From patchwork Thu Mar 14 08:38:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vidya Sagar Velumuri X-Patchwork-Id: 138354 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8177743CAE; Thu, 14 Mar 2024 09:39:21 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E4B7242E24; Thu, 14 Mar 2024 09:39:16 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 0B8C040297 for ; Thu, 14 Mar 2024 09:39:13 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42DNgMN1016200 for ; Thu, 14 Mar 2024 01:39:13 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=7JSvnPB0H3WkxjmMnSHOy7OOUi9298WXLFwlZLsZojg=; b=cJU 8IKQA+gQpXqd1tPY8h2ElLPnkVxCtCgH6QLKmM0EGMmsQzGzQAQ6pZJCq+kPkiOQ /ngLgzTMpe8GvIhuev16NLM+fTNUAqPofHfRc77SC00IfE677qZHoqWjNpB+0SOu w2bLQDx7/ImcHqIL6Zy4T70G+HS7RldOZB5c7oCiNSZbDPo/ogq0DgsuLjpSzm2q 2Ooz0V8Um2atUhufjeJjC1Aj1URU1eyNVXWxMmhnLeEyXTI/WW/VYwF6rna0UZhD 1j4VSw6I6/B7RTsxCOtOt/7e9EHkz0GaH1EAw4EZSyYgdIbhOy4l61m1V8LY9xhz 8XO5es5SDATjpknvOfQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wucg2uwsg-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 14 Mar 2024 01:39:13 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Thu, 14 Mar 2024 01:39:05 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Thu, 14 Mar 2024 01:39:04 -0700 Received: from localhost.localdomain (unknown [10.28.36.179]) by maili.marvell.com (Postfix) with ESMTP id 40E205B692D; Thu, 14 Mar 2024 01:39:02 -0700 (PDT) From: Vidya Sagar Velumuri To: Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj CC: , , , , Subject: [PATCH 01/12] crypto/cnxk: multi seg support block ciphers in tls Date: Thu, 14 Mar 2024 01:38:33 -0700 Message-ID: <20240314083844.3319506-2-vvelumuri@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240314083844.3319506-1-vvelumuri@marvell.com> References: <20240314083844.3319506-1-vvelumuri@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: m8uCbvZ5bQ2_E-ewny2PETk6bWvDWgeT X-Proofpoint-GUID: m8uCbvZ5bQ2_E-ewny2PETk6bWvDWgeT X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-14_07,2024-03-13_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add support for Scatter-Gather mode for block ciphers in TLS-1.2 Signed-off-by: Vidya Sagar Velumuri --- drivers/crypto/cnxk/cn10k_cryptodev_sec.h | 3 +- drivers/crypto/cnxk/cn10k_tls.c | 5 +++ drivers/crypto/cnxk/cn10k_tls_ops.h | 48 ++++++++++++++++++----- 3 files changed, 45 insertions(+), 11 deletions(-) diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h index 1efed3c4cf..881a0276cc 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h +++ b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h @@ -33,7 +33,8 @@ struct cn10k_sec_session { } ipsec; struct { uint8_t enable_padding : 1; - uint8_t rvsd : 7; + uint8_t tail_fetch_len : 2; + uint8_t rvsd : 5; bool is_write; } tls; }; diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c index 879e0ea978..b46904d3f8 100644 --- a/drivers/crypto/cnxk/cn10k_tls.c +++ b/drivers/crypto/cnxk/cn10k_tls.c @@ -639,6 +639,11 @@ cn10k_tls_read_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, if ((sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_TLS_12) || (sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_DTLS_12)) { inst_w4.s.opcode_major = ROC_IE_OT_TLS_MAJOR_OP_RECORD_DEC | ROC_IE_OT_INPLACE_BIT; + sec_sess->tls.tail_fetch_len = 0; + if (sa_dptr->w2.s.cipher_select == ROC_IE_OT_TLS_CIPHER_3DES) + sec_sess->tls.tail_fetch_len = 1; + else if (sa_dptr->w2.s.cipher_select == ROC_IE_OT_TLS_CIPHER_AES_CBC) + sec_sess->tls.tail_fetch_len = 2; } else if (sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_TLS_13) { inst_w4.s.opcode_major = ROC_IE_OT_TLS13_MAJOR_OP_RECORD_DEC | ROC_IE_OT_INPLACE_BIT; diff --git a/drivers/crypto/cnxk/cn10k_tls_ops.h b/drivers/crypto/cnxk/cn10k_tls_ops.h index 7c8ac14ab2..6fd74927ee 100644 --- a/drivers/crypto/cnxk/cn10k_tls_ops.h +++ b/drivers/crypto/cnxk/cn10k_tls_ops.h @@ -234,7 +234,10 @@ process_tls_read(struct rte_crypto_op *cop, struct cn10k_sec_session *sess, inst->w4.u64 = w4.u64; } else if (is_sg_ver2 == false) { struct roc_sglist_comp *scatter_comp, *gather_comp; + int tail_len = sess->tls.tail_fetch_len * 16; + int pkt_len = rte_pktmbuf_pkt_len(m_src); uint32_t g_size_bytes, s_size_bytes; + uint16_t *sg_hdr; uint32_t dlen; int i; @@ -244,16 +247,25 @@ process_tls_read(struct rte_crypto_op *cop, struct cn10k_sec_session *sess, return -ENOMEM; } - in_buffer = (uint8_t *)m_data; - ((uint16_t *)in_buffer)[0] = 0; - ((uint16_t *)in_buffer)[1] = 0; - /* Input Gather List */ + in_buffer = (uint8_t *)m_data; + sg_hdr = (uint16_t *)(in_buffer + 32); + gather_comp = (struct roc_sglist_comp *)((uint8_t *)sg_hdr + 8); i = 0; - gather_comp = (struct roc_sglist_comp *)((uint8_t *)in_buffer + 8); + /* Add the last blocks as first gather component for tail fetch. */ + if (tail_len) { + const uint8_t *output; + + output = rte_pktmbuf_read(m_src, pkt_len - tail_len, tail_len, in_buffer); + if (output != in_buffer) + rte_memcpy(in_buffer, output, tail_len); + i = fill_sg_comp(gather_comp, i, (uint64_t)in_buffer, tail_len); + } + sg_hdr[0] = 0; + sg_hdr[1] = 0; i = fill_sg_comp_from_pkt(gather_comp, i, m_src); - ((uint16_t *)in_buffer)[2] = rte_cpu_to_be_16(i); + sg_hdr[2] = rte_cpu_to_be_16(i); g_size_bytes = ((i + 3) / 4) * sizeof(struct roc_sglist_comp); @@ -261,7 +273,7 @@ process_tls_read(struct rte_crypto_op *cop, struct cn10k_sec_session *sess, scatter_comp = (struct roc_sglist_comp *)((uint8_t *)gather_comp + g_size_bytes); i = fill_sg_comp_from_pkt(scatter_comp, i, m_src); - ((uint16_t *)in_buffer)[3] = rte_cpu_to_be_16(i); + sg_hdr[3] = rte_cpu_to_be_16(i); s_size_bytes = ((i + 3) / 4) * sizeof(struct roc_sglist_comp); @@ -273,10 +285,12 @@ process_tls_read(struct rte_crypto_op *cop, struct cn10k_sec_session *sess, w4.u64 = sess->inst.w4; w4.s.dlen = dlen; w4.s.opcode_major |= (uint64_t)ROC_DMA_MODE_SG; - w4.s.param1 = rte_pktmbuf_pkt_len(m_src); + w4.s.param1 = pkt_len; inst->w4.u64 = w4.u64; } else { struct roc_sg2list_comp *scatter_comp, *gather_comp; + int tail_len = sess->tls.tail_fetch_len * 16; + int pkt_len = rte_pktmbuf_pkt_len(m_src); union cpt_inst_w5 cpt_inst_w5; union cpt_inst_w6 cpt_inst_w6; uint32_t g_size_bytes; @@ -292,7 +306,21 @@ process_tls_read(struct rte_crypto_op *cop, struct cn10k_sec_session *sess, /* Input Gather List */ i = 0; - gather_comp = (struct roc_sg2list_comp *)((uint8_t *)in_buffer); + /* First 32 bytes in m_data are rsvd for tail fetch. + * SG list start from 32 byte onwards. + */ + gather_comp = (struct roc_sg2list_comp *)((uint8_t *)(in_buffer + 32)); + + /* Add the last blocks as first gather component for tail fetch. */ + if (tail_len) { + const uint8_t *output; + + output = rte_pktmbuf_read(m_src, pkt_len - tail_len, tail_len, in_buffer); + if (output != in_buffer) + rte_memcpy(in_buffer, output, tail_len); + i = fill_sg2_comp(gather_comp, i, (uint64_t)in_buffer, tail_len); + } + i = fill_sg2_comp_from_pkt(gather_comp, i, m_src); cpt_inst_w5.s.gather_sz = ((i + 2) / 3); @@ -311,7 +339,7 @@ process_tls_read(struct rte_crypto_op *cop, struct cn10k_sec_session *sess, inst->w5.u64 = cpt_inst_w5.u64; inst->w6.u64 = cpt_inst_w6.u64; w4.u64 = sess->inst.w4; - w4.s.dlen = rte_pktmbuf_pkt_len(m_src); + w4.s.dlen = pkt_len + tail_len; w4.s.param1 = w4.s.dlen; w4.s.opcode_major &= (~(ROC_IE_OT_INPLACE_BIT)); inst->w4.u64 = w4.u64; From patchwork Thu Mar 14 08:38:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vidya Sagar Velumuri X-Patchwork-Id: 138355 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 12A6943CAE; Thu, 14 Mar 2024 09:39:28 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7E4A942E4B; Thu, 14 Mar 2024 09:39:20 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 8FFFE400D5 for ; Thu, 14 Mar 2024 09:39:14 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42DNgMN3016200 for ; Thu, 14 Mar 2024 01:39:13 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=ZT4LY/Pbhay5q7xvxtdJTBE3XROaIiGdQCf4/ln4bD8=; b=Z6z oxZ2edDLtfvaUaHq/CLHXCUbg7fRFW1rAfl/jjzgHI+7HS/0Oy8IEuFggT+xg0XO HwaVAYfsUHnMutjQSVOlOHB3WbNZswNzYRQXN34TC5BrZyVOoScbKvJLYy3FRhby KBWptpJ7f7k4rLaEowYmM09DJ1kPN8n8fk6h1VX08oajOv0ulL9CL4by79KdmZiJ JxCdeyVchegJwKnEXXpJa+lNGeimbPoLuBP5acHl2+94jmG3EunJI3JFSDJeGXDZ ppqjba3WhyUVOLANVv2NlFN2NCdYqis3AdiWNah5iMPcJI8ZGHoC1r8AyywARGKd x3Tj6CQomrfs9plI0Kw== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wucg2uwsg-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 14 Mar 2024 01:39:13 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Thu, 14 Mar 2024 01:39:08 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Thu, 14 Mar 2024 01:39:08 -0700 Received: from localhost.localdomain (unknown [10.28.36.179]) by