from:"Dooley, Brian"

RE: [v1 2/2] examples/fips_validation: add ECDSA validation

2022-10-17 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Tuesday, September 27, 2022 8:31 AM
> To: dev@dpdk.org
> Cc: Anoob Joseph ; Zhang, Roy Fan
> ; Dooley, Brian ; Akhil
> Goyal ; jer...@marvell.com; Gowrishankar
> Muthukrishnan 
> Subject: [v1 2/2] examples/fips_validation: add ECDSA validation
> 
> This patch adds support in fips_validation app to validate ECDSA.
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  doc/guides/sample_app_ug/fips_validation.rst  |   1 +
>  examples/fips_validation/fips_validation.c|   2 +
>  examples/fips_validation/fips_validation.h|  27 ++
>  .../fips_validation/fips_validation_ecdsa.c   | 431 ++
>  examples/fips_validation/main.c   | 210 -
>  examples/fips_validation/meson.build  |   1 +
>  6 files changed, 669 insertions(+), 3 deletions(-)  create mode 100644
> examples/fips_validation/fips_validation_ecdsa.c
> 
> diff --git a/doc/guides/sample_app_ug/fips_validation.rst
> b/doc/guides/sample_app_ug/fips_validation.rst
> index 5e9ad2d006..3a2357eaa9 100644
> --- a/doc/guides/sample_app_ug/fips_validation.rst
> +++ b/doc/guides/sample_app_ug/fips_validation.rst
> @@ -67,6 +67,7 @@ ACVP
>  * TDES-CBC - AFT, MCT
>  * TDES-ECB - AFT, MCT
>  * RSA
> +* ECDSA
> 
> 
>  Application Information
> diff --git a/examples/fips_validation/fips_validation.c
> b/examples/fips_validation/fips_validation.c
> index 5d485a2bd5..55f68a7ae0 100644
> --- a/examples/fips_validation/fips_validation.c
> +++ b/examples/fips_validation/fips_validation.c
> @@ -473,6 +473,8 @@ fips_test_parse_one_json_vector_set(void)
>   info.algo = FIPS_TEST_ALGO_TDES;
>   else if (strstr(algo_str, "RSA"))
>   info.algo = FIPS_TEST_ALGO_RSA;
> + else if (strstr(algo_str, "ECDSA"))
> + info.algo = FIPS_TEST_ALGO_ECDSA;
>   else
>   return -EINVAL;
> 
> diff --git a/examples/fips_validation/fips_validation.h
> b/examples/fips_validation/fips_validation.h
> index 7cbbc1f084..f9dfbecd5d 100644
> --- a/examples/fips_validation/fips_validation.h
> +++ b/examples/fips_validation/fips_validation.h
> @@ -43,6 +43,7 @@ enum fips_test_algorithms {
>   FIPS_TEST_ALGO_TDES,
>   FIPS_TEST_ALGO_SHA,
>   FIPS_TEST_ALGO_RSA,
> + FIPS_TEST_ALGO_ECDSA,
>   FIPS_TEST_ALGO_MAX
>  };
> 
> @@ -94,6 +95,15 @@ struct fips_test_vector {
>   struct fips_val dq;
>   struct fips_val qinv;
>   } rsa;
> + struct {
> + struct fips_val seed;
> + struct fips_val pkey;
> + struct fips_val qx;
> + struct fips_val qy;
> + struct fips_val r;
> + struct fips_val s;
> + struct fips_val k;
> + } ecdsa;
> 
>   struct fips_val pt;
>   struct fips_val ct;
> @@ -159,6 +169,10 @@ enum fips_rsa_test_types {
>   RSA_KAT
>  };
> 
> +enum fips_ecdsa_test_types {
> + ECDSA_AFT = 0,
> +};
> +
>  struct aesavs_interim_data {
>   enum fips_aesavs_test_types test_type;
>   uint32_t cipher_algo;
> @@ -213,6 +227,14 @@ struct rsa_interim_data {
>   uint8_t random_msg;
>  };
> 
> +struct ecdsa_interim_data {
> + enum rte_crypto_auth_algorithm auth;
> + enum rte_crypto_curve_id curve_id;
> + u_int8_t curve_len;
> + uint8_t random_msg;
> + uint8_t pubkey_gen;
> +};
> +
>  #ifdef USE_JANSSON
>  /*
>   * Maximum length of buffer to hold any json string.
> @@ -259,6 +281,7 @@ struct fips_test_interim_info {
>   struct gcm_interim_data gcm_data;
>   struct xts_interim_data xts_data;
>   struct rsa_interim_data rsa_data;
> + struct ecdsa_interim_data ecdsa_data;
>   } interim_info;
> 
>   enum fips_test_op op;
> @@ -268,6 +291,7 @@ struct fips_test_interim_info {
>   const struct fips_test_callback *writeback_callbacks;
> 
>   post_prcess_t parse_interim_writeback;
> + post_prcess_t post_interim_writeback;
>   post_prcess_t parse_writeback;
>   post_prcess_t kat_check;
>  };
> @@ -338,6 +362,9 @@ parse_test_tdes_json_init(void);  int
> parse_test_rsa_json_init(void);
> 
> +int
> +parse_test_ecdsa_json_init(void);
> +
>  int
>  fips_test_randomize_message(struct fips_val *msg, struct fips_val *rand);
> #endif /* USE_JANSSON */ diff --git
> a/examples/fips_validation/fips_validation_ecdsa.c
> b/examples/fips_validation/fips_validation_ecdsa.c
> new file mode 100644
> index 00..2bac348052
> --- /dev/null

RE: [v1] examples/fips_validation: fix test output for AES GMAC decrypt

2022-10-18 Thread Dooley, Brian

Hi Gowrishankar,

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Monday, October 17, 2022 9:16 AM
> To: dev@dpdk.org
> Cc: Anoob Joseph ; Dooley, Brian
> ; Akhil Goyal ;
> jer...@marvell.com; Gowrishankar Muthukrishnan
> 
> Subject: [v1] examples/fips_validation: fix test output for AES GMAC decrypt
> 
> AES GMAC decrypt test should output only whether test passed or failed.
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  examples/fips_validation/fips_validation_gcm.c | 11 ---
>  1 file changed, 8 insertions(+), 3 deletions(-)
> 


Reviewed-by: Brian Dooley

RE: [PATCH] crypto/ipsec_mb: fix zuc256 maximum tag length

2023-02-02 Thread Dooley, Brian

Hi Ciara,

> -Original Message-
> From: Ciara Power 
> Sent: Tuesday 31 January 2023 17:20
> To: Ji, Kai ; De Lara Guarch, Pablo
> 
> Cc: dev@dpdk.org; Power, Ciara 
> Subject: [PATCH] crypto/ipsec_mb: fix zuc256 maximum tag length
> 
> The AESNI_MB PMD supports 8 and 16 byte tag lengths for ZUC256 when
> intel-ipsec-mb version is 1.3 or newer.
> The conditional check to enable these tag lengths had the incorrect operator,
> which enabled 8 and 16 byte tag lengths for versions below 1.2, which is not
> supported.
> 
> Fixes: 7babda4316f9 ("crypto/ipsec_mb: support all tag sizes for ZUC-EIA3-
> 256")
> Cc: pablo.de.lara.gua...@intel.com
> 
> Signed-off-by: Ciara Power 
> ---
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c  | 2 +-
>  drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> index 147a38932d..ac20d01937 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> @@ -199,7 +199,7 @@ aesni_mb_set_session_auth_parameters(const
> IMB_MGR *mb_mgr,
>   }
>   } else if (xform->auth.key.length == 32) {
>   sess->auth.algo = IMB_AUTH_ZUC256_EIA3_BITLEN;
> -#if IMB_VERSION(1, 2, 0) > IMB_VERSION_NUM
> +#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>   if (sess->auth.req_digest_len != 4 &&
>   sess->auth.req_digest_len != 8 &&
>   sess->auth.req_digest_len != 16) {
> diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> index 55fafbbbec..8a7c74f621 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h
> @@ -566,7 +566,7 @@ static const struct rte_cryptodev_capabilities
> aesni_mb_capabilities[] = {
>   },
>   .digest_size = {
>   .min = 4,
> -#if IMB_VERSION(1, 2, 0) > IMB_VERSION_NUM
> +#if IMB_VERSION(1, 2, 0) < IMB_VERSION_NUM
>   .max = 16,
>   .increment = 4
>  #else
> --
> 2.25.1

Reviewed-by: Brian Dooley

RE: [PATCH v2] common/qat: enable QAT 2.0c devices

2023-09-18 Thread Dooley, Brian

Hi Ciara,

> -Original Message-
> From: Ciara Power 
> Sent: Monday, August 21, 2023 10:34 AM
> To: dev@dpdk.org
> Cc: Kusztal, ArkadiuszX ;
> david.march...@redhat.com; Power, Ciara ; Ji, Kai
> 
> Subject: [PATCH v2] common/qat: enable QAT 2.0c devices
> 
> This commit enables QAT 2.0c devices in the Intel QuickAssist Technology
> PMD.
> These are 4th Generation QAT, 402xx devices.
> 
> Signed-off-by: Ciara Power 
> 
> ---
> v2:
>   - Fixed kernel module.
>   - Modified commit to align naming of new QAT device.
> ---
>  doc/guides/cryptodevs/qat.rst  | 4 
>  doc/guides/rel_notes/release_23_11.rst | 4 
>  drivers/common/qat/qat_device.c| 4 
>  3 files changed, 12 insertions(+)
> 
> diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
> index afdfb0bd22..730113da33 100644
> --- a/doc/guides/cryptodevs/qat.rst
> +++ b/doc/guides/cryptodevs/qat.rst
> @@ -457,6 +457,10 @@ to see the full table)
> 
> +-+-+-+-+--+---+---++---
> -+--+++
> | Yes | No  | No  | 4   | 401xxx   | IDZ/ N/A  | qat_401xxx| 4xxx 
>   |
> 4942   | 2| 4943   | 16 |
> 
> +-+-+-+-+--+---+---++---
> -+--+++
> +   | Yes | Yes | Yes | 4   | 402xx| linux/6.4+| qat_4xxx  | 4xxx 
>   | 4944
> | 2| 4945   | 16 |
> +   
> +-+-+-+-+--+---+---++--
> --+--+++
> +   | Yes | No  | No  | 4   | 402xx| IDZ/ N/A  | qat_4xxx  | 4xxx 
>   | 4944
> | 2| 4945   | 16 |
> +
> + +-+-+-+-+--+---+---+--
> + --++--+++
> 
>  * Note: Symmetric mixed crypto algorithms feature on Gen 2 works only with
> IDZ driver version 4.9.0+
> 
> diff --git a/doc/guides/rel_notes/release_23_11.rst
> b/doc/guides/rel_notes/release_23_11.rst
> index 4411bb32c1..72dfb3fbf0 100644
> --- a/doc/guides/rel_notes/release_23_11.rst
> +++ b/doc/guides/rel_notes/release_23_11.rst
> @@ -72,6 +72,10 @@ New Features
>   Also, make sure to start the actual text at the margin.
>   ===
> 
> +* **Added support for QAT 2.0c devices to Intel QuickAssist Technology
> +PMD.**
> +
> +  * QAT 2.0c (4944) devices are now enabled for QAT.
> +
> 
>  Removed Items
>  -
> diff --git a/drivers/common/qat/qat_device.c
> b/drivers/common/qat/qat_device.c index 2675f0d9d1..cbf1e6a988 100644
> --- a/drivers/common/qat/qat_device.c
> +++ b/drivers/common/qat/qat_device.c
> @@ -50,6 +50,9 @@ static const struct rte_pci_id pci_id_qat_map[] = {
>   {
>   RTE_PCI_DEVICE(0x8086, 0x4943),
>   },
> + {
> + RTE_PCI_DEVICE(0x8086, 0x4945),
> + },
>   {.device_id = 0},
>  };
> 
> @@ -202,6 +205,7 @@ qat_pci_device_allocate(struct rte_pci_device
> *pci_dev,
>   break;
>   case 0x4941:
>   case 0x4943:
> + case 0x4945:
>   qat_dev_gen = QAT_GEN4;
>   break;
>   default:
> --
> 2.25.1

Acked-by: Brian Dooley

RE: [PATCH v1] crypto/aesni_mb: fix typo in error message

2024-07-12 Thread Dooley, Brian

Hi Joel,

> -Original Message-
> From: Joel Kavanagh 
> Sent: Thursday, July 11, 2024 2:15 PM
> To: Thomas Monjalon ; Ji, Kai ; De
> Lara Guarch, Pablo ; Fan Zhang
> ; Ciara Power 
> Cc: dev@dpdk.org; gak...@marvell.com; sta...@dpdk.org; Kavanagh, Joel
> 
> Subject: [PATCH v1] crypto/aesni_mb: fix typo in error message
> 
> This patch fixes a typo in the log message for error allocation.
> The typo incorrectly spelled 'allocating' as 'allocationg' in the log message 
> for
> error allocation.
> 
> Additionally, this commit updates the .mailmap file to ensure proper
> attribution and mapping of contributor email addresses.
> 
> Fixes: f9dfb59 ("crypto/ipsec_mb: support remaining SGL")
> Cc: sta...@dpdk.org
> 
> Signed-off-by: Joel Kavanagh 
> ---
>  .mailmap   | 1 +
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 2 +-
>  2 files changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/.mailmap b/.mailmap
> index f1e64286a1..5b6e30d76c 100644
> --- a/.mailmap
> +++ b/.mailmap
> @@ -681,6 +681,7 @@ Jin Yu   Jiri Slaby 
> Job Abraham   Jochen Behrens
>  
> +Joel Kavanagh 
>  Joey Xing 
>  Johan Faltstrom   Johan Källström
>  diff --git
> a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> index d74946c180..ef4228bd38 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> @@ -1534,7 +1534,7 @@ aesni_mb_digest_appended_in_src(struct
> rte_crypto_op *op, IMB_JOB *job,
>   *
>   * @return
>   * - 0 on success, the IMB_JOB will be filled
> - * - -1 if invalid session or errors allocationg SGL linear buffer,
> + * - -1 if invalid session or errors allocating SGL linear buffer,
>   *   IMB_JOB will not be filled
>   */
>  static inline int
> --
> 2.34.1

Acked-by: Brian Dooley

RE: [PATCH v2] app/test-crypto-perf: add throughput OOP decryption

2024-07-19 Thread Dooley, Brian

Hi Suanming,

This change looks ok to me.

> -Original Message-
> From: Akhil Goyal 
> Sent: Thursday, July 18, 2024 8:57 PM
> To: Suanming Mou ; Dooley, Brian
> ; Mcnamara, John ; Ji,
> Kai ; Kusztal, ArkadiuszX 
> Cc: dev@dpdk.org
> Subject: RE: [PATCH v2] app/test-crypto-perf: add throughput OOP
> decryption
> 
> > Hi Brian,
> >
> > Since Ciara is no longer available and you are the new maintainer, can
> > you investigate this patch?
> > There were some concerns which Ciara highlighted. Can you check?
> >
> 
> Any update on this patch?
> 
> 
> > > > Subject: [PATCH v2] app/test-crypto-perf: add throughput OOP
> > > > decryption
> > > >
> > > > During throughput running, re-filling the test data will impact
> > > > the performance test result. So for now, to run decrypt throughput
> > > > testing is not supported
> > since
> > > > the test data is not filled.
> > > >
> > > > But if user requires OOP(out-of-place) mode, the test data from
> > > > source mbuf
> > > will
> > > > never be modified, and if the test data can be prepared out of the
> > > > running
> > loop,
> > > > the decryption test should be fine.
> > > >
> > > > This commit adds the support of out-of-place decryption testing
> > > > for
> > throughput.
> > > >
> > > > [1]:
> > > > https://urldefense.proofpoint.com/v2/url?u=http-
> > > 3A__mails.dpdk.org_archives_dev_2023-
> > >
> >
> 2DJuly_273328.html&d=DwIFAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=DnL7Si2
> wl_P
> > > RwpZ9TWey3eu68gBzn7DkPwuqhd6WNyo&m=eTj0O7iYH-
> > > xiTQ6dNUZpsOXPqnyC1O_-
> > >
> _IKt0j_yQ_N__vy0wIBLb_QyMQtodUrr&s=eDz_NLjqkUH2cYMilKEtdWImOPj
> 5f-
> > > CVKV5UW8P9frk&e=
> > > >
> > > > Signed-off-by: Suanming Mou 
> > > > ---
> > > >  app/test-crypto-perf/cperf_ops.c |  5 ++-
> > > >  app/test-crypto-perf/cperf_options_parsing.c |  8 +
> > > > app/test-crypto- perf/cperf_test_throughput.c | 34
> > > > +---
> > > >  3 files changed, 41 insertions(+), 6 deletions(-)
> > > >
> > > > diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-
> > > perf/cperf_ops.c
> > > > index d3fd115bc0..714616c697 100644
> > > > --- a/app/test-crypto-perf/cperf_ops.c
> > > > +++ b/app/test-crypto-perf/cperf_ops.c
> > > > @@ -644,7 +644,10 @@ cperf_set_ops_aead(struct rte_crypto_op
> **ops,
> > > > }
> > > >
> > > > if ((options->test == CPERF_TEST_TYPE_VERIFY) ||
> > > > -   (options->test == CPERF_TEST_TYPE_LATENCY)) {
> > > > +   (options->test == CPERF_TEST_TYPE_LATENCY) ||
> > > > +   (options->test == CPERF_TEST_TYPE_THROUGHPUT &&
> > > > +(options->aead_op == RTE_CRYPTO_AEAD_OP_DECRYPT ||
> > > > + options->cipher_op == RTE_CRYPTO_CIPHER_OP_DECRYPT))) {
> > > > for (i = 0; i < nb_ops; i++) {
> > > > uint8_t *iv_ptr = 
> > > > rte_crypto_op_ctod_offset(ops[i],
> > > > uint8_t *, iv_offset);
> > > > diff --git a/app/test-crypto-perf/cperf_options_parsing.c
> > > > b/app/test-crypto- perf/cperf_options_parsing.c index
> > > > 8c20974273..90526e676f 100644
> > > > --- a/app/test-crypto-perf/cperf_options_parsing.c
> > > > +++ b/app/test-crypto-perf/cperf_options_parsing.c
> > > > @@ -1341,6 +1341,14 @@ cperf_options_check(struct cperf_options
> > > > *options)
> > > > }
> > > > }
> > > >
> > > > +   if (options->test == CPERF_TEST_TYPE_THROUGHPUT &&
> > > > +   (options->aead_op == RTE_CRYPTO_AEAD_OP_DECRYPT ||
> > > > +options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) &&
> > > > +   !options->out_of_place) {
> > > > +   RTE_LOG(ERR, USER1, "Only out-of-place is allowed in
> > > > throughput decryption.\n");
> > > > +   return -EINVAL;
> > > > +   }
> > >
> > > Not totally following some of this, why do we only want to add this
> > > for OOP mode?
> >

RE: [v1, 10/10] examples/fips_validation: add extra space in JSON buffer

2023-02-27 Thread Dooley, Brian

Hi Gowrishankar,

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph ; jer...@marvell.com; Akhil Goyal
> ; Dooley, Brian ; Gowrishankar
> Muthukrishnan 
> Subject: [v1, 10/10] examples/fips_validation: add extra space in JSON buffer
> 
> Current test buffer to copy input data of maximum possible length did not
> account NULL character, due to which a last input character is always ignored
> and it causes tests like RSA SIGVER for modulo of 4096 bits to fail. This 
> patch
> fixes it.
> 
> Fixes: 0b65d54f3a4 ("examples/fips_validation: fix JSON buffer size")
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  examples/fips_validation/fips_validation.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/examples/fips_validation/fips_validation.h
> b/examples/fips_validation/fips_validation.h
> index c4988053c1..abc1d64742 100644
> --- a/examples/fips_validation/fips_validation.h
> +++ b/examples/fips_validation/fips_validation.h
> @@ -247,7 +247,7 @@ struct ecdsa_interim_data {
>   * Esp, in asym op, modulo bits decide char buffer size.
>   * max = (modulo / 4)
>   */
> -#define FIPS_TEST_JSON_BUF_LEN (4096 / 4)
> +#define FIPS_TEST_JSON_BUF_LEN ((4096 / 4) + 1)
> 
>  struct fips_test_json_info {
>   /* Information used for reading from json */
> --
> 2.25.1

