Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/135669/?format=api
https://patches.dpdk.org/api/patches/135669/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/patch/20240102045417.115-23-anoobj@marvell.com/", "project": { "id": 1, "url": "https://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20240102045417.115-23-anoobj@marvell.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20240102045417.115-23-anoobj@marvell.com", "date": "2024-01-02T04:54:15", "name": "[v2,22/24] crypto/cnxk: add support for TLS 1.3", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "42ca0f383d99f5a7e530fb9754c7b0031abafb5d", "submitter": { "id": 1205, "url": "https://patches.dpdk.org/api/people/1205/?format=api", "name": "Anoob Joseph", "email": "anoobj@marvell.com" }, "delegate": { "id": 6690, "url": "https://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "https://patches.dpdk.org/project/dpdk/patch/20240102045417.115-23-anoobj@marvell.com/mbox/", "series": [ { "id": 30694, "url": "https://patches.dpdk.org/api/series/30694/?format=api", "web_url": "https://patches.dpdk.org/project/dpdk/list/?series=30694", "date": "2024-01-02T04:53:53", "name": "Fixes and improvements in crypto cnxk", "version": 2, "mbox": "https://patches.dpdk.org/series/30694/mbox/" } ], "comments": "https://patches.dpdk.org/api/patches/135669/comments/", "check": "success", "checks": "https://patches.dpdk.org/api/patches/135669/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@inbox.dpdk.org", "Delivered-To": "patchwork@inbox.dpdk.org", "Received": [ "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 4C795437F8;\n\tTue, 2 Jan 2024 05:57:21 +0100 (CET)", "from mails.dpdk.org (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 96C8C40ECF;\n\tTue, 2 Jan 2024 05:57:00 +0100 (CET)", "from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com\n [67.231.148.174])\n by mails.dpdk.org (Postfix) with ESMTP id 5479140A76\n for <dev@dpdk.org>; Tue, 2 Jan 2024 05:56:55 +0100 (CET)", "from pps.filterd (m0045849.ppops.net [127.0.0.1])\n by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id\n 401MmZgC026172 for <dev@dpdk.org>; Mon, 1 Jan 2024 20:56:54 -0800", "from dc5-exch01.marvell.com ([199.233.59.181])\n by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3vb5c346a1-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)\n for <dev@dpdk.org>; Mon, 01 Jan 2024 20:56:54 -0800 (PST)", "from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48;\n Mon, 1 Jan 2024 20:56:52 -0800", "from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com\n (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend\n Transport; Mon, 1 Jan 2024 20:56:52 -0800", "from BG-LT92004.corp.innovium.com (unknown [10.28.163.189])\n by maili.marvell.com (Postfix) with ESMTP id 06C213F7081;\n Mon, 1 Jan 2024 20:56:48 -0800 (PST)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=\n from:to:cc:subject:date:message-id:in-reply-to:references\n :mime-version:content-transfer-encoding:content-type; s=\n pfpt0220; bh=dwz/4bDK3jS+DipkgJgJkNcQlk9mhNfKgwYvnwiTdr4=; b=FjH\n TYr4io49ck5FUF42SJugOauY79ey7bcgZ7O10zBjFbEhOn55Mm5EljYozrwt1t/6\n 14rip0PGU46Y0oOgUkrr6TyHRTAbqlJKuLaGKr3GVBE2OGh0Csu1UDFnKdtHB3WH\n zkaOP2EPjjudqP4EQOplmPXN2Gu2dmEcIyHu5qwxmseATjOfEGtB8QRq/007ivzy\n pUVclm2bbVv8sEXPooVsa5xqBp1mnpMlnJzAL2EPtPuHQ8ruJJ1sOcEofp61Uzux\n eIKbDMY8QRtAn4Vy7fmezoMiNjQW61Sa/q4u4hvI6evVnwfgJC6lraTKMKrZdwFD\n R7b/Vd+CakzTf9YZAnA==", "From": "Anoob Joseph <anoobj@marvell.com>", "To": "Akhil Goyal <gakhil@marvell.com>", "CC": "Vidya Sagar Velumuri <vvelumuri@marvell.com>, Jerin Jacob\n <jerinj@marvell.com>,\n Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org>", "Subject": "[PATCH v2 22/24] crypto/cnxk: add support for TLS 1.3", "Date": "Tue, 2 Jan 2024 10:24:15 +0530", "Message-ID": "<20240102045417.115-23-anoobj@marvell.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20240102045417.115-1-anoobj@marvell.com>", "References": "<20231221123545.510-1-anoobj@marvell.com>\n <20240102045417.115-1-anoobj@marvell.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-Proofpoint-GUID": "NLlg_mr36DyRByZEUFZHbzZNbnfTRHc7", "X-Proofpoint-ORIG-GUID": "NLlg_mr36DyRByZEUFZHbzZNbnfTRHc7", "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26\n definitions=2023-12-09_02,2023-12-07_01,2023-05-22_02", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org" }, "content": "From: Vidya Sagar Velumuri <vvelumuri@marvell.com>\n\nAdd support for TLS-1.3.\n\nSigned-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>\n---\n drivers/common/cnxk/roc_ie_ot_tls.h | 50 +++++--\n drivers/crypto/cnxk/cn10k_cryptodev_sec.h | 3 +-\n drivers/crypto/cnxk/cn10k_tls.c | 159 +++++++++++++---------\n 3 files changed, 136 insertions(+), 76 deletions(-)", "diff": "diff --git a/drivers/common/cnxk/roc_ie_ot_tls.h b/drivers/common/cnxk/roc_ie_ot_tls.h\nindex 61955ef4d1..91ddb25f7a 100644\n--- a/drivers/common/cnxk/roc_ie_ot_tls.h\n+++ b/drivers/common/cnxk/roc_ie_ot_tls.h\n@@ -17,8 +17,10 @@\n \t(PLT_ALIGN_CEIL(ROC_IE_OT_TLS_AR_WIN_SIZE_MAX, BITS_PER_LONG_LONG) / BITS_PER_LONG_LONG)\n \n /* CN10K TLS opcodes */\n-#define ROC_IE_OT_TLS_MAJOR_OP_RECORD_ENC 0x16UL\n-#define ROC_IE_OT_TLS_MAJOR_OP_RECORD_DEC 0x17UL\n+#define ROC_IE_OT_TLS_MAJOR_OP_RECORD_ENC 0x16UL\n+#define ROC_IE_OT_TLS_MAJOR_OP_RECORD_DEC 0x17UL\n+#define ROC_IE_OT_TLS13_MAJOR_OP_RECORD_ENC 0x18UL\n+#define ROC_IE_OT_TLS13_MAJOR_OP_RECORD_DEC 0x19UL\n \n #define