2 *------------------------------------------------------------------
3 * Copyright (c) 2019 Cisco and/or its affiliates.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *------------------------------------------------------------------
18 #include <sys/syscall.h>
20 #include <openssl/evp.h>
21 #include <openssl/hmac.h>
22 #include <openssl/rand.h>
23 #include <openssl/sha.h>
25 #include <vlib/vlib.h>
26 #include <vnet/plugin/plugin.h>
27 #include <vnet/crypto/crypto.h>
28 #include <vpp/app/version.h>
32 CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
33 EVP_CIPHER_CTX *evp_cipher_ctx;
36 #if OPENSSL_VERSION_NUMBER < 0x10100000L
39 } openssl_per_thread_data_t;
41 static openssl_per_thread_data_t *per_thread_data = 0;
43 #define foreach_openssl_aes_evp_op \
44 _ (cbc, DES_CBC, EVP_des_cbc, 8) \
45 _ (cbc, 3DES_CBC, EVP_des_ede3_cbc, 8) \
46 _ (cbc, AES_128_CBC, EVP_aes_128_cbc, 16) \
47 _ (cbc, AES_192_CBC, EVP_aes_192_cbc, 16) \
48 _ (cbc, AES_256_CBC, EVP_aes_256_cbc, 16) \
49 _ (gcm, AES_128_GCM, EVP_aes_128_gcm, 8) \
50 _ (gcm, AES_192_GCM, EVP_aes_192_gcm, 8) \
51 _ (gcm, AES_256_GCM, EVP_aes_256_gcm, 8) \
52 _ (cbc, AES_128_CTR, EVP_aes_128_ctr, 8) \
53 _ (cbc, AES_192_CTR, EVP_aes_192_ctr, 8) \
54 _ (cbc, AES_256_CTR, EVP_aes_256_ctr, 8)
56 #define foreach_openssl_chacha20_evp_op \
57 _ (chacha20_poly1305, CHACHA20_POLY1305, EVP_chacha20_poly1305, 8)
59 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
60 #define foreach_openssl_evp_op foreach_openssl_aes_evp_op \
61 foreach_openssl_chacha20_evp_op
63 #define foreach_openssl_evp_op foreach_openssl_aes_evp_op
66 #ifndef EVP_CTRL_AEAD_GET_TAG
67 #define EVP_CTRL_AEAD_GET_TAG EVP_CTRL_GCM_GET_TAG
70 #ifndef EVP_CTRL_AEAD_SET_TAG
71 #define EVP_CTRL_AEAD_SET_TAG EVP_CTRL_GCM_SET_TAG
74 #define foreach_openssl_hash_op \
76 _ (SHA224, EVP_sha224) \
77 _ (SHA256, EVP_sha256) \
78 _ (SHA384, EVP_sha384) \
79 _ (SHA512, EVP_sha512)
81 #define foreach_openssl_hmac_op \
84 _(SHA224, EVP_sha224) \
85 _(SHA256, EVP_sha256) \
86 _(SHA384, EVP_sha384) \
89 static_always_inline u32
90 openssl_ops_enc_cbc (vlib_main_t *vm, vnet_crypto_op_t *ops[],
91 vnet_crypto_op_chunk_t *chunks, u32 n_ops,
92 const EVP_CIPHER *cipher, const int iv_len)
94 openssl_per_thread_data_t *ptd = vec_elt_at_index (per_thread_data,
96 EVP_CIPHER_CTX *ctx = ptd->evp_cipher_ctx;
97 vnet_crypto_op_chunk_t *chp;
98 u32 i, j, curr_len = 0;
99 u8 out_buf[VLIB_BUFFER_DEFAULT_DATA_SIZE * 5];
101 for (i = 0; i < n_ops; i++)
103 vnet_crypto_op_t *op = ops[i];
104 vnet_crypto_key_t *key = vnet_crypto_get_key (op->key_index);
107 if (op->flags & VNET_CRYPTO_OP_FLAG_INIT_IV)
108 RAND_bytes (op->iv, iv_len);
110 EVP_EncryptInit_ex (ctx, cipher, NULL, key->data, op->iv);
112 if (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS)
114 chp = chunks + op->chunk_index;
116 for (j = 0; j < op->n_chunks; j++)
118 EVP_EncryptUpdate (ctx, out_buf + offset, &out_len, chp->src,
124 if (out_len < curr_len)
125 EVP_EncryptFinal_ex (ctx, out_buf + offset, &out_len);
128 chp = chunks + op->chunk_index;
129 for (j = 0; j < op->n_chunks; j++)
131 clib_memcpy_fast (chp->dst, out_buf + offset, chp->len);
138 EVP_EncryptUpdate (ctx, op->dst, &out_len, op->src, op->len);
139 if (out_len < op->len)
140 EVP_EncryptFinal_ex (ctx, op->dst + out_len, &out_len);
142 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
147 static_always_inline u32
