1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(c) 2016-2017 Intel Corporation 3 */ 4 5 #include <string.h> 6 7 #include <rte_common.h> 8 #include <rte_malloc.h> 9 #include <cryptodev_pmd.h> 10 11 #include "openssl_pmd_private.h" 12 #include "compat.h" 13 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 14 #include <openssl/provider.h> 15 #include <openssl/core_names.h> 16 #include <openssl/param_build.h> 17 #endif 18 19 static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { 20 { /* MD5 HMAC */ 21 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 22 {.sym = { 23 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 24 {.auth = { 25 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 26 .block_size = 64, 27 .key_size = { 28 .min = 1, 29 .max = 64, 30 .increment = 1 31 }, 32 .digest_size = { 33 .min = 1, 34 .max = 16, 35 .increment = 1 36 }, 37 .iv_size = { 0 } 38 }, } 39 }, } 40 }, 41 { /* MD5 */ 42 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 43 {.sym = { 44 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 45 {.auth = { 46 .algo = RTE_CRYPTO_AUTH_MD5, 47 .block_size = 64, 48 .key_size = { 49 .min = 0, 50 .max = 0, 51 .increment = 0 52 }, 53 .digest_size = { 54 .min = 16, 55 .max = 16, 56 .increment = 0 57 }, 58 .iv_size = { 0 } 59 }, } 60 }, } 61 }, 62 { /* SHA1 HMAC */ 63 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 64 {.sym = { 65 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 66 {.auth = { 67 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 68 .block_size = 64, 69 .key_size = { 70 .min = 1, 71 .max = 64, 72 .increment = 1 73 }, 74 .digest_size = { 75 .min = 1, 76 .max = 20, 77 .increment = 1 78 }, 79 .iv_size = { 0 } 80 }, } 81 }, } 82 }, 83 { /* SHA1 */ 84 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 85 {.sym = { 86 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 87 {.auth = { 88 .algo = RTE_CRYPTO_AUTH_SHA1, 89 .block_size = 64, 90 .key_size = { 91 .min = 0, 92 .max = 0, 93 .increment = 0 94 }, 95 .digest_size = { 96 .min = 20, 97 .max = 20, 98 .increment = 0 99 }, 100 .iv_size = { 0 } 101 }, } 102 }, } 103 }, 104 { /* SHA224 HMAC */ 105 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 106 {.sym = { 107 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 108 {.auth = { 109 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 110 .block_size = 64, 111 .key_size = { 112 .min = 1, 113 .max = 64, 114 .increment = 1 115 }, 116 .digest_size = { 117 .min = 1, 118 .max = 28, 119 .increment = 1 120 }, 121 .iv_size = { 0 } 122 }, } 123 }, } 124 }, 125 { /* SHA224 */ 126 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 127 {.sym = { 128 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 129 {.auth = { 130 .algo = RTE_CRYPTO_AUTH_SHA224, 131 .block_size = 64, 132 .key_size = { 133 .min = 0, 134 .max = 0, 135 .increment = 0 136 }, 137 .digest_size = { 138 .min = 1, 139 .max = 28, 140 .increment = 1 141 }, 142 .iv_size = { 0 } 143 }, } 144 }, } 145 }, 146 { /* SHA256 HMAC */ 147 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 148 {.sym = { 149 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 150 {.auth = { 151 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 152 .block_size = 64, 153 .key_size = { 154 .min = 1, 155 .max = 64, 156 .increment = 1 157 }, 158 .digest_size = { 159 .min = 1, 160 .max = 32, 161 .increment = 1 162 }, 163 .iv_size = { 0 } 164 }, } 165 }, } 166 }, 167 { /* SHA256 */ 168 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 169 {.sym = { 170 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 171 {.auth = { 172 .algo = RTE_CRYPTO_AUTH_SHA256, 173 .block_size = 64, 174 .key_size = { 175 .min = 0, 176 .max = 0, 177 .increment = 0 178 }, 179 .digest_size = { 180 .min = 32, 181 .max = 32, 182 .increment = 0 183 }, 184 .iv_size = { 0 } 185 }, } 186 }, } 187 }, 188 { /* SHA384 HMAC */ 189 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 190 {.sym = { 191 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 192 {.auth = { 193 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 194 .block_size = 128, 195 .key_size = { 196 .min = 1, 197 .max = 128, 198 .increment = 1 199 }, 200 .digest_size = { 201 .min = 1, 202 .max = 48, 203 .increment = 1 204 }, 205 .iv_size = { 0 } 206 }, } 207 }, } 208 }, 209 { /* SHA384 */ 210 