18a9867a6SSlawomir Mrozowicz /*- 28a9867a6SSlawomir Mrozowicz * BSD LICENSE 38a9867a6SSlawomir Mrozowicz * 48a9867a6SSlawomir Mrozowicz * Copyright(c) 2016 Intel Corporation. All rights reserved. 58a9867a6SSlawomir Mrozowicz * 68a9867a6SSlawomir Mrozowicz * Redistribution and use in source and binary forms, with or without 78a9867a6SSlawomir Mrozowicz * modification, are permitted provided that the following conditions 88a9867a6SSlawomir Mrozowicz * are met: 98a9867a6SSlawomir Mrozowicz * 108a9867a6SSlawomir Mrozowicz * * Redistributions of source code must retain the above copyright 118a9867a6SSlawomir Mrozowicz * notice, this list of conditions and the following disclaimer. 128a9867a6SSlawomir Mrozowicz * * Redistributions in binary form must reproduce the above copyright 138a9867a6SSlawomir Mrozowicz * notice, this list of conditions and the following disclaimer in 148a9867a6SSlawomir Mrozowicz * the documentation and/or other materials provided with the 158a9867a6SSlawomir Mrozowicz * distribution. 168a9867a6SSlawomir Mrozowicz * * Neither the name of Intel Corporation nor the names of its 178a9867a6SSlawomir Mrozowicz * contributors may be used to endorse or promote products derived 188a9867a6SSlawomir Mrozowicz * from this software without specific prior written permission. 198a9867a6SSlawomir Mrozowicz * 208a9867a6SSlawomir Mrozowicz * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 218a9867a6SSlawomir Mrozowicz * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 228a9867a6SSlawomir Mrozowicz * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 238a9867a6SSlawomir Mrozowicz * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 248a9867a6SSlawomir Mrozowicz * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 258a9867a6SSlawomir Mrozowicz * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 268a9867a6SSlawomir Mrozowicz * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 278a9867a6SSlawomir Mrozowicz * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 288a9867a6SSlawomir Mrozowicz * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 298a9867a6SSlawomir Mrozowicz * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 308a9867a6SSlawomir Mrozowicz * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 318a9867a6SSlawomir Mrozowicz */ 328a9867a6SSlawomir Mrozowicz 338a9867a6SSlawomir Mrozowicz #include <rte_common.h> 348a9867a6SSlawomir Mrozowicz #include <rte_hexdump.h> 358a9867a6SSlawomir Mrozowicz #include <rte_cryptodev.h> 368a9867a6SSlawomir Mrozowicz #include <rte_cryptodev_pmd.h> 378a9867a6SSlawomir Mrozowicz #include <rte_vdev.h> 388a9867a6SSlawomir Mrozowicz #include <rte_malloc.h> 398a9867a6SSlawomir Mrozowicz #include <rte_cpuflags.h> 408a9867a6SSlawomir Mrozowicz 418a9867a6SSlawomir Mrozowicz #include <openssl/evp.h> 428a9867a6SSlawomir Mrozowicz 438a9867a6SSlawomir Mrozowicz #include "rte_openssl_pmd_private.h" 448a9867a6SSlawomir Mrozowicz 458a9867a6SSlawomir Mrozowicz static int cryptodev_openssl_remove(const char *name); 468a9867a6SSlawomir Mrozowicz 478a9867a6SSlawomir Mrozowicz /*----------------------------------------------------------------------------*/ 488a9867a6SSlawomir Mrozowicz 498a9867a6SSlawomir Mrozowicz /** 508a9867a6SSlawomir Mrozowicz * Global static parameter used to create a unique name for each 518a9867a6SSlawomir Mrozowicz * OPENSSL crypto device. 528a9867a6SSlawomir Mrozowicz */ 538a9867a6SSlawomir Mrozowicz static unsigned int unique_name_id; 548a9867a6SSlawomir Mrozowicz 558a9867a6SSlawomir Mrozowicz static inline int 568a9867a6SSlawomir Mrozowicz create_unique_device_name(char *name, size_t size) 578a9867a6SSlawomir Mrozowicz { 588a9867a6SSlawomir Mrozowicz int ret; 598a9867a6SSlawomir Mrozowicz 608a9867a6SSlawomir Mrozowicz if (name == NULL) 618a9867a6SSlawomir Mrozowicz return -EINVAL; 628a9867a6SSlawomir Mrozowicz 638a9867a6SSlawomir Mrozowicz ret = snprintf(name, size, "%s_%u", 648a9867a6SSlawomir Mrozowicz RTE_STR(CRYPTODEV_NAME_OPENSSL_PMD), 658a9867a6SSlawomir Mrozowicz unique_name_id++); 668a9867a6SSlawomir Mrozowicz if (ret < 0) 678a9867a6SSlawomir Mrozowicz return ret; 688a9867a6SSlawomir Mrozowicz return 0; 698a9867a6SSlawomir Mrozowicz } 708a9867a6SSlawomir Mrozowicz 718a9867a6SSlawomir Mrozowicz /** 728a9867a6SSlawomir Mrozowicz * Increment counter by 1 738a9867a6SSlawomir Mrozowicz * Counter is 64 bit array, big-endian 748a9867a6SSlawomir Mrozowicz */ 758a9867a6SSlawomir Mrozowicz static void 768a9867a6SSlawomir Mrozowicz ctr_inc(uint8_t *ctr) 778a9867a6SSlawomir Mrozowicz { 788a9867a6SSlawomir Mrozowicz uint64_t *ctr64 = (uint64_t *)ctr; 798a9867a6SSlawomir Mrozowicz 808a9867a6SSlawomir Mrozowicz *ctr64 = __builtin_bswap64(*ctr64); 818a9867a6SSlawomir Mrozowicz (*ctr64)++; 828a9867a6SSlawomir Mrozowicz *ctr64 = __builtin_bswap64(*ctr64); 838a9867a6SSlawomir Mrozowicz } 848a9867a6SSlawomir Mrozowicz 858a9867a6SSlawomir Mrozowicz /* 868a9867a6SSlawomir Mrozowicz *------------------------------------------------------------------------------ 878a9867a6SSlawomir Mrozowicz * Session Prepare 888a9867a6SSlawomir Mrozowicz *------------------------------------------------------------------------------ 898a9867a6SSlawomir Mrozowicz */ 908a9867a6SSlawomir Mrozowicz 918a9867a6SSlawomir Mrozowicz /** Get xform chain order */ 928a9867a6SSlawomir Mrozowicz static enum openssl_chain_order 938a9867a6SSlawomir Mrozowicz openssl_get_chain_order(const struct rte_crypto_sym_xform *xform) 948a9867a6SSlawomir Mrozowicz { 958a9867a6SSlawomir Mrozowicz enum openssl_chain_order res = OPENSSL_CHAIN_NOT_SUPPORTED; 968a9867a6SSlawomir Mrozowicz 978a9867a6SSlawomir Mrozowicz if (xform != NULL) { 988a9867a6SSlawomir Mrozowicz if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { 998a9867a6SSlawomir Mrozowicz if (xform->next == NULL) 1008a9867a6SSlawomir Mrozowicz res = OPENSSL_CHAIN_ONLY_AUTH; 1018a9867a6SSlawomir Mrozowicz else if (xform->next->type == 1028a9867a6SSlawomir Mrozowicz RTE_CRYPTO_SYM_XFORM_CIPHER) 1038a9867a6SSlawomir Mrozowicz res = OPENSSL_CHAIN_AUTH_CIPHER; 1048a9867a6SSlawomir Mrozowicz } 1058a9867a6SSlawomir Mrozowicz if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { 1068a9867a6SSlawomir Mrozowicz if (xform->next == NULL) 1078a9867a6SSlawomir Mrozowicz res = OPENSSL_CHAIN_ONLY_CIPHER; 1088a9867a6SSlawomir Mrozowicz else if (xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) 1098a9867a6SSlawomir Mrozowicz res = OPENSSL_CHAIN_CIPHER_AUTH; 1108a9867a6SSlawomir Mrozowicz } 1118a9867a6SSlawomir Mrozowicz } 1128a9867a6SSlawomir Mrozowicz 1138a9867a6SSlawomir Mrozowicz return res; 1148a9867a6SSlawomir Mrozowicz } 1158a9867a6SSlawomir Mrozowicz 1168a9867a6SSlawomir Mrozowicz /** Get session cipher key from input cipher key */ 1178a9867a6SSlawomir Mrozowicz static void 1188a9867a6SSlawomir Mrozowicz get_cipher_key(uint8_t *input_key, int keylen, uint8_t *session_key) 1198a9867a6SSlawomir Mrozowicz { 1208a9867a6SSlawomir Mrozowicz memcpy(session_key, input_key, keylen); 1218a9867a6SSlawomir Mrozowicz } 1228a9867a6SSlawomir Mrozowicz 1238a9867a6SSlawomir Mrozowicz /** Get key ede 24 bytes standard from input key */ 1248a9867a6SSlawomir Mrozowicz static int 1258a9867a6SSlawomir Mrozowicz get_cipher_key_ede(uint8_t *key, int keylen, uint8_t *key_ede) 1268a9867a6SSlawomir Mrozowicz { 1278a9867a6SSlawomir Mrozowicz int res = 0; 1288a9867a6SSlawomir Mrozowicz 