From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6B309A00C4; Mon, 18 Apr 2022 13:10:29 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 173C5427EB; Mon, 18 Apr 2022 13:10:27 +0200 (CEST) Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2069.outbound.protection.outlook.com [40.107.236.69]) by mails.dpdk.org (Postfix) with ESMTP id 804E1427EA for ; Mon, 18 Apr 2022 13:10:25 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n+QEj72YHg7VD0OKGAQ1Yci4ahhqT/IRGimw+qFFWxVPHznVZkVdR+DSoxeWOobh54UgDXy3ZeEs1RxSI1BarnU3xnL8krDcYomynAHjdnbb05wjeQou21PB7fxGvwlRIsNn8VH6wOCLTRVPoAOJz1Sd3TDXiNPkbkWdwzlXn3piCw8KgfZmDioCtmkat7z3DIXguxKo+8YfGFK/R1dijQgQT7ChWp/7XX7eTUM+zHj4qQiwH42MBexlId+UcaARtr5sL1XhmNi1j7+gXgKKLbYPc0+IYl+YaDNfHDbeZ9XGjA0PdoJdsvYM7bzzNWJza+BLCF2xOtZhustJTvLiWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=us4dLopxZ3O5YZdpqgGW7npPgGS6IOvjB3plrHMR/50=; b=WPRwJWgWFIWyU0fI5900B8cxMGDB8tUAWFpN/mbSIkbUgDhbFyy1TjnxviUfLvcm2BqY+4WxtwxrBjFcSDE0uM2TjVmzrJ1D+jG0s5M5AIbpauc5TcaAC4XMvpq1iYu/wPrWl3R1GzBqZqMyjj7rvVjpP7pPAa0MgEdlhDDAbaJXmfelTjpIcWM4Y1XFnaxaeD6PlhnfVSERdL+dNF8cs0zbiSdLHcEdrHJ/NbStqzJcftOkqWufzjfdskKvUIGo2ufopIRyzetJqgvjTxSQiKWVGXPkhszEpPPaiyzWgcnEW1CD6Hy5JhQips+6JnEkaYCJzHRfRyIspwrWfHHusw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 12.22.5.236) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=us4dLopxZ3O5YZdpqgGW7npPgGS6IOvjB3plrHMR/50=; b=AdDQxywq3p8qJ0RBNLtPWJi8h6ct7Q2v1eMJK9jWg3SOSKV/qkp5Gu961kHt27yQVCwIISEwybEcXEOYFIZeKkhLvx46DCONE3NclOVObqwb6nSwHWwrgierkRd3QWBJAKB6KTdp5uZf6hv4mZqsY2RQEXO26R1SOkvqJ2vQANSm1bsIk6nHOx55pUsQSzCOg8z08urr9VabwtnwyDcmxeHNDr0TOjJdz9WdSd8VFN99FRfgXxNe5R9l73hpi+XG1hZTPzjUOYsPpbLpyQoHOPySna8xHm5hKR+ga8Ncdj9JTl8UXtb24B9bZQuuu6iWw/oS3vri2pctzjzqZtdoLA== Received: from BN0PR03CA0003.namprd03.prod.outlook.com (2603:10b6:408:e6::8) by BN6PR12MB1522.namprd12.prod.outlook.com (2603:10b6:405:11::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.18; Mon, 18 Apr 2022 11:10:23 +0000 Received: from BN8NAM11FT058.eop-nam11.prod.protection.outlook.com (2603:10b6:408:e6:cafe::3c) by BN0PR03CA0003.outlook.office365.com (2603:10b6:408:e6::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20 via Frontend Transport; Mon, 18 Apr 2022 11:10:23 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 12.22.5.236) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 12.22.5.236 as permitted sender) receiver=protection.outlook.com; client-ip=12.22.5.236; helo=mail.nvidia.com; Received: from mail.nvidia.com (12.22.5.236) by BN8NAM11FT058.mail.protection.outlook.com (10.13.177.58) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.5164.19 via Frontend Transport; Mon, 18 Apr 2022 11:10:23 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by DRHQMAIL109.nvidia.com (10.27.9.19) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Mon, 18 Apr 2022 11:10:22 +0000 Received: from nvidia.com (10.126.231.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Mon, 18 Apr 2022 04:10:21 -0700 From: Raja Zidane To: CC: Subject: [PATCH 2/2] crypto/mlx5: support plaintext keys Date: Mon, 18 Apr 2022 14:10:05 +0300 Message-ID: <20220418111005.2291-3-rzidane@nvidia.