1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(c) 2016-2017 Intel Corporation 3 */ 4 5 #include <string.h> 6 7 #include <rte_common.h> 8 #include <rte_malloc.h> 9 #include <rte_cryptodev_pmd.h> 10 11 #include "rte_openssl_pmd_private.h" 12 #include "compat.h" 13 14 15 static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { 16 { /* MD5 HMAC */ 17 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 18 {.sym = { 19 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 20 {.auth = { 21 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 22 .block_size = 64, 23 .key_size = { 24 .min = 1, 25 .max = 64, 26 .increment = 1 27 }, 28 .digest_size = { 29 .min = 1, 30 .max = 16, 31 .increment = 1 32 }, 33 .iv_size = { 0 } 34 }, } 35 }, } 36 }, 37 { /* MD5 */ 38 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 39 {.sym = { 40 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 41 {.auth = { 42 .algo = RTE_CRYPTO_AUTH_MD5, 43 .block_size = 64, 44 .key_size = { 45 .min = 0, 46 .max = 0, 47 .increment = 0 48 }, 49 .digest_size = { 50 .min = 16, 51 .max = 16, 52 .increment = 0 53 }, 54 .iv_size = { 0 } 55 }, } 56 }, } 57 }, 58 { /* SHA1 HMAC */ 59 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 60 {.sym = { 61 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 62 {.auth = { 63 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 64 .block_size = 64, 65 .key_size = { 66 .min = 1, 67 .max = 64, 68 .increment = 1 69 }, 70 .digest_size = { 71 .min = 1, 72 .max = 20, 73 .increment = 1 74 }, 75 .iv_size = { 0 } 76 }, } 77 }, } 78 }, 79 { /* SHA1 */ 80 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 81 {.sym = { 82 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 83 {.auth = { 84 .algo = RTE_CRYPTO_AUTH_SHA1, 85 .block_size = 64, 86 .key_size = { 87 .min = 0, 88 .max = 0, 89 .increment = 0 90 }, 91 .digest_size = { 92 .min = 20, 93 .max = 20, 94 .increment = 0 95 }, 96 .iv_size = { 0 } 97 }, } 98 }, } 99 }, 100 { /* SHA224 HMAC */ 101 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 102 {.sym = { 103 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 104 {.auth = { 105 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 106 .block_size = 64, 107 .key_size = { 108 .min = 1, 109 .max = 64, 110 .increment = 1 111 }, 112 .digest_size = { 113 .min = 1, 114 .max = 28, 115 .increment = 1 116 }, 117 .iv_size = { 0 } 118 }, } 119 }, } 120 }, 121 { /* SHA224 */ 122 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 123 {.sym = { 124 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 125 {.auth = { 126 .algo = RTE_CRYPTO_AUTH_SHA224, 127 .block_size = 64, 128 .key_size = { 129 .min = 0, 130 .max = 0, 131 .increment = 0 132 }, 133 .digest_size = { 134 .min = 1, 135 .max = 28, 136 .increment = 1 137 }, 138 .iv_size = { 0 } 139 }, } 140 }, } 141 }, 142 { /* SHA256 HMAC */ 143 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 144 {.sym = { 145 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 146 {.auth = { 147 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 148 .block_size = 64, 149 .key_size = { 150 .min = 1, 151 .max = 64, 152 .increment = 1 153 }, 154 .digest_size = { 155 .min = 1, 156 .max = 32, 157 .increment = 1 158 }, 159 .iv_size = { 0 } 160 }, } 161 }, } 162 }, 163 { /* SHA256 */ 164 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 165 {.sym = { 166 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 167 {.auth = { 168 .algo = RTE_CRYPTO_AUTH_SHA256, 169 .block_size = 64, 170 .key_size = { 171 .min = 0, 172 .max = 0, 173 .increment = 0 174 }, 175 .digest_size = { 176 .min = 32, 177 .max = 32, 178 .increment = 0 179 }, 180 .iv_size = { 0 } 181 }, } 182 }, } 183 }, 184 { /* SHA384 HMAC */ 185 