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 211 {.sym = { 212 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 213 {.auth = { 214 .algo = RTE_CRYPTO_AUTH_SHA384, 215 .block_size = 128, 216 .key_size = { 217 .min = 0, 218 .max = 0, 219 .increment = 0 220 }, 221 .digest_size = { 222 .min = 48, 223 .max = 48, 224 .increment = 0 225 }, 226 .iv_size = { 0 } 227 }, } 228 }, } 229 }, 230 { /* SHA512 HMAC */ 231 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 232 {.sym = { 233 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 234 {.auth = { 235 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 236 .block_size = 128, 237 .key_size = { 238 .min = 1, 239 .max = 128, 240 .increment = 1 241 }, 242 .digest_size = { 243 .min = 1, 244 .max = 64, 245 .increment = 1 246 }, 247 .iv_size = { 0 } 248 }, } 249 }, } 250 }, 251 { /* SHA512 */ 252 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 253 {.sym = { 254 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 255 {.auth = { 256 .algo = RTE_CRYPTO_AUTH_SHA512, 257 .block_size = 128, 258 .key_size = { 259 .min = 0, 260 .max = 0, 261 .increment = 0 262 }, 263 .digest_size = { 264 .min = 64, 265 .max = 64, 266 .increment = 0 267 }, 268 .iv_size = { 0 } 269 }, } 270 }, } 271 }, 272 { /* AES CBC */ 273 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 274 {.sym = { 275 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 276 {.cipher = { 277 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 278 .block_size = 16, 279 .key_size = { 280 .min = 16, 281 .max = 32, 282 .increment = 8 283 }, 284 .iv_size = { 285 .min = 16, 286 .max = 16, 287 .increment = 0 288 } 289 }, } 290 }, } 291 }, 292 { /* AES CTR */ 293 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 294 {.sym = { 295 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 296 {.cipher = { 297 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 298 .block_size = 16, 299 .key_size = { 300 .min = 16, 301 .max = 32, 302 .increment = 8 303 }, 304 .iv_size = { 305 .min = 16, 306 .max = 16, 307 .increment = 0 308 } 309 }, } 310 }, } 311 }, 312 { /* AES GCM */ 313 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 314 {.sym = { 315 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 316 {.aead = { 317 .algo = RTE_CRYPTO_AEAD_AES_GCM, 318 .block_size = 16, 319 .key_size = { 320 .min = 16, 321 .max = 32, 322 .increment = 8 323 }, 324 .digest_size = { 325 .min = 16, 326 .max = 16, 327 .increment = 0 328 }, 329 .aad_size = { 330 .min = 0, 331 .max = 65535, 332 .increment = 1 333 }, 334 .iv_size = { 335 .min = 12, 336 .max = 16, 337 .increment = 4 338 }, 339 }, } 340 }, } 341 }, 342 { /* AES CCM */ 343 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 344 {.sym = { 345 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 346 {.aead = { 347 .algo = RTE_CRYPTO_AEAD_AES_CCM, 348 .block_size = 16, 349 .key_size = { 350 .min = 16, 351 .max = 32, 352 .increment = 8 353 }, 354 .digest_size = { 355 .min = 4, 356 .max = 16, 357 .increment = 2 358 }, 359 .aad_size = { 360 .min = 0, 361 .max = 65535, 362 .increment = 1 363 }, 364 .iv_size = { 365 .min = 7, 366 .max = 13, 367 .increment = 1 368 }, 369 }, } 370 }, } 371 }, 372 { /* AES GMAC (AUTH) */ 373 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 374 {.sym = { 375 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 376 {.auth = { 377 .algo = RTE_CRYPTO_AUTH_AES_GMAC, 378 .block_size = 16, 379 .key_size = { 380 .min = 16, 381 .max = 32, 382 .increment = 8 383 }, 384 .digest_size = { 385 .min = 16, 386 .max = 16, 387 .increment = 0 388 }, 389 .iv_size = { 390 .min = 12, 391 .max = 16, 392 .increment = 4 393 } 394 }, } 395 }, } 396 }, 397 { /* 3DES CBC */ 398 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 399 {.sym = { 400 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 401 {.cipher = { 402 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 403 .block_size = 8, 404 .key_size = { 405 .min = 8, 406 .max = 24, 407 .increment = 8 408 }, 409 .iv_size = { 410 .min = 8, 411 .max = 8, 412 .increment = 0 413 } 414 }, } 415 }, } 416 }, 417 { /* 3DES CTR */ 418 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 419 {.sym = { 420 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 421 {.cipher = { 422 .algo = RTE_CRYPTO_CIPHER_3DES_CTR, 423 .block_size = 