1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(c) 2016-2017 Intel Corporation 3 */ 4 5 #include <string.h> 6 7 #include <rte_common.h> 8 #include <rte_malloc.h> 9 #include <rte_cryptodev_pmd.h> 10 11 #include "openssl_pmd_private.h" 12 #include "compat.h" 13 14 15 static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { 16 { /* MD5 HMAC */ 17 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 18 {.sym = { 19 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 20 {.auth = { 21 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 22 .block_size = 64, 23 .key_size = { 24 .min = 1, 25 .max = 64, 26 .increment = 1 27 }, 28 .digest_size = { 29 .min = 1, 30 .max = 16, 31 .increment = 1 32 }, 33 .iv_size = { 0 } 34 }, } 35 }, } 36 }, 37 { /* MD5 */ 38 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 39 {.sym = { 40 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 41 {.auth = { 42 .algo = RTE_CRYPTO_AUTH_MD5, 43 .block_size = 64, 44 .key_size = { 45 .min = 0, 46 .max = 0, 47 .increment = 0 48 }, 49 .digest_size = { 50 .min = 16, 51 .max = 16, 52 .increment = 0 53 }, 54 .iv_size = { 0 } 55 }, } 56 }, } 57 }, 58 { /* SHA1 HMAC */ 59 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 60 {.sym = { 61 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 62 {.auth = { 63 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 64 .block_size = 64, 65 .key_size = { 66 .min = 1, 67 .max = 64, 68 .increment = 1 69 }, 70 .digest_size = { 71 .min = 1, 72 .max = 20, 73 .increment = 1 74 }, 75 .iv_size = { 0 } 76 }, } 77 }, } 78 }, 79 { /* SHA1 */ 80 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 81 {.sym = { 82 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 83 {.auth = { 84 .algo = RTE_CRYPTO_AUTH_SHA1, 85 .block_size = 64, 86 .key_size = { 87 .min = 0, 88 .max = 0, 89 .increment = 0 90 }, 91 .digest_size = { 92 .min = 20, 93 .max = 20, 94 .increment = 0 95 }, 96 .iv_size = { 0 } 97 }, } 98 }, } 99 }, 100 { /* SHA224 HMAC */ 101 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 102 {.sym = { 103 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 104 {.auth = { 105 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 106 .block_size = 64, 107 .key_size = { 108 .min = 1, 109 .max = 64, 110 .increment = 1 111 }, 112 .digest_size = { 113 .min = 1, 114 .max = 28, 115 .increment = 1 116 }, 117 .iv_size = { 0 } 118 }, } 119 }, } 120 }, 121 { /* SHA224 */ 122 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 123 {.sym = { 124 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 125 {.auth = { 126 .algo = RTE_CRYPTO_AUTH_SHA224, 127 .block_size = 64, 128 .key_size = { 129 .min = 0, 130 .max = 0, 131 .increment = 0 132 }, 133 .digest_size = { 134 .min = 1, 135 .max = 28, 136 .increment = 1 137 }, 138 .iv_size = { 0 } 139 }, } 140 }, } 141 }, 142 { /* SHA256 HMAC */ 143 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 144 {.sym = { 145 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 146 {.auth = { 147 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 148 .block_size = 64, 149 .key_size = { 150 .min = 1, 151 .max = 64, 152 .increment = 1 153 }, 154 .digest_size = { 155 .min = 1, 156 .max = 32, 157 .increment = 1 158 }, 159 .iv_size = { 0 } 160 }, } 161 }, } 162 }, 163 { /* SHA256 */ 164 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 165 {.sym = { 166 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 167 {.auth = { 168 .algo = RTE_CRYPTO_AUTH_SHA256, 169 .block_size = 64, 170 .key_size = { 171 .min = 0, 172 .max = 0, 173 .increment = 0 174 }, 175 .digest_size = { 176 .min = 32, 177 .max = 32, 178 .increment = 0 179 }, 180 .iv_size = { 0 } 181 }, } 182 }, } 183 }, 184 { /* SHA384 HMAC */ 185 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 186 {.sym = { 187 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 188 {.auth = { 189 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 190 .block_size = 128, 191 .key_size = { 192 .min = 1, 193 .max = 128, 194 .increment = 1 195 }, 196 .digest_size = { 197 .min = 1, 198 .max = 48, 199 .increment = 1 200 }, 201 .iv_size = { 0 } 202 }, } 203 }, } 204 }, 205 { /* SHA384 */ 206 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 207 {.sym = { 208 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 209 {.auth = { 210 .algo = RTE_CRYPTO_AUTH_SHA384, 211 .block_size = 128, 212 .key_size = { 213 .min = 0, 214 .max = 0, 215 .increment = 0 216 }, 217 .digest_size = { 218 .min = 48, 219 .max = 48, 220 .increment = 0 221 }, 222 .iv_size = { 0 } 223 }, } 224 }, } 225 }, 226 { /* SHA512 HMAC */ 227 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 228 {.sym = { 229 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 230 {.auth = { 231 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 232 .block_size = 128, 233 .key_size = { 234 .min = 1, 235 .max = 128, 236 .increment = 1 237 }, 238 .digest_size = { 239 .min = 1, 240 .max = 64, 241 .increment = 1 242 }, 243 .iv_size = { 0 } 244 }, } 245 }, } 246 }, 247 { /* SHA512 */ 248 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 249 {.sym = { 250 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 251 {.auth = { 252 .algo = RTE_CRYPTO_AUTH_SHA512, 253 .block_size = 128, 254 .key_size = { 255 .min = 0, 256 .max = 0, 257 .increment = 0 258 }, 259 .digest_size = { 260 .min = 64, 261 .max = 64, 262 .increment = 0 263 }, 264 .iv_size = { 0 } 265 }, } 266 }, } 267 }, 268 { /* AES CBC */ 269 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 270 {.sym = { 271 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 272 {.cipher = { 273 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 274 .block_size = 16, 275 .key_size = { 276 .min = 16, 277 .max = 32, 278 .increment = 8 279 }, 280 .iv_size = { 281 .min = 16, 282 .max = 16, 283 .increment = 0 284 } 285 }, } 286 }, } 287 }, 288 { /* AES CTR */ 289 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 290 {.sym = { 291 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 292 {.cipher = { 293 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 294 .block_size = 16, 295 .key_size = { 296 .min = 16, 297 .max = 32, 298 .increment = 8 299 }, 300 .iv_size = { 301 .min = 16, 302 .max = 16, 303 .increment = 0 304 } 305 }, } 306 }, } 307 }, 308 { /* AES GCM */ 309 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 310 {.sym = { 311 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 312 {.aead = { 313 .algo = RTE_CRYPTO_AEAD_AES_GCM, 314 .block_size = 16, 315 .key_size = { 316 .min = 16, 317 .max = 32, 318 .increment = 8 319 }, 320 .digest_size = { 321 .min = 16, 322 .max = 16, 323 .increment = 0 324 }, 325 .aad_size = { 326 .min = 0, 327 .max = 65535, 328 .increment = 1 329 }, 330 .iv_size = { 331 .min = 12, 332 .max = 16, 333 .increment = 4 334 }, 335 }, } 336 }, } 337 }, 338 { /* AES CCM */ 339 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 340 {.sym = { 341 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 342 {.aead = { 343 .algo = RTE_CRYPTO_AEAD_AES_CCM, 344 .block_size = 16, 345 .key_size = { 346 .min = 16, 347 .max = 32, 348 .increment = 8 349 }, 350 .digest_size = { 351 .min = 4, 352 .max = 16, 353 .increment = 2 354 }, 355 .aad_size = { 356 .min = 0, 357 .max = 65535, 358 .increment = 1 359 }, 360 .iv_size = { 361 .min = 7, 362 .max = 13, 363 .increment = 1 364 }, 365 }, } 366 }, } 367 }, 368 { /* AES GMAC (AUTH) */ 369 