The crypto device requires the DEK(data encryption key) object for
data encryption/decryption operation.

This commit adds the AES-GCM DEK object management support.

Signed-off-by: Suanming Mou <suanmi...@nvidia.com>
---
 drivers/crypto/mlx5/mlx5_crypto.h     |  17 ++++-
 drivers/crypto/mlx5/mlx5_crypto_dek.c | 102 +++++++++++++-------------
 drivers/crypto/mlx5/mlx5_crypto_gcm.c |  31 ++++++++
 drivers/crypto/mlx5/mlx5_crypto_xts.c |  53 ++++++++++++-
 4 files changed, 148 insertions(+), 55 deletions(-)

diff --git a/drivers/crypto/mlx5/mlx5_crypto.h 
b/drivers/crypto/mlx5/mlx5_crypto.h
index 76f368ee91..bb5a557a38 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.h
+++ b/drivers/crypto/mlx5/mlx5_crypto.h
@@ -86,6 +86,11 @@ struct mlx5_crypto_session {
        uint32_t dek_id; /**< DEK ID */
 } __rte_packed;
 
+struct mlx5_crypto_dek_ctx {
+       struct rte_crypto_sym_xform *xform;
+       struct mlx5_crypto_priv *priv;
+};
+
 typedef void *(*mlx5_crypto_mkey_update_t)(struct mlx5_crypto_priv *priv,
                                           struct mlx5_crypto_qp *qp,
                                           uint32_t idx);
@@ -106,7 +111,7 @@ mlx5_crypto_dek_destroy(struct mlx5_crypto_priv *priv,
 
 struct mlx5_crypto_dek *
 mlx5_crypto_dek_prepare(struct mlx5_crypto_priv *priv,
-                       struct rte_crypto_cipher_xform *cipher);
+                       struct rte_crypto_sym_xform *xform);
 
 int
 mlx5_crypto_dek_setup(struct mlx5_crypto_priv *priv);
@@ -120,4 +125,14 @@ mlx5_crypto_xts_init(struct mlx5_crypto_priv *priv);
 int
 mlx5_crypto_gcm_init(struct mlx5_crypto_priv *priv);
 
+int
+mlx5_crypto_dek_fill_xts_attr(struct mlx5_crypto_dek *dek,
+                             struct mlx5_devx_dek_attr *dek_attr,
+                             void *cb_ctx);
+
+int
+mlx5_crypto_dek_fill_gcm_attr(struct mlx5_crypto_dek *dek,
+                             struct mlx5_devx_dek_attr *dek_attr,
+                             void *cb_ctx);
+
 #endif /* MLX5_CRYPTO_H_ */
diff --git a/drivers/crypto/mlx5/mlx5_crypto_dek.c 
b/drivers/crypto/mlx5/mlx5_crypto_dek.c
index 7339ef2bd9..716bcc0545 100644
--- a/drivers/crypto/mlx5/mlx5_crypto_dek.c
+++ b/drivers/crypto/mlx5/mlx5_crypto_dek.c
@@ -13,10 +13,24 @@
 #include "mlx5_crypto_utils.h"
 #include "mlx5_crypto.h"
 
-struct mlx5_crypto_dek_ctx {
-       struct rte_crypto_cipher_xform *cipher;
-       struct mlx5_crypto_priv *priv;
-};
+static int
+mlx5_crypto_dek_get_key(struct rte_crypto_sym_xform *xform,
+                       const uint8_t **key,
+                       uint16_t *key_len)
+{
+       if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
+               *key = xform->cipher.key.data;
+               *key_len = xform->cipher.key.length;
+       } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
+               *key = xform->aead.key.data;
+               *key_len = xform->aead.key.length;
+       } else {
+               DRV_LOG(ERR, "Xform dek type not supported.");
+               rte_errno = -EINVAL;
+               return -1;
+       }
+       return 0;
+}
 
 int
 mlx5_crypto_dek_destroy(struct mlx5_crypto_priv *priv,
@@ -27,19 +41,22 @@ mlx5_crypto_dek_destroy(struct mlx5_crypto_priv *priv,
 
 struct mlx5_crypto_dek *
 mlx5_crypto_dek_prepare(struct mlx5_crypto_priv *priv,
-                       struct rte_crypto_cipher_xform *cipher)
+                       struct rte_crypto_sym_xform *xform)
 {
+       const uint8_t *key;
+       uint16_t key_len;
        struct mlx5_hlist *dek_hlist = priv->dek_hlist;
        struct mlx5_crypto_dek_ctx dek_ctx = {
-               .cipher = cipher,
+               .xform = xform,
                .priv = priv,
        };
-       struct rte_crypto_cipher_xform *cipher_ctx = cipher;
-       uint64_t key64 = __rte_raw_cksum(cipher_ctx->key.data,
-                                        cipher_ctx->key.length, 0);
-       struct mlx5_list_entry *entry = mlx5_hlist_register(dek_hlist,
-                                                            key64, &dek_ctx);
+       uint64_t key64;
+       struct mlx5_list_entry *entry;
 
