1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2016-2017 Intel Corporation
5 #define OPENSSL_API_COMPAT 0x10100000L
9 #include <rte_common.h>
10 #include <rte_malloc.h>
11 #include <cryptodev_pmd.h>
13 #include "openssl_pmd_private.h"
15 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
16 #include <openssl/provider.h>
17 #include <openssl/core_names.h>
18 #include <openssl/param_build.h>
21 static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
23 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
25 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
27 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
44 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
46 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
48 .algo = RTE_CRYPTO_AUTH_MD5,
65 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
67 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
69 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
86 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
88 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
90 .algo = RTE_CRYPTO_AUTH_SHA1,
107 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
109 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
111 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
128 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
130 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
132 .algo = RTE_CRYPTO_AUTH_SHA224,
149 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
151 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
153 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
170 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
172 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
174 .algo = RTE_CRYPTO_AUTH_SHA256,
191 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
193 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
195 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
212 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
214 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
216 .algo = RTE_CRYPTO_AUTH_SHA384,
233 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
235 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
237 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
254 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
256 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
258 .algo = RTE_CRYPTO_AUTH_SHA512,
275 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
277 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
279 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
295 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
297 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
299 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
315 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
317 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
319 .algo = RTE_CRYPTO_AEAD_AES_GCM,
345 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
347 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
349 .algo = RTE_CRYPTO_AEAD_AES_CCM,
374 { /* AES GMAC (AUTH) */
375 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
377 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
379 .algo = RTE_CRYPTO_AUTH_AES_GMAC,
400 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
402 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
404 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
420 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
422 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
424 .algo = RTE_CRYPTO_CIPHER_3DES_CTR,
440 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
442 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
444 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
459 { /* DES DOCSIS BPI */
