net/mlx5: Add crypto library to support create/destroy encryption key
authorTariq Toukan <tariqt@mellanox.com>
Fri, 5 Jul 2019 15:30:13 +0000 (18:30 +0300)
committerDavid S. Miller <davem@davemloft.net>
Fri, 5 Jul 2019 23:29:19 +0000 (16:29 -0700)
Encryption key create / destroy is done via
CREATE_GENERAL_OBJECT / DESTROY_GENERAL_OBJECT commands.

To be used in downstream patches by TLS API wrappers, to configure
the TIS context with the encryption key.

Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/ethernet/mellanox/mlx5/core/Makefile
drivers/net/ethernet/mellanox/mlx5/core/lib/crypto.c [new file with mode: 0644]
drivers/net/ethernet/mellanox/mlx5/core/lib/mlx5.h

index d3409870646a43f1bca9129076e67bc62bb5e270..5a1ee9ec86599299d9c7f2c278ebdde41263dc70 100644 (file)
@@ -55,7 +55,7 @@ mlx5_core-$(CONFIG_MLX5_CORE_IPOIB) += ipoib/ipoib.o ipoib/ethtool.o ipoib/ipoib
 #
 mlx5_core-$(CONFIG_MLX5_FPGA_IPSEC) += fpga/ipsec.o
 mlx5_core-$(CONFIG_MLX5_FPGA_TLS)   += fpga/tls.o
-mlx5_core-$(CONFIG_MLX5_ACCEL)      += accel/tls.o accel/ipsec.o
+mlx5_core-$(CONFIG_MLX5_ACCEL)      += lib/crypto.o accel/tls.o accel/ipsec.o
 
 mlx5_core-$(CONFIG_MLX5_FPGA) += fpga/cmd.o fpga/core.o fpga/conn.o fpga/sdk.o
 
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/crypto.c b/drivers/net/ethernet/mellanox/mlx5/core/lib/crypto.c
new file mode 100644 (file)
index 0000000..ea9ee88
--- /dev/null
@@ -0,0 +1,72 @@
+// SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
+// Copyright (c) 2019 Mellanox Technologies.
+
+#include "mlx5_core.h"
+
+int mlx5_create_encryption_key(struct mlx5_core_dev *mdev,
+                              void *key, u32 sz_bytes,
+                              u32 *p_key_id)
+{
+       u32 in[MLX5_ST_SZ_DW(create_encryption_key_in)] = {};
+       u32 out[MLX5_ST_SZ_DW(general_obj_out_cmd_hdr)];
+       u32 sz_bits = sz_bytes * BITS_PER_BYTE;
+       u8  general_obj_key_size;
+       u64 general_obj_types;
+       void *obj, *key_p;
+       int err;
+
+       obj = MLX5_ADDR_OF(create_encryption_key_in, in, encryption_key_object);
+       key_p = MLX5_ADDR_OF(encryption_key_obj, obj, key);
+
+       general_obj_types = MLX5_CAP_GEN_64(mdev, general_obj_types);
+       if (!(general_obj_types &
+             MLX5_HCA_CAP_GENERAL_OBJECT_TYPES_ENCRYPTION_KEY))
+               return -EINVAL;
+
+       switch (sz_bits) {
+       case 128:
+               general_obj_key_size =
+                       MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_KEY_SIZE_128;
+               break;
+       case 256:
+               general_obj_key_size =
+                       MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_KEY_SIZE_256;
+               break;
+       default:
+               return -EINVAL;
+       }
+
+       memcpy(key_p, key, sz_bytes);
+
+       MLX5_SET(encryption_key_obj, obj, key_size, general_obj_key_size);
+       MLX5_SET(encryption_key_obj, obj, key_type,
+                MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_DEK);
+       MLX5_SET(general_obj_in_cmd_hdr, in, opcode,
+                MLX5_CMD_OP_CREATE_GENERAL_OBJECT);
+       MLX5_SET(general_obj_in_cmd_hdr, in, obj_type,
+                MLX5_GENERAL_OBJECT_TYPES_ENCRYPTION_KEY);
+       MLX5_SET(encryption_key_obj, obj, pd, mdev->mlx5e_res.pdn);
+
+       err = mlx5_cmd_exec(mdev, in, sizeof(in), out, sizeof(out));
+       if (!err)
+               *p_key_id = MLX5_GET(general_obj_out_cmd_hdr, out, obj_id);
+
+       /* avoid leaking key on the stack */
+       memzero_explicit(in, sizeof(in));
+
+       return err;
+}
+
+void mlx5_destroy_encryption_key(struct mlx5_core_dev *mdev, u32 key_id)
+{
+       u32 in[MLX5_ST_SZ_DW(general_obj_in_cmd_hdr)] = {};
+       u32 out[MLX5_ST_SZ_DW(general_obj_out_cmd_hdr)];
+
+       MLX5_SET(general_obj_in_cmd_hdr, in, opcode,
+                MLX5_CMD_OP_DESTROY_GENERAL_OBJECT);
+       MLX5_SET(general_obj_in_cmd_hdr, in, obj_type,
+                MLX5_GENERAL_OBJECT_TYPES_ENCRYPTION_KEY);
+       MLX5_SET(general_obj_in_cmd_hdr, in, obj_id, key_id);
+
+       mlx5_cmd_exec(mdev, in, sizeof(in), out, sizeof(out));
+}
index d918e44491f468a903186f77676695c9a89b2e6a..b99d469e4e6457e0dda72f42d164e3c0e829c38e 100644 (file)
@@ -79,4 +79,9 @@ struct mlx5_pme_stats {
 void mlx5_get_pme_stats(struct mlx5_core_dev *dev, struct mlx5_pme_stats *stats);
 int mlx5_notifier_call_chain(struct mlx5_events *events, unsigned int event, void *data);
 
+/* Crypto */
+int mlx5_create_encryption_key(struct mlx5_core_dev *mdev,
+                              void *key, u32 sz_bytes, u32 *p_key_id);
+void mlx5_destroy_encryption_key(struct mlx5_core_dev *mdev, u32 key_id);
+
 #endif