From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0084.outbound.protection.outlook.com [104.47.40.84]) by dpdk.org (Postfix) with ESMTP id 07F991B6BC for ; Wed, 16 May 2018 08:06:11 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gCIIc/AiKA+NfpzF1PSRPPzzU1QiliR1Dd+W6AB9Ft0=; b=GXtlQ5y+tF/kgsVAKK6HHl/IZaGm9Qp6UrE7bNyFb5v2ENpFsWfVaMDY7KVksjqX/ukudIFb6/N/cxzv1uPTiHToE5N641YuNGEsqU0A+bDRT7N1BCBZkVcJZHANcZ2CuWXnrir56JMsNpxg5ViTwz14bK0mUTjvRTNwx7i2mK0= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Shally.Verma@cavium.com; Received: from hyd1sverma-dt.caveonetworks.com (115.113.156.2) by DM5PR0701MB3637.namprd07.prod.outlook.com (2603:10b6:4:7d::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.755.16; Wed, 16 May 2018 06:06:07 +0000 From: Shally Verma To: pablo.de.lara.guarch@intel.com Cc: fiona.trahe@intel.com, akhil.goyal@nxp.com, dev@dpdk.org, pathreya@caviumnetworks.com, Sunila Sahu , Ashish Gupta Date: Wed, 16 May 2018 11:35:12 +0530 Message-Id: <1526450713-17299-6-git-send-email-shally.verma@caviumnetworks.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1526450713-17299-1-git-send-email-shally.verma@caviumnetworks.com> References: <1526450713-17299-1-git-send-email-shally.verma@caviumnetworks.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [115.113.156.2] X-ClientProxiedBy: PN1PR0101CA0047.INDPRD01.PROD.OUTLOOK.COM (2603:1096:c00:c::33) To DM5PR0701MB3637.namprd07.prod.outlook.com (2603:10b6:4:7d::38) X-MS-PublicTrafficType: Email X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DM5PR0701MB3637; X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 3:sKODuGYublMjQzhcmz1F2AQL+ZQ2SSkbxX/IVPlNPbZ5aSHDEsWWOK8uZTn8TRgfU4HKYZXmbkUSZfACr7lX5wE+90jWaQmo6aaAARv7Rw/srSv51ulIwbwaBeyrkOLdIxcE7e4Xg92gyv+xmENLGbfkJYAopWgc2SqJwr1C6xTDlB0RvDLLmf8teXSOktA9Vt7vBHJ8YMgYxLQgOO/BvA8/GfEGidyiJYN7EhrSDNhSe9l1cA5MjSAf+mkHC9mP; 25:n7hSv45mWSpf0bEgKYzbaNVZ8kj+xDMo4hxfKmlCYfSarnykWZSs1xJA7TVq1Ya4FPNwAzfnCIkA2q+PgHBvfqFfyPNRHAii5xdZlHqi/2J29RiW8RwC2h3untZ+aglOmTylgjZ1jFPH2Q3NmV/QMSV6UXMu4Eo/GCfXi9FuwtN9PYTyOcJAUJv98f0y/6a7rJn5voQog7tfYt8oaXmo7Vntu0Wu5II485owbzaTnUS4lVwOOjlM/pmLsQzqo922rPLi7va5nJ9uvw1wbjDO6BbCMcBqqLHjSLJ3MA8TUWzh1rCu4C4Kb75KnLepLOPqfE4JBuYPO7s1O/DGm9YafQ==; 31:jRJG0Cai9+HJFAAIODzthr6gxc6m8B//3s9EYlbtDyKxz7KwUjzvd/8U99pV30705aczwJzmu4t3nLRqCU2JGRLdcPcXKAd2geh3NklWX9bSOlIBxfk021yZ/n/0mDxVlCkjBu7iy7ZxLdHm5Po0UyMOCo6mEasH5iGOSgIsJeF5yC4wHBYf5haPz/jMBJ5dnjFgt39AStzFUMbAP44D76jUnJWcj9cIsVNwk6ZK8Gk= X-MS-TrafficTypeDiagnostic: DM5PR0701MB3637: X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 20:Cho7Uc6yCsq0twBkPbsJbarKgypoShzvgp5qqtktmf6RcOqsq0SevVTB668hZIqauwexumjn1XfrwiDVfQf9Dyr/sUEPuGMDkj0bwlVb0sJt3Im26reopvO/AkCJt4S9f9DP/FKJCyXwhRsOzMuC9CrEDlqEiuTCscPXHbpOmALD/KL2XonIzNwQ1w2oQ/KGbrYNQEfTsi+mM39iAIEE1lnMtq2YklcVNLKz3tP0qsh8eGB8FKqQvG8AV1exUwrMrii2zFLjBjo6W1D2k/nkF7AvsyFH9do1HWp474NE4AmFxwHuE7RBEh4upHAlguhEcl/5YedtboRcdDguIak/82mb57SHk2bC5sUrhpStb1f6D7dRy6jk5odqLmMl/pKEXR/AZA7uYw/iWUhcX+3gI/dBd7D4qYjxPGaFgCwbOZkhkQqCtD6LXzPv2zKRJA09zo5aY22YLa184eMcEJx9pT/1ZGqxe/dB01+rU/YiVT/yU9uqo0qBAfPcJq2MHGLZjhG1Ab361MduFYMweCVan3C8KBQq8jbom9KNS4Mwgd9m9xIBuWi/JcK5C0iQnEiWRQUl8WvA1FfEz39kpntSW2biu5fLpe1jQlh5a9hhV6c=; 4:cW85ZoVyn3IGKv5xVAAxowZjqIFr17rPYLc5zGJDoPTiLAbzIJaFVateTowwFdb3SmIVzl2QWDsmjiCNxt7A+bPoJ9IMq0u9b3J8S8ciGMGZ9RSOxkMwhaSlZEzdnWE9ehH5W+OQKDqqpkZAvLP8MnXX1DT1UkDC1r8wUxz6TYOzB5adSlMd8bhFAus4ISNm/3prFCynblb5CaDXlROnBxfcT5KGODpNX6K3YoPwTRSnPFL9yl4ER13UzJlI+EOAdKoqCeUBljcombiLWZj+OQ== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231254)(944501410)(52105095)(93006095)(3002001)(10201501046)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(6072148)(201708071742011); SRVR:DM5PR0701MB3637; BCL:0; PCL:0; RULEID:; SRVR:DM5PR0701MB3637; X-Forefront-PRVS: 0674DC6DD3 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(346002)(376002)(396003)(39380400002)(366004)(39860400002)(189003)(199004)(76176011)(6486002)(7736002)(305945005)(42882007)(106356001)(105586002)(3846002)(6116002)(8656006)(53416004)(6666003)(47776003)(2351001)(2361001)(59450400001)(66066001)(6506007)(386003)(6512007)(55236004)(16526019)(8676002)(54906003)(51416003)(52116002)(50226002)(186003)(69596002)(81166006)(16586007)(316002)(26005)(6916009)(81156014)(107886003)(5660300001)(8936002)(53936002)(36756003)(48376002)(50466002)(25786009)(478600001)(575784001)(956004)(72206003)(97736004)(476003)(11346002)(446003)(486006)(4326008)(2906002)(44832011)(68736007)(2616005); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR0701MB3637; H:hyd1sverma-dt.caveonetworks.