15566a3e3SBruce Richardson /* SPDX-License-Identifier: BSD-3-Clause 25566a3e3SBruce Richardson * Copyright(c) 2016-2017 Intel Corporation 38a9867a6SSlawomir Mrozowicz */ 48a9867a6SSlawomir Mrozowicz 58a9867a6SSlawomir Mrozowicz #include <rte_common.h> 68a9867a6SSlawomir Mrozowicz #include <rte_hexdump.h> 78a9867a6SSlawomir Mrozowicz #include <rte_cryptodev.h> 8af668035SAkhil Goyal #include <cryptodev_pmd.h> 94851ef2bSDavid Marchand #include <bus_vdev_driver.h> 108a9867a6SSlawomir Mrozowicz #include <rte_malloc.h> 118a9867a6SSlawomir Mrozowicz #include <rte_cpuflags.h> 128a9867a6SSlawomir Mrozowicz 132b9c693fSAshwin Sekhar T K #include <openssl/cmac.h> 143d0243feSAkhil Goyal #include <openssl/hmac.h> 158a9867a6SSlawomir Mrozowicz #include <openssl/evp.h> 163b7d638fSGowrishankar Muthukrishnan #include <openssl/ec.h> 178a9867a6SSlawomir Mrozowicz 18b28f28aeSDharmik Thakkar #include "openssl_pmd_private.h" 193e9d6bd4SSunila Sahu #include "compat.h" 208a9867a6SSlawomir Mrozowicz 211dee7bc7SPablo de Lara #define DES_BLOCK_SIZE 8 221dee7bc7SPablo de Lara 237a364faeSSlawomir Mrozowicz static uint8_t cryptodev_driver_id; 247a364faeSSlawomir Mrozowicz 253d0243feSAkhil Goyal #if (OPENSSL_VERSION_NUMBER < 0x10100000L) 263d0243feSAkhil Goyal static HMAC_CTX *HMAC_CTX_new(void) 273d0243feSAkhil Goyal { 283d0243feSAkhil Goyal HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); 293d0243feSAkhil Goyal 303d0243feSAkhil Goyal if (ctx != NULL) 313d0243feSAkhil Goyal HMAC_CTX_init(ctx); 323d0243feSAkhil Goyal return ctx; 333d0243feSAkhil Goyal } 343d0243feSAkhil Goyal 353d0243feSAkhil Goyal static void HMAC_CTX_free(HMAC_CTX *ctx) 363d0243feSAkhil Goyal { 373d0243feSAkhil Goyal if (ctx != NULL) { 383d0243feSAkhil Goyal HMAC_CTX_cleanup(ctx); 393d0243feSAkhil Goyal OPENSSL_free(ctx); 403d0243feSAkhil Goyal } 413d0243feSAkhil Goyal } 423d0243feSAkhil Goyal #endif 433d0243feSAkhil Goyal 4475adf1eaSKai Ji #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 4575adf1eaSKai Ji 4675adf1eaSKai Ji #include <openssl/provider.h> 4775adf1eaSKai Ji #include <openssl/core_names.h> 48c794b40cSKai Ji #include <openssl/param_build.h> 4975adf1eaSKai Ji 5075adf1eaSKai Ji #define MAX_OSSL_ALGO_NAME_SIZE 16 5175adf1eaSKai Ji 5275adf1eaSKai Ji OSSL_PROVIDER *legacy; 5375adf1eaSKai Ji OSSL_PROVIDER *deflt; 5475adf1eaSKai Ji 5575adf1eaSKai Ji static void ossl_legacy_provider_load(void) 5675adf1eaSKai Ji { 5775adf1eaSKai Ji /* Load Multiple providers into the default (NULL) library context */ 5875adf1eaSKai Ji legacy = OSSL_PROVIDER_load(NULL, "legacy"); 5975adf1eaSKai Ji if (legacy == NULL) { 6075adf1eaSKai Ji OPENSSL_LOG(ERR, "Failed to load Legacy provider\n"); 6175adf1eaSKai Ji return; 6275adf1eaSKai Ji } 6375adf1eaSKai Ji 6475adf1eaSKai Ji deflt = OSSL_PROVIDER_load(NULL, "default"); 6575adf1eaSKai Ji if (deflt == NULL) { 6675adf1eaSKai Ji OPENSSL_LOG(ERR, "Failed to load Default provider\n"); 6775adf1eaSKai Ji OSSL_PROVIDER_unload(legacy); 6875adf1eaSKai Ji return; 6975adf1eaSKai Ji } 7075adf1eaSKai Ji } 7175adf1eaSKai Ji 7275adf1eaSKai Ji static void ossl_legacy_provider_unload(void) 7375adf1eaSKai Ji { 7475adf1eaSKai Ji OSSL_PROVIDER_unload(legacy); 7575adf1eaSKai Ji OSSL_PROVIDER_unload(deflt); 7675adf1eaSKai Ji } 7775adf1eaSKai Ji 7875adf1eaSKai Ji static __rte_always_inline const char * 7975adf1eaSKai Ji digest_name_get(enum rte_crypto_auth_algorithm algo) 8075adf1eaSKai Ji { 8175adf1eaSKai Ji switch (algo) { 8275adf1eaSKai Ji case RTE_CRYPTO_AUTH_MD5_HMAC: 8375adf1eaSKai Ji return OSSL_DIGEST_NAME_MD5; 8475adf1eaSKai Ji case RTE_CRYPTO_AUTH_SHA1_HMAC: 8575adf1eaSKai Ji return OSSL_DIGEST_NAME_SHA1; 8675adf1eaSKai Ji case RTE_CRYPTO_AUTH_SHA224_HMAC: 8775adf1eaSKai Ji return OSSL_DIGEST_NAME_SHA2_224; 8875adf1eaSKai Ji case RTE_CRYPTO_AUTH_SHA256_HMAC: 8975adf1eaSKai Ji return OSSL_DIGEST_NAME_SHA2_256; 9075adf1eaSKai Ji case RTE_CRYPTO_AUTH_SHA384_HMAC: 9175adf1eaSKai Ji return OSSL_DIGEST_NAME_SHA2_384; 9275adf1eaSKai Ji case RTE_CRYPTO_AUTH_SHA512_HMAC: 9375adf1eaSKai Ji return OSSL_DIGEST_NAME_SHA2_512; 9475adf1eaSKai Ji default: 9575adf1eaSKai Ji return NULL; 9675adf1eaSKai Ji } 9775adf1eaSKai Ji } 9875adf1eaSKai Ji #endif 9975adf1eaSKai Ji 1005d2aa461SJan Blunck static int cryptodev_openssl_remove(struct rte_vdev_device *vdev); 1018a9867a6SSlawomir Mrozowicz 1028a9867a6SSlawomir Mrozowicz /*----------------------------------------------------------------------------*/ 1038a9867a6SSlawomir Mrozowicz 1048a9867a6SSlawomir Mrozowicz /** 1058a9867a6SSlawomir Mrozowicz * Increment counter by 1 1068a9867a6SSlawomir Mrozowicz * Counter is 64 bit array, big-endian 1078a9867a6SSlawomir Mrozowicz */ 1088a9867a6SSlawomir Mrozowicz static void 1098a9867a6SSlawomir Mrozowicz ctr_inc(uint8_t *ctr) 1108a9867a6SSlawomir Mrozowicz { 1118a9867a6SSlawomir Mrozowicz uint64_t *ctr64 = (uint64_t *)ctr; 1128a9867a6SSlawomir Mrozowicz 1138a9867a6SSlawomir Mrozowicz *ctr64 = __builtin_bswap64(*ctr64); 1148a9867a6SSlawomir Mrozowicz (*ctr64)++; 1158a9867a6SSlawomir Mrozowicz *ctr64 = __builtin_bswap64(*ctr64); 1168a9867a6SSlawomir Mrozowicz } 1178a9867a6SSlawomir Mrozowicz 1188a9867a6SSlawomir Mrozowicz /* 1198a9867a6SSlawomir Mrozowicz *------------------------------------------------------------------------------ 1208a9867a6SSlawomir Mrozowicz * Session Prepare 1218a9867a6SSlawomir Mrozowicz *------------------------------------------------------------------------------ 1228a9867a6SSlawomir Mrozowicz */ 1238a9867a6SSlawomir Mrozowicz 1248a9867a6SSlawomir Mrozowicz /** Get xform chain order */ 1258a9867a6SSlawomir Mrozowicz static enum openssl_chain_order 1268a9867a6SSlawomir Mrozowicz openssl_get_chain_order(const struct rte_crypto_sym_xform *xform) 1278a9867a6SSlawomir Mrozowicz { 1288a9867a6SSlawomir Mrozowicz enum openssl_chain_order res = OPENSSL_CHAIN_NOT_SUPPORTED; 1298a9867a6SSlawomir Mrozowicz 1308a9867a6SSlawomir Mrozowicz if (xform != NULL) { 1318a9867a6SSlawomir Mrozowicz if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { 1328a9867a6SSlawomir Mrozowicz if (xform->next == NULL) 1338a9867a6SSlawomir Mrozowicz res = OPENSSL_CHAIN_ONLY_AUTH; 1348a9867a6SSlawomir Mrozowicz else if (xform->next->type == 1358a9867a6SSlawomir Mrozowicz RTE_CRYPTO_SYM_XFORM_CIPHER) 1368a9867a6SSlawomir Mrozowicz res = OPENSSL_CHAIN_AUTH_CIPHER; 1378a9867a6SSlawomir Mrozowicz } 1388a9867a6SSlawomir Mrozowicz if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { 1398a9867a6SSlawomir Mrozowicz if (xform->next == NULL) 1408a9867a6SSlawomir Mrozowicz res = OPENSSL_CHAIN_ONLY_CIPHER; 1418a9867a6SSlawomir Mrozowicz else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) 1428a9867a6SSlawomir Mrozowicz res = OPENSSL_CHAIN_CIPHER_AUTH; 1438a9867a6SSlawomir Mrozowicz } 144b79e4c00SPablo de Lara if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) 145b79e4c00SPablo de Lara res = OPENSSL_CHAIN_COMBINED; 1468a9867a6SSlawomir Mrozowicz } 1478a9867a6SSlawomir Mrozowicz 1488a9867a6SSlawomir Mrozowicz return res; 1498a9867a6SSlawomir Mrozowicz } 1508a9867a6SSlawomir Mrozowicz 1518a9867a6SSlawomir Mrozowicz /** Get session cipher key from input cipher key */ 1528a9867a6SSlawomir Mrozowicz static void 153186b14d6SFan Zhang get_cipher_key(const uint8_t *input_key, int keylen, uint8_t *session_key) 1548a9867a6SSlawomir Mrozowicz { 1558a9867a6SSlawomir Mrozowicz memcpy(session_key, input_key, keylen); 1568a9867a6SSlawomir Mrozowicz } 1578a9867a6SSlawomir Mrozowicz 1588a9867a6SSlawomir Mrozowicz /** Get key ede 24 bytes standard from input key */ 1598a9867a6SSlawomir Mrozowicz static int 160186b14d6SFan Zhang get_cipher_key_ede(const uint8_t *key, int keylen, uint8_t *key_ede) 1618a9867a6SSlawomir Mrozowicz { 1628a9867a6SSlawomir Mrozowicz int res = 0; 1638a9867a6SSlawomir Mrozowicz 1648a9867a6SSlawomir Mrozowicz /* Initialize keys - 24 bytes: [key1-key2-key3] */ 1658a9867a6SSlawomir Mrozowicz switch (keylen) { 1668a9867a6SSlawomir Mrozowicz case 24: 1678a9867a6SSlawomir Mrozowicz memcpy(key_ede, key, 24); 1688a9867a6SSlawomir Mrozowicz break; 1698a9867a6SSlawomir Mrozowicz case 16: 1708a9867a6SSlawomir Mrozowicz /* K3 = K1 */ 1718a9867a6SSlawomir Mrozowicz memcpy(key_ede, key, 16); 1728a9867a6SSlawomir Mrozowicz memcpy(key_ede + 16, key, 8); 1738a9867a6SSlawomir Mrozowicz break; 1748a9867a6SSlawomir Mrozowicz case 8: 1758a9867a6SSlawomir Mrozowicz /* K1 = K2 = K3 (DES compatibility) */ 1768a9867a6SSlawomir Mrozowicz memcpy(key_ede, key, 8); 1778a9867a6SSlawomir Mrozowicz memcpy(key_ede + 8, key, 8); 1788a9867a6SSlawomir Mrozowicz memcpy(key_ede + 16, key, 8); 1798a9867a6SSlawomir Mrozowicz break; 1808a9867a6SSlawomir Mrozowicz default: 181094b2386SNaga Suresh Somarowthu OPENSSL_LOG(ERR, "Unsupported key size"); 1828a9867a6SSlawomir Mrozowicz res = -EINVAL; 1838a9867a6SSlawomir Mrozowicz } 1848a9867a6SSlawomir Mrozowicz 1858a9867a6SSlawomir Mrozowicz return res; 1868a9867a6SSlawomir Mrozowicz } 1878a9867a6SSlawomir Mrozowicz 1888a9867a6SSlawomir Mrozowicz /** Get adequate openssl function for input cipher algorithm */ 1898a9867a6SSlawomir Mrozowicz static uint8_t 1908a9867a6SSlawomir Mrozowicz get_cipher_algo(enum rte_crypto_cipher_algorithm sess_algo, size_t keylen, 1918a9867a6SSlawomir Mrozowicz const EVP_CIPHER **algo) 1928a9867a6SSlawomir Mrozowicz { 1938a9867a6SSlawomir Mrozowicz int res = 0; 1948a9867a6SSlawomir Mrozowicz 1958a9867a6SSlawomir Mrozowicz if (algo != NULL) { 1968a9867a6SSlawomir Mrozowicz switch (sess_algo) { 1978a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_3DES_CBC: 1988a9867a6SSlawomir Mrozowicz switch (keylen) { 1999607e37eSMarko Kovacevic case 8: 2009607e37eSMarko Kovacevic *algo = EVP_des_cbc(); 2019607e37eSMarko Kovacevic break; 2028a9867a6SSlawomir Mrozowicz case 16: 2038a9867a6SSlawomir Mrozowicz *algo = EVP_des_ede_cbc(); 2048a9867a6SSlawomir Mrozowicz break; 2058a9867a6SSlawomir Mrozowicz case 24: 2068a9867a6SSlawomir Mrozowicz *algo = EVP_des_ede3_cbc(); 2078a9867a6SSlawomir Mrozowicz break; 2088a9867a6SSlawomir Mrozowicz default: 2098a9867a6SSlawomir Mrozowicz res = -EINVAL; 2108a9867a6SSlawomir Mrozowicz } 2118a9867a6SSlawomir Mrozowicz break; 2128a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_3DES_CTR: 2138a9867a6SSlawomir Mrozowicz break; 2148a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_AES_CBC: 2158a9867a6SSlawomir Mrozowicz switch (keylen) { 2168a9867a6SSlawomir Mrozowicz case 16: 2178a9867a6SSlawomir Mrozowicz *algo = EVP_aes_128_cbc(); 2188a9867a6SSlawomir Mrozowicz break; 2198a9867a6SSlawomir Mrozowicz case 24: 2208a9867a6SSlawomir Mrozowicz *algo = EVP_aes_192_cbc(); 2218a9867a6SSlawomir Mrozowicz break; 2228a9867a6SSlawomir Mrozowicz case 32: 2238a9867a6SSlawomir Mrozowicz *algo = EVP_aes_256_cbc(); 2248a9867a6SSlawomir Mrozowicz break; 2258a9867a6SSlawomir Mrozowicz default: 2268a9867a6SSlawomir Mrozowicz res = -EINVAL; 2278a9867a6SSlawomir Mrozowicz } 2288a9867a6SSlawomir Mrozowicz break; 2298a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_AES_CTR: 2308a9867a6SSlawomir Mrozowicz switch (keylen) { 2318a9867a6SSlawomir Mrozowicz case 16: 2328a9867a6SSlawomir Mrozowicz *algo = EVP_aes_128_ctr(); 2338a9867a6SSlawomir Mrozowicz break; 2348a9867a6SSlawomir Mrozowicz case 24: 2358a9867a6SSlawomir Mrozowicz *algo = EVP_aes_192_ctr(); 2368a9867a6SSlawomir Mrozowicz break; 2378a9867a6SSlawomir Mrozowicz case 32: 2388a9867a6SSlawomir Mrozowicz *algo = EVP_aes_256_ctr(); 2398a9867a6SSlawomir Mrozowicz break; 2408a9867a6SSlawomir Mrozowicz default: 2418a9867a6SSlawomir Mrozowicz res = -EINVAL; 2428a9867a6SSlawomir Mrozowicz } 2438a9867a6SSlawomir Mrozowicz break; 2448a9867a6SSlawomir Mrozowicz default: 2458a9867a6SSlawomir Mrozowicz res = -EINVAL; 2468a9867a6SSlawomir Mrozowicz break; 2478a9867a6SSlawomir Mrozowicz } 2488a9867a6SSlawomir Mrozowicz } else { 2498a9867a6SSlawomir Mrozowicz res = -EINVAL; 2508a9867a6SSlawomir Mrozowicz } 2518a9867a6SSlawomir Mrozowicz 2528a9867a6SSlawomir Mrozowicz return res; 2538a9867a6SSlawomir Mrozowicz } 2548a9867a6SSlawomir Mrozowicz 2558a9867a6SSlawomir Mrozowicz /** Get adequate openssl function for input auth algorithm */ 2568a9867a6SSlawomir Mrozowicz static uint8_t 2578a9867a6SSlawomir Mrozowicz get_auth_algo(enum rte_crypto_auth_algorithm sessalgo, 2588a9867a6SSlawomir Mrozowicz const EVP_MD **algo) 2598a9867a6SSlawomir Mrozowicz { 2608a9867a6SSlawomir Mrozowicz int res = 0; 2618a9867a6SSlawomir Mrozowicz 2628a9867a6SSlawomir Mrozowicz if (algo != NULL) { 2638a9867a6SSlawomir Mrozowicz switch (sessalgo) { 2648a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_MD5: 2658a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_MD5_HMAC: 2668a9867a6SSlawomir Mrozowicz *algo = EVP_md5(); 2678a9867a6SSlawomir Mrozowicz break; 2688a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA1: 2698a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA1_HMAC: 2708a9867a6SSlawomir Mrozowicz *algo = EVP_sha1(); 2718a9867a6SSlawomir Mrozowicz break; 2728a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA224: 2738a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA224_HMAC: 2748a9867a6SSlawomir Mrozowicz *algo = EVP_sha224(); 2758a9867a6SSlawomir Mrozowicz break; 2768a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA256: 2778a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA256_HMAC: 2788a9867a6SSlawomir Mrozowicz *algo = EVP_sha256(); 2798a9867a6SSlawomir Mrozowicz break; 2808a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA384: 2818a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA384_HMAC: 2828a9867a6SSlawomir Mrozowicz *algo = EVP_sha384(); 2838a9867a6SSlawomir Mrozowicz break; 2848a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA512: 2858a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA512_HMAC: 2868a9867a6SSlawomir Mrozowicz *algo = EVP_sha512(); 2878a9867a6SSlawomir Mrozowicz break; 2888a9867a6SSlawomir Mrozowicz default: 2898a9867a6SSlawomir Mrozowicz res = -EINVAL; 2908a9867a6SSlawomir Mrozowicz break; 2918a9867a6SSlawomir Mrozowicz } 2928a9867a6SSlawomir Mrozowicz } else { 2938a9867a6SSlawomir Mrozowicz res = -EINVAL; 2948a9867a6SSlawomir Mrozowicz } 2958a9867a6SSlawomir Mrozowicz 2968a9867a6SSlawomir Mrozowicz return res; 2978a9867a6SSlawomir Mrozowicz } 2988a9867a6SSlawomir Mrozowicz 299b79e4c00SPablo de Lara /** Get adequate openssl function for input cipher algorithm */ 300b79e4c00SPablo de Lara static uint8_t 301b79e4c00SPablo de Lara get_aead_algo(enum rte_crypto_aead_algorithm sess_algo, size_t keylen, 302b79e4c00SPablo de Lara const EVP_CIPHER **algo) 303b79e4c00SPablo de Lara { 304b79e4c00SPablo de Lara int res = 0; 305b79e4c00SPablo de Lara 306b79e4c00SPablo de Lara if (algo != NULL) { 307b79e4c00SPablo de Lara switch (sess_algo) { 308b79e4c00SPablo de Lara case RTE_CRYPTO_AEAD_AES_GCM: 309b79e4c00SPablo de Lara switch (keylen) { 310b79e4c00SPablo de Lara case 16: 311b79e4c00SPablo de Lara *algo = EVP_aes_128_gcm(); 312b79e4c00SPablo de Lara break; 313b79e4c00SPablo de Lara case 24: 314b79e4c00SPablo de Lara *algo = EVP_aes_192_gcm(); 315b79e4c00SPablo de Lara break; 316b79e4c00SPablo de Lara case 32: 317b79e4c00SPablo de Lara *algo = EVP_aes_256_gcm(); 318b79e4c00SPablo de Lara break; 319b79e4c00SPablo de Lara default: 320b79e4c00SPablo de Lara res = -EINVAL; 321b79e4c00SPablo de Lara } 322b79e4c00SPablo de Lara break; 3231a4998dcSPablo de Lara case RTE_CRYPTO_AEAD_AES_CCM: 3241a4998dcSPablo de Lara switch (keylen) { 3251a4998dcSPablo de Lara case 16: 3261a4998dcSPablo de Lara *algo = EVP_aes_128_ccm(); 3271a4998dcSPablo de Lara break; 3281a4998dcSPablo de Lara case 24: 3291a4998dcSPablo de Lara *algo = EVP_aes_192_ccm(); 3301a4998dcSPablo de Lara break; 3311a4998dcSPablo de Lara case 32: 3321a4998dcSPablo de Lara *algo = EVP_aes_256_ccm(); 3331a4998dcSPablo de Lara break; 3341a4998dcSPablo de Lara default: 3351a4998dcSPablo de Lara res = -EINVAL; 3361a4998dcSPablo de Lara } 3371a4998dcSPablo de Lara break; 338b79e4c00SPablo de Lara default: 339b79e4c00SPablo de Lara res = -EINVAL; 340b79e4c00SPablo de Lara break; 341b79e4c00SPablo de Lara } 342b79e4c00SPablo de Lara } else { 343b79e4c00SPablo de Lara res = -EINVAL; 344b79e4c00SPablo de Lara } 345b79e4c00SPablo de Lara 346b79e4c00SPablo de Lara return res; 347b79e4c00SPablo de Lara } 348b79e4c00SPablo de Lara 349b4b86b09SPablo de Lara /* Set session AEAD encryption parameters */ 350b4b86b09SPablo de Lara static int 351b4b86b09SPablo de Lara openssl_set_sess_aead_enc_param(struct openssl_session *sess, 352b4b86b09SPablo de Lara enum rte_crypto_aead_algorithm algo, 35378d7765fSJack Bond-Preston uint8_t tag_len, const uint8_t *key, 35478d7765fSJack Bond-Preston EVP_CIPHER_CTX **ctx) 355b4b86b09SPablo de Lara { 356b4b86b09SPablo de Lara int iv_type = 0; 3571a4998dcSPablo de Lara unsigned int do_ccm; 358b4b86b09SPablo de Lara 359b4b86b09SPablo de Lara sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_ENCRYPT; 360b4b86b09SPablo de Lara sess->auth.operation = RTE_CRYPTO_AUTH_OP_GENERATE; 361b4b86b09SPablo de Lara 362b4b86b09SPablo de Lara /* Select AEAD algo */ 363b4b86b09SPablo de Lara switch (algo) { 364b4b86b09SPablo de Lara case RTE_CRYPTO_AEAD_AES_GCM: 365b4b86b09SPablo de Lara iv_type = EVP_CTRL_GCM_SET_IVLEN; 366b4b86b09SPablo de Lara if (tag_len != 16) 367b4b86b09SPablo de Lara return -EINVAL; 3681a4998dcSPablo de Lara do_ccm = 0; 3691a4998dcSPablo de Lara break; 3701a4998dcSPablo de Lara case RTE_CRYPTO_AEAD_AES_CCM: 3711a4998dcSPablo de Lara iv_type = EVP_CTRL_CCM_SET_IVLEN; 3721a4998dcSPablo de Lara /* Digest size can be 4, 6, 8, 10, 12, 14 or 16 bytes */ 3731a4998dcSPablo de Lara if (tag_len < 4 || tag_len > 16 || (tag_len & 1) == 1) 3741a4998dcSPablo de Lara return -EINVAL; 3751a4998dcSPablo de Lara do_ccm = 1; 376b4b86b09SPablo de Lara break; 377b4b86b09SPablo de Lara default: 378b4b86b09SPablo de Lara return -ENOTSUP; 379b4b86b09SPablo de Lara } 380b4b86b09SPablo de Lara 381b4b86b09SPablo de Lara sess->cipher.mode = OPENSSL_CIPHER_LIB; 38278d7765fSJack Bond-Preston *ctx = EVP_CIPHER_CTX_new(); 383b4b86b09SPablo de Lara 384b4b86b09SPablo de Lara if (get_aead_algo(algo, sess->cipher.key.length, 385b4b86b09SPablo de Lara &sess->cipher.evp_algo) != 0) 386b4b86b09SPablo de Lara return -EINVAL; 387b4b86b09SPablo de Lara 388b4b86b09SPablo de Lara get_cipher_key(key, sess->cipher.key.length, sess->cipher.key.data); 389b4b86b09SPablo de Lara 390b4b86b09SPablo de Lara sess->chain_order = OPENSSL_CHAIN_COMBINED; 391b4b86b09SPablo de Lara 39278d7765fSJack Bond-Preston if (EVP_EncryptInit_ex(*ctx, sess->cipher.evp_algo, 393b4b86b09SPablo de Lara NULL, NULL, NULL) <= 0) 394b4b86b09SPablo de Lara return -EINVAL; 395b4b86b09SPablo de Lara 39678d7765fSJack Bond-Preston if (EVP_CIPHER_CTX_ctrl(*ctx, iv_type, sess->iv.length, 397b4b86b09SPablo de Lara NULL) <= 0) 398b4b86b09SPablo de Lara return -EINVAL; 399b4b86b09SPablo de Lara 4001a4998dcSPablo de Lara if (do_ccm) 40178d7765fSJack Bond-Preston EVP_CIPHER_CTX_ctrl(*ctx, EVP_CTRL_CCM_SET_TAG, 4021a4998dcSPablo de Lara tag_len, NULL); 4031a4998dcSPablo de Lara 40478d7765fSJack Bond-Preston if (EVP_EncryptInit_ex(*ctx, NULL, NULL, key, NULL) <= 0) 405b4b86b09SPablo de Lara return -EINVAL; 406b4b86b09SPablo de Lara 407b4b86b09SPablo de Lara return 0; 408b4b86b09SPablo de Lara } 409b4b86b09SPablo de Lara 410b4b86b09SPablo de Lara /* Set session AEAD decryption parameters */ 411b4b86b09SPablo de Lara static int 412b4b86b09SPablo de Lara openssl_set_sess_aead_dec_param(struct openssl_session *sess, 413b4b86b09SPablo de Lara enum rte_crypto_aead_algorithm algo, 41478d7765fSJack Bond-Preston uint8_t tag_len, const uint8_t *key, 41578d7765fSJack Bond-Preston EVP_CIPHER_CTX **ctx) 416b4b86b09SPablo de Lara { 417b4b86b09SPablo de Lara int iv_type = 0; 4181a4998dcSPablo de Lara unsigned int do_ccm = 0; 419b4b86b09SPablo de Lara 420b4b86b09SPablo de Lara sess->cipher.direction = RTE_CRYPTO_CIPHER_OP_DECRYPT; 421b4b86b09SPablo de Lara sess->auth.operation = RTE_CRYPTO_AUTH_OP_VERIFY; 422b4b86b09SPablo de Lara 423b4b86b09SPablo de Lara /* Select AEAD algo */ 424b4b86b09SPablo de Lara switch (algo) { 425b4b86b09SPablo de Lara case RTE_CRYPTO_AEAD_AES_GCM: 426b4b86b09SPablo de Lara iv_type = EVP_CTRL_GCM_SET_IVLEN; 427b4b86b09SPablo de Lara if (tag_len != 16) 428b4b86b09SPablo de Lara return -EINVAL; 429b4b86b09SPablo de Lara break; 4301a4998dcSPablo de Lara case RTE_CRYPTO_AEAD_AES_CCM: 4311a4998dcSPablo de Lara iv_type = EVP_CTRL_CCM_SET_IVLEN; 4321a4998dcSPablo de Lara /* Digest size can be 4, 6, 8, 10, 12, 14 or 16 bytes */ 4331a4998dcSPablo de Lara if (tag_len < 4 || tag_len > 16 || (tag_len & 1) == 1) 4341a4998dcSPablo de Lara return -EINVAL; 4351a4998dcSPablo de Lara do_ccm = 1; 4361a4998dcSPablo de Lara break; 437b4b86b09SPablo de Lara default: 438b4b86b09SPablo de Lara return -ENOTSUP; 439b4b86b09SPablo de Lara } 440b4b86b09SPablo de Lara 441b4b86b09SPablo de Lara sess->cipher.mode = OPENSSL_CIPHER_LIB; 44278d7765fSJack Bond-Preston *ctx = EVP_CIPHER_CTX_new(); 443b4b86b09SPablo de Lara 444b4b86b09SPablo de Lara if (get_aead_algo(algo, sess->cipher.key.length, 445b4b86b09SPablo de Lara &sess->cipher.evp_algo) != 0) 446b4b86b09SPablo de Lara return -EINVAL; 447b4b86b09SPablo de Lara 448b4b86b09SPablo de Lara get_cipher_key(key, sess->cipher.key.length, sess->cipher.key.data); 449b4b86b09SPablo de Lara 450b4b86b09SPablo de Lara sess->chain_order = OPENSSL_CHAIN_COMBINED; 451b4b86b09SPablo de Lara 45278d7765fSJack Bond-Preston if (EVP_DecryptInit_ex(*ctx, sess->cipher.evp_algo, 453b4b86b09SPablo de Lara NULL, NULL, NULL) <= 0) 454b4b86b09SPablo de Lara return -EINVAL; 455b4b86b09SPablo de Lara 45678d7765fSJack Bond-Preston if (EVP_CIPHER_CTX_ctrl(*ctx, iv_type, 457b4b86b09SPablo de Lara sess->iv.length, NULL) <= 0) 458b4b86b09SPablo de Lara return -EINVAL; 459b4b86b09SPablo de Lara 4601a4998dcSPablo de Lara if (do_ccm) 46178d7765fSJack Bond-Preston EVP_CIPHER_CTX_ctrl(*ctx, EVP_CTRL_CCM_SET_TAG, 4621a4998dcSPablo de Lara tag_len, NULL); 4631a4998dcSPablo de Lara 46478d7765fSJack Bond-Preston if (EVP_DecryptInit_ex(*ctx, NULL, NULL, key, NULL) <= 0) 465b4b86b09SPablo de Lara return -EINVAL; 466b4b86b09SPablo de Lara 467b4b86b09SPablo de Lara return 0; 468b4b86b09SPablo de Lara } 469b4b86b09SPablo de Lara 47078d7765fSJack Bond-Preston static int openssl_aesni_ctx_clone(EVP_CIPHER_CTX **dest, 47178d7765fSJack Bond-Preston struct openssl_session *sess) 47278d7765fSJack Bond-Preston { 47378d7765fSJack Bond-Preston #if (OPENSSL_VERSION_NUMBER >= 0x30200000L) 47478d7765fSJack Bond-Preston *dest = EVP_CIPHER_CTX_dup(sess->ctx); 47578d7765fSJack Bond-Preston return 0; 47678d7765fSJack Bond-Preston #elif (OPENSSL_VERSION_NUMBER >= 0x30000000L) 47778d7765fSJack Bond-Preston /* OpenSSL versions 3.0.0 <= V < 3.2.0 have no dupctx() implementation 47878d7765fSJack Bond-Preston * for AES-GCM and AES-CCM. In this case, we have to create new empty 47978d7765fSJack Bond-Preston * contexts and initialise, as we did the original context. 