1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(c) 2016-2017 Intel Corporation 3 */ 4 5 #include <string.h> 6 7 #include <rte_common.h> 8 #include <rte_malloc.h> 9 #include <cryptodev_pmd.h> 10 11 #include "openssl_pmd_private.h" 12 #include "compat.h" 13 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 14 #include <openssl/provider.h> 15 #include <openssl/core_names.h> 16 #include <openssl/param_build.h> 17 #endif 18 19 static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { 20 { /* MD5 HMAC */ 21 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 22 {.sym = { 23 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 24 {.auth = { 25 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 26 .block_size = 64, 27 .key_size = { 28 .min = 1, 29 .max = 64, 30 .increment = 1 31 }, 32 .digest_size = { 33 .min = 1, 34 .max = 16, 35 .increment = 1 36 }, 37 .iv_size = { 0 } 38 }, } 39 }, } 40 }, 41 { /* MD5 */ 42 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 43 {.sym = { 44 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 45 {.auth = { 46 .algo = RTE_CRYPTO_AUTH_MD5, 47 .block_size = 64, 48 .key_size = { 49 .min = 0, 50 .max = 0, 51 .increment = 0 52 }, 53 .digest_size = { 54 .min = 16, 55 .max = 16, 56 .increment = 0 57 }, 58 .iv_size = { 0 } 59 }, } 60 }, } 61 }, 62 { /* SHA1 HMAC */ 63 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 64 {.sym = { 65 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 66 {.auth = { 67 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 68 .block_size = 64, 69 .key_size = { 70 .min = 1, 71 .max = 64, 72 .increment = 1 73 }, 74 .digest_size = { 75 .min = 1, 76 .max = 20, 77 .increment = 1 78 }, 79 .iv_size = { 0 } 80 }, } 81 }, } 82 }, 83 { /* SHA1 */ 84 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 85 {.sym = { 86 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 87 {.auth = { 88 .algo = RTE_CRYPTO_AUTH_SHA1, 89 .block_size = 64, 90 .key_size = { 91 .min = 0, 92 .max = 0, 93 .increment = 0 94 }, 95 .digest_size = { 96 .min = 20, 97 .max = 20, 98 .increment = 0 99 }, 100 .iv_size = { 0 } 101 }, } 102 }, } 103 }, 104 { /* SHA224 HMAC */ 105 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 106 {.sym = { 107 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 108 {.auth = { 109 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 110 .block_size = 64, 111 .key_size = { 112 .min = 1, 113 .max = 64, 114 .increment = 1 115 }, 116 .digest_size = { 117 .min = 1, 118 .max = 28, 119 .increment = 1 120 }, 121 .iv_size = { 0 } 122 }, } 123 }, } 124 }, 125 { /* SHA224 */ 126 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 127 {.sym = { 128 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 129 {.auth = { 130 .algo = RTE_CRYPTO_AUTH_SHA224, 131 .block_size = 64, 132 .key_size = { 133 .min = 0, 134 .max = 0, 135 .increment = 0 136 }, 137 .digest_size = { 138 .min = 1, 139 .max = 28, 140 .increment = 1 141 }, 142 .iv_size = { 0 } 143 }, } 144 }, } 145 }, 146 { /* SHA256 HMAC */ 147 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 148 {.sym = { 149 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 150 {.auth = { 151 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 152 .block_size = 64, 153 .key_size = { 154 .min = 1, 155 .max = 64, 156 .increment = 1 157 }, 158 .digest_size = { 159 .min = 1, 160 .max = 32, 161 .increment = 1 162 }, 163 .iv_size = { 0 } 164 }, } 165 }, } 166 }, 167 { /* SHA256 */ 168 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 169 {.sym = { 170 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 171 {.auth = { 172 .algo = RTE_CRYPTO_AUTH_SHA256, 173 .block_size = 64, 174 .key_size = { 175 .min = 0, 176 .max = 0, 177 .increment = 0 178 }, 179 .digest_size = { 180 .min = 32, 181 .max = 32, 182 .increment = 0 183 }, 184 .iv_size = { 0 } 185 }, } 186 }, } 187 }, 188 { /* SHA384 HMAC */ 189 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 190 {.sym = { 191 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 192 {.auth = { 193 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 194 .block_size = 128, 195 .key_size = { 196 .min = 1, 197 .max = 128, 198 .increment = 1 199 }, 200 .digest_size = { 201 .min = 1, 202 .max = 48, 203 .increment = 1 204 }, 205 .iv_size = { 0 } 206 }, } 207 }, } 208 }, 209 { /* SHA384 */ 210 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 211 {.sym = { 212 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 213 {.auth = { 214 .algo = RTE_CRYPTO_AUTH_SHA384, 215 .block_size = 128, 216 .key_size = { 217 .min = 0, 218 .max = 0, 219 .increment = 0 220 }, 221 .digest_size = { 222 .min = 48, 223 .max = 48, 224 .increment = 0 225 }, 226 .iv_size = { 0 } 227 }, } 228 }, } 229 }, 230 { /* SHA512 HMAC */ 231 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 232 {.sym = { 233 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 234 {.auth = { 235 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 236 .block_size = 128, 237 .key_size = { 238 .min = 1, 239 .max = 128, 240 .increment = 1 241 }, 242 .digest_size = { 243 .min = 1, 244 .max = 64, 245 .increment = 1 246 }, 247 .iv_size = { 0 } 248 }, } 249 }, } 250 }, 251 { /* SHA512 */ 252 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 253 {.sym = { 254 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 255 {.auth = { 256 .algo = RTE_CRYPTO_AUTH_SHA512, 257 .block_size = 128, 258 .key_size = { 259 .min = 0, 260 .max = 0, 261 .increment = 0 