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 186 {.sym = { 187 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 188 {.auth = { 189 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 190 .block_size = 128, 191 .key_size = { 192 .min = 1, 193 .max = 128, 194 .increment = 1 195 }, 196 .digest_size = { 197 .min = 1, 198 .max = 48, 199 .increment = 1 200 }, 201 .iv_size = { 0 } 202 }, } 203 }, } 204 }, 205 { /* SHA384 */ 206 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 207 {.sym = { 208 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 209 {.auth = { 210 .algo = RTE_CRYPTO_AUTH_SHA384, 211 .block_size = 128, 212 .key_size = { 213 .min = 0, 214 .max = 0, 215 .increment = 0 216 }, 217 .digest_size = { 218 .min = 48, 219 .max = 48, 220 .increment = 0 221 }, 222 .iv_size = { 0 } 223 }, } 224 }, } 225 }, 226 { /* SHA512 HMAC */ 227 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 228 {.sym = { 229 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 230 {.auth = { 231 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 232 .block_size = 128, 233 .key_size = { 234 .min = 1, 235 .max = 128, 236 .increment = 1 237 }, 238 .digest_size = { 239 .min = 1, 240 .max = 64, 241 .increment = 1 242 }, 243 .iv_size = { 0 } 244 }, } 245 }, } 246 }, 247 { /* SHA512 */ 248 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 249 {.sym = { 250 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 251 {.auth = { 252 .algo = RTE_CRYPTO_AUTH_SHA512, 253 .block_size = 128, 254 .key_size = { 255 .min = 0, 256 .max = 0, 257 .increment = 0 258 }, 259 .digest_size = { 260 .min = 64, 261 .max = 64, 262 .increment = 0 263 }, 264 .iv_size = { 0 } 265 }, } 266 }, } 267 }, 268 { /* AES CBC */ 269 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 270 {.sym = { 271 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 272 {.cipher = { 273 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 274 .block_size = 16, 275 .key_size = { 276 .min = 16, 277 .max = 32, 278 .increment = 8 279 }, 280 .iv_size = { 281 .min = 16, 282 .max = 16, 283 .increment = 0 284 } 285 }, } 286 }, } 287 }, 288 { /* AES CTR */ 289 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 290 {.sym = { 291 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 292 {.cipher = { 293 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 294 .block_size = 16, 295 .key_size = { 296 .min = 16, 297 .max = 32, 298 .increment = 8 299 }, 300 .iv_size = { 301 .min = 16, 302 .max = 16, 303 .increment = 0 304 } 305 }, } 306 }, } 307 }, 308 { /* AES GCM */ 309 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 310 {.sym = { 311 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 312 {.aead = { 313 .algo = RTE_CRYPTO_AEAD_AES_GCM, 314 .block_size = 16, 315 .key_size = { 316 .min = 16, 317 .max = 32, 318 .increment = 8 319 }, 320 .digest_size = { 321 .min = 16, 322 .max = 16, 323 .increment = 0 324 }, 325 .aad_size = { 326 .min = 0, 327 .max = 65535, 328 .increment = 1 329 }, 330 .iv_size = { 331 .min = 12, 332 .max = 16, 333 .increment = 4 334 }, 335 }, } 336 }, } 337 }, 338 { /* AES CCM */ 339 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 340 {.sym = { 341 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 342 {.aead = { 343 .algo = RTE_CRYPTO_AEAD_AES_CCM, 344 .block_size = 16, 345 .key_size = { 346 .min = 16, 347 .max = 32, 348 .increment = 8 349 }, 350 .digest_size = { 351 .min = 4, 352 .max = 16, 353 .increment = 2 354 }, 355 .aad_size = { 356 .min = 0, 357 .max = 65535, 358 .increment = 1 359 }, 360 .iv_size = { 361 .min = 7, 362 .max = 13, 363 .increment = 1 364 }, 365 }, } 366 }, } 367 }, 368 { /* AES GMAC (AUTH) */ 369 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 