From owner-svn-src-head@freebsd.org Thu Dec 5 15:16:21 2019 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D1D161CBE03; Thu, 5 Dec 2019 15:16:21 +0000 (UTC) (envelope-from hselasky@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47TK795yVDz4JY6; Thu, 5 Dec 2019 15:16:21 +0000 (UTC) (envelope-from hselasky@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AF9C91AD25; Thu, 5 Dec 2019 15:16:21 +0000 (UTC) (envelope-from hselasky@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id xB5FGLPE044490; Thu, 5 Dec 2019 15:16:21 GMT (envelope-from hselasky@FreeBSD.org) Received: (from hselasky@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id xB5FGJbT044480; Thu, 5 Dec 2019 15:16:19 GMT (envelope-from hselasky@FreeBSD.org) Message-Id: <201912051516.xB5FGJbT044480@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: hselasky set sender to hselasky@FreeBSD.org using -f From: Hans Petter Selasky Date: Thu, 5 Dec 2019 15:16:19 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r355421 - in head/sys: conf dev/mlx5 dev/mlx5/mlx5_core dev/mlx5/mlx5_en modules/mlx5 X-SVN-Group: head X-SVN-Commit-Author: hselasky X-SVN-Commit-Paths: in head/sys: conf dev/mlx5 dev/mlx5/mlx5_core dev/mlx5/mlx5_en modules/mlx5 X-SVN-Commit-Revision: 355421 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Dec 2019 15:16:21 -0000 Author: hselasky Date: Thu Dec 5 15:16:19 2019 New Revision: 355421 URL: https://svnweb.freebsd.org/changeset/base/355421 Log: Add basic support for TCP/IP based hardware TLS offload to mlx5core. The hardware offload is primarily targeted for TLS v1.2 and v1.3, using AES 128/256 bit pre-shared keys. This patch adds all the needed hardware structures, capabilites and firmware commands. Sponsored by: Mellanox Technologies Added: head/sys/dev/mlx5/mlx5_core/mlx5_tls.c (contents, props changed) head/sys/dev/mlx5/tls.h (contents, props changed) Modified: head/sys/conf/files head/sys/dev/mlx5/device.h head/sys/dev/mlx5/mlx5_core/mlx5_cmd.c head/sys/dev/mlx5/mlx5_core/mlx5_fw.c head/sys/dev/mlx5/mlx5_en/en.h head/sys/dev/mlx5/mlx5_ifc.h head/sys/modules/mlx5/Makefile Modified: head/sys/conf/files ============================================================================== --- head/sys/conf/files Thu Dec 5 15:07:32 2019 (r355420) +++ head/sys/conf/files Thu Dec 5 15:16:19 2019 (r355421) @@ -4756,6 +4756,8 @@ dev/mlx5/mlx5_core/mlx5_rl.c optional mlx5 pci \ compile-with "${OFED_C}" dev/mlx5/mlx5_core/mlx5_srq.c optional mlx5 pci \ compile-with "${OFED_C}" +dev/mlx5/mlx5_core/mlx5_tls.c optional mlx5 pci \ + compile-with "${OFED_C}" dev/mlx5/mlx5_core/mlx5_transobj.c optional mlx5 pci \ compile-with "${OFED_C}" dev/mlx5/mlx5_core/mlx5_uar.c optional mlx5 pci \ Modified: head/sys/dev/mlx5/device.h ============================================================================== --- head/sys/dev/mlx5/device.h Thu Dec 5 15:07:32 2019 (r355420) +++ head/sys/dev/mlx5/device.h Thu Dec 5 15:16:19 2019 (r355421) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2013-2018, Mellanox Technologies, Ltd. All rights reserved. + * Copyright (c) 2013-2019, Mellanox Technologies, Ltd. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -382,6 +382,18 @@ enum { }; enum { + MLX5_OPCODE_MOD_UMR_UMR = 0x0, + MLX5_OPCODE_MOD_UMR_TLS_TIS_STATIC_PARAMS = 0x1, + MLX5_OPCODE_MOD_UMR_TLS_TIR_STATIC_PARAMS = 0x2, +}; + +enum { + MLX5_OPCODE_MOD_PSV_PSV = 0x0, + MLX5_OPCODE_MOD_PSV_TLS_TIS_PROGRESS_PARAMS = 0x1, + MLX5_OPCODE_MOD_PSV_TLS_TIR_PROGRESS_PARAMS = 0x2, +}; + +enum { MLX5_SET_PORT_RESET_QKEY = 0, MLX5_SET_PORT_GUID0 = 16, MLX5_SET_PORT_NODE_GUID = 17, @@ -919,6 +931,10 @@ enum mlx5_cap_type { MLX5_CAP_VECTOR_CALC, MLX5_CAP_QOS, MLX5_CAP_DEBUG, + MLX5_CAP_NVME, + MLX5_CAP_DMC, + MLX5_CAP_DEC, + MLX5_CAP_TLS, /* NUM OF CAP Types */ MLX5_CAP_NUM }; @@ -951,6 +967,9 @@ enum mlx5_mcam_feature_groups { #define MLX5_CAP_GEN(mdev, cap) \ MLX5_GET(cmd_hca_cap, mdev->hca_caps_cur[MLX5_CAP_GENERAL], cap) +#define MLX5_CAP_GEN_64(mdev, cap) \ + MLX5_GET64(cmd_hca_cap, mdev->hca_caps_cur[MLX5_CAP_GENERAL], cap) + #define MLX5_CAP_GEN_MAX(mdev, cap) \ MLX5_GET(cmd_hca_cap, mdev->hca_caps_max[MLX5_CAP_GENERAL], cap) @@ -1075,6 +1094,9 @@ enum mlx5_mcam_feature_groups { #define MLX5_CAP64_FPGA(mdev, cap) \ MLX5_GET64(fpga_cap, (mdev)->caps.fpga, cap) + +#define MLX5_CAP_TLS(mdev, cap) \ + MLX5_GET(tls_capabilities, (mdev)->hca_caps_cur[MLX5_CAP_TLS], cap) enum { MLX5_CMD_STAT_OK = 0x0, Modified: head/sys/dev/mlx5/mlx5_core/mlx5_cmd.c ============================================================================== --- head/sys/dev/mlx5/mlx5_core/mlx5_cmd.c Thu Dec 5 15:07:32 2019 (r355420) +++ head/sys/dev/mlx5/mlx5_core/mlx5_cmd.c Thu Dec 5 15:16:19 2019 (r355421) @@ -361,6 +361,7 @@ static int mlx5_internal_err_ret_value(struct mlx5_cor case MLX5_CMD_OP_MODIFY_FLOW_TABLE: case MLX5_CMD_OP_SET_FLOW_TABLE_ENTRY: case MLX5_CMD_OP_SET_FLOW_TABLE_ROOT: + case MLX5_CMD_OP_DESTROY_GENERAL_OBJ: return MLX5_CMD_STAT_OK; case MLX5_CMD_OP_QUERY_HCA_CAP: @@ -459,6 +460,9 @@ static int mlx5_internal_err_ret_value(struct mlx5_cor case MLX5_CMD_OP_CREATE_FLOW_GROUP: case MLX5_CMD_OP_QUERY_FLOW_GROUP: case MLX5_CMD_OP_QUERY_FLOW_TABLE_ENTRY: + case MLX5_CMD_OP_CREATE_GENERAL_OBJ: + case MLX5_CMD_OP_MODIFY_GENERAL_OBJ: + case MLX5_CMD_OP_QUERY_GENERAL_OBJ: *status = MLX5_DRIVER_STATUS_ABORTED; *synd = MLX5_DRIVER_SYND; return -EIO; @@ -606,6 +610,10 @@ const char *mlx5_command_str(int command) MLX5_COMMAND_STR_CASE(DELETE_FLOW_TABLE_ENTRY); MLX5_COMMAND_STR_CASE(SET_DIAGNOSTICS); MLX5_COMMAND_STR_CASE(QUERY_DIAGNOSTICS); + MLX5_COMMAND_STR_CASE(CREATE_GENERAL_OBJ); + MLX5_COMMAND_STR_CASE(MODIFY_GENERAL_OBJ); + MLX5_COMMAND_STR_CASE(QUERY_GENERAL_OBJ); + MLX5_COMMAND_STR_CASE(DESTROY_GENERAL_OBJ); default: return "unknown command opcode"; } } Modified: head/sys/dev/mlx5/mlx5_core/mlx5_fw.c ============================================================================== --- head/sys/dev/mlx5/mlx5_core/mlx5_fw.c Thu Dec 5 15:07:32 2019 (r355420) +++ head/sys/dev/mlx5/mlx5_core/mlx5_fw.c Thu Dec 5 15:16:19 2019 (r355421) @@ -227,6 +227,12 @@ int mlx5_query_hca_caps(struct mlx5_core_dev *dev) return err; } + if (MLX5_CAP_GEN(dev, tls)) { + err = mlx5_core_get_caps(dev, MLX5_CAP_TLS); + if (err) + return err; + } + err = mlx5_core_query_special_contexts(dev); if (err) return err; Added: head/sys/dev/mlx5/mlx5_core/mlx5_tls.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sys/dev/mlx5/mlx5_core/mlx5_tls.c Thu Dec 5 15:16:19 2019 (r355421) @@ -0,0 +1,120 @@ +/*- + * Copyright (c) 2019, Mellanox Technologies, Ltd. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS `AS IS' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include +#include +#include + +#include "mlx5_core.h" +#include "transobj.h" + +int mlx5_encryption_key_create(struct mlx5_core_dev *mdev, u32 pdn, + const void *p_key, u32 key_len, u32 *p_obj_id) +{ + u32 in[MLX5_ST_SZ_DW(create_encryption_key_in)] = {}; + u32 out[MLX5_ST_SZ_DW(create_encryption_key_out)] = {}; + u64 general_obj_types; + int err; + + general_obj_types = MLX5_CAP_GEN_64(mdev, general_obj_types); + if (!(general_obj_types & MLX5_HCA_CAP_GENERAL_OBJ_TYPES_ENCRYPTION_KEY)) + return -EINVAL; + + switch (key_len) { + case 128 / 8: + memcpy(MLX5_ADDR_OF(create_encryption_key_in, in, + encryption_key_object.key[4]), p_key, 128 / 8); + MLX5_SET(create_encryption_key_in, in, encryption_key_object.pd, pdn); + MLX5_SET(create_encryption_key_in, in, encryption_key_object.key_size, + MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_KEY_SIZE_128); + MLX5_SET(create_encryption_key_in, in, encryption_key_object.key_type, + MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_DEK); + break; + case 256 / 8: + memcpy(MLX5_ADDR_OF(create_encryption_key_in, in, + encryption_key_object.key[0]), p_key, 256 / 8); + MLX5_SET(create_encryption_key_in, in, encryption_key_object.pd, pdn); + MLX5_SET(create_encryption_key_in, in, encryption_key_object.key_size, + MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_KEY_SIZE_256); + MLX5_SET(create_encryption_key_in, in, encryption_key_object.key_type, + MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_DEK); + break; + default: + return -EINVAL; + } + + MLX5_SET(create_encryption_key_in, in, opcode, MLX5_CMD_OP_CREATE_GENERAL_OBJ); + MLX5_SET(create_encryption_key_in, in, obj_type, MLX5_GENERAL_OBJECT_TYPES_ENCRYPTION_KEY); + + err = mlx5_cmd_exec(mdev, in, sizeof(in), out, sizeof(out)); + if (err == 0) + *p_obj_id = MLX5_GET(create_encryption_key_out, out, obj_id); + + /* avoid leaking key on the stack */ + memset(in, 0, sizeof(in)); + + return err; +} + +int mlx5_encryption_key_destroy(struct mlx5_core_dev *mdev, u32 oid) +{ + u32 in[MLX5_ST_SZ_DW(destroy_encryption_key_in)] = {}; + u32 