460 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
462 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
464 .algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI,
480 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
483 .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
484 .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
485 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
486 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
487 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
490 /* min length is based on openssl rsa keygen */
492 /* value 0 symbolizes no limit on max length */
501 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
504 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
508 /* value 0 symbolizes no limit on min length */
510 /* value 0 symbolizes no limit on max length */
519 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
522 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
526 /* value 0 symbolizes no limit on min length */
528 /* value 0 symbolizes no limit on max length */
537 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
540 .xform_type = RTE_CRYPTO_ASYM_XFORM_DH,
542 ((1<<RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE) |
543 (1 << RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE |
545 RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE))),
548 /* value 0 symbolizes no limit on min length */
550 /* value 0 symbolizes no limit on max length */
559 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
562 .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA,
564 ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
565 (1 << RTE_CRYPTO_ASYM_OP_VERIFY)),
568 /* value 0 symbolizes no limit on min length */
570 /* value 0 symbolizes no limit on max length */
579 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
583 /** Configure device */
585 openssl_pmd_config(__rte_unused struct rte_cryptodev *dev,
586 __rte_unused struct rte_cryptodev_config *config)
593 openssl_pmd_start(__rte_unused struct rte_cryptodev *dev)
600 openssl_pmd_stop(__rte_unused struct rte_cryptodev *dev)
606 openssl_pmd_close(__rte_unused struct rte_cryptodev *dev)
612 /** Get device statistics */
614 openssl_pmd_stats_get(struct rte_cryptodev *dev,
615 struct rte_cryptodev_stats *stats)
619 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) {
620 struct openssl_qp *qp = dev->data->queue_pairs[qp_id];
622 stats->enqueued_count += qp->stats.enqueued_count;
623 stats->dequeued_count += qp->stats.dequeued_count;
625 stats->enqueue_err_count += qp->stats.enqueue_err_count;
626 stats->dequeue_err_count += qp->stats.dequeue_err_count;
630 /** Reset device statistics */
632 openssl_pmd_stats_reset(struct rte_cryptodev *dev)
636 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) {
637 struct openssl_qp *qp = dev->data->queue_pairs[qp_id];
639 memset(&qp->stats, 0, sizeof(qp->stats));
644 /** Get device info */
646 openssl_pmd_info_get(struct rte_cryptodev *dev,
647 struct rte_cryptodev_info *dev_info)
649 struct openssl_private *internals = dev->data->dev_private;
651 if (dev_info != NULL) {
652 dev_info->driver_id = dev->driver_id;
653 dev_info->feature_flags = dev->feature_flags;
654 dev_info->capabilities = openssl_pmd_capabilities;
655 dev_info->max_nb_queue_pairs = internals->max_nb_qpairs;
656 /* No limit of number of sessions */
657 dev_info->sym.max_nb_sessions = 0;
661 /** Release queue pair */
663 openssl_pmd_qp_release(struct rte_cryptodev *dev, uint16_t qp_id)
665 if (dev->data->queue_pairs[qp_id] != NULL) {
666 struct openssl_qp *qp = dev->data->queue_pairs[qp_id];
668 rte_ring_free(qp->processed_ops);
670 rte_free(dev->data->queue_pairs[qp_id]);
671 dev->data->queue_pairs[qp_id] = NULL;
676 /** set a unique name for the queue pair based on it's name, dev_id and qp_id */
