1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(c) 2016-2017 Intel Corporation 3 */ 4 5 #define OPENSSL_API_COMPAT 0x10100000L 6 7 #include <string.h> 8 9 #include <rte_common.h> 10 #include <rte_malloc.h> 11 #include <cryptodev_pmd.h> 12 13 #include "openssl_pmd_private.h" 14 #include "compat.h" 15 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 16 #include <openssl/provider.h> 17 #include <openssl/core_names.h> 18 #include <openssl/param_build.h> 19 #endif 20 21 static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { 22 { /* MD5 HMAC */ 23 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 24 {.sym = { 25 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 26 {.auth = { 27 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 28 .block_size = 64, 29 .key_size = { 30 .min = 1, 31 .max = 64, 32 .increment = 1 33 }, 34 .digest_size = { 35 .min = 1, 36 .max = 16, 37 .increment = 1 38 }, 39 .iv_size = { 0 } 40 }, } 41 }, } 42 }, 43 { /* MD5 */ 44 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 45 {.sym = { 46 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 47 {.auth = { 48 .algo = RTE_CRYPTO_AUTH_MD5, 49 .block_size = 64, 50 .key_size = { 51 .min = 0, 52 .max = 0, 53 .increment = 0 54 }, 55 .digest_size = { 56 .min = 16, 57 .max = 16, 58 .increment = 0 59 }, 60 .iv_size = { 0 } 61 }, } 62 }, } 63 }, 64 { /* SHA1 HMAC */ 65 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 66 {.sym = { 67 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 68 {.auth = { 69 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 70 .block_size = 64, 71 .key_size = { 72 .min = 1, 73 .max = 64, 74 .increment = 1 75 }, 76 .digest_size = { 77 .min = 1, 78 .max = 20, 79 .increment = 1 80 }, 81 .iv_size = { 0 } 82 }, } 83 }, } 84 }, 85 { /* SHA1 */ 86 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 87 {.sym = { 88 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 89 {.auth = { 90 .algo = RTE_CRYPTO_AUTH_SHA1, 91 .block_size = 64, 92 .key_size = { 93 .min = 0, 94 .max = 0, 95 .increment = 0 96 }, 97 .digest_size = { 98 .min = 20, 99 .max = 20, 100 .increment = 0 101 }, 102 .iv_size = { 0 } 103 }, } 104 }, } 105 }, 106 { /* SHA224 HMAC */ 107 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 108 {.sym = { 109 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 110 {.auth = { 111 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 112 .block_size = 64, 113 .key_size = { 114 .min = 1, 115 .max = 64, 116 .increment = 1 117 }, 118 .digest_size = { 119 .min = 1, 120 .max = 28, 121 .increment = 1 122 }, 123 .iv_size = { 0 } 124 }, } 125 }, } 126 }, 127 { /* SHA224 */ 128 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 129 {.sym = { 130 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 131 {.auth = { 132 .algo = RTE_CRYPTO_AUTH_SHA224, 133 .block_size = 64, 134 .key_size = { 135 .min = 0, 136 .max = 0, 137 .increment = 0 138 }, 139 .digest_size = { 140 .min = 1, 141 .max = 28, 142 .increment = 1 143 }, 144 .iv_size = { 0 } 145 }, } 146 }, } 147 }, 148 { /* SHA256 HMAC */ 149 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 150 {.sym = { 151 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 152 {.auth = { 153 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 154 .block_size = 64, 155 .key_size = { 156 .min = 1, 157 .max = 64, 158 .increment = 1 159 }, 160 .digest_size = { 161 .min = 1, 162 .max = 32, 163 .increment = 1 164 }, 165 .iv_size = { 0 } 166 }, } 167 }, } 168 }, 169 { /* SHA256 */ 170 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 171 {.sym = { 172 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 173 {.auth = { 174 .algo = RTE_CRYPTO_AUTH_SHA256, 175 .block_size = 64, 176 .key_size = { 177 .min = 0, 178 .max = 0, 179 .increment = 0 180 }, 181 .digest_size = { 182 .min = 32, 183 .max = 32, 184 .increment = 0 185 }, 186 .iv_size = { 0 } 187 }, } 188 }, } 189 }, 190 { /* SHA384 HMAC */ 191 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 192 {.sym = { 193 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 194 {.auth = { 195 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 196 .block_size = 128, 197 .key_size = { 198 .min = 1, 199 .max = 128, 200 .increment = 1 201 }, 202 .digest_size = { 203 .min = 1, 204 .max = 48, 205 .increment = 1 206 }, 207 .iv_size = { 0 } 208 }, } 209 }, } 210 }, 211 { /* SHA384 */ 212 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 213 {.sym = { 214 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 215 {.auth = { 216 .algo = RTE_CRYPTO_AUTH_SHA384, 217 .block_size = 128, 218 .key_size = { 219 .min = 0, 220 .max = 0, 221 .increment = 0 222 }, 223 .digest_size = { 224 .min = 48, 225 .max = 48, 226 .increment = 0 227 }, 228 .iv_size = { 0 } 229 }, } 230 }, } 231 }, 232 { /* SHA512 HMAC */ 233 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 234 {.sym = { 235 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 236 {.auth = { 237 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 238 .block_size = 128, 239 .key_size = { 240 .min = 1, 241 .max = 128, 242 .increment = 1 243 }, 244 .digest_size = { 245 .min = 1, 246 .max = 64, 247 .increment = 1 248 }, 249 .iv_size = { 0 } 250 }, } 251 }, } 252 }, 253 { /* SHA512 */ 254 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 255 {.sym = { 256 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 257 {.auth = { 258 .algo = RTE_CRYPTO_AUTH_SHA512, 259 .block_size = 128, 260 .key_size = { 261 .min = 0, 262 .max = 0, 263 .increment = 0 264 }, 265 .digest_size = { 266 .min = 64, 267 .max = 64, 268 .increment = 0 269 }, 270 .iv_size = { 0 } 271 }, } 272 }, } 273 }, 274 { /* AES CBC */ 275 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 276 {.sym = { 277 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 278 {.cipher = { 279 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 280 .block_size = 16, 281 .key_size = { 282 .min = 16, 283 .max = 32, 284 .increment = 8 285 }, 286 .iv_size = { 287 .min = 16, 288 .max = 16, 289 .increment = 0 290 } 291 }, } 292 }, } 293 }, 294 { /* AES CTR */ 295 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 296 {.sym = { 297 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 298 {.cipher = { 299 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 300 .block_size = 16, 301 .key_size = { 302 .min = 16, 303 .max = 32, 304 .increment = 8 305 }, 306 .iv_size = { 307 .min = 16, 308 .max = 16, 309 .increment = 0 310 } 311 }, } 312 }, } 313 }, 314 { /* AES GCM */ 315 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 316 {.sym = { 317 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 318 {.aead = { 319 .algo = RTE_CRYPTO_AEAD_AES_GCM, 320 .block_size = 16, 321 .key_size = { 322 .min = 16, 323 .max = 32, 324 .increment = 8 325 }, 326 .digest_size = { 327 .min = 16, 328 .max = 16, 329 .increment = 0 330 }, 331 .aad_size = { 332 .min = 0, 333 .max = 65535, 334 .increment = 1 335 }, 336 .iv_size = { 337 .min = 12, 338 .max = 16, 339 .increment = 4 340 }, 341 }, } 342 }, } 343 }, 344 { /* AES CCM */ 345 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 346 {.sym = { 347 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 348 {.aead = { 349 .algo = RTE_CRYPTO_AEAD_AES_CCM, 350 .block_size = 16, 351 .key_size = { 352 .min = 16, 353 .max = 32, 354 .increment = 8 355 }, 356 .digest_size = { 357 .min = 4, 358 .max = 16, 359 .increment = 2 360 }, 361 .aad_size = { 362 .min = 0, 363 .max = 65535, 364 .increment = 1 365 }, 366 .iv_size = { 367 .min = 7, 368 .max = 13, 369 .increment = 1 370 }, 371 }, } 372 }, } 373 }, 374 { /* AES GMAC (AUTH) */ 375 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 376 {.sym = { 377 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 378 {.auth = { 379 .algo = RTE_CRYPTO_AUTH_AES_GMAC, 380 .block_size = 16, 381 .key_size = { 382 .min = 16, 383 .max = 32, 384 .increment = 8 385 }, 386 .digest_size = { 387 .min = 16, 388 .max = 16, 389 .increment = 0 390 }, 391 .iv_size = { 392 .min = 12, 393 .max = 16, 394 .increment = 4 395 } 396 }, } 397 }, } 398 }, 399 { /* 3DES CBC */ 400 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 401 {.sym = { 402 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 403 {.cipher = { 404 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 405 .block_size = 8, 406 .key_size = { 407 .min = 8, 408 .max = 24, 409 .increment = 8 410 }, 411 .iv_size = { 412 .min = 8, 413 .max = 8, 414 .increment = 0 415 } 416 }, } 417 }, } 418 }, 419 { /* 3DES CTR */ 420 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 421 {.sym = { 422 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 423 {.cipher = { 424 .algo = RTE_CRYPTO_CIPHER_3DES_CTR, 425 .block_size = 8, 426 .key_size = { 427 .min = 16, 428 .max = 24, 429 .increment = 8 430 }, 431 .iv_size = { 432 .min = 8, 433 .max = 8, 434 .increment = 0 435 } 436 }, } 437 }, } 438 }, 439 { /* DES CBC */ 440 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 441 {.sym = { 442 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 443 {.cipher = { 444 .algo = RTE_CRYPTO_CIPHER_DES_CBC, 445 .block_size = 8, 446 .key_size = { 447 .min = 8, 448 .max = 8, 449 .increment = 0 450 }, 451 .iv_size = { 452 .min = 8, 453 .max = 8, 454 .increment = 0 455 } 456 }, } 457 }, } 458 }, 459 { /* DES DOCSIS BPI */ 460 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 461 {.sym = { 462 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 463 {.cipher = { 464 .algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI, 465 .block_size = 8, 466 .key_size = { 467 .min = 8, 468 .max = 8, 469 .increment = 0 470 }, 471 .iv_size = { 472 .min = 8, 473 .max = 8, 474 .increment = 0 475 } 476 }, } 477 }, } 478 }, 479 { /* RSA */ 480 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 481 {.asym = { 482 .xform_capa = { 483 .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, 484 .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | 485 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | 486 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | 487 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), 488 { 489 .modlen = { 490 /* min length is based on openssl rsa keygen */ 491 .min = 30, 492 /* value 0 symbolizes no limit on max length */ 493 .max = 0, 494 .increment = 1 495 }, } 496 } 497 }, 498 } 499 }, 500 { /* modexp */ 501 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 502 {.asym = { 503 .xform_capa = { 504 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX, 505 .op_types = 0, 506 { 507 .modlen = { 508 /* value 0 symbolizes no limit on min length */ 509 .min = 0, 510 /* value 0 symbolizes no limit on max length */ 511 .max = 0, 512 .increment = 1 513 }, } 514 } 515 }, 516 } 517 }, 518 { /* modinv */ 519 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 520 {.asym = { 521 .xform_capa = { 522 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV, 523 .op_types = 0, 524 { 525 .modlen = { 526 /* value 0 symbolizes no limit on min length */ 527 .min = 0, 528 /* value 0 symbolizes no limit on max length */ 529 .max = 0, 530 .increment = 1 531 }, } 532 } 533 }, 534 } 535 }, 536 { /* dh */ 537 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 538 {.asym = { 539 .xform_capa = { 540 .xform_type = RTE_CRYPTO_ASYM_XFORM_DH, 541 .op_types = 542 ((1<<RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE) | 543 (1 << RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE | 544 (1 << 545 RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE))), 546 { 547 .modlen = { 548 /* value 0 symbolizes no limit on min length */ 549 .min = 0, 550 /* value 0 symbolizes no limit on max length */ 551 .max = 0, 552 .increment = 1 553 }, } 554 } 555 }, 556 } 557 }, 558 { /* dsa */ 559 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 560 {.asym = { 561 .xform_capa = { 562 .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA, 563 .op_types = 564 ((1<<RTE_CRYPTO_ASYM_OP_SIGN) | 565 (1 << RTE_CRYPTO_ASYM_OP_VERIFY)), 566 { 567 .modlen = { 568 /* value 0 symbolizes no limit on min length */ 569 .min = 0, 570 /* value 0 symbolizes no limit on max length */ 571 .max = 0, 572 .increment = 1 573 }, } 574 } 575 }, 576 } 577 }, 578 579 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 580 }; 581 582 583 /** Configure device */ 584 static int 585 openssl_pmd_config(__rte_unused struct rte_cryptodev *dev, 586 __rte_unused struct rte_cryptodev_config *config) 587 { 588 return 0; 589 } 590 591 /** Start device */ 592 static int 593 openssl_pmd_start(__rte_unused struct rte_cryptodev *dev) 594 { 595 return 0; 596 } 597 598 /** Stop device */ 599 static void 600 openssl_pmd_stop(__rte_unused struct rte_cryptodev *dev) 601 { 602 } 603 604 /** Close device */ 605 static int 606 openssl_pmd_close(__rte_unused struct rte_cryptodev *dev) 607 { 608 return 0; 609 } 610 611 612 /** Get device statistics */ 613 static void 614 openssl_pmd_stats_get(struct rte_cryptodev *dev, 615 struct rte_cryptodev_stats *stats) 616 { 617 int qp_id; 618 619 