From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C778F4297B; Tue, 18 Apr 2023 11:24:14 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CD50842B8E; Tue, 18 Apr 2023 11:24:04 +0200 (CEST) Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2056.outbound.protection.outlook.com [40.107.237.56]) by mails.dpdk.org (Postfix) with ESMTP id F027242D0E for ; Tue, 18 Apr 2023 11:24:02 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TryiipML8KQaummkflb3D0wUPV03XC0AeWfV2ChqK7atTa66zKO54VXM35pIeHRjHx9qQY8YWuwg/WOKELjlBVClHC4tp7fQm/aii5qDkGNTU/mlHW5MRHu2D73Rs9UDucCIR2hZZFRa3K4MkhAwgFldMKkwLuqQ3wn9A4t//c4rJkx0hdhHlpX6xbU+eF8VJYmR+AVfRSD+fKcmUIi1v+AVPhpivBsrVjCjL30a3TrVn+rO2ORBpGOER0IduiA9vO/wC33JYhHYRkFVfFYifRWVfFHBSWvPe08p/Tt8y3KAqiKpJMrXh1KeuDnFGccQY8JDDP6bJzWxfDFWRa0s8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=535JhXs4To0/u+1CFLO8yTckJ0XpI7rZA3rIn8bYGWc=; b=aEiJ3B2d8t1gRJOY4mTVc5jNFiqmgVUB5R3UmeCClMVNgpkQCaghTnrxqALEw5nceWMZddbHOjrQyiph0xn3XfphspYI80tl2ImlorW74JLPG7uABHFB6hu3vP3o4433RjuKwmKY3FgVkt1Oleoz7HIMKnJ0S4jm+pe+G0E2UMZT0VEHg1OiGwH2gcVgZnRAWmBtqrhpp68Dk58G5b8b6LllihNM3QT4qj1OvZsoYOOjbdNHBNfOeYSsLWBbxCRJJrHkFgWzirPRvTnvezuhZCzbQLymDCocpdhv+YtogDnhF+QMWLKcmQWI+kozi91a//QGj0BU6kZNWPpt5gXssQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=535JhXs4To0/u+1CFLO8yTckJ0XpI7rZA3rIn8bYGWc=; b=RVC88vDjso74gRjVyCTzLtbKI17YVa+CKqiq/U3DbxkcDXtFWNpTxVamvLYpDrwGk2O2weuGM87lFzPpcg5bDG/Hn5y0AUZZUbrBkZc4sLAGXTrtXEThjUYaLUxjrcoAIedbF09uYlGA+6IYkwhR1HgmHXgvWo9vngjvvul99SizwC+d95hO8hevLLCcxluO4EP0m3urB4qsr+qNu0Ww4W4ojuQmQ+nKPPyJ1GlgUb1rECT18/3V/9I0KLzvnn8Pb4o0iIytmua+V1hVq3E5tEbOdrhXWnFSf0jkVXMgg3AD8cPCMwE8XACy3ar6U0bLLUQwiRgD2O1pW5psuL905g== Received: from BN9PR03CA0918.namprd03.prod.outlook.com (2603:10b6:408:107::23) by PH7PR12MB7235.namprd12.prod.outlook.com (2603:10b6:510:206::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6298.45; Tue, 18 Apr 2023 09:24:01 +0000 Received: from BN8NAM11FT056.eop-nam11.prod.protection.outlook.com (2603:10b6:408:107:cafe::65) by BN9PR03CA0918.outlook.office365.com (2603:10b6:408:107::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6298.46 via Frontend Transport; Tue, 18 Apr 2023 09:24:00 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by BN8NAM11FT056.mail.protection.outlook.com (10.13.177.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.20 via Frontend Transport; Tue, 18 Apr 2023 09:24:00 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Tue, 18 Apr 2023 02:23:47 -0700 Received: from nvidia.com (10.126.230.37) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Tue, 18 Apr 2023 02:23:44 -0700 From: Suanming Mou To: CC: , , Subject: [RFC PATCH 1/5] crypto/mlx5: add AES-GCM capability Date: Tue, 18 Apr 2023 12:23:21 +0300 Message-ID: <20230418092325.2578712-2-suanmingm@nvidia.