678 openssl_pmd_qp_set_unique_name(struct rte_cryptodev *dev,
679 struct openssl_qp *qp)
681 unsigned int n = snprintf(qp->name, sizeof(qp->name),
682 "openssl_pmd_%u_qp_%u",
683 dev->data->dev_id, qp->id);
685 if (n >= sizeof(qp->name))
692 /** Create a ring to place processed operations on */
693 static struct rte_ring *
694 openssl_pmd_qp_create_processed_ops_ring(struct openssl_qp *qp,
695 unsigned int ring_size, int socket_id)
699 r = rte_ring_lookup(qp->name);
701 if (rte_ring_get_size(r) >= ring_size) {
703 "Reusing existing ring %s for processed ops",
709 "Unable to reuse existing ring %s for processed ops",
714 return rte_ring_create(qp->name, ring_size, socket_id,
715 RING_F_SP_ENQ | RING_F_SC_DEQ);
719 /** Setup a queue pair */
721 openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
722 const struct rte_cryptodev_qp_conf *qp_conf,
725 struct openssl_qp *qp = NULL;
727 /* Free memory prior to re-allocation if needed. */
728 if (dev->data->queue_pairs[qp_id] != NULL)
729 openssl_pmd_qp_release(dev, qp_id);
731 /* Allocate the queue pair data structure. */
732 qp = rte_zmalloc_socket("OPENSSL PMD Queue Pair", sizeof(*qp),
733 RTE_CACHE_LINE_SIZE, socket_id);
738 dev->data->queue_pairs[qp_id] = qp;
740 if (openssl_pmd_qp_set_unique_name(dev, qp))
741 goto qp_setup_cleanup;
743 qp->processed_ops = openssl_pmd_qp_create_processed_ops_ring(qp,
744 qp_conf->nb_descriptors, socket_id);
745 if (qp->processed_ops == NULL)
746 goto qp_setup_cleanup;
748 qp->sess_mp = qp_conf->mp_session;
749 qp->sess_mp_priv = qp_conf->mp_session_private;
751 memset(&qp->stats, 0, sizeof(qp->stats));
761 /** Returns the size of the symmetric session structure */
763 openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
765 return sizeof(struct openssl_session);
768 /** Returns the size of the asymmetric session structure */
770 openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused)
772 return sizeof(struct openssl_asym_session);
775 /** Configure the session from a crypto xform chain */
777 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
778 struct rte_crypto_sym_xform *xform,
779 struct rte_cryptodev_sym_session *sess,
780 struct rte_mempool *mempool)
782 void *sess_private_data;
785 if (unlikely(sess == NULL)) {
786 OPENSSL_LOG(ERR, "invalid session struct");
790 if (rte_mempool_get(mempool, &sess_private_data)) {
792 "Couldn't get object from session mempool");
796 ret = openssl_set_session_parameters(sess_private_data, xform);
798 OPENSSL_LOG(ERR, "failed configure session parameters");
800 /* Return session to mempool */
801 rte_mempool_put(mempool, sess_private_data);
805 set_sym_session_private_data(sess, dev->driver_id,
811 static int openssl_set_asym_session_parameters(
812 struct openssl_asym_session *asym_session,
813 struct rte_crypto_asym_xform *xform)
817 if ((xform->xform_type != RTE_CRYPTO_ASYM_XFORM_DH) &&
818 (xform->next != NULL)) {
819 OPENSSL_LOG(ERR, "chained xfrms are not supported on %s",
820 rte_crypto_asym_xform_strings[xform->xform_type]);
824 switch (xform->xform_type) {
825 case RTE_CRYPTO_ASYM_XFORM_RSA:
830 BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL;
831 BIGNUM *iqmp = NULL, *dmq1 = NULL;
833 /* copy xfrm data into rsa struct */
834 n = BN_bin2bn((const unsigned char *)xform->rsa.n.data,
835 xform->rsa.n.length, n);
836 e = BN_bin2bn((const unsigned char *)xform->rsa.e.data,
837 xform->rsa.e.length, e);
842 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
843 OSSL_PARAM_BLD * param_bld = OSSL_PARAM_BLD_new();
845 OPENSSL_LOG(ERR, "failed to allocate resources\n");
849 if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, n)
850 || !OSSL_PARAM_BLD_push_BN(param_bld,
851 OSSL_PKEY_PARAM_RSA_E, e)) {
852 OSSL_PARAM_BLD_free(param_bld);