ROC_IE_OT_TLS_CTX_MAX_OPAD_IPAD_LEN 128\n #define ROC_IE_OT_TLS_CTX_MAX_KEY_IV_LEN 48\n@@ -42,6 +44,7 @@ enum roc_ie_ot_tls_cipher_type {\n enum roc_ie_ot_tls_ver {\n \tROC_IE_OT_TLS_VERSION_TLS_12 = 1,\n \tROC_IE_OT_TLS_VERSION_DTLS_12 = 2,\n+\tROC_IE_OT_TLS_VERSION_TLS_13 = 3,\n };\n \n enum roc_ie_ot_tls_aes_key_len {\n@@ -131,11 +134,23 @@ struct roc_ie_ot_tls_read_sa {\n \t/* Word4 - Word9 */\n \tuint8_t cipher_key[ROC_IE_OT_TLS_CTX_MAX_KEY_IV_LEN];\n \n-\t/* Word10 - Word25 */\n-\tuint8_t opad_ipad[ROC_IE_OT_TLS_CTX_MAX_OPAD_IPAD_LEN];\n+\tunion {\n+\t\tstruct {\n+\t\t\t/* Word10 */\n+\t\t\tuint64_t w10_rsvd6;\n+\n+\t\t\t/* Word11 - Word25 */\n+\t\t\tstruct roc_ie_ot_tls_read_ctx_update_reg ctx;\n+\t\t} tls_13;\n+\n+\t\tstruct {\n+\t\t\t/* Word10 - Word25 */\n+\t\t\tuint8_t opad_ipad[ROC_IE_OT_TLS_CTX_MAX_OPAD_IPAD_LEN];\n \n-\t/* Word26 - Word32 */\n-\tstruct roc_ie_ot_tls_read_ctx_update_reg ctx;\n+\t\t\t/* Word26 - Word95 */\n+\t\t\tstruct roc_ie_ot_tls_read_ctx_update_reg ctx;\n+\t\t} tls_12;\n+\t};\n };\n \n struct roc_ie_ot_tls_write_sa {\n@@ -187,13 +202,24 @@ struct roc_ie_ot_tls_write_sa {\n \t/* Word4 - Word9 */\n \tuint8_t cipher_key[ROC_IE_OT_TLS_CTX_MAX_KEY_IV_LEN];\n \n-\t/* Word10 - Word25 */\n-\tuint8_t opad_ipad[ROC_IE_OT_TLS_CTX_MAX_OPAD_IPAD_LEN];\n+\tunion {\n+\t\tstruct {\n+\t\t\t/* Word10 */\n+\t\t\tuint64_t w10_rsvd7;\n+\n+\t\t\tuint64_t seq_num;\n+\t\t} tls_13;\n+\n+\t\tstruct {\n+\t\t\t/* Word10 - Word25 */\n+\t\t\tuint8_t opad_ipad[ROC_IE_OT_TLS_CTX_MAX_OPAD_IPAD_LEN];\n \n-\t/* Word26 */\n-\tuint64_t w26_rsvd7;\n+\t\t\t/* Word26 */\n+\t\t\tuint64_t w26_rsvd7;\n \n-\t/* Word27 */\n-\tuint64_t seq_num;\n+\t\t\t/* Word27 */\n+\t\t\tuint64_t seq_num;\n+\t\t} tls_12;\n+\t};\n };\n #endif /* __ROC_IE_OT_TLS_H__ */\ndiff --git a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h\nindex 33fd3aa398..1e117051cc 100644\n--- a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h\n+++ b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h\n@@ -31,8 +31,7 @@ struct cn10k_sec_session {\n \t\t} ipsec;\n \t\tstruct {\n \t\t\tuint8_t enable_padding : 1;\n-\t\t\tuint8_t hdr_len : 4;\n-\t\t\tuint8_t rvsd : 3;\n+\t\t\tuint8_t rvsd : 7;\n \t\t\tbool is_write;\n \t\t} tls;\n \t};\ndiff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c\nindex 6f6fdf95ee..1c1d2e9ece 100644\n--- a/drivers/crypto/cnxk/cn10k_tls.c\n+++ b/drivers/crypto/cnxk/cn10k_tls.c\n@@ -105,7 +105,8 @@ cnxk_tls_xform_verify(struct rte_security_tls_record_xform *tls_xform,\n \tint ret = 0;\n \n \tif ((tls_xform->ver != RTE_SECURITY_VERSION_TLS_1_2) &&\n-\t (tls_xform->ver != RTE_SECURITY_VERSION_DTLS_1_2))\n+\t (tls_xform->ver != RTE_SECURITY_VERSION_DTLS_1_2) &&\n+\t (tls_xform->ver != RTE_SECURITY_VERSION_TLS_1_3))\n \t\treturn -EINVAL;\n \n \tif ((tls_xform->type != RTE_SECURITY_TLS_SESS_TYPE_READ) &&\n@@ -115,6 +116,12 @@ cnxk_tls_xform_verify(struct rte_security_tls_record_xform *tls_xform,\n \tif (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)\n \t\treturn tls_xform_aead_verify(tls_xform, crypto_xform);\n \n+\t/* TLS-1.3 only support AEAD.