]> git.proxmox.com Git - ceph.git/blame - ceph/src/spdk/dpdk/drivers/crypto/openssl/rte_openssl_pmd_ops.c
projects / ceph.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
update source to Ceph Pacific 16.2.2
[ceph.git] / ceph / src / spdk / dpdk / drivers / crypto / openssl / rte_openssl_pmd_ops.c
CommitLineData
11fdf7f2
TL		 1/* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2016-2017 Intel Corporation
3 */
4
5#include <string.h>
6
7#include <rte_common.h>
8#include <rte_malloc.h>
9#include <rte_cryptodev_pmd.h>
10
f67539c2 11#include "openssl_pmd_private.h"
11fdf7f2
TL		 12#include "compat.h"
13
14
15static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
16 { /* MD5 HMAC */
17 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
18 {.sym = {
19 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
20 {.auth = {
21 .algo = RTE_CRYPTO_AUTH_MD5_HMAC,
22 .block_size = 64,
23 .key_size = {
24 .min = 1,
25 .max = 64,
26 .increment = 1
27 },
28 .digest_size = {
9f95a23c 29 .min = 1,
11fdf7f2 30 .max = 16,
9f95a23c 31 .increment = 1
11fdf7f2
TL		 32 },
33 .iv_size = { 0 }
34 }, }
35 }, }
36 },
37 { /* MD5 */
38 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
39 {.sym = {
40 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
41 {.auth = {
42 .algo = RTE_CRYPTO_AUTH_MD5,
43 .block_size = 64,
44 .key_size = {
45 .min = 0,
46 .max = 0,
47 .increment = 0
48 },
49 .digest_size = {
50 .min = 16,
51 .max = 16,
52 .increment = 0
53 },
54 .iv_size = { 0 }
55 }, }
56 }, }
57 },
58 { /* SHA1 HMAC */
59 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
60 {.sym = {
61 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
62 {.auth = {
63 .algo = RTE_CRYPTO_AUTH_SHA1_HMAC,
64 .block_size = 64,
65 .key_size = {
66 .min = 1,
67 .max = 64,
68 .increment = 1
69 },
70 .digest_size = {
9f95a23c 71 .min = 1,
11fdf7f2 72 .max = 20,
9f95a23c 73 .increment = 1
11fdf7f2
TL		 74 },
75 .iv_size = { 0 }
76 }, }
77 }, }
78 },
79 { /* SHA1 */
80 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
81 {.sym = {
82 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
83 {.auth = {
84 .algo = RTE_CRYPTO_AUTH_SHA1,
85 .block_size = 64,
86 .key_size = {
87 .min = 0,
88 .max = 0,
89 .increment = 0
90 },
91 .digest_size = {
92 .min = 20,
93 .max = 20,
94 .increment = 0
95 },
96 .iv_size = { 0 }
97 }, }
98 }, }
99 },
100 { /* SHA224 HMAC */
101 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
102 {.sym = {
103 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
104 {.auth = {
105 .algo = RTE_CRYPTO_AUTH_SHA224_HMAC,
106 .block_size = 64,
107 .key_size = {
108 .min = 1,
109 .max = 64,
110 .increment = 1
111 },
112 .digest_size = {
9f95a23c 113 .min = 1,
11fdf7f2 114 .max = 28,
9f95a23c 115 .increment = 1
11fdf7f2
TL		 116 },
117 .iv_size = { 0 }
118 }, }
119 }, }
120 },
121 { /* SHA224 */
122 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
123 {.sym = {
124 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
125 {.auth = {
126 .algo = RTE_CRYPTO_AUTH_SHA224,
127 .block_size = 64,
128 .key_size = {
129 .min = 0,
130 .max = 0,
131 .increment = 0
132 },
133 .digest_size = {
9f95a23c 134 .min = 1,
11fdf7f2 135 .max = 28,
9f95a23c 136 .increment = 1
11fdf7f2
TL		 137 },
138 .iv_size = { 0 }
139 }, }
140 }, }
141 },
142 { /* SHA256 HMAC */
143 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
144 {.sym = {
145 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
146 {.auth = {
147 .algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
148 .block_size = 64,
149 .key_size = {
150 .min = 1,
151 .max = 64,
152 .increment = 1
153 },
154 .digest_size = {
9f95a23c 155 .min = 1,
11fdf7f2 156 .max = 32,
9f95a23c 157 .increment = 1
11fdf7f2
TL		 158 },
159 .iv_size = { 0 }
160 }, }
161 }, }
162 },
163 { /* SHA256 */
