From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <Shally.Verma@cavium.com>
Received: from NAM04-SN1-obe.outbound.protection.outlook.com
(mail-eopbgr700088.outbound.protection.outlook.com [40.107.70.88])
by dpdk.org (Postfix) with ESMTP id C300F20BD
for <dev@dpdk.org>; Mon, 23 Jul 2018 16:46:38 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=6o/bbODMR+gT4nIpUNKEr+D3LKNIaNzqShZqj3YEBC4=;
b=TBtNyDvuZLMfyep357QrQ1ALnU1htz6bwZjOb8G5rj5PHMjM72/h5zvgfhqjXapfHmjFREMQzwaVaUvuHHI4+EyWxiYV0Cdq6NA2TCmvTzkrDEKgkd4i2ybG6A51MBHPsndIwUM/youvXb89kUXXJkKIDi0hu1xXkq3X0LmFh7U=
Authentication-Results: spf=none (sender IP is )
smtp.mailfrom=Shally.Verma@cavium.com;
Received: from hyd1sverma-dt.caveonetworks.com (115.113.156.2) by
DM5PR0701MB3640.namprd07.prod.outlook.com (2603:10b6:4:7e::12) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.973.20; Mon, 23 Jul 2018 14:46:35 +0000
From: Shally Verma <shally.verma@caviumnetworks.com>
To: pablo.de.lara.guarch@intel.com
Cc: dev@dpdk.org, pathreya@caviumnetworks.com, nmurthy@caviumnetworks.com,
Sunila Sahu <sunila.sahu@caviumnetworks.com>,
Ashish Gupta <ashish.gupta@caviumnetworks.com>
Date: Mon, 23 Jul 2018 20:16:03 +0530
Message-Id: <1532357165-8575-2-git-send-email-shally.verma@caviumnetworks.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1532357165-8575-1-git-send-email-shally.verma@caviumnetworks.com>
References: <1532357165-8575-1-git-send-email-shally.verma@caviumnetworks.com>
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [115.113.156.2]
X-ClientProxiedBy: MA1PR0101CA0020.INDPRD01.PROD.OUTLOOK.COM
(2603:1096:a00:21::30) To DM5PR0701MB3640.namprd07.prod.outlook.com
(2603:10b6:4:7e::12)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 577cd0c3-f56d-4e5a-90a1-08d5f0ab17c9
X-Microsoft-Antispam: BCL:0; PCL:0;
RULEID:(7020095)(4652040)(8989117)(5600073)(711020)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020);
SRVR:DM5PR0701MB3640;
X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3640;
3:mY5pL4veZAtovPH7c2HqEliQSr4xDApzzRpucQDbr+vPfyFZE84cvP6Hw7aAfVgLqnrLORLsZUkzDDx2JDtIpCATWB8Kd4hKt1LuyGKQ5AnoFYWz/oiw0Sras7lP1DFzd0jkOduJjTIj2h7jRLBuSsOxlriQ3+WV4BhsBxFNnv8KzIRillW+tC2AHrnbpgAwA0R/dddlOdLOvvE9eYxrgPeILwzuU0JpO7lmSM28LmBNVd2mBxGJhl2Tqnn7UTE8;
25:hl2dv/3LvWF3olFvd7h7J2GhKyirM9syspjbmGj1+G28/xUX0R0TiVmN4f/HUJB7MYGNJJHSDme8T8px08Yxd6EVkWRoBAO41YnGXxreLUhjG5U9Fak0U+wrwMeSvo3pk8sboivSm08BTxIOmH46H1plSACRpB5YbPE2vI6XoNH8JZm/HxF9N8E5nt1j0zBcLRnG8DqDsO9ANx6oqpUuYHzqeL8hcEO33HbjBz0iyvGsVU+Tev3lmona0mkO/Ktd9vwwMds1RqIeP7Qdp76P9t7GnrOWzMDC3eUlyxeV8C/h9B71ojwWm9zl3nju3mv+PH7KN9jZMTXmBVttjd3Pgw==;
31:zK+LRIH2h9hySSUmt22ei6l2gYVcxuPtTxDNjqVFG6lEHb1X0PKMNXslM4j02tt4wcQdr5mzYuB7zKwFz7UWXKWzx4yplHi60rsB4isEPnZGsRVImcxBCLnV3Di40fQ9xXBaTGnwdQhVQszBZQXtBTGH44tRjSJqmL/C0Nu20VRlKrF7VS9AzVjKZ8zW1tmpA/zrHEzwgB6RIAZH9MOk8BYlLs/xJyW/pN78q63Cptc=
X-MS-TrafficTypeDiagnostic: DM5PR0701MB3640:
X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3640;
20:/iBL6Ocp1miWIhpGFQYceK4yB5hMA3hV2KmcJJhJDrGhwGn9m6E4oYrd+ol6/tmmYCB6Km/tWw85lz0+YwLRAv6m7CiyIZh96bWGDMqvAiMLkMVTowILRs1b+2+uxV/3txFBRJvsUv04j+HVPVAlOLQV9Yq5ZBUuN6Hb8oXxtCFlww+cv1ZPoDRgdezuWWrsSSBGZ+maD6kvMLeIp8X5KPm2jeWNaFUTZcTdS/ax5OpMiZQFP+yTfVSkadCH/g/0biyehyNMKN4dDqjYPKMzgbDSzd0Ni+SiLxg/R7Br3DYLLPyd09K9OD78m2UGD5kNJfUpd/DZB/rNayMt5BTnvR/ejNf0lugZTti3bOR48SMEWDkWLHCMhUviVGZhSZHSP4L6ipbw5K5iDAHkBvFxJ/Wz2uEZ1rf5gFFpnmm9hBe/jnC5Nd0A4qN/ey1BRys9Vb2liQ7UYbYhMcSKmBrM3vwGYGwyrSTSVLJixdsyZp2SWnWmLWiV+Ir14ntCvMY680eZv+yHR1u4D5wiwQEh269GDezOzbdE+OaJmUIP7p/+i6BDptanam6pYFDe/3gXJjtltpy2ygnvjtU8h0qdB7A4vDjeRCsSxUTNh897zKk=;