148 openssl_ops_dec_cbc (vlib_main_t *vm, vnet_crypto_op_t *ops[],
149 vnet_crypto_op_chunk_t *chunks, u32 n_ops,
150 const EVP_CIPHER *cipher, const int iv_len)
152 openssl_per_thread_data_t *ptd = vec_elt_at_index (per_thread_data,
154 EVP_CIPHER_CTX *ctx = ptd->evp_cipher_ctx;
155 vnet_crypto_op_chunk_t *chp;
156 u32 i, j, curr_len = 0;
157 u8 out_buf[VLIB_BUFFER_DEFAULT_DATA_SIZE * 5];
159 for (i = 0; i < n_ops; i++)
161 vnet_crypto_op_t *op = ops[i];
162 vnet_crypto_key_t *key = vnet_crypto_get_key (op->key_index);
165 EVP_DecryptInit_ex (ctx, cipher, NULL, key->data, op->iv);
167 if (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS)
169 chp = chunks + op->chunk_index;
171 for (j = 0; j < op->n_chunks; j++)
173 EVP_DecryptUpdate (ctx, out_buf + offset, &out_len, chp->src,
179 if (out_len < curr_len)
180 EVP_DecryptFinal_ex (ctx, out_buf + offset, &out_len);
183 chp = chunks + op->chunk_index;
184 for (j = 0; j < op->n_chunks; j++)
186 clib_memcpy_fast (chp->dst, out_buf + offset, chp->len);
193 EVP_DecryptUpdate (ctx, op->dst, &out_len, op->src, op->len);
194 if (out_len < op->len)
195 EVP_DecryptFinal_ex (ctx, op->dst + out_len, &out_len);
197 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
202 static_always_inline u32
203 openssl_ops_enc_aead (vlib_main_t *vm, vnet_crypto_op_t *ops[],
204 vnet_crypto_op_chunk_t *chunks, u32 n_ops,
205 const EVP_CIPHER *cipher, int is_gcm, const int iv_len)
207 openssl_per_thread_data_t *ptd = vec_elt_at_index (per_thread_data,
209 EVP_CIPHER_CTX *ctx = ptd->evp_cipher_ctx;
210 vnet_crypto_op_chunk_t *chp;
212 for (i = 0; i < n_ops; i++)
214 vnet_crypto_op_t *op = ops[i];
215 vnet_crypto_key_t *key = vnet_crypto_get_key (op->key_index);
218 if (op->flags & VNET_CRYPTO_OP_FLAG_INIT_IV)
219 RAND_bytes (op->iv, 8);
221 EVP_EncryptInit_ex (ctx, cipher, 0, 0, 0);
223 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
224 EVP_EncryptInit_ex (ctx, 0, 0, key->data, op->iv);
226 EVP_EncryptUpdate (ctx, NULL, &len, op->aad, op->aad_len);
227 if (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS)
229 chp = chunks + op->chunk_index;
230 for (j = 0; j < op->n_chunks; j++)
232 EVP_EncryptUpdate (ctx, chp->dst, &len, chp->src, chp->len);
237 EVP_EncryptUpdate (ctx, op->dst, &len, op->src, op->len);
238 EVP_EncryptFinal_ex (ctx, op->dst + len, &len);
239 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_AEAD_GET_TAG, op->tag_len, op->tag);
240 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
245 static_always_inline u32
246 openssl_ops_enc_gcm (vlib_main_t *vm, vnet_crypto_op_t *ops[],
247 vnet_crypto_op_chunk_t *chunks, u32 n_ops,
248 const EVP_CIPHER *cipher, const int iv_len)
250 return openssl_ops_enc_aead (vm, ops, chunks, n_ops, cipher,
251 /* is_gcm */ 1, iv_len);
254 static_always_inline __clib_unused u32
255 openssl_ops_enc_chacha20_poly1305 (vlib_main_t *vm, vnet_crypto_op_t *ops[],
256 vnet_crypto_op_chunk_t *chunks, u32 n_ops,
257 const EVP_CIPHER *cipher, const int iv_len)
259 return openssl_ops_enc_aead (vm, ops, chunks, n_ops, cipher,
260 /* is_gcm */ 0, iv_len);
263 static_always_inline u32
264 openssl_ops_dec_aead (vlib_main_t *vm, vnet_crypto_op_t *ops[],
265 vnet_crypto_op_chunk_t *chunks, u32 n_ops,
266 const EVP_CIPHER *cipher, int is_gcm, const int iv_len)
268 openssl_per_thread_data_t *ptd = vec_elt_at_index (per_thread_data,
270 EVP_CIPHER_CTX *ctx = ptd->evp_cipher_ctx;
271 vnet_crypto_op_chunk_t *chp;