164 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
165 {.sym = {
166 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
167 {.auth = {
168 .algo = RTE_CRYPTO_AUTH_SHA256,
169 .block_size = 64,
170 .key_size = {
171 .min = 0,
172 .max = 0,
173 .increment = 0
174 },
175 .digest_size = {
176 .min = 32,
177 .max = 32,
178 .increment = 0
179 },
180 .iv_size = { 0 }
181 }, }
182 }, }
183 },
184 { /* SHA384 HMAC */
185 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
186 {.sym = {
187 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
188 {.auth = {
189 .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
190 .block_size = 128,
191 .key_size = {
192 .min = 1,
193 .max = 128,
194 .increment = 1
195 },
196 .digest_size = {
9f95a23c 197 .min = 1,
11fdf7f2 198 .max = 48,
9f95a23c 199 .increment = 1
11fdf7f2
TL		 200 },
201 .iv_size = { 0 }
202 }, }
203 }, }
204 },
205 { /* SHA384 */
206 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
207 {.sym = {
208 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
209 {.auth = {
210 .algo = RTE_CRYPTO_AUTH_SHA384,
211 .block_size = 128,
212 .key_size = {
213 .min = 0,
214 .max = 0,
215 .increment = 0
216 },
217 .digest_size = {
218 .min = 48,
219 .max = 48,
220 .increment = 0
221 },
222 .iv_size = { 0 }
223 }, }
224 }, }
225 },
226 { /* SHA512 HMAC */
227 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
228 {.sym = {
229 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
230 {.auth = {
231 .algo = RTE_CRYPTO_AUTH_SHA512_HMAC,
232 .block_size = 128,
233 .key_size = {
234 .min = 1,
235 .max = 128,
236 .increment = 1
237 },
238 .digest_size = {
9f95a23c 239 .min = 1,
11fdf7f2 240 .max = 64,
9f95a23c 241 .increment = 1
11fdf7f2
TL		 242 },
243 .iv_size = { 0 }
244 }, }
245 }, }
246 },
247 { /* SHA512 */
248 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
249 {.sym = {
250 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
251 {.auth = {
252 .algo = RTE_CRYPTO_AUTH_SHA512,
253 .block_size = 128,
254 .key_size = {
255 .min = 0,
256 .max = 0,
257 .increment = 0
258 },
259 .digest_size = {
260 .min = 64,
261 .max = 64,
262 .increment = 0
263 },
264 .iv_size = { 0 }
265 }, }
266 }, }
267 },
268 { /* AES CBC */
269 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
270 {.sym = {
271 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
272 {.cipher = {
273 .algo = RTE_CRYPTO_CIPHER_AES_CBC,
274 .block_size = 16,
275 .key_size = {
276 .min = 16,
277 .max = 32,
278 .increment = 8
279 },
280 .iv_size = {
281 .min = 16,
282 .max = 16,
283 .increment = 0
284 }
285 }, }
286 }, }
287 },
288 { /* AES CTR */
289 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
290 {.sym = {
291 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
292 {.cipher = {
293 .algo = RTE_CRYPTO_CIPHER_AES_CTR,
294 .block_size = 16,
295 .key_size = {
296 .min = 16,
297 .max = 32,
298 .increment = 8
299 },
300 .iv_size = {
301 .min = 16,
302 .max = 16,
303 .increment = 0
304 }
305 }, }
306 }, }
307 },
308 { /* AES GCM */
309 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
310 {.sym = {
311 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
312 {.aead = {
313 .algo = RTE_CRYPTO_AEAD_AES_GCM,
314 .block_size = 16,
315 .key_size = {
316 .min = 16,
317 .max = 32,
318 .increment = 8
319 },
320 .digest_size = {
321 .min = 16,
322 .max = 16,
323 .increment = 0
324 },
325 .aad_size = {
326 .min = 0,
327 .max = 65535,
328 .increment = 1
329 },
330 .iv_size = {
331 .min = 12,
332 .max = 16,
333 .increment = 4
334 },
335 }, }
336 }, }
337 },
338 { /* AES CCM */
339 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
340 {.sym = {
341 .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
342 {.aead = {
343 .algo = RTE_CRYPTO_AEAD_AES_CCM,
344 .block_size = 16,
345 .key_size = {