262 }, 263 .digest_size = { 264 .min = 64, 265 .max = 64, 266 .increment = 0 267 }, 268 .iv_size = { 0 } 269 }, } 270 }, } 271 }, 272 { /* AES CBC */ 273 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 274 {.sym = { 275 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 276 {.cipher = { 277 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 278 .block_size = 16, 279 .key_size = { 280 .min = 16, 281 .max = 32, 282 .increment = 8 283 }, 284 .iv_size = { 285 .min = 16, 286 .max = 16, 287 .increment = 0 288 } 289 }, } 290 }, } 291 }, 292 { /* AES CTR */ 293 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 294 {.sym = { 295 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 296 {.cipher = { 297 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 298 .block_size = 16, 299 .key_size = { 300 .min = 16, 301 .max = 32, 302 .increment = 8 303 }, 304 .iv_size = { 305 .min = 16, 306 .max = 16, 307 .increment = 0 308 } 309 }, } 310 }, } 311 }, 312 { /* AES GCM */ 313 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 314 {.sym = { 315 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 316 {.aead = { 317 .algo = RTE_CRYPTO_AEAD_AES_GCM, 318 .block_size = 16, 319 .key_size = { 320 .min = 16, 321 .max = 32, 322 .increment = 8 323 }, 324 .digest_size = { 325 .min = 16, 326 .max = 16, 327 .increment = 0 328 }, 329 .aad_size = { 330 .min = 0, 331 .max = 65535, 332 .increment = 1 333 }, 334 .iv_size = { 335 .min = 12, 336 .max = 16, 337 .increment = 4 338 }, 339 }, } 340 }, } 341 }, 342 { /* AES CCM */ 343 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 344 {.sym = { 345 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 346 {.aead = { 347 .algo = RTE_CRYPTO_AEAD_AES_CCM, 348 .block_size = 16, 349 .key_size = { 350 .min = 16, 351 .max = 32, 352 .increment = 8 353 }, 354 .digest_size = { 355 .min = 4, 356 .max = 16, 357 .increment = 2 358 }, 359 .aad_size = { 360 .min = 0, 361 .max = 65535, 362 .increment = 1 363 }, 364 .iv_size = { 365 .min = 7, 366 .max = 13, 367 .increment = 1 368 }, 369 }, } 370 }, } 371 }, 372 { /* AES GMAC (AUTH) */ 373 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 374 {.sym = { 375 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 376 {.auth = { 377 .algo = RTE_CRYPTO_AUTH_AES_GMAC, 378 .block_size = 16, 379 .key_size = { 380 .min = 16, 381 .max = 32, 382 .increment = 8 383 }, 384 .digest_size = { 385 .min = 16, 386 .max = 16, 387 .increment = 0 388 }, 389 .iv_size = { 390 .min = 12, 391 .max = 16, 392 .increment = 4 393 } 394 }, } 395 }, } 396 }, 397 { /* AES CMAC (AUTH) */ 398 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 399 {.sym = { 400 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 401 {.auth = { 402 .algo = RTE_CRYPTO_AUTH_AES_CMAC, 403 .block_size = 16, 404 .key_size = { 405 .min = 16, 406 .max = 32, 407 .increment = 8 408 }, 409 .digest_size = { 410 .min = 4, 411 .max = 16, 412 .increment = 4 413 }, 414 }, } 415 }, } 416 }, 417 { /* 3DES CBC */ 418 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 419 {.sym = { 420 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 421 {.cipher = { 422 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 423 .block_size = 8, 424 .key_size = { 425 .min = 8, 426 .max = 24, 427 .increment = 8 428 }, 429 .iv_size = { 430 .min = 8, 431 .max = 8, 432 .increment = 0 433 } 434 }, } 435 }, } 436 }, 437 { /* 3DES CTR */ 438 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 439 {.sym = { 440 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 441 {.cipher = { 442 .algo = RTE_CRYPTO_CIPHER_3DES_CTR, 443 .block_size = 8, 444 .key_size = { 445 .min = 16, 446 .max = 24, 447 .increment = 8 448 }, 449 .iv_size = { 450 .min = 8, 451 .max = 8, 452 .increment = 0 453 } 454 }, } 455 }, } 456 }, 457 { /* DES CBC */ 458 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 459 {.sym = { 460 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 461 {.cipher = { 462 .algo = RTE_CRYPTO_CIPHER_DES_CBC, 463 .block_size = 8, 464 .key_size = { 465 .min = 8, 466 .max = 8, 467 .increment = 0 468 }, 469 .iv_size = { 470 .min = 8, 471 .max = 8, 472 .increment = 0 473 } 474 }, } 475 }, } 476 }, 477 { /* DES DOCSIS BPI */ 478 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 479 {.sym = { 480 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 481 {.cipher = { 482 .algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI, 483 .block_size = 8, 484 .key_size = { 485 .min = 8, 486 .max = 8, 487 .increment = 0 488 }, 489 .iv_size = { 490 .min = 8, 491 .max = 8, 492 .increment = 0 493 } 494 }, } 495 }, } 496 }, 497 { /* RSA */ 498 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 499 {.asym = { 500 .xform_capa = { 501 .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, 502 .