370 {.sym = { 371 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 372 {.auth = { 373 .algo = RTE_CRYPTO_AUTH_AES_GMAC, 374 .block_size = 16, 375 .key_size = { 376 .min = 16, 377 .max = 32, 378 .increment = 8 379 }, 380 .digest_size = { 381 .min = 16, 382 .max = 16, 383 .increment = 0 384 }, 385 .iv_size = { 386 .min = 12, 387 .max = 16, 388 .increment = 4 389 } 390 }, } 391 }, } 392 }, 393 { /* 3DES CBC */ 394 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 395 {.sym = { 396 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 397 {.cipher = { 398 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 399 .block_size = 8, 400 .key_size = { 401 .min = 8, 402 .max = 24, 403 .increment = 8 404 }, 405 .iv_size = { 406 .min = 8, 407 .max = 8, 408 .increment = 0 409 } 410 }, } 411 }, } 412 }, 413 { /* 3DES CTR */ 414 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 415 {.sym = { 416 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 417 {.cipher = { 418 .algo = RTE_CRYPTO_CIPHER_3DES_CTR, 419 .block_size = 8, 420 .key_size = { 421 .min = 16, 422 .max = 24, 423 .increment = 8 424 }, 425 .iv_size = { 426 .min = 8, 427 .max = 8, 428 .increment = 0 429 } 430 }, } 431 }, } 432 }, 433 { /* DES CBC */ 434 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 435 {.sym = { 436 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 437 {.cipher = { 438 .algo = RTE_CRYPTO_CIPHER_DES_CBC, 439 .block_size = 8, 440 .key_size = { 441 .min = 8, 442 .max = 8, 443 .increment = 0 444 }, 445 .iv_size = { 446 .min = 8, 447 .max = 8, 448 .increment = 0 449 } 450 }, } 451 }, } 452 }, 453 { /* DES DOCSIS BPI */ 454 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 455 {.sym = { 456 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 457 {.cipher = { 458 .algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI, 459 .block_size = 8, 460 .key_size = { 461 .min = 8, 462 .max = 8, 463 .increment = 0 464 }, 465 .iv_size = { 466 .min = 8, 467 .max = 8, 468 .increment = 0 469 } 470 }, } 471 }, } 472 }, 473 { /* RSA */ 474 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 475 {.asym = { 476 .xform_capa = { 477 .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, 478 .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | 479 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | 480 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | 481 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), 482 { 483 .modlen = { 484 /* min length is based on openssl rsa keygen */ 485 .min = 30, 486 /* value 0 symbolizes no limit on max length */ 487 .max = 0, 488 .increment = 1 489 }, } 490 } 491 }, 492 } 493 }, 494 { /* modexp */ 495 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 496 {.asym = { 497 .xform_capa = { 498 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX, 499 .op_types = 0, 500 { 501 .modlen = { 502 /* value 0 symbolizes no limit on min length */ 503 .min = 0, 504 /* value 0 symbolizes no limit on max length */ 505 .max = 0, 506 .increment = 1 507 }, } 508 } 509 }, 510 } 511 }, 512 { /* modinv */ 513 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 514 {.asym = { 515 .xform_capa = { 516 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV, 517 .op_types = 0, 518 { 519 .modlen = { 520 /* value 0 symbolizes no limit on min length */ 521 .min = 0, 522 /* value 0 symbolizes no limit on max length */ 523 .max = 0, 524 .increment = 1 525 }, } 526 } 527 }, 528 } 529 }, 530 { /* dh */ 531 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 532 {.asym = { 533 .xform_capa = { 534 .xform_type = RTE_CRYPTO_ASYM_XFORM_DH, 535 .op_types = 536 ((1<<RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) | 537 (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE | 538 (1 << 539 RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE))), 540 { 541 .modlen = { 542 /* value 0 symbolizes no limit on min length */ 543 .min = 0, 544 /* value 0 symbolizes no limit on max length */ 545 .max = 0, 546 .increment = 1 547 }, } 548 } 549 }, 550 } 551 }, 552 { /* dsa */ 553 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 554 {.asym = { 555 .xform_capa = { 556 .