From patchwork Fri Mar 15 05:42:07 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vidya Sagar Velumuri <vvelumuri@marvell.com>
X-Patchwork-Id: 138414
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id B4BF843CA6;
	Fri, 15 Mar 2024 06:43:15 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id C60E942EBB;
	Fri, 15 Mar 2024 06:43:05 +0100 (CET)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173])
 by mails.dpdk.org (Postfix) with ESMTP id 76AA1410FC
 for <dev@dpdk.org>; Fri, 15 Mar 2024 06:42:23 +0100 (CET)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id
 42F0ahnB019063 for <dev@dpdk.org>; Thu, 14 Mar 2024 22:42:22 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=
 from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding:content-type; s=
 pfpt0220; bh=Zv5cvllg8EZNEww++ZIOPHD3RjU6K5Wt9AZ7YKGn3mU=; b=eS7
 4rgri+kck7bFgSCuDxco5W8zSutZhLKTc7CDjB2/suDu/cKZtTgTbnD3IldWvP01
 MzfhGT7eOkKuu8mq9QCINnZax3IWSN94HwEHp8/40vwYJA8mg0+U1eEnGhOeskEJ
 EQV5VWJ8Zq3FFiqKrUUrkJ3eeRpCPvXpeBq7bRFkDV3K7PA6LwZSvtLZ+HgIKyps
 o3xMlCAAAggu5dnV4S10Q3Uk1B/+h8qPGLQvmZGuWjT77mPtoVSXtuFKrSHJtrYQ
 5vGXvmGHXPCiHOMdySY9tpN+Tbep+rD0TuOYB8HAdAgv9Z6Zn10FJnH0n+E8jXbG
 c4gecL8DPdgk8o4EWAA==
Received: from dc6wp-exch02.marvell.com ([4.21.29.225])
 by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wvbxbrpfy-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
 for <dev@dpdk.org>; Thu, 14 Mar 2024 22:42:22 -0700 (PDT)
Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by
 DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1258.12; Thu, 14 Mar 2024 22:42:21 -0700
Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com
 (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend
 Transport; Thu, 14 Mar 2024 22:42:21 -0700
Received: from BG-LT92004.corp.innovium.com (unknown [10.193.69.194])
 by maili.marvell.com (Postfix) with ESMTP id 9D5603F703F;
 Thu, 14 Mar 2024 22:42:19 -0700 (PDT)
From: Vidya Sagar Velumuri <vvelumuri@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>
CC: Jerin Jacob <jerinj@marvell.com>, <dev@dpdk.org>, Aakash Sasidharan
 <asasidharan@marvell.com>, Anoob Joseph <anoobj@marvell.com>
Subject: [PATCH v3 2/8] crypto/cnxk: enable sha384 and chachapoly for tls
Date: Fri, 15 Mar 2024 11:12:07 +0530
Message-ID: <20240315054213.540-3-vvelumuri@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20240315054213.540-1-vvelumuri@marvell.com>
References: <20240314131839.3362494-1-vvelumuri@marvell.com>
 <20240315054213.540-1-vvelumuri@marvell.com>
MIME-Version: 1.0
X-Proofpoint-GUID: wSPUpRls2VOJnCkvJX1T7xXsckhgZB-2
X-Proofpoint-ORIG-GUID: wSPUpRls2VOJnCkvJX1T7xXsckhgZB-2
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26
 definitions=2024-03-14_13,2024-03-13_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Enable SHA384-HMAC support for TLS & DTLS 1.2.
Enable CHACHA20-POLY1305 support for TLS-1.3.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 drivers/common/cnxk/roc_ie_ot_tls.h           |  1 +
 drivers/crypto/cnxk/cn10k_tls.c               | 56 +++++++++++++------
 drivers/crypto/cnxk/cnxk_cryptodev.h          |  6 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 52 +++++++++++++++++
 4 files changed, 95 insertions(+), 20 deletions(-)

diff --git a/drivers/common/cnxk/roc_ie_ot_tls.h b/drivers/common/cnxk/roc_ie_ot_tls.h
index b85d075e86..39c42775f4 100644
--- a/drivers/common/cnxk/roc_ie_ot_tls.h
+++ b/drivers/common/cnxk/roc_ie_ot_tls.h
@@ -39,6 +39,7 @@ enum roc_ie_ot_tls_cipher_type {
 	ROC_IE_OT_TLS_CIPHER_AES_CBC = 3,
 	ROC_IE_OT_TLS_CIPHER_AES_GCM = 7,
 	ROC_IE_OT_TLS_CIPHER_AES_CCM = 10,
+	ROC_IE_OT_TLS_CIPHER_CHACHA_POLY = 9,
 };
 
