xref: /dpdk/drivers/crypto/openssl/openssl_pmd_private.h (revision f9dfb59edbccae50e7c5508348aa2b4b84413048) 
1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright(c) 2016-2017 Intel Corporation
3  */
4 
5 #ifndef _OPENSSL_PMD_PRIVATE_H_
6 #define _OPENSSL_PMD_PRIVATE_H_
7 
8 #include <openssl/evp.h>
9 #include <openssl/cmac.h>
10 #include <openssl/hmac.h>
11 #include <openssl/des.h>
12 #include <openssl/rsa.h>
13 #include <openssl/dh.h>
14 #include <openssl/dsa.h>
15 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
16 #include <openssl/provider.h>
17 #include <openssl/core_names.h>
18 #endif
19 
20 #define CRYPTODEV_NAME_OPENSSL_PMD	crypto_openssl
21 /**< Open SSL Crypto PMD device name */
22 
23 /** OPENSSL PMD LOGTYPE DRIVER */
24 extern int openssl_logtype_driver;
25 #define OPENSSL_LOG(level, fmt, ...)  \
26 	rte_log(RTE_LOG_ ## level, openssl_logtype_driver,  \
27 			"%s() line %u: " fmt "\n", __func__, __LINE__,  \
28 					## __VA_ARGS__)
29 
30 /* Maximum length for digest (SHA-512 needs 64 bytes) */
31 #define DIGEST_LENGTH_MAX 64
32 
33 /** OPENSSL operation order mode enumerator */
34 enum openssl_chain_order {
35 	OPENSSL_CHAIN_ONLY_CIPHER,
36 	OPENSSL_CHAIN_ONLY_AUTH,
37 	OPENSSL_CHAIN_CIPHER_BPI,
38 	OPENSSL_CHAIN_CIPHER_AUTH,
39 	OPENSSL_CHAIN_AUTH_CIPHER,
40 	OPENSSL_CHAIN_COMBINED,
41 	OPENSSL_CHAIN_NOT_SUPPORTED
42 };
43 
44 /** OPENSSL cipher mode enumerator */
45 enum openssl_cipher_mode {
46 	OPENSSL_CIPHER_LIB,
47 	OPENSSL_CIPHER_DES3CTR,
48 };
49 
50 /** OPENSSL auth mode enumerator */
51 enum openssl_auth_mode {
52 	OPENSSL_AUTH_AS_AUTH,
53 	OPENSSL_AUTH_AS_HMAC,
54 	OPENSSL_AUTH_AS_CMAC,
55 };
56 
57 /** private data structure for each OPENSSL crypto device */
58 struct openssl_private {
59 	unsigned int max_nb_qpairs;
60 	/**< Max number of queue pairs */
61 };
62 
63 /** OPENSSL crypto queue pair */
64 struct openssl_qp {
65 	uint16_t id;
66 	/**< Queue Pair Identifier */
67 	char name[RTE_CRYPTODEV_NAME_MAX_LEN];
68 	/**< Unique Queue Pair Name */
69 	struct rte_ring *processed_ops;
70 	/**< Ring for placing process packets */
71 	struct rte_mempool *sess_mp;
72 	/**< Session Mempool */
73 	struct rte_cryptodev_stats stats;
74 	/**< Queue pair statistics */
75 	uint8_t temp_digest[DIGEST_LENGTH_MAX];
76 	/**< Buffer used to store the digest generated
77 	 * by the driver when verifying a digest provided
78 	 * by the user (using authentication verify operation)
79 	 */
80 } __rte_cache_aligned;
81 
82 /** OPENSSL crypto private session structure */
83 struct openssl_session {
84 	enum openssl_chain_order chain_order;
85 	/**< chain order mode */
86 
87 	struct {
88 		uint16_t length;
89 		uint16_t offset;
90 	} iv;
91 	/**< IV parameters */
92 
93 	enum rte_crypto_aead_algorithm aead_algo;
94 	/**< AEAD algorithm */
95 
96 	/** Cipher Parameters */
97 	struct {
98 		enum rte_crypto_cipher_operation direction;
99 		/**< cipher operation direction */
100 		enum openssl_cipher_mode mode;
101 		/**< cipher operation mode */
102 		enum rte_crypto_cipher_algorithm algo;
103 		/**< cipher algorithm */