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA, 557 .op_types = 558 ((1<<RTE_CRYPTO_ASYM_OP_SIGN) | 559 (1 << RTE_CRYPTO_ASYM_OP_VERIFY)), 560 { 561 .modlen = { 562 /* value 0 symbolizes no limit on min length */ 563 .min = 0, 564 /* value 0 symbolizes no limit on max length */ 565 .max = 0, 566 .increment = 1 567 }, } 568 } 569 }, 570 } 571 }, 572 573 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 574 }; 575 576 577 /** Configure device */ 578 static int 579 openssl_pmd_config(__rte_unused struct rte_cryptodev *dev, 580 __rte_unused struct rte_cryptodev_config *config) 581 { 582 return 0; 583 } 584 585 /** Start device */ 586 static int 587 openssl_pmd_start(__rte_unused struct rte_cryptodev *dev) 588 { 589 return 0; 590 } 591 592 /** Stop device */ 593 static void 594 openssl_pmd_stop(__rte_unused struct rte_cryptodev *dev) 595 { 596 } 597 598 /** Close device */ 599 static int 600 openssl_pmd_close(__rte_unused struct rte_cryptodev *dev) 601 { 602 return 0; 603 } 604 605 606 /** Get device statistics */ 607 static void 608 openssl_pmd_stats_get(struct rte_cryptodev *dev, 609 struct rte_cryptodev_stats *stats) 610 { 611 int qp_id; 612 613 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) { 614 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 615 616 stats->enqueued_count += qp->stats.enqueued_count; 617 stats->dequeued_count += qp->stats.dequeued_count; 618 619 stats->enqueue_err_count += qp->stats.enqueue_err_count; 620 stats->dequeue_err_count += qp->stats.dequeue_err_count; 621 } 622 } 623 624 /** Reset device statistics */ 625 static void 626 openssl_pmd_stats_reset(struct rte_cryptodev *dev) 627 { 628 int qp_id; 629 630 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) { 631 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 632 633 memset(&qp->stats, 0, sizeof(qp->stats)); 634 } 635 } 636 637 638 /** Get device info */ 639 static void 640 openssl_pmd_info_get(struct rte_cryptodev *dev, 641 struct rte_cryptodev_info *dev_info) 642 { 643 struct openssl_private *internals = dev->data->dev_private; 644 645 if (dev_info != NULL) { 646 dev_info->driver_id = dev->driver_id; 647 dev_info->feature_flags = dev->feature_flags; 648 dev_info->capabilities = openssl_pmd_capabilities; 649 dev_info->max_nb_queue_pairs = internals->max_nb_qpairs; 650 /* No limit of number of sessions */ 651 dev_info->sym.max_nb_sessions = 0; 652 } 653 } 654 655 /** Release queue pair */ 656 static int 657 openssl_pmd_qp_release(struct rte_cryptodev *dev, uint16_t qp_id) 658 { 659 if (dev->data->queue_pairs[qp_id] != NULL) { 660 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 661 662 if (qp->processed_ops) 663 rte_ring_free(qp->processed_ops); 664 665 rte_free(dev->data->queue_pairs[qp_id]); 666 dev->data->queue_pairs[qp_id] = NULL; 667 } 668 return 0; 669 } 670 671 /** set a unique name for the queue pair based on it's name, dev_id and qp_id */ 672 static int 673 openssl_pmd_qp_set_unique_name(struct rte_cryptodev *dev, 674 struct openssl_qp *qp) 675 { 676 unsigned int n = snprintf(qp->name, sizeof(qp->name), 677 "openssl_pmd_%u_qp_%u", 678 dev->data->dev_id, qp->id); 679 680 if (n >= sizeof(qp->name)) 681 return -1; 682 683 return 0; 684 } 685 686 687 /** Create a ring to place processed operations on */ 