d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

crypto/openssl: support scatter-gather

Browse Source 
Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
This commit is contained in:
Tomasz Kulasek 2017-01-13 16:23:16 +01:00 committed by Pablo de Lara
parent 2d03ec6abd
commit 8f675fc72d
2 changed files with 259 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/guides/cryptodevs/openssl.rst
View File

@ -112,6 +112,7 @@ Limitations
----------- -----------
* Maximum number of sessions is 2048. * Maximum number of sessions is 2048.
* Chained mbufs are not supported. * Chained mbufs are supported only for source mbuf (destination must be
contiguous).
* Hash only is not supported for GCM and GMAC. * Hash only is not supported for GCM and GMAC.
* Cipher only is not supported for GCM and GMAC. * Cipher only is not supported for GCM and GMAC.

329
drivers/crypto/openssl/rte_openssl_pmd.c
View File

@ -484,24 +484,112 @@ get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
* Process Operations * Process Operations
*------------------------------------------------------------------------------ *------------------------------------------------------------------------------
*/ */
static inline int
process_openssl_encryption_update(struct rte_mbuf *mbuf_src, int offset,
uint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx)
{
struct rte_mbuf *m;
int dstlen;
int l, n = srclen;
uint8_t *src;
for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
m = m->next)
offset -= rte_pktmbuf_data_len(m);
if (m == 0)
return -1;
src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
l = rte_pktmbuf_data_len(m) - offset;
if (srclen <= l) {
if (EVP_EncryptUpdate(ctx, *dst, &dstlen, src, srclen) <= 0)
return -1;
*dst += l;
return 0;
}
if (EVP_EncryptUpdate(ctx, *dst, &dstlen, src, l) <= 0)
return -1;
*dst += dstlen;
n -= l;
for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
src = rte_pktmbuf_mtod(m, uint8_t *);
l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
if (EVP_EncryptUpdate(ctx, *dst, &dstlen, src, l) <= 0)
return -1;
*dst += dstlen;
n -= l;
}
return 0;
}
static inline int
process_openssl_decryption_update(struct rte_mbuf *mbuf_src, int offset,
uint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx)
{
struct rte_mbuf *m;
int dstlen;
int l, n = srclen;
uint8_t *src;
for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
m = m->next)
offset -= rte_pktmbuf_data_len(m);
if (m == 0)
return -1;
src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
l = rte_pktmbuf_data_len(m) - offset;
if (srclen <= l) {
if (EVP_DecryptUpdate(ctx, *dst, &dstlen, src, srclen) <= 0)
return -1;
*dst += l;
return 0;
}
if (EVP_DecryptUpdate(ctx, *dst, &dstlen, src, l) <= 0)
return -1;
*dst += dstlen;
n -= l;
for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
src = rte_pktmbuf_mtod(m, uint8_t *);
l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
if (EVP_DecryptUpdate(ctx, *dst, &dstlen, src, l) <= 0)
return -1;
*dst += dstlen;
n -= l;
}
return 0;
}
/** Process standard openssl cipher encryption */ /** Process standard openssl cipher encryption */
static int static int
process_openssl_cipher_encrypt(uint8_t *src, uint8_t *dst, process_openssl_cipher_encrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,
uint8_t *iv, uint8_t *key, int srclen, int offset, uint8_t *iv, uint8_t *key, int srclen,
EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo) EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)
{ {
int dstlen, totlen; int totlen;
