To work with crypto engines that are marked with wrapped_import_method,
a login session is required.
A crypto login object needs to be created using DevX.
The crypto login object contains:
- The credential pointer.
- The import_KEK pointer to be used for all secured information
communicated in crypto commands (key fields), including the
provided credential in this command.
- The credential secret, wrapped by the import_KEK indicated in
this command. Size includes 8 bytes IV for wrapping.
Added devargs for the required login values:
- wcs_file - path to the file containing the credential.
- import_kek_id - the import KEK pointer.
- credential_id - the credential pointer.
Create the login DevX object in pci_probe function and destroy it in
pci_remove.
Destroying the crypto login object means logout.
Signed-off-by: Shiri Kuzin <shi...@nvidia.com>
Acked-by: Matan Azrad <ma...@nvidia.com>
---
drivers/crypto/mlx5/mlx5_crypto.c | 89 +++++++++++++++++++++++++++++++
drivers/crypto/mlx5/mlx5_crypto.h | 1 +
2 files changed, 90 insertions(+)
diff --git a/drivers/crypto/mlx5/mlx5_crypto.c
b/drivers/crypto/mlx5/mlx5_crypto.c
index f71de5a724..25a435a999 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.c
+++ b/drivers/crypto/mlx5/mlx5_crypto.c
@@ -398,6 +398,87 @@ mlx5_crypto_hw_global_prepare(struct mlx5_crypto_priv
*priv)
return 0;
}
+
+static int
+mlx5_crypto_args_check_handler(const char *key, const char *val, void *opaque)
+{
+ struct mlx5_devx_crypto_login_attr *attr = opaque;
+ unsigned long tmp;
+ FILE *file;
+ int ret;
+
+ if (strcmp(key, "class") == 0)
+ return 0;
+ if (strcmp(key, "wcs_file") == 0) {
+ file = fopen(val, "rb");
+ if (file == NULL) {
+ rte_errno = ENOTSUP;
+ return -rte_errno;
+ }
+ ret = fscanf(file, "%" RTE_STR(MLX5_CRYPTO_CREDENTIAL_SIZE) "s",
+ &attr->credential[0]);
+ if (ret <= 0) {
+ fclose(file);
+ DRV_LOG(ERR, "Failed to read credential from file.");
+ rte_errno = EINVAL;
+ return -rte_errno;
+ }
+ fclose(file);
+ return 0;
+ }
+ errno = 0;
+ tmp = strtoul(val, NULL, 0);
+ if (errno) {
+ DRV_LOG(WARNING, "%s: \"%s\" is an invalid integer.", key, val);
+ return -errno;
+ }
+ if (strcmp(key, "import_kek_id") == 0)
+ attr->session_import_kek_ptr = (uint32_t)tmp;
+ else if (strcmp(key, "credential_id") == 0)
+ attr->credential_pointer = (uint32_t)tmp;
+ else
+ DRV_LOG(WARNING, "Invalid key %s.", key);
+ return 0;
+}
+
+static struct mlx5_devx_obj *
+mlx5_crypto_config_login(struct rte_devargs *devargs,
+ struct ibv_context *ctx)
+{
+ /*
+ * Set credential pointer and session import KEK pointer to a default
+ * value of 0.
+ */
+ struct mlx5_devx_crypto_login_attr attr = {
+ .credential_pointer = 0,
+ .session_import_kek_ptr = 0,
+ };
+ struct rte_kvargs *kvlist;
+
+ if (devargs == NULL) {
+ DRV_LOG(ERR,
+ "No login devargs in order to enable crypto operations in the device.");
+ rte_errno = EINVAL;
+ return NULL;
+ }
+ kvlist = rte_kvargs_parse(devargs->args, NULL);
+ if (kvlist == NULL) {
+ DRV_LOG(ERR, "Failed to parse devargs.");
+ rte_errno = EINVAL;
+ return NULL;
+ }
+ rte_kvargs_process(kvlist, NULL, mlx5_crypto_args_check_handler, &attr);
+ rte_kvargs_free(kvlist);
+ if (attr.credential == NULL) {
+ DRV_LOG(ERR,
+ "No login credential devarg in order to enable crypto operations "
+ "in the device.");
+ rte_errno = EINVAL;
+ return NULL;
+ }
+ return mlx5_devx_cmd_create_crypto_login_obj(ctx, &attr);
+}
+
/**
* DPDK callback to register a PCI device.
*
@@ -419,6 +500,7 @@ mlx5_crypto_pci_probe(struct rte_pci_driver *pci_drv,
struct ibv_device *ibv;
struct rte_cryptodev *crypto_dev;
struct ibv_context *ctx;
+ struct mlx5_devx_obj *login;
struct mlx5_crypto_priv *priv;
struct mlx5_hca_attr attr = { 0 };
struct rte_cryptodev_pmd_init_params init_params = {
@@ -457,6 +539,11 @@ mlx5_crypto_pci_probe(struct rte_pci_driver *pci_drv,
rte_errno = ENOTSUP;
return -ENOTSUP;
}
+ login = mlx5_crypto_config_login(pci_dev->device.devargs, ctx);
+ if (login == NULL) {
+ DRV_LOG(ERR, "Failed to configure login.");
+ return -rte_errno;
+ }
crypto_dev = rte_cryptodev_pmd_create(ibv->name, &pci_dev->device,
&init_params);
if (crypto_dev == NULL) {
@@ -473,6 +560,7 @@ mlx5_crypto_pci_probe(struct rte_pci_driver *pci_drv,
crypto_dev->driver_id = mlx5_crypto_driver_id;
priv = crypto_dev->data->dev_private;
priv->ctx = ctx;
+ priv->login_obj = login;
priv->pci_dev = pci_dev;
priv->crypto_dev = crypto_dev;
if (mlx5_crypto_hw_global_prepare(priv) != 0) {
@@ -513,6 +601,7 @@ mlx5_crypto_pci_remove(struct rte_pci_device *pdev)
mlx5_mr_release_cache(&priv->mr_scache);
mlx5_crypto_hw_global_release(priv);
rte_cryptodev_pmd_destroy(priv->crypto_dev);
+ claim_zero(mlx5_devx_cmd_destroy(priv->login_obj));
claim_zero(mlx5_glue->close_device(priv->ctx));
}
return 0;
diff --git a/drivers/crypto/mlx5/mlx5_crypto.h
b/drivers/crypto/mlx5/mlx5_crypto.h
index 397267d249..0056d9e3e8 100644
--- a/drivers/crypto/mlx5/mlx5_crypto.h
+++ b/drivers/crypto/mlx5/mlx5_crypto.h
@@ -29,6 +29,7 @@ struct mlx5_crypto_priv {
struct mlx5_hlist *dek_hlist; /* Dek hash list. */
struct rte_cryptodev_config dev_config;
struct mlx5_mr_share_cache mr_scache; /* Global shared MR cache. */
+ struct mlx5_devx_obj *login_obj;
};
struct mlx5_crypto_qp {
--
2.21.0
