Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/138414/?format=api
{ "id": 138414, "url": "http://patches.dpdk.org/api/patches/138414/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20240315054213.540-3-vvelumuri@marvell.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20240315054213.540-3-vvelumuri@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20240315054213.540-3-vvelumuri@marvell.com", "date": "2024-03-15T05:42:07", "name": "[v3,2/8] crypto/cnxk: enable sha384 and chachapoly for tls", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "9709f2f6ce4fc3f6436f6025685df07d59051828", "submitter": { "id": 2363, "url": "http://patches.dpdk.org/api/people/2363/?format=api", "name": "Vidya Sagar Velumuri", "email": "vvelumuri@marvell.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20240315054213.540-3-vvelumuri@marvell.com/mbox/", "series": [ { "id": 31530, "url": "http://patches.dpdk.org/api/series/31530/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=31530", "date": "2024-03-15T05:42:05", "name": "Fixes and minor improvements for Crypto cnxk", "version": 3, "mbox": "http://patches.dpdk.org/series/31530/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/138414/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/138414/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id B4BF843CA6;\n\tFri, 15 Mar 2024 06:43:15 +0100 (CET)", "from mails.dpdk.org (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id C60E942EBB;\n\tFri, 15 Mar 2024 06:43:05 +0100 (CET)", "from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com\n [67.231.156.173])\n by mails.dpdk.org (Postfix) with ESMTP id 76AA1410FC\n for <dev@dpdk.org>; Fri, 15 Mar 2024 06:42:23 +0100 (CET)", "from pps.filterd (m0045851.ppops.net [127.0.0.1])\n by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id\n 42F0ahnB019063 for <dev@dpdk.org>; Thu, 14 Mar 2024 22:42:22 -0700", "from dc6wp-exch02.marvell.com ([4.21.29.225])\n by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wvbxbrpfy-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)\n for <dev@dpdk.org>; Thu, 14 Mar 2024 22:42:22 -0700 (PDT)", "from DC6WP-EXCH02.marvell.com (10.76.176.209) by\n DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id\n 15.2.1258.12; Thu, 14 Mar 2024 22:42:21 -0700", "from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com\n (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend\n Transport; Thu, 14 Mar 2024 22:42:21 -0700", "from BG-LT92004.corp.innovium.com (unknown [10.193.69.194])\n by maili.marvell.com (Postfix) with ESMTP id 9D5603F703F;\n Thu, 14 Mar 2024 22:42:19 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=\n from:to:cc:subject:date:message-id:in-reply-to:references\n :mime-version:content-transfer-encoding:content-type; s=\n pfpt0220; bh=Zv5cvllg8EZNEww++ZIOPHD3RjU6K5Wt9AZ7YKGn3mU=; b=eS7\n 4rgri+kck7bFgSCuDxco5W8zSutZhLKTc7CDjB2/suDu/cKZtTgTbnD3IldWvP01\n MzfhGT7eOkKuu8mq9QCINnZax3IWSN94HwEHp8/40vwYJA8mg0+U1eEnGhOeskEJ\n EQV5VWJ8Zq3FFiqKrUUrkJ3eeRpCPvXpeBq7bRFkDV3K7PA6LwZSvtLZ+HgIKyps\n o3xMlCAAAggu5dnV4S10Q3Uk1B/+h8qPGLQvmZGuWjT77mPtoVSXtuFKrSHJtrYQ\n 5vGXvmGHXPCiHOMdySY9tpN+Tbep+rD0TuOYB8HAdAgv9Z6Zn10FJnH0n+E8jXbG\n c4gecL8DPdgk8o4EWAA==", "From": "Vidya Sagar Velumuri <vvelumuri@marvell.com>", "To": "Akhil Goyal <gakhil@marvell.com>", "CC": "Jerin Jacob <jerinj@marvell.com>, <dev@dpdk.org>, Aakash Sasidharan\n <asasidharan@marvell.com>, Anoob Joseph <anoobj@marvell.com>", "Subject": "[PATCH v3 2/8] crypto/cnxk: enable sha384 and chachapoly for tls", "Date": "Fri, 15 Mar 2024 11:12:07 +0530", "Message-ID": "<20240315054213.540-3-vvelumuri@marvell.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20240315054213.540-1-vvelumuri@marvell.com>", "References": "<20240314131839.3362494-1-vvelumuri@marvell.com>\n <20240315054213.540-1-vvelumuri@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-GUID": "wSPUpRls2VOJnCkvJX1T7xXsckhgZB-2", "X-Proofpoint-ORIG-GUID": "wSPUpRls2VOJnCkvJX1T7xXsckhgZB-2", "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26\n definitions=2024-03-14_13,2024-03-13_01,2023-05-22_02", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org" }, "content": "Enable SHA384-HMAC support for TLS & DTLS 1.2.\nEnable CHACHA20-POLY1305 support for TLS-1.3.\n\nSigned-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>\n---\n drivers/common/cnxk/roc_ie_ot_tls.h | 1 +\n drivers/crypto/cnxk/cn10k_tls.c | 56 +++++++++++++------\n drivers/crypto/cnxk/cnxk_cryptodev.h | 6 +-\n .