853 OPENSSL_LOG(ERR, "failed to allocate resources\n");
857 if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) {
859 (const unsigned char *)xform->rsa.d.data,
863 OSSL_PARAM_BLD_free(param_bld);
867 p = BN_bin2bn((const unsigned char *)
868 xform->rsa.qt.p.data,
869 xform->rsa.qt.p.length,
871 q = BN_bin2bn((const unsigned char *)
872 xform->rsa.qt.q.data,
873 xform->rsa.qt.q.length,
875 dmp1 = BN_bin2bn((const unsigned char *)
876 xform->rsa.qt.dP.data,
877 xform->rsa.qt.dP.length,
879 dmq1 = BN_bin2bn((const unsigned char *)
880 xform->rsa.qt.dQ.data,
881 xform->rsa.qt.dQ.length,
883 iqmp = BN_bin2bn((const unsigned char *)
884 xform->rsa.qt.qInv.data,
885 xform->rsa.qt.qInv.length,
888 if (!p || !q || !dmp1 || !dmq1 || !iqmp) {
889 OSSL_PARAM_BLD_free(param_bld);
893 if (!OSSL_PARAM_BLD_push_BN(param_bld,
894 OSSL_PKEY_PARAM_RSA_FACTOR1, p)
895 || !OSSL_PARAM_BLD_push_BN(param_bld,
896 OSSL_PKEY_PARAM_RSA_FACTOR2, q)
897 || !OSSL_PARAM_BLD_push_BN(param_bld,
898 OSSL_PKEY_PARAM_RSA_EXPONENT1, dmp1)
899 || !OSSL_PARAM_BLD_push_BN(param_bld,
900 OSSL_PKEY_PARAM_RSA_EXPONENT2, dmq1)
901 || !OSSL_PARAM_BLD_push_BN(param_bld,
902 OSSL_PKEY_PARAM_RSA_COEFFICIENT1, iqmp)) {
903 OSSL_PARAM_BLD_free(param_bld);
908 if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_N, n)
909 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_RSA_E, e)
910 || !OSSL_PARAM_BLD_push_BN(param_bld,
911 OSSL_PKEY_PARAM_RSA_D, d)) {
912 OSSL_PARAM_BLD_free(param_bld);
916 EVP_PKEY_CTX *key_ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
917 EVP_PKEY *pkey = NULL;
918 EVP_PKEY_CTX *rsa_ctx = NULL;
919 OSSL_PARAM *params = NULL;
921 params = OSSL_PARAM_BLD_to_param(param_bld);
923 OSSL_PARAM_BLD_free(param_bld);
928 || EVP_PKEY_fromdata_init(key_ctx) <= 0
929 || EVP_PKEY_fromdata(key_ctx, &pkey,
930 EVP_PKEY_KEYPAIR, params) <= 0) {
931 OSSL_PARAM_free(params);
935 rsa_ctx = EVP_PKEY_CTX_new(pkey, NULL);
936 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA;
937 asym_session->u.r.ctx = rsa_ctx;
938 EVP_PKEY_CTX_free(key_ctx);
939 OSSL_PARAM_free(params);
942 RSA *rsa = RSA_new();
946 if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) {
948 (const unsigned char *)xform->rsa.d.data,
956 p = BN_bin2bn((const unsigned char *)
957 xform->rsa.qt.p.data,
958 xform->rsa.qt.p.length,
960 q = BN_bin2bn((const unsigned char *)
961 xform->rsa.qt.q.data,
962 xform->rsa.qt.q.length,
964 dmp1 = BN_bin2bn((const unsigned char *)
965 xform->rsa.qt.dP.data,
966 xform->rsa.qt.dP.length,
968 dmq1 = BN_bin2bn((const unsigned char *)
969 xform->rsa.qt.dQ.data,
970 xform->rsa.qt.dQ.length,
972 iqmp = BN_bin2bn((const unsigned char *)
973 xform->rsa.qt.qInv.data,
974 xform->rsa.qt.qInv.length,
977 if (!p || !q || !dmp1 || !dmq1 || !iqmp) {
981 ret = set_rsa_params(rsa, p, q);
984 "failed to set rsa params\n");
988 ret = set_rsa_crt_params(rsa, dmp1, dmq1, iqmp);
991 "failed to set crt params\n");
994 * set already populated params to NULL
995 * as its freed by call to RSA_free
1002 ret = set_rsa_keys(rsa, n, e, d);
1004 OPENSSL_LOG(ERR, "Failed to load rsa keys\n");
1008 asym_session->u.r.rsa = rsa;
1009 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA;
1018 BN_clear_free(dmp1);
1019 BN_clear_free(dmq1);
1020 BN_clear_free(iqmp);
1024 case RTE_CRYPTO_ASYM_XFORM_MODEX:
1026 struct rte_crypto_modex_xform *xfrm = &(xform->modex);
1028 BN_CTX *ctx = BN_CTX_new();
1031 " failed to allocate resources\n");
1035 BIGNUM *mod = BN_CTX_get(ctx);
1036 BIGNUM *exp = BN_CTX_get(ctx);
1037 if (mod == NULL || exp == NULL) {
1043 mod = BN_bin2bn((const unsigned char *)
1045 xfrm->modulus.length, mod);
1046 exp = BN_bin2bn((const unsigned char *)
1047 xfrm->exponent.data,
1048 xfrm->exponent.length, exp);
1049 asym_session->u.e.ctx = ctx;
1050 asym_session->u.e.mod = mod;
