1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(c) 2016-2017 Intel Corporation 3 */ 4 5 #include <string.h> 6 7 #include <rte_common.h> 8 #include <rte_malloc.h> 9 #include <cryptodev_pmd.h> 10 11 #include "openssl_pmd_private.h" 12 #include "compat.h" 13 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 14 #include <openssl/provider.h> 15 #include <openssl/core_names.h> 16 #include <openssl/param_build.h> 17 #endif 18 19 static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { 20 { /* MD5 HMAC */ 21 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 22 {.sym = { 23 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 24 {.auth = { 25 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 26 .block_size = 64, 27 .key_size = { 28 .min = 1, 29 .max = 64, 30 .increment = 1 31 }, 32 .digest_size = { 33 .min = 1, 34 .max = 16, 35 .increment = 1 36 }, 37 .iv_size = { 0 } 38 }, } 39 }, } 40 }, 41 { /* MD5 */ 42 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 43 {.sym = { 44 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 45 {.auth = { 46 .algo = RTE_CRYPTO_AUTH_MD5, 47 .block_size = 64, 48 .key_size = { 49 .min = 0, 50 .max = 0, 51 .increment = 0 52 }, 53 .digest_size = { 54 .min = 16, 55 .max = 16, 56 .increment = 0 57 }, 58 .iv_size = { 0 } 59 }, } 60 }, } 61 }, 62 { /* SHA1 HMAC */ 63 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 64 {.sym = { 65 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 66 {.auth = { 67 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 68 .block_size = 64, 69 .key_size = { 70 .min = 1, 71 .max = 64, 72 .increment = 1 73 }, 74 .digest_size = { 75 .min = 1, 76 .max = 20, 77 .increment = 1 78 }, 79 .iv_size = { 0 } 80 }, } 81 }, } 82 }, 83 { /* SHA1 */ 84 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 85 {.sym = { 86 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 87 {.auth = { 88 .algo = RTE_CRYPTO_AUTH_SHA1, 89 .block_size = 64, 90 .key_size = { 91 .min = 0, 92 .max = 0, 93 .increment = 0 94 }, 95 .digest_size = { 96 .min = 20, 97 .max = 20, 98 .increment = 0 99 }, 100 .iv_size = { 0 } 101 }, } 102 }, } 103 }, 104 { /* SHA224 HMAC */ 105 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 106 {.sym = { 107 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 108 {.auth = { 109 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 110 .block_size = 64, 111 .key_size = { 112 .min = 1, 113 .max = 64, 114 .increment = 1 115 }, 116 .digest_size = { 117 .min = 1, 118 .max = 28, 119 .increment = 1 120 }, 121 .iv_size = { 0 } 122 }, } 123 }, } 124 }, 125 { /* SHA224 */ 126 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 127 {.sym = { 128 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 129 {.auth = { 130 .algo = RTE_CRYPTO_AUTH_SHA224, 131 .block_size = 64, 132 .key_size = { 133 .min = 0, 134 .max = 0, 135 .increment = 0 136 }, 137 .digest_size = { 138 .min = 1, 139 .max = 28, 140 .increment = 1 141 }, 142 .iv_size = { 0 } 143 }, } 144 }, } 145 }, 146 { /* SHA256 HMAC */ 147 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 148 {.sym = { 149 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 150 {.auth = { 151 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 152 .block_size = 64, 153 .key_size = { 154 .min = 1, 155 .max = 64, 156 .increment = 1 157 }, 158 .digest_size = { 159 .min = 1, 160 .max = 32, 161 .increment = 1 162 }, 163 .iv_size = { 0 } 164 }, } 165 }, } 166 }, 167 { /* SHA256 */ 168 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 169 {.sym = { 170 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 171 {.auth = { 172 .algo = RTE_CRYPTO_AUTH_SHA256, 173 .block_size = 64, 174 .key_size = { 175 .min = 0, 176 .max = 0, 177 .increment = 0 178 }, 179 .digest_size = { 180 .min = 32, 181 .max = 32, 182 .increment = 0 183 }, 184 .iv_size = { 0 } 185 }, } 186 }, } 187 }, 188 { /* SHA384 HMAC */ 189 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 190 {.sym = { 191 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 192 {.auth = { 193 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 194 .block_size = 128, 195 .key_size = { 196 .min = 1, 197 .max = 128, 198 .increment = 1 199 }, 200 .digest_size = { 201 .min = 1, 202 .max = 48, 203 .increment = 1 204 }, 205 .iv_size = { 0 } 206 }, } 207 }, } 208 }, 209 { /* SHA384 */ 210 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 211 {.sym = { 212 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 213 {.auth = { 214 .algo = RTE_CRYPTO_AUTH_SHA384, 215 .block_size = 128, 216 .key_size = { 217 .min = 0, 218 .max = 0, 219 .increment = 0 220 }, 221 .digest_size = { 222 .min = 48, 223 .max = 48, 224 .increment = 0 225 }, 226 .iv_size = { 0 } 227 }, } 