[dpdk-dev,v3,5/6] crypto/openssl: add asym crypto support
Checks
Commit Message
Add asymmetric crypto operation support in openssl PMD.
Current list of supported asym xforms:
* RSA
* DSA
* Deffie-hellman
* Modular Operations
changes from v2:
- Update the pmd capability as per new capability structure
changes from v1:
- resolve new line error in dod/guides/cryptodevs/openssl.rst
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>
---
doc/guides/cryptodevs/features/openssl.ini | 11 +
doc/guides/cryptodevs/openssl.rst | 1 +
drivers/crypto/openssl/rte_openssl_pmd.c | 377 ++++++++++++++++++++-
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 395 ++++++++++++++++++++++-
drivers/crypto/openssl/rte_openssl_pmd_private.h | 29 ++
5 files changed, 801 insertions(+), 12 deletions(-)
Comments
> -----Original Message-----
> From: Shally Verma [mailto:shally.verma@caviumnetworks.com]
> Sent: Wednesday, May 16, 2018 7:05 AM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> dev@dpdk.org; pathreya@caviumnetworks.com; Sunila Sahu
> <sunila.sahu@caviumnetworks.com>; Ashish Gupta
> <ashish.gupta@caviumnetworks.com>
> Subject: [PATCH v3 5/6] crypto/openssl: add asym crypto support
>
> Add asymmetric crypto operation support in openssl PMD.
> Current list of supported asym xforms:
> * RSA
> * DSA
> * Deffie-hellman
> * Modular Operations
>
> changes from v2:
> - Update the pmd capability as per new capability structure
>
> changes from v1:
> - resolve new line error in dod/guides/cryptodevs/openssl.rst
>
> Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
> Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
> Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>
> ---
> doc/guides/cryptodevs/features/openssl.ini | 11 +
> doc/guides/cryptodevs/openssl.rst | 1 +
> drivers/crypto/openssl/rte_openssl_pmd.c | 377 ++++++++++++++++++++-
> drivers/crypto/openssl/rte_openssl_pmd_ops.c | 395
> ++++++++++++++++++++++-
> drivers/crypto/openssl/rte_openssl_pmd_private.h | 29 ++
> 5 files changed, 801 insertions(+), 12 deletions(-)
>
> diff --git a/doc/guides/cryptodevs/features/openssl.ini
> b/doc/guides/cryptodevs/features/openssl.ini
> index 691565865..bef5c7f79 100644
> --- a/doc/guides/cryptodevs/features/openssl.ini
> +++ b/doc/guides/cryptodevs/features/openssl.ini
> @@ -7,6 +7,7 @@
> Symmetric crypto = Y
> Sym operation chaining = Y
> Mbuf scatter gather = Y
> +Asymmetric crypto = Y
>
> ;
> ; Supported crypto algorithms of the 'openssl' crypto driver.
> @@ -49,3 +50,13 @@ AES GCM (256) = Y
> AES CCM (128) = Y
> AES CCM (192) = Y
> AES CCM (256) = Y
> +
> +;
> +; Supported Asymmetric algorithms of the 'openssl' crypto driver.
> +;
> +[Asymmetric]
> +RSA = Y
> +DSA = Y
> +Modular Exponentiation = Y
> +Modular Inversion = Y
> +Deffie-hellman = Y
You need to add these parameters in default.ini file,
otherwise they are not shown when building the documentation.
> diff --git a/doc/guides/cryptodevs/openssl.rst
> b/doc/guides/cryptodevs/openssl.rst
> index 427fc807c..4f90be888 100644
> --- a/doc/guides/cryptodevs/openssl.rst
> +++ b/doc/guides/cryptodevs/openssl.rst
> @@ -80,6 +80,7 @@ crypto processing.
>
> Test name is cryptodev_openssl_autotest.
> For performance test cryptodev_openssl_perftest can be used.
> +For asymmetric crypto operations testing, run
> +cryptodev_openssl_asym_autotest
>
> To verify real traffic l2fwd-crypto example can be used with this command:
>
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index f584d0d6f..527e42773 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
...
> + }
> + dh_key->priv_key = BN_bin2bn(op->priv_key.data,
> + op->priv_key.length,
> + dh_key->priv_key);
As on the previous patch, I am getting a compilation issue:
drivers/crypto/openssl/rte_openssl_pmd.c:1711:9: error:
dereferencing pointer to incomplete type 'DH {aka struct dh_st}'
dh_key->priv_key = BN_bin2bn(op->priv_key.data,
...
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 1cb87d59a..76f7410cb 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
...
> struct rte_cryptodev_ops openssl_pmd_ops = {
> .dev_configure = openssl_pmd_config,
> .dev_start = openssl_pmd_start,
> @@ -750,8 +1138,11 @@ struct rte_cryptodev_ops openssl_pmd_ops = {
> .queue_pair_count = openssl_pmd_qp_count,
>
> .session_get_size = openssl_pmd_session_get_size,
> + .asym_session_get_size =
> openssl_pmd_asym_session_get_size,
> .session_configure = openssl_pmd_session_configure,
> - .session_clear = openssl_pmd_session_clear
> + .asym_session_configure =
> openssl_pmd_asym_session_configure,
> + .session_clear = openssl_pmd_session_clear,
> + .asym_session_clear = openssl_pmd_asym_session_clear
> };
I think session_get_size, session_configure and session_clear should be renamed
to sym_session_*, to avoid confusion. Could you add another patch renaming these?
Thanks,
Pablo
Hi Pablo
>-----Original Message-----
>From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com]
>Sent: 17 June 2018 18:55
>To: Verma, Shally <Shally.Verma@cavium.com>
>Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com; dev@dpdk.org; Athreya, Narayana Prasad
><NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
>Subject: RE: [PATCH v3 5/6] crypto/openssl: add asym crypto support
>
>External Email
>
>> -----Original Message-----
>> From: Shally Verma [mailto:shally.verma@caviumnetworks.com]
>> Sent: Wednesday, May 16, 2018 7:05 AM
>> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
>> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
>> dev@dpdk.org; pathreya@caviumnetworks.com; Sunila Sahu
>> <sunila.sahu@caviumnetworks.com>; Ashish Gupta
>> <ashish.gupta@caviumnetworks.com>
>> Subject: [PATCH v3 5/6] crypto/openssl: add asym crypto support
>>
>> Add asymmetric crypto operation support in openssl PMD.
>> Current list of supported asym xforms:
>> * RSA
>> * DSA
>> * Deffie-hellman
>> * Modular Operations
>>
>> changes from v2:
>> - Update the pmd capability as per new capability structure
>>
>> changes from v1:
>> - resolve new line error in dod/guides/cryptodevs/openssl.rst
>>
>> Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
>> Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
>> Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>
>> ---
.. [snip] ..
>> +;
>> +; Supported Asymmetric algorithms of the 'openssl' crypto driver.
>> +;
>> +[Asymmetric]
>> +RSA = Y
>> +DSA = Y
>> +Modular Exponentiation = Y
>> +Modular Inversion = Y
>> +Deffie-hellman = Y
>
>You need to add these parameters in default.ini file,
>otherwise they are not shown when building the documentation.
>
[Shally] Ok
..[snip]..
>>
>> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
>> b/drivers/crypto/openssl/rte_openssl_pmd.c
>> index f584d0d6f..527e42773 100644
>> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
>> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
>
>...
>
>> + }
>> + dh_key->priv_key = BN_bin2bn(op->priv_key.data,
>> + op->priv_key.length,
>> + dh_key->priv_key);
>
>As on the previous patch, I am getting a compilation issue:
>
>drivers/crypto/openssl/rte_openssl_pmd.c:1711:9: error:
>dereferencing pointer to incomplete type 'DH {aka struct dh_st}'
> dh_key->priv_key = BN_bin2bn(op->priv_key.data,
>
[Shally] as I mentioned before Openssl PMD support 1.0.2 version series(http://doc.dpdk.org/guides/cryptodevs/openssl.html) and thus the error
>...
>
>> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
>> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
>> index 1cb87d59a..76f7410cb 100644
>> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
>> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
>
>...
