From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 61CD0A0A0C; Thu, 15 Jul 2021 17:09:21 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8A83441275; Thu, 15 Jul 2021 17:09:11 +0200 (CEST) Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2085.outbound.protection.outlook.com [40.107.94.85]) by mails.dpdk.org (Postfix) with ESMTP id 174B14123B for ; Thu, 15 Jul 2021 17:09:08 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PXy61dtQdQzSDUF59z+RnNpLejqA2/zS0+IKq1qWu3HNo2nznaC+uFjMknU2e59WssA+wU/21fKlPRhdXfjOtzODsnCmwrscLBsHuYgftda3dSiDNpZ4QTHkiQqciQoXZUiAhmjz1gTyCbSHZ0HgN0/WFkh0/S4E65petKGxrqEfnganFpigMzc2nFnM2U3HdIFFEQXbguc4O1vo2QdgRTlFGVi+YQUExN1kf6Uk7nXktglbM/VC/YYk9arCb/8Mf46XdDc9Qh16CRlYgGUMoF3D3xOLk3XWOuZXEKYH8thSp4Yu7oz4ce9rGcxLSeZ0gezVlpmbeUtQc42q6PobxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OGj2qfgA9enBMp0FrtTabcR+gbQjQ+dGIKPMJHLwq9E=; b=nIdBvHpAHUPdk8z+b/L8VwJx/gESIGFqZTsti6Dcl4lkkilsiYm5/9V5vY7wK0EAjPn24XvasiI5+0znLCpwfXnlZCJMnAHfJMeQ1rxvW9jIgKqBAJkF1YC+VZ9LFVJP0MFYdHBZJoQrZtTbsF/WhSmOR0z+Gkve8SdhcoMU3oBL5QEYjSbBW6/dxzaDeckZ1Mk3PWM2MMBYtpNkbn6z2VcCUu6ydkZSRAA4AJUO/lufY8aF9OQDzZOvPFsYm39pUsBQo38oMZpPrgyjaTZgvxRH5QUnpIe1OBJwj38NmOdeVgRzqucJSCAu9bCwdvp8rdanD7x2otwSpjSMdvRi+A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.112.34) smtp.rcpttodomain=redhat.com smtp.mailfrom=nvidia.com; dmarc=pass (p=quarantine sp=none pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OGj2qfgA9enBMp0FrtTabcR+gbQjQ+dGIKPMJHLwq9E=; b=A6mzRQNrPiwItEcZV6n1/9MOUeDzFPd0VGdBvbwlXSUNnJuIW2dpzB0Cz+00sdP4GlBHeBx5wNVidsFP/WEb6wtuqMtmSV7REoLGnPDGLhv+spBhY2DMK0fdM1qEL3leW4yKo30i+LolImB75EvJ0deKFDbkx8WkNcj7m0zwvtoXhx94tvlfFJXna5D2qDFkeBFjXY75/XTRDi++dih1bIe6F9JyvUqpsbxSyGVDhExZ5XeA4hrJ3IG4QHJvvVZ/52BrnNKFStkmFRFX5cE6GpUo9MrFRlSUrBhyH/U836KdxEuaH0lgyq9YRSNwVOeKWLqLW5tU1ZcGVatdLEjkAw== Received: from MWHPR03CA0017.namprd03.prod.outlook.com (2603:10b6:300:117::27) by CH2PR12MB4860.namprd12.prod.outlook.com (2603:10b6:610:6c::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.21; Thu, 15 Jul 2021 15:09:06 +0000 Received: from CO1NAM11FT057.eop-nam11.prod.protection.outlook.com (2603:10b6:300:117:cafe::47) by MWHPR03CA0017.outlook.office365.com (2603:10b6:300:117::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.22 via Frontend Transport; Thu, 15 Jul 2021 15:09:05 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.34) smtp.mailfrom=nvidia.com; redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.34 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.34; helo=mail.nvidia.com; Received: from mail.nvidia.com (216.228.112.34) by CO1NAM11FT057.mail.protection.outlook.com (10.13.174.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4331.21 via Frontend Transport; Thu, 15 Jul 2021 15:09:05 +0000 Received: from nvidia.com (172.20.187.6) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 15 Jul 2021 15:09:03 +0000 From: Shiri Kuzin To: CC: , , , Date: Thu, 15 Jul 2021 18:08:03 +0300 Message-ID: <20210715150817.51485-3-shirik@nvidia.