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | 503 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | 504 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | 505 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), 506 { 507 .modlen = { 508 /* min length is based on openssl rsa keygen */ 509 .min = 30, 510 /* value 0 symbolizes no limit on max length */ 511 .max = 0, 512 .increment = 1 513 }, } 514 } 515 }, 516 } 517 }, 518 { /* modexp */ 519 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 520 {.asym = { 521 .xform_capa = { 522 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX, 523 .op_types = 0, 524 { 525 .modlen = { 526 /* value 0 symbolizes no limit on min length */ 527 .min = 0, 528 /* value 0 symbolizes no limit on max length */ 529 .max = 0, 530 .increment = 1 531 }, } 532 } 533 }, 534 } 535 }, 536 { /* modinv */ 537 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 538 {.asym = { 539 .xform_capa = { 540 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV, 541 .op_types = 0, 542 { 543 .modlen = { 544 /* value 0 symbolizes no limit on min length */ 545 .min = 0, 546 /* value 0 symbolizes no limit on max length */ 547 .max = 0, 548 .increment = 1 549 }, } 550 } 551 }, 552 } 553 }, 554 { /* dh */ 555 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 556 {.asym = { 557 .xform_capa = { 558 .xform_type = RTE_CRYPTO_ASYM_XFORM_DH, 559 .op_types = 560 ((1<<RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE) | 561 (1 << RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE | 562 (1 << 563 RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE))), 564 { 565 .modlen = { 566 /* value 0 symbolizes no limit on min length */ 567 .min = 0, 568 /* value 0 symbolizes no limit on max length */ 569 .max = 0, 570 .increment = 1 571 }, } 572 } 573 }, 574 } 575 }, 576 { /* dsa */ 577 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 578 {.asym = { 579 .xform_capa = { 580 .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA, 581 .op_types = 582 ((1<<RTE_CRYPTO_ASYM_OP_SIGN) | 583 (1 << RTE_CRYPTO_ASYM_OP_VERIFY)), 584 { 585 .modlen = { 586 /* value 0 symbolizes no limit on min length */ 587 .min = 0, 588 /* value 0 symbolizes no limit on max length */ 589 .max = 0, 590 .increment = 1 591 }, } 592 } 593 }, 594 } 595 }, 596 { /* ECFPM */ 597 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 598 {.asym = { 599 .xform_capa = { 600 .xform_type = RTE_CRYPTO_ASYM_XFORM_ECFPM, 601 .op_types = 0 602 } 603 } 604 } 605 }, 606 { /* SM2 */ 607 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 608 {.asym = { 609 .xform_capa = { 610 .xform_type = RTE_CRYPTO_ASYM_XFORM_SM2, 611 .op_types = 612 ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | 613 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | 614 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | 615 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), 616 .op_capa = { 617 [RTE_CRYPTO_ASYM_OP_ENCRYPT] = (1 << RTE_CRYPTO_SM2_RNG), 618 [RTE_CRYPTO_ASYM_OP_DECRYPT] = (1 << RTE_CRYPTO_SM2_RNG), 619 [RTE_CRYPTO_ASYM_OP_SIGN] = (1 << RTE_CRYPTO_SM2_RNG) | 620 (1 << RTE_CRYPTO_SM2_PH), 621 [RTE_CRYPTO_ASYM_OP_VERIFY] = (1 << RTE_CRYPTO_SM2_RNG) | 622 (1 << RTE_CRYPTO_SM2_PH) 623 }, 624 }, 625 } 626 } 627 }, 628 { /* EdDSA */ 629 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 630 {.asym = { 631 .xform_capa = { 632 .xform_type = RTE_CRYPTO_ASYM_XFORM_EDDSA, 633 .hash_algos = (1 << RTE_CRYPTO_AUTH_SHA512 | 634 1 << RTE_CRYPTO_AUTH_SHAKE_256), 635 .op_types = 636 ((1<<RTE_CRYPTO_ASYM_OP_SIGN) | 637 (1 << RTE_CRYPTO_ASYM_OP_VERIFY)), 638 } 639 } 640 } 641 }, 642 643 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 644 }; 645 646 647 /** Configure device */ 648 static int 649 openssl_pmd_config(__rte_unused struct rte_cryptodev *dev, 650 __rte_unused struct rte_cryptodev_config *config) 651 { 652 return 0; 653 } 654 655 /** Start device */ 656 static int 657 openssl_pmd_start(__rte_unused struct rte_cryptodev *dev) 658 { 659 return 0; 660 } 661 662 /** Stop device */ 663 static void 664 openssl_pmd_stop(__rte_unused struct rte_cryptodev *dev) 665 { 666 } 667 668 /** Close device */ 669 static int 670 openssl_pmd_close(__rte_unused struct rte_cryptodev *dev) 671 { 672 return 0; 673 } 674 675 676 /** Get device statistics */ 677 static void 678 openssl_pmd_stats_get(struct rte_cryptodev *dev, 679 struct rte_cryptodev_stats *stats) 680 { 681 int qp_id; 682 683 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) { 684 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 685 686 stats->enqueued_count += qp->stats.enqueued_count; 687 stats->dequeued_count += qp->stats.dequeued_count; 688 689 stats->enqueue_err_count += qp->stats.enqueue_err_count; 690 stats->dequeue_err_count += qp->stats.dequeue_err_count; 691 } 692 } 693 694 /** Reset device statistics */ 695 static void 696 openssl_pmd_stats_reset(struct rte_cryptodev *dev) 697 { 698 int qp_id; 699 700 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) { 701 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 702 703 memset(&qp->stats, 0, sizeof(qp->stats)); 704 } 705 } 706 707 708 /** Get device info */ 709 static void 710 openssl_pmd_info_get(struct rte_cryptodev *dev, 711 struct rte_cryptodev_info *dev_info) 712 { 713 struct openssl_private *internals = dev->data->dev_private; 714 715 if (dev_info != NULL) { 716 dev_info->driver_id = dev->driver_id; 717 dev_info->feature_flags = dev->feature_flags; 718 dev_info->capabilities = openssl_pmd_capabilities; 719 dev_info->max_nb_queue_pairs = internals->max_nb_qpairs; 720 /* No limit of number of sessions */ 721 dev_info->sym.max_nb_sessions = 0; 722 } 723 } 724 725 /** Release queue pair */ 726 static int 727 openssl_pmd_qp_release(struct rte_cryptodev *dev, uint16_t qp_id) 728 { 729 if (dev->data->queue_pairs[qp_id] != NULL) { 730 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 731 732 rte_ring_free(qp->processed_ops); 733 734 rte_free(dev->data->queue_pairs[qp_id]); 735 dev->data->queue_pairs[qp_id] = NULL; 736 } 737 return 0; 738 } 739 740 /** set a unique name for the queue pair based on it's name, dev_id