8, 424 .key_size = { 425 .min = 16, 426 .max = 24, 427 .increment = 8 428 }, 429 .iv_size = { 430 .min = 8, 431 .max = 8, 432 .increment = 0 433 } 434 }, } 435 }, } 436 }, 437 { /* DES CBC */ 438 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 439 {.sym = { 440 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 441 {.cipher = { 442 .algo = RTE_CRYPTO_CIPHER_DES_CBC, 443 .block_size = 8, 444 .key_size = { 445 .min = 8, 446 .max = 8, 447 .increment = 0 448 }, 449 .iv_size = { 450 .min = 8, 451 .max = 8, 452 .increment = 0 453 } 454 }, } 455 }, } 456 }, 457 { /* DES DOCSIS BPI */ 458 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 459 {.sym = { 460 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 461 {.cipher = { 462 .algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI, 463 .block_size = 8, 464 .key_size = { 465 .min = 8, 466 .max = 8, 467 .increment = 0 468 }, 469 .iv_size = { 470 .min = 8, 471 .max = 8, 472 .increment = 0 473 } 474 }, } 475 }, } 476 }, 477 { /* RSA */ 478 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 479 {.asym = { 480 .xform_capa = { 481 .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, 482 .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | 483 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | 484 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | 485 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), 486 { 487 .modlen = { 488 /* min length is based on openssl rsa keygen */ 489 .min = 30, 490 /* value 0 symbolizes no limit on max length */ 491 .max = 0, 492 .increment = 1 493 }, } 494 } 495 }, 496 } 497 }, 498 { /* modexp */ 499 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 500 {.asym = { 501 .xform_capa = { 502 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX, 503 .op_types = 0, 504 { 505 .modlen = { 506 /* value 0 symbolizes no limit on min length */ 507 .min = 0, 508 /* value 0 symbolizes no limit on max length */ 509 .max = 0, 510 .increment = 1 511 }, } 512 } 513 }, 514 } 515 }, 516 { /* modinv */ 517 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 518 {.asym = { 519 .xform_capa = { 520 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV, 521 .op_types = 0, 522 { 523 .modlen = { 524 /* value 0 symbolizes no limit on min length */ 525 .min = 0, 526 /* value 0 symbolizes no limit on max length */ 527 .max = 0, 528 .increment = 1 529 }, } 530 } 531 }, 532 } 533 }, 534 { /* dh */ 535 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 536 {.asym = { 537 .xform_capa = { 538 .xform_type = RTE_CRYPTO_ASYM_XFORM_DH, 539 .op_types = 540 ((1<<RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE) | 541 (1 << RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE | 542 (1 << 543 RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE))), 544 { 545 .modlen = { 546 /* value 0 symbolizes no limit on min length */ 547 .min = 0, 548 /* value 0 symbolizes no limit on max length */ 549 .max = 0, 550 .increment = 1 551 }, } 552 } 553 }, 554 } 555 }, 556 { /* dsa */ 557 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 558 {.asym = { 559 .xform_capa = { 560 .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA, 561 .op_types = 562 ((1<<RTE_CRYPTO_ASYM_OP_SIGN) | 563 (1 << RTE_CRYPTO_ASYM_OP_VERIFY)), 564 { 565 .modlen = { 566 /* value 0 symbolizes no limit on min length */ 567 .min = 0, 568 /* value 0 symbolizes no limit on max length */ 569 .max = 0, 570 .increment = 1 571 }, } 572 } 573 }, 574 } 575 }, 576 577 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 578 }; 579 580 581 /** Configure device */ 582 static int 583 openssl_pmd_config(__rte_unused struct rte_cryptodev *dev, 584 __rte_unused struct rte_cryptodev_config *config) 585 { 586 return 0; 587 } 588 589 /** Start device */ 590 static int 591 openssl_pmd_start(__rte_unused struct rte_cryptodev *dev) 592 { 593 return 0; 594 } 595 596 /** Stop device */ 597 static void 598 openssl_pmd_stop(__rte_unused struct rte_cryptodev *dev) 599 { 600 } 601 602 /** Close device */ 603 static int 604 openssl_pmd_close(__rte_unused struct rte_cryptodev *dev) 605 { 606 return 0; 607 } 608 609 610 /** Get device statistics */ 611 static void 612 openssl_pmd_stats_get(struct rte_cryptodev *dev, 613 struct rte_cryptodev_stats *stats) 614 { 615 int qp_id; 616 617 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) { 