1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(c) 2016-2017 Intel Corporation 3 */ 4 5 #ifndef _OPENSSL_PMD_PRIVATE_H_ 6 #define _OPENSSL_PMD_PRIVATE_H_ 7 8 #include <openssl/evp.h> 9 #include <openssl/cmac.h> 10 #include <openssl/hmac.h> 11 #include <openssl/des.h> 12 #include <openssl/rsa.h> 13 #include <openssl/dh.h> 14 #include <openssl/dsa.h> 15 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 16 #include <openssl/provider.h> 17 #include <openssl/core_names.h> 18 #endif 19 20 #define CRYPTODEV_NAME_OPENSSL_PMD crypto_openssl 21 /**< Open SSL Crypto PMD device name */ 22 23 /** OPENSSL PMD LOGTYPE DRIVER */ 24 extern int openssl_logtype_driver; 25 #define OPENSSL_LOG(level, fmt, ...) \ 26 rte_log(RTE_LOG_ ## level, openssl_logtype_driver, \ 27 "%s() line %u: " fmt "\n", __func__, __LINE__, \ 28 ## __VA_ARGS__) 29 30 /* Maximum length for digest (SHA-512 needs 64 bytes) */ 31 #define DIGEST_LENGTH_MAX 64 32 33 /** OPENSSL operation order mode enumerator */ 34 enum openssl_chain_order { 35 OPENSSL_CHAIN_ONLY_CIPHER, 36 OPENSSL_CHAIN_ONLY_AUTH, 37 OPENSSL_CHAIN_CIPHER_BPI, 38 OPENSSL_CHAIN_CIPHER_AUTH, 39 OPENSSL_CHAIN_AUTH_CIPHER, 40 OPENSSL_CHAIN_COMBINED, 41 OPENSSL_CHAIN_NOT_SUPPORTED 42 }; 43 44 /** OPENSSL cipher mode enumerator */ 45 enum openssl_cipher_mode { 46 OPENSSL_CIPHER_LIB, 47 OPENSSL_CIPHER_DES3CTR, 48 }; 49 50 /** OPENSSL auth mode enumerator */ 51 enum openssl_auth_mode { 52 OPENSSL_AUTH_AS_AUTH, 53 OPENSSL_AUTH_AS_HMAC, 54 OPENSSL_AUTH_AS_CMAC, 55 }; 56 57 /** private data structure for each OPENSSL crypto device */ 58 struct openssl_private { 59 unsigned int max_nb_qpairs; 60 /**< Max number of queue pairs */ 61 }; 62 63 /** OPENSSL crypto queue pair */ 64 struct openssl_qp { 65 uint16_t id; 66 /**< Queue Pair Identifier */ 67 char name[RTE_CRYPTODEV_NAME_MAX_LEN]; 68 /**< Unique Queue Pair Name */ 69 struct rte_ring *processed_ops; 70 /**< Ring for placing process packets */ 71 struct rte_mempool *sess_mp; 72 /**< Session Mempool */ 73 struct rte_mempool *sess_mp_priv; 74 /**< Session Private Data Mempool */ 75 struct rte_cryptodev_stats stats; 76 /**< Queue pair statistics */ 77 uint8_t temp_digest[DIGEST_LENGTH_MAX]; 78 /**< Buffer used to store the digest generated 79 * by the driver when verifying a digest provided 80 * by the user (using authentication verify operation) 81 */ 82 } __rte_cache_aligned; 83 84 /** OPENSSL crypto private session structure */ 85 struct openssl_session { 86 enum openssl_chain_order chain_order; 87 /**< chain order mode */ 88 89 struct { 90 uint16_t length; 91 uint16_t offset; 92 } iv; 93 /**< IV parameters */ 94 95 enum rte_crypto_aead_algorithm aead_algo; 96 /**< AEAD algorithm */ 97 98 /** Cipher Parameters */ 99 struct { 100 enum rte_crypto_cipher_operation direction; 101 /**< cipher operation direction */ 102 enum openssl_cipher_mode mode; 103 /**< cipher operation mode */ 104 enum