aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/crypto_openssl/main.c
diff options
context:
space:
mode:
authorFilip Tehlar <ftehlar@cisco.com>2021-05-03 15:29:56 +0000
committerDamjan Marion <dmarion@me.com>2021-05-05 07:34:00 +0000
commit06111a837d77323d253ecfd26557775fa0b03ca8 (patch)
treed41200c0d91d01894b6caaa82e03c2f86c5800b2 /src/plugins/crypto_openssl/main.c
parent9592909ecc1522cf36d4701f998b6f03c738e319 (diff)
crypto crypto-openssl: support hashing operations
Type: feature Change-Id: I36041fe5c5f0ff129aee42516189807e96f62123 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src/plugins/crypto_openssl/main.c')
-rw-r--r--src/plugins/crypto_openssl/main.c68
1 files changed, 68 insertions, 0 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c
index e93f476f30a..48846b14483 100644
--- a/src/plugins/crypto_openssl/main.c
+++ b/src/plugins/crypto_openssl/main.c
@@ -18,6 +18,7 @@
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/rand.h>
+#include <openssl/sha.h>
#include <vlib/vlib.h>
#include <vnet/plugin/plugin.h>
@@ -29,6 +30,7 @@ typedef struct
CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
EVP_CIPHER_CTX *evp_cipher_ctx;
HMAC_CTX *hmac_ctx;
+ EVP_MD_CTX *hash_ctx;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
HMAC_CTX _hmac_ctx;
#endif
@@ -67,6 +69,13 @@ static openssl_per_thread_data_t *per_thread_data = 0;
#define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG
#endif
+#define foreach_openssl_hash_op \
+ _ (SHA1, EVP_sha1) \
+ _ (SHA224, EVP_sha224) \
+ _ (SHA256, EVP_sha256) \
+ _ (SHA384, EVP_sha384) \
+ _ (SHA512, EVP_sha512)
+
#define foreach_openssl_hmac_op \
_(MD5, EVP_md5) \
_(SHA1, EVP_sha1) \
@@ -320,6 +329,40 @@ openssl_ops_dec_chacha20_poly1305 (vlib_main_t *vm, vnet_crypto_op_t *ops[],
}
static_always_inline u32
+openssl_ops_hash (vlib_main_t *vm, vnet_crypto_op_t *ops[],
+ vnet_crypto_op_chunk_t *chunks, u32 n_ops, const EVP_MD *md)
+{
+ openssl_per_thread_data_t *ptd =
+ vec_elt_at_index (per_thread_data, vm->thread_index);
+ EVP_MD_CTX *ctx = ptd->hash_ctx;
+ vnet_crypto_op_chunk_t *chp;
+ u32 md_len, i, j, n_fail = 0;
+
+ for (i = 0; i < n_ops; i++)
+ {
+ vnet_crypto_op_t *op = ops[i];
+
+ EVP_DigestInit_ex (ctx, md, NULL);
+ if (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS)
+ {
+ chp = chunks + op->chunk_index;
+ for (j = 0; j < op->n_chunks; j++)
+ {
+ EVP_DigestUpdate (ctx, chp->src, chp->len);
+ chp += 1;
+ }
+ }
+ else
+ EVP_DigestUpdate (ctx, op->src, op->len);
+
+ EVP_DigestFinal_ex (ctx, op->digest, &md_len);
+ op->digest_len = md_len;
+ op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
+ }
+ return n_ops - n_fail;
+}
+
+static_always_inline u32
openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[],
vnet_crypto_op_chunk_t * chunks, u32 n_ops,
const EVP_MD * md)
@@ -397,6 +440,22 @@ openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[],
foreach_openssl_evp_op;
#undef _
+#define _(a, b) \
+ static u32 openssl_ops_hash_##a (vlib_main_t *vm, vnet_crypto_op_t *ops[], \
+ u32 n_ops) \
+ { \
+ return openssl_ops_hash (vm, ops, 0, n_ops, b ()); \
+ } \
+ static u32 openssl_ops_hash_chained_##a ( \
+ vlib_main_t *vm, vnet_crypto_op_t *ops[], vnet_crypto_op_chunk_t *chunks, \
+ u32 n_ops) \
+ { \
+ return openssl_ops_hash (vm, ops, chunks, n_ops, b ()); \
+ }
+
+foreach_openssl_hash_op;
+#undef _
+
#define _(a, b) \
static u32 \
openssl_ops_hmac_##a (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops) \
@@ -440,6 +499,14 @@ crypto_openssl_init (vlib_main_t * vm)
foreach_openssl_hmac_op;
#undef _
+#define _(a, b) \
+ vnet_crypto_register_ops_handlers (vm, eidx, VNET_CRYPTO_OP_##a##_HASH, \
+ openssl_ops_hash_##a, \
+ openssl_ops_hash_chained_##a);
+
+ foreach_openssl_hash_op;
+#undef _
+
vec_validate_aligned (per_thread_data, tm->n_vlib_mains - 1,
CLIB_CACHE_LINE_BYTES);
@@ -448,6 +515,7 @@ crypto_openssl_init (vlib_main_t * vm)
ptd->evp_cipher_ctx = EVP_CIPHER_CTX_new ();
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
ptd->hmac_ctx = HMAC_CTX_new ();
+ ptd->hash_ctx = EVP_MD_CTX_create ();
#else
HMAC_CTX_init (&(ptd->_hmac_ctx));
ptd->hmac_ctx = &ptd->_hmac_ctx;