346 .min = 16,
347 .max = 32,
348 .increment = 8
349 },
350 .digest_size = {
351 .min = 4,
352 .max = 16,
353 .increment = 2
354 },
355 .aad_size = {
356 .min = 0,
357 .max = 65535,
358 .increment = 1
359 },
360 .iv_size = {
361 .min = 7,
362 .max = 13,
363 .increment = 1
364 },
365 }, }
366 }, }
367 },
368 { /* AES GMAC (AUTH) */
369 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
370 {.sym = {
371 .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
372 {.auth = {
373 .algo = RTE_CRYPTO_AUTH_AES_GMAC,
374 .block_size = 16,
375 .key_size = {
376 .min = 16,
377 .max = 32,
378 .increment = 8
379 },
380 .digest_size = {
381 .min = 16,
382 .max = 16,
383 .increment = 0
384 },
385 .iv_size = {
386 .min = 12,
387 .max = 16,
388 .increment = 4
389 }
390 }, }
391 }, }
392 },
393 { /* 3DES CBC */
394 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
395 {.sym = {
396 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
397 {.cipher = {
398 .algo = RTE_CRYPTO_CIPHER_3DES_CBC,
399 .block_size = 8,
400 .key_size = {
401 .min = 8,
402 .max = 24,
403 .increment = 8
404 },
405 .iv_size = {
406 .min = 8,
407 .max = 8,
408 .increment = 0
409 }
410 }, }
411 }, }
412 },
413 { /* 3DES CTR */
414 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
415 {.sym = {
416 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
417 {.cipher = {
418 .algo = RTE_CRYPTO_CIPHER_3DES_CTR,
419 .block_size = 8,
420 .key_size = {
421 .min = 16,
422 .max = 24,
423 .increment = 8
424 },
425 .iv_size = {
426 .min = 8,
427 .max = 8,
428 .increment = 0
429 }
430 }, }
431 }, }
432 },
433 { /* DES CBC */
434 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
435 {.sym = {
436 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
437 {.cipher = {
438 .algo = RTE_CRYPTO_CIPHER_DES_CBC,
439 .block_size = 8,
440 .key_size = {
441 .min = 8,
442 .max = 8,
443 .increment = 0
444 },
445 .iv_size = {
446 .min = 8,
447 .max = 8,
448 .increment = 0
449 }
450 }, }
451 }, }
452 },
453 { /* DES DOCSIS BPI */
454 .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
455 {.sym = {
456 .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
457 {.cipher = {
458 .algo = RTE_CRYPTO_CIPHER_DES_DOCSISBPI,
459 .block_size = 8,
460 .key_size = {
461 .min = 8,
462 .max = 8,
463 .increment = 0
464 },
465 .iv_size = {
466 .min = 8,
467 .max = 8,
468 .increment = 0
469 }
470 }, }
471 }, }
472 },
473 { /* RSA */
474 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
475 {.asym = {
476 .xform_capa = {
477 .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
478 .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
479 (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
480 (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
481 (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
482 {
483 .modlen = {
484 /* min length is based on openssl rsa keygen */
485 .min = 30,
486 /* value 0 symbolizes no limit on max length */
487 .max = 0,
488 .increment = 1
489 }, }
490 }
491 },
492 }
493 },
494 { /* modexp */
495 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
496 {.asym = {
497 .xform_capa = {
498 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
499 .op_types = 0,
500 {
501 .modlen = {
502 /* value 0 symbolizes no limit on min length */
503 .min = 0,
504 /* value 0 symbolizes no limit on max length */
505 .max = 0,
506 .increment = 1
507 }, }
508 }
509 },
510 }
511 },
512 { /* modinv */
513 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
514 {.asym = {
515 .xform_capa = {
516 .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
517 .op_types = 0,
518 {
519 .modlen = {
520 /* value 0 symbolizes no limit on min length */
521 .min = 0,
522 /* value 0 symbolizes no limit on max length */
523 .max = 0,
524 .increment = 1
525 }, }
526 }
527 },