48078d7765fSJack Bond-Preston */ 48178d7765fSJack Bond-Preston if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) 48278d7765fSJack Bond-Preston sess->aead_algo = RTE_CRYPTO_AEAD_AES_GCM; 48378d7765fSJack Bond-Preston 48478d7765fSJack Bond-Preston if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) 48578d7765fSJack Bond-Preston return openssl_set_sess_aead_enc_param(sess, sess->aead_algo, 48678d7765fSJack Bond-Preston sess->auth.digest_length, sess->cipher.key.data, 48778d7765fSJack Bond-Preston dest); 48878d7765fSJack Bond-Preston else 48978d7765fSJack Bond-Preston return openssl_set_sess_aead_dec_param(sess, sess->aead_algo, 49078d7765fSJack Bond-Preston sess->auth.digest_length, sess->cipher.key.data, 49178d7765fSJack Bond-Preston dest); 49278d7765fSJack Bond-Preston #else 49378d7765fSJack Bond-Preston *dest = EVP_CIPHER_CTX_new(); 49478d7765fSJack Bond-Preston if (EVP_CIPHER_CTX_copy(*dest, sess->cipher.ctx) != 1) 49578d7765fSJack Bond-Preston return -EINVAL; 49678d7765fSJack Bond-Preston return 0; 49778d7765fSJack Bond-Preston #endif 49878d7765fSJack Bond-Preston } 49978d7765fSJack Bond-Preston 5008a9867a6SSlawomir Mrozowicz /** Set session cipher parameters */ 5018a9867a6SSlawomir Mrozowicz static int 5028a9867a6SSlawomir Mrozowicz openssl_set_session_cipher_parameters(struct openssl_session *sess, 5038a9867a6SSlawomir Mrozowicz const struct rte_crypto_sym_xform *xform) 5048a9867a6SSlawomir Mrozowicz { 5058a9867a6SSlawomir Mrozowicz /* Select cipher direction */ 5068a9867a6SSlawomir Mrozowicz sess->cipher.direction = xform->cipher.op; 5078a9867a6SSlawomir Mrozowicz /* Select cipher key */ 5088a9867a6SSlawomir Mrozowicz sess->cipher.key.length = xform->cipher.key.length; 5098a9867a6SSlawomir Mrozowicz 5100fbd75a9SPablo de Lara /* Set IV parameters */ 5110fbd75a9SPablo de Lara sess->iv.offset = xform->cipher.iv.offset; 5120fbd75a9SPablo de Lara sess->iv.length = xform->cipher.iv.length; 5130fbd75a9SPablo de Lara 5148a9867a6SSlawomir Mrozowicz /* Select cipher algo */ 5158a9867a6SSlawomir Mrozowicz switch (xform->cipher.algo) { 5168a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_3DES_CBC: 5178a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_AES_CBC: 5188a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_AES_CTR: 5198a9867a6SSlawomir Mrozowicz sess->cipher.mode = OPENSSL_CIPHER_LIB; 5208a9867a6SSlawomir Mrozowicz sess->cipher.algo = xform->cipher.algo; 5218a9867a6SSlawomir Mrozowicz sess->cipher.ctx = EVP_CIPHER_CTX_new(); 5228a9867a6SSlawomir Mrozowicz 5238a9867a6SSlawomir Mrozowicz if (get_cipher_algo(sess->cipher.algo, sess->cipher.key.length, 5248a9867a6SSlawomir Mrozowicz &sess->cipher.evp_algo) != 0) 5258a9867a6SSlawomir Mrozowicz return -EINVAL; 5268a9867a6SSlawomir Mrozowicz 5278a9867a6SSlawomir Mrozowicz get_cipher_key(xform->cipher.key.data, sess->cipher.key.length, 5288a9867a6SSlawomir Mrozowicz sess->cipher.key.data); 529efd42d2eSAkhil Goyal if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { 530efd42d2eSAkhil Goyal if (EVP_EncryptInit_ex(sess->cipher.ctx, 531efd42d2eSAkhil Goyal sess->cipher.evp_algo, 532efd42d2eSAkhil Goyal NULL, xform->cipher.key.data, 533efd42d2eSAkhil Goyal NULL) != 1) { 534efd42d2eSAkhil Goyal return -EINVAL; 535efd42d2eSAkhil Goyal } 536efd42d2eSAkhil Goyal } else if (sess->cipher.direction == 537efd42d2eSAkhil Goyal RTE_CRYPTO_CIPHER_OP_DECRYPT) { 538efd42d2eSAkhil Goyal if (EVP_DecryptInit_ex(sess->cipher.ctx, 539efd42d2eSAkhil Goyal sess->cipher.evp_algo, 540efd42d2eSAkhil Goyal NULL, xform->cipher.key.data, 541efd42d2eSAkhil Goyal NULL) != 1) { 542efd42d2eSAkhil Goyal return -EINVAL; 543efd42d2eSAkhil Goyal } 544efd42d2eSAkhil Goyal } 5458a9867a6SSlawomir Mrozowicz 5468a9867a6SSlawomir Mrozowicz break; 5478a9867a6SSlawomir Mrozowicz 5488a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_3DES_CTR: 5498a9867a6SSlawomir Mrozowicz sess->cipher.mode = OPENSSL_CIPHER_DES3CTR; 5508a9867a6SSlawomir Mrozowicz sess->cipher.ctx = EVP_CIPHER_CTX_new(); 5518a9867a6SSlawomir Mrozowicz 5528a9867a6SSlawomir Mrozowicz if (get_cipher_key_ede(xform->cipher.key.data, 5538a9867a6SSlawomir Mrozowicz sess->cipher.key.length, 5548a9867a6SSlawomir Mrozowicz sess->cipher.key.data) != 0) 5558a9867a6SSlawomir Mrozowicz return -EINVAL; 556*08917eddSJack Bond-Preston 557*08917eddSJack Bond-Preston 558*08917eddSJack Bond-Preston /* We use 3DES encryption also for decryption. 559*08917eddSJack Bond-Preston * IV is not important for 3DES ECB. 560*08917eddSJack Bond-Preston */ 561*08917eddSJack Bond-Preston if (EVP_EncryptInit_ex(sess->cipher.ctx, EVP_des_ede3_ecb(), 562*08917eddSJack Bond-Preston NULL, sess->cipher.key.data, NULL) != 1) 563*08917eddSJack Bond-Preston return -EINVAL; 564*08917eddSJack Bond-Preston 5658a9867a6SSlawomir Mrozowicz break; 566c1734807SPablo de Lara 567c1734807SPablo de Lara case RTE_CRYPTO_CIPHER_DES_CBC: 568c1734807SPablo de Lara sess->cipher.algo = xform->cipher.algo; 569c1734807SPablo de Lara sess->cipher.ctx = EVP_CIPHER_CTX_new(); 570c1734807SPablo de Lara sess->cipher.evp_algo = EVP_des_cbc(); 571c1734807SPablo de Lara 572c1734807SPablo de Lara get_cipher_key(xform->cipher.key.data, sess->cipher.key.length, 573c1734807SPablo de Lara sess->cipher.key.data); 574c1734807SPablo de Lara if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { 575c1734807SPablo de Lara if (EVP_EncryptInit_ex(sess->cipher.ctx, 576c1734807SPablo de Lara sess->cipher.evp_algo, 577c1734807SPablo de Lara NULL, xform->cipher.key.data, 578c1734807SPablo de Lara NULL) != 1) { 579c1734807SPablo de Lara return -EINVAL; 580c1734807SPablo de Lara } 581c1734807SPablo de Lara } else if (sess->cipher.direction == 582c1734807SPablo de Lara RTE_CRYPTO_CIPHER_OP_DECRYPT) { 583c1734807SPablo de Lara if (EVP_DecryptInit_ex(sess->cipher.ctx, 584c1734807SPablo de Lara sess->cipher.evp_algo, 585c1734807SPablo de Lara NULL, xform->cipher.key.data, 586c1734807SPablo de Lara NULL) != 1) { 587c1734807SPablo de Lara return -EINVAL; 588c1734807SPablo de Lara } 589c1734807SPablo de Lara } 590c1734807SPablo de Lara 591c1734807SPablo de Lara break; 592c1734807SPablo de Lara 5931dee7bc7SPablo de Lara case RTE_CRYPTO_CIPHER_DES_DOCSISBPI: 5941dee7bc7SPablo de Lara sess->cipher.algo = xform->cipher.algo; 5951dee7bc7SPablo de Lara sess->chain_order = OPENSSL_CHAIN_CIPHER_BPI; 5961dee7bc7SPablo de Lara sess->cipher.ctx = EVP_CIPHER_CTX_new(); 5971dee7bc7SPablo de Lara sess->cipher.evp_algo = EVP_des_cbc(); 5988a9867a6SSlawomir Mrozowicz 5991dee7bc7SPablo de Lara sess->cipher.bpi_ctx = EVP_CIPHER_CTX_new(); 6001dee7bc7SPablo de Lara /* IV will be ECB encrypted whether direction is encrypt or decrypt */ 6011dee7bc7SPablo de Lara if (EVP_EncryptInit_ex(sess->cipher.bpi_ctx, EVP_des_ecb(), 6021dee7bc7SPablo de Lara NULL, xform->cipher.key.data, 0) != 1) 6031dee7bc7SPablo de Lara return -EINVAL; 6041dee7bc7SPablo de Lara 6051dee7bc7SPablo de Lara get_cipher_key(xform->cipher.key.data, sess->cipher.key.length, 6061dee7bc7SPablo de Lara sess->cipher.key.data); 607efd42d2eSAkhil Goyal if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { 608efd42d2eSAkhil Goyal if (EVP_EncryptInit_ex(sess->cipher.ctx, 609efd42d2eSAkhil Goyal sess->cipher.evp_algo, 610efd42d2eSAkhil Goyal NULL, xform->cipher.key.data, 611efd42d2eSAkhil Goyal NULL) != 1) { 612efd42d2eSAkhil Goyal return -EINVAL; 613efd42d2eSAkhil Goyal } 614efd42d2eSAkhil Goyal } else if (sess->cipher.direction == 615efd42d2eSAkhil Goyal RTE_CRYPTO_CIPHER_OP_DECRYPT) { 616efd42d2eSAkhil Goyal if (EVP_DecryptInit_ex(sess->cipher.ctx, 617efd42d2eSAkhil Goyal sess->cipher.evp_algo, 618efd42d2eSAkhil Goyal NULL, xform->cipher.key.data, 619efd42d2eSAkhil Goyal NULL) != 1) { 620efd42d2eSAkhil Goyal return -EINVAL; 621efd42d2eSAkhil Goyal } 622efd42d2eSAkhil Goyal } 623efd42d2eSAkhil Goyal 6241dee7bc7SPablo de Lara break; 6258a9867a6SSlawomir Mrozowicz default: 6268a9867a6SSlawomir Mrozowicz sess->cipher.algo = RTE_CRYPTO_CIPHER_NULL; 62727391b53SPablo de Lara return -ENOTSUP; 6288a9867a6SSlawomir Mrozowicz } 6298a9867a6SSlawomir Mrozowicz 6308a9867a6SSlawomir Mrozowicz return 0; 6318a9867a6SSlawomir Mrozowicz } 6328a9867a6SSlawomir Mrozowicz 6338a9867a6SSlawomir Mrozowicz /* Set session auth parameters */ 6348a9867a6SSlawomir Mrozowicz static int 6358a9867a6SSlawomir Mrozowicz openssl_set_session_auth_parameters(struct openssl_session *sess, 6368a9867a6SSlawomir Mrozowicz const struct rte_crypto_sym_xform *xform) 6378a9867a6SSlawomir Mrozowicz { 6382b9c693fSAshwin Sekhar T K # if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 6392b9c693fSAshwin Sekhar T K char algo_name[MAX_OSSL_ALGO_NAME_SIZE]; 6402b9c693fSAshwin Sekhar T K OSSL_PARAM params[2]; 6412b9c693fSAshwin Sekhar T K const char *algo; 6422b9c693fSAshwin Sekhar T K EVP_MAC *mac; 6432b9c693fSAshwin Sekhar T K # endif 6448a9867a6SSlawomir Mrozowicz /* Select auth generate/verify */ 6458a9867a6SSlawomir Mrozowicz sess->auth.operation = xform->auth.op; 6468a9867a6SSlawomir Mrozowicz sess->auth.algo = xform->auth.algo; 6478a9867a6SSlawomir Mrozowicz 648b4b86b09SPablo de Lara sess->auth.digest_length = xform->auth.digest_length; 649b4b86b09SPablo de Lara 6508a9867a6SSlawomir Mrozowicz /* Select auth algo */ 6518a9867a6SSlawomir Mrozowicz switch (xform->auth.algo) { 652e32e4fa8SPablo de Lara case RTE_CRYPTO_AUTH_AES_GMAC: 653b4b86b09SPablo de Lara /* 654b4b86b09SPablo de Lara * OpenSSL requires GMAC to be a GCM operation 655b4b86b09SPablo de Lara * with no cipher data length 656b4b86b09SPablo de Lara */ 657b4b86b09SPablo de Lara sess->cipher.key.length = xform->auth.key.length; 658e32e4fa8SPablo de Lara 659e32e4fa8SPablo de Lara /* Set IV parameters */ 660e32e4fa8SPablo de Lara sess->iv.offset = xform->auth.iv.offset; 661e32e4fa8SPablo de Lara sess->iv.length = xform->auth.iv.length; 662e32e4fa8SPablo de Lara 663e32e4fa8SPablo de Lara if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_GENERATE) 664b4b86b09SPablo de Lara return openssl_set_sess_aead_enc_param(sess, 665b4b86b09SPablo de Lara RTE_CRYPTO_AEAD_AES_GCM, 666b4b86b09SPablo de Lara xform->auth.digest_length, 66778d7765fSJack Bond-Preston xform->auth.key.data, 66878d7765fSJack Bond-Preston &sess->cipher.ctx); 669e32e4fa8SPablo de Lara else 670b4b86b09SPablo de Lara return openssl_set_sess_aead_dec_param(sess, 671b4b86b09SPablo de Lara RTE_CRYPTO_AEAD_AES_GCM, 672b4b86b09SPablo de Lara xform->auth.digest_length, 67378d7765fSJack Bond-Preston xform->auth.key.data, 67478d7765fSJack Bond-Preston &sess->cipher.ctx); 675e32e4fa8SPablo de Lara break; 6768a9867a6SSlawomir Mrozowicz 6778a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_MD5: 6788a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA1: 6798a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA224: 6808a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA256: 6818a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA384: 6828a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA512: 6838a9867a6SSlawomir Mrozowicz sess->auth.mode = OPENSSL_AUTH_AS_AUTH; 6848a9867a6SSlawomir Mrozowicz if (get_auth_algo(xform->auth.algo, 6858a9867a6SSlawomir Mrozowicz &sess->auth.auth.evp_algo) != 0) 6868a9867a6SSlawomir Mrozowicz return -EINVAL; 6878a9867a6SSlawomir Mrozowicz sess->auth.auth.ctx = EVP_MD_CTX_create(); 6888a9867a6SSlawomir Mrozowicz break; 6898a9867a6SSlawomir Mrozowicz 6902b9c693fSAshwin Sekhar T K case RTE_CRYPTO_AUTH_AES_CMAC: 6912b9c693fSAshwin Sekhar T K # if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 6922b9c693fSAshwin Sekhar T K if (xform->auth.key.length == 16) 6932b9c693fSAshwin Sekhar T K algo = SN_aes_128_cbc; 6942b9c693fSAshwin Sekhar T K else if (xform->auth.key.length == 24) 6952b9c693fSAshwin Sekhar T K algo = SN_aes_192_cbc; 6962b9c693fSAshwin Sekhar T K else if (xform->auth.key.length == 32) 6972b9c693fSAshwin Sekhar T K algo = SN_aes_256_cbc; 6982b9c693fSAshwin Sekhar T K else 6992b9c693fSAshwin Sekhar T K return -EINVAL; 7002b9c693fSAshwin Sekhar T K 7012b9c693fSAshwin Sekhar T K rte_memcpy(algo_name, algo, strlen(algo) + 1); 7022b9c693fSAshwin Sekhar T K params[0] = OSSL_PARAM_construct_utf8_string( 7032b9c693fSAshwin Sekhar T K OSSL_MAC_PARAM_CIPHER, algo_name, 0); 7042b9c693fSAshwin Sekhar T K params[1] = OSSL_PARAM_construct_end(); 7052b9c693fSAshwin Sekhar T K 7062b9c693fSAshwin Sekhar T K sess->auth.mode = OPENSSL_AUTH_AS_CMAC; 7072b9c693fSAshwin Sekhar T K mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL); 7082b9c693fSAshwin Sekhar T K sess->auth.cmac.ctx = EVP_MAC_CTX_new(mac); 7092b9c693fSAshwin Sekhar T K EVP_MAC_free(mac); 7102b9c693fSAshwin Sekhar T K 7112b9c693fSAshwin Sekhar T K if (EVP_MAC_init(sess->auth.cmac.ctx, 7122b9c693fSAshwin Sekhar T K xform->auth.key.data, 7132b9c693fSAshwin Sekhar T K xform->auth.key.length, 7142b9c693fSAshwin Sekhar T K params) != 1) 7152b9c693fSAshwin Sekhar T K return -EINVAL; 7162b9c693fSAshwin Sekhar T K # else 7172b9c693fSAshwin Sekhar T K sess->auth.mode = OPENSSL_AUTH_AS_CMAC; 7182b9c693fSAshwin Sekhar T K sess->auth.cmac.ctx = CMAC_CTX_new(); 7192b9c693fSAshwin Sekhar T K if (get_cipher_algo(RTE_CRYPTO_CIPHER_AES_CBC, 7202b9c693fSAshwin Sekhar T K xform->auth.key.length, 7212b9c693fSAshwin Sekhar T K &sess->auth.cmac.evp_algo) != 0) 7222b9c693fSAshwin Sekhar T K return -EINVAL; 7232b9c693fSAshwin Sekhar T K if (CMAC_Init(sess->auth.cmac.ctx, 7242b9c693fSAshwin Sekhar T K xform->auth.key.data, 7252b9c693fSAshwin Sekhar T K xform->auth.key.length, 7262b9c693fSAshwin Sekhar T K sess->auth.cmac.evp_algo, NULL) != 1) 7272b9c693fSAshwin Sekhar T K return -EINVAL; 7282b9c693fSAshwin Sekhar T K # endif 7292b9c693fSAshwin Sekhar T K break; 7302b9c693fSAshwin Sekhar T K 73175adf1eaSKai Ji # if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 73275adf1eaSKai Ji case RTE_CRYPTO_AUTH_MD5_HMAC: 73375adf1eaSKai Ji case RTE_CRYPTO_AUTH_SHA1_HMAC: 73475adf1eaSKai Ji case RTE_CRYPTO_AUTH_SHA224_HMAC: 73575adf1eaSKai Ji case RTE_CRYPTO_AUTH_SHA256_HMAC: 73675adf1eaSKai Ji case RTE_CRYPTO_AUTH_SHA384_HMAC: 73775adf1eaSKai Ji case RTE_CRYPTO_AUTH_SHA512_HMAC: 73875adf1eaSKai Ji sess->auth.mode = OPENSSL_AUTH_AS_HMAC; 73975adf1eaSKai Ji 74075adf1eaSKai Ji algo = digest_name_get(xform->auth.algo); 74175adf1eaSKai Ji if (!algo) 74275adf1eaSKai Ji return -EINVAL; 743f481e927SRuifeng Wang strlcpy(algo_name, algo, sizeof(algo_name)); 74475adf1eaSKai Ji 7452b9c693fSAshwin Sekhar T K mac = EVP_MAC_fetch(NULL, "HMAC", NULL); 74675adf1eaSKai Ji sess->auth.hmac.ctx = EVP_MAC_CTX_new(mac); 74775adf1eaSKai Ji EVP_MAC_free(mac); 74875adf1eaSKai Ji if (get_auth_algo(xform->auth.algo, 74975adf1eaSKai Ji &sess->auth.hmac.evp_algo) != 0) 75075adf1eaSKai Ji return -EINVAL; 75175adf1eaSKai Ji 75275adf1eaSKai Ji params[0] = OSSL_PARAM_construct_utf8_string("digest", 75375adf1eaSKai Ji algo_name, 0); 75475adf1eaSKai Ji params[1] = OSSL_PARAM_construct_end(); 75575adf1eaSKai Ji if (EVP_MAC_init(sess->auth.hmac.ctx, 75675adf1eaSKai Ji xform->auth.key.data, 75775adf1eaSKai Ji xform->auth.key.length, 75875adf1eaSKai Ji params) != 1) 75975adf1eaSKai Ji return -EINVAL; 76075adf1eaSKai Ji break; 76175adf1eaSKai Ji # else 7628a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_MD5_HMAC: 7638a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA1_HMAC: 7648a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA224_HMAC: 7658a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA256_HMAC: 7668a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA384_HMAC: 7678a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA512_HMAC: 7688a9867a6SSlawomir Mrozowicz sess->auth.mode = OPENSSL_AUTH_AS_HMAC; 7693d0243feSAkhil Goyal sess->auth.hmac.ctx = HMAC_CTX_new(); 7708a9867a6SSlawomir Mrozowicz if (get_auth_algo(xform->auth.algo, 7718a9867a6SSlawomir Mrozowicz &sess->auth.hmac.evp_algo) != 0) 7728a9867a6SSlawomir Mrozowicz return -EINVAL; 7733d0243feSAkhil Goyal 7743d0243feSAkhil Goyal if (HMAC_Init_ex(sess->auth.hmac.ctx, 7753d0243feSAkhil Goyal xform->auth.key.data, 7763d0243feSAkhil Goyal xform->auth.key.length, 7773d0243feSAkhil Goyal sess->auth.hmac.evp_algo, NULL) != 1) 7783d0243feSAkhil Goyal return -EINVAL; 7798a9867a6SSlawomir Mrozowicz break; 78075adf1eaSKai Ji # endif 7818a9867a6SSlawomir Mrozowicz default: 78227391b53SPablo de Lara return -ENOTSUP; 7838a9867a6SSlawomir Mrozowicz } 7848a9867a6SSlawomir Mrozowicz 7858a9867a6SSlawomir Mrozowicz return 0; 7868a9867a6SSlawomir Mrozowicz } 7878a9867a6SSlawomir Mrozowicz 788b79e4c00SPablo de Lara /* Set session AEAD parameters */ 789b79e4c00SPablo de Lara static int 790b79e4c00SPablo de Lara openssl_set_session_aead_parameters(struct openssl_session *sess, 791b79e4c00SPablo de Lara const struct rte_crypto_sym_xform *xform) 792b79e4c00SPablo de Lara { 793b79e4c00SPablo de Lara /* Select cipher key */ 794b79e4c00SPablo de Lara sess->cipher.key.length = xform->aead.key.length; 795b79e4c00SPablo de Lara 796b79e4c00SPablo de Lara /* Set IV parameters */ 7971a4998dcSPablo de Lara if (xform->aead.algo == RTE_CRYPTO_AEAD_AES_CCM) 7981a4998dcSPablo de Lara /* 7991a4998dcSPablo de Lara * For AES-CCM, the actual IV is placed 8001a4998dcSPablo de Lara * one byte after the start of the IV field, 8011a4998dcSPablo de Lara * according to the API. 8021a4998dcSPablo de Lara */ 8031a4998dcSPablo de Lara sess->iv.offset = xform->aead.iv.offset + 1; 8041a4998dcSPablo de Lara else 805b79e4c00SPablo de Lara sess->iv.offset = xform->aead.iv.offset; 8061a4998dcSPablo de Lara 807b79e4c00SPablo de Lara sess->iv.length = xform->aead.iv.length; 808b79e4c00SPablo de Lara 80946a0547fSPablo de Lara sess->auth.aad_length = xform->aead.aad_length; 810b79e4c00SPablo de Lara sess->auth.digest_length = xform->aead.digest_length; 811b79e4c00SPablo de Lara 812b4b86b09SPablo de Lara sess->aead_algo = xform->aead.algo; 813b4b86b09SPablo de Lara /* Select cipher direction */ 814b4b86b09SPablo de Lara if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT) 815b4b86b09SPablo de Lara return openssl_set_sess_aead_enc_param(sess, xform->aead.algo, 81678d7765fSJack Bond-Preston xform->aead.digest_length, xform->aead.key.data, 81778d7765fSJack Bond-Preston &sess->cipher.ctx); 818b4b86b09SPablo de Lara else 819b4b86b09SPablo de Lara return openssl_set_sess_aead_dec_param(sess, xform->aead.algo, 82078d7765fSJack Bond-Preston xform->aead.digest_length, xform->aead.key.data, 82178d7765fSJack Bond-Preston &sess->cipher.ctx); 822b79e4c00SPablo de Lara } 823b79e4c00SPablo de Lara 8248a9867a6SSlawomir Mrozowicz /** Parse crypto xform chain and set private session parameters */ 8258a9867a6SSlawomir Mrozowicz int 8268a9867a6SSlawomir Mrozowicz openssl_set_session_parameters(struct openssl_session *sess, 8278a9867a6SSlawomir Mrozowicz const struct rte_crypto_sym_xform *xform) 8288a9867a6SSlawomir Mrozowicz { 8298a9867a6SSlawomir Mrozowicz const struct rte_crypto_sym_xform *cipher_xform = NULL; 8308a9867a6SSlawomir Mrozowicz const struct rte_crypto_sym_xform *auth_xform = NULL; 831b79e4c00SPablo de Lara const struct rte_crypto_sym_xform *aead_xform = NULL; 83227391b53SPablo de Lara int ret; 8338a9867a6SSlawomir Mrozowicz 8348a9867a6SSlawomir Mrozowicz sess->chain_order = openssl_get_chain_order(xform); 8358a9867a6SSlawomir Mrozowicz switch (sess->chain_order) { 8368a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_ONLY_CIPHER: 8378a9867a6SSlawomir Mrozowicz cipher_xform = xform; 8388a9867a6SSlawomir Mrozowicz break; 8398a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_ONLY_AUTH: 8408a9867a6SSlawomir Mrozowicz auth_xform = xform; 8418a9867a6SSlawomir Mrozowicz break; 8428a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_CIPHER_AUTH: 8438a9867a6SSlawomir Mrozowicz cipher_xform = xform; 8448a9867a6SSlawomir Mrozowicz auth_xform = xform->next; 8458a9867a6SSlawomir Mrozowicz break; 8468a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_AUTH_CIPHER: 8478a9867a6SSlawomir