Using crypto devs requires the user to log in and the supplied DEK to be encrypted with a KEK (keys encryption key). KEK is burned once on the nic, along with credentials for users, and for a user to log in, he is needed to supply his creds wrapped with the KEK. A device comes out of the Mellanox factory with a pre-defined import method for each algorithm. The defined method could be wrapped mode, so the device can be used as described above, or plaintext mode, without the need to log in and wrap supplied DEKs.
Raja Zidane (2): common/mlx5: extend crypto capabilities crypto/mlx5: support plaintext keys doc/guides/cryptodevs/mlx5.rst | 17 ++++++++-- drivers/common/mlx5/mlx5_devx_cmds.c | 13 ++++++-- drivers/common/mlx5/mlx5_devx_cmds.h | 1 + drivers/common/mlx5/mlx5_prm.h | 29 +++++++++++++++++ drivers/crypto/mlx5/mlx5_crypto.c | 43 +++++++++++++++--------- drivers/crypto/mlx5/mlx5_crypto.h | 3 +- drivers/crypto/mlx5/mlx5_crypto_dek.c | 47 +++++++++++++++++++-------- 7 files changed, 117 insertions(+), 36 deletions(-) -- dependant on https://patchwork.dpdk.org/project/dpdk/patch/20220418110516.2105-1-rzid...@nvidia.com/ 2.21.0