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20220418111005.2291-1-rzidane@nvidia.com> References: <20220418111005.2291-1-rzidane@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.126.231.35] X-ClientProxiedBy: rnnvmail201.nvidia.com (10.129.68.8) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9b16ead4-0a7c-42e9-5919-08da212c08ee X-MS-TrafficTypeDiagnostic: BN6PR12MB1522:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: xJIRXOuSyT98Hhsb2ysb6uAzLWZrygj/llCO0Y+zMU6Dyd6FYtuOYKNNeVF4tn/3rRP9N6aMVINP3tw575p5cVuOfdmi2uvO4Qs1D97sqItKg4elQTpnweyN40Z9fpvY/EqtwtrfcE+Cq27b+YVaeiB2Xy64gCfnm032kyEXXaRHJaRI9XelSW4nTKRNpD3nAdCg0fz4lVjth2l+Su2rQARnQNRlUJ5Kkqx+cF/gyXm3g3/LOuVaut4ovzxS1Wp0DeKhzs+S8S1Z2K+jggNz8CDQEd9G3pWTsQjNlO8QaJV4I8WG/aY13vrq8zpkLdKQrq32RQhjB3euwWb6c0L8N9wny455sx7jURWuw+nyjDXLiHGGoTiW2cZ3oLqanmtVlI1c53uXw3OHSXPNbNVQ/LuMLlmjYZLpy2BbW8951zEA0dm2b3vfi3RiadnoBADRl6Cd1+Uyz01yZflnCIpSanEXS5m65TH3cLvCGfIc2qsfF9kDzYO3GBIvA87LZDMtKSYlQh/ebqpM039gkbOadHklhNhcZ2yr7iWf8Q+w6zLQ9fd9sspLilpo4CO2ddywrBbzPujVI48wAGoHRcHmCTiiUvjJ8/DuPdXf8G4BsUIqa8M1LTm7X0InuthcA/nM68zuLl9J3nmstWZ5aGbvhDISDm9xv8R1flfKq53KEIfluBMc+iSYILtwYPcqf4Mk8pWwpTBmsZixy1qx63XFUq9zIDJn47MrcC04nfl/AxdGJt89D9ApDKnb3N+qvz3o X-Forefront-Antispam-Report: CIP:12.22.5.236; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:InfoNoRecords; CAT:NONE; SFS:(13230001)(4636009)(46966006)(40470700004)(36840700001)(6916009)(7696005)(83380400001)(16526019)(508600001)(40460700003)(336012)(186003)(426003)(36756003)(36860700001)(86362001)(26005)(55016003)(1076003)(316002)(82310400005)(107886003)(2616005)(6666004)(6286002)(356005)(47076005)(2906002)(30864003)(81166007)(5660300002)(70586007)(4326008)(70206006)(8676002)(8936002)(36900700001)(309714004); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2022 11:10:23.6118 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9b16ead4-0a7c-42e9-5919-08da212c08ee X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[12.22.5.236]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT058.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR12MB1522 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Using crypto devs requires the user to log in and the supplied DEK to be encrypted with a KEK (keys encryption key). KEK is burned once on the nic, along with credentials for users, and for a user to log in, he is needed to supply his creds wrapped with the KEK. A device comes out of the Mellanox factory with a pre-defined import method for each algorithm. The defined method could be wrapped mode, so the device can be used as described above, or plaintext mode, without the need to log in and wrap supplied DEKs. Support crypto operations with the plaintext import method. Signed-off-by: Raja Zidane --- doc/guides/cryptodevs/mlx5.rst | 17 ++++++++-- drivers/crypto/mlx5/mlx5_crypto.c | 43 +++++++++++++++--------- drivers/crypto/mlx5/mlx5_crypto.h | 3 +- drivers/crypto/mlx5/mlx5_crypto_dek.c | 47 +++++++++++++++++++-------- 4 files changed, 76 insertions(+), 34 deletions(-) diff --git a/doc/guides/cryptodevs/mlx5.rst b/doc/guides/cryptodevs/mlx5.rst index ef47aa65dd..93084cc506 100644 --- a/doc/guides/cryptodevs/mlx5.rst +++ b/doc/guides/cryptodevs/mlx5.rst @@ -35,6 +35,10 @@ Configuration