1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2016-2017 Intel Corporation
7 #include <rte_common.h>
8 #include <rte_malloc.h>
9 #include <rte_cryptodev_pmd.h>
11 #include "rte_openssl_pmd_private.h"
15 static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
17 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
19 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
21 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
38 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
40 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
42 .algo = RTE_CRYPTO_AUTH_MD5,
59 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
61 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
63 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
80 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
82 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
84 .algo = RTE_CRYPTO_AUTH_SHA1,
101 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
103 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
105 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
122 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
124 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
126 .algo = RTE_CRYPTO_AUTH_SHA224,
143 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
145 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
147 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
164 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
166 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
168 .algo = RTE_CRYPTO_AUTH_SHA256,
185 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
187 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
189 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
206 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
208 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
210 .algo = RTE_CRYPTO_AUTH_SHA384,
227 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
229 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
231 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
248 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
250 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
252 .algo = RTE_CRYPTO_AUTH_SHA512,
269 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
271 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
273 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
289 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
291 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
293 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
309 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
311 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
313 .algo = RTE_CRYPTO_AEAD_AES_GCM,
339 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
341 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
343 .algo = RTE_CRYPTO_AEAD_AES_CCM,
368 { /* AES GMAC (AUTH) */
369 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
371 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
373 .algo = RTE_CRYPTO_AUTH_AES_GMAC,
394 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
396 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
398 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
414 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
416 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
418 .algo = RTE_CRYPTO_CIPHER_3DES_CTR,
434 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
436 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
438 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
453 { /* DES DOCSIS BPI */
454 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
456 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
458 .algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI,
474 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
477 .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
478 .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
479 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
480 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
481 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
484 /* min length is based on openssl rsa keygen */
486 /* value 0 symbolizes no limit on max length */
495 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
498 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
502 /* value 0 symbolizes no limit on min length */
504 /* value 0 symbolizes no limit on max length */
513 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
516 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
520 /* value 0 symbolizes no limit on min length */
522 /* value 0 symbolizes no limit on max length */
531 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
534 .xform_type = RTE_CRYPTO_ASYM_XFORM_DH,
536 ((1<<RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) |
537 (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE |
