FD.io VPP  v21.01.1
Vector Packet Processing
pico_vpp_crypto.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Intel and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <vnet/crypto/crypto.h>
17 #include <vnet/tls/tls.h>
18 #include <picotls/openssl.h>
19 #include <picotls.h>
20 
22 #include <tlspicotls/tls_picotls.h>
23 
24 typedef void (*ptls_vpp_do_transform_fn) (ptls_cipher_context_t *, void *,
25  const void *, size_t);
26 
29 
30 struct cipher_context_t
31 {
32  ptls_cipher_context_t super;
34  u32 key_index;
35 };
36 
38 {
39  ptls_aead_context_t super;
45 };
46 
47 static void
48 ptls_vpp_crypto_cipher_do_init (ptls_cipher_context_t * _ctx, const void *iv)
49 {
50  struct cipher_context_t *ctx = (struct cipher_context_t *) _ctx;
51 
53  if (!strcmp (ctx->super.algo->name, "AES128-CTR"))
54  {
55  id = VNET_CRYPTO_OP_AES_128_CTR_ENC;
56  }
57  else if (!strcmp (ctx->super.algo->name, "AES256-CTR"))
58  {
59  id = VNET_CRYPTO_OP_AES_256_CTR_ENC;
60  }
61  else
62  {
63  TLS_DBG (1, "%s, Invalid crypto cipher : ", __FUNCTION__,
64  _ctx->algo->name);
65  assert (0);
66  }
67 
68  vnet_crypto_op_init (&ctx->op, id);
69  ctx->op.iv = (u8 *) iv;
70  ctx->op.key_index = ctx->key_index;
71 }
72 
73 static void
74 ptls_vpp_crypto_cipher_dispose (ptls_cipher_context_t * _ctx)
75 {
76  /* Do nothing */
77 }
78 
79 static void
80 ptls_vpp_crypto_cipher_encrypt (ptls_cipher_context_t * _ctx, void *output,
81  const void *input, size_t _len)
82 {
84  struct cipher_context_t *ctx = (struct cipher_context_t *) _ctx;
85 
86  ctx->op.src = (u8 *) input;
87  ctx->op.dst = output;
88  ctx->op.len = _len;
89 
90  vnet_crypto_process_ops (vm, &ctx->op, 1);
91 }
92 
93 static int
94 ptls_vpp_crypto_cipher_setup_crypto (ptls_cipher_context_t * _ctx, int is_enc,
95  const void *key,
96  const EVP_CIPHER * cipher,
97  ptls_vpp_do_transform_fn do_transform)
98 {
99  struct cipher_context_t *ctx = (struct cipher_context_t *) _ctx;
100 
101  ctx->super.do_dispose = ptls_vpp_crypto_cipher_dispose;
102  ctx->super.do_init = ptls_vpp_crypto_cipher_do_init;
103  ctx->super.do_transform = do_transform;
104 
106  vnet_crypto_alg_t algo;
107  if (!strcmp (ctx->super.algo->name, "AES128-CTR"))
108  {
109  algo = VNET_CRYPTO_ALG_AES_128_CTR;
110  }
111  else if (!strcmp (ctx->super.algo->name, "AES256-CTR"))
112  {
113  algo = VNET_CRYPTO_ALG_AES_256_CTR;
114  }
115  else
116  {
117  TLS_DBG (1, "%s, Invalid crypto cipher : ", __FUNCTION__,
118  _ctx->algo->name);
119  assert (0);
120  }
121 
123  ctx->key_index = vnet_crypto_key_add (vm, algo,
124  (u8 *) key, _ctx->algo->key_size);
126 
127  return 0;
128 }
129 
130 size_t
131 ptls_vpp_crypto_aead_decrypt (ptls_aead_context_t * _ctx, void *_output,
132  const void *input, size_t inlen, const void *iv,
133  const void *aad, size_t aadlen)
134 {
136  struct vpp_aead_context_t *ctx = (struct vpp_aead_context_t *) _ctx;
137  int tag_size = ctx->super.algo->tag_size;
138 
139  ctx->op.dst = _output;
140  ctx->op.src = (void *) input;
141  ctx->op.len = inlen - tag_size;;
142  ctx->op.iv = (void *) iv;
