From: Leon Romanovsky <leon@kernel.org>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Israel Rukshin <israelr@nvidia.com>,
Bryan Tan <bryantan@vmware.com>, Christoph Hellwig <hch@lst.de>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Jens Axboe <axboe@fb.com>,
Keith Busch <kbusch@kernel.org>,
linux-kernel@vger.kernel.org, linux-nvme@lists.infradead.org,
linux-rdma@vger.kernel.org, linux-trace-kernel@vger.kernel.org,
Masami Hiramatsu <mhiramat@kernel.org>,
Max Gurtovoy <mgurtovoy@nvidia.com>,
netdev@vger.kernel.org, Paolo Abeni <pabeni@redhat.com>,
Saeed Mahameed <saeedm@nvidia.com>,
Sagi Grimberg <sagi@grimberg.me>,
Selvin Xavier <selvin.xavier@broadcom.com>,
Steven Rostedt <rostedt@goodmis.org>,
Vishnu Dasa <vdasa@vmware.com>, Yishai Hadas <yishaih@nvidia.com>
Subject: [PATCH rdma-next 05/13] RDMA/core: Add DEK management API
Date: Mon, 16 Jan 2023 15:05:52 +0200 [thread overview]
Message-ID: <58e678103d910efbe3481d698169af9dadf70d4b.1673873422.git.leon@kernel.org> (raw)
In-Reply-To: <cover.1673873422.git.leon@kernel.org>
From: Israel Rukshin <israelr@nvidia.com>
Add an API to manage Data Encryption Keys (DEKs). The API allows
creating and destroying a DEK. DEKs allow encryption and decryption
of transmitted data and are used in MKeys for crypto operations.
A crypto setter for the MKey configuration API will be added in the
following commit.
Signed-off-by: Israel Rukshin <israelr@nvidia.com>
Reviewed-by: Max Gurtovoy <mgurtovoy@nvidia.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
---
drivers/infiniband/core/device.c | 2 ++
drivers/infiniband/core/verbs.c | 32 +++++++++++++++++++++++++++
include/rdma/crypto.h | 38 ++++++++++++++++++++++++++++++++
include/rdma/ib_verbs.h | 3 +++
4 files changed, 75 insertions(+)
diff --git a/drivers/infiniband/core/device.c b/drivers/infiniband/core/device.c
index a666847bd714..b2016725c3d8 100644
--- a/drivers/infiniband/core/device.c
+++ b/drivers/infiniband/core/device.c
@@ -2615,6 +2615,7 @@ void ib_set_device_ops(struct ib_device *dev, const struct ib_device_ops *ops)
SET_DEVICE_OP(dev_ops, create_ah);
SET_DEVICE_OP(dev_ops, create_counters);
SET_DEVICE_OP(dev_ops, create_cq);
+ SET_DEVICE_OP(dev_ops, create_dek);
SET_DEVICE_OP(dev_ops, create_flow);
SET_DEVICE_OP(dev_ops, create_qp);
SET_DEVICE_OP(dev_ops, create_rwq_ind_table);
@@ -2632,6 +2633,7 @@ void ib_set_device_ops(struct ib_device *dev, const struct ib_device_ops *ops)
SET_DEVICE_OP(dev_ops, destroy_ah);
SET_DEVICE_OP(dev_ops, destroy_counters);
SET_DEVICE_OP(dev_ops, destroy_cq);
+ SET_DEVICE_OP(dev_ops, destroy_dek);
SET_DEVICE_OP(dev_ops, destroy_flow);
SET_DEVICE_OP(dev_ops, destroy_flow_action);
SET_DEVICE_OP(dev_ops, destroy_qp);
diff --git a/drivers/infiniband/core/verbs.c b/drivers/infiniband/core/verbs.c
index 26b021f43ba4..03633d706106 100644
--- a/drivers/infiniband/core/verbs.c
+++ b/drivers/infiniband/core/verbs.c
@@ -2306,6 +2306,38 @@ struct ib_mr *ib_alloc_mr_integrity(struct ib_pd *pd,
}
EXPORT_SYMBOL(ib_alloc_mr_integrity);
+/**
+ * ib_create_dek - Create a DEK (Data Encryption Key) associated with the
+ * specific protection domain.