maili.marvell.com (Postfix) with ESMTP id 5E4855B6929; Thu, 14 Mar 2024 01:39:05 -0700 (PDT) From: Vidya Sagar Velumuri To: Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj CC: , , , , Subject: [PATCH 02/12] crypto/cnxk: enable sha384 capability for tls Date: Thu, 14 Mar 2024 01:38:34 -0700 Message-ID: <20240314083844.3319506-3-vvelumuri@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240314083844.3319506-1-vvelumuri@marvell.com> References: <20240314083844.3319506-1-vvelumuri@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: CJVths0VCFHMNqpqy6alm2jTh7GmlD3g X-Proofpoint-GUID: CJVths0VCFHMNqpqy6alm2jTh7GmlD3g X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-14_07,2024-03-13_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Enable SHA384-HMAC support for TLS & DTLS 1.2. Signed-off-by: Vidya Sagar Velumuri --- drivers/crypto/cnxk/cn10k_tls.c | 16 +++++++++++--- drivers/crypto/cnxk/cnxk_cryptodev.h | 4 ++-- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 21 +++++++++++++++++++ 3 files changed, 36 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c index b46904d3f8..3e306c248b 100644 --- a/drivers/crypto/cnxk/cn10k_tls.c +++ b/drivers/crypto/cnxk/cn10k_tls.c @@ -28,7 +28,8 @@ tls_xform_cipher_auth_verify(struct rte_crypto_sym_xform *cipher_xform, switch (c_algo) { case RTE_CRYPTO_CIPHER_NULL: if ((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) || (a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) || - (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) + (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) || + (a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC)) ret = 0; break; case RTE_CRYPTO_CIPHER_3DES_CBC: @@ -37,7 +38,8 @@ tls_xform_cipher_auth_verify(struct rte_crypto_sym_xform *cipher_xform, break; case RTE_CRYPTO_CIPHER_AES_CBC: if ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) || - (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC)) + (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) || + (a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC)) ret = 0; break; default: @@ -69,7 +71,8 @@ tls_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform) if (((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) && (keylen == 16)) || ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) && (keylen == 20)) || - ((a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) && (keylen == 32))) + ((a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) && (keylen == 32)) || + ((a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC) && (keylen == 48))) return 0; return -EINVAL; @@ -251,6 +254,9 @@ tls_write_rlens_get(struct rte_security_tls_record_xform *tls_xfrm, case RTE_CRYPTO_AUTH_SHA256_HMAC: mac_len = 32; break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: + mac_len = 32; + break; default: mac_len = 0; break; @@ -397,6 +403,8 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa, read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA1; else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_256; + else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA384_HMAC) + read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_384; else return -EINVAL; @@ -538,6 +546,8 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa, write_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA1; else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) write_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_256; + else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA384_HMAC) + write_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_384; else return -EINVAL; diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h index 45d01b94b3..dccd563872 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev.h @@ -14,8 +14,8 @@ #define CNXK_CPT_MAX_CAPS 55 #define CNXK_SEC_IPSEC_CRYPTO_MAX_CAPS 16 #define CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS 2 -#define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 6 -#define CNXK_SEC_MAX_CAPS 17 +#define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 7 +#define CNXK_SEC_MAX_CAPS 18 /** * Device private data diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index db50de5d58..5bafa226e0 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -1639,6 +1639,27 @@ static const struct rte_cryptodev_capabilities sec_tls12_caps_sha1_sha2[] = { }, } }, } }, + { /* SHA384 HMAC */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH, + {.auth = { + .algo = RTE_CRYPTO_AUTH_SHA384_HMAC, + .block_size = 64, + .key_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + .digest_size = { + .min = 48, + .max = 48, + .increment = 0 + }, + }, } + }, } + }, + }; static const struct rte_cryptodev_capabilities sec_tls13_caps_aes[] = { From patchwork Thu Mar 14 08:38:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vidya Sagar Velumuri X-Patchwork-Id: 138356 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A017F43CAE; Thu, 14 Mar 2024 09:39:34 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2847742E57; Thu, 14 Mar 2024 09:39:22 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id A287B40DCE for ; Thu, 14 Mar 2024 09:39:15 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42DN4rCR016398 for ; Thu, 14 Mar 2024 01:39:15 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=XwLcrs0R+uw3clPq5T0fNsPv/5qqOOekueKE8gFSDtg=; b=QM1 c/55EpZ96Ady4nk51yLCF63ckwy/jnOVIOz+m+c07agcscE9O0jUJonVDipyj14G ER84bn2F9qaDHX6QbCHyZev9Ja0ibYAVROt/gT40EezhcQsitn+jj7TJwNoEsXzX oA1GcA8eF3pEfrhjQ40ZrD3M7JvLl3UTmcQTK4LIMPq3JXoa86GY3+mCrkgYHvne UIGoiu46sXMR/7SegbqC9BK9IqcUjwhk3Mk1oKn/2Pcwi3OplsCVdJkEnUWIiDm+ 4i7jHxMLpwpsFU0vl648Hlb+xwuUTYgPSGQb6/hMH6cQfFZPmLq7gtsnwyU/jjsd OMoh32lVHCRhXE7n37g== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wucg2uwt8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 14 Mar 2024 01:39:14 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Thu, 14 Mar 2024 01:39:11 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Thu, 14 Mar 2024 01:39:11 -0700 Received: from localhost.localdomain (unknown [10.28.36.179]) by maili.marvell.com (Postfix) with ESMTP id 7A91A5B6929; Thu, 14 Mar 2024 01:39:08 -0700 (PDT) From: Vidya Sagar Velumuri To: Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj CC: , , , , Subject: [PATCH 03/12] crypto/cnxk: add support for session update for TLS Date: Thu, 14 Mar 2024 01:38:35 -0700 Message-ID: <20240314083844.3319506-4-vvelumuri@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240314083844.3319506-1-vvelumuri@marvell.com> References: <20240314083844.3319506-1-vvelumuri@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: yb6GIWvsSNVB_pOSYOGXz-WOpT7Ak-Ah X-Proofpoint-GUID: yb6GIWvsSNVB_pOSYOGXz-WOpT7Ak-Ah X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-14_07,2024-03-13_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add session update support for TLS Signed-off-by: Vidya Sagar Velumuri --- drivers/crypto/cnxk/cn10k_cryptodev_sec.c | 3 +++ drivers/crypto/cnxk/cn10k_tls.c | 17 +++++++++++++++++ drivers/crypto/cnxk/cn10k_tls.h | 4 ++++ 3 files changed, 24 insertions(+) diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_sec.c b/drivers/crypto/cnxk/cn10k_cryptodev_sec.c index cb013986c4..775104b765 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_sec.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_sec.c @@ -116,6 +116,9 @@ cn10k_sec_session_update(void *dev, struct rte_security_session *sec_sess, if (cn10k_sec_sess->proto == RTE_SECURITY_PROTOCOL_IPSEC) return cn10k_ipsec_session_update(vf, qp, cn10k_sec_sess, conf); + if (conf->protocol == RTE_SECURITY_PROTOCOL_TLS_RECORD) + return cn10k_tls_record_session_update(vf, qp, cn10k_sec_sess, conf); + return -ENOTSUP; } diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c index 3e306c248b..a15c95f74c 100644 --- a/drivers/crypto/cnxk/cn10k_tls.c +++ b/drivers/crypto/cnxk/cn10k_tls.c @@ -769,6 +769,23 @@ cn10k_tls_write_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, return ret; } +int +cn10k_tls_record_session_update(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp, + struct cn10k_sec_session *sess, + struct rte_security_session_conf *conf) +{ + struct roc_cpt *roc_cpt; + int ret; + + if (conf->tls_record.type == RTE_SECURITY_TLS_SESS_TYPE_READ) + return -ENOTSUP; + + roc_cpt = &vf->cpt; + ret = cn10k_tls_write_sa_create(roc_cpt, &qp->lf, &conf->tls_record, conf->crypto_xform, + (struct cn10k_sec_session *)sess); + return ret; +} + int cn10k_tls_record_session_create(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp, struct rte_security_tls_record_xform *tls_xfrm, diff --git a/drivers/crypto/cnxk/cn10k_tls.h b/drivers/crypto/cnxk/cn10k_tls.h