From: Tejasree Kondoj <ktejasree@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>
Cc: Vidya Sagar Velumuri <vvelumuri@marvell.com>,
Anoob Joseph <anoobj@marvell.com>,
Aakash Sasidharan <asasidharan@marvell.com>,
"Nithinsen Kaithakadan" <nkaithakadan@marvell.com>,
Rupesh Chiluka <rchiluka@marvell.com>, <dev@dpdk.org>
Subject: [PATCH 22/40] crypto/cnxk: add skeleton for tls
Date: Fri, 23 May 2025 19:20:53 +0530 [thread overview]
Message-ID: <20250523135111.2178408-23-ktejasree@marvell.com> (raw)
In-Reply-To: <20250523135111.2178408-1-ktejasree@marvell.com>
From: Vidya Sagar Velumuri <vvelumuri@marvell.com>
Add skeleton for tls support for cn20k
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
drivers/common/cnxk/roc_ie_ow_tls.h | 233 ++++++++++++++++++++++++++++
drivers/crypto/cnxk/cn20k_tls.c | 56 +++++++
drivers/crypto/cnxk/cn20k_tls.h | 40 +++++
drivers/crypto/cnxk/meson.build | 1 +
4 files changed, 330 insertions(+)
create mode 100644 drivers/common/cnxk/roc_ie_ow_tls.h
create mode 100644 drivers/crypto/cnxk/cn20k_tls.c
create mode 100644 drivers/crypto/cnxk/cn20k_tls.h
diff --git a/drivers/common/cnxk/roc_ie_ow_tls.h b/drivers/common/cnxk/roc_ie_ow_tls.h
new file mode 100644
index 0000000000..d2338926cc
--- /dev/null
+++ b/drivers/common/cnxk/roc_ie_ow_tls.h
@@ -0,0 +1,233 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2025 Marvell.
+ */
+
+#ifndef __ROC_IE_OW_TLS_H__
+#define __ROC_IE_OW_TLS_H__
+
+#include "roc_platform.h"
+
+#define ROC_IE_OW_TLS_CTX_ILEN 1
+#define ROC_IE_OW_TLS_CTX_HDR_SIZE 1
+#define ROC_IE_OW_TLS_AR_WIN_SIZE_MAX 4096
+#define ROC_IE_OW_TLS_LOG_MIN_AR_WIN_SIZE_M1 5
+
+/* u64 array size to fit anti replay window bits */
+#define ROC_IE_OW_TLS_AR_WINBITS_SZ \
+ (PLT_ALIGN_CEIL(ROC_IE_OW_TLS_AR_WIN_SIZE_MAX, BITS_PER_LONG_LONG) / BITS_PER_LONG_LONG)
+
+/* CN20K TLS opcodes */
+#define ROC_IE_OW_TLS_MAJOR_OP_RECORD_ENC 0x16UL
+#define ROC_IE_OW_TLS_MAJOR_OP_RECORD_DEC 0x17UL
+#define ROC_IE_OW_TLS13_MAJOR_OP_RECORD_ENC 0x18UL
+#define ROC_IE_OW_TLS13_MAJOR_OP_RECORD_DEC 0x19UL
+
+#define ROC_IE_OW_TLS_CTX_MAX_OPAD_IPAD_LEN 128
+#define ROC_IE_OW_TLS_CTX_MAX_KEY_IV_LEN 48
+#define ROC_IE_OW_TLS_CTX_MAX_IV_LEN 16
+
+enum roc_ie_ow_tls_mac_type {
+ ROC_IE_OW_TLS_MAC_MD5 = 1,
+ ROC_IE_OW_TLS_MAC_SHA1 = 2,
+ ROC_IE_OW_TLS_MAC_SHA2_256 = 4,
+ ROC_IE_OW_TLS_MAC_SHA2_384 = 5,
+ ROC_IE_OW_TLS_MAC_SHA2_512 = 6,
+};
+
+enum roc_ie_ow_tls_cipher_type {
+ ROC_IE_OW_TLS_CIPHER_3DES = 1,
+ ROC_IE_OW_TLS_CIPHER_AES_CBC = 3,
+ ROC_IE_OW_TLS_CIPHER_AES_GCM = 7,
+ ROC_IE_OW_TLS_CIPHER_AES_CCM = 10,
+ ROC_IE_OW_TLS_CIPHER_CHACHA_POLY = 9,
