1b28f28aeSDharmik Thakkar /* SPDX-License-Identifier: BSD-3-Clause 2b28f28aeSDharmik Thakkar * Copyright(c) 2016-2017 Intel Corporation 3b28f28aeSDharmik Thakkar */ 4b28f28aeSDharmik Thakkar 5b28f28aeSDharmik Thakkar #ifndef _OPENSSL_PMD_PRIVATE_H_ 6b28f28aeSDharmik Thakkar #define _OPENSSL_PMD_PRIVATE_H_ 7b28f28aeSDharmik Thakkar 8b28f28aeSDharmik Thakkar #include <openssl/evp.h> 92b9c693fSAshwin Sekhar T K #include <openssl/cmac.h> 10b28f28aeSDharmik Thakkar #include <openssl/hmac.h> 11b28f28aeSDharmik Thakkar #include <openssl/des.h> 12b28f28aeSDharmik Thakkar #include <openssl/rsa.h> 13b28f28aeSDharmik Thakkar #include <openssl/dh.h> 14b28f28aeSDharmik Thakkar #include <openssl/dsa.h> 153b7d638fSGowrishankar Muthukrishnan #include <openssl/ec.h> 16d7bd42f6SKai Ji #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 17d7bd42f6SKai Ji #include <openssl/provider.h> 18d7bd42f6SKai Ji #include <openssl/core_names.h> 19d7bd42f6SKai Ji #endif 20b28f28aeSDharmik Thakkar 21b28f28aeSDharmik Thakkar #define CRYPTODEV_NAME_OPENSSL_PMD crypto_openssl 22b28f28aeSDharmik Thakkar /**< Open SSL Crypto PMD device name */ 23b28f28aeSDharmik Thakkar 24b28f28aeSDharmik Thakkar /** OPENSSL PMD LOGTYPE DRIVER */ 253071d471SBruce Richardson extern int openssl_logtype_driver; 262b843cacSDavid Marchand #define RTE_LOGTYPE_OPENSSL_DRIVER openssl_logtype_driver 272b843cacSDavid Marchand #define OPENSSL_LOG(level, ...) \ 282b843cacSDavid Marchand RTE_LOG_LINE_PREFIX(level, OPENSSL_DRIVER, "%s() line %u: ", \ 292b843cacSDavid Marchand __func__ RTE_LOG_COMMA __LINE__, __VA_ARGS__) 30b28f28aeSDharmik Thakkar 31b28f28aeSDharmik Thakkar /* Maximum length for digest (SHA-512 needs 64 bytes) */ 32b28f28aeSDharmik Thakkar #define DIGEST_LENGTH_MAX 64 33b28f28aeSDharmik Thakkar 34b28f28aeSDharmik Thakkar /** OPENSSL operation order mode enumerator */ 35b28f28aeSDharmik Thakkar enum openssl_chain_order { 36b28f28aeSDharmik Thakkar OPENSSL_CHAIN_ONLY_CIPHER, 37b28f28aeSDharmik Thakkar OPENSSL_CHAIN_ONLY_AUTH, 38b28f28aeSDharmik Thakkar OPENSSL_CHAIN_CIPHER_BPI, 39b28f28aeSDharmik Thakkar OPENSSL_CHAIN_CIPHER_AUTH, 40b28f28aeSDharmik Thakkar OPENSSL_CHAIN_AUTH_CIPHER, 41b28f28aeSDharmik Thakkar OPENSSL_CHAIN_COMBINED, 42b28f28aeSDharmik Thakkar OPENSSL_CHAIN_NOT_SUPPORTED 43b28f28aeSDharmik Thakkar }; 44b28f28aeSDharmik Thakkar 45b28f28aeSDharmik Thakkar /** OPENSSL cipher mode enumerator */ 46b28f28aeSDharmik Thakkar enum openssl_cipher_mode { 47b28f28aeSDharmik Thakkar OPENSSL_CIPHER_LIB, 48b28f28aeSDharmik Thakkar OPENSSL_CIPHER_DES3CTR, 49b28f28aeSDharmik Thakkar }; 50b28f28aeSDharmik Thakkar 51b28f28aeSDharmik Thakkar /** OPENSSL auth mode enumerator */ 52b28f28aeSDharmik Thakkar enum openssl_auth_mode { 53b28f28aeSDharmik Thakkar OPENSSL_AUTH_AS_AUTH, 54b28f28aeSDharmik Thakkar OPENSSL_AUTH_AS_HMAC, 552b9c693fSAshwin Sekhar T K OPENSSL_AUTH_AS_CMAC, 56b28f28aeSDharmik Thakkar }; 57b28f28aeSDharmik Thakkar 58b28f28aeSDharmik Thakkar /** private data structure for each OPENSSL crypto device */ 59b28f28aeSDharmik Thakkar struct openssl_private { 60b28f28aeSDharmik Thakkar unsigned int max_nb_qpairs; 61b28f28aeSDharmik Thakkar /**< Max number of queue pairs */ 62b28f28aeSDharmik Thakkar }; 63b28f28aeSDharmik Thakkar 64b28f28aeSDharmik Thakkar /** OPENSSL crypto queue pair */ 6527595cd8STyler Retzlaff struct __rte_cache_aligned openssl_qp { 66b28f28aeSDharmik Thakkar uint16_t id; 67b28f28aeSDharmik Thakkar /**< Queue Pair Identifier */ 68b28f28aeSDharmik Thakkar char name[RTE_CRYPTODEV_NAME_MAX_LEN]; 69b28f28aeSDharmik Thakkar /**< Unique Queue Pair Name */ 70b28f28aeSDharmik Thakkar struct rte_ring *processed_ops; 71b28f28aeSDharmik Thakkar /**< Ring for placing process packets */ 72b28f28aeSDharmik Thakkar struct rte_mempool *sess_mp; 73b28f28aeSDharmik Thakkar /**< Session Mempool */ 74b28f28aeSDharmik Thakkar struct rte_cryptodev_stats stats; 75b28f28aeSDharmik Thakkar /**< Queue pair statistics */ 76b28f28aeSDharmik Thakkar uint8_t temp_digest[DIGEST_LENGTH_MAX]; 77b28f28aeSDharmik Thakkar /**< Buffer used to store the digest generated 78b28f28aeSDharmik Thakkar * by the driver when verifying a digest provided 79b28f28aeSDharmik Thakkar * by the user (using authentication verify operation) 80b28f28aeSDharmik Thakkar */ 8127595cd8STyler Retzlaff }; 82b28f28aeSDharmik Thakkar 8317d5bc61SJack Bond-Preston struct evp_ctx_pair { 8417d5bc61SJack Bond-Preston EVP_CIPHER_CTX *cipher; 8517d5bc61SJack Bond-Preston union { 8617d5bc61SJack Bond-Preston EVP_MD_CTX *auth; 8717d5bc61SJack Bond-Preston #if OPENSSL_VERSION_NUMBER >= 0x30000000L 8817d5bc61SJack Bond-Preston EVP_MAC_CTX *hmac; 8917d5bc61SJack Bond-Preston EVP_MAC_CTX *cmac; 9017d5bc61SJack Bond-Preston #else 9117d5bc61SJack Bond-Preston HMAC_CTX *hmac; 9217d5bc61SJack Bond-Preston CMAC_CTX *cmac; 9317d5bc61SJack Bond-Preston #endif 9417d5bc61SJack Bond-Preston }; 9517d5bc61SJack Bond-Preston }; 9617d5bc61SJack Bond-Preston 97b28f28aeSDharmik Thakkar /** OPENSSL crypto private session structure */ 9827595cd8STyler Retzlaff struct __rte_cache_aligned openssl_session { 99b28f28aeSDharmik Thakkar enum openssl_chain_order chain_order; 100b28f28aeSDharmik Thakkar /**< chain order mode */ 101b28f28aeSDharmik Thakkar 102b28f28aeSDharmik Thakkar struct { 103b28f28aeSDharmik Thakkar uint16_t length; 104b28f28aeSDharmik Thakkar uint16_t offset; 105b28f28aeSDharmik Thakkar } iv; 106b28f28aeSDharmik Thakkar /**< IV parameters */ 107b28f28aeSDharmik Thakkar 108b28f28aeSDharmik Thakkar enum rte_crypto_aead_algorithm aead_algo; 109b28f28aeSDharmik Thakkar /**< AEAD algorithm */ 110b28f28aeSDharmik Thakkar 111b28f28aeSDharmik Thakkar /** Cipher Parameters */ 112b28f28aeSDharmik Thakkar struct { 113b28f28aeSDharmik Thakkar enum rte_crypto_cipher_operation direction; 114b28f28aeSDharmik Thakkar /**< cipher operation direction */ 115b28f28aeSDharmik Thakkar enum openssl_cipher_mode mode; 116b28f28aeSDharmik Thakkar /**< cipher operation mode */ 117b28f28aeSDharmik Thakkar enum rte_crypto_cipher_algorithm algo; 118b28f28aeSDharmik Thakkar /**< cipher algorithm */ 119b28f28aeSDharmik Thakkar 120b28f28aeSDharmik Thakkar struct { 121b28f28aeSDharmik Thakkar uint8_t data[32]; 122b28f28aeSDharmik Thakkar /**< key data */ 123b28f28aeSDharmik Thakkar size_t length; 124b28f28aeSDharmik Thakkar /**< key length in bytes */ 125b28f28aeSDharmik Thakkar } key; 126b28f28aeSDharmik Thakkar 127b28f28aeSDharmik Thakkar const EVP_CIPHER *evp_algo; 128b28f28aeSDharmik Thakkar /**< pointer to EVP algorithm function */ 129b28f28aeSDharmik Thakkar EVP_CIPHER_CTX *ctx; 130b28f28aeSDharmik Thakkar /**< pointer to EVP context structure */ 131b28f28aeSDharmik Thakkar EVP_CIPHER_CTX *bpi_ctx; 132b28f28aeSDharmik Thakkar } cipher; 133b28f28aeSDharmik Thakkar 134b28f28aeSDharmik Thakkar /** Authentication Parameters */ 135b28f28aeSDharmik Thakkar struct { 136b28f28aeSDharmik Thakkar enum rte_crypto_auth_operation operation; 137b28f28aeSDharmik Thakkar /**< auth operation generate or verify */ 138b28f28aeSDharmik Thakkar enum openssl_auth_mode mode; 139b28f28aeSDharmik Thakkar /**< auth operation mode */ 140b28f28aeSDharmik Thakkar enum rte_crypto_auth_algorithm algo; 141b28f28aeSDharmik Thakkar /**< cipher algorithm */ 142b28f28aeSDharmik Thakkar 143b28f28aeSDharmik Thakkar union { 144b28f28aeSDharmik Thakkar struct { 145b28f28aeSDharmik Thakkar const EVP_MD *evp_algo; 146b28f28aeSDharmik Thakkar /**< pointer to EVP algorithm function */ 147b28f28aeSDharmik Thakkar EVP_MD_CTX *ctx; 148b28f28aeSDharmik Thakkar /**< pointer to EVP context structure */ 149b28f28aeSDharmik Thakkar } auth; 150b28f28aeSDharmik Thakkar 151b28f28aeSDharmik Thakkar struct { 152b28f28aeSDharmik Thakkar EVP_PKEY *pkey; 153b28f28aeSDharmik Thakkar /**< pointer to EVP key */ 154b28f28aeSDharmik Thakkar const EVP_MD *evp_algo; 155b28f28aeSDharmik Thakkar /**< pointer to EVP algorithm function */ 15675adf1eaSKai Ji # if OPENSSL_VERSION_NUMBER >= 0x30000000L 15775adf1eaSKai Ji EVP_MAC_CTX * ctx; 15875adf1eaSKai Ji # else 159b28f28aeSDharmik Thakkar HMAC_CTX *ctx; 16075adf1eaSKai Ji # endif 161b28f28aeSDharmik Thakkar /**< pointer to EVP context structure */ 