Acked-by: Brian Dooley

RE: [v1, 09/10] examples/fips_validation: fix AES XTS to read seq number

2023-02-27 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph ; jer...@marvell.com; Akhil Goyal
> ; Dooley, Brian ;
> Gowrishankar Muthukrishnan 
> Subject: [v1, 09/10] examples/fips_validation: fix AES XTS to read seq
> number
> 
> Fix AES XTS test to read sequence number correctly.
> 
> Fixes: f8e431ed8f6 ("examples/fips_validation: add parsing for AES-XTS")
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  examples/fips_validation/fips_validation_xts.c | 13 +
>  1 file changed, 9 insertions(+), 4 deletions(-)
> 
> diff --git a/examples/fips_validation/fips_validation_xts.c
> b/examples/fips_validation/fips_validation_xts.c
> index 531e3c688e..530df78ab4 100644
> --- a/examples/fips_validation/fips_validation_xts.c
> +++ b/examples/fips_validation/fips_validation_xts.c
> @@ -34,6 +34,7 @@
>  #define DATAUNITLEN_JSON_STR "dataUnitLen"
>  #define PAYLOADLEN_JSON_STR  "payloadLen"
>  #define TWEAKVALUE_JSON_STR  "tweakValue"
> +#define SEQNUMBER_JSON_STR   "sequenceNumber"
>  #define PT_JSON_STR  "pt"
>  #define CT_JSON_STR  "ct"
> 
> @@ -95,14 +96,17 @@ parser_xts_read_keylen(const char *key, char *src,
> struct fips_val *val)  static int  parser_xts_read_tweakval(const char *key,
> char *src, struct fips_val *val)  {
> + char num_str[4] = {0};
>   int ret;
> 
> - if (info.interim_info.xts_data.tweak_mode ==
> XTS_TWEAK_MODE_HEX)
> + if (info.interim_info.xts_data.tweak_mode ==
> XTS_TWEAK_MODE_HEX) {
>   ret = parse_uint8_hex_str(key, src, val);
> - else if (info.interim_info.xts_data.tweak_mode ==
> XTS_TWEAK_MODE_NUMBER)
> - ret = parser_read_uint32_bit_val(key, src, val);
> - else
> + } else if (info.interim_info.xts_data.tweak_mode ==
> XTS_TWEAK_MODE_NUMBER) {
> + snprintf(num_str, RTE_DIM(num_str), "%x", atoi(src));
> + ret = parse_uint8_hex_str(key, num_str, val);
> + } else {
>   ret = -1;
> + }
> 
>   return ret;
>  }
> @@ -122,6 +126,7 @@ struct fips_test_callback xts_interim_json_vectors[] =
> {  struct fips_test_callback xts_enc_json_vectors[] = {
>   {KEY_JSON_STR, parse_uint8_known_len_hex_str,
> &vec.cipher_auth.key},
>   {TWEAKVALUE_JSON_STR, parser_xts_read_tweakval,
> &vec.iv},
> + {SEQNUMBER_JSON_STR, parser_xts_read_tweakval,
> &vec.iv},
>   {PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
>   {NULL, NULL, NULL} /**< end pointer */  };
> --
> 2.25.1

Acked-by: Brian Dooley

RE: [v1, 08/10] examples/fips_validation: fix AES GCM validation tests

2023-02-27 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph ; jer...@marvell.com; Akhil Goyal
> ; Dooley, Brian ;
> Gowrishankar Muthukrishnan 
> Subject: [v1, 08/10] examples/fips_validation: fix AES GCM validation tests
> 
> AES GCM validation tests fail in FIPS validation due to incorrect fields
> populated in response file. This patch fixes them.
> 
> Fixes: 5b540bebac8e ("examples/fips_validation: fix GMAC decryption
> output")
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  examples/fips_validation/fips_validation_gcm.c | 12 +---
>  1 file changed, 5 insertions(+), 7 deletions(-)
> 
> diff --git a/examples/fips_validation/fips_validation_gcm.c
> b/examples/fips_validation/fips_validation_gcm.c
> index a80d8b3e4d..bf08d1b995 100644
> --- a/examples/fips_validation/fips_validation_gcm.c
> +++ b/examples/fips_validation/fips_validation_gcm.c
> @@ -79,7 +79,7 @@ parser_read_gcm_pt_len(const char *key, char *src,
>   if (ret < 0)
>   return ret;
> 
> - if (vec.pt.len == 0) {
> + if (info.algo == FIPS_TEST_ALGO_AES_GMAC && vec.pt.len == 0) {
>   info.interim_info.gcm_data.is_gmac = 1;
>   test_ops.prepare_sym_op = prepare_auth_op;
>   test_ops.prepare_sym_xform = prepare_gmac_xform; @@ -
> 296,6 +296,7 @@ parse_test_gcm_json_writeback(struct fips_val *val)
>   tmp_val.val = val->val;
>   tmp_val.len = vec.pt.len;
> 
> + info.one_line_text[0] = '\0';
>   writeback_hex_str("", info.one_line_text,
> &tmp_val);
>   ct = json_string(info.one_line_text);
>   json_object_set_new(json_info.json_write_case,
> CT_JSON_STR, ct); @@ -326,6 +327,7 @@
> parse_test_gcm_json_writeback(struct fips_val *val)
>   tmp_val.val = val->val;
>   tmp_val.len = vec.pt.len;
> 
> + info.one_line_text[0] = '\0';
>   writeback_hex_str("", info.one_line_text,
> &tmp_val);
> 
>   json_object_set_new(json_info.json_write_case, PT_JSON_STR,
>   json_string(info.one_line_text));
> @@ -334,12 +336,8 @@ parse_test_gcm_json_writeback(struct fips_val
> *val)
>   json_true());
>   }
>   } else {
> - if (!info.interim_info.gcm_data.is_gmac)
> -
>   json_object_set_new(json_info.json_write_case, PT_JSON_STR,
> - json_string(""));
> - else
> -
>   json_object_set_new(json_info.json_write_case, "testPassed",
> - json_false());
> + json_object_set_new(json_info.json_write_case,
> "testPassed",
> + json_false());
>   }
>   }
> 
> --
> 2.25.1

Acked-by: Brian Dooley

RE: [v1, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA test

2023-02-27 Thread Dooley, Brian




> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph ; jer...@marvell.com; Akhil Goyal
> ; Dooley, Brian ;
> Gowrishankar Muthukrishnan 
> Subject: [v1, 07/10] examples/fips_validation: add SHA3 algorithms in ECDSA
> test
> 
> Add SHA3 algorithms in ECDSA as supported.
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  examples/fips_validation/fips_validation_ecdsa.c | 4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/examples/fips_validation/fips_validation_ecdsa.c
> b/examples/fips_validation/fips_validation_ecdsa.c
> index 5c91abfc5a..aef722d147 100644
> --- a/examples/fips_validation/fips_validation_ecdsa.c
> +++ b/examples/fips_validation/fips_validation_ecdsa.c
> @@ -50,6 +50,10 @@ struct {
>   {RTE_CRYPTO_AUTH_SHA256, "SHA2-256"},
>   {RTE_CRYPTO_AUTH_SHA384, "SHA2-384"},
>   {RTE_CRYPTO_AUTH_SHA512, "SHA2-512"},
> + {RTE_CRYPTO_AUTH_SHA3_224, "SHA3-224"},
> + {RTE_CRYPTO_AUTH_SHA3_256, "SHA3-256"},
> + {RTE_CRYPTO_AUTH_SHA3_384, "SHA3-384"},
> + {RTE_CRYPTO_AUTH_SHA3_512, "SHA3-512"},
>  };
> 
>  struct {
> --
> 2.25.1

Acked-by: Brian Dooley

RE: [v1, 06/10] examples/fips_validation: add ECDSA keygen support

2023-02-27 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph ; jer...@marvell.com; Akhil Goyal
> ; Dooley, Brian ;
> Gowrishankar Muthukrishnan 
> Subject: [v1, 06/10] examples/fips_validation: add ECDSA keygen support
> 
> Add support to validate ECDSA keygen mode tests.
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  .../fips_validation/fips_validation_ecdsa.c   | 52 +++
>  examples/fips_validation/main.c   | 13 +
>  2 files changed, 65 insertions(+)
> 
> diff --git a/examples/fips_validation/fips_validation_ecdsa.c
> b/examples/fips_validation/fips_validation_ecdsa.c
> index d47ab0b5d1..5c91abfc5a 100644
> --- a/examples/fips_validation/fips_validation_ecdsa.c
> +++ b/examples/fips_validation/fips_validation_ecdsa.c
> @@ -295,6 +295,20 @@ parse_test_ecdsa_json_writeback(struct fips_val
> *val)
>   json_object_set_new(json_info.json_write_case,
> "testPassed", json_true());
>   else
>   json_object_set_new(json_info.json_write_case,
> "testPassed", json_false());
> + } else if (info.op == FIPS_TEST_ASYM_KEYGEN) {
> + json_t *obj;
> +
> + writeback_hex_str("", info.one_line_text, &vec.ecdsa.pkey);
> + obj = json_string(info.one_line_text);
> + json_object_set_new(json_info.json_write_case, "d", obj);
> +
> + writeback_hex_str("", info.one_line_text, &vec.ecdsa.qx);
> + obj = json_string(info.one_line_text);
> + json_object_set_new(json_info.json_write_case, "qx", obj);
> +
> + writeback_hex_str("", info.one_line_text, &vec.ecdsa.qy);
> + obj = json_string(info.one_line_text);
> + json_object_set_new(json_info.json_write_case, "qy", obj);
>   }
> 
>   return 0;
> @@ -367,6 +381,36 @@ parse_siggen_message_str(const char *key, char
> *src, struct fips_val *val)
>   return ret;
>  }
> 
> +static int
> +parse_keygen_tc_str(const char *key, char *src, struct fips_val *val) {
> + RTE_SET_USED(key);
> + RTE_SET_USED(src);
> + RTE_SET_USED(val);
> +
> + if (info.op == FIPS_TEST_ASYM_KEYGEN) {
> + if (vec.ecdsa.pkey.val) {
> + rte_free(vec.ecdsa.pkey.val);
> + vec.ecdsa.pkey.val = NULL;
> + }
> +
> + if (vec.ecdsa.k.val) {
> + rte_free(vec.ecdsa.k.val);
> + vec.ecdsa.k.val = NULL;
> + }
> +
> + if (prepare_vec_ecdsa() < 0)
> + return -1;
> +
> + if (prepare_vec_ecdsa_k() < 0)
> + return -1;
> +
> + info.interim_info.ecdsa_data.pubkey_gen = 1;
> + }
> +
> + return 0;
> +}
> +
>  static int
>  parse_sigver_randomvalue_str(const char *key, char *src, struct fips_val
> *val)  { @@ -402,6 +446,11 @@ struct fips_test_callback
> ecdsa_sigver_json_vectors[] = {
>   {NULL, NULL, NULL} /**< end pointer */  };
> 
> +struct fips_test_callback ecdsa_keygen_json_vectors[] = {
> + {"tcId", parse_keygen_tc_str, &vec.pt},
> + {NULL, NULL, NULL} /**< end pointer */ };
> +
>  int
>  parse_test_ecdsa_json_init(void)
>  {
> @@ -421,6 +470,9 @@ parse_test_ecdsa_json_init(void)
>   } else if (strcmp(mode_str, "sigVer") == 0) {
>   info.op = FIPS_TEST_ASYM_SIGVER;
>   info.callbacks = ecdsa_sigver_json_vectors;
> + } else if (strcmp(mode_str, "keyGen") == 0) {
> + info.op = FIPS_TEST_ASYM_KEYGEN;
> + info.callbacks = ecdsa_keygen_json_vectors;
>   } else {
>   return -EINVAL;
>   }
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c index 1974dc959b..97190902aa 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -1758,6 +1758,19 @@ fips_run_test(void)
> 
>   env.op = env.sym.op;
>   if (env.is_asym_test) {
> + if (info.op == FIPS_TEST_ASYM_KEYGEN &&
> + info.algo == FIPS_TEST_ALGO_ECDSA) {
> + env.op = env.asym.op;
> + test_ops.prepare_asym_xform =
> prepare_ecfpm_xform;
> + test_ops.prepare_asym_op = prepare_ecfpm_op;
> + ret = fips_run_asym_test();
> + if (ret < 0)
> + return ret;
> +
> + info.interim_info.ecdsa_data.pubkey_gen = 0;
> + return ret;
> + }
> +
>   vec.cipher_auth.digest.len = parse_test_sha_hash_size(
> 
>   info.interim_info.rsa_data.auth);
>   test_ops.prepare_sym_xform = prepare_sha_xform;
> --
> 2.25.1

Acked-by: Brian Dooley

RE: [v1, 05/10] examples/fips_validation: add CCM JSON validation

2023-02-27 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph ; jer...@marvell.com; Akhil Goyal
> ; Dooley, Brian ;
> Gowrishankar Muthukrishnan 
> Subject: [v1, 05/10] examples/fips_validation: add CCM JSON validation
> 
> Add support in fips_validation to parse CCM JSON vectors.
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  doc/guides/sample_app_ug/fips_validation.rst  |   1 +
>  examples/fips_validation/fips_validation.c|   2 +
>  examples/fips_validation/fips_validation.h|   3 +
>  .../fips_validation/fips_validation_ccm.c | 132 ++
>  examples/fips_validation/main.c   |   3 +
>  5 files changed, 141 insertions(+)
> 
> diff --git a/doc/guides/sample_app_ug/fips_validation.rst
> b/doc/guides/sample_app_ug/fips_validation.rst
> index 4fc8297b34..613c5afd19 100644
> --- a/doc/guides/sample_app_ug/fips_validation.rst
> +++ b/doc/guides/sample_app_ug/fips_validation.rst
> @@ -60,6 +60,7 @@ ACVP
>  * Supported test vectors
>  * AES-CBC (128,192,256) - AFT, MCT
>  * AES-GCM (128,192,256) - AFT
> +* AES-CCM (128,192,256) - AFT
>  * AES-CMAC (128,192,256) - AFT
>  * AES-CTR (128,192,256) - AFT, CTR
>  * AES-GMAC (128,192,256) - AFT
> diff --git a/examples/fips_validation/fips_validation.c
> b/examples/fips_validation/fips_validation.c
> index d3b6099d73..f840804009 100644
> --- a/examples/fips_validation/fips_validation.c
> +++ b/examples/fips_validation/fips_validation.c
> @@ -460,6 +460,8 @@ fips_test_parse_one_json_vector_set(void)
>   /* Vector sets contain the algorithm type, and nothing else we need.
> */
>   if (strstr(algo_str, "AES-GCM"))
>   info.algo = FIPS_TEST_ALGO_AES_GCM;
> + else if (strstr(algo_str, "AES-CCM"))
> + info.algo = FIPS_TEST_ALGO_AES_CCM;
>   else if (strstr(algo_str, "AES-GMAC"))
>   info.algo = FIPS_TEST_ALGO_AES_GMAC;
>   else if (strstr(algo_str, "HMAC"))
> diff --git a/examples/fips_validation/fips_validation.h
> b/examples/fips_validation/fips_validation.h
> index 8fcb5c8500..c4988053c1 100644
> --- a/examples/fips_validation/fips_validation.h
> +++ b/examples/fips_validation/fips_validation.h
> @@ -338,6 +338,9 @@ fips_test_parse_one_json_case(void);
>  int
>  parse_test_gcm_json_init(void);
> 
> +int
> +parse_test_ccm_json_init(void);
> +
>  int
>  parse_test_hmac_json_init(void);
> 
> diff --git a/examples/fips_validation/fips_validation_ccm.c
> b/examples/fips_validation/fips_validation_ccm.c
> index 632999c1e4..0e3ee0d247 100644
> --- a/examples/fips_validation/fips_validation_ccm.c
> +++ b/examples/fips_validation/fips_validation_ccm.c
> @@ -34,6 +34,18 @@
>  #define POS_KEYWORD  "Pass"
>  #define NEG_KEYWORD  "Fail"
> 
> +#define DIR_JSON_STR "direction"
> +#define IVLEN_JSON_STR   "ivLen"
> +#define PTLEN_JSON_STR   "payloadLen"
> +#define AADLEN_JSON_STR  "aadLen"
> +#define TAGLEN_JSON_STR  "tagLen"
> +#define KEYLEN_JSON_STR  "keyLen"
> +#define PT_JSON_STR  "pt"
> +#define CT_JSON_STR  "ct"
> +#define KEY_JSON_STR "key"
> +#define IV_JSON_STR  "iv"
> +#define AAD_JSON_STR "aad"
> +
>  static int
>  parser_dvpt_interim(const char *key, char *src, struct fips_val *val)  { @@ -
> 206,6 +218,126 @@ struct ccm_test_types {
>   FIPS_TEST_ENC_AUTH_GEN},
>  };
> 
> +#ifdef USE_JANSSON
> +static int
> +parser_read_ccm_direction_str(__rte_unused const char *key, char *src,
> + __rte_unused struct fips_val *val)
> +{
> + if (strcmp(src, "encrypt") == 0)
> + info.op = FIPS_TEST_ENC_AUTH_GEN;
> + else if (strcmp(src, "decrypt") == 0)
> + info.op = FIPS_TEST_DEC_AUTH_VERIF;
> +
> + return 0;
> +}
> +
> +static int
> +parser_read_ccm_aad_str(const char *key, char *src, struct fips_val
> +*val) {
> + struct fips_val tmp_val = {0};
> + uint32_t len = val->len;
> +
> + /* CCM aad requires 18 bytes padding before the real content */
> + val->val = rte_zmalloc(NULL, len + 18, 0);
> + if (!val->val)
> + return -1;
> +
> + if (parse_uint8_hex_str(key, src, &tmp_val) < 0)
> + return -1;
> +
> + memcpy(val->val + 18, tmp_val.val, val->len);
> + rte_free(tmp_val.val);
> +
> + return 0;
>

RE: [v1, 04/10] examples/fips_validation: add SHAKE validation

2023-02-27 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph ; jer...@marvell.com; Akhil Goyal
> ; Dooley, Brian ;
> Gowrishankar Muthukrishnan 
> Subject: [v1, 04/10] examples/fips_validation: add SHAKE validation
> 
> Add support in fips_validation to parse SHAKE algorithms.
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  doc/guides/sample_app_ug/fips_validation.rst  |  1 +
>  examples/fips_validation/fips_validation.h|  4 +-
>  .../fips_validation/fips_validation_sha.c | 63 -
>  examples/fips_validation/main.c   | 93 ++-
>  4 files changed, 154 insertions(+), 7 deletions(-)
> 
> diff --git a/doc/guides/sample_app_ug/fips_validation.rst
> b/doc/guides/sample_app_ug/fips_validation.rst
> index 55837895fe..4fc8297b34 100644
> --- a/doc/guides/sample_app_ug/fips_validation.rst
> +++ b/doc/guides/sample_app_ug/fips_validation.rst
> @@ -67,6 +67,7 @@ ACVP
>  * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256,
> SHA3_384, SHA3_512)
>  * SHA (1, 224, 256, 384, 512) - AFT, MCT
>  * SHA3 (224, 256, 384, 512) - AFT, MCT
> +* SHAKE (128, 256) - AFT, MCT, VOT
>  * TDES-CBC - AFT, MCT
>  * TDES-ECB - AFT, MCT
>  * RSA
> diff --git a/examples/fips_validation/fips_validation.h
> b/examples/fips_validation/fips_validation.h
> index 6c1bd35849..8fcb5c8500 100644
> --- a/examples/fips_validation/fips_validation.h
> +++ b/examples/fips_validation/fips_validation.h
> @@ -163,7 +163,8 @@ enum fips_ccm_test_types {  enum
> fips_sha_test_types {
>   SHA_KAT = 0,
>   SHA_AFT,
> - SHA_MCT
> + SHA_MCT,
> + SHAKE_VOT
>  };
> 
>  enum fips_rsa_test_types {
> @@ -205,6 +206,7 @@ struct sha_interim_data {
>   /* keep algo always on top as it is also used in asym digest */
>   enum rte_crypto_auth_algorithm algo;
>   enum fips_sha_test_types test_type;
> + uint8_t min_outlen;
>   uint8_t md_blocks;
>  };
> 
> diff --git a/examples/fips_validation/fips_validation_sha.c
> b/examples/fips_validation/fips_validation_sha.c
> index 8b68f5ed36..7ce7d3744f 100644
> --- a/examples/fips_validation/fips_validation_sha.c
> +++ b/examples/fips_validation/fips_validation_sha.c
> @@ -22,6 +22,9 @@
>  #define TESTTYPE_JSON_STR"testType"
> 
>  #define PT_JSON_STR  "msg"
> +#define OUTLEN_JSON_STR  "outLen"
> +#define MINOUTLEN_JSON_STR   "minOutLen"
> +#define MAXOUTLEN_JSON_STR   "maxOutLen"
> 
>  struct plain_hash_size_conversion {
>   const char *str;
> @@ -36,6 +39,8 @@ struct plain_hash_size_conversion {
>   {"32", RTE_CRYPTO_AUTH_SHA3_256},
>   {"48", RTE_CRYPTO_AUTH_SHA3_384},
>   {"64", RTE_CRYPTO_AUTH_SHA3_512},
> + {"16", RTE_CRYPTO_AUTH_SHAKE_128},
> + {"32", RTE_CRYPTO_AUTH_SHAKE_256},
>  };
> 
>  int
> @@ -89,12 +94,26 @@ struct fips_test_callback sha_tests_interim_vectors[]
> = {  };
> 
>  #ifdef USE_JANSSON
> +static int
> +parse_interim_str(const char *key, char *src, struct fips_val *val) {
> + RTE_SET_USED(val);
> +
> + if (strcmp(key, MINOUTLEN_JSON_STR) == 0)
> + info.interim_info.sha_data.min_outlen = atoi(src) / 8;
> + else if (strcmp(key, MAXOUTLEN_JSON_STR) == 0)
> + vec.cipher_auth.digest.len = atoi(src) / 8;
> +
> + return 0;
> +}
> +
>  static struct {
>   uint32_t type;
>   const char *desc;
>  } sha_test_types[] = {
>   {SHA_MCT, "MCT"},
>   {SHA_AFT, "AFT"},
> + {SHAKE_VOT, "VOT"},
>  };
> 
>  static struct plain_hash_algorithms {
> @@ -111,10 +130,19 @@ static struct plain_hash_algorithms {
>   {"SHA3-256", RTE_CRYPTO_AUTH_SHA3_256, 1},
>   {"SHA3-384", RTE_CRYPTO_AUTH_SHA3_384, 1},
>   {"SHA3-512", RTE_CRYPTO_AUTH_SHA3_512, 1},
> + {"SHAKE-128", RTE_CRYPTO_AUTH_SHAKE_128, 1},
> + {"SHAKE-256", RTE_CRYPTO_AUTH_SHAKE_256, 1},
>  };
> 
>  struct fips_test_callback sha_tests_json_vectors[] = {
>   {PT_JSON_STR, parse_uint8_hex_str, &vec.pt},
> + {OUTLEN_JSON_STR, parser_read_uint32_bit_val,
> &vec.cipher_auth.digest},
> + {NULL, NULL, NULL} /**< end pointer */ };
> +
> +struct fips_test_callback sha_tests_interim_json_vectors[] = {
> + {MINOUTLEN_JSON_STR, parse_interim_str, NULL},
> +