+};
+
+enum roc_ie_ow_tls_ver {
+ ROC_IE_OW_TLS_VERSION_TLS_12 = 1,
+ ROC_IE_OW_TLS_VERSION_DTLS_12 = 2,
+ ROC_IE_OW_TLS_VERSION_TLS_13 = 3,
+};
+
+enum roc_ie_ow_tls_aes_key_len {
+ ROC_IE_OW_TLS_AES_KEY_LEN_128 = 1,
+ ROC_IE_OW_TLS_AES_KEY_LEN_256 = 3,
+};
+
+enum {
+ ROC_IE_OW_TLS_IV_SRC_DEFAULT = 0,
+ ROC_IE_OW_TLS_IV_SRC_FROM_SA = 1,
+};
+
+struct roc_ie_ow_tls_read_ctx_update_reg {
+ uint64_t ar_base;
+ uint64_t ar_valid_mask;
+ uint64_t hard_life;
+ uint64_t soft_life;
+ uint64_t mib_octs;
+ uint64_t mib_pkts;
+ uint64_t ar_winbits[ROC_IE_OW_TLS_AR_WINBITS_SZ];
+};
+
+struct roc_ie_ow_tls_1_3_read_ctx_update_reg {
+ uint64_t rsvd0;
+ uint64_t ar_valid_mask;
+ uint64_t hard_life;
+ uint64_t soft_life;
+ uint64_t mib_octs;
+ uint64_t mib_pkts;
+ uint64_t rsvd1;
+};
+
+union roc_ie_ow_tls_param2 {
+ uint16_t u16;
+ struct {
+ uint8_t msg_type;
+ uint8_t rsvd;
+ } s;
+};
+
+struct roc_ie_ow_tls_read_sa {
+ /* Word0 */
+ union {
+ struct {
+ uint64_t ar_win : 3;
+ uint64_t hard_life_dec : 1;
+ uint64_t soft_life_dec : 1;
+ uint64_t count_glb_octets : 1;
+ uint64_t count_glb_pkts : 1;
+ uint64_t count_mib_bytes : 1;
+
+ uint64_t count_mib_pkts : 1;
+ uint64_t hw_ctx_off : 7;
+
+ uint64_t ctx_id : 16;
+
+ uint64_t orig_pkt_fabs : 1;
+ uint64_t orig_pkt_free : 1;
+ uint64_t pkind : 6;
+
+ uint64_t rsvd0 : 1;
+ uint64_t et_ovrwr : 1;
+ uint64_t pkt_output : 2;
+ uint64_t pkt_format : 1;
+ uint64_t defrag_opt : 2;
+ uint64_t x2p_dst : 1;
+
+ uint64_t ctx_push_size : 7;
+ uint64_t rsvd1 : 1;
+
+ uint64_t ctx_hdr_size : 2;
+ uint64_t aop_valid : 1;
+ uint64_t rsvd2 : 1;
+ uint64_t ctx_size : 4;
+ } s;
+ uint64_t u64;
+ } w0;
+
+ /* Word1 */
+ uint64_t w1_rsvd3;
+
+ /* Word2 */
+ union {
+ struct {
+ uint64_t version_select : 4;
+ uint64_t aes_key_len : 2;
+ uint64_t cipher_select : 4;
+ uint64_t mac_select : 4;
+ uint64_t rsvd4 : 50;
+ } s;
+ uint64_t u64;
+ } w2;
+
+ /* Word3 */
+ uint64_t w3_rsvd5;
+
+ /* Word4 - Word9 */
+ uint8_t cipher_key[ROC_IE_OW_TLS_CTX_MAX_KEY_IV_LEN];
+
+ union {
+ struct {
+ /* Word10 - Word16 */
+ struct roc_ie_ow_tls_1_3_read_ctx_update_reg ctx;
+ } tls_13;
+
+ struct {
+ /* Word10 - Word25 */
+ uint8_t opad_ipad[ROC_IE_OW_TLS_CTX_MAX_OPAD_IPAD_LEN];
+
+ /* Word26 - Word95 */
+ struct roc_ie_ow_tls_read_ctx_update_reg ctx;
+ } tls_12;
+ };
+};
+
+struct roc_ie_ow_tls_write_sa {
+ /* Word0 */
+ union {
+ struct {
+ uint64_t rsvd0 : 3;
+ uint64_t hard_life_dec : 1;
+ uint64_t soft_life_dec : 1;
+ uint64_t count_glb_octets : 1;
+ uint64_t count_glb_pkts : 1;
+ uint64_t count_mib_bytes : 1;
+
+ uint64_t count_mib_pkts : 1;
