diff mbox series

[02/12] crypto/cnxk: enable sha384 capability for tls

Message ID	20240314083844.3319506-3-vvelumuri@marvell.com (mailing list archive)
State	Superseded, archived
Delegated to:	akhil goyal
Headers	From: Vidya Sagar Velumuri <vvelumuri@marvell.com> To: Ankur Dwivedi <adwivedi@marvell.com>, Anoob Joseph <anoobj@marvell.com>, Tejasree Kondoj <ktejasree@marvell.com> CC: <gakhil@marvell.com>, <jerinj@marvell.com>, <vvelumuri@marvell.com>, <asasidharan@marvell.com>, <dev@dpdk.org> Subject: [PATCH 02/12] crypto/cnxk: enable sha384 capability for tls Date: Thu, 14 Mar 2024 01:38:34 -0700 Message-ID: <20240314083844.3319506-3-vvelumuri@marvell.com> In-Reply-To: <20240314083844.3319506-1-vvelumuri@marvell.com> References: <20240314083844.3319506-1-vvelumuri@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	Add TLS features \| [00/12] Add TLS features [01/12] crypto/cnxk: multi seg support block ciphers in tls [02/12] crypto/cnxk: enable sha384 capability for tls [03/12] crypto/cnxk: add support for session update for TLS [04/12] crypto/cnxk: avoid branches in datapath [05/12] crypto/cnxk: move metadata to second cacheline [06/12] crypto/cnxk: handle the extra len reported by microcode [07/12] crypto/cnxk: add support for padding verification in TLS [08/12] crypto/cnxk: add support for oop processing in TLS [09/12] crypto/cnxk: update the context structure of tls [10/12] crypto/cnxk: use proper offset for context calculation [11/12] crypto/cnxk: enable chachapoly capability for tls [12/12] crypto/cnxk: remove the response len handling for tls

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

Vidya Sagar Velumuri March 14, 2024, 8:38 a.m. UTC

  Enable SHA384-HMAC support for TLS & DTLS 1.2.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 drivers/crypto/cnxk/cn10k_tls.c               | 16 +++++++++++---
 drivers/crypto/cnxk/cnxk_cryptodev.h          |  4 ++--
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 21 +++++++++++++++++++
 3 files changed, 36 insertions(+), 5 deletions(-)

diff mbox series

Patch

diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c
index b46904d3f8..3e306c248b 100644
--- a/drivers/crypto/cnxk/cn10k_tls.c
+++ b/drivers/crypto/cnxk/cn10k_tls.c
@@ -28,7 +28,8 @@  tls_xform_cipher_auth_verify(struct rte_crypto_sym_xform *cipher_xform,
 	switch (c_algo) {
 	case RTE_CRYPTO_CIPHER_NULL:
 		if ((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) || (a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) ||
-		    (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC))
+		    (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) ||
+		    (a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC))
 			ret = 0;
 		break;
 	case RTE_CRYPTO_CIPHER_3DES_CBC:
@@ -37,7 +38,8 @@  tls_xform_cipher_auth_verify(struct rte_crypto_sym_xform *cipher_xform,
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		if ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) ||
-		    (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC))
+		    (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) ||
+		    (a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC))
 			ret = 0;
 		break;
 	default:
@@ -69,7 +71,8 @@  tls_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform)
 
 	if (((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) && (keylen == 16)) ||
 	    ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) && (keylen == 20)) ||
-	    ((a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) && (keylen == 32)))
+	    ((a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) && (keylen == 32)) ||
+	    ((a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC) && (keylen == 48)))
 		return 0;
 
 	return -EINVAL;
@@ -251,6 +254,9 @@  tls_write_rlens_get(struct rte_security_tls_record_xform *tls_xfrm,
 	case RTE_CRYPTO_AUTH_SHA256_HMAC:
 		mac_len = 32;
 		break;
+	case RTE_CRYPTO_AUTH_SHA384_HMAC:
+		mac_len = 32;
+		break;
 	default:
 		mac_len = 0;
 		break;
@@ -397,6 +403,8 @@  tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa,
 		read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA1;
 	else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)
 		read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_256;
+	else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA384_HMAC)
+		read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_384;
 	else
 		return -EINVAL;
 
@@ -538,6 +546,8 @@  tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa,
 			write_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA1;
 		else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)
 			write_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_256;
+		else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA384_HMAC)
+			write_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_384;
 		else
 			return -EINVAL;
 
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h
index 45d01b94b3..dccd563872 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -14,8 +14,8 @@ 
 #define CNXK_CPT_MAX_CAPS		 55
 #define CNXK_SEC_IPSEC_CRYPTO_MAX_CAPS	 16
 #define CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS 2
-#define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 6
-#define CNXK_SEC_MAX_CAPS		 17
+#define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 7
+#define CNXK_SEC_MAX_CAPS		 18
 
 /**
  * Device private data
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index db50de5d58..5bafa226e0 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1639,6 +1639,27 @@  static const struct rte_cryptodev_capabilities sec_tls12_caps_sha1_sha2[] = {
 			}, }
 		}, }
 	},
+	{	/* SHA384 HMAC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
+				.block_size = 64,
+				.key_size = {
+					.min = 48,
+					.max = 48,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 48,
+					.max = 48,
+					.increment = 0
+				},
+			}, }
+		}, }
+	},
+
 };
 
 static const struct rte_cryptodev_capabilities sec_tls13_caps_aes[] = {