#include <rte_common.h>
#include <rte_hexdump.h>
#include <rte_cryptodev.h>
-#include <rte_cryptodev_pmd.h>
+#include <cryptodev_pmd.h>
#include <rte_bus_vdev.h>
#include <rte_malloc.h>
#include <rte_cpuflags.h>
#include <openssl/hmac.h>
#include <openssl/evp.h>
-#include "rte_openssl_pmd_private.h"
+#include "openssl_pmd_private.h"
#include "compat.h"
#define DES_BLOCK_SIZE 8
return NULL;
/* provide internal session */
- void *_sess = NULL;
+ void *_sess = rte_cryptodev_sym_session_create(qp->sess_mp);
void *_sess_private_data = NULL;
- if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
+ if (_sess == NULL)
return NULL;
if (rte_mempool_get(qp->sess_mp_priv,
*/
static inline int
process_openssl_encryption_update(struct rte_mbuf *mbuf_src, int offset,
- uint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx)
+ uint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx, uint8_t inplace)
{
struct rte_mbuf *m;
int dstlen;
int l, n = srclen;
- uint8_t *src;
+ uint8_t *src, temp[EVP_CIPHER_CTX_block_size(ctx)];
for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
m = m->next)
return -1;
src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
+ if (inplace)
+ *dst = src;
l = rte_pktmbuf_data_len(m) - offset;
if (srclen <= l) {
n -= l;
for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
+ uint8_t diff = l - dstlen, rem;
+
src = rte_pktmbuf_mtod(m, uint8_t *);
- l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
+ l = RTE_MIN(rte_pktmbuf_data_len(m), n);
+ if (diff && inplace) {
+ rem = RTE_MIN(l,
+ (EVP_CIPHER_CTX_block_size(ctx) - diff));
+ if (EVP_EncryptUpdate(ctx, temp,
+ &dstlen, src, rem) <= 0)
+ return -1;
+ n -= rem;
+ rte_memcpy(*dst, temp, diff);
+ rte_memcpy(src, temp + diff, rem);
+ src += rem;
+ l -= rem;
+ }
+ if (inplace)
+ *dst = src;
if (EVP_EncryptUpdate(ctx, *dst, &dstlen, src, l) <= 0)
return -1;
*dst += dstlen;
static inline int
process_openssl_decryption_update(struct rte_mbuf *mbuf_src, int offset,
- uint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx)
+ uint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx, uint8_t inplace)
{
struct rte_mbuf *m;
int dstlen;
int l, n = srclen;
- uint8_t *src;
+ uint8_t *src, temp[EVP_CIPHER_CTX_block_size(ctx)];
for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
m = m->next)
return -1;
src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
+ if (inplace)
+ *dst = src;
l = rte_pktmbuf_data_len(m) - offset;
if (srclen <= l) {
n -= l;
for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
+ uint8_t diff = l - dstlen, rem;
+
src = rte_pktmbuf_mtod(m, uint8_t *);
- l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
+ l = RTE_MIN(rte_pktmbuf_data_len(m), n);
+ if (diff && inplace) {
+ rem = RTE_MIN(l,
+ (EVP_CIPHER_CTX_block_size(ctx) - diff));
+ if (EVP_DecryptUpdate(ctx, temp,
+ &dstlen, src, rem) <= 0)
+ return -1;
+ n -= rem;
+ rte_memcpy(*dst, temp, diff);
+ rte_memcpy(src, temp + diff, rem);
+ src += rem;
+ l -= rem;
+ }
+ if (inplace)
+ *dst = src;
if (EVP_DecryptUpdate(ctx, *dst, &dstlen, src, l) <= 0)
return -1;
*dst += dstlen;
/** Process standard openssl cipher encryption */
static int
process_openssl_cipher_encrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,
- int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx)