618 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 619 620 stats->enqueued_count += qp->stats.enqueued_count; 621 stats->dequeued_count += qp->stats.dequeued_count; 622 623 stats->enqueue_err_count += qp->stats.enqueue_err_count; 624 stats->dequeue_err_count += qp->stats.dequeue_err_count; 625 } 626 } 627 628 /** Reset device statistics */ 629 static void 630 openssl_pmd_stats_reset(struct rte_cryptodev *dev) 631 { 632 int qp_id; 633 634 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) { 635 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 636 637 memset(&qp->stats, 0, sizeof(qp->stats)); 638 } 639 } 640 641 642 /** Get device info */ 643 static void 644 openssl_pmd_info_get(struct rte_cryptodev *dev, 645 struct rte_cryptodev_info *dev_info) 646 { 647 struct openssl_private *internals = dev->data->dev_private; 648 649 if (dev_info != NULL) { 650 dev_info->driver_id = dev->driver_id; 651 dev_info->feature_flags = dev->feature_flags; 652 dev_info->capabilities = openssl_pmd_capabilities; 653 dev_info->max_nb_queue_pairs = internals->max_nb_qpairs; 654 /* No limit of number of sessions */ 655 dev_info->sym.max_nb_sessions = 0; 656 } 657 } 658 659 /** Release queue pair */ 660 static int 661 openssl_pmd_qp_release(struct rte_cryptodev *dev, uint16_t qp_id) 662 { 663 if (dev->data->queue_pairs[qp_id] != NULL) { 664 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 665 666 rte_ring_free(qp->processed_ops); 667 668 rte_free(dev->data->queue_pairs[qp_id]); 669 dev->data->queue_pairs[qp_id] = NULL; 670 } 671 return 0; 672 } 673 674 /** set a unique name for the queue pair based on it's name, dev_id and qp_id */ 675 static int 676 openssl_pmd_qp_set_unique_name(struct rte_cryptodev *dev, 677 struct openssl_qp *qp) 678 { 679 unsigned int n = snprintf(qp->name, sizeof(qp->name), 680 "openssl_pmd_%u_qp_%u", 681 dev->data->dev_id, qp->id); 682 683 if (n >= sizeof(qp->name)) 684 return -1; 685 686 return 0; 687 } 688 689 690 /** Create a ring to place processed operations on */ 691 static struct rte_ring * 692 openssl_pmd_qp_create_processed_ops_ring(struct openssl_qp *qp, 693 unsigned int ring_size, int socket_id) 694 { 695 struct rte_ring *r; 696 697 r = rte_ring_lookup(qp->name); 698 if (r) { 699 if (rte_ring_get_size(r) >= ring_size) { 700 OPENSSL_LOG(INFO, 701 "Reusing existing ring %s for processed ops", 702 qp->name); 703 return r; 704 } 705 706 OPENSSL_LOG(ERR, 707 "Unable to reuse existing ring %s for processed ops", 708 qp->name); 709 return NULL; 710 } 711 712 return rte_ring_create(qp->name, ring_size, socket_id, 713 RING_F_SP_ENQ | RING_F_SC_DEQ); 714 } 715 716 717 /** Setup a queue pair */ 718 static int 719 openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, 720 const struct rte_cryptodev_qp_conf *qp_conf, 721 int socket_id) 722 { 723 struct openssl_qp *qp = NULL; 724 725 /* Free memory prior to re-allocation if needed. */ 726 if (dev->data->queue_pairs[qp_id] != NULL) 727 openssl_pmd_qp_release(dev, qp_id); 728 729 /* Allocate the queue pair data structure. */ 730 qp = rte_zmalloc_socket("OPENSSL PMD Queue Pair", sizeof(*qp), 731 RTE_CACHE_LINE_SIZE, socket_id); 732 if (qp == NULL) 733 return -ENOMEM; 734 735 qp->id = qp_id; 736 dev->data->queue_pairs[qp_id] = qp; 737 738 if (openssl_pmd_qp_set_unique_name(dev, qp)) 739 goto qp_setup_cleanup; 740 741 qp->processed_ops = openssl_pmd_qp_create_processed_ops_ring(qp, 742 qp_conf->nb_descriptors, socket_id); 743 if (qp->processed_ops == NULL) 744 goto qp_setup_cleanup; 745 746 qp->sess_mp = qp_conf->mp_session; 747 qp->sess_mp_priv = qp_conf->mp_session_private; 748 749 memset(&qp->stats, 0, sizeof(qp->stats)); 750 751 return 0; 752 753 qp_setup_cleanup: 754 rte_free(qp); 755 756 return -1; 757 } 758 759 /** Returns the size of the symmetric session structure */ 760 static unsigned 761 openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused) 762 { 763 return sizeof(struct openssl_session); 764 } 765 766 /** Returns the size of the asymmetric session structure */ 767 static unsigned 768 openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused) 769 { 770 return sizeof(struct openssl_asym_session); 771 } 772 773 /** Configure the session from a crypto xform chain */ 774 static int 775 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused, 