index 19772655da..9635bdd4c9 100644 --- a/drivers/crypto/cnxk/cn10k_tls.h +++ b/drivers/crypto/cnxk/cn10k_tls.h @@ -25,6 +25,10 @@ struct cn10k_tls_record { }; } __rte_aligned(ROC_ALIGN); +int cn10k_tls_record_session_update(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp, + struct cn10k_sec_session *sess, + struct rte_security_session_conf *conf); + int cn10k_tls_record_session_create(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp, struct rte_security_tls_record_xform *tls_xfrm, struct rte_crypto_sym_xform *crypto_xfrm, From patchwork Thu Mar 14 08:38:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vidya Sagar Velumuri X-Patchwork-Id: 138357 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 020EA43CAE; Thu, 14 Mar 2024 09:39:41 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D69F442E61; Thu, 14 Mar 2024 09:39:23 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 2BD7B42E0F for ; Thu, 14 Mar 2024 09:39:16 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42DN4rCT016398 for ; Thu, 14 Mar 2024 01:39:15 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=SqBBJXvWJDUBiRPegMFST9LtVd+H9gcji1w5LepsODQ=; b=M7Z VC+L+RqIJIGzD3pQZGiPe0GX67Lvgjwnams5OoFghy5RVLtpj6LYcaZa2hvSjX4s nTY6mphDRlWM7zGC/sn8hzt18/j9+6xZUnc6xM9XuaM6BbJZnDWJCn38tq28CiPL ue9Yw5WXTNU9hlIxbzTf7VNu9ppxJTu/oIxXdPrV66ACcLKaC50KTJy09Nz+rPFp XqF7hMW/DyRzMDW4qTtgZy9kSzH8JeZwGXXOz35FpC4QftbsGSDqoson25XiFoaR yjZzWM2kELeIZtno6/+qThhLl6v/Dx08e3VMylQo5kvyEZm8gf4suHLNv4I7z1Rc COqXNMdxfRzGqpn/tUA== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wucg2uwt8-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 14 Mar 2024 01:39:15 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Thu, 14 Mar 2024 01:39:14 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 14 Mar 2024 01:39:14 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Thu, 14 Mar 2024 01:39:14 -0700 Received: from localhost.localdomain (unknown [10.28.36.179]) by maili.marvell.com (Postfix) with ESMTP id 94AB45B692D; Thu, 14 Mar 2024 01:39:11 -0700 (PDT) From: Vidya Sagar Velumuri To: Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj CC: , , , , Subject: [PATCH 04/12] crypto/cnxk: avoid branches in datapath Date: Thu, 14 Mar 2024 01:38:36 -0700 Message-ID: <20240314083844.3319506-5-vvelumuri@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240314083844.3319506-1-vvelumuri@marvell.com> References: <20240314083844.3319506-1-vvelumuri@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: xfNzHcoWVa9kEswzl24nbH2A9DrvNmnu X-Proofpoint-GUID: xfNzHcoWVa9kEswzl24nbH2A9DrvNmnu X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-14_07,2024-03-13_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Anoob Joseph Avoid branches in datapath. Signed-off-by: Anoob Joseph --- drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h index a30b8e413d..4e95fbb6eb 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h +++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h @@ -73,12 +73,10 @@ process_outb_sa(struct roc_cpt_lf *lf, struct rte_crypto_op *cop, struct cn10k_s roc_cpt_lf_ctx_reload(lf, &sess->sa.out_sa); rte_delay_ms(1); #endif + const uint64_t ol_flags = m_src->ol_flags; - if (m_src->ol_flags & RTE_MBUF_F_TX_IP_CKSUM) - inst_w4_u64 &= ~BIT_ULL(33); - - if (m_src->ol_flags & RTE_MBUF_F_TX_L4_MASK) - inst_w4_u64 &= ~BIT_ULL(32); + inst_w4_u64 &= ~(((uint64_t)(!!(ol_flags & RTE_MBUF_F_TX_IP_CKSUM)) << 33) | + ((uint64_t)(!!(ol_flags & RTE_MBUF_F_TX_L4_MASK)) << 32)); if (likely(m_src->next == NULL)) { if (unlikely(rte_pktmbuf_tailroom(m_src) < sess->max_extended_len)) { From patchwork Thu Mar 14 08:38:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vidya Sagar Velumuri X-Patchwork-Id: 138358 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B7F4E43CAE; Thu, 14 Mar 2024 09:39:47 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 55A1542E65; Thu, 14 Mar 2024 09:39:25 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 49F1542E46 for ; Thu, 14 Mar 2024 09:39:20 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42DN4rEW016105 for ; Thu, 14 Mar 2024 01:39:19 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=eJlyJVdYUSbtwWdp9V5rhem7bX/rCJueoH0h32xsaBI=; b=Bcl NdiPbtNLMC9qeyO1HxhRjxFChV3rDE41MhRWsdoG44hlruTJqRHShlDnYUcxU+3j gdBrzOe4cXce41NwPlLrpmix9/wfSGAmQt7iLRW3Ieize/03OHGgKvYyyl99oeQP Z/BMnrfz+kQNSpwTSOzDMEU5S1DlEsAdCS2jvYPz2FiHvGQOB2rdxFyga9qApYEP tqqZWc10x9C+NkSHcvSVur0Maj7vubgnQC5u9HYN5OaAOt/hXTBBSmdipIUXsxnQ IFWg7XFXstB9ZmHhZ8T9lXQraexe5DaRkjbaVoyk3TtkeRO9eq4wWiG7nQx/G/Ca I78FB2SPuBZ/u60YJ9Q== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wucg2uwu7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 14 Mar 2024 01:39:19 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Thu, 14 Mar 2024 01:39:18 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Thu, 14 Mar 2024 01:39:18 -0700 Received: from localhost.localdomain (unknown [10.28.36.179]) by maili.marvell.com (Postfix) with ESMTP id BCD7C5B692A; Thu, 14 Mar 2024 01:39:14 -0700 (PDT) From: Vidya Sagar Velumuri To: Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj CC: , , , , Subject: [PATCH 05/12] crypto/cnxk: move metadata to second cacheline Date: Thu, 14 Mar 2024 01:38:37 -0700 Message-ID: <20240314083844.3319506-6-vvelumuri@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240314083844.3319506-1-vvelumuri@marvell.com> References: <20240314083844.3319506-1-vvelumuri@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: Tj7FuXZ2bwyeAcOdlUTJEOi0Em0ocvu_ X-Proofpoint-GUID: Tj7FuXZ2bwyeAcOdlUTJEOi0Em0ocvu_ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-14_07,2024-03-13_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org In security session, move PMD metadata to second cacheline. Also optimize the fields to minimize the memory usage. Signed-off-by: Anoob Joseph --- drivers/crypto/cnxk/cn10k_cryptodev_sec.h | 10 ++++++---- drivers/crypto/cnxk/cn10k_ipsec.c | 4 ++-- drivers/crypto/cnxk/cn10k_tls.c | 2 +- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h index 881a0276cc..ec216b1187 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h +++ b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h @@ -5,6 +5,7 @@ #ifndef __CN10K_CRYPTODEV_SEC_H__ #define __CN10K_CRYPTODEV_SEC_H__ +#include #include #include "roc_constants.h" @@ -19,23 +20,24 @@ struct cn10k_sec_session { uint8_t rte_sess[SEC_SESS_SIZE]; /** PMD private space */ + RTE_MARKER cacheline1 __rte_cache_min_aligned; - enum rte_security_session_protocol proto; /** Pre-populated CPT inst words */ struct cnxk_cpt_inst_tmpl inst; uint16_t max_extended_len; uint16_t iv_offset; + uint8_t proto; uint8_t iv_length; union { struct { uint8_t ip_csum; - bool is_outbound; + uint8_t is_outbound : 1; } ipsec; struct { uint8_t enable_padding : 1; uint8_t tail_fetch_len : 2; - uint8_t rvsd : 5; - bool is_write; + uint8_t is_write : 1; + uint8_t rvsd : 4; } tls; }; /** Queue pair */ diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 74d6cd70d1..ef5f0ff4aa 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -76,7 +76,7 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, } #endif - sec_sess->ipsec.is_outbound = true; + sec_sess->ipsec.is_outbound = 1; /* Get Rlen calculation data */ ret = cnxk_ipsec_outb_rlens_get(&rlens, ipsec_xfrm, crypto_xfrm); @@ -177,7 +177,7 @@ cn10k_ipsec_inb_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, goto sa_dptr_free; } - sec_sess->ipsec.is_outbound = false; + sec_sess->ipsec.is_outbound = 0; sec_sess->inst.w7 = cpt_inst_w7_get(roc_cpt, in_sa); /* Save index/SPI in cookie, specific required for Rx Inject */ diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c index a15c95f74c..f501fe67ac 100644 --- a/drivers/crypto/cnxk/cn10k_tls.c +++ b/drivers/crypto/cnxk/cn10k_tls.c @@ -727,7 +727,7 @@ cn10k_tls_write_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, sec_sess->iv_length = crypto_xfrm->next->cipher.iv.length; } - sec_sess->tls.is_write = true; + sec_sess->tls.is_write = 1; sec_sess->tls.enable_padding = tls_xfrm->options.extra_padding_enable; sec_sess->max_extended_len = tls_write_rlens_get(tls_xfrm, crypto_xfrm); sec_sess->proto = RTE_SECURITY_PROTOCOL_TLS_RECORD; From patchwork Thu Mar 14 08:38:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vidya Sagar Velumuri X-Patchwork-Id: 138359 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3139D43CAE; Thu, 14 Mar 2024 09:39:57 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3B6FD42E7F; Thu, 14 Mar 2024 09:39:27 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 7163342E5D for ; Thu, 14 Mar 2024 09:39:22 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42DNJPLL016325 for ; Thu, 14 Mar 