AES-GCM provides both authenticated encryption and the ability to check the integrity and authentication of additional authenticated data (AAD) that is sent in the clear.
The crypto operations are performed with crypto WQE. If the input buffers(AAD, mbuf, digest) are not contiguous, as the requirement from FW, an UMR WQE is needed to generate contiguous address space for crypto WQE. The UMR WQE and crypto WQE are handled in two different QPs. The QP for UMR operation contains two types of WQE, UMR and SEND_EN WQE. The WQEs are built dynamically according to the crypto operation buffer address. Crypto operation with non-contiguous buffers will have its own UMR WQE, while the operation with contiguous buffers doesn't need the UMR WQE. Once the all the operations WQE in the enqueue burst built finishes, if any UMR WQEs are built, additional SEND_EN WQE will be as the final WQE of the burst in the UMR QP. The purpose of that SEND_EN WQE is to trigger the crypto QP processing with the UMR ready input memory address space buffers. The QP for crypto operations contains only the crypto WQE and the QP WQEs are built as fixed in QP setup. The QP processing is triggered by doorbell ring or the SEND_EN WQE from UMR QP. Suanming Mou (5): crypto/mlx5: add AES-GCM capability crypto/mlx5: add AES-GCM encryption key crypto/mlx5: add AES-GCM session configure crypto/mlx5: add queue pair setup crypto/mlx5: add enqueue and dequeue operations doc/guides/nics/mlx5.rst | 8 + drivers/common/mlx5/mlx5_devx_cmds.c | 29 +- drivers/common/mlx5/mlx5_devx_cmds.h | 18 + drivers/common/mlx5/mlx5_prm.h | 62 +- drivers/crypto/mlx5/meson.build | 1 + drivers/crypto/mlx5/mlx5_crypto.c | 64 +- drivers/crypto/mlx5/mlx5_crypto.h | 57 +- drivers/crypto/mlx5/mlx5_crypto_dek.c | 157 +++-- drivers/crypto/mlx5/mlx5_crypto_gcm.c | 803 ++++++++++++++++++++++++++ 9 files changed, 1139 insertions(+), 60 deletions(-) create mode 100644 drivers/crypto/mlx5/mlx5_crypto_gcm.c -- 2.25.1