162b28f28aeSDharmik Thakkar } hmac; 1632b9c693fSAshwin Sekhar T K 1642b9c693fSAshwin Sekhar T K struct { 1652b9c693fSAshwin Sekhar T K # if OPENSSL_VERSION_NUMBER >= 0x30000000L 1662b9c693fSAshwin Sekhar T K EVP_MAC_CTX * ctx; 1672b9c693fSAshwin Sekhar T K /**< pointer to EVP context structure */ 1682b9c693fSAshwin Sekhar T K # else 1692b9c693fSAshwin Sekhar T K const EVP_CIPHER * evp_algo; 1702b9c693fSAshwin Sekhar T K /**< pointer to EVP algorithm function */ 1712b9c693fSAshwin Sekhar T K CMAC_CTX *ctx; 1722b9c693fSAshwin Sekhar T K /**< pointer to EVP context structure */ 1732b9c693fSAshwin Sekhar T K # endif 1742b9c693fSAshwin Sekhar T K } cmac; 175b28f28aeSDharmik Thakkar }; 176b28f28aeSDharmik Thakkar 177b28f28aeSDharmik Thakkar uint16_t aad_length; 178b28f28aeSDharmik Thakkar /**< AAD length */ 179b28f28aeSDharmik Thakkar uint16_t digest_length; 180b28f28aeSDharmik Thakkar /**< digest length */ 181b28f28aeSDharmik Thakkar } auth; 182b28f28aeSDharmik Thakkar 183b1d71126SJack Bond-Preston uint16_t ctx_copies_len; 184b1d71126SJack Bond-Preston /* < number of entries in ctx_copies */ 18517d5bc61SJack Bond-Preston struct evp_ctx_pair qp_ctx[]; 18617d5bc61SJack Bond-Preston /**< Flexible array member of per-queue-pair structures, each containing 18717d5bc61SJack Bond-Preston * pointers to copies of the cipher and auth EVP contexts. Cipher 18817d5bc61SJack Bond-Preston * contexts are not safe to use from multiple cores simultaneously, so 18917d5bc61SJack Bond-Preston * maintaining these copies allows avoiding per-buffer copying into a 19017d5bc61SJack Bond-Preston * temporary context. 191b1d71126SJack Bond-Preston */ 19227595cd8STyler Retzlaff }; 193b28f28aeSDharmik Thakkar 194b28f28aeSDharmik Thakkar /** OPENSSL crypto private asymmetric session structure */ 19527595cd8STyler Retzlaff struct __rte_cache_aligned openssl_asym_session { 196b28f28aeSDharmik Thakkar enum rte_crypto_asym_xform_type xfrm_type; 197b28f28aeSDharmik Thakkar union { 198b28f28aeSDharmik Thakkar struct rsa { 199b28f28aeSDharmik Thakkar RSA *rsa; 200*8a97564bSGowrishankar Muthukrishnan uint32_t pad; 201d7bd42f6SKai Ji #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 202d7bd42f6SKai Ji EVP_PKEY_CTX * ctx; 203d7bd42f6SKai Ji #endif 204b28f28aeSDharmik Thakkar } r; 205b28f28aeSDharmik Thakkar struct exp { 206b28f28aeSDharmik Thakkar BIGNUM *exp; 207b28f28aeSDharmik Thakkar BIGNUM *mod; 208b28f28aeSDharmik Thakkar BN_CTX *ctx; 209b28f28aeSDharmik Thakkar } e; 210b28f28aeSDharmik Thakkar struct mod { 211b28f28aeSDharmik Thakkar BIGNUM *modulus; 212b28f28aeSDharmik Thakkar BN_CTX *ctx; 213b28f28aeSDharmik Thakkar } m; 214b28f28aeSDharmik Thakkar struct dh { 215b28f28aeSDharmik Thakkar DH *dh_key; 