4:/UyvJKof7rkX4T87SsHj6/zCMbxZXtRqIrbMXdLfsXFKKPEFQDhGkW3JHg2w3yGJ5geXb19oRMwhom1I/x/t17ILJT2a5ijm5dvS5TVZavqrriEwQB9GRBhS+X0qML+yabbvuAKKgBzegQWFlGj7kFVru9MH/C6sK6DZpsdBCs4tImMke9W0X1waL6yyiLmgIEMLDtTbWZCBN/Wsq2TgDxwhv3XGVsvxyw9F5lf3/05LWUn0yZ8ObA0Fe0gty5CEwllEgKemVdTeFd8z6d1aYA==
X-Microsoft-Antispam-PRVS: <DM5PR0701MB3640E98F5D1E0E29E705A0D2F0560@DM5PR0701MB3640.namprd07.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-MS-Exchange-SenderADCheck: 1
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231311)(944501410)(52105095)(93006095)(149027)(150027)(6041310)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016);
SRVR:DM5PR0701MB3640; BCL:0; PCL:0; RULEID:; SRVR:DM5PR0701MB3640;
X-Forefront-PRVS: 0742443479
X-Forefront-Antispam-Report: SFV:NSPM;
SFS:(10009020)(376002)(346002)(396003)(366004)(39860400002)(136003)(189003)(199004)(6486002)(42882007)(16586007)(478600001)(305945005)(446003)(50226002)(50466002)(5660300001)(11346002)(7736002)(476003)(48376002)(36756003)(44832011)(8676002)(486006)(2616005)(956004)(3846002)(14444005)(575784001)(68736007)(54906003)(47776003)(72206003)(6116002)(97736004)(316002)(69596002)(107886003)(4326008)(2906002)(81166006)(66066001)(81156014)(2361001)(8936002)(25786009)(6512007)(53416004)(26005)(106356001)(6916009)(105586002)(55236004)(186003)(386003)(52116002)(6506007)(53936002)(6666003)(76176011)(51416003)(2351001)(16526019);
DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR0701MB3640;
H:hyd1sverma-dt.caveonetworks.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords;
MX:1; A:1;
Received-SPF: None (protection.outlook.com: cavium.com does not designate
permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR0701MB3640;
23:lYEo8c/FBjW6XnxxbUV0Wh7C9O/HNFsIx1JxjOp?=
=?us-ascii?Q?TUysi9lEwnRIVsHMNq5jPbyygx19LBY9lRc6vLVwGQfJOHWvIenYspT1Hk6d?=
=?us-ascii?Q?et+MYACB86R9C/QjforOSvTzSNAj9la0tO0LG3uhAv/8CN7ufUfIsof3EXKB?=
=?us-ascii?Q?f/NjQwd8KmNz8kWTDc2lYiaZUy+NfdDRIHZUKrymqRQ8lJwcua1633xXVhf2?=
=?us-ascii?Q?7qXCtFbcZPt01V2vsZFQc9jT7boJVzVqSM4q2Lufu8PWDT2E7WurhkRnwikX?=
=?us-ascii?Q?WJqkzIj06rG52Ppnv9N5B9FhPFQyOAFwt35WqgcyCKlNJ7uf9ZLBlqPe+glH?=
=?us-ascii?Q?bJQPFFhRN6lXj584QKJAUF6P9ywMHaoiILYXxxpMX8bL5dP4BziNd90FA750?=
=?us-ascii?Q?fdboF2+rESYyhLiBNExr7BzFqiEmXAsfPJKDyo9RqLuvqh0lMcbqHogDfd/+?=
=?us-ascii?Q?OunCnd90z91V/WAy9N7T/7q1V9HNuhYUBFc0RbiPgI75t9Ny3MZOGSpquSss?=
=?us-ascii?Q?Yy3JqwIdotL0nIxKe+gqZ/4047icdtrkt714VPLD5VTNC9h4Nt6udy0J5KD+?=
=?us-ascii?Q?wTF+f+1QK7P2GZ4VPgnFEbpwoAXTNT0d/wNwPu+OHlvTwMXlY9r2Wf3zJ1sK?=
=?us-ascii?Q?6JlcQ+JtgG58kNs4CnSdgO3B1Sz6iHeOwX3AO9aVu/Mb+tcdJpvfoLk84Nm5?=
=?us-ascii?Q?qnl1wmBM/lXh4AJ15pMocZGuXkTSMTqdVT0/RsfDiA9Ltc5Cd0Ek0Su/OpzJ?=
=?us-ascii?Q?74cmQ1ud7sw8Ay48jv3SqGKtExwjbX59Pk6X3wlvsu/3UrRxPA9OhH65lY6Y?=
=?us-ascii?Q?060HZ6CMAL3LqLmfzHh1wx62WKaYlbCk/b5z/3dnpaLXaYMvo68+QgpgIEQd?=
=?us-ascii?Q?V4PlZHKAA6Y0fUiBZkDkLIKAxyfYLZKwGTSbeX6+FpoexBTS8+eVwU3QOkQA?=
=?us-ascii?Q?hIU8mzj5yCrkcHS5NkCp3K12/E2JzmvrU7XNUTjPPuTEwseH01tqcAHSEqv9?=
=?us-ascii?Q?2jp0uhWqNbonb8K6Agu0snVPrUQzayL/x8rzFSxlVkzz3T9IuYNTJko/VIV9?=
=?us-ascii?Q?7BwU5SsABKREYvSKc8GXzTmdtgTk6nU7h8oWCYJh110yzB+JjqLUDUfdLrbM?=
=?us-ascii?Q?o1wd/EYONRK4VpvlBr3OuXY2Yo6urwg6EUBsWlocPyS0F5BHvcG382C3ZWZV?=
=?us-ascii?Q?cl0/m0pZxHuWDOB9Oglm/veUjsitlpPcXySx1SKP9izFXLhsCg7ogoppb5/q?=
=?us-ascii?Q?TaDoeoWFCm3E8GgHL7fsY99URqRkXmROJDx8rUbY07MkBqszJPt2KUIspHPZ?=
=?us-ascii?Q?KZgxMO4lAQFauazthPJM2d2YM7I/WJJQ2KwV4iM4rZxRLtfH3RRETHpmshi2?=