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) { 620 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 621 622 stats->enqueued_count += qp->stats.enqueued_count; 623 stats->dequeued_count += qp->stats.dequeued_count; 624 625 stats->enqueue_err_count += qp->stats.enqueue_err_count; 626 stats->dequeue_err_count += qp->stats.dequeue_err_count; 627 } 628 } 629 630 /** Reset device statistics */ 631 static void 632 openssl_pmd_stats_reset(struct rte_cryptodev *dev) 633 { 634 int qp_id; 635 636 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) { 637 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 638 639 memset(&qp->stats, 0, sizeof(qp->stats)); 640 } 641 } 642 643 644 /** Get device info */ 645 static void 646 openssl_pmd_info_get(struct rte_cryptodev *dev, 647 struct rte_cryptodev_info *dev_info) 648 { 649 struct openssl_private *internals = dev->data->dev_private; 650 651 if (dev_info != NULL) { 652 dev_info->driver_id = dev->driver_id; 653 dev_info->feature_flags = dev->feature_flags; 654 dev_info->capabilities = openssl_pmd_capabilities; 655 dev_info->max_nb_queue_pairs = internals->max_nb_qpairs; 656 /* No limit of number of sessions */ 657 dev_info->sym.max_nb_sessions = 0; 658 } 659 } 660 661 /** Release queue pair */ 662 static int 663 openssl_pmd_qp_release(struct rte_cryptodev *dev, uint16_t qp_id) 664 { 665 if (dev->data->queue_pairs[qp_id] != NULL) { 666 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 667 668 rte_ring_free(qp->processed_ops); 669 670 rte_free(dev->data->queue_pairs[qp_id]); 671 dev->data->queue_pairs[qp_id] = NULL; 672 } 673 return 0; 674 } 675 676 /** set a unique name for the queue pair based on it's name, dev_id and qp_id */ 677 static int 678 openssl_pmd_qp_set_unique_name(struct rte_cryptodev *dev, 679 struct openssl_qp *qp) 680 { 681 unsigned int n = snprintf(qp->name, sizeof(qp->name), 682 "openssl_pmd_%u_qp_%u", 683 dev->data->dev_id, qp->id); 684 685 if (n >= sizeof(qp->name)) 686 return -1; 687 688 return 0; 689 } 690 691 692 /** Create a ring to place processed operations on */ 693 static struct rte_ring * 694 openssl_pmd_qp_create_processed_ops_ring(struct openssl_qp *qp, 695 unsigned int ring_size, int socket_id) 696 { 697 struct rte_ring *r; 698 699 r = rte_ring_lookup(qp->name); 700 if (r) { 701 if (rte_ring_get_size(r) >= ring_size) { 702 OPENSSL_LOG(INFO, 703 "Reusing existing ring %s for processed ops", 704 qp->name); 705 return r; 706 } 707 708 OPENSSL_LOG(ERR, 709 "Unable to reuse existing ring %s for processed ops", 710 qp->name); 711 return NULL; 712 } 713 714 return rte_ring_create(qp->name, ring_size, socket_id, 715 RING_F_SP_ENQ | RING_F_SC_DEQ); 716 } 717 718 719 /** Setup a queue pair */ 720 static int 721 openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, 722 const struct rte_cryptodev_qp_conf *qp_conf, 723 int socket_id) 724 { 725 struct openssl_qp *qp = NULL; 726 727 /* Free memory prior to re-allocation if needed. */ 728 if (dev->data->queue_pairs[qp_id] != NULL) 729 openssl_pmd_qp_release(dev, qp_id); 730 731 /* Allocate the queue pair data structure. */ 732 qp = rte_zmalloc_socket("OPENSSL PMD Queue Pair", sizeof(*qp), 733 RTE_CACHE_LINE_SIZE, socket_id); 734 if (qp == NULL) 735 return -ENOMEM; 736 737 qp->id = qp_id; 738 dev->data->queue_pairs[qp_id] = qp; 739 740 if (openssl_pmd_qp_set_unique_name(dev, qp)) 741 goto qp_setup_cleanup; 742 743 qp->processed_ops = openssl_pmd_qp_create_processed_ops_ring(qp, 744 qp_conf->nb_descriptors, socket_id); 745 if (qp->processed_ops == NULL) 746 goto qp_setup_cleanup; 747 748 qp->sess_mp = qp_conf->mp_session; 749 qp->sess_mp_priv = qp_conf->mp_session_private; 750 751 memset(&qp->stats, 0, sizeof(qp->stats)); 752 753 return 0; 754 755 qp_setup_cleanup: 756 rte_free(qp); 757 758 return -1; 759 } 760 761 /** Returns the size of the symmetric session structure */ 762 static unsigned 763 openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused) 764 { 765 return sizeof(struct openssl_session); 766 } 767 768 /** Returns the size of the asymmetric session structure */ 769 static unsigned 770 openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused) 771 { 772 return sizeof(struct openssl_asym_session); 773 } 774 775 /** Configure the session from a crypto xform chain */ 776 static int 777 