688 static struct rte_ring * 689 openssl_pmd_qp_create_processed_ops_ring(struct openssl_qp *qp, 690 unsigned int ring_size, int socket_id) 691 { 692 struct rte_ring *r; 693 694 r = rte_ring_lookup(qp->name); 695 if (r) { 696 if (rte_ring_get_size(r) >= ring_size) { 697 OPENSSL_LOG(INFO, 698 "Reusing existing ring %s for processed ops", 699 qp->name); 700 return r; 701 } 702 703 OPENSSL_LOG(ERR, 704 "Unable to reuse existing ring %s for processed ops", 705 qp->name); 706 return NULL; 707 } 708 709 return rte_ring_create(qp->name, ring_size, socket_id, 710 RING_F_SP_ENQ | RING_F_SC_DEQ); 711 } 712 713 714 /** Setup a queue pair */ 715 static int 716 openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, 717 const struct rte_cryptodev_qp_conf *qp_conf, 718 int socket_id) 719 { 720 struct openssl_qp *qp = NULL; 721 722 /* Free memory prior to re-allocation if needed. */ 723 if (dev->data->queue_pairs[qp_id] != NULL) 724 openssl_pmd_qp_release(dev, qp_id); 725 726 /* Allocate the queue pair data structure. */ 727 qp = rte_zmalloc_socket("OPENSSL PMD Queue Pair", sizeof(*qp), 728 RTE_CACHE_LINE_SIZE, socket_id); 729 if (qp == NULL) 730 return -ENOMEM; 731 732 qp->id = qp_id; 733 dev->data->queue_pairs[qp_id] = qp; 734 735 if (openssl_pmd_qp_set_unique_name(dev, qp)) 736 goto qp_setup_cleanup; 737 738 qp->processed_ops = openssl_pmd_qp_create_processed_ops_ring(qp, 739 qp_conf->nb_descriptors, socket_id); 740 if (qp->processed_ops == NULL) 741 goto qp_setup_cleanup; 742 743 qp->sess_mp = qp_conf->mp_session; 744 qp->sess_mp_priv = qp_conf->mp_session_private; 745 746 memset(&qp->stats, 0, sizeof(qp->stats)); 747 748 return 0; 749 750 qp_setup_cleanup: 751 if (qp) 752 rte_free(qp); 753 754 return -1; 755 } 756 757 /** Return the number of allocated queue pairs */ 758 static uint32_t 759 openssl_pmd_qp_count(struct rte_cryptodev *dev) 760 { 761 return dev->data->nb_queue_pairs; 762 } 763 764 /** Returns the size of the symmetric session structure */ 765 static unsigned 766 openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused) 767 { 768 return sizeof(struct openssl_session); 769 } 770 771 /** Returns the size of the asymmetric session structure */ 772 static unsigned 773 openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused) 774 { 775 return sizeof(struct openssl_asym_session); 776 } 777 778 /** Configure the session from a crypto xform chain */ 779 static int 780 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused, 781 struct rte_crypto_sym_xform *xform, 782 struct rte_cryptodev_sym_session *sess, 783 struct rte_mempool *mempool) 784 { 785 void *sess_private_data; 786 int ret; 787 788 if (unlikely(sess == NULL)) { 789 OPENSSL_LOG(ERR, "invalid session struct"); 790 return -EINVAL; 791 } 792 793 if (rte_mempool_get(mempool, &sess_private_data)) { 794 OPENSSL_LOG(ERR, 795 "Couldn't get object from session mempool"); 796 return -ENOMEM; 797 } 798 799 ret = openssl_set_session_parameters(sess_private_data, xform); 800 if (ret != 0) { 801 OPENSSL_LOG(ERR, "failed configure session parameters"); 802 803 /* Return session to mempool */ 804 rte_mempool_put(mempool, sess_private_data); 805 return ret; 806 } 807 808 set_sym_session_private_data(sess, dev->driver_id, 809 sess_private_data); 810 811 return 0; 812 } 813 814 static int openssl_set_asym_session_parameters( 815 struct openssl_asym_session *asym_session, 816 struct rte_crypto_asym_xform *xform) 817 { 818 int ret = 0; 819 820 if ((xform->xform_type != RTE_CRYPTO_ASYM_XFORM_DH) && 821 (xform->next != NULL)) { 822 OPENSSL_LOG(ERR, "chained xfrms are not supported on %s", 823 rte_crypto_asym_xform_strings[xform->xform_type]); 824 return -1; 825 } 826 827 switch (xform->xform_type) { 