1051 asym_session->u.e.exp = exp;
1052 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODEX;
1055 case RTE_CRYPTO_ASYM_XFORM_MODINV:
1057 struct rte_crypto_modinv_xform *xfrm = &(xform->modinv);
1059 BN_CTX *ctx = BN_CTX_new();
1062 " failed to allocate resources\n");
1066 BIGNUM *mod = BN_CTX_get(ctx);
1073 mod = BN_bin2bn((const unsigned char *)
1075 xfrm->modulus.length,
1077 asym_session->u.m.ctx = ctx;
1078 asym_session->u.m.modulus = mod;
1079 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV;
1082 case RTE_CRYPTO_ASYM_XFORM_DH:
1087 p = BN_bin2bn((const unsigned char *)
1091 g = BN_bin2bn((const unsigned char *)
1099 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
1100 OSSL_PARAM_BLD *param_bld = NULL;
1101 param_bld = OSSL_PARAM_BLD_new();
1103 OPENSSL_LOG(ERR, "failed to allocate resources\n");
1106 if ((!OSSL_PARAM_BLD_push_utf8_string(param_bld,
1107 "group", "ffdhe2048", 0))
1108 || (!OSSL_PARAM_BLD_push_BN(param_bld,
1109 OSSL_PKEY_PARAM_FFC_P, p))
1110 || (!OSSL_PARAM_BLD_push_BN(param_bld,
1111 OSSL_PKEY_PARAM_FFC_G, g))) {
1112 OSSL_PARAM_BLD_free(param_bld);
1116 OSSL_PARAM_BLD *param_bld_peer = NULL;
1117 param_bld_peer = OSSL_PARAM_BLD_new();
1118 if (!param_bld_peer) {
1119 OPENSSL_LOG(ERR, "failed to allocate resources\n");
1120 OSSL_PARAM_BLD_free(param_bld);
1123 if ((!OSSL_PARAM_BLD_push_utf8_string(param_bld_peer,
1124 "group", "ffdhe2048", 0))
1125 || (!OSSL_PARAM_BLD_push_BN(param_bld_peer,
1126 OSSL_PKEY_PARAM_FFC_P, p))
1127 || (!OSSL_PARAM_BLD_push_BN(param_bld_peer,
1128 OSSL_PKEY_PARAM_FFC_G, g))) {
1129 OSSL_PARAM_BLD_free(param_bld);
1130 OSSL_PARAM_BLD_free(param_bld_peer);
1134 asym_session->u.dh.param_bld = param_bld;
1135 asym_session->u.dh.param_bld_peer = param_bld_peer;
1140 "failed to allocate resources\n");
1143 ret = set_dh_params(dh, p, g);
1149 asym_session->u.dh.dh_key = dh;
1150 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH;
1154 OPENSSL_LOG(ERR, " failed to set dh params\n");
1159 case RTE_CRYPTO_ASYM_XFORM_DSA:
1161 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
1162 BIGNUM *p = NULL, *g = NULL;
1163 BIGNUM *q = NULL, *priv_key = NULL;
1164 BIGNUM *pub_key = BN_new();
1166 OSSL_PARAM_BLD *param_bld = NULL;
1168 p = BN_bin2bn((const unsigned char *)
1170 xform->dsa.p.length,
1173 g = BN_bin2bn((const unsigned char *)
1175 xform->dsa.g.length,
1178 q = BN_bin2bn((const unsigned char *)
1180 xform->dsa.q.length,
1185 priv_key = BN_bin2bn((const unsigned char *)
1187 xform->dsa.x.length,
1189 if (priv_key == NULL)
1192 param_bld = OSSL_PARAM_BLD_new();
1194 OPENSSL_LOG(ERR, "failed to allocate resources\n");
1198 if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, p)
1199 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, g)
1200 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, q)
1201 || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, priv_key)) {
1202 OSSL_PARAM_BLD_free(param_bld);
1203 OPENSSL_LOG(ERR, "failed to allocate resources\n");
1206 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA;
1207 asym_session->u.s.param_bld = param_bld;
1211 BIGNUM *p = NULL, *g = NULL;
1212 BIGNUM *q = NULL, *priv_key = NULL;
1213 BIGNUM *pub_key = BN_new();
1216 p = BN_bin2bn((const unsigned char *)
1218 xform->dsa.p.length,
1221 g = BN_bin2bn((const unsigned char *)
1223 xform->dsa.g.length,
1226 q = BN_bin2bn((const unsigned char *)
1228 xform->dsa.q.length,
1233 priv_key = BN_bin2bn((const unsigned char *)
1235 xform->dsa.x.length,
1237 if (priv_key == NULL)
1240 DSA *dsa = DSA_new();
1243 " failed to allocate resources\n");
1247 ret = set_dsa_params(dsa, p, q, g);
1250 OPENSSL_LOG(ERR, "Failed to dsa params\n");
1255 * openssl 1.1.0 mandate that public key can't be
1256 * NULL in very first call. so set a dummy pub key.
