From patchwork Thu Mar 14 08:38:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vidya Sagar Velumuri X-Patchwork-Id: 138364 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F06BF43CAE; Thu, 14 Mar 2024 09:40:29 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8211342EA6; Thu, 14 Mar 2024 09:39:51 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 93FFF42EA5 for ; Thu, 14 Mar 2024 09:39:41 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42DNgMNE016200 for ; Thu, 14 Mar 2024 01:39:41 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=OAkS7JQ++noNfBRHHMZMM8xmivwbAS8+1INt1kzsd/0=; b=YBb soMQLMe4wPXnpRPDBUDn2wM3fqnET+i1s7wnNhyEmVinBmW7ehI+yhJWaiYACwe1 hx04yv+FNhjrh2PXF+Zf09fQfsgf4JmmZ0XMbBIsAXjcGkV3aWc13UF5OIQUbNAt bIhqu/0wwXUySNO4Rmg+SxsmJwBfn6ODOjo5oZ8yZElHk5HnqWpan7xXeQ2uJrQm 8G0CAXU75c73lxlVxPQ4KmXaRqA+EzOM/QupptSmrevumBguYcKJx/LIUNjyFfYJ FNFNmwU/AaQsr4t2hFIEHTa8EMhLyvw2RgBFKB7kfBCNhy68TSO55SXiCI3peSho hoUWU/sn92SK/5719jw== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wucg2uwwg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 14 Mar 2024 01:39:40 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Thu, 14 Mar 2024 01:39:40 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Thu, 14 Mar 2024 01:39:40 -0700 Received: from localhost.localdomain (unknown [10.28.36.179]) by maili.marvell.com (Postfix) with ESMTP id 112D63F7051; Thu, 14 Mar 2024 01:39:35 -0700 (PDT) From: Vidya Sagar Velumuri To: Nithin Dabilpuram , Kiran Kumar K , Sunil Kumar Kori , Satha Rao , Harman Kalra , Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj CC: , , , , Subject: [PATCH 11/12] crypto/cnxk: enable chachapoly capability for tls Date: Thu, 14 Mar 2024 01:38:43 -0700 Message-ID: <20240314083844.3319506-12-vvelumuri@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240314083844.3319506-1-vvelumuri@marvell.com> References: <20240314083844.3319506-1-vvelumuri@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: jrBxYDGgpIxOtBtIvBoe1Jr75KSEOrMM X-Proofpoint-GUID: jrBxYDGgpIxOtBtIvBoe1Jr75KSEOrMM X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-14_07,2024-03-13_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Enable CHACHA20-POLY1305 support for TLS-1.3. Signed-off-by: Vidya Sagar Velumuri --- drivers/common/cnxk/roc_ie_ot_tls.h | 1 + drivers/crypto/cnxk/cn10k_tls.c | 40 ++++++++++++------- drivers/crypto/cnxk/cnxk_cryptodev.h | 4 +- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 31 ++++++++++++++ 4 files changed, 60 insertions(+), 16 deletions(-) diff --git a/drivers/common/cnxk/roc_ie_ot_tls.h b/drivers/common/cnxk/roc_ie_ot_tls.h index 44850f7060..2d6a290d9b 100644 --- a/drivers/common/cnxk/roc_ie_ot_tls.h +++ b/drivers/common/cnxk/roc_ie_ot_tls.h @@ -39,6 +39,7 @@ enum roc_ie_ot_tls_cipher_type { ROC_IE_OT_TLS_CIPHER_AES_CBC = 3, ROC_IE_OT_TLS_CIPHER_AES_GCM = 7, ROC_IE_OT_TLS_CIPHER_AES_CCM = 10, + ROC_IE_OT_TLS_CIPHER_CHACHA_POLY = 9, }; enum roc_ie_ot_tls_ver { diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c index 4b558ef365..7b73a58d2a 100644 --- a/drivers/crypto/cnxk/cn10k_tls.c +++ b/drivers/crypto/cnxk/cn10k_tls.c @@ -97,6 +97,9 @@ tls_xform_aead_verify(struct rte_security_tls_record_xform *tls_xform, return 0; } + if ((crypto_xform->aead.algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305) && (keylen == 32)) + return 0; + return -EINVAL; } @@ -351,15 +354,20 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa, cipher_key = read_sa->cipher_key; /* Set encryption algorithm */ - if ((crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) && - (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)) { - read_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM; - + if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) { length = crypto_xfrm->aead.key.length; - if (length == 16) - read_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128; - else + if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { + read_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM; + if (length == 16) + read_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128; + else + read_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256; + } + + if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305) { + read_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_CHACHA_POLY; read_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256; + } key = crypto_xfrm->aead.key.data; memcpy(cipher_key, key, length); @@ -500,15 +508,19 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa, cipher_key = write_sa->cipher_key; /* Set encryption algorithm */ - if ((crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) && - (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)) { - write_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM; - + if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) { length = crypto_xfrm->aead.key.length; - if (length == 16) - write_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128; - else + if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { + write_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM; + if (length == 16) + write_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128; + else + write_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256; + } + if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305) { + write_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_CHACHA_POLY; write_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256; + } key = crypto_xfrm->aead.key.data; memcpy(cipher_key, key, length); diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h index dccd563872..fffc4a47b4 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev.h @@ -13,9 +13,9 @@ #define CNXK_CPT_MAX_CAPS 55 #define CNXK_SEC_IPSEC_CRYPTO_MAX_CAPS 16 -#define CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS 2 +#define CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS 3 #define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 7 -#define CNXK_SEC_MAX_CAPS 18 +#define CNXK_SEC_MAX_CAPS 19 /** * Device private data diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 5bafa226e0..0d5d64b6e7 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -1693,6 +1693,37 @@ static const struct rte_cryptodev_capabilities sec_tls13_caps_aes[] = { }, } }, } }, + { /* CHACHA POLY */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305, + .block_size = 64, + .key_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 5, + .max = 5, + .increment = 0 + }, + .iv_size = { + .min = 0, + .max = 0, + .increment = 0 + } + }, } + }, } + }, + };