Mrozowicz auth_xform = xform; 8488a9867a6SSlawomir Mrozowicz cipher_xform = xform->next; 8498a9867a6SSlawomir Mrozowicz break; 850b79e4c00SPablo de Lara case OPENSSL_CHAIN_COMBINED: 851b79e4c00SPablo de Lara aead_xform = xform; 852b79e4c00SPablo de Lara break; 8538a9867a6SSlawomir Mrozowicz default: 8548a9867a6SSlawomir Mrozowicz return -EINVAL; 8558a9867a6SSlawomir Mrozowicz } 8568a9867a6SSlawomir Mrozowicz 8570fbd75a9SPablo de Lara /* Default IV length = 0 */ 8580fbd75a9SPablo de Lara sess->iv.length = 0; 8590fbd75a9SPablo de Lara 8608a9867a6SSlawomir Mrozowicz /* cipher_xform must be check before auth_xform */ 8618a9867a6SSlawomir Mrozowicz if (cipher_xform) { 86227391b53SPablo de Lara ret = openssl_set_session_cipher_parameters( 86327391b53SPablo de Lara sess, cipher_xform); 86427391b53SPablo de Lara if (ret != 0) { 865094b2386SNaga Suresh Somarowthu OPENSSL_LOG(ERR, 8668a9867a6SSlawomir Mrozowicz "Invalid/unsupported cipher parameters"); 86727391b53SPablo de Lara return ret; 8688a9867a6SSlawomir Mrozowicz } 8698a9867a6SSlawomir Mrozowicz } 8708a9867a6SSlawomir Mrozowicz 8718a9867a6SSlawomir Mrozowicz if (auth_xform) { 87227391b53SPablo de Lara ret = openssl_set_session_auth_parameters(sess, auth_xform); 87327391b53SPablo de Lara if (ret != 0) { 874094b2386SNaga Suresh Somarowthu OPENSSL_LOG(ERR, 8758a9867a6SSlawomir Mrozowicz "Invalid/unsupported auth parameters"); 87627391b53SPablo de Lara return ret; 8778a9867a6SSlawomir Mrozowicz } 8788a9867a6SSlawomir Mrozowicz } 8798a9867a6SSlawomir Mrozowicz 880b79e4c00SPablo de Lara if (aead_xform) { 88127391b53SPablo de Lara ret = openssl_set_session_aead_parameters(sess, aead_xform); 88227391b53SPablo de Lara if (ret != 0) { 883094b2386SNaga Suresh Somarowthu OPENSSL_LOG(ERR, 8840b0a6e5aSPablo de Lara "Invalid/unsupported AEAD parameters"); 88527391b53SPablo de Lara return ret; 886b79e4c00SPablo de Lara } 887b79e4c00SPablo de Lara } 888b79e4c00SPablo de Lara 8898a9867a6SSlawomir Mrozowicz return 0; 8908a9867a6SSlawomir Mrozowicz } 8918a9867a6SSlawomir Mrozowicz 8928a9867a6SSlawomir Mrozowicz /** Reset private session parameters */ 8938a9867a6SSlawomir Mrozowicz void 8948a9867a6SSlawomir Mrozowicz openssl_reset_session(struct openssl_session *sess) 8958a9867a6SSlawomir Mrozowicz { 8968a9867a6SSlawomir Mrozowicz EVP_CIPHER_CTX_free(sess->cipher.ctx); 8978a9867a6SSlawomir Mrozowicz 8981dee7bc7SPablo de Lara if (sess->chain_order == OPENSSL_CHAIN_CIPHER_BPI) 8991dee7bc7SPablo de Lara EVP_CIPHER_CTX_free(sess->cipher.bpi_ctx); 9001dee7bc7SPablo de Lara 9018a9867a6SSlawomir Mrozowicz switch (sess->auth.mode) { 9028a9867a6SSlawomir Mrozowicz case OPENSSL_AUTH_AS_AUTH: 9038a9867a6SSlawomir Mrozowicz EVP_MD_CTX_destroy(sess->auth.auth.ctx); 9048a9867a6SSlawomir Mrozowicz break; 9058a9867a6SSlawomir Mrozowicz case OPENSSL_AUTH_AS_HMAC: 9068a9867a6SSlawomir Mrozowicz EVP_PKEY_free(sess->auth.hmac.pkey); 90775adf1eaSKai Ji # if OPENSSL_VERSION_NUMBER >= 0x30000000L 90875adf1eaSKai Ji EVP_MAC_CTX_free(sess->auth.hmac.ctx); 90975adf1eaSKai Ji # else 9103d0243feSAkhil Goyal HMAC_CTX_free(sess->auth.hmac.ctx); 91175adf1eaSKai Ji # endif 9128a9867a6SSlawomir Mrozowicz break; 9132b9c693fSAshwin Sekhar T K case OPENSSL_AUTH_AS_CMAC: 9142b9c693fSAshwin Sekhar T K # if OPENSSL_VERSION_NUMBER >= 0x30000000L 9152b9c693fSAshwin Sekhar T K EVP_MAC_CTX_free(sess->auth.cmac.ctx); 9162b9c693fSAshwin Sekhar T K # else 9172b9c693fSAshwin Sekhar T K CMAC_CTX_free(sess->auth.cmac.ctx); 9182b9c693fSAshwin Sekhar T K # endif 9192b9c693fSAshwin Sekhar T K break; 9208a9867a6SSlawomir Mrozowicz default: 9218a9867a6SSlawomir Mrozowicz break; 9228a9867a6SSlawomir Mrozowicz } 9238a9867a6SSlawomir Mrozowicz } 9248a9867a6SSlawomir Mrozowicz 9258a9867a6SSlawomir Mrozowicz /** Provide session for operation */ 9263e9d6bd4SSunila Sahu static void * 9278a9867a6SSlawomir Mrozowicz get_session(struct openssl_qp *qp, struct rte_crypto_op *op) 9288a9867a6SSlawomir Mrozowicz { 9298a9867a6SSlawomir Mrozowicz struct openssl_session *sess = NULL; 9303e9d6bd4SSunila Sahu struct openssl_asym_session *asym_sess = NULL; 9318a9867a6SSlawomir Mrozowicz 9325209df0dSPablo de Lara if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { 9333e9d6bd4SSunila Sahu if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { 9348a9867a6SSlawomir Mrozowicz /* get existing session */ 93570c5c3d1SSlawomir Mrozowicz if (likely(op->sym->session != NULL)) 9362a440d6aSAkhil Goyal sess = CRYPTODEV_GET_SYM_SESS_PRIV( 9372a440d6aSAkhil Goyal op->sym->session); 9388a9867a6SSlawomir Mrozowicz } else { 9393e9d6bd4SSunila Sahu if (likely(op->asym->session != NULL)) 9403e9d6bd4SSunila Sahu asym_sess = (struct openssl_asym_session *) 9411f1e4b7cSCiara Power op->asym->session->sess_private_data; 9423e9d6bd4SSunila Sahu if (asym_sess == NULL) 9433e9d6bd4SSunila Sahu op->status = 9443e9d6bd4SSunila Sahu RTE_CRYPTO_OP_STATUS_INVALID_SESSION; 9453e9d6bd4SSunila Sahu return asym_sess; 9463e9d6bd4SSunila Sahu } 9473e9d6bd4SSunila Sahu } else { 948bdce2564SAkhil Goyal struct rte_cryptodev_sym_session *_sess; 9493e9d6bd4SSunila Sahu /* sessionless asymmetric not supported */ 9503e9d6bd4SSunila Sahu if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) 9513e9d6bd4SSunila Sahu return NULL; 9523e9d6bd4SSunila Sahu 9538a9867a6SSlawomir Mrozowicz /* provide internal session */ 954bdce2564SAkhil Goyal rte_mempool_get(qp->sess_mp, (void **)&_sess); 9558a9867a6SSlawomir Mrozowicz 956a0c2b3d8SJunxiao Shi if (_sess == NULL) 957b3bbd9e5SSlawomir Mrozowicz return NULL; 9588a9867a6SSlawomir Mrozowicz 959bdce2564SAkhil Goyal sess = (struct openssl_session *)_sess->driver_priv_data; 960b3bbd9e5SSlawomir Mrozowicz 961b3bbd9e5SSlawomir Mrozowicz if (unlikely(openssl_set_session_parameters(sess, 962b3bbd9e5SSlawomir Mrozowicz op->sym->xform) != 0)) { 9638a9867a6SSlawomir Mrozowicz rte_mempool_put(qp->sess_mp, _sess); 9648a9867a6SSlawomir Mrozowicz sess = NULL; 9658a9867a6SSlawomir Mrozowicz } 966b3bbd9e5SSlawomir Mrozowicz op->sym->session = (struct rte_cryptodev_sym_session *)_sess; 967bdce2564SAkhil Goyal 9688a9867a6SSlawomir Mrozowicz } 9698a9867a6SSlawomir Mrozowicz 9708a9867a6SSlawomir Mrozowicz if (sess == NULL) 9718a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; 9728a9867a6SSlawomir Mrozowicz 9738a9867a6SSlawomir Mrozowicz return sess; 9748a9867a6SSlawomir Mrozowicz } 9758a9867a6SSlawomir Mrozowicz 9768a9867a6SSlawomir Mrozowicz /* 9778a9867a6SSlawomir Mrozowicz *------------------------------------------------------------------------------ 9788a9867a6SSlawomir Mrozowicz * Process Operations 9798a9867a6SSlawomir Mrozowicz *------------------------------------------------------------------------------ 9808a9867a6SSlawomir Mrozowicz */ 9818f675fc7STomasz Kulasek static inline int 9828f675fc7STomasz Kulasek process_openssl_encryption_update(struct rte_mbuf *mbuf_src, int offset, 983b795e127SAkhil Goyal uint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx, uint8_t inplace) 9848f675fc7STomasz Kulasek { 9858f675fc7STomasz Kulasek struct rte_mbuf *m; 9868f675fc7STomasz Kulasek int dstlen; 9878f675fc7STomasz Kulasek int l, n = srclen; 988b795e127SAkhil Goyal uint8_t *src, temp[EVP_CIPHER_CTX_block_size(ctx)]; 9898f675fc7STomasz Kulasek 9908f675fc7STomasz Kulasek for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m); 9918f675fc7STomasz Kulasek m = m->next) 9928f675fc7STomasz Kulasek offset -= rte_pktmbuf_data_len(m); 9938f675fc7STomasz Kulasek 9948f675fc7STomasz Kulasek if (m == 0) 9958f675fc7STomasz Kulasek return -1; 9968f675fc7STomasz Kulasek 9978f675fc7STomasz Kulasek src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset); 998b795e127SAkhil Goyal if (inplace) 999b795e127SAkhil Goyal *dst = src; 10008f675fc7STomasz Kulasek 10018f675fc7STomasz Kulasek l = rte_pktmbuf_data_len(m) - offset; 10028f675fc7STomasz Kulasek if (srclen <= l) { 10038f675fc7STomasz Kulasek if (EVP_EncryptUpdate(ctx, *dst, &dstlen, src, srclen) <= 0) 10048f675fc7STomasz Kulasek return -1; 10058f675fc7STomasz Kulasek *dst += l; 10068f675fc7STomasz Kulasek return 0; 10078f675fc7STomasz Kulasek } 10088f675fc7STomasz Kulasek 10098f675fc7STomasz Kulasek if (EVP_EncryptUpdate(ctx, *dst, &dstlen, src, l) <= 0) 10108f675fc7STomasz Kulasek return -1; 10118f675fc7STomasz Kulasek 10128f675fc7STomasz Kulasek *dst += dstlen; 10138f675fc7STomasz Kulasek n -= l; 10148f675fc7STomasz Kulasek 10158f675fc7STomasz Kulasek for (m = m->next; (m != NULL) && (n > 0); m = m->next) { 1016b795e127SAkhil Goyal uint8_t diff = l - dstlen, rem; 1017b795e127SAkhil Goyal 10188f675fc7STomasz Kulasek src = rte_pktmbuf_mtod(m, uint8_t *); 1019b795e127SAkhil Goyal l = RTE_MIN(rte_pktmbuf_data_len(m), n); 1020b795e127SAkhil Goyal if (diff && inplace) { 1021b795e127SAkhil Goyal rem = RTE_MIN(l, 1022b795e127SAkhil Goyal (EVP_CIPHER_CTX_block_size(ctx) - diff)); 1023b795e127SAkhil Goyal if (EVP_EncryptUpdate(ctx, temp, 1024b795e127SAkhil Goyal &dstlen, src, rem) <= 0) 1025b795e127SAkhil Goyal return -1; 1026b795e127SAkhil Goyal n -= rem; 1027b795e127SAkhil Goyal rte_memcpy(*dst, temp, diff); 1028b795e127SAkhil Goyal rte_memcpy(src, temp + diff, rem); 1029b795e127SAkhil Goyal src += rem; 1030b795e127SAkhil Goyal l -= rem; 1031b795e127SAkhil Goyal } 1032b795e127SAkhil Goyal if (inplace) 1033b795e127SAkhil Goyal *dst = src; 10348f675fc7STomasz Kulasek if (EVP_EncryptUpdate(ctx, *dst, &dstlen, src, l) <= 0) 10358f675fc7STomasz Kulasek return -1; 10368f675fc7STomasz Kulasek *dst += dstlen; 10378f675fc7STomasz Kulasek n -= l; 10388f675fc7STomasz Kulasek } 10398f675fc7STomasz Kulasek 10408f675fc7STomasz Kulasek return 0; 10418f675fc7STomasz Kulasek } 10428f675fc7STomasz Kulasek 10438f675fc7STomasz Kulasek static inline int 10448f675fc7STomasz Kulasek process_openssl_decryption_update(struct rte_mbuf *mbuf_src, int offset, 1045b795e127SAkhil Goyal uint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx, uint8_t inplace) 10468f675fc7STomasz Kulasek { 10478f675fc7STomasz Kulasek struct rte_mbuf *m; 10488f675fc7STomasz Kulasek int dstlen; 10498f675fc7STomasz Kulasek int l, n = srclen; 1050b795e127SAkhil Goyal uint8_t *src, temp[EVP_CIPHER_CTX_block_size(ctx)]; 10518f675fc7STomasz Kulasek 10528f675fc7STomasz Kulasek for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m); 10538f675fc7STomasz Kulasek m = m->next) 10548f675fc7STomasz Kulasek offset -= rte_pktmbuf_data_len(m); 10558f675fc7STomasz Kulasek 10568f675fc7STomasz Kulasek if (m == 0) 10578f675fc7STomasz Kulasek return -1; 10588f675fc7STomasz Kulasek 10598f675fc7STomasz Kulasek src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset); 1060b795e127SAkhil Goyal if (inplace) 1061b795e127SAkhil Goyal *dst = src; 10628f675fc7STomasz Kulasek 10638f675fc7STomasz Kulasek l = rte_pktmbuf_data_len(m) - offset; 10648f675fc7STomasz Kulasek if (srclen <= l) { 10658f675fc7STomasz Kulasek if (EVP_DecryptUpdate(ctx, *dst, &dstlen, src, srclen) <= 0) 10668f675fc7STomasz Kulasek return -1; 10678f675fc7STomasz Kulasek *dst += l; 10688f675fc7STomasz Kulasek return 0; 10698f675fc7STomasz Kulasek } 10708f675fc7STomasz Kulasek 10718f675fc7STomasz Kulasek if (EVP_DecryptUpdate(ctx, *dst, &dstlen, src, l) <= 0) 10728f675fc7STomasz Kulasek return -1; 10738f675fc7STomasz Kulasek 10748f675fc7STomasz Kulasek *dst += dstlen; 10758f675fc7STomasz Kulasek n -= l; 10768f675fc7STomasz Kulasek 10778f675fc7STomasz Kulasek for (m = m->next; (m != NULL) && (n > 0); m = m->next) { 1078b795e127SAkhil Goyal uint8_t diff = l - dstlen, rem; 1079b795e127SAkhil Goyal 10808f675fc7STomasz Kulasek src = rte_pktmbuf_mtod(m, uint8_t *); 1081b795e127SAkhil Goyal l = RTE_MIN(rte_pktmbuf_data_len(m), n); 1082b795e127SAkhil Goyal if (diff && inplace) { 1083b795e127SAkhil Goyal rem = RTE_MIN(l, 1084b795e127SAkhil Goyal (EVP_CIPHER_CTX_block_size(ctx) - diff)); 1085b795e127SAkhil Goyal if (EVP_DecryptUpdate(ctx, temp, 1086b795e127SAkhil Goyal &dstlen, src, rem) <= 0) 1087b795e127SAkhil Goyal return -1; 1088b795e127SAkhil Goyal n -= rem; 1089b795e127SAkhil Goyal rte_memcpy(*dst, temp, diff); 1090b795e127SAkhil Goyal rte_memcpy(src, temp + diff, rem); 1091b795e127SAkhil Goyal src += rem; 1092b795e127SAkhil Goyal l -= rem; 1093b795e127SAkhil Goyal } 1094b795e127SAkhil Goyal if (inplace) 1095b795e127SAkhil Goyal *dst = src; 10968f675fc7STomasz Kulasek if (EVP_DecryptUpdate(ctx, *dst, &dstlen, src, l) <= 0) 10978f675fc7STomasz Kulasek return -1; 10988f675fc7STomasz Kulasek *dst += dstlen; 10998f675fc7STomasz Kulasek n -= l; 11008f675fc7STomasz Kulasek } 11018f675fc7STomasz Kulasek 11028f675fc7STomasz Kulasek return 0; 11038f675fc7STomasz Kulasek } 11048a9867a6SSlawomir Mrozowicz 11058a9867a6SSlawomir Mrozowicz /** Process standard openssl cipher encryption */ 11068a9867a6SSlawomir Mrozowicz static int 11078f675fc7STomasz Kulasek process_openssl_cipher_encrypt(struct rte_mbuf *mbuf_src, uint8_t *dst, 1108b795e127SAkhil Goyal int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx, 1109b795e127SAkhil Goyal uint8_t inplace) 11108a9867a6SSlawomir Mrozowicz { 11118f675fc7STomasz Kulasek int totlen; 11128a9867a6SSlawomir Mrozowicz 1113efd42d2eSAkhil Goyal if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) 11148a9867a6SSlawomir Mrozowicz goto process_cipher_encrypt_err; 11158a9867a6SSlawomir Mrozowicz 11166b283a03SPiotr Azarewicz EVP_CIPHER_CTX_set_padding(ctx, 0); 11176b283a03SPiotr Azarewicz 11188f675fc7STomasz Kulasek if (process_openssl_encryption_update(mbuf_src, offset, &dst, 1119b795e127SAkhil Goyal srclen, ctx, inplace)) 11208a9867a6SSlawomir Mrozowicz goto process_cipher_encrypt_err; 11218a9867a6SSlawomir Mrozowicz 11228f675fc7STomasz Kulasek if (EVP_EncryptFinal_ex(ctx, dst, &totlen) <= 0) 11238a9867a6SSlawomir Mrozowicz goto process_cipher_encrypt_err; 11248a9867a6SSlawomir Mrozowicz 11258a9867a6SSlawomir Mrozowicz return 0; 11268a9867a6SSlawomir Mrozowicz 11278a9867a6SSlawomir Mrozowicz process_cipher_encrypt_err: 1128094b2386SNaga Suresh Somarowthu OPENSSL_LOG(ERR, "Process openssl cipher encrypt failed"); 11298a9867a6SSlawomir Mrozowicz return -EINVAL; 11308a9867a6SSlawomir Mrozowicz } 11318a9867a6SSlawomir Mrozowicz 11321dee7bc7SPablo de Lara /** Process standard openssl cipher encryption */ 11331dee7bc7SPablo de Lara static int 11341dee7bc7SPablo de Lara process_openssl_cipher_bpi_encrypt(uint8_t *src, uint8_t *dst, 11351dee7bc7SPablo de Lara uint8_t *iv, int srclen, 11361dee7bc7SPablo de Lara EVP_CIPHER_CTX *ctx) 11371dee7bc7SPablo de Lara { 11381dee7bc7SPablo de Lara uint8_t i; 11391dee7bc7SPablo de Lara uint8_t encrypted_iv[DES_BLOCK_SIZE]; 11401dee7bc7SPablo de Lara int encrypted_ivlen; 11411dee7bc7SPablo de Lara 11421dee7bc7SPablo de Lara if (EVP_EncryptUpdate(ctx, encrypted_iv, &encrypted_ivlen, 11431dee7bc7SPablo de Lara iv, DES_BLOCK_SIZE) <= 0) 11441dee7bc7SPablo de Lara goto process_cipher_encrypt_err; 11451dee7bc7SPablo de Lara 11461dee7bc7SPablo de Lara for (i = 0; i < srclen; i++) 11471dee7bc7SPablo de Lara *(dst + i) = *(src + i) ^ (encrypted_iv[i]); 11481dee7bc7SPablo de Lara 11491dee7bc7SPablo de Lara return 0; 11501dee7bc7SPablo de Lara 11511dee7bc7SPablo de Lara process_cipher_encrypt_err: 1152094b2386SNaga Suresh Somarowthu OPENSSL_LOG(ERR, "Process openssl cipher bpi encrypt failed"); 11531dee7bc7SPablo de Lara return -EINVAL; 11541dee7bc7SPablo de Lara } 11558a9867a6SSlawomir Mrozowicz /** Process standard openssl cipher decryption */ 11568a9867a6SSlawomir Mrozowicz static int 11578f675fc7STomasz Kulasek process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst, 1158b795e127SAkhil Goyal int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx, 1159b795e127SAkhil Goyal uint8_t inplace) 11608a9867a6SSlawomir Mrozowicz { 11618f675fc7STomasz Kulasek int totlen; 11628a9867a6SSlawomir Mrozowicz 1163efd42d2eSAkhil Goyal if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) 11648a9867a6SSlawomir Mrozowicz goto process_cipher_decrypt_err; 11658a9867a6SSlawomir Mrozowicz 11665d63ef31SPiotr Azarewicz EVP_CIPHER_CTX_set_padding(ctx, 0); 11678a9867a6SSlawomir Mrozowicz 11688f675fc7STomasz Kulasek if (process_openssl_decryption_update(mbuf_src, offset, &dst, 1169b795e127SAkhil Goyal srclen, ctx, inplace)) 11708a9867a6SSlawomir Mrozowicz goto process_cipher_decrypt_err; 11718a9867a6SSlawomir Mrozowicz 11728f675fc7STomasz Kulasek if (EVP_DecryptFinal_ex(ctx, dst, &totlen) <= 0) 11738a9867a6SSlawomir Mrozowicz goto process_cipher_decrypt_err; 11748a9867a6SSlawomir Mrozowicz return 0; 11758a9867a6SSlawomir Mrozowicz 11768a9867a6SSlawomir Mrozowicz process_cipher_decrypt_err: 1177094b2386SNaga Suresh Somarowthu OPENSSL_LOG(ERR, "Process openssl cipher decrypt failed"); 11788a9867a6SSlawomir Mrozowicz return -EINVAL; 11798a9867a6SSlawomir Mrozowicz } 11808a9867a6SSlawomir Mrozowicz 11818a9867a6SSlawomir Mrozowicz /** Process cipher des 3 ctr encryption, decryption algorithm */ 11828a9867a6SSlawomir Mrozowicz static int 11838f675fc7STomasz Kulasek process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst, 1184*08917eddSJack Bond-Preston int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx) 11858a9867a6SSlawomir Mrozowicz { 11868a9867a6SSlawomir Mrozowicz uint8_t ebuf[8], ctr[8]; 11878a9867a6SSlawomir Mrozowicz int unused, n; 11888f675fc7STomasz Kulasek struct rte_mbuf *m; 11898f675fc7STomasz Kulasek uint8_t *src; 11908f675fc7STomasz Kulasek int l; 11918f675fc7STomasz Kulasek 11928f675fc7STomasz Kulasek for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m); 11938f675fc7STomasz Kulasek m = m->next) 11948f675fc7STomasz Kulasek offset -= rte_pktmbuf_data_len(m); 11958f675fc7STomasz Kulasek 11968f675fc7STomasz Kulasek if (m == 0) 11978f675fc7STomasz Kulasek goto process_cipher_des3ctr_err; 11988f675fc7STomasz Kulasek 11998f675fc7STomasz Kulasek src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset); 12008f675fc7STomasz Kulasek l = rte_pktmbuf_data_len(m) - offset; 12018a9867a6SSlawomir Mrozowicz 12028a9867a6SSlawomir Mrozowicz memcpy(ctr, iv, 8); 12038a9867a6SSlawomir Mrozowicz 12048f675fc7STomasz Kulasek for (n = 0; n < srclen; n++) { 12058a9867a6SSlawomir Mrozowicz if (n % 8 == 0) { 12068a9867a6SSlawomir Mrozowicz if (EVP_EncryptUpdate(ctx, 12078a9867a6SSlawomir Mrozowicz (unsigned char *)&ebuf, &unused, 12088a9867a6SSlawomir Mrozowicz (const unsigned char *)&ctr, 8) <= 0) 12098a9867a6SSlawomir Mrozowicz goto process_cipher_des3ctr_err; 12108a9867a6SSlawomir Mrozowicz ctr_inc(ctr); 12118a9867a6SSlawomir Mrozowicz } 12128f675fc7STomasz Kulasek dst[n] = *(src++) ^ ebuf[n % 8]; 12138f675fc7STomasz Kulasek 12148f675fc7STomasz Kulasek l--; 12158f675fc7STomasz Kulasek if (!l) { 12168f675fc7STomasz Kulasek m = m->next; 12178f675fc7STomasz Kulasek if (m) { 12188f675fc7STomasz Kulasek src = rte_pktmbuf_mtod(m, uint8_t *); 12198f675fc7STomasz Kulasek l = rte_pktmbuf_data_len(m); 12208f675fc7STomasz Kulasek } 12218f675fc7STomasz Kulasek } 12228a9867a6SSlawomir Mrozowicz } 12238a9867a6SSlawomir Mrozowicz 12248a9867a6SSlawomir Mrozowicz return 0; 12258a9867a6SSlawomir Mrozowicz 12268a9867a6SSlawomir Mrozowicz process_cipher_des3ctr_err: 1227094b2386SNaga Suresh Somarowthu OPENSSL_LOG(ERR, "Process openssl cipher des 3 ede ctr failed"); 12288a9867a6SSlawomir Mrozowicz return -EINVAL; 12298a9867a6SSlawomir Mrozowicz } 12308a9867a6SSlawomir Mrozowicz 12311a4998dcSPablo de Lara /** Process AES-GCM encrypt algorithm */ 12328a9867a6SSlawomir Mrozowicz static int 12338f675fc7STomasz Kulasek process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset, 1234b4b86b09SPablo de Lara int srclen, uint8_t *aad, int aadlen, uint8_t *iv, 1235b4b86b09SPablo de Lara uint8_t *dst, uint8_t *tag, EVP_CIPHER_CTX *ctx) 12368a9867a6SSlawomir Mrozowicz { 12375b94ac19SDidier Pallard int len = 0; 12385b94ac19SDidier Pallard #if OPENSSL_VERSION_NUMBER < 0x10100000L 12395b94ac19SDidier Pallard int unused = 0; 12408a9867a6SSlawomir Mrozowicz uint8_t empty[] = {}; 12415b94ac19SDidier Pallard #endif 12428a9867a6SSlawomir Mrozowicz 1243b4b86b09SPablo de Lara if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) 12448a9867a6SSlawomir Mrozowicz goto process_auth_encryption_gcm_err; 12458a9867a6SSlawomir Mrozowicz 12468f675fc7STomasz Kulasek if (aadlen > 0) 12478a9867a6SSlawomir Mrozowicz if (EVP_EncryptUpdate(ctx, NULL, &len, aad, aadlen) <= 0) 12488a9867a6SSlawomir Mrozowicz goto process_auth_encryption_gcm_err; 12498a9867a6SSlawomir Mrozowicz 12508f675fc7STomasz Kulasek if (srclen > 0) 12518f675fc7STomasz Kulasek if (process_openssl_encryption_update(mbuf_src, offset, &dst, 1252b795e127SAkhil Goyal srclen, ctx, 0)) 12538f675fc7STomasz Kulasek goto process_auth_encryption_gcm_err; 12548f675fc7STomasz Kulasek 12555b94ac19SDidier Pallard #if OPENSSL_VERSION_NUMBER < 0x10100000L 12568a9867a6SSlawomir Mrozowicz /* Workaround open ssl bug in version less then 1.0.1f */ 12578a9867a6SSlawomir Mrozowicz if (EVP_EncryptUpdate(ctx, empty, &unused, empty, 0) <= 0) 12588a9867a6SSlawomir Mrozowicz goto process_auth_encryption_gcm_err; 12595b94ac19SDidier Pallard #endif 12608a9867a6SSlawomir Mrozowicz 12618f675fc7STomasz Kulasek if (EVP_EncryptFinal_ex(ctx, dst, &len) <= 0) 12628a9867a6SSlawomir Mrozowicz goto process_auth_encryption_gcm_err; 12638a9867a6SSlawomir Mrozowicz 12648a9867a6SSlawomir Mrozowicz if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag) <= 0) 12658a9867a6SSlawomir Mrozowicz goto process_auth_encryption_gcm_err; 12668a9867a6SSlawomir Mrozowicz 12678a9867a6SSlawomir