\n+\t * Control should not reach here for TLS-1.3\n+\t */\n+\tif (tls_xform->ver == RTE_SECURITY_VERSION_TLS_1_3)\n+\t\treturn -EINVAL;\n+\n \tif (tls_xform->type == RTE_SECURITY_TLS_SESS_TYPE_WRITE) {\n \t\t/* Egress */\n \n@@ -259,7 +266,7 @@ tls_write_sa_init(struct roc_ie_ot_tls_write_sa *sa)\n \n \tmemset(sa, 0, sizeof(struct roc_ie_ot_tls_write_sa));\n \n-\toffset = offsetof(struct roc_ie_ot_tls_write_sa, w26_rsvd7);\n+\toffset = offsetof(struct roc_ie_ot_tls_write_sa, tls_12.w26_rsvd7);\n \tsa->w0.s.hw_ctx_off = offset / ROC_CTX_UNIT_8B;\n \tsa->w0.s.ctx_push_size = sa->w0.s.hw_ctx_off;\n \tsa->w0.s.ctx_size = ROC_IE_OT_TLS_CTX_ILEN;\n@@ -274,7 +281,7 @@ tls_read_sa_init(struct roc_ie_ot_tls_read_sa *sa)\n \n \tmemset(sa, 0, sizeof(struct roc_ie_ot_tls_read_sa));\n \n-\toffset = offsetof(struct roc_ie_ot_tls_read_sa, ctx);\n+\toffset = offsetof(struct roc_ie_ot_tls_read_sa, tls_12.ctx);\n \tsa->w0.s.hw_ctx_off = offset / ROC_CTX_UNIT_8B;\n \tsa->w0.s.ctx_push_size = sa->w0.s.hw_ctx_off;\n \tsa->w0.s.ctx_size = ROC_IE_OT_TLS_CTX_ILEN;\n@@ -283,13 +290,18 @@ tls_read_sa_init(struct roc_ie_ot_tls_read_sa *sa)\n }\n \n static size_t\n-tls_read_ctx_size(struct roc_ie_ot_tls_read_sa *sa)\n+tls_read_ctx_size(struct roc_ie_ot_tls_read_sa *sa, enum rte_security_tls_version tls_ver)\n {\n \tsize_t size;\n \n \t/* Variable based on Anti-replay Window */\n-\tsize = offsetof(struct roc_ie_ot_tls_read_sa, ctx) +\n-\t offsetof(struct roc_ie_ot_tls_read_ctx_update_reg, ar_winbits);\n+\tif (tls_ver == RTE_SECURITY_VERSION_TLS_1_3) {\n+\t\tsize = offsetof(struct roc_ie_ot_tls_read_sa, tls_13.ctx) +\n+\t\t offsetof(struct roc_ie_ot_tls_read_ctx_update_reg, ar_winbits);\n+\t} else {\n+\t\tsize = offsetof(struct roc_ie_ot_tls_read_sa, tls_12.ctx) +\n+\t\t offsetof(struct roc_ie_ot_tls_read_ctx_update_reg, ar_winbits);\n+\t}\n \n \tif (sa->w0.s.ar_win)\n \t\tsize += (1 << (sa->w0.s.ar_win - 1)) * sizeof(uint64_t);\n@@ -302,6 +314,7 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa,\n \t\t struct rte_security_tls_record_xform *tls_xfrm,\n \t\t struct rte_crypto_sym_xform *crypto_xfrm)\n {\n+\tenum rte_security_tls_version tls_ver = tls_xfrm->ver;\n \tstruct rte_crypto_sym_xform *auth_xfrm, *cipher_xfrm;\n \tconst uint8_t *key = NULL;\n \tuint64_t *tmp, *tmp_key;\n@@ -313,13 +326,22 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa,\n \t/* Initialize the SA */\n \tmemset(read_sa, 0, sizeof(struct roc_ie_ot_tls_read_sa));\n \n+\tif (tls_ver == RTE_SECURITY_VERSION_TLS_1_2) {\n+\t\tread_sa->w2.s.version_select = ROC_IE_OT_TLS_VERSION_TLS_12;\n+\t\tread_sa->tls_12.ctx.ar_valid_mask = tls_xfrm->tls_1_2.seq_no - 1;\n+\t} else if (tls_ver == RTE_SECURITY_VERSION_DTLS_1_2) {\n+\t\tread_sa->w2.s.version_select = ROC_IE_OT_TLS_VERSION_DTLS_12;\n+\t} else if (tls_ver == RTE_SECURITY_VERSION_TLS_1_3) {\n+\t\tread_sa->w2.s.version_select = ROC_IE_OT_TLS_VERSION_TLS_13;\n+\t\tread_sa->tls_13.ctx.ar_valid_mask = tls_xfrm->tls_1_3.seq_no - 1;\n+\t}\n+\n \tcipher_key = read_sa->cipher_key;\n \n \t/* Set encryption algorithm */\n \tif ((crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) &&\n \t (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)) {\n \t\tread_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM;\n-\t\tread_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_256;\n \n \t\tlength = crypto_xfrm->aead.key.length;\n \t\tif (length == 16)\n@@ -330,10 +352,12 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa,\n \t\tkey = crypto_xfrm->aead.key.data;\n \t\tmemcpy(cipher_key, key, length);\n \n-\t\tif (tls_xfrm->ver == RTE_SECURITY_VERSION_TLS_1_2)\n+\t\tif (tls_ver == RTE_SECURITY_VERSION_TLS_1_2)\n \t\t\tmemcpy(((uint8_t *)cipher_key + 32), &tls_xfrm->tls_1_2.imp_nonce, 4);\n-\t\telse if (tls_xfrm->ver == RTE_SECURITY_VERSION_DTLS_1_2)\n+\t\telse if (tls_ver == RTE_SECURITY_VERSION_DTLS_1_2)\n \t\t\tmemcpy(((uint8_t *)cipher_key + 32), &tls_xfrm->dtls_1_2.imp_nonce, 4);\n+\t\telse if (tls_ver == RTE_SECURITY_VERSION_TLS_1_3)\n+\t\t\tmemcpy(((uint8_t *)cipher_key + 32), &tls_xfrm->tls_1_3.imp_nonce, 12);\n \n \t\tgoto key_swap;\n \t}\n@@ -377,9 +401,10 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa,\n \t\treturn -EINVAL;\n \n \troc_se_hmac_opad_ipad_gen(read_sa->w2.s.mac_select, auth_xfrm->auth.key.data,\n-\t\t\t\t auth_xfrm->auth.key.length, read_sa->opad_ipad, ROC_SE_TLS);\n+\t\t\t\t auth_xfrm->auth.key.length, read_sa->tls_12.opad_ipad,\n+\t\t\t\t ROC_SE_TLS);\n \n-\ttmp = (uint64_t *)read_sa->opad_ipad;\n+\ttmp = (uint64_t *)read_sa->tls_12.opad_ipad;\n \tfor (i = 0; i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN / sizeof(uint64_t)); i++)\n \t\ttmp[i] = rte_be_to_cpu_64(tmp[i]);\n \n@@ -403,24 +428,20 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa,\n \tread_sa->w0.s.ctx_hdr_size = ROC_IE_OT_TLS_CTX_HDR_SIZE;\n \tread_sa->w0.s.aop_valid = 1;\n \n-\toffset = offsetof(struct roc_ie_ot_tls_read_sa, ctx);\n+\toffset = offsetof(struct roc_ie_ot_tls_read_sa, tls_12.ctx);\n+\tif (tls_ver == RTE_SECURITY_VERSION_TLS_1_3)\n+\t\toffset = offsetof(struct roc_ie_ot_tls_read_sa, tls_13.ctx);\n+\n+\t/* Entire context size in 128B units */\n+\tread_sa->w0.s.ctx_size =\n+\t\t(PLT_ALIGN_CEIL(tls_read_ctx_size(read_sa, tls_ver), ROC_CTX_UNIT_128B) /\n+\t\t ROC_CTX_UNIT_128B) -\n+\t\t1;\n \n \t/* Word offset for HW managed CTX field */\n \tread_sa->w0.s.hw_ctx_off = offset / 8;\n \tread_sa->w0.s.ctx_push_size = read_sa->w0.s.hw_ctx_off;\n \n-\t/* Entire context size in 128B units */\n-\tread_sa->w0.s.ctx_size = (PLT_ALIGN_CEIL(tls_read_ctx_size(read_sa), ROC_CTX_UNIT_128B) /\n-\t\t\t\t ROC_CTX_UNIT_128B) -\n-\t\t\t\t 1;\n-\n-\tif (tls_xfrm->ver == RTE_SECURITY_VERSION_TLS_1_2) {\n-\t\tread_sa->w2.s.version_select = ROC_IE_OT_TLS_VERSION_TLS_12;\n-\t\tread_sa->ctx.ar_valid_mask = tls_xfrm->tls_1_2.seq_no - 1;\n-\t} else if (tls_xfrm->ver == RTE_SECURITY_VERSION_DTLS_1_2) {\n-\t\tread_sa->w2.s.version_select = ROC_IE_OT_TLS_VERSION_DTLS_12;\n-\t}\n-\n \trte_wmb();\n \n \treturn 0;\n@@ -431,6 +452,7 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa,\n \t\t struct rte_security_tls_record_xform *tls_xfrm,\n \t\t struct rte_crypto_sym_xform *crypto_xfrm)\n {\n+\tenum rte_security_tls_version tls_ver = tls_xfrm->ver;\n \tstruct rte_crypto_sym_xform *auth_xfrm, *cipher_xfrm;\n \tconst uint8_t *key = NULL;\n \tuint8_t *cipher_key;\n@@ -438,13 +460,25 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa,\n \tint i, length = 0;\n \tsize_t offset;\n \n+\tif (tls_ver == RTE_SECURITY_VERSION_TLS_1_2) {\n+\t\twrite_sa->w2.s.version_select = ROC_IE_OT_TLS_VERSION_TLS_12;\n+\t\twrite_sa->tls_12.seq_num = tls_xfrm->tls_1_2.seq_no - 1;\n+\t} else if (tls_ver == RTE_SECURITY_VERSION_DTLS_1_2) {\n+\t\twrite_sa->w2.s.version_select = ROC_IE_OT_TLS_VERSION_DTLS_12;\n+\t\twrite_sa->tls_12.seq_num = ((uint64_t)tls_xfrm->dtls_1_2.epoch << 48) |\n+\t\t\t\t\t (tls_xfrm->dtls_1_2.seq_no & 0x0000ffffffffffff);\n+\t\twrite_sa->tls_12.seq_num -= 1;\n+\t} else if (tls_ver == RTE_SECURITY_VERSION_TLS_1_3) {\n+\t\twrite_sa->w2.s.version_select = ROC_IE_OT_TLS_VERSION_TLS_13;\n+\t\twrite_sa->tls_13.seq_num = tls_xfrm->tls_1_3.seq_no - 1;\n+\t}\n+\n \tcipher_key = write_sa->cipher_key;\n \n \t/* Set encryption algorithm */\n \tif ((crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) &&\n \t (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)) {\n \t\twrite_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM;\n-\t\twrite_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_256;\n \n \t\tlength = crypto_xfrm->aead.key.length;\n \t\tif (length == 16)\n@@ -455,10 +489,12 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa,\n \t\tkey = crypto_xfrm->aead.key.data;\n \t\tmemcpy(cipher_key, key, length);\n \n-\t\tif (tls_xfrm->ver == RTE_SECURITY_VERSION_TLS_1_2)\n+\t\tif (tls_ver == RTE_SECURITY_VERSION_TLS_1_2)\n \t\t\tmemcpy(((uint8_t *)cipher_key + 32), &tls_xfrm->tls_1_2.imp_nonce, 4);\n-\t\telse if (tls_xfrm->ver == RTE_SECURITY_VERSION_DTLS_1_2)\n+\t\telse if (tls_ver == RTE_SECURITY_VERSION_DTLS_1_2)\n \t\t\tmemcpy(((uint8_t *)cipher_key + 32), &tls_xfrm->dtls_1_2.imp_nonce, 4);\n+\t\telse if (tls_ver == RTE_SECURITY_VERSION_TLS_1_3)\n+\t\t\tmemcpy(((uint8_t *)cipher_key + 32), &tls_xfrm->tls_1_3.imp_nonce, 12);\n \n \t\tgoto key_swap;\n \t}\n@@ -506,11 +542,11 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa,\n \t\t\treturn -EINVAL;\n \n \t\troc_se_hmac_opad_ipad_gen(write_sa->w2.s.mac_select, auth_xfrm->auth.key.data,\n-\t\t\t\t\t auth_xfrm->auth.key.length, write_sa->opad_ipad,\n+\t\t\t\t\t auth_xfrm->auth.key.length, write_sa->tls_12.opad_ipad,\n \t\t\t\t\t ROC_SE_TLS);\n \t}\n \n-\ttmp_key = (uint64_t *)write_sa->opad_ipad;\n+\ttmp_key = (uint64_t *)write_sa->tls_12.opad_ipad;\n \tfor (i = 0; i < (int)(ROC_CTX_MAX_OPAD_IPAD_LEN / sizeof(uint64_t)); i++)\n \t\ttmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);\n \n@@ -520,40 +556,37 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa,\n \t\ttmp_key[i] = rte_be_to_cpu_64(tmp_key[i]);\n \n \twrite_sa->w0.s.ctx_hdr_size = ROC_IE_OT_TLS_CTX_HDR_SIZE;\n-\toffset = offsetof(struct roc_ie_ot_tls_write_sa, w26_rsvd7);\n-\n-\t/* Word offset for HW managed CTX field */\n-\twrite_sa->w0.s.hw_ctx_off = offset / 8;\n-\twrite_sa->w0.s.ctx_push_size = write_sa->w0.s.hw_ctx_off;\n-\n \t/* Entire context size in 128B units */\n \twrite_sa->w0.s.ctx_size =\n \t\t(PLT_ALIGN_CEIL(sizeof(struct roc_ie_ot_tls_write_sa), ROC_CTX_UNIT_128B) /\n \t\t ROC_CTX_UNIT_128B) -\n \t\t1;\n-\twrite_sa->w0.s.aop_valid = 1;\n+\toffset = offsetof(struct roc_ie_ot_tls_write_sa, tls_12.w26_rsvd7);\n \n-\tif (tls_xfrm->ver == RTE_SECURITY_VERSION_TLS_1_2) {\n-\t\twrite_sa->w2.s.version_select = ROC_IE_OT_TLS_VERSION_TLS_12;\n-\t\twrite_sa->seq_num = tls_xfrm->tls_1_2.seq_no - 1;\n-\t} else if (tls_xfrm->ver == RTE_SECURITY_VERSION_DTLS_1_2) {\n-\t\twrite_sa->w2.s.version_select = ROC_IE_OT_TLS_VERSION_DTLS_12;\n-\t\twrite_sa->seq_num = ((uint64_t)tls_xfrm->dtls_1_2.epoch << 48) |\n-\t\t\t\t (tls_xfrm->dtls_1_2.seq_no & 0x0000ffffffffffff);\n-\t\twrite_sa->seq_num -= 1;\n+\tif (tls_ver == RTE_SECURITY_VERSION_TLS_1_3) {\n+\t\toffset = offsetof(struct roc_ie_ot_tls_write_sa, tls_13.w10_rsvd7);\n+\t\twrite_sa->w0.s.ctx_size -= 1;\n \t}\n \n+\t/* Word offset for HW managed CTX field */\n+\twrite_sa->w0.s.hw_ctx_off = offset / 8;\n+\twrite_sa->w0.s.ctx_push_size = write_sa->w0.s.hw_ctx_off;\n+\n+\twrite_sa->w0.s.aop_valid = 1;\n+\n \twrite_sa->w2.s.iv_at_cptr = ROC_IE_OT_TLS_IV_SRC_DEFAULT;\n \n+\tif (write_sa->w2.s.version_select != ROC_IE_OT_TLS_VERSION_TLS_13) {\n #ifdef LA_IPSEC_DEBUG\n-\tif (tls_xfrm->options.iv_gen_disable == 1)\n-\t\twrite_sa->w2.s.iv_at_cptr = ROC_IE_OT_TLS_IV_SRC_FROM_SA;\n+\t\tif (tls_xfrm->options.iv_gen_disable == 1)\n+\t\t\twrite_sa->w2.s.iv_at_cptr = ROC_IE_OT_TLS_IV_SRC_FROM_SA;\n #else\n-\tif (tls_xfrm->options.iv_gen_disable) {\n-\t\tplt_err(\"Application provided IV is not supported\");\n-\t\treturn -ENOTSUP;\n-\t}\n+\t\tif (tls_xfrm->options.iv_gen_disable) {\n+\t\t\tplt_err(\"Application provided IV is not supported\");\n+\t\t\treturn -ENOTSUP;\n+\t\t}\n #endif\n+\t}\n \n \trte_wmb();\n \n@@ -599,20 +632,17 @@ cn10k_tls_read_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,\n \t\tsec_sess->iv_length = crypto_xfrm->auth.iv.length;\n \t}\n \n-\tif (sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_DTLS_12)\n-\t\tsec_sess->tls.hdr_len = 13;\n-\telse if (sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_TLS_12)\n-\t\tsec_sess->tls.hdr_len = 5;\n-\n \tsec_sess->proto = RTE_SECURITY_PROTOCOL_TLS_RECORD;\n \n-\t/* Enable mib counters */\n-\tsa_dptr->w0.s.count_mib_bytes = 1;\n-\tsa_dptr->w0.s.count_mib_pkts = 1;\n-\n \t/* pre-populate CPT INST word 4 */\n \tinst_w4.u64 = 0;\n-\tinst_w4.s.opcode_major = ROC_IE_OT_TLS_MAJOR_OP_RECORD_DEC | ROC_IE_OT_INPLACE_BIT;\n+\tif ((sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_TLS_12) ||\n+\t (sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_DTLS_12)) {\n+\t\tinst_w4.s.opcode_major = ROC_IE_OT_TLS_MAJOR_OP_RECORD_DEC | ROC_IE_OT_INPLACE_BIT;\n+\t} else if (sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_TLS_13) {\n+\t\tinst_w4.s.opcode_major =\n+\t\t\tROC_IE_OT_TLS13_MAJOR_OP_RECORD_DEC | ROC_IE_OT_INPLACE_BIT;\n+\t}\n \n \tsec_sess->inst.w4 = inst_w4.u64;\n \tsec_sess->inst.w7 = cpt_inst_w7_get(roc_cpt, read_sa);\n@@ -689,8 +719,13 @@ cn10k_tls_write_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf,\n \n \t/* pre-populate CPT INST word 4 */\n \tinst_w4.u64 = 0;\n-\tinst_w4.s.opcode_major = ROC_IE_OT_TLS_MAJOR_OP_RECORD_ENC | ROC_IE_OT_INPLACE_BIT;\n-\n+\tif ((sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_TLS_12) ||\n+\t (sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_DTLS_12)) {\n+\t\tinst_w4.s.opcode_major = ROC_IE_OT_TLS_MAJOR_OP_RECORD_ENC | ROC_IE_OT_INPLACE_BIT;\n+\t} else if (sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_TLS_13) {\n+\t\tinst_w4.s.opcode_major =\n+\t\t\tROC_IE_OT_TLS13_MAJOR_OP_RECORD_ENC | ROC_IE_OT_INPLACE_BIT;\n+\t}\n \tsec_sess->inst.w4 = inst_w4.u64;\n \tsec_sess->inst.w7 = cpt_inst_w7_get(roc_cpt, write_sa);\n \n", "prefixes": [ "v2", "22/24" ] }{ "id": 135669, "url": "