diff options
| author |   Filip Tehlar <ftehlar@cisco.com> | 2021-05-03 15:29:56 +0000 |
|---|---|---|
| committer |   Damjan Marion <dmarion@me.com> | 2021-05-05 07:34:00 +0000 |
| commit | 06111a837d77323d253ecfd26557775fa0b03ca8 (patch) | |
| tree | d41200c0d91d01894b6caaa82e03c2f86c5800b2 /src/plugins/crypto_openssl | |
| parent | 9592909ecc1522cf36d4701f998b6f03c738e319 (diff) | |
crypto crypto-openssl: support hashing operations
Type: feature
Change-Id: I36041fe5c5f0ff129aee42516189807e96f62123
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src/plugins/crypto_openssl')
| -rw-r--r-- | src/plugins/crypto_openssl/main.c | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c index e93f476f30a..48846b14483 100644 --- a/src/plugins/crypto_openssl/main.c +++ b/src/plugins/crypto_openssl/main.c @@ -18,6 +18,7 @@ #include <openssl/evp.h> #include <openssl/hmac.h> #include <openssl/rand.h> +#include <openssl/sha.h> #include <vlib/vlib.h> #include <vnet/plugin/plugin.h> @@ -29,6 +30,7 @@ typedef struct CLIB_CACHE_LINE_ALIGN_MARK (cacheline0); EVP_CIPHER_CTX *evp_cipher_ctx; HMAC_CTX *hmac_ctx; + EVP_MD_CTX *hash_ctx; #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX _hmac_ctx; #endif @@ -67,6 +69,13 @@ static openssl_per_thread_data_t *per_thread_data = 0; #define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG #endif +#define foreach_openssl_hash_op \ + _ (SHA1, EVP_sha1) \ + _ (SHA224, EVP_sha224) \ + _ (SHA256, EVP_sha256) \ + _ (SHA384, EVP_sha384) \ + _ (SHA512, EVP_sha512) + #define foreach_openssl_hmac_op \ _(MD5, EVP_md5) \ _(SHA1, EVP_sha1) \ @@ -320,6 +329,40 @@ openssl_ops_dec_chacha20_poly1305 (vlib_main_t *vm, vnet_crypto_op_t *ops[], } static_always_inline u32 +openssl_ops_hash (vlib_main_t *vm, vnet_crypto_op_t *ops[], + vnet_crypto_op_chunk_t *chunks, u32 n_ops, const EVP_MD *md) +{ + openssl_per_thread_data_t *ptd = + vec_elt_at_index (per_thread_data, vm->thread_index); + EVP_MD_CTX *ctx = ptd->hash_ctx; + vnet_crypto_op_chunk_t *chp; + u32 md_len, i, j, n_fail = 0; + + for (i = 0; i < n_ops; i++) + { + vnet_crypto_op_t *op = ops[i]; + + EVP_DigestInit_ex (ctx, md, NULL); + if (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS) + { + chp = chunks + op->chunk_index; + for (j = 0; j < op->n_chunks; j++) + { + EVP_DigestUpdate (ctx, chp->src, chp->len); + chp += 1; + } + } + else + EVP_DigestUpdate (ctx, op->src, op->len); + + EVP_DigestFinal_ex (ctx, op->digest, &md_len); + op->digest_len = md_len; + op->status = VNET_CRYPTO_OP_STATUS_COMPLETED; + } + return n_ops - n_fail; +} + +static_always_inline u32 openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], vnet_crypto_op_chunk_t * chunks, u32 n_ops, const EVP_MD * md) @@ -397,6 +440,22 @@ openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[], foreach_openssl_evp_op; #undef _ +#define _(a, b) \ + static u32 openssl_ops_hash_##a (vlib_main_t *vm, vnet_crypto_op_t *ops[], \ + u32 n_ops) \ + { \ + return openssl_ops_hash (vm, ops, 0, n_ops, b ()); \ + } \ + static u32 openssl_ops_hash_chained_##a ( \ + vlib_main_t *vm, vnet_crypto_op_t *ops[], vnet_crypto_op_chunk_t *chunks, \ + u32 n_ops) \ + { \ + return openssl_ops_hash (vm, ops, chunks, n_ops, b ()); \ + } + +foreach_openssl_hash_op; +#undef _ + #define _(a, b) \ static u32 \ openssl_ops_hmac_##a (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops) \ @@ -440,6 +499,14 @@ crypto_openssl_init (vlib_main_t * vm) foreach_openssl_hmac_op; #undef _ +#define _(a, b) \ + vnet_crypto_register_ops_handlers (vm, eidx, VNET_CRYPTO_OP_##a##_HASH, \ + openssl_ops_hash_##a, \ + openssl_ops_hash_chained_##a); + + foreach_openssl_hash_op; +#undef _ + vec_validate_aligned (per_thread_data, tm->n_vlib_mains - 1, CLIB_CACHE_LINE_BYTES); @@ -448,6 +515,7 @@ crypto_openssl_init (vlib_main_t * vm) ptd->evp_cipher_ctx = EVP_CIPHER_CTX_new (); #if OPENSSL_VERSION_NUMBER >= 0x10100000L ptd->hmac_ctx = HMAC_CTX_new (); + ptd->hash_ctx = EVP_MD_CTX_create (); #else HMAC_CTX_init (&(ptd->_hmac_ctx)); ptd->hmac_ctx = &ptd->_hmac_ctx; |