528 }
529 },
530 { /* dh */
531 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
532 {.asym = {
533 .xform_capa = {
534 .xform_type = RTE_CRYPTO_ASYM_XFORM_DH,
535 .op_types =
536 ((1<<RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) |
537 (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE |
538 (1 <<
539 RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE))),
540 {
541 .modlen = {
542 /* value 0 symbolizes no limit on min length */
543 .min = 0,
544 /* value 0 symbolizes no limit on max length */
545 .max = 0,
546 .increment = 1
547 }, }
548 }
549 },
550 }
551 },
552 { /* dsa */
553 .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
554 {.asym = {
555 .xform_capa = {
556 .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA,
557 .op_types =
558 ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
559 (1 << RTE_CRYPTO_ASYM_OP_VERIFY)),
560 {
561 .modlen = {
562 /* value 0 symbolizes no limit on min length */
563 .min = 0,
564 /* value 0 symbolizes no limit on max length */
565 .max = 0,
566 .increment = 1
567 }, }
568 }
569 },
570 }
571 },
572
573 RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
574};
575
576
577/** Configure device */
578static int
579openssl_pmd_config(__rte_unused struct rte_cryptodev *dev,
580 __rte_unused struct rte_cryptodev_config *config)
581{
582 return 0;
583}
584
585/** Start device */
586static int
587openssl_pmd_start(__rte_unused struct rte_cryptodev *dev)
588{
589 return 0;
590}
591
592/** Stop device */
593static void
594openssl_pmd_stop(__rte_unused struct rte_cryptodev *dev)
595{
596}
597
598/** Close device */
599static int
600openssl_pmd_close(__rte_unused struct rte_cryptodev *dev)
601{
602 return 0;
603}
604
605
606/** Get device statistics */
607static void
608openssl_pmd_stats_get(struct rte_cryptodev *dev,
609 struct rte_cryptodev_stats *stats)
610{
611 int qp_id;
612
613 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) {
614 struct openssl_qp *qp = dev->data->queue_pairs[qp_id];
615
616 stats->enqueued_count += qp->stats.enqueued_count;
617 stats->dequeued_count += qp->stats.dequeued_count;
618
619 stats->enqueue_err_count += qp->stats.enqueue_err_count;
620 stats->dequeue_err_count += qp->stats.dequeue_err_count;
621 }
622}
623
624/** Reset device statistics */
625static void
626openssl_pmd_stats_reset(struct rte_cryptodev *dev)
627{
628 int qp_id;
629
630 for (qp_id = 0; qp_id < dev->data->nb_queue_pairs; qp_id++) {
631 struct openssl_qp *qp = dev->data->queue_pairs[qp_id];
632
633 memset(&qp->stats, 0, sizeof(qp->stats));
634 }
635}
636
637
638/** Get device info */
639static void
640openssl_pmd_info_get(struct rte_cryptodev *dev,
641 struct rte_cryptodev_info *dev_info)
642{
643 struct openssl_private *internals = dev->data->dev_private;
644
645 if (dev_info != NULL) {
646 dev_info->driver_id = dev->driver_id;
647 dev_info->feature_flags = dev->feature_flags;
648 dev_info->capabilities = openssl_pmd_capabilities;
649 dev_info->max_nb_queue_pairs = internals->max_nb_qpairs;
650 /* No limit of number of sessions */
651 dev_info->sym.max_nb_sessions = 0;
652 }
653}
654
655/** Release queue pair */
656static int
657openssl_pmd_qp_release(struct rte_cryptodev *dev, uint16_t qp_id)
658{
659 if (dev->data->queue_pairs[qp_id] != NULL) {
9f95a23c
TL		 660 struct openssl_qp *qp = dev->data->queue_pairs[qp_id];
661
662 if (qp->processed_ops)
663 rte_ring_free(qp->processed_ops);
664
11fdf7f2
TL		 665 rte_free(dev->data->queue_pairs[qp_id]);
666 dev->data->queue_pairs[qp_id] = NULL;
667 }
668 return 0;
669}
670
671/** set a unique name for the queue pair based on it's name, dev_id and qp_id */
672static int
673openssl_pmd_qp_set_unique_name(struct rte_cryptodev *dev,
674 struct openssl_qp *qp)
675{
676 unsigned int n = snprintf(qp->name, sizeof(qp->name),