>
>> struct rte_cryptodev_ops openssl_pmd_ops = {
>> .dev_configure = openssl_pmd_config,
>> .dev_start = openssl_pmd_start,
>> @@ -750,8 +1138,11 @@ struct rte_cryptodev_ops openssl_pmd_ops = {
>> .queue_pair_count = openssl_pmd_qp_count,
>>
>> .session_get_size = openssl_pmd_session_get_size,
>> + .asym_session_get_size =
>> openssl_pmd_asym_session_get_size,
>> .session_configure = openssl_pmd_session_configure,
>> - .session_clear = openssl_pmd_session_clear
>> + .asym_session_configure =
>> openssl_pmd_asym_session_configure,
>> + .session_clear = openssl_pmd_session_clear,
>> + .asym_session_clear = openssl_pmd_asym_session_clear
>> };
>
>I think session_get_size, session_configure and session_clear should be renamed
>to sym_session_*, to avoid confusion. Could you add another patch renaming these?
>
[Shally] I see in latest cryptodev these typedefs are already named to
cryptodev_sym_configure_session_t, _sym_get_session_private_size_t and _sym_free_.. so these changes would come while rebase.
or you are referring to change openssl_pmd_session_configure to openssl_pmd_sym_session_configure and so others?
Thanks for review.
>Thanks,
>Pablo
>
> -----Original Message-----
> From: Verma, Shally [mailto:Shally.Verma@cavium.com]
> Sent: Sunday, June 17, 2018 4:48 PM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> dev@dpdk.org; Athreya, Narayana Prasad
> <NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
> <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
> Subject: RE: [PATCH v3 5/6] crypto/openssl: add asym crypto support
>
> Hi Pablo
>
> >-----Original Message-----
> >From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com]
> >Sent: 17 June 2018 18:55
> >To: Verma, Shally <Shally.Verma@cavium.com>
> >Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> >dev@dpdk.org; Athreya, Narayana Prasad
> ><NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
> ><Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
> >Subject: RE: [PATCH v3 5/6] crypto/openssl: add asym crypto support
> >
> >External Email
> >
> >> -----Original Message-----
> >> From: Shally Verma [mailto:shally.verma@caviumnetworks.com]
> >> Sent: Wednesday, May 16, 2018 7:05 AM
> >> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> >> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> >> dev@dpdk.org; pathreya@caviumnetworks.com; Sunila Sahu
> >> <sunila.sahu@caviumnetworks.com>; Ashish Gupta
> >> <ashish.gupta@caviumnetworks.com>
> >> Subject: [PATCH v3 5/6] crypto/openssl: add asym crypto support
> >>
> >> Add asymmetric crypto operation support in openssl PMD.
> >> Current list of supported asym xforms:
> >> * RSA
> >> * DSA
> >> * Deffie-hellman
> >> * Modular Operations
> >>
> >> changes from v2:
> >> - Update the pmd capability as per new capability structure
> >>
> >> changes from v1:
> >> - resolve new line error in dod/guides/cryptodevs/openssl.rst
> >>
> >> Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
> >> Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
> >> Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>
> >> ---
> .. [snip] ..
>
> >> +;
> >> +; Supported Asymmetric algorithms of the 'openssl' crypto driver.
> >> +;
> >> +[Asymmetric]
> >> +RSA = Y
> >> +DSA = Y
> >> +Modular Exponentiation = Y
> >> +Modular Inversion = Y
> >> +Deffie-hellman = Y
> >
> >You need to add these parameters in default.ini file, otherwise they
> >are not shown when building the documentation.
> >
> [Shally] Ok
>
> ..[snip]..
>
> >>
> >> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> >> b/drivers/crypto/openssl/rte_openssl_pmd.c
> >> index f584d0d6f..527e42773 100644
> >> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> >> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> >
> >...
> >
> >> + }
> >> + dh_key->priv_key = BN_bin2bn(op->priv_key.data,
> >> + op->priv_key.length,
> >> + dh_key->priv_key);
> >
> >As on the previous patch, I am getting a compilation issue:
> >
> >drivers/crypto/openssl/rte_openssl_pmd.c:1711:9: error:
> >dereferencing pointer to incomplete type 'DH {aka struct dh_st}'
> > dh_key->priv_key = BN_bin2bn(op->priv_key.data,
> >
> [Shally] as I mentioned before Openssl PMD support 1.0.2 version
> series(http://doc.dpdk.org/guides/cryptodevs/openssl.html) and thus the error
>
> >...
> >
> >> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> >> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> >> index 1cb87d59a..76f7410cb 100644
> >> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> >> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> >
> >...
> >
> >> struct rte_cryptodev_ops openssl_pmd_ops = {
> >> .dev_configure = openssl_pmd_config,
> >> .dev_start = openssl_pmd_start,
> >> @@ -750,8 +1138,11 @@ struct rte_cryptodev_ops openssl_pmd_ops = {
> >> .queue_pair_count = openssl_pmd_qp_count,
> >>
> >> .session_get_size = openssl_pmd_session_get_size,
> >> + .asym_session_get_size =
> >> openssl_pmd_asym_session_get_size,
> >> .session_configure = openssl_pmd_session_configure,
> >> - .session_clear = openssl_pmd_session_clear
> >> + .asym_session_configure =
> >> openssl_pmd_asym_session_configure,
> >> + .session_clear = openssl_pmd_session_clear,
> >> + .asym_session_clear = openssl_pmd_asym_session_clear
> >> };
> >
> >I think session_get_size, session_configure and session_clear should be
> >renamed to sym_session_*, to avoid confusion. Could you add another patch
> renaming these?
> >
> [Shally] I see in latest cryptodev these typedefs are already named to
> cryptodev_sym_configure_session_t, _sym_get_session_private_size_t and
> _sym_free_.. so these changes would come while rebase.
> or you are referring to change openssl_pmd_session_configure to
> openssl_pmd_sym_session_configure and so others?
Yes, but the name is still session_configure/clear, not sym_session_configure/clear, right?
And also, I think we should rename the OpenSSL functions, openssl_pmd_session_*,
to openssl_pmd_sym_session_*.
Pablo
>
> Thanks for review.
>
> >Thanks,
> >Pablo
> >
Hi Pablo
>-----Original Message-----
>From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com]
>Sent: 18 June 2018 01:09
>To: Verma, Shally <Shally.Verma@cavium.com>
>Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com; dev@dpdk.org; Athreya, Narayana Prasad
><NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
>Subject: RE: [PATCH v3 5/6] crypto/openssl: add asym crypto support
>
>External Email
>
//snip
>> >> struct rte_cryptodev_ops openssl_pmd_ops = {
>> >> .dev_configure = openssl_pmd_config,
>> >> .dev_start = openssl_pmd_start,
>> >> @@ -750,8 +1138,11 @@ struct rte_cryptodev_ops openssl_pmd_ops = {
>> >> .queue_pair_count = openssl_pmd_qp_count,
>> >>
>> >> .session_get_size = openssl_pmd_session_get_size,
>> >> + .asym_session_get_size =
>> >> openssl_pmd_asym_session_get_size,
>> >> .session_configure = openssl_pmd_session_configure,
>> >> - .session_clear = openssl_pmd_session_clear
>> >> + .asym_session_configure =
>> >> openssl_pmd_asym_session_configure,
>> >> + .session_clear = openssl_pmd_session_clear,
>> >> + .asym_session_clear = openssl_pmd_asym_session_clear
>> >> };
>> >
>> >I think session_get_size, session_configure and session_clear should be
>> >renamed to sym_session_*, to avoid confusion. Could you add another patch
>> renaming these?
>> >
>> [Shally] I see in latest cryptodev these typedefs are already named to
>> cryptodev_sym_configure_session_t, _sym_get_session_private_size_t and
>> _sym_free_.. so these changes would come while rebase.
>> or you are referring to change openssl_pmd_session_configure to
>> openssl_pmd_sym_session_configure and so others?
>
>Yes, but the name is still session_configure/clear, not sym_session_configure/clear, right?
>And also, I think we should rename the OpenSSL functions, openssl_pmd_session_*,
>to openssl_pmd_sym_session_*.
>
[Shally] Ok. I will look into this.
Thanks
Shally
>Pablo
>
>>
>> Thanks for review.