RE: [v1, 03/10] examples/fips_validation: fix integer parse in test case

2023-02-27 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph ; jer...@marvell.com; Akhil Goyal
> ; Dooley, Brian ;
> Gowrishankar Muthukrishnan 
> Subject: [v1, 03/10] examples/fips_validation: fix integer parse in test case
> 
> Parsing integer value in test case vector does not store it because only 
> string
> was expected. This patch adds handling for integer value as well.
> 
> Fixes: 58cc98801eb ("examples/fips_validation: add JSON parsing")
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  examples/fips_validation/fips_validation.c | 29 --
>  1 file changed, 21 insertions(+), 8 deletions(-)
> 
> diff --git a/examples/fips_validation/fips_validation.c
> b/examples/fips_validation/fips_validation.c
> index f7a6d821ea..d3b6099d73 100644
> --- a/examples/fips_validation/fips_validation.c
> +++ b/examples/fips_validation/fips_validation.c
> @@ -543,15 +543,28 @@ fips_test_parse_one_json_case(void)
> 
>   for (i = 0; info.callbacks[i].key != NULL; i++) {
>   param = json_object_get(json_info.json_test_case,
> info.callbacks[i].key);
> - if (param) {
> - strcpy(info.one_line_text,
> json_string_value(param));
> - ret = info.callbacks[i].cb(
> - info.callbacks[i].key, info.one_line_text,
> - info.callbacks[i].val
> - );
> - if (ret < 0)
> - return ret;
> + if (!param)
> + continue;
> +
> + switch (json_typeof(param)) {
> + case JSON_STRING:
> + snprintf(info.one_line_text, MAX_LINE_CHAR, "%s",
> +  json_string_value(param));
> + break;
> +
> + case JSON_INTEGER:
> + snprintf(info.one_line_text, MAX_LINE_CHAR,
> "%"JSON_INTEGER_FORMAT,
> +  json_integer_value(param));
> + break;
> +
> + default:
> + return -EINVAL;
>   }
> +
> + ret = info.callbacks[i].cb(info.callbacks[i].key,
> info.one_line_text,
> + info.callbacks[i].val);
> + if (ret < 0)
> + return ret;
>   }
> 
>   return 0;
> --
> 2.25.1

Acked-by: Brian Dooley

RE: [v1, 02/10] examples/fips_validation: add SHA3 validation

2023-02-27 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph ; jer...@marvell.com; Akhil Goyal
> ; Dooley, Brian ;
> Gowrishankar Muthukrishnan 
> Subject: [v1, 02/10] examples/fips_validation: add SHA3 validation
> 
> Add support in fips_validation to parse SHA3 algorithms.
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  doc/guides/sample_app_ug/fips_validation.rst  |  5 +-
>  examples/fips_validation/fips_validation.h|  1 +
>  .../fips_validation/fips_validation_hmac.c|  8 ++
>  .../fips_validation/fips_validation_sha.c | 20 +++--
>  examples/fips_validation/main.c   | 76 +--
>  5 files changed, 61 insertions(+), 49 deletions(-)
> 
> diff --git a/doc/guides/sample_app_ug/fips_validation.rst
> b/doc/guides/sample_app_ug/fips_validation.rst
> index 50d23c789b..55837895fe 100644
> --- a/doc/guides/sample_app_ug/fips_validation.rst
> +++ b/doc/guides/sample_app_ug/fips_validation.rst
> @@ -64,8 +64,9 @@ ACVP
>  * AES-CTR (128,192,256) - AFT, CTR
>  * AES-GMAC (128,192,256) - AFT
>  * AES-XTS (128,256) - AFT
> -* HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
> -* SHA (1, 256, 384, 512) - AFT, MCT
> +* HMAC (SHA1, SHA224, SHA256, SHA384, SHA512, SHA3_224, SHA3_256,
> SHA3_384, SHA3_512)
> +* SHA (1, 224, 256, 384, 512) - AFT, MCT
> +* SHA3 (224, 256, 384, 512) - AFT, MCT
>  * TDES-CBC - AFT, MCT
>  * TDES-ECB - AFT, MCT
>  * RSA
> diff --git a/examples/fips_validation/fips_validation.h
> b/examples/fips_validation/fips_validation.h
> index 565a5cd36e..6c1bd35849 100644
> --- a/examples/fips_validation/fips_validation.h
> +++ b/examples/fips_validation/fips_validation.h
> @@ -205,6 +205,7 @@ struct sha_interim_data {
>   /* keep algo always on top as it is also used in asym digest */
>   enum rte_crypto_auth_algorithm algo;
>   enum fips_sha_test_types test_type;
> + uint8_t md_blocks;
>  };
> 
>  struct gcm_interim_data {
> diff --git a/examples/fips_validation/fips_validation_hmac.c
> b/examples/fips_validation/fips_validation_hmac.c
> index e0721ef028..f1cbc18435 100644
> --- a/examples/fips_validation/fips_validation_hmac.c
> +++ b/examples/fips_validation/fips_validation_hmac.c
> @@ -37,6 +37,10 @@ struct hash_size_conversion {
>   {"32", RTE_CRYPTO_AUTH_SHA256_HMAC},
>   {"48", RTE_CRYPTO_AUTH_SHA384_HMAC},
>   {"64", RTE_CRYPTO_AUTH_SHA512_HMAC},
> + {"28", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
> + {"32", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
> + {"48", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
> + {"64", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
>  };
> 
>  static int
> @@ -81,6 +85,10 @@ struct hash_size_conversion json_algorithms[] = {
>   {"HMAC-SHA2-256", RTE_CRYPTO_AUTH_SHA256_HMAC},
>   {"HMAC-SHA2-384", RTE_CRYPTO_AUTH_SHA384_HMAC},
>   {"HMAC-SHA2-512", RTE_CRYPTO_AUTH_SHA512_HMAC},
> + {"HMAC-SHA3-224", RTE_CRYPTO_AUTH_SHA3_224_HMAC},
> + {"HMAC-SHA3-256", RTE_CRYPTO_AUTH_SHA3_256_HMAC},
> + {"HMAC-SHA3-384", RTE_CRYPTO_AUTH_SHA3_384_HMAC},
> + {"HMAC-SHA3-512", RTE_CRYPTO_AUTH_SHA3_512_HMAC},
>  };
> 
>  struct fips_test_callback hmac_tests_json_vectors[] = { diff --git
> a/examples/fips_validation/fips_validation_sha.c
> b/examples/fips_validation/fips_validation_sha.c
> index 178ea492d3..8b68f5ed36 100644
> --- a/examples/fips_validation/fips_validation_sha.c
> +++ b/examples/fips_validation/fips_validation_sha.c
> @@ -32,6 +32,10 @@ struct plain_hash_size_conversion {
>   {"32", RTE_CRYPTO_AUTH_SHA256},
>   {"48", RTE_CRYPTO_AUTH_SHA384},
>   {"64", RTE_CRYPTO_AUTH_SHA512},
> + {"28", RTE_CRYPTO_AUTH_SHA3_224},
> + {"32", RTE_CRYPTO_AUTH_SHA3_256},
> + {"48", RTE_CRYPTO_AUTH_SHA3_384},
> + {"64", RTE_CRYPTO_AUTH_SHA3_512},
>  };
> 
>  int
> @@ -96,12 +100,17 @@ static struct {
>  static struct plain_hash_algorithms {
>   const char *str;
>   enum rte_crypto_auth_algorithm algo;
> + uint8_t md_blocks;
>  } json_algorithms[] = {
> - {"SHA-1", RTE_CRYPTO_AUTH_SHA1},
> - {"SHA2-224", RTE_CRYPTO_AUTH_SHA224},
> - {"SHA2-256", RTE_CRYPTO_AUTH_SHA256},
> - {"SHA2-384",

RE: [v1, 01/10] examples/fips_validation: fix MCT output for SHA

2023-02-27 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph ; jer...@marvell.com; Akhil Goyal
> ; Dooley, Brian ;
> Gowrishankar Muthukrishnan 
> Subject: [v1, 01/10] examples/fips_validation: fix MCT output for SHA
> 
> MCT test for SHA need not print message string along with digest value.
> 
> Fixes: d5c247145c2 ("examples/fips_validation: add parsing for SHA")
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  examples/fips_validation/fips_validation_sha.c |  8 ++--
>  examples/fips_validation/main.c| 13 +
>  2 files changed, 7 insertions(+), 14 deletions(-)
> 
> diff --git a/examples/fips_validation/fips_validation_sha.c
> b/examples/fips_validation/fips_validation_sha.c
> index c5da2cc623..178ea492d3 100644
> --- a/examples/fips_validation/fips_validation_sha.c
> +++ b/examples/fips_validation/fips_validation_sha.c
> @@ -182,7 +182,7 @@ parse_test_sha_json_writeback(struct fips_val *val)
> static int  parse_test_sha_mct_json_writeback(struct fips_val *val)  {
> - json_t *tcId, *msg, *md, *resArr, *res;
> + json_t *tcId, *md, *resArr, *res;
>   struct fips_val val_local;
> 
>   tcId = json_object_get(json_info.json_test_case, "tcId"); @@ -
> 208,11 +208,7 @@ parse_test_sha_mct_json_writeback(struct fips_val *val)
> 
>   res = json_object();
> 
> - writeback_hex_str("", info.one_line_text, &val[1]);
> - msg = json_string(info.one_line_text);
> - json_object_set_new(res, "msg", msg);
> -
> - val_local.val = val[0].val + vec.pt.len;
> + val_local.val = val->val + vec.pt.len;
>   val_local.len = vec.cipher_auth.digest.len;
> 
>   writeback_hex_str("", info.one_line_text, &val_local); diff --git
> a/examples/fips_validation/main.c b/examples/fips_validation/main.c index
> 622f8b5a6e..cc585e8418 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -2268,8 +2268,7 @@ fips_mct_sha_test(void)
>  #define SHA_EXTERN_ITER  100
>  #define SHA_INTERN_ITER  1000
>  #define SHA_MD_BLOCK 3
> - /* val[0] is op result and other value is for parse_writeback callback
> */
> - struct fips_val val[2] = {{NULL, 0},};
> + struct fips_val val = {NULL, 0};
>   struct fips_val  md[SHA_MD_BLOCK], msg;
>   int ret;
>   uint32_t i, j;
> @@ -2328,7 +2327,7 @@ fips_mct_sha_test(void)
>   return ret;
>   }
> 
> - ret = get_writeback_data(&val[0]);
> + ret = get_writeback_data(&val);
>   if (ret < 0)
>   return ret;
> 
> @@ -2337,7 +2336,7 @@ fips_mct_sha_test(void)
>   memcpy(md[1].val, md[2].val, md[2].len);
>   md[1].len = md[2].len;
> 
> - memcpy(md[2].val, (val[0].val + vec.pt.len),
> + memcpy(md[2].val, (val.val + vec.pt.len),
>   vec.cipher_auth.digest.len);
>   md[2].len = vec.cipher_auth.digest.len;
>   }
> @@ -2348,9 +2347,7 @@ fips_mct_sha_test(void)
>   if (info.file_type != FIPS_TYPE_JSON)
>   fprintf(info.fp_wr, "COUNT = %u\n", j);
> 
> - val[1].val = msg.val;
> - val[1].len = msg.len;
> - info.parse_writeback(val);
> + info.parse_writeback(&val);
> 
>   if (info.file_type != FIPS_TYPE_JSON)
>   fprintf(info.fp_wr, "\n");
> @@ -2361,7 +2358,7 @@ fips_mct_sha_test(void)
> 
>   rte_free(vec.pt.val);
> 
> - free(val[0].val);
> + free(val.val);
>   free(msg.val);
> 
>   return 0;
> --
> 2.25.1

Acked-by: Brian Dooley

RE: [v1, 00/10] fips_validation application improvements

2023-02-27 Thread Dooley, Brian

Hi Gowrishankar,

Looks good to me.

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Monday 6 February 2023 14:46
> To: dev@dpdk.org
> Cc: Anoob Joseph ; jer...@marvell.com; Akhil Goyal
> ; Dooley, Brian ;
> Gowrishankar Muthukrishnan 
> Subject: [v1, 00/10] fips_validation application improvements
> 
> This patch series adds support for SHA3, SHAKE, AES-CCM JSON test vectors
> and fixes existing algorithms to support NIST test vectors.
> 
> Gowrishankar Muthukrishnan (10):
>   examples/fips_validation: fix MCT output for SHA
>   examples/fips_validation: add SHA3 validation
>   examples/fips_validation: fix integer parse in test case
>   examples/fips_validation: add SHAKE validation
>   examples/fips_validation: add CCM JSON validation
>   examples/fips_validation: add ECDSA keygen support
>   examples/fips_validation: add SHA3 algorithms in ECDSA test
>   examples/fips_validation: fix AES GCM validation tests
>   examples/fips_validation: fix AES XTS to read seq number
>   examples/fips_validation: add extra space in JSON buffer
> 
>  doc/guides/sample_app_ug/fips_validation.rst  |   7 +-
>  examples/fips_validation/fips_validation.c|  31 ++-
>  examples/fips_validation/fips_validation.h|  10 +-
>  .../fips_validation/fips_validation_ccm.c | 132 
>  .../fips_validation/fips_validation_ecdsa.c   |  56 +
>  .../fips_validation/fips_validation_gcm.c |  12 +-
>  .../fips_validation/fips_validation_hmac.c|   8 +
>  .../fips_validation/fips_validation_sha.c |  91 ++--
>  .../fips_validation/fips_validation_xts.c |  13 +-
>  examples/fips_validation/main.c   | 196 +-
>  10 files changed, 467 insertions(+), 89 deletions(-)
> 
> --
> 2.25.1

Series-acked-by: Brian Dooley

RE: [PATCH 0/5] test/crypto: add ZUC256 chained tests

2023-03-02 Thread Dooley, Brian

Hi Ciara,

> -Original Message-
> From: Ciara Power 
> Sent: Wednesday 1 March 2023 16:39
> Cc: dev@dpdk.org; Ji, Kai ; De Lara Guarch, Pablo
> ; Power, Ciara 
> Subject: [PATCH 0/5] test/crypto: add ZUC256 chained tests
> 
> This patchset adds chained testcases for each ZUC256 digest size:
>  - cipher-auth
>  - auth-cipher
>  - auth-cipher-verify
> 
>  To add these tests, some improvements were made to the existing code,
> allowing for the user to easily differentiate ZUC256 and ZUC128 tests.
> 
>  Some fixes are also included, that were highlighted when these new tests
> were added.
> 
> Ciara Power (5):
>   test/crypto: improve readability of ZUC256 tests
>   test/crypto: fix ZUC digest length in comparison
>   test/crypto: fix auth op parameter for ZUC256 tests
>   test/crypto: fix capability check for ZUC cipher auth
>   test/crypto: add chained ZUC256 testcases
> 
>  app/test/test_cryptodev.c  | 280 +---
>  app/test/test_cryptodev_zuc_test_vectors.h | 714
> +
>  2 files changed, 913 insertions(+), 81 deletions(-)
> 
> --
> 2.25.1

Series-acked-by: Brian Dooley

RE: [PATCH v4] crypto/ipsec_mb: unified IPsec MB interface

2024-02-29 Thread Dooley, Brian

Hi folks,

The introduction of a more unified IPsec MB library for DPDK is causing the 
snow3g tests to fail on ARM. Artifact here: 
https://lab.dpdk.org/results/dashboard/patchsets/29315/
PMDs using the direct API (KASUMI, CHACHA, ZUC, SNOW3G) will use the job API, 
from the AESNI MB PMD code.
We have come across a similar issue in the past that related to an offset issue 
as SNOW3G uses bits instead of bytes.
 
commit a501609ea6466ed8526c0dfadedee332a4d4a451
Author: Pablo de Lara pablo.de.lara.gua...@intel.com
Date:   Wed Feb 23 16:01:16 2022 +
 
crypto/ipsec_mb: fix length and offset settings
 
KASUMI, SNOW3G and ZUC require lengths and offsets to
be set in bits or bytes depending on the algorithm.
There were some algorithms that were mixing these two,
so this commit is fixing this issue. 
 