2024 01:39:21 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=VIPg+7okUZS1neyczFUN8PoaQOacCWeqtySm5U0o4Gw=; b=Iy3 Ua0uHv0TT2O7KoJQI43aF+1YgkyQ/s71+iy2VmUK+Ml9lQBPc7648PctxUzA8Bw8 DCHkR8ul9bLBJ/YxkpksKlbLSc/MMsn/bj0Vm1ZOtvQnC3KMThRRPVzwBQvLcpKP MbzPpIC6aE0bnWb+6ueeF2XUSlKAbj7kLnaQmHBpAxb1mujxaIOAxDbJH+a+VR5c u5au/9E1yiYOMa7mIB/fm+ymGdw1S0W35zOHlshWeHkOAPe4o6LmLeEG/hdeN2uX SRePvKv6rLpUw5e1vkfrdNUpB+iepUYWuhbtfUZqMtVWff/PBimiWGGvkG/lrATw KHGIsbw243mdMTJGazw== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wucg2uwue-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 14 Mar 2024 01:39:21 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Thu, 14 Mar 2024 01:39:20 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Thu, 14 Mar 2024 01:39:20 -0700 Received: from localhost.localdomain (unknown [10.28.36.179]) by maili.marvell.com (Postfix) with ESMTP id D9E7C5B692D; Thu, 14 Mar 2024 01:39:17 -0700 (PDT) From: Vidya Sagar Velumuri To: Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj CC: , , , , Subject: [PATCH 06/12] crypto/cnxk: handle the extra len reported by microcode Date: Thu, 14 Mar 2024 01:38:38 -0700 Message-ID: <20240314083844.3319506-7-vvelumuri@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240314083844.3319506-1-vvelumuri@marvell.com> References: <20240314083844.3319506-1-vvelumuri@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: Hbz5dzfQQk-ijPkfqNXOmd1pqF4Y6GOL X-Proofpoint-GUID: Hbz5dzfQQk-ijPkfqNXOmd1pqF4Y6GOL X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-14_07,2024-03-13_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Microcode reports one extra byte in response len specifically for AES-GCM in TLS-1.3. Handle the extra byte in PMD by decreasing the length by 1 byte. Signed-off-by: Vidya Sagar Velumuri --- drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 9 ++++++--- drivers/crypto/cnxk/cn10k_cryptodev_sec.h | 3 ++- drivers/crypto/cnxk/cn10k_tls.c | 4 ++++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index 8991150c05..f385550f68 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -989,12 +989,15 @@ cn10k_cpt_ipsec_post_process(struct rte_crypto_op *cop, struct cpt_cn10k_res_s * } static inline void -cn10k_cpt_tls_post_process(struct rte_crypto_op *cop, struct cpt_cn10k_res_s *res) +cn10k_cpt_tls_post_process(struct rte_crypto_op *cop, struct cpt_cn10k_res_s *res, + struct cn10k_sec_session *sess) { struct rte_mbuf *mbuf = cop->sym->m_src; - const uint16_t m_len = res->rlen; + uint16_t m_len = res->rlen; if (!res->uc_compcode) { + if ((sess->tls.tls_ver == RTE_SECURITY_VERSION_TLS_1_3) && (!sess->tls.is_write)) + m_len -= 1; if (mbuf->next == NULL) mbuf->data_len = m_len; mbuf->pkt_len = m_len; @@ -1015,7 +1018,7 @@ cn10k_cpt_sec_post_process(struct rte_crypto_op *cop, struct cpt_cn10k_res_s *re if (sess->proto == RTE_SECURITY_PROTOCOL_IPSEC) cn10k_cpt_ipsec_post_process(cop, res); else if (sess->proto == RTE_SECURITY_PROTOCOL_TLS_RECORD) - cn10k_cpt_tls_post_process(cop, res); + cn10k_cpt_tls_post_process(cop, res, sess); } static inline void diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h index ec216b1187..7e175119c3 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h +++ b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h @@ -37,7 +37,8 @@ struct cn10k_sec_session { uint8_t enable_padding : 1; uint8_t tail_fetch_len : 2; uint8_t is_write : 1; - uint8_t rvsd : 4; + uint8_t tls_ver : 2; + uint8_t rvsd : 2; } tls; }; /** Queue pair */ diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c index f501fe67ac..fe4da8d2a0 100644 --- a/drivers/crypto/cnxk/cn10k_tls.c +++ b/drivers/crypto/cnxk/cn10k_tls.c @@ -610,6 +610,7 @@ cn10k_tls_read_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, struct cn10k_sec_session *sec_sess) { struct roc_ie_ot_tls_read_sa *sa_dptr; + uint8_t tls_ver = tls_xfrm->ver; struct cn10k_tls_record *tls; union cpt_inst_w4 inst_w4; void *read_sa; @@ -659,6 +660,7 @@ cn10k_tls_read_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, ROC_IE_OT_TLS13_MAJOR_OP_RECORD_DEC | ROC_IE_OT_INPLACE_BIT; } + sec_sess->tls.tls_ver = tls_ver; sec_sess->inst.w4 = inst_w4.u64; sec_sess->inst.w7 = cpt_inst_w7_get(roc_cpt, read_sa); @@ -694,6 +696,7 @@ cn10k_tls_write_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, struct cn10k_sec_session *sec_sess) { struct roc_ie_ot_tls_write_sa *sa_dptr; + uint8_t tls_ver = tls_xfrm->ver; struct cn10k_tls_record *tls; union cpt_inst_w4 inst_w4; void *write_sa; @@ -727,6 +730,7 @@ cn10k_tls_write_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, sec_sess->iv_length = crypto_xfrm->next->cipher.iv.length; } + sec_sess->tls.tls_ver = tls_ver; sec_sess->tls.is_write = 1; sec_sess->tls.enable_padding = tls_xfrm->options.extra_padding_enable; sec_sess->max_extended_len = tls_write_rlens_get(tls_xfrm, crypto_xfrm); From patchwork Thu Mar 14 08:38:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vidya Sagar Velumuri X-Patchwork-Id: 138360 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F069F43CAE; Thu, 14 Mar 2024 09:40:03 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CA8AA42E85; Thu, 14 Mar 2024 09:39:28 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 2383342E7B for ; Thu, 14 Mar 2024 09:39:27 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42DN4rEY016105 for ; Thu, 14 Mar 2024 01:39:26 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=WfB4BYOJIsMBpaYBDgiKz/ovsKN55xlp8nfpVG/UyCA=; b=KFr aigYsONR0nKMVhRmo1Y8Ud/cK92ka3k7tPKqlWnqKnY0w+SP6uYiW2RpDf6FIZir qsFNo47hkXIvamuXDDNKL7IBXUWDiYuvAAqoLa8uwAzlB+jnamf+ONC6OJvr/AE0 /10kvOBLJ3Nu+jneTyiSdpS2f5Q+6SEbvSI761zp0AhaE/D0yMae/9JUSP/paJFR ENZRr4K5K2RjqkiXweQ/EzEHaDbLdVKB2/Wdw6iFnyNSZilXbPD9Au4pHZRBNHZC CBJv2GGuurqSKq+A+k7pvTEwjX8rxuQsVmW1u4cP/mT4NS8rm7SP8+ZlBZONziPH K8iInGp6pvGMAlS7MAQ== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wucg2uwv6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 14 Mar 2024 01:39:25 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Thu, 14 Mar 2024 01:39:25 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Thu, 14 Mar 2024 01:39:25 -0700 Received: from localhost.localdomain (unknown [10.28.36.179]) by maili.marvell.com (Postfix) with ESMTP id 043E75B6928; Thu, 14 Mar 2024 01:39:20 -0700 (PDT) From: Vidya Sagar Velumuri To: Nithin Dabilpuram , Kiran Kumar K , Sunil Kumar Kori , Satha Rao , Harman Kalra , Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj CC: , , , , Subject: [PATCH 07/12] crypto/cnxk: add support for padding verification in TLS Date: Thu, 14 Mar 2024 01:38:39 -0700 Message-ID: <20240314083844.3319506-8-vvelumuri@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240314083844.3319506-1-vvelumuri@marvell.com> References: <20240314083844.3319506-1-vvelumuri@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: Vu96k0DgkXizYnIONC0FXcmIHQmYen4B X-Proofpoint-GUID: Vu96k0DgkXizYnIONC0FXcmIHQmYen4B X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-14_07,2024-03-13_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org For TLS-1.2: - Verify that the padding bytes are having pad len as the value. - Report error in case of discrepancies. - Trim the padding and MAC from the tls-1.2 records For TLS-1.3: - Find the content type as the last non-zero byte in the record. - Return the content type as the inner content type. Signed-off-by: Vidya Sagar Velumuri --- drivers/common/cnxk/roc_se.h | 1 + drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 146 +++++++++++++++++++++- drivers/crypto/cnxk/cn10k_cryptodev_sec.h | 18 +-- drivers/crypto/cnxk/cn10k_tls.c | 65 ++++++---- drivers/crypto/cnxk/cn10k_tls_ops.h | 19 +-- 5 files changed, 210 insertions(+), 39 deletions(-) diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h index ddcf6bdb44..50741a0b81 100644 --- a/drivers/common/cnxk/roc_se.h +++ b/drivers/common/cnxk/roc_se.h @@ -169,6 +169,7 @@ typedef enum { ROC_SE_ERR_SSL_CIPHER_UNSUPPORTED = 0x84, ROC_SE_ERR_SSL_MAC_UNSUPPORTED = 0x85, ROC_SE_ERR_SSL_VERSION_UNSUPPORTED = 0x86, + ROC_SE_ERR_SSL_POST_PROCESS = 0x88, ROC_SE_ERR_SSL_MAC_MISMATCH = 0x89, ROC_SE_ERR_SSL_PKT_REPLAY_SEQ_OUT_OF_WINDOW = 0xC1, ROC_SE_ERR_SSL_PKT_REPLAY_SEQ = 0xC9, diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index f385550f68..5f0cf1b1f8 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -207,7 +207,7 @@ cpt_sec_tls_inst_fill(struct cnxk_cpt_qp *qp, struct rte_crypto_op *op, struct cn10k_sec_session *sess, struct cpt_inst_s *inst, struct cpt_inflight_req *infl_req, const bool is_sg_ver2) { - if (sess->tls.is_write) + if (sess->tls_opt.is_write) return process_tls_write(&qp->lf, op, sess, &qp->meta_info, infl_req, inst, is_sg_ver2); else @@ -988,24 +988,164 @@ cn10k_cpt_ipsec_post_process(struct rte_crypto_op *cop, struct cpt_cn10k_res_s * mbuf->pkt_len = m_len; } +static inline void +cn10k_cpt_tls12_trim_mac(struct rte_crypto_op *cop, struct cpt_cn10k_res_s *res, uint8_t mac_len) +{ + struct rte_mbuf *mac_prev_seg = NULL, *mac_seg = NULL, *seg; + uint32_t pad_len, trim_len, mac_offset, pad_offset; + struct rte_mbuf *mbuf = cop->sym->m_src; + uint16_t m_len = res->rlen; + uint32_t i, nb_segs = 1; + uint8_t pad_res = 0; + uint8_t pad_val; + + pad_val = ((res->spi >> 16) & 0xff); + pad_len = pad_val + 1; + trim_len = pad_len + mac_len; + mac_offset = m_len - trim_len; + pad_offset = mac_offset + mac_len; + + /* Handle Direct Mode */ + if (mbuf->next == NULL) { + uint8_t *ptr = rte_pktmbuf_mtod_offset(mbuf, uint8_t *, pad_offset); + + for (i = 0; i < pad_len; i++) + pad_res |= ptr[i] ^ pad_val; + + if (pad_res) { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + cop->aux_flags = res->uc_compcode; + } + mbuf->pkt_len = m_len - trim_len; + mbuf->data_len = m_len - trim_len; + + return; + } + + /* Handle SG mode */ + seg = mbuf; + while (mac_offset >= seg->data_len) { + mac_offset -= seg->data_len; + mac_prev_seg = seg; + seg = seg->next; + nb_segs++; + } + mac_seg = seg; + + pad_offset = mac_offset + mac_len; + while (pad_offset >= seg->data_len) { + pad_offset -= seg->data_len; + seg = seg->next; + } + + while (pad_len != 0) { + uint8_t *ptr = rte_pktmbuf_mtod_offset(seg, uint8_t *, pad_offset); + uint8_t len = RTE_MIN(seg->data_len - pad_offset, pad_len); + + for (i = 0; i < len; i++) + pad_res |= ptr[i] ^ pad_val; + + pad_offset = 0; + pad_len -= len; + seg = seg->next; + } + + if (pad_res) { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + cop->aux_flags = res->uc_compcode; + } + + mbuf->pkt_len = m_len - trim_len; + if (mac_offset) { + rte_pktmbuf_free(mac_seg->next); + mac_seg->next = NULL; + mac_seg->data_len = mac_offset; + mbuf->nb_segs = nb_segs; + } else { + rte_pktmbuf_free(mac_seg); + mac_prev_seg->next = NULL; + mbuf->nb_segs = nb_segs - 1; + } +} + +/* TLS-1.3: + * Read from last until a non-zero value is encountered. + * Return the non zero value as the content type. + * Remove the MAC and content type and padding bytes. + */ +static inline void +cn10k_cpt_tls13_trim_mac(struct rte_crypto_op *cop, struct cpt_cn10k_res_s *res) +{ + struct rte_mbuf *mbuf = cop->sym->m_src; + struct rte_mbuf *seg = mbuf; + uint16_t m_len = res->rlen; + uint8_t *ptr, type = 0x0; + int len, i, nb_segs = 1; + + while (m_len && !type) { + len = m_len; + seg = mbuf; + + /* get the last seg */ + while (len > seg->data_len) { + len -= seg->data_len; + seg = seg->next; + nb_segs++; + } + + /* walkthrough from last until a non zero value is found */ + ptr = rte_pktmbuf_mtod(seg, uint8_t *); + i = len; + while (i && (ptr[--i] == 0)) + ; + + type = ptr[i]; + m_len -= len; + } + + if (type) { + cop->param1.tls_record.content_type = type; + mbuf->pkt_len = m_len + i; + mbuf->nb_segs = nb_segs; + seg->data_len = i; + rte_pktmbuf_free(seg->next); + seg->next = NULL; + } else { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + } +} + static inline void cn10k_cpt_tls_post_process(struct rte_crypto_op *cop, struct cpt_cn10k_res_s *res, struct cn10k_sec_session *sess) { + struct cn10k_tls_opt tls_opt = sess->tls_opt; struct rte_mbuf *mbuf = cop->sym->m_src; uint16_t m_len = res->rlen; if (!res->uc_compcode) { - if ((sess->tls.tls_ver == RTE_SECURITY_VERSION_TLS_1_3) && (!sess->tls.is_write)) + if ((tls_opt.tls_ver == RTE_SECURITY_VERSION_TLS_1_3) && (!tls_opt.is_write)) m_len -= 1; if (mbuf->next == NULL) mbuf->data_len = m_len; mbuf->pkt_len = m_len; - } else { + cop->param1.tls_record.content_type = (res->spi >> 24) & 0xff; + return; + } + + /* Any error other than post process */ + if (res->uc_compcode != ROC_SE_ERR_SSL_POST_PROCESS) { cop->status = RTE_CRYPTO_OP_STATUS_ERROR; cop->aux_flags = res->uc_compcode; plt_err("crypto op failed with UC compcode: 0x%x", res->uc_compcode); + return; } + + /* Extra padding scenario: Verify padding. Remove padding and MAC */ + if (tls_opt.tls_ver != RTE_SECURITY_VERSION_TLS_1_3) + cn10k_cpt_tls12_trim_mac(cop, res, (uint8_t)tls_opt.mac_len); + else + cn10k_cpt_tls13_trim_mac(cop, res); } static inline void diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h index 7e175119c3..4daf32cc78 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_sec.h +++ b/drivers/crypto/cnxk/cn10k_cryptodev_sec.h @@ -16,6 +16,15 @@ #define SEC_SESS_SIZE sizeof(struct rte_security_session) +struct cn10k_tls_opt { + uint16_t pad_shift : 3; + uint16_t enable_padding : 1; + uint16_t tail_fetch_len : 2; + uint16_t tls_ver : 2; + uint16_t is_write : 1; + uint16_t mac_len : 7; +}; + struct cn10k_sec_session { uint8_t rte_sess[SEC_SESS_SIZE]; @@ -29,17 +38,12 @@ struct cn10k_sec_session { uint8_t proto; uint8_t iv_length; union { + uint16_t u16; + struct cn10k_tls_opt tls_opt; struct { uint8_t ip_csum; uint8_t is_outbound : 1; } ipsec; - struct { - uint8_t enable_padding : 1; - uint8_t tail_fetch_len : 2; - uint8_t is_write : 1; - uint8_t tls_ver : 2; - uint8_t rvsd : 2; - } tls; }; /** Queue pair */ struct cnxk_cpt_qp *qp; diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c index fe4da8d2a0..dea4e501f3 100644 --- a/drivers/crypto/cnxk/cn10k_tls.c +++ b/drivers/crypto/cnxk/cn10k_tls.c @@ -116,8 +116,14 @@ cnxk_tls_xform_verify(struct rte_security_tls_record_xform *tls_xform, (tls_xform->type != RTE_SECURITY_TLS_SESS_TYPE_WRITE)) return -EINVAL; - if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) + if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + /* optional padding is not allowed in TLS-1.2 for AEAD */ + if ((tls_xform->ver == RTE_SECURITY_VERSION_TLS_1_2) && + (tls_xform->options.extra_padding_enable == 1)) + return -EINVAL; + return tls_xform_aead_verify(tls_xform, crypto_xform); + } /* TLS-1.3 only support AEAD. * Control should not reach here for TLS-1.3 @@ -318,7 +324,7 @@ tls_read_ctx_size(struct roc_ie_ot_tls_read_sa *sa, enum rte_security_tls_versio static int tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa, struct rte_security_tls_record_xform *tls_xfrm, - struct rte_crypto_sym_xform *crypto_xfrm) + struct rte_crypto_sym_xform *crypto_xfrm, struct cn10k_tls_opt *tls_opt) { enum rte_security_tls_version tls_ver = tls_xfrm->ver; struct rte_crypto_sym_xform *auth_xfrm, *cipher_xfrm; @@ -397,16 +403,26 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa, memcpy(cipher_key, key, length); } - if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_MD5_HMAC) + switch (auth_xfrm->auth.algo) { + case RTE_CRYPTO_AUTH_MD5_HMAC: read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_MD5; - else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA1_HMAC) + tls_opt->mac_len = 0; + break; + case RTE_CRYPTO_AUTH_SHA1_HMAC: read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA1; - else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC) + tls_opt->mac_len = 20; + break; + case RTE_CRYPTO_AUTH_SHA256_HMAC: read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_256; - else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA384_HMAC) + tls_opt->mac_len = 32; + break; + case RTE_CRYPTO_AUTH_SHA384_HMAC: read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_384; - else + tls_opt->mac_len = 48; + break; + default: return -EINVAL; + } roc_se_hmac_opad_ipad_gen(read_sa->w2.s.mac_select, auth_xfrm->auth.key.data, auth_xfrm->auth.key.length, read_sa->tls_12.opad_ipad, @@ -627,7 +643,7 @@ cn10k_tls_read_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, } /* Translate security parameters to SA */ - ret = tls_read_sa_fill(sa_dptr, tls_xfrm, crypto_xfrm); + ret = tls_read_sa_fill(sa_dptr, tls_xfrm, crypto_xfrm, &sec_sess->tls_opt); if (ret) { plt_err("Could not fill read session parameters"); goto sa_dptr_free; @@ -647,20 +663,20 @@ cn10k_tls_read_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, /* pre-populate CPT INST word 4 */ inst_w4.u64 = 0; - if ((sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_TLS_12) || - (sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_DTLS_12)) { + if ((tls_ver == RTE_SECURITY_VERSION_TLS_1_2) || + (tls_ver == RTE_SECURITY_VERSION_DTLS_1_2)) { inst_w4.s.opcode_major = ROC_IE_OT_TLS_MAJOR_OP_RECORD_DEC | ROC_IE_OT_INPLACE_BIT; - sec_sess->tls.tail_fetch_len = 0; + sec_sess->tls_opt.tail_fetch_len = 0; if (sa_dptr->w2.s.cipher_select == ROC_IE_OT_TLS_CIPHER_3DES) - sec_sess->tls.tail_fetch_len = 1; + sec_sess->tls_opt.tail_fetch_len = 1; else if (sa_dptr->w2.s.cipher_select == ROC_IE_OT_TLS_CIPHER_AES_CBC) - sec_sess->tls.tail_fetch_len = 2; - } else if (sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_TLS_13) { + sec_sess->tls_opt.tail_fetch_len = 2; + } else if (tls_xfrm->ver == RTE_SECURITY_VERSION_TLS_1_3) { inst_w4.s.opcode_major = ROC_IE_OT_TLS13_MAJOR_OP_RECORD_DEC | ROC_IE_OT_INPLACE_BIT; } - sec_sess->tls.tls_ver = tls_ver; + sec_sess->tls_opt.tls_ver = tls_ver; sec_sess->inst.w4 = inst_w4.u64; sec_sess->inst.w7 = cpt_inst_w7_get(roc_cpt, read_sa); @@ -730,18 +746,23 @@ cn10k_tls_write_sa_create(struct roc_cpt *roc_cpt, struct roc_cpt_lf *lf, sec_sess->iv_length = crypto_xfrm->next->cipher.iv.length; } - sec_sess->tls.tls_ver = tls_ver; - sec_sess->tls.is_write = 1; - sec_sess->tls.enable_padding = tls_xfrm->options.extra_padding_enable; + sec_sess->tls_opt.is_write = 1; + sec_sess->tls_opt.pad_shift = 0; + sec_sess->tls_opt.tls_ver = tls_ver; + sec_sess->tls_opt.enable_padding = tls_xfrm->options.extra_padding_enable; sec_sess->max_extended_len = tls_write_rlens_get(tls_xfrm, crypto_xfrm); sec_sess->proto = RTE_SECURITY_PROTOCOL_TLS_RECORD; /* pre-populate CPT INST word 4 */ inst_w4.u64 = 0; - if ((sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_TLS_12) || - (sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_DTLS_12)) { + if ((tls_ver == RTE_SECURITY_VERSION_TLS_1_2) || + (tls_ver == RTE_SECURITY_VERSION_DTLS_1_2)) { inst_w4.s.opcode_major = ROC_IE_OT_TLS_MAJOR_OP_RECORD_ENC | ROC_IE_OT_INPLACE_BIT; - } else if (sa_dptr->w2.s.version_select == ROC_IE_OT_TLS_VERSION_TLS_13) { + if (sa_dptr->w2.s.cipher_select == ROC_IE_OT_TLS_CIPHER_3DES) + sec_sess->tls_opt.pad_shift = 3; + else + sec_sess->tls_opt.pad_shift = 4; + } else if (tls_ver == RTE_SECURITY_VERSION_TLS_1_3) { inst_w4.s.opcode_major = ROC_IE_OT_TLS13_MAJOR_OP_RECORD_ENC | ROC_IE_OT_INPLACE_BIT; } @@ -830,7 +851,7 @@ cn10k_sec_tls_session_destroy(struct cnxk_cpt_qp *qp, struct cn10k_sec_session * ret = -1; - if (sess->tls.is_write) { + if (sess->tls_opt.is_write) { sa_dptr = plt_zmalloc(sizeof(struct roc_ie_ot_tls_write_sa), 8); if (sa_dptr != NULL) { tls_write_sa_init(sa_dptr); diff --git a/drivers/crypto/cnxk/cn10k_tls_ops.h b/drivers/crypto/cnxk/cn10k_tls_ops.h index 6fd74927ee..64f94a4e8b 100644 --- a/drivers/crypto/cnxk/cn10k_tls_ops.h +++ b/drivers/crypto/cnxk/cn10k_tls_ops.h @@ -21,16 +21,21 @@ process_tls_write(struct roc_cpt_lf *lf, struct rte_crypto_op *cop, struct cn10k struct cpt_qp_meta_info *m_info, struct cpt_inflight_req *infl_req, struct cpt_inst_s *inst, const bool is_sg_ver2) { + struct cn10k_tls_opt tls_opt = sess->tls_opt; struct rte_crypto_sym_op *sym_op = cop->sym; #ifdef LA_IPSEC_DEBUG struct roc_ie_ot_tls_write_sa *write_sa; #endif struct rte_mbuf *m_src = sym_op->m_src; + uint32_t pad_len, pad_bytes; struct rte_mbuf *last_seg; union cpt_inst_w4 w4; void *m_data = NULL; uint8_t *in_buffer; + pad_bytes = (cop->aux_flags * 8) > 0xff ? 0xff : (cop->aux_flags * 8); + pad_len = (pad_bytes >> tls_opt.pad_shift) * tls_opt.enable_padding; + #ifdef LA_IPSEC_DEBUG write_sa = &sess->tls_rec.write_sa; if (write_sa->w2.s.iv_at_cptr == ROC_IE_OT_TLS_IV_SRC_FROM_SA) { @@ -94,7 +99,7 @@ process_tls_write(struct roc_cpt_lf *lf, struct rte_crypto_op *cop, struct cn10k w4.s.dlen = m_src->data_len; w4.s.param2 = cop->param1.tls_record.content_type; - w4.s.opcode_minor = sess->tls.enable_padding * cop->aux_flags * 8; + w4.s.opcode_minor = pad_len; inst->w4.u64 = w4.u64; } else if (is_sg_ver2 == false) { @@ -148,10 +153,10 @@ process_tls_write(struct roc_cpt_lf *lf, struct rte_crypto_op *cop, struct cn10k w4.s.param1 = rte_pktmbuf_pkt_len(m_src); w4.s.param2 = cop->param1.tls_record.content_type; w4.s.opcode_major |= (uint64_t)ROC_DMA_MODE_SG; - w4.s.opcode_minor = sess->tls.enable_padding * cop->aux_flags * 8; + w4.s.opcode_minor = pad_len; /* Output Scatter List */ - last_seg->data_len += sess->max_extended_len; + last_seg->data_len += sess->max_extended_len + pad_bytes; inst->w4.u64 = w4.u64; } else { struct roc_sg2list_comp *scatter_comp, *gather_comp; @@ -198,11 +203,11 @@ process_tls_write(struct roc_cpt_lf *lf, struct rte_crypto_op *cop, struct cn10k w4.u64 = sess->inst.w4; w4.s.dlen = rte_pktmbuf_pkt_len(m_src); w4.s.opcode_major &= (~(ROC_IE_OT_INPLACE_BIT)); - w4.s.opcode_minor = sess->tls.enable_padding * cop->aux_flags * 8; + w4.s.opcode_minor = pad_len; w4.s.param1 = w4.s.dlen; w4.s.param2 = cop->param1.tls_record.content_type; /* Output Scatter List */ - last_seg->data_len += sess->max_extended_len; + last_seg->data_len += sess->max_extended_len + pad_bytes; inst->w4.u64 = w4.u64; } @@ -234,7 +239,7 @@ process_tls_read(struct rte_crypto_op *cop, struct cn10k_sec_session *sess, inst->w4.u64 = w4.u64; } else if (is_sg_ver2 == false) { struct roc_sglist_comp *scatter_comp, *gather_comp; - int tail_len = sess->tls.tail_fetch_len * 16; + int tail_len = sess->tls_opt.tail_fetch_len * 16; int pkt_len = rte_pktmbuf_pkt_len(m_src); uint32_t g_size_bytes, s_size_bytes; uint16_t *sg_hdr; @@ -289,7 +294,7 @@ process_tls_read(struct rte_crypto_op *cop, struct cn10k_sec_session *sess, inst->w4.u64 = w4.u64; } else { struct roc_sg2list_comp *scatter_comp, *gather_comp; - int tail_len = sess->tls.tail_fetch_len * 16; + int tail_len = sess->tls_opt.tail_fetch_len * 16; int pkt_len = rte_pktmbuf_pkt_len(m_src); union cpt_inst_w5 cpt_inst_w5; union cpt_inst_w6 cpt_inst_w6; From patchwork Thu Mar 14 08:38:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vidya Sagar Velumuri X-Patchwork-Id: 138361 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AFF8643CAE; Thu, 14 Mar 2024 09:40:12 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0B5D442E97; Thu, 14 Mar 2024 09:39:31 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 78E2242E87 for ; Thu, 14 Mar 2024 09:39:29 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42DNEBhh016161 for ; Thu, 14 Mar 2024 01:39:29 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=Em5DnOLvXu8ha4dwGbEBJh4ut/jTijn2y0zmLNq4iOI=; b=Snx w24HElrOPS0kZs+G9wAQB90QDC0TdOQ9DzxWyYGdijMqKGqqmm43byvR5MxGqbPr STP8YaOQB3AzroryOLQBwHMvbDKBg5NHUZp9R20ImnIIHad9AGimwJo7qp21TaZM 3ATZhYpqaXgl1Ew08ZwuiURq1aHoYkl8V5GpfMM7fZ/KYTXzfwcyrwETb6Ttp+Co ki+TI9znK5qkbLw6JS7oSI94Ghrc2OavM1nGl4savVo6s39grgOdDrixem2gmcDV n3acXx67+Nb/hkB9S7YpArfcS4YoDYPtBWOEOTA7mG6ROGWPg3GzVuCv1c09DiM9 wqdCxvA2ITROE/GK+Mw== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wucg2uwvc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 14 Mar 2024 01:39:28 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Thu, 14 Mar 2024 01:39:28 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Thu, 14 Mar 2024 01:39:28 -0700 Received: from localhost.localdomain (unknown [10.28.36.179]) by maili.marvell.com (Postfix) with ESMTP id 6693A3F706F; Thu, 14 Mar 2024 01:39:25 -0700 (PDT) From: Vidya Sagar Velumuri To: Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj CC: , , , , Subject: [PATCH 08/12] crypto/cnxk: add support for oop processing in TLS Date: Thu, 14 Mar 2024 01:38:40 -0700 Message-ID: <20240314083844.3319506-9-vvelumuri@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240314083844.3319506-1-vvelumuri@marvell.com> References: <20240314083844.3319506-1-vvelumuri@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: FGT-_L_TM_TMJoS9FnsSEqIitc5CGhl2 X-Proofpoint-GUID: FGT-_L_TM_TMJoS9FnsSEqIitc5CGhl2 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-14_07,2024-03-13_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Aakash Sasidharan Add support for out-of-place processing in TLS. Signed-off-by: Aakash Sasidharan --- drivers/crypto/cnxk/cn10k_tls_ops.h | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/cnxk/cn10k_tls_ops.h b/drivers/crypto/cnxk/cn10k_tls_ops.h index 64f94a4e8b..e8e2547f68 100644 --- a/drivers/crypto/cnxk/cn10k_tls_ops.h +++ b/drivers/crypto/cnxk/cn10k_tls_ops.h @@ -27,6 +27,7 @@ process_tls_write(struct roc_cpt_lf *lf, struct rte_crypto_op *cop, struct cn10k struct roc_ie_ot_tls_write_sa *write_sa; #endif struct rte_mbuf *m_src = sym_op->m_src; + struct rte_mbuf *m_dst = sym_op->m_dst; uint32_t pad_len, pad_bytes; struct rte_mbuf *last_seg; union cpt_inst_w4 w4; @@ -191,7 +192,9 @@ process_tls_write(struct roc_cpt_lf *lf, struct rte_crypto_op *cop, struct cn10k i = 0; scatter_comp = (struct roc_sg2list_comp *)((uint8_t *)gather_comp + g_size_bytes); - i = fill_sg2_comp_from_pkt(scatter_comp, i, m_src); + if (m_dst == NULL) + m_dst = m_src; + i = fill_sg2_comp_from_pkt(scatter_comp, i, m_dst); cpt_inst_w6.s.scatter_sz = ((i + 2) / 3); @@ -221,6 +224,7 @@ process_tls_read(struct rte_crypto_op *cop, struct cn10k_sec_session *sess, { struct rte_crypto_sym_op *sym_op = cop->sym; struct rte_mbuf *m_src = sym_op->m_src; + struct rte_mbuf *m_dst = sym_op->m_dst; union cpt_inst_w4 