if (EVP_EncryptInit_ex(ctx, algo, NULL, key, iv) <= 0) if (EVP_EncryptInit_ex(ctx, algo, NULL, key, iv) <= 0)
goto process_cipher_encrypt_err; goto process_cipher_encrypt_err;
EVP_CIPHER_CTX_set_padding(ctx, 0); EVP_CIPHER_CTX_set_padding(ctx, 0);
if (EVP_EncryptUpdate(ctx, dst, &dstlen, src, srclen) <= 0) if (process_openssl_encryption_update(mbuf_src, offset, &dst,
srclen, ctx))
goto process_cipher_encrypt_err; goto process_cipher_encrypt_err;
if (EVP_EncryptFinal_ex(ctx, dst + dstlen, &totlen) <= 0) if (EVP_EncryptFinal_ex(ctx, dst, &totlen) <= 0)
goto process_cipher_encrypt_err; goto process_cipher_encrypt_err;
return 0; return 0;
@ -513,23 +601,23 @@ process_openssl_cipher_encrypt(uint8_t *src, uint8_t *dst,
/** Process standard openssl cipher decryption */ /** Process standard openssl cipher decryption */
static int static int
process_openssl_cipher_decrypt(uint8_t *src, uint8_t *dst, process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,
uint8_t *iv, uint8_t *key, int srclen, int offset, uint8_t *iv, uint8_t *key, int srclen,
EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo) EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)
{ {
int dstlen, totlen; int totlen;
if (EVP_DecryptInit_ex(ctx, algo, NULL, key, iv) <= 0) if (EVP_DecryptInit_ex(ctx, algo, NULL, key, iv) <= 0)
goto process_cipher_decrypt_err; goto process_cipher_decrypt_err;
EVP_CIPHER_CTX_set_padding(ctx, 0); EVP_CIPHER_CTX_set_padding(ctx, 0);
if (EVP_DecryptUpdate(ctx, dst, &dstlen, src, srclen) <= 0) if (process_openssl_decryption_update(mbuf_src, offset, &dst,
srclen, ctx))
goto process_cipher_decrypt_err; goto process_cipher_decrypt_err;
if (EVP_DecryptFinal_ex(ctx, dst + dstlen, &totlen) <= 0) if (EVP_DecryptFinal_ex(ctx, dst, &totlen) <= 0)
goto process_cipher_decrypt_err; goto process_cipher_decrypt_err;
return 0; return 0;
process_cipher_decrypt_err: process_cipher_decrypt_err:
@ -539,11 +627,25 @@ process_openssl_cipher_decrypt(uint8_t *src, uint8_t *dst,
/** Process cipher des 3 ctr encryption, decryption algorithm */ /** Process cipher des 3 ctr encryption, decryption algorithm */
static int static int
process_openssl_cipher_des3ctr(uint8_t *src, uint8_t *dst, process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
uint8_t *iv, uint8_t *key, int srclen, EVP_CIPHER_CTX *ctx) int offset, uint8_t *iv, uint8_t *key, int srclen,
EVP_CIPHER_CTX *ctx)
{ {
uint8_t ebuf[8], ctr[8]; uint8_t ebuf[8], ctr[8];
int unused, n; int unused, n;
struct rte_mbuf *m;
uint8_t *src;
int l;
for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
m = m->next)
offset -= rte_pktmbuf_data_len(m);
if (m == 0)
goto process_cipher_des3ctr_err;
src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
l = rte_pktmbuf_data_len(m) - offset;
/* We use 3DES encryption also for decryption. /* We use 3DES encryption also for decryption.
* IV is not important for 3DES ecb * IV is not important for 3DES ecb
@ -552,9 +654,8 @@ process_openssl_cipher_des3ctr(uint8_t *src, uint8_t *dst,
goto process_cipher_des3ctr_err; goto process_cipher_des3ctr_err;
memcpy(ctr, iv, 8); memcpy(ctr, iv, 8);
n = 0;
while (n < srclen) { for (n = 0; n < srclen; n++) {
if (n % 8 == 0) { if (n % 8 == 0) {
if (EVP_EncryptUpdate(ctx, if (EVP_EncryptUpdate(ctx,
(unsigned char *)&ebuf, &unused, (unsigned char *)&ebuf, &unused,
@ -562,8 +663,16 @@ process_openssl_cipher_des3ctr(uint8_t *src, uint8_t *dst,
goto process_cipher_des3ctr_err; goto process_cipher_des3ctr_err;
ctr_inc(ctr); ctr_inc(ctr);
} }
dst[n] = src[n] ^ ebuf[n % 8]; dst[n] = *(src++) ^ ebuf[n % 8];
