1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright(c) 2016-2017 Intel Corporation 3 */ 4 5 #include <string.h> 6 7 #include <rte_common.h> 8 #include <rte_malloc.h> 9 #include <cryptodev_pmd.h> 10 11 #include "openssl_pmd_private.h" 12 #include "compat.h" 13 14 15 static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { 16 { /* MD5 HMAC */ 17 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 18 {.sym = { 19 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 20 {.auth = { 21 .algo = RTE_CRYPTO_AUTH_MD5_HMAC, 22 .block_size = 64, 23 .key_size = { 24 .min = 1, 25 .max = 64, 26 .increment = 1 27 }, 28 .digest_size = { 29 .min = 1, 30 .max = 16, 31 .increment = 1 32 }, 33 .iv_size = { 0 } 34 }, } 35 }, } 36 }, 37 { /* MD5 */ 38 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 39 {.sym = { 40 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 41 {.auth = { 42 .algo = RTE_CRYPTO_AUTH_MD5, 43 .block_size = 64, 44 .key_size = { 45 .min = 0, 46 .max = 0, 47 .increment = 0 48 }, 49 .digest_size = { 50 .min = 16, 51 .max = 16, 52 .increment = 0 53 }, 54 .iv_size = { 0 } 55 }, } 56 }, } 57 }, 58 { /* SHA1 HMAC */ 59 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 60 {.sym = { 61 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 62 {.auth = { 63 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC, 64 .block_size = 64, 65 .key_size = { 66 .min = 1, 67 .max = 64, 68 .increment = 1 69 }, 70 .digest_size = { 71 .min = 1, 72 .max = 20, 73 .increment = 1 74 }, 75 .iv_size = { 0 } 76 }, } 77 }, } 78 }, 79 { /* SHA1 */ 80 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 81 {.sym = { 82 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 83 {.auth = { 84 .algo = RTE_CRYPTO_AUTH_SHA1, 85 .block_size = 64, 86 .key_size = { 87 .min = 0, 88 .max = 0, 89 .increment = 0 90 }, 91 .digest_size = { 92 .min = 20, 93 .max = 20, 94 .increment = 0 95 }, 96 .iv_size = { 0 } 97 }, } 98 }, } 99 }, 100 { /* SHA224 HMAC */ 101 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 102 {.sym = { 103 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 104 {.auth = { 105 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC, 106 .block_size = 64, 107 .key_size = { 108 .min = 1, 109 .max = 64, 110 .increment = 1 111 }, 112 .digest_size = { 113 .min = 1, 114 .max = 28, 115 .increment = 1 116 }, 117 .iv_size = { 0 } 118 }, } 119 }, } 120 }, 121 { /* SHA224 */ 122 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 123 {.sym = { 124 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 125 {.auth = { 126 .algo = RTE_CRYPTO_AUTH_SHA224, 127 .block_size = 64, 128 .key_size = { 129 .min = 0, 130 .max = 0, 131 .increment = 0 132 }, 133 .digest_size = { 134 .min = 1, 135 .max = 28, 136 .increment = 1 137 }, 138 .iv_size = { 0 } 139 }, } 140 }, } 141 }, 142 { /* SHA256 HMAC */ 143 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 144 {.sym = { 145 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 146 {.auth = { 147 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC, 148 .block_size = 64, 149 .key_size = { 150 .min = 1, 151 .max = 64, 152 .increment = 1 153 }, 154 .digest_size = { 155 .min = 1, 156 .max = 32, 157 .increment = 1 158 }, 159 .iv_size = { 0 } 160 }, } 161 }, } 162 }, 163 { /* SHA256 */ 164 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 165 {.sym = { 166 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 167 {.auth = { 168 .algo = RTE_CRYPTO_AUTH_SHA256, 169 .block_size = 64, 170 .key_size = { 171 .min = 0, 172 .max = 0, 173 .increment = 0 174 }, 175 .digest_size = { 176 .min = 32, 177 .max = 32, 178 .increment = 0 179 }, 180 .iv_size = { 0 } 181 }, } 182 }, } 183 }, 184 { /* SHA384 HMAC */ 185 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 186 {.sym = { 187 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 188 {.auth = { 189 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, 190 .block_size = 128, 191 .key_size = { 192 .min = 1, 193 .max = 128, 194 .increment = 1 195 }, 196 .digest_size = { 197 .min = 1, 198 .max = 48, 199 .increment = 1 200 }, 201 .iv_size = { 0 } 202 }, } 203 }, } 204 }, 205 { /* SHA384 */ 206 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 207 {.sym = { 208 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 209 {.auth = { 210 .algo = RTE_CRYPTO_AUTH_SHA384, 211 .block_size = 128, 212 .key_size = { 213 .min = 0, 214 .max = 0, 215 .increment = 0 216 }, 217 .digest_size = { 218 .min = 48, 219 .max = 48, 220 .increment = 0 221 }, 222 .iv_size = { 0 } 223 }, } 224 }, } 225 }, 226 { /* SHA512 HMAC */ 227 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 228 {.sym = { 229 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 230 {.auth = { 231 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC, 232 .block_size = 128, 233 .key_size = { 234 .min = 1, 235 .max = 128, 236 .increment = 1 237 }, 238 .digest_size = { 239 .min = 1, 240 .max = 64, 241 .increment = 1 242 }, 243 .iv_size = { 0 } 244 }, } 245 }, } 246 }, 247 { /* SHA512 */ 248 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 249 {.sym = { 250 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 251 {.auth = { 252 .algo = RTE_CRYPTO_AUTH_SHA512, 253 .block_size = 128, 254 .key_size = { 255 .min = 0, 256 .max = 0, 257 .increment = 0 258 }, 259 .digest_size = { 260 .min = 64, 261 .max = 64, 262 .increment = 0 263 }, 264 .iv_size = { 0 } 265 }, } 266 }, } 267 }, 268 { /* AES CBC */ 269 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 270 {.sym = { 271 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 272 {.cipher = { 273 .algo = RTE_CRYPTO_CIPHER_AES_CBC, 274 .block_size = 16, 275 .key_size = { 276 .min = 16, 277 .max = 32, 278 .increment = 8 279 }, 280 .iv_size = { 281 .min = 16, 282 .max = 16, 283 .increment = 0 284 } 285 }, } 286 }, } 287 }, 288 { /* AES CTR */ 289 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 290 {.sym = { 291 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 292 {.cipher = { 293 .algo = RTE_CRYPTO_CIPHER_AES_CTR, 294 .block_size = 16, 295 .key_size = { 296 .min = 16, 297 .max = 32, 298 .increment = 8 299 }, 300 .iv_size = { 301 .min = 16, 302 .max = 16, 303 .increment = 0 304 } 305 }, } 306 }, } 307 }, 308 { /* AES GCM */ 309 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 310 {.sym = { 311 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 312 {.aead = { 313 .algo = RTE_CRYPTO_AEAD_AES_GCM, 314 .block_size = 16, 315 .key_size = { 316 .min = 16, 317 .max = 32, 318 .increment = 8 319 }, 320 .digest_size = { 321 .min = 16, 322 .max = 16, 323 .increment = 0 324 }, 325 .aad_size = { 326 .min = 0, 327 .max = 65535, 328 .increment = 1 329 }, 330 .iv_size = { 331 .min = 12, 332 .max = 16, 333 .increment = 4 334 }, 335 }, } 336 }, } 337 }, 338 { /* AES CCM */ 339 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 340 {.sym = { 341 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, 342 {.aead = { 343 .algo = RTE_CRYPTO_AEAD_AES_CCM, 344 .block_size = 16, 345 .key_size = { 346 .min = 16, 347 .max = 32, 348 .increment = 8 349 }, 350 .digest_size = { 351 .min = 4, 352 .max = 16, 353 .increment = 2 354 }, 355 .aad_size = { 356 .min = 0, 357 .max = 65535, 358 .increment = 1 359 }, 360 .iv_size = { 361 .min = 7, 362 .max = 13, 363 .increment = 1 364 }, 365 }, } 366 }, } 367 }, 368 { /* AES GMAC (AUTH) */ 369 