out[MLX5_ST_SZ_DW(destroy_encryption_key_out)] = {}; + + MLX5_SET(destroy_encryption_key_in, in, opcode, MLX5_CMD_OP_DESTROY_GENERAL_OBJ); + MLX5_SET(destroy_encryption_key_in, in, obj_type, MLX5_GENERAL_OBJECT_TYPES_ENCRYPTION_KEY); + MLX5_SET(destroy_encryption_key_in, in, obj_id, oid); + + return mlx5_cmd_exec(mdev, in, sizeof(in), out, sizeof(out)); +} + +int mlx5_tls_open_tis(struct mlx5_core_dev *mdev, int tc, int tdn, int pdn, u32 *p_tisn) +{ + u32 in[MLX5_ST_SZ_DW(create_tis_in)] = {}; + void *tisc = MLX5_ADDR_OF(create_tis_in, in, ctx); + int err; + + MLX5_SET(tisc, tisc, prio, tc); + MLX5_SET(tisc, tisc, transport_domain, tdn); + MLX5_SET(tisc, tisc, tls_en, 1); + MLX5_SET(tisc, tisc, pd, pdn); + + err = mlx5_core_create_tis(mdev, in, sizeof(in), p_tisn); + if (err) + return (err); + else if (*p_tisn == 0) + return (-EINVAL); + else + return (0); /* success */ +} + +void mlx5_tls_close_tis(struct mlx5_core_dev *mdev, u32 tisn) +{ + + mlx5_core_destroy_tis(mdev, tisn); +} Modified: head/sys/dev/mlx5/mlx5_en/en.h ============================================================================== --- head/sys/dev/mlx5/mlx5_en/en.h Thu Dec 5 15:07:32 2019 (r355420) +++ head/sys/dev/mlx5/mlx5_en/en.h Thu Dec 5 15:16:19 2019 (r355421) @@ -1059,6 +1059,17 @@ struct mlx5e_tx_wqe { struct mlx5_wqe_eth_seg eth; }; +struct mlx5e_tx_umr_wqe { + struct mlx5_wqe_ctrl_seg ctrl; + struct mlx5_wqe_umr_ctrl_seg umr; + uint8_t mkc[64]; +}; + +struct mlx5e_tx_psv_wqe { + struct mlx5_wqe_ctrl_seg ctrl; + struct mlx5_seg_set_psv psv; +}; + struct mlx5e_rx_wqe { struct mlx5_wqe_srq_next_seg next; struct mlx5_wqe_data_seg data[]; Modified: head/sys/dev/mlx5/mlx5_ifc.h ============================================================================== --- head/sys/dev/mlx5/mlx5_ifc.h Thu Dec 5 15:07:32 2019 (r355420) +++ head/sys/dev/mlx5/mlx5_ifc.h Thu Dec 5 15:16:19 2019 (r355421) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2013-2017, Mellanox Technologies, Ltd. All rights reserved. + * Copyright (c) 2013-2019, Mellanox Technologies, Ltd. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -63,6 +63,7 @@ enum { MLX5_EVENT_TYPE_NIC_VPORT_CHANGE = 0xd, MLX5_EVENT_TYPE_FPGA_ERROR = 0x20, MLX5_EVENT_TYPE_FPGA_QP_ERROR = 0x21, + MLX5_EVENT_TYPE_CODING_GENERAL_OBJ_EVENT = 0x27, }; enum { @@ -252,6 +253,11 @@ enum { MLX5_CMD_OP_FPGA_QUERY_QP = 0x962, MLX5_CMD_OP_FPGA_DESTROY_QP = 0x963, MLX5_CMD_OP_FPGA_QUERY_QP_COUNTERS = 0x964, + MLX5_CMD_OP_CREATE_GENERAL_OBJ = 0xa00, + MLX5_CMD_OP_MODIFY_GENERAL_OBJ = 0xa01, + MLX5_CMD_OP_QUERY_GENERAL_OBJ = 0xa02, + MLX5_CMD_OP_DESTROY_GENERAL_OBJ = 0xa03, + }; enum { @@ -269,6 +275,23 @@ enum { MLX5_ICMD_CMDS_OPCODE_ICMD_OPCODE_INIT_OCSD = 0xf004 }; +enum { + MLX5_GENERAL_OBJECT_TYPES_ENCRYPTION_KEY = 0xc, +}; + +enum { + MLX5_HCA_CAP_GENERAL_OBJ_TYPES_ENCRYPTION_KEY = 1 << 0xc, +}; + +enum { + MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_KEY_SIZE_128 = 