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 370 {.sym = { 371 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 372 {.auth = { 373 .algo = RTE_CRYPTO_AUTH_AES_GMAC, 374 .block_size = 16, 375 .key_size = { 376 .min = 16, 377 .max = 32, 378 .increment = 8 379 }, 380 .digest_size = { 381 .min = 16, 382 .max = 16, 383 .increment = 0 384 }, 385 .iv_size = { 386 .min = 12, 387 .max = 16, 388 .increment = 4 389 } 390 }, } 391 }, } 392 }, 393 { /* 3DES CBC */ 394 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 395 {.sym = { 396 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 397 {.cipher = { 398 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 399 .block_size = 8, 400 .key_size = { 401 .min = 8, 402 .max = 24, 403 .increment = 8 404 }, 405 .iv_size = { 406 .min = 8, 407 .max = 8, 408 .increment = 0 409 } 410 }, } 411 }, } 412 }, 413 { /* 3DES CTR */ 414 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 415 {.sym = { 416 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 417 {.cipher = { 418 .algo = RTE_CRYPTO_CIPHER_3DES_CTR, 419 .block_size = 8, 420 .key_size = { 421 .min = 16, 422 .max = 24, 423 .increment = 8 424 }, 425 .iv_size = { 426 .min = 8, 427 .max = 8, 428 .increment = 0 429 } 430 }, } 431 }, } 432 }, 433 { /* DES CBC */ 434 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 435 {.sym = { 436 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 437 {.cipher = { 438 .algo = RTE_CRYPTO_CIPHER_DES_CBC, 439 .block_size = 8, 440 .key_size = { 441 .min = 8, 442 .max = 8, 443 .increment = 0 444 }, 445 .iv_size = { 446 .min = 8, 447 .max = 8, 448 .increment = 0 449 } 450 }, } 451 }, } 452 }, 453 { /* DES DOCSIS BPI */ 454 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 455 {.sym = { 456 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 457 {.cipher = { 458 .algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI, 459 .block_size = 8, 460 .key_size = { 461 .min = 8, 462 .max = 8, 463 .increment = 0 464 }, 465 .iv_size = { 466 .min = 8, 467 .max = 8, 468 .increment = 0 469 } 470 }, } 471 }, } 472 }, 473 { /* RSA */ 474 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 475 {.asym = { 476 .xform_capa = { 477 .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, 478 .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | 479 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | 480 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | 481 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), 482 { 483 .modlen = { 484 /* min length is based on openssl rsa keygen */ 485 .min = 30, 486 /* value 0 symbolizes no limit on max length */ 487 .max = 0, 488 .increment = 1 489 }, } 490 } 491 }, 492 } 493 }, 494 { /* modexp */ 495 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 496 {.asym = { 497 .xform_capa = { 498 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX, 499 .op_types = 0, 500 { 501 .modlen = { 502 /* value 0 symbolizes no limit on min length */ 503 .min = 0, 504 /* value 0 symbolizes no limit on max length */ 505 .max = 0, 506 .increment = 1 507 }, } 508 } 509 }, 510 } 511 }, 512 { /* modinv */ 513 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 514 {.asym = { 515 .xform_capa = { 516 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV, 517 .op_types = 0, 518 { 519 .modlen = { 520 /* value 0 symbolizes no limit on min length */ 521 .min = 0, 522 /* value 0 symbolizes no limit on max length */ 523 .max = 0, 524 .increment = 1 525 }, } 526 } 527 }, 528 } 529 }, 530 { /* dh */ 531 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 532 {.asym = { 533 .xform_capa = { 534 .xform_type = RTE_CRYPTO_ASYM_XFORM_DH, 535 .op_types = 536 ((1<<RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) | 537 (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE | 538 (1 << 539 RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE))), 540 { 541 .modlen = { 542 /* value 0 symbolizes no limit on min length */ 543 .min = 0, 544 /* value 0 symbolizes no limit on max length */ 545 .max = 0, 546 .increment = 1 547 }, } 548 } 549 }, 550 } 551 }, 552 { /* dsa */ 553 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 554 {.asym = { 555 .xform_capa = { 556 .