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused, 778 struct rte_crypto_sym_xform *xform, 779 struct rte_cryptodev_sym_session *sess, 780 struct rte_mempool *mempool) 781 { 782 void *sess_private_data; 783 int ret; 784 785 if (unlikely(sess == NULL)) { 786 OPENSSL_LOG(ERR, "invalid session struct"); 787 return -EINVAL; 788 } 789 790 if (rte_mempool_get(mempool, &sess_private_data)) { 791 OPENSSL_LOG(ERR, 792 "Couldn't get object from session mempool"); 793 return -ENOMEM; 794 } 795 796 ret = openssl_set_session_parameters(sess_private_data, xform); 797 if (ret != 0) { 798 OPENSSL_LOG(ERR, "failed configure session parameters"); 799 800 /* Return session to mempool */ 801 rte_mempool_put(mempool, sess_private_data); 802 return ret; 803 } 804 805 set_sym_session_private_data(sess, dev->driver_id, 806 sess_private_data); 807 808 return 0; 809 } 810 811 static int openssl_set_asym_session_parameters( 812 struct openssl_asym_session *asym_session, 813 struct rte_crypto_asym_xform *xform) 814 { 815 int ret = -1; 816 817 if ((xform->xform_type != RTE_CRYPTO_ASYM_XFORM_DH) && 818 (xform->next != NULL)) { 819 OPENSSL_LOG(ERR, "chained xfrms are not supported on %s", 820 rte_crypto_asym_xform_strings[xform->xform_type]); 821 return ret; 822 } 823 824 switch (xform->xform_type) { 825 case RTE_CRYPTO_ASYM_XFORM_RSA: 826 { 827 BIGNUM *n = NULL; 828 BIGNUM *e = NULL; 829 BIGNUM *d = NULL; 830 BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL; 831 BIGNUM *iqmp = NULL, *dmq1 = NULL; 832 833 /* copy xfrm data into rsa struct */ 834 n = BN_bin2bn((const unsigned char *)xform->rsa.n.data, 835 xform->rsa.n.length, n); 836 e = BN_bin2bn((const unsigned char *)xform->rsa.e.data, 837 xform->rsa.e.length, e); 838 839 if (!n || !e) 840 goto err_rsa; 841 842 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 843 OSSL_PARAM_BLD * param_bld = OSSL_PARAM_BLD_new(); 844 if (!param_bld) { 845 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 846 goto err_rsa; 847 } 848 849 if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, n) 850 || !OSSL_PARAM_BLD_push_BN(param_bld, 851 OSSL_PKEY_PARAM_RSA_E, e)) { 852 OSSL_PARAM_BLD_free(param_bld); 853 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 854 goto err_rsa; 855 } 856 857 if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) { 858 d = BN_bin2bn( 859 (const unsigned char *)xform->rsa.d.data, 860 xform->rsa.d.length, 861 d); 862 if (!d) { 863 OSSL_PARAM_BLD_free(param_bld); 864 goto err_rsa; 865 } 866 } else { 867 p = BN_bin2bn((const unsigned char *) 868 xform->rsa.qt.p.data, 869 xform->rsa.qt.p.length, 870 p); 871 q = BN_bin2bn((const unsigned char *) 872 xform->rsa.qt.q.data, 873 xform->rsa.qt.q.length, 874 q); 875 dmp1 = BN_bin2bn((const unsigned char *) 876 xform->rsa.qt.dP.data, 877 xform->rsa.qt.dP.length, 878 dmp1); 879 dmq1 = BN_bin2bn((const unsigned char *) 880 xform->rsa.qt.dQ.data, 881 xform->rsa.qt.dQ.length, 882 dmq1); 883 iqmp = BN_bin2bn((const unsigned char *) 884 xform->rsa.qt.qInv.data, 885 xform->rsa.qt.qInv.length, 886 iqmp); 887 888 if (!p || !q || !dmp1 || !dmq1 || !iqmp) { 889 OSSL_PARAM_BLD_free(param_bld); 890 goto err_rsa; 891 } 892 893 if (!OSSL_PARAM_BLD_push_BN(param_bld, 894 OSSL_PKEY_PARAM_RSA_FACTOR1, p) 895 || !OSSL_PARAM_BLD_push_BN(param_bld, 896 OSSL_PKEY_PARAM_RSA_FACTOR2, q) 897 || !OSSL_PARAM_BLD_push_BN(param_bld, 898 OSSL_PKEY_PARAM_RSA_EXPONENT1, dmp1) 899 || !OSSL_PARAM_BLD_push_BN(param_bld, 900 OSSL_PKEY_PARAM_RSA_EXPONENT2, dmq1) 901 || !OSSL_PARAM_BLD_push_BN(param_bld, 902 OSSL_PKEY_PARAM_RSA_COEFFICIENT1, iqmp)) { 903 OSSL_PARAM_BLD_free(param_bld); 904 goto err_rsa; 905 } 906 } 907 908 if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, n) 909 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, e) 910 || !OSSL_PARAM_BLD_push_BN(param_bld, 911 OSSL_PKEY_PARAM_RSA_D, d)) { 912 OSSL_PARAM_BLD_free(param_bld); 913 goto err_rsa; 914 } 915 916 EVP_PKEY_CTX *key_ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); 917 EVP_PKEY *pkey = NULL; 918 EVP_PKEY_CTX *rsa_ctx = NULL; 919 OSSL_PARAM *params = NULL; 920 921 params = OSSL_PARAM_BLD_to_param(param_bld); 922 if (!params) { 923 OSSL_PARAM_BLD_free(param_bld); 924 goto err_rsa; 925 } 926 927 if (key_ctx == NULL 928 || EVP_PKEY_fromdata_init(key_ctx) <= 0 929 || EVP_PKEY_fromdata(key_ctx, &pkey, 930 