X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=drivers%2Fcrypto%2Fopenssl%2Frte_openssl_pmd.c;h=bb9fb877a6b7a06dc9974d6517c22e0c882339d4;hb=fbe6be6ea04cad614a4d2914be2f6da788bcf706;hp=6a75223fff58ad3c01c19748dd503021a094926b;hpb=b28f28ae80e5c9aac28fbc3bf0842f22dc020f31;p=dpdk.git diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 6a75223fff..bb9fb877a6 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -18,6 +18,7 @@ #define DES_BLOCK_SIZE 8 +int openssl_logtype_driver; static uint8_t cryptodev_driver_id; #if (OPENSSL_VERSION_NUMBER < 0x10100000L) @@ -762,10 +763,10 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op) return NULL; /* provide internal session */ - void *_sess = NULL; + void *_sess = rte_cryptodev_sym_session_create(qp->sess_mp); void *_sess_private_data = NULL; - if (rte_mempool_get(qp->sess_mp, (void **)&_sess)) + if (_sess == NULL) return NULL; if (rte_mempool_get(qp->sess_mp_priv, @@ -798,12 +799,12 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op) */ static inline int process_openssl_encryption_update(struct rte_mbuf *mbuf_src, int offset, - uint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx) + uint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx, uint8_t inplace) { struct rte_mbuf *m; int dstlen; int l, n = srclen; - uint8_t *src; + uint8_t *src, temp[EVP_CIPHER_CTX_block_size(ctx)]; for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m); m = m->next) @@ -813,6 +814,8 @@ process_openssl_encryption_update(struct rte_mbuf *mbuf_src, int offset, return -1; src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset); + if (inplace) + *dst = src; l = rte_pktmbuf_data_len(m) - offset; if (srclen <= l) { @@ -829,8 +832,24 @@ process_openssl_encryption_update(struct rte_mbuf *mbuf_src, int offset, n -= l; for (m = m->next; (m != NULL) && (n > 0); m = m->next) { + uint8_t diff = l - dstlen, rem; + src = rte_pktmbuf_mtod(m, uint8_t *); - l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n; + l = RTE_MIN(rte_pktmbuf_data_len(m), n); + if (diff && inplace) { + rem = RTE_MIN(l, + (EVP_CIPHER_CTX_block_size(ctx) - diff)); + if (EVP_EncryptUpdate(ctx, temp, + &dstlen, src, rem) <= 0) + return -1; + n -= rem; + rte_memcpy(*dst, temp, diff); + rte_memcpy(src, temp + diff, rem); + src += rem; + l -= rem; + } + if (inplace) + *dst = src; if (EVP_EncryptUpdate(ctx, *dst, &dstlen, src, l) <= 0) return -1; *dst += dstlen; @@ -842,12 +861,12 @@ process_openssl_encryption_update(struct rte_mbuf *mbuf_src, int offset, static inline int process_openssl_decryption_update(struct rte_mbuf *mbuf_src, int offset, - uint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx) + uint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx, uint8_t inplace) { struct rte_mbuf *m; int dstlen; int l, n = srclen; - uint8_t *src; + uint8_t *src, temp[EVP_CIPHER_CTX_block_size(ctx)]; for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m); m = m->next) @@ -857,6 +876,8 @@ process_openssl_decryption_update(struct rte_mbuf *mbuf_src, int offset, return -1; src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset); + if (inplace) + *dst = src; l = rte_pktmbuf_data_len(m) - offset; if (srclen <= l) { @@ -873,8 +894,24 @@ process_openssl_decryption_update(struct rte_mbuf *mbuf_src, int offset, n -= l; for (m = m->next; (m != NULL) && (n > 0); m = m->next) { + uint8_t diff = l - dstlen, rem; + src = rte_pktmbuf_mtod(m, uint8_t *); - l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n; + l = RTE_MIN(rte_pktmbuf_data_len(m), n); + if (diff && inplace) { + rem = RTE_MIN(l, + (EVP_CIPHER_CTX_block_size(ctx) - diff)); + if (EVP_DecryptUpdate(ctx, temp, + &dstlen, src, rem) <= 0) + return -1; + n -= rem; + rte_memcpy(*dst, temp, diff); + rte_memcpy(src, temp + diff, rem); + src += rem; + l -= rem; + } + if (inplace) + *dst = src; if (EVP_DecryptUpdate(ctx, *dst, &dstlen, src, l) <= 0) return -1; *dst += dstlen; @@ -887,7 +924,8 @@ process_openssl_decryption_update(struct rte_mbuf *mbuf_src, int offset, /** Process standard openssl cipher encryption */ static int