1257 * to keep consistency, lets follow same approach for
1260 /* just set dummy public for very 1st call */
1261 ret = set_dsa_keys(dsa, pub_key, priv_key);
1264 OPENSSL_LOG(ERR, "Failed to set keys\n");
1267 asym_session->u.s.dsa = dsa;
1268 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA;
1286 /** Configure the session from a crypto xform chain */
1288 openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
1289 struct rte_crypto_asym_xform *xform,
1290 struct rte_cryptodev_asym_session *sess)
1292 void *asym_sess_private_data;
1295 if (unlikely(sess == NULL)) {
1296 OPENSSL_LOG(ERR, "invalid asymmetric session struct");
1300 asym_sess_private_data = sess->sess_private_data;
1301 ret = openssl_set_asym_session_parameters(asym_sess_private_data,
1304 OPENSSL_LOG(ERR, "failed configure session parameters");
1311 /** Clear the memory of session so it doesn't leave key material behind */
1313 openssl_pmd_sym_session_clear(struct rte_cryptodev *dev,
1314 struct rte_cryptodev_sym_session *sess)
1316 uint8_t index = dev->driver_id;
1317 void *sess_priv = get_sym_session_private_data(sess, index);
1319 /* Zero out the whole structure */
1321 openssl_reset_session(sess_priv);
1322 memset(sess_priv, 0, sizeof(struct openssl_session));
1323 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
1324 set_sym_session_private_data(sess, index, NULL);
1325 rte_mempool_put(sess_mp, sess_priv);
1329 static void openssl_reset_asym_session(struct openssl_asym_session *sess)
1331 switch (sess->xfrm_type) {
1332 case RTE_CRYPTO_ASYM_XFORM_RSA:
1333 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
1335 EVP_PKEY_CTX_free(sess->u.r.ctx);
1338 RSA_free(sess->u.r.rsa);
1341 case RTE_CRYPTO_ASYM_XFORM_MODEX:
1342 if (sess->u.e.ctx) {
1343 BN_CTX_end(sess->u.e.ctx);
1344 BN_CTX_free(sess->u.e.ctx);
1347 case RTE_CRYPTO_ASYM_XFORM_MODINV:
1348 if (sess->u.m.ctx) {
1349 BN_CTX_end(sess->u.m.ctx);
1350 BN_CTX_free(sess->u.m.ctx);
1353 case RTE_CRYPTO_ASYM_XFORM_DH:
1354 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
1355 sess->u.dh.param_bld = NULL;
1356 sess->u.dh.param_bld_peer = NULL;
1358 if (sess->u.dh.dh_key)
1359 DH_free(sess->u.dh.dh_key);
1362 case RTE_CRYPTO_ASYM_XFORM_DSA:
1363 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
1364 sess->u.s.param_bld = NULL;
1367 DSA_free(sess->u.s.dsa);
1375 /** Clear the memory of asymmetric session
1376 * so it doesn't leave key material behind
1379 openssl_pmd_asym_session_clear(struct rte_cryptodev *dev __rte_unused,
1380 struct rte_cryptodev_asym_session *sess)
1382 void *sess_priv = sess->sess_private_data;
1384 /* Zero out the whole structure */
1386 openssl_reset_asym_session(sess_priv);
1387 memset(sess_priv, 0, sizeof(struct openssl_asym_session));
1391 struct rte_cryptodev_ops openssl_pmd_ops = {
1392 .dev_configure = openssl_pmd_config,
1393 .dev_start = openssl_pmd_start,
1394 .dev_stop = openssl_pmd_stop,
1395 .dev_close = openssl_pmd_close,
1397 .stats_get = openssl_pmd_stats_get,
1398 .stats_reset = openssl_pmd_stats_reset,
1400 .dev_infos_get = openssl_pmd_info_get,
1402 .queue_pair_setup = openssl_pmd_qp_setup,
1403 .queue_pair_release = openssl_pmd_qp_release,
1405 .sym_session_get_size = openssl_pmd_sym_session_get_size,
1406 .asym_session_get_size = openssl_pmd_asym_session_get_size,
1407 .sym_session_configure = openssl_pmd_sym_session_configure,
1408 .asym_session_configure = openssl_pmd_asym_session_configure,
1409 .sym_session_clear = openssl_pmd_sym_session_clear,
1410 .asym_session_clear = openssl_pmd_asym_session_clear
1413 struct rte_cryptodev_ops *rte_openssl_pmd_ops = &openssl_pmd_ops;
git.droids-corp.org / dpdk.git / blob