=?us-ascii?Q?R5dtcWZUkwrQFr0z8UpC0bqm5yTA/VZt7tYxFr6gQq+OjIS7o?=
X-Microsoft-Antispam-Message-Info: GV//lDTBIyx6uJzuAeRM5NCvoaldyQ4Imfg9fHjikeMNS5wLCWnTvxZhVutV6di4FLnQmpzmgpyRmPutLc90SdZWrcxe1Ae27AJExfs2R7o0DINtGieJafWcbeIonduy618A0yMRPoK6zvj6pSpLpQEeBoOjpGlu8WA5teq87ZEh23WwScQpYsiLAQFQf4tsY5hjjlrXtMaACgsFo/3QuH23MAwBZiyXsrn5n2i64D01BgPDG0SK95nUKCFC+jAtJ353AjVVb5McPOZFFIvwTTuh+edWjBKmZeNvBj7GuYgfBs9PQ79Gmu0cOfNgHWgVZtK09yExpir/NzA0ogkZ6e2exDX0jeXVNvnZxo81wAA=
X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3640;
6:tjwX7WSQoHegSTxp2PFSAEpwp/jz0eKy8QrP9ySXNiqLzy66O+3yb20lc8nIAuvfTSOIh3srHqhc5lwJGUyRJf9acTRkbL0c4Mjp0nmla4eBFly4nembtt7Le4N7gx0gMby8GxgQ7InUcFGGQxsNTxLdtB9jU/lzs2GHcHS74NuRAjx5I6f6p5HISCMdM8JwFGuzpsOeomGD52vJxZJGplys13MYlqTEMzxrP2vEPRMjPgN/r9/qIZIHa7eBqIn0QgzL95rlqILMFzKELnp3hUGIWYTa+oeL+zZ4ApgCr4I30hMZvxmvwOIlGUDQ7dkcOXQiXqGk4FVg1f3mcEktrhOrc70bIqSdJAEdxecWyRutt0YWnmlfLOekE02pllr2g4etq4L/ipXuUF2voCBUmdl/hYlnikbt4AWWZAMvwF1g1cTip0MOo2R50uK+aJGqNWctnd/EJAhI8g5x7qbfBQ==;
5:5r7ndXEpGWunUaQOC0x5+jzZQ8guJ9SIM7K/tk8lPeYkWMwv+ZWV4oe4qyPEhL4sx1DYu+DNqy6wUln8vv38eVHg0JRrbQSDjkxNqWtS6lWa2QMkz1Nu/rTWJ5Fs88AlOcCDmCzphYJqSvIyoF7GSVhha98QJ5pNKafA03hufiU=;
7:WxTWosZYZaAzGYaUXbnoH9pbKwiKtXPSMNbMJ/D5bf5CoBKg8rLMwx0IF3YrmSRzT54hsjUIuZZ7BP9RaRow2WMPaERH0IGSRrxrAmsU4DXxUaHTyZt48SpPrAkpmY+Us/Zu7IDtb6uzPWAbdfuAWAQfMwiGShVQnG0OHsAjd+i91ZIxJ+b8Q3+9qD9Vi3EJrhO5mIQtgh2lj4pECLFuzpwh7yLXJS5jKVyErSJ60iwKKtP8BC7ULiwQDI1Io6sE
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: caviumnetworks.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2018 14:46:35.0547 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 577cd0c3-f56d-4e5a-90a1-08d5f0ab17c9
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0701MB3640
Subject: [dpdk-dev] [PATCH v5 1/3] crypto/openssl: add rsa and mod asym op
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
<mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jul 2018 14:46:39 -0000
From: Sunila Sahu <sunila.sahu@caviumnetworks.com>
- Add compat.h to make pmd compatible to openssl-1.1.0 and
backward version
- Add rsa sign/verify/encrypt/decrypt and modular operation
support
Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>
---
drivers/crypto/openssl/compat.h | 40 +++
drivers/crypto/openssl/rte_openssl_pmd.c | 231 +++++++++++++++-
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 336 ++++++++++++++++++++++-
drivers/crypto/openssl/rte_openssl_pmd_private.h | 19 ++
4 files changed, 614 insertions(+), 12 deletions(-)
diff --git a/drivers/crypto/openssl/compat.h b/drivers/crypto/openssl/compat.h
new file mode 100644
index 0000000..8ece808
--- /dev/null
+++ b/drivers/crypto/openssl/compat.h
@@ -0,0 +1,40 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2018 Cavium Networks
+ */
+
+#ifndef __RTA_COMPAT_H__
+#define __RTA_COMPAT_H__
+
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+
+#define set_rsa_params(rsa, p, q, ret) \
+ do {rsa->p = p; rsa->q = q; ret = 0; } while (0)
+
+#define set_rsa_crt_params(rsa, dmp1, dmq1, iqmp, ret) \
+ do { \
+ rsa->dmp1 = dmp1; \
+ rsa->dmq1 = dmq1; \
+ rsa->iqmp = iqmp; \
+ ret = 0; \
+ } while (0)
+
+#define set_rsa_keys(rsa, n, e, d, ret) \
+ do { \
+ rsa->n = n; rsa->e = e; rsa->d = d; ret = 0; \
+ } while (0)
+
+#else
+
+#define set_rsa_params(rsa, p, q, ret) \
+ (ret = !RSA_set0_factors(rsa, p, q))
+
+#define set_rsa_crt_params(rsa, dmp1, dmq1, iqmp, ret) \
+ (ret = !RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp))
+