1298a9867a6SSlawomir Mrozowicz /* Initialize keys - 24 bytes: [key1-key2-key3] */ 1308a9867a6SSlawomir Mrozowicz switch (keylen) { 1318a9867a6SSlawomir Mrozowicz case 24: 1328a9867a6SSlawomir Mrozowicz memcpy(key_ede, key, 24); 1338a9867a6SSlawomir Mrozowicz break; 1348a9867a6SSlawomir Mrozowicz case 16: 1358a9867a6SSlawomir Mrozowicz /* K3 = K1 */ 1368a9867a6SSlawomir Mrozowicz memcpy(key_ede, key, 16); 1378a9867a6SSlawomir Mrozowicz memcpy(key_ede + 16, key, 8); 1388a9867a6SSlawomir Mrozowicz break; 1398a9867a6SSlawomir Mrozowicz case 8: 1408a9867a6SSlawomir Mrozowicz /* K1 = K2 = K3 (DES compatibility) */ 1418a9867a6SSlawomir Mrozowicz memcpy(key_ede, key, 8); 1428a9867a6SSlawomir Mrozowicz memcpy(key_ede + 8, key, 8); 1438a9867a6SSlawomir Mrozowicz memcpy(key_ede + 16, key, 8); 1448a9867a6SSlawomir Mrozowicz break; 1458a9867a6SSlawomir Mrozowicz default: 1468a9867a6SSlawomir Mrozowicz OPENSSL_LOG_ERR("Unsupported key size"); 1478a9867a6SSlawomir Mrozowicz res = -EINVAL; 1488a9867a6SSlawomir Mrozowicz } 1498a9867a6SSlawomir Mrozowicz 1508a9867a6SSlawomir Mrozowicz return res; 1518a9867a6SSlawomir Mrozowicz } 1528a9867a6SSlawomir Mrozowicz 1538a9867a6SSlawomir Mrozowicz /** Get adequate openssl function for input cipher algorithm */ 1548a9867a6SSlawomir Mrozowicz static uint8_t 1558a9867a6SSlawomir Mrozowicz get_cipher_algo(enum rte_crypto_cipher_algorithm sess_algo, size_t keylen, 1568a9867a6SSlawomir Mrozowicz const EVP_CIPHER **algo) 1578a9867a6SSlawomir Mrozowicz { 1588a9867a6SSlawomir Mrozowicz int res = 0; 1598a9867a6SSlawomir Mrozowicz 1608a9867a6SSlawomir Mrozowicz if (algo != NULL) { 1618a9867a6SSlawomir Mrozowicz switch (sess_algo) { 1628a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_3DES_CBC: 1638a9867a6SSlawomir Mrozowicz switch (keylen) { 1648a9867a6SSlawomir Mrozowicz case 16: 1658a9867a6SSlawomir Mrozowicz *algo = EVP_des_ede_cbc(); 1668a9867a6SSlawomir Mrozowicz break; 1678a9867a6SSlawomir Mrozowicz case 24: 1688a9867a6SSlawomir Mrozowicz *algo = EVP_des_ede3_cbc(); 1698a9867a6SSlawomir Mrozowicz break; 1708a9867a6SSlawomir Mrozowicz default: 1718a9867a6SSlawomir Mrozowicz res = -EINVAL; 1728a9867a6SSlawomir Mrozowicz } 1738a9867a6SSlawomir Mrozowicz break; 1748a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_3DES_CTR: 1758a9867a6SSlawomir Mrozowicz break; 1768a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_AES_CBC: 1778a9867a6SSlawomir Mrozowicz switch (keylen) { 1788a9867a6SSlawomir Mrozowicz case 16: 1798a9867a6SSlawomir Mrozowicz *algo = EVP_aes_128_cbc(); 1808a9867a6SSlawomir Mrozowicz break; 1818a9867a6SSlawomir Mrozowicz case 24: 1828a9867a6SSlawomir Mrozowicz *algo = EVP_aes_192_cbc(); 1838a9867a6SSlawomir Mrozowicz break; 1848a9867a6SSlawomir Mrozowicz case 32: 1858a9867a6SSlawomir Mrozowicz *algo = EVP_aes_256_cbc(); 1868a9867a6SSlawomir Mrozowicz break; 1878a9867a6SSlawomir Mrozowicz default: 1888a9867a6SSlawomir Mrozowicz res = -EINVAL; 1898a9867a6SSlawomir Mrozowicz } 1908a9867a6SSlawomir Mrozowicz break; 1918a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_AES_CTR: 1928a9867a6SSlawomir Mrozowicz switch (keylen) { 1938a9867a6SSlawomir Mrozowicz case 16: 1948a9867a6SSlawomir Mrozowicz *algo = EVP_aes_128_ctr(); 1958a9867a6SSlawomir Mrozowicz break; 1968a9867a6SSlawomir Mrozowicz case 24: 1978a9867a6SSlawomir Mrozowicz *algo = EVP_aes_192_ctr(); 1988a9867a6SSlawomir Mrozowicz break; 1998a9867a6SSlawomir Mrozowicz case 32: 2008a9867a6SSlawomir Mrozowicz *algo = EVP_aes_256_ctr(); 2018a9867a6SSlawomir Mrozowicz break; 2028a9867a6SSlawomir Mrozowicz default: 2038a9867a6SSlawomir Mrozowicz res = -EINVAL; 2048a9867a6SSlawomir Mrozowicz } 2058a9867a6SSlawomir Mrozowicz break; 2068a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_AES_GCM: 2078a9867a6SSlawomir Mrozowicz switch (keylen) { 2088a9867a6SSlawomir Mrozowicz case 16: 2098a9867a6SSlawomir Mrozowicz *algo = EVP_aes_128_gcm(); 2108a9867a6SSlawomir Mrozowicz break; 2118a9867a6SSlawomir Mrozowicz case 24: 2128a9867a6SSlawomir Mrozowicz *algo = EVP_aes_192_gcm(); 2138a9867a6SSlawomir Mrozowicz break; 2148a9867a6SSlawomir Mrozowicz case 32: 2158a9867a6SSlawomir Mrozowicz *algo = EVP_aes_256_gcm(); 2168a9867a6SSlawomir Mrozowicz break; 2178a9867a6SSlawomir Mrozowicz default: 2188a9867a6SSlawomir Mrozowicz res = -EINVAL; 2198a9867a6SSlawomir Mrozowicz } 2208a9867a6SSlawomir Mrozowicz break; 2218a9867a6SSlawomir Mrozowicz default: 2228a9867a6SSlawomir Mrozowicz res = -EINVAL; 2238a9867a6SSlawomir Mrozowicz break; 2248a9867a6SSlawomir Mrozowicz } 2258a9867a6SSlawomir Mrozowicz } else { 2268a9867a6SSlawomir Mrozowicz res = -EINVAL; 2278a9867a6SSlawomir Mrozowicz } 2288a9867a6SSlawomir Mrozowicz 2298a9867a6SSlawomir Mrozowicz return res; 2308a9867a6SSlawomir Mrozowicz } 2318a9867a6SSlawomir Mrozowicz 2328a9867a6SSlawomir Mrozowicz /** Get adequate openssl function for input auth algorithm */ 2338a9867a6SSlawomir Mrozowicz static uint8_t 2348a9867a6SSlawomir Mrozowicz get_auth_algo(enum rte_crypto_auth_algorithm sessalgo, 2358a9867a6SSlawomir Mrozowicz const EVP_MD **algo) 2368a9867a6SSlawomir Mrozowicz { 2378a9867a6SSlawomir Mrozowicz int res = 0; 2388a9867a6SSlawomir Mrozowicz 2398a9867a6SSlawomir Mrozowicz if (algo != NULL) { 2408a9867a6SSlawomir Mrozowicz switch (sessalgo) { 2418a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_MD5: 2428a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_MD5_HMAC: 2438a9867a6SSlawomir Mrozowicz *algo = EVP_md5(); 2448a9867a6SSlawomir Mrozowicz break; 2458a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA1: 2468a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA1_HMAC: 2478a9867a6SSlawomir Mrozowicz *algo = EVP_sha1(); 2488a9867a6SSlawomir Mrozowicz break; 2498a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA224: 2508a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA224_HMAC: 2518a9867a6SSlawomir Mrozowicz *algo = EVP_sha224(); 2528a9867a6SSlawomir Mrozowicz break; 2538a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA256: 2548a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA256_HMAC: 2558a9867a6SSlawomir Mrozowicz *algo = EVP_sha256(); 2568a9867a6SSlawomir Mrozowicz break; 2578a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA384: 2588a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA384_HMAC: 2598a9867a6SSlawomir Mrozowicz *algo = EVP_sha384(); 2608a9867a6SSlawomir Mrozowicz break; 2618a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA512: 2628a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA512_HMAC: 2638a9867a6SSlawomir Mrozowicz *algo = EVP_sha512(); 2648a9867a6SSlawomir Mrozowicz break; 2658a9867a6SSlawomir Mrozowicz default: 2668a9867a6SSlawomir Mrozowicz res = -EINVAL; 2678a9867a6SSlawomir Mrozowicz break; 2688a9867a6SSlawomir Mrozowicz } 2698a9867a6SSlawomir Mrozowicz } else { 2708a9867a6SSlawomir Mrozowicz res = -EINVAL; 2718a9867a6SSlawomir Mrozowicz } 2728a9867a6SSlawomir Mrozowicz 2738a9867a6SSlawomir Mrozowicz return res; 2748a9867a6SSlawomir Mrozowicz } 2758a9867a6SSlawomir Mrozowicz 2768a9867a6SSlawomir Mrozowicz /** Set session cipher parameters */ 2778a9867a6SSlawomir Mrozowicz static int 2788a9867a6SSlawomir Mrozowicz openssl_set_session_cipher_parameters(struct openssl_session *sess, 2798a9867a6SSlawomir Mrozowicz const struct rte_crypto_sym_xform *xform) 2808a9867a6SSlawomir Mrozowicz { 2818a9867a6SSlawomir Mrozowicz /* Select cipher