+       if (mlx5_crypto_dek_get_key(xform, &key, &key_len))
+               return NULL;
+       key64 = __rte_raw_cksum(key, key_len, 0);
+       entry = mlx5_hlist_register(dek_hlist, key64, &dek_ctx);
        return entry == NULL ? NULL :
                             container_of(entry, struct mlx5_crypto_dek, entry);
 }
@@ -76,76 +93,55 @@ mlx5_crypto_dek_match_cb(void *tool_ctx __rte_unused,
                         struct mlx5_list_entry *entry, void *cb_ctx)
 {
        struct mlx5_crypto_dek_ctx *ctx = cb_ctx;
-       struct rte_crypto_cipher_xform *cipher_ctx = ctx->cipher;
+       struct rte_crypto_sym_xform *xform = ctx->xform;
        struct mlx5_crypto_dek *dek =
                        container_of(entry, typeof(*dek), entry);
        uint32_t key_len = dek->size;
+       uint16_t xkey_len;
+       const uint8_t *key;
 
-       if (key_len != cipher_ctx->key.length)
+       if (mlx5_crypto_dek_get_key(xform, &key, &xkey_len))
+               return -1;
+       if (key_len != xkey_len)
                return -1;
-       return memcmp(cipher_ctx->key.data, dek->data, cipher_ctx->key.length);
+       return memcmp(key, dek->data, xkey_len);
 }
 
 static struct mlx5_list_entry *
 mlx5_crypto_dek_create_cb(void *tool_ctx __rte_unused, void *cb_ctx)
 {
        struct mlx5_crypto_dek_ctx *ctx = cb_ctx;
-       struct rte_crypto_cipher_xform *cipher_ctx = ctx->cipher;
+       struct rte_crypto_sym_xform *xform = ctx->xform;
        struct mlx5_crypto_dek *dek = rte_zmalloc(__func__, sizeof(*dek),
                                                  RTE_CACHE_LINE_SIZE);
        struct mlx5_devx_dek_attr dek_attr = {
                .pd = ctx->priv->cdev->pdn,
-               .key_purpose = MLX5_CRYPTO_KEY_PURPOSE_AES_XTS,
-               .has_keytag = 1,
        };
-       bool is_wrapped = ctx->priv->is_wrapped_mode;
+       int ret = -1;
 
        if (dek == NULL) {
                DRV_LOG(ERR, "Failed to allocate dek memory.");
                return NULL;
        }
-       if (is_wrapped) {
-               switch (cipher_ctx->key.length) {
-               case 48:
-                       dek->size = 48;
-                       dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_128b;
-                       break;
-               case 80:
-                       dek->size = 80;
-                       dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_256b;
-                       break;
-               default:
-                       DRV_LOG(ERR, "Wrapped key size not supported.");
-                       return NULL;
-               }
-       } else {
-               switch (cipher_ctx->key.length) {
-               case 32:
-                       dek->size = 40;
-                       dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_128b;
-                       break;
-               case 64:
-                       dek->size = 72;
-                       dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_256b;
-                       break;
-               default:
-                       DRV_LOG(ERR, "Key size not supported.");
-                       return NULL;
-               }
-               memcpy(&dek_attr.key[cipher_ctx->key.length],
-                                               &ctx->priv->keytag, 8);
-       }
-       memcpy(&dek_attr.key, cipher_ctx->key.data, cipher_ctx->key.length);
+       if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
+               ret = mlx5_crypto_dek_fill_xts_attr(dek, &dek_attr, cb_ctx);
+       else if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
+               ret = mlx5_crypto_dek_fill_gcm_attr(dek, &dek_attr, cb_ctx);
+       if (ret)
+               goto fail;
        dek->obj = mlx5_devx_cmd_create_dek_obj(ctx->priv->cdev->ctx,
                                                &dek_attr);
        if (dek->obj == NULL) {
-               rte_free(dek);
-               return NULL;
+               DRV_LOG(ERR, "Failed to create dek obj.");
+               goto fail;
        }
-       memcpy(&dek->data, cipher_ctx->key.data, cipher_ctx->key.length);
        return &dek->entry;
+fail:
+       rte_free(dek);
+       return NULL;
 }
 
+
 static void
 mlx5_crypto_dek_remove_cb(void *tool_ctx __rte_unused,
                          struct mlx5_list_entry *entry)
diff --git a/drivers/crypto/mlx5/mlx5_crypto_gcm.c 
b/drivers/crypto/mlx5/mlx5_crypto_gcm.c
index bd78c6d66b..676bec6b18 100644
--- a/drivers/crypto/mlx5/mlx5_crypto_gcm.c
+++ b/drivers/crypto/mlx5/mlx5_crypto_gcm.c
@@ -27,6 +27,37 @@ static struct rte_cryptodev_capabilities 
mlx5_crypto_gcm_caps[] = {
        }
 };
 