776 struct rte_crypto_sym_xform *xform, 777 struct rte_cryptodev_sym_session *sess, 778 struct rte_mempool *mempool) 779 { 780 void *sess_private_data; 781 int ret; 782 783 if (unlikely(sess == NULL)) { 784 OPENSSL_LOG(ERR, "invalid session struct"); 785 return -EINVAL; 786 } 787 788 if (rte_mempool_get(mempool, &sess_private_data)) { 789 OPENSSL_LOG(ERR, 790 "Couldn't get object from session mempool"); 791 return -ENOMEM; 792 } 793 794 ret = openssl_set_session_parameters(sess_private_data, xform); 795 if (ret != 0) { 796 OPENSSL_LOG(ERR, "failed configure session parameters"); 797 798 /* Return session to mempool */ 799 rte_mempool_put(mempool, sess_private_data); 800 return ret; 801 } 802 803 set_sym_session_private_data(sess, dev->driver_id, 804 sess_private_data); 805 806 return 0; 807 } 808 809 static int openssl_set_asym_session_parameters( 810 struct openssl_asym_session *asym_session, 811 struct rte_crypto_asym_xform *xform) 812 { 813 int ret = -1; 814 815 if ((xform->xform_type != RTE_CRYPTO_ASYM_XFORM_DH) && 816 (xform->next != NULL)) { 817 OPENSSL_LOG(ERR, "chained xfrms are not supported on %s", 818 rte_crypto_asym_xform_strings[xform->xform_type]); 819 return ret; 820 } 821 822 switch (xform->xform_type) { 823 case RTE_CRYPTO_ASYM_XFORM_RSA: 824 { 825 BIGNUM *n = NULL; 826 BIGNUM *e = NULL; 827 BIGNUM *d = NULL; 828 BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL; 829 BIGNUM *iqmp = NULL, *dmq1 = NULL; 830 831 /* copy xfrm data into rsa struct */ 832 n = BN_bin2bn((const unsigned char *)xform->rsa.n.data, 833 xform->rsa.n.length, n); 834 e = BN_bin2bn((const unsigned char *)xform->rsa.e.data, 835 xform->rsa.e.length, e); 836 837 if (!n || !e) 838 goto err_rsa; 839 840 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 841 OSSL_PARAM_BLD * param_bld = OSSL_PARAM_BLD_new(); 842 if (!param_bld) { 843 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 844 goto err_rsa; 845 } 846 847 if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, n) 848 || !OSSL_PARAM_BLD_push_BN(param_bld, 849 OSSL_PKEY_PARAM_RSA_E, e)) { 850 OSSL_PARAM_BLD_free(param_bld); 851 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 852 goto err_rsa; 853 } 854 855 if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) { 856 d = BN_bin2bn( 857 (const unsigned char *)xform->rsa.d.data, 858 xform->rsa.d.length, 859 d); 860 if (!d) { 861 OSSL_PARAM_BLD_free(param_bld); 862 goto err_rsa; 863 } 864 } else { 865 p = BN_bin2bn((const unsigned char *) 866 xform->rsa.qt.p.data, 867 xform->rsa.qt.p.length, 868 p); 869 q = BN_bin2bn((const unsigned char *) 870 xform->rsa.qt.q.data, 871 xform->rsa.qt.q.length, 872 q); 873 dmp1 = BN_bin2bn((const unsigned char *) 874 xform->rsa.qt.dP.data, 875 xform->rsa.qt.dP.length, 876 dmp1); 877 dmq1 = BN_bin2bn((const unsigned char *) 878 xform->rsa.qt.dQ.data, 879 xform->rsa.qt.dQ.length, 880 dmq1); 881 iqmp = BN_bin2bn((const unsigned char *) 882 xform->rsa.qt.qInv.data, 883 xform->rsa.qt.qInv.length, 884 iqmp); 885 886 if (!p || !q || !dmp1 || !dmq1 || !iqmp) { 887 OSSL_PARAM_BLD_free(param_bld); 888 goto err_rsa; 889 } 890 891 if (!OSSL_PARAM_BLD_push_BN(param_bld, 892 OSSL_PKEY_PARAM_RSA_FACTOR1, p) 893 || !OSSL_PARAM_BLD_push_BN(param_bld, 894 OSSL_PKEY_PARAM_RSA_FACTOR2, q) 895 || !OSSL_PARAM_BLD_push_BN(param_bld, 896 OSSL_PKEY_PARAM_RSA_EXPONENT1, dmp1) 897 || !OSSL_PARAM_BLD_push_BN(param_bld, 898 OSSL_PKEY_PARAM_RSA_EXPONENT2, dmq1) 899 || !OSSL_PARAM_BLD_push_BN(param_bld, 900 OSSL_PKEY_PARAM_RSA_COEFFICIENT1, iqmp)) { 901 OSSL_PARAM_BLD_free(param_bld); 902 goto err_rsa; 903 } 904 } 905 906 if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, n) 907 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, e) 908 || !OSSL_PARAM_BLD_push_BN(param_bld, 909 OSSL_PKEY_PARAM_RSA_D, d)) { 910 OSSL_PARAM_BLD_free(param_bld); 911 goto err_rsa; 912 } 913 914 EVP_PKEY_CTX *key_ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); 915 EVP_PKEY *pkey = NULL; 916 EVP_PKEY_CTX *rsa_ctx = NULL; 917 OSSL_PARAM *params = NULL; 918 919 params = OSSL_PARAM_BLD_to_param(param_bld); 920 if (!params) { 921 OSSL_PARAM_BLD_free(param_bld); 922 goto err_rsa; 923 } 924 925 if (key_ctx == NULL 926 || EVP_PKEY_fromdata_init(key_ctx) <= 0 927 || EVP_PKEY_fromdata(key_ctx, &pkey, 928 EVP_PKEY_KEYPAIR, params) <= 