2 * Copyright (c) 2020 Intel and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vnet/crypto/crypto.h>
17 #include <vnet/tls/tls.h>
18 #include <picotls/openssl.h>
21 #include "pico_vpp_crypto.h"
23 typedef void (*ptls_vpp_do_transform_fn) (ptls_cipher_context_t *, void *,
24 const void *, size_t);
26 vnet_crypto_main_t *cm = &crypto_main;
28 struct cipher_context_t
30 ptls_cipher_context_t super;
35 struct vpp_aead_context_t
37 ptls_aead_context_t super;
39 vnet_crypto_op_chunk_t chunks[2];
40 vnet_crypto_alg_t alg;
46 ptls_vpp_crypto_cipher_do_init (ptls_cipher_context_t * _ctx, const void *iv)
48 struct cipher_context_t *ctx = (struct cipher_context_t *) _ctx;
50 vnet_crypto_op_id_t id;
51 if (!strcmp (ctx->super.algo->name, "AES128-CTR"))
53 id = VNET_CRYPTO_OP_AES_128_CTR_ENC;
55 else if (!strcmp (ctx->super.algo->name, "AES256-CTR"))
57 id = VNET_CRYPTO_OP_AES_256_CTR_ENC;
61 TLS_DBG (1, "%s, Invalid crypto cipher : ", __FUNCTION__,
66 vnet_crypto_op_init (&ctx->op, id);
67 ctx->op.iv = (u8 *) iv;
68 ctx->op.key_index = ctx->key_index;
72 ptls_vpp_crypto_cipher_dispose (ptls_cipher_context_t * _ctx)
78 ptls_vpp_crypto_cipher_encrypt (ptls_cipher_context_t * _ctx, void *output,
79 const void *input, size_t _len)
81 vlib_main_t *vm = vlib_get_main ();
82 struct cipher_context_t *ctx = (struct cipher_context_t *) _ctx;
84 ctx->op.src = (u8 *) input;
88 vnet_crypto_process_ops (vm, &ctx->op, 1);
92 ptls_vpp_crypto_cipher_setup_crypto (ptls_cipher_context_t * _ctx, int is_enc,
94 const EVP_CIPHER * cipher,
95 ptls_vpp_do_transform_fn do_transform)
97 struct cipher_context_t *ctx = (struct cipher_context_t *) _ctx;
99 ctx->super.do_dispose = ptls_vpp_crypto_cipher_dispose;
100 ctx->super.do_init = ptls_vpp_crypto_cipher_do_init;
101 ctx->super.do_transform = do_transform;
103 vlib_main_t *vm = vlib_get_main ();
104 vnet_crypto_alg_t algo;
105 if (!strcmp (ctx->super.algo->name, "AES128-CTR"))
107 algo = VNET_CRYPTO_ALG_AES_128_CTR;
109 else if (!strcmp (ctx->super.algo->name, "AES256-CTR"))
111 algo = VNET_CRYPTO_ALG_AES_256_CTR;
115 TLS_DBG (1, "%s, Invalid crypto cipher : ", __FUNCTION__,
120 ctx->key_index = vnet_crypto_key_add (vm, algo,
121 (u8 *) key, _ctx->algo->key_size);
127 ptls_vpp_crypto_aead_decrypt (ptls_aead_context_t * _ctx, void *_output,
128 const void *input, size_t inlen, const void *iv,
129 const void *aad, size_t aadlen)
131 vlib_main_t *vm = vlib_get_main ();
132 struct vpp_aead_context_t *ctx = (struct vpp_aead_context_t *) _ctx;
133 int tag_size = ctx->super.algo->tag_size;
135 ctx->op.dst = _output;
136 ctx->op.src = (void *) input;
137 ctx->op.len = inlen - tag_size;;
138 ctx->op.iv = (void *) iv;
139 ctx->op.aad = (void *) aad;
140 ctx->op.aad_len = aadlen;
141 ctx->op.tag = (void *) input + inlen - tag_size;
142 ctx->op.tag_len = tag_size;
144 vnet_crypto_process_ops (vm, &(ctx->op), 1);
145 assert (ctx->op.status == VNET_CRYPTO_OP_STATUS_COMPLETED);
147 return inlen - tag_size;
151 ptls_vpp_crypto_aead_encrypt_init (ptls_aead_context_t * _ctx, const void *iv,
152 const void *aad, size_t aadlen)
154 struct vpp_aead_context_t *ctx = (struct vpp_aead_context_t *) _ctx;
155 ctx->op.iv = (void *) iv;
156 ctx->op.aad = (void *) aad;
157 ctx->op.aad_len = aadlen;
158 ctx->op.n_chunks = 2;
159 ctx->op.chunk_index = 0;
161 ctx->op.flags |= VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS;
165 ptls_vpp_crypto_aead_encrypt_update (ptls_aead_context_t * _ctx, void *output,
166 const void *input, size_t inlen)
168 struct vpp_aead_context_t *ctx = (struct vpp_aead_context_t *) _ctx;
169 ctx->chunks[ctx->chunk_index].dst = output;
170 ctx->chunks[ctx->chunk_index].src = (void *) input;
171 ctx->chunks[ctx->chunk_index].len = inlen;
173 ctx->chunk_index = ctx->chunk_index == 0 ? 1 : 0;
179 ptls_vpp_crypto_aead_encrypt_final (ptls_aead_context_t * _ctx, void *_output)