+/* n, e must be non-null, d can be NULL */
+#define set_rsa_keys(rsa, n, e, d, ret) \
+ (ret = !RSA_set0_key(rsa, n, e, d))
+
+#endif /* version < 10100000 */
+
+#endif /* __RTA_COMPAT_H__ */
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 96b0fd2..9d18e67 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -14,6 +14,7 @@
#include <openssl/evp.h>
#include "rte_openssl_pmd_private.h"
+#include "compat.h"
#define DES_BLOCK_SIZE 8
@@ -730,19 +731,36 @@ openssl_reset_session(struct openssl_session *sess)
}
/** Provide session for operation */
-static struct openssl_session *
+static void *
get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
{
struct openssl_session *sess = NULL;
+ struct openssl_asym_session *asym_sess = NULL;
if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
- /* get existing session */
- if (likely(op->sym->session != NULL))
- sess = (struct openssl_session *)
- get_sym_session_private_data(
- op->sym->session,
- cryptodev_driver_id);
+ if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
+ /* get existing session */
+ if (likely(op->sym->session != NULL))
+ sess = (struct openssl_session *)
+ get_sym_session_private_data(
+ op->sym->session,
+ cryptodev_driver_id);
+ } else {
+ if (likely(op->asym->session != NULL))
+ asym_sess = (struct openssl_asym_session *)
+ get_asym_session_private_data(
+ op->asym->session,
+ cryptodev_driver_id);
+ if (asym_sess == NULL)
+ op->status =
+ RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+ return asym_sess;
+ }
} else {
+ /* sessionless asymmetric not supported */
+ if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC)
+ return NULL;
+
/* provide internal session */
void *_sess = NULL;
void *_sess_private_data = NULL;
@@ -1528,6 +1546,193 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
}
+/* process modinv operation */
+static int process_openssl_modinv_op(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ struct rte_crypto_asym_op *op = cop->asym;
+ BIGNUM *base = BN_CTX_get(sess->u.m.ctx);
+ BIGNUM *res = BN_CTX_get(sess->u.m.ctx);
+
+ if (unlikely(base == NULL || res == NULL)) {
+ if (base)
+ BN_free(base);
+ if (res)
+ BN_free(res);
+ cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+ return -1;
+ }
+
+ base = BN_bin2bn((const unsigned char *)op->modinv.base.data,
+ op->modinv.base.length, base);
+
+ if (BN_mod_inverse(res, base, sess->u.m.modulus, sess->u.m.ctx)) {
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+ op->modinv.base.length = BN_bn2bin(res, op->modinv.base.data);
+ } else {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ }
+
+ return 0;
+}
+
+/* process modexp operation */
+static int process_openssl_modexp_op(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ struct rte_crypto_asym_op *op = cop->asym;
+ BIGNUM *base = BN_CTX_get(sess->u.e.ctx);
+ BIGNUM *res = BN_CTX_get(sess->u.e.ctx);
+
+ if (unlikely(base == NULL || res == NULL)) {
+ if (base)
+ BN_free(base);
+ if (res)
+ BN_free(res);
+ cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+ return -1;
+ }
+
+ base = BN_bin2bn((const unsigned char *)op->modinv.base.data,
+ op->modinv.base.length, base);
+
+ if (BN_mod_exp(res, base, sess->u.e.exp,
+ sess->u.e.mod, sess->u.e.ctx)) {
+ op->modinv.base.length = BN_bn2bin(res, op->modinv.base.data);
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+ } else {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ }
+
+ return 0;
+}
+
+/* process rsa operations */
