From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 31917A0C41; Thu, 15 Jul 2021 18:42:24 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6512F41287; Thu, 15 Jul 2021 18:42:11 +0200 (CEST) Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2081.outbound.protection.outlook.com [40.107.94.81]) by mails.dpdk.org (Postfix) with ESMTP id F129141275 for ; Thu, 15 Jul 2021 18:42:07 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=m013+Ijig8x70LtkuRW1l6GLuLmwN3IACTO/fYWZcf2RSvXbh5d8ig59eVLlKPX7UYoeCi8EONEuiAA7+271NBP7c//Gw13iTAOEXIkhr/BtQM3+/mSupK9YS3i+8/BHRSXFKNmd7GLCsev8ODyonZMtJiSEKSfLHe3vqPhLwUDLkoFZu+sRv4RYjwU6kqbDhil7QxNDmi2p6/cllG9ifYOTdCbsUUzq2/K0oBFF5dmSfE31q5u6JpXAc0yCDKd24xv26K28jgFKljoGIHluXayptTE1T2vDanS0cEA2JrP8iLShhnpCKktMLR+zx11n+FngxOb2c+zLaZ8Ef8QFOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Z5sTuWNkYl+cn/A8iRmfa/C7SaLLwniaRU/Q8FxplZo=; b=cP2ZeazIPq1YQUMMivAuHnw1hnwlU31ef9CwcWNqiiJHC40ALfvK/Rry3z1/zgQZ3ojz1Q6gsSC/tHBE7MIyzhHF/k1NNfyx7iVTw6bn7xwmyuIHrJWxn2BZE889/YB2lBlZk/vjn/d5Hkb5YcI0KJlOe/uGyE1cmshOyITnawawq1vPgDVlaKIacQbgg6zytVnCeKW9D39jtgAHClJFFKFQ2yVwW0cXQX9xpMs7ipWpZ7pHQgnmTxcHrWIVD4SycfnHg1TTdF5FKxhEgENODAGCdQAvXcdPyPbhWPWfrlae6qsQYdXcRjcJNxRtdSYokL3oSxOxXBrBLf5EqbZ8Xw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.112.34) smtp.rcpttodomain=redhat.com smtp.mailfrom=nvidia.com; dmarc=pass (p=quarantine sp=none pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Z5sTuWNkYl+cn/A8iRmfa/C7SaLLwniaRU/Q8FxplZo=; b=kVVoBtLg0uwB6f/HTtA4KwGKMc+CB27cRJ4w85Rdu2GkmP6jrzkiQckkXvFrYy+n9gcpApGfbFMYMvgXMOd94gMkG9PkLrNxKsm45Kic6TSXwoKy2j2EUkEqP97By4PTpcJo5w0PB20TYoxduxTgxC0H+9ZqWau9dybr2EZ1eBOLKd4yJ89etiPxSkOOZ+3+df1NybxCDqkfN1PdSXykvPwD7xsMLDgDnKvJWmaumBgjO8svaNiU5vM2xSFjxPY+jjqlE4J/V194dmd6oNOUI+OfeXHGJ7MvwHTF4kaHBwb3+CCh8e5QsSokWc7qcW9xyFOlpq+Ghyl5kqjKwuU0RA== Received: from MW4PR04CA0025.namprd04.prod.outlook.com (2603:10b6:303:69::30) by MWHPR12MB1533.namprd12.prod.outlook.com (2603:10b6:301:f::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.23; Thu, 15 Jul 2021 16:42:06 +0000 Received: from CO1NAM11FT066.eop-nam11.prod.protection.outlook.com (2603:10b6:303:69:cafe::57) by MW4PR04CA0025.outlook.office365.com (2603:10b6:303:69::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.23 via Frontend Transport; Thu, 15 Jul 2021 16:42:06 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.34) smtp.mailfrom=nvidia.com; redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.34 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.34; helo=mail.nvidia.com; Received: from mail.nvidia.com (216.228.112.34) by CO1NAM11FT066.mail.protection.outlook.com (10.13.175.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4331.21 via Frontend Transport; Thu, 15 Jul 2021 16:42:06 +0000 Received: from nvidia.com (172.20.187.6) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 15 Jul 2021 16:42:04 +0000 From: Shiri Kuzin To: CC: , , , Date: Thu, 15 Jul 2021 19:41:13 +0300 Message-ID: <20210715164126.54073-4-shirik@nvidia.