228 }, } 229 }, 230 { /* SHA512 HMAC */ 231 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 232 {.sym = { 233 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 234 {.auth = { 235 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 236 .block_size = 128, 237 .key_size = { 238 .min = 1, 239 .max = 128, 240 .increment = 1 241 }, 242 .digest_size = { 243 .min = 1, 244 .max = 64, 245 .increment = 1 246 }, 247 .iv_size = { 0 } 248 }, } 249 }, } 250 }, 251 { /* SHA512 */ 252 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 253 {.sym = { 254 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 255 {.auth = { 256 .algo = RTE_CRYPTO_AUTH_SHA512, 257 .block_size = 128, 258 .key_size = { 259 .min = 0, 260 .max = 0, 261 .increment = 0 262 }, 263 .digest_size = { 264 .min = 64, 265 .max = 64, 266 .increment = 0 267 }, 268 .iv_size = { 0 } 269 }, } 270 }, } 271 }, 272 { /* AES CBC */ 273 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 274 {.sym = { 275 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 276 {.cipher = { 277 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 278 .block_size = 16, 279 .key_size = { 280 .min = 16, 281 .max = 32, 282 .increment = 8 283 }, 284 .iv_size = { 285 .min = 16, 286 .max = 16, 287 .increment = 0 288 } 289 }, } 290 }, } 291 }, 292 { /* AES CTR */ 293 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 294 {.sym = { 295 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 296 {.cipher = { 297 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 298 .block_size = 16, 299 .key_size = { 300 .min = 16, 301 .max = 32, 302 .increment = 8 303 }, 304 .iv_size = { 305 .min = 16, 306 .max = 16, 307 .increment = 0 308 } 309 }, } 310 }, } 311 }, 312 { /* AES GCM */ 313 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 314 {.sym = { 315 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 316 {.aead = { 317 .algo = RTE_CRYPTO_AEAD_AES_GCM, 318 .block_size = 16, 319 .key_size = { 320 .min = 16, 321 .max = 32, 322 .increment = 8 323 }, 324 .digest_size = { 325 .min = 16, 326 .max = 16, 327 .increment = 0 328 }, 329 .aad_size = { 330 .min = 0, 331 .max = 65535, 332 .increment = 1 333 }, 334 .iv_size = { 335 .min = 12, 336 .max = 16, 337 .increment = 4 338 }, 339 }, } 340 }, } 341 }, 342 { /* AES CCM */ 343 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 344 {.sym = { 345 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 346 {.aead = { 347 .algo = RTE_CRYPTO_AEAD_AES_CCM, 348 .block_size = 16, 349 .key_size = { 350 .min = 16, 351 .max = 32, 352 .increment = 8 353 }, 354 .digest_size = { 355 .min = 4, 356 .max = 16, 357 .increment = 2 358 }, 359 .aad_size = { 360 .min = 0, 361 .max = 65535, 362 .increment = 1 363 }, 364 .iv_size = { 365 .min = 7, 366 .max = 13, 367 .increment = 1 368 }, 369 }, } 370 }, } 371 }, 372 { /* AES GMAC (AUTH) */ 373 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 374 {.sym = { 375 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 376 {.auth = { 377 .algo = RTE_CRYPTO_AUTH_AES_GMAC, 378 .block_size = 16, 379 .key_size = { 380 .min = 16, 381 .max = 32, 382 .increment = 8 383 }, 384 .digest_size = { 385 .min = 16, 386 .max = 16, 387 .increment = 0 388 }, 389 .iv_size = { 390 .min = 12, 391 .max = 16, 392 .increment = 4 393 } 394 }, } 395 }, } 396 }, 397 { /* AES CMAC (AUTH) */ 398 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 399 {.sym = { 400 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 401 {.auth = { 402 .algo = RTE_CRYPTO_AUTH_AES_CMAC, 403 .block_size = 16, 404 .key_size = { 405 .min = 16, 406 .max = 32, 407 .increment = 8 408 }, 409 .digest_size = { 410 .min = 4, 411 .max = 16, 412 .increment = 4 413 }, 414 }, } 415 }, } 416 }, 417 { /* 3DES CBC */ 418 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 419 {.sym = { 420 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 421 {.cipher = { 422 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 423 .block_size = 8, 424 .key_size = { 425 .min = 8, 426 .max = 24, 427 .increment = 8 428 }, 429 .iv_size = { 430 .min = 8, 431 .max = 8, 432 .increment = 0 433 } 434 }, } 435 }, } 436 }, 437 { /* 3DES CTR */ 438 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 439 {.sym = { 440 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 441 {.cipher = { 442 .algo = RTE_CRYPTO_CIPHER_3DES_CTR, 443 .block_size = 8, 444 .key_size = { 445 .min = 16, 446 .max = 24, 447 .increment = 8 448 }, 449 .iv_size = { 450 .min = 8, 451 .max = 8, 452 .increment = 0 453 } 454 }, } 455 }, } 456 }, 457 { /* DES CBC */ 458 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 459 {.sym = { 460 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 461 {.cipher = { 462 .algo = RTE_CRYPTO_CIPHER_DES_CBC, 463 .block_size = 8, 464 .key_size = { 465 .min = 8, 466 .max = 8, 467 .increment = 0 468 }, 469 .iv_size = { 470 .min = 8, 471 .max = 8, 472 .increment = 0 473 } 474 }, } 475 }, } 476 }, 477 { /* DES DOCSIS BPI */ 478 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 479 {.sym = { 480 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 481 {.cipher = { 482 .algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI, 483 .block_size = 8, 484 .key_size = { 485 .min = 8, 486 .max = 8, 487 .increment = 0 488 }, 489 .iv_size = { 490 .min = 8, 491 .max = 8, 492 .increment = 0 493 } 494 }, } 495 }, } 496 }, 497 { /* RSA */ 498 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 499 {.asym = { 500 .xform_capa = { 501 .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, 502 .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | 503 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | 504 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | 505 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), 506 { 507 .modlen = { 508 /* min length is based on openssl rsa keygen */ 509 .min = 30, 510 /* value 0 symbolizes no limit on max length */ 511 .max = 0, 512 .increment = 1 513 }, } 514 } 515 }, 516 } 517 }, 518 { /* modexp */ 519 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 520 {.asym = { 521 .xform_capa = { 522 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX, 523 .op_types = 0, 524 { 525 .modlen = { 526 /* value 0 symbolizes no limit on min length */ 527 .min = 0, 528 /* value 0 symbolizes no limit on max length */ 529 .max = 0, 530 .increment = 1 531 }, } 532 } 533 }, 534 } 535 }, 536 { /* modinv */ 537 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 538 {.asym = { 539 .xform_capa = { 540 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV, 541 .op_types = 0, 542 { 543 .modlen = { 544 /* value 0 symbolizes no limit on min length */ 545 .min = 0, 546 /* value 0 symbolizes no limit on max length */ 547 .max = 0, 548 .increment = 1 549 }, } 550 } 551 }, 552 } 553 }, 554 { /* dh */ 555 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 556 {.asym = { 557 .xform_capa = { 558 .xform_type = RTE_CRYPTO_ASYM_XFORM_DH, 559 .op_types = 560 ((1<<RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE) | 561 (1 << RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE | 562 (1 << 563 RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE))), 564 { 565 .modlen = { 566 /* value 0 symbolizes no limit on min length */ 567 .min = 0, 568 /* value 0 symbolizes no limit on max length */ 569 .max = 0, 570 .increment = 1 571 }, } 572 } 573 }, 574 } 575 }, 576 { /* dsa */ 577 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 578 {.asym = { 579 .xform_capa = { 580 .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA, 581 .op_types = 582 ((1<<RTE_CRYPTO_ASYM_OP_SIGN) | 583 (1 << RTE_CRYPTO_ASYM_OP_VERIFY)), 584 { 585 .modlen = { 586 /* value 0 symbolizes no limit on min length */ 587 .min = 0, 588 /* value 0 symbolizes no limit on max length */ 589 .max = 0, 590 .increment = 1 591 }, } 592 } 593 }, 594 } 595 }, 596 { /* SM2 */ 597 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 598 {.asym = { 599 .xform_capa = { 600 .xform_type = RTE_CRYPTO_ASYM_XFORM_SM2, 601 .hash_algos = (1 << RTE_CRYPTO_AUTH_SM3), 602 .op_types = 603 ((1<<RTE_CRYPTO_ASYM_OP_SIGN) | 604 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | 605 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | 606 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), 607 {.internal_rng = 1 608 } 609 } 610 } 611 } 612 }, 613 614 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 615 }; 616 617 618 /** Configure device */ 619 static int 620 openssl_pmd_config(__rte_unused struct rte_cryptodev *dev, 621 __rte_unused struct rte_cryptodev_config *config) 622 { 623 return 0; 624 } 625 626 /** Start device */ 627 static int 628 openssl_pmd_start(__rte_unused struct rte_cryptodev *dev) 629 { 630 return 0; 631 } 632 633 /** Stop device */ 634 static void 635 openssl_pmd_stop(__rte_unused struct rte_cryptodev *dev) 636 { 637 } 638 639 /** Close device */ 640 static int 641 openssl_pmd_close(__rte_unused struct rte_cryptodev *dev) 642 { 643 return 0; 644 } 645 646 647 /** Get device statistics */ 648 static void 649 openssl_pmd_stats_get(struct rte_cryptodev *dev, 650 struct rte_cryptodev_stats *stats) 651 { 652 int qp_id; 653 654 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) { 655 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 656 657 stats->enqueued_count += qp->stats.enqueued_count; 658 stats->dequeued_count += qp->stats.dequeued_count; 659 660 stats->enqueue_err_count += qp->stats.enqueue_err_count; 661 stats->dequeue_err_count += qp->stats.dequeue_err_count; 662 } 663 } 664 665 /** Reset device statistics */ 666 static void 667 openssl_pmd_stats_reset(struct rte_cryptodev *dev) 668 { 669 int qp_id; 670 671 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) { 672 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 673 674 memset(&qp->stats, 0, sizeof(qp->stats)); 675 } 676 } 677 678 679 /** Get device info */ 680 static void 681 openssl_pmd_info_get(struct rte_cryptodev *dev, 682 struct rte_cryptodev_info *dev_info) 683 { 684 struct openssl_private *internals = dev->data->dev_private; 685 686 if (dev_info != NULL) { 687 dev_info->driver_id = dev->driver_id; 688 dev_info->feature_flags = dev->feature_flags; 689 dev_info->capabilities = openssl_pmd_capabilities; 690 dev_info->max_nb_queue_pairs = internals->max_nb_qpairs; 691 /* No limit of number of sessions */ 692 dev_info->sym.max_nb_sessions = 0; 693 } 694 } 695 696 /** Release queue pair */ 697 static int 698 openssl_pmd_qp_release(struct rte_cryptodev *dev, uint16_t qp_id) 699 { 700 if (dev->data->queue_pairs[qp_id] != NULL) { 701 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 702 703 rte_ring_free(qp->processed_ops); 704 705 rte_free(dev->data->queue_pairs[qp_id]); 706 dev->data->queue_pairs[qp_id] = NULL; 707 } 708 return 0; 709 } 710 711 /** set a unique name for the queue pair based on it's name, dev_id and qp_id */ 712 static int 713 openssl_pmd_qp_set_unique_name(struct rte_cryptodev *dev, 714 struct openssl_qp *qp) 715 { 716 unsigned int n = snprintf(qp->name, sizeof(qp->name), 717 "openssl_pmd_%u_qp_%u", 718 dev->data->dev_id, qp->id); 719 720 if (n >= sizeof(qp->name)) 721 return -1; 722 723 return 0; 724 } 725 726 727 /** Create a ring to place processed operations on */ 728 static struct rte_ring * 729 openssl_pmd_qp_create_processed_ops_ring(struct openssl_qp *qp, 730 unsigned int ring_size, int socket_id) 731 { 732 struct rte_ring *r; 733 734 r = rte_ring_lookup(qp->name); 735 if (r) { 736 if (rte_ring_get_size(r) >= ring_size) { 737 OPENSSL_LOG(INFO, 738 "Reusing existing ring %s for processed ops", 739 qp->name); 740 return r; 741 } 742 743 OPENSSL_LOG(ERR, 744 "Unable to reuse existing ring %s for processed ops", 745 qp->name); 746 return NULL; 747 } 748 749 return rte_ring_create(qp->name, ring_size, socket_id, 750 RING_F_SP_ENQ | RING_F_SC_DEQ); 751 } 752 753 754 /** Setup a queue pair */ 755 static int 756 openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, 757 const struct rte_cryptodev_qp_conf *qp_conf, 758 int socket_id) 759 { 760 struct openssl_qp *qp = NULL; 761 762 /* Free memory prior to re-allocation if needed. */ 763 if (dev->data->queue_pairs[qp_id] != NULL) 764 openssl_pmd_qp_release(dev, qp_id); 765 766 /* Allocate the queue pair data structure. */ 767 qp = rte_zmalloc_socket("OPENSSL PMD Queue Pair", sizeof(*qp), 768 RTE_CACHE_LINE_SIZE, socket_id); 769 if (qp == NULL) 770 return -ENOMEM; 771 772 qp->id = qp_id; 773 dev->data->queue_pairs[qp_id] = qp; 774 775 if (openssl_pmd_qp_set_unique_name(dev, qp)) 776 goto qp_setup_cleanup; 777 778 qp->processed_ops = openssl_pmd_qp_create_processed_ops_ring(qp, 779 qp_conf->nb_descriptors, socket_id); 780 if (qp->processed_ops == NULL) 781 goto qp_setup_cleanup; 782 783 qp->sess_mp = qp_conf->mp_session; 784 785 memset(&qp->stats, 0, sizeof(qp->stats)); 786 787 return 0; 788 789 qp_setup_cleanup: 790 rte_free(qp); 791 792 return -1; 793 } 794 795 /** Returns the size of the symmetric session structure */ 796 static unsigned 797 openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused) 798 { 799 return sizeof(struct openssl_session); 800 } 801 802 /** Returns the size of the asymmetric session structure */ 803 static unsigned 804 openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused) 805 { 806 return sizeof(struct openssl_asym_session); 807 } 808 809 /** Configure the session from a crypto xform chain */ 810 static int 811 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused, 812 struct rte_crypto_sym_xform *xform, 813 struct rte_cryptodev_sym_session *sess) 814 { 815 void *sess_private_data = CRYPTODEV_GET_SYM_SESS_PRIV(sess); 816 int ret; 817 818 if (unlikely(sess == NULL)) { 819 OPENSSL_LOG(ERR, "invalid session struct"); 820 return -EINVAL; 821 } 822 823 ret = openssl_set_session_parameters(sess_private_data, xform); 824 if (ret != 0) { 825 OPENSSL_LOG(ERR, "failed configure session parameters"); 826 827 /* Return session to mempool */ 828 return ret; 829 } 830 831 return 0; 832 } 833 834 static int openssl_set_asym_session_parameters( 835 struct openssl_asym_session *asym_session, 836 struct rte_crypto_asym_xform *xform) 837 { 838 int ret = -1; 839 840 if ((xform->xform_type != RTE_CRYPTO_ASYM_XFORM_DH) && 841 (xform->next != NULL)) { 842 OPENSSL_LOG(ERR, "chained xfrms are not supported on %s", 843 rte_cryptodev_asym_get_xform_string(xform->xform_type)); 844 return ret; 845 } 846 847 switch (xform->xform_type) { 848 case RTE_CRYPTO_ASYM_XFORM_RSA: 849 { 850 BIGNUM *n = NULL; 851 BIGNUM *e = NULL; 852 BIGNUM *d = NULL; 853 BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL; 854 BIGNUM *iqmp = NULL, *dmq1 = NULL; 855 856 /* copy xfrm data into rsa struct */ 857 n = BN_bin2bn((const unsigned char *)xform->rsa.n.data, 858 xform->rsa.n.length, n); 859 e = BN_bin2bn((const unsigned char *)xform->rsa.e.data, 860 xform->rsa.e.length, e); 861 862 if (!n || !e) 863 goto err_rsa; 864 865 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 866 OSSL_PARAM_BLD * param_bld = OSSL_PARAM_BLD_new(); 867 if (!param_bld) { 868 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 869 goto err_rsa; 870 } 871 872 if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, n) 873 || !OSSL_PARAM_BLD_push_BN(param_bld, 874 OSSL_PKEY_PARAM_RSA_E, e)) { 875 OSSL_PARAM_BLD_free(param_bld); 876 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 877 goto err_rsa; 878 } 879 880 if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) { 881 d = BN_bin2bn( 882 (const unsigned char *)xform->rsa.d.data, 883 xform->rsa.d.length, 884 d); 885 if (!d) { 886 OSSL_PARAM_BLD_free(param_bld); 887 goto err_rsa; 888 } 889 } else { 890 p = BN_bin2bn((const unsigned char *) 891 xform->rsa.qt.p.data, 892 xform->rsa.qt.p.length, 893 p); 894 q = BN_bin2bn((const unsigned char *) 895 xform->rsa.qt.q.data, 896 xform->rsa.qt.q.length, 897 q); 898 dmp1 = BN_bin2bn((const unsigned char *) 899 xform->rsa.qt.dP.data, 900 xform->rsa.qt.dP.length, 901 dmp1); 902 dmq1 = BN_bin2bn((const unsigned char *) 903 xform->rsa.qt.dQ.data, 904 xform->rsa.qt.dQ.length, 905 dmq1); 906 iqmp = BN_bin2bn((const unsigned char *) 907 xform->rsa.qt.qInv.data, 908 xform->rsa.qt.qInv.length, 909 iqmp); 910 911 if (!p || !q || !dmp1 || !dmq1 || !iqmp) { 912 OSSL_PARAM_BLD_free(param_bld); 913 goto err_rsa; 914 } 915 916 if (!OSSL_PARAM_BLD_push_BN(param_bld, 917 OSSL_PKEY_PARAM_RSA_FACTOR1, p) 918 || !OSSL_PARAM_BLD_push_BN(param_bld, 919 OSSL_PKEY_PARAM_RSA_FACTOR2, q) 920 || !OSSL_PARAM_BLD_push_BN(param_bld, 921 OSSL_PKEY_PARAM_RSA_EXPONENT1, dmp1) 922 || !OSSL_PARAM_BLD_push_BN(param_bld, 923 OSSL_PKEY_PARAM_RSA_EXPONENT2, dmq1) 924 || !OSSL_PARAM_BLD_push_BN(param_bld, 925 OSSL_PKEY_PARAM_RSA_COEFFICIENT1, iqmp)) { 926 OSSL_PARAM_BLD_free(param_bld); 927 goto err_rsa; 928 } 929 } 930 931 if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, n) 932 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, e) 933 || !OSSL_PARAM_BLD_push_BN(param_bld, 934 OSSL_PKEY_PARAM_RSA_D, d)) { 935 OSSL_PARAM_BLD_free(param_bld); 936 goto err_rsa; 937 } 938 939 EVP_PKEY_CTX *key_ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); 940 EVP_PKEY *pkey = NULL; 941 EVP_PKEY_CTX *rsa_ctx = NULL; 942 OSSL_PARAM *params = NULL; 943 944 params = OSSL_PARAM_BLD_to_param(param_bld); 945 if (!params) { 946 OSSL_PARAM_BLD_free(param_bld); 947 goto err_rsa; 948 } 949 950 if (key_ctx == NULL 951 || EVP_PKEY_fromdata_init(key_ctx) <= 0 952 || EVP_PKEY_fromdata(key_ctx, &pkey, 953 EVP_PKEY_KEYPAIR, params) <= 0) { 954 OSSL_PARAM_free(params); 955 goto err_rsa; 956 } 957 958 rsa_ctx = EVP_PKEY_CTX_new(pkey, NULL); 959 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA; 960 asym_session->u.r.ctx = rsa_ctx; 961 EVP_PKEY_free(pkey); 962 EVP_PKEY_CTX_free(key_ctx); 963 OSSL_PARAM_BLD_free(param_bld); 964 OSSL_PARAM_free(params); 965 ret = 0; 966 #else 967 RSA *rsa = RSA_new(); 968 if (rsa == NULL) 969 goto err_rsa; 970 971 if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) { 972 d = BN_bin2bn( 973 (const unsigned char *)xform->rsa.d.data, 974 xform->rsa.d.length, 975 d); 976 if (!d) { 977 RSA_free(rsa); 978 goto err_rsa; 979 } 980 } else { 981 p = BN_bin2bn((const unsigned char *) 982 xform->rsa.qt.p.data, 983 xform->rsa.qt.p.length, 984 p); 985 q = BN_bin2bn((const unsigned char *) 986 xform->rsa.qt.q.data, 987 xform->rsa.qt.q.length, 988 q); 989 dmp1 = BN_bin2bn((const unsigned char *) 990 xform->rsa.qt.dP.data, 991 xform->rsa.qt.dP.length, 992 dmp1); 993 dmq1 = BN_bin2bn((const unsigned char *) 994 xform->rsa.qt.dQ.data, 995 xform->rsa.qt.dQ.length, 996 dmq1); 997 iqmp = BN_bin2bn((const unsigned char *) 998 xform->rsa.qt.qInv.data, 999 xform->rsa.qt.qInv.length, 1000 iqmp); 1001 1002 if (!p || !q || !dmp1 || !dmq1 || !iqmp) { 1003 RSA_free(rsa); 1004 goto err_rsa; 1005 } 1006 ret = set_rsa_params(rsa, p, q); 