828 case RTE_CRYPTO_ASYM_XFORM_RSA: 829 { 830 BIGNUM *n = NULL; 831 BIGNUM *e = NULL; 832 BIGNUM *d = NULL; 833 BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL; 834 BIGNUM *iqmp = NULL, *dmq1 = NULL; 835 836 /* copy xfrm data into rsa struct */ 837 n = BN_bin2bn((const unsigned char *)xform->rsa.n.data, 838 xform->rsa.n.length, n); 839 e = BN_bin2bn((const unsigned char *)xform->rsa.e.data, 840 xform->rsa.e.length, e); 841 842 if (!n || !e) 843 goto err_rsa; 844 845 RSA *rsa = RSA_new(); 846 if (rsa == NULL) 847 goto err_rsa; 848 849 if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) { 850 d = BN_bin2bn( 851 (const unsigned char *)xform->rsa.d.data, 852 xform->rsa.d.length, 853 d); 854 if (!d) { 855 RSA_free(rsa); 856 goto err_rsa; 857 } 858 } else { 859 p = BN_bin2bn((const unsigned char *) 860 xform->rsa.qt.p.data, 861 xform->rsa.qt.p.length, 862 p); 863 q = BN_bin2bn((const unsigned char *) 864 xform->rsa.qt.q.data, 865 xform->rsa.qt.q.length, 866 q); 867 dmp1 = BN_bin2bn((const unsigned char *) 868 xform->rsa.qt.dP.data, 869 xform->rsa.qt.dP.length, 870 dmp1); 871 dmq1 = BN_bin2bn((const unsigned char *) 872 xform->rsa.qt.dQ.data, 873 xform->rsa.qt.dQ.length, 874 dmq1); 875 iqmp = BN_bin2bn((const unsigned char *) 876 xform->rsa.qt.qInv.data, 877 xform->rsa.qt.qInv.length, 878 iqmp); 879 880 if (!p || !q || !dmp1 || !dmq1 || !iqmp) { 881 RSA_free(rsa); 882 goto err_rsa; 883 } 884 ret = set_rsa_params(rsa, p, q); 885 if (ret) { 886 OPENSSL_LOG(ERR, 887 "failed to set rsa params\n"); 888 RSA_free(rsa); 889 goto err_rsa; 890 } 891 ret = set_rsa_crt_params(rsa, dmp1, dmq1, iqmp); 892 if (ret) { 893 OPENSSL_LOG(ERR, 894 "failed to set crt params\n"); 895 RSA_free(rsa); 896 /* 897 * set already populated params to NULL 898 * as its freed by call to RSA_free 899 */ 900 p = q = NULL; 901 goto err_rsa; 902 } 903 } 904 905 ret = set_rsa_keys(rsa, n, e, d); 906 if (ret) { 907 OPENSSL_LOG(ERR, "Failed to load rsa keys\n"); 908 RSA_free(rsa); 909 return -1; 910 } 911 asym_session->u.r.rsa = rsa; 912 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA; 913 break; 914 err_rsa: 915 BN_free(n); 916 BN_free(e); 917 BN_free(d); 918 BN_free(p); 919 BN_free(q); 920 BN_free(dmp1); 921 BN_free(dmq1); 922 BN_free(iqmp); 923 924 return -1; 925 } 926 case RTE_CRYPTO_ASYM_XFORM_MODEX: 927 { 928 struct rte_crypto_modex_xform *xfrm = &(xform->modex); 929 930 BN_CTX *ctx = BN_CTX_new(); 931 if (ctx == NULL) { 932 OPENSSL_LOG(ERR, 933 " failed to allocate resources\n"); 934 return -1; 935 } 936 BN_CTX_start(ctx); 937 BIGNUM *mod = BN_CTX_get(ctx); 938 BIGNUM *exp = BN_CTX_get(ctx); 939 if (mod == NULL || exp == NULL) { 940 BN_CTX_end(ctx); 941 BN_CTX_free(ctx); 942 return -1; 943 } 944 945 mod = BN_bin2bn((const unsigned char *) 946 xfrm->modulus.data, 947 xfrm->modulus.length, mod); 948 exp = BN_bin2bn((const unsigned char *) 949 xfrm->exponent.data, 950 xfrm->exponent.length, exp); 951 asym_session->u.e.ctx = ctx; 952 asym_session->u.e.mod = mod; 953 asym_session->u.e.exp = exp; 954 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODEX; 955 break; 956 } 957 case RTE_CRYPTO_ASYM_XFORM_MODINV: 958 { 959 struct rte_crypto_modinv_xform *xfrm = &(xform->modinv); 960 961 BN_CTX *ctx = BN_CTX_new(); 962 if (ctx == NULL) { 963 OPENSSL_LOG(ERR, 964 " failed to allocate resources\n"); 965 return -1; 966 } 967 BN_CTX_start(ctx); 968 BIGNUM *mod = BN_CTX_get(ctx); 969 if (mod == NULL) { 970 BN_CTX_end(ctx); 971 BN_CTX_free(ctx); 972 return -1; 973 } 974 975 mod = BN_bin2bn((const unsigned char *) 976 xfrm->modulus.data, 977 xfrm->modulus.length, 978 mod); 979 asym_session->u.m.ctx = ctx; 980 asym_session->u.m.modulus = mod; 981 