diff mbox series

[v2,3/5] security: support extra padding with TLS

Message ID 20231003104854.1381-4-anoobj@marvell.com (mailing list archive)
State Accepted, archived
Delegated to: akhil goyal
Headers
Series add TLS record processing security offload |

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Anoob Joseph Oct. 3, 2023, 10:48 a.m. UTC 
  In TLS record write protocol (encrypt), application may request for
extra padding in addition to the default padding which ensures that
crypto payload is aligned to block size. This is required to hide
the size of the traffic from an observer.

Extend the usage of ``rte_crypto_op.aux_flags`` to allow users to
provide extra padding in units of 8B. It is an optional feature and any
device that supports the same can declare so by making use of
corresponding capability.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 lib/cryptodev/rte_crypto.h  | 14 +++++++++++++-
 lib/security/rte_security.h | 16 ++++++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index 9b8d0331a4..7b8f2bdc6d 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -99,8 +99,20 @@  struct rte_crypto_op {
 			/**< operation session type */
 			uint8_t aux_flags;
 			/**< Operation specific auxiliary/additional flags.
-			 * These flags carry additional information from the
+			 * These flags carry additional information from/to the
 			 * operation. Processing of the same is optional.
+			 *
+			 * The flags are defined as RTE_CRYPTO_OP_AUX_FLAGS_* and would be set by
+			 * PMD for application consumption when the status is
+			 * RTE_CRYPTO_OP_STATUS_SUCCESS. In case of errors, the value of this
+			 * field is undefined.
+			 *
+			 * With TLS record offload (RTE_SECURITY_PROTOCOL_TLS_RECORD),
+			 * application may provide the extra padding required for the plaintext
+			 * provided. This field can be used for passing the same in units of 8B. The
+			 * value would be set by application for PMD consumption.
+			 *
+			 * @see struct rte_security_tls_record_sess_options
 			 */
 			uint8_t reserved[2];
 			/**< Reserved bytes to fill 64 bits for
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 54c32c1147..89e61e10ad 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -636,6 +636,22 @@  struct rte_security_tls_record_sess_options {
 	 *      and application is not required to provide IV.
 	 */
 	uint32_t iv_gen_disable : 1;
+	/** Enable extra padding
+	 *
+	 *  TLS allows user to pad the plain text to hide the actual size of the record. This is
+	 *  required to achieve traffic flow confidentiality in case of TLS/DTLS flows. This padding
+	 *  is in addition to the default padding performed by PMD (which ensures ciphertext is
+	 *  aligned to block size).
+	 *
+	 *  On supported devices, application may pass the required additional padding via
+	 *  ``rte_crypto_op.aux_flags`` field.
+	 *
+	 * 1 : Enable extra padding of the plain text provided. The extra padding value would be
+	 *     read from ``rte_crypto_op.aux_flags``.
+	 *
+	 * 0 : Disable extra padding
+	 */
+	uint32_t extra_padding_enable : 1;
 };
 
 /**