ivampiresp/Spdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

module/crypto: add AES_XTS support for QAT pmd

Browse Source 
Tests are coming in next patch...

Signed-off-by: paul luse <paul.e.luse@intel.com>
Change-Id: I8b9c80f3ea1d3f59006f802840da52c3c8c46167
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/442
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Reviewed-by: Aleksey Marchuk <alexeymar@mellanox.com>
This commit is contained in:
paul luse 2020-01-31 22:31:37 +00:00 committed by Tomasz Zawadzki
parent f070b78cd1
commit f241068fca
2 changed files with 64 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGELOG.md
View File

@ -19,6 +19,13 @@ library through the `spdk_vmd_init` call.
`--json-ignore-init-errors` command line param has been added to ignore initialization errors `--json-ignore-init-errors` command line param has been added to ignore initialization errors
on JSON config load. on JSON config load.
### crypto
Support for AES_XTS was added for the QAT polled mode driver (pmd). The create RPC
`bdev_crypto_create` has 2 new optional parameters: cipher and key2. Cipher can be either
AES_CBC (default) or AES_XTS. AES_XTS isonly valid when using the QAT polled mode driver.
The key2 parameter is the second key required for AES_XTS.
## v20.01 ## v20.01
### bdev ### bdev

59
module/bdev/crypto/vbdev_crypto.c
View File

@ -130,6 +130,7 @@ uint8_t g_number_of_claimed_volumes = 0;
/* Specific to AES_CBC. */ /* Specific to AES_CBC. */
#define AES_CBC_IV_LENGTH 16 #define AES_CBC_IV_LENGTH 16
#define AES_CBC_KEY_LENGTH 16 #define AES_CBC_KEY_LENGTH 16
#define AES_XTS_KEY_LENGTH 16 /* XTS uses 2 keys, each of this size. */
/* Common for suported devices. */ /* Common for suported devices. */
#define IV_OFFSET (sizeof(struct rte_crypto_op) + \ #define IV_OFFSET (sizeof(struct rte_crypto_op) + \
@ -153,6 +154,8 @@ struct bdev_names {
*/ */
uint8_t *key; /* key per bdev */ uint8_t *key; /* key per bdev */
char *drv_name; /* name of the crypto device driver */ char *drv_name; /* name of the crypto device driver */
char *cipher; /* AES_CBC or AES_XTS */
uint8_t *key2; /* key #2 for AES_XTS, per bdev */
TAILQ_ENTRY(bdev_names) link; TAILQ_ENTRY(bdev_names) link;
}; };
static TAILQ_HEAD(, bdev_names) g_bdev_names = TAILQ_HEAD_INITIALIZER(g_bdev_names); static TAILQ_HEAD(, bdev_names) g_bdev_names = TAILQ_HEAD_INITIALIZER(g_bdev_names);
@ -1431,11 +1434,40 @@ vbdev_crypto_insert_name(const char *bdev_name, const char *vbdev_name,
goto error_invalid_key; goto error_invalid_key;
} }
if (strncmp(cipher, AES_XTS, sizeof(AES_XTS)) == 0) {
/* To please scan-build, input validation makes sure we can't
* have this cipher without providing a key2.
*/
name->cipher = AES_XTS;
assert(key2);
if (strnlen(key2, (AES_XTS_KEY_LENGTH + 1)) != AES_XTS_KEY_LENGTH) {
SPDK_ERRLOG("invalid AES_XTS key length\n");
rc = -EINVAL;
goto error_invalid_key2;
}
name->key2 = strdup(key2);
if (!name->key2) {
SPDK_ERRLOG("could not allocate name->key2\n");
rc = -ENOMEM;
goto error_alloc_key2;
}
} else if (strncmp(cipher, AES_CBC, sizeof(AES_CBC)) == 0) {
name->cipher = AES_CBC;
} else {
SPDK_ERRLOG("Invalid cipher: %s\n", cipher);
rc = -EINVAL;
goto error_cipher;
}
TAILQ_INSERT_TAIL(&g_bdev_names, name, link); TAILQ_INSERT_TAIL(&g_bdev_names, name, link);
return 0; return 0;
/* Error cleanup paths. */ /* Error cleanup paths. */
error_alloc_key2:
error_invalid_key2:
error_cipher:
error_invalid_key: error_invalid_key:
