Queries on OPENSSL PMD

[Kusztal, ArkadiuszX]

Hi Bala,

>> Is DPDK has any supported API's do to the SSL handshake
Yes.
Of course DPDK by itself will not be able to process full TLS handshake, but some of the necessary parts are there.

  *   For key exchange one can use:
RTE_CRYPTO_ASYM_XFORM_DH
RTE_CRYPTO_ASYM_XFORM_ECDH
RTE_CRYPTO_ASYM_XFORM_ECPM
RTE_CRYPTO_ASYM_XFORM_ECFPM
Of course there is the RSA, but not supported for KE since TLS1.3.

  *   For digital signatures:
RTE_CRYPTO_ASYM_XFORM_ECDSA
RTE_CRYPTO_ASYM_XFORM_RSA

>> store the session key which can be used to decrypt or encrypt the packets
This will be done by the driver in private session data, as this is the session key.

>> Is ECDH is supported in opnessl PMD.
Currently unfortunately it is not.

Thanks,
Arek

From: Balakrishnan K <Balakrishnan.K1 at tatacommunications.com>
Sent: Tuesday, December 20, 2022 7:47 AM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal at intel.com>
Cc: users at dpdk.org
Subject: Queries on OPENSSL PMD

Hi Arik,
      In openssl PMD I could see the API's for encrypt and decrypt which is accept the key and iv and do the specified operation.
I have few queries on how to get those keys suppose if, we are creating SSL/TLS session .
Is DPDK has any supported API's do to the SSL handshake and store the session key which can be used to decrypt or encrypt the packets.
Is ECDH is supported in opnessl PMD.

Regards,
Bala

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mails.dpdk.org/archives/users/attachments/20221220/6b7637e8/attachment.htm>