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230418092325.2578712-1-suanmingm@nvidia.com> References: <20230418092325.2578712-1-suanmingm@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.126.230.37] X-ClientProxiedBy: rnnvmail203.nvidia.com (10.129.68.9) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN8NAM11FT056:EE_|PH7PR12MB7235:EE_ X-MS-Office365-Filtering-Correlation-Id: c60c1f94-64f7-44d2-9cf9-08db3feea4e2 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Jo+vdK8rBPIxvwLHpmxuBclIZw/CqFGGkzgDcSfpsbFLVFcaoJuCMaVmeaM/wutpxeRx7Gur4eICZ4Ka/zCoVIR9raAqUuU5IujiOrrRnJke5l1z6bCYxO+Sl3oFdQ6p5fonV5u6ElQw5ZqeK9UA23KEVL7w9/zKdDRQUm194Su9rQ8eije2QMS4+zCgTFj+fyQs0OXeuUJIudRI4jRTqIAhLXw3kzp+CTuIzUhp15op17GfWZ174OsFUYq+9qEtF9pQ4EAQSSZej4TasdI3dTjTy0jYTIoTPGkwjZDcfa2ljWP6wacef068GC/81jBeovkrYxOVBYYDDOu+o+5pY0AD3N8/ONeRdnT1QORXbWOyr0psvf5RMzeUgCA2fs3QIwvkykgxtYRIFOdhW8IfInqLGTx3vaHen4Ktb5QxCaXq/BmMDrQicN5mYxAvVMt9wyCz8xzW/U3DiZo39xatl61WXPpReYxFkp9naZxrI/uAdEXqyOQW7y6fHRjfPNJX1kBX7Oz/i83Xf1tXffY5A1m5OXVnIU/PPrxAgiRY16hxkTkWt0Gc7IloPOi7lIRQs7/Fa4MiDRc5CCQmDrb89KNAjyG0IK8q0kSep3gGksIGfZOY5HOHzGbS2EUI1sPPoorkPW3bXB79m7idkv23n8ccWVVW1AVjOsnXNglLJjHWEttkCnIWtFifYl9xdCzuX5ARqhKn68I+flztewYvvn/KrDVG9RZRVP7TN2HsQUbbhcOV0z9Bl2kR3VYtPKl78r+gpz4LfBtB5UJ8rbo9z3wf03dwQHO1Oely7md6Fto= X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE; SFS:(13230028)(4636009)(39860400002)(376002)(346002)(136003)(396003)(451199021)(40470700004)(46966006)(36840700001)(356005)(82740400003)(7696005)(7636003)(34020700004)(6666004)(40460700003)(6636002)(37006003)(54906003)(2906002)(55016003)(478600001)(40480700001)(83380400001)(426003)(336012)(47076005)(186003)(2616005)(6286002)(16526019)(26005)(82310400005)(36860700001)(36756003)(30864003)(4326008)(5660300002)(70586007)(316002)(1076003)(70206006)(86362001)(41300700001)(8676002)(8936002)(6862004); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2023 09:24:00.2107 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c60c1f94-64f7-44d2-9cf9-08db3feea4e2 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT056.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7235 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org AES-GCM provides both authenticated encryption and the ability to check the integrity and authentication of additional authenticated data (AAD) that is sent in the clear. This commit adds the AES-GCM capability query and check. An new devarg "algo" is added to identify if the crypto PMD will be initialized as AES-GCM(algo=1) or AES-XTS(algo=0, default). Signed-off-by: Suanming Mou --- doc/guides/nics/mlx5.rst | 8 +++ drivers/common/mlx5/mlx5_devx_cmds.c | 17 +++++ drivers/common/mlx5/mlx5_devx_cmds.h | 14 ++++ drivers/common/mlx5/mlx5_prm.h | 19 ++++- drivers/crypto/mlx5/meson.build | 1 + drivers/crypto/mlx5/mlx5_crypto.c | 30 +++++++- drivers/crypto/mlx5/mlx5_crypto.h | 5 ++ drivers/crypto/mlx5/mlx5_crypto_gcm.c | 100 ++++++++++++++++++++++++++ 8 files changed, 189 insertions(+), 5 deletions(-) create mode 100644 drivers/crypto/mlx5/mlx5_crypto_gcm.c diff --git a/doc/guides/nics/mlx5.rst b/doc/guides/nics/mlx5.rst index 9d111ed436..5eb2150613 100644 --- a/doc/guides/nics/mlx5.rst +++ b/doc/guides/nics/mlx5.rst @@ -1270,6 +1270,14 @@ for an additional list of options shared with other mlx5 drivers. Set to zero by default. +- ``algo`` parameter [int] + + - 0. AES-XTS crypto. + + - 1. AES-GCM crypto. + + Set to zero(AES-XTS) by default. + Supported NICs -------------- diff --git a/drivers/common/mlx5/mlx5_devx_cmds.c b/drivers/common/mlx5/mlx5_devx_cmds.c index 96d3e3e373..592a7cffdb 100644 --- a/drivers/common/mlx5/mlx5_devx_cmds.c +++ b/drivers/common/mlx5/mlx5_devx_cmds.c @@ -1197,6 +1197,23 @@ mlx5_devx_cmd_query_hca_attr(void *ctx, attr->crypto_wrapped_import_method = !!(MLX5_GET(crypto_caps, hcattr, wrapped_import_method) & 1 << 2); + attr->sw_wrapped_dek = MLX5_GET(crypto_caps, hcattr, sw_wrapped_dek_key_purpose) ? + MLX5_GET(crypto_caps, hcattr, sw_wrapped_dek_new) : 0; + attr->crypto_mmo.crypto_mmo_qp = MLX5_GET(crypto_caps, hcattr, crypto_mmo_qp); + attr->crypto_mmo.gcm_256_encrypt = + MLX5_GET(crypto_caps, hcattr, crypto_aes_gcm_256_encrypt); + attr->crypto_mmo.gcm_128_encrypt = + MLX5_GET(crypto_caps, hcattr, crypto_aes_gcm_128_encrypt); + attr->crypto_mmo.gcm_256_decrypt = + MLX5_GET(crypto_caps, hcattr, crypto_aes_gcm_256_decrypt); + attr->crypto_mmo.gcm_128_decrypt = + MLX5_GET(crypto_caps, hcattr, crypto_aes_gcm_128_decrypt); + attr->crypto_mmo.gcm_auth_tag_128 = + MLX5_GET(crypto_caps, hcattr, gcm_auth_tag_128); + attr->crypto_mmo.gcm_auth_tag_96 = + MLX5_GET(crypto_caps, hcattr, gcm_auth_tag_96); + attr->crypto_mmo.log_crypto_mmo_max_size = + MLX5_GET(crypto_caps, hcattr, log_crypto_mmo_max_size); } if (hca_cap_2_sup) { hcattr = mlx5_devx_get_hca_cap(ctx, in, out, &rc, diff --git a/drivers/common/mlx5/mlx5_devx_cmds.h b/drivers/common/mlx5/mlx5_devx_cmds.h index e006a04d68..d640482346 100644 --- a/drivers/common/mlx5/mlx5_devx_cmds.h +++ b/drivers/common/mlx5/mlx5_devx_cmds.h @@ -153,6 +153,18 @@ struct mlx5_hca_ipsec_attr { struct mlx5_hca_ipsec_reformat_attr reformat_fdb; }; +__extension__ +struct mlx5_hca_crypto_mmo_attr { + uint32_t crypto_mmo_qp:1; + uint32_t gcm_256_encrypt:1; + uint32_t gcm_128_encrypt:1; + uint32_t gcm_256_decrypt:1; + uint32_t gcm_128_decrypt:1; + uint32_t gcm_auth_tag_128:1; + uint32_t gcm_auth_tag_96:1; + uint32_t log_crypto_mmo_max_size:6; +}; + /* ISO C restricts enumerator values to range of 'int' */ __extension__ enum { @@ -266,6 +278,7 @@ struct mlx5_hca_attr { uint32_t import_kek:1; /* General obj type IMPORT_KEK supported. */ uint32_t