0) { 929 OSSL_PARAM_free(params); 930 goto err_rsa; 931 } 932 933 rsa_ctx = EVP_PKEY_CTX_new(pkey, NULL); 934 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA; 935 asym_session->u.r.ctx = rsa_ctx; 936 EVP_PKEY_CTX_free(key_ctx); 937 OSSL_PARAM_free(params); 938 break; 939 #else 940 RSA *rsa = RSA_new(); 941 if (rsa == NULL) 942 goto err_rsa; 943 944 if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) { 945 d = BN_bin2bn( 946 (const unsigned char *)xform->rsa.d.data, 947 xform->rsa.d.length, 948 d); 949 if (!d) { 950 RSA_free(rsa); 951 goto err_rsa; 952 } 953 } else { 954 p = BN_bin2bn((const unsigned char *) 955 xform->rsa.qt.p.data, 956 xform->rsa.qt.p.length, 957 p); 958 q = BN_bin2bn((const unsigned char *) 959 xform->rsa.qt.q.data, 960 xform->rsa.qt.q.length, 961 q); 962 dmp1 = BN_bin2bn((const unsigned char *) 963 xform->rsa.qt.dP.data, 964 xform->rsa.qt.dP.length, 965 dmp1); 966 dmq1 = BN_bin2bn((const unsigned char *) 967 xform->rsa.qt.dQ.data, 968 xform->rsa.qt.dQ.length, 969 dmq1); 970 iqmp = BN_bin2bn((const unsigned char *) 971 xform->rsa.qt.qInv.data, 972 xform->rsa.qt.qInv.length, 973 iqmp); 974 975 if (!p || !q || !dmp1 || !dmq1 || !iqmp) { 976 RSA_free(rsa); 977 goto err_rsa; 978 } 979 ret = set_rsa_params(rsa, p, q); 980 if (ret) { 981 OPENSSL_LOG(ERR, 982 "failed to set rsa params\n"); 983 RSA_free(rsa); 984 goto err_rsa; 985 } 986 ret = set_rsa_crt_params(rsa, dmp1, dmq1, iqmp); 987 if (ret) { 988 OPENSSL_LOG(ERR, 989 "failed to set crt params\n"); 990 RSA_free(rsa); 991 /* 992 * set already populated params to NULL 993 * as its freed by call to RSA_free 994 */ 995 p = q = NULL; 996 goto err_rsa; 997 } 998 } 999 1000 ret = set_rsa_keys(rsa, n, e, d); 1001 if (ret) { 1002 OPENSSL_LOG(ERR, "Failed to load rsa keys\n"); 1003 RSA_free(rsa); 1004 return ret; 1005 } 1006 asym_session->u.r.rsa = rsa; 1007 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA; 1008 break; 1009 #endif 1010 err_rsa: 1011 BN_clear_free(n); 1012 BN_clear_free(e); 1013 BN_clear_free(d); 1014 BN_clear_free(p); 1015 BN_clear_free(q); 1016 BN_clear_free(dmp1); 1017 BN_clear_free(dmq1); 1018 BN_clear_free(iqmp); 1019 1020 return -1; 1021 } 1022 case RTE_CRYPTO_ASYM_XFORM_MODEX: 1023 { 1024 struct rte_crypto_modex_xform *xfrm = &(xform->modex); 1025 1026 BN_CTX *ctx = BN_CTX_new(); 1027 if (ctx == NULL) { 1028 OPENSSL_LOG(ERR, 1029 " failed to allocate resources\n"); 1030 return ret; 1031 } 1032 BN_CTX_start(ctx); 1033 BIGNUM *mod = BN_CTX_get(ctx); 1034 BIGNUM *exp = BN_CTX_get(ctx); 1035 if (mod == NULL || exp == NULL) { 1036 BN_CTX_end(ctx); 1037 BN_CTX_free(ctx); 1038 return ret; 1039 } 1040 1041 mod = BN_bin2bn((const unsigned char *) 1042 xfrm->modulus.data, 1043 xfrm->modulus.length, mod); 1044 exp = BN_bin2bn((const unsigned char *) 1045 xfrm->exponent.data, 1046 xfrm->exponent.length, exp); 1047 asym_session->u.e.ctx = ctx; 1048 asym_session->u.e.mod = mod; 1049 asym_session->u.e.exp = exp; 1050 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODEX; 1051 break; 1052 } 1053 case RTE_CRYPTO_ASYM_XFORM_MODINV: 1054 { 1055 struct rte_crypto_modinv_xform *xfrm = &(xform->modinv); 1056 1057 BN_CTX *ctx = BN_CTX_new(); 1058 if (ctx == NULL) { 1059 OPENSSL_LOG(ERR, 1060 " failed to allocate resources\n"); 1061 return ret; 1062 } 1063 BN_CTX_start(ctx); 1064 BIGNUM *mod = BN_CTX_get(ctx); 1065 if (mod == NULL) { 1066 BN_CTX_end(ctx); 1067 BN_CTX_free(ctx); 1068 return ret; 1069 } 1070 1071 mod = BN_bin2bn((const unsigned char *) 1072 xfrm->modulus.data, 1073 xfrm->modulus.length, 1074 mod); 1075 asym_session->u.m.ctx = ctx; 1076 asym_session->u.m.modulus = mod; 1077 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV; 1078 break; 1079 } 1080 case RTE_CRYPTO_ASYM_XFORM_DH: 1081 { 1082 BIGNUM *p = NULL; 1083 BIGNUM *g = NULL; 1084 1085 p = BN_bin2bn((const unsigned char *) 1086 xform->dh.p.data, 1087 xform->dh.p.length, 1088 p); 1089 g = BN_bin2bn((const unsigned char *) 1090 xform->dh.g.data, 1091 xform->dh.g.length, 1092 g); 1093 if (!p || !g) 1094 goto err_dh; 1095 1096 DH *dh = NULL; 1097 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1098 OSSL_PARAM_BLD *param_bld = NULL; 1099 param_bld = OSSL_PARAM_BLD_new(); 1100 if (!param_bld) { 1101 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 1102 goto err_dh; 1103 } 1104 