From patchwork Wed Jan 17 10:31:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 135926 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id DA227438E9; Wed, 17 Jan 2024 11:34:23 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id AC59E42830; Wed, 17 Jan 2024 11:32:14 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 6948640DF6 for ; Wed, 17 Jan 2024 11:32:11 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 40H8wN4g012651 for ; Wed, 17 Jan 2024 02:32:10 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=2R3t3EhFm7SLe8i6sMSJKSMFTI2K51sEaHge6UnqJ9w=; b=H81 YnYAE1O22guhKVio1esXdnpGwrHtlGM3dIZMZ5TTBmmNvzLfZDhj84X2QP+D3ipU is9Oi7Kfq+8eO8Xd21X+uJt2/jX/u5Bbf025C7SVlHMMmOI8jyJ4qeJ2YykbXntz HHV6JBTktO1iQOhbcHEF+WlP4/z/9pnULxjqpPpPBC9YUVVYXPHMDrO4iWZZ08oc Bowy/+sqzAxzC0oK0m8PXxbyZRYcgkZObys9PvW5WFUGPTvSjgns1d0PBqbJzv/y SqBZ8rK1jxl6q9raadRjf9eIWD7sGQYFSVc+YzDCv4dzPuy9u2vyIRB/fpX9nVgk zsMwBc0h8aLp/4p/d8Q== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3vp0ge2jyg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Wed, 17 Jan 2024 02:32:10 -0800 (PST) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 17 Jan 2024 02:32:08 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Wed, 17 Jan 2024 02:32:08 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.22.179]) by maili.marvell.com (Postfix) with ESMTP id CEAF43F7048; Wed, 17 Jan 2024 02:32:06 -0800 (PST) From: Anoob Joseph To: Akhil Goyal CC: Vidya Sagar Velumuri , Jerin Jacob , Tejasree Kondoj , Subject: [PATCH v3 23/24] crypto/cnxk: add TLS 1.3 capability Date: Wed, 17 Jan 2024 16:01:08 +0530 Message-ID: <20240117103109.922-24-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240117103109.922-1-anoobj@marvell.com> References: <20240102045417.115-1-anoobj@marvell.com> <20240117103109.922-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: oVg1-kZkOid6g85eceSrKJ559PlY7G7e X-Proofpoint-ORIG-GUID: oVg1-kZkOid6g85eceSrKJ559PlY7G7e X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-01-17_05,2024-01-17_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add TLS 1.3 record read and write capability Signed-off-by: Vidya Sagar Velumuri --- doc/guides/rel_notes/release_24_03.rst | 4 +- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 92 +++++++++++++++++++ 2 files changed, 94 insertions(+), 2 deletions(-) diff --git a/doc/guides/rel_notes/release_24_03.rst b/doc/guides/rel_notes/release_24_03.rst index 8fc6e9fb6d..dc53e313f1 100644 --- a/doc/guides/rel_notes/release_24_03.rst +++ b/doc/guides/rel_notes/release_24_03.rst @@ -58,8 +58,8 @@ New Features * **Updated Marvell cnxk crypto driver.** * Added support for Rx inject in crypto_cn10k. - * Added support for TLS record processing in crypto_cn10k. Supports TLS 1.2 - and DTLS 1.2. + * Added support for TLS record processing in crypto_cn10k. Supports TLS 1.2, + DTLS 1.2 and TLS 1.3. * Added PMD API to allow raw submission of instructions to CPT. diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 73100377d9..db50de5d58 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -40,6 +40,16 @@ RTE_DIM(sec_tls12_caps_##name)); \ } while (0) +#define SEC_TLS13_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, name) \ + do { \ + if ((hw_caps[CPT_ENG_TYPE_SE].name) || \ + (hw_caps[CPT_ENG_TYPE_IE].name) || \ + (hw_caps[CPT_ENG_TYPE_AE].name)) \ + sec_tls13_caps_add(cnxk_caps, cur_pos, \ + sec_tls13_caps_##name, \ + RTE_DIM(sec_tls13_caps_##name)); \ + } while (0) + static const struct rte_cryptodev_capabilities caps_mul[] = { { /* RSA */ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, @@ -1631,6 +1641,40 @@ static const struct rte_cryptodev_capabilities sec_tls12_caps_sha1_sha2[] = { }, }; +static const struct rte_cryptodev_capabilities sec_tls13_caps_aes[] = { + { /* AES GCM */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 16 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 5, + .max = 5, + .increment = 0 + }, + .iv_size = { + .min = 0, + .max = 0, + .increment = 0 + } + }, } + }, } + }, +}; + + static const struct rte_security_capability sec_caps_templ[] = { { /* IPsec Lookaside Protocol ESP Tunnel Ingress */ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, @@ -1760,6 +1804,26 @@ static const struct rte_security_capability sec_caps_templ[] = { }, .crypto_capabilities = NULL, }, + { /* TLS 1.3 Record Read */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD, + .tls_record = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_READ, + .ar_win_size = 0, + }, + .crypto_capabilities = NULL, + }, + { /* TLS 1.3 Record Write */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD, + .tls_record = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .ar_win_size = 0, + }, + .crypto_capabilities = NULL, + }, { .action = RTE_SECURITY_ACTION_TYPE_NONE } @@ -2005,6 +2069,33 @@ sec_tls12_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[], sec_tls12_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end)); } +static void +sec_tls13_caps_limit_check(int *cur_pos, int nb_caps) +{ + PLT_VERIFY(*cur_pos + nb_caps <= CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS); +} + +static void +sec_tls13_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos, + const struct rte_cryptodev_capabilities *caps, int nb_caps) +{ + sec_tls13_caps_limit_check(cur_pos, nb_caps); + + memcpy(&cnxk_caps[*cur_pos], caps, nb_caps * sizeof(caps[0])); + *cur_pos += nb_caps; +} + +static void +sec_tls13_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[], + union cpt_eng_caps *hw_caps) +{ + int cur_pos = 0; + + SEC_TLS13_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, aes); + + sec_tls13_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end)); +} + void cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf) { @@ -2016,6 +2107,7 @@ cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf) if (vf->cpt.hw_caps[CPT_ENG_TYPE_SE].tls) { sec_tls12_crypto_caps_populate(vf->sec_tls_1_2_crypto_caps, vf->cpt.hw_caps); sec_tls12_crypto_caps_populate(vf->sec_dtls_1_2_crypto_caps, vf->cpt.hw_caps); + sec_tls13_crypto_caps_populate(vf->sec_tls_1_3_crypto_caps, vf->cpt.hw_caps); } PLT_STATIC_ASSERT(RTE_DIM(sec_caps_templ) <= RTE_DIM(vf->sec_caps));