rte_crypto_cipher_algorithm algo; 105 /**< cipher algorithm */ 106 107 struct { 108 uint8_t data[32]; 109 /**< key data */ 110 size_t length; 111 /**< key length in bytes */ 112 } key; 113 114 const EVP_CIPHER *evp_algo; 115 /**< pointer to EVP algorithm function */ 116 EVP_CIPHER_CTX *ctx; 117 /**< pointer to EVP context structure */ 118 EVP_CIPHER_CTX *bpi_ctx; 119 } cipher; 120 121 /** Authentication Parameters */ 122 struct { 123 enum rte_crypto_auth_operation operation; 124 /**< auth operation generate or verify */ 125 enum openssl_auth_mode mode; 126 /**< auth operation mode */ 127 enum rte_crypto_auth_algorithm algo; 128 /**< cipher algorithm */ 129 130 union { 131 struct { 132 const EVP_MD *evp_algo; 133 /**< pointer to EVP algorithm function */ 134 EVP_MD_CTX *ctx; 135 /**< pointer to EVP context structure */ 136 } auth; 137 138 struct { 139 EVP_PKEY *pkey; 140 /**< pointer to EVP key */ 141 const EVP_MD *evp_algo; 142 /**< pointer to EVP algorithm function */ 143 # if OPENSSL_VERSION_NUMBER >= 0x30000000L 144 EVP_MAC_CTX * ctx; 145 # else 146 HMAC_CTX *ctx; 147 # endif 148 /**< pointer to EVP context structure */ 149 } hmac; 150 151 struct { 152 # if OPENSSL_VERSION_NUMBER >= 0x30000000L 153 EVP_MAC_CTX * ctx; 154 /**< pointer to EVP context structure */ 155 # else 156 const EVP_CIPHER * evp_algo; 157 /**< pointer to EVP algorithm function */ 158 CMAC_CTX *ctx; 159 /**< pointer to EVP context structure */ 160 # endif 161 } cmac; 162 }; 163 164 uint16_t aad_length; 165 /**< AAD length */ 166 uint16_t digest_length; 167 /**< digest length */ 168 } auth; 169 170 } __rte_cache_aligned; 171 172 /** OPENSSL crypto private asymmetric session structure */ 173 struct openssl_asym_session { 174 enum rte_crypto_asym_xform_type xfrm_type; 175 union { 176 struct rsa { 177 RSA *rsa; 178 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 179 EVP_PKEY_CTX * ctx; 180 #endif 181 } r; 182 struct exp { 183 BIGNUM *exp; 184 BIGNUM *mod; 185 BN_CTX *ctx; 186 } e; 187 struct mod { 188 BIGNUM *modulus; 189 BN_CTX *ctx; 190 } m; 191 struct dh { 192 DH *dh_key; 193 uint32_t key_op; 194 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 195 OSSL_PARAM_BLD * param_bld; 196 OSSL_PARAM_BLD *param_bld_peer; 197 #endif 198 } dh; 199 struct { 200 DSA *dsa; 201 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 202 OSSL_PARAM_BLD * param_bld; 203 #endif 204 } s; 205 } u; 206 } __rte_cache_aligned; 207 /** Set and validate OPENSSL crypto session parameters */ 208 extern int 209 openssl_set_session_parameters(struct openssl_session *sess, 210 const struct rte_crypto_sym_xform *xform); 211 212 /** Reset OPENSSL crypto session parameters */ 213 extern void 214 openssl_reset_session(struct openssl_session *sess); 215 216 /** device specific operations function pointer structure */ 217 extern struct rte_cryptodev_ops *rte_openssl_pmd_ops; 218 219 #endif /* _OPENSSL_PMD_PRIVATE_H_ */ 220