From 586add6ef49adb18710b7a6562677e6eb6f7bc29 Mon Sep 17 00:00:00 2001
From: Shiri Kuzin <shirik@nvidia.com>
Date: Tue, 20 Jul 2021 16:09:31 +0300
Subject: [PATCH] crypto/mlx5: add DEK object management

A DEK (Data encryption Key) is an mlx5 HW object which represents
the cipher algorithm key.
The DEKs are used during data encryption/decryption operations.

In symmetric algorithms like AES-XTS, we use the same DEK for both
encryption and decryption.

Use the mlx5 hash-list tool to manage the DEK objects in the PMD.

Provide the compare, create and destroy functions to manage DEKs in
hash-list and introduce an internal API to setup and unset the DEK
management and to prepare and destroy specific DEK object.

The DEK hash-list will be created in dev_configure routine and
destroyed in dev_close routine.

Signed-off-by: Shiri Kuzin <shirik@nvidia.com>
Acked-by: Matan Azrad <matan@nvidia.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
---
 drivers/crypto/mlx5/meson.build       |   1 +
 drivers/crypto/mlx5/mlx5_crypto.h     |  25 ++++
 drivers/crypto/mlx5/mlx5_crypto_dek.c | 160 ++++++++++++++++++++++++++
 3 files changed, 186 insertions(+)
 create mode 100644 drivers/crypto/mlx5/mlx5_crypto_dek.c

diff --git a/drivers/crypto/mlx5/meson.build b/drivers/crypto/mlx5/meson.build
index 4c7bc7379d..1d6e413dd5 100644
--- a/drivers/crypto/mlx5/meson.build
+++ b/drivers/crypto/mlx5/meson.build
@@ -11,6 +11,7 @@ fmt_name = 'mlx5_crypto'
 deps += ['common_mlx5', 'eal', 'cryptodev']
 sources = files(
         'mlx5_crypto.c',
+        'mlx5_crypto_dek.c',
 )
 
 cflags_options = [
diff --git a/drivers/crypto/mlx5/mlx5_crypto.h b/drivers/crypto/mlx5/mlx5_crypto.h
index 6c187b7bc1..3f783fc956 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.h
+++ b/drivers/crypto/mlx5/mlx5_crypto.h
@@ -12,6 +12,9 @@
 
 #include <mlx5_common_utils.h>
 
+#define MLX5_CRYPTO_DEK_HTABLE_SZ (1 << 11)
+#define MLX5_CRYPTO_KEY_LENGTH 80
+
 struct mlx5_crypto_priv {
 	TAILQ_ENTRY(mlx5_crypto_priv) next;
 	struct ibv_context *ctx; /* Device context. */
@@ -20,6 +23,28 @@ struct mlx5_crypto_priv {
 	void *uar; /* User Access Region. */
 	uint32_t pdn; /* Protection Domain number. */
 	struct ibv_pd *pd;
+	struct mlx5_hlist *dek_hlist; /* Dek hash list. */
 };
 
