SM2 asymmetric capabilities

Included SM2 algorithm in the asymmetric capabilities
supported by OpenSSL PMD.

Fixes: 3b7d638fb11f ("crypto/openssl: support asymmetric SM2")
Cc: stable@dpdk.org

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>

show more ...

crypto/openssl: check for SM2 support in OpenSSL 3.x lib

In some version of OpenSSL 3 lib (for an instance, in linux
distribution), if SM2 is not supported, driver should return
error.

Bugzilla ID:

crypto/openssl: check for SM2 support in OpenSSL 3.x lib

In some version of OpenSSL 3 lib (for an instance, in linux
distribution), if SM2 is not supported, driver should return
error.

Bugzilla ID: 1250
Fixes: 3b7d638fb11f ("crypto/openssl: support asymmetric SM2")

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

show more ...

crypto/openssl: fix SM2 for old OpenSSL

Currently when configuring the session for SM2 asym on OpenSSL PMD using
an older OpenSSL version than 3.0, an error returns,
showing a failure status for tes

crypto/openssl: fix SM2 for old OpenSSL

Currently when configuring the session for SM2 asym on OpenSSL PMD using
an older OpenSSL version than 3.0, an error returns,
showing a failure status for tests.

This should skip tests, as the SM2 support is for OpenSSL version 3.0+.

Fixes: 3b7d638fb11f ("crypto/openssl: support asymmetric SM2")

Signed-off-by: Ciara Power <ciara.power@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Acked-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>

show more ...

crypto/openssl: support asymmetric SM2

Add SM2 asymmetric algorithm support in openssl PMD.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvel

crypto/openssl: support asymmetric SM2

Add SM2 asymmetric algorithm support in openssl PMD.

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

cryptodev: add algo enums to string conversion API

Symmetric/Asymmetric algorithm strings are accessed by application
using arrays in cryptodev lib, which hampers new algorithms addition
in the arra

cryptodev: add algo enums to string conversion API

Symmetric/Asymmetric algorithm strings are accessed by application
using arrays in cryptodev lib, which hampers new algorithms addition
in the array due to ABI breakage.
These arrays are now deprecated and will be removed in next ABI break
release.
New APIs are added for getting the algorithm strings based on enum values.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Ciara Power <ciara.power@intel.com>
Acked-by: Fan Zhang <fanzhang.oss@gmail.com>

show more ...

cryptodev: hide symmetric session structure

Structure rte_cryptodev_sym_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaq

cryptodev: hide symmetric session structure

Structure rte_cryptodev_sym_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>

show more ...

cryptodev: rework session framework

As per current design, rte_cryptodev_sym_session_create() and
rte_cryptodev_sym_session_init() use separate mempool objects
for a single session.
And structure rt

cryptodev: rework session framework

As per current design, rte_cryptodev_sym_session_create() and
rte_cryptodev_sym_session_init() use separate mempool objects
for a single session.
And structure rte_cryptodev_sym_session is not directly used
by the application, it may cause ABI breakage if the structure
is modified in future.

To address these two issues, the rte_cryptodev_sym_session_create
will take one mempool object that the session and session private
data are virtually/physically contiguous, and initializes both
fields. The API rte_cryptodev_sym_session_init is removed.

rte_cryptodev_sym_session_create will now return an opaque session
pointer which will be used by the app and other APIs.

In data path, opaque session pointer is attached to rte_crypto_op
and the PMD can call an internal library API to get the session
private data pointer based on the driver id.

Note: currently single session may be used by different device
drivers, given it is initialized by them. After the change the
session created by one device driver cannot be used or
reinitialized by another driver.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
Signed-off-by: Ruifeng Wang <ruifeng.wang@arm.com>
Acked-by: Kai Ji <kai.ji@intel.com>
Tested-by: Gagandeep Singh <g.singh@nxp.com>
Tested-by: David Coyle <david.coyle@intel.com>
Tested-by: Kevin O'Sullivan <kevin.osullivan@intel.com>

show more ...

crypto/openssl: support AES-CMAC operations

Extend openssl crypto PMD to support AES CMAC operations.

Signed-off-by: Ashwin Sekhar T K <asekhar@marvell.com>
Acked-by: Kai Ji <kai.ji@intel.com>

crypto/openssl: fix 3.0 EVP_PKEY usage in RSA operations

EVP_PKEY function need to be called twice for RSA sign
and verify operations in 3.0 EVP API. Original OpenSSL
1.x routines are untouched. The

crypto/openssl: fix 3.0 EVP_PKEY usage in RSA operations

EVP_PKEY function need to be called twice for RSA sign
and verify operations in 3.0 EVP API. Original OpenSSL
1.x routines are untouched. The OPENSSL_API_COMPAT is
also removed as the driver now supports OpenSSL 3.0 lib
as well when it is detected on the host.

Fixes: d7bd42f6db19 ("crypto/openssl: update RSA routine with 3.0 EVP API")

Signed-off-by: Kai Ji <kai.ji@intel.com>

show more ...

crypto/openssl: update DSA routine with 3.0 EVP API

This patch updates asymmetric DSA routine in crypto openssl pmd
to adopt openssl 3.0 EVP apis. Divided the single combined DSA sign
test to two in

crypto/openssl: update DSA routine with 3.0 EVP API

This patch updates asymmetric DSA routine in crypto openssl pmd
to adopt openssl 3.0 EVP apis. Divided the single combined DSA sign
test to two individual DSA sign and DSA verfiy tests.

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

crypto/openssl: update DH routine with 3.0 EVP API

This patch updates asymmetric DH routine in crypto openssl pmd
to adopt openssl 3.0 EVP apis.

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: F

crypto/openssl: update DH routine with 3.0 EVP API

This patch updates asymmetric DH routine in crypto openssl pmd
to adopt openssl 3.0 EVP apis.

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...

crypto/openssl: update RSA routine with 3.0 EVP API

This patch updates asymmetric RSA routine in crypto openssl pmd
to adopt openssl 3.0 EVP apis.

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by:

crypto/openssl: update RSA routine with 3.0 EVP API

This patch updates asymmetric RSA routine in crypto openssl pmd
to adopt openssl 3.0 EVP apis.

Signed-off-by: Kai Ji <kai.ji@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

show more ...