free(name->key); free(name->key);
error_alloc_key: error_alloc_key:
@ -1572,6 +1604,7 @@ vbdev_crypto_finish(void)
free(name->key); free(name->key);
free(name->bdev_name); free(name->bdev_name);
free(name->vbdev_name); free(name->vbdev_name);
free(name->key2);
free(name); free(name);
} }
@ -1690,6 +1723,7 @@ vbdev_crypto_claim(struct spdk_bdev *bdev)
struct vbdev_dev *device; struct vbdev_dev *device;
bool found = false; bool found = false;
int rc = 0; int rc = 0;
void *tmp = NULL;
if (g_number_of_claimed_volumes >= MAX_CRYPTO_VOLUMES) { if (g_number_of_claimed_volumes >= MAX_CRYPTO_VOLUMES) {
SPDK_DEBUGLOG(SPDK_LOG_CRYPTO, "Reached max number of claimed volumes\n"); SPDK_DEBUGLOG(SPDK_LOG_CRYPTO, "Reached max number of claimed volumes\n");
@ -1744,6 +1778,20 @@ vbdev_crypto_claim(struct spdk_bdev *bdev)
spdk_max(spdk_u32log2(bdev->blocklen), bdev->required_alignment); spdk_max(spdk_u32log2(bdev->blocklen), bdev->required_alignment);
SPDK_NOTICELOG("QAT in use: Required alignment set to %u\n", SPDK_NOTICELOG("QAT in use: Required alignment set to %u\n",
vbdev->crypto_bdev.required_alignment); vbdev->crypto_bdev.required_alignment);
if (strcmp(name->cipher, AES_CBC) == 0) {
SPDK_NOTICELOG("QAT using cipher: AES_CBC\n");
} else {
SPDK_NOTICELOG("QAT using cipher: AES_XTS\n");
/* DPDK expects they keys to be concatenated together. */
tmp = realloc(vbdev->key, (AES_XTS_KEY_LENGTH * 2) + 1);
if (tmp == NULL) {
SPDK_ERRLOG("could not reallocate memory for XTS keys\n");
rc = -ENOMEM;
goto error_key_realloc;
}
vbdev->key = tmp;
memcpy(vbdev->key + AES_XTS_KEY_LENGTH, name->key2, AES_XTS_KEY_LENGTH + 1);
}
} else { } else {
vbdev->crypto_bdev.required_alignment = bdev->required_alignment; vbdev->crypto_bdev.required_alignment = bdev->required_alignment;
} }
@ -1816,8 +1864,13 @@ vbdev_crypto_claim(struct spdk_bdev *bdev)
vbdev->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; vbdev->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
vbdev->cipher_xform.cipher.key.data = vbdev->key; vbdev->cipher_xform.cipher.key.data = vbdev->key;
vbdev->cipher_xform.cipher.iv.offset = IV_OFFSET; vbdev->cipher_xform.cipher.iv.offset = IV_OFFSET;
vbdev->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC; if (strcmp(name->cipher, AES_CBC) == 0) {
vbdev->cipher_xform.cipher.key.length = AES_CBC_KEY_LENGTH; vbdev->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
vbdev->cipher_xform.cipher.key.length = AES_CBC_KEY_LENGTH;
} else {
vbdev->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_XTS;
vbdev->cipher_xform.cipher.key.length = AES_XTS_KEY_LENGTH * 2;
}
vbdev->cipher_xform.cipher.iv.length = AES_CBC_IV_LENGTH; vbdev->cipher_xform.cipher.iv.length = AES_CBC_IV_LENGTH;
vbdev->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT; vbdev->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
@ -1867,6 +1920,7 @@ error_open:
TAILQ_REMOVE(&g_vbdev_crypto, vbdev, link); TAILQ_REMOVE(&g_vbdev_crypto, vbdev, link);
spdk_io_device_unregister(vbdev, NULL); spdk_io_device_unregister(vbdev, NULL);
free(vbdev->drv_name); free(vbdev->drv_name);
error_key_realloc:
error_drv_name: error_drv_name:
free(vbdev->key); free(vbdev->key);
error_alloc_key: error_alloc_key:
@ -1901,6 +1955,7 @@ delete_crypto_disk(struct spdk_bdev *bdev, spdk_delete_crypto_complete cb_fn,
free(name->vbdev_name); free(name->vbdev_name);
free(name->drv_name); free(name->drv_name);
free(name->key); free(name->key);
free(name->key2);
free(name); free(name);
break; break;
} }