From patchwork Tue Oct  3 10:48:54 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Anoob Joseph <anoobj@marvell.com>
X-Patchwork-Id: 132280
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 0464C426AE;
	Tue,  3 Oct 2023 12:49:33 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 1171B4069F;
	Tue,  3 Oct 2023 12:49:17 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
 [67.231.148.174])
 by mails.dpdk.org (Postfix) with ESMTP id EF338406A2
 for <dev@dpdk.org>; Tue,  3 Oct 2023 12:49:15 +0200 (CEST)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
 by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
 3933ipKh022325; Tue, 3 Oct 2023 03:49:11 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=scfcSlhvWqF1BFRX6opQ67fHkZJujyj3zOVG1kJ6VsY=;
 b=ifqc4WAhavD0gpzk22esTfgF1flu3sA3nZTxS7lGIW/3q8E0IojPq8gWlB1qaZV7XLxA
 BgiL8KRyJdA/nN8SEsMuzA14SnWuPv13ICrN/2XrYKaZeK+nNBsWp2Ks3/9mIw10gQmL
 /T8iogm3GcJjmSIDRU0Uzbt7QAK+HCmzOWJ/FrwZ24DRtRG6cRLF607SfuzW4pcg+rbt
 hGMnZVSKcPDdezHpkSZeFBVHjK1WEgkLZis731TSlHYdF4fJArQqatm/FdPAvxzhFIBG
 xlHAyKK3XptCCqHcaGpEYRPFQQJ8wYyZKOBhbe802SMZjpeNvex8XG62RzX5rkSqdGGN pQ==
Received: from dc5-exch02.marvell.com ([199.233.59.182])
 by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3tgbas98wp-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Tue, 03 Oct 2023 03:49:11 -0700
Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com
 (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48;
 Tue, 3 Oct 2023 03:49:09 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com
 (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend
 Transport; Tue, 3 Oct 2023 03:49:09 -0700
Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189])
 by maili.marvell.com (Postfix) with ESMTP id CDF153F7080;
 Tue,  3 Oct 2023 03:49:04 -0700 (PDT)
From: Anoob Joseph <anoobj@marvell.com>
To: Thomas Monjalon <thomas@monjalon.net>, Akhil Goyal <gakhil@marvell.com>,
 Jerin Jacob <jerinj@marvell.com>, Harry van Haaren
 <harry.van.haaren@intel.com>
CC: Vidya Sagar Velumuri <vvelumuri@marvell.com>, Konstantin Ananyev
 <konstantin.v.ananyev@yandex.ru>,
 Hemant Agrawal <hemant.agrawal@nxp.com>, <dev@dpdk.org>,
 Olivier Matz <olivier.matz@6wind.com>
Subject: [PATCH v2 5/5] cryptodev: add details of datapath handling of TLS
 records
Date: Tue, 3 Oct 2023 16:18:54 +0530
Message-ID: <20231003104854.1381-6-anoobj@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20231003104854.1381-1-anoobj@marvell.com>
References: <20230811071712.240-1-anoobj@marvell.com>
 <20231003104854.1381-1-anoobj@marvell.com>
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: MiWsZNC9ENLN-TTgqfyArIwRnPANkJlf
X-Proofpoint-GUID: MiWsZNC9ENLN-TTgqfyArIwRnPANkJlf
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26
 definitions=2023-10-03_07,2023-10-02_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

TLS/DTLS record processing requires content type to be provided per
packet (for record write operation). Extend usage of reserved fields in
rte_crypto_op for the same purpose.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 doc/guides/prog_guide/rte_security.rst | 12 ++++++++++++
 doc/guides/rel_notes/release_23_11.rst |  6 ++++++
 lib/cryptodev/rte_crypto.h             | 25 ++++++++++++++++++++++++-
 3 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst
index f90dee5df0..7a25a7e649 100644
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -453,6 +453,18 @@ Protocol. The TLS Record Protocol provides connection security that has two basi
                   V                              V
             TLSCiphertext                  TLSPlaintext
 
+TLS and DTLS header formation (in record write operation) would depend on
+type of content. It is a per packet variable and would need to be handled by
+the same session. Application may pass this info to a cryptodev performing
+lookaside protocol offload by passing the same in ``rte_crypto_op.param1``.
+
+In record read operation, application is required to preserve any info it may
+need from the TLS/DTLS header (such as content type and sequence number) as the
+cryptodev would remove the header and padding as part of the lookaside protocol
+processing. With TLS 1.3, the actual content type is part of the trailer (before
+padding) and would be stripped by the PMD. For applications that may need this
+info, PMD would return the value in ``rte_crypto_op.param1`` field.
+
 Supported Versions
 ^^^^^^^^^^^^^^^^^^
 
diff --git a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst
index 250735efa9..663d1e9cf9 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -83,6 +83,12 @@ New Features
   Similar to out of place processing support for lookaside security session, added
   the same support for inline ingress security session.
 
+* **Added support for TLS and DTLS record in rte_security.**
+
+  Added TLS and DTLS record transform for rte_security session and added
+  enhancements to ``rte_crypto_op`` fields to handle all datapath requirements
+  of TLS and DTLS. The support is added for TLS 1.2, TLS 1.3 and DTLS 1.2.
+
 * **Updated ipsec_mb crypto driver.**
 
   Added support for digest encrypted to AESNI_MB asynchronous crypto driver.
diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index 9fe3e3d529..34aacd9312 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -123,7 +123,30 @@ struct rte_crypto_op {
 			 *
 			 * @see struct rte_security_tls_record_sess_options
 			 */
-			uint8_t reserved[2];
+			union {
+				struct {
+					uint8_t content_type;
+					/**< Content type. The field can act both as input
+					 * and output.
+					 *
+					 * As input, for passing message type in case of record
+					 * write (encrypt) operation. Applicable for,
+					 * 1. TLS 1.2
+					 * 2. TLS 1.3
+					 * 3. DTLS 1.2
+					 *
+					 * As output, for returning message type in case of record
+					 * read (decrypt) operation. Applicable for,
+					 * 1. TLS 1.3
+					 *
+					 * Message types are listed as RTE_TLS_TYPE_* and
+					 * RTE_DTLS_TYPE_*.
+					 */
+				} tls_record;
+				/**< TLS record */
+			} param1;
+			/**< Additional per operation parameter 1. */
+			uint8_t reserved[1];
 			/**< Reserved bytes to fill 64 bits for
 			 * future additions
 			 */