+static int process_openssl_rsa_op(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ int ret = 0;
+ struct rte_crypto_asym_op *op = cop->asym;
+ RSA *rsa = sess->u.r.rsa;
+ uint32_t pad = (op->rsa.pad);
+
+ switch (pad) {
+ case RTE_CRYPTO_RSA_PKCS1_V1_5_BT0:
+ case RTE_CRYPTO_RSA_PKCS1_V1_5_BT1:
+ case RTE_CRYPTO_RSA_PKCS1_V1_5_BT2:
+ pad = RSA_PKCS1_PADDING;
+ break;
+ case RTE_CRYPTO_RSA_PADDING_NONE:
+ pad = RSA_NO_PADDING;
+ break;
+ default:
+ cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+ OPENSSL_LOG(ERR,
+ "rsa pad type not supported %d\n", pad);
+ return 0;
+ }
+
+ switch (op->rsa.op_type) {
+ case RTE_CRYPTO_ASYM_OP_ENCRYPT:
+ ret = RSA_public_encrypt(op->rsa.message.length,
+ op->rsa.message.data,
+ op->rsa.message.data,
+ rsa,
+ pad);
+
+ if (ret > 0)
+ op->rsa.message.length = ret;
+ OPENSSL_LOG(DEBUG,
+ "length of encrypted text %d\n", ret);
+ break;
+
+ case RTE_CRYPTO_ASYM_OP_DECRYPT:
+ ret = RSA_private_decrypt(op->rsa.message.length,
+ op->rsa.message.data,
+ op->rsa.message.data,
+ rsa,
+ pad);
+ if (ret > 0)
+ op->rsa.message.length = ret;
+ break;
+
+ case RTE_CRYPTO_ASYM_OP_SIGN:
+ ret = RSA_private_encrypt(op->rsa.message.length,
+ op->rsa.message.data,
+ op->rsa.sign.data,
+ rsa,
+ pad);
+ if (ret > 0)
+ op->rsa.sign.length = ret;
+ break;
+
+ case RTE_CRYPTO_ASYM_OP_VERIFY:
+ ret = RSA_public_decrypt(op->rsa.sign.length,
+ op->rsa.sign.data,
+ op->rsa.sign.data,
+ rsa,
+ pad);
+
+ OPENSSL_LOG(DEBUG,
+ "Length of public_decrypt %d "
+ "length of message %zd\n",
+ ret, op->rsa.message.length);
+
+ if (memcmp(op->rsa.sign.data, op->rsa.message.data,
+ op->rsa.message.length)) {
+ OPENSSL_LOG(ERR,
+ "RSA sign Verification failed");
+ return -1;
+ }
+ break;
+
+ default:
+ /* allow ops with invalid args to be pushed to
+ * completion queue
+ */
+ cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+ break;
+ }
+
+ if (ret < 0)
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+
+ return 0;
+}
+
+static int
+process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op,
+ struct openssl_asym_session *sess)
+{
+ int retval = 0;
+
+ op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+
+ switch (sess->xfrm_type) {
+ case RTE_CRYPTO_ASYM_XFORM_RSA:
+ retval = process_openssl_rsa_op(op, sess);
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_MODEX:
+ retval = process_openssl_modexp_op(op, sess);
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_MODINV:
+ retval = process_openssl_modinv_op(op, sess);
+ break;
+ default:
+ op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+ break;
+ }
+ if (!retval) {
+ /* op processed so push to completion queue as processed */
+ retval = rte_ring_enqueue(qp->processed_ops, (void *)op);
+ if (retval)
+ /* return error if failed to put in completion queue */
+ retval = -1;
+ }
+
+ return retval;
+}
+
/** Process crypto operation for mbuf */
static int
process_op(struct openssl_qp *qp, struct rte_crypto_op *op,
@@ -1600,7 +1805,7 @@ static uint16_t
openssl_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops,
uint16_t nb_ops)
{
- struct openssl_session *sess;
+ void *sess;
struct openssl_qp *qp = queue_pair;
int i, retval;
@@ -1609,7 +1814,12 @@ openssl_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops,
if (unlikely(sess == NULL))
goto enqueue_err;
- retval = process_op(qp, ops[i], sess);
+ if (ops[i]->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC)
+ retval = process_op(qp, ops[i],
+ (struct openssl_session *) sess);
+ else
+ retval = process_asym_op(qp, ops[i],
