mirror of https://gitee.com/openkylin/linux.git
net/mlx5: Add crypto library to support create/destroy encryption key
Encryption key create / destroy is done via CREATE_GENERAL_OBJECT / DESTROY_GENERAL_OBJECT commands. To be used in downstream patches by TLS API wrappers, to configure the TIS context with the encryption key. Signed-off-by: Tariq Toukan <tariqt@mellanox.com> Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
e2869fb206
commit
45d3b55dc6
|
@ -55,7 +55,7 @@ mlx5_core-$(CONFIG_MLX5_CORE_IPOIB) += ipoib/ipoib.o ipoib/ethtool.o ipoib/ipoib
|
||||||
#
|
#
|
||||||
mlx5_core-$(CONFIG_MLX5_FPGA_IPSEC) += fpga/ipsec.o
|
mlx5_core-$(CONFIG_MLX5_FPGA_IPSEC) += fpga/ipsec.o
|
||||||
mlx5_core-$(CONFIG_MLX5_FPGA_TLS) += fpga/tls.o
|
mlx5_core-$(CONFIG_MLX5_FPGA_TLS) += fpga/tls.o
|
||||||
mlx5_core-$(CONFIG_MLX5_ACCEL) += accel/tls.o accel/ipsec.o
|
mlx5_core-$(CONFIG_MLX5_ACCEL) += lib/crypto.o accel/tls.o accel/ipsec.o
|
||||||
|
|
||||||
mlx5_core-$(CONFIG_MLX5_FPGA) += fpga/cmd.o fpga/core.o fpga/conn.o fpga/sdk.o
|
mlx5_core-$(CONFIG_MLX5_FPGA) += fpga/cmd.o fpga/core.o fpga/conn.o fpga/sdk.o
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,72 @@
|
||||||
|
// SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
|
||||||
|
// Copyright (c) 2019 Mellanox Technologies.
|
||||||
|
|
||||||
|
#include "mlx5_core.h"
|
||||||
|
|
||||||
|
int mlx5_create_encryption_key(struct mlx5_core_dev *mdev,
|
||||||
|
void *key, u32 sz_bytes,
|
||||||
|
u32 *p_key_id)
|
||||||
|
{
|
||||||
|
u32 in[MLX5_ST_SZ_DW(create_encryption_key_in)] = {};
|
||||||
|
u32 out[MLX5_ST_SZ_DW(general_obj_out_cmd_hdr)];
|
||||||
|
u32 sz_bits = sz_bytes * BITS_PER_BYTE;
|
||||||
|
u8 general_obj_key_size;
|
||||||
|
u64 general_obj_types;
|
||||||
|
void *obj, *key_p;
|
||||||
|
int err;
|
||||||
|
|
||||||
|
obj = MLX5_ADDR_OF(create_encryption_key_in, in, encryption_key_object);
|
||||||
|
key_p = MLX5_ADDR_OF(encryption_key_obj, obj, key);
|
||||||
|
|
||||||
|
general_obj_types = MLX5_CAP_GEN_64(mdev, general_obj_types);
|
||||||
|
if (!(general_obj_types &
|
||||||
|
MLX5_HCA_CAP_GENERAL_OBJECT_TYPES_ENCRYPTION_KEY))
|
||||||
|
return -EINVAL;
|
||||||
|
|
||||||
|
switch (sz_bits) {
|
||||||
|
case 128:
|
||||||
|
general_obj_key_size =
|
||||||
|
MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_KEY_SIZE_128;
|
||||||
|
break;
|
||||||
|
case 256:
|
||||||
|
general_obj_key_size =
|
||||||
|
MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_KEY_SIZE_256;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return -EINVAL;
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy(key_p, key, sz_bytes);
|
||||||
|
|
||||||
|
MLX5_SET(encryption_key_obj, obj, key_size, general_obj_key_size);
|
||||||
|
MLX5_SET(encryption_key_obj, obj, key_type,
|
||||||
|
MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_DEK);
|
||||||
|
MLX5_SET(general_obj_in_cmd_hdr, in, opcode,
|
||||||
|
MLX5_CMD_OP_CREATE_GENERAL_OBJECT);
|
||||||
|
MLX5_SET(general_obj_in_cmd_hdr, in, obj_type,
|
||||||
|
MLX5_GENERAL_OBJECT_TYPES_ENCRYPTION_KEY);
|
||||||
|
MLX5_SET(encryption_key_obj, obj, pd, mdev->mlx5e_res.pdn);
|
||||||
|
|
||||||
|
err = mlx5_cmd_exec(mdev, in, sizeof(in), out, sizeof(out));
|
||||||
|
if (!err)
|
||||||
|
*p_key_id = MLX5_GET(general_obj_out_cmd_hdr, out, obj_id);
|
||||||
|
|
||||||
|
/* avoid leaking key on the stack */
|
||||||
|
memzero_explicit(in, sizeof(in));
|
||||||
|
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
void mlx5_destroy_encryption_key(struct mlx5_core_dev *mdev, u32 key_id)
|
||||||
|
{
|
||||||
|
u32 in[MLX5_ST_SZ_DW(general_obj_in_cmd_hdr)] = {};
|
||||||
|
u32 out[MLX5_ST_SZ_DW(general_obj_out_cmd_hdr)];
|
||||||
|
|
||||||
|
MLX5_SET(general_obj_in_cmd_hdr, in, opcode,
|
||||||
|
MLX5_CMD_OP_DESTROY_GENERAL_OBJECT);
|
||||||
|
MLX5_SET(general_obj_in_cmd_hdr, in, obj_type,
|
||||||
|
MLX5_GENERAL_OBJECT_TYPES_ENCRYPTION_KEY);
|
||||||
|
MLX5_SET(general_obj_in_cmd_hdr, in, obj_id, key_id);
|
||||||
|
|
||||||
|
mlx5_cmd_exec(mdev, in, sizeof(in), out, sizeof(out));
|
||||||
|
}
|
|
@ -79,4 +79,9 @@ struct mlx5_pme_stats {
|
||||||
void mlx5_get_pme_stats(struct mlx5_core_dev *dev, struct mlx5_pme_stats *stats);
|
void mlx5_get_pme_stats(struct mlx5_core_dev *dev, struct mlx5_pme_stats *stats);
|
||||||
int mlx5_notifier_call_chain(struct mlx5_events *events, unsigned int event, void *data);
|
int mlx5_notifier_call_chain(struct mlx5_events *events, unsigned int event, void *data);
|
||||||
|
|
||||||
|
/* Crypto */
|
||||||
|
int mlx5_create_encryption_key(struct mlx5_core_dev *mdev,
|
||||||
|
void *key, u32 sz_bytes, u32 *p_key_id);
|
||||||
|
void mlx5_destroy_encryption_key(struct mlx5_core_dev *mdev, u32 key_id);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Reference in New Issue