direction */ 2828a9867a6SSlawomir Mrozowicz sess->cipher.direction = xform->cipher.op; 2838a9867a6SSlawomir Mrozowicz /* Select cipher key */ 2848a9867a6SSlawomir Mrozowicz sess->cipher.key.length = xform->cipher.key.length; 2858a9867a6SSlawomir Mrozowicz 2868a9867a6SSlawomir Mrozowicz /* Select cipher algo */ 2878a9867a6SSlawomir Mrozowicz switch (xform->cipher.algo) { 2888a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_3DES_CBC: 2898a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_AES_CBC: 2908a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_AES_CTR: 2918a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_AES_GCM: 2928a9867a6SSlawomir Mrozowicz sess->cipher.mode = OPENSSL_CIPHER_LIB; 2938a9867a6SSlawomir Mrozowicz sess->cipher.algo = xform->cipher.algo; 2948a9867a6SSlawomir Mrozowicz sess->cipher.ctx = EVP_CIPHER_CTX_new(); 2958a9867a6SSlawomir Mrozowicz 2968a9867a6SSlawomir Mrozowicz if (get_cipher_algo(sess->cipher.algo, sess->cipher.key.length, 2978a9867a6SSlawomir Mrozowicz &sess->cipher.evp_algo) != 0) 2988a9867a6SSlawomir Mrozowicz return -EINVAL; 2998a9867a6SSlawomir Mrozowicz 3008a9867a6SSlawomir Mrozowicz get_cipher_key(xform->cipher.key.data, sess->cipher.key.length, 3018a9867a6SSlawomir Mrozowicz sess->cipher.key.data); 3028a9867a6SSlawomir Mrozowicz 3038a9867a6SSlawomir Mrozowicz break; 3048a9867a6SSlawomir Mrozowicz 3058a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_CIPHER_3DES_CTR: 3068a9867a6SSlawomir Mrozowicz sess->cipher.mode = OPENSSL_CIPHER_DES3CTR; 3078a9867a6SSlawomir Mrozowicz sess->cipher.ctx = EVP_CIPHER_CTX_new(); 3088a9867a6SSlawomir Mrozowicz 3098a9867a6SSlawomir Mrozowicz if (get_cipher_key_ede(xform->cipher.key.data, 3108a9867a6SSlawomir Mrozowicz sess->cipher.key.length, 3118a9867a6SSlawomir Mrozowicz sess->cipher.key.data) != 0) 3128a9867a6SSlawomir Mrozowicz return -EINVAL; 3138a9867a6SSlawomir Mrozowicz break; 3148a9867a6SSlawomir Mrozowicz 3158a9867a6SSlawomir Mrozowicz default: 3168a9867a6SSlawomir Mrozowicz sess->cipher.algo = RTE_CRYPTO_CIPHER_NULL; 3178a9867a6SSlawomir Mrozowicz return -EINVAL; 3188a9867a6SSlawomir Mrozowicz } 3198a9867a6SSlawomir Mrozowicz 3208a9867a6SSlawomir Mrozowicz return 0; 3218a9867a6SSlawomir Mrozowicz } 3228a9867a6SSlawomir Mrozowicz 3238a9867a6SSlawomir Mrozowicz /* Set session auth parameters */ 3248a9867a6SSlawomir Mrozowicz static int 3258a9867a6SSlawomir Mrozowicz openssl_set_session_auth_parameters(struct openssl_session *sess, 3268a9867a6SSlawomir Mrozowicz const struct rte_crypto_sym_xform *xform) 3278a9867a6SSlawomir Mrozowicz { 3288a9867a6SSlawomir Mrozowicz /* Select auth generate/verify */ 3298a9867a6SSlawomir Mrozowicz sess->auth.operation = xform->auth.op; 3308a9867a6SSlawomir Mrozowicz sess->auth.algo = xform->auth.algo; 3318a9867a6SSlawomir Mrozowicz 3328a9867a6SSlawomir Mrozowicz /* Select auth algo */ 3338a9867a6SSlawomir Mrozowicz switch (xform->auth.algo) { 3348a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_AES_GMAC: 3358a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_AES_GCM: 3368a9867a6SSlawomir Mrozowicz /* Check additional condition for AES_GMAC/GCM */ 3378a9867a6SSlawomir Mrozowicz if (sess->cipher.algo != RTE_CRYPTO_CIPHER_AES_GCM) 3388a9867a6SSlawomir Mrozowicz return -EINVAL; 3398a9867a6SSlawomir Mrozowicz sess->chain_order = OPENSSL_CHAIN_COMBINED; 3408a9867a6SSlawomir Mrozowicz break; 3418a9867a6SSlawomir Mrozowicz 3428a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_MD5: 3438a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA1: 3448a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA224: 3458a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA256: 3468a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA384: 3478a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA512: 3488a9867a6SSlawomir Mrozowicz sess->auth.mode = OPENSSL_AUTH_AS_AUTH; 3498a9867a6SSlawomir Mrozowicz if (get_auth_algo(xform->auth.algo, 3508a9867a6SSlawomir Mrozowicz &sess->auth.auth.evp_algo) != 0) 3518a9867a6SSlawomir Mrozowicz return -EINVAL; 3528a9867a6SSlawomir Mrozowicz sess->auth.auth.ctx = EVP_MD_CTX_create(); 3538a9867a6SSlawomir Mrozowicz break; 3548a9867a6SSlawomir Mrozowicz 3558a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_MD5_HMAC: 3568a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA1_HMAC: 3578a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA224_HMAC: 3588a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA256_HMAC: 3598a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA384_HMAC: 3608a9867a6SSlawomir Mrozowicz case RTE_CRYPTO_AUTH_SHA512_HMAC: 3618a9867a6SSlawomir Mrozowicz sess->auth.mode = OPENSSL_AUTH_AS_HMAC; 3628a9867a6SSlawomir Mrozowicz sess->auth.hmac.ctx = EVP_MD_CTX_create(); 3638a9867a6SSlawomir Mrozowicz if (get_auth_algo(xform->auth.algo, 3648a9867a6SSlawomir Mrozowicz &sess->auth.hmac.evp_algo) != 0) 3658a9867a6SSlawomir Mrozowicz return -EINVAL; 3668a9867a6SSlawomir Mrozowicz sess->auth.hmac.pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, 3678a9867a6SSlawomir Mrozowicz xform->auth.key.data, xform->auth.key.length); 3688a9867a6SSlawomir Mrozowicz break; 3698a9867a6SSlawomir Mrozowicz 3708a9867a6SSlawomir Mrozowicz default: 3718a9867a6SSlawomir Mrozowicz return -EINVAL; 3728a9867a6SSlawomir Mrozowicz } 3738a9867a6SSlawomir Mrozowicz 3748a9867a6SSlawomir Mrozowicz return 0; 3758a9867a6SSlawomir Mrozowicz } 3768a9867a6SSlawomir Mrozowicz 3778a9867a6SSlawomir Mrozowicz /** Parse crypto xform chain and set private session parameters */ 3788a9867a6SSlawomir Mrozowicz int 3798a9867a6SSlawomir Mrozowicz openssl_set_session_parameters(struct openssl_session *sess, 3808a9867a6SSlawomir Mrozowicz const struct rte_crypto_sym_xform *xform) 3818a9867a6SSlawomir Mrozowicz { 3828a9867a6SSlawomir Mrozowicz const struct rte_crypto_sym_xform *cipher_xform = NULL; 3838a9867a6SSlawomir Mrozowicz const struct rte_crypto_sym_xform *auth_xform = NULL; 3848a9867a6SSlawomir Mrozowicz 3858a9867a6SSlawomir Mrozowicz sess->chain_order = openssl_get_chain_order(xform); 3868a9867a6SSlawomir Mrozowicz switch (sess->chain_order) { 3878a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_ONLY_CIPHER: 3888a9867a6SSlawomir Mrozowicz cipher_xform = xform; 3898a9867a6SSlawomir Mrozowicz break; 3908a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_ONLY_AUTH: 3918a9867a6SSlawomir Mrozowicz auth_xform = xform; 3928a9867a6SSlawomir Mrozowicz break; 3938a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_CIPHER_AUTH: 3948a9867a6SSlawomir Mrozowicz cipher_xform = xform; 3958a9867a6SSlawomir Mrozowicz auth_xform = xform->next; 3968a9867a6SSlawomir Mrozowicz break; 3978a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_AUTH_CIPHER: 3988a9867a6SSlawomir Mrozowicz auth_xform = xform; 3998a9867a6SSlawomir Mrozowicz cipher_xform = xform->next; 4008a9867a6SSlawomir Mrozowicz break; 4018a9867a6SSlawomir Mrozowicz default: 4028a9867a6SSlawomir Mrozowicz return -EINVAL; 4038a9867a6SSlawomir Mrozowicz } 4048a9867a6SSlawomir Mrozowicz 4058a9867a6SSlawomir Mrozowicz /* cipher_xform must be check before auth_xform */ 4068a9867a6SSlawomir Mrozowicz if (cipher_xform) { 4078a9867a6SSlawomir Mrozowicz if (openssl_set_session_cipher_parameters( 4088a9867a6SSlawomir Mrozowicz sess, cipher_xform)) { 4098a9867a6SSlawomir Mrozowicz OPENSSL_LOG_ERR( 4108a9867a6SSlawomir Mrozowicz "Invalid/unsupported