104 
105 		struct {
106 			uint8_t data[32];
107 			/**< key data */
108 			size_t length;
109 			/**< key length in bytes */
110 		} key;
111 
112 		const EVP_CIPHER *evp_algo;
113 		/**< pointer to EVP algorithm function */
114 		EVP_CIPHER_CTX *ctx;
115 		/**< pointer to EVP context structure */
116 		EVP_CIPHER_CTX *bpi_ctx;
117 	} cipher;
118 
119 	/** Authentication Parameters */
120 	struct {
121 		enum rte_crypto_auth_operation operation;
122 		/**< auth operation generate or verify */
123 		enum openssl_auth_mode mode;
124 		/**< auth operation mode */
125 		enum rte_crypto_auth_algorithm algo;
126 		/**< cipher algorithm */
127 
128 		union {
129 			struct {
130 				const EVP_MD *evp_algo;
131 				/**< pointer to EVP algorithm function */
132 				EVP_MD_CTX *ctx;
133 				/**< pointer to EVP context structure */
134 			} auth;
135 
136 			struct {
137 				EVP_PKEY *pkey;
138 				/**< pointer to EVP key */
139 				const EVP_MD *evp_algo;
140 				/**< pointer to EVP algorithm function */
141 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
142 				EVP_MAC_CTX * ctx;
143 # else
144 				HMAC_CTX *ctx;
145 # endif
146 				/**< pointer to EVP context structure */
147 			} hmac;
148 
149 			struct {
150 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
151 				EVP_MAC_CTX * ctx;
152 				/**< pointer to EVP context structure */
153 # else
154 				const EVP_CIPHER * evp_algo;
155 				/**< pointer to EVP algorithm function */
156 				CMAC_CTX *ctx;
157 				/**< pointer to EVP context structure */
158 # endif
159 			} cmac;
160 		};
161 
162 		uint16_t aad_length;
163 		/**< AAD length */
164 		uint16_t digest_length;
165 		/**< digest length */
166 	} auth;
167 
168 } __rte_cache_aligned;
169 
170 /** OPENSSL crypto private asymmetric session structure */
171 struct openssl_asym_session {
172 	enum rte_crypto_asym_xform_type xfrm_type;
173 	union {
174 		struct rsa {
175 			RSA *rsa;
176 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
177 			EVP_PKEY_CTX * ctx;
178 #endif
179 		} r;
180 		struct exp {
181 			BIGNUM *exp;
182 			BIGNUM *mod;
183 			BN_CTX *ctx;
184 		} e;
185 		struct mod {
186 			BIGNUM *modulus;
187 			BN_CTX *ctx;
188 		} m;
189 		struct dh {
190 			DH *dh_key;
191 			uint32_t key_op;
192 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
193 			OSSL_PARAM_BLD * param_bld;
194 			OSSL_PARAM_BLD *param_bld_peer;
195 #endif
196 		} dh;
197 		struct {
198 			DSA *dsa;
199 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
200 			OSSL_PARAM_BLD * param_bld;
201 #endif
202 		} s;
203 	} u;
204 } __rte_cache_aligned;
205 /** Set and validate OPENSSL crypto session parameters */
206 extern int
207 openssl_set_session_parameters(struct openssl_session *sess,
208 		const struct rte_crypto_sym_xform *xform);
209 
210 /** Reset OPENSSL crypto session parameters */
211 extern void
212 openssl_reset_session(struct openssl_session *sess);
213 
214 /** device specific operations function pointer structure */
215 extern struct rte_cryptodev_ops *rte_openssl_pmd_ops;
216 
217 #endif /* _OPENSSL_PMD_PRIVATE_H_ */
218