1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(c) 2016-2017 Intel Corporation 3 */ 4 5 #ifndef _OPENSSL_PMD_PRIVATE_H_ 6 #define _OPENSSL_PMD_PRIVATE_H_ 7 8 #include <openssl/evp.h> 9 #include <openssl/cmac.h> 10 #include <openssl/hmac.h> 11 #include <openssl/des.h> 12 #include <openssl/rsa.h> 13 #include <openssl/dh.h> 14 #include <openssl/dsa.h> 15 #include <openssl/ec.h> 16 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 17 #include <openssl/provider.h> 18 #include <openssl/core_names.h> 19 #endif 20 21 #define CRYPTODEV_NAME_OPENSSL_PMD crypto_openssl 22 /**< Open SSL Crypto PMD device name */ 23 24 /** OPENSSL PMD LOGTYPE DRIVER */ 25 extern int openssl_logtype_driver; 26 #define OPENSSL_LOG(level, fmt, ...) \ 27 rte_log(RTE_LOG_ ## level, openssl_logtype_driver, \ 28 "%s() line %u: " fmt "\n", __func__, __LINE__, \ 29 ## __VA_ARGS__) 30 31 /* Maximum length for digest (SHA-512 needs 64 bytes) */ 32 #define DIGEST_LENGTH_MAX 64 33 34 /** OPENSSL operation order mode enumerator */ 35 enum openssl_chain_order { 36 OPENSSL_CHAIN_ONLY_CIPHER, 37 OPENSSL_CHAIN_ONLY_AUTH, 38 OPENSSL_CHAIN_CIPHER_BPI, 39 OPENSSL_CHAIN_CIPHER_AUTH, 40 OPENSSL_CHAIN_AUTH_CIPHER, 41 OPENSSL_CHAIN_COMBINED, 42 OPENSSL_CHAIN_NOT_SUPPORTED 43 }; 44 45 /** OPENSSL cipher mode enumerator */ 46 enum openssl_cipher_mode { 47 OPENSSL_CIPHER_LIB, 48 OPENSSL_CIPHER_DES3CTR, 49 }; 50 51 /** OPENSSL auth mode enumerator */ 52 enum openssl_auth_mode { 53 OPENSSL_AUTH_AS_AUTH, 54 OPENSSL_AUTH_AS_HMAC, 55 OPENSSL_AUTH_AS_CMAC, 56 }; 57 58 /** private data structure for each OPENSSL crypto device */ 59 struct openssl_private { 60 unsigned int max_nb_qpairs; 61 /**< Max number of queue pairs */ 62 }; 63 64 /** OPENSSL crypto queue pair */ 65 struct openssl_qp { 66 uint16_t id; 67 /**< Queue Pair Identifier */ 68 char name[RTE_CRYPTODEV_NAME_MAX_LEN]; 69 /**< Unique Queue Pair Name */ 70 struct rte_ring *processed_ops; 71 /**< Ring for placing process packets */ 72 struct rte_mempool *sess_mp; 73 /**< Session Mempool */ 74 struct rte_cryptodev_stats stats; 75 /**< Queue pair statistics */ 76 uint8_t temp_digest[DIGEST_LENGTH_MAX]; 77 /**< Buffer used to store the digest generated 78 * by the driver when verifying a digest provided 79 * by the user (using authentication verify operation) 80 */ 81 } __rte_cache_aligned; 82 83 /** OPENSSL crypto private session structure */ 84 struct openssl_session { 85 enum openssl_chain_order chain_order; 86 /**< chain order mode */ 87 88 struct { 89 uint16_t length; 90 uint16_t offset; 91 } iv; 92 /**< IV parameters */ 93 94 enum rte_crypto_aead_algorithm aead_algo; 95 /**< AEAD algorithm */ 96 97 /** Cipher Parameters */ 98 struct { 99 enum rte_crypto_cipher_operation direction; 100 /**< cipher operation direction */ 101 enum openssl_cipher_mode mode; 102 /**< cipher operation mode */ 103 enum rte_crypto_cipher_algorithm algo; 104 /**< cipher algorithm */ 105 106 struct { 107 uint8_t data[32]; 108 /**< key data */ 109 size_t length; 