From patchwork Tue Jan 2 04:54:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 135670 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 60EAF437F8; Tue, 2 Jan 2024 05:57:29 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6386340DF8; Tue, 2 Jan 2024 05:57:02 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 4B2CE40EA5 for ; Tue, 2 Jan 2024 05:57:00 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 401Nec0F022343 for ; Mon, 1 Jan 2024 20:56:59 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=fQNGS+1vGqqlQDu1szKnqnSreAYUGYcKKcI3zYLgEHY=; b=DOz BGrtz4DJ1tTa4RKla/VhiEcDrPHflcH3a20o8uY8JdxouRvSKztOKOsy77fFWawa C7tckEr7aMhnQpKQIFjME3NxPYT5rELj8E2IcWLkfWOGS0xWpdzJy7cDZJuKXWTE /1EpW3TPByaQyR8Kt1wVmwF1RXt3xD84kTYjTHfJxriKNnwOBcm/plVdHoUhqiSQ bczYMMbn0IDe31LkA+SYeJaWX4umf8YFuI5BWz55YyVKW6jZ7uHtKTUedD8WUo3D WcSZIfLiv4kocbLhvbJCEy2nljSys7tO7I0aH/wt7kKSJJ88VFmh69KtGNnl2o2W ug3RaHBHbA1gyN3vVFQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3vakkkwvv2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Mon, 01 Jan 2024 20:56:59 -0800 (PST) Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Mon, 1 Jan 2024 20:56:57 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Mon, 1 Jan 2024 20:56:57 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id 5EB4B3F7082; Mon, 1 Jan 2024 20:56:53 -0800 (PST) From: Anoob Joseph To: Akhil Goyal CC: Vidya Sagar Velumuri , Jerin Jacob , Tejasree Kondoj , Subject: [PATCH v2 23/24] crypto/cnxk: add TLS 1.3 capability Date: Tue, 2 Jan 2024 10:24:16 +0530 Message-ID: <20240102045417.115-24-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240102045417.115-1-anoobj@marvell.com> References: <20231221123545.510-1-anoobj@marvell.com> <20240102045417.115-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: J822RtIkZUVs7Nb3ZpXOHaIUawl_m7ab X-Proofpoint-GUID: J822RtIkZUVs7Nb3ZpXOHaIUawl_m7ab X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-09_02,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Vidya Sagar Velumuri Add TLS 1.3 record read and write capability Signed-off-by: Vidya Sagar Velumuri --- doc/guides/rel_notes/release_24_03.rst | 4 +- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 92 +++++++++++++++++++ 2 files changed, 94 insertions(+), 2 deletions(-) diff --git a/doc/guides/rel_notes/release_24_03.rst b/doc/guides/rel_notes/release_24_03.rst index f5773bab5a..89110e0650 100644 --- a/doc/guides/rel_notes/release_24_03.rst +++ b/doc/guides/rel_notes/release_24_03.rst @@ -58,8 +58,8 @@ New Features * **Updated Marvell cnxk crypto driver.** * Added support for Rx inject in crypto_cn10k. - * Added support for TLS record processing in crypto_cn10k. Supports TLS 1.2 - and DTLS 1.2. + * Added support for TLS record processing in crypto_cn10k. Supports TLS 1.2, + DTLS 1.2 and TLS 1.3. * Added PMD API to allow raw submission of instructions to CPT. Removed Items diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 73100377d9..db50de5d58 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -40,6 +40,16 @@ RTE_DIM(sec_tls12_caps_##name)); \ } while (0) +#define SEC_TLS13_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, name) \ + do { \ + if ((hw_caps[CPT_ENG_TYPE_SE].name) || \ + (hw_caps[CPT_ENG_TYPE_IE].name) || \ + (hw_caps[CPT_ENG_TYPE_AE].name)) \ + sec_tls13_caps_add(cnxk_caps, cur_pos, \ + sec_tls13_caps_##name, \ + RTE_DIM(sec_tls13_caps_##name)); \ + } while (0) + static const struct rte_cryptodev_capabilities caps_mul[] = { { /* RSA */ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, @@ -1631,6 +1641,40 @@ static const struct rte_cryptodev_capabilities sec_tls12_caps_sha1_sha2[] = { }, }; +static const struct rte_cryptodev_capabilities sec_tls13_caps_aes[] = { + { /* AES GCM */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_AES_GCM, + .block_size = 16, + .key_size = { + .min = 16, + .max = 32, + .increment = 16 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 5, + .max = 5, + .increment = 0 + }, + .iv_size = { + .min = 0, + .max = 0, + .increment = 0 + } + }, } + }, } + }, +}; + + static const struct rte_security_capability sec_caps_templ[] = { { /* IPsec Lookaside Protocol ESP Tunnel Ingress */ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, @@ -1760,6 +1804,26 @@ static const struct rte_security_capability sec_caps_templ[] = { }, .crypto_capabilities = NULL, }, + { /* TLS 1.3 Record Read */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD, + .tls_record = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_READ, + .ar_win_size = 0, + }, + .crypto_capabilities = NULL, + }, + { /* TLS 1.3 Record Write */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD, + .tls_record = { + .ver = RTE_SECURITY_VERSION_TLS_1_3, + .type = RTE_SECURITY_TLS_SESS_TYPE_WRITE, + .ar_win_size = 0, + }, + .crypto_capabilities = NULL, + }, { .action = RTE_SECURITY_ACTION_TYPE_NONE } @@ -2005,6 +2069,33 @@ sec_tls12_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[], sec_tls12_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end)); } +static void +sec_tls13_caps_limit_check(int *cur_pos, int nb_caps) +{ + PLT_VERIFY(*cur_pos + nb_caps <= CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS); +} + +static void +sec_tls13_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos, + const struct rte_cryptodev_capabilities *caps, int nb_caps) +{ + sec_tls13_caps_limit_check(cur_pos, nb_caps); + + memcpy(&cnxk_caps[*cur_pos], caps, nb_caps * sizeof(caps[0])); + *cur_pos += nb_caps; +} + +static void +sec_tls13_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[], + union cpt_eng_caps *hw_caps) +{ + int cur_pos = 0; + + SEC_TLS13_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, aes); + + sec_tls13_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end)); +} + void cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf) { @@ -2016,6 +2107,7 @@ cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf) if (vf->cpt.hw_caps[CPT_ENG_TYPE_SE].tls) { sec_tls12_crypto_caps_populate(vf->sec_tls_1_2_crypto_caps, vf->cpt.hw_caps); sec_tls12_crypto_caps_populate(vf->sec_dtls_1_2_crypto_caps, vf->cpt.hw_caps); + sec_tls13_crypto_caps_populate(vf->sec_tls_1_3_crypto_caps, vf->cpt.hw_caps); } PLT_STATIC_ASSERT(RTE_DIM(sec_caps_templ) <= RTE_DIM(vf->sec_caps));