181 struct vlib_main_t *vm = vlib_get_main ();
182 struct vpp_aead_context_t *ctx = (struct vpp_aead_context_t *) _ctx;
184 ctx->op.tag = _output;
185 ctx->op.tag_len = ctx->super.algo->tag_size;
187 vnet_crypto_process_chained_ops (vm, &(ctx->op), ctx->chunks, 1);
188 assert (ctx->op.status == VNET_CRYPTO_OP_STATUS_COMPLETED);
190 return ctx->super.algo->tag_size;
194 ptls_vpp_crypto_aead_dispose_crypto (ptls_aead_context_t * _ctx)
201 ptls_vpp_crypto_aead_setup_crypto (ptls_aead_context_t * _ctx, int is_enc,
202 const void *key, vnet_crypto_alg_t alg)
204 struct vlib_main_t *vm = vlib_get_main ();
205 struct vpp_aead_context_t *ctx = (struct vpp_aead_context_t *) _ctx;
206 u16 key_len = ctx->super.algo->key_size;
208 memset (&(ctx->op), 0, sizeof (vnet_crypto_op_t));
210 if (alg == VNET_CRYPTO_ALG_AES_128_GCM)
213 vnet_crypto_op_init (&(ctx->op), VNET_CRYPTO_OP_AES_128_GCM_ENC);
215 vnet_crypto_op_init (&(ctx->op), VNET_CRYPTO_OP_AES_128_GCM_DEC);
217 else if (alg == VNET_CRYPTO_ALG_AES_256_GCM)
221 vnet_crypto_op_init (&(ctx->op), VNET_CRYPTO_OP_AES_256_GCM_ENC);
224 vnet_crypto_op_init (&(ctx->op), VNET_CRYPTO_OP_AES_256_GCM_DEC);
228 TLS_DBG (1, "%s, invalied aead cipher %s", __FUNCTION__,
236 vnet_crypto_key_add (vm, ctx->alg, (void *) key, key_len);
237 ctx->chunk_index = 0;
239 ctx->super.do_decrypt = ptls_vpp_crypto_aead_decrypt;
240 ctx->super.do_encrypt_init = ptls_vpp_crypto_aead_encrypt_init;
241 ctx->super.do_encrypt_update = ptls_vpp_crypto_aead_encrypt_update;
242 ctx->super.do_encrypt_final = ptls_vpp_crypto_aead_encrypt_final;
243 ctx->super.dispose_crypto = ptls_vpp_crypto_aead_dispose_crypto;
249 ptls_vpp_crypto_aes128ctr_setup_crypto (ptls_cipher_context_t * ctx,
250 int is_enc, const void *key)
252 return ptls_vpp_crypto_cipher_setup_crypto (ctx, 1, key, EVP_aes_128_ctr (),
253 ptls_vpp_crypto_cipher_encrypt);
257 ptls_vpp_crypto_aes256ctr_setup_crypto (ptls_cipher_context_t * ctx,
258 int is_enc, const void *key)
260 return ptls_vpp_crypto_cipher_setup_crypto (ctx, 1, key, EVP_aes_256_ctr (),
261 ptls_vpp_crypto_cipher_encrypt);
265 ptls_vpp_crypto_aead_aes128gcm_setup_crypto (ptls_aead_context_t * ctx,
266 int is_enc, const void *key)
268 return ptls_vpp_crypto_aead_setup_crypto (ctx, is_enc, key,
269 VNET_CRYPTO_ALG_AES_128_GCM);
273 ptls_vpp_crypto_aead_aes256gcm_setup_crypto (ptls_aead_context_t * ctx,
274 int is_enc, const void *key)
276 return ptls_vpp_crypto_aead_setup_crypto (ctx, is_enc, key,
277 VNET_CRYPTO_ALG_AES_256_GCM);
280 ptls_cipher_algorithm_t ptls_vpp_crypto_aes128ctr = { "AES128-CTR",
281 PTLS_AES128_KEY_SIZE,
283 sizeof (struct vpp_aead_context_t),
284 ptls_vpp_crypto_aes128ctr_setup_crypto
287 ptls_cipher_algorithm_t ptls_vpp_crypto_aes256ctr = { "AES256-CTR",
288 PTLS_AES256_KEY_SIZE,
291 sizeof (struct vpp_aead_context_t),
292 ptls_vpp_crypto_aes256ctr_setup_crypto
295 ptls_aead_algorithm_t ptls_vpp_crypto_aes128gcm = { "AES128-GCM",
296 &ptls_vpp_crypto_aes128ctr,
298 PTLS_AES128_KEY_SIZE,
300 PTLS_AESGCM_TAG_SIZE,
301 sizeof (struct vpp_aead_context_t),
302 ptls_vpp_crypto_aead_aes128gcm_setup_crypto
305 ptls_aead_algorithm_t ptls_vpp_crypto_aes256gcm = { "AES256-GCM",
306 &ptls_vpp_crypto_aes256ctr,
308 PTLS_AES256_KEY_SIZE,
310 PTLS_AESGCM_TAG_SIZE,
311 sizeof (struct vpp_aead_context_t),
312 ptls_vpp_crypto_aead_aes256gcm_setup_crypto
315 ptls_cipher_suite_t ptls_vpp_crypto_aes128gcmsha256 =
316 { PTLS_CIPHER_SUITE_AES_128_GCM_SHA256,
317 &ptls_vpp_crypto_aes128gcm,
321 ptls_cipher_suite_t ptls_vpp_crypto_aes256gcmsha384 =
322 { PTLS_CIPHER_SUITE_AES_256_GCM_SHA384,
323 &ptls_vpp_crypto_aes256gcm,
327 ptls_cipher_suite_t *ptls_vpp_crypto_cipher_suites[] =
328 { &ptls_vpp_crypto_aes256gcmsha384,
329 &ptls_vpp_crypto_aes128gcmsha256,
334 * fd.io coding-style-patch-verification: ON
337 * eval: (c-set-style "gnu")