Mrozowicz return 0; 12688a9867a6SSlawomir Mrozowicz 12698a9867a6SSlawomir Mrozowicz process_auth_encryption_gcm_err: 1270094b2386SNaga Suresh Somarowthu OPENSSL_LOG(ERR, "Process openssl auth encryption gcm failed"); 12718a9867a6SSlawomir Mrozowicz return -EINVAL; 12728a9867a6SSlawomir Mrozowicz } 12738a9867a6SSlawomir Mrozowicz 12741a4998dcSPablo de Lara /** Process AES-CCM encrypt algorithm */ 12751a4998dcSPablo de Lara static int 12761a4998dcSPablo de Lara process_openssl_auth_encryption_ccm(struct rte_mbuf *mbuf_src, int offset, 12771a4998dcSPablo de Lara int srclen, uint8_t *aad, int aadlen, uint8_t *iv, 12781a4998dcSPablo de Lara uint8_t *dst, uint8_t *tag, uint8_t taglen, EVP_CIPHER_CTX *ctx) 12791a4998dcSPablo de Lara { 12801a4998dcSPablo de Lara int len = 0; 12811a4998dcSPablo de Lara 12821a4998dcSPablo de Lara if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) 12831a4998dcSPablo de Lara goto process_auth_encryption_ccm_err; 12841a4998dcSPablo de Lara 12851a4998dcSPablo de Lara if (EVP_EncryptUpdate(ctx, NULL, &len, NULL, srclen) <= 0) 12861a4998dcSPablo de Lara goto process_auth_encryption_ccm_err; 12871a4998dcSPablo de Lara 12881a4998dcSPablo de Lara if (aadlen > 0) 12891a4998dcSPablo de Lara /* 12901a4998dcSPablo de Lara * For AES-CCM, the actual AAD is placed 12911a4998dcSPablo de Lara * 18 bytes after the start of the AAD field, 12921a4998dcSPablo de Lara * according to the API. 12931a4998dcSPablo de Lara */ 12941a4998dcSPablo de Lara if (EVP_EncryptUpdate(ctx, NULL, &len, aad + 18, aadlen) <= 0) 12951a4998dcSPablo de Lara goto process_auth_encryption_ccm_err; 12961a4998dcSPablo de Lara 1297589f5e03SCiara Power if (srclen >= 0) 12981a4998dcSPablo de Lara if (process_openssl_encryption_update(mbuf_src, offset, &dst, 1299b795e127SAkhil Goyal srclen, ctx, 0)) 13001a4998dcSPablo de Lara goto process_auth_encryption_ccm_err; 13011a4998dcSPablo de Lara 13021a4998dcSPablo de Lara if (EVP_EncryptFinal_ex(ctx, dst, &len) <= 0) 13031a4998dcSPablo de Lara goto process_auth_encryption_ccm_err; 13041a4998dcSPablo de Lara 13051a4998dcSPablo de Lara if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, taglen, tag) <= 0) 13061a4998dcSPablo de Lara goto process_auth_encryption_ccm_err; 13071a4998dcSPablo de Lara 13081a4998dcSPablo de Lara return 0; 13091a4998dcSPablo de Lara 13101a4998dcSPablo de Lara process_auth_encryption_ccm_err: 1311094b2386SNaga Suresh Somarowthu OPENSSL_LOG(ERR, "Process openssl auth encryption ccm failed"); 13121a4998dcSPablo de Lara return -EINVAL; 13131a4998dcSPablo de Lara } 13141a4998dcSPablo de Lara 13151a4998dcSPablo de Lara /** Process AES-GCM decrypt algorithm */ 13168a9867a6SSlawomir Mrozowicz static int 13178f675fc7STomasz Kulasek process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset, 1318b4b86b09SPablo de Lara int srclen, uint8_t *aad, int aadlen, uint8_t *iv, 1319b4b86b09SPablo de Lara uint8_t *dst, uint8_t *tag, EVP_CIPHER_CTX *ctx) 13208a9867a6SSlawomir Mrozowicz { 13215b94ac19SDidier Pallard int len = 0; 13225b94ac19SDidier Pallard #if OPENSSL_VERSION_NUMBER < 0x10100000L 13235b94ac19SDidier Pallard int unused = 0; 13248a9867a6SSlawomir Mrozowicz uint8_t empty[] = {}; 13255b94ac19SDidier Pallard #endif 13268a9867a6SSlawomir Mrozowicz 13278a9867a6SSlawomir Mrozowicz if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag) <= 0) 13288a9867a6SSlawomir Mrozowicz goto process_auth_decryption_gcm_err; 13298a9867a6SSlawomir Mrozowicz 1330b4b86b09SPablo de Lara if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) 13318a9867a6SSlawomir Mrozowicz goto process_auth_decryption_gcm_err; 13328a9867a6SSlawomir Mrozowicz 13338f675fc7STomasz Kulasek if (aadlen > 0) 13348a9867a6SSlawomir Mrozowicz if (EVP_DecryptUpdate(ctx, NULL, &len, aad, aadlen) <= 0) 13358a9867a6SSlawomir Mrozowicz goto process_auth_decryption_gcm_err; 13368a9867a6SSlawomir Mrozowicz 13378f675fc7STomasz Kulasek if (srclen > 0) 13388f675fc7STomasz Kulasek if (process_openssl_decryption_update(mbuf_src, offset, &dst, 1339b795e127SAkhil Goyal srclen, ctx, 0)) 13408f675fc7STomasz Kulasek goto process_auth_decryption_gcm_err; 13418f675fc7STomasz Kulasek 13425b94ac19SDidier Pallard #if OPENSSL_VERSION_NUMBER < 0x10100000L 13438a9867a6SSlawomir Mrozowicz /* Workaround open ssl bug in version less then 1.0.1f */ 13448a9867a6SSlawomir Mrozowicz if (EVP_DecryptUpdate(ctx, empty, &unused, empty, 0) <= 0) 13458a9867a6SSlawomir Mrozowicz goto process_auth_decryption_gcm_err; 13465b94ac19SDidier Pallard #endif 13478a9867a6SSlawomir Mrozowicz 13488f675fc7STomasz Kulasek if (EVP_DecryptFinal_ex(ctx, dst, &len) <= 0) 13491a4998dcSPablo de Lara return -EFAULT; 13508a9867a6SSlawomir Mrozowicz 13518a9867a6SSlawomir Mrozowicz return 0; 13528a9867a6SSlawomir Mrozowicz 13538a9867a6SSlawomir Mrozowicz process_auth_decryption_gcm_err: 1354094b2386SNaga Suresh Somarowthu OPENSSL_LOG(ERR, "Process openssl auth decryption gcm failed"); 13558a9867a6SSlawomir Mrozowicz return -EINVAL; 13561a4998dcSPablo de Lara } 13578a9867a6SSlawomir Mrozowicz 13581a4998dcSPablo de Lara /** Process AES-CCM decrypt algorithm */ 13591a4998dcSPablo de Lara static int 13601a4998dcSPablo de Lara process_openssl_auth_decryption_ccm(struct rte_mbuf *mbuf_src, int offset, 13611a4998dcSPablo de Lara int srclen, uint8_t *aad, int aadlen, uint8_t *iv, 13621a4998dcSPablo de Lara uint8_t *dst, uint8_t *tag, uint8_t tag_len, 13631a4998dcSPablo de Lara EVP_CIPHER_CTX *ctx) 13641a4998dcSPablo de Lara { 13651a4998dcSPablo de Lara int len = 0; 13661a4998dcSPablo de Lara 13671a4998dcSPablo de Lara if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, tag_len, tag) <= 0) 13681a4998dcSPablo de Lara goto process_auth_decryption_ccm_err; 13691a4998dcSPablo de Lara 13701a4998dcSPablo de Lara if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) 13711a4998dcSPablo de Lara goto process_auth_decryption_ccm_err; 13721a4998dcSPablo de Lara 13731a4998dcSPablo de Lara if (EVP_DecryptUpdate(ctx, NULL, &len, NULL, srclen) <= 0) 13741a4998dcSPablo de Lara goto process_auth_decryption_ccm_err; 13751a4998dcSPablo de Lara 13761a4998dcSPablo de Lara if (aadlen > 0) 13771a4998dcSPablo de Lara /* 13781a4998dcSPablo de Lara * For AES-CCM, the actual AAD is placed 13791a4998dcSPablo de Lara * 18 bytes after the start of the AAD field, 13801a4998dcSPablo de Lara * according to the API. 13811a4998dcSPablo de Lara */ 13821a4998dcSPablo de Lara if (EVP_DecryptUpdate(ctx, NULL, &len, aad + 18, aadlen) <= 0) 13831a4998dcSPablo de Lara goto process_auth_decryption_ccm_err; 13841a4998dcSPablo de Lara 1385589f5e03SCiara Power if (srclen >= 0) 13861a4998dcSPablo de Lara if (process_openssl_decryption_update(mbuf_src, offset, &dst, 1387b795e127SAkhil Goyal srclen, ctx, 0)) 13888a9867a6SSlawomir Mrozowicz return -EFAULT; 13891a4998dcSPablo de Lara 13901a4998dcSPablo de Lara return 0; 13911a4998dcSPablo de Lara 13921a4998dcSPablo de Lara process_auth_decryption_ccm_err: 1393094b2386SNaga Suresh Somarowthu OPENSSL_LOG(ERR, "Process openssl auth decryption ccm failed"); 13941a4998dcSPablo de Lara return -EINVAL; 13958a9867a6SSlawomir Mrozowicz } 13968a9867a6SSlawomir Mrozowicz 13978a9867a6SSlawomir Mrozowicz /** Process standard openssl auth algorithms */ 13988a9867a6SSlawomir Mrozowicz static int 13998f675fc7STomasz Kulasek process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset, 14008a9867a6SSlawomir Mrozowicz __rte_unused uint8_t *iv, __rte_unused EVP_PKEY * pkey, 14018a9867a6SSlawomir Mrozowicz int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo) 14028a9867a6SSlawomir Mrozowicz { 14038a9867a6SSlawomir Mrozowicz size_t dstlen; 14048f675fc7STomasz Kulasek struct rte_mbuf *m; 14058f675fc7STomasz Kulasek int l, n = srclen; 14068f675fc7STomasz Kulasek uint8_t *src; 14078f675fc7STomasz Kulasek 14088f675fc7STomasz Kulasek for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m); 14098f675fc7STomasz Kulasek m = m->next) 14108f675fc7STomasz Kulasek offset -= rte_pktmbuf_data_len(m); 14118f675fc7STomasz Kulasek 14128f675fc7STomasz Kulasek if (m == 0) 14138f675fc7STomasz Kulasek goto process_auth_err; 14148a9867a6SSlawomir Mrozowicz 14158a9867a6SSlawomir Mrozowicz if (EVP_DigestInit_ex(ctx, algo, NULL) <= 0) 14168a9867a6SSlawomir Mrozowicz goto process_auth_err; 14178a9867a6SSlawomir Mrozowicz 14188f675fc7STomasz Kulasek src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset); 14198f675fc7STomasz Kulasek 14208f675fc7STomasz Kulasek l = rte_pktmbuf_data_len(m) - offset; 14218f675fc7STomasz Kulasek if (srclen <= l) { 14228a9867a6SSlawomir Mrozowicz if (EVP_DigestUpdate(ctx, (char *)src, srclen) <= 0) 14238a9867a6SSlawomir Mrozowicz goto process_auth_err; 14248f675fc7STomasz Kulasek goto process_auth_final; 14258f675fc7STomasz Kulasek } 14268a9867a6SSlawomir Mrozowicz 14278f675fc7STomasz Kulasek if (EVP_DigestUpdate(ctx, (char *)src, l) <= 0) 14288a9867a6SSlawomir Mrozowicz goto process_auth_err; 14298a9867a6SSlawomir Mrozowicz 14308f675fc7STomasz Kulasek n -= l; 14318f675fc7STomasz Kulasek 14328f675fc7STomasz Kulasek for (m = m->next; (m != NULL) && (n > 0); m = m->next) { 14338f675fc7STomasz Kulasek src = rte_pktmbuf_mtod(m, uint8_t *); 14348f675fc7STomasz Kulasek l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n; 14358f675fc7STomasz Kulasek if (EVP_DigestUpdate(ctx, (char *)src, l) <= 0) 14368f675fc7STomasz Kulasek goto process_auth_err; 14378f675fc7STomasz Kulasek n -= l; 14388f675fc7STomasz Kulasek } 14398f675fc7STomasz Kulasek 14408f675fc7STomasz Kulasek process_auth_final: 14418f675fc7STomasz Kulasek if (EVP_DigestFinal_ex(ctx, dst, (unsigned int *)&dstlen) <= 0) 14428f675fc7STomasz Kulasek goto process_auth_err; 14438a9867a6SSlawomir Mrozowicz return 0; 14448a9867a6SSlawomir Mrozowicz 14458a9867a6SSlawomir Mrozowicz process_auth_err: 1446094b2386SNaga Suresh Somarowthu OPENSSL_LOG(ERR, "Process openssl auth failed"); 14478a9867a6SSlawomir Mrozowicz return -EINVAL; 14488a9867a6SSlawomir Mrozowicz } 14498a9867a6SSlawomir Mrozowicz 145075adf1eaSKai Ji # if OPENSSL_VERSION_NUMBER >= 0x30000000L 14512b9c693fSAshwin Sekhar T K /** Process standard openssl auth algorithms with hmac/cmac */ 145275adf1eaSKai Ji static int 14532b9c693fSAshwin Sekhar T K process_openssl_auth_mac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset, 145475adf1eaSKai Ji int srclen, EVP_MAC_CTX *ctx) 145575adf1eaSKai Ji { 145675adf1eaSKai Ji size_t dstlen; 145775adf1eaSKai Ji struct rte_mbuf *m; 145875adf1eaSKai Ji int l, n = srclen; 145975adf1eaSKai Ji uint8_t *src; 146075adf1eaSKai Ji 146175adf1eaSKai Ji for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m); 146275adf1eaSKai Ji m = m->next) 146375adf1eaSKai Ji offset -= rte_pktmbuf_data_len(m); 146475adf1eaSKai Ji 146575adf1eaSKai Ji if (m == 0) 146675adf1eaSKai Ji goto process_auth_err; 146775adf1eaSKai Ji 146875adf1eaSKai Ji src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset); 146975adf1eaSKai Ji 147075adf1eaSKai Ji l = rte_pktmbuf_data_len(m) - offset; 147175adf1eaSKai Ji if (srclen <= l) { 147275adf1eaSKai Ji if (EVP_MAC_update(ctx, (unsigned char *)src, srclen) != 1) 147375adf1eaSKai Ji goto process_auth_err; 147475adf1eaSKai Ji goto process_auth_final; 147575adf1eaSKai Ji } 147675adf1eaSKai Ji 147775adf1eaSKai Ji if (EVP_MAC_update(ctx, (unsigned char *)src, l) != 1) 147875adf1eaSKai Ji goto process_auth_err; 147975adf1eaSKai Ji 148075adf1eaSKai Ji n -= l; 148175adf1eaSKai Ji 148275adf1eaSKai Ji for (m = m->next; (m != NULL) && (n > 0); m = m->next) { 148375adf1eaSKai Ji src = rte_pktmbuf_mtod(m, uint8_t *); 148475adf1eaSKai Ji l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n; 148575adf1eaSKai Ji if (EVP_MAC_update(ctx, (unsigned char *)src, l) != 1) 148675adf1eaSKai Ji goto process_auth_err; 148775adf1eaSKai Ji n -= l; 148875adf1eaSKai Ji } 148975adf1eaSKai Ji 149075adf1eaSKai Ji process_auth_final: 14910100b0f3SKai Ji if (EVP_MAC_final(ctx, dst, &dstlen, DIGEST_LENGTH_MAX) != 1) 149275adf1eaSKai Ji goto process_auth_err; 149375adf1eaSKai Ji 149475adf1eaSKai Ji EVP_MAC_CTX_free(ctx); 149575adf1eaSKai Ji return 0; 149675adf1eaSKai Ji 149775adf1eaSKai Ji process_auth_err: 149875adf1eaSKai Ji EVP_MAC_CTX_free(ctx); 149975adf1eaSKai Ji OPENSSL_LOG(ERR, "Process openssl auth failed"); 150075adf1eaSKai Ji return -EINVAL; 150175adf1eaSKai Ji } 150275adf1eaSKai Ji # else 15038a9867a6SSlawomir Mrozowicz /** Process standard openssl auth algorithms with hmac */ 15048a9867a6SSlawomir Mrozowicz static int 15058f675fc7STomasz Kulasek process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset, 15063d0243feSAkhil Goyal int srclen, HMAC_CTX *ctx) 15078a9867a6SSlawomir Mrozowicz { 15083d0243feSAkhil Goyal unsigned int dstlen; 15098f675fc7STomasz Kulasek struct rte_mbuf *m; 15108f675fc7STomasz Kulasek int l, n = srclen; 15118f675fc7STomasz Kulasek uint8_t *src; 15128f675fc7STomasz Kulasek 15138f675fc7STomasz Kulasek for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m); 15148f675fc7STomasz Kulasek m = m->next) 15158f675fc7STomasz Kulasek offset -= rte_pktmbuf_data_len(m); 15168f675fc7STomasz Kulasek 15178f675fc7STomasz Kulasek if (m == 0) 15188f675fc7STomasz Kulasek goto process_auth_err; 15198a9867a6SSlawomir Mrozowicz 15208f675fc7STomasz Kulasek src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset); 15218f675fc7STomasz Kulasek 15228f675fc7STomasz Kulasek l = rte_pktmbuf_data_len(m) - offset; 15238f675fc7STomasz Kulasek if (srclen <= l) { 15243d0243feSAkhil Goyal if (HMAC_Update(ctx, (unsigned char *)src, srclen) != 1) 15258a9867a6SSlawomir Mrozowicz goto process_auth_err; 15268f675fc7STomasz Kulasek goto process_auth_final; 15278f675fc7STomasz Kulasek } 15288a9867a6SSlawomir Mrozowicz 15293d0243feSAkhil Goyal if (HMAC_Update(ctx, (unsigned char *)src, l) != 1) 15308f675fc7STomasz Kulasek goto process_auth_err; 15318f675fc7STomasz Kulasek 15328f675fc7STomasz Kulasek n -= l; 15338f675fc7STomasz Kulasek 15348f675fc7STomasz Kulasek for (m = m->next; (m != NULL) && (n > 0); m = m->next) { 15358f675fc7STomasz Kulasek src = rte_pktmbuf_mtod(m, uint8_t *); 15368f675fc7STomasz Kulasek l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n; 15373d0243feSAkhil Goyal if (HMAC_Update(ctx, (unsigned char *)src, l) != 1) 15388f675fc7STomasz Kulasek goto process_auth_err; 15398f675fc7STomasz Kulasek n -= l; 15408f675fc7STomasz Kulasek } 15418f675fc7STomasz Kulasek 15428f675fc7STomasz Kulasek process_auth_final: 15433d0243feSAkhil Goyal if (HMAC_Final(ctx, dst, &dstlen) != 1) 15443d0243feSAkhil Goyal goto process_auth_err; 15453d0243feSAkhil Goyal 15463d0243feSAkhil Goyal if (unlikely(HMAC_Init_ex(ctx, NULL, 0, NULL, NULL) != 1)) 15478a9867a6SSlawomir Mrozowicz goto process_auth_err; 15488a9867a6SSlawomir Mrozowicz 15498a9867a6SSlawomir Mrozowicz return 0; 15508a9867a6SSlawomir Mrozowicz 15518a9867a6SSlawomir Mrozowicz process_auth_err: 1552094b2386SNaga Suresh Somarowthu OPENSSL_LOG(ERR, "Process openssl auth failed"); 15538a9867a6SSlawomir Mrozowicz return -EINVAL; 15548a9867a6SSlawomir Mrozowicz } 15552b9c693fSAshwin Sekhar T K 15562b9c693fSAshwin Sekhar T K /** Process standard openssl auth algorithms with cmac */ 15572b9c693fSAshwin Sekhar T K static int 15582b9c693fSAshwin Sekhar T K process_openssl_auth_cmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset, 15592b9c693fSAshwin Sekhar T K int srclen, CMAC_CTX *ctx) 15602b9c693fSAshwin Sekhar T K { 15612b9c693fSAshwin Sekhar T K unsigned int dstlen; 15622b9c693fSAshwin Sekhar T K struct rte_mbuf *m; 15632b9c693fSAshwin Sekhar T K int l, n = srclen; 15642b9c693fSAshwin Sekhar T K uint8_t *src; 15652b9c693fSAshwin Sekhar T K 15662b9c693fSAshwin Sekhar T K for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m); 15672b9c693fSAshwin Sekhar T K m = m->next) 15682b9c693fSAshwin Sekhar T K offset -= rte_pktmbuf_data_len(m); 15692b9c693fSAshwin Sekhar T K 15702b9c693fSAshwin Sekhar T K if (m == 0) 15712b9c693fSAshwin Sekhar T K goto process_auth_err; 15722b9c693fSAshwin Sekhar T K 15732b9c693fSAshwin Sekhar T K src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset); 15742b9c693fSAshwin Sekhar T K 15752b9c693fSAshwin Sekhar T K l = rte_pktmbuf_data_len(m) - offset; 15762b9c693fSAshwin Sekhar T K if (srclen <= l) { 15772b9c693fSAshwin Sekhar T K if (CMAC_Update(ctx, (unsigned char *)src, srclen) != 1) 15782b9c693fSAshwin Sekhar T K goto process_auth_err; 15792b9c693fSAshwin Sekhar T K goto process_auth_final; 15802b9c693fSAshwin Sekhar T K } 15812b9c693fSAshwin Sekhar T K 15822b9c693fSAshwin Sekhar T K if (CMAC_Update(ctx, (unsigned char *)src, l) != 1) 15832b9c693fSAshwin Sekhar T K goto process_auth_err; 15842b9c693fSAshwin Sekhar T K 15852b9c693fSAshwin Sekhar T K n -= l; 15862b9c693fSAshwin Sekhar T K 15872b9c693fSAshwin Sekhar T K for (m = m->next; (m != NULL) && (n > 0); m = m->next) { 15882b9c693fSAshwin Sekhar T K src = rte_pktmbuf_mtod(m, uint8_t *); 15892b9c693fSAshwin Sekhar T K l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n; 15902b9c693fSAshwin Sekhar T K if (CMAC_Update(ctx, (unsigned char *)src, l) != 1) 15912b9c693fSAshwin Sekhar T K goto process_auth_err; 15922b9c693fSAshwin Sekhar T K n -= l; 15932b9c693fSAshwin Sekhar T K } 15942b9c693fSAshwin Sekhar T K 15952b9c693fSAshwin Sekhar T K process_auth_final: 15962b9c693fSAshwin Sekhar T K if (CMAC_Final(ctx, dst, (size_t *)&dstlen) != 1) 15972b9c693fSAshwin Sekhar T K goto process_auth_err; 15982b9c693fSAshwin Sekhar T K 15992b9c693fSAshwin Sekhar T K CMAC_CTX_cleanup(ctx); 16002b9c693fSAshwin Sekhar T K 16012b9c693fSAshwin Sekhar T K return 0; 16022b9c693fSAshwin Sekhar T K 16032b9c693fSAshwin Sekhar T K process_auth_err: 16042b9c693fSAshwin Sekhar T K OPENSSL_LOG(ERR, "Process openssl cmac auth failed"); 16052b9c693fSAshwin Sekhar T K return -EINVAL; 16062b9c693fSAshwin Sekhar T K } 160775adf1eaSKai Ji # endif 16088a9867a6SSlawomir Mrozowicz /*----------------------------------------------------------------------------*/ 16098a9867a6SSlawomir Mrozowicz 16108a9867a6SSlawomir Mrozowicz /** Process auth/cipher combined operation */ 16118a9867a6SSlawomir Mrozowicz static void 16128a9867a6SSlawomir Mrozowicz process_openssl_combined_op 16138a9867a6SSlawomir Mrozowicz (struct rte_crypto_op *op, struct openssl_session *sess, 16148a9867a6SSlawomir Mrozowicz struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst) 16158a9867a6SSlawomir Mrozowicz { 16168a9867a6SSlawomir Mrozowicz /* cipher */ 16178f675fc7STomasz Kulasek uint8_t *dst = NULL, *iv, *tag, *aad; 1618b4b86b09SPablo de Lara int srclen, aadlen, status = -1; 1619e32e4fa8SPablo de Lara uint32_t offset; 16201a4998dcSPablo de Lara uint8_t taglen; 16218a9867a6SSlawomir Mrozowicz 16228f675fc7STomasz Kulasek /* 16238f675fc7STomasz Kulasek * Segmented destination buffer is not supported for 16248f675fc7STomasz Kulasek * encryption/decryption 16258f675fc7STomasz Kulasek */ 16268f675fc7STomasz Kulasek if (!rte_pktmbuf_is_contiguous(mbuf_dst)) { 16278f675fc7STomasz Kulasek op->status = RTE_CRYPTO_OP_STATUS_ERROR; 16288f675fc7STomasz Kulasek return; 16298f675fc7STomasz Kulasek } 16308f675fc7STomasz Kulasek 163178d7765fSJack Bond-Preston EVP_CIPHER_CTX *ctx; 163278d7765fSJack Bond-Preston if (openssl_aesni_ctx_clone(&ctx, sess) != 0) { 163378d7765fSJack Bond-Preston op->status = RTE_CRYPTO_OP_STATUS_ERROR; 163478d7765fSJack Bond-Preston return; 163578d7765fSJack Bond-Preston } 163678d7765fSJack Bond-Preston 16375082f991SPablo de Lara iv = rte_crypto_op_ctod_offset(op, uint8_t *, 16380fbd75a9SPablo de Lara sess->iv.offset); 1639e32e4fa8SPablo de Lara if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) { 16408a9867a6SSlawomir Mrozowicz srclen = 0; 1641e32e4fa8SPablo de Lara offset = op->sym->auth.data.offset; 1642e32e4fa8SPablo de Lara aadlen = op->sym->auth.data.length; 1643e32e4fa8SPablo de Lara aad = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *, 1644e32e4fa8SPablo de Lara op->sym->auth.data.offset); 1645b79e4c00SPablo de Lara tag = op->sym->auth.digest.data; 1646b79e4c00SPablo de Lara if (tag == NULL) 1647b79e4c00SPablo de Lara tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, 1648b79e4c00SPablo de Lara offset + aadlen); 1649e32e4fa8SPablo de Lara } else { 1650b79e4c00SPablo de Lara srclen = op->sym->aead.data.length; 16518a9867a6SSlawomir Mrozowicz dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, 1652b79e4c00SPablo de Lara op->sym->aead.data.offset); 1653b79e4c00SPablo de Lara offset = op->sym->aead.data.offset; 1654b79e4c00SPablo de Lara aad = op->sym->aead.aad.data; 1655e32e4fa8SPablo de Lara aadlen = sess->auth.aad_length; 1656b79e4c00SPablo de Lara tag = op->sym->aead.digest.data; 1657b79e4c00SPablo de Lara if (tag == NULL) 1658b79e4c00SPablo de Lara tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, 1659b79e4c00SPablo de Lara offset + srclen); 16608a9867a6SSlawomir Mrozowicz } 16618a9867a6SSlawomir Mrozowicz 16621a4998dcSPablo de Lara taglen = sess->auth.digest_length; 16631a4998dcSPablo de Lara 16641a4998dcSPablo de Lara if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { 16651a4998dcSPablo de Lara if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC || 16661a4998dcSPablo de Lara sess->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) 16678a9867a6SSlawomir Mrozowicz status = process_openssl_auth_encryption_gcm( 1668e32e4fa8SPablo de Lara mbuf_src, offset, srclen, 1669b4b86b09SPablo de Lara aad, aadlen, iv, 167078d7765fSJack Bond-Preston dst, tag, ctx); 16718a9867a6SSlawomir Mrozowicz else 16721a4998dcSPablo de Lara status = process_openssl_auth_encryption_ccm( 16731a4998dcSPablo de Lara mbuf_src, offset, srclen, 16741a4998dcSPablo de Lara aad, aadlen, iv, 167578d7765fSJack Bond-Preston dst, tag, taglen, ctx); 16761a4998dcSPablo de Lara 16771a4998dcSPablo de Lara } else { 16781a4998dcSPablo de Lara if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC || 16791a4998dcSPablo de Lara sess->aead_algo == RTE_CRYPTO_AEAD_AES_GCM) 16808a9867a6SSlawomir Mrozowicz status = process_openssl_auth_decryption_gcm( 1681e32e4fa8SPablo de Lara mbuf_src, offset, srclen, 1682b4b86b09SPablo de Lara aad, aadlen, iv, 168378d7765fSJack Bond-Preston dst, tag, ctx); 16841a4998dcSPablo de Lara else 16851a4998dcSPablo de Lara status = process_openssl_auth_decryption_ccm( 16861a4998dcSPablo de Lara mbuf_src, offset, srclen, 16871a4998dcSPablo de Lara aad, aadlen, iv, 168878d7765fSJack Bond-Preston dst, tag, taglen, ctx); 16891a4998dcSPablo de Lara } 16908a9867a6SSlawomir Mrozowicz 169178d7765fSJack Bond-Preston EVP_CIPHER_CTX_free(ctx); 169278d7765fSJack Bond-Preston 16938a9867a6SSlawomir Mrozowicz if (status != 0) { 16948a9867a6SSlawomir Mrozowicz if (status == (-EFAULT) && 16958a9867a6SSlawomir Mrozowicz sess->auth.operation == 16968a9867a6SSlawomir Mrozowicz RTE_CRYPTO_AUTH_OP_VERIFY) 16978a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; 16988a9867a6SSlawomir Mrozowicz else 16998a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_ERROR; 17008a9867a6SSlawomir Mrozowicz } 17018a9867a6SSlawomir Mrozowicz } 17028a9867a6SSlawomir Mrozowicz 17038a9867a6SSlawomir Mrozowicz /** Process cipher operation */ 17048a9867a6SSlawomir Mrozowicz static void 17058a9867a6SSlawomir Mrozowicz process_openssl_cipher_op 17068a9867a6SSlawomir Mrozowicz (struct rte_crypto_op *op, struct openssl_session *sess, 17078a9867a6SSlawomir Mrozowicz struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst) 17088a9867a6SSlawomir Mrozowicz { 17098f675fc7STomasz Kulasek uint8_t *dst, *iv; 17108a9867a6SSlawomir Mrozowicz int srclen, status; 1711b795e127SAkhil Goyal uint8_t inplace = (mbuf_src == mbuf_dst) ? 