and qp_id */ 741 static int 742 openssl_pmd_qp_set_unique_name(struct rte_cryptodev *dev, 743 struct openssl_qp *qp) 744 { 745 unsigned int n = snprintf(qp->name, sizeof(qp->name), 746 "openssl_pmd_%u_qp_%u", 747 dev->data->dev_id, qp->id); 748 749 if (n >= sizeof(qp->name)) 750 return -1; 751 752 return 0; 753 } 754 755 756 /** Create a ring to place processed operations on */ 757 static struct rte_ring * 758 openssl_pmd_qp_create_processed_ops_ring(struct openssl_qp *qp, 759 unsigned int ring_size, int socket_id) 760 { 761 struct rte_ring *r; 762 763 r = rte_ring_lookup(qp->name); 764 if (r) { 765 if (rte_ring_get_size(r) >= ring_size) { 766 OPENSSL_LOG(INFO, 767 "Reusing existing ring %s for processed ops", 768 qp->name); 769 return r; 770 } 771 772 OPENSSL_LOG(ERR, 773 "Unable to reuse existing ring %s for processed ops", 774 qp->name); 775 return NULL; 776 } 777 778 return rte_ring_create(qp->name, ring_size, socket_id, 779 RING_F_SP_ENQ | RING_F_SC_DEQ); 780 } 781 782 783 /** Setup a queue pair */ 784 static int 785 openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, 786 const struct rte_cryptodev_qp_conf *qp_conf, 787 int socket_id) 788 { 789 struct openssl_qp *qp = NULL; 790 791 /* Free memory prior to re-allocation if needed. */ 792 if (dev->data->queue_pairs[qp_id] != NULL) 793 openssl_pmd_qp_release(dev, qp_id); 794 795 /* Allocate the queue pair data structure. */ 796 qp = rte_zmalloc_socket("OPENSSL PMD Queue Pair", sizeof(*qp), 797 RTE_CACHE_LINE_SIZE, socket_id); 798 if (qp == NULL) 799 return -ENOMEM; 800 801 qp->id = qp_id; 802 dev->data->queue_pairs[qp_id] = qp; 803 804 if (openssl_pmd_qp_set_unique_name(dev, qp)) 805 goto qp_setup_cleanup; 806 807 qp->processed_ops = openssl_pmd_qp_create_processed_ops_ring(qp, 808 qp_conf->nb_descriptors, socket_id); 809 if (qp->processed_ops == NULL) 810 goto qp_setup_cleanup; 811 812 qp->sess_mp = qp_conf->mp_session; 813 814 memset(&qp->stats, 0, sizeof(qp->stats)); 815 816 return 0; 817 818 qp_setup_cleanup: 819 rte_free(qp); 820 821 return -1; 822 } 823 824 /** Returns the size of the symmetric session structure */ 825 static unsigned 826 openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev) 827 { 828 /* 829 * For 0 qps, return the max size of the session - this is necessary if 830 * the user calls into this function to create the session mempool, 831 * without first configuring the number of qps for the cryptodev. 832 */ 833 if (dev->data->nb_queue_pairs == 0) { 834 unsigned int max_nb_qps = ((struct openssl_private *) 835 dev->data->dev_private)->max_nb_qpairs; 836 return sizeof(struct openssl_session) + 837 (sizeof(struct evp_ctx_pair) * max_nb_qps); 838 } 839 840 /* 841 * With only one queue pair, the thread safety of multiple context 842 * copies is not necessary, so don't allocate extra memory for the 843 * array. 844 */ 845 if (dev->data->nb_queue_pairs == 1) 846 return sizeof(struct openssl_session); 847 848 /* 849 * Otherwise, the size of the flexible array member should be enough to 850 * fit pointers to per-qp contexts. This is twice the number of queue 851 * pairs, to allow for auth and cipher contexts. 852 */ 853 return sizeof(struct openssl_session) + 854 (sizeof(struct evp_ctx_pair) * dev->data->nb_queue_pairs); 855 } 856 857 /** Returns the size of the asymmetric session structure */ 858 static unsigned 859 openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused) 860 { 861 return sizeof(struct openssl_asym_session); 862 } 863 864 /** Configure the session from a crypto xform chain */ 865 static int 866 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev, 867 struct rte_crypto_sym_xform *xform, 868 struct rte_cryptodev_sym_session *sess) 869 { 870 void *sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess); 871 int ret; 872 873 if (unlikely(sess == NULL)) { 874 OPENSSL_LOG(ERR, "invalid session struct"); 875 return -EINVAL; 876 } 877 878 ret = openssl_set_session_parameters(sess_private_data, xform, 879 dev->data->nb_queue_pairs); 880 if (ret != 0) { 881 OPENSSL_LOG(ERR, "failed configure session parameters"); 882 883 /* Return session to mempool */ 884 return ret; 885 } 886 887 return 0; 888 } 889 890 static int openssl_set_asym_session_parameters( 891 struct openssl_asym_session *asym_session, 892 struct rte_crypto_asym_xform *xform) 893 { 894 int ret = -1; 895 896 if ((xform->xform_type != RTE_CRYPTO_ASYM_XFORM_DH) && 897 (xform->next != NULL)) { 898 OPENSSL_LOG(ERR, "chained xfrms are not supported on %s", 899 rte_cryptodev_asym_get_xform_string(xform->xform_type)); 900 return ret; 901 } 902 903 switch (xform->xform_type) { 904 case RTE_CRYPTO_ASYM_XFORM_RSA: 905 { 906 BIGNUM *n = NULL; 907 BIGNUM *e = NULL; 908 BIGNUM *d = NULL; 909 BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL; 910 BIGNUM *iqmp = NULL, *dmq1 = NULL; 911 912 /* copy xfrm data into rsa struct */ 913 n = BN_bin2bn((const unsigned char *)xform->rsa.n.data, 914 xform->rsa.n.length, n); 915 e = BN_bin2bn((const unsigned char *)xform->rsa.e.data, 916 xform->rsa.e.length, e); 917 918 if (!n || !e) 919 goto err_rsa; 920 921 asym_session->u.r.pad = xform->rsa.padding.type; 922 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 923 OSSL_PARAM_BLD * param_bld = OSSL_PARAM_BLD_new(); 924 if (!param_bld) { 925 OPENSSL_LOG(ERR, "failed to allocate resources"); 926 goto err_rsa; 927 } 928 929 if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, n) 930 || !OSSL_PARAM_BLD_push_BN(param_bld, 931 OSSL_PKEY_PARAM_RSA_E, e)) { 932 OSSL_PARAM_BLD_free(param_bld); 933 OPENSSL_LOG(ERR, "failed to allocate resources"); 934 goto err_rsa; 935 } 936 937 if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) { 938 d = BN_bin2bn( 939 (const unsigned char *)xform->rsa.d.data, 940 xform->rsa.d.length, 941 d); 942 if (!d) { 943 OSSL_PARAM_BLD_free(param_bld); 944 goto err_rsa; 945 } 946 } else { 947 p = BN_bin2bn((const unsigned char *) 948 xform->rsa.qt.p.data, 949 xform->rsa.qt.p.length, 950 p); 951 q = BN_bin2bn((const unsigned char *) 952 xform->rsa.qt.q.data, 953 xform->rsa.qt.q.length, 954 q); 955 dmp1 = BN_bin2bn((const unsigned char *) 956 xform->rsa.qt.dP.data, 957 xform->rsa.qt.dP.length, 958 dmp1); 959 dmq1 = BN_bin2bn((const unsigned char *) 960 xform->rsa.qt.dQ.data, 961 xform->rsa.qt.dQ.length, 962 dmq1); 963 iqmp = BN_bin2bn((const unsigned char *) 964 xform->rsa.qt.qInv.data, 965 xform->rsa.qt.qInv.length, 966 iqmp); 967 968 if (!p || !q || !dmp1 || !dmq1 || !iqmp) { 969 OSSL_PARAM_BLD_free(param_bld); 970 goto err_rsa; 971 } 972 973 if (!OSSL_PARAM_BLD_push_BN(param_bld, 974 OSSL_PKEY_PARAM_RSA_FACTOR1, p) 975 || !OSSL_PARAM_BLD_push_BN(param_bld, 976 OSSL_PKEY_PARAM_RSA_FACTOR2, q) 977 || !OSSL_PARAM_BLD_push_BN(param_bld, 978 OSSL_PKEY_PARAM_RSA_EXPONENT1, dmp1) 979 || !OSSL_PARAM_BLD_push_BN(param_bld, 980 OSSL_PKEY_PARAM_RSA_EXPONENT2, dmq1) 981 || !OSSL_PARAM_BLD_push_BN(param_bld, 982 OSSL_PKEY_PARAM_RSA_COEFFICIENT1, iqmp)) { 983 OSSL_PARAM_BLD_free(param_bld); 984 goto err_rsa; 985 } 986 } 987 988 if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, n) 989 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, e) 990 || !OSSL_PARAM_BLD_push_BN(param_bld, 991 OSSL_PKEY_PARAM_RSA_D, d)) { 992 OSSL_PARAM_BLD_free(param_bld); 993 goto err_rsa; 994 } 995 996 EVP_PKEY_CTX *key_ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); 997 EVP_PKEY *pkey = NULL; 998 EVP_PKEY_CTX *rsa_ctx = NULL; 999 OSSL_PARAM *params = NULL; 1000 1001 params = OSSL_PARAM_BLD_to_param(param_bld); 1002 if (!params) { 1003 OSSL_PARAM_BLD_free(param_bld); 1004 goto err_rsa; 1005 } 1006 1007 if (key_ctx == NULL 1008 || EVP_PKEY_fromdata_init(key_ctx) <= 0 1009 || EVP_PKEY_fromdata(key_ctx, &pkey, 1010 EVP_PKEY_KEYPAIR, params) <= 0) { 1011 OSSL_PARAM_free(params); 1012 goto err_rsa; 1013 } 1014 1015 rsa_ctx = EVP_PKEY_CTX_new(pkey, NULL); 1016 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA; 1017 asym_session->u.r.ctx = rsa_ctx; 1018 EVP_PKEY_free(pkey); 1019 EVP_PKEY_CTX_free(key_ctx); 1020 OSSL_PARAM_BLD_free(param_bld); 1021 OSSL_PARAM_free(params); 1022 ret = 0; 1023 #else 1024 RSA *rsa = RSA_new(); 1025 if (rsa == NULL) 1026 goto err_rsa; 1027 1028 if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) { 1029 d = BN_bin2bn( 1030 (const unsigned char *)xform->rsa.d.data, 1031 xform->rsa.d.length, 1032 d); 1033 if (!d) { 1034 RSA_free(rsa); 1035 goto err_rsa; 1036 } 1037 } else { 1038 p = BN_bin2bn((const unsigned char *) 1039 xform->rsa.qt.p.data, 1040 xform->rsa.qt.p.length, 1041 p); 1042 q = BN_bin2bn((const unsigned char *) 1043 xform->rsa.qt.q.data, 1044 xform->rsa.qt.q.length, 1045 q); 1046 dmp1 = BN_bin2bn((const unsigned char *) 1047 xform->rsa.qt.dP.data, 1048 xform->rsa.qt.dP.length, 1049 dmp1); 1050 dmq1 = BN_bin2bn((const unsigned char *) 1051 xform->rsa.qt.dQ.data, 1052 xform->rsa.qt.dQ.length, 1053 dmq1); 1054 iqmp = BN_bin2bn((const unsigned char *) 1055 xform->rsa.qt.qInv.data, 1056 xform->rsa.qt.qInv.length, 1057 iqmp); 1058 1059 if (!p || !q || !dmp1 || !dmq1 || !iqmp) { 1060 RSA_free(rsa); 1061 goto err_rsa; 1062 } 1063 ret = set_rsa_params(rsa, p, q); 1064 if (ret) { 1065 OPENSSL_LOG(ERR, 1066 "failed to set rsa params"); 1067 RSA_free(rsa); 1068 goto err_rsa; 1069 } 1070 ret = set_rsa_crt_params(rsa, dmp1, dmq1, iqmp); 1071 if (ret) { 1072 OPENSSL_LOG(ERR, 1073 "failed to set crt params"); 1074 RSA_free(rsa); 1075 /* 1076 * set already populated params to NULL 1077 * as its freed by call to RSA_free 1078 */ 1079 p = q = NULL; 1080 goto err_rsa; 1081 } 1082 } 1083 1084 ret = set_rsa_keys(rsa, n, e, d); 1085 if (ret) { 1086 OPENSSL_LOG(ERR, "Failed to load rsa keys"); 1087 RSA_free(rsa); 1088 return ret; 1089 } 1090 asym_session->u.r.rsa = rsa; 1091 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA; 1092 break; 1093 #endif 1094 err_rsa: 1095 BN_clear_free(n); 1096 BN_clear_free(e); 1097 BN_clear_free(d); 1098 BN_clear_free(p); 1099 BN_clear_free(q); 1100 BN_clear_free(dmp1); 1101 BN_clear_free(dmq1); 1102 BN_clear_free(iqmp); 1103 1104 return ret; 1105 } 1106 case RTE_CRYPTO_ASYM_XFORM_MODEX: 1107 { 1108 struct rte_crypto_modex_xform *xfrm = &(xform->modex); 1109 1110 BN_CTX *ctx = BN_CTX_new(); 1111 if (ctx == NULL) { 1112 OPENSSL_LOG(ERR, 1113 " failed to allocate resources"); 1114 return ret; 1115 } 1116 BN_CTX_start(ctx); 1117 BIGNUM *mod = BN_CTX_get(ctx); 1118 BIGNUM *exp = BN_CTX_get(ctx); 1119 if (mod == NULL || exp == NULL) { 1120 BN_CTX_end(ctx); 1121 BN_CTX_free(ctx); 1122 return ret; 1123 } 1124 1125 mod = BN_bin2bn((const unsigned char *) 1126 xfrm->modulus.data, 1127 xfrm->modulus.length, mod); 1128 exp = BN_bin2bn((const unsigned char *) 1129 xfrm->exponent.data, 1130 xfrm->exponent.length, exp); 1131 asym_session->u.e.ctx = ctx; 1132 asym_session->u.e.mod = mod; 1133 asym_session->u.e.exp = exp; 1134 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODEX; 1135 break; 