15630257fSFerruh Yigit.. SPDX-License-Identifier: BSD-3-Clause 25630257fSFerruh Yigit Copyright(c) 2016 Intel Corporation. 38a9867a6SSlawomir Mrozowicz 48a9867a6SSlawomir MrozowiczOpenSSL Crypto Poll Mode Driver 58a9867a6SSlawomir Mrozowicz=============================== 68a9867a6SSlawomir Mrozowicz 78a9867a6SSlawomir MrozowiczThis code provides the initial implementation of the openssl poll mode 88a9867a6SSlawomir Mrozowiczdriver. All cryptography operations are using Openssl library crypto API. 98a9867a6SSlawomir MrozowiczEach algorithm uses EVP interface from openssl API - which is recommended 108a9867a6SSlawomir Mrozowiczby Openssl maintainers. 118a9867a6SSlawomir Mrozowicz 128a9867a6SSlawomir MrozowiczFor more details about openssl library please visit openssl webpage: 138a9867a6SSlawomir Mrozowiczhttps://www.openssl.org/ 148a9867a6SSlawomir Mrozowicz 158a9867a6SSlawomir MrozowiczFeatures 168a9867a6SSlawomir Mrozowicz-------- 178a9867a6SSlawomir Mrozowicz 188a9867a6SSlawomir MrozowiczOpenSSL PMD has support for: 198a9867a6SSlawomir Mrozowicz 208a9867a6SSlawomir MrozowiczSupported cipher algorithms: 21655c901bSAndrea Grandi 228a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_CIPHER_3DES_CBC`` 238a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_CIPHER_AES_CBC`` 248a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_CIPHER_AES_CTR`` 258a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_CIPHER_3DES_CTR`` 261dee7bc7SPablo de Lara* ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` 278a9867a6SSlawomir Mrozowicz 288a9867a6SSlawomir MrozowiczSupported authentication algorithms: 29655c901bSAndrea Grandi 308a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_AES_GMAC`` 318a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_MD5`` 328a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA1`` 338a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA224`` 348a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA256`` 358a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA384`` 368a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA512`` 378a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_MD5_HMAC`` 388a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA1_HMAC`` 398a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA224_HMAC`` 408a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA256_HMAC`` 418a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA384_HMAC`` 428a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA512_HMAC`` 438a9867a6SSlawomir Mrozowicz 44b79e4c00SPablo de LaraSupported AEAD algorithms: 45655c901bSAndrea Grandi 46b79e4c00SPablo de Lara* ``RTE_CRYPTO_AEAD_AES_GCM`` 471a4998dcSPablo de Lara* ``RTE_CRYPTO_AEAD_AES_CCM`` 48b79e4c00SPablo de Lara 497df9d02eSFiona TraheSupported Asymmetric Crypto algorithms: 507df9d02eSFiona Trahe 517df9d02eSFiona Trahe* ``RTE_CRYPTO_ASYM_XFORM_RSA`` 527df9d02eSFiona Trahe* ``RTE_CRYPTO_ASYM_XFORM_DSA`` 537df9d02eSFiona Trahe* ``RTE_CRYPTO_ASYM_XFORM_DH`` 547df9d02eSFiona Trahe* ``RTE_CRYPTO_ASYM_XFORM_MODINV`` 557df9d02eSFiona Trahe* ``RTE_CRYPTO_ASYM_XFORM_MODEX`` 56*3b7d638fSGowrishankar Muthukrishnan* ``RTE_CRYPTO_ASYM_XFORM_SM2`` 577df9d02eSFiona Trahe 588a9867a6SSlawomir Mrozowicz 598a9867a6SSlawomir MrozowiczInstallation 608a9867a6SSlawomir Mrozowicz------------ 618a9867a6SSlawomir Mrozowicz 6241545d91SJohn McNamaraTo compile the OpenSSL PMD the openssl library must be installed. It will 6341545d91SJohn McNamarathen be picked up by the Meson/Ninja build system. 648a9867a6SSlawomir Mrozowicz 6541545d91SJohn McNamaraTo ensure that you have the latest security fixes it is recommended that you 6641545d91SJohn McNamarause version 1.1.1g or newer. 6737553e5fSAndrea Grandi 6841545d91SJohn McNamara* 1.1.1g, 2020-Apr-21. https://www.openssl.org/source/ 698a9867a6SSlawomir Mrozowicz 708a9867a6SSlawomir MrozowiczInitialization 718a9867a6SSlawomir Mrozowicz-------------- 728a9867a6SSlawomir Mrozowicz 7335bd0a5cSSean MorrisseyUser can use app/test application to check how to use this PMD and to verify 748a9867a6SSlawomir Mrozowiczcrypto processing. 758a9867a6SSlawomir Mrozowicz 768a9867a6SSlawomir MrozowiczTest name is cryptodev_openssl_autotest. 7711e5ba72SAshish GuptaFor asymmetric crypto operations testing, run cryptodev_openssl_asym_autotest. 788a9867a6SSlawomir Mrozowicz 798a9867a6SSlawomir MrozowiczTo verify real traffic l2fwd-crypto example can be used with this command: 808a9867a6SSlawomir Mrozowicz 818a9867a6SSlawomir Mrozowicz.. code-block:: console 828a9867a6SSlawomir Mrozowicz 83fd5f9fb9SCiara Power sudo ./<build_dir>/examples/dpdk-l2fwd-crypto -l 0-1 -n 4 --vdev "crypto_openssl" 848a9867a6SSlawomir Mrozowicz --vdev "crypto_openssl"-- -p 0x3 --chain CIPHER_HASH 858a9867a6SSlawomir Mrozowicz --cipher_op ENCRYPT --cipher_algo AES_CBC 868a9867a6SSlawomir Mrozowicz --cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f 878a9867a6SSlawomir Mrozowicz --iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff 888a9867a6SSlawomir Mrozowicz --auth_op GENERATE --auth_algo SHA1_HMAC 898a9867a6SSlawomir Mrozowicz --auth_key 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 908a9867a6SSlawomir Mrozowicz :11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 918a9867a6SSlawomir Mrozowicz :11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 928a9867a6SSlawomir Mrozowicz 938a9867a6SSlawomir MrozowiczLimitations 948a9867a6SSlawomir Mrozowicz----------- 958a9867a6SSlawomir Mrozowicz 968a9867a6SSlawomir Mrozowicz* Maximum number of sessions is 2048. 978f675fc7STomasz Kulasek* Chained mbufs are supported only for source mbuf (destination must be 988f675fc7STomasz Kulasek contiguous). 998a9867a6SSlawomir Mrozowicz* Hash only is not supported for GCM and GMAC. 1008a9867a6SSlawomir Mrozowicz* Cipher only is not supported for GCM and GMAC. 101