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV; 982 break; 983 } 984 case RTE_CRYPTO_ASYM_XFORM_DH: 985 { 986 BIGNUM *p = NULL; 987 BIGNUM *g = NULL; 988 989 p = BN_bin2bn((const unsigned char *) 990 xform->dh.p.data, 991 xform->dh.p.length, 992 p); 993 g = BN_bin2bn((const unsigned char *) 994 xform->dh.g.data, 995 xform->dh.g.length, 996 g); 997 if (!p || !g) 998 goto err_dh; 999 1000 DH *dh = DH_new(); 1001 if (dh == NULL) { 1002 OPENSSL_LOG(ERR, 1003 "failed to allocate resources\n"); 1004 goto err_dh; 1005 } 1006 ret = set_dh_params(dh, p, g); 1007 if (ret) { 1008 DH_free(dh); 1009 goto err_dh; 1010 } 1011 1012 /* 1013 * setup xfrom for 1014 * public key generate, or 1015 * DH Priv key generate, or both 1016 * public and private key generate 1017 */ 1018 asym_session->u.dh.key_op = (1 << xform->dh.type); 1019 1020 if (xform->dh.type == 1021 RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) { 1022 /* check if next is pubkey */ 1023 if ((xform->next != NULL) && 1024 (xform->next->xform_type == 1025 RTE_CRYPTO_ASYM_XFORM_DH) && 1026 (xform->next->dh.type == 1027 RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE) 1028 ) { 1029 /* 1030 * setup op as pub/priv key 1031 * pair generationi 1032 */ 1033 asym_session->u.dh.key_op |= 1034 (1 << 1035 RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE); 1036 } 1037 } 1038 asym_session->u.dh.dh_key = dh; 1039 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH; 1040 break; 1041 1042 err_dh: 1043 OPENSSL_LOG(ERR, " failed to set dh params\n"); 1044 BN_free(p); 1045 BN_free(g); 1046 return -1; 1047 } 1048 case RTE_CRYPTO_ASYM_XFORM_DSA: 1049 { 1050 BIGNUM *p = NULL, *g = NULL; 1051 BIGNUM *q = NULL, *priv_key = NULL; 1052 BIGNUM *pub_key = BN_new(); 1053 BN_zero(pub_key); 1054 1055 p = BN_bin2bn((const unsigned char *) 1056 xform->dsa.p.data, 1057 xform->dsa.p.length, 1058 p); 1059 1060 g = BN_bin2bn((const unsigned char *) 1061 xform->dsa.g.data, 1062 xform->dsa.g.length, 1063 g); 1064 1065 q = BN_bin2bn((const unsigned char *) 1066 xform->dsa.q.data, 1067 xform->dsa.q.length, 1068 q); 1069 if (!p || !q || !g) 1070 goto err_dsa; 1071 1072 priv_key = BN_bin2bn((const unsigned char *) 1073 xform->dsa.x.data, 1074 xform->dsa.x.length, 1075 priv_key); 1076 if (priv_key == NULL) 1077 goto err_dsa; 1078 1079 DSA *dsa = DSA_new(); 1080 if (dsa == NULL) { 1081 OPENSSL_LOG(ERR, 1082 " failed to allocate resources\n"); 1083 goto err_dsa; 1084 } 1085 1086 ret = set_dsa_params(dsa, p, q, g); 1087 if (ret) { 1088 DSA_free(dsa); 1089 OPENSSL_LOG(ERR, "Failed to dsa params\n"); 1090 goto err_dsa; 1091 } 1092 1093 /* 1094 * openssl 1.1.0 mandate that public key can't be 1095 * NULL in very first call. so set a dummy pub key. 1096 * to keep consistency, lets follow same approach for 1097 * both versions 1098 */ 1099 /* just set dummy public for very 1st call */ 1100 ret = set_dsa_keys(dsa, pub_key, priv_key); 1101 if (ret) { 1102 DSA_free(dsa); 1103 OPENSSL_LOG(ERR, "Failed to set keys\n"); 1104 return -1; 1105 } 1106 asym_session->u.s.dsa = dsa; 1107 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA; 1108 break; 1109 1110 err_dsa: 1111 BN_free(p); 1112 BN_free(q); 1113 BN_free(g); 1114 BN_free(priv_key); 1115 BN_free(pub_key); 1116 return -1; 1117 } 1118 default: 1119 return -1; 1120 } 1121 1122 return 0; 1123 } 1124 1125 /** Configure the session from a crypto xform chain */ 1126 static int 1127 openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused, 1128 struct rte_crypto_asym_xform *xform, 1129 struct rte_cryptodev_asym_session *sess, 1130 struct rte_mempool *mempool) 1131 { 1132 void *asym_sess_private_data; 1133 int ret; 1134 1135 if (unlikely(sess == NULL)) { 1136 OPENSSL_LOG(ERR, "invalid asymmetric