110 /**< key length in bytes */ 111 } key; 112 113 const EVP_CIPHER *evp_algo; 114 /**< pointer to EVP algorithm function */ 115 EVP_CIPHER_CTX *ctx; 116 /**< pointer to EVP context structure */ 117 EVP_CIPHER_CTX *bpi_ctx; 118 } cipher; 119 120 /** Authentication Parameters */ 121 struct { 122 enum rte_crypto_auth_operation operation; 123 /**< auth operation generate or verify */ 124 enum openssl_auth_mode mode; 125 /**< auth operation mode */ 126 enum rte_crypto_auth_algorithm algo; 127 /**< cipher algorithm */ 128 129 union { 130 struct { 131 const EVP_MD *evp_algo; 132 /**< pointer to EVP algorithm function */ 133 EVP_MD_CTX *ctx; 134 /**< pointer to EVP context structure */ 135 } auth; 136 137 struct { 138 EVP_PKEY *pkey; 139 /**< pointer to EVP key */ 140 const EVP_MD *evp_algo; 141 /**< pointer to EVP algorithm function */ 142 # if OPENSSL_VERSION_NUMBER >= 0x30000000L 143 EVP_MAC_CTX * ctx; 144 # else 145 HMAC_CTX *ctx; 146 # endif 147 /**< pointer to EVP context structure */ 148 } hmac; 149 150 struct { 151 # if OPENSSL_VERSION_NUMBER >= 0x30000000L 152 EVP_MAC_CTX * ctx; 153 /**< pointer to EVP context structure */ 154 # else 155 const EVP_CIPHER * evp_algo; 156 /**< pointer to EVP algorithm function */ 157 CMAC_CTX *ctx; 158 /**< pointer to EVP context structure */ 159 # endif 160 } cmac; 161 }; 162 163 uint16_t aad_length; 164 /**< AAD length */ 165 uint16_t digest_length; 166 /**< digest length */ 167 } auth; 168 169 } __rte_cache_aligned; 170 171 /** OPENSSL crypto private asymmetric session structure */ 172 struct openssl_asym_session { 173 enum rte_crypto_asym_xform_type xfrm_type; 174 union { 175 struct rsa { 176 RSA *rsa; 177 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 178 EVP_PKEY_CTX * ctx; 179 #endif 180 } r; 181 struct exp { 182 BIGNUM *exp; 183 BIGNUM *mod; 184 BN_CTX *ctx; 185 } e; 186 struct mod { 187 BIGNUM *modulus; 188 BN_CTX *ctx; 189 } m; 190 struct dh { 191 DH *dh_key; 192 uint32_t key_op; 193 BIGNUM *p; 194 BIGNUM *g; 195 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 196 OSSL_PARAM_BLD * param_bld; 197 OSSL_PARAM_BLD *param_bld_peer; 198 #endif 199 } dh; 200 struct { 201 DSA *dsa; 202 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 203 OSSL_PARAM_BLD * param_bld; 204 BIGNUM *p; 205 BIGNUM *g; 206 BIGNUM *q; 207 BIGNUM *priv_key; 208 #endif 209 } s; 210 struct { 211 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 212 OSSL_PARAM * params; 213 #endif 214 } sm2; 215 } u; 216 } __rte_cache_aligned; 217 /** Set and validate OPENSSL crypto session parameters */ 218 extern int 219 openssl_set_session_parameters(struct openssl_session *sess, 220 const struct rte_crypto_sym_xform *xform); 221 222 /** Reset OPENSSL crypto session parameters */ 223 extern void 224 openssl_reset_session(struct openssl_session *sess); 225 226 /** device specific operations function pointer structure */ 227 extern struct rte_cryptodev_ops *rte_openssl_pmd_ops; 228 229 #endif /* _OPENSSL_PMD_PRIVATE_H_ */ 230