This bug only appeared recently when the ARM ipsec version was bumped to 1.4. 
It appears there could be a similar scenario happening now and this is a 
potential fix that needs to be made in the ARM IPsec-mb repo:
 
diff --git a/lib/aarch64/mb_mgr_snow3g_submit_flush_common_aarch64.h 
b/lib/aarch64/mb_mgr_snow3g_submit_flush_common_aarch64.h
index 13bca11b..de284ade 100644
--- a/lib/aarch64/mb_mgr_snow3g_submit_flush_common_aarch64.h
+++ b/lib/aarch64/mb_mgr_snow3g_submit_flush_common_aarch64.h
@@ -94,8 +94,8 @@ static void snow3g_mb_mgr_insert_uea2_job(MB_MGR_SNOW3G_OOO 
*state, IMB_JOB *job
 state->num_lanes_inuse++;
 state->args.iv[used_lane_idx] = job->iv;
 state->args.keys[used_lane_idx] = job->enc_keys;
-state->args.in[used_lane_idx] = job->src + 
job->cipher_start_src_offset_in_bytes;
-state->args.out[used_lane_idx] = job->dst;
+state->args.in[used_lane_idx] = job->src + 
(job->cipher_start_src_offset_in_bits / 8);
+state->args.out[used_lane_idx] = job->dst + 
(job->cipher_start_src_offset_in_bits / 8);
 state->args.byte_length[used_lane_idx] = job->msg_len_to_cipher_in_bits / 
8;
 state->args.INITIALIZED[used_lane_idx] = 0;
 state->lens[used_lane_idx] = job->msg_len_to_cipher_in_bits / 8;

Thanks,
Brian

> -Original Message-
> From: Dooley, Brian 
> Sent: Wednesday, February 28, 2024 11:33 AM
> To: Ji, Kai ; De Lara Guarch, Pablo
> 
> Cc: dev@dpdk.org; gak...@marvell.com; Dooley, Brian
> 
> Subject: [PATCH v4] crypto/ipsec_mb: unified IPsec MB interface
> 
> Currently IPsec MB provides both the JOB API and direct API.
> AESNI_MB PMD is using the JOB API codepath while ZUC, KASUMI, SNOW3G
> and CHACHA20_POLY1305 are using the direct API.
> Instead of using the direct API for these PMDs, they should now make
> use of the JOB API codepath. This would remove all use of the IPsec MB
> direct API for these PMDs.
> 
> Signed-off-by: Brian Dooley 
> ---
> v2:
> - Fix compilation failure
> v3:
> - Remove session configure pointer for each PMD
> v4:
> - Keep AES GCM PMD and fix extern issue
> ---
>  doc/guides/rel_notes/release_24_03.rst|   6 +
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c|  10 +-
>  drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h   |  15 +-
>  drivers/crypto/ipsec_mb/pmd_chacha_poly.c | 338 +--
>  .../crypto/ipsec_mb/pmd_chacha_poly_priv.h|  28 -
>  drivers/crypto/ipsec_mb/pmd_kasumi.c  | 410 +
>  drivers/crypto/ipsec_mb/pmd_kasumi_priv.h |  20 -
>  drivers/crypto/ipsec_mb/pmd_snow3g.c  | 543 +-
>  drivers/crypto/ipsec_mb/pmd_snow3g_priv.h |  21 -
>  drivers/crypto/ipsec_mb/pmd_zuc.c | 347 +--
>  drivers/crypto/ipsec_mb/pmd_zuc_priv.h|  20 -
>  11 files changed, 48 insertions(+), 1710 deletions(-)
>

RE: [PATCH v5 1/3] common/qat: isolate parser arguments configuration

2024-03-01 Thread Dooley, Brian

Hi Arek,

> -Original Message-
> From: Arkadiusz Kusztal 
> Sent: Friday, March 1, 2024 3:53 PM
> To: dev@dpdk.org
> Cc: gak...@marvell.com; Power, Ciara ; Kusztal,
> ArkadiuszX 
> Subject: [PATCH v5 1/3] common/qat: isolate parser arguments configuration
> 
> This commit isolates qat device arguments from the common code. Now
> arguments are defined per service, and only appear in the application if the
> service is compiled-in.
> 
> Depends-on: patch-137678 ("common/qat: add virtual qat device (vQAT)")
> 
> Signed-off-by: Arkadiusz Kusztal 
> ---
> v2:
> - added pmd isolation
> v3:
> - added fix for legacy flag
> v4:
> - fixed an issue with devargs segfault
> v5:
> - rebased against the newest changes in the pmd
> 
>  drivers/common/qat/qat_common.c |  11 +++
>  drivers/common/qat/qat_common.h |   3 +
>  drivers/common/qat/qat_device.c | 189 +++---
> --
>  drivers/common/qat/qat_device.h |  27 ++
>  drivers/compress/qat/qat_comp_pmd.c |  31 --
>  drivers/compress/qat/qat_comp_pmd.h |   3 +-
>  drivers/crypto/qat/qat_asym.c   |  38 +---
>  drivers/crypto/qat/qat_sym.c|  49 ++
>  8 files changed, 198 insertions(+), 153 deletions(-)
> 


Acked-by: Brian Dooley

RE: [PATCH v5 2/3] common/qat: decouple pmds from the common code

2024-03-01 Thread Dooley, Brian




> -Original Message-
> From: Arkadiusz Kusztal 
> Sent: Friday, March 1, 2024 3:53 PM
> To: dev@dpdk.org
> Cc: gak...@marvell.com; Power, Ciara ; Kusztal,
> ArkadiuszX 
> Subject: [PATCH v5 2/3] common/qat: decouple pmds from the common
> code
> 
> Service specific functions were moved to services files. Weak symbols for
> device create/destroy were removed, named private devs were replaced by an
> opaque array.
> 
> Signed-off-by: Arkadiusz Kusztal 
> ---
>  drivers/common/qat/qat_device.c | 112 ++-
> -
>  drivers/common/qat/qat_device.h |  47 ---
>  drivers/compress/qat/qat_comp_pmd.c |  34 +--
>  drivers/compress/qat/qat_comp_pmd.h |   7 ---
>  drivers/crypto/qat/qat_asym.c   |  20 ---
>  drivers/crypto/qat/qat_sym.c|  19 +++---
>  6 files changed, 83 insertions(+), 156 deletions(-)
> 


Acked-by: Brian Dooley

RE: [PATCH v5 3/3] common/qat: fix incorrectly placed legacy flag

2024-03-01 Thread Dooley, Brian




> -Original Message-
> From: Arkadiusz Kusztal 
> Sent: Friday, March 1, 2024 3:53 PM
> To: dev@dpdk.org
> Cc: gak...@marvell.com; Power, Ciara ; Kusztal,
> ArkadiuszX 
> Subject: [PATCH v5 3/3] common/qat: fix incorrectly placed legacy flag
> 
> This commit fixes a legacy flag, which was placed in a file that may not be
> included in a building process.
> 
> Fixes: cffb726b7797 ("crypto/qat: enable insecure algorithms")
> 
> Signed-off-by: Arkadiusz Kusztal 
> ---
>  drivers/common/qat/qat_device.c | 1 +
>  drivers/crypto/qat/qat_sym.c| 1 -
>  2 files changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/common/qat/qat_device.c
> b/drivers/common/qat/qat_device.c index a27252ea4d..500ca0f308 100644
> --- a/drivers/common/qat/qat_device.c
> +++ b/drivers/common/qat/qat_device.c
> @@ -31,6 +31,7 @@ struct qat_service qat_service[QAT_MAX_SERVICES];
>  /* per-process array of device data */
>  struct qat_device_info qat_pci_devs[RTE_PMD_QAT_MAX_PCI_DEVICES];
>  static int qat_nb_pci_devices;
> +int qat_legacy_capa;
> 
>  /*
>   * The set of PCI devices this driver supports diff --git
> a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c index
> efca8f3ba1..6c7b1724ef 100644
> --- a/drivers/crypto/qat/qat_sym.c
> +++ b/drivers/crypto/qat/qat_sym.c
> @@ -19,7 +19,6 @@
>  #include "qat_qp.h"
> 
>  uint8_t qat_sym_driver_id;
> -int qat_legacy_capa;
> 
>  #define SYM_ENQ_THRESHOLD_NAME "qat_sym_enq_threshold"
>  #define SYM_CIPHER_CRC_ENABLE_NAME "qat_sym_cipher_crc_enable"
> --
> 2.13.6

Acked-by: Brian Dooley

RE: [PATCH 2/2] maintainers: update for crypto performance

2024-05-08 Thread Dooley, Brian

Hi Ciara,

> -Original Message-
> From: Power, Ciara 
> Sent: Tuesday, May 7, 2024 12:18 PM
> To: dev@dpdk.org
> Cc: Richardson, Bruce ; Dooley, Brian
> ; gak...@marvell.com; tho...@monjalon.net;
> Power, Ciara 
> Subject: [PATCH 2/2] maintainers: update for crypto performance
> 
> Replacing myself as Crypto Perf App maintainer with Brian Dooley.
> 
> Signed-off-by: Ciara Power 
> ---
>  MAINTAINERS | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 7726e9e7a9..4e4197e178 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -1825,7 +1825,7 @@ F: app/test-compress-perf/
>  F: doc/guides/tools/comp_perf.rst
> 
>  Crypto performance test application
> -M: Ciara Power 
> +M: Brian Dooley 
>  T: git://dpdk.org/next/dpdk-next-crypto
>  F: app/test-crypto-perf/
>  F: doc/guides/tools/cryptoperf.rst
> --
> 2.25.1

Sorry to see you go!

Acked-by: Brian Dooley

Re: [PATCH v1] crypto/ipsec_mb: use new ipad/opad calculation API

2024-06-10 Thread Dooley, Brian

Recheck-request: iol-unit-amd64-testing


From: Dooley, Brian 
Sent: Wednesday, June 5, 2024 9:48 AM
To: Ji, Kai ; De Lara Guarch, Pablo 

Cc: dev@dpdk.org ; gak...@marvell.com ; 
Dooley, Brian 
Subject: [PATCH v1] crypto/ipsec_mb: use new ipad/opad calculation API

From: Pablo de Lara 

IPSec Multi-buffer library v1.4 added a new API to
calculate inner/outer padding for HMAC-SHAx/MD5.

Signed-off-by: Pablo de Lara 
Signed-off-by: Brian Dooley 
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 34 +-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c 
b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 69a546697b..b3fdea02ff 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -13,6 +13,7 @@ struct aesni_mb_op_buf_data {
 uint32_t offset;
 };

+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 /**
  * Calculate the authentication pre-computes
  *
@@ -55,6 +56,7 @@ calculate_auth_precomputes(hash_one_block_t one_block_hash,
 memset(ipad_buf, 0, blocksize);
 memset(opad_buf, 0, blocksize);
 }
+#endif

 static inline int
 is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode)
@@ -66,12 +68,14 @@ is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE 
cipher_mode)

 /** Set session authentication parameters */
 static int
-aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
+aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 struct aesni_mb_session *sess,
 const struct rte_crypto_sym_xform *xform)
 {
+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 hash_one_block_t hash_oneblock_fn = NULL;
 unsigned int key_larger_block_size = 0;
+#endif
 uint8_t hashed_key[HMAC_MAX_BLOCK_SIZE] = { 0 };
 uint32_t auth_precompute = 1;

@@ -267,18 +271,24 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR 
*mb_mgr,
 switch (xform->auth.algo) {
 case RTE_CRYPTO_AUTH_MD5_HMAC:
 sess->template_job.hash_alg = IMB_AUTH_MD5;
+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 hash_oneblock_fn = mb_mgr->md5_one_block;
+#endif
 break;
 case RTE_CRYPTO_AUTH_SHA1_HMAC:
 sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_1;
+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 hash_oneblock_fn = mb_mgr->sha1_one_block;
+#endif
 if (xform->auth.key.length > get_auth_algo_blocksize(
 IMB_AUTH_HMAC_SHA_1)) {
 IMB_SHA1(mb_mgr,
 xform->auth.key.data,
 xform->auth.key.length,
 hashed_key);
+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 key_larger_block_size = 1;
+#endif
 }
 break;
 case RTE_CRYPTO_AUTH_SHA1:
@@ -287,14 +297,18 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR 
*mb_mgr,
 break;
 case RTE_CRYPTO_AUTH_SHA224_HMAC:
 sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_224;
+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 hash_oneblock_fn = mb_mgr->sha224_one_block;
+#endif
 if (xform->auth.key.length > get_auth_algo_blocksize(
 IMB_AUTH_HMAC_SHA_224)) {
 IMB_SHA224(mb_mgr,
 xform->auth.key.data,
 xform->auth.key.length,
 hashed_key);
+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 key_larger_block_size = 1;
+#endif
 }
 break;
 case RTE_CRYPTO_AUTH_SHA224:
@@ -303,14 +317,18 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR 
*mb_mgr,
 break;
 case RTE_CRYPTO_AUTH_SHA256_HMAC:
 sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_256;
+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 hash_oneblock_fn = mb_mgr->sha256_one_block;
+#endif
 if (xform->auth.key.length > get_auth_algo_blocksize(
 IMB_AUTH_HMAC_SHA_256)) {
 IMB_SHA256(mb_mgr,
 xform->auth.key.data,
 xform->auth.key.length,
 hashed_key);
+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 key_larger_block_size = 1;
+#endif
 }
 break;
 case RTE_CRYPTO_AUTH_SHA256:
@@ -319,14 +337,18 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR 
*mb_mgr,
 break;
 case RTE_CRYPTO_AUTH_SHA384_HMAC:
 sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA

RE: [PATCH] app/test-crypto-perf: add shared session option

2024-06-12 Thread Dooley, Brian

Hi Jack,

> -Original Message-
> From: Jack Bond-Preston 
> Sent: Tuesday, June 4, 2024 3:55 PM
> To: Ciara Power 
> Cc: dev@dpdk.org; Wathsala Vithanage ; Paul
> Szczepanek 
> Subject: [PATCH] app/test-crypto-perf: add shared session option
> 
> Add the option to create one session for the PMD, and share it across all of 
> the
> queue pairs. This may help to discover/debug concurrency issues (both
> correctness and performance) that can occur when using this configuration.
> 
> Signed-off-by: Jack Bond-Preston 
> Reviewed-by: Wathsala Vithanage 
> Reviewed-by: Paul Szczepanek 
> ---
>  app/test-crypto-perf/cperf.h  |  3 ++-
>  app/test-crypto-perf/cperf_options.h  |  2 ++
>  app/test-crypto-perf/cperf_options_parsing.c  | 12 ++
>  app/test-crypto-perf/cperf_test_latency.c | 23 +--
>  app/test-crypto-perf/cperf_test_latency.h |  3 ++-
>  .../cperf_test_pmd_cyclecount.c   | 21 -
>  .../cperf_test_pmd_cyclecount.h   |  3 ++-
>  app/test-crypto-perf/cperf_test_throughput.c  | 21 -
> app/test-crypto-perf/cperf_test_throughput.h  |  3 ++-
>  app/test-crypto-perf/cperf_test_verify.c  | 21 -
>  app/test-crypto-perf/cperf_test_verify.h  |  3 ++-
>  app/test-crypto-perf/main.c   | 23 +--
>  12 files changed, 106 insertions(+), 32 deletions(-)
> 
> diff --git a/app/test-crypto-perf/cperf.h b/app/test-crypto-perf/cperf.h index
> db58228dce..06df5d88ad 100644
> --- a/app/test-crypto-perf/cperf.h
> +++ b/app/test-crypto-perf/cperf.h
> @@ -19,7 +19,8 @@ typedef void  *(*cperf_constructor_t)(
>   uint16_t qp_id,
>   const struct cperf_options *options,
>   const struct cperf_test_vector *t_vec,
> - const struct cperf_op_fns *op_fns);
> + const struct cperf_op_fns *op_fns,
> + void **sess);
> 
>  typedef int (*cperf_runner_t)(void *test_ctx);  typedef void
> (*cperf_destructor_t)(void *test_ctx); diff --git a/app/test-crypto-
> perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
> index be36c70be1..69312a8f7f 100644
> --- a/app/test-crypto-perf/cperf_options.h
> +++ b/app/test-crypto-perf/cperf_options.h
> @@ -27,6 +27,7 @@
>  #define CPERF_DEVTYPE("devtype")
>  #define CPERF_OPTYPE ("optype")
>  #define CPERF_SESSIONLESS("sessionless")
> +#define CPERF_SHARED_SESSION ("shared-session")
>  #define CPERF_OUT_OF_PLACE   ("out-of-place")
>  #define CPERF_TEST_FILE  ("test-file")
>  #define CPERF_TEST_NAME  ("test-name")
> @@ -104,6 +105,7 @@ struct cperf_options {
>   uint16_t nb_qps;
> 
>   uint32_t sessionless:1;
> + uint32_t shared_session:1;
>   uint32_t out_of_place:1;
>   uint32_t silent:1;
>   uint32_t csv:1;
> diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-
> perf/cperf_options_parsing.c
> index 8c20974273..55f858fa1b 100644
> --- a/app/test-crypto-perf/cperf_options_parsing.c
> +++ b/app/test-crypto-perf/cperf_options_parsing.c
> @@ -39,6 +39,7 @@ usage(char *progname)
>   " --optype cipher-only / auth-only / cipher-then-auth / auth-
> then-cipher /\n"
>   "aead / pdcp / docsis / ipsec / modex / tls-record : set
> operation type\n"
>   " --sessionless: enable session-less crypto operations\n"
> + " --shared-session: share 1 session across all queue pairs on
> crypto device\n"
>   " --out-of-place: enable out-of-place crypto operations\n"
>   " --test-file NAME: set the test vector file path\n"
>   " --test-name NAME: set specific test name section in test
> file\n"
> @@ -508,6 +509,14 @@ parse_sessionless(struct cperf_options *opts,
>   return 0;
>  }
> 
> +static int
> +parse_shared_session(struct cperf_options *opts,
> + const char *arg __rte_unused)
> +{
> + opts->shared_session = 1;
> + return 0;
> +}
> +
>  static int
>  parse_out_of_place(struct cperf_options *opts,
>   const char *arg __rte_unused)
> @@ -910,6 +919,7 @@ static struct option lgopts[] = {
> 
>   { CPERF_SILENT, no_argument, 0, 0 },
>   { CPERF_SESSIONLESS, no_argument, 0, 0 },
> + { CPERF_SHARED_SESSION, no_argument, 0, 0 },
>   { CPERF_OUT_OF_PLACE, no_argument, 0, 0 },
>   { CPERF_TEST_FILE, required_argument, 0, 0 },
>   { CPERF_TEST_NAME, required_argument, 0, 0 }, @@ -1035,6
> +1045,7 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts)
>   { CPERF_DEVTYPE,parse_device_type },
>   { CPERF_OPTYPE, parse_op_type },
>   { CPERF_SESSIONLESS,parse_sessionless },
> + { CPERF_SHARED_SESSION, parse_shared_session },
>   { CPERF_OUT_OF_PLACE,   parse_out_of_place },
>   { CPERF_IMIX,   parse_imix },
>   { CPERF_TEST_FILE,

Re: [PATCH v1] crypto/ipsec_mb: use new ipad/opad calculation API

2024-06-20 Thread Dooley, Brian

Recheck-request: iol-unit-arm64-testing


From: Dooley, Brian 
Sent: Monday, June 10, 2024 9:19 AM
To: Ji, Kai ; De Lara Guarch, Pablo 

Cc: dev@dpdk.org ; gak...@marvell.com 
Subject: Re: [PATCH v1] crypto/ipsec_mb: use new ipad/opad calculation API

Recheck-request: iol-unit-amd64-testing


From: Dooley, Brian 
Sent: Wednesday, June 5, 2024 9:48 AM
To: Ji, Kai ; De Lara Guarch, Pablo 

Cc: dev@dpdk.org ; gak...@marvell.com ; 
Dooley, Brian 
Subject: [PATCH v1] crypto/ipsec_mb: use new ipad/opad calculation API

From: Pablo de Lara 

IPSec Multi-buffer library v1.4 added a new API to
calculate inner/outer padding for HMAC-SHAx/MD5.

Signed-off-by: Pablo de Lara 
Signed-off-by: Brian Dooley 
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 34 +-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c 
b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index 69a546697b..b3fdea02ff 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -13,6 +13,7 @@ struct aesni_mb_op_buf_data {
 uint32_t offset;
 };

+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 /**
  * Calculate the authentication pre-computes
  *
@@ -55,6 +56,7 @@ calculate_auth_precomputes(hash_one_block_t one_block_hash,
 memset(ipad_buf, 0, blocksize);
 memset(opad_buf, 0, blocksize);
 }
+#endif

 static inline int
 is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE cipher_mode)
@@ -66,12 +68,14 @@ is_aead_algo(IMB_HASH_ALG hash_alg, IMB_CIPHER_MODE 
cipher_mode)

 /** Set session authentication parameters */
 static int
-aesni_mb_set_session_auth_parameters(const IMB_MGR *mb_mgr,
+aesni_mb_set_session_auth_parameters(IMB_MGR *mb_mgr,
 struct aesni_mb_session *sess,
 const struct rte_crypto_sym_xform *xform)
 {
+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 hash_one_block_t hash_oneblock_fn = NULL;
 unsigned int key_larger_block_size = 0;
+#endif
 uint8_t hashed_key[HMAC_MAX_BLOCK_SIZE] = { 0 };
 uint32_t auth_precompute = 1;

@@ -267,18 +271,24 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR 
*mb_mgr,
 switch (xform->auth.algo) {
 case RTE_CRYPTO_AUTH_MD5_HMAC:
 sess->template_job.hash_alg = IMB_AUTH_MD5;
+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 hash_oneblock_fn = mb_mgr->md5_one_block;
+#endif
 break;
 case RTE_CRYPTO_AUTH_SHA1_HMAC:
 sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_1;
+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 hash_oneblock_fn = mb_mgr->sha1_one_block;
+#endif
 if (xform->auth.key.length > get_auth_algo_blocksize(
 IMB_AUTH_HMAC_SHA_1)) {
 IMB_SHA1(mb_mgr,
 xform->auth.key.data,
 xform->auth.key.length,
 hashed_key);
+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 key_larger_block_size = 1;
+#endif
 }
 break;
 case RTE_CRYPTO_AUTH_SHA1:
@@ -287,14 +297,18 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR 
*mb_mgr,
 break;
 case RTE_CRYPTO_AUTH_SHA224_HMAC:
 sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_224;
+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 hash_oneblock_fn = mb_mgr->sha224_one_block;
+#endif
 if (xform->auth.key.length > get_auth_algo_blocksize(
 IMB_AUTH_HMAC_SHA_224)) {
 IMB_SHA224(mb_mgr,
 xform->auth.key.data,
 xform->auth.key.length,
 hashed_key);
+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 key_larger_block_size = 1;
+#endif
 }
 break;
 case RTE_CRYPTO_AUTH_SHA224:
@@ -303,14 +317,18 @@ aesni_mb_set_session_auth_parameters(const IMB_MGR 
*mb_mgr,
 break;
 case RTE_CRYPTO_AUTH_SHA256_HMAC:
 sess->template_job.hash_alg = IMB_AUTH_HMAC_SHA_256;
+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 hash_oneblock_fn = mb_mgr->sha256_one_block;
+#endif
 if (xform->auth.key.length > get_auth_algo_blocksize(
 IMB_AUTH_HMAC_SHA_256)) {
 IMB_SHA256(mb_mgr,
 xform->auth.key.data,
 xform->auth.key.length,
 hashed_key);
+#if IMB_VERSION(1, 3, 0) >= IMB_VERSION_NUM
 key_larger_block_size = 1;
+#endif

