From: Suanming Mou <suanmingm@nvidia.com>
To: Matan Azrad <matan@nvidia.com>
Cc: <dev@dpdk.org>, <rasland@nvidia.com>
Subject: [PATCH v2 4/9] crypto/mlx5: add AES-GCM encryption key
Date: Fri, 26 May 2023 06:14:16 +0300 [thread overview]
Message-ID: <20230526031422.913377-5-suanmingm@nvidia.com> (raw)
In-Reply-To: <20230526031422.913377-1-suanmingm@nvidia.com>
The crypto device requires the DEK(data encryption key) object for
data encryption/decryption operation.
This commit adds the AES-GCM DEK object management support.
Signed-off-by: Suanming Mou <suanmingm@nvidia.com>
---
drivers/crypto/mlx5/mlx5_crypto.h | 17 ++++-
drivers/crypto/mlx5/mlx5_crypto_dek.c | 102 +++++++++++++-------------
drivers/crypto/mlx5/mlx5_crypto_gcm.c | 31 ++++++++
drivers/crypto/mlx5/mlx5_crypto_xts.c | 53 ++++++++++++-
4 files changed, 148 insertions(+), 55 deletions(-)
diff --git a/drivers/crypto/mlx5/mlx5_crypto.h b/drivers/crypto/mlx5/mlx5_crypto.h
index 76f368ee91..bb5a557a38 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.h
+++ b/drivers/crypto/mlx5/mlx5_crypto.h
@@ -86,6 +86,11 @@ struct mlx5_crypto_session {
uint32_t dek_id; /**< DEK ID */
} __rte_packed;
+struct mlx5_crypto_dek_ctx {
+ struct rte_crypto_sym_xform *xform;
+ struct mlx5_crypto_priv *priv;
+};
+
typedef void *(*mlx5_crypto_mkey_update_t)(struct mlx5_crypto_priv *priv,
struct mlx5_crypto_qp *qp,
uint32_t idx);
@@ -106,7 +111,7 @@ mlx5_crypto_dek_destroy(struct mlx5_crypto_priv *priv,
struct mlx5_crypto_dek *
mlx5_crypto_dek_prepare(struct mlx5_crypto_priv *priv,
- struct rte_crypto_cipher_xform *cipher);
+ struct rte_crypto_sym_xform *xform);
int
mlx5_crypto_dek_setup(struct mlx5_crypto_priv *priv);
@@ -120,4 +125,14 @@ mlx5_crypto_xts_init(struct mlx5_crypto_priv *priv);
int
mlx5_crypto_gcm_init(struct mlx5_crypto_priv *priv);
+int
+mlx5_crypto_dek_fill_xts_attr(struct mlx5_crypto_dek *dek,
+ struct mlx5_devx_dek_attr *dek_attr,
+ void *cb_ctx);
+
+int
+mlx5_crypto_dek_fill_gcm_attr(struct mlx5_crypto_dek *dek,
+ struct mlx5_devx_dek_attr *dek_attr,
+ void *cb_ctx);
+
#endif /* MLX5_CRYPTO_H_ */
diff --git a/drivers/crypto/mlx5/mlx5_crypto_dek.c b/drivers/crypto/mlx5/mlx5_crypto_dek.c
index 7339ef2bd9..716bcc0545 100644
--- a/drivers/crypto/mlx5/mlx5_crypto_dek.c
+++ b/drivers/crypto/mlx5/mlx5_crypto_dek.c
@@ -13,10 +13,24 @@
#include "mlx5_crypto_utils.h"
#include "mlx5_crypto.h"
-struct mlx5_crypto_dek_ctx {
- struct rte_crypto_cipher_xform *cipher;
- struct mlx5_crypto_priv *priv;
-};
+static int
+mlx5_crypto_dek_get_key(struct rte_crypto_sym_xform *xform,
+ const uint8_t **key,
+ uint16_t *key_len)
+{
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+ *key = xform->cipher.key.data;
+ *key_len = xform->cipher.key.length;
+ } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+ *key = xform->aead.key.data;
+ *key_len = xform->aead.key.length;
+ } else {