cipher parameters"); 4118a9867a6SSlawomir Mrozowicz return -EINVAL; 4128a9867a6SSlawomir Mrozowicz } 4138a9867a6SSlawomir Mrozowicz } 4148a9867a6SSlawomir Mrozowicz 4158a9867a6SSlawomir Mrozowicz if (auth_xform) { 4168a9867a6SSlawomir Mrozowicz if (openssl_set_session_auth_parameters(sess, auth_xform)) { 4178a9867a6SSlawomir Mrozowicz OPENSSL_LOG_ERR( 4188a9867a6SSlawomir Mrozowicz "Invalid/unsupported auth parameters"); 4198a9867a6SSlawomir Mrozowicz return -EINVAL; 4208a9867a6SSlawomir Mrozowicz } 4218a9867a6SSlawomir Mrozowicz } 4228a9867a6SSlawomir Mrozowicz 4238a9867a6SSlawomir Mrozowicz return 0; 4248a9867a6SSlawomir Mrozowicz } 4258a9867a6SSlawomir Mrozowicz 4268a9867a6SSlawomir Mrozowicz /** Reset private session parameters */ 4278a9867a6SSlawomir Mrozowicz void 4288a9867a6SSlawomir Mrozowicz openssl_reset_session(struct openssl_session *sess) 4298a9867a6SSlawomir Mrozowicz { 4308a9867a6SSlawomir Mrozowicz EVP_CIPHER_CTX_free(sess->cipher.ctx); 4318a9867a6SSlawomir Mrozowicz 4328a9867a6SSlawomir Mrozowicz switch (sess->auth.mode) { 4338a9867a6SSlawomir Mrozowicz case OPENSSL_AUTH_AS_AUTH: 4348a9867a6SSlawomir Mrozowicz EVP_MD_CTX_destroy(sess->auth.auth.ctx); 4358a9867a6SSlawomir Mrozowicz break; 4368a9867a6SSlawomir Mrozowicz case OPENSSL_AUTH_AS_HMAC: 4378a9867a6SSlawomir Mrozowicz EVP_PKEY_free(sess->auth.hmac.pkey); 4388a9867a6SSlawomir Mrozowicz EVP_MD_CTX_destroy(sess->auth.hmac.ctx); 4398a9867a6SSlawomir Mrozowicz break; 4408a9867a6SSlawomir Mrozowicz default: 4418a9867a6SSlawomir Mrozowicz break; 4428a9867a6SSlawomir Mrozowicz } 4438a9867a6SSlawomir Mrozowicz } 4448a9867a6SSlawomir Mrozowicz 4458a9867a6SSlawomir Mrozowicz /** Provide session for operation */ 4468a9867a6SSlawomir Mrozowicz static struct openssl_session * 4478a9867a6SSlawomir Mrozowicz get_session(struct openssl_qp *qp, struct rte_crypto_op *op) 4488a9867a6SSlawomir Mrozowicz { 4498a9867a6SSlawomir Mrozowicz struct openssl_session *sess = NULL; 4508a9867a6SSlawomir Mrozowicz 4518a9867a6SSlawomir Mrozowicz if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) { 4528a9867a6SSlawomir Mrozowicz /* get existing session */ 4538a9867a6SSlawomir Mrozowicz if (likely(op->sym->session != NULL && 4548a9867a6SSlawomir Mrozowicz op->sym->session->dev_type == 4558a9867a6SSlawomir Mrozowicz RTE_CRYPTODEV_OPENSSL_PMD)) 4568a9867a6SSlawomir Mrozowicz sess = (struct openssl_session *) 4578a9867a6SSlawomir Mrozowicz op->sym->session->_private; 4588a9867a6SSlawomir Mrozowicz } else { 4598a9867a6SSlawomir Mrozowicz /* provide internal session */ 4608a9867a6SSlawomir Mrozowicz void *_sess = NULL; 4618a9867a6SSlawomir Mrozowicz 4628a9867a6SSlawomir Mrozowicz if (!rte_mempool_get(qp->sess_mp, (void **)&_sess)) { 4638a9867a6SSlawomir Mrozowicz sess = (struct openssl_session *) 4648a9867a6SSlawomir Mrozowicz ((struct rte_cryptodev_sym_session *)_sess) 4658a9867a6SSlawomir Mrozowicz ->_private; 4668a9867a6SSlawomir Mrozowicz 4678a9867a6SSlawomir Mrozowicz if (unlikely(openssl_set_session_parameters( 4688a9867a6SSlawomir Mrozowicz sess, op->sym->xform) != 0)) { 4698a9867a6SSlawomir Mrozowicz rte_mempool_put(qp->sess_mp, _sess); 4708a9867a6SSlawomir Mrozowicz sess = NULL; 4718a9867a6SSlawomir Mrozowicz } else 4728a9867a6SSlawomir Mrozowicz op->sym->session = _sess; 4738a9867a6SSlawomir Mrozowicz } 4748a9867a6SSlawomir Mrozowicz } 4758a9867a6SSlawomir Mrozowicz 4768a9867a6SSlawomir Mrozowicz if (sess == NULL) 4778a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; 4788a9867a6SSlawomir Mrozowicz 4798a9867a6SSlawomir Mrozowicz return sess; 4808a9867a6SSlawomir Mrozowicz } 4818a9867a6SSlawomir Mrozowicz 4828a9867a6SSlawomir Mrozowicz /* 4838a9867a6SSlawomir Mrozowicz *------------------------------------------------------------------------------ 4848a9867a6SSlawomir Mrozowicz * Process Operations 4858a9867a6SSlawomir Mrozowicz *------------------------------------------------------------------------------ 4868a9867a6SSlawomir Mrozowicz */ 4878a9867a6SSlawomir Mrozowicz 4888a9867a6SSlawomir Mrozowicz /** Process standard openssl cipher encryption */ 4898a9867a6SSlawomir Mrozowicz static int 4908a9867a6SSlawomir Mrozowicz process_openssl_cipher_encrypt(uint8_t *src, uint8_t *dst, 4918a9867a6SSlawomir Mrozowicz uint8_t *iv, uint8_t *key, int srclen, 4928a9867a6SSlawomir Mrozowicz EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo) 4938a9867a6SSlawomir Mrozowicz { 4948a9867a6SSlawomir Mrozowicz int dstlen, totlen; 4958a9867a6SSlawomir Mrozowicz 4968a9867a6SSlawomir Mrozowicz if (EVP_EncryptInit_ex(ctx, algo, NULL, key, iv) <= 0) 4978a9867a6SSlawomir Mrozowicz goto process_cipher_encrypt_err; 4988a9867a6SSlawomir Mrozowicz 499*6b283a03SPiotr Azarewicz EVP_CIPHER_CTX_set_padding(ctx, 0); 500*6b283a03SPiotr Azarewicz 5018a9867a6SSlawomir Mrozowicz if (EVP_EncryptUpdate(ctx, dst, &dstlen, src, srclen) <= 0) 5028a9867a6SSlawomir Mrozowicz goto process_cipher_encrypt_err; 5038a9867a6SSlawomir Mrozowicz 5048a9867a6SSlawomir Mrozowicz if (EVP_EncryptFinal_ex(ctx, dst + dstlen, &totlen) <= 0) 5058a9867a6SSlawomir Mrozowicz goto process_cipher_encrypt_err; 5068a9867a6SSlawomir Mrozowicz 5078a9867a6SSlawomir Mrozowicz return 0; 5088a9867a6SSlawomir Mrozowicz 5098a9867a6SSlawomir Mrozowicz process_cipher_encrypt_err: 5108a9867a6SSlawomir Mrozowicz OPENSSL_LOG_ERR("Process openssl cipher encrypt failed"); 5118a9867a6SSlawomir Mrozowicz return -EINVAL; 5128a9867a6SSlawomir Mrozowicz } 5138a9867a6SSlawomir Mrozowicz 5148a9867a6SSlawomir Mrozowicz /** Process standard openssl cipher decryption */ 5158a9867a6SSlawomir Mrozowicz static int 5168a9867a6SSlawomir Mrozowicz process_openssl_cipher_decrypt(uint8_t *src, uint8_t *dst, 5178a9867a6SSlawomir Mrozowicz uint8_t *iv, uint8_t *key, int srclen, 5188a9867a6SSlawomir Mrozowicz EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo) 5198a9867a6SSlawomir Mrozowicz { 5208a9867a6SSlawomir Mrozowicz int dstlen, totlen; 5218a9867a6SSlawomir Mrozowicz 5228a9867a6SSlawomir Mrozowicz if (EVP_DecryptInit_ex(ctx, algo, NULL, key, iv) <= 0) 5238a9867a6SSlawomir Mrozowicz goto process_cipher_decrypt_err; 5248a9867a6SSlawomir Mrozowicz 5258a9867a6SSlawomir Mrozowicz if (EVP_CIPHER_CTX_set_padding(ctx, 0) <= 0) 5268a9867a6SSlawomir Mrozowicz goto process_cipher_decrypt_err; 5278a9867a6SSlawomir Mrozowicz 5288a9867a6SSlawomir Mrozowicz if (EVP_DecryptUpdate(ctx, dst, &dstlen, src, srclen) <= 0) 5298a9867a6SSlawomir Mrozowicz goto process_cipher_decrypt_err; 5308a9867a6SSlawomir Mrozowicz 5318a9867a6SSlawomir Mrozowicz if (EVP_DecryptFinal_ex(ctx, dst + dstlen, &totlen) <= 0) 5328a9867a6SSlawomir Mrozowicz goto process_cipher_decrypt_err; 5338a9867a6SSlawomir Mrozowicz 5348a9867a6SSlawomir Mrozowicz return 0; 5358a9867a6SSlawomir Mrozowicz 5368a9867a6SSlawomir Mrozowicz process_cipher_decrypt_err: 5378a9867a6SSlawomir Mrozowicz OPENSSL_LOG_ERR("Process openssl cipher decrypt failed"); 5388a9867a6SSlawomir Mrozowicz return -EINVAL; 5398a9867a6SSlawomir Mrozowicz } 5408a9867a6SSlawomir Mrozowicz 5418a9867a6SSlawomir Mrozowicz /** Process cipher des 3 ctr encryption, decryption algorithm */ 5428a9867a6SSlawomir Mrozowicz static int 5438a9867a6SSlawomir Mrozowicz process_openssl_cipher_des3ctr(uint8_t *src, uint8_t *dst, 5448a9867a6SSlawomir Mrozowicz uint8_t *iv, uint8_t *key, int srclen, EVP_CIPHER_CTX *ctx) 5458a9867a6SSlawomir Mrozowicz { 5468a9867a6SSlawomir Mrozowicz uint8_t ebuf[8], ctr[8]; 5478a9867a6SSlawomir Mrozowicz int unused, n; 5488a9867a6SSlawomir Mrozowicz 5498a9867a6SSlawomir Mrozowicz /* We use 3DES encryption also for decryption. 