From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D12A942CFF; Tue, 20 Jun 2023 03:24:33 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A52F042D2C; Tue, 20 Jun 2023 03:24:28 +0200 (CEST) Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2089.outbound.protection.outlook.com [40.107.92.89]) by mails.dpdk.org (Postfix) with ESMTP id BD2BB4113F for ; Tue, 20 Jun 2023 03:24:24 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mXqXJTSO9Zd2SRBV9eUcjrkkyLt+DjW80l9NbHgUGPXvwdCYYWNyZ3ZAe7Cc5x5w71J2Ye43VNI/9CbUxsHiUlJFA0HN72D1RSzvaqdJ9h6LMKz3kbPg4kpMwa281iSXTVFJpkNKNXsAh5Rru+ErLgVmjN68Uwr6EabVB7rct848/MkpnMjseqOKHPIbzJyOhwqGgIod0VY1MGaVvS6+JW9uJaywRsczk+YDBB/FCakDsbsLIMZ8D3/neaDjZwlthvdqik5oMkWCx2NwcZsZxIp6tMYJPj4t9/Vn7nlfhHfLlDW0Mqi6slAEM7RWVvfW5sSYdvm7LEjJ/BzQlbct1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=c9e+KxpKaiq2dU3Kd2dU/hHkaRzWpdmadclSbTRrFlI=; b=J5PgaGkTzz0FLme2EYuxuxdkVdJZvuvD1K1hadzaLgHUU2jWkehoKMJA1aaDB7p0Y8DbxPY98JUvBbEO7VTFSE+iWFy5z1E5rjdBdL4EQSC0rYMVWtinBEZbYel0roNSctUI7F12K3CwYw62Lx2ofZdE4VXXXOJ027YvIZk1Ec3xjX2TRxBXDueYPDUSM5YHE/T/cMudTBQTIolDTxfoaPc5uSN+EUWxBj/+fbfG7/A9PX7+4iz8iXLwbUyL5KtRkBZKgzHAOZl2lOYHS69eN6so3dFvkHNipBkhk9L8UoDmQnu151EK98afmA12jYCUvvjEIcS3rSdMUM45GPOBrw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c9e+KxpKaiq2dU3Kd2dU/hHkaRzWpdmadclSbTRrFlI=; b=M1Q2v8nSY2pWaOz8hNtz+MNSIRBeT6PFClANnzmnyHs420Lz2eIeG55GxmCVtE9zmd4pLfKrQN8OBvdQL3LArQ7iwCqUDtNvrwBKRNH5mqJTbM2JNZ0g3rGa+7h9Xk9g0gVNpOpE55RHY/4Z53C4uwmSL/sHwsDjFzy3yJJsTkRTaWahRPkvuQYyGpGeMH7hbfx/fH4FiuufPUA+MFVe09UMdXMBqACuFqk5DDuA1U2q20j6wWW4iv9/FyZFo+Jjs9RJsmkUwZ9rzyis7L+LJwRf9d13GG77+BJQOAYDWMQygew34tWn4xamRlc7sUPq4srwjZskfuHf/Gdl070gwQ== Received: from CYXPR02CA0027.namprd02.prod.outlook.com (2603:10b6:930:cc::17) by LV2PR12MB5751.namprd12.prod.outlook.com (2603:10b6:408:17d::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.37; Tue, 20 Jun 2023 01:24:22 +0000 Received: from CY4PEPF0000E9CF.namprd03.prod.outlook.com (2603:10b6:930:cc:cafe::b1) by CYXPR02CA0027.outlook.office365.com (2603:10b6:930:cc::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.37 via Frontend Transport; Tue, 20 Jun 2023 01:24:20 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by CY4PEPF0000E9CF.mail.protection.outlook.com (10.167.241.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.21 via Frontend Transport; Tue, 20 Jun 2023 01:24:21 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.5; Mon, 19 Jun 2023 18:24:13 -0700 Received: from nvidia.com (10.126.231.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.37; Mon, 19 Jun 2023 18:24:09 -0700 From: Suanming Mou To: Matan Azrad , Viacheslav Ovsiienko , Ori Kam CC: , , Subject: [PATCH v3 3/9] crypto/mlx5: add AES-GCM query and initialization Date: Tue, 20 Jun 2023 04:23:16 +0300 Message-ID: <20230620012322.788099-4-suanmingm@nvidia.