+ DRV_LOG(ERR, "Xform dek type not supported.");
+ rte_errno = -EINVAL;
+ return -1;
+ }
+ return 0;
+}
int
mlx5_crypto_dek_destroy(struct mlx5_crypto_priv *priv,
@@ -27,19 +41,22 @@ mlx5_crypto_dek_destroy(struct mlx5_crypto_priv *priv,
struct mlx5_crypto_dek *
mlx5_crypto_dek_prepare(struct mlx5_crypto_priv *priv,
- struct rte_crypto_cipher_xform *cipher)
+ struct rte_crypto_sym_xform *xform)
{
+ const uint8_t *key;
+ uint16_t key_len;
struct mlx5_hlist *dek_hlist = priv->dek_hlist;
struct mlx5_crypto_dek_ctx dek_ctx = {
- .cipher = cipher,
+ .xform = xform,
.priv = priv,
};
- struct rte_crypto_cipher_xform *cipher_ctx = cipher;
- uint64_t key64 = __rte_raw_cksum(cipher_ctx->key.data,
- cipher_ctx->key.length, 0);
- struct mlx5_list_entry *entry = mlx5_hlist_register(dek_hlist,
- key64, &dek_ctx);
+ uint64_t key64;
+ struct mlx5_list_entry *entry;
+ if (mlx5_crypto_dek_get_key(xform, &key, &key_len))
+ return NULL;
+ key64 = __rte_raw_cksum(key, key_len, 0);
+ entry = mlx5_hlist_register(dek_hlist, key64, &dek_ctx);
return entry == NULL ? NULL :
container_of(entry, struct mlx5_crypto_dek, entry);
}
@@ -76,76 +93,55 @@ mlx5_crypto_dek_match_cb(void *tool_ctx __rte_unused,
struct mlx5_list_entry *entry, void *cb_ctx)
{
struct mlx5_crypto_dek_ctx *ctx = cb_ctx;
- struct rte_crypto_cipher_xform *cipher_ctx = ctx->cipher;
+ struct rte_crypto_sym_xform *xform = ctx->xform;
struct mlx5_crypto_dek *dek =
container_of(entry, typeof(*dek), entry);
uint32_t key_len = dek->size;
+ uint16_t xkey_len;
+ const uint8_t *key;
- if (key_len != cipher_ctx->key.length)
+ if (mlx5_crypto_dek_get_key(xform, &key, &xkey_len))
+ return -1;
+ if (key_len != xkey_len)
return -1;
- return memcmp(cipher_ctx->key.data, dek->data, cipher_ctx->key.length);
+ return memcmp(key, dek->data, xkey_len);
}
static struct mlx5_list_entry *
mlx5_crypto_dek_create_cb(void *tool_ctx __rte_unused, void *cb_ctx)
{
struct mlx5_crypto_dek_ctx *ctx = cb_ctx;
- struct rte_crypto_cipher_xform *cipher_ctx = ctx->cipher;
+ struct rte_crypto_sym_xform *xform = ctx->xform;
struct mlx5_crypto_dek *dek = rte_zmalloc(__func__, sizeof(*dek),
RTE_CACHE_LINE_SIZE);
struct mlx5_devx_dek_attr dek_attr = {
.pd = ctx->priv->cdev->pdn,
- .key_purpose = MLX5_CRYPTO_KEY_PURPOSE_AES_XTS,
- .has_keytag = 1,
};
- bool is_wrapped = ctx->priv->is_wrapped_mode;
+ int ret = -1;
if (dek == NULL) {
DRV_LOG(ERR, "Failed to allocate dek memory.");
return NULL;
}
- if (is_wrapped) {
- switch (cipher_ctx->key.length) {
- case 48:
- dek->size = 48;
- dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_128b;
- break;
- case 80:
- dek->size = 80;
- dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_256b;
- break;
- default:
- DRV_LOG(ERR, "Wrapped key size not supported.");
- return NULL;
- }
- } else {
- switch (cipher_ctx->key.length) {
- case 32:
- dek->size = 40;
- dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_128b;
- break;
- case 64:
- dek->size = 72;
- dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_256b;
- break;
- default:
- DRV_LOG(ERR, "Key size not supported.");
- return NULL;
- }
- memcpy(&dek_attr.key[cipher_ctx->key.length],
- &ctx->priv->keytag, 8);
- }
- memcpy(&dek_attr.key, cipher_ctx->key.data, cipher_ctx->key.length);
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
+ ret = mlx5_crypto_dek_fill_xts_attr(dek, &dek_attr, cb_ctx);
+ else if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+ ret = mlx5_crypto_dek_fill_gcm_attr(dek, &dek_attr, cb_ctx);
+ if (ret)
+ goto fail;
dek->obj = mlx5_devx_cmd_create_dek_obj(ctx->priv->cdev->ctx,
&dek_attr);
if (dek->obj == NULL) {
- rte_free(dek);
- return NULL;
+ DRV_LOG(ERR, "Failed to create dek obj.");
+ goto fail;
}
- memcpy(&dek->data, cipher_ctx->key.data, cipher_ctx->key.length);
return &dek->entry;
+fail:
+ rte_free(dek);
+ return NULL;
}
+
static void
mlx5_crypto_dek_remove_cb(void *tool_ctx __rte_unused,
struct mlx5_list_entry *entry)
diff --git a/drivers/crypto/mlx5/mlx5_crypto_gcm.c b/drivers/crypto/mlx5/mlx5_crypto_gcm.c
index bd78c6d66b..676bec6b18 100644
--- a/drivers/crypto/mlx5/mlx5_crypto_gcm.c
+++ b/drivers/crypto/mlx5/mlx5_crypto_gcm.c
@@ -27,6 +27,37 @@ static struct rte_cryptodev_capabilities mlx5_crypto_gcm_caps[] = {
}
};
+int
+mlx5_crypto_dek_fill_gcm_attr(struct mlx5_crypto_dek *dek,
+ struct mlx5_devx_dek_attr *dek_attr,
+ void *cb_ctx)
+{
+ struct mlx5_crypto_dek_ctx *ctx = cb_ctx;
+ struct rte_crypto_aead_xform *aead_ctx = &ctx->xform->aead;
+
+ if (aead_ctx->algo != RTE_CRYPTO_AEAD_AES_GCM) {
+ DRV_LOG(ERR, "Only AES-GCM algo supported.");
+ return -EINVAL;
+ }
+ dek_attr->key_purpose = MLX5_CRYPTO_KEY_PURPOSE_GCM;
+ switch (aead_ctx->key.length) {
+ case 16:
+ dek->size = 16;
+ dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_128b;
+ break;
+ case 32:
+ dek->size = 32;
+ dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_256b;
+ break;
+ default:
+ DRV_LOG(ERR, "Wrapped key size not supported.");
+ return -EINVAL;
+ }
+ memcpy(&dek_attr->key, aead_ctx->key.data, aead_ctx->key.length);
+ memcpy(&dek->data, aead_ctx->key.data, aead_ctx->key.length);
+ return 0;
+}
+
int
mlx5_crypto_gcm_init(struct mlx5_crypto_priv *priv)
{
diff --git a/drivers/crypto/mlx5/mlx5_crypto_xts.c b/drivers/crypto/mlx5/mlx5_crypto_xts.c
index 964d02e6ed..661da5f589 100644
--- a/drivers/crypto/mlx5/mlx5_crypto_xts.c
+++ b/drivers/crypto/mlx5/mlx5_crypto_xts.c
@@ -45,6 +45,57 @@ const struct rte_cryptodev_capabilities mlx5_crypto_caps[] = {
},
};
+int
+mlx5_crypto_dek_fill_xts_attr(struct mlx5_crypto_dek *dek,
+ struct mlx5_devx_dek_attr *dek_attr,
+ void *cb_ctx)
+{
+ struct mlx5_crypto_dek_ctx *ctx = cb_ctx;
+ struct rte_crypto_cipher_xform *cipher_ctx = &ctx->xform->cipher;