n++;
l--;
if (!l) {
m = m->next;
if (m) {
src = rte_pktmbuf_mtod(m, uint8_t *);
l = rte_pktmbuf_data_len(m);
}
}
} }
return 0; return 0;
@ -575,9 +684,9 @@ process_openssl_cipher_des3ctr(uint8_t *src, uint8_t *dst,
/** Process auth/encription aes-gcm algorithm */ /** Process auth/encription aes-gcm algorithm */
static int static int
process_openssl_auth_encryption_gcm(uint8_t *src, int srclen, process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, int offset,
uint8_t *aad, int aadlen, uint8_t *iv, int ivlen, int srclen, uint8_t *aad, int aadlen, uint8_t *iv, int ivlen,
uint8_t *key, uint8_t *dst, uint8_t *tag, uint8_t *key, uint8_t *dst, uint8_t *tag,
EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo) EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)
{ {
int len = 0, unused = 0; int len = 0, unused = 0;
@ -592,20 +701,20 @@ process_openssl_auth_encryption_gcm(uint8_t *src, int srclen,
if (EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv) <= 0) if (EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv) <= 0)
goto process_auth_encryption_gcm_err; goto process_auth_encryption_gcm_err;
if (aadlen > 0) { if (aadlen > 0)
if (EVP_EncryptUpdate(ctx, NULL, &len, aad, aadlen) <= 0) if (EVP_EncryptUpdate(ctx, NULL, &len, aad, aadlen) <= 0)
goto process_auth_encryption_gcm_err; goto process_auth_encryption_gcm_err;
/* Workaround open ssl bug in version less then 1.0.1f */
if (EVP_EncryptUpdate(ctx, empty, &unused, empty, 0) <= 0)
goto process_auth_encryption_gcm_err;
}
if (srclen > 0) if (srclen > 0)
if (EVP_EncryptUpdate(ctx, dst, &len, src, srclen) <= 0) if (process_openssl_encryption_update(mbuf_src, offset, &dst,
srclen, ctx))
goto process_auth_encryption_gcm_err; goto process_auth_encryption_gcm_err;
if (EVP_EncryptFinal_ex(ctx, dst + len, &len) <= 0) /* Workaround open ssl bug in version less then 1.0.1f */
if (EVP_EncryptUpdate(ctx, empty, &unused, empty, 0) <= 0)
goto process_auth_encryption_gcm_err;
if (EVP_EncryptFinal_ex(ctx, dst, &len) <= 0)
goto process_auth_encryption_gcm_err; goto process_auth_encryption_gcm_err;
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag) <= 0) if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag) <= 0)
@ -619,10 +728,10 @@ process_openssl_auth_encryption_gcm(uint8_t *src, int srclen,
} }
static int static int
process_openssl_auth_decryption_gcm(uint8_t *src, int srclen, process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int offset,
uint8_t *aad, int aadlen, uint8_t *iv, int ivlen, int srclen, uint8_t *aad, int aadlen, uint8_t *iv, int ivlen,
uint8_t *key, uint8_t *dst, uint8_t *tag, uint8_t *key, uint8_t *dst, uint8_t *tag, EVP_CIPHER_CTX *ctx,
EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo) const EVP_CIPHER *algo)
{ {
int len = 0, unused = 0; int len = 0, unused = 0;
uint8_t empty[] = {}; uint8_t empty[] = {};
@ -639,20 +748,20 @@ process_openssl_auth_decryption_gcm(uint8_t *src, int srclen,
if (EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv) <= 0) if (EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv) <= 0)
goto process_auth_decryption_gcm_err; goto process_auth_decryption_gcm_err;
if (aadlen > 0) { if (aadlen > 0)
if (EVP_DecryptUpdate(ctx, NULL, &len, aad, aadlen) <= 0) if (EVP_DecryptUpdate(ctx, NULL, &len, aad, aadlen) <= 0)
goto process_auth_decryption_gcm_err; goto process_auth_decryption_gcm_err;
/* Workaround open ssl bug in version less then 1.0.1f */
if (EVP_DecryptUpdate(ctx, empty, &unused, empty, 0) <= 0)
goto process_auth_decryption_gcm_err;