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA, 557 .op_types = 558 ((1<<RTE_CRYPTO_ASYM_OP_SIGN) | 559 (1 << RTE_CRYPTO_ASYM_OP_VERIFY)), 560 { 561 .modlen = { 562 /* value 0 symbolizes no limit on min length */ 563 .min = 0, 564 /* value 0 symbolizes no limit on max length */ 565 .max = 0, 566 .increment = 1 567 }, } 568 } 569 }, 570 } 571 }, 572 573 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 574 }; 575 576 577 /** Configure device */ 578 static int 579 openssl_pmd_config(__rte_unused struct rte_cryptodev *dev, 580 __rte_unused struct rte_cryptodev_config *config) 581 { 582 return 0; 583 } 584 585 /** Start device */ 586 static int 587 openssl_pmd_start(__rte_unused struct rte_cryptodev *dev) 588 { 589 return 0; 590 } 591 592 /** Stop device */ 593 static void 594 openssl_pmd_stop(__rte_unused struct rte_cryptodev *dev) 595 { 596 } 597 598 /** Close device */ 599 static int 600 openssl_pmd_close(__rte_unused struct rte_cryptodev *dev) 601 { 602 return 0; 603 } 604 605 606 /** Get device statistics */ 607 static void 608 openssl_pmd_stats_get(struct rte_cryptodev *dev, 609 struct rte_cryptodev_stats *stats) 610 { 611 int qp_id; 612 613 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) { 614 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 615 616 stats->enqueued_count += qp->stats.enqueued_count; 617 stats->dequeued_count += qp->stats.dequeued_count; 618 619 stats->enqueue_err_count += qp->stats.enqueue_err_count; 620 stats->dequeue_err_count += qp->stats.dequeue_err_count; 621 } 622 } 623 624 /** Reset device statistics */ 625 static void 626 openssl_pmd_stats_reset(struct rte_cryptodev *dev) 627 { 628 int qp_id; 629 630 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) { 631 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 632 633 memset(&qp->stats, 0, sizeof(qp->stats)); 634 } 635 } 636 637 638 /** Get device info */ 639 static void 640 openssl_pmd_info_get(struct rte_cryptodev *dev, 641 struct rte_cryptodev_info *dev_info) 642 { 643 struct openssl_private *internals = dev->data->dev_private; 644 645 if (dev_info != NULL) { 646 dev_info->driver_id = dev->driver_id; 647 dev_info->feature_flags = dev->feature_flags; 648 dev_info->capabilities = openssl_pmd_capabilities; 649 dev_info->max_nb_queue_pairs = internals->max_nb_qpairs; 650 /* No limit of number of sessions */ 651 dev_info->sym.max_nb_sessions = 0; 652 } 653 } 654 655 /** Release queue pair */ 656 static int 657 openssl_pmd_qp_release(struct rte_cryptodev *dev, uint16_t qp_id) 658 { 659 if (dev->data->queue_pairs[qp_id] != NULL) { 660 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 661 662 if (qp->processed_ops) 663 rte_ring_free(qp->processed_ops); 664 665 rte_free(dev->data->queue_pairs[qp_id]); 666 dev->data->queue_pairs[qp_id] = NULL; 667 } 668 return 0; 669 } 670 671 /** set a unique name for the queue pair based on it's name, dev_id and qp_id */ 672 static int 673 openssl_pmd_qp_set_unique_name(struct rte_cryptodev *dev, 674 struct openssl_qp *qp) 675 { 676 unsigned int n = snprintf(qp->name, sizeof(qp->name), 677 "openssl_pmd_%u_qp_%u", 678 dev->data->dev_id, qp->id); 679 680 if (n >= sizeof(qp->name)) 681 return -1; 