EVP_PKEY_KEYPAIR, params) <= 0) { 931 OSSL_PARAM_free(params); 932 goto err_rsa; 933 } 934 935 rsa_ctx = EVP_PKEY_CTX_new(pkey, NULL); 936 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA; 937 asym_session->u.r.ctx = rsa_ctx; 938 EVP_PKEY_CTX_free(key_ctx); 939 OSSL_PARAM_free(params); 940 break; 941 #else 942 RSA *rsa = RSA_new(); 943 if (rsa == NULL) 944 goto err_rsa; 945 946 if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) { 947 d = BN_bin2bn( 948 (const unsigned char *)xform->rsa.d.data, 949 xform->rsa.d.length, 950 d); 951 if (!d) { 952 RSA_free(rsa); 953 goto err_rsa; 954 } 955 } else { 956 p = BN_bin2bn((const unsigned char *) 957 xform->rsa.qt.p.data, 958 xform->rsa.qt.p.length, 959 p); 960 q = BN_bin2bn((const unsigned char *) 961 xform->rsa.qt.q.data, 962 xform->rsa.qt.q.length, 963 q); 964 dmp1 = BN_bin2bn((const unsigned char *) 965 xform->rsa.qt.dP.data, 966 xform->rsa.qt.dP.length, 967 dmp1); 968 dmq1 = BN_bin2bn((const unsigned char *) 969 xform->rsa.qt.dQ.data, 970 xform->rsa.qt.dQ.length, 971 dmq1); 972 iqmp = BN_bin2bn((const unsigned char *) 973 xform->rsa.qt.qInv.data, 974 xform->rsa.qt.qInv.length, 975 iqmp); 976 977 if (!p || !q || !dmp1 || !dmq1 || !iqmp) { 978 RSA_free(rsa); 979 goto err_rsa; 980 } 981 ret = set_rsa_params(rsa, p, q); 982 if (ret) { 983 OPENSSL_LOG(ERR, 984 "failed to set rsa params\n"); 985 RSA_free(rsa); 986 goto err_rsa; 987 } 988 ret = set_rsa_crt_params(rsa, dmp1, dmq1, iqmp); 989 if (ret) { 990 OPENSSL_LOG(ERR, 991 "failed to set crt params\n"); 992 RSA_free(rsa); 993 /* 994 * set already populated params to NULL 995 * as its freed by call to RSA_free 996 */ 997 p = q = NULL; 998 goto err_rsa; 999 } 1000 } 1001 1002 ret = set_rsa_keys(rsa, n, e, d); 1003 if (ret) { 1004 OPENSSL_LOG(ERR, "Failed to load rsa keys\n"); 1005 RSA_free(rsa); 1006 return ret; 1007 } 1008 asym_session->u.r.rsa = rsa; 1009 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA; 1010 break; 1011 #endif 1012 err_rsa: 1013 BN_clear_free(n); 1014 BN_clear_free(e); 1015 BN_clear_free(d); 1016 BN_clear_free(p); 1017 BN_clear_free(q); 1018 BN_clear_free(dmp1); 1019 BN_clear_free(dmq1); 1020 BN_clear_free(iqmp); 1021 1022 return -1; 1023 } 1024 case RTE_CRYPTO_ASYM_XFORM_MODEX: 1025 { 1026 struct rte_crypto_modex_xform *xfrm = &(xform->modex); 1027 1028 BN_CTX *ctx = BN_CTX_new(); 1029 if (ctx == NULL) { 1030 OPENSSL_LOG(ERR, 1031 " failed to allocate resources\n"); 1032 return ret; 1033 } 1034 BN_CTX_start(ctx); 1035 BIGNUM *mod = BN_CTX_get(ctx); 1036 BIGNUM *exp = BN_CTX_get(ctx); 1037 if (mod == NULL || exp == NULL) { 1038 BN_CTX_end(ctx); 1039 BN_CTX_free(ctx); 1040 return ret; 1041 } 1042 1043 mod = BN_bin2bn((const unsigned char *) 1044 xfrm->modulus.data, 1045 xfrm->modulus.length, mod); 1046 exp = BN_bin2bn((const unsigned char *) 1047 xfrm->exponent.data, 1048 xfrm->exponent.length, exp); 1049 asym_session->u.e.ctx = ctx; 1050 asym_session->u.e.mod = mod; 1051 asym_session->u.e.exp = exp; 1052 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODEX; 1053 break; 1054 } 1055 case RTE_CRYPTO_ASYM_XFORM_MODINV: 1056 { 1057 struct rte_crypto_modinv_xform *xfrm = &(xform->modinv); 1058 1059 BN_CTX *ctx = BN_CTX_new(); 1060 if (ctx == NULL) { 1061 OPENSSL_LOG(ERR, 1062 " failed to allocate resources\n"); 1063 return ret; 1064 } 1065 BN_CTX_start(ctx); 1066 BIGNUM *mod = BN_CTX_get(ctx); 1067 if (mod == NULL) { 1068 BN_CTX_end(ctx); 1069 BN_CTX_free(ctx); 1070 return ret; 1071 } 1072 1073 mod = BN_bin2bn((const unsigned char *) 1074 xfrm->modulus.data, 1075 xfrm->modulus.length, 1076 mod); 1077 asym_session->u.m.ctx = ctx; 1078 asym_session->u.m.modulus = mod; 1079 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV; 1080 break; 1081 } 1082 case RTE_CRYPTO_ASYM_XFORM_DH: 1083 { 1084 BIGNUM *p = NULL; 1085 BIGNUM *g = NULL; 1086 1087 p = BN_bin2bn((const unsigned char *) 1088 xform->dh.p.data, 1089 xform->dh.p.length, 1090 p); 1091 g = BN_bin2bn((const unsigned char *) 1092 xform->dh.g.data, 1093 xform->dh.g.length, 1094 g); 1095 if (!p || !g) 1096 goto err_dh; 1097 1098 DH *dh = NULL; 1099 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1100 OSSL_PARAM_BLD *param_bld = NULL; 1101 param_bld = OSSL_PARAM_BLD_new(); 1102 if (!param_bld) { 1103 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 1104 goto err_dh; 