5508a9867a6SSlawomir Mrozowicz * IV is not important for 3DES ecb 5518a9867a6SSlawomir Mrozowicz */ 5528a9867a6SSlawomir Mrozowicz if (EVP_EncryptInit_ex(ctx, EVP_des_ede3_ecb(), NULL, key, NULL) <= 0) 5538a9867a6SSlawomir Mrozowicz goto process_cipher_des3ctr_err; 5548a9867a6SSlawomir Mrozowicz 5558a9867a6SSlawomir Mrozowicz memcpy(ctr, iv, 8); 5568a9867a6SSlawomir Mrozowicz n = 0; 5578a9867a6SSlawomir Mrozowicz 5588a9867a6SSlawomir Mrozowicz while (n < srclen) { 5598a9867a6SSlawomir Mrozowicz if (n % 8 == 0) { 5608a9867a6SSlawomir Mrozowicz if (EVP_EncryptUpdate(ctx, 5618a9867a6SSlawomir Mrozowicz (unsigned char *)&ebuf, &unused, 5628a9867a6SSlawomir Mrozowicz (const unsigned char *)&ctr, 8) <= 0) 5638a9867a6SSlawomir Mrozowicz goto process_cipher_des3ctr_err; 5648a9867a6SSlawomir Mrozowicz ctr_inc(ctr); 5658a9867a6SSlawomir Mrozowicz } 5668a9867a6SSlawomir Mrozowicz dst[n] = src[n] ^ ebuf[n % 8]; 5678a9867a6SSlawomir Mrozowicz n++; 5688a9867a6SSlawomir Mrozowicz } 5698a9867a6SSlawomir Mrozowicz 5708a9867a6SSlawomir Mrozowicz return 0; 5718a9867a6SSlawomir Mrozowicz 5728a9867a6SSlawomir Mrozowicz process_cipher_des3ctr_err: 5738a9867a6SSlawomir Mrozowicz OPENSSL_LOG_ERR("Process openssl cipher des 3 ede ctr failed"); 5748a9867a6SSlawomir Mrozowicz return -EINVAL; 5758a9867a6SSlawomir Mrozowicz } 5768a9867a6SSlawomir Mrozowicz 5778a9867a6SSlawomir Mrozowicz /** Process auth/encription aes-gcm algorithm */ 5788a9867a6SSlawomir Mrozowicz static int 5798a9867a6SSlawomir Mrozowicz process_openssl_auth_encryption_gcm(uint8_t *src, int srclen, 5808a9867a6SSlawomir Mrozowicz uint8_t *aad, int aadlen, uint8_t *iv, int ivlen, 5818a9867a6SSlawomir Mrozowicz uint8_t *key, uint8_t *dst, uint8_t *tag, 5828a9867a6SSlawomir Mrozowicz EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo) 5838a9867a6SSlawomir Mrozowicz { 5848a9867a6SSlawomir Mrozowicz int len = 0, unused = 0; 5858a9867a6SSlawomir Mrozowicz uint8_t empty[] = {}; 5868a9867a6SSlawomir Mrozowicz 5878a9867a6SSlawomir Mrozowicz if (EVP_EncryptInit_ex(ctx, algo, NULL, NULL, NULL) <= 0) 5888a9867a6SSlawomir Mrozowicz goto process_auth_encryption_gcm_err; 5898a9867a6SSlawomir Mrozowicz 5908a9867a6SSlawomir Mrozowicz if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL) <= 0) 5918a9867a6SSlawomir Mrozowicz goto process_auth_encryption_gcm_err; 5928a9867a6SSlawomir Mrozowicz 5938a9867a6SSlawomir Mrozowicz if (EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv) <= 0) 5948a9867a6SSlawomir Mrozowicz goto process_auth_encryption_gcm_err; 5958a9867a6SSlawomir Mrozowicz 5968a9867a6SSlawomir Mrozowicz if (aadlen > 0) { 5978a9867a6SSlawomir Mrozowicz if (EVP_EncryptUpdate(ctx, NULL, &len, aad, aadlen) <= 0) 5988a9867a6SSlawomir Mrozowicz goto process_auth_encryption_gcm_err; 5998a9867a6SSlawomir Mrozowicz 6008a9867a6SSlawomir Mrozowicz /* Workaround open ssl bug in version less then 1.0.1f */ 6018a9867a6SSlawomir Mrozowicz if (EVP_EncryptUpdate(ctx, empty, &unused, empty, 0) <= 0) 6028a9867a6SSlawomir Mrozowicz goto process_auth_encryption_gcm_err; 6038a9867a6SSlawomir Mrozowicz } 6048a9867a6SSlawomir Mrozowicz 6058a9867a6SSlawomir Mrozowicz if (srclen > 0) 6068a9867a6SSlawomir Mrozowicz if (EVP_EncryptUpdate(ctx, dst, &len, src, srclen) <= 0) 6078a9867a6SSlawomir Mrozowicz goto process_auth_encryption_gcm_err; 6088a9867a6SSlawomir Mrozowicz 6098a9867a6SSlawomir Mrozowicz if (EVP_EncryptFinal_ex(ctx, dst + len, &len) <= 0) 6108a9867a6SSlawomir Mrozowicz goto process_auth_encryption_gcm_err; 6118a9867a6SSlawomir Mrozowicz 6128a9867a6SSlawomir Mrozowicz if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag) <= 0) 6138a9867a6SSlawomir Mrozowicz goto process_auth_encryption_gcm_err; 6148a9867a6SSlawomir Mrozowicz 6158a9867a6SSlawomir Mrozowicz return 0; 6168a9867a6SSlawomir Mrozowicz 6178a9867a6SSlawomir Mrozowicz process_auth_encryption_gcm_err: 6188a9867a6SSlawomir Mrozowicz OPENSSL_LOG_ERR("Process openssl auth encryption gcm failed"); 6198a9867a6SSlawomir Mrozowicz return -EINVAL; 6208a9867a6SSlawomir Mrozowicz } 6218a9867a6SSlawomir Mrozowicz 6228a9867a6SSlawomir Mrozowicz static int 6238a9867a6SSlawomir Mrozowicz process_openssl_auth_decryption_gcm(uint8_t *src, int srclen, 6248a9867a6SSlawomir Mrozowicz uint8_t *aad, int aadlen, uint8_t *iv, int ivlen, 6258a9867a6SSlawomir Mrozowicz uint8_t *key, uint8_t *dst, uint8_t *tag, 6268a9867a6SSlawomir Mrozowicz EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo) 6278a9867a6SSlawomir Mrozowicz { 6288a9867a6SSlawomir Mrozowicz int len = 0, unused = 0; 6298a9867a6SSlawomir Mrozowicz uint8_t empty[] = {}; 6308a9867a6SSlawomir Mrozowicz 6318a9867a6SSlawomir Mrozowicz if (EVP_DecryptInit_ex(ctx, algo, NULL, NULL, NULL) <= 0) 6328a9867a6SSlawomir Mrozowicz goto process_auth_decryption_gcm_err; 6338a9867a6SSlawomir Mrozowicz 6348a9867a6SSlawomir Mrozowicz if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL) <= 0) 6358a9867a6SSlawomir Mrozowicz goto process_auth_decryption_gcm_err; 6368a9867a6SSlawomir Mrozowicz 6378a9867a6SSlawomir Mrozowicz if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag) <= 0) 6388a9867a6SSlawomir Mrozowicz goto process_auth_decryption_gcm_err; 6398a9867a6SSlawomir Mrozowicz 6408a9867a6SSlawomir Mrozowicz if (EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv) <= 0) 6418a9867a6SSlawomir Mrozowicz goto process_auth_decryption_gcm_err; 6428a9867a6SSlawomir Mrozowicz 6438a9867a6SSlawomir Mrozowicz if (aadlen > 0) { 6448a9867a6SSlawomir Mrozowicz if (EVP_DecryptUpdate(ctx, NULL, &len, aad, aadlen) <= 0) 6458a9867a6SSlawomir Mrozowicz goto process_auth_decryption_gcm_err; 6468a9867a6SSlawomir Mrozowicz 6478a9867a6SSlawomir Mrozowicz /* Workaround open ssl bug in version less then 1.0.1f */ 6488a9867a6SSlawomir Mrozowicz if (EVP_DecryptUpdate(ctx, empty, &unused, empty, 0) <= 0) 6498a9867a6SSlawomir Mrozowicz goto process_auth_decryption_gcm_err; 6508a9867a6SSlawomir Mrozowicz } 6518a9867a6SSlawomir Mrozowicz 6528a9867a6SSlawomir Mrozowicz if (srclen > 0) 6538a9867a6SSlawomir Mrozowicz if (EVP_DecryptUpdate(ctx, dst, &len, src, srclen) <= 0) 6548a9867a6SSlawomir Mrozowicz goto process_auth_decryption_gcm_err; 6558a9867a6SSlawomir Mrozowicz 6568a9867a6SSlawomir Mrozowicz if (EVP_DecryptFinal_ex(ctx, dst + len, &len) <= 0) 6578a9867a6SSlawomir Mrozowicz goto process_auth_decryption_gcm_final_err; 6588a9867a6SSlawomir Mrozowicz 6598a9867a6SSlawomir Mrozowicz return 0; 6608a9867a6SSlawomir Mrozowicz 6618a9867a6SSlawomir Mrozowicz process_auth_decryption_gcm_err: 6628a9867a6SSlawomir Mrozowicz OPENSSL_LOG_ERR("Process openssl auth description gcm failed"); 6638a9867a6SSlawomir Mrozowicz return -EINVAL; 6648a9867a6SSlawomir Mrozowicz 6658a9867a6SSlawomir Mrozowicz process_auth_decryption_gcm_final_err: 6668a9867a6SSlawomir Mrozowicz return -EFAULT; 6678a9867a6SSlawomir Mrozowicz } 6688a9867a6SSlawomir Mrozowicz 6698a9867a6SSlawomir Mrozowicz /** Process standard openssl auth algorithms */ 6708a9867a6SSlawomir Mrozowicz static int 6718a9867a6SSlawomir Mrozowicz process_openssl_auth(uint8_t *src, uint8_t *dst, 6728a9867a6SSlawomir Mrozowicz __rte_unused uint8_t *iv, __rte_unused EVP_PKEY * pkey, 6738a9867a6SSlawomir Mrozowicz