682 683 return 0; 684 } 685 686 687 /** Create a ring to place processed operations on */ 688 static struct rte_ring * 689 openssl_pmd_qp_create_processed_ops_ring(struct openssl_qp *qp, 690 unsigned int ring_size, int socket_id) 691 { 692 struct rte_ring *r; 693 694 r = rte_ring_lookup(qp->name); 695 if (r) { 696 if (rte_ring_get_size(r) >= ring_size) { 697 OPENSSL_LOG(INFO, 698 "Reusing existing ring %s for processed ops", 699 qp->name); 700 return r; 701 } 702 703 OPENSSL_LOG(ERR, 704 "Unable to reuse existing ring %s for processed ops", 705 qp->name); 706 return NULL; 707 } 708 709 return rte_ring_create(qp->name, ring_size, socket_id, 710 RING_F_SP_ENQ | RING_F_SC_DEQ); 711 } 712 713 714 /** Setup a queue pair */ 715 static int 716 openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, 717 const struct rte_cryptodev_qp_conf *qp_conf, 718 int socket_id) 719 { 720 struct openssl_qp *qp = NULL; 721 722 /* Free memory prior to re-allocation if needed. */ 723 if (dev->data->queue_pairs[qp_id] != NULL) 724 openssl_pmd_qp_release(dev, qp_id); 725 726 /* Allocate the queue pair data structure. */ 727 qp = rte_zmalloc_socket("OPENSSL PMD Queue Pair", sizeof(*qp), 728 RTE_CACHE_LINE_SIZE, socket_id); 729 if (qp == NULL) 730 return -ENOMEM; 731 732 qp->id = qp_id; 733 dev->data->queue_pairs[qp_id] = qp; 734 735 if (openssl_pmd_qp_set_unique_name(dev, qp)) 736 goto qp_setup_cleanup; 737 738 qp->processed_ops = openssl_pmd_qp_create_processed_ops_ring(qp, 739 qp_conf->nb_descriptors, socket_id); 740 if (qp->processed_ops == NULL) 741 goto qp_setup_cleanup; 742 743 qp->sess_mp = qp_conf->mp_session; 744 qp->sess_mp_priv = qp_conf->mp_session_private; 745 746 memset(&qp->stats, 0, sizeof(qp->stats)); 747 748 return 0; 749 750 qp_setup_cleanup: 751 if (qp) 752 rte_free(qp); 753 754 return -1; 755 } 756 757 /** Returns the size of the symmetric session structure */ 758 static unsigned 759 openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused) 760 { 761 return sizeof(struct openssl_session); 762 } 763 764 /** Returns the size of the asymmetric session structure */ 765 static unsigned 766 openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused) 767 { 768 return sizeof(struct openssl_asym_session); 769 } 770 771 /** Configure the session from a crypto xform chain */ 772 static int 773 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused, 774 struct rte_crypto_sym_xform *xform, 775 struct rte_cryptodev_sym_session *sess, 776 struct rte_mempool *mempool) 777 { 778 void *sess_private_data; 779 int ret; 780 781 if (unlikely(sess == NULL)) { 782 OPENSSL_LOG(ERR, "invalid session struct"); 783 return -EINVAL; 784 } 785 786 if (rte_mempool_get(mempool, &sess_private_data)) { 787 OPENSSL_LOG(ERR, 788 "Couldn't get object from session mempool"); 789 return -ENOMEM; 790 } 791 792 ret = openssl_set_session_parameters(sess_private_data, xform); 793 if (ret != 0) { 794 OPENSSL_LOG(ERR, "failed configure session parameters"); 795 796 /* Return session to mempool */ 797 rte_mempool_put(mempool, sess_private_data); 798 return ret; 799 } 800 801 set_sym_session_private_data(sess, dev->driver_id, 802 sess_private_data); 803 804 return 0; 805 } 806 807 static int openssl_set_asym_session_parameters( 808 struct openssl_asym_session *asym_session, 809 struct rte_crypto_asym_xform *xform) 810 { 811 int ret = 0; 812 813 if ((xform->xform_type != RTE_CRYPTO_ASYM_XFORM_DH) && 814 (xform->next != NULL)) { 815 OPENSSL_LOG(ERR, "chained xfrms are not supported on %s", 816 rte_crypto_asym_xform_strings[xform->xform_type]); 817 return -1; 818 } 819 820 switch (xform->xform_type) { 821 case RTE_CRYPTO_ASYM_XFORM_RSA: 822 { 823 BIGNUM *n = NULL; 