@@ -11,6 +11,7 @@ fmt_name = 'mlx5_crypto'
deps += ['common_mlx5', 'eal', 'cryptodev']
sources = files(
'mlx5_crypto.c',
+ 'mlx5_crypto_dek.c',
)
cflags_options = [
'-std=c11',
@@ -3,12 +3,9 @@
*/
#include <rte_malloc.h>
-#include <rte_log.h>
#include <rte_errno.h>
+#include <rte_log.h>
#include <rte_pci.h>
-#include <rte_crypto.h>
-#include <rte_cryptodev.h>
-#include <rte_cryptodev_pmd.h>
#include <mlx5_glue.h>
#include <mlx5_common.h>
@@ -17,19 +14,10 @@
#include <mlx5_common_os.h>
#include "mlx5_crypto_utils.h"
+#include "mlx5_crypto.h"
#define MLX5_CRYPTO_DRIVER_NAME mlx5_crypto
-#define MLX5_CRYPTO_LOG_NAME pmd.crypto.mlx5
-
-struct mlx5_crypto_priv {
- TAILQ_ENTRY(mlx5_crypto_priv) next;
- struct ibv_context *ctx; /* Device context. */
- struct rte_pci_device *pci_dev;
- struct rte_cryptodev *crypto_dev;
- void *uar; /* User Access Region. */
- uint32_t pdn; /* Protection Domain number. */
- struct ibv_pd *pd;
-};
+#define MLX5_CRYPTO_LOG_NAME pmd.crypto.mlx5
TAILQ_HEAD(mlx5_crypto_privs, mlx5_crypto_priv) mlx5_crypto_priv_list =
TAILQ_HEAD_INITIALIZER(mlx5_crypto_priv_list);
@@ -48,11 +36,33 @@ static const struct rte_driver mlx5_drv = {
static struct cryptodev_driver mlx5_cryptodev_driver;
+static int
+mlx5_crypto_dev_configure(struct rte_cryptodev *dev,
+ struct rte_cryptodev_config *config __rte_unused)
+{
+ struct mlx5_crypto_priv *priv = dev->data->dev_private;
+
+ if (mlx5_crypto_dek_setup(priv) != 0) {
+ DRV_LOG(ERR, "Dek hash list creation has failed.");
+ return -ENOMEM;
+ }
+ return 0;
+}
+
+static int
+mlx5_crypto_dev_close(struct rte_cryptodev *dev)
+{
+ struct mlx5_crypto_priv *priv = dev->data->dev_private;
+
+ mlx5_crypto_dek_unset(priv);
+ return 0;
+}
+
static struct rte_cryptodev_ops mlx5_crypto_ops = {
- .dev_configure = NULL,
+ .dev_configure = mlx5_crypto_dev_configure,
.dev_start = NULL,
.dev_stop = NULL,
- .dev_close = NULL,
+ .dev_close = mlx5_crypto_dev_close,
.dev_infos_get = NULL,
.stats_get = NULL,
.stats_reset = NULL,
new file mode 100644
@@ -0,0 +1,51 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright 2021 Mellanox Technologies, Ltd
+ */
+
+#ifndef MLX5_CRYPTO_H_
+#define MLX5_CRYPTO_H_
+
+#include <stdbool.h>
+
+#include <rte_cryptodev.h>
+#include <rte_cryptodev_pmd.h>
+
+#include <mlx5_common_utils.h>
+
+#define MLX5_CRYPTO_DEK_HTABLE_SZ (1 << 11)
+#define MLX5_CRYPTO_KEY_LENGTH 80
+
+struct mlx5_crypto_priv {
+ TAILQ_ENTRY(mlx5_crypto_priv) next;
+ struct ibv_context *ctx; /* Device context. */
+ struct rte_pci_device *pci_dev;
+ struct rte_cryptodev *crypto_dev;
+ void *uar; /* User Access Region. */
+ uint32_t pdn; /* Protection Domain number. */
+ struct ibv_pd *pd;
+ struct mlx5_hlist *dek_hlist; /* Dek hash list. */
+};
+
+struct mlx5_crypto_dek {
+ struct mlx5_hlist_entry entry; /* Pointer to DEK hash list entry. */
+ struct mlx5_devx_obj *obj; /* Pointer to DEK DevX object. */
+ uint8_t data[MLX5_CRYPTO_KEY_LENGTH]; /* DEK key data. */
+ bool size_is_48; /* Whether the key\data size is 48 bytes or not. */
+};
+
+int
+mlx5_crypto_dek_destroy(struct mlx5_crypto_priv *priv,
+ struct mlx5_crypto_dek *dek);
+
+struct mlx5_crypto_dek *
+mlx5_crypto_dek_prepare(struct mlx5_crypto_priv *priv,
+ struct rte_crypto_cipher_xform *cipher);
+
+int
+mlx5_crypto_dek_setup(struct mlx5_crypto_priv *priv);
+
+void
+mlx5_crypto_dek_unset(struct mlx5_crypto_priv *priv);
+
+#endif /* MLX5_CRYPTO_H_ */
+
new file mode 100644
@@ -0,0 +1,136 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright 2018 Mellanox Technologies, Ltd