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210715150817.51485-1-shirik@nvidia.com> References: <20210708152530.25835-1-shirik@nvidia.com> <20210715150817.51485-1-shirik@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [172.20.187.6] X-ClientProxiedBy: HQMAIL111.nvidia.com (172.20.187.18) To HQMAIL107.nvidia.com (172.20.187.13) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 65edd074-15f7-4150-95ba-08d947a27cb2 X-MS-TrafficTypeDiagnostic: CH2PR12MB4860: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3968; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: qHDSLNt4YAmHJKniGN4mb+q2a7LPe1dGGcGiIm/wdBBV1ttq0d3KBCIcIrkOzL6O3faMjXgZPwfxde3xjknwtSdIBVPX0vd18fGzu1MR+pFGVNZcJciUdXliAruIHarSoVy5aomfB2B/YbWTULSfwXXr6npV9PXS3XCKu8XQrP/iarK0icXiRRjXbAX7VI/w5yhrzHFMyyz+LQEdoSNUF6jnsFOMrBOb4z7/hsf3uakMmsRVfji9LlFgIeVuAu36Dwulwc61czmSPh9Ml7jL85LbXLyQ7dFD36sR3pnSfHvnnjKUn39p3qClt4PQEB5Izoffw3vfgqZsSIoyiKPRIZLgfm3gBgGWEpck9Du1QdTYeO/rQFQALb1PueaZqjKY9LcLCml1j2LJZ+Hg206pJ9CernneQkdQvOUN6jf/Vohd4A2u5eUz5nOAq/q8ZUUgku2zVlzONxC7ba/7eLD6d4m32qRKUSYwHYKn6MFtKO6NlSjuCVMSCaMdc8elFr3hzRJwBTSGlhSpwTlFaz+ndSB5cP0bkw/8gQOHp92+ykkwvZ2cqPVUREzK/QM9Gzg9GheDzrk6WsGGCydD8tEd1+a9f3hp6dBLp0CuqLpNw1z6IYkAivQnXAleJH/SH8fUoX/9V/pB/nBEhL+tzuU+pr2jV/776BDaazN/BRV2meeh5UX9KR80VR76BYH+qeTNOydKmzgTIdOuDaIZkQpYkWUe7O1pzcY2aJpQSzU2oN0= X-Forefront-Antispam-Report: CIP:216.228.112.34; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:schybrid03.nvidia.com; CAT:NONE; SFS:(4636009)(36840700001)(46966006)(426003)(7696005)(86362001)(70206006)(82310400003)(8676002)(70586007)(2616005)(336012)(478600001)(7636003)(8936002)(356005)(54906003)(36860700001)(26005)(55016002)(4326008)(1076003)(6286002)(83380400001)(186003)(16526019)(6916009)(47076005)(36906005)(2906002)(36756003)(316002)(5660300002)(34020700004); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jul 2021 15:09:05.0839 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 65edd074-15f7-4150-95ba-08d947a27cb2 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.112.34]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT057.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4860 Subject: [dpdk-dev] [PATCH v7 02/16] crypto/mlx5: add DEK object management X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" A DEK(Data encryption Key) is an mlx5 HW object which represents the cipher algorithm key. The DEKs are used during data encryption/decryption operations. In symmetric algorithms like AES-STS, we use the same DEK for both encryption and decryption. Use the mlx5 hash-list tool to manage the DEK objects in the PMD. Provide the compare, create and destroy functions to manage DEKs in hash-list and introduce an internal API to setup and unset the DEK management and to prepare and destroy