15630257fSFerruh Yigit.. SPDX-License-Identifier: BSD-3-Clause 25630257fSFerruh Yigit Copyright(c) 2016 Intel Corporation. 38a9867a6SSlawomir Mrozowicz 48a9867a6SSlawomir MrozowiczOpenSSL Crypto Poll Mode Driver 58a9867a6SSlawomir Mrozowicz=============================== 68a9867a6SSlawomir Mrozowicz 78a9867a6SSlawomir MrozowiczThis code provides the initial implementation of the openssl poll mode 88a9867a6SSlawomir Mrozowiczdriver. All cryptography operations are using Openssl library crypto API. 98a9867a6SSlawomir MrozowiczEach algorithm uses EVP interface from openssl API - which is recommended 108a9867a6SSlawomir Mrozowiczby Openssl maintainers. 118a9867a6SSlawomir Mrozowicz 128a9867a6SSlawomir MrozowiczFor more details about openssl library please visit openssl webpage: 138a9867a6SSlawomir Mrozowiczhttps://www.openssl.org/ 148a9867a6SSlawomir Mrozowicz 158a9867a6SSlawomir MrozowiczFeatures 168a9867a6SSlawomir Mrozowicz-------- 178a9867a6SSlawomir Mrozowicz 188a9867a6SSlawomir MrozowiczOpenSSL PMD has support for: 198a9867a6SSlawomir Mrozowicz 208a9867a6SSlawomir MrozowiczSupported cipher algorithms: 21655c901bSAndrea Grandi 228a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_CIPHER_3DES_CBC`` 238a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_CIPHER_AES_CBC`` 248a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_CIPHER_AES_CTR`` 258a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_CIPHER_3DES_CTR`` 261dee7bc7SPablo de Lara* ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` 278a9867a6SSlawomir Mrozowicz 288a9867a6SSlawomir MrozowiczSupported authentication algorithms: 29655c901bSAndrea Grandi 308a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_AES_GMAC`` 318a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_MD5`` 328a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA1`` 338a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA224`` 348a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA256`` 358a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA384`` 368a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA512`` 378a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_MD5_HMAC`` 388a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA1_HMAC`` 398a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA224_HMAC`` 408a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA256_HMAC`` 418a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA384_HMAC`` 428a9867a6SSlawomir Mrozowicz* ``RTE_CRYPTO_AUTH_SHA512_HMAC`` 438a9867a6SSlawomir Mrozowicz 44b79e4c00SPablo de LaraSupported AEAD algorithms: 45655c901bSAndrea Grandi 46b79e4c00SPablo de Lara* ``RTE_CRYPTO_AEAD_AES_GCM`` 471a4998dcSPablo de Lara* ``RTE_CRYPTO_AEAD_AES_CCM`` 48b79e4c00SPablo de Lara 497df9d02eSFiona TraheSupported Asymmetric Crypto algorithms: 507df9d02eSFiona Trahe 517df9d02eSFiona Trahe* ``RTE_CRYPTO_ASYM_XFORM_RSA`` 527df9d02eSFiona Trahe* ``RTE_CRYPTO_ASYM_XFORM_DSA`` 537df9d02eSFiona Trahe* ``RTE_CRYPTO_ASYM_XFORM_DH`` 547df9d02eSFiona Trahe* ``RTE_CRYPTO_ASYM_XFORM_MODINV`` 557df9d02eSFiona Trahe* ``RTE_CRYPTO_ASYM_XFORM_MODEX`` 567df9d02eSFiona Trahe 578a9867a6SSlawomir Mrozowicz 588a9867a6SSlawomir MrozowiczInstallation 598a9867a6SSlawomir Mrozowicz------------ 608a9867a6SSlawomir Mrozowicz 61*41545d91SJohn McNamaraTo compile the OpenSSL PMD the openssl library must be installed. It will 62*41545d91SJohn McNamarathen be picked up by the Meson/Ninja build system. 638a9867a6SSlawomir Mrozowicz 64*41545d91SJohn McNamaraTo ensure that you have the latest security fixes it is recommended that you 65*41545d91SJohn McNamarause version 1.1.1g or newer. 6637553e5fSAndrea Grandi 67*41545d91SJohn McNamara* 1.1.1g, 2020-Apr-21. https://www.openssl.org/source/ 688a9867a6SSlawomir Mrozowicz 698a9867a6SSlawomir MrozowiczInitialization 708a9867a6SSlawomir Mrozowicz-------------- 718a9867a6SSlawomir Mrozowicz 728a9867a6SSlawomir MrozowiczUser can use app/test application to check how to use this pmd and to verify 738a9867a6SSlawomir Mrozowiczcrypto processing. 748a9867a6SSlawomir Mrozowicz 758a9867a6SSlawomir MrozowiczTest name is cryptodev_openssl_autotest. 7611e5ba72SAshish GuptaFor asymmetric crypto operations testing, run cryptodev_openssl_asym_autotest. 778a9867a6SSlawomir Mrozowicz 788a9867a6SSlawomir MrozowiczTo verify real traffic l2fwd-crypto example can be used with this command: 798a9867a6SSlawomir Mrozowicz 808a9867a6SSlawomir Mrozowicz.. code-block:: console 818a9867a6SSlawomir Mrozowicz 82fd5f9fb9SCiara Power sudo ./<build_dir>/examples/dpdk-l2fwd-crypto -l 0-1 -n 4 --vdev "crypto_openssl" 838a9867a6SSlawomir Mrozowicz --vdev "crypto_openssl"-- -p 0x3 --chain CIPHER_HASH 848a9867a6SSlawomir Mrozowicz --cipher_op ENCRYPT --cipher_algo AES_CBC 858a9867a6SSlawomir Mrozowicz --cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f 868a9867a6SSlawomir Mrozowicz --iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff 878a9867a6SSlawomir Mrozowicz --auth_op GENERATE --auth_algo SHA1_HMAC 888a9867a6SSlawomir Mrozowicz --auth_key 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 898a9867a6SSlawomir Mrozowicz :11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 908a9867a6SSlawomir Mrozowicz :11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 918a9867a6SSlawomir Mrozowicz 928a9867a6SSlawomir MrozowiczLimitations 938a9867a6SSlawomir Mrozowicz----------- 948a9867a6SSlawomir Mrozowicz 958a9867a6SSlawomir Mrozowicz* Maximum number of sessions is 2048. 968f675fc7STomasz Kulasek* Chained mbufs are supported only for source mbuf (destination must be 978f675fc7STomasz Kulasek contiguous). 988a9867a6SSlawomir Mrozowicz* Hash only is not supported for GCM and GMAC. 998a9867a6SSlawomir Mrozowicz* Cipher only is not supported for GCM and GMAC. 100