+int
+mlx5_crypto_dek_fill_gcm_attr(struct mlx5_crypto_dek *dek,
+                             struct mlx5_devx_dek_attr *dek_attr,
+                             void *cb_ctx)
+{
+       struct mlx5_crypto_dek_ctx *ctx = cb_ctx;
+       struct rte_crypto_aead_xform *aead_ctx = &ctx->xform->aead;
+
+       if (aead_ctx->algo != RTE_CRYPTO_AEAD_AES_GCM) {
+               DRV_LOG(ERR, "Only AES-GCM algo supported.");
+               return -EINVAL;
+       }
+       dek_attr->key_purpose = MLX5_CRYPTO_KEY_PURPOSE_GCM;
+       switch (aead_ctx->key.length) {
+       case 16:
+               dek->size = 16;
+               dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_128b;
+               break;
+       case 32:
+               dek->size = 32;
+               dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_256b;
+               break;
+       default:
+               DRV_LOG(ERR, "Wrapped key size not supported.");
+               return -EINVAL;
+       }
+       memcpy(&dek_attr->key, aead_ctx->key.data, aead_ctx->key.length);
+       memcpy(&dek->data, aead_ctx->key.data, aead_ctx->key.length);
+       return 0;
+}
+
 int
 mlx5_crypto_gcm_init(struct mlx5_crypto_priv *priv)
 {
diff --git a/drivers/crypto/mlx5/mlx5_crypto_xts.c 
b/drivers/crypto/mlx5/mlx5_crypto_xts.c
index 964d02e6ed..661da5f589 100644
--- a/drivers/crypto/mlx5/mlx5_crypto_xts.c
+++ b/drivers/crypto/mlx5/mlx5_crypto_xts.c
@@ -45,6 +45,57 @@ const struct rte_cryptodev_capabilities mlx5_crypto_caps[] = 
{
        },
 };
 
+int
+mlx5_crypto_dek_fill_xts_attr(struct mlx5_crypto_dek *dek,
+                             struct mlx5_devx_dek_attr *dek_attr,
+                             void *cb_ctx)
+{
+       struct mlx5_crypto_dek_ctx *ctx = cb_ctx;
+       struct rte_crypto_cipher_xform *cipher_ctx = &ctx->xform->cipher;
+       bool is_wrapped = ctx->priv->is_wrapped_mode;
+
+       if (cipher_ctx->algo != RTE_CRYPTO_CIPHER_AES_XTS) {
+               DRV_LOG(ERR, "Only AES-XTS algo supported.");
+               return -EINVAL;
+       }
+       dek_attr->key_purpose = MLX5_CRYPTO_KEY_PURPOSE_AES_XTS;
+       dek_attr->has_keytag = 1;
+       if (is_wrapped) {
+               switch (cipher_ctx->key.length) {
+               case 48:
+                       dek->size = 48;
+                       dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_128b;
+                       break;
+               case 80:
+                       dek->size = 80;
+                       dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_256b;
+                       break;
+               default:
+                       DRV_LOG(ERR, "Wrapped key size not supported.");
+                       return -EINVAL;
+               }
+       } else {
+               switch (cipher_ctx->key.length) {
+               case 32:
+                       dek->size = 40;
+                       dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_128b;
+                       break;
+               case 64:
+                       dek->size = 72;
+                       dek_attr->key_size = MLX5_CRYPTO_KEY_SIZE_256b;
+                       break;
+               default:
+                       DRV_LOG(ERR, "Key size not supported.");
+                       return -EINVAL;
+               }
+               memcpy(&dek_attr->key[cipher_ctx->key.length],
+                                               &ctx->priv->keytag, 8);
+       }
+       memcpy(&dek_attr->key, cipher_ctx->key.data, cipher_ctx->key.length);
+       memcpy(&dek->data, cipher_ctx->key.data, cipher_ctx->key.length);
+       return 0;
+}
+
 static int
 mlx5_crypto_xts_sym_session_configure(struct rte_cryptodev *dev,
                                      struct rte_crypto_sym_xform *xform,
@@ -66,7 +117,7 @@ mlx5_crypto_xts_sym_session_configure(struct rte_cryptodev 
*dev,
                return -ENOTSUP;
        }
        cipher = &xform->cipher;
-       sess_private_data->dek = mlx5_crypto_dek_prepare(priv, cipher);
+       sess_private_data->dek = mlx5_crypto_dek_prepare(priv, xform);
        if (sess_private_data->dek == NULL) {
                DRV_LOG(ERR, "Failed to prepare dek.");
                return -ENOMEM;
-- 
2.25.1

Reply via email to