>>
>> >Thanks,
>> >Pablo
>> >
Hi Pablo
>-----Original Message-----
>From: Verma, Shally
>Sent: 18 June 2018 11:00
>To: 'De Lara Guarch, Pablo' <pablo.de.lara.guarch@intel.com>
>Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com; dev@dpdk.org; Athreya, Narayana Prasad
><NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
>Subject: RE: [PATCH v3 5/6] crypto/openssl: add asym crypto support
>
//snip
>>> >>
>>> >> .session_get_size = openssl_pmd_session_get_size,
>>> >> + .asym_session_get_size =
>>> >> openssl_pmd_asym_session_get_size,
>>> >> .session_configure = openssl_pmd_session_configure,
>>> >> - .session_clear = openssl_pmd_session_clear
>>> >> + .asym_session_configure =
>>> >> openssl_pmd_asym_session_configure,
>>> >> + .session_clear = openssl_pmd_session_clear,
>>> >> + .asym_session_clear = openssl_pmd_asym_session_clear
>>> >> };
>>> >
>>> >I think session_get_size, session_configure and session_clear should be
>>> >renamed to sym_session_*, to avoid confusion. Could you add another patch
>>> renaming these?
>>> >
>>> [Shally] I see in latest cryptodev these typedefs are already named to
>>> cryptodev_sym_configure_session_t, _sym_get_session_private_size_t and
>>> _sym_free_.. so these changes would come while rebase.
>>> or you are referring to change openssl_pmd_session_configure to
>>> openssl_pmd_sym_session_configure and so others?
>>
>>Yes, but the name is still session_configure/clear, not sym_session_configure/clear, right?
>>And also, I think we should rename the OpenSSL functions, openssl_pmd_session_*,
>>to openssl_pmd_sym_session_*.
>>
>[Shally] Ok. I will look into this.
>
[Shally] if I change these names in struct rte_cryptodev_ops, then we will need to change all drivers. I think that should be done in a separate patch series specific to rename these. For now, I will rename only openssl pmd APIs to use _sym version for this patch series.
>Thanks
>Shally
>
>>Pablo
>>
>>>
>>> Thanks for review.
>>>
>>> >Thanks,
>>> >Pablo
>>> >
> -----Original Message-----
> From: Verma, Shally [mailto:Shally.Verma@cavium.com]
> Sent: Saturday, June 23, 2018 1:42 PM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> dev@dpdk.org; Athreya, Narayana Prasad
> <NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
> <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
> Subject: RE: [PATCH v3 5/6] crypto/openssl: add asym crypto support
>
> Hi Pablo
>
> >-----Original Message-----
> >From: Verma, Shally
> >Sent: 18 June 2018 11:00
> >To: 'De Lara Guarch, Pablo' <pablo.de.lara.guarch@intel.com>
> >Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> >dev@dpdk.org; Athreya, Narayana Prasad
> ><NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
> ><Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
> >Subject: RE: [PATCH v3 5/6] crypto/openssl: add asym crypto support
> >
> //snip
>
> >>> >>
> >>> >> .session_get_size = openssl_pmd_session_get_size,
> >>> >> + .asym_session_get_size =
> >>> >> openssl_pmd_asym_session_get_size,
> >>> >> .session_configure = openssl_pmd_session_configure,
> >>> >> - .session_clear = openssl_pmd_session_clear
> >>> >> + .asym_session_configure =
> >>> >> openssl_pmd_asym_session_configure,
> >>> >> + .session_clear = openssl_pmd_session_clear,
> >>> >> + .asym_session_clear = openssl_pmd_asym_session_clear
> >>> >> };
> >>> >
> >>> >I think session_get_size, session_configure and session_clear
> >>> >should be renamed to sym_session_*, to avoid confusion. Could you
> >>> >add another patch
> >>> renaming these?
> >>> >
> >>> [Shally] I see in latest cryptodev these typedefs are already named
> >>> to cryptodev_sym_configure_session_t,
> >>> _sym_get_session_private_size_t and _sym_free_.. so these changes would
> come while rebase.
> >>> or you are referring to change openssl_pmd_session_configure to
> >>> openssl_pmd_sym_session_configure and so others?
> >>
> >>Yes, but the name is still session_configure/clear, not
> sym_session_configure/clear, right?
> >>And also, I think we should rename the OpenSSL functions,
> >>openssl_pmd_session_*, to openssl_pmd_sym_session_*.
> >>
> >[Shally] Ok. I will look into this.
> >
> [Shally] if I change these names in struct rte_cryptodev_ops, then we will need
> to change all drivers. I think that should be done in a separate patch series
> specific to rename these. For now, I will rename only openssl pmd APIs to use
> _sym version for this patch series.
Right. I think a separate patch is a good idea, but it has to be done in one patch,
to avoid breaking the compilation. Could you send this patch soon?
Thanks,
Pablo
>
> >Thanks
> >Shally
> >
> >>Pablo
> >>
> >>>
> >>> Thanks for review.
> >>>
> >>> >Thanks,
> >>> >Pablo
> >>> >
>-----Original Message-----
>From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com]
>Sent: 23 June 2018 23:47
>To: Verma, Shally <Shally.Verma@cavium.com>
>Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com; dev@dpdk.org; Athreya, Narayana Prasad
><NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
>Subject: RE: [PATCH v3 5/6] crypto/openssl: add asym crypto support
>
>External Email
// snip
>> >>Yes, but the name is still session_configure/clear, not
>> sym_session_configure/clear, right?
>> >>And also, I think we should rename the OpenSSL functions,
>> >>openssl_pmd_session_*, to openssl_pmd_sym_session_*.
>> >>
>> >[Shally] Ok. I will look into this.
>> >
>> [Shally] if I change these names in struct rte_cryptodev_ops, then we will need
>> to change all drivers. I think that should be done in a separate patch series
>> specific to rename these. For now, I will rename only openssl pmd APIs to use
>> _sym version for this patch series.
>
>Right. I think a separate patch is a good idea, but it has to be done in one patch,
>to avoid breaking the compilation. Could you send this patch soon?
>
I can send openssl asym related patch soon. Can't commit on right now for sym_ session name in pmd ops changes.
Sorry about that.
Thanks
Shally
>Thanks,
>Pablo
>
>>
>> >Thanks
>> >Shally
>> >
>> >>Pablo
>> >>
>> >>>
>> >>> Thanks for review.
>> >>>
>> >>> >Thanks,
>> >>> >Pablo
>> >>> >
> -----Original Message-----
> From: Verma, Shally [mailto:Shally.Verma@cavium.com]
> Sent: Saturday, June 23, 2018 7:26 PM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> dev@dpdk.org; Athreya, Narayana Prasad
> <NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
> <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
> Subject: RE: [PATCH v3 5/6] crypto/openssl: add asym crypto support
>
>
>
> >-----Original Message-----
> >From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com]
> >Sent: 23 June 2018 23:47
> >To: Verma, Shally <Shally.Verma@cavium.com>
> >Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> >dev@dpdk.org; Athreya, Narayana Prasad
> ><NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
> ><Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
> >Subject: RE: [PATCH v3 5/6] crypto/openssl: add asym crypto support
> >
> >External Email
> // snip
>
> >> >>Yes, but the name is still session_configure/clear, not
> >> sym_session_configure/clear, right?
> >> >>And also, I think we should rename the OpenSSL functions,
> >> >>openssl_pmd_session_*, to openssl_pmd_sym_session_*.
> >> >>
> >> >[Shally] Ok. I will look into this.
> >> >
> >> [Shally] if I change these names in struct rte_cryptodev_ops, then we
> >> will need to change all drivers. I think that should be done in a
> >> separate patch series specific to rename these. For now, I will
> >> rename only openssl pmd APIs to use _sym version for this patch series.
> >
> >Right. I think a separate patch is a good idea, but it has to be done
> >in one patch, to avoid breaking the compilation. Could you send this patch
> soon?
> >
> I can send openssl asym related patch soon. Can't commit on right now for sym_
> session name in pmd ops changes.
> Sorry about that.
I will send a patch renaming these functions as part of cryptodev API changes
http://patches.dpdk.org/cover/40958/
Thanks,
Pablo
>
> Thanks
> Shally
>
> >Thanks,
> >Pablo
> >
> >>
> >> >Thanks
> >> >Shally
> >> >
> >> >>Pablo
> >> >>
> >> >>>
> >> >>> Thanks for review.