 enum roc_ie_ot_tls_ver {
diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c
index b46904d3f8..c95fcfdfa7 100644
--- a/drivers/crypto/cnxk/cn10k_tls.c
+++ b/drivers/crypto/cnxk/cn10k_tls.c
@@ -28,7 +28,8 @@ tls_xform_cipher_auth_verify(struct rte_crypto_sym_xform *cipher_xform,
 	switch (c_algo) {
 	case RTE_CRYPTO_CIPHER_NULL:
 		if ((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) || (a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) ||
-		    (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC))
+		    (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) ||
+		    (a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC))
 			ret = 0;
 		break;
 	case RTE_CRYPTO_CIPHER_3DES_CBC:
@@ -37,7 +38,8 @@ tls_xform_cipher_auth_verify(struct rte_crypto_sym_xform *cipher_xform,
 		break;
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		if ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) ||
-		    (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC))
+		    (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) ||
+		    (a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC))
 			ret = 0;
 		break;
 	default:
@@ -69,7 +71,8 @@ tls_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform)
 
 	if (((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) && (keylen == 16)) ||
 	    ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) && (keylen == 20)) ||
-	    ((a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) && (keylen == 32)))
+	    ((a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) && (keylen == 32)) ||
+	    ((a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC) && (keylen == 48)))
 		return 0;
 
 	return -EINVAL;
@@ -94,6 +97,9 @@ tls_xform_aead_verify(struct rte_security_tls_record_xform *tls_xform,
 			return 0;
 	}
 
+	if ((crypto_xform->aead.algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305) && (keylen == 32))
+		return 0;
+
 	return -EINVAL;
 }
 
@@ -251,6 +257,9 @@ tls_write_rlens_get(struct rte_security_tls_record_xform *tls_xfrm,
 	case RTE_CRYPTO_AUTH_SHA256_HMAC:
 		mac_len = 32;
 		break;
+	case RTE_CRYPTO_AUTH_SHA384_HMAC:
+		mac_len = 32;
+		break;
 	default:
 		mac_len = 0;
 		break;
@@ -339,15 +348,20 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa,
 	cipher_key = read_sa->cipher_key;
 
 	/* Set encryption algorithm */
-	if ((crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) &&
-	    (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)) {
-		read_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM;
-
+	if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
 		length = crypto_xfrm->aead.key.length;
-		if (length == 16)
-			read_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128;
-		else
+		if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
+			read_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM;
+			if (length == 16)
+				read_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128;
+			else
+				read_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256;
+		}
+
+		if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305) {
+			read_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_CHACHA_POLY;
 			read_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256;
+		}
 
 		key = crypto_xfrm->aead.key.data;
 		memcpy(cipher_key, key, length);
@@ -397,6 +411,8 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa,
 		read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA1;
 	else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)
 		read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_256;
+	else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA384_HMAC)
+		read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_384;
 	else
 		return -EINVAL;
 
@@ -476,15 +492,19 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa,
 	cipher_key = write_sa->cipher_key;
 
 	/* Set encryption algorithm */
-	if ((crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) &&
-	    (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)) {
-		write_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM;
-
+	if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
 		length = crypto_xfrm->aead.key.length;
-		if (length == 16)
-			write_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128;
-		else
+		if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
+			write_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM;
+			if (length == 16)
+				write_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128;
+			else
+				write_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256;
+		}
+		if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305) {
+			write_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_CHACHA_POLY;
 			write_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256;
+		}
 
 		key = crypto_xfrm->aead.key.data;
 		memcpy(cipher_key, key, length);
@@ -538,6 +558,8 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa,
 			write_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA1;
 		else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)
 			write_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_256;
+		else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA384_HMAC)
+			write_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_384;
 		else
 			return -EINVAL;
 
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h
index 45d01b94b3..fffc4a47b4 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.h
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.h
@@ -13,9 +13,9 @@
 
 #define CNXK_CPT_MAX_CAPS		 55
 #define CNXK_SEC_IPSEC_CRYPTO_MAX_CAPS	 16
-#define CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS 2
-#define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 6
-#define CNXK_SEC_MAX_CAPS		 17
+#define CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS 3
+#define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 7
+#define CNXK_SEC_MAX_CAPS		 19
 
 /**
  * Device private data
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index db50de5d58..0d5d64b6e7 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -1639,6 +1639,27 @@ static const struct rte_cryptodev_capabilities sec_tls12_caps_sha1_sha2[] = {
 			}, }
 		}, }
 	},
+	{	/* SHA384 HMAC */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+			{.auth = {
+				.algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
+				.block_size = 64,
+				.key_size = {
+					.min = 48,
+					.max = 48,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 48,
+					.max = 48,
+					.increment = 0
+				},
+			}, }
+		}, }
+	},
+
 };
 
 static const struct rte_cryptodev_capabilities sec_tls13_caps_aes[] = {
@@ -1672,6 +1693,37 @@ static const struct rte_cryptodev_capabilities sec_tls13_caps_aes[] = {
 			}, }
 		}, }
 	},
+	{	/* CHACHA POLY */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
+				.block_size = 64,
+				.key_size = {
+					.min = 32,
+					.max = 32,
+					.increment = 0
+				},
+				.digest_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.aad_size = {
+					.min = 5,
+					.max = 5,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+
 };