1105 } 1106 if ((!OSSL_PARAM_BLD_push_utf8_string(param_bld, 1107 "group", "ffdhe2048", 0)) 1108 || (!OSSL_PARAM_BLD_push_BN(param_bld, 1109 OSSL_PKEY_PARAM_FFC_P, p)) 1110 || (!OSSL_PARAM_BLD_push_BN(param_bld, 1111 OSSL_PKEY_PARAM_FFC_G, g))) { 1112 OSSL_PARAM_BLD_free(param_bld); 1113 goto err_dh; 1114 } 1115 1116 OSSL_PARAM_BLD *param_bld_peer = NULL; 1117 param_bld_peer = OSSL_PARAM_BLD_new(); 1118 if (!param_bld_peer) { 1119 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 1120 OSSL_PARAM_BLD_free(param_bld); 1121 goto err_dh; 1122 } 1123 if ((!OSSL_PARAM_BLD_push_utf8_string(param_bld_peer, 1124 "group", "ffdhe2048", 0)) 1125 || (!OSSL_PARAM_BLD_push_BN(param_bld_peer, 1126 OSSL_PKEY_PARAM_FFC_P, p)) 1127 || (!OSSL_PARAM_BLD_push_BN(param_bld_peer, 1128 OSSL_PKEY_PARAM_FFC_G, g))) { 1129 OSSL_PARAM_BLD_free(param_bld); 1130 OSSL_PARAM_BLD_free(param_bld_peer); 1131 goto err_dh; 1132 } 1133 1134 asym_session->u.dh.param_bld = param_bld; 1135 asym_session->u.dh.param_bld_peer = param_bld_peer; 1136 #else 1137 dh = DH_new(); 1138 if (dh == NULL) { 1139 OPENSSL_LOG(ERR, 1140 "failed to allocate resources\n"); 1141 goto err_dh; 1142 } 1143 ret = set_dh_params(dh, p, g); 1144 if (ret) { 1145 DH_free(dh); 1146 goto err_dh; 1147 } 1148 #endif 1149 asym_session->u.dh.dh_key = dh; 1150 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH; 1151 break; 1152 1153 err_dh: 1154 OPENSSL_LOG(ERR, " failed to set dh params\n"); 1155 BN_free(p); 1156 BN_free(g); 1157 return -1; 1158 } 1159 case RTE_CRYPTO_ASYM_XFORM_DSA: 1160 { 1161 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1162 BIGNUM *p = NULL, *g = NULL; 1163 BIGNUM *q = NULL, *priv_key = NULL; 1164 BIGNUM *pub_key = BN_new(); 1165 BN_zero(pub_key); 1166 OSSL_PARAM_BLD *param_bld = NULL; 1167 1168 p = BN_bin2bn((const unsigned char *) 1169 xform->dsa.p.data, 1170 xform->dsa.p.length, 1171 p); 1172 1173 g = BN_bin2bn((const unsigned char *) 1174 xform->dsa.g.data, 1175 xform->dsa.g.length, 1176 g); 1177 1178 q = BN_bin2bn((const unsigned char *) 1179 xform->dsa.q.data, 1180 xform->dsa.q.length, 1181 q); 1182 if (!p || !q || !g) 1183 goto err_dsa; 1184 1185 priv_key = BN_bin2bn((const unsigned char *) 1186 xform->dsa.x.data, 1187 xform->dsa.x.length, 1188 priv_key); 1189 if (priv_key == NULL) 1190 goto err_dsa; 1191 1192 param_bld = OSSL_PARAM_BLD_new(); 1193 if (!param_bld) { 1194 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 1195 goto err_dsa; 1196 } 1197 1198 if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, p) 1199 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, g) 1200 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, q) 1201 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, priv_key)) { 1202 OSSL_PARAM_BLD_free(param_bld); 1203 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 1204 goto err_dsa; 1205 } 1206 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA; 1207 asym_session->u.s.param_bld = param_bld; 1208 1209 break; 1210 #else 1211 BIGNUM *p = NULL, *g = NULL; 1212 BIGNUM *q = NULL, *priv_key = NULL; 1213 BIGNUM *pub_key = BN_new(); 1214 BN_zero(pub_key); 1215 1216 p = BN_bin2bn((const unsigned char *) 1217 xform->dsa.p.data, 1218 xform->dsa.p.length, 1219 p); 1220 1221 g = BN_bin2bn((const unsigned char *) 1222 xform->dsa.g.data, 1223 xform->dsa.g.length, 1224 g); 1225 1226 q = BN_bin2bn((const unsigned char *) 1227 xform->dsa.q.data, 1228 xform->dsa.q.length, 1229 q); 1230 if (!p || !q || !g) 1231 goto err_dsa; 1232 1233 priv_key = BN_bin2bn((const unsigned char *) 1234 xform->dsa.x.data, 1235 xform->dsa.x.length, 1236 priv_key); 1237 if (priv_key == NULL) 1238 goto err_dsa; 1239 1240 DSA *dsa = DSA_new(); 1241 if (dsa == NULL) { 1242 OPENSSL_LOG(ERR, 1243 " failed to allocate resources\n"); 1244 goto err_dsa; 1245 } 1246 1247 ret = set_dsa_params(dsa, p, q, g); 1248 if (ret) { 1249 DSA_free(dsa); 1250 OPENSSL_LOG(ERR, "Failed to dsa params\n"); 1251 goto err_dsa; 1252 } 1253 1254 /* 1255 * openssl 1.1.0 mandate that public key can't be 1256 * NULL in very first call. so set a dummy pub key. 1257 * to keep consistency, lets follow same approach for 1258 * both versions 1259 */ 1260 /* just set dummy public for very 1st call */ 1261 ret = set_dsa_keys(dsa, pub_key, priv_key); 1262 if (ret) { 1263 DSA_free(dsa); 1264 OPENSSL_LOG(ERR, "Failed