539 RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE))),
542 /* value 0 symbolizes no limit on min length */
544 /* value 0 symbolizes no limit on max length */
553 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
556 .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA,
558 ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
559 (1 << RTE_CRYPTO_ASYM_OP_VERIFY)),
562 /* value 0 symbolizes no limit on min length */
564 /* value 0 symbolizes no limit on max length */
573 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
577 /** Configure device */
579 openssl_pmd_config(__rte_unused struct rte_cryptodev *dev,
580 __rte_unused struct rte_cryptodev_config *config)
587 openssl_pmd_start(__rte_unused struct rte_cryptodev *dev)
594 openssl_pmd_stop(__rte_unused struct rte_cryptodev *dev)
600 openssl_pmd_close(__rte_unused struct rte_cryptodev *dev)
606 /** Get device statistics */
608 openssl_pmd_stats_get(struct rte_cryptodev *dev,
609 struct rte_cryptodev_stats *stats)
613 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) {
614 struct openssl_qp *qp = dev->data->queue_pairs[qp_id];
616 stats->enqueued_count += qp->stats.enqueued_count;
617 stats->dequeued_count += qp->stats.dequeued_count;
619 stats->enqueue_err_count += qp->stats.enqueue_err_count;
620 stats->dequeue_err_count += qp->stats.dequeue_err_count;
624 /** Reset device statistics */
626 openssl_pmd_stats_reset(struct rte_cryptodev *dev)
630 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) {
631 struct openssl_qp *qp = dev->data->queue_pairs[qp_id];
633 memset(&qp->stats, 0, sizeof(qp->stats));
638 /** Get device info */
640 openssl_pmd_info_get(struct rte_cryptodev *dev,
641 struct rte_cryptodev_info *dev_info)
643 struct openssl_private *internals = dev->data->dev_private;
645 if (dev_info != NULL) {
646 dev_info->driver_id = dev->driver_id;
647 dev_info->feature_flags = dev->feature_flags;
648 dev_info->capabilities = openssl_pmd_capabilities;
649 dev_info->max_nb_queue_pairs = internals->max_nb_qpairs;
650 /* No limit of number of sessions */
651 dev_info->sym.max_nb_sessions = 0;
655 /** Release queue pair */
657 openssl_pmd_qp_release(struct rte_cryptodev *dev, uint16_t qp_id)
659 if (dev->data->queue_pairs[qp_id] != NULL) {
660 rte_free(dev->data->queue_pairs[qp_id]);
661 dev->data->queue_pairs[qp_id] = NULL;
666 /** set a unique name for the queue pair based on it's name, dev_id and qp_id */
668 openssl_pmd_qp_set_unique_name(struct rte_cryptodev *dev,
669 struct openssl_qp *qp)
671 unsigned int n = snprintf(qp->name, sizeof(qp->name),
672 "openssl_pmd_%u_qp_%u",
673 dev->data->dev_id, qp->id);
675 if (n >= sizeof(qp->name))
682 /** Create a ring to place processed operations on */
683 static struct rte_ring *
684 openssl_pmd_qp_create_processed_ops_ring(struct openssl_qp *qp,
685 unsigned int ring_size, int socket_id)
689 r = rte_ring_lookup(qp->name);
691 if (rte_ring_get_size(r) >= ring_size) {
693 "Reusing existing ring %s for processed ops",
699 "Unable to reuse existing ring %s for processed ops",
704 return rte_ring_create(qp->name, ring_size, socket_id,
705 RING_F_SP_ENQ | RING_F_SC_DEQ);
709 /** Setup a queue pair */
711 openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
712 const struct rte_cryptodev_qp_conf *qp_conf,
713 int socket_id, struct rte_mempool *session_pool)
715 struct openssl_qp *qp = NULL;
717 /* Free memory prior to re-allocation if needed. */
718 if (dev->data->queue_pairs[qp_id] != NULL)
719 openssl_pmd_qp_release(dev, qp_id);
721 /* Allocate the queue pair data structure. */
722 qp = rte_zmalloc_socket("OPENSSL PMD Queue Pair", sizeof(*qp),
723 RTE_CACHE_LINE_SIZE, socket_id);
728 dev->data->queue_pairs[qp_id] = qp;
730 if (openssl_pmd_qp_set_unique_name(dev, qp))
731 goto qp_setup_cleanup;
733 qp->processed_ops = openssl_pmd_qp_create_processed_ops_ring(qp,
734 qp_conf->nb_descriptors, socket_id);
735 if (qp->processed_ops == NULL)
736 goto qp_setup_cleanup;
738 qp->sess_mp = session_pool;
740 memset(&qp->stats, 0, sizeof(qp->stats));
751 /** Return the number of allocated queue pairs */
753 openssl_pmd_qp_count(struct rte_cryptodev *dev)
755 return dev->data->nb_queue_pairs;
758 /** Returns the size of the symmetric session structure */
760 openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
762 return sizeof(struct openssl_session);
765 /** Returns the size of the asymmetric session structure */
767 openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused)
769 return sizeof(struct openssl_asym_session);
772 /** Configure the session from a crypto xform chain */
774 openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
775 struct rte_crypto_sym_xform *xform,
776 struct rte_cryptodev_sym_session *sess,
777 struct rte_mempool *mempool)
779 void *sess_private_data;
782 if (unlikely(sess == NULL)) {
783 OPENSSL_LOG(ERR, "invalid session struct");