+ bool is_wrapped = ctx->priv->is_wrapped_mode;
+
+ if (cipher_ctx->algo != RTE_CRYPTO_CIPHER_AES_XTS) {
+ DRV_LOG(ERR, "Only AES-XTS algo supported.");
+ return -EINVAL;
+ }
+ dek_attr->key_purpose = MLX5_CRYPTO_KEY_PURPOSE_AES_XTS;
+ dek_attr->has_keytag = 1;
+ if (is_wrapped) {
+ switch (cipher_ctx->key.length) {
+ case 48:
+ dek->size = 48;
+ dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_128b;
+ break;
+ case 80:
+ dek->size = 80;
+ dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_256b;
+ break;
+ default:
+ DRV_LOG(ERR, "Wrapped key size not supported.");
+ return -EINVAL;
+ }
+ } else {
+ switch (cipher_ctx->key.length) {
+ case 32:
+ dek->size = 40;
+ dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_128b;
+ break;
+ case 64:
+ dek->size = 72;
+ dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_256b;
+ break;
+ default:
+ DRV_LOG(ERR, "Key size not supported.");
+ return -EINVAL;
+ }
+ memcpy(&dek_attr->key[cipher_ctx->key.length],
+ &ctx->priv->keytag, 8);
+ }
+ memcpy(&dek_attr->key, cipher_ctx->key.data, cipher_ctx->key.length);
+ memcpy(&dek->data, cipher_ctx->key.data, cipher_ctx->key.length);
+ return 0;
+}
+
static int
mlx5_crypto_xts_sym_session_configure(struct rte_cryptodev *dev,
struct rte_crypto_sym_xform *xform,
@@ -66,7 +117,7 @@ mlx5_crypto_xts_sym_session_configure(struct rte_cryptodev *dev,
return -ENOTSUP;
}
cipher = &xform->cipher;
- sess_private_data->dek = mlx5_crypto_dek_prepare(priv, cipher);
+ sess_private_data->dek = mlx5_crypto_dek_prepare(priv, xform);
if (sess_private_data->dek == NULL) {
DRV_LOG(ERR, "Failed to prepare dek.");
return -ENOMEM;
--
2.25.1
next prev parent reply other threads:[~2023-05-26 3:16 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-18 9:23 [RFC PATCH 0/5] crypto/mlx5: support AES-GCM Suanming Mou
2023-04-18 9:23 ` [RFC PATCH 1/5] crypto/mlx5: add AES-GCM capability Suanming Mou
2023-05-17 7:37 ` [EXT] " Akhil Goyal
2023-05-17 7:42 ` Suanming Mou
2023-05-17 7:47 ` Akhil Goyal
2023-05-17 7:51 ` Suanming Mou
2023-05-17 8:02 ` Akhil Goyal
2023-05-17 8:06 ` Suanming Mou
2023-04-18 9:23 ` [RFC PATCH 2/5] crypto/mlx5: add AES-GCM encryption key Suanming Mou
2023-04-18 9:23 ` [RFC PATCH 3/5] crypto/mlx5: add AES-GCM session configure Suanming Mou
2023-04-18 9:23 ` [RFC PATCH 4/5] crypto/mlx5: add queue pair setup Suanming Mou
2023-04-18 9:23 ` [RFC PATCH 5/5] crypto/mlx5: add enqueue and dequeue operations Suanming Mou
2023-05-26 3:14 ` [PATCH v2 0/9] crypto/mlx5: support AES-GCM Suanming Mou
2023-05-26 3:14 ` [PATCH v2 1/9] common/mlx5: export memory region lookup by address Suanming Mou
2023-05-26 3:14 ` [PATCH v2 2/9] crypto/mlx5: split AES-XTS Suanming Mou
2023-05-26 3:14 ` [PATCH v2 3/9] crypto/mlx5: add AES-GCM query and initialization Suanming Mou
2023-05-26 3:14 ` Suanming Mou [this message]