+ uint64_t hw_ctx_off : 7;
+
+ uint64_t rsvd1 : 32;
+
+ uint64_t ctx_push_size : 7;
+ uint64_t rsvd2 : 1;
+
+ uint64_t ctx_hdr_size : 2;
+ uint64_t aop_valid : 1;
+ uint64_t rsvd3 : 1;
+ uint64_t ctx_size : 4;
+ } s;
+ uint64_t u64;
+ } w0;
+
+ /* Word1 */
+ uint64_t w1_rsvd4;
+
+ /* Word2 */
+ union {
+ struct {
+ uint64_t version_select : 4;
+ uint64_t aes_key_len : 2;
+ uint64_t cipher_select : 4;
+ uint64_t mac_select : 4;
+ uint64_t iv_at_cptr : 1;
+ uint64_t rsvd5 : 49;
+ } s;
+ uint64_t u64;
+ } w2;
+
+ /* Word3 */
+ uint64_t w3_rsvd6;
+
+ /* Word4 - Word9 */
+ uint8_t cipher_key[ROC_IE_OW_TLS_CTX_MAX_KEY_IV_LEN];
+
+ union {
+ struct {
+ /* Word10 */
+ uint64_t w10_rsvd7;
+
+ uint64_t seq_num;
+ } tls_13;
+
+ struct {
+ /* Word10 - Word25 */
+ uint8_t opad_ipad[ROC_IE_OW_TLS_CTX_MAX_OPAD_IPAD_LEN];
+
+ /* Word26 */
+ uint64_t w26_rsvd7;
+
+ /* Word27 */
+ uint64_t seq_num;
+ } tls_12;
+ };
+};
+#endif /* __ROC_IE_OW_TLS_H__ */
diff --git a/drivers/crypto/cnxk/cn20k_tls.c b/drivers/crypto/cnxk/cn20k_tls.c
new file mode 100644
index 0000000000..cef13a68a4
--- /dev/null
+++ b/drivers/crypto/cnxk/cn20k_tls.c
@@ -0,0 +1,56 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2025 Marvell.
+ */
+
+#include <rte_crypto_sym.h>
+#include <rte_cryptodev.h>
+#include <rte_security.h>
+
+#include <cryptodev_pmd.h>
+
+#include "roc_cpt.h"
+#include "roc_se.h"
+
+#include "cn20k_cryptodev_sec.h"
+#include "cn20k_tls.h"
+#include "cnxk_cryptodev.h"
+#include "cnxk_cryptodev_ops.h"
+#include "cnxk_security.h"
+
+int
+cn20k_tls_record_session_update(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp,
+ struct cn20k_sec_session *sess,
+ struct rte_security_session_conf *conf)
+{
+ RTE_SET_USED(vf);
+ RTE_SET_USED(qp);
+ RTE_SET_USED(sess);
+ RTE_SET_USED(conf);
+
+ return 0;
+}
+
+int
+cn20k_tls_record_session_create(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp,
+ struct rte_security_tls_record_xform *tls_xfrm,
+ struct rte_crypto_sym_xform *crypto_xfrm,
+ struct rte_security_session *sess)
+{
+ RTE_SET_USED(vf);
+ RTE_SET_USED(qp);
+ RTE_SET_USED(tls_xfrm);
+ RTE_SET_USED(crypto_xfrm);
+ RTE_SET_USED(sess);
+
+ return 0;
+}
+
+int
+cn20k_sec_tls_session_destroy(struct cnxk_cpt_qp *qp, struct cn20k_sec_session *sess)
+{
+
+ RTE_SET_USED(qp);
+ RTE_SET_USED(sess);
+
+ return 0;
+}
diff --git a/drivers/crypto/cnxk/cn20k_tls.h b/drivers/crypto/cnxk/cn20k_tls.h
new file mode 100644
index 0000000000..27124602a0
--- /dev/null
+++ b/drivers/crypto/cnxk/cn20k_tls.h
@@ -0,0 +1,40 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2025 Marvell.
