xref: /dpdk/drivers/crypto/openssl/openssl_pmd_private.h (revision 8a97564b1c1e035daaa0cdda553edd46178889e2) 
1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright(c) 2016-2017 Intel Corporation
3  */
4 
5 #ifndef _OPENSSL_PMD_PRIVATE_H_
6 #define _OPENSSL_PMD_PRIVATE_H_
7 
8 #include <openssl/evp.h>
9 #include <openssl/cmac.h>
10 #include <openssl/hmac.h>
11 #include <openssl/des.h>
12 #include <openssl/rsa.h>
13 #include <openssl/dh.h>
14 #include <openssl/dsa.h>
15 #include <openssl/ec.h>
16 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
17 #include <openssl/provider.h>
18 #include <openssl/core_names.h>
19 #endif
20 
21 #define CRYPTODEV_NAME_OPENSSL_PMD	crypto_openssl
22 /**< Open SSL Crypto PMD device name */
23 
24 /** OPENSSL PMD LOGTYPE DRIVER */
25 extern int openssl_logtype_driver;
26 #define RTE_LOGTYPE_OPENSSL_DRIVER openssl_logtype_driver
27 #define OPENSSL_LOG(level, ...)  \
28 	RTE_LOG_LINE_PREFIX(level, OPENSSL_DRIVER, "%s() line %u: ", \
29 		__func__ RTE_LOG_COMMA __LINE__, __VA_ARGS__)
30 
31 /* Maximum length for digest (SHA-512 needs 64 bytes) */
32 #define DIGEST_LENGTH_MAX 64
33 
34 /** OPENSSL operation order mode enumerator */
35 enum openssl_chain_order {
36 	OPENSSL_CHAIN_ONLY_CIPHER,
37 	OPENSSL_CHAIN_ONLY_AUTH,
38 	OPENSSL_CHAIN_CIPHER_BPI,
39 	OPENSSL_CHAIN_CIPHER_AUTH,
40 	OPENSSL_CHAIN_AUTH_CIPHER,
41 	OPENSSL_CHAIN_COMBINED,
42 	OPENSSL_CHAIN_NOT_SUPPORTED
43 };
44 
45 /** OPENSSL cipher mode enumerator */
46 enum openssl_cipher_mode {
47 	OPENSSL_CIPHER_LIB,
48 	OPENSSL_CIPHER_DES3CTR,
49 };
50 
51 /** OPENSSL auth mode enumerator */
52 enum openssl_auth_mode {
53 	OPENSSL_AUTH_AS_AUTH,
54 	OPENSSL_AUTH_AS_HMAC,
55 	OPENSSL_AUTH_AS_CMAC,
56 };
57 
58 /** private data structure for each OPENSSL crypto device */
59 struct openssl_private {
60 	unsigned int max_nb_qpairs;
61 	/**< Max number of queue pairs */
62 };
63 
64 /** OPENSSL crypto queue pair */
65 struct __rte_cache_aligned openssl_qp {
66 	uint16_t id;
67 	/**< Queue Pair Identifier */
68 	char name[RTE_CRYPTODEV_NAME_MAX_LEN];
69 	/**< Unique Queue Pair Name */
70 	struct rte_ring *processed_ops;
71 	/**< Ring for placing process packets */
72 	struct rte_mempool *sess_mp;
73 	/**< Session Mempool */
74 	struct rte_cryptodev_stats stats;
75 	/**< Queue pair statistics */
76 	uint8_t temp_digest[DIGEST_LENGTH_MAX];
77 	/**< Buffer used to store the digest generated
78 	 * by the driver when verifying a digest provided
79 	 * by the user (using authentication verify operation)
80 	 */
81 };
82 
83 struct evp_ctx_pair {
84 	EVP_CIPHER_CTX *cipher;
85 	union {
86 		EVP_MD_CTX *auth;
87 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
88 		EVP_MAC_CTX *hmac;
89 		EVP_MAC_CTX *cmac;
90 #else
91 		HMAC_CTX *hmac;
92 		CMAC_CTX *cmac;
93 #endif
94 	};
95 };
96 
97 /** OPENSSL crypto private session structure */
98 struct __rte_cache_aligned openssl_session {
99 	enum openssl_chain_order chain_order;
100 	/**< chain order mode */
101 
102 	struct {
103 		uint16_t length;
104 		uint16_t offset;
105 	} iv;
106 	/**< IV parameters */
107 
108 	enum rte_crypto_aead_algorithm aead_algo;
109 	/**< AEAD algorithm */
110 
111 	/** Cipher Parameters */
112 	struct {
113 		enum rte_crypto_cipher_operation direction;
114 		/**< cipher operation direction */
115 		enum openssl_cipher_mode mode;
116 		/**< cipher operation mode */
117 		enum rte_crypto_cipher_algorithm algo;
118 		/**< cipher algorithm */
119 
120 		struct {
121 			uint8_t data[32];
122 			/**< key data */
123 			size_t length;
124 			/**< key length in bytes */
125 		} key;
126 
127 		const EVP_CIPHER *evp_algo;
128 		/**< pointer to EVP algorithm function */
129 		EVP_CIPHER_CTX *ctx;
130 		/**< pointer to EVP context structure */
131 		EVP_CIPHER_CTX *bpi_ctx;
