1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright (c) 2021 NVIDIA Corporation & Affiliates 3 */ 4 5 #ifndef MLX5_CRYPTO_H_ 6 #define MLX5_CRYPTO_H_ 7 8 #include <stdbool.h> 9 10 #include <rte_cryptodev.h> 11 #include <cryptodev_pmd.h> 12 13 #include <mlx5_common_utils.h> 14 #include <mlx5_common_devx.h> 15 #include <mlx5_common_mr.h> 16 17 #define MLX5_CRYPTO_DEK_HTABLE_SZ (1 << 11) 18 #define MLX5_CRYPTO_KEY_LENGTH 80 19 #define MLX5_CRYPTO_UMR_WQE_STATIC_SIZE (sizeof(struct mlx5_wqe_cseg) +\ 20 sizeof(struct mlx5_wqe_umr_cseg) +\ 21 sizeof(struct mlx5_wqe_mkey_cseg) +\ 22 sizeof(struct mlx5_wqe_umr_bsf_seg)) 23 #define MLX5_CRYPTO_KLM_SEGS_NUM(umr_wqe_sz) ((umr_wqe_sz -\ 24 MLX5_CRYPTO_UMR_WQE_STATIC_SIZE) /\ 25 MLX5_WSEG_SIZE) 26 #define MLX5_CRYPTO_GCM_MAX_AAD 64 27 #define MLX5_CRYPTO_GCM_MAX_DIGEST 16 28 #define MLX5_CRYPTO_GCM_IPSEC_IV_SIZE 16 29 30 enum mlx5_crypto_mode { 31 MLX5_CRYPTO_FULL_CAPABLE, 32 MLX5_CRYPTO_IPSEC_OPT, 33 }; 34 35 struct __rte_packed_begin mlx5_crypto_ipsec_mem { 36 uint8_t mem[MLX5_CRYPTO_GCM_IPSEC_IV_SIZE]; 37 } __rte_packed_end; 38 39 struct mlx5_crypto_priv { 40 TAILQ_ENTRY(mlx5_crypto_priv) next; 41 struct mlx5_common_device *cdev; /* Backend mlx5 device. */ 42 struct rte_cryptodev *crypto_dev; 43 mlx5_reg_mr_t reg_mr_cb; /* Callback to reg_mr func */ 44 mlx5_dereg_mr_t dereg_mr_cb; /* Callback to dereg_mr func */ 45 struct mlx5_uar uar; /* User Access Region. */ 46 uint32_t max_segs_num; /* Maximum supported data segs. */ 47 uint32_t max_klm_num; /* Maximum supported klm. */ 48 struct mlx5_hlist *dek_hlist; /* Dek hash list. */ 49 const struct rte_cryptodev_capabilities *caps; 50 struct rte_cryptodev_config dev_config; 51 struct mlx5_devx_obj *login_obj; 52 uint64_t keytag; 53 uint16_t wqe_set_size; 54 uint16_t umr_wqe_size; 55 uint16_t umr_wqe_stride; 56 uint16_t max_rdmar_ds; 57 uint32_t is_wrapped_mode:1; 58 enum mlx5_crypto_mode crypto_mode; 59 }; 60 61 struct mlx5_crypto_qp { 62 struct mlx5_crypto_priv *priv; 63 struct mlx5_devx_cq cq_obj; 64 struct mlx5_devx_qp qp_obj; 65 struct mlx5_devx_qp umr_qp_obj; 66 struct rte_cryptodev_stats stats; 67 struct rte_crypto_op **ops; 68 struct mlx5_devx_obj **mkey; /* WQE's indirect mekys. */ 69 struct mlx5_klm *klm_array; 70 union mlx5_gga_crypto_opaque *opaque_addr; 71 struct mlx5_crypto_ipsec_mem *ipsec_mem; 72 struct mlx5_mr_ctrl mr_ctrl; 73 struct mlx5_pmd_mr mr; 74 /* Crypto QP. */ 75 uint8_t *wqe; 76 uint16_t entries_n; 77 uint16_t cq_entries_n; 78 uint16_t reported_ci; 79 uint16_t qp_ci; 80 uint16_t cq_ci; 81 uint16_t pi; 82 uint16_t ci; 83 uint16_t db_pi; 84 /* UMR QP. */ 85 uint8_t *umr_wqe; 86 uint16_t umr_wqbbs; 87 uint16_t umr_pi; 88 uint16_t umr_ci; 89 uint32_t umr_errors; 90 uint16_t last_gga_pi; 91 bool has_umr; 92 uint16_t cpy_tag_op; 93 }; 94 95 struct __rte_cache_aligned mlx5_crypto_dek { 96 struct mlx5_list_entry entry; /* Pointer to DEK hash list entry. */ 97 struct mlx5_devx_obj *obj; /* Pointer to DEK DevX object. */ 98 uint8_t data[MLX5_CRYPTO_KEY_LENGTH]; /* DEK key