mlx5: add AES-GCM query and initialization

Suanming Mou Thu, 25 May 2023 20:16:09 -0700

AES-GCM provides both authenticated encryption and the ability to check
the integrity and authentication of additional authenticated data (AAD)
that is sent in the clear.


This commit adds the AES-GCM attributes query and initialization function.

Signed-off-by: Suanming Mou <suanmi...@nvidia.com>
---
 drivers/common/mlx5/mlx5_devx_cmds.c  | 15 +++++++++++
 drivers/common/mlx5/mlx5_devx_cmds.h  | 13 ++++++++++
 drivers/common/mlx5/mlx5_prm.h        | 19 +++++++++++---
 drivers/crypto/mlx5/meson.build       |  1 +
 drivers/crypto/mlx5/mlx5_crypto.c     |  4 ++-
 drivers/crypto/mlx5/mlx5_crypto.h     |  3 +++
 drivers/crypto/mlx5/mlx5_crypto_gcm.c | 36 +++++++++++++++++++++++++++
 7 files changed, 87 insertions(+), 4 deletions(-)
 create mode 100644 drivers/crypto/mlx5/mlx5_crypto_gcm.c

diff --git a/drivers/common/mlx5/mlx5_devx_cmds.c 
b/drivers/common/mlx5/mlx5_devx_cmds.c
index 1e418a0353..4332081165 100644
--- a/drivers/common/mlx5/mlx5_devx_cmds.c
+++ b/drivers/common/mlx5/mlx5_devx_cmds.c
@@ -1117,6 +1117,21 @@ mlx5_devx_cmd_query_hca_attr(void *ctx,
                attr->crypto_wrapped_import_method = !!(MLX5_GET(crypto_caps,
                                                hcattr, wrapped_import_method)
                                                & 1 << 2);
+               attr->crypto_mmo.crypto_mmo_qp = MLX5_GET(crypto_caps, hcattr, 
crypto_mmo_qp);
+               attr->crypto_mmo.gcm_256_encrypt =
+                       MLX5_GET(crypto_caps, hcattr, 
crypto_aes_gcm_256_encrypt);
+               attr->crypto_mmo.gcm_128_encrypt =
+                       MLX5_GET(crypto_caps, hcattr, 
crypto_aes_gcm_128_encrypt);
+               attr->crypto_mmo.gcm_256_decrypt =
+                       MLX5_GET(crypto_caps, hcattr, 
crypto_aes_gcm_256_decrypt);
+               attr->crypto_mmo.gcm_128_decrypt =
+                       MLX5_GET(crypto_caps, hcattr, 
crypto_aes_gcm_128_decrypt);
+               attr->crypto_mmo.gcm_auth_tag_128 =
+                       MLX5_GET(crypto_caps, hcattr, gcm_auth_tag_128);
+               attr->crypto_mmo.gcm_auth_tag_96 =
+                       MLX5_GET(crypto_caps, hcattr, gcm_auth_tag_96);
+               attr->crypto_mmo.log_crypto_mmo_max_size =
+                       MLX5_GET(crypto_caps, hcattr, log_crypto_mmo_max_size);
        }
        if (hca_cap_2_sup) {
                hcattr = mlx5_devx_get_hca_cap(ctx, in, out, &rc,
diff --git a/drivers/common/mlx5/mlx5_devx_cmds.h 
b/drivers/common/mlx5/mlx5_devx_cmds.h
index dc3359268d..cb3f3a211b 100644
--- a/drivers/common/mlx5/mlx5_devx_cmds.h
+++ b/drivers/common/mlx5/mlx5_devx_cmds.h
@@ -125,6 +125,18 @@ struct mlx5_hca_flex_attr {
        uint8_t  header_length_mask_width;
 };
 
+__extension__
+struct mlx5_hca_crypto_mmo_attr {
+       uint32_t crypto_mmo_qp:1;
+       uint32_t gcm_256_encrypt:1;
+       uint32_t gcm_128_encrypt:1;
+       uint32_t gcm_256_decrypt:1;
+       uint32_t gcm_128_decrypt:1;
+       uint32_t gcm_auth_tag_128:1;
+       uint32_t gcm_auth_tag_96:1;
+       uint32_t log_crypto_mmo_max_size:6;
+};
+
 /* ISO C restricts enumerator values to range of 'int' */
 __extension__
 enum {
@@ -250,6 +262,7 @@ struct mlx5_hca_attr {
        struct mlx5_hca_vdpa_attr vdpa;
        struct mlx5_hca_flow_attr flow;
        struct mlx5_hca_flex_attr flex;
+       struct mlx5_hca_crypto_mmo_attr crypto_mmo;
        int log_max_qp_sz;
        int log_max_cq_sz;
        int log_max_qp;
diff --git a/drivers/common/mlx5/mlx5_prm.h b/drivers/common/mlx5/mlx5_prm.h
index 9f749a2dcc..b4446f56b9 100644
--- a/drivers/common/mlx5/mlx5_prm.h
+++ b/drivers/common/mlx5/mlx5_prm.h
@@ -4577,7 +4577,9 @@ struct mlx5_ifc_crypto_caps_bits {
        u8 synchronize_dek[0x1];
        u8 int_kek_manual[0x1];
        u8 int_kek_auto[0x1];
-       u8 reserved_at_6[0x12];
+       u8 reserved_at_6[0xd];
+       u8 sw_wrapped_dek_key_purpose[0x1];
+       u8 reserved_at_14[0x4];
        u8 wrapped_import_method[0x8];
        u8 reserved_at_20[0x3];
        u8 log_dek_max_alloc[0x5];
@@ -4594,8 +4596,19 @@ struct mlx5_ifc_crypto_caps_bits {
        u8 log_dek_granularity[0x5];
        u8 reserved_at_68[0x3];
        u8 log_max_num_int_kek[0x5];
-       u8 reserved_at_70[0x10];
-       u8 reserved_at_80[0x780];
+       u8 sw_wrapped_dek_new[0x10];
+       u8 reserved_at_80[0x80];
+       u8 crypto_mmo_qp[0x1];
+       u8 crypto_aes_gcm_256_encrypt[0x1];
+       u8 crypto_aes_gcm_128_encrypt[0x1];
+       u8 crypto_aes_gcm_256_decrypt[0x1];
+       u8 crypto_aes_gcm_128_decrypt[0x1];
+       u8 gcm_auth_tag_128[0x1];
+       u8 gcm_auth_tag_96[0x1];
+       u8 reserved_at_107[0x3];
+       u8 log_crypto_mmo_max_size[0x6];
+       u8 reserved_at_110[0x10];
+       u8 reserved_at_120[0x6e0];
 };
 