}
if (srclen > 0) if (srclen > 0)
if (EVP_DecryptUpdate(ctx, dst, &len, src, srclen) <= 0) if (process_openssl_decryption_update(mbuf_src, offset, &dst,
srclen, ctx))
goto process_auth_decryption_gcm_err; goto process_auth_decryption_gcm_err;
if (EVP_DecryptFinal_ex(ctx, dst + len, &len) <= 0) /* Workaround open ssl bug in version less then 1.0.1f */
if (EVP_DecryptUpdate(ctx, empty, &unused, empty, 0) <= 0)
goto process_auth_decryption_gcm_err;
if (EVP_DecryptFinal_ex(ctx, dst, &len) <= 0)
goto process_auth_decryption_gcm_final_err; goto process_auth_decryption_gcm_final_err;
return 0; return 0;
@ -667,21 +776,50 @@ process_openssl_auth_decryption_gcm(uint8_t *src, int srclen,
/** Process standard openssl auth algorithms */ /** Process standard openssl auth algorithms */
static int static int
process_openssl_auth(uint8_t *src, uint8_t *dst, process_openssl_auth(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
__rte_unused uint8_t *iv, __rte_unused EVP_PKEY * pkey, __rte_unused uint8_t *iv, __rte_unused EVP_PKEY * pkey,
int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo) int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo)
{ {
size_t dstlen; size_t dstlen;
struct rte_mbuf *m;
int l, n = srclen;
uint8_t *src;
for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
m = m->next)
offset -= rte_pktmbuf_data_len(m);
if (m == 0)
goto process_auth_err;
if (EVP_DigestInit_ex(ctx, algo, NULL) <= 0) if (EVP_DigestInit_ex(ctx, algo, NULL) <= 0)
goto process_auth_err; goto process_auth_err;
if (EVP_DigestUpdate(ctx, (char *)src, srclen) <= 0) src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
l = rte_pktmbuf_data_len(m) - offset;
if (srclen <= l) {
if (EVP_DigestUpdate(ctx, (char *)src, srclen) <= 0)
goto process_auth_err;
goto process_auth_final;
}
if (EVP_DigestUpdate(ctx, (char *)src, l) <= 0)
goto process_auth_err; goto process_auth_err;
n -= l;
for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
src = rte_pktmbuf_mtod(m, uint8_t *);
l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
if (EVP_DigestUpdate(ctx, (char *)src, l) <= 0)
goto process_auth_err;
n -= l;
}
process_auth_final:
if (EVP_DigestFinal_ex(ctx, dst, (unsigned int *)&dstlen) <= 0) if (EVP_DigestFinal_ex(ctx, dst, (unsigned int *)&dstlen) <= 0)
goto process_auth_err; goto process_auth_err;
return 0; return 0;
process_auth_err: process_auth_err:
@ -691,18 +829,48 @@ process_openssl_auth(uint8_t *src, uint8_t *dst,
/** Process standard openssl auth algorithms with hmac */ /** Process standard openssl auth algorithms with hmac */
static int static int
process_openssl_auth_hmac(uint8_t *src, uint8_t *dst, process_openssl_auth_hmac(struct rte_mbuf *mbuf_src, uint8_t *dst, int offset,
__rte_unused uint8_t *iv, EVP_PKEY *pkey, __rte_unused uint8_t *iv, EVP_PKEY *pkey,
int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo) int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo)
{ {
size_t dstlen; size_t dstlen;
struct rte_mbuf *m;
int l, n = srclen;
uint8_t *src;
for (m = mbuf_src; m != NULL && offset > rte_pktmbuf_data_len(m);
m = m->next)
offset -= rte_pktmbuf_data_len(m);
if (m == 0)
goto process_auth_err;
if (EVP_DigestSignInit(ctx, NULL, algo, NULL, pkey) <= 0) if (EVP_DigestSignInit(ctx, NULL, algo, NULL, pkey) <= 0)
goto process_auth_err; goto process_auth_err;
if (EVP_DigestSignUpdate(ctx, (char *)src, srclen) <= 0) src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
l = rte_pktmbuf_data_len(m) - offset;
if (srclen <= l) {
if (EVP_DigestSignUpdate(ctx, (char *)src, srclen) <= 0)