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR0701MB3637; 23:r2myLHw8eNmz3tvEp1yXTFTO3HmntnMt3ySrUpJ?= =?us-ascii?Q?ZmpPcGs5kC7pTOL3f0WkgFsbYyI6n55I6SHX+DkGGjfh/4wiANZE+RaTUE4G?= =?us-ascii?Q?XBshpkGRkFm3+tAQhdyBCzE+ALMLmSsIP8gIinWQAK0cIWVVHkRh08o7rt4b?= =?us-ascii?Q?/KwpyVXPmwMqHHfEpRHAlMc9h5FqPIXF/e6i7nGaFLXskIEJ6Zj3JmHqiPfH?= =?us-ascii?Q?zQoDgR+YW1JtigDqNFRuw+wYWftQ4kiqOIl1+U7HFouzIzRqv99FLfCOYEmr?= =?us-ascii?Q?EyIhWs8MYI1lcBI4yHauUrDDLCAMT4ljLT1HUGjO2Mwizk6vG5fKuaOlZuiW?= =?us-ascii?Q?M6Q++pkPXraAKaNTtlUgaoFUnJXa0COSddut+17+OpPBU4RDkWCfoGrKsINh?= =?us-ascii?Q?0R3+wg0H5t/xLVRw4NY/A+wQuaCJqtSw2+tPYbj7qWMCKZGQuKjepzi+hAGA?= =?us-ascii?Q?VhnOvAFiModM2rjQbleJcQoi9SMZbgRlizXWEP0JASWXNBzs7XiVHo7+MmsA?= =?us-ascii?Q?bQk+zMMVALWq70mBrzAF6/gSGKELGUTRyx24Z+g1oN5Od1ytwyDWKmabU60x?= =?us-ascii?Q?dbg5FOhlOAEZ5a4I9EKB7BhoVTKcKITGeVQXNF/MoMTeZLO86oJ0EY6pn5bA?= =?us-ascii?Q?A3vCF1r/8o9XYs67QSeyjw/tXnHhQdVkvh6BH58eSHjZ+b8b4u9Ghcp0A5BZ?= =?us-ascii?Q?i6tBdgq2y8aGNQJueNaPVm5njAmL9bWGjjxCxvzIzYnOvaalxmzqbpQrKXkw?= =?us-ascii?Q?wee50ies6kQ4diKl7b/QTdG7gzK3i0N0gbpfKh/mLb6/+ew1SkzxT7d2QD4a?= =?us-ascii?Q?xd1sRAtrabxFJyWMlCkeJ2w2zR2CGdwnNP8LYzDk/8IsL5z7LQjigxh3KKcs?= =?us-ascii?Q?8PAve+od+2bLxd/gXdXvzVvg49wf/mBkgong/vcogbiBbISqFBRNRWyJpqQ7?= =?us-ascii?Q?gJRRIe1Cd6MEeXVENDueXEHAJ34wiXwMKUcBk9KZxaEownaYsSrte4JzWh/+?= =?us-ascii?Q?Xh57U+EZHihIJdHcDedljPCu1OAhSlXup0PHAmgifw/m+CUgA1tZy2sKs6oG?= =?us-ascii?Q?G28EH0yRZWVwbkv9B+g/uQ5Ursjay3UcQTgXD0XPtSHflmtOhRG2JbBVrYCn?= =?us-ascii?Q?7PNoeqkdYqP2807s7enx/dbTI3lCACoM8IJtXZ9Hh1kK2aRd8N8Bsc+VMAGH?= =?us-ascii?Q?z2e6ma1/Ijof0L0KeELsy4xEXdID8EbmyJWKoaJsG5+0qU2Bux8ybDBdEnhO?= =?us-ascii?Q?gHukNKExyzlbtoKHrR2NXwd4+2kwAkr+XIcKe86Ob1wM1vzoAv9DMvDMMjZu?= =?us-ascii?Q?LZuAiN2TAmRfVJlq6BlvPORuJA8DQ4pT1uI23pkvngntnpZmHB0jwYNUYIQ2?= =?us-ascii?Q?UmHIyfpWktwEJ/qLsbi25sRobLWqLyteXHkjRdOpBh7mcZwhhVOAKf5pFtS+?= =?us-ascii?Q?+EkMPm/27gLUFCJ27ChyPx/lWAXseMnc=3D?= X-Microsoft-Antispam-Message-Info: jf/l/U40Mw8o1oLqEwTg5HxQFBz5ZjpV5dzzSdEOG8gyh8ioCQEug+edGlBrvq2sbvGjvJDcZ4FPXC9d+zhoFi+Hr9InxmO7nSZfX/Uo1WjaVpOmFO09xFe/foiT9Ddk4OPbFdI3NVx2Es01UFWtYpqZIu3iCABwSvTAeGkLC/a4msLkTPNccPHwlQgZw05F X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 6:mS6tQnr8p4YMYhQW+7RY55t9WBC7xXKpkFmwhqXVEJF0mtbUy9tTvPIk09jVKE0DP2dFHuI0gzDk8F4QLV+6LJDJkZNICKbeU0CUxDG4BQbcWLbhBnbPte8x0ZN6oBDWIM4m7UHu9de1GS3W59GVp49A+LLHEhbIJjrJWd4gGAAlQyXTNJ3a9CQOLOVoyQy9zCEcmA/azBhzmbEXYASY9MeFnGg3iU/WMwlOWcY4x4ONOxY36oHlfKYbFbhbAaUw2a49GwiWJX9bdEYbo7IXROQyNVVIHr8F8SzCPDYeJf5+AEkVhP5sN5LU8av9zUro33mWVWY/9V4VxmC3Nq+wOhZtqq4ZfSI6eoELy7e0DmGIlJ0Q3mq9o6tPrZOhRbtHIfrKEScF42APO6PPJPnrZ8BuxNNS5rQAVYiHocFZC79FCUE+da27njWGnOhz2xl4ewu7mZJIw6W+DzlG5PZ8OA==; 5:Vm8+OMDjHtoQBr2YMnnxBJ1XwWSAvqtfeXKdEz/AYFnwF6SY8iBaOQMu5Guu3RGr6dVWgXoqA8LaMKRNTVmDjzCYD4q1PEbX78ZOfJhT06vd7CGM9/m+HYmWVENDy454Ww35Zsh4QwSRIX8WDsdJExrrFe60M7O5oDF0zQi9E+Q=; 24:EJ2YnOAdwb/UIsxH2ve2axCsvaVrmhIOiQ0trNhMjlVTgJyKB1j42Vk69i26FYXPWMk+sZ69OtowipdwMfDqaYuzwBbTbZsFuCvuPuTKmv0= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 7:J9tVJuukxl9eXZiq+jXe1/f2rzbVb17E5rYCNIDKx2kpFP7GZc3tqDzjdr6z4aYbMWJTmP6xAoEcZNmwVHhUeT+ylk/qX08CpGe/fXLOdbU+Xd7BEhwSEanR176SzBsSTSS2MVfab2mzk2QCMwBdJTvIjlrYU76rK4mTuLXtjqGtAzolcxnlVHjTeBzE/HmC1UfWzBsrdjsd3ZWdKi98y34UZbSF/BzDNcIxM3McBAstXPxfDbIdQTeP8Px5eaZC X-MS-Office365-Filtering-Correlation-Id: 708a43a2-a774-4857-0901-08d5baf31ea1 X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2018 06:06:07.1950 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 