RE: [PATCH] examples/fips_validation: fix coverity issues

2024-06-20 Thread Dooley, Brian

Hey Gowrishankar,

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Saturday, June 15, 2024 12:31 PM
> To: dev@dpdk.org; Dooley, Brian ; Gowrishankar
> Muthukrishnan 
> Cc: Anoob Joseph ; sta...@dpdk.org
> Subject: [PATCH] examples/fips_validation: fix coverity issues
> 
> Fix NULL dereference, out-of-bound, bad bit shift issues reported by coverity
> scan.
> 
> Coverity issue: 384440, 384435, 384433, 384429
> Fixes: 36128a67c27 ("examples/fips_validation: add asymmetric validation")
> Cc: sta...@dpdk.org
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  examples/fips_validation/fips_validation_rsa.c | 7 +--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/examples/fips_validation/fips_validation_rsa.c
> b/examples/fips_validation/fips_validation_rsa.c
> index f675b51051..55f81860a0 100644
> --- a/examples/fips_validation/fips_validation_rsa.c
> +++ b/examples/fips_validation/fips_validation_rsa.c
> @@ -328,6 +328,9 @@ parse_test_rsa_json_interim_writeback(struct
> fips_val *val)
>   if (prepare_vec_rsa() < 0)
>   return -1;
> 
> + if (!vec.rsa.e.val)
> + return -1;
> +
>   writeback_hex_str("", info.one_line_text, &vec.rsa.n);
>   obj = json_string(info.one_line_text);
>   json_object_set_new(json_info.json_write_group, "n", obj);
> @@ -474,7 +477,7 @@ fips_test_randomize_message(struct fips_val *msg,
> struct fips_val *rand)
>   uint16_t rv_len;
> 
>   if (!msg->val || !rand->val || rand->len > RV_BUF_LEN
> - || msg->len > FIPS_TEST_JSON_BUF_LEN)
> + || msg->len > (FIPS_TEST_JSON_BUF_LEN - 1))
>   return -EINVAL;
> 
>   memset(rv, 0, sizeof(rv));
> @@ -503,7 +506,7 @@ fips_test_randomize_message(struct fips_val *msg,
> struct fips_val *rand)
>   m[i + j] ^= rv[j];
> 
>   m[i + j] = ((uint8_t *)&rv_bitlen)[0];
> - m[i + j + 1] = (((uint8_t *)&rv_bitlen)[1] >> 8) & 0xFF;
> + m[i + j + 1] = ((uint8_t *)&rv_bitlen)[1];
> 
>   rte_free(msg->val);
>   msg->len = (rv_bitlen + m_bitlen + 16) / 8;
> --
> 2.25.1

Acked-by: Brian Dooley

RE: [PATCH v1 0/6] app/crypto-perf: add asymmetric crypto tests

2024-06-25 Thread Dooley, Brian

Hi Gowrishankar,

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Saturday, June 15, 2024 12:53 PM
> To: dev@dpdk.org
> Cc: Anoob Joseph ; Akhil Goyal
> ; Gowrishankar Muthukrishnan
> 
> Subject: [PATCH v1 0/6] app/crypto-perf: add asymmetric crypto tests
> 
> This patch series adds below asymmetric tests in crypto-perf tool:
>   * MODEX group tests (RFC 3526)
>   * SM2 tests
>   * ECDSA P256R1 tests
> 
> Akhil Goyal (1):
>   app/crypto-perf: support SM2
> 
> Gowrishankar Muthukrishnan (5):
>   app/crypto-perf: add modex groups test
>   app/crypto-perf: remove redundant local varriable
>   app/crypto-perf: fix result location for asymmetric test
>   app/crypto-perf: add function to check asymmetric operation
>   app/crypto-perf: support ECDSA
> 
>  app/test-crypto-perf/cperf_ops.c | 135 +++-
>  app/test-crypto-perf/cperf_options.h |   8 +
>  app/test-crypto-perf/cperf_options_parsing.c |  61 +-
>  app/test-crypto-perf/cperf_test_common.c |  19 +-
>  app/test-crypto-perf/cperf_test_common.h |   2 +
>  app/test-crypto-perf/cperf_test_latency.c|  21 +-
>  app/test-crypto-perf/cperf_test_throughput.c |   2 +-
>  app/test-crypto-perf/cperf_test_vectors.c| 773 ++-
>  app/test-crypto-perf/cperf_test_vectors.h|  41 +-
>  app/test-crypto-perf/cperf_test_verify.c |   2 +-
>  app/test-crypto-perf/main.c  |  87 ++-
>  doc/guides/tools/cryptoperf.rst  |   7 +
>  12 files changed, 1131 insertions(+), 27 deletions(-)
> 
> --
> 2.25.1

Series-acked-by: Brian Dooley

RE: [PATCH] crypto/qat: fix incorrect placement of oop offset

2024-07-08 Thread Dooley, Brian

Hi Arek,

> -Original Message-
> From: Kusztal, ArkadiuszX 
> Sent: Thursday, July 4, 2024 11:27 AM
> To: dev@dpdk.org
> Cc: gak...@marvell.com; Dooley, Brian ; Kusztal,
> ArkadiuszX ; sta...@dpdk.org
> Subject: [PATCH] crypto/qat: fix incorrect placement of oop offset
> 
> This patch fixes incorrect placement of OOP offset.
> Data preceding crypto operation is not copied to the output buffer, which is
> conformant to the API.
> 
> Fixes: a815a04cea05 ("crypto/qat: support symmetric build op request")
> Cc: sta...@dpdk.org
> 
> Signed-off-by: Arkadiusz Kusztal 
> ---
>  drivers/crypto/qat/dev/qat_crypto_pmd_gens.h | 18 +-
>  1 file changed, 13 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
> b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
> index 1f5d2583c4..83d5870cae 100644
> --- a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
> +++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
> @@ -399,7 +399,7 @@ qat_sym_convert_op_to_vec_chain(struct
> rte_crypto_op *op,
>   struct qat_sym_op_cookie *cookie)
>  {
>   union rte_crypto_sym_ofs ofs;
> - uint32_t max_len = 0;
> + uint32_t max_len = 0, oop_offset = 0;
>   uint32_t cipher_len = 0, cipher_ofs = 0;
>   uint32_t auth_len = 0, auth_ofs = 0;
>   int is_oop = (op->sym->m_dst != NULL) && @@ -473,6 +473,16 @@
> qat_sym_convert_op_to_vec_chain(struct rte_crypto_op *op,
> 
>   max_len = RTE_MAX(cipher_ofs + cipher_len, auth_ofs + auth_len);
> 
> + /* If OOP, we need to keep in mind that offset needs to start where
> +  * cipher/auth starts, namely no offset on the smaller one
> +  */
> + if (is_oop) {
> + oop_offset = RTE_MIN(auth_ofs, cipher_ofs);
> + auth_ofs -= oop_offset;
> + cipher_ofs -= oop_offset;
> + max_len -= oop_offset;
> + }
> +
>   /* digest in buffer check. Needed only for wireless algos
>* or combined cipher-crc operations
>*/
> @@ -513,9 +523,7 @@ qat_sym_convert_op_to_vec_chain(struct
> rte_crypto_op *op,
>   max_len = RTE_MAX(max_len, auth_ofs + auth_len +
>   ctx->digest_length);
>   }
> -
> - /* Passing 0 as cipher & auth offsets are assigned into ofs later */
> - n_src = rte_crypto_mbuf_to_vec(op->sym->m_src, 0, max_len,
> + n_src = rte_crypto_mbuf_to_vec(op->sym->m_src, oop_offset,
> max_len,
>   in_sgl->vec, QAT_SYM_SGL_MAX_NUMBER);
>   if (unlikely(n_src < 0 || n_src > op->sym->m_src->nb_segs)) {
>   op->status = RTE_CRYPTO_OP_STATUS_ERROR; @@ -525,7
> +533,7 @@ qat_sym_convert_op_to_vec_chain(struct rte_crypto_op *op,
> 
>   if (unlikely((op->sym->m_dst != NULL) &&
>   (op->sym->m_dst != op->sym->m_src))) {
> - int n_dst = rte_crypto_mbuf_to_vec(op->sym->m_dst, 0,
> + int n_dst = rte_crypto_mbuf_to_vec(op->sym->m_dst,
> oop_offset,
>   max_len, out_sgl->vec,
> QAT_SYM_SGL_MAX_NUMBER);
> 
>   if (n_dst < 0 || n_dst > op->sym->m_dst->nb_segs) {
> --
> 2.13.6

Acked-by: Brian Dooley

RE: [PATCH] crypto/qat: fix build when no openssl exists

2023-10-31 Thread Dooley, Brian

Hi Ciara,

> -Original Message-
> From: Power, Ciara 
> Sent: Friday, October 27, 2023 3:23 PM
> To: dev@dpdk.org
> Cc: Power, Ciara ; Dooley, Brian
> ; sta...@dpdk.org; Ji, Kai 
> Subject: [PATCH] crypto/qat: fix build when no openssl exists
> 
> Previously some compilation errors existed when no openssl was installed on
> the system, and intel-ipsec-mb was installed, due to missing headers and
> macros.
> 
> This patch fixes the issue by adding in extra ifdefs around openssl specific 
> code
> paths, and by adding the relevant macros explicitly in QAT code so it does not
> depend on openssl at all.
> 
> Fixes: ca0ba0e48129 ("crypto/qat: default to IPsec MB for computations")
> Cc: brian.doo...@intel.com
> Cc: sta...@dpdk.org
> 
> Signed-off-by: Ciara Power 

Thanks!

Acked-by: Brian Dooley

RE: [PATCH] examples/ipsec-secgw: fix partial overflow

2023-11-23 Thread Dooley, Brian

Thanks Thomas, makes sense.

> -Original Message-
> From: Thomas Monjalon 
> Sent: Wednesday, November 22, 2023 4:38 PM
> To: Dooley, Brian 
> Cc: dev@dpdk.org; sta...@dpdk.org; Nicolau, Radu
> ; Akhil Goyal ; Power, Ciara
> 
> Subject: Re: [PATCH] examples/ipsec-secgw: fix partial overflow
> 
> > > Case of partial overflow detected with ASan. Added extra padding to
> > > cdev_key structure.
> > >
> > > This structure is used for the key in hash table.
> > > Padding is added to force the struct to use 8 bytes, to ensure
> > > memory is notread past this structs boundary (the hash key
> > > calculation reads 8 bytes if this struct is size 5 bytes).
> > > The padding should be zeroed.
> > > If fields are modified in this struct, the padding must be updated
> > > to ensure multiple of 8 bytes size overall.
> > >
> > > Fixes: d299106e8e31 ("examples/ipsec-secgw: add IPsec sample
> > > application")
> > > Cc: sergio.gonzalez.mon...@intel.com
> > > Cc: sta...@dpdk.org
> > >
> > > Signed-off-by: Brian Dooley 
> >
> > Acked-by: Ciara Power 
> 
> Applied and made the comment simpler with this:
> 
>   uint8_t padding[3]; /* padding to 8-byte size should be zeroed */
> 
>

RE: [PATCH] examples/fips_validation: fix digest in non JSON SHA MCT

2023-03-24 Thread Dooley, Brian

Hi Gowrishankar,

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Friday 24 March 2023 09:02
> To: dev@dpdk.org
> Cc: jer...@marvell.com; ano...@marvell.com; Akhil Goyal
> ; Dooley, Brian ;
> Gowrishankar Muthukrishnan 
> Subject: [PATCH] examples/fips_validation: fix digest in non JSON SHA MCT
> 
> Non JSON SHA MCT tests produce incorrect digest due to a regression while
> handling MD blocks in common for all kind of SHA, SHA2, SHA3 and SHAKE
> algorithms. Fixing this along with some cleanup to use only rte_malloc API for
> storing test vectors as in other tests.
> 
> Fixes: d8417b5ef4e ("examples/fips_validation: add SHA3 validation")
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  .../fips_validation/fips_validation_sha.c | 31 ++-
>  examples/fips_validation/main.c   | 53 +--
>  2 files changed, 42 insertions(+), 42 deletions(-)
> 
> diff --git a/examples/fips_validation/fips_validation_sha.c
> b/examples/fips_validation/fips_validation_sha.c
> index 7ce7d3744f..e81bfeceda 100644
> --- a/examples/fips_validation/fips_validation_sha.c
> +++ b/examples/fips_validation/fips_validation_sha.c
> @@ -7,6 +7,7 @@
>  #include 
>  #include 
> 
> +#include 
>  #include 
> 
>  #include "fips_validation.h"
> @@ -28,19 +29,20 @@
> 
>  struct plain_hash_size_conversion {
>   const char *str;
> + uint8_t md_blocks;
>   enum rte_crypto_auth_algorithm algo;
>  } phsc[] = {
> - {"20", RTE_CRYPTO_AUTH_SHA1},
> - {"28", RTE_CRYPTO_AUTH_SHA224},
> - {"32", RTE_CRYPTO_AUTH_SHA256},
> - {"48", RTE_CRYPTO_AUTH_SHA384},
> - {"64", RTE_CRYPTO_AUTH_SHA512},
> - {"28", RTE_CRYPTO_AUTH_SHA3_224},
> - {"32", RTE_CRYPTO_AUTH_SHA3_256},
> - {"48", RTE_CRYPTO_AUTH_SHA3_384},
> - {"64", RTE_CRYPTO_AUTH_SHA3_512},
> - {"16", RTE_CRYPTO_AUTH_SHAKE_128},
> - {"32", RTE_CRYPTO_AUTH_SHAKE_256},
> + {"20", 3, RTE_CRYPTO_AUTH_SHA1},
> + {"28", 3, RTE_CRYPTO_AUTH_SHA224},
> + {"32", 3, RTE_CRYPTO_AUTH_SHA256},
> + {"48", 3, RTE_CRYPTO_AUTH_SHA384},
> + {"64", 3, RTE_CRYPTO_AUTH_SHA512},
> + {"28", 1, RTE_CRYPTO_AUTH_SHA3_224},
> + {"32", 1, RTE_CRYPTO_AUTH_SHA3_256},
> + {"48", 1, RTE_CRYPTO_AUTH_SHA3_384},
> + {"64", 1, RTE_CRYPTO_AUTH_SHA3_512},
> + {"16", 1, RTE_CRYPTO_AUTH_SHAKE_128},
> + {"32", 1, RTE_CRYPTO_AUTH_SHAKE_256},
>  };
> 
>  int
> @@ -69,6 +71,7 @@ parse_interim_algo(__rte_unused const char *key,
>   for (i = 0; i < RTE_DIM(phsc); i++) {
>   if (strstr(text, phsc[i].str)) {
>   info.interim_info.sha_data.algo = phsc[i].algo;
> + info.interim_info.sha_data.md_blocks =
> phsc[i].md_blocks;
>   parser_read_uint32_val(ALGO_PREFIX,
>   text, &vec.cipher_auth.digest);
>   break;
> @@ -84,7 +87,7 @@ parse_interim_algo(__rte_unused const char *key,
> struct fips_test_callback sha_tests_vectors[] = {
>   {MSGLEN_STR, parser_read_uint32_bit_val, &vec.pt},
>   {MSG_STR, parse_uint8_known_len_hex_str, &vec.pt},
> - {SEED_STR, parse_uint8_hex_str, &vec.cipher_auth.digest},
> + {SEED_STR, parse_uint8_hex_str, &vec.pt},
>   {NULL, NULL, NULL} /**< end pointer */  };
> 
> @@ -307,8 +310,8 @@ parse_test_sha_json_algorithm(void)
>   if (sz < 0)
>   return -1;
> 
> - free(vec.cipher_auth.digest.val);
> - vec.cipher_auth.digest.val = calloc(1, sz);
> + rte_free(vec.cipher_auth.digest.val);
> + vec.cipher_auth.digest.val = rte_malloc(NULL, sz, 0);
>   if (vec.cipher_auth.digest.val == NULL)
>   return -1;
> 
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c index 4c231fdb29..4237224d9d 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -1618,11 +1618,11 @@ get_writeback_data(struct fips_val *val)
> 
>   /* in case val is reused for MCT test, try to free the buffer first */
>   if (val->val) {
> - free(val->val);
> + rte_free(val->val);
>   val->val = NULL;
>

RE: [PATCH] maintainers: update for FIPS validation

2023-03-30 Thread Dooley, Brian

Hi Gowrishankar,

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Wednesday 29 March 2023 12:01
> To: dev@dpdk.org
> Cc: jer...@marvell.com; ano...@marvell.com; Akhil Goyal
> ; Dooley, Brian ;
> Gowrishankar Muthukrishnan 
> Subject: [PATCH] maintainers: update for FIPS validation
> 
> Add co-maintainer for FIPS validation example.
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  MAINTAINERS | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 280058adfc..8df23e5099 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -1809,6 +1809,7 @@ F: doc/guides/sample_app_ug/ethtool.rst
> 
>  FIPS validation example
>  M: Brian Dooley 
> +M: Gowrishankar Muthukrishnan 
>  F: examples/fips_validation/
>  F: doc/guides/sample_app_ug/fips_validation.rst
> 
> --
> 2.25.1

Acked-by: Brian Dooley

RE: [PATCH] crypto/qat: fix stack buffer overflow in SGL loop

2023-04-14 Thread Dooley, Brian

Hi Ciara,

> -Original Message-
> From: Ciara Power 
> Sent: Friday 14 April 2023 13:32
> To: Ji, Kai 
> Cc: dev@dpdk.org; Power, Ciara ; sta...@dpdk.org
> Subject: [PATCH] crypto/qat: fix stack buffer overflow in SGL loop
> 
> The cvec pointer was incremented incorrectly in the case where the length of
> remaining_off equals cvec len, and there is no next cvec.
> This led to cvec->iova being invalid memory to access.
> 
> Instead, only increment the cvec pointer when we know there is a next cvec
> to point to, by checking the i value, which represents the number of cvecs
> available.
> If i is 0, then no need to increment as the current cvec is the last one.
> 
> Fixes: a815a04cea05 ("crypto/qat: support symmetric build op request")
> Cc: kai...@intel.com
> Cc: sta...@dpdk.org
> 
> Signed-off-by: Ciara Power 
> ---
>  drivers/crypto/qat/dev/qat_crypto_pmd_gens.h | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
> b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
> index 524c291340..092265631b 100644
> --- a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
> +++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
> @@ -682,7 +682,8 @@ enqueue_one_chain_job_gen1(struct
> qat_sym_session *ctx,
>   while (remaining_off >= cvec->len && i >= 1) {
>   i--;
>   remaining_off -= cvec->len;
> - cvec++;
> + if (i)
> + cvec++;
>   }
> 
>   auth_iova_end = cvec->iova + remaining_off;
> --
> 2.25.1

Acked-by: Brian Dooley

RE: [EXT] [PATCH v1] crypto/ipsec_mb: add digest encrypted feature in AESNI_MB

2023-04-24 Thread Dooley, Brian

Hi Akhil,

> -Original Message-
> From: Akhil Goyal 
> Sent: Monday 24 April 2023 06:46
> To: Dooley, Brian ; Ji, Kai ; De
> Lara Guarch, Pablo 
> Cc: dev@dpdk.org
> Subject: RE: [EXT] [PATCH v1] crypto/ipsec_mb: add digest encrypted feature
> in AESNI_MB
> 
> > Subject: [EXT] [PATCH v1] crypto/ipsec_mb: add digest encrypted
> > feature in AESNI_MB AESNI_MB PMD does not support Digest Encrypted.
> > This patch adds partial support for this feature.
> 
> I do not get it, what is the point of adding partial support.
> It should be added when it is supported.
> Also whenever, you add, add in documentation as well.
Apologies for this, This patch has a bit more work to do and should have been 
an RFC.
Confident that it can be completed for the release.
> 
> 
> >
> > Signed-off-by: Brian Dooley 
> > ---
> > Some out-of-place tests are still failing.
> > Only some in-place tests are passing.
> > Working on adding support for this feature in v2.
> 
> You cannot just send half cooked patches.
> 
> > ---
> >  app/test/1.diff| 0
> >  drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 3 ++-
> >  2 files changed, 2 insertions(+), 1 deletion(-)  create mode 100644
> > app/test/1.diff
> >
> > diff --git a/app/test/1.diff b/app/test/1.diff new file mode 100644
> > index 00..e69de29bb2
> This file is accidently added.