824 BIGNUM *e = NULL; 825 BIGNUM *d = NULL; 826 BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL; 827 BIGNUM *iqmp = NULL, *dmq1 = NULL; 828 829 /* copy xfrm data into rsa struct */ 830 n = BN_bin2bn((const unsigned char *)xform->rsa.n.data, 831 xform->rsa.n.length, n); 832 e = BN_bin2bn((const unsigned char *)xform->rsa.e.data, 833 xform->rsa.e.length, e); 834 835 if (!n || !e) 836 goto err_rsa; 837 838 RSA *rsa = RSA_new(); 839 if (rsa == NULL) 840 goto err_rsa; 841 842 if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) { 843 d = BN_bin2bn( 844 (const unsigned char *)xform->rsa.d.data, 845 xform->rsa.d.length, 846 d); 847 if (!d) { 848 RSA_free(rsa); 849 goto err_rsa; 850 } 851 } else { 852 p = BN_bin2bn((const unsigned char *) 853 xform->rsa.qt.p.data, 854 xform->rsa.qt.p.length, 855 p); 856 q = BN_bin2bn((const unsigned char *) 857 xform->rsa.qt.q.data, 858 xform->rsa.qt.q.length, 859 q); 860 dmp1 = BN_bin2bn((const unsigned char *) 861 xform->rsa.qt.dP.data, 862 xform->rsa.qt.dP.length, 863 dmp1); 864 dmq1 = BN_bin2bn((const unsigned char *) 865 xform->rsa.qt.dQ.data, 866 xform->rsa.qt.dQ.length, 867 dmq1); 868 iqmp = BN_bin2bn((const unsigned char *) 869 xform->rsa.qt.qInv.data, 870 xform->rsa.qt.qInv.length, 871 iqmp); 872 873 if (!p || !q || !dmp1 || !dmq1 || !iqmp) { 874 RSA_free(rsa); 875 goto err_rsa; 876 } 877 ret = set_rsa_params(rsa, p, q); 878 if (ret) { 879 OPENSSL_LOG(ERR, 880 "failed to set rsa params\n"); 881 RSA_free(rsa); 882 goto err_rsa; 883 } 884 ret = set_rsa_crt_params(rsa, dmp1, dmq1, iqmp); 885 if (ret) { 886 OPENSSL_LOG(ERR, 887 "failed to set crt params\n"); 888 RSA_free(rsa); 889 /* 890 * set already populated params to NULL 891 * as its freed by call to RSA_free 892 */ 893 p = q = NULL; 894 goto err_rsa; 895 } 896 } 897 898 ret = set_rsa_keys(rsa, n, e, d); 899 if (ret) { 900 OPENSSL_LOG(ERR, "Failed to load rsa keys\n"); 901 RSA_free(rsa); 902 return -1; 903 } 904 asym_session->u.r.rsa = rsa; 905 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA; 906 break; 907 err_rsa: 908 BN_clear_free(n); 909 BN_clear_free(e); 910 BN_clear_free(d); 911 BN_clear_free(p); 912 BN_clear_free(q); 913 BN_clear_free(dmp1); 914 BN_clear_free(dmq1); 915 BN_clear_free(iqmp); 916 917 return -1; 918 } 919 case RTE_CRYPTO_ASYM_XFORM_MODEX: 920 { 921 struct rte_crypto_modex_xform *xfrm = &(xform->modex); 922 923 BN_CTX *ctx = BN_CTX_new(); 924 if (ctx == NULL) { 925 OPENSSL_LOG(ERR, 926 " failed to allocate resources\n"); 927 return -1; 928 } 929 BN_CTX_start(ctx); 930 BIGNUM *mod = BN_CTX_get(ctx); 931 BIGNUM *exp = BN_CTX_get(ctx); 932 if (mod == NULL || exp == NULL) { 933 BN_CTX_end(ctx); 934 BN_CTX_free(ctx); 935 return -1; 936 } 937 938 mod = BN_bin2bn((const unsigned char *) 939 xfrm->modulus.data, 940 xfrm->modulus.length, mod); 941 exp = BN_bin2bn((const unsigned char *) 942 xfrm->exponent.data, 943 xfrm->exponent.length, exp); 944 asym_session->u.e.ctx = ctx; 945 asym_session->u.e.mod = mod; 946 asym_session->u.e.exp = exp; 947 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODEX; 948 break; 949 } 950 case RTE_CRYPTO_ASYM_XFORM_MODINV: 951 { 952 struct rte_crypto_modinv_xform *xfrm = &(xform->modinv); 953 954 BN_CTX *ctx = BN_CTX_new(); 955 if (ctx == NULL) { 956 OPENSSL_LOG(ERR, 957 " failed to allocate resources\n"); 958 return -1; 959 } 960 BN_CTX_start(ctx); 961 BIGNUM *mod = BN_CTX_get(ctx); 962 if (mod == NULL) { 963 BN_CTX_end(ctx); 964 BN_CTX_free(ctx); 965 return -1; 966 } 967 968 mod = BN_bin2bn((const unsigned char *) 969 xfrm->modulus.data, 970 xfrm->modulus.length, 971 mod); 972 asym_session->u.m.ctx = ctx; 973 asym_session->u.m.modulus = mod; 974 