+ int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx,
+ uint8_t inplace)
{
int totlen;
EVP_CIPHER_CTX_set_padding(ctx, 0);
if (process_openssl_encryption_update(mbuf_src, offset, &dst,
- srclen, ctx))
+ srclen, ctx, inplace))
goto process_cipher_encrypt_err;
if (EVP_EncryptFinal_ex(ctx, dst, &totlen) <= 0)
/** Process standard openssl cipher decryption */
static int
process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,
- int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx)
+ int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx,
+ uint8_t inplace)
{
int totlen;
EVP_CIPHER_CTX_set_padding(ctx, 0);
if (process_openssl_decryption_update(mbuf_src, offset, &dst,
- srclen, ctx))
+ srclen, ctx, inplace))
goto process_cipher_decrypt_err;
if (EVP_DecryptFinal_ex(ctx, dst, &totlen) <= 0)
if (srclen > 0)
if (process_openssl_encryption_update(mbuf_src, offset, &dst,
- srclen, ctx))
+ srclen, ctx, 0))
goto process_auth_encryption_gcm_err;
/* Workaround open ssl bug in version less then 1.0.1f */
if (EVP_EncryptUpdate(ctx, NULL, &len, aad + 18, aadlen) <= 0)
goto process_auth_encryption_ccm_err;
- if (srclen > 0)
+ if (srclen >= 0)
if (process_openssl_encryption_update(mbuf_src, offset, &dst,
- srclen, ctx))
+ srclen, ctx, 0))
goto process_auth_encryption_ccm_err;
if (EVP_EncryptFinal_ex(ctx, dst, &len) <= 0)
if (srclen > 0)
if (process_openssl_decryption_update(mbuf_src, offset, &dst,
- srclen, ctx))
+ srclen, ctx, 0))
goto process_auth_decryption_gcm_err;
/* Workaround open ssl bug in version less then 1.0.1f */
if (EVP_DecryptUpdate(ctx, NULL, &len, aad + 18, aadlen) <= 0)
goto process_auth_decryption_ccm_err;
- if (srclen > 0)
+ if (srclen >= 0)
if (process_openssl_decryption_update(mbuf_src, offset, &dst,
- srclen, ctx))
+ srclen, ctx, 0))
return -EFAULT;
return 0;
int srclen, aadlen, status = -1;
uint32_t offset;
uint8_t taglen;
+ EVP_CIPHER_CTX *ctx_copy;
/*
* Segmented destination buffer is not supported for
}
taglen = sess->auth.digest_length;
+ ctx_copy = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx);
if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC ||
status = process_openssl_auth_encryption_gcm(
mbuf_src, offset, srclen,
aad, aadlen, iv,
- dst, tag, sess->cipher.ctx);
+ dst, tag, ctx_copy);
else
status = process_openssl_auth_encryption_ccm(
mbuf_src, offset, srclen,
aad, aadlen, iv,
- dst, tag, taglen, sess->cipher.ctx);
+ dst, tag, taglen, ctx_copy);
} else {
if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC ||
status = process_openssl_auth_decryption_gcm(
mbuf_src, offset, srclen,
aad, aadlen, iv,
- dst, tag, sess->cipher.ctx);
+ dst, tag, ctx_copy);
else
status = process_openssl_auth_decryption_ccm(
mbuf_src, offset, srclen,
aad, aadlen, iv,
- dst, tag, taglen, sess->cipher.ctx);
+ dst, tag, taglen, ctx_copy);
}
+ EVP_CIPHER_CTX_free(ctx_copy);
if (status != 0) {
if (status == (-EFAULT) &&
sess->auth.operation ==
{
uint8_t *dst, *iv;
int srclen, status;
+ uint8_t inplace = (mbuf_src == mbuf_dst) ? 1 : 0;
+ EVP_CIPHER_CTX *ctx_copy;
/*
- * Segmented destination buffer is not supported for
- * encryption/decryption
+ * Segmented OOP destination buffer is not supported for encryption/
+ * decryption. In case of des3ctr, even inplace segmented buffers are
+ * not supported.