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 370 {.sym = { 371 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, 372 {.auth = { 373 .algo = RTE_CRYPTO_AUTH_AES_GMAC, 374 .block_size = 16, 375 .key_size = { 376 .min = 16, 377 .max = 32, 378 .increment = 8 379 }, 380 .digest_size = { 381 .min = 16, 382 .max = 16, 383 .increment = 0 384 }, 385 .iv_size = { 386 .min = 12, 387 .max = 16, 388 .increment = 4 389 } 390 }, } 391 }, } 392 }, 393 { /* 3DES CBC */ 394 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 395 {.sym = { 396 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 397 {.cipher = { 398 .algo = RTE_CRYPTO_CIPHER_3DES_CBC, 399 .block_size = 8, 400 .key_size = { 401 .min = 8, 402 .max = 24, 403 .increment = 8 404 }, 405 .iv_size = { 406 .min = 8, 407 .max = 8, 408 .increment = 0 409 } 410 }, } 411 }, } 412 }, 413 { /* 3DES CTR */ 414 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 415 {.sym = { 416 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 417 {.cipher = { 418 .algo = RTE_CRYPTO_CIPHER_3DES_CTR, 419 .block_size = 8, 420 .key_size = { 421 .min = 16, 422 .max = 24, 423 .increment = 8 424 }, 425 .iv_size = { 426 .min = 8, 427 .max = 8, 428 .increment = 0 429 } 430 }, } 431 }, } 432 }, 433 { /* DES CBC */ 434 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 435 {.sym = { 436 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 437 {.cipher = { 438 .algo = RTE_CRYPTO_CIPHER_DES_CBC, 439 .block_size = 8, 440 .key_size = { 441 .min = 8, 442 .max = 8, 443 .increment = 0 444 }, 445 .iv_size = { 446 .min = 8, 447 .max = 8, 448 .increment = 0 449 } 450 }, } 451 }, } 452 }, 453 { /* DES DOCSIS BPI */ 454 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, 455 {.sym = { 456 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, 457 {.cipher = { 458 .algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI, 459 .block_size = 8, 460 .key_size = { 461 .min = 8, 462 .max = 8, 463 .increment = 0 464 }, 465 .iv_size = { 466 .min = 8, 467 .max = 8, 468 .increment = 0 469 } 470 }, } 471 }, } 472 }, 473 { /* RSA */ 474 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 475 {.asym = { 476 .xform_capa = { 477 .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, 478 .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | 479 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | 480 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | 481 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), 482 { 483 .modlen = { 484 /* min length is based on openssl rsa keygen */ 485 .min = 30, 486 /* value 0 symbolizes no limit on max length */ 487 .max = 0, 488 .increment = 1 489 }, } 490 } 491 }, 492 } 493 }, 494 { /* modexp */ 495 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 496 {.asym = { 497 .xform_capa = { 498 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX, 499 .op_types = 0, 500 { 501 .modlen = { 502 /* value 0 symbolizes no limit on min length */ 503 .min = 0, 504 /* value 0 symbolizes no limit on max length */ 505 .max = 0, 506 .increment = 1 507 }, } 508 } 509 }, 510 } 511 }, 512 { /* modinv */ 513 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 514 {.asym = { 515 .xform_capa = { 516 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV, 517 .op_types = 0, 518 { 519 .modlen = { 520 /* value 0 symbolizes no limit on min length */ 521 .min = 0, 522 /* value 0 symbolizes no limit on max length */ 523 .max = 0, 524 .increment = 1 525 }, } 526 } 527 }, 528 } 529 }, 530 { /* dh */ 531 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 532 {.asym = { 533 .xform_capa = { 534 .xform_type = RTE_CRYPTO_ASYM_XFORM_DH, 535 .op_types = 536 ((1<<RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) | 537 (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE | 538 (1 << 539 RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE))), 540 { 541 .modlen = { 542 /* value 0 symbolizes no limit on min length */ 543 .min = 0, 544 /* value 0 symbolizes no limit on max length */ 545 .max = 0, 546 .increment = 1 547 }, } 548 } 549 }, 550 } 551 }, 552 { /* dsa */ 553 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, 554 {.asym = { 555 .xform_capa = { 556 .