w4; uint8_t *in_buffer; void *m_data; @@ -334,7 +338,9 @@ process_tls_read(struct rte_crypto_op *cop, struct cn10k_sec_session *sess, i = 0; scatter_comp = (struct roc_sg2list_comp *)((uint8_t *)gather_comp + g_size_bytes); - i = fill_sg2_comp_from_pkt(scatter_comp, i, m_src); + if (m_dst == NULL) + m_dst = m_src; + i = fill_sg2_comp_from_pkt(scatter_comp, i, m_dst); cpt_inst_w6.s.scatter_sz = ((i + 2) / 3); From patchwork Thu Mar 14 08:38:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vidya Sagar Velumuri X-Patchwork-Id: 138362 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3F9B043CAE; Thu, 14 Mar 2024 09:40:18 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 97CD742E70; Thu, 14 Mar 2024 09:39:36 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 9D73942E64 for ; Thu, 14 Mar 2024 09:39:34 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42DNgMND016200 for ; Thu, 14 Mar 2024 01:39:34 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=Ex6x3OH5QeRXgbvUxXDI2taKxed/0t6DqSggt22YnDM=; b=Ql6 jDzPoZEeFOPL0MwQDRLPzkZWCzAya7RjkQ3POD3CwlLEU/9K+ZVkH+84cs6M6deO jnB8PM8r3rkobdx/nPUYl3O88/xfzESvC7fG0b65GRk+hRh7DhPp/0wByet132G9 BvxUJFCkrVCXW7Lp6fcHi6i4VCfbfRKzYPPji43QEHz15RqYV0B1lUerB/hYiVuS jCUdo0DxgmUjlaU3UcqGHgGNE36ygqAZ3CV92dFDzgoXaOB82CgCDhOaU87N/GW0 SetkEPcD+kx4Q3568w4xiHAdkYqtqP3w5NpcW4jMIXmtTaBoiam7acmjxL/gM+PK tSdtOORqpnRlO+peyeg== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wucg2uwvt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 14 Mar 2024 01:39:33 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Thu, 14 Mar 2024 01:39:32 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 14 Mar 2024 01:39:32 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Thu, 14 Mar 2024 01:39:32 -0700 Received: from localhost.localdomain (unknown [10.28.36.179]) by maili.marvell.com (Postfix) with ESMTP id 815085B692A; Thu, 14 Mar 2024 01:39:28 -0700 (PDT) From: Vidya Sagar Velumuri To: Nithin Dabilpuram , Kiran Kumar K , Sunil Kumar Kori , Satha Rao , Harman Kalra , Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj CC: , , , , Subject: [PATCH 09/12] crypto/cnxk: update the context structure of tls Date: Thu, 14 Mar 2024 01:38:41 -0700 Message-ID: <20240314083844.3319506-10-vvelumuri@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240314083844.3319506-1-vvelumuri@marvell.com> References: <20240314083844.3319506-1-vvelumuri@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: yXUh117dkpWmOv0Z5lPQPaGQ6sZKbluV X-Proofpoint-GUID: yXUh117dkpWmOv0Z5lPQPaGQ6sZKbluV X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-14_07,2024-03-13_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Keep the record context for TLS-1.3 in sync with microcode structure. Report error if optional padding is enabled for AEAD case in both TLS-1.2 and DTLS-1.2. Signed-off-by: Vidya Sagar Velumuri --- drivers/common/cnxk/roc_ie_ot_tls.h | 17 ++++++++++++----- drivers/crypto/cnxk/cn10k_tls.c | 4 ++-- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/drivers/common/cnxk/roc_ie_ot_tls.h b/drivers/common/cnxk/roc_ie_ot_tls.h index b85d075e86..44850f7060 100644 --- a/drivers/common/cnxk/roc_ie_ot_tls.h +++ b/drivers/common/cnxk/roc_ie_ot_tls.h @@ -67,6 +67,16 @@ struct roc_ie_ot_tls_read_ctx_update_reg { uint64_t ar_winbits[ROC_IE_OT_TLS_AR_WINBITS_SZ]; }; +struct roc_ie_ot_tls_1_3_read_ctx_update_reg { + uint64_t rsvd0; + uint64_t ar_valid_mask; + uint64_t hard_life; + uint64_t soft_life; + uint64_t mib_octs; + uint64_t mib_pkts; + uint64_t rsvd1; +}; + union roc_ie_ot_tls_param2 { uint16_t u16; struct { @@ -136,11 +146,8 @@ struct roc_ie_ot_tls_read_sa { union { struct { - /* Word10 */ - uint64_t w10_rsvd6; - - /* Word11 - Word25 */ - struct roc_ie_ot_tls_read_ctx_update_reg ctx; + /* Word10 - Word16 */ + struct roc_ie_ot_tls_1_3_read_ctx_update_reg ctx; } tls_13; struct { diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c index dea4e501f3..fbf45c464a 100644 --- a/drivers/crypto/cnxk/cn10k_tls.c +++ b/drivers/crypto/cnxk/cn10k_tls.c @@ -118,8 +118,8 @@ cnxk_tls_xform_verify(struct rte_security_tls_record_xform *tls_xform, if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { /* optional padding is not allowed in TLS-1.2 for AEAD */ - if ((tls_xform->ver == RTE_SECURITY_VERSION_TLS_1_2) && - (tls_xform->options.extra_padding_enable == 1)) + if ((tls_xform->options.extra_padding_enable == 1) && + (tls_xform->ver != RTE_SECURITY_VERSION_TLS_1_3)) return -EINVAL; return tls_xform_aead_verify(tls_xform, crypto_xform); From patchwork Thu Mar 14 08:38:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vidya Sagar Velumuri X-Patchwork-Id: 138363 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C96E343CAE; Thu, 14 Mar 2024 09:40:23 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0AD2A42E94; Thu, 14 Mar 2024 09:39:39 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 0778242E92 for ; Thu, 14 Mar 2024 09:39:36 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42DNJPLM016325 for ; Thu, 14 Mar 2024 01:39:36 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=05wsHjxsGyPMZcBJc9lLbr/iA1kcNv2pHdsps8W4daA=; b=HZe oOPU8jne5SMH2mJKyG1Mb/0y/wWyoxAtH9gFPgLhIlf5KAw24eAeHQWUuxjq2D7M ZhsEVl5apTfZoqls8Tcjw2jophQfuLkf1s0o9TYGKURWBi6lCqkEk0jjdixPkpPt K/r/xBqqDdqE0W0I7Y97NqjTfk3OKi+l/SG+uBOXW8fmCUpELj6NI2N9S+GqiBqz SMzZ2NqDE1tr/fY0SjgaDxnizPXBk5FB2oWetv+hsujnKtjfKNF8d8100LHtX0rP CK03Loi403ZCgD/9Riny24kvuZc0JW5y9i76CWYPZ02Ujp4FttLfzT8KC0VjZ9m3 2xwkDtoyz6ascj1gDnw== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wucg2uww3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 14 Mar 2024 01:39:36 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Thu, 14 Mar 2024 01:39:35 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Thu, 14 Mar 2024 01:39:35 -0700 Received: from localhost.localdomain (unknown [10.28.36.179]) by maili.marvell.com (Postfix) with ESMTP id DE20C3F7051; Thu, 14 Mar 2024 01:39:32 -0700 (PDT) From: Vidya Sagar Velumuri To: Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj CC: , , , , Subject: [PATCH 10/12] crypto/cnxk: use proper offset for context calculation Date: Thu, 14 Mar 2024 01:38:42 -0700 Message-ID: <20240314083844.3319506-11-vvelumuri@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240314083844.3319506-1-vvelumuri@marvell.com> References: <20240314083844.3319506-1-vvelumuri@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: HwPDLskYpEGp4chgChmkrWDVvzMXDTiS X-Proofpoint-GUID: HwPDLskYpEGp4chgChmkrWDVvzMXDTiS X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-14_07,2024-03-13_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Use the proper offset for calculating the context size in case of TLS-1.3. Signed-off-by: Vidya Sagar Velumuri --- drivers/crypto/cnxk/cn10k_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c index fbf45c464a..4b558ef365 100644 --- a/drivers/crypto/cnxk/cn10k_tls.c +++ b/drivers/crypto/cnxk/cn10k_tls.c @@ -309,7 +309,7 @@ tls_read_ctx_size(struct roc_ie_ot_tls_read_sa *sa, enum rte_security_tls_versio /* Variable based on Anti-replay Window */ if (tls_ver == RTE_SECURITY_VERSION_TLS_1_3) { size = offsetof(struct roc_ie_ot_tls_read_sa, tls_13.ctx) + - offsetof(struct roc_ie_ot_tls_read_ctx_update_reg, ar_winbits); + sizeof(struct roc_ie_ot_tls_1_3_read_ctx_update_reg); } else { size = offsetof(struct roc_ie_ot_tls_read_sa, tls_12.ctx) + offsetof(struct roc_ie_ot_tls_read_ctx_update_reg, ar_winbits); From patchwork Thu Mar 14 08:38:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vidya Sagar Velumuri X-Patchwork-Id: 138364 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F06BF43CAE; Thu, 14 Mar 2024 09:40:29 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8211342EA6; Thu, 14 Mar 2024 09:39:51 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 93FFF42EA5 for ; Thu, 14 Mar 2024 09:39:41 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42DNgMNE016200 for ; Thu, 14 Mar 2024 01:39:41 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=OAkS7JQ++noNfBRHHMZMM8xmivwbAS8+1INt1kzsd/0=; b=YBb soMQLMe4wPXnpRPDBUDn2wM3fqnET+i1s7wnNhyEmVinBmW7ehI+yhJWaiYACwe1 hx04yv+FNhjrh2PXF+Zf09fQfsgf4JmmZ0XMbBIsAXjcGkV3aWc13UF5OIQUbNAt bIhqu/0wwXUySNO4Rmg+SxsmJwBfn6ODOjo5oZ8yZElHk5HnqWpan7xXeQ2uJrQm 8G0CAXU75c73lxlVxPQ4KmXaRqA+EzOM/QupptSmrevumBguYcKJx/LIUNjyFfYJ FNFNmwU/AaQsr4t2hFIEHTa8EMhLyvw2RgBFKB7kfBCNhy68TSO55SXiCI3peSho hoUWU/sn92SK/5719jw== Received: from dc6wp-exch02.marvell.com ([4.21.29.225]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wucg2uwwg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 14 Mar 2024 01:39:40 -0700 (PDT) Received: from DC6WP-EXCH02.marvell.com (10.76.176.209) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Thu, 14 Mar 2024 01:39:40 -0700 Received: from maili.marvell.com (10.69.176.80) by DC6WP-EXCH02.marvell.com (10.76.