mlx5dv_crypto_login_destroy(3)

1mlx5dv_crmylpxt5od_vl_ocgriynp_tcor_elaotgein/_cmrlexa5tdev_/crmylpxt5od_vl_ocgriynp_tqou_elroygi/n_mqluxe5rdyv_/crmylpxt5od_vl_ocgriynp_tdoe_sltorgoiyn(_3d)estroy(3)
2
3
4

NAME

6       mlx5dv_crypto_login_create - Creates a crypto login object
7
8       mlx5dv_crypto_login_query - Queries the given crypto login object
9
10       mlx5dv_crypto_login_destroy - Destroys the given crypto login object
11

SYNOPSIS

13              #include <infiniband/mlx5dv.h>
14
15              struct mlx5dv_crypto_login_obj *
16              mlx5dv_crypto_login_create(struct ibv_context *context,
17                             struct mlx5dv_crypto_login_attr_ex *login_attr);
18
19              int mlx5dv_crypto_login_query(struct mlx5dv_crypto_login_obj *crypto_login,
20                                struct mlx5dv_crypto_login_query_attr *query_attr);
21
22              int mlx5dv_crypto_login_destroy(struct mlx5dv_crypto_login_obj *crypto_login);
23

DESCRIPTION

25       When  using  a  crypto engine that is in wrapped import method, a valid
26       crypto login object must be provided  in  order  to  create  and  query
27       wrapped Data Encryption Keys (DEKs).
28
29       A  valid  crypto  login  object  is  necessary only to create and query
30       wrapped DEKs.  Existing DEKs that were previously created don’t need  a
31       valid  crypto login object in order to be used (in MKey or during traf‐
32       fic).
33
34       mlx5dv_crypto_login_create() creates and returns a crypto login  object
35       with  the credential given in login_attr.  Only one crypto login object
36       can be created per device context.  The  created  crypto  login  object
37       must  be  provided  to  mlx5dv_dek_create()  in order to create wrapped
38       DEKs.
39
40       mlx5dv_crypto_login_query() queries the crypto login object  crypto_lo‐
41       gin and returns the queried attributes in query_attr.
42
43       mlx5dv_crypto_login_destroy() destroys the given crypto login object.
44

ARGUMENTS

46   context
47       The  device  context  that will be associated with the crypto login ob‐
48       ject.
49
50   login_attr
51       Crypto extended login attributes specify the credential to  login  with
52       and  the import KEK to be used for secured communications done with the
53       crypto login object.
54
55              struct mlx5dv_crypto_login_attr_ex {
56                  uint32_t credential_id;
57                  uint32_t import_kek_id;
58                  const void *credential;
59                  size_t credential_len;
60                  uint64_t comp_mask;
61              };
62
63       credential_id
64              An ID of a credential, from the credentials stored  on  the  de‐
65              vice,  that  indicates  the  credential that should be validated
66              against the credential provided in credential.
67
68       import_kek_id
69              An ID of an import KEK, from the import KEKs stored on  the  de‐
70              vice,  that  indicates  the import KEK that will be used for un‐
71              wrapping the credential provided in credential and also for  all
72              other secured communications done with the crypto login object.
73
74       credential
75              The  credential  to  login  with.  Credential is a piece of data
76              used to authenticate the user for crypto login.  The  credential
77              in  credential  is validated against the credential indicated by
78              credential_id, which is stored on the device.   The  credentials
79              must match in order for the crypto login to succeed.  credential
80              must be provided wrapped by the AES key wrap algorithm using the
81              import  KEK  indicated  by  import_kek_id.  credential format is
82              ENC(iv_64b + plaintext_credential) where ENC() is AES  key  wrap
83              algorithm  and  iv_64b  is 0xA6A6A6A6A6A6A6A6 as per the NIST SP
84              800-38F AES key wrap spec, and plaintext_credential is the  cre‐
85              dential value stored on the device.
86
87       credential_len
88              The length of the provided credential value in bytes.
89
90       comp_mask
91              Reserved for future extension, must be 0 now.
92
93   query_attr
94              Crypto login attributes to be populated when querying a crypto login
95              object.
96
97              struct mlx5dv_crypto_login_query_attr {
98                  enum mlx5dv_crypto_login_state state;
99                  uint64_t comp_mask;
100              };
101
102       state  The  state of the crypto login object, can be one of the follow‐
103              ing
104
105              MLX5DV_CRYPTO_LOGIN_STATE_VALID
106                     The crypto login object is valid and can be used.
107
108              MLX5DV_CRYPTO_LOGIN_STATE_INVALID
109                     The crypto login object is invalid and cannot be used.  A
110                     valid  crypto login object can become invalid if the cre‐
111                     dential or the import KEK used in the crypto login object
112                     were  deleted while in use (for example by a crypto offi‐
113                     cer).  In this case, mlx5dv_crypto_login_destroy() should
114                     be  called to destroy the invalid crypto login object and
115                     if still necessary,  mlx5dv_crypto_login_create()  should
116                     be  called to create a new crypto login object with valid
117                     credential and import KEK.
118
119       comp_mask
120              Reserved for future extension, must be 0 now.
121

RETURN VALUE

123       mlx5dv_crypto_login_create() returns a pointer to a  new  valid  struct
124       mlx5dv_crypto_login_obj  on success.  On error NULL is returned and er‐
125       rno is set.
126
127       mlx5dv_crypto_login_query() returns 0 on success and  fills  query_attr
128       with the queried attributes.  On error, errno is returned.
129
130       mlx5dv_crypto_login_destroy() returns 0 on success and errno on error.
131

AUTHORS

136       Avihai Horon <avihaih@nvidia.com>
137
138
139
140mlx5dv_crypto_login_create / mlx5dv_crypto_login_query / mlx5dv_crypto_login_destroy(3)

NAME

SYNOPSIS

DESCRIPTION

ARGUMENTS

RETURN VALUE

SEE ALSO

AUTHORS