+struct mlx5_crypto_dek {
+	struct mlx5_list_entry entry; /* Pointer to DEK hash list entry. */
+	struct mlx5_devx_obj *obj; /* Pointer to DEK DevX object. */
+	uint8_t data[MLX5_CRYPTO_KEY_LENGTH]; /* DEK key data. */
+	bool size_is_48; /* Whether the key\data size is 48 bytes or not. */
+} __rte_cache_aligned;
+
+int
+mlx5_crypto_dek_destroy(struct mlx5_crypto_priv *priv,
+			struct mlx5_crypto_dek *dek);
+
+struct mlx5_crypto_dek *
+mlx5_crypto_dek_prepare(struct mlx5_crypto_priv *priv,
+			struct rte_crypto_cipher_xform *cipher);
+
+int
+mlx5_crypto_dek_setup(struct mlx5_crypto_priv *priv);
+
+void
+mlx5_crypto_dek_unset(struct mlx5_crypto_priv *priv);
+
 #endif /* MLX5_CRYPTO_H_ */
diff --git a/drivers/crypto/mlx5/mlx5_crypto_dek.c b/drivers/crypto/mlx5/mlx5_crypto_dek.c
new file mode 100644
index 0000000000..67b1fa3819
--- /dev/null
+++ b/drivers/crypto/mlx5/mlx5_crypto_dek.c
@@ -0,0 +1,160 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright (c) 2021 NVIDIA Corporation & Affiliates
+ */
+
+#include <rte_ip.h>
+#include <rte_common.h>
+#include <rte_errno.h>
+#include <rte_log.h>
+
+#include <mlx5_prm.h>
+#include <mlx5_devx_cmds.h>
+
+#include "mlx5_crypto_utils.h"
+#include "mlx5_crypto.h"
+
+struct mlx5_crypto_dek_ctx {
+	struct rte_crypto_cipher_xform *cipher;
+	struct mlx5_crypto_priv *priv;
+};
+
+int
+mlx5_crypto_dek_destroy(struct mlx5_crypto_priv *priv,
+			struct mlx5_crypto_dek *dek)
+{
+	return mlx5_hlist_unregister(priv->dek_hlist, &dek->entry);
+}
+
+struct mlx5_crypto_dek *
+mlx5_crypto_dek_prepare(struct mlx5_crypto_priv *priv,
+			struct rte_crypto_cipher_xform *cipher)
+{
+	struct mlx5_hlist *dek_hlist = priv->dek_hlist;
+	struct mlx5_crypto_dek_ctx dek_ctx = {
+		.cipher = cipher,
+		.priv = priv,
+	};
+	struct rte_crypto_cipher_xform *cipher_ctx = cipher;
+	uint64_t key64 = __rte_raw_cksum(cipher_ctx->key.data,
+					 cipher_ctx->key.length, 0);
+	struct mlx5_list_entry *entry = mlx5_hlist_register(dek_hlist,
+							     key64, &dek_ctx);
+
+	return entry == NULL ? NULL :
+			     container_of(entry, struct mlx5_crypto_dek, entry);
+}
+
+static struct mlx5_list_entry *
+mlx5_crypto_dek_clone_cb(void *tool_ctx __rte_unused,
+			 struct mlx5_list_entry *oentry,
+			 void *cb_ctx __rte_unused)
+{
+	struct mlx5_crypto_dek *entry = rte_zmalloc(__func__, sizeof(*entry),
+						    RTE_CACHE_LINE_SIZE);
+
+	if (!entry) {
+		DRV_LOG(ERR, "Cannot allocate dek resource memory.");
+		rte_errno = ENOMEM;
+		return NULL;
+	}
+	memcpy(entry, oentry, sizeof(*entry));
+	return &entry->entry;
+}
+
+static void
+mlx5_crypto_dek_clone_free_cb(void *tool_ctx __rte_unused,
+			      struct mlx5_list_entry *entry)
+{
+	struct mlx5_crypto_dek *dek = container_of(entry,
+						struct mlx5_crypto_dek, entry);
+
+	rte_free(dek);
+}
+
+static int
+mlx5_crypto_dek_match_cb(void *tool_ctx __rte_unused,
+			 struct mlx5_list_entry *entry, void *cb_ctx)
+{
+	struct mlx5_crypto_dek_ctx *ctx = cb_ctx;
+	struct rte_crypto_cipher_xform *cipher_ctx = ctx->cipher;
+	struct mlx5_crypto_dek *dek =
+			container_of(entry, typeof(*dek), entry);
+	uint32_t key_len = dek->size_is_48 ? 48 : 80;
+
+	if (key_len != cipher_ctx->key.length)
+		return -1;
+	return memcmp(cipher_ctx->key.data, dek->data, key_len);
+}
+
+static struct mlx5_list_entry *
+mlx5_crypto_dek_create_cb(void *tool_ctx __rte_unused, void *cb_ctx)
+{
+	struct mlx5_crypto_dek_ctx *ctx = cb_ctx;
+	struct rte_crypto_cipher_xform *cipher_ctx = ctx->cipher;
+	struct mlx5_crypto_dek *dek = rte_zmalloc(__func__, sizeof(*dek),
+						  RTE_CACHE_LINE_SIZE);
+	struct mlx5_devx_dek_attr dek_attr = {
+		.pd = ctx->priv->pdn,
+		.key_purpose = MLX5_CRYPTO_KEY_PURPOSE_AES_XTS,
+		.has_keytag = 1,
+	};
+
+	if (dek == NULL) {
+		DRV_LOG(ERR, "Failed to allocate dek memory.");
+		return NULL;
+	}
+	switch (cipher_ctx->key.length) {
+	case 48:
+		dek->size_is_48 = true;
+		dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_128b;
+		break;
+	case 80:
+		dek->size_is_48 = false;
+		dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_256b;
+		break;
+	default:
+		DRV_LOG(ERR, "Key size not supported.");
+		return NULL;
+	}
+	memcpy(&dek_attr.key, cipher_ctx->key.data, cipher_ctx->key.length);
+	dek->obj = mlx5_devx_cmd_create_dek_obj(ctx->priv->ctx, &dek_attr);
+	if (dek->obj == NULL) {
+		rte_free(dek);
+		return NULL;
+	}
+	memcpy(&dek->data, cipher_ctx->key.data, cipher_ctx->key.length);
+	return &dek->entry;
+}
+
+static void
+mlx5_crypto_dek_remove_cb(void *tool_ctx __rte_unused,
+			  struct mlx5_list_entry *entry)
+{
+	struct mlx5_crypto_dek *dek =
+		container_of(entry, typeof(*dek), entry);
+
+	claim_zero(mlx5_devx_cmd_destroy(dek->obj));
+	rte_free(dek);
+}
+
+int
+mlx5_crypto_dek_setup(struct mlx5_crypto_priv *priv)
+{
+	priv->dek_hlist = mlx5_hlist_create("dek_hlist",
+				 MLX5_CRYPTO_DEK_HTABLE_SZ,
+				 0, 1, NULL, mlx5_crypto_dek_create_cb,
+				 mlx5_crypto_dek_match_cb,
+				 mlx5_crypto_dek_remove_cb,
+				 mlx5_crypto_dek_clone_cb,
+				 mlx5_crypto_dek_clone_free_cb);
+	if (priv->dek_hlist == NULL)
+		return -1;
+	return 0;
+}
+
+void
+mlx5_crypto_dek_unset(struct mlx5_crypto_priv *priv)
+{
+	mlx5_hlist_destroy(priv->dek_hlist);
+	priv->dek_hlist = NULL;
+}
-- 
2.20.1