Thanks,
Brian

RE: [PATCH v1] examples/fips_validation: fix digest length in AES GCM

2023-06-30 Thread Dooley, Brian

Hey Samina,

> -Original Message-
> From: Arshad, Samina 
> Sent: Wednesday, June 28, 2023 3:39 PM
> To: Dooley, Brian ; Gowrishankar Muthukrishnan
> 
> Cc: dev@dpdk.org; sta...@dpdk.org; Arshad, Samina
> ; Kovacevic, Marko 
> Subject: [PATCH v1] examples/fips_validation: fix digest length in AES GCM
> 
> For AES GCM non JSON decrypt test cases the digest length is being set
> incorrectly.The digest length is not being cleared after test cases, causing 
> an
> issue when running tests individually without the --path-is-folder flag.
> This fix adds the digest length correctly to the decrypt cases and clears the
> digest length after each test file.
> 
> Fixes: 4aaad2995e13 ("examples/fips_validation: support GCM parsing")
> Cc: marko.kovace...@intel.com
> 
> Signed-off-by: Samina Arshad 
> ---
>  examples/fips_validation/main.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c index 4237224d9d..6518c959c4 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -834,7 +834,7 @@ prepare_aead_op(void)
>   RTE_LOG(ERR, USER1, "Not enough memory\n");
>   return -ENOMEM;
>   }
> - env.digest_len = vec.cipher_auth.digest.len;
> + env.digest_len = vec.aead.digest.len;
> 
>   sym->aead.data.length = vec.pt.len;
>   sym->aead.digest.data = env.digest;
> @@ -843,7 +843,7 @@ prepare_aead_op(void)
>   ret = prepare_data_mbufs(&vec.ct);
>   if (ret < 0)
>   return ret;
> -
> + env.digest_len = vec.aead.digest.len;
>   sym->aead.data.length = vec.ct.len;
>   sym->aead.digest.data = vec.aead.digest.val;
>   sym->aead.digest.phys_addr = rte_malloc_virt2iova( @@ -
> 2618,6 +2618,7 @@ fips_test_one_file(void)
>   if (env.digest) {
>   rte_free(env.digest);
>   env.digest = NULL;
> + env.digest_len = 0;
>   }
>   rte_pktmbuf_free(env.mbuf);
> 
> --
> 2.25.1

Acked-by: Brian Dooley

RE: [PATCH] doc: support IPsec Multi-buffer lib v1.4

2023-07-05 Thread Dooley, Brian

Hey Ciara,

> -Original Message-
> From: Ciara Power 
> Sent: Wednesday, July 5, 2023 3:34 PM
> To: dev@dpdk.org
> Cc: Ji, Kai ; De Lara Guarch, Pablo
> ; Power, Ciara 
> Subject: [PATCH] doc: support IPsec Multi-buffer lib v1.4
> 
> Updated AESNI MB and AESNI GCM, KASUMI, ZUC, SNOW3G and
> CHACHA20_POLY1305 PMD documentation guides with information about
> the latest Intel IPsec Multi-buffer library supported.
> 
> Signed-off-by: Ciara Power 
> ---
>  doc/guides/cryptodevs/aesni_gcm.rst | 6 +++---
>  doc/guides/cryptodevs/aesni_mb.rst  | 6 +++---
>  doc/guides/cryptodevs/chacha20_poly1305.rst | 6 +++---
>  doc/guides/cryptodevs/kasumi.rst| 6 +++---
>  doc/guides/cryptodevs/snow3g.rst| 6 +++---
>  doc/guides/cryptodevs/zuc.rst   | 6 +++---
>  doc/guides/rel_notes/release_23_07.rst  | 4 
>  7 files changed, 22 insertions(+), 18 deletions(-)
> 
> diff --git a/doc/guides/cryptodevs/aesni_gcm.rst
> b/doc/guides/cryptodevs/aesni_gcm.rst
> index 5192287ed8..e0d9188a5d 100644
> --- a/doc/guides/cryptodevs/aesni_gcm.rst
> +++ b/doc/guides/cryptodevs/aesni_gcm.rst
> @@ -40,8 +40,8 @@ Installation
>  To build DPDK with the AESNI_GCM_PMD the user is required to download
> the multi-buffer  library from `here  mb>`_
>  and compile it on their user system before building DPDK.
> -The latest version of the library supported by this PMD is v1.3, which -can 
> be
> downloaded in ` mb/archive/v1.3.zip>`_.
> +The latest version of the library supported by this PMD is v1.4, which
> +can be downloaded in ` mb/archive/v1.4.zip>`_.
> 
>  .. code-block:: console
> 
> @@ -85,7 +85,7 @@ and the external crypto libraries supported by them:
> 18.05 - 19.02  Multi-buffer library 0.49 - 0.52
> 19.05 - 20.08  Multi-buffer library 0.52 - 0.55
> 20.11 - 21.08  Multi-buffer library 0.53 - 1.3*
> -   21.11+ Multi-buffer library 1.0  - 1.3*
> +   21.11+ Multi-buffer library 1.0  - 1.4*
> =  
> 
>  \* Multi-buffer library 1.0 or newer only works for Meson but not Make build
> system.
> diff --git a/doc/guides/cryptodevs/aesni_mb.rst
> b/doc/guides/cryptodevs/aesni_mb.rst
> index eaa853e6b2..879eb42d44 100644
> --- a/doc/guides/cryptodevs/aesni_mb.rst
> +++ b/doc/guides/cryptodevs/aesni_mb.rst
> @@ -99,8 +99,8 @@ Installation
>  To build DPDK with the AESNI_MB_PMD the user is required to download the
> multi-buffer  library from `here `_
>  and compile it on their user system before building DPDK.
> -The latest version of the library supported by this PMD is v1.3, which -can 
> be
> downloaded from ` mb/archive/v1.3.zip>`_.
> +The latest version of the library supported by this PMD is v1.4, which
> +can be downloaded from ` mb/archive/v1.4.zip>`_.
> 
>  .. code-block:: console
> 
> @@ -146,7 +146,7 @@ and the Multi-Buffer library version supported by
> them:
> 19.05 - 19.08   0.52
> 19.11 - 20.08   0.52 - 0.55
> 20.11 - 21.08   0.53 - 1.3*
> -   21.11+  1.0  - 1.3*
> +   21.11+  1.0  - 1.4*
> ==  
> 
>  \* Multi-buffer library 1.0 or newer only works for Meson but not Make build
> system.
> diff --git a/doc/guides/cryptodevs/chacha20_poly1305.rst
> b/doc/guides/cryptodevs/chacha20_poly1305.rst
> index 883d924e31..ee7b6e54e5 100644
> --- a/doc/guides/cryptodevs/chacha20_poly1305.rst
> +++ b/doc/guides/cryptodevs/chacha20_poly1305.rst
> @@ -31,8 +31,8 @@ Installation
>  To build DPDK with the Chacha20-poly1305 PMD the user is required to
> download  the multi-buffer library from `here
> `_
>  and compile it on their user system before building DPDK.
> -The latest version of the library supported by this PMD is v1.3, which -can 
> be
> downloaded from ` mb/archive/v1.3.zip>`_.
> +The latest version of the library supported by this PMD is v1.4, which
> +can be downloaded from ` mb/archive/v1.4.zip>`_.
> 
>  After downloading the library, the user needs to unpack and compile it  on
> their system before building DPDK:
> @@ -72,7 +72,7 @@ and the external crypto libraries supported by them:
> =  
> DPDK version   Crypto library version
> =  
> -   21.11+ Multi-buffer library 1.0-1.3*
> +   21.11+ Multi-buffer library 1.0-1.4*
> =  
> 
>  \* Multi-buffer library 1.0 or newer only works for Meson but not Make build
> system.
> diff --git a/doc/guides/cryptodevs/kasumi.rst
> b/doc/guides/cryptodevs/kasumi.rst
> index 90f537

RE: [PATCH v1] examples/fips_validation: fix parsing SHA test type from JSON vector

2022-09-23 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Friday, August 12, 2022 12:49 PM
> To: dev@dpdk.org
> Cc: Anoob Joseph ; Zhang, Roy Fan
> ; Dooley, Brian ; Akhil
> Goyal ; Gowrishankar Muthukrishnan
> 
> Subject: [PATCH v1] examples/fips_validation: fix parsing SHA test type from
> JSON vector
> 
> Store SHA test type in its own interim info struct instead of AES.
> 
> Fixes: d5c247145c2 ("examples/fips_validation: add parsing for SHA")
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  examples/fips_validation/fips_validation_sha.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/examples/fips_validation/fips_validation_sha.c
> b/examples/fips_validation/fips_validation_sha.c
> index dff552586f..75b073c15d 100644
> --- a/examples/fips_validation/fips_validation_sha.c
> +++ b/examples/fips_validation/fips_validation_sha.c
> @@ -259,7 +259,7 @@ parse_test_sha_json_test_type(void)
> 
>   for (i = 0; i < RTE_DIM(sha_test_types); i++)
>   if (strstr(type_str, sha_test_types[i].desc)) {
> - info.interim_info.aes_data.test_type =
> + info.interim_info.sha_data.test_type =
>   sha_test_types[i].type;
>   break;
>   }
> --
> 2.25.1

LGTM

Tested-by: Brian Dooley

RE: [PATCH v1 0/5] FIPS asymmetric validation

2022-09-23 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Friday, August 12, 2022 12:57 PM
> To: dev@dpdk.org
> Cc: Anoob Joseph ; Zhang, Roy Fan
> ; Dooley, Brian ; Akhil
> Goyal ; jer...@marvell.com; Gowrishankar
> Muthukrishnan 
> Subject: [PATCH v1 0/5] FIPS asymmetric validation
> 
> This patch series adds support in fips_validation app to perform asymmetric
> validation. To start with, RSA algorithm is used in the evaluation. For the 
> key
> value pairs which is multiprecision in arithmetic, openssl library is used.
> 
> Gowrishankar Muthukrishnan (5):
>   examples/fips_validation: fix parsing test group info
>   examples/fips_validation: add interim parse writeback
>   examples/fips_validation: add function to calculate SHA hash size
>   examples/fips_validation: fix buffer size to parse JSON string
>   examples/fips_validation: add asymmetric validation
> 
>  config/meson.build|   6 +
>  doc/guides/sample_app_ug/fips_validation.rst  |   1 +
>  examples/fips_validation/fips_validation.c|  18 +-
>  examples/fips_validation/fips_validation.h|  58 +-
>  .../fips_validation/fips_validation_gcm.c |   8 +-
>  .../fips_validation/fips_validation_rsa.c | 534 ++
>  .../fips_validation/fips_validation_sha.c |  39 +-
>  examples/fips_validation/main.c   | 465 ---
>  examples/fips_validation/meson.build  |   6 +
>  9 files changed, 1025 insertions(+), 110 deletions(-)  create mode 100644
> examples/fips_validation/fips_validation_rsa.c
> 
> --
> 2.25.1

Series-acked-by: Brian Dooley

RE: [PATCH v2] examples/fips_validation: fix memory allocation in AES MCT test

2022-09-23 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Friday, August 12, 2022 12:47 PM
> To: dev@dpdk.org
> Cc: Anoob Joseph ; Zhang, Roy Fan
> ; Dooley, Brian ; Akhil
> Goyal ; Gowrishankar Muthukrishnan
> 
> Subject: [PATCH v2] examples/fips_validation: fix memory allocation in AES
> MCT test
> 
> Instead of allocating memory in every external iteration, do once in the
> beginning of AES MCT tests and free at the end.
> 
> Fixes: 8b8546aaedf ("examples/fips_validation: add parsing for AES-CBC")
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
> v2:
>  - commit message.
> ---
>  examples/fips_validation/main.c | 26 ++
>  1 file changed, 10 insertions(+), 16 deletions(-)
> 
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c index 8bd5a66889..5c3f79a91c 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -1565,9 +1565,12 @@ fips_mct_aes_test(void)
>   if (info.interim_info.aes_data.cipher_algo ==
> RTE_CRYPTO_CIPHER_AES_ECB)
>   return fips_mct_aes_ecb_test();
> 
> - memset(&pt, 0, sizeof(struct fips_val));
> - memset(&ct, 0, sizeof(struct fips_val));
> - memset(&iv, 0, sizeof(struct fips_val));
> + pt.len = vec.pt.len;
> + pt.val = calloc(1, pt.len);
> + ct.len = vec.ct.len;
> + ct.val = calloc(1, ct.len);
> + iv.len = vec.iv.len;
> + iv.val = calloc(1, iv.len);
>   for (i = 0; i < AES_EXTERN_ITER; i++) {
>   if (info.file_type != FIPS_TYPE_JSON) {
>   if (i != 0)
> @@ -1599,16 +1602,8 @@ fips_mct_aes_test(void)
> 
>   if (j == 0) {
>   memcpy(prev_out, val[0].val,
> AES_BLOCK_SIZE);
> - pt.len = vec.pt.len;
> - pt.val = calloc(1, pt.len);
>   memcpy(pt.val, vec.pt.val, pt.len);
> -
> - ct.len = vec.ct.len;
> - ct.val = calloc(1, ct.len);
>   memcpy(ct.val, vec.ct.val, ct.len);
> -
> - iv.len = vec.iv.len;
> - iv.val = calloc(1, iv.len);
>   memcpy(iv.val, vec.iv.val, iv.len);
> 
>   if (info.op == FIPS_TEST_ENC_AUTH_GEN) {
> @@ -1647,12 +1642,8 @@ fips_mct_aes_test(void)
>   if (info.file_type != FIPS_TYPE_JSON)
>   fprintf(info.fp_wr, "\n");
> 
> - if (i == AES_EXTERN_ITER - 1) {
> - free(pt.val);
> - free(ct.val);
> - free(iv.val);
> + if (i == AES_EXTERN_ITER - 1)
>   continue;
> - }
> 
>   /** update key */
>   memcpy(&val_key, &vec.cipher_auth.key, sizeof(val_key));
> @@ -1683,6 +1674,9 @@ fips_mct_aes_test(void)
>   }
> 
>   free(val[0].val);
> + free(pt.val);
> + free(ct.val);
> + free(iv.val);
> 
>   return 0;
>  }
> --
> 2.25.1

Acked-by: Brian Dooley

RE: [PATCH v2 2/2] examples/fips_validation: add parsing for TDES

2022-09-23 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Friday, August 12, 2022 12:52 PM
> To: dev@dpdk.org
> Cc: Anoob Joseph ; Zhang, Roy Fan
> ; Dooley, Brian ; Akhil
> Goyal ; jer...@marvell.com; Gowrishankar
> Muthukrishnan 
> Subject: [PATCH v2 2/2] examples/fips_validation: add parsing for TDES
> 
> Added function to parse algorithm for TDES CBC and ECB tests in json.
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  doc/guides/sample_app_ug/fips_validation.rst  |   2 +
>  examples/fips_validation/fips_validation.c|   3 +
>  examples/fips_validation/fips_validation.h|   4 +
>  .../fips_validation/fips_validation_tdes.c| 335 ++
>  examples/fips_validation/main.c   |  94 +++--
>  5 files changed, 404 insertions(+), 34 deletions(-)
> 
> diff --git a/doc/guides/sample_app_ug/fips_validation.rst
> b/doc/guides/sample_app_ug/fips_validation.rst
> index 6f4bd34726..33a8c97575 100644
> --- a/doc/guides/sample_app_ug/fips_validation.rst
> +++ b/doc/guides/sample_app_ug/fips_validation.rst
> @@ -64,6 +64,8 @@ ACVP
>  * AES-XTS (128,256) - AFT
>  * HMAC (SHA1, SHA224, SHA256, SHA384, SHA512)
>  * SHA (1, 256, 384, 512) - AFT, MCT
> +* TDES-CBC - AFT, MCT
> +* TDES-ECB - AFT, MCT
> 
> 
>  Application Information
> diff --git a/examples/fips_validation/fips_validation.c
> b/examples/fips_validation/fips_validation.c
> index 9678aa2161..6c9f5e42a4 100644
> --- a/examples/fips_validation/fips_validation.c
> +++ b/examples/fips_validation/fips_validation.c
> @@ -468,6 +468,9 @@ fips_test_parse_one_json_vector_set(void)
>   info.algo = FIPS_TEST_ALGO_AES_XTS;
>   else if (strstr(algo_str, "SHA"))
>   info.algo = FIPS_TEST_ALGO_SHA;
> + else if (strstr(algo_str, "TDES-CBC") ||
> + strstr(algo_str, "TDES-ECB"))
> + info.algo = FIPS_TEST_ALGO_TDES;
>   else
>   return -EINVAL;
> 
> diff --git a/examples/fips_validation/fips_validation.h
> b/examples/fips_validation/fips_validation.h
> index 5c1abcbd91..f42040f460 100644
> --- a/examples/fips_validation/fips_validation.h
> +++ b/examples/fips_validation/fips_validation.h
> @@ -114,6 +114,7 @@ enum fips_tdes_test_types {
>   TDES_VARIABLE_KEY,
>   TDES_VARIABLE_TEXT,
>   TDES_KAT,
> + TDES_AFT, /* Functional Test */
>   TDES_MCT, /* Monte Carlo (Modes) Test */
>   TDES_MMT /* Multi block Message Test */  }; @@ -290,6 +291,9 @@
> parse_test_sha_json_algorithm(void);
> 
>  int
>  parse_test_sha_json_test_type(void);
> +
> +int
> +parse_test_tdes_json_init(void);
>  #endif /* USE_JANSSON */
> 
>  int
> diff --git a/examples/fips_validation/fips_validation_tdes.c
> b/examples/fips_validation/fips_validation_tdes.c
> index a1ddd57cfd..10f13e6b0b 100644
> --- a/examples/fips_validation/fips_validation_tdes.c
> +++ b/examples/fips_validation/fips_validation_tdes.c
> @@ -38,6 +38,21 @@
> 
>  #define DEVICE_STR   "# Config Info for : "
> 
> +#define ALGO_JSON_STR"algorithm"
> +#define TESTTYPE_JSON_STR "testType"
> +#define DIR_JSON_STR "direction"
> +#define KEYOPT_JSON_STR  "keyingOption"
> +
> +#define PT_JSON_STR  "pt"
> +#define CT_JSON_STR  "ct"
> +#define IV_JSON_STR  "iv"
> +#define KEY1_JSON_STR"key1"
> +#define KEY2_JSON_STR"key2"
> +#define KEY3_JSON_STR"key3"
> +
> +#define OP_ENC_JSON_STR  "encrypt"
> +#define OP_DEC_JSON_STR  "decrypt"
> +
>  struct {
>   uint32_t type;
>   const char *desc;
> @@ -48,6 +63,7 @@ struct {
>   {TDES_VARIABLE_KEY, "VARIABLE KEY"},
>   {TDES_VARIABLE_TEXT, "VARIABLE
> PLAINTEXT/CIPHERTEXT"},
>   {TDES_VARIABLE_TEXT, "KAT"},
> + {TDES_AFT, "Functional Test"},
>   {TDES_MCT, "Monte Carlo (Modes) Test"},
>   {TDES_MMT, "Multi block Message Test"},  }; @@ -92,6
> +108,325 @@ struct fips_test_callback tdes_writeback_callbacks[] = {
>   {NULL, NULL, NULL} /**< end pointer */  };
> 
> +#ifdef USE_JANSSON
> +static struct {
> + enum fips_tdes_test_types type;
> + const char *desc;
> +} const tdes_test_types[] = {
> + {TDES_AFT, "AFT"},
> + {TDES_MCT, "MCT"},
> +};
> +
> +static struct {
> + enum fips_tdes_test_mode mode;
> + const char *desc;
> +} const tdes_test_modes[] = {
> + {TDES_MODE_CBC, "C