708a43a2-a774-4857-0901-08d5baf31ea1 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0701MB3637 Subject: [dpdk-dev] [PATCH v3 5/6] crypto/openssl: add asym crypto support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 May 2018 06:06:12 -0000 Add asymmetric crypto operation support in openssl PMD. Current list of supported asym xforms: * RSA * DSA * Deffie-hellman * Modular Operations changes from v2: - Update the pmd capability as per new capability structure changes from v1: - resolve new line error in dod/guides/cryptodevs/openssl.rst Signed-off-by: Shally Verma Signed-off-by: Sunila Sahu Signed-off-by: Ashish Gupta --- doc/guides/cryptodevs/features/openssl.ini | 11 + doc/guides/cryptodevs/openssl.rst | 1 + drivers/crypto/openssl/rte_openssl_pmd.c | 377 ++++++++++++++++++++- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 395 ++++++++++++++++++++++- drivers/crypto/openssl/rte_openssl_pmd_private.h | 29 ++ 5 files changed, 801 insertions(+), 12 deletions(-) diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini index 691565865..bef5c7f79 100644 --- a/doc/guides/cryptodevs/features/openssl.ini +++ b/doc/guides/cryptodevs/features/openssl.ini @@ -7,6 +7,7 @@ Symmetric crypto = Y Sym operation chaining = Y Mbuf scatter gather = Y +Asymmetric crypto = Y ; ; Supported crypto algorithms of the 'openssl' crypto driver. @@ -49,3 +50,13 @@ AES GCM (256) = Y AES CCM (128) = Y AES CCM (192) = Y AES CCM (256) = Y + +; +; Supported Asymmetric algorithms of the 'openssl' crypto driver. +; +[Asymmetric] +RSA = Y +DSA = Y +Modular Exponentiation = Y +Modular Inversion = Y +Deffie-hellman = Y diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst index 427fc807c..4f90be888 100644 --- a/doc/guides/cryptodevs/openssl.rst +++ b/doc/guides/cryptodevs/openssl.rst @@ -80,6 +80,7 @@ crypto processing. Test name is cryptodev_openssl_autotest. For performance test cryptodev_openssl_perftest can be used. +For asymmetric crypto operations testing, run cryptodev_openssl_asym_autotest To verify real traffic l2fwd-crypto example can be used with this command: diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index f584d0d6f..527e42773 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -727,19 +727,35 @@ openssl_reset_session(struct openssl_session *sess) } /** Provide session for operation */ -static struct openssl_session * +static void * get_session(struct openssl_qp *qp, struct rte_crypto_op *op) { struct openssl_session *sess = NULL; + struct openssl_asym_session *asym_sess = NULL; if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { - /* get existing session */ - if (likely(op->sym->session != NULL)) - sess = (struct openssl_session *) - get_session_private_data( - op->sym->session, - cryptodev_driver_id); + if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { + /* get existing session */ + if (likely(op->sym->session != NULL)) + sess = (struct openssl_session *) + get_session_private_data( + op->sym->session, + cryptodev_driver_id); + } else { + if (likely(op->asym->session != NULL)) + asym_sess = (struct openssl_asym_session *) + get_asym_session_private_data( + op->asym->session, + cryptodev_driver_id); + if (asym_sess == NULL) + op->status = + RTE_CRYPTO_OP_STATUS_INVALID_SESSION; + return asym_sess; + } } else { + if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) + return NULL; /* sessionless asymmetric not supported */ + /* provide internal session */ void *_sess = NULL; void *_sess_private_data = NULL; @@ -1525,6 +1541,341 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, op->status = RTE_CRYPTO_OP_STATUS_ERROR; } +static int process_openssl_modinv_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + struct rte_crypto_asym_op *op = cop->asym; + BIGNUM *base = BN_CTX_get(sess->u.m.ctx); + BIGNUM *res = BN_CTX_get(sess->u.m.ctx); + + if (unlikely(base == NULL || res == NULL)) { + if (base) + BN_free(base); + if (res) + BN_free(res); + cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + return -1; + } + + base = BN_bin2bn((const unsigned char *)op->modinv.base.data, + op->modinv.base.length, base); + + if (BN_mod_inverse(res, base, sess->u.m.modulus, sess->u.m.ctx)) { + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + op->modinv.base.length = BN_bn2bin(res, op->modinv.base.data); + } else { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + } + + return 0; +} + +static int process_openssl_modexp_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + struct rte_crypto_asym_op *op = cop->asym; + BIGNUM *base = BN_CTX_get(sess->u.e.ctx); + BIGNUM *res = BN_CTX_get(sess->u.e.ctx); + + if (unlikely(base == NULL || res == NULL)) { + if (base) + BN_free(base); + if (res) + BN_free(res); + cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + return -1; + } + + base = BN_bin2bn((const unsigned char *)op->modinv.base.data, + op->modinv.base.length, base); + + if (BN_mod_exp(res, base, sess->u.e.exp, + sess->u.e.mod, sess->u.e.ctx)) { + op->modinv.base.length = BN_bn2bin(res, op->modinv.base.data); + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + } else { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + } + + return 0; +} + +/* process rsa operations */ +static int process_openssl_rsa_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + int ret = 0; + struct rte_crypto_asym_op *op = cop->asym; + RSA *rsa = sess->u.r.rsa; + uint32_t pad = (op->rsa.pad); + + switch (pad) { + case RTE_CRYPTO_RSA_PKCS1_V1_5_BT1: + case RTE_CRYPTO_RSA_PKCS1_V1_5_BT2: + pad = RSA_PKCS1_PADDING; + break; + case RTE_CRYPTO_RSA_PADDING_PSS: + pad = RSA_PKCS1_PSS_PADDING; + /* fall through */ + case RTE_CRYPTO_RSA_PADDING_OAEP: + pad = RSA_PKCS1_OAEP_PADDING; + /* fall through */ + default: + pad = RSA_NO_PADDING; + break; + } + + switch (op->rsa.op_type) { + case RTE_CRYPTO_ASYM_OP_ENCRYPT: + ret = RSA_public_encrypt(op->rsa.message.length, + op->rsa.message.data, + op->rsa.message.data, + rsa, + pad); + + op->rsa.message.length = ret; + OPENSSL_LOG_DBG("length of encrypted text %d\n", ret); + break; + + case RTE_CRYPTO_ASYM_OP_DECRYPT: + ret = RSA_private_decrypt(op->rsa.message.length, + op->rsa.message.data, + op->rsa.message.data, + rsa, + pad); + op->rsa.message.length = ret; + break; + + case RTE_CRYPTO_ASYM_OP_SIGN: + ret = RSA_private_encrypt(op->rsa.message.length, + op->rsa.message.data, + op->rsa.sign.data, + rsa, + pad); + op->rsa.sign.length = ret; + break; + + case RTE_CRYPTO_ASYM_OP_VERIFY: + ret = RSA_public_decrypt(op->rsa.sign.length, + op->rsa.sign.data, + op->rsa.sign.data, + rsa, + pad); + + OPENSSL_LOG_DBG( + "Length of public_decrypt %d length of message %d\n", + ret, op->rsa.message.length); + + if (memcmp(op->rsa.sign.data, op->rsa.message.data, + op->rsa.message.length)) { + OPENSSL_LOG_ERR("RSA sign Verification failed"); + ret = -1; + } + break; + default: + /* allow ops with invalid args to be pushed to + * completion queue + */ + cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + break; + } + + if (ret < 0) { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + ret = 0; + } + + ret = 0; + return ret; +} + +static int +process_openssl_dh_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + struct rte_crypto_dh_op_param *op = &cop->asym->dh; + DH *dh_key = sess->u.dh.dh_key; + + if (sess->u.dh.key_op & + (1 << RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE)) { + BIGNUM *peer_key = NULL; + + /* copy private key and peer key and compute shared secret */ + peer_key = BN_bin2bn(op->pub_key.data, + op->pub_key.length, + peer_key); + if (peer_key == NULL) { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + return 0; + } + dh_key->priv_key = BN_bin2bn(op->priv_key.data, + op->priv_key.length, + dh_key->priv_key); + op->shared_secret.length = DH_compute_key( + op->shared_secret.data, + peer_key, dh_key); + if (!(op->shared_secret.length)) { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + BN_free(peer_key); + return 0; + } + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + BN_free(peer_key); + return 0; + } + + if ((sess->u.dh.key_op & + (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) && + !