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230620012322.788099-1-suanmingm@nvidia.com> References: <20230418092325.2578712-1-suanmingm@nvidia.com> <20230620012322.788099-1-suanmingm@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.126.231.35] X-ClientProxiedBy: rnnvmail201.nvidia.com (10.129.68.8) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9CF:EE_|LV2PR12MB5751:EE_ X-MS-Office365-Filtering-Correlation-Id: dfa6fccf-f513-4c2c-23f4-08db712d13af X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ix6f0Q3K1Q/UpthmRCJtHAEo87DhjhfRrRlL/YaT8/YDNLL4nRqbLJwSKOgdlgP3pVNOhoa8k6DSb8ZemXHokqq5v++M27YZ361zLr8Fs6AUEvPGFPz0C5cv+Nx+E+liiewcSjvl7iN6JDM2Vyu78JE59l1sY3VL6xfXL3FsjpG35r/fuqfsKom/VyrA0Czo4J/UpJa7uhnNB92r9k2QwP+zZFcS6imOExcbwMxpcdBFpk9PoHl0wud2Sdouznu/HENPUhhPp2xbSo+xTLxxQl/kkVjxv+bocyOsvTgj7YjzgxLNPvxYEyoO0ITpnz1eEVQSL4Bvxix9TeDSQ/0oPX13PHWy1Msaj+Bg80RwaoOVYm6sWqhGeWJAXcn4jtaDRgc3L26A/33tKFx8LDShUS1YXGoL9P/5WeUsHYu1Wg+5qR126cAFC8p3duTXNvIwujlKZvfnE+u/ydoAgn6f3mWkMXYd8fRPvGQH6B5mLiJ1w9ikBCVbConoTs9fAwYkfvbVAj/jLa33HxrY7F2qiweQ+wY3Hn8ICSC+ZTU3neuzqDI8FPvlmKSAMMJ+H+myS+OQ20BYsT0FwtRqaEB3qTAb+LbPAw2ilaV7QmRtHtZNzlkUS9dOOkhY4LJZzcAMMIqTE2qWX3SAnNmVqsiHhZVUTP2SjIW0TpmUm2RnXpVyCvtw06jx4+LtmIqpvWhGsu8ZrHP1QEqRYyZCPQS3m3ejGBuNlir6K6Xst7X11VY9uyHSKLFc+u2SEqR108ch X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE; SFS:(13230028)(4636009)(136003)(346002)(39860400002)(396003)(376002)(451199021)(40470700004)(36840700001)(46966006)(8936002)(6286002)(186003)(16526019)(70206006)(8676002)(4326008)(82740400003)(5660300002)(110136005)(54906003)(70586007)(40460700003)(6666004)(7696005)(82310400005)(316002)(478600001)(41300700001)(36756003)(26005)(6636002)(1076003)(40480700001)(55016003)(2906002)(47076005)(426003)(336012)(83380400001)(2616005)(86362001)(356005)(7636003)(36860700001); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jun 2023 01:24:21.9831 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: dfa6fccf-f513-4c2c-23f4-08db712d13af X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000E9CF.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR12MB5751 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org AES-GCM provides both authenticated encryption and the ability to check the integrity and authentication of additional authenticated data (AAD) that is sent in the clear. This commit adds the AES-GCM attributes query and initialization function. Signed-off-by: Suanming Mou --- drivers/common/mlx5/mlx5_devx_cmds.c | 15 +++++++++++ drivers/common/mlx5/mlx5_devx_cmds.h | 13 ++++++++++ drivers/common/mlx5/mlx5_prm.h | 19 +++++++++++--- drivers/crypto/mlx5/meson.build | 1 + drivers/crypto/mlx5/mlx5_crypto.c | 4 ++- drivers/crypto/mlx5/mlx5_crypto.h | 3 +++ drivers/crypto/mlx5/mlx5_crypto_gcm.c | 36 +++++++++++++++++++++++++++ 7 files changed, 87 insertions(+), 4 deletions(-) create mode 100644 drivers/crypto/mlx5/mlx5_crypto_gcm.c diff --git a/drivers/common/mlx5/mlx5_devx_cmds.c b/drivers/common/mlx5/mlx5_devx_cmds.c index 1e418a0353..4332081165 100644 --- a/drivers/common/mlx5/mlx5_devx_cmds.c +++ b/drivers/common/mlx5/mlx5_devx_cmds.c @@ -1117,6 +1117,21 @@ mlx5_devx_cmd_query_hca_attr(void *ctx, attr->crypto_wrapped_import_method = !!(MLX5_GET(crypto_caps, hcattr, wrapped_import_method) & 1 << 2); + attr->crypto_mmo.crypto_mmo_qp = MLX5_GET(crypto_caps, hcattr, crypto_mmo_qp); + attr->crypto_mmo.gcm_256_encrypt = + MLX5_GET(crypto_caps, hcattr, crypto_aes_gcm_256_encrypt); + attr->crypto_mmo.gcm_128_encrypt = + MLX5_GET(crypto_caps, hcattr, crypto_aes_gcm_128_encrypt); + attr->crypto_mmo.gcm_256_decrypt = + MLX5_GET(crypto_caps, hcattr, crypto_aes_gcm_256_decrypt); + attr->crypto_mmo.gcm_128_decrypt = + MLX5_GET(crypto_caps, hcattr, crypto_aes_gcm_128_decrypt); + attr->crypto_mmo.gcm_auth_tag_128 = + MLX5_GET(crypto_caps, hcattr, gcm_auth_tag_128); + attr->crypto_mmo.gcm_auth_tag_96 = + MLX5_GET(crypto_caps, hcattr, gcm_auth_tag_96); + attr->crypto_mmo.log_crypto_mmo_max_size = + MLX5_GET(crypto_caps, hcattr, log_crypto_mmo_max_size); } if (hca_cap_2_sup) { hcattr = mlx5_devx_get_hca_cap(ctx, in, out, &rc, diff --git a/drivers/common/mlx5/mlx5_devx_cmds.h b/drivers/common/mlx5/mlx5_devx_cmds.h index dc3359268d..cb3f3a211b 100644 --- a/drivers/common/mlx5/mlx5_devx_cmds.h +++ b/drivers/common/mlx5/mlx5_devx_cmds.h @@ -125,6 +125,18 @@ struct mlx5_hca_flex_attr { uint8_t header_length_mask_width; }; +__extension__ +struct mlx5_hca_crypto_mmo_attr { + uint32_t crypto_mmo_qp:1; + uint32_t gcm_256_encrypt:1; + uint32_t gcm_128_encrypt:1; + uint32_t gcm_256_decrypt:1; + uint32_t gcm_128_decrypt:1; + uint32_t gcm_auth_tag_128:1; + uint32_t gcm_auth_tag_96:1; + uint32_t log_crypto_mmo_max_size:6; +}; + /* ISO C restricts enumerator values to range of 'int' */ __extension__ enum { @@ -250,6 +262,7 @@ struct mlx5_hca_attr { struct mlx5_hca_vdpa_attr vdpa; struct mlx5_hca_flow_attr flow; struct mlx5_hca_flex_attr flex; + struct mlx5_hca_crypto_mmo_attr crypto_mmo; int log_max_qp_sz; int log_max_cq_sz; int log_max_qp; diff --git a/drivers/common/mlx5/mlx5_prm.h b/drivers/common/mlx5/mlx5_prm.h index d67c4336e6..755bd73275 100644 --- a/drivers/common/mlx5/mlx5_prm.h +++ b/drivers/common/mlx5/mlx5_prm.h @@ -4581,7 +4581,9 @@ struct mlx5_ifc_crypto_caps_bits { u8 synchronize_dek[0x1]; u8 int_kek_manual[0x1]; u8 int_kek_auto[0x1]; - u8 reserved_at_6[0x12]; + u8 reserved_at_6[0xd]; + u8 sw_wrapped_dek_key_purpose[0x1]; + u8 reserved_at_14[0x4]; u8 wrapped_import_method[0x8]; u8 