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA, 557 .op_types = 558 ((1<<RTE_CRYPTO_ASYM_OP_SIGN) | 559 (1 << RTE_CRYPTO_ASYM_OP_VERIFY)), 560 { 561 .modlen = { 562 /* value 0 symbolizes no limit on min length */ 563 .min = 0, 564 /* value 0 symbolizes no limit on max length */ 565 .max = 0, 566 .increment = 1 567 }, } 568 } 569 }, 570 } 571 }, 572 573 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() 574 }; 575 576 577 /** Configure device */ 578 static int 579 openssl_pmd_config(__rte_unused struct rte_cryptodev *dev, 580 __rte_unused struct rte_cryptodev_config *config) 581 { 582 return 0; 583 } 584 585 /** Start device */ 586 static int 587 openssl_pmd_start(__rte_unused struct rte_cryptodev *dev) 588 { 589 return 0; 590 } 591 592 /** Stop device */ 593 static void 594 openssl_pmd_stop(__rte_unused struct rte_cryptodev *dev) 595 { 596 } 597 598 /** Close device */ 599 static int 600 openssl_pmd_close(__rte_unused struct rte_cryptodev *dev) 601 { 602 return 0; 603 } 604 605 606 /** Get device statistics */ 607 static void 608 openssl_pmd_stats_get(struct rte_cryptodev *dev, 609 struct rte_cryptodev_stats *stats) 610 { 611 int qp_id; 612 613 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) { 614 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 615 616 stats->enqueued_count += qp->stats.enqueued_count; 617 stats->dequeued_count += qp->stats.dequeued_count; 618 619 stats->enqueue_err_count += qp->stats.enqueue_err_count; 620 stats->dequeue_err_count += qp->stats.dequeue_err_count; 621 } 622 } 623 624 /** Reset device statistics */ 625 static void 626 openssl_pmd_stats_reset(struct rte_cryptodev *dev) 627 { 628 int qp_id; 629 630 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) { 631 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 632 633 memset(&qp->stats, 0, sizeof(qp->stats)); 634 } 635 } 636 637 638 /** Get device info */ 639 static void 640 openssl_pmd_info_get(struct rte_cryptodev *dev, 641 struct rte_cryptodev_info *dev_info) 642 { 643 struct openssl_private *internals = dev->data->dev_private; 644 645 if (dev_info != NULL) { 646 dev_info->driver_id = dev->driver_id; 647 dev_info->feature_flags = dev->feature_flags; 648 dev_info->capabilities = openssl_pmd_capabilities; 649 dev_info->max_nb_queue_pairs = internals->max_nb_qpairs; 650 /* No limit of number of sessions */ 651 dev_info->sym.max_nb_sessions = 0; 652 } 653 } 654 655 /** Release queue pair */ 656 static int 657 openssl_pmd_qp_release(struct rte_cryptodev *dev, uint16_t qp_id) 658 { 659 if (dev->data->queue_pairs[qp_id] != NULL) { 660 struct openssl_qp *qp = dev->data->queue_pairs[qp_id]; 661 662 rte_ring_free(qp->processed_ops); 663 664 rte_free(dev->data->queue_pairs[qp_id]); 665 dev->data->queue_pairs[qp_id] = NULL; 666 } 667 return 0; 668 } 669 670 /** set a unique name for the queue pair based on it's name, dev_id and qp_id */ 671 static int 672 openssl_pmd_qp_set_unique_name(struct rte_cryptodev *dev, 673 struct openssl_qp *qp) 674 { 675 unsigned int n = snprintf(qp->name, sizeof(qp->name), 676 "openssl_pmd_%u_qp_%u", 677 dev->data->dev_id, qp->id); 678 679 if (n >= sizeof(qp->name)) 680 return -1; 681 682 return 0; 683 } 684 685 686 /** Create a ring to place processed operations on */ 687 static struct rte_ring * 688 openssl_pmd_qp_create_processed_ops_ring(struct openssl_qp *qp, 689 unsigned int ring_size, int socket_id) 690 { 691 struct rte_ring *r; 692 693 r = rte_ring_lookup(qp->name); 694 if (r) { 695 if (rte_ring_get_size(r) >= ring_size) { 696 OPENSSL_LOG(INFO, 697 "Reusing existing ring %s for processed ops", 698 qp->name); 699 return r; 700 } 701 702 OPENSSL_LOG(ERR, 703 "Unable to reuse existing ring %s for processed ops", 704 qp->name); 705 return NULL; 706 } 707 708 return rte_ring_create(qp->name, ring_size, socket_id, 709 RING_F_SP_ENQ | RING_F_SC_DEQ); 710 } 711 712 713 /** Setup a queue pair */ 714 static int 715 openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, 716 const struct rte_cryptodev_qp_conf *qp_conf, 717 int socket_id) 718 { 719 struct openssl_qp *qp = NULL; 720 721 /* Free memory prior to re-allocation if needed. */ 722 if (dev->data->queue_pairs[qp_id] != NULL) 723 openssl_pmd_qp_release(dev, qp_id); 724 725 /* Allocate the queue pair data structure. */ 726 qp = rte_zmalloc_socket("OPENSSL PMD Queue Pair", sizeof(*qp), 727 RTE_CACHE_LINE_SIZE, socket_id); 728 if (qp == NULL) 729 return -ENOMEM; 730 731 qp->id = qp_id; 732 dev->data->queue_pairs[qp_id] = qp; 733 734 if (openssl_pmd_qp_set_unique_name(dev, qp)) 735 goto qp_setup_cleanup; 736 737 qp->processed_ops = openssl_pmd_qp_create_processed_ops_ring(qp, 738 qp_conf->nb_descriptors, socket_id); 739 if (qp->processed_ops == NULL) 740 goto qp_setup_cleanup; 741 742 qp->sess_mp = qp_conf->mp_session; 743 qp->sess_mp_priv = qp_conf->mp_session_private; 744 745 memset(&qp->stats, 0, sizeof(qp->stats)); 746 747 return 0; 748 749 qp_setup_cleanup: 750 rte_free(qp); 751 752 return -1; 753 } 754 755 /** Returns the size of the symmetric session structure */ 756 static unsigned 757 openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused) 758 { 759 return sizeof(struct openssl_session); 760 } 761 762 /** Returns the size of the asymmetric session structure */ 763 static unsigned 764 openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused) 765 { 766 return sizeof(struct openssl_asym_session); 767 } 768 769 /** Configure the session from a crypto xform chain */ 770 static int 771 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused, 772 struct rte_crypto_sym_xform *xform, 773 struct rte_cryptodev_sym_session *sess, 774 struct rte_mempool *mempool) 775 { 776 void *sess_private_data; 777 int ret; 778 779 if (unlikely(sess == NULL)) { 780 OPENSSL_LOG(ERR, "invalid session struct"); 781 return -EINVAL; 782 } 783 784 if (rte_mempool_get(mempool, &sess_private_data)) { 785 OPENSSL_LOG(ERR, 786 "Couldn't get object from session mempool"); 787 return -ENOMEM; 788 } 789 790 ret = openssl_set_session_parameters(sess_private_data, xform); 791 if (ret != 0) { 792 OPENSSL_LOG(ERR, "failed configure session parameters"); 793 794 /* Return session to mempool */ 795 rte_mempool_put(mempool, sess_private_data); 796 return ret; 797 } 798 799 set_sym_session_private_data(sess, dev->driver_id, 800 sess_private_data); 801 802 return 0; 803 } 804 805 static int openssl_set_asym_session_parameters( 806 struct openssl_asym_session *asym_session, 807 struct rte_crypto_asym_xform *xform) 808 { 809 int ret = 0; 810 811 if ((xform->xform_type != RTE_CRYPTO_ASYM_XFORM_DH) && 812 (xform->next != NULL)) { 813 OPENSSL_LOG(ERR, "chained xfrms are not supported on %s", 814 rte_crypto_asym_xform_strings[xform->xform_type]); 815 return -1; 816 } 817 818 switch (xform->xform_type) { 819 case RTE_CRYPTO_ASYM_XFORM_RSA: 820 { 821 BIGNUM *n = NULL; 822 BIGNUM *e = NULL; 823 BIGNUM *d = NULL; 824 BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL; 825 BIGNUM *iqmp = NULL, *dmq1 = NULL; 826 827 /* copy xfrm data into rsa struct */ 828 n = BN_bin2bn((const unsigned char *)xform->rsa.n.data, 829 xform->rsa.n.length, n); 830 e = BN_bin2bn((const unsigned char *)xform->rsa.e.data, 831 xform->rsa.e.length, e); 832 833 if (!n || !e) 834 goto err_rsa; 835 836 RSA *rsa = RSA_new(); 837 if (rsa == NULL) 838 goto err_rsa; 839 840 if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) { 841 d = BN_bin2bn( 842 (const unsigned char *)xform->rsa.d.data, 843 xform->rsa.d.length, 844 d); 845 if (!d) { 846 RSA_free(rsa); 847 goto err_rsa; 848 } 849 } else { 850 p = BN_bin2bn((const unsigned char *) 851 xform->rsa.qt.p.data, 852 xform->rsa.qt.p.length, 853 p); 854 q = BN_bin2bn((const unsigned char *) 855 xform->rsa.qt.q.data, 856 xform->rsa.qt.q.length, 857 q); 858 dmp1 = BN_bin2bn((const unsigned char *) 859 xform->rsa.qt.dP.data, 860 xform->rsa.qt.dP.length, 861 dmp1); 862 dmq1 = BN_bin2bn((const unsigned char *) 863 xform->rsa.qt.dQ.data, 864 xform->rsa.qt.dQ.length, 865 dmq1); 866 iqmp = BN_bin2bn((const unsigned char *) 867 xform->rsa.qt.qInv.data, 868 xform->rsa.qt.qInv.length, 869 iqmp); 870 871 if (!p || !q || !dmp1 || !dmq1 || !iqmp) { 872 RSA_free(rsa); 873 goto err_rsa; 874 } 875 ret = set_rsa_params(rsa, p, q); 876 if (ret) { 877 OPENSSL_LOG(ERR, 878 "failed to set rsa params\n"); 879 RSA_free(rsa); 880 goto err_rsa; 881 } 882 ret = set_rsa_crt_params(rsa, dmp1, dmq1, iqmp); 883 if (ret) { 884 OPENSSL_LOG(ERR, 885 "failed to set crt params\n"); 886 RSA_free(rsa); 887 /* 888 * set already populated params to NULL 889 * as its freed by call to RSA_free 890 */ 891 p = q = NULL; 892 goto err_rsa; 893 } 894 } 895 896 ret = set_rsa_keys(rsa, n, e, d); 897 if (ret) { 898 OPENSSL_LOG(ERR, "Failed to load rsa keys\n"); 899 RSA_free(rsa); 900 return -1; 901 } 902 asym_session->u.r.rsa = rsa; 903 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA; 904 break; 905 err_rsa: 906 BN_clear_free(n); 907 BN_clear_free(e); 908 BN_clear_free(d); 909 BN_clear_free(p); 910 BN_clear_free(q); 911 BN_clear_free(dmp1); 912 BN_clear_free(dmq1); 913 BN_clear_free(iqmp); 914 915 return -1; 916 } 917 case RTE_CRYPTO_ASYM_XFORM_MODEX: 918 { 919 struct rte_crypto_modex_xform *xfrm = &(xform->modex); 920 921 BN_CTX *ctx = BN_CTX_new(); 922 if (ctx == NULL) { 923 OPENSSL_LOG(ERR, 924 " failed to allocate resources\n"); 925 return -1; 926 } 927 BN_CTX_start(ctx); 928 BIGNUM *mod = BN_CTX_get(ctx); 929 BIGNUM *exp = BN_CTX_get(ctx); 930 if (mod == NULL || exp == NULL) { 931 BN_CTX_end(ctx); 932 BN_CTX_free(ctx); 933 return -1; 934 } 935 936 mod = BN_bin2bn((const unsigned char *) 937 xfrm->modulus.data, 938 xfrm->modulus.length, mod); 939 exp = BN_bin2bn((const unsigned char *) 940 xfrm->exponent.data, 941 xfrm->exponent.length, exp); 942 asym_session->u.e.ctx = ctx; 943 asym_session->u.e.mod = mod; 944 asym_session->u.e.exp = exp; 945 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODEX; 946 break; 947 } 948 case RTE_CRYPTO_ASYM_XFORM_MODINV: 949 { 950 struct rte_crypto_modinv_xform *xfrm = &(xform->modinv); 951 952 BN_CTX *ctx = BN_CTX_new(); 953 if (ctx == NULL) { 954 OPENSSL_LOG(ERR, 955 " failed to allocate resources\n"); 956 return -1; 957 } 958 BN_CTX_start(ctx); 959 BIGNUM *mod = BN_CTX_get(ctx); 960 if (mod == NULL) { 961 BN_CTX_end(ctx); 962 BN_CTX_free(ctx); 963 return -1; 964 } 965 966 mod = BN_bin2bn((const unsigned char *) 967 xfrm->modulus.data, 968 xfrm->modulus.length, 969 mod); 970 asym_session->u.m.ctx = ctx; 971 asym_session->u.m.modulus = mod; 972 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV; 