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Thu, 14 Mar 2024 01:39:40 -0700 Received: from localhost.localdomain (unknown [10.28.36.179]) by maili.marvell.com (Postfix) with ESMTP id 112D63F7051; Thu, 14 Mar 2024 01:39:35 -0700 (PDT) From: Vidya Sagar Velumuri To: Nithin Dabilpuram , Kiran Kumar K , Sunil Kumar Kori , Satha Rao , Harman Kalra , Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj CC: , , , , Subject: [PATCH 11/12] crypto/cnxk: enable chachapoly capability for tls Date: Thu, 14 Mar 2024 01:38:43 -0700 Message-ID: <20240314083844.3319506-12-vvelumuri@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240314083844.3319506-1-vvelumuri@marvell.com> References: <20240314083844.3319506-1-vvelumuri@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: jrBxYDGgpIxOtBtIvBoe1Jr75KSEOrMM X-Proofpoint-GUID: jrBxYDGgpIxOtBtIvBoe1Jr75KSEOrMM X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-14_07,2024-03-13_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Enable CHACHA20-POLY1305 support for TLS-1.3. Signed-off-by: Vidya Sagar Velumuri --- drivers/common/cnxk/roc_ie_ot_tls.h | 1 + drivers/crypto/cnxk/cn10k_tls.c | 40 ++++++++++++------- drivers/crypto/cnxk/cnxk_cryptodev.h | 4 +- .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 31 ++++++++++++++ 4 files changed, 60 insertions(+), 16 deletions(-) diff --git a/drivers/common/cnxk/roc_ie_ot_tls.h b/drivers/common/cnxk/roc_ie_ot_tls.h index 44850f7060..2d6a290d9b 100644 --- a/drivers/common/cnxk/roc_ie_ot_tls.h +++ b/drivers/common/cnxk/roc_ie_ot_tls.h @@ -39,6 +39,7 @@ enum roc_ie_ot_tls_cipher_type { ROC_IE_OT_TLS_CIPHER_AES_CBC = 3, ROC_IE_OT_TLS_CIPHER_AES_GCM = 7, ROC_IE_OT_TLS_CIPHER_AES_CCM = 10, + ROC_IE_OT_TLS_CIPHER_CHACHA_POLY = 9, }; enum roc_ie_ot_tls_ver { diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c index 4b558ef365..7b73a58d2a 100644 --- a/drivers/crypto/cnxk/cn10k_tls.c +++ b/drivers/crypto/cnxk/cn10k_tls.c @@ -97,6 +97,9 @@ tls_xform_aead_verify(struct rte_security_tls_record_xform *tls_xform, return 0; } + if ((crypto_xform->aead.algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305) && (keylen == 32)) + return 0; + return -EINVAL; } @@ -351,15 +354,20 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa, cipher_key = read_sa->cipher_key; /* Set encryption algorithm */ - if ((crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) && - (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)) { - read_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM; - + if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) { length = crypto_xfrm->aead.key.length; - if (length == 16) - read_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128; - else + if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { + read_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM; + if (length == 16) + read_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128; + else + read_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256; + } + + if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305) { + read_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_CHACHA_POLY; read_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256; + } key = crypto_xfrm->aead.key.data; memcpy(cipher_key, key, length); @@ -500,15 +508,19 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa, cipher_key = write_sa->cipher_key; /* Set encryption algorithm */ - if ((crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) && - (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM)) { - write_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM; - + if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) { length = crypto_xfrm->aead.key.length; - if (length == 16) - write_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128; - else + if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_AES_GCM) { + write_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_AES_GCM; + if (length == 16) + write_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_128; + else + write_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256; + } + if (crypto_xfrm->aead.algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305) { + write_sa->w2.s.cipher_select = ROC_IE_OT_TLS_CIPHER_CHACHA_POLY; write_sa->w2.s.aes_key_len = ROC_IE_OT_TLS_AES_KEY_LEN_256; + } key = crypto_xfrm->aead.key.data; memcpy(cipher_key, key, length); diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.h b/drivers/crypto/cnxk/cnxk_cryptodev.h index dccd563872..fffc4a47b4 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev.h +++ b/drivers/crypto/cnxk/cnxk_cryptodev.h @@ -13,9 +13,9 @@ #define CNXK_CPT_MAX_CAPS 55 #define CNXK_SEC_IPSEC_CRYPTO_MAX_CAPS 16 -#define CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS 2 +#define CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS 3 #define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 7 -#define CNXK_SEC_MAX_CAPS 18 +#define CNXK_SEC_MAX_CAPS 19 /** * Device private data diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index 5bafa226e0..0d5d64b6e7 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -1693,6 +1693,37 @@ static const struct rte_cryptodev_capabilities sec_tls13_caps_aes[] = { }, } }, } }, + { /* CHACHA POLY */ + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + {.sym = { + .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, + {.aead = { + .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305, + .block_size = 64, + .key_size = { + .min = 32, + .max = 32, + .increment = 0 + }, + .digest_size = { + .min = 16, + .max = 16, + .increment = 0 + }, + .aad_size = { + .min = 5, + .max = 5, + .increment = 0 + }, + .iv_size = { + .min = 0, + .max = 0, + .increment = 0 + } + }, } + }, } + }, + }; From patchwork Thu Mar 14 08:38:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vidya Sagar Velumuri X-Patchwork-Id: 138365 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CA0C643CAE; Thu, 14 Mar 2024 09:40:35 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 12C0642EAD; Thu, 14 Mar 2024 09:39:53 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 61B0742E5D for ; Thu, 14 Mar 2024 09:39:45 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 42DNOkNC015597 for ; Thu, 14 Mar 2024 01:39:44 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s= pfpt0220; bh=hwK6n1u+asxPKcdGmMkaqnNkq0R7L4rxwM3KAJjpDe0=; b=WGl +f80SArbf4WRrVuiCuYDBkF/9njHBRBD1C3Syt76xvb/APn/tnf0HgjPs5gv53i7 3CK+TE5TGwNxDw8TLgherIe16xHlr6rkCqKt3znGH2IreAb5KHKaC843mqeG6lY3 IhwilX6Sx+vqnT6vbj8ezEs3/YRj5fAB3tEa9UHK7Q7coSWw3NNwBv+XFj6aCV3Z 2E7gBv/ekVBq5BR50DCZy2XRLLn+QqLHHMtRFvf/wsTFts+CDAh3ORLkXC73EoHc Hv2VawRwjQAQXkjAIEdsYo2qCtTtj9WQIObmbV3CxjxgG75/RLgZ6jffNz80VU8w k1yPi+NMo9JetODMz8A== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3wucg2uwws-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 14 Mar 2024 01:39:44 -0700 (PDT) Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1258.12; Thu, 14 Mar 2024 01:39:43 -0700 Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 14 Mar 2024 01:39:43 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Thu, 14 Mar 2024 01:39:43 -0700 Received: from localhost.localdomain (unknown [10.28.36.179]) by maili.marvell.com (Postfix) with ESMTP id 6B8593F7051; Thu, 14 Mar 2024 01:39:40 -0700 (PDT) From: Vidya Sagar Velumuri To: Ankur Dwivedi , Anoob Joseph , Tejasree Kondoj CC: , , , , Subject: [PATCH 12/12] crypto/cnxk: remove the response len handling for tls Date: Thu, 14 Mar 2024 01:38:44 -0700 Message-ID: <20240314083844.3319506-13-vvelumuri@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240314083844.3319506-1-vvelumuri@marvell.com> References: <20240314083844.3319506-1-vvelumuri@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: TV15ejADyvZ44P2mAQTDY_7J881tRMOp X-Proofpoint-GUID: TV15ejADyvZ44P2mAQTDY_7J881tRMOp X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-14_07,2024-03-13_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Microcode is updating the rlen properly for TLS-1.3 Remove the rlen handling for the same in PMD. Signed-off-by: Vidya Sagar Velumuri --- drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index 5f0cf1b1f8..720b756001 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -1124,8 +1124,6 @@ cn10k_cpt_tls_post_process(struct rte_crypto_op *cop, struct cpt_cn10k_res_s *re uint16_t m_len = res->rlen; if (!res->uc_compcode) { - if ((tls_opt.tls_ver == RTE_SECURITY_VERSION_TLS_1_3) && (!tls_opt.is_write)) - m_len -= 1; if (mbuf->next == NULL) mbuf->data_len = m_len; mbuf->pkt_len = m_len;