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV; 975 break; 976 } 977 case RTE_CRYPTO_ASYM_XFORM_DH: 978 { 979 BIGNUM *p = NULL; 980 BIGNUM *g = NULL; 981 982 p = BN_bin2bn((const unsigned char *) 983 xform->dh.p.data, 984 xform->dh.p.length, 985 p); 986 g = BN_bin2bn((const unsigned char *) 987 xform->dh.g.data, 988 xform->dh.g.length, 989 g); 990 if (!p || !g) 991 goto err_dh; 992 993 DH *dh = DH_new(); 994 if (dh == NULL) { 995 OPENSSL_LOG(ERR, 996 "failed to allocate resources\n"); 997 goto err_dh; 998 } 999 ret = set_dh_params(dh, p, g); 1000 if (ret) { 1001 DH_free(dh); 1002 goto err_dh; 1003 } 1004 1005 /* 1006 * setup xfrom for 1007 * public key generate, or 1008 * DH Priv key generate, or both 1009 * public and private key generate 1010 */ 1011 asym_session->u.dh.key_op = (1 << xform->dh.type); 1012 1013 if (xform->dh.type == 1014 RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) { 1015 /* check if next is pubkey */ 1016 if ((xform->next != NULL) && 1017 (xform->next->xform_type == 1018 RTE_CRYPTO_ASYM_XFORM_DH) && 1019 (xform->next->dh.type == 1020 RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE) 1021 ) { 1022 /* 1023 * setup op as pub/priv key 1024 * pair generationi 1025 */ 1026 asym_session->u.dh.key_op |= 1027 (1 << 1028 RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE); 1029 } 1030 } 1031 asym_session->u.dh.dh_key = dh; 1032 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH; 1033 break; 1034 1035 err_dh: 1036 OPENSSL_LOG(ERR, " failed to set dh params\n"); 1037 BN_free(p); 1038 BN_free(g); 1039 return -1; 1040 } 1041 case RTE_CRYPTO_ASYM_XFORM_DSA: 1042 { 1043 BIGNUM *p = NULL, *g = NULL; 1044 BIGNUM *q = NULL, *priv_key = NULL; 1045 BIGNUM *pub_key = BN_new(); 1046 BN_zero(pub_key); 1047 1048 p = BN_bin2bn((const unsigned char *) 1049 xform->dsa.p.data, 1050 xform->dsa.p.length, 1051 p); 1052 1053 g = BN_bin2bn((const unsigned char *) 1054 xform->dsa.g.data, 1055 xform->dsa.g.length, 1056 g); 1057 1058 q = BN_bin2bn((const unsigned char *) 1059 xform->dsa.q.data, 1060 xform->dsa.q.length, 1061 q); 1062 if (!p || !q || !g) 1063 goto err_dsa; 1064 1065 priv_key = BN_bin2bn((const unsigned char *) 1066 xform->dsa.x.data, 1067 xform->dsa.x.length, 1068 priv_key); 1069 if (priv_key == NULL) 1070 goto err_dsa; 1071 1072 DSA *dsa = DSA_new(); 1073 if (dsa == NULL) { 1074 OPENSSL_LOG(ERR, 1075 " failed to allocate resources\n"); 1076 goto err_dsa; 1077 } 1078 1079 ret = set_dsa_params(dsa, p, q, g); 1080 if (ret) { 1081 DSA_free(dsa); 1082 OPENSSL_LOG(ERR, "Failed to dsa params\n"); 1083 goto err_dsa; 1084 } 1085 1086 /* 1087 * openssl 1.1.0 mandate that public key can't be 1088 * NULL in very first call. so set a dummy pub key. 1089 * to keep consistency, lets follow same approach for 1090 * both versions 1091 */ 1092 /* just set dummy public for very 1st call */ 1093 ret = set_dsa_keys(dsa, pub_key, priv_key); 1094 if (ret) { 1095 DSA_free(dsa); 1096 OPENSSL_LOG(ERR, "Failed to set keys\n"); 1097 return -1; 1098 } 1099 asym_session->u.s.dsa = dsa; 1100 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA; 1101 break; 1102 1103 err_dsa: 1104 BN_free(p); 1105 BN_free(q); 1106 BN_free(g); 1107 BN_free(priv_key); 1108 BN_free(pub_key); 1109 return -1; 1110 } 1111 default: 1112 return -1; 1113 } 1114 1115 return 0; 1116 } 1117 1118 /** Configure the session from a crypto xform chain */ 1119 static int 1120 openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused, 1121 struct rte_crypto_asym_xform *xform, 1122 struct rte_cryptodev_asym_session *sess, 1123 struct rte_mempool *mempool) 1124 { 1125 void *asym_sess_private_data; 1126 int ret; 1127 1128 if (unlikely(sess == NULL)) { 1129 OPENSSL_LOG(ERR, "invalid