+ * @pd: The protection domain associated with the DEK.
+ * @attr: The attributes of the DEK.
+ *
+ * Return: Allocated DEK in case of success; IS_ERR() is true in case of an
+ * error, PTR_ERR() returns the error code.
+ */
+struct ib_dek *ib_create_dek(struct ib_pd *pd, struct ib_dek_attr *attr)
+{
+ struct ib_device *device = pd->device;
+
+ if (!device->ops.create_dek || !device->ops.destroy_dek)
+ return ERR_PTR(-EOPNOTSUPP);
+
+ return device->ops.create_dek(pd, attr);
+}
+EXPORT_SYMBOL(ib_create_dek);
+
+/**
+ * ib_destroy_dek - Destroys the specified DEK.
+ * @dek: The DEK to destroy.
+ */
+void ib_destroy_dek(struct ib_dek *dek)
+{
+ struct ib_device *device = dek->pd->device;
+
+ device->ops.destroy_dek(dek);
+}
+EXPORT_SYMBOL(ib_destroy_dek);
+
/* Multicast groups */
static bool is_valid_mcast_lid(struct ib_qp *qp, u16 lid)
diff --git a/include/rdma/crypto.h b/include/rdma/crypto.h
index 4779eacb000e..cdf287c94737 100644
--- a/include/rdma/crypto.h
+++ b/include/rdma/crypto.h
@@ -34,4 +34,42 @@ struct ib_crypto_caps {
u32 max_num_deks;
};
+/**
+ * enum ib_crypto_key_type - Cryptographic key types
+ * @IB_CRYPTO_KEY_TYPE_AES_XTS: Key of type AES-XTS, which can be used when
+ * IB_CRYPTO_AES_XTS is supported.
+ */
+enum ib_crypto_key_type {
+ IB_CRYPTO_KEY_TYPE_AES_XTS,
+};
+
+/**
+ * struct ib_dek_attr - Parameters for DEK (Data Encryption Key)
+ * @key_blob: the key blob that will be used for encryption and decryption of
+ * transmitted data. Actual size and layout of this field depends on the
+ * provided key_type and key_blob_size.
+ * The layout of AES_XTS key is: key1_128b + key2_128b or key1_256b +
+ * key2_256b.
+ * @key_blob_size: size of the key blob in bytes.
+ * @key_type: specific cryptographic key type.
+ */
+struct ib_dek_attr {
+ const void *key_blob;
+ u32 key_blob_size;
+ enum ib_crypto_key_type key_type;
+};
+
+/**
+ * struct ib_dek - Data Encryption Key
+ * @pd: The protection domain associated with the DEK.
+ * @id: DEK identifier.
+ */
+struct ib_dek {
+ struct ib_pd *pd;
+ u32 id;
+};
+
+struct ib_dek *ib_create_dek(struct ib_pd *pd, struct ib_dek_attr *attr);
+void ib_destroy_dek(struct ib_dek *dek);
+
#endif /* _RDMA_CRYPTO_H_ */
diff --git a/include/rdma/ib_verbs.h b/include/rdma/ib_verbs.h
index 83be7e49c5f7..5fb42d553ca1 100644
--- a/include/rdma/ib_verbs.h
+++ b/include/rdma/ib_verbs.h
@@ -2512,6 +2512,9 @@ struct ib_device_ops {
struct ib_mr *(*alloc_mr_integrity)(struct ib_pd *pd,
u32 max_num_data_sg,
u32 max_num_meta_sg);
+ struct ib_dek *(*create_dek)(struct ib_pd *pd,
+ struct ib_dek_attr *attr);
+ void (*destroy_dek)(struct ib_dek *dek);
int (*advise_mr)(struct ib_pd *pd,
enum ib_uverbs_advise_mr_advice advice, u32 flags,
struct ib_sge *sg_list, u32 num_sge,
--
2.39.0
next prev parent reply other threads:[~2023-01-16 13:07 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-16 13:05 [PATCH rdma-next 00/13] Add RDMA inline crypto support Leon Romanovsky