specific DEK object. The DEK hash-list will be created in dev_configure routine and destroyed in dev_close routine. Signed-off-by: Shiri Kuzin Acked-by: Matan Azrad --- drivers/crypto/mlx5/meson.build | 1 + drivers/crypto/mlx5/mlx5_crypto.c | 42 ++++--- drivers/crypto/mlx5/mlx5_crypto.h | 51 ++++++++ drivers/crypto/mlx5/mlx5_crypto_dek.c | 161 ++++++++++++++++++++++++++ 4 files changed, 239 insertions(+), 16 deletions(-) create mode 100644 drivers/crypto/mlx5/mlx5_crypto.h create mode 100644 drivers/crypto/mlx5/mlx5_crypto_dek.c diff --git a/drivers/crypto/mlx5/meson.build b/drivers/crypto/mlx5/meson.build index 6fd70bc477..d55cdbfe6f 100644 --- a/drivers/crypto/mlx5/meson.build +++ b/drivers/crypto/mlx5/meson.build @@ -11,6 +11,7 @@ fmt_name = 'mlx5_crypto' deps += ['common_mlx5', 'eal', 'cryptodev'] sources = files( 'mlx5_crypto.c', + 'mlx5_crypto_dek.c', ) cflags_options = [ '-std=c11', diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c index fbe3c21aae..d2d82c7b15 100644 --- a/drivers/crypto/mlx5/mlx5_crypto.c +++ b/drivers/crypto/mlx5/mlx5_crypto.c @@ -3,12 +3,9 @@ */ #include -#include #include +#include #include -#include -#include -#include #include #include @@ -17,6 +14,7 @@ #include #include "mlx5_crypto_utils.h" +#include "mlx5_crypto.h" #define MLX5_CRYPTO_DRIVER_NAME mlx5_crypto #define MLX5_CRYPTO_LOG_NAME pmd.crypto.mlx5 @@ -24,16 +22,6 @@ #define MLX5_CRYPTO_FEATURE_FLAGS \ RTE_CRYPTODEV_FF_HW_ACCELERATED -struct mlx5_crypto_priv { - TAILQ_ENTRY(mlx5_crypto_priv) next; - struct ibv_context *ctx; /* Device context. */ - struct rte_pci_device *pci_dev; - struct rte_cryptodev *crypto_dev; - void *uar; /* User Access Region. */ - uint32_t pdn; /* Protection Domain number. */ - struct ibv_pd *pd; -}; - TAILQ_HEAD(mlx5_crypto_privs, mlx5_crypto_priv) mlx5_crypto_priv_list = TAILQ_HEAD_INITIALIZER(mlx5_crypto_priv_list); static pthread_mutex_t priv_list_lock = PTHREAD_MUTEX_INITIALIZER; @@ -51,11 +39,33 @@ static const struct rte_driver mlx5_drv = { static struct cryptodev_driver mlx5_cryptodev_driver; +static int +mlx5_crypto_dev_configure(struct rte_cryptodev *dev, + struct rte_cryptodev_config *config __rte_unused) +{ + struct mlx5_crypto_priv *priv = dev->data->dev_private; + + if (mlx5_crypto_dek_setup(priv) != 0) { + DRV_LOG(ERR, "Dek hash list creation has failed."); + return -ENOMEM; + } + return 0; +} + +static int +mlx5_crypto_dev_close(struct rte_cryptodev *dev) +{ + struct mlx5_crypto_priv *priv = dev->data->dev_private; + + mlx5_crypto_dek_unset(priv); + return 0; +} + static struct rte_cryptodev_ops mlx5_crypto_ops = { - .dev_configure = NULL, + .dev_configure = mlx5_crypto_dev_configure, .dev_start = NULL, .dev_stop = NULL, - .dev_close = NULL, + .dev_close = mlx5_crypto_dev_close, .dev_infos_get = NULL, .stats_get = NULL, .stats_reset = NULL, diff --git a/drivers/crypto/mlx5/mlx5_crypto.h b/drivers/crypto/mlx5/mlx5_crypto.h new file mode 100644 index 0000000000..167e9e57ad --- /dev/null +++ b/drivers/crypto/mlx5/mlx5_crypto.