From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4A170425EC; Wed, 20 Sep 2023 11:24:18 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 34B4440E36; Wed, 20 Sep 2023 11:24:18 +0200 (CEST) Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by mails.dpdk.org (Postfix) with ESMTP id 81E224027B for ; Wed, 20 Sep 2023 11:24:15 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1695201855; x=1726737855; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=X4OpISfK2puMFwqMnQ3qlmesYZ+As/kJqdfSNdzJeoA=; b=ZduefD+9+OQu83jpM8V2rKknQCmo4MfUQy+Q1uucpjDycc4sOPO2dswi T2McPxqgV2cbhWIZ3bCb1jJbh4ZKwpLHIhOcIieZhIsNwkUjILE81RqHB QcLX/2cggN555b98HnUz60ASmuOcE7OEjhn5LxrQH659dReKHRQYloMjZ Bf0ld6Fmw4SN2wMVmX3x3ezjMuabhrSJGHmw6e9CkK6CL4E2FH6dZ/xd5 VXAxfuQrjcFrd7lPGAvHAclpWdOeeI9zbHQyvMkqqd8UnKJN1y8ZXK7Qn rteejkePZhD67rmZ17S/TpIYfuamaqtVZhRJJF/0Rk+7/srj5nsF+J0Z+ A==; X-IronPort-AV: E=McAfee;i="6600,9927,10838"; a="411114019" X-IronPort-AV: E=Sophos;i="6.02,161,1688454000"; d="scan'208";a="411114019" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Sep 2023 02:24:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10838"; a="723198000" X-IronPort-AV: E=Sophos;i="6.02,161,1688454000"; d="scan'208";a="723198000" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga006.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 20 Sep 2023 02:24:14 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Wed, 20 Sep 2023 02:24:14 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Wed, 20 Sep 2023 02:24:13 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32 via Frontend Transport; Wed, 20 Sep 2023 02:24:13 -0700 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (104.47.56.49) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.32; Wed, 20 Sep 2023 02:24:13 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eYdf1x5QGOpQXagK2m3fBPTNRZcDC+dkh3oEvKOGzZzsOsNi4YvgbMSzQw/apdRRmWCxwpiWeoVwKBA4ZMvzSZftZFfE0VNkvOw1rEFelVPnKLtbmXqDEkRFxvlCStLV1LLj6wyzPV+gc+f1TQ/+n2c8jAEUtnBjB+jm2aUht+3fTJOPfWu9h+kwquvlblhiOReF1HlRs3YQQ4WHVQcIis5leYrcayRDCPfJttSLKAFqH6dmJUItXxRyIBs6xFTtjL0HQc/65N5C0S+KwL00BEn5Mey1JsICR0V1xEHgY/pj15ewR9F+/qKWGhDYc8woQ9kg8JjFAR4TxOevbC/F1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lIkFp0Y7FcY5qrxHEsmP8mOhY3K6N4OHsMVkb9wOVas=; b=F02fm6S0ewvRSFfbCCQ9xYV2oOSVF7Iy6n+zKhhRBJhHwmRiAsLRpFvtVKVj76XPpn1V5Nw6dJs96lOPjg5cBqN7yzweJMMDPmJmds+H0M3toLFNlD34gwJr5AYWZRRONy4kxIYgeK78gfqvJIXmve6io4HE/wgXSMYZhC3ZDypv9hgsY/nw1P+DG67QlXSiNi2TADfPxl/I0ORpQea22DRqWhNxcX16WxvaP8wRO4FT994MTwWt2gll0VgoLaRkj1hvlhNE/Nm8IbMfb0TZnaBze8jKmcXm52ArUkJs4YA2P/PQdnqr1xUFRiLkFJwiTlecz6CMlmscA3DWKyPLtQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH8PR11MB6803.namprd11.prod.outlook.com (2603:10b6:510:1cb::12) by SA3PR11MB7582.namprd11.prod.outlook.com (2603:10b6:806:31e::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.20; Wed, 20 Sep 2023 09:24:05 +0000 Received: from PH8PR11MB6803.namprd11.prod.outlook.com ([fe80::7602:b1b7:3114:c3da]) by PH8PR11MB6803.namprd11.prod.outlook.com ([fe80::7602:b1b7:3114:c3da%3]) with mapi id 15.20.6768.029; Wed, 20 Sep 2023 09:24:05 +0000 From: "Van Haaren, Harry" To: Anoob Joseph , Thomas Monjalon , Akhil Goyal , Jerin Jacob , Konstantin Ananyev CC: Hemant Agrawal , "dev@dpdk.org" , "Matz, Olivier" , Vidya Sagar Velumuri Subject: RE: [RFC PATCH 3/3] cryptodev: add details of datapath handling of TLS records Thread-Topic: [RFC PATCH 3/3] cryptodev: add details of datapath handling of TLS records Thread-Index: AQHZzCQG/HyYkxVEuUWjdVahKTGzYrAjrOlw Date: Wed, 20 Sep 2023 09:24:05 +0000 Message-ID: References: <20230811071712.240-1-anoobj@marvell.com> <20230811071712.240-4-anoobj@marvell.com> In-Reply-To: <20230811071712.240-4-anoobj@marvell.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH8PR11MB6803:EE_|SA3PR11MB7582:EE_ x-ms-office365-filtering-correlation-id: 941ccabf-ebf5-4c01-a999-08dbb9bb55c4 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: HZlo1EjUt1JqFT5HLj5e7hCXqvfvKTo8aSNigTSEZ8XrbmxWDHpBhE602Je05Hpx8MVfhJ5mP+uwsXWBSq1SOFuBUi48d/NeVFbTJGZrqXfKS2XrTEq0eFaTWXQBw1nT74j+G7g9gnlKBQWat1LAkW6pNbHmqzjqqZ1Ta/7OOo45imdZ3UMHnEWXHLLGYZL+qNIa6oX6Vpch65fgmdyepBJL9NJ6l0RxW8SpBEl9RaLzvow9E5dSELVwGI3msqOCRW7agEQa1B9u9ucvJLx7TsafXcJy/t1Gdv0R8DaT3WI2gSkQa001Xt1/tdmmpV7GOiewZPeidcQ8uF8SsJGXvG18GJweUkg8UWTNkWW4sHEXRvnRPCiOS1KFw62qw1zcF/r+WXSg/cA0fcxNx9LKSsUbcVpucuK0d1tYu/hDl9k7yJ4FTY0sWJAdhEKBMNKHaw2wC1qdB+0WRACXEbncaiRcMAJuXnC8gK9JC7lLXGsndTE9aTRtU96aFN+jC3i/vJAo4FGpwwP9X2nPKRoNmn+fTfUlET97LUBtRJ9ylTmVgYva1kimGg4g1/n259caXAsRu51OeCI42C1W6VO7wmrmVCNHFrSOovPRvGTlyz3aRX6JT63JK6cz65bueLWj x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH8PR11MB6803.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(376002)(396003)(366004)(136003)(346002)(186009)(451199024)(1800799009)(316002)(2906002)(86362001)(26005)(9686003)(6506007)(7696005)(33656002)(71200400001)(478600001)(83380400001)(82960400001)(38100700002)(55016003)(122000001)(38070700005)(41300700001)(53546011)(52536014)(8676002)(4326008)(8936002)(64756008)(66476007)(66446008)(66946007)(76116006)(66556008)(54906003)(5660300002)(110136005); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?gz/PCDbphX3dkaoJdH9gqrLF5YOs5UldFDQUR6sZ1fYQ3O9IZTBw1ZmCu8UW?= =?us-ascii?Q?8EoS7+dq8TiaLSc1a0KsThRbcOR41ul9BKL/Km9bSpvz+v8BomDVJltIt5Hz?= =?us-ascii?Q?U4zkFcEx2wn13+yDV6ooADIrLUT/9lUwh0PnUqabCd++s93OYPyJA3Oo6p+K?= =?us-ascii?Q?8CGz+wOiHFtN4iOmXyq5L8WhQWJaKM6MEJZsYNZMHn2MhmYQczggmCnkyNgL?= =?us-ascii?Q?2r326wBQLaINkyDER00+VzXtTjg5v+I2XXU1aqW3mNpWO+Xq4dB3POtv1Xw9?= =?us-ascii?Q?mZVBZM0uv+NUiHbHLdfnPwvZ5h8c8+XZuiIWntdhm+AVsVdgJs5Pqd+ZKojK?