1136 } 1137 case RTE_CRYPTO_ASYM_XFORM_MODINV: 1138 { 1139 struct rte_crypto_modinv_xform *xfrm = &(xform->modinv); 1140 1141 BN_CTX *ctx = BN_CTX_new(); 1142 if (ctx == NULL) { 1143 OPENSSL_LOG(ERR, 1144 " failed to allocate resources"); 1145 return ret; 1146 } 1147 BN_CTX_start(ctx); 1148 BIGNUM *mod = BN_CTX_get(ctx); 1149 if (mod == NULL) { 1150 BN_CTX_end(ctx); 1151 BN_CTX_free(ctx); 1152 return ret; 1153 } 1154 1155 mod = BN_bin2bn((const unsigned char *) 1156 xfrm->modulus.data, 1157 xfrm->modulus.length, 1158 mod); 1159 asym_session->u.m.ctx = ctx; 1160 asym_session->u.m.modulus = mod; 1161 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV; 1162 break; 1163 } 1164 case RTE_CRYPTO_ASYM_XFORM_DH: 1165 { 1166 DH *dh = NULL; 1167 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1168 BIGNUM **p = &asym_session->u.dh.p; 1169 BIGNUM **g = &asym_session->u.dh.g; 1170 1171 *p = BN_bin2bn((const unsigned char *) 1172 xform->dh.p.data, 1173 xform->dh.p.length, 1174 *p); 1175 *g = BN_bin2bn((const unsigned char *) 1176 xform->dh.g.data, 1177 xform->dh.g.length, 1178 *g); 1179 if (!*p || !*g) 1180 goto err_dh; 1181 1182 OSSL_PARAM_BLD *param_bld = NULL; 1183 param_bld = OSSL_PARAM_BLD_new(); 1184 if (!param_bld) { 1185 OPENSSL_LOG(ERR, "failed to allocate resources"); 1186 goto err_dh; 1187 } 1188 if ((!OSSL_PARAM_BLD_push_utf8_string(param_bld, 1189 "group", "ffdhe2048", 0)) 1190 || (!OSSL_PARAM_BLD_push_BN(param_bld, 1191 OSSL_PKEY_PARAM_FFC_P, *p)) 1192 || (!OSSL_PARAM_BLD_push_BN(param_bld, 1193 OSSL_PKEY_PARAM_FFC_G, *g))) { 1194 OSSL_PARAM_BLD_free(param_bld); 1195 goto err_dh; 1196 } 1197 1198 OSSL_PARAM_BLD *param_bld_peer = NULL; 1199 param_bld_peer = OSSL_PARAM_BLD_new(); 1200 if (!param_bld_peer) { 1201 OPENSSL_LOG(ERR, "failed to allocate resources"); 1202 OSSL_PARAM_BLD_free(param_bld); 1203 goto err_dh; 1204 } 1205 if ((!OSSL_PARAM_BLD_push_utf8_string(param_bld_peer, 1206 "group", "ffdhe2048", 0)) 1207 || (!OSSL_PARAM_BLD_push_BN(param_bld_peer, 1208 OSSL_PKEY_PARAM_FFC_P, *p)) 1209 || (!OSSL_PARAM_BLD_push_BN(param_bld_peer, 1210 OSSL_PKEY_PARAM_FFC_G, *g))) { 1211 OSSL_PARAM_BLD_free(param_bld); 1212 OSSL_PARAM_BLD_free(param_bld_peer); 1213 goto err_dh; 1214 } 1215 1216 asym_session->u.dh.param_bld = param_bld; 1217 asym_session->u.dh.param_bld_peer = param_bld_peer; 1218 #else 1219 BIGNUM *p = NULL; 1220 BIGNUM *g = NULL; 1221 1222 p = BN_bin2bn((const unsigned char *) 1223 xform->dh.p.data, 1224 xform->dh.p.length, 1225 p); 1226 g = BN_bin2bn((const unsigned char *) 1227 xform->dh.g.data, 1228 xform->dh.g.length, 1229 g); 1230 if (!p || !g) 1231 goto err_dh; 1232 1233 dh = DH_new(); 1234 if (dh == NULL) { 1235 OPENSSL_LOG(ERR, 1236 "failed to allocate resources"); 1237 goto err_dh; 1238 } 1239 ret = set_dh_params(dh, p, g); 1240 if (ret) { 1241 DH_free(dh); 1242 goto err_dh; 1243 } 1244 #endif 1245 asym_session->u.dh.dh_key = dh; 1246 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH; 1247 break; 1248 1249 err_dh: 1250 OPENSSL_LOG(ERR, " failed to set dh params"); 1251 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1252 BN_free(*p); 1253 BN_free(*g); 1254 #else 1255 BN_free(p); 1256 BN_free(g); 1257 #endif 1258 return -1; 1259 } 1260 case RTE_CRYPTO_ASYM_XFORM_DSA: 1261 { 1262 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1263 BIGNUM **p = &asym_session->u.s.p; 1264 BIGNUM **g = &asym_session->u.s.g; 1265 BIGNUM **q = &asym_session->u.s.q; 1266 BIGNUM **priv_key = &asym_session->u.s.priv_key; 1267 BIGNUM *pub_key = NULL; 1268 OSSL_PARAM_BLD *param_bld = NULL; 1269 1270 *p = BN_bin2bn((const unsigned char *) 1271 xform->dsa.p.data, 1272 xform->dsa.p.length, 1273 *p); 1274 1275 *g = BN_bin2bn((const unsigned char *) 1276 xform->dsa.g.data, 1277 xform->dsa.g.length, 1278 *g); 1279 1280 *q = BN_bin2bn((const unsigned char *) 1281 xform->dsa.q.data, 1282 xform->dsa.q.length, 1283 *q); 1284 if (!*p || !*q || !*g) 1285 goto err_dsa; 1286 1287 *priv_key = BN_bin2bn((const unsigned char *) 1288 xform->dsa.x.data, 1289 xform->dsa.x.length, 1290 *priv_key); 1291 if (*priv_key == NULL) 1292 goto err_dsa; 1293 1294 param_bld = OSSL_PARAM_BLD_new(); 1295 if (!param_bld) { 1296 OPENSSL_LOG(ERR, "failed to allocate resources"); 1297 goto err_dsa; 1298 } 1299 1300 if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, *p) 1301 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, *g) 1302 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, *q) 1303 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, 1304 *priv_key)) { 1305 OSSL_PARAM_BLD_free(param_bld); 1306 OPENSSL_LOG(ERR, "failed to allocate resources"); 1307 goto err_dsa; 1308 } 1309 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA; 1310 asym_session->u.s.param_bld = param_bld; 1311 1312 break; 1313 #else 1314 BIGNUM *p = NULL, *g = NULL; 1315 BIGNUM *q = NULL, *priv_key = NULL; 1316 BIGNUM *pub_key = BN_new(); 1317 BN_zero(pub_key); 1318 1319 p = BN_bin2bn((const unsigned char *) 1320 xform->dsa.p.data, 1321 xform->dsa.p.length, 1322 p); 1323 1324 g = BN_bin2bn((const unsigned char *) 1325 xform->dsa.g.data, 1326 xform->dsa.g.length, 1327 g); 1328 1329 q = BN_bin2bn((const unsigned char *) 1330 xform->dsa.q.data, 1331 xform->dsa.q.length, 1332 q); 1333 if (!p || !q || !g) 1334 goto err_dsa; 1335 1336 priv_key = BN_bin2bn((const unsigned char *) 1337 xform->dsa.x.data, 1338 xform->dsa.x.length, 1339 priv_key); 1340 if (priv_key == NULL) 1341 goto