> >> >>>
> >> >>> >Thanks,
> >> >>> >Pablo
> >> >>> >
> -----Original Message-----
> From: Shally Verma [mailto:shally.verma@caviumnetworks.com]
> Sent: Wednesday, May 16, 2018 7:05 AM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> dev@dpdk.org; pathreya@caviumnetworks.com; Sunila Sahu
> <sunila.sahu@caviumnetworks.com>; Ashish Gupta
> <ashish.gupta@caviumnetworks.com>
> Subject: [PATCH v3 5/6] crypto/openssl: add asym crypto support
>
> Add asymmetric crypto operation support in openssl PMD.
> Current list of supported asym xforms:
> * RSA
> * DSA
> * Deffie-hellman
> * Modular Operations
>
> changes from v2:
> - Update the pmd capability as per new capability structure
>
> changes from v1:
> - resolve new line error in dod/guides/cryptodevs/openssl.rst
>
> Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
> Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
> Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>
> ---
> doc/guides/cryptodevs/features/openssl.ini | 11 +
> doc/guides/cryptodevs/openssl.rst | 1 +
> drivers/crypto/openssl/rte_openssl_pmd.c | 377 ++++++++++++++++++++-
> drivers/crypto/openssl/rte_openssl_pmd_ops.c | 395
> ++++++++++++++++++++++-
> drivers/crypto/openssl/rte_openssl_pmd_private.h | 29 ++
> 5 files changed, 801 insertions(+), 12 deletions(-)
...
> @@ -1606,7 +1957,12 @@ openssl_pmd_enqueue_burst(void *queue_pair,
> struct rte_crypto_op **ops,
> if (unlikely(sess == NULL))
> goto enqueue_err;
>
> - retval = process_op(qp, ops[i], sess);
> + if (ops[i]->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC)
> + retval = process_op(qp, ops[i],
> + (struct openssl_session *) sess);
Could you rename process_op to process_sym_op?
Also, I think we need this check for the other PMDs.
I will send a patch to check if op type is equal to symmetric.
Pablo
>-----Original Message-----
>From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com]
>Sent: 26 June 2018 14:53
>To: Verma, Shally <Shally.Verma@cavium.com>
>Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com; dev@dpdk.org; Athreya, Narayana Prasad
><NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
>Subject: RE: [PATCH v3 5/6] crypto/openssl: add asym crypto support
//snip
>> - retval = process_op(qp, ops[i], sess);
>> + if (ops[i]->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC)
>> + retval = process_op(qp, ops[i],
>> + (struct openssl_session *) sess);
>
>Could you rename process_op to process_sym_op?
>
[Shally] Will do.
>Also, I think we need this check for the other PMDs.
>I will send a patch to check if op type is equal to symmetric.
>
>Pablo
Hi Shally,
> -----Original Message-----
> From: Shally Verma [mailto:shally.verma@caviumnetworks.com]
> Sent: Wednesday, May 16, 2018 7:05 AM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com; dev@dpdk.org;
> pathreya@caviumnetworks.com; Sunila Sahu <sunila.sahu@caviumnetworks.com>; Ashish Gupta
> <ashish.gupta@caviumnetworks.com>
> Subject: [PATCH v3 5/6] crypto/openssl: add asym crypto support
>
> Add asymmetric crypto operation support in openssl PMD.
> Current list of supported asym xforms:
> * RSA
> * DSA
> * Deffie-hellman
> * Modular Operations
>
> changes from v2:
> - Update the pmd capability as per new capability structure
>
> changes from v1:
> - resolve new line error in dod/guides/cryptodevs/openssl.rst
>
> Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
> Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
> Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>
//snip//
> +/* process rsa operations */
> +static int process_openssl_rsa_op(struct rte_crypto_op *cop,
> + struct openssl_asym_session *sess)
> +{
> + int ret = 0;
> + struct rte_crypto_asym_op *op = cop->asym;
> + RSA *rsa = sess->u.r.rsa;
> + uint32_t pad = (op->rsa.pad);
> +
> + switch (pad) {
> + case RTE_CRYPTO_RSA_PKCS1_V1_5_BT1:
> + case RTE_CRYPTO_RSA_PKCS1_V1_5_BT2:
> + pad = RSA_PKCS1_PADDING;
> + break;
> + case RTE_CRYPTO_RSA_PADDING_PSS:
> + pad = RSA_PKCS1_PSS_PADDING;
> + /* fall through */
> + case RTE_CRYPTO_RSA_PADDING_OAEP:
> + pad = RSA_PKCS1_OAEP_PADDING;
> + /* fall through */
> + default:
> + pad = RSA_NO_PADDING;
> + break;
[Fiona] Maybe I'm missing something, but won't this fall through to RSA_NO_PADDING for OAEP and PSS cases?
//snip//
>-----Original Message-----
>From: Trahe, Fiona [mailto:fiona.trahe@intel.com]
>Sent: 03 July 2018 20:21
>To: Verma, Shally <Shally.Verma@cavium.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
>Cc: akhil.goyal@nxp.com; dev@dpdk.org; Athreya, Narayana Prasad <NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
><Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>; Trahe, Fiona <fiona.trahe@intel.com>
>Subject: RE: [PATCH v3 5/6] crypto/openssl: add asym crypto support
>
>External Email
>
>Hi Shally,
>
>> -----Original Message-----
>> From: Shally Verma [mailto:shally.verma@caviumnetworks.com]
>> Sent: Wednesday, May 16, 2018 7:05 AM
>> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
>> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com; dev@dpdk.org;
>> pathreya@caviumnetworks.com; Sunila Sahu <sunila.sahu@caviumnetworks.com>; Ashish Gupta
>> <ashish.gupta@caviumnetworks.com>
>> Subject: [PATCH v3 5/6] crypto/openssl: add asym crypto support
>>
>> Add asymmetric crypto operation support in openssl PMD.
>> Current list of supported asym xforms:
>> * RSA
>> * DSA
>> * Deffie-hellman
>> * Modular Operations
>>
>> changes from v2:
>> - Update the pmd capability as per new capability structure
>>
>> changes from v1:
>> - resolve new line error in dod/guides/cryptodevs/openssl.rst
>>
>> Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
>> Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
>> Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>
>
>
>//snip//
>> +/* process rsa operations */
>> +static int process_openssl_rsa_op(struct rte_crypto_op *cop,
>> + struct openssl_asym_session *sess)
>> +{
>> + int ret = 0;
>> + struct rte_crypto_asym_op *op = cop->asym;
>> + RSA *rsa = sess->u.r.rsa;
>> + uint32_t pad = (op->rsa.pad);
>> +
>> + switch (pad) {
>> + case RTE_CRYPTO_RSA_PKCS1_V1_5_BT1:
>> + case RTE_CRYPTO_RSA_PKCS1_V1_5_BT2:
>> + pad = RSA_PKCS1_PADDING;
>> + break;
>> + case RTE_CRYPTO_RSA_PADDING_PSS:
>> + pad = RSA_PKCS1_PSS_PADDING;
>> + /* fall through */
>> + case RTE_CRYPTO_RSA_PADDING_OAEP:
>> + pad = RSA_PKCS1_OAEP_PADDING;
>> + /* fall through */
>> + default:
>> + pad = RSA_NO_PADDING;
>> + break;
>[Fiona] Maybe I'm missing something, but won't this fall through to RSA_NO_PADDING for OAEP and PSS cases?
>
>//snip//
Yes. It will because we were not claiming OAEP/PSS support in 1st cut. Also, So, made them switched to no-padding.
However, openssl PMD asym changes , as such, is on hold until it is moved that to 1.1.0. So, we will submit PMD and testapp as a separate patches from
Lib patch series.