RE: [v1] examples/fips_validation: fix SHA MCT test from segfault

2022-09-23 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Friday, September 16, 2022 3:02 PM
> To: dev@dpdk.org
> Cc: Anoob Joseph ; Zhang, Roy Fan
> ; Dooley, Brian ; Akhil
> Goyal ; jer...@marvell.com; Gowrishankar
> Muthukrishnan 
> Subject: [v1] examples/fips_validation: fix SHA MCT test from segfault
> 
> In case of FIPS 140-2 format of test vectors in MCT test, msg is not given in
> the test vector, hence pt will be NULL which test function has to handle
> correctly.
> 
> Fixes: d5c247145c2c ("examples/fips_validation: add parsing for SHA")
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  examples/fips_validation/main.c | 14 --
>  1 file changed, 8 insertions(+), 6 deletions(-)
> 
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c index 8bd5a66889..cab3dd22b9 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -1696,13 +1696,14 @@ fips_mct_sha_test(void)
>   /* val[0] is op result and other value is for parse_writeback callback
> */
>   struct fips_val val[2] = {{NULL, 0},};
>   struct fips_val  md[SHA_MD_BLOCK], msg;
> - char temp[MAX_DIGEST_SIZE*2];
>   int ret;
>   uint32_t i, j;
> 
>   msg.len = SHA_MD_BLOCK * vec.cipher_auth.digest.len;
>   msg.val = calloc(1, msg.len);
> - memcpy(vec.cipher_auth.digest.val, vec.pt.val,
> vec.cipher_auth.digest.len);
> + if (vec.pt.val)
> + memcpy(vec.cipher_auth.digest.val, vec.pt.val,
> +vec.cipher_auth.digest.len);
> +
>   for (i = 0; i < SHA_MD_BLOCK; i++)
>   md[i].val = rte_malloc(NULL, (MAX_DIGEST_SIZE*2), 0);
> 
> @@ -1769,14 +1770,15 @@ fips_mct_sha_test(void)
>   memcpy(vec.cipher_auth.digest.val, md[2].val, md[2].len);
>   vec.cipher_auth.digest.len = md[2].len;
> 
> - if (info.file_type != FIPS_TYPE_JSON) {
> + if (info.file_type != FIPS_TYPE_JSON)
>   fprintf(info.fp_wr, "COUNT = %u\n", j);
> - writeback_hex_str("", temp,
> &vec.cipher_auth.digest);
> - fprintf(info.fp_wr, "MD = %s\n\n", temp);
> - }
> +
>   val[1].val = msg.val;
>   val[1].len = msg.len;
>   info.parse_writeback(val);
> +
> + if (info.file_type != FIPS_TYPE_JSON)
> + fprintf(info.fp_wr, "\n");
>   }
> 
>   for (i = 0; i < (SHA_MD_BLOCK); i++)
> --
> 2.25.1

LGTM

Tested-by: Brian Dooley

RE: [PATCH v2 1/2] examples/fips_validation: share test callback with multiple keys

2022-10-06 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Friday, August 12, 2022 12:52 PM
> To: dev@dpdk.org
> Cc: Anoob Joseph ; Zhang, Roy Fan
> ; Dooley, Brian ; Akhil
> Goyal ; jer...@marvell.com; Gowrishankar
> Muthukrishnan 
> Subject: [PATCH v2 1/2] examples/fips_validation: share test callback with
> multiple keys
> 
> Make use of key param in test callbacks so that, test callback can be shared
> with multiple keys.
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  examples/fips_validation/fips_validation.c | 27 +++---
>  1 file changed, 19 insertions(+), 8 deletions(-)
> 
> diff --git a/examples/fips_validation/fips_validation.c
> b/examples/fips_validation/fips_validation.c
> index 12b9b03f56..9678aa2161 100644
> --- a/examples/fips_validation/fips_validation.c
> +++ b/examples/fips_validation/fips_validation.c
> @@ -499,11 +499,8 @@ fips_test_parse_one_json_group(void)
>   return -EINVAL;
>   }
> 
> - /* First argument is blank because the key
> -  * is not included in the string being parsed.
> -  */
>   ret = info.interim_callbacks[i].cb(
> - "", json_value,
> + info.interim_callbacks[i].key, json_value,
>   info.interim_callbacks[i].val
>   );
>   if (ret < 0)
> @@ -525,11 +522,8 @@ fips_test_parse_one_json_case(void)
>   param = json_object_get(json_info.json_test_case,
> info.callbacks[i].key);
>   if (param) {
>   strcpy(info.one_line_text,
> json_string_value(param));
> - /* First argument is blank because the key
> -  * is not included in the string being parsed.
> -  */
>   ret = info.callbacks[i].cb(
> - "", info.one_line_text,
> + info.callbacks[i].key, info.one_line_text,
>   info.callbacks[i].val
>   );
>   if (ret < 0)
> @@ -625,7 +619,14 @@ parse_uint8_hex_str(const char *key, char *src,
> struct fips_val *val)  {
>   uint32_t len, j;
> 
> +#ifdef USE_JANSSON
> + /*
> +  * Offset not applicable in case of JSON test vectors.
> +  */
> + RTE_SET_USED(key);
> +#else
>   src += strlen(key);
> +#endif
> 
>   len = strlen(src) / 2;
> 
> @@ -653,6 +654,15 @@ parse_uint8_hex_str(const char *key, char *src,
> struct fips_val *val)
>   return 0;
>  }
> 
> +#ifdef USE_JANSSON
> +int
> +parser_read_uint32_val(const char *key, char *src, struct fips_val
> +*val) {
> + RTE_SET_USED(key);
> +
> + return parser_read_uint32(&val->len, src); } #else
>  int
>  parser_read_uint32_val(const char *key, char *src, struct fips_val *val)  {
> @@ -676,6 +686,7 @@ parser_read_uint32_val(const char *key, char *src,
> struct fips_val *val)
> 
>   return ret;
>  }
> +#endif
> 
>  int
>  parser_read_uint32_bit_val(const char *key, char *src, struct fips_val *val)
> --
> 2.25.1

Acked-by: Brian Dooley

RE: [EXT] [PATCH v4] examples/fips_validation: add parsing for AES CTR

2022-10-10 Thread Dooley, Brian

Hi Akhil,

> -Original Message-
> From: Akhil Goyal 
> Sent: Friday, October 7, 2022 11:49 AM
> To: Dooley, Brian 
> Cc: dev@dpdk.org; Gowrishankar Muthukrishnan
> ; roy.fan.zh...@intel.com; Ji, Kai
> 
> Subject: RE: [EXT] [PATCH v4] examples/fips_validation: add parsing for AES
> CTR
> 
> Hi Brian,
> > Added functionality to parse algorithm for AES CTR test
> >
> > Signed-off-by: Brian Dooley 
> > Acked-by: Kai Ji 
> > Acked-by: Gowrishankar Muthukrishnan 
> > ---
> > v2: fix clang warning for int-in-bool-context
> > ---
> > v3: in reply to fix and patchwork CI
> > ---
> > v4: missing acks
> > ---
> >  examples/fips_validation/fips_validation.c | 2 ++
> >  examples/fips_validation/fips_validation.h | 2 ++
> >  examples/fips_validation/fips_validation_aes.c | 5 +
> >  examples/fips_validation/main.c| 9 +++--
> >  4 files changed, 16 insertions(+), 2 deletions(-)
> Can you also update doc/guides/sample_app_ug/fips_validation.rst for CTR
> and GMAC that you have added.

Docs now updated in latest version

RE: [dpdk-dev v1] crypto/ipsec_mb: handle mp request register error

2022-11-03 Thread Dooley, Brian

Hi Kai,

> -Original Message-
> From: Kai Ji 
> Sent: Wednesday, November 2, 2022 11:25 PM
> To: dev@dpdk.org
> Cc: gak...@marvell.com; Ji, Kai ; De Lara Guarch, Pablo
> ; Burakov, Anatoly
> 
> Subject: [dpdk-dev v1] crypto/ipsec_mb: handle mp request register error
> 
> This patch fix the EXIST error handling when calling rte_mp_action_register().
> 
> Signed-off-by: Kai Ji 
> ---
>  drivers/crypto/ipsec_mb/ipsec_mb_private.c | 11 +--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 


Tested-by: Brian Dooley

RE: [PATCH v2] examples/fips_validation: fix typo

2022-11-07 Thread Dooley, Brian

Hi Pablo,

> -Original Message-
> From: De Lara Guarch, Pablo 
> Sent: Monday, November 7, 2022 10:04 AM
> To: Dooley, Brian 
> Cc: dev@dpdk.org; De Lara Guarch, Pablo ;
> Kovacevic, Marko ; sta...@dpdk.org
> Subject: [PATCH v2] examples/fips_validation: fix typo
> 
> Digest length is being printed out, not IV length.
> 
> Fixes: ac026f4668d0 ("examples/fips_validation: support CMAC parsing")
> Fixes: f64adb6714e0 ("examples/fips_validation: support HMAC parsing")
> Cc: marko.kovace...@intel.com
> Cc: sta...@dpdk.org
> 
> Signed-off-by: Pablo de Lara 
> ---
> -v2: added missing "Signed-off"
> ---
> 
>  examples/fips_validation/main.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c index 404a29d7b6..9a9babb53a 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -1210,7 +1210,7 @@ prepare_hmac_xform(struct
> rte_crypto_sym_xform *xform)
>   if (rte_cryptodev_sym_capability_check_auth(cap,
>   auth_xform->key.length,
>   auth_xform->digest_length, 0) != 0) {
> - RTE_LOG(ERR, USER1, "PMD %s key length %u IV length
> %u\n",
> + RTE_LOG(ERR, USER1, "PMD %s key length %u Digest length
> %u\n",
>   info.device_name, auth_xform->key.length,
>   auth_xform->digest_length);
>   return -EPERM;
> @@ -1339,7 +1339,7 @@ prepare_cmac_xform(struct
> rte_crypto_sym_xform *xform)
>   if (rte_cryptodev_sym_capability_check_auth(cap,
>   auth_xform->key.length,
>   auth_xform->digest_length, 0) != 0) {
> - RTE_LOG(ERR, USER1, "PMD %s key length %u IV length
> %u\n",
> + RTE_LOG(ERR, USER1, "PMD %s key length %u Digest length
> %u\n",
>   info.device_name, auth_xform->key.length,
>   auth_xform->digest_length);
>   return -EPERM;
> --
> 2.34.1

Reviewed-by: Brian Dooley

RE: [PATCH v3] doc: support IPsec Multi-buffer lib v1.3

2022-11-10 Thread Dooley, Brian

Hi Pablo,

> -Original Message-
> From: Pablo de Lara 
> Sent: Thursday, November 10, 2022 11:07 AM
> To: Ji, Kai 
> Cc: dev@dpdk.org; De Lara Guarch, Pablo ;
> Power, Ciara 
> Subject: [PATCH v3] doc: support IPsec Multi-buffer lib v1.3
> 
> Updated AESNI MB and AESNI GCM, KASUMI, ZUC and SNOW3G PMD
> documentation guides with information about the latest Intel IPSec Multi-
> buffer library supported.
> 
> Signed-off-by: Pablo de Lara 
> Acked-by: Ciara Power 
> 
> ---
> -v3: Fixed library version from 1.2 to 1.3 in one line
> -v2: Removed repeated word 'the'
> ---
> 


Acked-by: Brian Dooley

RE: [PATCH 4/4] examples: remove unnecessary null checks

2022-11-14 Thread Dooley, Brian

Hi Stephen,

Looks good for fips validation.

> -Original Message-
> From: Stephen Hemminger 
> Sent: Wednesday, November 9, 2022 11:47 PM
> To: dev@dpdk.org
> Cc: Stephen Hemminger ; Hunt, David
> ; Dooley, Brian 
> Subject: [PATCH 4/4] examples: remove unnecessary null checks
> 
> The function rte_free() already handles NULL argument; therefore the
> checks in this code are unnecessary.
> 
> Signed-off-by: Stephen Hemminger 
> ---
>  examples/distributor/main.c |  3 +--
>  examples/fips_validation/main.c | 15 +--
>  2 files changed, 6 insertions(+), 12 deletions(-)
> 
> diff --git a/examples/distributor/main.c b/examples/distributor/main.c index
> e767973ed8de..21304d661873 100644
> --- a/examples/distributor/main.c
> +++ b/examples/distributor/main.c
> @@ -1017,8 +1017,7 @@ main(int argc, char *argv[])
> 
>   print_stats();
> 
> - if (pd)
> - rte_free(pd);
> + rte_free(pd);
>   rte_free(pr);
> 
>   /* clean up the EAL */
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c index 40a5b70e073b..73caaffb7e7a
> 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -962,8 +962,7 @@ prepare_rsa_op(void)
>   asym->rsa.message.data = msg.val;
>   asym->rsa.message.length = msg.len;
> 
> - if (vec.rsa.signature.val)
> - rte_free(vec.rsa.signature.val);
> + rte_free(vec.rsa.signature.val);
> 
>   vec.rsa.signature.val = rte_zmalloc(NULL, vec.rsa.n.len, 0);
>   vec.rsa.signature.len = vec.rsa.n.len; @@ -1011,11 +1010,9
> @@ prepare_ecdsa_op(void)
>   asym->ecdsa.k.data = vec.ecdsa.k.val;
>   asym->ecdsa.k.length = vec.ecdsa.k.len;
> 
> - if (vec.ecdsa.r.val)
> - rte_free(vec.ecdsa.r.val);
> + rte_free(vec.ecdsa.r.val);
> 
> - if (vec.ecdsa.s.val)
> - rte_free(vec.ecdsa.s.val);
> + rte_free(vec.ecdsa.s.val);
> 
>   vec.ecdsa.r.len = info.interim_info.ecdsa_data.curve_len;
>   vec.ecdsa.r.val = rte_zmalloc(NULL, vec.ecdsa.r.len, 0); @@ -
> 1060,11 +1057,9 @@ prepare_ecfpm_op(void)
>   asym->ecpm.scalar.data = vec.ecdsa.pkey.val;
>   asym->ecpm.scalar.length = vec.ecdsa.pkey.len;
> 
> - if (vec.ecdsa.qx.val)
> - rte_free(vec.ecdsa.qx.val);
> + rte_free(vec.ecdsa.qx.val);
> 
> - if (vec.ecdsa.qy.val)
> - rte_free(vec.ecdsa.qy.val);
> + rte_free(vec.ecdsa.qy.val);
> 
>   vec.ecdsa.qx.len = info.interim_info.ecdsa_data.curve_len;
>   vec.ecdsa.qx.val = rte_zmalloc(NULL, vec.ecdsa.qx.len, 0);
> --
> 2.35.1

Acked-by: Brian Dooley

RE: [PATCH v3 4/4] app/test: add test sm2 C1/Kp test cases

2024-10-08 Thread Dooley, Brian

> -Original Message-
> From: Kusztal, ArkadiuszX 
> Sent: Tuesday, October 8, 2024 7:29 AM
> To: dev@dpdk.org
> Cc: gak...@marvell.com; Dooley, Brian ; Kusztal,
> ArkadiuszX 
> Subject: [PATCH v3 4/4] app/test: add test sm2 C1/Kp test cases
> 
> This commit adds tests cases to be used when C1 or kP elliptic curve points
> need to be computed.
> 
> Signed-off-by: Arkadiusz Kusztal 
> ---
>  app/test/test_cryptodev_asym.c | 148
> -
>  app/test/test_cryptodev_sm2_test_vectors.h | 112
> +-
>  2 files changed, 256 insertions(+), 4 deletions(-)
> 
> diff --git a/app/test/test_cryptodev_asym.c
> b/app/test/test_cryptodev_asym.c index f0b5d38543..cb28179562 100644
> --- a/app/test/test_cryptodev_asym.c
> +++ b/app/test/test_cryptodev_asym.c
> @@ -2635,6 +2635,8 @@ test_sm2_sign(void)
>   asym_op->sm2.k.data = input_params.k.data;
>   asym_op->sm2.k.length = input_params.k.length;
>   }
> + asym_op->sm2.k.data = input_params.k.data;
> + asym_op->sm2.k.length = input_params.k.length;
> 
>   /* Init out buf */
>   asym_op->sm2.r.data = output_buf_r;
> @@ -3184,7 +3186,7 @@ static int send_one(void)
>   ticks++;
>   if (ticks >= DEQ_TIMEOUT) {
>   RTE_LOG(ERR, USER1,
> - "line %u FAILED: Cannot dequeue the crypto
> op on device %d",
> + "line %u FAILED: Cannot dequeue the crypto
> op on device, timeout
> +%d",
>   __LINE__, params->valid_devs[0]);
>   return TEST_FAILED;
>   }
> @@ -3489,6 +3491,142 @@ kat_rsa_decrypt_crt(const void *data)
>   return 0;
>  }
> 
> +static int
> +test_sm2_partial_encryption(const void *data) {
> + struct rte_crypto_asym_xform xform = { 0 };
> + const uint8_t dev_id = params->valid_devs[0];
> + const struct crypto_testsuite_sm2_params *test_vector = data;
> + uint8_t result_C1_x1[TEST_DATA_SIZE] = { 0 };
> + uint8_t result_C1_y1[TEST_DATA_SIZE] = { 0 };
> + uint8_t result_kP_x1[TEST_DATA_SIZE] = { 0 };
> + uint8_t result_kP_y1[TEST_DATA_SIZE] = { 0 };
> + const struct rte_cryptodev_asymmetric_xform_capability *capa;
> + struct rte_cryptodev_asym_capability_idx idx;
> + struct rte_cryptodev_info dev_info;
> +
> + rte_cryptodev_info_get(dev_id, &dev_info);
> + if (!(dev_info.feature_flags &
> + RTE_CRYPTODEV_FF_ASYM_PARTIAL_SM2)) {
> + RTE_LOG(INFO, USER1,
> + "Device doesn't support partial SM2. Test
> Skipped\n");
> + return TEST_SKIPPED;
> + }
> +
> + idx.type = RTE_CRYPTO_ASYM_XFORM_SM2;
> + capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
> + if (capa == NULL)
> + return TEST_SKIPPED;
> +
> + xform.xform_type = RTE_CRYPTO_ASYM_XFORM_SM2;
> + xform.ec.curve_id = RTE_CRYPTO_EC_GROUP_SM2;
> + xform.ec.q = test_vector->pubkey;
> + self->op->asym->sm2.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
> + self->op->asym->sm2.k = test_vector->k;
> + if (rte_cryptodev_asym_session_create(dev_id, &xform,
> + params->session_mpool, &self->sess) < 0) {
> + RTE_LOG(ERR, USER1, "line %u FAILED: Session creation
> failed",
> + __LINE__);
> + return TEST_FAILED;
> + }
> + rte_crypto_op_attach_asym_session(self->op, self->sess);
> +
> + self->op->asym->sm2.C1.x.data = result_C1_x1;
> + self->op->asym->sm2.C1.y.data = result_C1_y1;
> + self->op->asym->sm2.kP.x.data = result_kP_x1;
> + self->op->asym->sm2.kP.y.data = result_kP_y1;
> + TEST_ASSERT_SUCCESS(send_one(),
> + "Failed to process crypto op");
> +
> + debug_hexdump(stdout, "C1[x]", self->op->asym->sm2.C1.x.data,
> + self->op->asym->sm2.C1.x.length);
> + debug_hexdump(stdout, "C1[y]", self->op->asym->sm2.C1.y.data,
> + self->op->asym->sm2.C1.y.length);
> + debug_hexdump(stdout, "kP[x]", self->op->asym->sm2.kP.x.data,
> + self->op->asym->sm2.kP.x.length);
> + debug_hexdump(stdout, "kP[y]", self->op->asym->sm2.kP.y.data,
> + self->op->asym->sm2.kP.y.length);
> +
> + TEST_ASSERT_BUFFERS_ARE_EQUAL(test_vector->C1.x.data,
> + sel

RE: [PATCH v6 6/6] app/crypto-perf: support EDDSA

2024-10-04 Thread Dooley, Brian

Hi Gowrishankar,

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Friday, October 4, 2024 9:26 AM
> To: dev@dpdk.org; Dooley, Brian 
> Cc: Anoob Joseph ; Richardson, Bruce
> ; jer...@marvell.com;
> fanzhang@gmail.com; Kusztal, ArkadiuszX
> ; Ji, Kai ; jack.bond-
> pres...@foss.arm.com; Marchand, David ;
> hemant.agra...@nxp.com; De Lara Guarch, Pablo
> ; Trahe, Fiona ;
> Doherty, Declan ; ma...@nvidia.com;
> ruifeng.w...@arm.com; Akhil Goyal ; Gowrishankar
> Muthukrishnan 
> Subject: [PATCH v6 6/6] app/crypto-perf: support EDDSA
> 
> Added support for EDDSA 25519 curve SIGN and VERIFY operations.
> 
> Signed-off-by: Gowrishankar Muthukrishnan 

Acked-by: Brian Dooley

RE: [PATCH v6 5/6] examples/fips_validation: support EDDSA

2024-10-04 Thread Dooley, Brian

Hi Gowrishankar,

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Friday, October 4, 2024 9:26 AM
> To: dev@dpdk.org; Dooley, Brian ; Gowrishankar
> Muthukrishnan 
> Cc: Anoob Joseph ; Richardson, Bruce
> ; jer...@marvell.com;
> fanzhang@gmail.com; Kusztal, ArkadiuszX
> ; Ji, Kai ; jack.bond-
> pres...@foss.arm.com; Marchand, David ;
> hemant.agra...@nxp.com; De Lara Guarch, Pablo
> ; Trahe, Fiona ;
> Doherty, Declan ; ma...@nvidia.com;
> ruifeng.w...@arm.com; Akhil Goyal 
> Subject: [PATCH v6 5/6] examples/fips_validation: support EDDSA
> 
> Add EDDSA support in fips_validation app.
> 
> Signed-off-by: Gowrishankar Muthukrishnan 

Acked-by: Brian Dooley

Re: [PATCH v1] crypto/ipsec_mb: bump minimum IPsec MB version

2024-10-07 Thread Dooley, Brian

Good point Kai, i'll update the patch.

