From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8104E425EC; Wed, 20 Sep 2023 11:23:04 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id EACA040DF6; Wed, 20 Sep 2023 11:23:03 +0200 (CEST) Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by mails.dpdk.org (Postfix) with ESMTP id 292D84027B for ; Wed, 20 Sep 2023 11:23:01 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1695201782; x=1726737782; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=0JRNk8FCXzGfU4ZFzxuSdhKmrAM37roncf82wL2gWXM=; b=S7MPFFfwET9ZIpVKiH7AQBvLq9My6YgPq5IwLdWyH7BBU2+n6iw4tf0a 92swbioJSnSr2RL9O1mdZCiK/jnJey2Nz8+zUPFKq3vI9bdNnAkRxTC5O wDRgbytMIbYa4dKix1ivgN7xd3KHA1DQ9CkCv4X5zbdZLWWKKOvMSyKKn C/Do8BEhLVuygpGp4AzsnogbO8eSPmpubM5CkcvxcYxgcT5nuWwkJsWYj P+t5RC/POFRtEA3/27bmVcODJlR433tLceiHd64qtVfgJWMQ7R30Cx5yd IN/mA8iOvxmZ7T62d7IaIAwwMQSCmyunpRZwNpk3xX4cCQ47UUYG6BmI/ A==; X-IronPort-AV: E=McAfee;i="6600,9927,10838"; a="411113628" X-IronPort-AV: E=Sophos;i="6.02,161,1688454000"; d="scan'208";a="411113628" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Sep 2023 02:23:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10838"; a="723197542" X-IronPort-AV: E=Sophos;i="6.02,161,1688454000"; d="scan'208";a="723197542" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga006.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 20 Sep 2023 02:22:59 -0700 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Wed, 20 Sep 2023 02:22:57 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Wed, 20 Sep 2023 02:22:56 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32 via Frontend Transport; Wed, 20 Sep 2023 02:22:56 -0700 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (104.47.56.43) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.32; Wed, 20 Sep 2023 02:22:54 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H2CSAbIXA8fnV2h8V26IRhSpKgXxlo+47l1q0oiH+gM9p/CVuCihTx3/2+EPNqEUUYehLvBuskdYhO+xWY5+rfTvpMRzf+Z8M+of6LRx2jwnf9hl/h4bSNv2t7B5Pko5+9vLx6PNsMign0QMV113tFP8PdRxkWtKe9Bn785Aohx6gJQazn2ai8FzVB/wqjpir+5WxRuB9EogfGKo3fd+hWXuTNE51jFGi8WvEQ9Lda4ZTNlP0X0czqyczou9411XE0Z+cJjZc2hx2Za1BlmC2kefJXBRrvNbfI5gdMTd17smyHYUQXoACE7X15j1OaYkQhPfbns/72hwjm4LiDFxaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eyuoWl9/58plQwBAO0ovDWwApqr5KIcY95GcexA8D9Y=; b=Y8Gq+nE6pTWxAFqePCntxnlpIWl0+oPGg9TIHzogei7JO2w6VROyzDCB4aYmPqRa6Vhf0FnC6lU553LIXt4OVwq15s/Iael6fnvu88mBZTswrYSK3JBJpmNcaYq0nZrGbE3G9CY6crCRp23NoMByAgEyYlu2phaLukmah5MLXRN5Q48AjPIdAvOOaHUyHXYjBgtjxuIhgy6Y8KMZx/0UsXhaSQZw7xm5J0PyaV5+jNwuM3+3IPBWvLRLhp3fAMB2jDlvbIL8kfZKWbP5w4cEeWnRYtdXzngG0LnATjM5zPUT7Ssrxfy817JnRH5kMMb59+eeVVJuVDWiqhWyvA4SEQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH8PR11MB6803.namprd11.prod.outlook.com (2603:10b6:510:1cb::12) by SA3PR11MB7582.namprd11.prod.outlook.com (2603:10b6:806:31e::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.20; Wed, 20 Sep 2023 09:22:52 +0000 Received: from PH8PR11MB6803.namprd11.prod.outlook.com ([fe80::7602:b1b7:3114:c3da]) by PH8PR11MB6803.namprd11.prod.outlook.com ([fe80::7602:b1b7:3114:c3da%3]) with mapi id 15.20.6768.029; Wed, 20 Sep 2023 09:22:52 +0000 From: "Van Haaren, Harry" To: Anoob Joseph , Thomas Monjalon , Akhil Goyal , Jerin Jacob , Konstantin Ananyev CC: Hemant Agrawal , "dev@dpdk.org" , "Matz, Olivier" , Vidya Sagar Velumuri Subject: RE: [RFC PATCH 0/3] add TLS record processing security offload Thread-Topic: [RFC PATCH 0/3] add TLS record processing security offload Thread-Index: AQHZzCP5wxFS1sKrXUmjbQRVIx12+bAjlJog Date: Wed, 20 Sep 2023 09:22:51 +0000 Message-ID: References: <20230811071712.240-1-anoobj@marvell.com> In-Reply-To: <20230811071712.240-1-anoobj@marvell.