1 : 0; 171267ab783bSThierry Herbelot EVP_CIPHER_CTX *ctx_copy; 17138a9867a6SSlawomir Mrozowicz 17148f675fc7STomasz Kulasek /* 1715b795e127SAkhil Goyal * Segmented OOP destination buffer is not supported for encryption/ 1716b795e127SAkhil Goyal * decryption. In case of des3ctr, even inplace segmented buffers are 1717b795e127SAkhil Goyal * not supported. 17188f675fc7STomasz Kulasek */ 1719b795e127SAkhil Goyal if (!rte_pktmbuf_is_contiguous(mbuf_dst) && 1720b795e127SAkhil Goyal (!inplace || sess->cipher.mode != OPENSSL_CIPHER_LIB)) { 17218f675fc7STomasz Kulasek op->status = RTE_CRYPTO_OP_STATUS_ERROR; 17228f675fc7STomasz Kulasek return; 17238f675fc7STomasz Kulasek } 17248f675fc7STomasz Kulasek 17258a9867a6SSlawomir Mrozowicz srclen = op->sym->cipher.data.length; 17268a9867a6SSlawomir Mrozowicz dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, 17278a9867a6SSlawomir Mrozowicz op->sym->cipher.data.offset); 17288a9867a6SSlawomir Mrozowicz 17295082f991SPablo de Lara iv = rte_crypto_op_ctod_offset(op, uint8_t *, 17300fbd75a9SPablo de Lara sess->iv.offset); 173167ab783bSThierry Herbelot ctx_copy = EVP_CIPHER_CTX_new(); 173267ab783bSThierry Herbelot EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx); 17338a9867a6SSlawomir Mrozowicz 17348a9867a6SSlawomir Mrozowicz if (sess->cipher.mode == OPENSSL_CIPHER_LIB) 17358a9867a6SSlawomir Mrozowicz if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) 17368f675fc7STomasz Kulasek status = process_openssl_cipher_encrypt(mbuf_src, dst, 17378f675fc7STomasz Kulasek op->sym->cipher.data.offset, iv, 1738b795e127SAkhil Goyal srclen, ctx_copy, inplace); 17398a9867a6SSlawomir Mrozowicz else 17408f675fc7STomasz Kulasek status = process_openssl_cipher_decrypt(mbuf_src, dst, 17418f675fc7STomasz Kulasek op->sym->cipher.data.offset, iv, 1742b795e127SAkhil Goyal srclen, ctx_copy, inplace); 17438a9867a6SSlawomir Mrozowicz else 17448f675fc7STomasz Kulasek status = process_openssl_cipher_des3ctr(mbuf_src, dst, 1745*08917eddSJack Bond-Preston op->sym->cipher.data.offset, iv, srclen, 174667ab783bSThierry Herbelot ctx_copy); 17478a9867a6SSlawomir Mrozowicz 174867ab783bSThierry Herbelot EVP_CIPHER_CTX_free(ctx_copy); 17498a9867a6SSlawomir Mrozowicz if (status != 0) 17508a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_ERROR; 17518a9867a6SSlawomir Mrozowicz } 17528a9867a6SSlawomir Mrozowicz 17531dee7bc7SPablo de Lara /** Process cipher operation */ 17541dee7bc7SPablo de Lara static void 17551dee7bc7SPablo de Lara process_openssl_docsis_bpi_op(struct rte_crypto_op *op, 17561dee7bc7SPablo de Lara struct openssl_session *sess, struct rte_mbuf *mbuf_src, 17571dee7bc7SPablo de Lara struct rte_mbuf *mbuf_dst) 17581dee7bc7SPablo de Lara { 17591dee7bc7SPablo de Lara uint8_t *src, *dst, *iv; 17601dee7bc7SPablo de Lara uint8_t block_size, last_block_len; 17611dee7bc7SPablo de Lara int srclen, status = 0; 17621dee7bc7SPablo de Lara 17631dee7bc7SPablo de Lara srclen = op->sym->cipher.data.length; 17641dee7bc7SPablo de Lara src = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *, 17651dee7bc7SPablo de Lara op->sym->cipher.data.offset); 17661dee7bc7SPablo de Lara dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, 17671dee7bc7SPablo de Lara op->sym->cipher.data.offset); 17681dee7bc7SPablo de Lara 17695082f991SPablo de Lara iv = rte_crypto_op_ctod_offset(op, uint8_t *, 17700fbd75a9SPablo de Lara sess->iv.offset); 17711dee7bc7SPablo de Lara 17721dee7bc7SPablo de Lara block_size = DES_BLOCK_SIZE; 17731dee7bc7SPablo de Lara 17741dee7bc7SPablo de Lara last_block_len = srclen % block_size; 17751dee7bc7SPablo de Lara if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { 17761dee7bc7SPablo de Lara /* Encrypt only with ECB mode XOR IV */ 17771dee7bc7SPablo de Lara if (srclen < block_size) { 17781dee7bc7SPablo de Lara status = process_openssl_cipher_bpi_encrypt(src, dst, 17791dee7bc7SPablo de Lara iv, srclen, 17801dee7bc7SPablo de Lara sess->cipher.bpi_ctx); 17811dee7bc7SPablo de Lara } else { 17821dee7bc7SPablo de Lara srclen -= last_block_len; 17831dee7bc7SPablo de Lara /* Encrypt with the block aligned stream with CBC mode */ 17841dee7bc7SPablo de Lara status = process_openssl_cipher_encrypt(mbuf_src, dst, 17851dee7bc7SPablo de Lara op->sym->cipher.data.offset, iv, 1786b795e127SAkhil Goyal srclen, sess->cipher.ctx, 0); 17871dee7bc7SPablo de Lara if (last_block_len) { 17881dee7bc7SPablo de Lara /* Point at last block */ 17891dee7bc7SPablo de Lara dst += srclen; 17901dee7bc7SPablo de Lara /* 17911dee7bc7SPablo de Lara * IV is the last encrypted block from 17921dee7bc7SPablo de Lara * the previous operation 17931dee7bc7SPablo de Lara */ 17941dee7bc7SPablo de Lara iv = dst - block_size; 17951dee7bc7SPablo de Lara src += srclen; 17961dee7bc7SPablo de Lara srclen = last_block_len; 17971dee7bc7SPablo de Lara /* Encrypt the last frame with ECB mode */ 17981dee7bc7SPablo de Lara status |= process_openssl_cipher_bpi_encrypt(src, 17991dee7bc7SPablo de Lara dst, iv, 18001dee7bc7SPablo de Lara srclen, sess->cipher.bpi_ctx); 18011dee7bc7SPablo de Lara } 18021dee7bc7SPablo de Lara } 18031dee7bc7SPablo de Lara } else { 18041dee7bc7SPablo de Lara /* Decrypt only with ECB mode (encrypt, as it is same operation) */ 18051dee7bc7SPablo de Lara if (srclen < block_size) { 18061dee7bc7SPablo de Lara status = process_openssl_cipher_bpi_encrypt(src, dst, 18071dee7bc7SPablo de Lara iv, 18081dee7bc7SPablo de Lara srclen, 18091dee7bc7SPablo de Lara sess->cipher.bpi_ctx); 18101dee7bc7SPablo de Lara } else { 18111dee7bc7SPablo de Lara if (last_block_len) { 18121dee7bc7SPablo de Lara /* Point at last block */ 18131dee7bc7SPablo de Lara dst += srclen - last_block_len; 18141dee7bc7SPablo de Lara src += srclen - last_block_len; 18151dee7bc7SPablo de Lara /* 18161dee7bc7SPablo de Lara * IV is the last full block 18171dee7bc7SPablo de Lara */ 18181dee7bc7SPablo de Lara iv = src - block_size; 18191dee7bc7SPablo de Lara /* 18201dee7bc7SPablo de Lara * Decrypt the last frame with ECB mode 18211dee7bc7SPablo de Lara * (encrypt, as it is the same operation) 18221dee7bc7SPablo de Lara */ 18231dee7bc7SPablo de Lara status = process_openssl_cipher_bpi_encrypt(src, 18241dee7bc7SPablo de Lara dst, iv, 18251dee7bc7SPablo de Lara last_block_len, sess->cipher.bpi_ctx); 18261dee7bc7SPablo de Lara /* Prepare parameters for CBC mode op */ 18275082f991SPablo de Lara iv = rte_crypto_op_ctod_offset(op, uint8_t *, 18280fbd75a9SPablo de Lara sess->iv.offset); 18291dee7bc7SPablo de Lara dst += last_block_len - srclen; 18301dee7bc7SPablo de Lara srclen -= last_block_len; 18311dee7bc7SPablo de Lara } 18321dee7bc7SPablo de Lara 18331dee7bc7SPablo de Lara /* Decrypt with CBC mode */ 18341dee7bc7SPablo de Lara status |= process_openssl_cipher_decrypt(mbuf_src, dst, 18351dee7bc7SPablo de Lara op->sym->cipher.data.offset, iv, 1836b795e127SAkhil Goyal srclen, sess->cipher.ctx, 0); 18371dee7bc7SPablo de Lara } 18381dee7bc7SPablo de Lara } 18391dee7bc7SPablo de Lara 18401dee7bc7SPablo de Lara if (status != 0) 18411dee7bc7SPablo de Lara op->status = RTE_CRYPTO_OP_STATUS_ERROR; 18421dee7bc7SPablo de Lara } 18431dee7bc7SPablo de Lara 18448a9867a6SSlawomir Mrozowicz /** Process auth operation */ 18458a9867a6SSlawomir Mrozowicz static void 1846f296593fSPablo de Lara process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, 1847f296593fSPablo de Lara struct openssl_session *sess, struct rte_mbuf *mbuf_src, 1848f296593fSPablo de Lara struct rte_mbuf *mbuf_dst) 18498a9867a6SSlawomir Mrozowicz { 18508f675fc7STomasz Kulasek uint8_t *dst; 18518a9867a6SSlawomir Mrozowicz int srclen, status; 185267ab783bSThierry Herbelot EVP_MD_CTX *ctx_a; 185375adf1eaSKai Ji # if OPENSSL_VERSION_NUMBER >= 0x30000000L 185475adf1eaSKai Ji EVP_MAC_CTX *ctx_h; 18552b9c693fSAshwin Sekhar T K EVP_MAC_CTX *ctx_c; 185675adf1eaSKai Ji # else 185767ab783bSThierry Herbelot HMAC_CTX *ctx_h; 18582b9c693fSAshwin Sekhar T K CMAC_CTX *ctx_c; 185975adf1eaSKai Ji # endif 18608a9867a6SSlawomir Mrozowicz 18618a9867a6SSlawomir Mrozowicz srclen = op->sym->auth.data.length; 18628a9867a6SSlawomir Mrozowicz 1863f296593fSPablo de Lara dst = qp->temp_digest; 18648a9867a6SSlawomir Mrozowicz 18658a9867a6SSlawomir Mrozowicz switch (sess->auth.mode) { 18668a9867a6SSlawomir Mrozowicz case OPENSSL_AUTH_AS_AUTH: 186767ab783bSThierry Herbelot ctx_a = EVP_MD_CTX_create(); 186867ab783bSThierry Herbelot EVP_MD_CTX_copy_ex(ctx_a, sess->auth.auth.ctx); 18698f675fc7STomasz Kulasek status = process_openssl_auth(mbuf_src, dst, 18708f675fc7STomasz Kulasek op->sym->auth.data.offset, NULL, NULL, srclen, 187167ab783bSThierry Herbelot ctx_a, sess->auth.auth.evp_algo); 187267ab783bSThierry Herbelot EVP_MD_CTX_destroy(ctx_a); 18738a9867a6SSlawomir Mrozowicz break; 18748a9867a6SSlawomir Mrozowicz case OPENSSL_AUTH_AS_HMAC: 187575adf1eaSKai Ji # if OPENSSL_VERSION_NUMBER >= 0x30000000L 187675adf1eaSKai Ji ctx_h = EVP_MAC_CTX_dup(sess->auth.hmac.ctx); 18772b9c693fSAshwin Sekhar T K status = process_openssl_auth_mac(mbuf_src, dst, 187875adf1eaSKai Ji op->sym->auth.data.offset, srclen, 187975adf1eaSKai Ji ctx_h); 188075adf1eaSKai Ji # else 188167ab783bSThierry Herbelot ctx_h = HMAC_CTX_new(); 188267ab783bSThierry Herbelot HMAC_CTX_copy(ctx_h, sess->auth.hmac.ctx); 18838f675fc7STomasz Kulasek status = process_openssl_auth_hmac(mbuf_src, dst, 18843d0243feSAkhil Goyal op->sym->auth.data.offset, srclen, 188567ab783bSThierry Herbelot ctx_h); 188667ab783bSThierry Herbelot HMAC_CTX_free(ctx_h); 188775adf1eaSKai Ji # endif 18888a9867a6SSlawomir Mrozowicz break; 18892b9c693fSAshwin Sekhar T K case OPENSSL_AUTH_AS_CMAC: 18902b9c693fSAshwin Sekhar T K # if OPENSSL_VERSION_NUMBER >= 0x30000000L 18912b9c693fSAshwin Sekhar T K ctx_c = EVP_MAC_CTX_dup(sess->auth.cmac.ctx); 18922b9c693fSAshwin Sekhar T K status = process_openssl_auth_mac(mbuf_src, dst, 18932b9c693fSAshwin Sekhar T K op->sym->auth.data.offset, srclen, 18942b9c693fSAshwin Sekhar T K ctx_c); 18952b9c693fSAshwin Sekhar T K # else 18962b9c693fSAshwin Sekhar T K ctx_c = CMAC_CTX_new(); 18972b9c693fSAshwin Sekhar T K CMAC_CTX_copy(ctx_c, sess->auth.cmac.ctx); 18982b9c693fSAshwin Sekhar T K status = process_openssl_auth_cmac(mbuf_src, dst, 18992b9c693fSAshwin Sekhar T K op->sym->auth.data.offset, srclen, 19002b9c693fSAshwin Sekhar T K ctx_c); 19012b9c693fSAshwin Sekhar T K CMAC_CTX_free(ctx_c); 19022b9c693fSAshwin Sekhar T K # endif 19032b9c693fSAshwin Sekhar T K break; 19048a9867a6SSlawomir Mrozowicz default: 19058a9867a6SSlawomir Mrozowicz status = -1; 19068a9867a6SSlawomir Mrozowicz break; 19078a9867a6SSlawomir Mrozowicz } 19088a9867a6SSlawomir Mrozowicz 19098a9867a6SSlawomir Mrozowicz if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { 1910a3f9fedeSArek Kusztal if (CRYPTO_memcmp(dst, op->sym->auth.digest.data, 19117f003427SPablo de Lara sess->auth.digest_length) != 0) { 19128a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; 19138a9867a6SSlawomir Mrozowicz } 1914c3d22a65SDmitry Eremin-Solenikov } else { 1915c3d22a65SDmitry Eremin-Solenikov uint8_t *auth_dst; 1916c3d22a65SDmitry Eremin-Solenikov 1917c3d22a65SDmitry Eremin-Solenikov auth_dst = op->sym->auth.digest.data; 1918c3d22a65SDmitry Eremin-Solenikov if (auth_dst == NULL) 1919c3d22a65SDmitry Eremin-Solenikov auth_dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, 1920c3d22a65SDmitry Eremin-Solenikov op->sym->auth.data.offset + 1921c3d22a65SDmitry Eremin-Solenikov op->sym->auth.data.length); 1922c3d22a65SDmitry Eremin-Solenikov memcpy(auth_dst, dst, sess->auth.digest_length); 19238a9867a6SSlawomir Mrozowicz } 19248a9867a6SSlawomir Mrozowicz 19258a9867a6SSlawomir Mrozowicz if (status != 0) 19268a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_ERROR; 19278a9867a6SSlawomir Mrozowicz } 19288a9867a6SSlawomir Mrozowicz 1929ac42813aSSunila Sahu /* process dsa sign operation */ 19304c7ae22fSKai Ji #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 19314c7ae22fSKai Ji static int 19324c7ae22fSKai Ji process_openssl_dsa_sign_op_evp(struct rte_crypto_op *cop, 19334c7ae22fSKai Ji struct openssl_asym_session *sess) 19344c7ae22fSKai Ji { 19354c7ae22fSKai Ji struct rte_crypto_dsa_op_param *op = &cop->asym->dsa; 19364c7ae22fSKai Ji EVP_PKEY_CTX *dsa_ctx = NULL; 19374c7ae22fSKai Ji EVP_PKEY_CTX *key_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL); 19384c7ae22fSKai Ji EVP_PKEY *pkey = NULL; 19394c7ae22fSKai Ji OSSL_PARAM_BLD *param_bld = sess->u.s.param_bld; 19404c7ae22fSKai Ji OSSL_PARAM *params = NULL; 19414c7ae22fSKai Ji 19424c7ae22fSKai Ji size_t outlen; 19434c7ae22fSKai Ji unsigned char *dsa_sign_data; 19444c7ae22fSKai Ji const unsigned char *dsa_sign_data_p; 19459d91c304SGowrishankar Muthukrishnan int ret = -1; 19464c7ae22fSKai Ji 19474c7ae22fSKai Ji cop->status = RTE_CRYPTO_OP_STATUS_ERROR; 19484c7ae22fSKai Ji params = OSSL_PARAM_BLD_to_param(param_bld); 19494c7ae22fSKai Ji if (!params) { 19504c7ae22fSKai Ji OSSL_PARAM_BLD_free(param_bld); 19514c7ae22fSKai Ji return -1; 19524c7ae22fSKai Ji } 19534c7ae22fSKai Ji 19544c7ae22fSKai Ji if (key_ctx == NULL 19554c7ae22fSKai Ji || EVP_PKEY_fromdata_init(key_ctx) <= 0 19564c7ae22fSKai Ji || EVP_PKEY_fromdata(key_ctx, &pkey, 195781e3122fSKai Ji EVP_PKEY_KEYPAIR, params) <= 0) 19584c7ae22fSKai Ji goto err_dsa_sign; 19594c7ae22fSKai Ji 19604c7ae22fSKai Ji dsa_ctx = EVP_PKEY_CTX_new(pkey, NULL); 19614c7ae22fSKai Ji if (!dsa_ctx) 19624c7ae22fSKai Ji goto err_dsa_sign; 19634c7ae22fSKai Ji 19644c7ae22fSKai Ji if (EVP_PKEY_sign_init(dsa_ctx) <= 0) 19654c7ae22fSKai Ji goto err_dsa_sign; 19664c7ae22fSKai Ji 19674c7ae22fSKai Ji if (EVP_PKEY_sign(dsa_ctx, NULL, &outlen, op->message.data, 19684c7ae22fSKai Ji op->message.length) <= 0) 19694c7ae22fSKai Ji goto err_dsa_sign; 19704c7ae22fSKai Ji 19714c7ae22fSKai Ji if (outlen <= 0) 19724c7ae22fSKai Ji goto err_dsa_sign; 19734c7ae22fSKai Ji 19744c7ae22fSKai Ji dsa_sign_data = OPENSSL_malloc(outlen); 19754c7ae22fSKai Ji if (!dsa_sign_data) 19764c7ae22fSKai Ji goto err_dsa_sign; 19774c7ae22fSKai Ji 19784c7ae22fSKai Ji if (EVP_PKEY_sign(dsa_ctx, dsa_sign_data, &outlen, op->message.data, 19794c7ae22fSKai Ji op->message.length) <= 0) { 198026c7b4feSSaoirse O'Donovan OPENSSL_free(dsa_sign_data); 19814c7ae22fSKai Ji goto err_dsa_sign; 19824c7ae22fSKai Ji } 19834c7ae22fSKai Ji 19844c7ae22fSKai Ji dsa_sign_data_p = (const unsigned char *)dsa_sign_data; 19854c7ae22fSKai Ji DSA_SIG *sign = d2i_DSA_SIG(NULL, &dsa_sign_data_p, outlen); 19864c7ae22fSKai Ji if (!sign) { 19874c7ae22fSKai Ji OPENSSL_LOG(ERR, "%s:%d\n", __func__, __LINE__); 198826c7b4feSSaoirse O'Donovan OPENSSL_free(dsa_sign_data); 19894c7ae22fSKai Ji goto err_dsa_sign; 19904c7ae22fSKai Ji } else { 19914c7ae22fSKai Ji const BIGNUM *r = NULL, *s = NULL; 19924c7ae22fSKai Ji get_dsa_sign(sign, &r, &s); 19934c7ae22fSKai Ji 19944c7ae22fSKai Ji op->r.length = BN_bn2bin(r, op->r.data); 19954c7ae22fSKai Ji op->s.length = BN_bn2bin(s, op->s.data); 19964c7ae22fSKai Ji cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; 19974c7ae22fSKai Ji } 19984c7ae22fSKai Ji 19999d91c304SGowrishankar Muthukrishnan ret = 0; 20004c7ae22fSKai Ji DSA_SIG_free(sign); 200126c7b4feSSaoirse O'Donovan OPENSSL_free(dsa_sign_data); 20024c7ae22fSKai Ji 20034c7ae22fSKai Ji err_dsa_sign: 20044c7ae22fSKai Ji if (params) 20054c7ae22fSKai Ji OSSL_PARAM_free(params); 20064c7ae22fSKai Ji EVP_PKEY_CTX_free(key_ctx); 20074c7ae22fSKai Ji EVP_PKEY_CTX_free(dsa_ctx); 200847a85ddaSCiara Power EVP_PKEY_free(pkey); 20099d91c304SGowrishankar Muthukrishnan return ret; 20104c7ae22fSKai Ji } 20114c7ae22fSKai Ji 20124c7ae22fSKai Ji /* process dsa verify operation */ 20134c7ae22fSKai Ji static int 20144c7ae22fSKai Ji process_openssl_dsa_verify_op_evp(struct rte_crypto_op *cop, 20154c7ae22fSKai Ji struct openssl_asym_session *sess) 20164c7ae22fSKai Ji { 20174c7ae22fSKai Ji struct rte_crypto_dsa_op_param *op = &cop->asym->dsa; 20184c7ae22fSKai Ji DSA_SIG *sign = DSA_SIG_new(); 20194c7ae22fSKai Ji BIGNUM *r = NULL, *s = NULL; 20204c7ae22fSKai Ji BIGNUM *pub_key = NULL; 20214c7ae22fSKai Ji OSSL_PARAM_BLD *param_bld = sess->u.s.param_bld; 20224c7ae22fSKai Ji OSSL_PARAM *params = NULL; 20234c7ae22fSKai Ji EVP_PKEY *pkey = NULL; 20244c7ae22fSKai Ji EVP_PKEY_CTX *dsa_ctx = NULL; 20254c7ae22fSKai Ji EVP_PKEY_CTX *key_ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL); 20264c7ae22fSKai Ji unsigned char *dsa_sig = NULL; 20274c7ae22fSKai Ji size_t sig_len; 20284c7ae22fSKai Ji int ret = -1; 20294c7ae22fSKai Ji 20304c7ae22fSKai Ji cop->status = RTE_CRYPTO_OP_STATUS_ERROR; 20314c7ae22fSKai Ji if (!param_bld) { 20324c7ae22fSKai Ji OPENSSL_LOG(ERR, " %s:%d\n", __func__, __LINE__); 20334c7ae22fSKai Ji return -1; 20344c7ae22fSKai Ji } 20354c7ae22fSKai Ji 20364c7ae22fSKai Ji r = BN_bin2bn(op->r.data, op->r.length, r); 20374c7ae22fSKai Ji s = BN_bin2bn(op->s.data, op->s.length, s); 20384c7ae22fSKai Ji pub_key = BN_bin2bn(op->y.data, op->y.length, pub_key); 20394c7ae22fSKai Ji if (!r || !s || !pub_key) { 20404c7ae22fSKai Ji BN_free(r); 20414c7ae22fSKai Ji BN_free(s); 20424c7ae22fSKai Ji BN_free(pub_key); 20434c7ae22fSKai Ji OSSL_PARAM_BLD_free(param_bld); 20444c7ae22fSKai Ji goto err_dsa_verify; 20454c7ae22fSKai Ji } 20464c7ae22fSKai Ji 20474c7ae22fSKai Ji set_dsa_sign(sign, r, s); 20484c7ae22fSKai Ji if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PUB_KEY, pub_key)) { 20494c7ae22fSKai Ji OSSL_PARAM_BLD_free(param_bld); 20504c7ae22fSKai Ji goto err_dsa_verify; 20514c7ae22fSKai Ji } 20524c7ae22fSKai Ji 20534c7ae22fSKai Ji params = OSSL_PARAM_BLD_to_param(param_bld); 20544c7ae22fSKai Ji if (!params) { 20554c7ae22fSKai Ji OSSL_PARAM_BLD_free(param_bld); 20564c7ae22fSKai Ji goto err_dsa_verify; 20574c7ae22fSKai Ji } 20584c7ae22fSKai Ji 20594c7ae22fSKai Ji if (key_ctx == NULL 20604c7ae22fSKai Ji || EVP_PKEY_fromdata_init(key_ctx) <= 0 20614c7ae22fSKai Ji || EVP_PKEY_fromdata(key_ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) 20624c7ae22fSKai Ji goto err_dsa_verify; 20634c7ae22fSKai Ji 20644c7ae22fSKai Ji dsa_ctx = EVP_PKEY_CTX_new(pkey, NULL); 20654c7ae22fSKai Ji if (!dsa_ctx) 20664c7ae22fSKai Ji goto err_dsa_verify; 20674c7ae22fSKai Ji 20684c7ae22fSKai Ji if (!sign) 20694c7ae22fSKai Ji goto err_dsa_verify; 20704c7ae22fSKai Ji 20714c7ae22fSKai Ji sig_len = i2d_DSA_SIG(sign, &dsa_sig); 20724c7ae22fSKai Ji if (EVP_PKEY_verify_init(dsa_ctx) <= 0) 20734c7ae22fSKai Ji goto err_dsa_verify; 20744c7ae22fSKai Ji 20754c7ae22fSKai Ji ret = EVP_PKEY_verify(dsa_ctx, dsa_sig, sig_len, 20764c7ae22fSKai Ji op->message.data, op->message.length); 20774c7ae22fSKai Ji if (ret == 1) { 20784c7ae22fSKai Ji cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; 20794c7ae22fSKai Ji ret = 0; 20804c7ae22fSKai Ji } 20814c7ae22fSKai Ji 20829d91c304SGowrishankar Muthukrishnan OPENSSL_free(dsa_sig); 20834c7ae22fSKai Ji err_dsa_verify: 20844c7ae22fSKai Ji if (sign) 20854c7ae22fSKai Ji DSA_SIG_free(sign); 20864c7ae22fSKai Ji if (params) 20874c7ae22fSKai Ji OSSL_PARAM_free(params); 20884c7ae22fSKai Ji EVP_PKEY_CTX_free(key_ctx); 20894c7ae22fSKai Ji EVP_PKEY_CTX_free(dsa_ctx); 20904c7ae22fSKai Ji 20919d91c304SGowrishankar Muthukrishnan BN_free(pub_key); 20929d91c304SGowrishankar Muthukrishnan EVP_PKEY_free(pkey); 20939d91c304SGowrishankar Muthukrishnan 20944c7ae22fSKai Ji return ret; 20954c7ae22fSKai Ji } 20964c7ae22fSKai Ji #else 2097ac42813aSSunila Sahu static int 2098ac42813aSSunila Sahu process_openssl_dsa_sign_op(struct rte_crypto_op *cop, 2099ac42813aSSunila Sahu struct openssl_asym_session *sess) 2100ac42813aSSunila Sahu { 2101ac42813aSSunila Sahu struct rte_crypto_dsa_op_param *op = &cop->asym->dsa; 2102ac42813aSSunila Sahu DSA *dsa = sess->u.s.dsa; 2103ac42813aSSunila Sahu DSA_SIG *sign = NULL; 2104ac42813aSSunila Sahu 2105ac42813aSSunila Sahu sign = DSA_do_sign(op->message.data, 2106ac42813aSSunila Sahu op->message.length, 2107ac42813aSSunila Sahu dsa); 2108ac42813aSSunila Sahu 2109ac42813aSSunila Sahu if (sign == NULL) { 2110ac42813aSSunila Sahu OPENSSL_LOG(ERR, "%s:%d\n", __func__, __LINE__); 2111ac42813aSSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_ERROR; 2112ac42813aSSunila Sahu } else { 2113ac42813aSSunila Sahu const BIGNUM *r = NULL, *s = NULL; 21140b5284adSAshish Gupta get_dsa_sign(sign, &r, &s); 2115ac42813aSSunila Sahu 2116ac42813aSSunila Sahu op->r.length = BN_bn2bin(r, op->r.data); 2117ac42813aSSunila Sahu op->s.length = BN_bn2bin(s, op->s.data); 2118ac42813aSSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; 2119ac42813aSSunila Sahu } 2120ac42813aSSunila Sahu 2121ac42813aSSunila Sahu DSA_SIG_free(sign); 2122ac42813aSSunila Sahu 2123ac42813aSSunila Sahu return 0; 2124ac42813aSSunila Sahu } 2125ac42813aSSunila Sahu 2126ac42813aSSunila Sahu /* process dsa verify operation */ 2127ac42813aSSunila Sahu static int 2128ac42813aSSunila Sahu process_openssl_dsa_verify_op(struct rte_crypto_op *cop, 2129ac42813aSSunila Sahu struct openssl_asym_session *sess) 2130ac42813aSSunila Sahu { 2131ac42813aSSunila Sahu struct rte_crypto_dsa_op_param *op = &cop->asym->dsa; 2132ac42813aSSunila Sahu DSA *dsa = sess->u.s.dsa; 2133ac42813aSSunila Sahu int ret; 2134ac42813aSSunila Sahu DSA_SIG *sign = DSA_SIG_new(); 2135ac42813aSSunila Sahu BIGNUM *r = NULL, *s = NULL; 2136ac42813aSSunila Sahu BIGNUM *pub_key = NULL; 2137ac42813aSSunila Sahu 2138ac42813aSSunila Sahu if (sign == NULL) { 2139ac42813aSSunila Sahu OPENSSL_LOG(ERR, " %s:%d\n", __func__, __LINE__); 2140ac42813aSSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; 2141ac42813aSSunila Sahu return -1; 2142ac42813aSSunila Sahu } 2143ac42813aSSunila Sahu 2144ac42813aSSunila Sahu r = BN_bin2bn(op->r.data, 2145ac42813aSSunila Sahu op->r.length, 2146ac42813aSSunila Sahu r); 2147ac42813aSSunila Sahu s = BN_bin2bn(op->s.data, 2148ac42813aSSunila Sahu op->s.length, 2149ac42813aSSunila Sahu s); 2150ac42813aSSunila Sahu pub_key = BN_bin2bn(op->y.data, 2151ac42813aSSunila Sahu op->y.length, 2152ac42813aSSunila Sahu pub_key); 2153ac42813aSSunila Sahu if (!r || !s || !pub_key) { 2154ac42813aSSunila Sahu BN_free(r); 2155ac42813aSSunila Sahu BN_free(s); 2156ac42813aSSunila Sahu BN_free(pub_key); 2157ac42813aSSunila Sahu 2158ac42813aSSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; 2159ac42813aSSunila Sahu return -1; 2160ac42813aSSunila Sahu } 2161ac42813aSSunila Sahu set_dsa_sign(sign, r, s); 2162ac42813aSSunila Sahu set_dsa_pub_key(dsa, pub_key); 2163ac42813aSSunila Sahu 2164ac42813aSSunila Sahu ret = DSA_do_verify(op->message.data, 2165ac42813aSSunila Sahu op->message.length, 2166ac42813aSSunila Sahu sign, 2167ac42813aSSunila Sahu dsa); 2168ac42813aSSunila Sahu 2169ac42813aSSunila Sahu if (ret != 1) 2170ac42813aSSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_ERROR; 2171ac42813aSSunila Sahu else 2172ac42813aSSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; 2173ac42813aSSunila Sahu 2174ac42813aSSunila Sahu DSA_SIG_free(sign); 2175ac42813aSSunila Sahu 2176ac42813aSSunila Sahu return 0; 2177ac42813aSSunila Sahu } 21784c7ae22fSKai Ji #endif 2179ac42813aSSunila Sahu 2180ac42813aSSunila Sahu /* process dh operation */ 2181c794b40cSKai Ji #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 2182c794b40cSKai Ji static int 2183c794b40cSKai Ji process_openssl_dh_op_evp(struct rte_crypto_op *cop, 2184c794b40cSKai Ji struct openssl_asym_session *sess) 2185c794b40cSKai Ji { 2186c794b40cSKai Ji struct rte_crypto_dh_op_param *op = &cop->asym->dh; 2187c794b40cSKai Ji OSSL_PARAM_BLD *param_bld = sess->u.dh.param_bld; 2188c794b40cSKai Ji OSSL_PARAM_BLD *param_bld_peer = sess->u.dh.param_bld_peer; 2189c794b40cSKai Ji OSSL_PARAM *params = NULL; 2190c794b40cSKai Ji EVP_PKEY *dhpkey = NULL; 2191c794b40cSKai Ji EVP_PKEY *peerkey = NULL; 2192c794b40cSKai Ji BIGNUM *priv_key = NULL; 2193c794b40cSKai Ji BIGNUM *pub_key = NULL; 2194c794b40cSKai Ji int ret = -1; 2195c794b40cSKai Ji 2196c794b40cSKai Ji cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; 2197c794b40cSKai Ji EVP_PKEY_CTX *dh_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL); 2198c794b40cSKai Ji if (dh_ctx == NULL || param_bld == NULL) 2199c794b40cSKai Ji return ret; 2200c794b40cSKai Ji 2201c794b40cSKai Ji if (op->ke_type == RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE) { 2202c794b40cSKai Ji OSSL_PARAM *params_peer = NULL; 2203c794b40cSKai Ji 2204c794b40cSKai Ji if (!param_bld_peer) 2205c794b40cSKai Ji return ret; 2206c794b40cSKai Ji 2207c794b40cSKai Ji pub_key = BN_bin2bn(op->pub_key.data, op->pub_key.length, 2208c794b40cSKai Ji pub_key); 2209c794b40cSKai Ji if (pub_key == NULL) { 2210c794b40cSKai Ji OSSL_PARAM_BLD_free(param_bld_peer); 2211c794b40cSKai Ji return ret; 2212c794b40cSKai Ji } 2213c794b40cSKai Ji 2214c794b40cSKai Ji if (!OSSL_PARAM_BLD_push_BN(param_bld_peer, OSSL_PKEY_PARAM_PUB_KEY, 2215c794b40cSKai Ji pub_key)) { 2216c794b40cSKai Ji OPENSSL_LOG(ERR, "Failed to set public key\n"); 2217c794b40cSKai Ji OSSL_PARAM_BLD_free(param_bld_peer); 2218c794b40cSKai Ji BN_free(pub_key); 2219c794b40cSKai Ji return ret; 2220c794b40cSKai Ji } 2221c794b40cSKai Ji 2222c794b40cSKai Ji params_peer = OSSL_PARAM_BLD_to_param(param_bld_peer); 2223c794b40cSKai Ji if (!params_peer) { 2224c794b40cSKai Ji OSSL_PARAM_BLD_free(param_bld_peer); 2225c794b40cSKai Ji BN_free(pub_key); 2226c794b40cSKai Ji return ret; 2227c794b40cSKai Ji } 2228c794b40cSKai Ji 2229c794b40cSKai Ji EVP_PKEY_CTX *peer_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL); 2230c794b40cSKai Ji if (EVP_PKEY_keygen_init(peer_ctx) != 1) { 2231c794b40cSKai Ji OSSL_PARAM_free(params_peer); 2232c794b40cSKai Ji BN_free(pub_key); 2233c794b40cSKai Ji return ret; 2234c794b40cSKai Ji } 2235c794b40cSKai Ji 2236c794b40cSKai Ji if (EVP_PKEY_CTX_set_params(peer_ctx, params_peer) != 1) { 2237c794b40cSKai Ji EVP_PKEY_CTX_free(peer_ctx); 2238c794b40cSKai Ji OSSL_PARAM_free(params_peer); 2239c794b40cSKai Ji BN_free(pub_key); 2240c794b40cSKai Ji return ret; 2241c794b40cSKai Ji } 2242c794b40cSKai Ji 2243c794b40cSKai Ji if (EVP_PKEY_keygen(peer_ctx, &peerkey) != 1) { 2244c794b40cSKai Ji EVP_PKEY_CTX_free(peer_ctx); 2245c794b40cSKai Ji OSSL_PARAM_free(params_peer); 2246c794b40cSKai Ji BN_free(pub_key); 2247c794b40cSKai Ji return ret; 2248c794b40cSKai Ji } 2249c794b40cSKai Ji 2250c794b40cSKai Ji priv_key = BN_bin2bn(op->priv_key.data, op->priv_key.length, 2251c794b40cSKai Ji priv_key); 2252c794b40cSKai Ji if (priv_key == NULL) { 2253c794b40cSKai Ji EVP_PKEY_CTX_free(peer_ctx); 2254c794b40cSKai Ji OSSL_PARAM_free(params_peer); 2255c794b40cSKai Ji BN_free(pub_key); 2256c794b40cSKai Ji return ret; 2257c794b40cSKai Ji } 2258c794b40cSKai Ji 2259c794b40cSKai Ji if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, 2260c794b40cSKai Ji priv_key)) { 2261c794b40cSKai Ji OPENSSL_LOG(ERR, "Failed to set private key\n"); 2262c794b40cSKai Ji EVP_PKEY_CTX_free(peer_ctx); 2263c794b40cSKai Ji OSSL_PARAM_free(params_peer); 2264c794b40cSKai Ji BN_free(pub_key); 2265c794b40cSKai Ji BN_free(priv_key); 2266c794b40cSKai Ji return ret; 2267c794b40cSKai Ji } 2268c794b40cSKai Ji 2269c794b40cSKai Ji OSSL_PARAM_free(params_peer); 2270c794b40cSKai Ji EVP_PKEY_CTX_free(peer_ctx); 2271c794b40cSKai Ji } 2272c794b40cSKai Ji 2273c794b40cSKai Ji params = OSSL_PARAM_BLD_to_param(param_bld); 2274c794b40cSKai Ji if (!params) 2275c794b40cSKai Ji goto err_dh; 2276c794b40cSKai Ji 2277c794b40cSKai Ji if (EVP_PKEY_keygen_init(dh_ctx) != 1) 2278c794b40cSKai Ji goto err_dh; 2279c794b40cSKai Ji 2280c794b40cSKai Ji if (EVP_PKEY_CTX_set_params(dh_ctx, params) != 1) 2281c794b40cSKai Ji goto err_dh; 2282c794b40cSKai Ji 2283c794b40cSKai Ji if (EVP_PKEY_keygen(dh_ctx, &dhpkey) != 1) 2284c794b40cSKai Ji goto err_dh; 2285c794b40cSKai Ji 2286c794b40cSKai Ji if (op->ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) { 2287c794b40cSKai Ji OPENSSL_LOG(DEBUG, "%s:%d updated pub key\n", __func__, __LINE__); 2288c794b40cSKai Ji if (!EVP_PKEY_get_bn_param(dhpkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key)) 2289c794b40cSKai Ji goto err_dh; 2290c794b40cSKai Ji /* output public key */ 2291c794b40cSKai Ji op->pub_key.length = BN_bn2bin(pub_key, op->pub_key.data); 2292c794b40cSKai Ji } 2293c794b40cSKai Ji 2294c794b40cSKai Ji if (op->ke_type == RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE) { 2295c794b40cSKai Ji 2296c794b40cSKai Ji OPENSSL_LOG(DEBUG, "%s:%d updated priv key\n", __func__, __LINE__); 2297c794b40cSKai Ji if (!EVP_PKEY_get_bn_param(dhpkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv_key)) 2298c794b40cSKai Ji goto err_dh; 2299c794b40cSKai Ji 2300c794b40cSKai Ji /* provide generated private key back to user */ 2301c794b40cSKai Ji op->priv_key.length = BN_bn2bin(priv_key, op->priv_key.data); 2302c794b40cSKai Ji } 2303c794b40cSKai Ji 2304c794b40cSKai Ji if (op->ke_type == RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE) { 2305c794b40cSKai Ji size_t skey_len; 2306c794b40cSKai Ji EVP_PKEY_CTX *sc_ctx = EVP_PKEY_CTX_new(dhpkey, NULL); 2307c794b40cSKai Ji if (!sc_ctx) 2308c794b40cSKai Ji goto err_dh; 2309c794b40cSKai Ji 2310c794b40cSKai Ji if (EVP_PKEY_derive_init(sc_ctx) <= 0) { 2311c794b40cSKai Ji EVP_PKEY_CTX_free(sc_ctx); 2312c794b40cSKai Ji goto err_dh; 2313c794b40cSKai Ji } 2314c794b40cSKai Ji 2315c794b40cSKai Ji if (!peerkey) { 2316c794b40cSKai Ji EVP_PKEY_CTX_free(sc_ctx); 2317c794b40cSKai Ji goto err_dh; 2318c794b40cSKai Ji } 2319c794b40cSKai Ji 2320c794b40cSKai Ji if (EVP_PKEY_derive_set_peer(sc_ctx, peerkey) <= 0) { 2321c794b40cSKai Ji EVP_PKEY_CTX_free(sc_ctx); 2322c794b40cSKai Ji goto err_dh; 2323c794b40cSKai Ji } 2324c794b40cSKai Ji 2325c794b40cSKai Ji /* Determine buffer length */ 2326c794b40cSKai Ji if (EVP_PKEY_derive(sc_ctx, NULL, &skey_len) <= 0) { 2327c794b40cSKai Ji EVP_PKEY_CTX_free(sc_ctx); 2328c794b40cSKai Ji goto err_dh; 2329c794b40cSKai Ji } 2330c794b40cSKai Ji 2331c794b40cSKai Ji if (EVP_PKEY_derive(sc_ctx, op->shared_secret.data, &skey_len) <= 0) { 2332c794b40cSKai Ji EVP_PKEY_CTX_free(sc_ctx); 2333c794b40cSKai Ji goto err_dh; 2334c794b40cSKai Ji } 2335c794b40cSKai Ji 2336c794b40cSKai Ji op->shared_secret.length = skey_len; 2337c794b40cSKai Ji EVP_PKEY_CTX_free(sc_ctx); 2338c794b40cSKai Ji } 2339c794b40cSKai Ji 2340c794b40cSKai Ji cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; 2341c794b40cSKai Ji ret = 0; 2342c794b40cSKai Ji 2343c794b40cSKai Ji err_dh: 2344c794b40cSKai Ji BN_free(pub_key); 2345c794b40cSKai Ji BN_free(priv_key); 2346c794b40cSKai Ji if (params) 2347c794b40cSKai Ji OSSL_PARAM_free(params); 2348c794b40cSKai Ji EVP_PKEY_free(dhpkey); 2349c794b40cSKai Ji EVP_PKEY_free(peerkey); 2350c794b40cSKai Ji 2351c794b40cSKai Ji EVP_PKEY_CTX_free(dh_ctx); 2352c794b40cSKai Ji 2353c794b40cSKai Ji return ret; 2354c794b40cSKai Ji } 2355c794b40cSKai Ji #else 2356ac42813aSSunila Sahu static int 2357ac42813aSSunila Sahu process_openssl_dh_op(struct rte_crypto_op *cop, 2358ac42813aSSunila Sahu struct openssl_asym_session *sess) 2359ac42813aSSunila Sahu { 2360ac42813aSSunila Sahu struct rte_crypto_dh_op_param *op = &cop->asym->dh; 2361515a704dSArek Kusztal struct rte_crypto_asym_op *asym_op = cop->asym; 2362ac42813aSSunila Sahu DH *dh_key = sess->u.dh.dh_key; 2363ac42813aSSunila Sahu BIGNUM *priv_key = NULL; 2364ac42813aSSunila Sahu int ret = 0; 2365ac42813aSSunila Sahu 2366515a704dSArek Kusztal if (asym_op->dh.ke_type == RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE) { 2367ac42813aSSunila Sahu /* compute shared secret using peer public key 2368ac42813aSSunila Sahu * and current private key 2369ac42813aSSunila Sahu * shared secret = peer_key ^ priv_key mod p 2370ac42813aSSunila Sahu */ 2371ac42813aSSunila Sahu BIGNUM *peer_key = NULL; 2372ac42813aSSunila Sahu 2373ac42813aSSunila Sahu /* copy private key and peer key and compute shared secret */ 2374ac42813aSSunila Sahu peer_key = BN_bin2bn(op->pub_key.data, 2375ac42813aSSunila Sahu op->pub_key.length, 2376ac42813aSSunila Sahu peer_key); 2377ac42813aSSunila Sahu if (peer_key == NULL) { 2378ac42813aSSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; 2379ac42813aSSunila Sahu return -1; 2380ac42813aSSunila Sahu } 2381ac42813aSSunila Sahu priv_key = BN_bin2bn(op->priv_key.data, 2382ac42813aSSunila Sahu op->priv_key.length, 2383ac42813aSSunila Sahu priv_key); 2384ac42813aSSunila Sahu if (priv_key == NULL) { 2385ac42813aSSunila Sahu BN_free(peer_key); 2386ac42813aSSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; 2387ac42813aSSunila Sahu return -1; 2388ac42813aSSunila Sahu } 23890b5284adSAshish Gupta ret = set_dh_priv_key(dh_key, priv_key); 2390ac42813aSSunila Sahu if (ret) { 2391ac42813aSSunila Sahu OPENSSL_LOG(ERR, "Failed to set private key\n"); 2392ac42813aSSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_ERROR; 2393ac42813aSSunila Sahu BN_free(peer_key); 2394ac42813aSSunila Sahu BN_free(priv_key); 2395ac42813aSSunila Sahu return 0; 2396ac42813aSSunila Sahu } 2397ac42813aSSunila Sahu 2398ac42813aSSunila Sahu ret = DH_compute_key( 2399ac42813aSSunila Sahu op->shared_secret.data, 2400ac42813aSSunila Sahu peer_key, dh_key); 2401ac42813aSSunila Sahu if (ret < 0) { 2402ac42813aSSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_ERROR; 2403ac42813aSSunila Sahu BN_free(peer_key); 2404ac42813aSSunila Sahu /* priv key is already loaded into dh, 2405ac42813aSSunila Sahu * let's not free that directly here. 2406ac42813aSSunila Sahu * DH_free() will auto free it later. 2407ac42813aSSunila Sahu */ 2408ac42813aSSunila Sahu return 0; 2409ac42813aSSunila Sahu } 2410ac42813aSSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; 2411ac42813aSSunila Sahu op->shared_secret.length = ret; 2412ac42813aSSunila Sahu BN_free(peer_key); 2413ac42813aSSunila Sahu return 0; 2414ac42813aSSunila Sahu } 2415ac42813aSSunila Sahu 2416ac42813aSSunila Sahu /* 2417ac42813aSSunila Sahu * other options are public and private key generations. 2418ac42813aSSunila Sahu * 2419ac42813aSSunila Sahu * if user provides private key, 2420ac42813aSSunila Sahu * then first set DH with user provided private key 2421ac42813aSSunila Sahu */ 2422515a704dSArek Kusztal if (asym_op->dh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE && 2423515a704dSArek Kusztal op->priv_key.length) { 2424ac42813aSSunila Sahu /* generate public key using user-provided private key 2425ac42813aSSunila Sahu * pub_key = g ^ priv_key mod p 2426ac42813aSSunila Sahu */ 2427ac42813aSSunila Sahu 2428ac42813aSSunila Sahu /* load private key into DH */ 2429ac42813aSSunila Sahu priv_key = BN_bin2bn(op->priv_key.data, 2430ac42813aSSunila Sahu op->priv_key.length, 2431ac42813aSSunila Sahu priv_key); 2432ac42813aSSunila Sahu if (priv_key == NULL) { 2433ac42813aSSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; 2434ac42813aSSunila Sahu return -1; 2435ac42813aSSunila Sahu } 24360b5284adSAshish Gupta ret = set_dh_priv_key(dh_key, priv_key); 2437ac42813aSSunila Sahu if (ret) { 2438ac42813aSSunila Sahu OPENSSL_LOG(ERR, "Failed to set private key\n"); 2439ac42813aSSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_ERROR; 2440ac42813aSSunila Sahu BN_free(priv_key); 2441ac42813aSSunila Sahu return 0; 2442ac42813aSSunila Sahu } 2443ac42813aSSunila Sahu } 2444ac42813aSSunila Sahu 2445ac42813aSSunila Sahu /* generate public and private key pair. 2446ac42813aSSunila Sahu * 2447ac42813aSSunila Sahu * if private key already set, generates only public key. 2448ac42813aSSunila Sahu * 2449ac42813aSSunila Sahu * if private key is not already set, then set it to random value 2450ac42813aSSunila Sahu * and update internal private key. 2451ac42813aSSunila Sahu */ 2452ac42813aSSunila Sahu if (!DH_generate_key(dh_key)) { 2453ac42813aSSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_ERROR; 2454ac42813aSSunila Sahu return 0; 2455ac42813aSSunila Sahu } 2456ac42813aSSunila Sahu 2457515a704dSArek Kusztal if (asym_op->dh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) { 2458ac42813aSSunila Sahu const BIGNUM *pub_key = NULL; 2459ac42813aSSunila Sahu 2460ac42813aSSunila Sahu OPENSSL_LOG(DEBUG, "%s:%d update public key\n", 2461ac42813aSSunila Sahu __func__, __LINE__); 2462ac42813aSSunila Sahu 2463ac42813aSSunila Sahu /* get the generated keys */ 24640b5284adSAshish Gupta get_dh_pub_key(dh_key, &pub_key); 2465ac42813aSSunila Sahu 2466ac42813aSSunila Sahu /* output public key */ 2467ac42813aSSunila Sahu op->pub_key.length = BN_bn2bin(pub_key, 2468ac42813aSSunila Sahu op->pub_key.data); 2469ac42813aSSunila Sahu } 2470ac42813aSSunila Sahu 2471515a704dSArek Kusztal if (asym_op->dh.ke_type == RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE) { 2472ac42813aSSunila Sahu const BIGNUM *priv_key = NULL; 2473ac42813aSSunila Sahu 2474ac42813aSSunila Sahu OPENSSL_LOG(DEBUG, "%s:%d updated priv key\n", 2475ac42813aSSunila Sahu __func__, __LINE__); 2476ac42813aSSunila Sahu 2477ac42813aSSunila Sahu /* get the generated keys */ 24780b5284adSAshish Gupta get_dh_priv_key(dh_key, &priv_key); 2479ac42813aSSunila Sahu 2480ac42813aSSunila Sahu /* provide generated private key back to user */ 2481ac42813aSSunila Sahu op->priv_key.length = BN_bn2bin(priv_key, 2482ac42813aSSunila Sahu op->priv_key.data); 2483ac42813aSSunila Sahu } 2484ac42813aSSunila Sahu 2485ac42813aSSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; 2486ac42813aSSunila Sahu 2487ac42813aSSunila Sahu return 0; 2488ac42813aSSunila Sahu } 2489c794b40cSKai Ji #endif 2490ac42813aSSunila Sahu 24913e9d6bd4SSunila Sahu /* process modinv operation */ 24923e9d6bd4SSunila Sahu static int 24933e9d6bd4SSunila Sahu process_openssl_modinv_op(struct rte_crypto_op *cop, 24943e9d6bd4SSunila Sahu struct openssl_asym_session *sess) 24953e9d6bd4SSunila Sahu { 24963e9d6bd4SSunila Sahu struct rte_crypto_asym_op *op = cop->asym; 24973e9d6bd4SSunila Sahu BIGNUM *base = BN_CTX_get(sess->u.m.ctx); 24983e9d6bd4SSunila Sahu BIGNUM *res = BN_CTX_get(sess->u.m.ctx); 24993e9d6bd4SSunila Sahu 25003e9d6bd4SSunila Sahu if (unlikely(base == NULL || res == NULL)) { 25013e9d6bd4SSunila Sahu BN_free(base); 25023e9d6bd4SSunila Sahu BN_free(res); 25033e9d6bd4SSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; 25043e9d6bd4SSunila Sahu return -1; 25053e9d6bd4SSunila Sahu } 25063e9d6bd4SSunila Sahu 25073e9d6bd4SSunila Sahu base = BN_bin2bn((const unsigned char *)op->modinv.base.data, 25083e9d6bd4SSunila Sahu op->modinv.base.length, base); 25093e9d6bd4SSunila Sahu 25103e9d6bd4SSunila Sahu if (BN_mod_inverse(res, base, sess->u.m.modulus, sess->u.m.ctx)) { 25113e9d6bd4SSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; 2512aeded111SArek Kusztal op->modinv.result.length = BN_bn2bin(res, op->modinv.result.data); 25133e9d6bd4SSunila Sahu } else { 25143e9d6bd4SSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_ERROR; 25153e9d6bd4SSunila Sahu } 25163e9d6bd4SSunila Sahu 2517990b1802SArek Kusztal BN_clear(res); 2518990b1802SArek Kusztal BN_clear(base); 2519990b1802SArek Kusztal 25203e9d6bd4SSunila Sahu return 0; 25213e9d6bd4SSunila Sahu } 25223e9d6bd4SSunila Sahu 25233e9d6bd4SSunila Sahu /* process modexp operation */ 25243e9d6bd4SSunila Sahu static int 25253e9d6bd4SSunila Sahu process_openssl_modexp_op(struct rte_crypto_op *cop, 25263e9d6bd4SSunila Sahu struct openssl_asym_session *sess) 25273e9d6bd4SSunila Sahu { 25283e9d6bd4SSunila Sahu struct rte_crypto_asym_op *op = cop->asym; 25293e9d6bd4SSunila Sahu BIGNUM *base = BN_CTX_get(sess->u.e.ctx); 25303e9d6bd4SSunila Sahu BIGNUM *res = BN_CTX_get(sess->u.e.ctx); 25313e9d6bd4SSunila Sahu 25323e9d6bd4SSunila Sahu if (unlikely(base == NULL || res == NULL)) { 25333e9d6bd4SSunila Sahu BN_free(base); 25343e9d6bd4SSunila Sahu BN_free(res); 25353e9d6bd4SSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; 25363e9d6bd4SSunila Sahu return -1; 25373e9d6bd4SSunila Sahu } 25383e9d6bd4SSunila Sahu 253927323f53SArek Kusztal base = BN_bin2bn((const unsigned char *)op->modex.base.data, 254027323f53SArek Kusztal op->modex.base.length, base); 25413e9d6bd4SSunila Sahu 25423e9d6bd4SSunila Sahu if (BN_mod_exp(res, base, sess->u.e.exp, 25433e9d6bd4SSunila Sahu sess->u.e.mod, sess->u.e.ctx)) { 2544aeded111SArek Kusztal op->modex.result.length = BN_bn2bin(res, op->modex.result.data); 25453e9d6bd4SSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; 25463e9d6bd4SSunila Sahu } else { 25473e9d6bd4SSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_ERROR; 25483e9d6bd4SSunila Sahu } 25493e9d6bd4SSunila Sahu 2550990b1802SArek Kusztal BN_clear(res); 2551990b1802SArek Kusztal BN_clear(base); 2552990b1802SArek Kusztal 25533e9d6bd4SSunila Sahu return 0; 25543e9d6bd4SSunila Sahu } 25553e9d6bd4SSunila Sahu 25563e9d6bd4SSunila Sahu /* process rsa operations */ 2557d7bd42f6SKai Ji #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 2558d7bd42f6SKai Ji static int 2559d7bd42f6SKai Ji process_openssl_rsa_op_evp(struct rte_crypto_op *cop, 2560d7bd42f6SKai Ji struct openssl_asym_session *sess) 2561d7bd42f6SKai Ji { 2562d7bd42f6SKai Ji struct rte_crypto_asym_op *op = cop->asym; 2563d7bd42f6SKai Ji uint32_t pad = (op->rsa.padding.type); 2564d7bd42f6SKai Ji uint8_t *tmp; 2565d7bd42f6SKai Ji size_t outlen = 0; 2566d7bd42f6SKai Ji int ret = -1; 2567d7bd42f6SKai Ji 2568d7bd42f6SKai Ji cop->status = RTE_CRYPTO_OP_STATUS_ERROR; 2569d7bd42f6SKai Ji EVP_PKEY_CTX *rsa_ctx = sess->u.r.ctx; 2570d7bd42f6SKai Ji if (!rsa_ctx) 2571d7bd42f6SKai Ji return ret; 2572d7bd42f6SKai Ji 2573d7bd42f6SKai Ji switch (pad) { 2574d7bd42f6SKai Ji case RTE_CRYPTO_RSA_PADDING_PKCS1_5: 2575d7bd42f6SKai Ji pad = RSA_PKCS1_PADDING; 2576d7bd42f6SKai Ji break; 2577d7bd42f6SKai Ji case RTE_CRYPTO_RSA_PADDING_NONE: 2578d7bd42f6SKai Ji pad = RSA_NO_PADDING; 2579d7bd42f6SKai Ji break; 2580d7bd42f6SKai Ji default: 2581d7bd42f6SKai Ji cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; 2582d7bd42f6SKai Ji OPENSSL_LOG(ERR, 2583d7bd42f6SKai Ji "rsa pad type not supported %d\n", pad); 2584d7bd42f6SKai Ji return ret; 2585d7bd42f6SKai Ji } 2586d7bd42f6SKai Ji 2587d7bd42f6SKai Ji switch (op->rsa.op_type) { 2588d7bd42f6SKai Ji case RTE_CRYPTO_ASYM_OP_ENCRYPT: 2589d7bd42f6SKai Ji if (EVP_PKEY_encrypt_init(rsa_ctx) != 1) 2590d7bd42f6SKai Ji goto err_rsa; 2591d7bd42f6SKai Ji 2592d7bd42f6SKai Ji if (EVP_PKEY_CTX_set_rsa_padding(rsa_ctx, pad) <= 0) 2593d7bd42f6SKai Ji goto err_rsa; 2594d7bd42f6SKai Ji 2595d7bd42f6SKai Ji if (EVP_PKEY_encrypt(rsa_ctx, NULL, &outlen, 2596d7bd42f6SKai Ji op->rsa.message.data, 2597d7bd42f6SKai Ji op->rsa.message.length) <= 0) 2598d7bd42f6SKai Ji goto err_rsa; 2599d7bd42f6SKai Ji 2600d7bd42f6SKai Ji if (outlen <= 0) 2601d7bd42f6SKai Ji goto err_rsa; 2602d7bd42f6SKai Ji 2603d7bd42f6SKai Ji if (EVP_PKEY_encrypt(rsa_ctx, op->rsa.cipher.data, &outlen, 2604d7bd42f6SKai Ji op->rsa.message.data, 2605d7bd42f6SKai Ji op->rsa.message.length) <= 0) 2606d7bd42f6SKai Ji goto err_rsa; 2607d7bd42f6SKai Ji op->rsa.cipher.length = outlen; 2608d7bd42f6SKai Ji 2609d7bd42f6SKai Ji OPENSSL_LOG(DEBUG, 2610d7bd42f6SKai Ji "length of encrypted text %zu\n", outlen); 2611d7bd42f6SKai Ji break; 2612d7bd42f6SKai Ji 2613d7bd42f6SKai Ji case RTE_CRYPTO_ASYM_OP_DECRYPT: 2614d7bd42f6SKai Ji if (EVP_PKEY_decrypt_init(rsa_ctx) != 1) 2615d7bd42f6SKai Ji goto err_rsa; 2616d7bd42f6SKai Ji 2617d7bd42f6SKai Ji if (EVP_PKEY_CTX_set_rsa_padding(rsa_ctx, pad) <= 0) 2618d7bd42f6SKai Ji goto err_rsa; 2619d7bd42f6SKai Ji 2620d7bd42f6SKai Ji if (EVP_PKEY_decrypt(rsa_ctx, NULL, &outlen, 2621d7bd42f6SKai Ji op->rsa.cipher.data, 2622d7bd42f6SKai Ji op->rsa.cipher.length) <= 0) 2623d7bd42f6SKai Ji goto err_rsa; 2624d7bd42f6SKai Ji 2625d7bd42f6SKai Ji if (outlen <= 0) 2626d7bd42f6SKai Ji goto err_rsa; 2627d7bd42f6SKai Ji 2628d7bd42f6SKai Ji if (EVP_PKEY_decrypt(rsa_ctx, op->rsa.message.data, &outlen, 2629d7bd42f6SKai Ji op->rsa.cipher.data, 2630d7bd42f6SKai Ji op->rsa.cipher.length) <= 0) 2631d7bd42f6SKai Ji goto err_rsa; 2632d7bd42f6SKai Ji op->rsa.message.length = outlen; 2633d7bd42f6SKai Ji 2634d7bd42f6SKai Ji OPENSSL_LOG(DEBUG, "length of decrypted text %zu\n", outlen); 2635d7bd42f6SKai Ji break; 2636d7bd42f6SKai Ji 2637d7bd42f6SKai Ji case RTE_CRYPTO_ASYM_OP_SIGN: 2638d7bd42f6SKai Ji if (EVP_PKEY_sign_init(rsa_ctx) <= 0) 2639d7bd42f6SKai Ji goto err_rsa; 2640d7bd42f6SKai Ji 2641d7bd42f6SKai Ji if (EVP_PKEY_CTX_set_rsa_padding(rsa_ctx, pad) <= 0) 2642d7bd42f6SKai Ji goto err_rsa; 2643d7bd42f6SKai Ji 264481e3122fSKai Ji if (EVP_PKEY_sign(rsa_ctx, NULL, &outlen, 264581e3122fSKai Ji op->rsa.message.data, 264681e3122fSKai Ji op->rsa.message.length) <= 0) 264781e3122fSKai Ji goto err_rsa; 264881e3122fSKai Ji 264981e3122fSKai Ji if (outlen <= 0) 265081e3122fSKai Ji goto err_rsa; 265181e3122fSKai Ji 2652d7bd42f6SKai Ji if (EVP_PKEY_sign(rsa_ctx, op->rsa.sign.data, &outlen, 2653d7bd42f6SKai Ji op->rsa.message.data, 2654d7bd42f6SKai Ji op->rsa.message.length) <= 0) 2655d7bd42f6SKai Ji goto err_rsa; 2656d7bd42f6SKai Ji op->rsa.sign.length = outlen; 2657d7bd42f6SKai Ji break; 2658d7bd42f6SKai Ji 2659d7bd42f6SKai Ji case RTE_CRYPTO_ASYM_OP_VERIFY: 266081e3122fSKai Ji if (EVP_PKEY_verify_recover_init(rsa_ctx) <= 0) 266181e3122fSKai Ji goto err_rsa; 266281e3122fSKai Ji 266381e3122fSKai Ji if (EVP_PKEY_CTX_set_rsa_padding(rsa_ctx, pad) <= 0) 266481e3122fSKai Ji goto err_rsa; 266581e3122fSKai Ji 266681e3122fSKai Ji if (EVP_PKEY_verify_recover(rsa_ctx, NULL, &outlen, 266781e3122fSKai Ji op->rsa.sign.data, 266881e3122fSKai Ji op->rsa.sign.length) <= 0) 266981e3122fSKai Ji goto err_rsa; 267081e3122fSKai Ji 267181e3122fSKai Ji if ((outlen <= 0) || (outlen != op->rsa.sign.length)) 267281e3122fSKai Ji goto err_rsa; 267381e3122fSKai Ji 267481e3122fSKai Ji tmp = OPENSSL_malloc(outlen); 2675d7bd42f6SKai Ji if (tmp == NULL) { 2676d7bd42f6SKai Ji OPENSSL_LOG(ERR, "Memory allocation failed"); 2677d7bd42f6SKai Ji goto err_rsa; 2678d7bd42f6SKai Ji } 2679d7bd42f6SKai Ji 2680d7bd42f6SKai Ji if (EVP_PKEY_verify_recover(rsa_ctx, tmp, &outlen, 2681d7bd42f6SKai Ji op->rsa.sign.data, 2682d7bd42f6SKai Ji op->rsa.sign.length) <= 0) { 26834de0f183SKai Ji OPENSSL_free(tmp); 2684d7bd42f6SKai Ji goto err_rsa; 2685d7bd42f6SKai Ji } 2686d7bd42f6SKai Ji 2687d7bd42f6SKai Ji OPENSSL_LOG(DEBUG, 2688d7bd42f6SKai Ji "Length of public_decrypt %zu " 2689d7bd42f6SKai Ji "length of message %zd\n", 2690d7bd42f6SKai Ji outlen, op->rsa.message.length); 2691d7bd42f6SKai Ji if (CRYPTO_memcmp(tmp, op->rsa.message.data, 2692d7bd42f6SKai Ji op->rsa.message.length)) { 2693d7bd42f6SKai Ji OPENSSL_LOG(ERR, "RSA sign Verification failed"); 2694d7bd42f6SKai Ji } 26954de0f183SKai Ji OPENSSL_free(tmp); 2696d7bd42f6SKai Ji break; 2697d7bd42f6SKai Ji 2698d7bd42f6SKai Ji default: 2699d7bd42f6SKai Ji /* allow ops with invalid args to be pushed to 2700d7bd42f6SKai Ji * completion queue 2701d7bd42f6SKai Ji */ 2702d7bd42f6SKai Ji cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; 2703d7bd42f6SKai Ji goto err_rsa; 2704d7bd42f6SKai Ji } 2705d7bd42f6SKai Ji 2706d7bd42f6SKai Ji ret = 0; 2707d7bd42f6SKai Ji cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; 2708d7bd42f6SKai Ji err_rsa: 2709d7bd42f6SKai Ji return ret; 2710d7bd42f6SKai Ji 2711d7bd42f6SKai Ji } 27123b7d638fSGowrishankar Muthukrishnan 27133b7d638fSGowrishankar Muthukrishnan static int 27143b7d638fSGowrishankar Muthukrishnan process_openssl_sm2_op_evp(struct rte_crypto_op *cop, 27153b7d638fSGowrishankar Muthukrishnan struct openssl_asym_session *sess) 27163b7d638fSGowrishankar Muthukrishnan { 27173b7d638fSGowrishankar Muthukrishnan EVP_PKEY_CTX *kctx = NULL, *sctx = NULL, *cctx = NULL; 27183b7d638fSGowrishankar Muthukrishnan struct rte_crypto_asym_op *op = cop->asym; 2719badc0c6fSGowrishankar Muthukrishnan OSSL_PARAM *params = sess->u.sm2.params; 27209d91c304SGowrishankar Muthukrishnan EVP_MD_CTX *md_ctx = NULL; 27219d91c304SGowrishankar Muthukrishnan ECDSA_SIG *ec_sign = NULL; 27229d91c304SGowrishankar Muthukrishnan EVP_MD *check_md = NULL; 27233b7d638fSGowrishankar Muthukrishnan EVP_PKEY *pkey = NULL; 27243b7d638fSGowrishankar Muthukrishnan int ret = -1; 27253b7d638fSGowrishankar Muthukrishnan 27263b7d638fSGowrishankar Muthukrishnan cop->status = RTE_CRYPTO_OP_STATUS_ERROR; 27273b7d638fSGowrishankar Muthukrishnan 27283b7d638fSGowrishankar Muthukrishnan if (cop->asym->sm2.k.data != NULL) 27293b7d638fSGowrishankar Muthukrishnan goto err_sm2; 27303b7d638fSGowrishankar Muthukrishnan 27313b7d638fSGowrishankar Muthukrishnan switch (op->sm2.op_type) { 27323b7d638fSGowrishankar Muthukrishnan case RTE_CRYPTO_ASYM_OP_ENCRYPT: 27333b7d638fSGowrishankar Muthukrishnan { 27343b7d638fSGowrishankar Muthukrishnan OSSL_PARAM *eparams = sess->u.sm2.params; 27354ebc8e00SGowrishankar Muthukrishnan size_t output_len = 0; 27363b7d638fSGowrishankar Muthukrishnan 27373b7d638fSGowrishankar Muthukrishnan kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL); 27383b7d638fSGowrishankar Muthukrishnan if (kctx == NULL || EVP_PKEY_fromdata_init(kctx) <= 0 || 27393b7d638fSGowrishankar Muthukrishnan EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) 27403b7d638fSGowrishankar Muthukrishnan goto err_sm2; 27413b7d638fSGowrishankar Muthukrishnan 27423b7d638fSGowrishankar Muthukrishnan cctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL); 27433b7d638fSGowrishankar Muthukrishnan if (!cctx) 27443b7d638fSGowrishankar Muthukrishnan goto err_sm2; 27453b7d638fSGowrishankar Muthukrishnan 27463b7d638fSGowrishankar Muthukrishnan if (!EVP_PKEY_encrypt_init(cctx)) 27473b7d638fSGowrishankar Muthukrishnan goto err_sm2; 27483b7d638fSGowrishankar Muthukrishnan 27493b7d638fSGowrishankar Muthukrishnan if (!EVP_PKEY_CTX_set_params(cctx, eparams)) 27503b7d638fSGowrishankar Muthukrishnan goto err_sm2; 27513b7d638fSGowrishankar Muthukrishnan 27523b7d638fSGowrishankar Muthukrishnan if (!EVP_PKEY_encrypt(cctx, op->sm2.cipher.data, &output_len, 27533b7d638fSGowrishankar Muthukrishnan op->sm2.message.data, 27543b7d638fSGowrishankar Muthukrishnan op->sm2.message.length)) 27553b7d638fSGowrishankar Muthukrishnan goto err_sm2; 27563b7d638fSGowrishankar Muthukrishnan op->sm2.cipher.length = output_len; 27573b7d638fSGowrishankar Muthukrishnan } 27583b7d638fSGowrishankar Muthukrishnan break; 27593b7d638fSGowrishankar Muthukrishnan case RTE_CRYPTO_ASYM_OP_DECRYPT: 27603b7d638fSGowrishankar Muthukrishnan { 27613b7d638fSGowrishankar Muthukrishnan OSSL_PARAM *eparams = sess->u.sm2.params; 27623b7d638fSGowrishankar Muthukrishnan 27633b7d638fSGowrishankar Muthukrishnan kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL); 27643b7d638fSGowrishankar Muthukrishnan if (kctx == NULL 27653b7d638fSGowrishankar Muthukrishnan || EVP_PKEY_fromdata_init(kctx) <= 0 27663b7d638fSGowrishankar Muthukrishnan || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) 27673b7d638fSGowrishankar Muthukrishnan goto err_sm2; 27683b7d638fSGowrishankar Muthukrishnan 27693b7d638fSGowrishankar Muthukrishnan cctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL); 27703b7d638fSGowrishankar Muthukrishnan if (!cctx) 27713b7d638fSGowrishankar Muthukrishnan goto err_sm2; 27723b7d638fSGowrishankar Muthukrishnan 27733b7d638fSGowrishankar Muthukrishnan if (!EVP_PKEY_decrypt_init(cctx)) 27743b7d638fSGowrishankar Muthukrishnan goto err_sm2; 27753b7d638fSGowrishankar Muthukrishnan 27763b7d638fSGowrishankar Muthukrishnan if (!EVP_PKEY_CTX_set_params(cctx, eparams)) 27773b7d638fSGowrishankar Muthukrishnan goto err_sm2; 27783b7d638fSGowrishankar Muthukrishnan 27793b7d638fSGowrishankar Muthukrishnan if (!EVP_PKEY_decrypt(cctx, op->sm2.message.data, &op->sm2.message.length, 27803b7d638fSGowrishankar Muthukrishnan op->sm2.cipher.data, op->sm2.cipher.length)) 27813b7d638fSGowrishankar Muthukrishnan goto err_sm2; 27823b7d638fSGowrishankar Muthukrishnan } 27833b7d638fSGowrishankar Muthukrishnan break; 27843b7d638fSGowrishankar Muthukrishnan case RTE_CRYPTO_ASYM_OP_SIGN: 27853b7d638fSGowrishankar Muthukrishnan { 27863b7d638fSGowrishankar Muthukrishnan unsigned char signbuf[128] = {0}; 27873b7d638fSGowrishankar Muthukrishnan const unsigned char *signptr; 27883b7d638fSGowrishankar Muthukrishnan const BIGNUM *r, *s; 27893b7d638fSGowrishankar Muthukrishnan size_t signlen; 27903b7d638fSGowrishankar Muthukrishnan 27913b7d638fSGowrishankar Muthukrishnan kctx = EVP_PKEY_CTX_new_from_name(NULL, "SM2", NULL); 27923b7d638fSGowrishankar Muthukrishnan if (kctx == NULL || EVP_PKEY_fromdata_init(kctx) <= 0 || 27933b7d638fSGowrishankar Muthukrishnan EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) 27943b7d638fSGowrishankar Muthukrishnan goto err_sm2; 27953b7d638fSGowrishankar Muthukrishnan 27963b7d638fSGowrishankar Muthukrishnan md_ctx = EVP_MD_CTX_new(); 27973b7d638fSGowrishankar Muthukrishnan if (!md_ctx) 27983b7d638fSGowrishankar Muthukrishnan goto err_sm2; 27993b7d638fSGowrishankar Muthukrishnan 28003b7d638fSGowrishankar Muthukrishnan sctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL); 28013b7d638fSGowrishankar Muthukrishnan if (!sctx) 28023b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28033b7d638fSGowrishankar Muthukrishnan 28043b7d638fSGowrishankar Muthukrishnan EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); 28053b7d638fSGowrishankar Muthukrishnan 28063b7d638fSGowrishankar Muthukrishnan check_md = EVP_MD_fetch(NULL, "sm3", NULL); 28073b7d638fSGowrishankar Muthukrishnan if (!check_md) 28083b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28093b7d638fSGowrishankar Muthukrishnan 28103b7d638fSGowrishankar Muthukrishnan if (!EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)) 28113b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28123b7d638fSGowrishankar Muthukrishnan 28133b7d638fSGowrishankar Muthukrishnan if (EVP_PKEY_CTX_set1_id(sctx, op->sm2.id.data, op->sm2.id.length) <= 0) 28143b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28153b7d638fSGowrishankar Muthukrishnan 28163b7d638fSGowrishankar Muthukrishnan if (!EVP_DigestSignUpdate(md_ctx, op->sm2.message.data, 28173b7d638fSGowrishankar Muthukrishnan op->sm2.message.length)) 28183b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28193b7d638fSGowrishankar Muthukrishnan 28203b7d638fSGowrishankar Muthukrishnan if (!EVP_DigestSignFinal(md_ctx, NULL, &signlen)) 28213b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28223b7d638fSGowrishankar Muthukrishnan 28233b7d638fSGowrishankar Muthukrishnan if (!EVP_DigestSignFinal(md_ctx, signbuf, &signlen)) 28243b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28253b7d638fSGowrishankar Muthukrishnan 28263b7d638fSGowrishankar Muthukrishnan signptr = signbuf; 28273b7d638fSGowrishankar Muthukrishnan ec_sign = d2i_ECDSA_SIG(NULL, &signptr, signlen); 28283b7d638fSGowrishankar Muthukrishnan if (!ec_sign) 28293b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28303b7d638fSGowrishankar Muthukrishnan 28313b7d638fSGowrishankar Muthukrishnan r = ECDSA_SIG_get0_r(ec_sign); 28323b7d638fSGowrishankar Muthukrishnan s = ECDSA_SIG_get0_s(ec_sign); 28333b7d638fSGowrishankar Muthukrishnan if (!r || !s) 28343b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28353b7d638fSGowrishankar Muthukrishnan 28363b7d638fSGowrishankar Muthukrishnan op->sm2.r.length = BN_num_bytes(r); 28373b7d638fSGowrishankar Muthukrishnan op->sm2.s.length = BN_num_bytes(s); 28383b7d638fSGowrishankar Muthukrishnan BN_bn2bin(r, op->sm2.r.data); 28393b7d638fSGowrishankar Muthukrishnan BN_bn2bin(s, op->sm2.s.data); 28403b7d638fSGowrishankar Muthukrishnan 28413b7d638fSGowrishankar Muthukrishnan ECDSA_SIG_free(ec_sign); 28423b7d638fSGowrishankar Muthukrishnan } 28433b7d638fSGowrishankar Muthukrishnan break; 28443b7d638fSGowrishankar Muthukrishnan case RTE_CRYPTO_ASYM_OP_VERIFY: 28453b7d638fSGowrishankar Muthukrishnan { 28469d91c304SGowrishankar Muthukrishnan unsigned char signbuf[128] = {0}, *signbuf_new = NULL; 28473b7d638fSGowrishankar Muthukrishnan BIGNUM *r = NULL, *s = NULL; 28483b7d638fSGowrishankar Muthukrishnan size_t signlen; 28493b7d638fSGowrishankar Muthukrishnan 28503b7d638fSGowrishankar Muthukrishnan kctx = EVP_PKEY_CTX_new_from_name(NULL, "SM2", NULL); 28513b7d638fSGowrishankar Muthukrishnan if (kctx == NULL || EVP_PKEY_fromdata_init(kctx) <= 0 || 28523b7d638fSGowrishankar Muthukrishnan EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_PUBLIC_KEY, params) <= 0) 28533b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28543b7d638fSGowrishankar Muthukrishnan 28553b7d638fSGowrishankar Muthukrishnan if (!EVP_PKEY_is_a(pkey, "SM2")) 28563b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28573b7d638fSGowrishankar Muthukrishnan 28583b7d638fSGowrishankar Muthukrishnan md_ctx = EVP_MD_CTX_new(); 28593b7d638fSGowrishankar Muthukrishnan if (!md_ctx) 28603b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28613b7d638fSGowrishankar Muthukrishnan 28623b7d638fSGowrishankar Muthukrishnan sctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL); 28633b7d638fSGowrishankar Muthukrishnan if (!sctx) 28643b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28653b7d638fSGowrishankar Muthukrishnan 28663b7d638fSGowrishankar Muthukrishnan EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); 28673b7d638fSGowrishankar Muthukrishnan 28683b7d638fSGowrishankar Muthukrishnan check_md = EVP_MD_fetch(NULL, "sm3", NULL); 28693b7d638fSGowrishankar Muthukrishnan if (!check_md) 28703b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28713b7d638fSGowrishankar Muthukrishnan 28723b7d638fSGowrishankar Muthukrishnan if (!EVP_DigestVerifyInit(md_ctx, NULL, check_md, NULL, pkey)) 28733b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28743b7d638fSGowrishankar Muthukrishnan 28753b7d638fSGowrishankar Muthukrishnan if (EVP_PKEY_CTX_set1_id(sctx, op->sm2.id.data, op->sm2.id.length) <= 0) 28763b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28773b7d638fSGowrishankar Muthukrishnan 28783b7d638fSGowrishankar Muthukrishnan if (!EVP_DigestVerifyUpdate(md_ctx, op->sm2.message.data, 28793b7d638fSGowrishankar Muthukrishnan op->sm2.message.length)) 28803b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28813b7d638fSGowrishankar Muthukrishnan 28823b7d638fSGowrishankar Muthukrishnan ec_sign = ECDSA_SIG_new(); 28833b7d638fSGowrishankar Muthukrishnan if (!ec_sign) 28843b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28853b7d638fSGowrishankar Muthukrishnan 28863b7d638fSGowrishankar Muthukrishnan r = BN_bin2bn(op->sm2.r.data, op->sm2.r.length, r); 28873b7d638fSGowrishankar Muthukrishnan s = BN_bin2bn(op->sm2.s.data, op->sm2.s.length, s); 28883b7d638fSGowrishankar Muthukrishnan if (!r || !s) 28893b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28903b7d638fSGowrishankar Muthukrishnan 28913b7d638fSGowrishankar Muthukrishnan if (!ECDSA_SIG_set0(ec_sign, r, s)) { 28923b7d638fSGowrishankar Muthukrishnan BN_free(r); 28933b7d638fSGowrishankar Muthukrishnan BN_free(s); 28943b7d638fSGowrishankar Muthukrishnan goto err_sm2; 28953b7d638fSGowrishankar Muthukrishnan } 28963b7d638fSGowrishankar Muthukrishnan 28973b7d638fSGowrishankar Muthukrishnan r = NULL; 28983b7d638fSGowrishankar Muthukrishnan s = NULL; 28993b7d638fSGowrishankar Muthukrishnan 29009d91c304SGowrishankar Muthukrishnan signbuf_new = signbuf; 29019d91c304SGowrishankar Muthukrishnan signlen = i2d_ECDSA_SIG(ec_sign, (unsigned char **)&signbuf_new); 29023b7d638fSGowrishankar Muthukrishnan if (signlen <= 0) 29033b7d638fSGowrishankar Muthukrishnan goto err_sm2; 29043b7d638fSGowrishankar Muthukrishnan 29059d91c304SGowrishankar Muthukrishnan if (!EVP_DigestVerifyFinal(md_ctx, signbuf_new, signlen)) 29063b7d638fSGowrishankar Muthukrishnan goto err_sm2; 29073b7d638fSGowrishankar Muthukrishnan 29083b7d638fSGowrishankar Muthukrishnan BN_free(r); 29093b7d638fSGowrishankar Muthukrishnan BN_free(s); 29103b7d638fSGowrishankar Muthukrishnan ECDSA_SIG_free(ec_sign); 29113b7d638fSGowrishankar Muthukrishnan } 29123b7d638fSGowrishankar Muthukrishnan break; 29133b7d638fSGowrishankar Muthukrishnan default: 29143b7d638fSGowrishankar Muthukrishnan /* allow ops with invalid args to be pushed to 29153b7d638fSGowrishankar Muthukrishnan * completion queue 29163b7d638fSGowrishankar Muthukrishnan */ 29173b7d638fSGowrishankar Muthukrishnan cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; 29183b7d638fSGowrishankar Muthukrishnan goto err_sm2; 29193b7d638fSGowrishankar Muthukrishnan } 29203b7d638fSGowrishankar Muthukrishnan 29213b7d638fSGowrishankar Muthukrishnan ret = 0; 29223b7d638fSGowrishankar Muthukrishnan cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; 29233b7d638fSGowrishankar Muthukrishnan err_sm2: 29249d91c304SGowrishankar Muthukrishnan EVP_MD_free(check_md); 29259d91c304SGowrishankar Muthukrishnan EVP_MD_CTX_free(md_ctx); 29269d91c304SGowrishankar Muthukrishnan 29273b7d638fSGowrishankar Muthukrishnan EVP_PKEY_CTX_free(kctx); 29283b7d638fSGowrishankar Muthukrishnan 29293b7d638fSGowrishankar Muthukrishnan EVP_PKEY_CTX_free(sctx); 29303b7d638fSGowrishankar Muthukrishnan 29313b7d638fSGowrishankar Muthukrishnan EVP_PKEY_CTX_free(cctx); 29323b7d638fSGowrishankar Muthukrishnan 29333b7d638fSGowrishankar Muthukrishnan EVP_PKEY_free(pkey); 29343b7d638fSGowrishankar Muthukrishnan 29353b7d638fSGowrishankar Muthukrishnan return ret; 29363b7d638fSGowrishankar Muthukrishnan } 29373b7d638fSGowrishankar Muthukrishnan 2938d7bd42f6SKai Ji #else 29393e9d6bd4SSunila Sahu static int 29403e9d6bd4SSunila Sahu process_openssl_rsa_op(struct rte_crypto_op *cop, 29413e9d6bd4SSunila Sahu struct openssl_asym_session *sess) 29423e9d6bd4SSunila Sahu { 29433e9d6bd4SSunila Sahu int ret = 0; 29443e9d6bd4SSunila Sahu struct rte_crypto_asym_op *op = cop->asym; 29453e9d6bd4SSunila Sahu RSA *rsa = sess->u.r.rsa; 2946db8d2a2cSArek Kusztal uint32_t pad = (op->rsa.padding.type); 2947fe1606e0SAkash Saxena uint8_t *tmp; 2948fe1606e0SAkash Saxena 2949fe1606e0SAkash Saxena cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; 29503e9d6bd4SSunila Sahu 29513e9d6bd4SSunila Sahu switch (pad) { 295240dd1f42SArek Kusztal case RTE_CRYPTO_RSA_PADDING_PKCS1_5: 29533e9d6bd4SSunila Sahu pad = RSA_PKCS1_PADDING; 29543e9d6bd4SSunila Sahu break; 29553e9d6bd4SSunila Sahu case RTE_CRYPTO_RSA_PADDING_NONE: 29563e9d6bd4SSunila Sahu pad = RSA_NO_PADDING; 29573e9d6bd4SSunila Sahu break; 29583e9d6bd4SSunila Sahu default: 29593e9d6bd4SSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; 29603e9d6bd4SSunila Sahu OPENSSL_LOG(ERR, 29613e9d6bd4SSunila Sahu "rsa pad type not supported %d\n", pad); 29623e9d6bd4SSunila Sahu return 0; 29633e9d6bd4SSunila Sahu } 