if ((!OSSL_PARAM_BLD_push_utf8_string(param_bld, 1105 "group", "ffdhe2048", 0)) 1106 || (!OSSL_PARAM_BLD_push_BN(param_bld, 1107 OSSL_PKEY_PARAM_FFC_P, p)) 1108 || (!OSSL_PARAM_BLD_push_BN(param_bld, 1109 OSSL_PKEY_PARAM_FFC_G, g))) { 1110 OSSL_PARAM_BLD_free(param_bld); 1111 goto err_dh; 1112 } 1113 1114 OSSL_PARAM_BLD *param_bld_peer = NULL; 1115 param_bld_peer = OSSL_PARAM_BLD_new(); 1116 if (!param_bld_peer) { 1117 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 1118 OSSL_PARAM_BLD_free(param_bld); 1119 goto err_dh; 1120 } 1121 if ((!OSSL_PARAM_BLD_push_utf8_string(param_bld_peer, 1122 "group", "ffdhe2048", 0)) 1123 || (!OSSL_PARAM_BLD_push_BN(param_bld_peer, 1124 OSSL_PKEY_PARAM_FFC_P, p)) 1125 || (!OSSL_PARAM_BLD_push_BN(param_bld_peer, 1126 OSSL_PKEY_PARAM_FFC_G, g))) { 1127 OSSL_PARAM_BLD_free(param_bld); 1128 OSSL_PARAM_BLD_free(param_bld_peer); 1129 goto err_dh; 1130 } 1131 1132 asym_session->u.dh.param_bld = param_bld; 1133 asym_session->u.dh.param_bld_peer = param_bld_peer; 1134 #else 1135 dh = DH_new(); 1136 if (dh == NULL) { 1137 OPENSSL_LOG(ERR, 1138 "failed to allocate resources\n"); 1139 goto err_dh; 1140 } 1141 ret = set_dh_params(dh, p, g); 1142 if (ret) { 1143 DH_free(dh); 1144 goto err_dh; 1145 } 1146 #endif 1147 asym_session->u.dh.dh_key = dh; 1148 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH; 1149 break; 1150 1151 err_dh: 1152 OPENSSL_LOG(ERR, " failed to set dh params\n"); 1153 BN_free(p); 1154 BN_free(g); 1155 return -1; 1156 } 1157 case RTE_CRYPTO_ASYM_XFORM_DSA: 1158 { 1159 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1160 BIGNUM *p = NULL, *g = NULL; 1161 BIGNUM *q = NULL, *priv_key = NULL; 1162 BIGNUM *pub_key = BN_new(); 1163 BN_zero(pub_key); 1164 OSSL_PARAM_BLD *param_bld = NULL; 1165 1166 p = BN_bin2bn((const unsigned char *) 1167 xform->dsa.p.data, 1168 xform->dsa.p.length, 1169 p); 1170 1171 g = BN_bin2bn((const unsigned char *) 1172 xform->dsa.g.data, 1173 xform->dsa.g.length, 1174 g); 1175 1176 q = BN_bin2bn((const unsigned char *) 1177 xform->dsa.q.data, 1178 xform->dsa.q.length, 1179 q); 1180 if (!p || !q || !g) 1181 goto err_dsa; 1182 1183 priv_key = BN_bin2bn((const unsigned char *) 1184 xform->dsa.x.data, 1185 xform->dsa.x.length, 1186 priv_key); 1187 if (priv_key == NULL) 1188 goto err_dsa; 1189 1190 param_bld = OSSL_PARAM_BLD_new(); 1191 if (!param_bld) { 1192 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 1193 goto err_dsa; 1194 } 1195 1196 if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, p) 1197 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, g) 1198 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, q) 1199 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, priv_key)) { 1200 OSSL_PARAM_BLD_free(param_bld); 1201 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 1202 goto err_dsa; 1203 } 1204 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA; 1205 asym_session->u.s.param_bld = param_bld; 1206 1207 break; 1208 #else 1209 BIGNUM *p = NULL, *g = NULL; 1210 BIGNUM *q = NULL, *priv_key = NULL; 1211 BIGNUM *pub_key = BN_new(); 1212 BN_zero(pub_key); 1213 1214 p = BN_bin2bn((const unsigned char *) 1215 xform->dsa.p.data, 1216 xform->dsa.p.length, 1217 p); 1218 1219 g = BN_bin2bn((const unsigned char *) 1220 xform->dsa.g.data, 1221 xform->dsa.g.length, 1222 g); 1223 1224 q = BN_bin2bn((const unsigned char *) 1225 xform->dsa.q.data, 1226 xform->dsa.q.length, 1227 q); 1228 if (!p || !q || !g) 1229 goto err_dsa; 1230 1231 priv_key = BN_bin2bn((const unsigned char *) 1232 xform->dsa.x.data, 1233 xform->dsa.x.length, 1234 priv_key); 1235 if (priv_key == NULL) 1236 goto err_dsa; 1237 1238 DSA *dsa = DSA_new(); 1239 if (dsa == NULL) { 1240 OPENSSL_LOG(ERR, 1241 " failed to allocate resources\n"); 1242 goto err_dsa; 1243 } 1244 1245 ret = set_dsa_params(dsa, p, q, g); 1246 if (ret) { 1247 DSA_free(dsa); 1248 OPENSSL_LOG(ERR, "Failed to dsa params\n"); 1249 goto err_dsa; 1250 } 1251 1252 /* 1253 * openssl 1.1.0 mandate that public key can't be 1254 * NULL in very first call. so set a dummy pub key. 1255 * to keep consistency, lets follow same approach for 1256 * both versions 1257 */ 1258 /* just set dummy public for very 1st call */ 1259 ret = set_dsa_keys(dsa, pub_key, priv_key); 1260 if (ret) { 1261 DSA_free(dsa); 1262 OPENSSL_LOG(ERR, "Failed