= =?us-ascii?Q?g4dkIU93uDWuoVUx8YlRHji9V1bOHpeIKBg4hjB7R/GD0dDpEJ+mUT+Mysb4?= =?us-ascii?Q?3FT5YW0pPa8xXSK6W/W4ur5qEln+UkIPOqI9BIAqtUD8/VZYBXmirCH26xuN?= =?us-ascii?Q?4cMGVFxfn1RZ6TPnOLBcc3+Ash8G85yxK8k9jUS90Llu5RSpBWLxc6FPs1Qu?= =?us-ascii?Q?HvFnw3FJkxUGG+9ChowxHBB0jYGRShIIvKMQrD1a0J1uurquM8tf4G4zTIqF?= =?us-ascii?Q?h8Y0CWC33XhWAajmPJ4jWOvXaLfful3/WKfZa/r0EaiPmmqC9bTkvViI+Kh+?= =?us-ascii?Q?RO6GeJGhEPg7dtR/YwfZfvjnf89VlfSVoKmMKd/VZabO3PbBwsR2ZeuvyI/X?= =?us-ascii?Q?ejd4Q88XfbFWdFfr358YhSRcO0fpqn1AWz30HOuCYYz43m+NB6tzeoaV10in?= =?us-ascii?Q?5zT4zlwmsyhlIwlWECTJyAY9/4MpqjL37EbjIWVBX+9ZCzZsFe45QLqeRQDu?= =?us-ascii?Q?SzjPAMCTi7S3H3YThgg4SdOSTw+fgJgMPGi4XdsE5D32YUppC1ViaBqCn3PJ?= =?us-ascii?Q?5e0c41vHQHD8/j/VV79+GCic0CtZM/IBp/IYItOyXp1k61ovmotIc/PJENnO?= =?us-ascii?Q?2e1L2czacYLDrWoGt7NHCo6eN/F949iG1KNc4m1RJvNffmcLnB8bC+BBYcYE?= =?us-ascii?Q?LLYHxUBI2gey7v3/8gVqUREfEWhUoAsj0QtknXkt5w0GECWpK5NKtZoGeFMx?= =?us-ascii?Q?7T8csB1FkX+NvCN86IBBcWTEpHNp4F/ZSOkvKKiz301LPhzDlKegJgx3nyNC?= =?us-ascii?Q?MBhXiMx66KHWIhKjLbno0o2Kp6A6aPepk9JOAcvHviRmaif5XCzlioQJQkv7?= =?us-ascii?Q?WNaQp06N/f5S95/JF8pHt1OzNNgbHEs0qXRseCzMAfDWbItQI4L3xEymI86d?= =?us-ascii?Q?eHRpPrN8YxUQVnh4Qvo/rSRRxpbpPxMH4FagsiYGQOAA+sFuW79H7LqiqopJ?= =?us-ascii?Q?t0GkEFk4KPT8kTqC0m8Xd7Su/l7LVLUJ2oRox5/ie9CRKIVtPZHBF+2p4wFS?= =?us-ascii?Q?FF/LcbCmXQUiAK9O1rV24c8dSCbqyn286MngJp30mO1DxbVdh6KpvHGsJxdJ?= =?us-ascii?Q?Vej4RMunBVEkSwhuSajhpqtZ2W7vEyyf6+bNHn1PI7BpxLb77U9S0997+m9k?= =?us-ascii?Q?bSNpkXzzqgVLjqBCnj84+51EUnJiDR4cVIykrw5Y52IS2qL8OOupdTZ0H0+7?= =?us-ascii?Q?jyMGomIbfF0MiZMq0IJF0PKElD/6HwI1TIeFgGSx?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH8PR11MB6803.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 941ccabf-ebf5-4c01-a999-08dbb9bb55c4 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Sep 2023 09:24:05.1943 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 29/PAK4g4T72Sb/gErNpLhJPki1BkBtvp21pr+LxLHwPO8ier78ViieYAgO67xtHLZBLqY9T7zqKaEGxITSyBCHBlV7S8pXgDuxXbU/V1mc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR11MB7582 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org > -----Original Message----- > From: Anoob Joseph > Sent: Friday, August 11, 2023 8:17 AM > To: Thomas Monjalon ; Akhil Goyal > ; Jerin Jacob ; Konstantin Ananye= v > > Cc: Hemant Agrawal ; dev@dpdk.org; Matz, > Olivier ; Vidya Sagar Velumuri > > Subject: [RFC PATCH 3/3] cryptodev: add details of datapath handling of T= LS > records >=20 > TLS/DTLS record processing requires content type to be provided per > packet (for record write operation). Extend usage of > rte_crypto_op.aux_flags for the same purpose. I understand the goal to extend the usage of the aux_flags, but I do not un= derstand what data/structs/values I should use to set or error-check the aux-flags h= ere. >=20 > Signed-off-by: Akhil Goyal > Signed-off-by: Anoob Joseph > Signed-off-by: Vidya Sagar Velumuri > --- > doc/guides/prog_guide/rte_security.rst | 10 ++++++++++ > lib/cryptodev/rte_crypto.h | 6 ++++++ > 2 files changed, 16 insertions(+) >=20 > diff --git a/doc/guides/prog_guide/rte_security.rst > b/doc/guides/prog_guide/rte_security.rst > index 7716d7239f..6cb69bc949 100644 > --- a/doc/guides/prog_guide/rte_security.rst > +++ b/doc/guides/prog_guide/rte_security.rst > @@ -451,6 +451,16 @@ Protocol. The TLS Record Protocol provides > connection security that has two basi > V V > TLSCiphertext TLSPlaintext >=20 > +TLS and DTLS header formation (in record write operation) would depend o= n > the > +type of content. It is a per packet variable and would need to be handle= d by > +the same session. Application may pass this info to a cryptodev performi= ng > +lookaside protocol offload by passing the same in ``rte_crypto_op.aux_fl= ags``. > + > +In record read operation, application is required to preserve any info i= t may > +need from the TLS/DTLS header (such as content type and sequence number) > as the > +cryptodev would remove the header and padding as part of the lookaside > protocol > +processing. > + > Supported Versions > ^^^^^^^^^^^^^^^^^^ >=20 > diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h > index 9b8d0331a4..7c12a2b705 100644 > --- a/lib/cryptodev/rte_crypto.h > +++ b/lib/cryptodev/rte_crypto.h > @@ -101,6 +101,12 @@ struct rte_crypto_op { > /**< Operation specific auxiliary/additional flags. > * These flags carry additional information from the > * operation. Processing of the same is optional. It says "processing is optional" here, but in TLS/DTLS, it is proposed that= the soft-error and hard-errors are returned to the user through this struct? That is not optional, and failing to check that is a failure mode which can= result in IV-reuse, and hence decryption of payload by a malicious actor? I see this part of the API as being critical to correct usage, and it does = not seem well defined or clear to me at this point. If I am mis-understanding, pleas= e clarify, as likely other developers will likely mis-understand too. Example code sni= ppets of good hardened error-handling for soft-error and hard-error would help. > + * With TLS record offload > (RTE_SECURITY_PROTOCOL_TLS_RECORD), > + * application would be required to provide the message > + * type of the input provided. The 'aux_flags' field > + * can be used for passing the same. Message types are > + * listed as RTE_TLS_TYPE_* and RTE_DTLS_TYPE_*. > */ Same comment as above the "aux_fields can be used" string does not explain = to the user *how* to use the field correctly. Examples (in rte_security.rst?) would hel= p. > uint8_t reserved[2]; > /**< Reserved bytes to fill 64 bits for > -- > 2.25.1