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 52 +++++++++++++++++\n 4 files changed, 95 insertions(+), 20 deletions(-)", "diff": "diff --git a/drivers/common/cnxk/roc_ie_ot_tls.h b/drivers/common/cnxk/roc_ie_ot_tls.h\nindex b85d075e86..39c42775f4 100644\n--- a/drivers/common/cnxk/roc_ie_ot_tls.h\n+++ b/drivers/common/cnxk/roc_ie_ot_tls.h\n@@ -39,6 +39,7 @@ enum roc_ie_ot_tls_cipher_type {\n \tROC_IE_OT_TLS_CIPHER_AES_CBC = 3,\n \tROC_IE_OT_TLS_CIPHER_AES_GCM = 7,\n \tROC_IE_OT_TLS_CIPHER_AES_CCM = 10,\n+\tROC_IE_OT_TLS_CIPHER_CHACHA_POLY = 9,\n };\n \n enum roc_ie_ot_tls_ver {\ndiff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c\nindex b46904d3f8..c95fcfdfa7 100644\n--- a/drivers/crypto/cnxk/cn10k_tls.c\n+++ b/drivers/crypto/cnxk/cn10k_tls.c\n@@ -28,7 +28,8 @@ tls_xform_cipher_auth_verify(struct rte_crypto_sym_xform *cipher_xform,\n \tswitch (c_algo) {\n \tcase RTE_CRYPTO_CIPHER_NULL:\n \t\tif ((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) || (a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) ||\n-\t\t (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC))\n+\t\t (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) ||\n+\t\t (a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC))\n \t\t\tret = 0;\n \t\tbreak;\n \tcase RTE_CRYPTO_CIPHER_3DES_CBC:\n@@ -37,7 +38,8 @@ tls_xform_cipher_auth_verify(struct rte_crypto_sym_xform *cipher_xform,\n \t\tbreak;\n \tcase RTE_CRYPTO_CIPHER_AES_CBC:\n \t\tif ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) ||\n-\t\t (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC))\n+\t\t (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) ||\n+\t\t (a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC))\n \t\t\tret = 0;\n \t\tbreak;\n \tdefault:\n@@ -69,7 +71,8 @@ tls_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform)\n \n \tif (((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) && (keylen == 16)) ||\n \t ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) && (keylen == 20)) ||\n-\t ((a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) && (keylen == 32)))\n+\t ((a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) && (keylen == 32)) ||\n+\t ((a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC) && (keylen == 48)))\n \t\treturn 0;\n \n \treturn -EINVAL;\n@@ -94,6 +97,9 @@ tls_xform_aead_verify(struct rte_security_tls_record_xform *tls_xform,\n \t\t\treturn 0;\n \t}\n \n+\tif ((crypto_xform->aead.algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305) && (keylen == 32))\n+\t\treturn 0;\n+\n \treturn -EINVAL;\n }\n \n@@ -251,6 +257,9 @@ tls_write_rlens_get(struct rte_security_tls_record_xform *tls_xfrm,\n \tcase RTE_CRYPTO_AUTH_SHA256_HMAC:\n \t\tmac_len = 32;\n \t\tbreak;\n+\tcase RTE_CRYPTO_AUTH_SHA384_HMAC:\n+\t\tmac_len = 32;\n+\t\tbreak;\n \tdefault:\n \t\tmac_len = 0;\n \t\tbreak;\n@@ -339,15 +348,20 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa,\n \tcipher_key = read_sa->cipher_key;\n \n \t/* Set encryption algorithm */\n-\tif ((crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) &&\n-\t (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)) {\n-\t\tread_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM;\n-\n+\tif (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n \t\tlength = crypto_xfrm->aead.key.length;\n-\t\tif (length == 16)\n-\t\t\tread_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128;\n-\t\telse\n+\t\tif (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {\n+\t\t\tread_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM;\n+\t\t\tif (length == 16)\n+\t\t\t\tread_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128;\n+\t\t\telse\n+\t\t\t\tread_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256;\n+\t\t}\n+\n+\t\tif (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305) {\n+\t\t\tread_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_CHACHA_POLY;\n \t\t\tread_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256;\n+\t\t}\n \n \t\tkey = crypto_xfrm->aead.key.data;\n \t\tmemcpy(cipher_key, key, length);\n@@ -397,6 +411,8 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa,\n \t\tread_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA1;\n \telse if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)\n \t\tread_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_256;\n+\telse