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH8PR11MB6803:EE_|SA3PR11MB7582:EE_ x-ms-office365-filtering-correlation-id: 6fa20c16-0b26-416d-41f8-08dbb9bb2a1d x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 9dAr9Pua9wCqv8rIHMoYZntHix2k4VkStojz9WpJVu6u78adOVAQWW4FENQ+uCNcxVX2Nv8pjK9Q9rpAlTHayirpYby2h7nPZ+8s5fiju5xu0j6MuB115K0jI0BI6MyPGe3qoxKx0XzQ9AzmAW3Y0496n5CHYIX4Evm27dD30+/Ij+HViv/FFIZNDbRyPyX9XM/Iwp/A0mcDlr2snmqA3WtqVlR3DOVIFXU1N3CVD9Rj4wSXCVXFJ9kzAzTCjiTmDM8jr/MpfMp6D+fM33zsjUPhKtAB9lyqwdOCN+lZVpfjRx94l0tx26oZHRUzlFMaaUkYUESSqSIAnQ9Qtu6A3WWzQalVp2uDL7caEwG+4iDu69aPg3zA4T1eMJjcRID+QF6ZdxOBy2PrYJtuWgz5+Vb45R/wNyjs/23sIjvveekhUFI8im7apYm6IREr27q9HydmMkiH5RU398wFq8OTl6wwLBGPCF6mLUH37ajMKC3iGU2PswLHyL26wPfJoyiNSHmfWZQTFomt2Htcr4d1VuDwAUGCrSwm65dxO6WAo2TXqSXtjofv1R+21hS7u0WgLpZFfNoXjKhTSybRsx5x4/l2O9Ac42vtge4WKwG/InGGy7+FoluybmR4z83Oi6R4 x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH8PR11MB6803.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(376002)(396003)(366004)(136003)(346002)(186009)(451199024)(1800799009)(316002)(66899024)(2906002)(86362001)(26005)(9686003)(6506007)(7696005)(33656002)(71200400001)(478600001)(83380400001)(82960400001)(38100700002)(55016003)(122000001)(38070700005)(41300700001)(53546011)(52536014)(8676002)(4326008)(8936002)(64756008)(66476007)(66446008)(66946007)(76116006)(66556008)(15650500001)(54906003)(5660300002)(110136005); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?WudLjlGgpu0+x9UXsNQUGQ+vF/V7BVLI4xAb5JkVag2V3jW6T5QG5QQO8dJ1?= =?us-ascii?Q?5QzftIas7nXTchQFStkiucmFdhS5DHmIw5E/kCcYlHUqIjH8y1H4rtNJ1suy?= =?us-ascii?Q?SCFFwfg4FR/lvyfrcEmcUMxFwIJSsMAST3nJCjPK3a6OfeK+BQYmBgZ83fQC?= =?us-ascii?Q?AHnw/H5o5yhgimj+LO5Kz0cPvitAfEwNPLhe532vAMMItDlOPWe5ujsqD3Jb?= =?us-ascii?Q?fIifb+bKdeiJSPK1N4Gqih9LmWTeZS/zxntF1x2UYA6JFYTDK6Tahf6xLclP?= =?us-ascii?Q?GXeA74i5L/B3s2kYAT9hyxNye+gU9wrleiC22nij5hvphfjvT70Yjy2ftGI1?= =?us-ascii?Q?OEw/2X0zkEDdiFKLMQ13KQD9H6o6gxFti2mj2piKEPktitOhEu/nvQx5Bysu?= =?us-ascii?Q?gEGiT3Kz2aypPQMqxUUKel9w+aEabDRciewXP3nLDrA2z1vla1vZU1pHVq7l?= =?us-ascii?Q?9q5//DH3ZcvteOYAZdUiQILbIFhMcvSVp5RJ1FS5vXJLncpKTFNTboaQZ1RP?= =?us-ascii?Q?NBbnbiVxrib6Jxpsyf7+6Cr/RvugCiIkgYzL+UNxeI8PzpqrwPSIaxPNfAd2?= =?us-ascii?Q?64EiwK01fhJJmlOi1dGKCX8u/wPqYH+POhc0L+m7sp9OuhnmW2e2w1DDDdnj?= =?us-ascii?Q?DpqN3b0E9kFfT/D/UWXt0+6GT1iRzZdgQiJ39bsZH/WTCuHYSPiE+ky9+oK7?= =?us-ascii?Q?VRBKRSOgntUAkzcASHN4uTnXbEhZZTBhN4ENzQeX5IPFMq9873YvqsJq4KFX?= =?us-ascii?Q?XMdcjhZe38bML8+87CmZ8vyxLRKJi1lmlk9POLjiDXzWpkpbimSCTq5sk33I?= =?us-ascii?Q?0Sa6hm4tZGv+75+v8KTHd0iRzyYZ3/+Iw30EN/uhjgr39YNyUTKlbFlxLNoL?= =?us-ascii?Q?CsusISXuyZhQ7bZwdRIU1ZwIeop6Nk+lyl0oIg7yew/SpGui9wa4KkGRve5A?= =?us-ascii?Q?9EGGnSsLnseFvY00xHfQBtBup5CfXGzOnjM702qK1phYzIWSwqE4uUhngbwW?= =?us-ascii?Q?dWPwF7Jf77kL6hRpw7E/b18ypk7+/2J8xWsol33dvXo+OdM2YNcV991Elv7N?= =?us-ascii?Q?bKQ/XUK+VZB9RNWpKxyQDkXIgVhi3fqzDm9LoI/Wrl5mL+Zcqo9QjRONnCX/?