From: Anoob Joseph <anoobj@marvell.com>
To: Thomas Monjalon <thomas@monjalon.net>,
Akhil Goyal <gakhil@marvell.com>,
Jerin Jacob <jerinj@marvell.com>,
Konstantin Ananyev <konstantin.v.ananyev@yandex.ru>
Cc: Hemant Agrawal <hemant.agrawal@nxp.com>, <dev@dpdk.org>,
Olivier Matz <olivier.matz@6wind.com>,
Vidya Sagar Velumuri <vvelumuri@marvell.com>
Subject: [RFC PATCH 3/3] cryptodev: add details of datapath handling of TLS records
Date: Fri, 11 Aug 2023 12:47:12 +0530 [thread overview]
Message-ID: <20230811071712.240-4-anoobj@marvell.com> (raw)
In-Reply-To: <20230811071712.240-1-anoobj@marvell.com>
TLS/DTLS record processing requires content type to be provided per
packet (for record write operation). Extend usage of
rte_crypto_op.aux_flags for the same purpose.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
doc/guides/prog_guide/rte_security.rst | 10 ++++++++++
lib/cryptodev/rte_crypto.h | 6 ++++++
2 files changed, 16 insertions(+)
diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst
index 7716d7239f..6cb69bc949 100644
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -451,6 +451,16 @@ Protocol. The TLS Record Protocol provides connection security that has two basi
V V
TLSCiphertext TLSPlaintext
+TLS and DTLS header formation (in record write operation) would depend on the
+type of content. It is a per packet variable and would need to be handled by
+the same session. Application may pass this info to a cryptodev performing
+lookaside protocol offload by passing the same in ``rte_crypto_op.aux_flags``.
+
+In record read operation, application is required to preserve any info it may
+need from the TLS/DTLS header (such as content type and sequence number) as the
+cryptodev would remove the header and padding as part of the lookaside protocol
+processing.
+
Supported Versions
^^^^^^^^^^^^^^^^^^
diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index 9b8d0331a4..7c12a2b705 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -101,6 +101,12 @@ struct rte_crypto_op {
/**< Operation specific auxiliary/additional flags.
* These flags carry additional information from the
* operation. Processing of the same is optional.
+ *
+ * With TLS record offload (RTE_SECURITY_PROTOCOL_TLS_RECORD),
+ * application would be required to provide the message
+ * type of the input provided. The 'aux_flags' field
+ * can be used for passing the same. Message types are
+ * listed as RTE_TLS_TYPE_* and RTE_DTLS_TYPE_*.
*/
uint8_t reserved[2];
/**< Reserved bytes to fill 64 bits for
--
2.25.1
next prev parent reply other threads:[~2023-08-11 7:18 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-11 7:17 [RFC PATCH 0/3] add TLS record processing security offload Anoob Joseph
2023-08-11 7:17 ` [RFC PATCH 1/3] net: add headers for TLS/DTLS packets Anoob Joseph
2023-09-20 9:22 ` Van Haaren, Harry
2023-08-11 7:17 ` [RFC PATCH 2/3] security: add TLS record processing Anoob Joseph
2023-09-20 9:23 ` Van Haaren, Harry
2023-09-20 11:51 ` Anoob Joseph
2023-09-21 8:38 ` Van Haaren, Harry
2023-09-21 10:55 ` Anoob Joseph
2023-09-21 11:01 ` Van Haaren, Harry
2023-08-11 7:17 ` Anoob Joseph [this message]
2023-09-20 9:24 ` [RFC PATCH 3/3] cryptodev: add details of datapath handling of TLS records Van Haaren, Harry
2023-09-20 9:22 ` [RFC PATCH 0/3] add TLS record processing security offload Van Haaren, Harry
2023-10-03 10:48 ` [PATCH v2 0/5] " Anoob Joseph
2023-10-03 10:48 ` [PATCH v2 1/5] net: add headers for TLS/DTLS packets Anoob Joseph
2023-10-03 10:48 ` [PATCH v2 2/5] security: add TLS record processing Anoob Joseph
2023-10-03 10:48 ` [PATCH v2 3/5] security: support extra padding with TLS Anoob Joseph
2023-10-03 10:48 ` [PATCH v2 4/5] security: support TLS record lifetime notification Anoob Joseph
2023-10-03 10:48 ` [PATCH v2 5/5] cryptodev: add details of datapath handling of TLS records Anoob Joseph
2023-10-04 10:51 ` [PATCH v2 0/5] add TLS record processing security offload Akhil Goyal
2023-10-04 15:44 ` Van Haaren, Harry
2023-10-09 20:08 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230811071712.240-4-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=konstantin.v.ananyev@yandex.ru \
--cc=olivier.matz@6wind.com \
--cc=thomas@monjalon.net \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).