to set keys\n"); 1263 return -1; 1264 } 1265 asym_session->u.s.dsa = dsa; 1266 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA; 1267 break; 1268 #endif 1269 err_dsa: 1270 BN_free(p); 1271 BN_free(q); 1272 BN_free(g); 1273 BN_free(priv_key); 1274 BN_free(pub_key); 1275 return -1; 1276 } 1277 default: 1278 return ret; 1279 } 1280 1281 return 0; 1282 } 1283 1284 /** Configure the session from a crypto xform chain */ 1285 static int 1286 openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused, 1287 struct rte_crypto_asym_xform *xform, 1288 struct rte_cryptodev_asym_session *sess) 1289 { 1290 void *asym_sess_private_data; 1291 int ret; 1292 1293 if (unlikely(sess == NULL)) { 1294 OPENSSL_LOG(ERR, "invalid asymmetric session struct"); 1295 return -EINVAL; 1296 } 1297 1298 asym_sess_private_data = sess->sess_private_data; 1299 ret = openssl_set_asym_session_parameters(asym_sess_private_data, 1300 xform); 1301 if (ret != 0) { 1302 OPENSSL_LOG(ERR, "failed configure session parameters"); 1303 return ret; 1304 } 1305 1306 return 0; 1307 } 1308 1309 /** Clear the memory of session so it doesn't leave key material behind */ 1310 static void 1311 openssl_pmd_sym_session_clear(struct rte_cryptodev *dev, 1312 struct rte_cryptodev_sym_session *sess) 1313 { 1314 uint8_t index = dev->driver_id; 1315 void *sess_priv = get_sym_session_private_data(sess, index); 1316 1317 /* Zero out the whole structure */ 1318 if (sess_priv) { 1319 openssl_reset_session(sess_priv); 1320 memset(sess_priv, 0, sizeof(struct openssl_session)); 1321 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); 1322 set_sym_session_private_data(sess, index, NULL); 1323 rte_mempool_put(sess_mp, sess_priv); 1324 } 1325 } 1326 1327 static void openssl_reset_asym_session(struct openssl_asym_session *sess) 1328 { 1329 switch (sess->xfrm_type) { 1330 case RTE_CRYPTO_ASYM_XFORM_RSA: 1331 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1332 if (sess->u.r.ctx) 1333 EVP_PKEY_CTX_free(sess->u.r.ctx); 1334 #else 1335 if (sess->u.r.rsa) 1336 RSA_free(sess->u.r.rsa); 1337 #endif 1338 break; 1339 case RTE_CRYPTO_ASYM_XFORM_MODEX: 1340 if (sess->u.e.ctx) { 1341 BN_CTX_end(sess->u.e.ctx); 1342 BN_CTX_free(sess->u.e.ctx); 1343 } 1344 break; 1345 case RTE_CRYPTO_ASYM_XFORM_MODINV: 1346 if (sess->u.m.ctx) { 1347 BN_CTX_end(sess->u.m.ctx); 1348 BN_CTX_free(sess->u.m.ctx); 1349 } 1350 break; 1351 case RTE_CRYPTO_ASYM_XFORM_DH: 1352 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1353 sess->u.dh.param_bld = NULL; 1354 sess->u.dh.param_bld_peer = NULL; 1355 #else 1356 if (sess->u.dh.dh_key) 1357 DH_free(sess->u.dh.dh_key); 1358 #endif 1359 break; 1360 case RTE_CRYPTO_ASYM_XFORM_DSA: 1361 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1362 sess->u.s.param_bld = NULL; 1363 #else 1364 if (sess->u.s.dsa) 1365 DSA_free(sess->u.s.dsa); 1366 #endif 1367 break; 1368 default: 1369 break; 1370 } 1371 } 1372 1373 /** Clear the memory of asymmetric session 1374 * so it doesn't leave key material behind 1375 */ 1376 static void 1377 openssl_pmd_asym_session_clear(struct rte_cryptodev *dev __rte_unused, 1378 struct rte_cryptodev_asym_session *sess) 1379 { 1380 void *sess_priv = sess->sess_private_data; 1381 1382 /* Zero out the whole structure */ 1383 if (sess_priv) { 1384 openssl_reset_asym_session(sess_priv); 1385 memset(sess_priv, 0, sizeof(struct openssl_asym_session)); 1386 } 1387 } 1388 1389 struct rte_cryptodev_ops openssl_pmd_ops = { 1390 .dev_configure = openssl_pmd_config, 1391 .dev_start = openssl_pmd_start, 1392 .dev_stop = openssl_pmd_stop, 1393 .dev_close = openssl_pmd_close, 1394 1395 .stats_get = openssl_pmd_stats_get, 1396 .stats_reset = openssl_pmd_stats_reset, 1397 1398 .dev_infos_get = openssl_pmd_info_get, 1399 1400 .queue_pair_setup = openssl_pmd_qp_setup, 1401 .queue_pair_release = openssl_pmd_qp_release, 1402 1403 .sym_session_get_size = openssl_pmd_sym_session_get_size, 1404 .asym_session_get_size = openssl_pmd_asym_session_get_size, 1405 .sym_session_configure = openssl_pmd_sym_session_configure, 1406 .asym_session_configure = openssl_pmd_asym_session_configure, 1407 .sym_session_clear = openssl_pmd_sym_session_clear, 1408 .asym_session_clear = openssl_pmd_asym_session_clear 1409 }; 1410 1411 struct rte_cryptodev_ops *rte_openssl_pmd_ops = &openssl_pmd_ops; 1412