From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2BCE4A0A02; Tue, 4 May 2021 23:10:35 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 776B941142; Tue, 4 May 2021 23:09:44 +0200 (CEST) Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam08on2078.outbound.protection.outlook.com [40.107.101.78]) by mails.dpdk.org (Postfix) with ESMTP id 2389D41131 for ; Tue, 4 May 2021 23:09:43 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DmwAXsEupycWn//cn/OJIkXMPyOaMO4NlMAxu3EYxtzcFgHV5Xdmdp0moqrpRGT/iv+UsxjmFdIhOPCgPdzs0Dcar74Ohay+Xq8pY2joN+IqnZ3nwQyN8qLXZmsX9tHl+SsDwEj3RSEfpfdGEGpdrj+5gNExbZVVKHi5jnNsnTpLoTOodjTNqvai/FoLN1GsVn1Zc6W7ZBqnzs8Ci2ZMsnT74byHk/ykt+KY9NRasnGLN3PmVX8Q+tNnWFRh0Bdxs0d6UHuJx+ig1NFZwxQM0d7fnPvBCZ7aODsgWhatogYLY9bc7wvnntmecW32ATVng9DoMXk45Mn/jwa1l/DLcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o5k6Ei3dik3VMGtHmTT4H/4dkIBZPqsbhooJbXBUWPs=; b=YiRMqjdiyU1qG64x46mcmzGDjfhiXacaNVGbBdWjyUgDMmneEq4i2XNP4yAgZ+fGg0My/NFxoid11jMCEUsJWMidZohdkBGnkg6bWJLek2O5c/H15i8rRfvibz0ovTMhvKWRj6pqDbW9IaaO9sZtsGkKk3Me3TRYpk9YPMsuiDS7yWd2E8xUcxgRTOza2uvrxVypoVKI0Xxa88fzu8ph3uln+GVoIrxYuCxb7X6yvquOjYpH7up2GJlGAZ7YT/giahQPaaKIHURixMZP2MG9JuGIpv6w835fL8TjEm35VV72ZjKgZhKgqVECYLtAcdpmXgVRUPRRFcKFdzPQR6r6OA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.112.34) smtp.rcpttodomain=monjalon.net smtp.mailfrom=nvidia.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o5k6Ei3dik3VMGtHmTT4H/4dkIBZPqsbhooJbXBUWPs=; b=D68pTdcVbTSLtFQKOncQ4x8X60KNIXiL5UPz2PJZ/3YaPiwyDuTeY40HqrAGSAA4Z8QOz66h8FTpSbWYRAXTvG9ZyyZYx2i/cY6kGKbR61D8tO+654UbdADRcxRRW1d1Tlz5SmYEP8lOckbf5q0q4XQjqmpnvzZ5OPdLeveAlpKur6qV74lqJHWhHijQF093ClBpkg2xvIiXs+ETmGPEj20ryvPnd98elDdYh/qmeBRsV4I5vGGeur/tzjhU/xplAYANH0IhTAAo6nLNb+9W64Oj2aw/R+FqSS8qbBR4kRClkH/vBVkrKyRLT7Wou/mjgfQ5jR4Q01Gqk/lEwS/WRg== Received: from MW4PR04CA0196.namprd04.prod.outlook.com (2603:10b6:303:86::21) by BL1PR12MB5350.namprd12.prod.outlook.com (2603:10b6:208:31d::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.24; Tue, 4 May 2021 21:09:41 +0000 Received: from CO1NAM11FT056.eop-nam11.prod.protection.outlook.com (2603:10b6:303:86:cafe::f0) by MW4PR04CA0196.outlook.office365.com (2603:10b6:303:86::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Tue, 4 May 2021 21:09:41 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.34) smtp.mailfrom=nvidia.com; monjalon.net; dkim=none (message not signed) header.d=none;monjalon.net; dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.34 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.34; helo=mail.nvidia.com; Received: from mail.nvidia.com (216.228.112.34) by CO1NAM11FT056.mail.protection.outlook.com (10.13.175.107) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4087.27 via Frontend Transport; Tue, 4 May 2021 21:09:41 +0000 Received: from nvidia.com (172.20.145.6) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 4 May 2021 21:09:39 +0000 From: Matan Azrad To: CC: , , , "Thomas Monjalon" Date: Wed, 5 May 2021 00:08:52 +0300 Message-ID: <20210504210857.3398397-11-matan@nvidia.