143  ctx->op.aad = (void *) aad;
144  ctx->op.aad_len = aadlen;
145  ctx->op.tag = (void *) input + inlen - tag_size;
146  ctx->op.tag_len = tag_size;
147 
148  vnet_crypto_process_ops (vm, &(ctx->op), 1);
149  assert (ctx->op.status == VNET_CRYPTO_OP_STATUS_COMPLETED);
150 
151  return inlen - tag_size;
152 }
153 
154 static void
155 ptls_vpp_crypto_aead_encrypt_init (ptls_aead_context_t * _ctx, const void *iv,
156  const void *aad, size_t aadlen)
157 {
158  struct vpp_aead_context_t *ctx = (struct vpp_aead_context_t *) _ctx;
159  ctx->op.iv = (void *) iv;
160  ctx->op.aad = (void *) aad;
161  ctx->op.aad_len = aadlen;
162  ctx->op.n_chunks = 2;
163  ctx->op.chunk_index = 0;
164 
166 }
167 
168 static size_t
169 ptls_vpp_crypto_aead_encrypt_update (ptls_aead_context_t * _ctx, void *output,
170  const void *input, size_t inlen)
171 {
172  struct vpp_aead_context_t *ctx = (struct vpp_aead_context_t *) _ctx;
173  ctx->chunks[ctx->chunk_index].dst = output;
174  ctx->chunks[ctx->chunk_index].src = (void *) input;
175  ctx->chunks[ctx->chunk_index].len = inlen;
176 
177  ctx->chunk_index = ctx->chunk_index == 0 ? 1 : 0;
178 
179  return inlen;
180 }
181 
182 static size_t
183 ptls_vpp_crypto_aead_encrypt_final (ptls_aead_context_t * _ctx, void *_output)
184 {
185  struct vlib_main_t *vm = vlib_get_main ();
186  struct vpp_aead_context_t *ctx = (struct vpp_aead_context_t *) _ctx;
187 
188  ctx->op.tag = _output;
189  ctx->op.tag_len = ctx->super.algo->tag_size;
190 
191  vnet_crypto_process_chained_ops (vm, &(ctx->op), ctx->chunks, 1);
192  assert (ctx->op.status == VNET_CRYPTO_OP_STATUS_COMPLETED);
193 
194  return ctx->super.algo->tag_size;
195 }
196 
197 static void
198 ptls_vpp_crypto_aead_dispose_crypto (ptls_aead_context_t * _ctx)
199 {
200  /* Do nothing */
201 }
202 
203 
204 static int
205 ptls_vpp_crypto_aead_setup_crypto (ptls_aead_context_t * _ctx, int is_enc,
206  const void *key, vnet_crypto_alg_t alg)
207 {
208  struct vlib_main_t *vm = vlib_get_main ();
209  struct vpp_aead_context_t *ctx = (struct vpp_aead_context_t *) _ctx;
210  u16 key_len = ctx->super.algo->key_size;
211 
212  memset (&(ctx->op), 0, sizeof (vnet_crypto_op_t));
213 
214  if (alg == VNET_CRYPTO_ALG_AES_128_GCM)
215  {
216  if (is_enc)
217  vnet_crypto_op_init (&(ctx->op), VNET_CRYPTO_OP_AES_128_GCM_ENC);
218  else
219  vnet_crypto_op_init (&(ctx->op), VNET_CRYPTO_OP_AES_128_GCM_DEC);
220  }
221  else if (alg == VNET_CRYPTO_ALG_AES_256_GCM)
222  {
223  if (is_enc)
224  {
225  vnet_crypto_op_init (&(ctx->op), VNET_CRYPTO_OP_AES_256_GCM_ENC);
226  }
227  else
228  vnet_crypto_op_init (&(ctx->op), VNET_CRYPTO_OP_AES_256_GCM_DEC);
229  }
230  else
231  {
232  TLS_DBG (1, "%s, invalied aead cipher %s", __FUNCTION__,
233  _ctx->algo->name);
234  return -1;
235  }
236 
237  ctx->alg = alg;
238 
240  ctx->op.key_index =
241  vnet_crypto_key_add (vm, ctx->alg, (void *) key, key_len);
243  ctx->chunk_index = 0;
244 
245  ctx->super.do_decrypt = ptls_vpp_crypto_aead_decrypt;
246  ctx->super.do_encrypt_init = ptls_vpp_crypto_aead_encrypt_init;