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210715164126.54073-1-shirik@nvidia.com> References: <20210715150817.51485-1-shirik@nvidia.com> <20210715164126.54073-1-shirik@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [172.20.187.6] X-ClientProxiedBy: HQMAIL105.nvidia.com (172.20.187.12) To HQMAIL107.nvidia.com (172.20.187.13) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 1cd0b00b-a4b7-4158-0bff-08d947af7b42 X-MS-TrafficTypeDiagnostic: MWHPR12MB1533: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: D25bhYYM8MveKs0BGQ/rvgAvYo+iiO/27UqwmuMLuuP6futc6EpVwwlUB3724C/ivM5aHRV88tpCGaOmQ5mz7UcZlQH9pP9awRqIvNlsITdGDNrbAfmhNZDo0zoenxAvO+PGjYbRojOt2ED2W6Bdqdz3fys80+PbgWnp37+ZPVxTJI1T6oh7e4j1RqJRqoNmnZSQZzDnMQAtdpTC2XcJ3GK3l41/kiQc+XO3Olneal3JaFNgN8G5MfTJ2YeayfTBhVJyqLcwArFOADH7eLsoVKQTh6Gmq3WIDGg52196pEAee6iknIVs4ZzNrhHVbHvO8IUIG5CQG5HVibX0Qv5oabmUxM5mm1k2o/FkP9Cj9Y7CdJuxU9OqNZbajRscA+Y841QB0qtjYfBc4dXe8J6drXrryBicytzjGmPWafGJdnAyKkUPiR+lkQa+iW+mw2dKSJcP0g9PENDtonMGWP20kef30NfB7ONECxhhfepJcL+DdQLmHma2CSsxgLVeOQAScIUh7QtZ2QL9LJglMzMOOX1azJZVZJLkWZalv+qAokclptbWPPsrGK+/THW9uPsBRXgQjS7jyfzhVGuIwfN7ZCTGAOolfy/nnY3kVJprFFBTOOPjLUcoBXYlmF8aG3WRZuEAcXLu/5efNfpaSNZvfzDy0xIGs2mgaUUpWN6KKkymjSd7ME0GGuudB2MwbHZbQH5KLDWWvmr6pKI+tObwP4aHTWVOMLVnok8LDbRHOk8= X-Forefront-Antispam-Report: CIP:216.228.112.34; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:schybrid03.nvidia.com; CAT:NONE; SFS:(4636009)(396003)(39860400002)(136003)(346002)(376002)(36840700001)(46966006)(8936002)(2616005)(1076003)(356005)(7636003)(36860700001)(6666004)(55016002)(4326008)(47076005)(8676002)(86362001)(426003)(336012)(36906005)(478600001)(5660300002)(26005)(83380400001)(7696005)(70586007)(54906003)(6286002)(70206006)(2906002)(34020700004)(82740400003)(36756003)(6916009)(16526019)(186003)(82310400003)(316002); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jul 2021 16:42:06.1371 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1cd0b00b-a4b7-4158-0bff-08d947af7b42 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.112.34]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT066.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR12MB1533 Subject: [dpdk-dev] [PATCH v8 03/16] crypto/mlx5: add session operations X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Sessions are used in symmetric transformations in order to prepare objects and data for packet processing stage. A mlx5 session includes iv_offset, pointer to mlx5_crypto_dek struct, bsf_size, bsf_p_type, block size index, encryption_order and encryption standard. Implement the next session operations: mlx5_crypto_sym_session_get_size- returns the size of the mlx5 session struct. mlx5_crypto_sym_session_configure- prepares the DEK hash-list and saves all the session data. mlx5_crypto_sym_session_clear - destroys the DEK hash-list. Signed-off-by: Shiri Kuzin Acked-by: Matan Azrad --- doc/guides/cryptodevs/features/mlx5.ini | 5 + doc/guides/cryptodevs/mlx5.rst | 10 ++ drivers/crypto/mlx5/mlx5_crypto.c | 172 +++++++++++++++++++++++- 3 files changed, 182 insertions(+), 5 deletions(-) diff --git a/doc/guides/cryptodevs/features/mlx5.ini b/doc/guides/cryptodevs/features/mlx5.ini index ceadd967b6..bd757b5211 100644 --- a/doc/guides/cryptodevs/features/mlx5.ini +++ b/doc/guides/cryptodevs/features/mlx5.ini @@ -4,12 +4,17 @@ ; Refer to default.ini for the full list of available PMD features. ; [Features] +Symmetric crypto = Y HW Accelerated = Y +Cipher multiple data units = Y +Cipher wrapped key = Y ; ; Supported crypto algorithms of a mlx5 crypto driver. ; [Cipher] +AES XTS (128) = Y +AES XTS (256) = Y ; ; Supported authentication algorithms of a mlx5 crypto driver. diff --git a/doc/guides/cryptodevs/mlx5.rst b/doc/guides/cryptodevs/mlx5.rst index 05a0a449e2..dd1d1a615d 100644 --- a/doc/guides/cryptodevs/mlx5.rst +++ b/doc/guides/cryptodevs/mlx5.rst @@ -53,6 +53,16 @@ Supported NICs * Mellanox\ |reg| ConnectX\ |reg|-6 200G MCX654106A-HCAT (2x200G) + +Limitations +----------- + +- AES-XTS keys provided in xform must include keytag and should be wrappend. +- The supported data-unit lengths are 512B and 1KB. In case the `dataunit_len` + is not provided in the cipher xform, the OP length is limited to the above + values and 1MB. + + Prerequisites ------------- diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c index d2d82c7b15..3f0c97d081 100644 --- a/drivers/crypto/mlx5/mlx5_crypto.c +++ b/drivers/crypto/mlx5/mlx5_crypto.c @@ -3,6 +3,7 @@ */ #include +#include #include #include #include @@ -20,7 +21,9 @@ #define MLX5_CRYPTO_LOG_NAME pmd.crypto.mlx5 #define MLX5_CRYPTO_FEATURE_FLAGS \ - RTE_CRYPTODEV_FF_HW_ACCELERATED + (RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_HW_ACCELERATED | \ + RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY | \ + RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS) TAILQ_HEAD(mlx5_crypto_privs, mlx5_crypto_priv) mlx5_crypto_priv_list = TAILQ_HEAD_INITIALIZER(mlx5_crypto_priv_list); @@ -30,6 +33,32 @@ int mlx5_crypto_logtype; uint8_t mlx5_crypto_driver_id; +const struct rte_cryptodev_capabilities mlx5_crypto_caps[] = { + { /* AES XTS */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER, + {.cipher = { + .algo = RTE_CRYPTO_CIPHER_AES_XTS, + .block_size = 16, + .key_size = { + .min = 32, + .max = 64, + .increment = 32 + }, + .iv_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .dataunit_set = + RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_512_BYTES | + RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_4096_BYTES, + }, } + }, } + }, +}; + static const char mlx5_crypto_drv_name[] = RTE_STR(MLX5_CRYPTO_DRIVER_NAME); static const struct rte_driver mlx5_drv = { @@ -39,6 +68,49 @@ static const struct rte_driver mlx5_drv = { static struct cryptodev_driver mlx5_cryptodev_driver; +struct mlx5_crypto_session { + uint32_t bs_bpt_eo_es; + /* + * bsf_size, bsf_p_type, encryption_order and encryption standard, + * saved in big endian format. + */ + uint32_t bsp_res; + /* + * crypto_block_size_pointer and reserved 24 bits saved in big endian + * format. + */ + uint32_t iv_offset:16; + /* Starting point for Initialisation Vector. */ + struct mlx5_crypto_dek *dek; /* Pointer to dek struct. */ + uint32_t dek_id; /* DEK ID */ +} __rte_packed; + +static void +mlx5_crypto_dev_infos_get(struct rte_cryptodev *dev, + struct rte_cryptodev_info *dev_info) +{ + RTE_SET_USED(dev); + if (dev_info != NULL) { + dev_info->driver_id = mlx5_crypto_driver_id; + dev_info->feature_flags = MLX5_CRYPTO_FEATURE_FLAGS; + dev_info->capabilities = mlx5_crypto_caps; + dev_info->max_nb_queue_pairs = 0; + dev_info->min_mbuf_headroom_req = 0; + dev_info->min_mbuf_tailroom_req = 0; + dev_info->sym.max_nb_sessions = 0; + /* + * If 0, the device does not have any limitation in number of + * sessions that can be used. + */ + } +} + +static unsigned int +mlx5_crypto_sym_session_get_size(struct rte_cryptodev *dev __rte_unused) +{ + return sizeof(struct mlx5_crypto_session); +} + static int mlx5_crypto_dev_configure(struct rte_cryptodev *dev, struct rte_cryptodev_config *config __rte_unused) @@ -61,19 +133,109 @@ mlx5_crypto_dev_close(struct rte_cryptodev *dev) return 0; } +static int +mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev, + struct rte_crypto_sym_xform *xform, + struct rte_cryptodev_sym_session *session, + struct