session struct"); 1137 return -EINVAL; 1138 } 1139 1140 if (rte_mempool_get(mempool, &asym_sess_private_data)) { 1141 CDEV_LOG_ERR( 1142 "Couldn't get object from session mempool"); 1143 return -ENOMEM; 1144 } 1145 1146 ret = openssl_set_asym_session_parameters(asym_sess_private_data, 1147 xform); 1148 if (ret != 0) { 1149 OPENSSL_LOG(ERR, "failed configure session parameters"); 1150 1151 /* Return session to mempool */ 1152 rte_mempool_put(mempool, asym_sess_private_data); 1153 return ret; 1154 } 1155 1156 set_asym_session_private_data(sess, dev->driver_id, 1157 asym_sess_private_data); 1158 1159 return 0; 1160 } 1161 1162 /** Clear the memory of session so it doesn't leave key material behind */ 1163 static void 1164 openssl_pmd_sym_session_clear(struct rte_cryptodev *dev, 1165 struct rte_cryptodev_sym_session *sess) 1166 { 1167 uint8_t index = dev->driver_id; 1168 void *sess_priv = get_sym_session_private_data(sess, index); 1169 1170 /* Zero out the whole structure */ 1171 if (sess_priv) { 1172 openssl_reset_session(sess_priv); 1173 memset(sess_priv, 0, sizeof(struct openssl_session)); 1174 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); 1175 set_sym_session_private_data(sess, index, NULL); 1176 rte_mempool_put(sess_mp, sess_priv); 1177 } 1178 } 1179 1180 static void openssl_reset_asym_session(struct openssl_asym_session *sess) 1181 { 1182 switch (sess->xfrm_type) { 1183 case RTE_CRYPTO_ASYM_XFORM_RSA: 1184 if (sess->u.r.rsa) 1185 RSA_free(sess->u.r.rsa); 1186 break; 1187 case RTE_CRYPTO_ASYM_XFORM_MODEX: 1188 if (sess->u.e.ctx) { 1189 BN_CTX_end(sess->u.e.ctx); 1190 BN_CTX_free(sess->u.e.ctx); 1191 } 1192 break; 1193 case RTE_CRYPTO_ASYM_XFORM_MODINV: 1194 if (sess->u.m.ctx) { 1195 BN_CTX_end(sess->u.m.ctx); 1196 BN_CTX_free(sess->u.m.ctx); 1197 } 1198 break; 1199 case RTE_CRYPTO_ASYM_XFORM_DH: 1200 if (sess->u.dh.dh_key) 1201 DH_free(sess->u.dh.dh_key); 1202 break; 1203 case RTE_CRYPTO_ASYM_XFORM_DSA: 1204 if (sess->u.s.dsa) 1205 DSA_free(sess->u.s.dsa); 1206 break; 1207 default: 1208 break; 1209 } 1210 } 1211 1212 /** Clear the memory of asymmetric session 1213 * so it doesn't leave key material behind 1214 */ 1215 static void 1216 openssl_pmd_asym_session_clear(struct rte_cryptodev *dev, 1217 struct rte_cryptodev_asym_session *sess) 1218 { 1219 uint8_t index = dev->driver_id; 1220 void *sess_priv = get_asym_session_private_data(sess, index); 1221 1222 /* Zero out the whole structure */ 1223 if (sess_priv) { 1224 openssl_reset_asym_session(sess_priv); 1225 memset(sess_priv, 0, sizeof(struct openssl_asym_session)); 1226 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); 1227 set_asym_session_private_data(sess, index, NULL); 1228 rte_mempool_put(sess_mp, sess_priv); 1229 } 1230 } 1231 1232 struct rte_cryptodev_ops openssl_pmd_ops = { 1233 .dev_configure = openssl_pmd_config, 1234 .dev_start = openssl_pmd_start, 1235 .dev_stop = openssl_pmd_stop, 1236 .dev_close = openssl_pmd_close, 1237 1238 .stats_get = openssl_pmd_stats_get, 1239 .stats_reset = openssl_pmd_stats_reset, 1240 1241 .dev_infos_get = openssl_pmd_info_get, 1242 1243 .queue_pair_setup = openssl_pmd_qp_setup, 1244 .queue_pair_release = openssl_pmd_qp_release, 1245 .queue_pair_count = openssl_pmd_qp_count, 1246 1247 .sym_session_get_size = openssl_pmd_sym_session_get_size, 1248 .asym_session_get_size = openssl_pmd_asym_session_get_size, 1249 .sym_session_configure = openssl_pmd_sym_session_configure, 1250 .asym_session_configure = openssl_pmd_asym_session_configure, 1251 .sym_session_clear = openssl_pmd_sym_session_clear, 1252 .asym_session_clear = openssl_pmd_asym_session_clear 1253 }; 1254 1255 struct rte_cryptodev_ops *rte_openssl_pmd_ops = &openssl_pmd_ops; 1256