> -----Original Message-----
> From: Verma, Shally [mailto:Shally.Verma@cavium.com]
> Sent: Tuesday, July 3, 2018 4:00 PM
> To: Trahe, Fiona <fiona.trahe@intel.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Cc: akhil.goyal@nxp.com; dev@dpdk.org; Athreya, Narayana Prasad
> <NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila <Sunila.Sahu@cavium.com>; Gupta, Ashish
> <Ashish.Gupta@cavium.com>
> Subject: RE: [PATCH v3 5/6] crypto/openssl: add asym crypto support
>
>
>
> >-----Original Message-----
> >From: Trahe, Fiona [mailto:fiona.trahe@intel.com]
> >Sent: 03 July 2018 20:21
> >To: Verma, Shally <Shally.Verma@cavium.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>
> >Cc: akhil.goyal@nxp.com; dev@dpdk.org; Athreya, Narayana Prasad
> <NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
> ><Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>; Trahe, Fiona
> <fiona.trahe@intel.com>
> >Subject: RE: [PATCH v3 5/6] crypto/openssl: add asym crypto support
> >
> >External Email
> >
> >Hi Shally,
> >
> >> -----Original Message-----
> >> From: Shally Verma [mailto:shally.verma@caviumnetworks.com]
> >> Sent: Wednesday, May 16, 2018 7:05 AM
> >> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> >> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com; dev@dpdk.org;
> >> pathreya@caviumnetworks.com; Sunila Sahu <sunila.sahu@caviumnetworks.com>; Ashish Gupta
> >> <ashish.gupta@caviumnetworks.com>
> >> Subject: [PATCH v3 5/6] crypto/openssl: add asym crypto support
> >>
> >> Add asymmetric crypto operation support in openssl PMD.
> >> Current list of supported asym xforms:
> >> * RSA
> >> * DSA
> >> * Deffie-hellman
> >> * Modular Operations
> >>
> >> changes from v2:
> >> - Update the pmd capability as per new capability structure
> >>
> >> changes from v1:
> >> - resolve new line error in dod/guides/cryptodevs/openssl.rst
> >>
> >> Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
> >> Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
> >> Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>
> >
> >
> >//snip//
> >> +/* process rsa operations */
> >> +static int process_openssl_rsa_op(struct rte_crypto_op *cop,
> >> + struct openssl_asym_session *sess)
> >> +{
> >> + int ret = 0;
> >> + struct rte_crypto_asym_op *op = cop->asym;
> >> + RSA *rsa = sess->u.r.rsa;
> >> + uint32_t pad = (op->rsa.pad);
> >> +
> >> + switch (pad) {
> >> + case RTE_CRYPTO_RSA_PKCS1_V1_5_BT1:
> >> + case RTE_CRYPTO_RSA_PKCS1_V1_5_BT2:
> >> + pad = RSA_PKCS1_PADDING;
> >> + break;
> >> + case RTE_CRYPTO_RSA_PADDING_PSS:
> >> + pad = RSA_PKCS1_PSS_PADDING;
> >> + /* fall through */
> >> + case RTE_CRYPTO_RSA_PADDING_OAEP:
> >> + pad = RSA_PKCS1_OAEP_PADDING;
> >> + /* fall through */
> >> + default:
> >> + pad = RSA_NO_PADDING;
> >> + break;
> >[Fiona] Maybe I'm missing something, but won't this fall through to RSA_NO_PADDING for OAEP and
> PSS cases?
> >
> >//snip//
> Yes. It will because we were not claiming OAEP/PSS support in 1st cut. Also, So, made them switched to
> no-padding.
> However, openssl PMD asym changes , as such, is on hold until it is moved that to 1.1.0. So, we will
> submit PMD and testapp as a separate patches from
> Lib patch series.
>
[Fiona] ok. I'd suggest leaving out the "pad = " in the 2 fall-through cases. And expanding comment to
"Not supported yet, so fall-through" for more clarity.
>-----Original Message-----
>From: Trahe, Fiona [mailto:fiona.trahe@intel.com]
>Sent: 03 July 2018 20:41
>To: Verma, Shally <Shally.Verma@cavium.com>; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
>Cc: akhil.goyal@nxp.com; dev@dpdk.org; Athreya, Narayana Prasad <NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
><Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
>Subject: RE: [PATCH v3 5/6] crypto/openssl: add asym crypto support
>
>External Email
>
//snip
>> >> +/* process rsa operations */
>> >> +static int process_openssl_rsa_op(struct rte_crypto_op *cop,
>> >> + struct openssl_asym_session *sess)
>> >> +{
>> >> + int ret = 0;
>> >> + struct rte_crypto_asym_op *op = cop->asym;
>> >> + RSA *rsa = sess->u.r.rsa;
>> >> + uint32_t pad = (op->rsa.pad);
>> >> +
>> >> + switch (pad) {
>> >> + case RTE_CRYPTO_RSA_PKCS1_V1_5_BT1:
>> >> + case RTE_CRYPTO_RSA_PKCS1_V1_5_BT2:
>> >> + pad = RSA_PKCS1_PADDING;
>> >> + break;
>> >> + case RTE_CRYPTO_RSA_PADDING_PSS:
>> >> + pad = RSA_PKCS1_PSS_PADDING;
>> >> + /* fall through */
>> >> + case RTE_CRYPTO_RSA_PADDING_OAEP:
>> >> + pad = RSA_PKCS1_OAEP_PADDING;
>> >> + /* fall through */
>> >> + default:
>> >> + pad = RSA_NO_PADDING;
>> >> + break;
>> >[Fiona] Maybe I'm missing something, but won't this fall through to RSA_NO_PADDING for OAEP and
>> PSS cases?
>> >
>> >//snip//
>> Yes. It will because we were not claiming OAEP/PSS support in 1st cut. Also, So, made them switched to
>> no-padding.
>> However, openssl PMD asym changes , as such, is on hold until it is moved that to 1.1.0. So, we will
>> submit PMD and testapp as a separate patches from
>> Lib patch series.
>>
>[Fiona] ok. I'd suggest leaving out the "pad = " in the 2 fall-through cases. And expanding comment to
>"Not supported yet, so fall-through" for more clarity.
All right. noted.
Thanks
Shally
@@ -7,6 +7,7 @@
Symmetric crypto = Y
Sym operation chaining = Y
Mbuf scatter gather = Y
+Asymmetric crypto = Y
;
; Supported crypto algorithms of the 'openssl' crypto driver.
@@ -49,3 +50,13 @@ AES GCM (256) = Y
AES CCM (128) = Y
AES CCM (192) = Y
AES CCM (256) = Y
+
+;
+; Supported Asymmetric algorithms of the 'openssl' crypto driver.
+;
+[Asymmetric]
+RSA = Y
+DSA = Y
+Modular Exponentiation = Y
+Modular Inversion = Y
+Deffie-hellman = Y
@@ -80,6 +80,7 @@ crypto processing.
Test name is cryptodev_openssl_autotest.
For performance test cryptodev_openssl_perftest can be used.