2023-05-26 3:14 ` [PATCH v2 5/9] crypto/mlx5: add AES-GCM session configure Suanming Mou
2023-05-26 3:14 ` [PATCH v2 6/9] common/mlx5: add WQE-based QP synchronous basics Suanming Mou
2023-05-26 3:14 ` [PATCH v2 7/9] crypto/mlx5: add queue pair setup for GCM Suanming Mou
2023-05-26 3:14 ` [PATCH v2 8/9] crypto/mlx5: add enqueue and dequeue operations Suanming Mou
2023-05-26 3:14 ` [PATCH v2 9/9] crypto/mlx5: enable AES-GCM capability Suanming Mou
2023-06-14 18:11 ` [EXT] [PATCH v2 0/9] crypto/mlx5: support AES-GCM Akhil Goyal
2023-06-20 1:22 ` Suanming Mou
2023-06-20 1:23 ` Suanming Mou
2023-06-20 1:23 ` [PATCH v3 1/9] common/mlx5: export memory region lookup by address Suanming Mou
2023-06-20 1:23 ` [PATCH v3 2/9] crypto/mlx5: split AES-XTS Suanming Mou
2023-06-20 1:23 ` [PATCH v3 3/9] crypto/mlx5: add AES-GCM query and initialization Suanming Mou
2023-06-20 1:23 ` [PATCH v3 4/9] crypto/mlx5: add AES-GCM encryption key Suanming Mou
2023-06-20 1:23 ` [PATCH v3 5/9] crypto/mlx5: add AES-GCM session configure Suanming Mou
2023-06-20 1:23 ` [PATCH v3 6/9] common/mlx5: add WQE-based QP synchronous basics Suanming Mou
2023-06-20 1:23 ` [PATCH v3 7/9] crypto/mlx5: add queue pair setup for GCM Suanming Mou
2023-06-20 1:23 ` [PATCH v3 8/9] crypto/mlx5: add enqueue and dequeue operations Suanming Mou
2023-06-20 1:23 ` [PATCH v3 9/9] crypto/mlx5: enable AES-GCM capability Suanming Mou
2023-06-20 9:25 ` [EXT] " Akhil Goyal
2023-06-20 9:42 ` Suanming Mou
2023-06-20 9:48 ` Akhil Goyal
2023-06-20 9:56 ` Suanming Mou
2023-06-20 9:55 ` [PATCH v2 0/9] crypto/mlx5: support AES-GCM Suanming Mou
2023-06-20 9:58 ` Akhil Goyal
2023-06-20 10:03 ` Suanming Mou
2023-06-20 13:52 ` Matan Azrad
2023-06-20 14:11 ` [PATCH v4 " Suanming Mou
2023-06-20 14:11 ` [PATCH v4 1/9] common/mlx5: export memory region lookup by address Suanming Mou
2023-06-20 14:11 ` [PATCH v4 2/9] crypto/mlx5: split AES-XTS Suanming Mou
2023-06-20 14:11 ` [PATCH v4 3/9] crypto/mlx5: add AES-GCM query and initialization Suanming Mou
2023-06-20 14:11 ` [PATCH v4 4/9] crypto/mlx5: add AES-GCM encryption key Suanming Mou
2023-06-20 14:11 ` [PATCH v4 5/9] crypto/mlx5: add AES-GCM session configure Suanming Mou
2023-06-20 14:11 ` [PATCH v4 6/9] common/mlx5: add WQE-based QP synchronous basics Suanming Mou
2023-06-20 14:11 ` [PATCH v4 7/9] crypto/mlx5: add queue pair setup for GCM Suanming Mou
2023-06-20 14:11 ` [PATCH v4 8/9] crypto/mlx5: add enqueue and dequeue operations Suanming Mou
2023-06-20 14:11 ` [PATCH v4 9/9] crypto/mlx5: enable AES-GCM capability Suanming Mou
2023-06-20 18:49 ` [EXT] [PATCH v4 0/9] crypto/mlx5: support AES-GCM Akhil Goyal
2023-06-23 9:31 ` Thomas Monjalon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230526031422.913377-5-suanmingm@nvidia.com \
--to=suanmingm@nvidia.com \
--cc=dev@dpdk.org \
--cc=matan@nvidia.com \
--cc=rasland@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).