From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8D87A4297B; Tue, 18 Apr 2023 11:24:08 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D57BC42D0C; Tue, 18 Apr 2023 11:24:02 +0200 (CEST) Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2044.outbound.protection.outlook.com [40.107.92.44]) by mails.dpdk.org (Postfix) with ESMTP id 6479640698 for ; Tue, 18 Apr 2023 11:24:01 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RDhRsYnzeISizYpfJ+VLHGvJsvU9l2qz/pPnUfy/bJNNYdkq7wOCXAG92uRe9ohKjbJbEdU6LHQGrIt7WUUQVSWsKWJmJij1Ay/W7idvm6wD8T2G/KK6QStDqlSr7OYk+czlc3qJ5yY9LmzYKiREzvR+vM6dnVwArLeI7SyNIDj7NYhPCiI9cNyJFHXtCZZ4KUFlXSywR+arMm4HBP5NbiLck+h1gfHseFV1TpNh5s2uXupP7YA53Z+jLd83KeqvKoyManCuxi/mwpavsX7wcCikMi4zsyqQhftst6ZFCKduzod5+dJoMOqnMMeGq6HObwkllcBtxro4Vuq3wmaXCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=34cXSMMQuTuGe3kBGKdzLx/qaItt0+7eludYyMeWbds=; b=H2VI0lqs5U4egx7Hz0M4dT4o1IQFbOWFhf9eimqrOq7Ia8zACsecoRt39W/Q+PPyhV0ad/yDfILZ3A3ZpPbtv+nuxau3PvGNRiHvRJWFn8M3IT3aal2iPF+MM+TsZrwWhdlDX1nWucs97cY1V11I4ESSogdAOj5INalkt5SVc43e+WIUWZCsE7sXi6PuNAKhIOS5hMdNbh369kO1rmCwQcLCKTIlbZiqa03YEnkkpTql44KHUdfYkMqMKnieYYuigXhHxDncIvgSNge/khdXZaF0rROXhoyAMyASOIVCdwCUMeUbPY5ASvWaNhDieICaydDbEsERDogsDeI1ZUgjQA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.160) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=34cXSMMQuTuGe3kBGKdzLx/qaItt0+7eludYyMeWbds=; b=tIuW2d1N7BMjXxRHHRN8H2fyjfyicQllCGOQu3I2lG9bV3xlwH32D2Vmzeb8MwIWHSLpNLBQxRJ2blExRbGzQybJLnOtWldTgXLuZwVIel0gZResu8K+8yfd4NoetgiHGGGDwwkNQmzjtztkZeJY6XnqzKP3FuNP8+JSTOenx64VlyChJ7eUEuDxzWgX0r7ENRPiP4k+dLyKeqb1kin1ue3QWtuKB4QZkpt9q6Re2llD7ZgGGgCD6ZbDB73Ng8q6/C8qh2my7yVYQT0I+YjUgvy9c+GJKUa0DvRX+pgLJyzm9mTE5KwLiSL3pbQaZ87GO+IY8MHPhLa2BfYzGOFErg== Received: from MW4PR03CA0063.namprd03.prod.outlook.com (2603:10b6:303:b6::8) by SJ1PR12MB6051.namprd12.prod.outlook.com (2603:10b6:a03:48a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6298.45; Tue, 18 Apr 2023 09:23:59 +0000 Received: from CO1NAM11FT092.eop-nam11.prod.protection.outlook.com (2603:10b6:303:b6:cafe::7d) by MW4PR03CA0063.outlook.office365.com (2603:10b6:303:b6::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6298.47 via Frontend Transport; Tue, 18 Apr 2023 09:23:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.160 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.160) by CO1NAM11FT092.mail.protection.outlook.com (10.13.175.225) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.20 via Frontend Transport; Tue, 18 Apr 2023 09:23:59 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Tue, 18 Apr 2023 02:23:50 -0700 Received: from nvidia.com (10.126.230.37) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Tue, 18 Apr 2023 02:23:47 -0700 From: Suanming Mou To: CC: , , Subject: [RFC PATCH 2/5] crypto/mlx5: add AES-GCM encryption key Date: Tue, 18 Apr 2023 12:23:22 +0300 Message-ID: <20230418092325.2578712-3-suanmingm@nvidia.