asymmetric session struct"); 1130 return -EINVAL; 1131 } 1132 1133 if (rte_mempool_get(mempool, &asym_sess_private_data)) { 1134 CDEV_LOG_ERR( 1135 "Couldn't get object from session mempool"); 1136 return -ENOMEM; 1137 } 1138 1139 ret = openssl_set_asym_session_parameters(asym_sess_private_data, 1140 xform); 1141 if (ret != 0) { 1142 OPENSSL_LOG(ERR, "failed configure session parameters"); 1143 1144 /* Return session to mempool */ 1145 rte_mempool_put(mempool, asym_sess_private_data); 1146 return ret; 1147 } 1148 1149 set_asym_session_private_data(sess, dev->driver_id, 1150 asym_sess_private_data); 1151 1152 return 0; 1153 } 1154 1155 /** Clear the memory of session so it doesn't leave key material behind */ 1156 static void 1157 openssl_pmd_sym_session_clear(struct rte_cryptodev *dev, 1158 struct rte_cryptodev_sym_session *sess) 1159 { 1160 uint8_t index = dev->driver_id; 1161 void *sess_priv = get_sym_session_private_data(sess, index); 1162 1163 /* Zero out the whole structure */ 1164 if (sess_priv) { 1165 openssl_reset_session(sess_priv); 1166 memset(sess_priv, 0, sizeof(struct openssl_session)); 1167 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); 1168 set_sym_session_private_data(sess, index, NULL); 1169 rte_mempool_put(sess_mp, sess_priv); 1170 } 1171 } 1172 1173 static void openssl_reset_asym_session(struct openssl_asym_session *sess) 1174 { 1175 switch (sess->xfrm_type) { 1176 case RTE_CRYPTO_ASYM_XFORM_RSA: 1177 if (sess->u.r.rsa) 1178 RSA_free(sess->u.r.rsa); 1179 break; 1180 case RTE_CRYPTO_ASYM_XFORM_MODEX: 1181 if (sess->u.e.ctx) { 1182 BN_CTX_end(sess->u.e.ctx); 1183 BN_CTX_free(sess->u.e.ctx); 1184 } 1185 break; 1186 case RTE_CRYPTO_ASYM_XFORM_MODINV: 1187 if (sess->u.m.ctx) { 1188 BN_CTX_end(sess->u.m.ctx); 1189 BN_CTX_free(sess->u.m.ctx); 1190 } 1191 break; 1192 case RTE_CRYPTO_ASYM_XFORM_DH: 1193 if (sess->u.dh.dh_key) 1194 DH_free(sess->u.dh.dh_key); 1195 break; 1196 case RTE_CRYPTO_ASYM_XFORM_DSA: 1197 if (sess->u.s.dsa) 1198 DSA_free(sess->u.s.dsa); 1199 break; 1200 default: 1201 break; 1202 } 1203 } 1204 1205 /** Clear the memory of asymmetric session 1206 * so it doesn't leave key material behind 1207 */ 1208 static void 1209 openssl_pmd_asym_session_clear(struct rte_cryptodev *dev, 1210 struct rte_cryptodev_asym_session *sess) 1211 { 1212 uint8_t index = dev->driver_id; 1213 void *sess_priv = get_asym_session_private_data(sess, index); 1214 1215 /* Zero out the whole structure */ 1216 if (sess_priv) { 1217 openssl_reset_asym_session(sess_priv); 1218 memset(sess_priv, 0, sizeof(struct openssl_asym_session)); 1219 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); 1220 set_asym_session_private_data(sess, index, NULL); 1221 rte_mempool_put(sess_mp, sess_priv); 1222 } 1223 } 1224 1225 struct rte_cryptodev_ops openssl_pmd_ops = { 1226 .dev_configure = openssl_pmd_config, 1227 .dev_start = openssl_pmd_start, 1228 .dev_stop = openssl_pmd_stop, 1229 .dev_close = openssl_pmd_close, 1230 1231 .stats_get = openssl_pmd_stats_get, 1232 .stats_reset = openssl_pmd_stats_reset, 1233 1234 .dev_infos_get = openssl_pmd_info_get, 1235 1236 .queue_pair_setup = openssl_pmd_qp_setup, 1237 .queue_pair_release = openssl_pmd_qp_release, 1238 1239 .sym_session_get_size = openssl_pmd_sym_session_get_size, 1240 .asym_session_get_size = openssl_pmd_asym_session_get_size, 1241 .sym_session_configure = openssl_pmd_sym_session_configure, 1242 .asym_session_configure = openssl_pmd_asym_session_configure, 1243 .sym_session_clear = openssl_pmd_sym_session_clear, 1244 .asym_session_clear = openssl_pmd_asym_session_clear 1245 }; 1246 1247 struct rte_cryptodev_ops *rte_openssl_pmd_ops = &openssl_pmd_ops; 1248