973 break; 974 } 975 case RTE_CRYPTO_ASYM_XFORM_DH: 976 { 977 BIGNUM *p = NULL; 978 BIGNUM *g = NULL; 979 980 p = BN_bin2bn((const unsigned char *) 981 xform->dh.p.data, 982 xform->dh.p.length, 983 p); 984 g = BN_bin2bn((const unsigned char *) 985 xform->dh.g.data, 986 xform->dh.g.length, 987 g); 988 if (!p || !g) 989 goto err_dh; 990 991 DH *dh = DH_new(); 992 if (dh == NULL) { 993 OPENSSL_LOG(ERR, 994 "failed to allocate resources\n"); 995 goto err_dh; 996 } 997 ret = set_dh_params(dh, p, g); 998 if (ret) { 999 DH_free(dh); 1000 goto err_dh; 1001 } 1002 1003 /* 1004 * setup xfrom for 1005 * public key generate, or 1006 * DH Priv key generate, or both 1007 * public and private key generate 1008 */ 1009 asym_session->u.dh.key_op = (1 << xform->dh.type); 1010 1011 if (xform->dh.type == 1012 RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) { 1013 /* check if next is pubkey */ 1014 if ((xform->next != NULL) && 1015 (xform->next->xform_type == 1016 RTE_CRYPTO_ASYM_XFORM_DH) && 1017 (xform->next->dh.type == 1018 RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE) 1019 ) { 1020 /* 1021 * setup op as pub/priv key 1022 * pair generationi 1023 */ 1024 asym_session->u.dh.key_op |= 1025 (1 << 1026 RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE); 1027 } 1028 } 1029 asym_session->u.dh.dh_key = dh; 1030 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH; 1031 break; 1032 1033 err_dh: 1034 OPENSSL_LOG(ERR, " failed to set dh params\n"); 1035 BN_free(p); 1036 BN_free(g); 1037 return -1; 1038 } 1039 case RTE_CRYPTO_ASYM_XFORM_DSA: 1040 { 1041 BIGNUM *p = NULL, *g = NULL; 1042 BIGNUM *q = NULL, *priv_key = NULL; 1043 BIGNUM *pub_key = BN_new(); 1044 BN_zero(pub_key); 1045 1046 p = BN_bin2bn((const unsigned char *) 1047 xform->dsa.p.data, 1048 xform->dsa.p.length, 1049 p); 1050 1051 g = BN_bin2bn((const unsigned char *) 1052 xform->dsa.g.data, 1053 xform->dsa.g.length, 1054 g); 1055 1056 q = BN_bin2bn((const unsigned char *) 1057 xform->dsa.q.data, 1058 xform->dsa.q.length, 1059 q); 1060 if (!p || !q || !g) 1061 goto err_dsa; 1062 1063 priv_key = BN_bin2bn((const unsigned char *) 1064 xform->dsa.x.data, 1065 xform->dsa.x.length, 1066 priv_key); 1067 if (priv_key == NULL) 1068 goto err_dsa; 1069 1070 DSA *dsa = DSA_new(); 1071 if (dsa == NULL) { 1072 OPENSSL_LOG(ERR, 1073 " failed to allocate resources\n"); 1074 goto err_dsa; 1075 } 1076 1077 ret = set_dsa_params(dsa, p, q, g); 1078 if (ret) { 1079 DSA_free(dsa); 1080 OPENSSL_LOG(ERR, "Failed to dsa params\n"); 1081 goto err_dsa; 1082 } 1083 1084 /* 1085 * openssl 1.1.0 mandate that public key can't be 1086 * NULL in very first call. so set a dummy pub key. 1087 * to keep consistency, lets follow same approach for 1088 * both versions 1089 */ 1090 /* just set dummy public for very 1st call */ 1091 ret = set_dsa_keys(dsa, pub_key, priv_key); 1092 if (ret) { 1093 DSA_free(dsa); 1094 OPENSSL_LOG(ERR, "Failed to set keys\n"); 1095 return -1; 1096 } 1097 asym_session->u.s.dsa = dsa; 1098 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA; 1099 break; 1100 1101 err_dsa: 1102 BN_free(p); 1103 BN_free(q); 1104 BN_free(g); 1105 BN_free(priv_key); 1106 BN_free(pub_key); 1107 return -1; 1108 } 1109 default: 1110 return -1; 1111 } 1112 1113 return 0; 1114 } 1115 1116 /** Configure the session from a crypto xform chain */ 1117 static int 1118 openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused, 1119 struct rte_crypto_asym_xform *xform, 1120 struct rte_cryptodev_asym_session *sess, 1121 struct rte_mempool *mempool) 1122 { 1123 void *asym_sess_private_data; 1124 int ret; 1125 1126 if (unlikely(sess == NULL)) { 1127 OPENSSL_LOG(ERR, "invalid