2023-01-16 13:05 ` [PATCH mlx5-next 01/13] net/mlx5: Introduce crypto IFC bits and structures Leon Romanovsky
2023-01-16 13:05 ` [PATCH mlx5-next 02/13] net/mlx5: Introduce crypto capabilities macro Leon Romanovsky
2023-01-16 13:05 ` [PATCH rdma-next 03/13] RDMA: Split kernel-only create QP flags from uverbs create QP flags Leon Romanovsky
2023-01-16 17:39 ` Jason Gunthorpe
2023-01-17 12:03 ` Leon Romanovsky
2023-01-17 13:49 ` Jason Gunthorpe
2023-01-17 14:14 ` Leon Romanovsky
2023-01-17 14:21 ` Jason Gunthorpe
2023-01-17 14:34 ` Leon Romanovsky
2023-01-16 13:05 ` [PATCH rdma-next 04/13] RDMA/core: Add cryptographic device capabilities Leon Romanovsky
2023-01-16 13:05 ` Leon Romanovsky [this message]
2023-01-16 13:05 ` [PATCH rdma-next 06/13] RDMA/core: Introduce MR type for crypto operations Leon Romanovsky
2023-01-17 19:40 ` Steven Rostedt
2023-01-16 13:05 ` [PATCH rdma-next 07/13] RDMA/core: Add support for creating crypto enabled QPs Leon Romanovsky
2023-01-16 13:05 ` [PATCH rdma-next 08/13] RDMA/mlx5: Add cryptographic device capabilities Leon Romanovsky
2023-01-16 13:05 ` [PATCH rdma-next 09/13] RDMA/mlx5: Add DEK management API Leon Romanovsky
2023-01-16 13:05 ` [PATCH rdma-next 10/13] RDMA/mlx5: Add AES-XTS crypto support Leon Romanovsky
2023-01-16 13:05 ` [PATCH rdma-next 11/13] nvme: Introduce a local variable Leon Romanovsky
2023-01-17 0:32 ` Chaitanya Kulkarni
2023-01-17 11:59 ` Leon Romanovsky
2023-01-16 13:05 ` [PATCH rdma-next 12/13] nvme: Add crypto profile at nvme controller Leon Romanovsky
2023-01-17 0:31 ` Chaitanya Kulkarni
2023-01-17 11:59 ` Leon Romanovsky
2023-01-16 13:06 ` [PATCH rdma-next 13/13] nvme-rdma: Add inline encryption support Leon Romanovsky
2023-01-18 6:47 ` [PATCH rdma-next 00/13] Add RDMA inline crypto support Eric Biggers
2023-01-18 7:14 ` Chaitanya Kulkarni
2023-01-18 7:17 ` Eric Biggers
2023-01-18 8:22 ` Leon Romanovsky
2023-01-18 8:58 ` Israel Rukshin
2023-01-18 7:36 ` Christoph Hellwig
2023-01-18 14:20 ` Max Gurtovoy
2023-01-30 12:35 ` Christoph Hellwig
2023-01-30 14:33 ` Max Gurtovoy
2023-02-14 10:01 ` Sagi Grimberg
2023-01-23 11:27 ` Sagi Grimberg
2023-01-23 12:57 ` Israel Rukshin
2023-01-30 12:36 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=58e678103d910efbe3481d698169af9dadf70d4b.1673873422.git.leon@kernel.org \
--to=leon@kernel.org \
--cc=axboe@fb.com \
--cc=bryantan@vmware.com \
--cc=edumazet@google.com \
--cc=hch@lst.de \
--cc=israelr@nvidia.com \
--cc=jgg@nvidia.com \
--cc=kbusch@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=mgurtovoy@nvidia.com \
--cc=mhiramat@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=rostedt@goodmis.org \
--cc=saeedm@nvidia.com \
--cc=sagi@grimberg.me \
--cc=selvin.xavier@broadcom.com \
--cc=vdasa@vmware.com \
--cc=yishaih@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.