From patchwork Tue Oct 3 10:48:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 222 Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6528E426AE; Tue, 3 Oct 2023 12:49:00 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 53D4C402D5; Tue, 3 Oct 2023 12:49:00 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 25EF14026B for ; Tue, 3 Oct 2023 12:48:58 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3933ipKf022325; Tue, 3 Oct 2023 03:48:53 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=FdoXjJ5wd0/BRyonXQ/T40K8uNCQnLi4s3aUQUWqJXI=; b=CEoj5bdhvTwNp46U5fD9525Jqhu1fQkCVnaMLEsXVmEl4ePXAFm7ep083APSyYgtTGCX b8UXf8fGW6SwEE1t2ixcif1+aLob4HtOl7m+SvUiQlDiEVV755vFtyrOSr5IkCtmkK+y m9hODWNYQe9j6BcTXkc0vkxTR0vtburLiUZuOwd+mNQXL0lDOJcjl1XMtkvYo+dF0pGS wGD2ZlMqdNKA6OIWOG9feuMlsFtxU2unoBOkLGGXUhUTe7UGqV/Gt/ON3rB9yCTDAOAz +r/0L0/I1Lxu4EQWmk6Kw91FS5Sch+kwJV/lCc2yUXdoZFkZWUjmZePRMkWewAnG/+a7 Qg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3tgbas98vf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 03 Oct 2023 03:48:53 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 3 Oct 2023 03:48:51 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Tue, 3 Oct 2023 03:48:51 -0700 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id F19953F7043; Tue, 3 Oct 2023 03:48:46 -0700 (PDT) From: Anoob Joseph To: Thomas Monjalon , Akhil Goyal , Jerin Jacob , Harry van Haaren CC: Konstantin Ananyev , Hemant Agrawal , , Olivier Matz , Vidya Sagar Velumuri Subject: [PATCH v2 0/5] add TLS record processing security offload Date: Tue, 3 Oct 2023 16:18:49 +0530 Message-ID: <20231003104854.1381-1-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230811071712.240-1-anoobj@marvell.com> References: <20230811071712.240-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: -EtO6uD2D6FIEQt9Dn_I-lceJjIIm9sE X-Proofpoint-GUID: -EtO6uD2D6FIEQt9Dn_I-lceJjIIm9sE X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-10-03_07,2023-10-02_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The protocols provide communications privacy for L4 protocols such as TCP & UDP. TLS (and DTLS) protocol is composed of two layers, 1. TLS Record Protocol 2. TLS Handshake Protocol While TLS Handshake Protocol helps in establishing security parameters by which client and server can communicate, TLS Record Protocol provides the connection security. TLS Record Protocol leverages symmetric cryptographic operations such as data encryption and authentication for providing security to the communications. Cryptodevs that are capable of offloading TLS Record Protocol may perform other operations like IV generation, header insertion, atomic sequence number updates and anti-replay window check in addition to cryptographic transformations. In record write operations, message content type is a per packet field which is used in constructing the TLS header. One session is expected to handle all types of content types and so, 'rte_crypto_op.aux_flags' is used for passing the same. Support for TLS record protocol is added for TLS 1.2, TLS 1.3 and DTLS 1.2. Changes in v2: - Replaced CCS with CHANGE_CIPHER_SPEC (Harry) - Split patches to clarify lifetime tracking and notification of the same in rte_crypto_op (Harry) - Use 8 bits reserved space in rte_crypto_op to pass content type from application to PMD (in case of record write) and from PMD to application (in case of of record read). TLS 1.3 has content type as part of trailer which would be encrypted and would be removed by PMD. - Updated documentation (Harry) Akhil Goyal (1): net: add headers for TLS/DTLS packets Anoob Joseph (2): security: add TLS record processing security: support extra padding with TLS Vidya Sagar Velumuri (2): security: support TLS record lifetime notification cryptodev: add details of datapath handling of TLS records doc/api/doxy-api-index.md | 2 + doc/guides/prog_guide/rte_security.rst | 74 +++++++++++++ doc/guides/rel_notes/release_23_11.rst | 6 ++ lib/cryptodev/rte_crypto.h | 50 ++++++++- lib/net/meson.build | 2 + lib/net/rte_dtls.h | 61 +++++++++++ lib/net/rte_tls.h | 48 +++++++++ lib/security/rte_security.c | 4 + lib/security/rte_security.h | 144 +++++++++++++++++++++++++ 9 files changed, 388 insertions(+), 3 deletions(-) create mode 100644 lib/net/rte_dtls.h create mode 100644 lib/net/rte_tls.h