|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|
|
NAME | SYNOPSIS | DESCRIPTION | ARGUMENTS | RETURN VALUE | SEE ALSO | AUTHORS | COLOPHON |
|
|
|
mlx5dv_crypto_l...o_login_destroy(3) mlx5dv_crypto_l...o_login_destroy(3)
mlx5dv_crypto_login_create - Creates a crypto login object
mlx5dv_crypto_login_query - Queries the given crypto login object
mlx5dv_crypto_login_destroy - Destroys the given crypto login
object
#include <infiniband/mlx5dv.h>
struct mlx5dv_crypto_login_obj *
mlx5dv_crypto_login_create(struct ibv_context *context,
struct mlx5dv_crypto_login_attr_ex *login_attr);
int mlx5dv_crypto_login_query(struct mlx5dv_crypto_login_obj *crypto_login,
struct mlx5dv_crypto_login_query_attr *query_attr);
int mlx5dv_crypto_login_destroy(struct mlx5dv_crypto_login_obj *crypto_login);
When using a crypto engine that is in wrapped import method, a
valid crypto login object must be provided in order to create and
query wrapped Data Encryption Keys (DEKs).
A valid crypto login object is necessary only to create and query
wrapped DEKs. Existing DEKs that were previously created don’t
need a valid crypto login object in order to be used (in MKey or
during traffic).
mlx5dv_crypto_login_create() creates and returns a crypto login
object with the credential given in login_attr. Only one crypto
login object can be created per device context. The created
crypto login object must be provided to mlx5dv_dek_create() in
order to create wrapped DEKs.
mlx5dv_crypto_login_query() queries the crypto login object
crypto_login and returns the queried attributes in query_attr.
mlx5dv_crypto_login_destroy() destroys the given crypto login
object.
context
The device context that will be associated with the crypto login
object.
login_attr
Crypto extended login attributes specify the credential to login
with and the import KEK to be used for secured communications done
with the crypto login object.
struct mlx5dv_crypto_login_attr_ex {
uint32_t credential_id;
uint32_t import_kek_id;
const void *credential;
size_t credential_len;
uint64_t comp_mask;
};
credential_id
An ID of a credential, from the credentials stored on the
device, that indicates the credential that should be
validated against the credential provided in credential.
import_kek_id
An ID of an import KEK, from the import KEKs stored on the
device, that indicates the import KEK that will be used for
unwrapping the credential provided in credential and also
for all other secured communications done with the crypto
login object.
credential
The credential to login with. Credential is a piece of
data used to authenticate the user for crypto login. The
credential in credential is validated against the
credential indicated by credential_id, which is stored on
the device. The credentials must match in order for the
crypto login to succeed. credential must be provided
wrapped by the AES key wrap algorithm using the import KEK
indicated by import_kek_id. credential format is
ENC(iv_64b + plaintext_credential) where ENC() is AES key
wrap algorithm and iv_64b is 0xA6A6A6A6A6A6A6A6 as per the
NIST SP 800-38F AES key wrap spec, and plaintext_credential
is the credential value stored on the device.
credential_len
The length of the provided credential value in bytes.
comp_mask
Reserved for future extension, must be 0 now.
query_attr
Crypto login attributes to be populated when querying a crypto login
object.
struct mlx5dv_crypto_login_query_attr {
enum mlx5dv_crypto_login_state state;
uint64_t comp_mask;
};
state The state of the crypto login object, can be one of the
following
MLX5DV_CRYPTO_LOGIN_STATE_VALID
The crypto login object is valid and can be used.
MLX5DV_CRYPTO_LOGIN_STATE_INVALID
The crypto login object is invalid and cannot be
used. A valid crypto login object can become
invalid if the credential or the import KEK used in
the crypto login object were deleted while in use
(for example by a crypto officer). In this case,
mlx5dv_crypto_login_destroy() should be called to
destroy the invalid crypto login object and if still
necessary, mlx5dv_crypto_login_create() should be
called to create a new crypto login object with
valid credential and import KEK.
comp_mask
Reserved for future extension, must be 0 now.
mlx5dv_crypto_login_create() returns a pointer to a new valid
struct mlx5dv_crypto_login_obj on success. On error NULL is
returned and errno is set.
mlx5dv_crypto_login_query() returns 0 on success and fills
query_attr with the queried attributes. On error, errno is
returned.
mlx5dv_crypto_login_destroy() returns 0 on success and errno on
error.
mlx5dv_dek_create(3), mlx5dv_query_device(3)
Avihai Horon ⟨avihaih@nvidia.com⟩
This page is part of the rdma-core (RDMA Core Userspace Libraries
and Daemons) project. Information about the project can be found
at ⟨https://github.com/linux-rdma/rdma-core⟩. If you have a bug
report for this manual page, send it to
linux-rdma@vger.kernel.org. This page was obtained from the
project's upstream Git repository
⟨https://github.com/linux-rdma/rdma-core.git⟩ on 2025-08-11. (At
that time, the date of the most recent commit that was found in
the repository was 2025-08-04.) If you discover any rendering
problems in this HTML version of the page, or you believe there is
a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
man-pages@man7.org
mlx5dv_crypto_l...o_login_destroy(3)
Pages that refer to this page: mlx5dv_dek_create(3), mlx5dv_dek_destroy(3), mlx5dv_dek_query(3), mlx5dv_wr_set_mkey_crypto(3)
|
HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH. |
|