787 if (rte_mempool_get(mempool, &sess_private_data)) {
789 "Couldn't get object from session mempool");
793 ret = openssl_set_session_parameters(sess_private_data, xform);
795 OPENSSL_LOG(ERR, "failed configure session parameters");
797 /* Return session to mempool */
798 rte_mempool_put(mempool, sess_private_data);
802 set_sym_session_private_data(sess, dev->driver_id,
808 static int openssl_set_asym_session_parameters(
809 struct openssl_asym_session *asym_session,
810 struct rte_crypto_asym_xform *xform)
814 if ((xform->xform_type != RTE_CRYPTO_ASYM_XFORM_DH) &&
815 (xform->next != NULL)) {
816 OPENSSL_LOG(ERR, "chained xfrms are not supported on %s",
817 rte_crypto_asym_xform_strings[xform->xform_type]);
821 switch (xform->xform_type) {
822 case RTE_CRYPTO_ASYM_XFORM_RSA:
827 BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL;
828 BIGNUM *iqmp = NULL, *dmq1 = NULL;
830 /* copy xfrm data into rsa struct */
831 n = BN_bin2bn((const unsigned char *)xform->rsa.n.data,
832 xform->rsa.n.length, n);
833 e = BN_bin2bn((const unsigned char *)xform->rsa.e.data,
834 xform->rsa.e.length, e);
839 RSA *rsa = RSA_new();
843 if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) {
845 (const unsigned char *)xform->rsa.d.data,
853 p = BN_bin2bn((const unsigned char *)
854 xform->rsa.qt.p.data,
855 xform->rsa.qt.p.length,
857 q = BN_bin2bn((const unsigned char *)
858 xform->rsa.qt.q.data,
859 xform->rsa.qt.q.length,
861 dmp1 = BN_bin2bn((const unsigned char *)
862 xform->rsa.qt.dP.data,
863 xform->rsa.qt.dP.length,
865 dmq1 = BN_bin2bn((const unsigned char *)
866 xform->rsa.qt.dQ.data,
867 xform->rsa.qt.dQ.length,
869 iqmp = BN_bin2bn((const unsigned char *)
870 xform->rsa.qt.qInv.data,
871 xform->rsa.qt.qInv.length,
874 if (!p || !q || !dmp1 || !dmq1 || !iqmp) {
878 ret = set_rsa_params(rsa, p, q);
881 "failed to set rsa params\n");
885 ret = set_rsa_crt_params(rsa, dmp1, dmq1, iqmp);
888 "failed to set crt params\n");
891 * set already populated params to NULL
892 * as its freed by call to RSA_free
899 ret = set_rsa_keys(rsa, n, e, d);
901 OPENSSL_LOG(ERR, "Failed to load rsa keys\n");
905 asym_session->u.r.rsa = rsa;
906 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA;
920 case RTE_CRYPTO_ASYM_XFORM_MODEX:
922 struct rte_crypto_modex_xform *xfrm = &(xform->modex);
924 BN_CTX *ctx = BN_CTX_new();
927 " failed to allocate resources\n");
931 BIGNUM *mod = BN_CTX_get(ctx);
932 BIGNUM *exp = BN_CTX_get(ctx);
933 if (mod == NULL || exp == NULL) {
939 mod = BN_bin2bn((const unsigned char *)
941 xfrm->modulus.length, mod);
942 exp = BN_bin2bn((const unsigned char *)
944 xfrm->exponent.length, exp);
945 asym_session->u.e.ctx = ctx;
946 asym_session->u.e.mod = mod;
947 asym_session->u.e.exp = exp;
948 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODEX;
951 case RTE_CRYPTO_ASYM_XFORM_MODINV:
953 struct rte_crypto_modinv_xform *xfrm = &(xform->modinv);
955 BN_CTX *ctx = BN_CTX_new();
958 " failed to allocate resources\n");
962 BIGNUM *mod = BN_CTX_get(ctx);
969 mod = BN_bin2bn((const unsigned char *)
971 xfrm->modulus.length,
973 asym_session->u.m.ctx = ctx;
974 asym_session->u.m.modulus = mod;
975 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV;
978 case RTE_CRYPTO_ASYM_XFORM_DH:
983 p = BN_bin2bn((const unsigned char *)
987 g = BN_bin2bn((const unsigned char *)
997 "failed to allocate resources\n");
1000 ret = set_dh_params(dh, p, g);
1008 * public key generate, or
1009 * DH Priv key generate, or both
1010 * public and private key generate
1012 asym_session->u.dh.key_op = (1 << xform->dh.type);
1014 if (xform->dh.type ==
1015 RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) {
1016 /* check if next is pubkey */
1017 if ((xform->next != NULL) &&
1018 (xform->next->xform_type ==
1019 RTE_CRYPTO_ASYM_XFORM_DH) &&
1020 (xform->next->dh.type ==
1021 RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)
1024 * setup op as pub/priv key
1027 asym_session->u.dh.key_op |=
1029 RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE);
1032 asym_session->u.dh.dh_key = dh;
1033 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH;
1037 OPENSSL_LOG(ERR, " failed to set dh params\n");
1042 case RTE_CRYPTO_ASYM_XFORM_DSA:
1044 BIGNUM *p = NULL, *g = NULL;
1045 BIGNUM *q = NULL, *priv_key = NULL;
1046 BIGNUM *pub_key = BN_new();
1049 p = BN_bin2bn((const unsigned char *)
1051 xform->dsa.p.length,
1054 g = BN_bin2bn((const unsigned char *)
1056 xform->dsa.g.length,
1059 q = BN_bin2bn((const unsigned char *)
1061 xform->dsa.q.length,
1066 priv_key = BN_bin2bn((const unsigned char *)
1068 xform->dsa.x.length,
1070 if (priv_key == NULL)
1073 DSA *dsa = DSA_new();
1076 " failed to allocate resources\n");
1080 ret = set_dsa_params(dsa, p, q, g);
1083 OPENSSL_LOG(ERR, "Failed to dsa params\n");
1088 * openssl 1.1.0 mandate that public key can't be
1089 * NULL in very first call. so set a dummy pub key.