1007 if (ret) { 1008 OPENSSL_LOG(ERR, 1009 "failed to set rsa params\n"); 1010 RSA_free(rsa); 1011 goto err_rsa; 1012 } 1013 ret = set_rsa_crt_params(rsa, dmp1, dmq1, iqmp); 1014 if (ret) { 1015 OPENSSL_LOG(ERR, 1016 "failed to set crt params\n"); 1017 RSA_free(rsa); 1018 /* 1019 * set already populated params to NULL 1020 * as its freed by call to RSA_free 1021 */ 1022 p = q = NULL; 1023 goto err_rsa; 1024 } 1025 } 1026 1027 ret = set_rsa_keys(rsa, n, e, d); 1028 if (ret) { 1029 OPENSSL_LOG(ERR, "Failed to load rsa keys\n"); 1030 RSA_free(rsa); 1031 return ret; 1032 } 1033 asym_session->u.r.rsa = rsa; 1034 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA; 1035 ret = 0; 1036 #endif 1037 err_rsa: 1038 BN_clear_free(n); 1039 BN_clear_free(e); 1040 BN_clear_free(d); 1041 BN_clear_free(p); 1042 BN_clear_free(q); 1043 BN_clear_free(dmp1); 1044 BN_clear_free(dmq1); 1045 BN_clear_free(iqmp); 1046 1047 return ret; 1048 } 1049 case RTE_CRYPTO_ASYM_XFORM_MODEX: 1050 { 1051 struct rte_crypto_modex_xform *xfrm = &(xform->modex); 1052 1053 BN_CTX *ctx = BN_CTX_new(); 1054 if (ctx == NULL) { 1055 OPENSSL_LOG(ERR, 1056 " failed to allocate resources\n"); 1057 return ret; 1058 } 1059 BN_CTX_start(ctx); 1060 BIGNUM *mod = BN_CTX_get(ctx); 1061 BIGNUM *exp = BN_CTX_get(ctx); 1062 if (mod == NULL || exp == NULL) { 1063 BN_CTX_end(ctx); 1064 BN_CTX_free(ctx); 1065 return ret; 1066 } 1067 1068 mod = BN_bin2bn((const unsigned char *) 1069 xfrm->modulus.data, 1070 xfrm->modulus.length, mod); 1071 exp = BN_bin2bn((const unsigned char *) 1072 xfrm->exponent.data, 1073 xfrm->exponent.length, exp); 1074 asym_session->u.e.ctx = ctx; 1075 asym_session->u.e.mod = mod; 1076 asym_session->u.e.exp = exp; 1077 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODEX; 1078 break; 1079 } 1080 case RTE_CRYPTO_ASYM_XFORM_MODINV: 1081 { 1082 struct rte_crypto_modinv_xform *xfrm = &(xform->modinv); 1083 1084 BN_CTX *ctx = BN_CTX_new(); 1085 if (ctx == NULL) { 1086 OPENSSL_LOG(ERR, 1087 " failed to allocate resources\n"); 1088 return ret; 1089 } 1090 BN_CTX_start(ctx); 1091 BIGNUM *mod = BN_CTX_get(ctx); 1092 if (mod == NULL) { 1093 BN_CTX_end(ctx); 1094 BN_CTX_free(ctx); 1095 return ret; 1096 } 1097 1098 mod = BN_bin2bn((const unsigned char *) 1099 xfrm->modulus.data, 1100 xfrm->modulus.length, 1101 mod); 1102 asym_session->u.m.ctx = ctx; 1103 asym_session->u.m.modulus = mod; 1104 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV; 1105 break; 1106 } 1107 case RTE_CRYPTO_ASYM_XFORM_DH: 1108 { 1109 BIGNUM *p = NULL; 1110 BIGNUM *g = NULL; 1111 1112 p = BN_bin2bn((const unsigned char *) 1113 xform->dh.p.data, 1114 xform->dh.p.length, 1115 p); 1116 g = BN_bin2bn((const unsigned char *) 1117 xform->dh.g.data, 1118 xform->dh.g.length, 1119 g); 1120 if (!p || !g) 1121 goto err_dh; 1122 1123 DH *dh = NULL; 1124 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1125 OSSL_PARAM_BLD *param_bld = NULL; 1126 param_bld = OSSL_PARAM_BLD_new(); 1127 if (!param_bld) { 1128 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 1129 goto err_dh; 1130 } 1131 if ((!OSSL_PARAM_BLD_push_utf8_string(param_bld, 1132 "group", "ffdhe2048", 0)) 1133 || (!OSSL_PARAM_BLD_push_BN(param_bld, 1134 OSSL_PKEY_PARAM_FFC_P, p)) 1135 || (!OSSL_PARAM_BLD_push_BN(param_bld, 1136 OSSL_PKEY_PARAM_FFC_G, g))) { 1137 OSSL_PARAM_BLD_free(param_bld); 1138 goto err_dh; 1139 } 1140 1141 OSSL_PARAM_BLD *param_bld_peer = NULL; 1142 param_bld_peer = OSSL_PARAM_BLD_new(); 1143 if (!param_bld_peer) { 1144 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 1145 OSSL_PARAM_BLD_free(param_bld); 1146 goto err_dh; 1147 } 1148 if ((!OSSL_PARAM_BLD_push_utf8_string(param_bld_peer, 1149 "group", "ffdhe2048", 0)) 1150 || (!OSSL_PARAM_BLD_push_BN(param_bld_peer, 1151 OSSL_PKEY_PARAM_FFC_P, p)) 1152 || (!OSSL_PARAM_BLD_push_BN(param_bld_peer, 1153 OSSL_PKEY_PARAM_FFC_G, g))) { 1154 OSSL_PARAM_BLD_free(param_bld); 1155 OSSL_PARAM_BLD_free(param_bld_peer); 1156 goto err_dh; 1157 } 1158 1159 asym_session->u.dh.param_bld = param_bld; 1160 asym_session->u.dh.param_bld_peer = param_bld_peer; 1161 #else 1162 dh = DH_new(); 1163 if (dh == NULL) { 1164 OPENSSL_LOG(ERR, 1165 "failed to allocate resources\n"); 1166 goto err_dh; 1167 } 1168 ret = set_dh_params(dh, p, g); 1169 if (ret) { 1170 DH_free(dh); 1171 goto err_dh; 1172 } 1173 #endif 1174 asym_session->u.dh.dh_key = dh; 1175 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH; 1176 break; 1177 1178 err_dh: 1179 OPENSSL_LOG(ERR, " failed to set dh params\n"); 1180 BN_free(p); 1181 BN_free(g); 1182 return -1; 1183 } 1184 case RTE_CRYPTO_ASYM_XFORM_DSA: 1185 { 1186 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1187 BIGNUM *p = NULL, *g = NULL; 1188 BIGNUM *q = NULL, *priv_key = NULL; 1189 BIGNUM *pub_key = NULL; 1190 OSSL_PARAM_BLD *param_bld = NULL; 1191 1192 p = BN_bin2bn((const unsigned char *) 1193 xform->dsa.p.data, 1194 xform->dsa.p.length, 1195 p); 1196 1197 g = BN_bin2bn((const unsigned char *) 1198 xform->dsa.g.data, 1199 xform->dsa.g.length, 1200 g); 1201 1202 q = BN_bin2bn((const unsigned char *) 1203 xform->dsa.q.data, 1204 xform->dsa.q.length, 1205 q); 1206 if (!p || !q || !g) 1207 goto err_dsa; 1208 1209 priv_key = BN_bin2bn((const unsigned char *) 1210 xform->dsa.x.data, 1211 xform->dsa.x.length, 1212 priv_key); 1213 if (priv_key == NULL) 1214 goto err_dsa; 1215 1216 param_bld = OSSL_PARAM_BLD_new(); 1217 if (!param_bld) { 1218 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 1219 goto err_dsa; 1220 } 1221 1222 if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, p) 1223 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, g) 1224 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, q) 1225 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, priv_key)) { 1226 OSSL_PARAM_BLD_free(param_bld); 1227 OPENSSL_LOG(ERR, "failed to allocate resources\n"); 1228 goto err_dsa; 1229 } 1230 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA; 1231 asym_session->u.s.param_bld = param_bld; 1232 1233 break; 1234 #else 1235 BIGNUM *p = NULL, *g = NULL; 1236 BIGNUM *q = NULL, *priv_key = NULL; 1237 BIGNUM *pub_key = BN_new(); 1238 BN_zero(pub_key); 1239 1240 p = BN_bin2bn((const unsigned char *) 1241 xform->dsa.p.data, 1242 xform->dsa.p.length, 1243 p); 1244 1245 g = BN_bin2bn((const unsigned char *) 1246 xform->dsa.g.data, 1247 xform->dsa.g.length, 1248 g); 1249 1250 q = BN_bin2bn((const unsigned char *) 1251 xform->dsa.q.data, 1252 xform->dsa.q.length, 1253 q); 1254 if (!p || !q || !g) 1255 goto err_dsa; 1256 1257 priv_key = BN_bin2bn((const unsigned char *) 1258 xform->dsa.x.data, 1259 xform->dsa.x.length, 1260 priv_key); 1261 if (priv_key == NULL) 1262 goto err_dsa; 1263 1264 DSA *dsa = DSA_new(); 1265 if (dsa == NULL) { 1266 OPENSSL_LOG(ERR, 1267 " failed to allocate resources\n"); 1268 goto err_dsa; 1269 } 1270 1271 ret = set_dsa_params(dsa, p, q, g); 1272 if (ret) { 1273 DSA_free(dsa); 1274 OPENSSL_LOG(ERR, "Failed to dsa params\n"); 1275 goto err_dsa; 1276 } 1277 1278 /* 1279 * openssl 1.1.0 mandate that public key can't be 1280 * NULL in very first call. so set a dummy pub key. 1281 * to keep consistency, lets follow same approach for 1282 * both versions 1283 */ 1284 /* just set dummy public for very 1st call */ 1285 ret = set_dsa_keys(dsa, pub_key, priv_key); 1286 if (ret) { 1287 DSA_free(dsa); 1288 OPENSSL_LOG(ERR, "Failed to set keys\n"); 1289 return -1; 1290 } 1291 asym_session->u.s.dsa = dsa; 1292 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA; 1293 break; 1294 #endif 1295 err_dsa: 1296 BN_free(p); 1297 BN_free(q); 1298 BN_free(g); 1299 BN_free(priv_key); 1300 BN_free(pub_key); 1301 return -1; 1302 } 1303 case RTE_CRYPTO_ASYM_XFORM_SM2: 1304 { 1305 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1306 #ifndef OPENSSL_NO_SM2 1307 OSSL_PARAM_BLD *param_bld = NULL; 1308 OSSL_PARAM *params = NULL; 1309 BIGNUM *pkey_bn = NULL; 1310 uint8_t pubkey[64]; 1311 size_t len = 0; 1312 int ret = -1; 1313 1314 param_bld = OSSL_PARAM_BLD_new(); 1315 if (!param_bld) { 1316 OPENSSL_LOG(ERR, "failed to allocate params\n"); 1317 goto err_sm2; 1318 } 1319 1320 ret = OSSL_PARAM_BLD_push_utf8_string(param_bld, 1321 OSSL_ASYM_CIPHER_PARAM_DIGEST, "SM3", 0); 1322 if (!ret) { 1323 OPENSSL_LOG(ERR, "failed to push params\n"); 1324 goto err_sm2; 1325 } 1326 1327 ret = OSSL_PARAM_BLD_push_utf8_string(param_bld, 1328 OSSL_PKEY_PARAM_GROUP_NAME, "SM2", 0); 1329 if (!ret) { 1330 OPENSSL_LOG(ERR, "failed to push params\n"); 1331 goto err_sm2; 1332 } 1333 1334 pkey_bn = BN_bin2bn((const unsigned char *)xform->ec.pkey.data, 1335 xform->ec.pkey.length, pkey_bn); 1336 1337 ret = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, 1338 pkey_bn); 1339 if (!ret) { 1340 OPENSSL_LOG(ERR, "failed to push params\n"); 1341 goto err_sm2; 1342 } 1343 1344 memset(pubkey, 0, sizeof(pubkey)); 1345 pubkey[0] = 0x04; 1346 len += 1; 1347 memcpy(&pubkey[len], xform->ec.q.x.data, xform->ec.q.x.length); 1348 len += xform->ec.q.x.length; 1349 memcpy(&pubkey[len], xform->ec.q.y.data, xform->ec.q.y.length); 1350 len += xform->ec.q.y.length; 1351 1352 ret = OSSL_PARAM_BLD_push_octet_string(param_bld, 1353 OSSL_PKEY_PARAM_PUB_KEY, pubkey, len); 1354 if (!ret) { 1355 OPENSSL_LOG(ERR, "failed to push params\n"); 1356 goto err_sm2; 1357 } 1358 1359 params = OSSL_PARAM_BLD_to_param(param_bld); 1360 if (!params) { 1361 OPENSSL_LOG(ERR, "failed to