goto process_auth_err;
goto process_auth_final;
}
if (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0)
goto process_auth_err; goto process_auth_err;
n -= l;
for (m = m->next; (m != NULL) && (n > 0); m = m->next) {
src = rte_pktmbuf_mtod(m, uint8_t *);
l = rte_pktmbuf_data_len(m) < n ? rte_pktmbuf_data_len(m) : n;
if (EVP_DigestSignUpdate(ctx, (char *)src, l) <= 0)
goto process_auth_err;
n -= l;
}
process_auth_final:
if (EVP_DigestSignFinal(ctx, dst, &dstlen) <= 0) if (EVP_DigestSignFinal(ctx, dst, &dstlen) <= 0)
goto process_auth_err; goto process_auth_err;
@ -722,9 +890,18 @@ process_openssl_combined_op
struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst) struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst)
{ {
/* cipher */ /* cipher */
uint8_t *src = NULL, *dst = NULL, *iv, *tag, *aad; uint8_t *dst = NULL, *iv, *tag, *aad;
int srclen, ivlen, aadlen, status = -1; int srclen, ivlen, aadlen, status = -1;
/*
* Segmented destination buffer is not supported for
* encryption/decryption
*/
if (!rte_pktmbuf_is_contiguous(mbuf_dst)) {
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
return;
}
iv = op->sym->cipher.iv.data; iv = op->sym->cipher.iv.data;
ivlen = op->sym->cipher.iv.length; ivlen = op->sym->cipher.iv.length;
aad = op->sym->auth.aad.data; aad = op->sym->auth.aad.data;
@ -740,22 +917,22 @@ process_openssl_combined_op
srclen = 0; srclen = 0;
else { else {
srclen = op->sym->cipher.data.length; srclen = op->sym->cipher.data.length;
src = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *,
op->sym->cipher.data.offset);
dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
op->sym->cipher.data.offset); op->sym->cipher.data.offset);
} }
if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
status = process_openssl_auth_encryption_gcm( status = process_openssl_auth_encryption_gcm(
src, srclen, aad, aadlen, iv, ivlen, mbuf_src, op->sym->cipher.data.offset, srclen,
sess->cipher.key.data, dst, tag, aad, aadlen, iv, ivlen, sess->cipher.key.data,
sess->cipher.ctx, sess->cipher.evp_algo); dst, tag, sess->cipher.ctx,
sess->cipher.evp_algo);
else else
status = process_openssl_auth_decryption_gcm( status = process_openssl_auth_decryption_gcm(
src, srclen, aad, aadlen, iv, ivlen, mbuf_src, op->sym->cipher.data.offset, srclen,
sess->cipher.key.data, dst, tag, aad, aadlen, iv, ivlen, sess->cipher.key.data,
sess->cipher.ctx, sess->cipher.evp_algo); dst, tag, sess->cipher.ctx,
sess->cipher.evp_algo);
if (status != 0) { if (status != 0) {
if (status == (-EFAULT) && if (status == (-EFAULT) &&
@ -773,12 +950,19 @@ process_openssl_cipher_op
(struct rte_crypto_op *op, struct openssl_session *sess, (struct rte_crypto_op *op, struct openssl_session *sess,
struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst) struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst)
{ {
uint8_t *src, *dst, *iv; uint8_t *dst, *iv;
int srclen, status; int srclen, status;
/*
* Segmented destination buffer is not supported for
* encryption/decryption
*/
if (!rte_pktmbuf_is_contiguous(mbuf_dst)) {
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
return;
}
srclen = op->sym->cipher.data.length; srclen = op->sym->cipher.data.length;
src = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *,
op->sym->cipher.data.offset);
dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *, dst = rte_pktmbuf_mtod_offset(mbuf_dst, uint8_t *,
op->sym->cipher.data.offset); op->sym->cipher.data.offset);
@ -786,17 +970,20 @@ process_openssl_cipher_op