677 "openssl_pmd_%u_qp_%u",
678 dev->data->dev_id, qp->id);
679
680 if (n >= sizeof(qp->name))
681 return -1;
682
683 return 0;
684}
685
686
687/** Create a ring to place processed operations on */
688static struct rte_ring *
689openssl_pmd_qp_create_processed_ops_ring(struct openssl_qp *qp,
690 unsigned int ring_size, int socket_id)
691{
692 struct rte_ring *r;
693
694 r = rte_ring_lookup(qp->name);
695 if (r) {
696 if (rte_ring_get_size(r) >= ring_size) {
697 OPENSSL_LOG(INFO,
698 "Reusing existing ring %s for processed ops",
699 qp->name);
700 return r;
701 }
702
703 OPENSSL_LOG(ERR,
704 "Unable to reuse existing ring %s for processed ops",
705 qp->name);
706 return NULL;
707 }
708
709 return rte_ring_create(qp->name, ring_size, socket_id,
710 RING_F_SP_ENQ | RING_F_SC_DEQ);
711}
712
713
714/** Setup a queue pair */
715static int
716openssl_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
717 const struct rte_cryptodev_qp_conf *qp_conf,
9f95a23c 718 int socket_id)
11fdf7f2
TL		 719{
720 struct openssl_qp *qp = NULL;
721
722 /* Free memory prior to re-allocation if needed. */
723 if (dev->data->queue_pairs[qp_id] != NULL)
724 openssl_pmd_qp_release(dev, qp_id);
725
726 /* Allocate the queue pair data structure. */
727 qp = rte_zmalloc_socket("OPENSSL PMD Queue Pair", sizeof(*qp),
728 RTE_CACHE_LINE_SIZE, socket_id);
729 if (qp == NULL)
730 return -ENOMEM;
731
732 qp->id = qp_id;
733 dev->data->queue_pairs[qp_id] = qp;
734
735 if (openssl_pmd_qp_set_unique_name(dev, qp))
736 goto qp_setup_cleanup;
737
738 qp->processed_ops = openssl_pmd_qp_create_processed_ops_ring(qp,
739 qp_conf->nb_descriptors, socket_id);
740 if (qp->processed_ops == NULL)
741 goto qp_setup_cleanup;
742
9f95a23c
TL		 743 qp->sess_mp = qp_conf->mp_session;
744 qp->sess_mp_priv = qp_conf->mp_session_private;
11fdf7f2
TL		 745
746 memset(&qp->stats, 0, sizeof(qp->stats));
747
748 return 0;
749
750qp_setup_cleanup:
751 if (qp)
752 rte_free(qp);
753
754 return -1;
755}
756
11fdf7f2
TL		 757/** Returns the size of the symmetric session structure */
758static unsigned
759openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
760{
761 return sizeof(struct openssl_session);
762}
763
764/** Returns the size of the asymmetric session structure */
765static unsigned
766openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused)
767{
768 return sizeof(struct openssl_asym_session);
769}
770
771/** Configure the session from a crypto xform chain */
772static int
773openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
774 struct rte_crypto_sym_xform *xform,
775 struct rte_cryptodev_sym_session *sess,
776 struct rte_mempool *mempool)
777{
778 void *sess_private_data;
779 int ret;
780
781 if (unlikely(sess == NULL)) {
782 OPENSSL_LOG(ERR, "invalid session struct");
783 return -EINVAL;
784 }
785
786 if (rte_mempool_get(mempool, &sess_private_data)) {
787 OPENSSL_LOG(ERR,
788 "Couldn't get object from session mempool");
789 return -ENOMEM;
790 }
791
792 ret = openssl_set_session_parameters(sess_private_data, xform);
793 if (ret != 0) {
794 OPENSSL_LOG(ERR, "failed configure session parameters");
795
796 /* Return session to mempool */
797 rte_mempool_put(mempool, sess_private_data);
798 return ret;
799 }
800
801 set_sym_session_private_data(sess, dev->driver_id,
802 sess_private_data);
803
804 return 0;
805}
806
807static int openssl_set_asym_session_parameters(
808 struct openssl_asym_session *asym_session,
809 struct rte_crypto_asym_xform *xform)
810{
811 int ret = 0;
812
813 if ((xform->xform_type != RTE_CRYPTO_ASYM_XFORM_DH) &&
814 (xform->next != NULL)) {
815 OPENSSL_LOG(ERR, "chained xfrms are not supported on %s",
816 rte_crypto_asym_xform_strings[xform->xform_type]);
817 return -1;
818 }
819
820 switch (xform->xform_type) {