int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo) 6748a9867a6SSlawomir Mrozowicz { 6758a9867a6SSlawomir Mrozowicz size_t dstlen; 6768a9867a6SSlawomir Mrozowicz 6778a9867a6SSlawomir Mrozowicz if (EVP_DigestInit_ex(ctx, algo, NULL) <= 0) 6788a9867a6SSlawomir Mrozowicz goto process_auth_err; 6798a9867a6SSlawomir Mrozowicz 6808a9867a6SSlawomir Mrozowicz if (EVP_DigestUpdate(ctx, (char *)src, srclen) <= 0) 6818a9867a6SSlawomir Mrozowicz goto process_auth_err; 6828a9867a6SSlawomir Mrozowicz 6838a9867a6SSlawomir Mrozowicz if (EVP_DigestFinal_ex(ctx, dst, (unsigned int *)&dstlen) <= 0) 6848a9867a6SSlawomir Mrozowicz goto process_auth_err; 6858a9867a6SSlawomir Mrozowicz 6868a9867a6SSlawomir Mrozowicz return 0; 6878a9867a6SSlawomir Mrozowicz 6888a9867a6SSlawomir Mrozowicz process_auth_err: 6898a9867a6SSlawomir Mrozowicz OPENSSL_LOG_ERR("Process openssl auth failed"); 6908a9867a6SSlawomir Mrozowicz return -EINVAL; 6918a9867a6SSlawomir Mrozowicz } 6928a9867a6SSlawomir Mrozowicz 6938a9867a6SSlawomir Mrozowicz /** Process standard openssl auth algorithms with hmac */ 6948a9867a6SSlawomir Mrozowicz static int 6958a9867a6SSlawomir Mrozowicz process_openssl_auth_hmac(uint8_t *src, uint8_t *dst, 6968a9867a6SSlawomir Mrozowicz __rte_unused uint8_t *iv, EVP_PKEY *pkey, 6978a9867a6SSlawomir Mrozowicz int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo) 6988a9867a6SSlawomir Mrozowicz { 6998a9867a6SSlawomir Mrozowicz size_t dstlen; 7008a9867a6SSlawomir Mrozowicz 7018a9867a6SSlawomir Mrozowicz if (EVP_DigestSignInit(ctx, NULL, algo, NULL, pkey) <= 0) 7028a9867a6SSlawomir Mrozowicz goto process_auth_err; 7038a9867a6SSlawomir Mrozowicz 7048a9867a6SSlawomir Mrozowicz if (EVP_DigestSignUpdate(ctx, (char *)src, srclen) <= 0) 7058a9867a6SSlawomir Mrozowicz goto process_auth_err; 7068a9867a6SSlawomir Mrozowicz 7078a9867a6SSlawomir Mrozowicz if (EVP_DigestSignFinal(ctx, dst, &dstlen) <= 0) 7088a9867a6SSlawomir Mrozowicz goto process_auth_err; 7098a9867a6SSlawomir Mrozowicz 7108a9867a6SSlawomir Mrozowicz return 0; 7118a9867a6SSlawomir Mrozowicz 7128a9867a6SSlawomir Mrozowicz process_auth_err: 7138a9867a6SSlawomir Mrozowicz OPENSSL_LOG_ERR("Process openssl auth failed"); 7148a9867a6SSlawomir Mrozowicz return -EINVAL; 7158a9867a6SSlawomir Mrozowicz } 7168a9867a6SSlawomir Mrozowicz 7178a9867a6SSlawomir Mrozowicz /*----------------------------------------------------------------------------*/ 7188a9867a6SSlawomir Mrozowicz 7198a9867a6SSlawomir Mrozowicz /** Process auth/cipher combined operation */ 7208a9867a6SSlawomir Mrozowicz static void 7218a9867a6SSlawomir Mrozowicz process_openssl_combined_op 7228a9867a6SSlawomir Mrozowicz (struct rte_crypto_op *op, struct openssl_session *sess, 7238a9867a6SSlawomir Mrozowicz struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst) 7248a9867a6SSlawomir Mrozowicz { 7258a9867a6SSlawomir Mrozowicz /* cipher */ 7268a9867a6SSlawomir Mrozowicz uint8_t *src = NULL, *dst = NULL, *iv, *tag, *aad; 7278a9867a6SSlawomir Mrozowicz int srclen, ivlen, aadlen, status = -1; 7288a9867a6SSlawomir Mrozowicz 7298a9867a6SSlawomir Mrozowicz iv = op->sym->cipher.iv.data; 7308a9867a6SSlawomir Mrozowicz ivlen = op->sym->cipher.iv.length; 7318a9867a6SSlawomir Mrozowicz aad = op->sym->auth.aad.data; 7328a9867a6SSlawomir Mrozowicz aadlen = op->sym->auth.aad.length; 7338a9867a6SSlawomir Mrozowicz 7348a9867a6SSlawomir Mrozowicz tag = op->sym->auth.digest.data; 7358a9867a6SSlawomir Mrozowicz if (tag == NULL) 7368a9867a6SSlawomir Mrozowicz tag = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, 7378a9867a6SSlawomir Mrozowicz op->sym->cipher.data.offset + 7388a9867a6SSlawomir Mrozowicz op->sym->cipher.data.length); 7398a9867a6SSlawomir Mrozowicz 7408a9867a6SSlawomir Mrozowicz if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC) 7418a9867a6SSlawomir Mrozowicz srclen = 0; 7428a9867a6SSlawomir Mrozowicz else { 7438a9867a6SSlawomir Mrozowicz srclen = op->sym->cipher.data.length; 7448a9867a6SSlawomir Mrozowicz src = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *, 7458a9867a6SSlawomir Mrozowicz op->sym->cipher.data.offset); 7468a9867a6SSlawomir Mrozowicz dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, 7478a9867a6SSlawomir Mrozowicz op->sym->cipher.data.offset); 7488a9867a6SSlawomir Mrozowicz } 7498a9867a6SSlawomir Mrozowicz 7508a9867a6SSlawomir Mrozowicz if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) 7518a9867a6SSlawomir Mrozowicz status = process_openssl_auth_encryption_gcm( 7528a9867a6SSlawomir Mrozowicz src, srclen, aad, aadlen, iv, ivlen, 7538a9867a6SSlawomir Mrozowicz sess->cipher.key.data, dst, tag, 7548a9867a6SSlawomir Mrozowicz sess->cipher.ctx, sess->cipher.evp_algo); 7558a9867a6SSlawomir Mrozowicz else 7568a9867a6SSlawomir Mrozowicz status = process_openssl_auth_decryption_gcm( 7578a9867a6SSlawomir Mrozowicz src, srclen, aad, aadlen, iv, ivlen, 7588a9867a6SSlawomir Mrozowicz sess->cipher.key.data, dst, tag, 7598a9867a6SSlawomir Mrozowicz sess->cipher.ctx, sess->cipher.evp_algo); 7608a9867a6SSlawomir Mrozowicz 7618a9867a6SSlawomir Mrozowicz if (status != 0) { 7628a9867a6SSlawomir Mrozowicz if (status == (-EFAULT) && 7638a9867a6SSlawomir Mrozowicz sess->auth.operation == 7648a9867a6SSlawomir Mrozowicz RTE_CRYPTO_AUTH_OP_VERIFY) 7658a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; 7668a9867a6SSlawomir Mrozowicz else 7678a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_ERROR; 7688a9867a6SSlawomir Mrozowicz } 7698a9867a6SSlawomir Mrozowicz } 7708a9867a6SSlawomir Mrozowicz 7718a9867a6SSlawomir Mrozowicz /** Process cipher operation */ 7728a9867a6SSlawomir Mrozowicz static void 7738a9867a6SSlawomir Mrozowicz process_openssl_cipher_op 7748a9867a6SSlawomir Mrozowicz (struct rte_crypto_op *op, struct openssl_session *sess, 7758a9867a6SSlawomir Mrozowicz struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst) 7768a9867a6SSlawomir Mrozowicz { 7778a9867a6SSlawomir Mrozowicz uint8_t *src, *dst, *iv; 7788a9867a6SSlawomir Mrozowicz int srclen, status; 7798a9867a6SSlawomir Mrozowicz 7808a9867a6SSlawomir Mrozowicz srclen = op->sym->cipher.data.length; 7818a9867a6SSlawomir Mrozowicz src = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *, 7828a9867a6SSlawomir Mrozowicz op->sym->cipher.data.offset); 7838a9867a6SSlawomir Mrozowicz dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, 7848a9867a6SSlawomir Mrozowicz op->sym->cipher.data.offset); 7858a9867a6SSlawomir Mrozowicz 7868a9867a6SSlawomir Mrozowicz iv = op->sym->cipher.iv.data; 7878a9867a6SSlawomir Mrozowicz 7888a9867a6SSlawomir Mrozowicz if (sess->cipher.mode == OPENSSL_CIPHER_LIB) 7898a9867a6SSlawomir Mrozowicz if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) 7908a9867a6SSlawomir Mrozowicz status = process_openssl_cipher_encrypt(src, dst, iv, 7918a9867a6SSlawomir Mrozowicz sess->cipher.key.data, srclen, 7928a9867a6SSlawomir Mrozowicz sess->cipher.ctx, 7938a9867a6SSlawomir Mrozowicz sess->cipher.evp_algo); 7948a9867a6SSlawomir Mrozowicz else 7958a9867a6SSlawomir Mrozowicz status = process_openssl_cipher_decrypt(src, dst, iv, 7968a9867a6SSlawomir Mrozowicz sess->cipher.key.data, srclen, 7978a9867a6SSlawomir Mrozowicz sess->cipher.ctx, 7988a9867a6SSlawomir Mrozowicz sess->cipher.evp_algo); 7998a9867a6SSlawomir Mrozowicz else 8008a9867a6SSlawomir Mrozowicz status = process_openssl_cipher_des3ctr(src, dst, iv, 8018a9867a6SSlawomir Mrozowicz sess->cipher.key.data, srclen, 