rte_mempool *mp) +{ + struct mlx5_crypto_priv *priv = dev->data->dev_private; + struct mlx5_crypto_session *sess_private_data; + struct rte_crypto_cipher_xform *cipher; + uint8_t encryption_order; + int ret; + + if (unlikely(xform->next != NULL)) { + DRV_LOG(ERR, "Xform next is not supported."); + return -ENOTSUP; + } + if (unlikely((xform->type != RTE_CRYPTO_SYM_XFORM_CIPHER) || + (xform->cipher.algo != RTE_CRYPTO_CIPHER_AES_XTS))) { + DRV_LOG(ERR, "Only AES-XTS algorithm is supported."); + return -ENOTSUP; + } + ret = rte_mempool_get(mp, (void *)&sess_private_data); + if (ret != 0) { + DRV_LOG(ERR, + "Failed to get session %p private data from mempool.", + sess_private_data); + return -ENOMEM; + } + cipher = &xform->cipher; + sess_private_data->dek = mlx5_crypto_dek_prepare(priv, cipher); + if (sess_private_data->dek == NULL) { + rte_mempool_put(mp, sess_private_data); + DRV_LOG(ERR, "Failed to prepare dek."); + return -ENOMEM; + } + if (cipher->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) + encryption_order = MLX5_ENCRYPTION_ORDER_ENCRYPTED_RAW_MEMORY; + else + encryption_order = MLX5_ENCRYPTION_ORDER_ENCRYPTED_RAW_WIRE; + sess_private_data->bs_bpt_eo_es = rte_cpu_to_be_32 + (MLX5_BSF_SIZE_64B << MLX5_BSF_SIZE_OFFSET | + MLX5_BSF_P_TYPE_CRYPTO << MLX5_BSF_P_TYPE_OFFSET | + encryption_order << MLX5_ENCRYPTION_ORDER_OFFSET | + MLX5_ENCRYPTION_STANDARD_AES_XTS); + switch (xform->cipher.dataunit_len) { + case 0: + sess_private_data->bsp_res = 0; + break; + case 512: + sess_private_data->bsp_res = rte_cpu_to_be_32 + ((uint32_t)MLX5_BLOCK_SIZE_512B << + MLX5_BLOCK_SIZE_OFFSET); + break; + case 4096: + sess_private_data->bsp_res = rte_cpu_to_be_32 + ((uint32_t)MLX5_BLOCK_SIZE_4096B << + MLX5_BLOCK_SIZE_OFFSET); + break; + default: + DRV_LOG(ERR, "Cipher data unit length is not supported."); + return -ENOTSUP; + } + sess_private_data->iv_offset = cipher->iv.offset; + sess_private_data->dek_id = + rte_cpu_to_be_32(sess_private_data->dek->obj->id & + 0xffffff); + set_sym_session_private_data(session, dev->driver_id, + sess_private_data); + DRV_LOG(DEBUG, "Session %p was configured.", sess_private_data); + return 0; +} + +static void +mlx5_crypto_sym_session_clear(struct rte_cryptodev *dev, + struct rte_cryptodev_sym_session *sess) +{ + struct mlx5_crypto_priv *priv = dev->data->dev_private; + struct mlx5_crypto_session *spriv = get_sym_session_private_data(sess, + dev->driver_id); + + if (unlikely(spriv == NULL)) { + DRV_LOG(ERR, "Failed to get session %p private data.", spriv); + return; + } + mlx5_crypto_dek_destroy(priv, spriv->dek); + set_sym_session_private_data(sess, dev->driver_id, NULL); + rte_mempool_put(rte_mempool_from_obj(spriv), spriv); + DRV_LOG(DEBUG, "Session %p was cleared.", spriv); +} + static struct rte_cryptodev_ops mlx5_crypto_ops = { .dev_configure = mlx5_crypto_dev_configure, .dev_start = NULL, .dev_stop = NULL, .dev_close = mlx5_crypto_dev_close, - .dev_infos_get = NULL, + .dev_infos_get = mlx5_crypto_dev_infos_get, .stats_get = NULL, .stats_reset = NULL, .queue_pair_setup = NULL, .queue_pair_release = NULL, - .sym_session_get_size = NULL, - .sym_session_configure = NULL, - .sym_session_clear = NULL, + .sym_session_get_size = mlx5_crypto_sym_session_get_size, + .sym_session_configure = mlx5_crypto_sym_session_configure, + .sym_session_clear = mlx5_crypto_sym_session_clear, .sym_get_raw_dp_ctx_size = NULL, .sym_configure_raw_dp_ctx = NULL, }; -- 2.27.0