104f1690bSHans Petter Selasky /*- 221228c67SHans Petter Selasky * Copyright (c) 2019-2021, Mellanox Technologies, Ltd. All rights reserved. 304f1690bSHans Petter Selasky * 404f1690bSHans Petter Selasky * Redistribution and use in source and binary forms, with or without 504f1690bSHans Petter Selasky * modification, are permitted provided that the following conditions 604f1690bSHans Petter Selasky * are met: 704f1690bSHans Petter Selasky * 1. Redistributions of source code must retain the above copyright 804f1690bSHans Petter Selasky * notice, this list of conditions and the following disclaimer. 904f1690bSHans Petter Selasky * 2. Redistributions in binary form must reproduce the above copyright 1004f1690bSHans Petter Selasky * notice, this list of conditions and the following disclaimer in the 1104f1690bSHans Petter Selasky * documentation and/or other materials provided with the distribution. 1204f1690bSHans Petter Selasky * 1304f1690bSHans Petter Selasky * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS `AS IS' AND 1404f1690bSHans Petter Selasky * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1504f1690bSHans Petter Selasky * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1604f1690bSHans Petter Selasky * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE 1704f1690bSHans Petter Selasky * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 1804f1690bSHans Petter Selasky * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 1904f1690bSHans Petter Selasky * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2004f1690bSHans Petter Selasky * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2104f1690bSHans Petter Selasky * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2204f1690bSHans Petter Selasky * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2304f1690bSHans Petter Selasky * SUCH DAMAGE. 2404f1690bSHans Petter Selasky * 2504f1690bSHans Petter Selasky * $FreeBSD$ 2604f1690bSHans Petter Selasky */ 2704f1690bSHans Petter Selasky 28ee9d634bSKonstantin Belousov #include "opt_rss.h" 29ee9d634bSKonstantin Belousov #include "opt_ratelimit.h" 30ee9d634bSKonstantin Belousov 3104f1690bSHans Petter Selasky #include <linux/kernel.h> 3204f1690bSHans Petter Selasky #include <linux/module.h> 3304f1690bSHans Petter Selasky #include <dev/mlx5/driver.h> 3404f1690bSHans Petter Selasky #include <dev/mlx5/tls.h> 3512c56d7dSHans Petter Selasky #include <dev/mlx5/mlx5_core/mlx5_core.h> 3612c56d7dSHans Petter Selasky #include <dev/mlx5/mlx5_core/transobj.h> 3704f1690bSHans Petter Selasky 3804f1690bSHans Petter Selasky int mlx5_encryption_key_create(struct mlx5_core_dev *mdev, u32 pdn, 3904f1690bSHans Petter Selasky const void *p_key, u32 key_len, u32 *p_obj_id) 4004f1690bSHans Petter Selasky { 4104f1690bSHans Petter Selasky u32 in[MLX5_ST_SZ_DW(create_encryption_key_in)] = {}; 4204f1690bSHans Petter Selasky u32 out[MLX5_ST_SZ_DW(create_encryption_key_out)] = {}; 4304f1690bSHans Petter Selasky u64 general_obj_types; 4404f1690bSHans Petter Selasky int err; 4504f1690bSHans Petter Selasky 4604f1690bSHans Petter Selasky general_obj_types = MLX5_CAP_GEN_64(mdev, general_obj_types); 4704f1690bSHans Petter Selasky if (!