asymmetric session struct"); 1128 return -EINVAL; 1129 } 1130 1131 if (rte_mempool_get(mempool, &asym_sess_private_data)) { 1132 CDEV_LOG_ERR( 1133 "Couldn't get object from session mempool"); 1134 return -ENOMEM; 1135 } 1136 1137 ret = openssl_set_asym_session_parameters(asym_sess_private_data, 1138 xform); 1139 if (ret != 0) { 1140 OPENSSL_LOG(ERR, "failed configure session parameters"); 1141 1142 /* Return session to mempool */ 1143 rte_mempool_put(mempool, asym_sess_private_data); 1144 return ret; 1145 } 1146 1147 set_asym_session_private_data(sess, dev->driver_id, 1148 asym_sess_private_data); 1149 1150 return 0; 1151 } 1152 1153 /** Clear the memory of session so it doesn't leave key material behind */ 1154 static void 1155 openssl_pmd_sym_session_clear(struct rte_cryptodev *dev, 1156 struct rte_cryptodev_sym_session *sess) 1157 { 1158 uint8_t index = dev->driver_id; 1159 void *sess_priv = get_sym_session_private_data(sess, index); 1160 1161 /* Zero out the whole structure */ 1162 if (sess_priv) { 1163 openssl_reset_session(sess_priv); 1164 memset(sess_priv, 0, sizeof(struct openssl_session)); 1165 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); 1166 set_sym_session_private_data(sess, index, NULL); 1167 rte_mempool_put(sess_mp, sess_priv); 1168 } 1169 } 1170 1171 static void openssl_reset_asym_session(struct openssl_asym_session *sess) 1172 { 1173 switch (sess->xfrm_type) { 1174 case RTE_CRYPTO_ASYM_XFORM_RSA: 1175 if (sess->u.r.rsa) 1176 RSA_free(sess->u.r.rsa); 1177 break; 1178 case RTE_CRYPTO_ASYM_XFORM_MODEX: 1179 if (sess->u.e.ctx) { 1180 BN_CTX_end(sess->u.e.ctx); 1181 BN_CTX_free(sess->u.e.ctx); 1182 } 1183 break; 1184 case RTE_CRYPTO_ASYM_XFORM_MODINV: 1185 if (sess->u.m.ctx) { 1186 BN_CTX_end(sess->u.m.ctx); 1187 BN_CTX_free(sess->u.m.ctx); 1188 } 1189 break; 1190 case RTE_CRYPTO_ASYM_XFORM_DH: 1191 if (sess->u.dh.dh_key) 1192 DH_free(sess->u.dh.dh_key); 1193 break; 1194 case RTE_CRYPTO_ASYM_XFORM_DSA: 1195 if (sess->u.s.dsa) 1196 DSA_free(sess->u.s.dsa); 1197 break; 1198 default: 1199 break; 1200 } 1201 } 1202 1203 /** Clear the memory of asymmetric session 1204 * so it doesn't leave key material behind 1205 */ 1206 static void 1207 openssl_pmd_asym_session_clear(struct rte_cryptodev *dev, 1208 struct rte_cryptodev_asym_session *sess) 1209 { 1210 uint8_t index = dev->driver_id; 1211 void *sess_priv = get_asym_session_private_data(sess, index); 1212 1213 /* Zero out the whole structure */ 1214 if (sess_priv) { 1215 openssl_reset_asym_session(sess_priv); 1216 memset(sess_priv, 0, sizeof(struct openssl_asym_session)); 1217 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); 1218 set_asym_session_private_data(sess, index, NULL); 1219 rte_mempool_put(sess_mp, sess_priv); 1220 } 1221 } 1222 1223 struct rte_cryptodev_ops openssl_pmd_ops = { 1224 .dev_configure = openssl_pmd_config, 1225 .dev_start = openssl_pmd_start, 1226 .dev_stop = openssl_pmd_stop, 1227 .dev_close = openssl_pmd_close, 1228 1229 .stats_get = openssl_pmd_stats_get, 1230 .stats_reset = openssl_pmd_stats_reset, 1231 1232 .dev_infos_get = openssl_pmd_info_get, 1233 1234 .queue_pair_setup = openssl_pmd_qp_setup, 1235 .queue_pair_release = openssl_pmd_qp_release, 1236 1237 .sym_session_get_size = openssl_pmd_sym_session_get_size, 1238 .asym_session_get_size = openssl_pmd_asym_session_get_size, 1239 .sym_session_configure = openssl_pmd_sym_session_configure, 1240 .asym_session_configure = openssl_pmd_asym_session_configure, 1241 .sym_session_clear = openssl_pmd_sym_session_clear, 1242 .asym_session_clear = openssl_pmd_asym_session_clear 1243 }; 1244 1245 struct rte_cryptodev_ops *rte_openssl_pmd_ops = &openssl_pmd_ops; 1246