821 case RTE_CRYPTO_ASYM_XFORM_RSA:
822 {
823 BIGNUM *n = NULL;
824 BIGNUM *e = NULL;
825 BIGNUM *d = NULL;
826 BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL;
827 BIGNUM *iqmp = NULL, *dmq1 = NULL;
828
829 /* copy xfrm data into rsa struct */
830 n = BN_bin2bn((const unsigned char *)xform->rsa.n.data,
831 xform->rsa.n.length, n);
832 e = BN_bin2bn((const unsigned char *)xform->rsa.e.data,
833 xform->rsa.e.length, e);
834
835 if (!n || !e)
836 goto err_rsa;
837
838 RSA *rsa = RSA_new();
839 if (rsa == NULL)
840 goto err_rsa;
841
842 if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) {
843 d = BN_bin2bn(
844 (const unsigned char *)xform->rsa.d.data,
845 xform->rsa.d.length,
846 d);
847 if (!d) {
848 RSA_free(rsa);
849 goto err_rsa;
850 }
851 } else {
852 p = BN_bin2bn((const unsigned char *)
853 xform->rsa.qt.p.data,
854 xform->rsa.qt.p.length,
855 p);
856 q = BN_bin2bn((const unsigned char *)
857 xform->rsa.qt.q.data,
858 xform->rsa.qt.q.length,
859 q);
860 dmp1 = BN_bin2bn((const unsigned char *)
861 xform->rsa.qt.dP.data,
862 xform->rsa.qt.dP.length,
863 dmp1);
864 dmq1 = BN_bin2bn((const unsigned char *)
865 xform->rsa.qt.dQ.data,
866 xform->rsa.qt.dQ.length,
867 dmq1);
868 iqmp = BN_bin2bn((const unsigned char *)
869 xform->rsa.qt.qInv.data,
870 xform->rsa.qt.qInv.length,
871 iqmp);
872
873 if (!p || !q || !dmp1 || !dmq1 || !iqmp) {
874 RSA_free(rsa);
875 goto err_rsa;
876 }
9f95a23c 877 ret = set_rsa_params(rsa, p, q);
11fdf7f2
TL		 878 if (ret) {
879 OPENSSL_LOG(ERR,
880 "failed to set rsa params\n");
881 RSA_free(rsa);
882 goto err_rsa;
883 }
9f95a23c 884 ret = set_rsa_crt_params(rsa, dmp1, dmq1, iqmp);
11fdf7f2
TL		 885 if (ret) {
886 OPENSSL_LOG(ERR,
887 "failed to set crt params\n");
888 RSA_free(rsa);
889 /*
890 * set already populated params to NULL
891 * as its freed by call to RSA_free
892 */
893 p = q = NULL;
894 goto err_rsa;
895 }
896 }
897
9f95a23c 898 ret = set_rsa_keys(rsa, n, e, d);
11fdf7f2
TL		 899 if (ret) {
900 OPENSSL_LOG(ERR, "Failed to load rsa keys\n");
901 RSA_free(rsa);
902 return -1;
903 }
904 asym_session->u.r.rsa = rsa;
905 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA;
906 break;
907err_rsa:
f67539c2
TL		 908 BN_clear_free(n);
909 BN_clear_free(e);
910 BN_clear_free(d);
911 BN_clear_free(p);
912 BN_clear_free(q);
913 BN_clear_free(dmp1);
914 BN_clear_free(dmq1);
915 BN_clear_free(iqmp);
11fdf7f2
TL		 916
917 return -1;
918 }
919 case RTE_CRYPTO_ASYM_XFORM_MODEX:
920 {
921 struct rte_crypto_modex_xform *xfrm = &(xform->modex);
922
923 BN_CTX *ctx = BN_CTX_new();
924 if (ctx == NULL) {
925 OPENSSL_LOG(ERR,
926 " failed to allocate resources\n");
927 return -1;
928 }
929 BN_CTX_start(ctx);
930 BIGNUM *mod = BN_CTX_get(ctx);
931 BIGNUM *exp = BN_CTX_get(ctx);
932 if (mod == NULL || exp == NULL) {
933 BN_CTX_end(ctx);
934 BN_CTX_free(ctx);
935 return -1;
936 }
937
938 mod = BN_bin2bn((const unsigned char *)
939 xfrm->modulus.data,
940 xfrm->modulus.length, mod);
941 exp = BN_bin2bn((const unsigned char *)
942 xfrm->exponent.data,
943 xfrm->exponent.length, exp);
944 asym_session->u.e.ctx = ctx;
945 asym_session->u.e.mod = mod;
946 asym_session->u.e.exp = exp;
947 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODEX;
948 break;
949 }
950 case RTE_CRYPTO_ASYM_XFORM_MODINV:
951 {
952 struct rte_crypto_modinv_xform *xfrm = &(xform->modinv);
953
954 BN_CTX *ctx = BN_CTX_new();
955 if (ctx == NULL) {
956 OPENSSL_LOG(ERR,
957 " failed to allocate resources\n");
958 return -1;
959 }
960 BN_CTX_start(ctx);
961 BIGNUM *mod = BN_CTX_get(ctx);
962 if (mod == NULL) {
963 BN_CTX_end(ctx);
964 BN_CTX_free(ctx);
965 return -1;
966 }
967
968 mod = BN_bin2bn((const unsigned char *)
969 xfrm->modulus.data,
970 xfrm->modulus.length,
971 mod);