(general_obj_types & MLX5_HCA_CAP_GENERAL_OBJ_TYPES_ENCRYPTION_KEY)) 4804f1690bSHans Petter Selasky return -EINVAL; 4904f1690bSHans Petter Selasky 5004f1690bSHans Petter Selasky switch (key_len) { 5104f1690bSHans Petter Selasky case 128 / 8: 5204f1690bSHans Petter Selasky memcpy(MLX5_ADDR_OF(create_encryption_key_in, in, 5304f1690bSHans Petter Selasky encryption_key_object.key[4]), p_key, 128 / 8); 5404f1690bSHans Petter Selasky MLX5_SET(create_encryption_key_in, in, encryption_key_object.pd, pdn); 5504f1690bSHans Petter Selasky MLX5_SET(create_encryption_key_in, in, encryption_key_object.key_size, 5604f1690bSHans Petter Selasky MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_KEY_SIZE_128); 5704f1690bSHans Petter Selasky MLX5_SET(create_encryption_key_in, in, encryption_key_object.key_type, 5804f1690bSHans Petter Selasky MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_DEK); 5904f1690bSHans Petter Selasky break; 6004f1690bSHans Petter Selasky case 256 / 8: 6104f1690bSHans Petter Selasky memcpy(MLX5_ADDR_OF(create_encryption_key_in, in, 6204f1690bSHans Petter Selasky encryption_key_object.key[0]), p_key, 256 / 8); 6304f1690bSHans Petter Selasky MLX5_SET(create_encryption_key_in, in, encryption_key_object.pd, pdn); 6404f1690bSHans Petter Selasky MLX5_SET(create_encryption_key_in, in, encryption_key_object.key_size, 6504f1690bSHans Petter Selasky MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_KEY_SIZE_256); 6604f1690bSHans Petter Selasky MLX5_SET(create_encryption_key_in, in, encryption_key_object.key_type, 6704f1690bSHans Petter Selasky MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_DEK); 6804f1690bSHans Petter Selasky break; 6904f1690bSHans Petter Selasky default: 7004f1690bSHans Petter Selasky return -EINVAL; 7104f1690bSHans Petter Selasky } 7204f1690bSHans Petter Selasky 7304f1690bSHans Petter Selasky MLX5_SET(create_encryption_key_in, in, opcode, MLX5_CMD_OP_CREATE_GENERAL_OBJ); 7404f1690bSHans Petter Selasky MLX5_SET(create_encryption_key_in, in, obj_type, MLX5_GENERAL_OBJECT_TYPES_ENCRYPTION_KEY); 7504f1690bSHans Petter Selasky 7604f1690bSHans Petter Selasky err = mlx5_cmd_exec(mdev, in, sizeof(in), out, sizeof(out)); 7704f1690bSHans Petter Selasky if (err == 0) 7804f1690bSHans Petter Selasky *p_obj_id = MLX5_GET(create_encryption_key_out, out, obj_id); 7904f1690bSHans Petter Selasky 8004f1690bSHans Petter Selasky /* avoid leaking key on the stack */ 8104f1690bSHans Petter Selasky memset(in, 0, sizeof(in)); 8204f1690bSHans Petter Selasky 8304f1690bSHans Petter Selasky return err; 8404f1690bSHans Petter Selasky } 8504f1690bSHans Petter Selasky 8604f1690bSHans Petter Selasky int mlx5_encryption_key_destroy(struct mlx5_core_dev *mdev, u32 oid) 8704f1690bSHans Petter Selasky { 8804f1690bSHans Petter Selasky u32 in[MLX5_ST_SZ_DW(destroy_encryption_key_in)] = {}; 8904f1690bSHans Petter Selasky u32 out[MLX5_ST_SZ_DW(destroy_encryption_key_out)] = {}; 9004f1690bSHans Petter Selasky 9104f1690bSHans Petter Selasky MLX5_SET(destroy_encryption_key_in, in, opcode, MLX5_CMD_OP_DESTROY_GENERAL_OBJ); 9204f1690bSHans Petter Selasky MLX5_SET(destroy_encryption_key_in, in, obj_type, MLX5_GENERAL_OBJECT_TYPES_ENCRYPTION_KEY); 9304f1690bSHans Petter Selasky MLX5_SET(destroy_encryption_key_in, in, obj_id, oid); 9404f1690bSHans Petter Selasky 9504f1690bSHans Petter Selasky return