8028a9867a6SSlawomir Mrozowicz sess->cipher.ctx); 8038a9867a6SSlawomir Mrozowicz 8048a9867a6SSlawomir Mrozowicz if (status != 0) 8058a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_ERROR; 8068a9867a6SSlawomir Mrozowicz } 8078a9867a6SSlawomir Mrozowicz 8088a9867a6SSlawomir Mrozowicz /** Process auth operation */ 8098a9867a6SSlawomir Mrozowicz static void 8108a9867a6SSlawomir Mrozowicz process_openssl_auth_op 8118a9867a6SSlawomir Mrozowicz (struct rte_crypto_op *op, struct openssl_session *sess, 8128a9867a6SSlawomir Mrozowicz struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst) 8138a9867a6SSlawomir Mrozowicz { 8148a9867a6SSlawomir Mrozowicz uint8_t *src, *dst; 8158a9867a6SSlawomir Mrozowicz int srclen, status; 8168a9867a6SSlawomir Mrozowicz 8178a9867a6SSlawomir Mrozowicz srclen = op->sym->auth.data.length; 8188a9867a6SSlawomir Mrozowicz src = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *, 8198a9867a6SSlawomir Mrozowicz op->sym->auth.data.offset); 8208a9867a6SSlawomir Mrozowicz 8218a9867a6SSlawomir Mrozowicz if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) 8228a9867a6SSlawomir Mrozowicz dst = (uint8_t *)rte_pktmbuf_append(mbuf_src, 8238a9867a6SSlawomir Mrozowicz op->sym->auth.digest.length); 8248a9867a6SSlawomir Mrozowicz else { 8258a9867a6SSlawomir Mrozowicz dst = op->sym->auth.digest.data; 8268a9867a6SSlawomir Mrozowicz if (dst == NULL) 8278a9867a6SSlawomir Mrozowicz dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, 8288a9867a6SSlawomir Mrozowicz op->sym->auth.data.offset + 8298a9867a6SSlawomir Mrozowicz op->sym->auth.data.length); 8308a9867a6SSlawomir Mrozowicz } 8318a9867a6SSlawomir Mrozowicz 8328a9867a6SSlawomir Mrozowicz switch (sess->auth.mode) { 8338a9867a6SSlawomir Mrozowicz case OPENSSL_AUTH_AS_AUTH: 8348a9867a6SSlawomir Mrozowicz status = process_openssl_auth(src, dst, 8358a9867a6SSlawomir Mrozowicz NULL, NULL, srclen, 8368a9867a6SSlawomir Mrozowicz sess->auth.auth.ctx, sess->auth.auth.evp_algo); 8378a9867a6SSlawomir Mrozowicz break; 8388a9867a6SSlawomir Mrozowicz case OPENSSL_AUTH_AS_HMAC: 8398a9867a6SSlawomir Mrozowicz status = process_openssl_auth_hmac(src, dst, 8408a9867a6SSlawomir Mrozowicz NULL, sess->auth.hmac.pkey, srclen, 8418a9867a6SSlawomir Mrozowicz sess->auth.hmac.ctx, sess->auth.hmac.evp_algo); 8428a9867a6SSlawomir Mrozowicz break; 8438a9867a6SSlawomir Mrozowicz default: 8448a9867a6SSlawomir Mrozowicz status = -1; 8458a9867a6SSlawomir Mrozowicz break; 8468a9867a6SSlawomir Mrozowicz } 8478a9867a6SSlawomir Mrozowicz 8488a9867a6SSlawomir Mrozowicz if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { 8498a9867a6SSlawomir Mrozowicz if (memcmp(dst, op->sym->auth.digest.data, 8508a9867a6SSlawomir Mrozowicz op->sym->auth.digest.length) != 0) { 8518a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; 8528a9867a6SSlawomir Mrozowicz } 8538a9867a6SSlawomir Mrozowicz /* Trim area used for digest from mbuf. */ 8548a9867a6SSlawomir Mrozowicz rte_pktmbuf_trim(mbuf_src, 8558a9867a6SSlawomir Mrozowicz op->sym->auth.digest.length); 8568a9867a6SSlawomir Mrozowicz } 8578a9867a6SSlawomir Mrozowicz 8588a9867a6SSlawomir Mrozowicz if (status != 0) 8598a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_ERROR; 8608a9867a6SSlawomir Mrozowicz } 8618a9867a6SSlawomir Mrozowicz 8628a9867a6SSlawomir Mrozowicz /** Process crypto operation for mbuf */ 8638a9867a6SSlawomir Mrozowicz static int 8648a9867a6SSlawomir Mrozowicz process_op(const struct openssl_qp *qp, struct rte_crypto_op *op, 8658a9867a6SSlawomir Mrozowicz struct openssl_session *sess) 8668a9867a6SSlawomir Mrozowicz { 8678a9867a6SSlawomir Mrozowicz struct rte_mbuf *msrc, *mdst; 8688a9867a6SSlawomir Mrozowicz int retval; 8698a9867a6SSlawomir Mrozowicz 8708a9867a6SSlawomir Mrozowicz msrc = op->sym->m_src; 8718a9867a6SSlawomir Mrozowicz mdst = op->sym->m_dst ? op->sym->m_dst : op->sym->m_src; 8728a9867a6SSlawomir Mrozowicz 8738a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; 8748a9867a6SSlawomir Mrozowicz 8758a9867a6SSlawomir Mrozowicz switch (sess->chain_order) { 8768a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_ONLY_CIPHER: 8778a9867a6SSlawomir Mrozowicz process_openssl_cipher_op(op, sess, msrc, mdst); 8788a9867a6SSlawomir Mrozowicz break; 8798a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_ONLY_AUTH: 8808a9867a6SSlawomir Mrozowicz process_openssl_auth_op(op, sess, msrc, mdst); 8818a9867a6SSlawomir Mrozowicz break; 8828a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_CIPHER_AUTH: 8838a9867a6SSlawomir Mrozowicz process_openssl_cipher_op(op, sess, msrc, mdst); 8848a9867a6SSlawomir Mrozowicz process_openssl_auth_op(op, sess, mdst, mdst); 8858a9867a6SSlawomir Mrozowicz break; 8868a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_AUTH_CIPHER: 8878a9867a6SSlawomir Mrozowicz process_openssl_auth_op(op, sess, msrc, mdst); 8888a9867a6SSlawomir Mrozowicz process_openssl_cipher_op(op, sess, msrc, mdst); 8898a9867a6SSlawomir Mrozowicz break; 8908a9867a6SSlawomir Mrozowicz case OPENSSL_CHAIN_COMBINED: 8918a9867a6SSlawomir Mrozowicz process_openssl_combined_op(op, sess, msrc, mdst); 8928a9867a6SSlawomir Mrozowicz break; 8938a9867a6SSlawomir Mrozowicz default: 8948a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_ERROR; 8958a9867a6SSlawomir Mrozowicz break; 8968a9867a6SSlawomir Mrozowicz } 8978a9867a6SSlawomir Mrozowicz 8988a9867a6SSlawomir Mrozowicz /* Free session if a session-less crypto op */ 8998a9867a6SSlawomir Mrozowicz if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_SESSIONLESS) { 9008a9867a6SSlawomir Mrozowicz openssl_reset_session(sess); 9018a9867a6SSlawomir Mrozowicz memset(sess, 0, sizeof(struct openssl_session)); 9028a9867a6SSlawomir Mrozowicz rte_mempool_put(qp->sess_mp, op->sym->session); 9038a9867a6SSlawomir Mrozowicz op->sym->session = NULL; 9048a9867a6SSlawomir Mrozowicz } 9058a9867a6SSlawomir Mrozowicz 9068a9867a6SSlawomir Mrozowicz 9078a9867a6SSlawomir Mrozowicz if (op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED) 9088a9867a6SSlawomir Mrozowicz op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; 9098a9867a6SSlawomir Mrozowicz 9108a9867a6SSlawomir Mrozowicz if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) 9118a9867a6SSlawomir Mrozowicz retval = rte_ring_enqueue(qp->processed_ops, (void *)op); 9128a9867a6SSlawomir Mrozowicz else 9138a9867a6SSlawomir Mrozowicz retval = -1; 9148a9867a6SSlawomir Mrozowicz 9158a9867a6SSlawomir Mrozowicz return retval; 9168a9867a6SSlawomir Mrozowicz } 9178a9867a6SSlawomir Mrozowicz 9188a9867a6SSlawomir Mrozowicz /* 9198a9867a6SSlawomir Mrozowicz *------------------------------------------------------------------------------ 9208a9867a6SSlawomir Mrozowicz * PMD Framework 9218a9867a6SSlawomir Mrozowicz *------------------------------------------------------------------------------ 9228a9867a6SSlawomir Mrozowicz */ 9238a9867a6SSlawomir Mrozowicz 9248a9867a6SSlawomir Mrozowicz /** Enqueue burst */ 9258a9867a6SSlawomir Mrozowicz static uint16_t 9268a9867a6SSlawomir Mrozowicz openssl_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops, 9278a9867a6SSlawomir Mrozowicz uint16_t nb_ops) 9288a9867a6SSlawomir Mrozowicz { 9298a9867a6SSlawomir Mrozowicz struct openssl_session *sess; 9308a9867a6SSlawomir Mrozowicz struct openssl_qp *qp = queue_pair; 9318a9867a6SSlawomir Mrozowicz int i, retval; 9328a9867a6SSlawomir Mrozowicz 9338a9867a6SSlawomir