err_dsa; 1342 1343 DSA *dsa = DSA_new(); 1344 if (dsa == NULL) { 1345 OPENSSL_LOG(ERR, 1346 " failed to allocate resources"); 1347 goto err_dsa; 1348 } 1349 1350 ret = set_dsa_params(dsa, p, q, g); 1351 if (ret) { 1352 DSA_free(dsa); 1353 OPENSSL_LOG(ERR, "Failed to dsa params"); 1354 goto err_dsa; 1355 } 1356 1357 /* 1358 * openssl 1.1.0 mandate that public key can't be 1359 * NULL in very first call. so set a dummy pub key. 1360 * to keep consistency, lets follow same approach for 1361 * both versions 1362 */ 1363 /* just set dummy public for very 1st call */ 1364 ret = set_dsa_keys(dsa, pub_key, priv_key); 1365 if (ret) { 1366 DSA_free(dsa); 1367 OPENSSL_LOG(ERR, "Failed to set keys"); 1368 goto err_dsa; 1369 } 1370 asym_session->u.s.dsa = dsa; 1371 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA; 1372 break; 1373 #endif 1374 err_dsa: 1375 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1376 BN_free(*p); 1377 BN_free(*q); 1378 BN_free(*g); 1379 BN_free(*priv_key); 1380 #else 1381 BN_free(p); 1382 BN_free(q); 1383 BN_free(g); 1384 BN_free(priv_key); 1385 #endif 1386 BN_free(pub_key); 1387 return -1; 1388 } 1389 case RTE_CRYPTO_ASYM_XFORM_ECFPM: 1390 { 1391 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1392 EC_GROUP *ecgrp = NULL; 1393 1394 asym_session->xfrm_type = xform->xform_type; 1395 1396 switch (xform->ec.curve_id) { 1397 case RTE_CRYPTO_EC_GROUP_SECP192R1: 1398 ecgrp = EC_GROUP_new_by_curve_name(NID_secp192k1); 1399 break; 1400 case RTE_CRYPTO_EC_GROUP_SECP224R1: 1401 ecgrp = EC_GROUP_new_by_curve_name(NID_secp224r1); 1402 break; 1403 case RTE_CRYPTO_EC_GROUP_SECP256R1: 1404 ecgrp = EC_GROUP_new_by_curve_name(NID_secp256k1); 1405 break; 1406 case RTE_CRYPTO_EC_GROUP_SECP384R1: 1407 ecgrp = EC_GROUP_new_by_curve_name(NID_secp384r1); 1408 break; 1409 case RTE_CRYPTO_EC_GROUP_SECP521R1: 1410 ecgrp = EC_GROUP_new_by_curve_name(NID_secp521r1); 1411 break; 1412 case RTE_CRYPTO_EC_GROUP_ED25519: 1413 ecgrp = EC_GROUP_new_by_curve_name(NID_ED25519); 1414 break; 1415 case RTE_CRYPTO_EC_GROUP_ED448: 1416 ecgrp = EC_GROUP_new_by_curve_name(NID_ED448); 1417 break; 1418 default: 1419 break; 1420 } 1421 1422 asym_session->u.ec.curve_id = xform->ec.curve_id; 1423 asym_session->u.ec.group = ecgrp; 1424 break; 1425 #else 1426 OPENSSL_LOG(WARNING, "ECFPM unsupported for OpenSSL Version < 3.0"); 1427 return -ENOTSUP; 1428 #endif 1429 } 1430 case RTE_CRYPTO_ASYM_XFORM_SM2: 1431 { 1432 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1433 #ifndef OPENSSL_NO_SM2 1434 OSSL_PARAM_BLD *param_bld = NULL; 1435 OSSL_PARAM *params = NULL; 1436 BIGNUM *pkey_bn = NULL; 1437 uint8_t pubkey[65]; 1438 size_t len = 0; 1439 int ret = -1; 1440 1441 param_bld = OSSL_PARAM_BLD_new(); 1442 if (!param_bld) { 1443 OPENSSL_LOG(ERR, "failed to allocate params"); 1444 goto err_sm2; 1445 } 1446 1447 ret = OSSL_PARAM_BLD_push_utf8_string(param_bld, 1448 OSSL_ASYM_CIPHER_PARAM_DIGEST, "SM3", 0); 1449 if (!ret) { 1450 OPENSSL_LOG(ERR, "failed to push params"); 1451 goto err_sm2; 1452 } 1453 1454 ret = OSSL_PARAM_BLD_push_utf8_string(param_bld, 1455 OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0); 1456 if (!ret) { 1457 OPENSSL_LOG(ERR, "failed to push params"); 1458 goto err_sm2; 1459 } 1460 1461 pkey_bn = BN_bin2bn((const unsigned char *)xform->ec.pkey.data, 1462 xform->ec.pkey.length, pkey_bn); 1463 1464 ret = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, 1465 pkey_bn); 1466 if (!ret) { 1467 OPENSSL_LOG(ERR, "failed to push params"); 1468 goto err_sm2; 1469 } 1470 1471 memset(pubkey, 0, sizeof(pubkey)); 1472 pubkey[0] = 0x04; 1473 len += 1; 1474 memcpy(&pubkey[len], xform->ec.q.x.data, xform->ec.q.x.length); 1475 len += xform->ec.q.x.length; 1476 memcpy(&pubkey[len], xform->ec.q.y.data, xform->ec.q.y.length); 1477 len += xform->ec.q.y.length; 1478 1479 ret = OSSL_PARAM_BLD_push_octet_string(param_bld, 1480 OSSL_PKEY_PARAM_PUB_KEY, pubkey, len); 1481 if (!ret) { 1482 OPENSSL_LOG(ERR, "failed to push params"); 1483 goto err_sm2; 1484 } 1485 1486 params = OSSL_PARAM_BLD_to_param(param_bld); 1487 if (!params) { 1488 OPENSSL_LOG(ERR, "failed to push params"); 1489 goto err_sm2; 1490 } 1491 1492 asym_session->u.sm2.params = params; 1493 OSSL_PARAM_BLD_free(param_bld); 1494 BN_free(pkey_bn); 1495 1496 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_SM2; 1497 break; 1498 err_sm2: 1499 if (param_bld) 1500 OSSL_PARAM_BLD_free(param_bld); 1501 1502 if (asym_session->u.sm2.params) 1503 OSSL_PARAM_free(asym_session->u.sm2.params); 1504 1505 BN_free(pkey_bn); 1506 return -1; 1507 #else 1508 OPENSSL_LOG(WARNING, "SM2 unsupported in current OpenSSL Version"); 1509 return -ENOTSUP; 1510 #endif 1511 #else 1512 OPENSSL_LOG(WARNING, "SM2 unsupported for OpenSSL Version < 3.0"); 1513 return -ENOTSUP; 1514 #endif 1515 } 1516 case RTE_CRYPTO_ASYM_XFORM_EDDSA: 1517 { 1518 #if (OPENSSL_VERSION_NUMBER >= 0x30300000L) 1519 OSSL_PARAM_BLD *param_bld = NULL; 1520 OSSL_PARAM *params = NULL; 1521 int ret = -1; 1522 1523 asym_session->u.eddsa.curve_id = xform->ec.curve_id; 1524 1525 param_bld = OSSL_PARAM_BLD_new(); 1526 if (!param_bld) { 1527 OPENSSL_LOG(ERR, "failed to allocate params"); 1528 goto err_eddsa; 1529 } 1530 1531 ret = OSSL_PARAM_BLD_push_utf8_string(param_bld, 1532 OSSL_PKEY_PARAM_GROUP_NAME, "ED25519", sizeof("ED25519")); 1533 if (!ret) { 1534 OPENSSL_LOG(ERR, "failed to push params"); 1535 goto err_eddsa; 1536 } 1537 1538 ret = OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, 1539 xform->ec.pkey.data, xform->ec.pkey.length); 1540 if (!ret) { 1541 OPENSSL_LOG(ERR, "failed to push params"); 1542 goto err_eddsa; 1543 } 1544 1545 ret = OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_PKEY_PARAM_PUB_KEY, 1546 xform->ec.q.x.data, xform->ec.q.x.length); 1547 if (!ret) { 1548 OPENSSL_LOG(ERR, "failed to push params"); 1549 goto err_eddsa; 1550 } 1551 1552 params = OSSL_PARAM_BLD_to_param(param_bld); 1553 if (!params) { 1554 OPENSSL_LOG(ERR, "failed to push params"); 1555 goto err_eddsa; 1556 } 1557 1558 asym_session->u.eddsa.params = params; 1559 OSSL_PARAM_BLD_free(param_bld); 1560 1561 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_EDDSA; 1562 break; 1563 err_eddsa: 1564 if (param_bld) 1565 OSSL_PARAM_BLD_free(param_bld); 1566 1567 if (asym_session->u.eddsa.params) 1568 OSSL_PARAM_free(asym_session->u.eddsa.params); 1569 1570 return -1; 1571 #else 1572 OPENSSL_LOG(WARNING, "EdDSA unsupported for OpenSSL Version < 3.3"); 1573 return -ENOTSUP; 1574 #endif 1575 } 1576 default: 1577 return ret; 1578 } 1579 1580 return 0; 1581 } 1582 1583 /** Configure the session from a crypto xform chain */ 1584 static int 1585 openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused, 1586 struct rte_crypto_asym_xform *xform, 1587 struct rte_cryptodev_asym_session *sess) 1588 { 1589 void *asym_sess_private_data; 1590 int ret; 1591 1592 if (unlikely(sess == NULL)) { 1593 OPENSSL_LOG(ERR, "invalid asymmetric session struct"); 1594 return -EINVAL; 1595 } 1596 1597 asym_sess_private_data = sess->sess_private_data; 1598 ret = openssl_set_asym_session_parameters(asym_sess_private_data, 1599 xform); 1600 if (ret != 0) { 1601 OPENSSL_LOG(ERR, "failed configure session parameters"); 1602 return ret; 1603 } 1604 1605 return 0; 1606 } 1607 1608 /** Clear the memory of session so it doesn't leave key material behind */ 1609 static void 1610 openssl_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused, 1611 struct rte_cryptodev_sym_session *sess) 1612 { 1613 void *sess_priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess); 1614 1615 /* Zero out the whole structure */ 1616 openssl_reset_session(sess_priv); 1617 } 1618 1619 static void openssl_reset_asym_session(struct openssl_asym_session *sess) 1620 { 1621 switch (sess->xfrm_type) { 1622 case RTE_CRYPTO_ASYM_XFORM_RSA: 1623 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1624 EVP_PKEY_CTX_free(sess->u.r.ctx); 1625 #else 1626 if (sess->u.r.rsa) 1627 RSA_free(sess->u.r.rsa); 1628 #endif 1629 break; 1630 case RTE_CRYPTO_ASYM_XFORM_MODEX: 1631 if (sess->u.e.ctx) { 1632 BN_CTX_end(sess->u.e.ctx); 1633 BN_CTX_free(sess->u.e.ctx); 1634 } 1635 break; 1636 case RTE_CRYPTO_ASYM_XFORM_MODINV: 1637 if (sess->u.m.ctx) { 1638 BN_CTX_end(sess->u.m.ctx); 1639 BN_CTX_free(sess->u.m.ctx); 1640 } 1641 break; 1642 case RTE_CRYPTO_ASYM_XFORM_DH: 1643 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1644 OSSL_PARAM_BLD_free(sess->u.dh.param_bld); 1645 OSSL_PARAM_BLD_free(sess->u.dh.param_bld_peer); 1646 sess->u.dh.param_bld = NULL; 1647 sess->u.dh.param_bld_peer = NULL; 1648 #else 1649 if (sess->u.dh.dh_key) 1650 DH_free(sess->u.dh.dh_key); 1651 #endif 1652 BN_clear_free(sess->u.dh.p); 1653 BN_clear_free(sess->u.dh.g); 1654 break; 1655 case RTE_CRYPTO_ASYM_XFORM_DSA: 1656 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1657 OSSL_PARAM_BLD_free(sess->u.s.param_bld); 1658 sess->u.s.param_bld = NULL; 1659 BN_clear_free(sess->u.s.p); 1660 BN_clear_free(sess->u.s.q); 1661 BN_clear_free(sess->u.s.g); 1662 BN_clear_free(sess->u.s.priv_key); 1663 #else 1664 if (sess->u.s.dsa) 1665 DSA_free(sess->u.s.dsa); 1666 #endif 1667 break; 1668 case RTE_CRYPTO_ASYM_XFORM_SM2: 1669 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1670 OSSL_PARAM_free(sess->u.sm2.params); 1671 #endif 1672 break; 1673 case RTE_CRYPTO_ASYM_XFORM_EDDSA: 1674 #if (OPENSSL_VERSION_NUMBER >= 0x30300000L) 1675 OSSL_PARAM_free(sess->u.eddsa.params); 1676 #endif 1677 break; 1678 default: 1679 break; 1680 } 1681 } 1682 1683 /** Clear the memory of asymmetric session 1684 * so it doesn't leave key material behind 1685 */ 1686 static void 1687 openssl_pmd_asym_session_clear(struct rte_cryptodev *dev __rte_unused, 1688 struct rte_cryptodev_asym_session *sess) 1689 { 1690 void *sess_priv = sess->sess_private_data; 1691 1692 /* Zero out the whole structure */ 1693 if (sess_priv) { 1694 openssl_reset_asym_session(sess_priv); 1695 memset(sess_priv, 0, sizeof(struct openssl_asym_session)); 1696 } 1697 } 1698 1699 struct rte_cryptodev_ops openssl_pmd_ops = { 1700 .dev_configure = openssl_pmd_config, 1701 .dev_start = openssl_pmd_start, 1702 .dev_stop = openssl_pmd_stop, 1703 .dev_close = openssl_pmd_close, 1704 1705 .stats_get = openssl_pmd_stats_get, 1706 .stats_reset = openssl_pmd_stats_reset, 1707 1708 .dev_infos_get = openssl_pmd_info_get, 1709 1710 .queue_pair_setup = openssl_pmd_qp_setup, 1711 .queue_pair_release = openssl_pmd_qp_release, 1712 1713 .sym_session_get_size = openssl_pmd_sym_session_get_size, 1714 .asym_session_get_size = openssl_pmd_asym_session_get_size, 1715 .sym_session_configure = openssl_pmd_sym_session_configure, 1716 .asym_session_configure = openssl_pmd_asym_session_configure, 1717 .sym_session_clear = openssl_pmd_sym_session_clear, 1718 .asym_session_clear = openssl_pmd_asym_session_clear 1719 }; 1720 1721 struct rte_cryptodev_ops *rte_openssl_pmd_ops = &openssl_pmd_ops; 1722