216b28f28aeSDharmik Thakkar uint32_t key_op; 21747a85ddaSCiara Power BIGNUM *p; 21847a85ddaSCiara Power BIGNUM *g; 219c794b40cSKai Ji #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 220c794b40cSKai Ji OSSL_PARAM_BLD * param_bld; 221c794b40cSKai Ji OSSL_PARAM_BLD *param_bld_peer; 222c794b40cSKai Ji #endif 223b28f28aeSDharmik Thakkar } dh; 224b28f28aeSDharmik Thakkar struct { 225b28f28aeSDharmik Thakkar DSA *dsa; 2264c7ae22fSKai Ji #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 2274c7ae22fSKai Ji OSSL_PARAM_BLD * param_bld; 22847a85ddaSCiara Power BIGNUM *p; 22947a85ddaSCiara Power BIGNUM *g; 23047a85ddaSCiara Power BIGNUM *q; 23147a85ddaSCiara Power BIGNUM *priv_key; 2324c7ae22fSKai Ji #endif 233b28f28aeSDharmik Thakkar } s; 2343b7d638fSGowrishankar Muthukrishnan struct { 2355a74d7fdSGowrishankar Muthukrishnan uint8_t curve_id; 2365a74d7fdSGowrishankar Muthukrishnan #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 2375a74d7fdSGowrishankar Muthukrishnan EC_GROUP * group; 2385a74d7fdSGowrishankar Muthukrishnan BIGNUM *priv_key; 2395a74d7fdSGowrishankar Muthukrishnan #endif 2405a74d7fdSGowrishankar Muthukrishnan } ec; 2415a74d7fdSGowrishankar Muthukrishnan struct { 2423b7d638fSGowrishankar Muthukrishnan #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 2433b7d638fSGowrishankar Muthukrishnan OSSL_PARAM * params; 2443b7d638fSGowrishankar Muthukrishnan #endif 2453b7d638fSGowrishankar Muthukrishnan } sm2; 2465a74d7fdSGowrishankar Muthukrishnan struct { 2475a74d7fdSGowrishankar Muthukrishnan uint8_t curve_id; 2485a74d7fdSGowrishankar Muthukrishnan #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 2495a74d7fdSGowrishankar Muthukrishnan OSSL_PARAM * params; 2505a74d7fdSGowrishankar Muthukrishnan #endif 2515a74d7fdSGowrishankar Muthukrishnan } eddsa; 252b28f28aeSDharmik Thakkar } u; 25327595cd8STyler Retzlaff }; 254b28f28aeSDharmik Thakkar /** Set and validate OPENSSL crypto session parameters */ 255b28f28aeSDharmik Thakkar extern int 256b28f28aeSDharmik Thakkar openssl_set_session_parameters(struct openssl_session *sess, 257b1d71126SJack Bond-Preston const struct rte_crypto_sym_xform *xform, 258b1d71126SJack Bond-Preston uint16_t nb_queue_pairs); 259b28f28aeSDharmik Thakkar 260b28f28aeSDharmik Thakkar /** Reset OPENSSL crypto session parameters */ 261b28f28aeSDharmik Thakkar extern void 262b28f28aeSDharmik Thakkar openssl_reset_session(struct openssl_session *sess); 263b28f28aeSDharmik Thakkar 264b28f28aeSDharmik Thakkar /** device specific operations function pointer structure */ 265b28f28aeSDharmik Thakkar extern struct rte_cryptodev_ops *rte_openssl_pmd_ops; 266b28f28aeSDharmik Thakkar 267b28f28aeSDharmik Thakkar #endif /* _OPENSSL_PMD_PRIVATE_H_ */ 268