reserved_at_20[0x3]; u8 log_dek_max_alloc[0x5]; @@ -4598,8 +4600,19 @@ struct mlx5_ifc_crypto_caps_bits { u8 log_dek_granularity[0x5]; u8 reserved_at_68[0x3]; u8 log_max_num_int_kek[0x5]; - u8 reserved_at_70[0x10]; - u8 reserved_at_80[0x780]; + u8 sw_wrapped_dek_new[0x10]; + u8 reserved_at_80[0x80]; + u8 crypto_mmo_qp[0x1]; + u8 crypto_aes_gcm_256_encrypt[0x1]; + u8 crypto_aes_gcm_128_encrypt[0x1]; + u8 crypto_aes_gcm_256_decrypt[0x1]; + u8 crypto_aes_gcm_128_decrypt[0x1]; + u8 gcm_auth_tag_128[0x1]; + u8 gcm_auth_tag_96[0x1]; + u8 reserved_at_107[0x3]; + u8 log_crypto_mmo_max_size[0x6]; + u8 reserved_at_110[0x10]; + u8 reserved_at_120[0x6e0]; }; struct mlx5_ifc_crypto_commissioning_register_bits { diff --git a/drivers/crypto/mlx5/meson.build b/drivers/crypto/mlx5/meson.build index 045e8ce81d..17ffce89f0 100644 --- a/drivers/crypto/mlx5/meson.build +++ b/drivers/crypto/mlx5/meson.build @@ -16,6 +16,7 @@ endif sources = files( 'mlx5_crypto.c', 'mlx5_crypto_xts.c', + 'mlx5_crypto_gcm.c', 'mlx5_crypto_dek.c', ) diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c index 2e6bcc6ddc..ff632cd69a 100644 --- a/drivers/crypto/mlx5/mlx5_crypto.c +++ b/drivers/crypto/mlx5/mlx5_crypto.c @@ -335,7 +335,9 @@ mlx5_crypto_dev_probe(struct mlx5_common_device *cdev, rte_errno = ENOTSUP; return -rte_errno; } - if (!cdev->config.hca_attr.crypto || !cdev->config.hca_attr.aes_xts) { + if (!cdev->config.hca_attr.crypto || + (!cdev->config.hca_attr.aes_xts && + !cdev->config.hca_attr.crypto_mmo.crypto_mmo_qp)) { DRV_LOG(ERR, "Not enough capabilities to support crypto " "operations, maybe old FW/OFED version?"); rte_errno = ENOTSUP; diff --git a/drivers/crypto/mlx5/mlx5_crypto.h b/drivers/crypto/mlx5/mlx5_crypto.h index 05d8fe97fe..76f368ee91 100644 --- a/drivers/crypto/mlx5/mlx5_crypto.h +++ b/drivers/crypto/mlx5/mlx5_crypto.h @@ -117,4 +117,7 @@ mlx5_crypto_dek_unset(struct mlx5_crypto_priv *priv); int mlx5_crypto_xts_init(struct mlx5_crypto_priv *priv); +int +mlx5_crypto_gcm_init(struct mlx5_crypto_priv *priv); + #endif /* MLX5_CRYPTO_H_ */ diff --git a/drivers/crypto/mlx5/mlx5_crypto_gcm.c b/drivers/crypto/mlx5/mlx5_crypto_gcm.c new file mode 100644 index 0000000000..bd78c6d66b --- /dev/null +++ b/drivers/crypto/mlx5/mlx5_crypto_gcm.c @@ -0,0 +1,36 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright (c) 2023 NVIDIA Corporation & Affiliates + */ + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "mlx5_crypto_utils.h" +#include "mlx5_crypto.h" + +static struct rte_cryptodev_capabilities mlx5_crypto_gcm_caps[] = { + { + .op = RTE_CRYPTO_OP_TYPE_UNDEFINED, + }, + { + .op = RTE_CRYPTO_OP_TYPE_UNDEFINED, + } +}; + +int +mlx5_crypto_gcm_init(struct mlx5_crypto_priv *priv) +{ + priv->caps = mlx5_crypto_gcm_caps; + return 0; +} + -- 2.25.1