Hi Bala,

>> Is DPDK has any supported API’s do to the SSL handshake

Yes.

Of course DPDK by itself will not be able to process full TLS handshake, but some of the necessary parts are there.

For key exchange one can use:

RTE_CRYPTO_ASYM_XFORM_DH

RTE_CRYPTO_ASYM_XFORM_ECDH

RTE_CRYPTO_ASYM_XFORM_ECPM

RTE_CRYPTO_ASYM_XFORM_ECFPM

Of course there is the RSA, but not supported for KE since TLS1.3.

For digital signatures:

RTE_CRYPTO_ASYM_XFORM_ECDSA

RTE_CRYPTO_ASYM_XFORM_RSA

>> store the session key which can be used to decrypt or encrypt the packets

This will be done by the driver in private session data, as this is the session key.

>> Is ECDH is supported in opnessl PMD.

Currently unfortunately it is not.

Thanks,

Arek

From: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>
Sent: Tuesday, December 20, 2022 7:47 AM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
Cc: users@dpdk.org
Subject: Queries on OPENSSL PMD

Hi Arik,

In openssl PMD I could see the API’s for encrypt and decrypt which is accept the key and iv and do the specified operation.

I have few queries on how to get those keys suppose if, we are creating SSL/TLS session .

Is DPDK has any supported API’s do to the SSL handshake and store the session key which can be used to decrypt or encrypt the packets.

Is ECDH is supported in opnessl PMD.

Regards,

Bala