= =?us-ascii?Q?xOkRio7uzr2dYm3mXZ+S7Gp14iZrjPrehj7j0EW3IzEHRH9PRdHHOBW32SWu?= =?us-ascii?Q?wZTEiwto+o2L8AG2QjQXZrhuG4ZeqoGzfJS1m6tpexbnHGRDphoIZ6SL/JWf?= =?us-ascii?Q?wNHD6rtP1G6E6HKWpuuVWM0fJ5cFFDMg2O+hWxMSGgGQEvySXcdA2mnMhHty?= =?us-ascii?Q?y13P+NkzVMzg7pcieM3owtdJWfDHeIauED07Or6e/h//Gn5lkFtyJOYNvlwg?= =?us-ascii?Q?vAdqEGWEMTaP17FsY94Hx8c54KmfVvi0y37RSQcbO/ut40zR+q+qaIVIxspW?= =?us-ascii?Q?58M0ShyENadYvxwtduuo0wED2SDfsGcYZe+dZSkCoXPX6m3fFhqrRoH9NSN5?= =?us-ascii?Q?FOD/ddS69o3GVgHBZzx3QNyPFdzRZxNZIx7NbWVigrUXV6RpGmEbjn0hbVgv?= =?us-ascii?Q?U+jbRy2FdcXOQYnqkSdTxBUCYPhkbeIYoOeVrKcV?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH8PR11MB6803.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6fa20c16-0b26-416d-41f8-08dbb9bb2a1d X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Sep 2023 09:22:51.9377 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: K//YPebC2QyS/TmIBwkexHIhM8UyqdzVthfK+qJmMw02bXisuTnwjsesu12FEQ4eekzMbrdlnvPwbxpP2jmoex7NwusMbffWVsQ99KxloAM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR11MB7582 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org > -----Original Message----- > From: Anoob Joseph > Sent: Friday, August 11, 2023 8:17 AM > To: Thomas Monjalon ; Akhil Goyal > ; Jerin Jacob ; Konstantin Ananye= v > > Cc: Hemant Agrawal ; dev@dpdk.org; Matz, > Olivier ; Vidya Sagar Velumuri > > Subject: [RFC PATCH 0/3] add TLS record processing security offload >=20 > Add Transport Layer Security (TLS) and Datagram Transport Layer Security > (DTLS). The protocols provide communications privacy for L4 protocols > such as TCP & UDP. >=20 > TLS (and DTLS) protocol is composed of two layers, > 1. TLS Record Protocol > 2. TLS Handshake Protocol >=20 > While TLS Handshake Protocol helps in establishing security parameters > by which client and server can communicate, TLS Record Protocol provides > the connection security. TLS Record Protocol leverages symmetric > cryptographic operations such as data encryption and authentication for > providing security to the communications. >=20 > Cryptodevs that are capable of offloading TLS Record Protocol may > perform other operations like IV generation, header insertion, atomic > sequence number updates and anti-replay window check in addition to > cryptographic transformations. >=20 > In record write operations, message content type is a per packet field > which is used in constructing the TLS header. One session is expected > to handle all types of content types and so, 'rte_crypto_op.aux_flags' > is used for passing the same. > > The support is added for TLS 1.2, TLS 1.3 and DTLS 1.2. >=20 > Akhil Goyal (1): > net: add headers for TLS/DTLS packets >=20 > Anoob Joseph (2): > security: add TLS record processing > cryptodev: add details of datapath handling of TLS records Hi Folks, I've reviewed these 3 patches, generally fine, with two main opens; 1) The part that I do not fully understand how it is defined is the 'rte_crypto_op.aux_flags' field usage, and what values to read/write there. 2) Error handling (again with aux_flags) is not well defined, and is critic= al to correct (high-bw/high-packet-count) usage. I do not understand how to do correct error handling today with aux_flags, so more docs/examples requi= red. Some detail-level comments inline in the patch files. Regards -Harry