See the :ref:`mlx5 common configuration `. +A device comes out of Mellanox factory with pre-defined import methods. +There are two possible import methods: wrapped or plaintext. + +In case the device is in wrapped mode, it needs to be moved to crypto operational mode. In order to move the device to crypto operational mode, credential and KEK (Key Encrypting Key) should be set as the first step. The credential will be used by the software in order to perform crypto login, and the KEK is @@ -89,10 +93,17 @@ The mlxreg dedicated tool should be used as follows: The "wrapped_crypto_operational" value will be "0x00000001" if the mode was successfully changed to operational mode. +On the other hand, in case of plaintext mode, there is no need for all the above, +DEK is passed in plaintext without keytag. + The mlx5 crypto PMD can be verified by running the test application:: + Wrapped mode: + dpdk-test -c 1 -n 1 -w ,class=crypto,wcs_file= + RTE>>cryptodev_mlx5_autotest - dpdk-test -c 1 -n 1 -w ,class=crypto,wcs_file= - RTE>>cryptodev_mlx5_autotest + Plaintext mode: + dpdk-test -c 1 -n 1 -w ,class=crypto + RTE>>cryptodev_mlx5_autotest Driver options @@ -101,7 +112,7 @@ Driver options Please refer to :ref:`mlx5 common options ` for an additional list of options shared with other mlx5 drivers. -- ``wcs_file`` parameter [string] - mandatory +- ``wcs_file`` parameter [string] - mandatory in wrapped mode File path including only the wrapped credential in string format of hexadecimal numbers, represent 48 bytes (8 bytes IV added by the AES key wrap algorithm). diff --git a/drivers/crypto/mlx5/mlx5_crypto.c b/drivers/crypto/mlx5/mlx5_crypto.c index d0901f3b7c..eb7616257e 100644 --- a/drivers/crypto/mlx5/mlx5_crypto.c +++ b/drivers/crypto/mlx5/mlx5_crypto.c @@ -23,13 +23,13 @@ #define MLX5_CRYPTO_MAX_QPS 128 #define MLX5_CRYPTO_MAX_SEGS 56 -#define MLX5_CRYPTO_FEATURE_FLAGS \ +#define MLX5_CRYPTO_FEATURE_FLAGS(wrapped_mode) \ (RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_HW_ACCELERATED | \ RTE_CRYPTODEV_FF_IN_PLACE_SGL | RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT | \ RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | \ RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT | \ RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | \ - RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY | \ + (wrapped_mode ? RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY : 0) | \ RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS) TAILQ_HEAD(mlx5_crypto_privs, mlx5_crypto_priv) mlx5_crypto_priv_list = @@ -95,10 +95,13 @@ static void mlx5_crypto_dev_infos_get(struct rte_cryptodev *dev, struct rte_cryptodev_info *dev_info) { + struct mlx5_crypto_priv *priv = dev->data->dev_private; + RTE_SET_USED(dev); if (dev_info != NULL) { dev_info->driver_id = mlx5_crypto_driver_id; - dev_info->feature_flags = MLX5_CRYPTO_FEATURE_FLAGS; + dev_info->feature_flags = + MLX5_CRYPTO_FEATURE_FLAGS(priv->is_wrapped_mode); dev_info->capabilities = mlx5_crypto_caps; dev_info->max_nb_queue_pairs = MLX5_CRYPTO_MAX_QPS; dev_info->min_mbuf_headroom_req = 0; @@ -767,7 +770,8 @@ mlx5_crypto_args_check_handler(const char *key, const char *val, void *opaque) static int mlx5_crypto_parse_devargs(struct mlx5_kvargs_ctrl *mkvlist, - struct mlx5_crypto_devarg_params *devarg_prms) + struct mlx5_crypto_devarg_params *devarg_prms, + bool wrapped_mode) { struct mlx5_devx_crypto_login_attr *attr = &devarg_prms->login_attr; const char **params = (const char *[]){ @@ -785,6 +789,8 @@ mlx5_crypto_parse_devargs(struct mlx5_kvargs_ctrl *mkvlist, devarg_prms->keytag = 0; devarg_prms->max_segs_num = 8; if (mkvlist == NULL) { + if (!wrapped_mode) + return 0; DRV_LOG(ERR, "No login devargs in order to enable crypto operations in the device."); rte_errno = EINVAL; @@ -796,9 +802,9 @@ mlx5_crypto_parse_devargs(struct mlx5_kvargs_ctrl *mkvlist, rte_errno = EINVAL; return -1; } - if (devarg_prms->login_devarg == false) { + if (devarg_prms->login_devarg == false && wrapped_mode) { DRV_LOG(ERR, - "No login credential devarg in order to enable crypto operations in the device."); + "No login credential devarg in order to enable crypto operations in the device while in wrapped import method."); rte_errno = EINVAL; return -1; } @@ -897,6 +903,7 @@ mlx5_crypto_dev_probe(struct mlx5_common_device *cdev, }; const char *ibdev_name = mlx5_os_get_ctx_device_name(cdev->ctx); int ret; + bool wrapped_mode; if (rte_eal_process_type() != RTE_PROC_PRIMARY) { DRV_LOG(ERR, "Non-primary process type is not supported."); @@ -909,7 +916,8 @@ mlx5_crypto_dev_probe(struct mlx5_common_device *cdev, rte_errno = ENOTSUP; return -ENOTSUP; } - ret = mlx5_crypto_parse_devargs(mkvlist, &devarg_prms); + wrapped_mode = !!cdev->config.hca_attr.crypto_wrapped_import_method; + ret = mlx5_crypto_parse_devargs(mkvlist, &devarg_prms, wrapped_mode); if (ret) { DRV_LOG(ERR, "Failed to parse devargs."); return -rte_errno; @@ -925,25 +933,27 @@ mlx5_crypto_dev_probe(struct mlx5_common_device *cdev, crypto_dev->dev_ops = &mlx5_crypto_ops; crypto_dev->dequeue_burst = mlx5_crypto_dequeue_burst; crypto_dev->enqueue_burst = mlx5_crypto_enqueue_burst; - crypto_dev->feature_flags = MLX5_CRYPTO_FEATURE_FLAGS; + crypto_dev->feature_flags = MLX5_CRYPTO_FEATURE_FLAGS(wrapped_mode); crypto_dev->driver_id = mlx5_crypto_driver_id; priv = crypto_dev->data->dev_private; priv->cdev = cdev; priv->crypto_dev = crypto_dev; + priv->is_wrapped_mode = wrapped_mode; if (mlx5_devx_uar_prepare(cdev, &priv->uar) != 0) { rte_cryptodev_pmd_destroy(priv->crypto_dev); return -1; } - login = mlx5_devx_cmd_create_crypto_login_obj(cdev->ctx, + if (wrapped_mode) { + login = mlx5_devx_cmd_create_crypto_login_obj(cdev->ctx, &devarg_prms.login_attr); - if (login == NULL) { - DRV_LOG(ERR, "Failed to configure login."); - mlx5_devx_uar_release(&priv->uar); - rte_cryptodev_pmd_destroy(priv->crypto_dev); - return -rte_errno; + if (login == NULL) { + DRV_LOG(ERR, "Failed to configure login."); + mlx5_devx_uar_release(&priv->uar); + rte_cryptodev_pmd_destroy(priv->crypto_dev); + return -rte_errno; + } + priv->login_obj = login; } - priv->login_obj = login; - priv->keytag = rte_cpu_to_be_64(devarg_prms.keytag); ret = mlx5_crypto_configure_wqe_size(priv, cdev->config.hca_attr.max_wqe_sz_sq, devarg_prms.max_segs_num); if (ret) { @@ -952,6 +962,7 @@ mlx5_crypto_dev_probe(struct mlx5_common_device *cdev, rte_cryptodev_pmd_destroy(priv->crypto_dev); return -1; } + priv->keytag = rte_cpu_to_be_64(devarg_prms.keytag); DRV_LOG(INFO, "Max number of segments: %u.", (unsigned int)RTE_MIN( MLX5_CRYPTO_KLM_SEGS_NUM(priv->umr_wqe_size), diff --git a/drivers/crypto/mlx5/mlx5_crypto.h b/drivers/crypto/mlx5/mlx5_crypto.h index f04b3d8c20..a2771b3dab 100644 --- a/drivers/crypto/mlx5/mlx5_crypto.h +++ b/drivers/crypto/mlx5/mlx5_crypto.h @@ -38,6 +38,7 @@ struct mlx5_crypto_priv { uint16_t umr_wqe_size; uint16_t umr_wqe_stride; uint16_t max_rdmar_ds; + uint32_t is_wrapped_mode:1; }; struct mlx5_crypto_qp { @@ -59,7 +60,7 @@ struct mlx5_crypto_dek { struct mlx5_list_entry entry; /* Pointer to DEK hash list entry. */ struct mlx5_devx_obj *obj; /* Pointer to DEK DevX object. */ uint8_t data[MLX5_CRYPTO_KEY_LENGTH]; /* DEK key data. */ - bool size_is_48; /* Whether the key\data size is 48 bytes or not. */ + uint32_t size; /* key+keytag size. */ } __rte_cache_aligned; struct mlx5_crypto_devarg_params { diff --git a/drivers/crypto/mlx5/mlx5_crypto_dek.c b/drivers/crypto/mlx5/mlx5_crypto_dek.c index 472ee373aa..7339ef2bd9 100644 --- a/drivers/crypto/mlx5/mlx5_crypto_dek.c +++ b/drivers/crypto/mlx5/mlx5_crypto_dek.c @@ -79,11 +79,11 @@ mlx5_crypto_dek_match_cb(void *tool_ctx __rte_unused, struct rte_crypto_cipher_xform *cipher_ctx = ctx->cipher; struct mlx5_crypto_dek *dek = container_of(entry, typeof(*dek), entry); - uint32_t key_len = dek->size_is_48 ? 48 : 80; + uint32_t key_len = dek->size; if (key_len != cipher_ctx->key.length) return -1; - return memcmp(cipher_ctx->key.data, dek->data, key_len); + return memcmp(cipher_ctx->key.data, dek->data, cipher_ctx->key.length); } static struct mlx5_list_entry * @@ -98,23 +98,42 @@ mlx5_crypto_dek_create_cb(void *tool_ctx __rte_unused, void *cb_ctx) .key_purpose = MLX5_CRYPTO_KEY_PURPOSE_AES_XTS, .has_keytag = 1, }; + bool is_wrapped = ctx->priv->is_wrapped_mode; if (dek == NULL) { DRV_LOG(ERR, "Failed to allocate dek memory."); return NULL; } - switch (cipher_ctx->key.length) { - case 48: - dek->size_is_48 = true; - dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_128b; - break; - case 80: - dek->size_is_48 = false; - dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_256b; - break; - default: - DRV_LOG(ERR, "Key size not supported."); - return NULL; + if (is_wrapped) { + switch (cipher_ctx->key.length) { + case 48: + dek->size = 48; + dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_128b; + break; + case 80: + dek->size = 80; + dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_256b; + break; + default: + DRV_LOG(ERR, "Wrapped key size not supported."); + return NULL; + } + } else { + switch (cipher_ctx->key.length) { + case 32: + dek->size = 40; + dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_128b; + break; + case 64: + dek->size = 72; + dek_attr.key_size = MLX5_CRYPTO_KEY_SIZE_256b; + break; + default: + DRV_LOG(ERR, "Key size not supported."); + return NULL; + } + memcpy(&dek_attr.key[cipher_ctx->key.length], + &ctx->priv->keytag, 8); } memcpy(&dek_attr.key, cipher_ctx->key.data, cipher_ctx->key.length); dek->obj = mlx5_devx_cmd_create_dek_obj(ctx->priv->cdev->ctx, -- 2.21.0