push params\n"); 1362 goto err_sm2; 1363 } 1364 1365 asym_session->u.sm2.params = params; 1366 OSSL_PARAM_BLD_free(param_bld); 1367 BN_free(pkey_bn); 1368 1369 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_SM2; 1370 break; 1371 err_sm2: 1372 if (param_bld) 1373 OSSL_PARAM_BLD_free(param_bld); 1374 1375 if (asym_session->u.sm2.params) 1376 OSSL_PARAM_free(asym_session->u.sm2.params); 1377 1378 BN_free(pkey_bn); 1379 return -1; 1380 #else 1381 OPENSSL_LOG(WARNING, "SM2 unsupported in current OpenSSL Version"); 1382 return -ENOTSUP; 1383 #endif 1384 #else 1385 OPENSSL_LOG(WARNING, "SM2 unsupported for OpenSSL Version < 3.0"); 1386 return -ENOTSUP; 1387 #endif 1388 } 1389 default: 1390 return ret; 1391 } 1392 1393 return 0; 1394 } 1395 1396 /** Configure the session from a crypto xform chain */ 1397 static int 1398 openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused, 1399 struct rte_crypto_asym_xform *xform, 1400 struct rte_cryptodev_asym_session *sess) 1401 { 1402 void *asym_sess_private_data; 1403 int ret; 1404 1405 if (unlikely(sess == NULL)) { 1406 OPENSSL_LOG(ERR, "invalid asymmetric session struct"); 1407 return -EINVAL; 1408 } 1409 1410 asym_sess_private_data = sess->sess_private_data; 1411 ret = openssl_set_asym_session_parameters(asym_sess_private_data, 1412 xform); 1413 if (ret != 0) { 1414 OPENSSL_LOG(ERR, "failed configure session parameters"); 1415 return ret; 1416 } 1417 1418 return 0; 1419 } 1420 1421 /** Clear the memory of session so it doesn't leave key material behind */ 1422 static void 1423 openssl_pmd_sym_session_clear(struct rte_cryptodev *dev __rte_unused, 1424 struct rte_cryptodev_sym_session *sess) 1425 { 1426 void *sess_priv = CRYPTODEV_GET_SYM_SESS_PRIV(sess); 1427 1428 /* Zero out the whole structure */ 1429 openssl_reset_session(sess_priv); 1430 } 1431 1432 static void openssl_reset_asym_session(struct openssl_asym_session *sess) 1433 { 1434 switch (sess->xfrm_type) { 1435 case RTE_CRYPTO_ASYM_XFORM_RSA: 1436 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1437 EVP_PKEY_CTX_free(sess->u.r.ctx); 1438 #else 1439 if (sess->u.r.rsa) 1440 RSA_free(sess->u.r.rsa); 1441 #endif 1442 break; 1443 case RTE_CRYPTO_ASYM_XFORM_MODEX: 1444 if (sess->u.e.ctx) { 1445 BN_CTX_end(sess->u.e.ctx); 1446 BN_CTX_free(sess->u.e.ctx); 1447 } 1448 break; 1449 case RTE_CRYPTO_ASYM_XFORM_MODINV: 1450 if (sess->u.m.ctx) { 1451 BN_CTX_end(sess->u.m.ctx); 1452 BN_CTX_free(sess->u.m.ctx); 1453 } 1454 break; 1455 case RTE_CRYPTO_ASYM_XFORM_DH: 1456 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1457 OSSL_PARAM_BLD_free(sess->u.dh.param_bld); 1458 OSSL_PARAM_BLD_free(sess->u.dh.param_bld_peer); 1459 sess->u.dh.param_bld = NULL; 1460 sess->u.dh.param_bld_peer = NULL; 1461 #else 1462 if (sess->u.dh.dh_key) 1463 DH_free(sess->u.dh.dh_key); 1464 #endif 1465 break; 1466 case RTE_CRYPTO_ASYM_XFORM_DSA: 1467 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1468 OSSL_PARAM_BLD_free(sess->u.s.param_bld); 1469 sess->u.s.param_bld = NULL; 1470 #else 1471 if (sess->u.s.dsa) 1472 DSA_free(sess->u.s.dsa); 1473 #endif 1474 break; 1475 case RTE_CRYPTO_ASYM_XFORM_SM2: 1476 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 1477 OSSL_PARAM_free(sess->u.sm2.params); 1478 #endif 1479 default: 1480 break; 1481 } 1482 } 1483 1484 /** Clear the memory of asymmetric session 1485 * so it doesn't leave key material behind 1486 */ 1487 static void 1488 openssl_pmd_asym_session_clear(struct rte_cryptodev *dev __rte_unused, 1489 struct rte_cryptodev_asym_session *sess) 1490 { 1491 void *sess_priv = sess->sess_private_data; 1492 1493 /* Zero out the whole structure */ 1494 if (sess_priv) { 1495 openssl_reset_asym_session(sess_priv); 1496 memset(sess_priv, 0, sizeof(struct openssl_asym_session)); 1497 } 1498 } 1499 1500 struct rte_cryptodev_ops openssl_pmd_ops = { 1501 .dev_configure = openssl_pmd_config, 1502 .dev_start = openssl_pmd_start, 1503 .dev_stop = openssl_pmd_stop, 1504 .dev_close = openssl_pmd_close, 1505 1506 .stats_get = openssl_pmd_stats_get, 1507 .stats_reset = openssl_pmd_stats_reset, 1508 1509 .dev_infos_get = openssl_pmd_info_get, 1510 1511 .queue_pair_setup = openssl_pmd_qp_setup, 1512 .queue_pair_release = openssl_pmd_qp_release, 1513 1514 .sym_session_get_size = openssl_pmd_sym_session_get_size, 1515 .asym_session_get_size = openssl_pmd_asym_session_get_size, 1516 .sym_session_configure = openssl_pmd_sym_session_configure, 1517 .asym_session_configure = openssl_pmd_asym_session_configure, 1518 .sym_session_clear = openssl_pmd_sym_session_clear, 1519 .asym_session_clear = openssl_pmd_asym_session_clear 1520 }; 1521 1522 struct rte_cryptodev_ops *rte_openssl_pmd_ops = &openssl_pmd_ops; 1523