process_openssl_cipher_encrypt(struct rte_mbuf *mbuf_src, uint8_t *dst, - int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx) + int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx, + uint8_t inplace) { int totlen; @@ -897,7 +935,7 @@ process_openssl_cipher_encrypt(struct rte_mbuf *mbuf_src, uint8_t *dst, EVP_CIPHER_CTX_set_padding(ctx, 0); if (process_openssl_encryption_update(mbuf_src, offset, &dst, - srclen, ctx)) + srclen, ctx, inplace)) goto process_cipher_encrypt_err; if (EVP_EncryptFinal_ex(ctx, dst, &totlen) <= 0) @@ -936,7 +974,8 @@ process_cipher_encrypt_err: /** Process standard openssl cipher decryption */ static int process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst, - int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx) + int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx, + uint8_t inplace) { int totlen; @@ -946,7 +985,7 @@ process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst, EVP_CIPHER_CTX_set_padding(ctx, 0); if (process_openssl_decryption_update(mbuf_src, offset, &dst, - srclen, ctx)) + srclen, ctx, inplace)) goto process_cipher_decrypt_err; if (EVP_DecryptFinal_ex(ctx, dst, &totlen) <= 0) @@ -1033,7 +1072,7 @@ process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset, if (srclen > 0) if (process_openssl_encryption_update(mbuf_src, offset, &dst, - srclen, ctx)) + srclen, ctx, 0)) goto process_auth_encryption_gcm_err; /* Workaround open ssl bug in version less then 1.0.1f */ @@ -1078,7 +1117,7 @@ process_openssl_auth_encryption_ccm(struct rte_mbuf *mbuf_src, int offset, if (srclen > 0) if (process_openssl_encryption_update(mbuf_src, offset, &dst, - srclen, ctx)) + srclen, ctx, 0)) goto process_auth_encryption_ccm_err; if (EVP_EncryptFinal_ex(ctx, dst, &len) <= 0) @@ -1115,7 +1154,7 @@ process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset, if (srclen > 0) if (process_openssl_decryption_update(mbuf_src, offset, &dst, - srclen, ctx)) + srclen, ctx, 0)) goto process_auth_decryption_gcm_err; /* Workaround open ssl bug in version less then 1.0.1f */ @@ -1161,7 +1200,7 @@ process_openssl_auth_decryption_ccm(struct rte_mbuf *mbuf_src, int offset, if (srclen > 0) if (process_openssl_decryption_update(mbuf_src, offset, &dst, - srclen, ctx)) + srclen, ctx, 0)) return -EFAULT; return 0; @@ -1290,6 +1329,7 @@ process_openssl_combined_op int srclen, aadlen, status = -1; uint32_t offset; uint8_t taglen; + EVP_CIPHER_CTX *ctx_copy; /* * Segmented destination buffer is not supported for @@ -1326,6 +1366,8 @@ process_openssl_combined_op } taglen = sess->auth.digest_length; + ctx_copy = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx); if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) { if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC || @@ -1333,12 +1375,12 @@ process_openssl_combined_op status = process_openssl_auth_encryption_gcm( mbuf_src, offset, srclen, aad, aadlen, iv, - dst, tag, sess->cipher.ctx); + dst, tag, ctx_copy); else status = process_openssl_auth_encryption_ccm( mbuf_src, offset, srclen, aad, aadlen, iv, - dst, tag, taglen, sess->cipher.ctx); + dst, tag, taglen, ctx_copy); } else { if (sess->auth.algo == RTE_CRYPTO_AUTH_AES_GMAC || @@ -1346,14 +1388,15 @@ process_openssl_combined_op status = process_openssl_auth_decryption_gcm( mbuf_src, offset, srclen, aad, aadlen, iv, - dst, tag, sess->cipher.ctx); + dst, tag, ctx_copy); else status = process_openssl_auth_decryption_ccm( mbuf_src, offset, srclen, aad, aadlen, iv, - dst, tag, taglen, sess->cipher.ctx); + dst, tag, taglen, ctx_copy); } + EVP_CIPHER_CTX_free(ctx_copy); if (status != 0) { if (status == (-EFAULT) && sess->auth.operation == @@ -1372,12 +1415,16 @@ process_openssl_cipher_op { uint8_t *dst, *iv; int srclen, status; + uint8_t inplace = (mbuf_src == mbuf_dst) ? 