(sess->u.dh.key_op & + (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE))) { + /* generate public key using user-pass private key */ + dh_key->priv_key = BN_bin2bn(op->priv_key.data, + op->priv_key.length, + dh_key->priv_key); + if (dh_key->priv_key == NULL) { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + return 0; + } + } + + /* generate public and private key pair */ + if (!DH_generate_key(dh_key)) { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + return 0; + } + + if (sess->u.dh.key_op & + (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE)) { + OPENSSL_LOG_DBG("%s:%d updated priv key\n", + __func__, __LINE__); + + op->priv_key.length = BN_bn2bin(dh_key->priv_key, + op->priv_key.data); + } + + if (sess->u.dh.key_op & (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) { + OPENSSL_LOG_DBG("%s:%d update public key\n", + __func__, __LINE__); + + op->pub_key.length = BN_bn2bin(dh_key->pub_key, + op->pub_key.data); + } + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + + return 0; +} + +static int +process_openssl_dsa_sign_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + struct rte_crypto_dsa_op_param *op = &cop->asym->dsa; + DSA *dsa = sess->u.s.dsa; + DSA_SIG *sign; + + sign = DSA_do_sign(op->message.data, + op->message.length, + dsa); + + if (sign == NULL) { + OPENSSL_LOG_ERR("%s:%d\n", __func__, __LINE__); + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + } else { + op->r.length = BN_bn2bin(sign->r, op->r.data); + op->s.length = BN_bn2bin(sign->s, op->s.data); + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + } + + DSA_SIG_free(sign); + return 0; +} + +static int +process_openssl_dsa_verify_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + struct rte_crypto_dsa_op_param *op = &cop->asym->dsa; + DSA *dsa = sess->u.s.dsa; + int ret; + DSA_SIG *sign = DSA_SIG_new(); + + if (sign == NULL) { + OPENSSL_LOG_ERR(" %s:%d\n", __func__, __LINE__); + return -1; + } + + sign->r = BN_bin2bn(op->r.data, + op->r.length, + sign->r); + sign->s = BN_bin2bn(op->s.data, + op->s.length, + sign->s); + + dsa->pub_key = BN_bin2bn(op->y.data, + op->y.length, + dsa->pub_key); + + ret = DSA_do_verify(op->message.data, + op->message.length, + sign, + dsa); + + if (ret != 1) + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + else + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + + DSA_SIG_free(sign); + + return 0; +} + + +static int +process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op, + struct openssl_asym_session *sess) +{ + int retval = 0; + + op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + + switch (sess->xfrm_type) { + case RTE_CRYPTO_ASYM_XFORM_RSA: + retval = process_openssl_rsa_op(op, sess); + break; + case RTE_CRYPTO_ASYM_XFORM_MODEX: + retval = process_openssl_modexp_op(op, sess); + break; + case RTE_CRYPTO_ASYM_XFORM_MODINV: + retval = process_openssl_modinv_op(op, sess); + break; + case RTE_CRYPTO_ASYM_XFORM_DH: + retval = process_openssl_dh_op(op, sess); + break; + case RTE_CRYPTO_ASYM_XFORM_DSA: + if (op->asym->dsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) + retval = process_openssl_dsa_sign_op(op, sess); + else if (op->asym->dsa.op_type == RTE_CRYPTO_ASYM_OP_VERIFY) + retval = process_openssl_dsa_verify_op(op, sess); + else + op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + break; + default: + op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + break; + } + if (!retval) { + /* op processed so push to completion queue as processed */ + retval = rte_ring_enqueue(qp->processed_ops, (void *)op); + if (retval) + /* return error if failed to put in completion queue */ + retval = -1; + } + + return retval; +} + + /** Process crypto operation for mbuf */ static int process_op(struct openssl_qp *qp, struct rte_crypto_op *op, @@ -1597,7 +1948,7 @@ static uint16_t