0x0, + MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_KEY_SIZE_256 = 0x1, +}; + +enum { + MLX5_GENERAL_OBJECT_TYPE_ENCRYPTION_KEY_TYPE_DEK = 0x1, +}; + struct mlx5_ifc_flow_table_fields_supported_bits { u8 outer_dmac[0x1]; u8 outer_smac[0x1]; @@ -1268,8 +1291,18 @@ struct mlx5_ifc_cmd_hca_cap_bits { u8 reserved_61[0x3]; u8 log_max_current_uc_list[0x5]; - u8 reserved_62[0x80]; + u8 general_obj_types[0x40]; + u8 reserved_at_440[0x8]; + u8 create_qp_start_hint[0x18]; + + u8 tls[0x1]; + u8 reserved_at_461[0x2]; + u8 log_max_uctx[0x5]; + u8 reserved_at_468[0x3]; + u8 log_max_umem[0x5]; + u8 max_num_eqs[0x10]; + u8 reserved_63[0x3]; u8 log_max_l2_table[0x5]; u8 reserved_64[0x8]; @@ -1287,7 +1320,13 @@ struct mlx5_ifc_cmd_hca_cap_bits { u8 reserved_67[0x10]; u8 log_max_atomic_size_dc[0x8]; - u8 reserved_68[0x1f]; + u8 reserved_at_5a0[0x13]; + u8 log_max_dek[0x5]; + u8 reserved_at_5b8[0x4]; + u8 mini_cqe_resp_stride_index[0x1]; + u8 cqe_128_always[0x1]; + u8 cqe_compression_128b[0x1]; + u8 cqe_compression[0x1]; u8 cqe_compression_timeout[0x10]; @@ -1332,6 +1371,16 @@ struct mlx5_ifc_rx_hash_field_select_bits { u8 selected_fields[0x1e]; }; +struct mlx5_ifc_tls_capabilities_bits { + u8 tls_1_2_aes_gcm_128[0x1]; + u8 tls_1_3_aes_gcm_128[0x1]; + u8 tls_1_2_aes_gcm_256[0x1]; + u8 tls_1_3_aes_gcm_256[0x1]; + u8 reserved_at_4[0x1c]; + + u8 reserved_at_20[0x7e0]; +}; + enum { MLX5_WQ_TYPE_LINKED_LIST = 0x0, MLX5_WQ_TYPE_CYCLIC = 0x1, @@ -2212,7 +2261,8 @@ struct mlx5_ifc_traffic_counter_bits { struct mlx5_ifc_tisc_bits { u8 strict_lag_tx_port_affinity[0x1]; - u8 reserved_at_1[0x3]; + u8 tls_en[0x1]; + u8 reserved_at_2[0x2]; u8 lag_tx_port_affinity[0x04]; u8 reserved_at_8[0x4]; @@ -2227,7 +2277,10 @@ struct mlx5_ifc_tisc_bits { u8 reserved_4[0x8]; u8 underlay_qpn[0x18]; - u8 reserved_5[0x3a0]; + u8 reserved_5[0x8]; + u8 pd[0x18]; + + u8 reserved_6[0x380]; }; enum { @@ -2255,7 +2308,8 @@ struct mlx5_ifc_tirc_bits { u8 reserved_0[0x20]; u8 disp_type[0x4]; - u8 reserved_1[0x1c]; + u8 tls_en[0x1]; + u8 reserved_at_25[0x1b]; u8 reserved_2[0x40]; @@ -2717,6 +2771,7 @@ union mlx5_ifc_hca_cap_union_bits { struct mlx5_ifc_snapshot_cap_bits snapshot_cap; struct mlx5_ifc_debug_cap_bits diagnostic_counters_cap; struct mlx5_ifc_qos_cap_bits qos_cap; + struct mlx5_ifc_tls_capabilities_bits tls_capabilities; u8 reserved_0[0x8000]; }; @@ -5956,6 +6011,24 @@ struct mlx5_ifc_get_dropped_packet_log_in_bits { u8 reserved_2[0x40]; }; +struct mlx5_ifc_encryption_key_obj_bits { + u8 modify_field_select[0x40]; + + u8 reserved_at_40[0x14]; + u8 key_size[0x4]; + u8 reserved_at_58[0x4]; + u8 key_type[0x4]; + + u8 reserved_at_60[0x8]; + u8 pd[0x18]; + + u8 reserved_at_80[0x180]; + + u8 key[8][0x20]; + + u8 reserved_at_300[0x500]; +}; + struct mlx5_ifc_gen_eqe_in_bits { u8 opcode[0x10]; u8 reserved_0[0x10]; @@ -6428,6 +6501,27 @@ struct mlx5_ifc_destroy_flow_group_in_bits { u8 reserved_6[0x120]; }; +struct mlx5_ifc_destroy_encryption_key_out_bits { + u8 