if (sess->cipher.mode == OPENSSL_CIPHER_LIB) if (sess->cipher.mode == OPENSSL_CIPHER_LIB)
if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT) if (sess->cipher.direction == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
status = process_openssl_cipher_encrypt(src, dst, iv, status = process_openssl_cipher_encrypt(mbuf_src, dst,
op->sym->cipher.data.offset, iv,
sess->cipher.key.data, srclen, sess->cipher.key.data, srclen,
sess->cipher.ctx, sess->cipher.ctx,
sess->cipher.evp_algo); sess->cipher.evp_algo);
else else
status = process_openssl_cipher_decrypt(src, dst, iv, status = process_openssl_cipher_decrypt(mbuf_src, dst,
op->sym->cipher.data.offset, iv,
sess->cipher.key.data, srclen, sess->cipher.key.data, srclen,
sess->cipher.ctx, sess->cipher.ctx,
sess->cipher.evp_algo); sess->cipher.evp_algo);
else else
status = process_openssl_cipher_des3ctr(src, dst, iv, status = process_openssl_cipher_des3ctr(mbuf_src, dst,
op->sym->cipher.data.offset, iv,
sess->cipher.key.data, srclen, sess->cipher.key.data, srclen,
sess->cipher.ctx); sess->cipher.ctx);
@ -810,12 +997,10 @@ process_openssl_auth_op
(struct rte_crypto_op *op, struct openssl_session *sess, (struct rte_crypto_op *op, struct openssl_session *sess,
struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst) struct rte_mbuf *mbuf_src, struct rte_mbuf *mbuf_dst)
{ {
uint8_t *src, *dst; uint8_t *dst;
int srclen, status; int srclen, status;
srclen = op->sym->auth.data.length; srclen = op->sym->auth.data.length;
src = rte_pktmbuf_mtod_offset(mbuf_src, uint8_t *,
op->sym->auth.data.offset);
if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY)
dst = (uint8_t *)rte_pktmbuf_append(mbuf_src, dst = (uint8_t *)rte_pktmbuf_append(mbuf_src,
@ -830,13 +1015,14 @@ process_openssl_auth_op
switch (sess->auth.mode) { switch (sess->auth.mode) {
case OPENSSL_AUTH_AS_AUTH: case OPENSSL_AUTH_AS_AUTH:
status = process_openssl_auth(src, dst, status = process_openssl_auth(mbuf_src, dst,
NULL, NULL, srclen, op->sym->auth.data.offset, NULL, NULL, srclen,
sess->auth.auth.ctx, sess->auth.auth.evp_algo); sess->auth.auth.ctx, sess->auth.auth.evp_algo);
break; break;
case OPENSSL_AUTH_AS_HMAC: case OPENSSL_AUTH_AS_HMAC:
status = process_openssl_auth_hmac(src, dst, status = process_openssl_auth_hmac(mbuf_src, dst,
NULL, sess->auth.hmac.pkey, srclen, op->sym->auth.data.offset, NULL,
sess->auth.hmac.pkey, srclen,
sess->auth.hmac.ctx, sess->auth.hmac.evp_algo); sess->auth.hmac.ctx, sess->auth.hmac.evp_algo);
break; break;
default: default:
@ -850,8 +1036,7 @@ process_openssl_auth_op
op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
} }
/* Trim area used for digest from mbuf. */ /* Trim area used for digest from mbuf. */
rte_pktmbuf_trim(mbuf_src, rte_pktmbuf_trim(mbuf_src, op->sym->auth.digest.length);
op->sym->auth.digest.length);
} }
if (status != 0) if (status != 0)
@ -902,7 +1087,6 @@ process_op(const struct openssl_qp *qp, struct rte_crypto_op *op,
op->sym->session = NULL; op->sym->session = NULL;
} }
if (op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED) if (op->status == RTE_CRYPTO_OP_STATUS_NOT_PROCESSED)
op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
@ -996,7 +1180,8 @@ cryptodev_openssl_create(const char *name,
dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
RTE_CRYPTODEV_FF_CPU_AESNI; RTE_CRYPTODEV_FF_CPU_AESNI |
RTE_CRYPTODEV_FF_MBUF_SCATTER_GATHER;
/* Set vector instructions mode supported */ /* Set vector instructions mode supported */
internals = dev->data->dev_private; internals = dev->data->dev_private;