if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA384_HMAC)\n+\t\tread_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_384;\n \telse\n \t\treturn -EINVAL;\n \n@@ -476,15 +492,19 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa,\n \tcipher_key = write_sa->cipher_key;\n \n \t/* Set encryption algorithm */\n-\tif ((crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) &&\n-\t (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)) {\n-\t\twrite_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM;\n-\n+\tif (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {\n \t\tlength = crypto_xfrm->aead.key.length;\n-\t\tif (length == 16)\n-\t\t\twrite_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128;\n-\t\telse\n+\t\tif (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {\n+\t\t\twrite_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM;\n+\t\t\tif (length == 16)\n+\t\t\t\twrite_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128;\n+\t\t\telse\n+\t\t\t\twrite_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256;\n+\t\t}\n+\t\tif (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305) {\n+\t\t\twrite_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_CHACHA_POLY;\n \t\t\twrite_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256;\n+\t\t}\n \n \t\tkey = crypto_xfrm->aead.key.data;\n \t\tmemcpy(cipher_key, key, length);\n@@ -538,6 +558,8 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa,\n \t\t\twrite_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA1;\n \t\telse if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)\n \t\t\twrite_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_256;\n+\t\telse if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA384_HMAC)\n+\t\t\twrite_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_384;\n \t\telse\n \t\t\treturn -EINVAL;\n \ndiff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h\nindex 45d01b94b3..fffc4a47b4 100644\n--- a/drivers/crypto/cnxk/cnxk_cryptodev.h\n+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h\n@@ -13,9 +13,9 @@\n \n #define CNXK_CPT_MAX_CAPS\t\t 55\n #define CNXK_SEC_IPSEC_CRYPTO_MAX_CAPS\t 16\n-#define CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS 2\n-#define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 6\n-#define CNXK_SEC_MAX_CAPS\t\t 17\n+#define CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS 3\n+#define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 7\n+#define CNXK_SEC_MAX_CAPS\t\t 19\n \n /**\n * Device private data\ndiff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\nindex db50de5d58..0d5d64b6e7 100644\n--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\n+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c\n@@ -1639,6 +1639,27 @@ static const struct rte_cryptodev_capabilities sec_tls12_caps_sha1_sha2[] = {\n \t\t\t}, }\n \t\t}, }\n \t},\n+\t{\t/* SHA384 HMAC */\n+\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t{.sym = {\n+\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,\n+\t\t\t{.auth = {\n+\t\t\t\t.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,\n+\t\t\t\t.block_size = 64,\n+\t\t\t\t.key_size = {\n+\t\t\t\t\t.min = 48,\n+\t\t\t\t\t.max = 48,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t},\n+\t\t\t\t.digest_size = {\n+\t\t\t\t\t.min = 48,\n+\t\t\t\t\t.max = 48,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t},\n+\t\t\t}, }\n+\t\t}, }\n+\t},\n+\n };\n \n static const struct rte_cryptodev_capabilities sec_tls13_caps_aes[] = {\n@@ -1672,6 +1693,37 @@ static const struct rte_cryptodev_capabilities sec_tls13_caps_aes[] = {\n \t\t\t}, }\n \t\t}, }\n \t},\n+\t{\t/* CHACHA POLY */\n+\t\t.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,\n+\t\t{.sym = {\n+\t\t\t.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,\n+\t\t\t{.aead = {\n+\t\t\t\t.algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305,\n+\t\t\t\t.block_size = 64,\n+\t\t\t\t.key_size = {\n+\t\t\t\t\t.min = 32,\n+\t\t\t\t\t.max = 32,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t},\n+\t\t\t\t.digest_size = {\n+\t\t\t\t\t.min = 16,\n+\t\t\t\t\t.max = 16,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t},\n+\t\t\t\t.aad_size = {\n+\t\t\t\t\t.min = 5,\n+\t\t\t\t\t.max = 5,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t},\n+\t\t\t\t.iv_size = {\n+\t\t\t\t\t.min = 0,\n+\t\t\t\t\t.max = 0,\n+\t\t\t\t\t.increment = 0\n+\t\t\t\t}\n+\t\t\t}, }\n+\t\t}, }\n+\t},\n+\n };\n \n \n", "prefixes": [ "v3", "2/8" ] }