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright (c) 2021 NVIDIA Corporation & Affiliates + */ + +#ifndef MLX5_CRYPTO_H_ +#define MLX5_CRYPTO_H_ + +#include + +#include +#include + +#include + +#define MLX5_CRYPTO_DEK_HTABLE_SZ (1 << 11) +#define MLX5_CRYPTO_KEY_LENGTH 80 + +struct mlx5_crypto_priv { + TAILQ_ENTRY(mlx5_crypto_priv) next; + struct ibv_context *ctx; /* Device context. */ + struct rte_pci_device *pci_dev; + struct rte_cryptodev *crypto_dev; + void *uar; /* User Access Region. */ + uint32_t pdn; /* Protection Domain number. */ + struct ibv_pd *pd; + struct mlx5_hlist *dek_hlist; /* Dek hash list. */ +}; + +struct mlx5_crypto_dek { + struct mlx5_list_entry entry; /* Pointer to DEK hash list entry. */ + struct mlx5_devx_obj *obj; /* Pointer to DEK DevX object. */ + uint8_t data[MLX5_CRYPTO_KEY_LENGTH]; /* DEK key data. */ + bool size_is_48; /* Whether the key\data size is 48 bytes or not. */ +} __rte_cache_aligned; + +int +mlx5_crypto_dek_destroy(struct mlx5_crypto_priv *priv, + struct mlx5_crypto_dek *dek); + +struct mlx5_crypto_dek * +mlx5_crypto_dek_prepare(struct mlx5_crypto_priv *priv, + struct rte_crypto_cipher_xform *cipher); + +int +mlx5_crypto_dek_setup(struct mlx5_crypto_priv *priv); + +void +mlx5_crypto_dek_unset(struct mlx5_crypto_priv *priv); + +#endif /* MLX5_CRYPTO_H_ */ + diff --git a/drivers/crypto/mlx5/mlx5_crypto_dek.c b/drivers/crypto/mlx5/mlx5_crypto_dek.c new file mode 100644 index 0000000000..43d1bcc9f8 --- /dev/null +++ b/drivers/crypto/mlx5/mlx5_crypto_dek.c @@ -0,0 +1,161 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright (c) 2021 NVIDIA Corporation & Affiliates + */ + +#include +#include +#include +#include + +#include +#include + +#include "mlx5_crypto_utils.h" +#include "mlx5_crypto.h" + +struct mlx5_crypto_dek_ctx { + struct rte_crypto_cipher_xform *cipher; + struct mlx5_crypto_priv *priv; +}; + +int +mlx5_crypto_dek_destroy(struct mlx5_crypto_priv *priv, + struct mlx5_crypto_dek *dek) +{ + return mlx5_hlist_unregister(priv->dek_hlist, &dek->entry); +} + +struct mlx5_crypto_dek * +mlx5_crypto_dek_prepare(struct mlx5_crypto_priv *priv, + struct rte_crypto_cipher_xform *cipher) +{ + struct mlx5_hlist *dek_hlist = priv->dek_hlist; + struct mlx5_crypto_dek_ctx dek_ctx = { + .cipher = cipher, + .priv = priv, + }; + struct rte_crypto_cipher_xform *cipher_ctx = cipher; + uint64_t key64 = __rte_raw_cksum(cipher_ctx->key.data, + cipher_ctx->key.length, 0); + struct mlx5_list_entry *entry = mlx5_hlist_register(dek_hlist, + key64, &dek_ctx); + + return entry == NULL ? NULL : + container_of(entry, struct mlx5_crypto_dek, entry); +} + +static struct mlx5_list_entry * +mlx5_crypto_dek_clone_cb(void *tool_ctx __rte_unused, + struct mlx5_list_entry *oentry, + void *cb_ctx __rte_unused) +{ + struct mlx5_crypto_dek *entry = rte_zmalloc(__func__, sizeof(*entry), + RTE_CACHE_LINE_SIZE); + + if (!entry) { + DRV_LOG(ERR, "Cannot allocate dek resource memory."); + rte_errno = ENOMEM; + return NULL; + } + memcpy(entry, oentry, sizeof(*entry)); + return &entry->entry; +} + +static void +mlx5_crypto_dek_clone_free_cb(void *tool_ctx __rte_unused, + struct mlx5_list_entry *entry) +{ + struct mlx5_crypto_dek *dek = container_of(entry, + struct mlx5_crypto_dek, entry); + + rte_free(dek); +} + +static int +mlx5_crypto_dek_match_cb(void *tool_ctx __rte_unused, + struct mlx5_list_entry *entry, void *cb_ctx) +{ + struct mlx5_crypto_dek_ctx *ctx = cb_ctx; + struct rte_crypto_cipher_xform *cipher_ctx = ctx->cipher; + struct mlx5_crypto_dek *dek = + container_of(entry, typeof(*dek), entry); + uint32_t key_len = dek->size_is_48 ? 48 : 80; + + if (key_len != cipher_ctx->key.length) + return -1; + return memcmp(cipher_ctx->key.data, dek->data, key_len); +} + +static struct mlx5_list_entry * +mlx5_crypto_dek_create_cb(void *tool_ctx __rte_unused, void *cb_ctx) +{ + struct mlx5_crypto_dek_ctx *ctx = cb_ctx; + struct rte_crypto_cipher_xform *cipher_ctx = ctx->cipher; + struct mlx5_crypto_dek *dek = rte_zmalloc(__func__, sizeof(*dek), + RTE_CACHE_LINE_SIZE); + struct mlx5_devx_dek_attr dek_attr = { + .pd = ctx->priv->pdn, + .key_purpose = MLX5_CRYPTO_KEY_PURPOSE_AES_XTS, + .has_keytag = 1, + }; + + if (dek == NULL) { + DRV_LOG(ERR, "Failed to allocate dek memory."); + return NULL; + } + switch (cipher_ctx->key.length) { + case 48: + dek->size_is_48 = true; + dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_128b; + break; + case 80: + dek->size_is_48 = false; + dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_256b; + break; + default: + DRV_LOG(ERR, "Key size not supported."); + return NULL; + } + memcpy(&dek_attr.key, cipher_ctx->key.data, cipher_ctx->key.length); + dek->obj = mlx5_devx_cmd_create_dek_obj(ctx->priv->ctx, &dek_attr); + if (dek->obj == NULL) { + rte_free(dek); + return NULL; + } + memcpy(&dek->data, cipher_ctx->key.data, cipher_ctx->key.length); + return &dek->entry; +} + +static void +mlx5_crypto_dek_remove_cb(void *tool_ctx __rte_unused, + struct mlx5_list_entry *entry) +{ + struct mlx5_crypto_dek *dek = + container_of(entry, typeof(*dek), entry); + + claim_zero(mlx5_devx_cmd_destroy(dek->obj)); + rte_free(dek); +} + + +int +mlx5_crypto_dek_setup(struct mlx5_crypto_priv *priv) +{ + priv->dek_hlist = mlx5_hlist_create("dek_hlist", + MLX5_CRYPTO_DEK_HTABLE_SZ, + 0, 1, NULL, mlx5_crypto_dek_create_cb, + mlx5_crypto_dek_match_cb, + mlx5_crypto_dek_remove_cb, + mlx5_crypto_dek_clone_cb, + mlx5_crypto_dek_clone_free_cb); + if (priv->dek_hlist == NULL) + return -1; + return 0; +} + +void +mlx5_crypto_dek_unset(struct mlx5_crypto_priv *priv) +{ + mlx5_hlist_destroy(priv->dek_hlist); + priv->dek_hlist = NULL; +} -- 2.27.0