mlx5_cmd_exec(mdev, in, sizeof(in), out, sizeof(out)); 9604f1690bSHans Petter Selasky } 9704f1690bSHans Petter Selasky 9804f1690bSHans Petter Selasky int mlx5_tls_open_tis(struct mlx5_core_dev *mdev, int tc, int tdn, int pdn, u32 *p_tisn) 9904f1690bSHans Petter Selasky { 10004f1690bSHans Petter Selasky u32 in[MLX5_ST_SZ_DW(create_tis_in)] = {}; 10104f1690bSHans Petter Selasky void *tisc = MLX5_ADDR_OF(create_tis_in, in, ctx); 10204f1690bSHans Petter Selasky int err; 10304f1690bSHans Petter Selasky 10404f1690bSHans Petter Selasky MLX5_SET(tisc, tisc, prio, tc); 10504f1690bSHans Petter Selasky MLX5_SET(tisc, tisc, transport_domain, tdn); 10604f1690bSHans Petter Selasky MLX5_SET(tisc, tisc, tls_en, 1); 10704f1690bSHans Petter Selasky MLX5_SET(tisc, tisc, pd, pdn); 10804f1690bSHans Petter Selasky 10904f1690bSHans Petter Selasky err = mlx5_core_create_tis(mdev, in, sizeof(in), p_tisn); 11004f1690bSHans Petter Selasky if (err) 11104f1690bSHans Petter Selasky return (err); 11204f1690bSHans Petter Selasky else if (*p_tisn == 0) 11304f1690bSHans Petter Selasky return (-EINVAL); 11404f1690bSHans Petter Selasky else 11504f1690bSHans Petter Selasky return (0); /* success */ 11604f1690bSHans Petter Selasky } 11704f1690bSHans Petter Selasky 11804f1690bSHans Petter Selasky void mlx5_tls_close_tis(struct mlx5_core_dev *mdev, u32 tisn) 11904f1690bSHans Petter Selasky { 12004f1690bSHans Petter Selasky 121b633e08cSHans Petter Selasky mlx5_core_destroy_tis(mdev, tisn, 0); 12204f1690bSHans Petter Selasky } 12321228c67SHans Petter Selasky 12421228c67SHans Petter Selasky int mlx5_tls_open_tir(struct mlx5_core_dev *mdev, int tdn, int rqtn, u32 *p_tirn) 12521228c67SHans Petter Selasky { 12621228c67SHans Petter Selasky u32 in[MLX5_ST_SZ_DW(create_tir_in)] = {}; 12721228c67SHans Petter Selasky void *tirc = MLX5_ADDR_OF(create_tir_in, in, tir_context); 12821228c67SHans Petter Selasky int err; 12921228c67SHans Petter Selasky 13021228c67SHans Petter Selasky MLX5_SET(tirc, tirc, transport_domain, tdn); 13121228c67SHans Petter Selasky MLX5_SET(tirc, tirc, disp_type, MLX5_TIRC_DISP_TYPE_INDIRECT); 13221228c67SHans Petter Selasky MLX5_SET(tirc, tirc, rx_hash_fn, MLX5_TIRC_RX_HASH_FN_HASH_INVERTED_XOR8); 13321228c67SHans Petter Selasky MLX5_SET(tirc, tirc, indirect_table, rqtn); 13421228c67SHans Petter Selasky MLX5_SET(tirc, tirc, tls_en, 1); 13521228c67SHans Petter Selasky MLX5_SET(tirc, tirc, self_lb_en, 13621228c67SHans Petter Selasky MLX5_TIRC_SELF_LB_EN_ENABLE_UNICAST | 13721228c67SHans Petter Selasky MLX5_TIRC_SELF_LB_EN_ENABLE_MULTICAST); 13821228c67SHans Petter Selasky 13921228c67SHans Petter Selasky err = mlx5_core_create_tir(mdev, in, sizeof(in), p_tirn); 14021228c67SHans Petter Selasky if (err) 14121228c67SHans Petter Selasky return (err); 14221228c67SHans Petter Selasky else if (*p_tirn == 0) 14321228c67SHans Petter Selasky return (-EINVAL); 14421228c67SHans Petter Selasky else 14521228c67SHans Petter Selasky return (0); /* success */ 14621228c67SHans Petter Selasky } 14721228c67SHans Petter Selasky 14821228c67SHans Petter Selasky void mlx5_tls_close_tir(struct mlx5_core_dev *mdev, u32 tirn) 14921228c67SHans Petter Selasky { 15021228c67SHans Petter Selasky mlx5_core_destroy_tir(mdev, tirn, 0); 15121228c67SHans Petter Selasky } 152