Enable CHACHA20-POLY1305 support for TLS-1.3.
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
drivers/common/cnxk/roc_ie_ot_tls.h | 1 +
drivers/crypto/cnxk/cn10k_tls.c | 40 ++++++++++++-------
drivers/crypto/cnxk/cnxk_cryptodev.h | 4 +-
.../crypto/cnxk/cnxk_cryptodev_capabilities.c | 31 ++++++++++++++
4 files changed, 60 insertions(+), 16 deletions(-)
@@ -39,6 +39,7 @@ enum roc_ie_ot_tls_cipher_type {
ROC_IE_OT_TLS_CIPHER_AES_CBC = 3,
ROC_IE_OT_TLS_CIPHER_AES_GCM = 7,
ROC_IE_OT_TLS_CIPHER_AES_CCM = 10,
+ ROC_IE_OT_TLS_CIPHER_CHACHA_POLY = 9,
};
enum roc_ie_ot_tls_ver {
@@ -97,6 +97,9 @@ tls_xform_aead_verify(struct rte_security_tls_record_xform *tls_xform,
return 0;
}
+ if ((crypto_xform->aead.algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305) && (keylen == 32))
+ return 0;
+
return -EINVAL;
}
@@ -351,15 +354,20 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa,
cipher_key = read_sa->cipher_key;
/* Set encryption algorithm */
- if ((crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) &&
- (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)) {
- read_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM;
-
+ if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
length = crypto_xfrm->aead.key.length;
- if (length == 16)
- read_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128;
- else
+ if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
+ read_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM;
+ if (length == 16)
+ read_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128;
+ else
+ read_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256;
+ }
+
+ if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305) {
+ read_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_CHACHA_POLY;
read_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256;
+ }
key = crypto_xfrm->aead.key.data;
memcpy(cipher_key, key, length);
@@ -500,15 +508,19 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa,
cipher_key = write_sa->cipher_key;
/* Set encryption algorithm */
- if ((crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) &&
- (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)) {
- write_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM;
-
+ if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
length = crypto_xfrm->aead.key.length;
- if (length == 16)
- write_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128;
- else
+ if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) {
+ write_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM;
+ if (length == 16)
+ write_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128;
+ else
+ write_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256;
+ }
+ if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305) {
+ write_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_CHACHA_POLY;
write_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256;
+ }
key = crypto_xfrm->aead.key.data;
memcpy(cipher_key, key, length);
@@ -13,9 +13,9 @@
#define CNXK_CPT_MAX_CAPS 55
#define CNXK_SEC_IPSEC_CRYPTO_MAX_CAPS 16
-#define CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS 2
+#define CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS 3
#define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 7
-#define CNXK_SEC_MAX_CAPS 18
+#define CNXK_SEC_MAX_CAPS 19
/**
* Device private data
@@ -1693,6 +1693,37 @@ static const struct rte_cryptodev_capabilities sec_tls13_caps_aes[] = {
}, }
}, }
},
+ { /* CHACHA POLY */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+ {.aead = {
+ .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
+ .block_size = 64,
+ .key_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .aad_size = {
+ .min = 5,
+ .max = 5,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+
};