Mrozowicz for (i = 0; i < nb_ops; i++) { 9348a9867a6SSlawomir Mrozowicz sess = get_session(qp, ops[i]); 9358a9867a6SSlawomir Mrozowicz if (unlikely(sess == NULL)) 9368a9867a6SSlawomir Mrozowicz goto enqueue_err; 9378a9867a6SSlawomir Mrozowicz 9388a9867a6SSlawomir Mrozowicz retval = process_op(qp, ops[i], sess); 9398a9867a6SSlawomir Mrozowicz if (unlikely(retval < 0)) 9408a9867a6SSlawomir Mrozowicz goto enqueue_err; 9418a9867a6SSlawomir Mrozowicz } 9428a9867a6SSlawomir Mrozowicz 9438a9867a6SSlawomir Mrozowicz qp->stats.enqueued_count += i; 9448a9867a6SSlawomir Mrozowicz return i; 9458a9867a6SSlawomir Mrozowicz 9468a9867a6SSlawomir Mrozowicz enqueue_err: 9478a9867a6SSlawomir Mrozowicz qp->stats.enqueue_err_count++; 9488a9867a6SSlawomir Mrozowicz return i; 9498a9867a6SSlawomir Mrozowicz } 9508a9867a6SSlawomir Mrozowicz 9518a9867a6SSlawomir Mrozowicz /** Dequeue burst */ 9528a9867a6SSlawomir Mrozowicz static uint16_t 9538a9867a6SSlawomir Mrozowicz openssl_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops, 9548a9867a6SSlawomir Mrozowicz uint16_t nb_ops) 9558a9867a6SSlawomir Mrozowicz { 9568a9867a6SSlawomir Mrozowicz struct openssl_qp *qp = queue_pair; 9578a9867a6SSlawomir Mrozowicz 9588a9867a6SSlawomir Mrozowicz unsigned int nb_dequeued = 0; 9598a9867a6SSlawomir Mrozowicz 9608a9867a6SSlawomir Mrozowicz nb_dequeued = rte_ring_dequeue_burst(qp->processed_ops, 9618a9867a6SSlawomir Mrozowicz (void **)ops, nb_ops); 9628a9867a6SSlawomir Mrozowicz qp->stats.dequeued_count += nb_dequeued; 9638a9867a6SSlawomir Mrozowicz 9648a9867a6SSlawomir Mrozowicz return nb_dequeued; 9658a9867a6SSlawomir Mrozowicz } 9668a9867a6SSlawomir Mrozowicz 9678a9867a6SSlawomir Mrozowicz /** Create OPENSSL crypto device */ 9688a9867a6SSlawomir Mrozowicz static int 9698a9867a6SSlawomir Mrozowicz cryptodev_openssl_create(const char *name, 9708a9867a6SSlawomir Mrozowicz struct rte_crypto_vdev_init_params *init_params) 9718a9867a6SSlawomir Mrozowicz { 9728a9867a6SSlawomir Mrozowicz struct rte_cryptodev *dev; 9738a9867a6SSlawomir Mrozowicz char crypto_dev_name[RTE_CRYPTODEV_NAME_MAX_LEN]; 9748a9867a6SSlawomir Mrozowicz struct openssl_private *internals; 9758a9867a6SSlawomir Mrozowicz 9768a9867a6SSlawomir Mrozowicz /* create a unique device name */ 9778a9867a6SSlawomir Mrozowicz if (create_unique_device_name(crypto_dev_name, 9788a9867a6SSlawomir Mrozowicz RTE_CRYPTODEV_NAME_MAX_LEN) != 0) { 9798a9867a6SSlawomir Mrozowicz OPENSSL_LOG_ERR("failed to create unique cryptodev name"); 9808a9867a6SSlawomir Mrozowicz return -EINVAL; 9818a9867a6SSlawomir Mrozowicz } 9828a9867a6SSlawomir Mrozowicz 9838a9867a6SSlawomir Mrozowicz dev = rte_cryptodev_pmd_virtual_dev_init(crypto_dev_name, 9848a9867a6SSlawomir Mrozowicz sizeof(struct openssl_private), 9858a9867a6SSlawomir Mrozowicz init_params->socket_id); 9868a9867a6SSlawomir Mrozowicz if (dev == NULL) { 9878a9867a6SSlawomir Mrozowicz OPENSSL_LOG_ERR("failed to create cryptodev vdev"); 9888a9867a6SSlawomir Mrozowicz goto init_error; 9898a9867a6SSlawomir Mrozowicz } 9908a9867a6SSlawomir Mrozowicz 9918a9867a6SSlawomir Mrozowicz dev->dev_type = RTE_CRYPTODEV_OPENSSL_PMD; 9928a9867a6SSlawomir Mrozowicz dev->dev_ops = rte_openssl_pmd_ops; 9938a9867a6SSlawomir Mrozowicz 9948a9867a6SSlawomir Mrozowicz /* register rx/tx burst functions for data path */ 9958a9867a6SSlawomir Mrozowicz dev->dequeue_burst = openssl_pmd_dequeue_burst; 9968a9867a6SSlawomir Mrozowicz dev->enqueue_burst = openssl_pmd_enqueue_burst; 9978a9867a6SSlawomir Mrozowicz 9988a9867a6SSlawomir Mrozowicz dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | 9998a9867a6SSlawomir Mrozowicz RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | 10008a9867a6SSlawomir Mrozowicz RTE_CRYPTODEV_FF_CPU_AESNI; 10018a9867a6SSlawomir Mrozowicz 10028a9867a6SSlawomir Mrozowicz /* Set vector instructions mode supported */ 10038a9867a6SSlawomir Mrozowicz internals = dev->data->dev_private; 10048a9867a6SSlawomir Mrozowicz 10058a9867a6SSlawomir Mrozowicz internals->max_nb_qpairs = init_params->max_nb_queue_pairs; 10068a9867a6SSlawomir Mrozowicz internals->max_nb_sessions = init_params->max_nb_sessions; 10078a9867a6SSlawomir Mrozowicz 10088a9867a6SSlawomir Mrozowicz return 0; 10098a9867a6SSlawomir Mrozowicz 10108a9867a6SSlawomir Mrozowicz init_error: 10118a9867a6SSlawomir Mrozowicz OPENSSL_LOG_ERR("driver %s: cryptodev_openssl_create failed", name); 10128a9867a6SSlawomir Mrozowicz 10138a9867a6SSlawomir Mrozowicz cryptodev_openssl_remove(crypto_dev_name); 10148a9867a6SSlawomir Mrozowicz return -EFAULT; 10158a9867a6SSlawomir Mrozowicz } 10168a9867a6SSlawomir Mrozowicz 10178a9867a6SSlawomir Mrozowicz /** Initialise OPENSSL crypto device */ 10188a9867a6SSlawomir Mrozowicz static int 10198a9867a6SSlawomir Mrozowicz cryptodev_openssl_probe(const char *name, 10208a9867a6SSlawomir Mrozowicz const char *input_args) 10218a9867a6SSlawomir Mrozowicz { 10228a9867a6SSlawomir Mrozowicz struct rte_crypto_vdev_init_params init_params = { 10238a9867a6SSlawomir Mrozowicz RTE_CRYPTODEV_VDEV_DEFAULT_MAX_NB_QUEUE_PAIRS, 10248a9867a6SSlawomir Mrozowicz RTE_CRYPTODEV_VDEV_DEFAULT_MAX_NB_SESSIONS, 10258a9867a6SSlawomir Mrozowicz rte_socket_id() 10268a9867a6SSlawomir Mrozowicz }; 10278a9867a6SSlawomir Mrozowicz 10288a9867a6SSlawomir Mrozowicz rte_cryptodev_parse_vdev_init_params(&init_params, input_args); 10298a9867a6SSlawomir Mrozowicz 10308a9867a6SSlawomir Mrozowicz RTE_LOG(INFO, PMD, "Initialising %s on NUMA node %d\n", name, 10318a9867a6SSlawomir Mrozowicz init_params.socket_id); 10328a9867a6SSlawomir Mrozowicz RTE_LOG(INFO, PMD, " Max number of queue pairs = %d\n", 10338a9867a6SSlawomir Mrozowicz init_params.max_nb_queue_pairs); 10348a9867a6SSlawomir Mrozowicz RTE_LOG(INFO, PMD, " Max number of sessions = %d\n", 10358a9867a6SSlawomir Mrozowicz init_params.max_nb_sessions); 10368a9867a6SSlawomir Mrozowicz 10378a9867a6SSlawomir Mrozowicz return cryptodev_openssl_create(name, &init_params); 10388a9867a6SSlawomir Mrozowicz } 10398a9867a6SSlawomir Mrozowicz 10408a9867a6SSlawomir Mrozowicz /** Uninitialise OPENSSL crypto device */ 10418a9867a6SSlawomir Mrozowicz static int 10428a9867a6SSlawomir Mrozowicz cryptodev_openssl_remove(const char *name) 10438a9867a6SSlawomir Mrozowicz { 10448a9867a6SSlawomir Mrozowicz if (name == NULL) 10458a9867a6SSlawomir Mrozowicz return -EINVAL; 10468a9867a6SSlawomir Mrozowicz 10478a9867a6SSlawomir Mrozowicz RTE_LOG(INFO, PMD, 10488a9867a6SSlawomir Mrozowicz "Closing OPENSSL crypto device %s on numa socket %u\n", 10498a9867a6SSlawomir Mrozowicz name, rte_socket_id()); 10508a9867a6SSlawomir Mrozowicz 10518a9867a6SSlawomir Mrozowicz return 0; 10528a9867a6SSlawomir Mrozowicz } 10538a9867a6SSlawomir Mrozowicz 10548a9867a6SSlawomir Mrozowicz static struct rte_vdev_driver cryptodev_openssl_pmd_drv = { 10558a9867a6SSlawomir Mrozowicz .probe = cryptodev_openssl_probe, 10568a9867a6SSlawomir Mrozowicz .remove = cryptodev_openssl_remove 10578a9867a6SSlawomir Mrozowicz }; 10588a9867a6SSlawomir Mrozowicz 10598a9867a6SSlawomir Mrozowicz RTE_PMD_REGISTER_VDEV(CRYPTODEV_NAME_OPENSSL_PMD, 10608a9867a6SSlawomir Mrozowicz cryptodev_openssl_pmd_drv); 10618a9867a6SSlawomir Mrozowicz RTE_PMD_REGISTER_PARAM_STRING(CRYPTODEV_NAME_OPENSSL_PMD, 10628a9867a6SSlawomir Mrozowicz "max_nb_queue_pairs=<int> " 10638a9867a6SSlawomir Mrozowicz "max_nb_sessions=<int> " 10648a9867a6SSlawomir Mrozowicz "socket_id=<int>"); 1065