+For asymmetric crypto operations testing, run cryptodev_openssl_asym_autotest
To verify real traffic l2fwd-crypto example can be used with this command:
@@ -727,19 +727,35 @@ openssl_reset_session(struct openssl_session *sess)
}
/** Provide session for operation */
-static struct openssl_session *
+static void *
get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
{
struct openssl_session *sess = NULL;
+ struct openssl_asym_session *asym_sess = NULL;
if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
- /* get existing session */
- if (likely(op->sym->session != NULL))
- sess = (struct openssl_session *)
- get_session_private_data(
- op->sym->session,
- cryptodev_driver_id);
+ if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
+ /* get existing session */
+ if (likely(op->sym->session != NULL))
+ sess = (struct openssl_session *)
+ get_session_private_data(
+ op->sym->session,
+ cryptodev_driver_id);
+ } else {
+ if (likely(op->asym->session != NULL))
+ asym_sess = (struct openssl_asym_session *)
+ get_asym_session_private_data(
+ op->asym->session,
+ cryptodev_driver_id);
+ if (asym_sess == NULL)
+ op->status =
+ RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+ return asym_sess;
+ }
} else {
+ if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC)
+ return NULL; /* sessionless asymmetric not supported */
+
/* provide internal session */
void *_sess = NULL;
void *_sess_private_data = NULL;
@@ -1525,6 +1541,341 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
}
+static int process_openssl_modinv_op(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ struct rte_crypto_asym_op *op = cop->asym;
+ BIGNUM *base = BN_CTX_get(sess->u.m.ctx);
+ BIGNUM *res = BN_CTX_get(sess->u.m.ctx);
+
+ if (unlikely(base == NULL || res == NULL)) {
+ if (base)
+ BN_free(base);
+ if (res)
+ BN_free(res);
+ cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+ return -1;
+ }
+
+ base = BN_bin2bn((const unsigned char *)op->modinv.base.data,
+ op->modinv.base.length, base);
+
+ if (BN_mod_inverse(res, base, sess->u.m.modulus, sess->u.m.ctx)) {
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+ op->modinv.base.length = BN_bn2bin(res, op->modinv.base.data);
+ } else {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ }
+
+ return 0;
+}
+
+static int process_openssl_modexp_op(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ struct rte_crypto_asym_op *op = cop->asym;
+ BIGNUM *base = BN_CTX_get(sess->u.e.ctx);
+ BIGNUM *res = BN_CTX_get(sess->u.e.ctx);
+
+ if (unlikely(base == NULL || res == NULL)) {
+ if (base)
+ BN_free(base);
+ if (res)
+ BN_free(res);
+ cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+ return -1;
+ }
+
+ base = BN_bin2bn((const unsigned char *)op->modinv.base.data,
+ op->modinv.base.length, base);
+
+ if (BN_mod_exp(res, base, sess->u.e.exp,
+ sess->u.e.mod, sess->u.e.ctx)) {
+ op->modinv.base.length = BN_bn2bin(res, op->modinv.base.data);
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+ } else {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ }
+
+ return 0;
+}
+
+/* process rsa operations */
+static int process_openssl_rsa_op(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ int ret = 0;
+ struct rte_crypto_asym_op *op = cop->asym;
+ RSA *rsa = sess->u.r.rsa;
+ uint32_t pad = (op->rsa.pad);
+
+ switch (pad) {
+ case RTE_CRYPTO_RSA_PKCS1_V1_5_BT1:
+ case RTE_CRYPTO_RSA_PKCS1_V1_5_BT2:
+ pad = RSA_PKCS1_PADDING;
+ break;
+ case RTE_CRYPTO_RSA_PADDING_PSS:
+ pad = RSA_PKCS1_PSS_PADDING;
+ /* fall through */
+ case RTE_CRYPTO_RSA_PADDING_OAEP:
+ pad = RSA_PKCS1_OAEP_PADDING;
+ /* fall through */
+ default:
+ pad = RSA_NO_PADDING;
+ break;
+ }
+
+ switch (op->rsa.op_type) {
+ case RTE_CRYPTO_ASYM_OP_ENCRYPT:
+ ret = RSA_public_encrypt(op->rsa.message.length,
+ op->rsa.message.data,
+ op->rsa.message.data,
+ rsa,
+ pad);
+
+ op->rsa.message.length = ret;
+ OPENSSL_LOG_DBG("length of encrypted text %d\n", ret);
+ break;
+
+ case RTE_CRYPTO_ASYM_OP_DECRYPT:
+ ret = RSA_private_decrypt(op->rsa.message.length,
+ op->rsa.message.data,
+ op->rsa.message.data,
+ rsa,
+ pad);
+ op->rsa.message.length = ret;
+ break;
+
+ case RTE_CRYPTO_ASYM_OP_SIGN:
+ ret = RSA_private_encrypt(op->rsa.message.length,
+ op->rsa.message.data,
+ op->rsa.sign.data,
+ rsa,
+ pad);
+ op->rsa.sign.length = ret;
+ break;
+
+ case RTE_CRYPTO_ASYM_OP_VERIFY:
+ ret = RSA_public_decrypt(op->rsa.sign.length,
+ op->rsa.sign.data,
+ op->rsa.sign.data,
+ rsa,
+ pad);
+
+ OPENSSL_LOG_DBG(
+ "Length of public_decrypt %d length of message %d\n",
+ ret, op->rsa.message.length);
+
+ if (memcmp(op->rsa.sign.data, op->rsa.message.data,
+ op->rsa.message.length)) {
+ OPENSSL_LOG_ERR("RSA sign Verification failed");
+ ret = -1;
+ }
+ break;
+ default:
+ /* allow ops with invalid args to be pushed to
+ * completion queue
+ */
+ cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+ break;
+ }
+
+ if (ret < 0) {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ ret = 0;
+ }
+
+ ret = 0;
+ return ret;
+}
+
+static int
+process_openssl_dh_op(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ struct rte_crypto_dh_op_param *op = &cop->asym->dh;
+ DH *dh_key = sess->u.dh.dh_key;
+
+ if (sess->u.dh.key_op &
+ (1 << RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE)) {
+ BIGNUM *peer_key = NULL;
+
+ /* copy private key and peer key and compute shared secret */
+ peer_key = BN_bin2bn(op->pub_key.data,
+ op->pub_key.length,
+ peer_key);
+ if (peer_key == NULL) {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ return 0;
+ }
+ dh_key->priv_key = BN_bin2bn(op->priv_key.data,
+ op->priv_key.length,
+ dh_key->priv_key);
+ op->shared_secret.length = DH_compute_key(
+ op->shared_secret.data,
+ peer_key, dh_key);
+ if (!(op->shared_secret.length)) {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ BN_free(peer_key);
+ return 0;
+ }
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+ BN_free(peer_key);
+ return 0;
+ }
+
+ if ((sess->u.dh.key_op &
+ (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) &&
+ !(sess->u.dh.key_op &
+ (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE))) {
+ /* generate public key using user-pass private key */
+ dh_key->priv_key = BN_bin2bn(op->priv_key.data,
+ op->priv_key.length,
+ dh_key->priv_key);
+ if (dh_key->priv_key == NULL) {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ return 0;
+ }
+ }
+
+ /* generate public and private key pair */
+ if (!DH_generate_key(dh_key)) {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ return 0;
+ }
+
+ if (sess->u.dh.key_op &
+ (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE)) {
+ OPENSSL_LOG_DBG("%s:%d updated priv key\n",
+ __func__, __LINE__);
+
+ op->priv_key.length = BN_bn2bin(dh_key->priv_key,
+ op->priv_key.data);
+ }
+
+ if (sess->u.dh.key_op & (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) {
+ OPENSSL_LOG_DBG("%s:%d update public key\n",
+ __func__, __LINE__);
+
+ op->pub_key.length = BN_bn2bin(dh_key->pub_key,
+ op->pub_key.data);
+ }
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+
+ return 0;
+}
+
+static int
+process_openssl_dsa_sign_op(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ struct rte_crypto_dsa_op_param *op = &cop->asym->dsa;
+ DSA *dsa = sess->u.s.dsa;
+ DSA_SIG *sign;
+
+ sign = DSA_do_sign(op->message.data,
+ op->message.length,
+ dsa);
+
+ if (sign == NULL) {
+ OPENSSL_LOG_ERR("%s:%d\n", __func__, __LINE__);
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ } else {
+ op->r.length = BN_bn2bin(sign->r, op->r.data);
+ op->s.length = BN_bn2bin(sign->s, op->s.data);