+ (struct openssl_asym_session *) sess);
if (unlikely(retval < 0))
goto enqueue_err;
}
@@ -1664,7 +1874,8 @@ cryptodev_openssl_create(const char *name,
RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
RTE_CRYPTODEV_FF_CPU_AESNI |
RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
- RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT;
+ RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
+ RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
/* Set vector instructions mode supported */
internals = dev->data->dev_private;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 05f452d..bbc203e 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -9,6 +9,7 @@
#include <rte_cryptodev_pmd.h>
#include "rte_openssl_pmd_private.h"
+#include "compat.h"
static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
@@ -469,6 +470,63 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
}, }
}, }
},
+ { /* RSA */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
+ .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
+ (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
+ (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
+ (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+ {
+ .modlen = {
+ /* min length is based on openssl rsa keygen */
+ .min = 30,
+ /* value 0 symbolizes no limit on max length */
+ .max = 0,
+ .increment = 1
+ }, }
+ }
+ },
+ }
+ },
+ { /* modexp */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
+ .op_types = 0,
+ {
+ .modlen = {
+ /* value 0 symbolizes no limit on min length */
+ .min = 0,
+ /* value 0 symbolizes no limit on max length */
+ .max = 0,
+ .increment = 1
+ }, }
+ }
+ },
+ }
+ },
+ { /* modinv */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
+ .op_types = 0,
+ {
+ .modlen = {
+ /* value 0 symbolizes no limit on min length */
+ .min = 0,
+ /* value 0 symbolizes no limit on max length */
+ .max = 0,
+ .increment = 1
+ }, }
+ }
+ },
+ }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
@@ -655,13 +713,20 @@ openssl_pmd_qp_count(struct rte_cryptodev *dev)
return dev->data->nb_queue_pairs;
}
-/** Returns the size of the session structure */
+/** Returns the size of the symmetric session structure */
static unsigned
openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
{
return sizeof(struct openssl_session);
}
+/** Returns the size of the asymmetric session structure */
+static unsigned
+openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused)
+{
+ return sizeof(struct openssl_asym_session);
+}
+
/** Configure the session from a crypto xform chain */
static int
openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
@@ -698,6 +763,226 @@ openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
return 0;
}
+static int openssl_set_asym_session_parameters(
+ struct openssl_asym_session *asym_session,
+ struct rte_crypto_asym_xform *xform)
+{
+ int ret = 0;
+
+ if (xform->next != NULL) {
+ OPENSSL_LOG(ERR, "chained xfrms are not supported on %s",
+ rte_crypto_asym_xform_strings[xform->xform_type]);
+ return -1;
+ }
+
+ switch (xform->xform_type) {
+ case RTE_CRYPTO_ASYM_XFORM_RSA:
+ {
+ BIGNUM *n = NULL;
+ BIGNUM *e = NULL;
+ BIGNUM *d = NULL;
+ BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL;
+ BIGNUM *iqmp = NULL, *dmq1 = NULL;
+
+ /* copy xfrm data into rsa struct */
+ n = BN_bin2bn((const unsigned char *)xform->rsa.n.data,
+ xform->rsa.n.length, n);
+ e = BN_bin2bn((const unsigned char *)xform->rsa.e.data,
+ xform->rsa.e.length, e);