272 u32 i, j, n_fail = 0;
273 for (i = 0; i < n_ops; i++)
275 vnet_crypto_op_t *op = ops[i];
276 vnet_crypto_key_t *key = vnet_crypto_get_key (op->key_index);
279 EVP_DecryptInit_ex (ctx, cipher, 0, 0, 0);
281 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0);
282 EVP_DecryptInit_ex (ctx, 0, 0, key->data, op->iv);
284 EVP_DecryptUpdate (ctx, 0, &len, op->aad, op->aad_len);
285 if (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS)
287 chp = chunks + op->chunk_index;
288 for (j = 0; j < op->n_chunks; j++)
290 EVP_DecryptUpdate (ctx, chp->dst, &len, chp->src, chp->len);
295 EVP_DecryptUpdate (ctx, op->dst, &len, op->src, op->len);
296 EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_AEAD_SET_TAG, op->tag_len, op->tag);
298 if (EVP_DecryptFinal_ex (ctx, op->dst + len, &len) > 0)
299 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
303 op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
306 return n_ops - n_fail;
309 static_always_inline u32
310 openssl_ops_dec_gcm (vlib_main_t *vm, vnet_crypto_op_t *ops[],
311 vnet_crypto_op_chunk_t *chunks, u32 n_ops,
312 const EVP_CIPHER *cipher, const int iv_len)
314 return openssl_ops_dec_aead (vm, ops, chunks, n_ops, cipher,
315 /* is_gcm */ 1, iv_len);
318 static_always_inline __clib_unused u32
319 openssl_ops_dec_chacha20_poly1305 (vlib_main_t *vm, vnet_crypto_op_t *ops[],
320 vnet_crypto_op_chunk_t *chunks, u32 n_ops,
321 const EVP_CIPHER *cipher, const int iv_len)
323 return openssl_ops_dec_aead (vm, ops, chunks, n_ops, cipher,
324 /* is_gcm */ 0, iv_len);
327 static_always_inline u32
328 openssl_ops_hash (vlib_main_t *vm, vnet_crypto_op_t *ops[],
329 vnet_crypto_op_chunk_t *chunks, u32 n_ops, const EVP_MD *md)
331 openssl_per_thread_data_t *ptd =
332 vec_elt_at_index (per_thread_data, vm->thread_index);
333 EVP_MD_CTX *ctx = ptd->hash_ctx;
334 vnet_crypto_op_chunk_t *chp;
335 u32 md_len, i, j, n_fail = 0;
337 for (i = 0; i < n_ops; i++)
339 vnet_crypto_op_t *op = ops[i];
341 EVP_DigestInit_ex (ctx, md, NULL);
342 if (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS)
344 chp = chunks + op->chunk_index;
345 for (j = 0; j < op->n_chunks; j++)
347 EVP_DigestUpdate (ctx, chp->src, chp->len);
352 EVP_DigestUpdate (ctx, op->src, op->len);
354 EVP_DigestFinal_ex (ctx, op->digest, &md_len);
355 op->digest_len = md_len;
356 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
358 return n_ops - n_fail;
361 static_always_inline u32
362 openssl_ops_hmac (vlib_main_t * vm, vnet_crypto_op_t * ops[],
363 vnet_crypto_op_chunk_t * chunks, u32 n_ops,
367 openssl_per_thread_data_t *ptd = vec_elt_at_index (per_thread_data,
369 HMAC_CTX *ctx = ptd->hmac_ctx;
370 vnet_crypto_op_chunk_t *chp;
371 u32 i, j, n_fail = 0;
372 for (i = 0; i < n_ops; i++)
374 vnet_crypto_op_t *op = ops[i];
375 vnet_crypto_key_t *key = vnet_crypto_get_key (op->key_index);
376 unsigned int out_len = 0;
377 size_t sz = op->digest_len ? op->digest_len : EVP_MD_size (md);
379 HMAC_Init_ex (ctx, key->data, vec_len (key->data), md, NULL);
380 if (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS)
382 chp = chunks + op->chunk_index;
383 for (j = 0; j < op->n_chunks; j++)
385 HMAC_Update (ctx, chp->src, chp->len);
390 HMAC_Update (ctx, op->src, op->len);
391 HMAC_Final (ctx, buffer, &out_len);
393 if (op->flags & VNET_CRYPTO_OP_FLAG_HMAC_CHECK)
395 if ((memcmp (op->digest, buffer, sz)))
