crypto-openssl: refactor openssl API usage

For the openssl crypto engine based cipher encrypt/decrypt and HMAC IPSec
use cases, the openssl API calls of doing ctx init and key expansion are
moved to initialization stage.

In current implementation , the ctx is initialized with "key" and "iv" in
EVP_EncryptInit_ex (ctx, 0, 0, key->data, op->iv)
in data plane, while the ctx can be initialized with 'key' and 'iv' separately,
which means there could be two API calls:
 1. EVP_EncryptInit_ex (ctx, 0, 0, key->data, 0)
 2. EVP_EncryptInit_ex (ctx, 0, 0, 0, op->iv)

As the 'key' for certain IPSec SA is fixed and known, so call #1 can
be placed in IPSec SA initialization stage.
While call #2 should be kept in data plane for each packet, as the "iv"
is random for each packet.

Type: feature
Signed-off-by: Lijian Zhang <Lijian.Zhang@arm.com>
Change-Id: Ided4462c1d4a38addc3078b03d618209e040a07a

1 files changed, 20 insertions, 0 deletions

diff --git a/src/plugins/crypto_openssl/crypto_openssl.h b/src/plugins/crypto_openssl/crypto_openssl.h
new file mode 100644
index 00000000000..e16429fb5dd
--- /dev/null
+++ b/src/plugins/crypto_openssl/crypto_openssl.h
@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: Apache-2.0
+ * Copyright (c) 2023 ARM Ltd and/or its affiliates.
+ */
+
+#ifndef __crypto_openssl_h__
+#define __crypto_openssl_h__
+
+typedef void *(crypto_openssl_ctx_fn_t) (vnet_crypto_key_t *key,
+					 vnet_crypto_key_op_t kop,
+					 vnet_crypto_key_index_t idx);
+
+typedef struct
+{
+  u32 crypto_engine_index;
+  crypto_openssl_ctx_fn_t *ctx_fn[VNET_CRYPTO_N_ALGS];
+} crypto_openssl_main_t;
+
+extern crypto_openssl_main_t crypto_openssl_main;
+
+#endif /* __crypto_openssl_h__ */