1090 * to keep consistency, lets follow same approach for
1093 /* just set dummy public for very 1st call */
1094 ret = set_dsa_keys(dsa, pub_key, priv_key);
1097 OPENSSL_LOG(ERR, "Failed to set keys\n");
1100 asym_session->u.s.dsa = dsa;
1101 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA;
1119 /** Configure the session from a crypto xform chain */
1121 openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
1122 struct rte_crypto_asym_xform *xform,
1123 struct rte_cryptodev_asym_session *sess,
1124 struct rte_mempool *mempool)
1126 void *asym_sess_private_data;
1129 if (unlikely(sess == NULL)) {
1130 OPENSSL_LOG(ERR, "invalid asymmetric session struct");
1134 if (rte_mempool_get(mempool, &asym_sess_private_data)) {
1136 "Couldn't get object from session mempool");
1140 ret = openssl_set_asym_session_parameters(asym_sess_private_data,
1143 OPENSSL_LOG(ERR, "failed configure session parameters");
1145 /* Return session to mempool */
1146 rte_mempool_put(mempool, asym_sess_private_data);
1150 set_asym_session_private_data(sess, dev->driver_id,
1151 asym_sess_private_data);
1156 /** Clear the memory of session so it doesn't leave key material behind */
1158 openssl_pmd_sym_session_clear(struct rte_cryptodev *dev,
1159 struct rte_cryptodev_sym_session *sess)
1161 uint8_t index = dev->driver_id;
1162 void *sess_priv = get_sym_session_private_data(sess, index);
1164 /* Zero out the whole structure */
1166 openssl_reset_session(sess_priv);
1167 memset(sess_priv, 0, sizeof(struct openssl_session));
1168 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
1169 set_sym_session_private_data(sess, index, NULL);
1170 rte_mempool_put(sess_mp, sess_priv);
1174 static void openssl_reset_asym_session(struct openssl_asym_session *sess)
1176 switch (sess->xfrm_type) {
1177 case RTE_CRYPTO_ASYM_XFORM_RSA:
1179 RSA_free(sess->u.r.rsa);
1181 case RTE_CRYPTO_ASYM_XFORM_MODEX:
1182 if (sess->u.e.ctx) {
1183 BN_CTX_end(sess->u.e.ctx);
1184 BN_CTX_free(sess->u.e.ctx);
1187 case RTE_CRYPTO_ASYM_XFORM_MODINV:
1188 if (sess->u.m.ctx) {
1189 BN_CTX_end(sess->u.m.ctx);
1190 BN_CTX_free(sess->u.m.ctx);
1193 case RTE_CRYPTO_ASYM_XFORM_DH:
1194 if (sess->u.dh.dh_key)
1195 DH_free(sess->u.dh.dh_key);
1197 case RTE_CRYPTO_ASYM_XFORM_DSA:
1199 DSA_free(sess->u.s.dsa);
1206 /** Clear the memory of asymmetric session
1207 * so it doesn't leave key material behind
1210 openssl_pmd_asym_session_clear(struct rte_cryptodev *dev,
1211 struct rte_cryptodev_asym_session *sess)
1213 uint8_t index = dev->driver_id;
1214 void *sess_priv = get_asym_session_private_data(sess, index);
1216 /* Zero out the whole structure */
1218 openssl_reset_asym_session(sess_priv);
1219 memset(sess_priv, 0, sizeof(struct openssl_asym_session));
1220 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
1221 set_asym_session_private_data(sess, index, NULL);
1222 rte_mempool_put(sess_mp, sess_priv);
1226 struct rte_cryptodev_ops openssl_pmd_ops = {
1227 .dev_configure = openssl_pmd_config,
1228 .dev_start = openssl_pmd_start,
1229 .dev_stop = openssl_pmd_stop,
1230 .dev_close = openssl_pmd_close,
1232 .stats_get = openssl_pmd_stats_get,
1233 .stats_reset = openssl_pmd_stats_reset,
1235 .dev_infos_get = openssl_pmd_info_get,
1237 .queue_pair_setup = openssl_pmd_qp_setup,
1238 .queue_pair_release = openssl_pmd_qp_release,
1239 .queue_pair_count = openssl_pmd_qp_count,
1241 .sym_session_get_size = openssl_pmd_sym_session_get_size,
1242 .asym_session_get_size = openssl_pmd_asym_session_get_size,
1243 .sym_session_configure = openssl_pmd_sym_session_configure,
1244 .asym_session_configure = openssl_pmd_asym_session_configure,
1245 .sym_session_clear = openssl_pmd_sym_session_clear,
1246 .asym_session_clear = openssl_pmd_asym_session_clear
1249 struct rte_cryptodev_ops *rte_openssl_pmd_ops = &openssl_pmd_ops;