398 op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
403 clib_memcpy_fast (op->digest, buffer, sz);
404 op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
406 return n_ops - n_fail;
409 #define _(m, a, b, iv) \
410 static u32 openssl_ops_enc_##a (vlib_main_t *vm, vnet_crypto_op_t *ops[], \
413 return openssl_ops_enc_##m (vm, ops, 0, n_ops, b (), iv); \
416 u32 openssl_ops_dec_##a (vlib_main_t *vm, vnet_crypto_op_t *ops[], \
419 return openssl_ops_dec_##m (vm, ops, 0, n_ops, b (), iv); \
422 static u32 openssl_ops_enc_chained_##a ( \
423 vlib_main_t *vm, vnet_crypto_op_t *ops[], vnet_crypto_op_chunk_t *chunks, \
426 return openssl_ops_enc_##m (vm, ops, chunks, n_ops, b (), iv); \
429 static u32 openssl_ops_dec_chained_##a ( \
430 vlib_main_t *vm, vnet_crypto_op_t *ops[], vnet_crypto_op_chunk_t *chunks, \
433 return openssl_ops_dec_##m (vm, ops, chunks, n_ops, b (), iv); \
436 foreach_openssl_evp_op;
440 static u32 openssl_ops_hash_##a (vlib_main_t *vm, vnet_crypto_op_t *ops[], \
443 return openssl_ops_hash (vm, ops, 0, n_ops, b ()); \
445 static u32 openssl_ops_hash_chained_##a ( \
446 vlib_main_t *vm, vnet_crypto_op_t *ops[], vnet_crypto_op_chunk_t *chunks, \
449 return openssl_ops_hash (vm, ops, chunks, n_ops, b ()); \
452 foreach_openssl_hash_op;
457 openssl_ops_hmac_##a (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops) \
458 { return openssl_ops_hmac (vm, ops, 0, n_ops, b ()); } \
460 openssl_ops_hmac_chained_##a (vlib_main_t * vm, vnet_crypto_op_t * ops[], \
461 vnet_crypto_op_chunk_t *chunks, u32 n_ops) \
462 { return openssl_ops_hmac (vm, ops, chunks, n_ops, b ()); } \
464 foreach_openssl_hmac_op;
469 crypto_openssl_init (vlib_main_t * vm)
471 vlib_thread_main_t *tm = vlib_get_thread_main ();
472 openssl_per_thread_data_t *ptd;
475 if (syscall (SYS_getrandom, &seed, sizeof (seed), 0) != sizeof (seed))
476 return clib_error_return_unix (0, "getrandom() failed");
478 RAND_seed (seed, sizeof (seed));
480 u32 eidx = vnet_crypto_register_engine (vm, "openssl", 50, "OpenSSL");
482 #define _(m, a, b, iv) \
483 vnet_crypto_register_ops_handlers (vm, eidx, VNET_CRYPTO_OP_##a##_ENC, \
484 openssl_ops_enc_##a, \
485 openssl_ops_enc_chained_##a); \
486 vnet_crypto_register_ops_handlers (vm, eidx, VNET_CRYPTO_OP_##a##_DEC, \
487 openssl_ops_dec_##a, \
488 openssl_ops_dec_chained_##a);
490 foreach_openssl_evp_op;
494 vnet_crypto_register_ops_handlers (vm, eidx, VNET_CRYPTO_OP_##a##_HMAC, \
495 openssl_ops_hmac_##a, \
496 openssl_ops_hmac_chained_##a); \
498 foreach_openssl_hmac_op;
502 vnet_crypto_register_ops_handlers (vm, eidx, VNET_CRYPTO_OP_##a##_HASH, \
503 openssl_ops_hash_##a, \
504 openssl_ops_hash_chained_##a);
506 foreach_openssl_hash_op;
509 vec_validate_aligned (per_thread_data, tm->n_vlib_mains - 1,
510 CLIB_CACHE_LINE_BYTES);
512 vec_foreach (ptd, per_thread_data)
514 ptd->evp_cipher_ctx = EVP_CIPHER_CTX_new ();
515 EVP_CIPHER_CTX_set_padding (ptd->evp_cipher_ctx, 0);
516 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
517 ptd->hmac_ctx = HMAC_CTX_new ();
518 ptd->hash_ctx = EVP_MD_CTX_create ();
520 HMAC_CTX_init (&(ptd->_hmac_ctx));
521 ptd->hmac_ctx = &ptd->_hmac_ctx;
529 VLIB_INIT_FUNCTION (crypto_openssl_init) =
531 .runs_after = VLIB_INITS ("vnet_crypto_init"),
537 VLIB_PLUGIN_REGISTER () = {
538 .version = VPP_BUILD_VER,
539 .description = "OpenSSL Crypto Engine",
544 * fd.io coding-style-patch-verification: ON
547 * eval: (c-set-style "gnu")