972 asym_session->u.m.ctx = ctx;
973 asym_session->u.m.modulus = mod;
974 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV;
975 break;
976 }
977 case RTE_CRYPTO_ASYM_XFORM_DH:
978 {
979 BIGNUM *p = NULL;
980 BIGNUM *g = NULL;
981
982 p = BN_bin2bn((const unsigned char *)
983 xform->dh.p.data,
984 xform->dh.p.length,
985 p);
986 g = BN_bin2bn((const unsigned char *)
987 xform->dh.g.data,
988 xform->dh.g.length,
989 g);
990 if (!p || !g)
991 goto err_dh;
992
993 DH *dh = DH_new();
994 if (dh == NULL) {
995 OPENSSL_LOG(ERR,
996 "failed to allocate resources\n");
997 goto err_dh;
998 }
9f95a23c 999 ret = set_dh_params(dh, p, g);
11fdf7f2
TL		 1000 if (ret) {
1001 DH_free(dh);
1002 goto err_dh;
1003 }
1004
1005 /*
1006 * setup xfrom for
1007 * public key generate, or
1008 * DH Priv key generate, or both
1009 * public and private key generate
1010 */
1011 asym_session->u.dh.key_op = (1 << xform->dh.type);
1012
1013 if (xform->dh.type ==
1014 RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) {
1015 /* check if next is pubkey */
1016 if ((xform->next != NULL) &&
1017 (xform->next->xform_type ==
1018 RTE_CRYPTO_ASYM_XFORM_DH) &&
1019 (xform->next->dh.type ==
1020 RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)
1021 ) {
1022 /*
1023 * setup op as pub/priv key
1024 * pair generationi
1025 */
1026 asym_session->u.dh.key_op |=
1027 (1 <<
1028 RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE);
1029 }
1030 }
1031 asym_session->u.dh.dh_key = dh;
1032 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH;
1033 break;
1034
1035err_dh:
1036 OPENSSL_LOG(ERR, " failed to set dh params\n");
9f95a23c
TL		 1037 BN_free(p);
1038 BN_free(g);
11fdf7f2
TL		 1039 return -1;
1040 }
1041 case RTE_CRYPTO_ASYM_XFORM_DSA:
1042 {
1043 BIGNUM *p = NULL, *g = NULL;
1044 BIGNUM *q = NULL, *priv_key = NULL;
1045 BIGNUM *pub_key = BN_new();
1046 BN_zero(pub_key);
1047
1048 p = BN_bin2bn((const unsigned char *)
1049 xform->dsa.p.data,
1050 xform->dsa.p.length,
1051 p);
1052
1053 g = BN_bin2bn((const unsigned char *)
1054 xform->dsa.g.data,
1055 xform->dsa.g.length,
1056 g);
1057
1058 q = BN_bin2bn((const unsigned char *)
1059 xform->dsa.q.data,
1060 xform->dsa.q.length,
1061 q);
1062 if (!p || !q || !g)
1063 goto err_dsa;
1064
1065 priv_key = BN_bin2bn((const unsigned char *)
1066 xform->dsa.x.data,
1067 xform->dsa.x.length,
1068 priv_key);
1069 if (priv_key == NULL)
1070 goto err_dsa;
1071
1072 DSA *dsa = DSA_new();
1073 if (dsa == NULL) {
1074 OPENSSL_LOG(ERR,
1075 " failed to allocate resources\n");
1076 goto err_dsa;
1077 }
1078
9f95a23c 1079 ret = set_dsa_params(dsa, p, q, g);
11fdf7f2
TL		 1080 if (ret) {
1081 DSA_free(dsa);
1082 OPENSSL_LOG(ERR, "Failed to dsa params\n");
1083 goto err_dsa;
1084 }
1085
1086 /*
1087 * openssl 1.1.0 mandate that public key can't be
1088 * NULL in very first call. so set a dummy pub key.
1089 * to keep consistency, lets follow same approach for
1090 * both versions
1091 */
1092 /* just set dummy public for very 1st call */
9f95a23c 1093 ret = set_dsa_keys(dsa, pub_key, priv_key);
11fdf7f2
TL		 1094 if (ret) {
1095 DSA_free(dsa);
1096 OPENSSL_LOG(ERR, "Failed to set keys\n");
1097 return -1;
1098 }
1099 asym_session->u.s.dsa = dsa;
1100 asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA;
1101 break;
1102
1103err_dsa:
9f95a23c
TL		 1104 BN_free(p);
1105 BN_free(q);
1106 BN_free(g);
1107 BN_free(priv_key);
1108 BN_free(pub_key);
11fdf7f2
TL		 1109 return -1;
1110 }
1111 default:
1112 return -1;
1113 }
1114
1115 return 0;
1116}
1117
1118/** Configure the session from a crypto xform chain */
1119static int
1120openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
1121 struct rte_crypto_asym_xform *xform,
1122 struct rte_cryptodev_asym_session *sess,
1123 struct rte_mempool *mempool)
1124{