credential:1; /* General obj type CREDENTIAL supported. */ uint32_t crypto_login:1; /* General obj type CRYPTO_LOGIN supported. */ + uint32_t sw_wrapped_dek:16; /* DEKs wrapped by SW are supported */ uint32_t regexp_num_of_engines; uint32_t log_max_ft_sampler_num:8; uint32_t inner_ipv4_ihl:1; @@ -281,6 +294,7 @@ struct mlx5_hca_attr { struct mlx5_hca_flow_attr flow; struct mlx5_hca_flex_attr flex; struct mlx5_hca_ipsec_attr ipsec; + struct mlx5_hca_crypto_mmo_attr crypto_mmo; int log_max_qp_sz; int log_max_cq_sz; int log_max_qp; diff --git a/drivers/common/mlx5/mlx5_prm.h b/drivers/common/mlx5/mlx5_prm.h index 31db082c50..a3b85f514e 100644 --- a/drivers/common/mlx5/mlx5_prm.h +++ b/drivers/common/mlx5/mlx5_prm.h @@ -4654,7 +4654,9 @@ struct mlx5_ifc_crypto_caps_bits { u8 synchronize_dek[0x1]; u8 int_kek_manual[0x1]; u8 int_kek_auto[0x1]; - u8 reserved_at_6[0x12]; + u8 reserved_at_6[0xd]; + u8 sw_wrapped_dek_key_purpose[0x1]; + u8 reserved_at_14[0x4]; u8 wrapped_import_method[0x8]; u8 reserved_at_20[0x3]; u8 log_dek_max_alloc[0x5]; @@ -4671,8 +4673,19 @@ struct mlx5_ifc_crypto_caps_bits { u8 log_dek_granularity[0x5]; u8 reserved_at_68[0x3]; u8 log_max_num_int_kek[0x5]; - u8 reserved_at_70[0x10]; - u8 reserved_at_80[0x780]; + u8 sw_wrapped_dek_new[0x10]; + u8 reserved_at_80[0x80]; + u8 crypto_mmo_qp[0x1]; + u8 crypto_aes_gcm_256_encrypt[0x1]; + u8 crypto_aes_gcm_128_encrypt[0x1]; + u8 crypto_aes_gcm_256_decrypt[0x1]; + u8 crypto_aes_gcm_128_decrypt[0x1]; + u8 gcm_auth_tag_128[0x1]; + u8 gcm_auth_tag_96[0x1]; + u8 reserved_at_107[0x3]; + u8 log_crypto_mmo_max_size[0x6]; + u8 reserved_at_110[0x10]; + u8 reserved_at_120[0x6d0]; }; struct mlx5_ifc_crypto_commissioning_register_bits { diff --git a/drivers/crypto/mlx5/meson.build b/drivers/crypto/mlx5/meson.build index a830a4c7b9..930a31c795 100644 --- a/drivers/crypto/mlx5/meson.build +++ b/drivers/crypto/mlx5/meson.build @@ -15,6 +15,7 @@ endif sources = files( 'mlx5_crypto.c', + 'mlx5_crypto_gcm.c', 'mlx5_crypto_dek.c', ) diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c index 9dec1cfbe0..6963d8a9c9 100644 --- a/drivers/crypto/mlx5/mlx5_crypto.c +++ b/drivers/crypto/mlx5/mlx5_crypto.c @@ -23,6 +23,13 @@ #define MLX5_CRYPTO_MAX_QPS 128 #define MLX5_CRYPTO_MAX_SEGS 56 +enum mlx5_crypto_pmd_support_algo { + MLX5_CRYPTO_PMD_SUPPORT_ALGO_NULL, + MLX5_CRYPTO_PMD_SUPPORT_ALGO_AES_XTS, + MLX5_CRYPTO_PMD_SUPPORT_ALGO_AES_GCM, + MLX5_CRYPTO_PMD_SUPPORT_ALGO_MAX, +}; + #define MLX5_CRYPTO_FEATURE_FLAGS(wrapped_mode) \ (RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_HW_ACCELERATED | \ RTE_CRYPTODEV_FF_IN_PLACE_SGL | RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT | \ @@ -102,7 +109,7 @@ mlx5_crypto_dev_infos_get(struct rte_cryptodev *dev, dev_info->driver_id = mlx5_crypto_driver_id; dev_info->feature_flags = MLX5_CRYPTO_FEATURE_FLAGS(priv->is_wrapped_mode); - dev_info->capabilities = mlx5_crypto_caps; + dev_info->capabilities = priv->caps; dev_info->max_nb_queue_pairs = MLX5_CRYPTO_MAX_QPS; dev_info->min_mbuf_headroom_req = 0; dev_info->min_mbuf_tailroom_req = 0; @@ -749,6 +756,14 @@ mlx5_crypto_args_check_handler(const char *key, const char *val, void *opaque) attr->credential_pointer = (uint32_t)tmp; } else if (strcmp(key, "keytag") == 0) { devarg_prms->keytag = tmp; + } else if (strcmp(key, "algo") == 0) { + if (tmp == 1) { + devarg_prms->is_aes_gcm = 1; + } else if (tmp > 1) { + DRV_LOG(ERR, "Invalid algo."); + rte_errno = EINVAL; + return -rte_errno; + } } return 0; } @@ -765,6 +780,7 @@ mlx5_crypto_parse_devargs(struct mlx5_kvargs_ctrl *mkvlist, "keytag", "max_segs_num", "wcs_file", + "algo", NULL, }; @@ -895,7 +911,9 @@ mlx5_crypto_dev_probe(struct mlx5_common_device *cdev, rte_errno = ENOTSUP; return -rte_errno; } - if (!cdev->config.hca_attr.crypto || !cdev->config.hca_attr.aes_xts) { + if (!cdev->config.hca_attr.crypto || + (!cdev->config.hca_attr.aes_xts && + !cdev->config.hca_attr.crypto_mmo.crypto_mmo_qp)) { DRV_LOG(ERR, "Not enough capabilities to support crypto " "operations, maybe old FW/OFED version?"); rte_errno = ENOTSUP; @@ -924,6 +942,14 @@ mlx5_crypto_dev_probe(struct mlx5_common_device *cdev, priv->cdev = cdev; priv->crypto_dev = crypto_dev; priv->is_wrapped_mode = wrapped_mode; + priv->caps = mlx5_crypto_caps; + /* Init and override AES-GCM configuration. */ + if (devarg_prms.is_aes_gcm) { + ret = mlx5_crypto_gcm_init(priv); + if (ret) { + DRV_LOG(ERR, "Failed to init AES-GCM crypto."); + } + } if (mlx5_devx_uar_prepare(cdev, &priv->uar) != 0) { rte_cryptodev_pmd_destroy(priv->crypto_dev); return -1; diff --git a/drivers/crypto/mlx5/mlx5_crypto.h b/drivers/crypto/mlx5/mlx5_crypto.h index a2771b3dab..80c2cab0dd 100644 --- a/drivers/crypto/mlx5/mlx5_crypto.h +++ b/drivers/crypto/mlx5/mlx5_crypto.h @@ -31,6 +31,7 @@ struct mlx5_crypto_priv { struct mlx5_uar uar; /* User Access Region. */ uint32_t max_segs_num; /* Maximum supported data segs. */ struct mlx5_hlist *dek_hlist; /* Dek hash list. */ + const struct rte_cryptodev_capabilities *caps; struct rte_cryptodev_config dev_config; struct mlx5_devx_obj *login_obj; uint64_t keytag; @@ -68,6 +69,7 @@ struct mlx5_crypto_devarg_params { struct mlx5_devx_crypto_login_attr login_attr; uint64_t keytag; uint32_t max_segs_num; + uint32_t is_aes_gcm:1; }; int @@ -84,4 +86,7 @@ mlx5_crypto_dek_setup(struct mlx5_crypto_priv *priv); void mlx5_crypto_dek_unset(struct mlx5_crypto_priv *priv); +int +mlx5_crypto_gcm_init(struct mlx5_crypto_priv *priv); + #endif /* MLX5_CRYPTO_H_ */ diff --git a/drivers/crypto/mlx5/mlx5_crypto_gcm.c b/drivers/crypto/mlx5/mlx5_crypto_gcm.c new file mode 100644 index 0000000000..d60ac379cf --- /dev/null +++ b/drivers/crypto/mlx5/mlx5_crypto_gcm.c @@ -0,0 +1,100 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright (c) 2023 NVIDIA Corporation & Affiliates + */ + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "mlx5_crypto_utils.h" +#include "mlx5_crypto.h" + +static struct rte_cryptodev_capabilities mlx5_crypto_gcm_caps[] = { + { + .op = RTE_CRYPTO_OP_TYPE_UNDEFINED, + }, + { + .op = RTE_CRYPTO_OP_TYPE_UNDEFINED, + } +}; + +static int +mlx5_crypto_generate_gcm_cap(struct mlx5_hca_crypto_mmo_attr *mmo_attr, + struct rte_cryptodev_capabilities *cap) +{ + /* Init key size. */ + if (mmo_attr->gcm_128_encrypt && mmo_attr->gcm_128_decrypt && + mmo_attr->gcm_256_encrypt && mmo_attr->gcm_256_decrypt) { + cap->sym.aead.key_size.min = 16; + cap->sym.aead.key_size.max = 32; + cap->sym.aead.key_size.increment = 16; + } else if (mmo_attr->gcm_256_encrypt && mmo_attr->gcm_256_decrypt) { + cap->sym.aead.key_size.min = 32; + cap->sym.aead.key_size.max = 32; + cap->sym.aead.key_size.increment = 0; + } else if (mmo_attr->gcm_128_encrypt && mmo_attr->gcm_128_decrypt) { + cap->sym.aead.key_size.min = 16; + cap->sym.aead.key_size.max = 16; + cap->sym.aead.key_size.increment = 0; + } else { + DRV_LOG(ERR, "No available AES-GCM encryption/decryption supported."); + return -1; + } + /* Init tag size. */ + if (mmo_attr->gcm_auth_tag_128 && mmo_attr->gcm_auth_tag_128) { + cap->sym.aead.digest_size.min = 8; + cap->sym.aead.digest_size.max = 16; + cap->sym.aead.digest_size.increment = 8; + } else if (mmo_attr->gcm_auth_tag_128) { + cap->sym.aead.digest_size.min = 8; + cap->sym.aead.digest_size.max = 8; + cap->sym.aead.digest_size.increment = 0; + } else if (mmo_attr->gcm_128_encrypt && mmo_attr->gcm_128_decrypt) { + cap->sym.aead.digest_size.min = 16; + cap->sym.aead.digest_size.max = 16; + cap->sym.aead.digest_size.increment = 0; + } else { + DRV_LOG(ERR, "No available AES-GCM tag size supported."); + return -1; + } + /* Init AAD size. */ + cap->sym.aead.aad_size.min = 0; + cap->sym.aead.aad_size.max = UINT16_MAX; + cap->sym.aead.aad_size.increment = 1; + /* Init IV size. */ + cap->sym.aead.iv_size.min = 12; + cap->sym.aead.iv_size.max = 12; + cap->sym.aead.iv_size.increment = 0; + /* Init left items. */ + cap->op = RTE_CRYPTO_OP_TYPE_SYMMETRIC; + cap->sym.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD; + cap->sym.aead.algo = RTE_CRYPTO_AEAD_AES_GCM; + return 0; +} + +int +mlx5_crypto_gcm_init(struct mlx5_crypto_priv *priv) +{ + struct mlx5_common_device *cdev = priv->cdev; + int ret; + + /* Generate GCM capability. */ + ret = mlx5_crypto_generate_gcm_cap(&cdev->config.hca_attr.crypto_mmo, + mlx5_crypto_gcm_caps); + if (ret) { + DRV_LOG(ERR, "No enough AES-GCM cap."); + return -1; + } + priv->caps = mlx5_crypto_gcm_caps; + return 0; +} + -- 2.25.1