*/
- if (!rte_pktmbuf_is_contiguous(mbuf_dst)) {
+ if (!rte_pktmbuf_is_contiguous(mbuf_dst) &&
+ (!inplace || sess->cipher.mode != OPENSSL_CIPHER_LIB)) {
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
return;
}
iv = rte_crypto_op_ctod_offset(op, uint8_t *,
sess->iv.offset);
+ ctx_copy = EVP_CIPHER_CTX_new();
+ EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx);
if (sess->cipher.mode == OPENSSL_CIPHER_LIB)
if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
status = process_openssl_cipher_encrypt(mbuf_src, dst,
op->sym->cipher.data.offset, iv,
- srclen, sess->cipher.ctx);
+ srclen, ctx_copy, inplace);
else
status = process_openssl_cipher_decrypt(mbuf_src, dst,
op->sym->cipher.data.offset, iv,
- srclen, sess->cipher.ctx);
+ srclen, ctx_copy, inplace);
else
status = process_openssl_cipher_des3ctr(mbuf_src, dst,
op->sym->cipher.data.offset, iv,
sess->cipher.key.data, srclen,
- sess->cipher.ctx);
+ ctx_copy);
+ EVP_CIPHER_CTX_free(ctx_copy);
if (status != 0)
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
}
/* Encrypt with the block aligned stream with CBC mode */
status = process_openssl_cipher_encrypt(mbuf_src, dst,
op->sym->cipher.data.offset, iv,
- srclen, sess->cipher.ctx);
+ srclen, sess->cipher.ctx, 0);
if (last_block_len) {
/* Point at last block */
dst += srclen;
/* Decrypt with CBC mode */
status |= process_openssl_cipher_decrypt(mbuf_src, dst,
op->sym->cipher.data.offset, iv,
- srclen, sess->cipher.ctx);
+ srclen, sess->cipher.ctx, 0);
}
}
{
uint8_t *dst;
int srclen, status;
+ EVP_MD_CTX *ctx_a;
+ HMAC_CTX *ctx_h;
srclen = op->sym->auth.data.length;
switch (sess->auth.mode) {
case OPENSSL_AUTH_AS_AUTH:
+ ctx_a = EVP_MD_CTX_create();
+ EVP_MD_CTX_copy_ex(ctx_a, sess->auth.auth.ctx);
status = process_openssl_auth(mbuf_src, dst,
op->sym->auth.data.offset, NULL, NULL, srclen,
- sess->auth.auth.ctx, sess->auth.auth.evp_algo);
+ ctx_a, sess->auth.auth.evp_algo);
+ EVP_MD_CTX_destroy(ctx_a);
break;
case OPENSSL_AUTH_AS_HMAC:
+ ctx_h = HMAC_CTX_new();
+ HMAC_CTX_copy(ctx_h, sess->auth.hmac.ctx);
status = process_openssl_auth_hmac(mbuf_src, dst,
op->sym->auth.data.offset, srclen,
- sess->auth.hmac.ctx);
+ ctx_h);
+ HMAC_CTX_free(ctx_h);
break;
default:
status = -1;
return retval;
}
+static void
+copy_plaintext(struct rte_mbuf *m_src, struct rte_mbuf *m_dst,
+ struct rte_crypto_op *op)
+{
+ uint8_t *p_src, *p_dst;
+
+ p_src = rte_pktmbuf_mtod(m_src, uint8_t *);
+ p_dst = rte_pktmbuf_mtod(m_dst, uint8_t *);
+
+ /**
+ * Copy the content between cipher offset and auth offset
+ * for generating correct digest.
+ */
+ if (op->sym->cipher.data.offset > op->sym->auth.data.offset)
+ memcpy(p_dst + op->sym->auth.data.offset,
+ p_src + op->sym->auth.data.offset,
+ op->sym->cipher.data.offset -
+ op->sym->auth.data.offset);
+}
+
/** Process crypto operation for mbuf */
static int
process_op(struct openssl_qp *qp, struct rte_crypto_op *op,
break;
case OPENSSL_CHAIN_CIPHER_AUTH:
process_openssl_cipher_op(op, sess, msrc, mdst);
+ /* OOP */
+ if (msrc != mdst)
+ copy_plaintext(msrc, mdst, op);
process_openssl_auth_op(qp, op, sess, mdst, mdst);
break;
case OPENSSL_CHAIN_AUTH_CIPHER:
dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
RTE_CRYPTODEV_FF_CPU_AESNI |
+ RTE_CRYPTODEV_FF_IN_PLACE_SGL |
RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP |
- RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT;
+ RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT |
+ RTE_CRYPTODEV_FF_SYM_SESSIONLESS;
internals = dev->data->dev_private;
internals->max_nb_qpairs = init_params->max_nb_queue_pairs;
+ rte_cryptodev_pmd_probing_finish(dev);
+
return 0;
init_error:
"socket_id=<int>");
RTE_PMD_REGISTER_CRYPTO_DRIVER(openssl_crypto_drv,
cryptodev_openssl_pmd_drv.driver, cryptodev_driver_id);
-
-RTE_INIT(openssl_init_log)
-{
- openssl_logtype_driver = rte_log_register("pmd.crypto.openssl");
-}
+RTE_LOG_REGISTER_DEFAULT(openssl_logtype_driver, INFO);