132 	} cipher;
133 
134 	/** Authentication Parameters */
135 	struct {
136 		enum rte_crypto_auth_operation operation;
137 		/**< auth operation generate or verify */
138 		enum openssl_auth_mode mode;
139 		/**< auth operation mode */
140 		enum rte_crypto_auth_algorithm algo;
141 		/**< cipher algorithm */
142 
143 		union {
144 			struct {
145 				const EVP_MD *evp_algo;
146 				/**< pointer to EVP algorithm function */
147 				EVP_MD_CTX *ctx;
148 				/**< pointer to EVP context structure */
149 			} auth;
150 
151 			struct {
152 				EVP_PKEY *pkey;
153 				/**< pointer to EVP key */
154 				const EVP_MD *evp_algo;
155 				/**< pointer to EVP algorithm function */
156 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
157 				EVP_MAC_CTX * ctx;
158 # else
159 				HMAC_CTX *ctx;
160 # endif
161 				/**< pointer to EVP context structure */
162 			} hmac;
163 
164 			struct {
165 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
166 				EVP_MAC_CTX * ctx;
167 				/**< pointer to EVP context structure */
168 # else
169 				const EVP_CIPHER * evp_algo;
170 				/**< pointer to EVP algorithm function */
171 				CMAC_CTX *ctx;
172 				/**< pointer to EVP context structure */
173 # endif
174 			} cmac;
175 		};
176 
177 		uint16_t aad_length;
178 		/**< AAD length */
179 		uint16_t digest_length;
180 		/**< digest length */
181 	} auth;
182 
183 	uint16_t ctx_copies_len;
184 	/* < number of entries in ctx_copies */
185 	struct evp_ctx_pair qp_ctx[];
186 	/**< Flexible array member of per-queue-pair structures, each containing
187 	 * pointers to copies of the cipher and auth EVP contexts. Cipher
188 	 * contexts are not safe to use from multiple cores simultaneously, so
189 	 * maintaining these copies allows avoiding per-buffer copying into a
190 	 * temporary context.
191 	 */
192 };
193 
194 /** OPENSSL crypto private asymmetric session structure */
195 struct __rte_cache_aligned openssl_asym_session {
196 	enum rte_crypto_asym_xform_type xfrm_type;
197 	union {
198 		struct rsa {
199 			RSA *rsa;
200 			uint32_t pad;
201 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
202 			EVP_PKEY_CTX * ctx;
203 #endif
204 		} r;
205 		struct exp {
206 			BIGNUM *exp;
207 			BIGNUM *mod;
208 			BN_CTX *ctx;
209 		} e;
210 		struct mod {
211 			BIGNUM *modulus;
212 			BN_CTX *ctx;
213 		} m;
214 		struct dh {
215 			DH *dh_key;
216 			uint32_t key_op;
217 			BIGNUM *p;
218 			BIGNUM *g;
219 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
220 			OSSL_PARAM_BLD * param_bld;
221 			OSSL_PARAM_BLD *param_bld_peer;
222 #endif
223 		} dh;
224 		struct {
225 			DSA *dsa;
226 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
227 			OSSL_PARAM_BLD * param_bld;
228 			BIGNUM *p;
229 			BIGNUM *g;
230 			BIGNUM *q;
231 			BIGNUM *priv_key;
232 #endif
233 		} s;
234 		struct {
235 			uint8_t curve_id;
236 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
237 			EC_GROUP * group;
238 			BIGNUM *priv_key;
239 #endif
240 		} ec;
241 		struct {
242 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
243 			OSSL_PARAM * params;
244 #endif
245 		} sm2;
246 		struct {
247 			uint8_t curve_id;
248 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
249 			OSSL_PARAM * params;
250 #endif
251 		} eddsa;
252 	} u;
253 };
254 /** Set and validate OPENSSL crypto session parameters */
255 extern int
256 openssl_set_session_parameters(struct openssl_session *sess,
257 		const struct rte_crypto_sym_xform *xform,
258 		uint16_t nb_queue_pairs);
259 
260 /** Reset OPENSSL crypto session parameters */
261 extern void
262 openssl_reset_session(struct openssl_session *sess);
263 
264 /** device specific operations function pointer structure */
265 extern struct rte_cryptodev_ops *rte_openssl_pmd_ops;
266 
267 #endif /* _OPENSSL_PMD_PRIVATE_H_ */
268