status[0x8]; + u8 reserved_at_8[0x18]; + + u8 syndrome[0x20]; + + u8 reserved_at_40[0x40]; +}; + +struct mlx5_ifc_destroy_encryption_key_in_bits { + u8 opcode[0x10]; + u8 reserved_at_10[0x10]; + + u8 reserved_at_20[0x10]; + u8 obj_type[0x10]; + + u8 obj_id[0x20]; + + u8 reserved_at_60[0x20]; +}; + struct mlx5_ifc_destroy_eq_out_bits { u8 status[0x8]; u8 reserved_0[0x18]; @@ -7257,6 +7351,29 @@ struct mlx5_ifc_create_flow_group_in_bits { u8 reserved_10[0xe00]; }; +struct mlx5_ifc_create_encryption_key_out_bits { + u8 status[0x8]; + u8 reserved_at_8[0x18]; + + u8 syndrome[0x20]; + + u8 obj_id[0x20]; + + u8 reserved_at_60[0x20]; +}; + +struct mlx5_ifc_create_encryption_key_in_bits { + u8 opcode[0x10]; + u8 reserved_at_10[0x10]; + + u8 reserved_at_20[0x10]; + u8 obj_type[0x10]; + + u8 reserved_at_40[0x40]; + + struct mlx5_ifc_encryption_key_obj_bits encryption_key_object; +}; + struct mlx5_ifc_create_eq_out_bits { u8 status[0x8]; u8 reserved_0[0x18]; @@ -9744,6 +9861,44 @@ struct mlx5_ifc_mtt_bits { u8 reserved_0[0x6]; u8 wr_en[0x1]; u8 rd_en[0x1]; +}; + +struct mlx5_ifc_tls_progress_params_bits { + u8 valid[0x1]; + u8 reserved_at_1[0x7]; + u8 pd[0x18]; + + u8 next_record_tcp_sn[0x20]; + + u8 hw_resync_tcp_sn[0x20]; + + u8 record_tracker_state[0x2]; + u8 auth_state[0x2]; + u8 reserved_at_64[0x4]; + u8 hw_offset_record_number[0x18]; +}; + +struct mlx5_ifc_tls_static_params_bits { + u8 const_2[0x2]; + u8 tls_version[0x4]; + u8 const_1[0x2]; + u8 reserved_at_8[0x14]; + u8 encryption_standard[0x4]; + + u8 reserved_at_20[0x20]; + + u8 initial_record_number[0x40]; + + u8 resync_tcp_sn[0x20]; + + u8 gcm_iv[0x20]; + + u8 implicit_iv[0x40]; + + u8 reserved_at_100[0x8]; + u8 dek_index[0x18]; + + u8 reserved_at_120[0xe0]; }; /* Vendor Specific Capabilities, VSC */ Added: head/sys/dev/mlx5/tls.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sys/dev/mlx5/tls.h Thu Dec 5 15:16:19 2019 (r355421) @@ -0,0 +1,39 @@ +/*- + * Copyright (c) 2019, Mellanox Technologies, Ltd. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS `AS IS' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef __MLX5_TLS_H__ +#define __MLX5_TLS_H__ + +struct mlx5_core_dev; + +int mlx5_encryption_key_create(struct mlx5_core_dev *mdev, u32 pdn, + const void *p_key, u32 key_len, u32 * p_obj_id); +int mlx5_encryption_key_destroy(struct mlx5_core_dev *mdev, u32 oid); +int mlx5_tls_open_tis(struct mlx5_core_dev *mdev, int tc, int tdn, int pdn, u32 *p_tisn); +void mlx5_tls_close_tis(struct mlx5_core_dev *mdev, u32 tisn); + +#endif /* __MLX5_TLS_H__ */ Modified: head/sys/modules/mlx5/Makefile ============================================================================== --- head/sys/modules/mlx5/Makefile Thu Dec 5 15:07:32 2019 (r355420) +++ head/sys/modules/mlx5/Makefile Thu Dec 5 15:16:19 2019 (r355421) @@ -26,6 +26,7 @@ mlx5_port.c \ mlx5_qp.c \ mlx5_rl.c \ mlx5_srq.c \ +mlx5_tls.c \ mlx5_transobj.c \ mlx5_uar.c \ mlx5_vport.c \