From patchwork Tue Oct 3 10:48:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 132278 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 81AB5426AE; Tue, 3 Oct 2023 12:49:17 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 769CF40695; Tue, 3 Oct 2023 12:49:10 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id A517640693 for ; Tue, 3 Oct 2023 12:49:08 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3933ikxU022252; Tue, 3 Oct 2023 03:49:04 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=sVvTxRIk1I3suIFsiEOnSlSCKVRAcW96FtcmnAJzPqM=; b=Jxpdo8yQLzw1aTFOFnTY1Fz5gY0lAQNfGsFvObvVk+e3nA4nf+7gfOHtM7gxaFLp19yJ dL+wDbtfvS5MSohLge9yTD3JQAY4k2eTBD7d1yi/k7aZcIAxyKxOBC2aFLHbJ9XPlOqx uqHlcu8jOWsMMO4XX4anpN93xM1ynkSYLsewL9pEVeFgA1lLyD1eGj/SqOrFOkjyk4Wi T7syFbkoonlDlIJYpb6szJeZc762w2HM08o26o6QW3xYRkN6WXU9AEIUMoFf3RqsmxIU 4jB8IQv6aJqo5U74boH1mgVz4sxFC6Z5hI8jWpZF289YLUaUXXZWYC8tTWNRViB9A2WK +w== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3tgbas98w1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 03 Oct 2023 03:49:04 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 3 Oct 2023 03:49:02 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Tue, 3 Oct 2023 03:49:02 -0700 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id B3A933F7043; Tue, 3 Oct 2023 03:48:57 -0700 (PDT) From: Anoob Joseph To: Thomas Monjalon , Akhil Goyal , Jerin Jacob , Harry van Haaren CC: Konstantin Ananyev , Hemant Agrawal , , Olivier Matz , Vidya Sagar Velumuri Subject: [PATCH v2 3/5] security: support extra padding with TLS Date: Tue, 3 Oct 2023 16:18:52 +0530 Message-ID: <20231003104854.1381-4-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231003104854.1381-1-anoobj@marvell.com> References: <20230811071712.240-1-anoobj@marvell.com> <20231003104854.1381-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: NXBGUl7rcvRnL7PYg6eiCu8i2UlDZy4Q X-Proofpoint-GUID: NXBGUl7rcvRnL7PYg6eiCu8i2UlDZy4Q X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-10-03_07,2023-10-02_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org In TLS record write protocol (encrypt), application may request for extra padding in addition to the default padding which ensures that crypto payload is aligned to block size. This is required to hide the size of the traffic from an observer. Extend the usage of ``rte_crypto_op.aux_flags`` to allow users to provide extra padding in units of 8B. It is an optional feature and any device that supports the same can declare so by making use of corresponding capability. Signed-off-by: Anoob Joseph Signed-off-by: Vidya Sagar Velumuri --- lib/cryptodev/rte_crypto.h | 14 +++++++++++++- lib/security/rte_security.h | 16 ++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h index 9b8d0331a4..7b8f2bdc6d 100644 --- a/lib/cryptodev/rte_crypto.h +++ b/lib/cryptodev/rte_crypto.h @@ -99,8 +99,20 @@ struct rte_crypto_op { /**< operation session type */ uint8_t aux_flags; /**< Operation specific auxiliary/additional flags. - * These flags carry additional information from the + * These flags carry additional information from/to the * operation. Processing of the same is optional. + * + * The flags are defined as RTE_CRYPTO_OP_AUX_FLAGS_* and would be set by + * PMD for application consumption when the status is + * RTE_CRYPTO_OP_STATUS_SUCCESS. In case of errors, the value of this + * field is undefined. + * + * With TLS record offload (RTE_SECURITY_PROTOCOL_TLS_RECORD), + * application may provide the extra padding required for the plaintext + * provided. This field can be used for passing the same in units of 8B. The + * value would be set by application for PMD consumption. + * + * @see struct rte_security_tls_record_sess_options */ uint8_t reserved[2]; /**< Reserved bytes to fill 64 bits for diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index 54c32c1147..89e61e10ad 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -636,6 +636,22 @@ struct rte_security_tls_record_sess_options { * and application is not required to provide IV. */ uint32_t iv_gen_disable : 1; + /** Enable extra padding + * + * TLS allows user to pad the plain text to hide the actual size of the record. This is + * required to achieve traffic flow confidentiality in case of TLS/DTLS flows. This padding + * is in addition to the default padding performed by PMD (which ensures ciphertext is + * aligned to block size). + * + * On supported devices, application may pass the required additional padding via + * ``rte_crypto_op.aux_flags`` field. + * + * 1 : Enable extra padding of the plain text provided. The extra padding value would be + * read from ``rte_crypto_op.aux_flags``. + * + * 0 : Disable extra padding + */ + uint32_t extra_padding_enable : 1; }; /**