+ */
+
+#include <rte_ip.h>
+#include <rte_common.h>
+#include <rte_errno.h>
+#include <rte_log.h>
+
+#include <mlx5_prm.h>
+#include <mlx5_devx_cmds.h>
+
+#include "mlx5_crypto_utils.h"
+#include "mlx5_crypto.h"
+
+struct mlx5_crypto_dek_ctx {
+ struct rte_crypto_cipher_xform *cipher;
+ struct mlx5_crypto_priv *priv;
+};
+
+int
+mlx5_crypto_dek_destroy(struct mlx5_crypto_priv *priv,
+ struct mlx5_crypto_dek *dek)
+{
+ return mlx5_hlist_unregister(priv->dek_hlist, &dek->entry);
+}
+
+struct mlx5_crypto_dek *
+mlx5_crypto_dek_prepare(struct mlx5_crypto_priv *priv,
+ struct rte_crypto_cipher_xform *cipher)
+{
+ struct mlx5_hlist *dek_hlist = priv->dek_hlist;
+ struct mlx5_crypto_dek_ctx dek_ctx = {
+ .cipher = cipher,
+ .priv = priv,
+ };
+ struct rte_crypto_cipher_xform *cipher_ctx = cipher;
+ uint64_t key64 = __rte_raw_cksum(cipher_ctx->key.data,
+ cipher_ctx->key.length, 0);
+ struct mlx5_hlist_entry *entry = mlx5_hlist_register(dek_hlist,
+ key64, &dek_ctx);
+
+ return entry == NULL ? NULL :
+ container_of(entry, struct mlx5_crypto_dek, entry);
+}
+
+static int
+mlx5_crypto_dek_match_cb(struct mlx5_hlist *list __rte_unused,
+ struct mlx5_hlist_entry *entry,
+ uint64_t key __rte_unused, void *cb_ctx)
+{
+ struct mlx5_crypto_dek_ctx *ctx = cb_ctx;
+ struct rte_crypto_cipher_xform *cipher_ctx = ctx->cipher;
+ struct mlx5_crypto_dek *dek =
+ container_of(entry, typeof(*dek), entry);
+ uint32_t key_len = dek->size_is_48 ? 48 : 80;
+
+ if (key_len != cipher_ctx->key.length)
+ return -1;
+ return memcmp(cipher_ctx->key.data, dek->data, key_len);
+}
+
+static struct mlx5_hlist_entry *
+mlx5_crypto_dek_create_cb(struct mlx5_hlist *list __rte_unused,
+ uint64_t key __rte_unused, void *cb_ctx)
+{
+ struct mlx5_crypto_dek_ctx *ctx = cb_ctx;
+ struct rte_crypto_cipher_xform *cipher_ctx = ctx->cipher;
+ struct mlx5_crypto_dek *dek = rte_zmalloc(__func__, sizeof(*dek),
+ RTE_CACHE_LINE_SIZE);
+ struct mlx5_devx_dek_attr dek_attr = {
+ .pd = ctx->priv->pdn,
+ .key_purpose = MLX5_CRYPTO_KEY_PURPOSE_AES_XTS,
+ .has_keytag = 1,
+ };
+
+ if (dek == NULL) {
+ DRV_LOG(ERR, "Failed to allocate dek memory.");
+ return NULL;
+ }
+ switch (cipher_ctx->key.length) {
+ case 48:
+ dek->size_is_48 = true;
+ dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_128b;
+ break;
+ case 80:
+ dek->size_is_48 = false;
+ dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_256b;
+ break;
+ default:
+ DRV_LOG(ERR, "Key size not supported.");
+ return NULL;
+ }
+ rte_memcpy(&dek_attr.key, cipher_ctx->key.data, cipher_ctx->key.length);
+ dek->obj = mlx5_devx_cmd_create_dek_obj(ctx->priv->ctx, &dek_attr);
+ if (dek->obj == NULL) {
+ rte_free(dek);
+ return NULL;
+ }
+ rte_memcpy(&dek->data, cipher_ctx->key.data, cipher_ctx->key.length);
+ return &dek->entry;
+}
+
+static void
+mlx5_crypto_dek_remove_cb(struct mlx5_hlist *list __rte_unused,
+ struct mlx5_hlist_entry *entry)
+{
+ struct mlx5_crypto_dek *dek =
+ container_of(entry, typeof(*dek), entry);
+
+ claim_zero(mlx5_devx_cmd_destroy(dek->obj));
+ rte_free(dek);
+}
+
+
+int
+mlx5_crypto_dek_setup(struct mlx5_crypto_priv *priv)
+{
+ priv->dek_hlist = mlx5_hlist_create("dek_hlist",
+ MLX5_CRYPTO_DEK_HTABLE_SZ,
+ 0, MLX5_HLIST_WRITE_MOST |
+ MLX5_HLIST_DIRECT_KEY,
+ mlx5_crypto_dek_create_cb,
+ mlx5_crypto_dek_match_cb,
+ mlx5_crypto_dek_remove_cb);
+ if (priv->dek_hlist == NULL)
+ return -1;
+ return 0;
+}
+
+void
+mlx5_crypto_dek_unset(struct mlx5_crypto_priv *priv)
+{
+ mlx5_hlist_destroy(priv->dek_hlist);
+ priv->dek_hlist = NULL;
+}