247  ctx->super.do_encrypt_update = ptls_vpp_crypto_aead_encrypt_update;
248  ctx->super.do_encrypt_final = ptls_vpp_crypto_aead_encrypt_final;
249  ctx->super.dispose_crypto = ptls_vpp_crypto_aead_dispose_crypto;
250 
251  return 0;
252 }
253 
254 static int
256  int is_enc, const void *key)
257 {
258  return ptls_vpp_crypto_cipher_setup_crypto (ctx, 1, key, EVP_aes_128_ctr (),
260 }
261 
262 static int
264  int is_enc, const void *key)
265 {
266  return ptls_vpp_crypto_cipher_setup_crypto (ctx, 1, key, EVP_aes_256_ctr (),
268 }
269 
270 static int
272  int is_enc, const void *key)
273 {
274  return ptls_vpp_crypto_aead_setup_crypto (ctx, is_enc, key,
275  VNET_CRYPTO_ALG_AES_128_GCM);
276 }
277 
278 static int
280  int is_enc, const void *key)
281 {
282  return ptls_vpp_crypto_aead_setup_crypto (ctx, is_enc, key,
283  VNET_CRYPTO_ALG_AES_256_GCM);
284 }
285 
286 ptls_cipher_algorithm_t ptls_vpp_crypto_aes128ctr = { "AES128-CTR",
287  PTLS_AES128_KEY_SIZE,
288  1, PTLS_AES_IV_SIZE,
289  sizeof (struct vpp_aead_context_t),
290  ptls_vpp_crypto_aes128ctr_setup_crypto
291 };
292 
293 ptls_cipher_algorithm_t ptls_vpp_crypto_aes256ctr = { "AES256-CTR",
294  PTLS_AES256_KEY_SIZE,
295  1 /* block size */ ,
296  PTLS_AES_IV_SIZE,
297  sizeof (struct vpp_aead_context_t),
298  ptls_vpp_crypto_aes256ctr_setup_crypto
299 };
300 
301 ptls_aead_algorithm_t ptls_vpp_crypto_aes128gcm = { "AES128-GCM",
303  NULL,
304  PTLS_AES128_KEY_SIZE,
305  PTLS_AESGCM_IV_SIZE,
306  PTLS_AESGCM_TAG_SIZE,
307  sizeof (struct vpp_aead_context_t),
308  ptls_vpp_crypto_aead_aes128gcm_setup_crypto
309 };
310 
311 ptls_aead_algorithm_t ptls_vpp_crypto_aes256gcm = { "AES256-GCM",
313  NULL,
314  PTLS_AES256_KEY_SIZE,
315  PTLS_AESGCM_IV_SIZE,
316  PTLS_AESGCM_TAG_SIZE,
317  sizeof (struct vpp_aead_context_t),
318  ptls_vpp_crypto_aead_aes256gcm_setup_crypto
319 };
320 
321 ptls_cipher_suite_t ptls_vpp_crypto_aes128gcmsha256 =
322  { PTLS_CIPHER_SUITE_AES_128_GCM_SHA256,
324  &ptls_openssl_sha256
325 };
326 
327 ptls_cipher_suite_t ptls_vpp_crypto_aes256gcmsha384 =
328  { PTLS_CIPHER_SUITE_AES_256_GCM_SHA384,
330  &ptls_openssl_sha384
331 };
332 
333 ptls_cipher_suite_t *ptls_vpp_crypto_cipher_suites[] =
336  NULL
337 };
338 
339 /*
340  * fd.io coding-style-patch-verification: ON
341  *
342  * Local Variables:
343  * eval: (c-set-style "gnu")
344  * End:
345  */
u32 vnet_crypto_process_ops(vlib_main_t *vm, vnet_crypto_op_t ops[], u32 n_ops)
Definition: crypto.c:99
static size_t ptls_vpp_crypto_aead_encrypt_update(ptls_aead_context_t *_ctx, void *output, const void *input, size_t inlen)
ptls_cipher_context_t super
Definition: quic_crypto.c:34
static void ptls_vpp_crypto_aead_dispose_crypto(ptls_aead_context_t *_ctx)
static int ptls_vpp_crypto_aead_setup_crypto(ptls_aead_context_t *_ctx, int is_enc, const void *key, vnet_crypto_alg_t alg)
ptls_cipher_suite_t ptls_vpp_crypto_aes128gcmsha256
static void clib_rwlock_writer_lock(clib_rwlock_t *p)
Definition: lock.h:192
static void ptls_vpp_crypto_cipher_do_init(ptls_cipher_context_t *_ctx, const void *iv)