data. */ 99 uint32_t size; /* key+keytag size. */ 100 }; 101 102 struct mlx5_crypto_devarg_params { 103 bool login_devarg; 104 struct mlx5_devx_crypto_login_attr login_attr; 105 uint64_t keytag; 106 uint32_t max_segs_num; 107 uint32_t is_aes_gcm:1; 108 enum mlx5_crypto_mode crypto_mode; 109 }; 110 111 struct __rte_packed_begin mlx5_crypto_session { 112 union { 113 /**< AES-XTS configuration. */ 114 struct { 115 uint32_t bs_bpt_eo_es; 116 /**< bsf_size, bsf_p_type, encryption_order and encryption standard, 117 * saved in big endian format. 118 */ 119 uint32_t bsp_res; 120 /**< crypto_block_size_pointer and reserved 24 bits saved in big 121 * endian format. 122 */ 123 }; 124 /**< AES-GCM configuration. */ 125 struct { 126 uint32_t mmo_ctrl; 127 /**< Crypto control fields with algo type and op type in big 128 * endian format. 129 */ 130 uint32_t wqe_aad_len; 131 /**< Crypto AAD length field in big endian format. */ 132 uint32_t wqe_tag_len; 133 /**< Crypto tag length field in big endian format. */ 134 uint16_t tag_len; 135 /**< AES-GCM crypto digest size in bytes. */ 136 uint16_t aad_len; 137 /**< The length of the additional authenticated data (AAD) in bytes. */ 138 uint32_t op_type; 139 /**< Operation type. */ 140 }; 141 }; 142 uint32_t iv_offset:16; 143 /**< Starting point for Initialisation Vector. */ 144 uint32_t iv_len; 145 /**< Initialisation Vector length. */ 146 struct mlx5_crypto_dek *dek; /**< Pointer to dek struct. */ 147 uint32_t dek_id; /**< DEK ID */ 148 } __rte_packed_end; 149 150 struct mlx5_crypto_dek_ctx { 151 struct rte_crypto_sym_xform *xform; 152 struct mlx5_crypto_priv *priv; 153 }; 154 155 static __rte_always_inline bool 156 mlx5_crypto_is_ipsec_opt(struct mlx5_crypto_priv *priv) 157 { 158 return priv->crypto_mode == MLX5_CRYPTO_IPSEC_OPT; 159 } 160 161 typedef void *(*mlx5_crypto_mkey_update_t)(struct mlx5_crypto_priv *priv, 162 struct mlx5_crypto_qp *qp, 163 uint32_t idx); 164 165 void 166 mlx5_crypto_indirect_mkeys_release(struct mlx5_crypto_qp *qp, 167 uint16_t n); 168 169 int 170 mlx5_crypto_indirect_mkeys_prepare(struct mlx5_crypto_priv *priv, 171 struct mlx5_crypto_qp *qp, 172 struct mlx5_devx_mkey_attr *attr, 173 mlx5_crypto_mkey_update_t update_cb); 174 175 int 176 mlx5_crypto_dek_destroy(struct mlx5_crypto_priv *priv, 177 struct mlx5_crypto_dek *dek); 178 179 struct mlx5_crypto_dek * 180 mlx5_crypto_dek_prepare(struct mlx5_crypto_priv *priv, 181 struct rte_crypto_sym_xform *xform); 182 183 int 184 mlx5_crypto_dek_setup(struct mlx5_crypto_priv *priv); 185 186 void 187 mlx5_crypto_dek_unset(struct mlx5_crypto_priv *priv); 188 189 int 190 mlx5_crypto_xts_init(struct mlx5_crypto_priv *priv); 191 192 int 193 mlx5_crypto_gcm_init(struct mlx5_crypto_priv *priv); 194 195 int 196 mlx5_crypto_dek_fill_xts_attr(struct mlx5_crypto_dek *dek, 197 struct mlx5_devx_dek_attr *dek_attr, 198 void *cb_ctx); 199 200 int 201 mlx5_crypto_dek_fill_gcm_attr(struct mlx5_crypto_dek *dek, 202 struct mlx5_devx_dek_attr *dek_attr, 203 void *cb_ctx); 204 205 #endif /* MLX5_CRYPTO_H_ */ 206