+
+ if (!n || !e)
+ goto err_rsa;
+
+ RSA *rsa = RSA_new();
+ if (rsa == NULL)
+ goto err_rsa;
+
+ if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) {
+ d = BN_bin2bn(
+ (const unsigned char *)xform->rsa.d.data,
+ xform->rsa.d.length,
+ d);
+ if (!d) {
+ RSA_free(rsa);
+ goto err_rsa;
+ }
+ } else {
+ p = BN_bin2bn((const unsigned char *)
+ xform->rsa.qt.p.data,
+ xform->rsa.qt.p.length,
+ p);
+ q = BN_bin2bn((const unsigned char *)
+ xform->rsa.qt.q.data,
+ xform->rsa.qt.q.length,
+ q);
+ dmp1 = BN_bin2bn((const unsigned char *)
+ xform->rsa.qt.dP.data,
+ xform->rsa.qt.dP.length,
+ dmp1);
+ dmq1 = BN_bin2bn((const unsigned char *)
+ xform->rsa.qt.dQ.data,
+ xform->rsa.qt.dQ.length,
+ dmq1);
+ iqmp = BN_bin2bn((const unsigned char *)
+ xform->rsa.qt.qInv.data,
+ xform->rsa.qt.qInv.length,
+ iqmp);
+
+ if (!p || !q || !dmp1 || !dmq1 || !iqmp) {
+ RSA_free(rsa);
+ goto err_rsa;
+ }
+ set_rsa_params(rsa, p, q, ret);
+ if (ret) {
+ OPENSSL_LOG(ERR,
+ "failed to set rsa params\n");
+ RSA_free(rsa);
+ goto err_rsa;
+ }
+ set_rsa_crt_params(rsa, dmp1, dmq1, iqmp, ret);
+ if (ret) {
+ OPENSSL_LOG(ERR,
+ "failed to set crt params\n");
+ RSA_free(rsa);
+ /*
+ * set already populated params to NULL
+ * as its freed by call to RSA_free
+ */
+ p = q = NULL;
+ goto err_rsa;
+ }
+ }
+
+ set_rsa_keys(rsa, n, e, d, ret);
+ if (ret) {
+ OPENSSL_LOG(ERR, "Failed to load rsa keys\n");
+ RSA_free(rsa);
+ return -1;
+ }
+ asym_session->u.r.rsa = rsa;
+ asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA;
+ break;
+err_rsa:
+ if (n)
+ BN_free(n);
+ if (e)
+ BN_free(e);
+ if (d)
+ BN_free(d);
+ if (p)
+ BN_free(p);
+ if (q)
+ BN_free(q);
+ if (dmp1)
+ BN_free(dmp1);
+ if (dmq1)
+ BN_free(dmq1);
+ if (iqmp)
+ BN_free(iqmp);
+
+ return -1;
+ }
+ case RTE_CRYPTO_ASYM_XFORM_MODEX:
+ {
+ struct rte_crypto_modex_xform *xfrm = &(xform->modex);
+
+ BN_CTX *ctx = BN_CTX_new();
+ if (ctx == NULL) {
+ OPENSSL_LOG(ERR,
+ " failed to allocate resources\n");
+ return -1;
+ }
+ BN_CTX_start(ctx);
+ BIGNUM *mod = BN_CTX_get(ctx);
+ BIGNUM *exp = BN_CTX_get(ctx);
+ if (mod == NULL || exp == NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return -1;
+ }
+
+ mod = BN_bin2bn((const unsigned char *)
+ xfrm->modulus.data,
+ xfrm->modulus.length, mod);
+ exp = BN_bin2bn((const unsigned char *)
+ xfrm->exponent.data,
+ xfrm->exponent.length, exp);
+ asym_session->u.e.ctx = ctx;
+ asym_session->u.e.mod = mod;
+ asym_session->u.e.exp = exp;
+ asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODEX;
+ break;
+ }
+ case RTE_CRYPTO_ASYM_XFORM_MODINV:
+ {
+ struct rte_crypto_modinv_xform *xfrm = &(xform->modinv);
+
+ BN_CTX *ctx = BN_CTX_new();
+ if (ctx == NULL) {
+ OPENSSL_LOG(ERR,
+ " failed to allocate resources\n");
+ return -1;
+ }
+ BN_CTX_start(ctx);
+ BIGNUM *mod = BN_CTX_get(ctx);
+ if (mod == NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return -1;
+ }
+
+ mod = BN_bin2bn((const unsigned char *)
+ xfrm->modulus.data,
+ xfrm->modulus.length,
+ mod);
+ asym_session->u.m.ctx = ctx;
+ asym_session->u.m.modulus = mod;
+ asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV;
+ break;
+ }
+ default:
+ return -1;
+ }
+
+ return 0;
+}
+
+/** Configure the session from a crypto xform chain */
+static int
+openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
+ struct rte_crypto_asym_xform *xform,
+ struct rte_cryptodev_asym_session *sess,
+ struct rte_mempool *mempool)
+{
+ void *asym_sess_private_data;
+ int ret;
+