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+ }
+
+ DSA_SIG_free(sign);
+ return 0;
+}
+
+static int
+process_openssl_dsa_verify_op(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ struct rte_crypto_dsa_op_param *op = &cop->asym->dsa;
+ DSA *dsa = sess->u.s.dsa;
+ int ret;
+ DSA_SIG *sign = DSA_SIG_new();
+
+ if (sign == NULL) {
+ OPENSSL_LOG_ERR(" %s:%d\n", __func__, __LINE__);
+ return -1;
+ }
+
+ sign->r = BN_bin2bn(op->r.data,
+ op->r.length,
+ sign->r);
+ sign->s = BN_bin2bn(op->s.data,
+ op->s.length,
+ sign->s);
+
+ dsa->pub_key = BN_bin2bn(op->y.data,
+ op->y.length,
+ dsa->pub_key);
+
+ ret = DSA_do_verify(op->message.data,
+ op->message.length,
+ sign,
+ dsa);
+
+ if (ret != 1)
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ else
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+
+ DSA_SIG_free(sign);
+
+ return 0;
+}
+
+
+static int
+process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op,
+ struct openssl_asym_session *sess)
+{
+ int retval = 0;
+
+ op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+
+ switch (sess->xfrm_type) {
+ case RTE_CRYPTO_ASYM_XFORM_RSA:
+ retval = process_openssl_rsa_op(op, sess);
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_MODEX:
+ retval = process_openssl_modexp_op(op, sess);
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_MODINV:
+ retval = process_openssl_modinv_op(op, sess);
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_DH:
+ retval = process_openssl_dh_op(op, sess);
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_DSA:
+ if (op->asym->dsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN)
+ retval = process_openssl_dsa_sign_op(op, sess);
+ else if (op->asym->dsa.op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
+ retval = process_openssl_dsa_verify_op(op, sess);
+ else
+ op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+ break;
+ default:
+ op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+ break;
+ }
+ if (!retval) {
+ /* op processed so push to completion queue as processed */
+ retval = rte_ring_enqueue(qp->processed_ops, (void *)op);
+ if (retval)
+ /* return error if failed to put in completion queue */
+ retval = -1;
+ }
+
+ return retval;
+}
+
+
/** Process crypto operation for mbuf */
static int
process_op(struct openssl_qp *qp, struct rte_crypto_op *op,
@@ -1597,7 +1948,7 @@ static uint16_t
openssl_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops,
uint16_t nb_ops)
{
- struct openssl_session *sess;
+ void *sess;
struct openssl_qp *qp = queue_pair;
int i, retval;
@@ -1606,7 +1957,12 @@ openssl_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops,
if (unlikely(sess == NULL))
goto enqueue_err;
- retval = process_op(qp, ops[i], sess);
+ if (ops[i]->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC)
+ retval = process_op(qp, ops[i],
+ (struct openssl_session *) sess);
+ else
+ retval = process_asym_op(qp, ops[i],
+ (struct openssl_asym_session *) sess);
if (unlikely(retval < 0))
goto enqueue_err;
}
@@ -1660,7 +2016,8 @@ cryptodev_openssl_create(const char *name,
dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
RTE_CRYPTODEV_FF_CPU_AESNI |
- RTE_CRYPTODEV_FF_MBUF_SCATTER_GATHER;
+ RTE_CRYPTODEV_FF_MBUF_SCATTER_GATHER |
+ RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
/* Set vector instructions mode supported */
internals = dev->data->dev_private;
@@ -469,6 +469,105 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
}, }
}, }
},
+ { /* RSA */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xfrm_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
+ .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
+ (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
+ (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
+ (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+ {
+ .modlen = {
+ /* min length is based on openssl rsa keygen */
+ .min = 30,
+ /* value 0 symbolizes no limit on max length */
+ .max = 0,
+ .increment = 1
+ }, }
+ }
+ },
+ }
+ },
+ { /* modexp */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xfrm_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
+ .op_types = 0,
+ {
+ .modlen = {
+ /* min length is based on openssl rsa keygen */
+ .min = 0,
+ /* value 0 symbolizes no limit on max length */
+ .max = 0,
+ .increment = 1
+ }, }
+ }
+ },
+ }
+ },
+ { /* modinv */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xfrm_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
+ .op_types = 0,
+ {
+ .modlen = {
+ /* min length is based on openssl rsa keygen */
+ .min = 0,
+ /* value 0 symbolizes no limit on max length */
+ .max = 0,
+ .increment = 1
+ }, }
+ }
+ },
+ }
+ },
+ { /* dh */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xfrm_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_DH,
+ .op_types =
+ ((1<<RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) |
+ (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE |
+ (1 <<
+ RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE))),
+ {
+ .modlen = {
+ /* min length is based on openssl rsa keygen */
+ .min = 0,
+ /* value 0 symbolizes no limit on max length */
+ .max = 0,
+ .increment = 1
+ }, }
+ }
+ },
+ }
+ },
+ { /* dsa */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xfrm_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA,
+ .op_types =
+ ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
+ (1 << RTE_CRYPTO_ASYM_OP_VERIFY)),
+ {
+ .modlen = {
+ /* min length is based on openssl rsa keygen */
+ .min = 0,
+ /* value 0 symbolizes no limit on max length */
+ .max = 0,
+ .increment = 1
+ }, }
+ }
+ },
+ }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
@@ -670,13 +769,20 @@ openssl_pmd_qp_count(struct rte_cryptodev *dev)
return dev->data->nb_queue_pairs;
}
-/** Returns the size of the session structure */
+/** Returns the size of symmetric session structure */
static unsigned
openssl_pmd_session_get_size(struct rte_cryptodev *dev __rte_unused)
{
return sizeof(struct openssl_session);
}
+/** Returns the size of the session structure */
+static unsigned
+openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused)
+{
+ return sizeof(struct openssl_asym_session);
+}
+
/** Configure the session from a crypto xform chain */
static int
openssl_pmd_session_configure(struct rte_cryptodev *dev __rte_unused,
@@ -713,6 +819,236 @@ openssl_pmd_session_configure(struct rte_cryptodev *dev __rte_unused,
return 0;
}
+static int openssl_set_asym_session_parameters(
+ struct openssl_asym_session *asym_session,
+ struct rte_crypto_asym_xform *xform)
+{
+
+ if ((xform->xform_type != RTE_CRYPTO_ASYM_XFORM_DH) &&
+ (xform->next != NULL)) {
+ OPENSSL_LOG_ERR("chained xfrms are not supported on %s",
+ rte_crypto_asym_xform_strings[xform->xform_type]);
+ return -1;
+ }
+
+ switch (xform->xform_type) {
+ case RTE_CRYPTO_ASYM_XFORM_RSA:
+ {
+ struct rte_crypto_rsa_xform *xfrm = &(xform->rsa);
+ asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA;
+
+ RSA *rsa = RSA_new();
+ if (rsa == NULL)
+ return -1;
+ /* copy xfrm data into rsa struct */
+ rsa->n = BN_bin2bn((const unsigned char *)xfrm->n.data,
+ xfrm->n.length, rsa->n);
+ rsa->e = BN_bin2bn((const unsigned char *)xfrm->e.data,
+ xfrm->e.length, rsa->e);
+ if (xfrm->key_type == RTE_RSA_KEY_TYPE_EXP) {
+ rsa->d = BN_bin2bn((const unsigned char *)xfrm->d.data,
+ xfrm->d.length,
+ rsa->d);
+ } else {
+ rsa->p = BN_bin2bn(
+ (const unsigned char *)xfrm->qt.p.data,
+ xfrm->qt.p.length,
+ rsa->p);
+ rsa->q = BN_bin2bn(
+ (const unsigned char *)xfrm->qt.q.data,
+ xfrm->qt.q.length,
+ rsa->q);