+ */
+
+#ifndef __CN20K_TLS_H__
+#define __CN20K_TLS_H__
+
+#include <rte_crypto_sym.h>
+#include <rte_security.h>
+
+#include "roc_ie_ow_tls.h"
+
+#include "cnxk_cryptodev.h"
+#include "cnxk_cryptodev_ops.h"
+
+/* Forward declaration */
+struct cn20k_sec_session;
+
+struct __rte_aligned(ROC_ALIGN) cn20k_tls_record
+{
+ union {
+ /** Read SA */
+ struct roc_ie_ow_tls_read_sa read_sa;
+ /** Write SA */
+ struct roc_ie_ow_tls_write_sa write_sa;
+ };
+};
+
+int cn20k_tls_record_session_update(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp,
+ struct cn20k_sec_session *sess,
+ struct rte_security_session_conf *conf);
+
+int cn20k_tls_record_session_create(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp,
+ struct rte_security_tls_record_xform *tls_xfrm,
+ struct rte_crypto_sym_xform *crypto_xfrm,
+ struct rte_security_session *sess);
+
+int cn20k_sec_tls_session_destroy(struct cnxk_cpt_qp *qp, struct cn20k_sec_session *sess);
+
+#endif /* __CN20K_TLS_H__ */
diff --git a/drivers/crypto/cnxk/meson.build b/drivers/crypto/cnxk/meson.build
index f8077e4d4c..912c4a0851 100644
--- a/drivers/crypto/cnxk/meson.build
+++ b/drivers/crypto/cnxk/meson.build
@@ -21,6 +21,7 @@ sources = files(
'cn20k_cryptodev_ops.c',
'cn20k_cryptodev_sec.c',
'cn20k_ipsec.c',
+ 'cn20k_tls.c',
'cnxk_cryptodev.c',
'cnxk_cryptodev_capabilities.c',
'cnxk_cryptodev_devargs.c',
--
2.25.1
next prev parent reply other threads:[~2025-05-23 13:53 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-23 13:50 [PATCH 00/40] fixes and new features to cnxk crypto PMD Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 01/40] crypto/cnxk: update the sg list population Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 02/40] crypto/cnxk: add lookaside IPsec CPT LF stats Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 03/40] crypto/cnxk: fix qp stats PMD API Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 04/40] crypto/cnxk: fail Rx inject configure if not supported Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 05/40] crypto/cnxk: add check for max supported gather entries Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 06/40] crypto/cnxk: enable IV from application support Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 07/40] crypto/cnxk: add probe for cn20k crypto device Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 08/40] crypto/cnxk: add ops skeleton for cn20k Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 09/40] crypto/cnxk: add dev info get Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 10/40] crypto/cnxk: add skeletion for enq deq functions Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 11/40] crypto/cnxk: add lmtst routines for cn20k Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 12/40] crypto/cnxk: add enqueue function support Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 13/40] crypto/cnxk: add cryptodev dequeue support for cn20k Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 14/40] crypto/cnxk: move debug dumps to common Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 15/40] crypto/cnxk: add rte security skeletion for cn20k Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 16/40] crypto/cnxk: add security session creation Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 17/40] crypto/cnxk: add security session destroy Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 18/40] crypto/cnxk: move code to common Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 19/40] crypto/cnxk: add rte sec session update Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 20/40] crypto/cnxk: add rte security datapath handling Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 21/40] crypto/cnxk: add Rx inject in security lookaside Tejasree Kondoj
2025-05-23 13:50 ` Tejasree Kondoj [this message]
2025-05-23 13:50 ` [PATCH 23/40] crypto/cnxk: add tls write session creation Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 24/40] crypto/cnxk: add tls read " Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 25/40] crypto/cnxk: add tls session destroy Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 26/40] crypto/cnxk: add enq and dequeue support for TLS Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 27/40] crypto/cnxk: tls post process Tejasree Kondoj
2025-05-23 13:50 ` [PATCH 28/40] crypto/cnxk: add tls session update Tejasree Kondoj
2025-05-23 13:51 ` [PATCH 29/40] crypto/cnxk: include required headers Tejasree Kondoj
2025-05-23 13:51 ` [PATCH 30/40] crypto/cnxk: support raw API for cn20k Tejasree Kondoj
2025-05-23 13:51 ` [PATCH 31/40] crypto/cnxk: add model check " Tejasree Kondoj
2025-05-23 13:51 ` [PATCH 32/40] common/cnxk: fix salt handling with aes-ctr Tejasree Kondoj
2025-05-23 13:51 ` [PATCH 33/40] common/cnxk: set correct salt value for ctr algos Tejasree Kondoj
2025-05-23 13:51 ` [PATCH 34/40] crypto/cnxk: extend check for max supported gather entries Tejasree Kondoj
2025-05-23 13:51 ` [PATCH 35/40] crypto/cnxk: add struct variable for custom metadata Tejasree Kondoj
2025-05-23 13:51 ` [PATCH 36/40] crypto/cnxk: add asym sessionless handling Tejasree Kondoj
2025-05-23 13:51 ` [PATCH 37/40] crypto/cnxk: add support for sessionless asym Tejasree Kondoj
2025-05-23 13:51 ` [PATCH 38/40] doc: update CN20K CPT documentation Tejasree Kondoj
2025-05-23 13:51 ` [PATCH 39/40] common/cnxk: update qsize in CPT iq enable Tejasree Kondoj
2025-05-23 13:51 ` [PATCH 40/40] crypto/cnxk: copy 8B iv into sess in aes ctr Tejasree Kondoj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250523135111.2178408-23-ktejasree@marvell.com \
--to=ktejasree@marvell.com \
--cc=anoobj@marvell.com \
--cc=asasidharan@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=nkaithakadan@marvell.com \
--cc=rchiluka@marvell.com \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).