Exemple #1
0
    def test_mlx5_dek_management(self):
        """
        Test crypto login and DEK management APIs.
        The test checks also that invalid actions are not permited, e.g, create
        DEK not in login session.
        """
        try:
            self.pd = PD(self.ctx)
            cred_bytes = struct.pack('!6Q', *self.crypto_details['credential'])
            key = struct.pack('!5Q', *self.crypto_details['wrapped_key'])
            self.dek_init_attr = \
                Mlx5DEKInitAttr(self.pd, key=key,
                                key_size=dve.MLX5DV_CRYPTO_KEY_SIZE_128,
                                key_purpose=dve.MLX5DV_CRYPTO_KEY_PURPOSE_AES_XTS,
                                opaque=DEK_OPAQUE)
            self.verify_create_dek_out_of_login_session()
            self.verify_login_state(dve.MLX5DV_CRYPTO_LOGIN_STATE_NO_LOGIN)

            # Login to crypto session
            self.login_attr = Mlx5CryptoLoginAttr(cred_bytes)
            Mlx5Context.crypto_login(self.ctx, self.login_attr)
            self.verify_login_state(dve.MLX5DV_CRYPTO_LOGIN_STATE_VALID)
            self.verify_login_twice()
            self.dek = Mlx5DEK(self.ctx, self.dek_init_attr)
            self.verify_dek_opaque()
            self.dek.close()

            # Logout from crypto session
            Mlx5Context.crypto_logout(self.ctx)
            self.verify_login_state(dve.MLX5DV_CRYPTO_LOGIN_STATE_NO_LOGIN)
        except PyverbsRDMAError as ex:
            print(ex)
            if ex.error_code == errno.EOPNOTSUPP:
                raise unittest.SkipTest('Create crypto elements is not supported')
            raise ex
Exemple #2
0
 def verify_login_twice(self):
     """
     Verify that when there is already a login session alive the second login
     fails.
     """
     with self.assertRaises(PyverbsRDMAError) as ex:
         Mlx5Context.crypto_login(self.ctx, self.login_attr)
     self.assertEqual(ex.exception.error_code, errno.EEXIST)
Exemple #3
0
 def create_client_dek(self):
     """
     Create DEK using the client resources.
     """
     cred_bytes = struct.pack('!6Q', *self.crypto_details['credential'])
     log_attr = Mlx5CryptoLoginAttr(cred_bytes)
     Mlx5Context.crypto_login(self.client.ctx, log_attr)
     key = struct.pack('!5Q', *self.crypto_details['wrapped_key'])
     if self.key_size == dve.MLX5DV_CRYPTO_KEY_SIZE_256:
         key = struct.pack('!9Q', *self.crypto_details['wrapped_256_bits_key'])
     self.dek_attr = Mlx5DEKInitAttr(self.client.pd, key=key,
                                     key_size=self.key_size,
                                     key_purpose=dve.MLX5DV_CRYPTO_KEY_PURPOSE_AES_XTS)
     self.dek = Mlx5DEK(self.client.ctx, self.dek_attr)