+ if (unlikely(sess == NULL)) {
+ OPENSSL_LOG(ERR, "invalid asymmetric session struct");
+ return -EINVAL;
+ }
+
+ if (rte_mempool_get(mempool, &asym_sess_private_data)) {
+ CDEV_LOG_ERR(
+ "Couldn't get object from session mempool");
+ return -ENOMEM;
+ }
+
+ ret = openssl_set_asym_session_parameters(asym_sess_private_data,
+ xform);
+ if (ret != 0) {
+ OPENSSL_LOG(ERR, "failed configure session parameters");
+
+ /* Return session to mempool */
+ rte_mempool_put(mempool, asym_sess_private_data);
+ return ret;
+ }
+
+ set_asym_session_private_data(sess, dev->driver_id,
+ asym_sess_private_data);
+
+ return 0;
+}
/** Clear the memory of session so it doesn't leave key material behind */
static void
@@ -717,6 +1002,50 @@ openssl_pmd_sym_session_clear(struct rte_cryptodev *dev,
}
}
+static void openssl_reset_asym_session(struct openssl_asym_session *sess)
+{
+ switch (sess->xfrm_type) {
+ case RTE_CRYPTO_ASYM_XFORM_RSA:
+ if (sess->u.r.rsa)
+ RSA_free(sess->u.r.rsa);
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_MODEX:
+ if (sess->u.e.ctx) {
+ BN_CTX_end(sess->u.e.ctx);
+ BN_CTX_free(sess->u.e.ctx);
+ }
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_MODINV:
+ if (sess->u.m.ctx) {
+ BN_CTX_end(sess->u.m.ctx);
+ BN_CTX_free(sess->u.m.ctx);
+ }
+ break;
+ default:
+ break;
+ }
+}
+
+/** Clear the memory of asymmetric session
+ * so it doesn't leave key material behind
+ */
+static void
+openssl_pmd_asym_session_clear(struct rte_cryptodev *dev,
+ struct rte_cryptodev_asym_session *sess)
+{
+ uint8_t index = dev->driver_id;
+ void *sess_priv = get_asym_session_private_data(sess, index);
+
+ /* Zero out the whole structure */
+ if (sess_priv) {
+ openssl_reset_asym_session(sess_priv);
+ memset(sess_priv, 0, sizeof(struct openssl_asym_session));
+ struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+ set_asym_session_private_data(sess, index, NULL);
+ rte_mempool_put(sess_mp, sess_priv);
+ }
+}
+
struct rte_cryptodev_ops openssl_pmd_ops = {
.dev_configure = openssl_pmd_config,
.dev_start = openssl_pmd_start,
@@ -733,8 +1062,11 @@ struct rte_cryptodev_ops openssl_pmd_ops = {
.queue_pair_count = openssl_pmd_qp_count,
.sym_session_get_size = openssl_pmd_sym_session_get_size,
+ .asym_session_get_size = openssl_pmd_asym_session_get_size,
.sym_session_configure = openssl_pmd_sym_session_configure,
- .sym_session_clear = openssl_pmd_sym_session_clear
+ .asym_session_configure = openssl_pmd_asym_session_configure,
+ .sym_session_clear = openssl_pmd_sym_session_clear,
+ .asym_session_clear = openssl_pmd_asym_session_clear
};
struct rte_cryptodev_ops *rte_openssl_pmd_ops = &openssl_pmd_ops;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index 29fcb76..0ebe596 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -8,6 +8,7 @@
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/des.h>
+#include <openssl/rsa.h>
#define CRYPTODEV_NAME_OPENSSL_PMD crypto_openssl
/**< Open SSL Crypto PMD device name */
@@ -142,6 +143,24 @@ struct openssl_session {
} __rte_cache_aligned;
+/** OPENSSL crypto private asymmetric session structure */
+struct openssl_asym_session {
+ enum rte_crypto_asym_xform_type xfrm_type;
+ union {
+ struct rsa {
+ RSA *rsa;
+ } r;
+ struct exp {
+ BIGNUM *exp;
+ BIGNUM *mod;
+ BN_CTX *ctx;
+ } e;
+ struct mod {
+ BIGNUM *modulus;
+ BN_CTX *ctx;
+ } m;
+ } u;
+} __rte_cache_aligned;
/** Set and validate OPENSSL crypto session parameters */
extern int
openssl_set_session_parameters(struct openssl_session *sess,
--
2.9.5