openssl_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops, uint16_t nb_ops) { - struct openssl_session *sess; + void *sess; struct openssl_qp *qp = queue_pair; int i, retval; @@ -1606,7 +1957,12 @@ openssl_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops, if (unlikely(sess == NULL)) goto enqueue_err; - retval = process_op(qp, ops[i], sess); + if (ops[i]->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) + retval = process_op(qp, ops[i], + (struct openssl_session *) sess); + else + retval = process_asym_op(qp, ops[i], + (struct openssl_asym_session *) sess); if (unlikely(retval < 0)) goto enqueue_err; } @@ -1660,7 +2016,8 @@ cryptodev_openssl_create(const char *name, dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | RTE_CRYPTODEV_FF_CPU_AESNI | - RTE_CRYPTODEV_FF_MBUF_SCATTER_GATHER; + RTE_CRYPTODEV_FF_MBUF_SCATTER_GATHER | + RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO; /* Set vector instructions mode supported */ internals = dev->data->dev_private; diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 1cb87d59a..76f7410cb 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -469,6 +469,105 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, } }, + { /* RSA */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xfrm_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, + .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | + (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | + (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | + (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), + { + .modlen = { + /* min length is based on openssl rsa keygen */ + .min = 30, + /* value 0 symbolizes no limit on max length */ + .max = 0, + .increment = 1 + }, } + } + }, + } + }, + { /* modexp */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xfrm_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX, + .op_types = 0, + { + .modlen = { + /* min length is based on openssl rsa keygen */ + .min = 0, + /* value 0 symbolizes no limit on max length */ + .max = 0, + .increment = 1 + }, } + } + }, + } + }, + { /* modinv */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xfrm_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV, + .op_types = 0, + { + .modlen = { + /* min length is based on openssl rsa keygen */ + .min = 0, + /* value 0 symbolizes no limit on max length */ + .max = 0, + .increment = 1 + }, } + } + }, + } + }, + { /* dh */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xfrm_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_DH, + .op_types = + ((1<data->nb_queue_pairs; } -/** Returns the size of the session structure */ +/** Returns the size of symmetric session structure */ static unsigned openssl_pmd_session_get_size(struct rte_cryptodev *dev __rte_unused) { return sizeof(struct openssl_session); } +/** Returns the size of the session structure */ +static unsigned +openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused) +{ + return sizeof(struct openssl_asym_session); +} + /** Configure the session from a crypto xform chain */ static int openssl_pmd_session_configure(struct rte_cryptodev *dev __rte_unused, @@ -713,6 +819,236 @@ openssl_pmd_session_configure(struct rte_cryptodev *dev __rte_unused, return 0; } +static int openssl_set_asym_session_parameters( + struct openssl_asym_session *asym_session, + struct rte_crypto_asym_xform *xform) +{ + + if ((xform->xform_type != RTE_CRYPTO_ASYM_XFORM_DH) && + (xform->next != NULL)) { + OPENSSL_LOG_ERR("chained xfrms are not supported on %s", + rte_crypto_asym_xform_strings[xform->xform_type]); + return -1; + } + + switch (xform->xform_type) { + case RTE_CRYPTO_ASYM_XFORM_RSA: + { + struct rte_crypto_rsa_xform *xfrm = &(xform->rsa); + asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA; + + RSA *rsa = RSA_new(); + if (rsa == NULL) + return -1; + /* copy xfrm data into rsa struct */ + rsa->n = BN_bin2bn((const unsigned char *)xfrm->n.data, + xfrm->n.length, rsa->n); + rsa->e = BN_bin2bn((const unsigned char *)xfrm->e.data, + xfrm->e.length, rsa->e); + if (xfrm->key_type == RTE_RSA_KEY_TYPE_EXP) { + rsa->d = BN_bin2bn((const unsigned char *)xfrm->d.data, + xfrm->d.length, + rsa->d); + } else { + rsa->p = BN_bin2bn( + (const unsigned char *)xfrm->qt.p.data, + xfrm->qt.p.length, + rsa->p); + rsa->q = BN_bin2bn( + (const unsigned char *)xfrm->qt.q.data, + xfrm->qt.q.length, + rsa->q); + rsa->dmp1 = BN_bin2bn( + (const unsigned char *)xfrm->qt.dP.data, + xfrm->qt.dP.length, + rsa->dmp1); + rsa->dmq1 = BN_bin2bn( + (const unsigned char *)xfrm->qt.dQ.data, + xfrm->qt.dQ.length, + rsa->dmq1); + rsa->iqmp = BN_bin2bn( + (const unsigned char *) + xfrm->qt.qInv.data, + xfrm->qt.qInv.length, + rsa->iqmp); + } + asym_session->u.r.rsa = rsa; + break; + } + case RTE_CRYPTO_ASYM_XFORM_MODEX: + { + struct rte_crypto_modex_xform *xfrm = &(xform->modex); + + asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODEX; + + BN_CTX *ctx = BN_CTX_new(); + if (ctx == NULL) { + OPENSSL_LOG_ERR(" failed to allocate resources\n"); + return -1; + } + BN_CTX_start(ctx); + BIGNUM *mod = BN_CTX_get(ctx); + BIGNUM *exp = BN_CTX_get(ctx); + if (mod == NULL || exp == NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return -1; + } + mod = BN_bin2bn((const unsigned char *)xfrm->modulus.data, + xfrm->modulus.length, mod); + exp = BN_bin2bn((const unsigned char *)xfrm->exponent.data, + xfrm->exponent.length, exp); + asym_session->u.e.ctx = ctx; + asym_session->u.e.mod = mod; + asym_session->u.e.exp = exp; + break; + } + case RTE_CRYPTO_ASYM_XFORM_MODINV: + { + struct rte_crypto_modinv_xform *xfrm = &(xform->modinv); + + asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV; + + BN_CTX *ctx = BN_CTX_new(); + if (ctx == NULL) { + OPENSSL_LOG_ERR(" failed to allocate resources\n"); + return -1; + } + BN_CTX_start(ctx); + BIGNUM *mod = BN_CTX_get(ctx); + if (mod == NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return -1; + } + + mod = BN_bin2bn((const unsigned char *) + xfrm->modulus.data, + xfrm->modulus.length, + mod); + asym_session->u.m.ctx = ctx; + asym_session->u.m.modulus = mod; + break; + } + case RTE_CRYPTO_ASYM_XFORM_DH: + { + asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH; + + asym_session->u.dh.dh_key = DH_new(); + DH *dh = asym_session->u.dh.dh_key; + if (dh == NULL) { + OPENSSL_LOG_ERR(" failed to allocate resources\n"); + return -1; + } + + dh->p = BN_bin2bn((const unsigned char *) + xform->dh.p.data, + xform->dh.p.length, + dh->p); + + dh->g = BN_bin2bn((const unsigned char *) + xform->dh.g.data, + xform->dh.g.length, + dh->g); + + /* setup xfrom for + * public key generate, or + * DH Priv key generate, or both + * public and private key generate + */ + asym_session->u.dh.key_op = (1 << xform->dh.type); + + if (xform->dh.type == RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) { + /* check if next is pubkey */ + if ((xform->next != NULL) && + (xform->next->xform_type == + RTE_CRYPTO_ASYM_XFORM_DH) && + (xform->next->dh.type == + RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) { + /* setup op as pub/priv key pair generation */ + asym_session->u.dh.key_op |= + (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE); + } + } + break; + } + case RTE_CRYPTO_ASYM_XFORM_DSA: + { + asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA; + + asym_session->u.s.dsa = DSA_new(); + DSA *dsa = asym_session->u.s.dsa; + if (dsa == NULL) { + OPENSSL_LOG_ERR( + " failed to allocate resources\n"); + return -1; + } + + dsa->p = BN_bin2bn((const unsigned char *) + xform->dsa.p.data, + xform->dsa.p.length, + dsa->p); + + dsa->g = BN_bin2bn((const unsigned char *) + xform->dsa.g.data, + xform->dsa.g.length, + dsa->g); + + dsa->q = BN_bin2bn((const unsigned char *) + xform->dsa.q.data, + xform->dsa.q.length, + dsa->q); + + dsa->priv_key = BN_bin2bn((const unsigned char *) + xform->dsa.x.data, + xform->dsa.x.length, + dsa->priv_key); + + break; + } + default: + return -1; + } + + return 0; +} + +/** Configure the session from a crypto xform chain */ +static int +openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused, + struct rte_crypto_asym_xform *xform, + struct rte_cryptodev_asym_session *sess, + struct rte_mempool *mempool) +{ + void *asym_sess_private_data; + int ret; + + if (unlikely(sess == NULL)) { + OPENSSL_LOG_ERR("invalid asymmetric session struct"); + return -EINVAL; + } + + if (rte_mempool_get(mempool, &asym_sess_private_data)) { + CDEV_LOG_ERR( + "Couldn't get object from session mempool"); + return -ENOMEM; + } + + ret = openssl_set_asym_session_parameters(asym_sess_private_data, + xform); + if (ret != 0) { + OPENSSL_LOG_ERR("failed configure session parameters"); + + /* Return session to mempool */ + rte_mempool_put(mempool, asym_sess_private_data); + return ret; + } + + set_asym_session_private_data(sess, dev->driver_id, + asym_sess_private_data); + + return 0; +} /** Clear the memory of session so it doesn't leave key material behind */ static void @@ -732,6 +1068,58 @@ openssl_pmd_session_clear(struct rte_cryptodev *dev, } } +static void openssl_reset_asym_session(struct openssl_asym_session *sess) +{ + switch (sess->xfrm_type) { + case RTE_CRYPTO_ASYM_XFORM_RSA: + if (sess->u.r.rsa) + RSA_free(sess->u.r.rsa); + break; + case RTE_CRYPTO_ASYM_XFORM_MODEX: + if (sess->u.e.ctx) { + BN_CTX_end(sess->u.e.ctx); + BN_CTX_free(sess->u.e.ctx); + } + break; + case RTE_CRYPTO_ASYM_XFORM_MODINV: + if (sess->u.m.ctx) { + BN_CTX_end(sess->u.m.ctx); + BN_CTX_free(sess->u.m.ctx); + } + break; + case RTE_CRYPTO_ASYM_XFORM_DH: + if (sess->u.dh.dh_key) + DH_free(sess->u.dh.dh_key); + break; + case RTE_CRYPTO_ASYM_XFORM_DSA: + if (sess->u.s.dsa) + DSA_free(sess->u.s.dsa); + break; + default: + break; + } +} + +/** Clear the memory of asymmetric session + * so it doesn't leave key material behind + */ +static void +openssl_pmd_asym_session_clear(struct rte_cryptodev *dev, + struct rte_cryptodev_asym_session *sess) +{ + uint8_t index = dev->driver_id; + void *sess_priv = get_asym_session_private_data(sess, index); + + /* Zero out the whole structure */ + if (sess_priv) { + openssl_reset_asym_session(sess_priv); + memset(sess_priv, 0, sizeof(struct openssl_asym_session)); + struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + set_asym_session_private_data(sess, index, NULL); + rte_mempool_put(sess_mp, sess_priv); + } +} + struct rte_cryptodev_ops openssl_pmd_ops = { .dev_configure = openssl_pmd_config, .dev_start = openssl_pmd_start, @@ -750,8 +1138,11 @@ struct rte_cryptodev_ops openssl_pmd_ops = { .queue_pair_count = openssl_pmd_qp_count, .session_get_size = openssl_pmd_session_get_size, + .asym_session_get_size = openssl_pmd_asym_session_get_size, .session_configure = openssl_pmd_session_configure, - .session_clear = openssl_pmd_session_clear + .asym_session_configure = openssl_pmd_asym_session_configure, + .session_clear = openssl_pmd_session_clear, + .asym_session_clear = openssl_pmd_asym_session_clear }; struct rte_cryptodev_ops *rte_openssl_pmd_ops = &openssl_pmd_ops; diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h index bc8dc7cdc..ebc9dee53 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_private.h +++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h @@ -8,6 +8,10 @@ #include #include #include +#include +#include +#include + #define CRYPTODEV_NAME_OPENSSL_PMD crypto_openssl /**< Open SSL Crypto PMD device name */ @@ -157,6 +161,31 @@ struct openssl_session { } __rte_cache_aligned; +/** OPENSSL crypto private asymmetric session structure */ +struct openssl_asym_session { + enum rte_crypto_asym_xform_type xfrm_type; + union { + struct rsa { + RSA *rsa; + } r; + struct exp { + BIGNUM *exp; + BIGNUM *mod; + BN_CTX *ctx; + } e; + struct mod { + BIGNUM *modulus; + BN_CTX *ctx; + } m; + struct dh { + DH *dh_key; + uint32_t key_op; + } dh; + struct { + DSA *dsa; + } s; + } u; +} __rte_cache_aligned; /** Set and validate OPENSSL crypto session parameters */ extern int openssl_set_session_parameters(struct openssl_session *sess, -- 2.14.3