diff options
Diffstat (limited to 'drivers/crypto/openssl')
-rw-r--r-- | drivers/crypto/openssl/compat.h | 265 | ||||
-rw-r--r-- | drivers/crypto/openssl/rte_openssl_pmd.c | 29 | ||||
-rw-r--r-- | drivers/crypto/openssl/rte_openssl_pmd_ops.c | 40 |
3 files changed, 212 insertions, 122 deletions
diff --git a/drivers/crypto/openssl/compat.h b/drivers/crypto/openssl/compat.h index 45f9a33d..eecb7d36 100644 --- a/drivers/crypto/openssl/compat.h +++ b/drivers/crypto/openssl/compat.h @@ -7,101 +7,190 @@ #if (OPENSSL_VERSION_NUMBER < 0x10100000L) -#define set_rsa_params(rsa, p, q, ret) \ - do {rsa->p = p; rsa->q = q; ret = 0; } while (0) - -#define set_rsa_crt_params(rsa, dmp1, dmq1, iqmp, ret) \ - do { \ - rsa->dmp1 = dmp1; \ - rsa->dmq1 = dmq1; \ - rsa->iqmp = iqmp; \ - ret = 0; \ - } while (0) - -#define set_rsa_keys(rsa, n, e, d, ret) \ - do { \ - rsa->n = n; rsa->e = e; rsa->d = d; ret = 0; \ - } while (0) - -#define set_dh_params(dh, p, g, ret) \ - do { \ - dh->p = p; \ - dh->q = NULL; \ - dh->g = g; \ - ret = 0; \ - } while (0) - -#define set_dh_priv_key(dh, priv_key, ret) \ - do { dh->priv_key = priv_key; ret = 0; } while (0) - -#define set_dsa_params(dsa, p, q, g, ret) \ - do { dsa->p = p; dsa->q = q; dsa->g = g; ret = 0; } while (0) - -#define get_dh_pub_key(dh, pub_key) \ - (pub_key = dh->pub_key) - -#define get_dh_priv_key(dh, priv_key) \ - (priv_key = dh->priv_key) - -#define set_dsa_sign(sign, r, s) \ - do { sign->r = r; sign->s = s; } while (0) - -#define get_dsa_sign(sign, r, s) \ - do { r = sign->r; s = sign->s; } while (0) - -#define set_dsa_keys(dsa, pub, priv, ret) \ - do { dsa->pub_key = pub; dsa->priv_key = priv; ret = 0; } while (0) - -#define set_dsa_pub_key(dsa, pub_key) \ - (dsa->pub_key = pub_key) - -#define get_dsa_priv_key(dsa, priv_key) \ - (priv_key = dsa->priv_key) +static __rte_always_inline int +set_rsa_params(RSA *rsa, BIGNUM *p, BIGNUM *q) +{ + rsa->p = p; + rsa->q = q; + return 0; +} + +static __rte_always_inline int +set_rsa_crt_params(RSA *rsa, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) +{ + rsa->dmp1 = dmp1; + rsa->dmq1 = dmq1; + rsa->iqmp = iqmp; + return 0; +} + +static __rte_always_inline int +set_rsa_keys(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d) +{ + rsa->n = n; + rsa->e = e; + rsa->d = d; + return 0; +} + +static __rte_always_inline int +set_dh_params(DH *dh, BIGNUM *p, BIGNUM *g) +{ + dh->p = p; + dh->q = NULL; + dh->g = g; + return 0; +} + +static __rte_always_inline int +set_dh_priv_key(DH *dh, BIGNUM *priv_key) +{ + dh->priv_key = priv_key; + return 0; +} + +static __rte_always_inline int +set_dsa_params(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + dsa->p = p; + dsa->q = q; + dsa->g = g; + return 0; +} + +static __rte_always_inline void +get_dh_pub_key(DH *dh, const BIGNUM **pub_key) +{ + *pub_key = dh->pub_key; +} + +static __rte_always_inline void +get_dh_priv_key(DH *dh, const BIGNUM **priv_key) +{ + *priv_key = dh->priv_key; +} + +static __rte_always_inline void +set_dsa_sign(DSA_SIG *sign, BIGNUM *r, BIGNUM *s) +{ + sign->r = r; + sign->s = s; +} + +static __rte_always_inline void +get_dsa_sign(DSA_SIG *sign, const BIGNUM **r, const BIGNUM **s) +{ + *r = sign->r; + *s = sign->s; +} + +static __rte_always_inline int +set_dsa_keys(DSA *dsa, BIGNUM *pub, BIGNUM *priv) +{ + dsa->pub_key = pub; + dsa->priv_key = priv; + return 0; +} + +static __rte_always_inline void +set_dsa_pub_key(DSA *dsa, BIGNUM *pub) +{ + dsa->pub_key = pub; +} + +static __rte_always_inline void +get_dsa_priv_key(DSA *dsa, BIGNUM **priv_key) +{ + *priv_key = dsa->priv_key; +} #else -#define set_rsa_params(rsa, p, q, ret) \ - (ret = !RSA_set0_factors(rsa, p, q)) +static __rte_always_inline int +set_rsa_params(RSA *rsa, BIGNUM *p, BIGNUM *q) +{ + return !(RSA_set0_factors(rsa, p, q)); +} -#define set_rsa_crt_params(rsa, dmp1, dmq1, iqmp, ret) \ - (ret = !RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) +static __rte_always_inline int +set_rsa_crt_params(RSA *rsa, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) +{ + return !(RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)); +} /* n, e must be non-null, d can be NULL */ -#define set_rsa_keys(rsa, n, e, d, ret) \ - (ret = !RSA_set0_key(rsa, n, e, d)) - -#define set_dh_params(dh, p, g, ret) \ - (ret = !DH_set0_pqg(dh, p, NULL, g)) - -#define set_dh_priv_key(dh, priv_key, ret) \ - (ret = !DH_set0_key(dh, NULL, priv_key)) - -#define get_dh_pub_key(dh, pub_key) \ - (DH_get0_key(dh_key, &pub_key, NULL)) - -#define get_dh_priv_key(dh, priv_key) \ - (DH_get0_key(dh_key, NULL, &priv_key)) - -#define set_dsa_params(dsa, p, q, g, ret) \ - (ret = !DSA_set0_pqg(dsa, p, q, g)) - -#define set_dsa_priv_key(dsa, priv_key) \ - (DSA_set0_key(dsa, NULL, priv_key)) - -#define set_dsa_sign(sign, r, s) \ - (DSA_SIG_set0(sign, r, s)) - -#define get_dsa_sign(sign, r, s) \ - (DSA_SIG_get0(sign, &r, &s)) - -#define set_dsa_keys(dsa, pub, priv, ret) \ - (ret = !DSA_set0_key(dsa, pub, priv)) - -#define set_dsa_pub_key(dsa, pub_key) \ - (DSA_set0_key(dsa, pub_key, NULL)) -#define get_dsa_priv_key(dsa, priv_key) \ - (DSA_get0_key(dsa, NULL, &priv_key)) +static __rte_always_inline int +set_rsa_keys(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d) +{ + return !(RSA_set0_key(rsa, n, e, d)); +} + +static __rte_always_inline int +set_dh_params(DH *dh, BIGNUM *p, BIGNUM *g) +{ + return !(DH_set0_pqg(dh, p, NULL, g)); +} + +static __rte_always_inline int +set_dh_priv_key(DH *dh, BIGNUM *priv_key) +{ + return !(DH_set0_key(dh, NULL, priv_key)); +} + +static __rte_always_inline void +get_dh_pub_key(DH *dh_key, const BIGNUM **pub_key) +{ + DH_get0_key(dh_key, pub_key, NULL); +} + +static __rte_always_inline void +get_dh_priv_key(DH *dh_key, const BIGNUM **priv_key) +{ + DH_get0_key(dh_key, NULL, priv_key); +} + +static __rte_always_inline int +set_dsa_params(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + return !(DSA_set0_pqg(dsa, p, q, g)); +} + +static __rte_always_inline void +set_dsa_priv_key(DSA *dsa, BIGNUM *priv_key) +{ + DSA_set0_key(dsa, NULL, priv_key); +} + +static __rte_always_inline void +set_dsa_sign(DSA_SIG *sign, BIGNUM *r, BIGNUM *s) +{ + DSA_SIG_set0(sign, r, s); +} + +static __rte_always_inline void +get_dsa_sign(DSA_SIG *sign, const BIGNUM **r, const BIGNUM **s) +{ + DSA_SIG_get0(sign, r, s); +} + +static __rte_always_inline int +set_dsa_keys(DSA *dsa, BIGNUM *pub, BIGNUM *priv) +{ + return !(DSA_set0_key(dsa, pub, priv)); +} + +static __rte_always_inline void +set_dsa_pub_key(DSA *dsa, BIGNUM *pub_key) +{ + DSA_set0_key(dsa, pub_key, NULL); +} + +static __rte_always_inline void +get_dsa_priv_key(DSA *dsa, const BIGNUM **priv_key) +{ + DSA_get0_key(dsa, NULL, priv_key); +} #endif /* version < 10100000 */ diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 7d263aba..003116dc 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1509,15 +1509,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, srclen = op->sym->auth.data.length; - if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) - dst = qp->temp_digest; - else { - dst = op->sym->auth.digest.data; - if (dst == NULL) - dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, - op->sym->auth.data.offset + - op->sym->auth.data.length); - } + dst = qp->temp_digest; switch (sess->auth.mode) { case OPENSSL_AUTH_AS_AUTH: @@ -1540,6 +1532,15 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, sess->auth.digest_length) != 0) { op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; } + } else { + uint8_t *auth_dst; + + auth_dst = op->sym->auth.digest.data; + if (auth_dst == NULL) + auth_dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, + op->sym->auth.data.offset + + op->sym->auth.data.length); + memcpy(auth_dst, dst, sess->auth.digest_length); } if (status != 0) @@ -1564,7 +1565,7 @@ process_openssl_dsa_sign_op(struct rte_crypto_op *cop, cop->status = RTE_CRYPTO_OP_STATUS_ERROR; } else { const BIGNUM *r = NULL, *s = NULL; - get_dsa_sign(sign, r, s); + get_dsa_sign(sign, &r, &s); op->r.length = BN_bn2bin(r, op->r.data); op->s.length = BN_bn2bin(s, op->s.data); @@ -1666,7 +1667,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop, cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; return -1; } - set_dh_priv_key(dh_key, priv_key, ret); + ret = set_dh_priv_key(dh_key, priv_key); if (ret) { OPENSSL_LOG(ERR, "Failed to set private key\n"); cop->status = RTE_CRYPTO_OP_STATUS_ERROR; @@ -1715,7 +1716,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop, cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; return -1; } - set_dh_priv_key(dh_key, priv_key, ret); + ret = set_dh_priv_key(dh_key, priv_key); if (ret) { OPENSSL_LOG(ERR, "Failed to set private key\n"); cop->status = RTE_CRYPTO_OP_STATUS_ERROR; @@ -1743,7 +1744,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop, __func__, __LINE__); /* get the generated keys */ - get_dh_pub_key(dh_key, pub_key); + get_dh_pub_key(dh_key, &pub_key); /* output public key */ op->pub_key.length = BN_bn2bin(pub_key, @@ -1758,7 +1759,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop, __func__, __LINE__); /* get the generated keys */ - get_dh_priv_key(dh_key, priv_key); + get_dh_priv_key(dh_key, &priv_key); /* provide generated private key back to user */ op->priv_key.length = BN_bn2bin(priv_key, diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index de228439..c2b029ec 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -26,9 +26,9 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { .increment = 1 }, .digest_size = { - .min = 16, + .min = 1, .max = 16, - .increment = 0 + .increment = 1 }, .iv_size = { 0 } }, } @@ -68,9 +68,9 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { .increment = 1 }, .digest_size = { - .min = 20, + .min = 1, .max = 20, - .increment = 0 + .increment = 1 }, .iv_size = { 0 } }, } @@ -110,9 +110,9 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { .increment = 1 }, .digest_size = { - .min = 28, + .min = 1, .max = 28, - .increment = 0 + .increment = 1 }, .iv_size = { 0 } }, } @@ -131,9 +131,9 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { .increment = 0 }, .digest_size = { - .min = 28, + .min = 1, .max = 28, - .increment = 0 + .increment = 1 }, .iv_size = { 0 } }, } @@ -152,9 +152,9 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { .increment = 1 }, .digest_size = { - .min = 32, + .min = 1, .max = 32, - .increment = 0 + .increment = 1 }, .iv_size = { 0 } }, } @@ -194,9 +194,9 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { .increment = 1 }, .digest_size = { - .min = 48, + .min = 1, .max = 48, - .increment = 0 + .increment = 1 }, .iv_size = { 0 } }, } @@ -236,9 +236,9 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { .increment = 1 }, .digest_size = { - .min = 64, + .min = 1, .max = 64, - .increment = 0 + .increment = 1 }, .iv_size = { 0 } }, } @@ -875,14 +875,14 @@ static int openssl_set_asym_session_parameters( RSA_free(rsa); goto err_rsa; } - set_rsa_params(rsa, p, q, ret); + ret = set_rsa_params(rsa, p, q); if (ret) { OPENSSL_LOG(ERR, "failed to set rsa params\n"); RSA_free(rsa); goto err_rsa; } - set_rsa_crt_params(rsa, dmp1, dmq1, iqmp, ret); + ret = set_rsa_crt_params(rsa, dmp1, dmq1, iqmp); if (ret) { OPENSSL_LOG(ERR, "failed to set crt params\n"); @@ -896,7 +896,7 @@ static int openssl_set_asym_session_parameters( } } - set_rsa_keys(rsa, n, e, d, ret); + ret = set_rsa_keys(rsa, n, e, d); if (ret) { OPENSSL_LOG(ERR, "Failed to load rsa keys\n"); RSA_free(rsa); @@ -1005,7 +1005,7 @@ err_rsa: "failed to allocate resources\n"); goto err_dh; } - set_dh_params(dh, p, g, ret); + ret = set_dh_params(dh, p, g); if (ret) { DH_free(dh); goto err_dh; @@ -1087,7 +1087,7 @@ err_dh: goto err_dsa; } - set_dsa_params(dsa, p, q, g, ret); + ret = set_dsa_params(dsa, p, q, g); if (ret) { DSA_free(dsa); OPENSSL_LOG(ERR, "Failed to dsa params\n"); @@ -1101,7 +1101,7 @@ err_dh: * both versions */ /* just set dummy public for very 1st call */ - set_dsa_keys(dsa, pub_key, priv_key, ret); + ret = set_dsa_keys(dsa, pub_key, priv_key); if (ret) { DSA_free(dsa); OPENSSL_LOG(ERR, "Failed to set keys\n"); |