From patchwork Thu Mar 14 08:38:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vidya Sagar Velumuri X-Patchwork-Id: 138355 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 12A6943CAE; Thu, 14 Mar 2024 09:39:28 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7E4A942E4B; Thu, 14 Mar 2024 09:39:20 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 8FFFE400D5 for ; Thu, 14 Mar 2024 09:39:14 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42DNgMN3016200 for ; Thu, 14 Mar 2024 01:39:13 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=ZT4LY/Pbhay5q7xvxtdJTBE3XROaIiGdQCf4/ln4bD8=; b=Z6z oxZ2edDLtfvaUaHq/CLHXCUbg7fRFW1rAfl/jjzgHI+7HS/0Oy8IEuFggT+xg0XO HwaVAYfsUHnMutjQSVOlOHB3WbNZswNzYRQXN34TC5BrZyVOoScbKvJLYy3FRhby KBWptpJ7f7k4rLaEowYmM09DJ1kPN8n8fk6h1VX08oajOv0ulL9CL4by79KdmZiJ JxCdeyVchegJwKnEXXpJa+lNGeimbPoLuBP5acHl2+94jmG3EunJI3JFSDJeGXDZ ppqjba3WhyUVOLANVv2NlFN2NCdYqis3AdiWNah5iMPcJI8ZGHoC1r8AyywARGKd x3Tj6CQomrfs9plI0Kw== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wucg2uwsg-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 14 Mar 2024 01:39:13 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Thu, 14 Mar 2024 01:39:08 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Thu, 14 Mar 2024 01:39:08 -0700 Received: from localhost.localdomain (unknown [10.28.36.179]) by maili.marvell.com (Postfix) with ESMTP id 5E4855B6929; Thu, 14 Mar 2024 01:39:05 -0700 (PDT) From: Vidya Sagar Velumuri To: Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj CC: , , , , Subject: [PATCH 02/12] crypto/cnxk: enable sha384 capability for tls Date: Thu, 14 Mar 2024 01:38:34 -0700 Message-ID: <20240314083844.3319506-3-vvelumuri@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240314083844.3319506-1-vvelumuri@marvell.com> References: <20240314083844.3319506-1-vvelumuri@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: CJVths0VCFHMNqpqy6alm2jTh7GmlD3g X-Proofpoint-GUID: CJVths0VCFHMNqpqy6alm2jTh7GmlD3g X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-14_07,2024-03-13_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Enable SHA384-HMAC support for TLS & DTLS 1.2. Signed-off-by: Vidya Sagar Velumuri --- drivers/crypto/cnxk/cn10k_tls.c | 16 +++++++++++--- drivers/crypto/cnxk/cnxk_cryptodev.h | 4 ++-- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 21 +++++++++++++++++++ 3 files changed, 36 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c index b46904d3f8..3e306c248b 100644 --- a/drivers/crypto/cnxk/cn10k_tls.c +++ b/drivers/crypto/cnxk/cn10k_tls.c @@ -28,7 +28,8 @@ tls_xform_cipher_auth_verify(struct rte_crypto_sym_xform *cipher_xform, switch (c_algo) { case RTE_CRYPTO_CIPHER_NULL: if ((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) || (a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) || - (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) + (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) || + (a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC)) ret = 0; break; case RTE_CRYPTO_CIPHER_3DES_CBC: @@ -37,7 +38,8 @@ tls_xform_cipher_auth_verify(struct rte_crypto_sym_xform *cipher_xform, break; case RTE_CRYPTO_CIPHER_AES_CBC: if ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) || - (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) + (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) || + (a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC)) ret = 0; break; default: @@ -69,7 +71,8 @@ tls_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform) if (((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) && (keylen == 16)) || ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) && (keylen == 20)) || - ((a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) && (keylen == 32))) + ((a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) && (keylen == 32)) || + ((a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC) && (keylen == 48))) return 0; return -EINVAL; @@ -251,6 +254,9 @@ tls_write_rlens_get(struct rte_security_tls_record_xform *tls_xfrm, case RTE_CRYPTO_AUTH_SHA256_HMAC: mac_len = 32; break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + mac_len = 32; + break; default: mac_len = 0; break; @@ -397,6 +403,8 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa, read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA1; else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_256; + else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA384_HMAC) + read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_384; else return -EINVAL; @@ -538,6 +546,8 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa, write_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA1; else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) write_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_256; + else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA384_HMAC) + write_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_384; else return -EINVAL; diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h index 45d01b94b3..dccd563872 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev.h @@ -14,8 +14,8 @@ #define CNXK_CPT_MAX_CAPS 55 #define CNXK_SEC_IPSEC_CRYPTO_MAX_CAPS 16 #define CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS 2 -#define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 6 -#define CNXK_SEC_MAX_CAPS 17 +#define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 7 +#define CNXK_SEC_MAX_CAPS 18 /** * Device private data diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index db50de5d58..5bafa226e0 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -1639,6 +1639,27 @@ static const struct rte_cryptodev_capabilities sec_tls12_caps_sha1_sha2[] = { }, } }, } }, + { /* SHA384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .block_size = 64, + .key_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + }, } + }, } + }, + }; static const struct rte_cryptodev_capabilities sec_tls13_caps_aes[] = {