net/mlx5: Accel, Add core TLS support for the Connect-X family
authorTariq Toukan <tariqt@mellanox.com>
Fri, 5 Jul 2019 15:30:14 +0000 (18:30 +0300)
committerDavid S. Miller <davem@davemloft.net>
Fri, 5 Jul 2019 23:29:19 +0000 (16:29 -0700)
Add support for the new TLS implementation of the Connect-X family.
Introduce a new compilation flag MLX5_TLS for it.

Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/ethernet/mellanox/mlx5/core/Kconfig
drivers/net/ethernet/mellanox/mlx5/core/accel/tls.c
drivers/net/ethernet/mellanox/mlx5/core/accel/tls.h

index 6556490d809cc8aa273811ef5e383f242f7177c7..37fef8cd25e35ebf1898911751134cf8ef78a4ad 100644 (file)
@@ -134,10 +134,21 @@ config MLX5_FPGA_TLS
        mlx5_core driver will include the Innova FPGA core and allow building
        sandbox-specific client drivers.
 
+config MLX5_TLS
+       bool "Mellanox Technologies TLS Connect-X support"
+       depends on MLX5_CORE_EN
+       depends on TLS_DEVICE
+       depends on TLS=y || MLX5_CORE=m
+       select MLX5_ACCEL
+       default n
+       help
+       Build TLS support for the Connect-X family of network cards by Mellanox
+       Technologies.
+
 config MLX5_EN_TLS
        bool "TLS cryptography-offload accelaration"
        depends on MLX5_CORE_EN
-       depends on MLX5_FPGA_TLS
+       depends on MLX5_FPGA_TLS || MLX5_TLS
        default y
        help
        Build support for TLS cryptography-offload accelaration in the NIC.
index a2c9eda1ebf578c491f7432005c40c7fd12cfd8c..cab708af34223c8a459a66326adcd21ad972d221 100644 (file)
@@ -35,6 +35,7 @@
 
 #include "accel/tls.h"
 #include "mlx5_core.h"
+#include "lib/mlx5.h"
 
 #ifdef CONFIG_MLX5_FPGA_TLS
 #include "fpga/tls.h"
@@ -63,7 +64,8 @@ int mlx5_accel_tls_resync_rx(struct mlx5_core_dev *mdev, u32 handle, u32 seq,
 
 bool mlx5_accel_is_tls_device(struct mlx5_core_dev *mdev)
 {
-       return mlx5_fpga_is_tls_device(mdev);
+       return mlx5_fpga_is_tls_device(mdev) ||
+               mlx5_accel_is_ktls_device(mdev);
 }
 
 u32 mlx5_accel_tls_device_caps(struct mlx5_core_dev *mdev)
@@ -81,3 +83,41 @@ void mlx5_accel_tls_cleanup(struct mlx5_core_dev *mdev)
        mlx5_fpga_tls_cleanup(mdev);
 }
 #endif
+
+#ifdef CONFIG_MLX5_TLS
+int mlx5_ktls_create_key(struct mlx5_core_dev *mdev,
+                        struct tls_crypto_info *crypto_info,
+                        u32 *p_key_id)
+{
+       u32 sz_bytes;
+       void *key;
+
+       switch (crypto_info->cipher_type) {
+       case TLS_CIPHER_AES_GCM_128: {
+               struct tls12_crypto_info_aes_gcm_128 *info =
+                       (struct tls12_crypto_info_aes_gcm_128 *)crypto_info;
+
+               key      = info->key;
+               sz_bytes = sizeof(info->key);
+               break;
+       }
+       case TLS_CIPHER_AES_GCM_256: {
+               struct tls12_crypto_info_aes_gcm_256 *info =
+                       (struct tls12_crypto_info_aes_gcm_256 *)crypto_info;
+
+               key      = info->key;
+               sz_bytes = sizeof(info->key);
+               break;
+       }
+       default:
+               return -EINVAL;
+       }
+
+       return mlx5_create_encryption_key(mdev, key, sz_bytes, p_key_id);
+}
+
+void mlx5_ktls_destroy_key(struct mlx5_core_dev *mdev, u32 key_id)
+{
+       mlx5_destroy_encryption_key(mdev, key_id);
+}
+#endif
index e5d306ad7f9143b9edba2ece9b536969ffe7c6ff..879321b21616a766e839ba1bc2f179abddda1a8f 100644 (file)
 #include <linux/mlx5/driver.h>
 #include <linux/tls.h>
 
+#ifdef CONFIG_MLX5_TLS
+int mlx5_ktls_create_key(struct mlx5_core_dev *mdev,
+                        struct tls_crypto_info *crypto_info,
+                        u32 *p_key_id);
+void mlx5_ktls_destroy_key(struct mlx5_core_dev *mdev, u32 key_id);
+
+static inline bool mlx5_accel_is_ktls_device(struct mlx5_core_dev *mdev)
+{
+       if (!MLX5_CAP_GEN(mdev, tls))
+               return false;
+
+       if (!MLX5_CAP_GEN(mdev, log_max_dek))
+               return false;
+
+       return MLX5_CAP_TLS(mdev, tls_1_2_aes_gcm_128);
+}
+
+static inline bool mlx5e_ktls_type_check(struct mlx5_core_dev *mdev,
+                                        struct tls_crypto_info *crypto_info)
+{
+       switch (crypto_info->cipher_type) {
+       case TLS_CIPHER_AES_GCM_128:
+               if (crypto_info->version == TLS_1_2_VERSION)
+                       return MLX5_CAP_TLS(mdev,  tls_1_2_aes_gcm_128);
+               break;
+       }
+
+       return false;
+}
+#else
+static inline int
+mlx5_ktls_create_key(struct mlx5_core_dev *mdev,
+                    struct tls_crypto_info *crypto_info,
+                    u32 *p_key_id) { return -ENOTSUPP; }
+static inline void
+mlx5_ktls_destroy_key(struct mlx5_core_dev *mdev, u32 key_id) {}
+
+static inline bool
+mlx5_accel_is_ktls_device(struct mlx5_core_dev *mdev) { return false; }
+static inline bool
+mlx5e_ktls_type_check(struct mlx5_core_dev *mdev,
+                     struct tls_crypto_info *crypto_info) { return false; }
+#endif
+
 #ifdef CONFIG_MLX5_FPGA_TLS
 enum {
        MLX5_ACCEL_TLS_TX = BIT(0),
@@ -83,7 +127,10 @@ static inline void mlx5_accel_tls_del_flow(struct mlx5_core_dev *mdev, u32 swid,
                                           bool direction_sx) { }
 static inline int mlx5_accel_tls_resync_rx(struct mlx5_core_dev *mdev, u32 handle,
                                           u32 seq, u64 rcd_sn) { return 0; }
-static inline bool mlx5_accel_is_tls_device(struct mlx5_core_dev *mdev) { return false; }
+static inline bool mlx5_accel_is_tls_device(struct mlx5_core_dev *mdev)
+{
+       return mlx5_accel_is_ktls_device(mdev);
+}
 static inline u32 mlx5_accel_tls_device_caps(struct mlx5_core_dev *mdev) { return 0; }
 static inline int mlx5_accel_tls_init(struct mlx5_core_dev *mdev) { return 0; }
 static inline void mlx5_accel_tls_cleanup(struct mlx5_core_dev *mdev) { }