1 : 0; + EVP_CIPHER_CTX *ctx_copy; /* - * Segmented destination buffer is not supported for - * encryption/decryption + * Segmented OOP destination buffer is not supported for encryption/ + * decryption. In case of des3ctr, even inplace segmented buffers are + * not supported. */ - if (!rte_pktmbuf_is_contiguous(mbuf_dst)) { + if (!rte_pktmbuf_is_contiguous(mbuf_dst) && + (!inplace || sess->cipher.mode != OPENSSL_CIPHER_LIB)) { op->status = RTE_CRYPTO_OP_STATUS_ERROR; return; } @@ -1388,22 +1435,25 @@ process_openssl_cipher_op iv = rte_crypto_op_ctod_offset(op, uint8_t *, sess->iv.offset); + ctx_copy = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_copy(ctx_copy, sess->cipher.ctx); if (sess->cipher.mode == OPENSSL_CIPHER_LIB) if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) status = process_openssl_cipher_encrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - srclen, sess->cipher.ctx); + srclen, ctx_copy, inplace); else status = process_openssl_cipher_decrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - srclen, sess->cipher.ctx); + srclen, ctx_copy, inplace); else status = process_openssl_cipher_des3ctr(mbuf_src, dst, op->sym->cipher.data.offset, iv, sess->cipher.key.data, srclen, - sess->cipher.ctx); + ctx_copy); + EVP_CIPHER_CTX_free(ctx_copy); if (status != 0) op->status = RTE_CRYPTO_OP_STATUS_ERROR; } @@ -1441,7 +1491,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op, /* Encrypt with the block aligned stream with CBC mode */ status = process_openssl_cipher_encrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - srclen, sess->cipher.ctx); + srclen, sess->cipher.ctx, 0); if (last_block_len) { /* Point at last block */ dst += srclen; @@ -1491,7 +1541,7 @@ process_openssl_docsis_bpi_op(struct rte_crypto_op *op, /* Decrypt with CBC mode */ status |= process_openssl_cipher_decrypt(mbuf_src, dst, op->sym->cipher.data.offset, iv, - srclen, sess->cipher.ctx); + srclen, sess->cipher.ctx, 0); } } @@ -1507,6 +1557,8 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, { uint8_t *dst; int srclen, status; + EVP_MD_CTX *ctx_a; + HMAC_CTX *ctx_h; srclen = op->sym->auth.data.length; @@ -1514,14 +1566,20 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, switch (sess->auth.mode) { case OPENSSL_AUTH_AS_AUTH: + ctx_a = EVP_MD_CTX_create(); + EVP_MD_CTX_copy_ex(ctx_a, sess->auth.auth.ctx); status = process_openssl_auth(mbuf_src, dst, op->sym->auth.data.offset, NULL, NULL, srclen, - sess->auth.auth.ctx, sess->auth.auth.evp_algo); + ctx_a, sess->auth.auth.evp_algo); + EVP_MD_CTX_destroy(ctx_a); break; case OPENSSL_AUTH_AS_HMAC: + ctx_h = HMAC_CTX_new(); + HMAC_CTX_copy(ctx_h, sess->auth.hmac.ctx); status = process_openssl_auth_hmac(mbuf_src, dst, op->sym->auth.data.offset, srclen, - sess->auth.hmac.ctx); + ctx_h); + HMAC_CTX_free(ctx_h); break; default: status = -1; @@ -1980,6 +2038,26 @@ process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op, return retval; } +static void +copy_plaintext(struct rte_mbuf *m_src, struct rte_mbuf *m_dst, + struct rte_crypto_op *op) +{ + uint8_t *p_src, *p_dst; + + p_src = rte_pktmbuf_mtod(m_src, uint8_t *); + p_dst = rte_pktmbuf_mtod(m_dst, uint8_t *); + + /** + * Copy the content between cipher offset and auth offset + * for generating correct digest. + */ + if (op->sym->cipher.data.offset > op->sym->auth.data.offset) + memcpy(p_dst + op->sym->auth.data.offset, + p_src + op->sym->auth.data.offset, + op->sym->cipher.data.offset - + op->sym->auth.data.offset); +} + /** Process crypto operation for mbuf */ static int process_op(struct openssl_qp *qp, struct rte_crypto_op *op, @@ -2002,6 +2080,9 @@ process_op(struct openssl_qp *qp, struct rte_crypto_op *op, break; case OPENSSL_CHAIN_CIPHER_AUTH: process_openssl_cipher_op(op, sess, msrc, mdst); + /* OOP */ + if (msrc != mdst) + copy_plaintext(msrc, mdst, op); process_openssl_auth_op(qp, op, sess, mdst, mdst); break; case OPENSSL_CHAIN_AUTH_CIPHER: @@ -2121,11 +2202,13 @@ cryptodev_openssl_create(const char *name, dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | RTE_CRYPTODEV_FF_CPU_AESNI | + RTE_CRYPTODEV_FF_IN_PLACE_SGL | RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP | - RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT; + RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT | + RTE_CRYPTODEV_FF_SYM_SESSIONLESS; internals = dev->data->dev_private;