#define VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS
Definition: crypto.h:239
u16 key_len
Definition: ikev2_types.api:95
vlib_main_t * vm
Definition: in2out_ed.c:1580
ptls_aead_algorithm_t ptls_vpp_crypto_aes128gcm
ptls_cipher_suite_t ptls_vpp_crypto_aes256gcmsha384
void(* ptls_vpp_do_transform_fn)(ptls_cipher_context_t *, void *, const void *, size_t)
vnet_crypto_alg_t alg
unsigned char u8
Definition: types.h:56
size_t ptls_vpp_crypto_aead_decrypt(ptls_aead_context_t *_ctx, void *_output, const void *input, size_t inlen, const void *iv, const void *aad, size_t aadlen)
u8 id[64]
Definition: dhcp.api:160
#define assert(x)
Definition: dlmalloc.c:31
static int ptls_vpp_crypto_aead_aes256gcm_setup_crypto(ptls_aead_context_t *ctx, int is_enc, const void *key)
static void ptls_vpp_crypto_cipher_dispose(ptls_cipher_context_t *_ctx)
static_always_inline void vnet_crypto_op_init(vnet_crypto_op_t *op, vnet_crypto_op_id_t type)
Definition: crypto.h:496
unsigned int u32
Definition: types.h:88
vnet_crypto_op_t op
Definition: quic_crypto.c:35
static void ptls_vpp_crypto_aead_encrypt_init(ptls_aead_context_t *_ctx, const void *iv, const void *aad, size_t aadlen)
u32 vnet_crypto_key_add(vlib_main_t *vm, vnet_crypto_alg_t alg, u8 *data, u16 length)
Definition: crypto.c:345
vnet_crypto_alg_t
Definition: crypto.h:124
static void ptls_vpp_crypto_cipher_encrypt(ptls_cipher_context_t *_ctx, void *output, const void *input, size_t _len)
static u8 iv[]
Definition: aes_cbc.c:24
long ctx[MAX_CONNS]
Definition: main.c:144
unsigned short u16
Definition: types.h:57
ptls_cipher_algorithm_t ptls_vpp_crypto_aes256ctr
static int ptls_vpp_crypto_cipher_setup_crypto(ptls_cipher_context_t *_ctx, int is_enc, const void *key, const EVP_CIPHER *cipher, ptls_vpp_do_transform_fn do_transform)
static void clib_rwlock_writer_unlock(clib_rwlock_t *p)
Definition: lock.h:206
ptls_cipher_algorithm_t ptls_vpp_crypto_aes128ctr
clib_rwlock_t crypto_keys_rw_lock
Definition: tls_picotls.h:48
static int ptls_vpp_crypto_aes128ctr_setup_crypto(ptls_cipher_context_t *ctx, int is_enc, const void *key)
vnet_crypto_op_t op
picotls_main_t picotls_main
Definition: tls_picotls.c:7
u32 vnet_crypto_process_chained_ops(vlib_main_t *vm, vnet_crypto_op_t ops[], vnet_crypto_op_chunk_t *chunks, u32 n_ops)
Definition: crypto.c:105
static int ptls_vpp_crypto_aead_aes128gcm_setup_crypto(ptls_aead_context_t *ctx, int is_enc, const void *key)
static vlib_main_t * vlib_get_main(void)
Definition: global_funcs.h:23
static size_t ptls_vpp_crypto_aead_encrypt_final(ptls_aead_context_t *_ctx, void *_output)
typedef key
Definition: ipsec_types.api:86
ptls_aead_context_t super
ptls_aead_algorithm_t ptls_vpp_crypto_aes256gcm
vnet_crypto_op_chunk_t chunks[2]
vnet_crypto_op_status_t status
Definition: crypto.h:235
vnet_crypto_op_id_t
Definition: crypto.h:196
vnet_crypto_main_t crypto_main
Definition: crypto.c:20
#define TLS_DBG(_lvl, _fmt, _args...)
Definition: tls.h:36
static int ptls_vpp_crypto_aes256ctr_setup_crypto(ptls_cipher_context_t *ctx, int is_enc, const void *key)