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210504210857.3398397-1-matan@nvidia.com> References: <20210429154712.2820159-1-matan@nvidia.com> <20210504210857.3398397-1-matan@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [172.20.145.6] X-ClientProxiedBy: HQMAIL111.nvidia.com (172.20.187.18) To HQMAIL107.nvidia.com (172.20.187.13) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b795d6b4-91a6-41f3-15e9-08d90f40ef12 X-MS-TrafficTypeDiagnostic: BL1PR12MB5350: X-LD-Processed: 43083d15-7273-40c1-b7db-39efd9ccc17a,ExtAddr X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:125; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: U5WwrShSCNPTNDWYpKBW3tQomPt56NuLwjAh9yIw2SZX0l4sqM9y1upzfTs5f7uXDw67zv6H1E4s0ju3jfaoYnGW5io5RuANkafzJqhqkKdCPkx4lRjB24Xng9vaOSFeEDSvGDcwecu6C1pZUU6dMTCyCKbBVOuKHB5RHqciKY3VZiZLI2V2IixBSkixKvSJVyHciJJ6Uj0115bAqeYqBWahnuCINvTcwaEdu0JpSQkOLFyIlwmCppNUqcIQgIyFLUrd3KEQ+xpoUIMxZsrvAfVmOpFGbyCILOj4veFuk0/Jm7sbEP5D4BtVtliFebE8lFvsVKH2rRLuepA20S9AVbNt3UoMLwxcifn0CtB3UZduuRZ2/uoN6WxYPdXIlCFF0IbCU/csUPMJQksVuQg4p0psM0d1pNuuIKk2rCo2ThF86uVPp0smqWMqsDzW+ZidYPeUL3nUyTy4TwbdGBwmbM+FeBpVhOD1u8ZHL3qvmYE94K0nuDX9Er6D4vSln9GKAfHknuqAG0htx/Dv4HpFtOZ+zH22M+fWuZI4xMx7zVaTtcFVSD9VaO2nmk156HDPyMchuY5EBwErKXZGzq83tOQNnu0FxGJYR09CR5BunOJsjS8/65gl6syY1ad7UvfZNtbmGwZdXOYqkuXFFgPGNyacJS6hfnJXbI+cVvBj8Ro= X-Forefront-Antispam-Report: CIP:216.228.112.34; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:schybrid03.nvidia.com; CAT:NONE; SFS:(4636009)(396003)(376002)(346002)(136003)(39860400002)(46966006)(36840700001)(83380400001)(186003)(70206006)(2906002)(16526019)(4326008)(5660300002)(36756003)(70586007)(26005)(6286002)(336012)(6916009)(86362001)(426003)(8676002)(356005)(8936002)(1076003)(82740400003)(55016002)(47076005)(36860700001)(54906003)(36906005)(82310400003)(7636003)(316002)(6666004)(7696005)(2616005)(478600001); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 May 2021 21:09:41.1759 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b795d6b4-91a6-41f3-15e9-08d90f40ef12 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.112.34]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT056.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5350 Subject: [dpdk-dev] [PATCH v3 10/15] crypto/mlx5: add keytag device argument X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Suanming Mou A keytag is a piece of data encrypted together with a DEK. When a DEK is referenced by an MKEY.bsf through its index, the keytag is also supplied in the BSF as plaintext. The HW will decrypt the DEK (and the attached keytag) and will fail the operation if the keytags don't match. This commit adds the configuration of the keytag with devargs. Signed-off-by: Suanming Mou Signed-off-by: Matan Azrad --- drivers/crypto/mlx5/mlx5_crypto.c | 50 +++++++++++++++++-------------- drivers/crypto/mlx5/mlx5_crypto.h | 3 +- 2 files changed, 30 insertions(+), 23 deletions(-) diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c index 8cc29ced21..73cca8136b 100644 --- a/drivers/crypto/mlx5/mlx5_crypto.c +++ b/drivers/crypto/mlx5/mlx5_crypto.c @@ -468,56 +468,52 @@ mlx5_crypto_args_check_handler(const char *key, const char *val, void *opaque) attr->session_import_kek_ptr = (uint32_t)tmp; else if (strcmp(key, "credential_id") == 0) attr->credential_pointer = (uint32_t)tmp; + else if (strcmp(key, "keytag") == 0) + devarg_prms->keytag = tmp; else DRV_LOG(WARNING, "Invalid key %s.", key); return 0; } -static struct mlx5_devx_obj * -mlx5_crypto_config_login(struct rte_devargs *devargs, - struct ibv_context *ctx) +static int +mlx5_crypto_parse_devargs(struct rte_devargs *devargs, + struct mlx5_crypto_devarg_params *devarg_prms) { - /* - * Set credential pointer and session import KEK pointer to a default - * value of 0. - */ - struct mlx5_crypto_devarg_params