to set keys\n"); 1265 return -1; 1266 } 1267 asym_session->u.s.dsa = dsa; 1268 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA; 1269 break; 1270 #endif 1271 err_dsa: 1272 BN_free(p); 1273 BN_free(q); 1274 BN_free(g); 1275 BN_free(priv_key); 1276 BN_free(pub_key); 1277 return -1; 1278 } 1279 default: 1280 return ret; 1281 } 1282 1283 return 0; 1284 } 1285 1286 /** Configure the session from a crypto xform chain */ 1287 static int 1288 openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused, 1289 struct rte_crypto_asym_xform *xform, 1290 struct rte_cryptodev_asym_session *sess) 1291 { 1292 void *asym_sess_private_data; 1293 int ret; 1294 1295 if (unlikely(sess == NULL)) { 1296 OPENSSL_LOG(ERR, "invalid asymmetric session struct"); 1297 return -EINVAL; 1298 } 1299 1300 asym_sess_private_data = sess->sess_private_data; 1301 ret = openssl_set_asym_session_parameters(asym_sess_private_data, 1302 xform); 1303 if (ret != 0) { 1304 OPENSSL_LOG(ERR, "failed configure session parameters"); 1305 return ret; 1306 } 1307 1308 return 0; 1309 } 1310 1311 /** Clear the memory of session so it doesn't leave key material behind */ 1312 static void 1313 openssl_pmd_sym_session_clear(struct rte_cryptodev *dev, 1314 struct rte_cryptodev_sym_session *sess) 1315 { 1316 uint8_t index = dev->driver_id; 1317 void *sess_priv = get_sym_session_private_data(sess, index); 1318 1319 /* Zero out the whole structure */ 1320 if (sess_priv) { 1321 openssl_reset_session(sess_priv); 1322 memset(sess_priv, 0, sizeof(struct openssl_session)); 1323 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); 1324 set_sym_session_private_data(sess, index, NULL); 1325 rte_mempool_put(sess_mp, sess_priv); 1326 } 1327 } 1328 1329 static void openssl_reset_asym_session(struct openssl_asym_session *sess) 1330 { 1331 switch (sess->xfrm_type) { 1332 case RTE_CRYPTO_ASYM_XFORM_RSA: 1333 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1334 if (sess->u.r.ctx) 1335 EVP_PKEY_CTX_free(sess->u.r.ctx); 1336 #else 1337 if (sess->u.r.rsa) 1338 RSA_free(sess->u.r.rsa); 1339 #endif 1340 break; 1341 case RTE_CRYPTO_ASYM_XFORM_MODEX: 1342 if (sess->u.e.ctx) { 1343 BN_CTX_end(sess->u.e.ctx); 1344 BN_CTX_free(sess->u.e.ctx); 1345 } 1346 break; 1347 case RTE_CRYPTO_ASYM_XFORM_MODINV: 1348 if (sess->u.m.ctx) { 1349 BN_CTX_end(sess->u.m.ctx); 1350 BN_CTX_free(sess->u.m.ctx); 1351 } 1352 break; 1353 case RTE_CRYPTO_ASYM_XFORM_DH: 1354 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1355 sess->u.dh.param_bld = NULL; 1356 sess->u.dh.param_bld_peer = NULL; 1357 #else 1358 if (sess->u.dh.dh_key) 1359 DH_free(sess->u.dh.dh_key); 1360 #endif 1361 break; 1362 case RTE_CRYPTO_ASYM_XFORM_DSA: 1363 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1364 sess->u.s.param_bld = NULL; 1365 #else 1366 if (sess->u.s.dsa) 1367 DSA_free(sess->u.s.dsa); 1368 #endif 1369 break; 1370 default: 1371 break; 1372 } 1373 } 1374 1375 /** Clear the memory of asymmetric session 1376 * so it doesn't leave key material behind 1377 */ 1378 static void 1379 openssl_pmd_asym_session_clear(struct rte_cryptodev *dev __rte_unused, 1380 struct rte_cryptodev_asym_session *sess) 1381 { 1382 void *sess_priv = sess->sess_private_data; 1383 1384 /* Zero out the whole structure */ 1385 if (sess_priv) { 1386 openssl_reset_asym_session(sess_priv); 1387 memset(sess_priv, 0, sizeof(struct openssl_asym_session)); 1388 } 1389 } 1390 1391 struct rte_cryptodev_ops openssl_pmd_ops = { 1392 .dev_configure = openssl_pmd_config, 1393 .dev_start = openssl_pmd_start, 1394 .dev_stop = openssl_pmd_stop, 1395 .dev_close = openssl_pmd_close, 1396 1397 .stats_get = openssl_pmd_stats_get, 1398 .stats_reset = openssl_pmd_stats_reset, 1399 1400 .dev_infos_get = openssl_pmd_info_get, 1401 1402 .queue_pair_setup = openssl_pmd_qp_setup, 1403 .queue_pair_release = openssl_pmd_qp_release, 1404 1405 .sym_session_get_size = openssl_pmd_sym_session_get_size, 1406 .asym_session_get_size = openssl_pmd_asym_session_get_size, 1407 .sym_session_configure = openssl_pmd_sym_session_configure, 1408 .asym_session_configure = openssl_pmd_asym_session_configure, 1409 .sym_session_clear = openssl_pmd_sym_session_clear, 1410 .asym_session_clear = openssl_pmd_asym_session_clear 1411 }; 1412 1413 struct rte_cryptodev_ops *rte_openssl_pmd_ops = &openssl_pmd_ops; 1414