29643e9d6bd4SSunila Sahu 29653e9d6bd4SSunila Sahu switch (op->rsa.op_type) { 29663e9d6bd4SSunila Sahu case RTE_CRYPTO_ASYM_OP_ENCRYPT: 29673e9d6bd4SSunila Sahu ret = RSA_public_encrypt(op->rsa.message.length, 29683e9d6bd4SSunila Sahu op->rsa.message.data, 2969501ed9c6SArek Kusztal op->rsa.cipher.data, 29703e9d6bd4SSunila Sahu rsa, 29713e9d6bd4SSunila Sahu pad); 29723e9d6bd4SSunila Sahu 29733e9d6bd4SSunila Sahu if (ret > 0) 2974501ed9c6SArek Kusztal op->rsa.cipher.length = ret; 29753e9d6bd4SSunila Sahu OPENSSL_LOG(DEBUG, 29763e9d6bd4SSunila Sahu "length of encrypted text %d\n", ret); 29773e9d6bd4SSunila Sahu break; 29783e9d6bd4SSunila Sahu 29793e9d6bd4SSunila Sahu case RTE_CRYPTO_ASYM_OP_DECRYPT: 2980501ed9c6SArek Kusztal ret = RSA_private_decrypt(op->rsa.cipher.length, 2981501ed9c6SArek Kusztal op->rsa.cipher.data, 29823e9d6bd4SSunila Sahu op->rsa.message.data, 29833e9d6bd4SSunila Sahu rsa, 29843e9d6bd4SSunila Sahu pad); 29853e9d6bd4SSunila Sahu if (ret > 0) 29863e9d6bd4SSunila Sahu op->rsa.message.length = ret; 29873e9d6bd4SSunila Sahu break; 29883e9d6bd4SSunila Sahu 29893e9d6bd4SSunila Sahu case RTE_CRYPTO_ASYM_OP_SIGN: 29903e9d6bd4SSunila Sahu ret = RSA_private_encrypt(op->rsa.message.length, 29913e9d6bd4SSunila Sahu op->rsa.message.data, 29923e9d6bd4SSunila Sahu op->rsa.sign.data, 29933e9d6bd4SSunila Sahu rsa, 29943e9d6bd4SSunila Sahu pad); 29953e9d6bd4SSunila Sahu if (ret > 0) 29963e9d6bd4SSunila Sahu op->rsa.sign.length = ret; 29973e9d6bd4SSunila Sahu break; 29983e9d6bd4SSunila Sahu 29993e9d6bd4SSunila Sahu case RTE_CRYPTO_ASYM_OP_VERIFY: 3000fe1606e0SAkash Saxena tmp = rte_malloc(NULL, op->rsa.sign.length, 0); 3001fe1606e0SAkash Saxena if (tmp == NULL) { 3002fe1606e0SAkash Saxena OPENSSL_LOG(ERR, "Memory allocation failed"); 3003fe1606e0SAkash Saxena cop->status = RTE_CRYPTO_OP_STATUS_ERROR; 3004fe1606e0SAkash Saxena break; 3005fe1606e0SAkash Saxena } 30063e9d6bd4SSunila Sahu ret = RSA_public_decrypt(op->rsa.sign.length, 30073e9d6bd4SSunila Sahu op->rsa.sign.data, 3008fe1606e0SAkash Saxena tmp, 30093e9d6bd4SSunila Sahu rsa, 30103e9d6bd4SSunila Sahu pad); 30113e9d6bd4SSunila Sahu 30123e9d6bd4SSunila Sahu OPENSSL_LOG(DEBUG, 30133e9d6bd4SSunila Sahu "Length of public_decrypt %d " 30143e9d6bd4SSunila Sahu "length of message %zd\n", 30153e9d6bd4SSunila Sahu ret, op->rsa.message.length); 3016a3f9fedeSArek Kusztal if ((ret <= 0) || (CRYPTO_memcmp(tmp, op->rsa.message.data, 3017fe1606e0SAkash Saxena op->rsa.message.length))) { 3018fe1606e0SAkash Saxena OPENSSL_LOG(ERR, "RSA sign Verification failed"); 3019fe1606e0SAkash Saxena cop->status = RTE_CRYPTO_OP_STATUS_ERROR; 30203e9d6bd4SSunila Sahu } 3021fe1606e0SAkash Saxena rte_free(tmp); 30223e9d6bd4SSunila Sahu break; 30233e9d6bd4SSunila Sahu 30243e9d6bd4SSunila Sahu default: 30253e9d6bd4SSunila Sahu /* allow ops with invalid args to be pushed to 30263e9d6bd4SSunila Sahu * completion queue 30273e9d6bd4SSunila Sahu */ 30283e9d6bd4SSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; 30293e9d6bd4SSunila Sahu break; 30303e9d6bd4SSunila Sahu } 30313e9d6bd4SSunila Sahu 30323e9d6bd4SSunila Sahu if (ret < 0) 30333e9d6bd4SSunila Sahu cop->status = RTE_CRYPTO_OP_STATUS_ERROR; 30343e9d6bd4SSunila Sahu 30353e9d6bd4SSunila Sahu return 0; 30363e9d6bd4SSunila Sahu } 30373b7d638fSGowrishankar Muthukrishnan 30383b7d638fSGowrishankar Muthukrishnan static int 30393b7d638fSGowrishankar Muthukrishnan process_openssl_sm2_op(struct rte_crypto_op *cop, 30403b7d638fSGowrishankar Muthukrishnan struct openssl_asym_session *sess) 30413b7d638fSGowrishankar Muthukrishnan { 30423b7d638fSGowrishankar Muthukrishnan RTE_SET_USED(cop); 30433b7d638fSGowrishankar Muthukrishnan RTE_SET_USED(sess); 30443b7d638fSGowrishankar Muthukrishnan return -ENOTSUP; 30453b7d638fSGowrishankar Muthukrishnan } 3046d7bd42f6SKai Ji #endif 30473e9d6bd4SSunila Sahu 30483e9d6bd4SSunila Sahu static int 30493e9d6bd4SSunila Sahu process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op, 30503e9d6bd4SSunila Sahu struct openssl_asym_session *sess) 30513e9d6bd4SSunila Sahu { 30523e9d6bd4SSunila Sahu int retval = 0; 30533e9d6bd4SSunila Sahu 30543e9d6bd4SSunila Sahu op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; 30553e9d6bd4SSunila Sahu 30563e9d6bd4SSunila Sahu switch (sess->xfrm_type) { 30573e9d6bd4SSunila Sahu case RTE_CRYPTO_ASYM_XFORM_RSA: 3058d7bd42f6SKai Ji #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 3059d7bd42f6SKai Ji retval = process_openssl_rsa_op_evp(op, sess); 3060d7bd42f6SKai Ji # else 30613e9d6bd4SSunila Sahu retval = process_openssl_rsa_op(op, sess); 3062d7bd42f6SKai Ji #endif 30633e9d6bd4SSunila Sahu break; 30643e9d6bd4SSunila Sahu case RTE_CRYPTO_ASYM_XFORM_MODEX: 30653e9d6bd4SSunila Sahu retval = process_openssl_modexp_op(op, sess); 30663e9d6bd4SSunila Sahu break; 30673e9d6bd4SSunila Sahu case RTE_CRYPTO_ASYM_XFORM_MODINV: 30683e9d6bd4SSunila Sahu retval = process_openssl_modinv_op(op, sess); 30693e9d6bd4SSunila Sahu break; 3070ac42813aSSunila Sahu case RTE_CRYPTO_ASYM_XFORM_DH: 3071c794b40cSKai Ji #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 3072c794b40cSKai Ji retval = process_openssl_dh_op_evp(op, sess); 3073c794b40cSKai Ji # else 3074ac42813aSSunila Sahu retval = process_openssl_dh_op(op, sess); 3075c794b40cSKai Ji #endif 3076ac42813aSSunila Sahu break; 3077ac42813aSSunila Sahu case RTE_CRYPTO_ASYM_XFORM_DSA: 30784c7ae22fSKai Ji #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 30794c7ae22fSKai Ji if (op->asym->dsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) 30804c7ae22fSKai Ji retval = process_openssl_dsa_sign_op_evp(op, sess); 30814c7ae22fSKai Ji else if (op->asym->dsa.op_type == 30824c7ae22fSKai Ji RTE_CRYPTO_ASYM_OP_VERIFY) 30834c7ae22fSKai Ji retval = 30844c7ae22fSKai Ji process_openssl_dsa_verify_op_evp(op, sess); 30854c7ae22fSKai Ji #else 3086ac42813aSSunila Sahu if (op->asym->dsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) 3087ac42813aSSunila Sahu retval = process_openssl_dsa_sign_op(op, sess); 3088ac42813aSSunila Sahu else if (op->asym->dsa.op_type == 3089ac42813aSSunila Sahu RTE_CRYPTO_ASYM_OP_VERIFY) 3090ac42813aSSunila Sahu retval = 3091ac42813aSSunila Sahu process_openssl_dsa_verify_op(op, sess); 3092ac42813aSSunila Sahu else 3093ac42813aSSunila Sahu op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; 30944c7ae22fSKai Ji #endif 3095ac42813aSSunila Sahu break; 30963b7d638fSGowrishankar Muthukrishnan case RTE_CRYPTO_ASYM_XFORM_SM2: 30973b7d638fSGowrishankar Muthukrishnan #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 30983b7d638fSGowrishankar Muthukrishnan retval = process_openssl_sm2_op_evp(op, sess); 30993b7d638fSGowrishankar Muthukrishnan #else 31003b7d638fSGowrishankar Muthukrishnan retval = process_openssl_sm2_op(op, sess); 31013b7d638fSGowrishankar Muthukrishnan #endif 31023b7d638fSGowrishankar Muthukrishnan break; 31033e9d6bd4SSunila Sahu default: 31043e9d6bd4SSunila Sahu op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; 31053e9d6bd4SSunila Sahu break; 31063e9d6bd4SSunila Sahu } 31073e9d6bd4SSunila Sahu if (!retval) { 31083e9d6bd4SSunila Sahu /* op processed so push to completion queue as processed */ 31093e9d6bd4SSunila Sahu retval = rte_ring_enqueue(qp->processed_ops, (void *)op); 31103e9d6bd4SSunila Sahu if (retval) 31113e9d6bd4SSunila Sahu /* return error if failed to put in completion queue */ 31123e9d6bd4SSunila Sahu retval = -1; 31133e9d6bd4SSunila Sahu } 31143e9d6bd4SSunila Sahu 31153e9d6bd4SSunila Sahu return retval; 31163e9d6bd4SSunila Sahu } 31173e9d6bd4SSunila Sahu 31181fa538faSPablo de Lara static void 31191fa538faSPablo de Lara copy_plaintext(struct rte_mbuf *m_src, struct rte_mbuf *m_dst, 31201fa538faSPablo de Lara struct rte_crypto_op *op) 31211fa538faSPablo de Lara { 31221fa538faSPablo de Lara uint8_t *p_src, *p_dst; 31231fa538faSPablo de Lara 31241fa538faSPablo de Lara p_src = rte_pktmbuf_mtod(m_src, uint8_t *); 31251fa538faSPablo de Lara p_dst = rte_pktmbuf_mtod(m_dst, uint8_t *); 31261fa538faSPablo de Lara 31271fa538faSPablo de Lara /** 31281fa538faSPablo de Lara * Copy the content between cipher offset and auth offset 31291fa538faSPablo de Lara * for generating correct digest. 31301fa538faSPablo de Lara */ 31311fa538faSPablo de Lara if (op->sym->cipher.data.offset > op->sym->auth.data.offset) 31321fa538faSPablo de Lara memcpy(p_dst + op->sym->auth.data.offset, 31331fa538faSPablo de Lara p_src + op->sym->auth.data.offset, 31341fa538faSPablo de Lara op->sym->cipher.data.offset - 31351fa538faSPablo de Lara op->sym->auth.data.offset); 31361fa538faSPablo de Lara } 31371fa538faSPablo de Lara 31388a9867a6SSlawomir Mrozowicz /** Process crypto operation for mbuf */ 31398a9867a6SSlawomir Mrozowicz static int 3140f296593fSPablo de Lara process_op(struct openssl_qp *qp, struct rte_crypto_op *op, 31418a9867a6SSlawomir Mrozowicz struct openssl_session *sess) 31428a9867a6SSlawomir Mrozowicz { 31438a9867a6SSlawomir Mrozowicz struct rte_mbuf *msrc, *mdst; 31448a9867a6SSlawomir Mrozowicz int retval; 31458a9867a6SSlawomir Mrozowicz 31468a9867a6SSlawomir Mrozowicz msrc = op->sym->m_src; 31478a9867a6SSlawomir Mrozowicz mdst = op->sym->m_dst ? op->sym->m_dst : op->sym->m_src; 31488a9867a6SSlawomir Mrozowicz 31498a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; 31508a9867a6SSlawomir Mrozowicz 31518a9867a6SSlawomir Mrozowicz switch (sess->chain_order) { 31528a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_ONLY_CIPHER: 31538a9867a6SSlawomir Mrozowicz process_openssl_cipher_op(op, sess, msrc, mdst); 31548a9867a6SSlawomir Mrozowicz break; 31558a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_ONLY_AUTH: 3156f296593fSPablo de Lara process_openssl_auth_op(qp, op, sess, msrc, mdst); 31578a9867a6SSlawomir Mrozowicz break; 31588a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_CIPHER_AUTH: 31598a9867a6SSlawomir Mrozowicz process_openssl_cipher_op(op, sess, msrc, mdst); 31601fa538faSPablo de Lara /* OOP */ 31611fa538faSPablo de Lara if (msrc != mdst) 31621fa538faSPablo de Lara copy_plaintext(msrc, mdst, op); 3163f296593fSPablo de Lara process_openssl_auth_op(qp, op, sess, mdst, mdst); 31648a9867a6SSlawomir Mrozowicz break; 31658a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_AUTH_CIPHER: 3166f296593fSPablo de Lara process_openssl_auth_op(qp, op, sess, msrc, mdst); 31678a9867a6SSlawomir Mrozowicz process_openssl_cipher_op(op, sess, msrc, mdst); 31688a9867a6SSlawomir Mrozowicz break; 31698a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_COMBINED: 31708a9867a6SSlawomir Mrozowicz process_openssl_combined_op(op, sess, msrc, mdst); 31718a9867a6SSlawomir Mrozowicz break; 31721dee7bc7SPablo de Lara case OPENSSL_CHAIN_CIPHER_BPI: 31731dee7bc7SPablo de Lara process_openssl_docsis_bpi_op(op, sess, msrc, mdst); 31741dee7bc7SPablo de Lara break; 31758a9867a6SSlawomir Mrozowicz default: 31768a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_ERROR; 31778a9867a6SSlawomir Mrozowicz break; 31788a9867a6SSlawomir Mrozowicz } 31798a9867a6SSlawomir Mrozowicz 31808a9867a6SSlawomir Mrozowicz /* Free session if a session-less crypto op */ 31815209df0dSPablo de Lara if (op->sess_type == RTE_CRYPTO_OP_SESSIONLESS) { 31828a9867a6SSlawomir Mrozowicz openssl_reset_session(sess); 31838a9867a6SSlawomir Mrozowicz memset(sess, 0, sizeof(struct openssl_session)); 31848a9867a6SSlawomir Mrozowicz rte_mempool_put(qp->sess_mp, op->sym->session); 31858a9867a6SSlawomir Mrozowicz op->sym->session = NULL; 31868a9867a6SSlawomir Mrozowicz } 31878a9867a6SSlawomir Mrozowicz 31888a9867a6SSlawomir Mrozowicz if (op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED) 31898a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; 31908a9867a6SSlawomir Mrozowicz 31918a9867a6SSlawomir Mrozowicz if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) 31928a9867a6SSlawomir Mrozowicz retval = rte_ring_enqueue(qp->processed_ops, (void *)op); 31938a9867a6SSlawomir Mrozowicz else 31948a9867a6SSlawomir Mrozowicz retval = -1; 31958a9867a6SSlawomir Mrozowicz 31968a9867a6SSlawomir Mrozowicz return retval; 31978a9867a6SSlawomir Mrozowicz } 31988a9867a6SSlawomir Mrozowicz 31998a9867a6SSlawomir Mrozowicz /* 32008a9867a6SSlawomir Mrozowicz *------------------------------------------------------------------------------ 32018a9867a6SSlawomir Mrozowicz * PMD Framework 32028a9867a6SSlawomir Mrozowicz *------------------------------------------------------------------------------ 32038a9867a6SSlawomir Mrozowicz */ 32048a9867a6SSlawomir Mrozowicz 32058a9867a6SSlawomir Mrozowicz /** Enqueue burst */ 32068a9867a6SSlawomir Mrozowicz static uint16_t 32078a9867a6SSlawomir Mrozowicz openssl_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops, 32088a9867a6SSlawomir Mrozowicz uint16_t nb_ops) 32098a9867a6SSlawomir Mrozowicz { 32103e9d6bd4SSunila Sahu void *sess; 32118a9867a6SSlawomir Mrozowicz struct openssl_qp *qp = queue_pair; 32128a9867a6SSlawomir Mrozowicz int i, retval; 32138a9867a6SSlawomir Mrozowicz 32148a9867a6SSlawomir Mrozowicz for (i = 0; i < nb_ops; i++) { 32158a9867a6SSlawomir Mrozowicz sess = get_session(qp, ops[i]); 32168a9867a6SSlawomir Mrozowicz if (unlikely(sess == NULL)) 32178a9867a6SSlawomir Mrozowicz goto enqueue_err; 32188a9867a6SSlawomir Mrozowicz 32193e9d6bd4SSunila Sahu if (ops[i]->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) 32203e9d6bd4SSunila Sahu retval = process_op(qp, ops[i], 32213e9d6bd4SSunila Sahu (struct openssl_session *) sess); 32223e9d6bd4SSunila Sahu else 32233e9d6bd4SSunila Sahu retval = process_asym_op(qp, ops[i], 32243e9d6bd4SSunila Sahu (struct openssl_asym_session *) sess); 32258a9867a6SSlawomir Mrozowicz if (unlikely(retval < 0)) 32268a9867a6SSlawomir Mrozowicz goto enqueue_err; 32278a9867a6SSlawomir Mrozowicz } 32288a9867a6SSlawomir Mrozowicz 32298a9867a6SSlawomir Mrozowicz qp->stats.enqueued_count += i; 32308a9867a6SSlawomir Mrozowicz return i; 32318a9867a6SSlawomir Mrozowicz 32328a9867a6SSlawomir Mrozowicz enqueue_err: 32338a9867a6SSlawomir Mrozowicz qp->stats.enqueue_err_count++; 32348a9867a6SSlawomir Mrozowicz return i; 32358a9867a6SSlawomir Mrozowicz } 32368a9867a6SSlawomir Mrozowicz 32378a9867a6SSlawomir Mrozowicz /** Dequeue burst */ 32388a9867a6SSlawomir Mrozowicz static uint16_t 32398a9867a6SSlawomir Mrozowicz openssl_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops, 32408a9867a6SSlawomir Mrozowicz uint16_t nb_ops) 32418a9867a6SSlawomir Mrozowicz { 32428a9867a6SSlawomir Mrozowicz struct openssl_qp *qp = queue_pair; 32438a9867a6SSlawomir Mrozowicz 32448a9867a6SSlawomir Mrozowicz unsigned int nb_dequeued = 0; 32458a9867a6SSlawomir Mrozowicz 32468a9867a6SSlawomir Mrozowicz nb_dequeued = rte_ring_dequeue_burst(qp->processed_ops, 3247ecaed092SBruce Richardson (void **)ops, nb_ops, NULL); 32488a9867a6SSlawomir Mrozowicz qp->stats.dequeued_count += nb_dequeued; 32498a9867a6SSlawomir Mrozowicz 32508a9867a6SSlawomir Mrozowicz return nb_dequeued; 32518a9867a6SSlawomir Mrozowicz } 32528a9867a6SSlawomir Mrozowicz 32538a9867a6SSlawomir Mrozowicz /** Create OPENSSL crypto device */ 32548a9867a6SSlawomir Mrozowicz static int 3255168b9e76SPablo de Lara cryptodev_openssl_create(const char *name, 3256168b9e76SPablo de Lara struct rte_vdev_device *vdev, 3257f2f020d2SDeclan Doherty struct rte_cryptodev_pmd_init_params *init_params) 32588a9867a6SSlawomir Mrozowicz { 32598a9867a6SSlawomir Mrozowicz struct rte_cryptodev *dev; 32608a9867a6SSlawomir Mrozowicz struct openssl_private *internals; 32618a9867a6SSlawomir Mrozowicz 3262f2f020d2SDeclan Doherty dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params); 32638a9867a6SSlawomir Mrozowicz if (dev == NULL) { 3264094b2386SNaga Suresh Somarowthu OPENSSL_LOG(ERR, "failed to create cryptodev vdev"); 32658a9867a6SSlawomir Mrozowicz goto init_error; 32668a9867a6SSlawomir Mrozowicz } 32678a9867a6SSlawomir Mrozowicz 32687a364faeSSlawomir Mrozowicz dev->driver_id = cryptodev_driver_id; 32698a9867a6SSlawomir Mrozowicz dev->dev_ops = rte_openssl_pmd_ops; 32708a9867a6SSlawomir Mrozowicz 32718a9867a6SSlawomir Mrozowicz /* register rx/tx burst functions for data path */ 32728a9867a6SSlawomir Mrozowicz dev->dequeue_burst = openssl_pmd_dequeue_burst; 32738a9867a6SSlawomir Mrozowicz dev->enqueue_burst = openssl_pmd_enqueue_burst; 32748a9867a6SSlawomir Mrozowicz 32758a9867a6SSlawomir Mrozowicz dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | 32768a9867a6SSlawomir Mrozowicz RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | 32778f675fc7STomasz Kulasek RTE_CRYPTODEV_FF_CPU_AESNI | 3278b795e127SAkhil Goyal RTE_CRYPTODEV_FF_IN_PLACE_SGL | 32792717246eSPablo de Lara RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | 32803e9d6bd4SSunila Sahu RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | 3281378e08ebSAyuj Verma RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO | 3282378e08ebSAyuj Verma RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP | 3283b3aaf24dSPablo de Lara RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT | 3284b3aaf24dSPablo de Lara RTE_CRYPTODEV_FF_SYM_SESSIONLESS; 32858a9867a6SSlawomir Mrozowicz 32868a9867a6SSlawomir Mrozowicz internals = dev->data->dev_private; 32878a9867a6SSlawomir Mrozowicz 32888a9867a6SSlawomir Mrozowicz internals->max_nb_qpairs = init_params->max_nb_queue_pairs; 32898a9867a6SSlawomir Mrozowicz 3290d54c72ecSAkhil Goyal rte_cryptodev_pmd_probing_finish(dev); 3291d54c72ecSAkhil Goyal 329275adf1eaSKai Ji # if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 329375adf1eaSKai Ji /* Load legacy provider 329475adf1eaSKai Ji * Some algorithms are no longer available in earlier version of openssl, 329575adf1eaSKai Ji * unless the legacy provider explicitly loaded. e.g. DES 329675adf1eaSKai Ji */ 329775adf1eaSKai Ji ossl_legacy_provider_load(); 329875adf1eaSKai Ji # endif 32998a9867a6SSlawomir Mrozowicz return 0; 33008a9867a6SSlawomir Mrozowicz 33018a9867a6SSlawomir Mrozowicz init_error: 3302094b2386SNaga Suresh Somarowthu OPENSSL_LOG(ERR, "driver %s: create failed", 3303d803b443SFan Zhang init_params->name); 33048a9867a6SSlawomir Mrozowicz 33055d2aa461SJan Blunck cryptodev_openssl_remove(vdev); 33068a9867a6SSlawomir Mrozowicz return -EFAULT; 33078a9867a6SSlawomir Mrozowicz } 33088a9867a6SSlawomir Mrozowicz 33098a9867a6SSlawomir Mrozowicz /** Initialise OPENSSL crypto device */ 33108a9867a6SSlawomir Mrozowicz static int 33115d2aa461SJan Blunck cryptodev_openssl_probe(struct rte_vdev_device *vdev) 33128a9867a6SSlawomir Mrozowicz { 3313f2f020d2SDeclan Doherty struct rte_cryptodev_pmd_init_params init_params = { 3314f2f020d2SDeclan Doherty "", 3315f2f020d2SDeclan Doherty sizeof(struct openssl_private), 3316d803b443SFan Zhang rte_socket_id(), 3317e1fc5b76SPablo de Lara RTE_CRYPTODEV_PMD_DEFAULT_MAX_NB_QUEUE_PAIRS 33188a9867a6SSlawomir Mrozowicz }; 33195d2aa461SJan Blunck const char *name; 33205d2aa461SJan Blunck const char *input_args; 33215d2aa461SJan Blunck 33225d2aa461SJan Blunck name = rte_vdev_device_name(vdev); 33237e214771SPablo de Lara if (name == NULL) 33247e214771SPablo de Lara return -EINVAL; 33255d2aa461SJan Blunck input_args = rte_vdev_device_args(vdev); 33268a9867a6SSlawomir Mrozowicz 3327f2f020d2SDeclan Doherty rte_cryptodev_pmd_parse_input_args(&init_params, input_args); 33288a9867a6SSlawomir Mrozowicz 3329168b9e76SPablo de Lara return cryptodev_openssl_create(name, vdev, &init_params); 33308a9867a6SSlawomir Mrozowicz } 33318a9867a6SSlawomir Mrozowicz 33328a9867a6SSlawomir Mrozowicz /** Uninitialise OPENSSL crypto device */ 33338a9867a6SSlawomir Mrozowicz static int 33345d2aa461SJan Blunck cryptodev_openssl_remove(struct rte_vdev_device *vdev) 33358a9867a6SSlawomir Mrozowicz { 3336f2f020d2SDeclan Doherty struct rte_cryptodev *cryptodev; 33375d2aa461SJan Blunck const char *name; 33385d2aa461SJan Blunck 33395d2aa461SJan Blunck name = rte_vdev_device_name(vdev); 33408a9867a6SSlawomir Mrozowicz if (name == NULL) 33418a9867a6SSlawomir Mrozowicz return -EINVAL; 33428a9867a6SSlawomir Mrozowicz 3343f2f020d2SDeclan Doherty cryptodev = rte_cryptodev_pmd_get_named_dev(name); 3344f2f020d2SDeclan Doherty if (cryptodev == NULL) 3345f2f020d2SDeclan Doherty return -ENODEV; 33468a9867a6SSlawomir Mrozowicz 334775adf1eaSKai Ji # if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 334875adf1eaSKai Ji ossl_legacy_provider_unload(); 334975adf1eaSKai Ji # endif 3350f2f020d2SDeclan Doherty return rte_cryptodev_pmd_destroy(cryptodev); 33518a9867a6SSlawomir Mrozowicz } 33528a9867a6SSlawomir Mrozowicz 33538a9867a6SSlawomir Mrozowicz static struct rte_vdev_driver cryptodev_openssl_pmd_drv = { 33548a9867a6SSlawomir Mrozowicz .probe = cryptodev_openssl_probe, 33558a9867a6SSlawomir Mrozowicz .remove = cryptodev_openssl_remove 33568a9867a6SSlawomir Mrozowicz }; 33578a9867a6SSlawomir Mrozowicz 3358effd3b9fSPablo de Lara static struct cryptodev_driver openssl_crypto_drv; 3359effd3b9fSPablo de Lara 33608a9867a6SSlawomir Mrozowicz RTE_PMD_REGISTER_VDEV(CRYPTODEV_NAME_OPENSSL_PMD, 33618a9867a6SSlawomir Mrozowicz cryptodev_openssl_pmd_drv); 33628a9867a6SSlawomir Mrozowicz RTE_PMD_REGISTER_PARAM_STRING(CRYPTODEV_NAME_OPENSSL_PMD, 33638a9867a6SSlawomir Mrozowicz "max_nb_queue_pairs=<int> " 33648a9867a6SSlawomir Mrozowicz "socket_id=<int>"); 3365f737f5ceSFiona Trahe RTE_PMD_REGISTER_CRYPTO_DRIVER(openssl_crypto_drv, 3366f737f5ceSFiona Trahe cryptodev_openssl_pmd_drv.driver, cryptodev_driver_id); 3367eeded204SDavid Marchand RTE_LOG_REGISTER_DEFAULT(openssl_logtype_driver, INFO); 3368