Thanks,
Brian

From: Ji, Kai 
Sent: Monday, October 7, 2024 11:09 AM
To: Dooley, Brian ; De Lara Guarch, Pablo 

Cc: dev@dpdk.org ; gak...@marvell.com ; 
wathsala.vithan...@arm.com 
Subject: Re: [PATCH v1] crypto/ipsec_mb: bump minimum IPsec MB version

Acked-by: Kai Ji 

Any release doc needs to be updated ?

From: Dooley, Brian 
Sent: 04 October 2024 15:58
To: Ji, Kai ; De Lara Guarch, Pablo 

Cc: dev@dpdk.org ; gak...@marvell.com ; 
wathsala.vithan...@arm.com ; Dooley, Brian 

Subject: [PATCH v1] crypto/ipsec_mb: bump minimum IPsec MB version

AESNI_MB SW PMDs increment Intel IPsec MB version to 1.4.
A minimum IPsec Multi-buffer version of 1.4 or greater is now required
for the 24.11 LTS release.

Signed-off-by: Brian Dooley 
---
This patch relates to a deprecation notice sent in the 24.03 release.
Intel IPsec MB minimum version being bumped to 1.4 for the 24.11 release.
https://patches.dpdk.org/project/dpdk/patch/20240314103731.3242086-2-brian.doo...@intel.com/
---
 doc/guides/cryptodevs/aesni_gcm.rst |   3 +-
 doc/guides/cryptodevs/aesni_mb.rst  |   3 +-
 doc/guides/cryptodevs/chacha20_poly1305.rst |   3 +-
 doc/guides/cryptodevs/kasumi.rst|   3 +-
 doc/guides/cryptodevs/snow3g.rst|   3 +-
 doc/guides/cryptodevs/zuc.rst   |   3 +-
 drivers/crypto/ipsec_mb/ipsec_mb_ops.c  |  24 ---
 drivers/crypto/ipsec_mb/meson.build |   2 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c  | 164 
 drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h |   9 --
 10 files changed, 13 insertions(+), 204 deletions(-)

diff --git a/doc/guides/cryptodevs/aesni_gcm.rst 
b/doc/guides/cryptodevs/aesni_gcm.rst
index 3af1486553..7592d33da2 100644
--- a/doc/guides/cryptodevs/aesni_gcm.rst
+++ b/doc/guides/cryptodevs/aesni_gcm.rst
@@ -74,7 +74,8 @@ and the external crypto libraries supported by them:
DPDK version   Crypto library version
=  
20.11 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+ Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+ Multi-buffer library 1.4  - 1.5
=  

 Initialization
diff --git a/doc/guides/cryptodevs/aesni_mb.rst 
b/doc/guides/cryptodevs/aesni_mb.rst
index 3c77d0f463..c2f6633ee6 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -132,7 +132,8 @@ and the Multi-Buffer library version supported by them:
DPDK versionMulti-buffer library version
==  
20.11 - 21.08   0.53 - 1.3
-   21.11+  1.0  - 1.5
+   21.11 - 24.07   1.0  - 1.5
+   24.11+  1.4  - 1.5
==  

 Initialization
diff --git a/doc/guides/cryptodevs/chacha20_poly1305.rst 
b/doc/guides/cryptodevs/chacha20_poly1305.rst
index 44cff85918..b5a980b247 100644
--- a/doc/guides/cryptodevs/chacha20_poly1305.rst
+++ b/doc/guides/cryptodevs/chacha20_poly1305.rst
@@ -66,7 +66,8 @@ and the external crypto libraries supported by them:
=  
DPDK version   Crypto library version
=  
-   21.11+ Multi-buffer library 1.0-1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+ Multi-buffer library 1.4  - 1.5
=  

 Initialization
diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst
index 4070f025e1..b57f18b56f 100644
--- a/doc/guides/cryptodevs/kasumi.rst
+++ b/doc/guides/cryptodevs/kasumi.rst
@@ -80,7 +80,8 @@ and the external crypto libraries supported by them:
DPDK version   Crypto library version
=  
20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+ Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+ Multi-buffer library 1.4  - 1.5
=  

 Initialization
diff --git a/doc/guides/cryptodevs/snow3g.rst b/doc/guides/cryptodevs/snow3g.rst
index 6eb8229fb5..fb4e0448ac 100644
--- a/doc/guides/cryptodevs/snow3g.rst
+++ b/doc/guides/cryptodevs/snow3g.rst
@@ -89,7 +89,8 @@ and the external crypto libraries supported by them:
DPDK version   Crypto library version
=  
20.02 - 21.08  Multi-buffer library 0.53 - 1.3
-   21.11+ Multi-buffer library 1.0  - 1.5
+   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
+   24.11+ Multi-buffer library 1.4  - 1.5
=  

 Initialization
diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index 29fe6279aa..4615562246 100644
--- a/doc/guides/crypt

RE: [PATCH v3] crypto/ipsec_mb: bump minimum IPsec MB version

2024-10-18 Thread Dooley, Brian

Hey ARM folks,

Intel IPsec MB minimum version is being bumped to 1.4.

> -Original Message-
> From: Dooley, Brian 
> Sent: Thursday 10 October 2024 11:13
> To: Ji, Kai ; De Lara Guarch, Pablo
> 
> Cc: dev@dpdk.org; gak...@marvell.com; Dooley, Brian
> 
> Subject: [PATCH v3] crypto/ipsec_mb: bump minimum IPsec MB version
> 
> AESNI_MB SW PMDs increment Intel IPsec MB version to 1.4.
> A minimum IPsec Multi-buffer version of 1.4 or greater is now required for the
> 24.11 LTS release.
> 
> Signed-off-by: Brian Dooley 
> Acked-by: Kai Ji 
> Acked-by: Pablo de Lara 
> ---
> This patch relates to a deprecation notice sent in the 24.03 release.
> Intel IPsec MB minimum version being bumped to 1.4 for the 24.11 release.
> https://patches.dpdk.org/project/dpdk/patch/20240314103731.3242086-
> 2-brian.doo...@intel.com/
> 
> v2:
>   Added release note
>   Remove more IMB_VERSION checks
> v3:
>   Remove deprecation notice
> ---
>  doc/guides/cryptodevs/aesni_gcm.rst |   3 +-
>  doc/guides/cryptodevs/aesni_mb.rst  |   3 +-
>  doc/guides/cryptodevs/chacha20_poly1305.rst |   3 +-
>  doc/guides/cryptodevs/kasumi.rst|   3 +-
>  doc/guides/cryptodevs/snow3g.rst|   3 +-
>  doc/guides/cryptodevs/zuc.rst   |   3 +-
>  doc/guides/rel_notes/deprecation.rst|   5 -
>  doc/guides/rel_notes/release_24_11.rst  |   3 +
>  drivers/crypto/ipsec_mb/ipsec_mb_ops.c  |  24 --
>  drivers/crypto/ipsec_mb/meson.build |   2 +-
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c  | 268 +---
>  drivers/crypto/ipsec_mb/pmd_aesni_mb_priv.h |   9 -
>  12 files changed, 19 insertions(+), 310 deletions(-)
> 
> diff --git a/doc/guides/cryptodevs/aesni_gcm.rst
> b/doc/guides/cryptodevs/aesni_gcm.rst
> index 3af1486553..7592d33da2 100644
> --- a/doc/guides/cryptodevs/aesni_gcm.rst
> +++ b/doc/guides/cryptodevs/aesni_gcm.rst
> @@ -74,7 +74,8 @@ and the external crypto libraries supported by them:
> DPDK version   Crypto library version
> =  
> 20.11 - 21.08  Multi-buffer library 0.53 - 1.3
> -   21.11+ Multi-buffer library 1.0  - 1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+ Multi-buffer library 1.4  - 1.5
> =  
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/aesni_mb.rst
> b/doc/guides/cryptodevs/aesni_mb.rst
> index ca930be1bd..16d82147b2 100644
> --- a/doc/guides/cryptodevs/aesni_mb.rst
> +++ b/doc/guides/cryptodevs/aesni_mb.rst
> @@ -137,7 +137,8 @@ and the Multi-Buffer library version supported by
> them:
> DPDK versionMulti-buffer library version
> ==  
> 20.11 - 21.08   0.53 - 1.3
> -   21.11+  1.0  - 1.5
> +   21.11 - 24.07   1.0  - 1.5
> +   24.11+  1.4  - 1.5
> ==  
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/chacha20_poly1305.rst
> b/doc/guides/cryptodevs/chacha20_poly1305.rst
> index 44cff85918..b5a980b247 100644
> --- a/doc/guides/cryptodevs/chacha20_poly1305.rst
> +++ b/doc/guides/cryptodevs/chacha20_poly1305.rst
> @@ -66,7 +66,8 @@ and the external crypto libraries supported by them:
> =  
> DPDK version   Crypto library version
> =  
> -   21.11+ Multi-buffer library 1.0-1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+ Multi-buffer library 1.4  - 1.5
> =  
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/kasumi.rst
> b/doc/guides/cryptodevs/kasumi.rst
> index 4070f025e1..b57f18b56f 100644
> --- a/doc/guides/cryptodevs/kasumi.rst
> +++ b/doc/guides/cryptodevs/kasumi.rst
> @@ -80,7 +80,8 @@ and the external crypto libraries supported by them:
> DPDK version   Crypto library version
> =  
> 20.02 - 21.08  Multi-buffer library 0.53 - 1.3
> -   21.11+ Multi-buffer library 1.0  - 1.5
> +   21.11 - 24.07  Multi-buffer library 1.0  - 1.5
> +   24.11+ Multi-buffer library 1.4  - 1.5
> =  
> 
>  Initialization
> diff --git a/doc/guides/cryptodevs/snow3g.rst
> b/doc/guides/cryptodevs/snow3g.rst
> index 6eb8229fb5..fb4e0448ac 100644
> --- a/doc/guides/cryptodevs/snow3g.rst
> +++ b/doc/guides/cryptodevs/snow3g.rst
> @@ -89,7 +89,8 @@ and the external crypto libraries s

RE: [PATCH v1] examples/fips_validation: fix EdDSA signature size

2024-10-30 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Tuesday 29 October 2024 05:59
> To: dev@dpdk.org; Dooley, Brian ; Gowrishankar
> Muthukrishnan 
> Cc: Anoob Joseph ; Akhil Goyal 
> Subject: [PATCH v1] examples/fips_validation: fix EdDSA signature size
> 
> Fix EdDSA signature size.
> 
> Fixes: 12ede9ac497f ("examples/fips_validation: support EdDSA")
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  examples/fips_validation/fips_validation_eddsa.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/examples/fips_validation/fips_validation_eddsa.c
> b/examples/fips_validation/fips_validation_eddsa.c
> index db118748b6..89fa6c17ca 100644
> --- a/examples/fips_validation/fips_validation_eddsa.c
> +++ b/examples/fips_validation/fips_validation_eddsa.c
> @@ -48,8 +48,8 @@ struct {
>   uint8_t curve_len;
>   const char *desc;
>  } eddsa_curve_len[] = {
> - {32, "ED-25519"},
> - {64, "ED-448"},
> + {64, "ED-25519"},
> + {114, "ED-448"},
>  };
> 
>  #ifdef USE_OPENSSL
> --
> 2.37.1

Acked-by: Brian Dooley

RE: [PATCH v1] examples/fips_validation: prehash input for RSA

2024-10-30 Thread Dooley, Brian

> -Original Message-
> From: Gowrishankar Muthukrishnan 
> Sent: Tuesday 29 October 2024 06:01
> To: dev@dpdk.org; Dooley, Brian ; Gowrishankar
> Muthukrishnan 
> Cc: Anoob Joseph ; Akhil Goyal 
> Subject: [PATCH v1] examples/fips_validation: prehash input for RSA
> 
> Plain text needs to be prehashed for RSA as well in asymmetric crypto
> validation.
> 
> Fixes: 12ede9ac497f ("examples/fips_validation: support EdDSA")
> 
> Signed-off-by: Gowrishankar Muthukrishnan 
> ---
>  examples/fips_validation/main.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/examples/fips_validation/main.c
> b/examples/fips_validation/main.c index b34015ad9f..f21826e9d7 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -1940,7 +1940,8 @@ fips_run_test(void)
>   return fips_run_asym_test();
>   }
> 
> - if (info.algo == FIPS_TEST_ALGO_ECDSA) {
> + if (info.algo == FIPS_TEST_ALGO_ECDSA ||
> + info.algo == FIPS_TEST_ALGO_RSA) {
>   vec.cipher_auth.digest.len =
> 
>   parse_test_sha_hash_size(info.interim_info.ecdsa_data.auth);
>   test_ops.prepare_sym_xform = prepare_sha_xform;
> --
> 2.37.1

Acked-by: Brian Dooley

Re: [EXTERNAL] [PATCH v2 4/4] doc: updated feature matrix for AESNI MB PMD

2024-10-01 Thread Dooley, Brian

Thanks Akhil, I will add the documentation to the correct patch and tidy up the 
series. I also need to look into this CI issue.

From: Akhil Goyal 
Sent: Tuesday, October 1, 2024 8:59 AM
To: Dooley, Brian ; Ji, Kai ; De Lara 
Guarch, Pablo 
Cc: dev@dpdk.org 
Subject: RE: [EXTERNAL] [PATCH v2 4/4] doc: updated feature matrix for AESNI MB 
PMD

> Added support to the AESNI MB PMD feature matrix for SM3, SM3 HMAC,
> SM4 CBC, SM4 ECB, SM4 CTR. Updated release notes with same.
>
> Signed-off-by: Brian Dooley 
> ---
>  doc/guides/cryptodevs/features/aesni_mb.ini | 5 +
>  doc/guides/rel_notes/release_24_11.rst  | 4 
>  2 files changed, 9 insertions(+)
No need for separate documentation patch.
Please add doc updates in the patch where the code is added for that feature.

RE: [PATCH v3 2/2] app/test: add SM4 GCM tests

2025-01-29 Thread Dooley, Brian



> -Original Message-
> From: Dooley, Brian 
> Sent: Monday 13 January 2025 17:10
> Cc: dev@dpdk.org; gak...@marvell.com; Ji, Kai ; De Lara
> Guarch, Pablo ; Dooley, Brian
> 
> Subject: [PATCH v3 2/2] app/test: add SM4 GCM tests
> 
> Added SM4-GCM tests for the AESNI MB PMD.
> 
> Signed-off-by: Brian Dooley 

Recheck-request: iol-compile-amd64-testing

RE: [PATCH] common/qat: fix incorrect size in the parser

2025-02-19 Thread Dooley, Brian




> -Original Message-
> From: Kusztal, ArkadiuszX 
> Sent: Friday 7 February 2025 09:59
> To: dev@dpdk.org
> Cc: gak...@marvell.com; Dooley, Brian ; Kusztal,
> ArkadiuszX ; sta...@dpdk.org
> Subject: [PATCH] common/qat: fix incorrect size in the parser
> 
> The function `strlen` returns the size of the string without a terminating 
> null-
> character, therefore a request to allocate memory space for a parsed argument
> is too small by 1.
> 
> Fixes: 99ab2806687b ("common/qat: isolate parser arguments
> configuration")
> Cc: sta...@dpdk.org
> 
> Signed-off-by: Arkadiusz Kusztal 
> ---
>  drivers/common/qat/qat_device.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/common/qat/qat_device.c
> b/drivers/common/qat/qat_device.c index bca88fd9bd..746d8a28bb
> 100644
> --- a/drivers/common/qat/qat_device.c
> +++ b/drivers/common/qat/qat_device.c
> @@ -226,7 +226,7 @@ qat_dev_parse_command_line(struct qat_pci_device
> *qat_dev,
>   if (!devargs)
>   return 0;
> 
> - len = strlen(devargs->drv_str);
> + len = strlen(devargs->drv_str) + 1;
>   if (len == 0)
>   return 0;
>   /* Allocate per-device command line */
> --
> 2.34.1

Acked-by: Brian Dooley

RE: [PATCH] crypto/qat: fix out-of-place header bytes in aead raw api

2025-03-24 Thread Dooley, Brian

Hey Arek

> -Original Message-
> From: Kusztal, ArkadiuszX 
> Sent: Thursday 20 March 2025 16:57
> To: dev@dpdk.org
> Cc: gak...@marvell.com; Ji, Kai ; Dooley, Brian
> ; Kusztal, ArkadiuszX
> ; sta...@dpdk.org
> Subject: [PATCH] crypto/qat: fix out-of-place header bytes in aead raw api
> 
> This commit fixes a problem with overwriting data in the OOP header in RAW
> API crypto processing when using AEAD algorithms.
> 
> Fixes: 85fec6fd9674 ("crypto/qat: unify raw data path functions")
> Cc: sta...@dpdk.org
> 
> Signed-off-by: Arkadiusz Kusztal 
> ---
>  drivers/crypto/qat/dev/qat_crypto_pmd_gens.h | 134
> +++
>  drivers/crypto/qat/dev/qat_sym_pmd_gen1.c|  13 +-
>  2 files changed, 142 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
> b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
> index 35c1888082..c447f2cb45 100644
> --- a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
> +++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
> @@ -6,9 +6,12 @@
>  #define _QAT_CRYPTO_PMD_GENS_H_
> 
>  #include 
> +#include 
> +#include 
>  #include "qat_crypto.h"
>  #include "qat_sym_session.h"
>  #include "qat_sym.h"
> +#include "icp_qat_fw_la.h"
> 
>  #define AES_OR_3DES_MISALIGNED (ctx->qat_mode ==
> ICP_QAT_HW_CIPHER_CBC_MODE && \
>   ctx->qat_cipher_alg ==
> ICP_QAT_HW_CIPHER_ALGO_AES128) || \ @@ -146,6 +149,137 @@
> qat_cipher_is_len_in_bits(struct qat_sym_session *ctx,
>   return 0;
>  }
> 
> +static inline
> +uint32_t qat_reqs_mid_set(int *error, struct icp_qat_fw_la_bulk_req *const
> req,
> + struct qat_sym_op_cookie *const cookie, const void *const opaque,
> + const struct rte_crypto_sgl *sgl_src, const struct rte_crypto_sgl
> *sgl_dst,
> + const union rte_crypto_sym_ofs ofs)
> +{
> + uint32_t src_tot_length = 0; /* Returned value */
> + uint32_t dst_tot_length = 0; /* Used only for input validity checks */
> + uint32_t src_length = 0;
> + uint32_t dst_length = 0;
> + uint64_t src_data_addr = 0;
> + uint64_t dst_data_addr = 0;
> + const struct rte_crypto_vec * const vec_src = sgl_src->vec;
> + const struct rte_crypto_vec * const vec_dst = sgl_dst->vec;
> + const uint32_t n_src = sgl_src->num;
> + const uint32_t n_dst = sgl_dst->num;
> + const uint16_t offset = RTE_MAX(ofs.ofs.cipher.head,
> ofs.ofs.auth.head);
> + const uint8_t is_flat = !(n_src > 1 || n_dst > 1); /* Flat buffer or the
> SGL */
> + const uint8_t is_in_place = !n_dst; /* In-place or out-of-place */
> +
> + *error = 0;
> + if (unlikely((n_src < 1 || n_src > QAT_SYM_SGL_MAX_NUMBER) ||
> + n_dst > QAT_SYM_SGL_MAX_NUMBER)) {
> + QAT_LOG(DEBUG,
> + "Invalid number of sgls, source no: %u, dst no: %u,
> opaque: %p",
> + n_src, n_dst, opaque);
> + *error = -1;
> + return 0;
> + }
> +
> + /* --- Flat buffer --- */
> + if (is_flat) {
> + src_data_addr = vec_src->iova;
> + dst_data_addr = vec_src->iova;
> + src_length = vec_src->len;
> + dst_length = vec_src->len;
> +
> + if (is_in_place)
> + goto done;
> + /* Out-of-place
> +  * If OOP, we need to keep in mind that offset needs to
> +  * start where the aead starts
> +  */
> + dst_length = vec_dst->len;
> + /* Integer promotion here, but it does not bother this time */
> + if (unlikely(offset > src_length || offset > dst_length)) {
> + QAT_LOG(DEBUG,
> + "Invalid size of the vector parameters, source
> length: %u, dst length: %u, opaque: %p",
> + src_length, dst_length, opaque);
> + *error = -1;
> + return 0;
> + }
> + src_data_addr += offset;
> + dst_data_addr = vec_dst->iova + offset;
> + src_length -= offset;
> + dst_length -= offset;
> + src_tot_length = src_length;
> + dst_tot_length = dst_length;
> + goto check;
> + }
> +
> + /* --- Scatter-gather list --- */
> + struct qat_sgl * const qat_sgl_src = (struct qat_sgl *)&cookie-
> >qat_sgl_src;
> + uint16_t i;
> +
> + ICP_QAT_FW_COMN_PTR_TYPE_SET(req-
> >comn_hdr.comn_req_flags,
> +

59 matches

Mail list logo