1mmllxx55ddvv__ccrryyppttoo__llooggiinn//mmllxx55ddvv__ccrryyppttoo__llooggiinn__qquueerryy__ssttaattee//mmllxx55ddvv__ccrryyppttoo__llooggoouutt((33))
2
3
4

NAME

6       mlx5dv_crypto_login - Creates a crypto login session
7
8       mlx5dv_crypto_login_query_state  -  Queries  the  state  of the current
9       crypto login session
10
11       mlx5dv_crypto_logout - Logs out from the current crypto login session
12

SYNOPSIS

14              #include <infiniband/mlx5dv.h>
15
16              int mlx5dv_crypto_login(struct ibv_context *context,
17                          struct mlx5dv_crypto_login_attr *login_attr);
18
19              int mlx5dv_crypto_login_query_state(struct ibv_context *context,
20                                  enum mlx5dv_crypto_login_state *state);
21
22              int mlx5dv_crypto_logout(struct ibv_context *context);
23

DESCRIPTION

25       When using a crypto engine that is in wrapped import method, an  active
26       crypto  login session must be present in order to create and query Data
27       Encryption Keys (DEKs).
28
29       mlx5dv_crypto_login() Creates a crypto login session with  the  creden‐
30       tial  given in login_attr and associates it with context.  Only one ac‐
31       tive crypto login session can be associated per device context.
32
33       mlx5dv_crypto_login_query_state() queries the state of the crypto login
34       session  associated  with context and returns the state in state, which
35       indicates whether it is valid, invalid or doesn’t exist.  A valid cryp‐
36       to login session can become invalid if the credential or the import KEK
37       used in the crypto login session were deleted during the login  session
38       (for  example  by  a  crypto officer).  In this case, mlx5dv_crypto_lo‐
39       gout() should be called to destroy the  current  invalid  crypto  login
40       session  and if still necessary, mlx5dv_crypto_login() should be called
41       to create a new crypto login session with valid credential  and  import
42       KEK.
43
44       mlx5dv_crypto_logout()  logs  out from the current crypto login session
45       associated with context.
46
47       Existing DEKs that were previously loaded to the device during a crypto
48       login  session don’t need an active crypto login session in order to be
49       used (in MKey or during traffic).
50

ARGUMENTS

52   context
53       The device context to associate the crypto login session with.
54
55   login_attr
56       Crypto login attributes specify the credential to login  with  and  the
57       import  KEK to be used for secured communications during the crypto lo‐
58       gin session.
59
60              struct mlx5dv_crypto_login_attr {
61                  uint32_t credential_id;
62                  uint32_t import_kek_id;
63                  char credential[48];
64                  uint64_t comp_mask;
65              };
66
67       credential_id
68              An ID of a credential, from the credentials stored  on  the  de‐
69              vice,  that  indicates  the  credential that should be validated
70              against the credential provided in credential.
71
72       import_kek_id
73              An ID of an import KEK, from the import KEKs stored on  the  de‐
74              vice,  that  indicates  the import KEK that will be used for un‐
75              wrapping the credential provided in credential and also for  all
76              other secured communications during the crypto login session.
77
78       credential
79              The  credential  to login with.  Must be provided wrapped by the
80              AES key wrap algorithm using the import  KEK  indicated  by  im‐
81              port_kek_id.
82
83       comp_mask
84              Reserved For future extension, must be 0 now.
85
86   state
87       Indicates the state of the current crypto login session.  can be one of
88       MLX5DV_CRYPTO_LOGIN_STATE_VALID, MLX5DV_CRYPTO_LOGIN_STATE_NO_LOGIN and
89       MLX5DV_CRYPTO_LOGIN_STATE_INVALID.
90

RETURN VALUE

92       mlx5dv_crypto_login() returns 0 on success and errno value on error.
93
94       mlx5dv_crypto_login_query_state()  returns  0  on  success  and updates
95       state with the queried state.  On error, errno value is returned.
96
97       mlx5dv_crypto_logout() returns 0 on success and errno value on error.
98

ERRORS

100       EEXIST A crypto login session already exists.
101
102       EINVAL Invalid attributes were provided, or one or more of  credential,
103              credential_id and import_kek_id are invalid.
104
105       ENOENT No crypto login session exists.
106

AUTHORS

108       Avihai Horon <avihaih@nvidia.com>
109
110
111
112mlx5dv_crypto_login / mlx5dv_crypto_login_query_state / mlx5dv_crypto_logout(3)
Impressum