 struct mlx5_ifc_crypto_commissioning_register_bits {
diff --git a/drivers/crypto/mlx5/meson.build b/drivers/crypto/mlx5/meson.build
index 045e8ce81d..17ffce89f0 100644
--- a/drivers/crypto/mlx5/meson.build
+++ b/drivers/crypto/mlx5/meson.build
@@ -16,6 +16,7 @@ endif
 sources = files(
         'mlx5_crypto.c',
        'mlx5_crypto_xts.c',
+       'mlx5_crypto_gcm.c',
         'mlx5_crypto_dek.c',
 )
 
diff --git a/drivers/crypto/mlx5/mlx5_crypto.c 
b/drivers/crypto/mlx5/mlx5_crypto.c
index 2e6bcc6ddc..ff632cd69a 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.c
+++ b/drivers/crypto/mlx5/mlx5_crypto.c
@@ -335,7 +335,9 @@ mlx5_crypto_dev_probe(struct mlx5_common_device *cdev,
                rte_errno = ENOTSUP;
                return -rte_errno;
        }
-       if (!cdev->config.hca_attr.crypto || !cdev->config.hca_attr.aes_xts) {
+       if (!cdev->config.hca_attr.crypto ||
+          (!cdev->config.hca_attr.aes_xts &&
+           !cdev->config.hca_attr.crypto_mmo.crypto_mmo_qp)) {
                DRV_LOG(ERR, "Not enough capabilities to support crypto "
                        "operations, maybe old FW/OFED version?");
                rte_errno = ENOTSUP;
diff --git a/drivers/crypto/mlx5/mlx5_crypto.h 
b/drivers/crypto/mlx5/mlx5_crypto.h
index 05d8fe97fe..76f368ee91 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.h
+++ b/drivers/crypto/mlx5/mlx5_crypto.h
@@ -117,4 +117,7 @@ mlx5_crypto_dek_unset(struct mlx5_crypto_priv *priv);
 int
 mlx5_crypto_xts_init(struct mlx5_crypto_priv *priv);
 
+int
+mlx5_crypto_gcm_init(struct mlx5_crypto_priv *priv);
+
 #endif /* MLX5_CRYPTO_H_ */
diff --git a/drivers/crypto/mlx5/mlx5_crypto_gcm.c 
b/drivers/crypto/mlx5/mlx5_crypto_gcm.c
new file mode 100644
index 0000000000..bd78c6d66b
--- /dev/null
+++ b/drivers/crypto/mlx5/mlx5_crypto_gcm.c
@@ -0,0 +1,36 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (c) 2023 NVIDIA Corporation & Affiliates
+ */
+
+#include <rte_malloc.h>
+#include <rte_mempool.h>
+#include <rte_eal_paging.h>
+#include <rte_errno.h>
+#include <rte_log.h>
+#include <bus_pci_driver.h>
+#include <rte_memory.h>
+
+#include <mlx5_glue.h>
+#include <mlx5_common.h>
+#include <mlx5_devx_cmds.h>
+#include <mlx5_common_os.h>
+
+#include "mlx5_crypto_utils.h"
+#include "mlx5_crypto.h"
+
+static struct rte_cryptodev_capabilities mlx5_crypto_gcm_caps[] = {
+       {
+               .op = RTE_CRYPTO_OP_TYPE_UNDEFINED,
+       },
+       {
+               .op = RTE_CRYPTO_OP_TYPE_UNDEFINED,
+       }
+};
+
+int
+mlx5_crypto_gcm_init(struct mlx5_crypto_priv *priv)
+{
+       priv->caps = mlx5_crypto_gcm_caps;
+       return 0;
+}
+
-- 
2.25.1

[PATCH v2 3/9] crypto/mlx5: add AES-GCM query and initialization

Reply via email to