+ rsa->dmp1 = BN_bin2bn(
+ (const unsigned char *)xfrm->qt.dP.data,
+ xfrm->qt.dP.length,
+ rsa->dmp1);
+ rsa->dmq1 = BN_bin2bn(
+ (const unsigned char *)xfrm->qt.dQ.data,
+ xfrm->qt.dQ.length,
+ rsa->dmq1);
+ rsa->iqmp = BN_bin2bn(
+ (const unsigned char *)
+ xfrm->qt.qInv.data,
+ xfrm->qt.qInv.length,
+ rsa->iqmp);
+ }
+ asym_session->u.r.rsa = rsa;
+ break;
+ }
+ case RTE_CRYPTO_ASYM_XFORM_MODEX:
+ {
+ struct rte_crypto_modex_xform *xfrm = &(xform->modex);
+
+ asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODEX;
+
+ BN_CTX *ctx = BN_CTX_new();
+ if (ctx == NULL) {
+ OPENSSL_LOG_ERR(" failed to allocate resources\n");
+ return -1;
+ }
+ BN_CTX_start(ctx);
+ BIGNUM *mod = BN_CTX_get(ctx);
+ BIGNUM *exp = BN_CTX_get(ctx);
+ if (mod == NULL || exp == NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return -1;
+ }
+ mod = BN_bin2bn((const unsigned char *)xfrm->modulus.data,
+ xfrm->modulus.length, mod);
+ exp = BN_bin2bn((const unsigned char *)xfrm->exponent.data,
+ xfrm->exponent.length, exp);
+ asym_session->u.e.ctx = ctx;
+ asym_session->u.e.mod = mod;
+ asym_session->u.e.exp = exp;
+ break;
+ }
+ case RTE_CRYPTO_ASYM_XFORM_MODINV:
+ {
+ struct rte_crypto_modinv_xform *xfrm = &(xform->modinv);
+
+ asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV;
+
+ BN_CTX *ctx = BN_CTX_new();
+ if (ctx == NULL) {
+ OPENSSL_LOG_ERR(" failed to allocate resources\n");
+ return -1;
+ }
+ BN_CTX_start(ctx);
+ BIGNUM *mod = BN_CTX_get(ctx);
+ if (mod == NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return -1;
+ }
+
+ mod = BN_bin2bn((const unsigned char *)
+ xfrm->modulus.data,
+ xfrm->modulus.length,
+ mod);
+ asym_session->u.m.ctx = ctx;
+ asym_session->u.m.modulus = mod;
+ break;
+ }
+ case RTE_CRYPTO_ASYM_XFORM_DH:
+ {
+ asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH;
+
+ asym_session->u.dh.dh_key = DH_new();
+ DH *dh = asym_session->u.dh.dh_key;
+ if (dh == NULL) {
+ OPENSSL_LOG_ERR(" failed to allocate resources\n");
+ return -1;
+ }
+
+ dh->p = BN_bin2bn((const unsigned char *)
+ xform->dh.p.data,
+ xform->dh.p.length,
+ dh->p);
+
+ dh->g = BN_bin2bn((const unsigned char *)
+ xform->dh.g.data,
+ xform->dh.g.length,
+ dh->g);
+
+ /* setup xfrom for
+ * public key generate, or
+ * DH Priv key generate, or both
+ * public and private key generate
+ */
+ asym_session->u.dh.key_op = (1 << xform->dh.type);
+
+ if (xform->dh.type == RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) {
+ /* check if next is pubkey */
+ if ((xform->next != NULL) &&
+ (xform->next->xform_type ==
+ RTE_CRYPTO_ASYM_XFORM_DH) &&
+ (xform->next->dh.type ==
+ RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) {
+ /* setup op as pub/priv key pair generation */
+ asym_session->u.dh.key_op |=
+ (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE);
+ }
+ }
+ break;
+ }
+ case RTE_CRYPTO_ASYM_XFORM_DSA:
+ {
+ asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA;
+
+ asym_session->u.s.dsa = DSA_new();
+ DSA *dsa = asym_session->u.s.dsa;
+ if (dsa == NULL) {
+ OPENSSL_LOG_ERR(
+ " failed to allocate resources\n");
+ return -1;
+ }
+
+ dsa->p = BN_bin2bn((const unsigned char *)
+ xform->dsa.p.data,
+ xform->dsa.p.length,
+ dsa->p);
+
+ dsa->g = BN_bin2bn((const unsigned char *)
+ xform->dsa.g.data,
+ xform->dsa.g.length,
+ dsa->g);
+
+ dsa->q = BN_bin2bn((const unsigned char *)
+ xform->dsa.q.data,
+ xform->dsa.q.length,
+ dsa->q);
+
+ dsa->priv_key = BN_bin2bn((const unsigned char *)
+ xform->dsa.x.data,
+ xform->dsa.x.length,
+ dsa->priv_key);
+
+ break;
+ }
+ default:
+ return -1;
+ }
+
+ return 0;
+}
+
+/** Configure the session from a crypto xform chain */
+static int
+openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
+ struct rte_crypto_asym_xform *xform,
+ struct rte_cryptodev_asym_session *sess,
+ struct rte_mempool *mempool)
+{
+ void *asym_sess_private_data;
+ int ret;
+
+ if (unlikely(sess == NULL)) {
+ OPENSSL_LOG_ERR("invalid asymmetric session struct");
+ return -EINVAL;
+ }
+
+ if (rte_mempool_get(mempool, &asym_sess_private_data)) {
+ CDEV_LOG_ERR(
+ "Couldn't get object from session mempool");
+ return -ENOMEM;
+ }
+
+ ret = openssl_set_asym_session_parameters(asym_sess_private_data,
+ xform);
+ if (ret != 0) {
+ OPENSSL_LOG_ERR("failed configure session parameters");
+
+ /* Return session to mempool */
+ rte_mempool_put(mempool, asym_sess_private_data);
+ return ret;
+ }
+
+ set_asym_session_private_data(sess, dev->driver_id,
+ asym_sess_private_data);
+
+ return 0;
+}
/** Clear the memory of session so it doesn't leave key material behind */
static void
@@ -732,6 +1068,58 @@ openssl_pmd_session_clear(struct rte_cryptodev *dev,
}
}
+static void openssl_reset_asym_session(struct openssl_asym_session *sess)
+{
+ switch (sess->xfrm_type) {
+ case RTE_CRYPTO_ASYM_XFORM_RSA:
+ if (sess->u.r.rsa)
+ RSA_free(sess->u.r.rsa);
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_MODEX:
+ if (sess->u.e.ctx) {
+ BN_CTX_end(sess->u.e.ctx);
+ BN_CTX_free(sess->u.e.ctx);
+ }
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_MODINV:
+ if (sess->u.m.ctx) {
+ BN_CTX_end(sess->u.m.ctx);
+ BN_CTX_free(sess->u.m.ctx);
+ }
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_DH:
+ if (sess->u.dh.dh_key)
+ DH_free(sess->u.dh.dh_key);
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_DSA:
+ if (sess->u.s.dsa)
+ DSA_free(sess->u.s.dsa);
+ break;
+ default:
+ break;
+ }
+}
+
+/** Clear the memory of asymmetric session
+ * so it doesn't leave key material behind
+ */
+static void
+openssl_pmd_asym_session_clear(struct rte_cryptodev *dev,
+ struct rte_cryptodev_asym_session *sess)
+{
+ uint8_t index = dev->driver_id;
+ void *sess_priv = get_asym_session_private_data(sess, index);
+
+ /* Zero out the whole structure */
+ if (sess_priv) {
+ openssl_reset_asym_session(sess_priv);
+ memset(sess_priv, 0, sizeof(struct openssl_asym_session));
+ struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+ set_asym_session_private_data(sess, index, NULL);
+ rte_mempool_put(sess_mp, sess_priv);
+ }
+}
+
struct rte_cryptodev_ops openssl_pmd_ops = {
.dev_configure = openssl_pmd_config,
.dev_start = openssl_pmd_start,
@@ -750,8 +1138,11 @@ struct rte_cryptodev_ops openssl_pmd_ops = {
.queue_pair_count = openssl_pmd_qp_count,
.session_get_size = openssl_pmd_session_get_size,
+ .asym_session_get_size = openssl_pmd_asym_session_get_size,
.session_configure = openssl_pmd_session_configure,
- .session_clear = openssl_pmd_session_clear
+ .asym_session_configure = openssl_pmd_asym_session_configure,
+ .session_clear = openssl_pmd_session_clear,
+ .asym_session_clear = openssl_pmd_asym_session_clear
};
struct rte_cryptodev_ops *rte_openssl_pmd_ops = &openssl_pmd_ops;
@@ -8,6 +8,10 @@
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/des.h>
+#include <openssl/rsa.h>
+#include <openssl/dh.h>
+#include <openssl/dsa.h>
+
#define CRYPTODEV_NAME_OPENSSL_PMD crypto_openssl
/**< Open SSL Crypto PMD device name */
@@ -157,6 +161,31 @@ struct openssl_session {
} __rte_cache_aligned;
+/** OPENSSL crypto private asymmetric session structure */
+struct openssl_asym_session {
+ enum rte_crypto_asym_xform_type xfrm_type;
+ union {
+ struct rsa {
+ RSA *rsa;
+ } r;
+ struct exp {
+ BIGNUM *exp;
+ BIGNUM *mod;
+ BN_CTX *ctx;
+ } e;
+ struct mod {
+ BIGNUM *modulus;
+ BN_CTX *ctx;
+ } m;
+ struct dh {
+ DH *dh_key;
+ uint32_t key_op;
+ } dh;
+ struct {
+ DSA *dsa;
+ } s;
+ } u;
+} __rte_cache_aligned;
/** Set and validate OPENSSL crypto session parameters */
extern int
openssl_set_session_parameters(struct openssl_session *sess,