login = { - .login_devarg = false, - .login_attr = { - .credential_pointer = 0, - .session_import_kek_ptr = 0, - } - }; + struct mlx5_devx_crypto_login_attr *attr = &devarg_prms->login_attr; struct rte_kvargs *kvlist; + /* Default values. */ + attr->credential_pointer = 0; + attr->session_import_kek_ptr = 0; + devarg_prms->keytag = 0; if (devargs == NULL) { DRV_LOG(ERR, "No login devargs in order to enable crypto operations in the device."); rte_errno = EINVAL; - return NULL; + return -1; } kvlist = rte_kvargs_parse(devargs->args, NULL); if (kvlist == NULL) { DRV_LOG(ERR, "Failed to parse devargs."); rte_errno = EINVAL; - return NULL; + return -1; } if (rte_kvargs_process(kvlist, NULL, mlx5_crypto_args_check_handler, - &login) != 0) { + devarg_prms) != 0) { DRV_LOG(ERR, "Devargs handler function Failed."); rte_kvargs_free(kvlist); rte_errno = EINVAL; - return NULL; + return -1; } rte_kvargs_free(kvlist); - if (login.login_devarg == false) { + if (devarg_prms->login_devarg == false) { DRV_LOG(ERR, "No login credential devarg in order to enable crypto operations " "in the device."); rte_errno = EINVAL; - return NULL; + return -1; } - return mlx5_devx_cmd_create_crypto_login_obj(ctx, &login.login_attr); + return 0; } /** @@ -543,6 +539,7 @@ mlx5_crypto_pci_probe(struct rte_pci_driver *pci_drv, struct ibv_context *ctx; struct mlx5_devx_obj *login; struct mlx5_crypto_priv *priv; + struct mlx5_crypto_devarg_params devarg_prms = { 0 }; struct mlx5_hca_attr attr = { 0 }; struct rte_cryptodev_pmd_init_params init_params = { .name = "", @@ -551,6 +548,8 @@ mlx5_crypto_pci_probe(struct rte_pci_driver *pci_drv, .max_nb_queue_pairs = RTE_CRYPTODEV_PMD_DEFAULT_MAX_NB_QUEUE_PAIRS, }; + int ret; + RTE_SET_USED(pci_drv); if (rte_eal_process_type() != RTE_PROC_PRIMARY) { DRV_LOG(ERR, "Non-primary process type is not supported."); @@ -580,7 +579,13 @@ mlx5_crypto_pci_probe(struct rte_pci_driver *pci_drv, rte_errno = ENOTSUP; return -ENOTSUP; } - login = mlx5_crypto_config_login(pci_dev->device.devargs, ctx); + ret = mlx5_crypto_parse_devargs(pci_dev->device.devargs, &devarg_prms); + if (ret) { + DRV_LOG(ERR, "Failed to parse devargs."); + return -rte_errno; + } + login = mlx5_devx_cmd_create_crypto_login_obj(ctx, + &devarg_prms.login_attr); if (login == NULL) { DRV_LOG(ERR, "Failed to configure login."); return -rte_errno; @@ -620,6 +625,7 @@ mlx5_crypto_pci_probe(struct rte_pci_driver *pci_drv, } priv->mr_scache.reg_mr_cb = mlx5_common_verbs_reg_mr; priv->mr_scache.dereg_mr_cb = mlx5_common_verbs_dereg_mr; + priv->keytag = rte_cpu_to_be_64(devarg_prms.keytag); pthread_mutex_lock(&priv_list_lock); TAILQ_INSERT_TAIL(&mlx5_crypto_priv_list, priv, next); pthread_mutex_unlock(&priv_list_lock); diff --git a/drivers/crypto/mlx5/mlx5_crypto.h b/drivers/crypto/mlx5/mlx5_crypto.h index 0aef804b92..34c65f9a24 100644 --- a/drivers/crypto/mlx5/mlx5_crypto.h +++ b/drivers/crypto/mlx5/mlx5_crypto.h @@ -30,6 +30,7 @@ struct mlx5_crypto_priv { struct rte_cryptodev_config dev_config; struct mlx5_mr_share_cache mr_scache; /* Global shared MR cache. */ struct mlx5_devx_obj *login_obj; + uint64_t keytag; }; struct mlx5_crypto_qp { @@ -49,10 +50,10 @@ struct mlx5_crypto_dek { bool size_is_48; /* Whether the key\data size is 48 bytes or not. */ }; - struct mlx5_crypto_devarg_params { bool login_devarg; struct mlx5_devx_crypto_login_attr login_attr; + uint64_t keytag; }; int -- 2.25.1