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230418092325.2578712-1-suanmingm@nvidia.com> References: <20230418092325.2578712-1-suanmingm@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.126.230.37] X-ClientProxiedBy: rnnvmail203.nvidia.com (10.129.68.9) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1NAM11FT092:EE_|SJ1PR12MB6051:EE_ X-MS-Office365-Filtering-Correlation-Id: a6cdef5a-ea0a-49ed-4114-08db3feea419 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: GgTppgbcPZmWhYKIpjF5RCs3OUhTaoEHGL3LmpaTJK3MP3cp3JWdMehBJgSi08MoNb1k0r9w3LTsAHVaz0GKyhYg3puU3ftGXurJghttIVcD+SQM72+xEM4f9U27FmrUIpx4exNwbKSE2YrJVMbDzkbWxPkJQBRBRYyz376WwvMw9Y1Aap0aV8FfzeUy5l2OXEOZtihwv8/KaDkRHcwx1rUR8adVQ7zVZ3ufTT9mlmtsh8fi2ZT5BTn1/3+hm5p/imywzbQKCZYAzg9PuOlp5BpZo9KzufUFMCy1rP4S483T+GgRplp+tPvTf2G//2smsruDCMqp8EcsfDiyJSW8FAOzg+OYF4mqwlyWzzDKil4AtBCt47GUaUnxuTBsC2PYdEalGIHFkBk2ip2bgtQ4C1w/joVVK/KvRfzDioOA1RzYWpdSlxvd64QmeTlly4nx3OkDQfuD1fOpK7GpRMVbdosnBICCbphLOuH8ndXUHu4DtvqFFt2HJ6BOLYt7aCxb0oRDHs+FtgEsRBw/G9hrIMZIE76NG5c//ksDSnYe86W7VRP36RM8vqiFq0IhYOqJNqZ0VM9vdKVCbch4XtBax+2ygY2OBV31NL9fo1XcRB4k5ozrJSla2Sp4oT2dvtydVf1dH+mkM/o43M2/p0Mz1sjqkoevvrfr/cTIMUu8cPThiJ58TD70BE+5ng8D89jKAu8lhAcAUanTSAaJZgFB/bVVXqCdvG3mg7AzqHjCovpWUpHO3i85MRf2aBhK05IADjcBcW1S6Xy3fYAqsbhExcnPXnEtEYyc07K1w+NRjTM= X-Forefront-Antispam-Report: CIP:216.228.117.160; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge1.nvidia.com; CAT:NONE; SFS:(13230028)(4636009)(396003)(39860400002)(376002)(346002)(136003)(451199021)(36840700001)(46966006)(40470700004)(36756003)(37006003)(54906003)(6636002)(4326008)(316002)(70586007)(70206006)(478600001)(7696005)(6666004)(40480700001)(55016003)(82310400005)(8936002)(8676002)(6862004)(5660300002)(41300700001)(30864003)(2906002)(82740400003)(34020700004)(356005)(86362001)(7636003)(426003)(336012)(2616005)(16526019)(1076003)(26005)(6286002)(186003)(40460700003)(36860700001)(47076005)(83380400001); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2023 09:23:59.0004 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a6cdef5a-ea0a-49ed-4114-08db3feea419 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.160]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CO1NAM11FT092.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6051 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org The crypto device requires the DEK(data encryption key) object for data encryption/decryption operation. This commit adds the AES-GCM DEK object management support. Signed-off-by: Suanming Mou --- drivers/common/mlx5/mlx5_devx_cmds.c | 6 +- drivers/common/mlx5/mlx5_devx_cmds.h | 1 + drivers/common/mlx5/mlx5_prm.h | 6 +- drivers/crypto/mlx5/mlx5_crypto.c | 2 +- drivers/crypto/mlx5/mlx5_crypto.h | 3 +- drivers/crypto/mlx5/mlx5_crypto_dek.c | 157 ++++++++++++++++++++------ drivers/crypto/mlx5/mlx5_crypto_gcm.c | 2 + 7 files changed, 137 insertions(+), 40 deletions(-) diff --git a/drivers/common/mlx5/mlx5_devx_cmds.c b/drivers/common/mlx5/mlx5_devx_cmds.c index 592a7cffdb..8b51a75cc8 100644 --- a/drivers/common/mlx5/mlx5_devx_cmds.c +++ b/drivers/common/mlx5/mlx5_devx_cmds.c @@ -3166,10 +3166,14 @@ mlx5_devx_cmd_create_dek_obj(void *ctx, struct mlx5_devx_dek_attr *attr) ptr = MLX5_ADDR_OF(create_dek_in, in, dek); MLX5_SET(dek, ptr, key_size, attr->key_size); MLX5_SET(dek, ptr, has_keytag, attr->has_keytag); + MLX5_SET(dek, ptr, sw_wrapped, attr->sw_wrapped); MLX5_SET(dek, ptr, key_purpose, attr->key_purpose); MLX5_SET(dek, ptr, pd, attr->pd); MLX5_SET64(dek, ptr, opaque, attr->opaque); - key_addr = MLX5_ADDR_OF(dek, ptr, key); + if (attr->sw_wrapped) + key_addr = MLX5_ADDR_OF(dek, ptr, sw_wrapped_dek); + else + key_addr = MLX5_ADDR_OF(dek, ptr, key); memcpy(key_addr, (void *)(attr->key), MLX5_CRYPTO_KEY_MAX_SIZE); dek_obj->obj = mlx5_glue->devx_obj_create(ctx, in, sizeof(in), out, sizeof(out)); diff --git a/drivers/common/mlx5/mlx5_devx_cmds.h b/drivers/common/mlx5/mlx5_devx_cmds.h index d640482346..79502cda08 100644 --- a/drivers/common/mlx5/mlx5_devx_cmds.h +++ b/drivers/common/mlx5/mlx5_devx_cmds.h @@ -664,6 +664,7 @@ struct mlx5_devx_dek_attr { uint32_t key_size:4; uint32_t has_keytag:1; uint32_t key_purpose:4; + uint32_t sw_wrapped:1; uint32_t pd:24; uint64_t opaque; uint8_t key[MLX5_CRYPTO_KEY_MAX_SIZE]; diff --git a/drivers/common/mlx5/mlx5_prm.h b/drivers/common/mlx5/mlx5_prm.h index a3b85f514e..9728be24dd 100644 --- a/drivers/common/mlx5/mlx5_prm.h +++ b/drivers/common/mlx5/mlx5_prm.h @@ -3736,7 +3736,8 @@ enum { struct mlx5_ifc_dek_bits { u8 modify_field_select[0x40]; u8 state[0x8]; - u8 reserved_at_48[0xc]; + u8 sw_wrapped[0x1]; + u8 reserved_at_49[0xb]; u8 key_size[0x4]; u8 has_keytag[0x1]; u8 reserved_at_59[0x3]; @@ -3747,7 +3748,8 @@ struct mlx5_ifc_dek_bits { u8 opaque[0x40]; u8 reserved_at_1c0[0x40]; u8 key[0x400]; - u8 reserved_at_600[0x200]; + u8 sw_wrapped_dek[0x400]; + u8 reserved_at_a00[0x300]; }; struct mlx5_ifc_create_dek_in_bits { diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c index 6963d8a9c9..66c9f94346 100644 --- a/drivers/crypto/mlx5/mlx5_crypto.c +++ b/drivers/crypto/mlx5/mlx5_crypto.c @@ -196,7 +196,7 @@ mlx5_crypto_sym_session_configure(struct rte_cryptodev *dev, return -ENOTSUP; } cipher = &xform->cipher; - sess_private_data->dek = mlx5_crypto_dek_prepare(priv, cipher); + sess_private_data->dek = mlx5_crypto_dek_prepare(priv, xform); if (sess_private_data->dek == NULL) { DRV_LOG(ERR, "Failed to prepare dek."); return -ENOMEM; diff --git a/drivers/crypto/mlx5/mlx5_crypto.h b/drivers/crypto/mlx5/mlx5_crypto.h index 80c2cab0dd..11352f9409 100644 --- a/drivers/crypto/mlx5/mlx5_crypto.h +++ b/drivers/crypto/mlx5/mlx5_crypto.h @@ -40,6 +40,7 @@ struct mlx5_crypto_priv { uint16_t umr_wqe_stride; uint16_t max_rdmar_ds; uint32_t is_wrapped_mode:1; + uint32_t is_gcm_dek_wrap:1; }; struct mlx5_crypto_qp { @@ -78,7 +79,7 @@ mlx5_crypto_dek_destroy(struct mlx5_crypto_priv *priv, struct mlx5_crypto_dek * mlx5_crypto_dek_prepare(struct mlx5_crypto_priv *priv, - struct rte_crypto_cipher_xform *cipher); + struct rte_crypto_sym_xform *xform); int mlx5_crypto_dek_setup(struct mlx5_crypto_priv *priv); diff --git a/drivers/crypto/mlx5/mlx5_crypto_dek.c b/drivers/crypto/mlx5/mlx5_crypto_dek.c index 7339ef2bd9..ba6dab52f7 100644 --- a/drivers/crypto/mlx5/mlx5_crypto_dek.c +++ b/drivers/crypto/mlx5/mlx5_crypto_dek.c @@ -14,10 +14,29 @@ #include "mlx5_crypto.h" struct mlx5_crypto_dek_ctx { - struct rte_crypto_cipher_xform *cipher; + struct rte_crypto_sym_xform *xform; struct mlx5_crypto_priv *priv; }; +static int +mlx5_crypto_dek_get_key(struct rte_crypto_sym_xform *xform, + const uint8_t **key, + uint16_t *key_len) +{ + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { + *key = xform->cipher.key.data; + *key_len = xform->cipher.key.length; + } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + *key = xform->aead.key.data; + *key_len = xform->aead.key.length; + } else { + DRV_LOG(ERR, "Xform dek type not supported."); + rte_errno = -EINVAL; + return -1; + } + return 0; +} + int mlx5_crypto_dek_destroy(struct mlx5_crypto_priv *priv, struct mlx5_crypto_dek *dek) @@ -27,19 +46,22 @@ mlx5_crypto_dek_destroy(struct mlx5_crypto_priv *priv, struct mlx5_crypto_dek * mlx5_crypto_dek_prepare(struct mlx5_crypto_priv *priv, - struct rte_crypto_cipher_xform *cipher) + struct rte_crypto_sym_xform *xform) { + const uint8_t *key; + uint16_t key_len; struct mlx5_hlist *dek_hlist = priv->dek_hlist; struct mlx5_crypto_dek_ctx dek_ctx = { - .cipher = cipher, + .xform = xform, .priv = priv, }; - struct rte_crypto_cipher_xform *cipher_ctx = cipher; - uint64_t key64 = __rte_raw_cksum(cipher_ctx->key.data, - cipher_ctx->key.length, 0); - struct mlx5_list_entry *entry = mlx5_hlist_register(dek_hlist, - key64, &dek_ctx); + uint64_t key64; + struct mlx5_list_entry *entry; + if (mlx5_crypto_dek_get_key(xform, &key, &key_len)) + return NULL; + key64 = __rte_raw_cksum(key, key_len, 0); + entry = mlx5_hlist_register(dek_hlist, key64, &dek_ctx); return entry == NULL ? NULL : container_of(entry, struct mlx5_crypto_dek, entry); } @@ -76,76 +98,141 @@ mlx5_crypto_dek_match_cb(void *tool_ctx __rte_unused, struct mlx5_list_entry *entry, void *cb_ctx) { struct mlx5_crypto_dek_ctx *ctx = cb_ctx; - struct rte_crypto_cipher_xform *cipher_ctx = ctx->cipher; + struct rte_crypto_sym_xform *xform = ctx->xform; struct mlx5_crypto_dek *dek = container_of(entry, typeof(*dek), entry); uint32_t key_len = dek->size; + uint16_t xkey_len; + const uint8_t *key; - if (key_len != cipher_ctx->key.length) + if (mlx5_crypto_dek_get_key(xform, &key, &xkey_len)) + return -1; + if (key_len != xkey_len) return -1; - return memcmp(cipher_ctx->key.data, dek->data, cipher_ctx->key.length); + return memcmp(key, dek->data, xkey_len); } -static struct mlx5_list_entry * -mlx5_crypto_dek_create_cb(void *tool_ctx __rte_unused, void *cb_ctx) +static int +mlx5_crypto_dek_create_aes_xts(struct mlx5_crypto_dek *dek, + struct mlx5_devx_dek_attr *dek_attr, + void *cb_ctx) { struct mlx5_crypto_dek_ctx *ctx = cb_ctx; - struct rte_crypto_cipher_xform *cipher_ctx = ctx->cipher; - struct mlx5_crypto_dek *dek = rte_zmalloc(__func__, sizeof(*dek), - RTE_CACHE_LINE_SIZE); - struct mlx5_devx_dek_attr dek_attr = { - .pd = ctx->priv->cdev->pdn, - .key_purpose = MLX5_CRYPTO_KEY_PURPOSE_AES_XTS, - .has_keytag = 1, - }; + struct rte_crypto_cipher_xform *cipher_ctx = &ctx->xform->cipher; bool is_wrapped = ctx->priv->is_wrapped_mode; - if (dek == NULL) { - DRV_LOG(ERR, "Failed to allocate dek memory."); - return NULL; + if (cipher_ctx->algo != RTE_CRYPTO_CIPHER_AES_XTS) { + DRV_LOG(ERR, "Only AES-XTS algo supported."); + return -EINVAL; } + dek_attr->key_purpose = MLX5_CRYPTO_KEY_PURPOSE_AES_XTS; + dek_attr->has_keytag = 1; if (is_wrapped) { switch (cipher_ctx->key.length) { case 48: dek->size = 48; - dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_128b; + dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_128b; break; case 80: dek->size = 80; - dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_256b; + dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_256b; break; default: DRV_LOG(ERR, "Wrapped key size not supported."); - return NULL; + return -EINVAL; } } else { switch (cipher_ctx->key.length) { case 32: dek->size = 40; - dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_128b; + dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_128b; break; case 64: dek->size = 72; - dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_256b; + dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_256b; break; default: DRV_LOG(ERR, "Key size not supported."); - return NULL; + return -EINVAL; } - memcpy(&dek_attr.key[cipher_ctx->key.length], + memcpy(&dek_attr->key[cipher_ctx->key.length], &ctx->priv->keytag, 8); } - memcpy(&dek_attr.key, cipher_ctx->key.data, cipher_ctx->key.length); + memcpy(&dek_attr->key, cipher_ctx->key.data, cipher_ctx->key.length); + memcpy(&dek->data, cipher_ctx->key.data, cipher_ctx->key.length); + return 0; +} + +static int +mlx5_crypto_dek_create_aes_gcm(struct mlx5_crypto_dek *dek, + struct mlx5_devx_dek_attr *dek_attr, + void *cb_ctx) +{ + struct mlx5_crypto_dek_ctx *ctx = cb_ctx; + struct rte_crypto_aead_xform *aead_ctx = &ctx->xform->aead; + + if (aead_ctx->algo != RTE_CRYPTO_AEAD_AES_GCM) { + DRV_LOG(ERR, "Only AES-GCM algo supported."); + return -EINVAL; + } + dek_attr->key_purpose = MLX5_CRYPTO_KEY_PURPOSE_GCM; + switch (aead_ctx->key.length) { + case 16: + dek->size = 16; + dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_128b; + break; + case 32: + dek->size = 32; + dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_256b; + break; + default: + DRV_LOG(ERR, "Wrapped key size not supported."); + return -EINVAL; + } +#ifdef MLX5_DEK_WRAP + if (ctx->priv->is_gcm_dek_wrap) + dek_attr->sw_wrapped = 1; +#endif + memcpy(&dek_attr->key, aead_ctx->key.data, aead_ctx->key.length); + memcpy(&dek->data, aead_ctx->key.data, aead_ctx->key.length); + return 0; +} + +static struct mlx5_list_entry * +mlx5_crypto_dek_create_cb(void *tool_ctx __rte_unused, void *cb_ctx) +{ + struct mlx5_crypto_dek_ctx *ctx = cb_ctx; + struct rte_crypto_sym_xform *xform = ctx->xform; + struct mlx5_crypto_dek *dek = rte_zmalloc(__func__, sizeof(*dek), + RTE_CACHE_LINE_SIZE); + struct mlx5_devx_dek_attr dek_attr = { + .pd = ctx->priv->cdev->pdn, + }; + int ret = -1; + + if (dek == NULL) { + DRV_LOG(ERR, "Failed to allocate dek memory."); + return NULL; + } + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) + ret = mlx5_crypto_dek_create_aes_xts(dek, &dek_attr, cb_ctx); + else if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) + ret = mlx5_crypto_dek_create_aes_gcm(dek, &dek_attr, cb_ctx); + if (ret) + goto fail; dek->obj = mlx5_devx_cmd_create_dek_obj(ctx->priv->cdev->ctx, &dek_attr); if (dek->obj == NULL) { - rte_free(dek); - return NULL; + DRV_LOG(ERR, "Failed to create dek obj."); + goto fail; } - memcpy(&dek->data, cipher_ctx->key.data, cipher_ctx->key.length); return &dek->entry; +fail: + rte_free(dek); + return NULL; } + static void mlx5_crypto_dek_remove_cb(void *tool_ctx __rte_unused, struct mlx5_list_entry *entry) diff --git a/drivers/crypto/mlx5/mlx5_crypto_gcm.c b/drivers/crypto/mlx5/mlx5_crypto_gcm.c index d60ac379cf..c7fd86d7b9 100644 --- a/drivers/crypto/mlx5/mlx5_crypto_gcm.c +++ b/drivers/crypto/mlx5/mlx5_crypto_gcm.c @@ -95,6 +95,8 @@ mlx5_crypto_gcm_init(struct mlx5_crypto_priv *priv) return -1; } priv->caps = mlx5_crypto_gcm_caps; + priv->is_gcm_dek_wrap = !!(cdev->config.hca_attr.sw_wrapped_dek & + (1 << MLX5_CRYPTO_KEY_PURPOSE_GCM)); return 0; } -- 2.25.1