1125 void *asym_sess_private_data;
1126 int ret;
1127
1128 if (unlikely(sess == NULL)) {
1129 OPENSSL_LOG(ERR, "invalid asymmetric session struct");
1130 return -EINVAL;
1131 }
1132
1133 if (rte_mempool_get(mempool, &asym_sess_private_data)) {
1134 CDEV_LOG_ERR(
1135 "Couldn't get object from session mempool");
1136 return -ENOMEM;
1137 }
1138
1139 ret = openssl_set_asym_session_parameters(asym_sess_private_data,
1140 xform);
1141 if (ret != 0) {
1142 OPENSSL_LOG(ERR, "failed configure session parameters");
1143
1144 /* Return session to mempool */
1145 rte_mempool_put(mempool, asym_sess_private_data);
1146 return ret;
1147 }
1148
1149 set_asym_session_private_data(sess, dev->driver_id,
1150 asym_sess_private_data);
1151
1152 return 0;
1153}
1154
1155/** Clear the memory of session so it doesn't leave key material behind */
1156static void
1157openssl_pmd_sym_session_clear(struct rte_cryptodev *dev,
1158 struct rte_cryptodev_sym_session *sess)
1159{
1160 uint8_t index = dev->driver_id;
1161 void *sess_priv = get_sym_session_private_data(sess, index);
1162
1163 /* Zero out the whole structure */
1164 if (sess_priv) {
1165 openssl_reset_session(sess_priv);
1166 memset(sess_priv, 0, sizeof(struct openssl_session));
1167 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
1168 set_sym_session_private_data(sess, index, NULL);
1169 rte_mempool_put(sess_mp, sess_priv);
1170 }
1171}
1172
1173static void openssl_reset_asym_session(struct openssl_asym_session *sess)
1174{
1175 switch (sess->xfrm_type) {
1176 case RTE_CRYPTO_ASYM_XFORM_RSA:
1177 if (sess->u.r.rsa)
1178 RSA_free(sess->u.r.rsa);
1179 break;
1180 case RTE_CRYPTO_ASYM_XFORM_MODEX:
1181 if (sess->u.e.ctx) {
1182 BN_CTX_end(sess->u.e.ctx);
1183 BN_CTX_free(sess->u.e.ctx);
1184 }
1185 break;
1186 case RTE_CRYPTO_ASYM_XFORM_MODINV:
1187 if (sess->u.m.ctx) {
1188 BN_CTX_end(sess->u.m.ctx);
1189 BN_CTX_free(sess->u.m.ctx);
1190 }
1191 break;
1192 case RTE_CRYPTO_ASYM_XFORM_DH:
1193 if (sess->u.dh.dh_key)
1194 DH_free(sess->u.dh.dh_key);
1195 break;
1196 case RTE_CRYPTO_ASYM_XFORM_DSA:
1197 if (sess->u.s.dsa)
1198 DSA_free(sess->u.s.dsa);
1199 break;
1200 default:
1201 break;
1202 }
1203}
1204
1205/** Clear the memory of asymmetric session
1206 * so it doesn't leave key material behind
1207 */
1208static void
1209openssl_pmd_asym_session_clear(struct rte_cryptodev *dev,
1210 struct rte_cryptodev_asym_session *sess)
1211{
1212 uint8_t index = dev->driver_id;
1213 void *sess_priv = get_asym_session_private_data(sess, index);
1214
1215 /* Zero out the whole structure */
1216 if (sess_priv) {
1217 openssl_reset_asym_session(sess_priv);
1218 memset(sess_priv, 0, sizeof(struct openssl_asym_session));
1219 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
1220 set_asym_session_private_data(sess, index, NULL);
1221 rte_mempool_put(sess_mp, sess_priv);
1222 }
1223}
1224
1225struct rte_cryptodev_ops openssl_pmd_ops = {
1226 .dev_configure = openssl_pmd_config,
1227 .dev_start = openssl_pmd_start,
1228 .dev_stop = openssl_pmd_stop,
1229 .dev_close = openssl_pmd_close,
1230
1231 .stats_get = openssl_pmd_stats_get,
1232 .stats_reset = openssl_pmd_stats_reset,
1233
1234 .dev_infos_get = openssl_pmd_info_get,
1235
1236 .queue_pair_setup = openssl_pmd_qp_setup,
1237 .queue_pair_release = openssl_pmd_qp_release,
11fdf7f2
TL		 1238
1239 .sym_session_get_size = openssl_pmd_sym_session_get_size,
1240 .asym_session_get_size = openssl_pmd_asym_session_get_size,
1241 .sym_session_configure = openssl_pmd_sym_session_configure,
1242 .asym_session_configure = openssl_pmd_asym_session_configure,
1243 .sym_session_clear = openssl_pmd_sym_session_clear,
1244 .asym_session_clear = openssl_pmd_asym_session_clear
1245};
1246
1247struct rte_cryptodev_ops *rte_openssl_pmd_ops = &openssl_pmd_ops;
Ceph