From: Anoob Joseph <anoobj@marvell.com>
To: Thomas Monjalon <thomas@monjalon.net>,
Akhil Goyal <gakhil@marvell.com>,
Jerin Jacob <jerinj@marvell.com>,
Harry van Haaren <harry.van.haaren@intel.com>
Cc: Konstantin Ananyev <konstantin.v.ananyev@yandex.ru>,
Hemant Agrawal <hemant.agrawal@nxp.com>, <dev@dpdk.org>,
Olivier Matz <olivier.matz@6wind.com>,
Vidya Sagar Velumuri <vvelumuri@marvell.com>
Subject: [PATCH v2 3/5] security: support extra padding with TLS
Date: Tue, 3 Oct 2023 16:18:52 +0530 [thread overview]
Message-ID: <20231003104854.1381-4-anoobj@marvell.com> (raw)
In-Reply-To: <20231003104854.1381-1-anoobj@marvell.com>
In TLS record write protocol (encrypt), application may request for
extra padding in addition to the default padding which ensures that
crypto payload is aligned to block size. This is required to hide
the size of the traffic from an observer.
Extend the usage of ``rte_crypto_op.aux_flags`` to allow users to
provide extra padding in units of 8B. It is an optional feature and any
device that supports the same can declare so by making use of
corresponding capability.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
lib/cryptodev/rte_crypto.h | 14 +++++++++++++-
lib/security/rte_security.h | 16 ++++++++++++++++
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index 9b8d0331a4..7b8f2bdc6d 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -99,8 +99,20 @@ struct rte_crypto_op {
/**< operation session type */
uint8_t aux_flags;
/**< Operation specific auxiliary/additional flags.
- * These flags carry additional information from the
+ * These flags carry additional information from/to the
* operation. Processing of the same is optional.
+ *
+ * The flags are defined as RTE_CRYPTO_OP_AUX_FLAGS_* and would be set by
+ * PMD for application consumption when the status is
+ * RTE_CRYPTO_OP_STATUS_SUCCESS. In case of errors, the value of this
+ * field is undefined.
+ *
+ * With TLS record offload (RTE_SECURITY_PROTOCOL_TLS_RECORD),
+ * application may provide the extra padding required for the plaintext
+ * provided. This field can be used for passing the same in units of 8B. The
+ * value would be set by application for PMD consumption.
+ *
+ * @see struct rte_security_tls_record_sess_options
*/
uint8_t reserved[2];
/**< Reserved bytes to fill 64 bits for
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 54c32c1147..89e61e10ad 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -636,6 +636,22 @@ struct rte_security_tls_record_sess_options {
* and application is not required to provide IV.
*/
uint32_t iv_gen_disable : 1;
+ /** Enable extra padding
+ *
+ * TLS allows user to pad the plain text to hide the actual size of the record. This is
+ * required to achieve traffic flow confidentiality in case of TLS/DTLS flows. This padding
+ * is in addition to the default padding performed by PMD (which ensures ciphertext is
+ * aligned to block size).
+ *
+ * On supported devices, application may pass the required additional padding via
+ * ``rte_crypto_op.aux_flags`` field.
+ *
+ * 1 : Enable extra padding of the plain text provided. The extra padding value would be
+ * read from ``rte_crypto_op.aux_flags``.
+ *
+ * 0 : Disable extra padding
+ */
+ uint32_t extra_padding_enable : 1;
};
/**
--
2.25.1
next prev parent reply other threads:[~2023-10-03 10:49 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-11 7:17 [RFC PATCH 0/3] add TLS record processing security offload Anoob Joseph
2023-08-11 7:17 ` [RFC PATCH 1/3] net: add headers for TLS/DTLS packets Anoob Joseph
2023-09-20 9:22 ` Van Haaren, Harry
2023-08-11 7:17 ` [RFC PATCH 2/3] security: add TLS record processing Anoob Joseph
2023-09-20 9:23 ` Van Haaren, Harry
2023-09-20 11:51 ` Anoob Joseph
2023-09-21 8:38 ` Van Haaren, Harry
2023-09-21 10:55 ` Anoob Joseph
2023-09-21 11:01 ` Van Haaren, Harry
2023-08-11 7:17 ` [RFC PATCH 3/3] cryptodev: add details of datapath handling of TLS records Anoob Joseph
2023-09-20 9:24 ` Van Haaren, Harry
2023-09-20 9:22 ` [RFC PATCH 0/3] add TLS record processing security offload Van Haaren, Harry
2023-10-03 10:48 ` [PATCH v2 0/5] " Anoob Joseph
2023-10-03 10:48 ` [PATCH v2 1/5] net: add headers for TLS/DTLS packets Anoob Joseph
2023-10-03 10:48 ` [PATCH v2 2/5] security: add TLS record processing Anoob Joseph
2023-10-03 10:48 ` Anoob Joseph [this message]
2023-10-03 10:48 ` [PATCH v2 4/5] security: support TLS record lifetime notification Anoob Joseph
2023-10-03 10:48 ` [PATCH v2 5/5] cryptodev: add details of datapath handling of TLS records Anoob Joseph
2023-10-04 10:51 ` [PATCH v2 0/5] add TLS record processing security offload Akhil Goyal
2023-10-04 15:44 ` Van Haaren, Harry
2023-10-09 20:08 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231003104854.1381-4-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=harry.van.haaren@intel.com \
--cc=hemant.agrawal@nxp.com \
--cc=jerinj@marvell.com \
--cc=konstantin.v.ananyev@yandex.ru \
--cc=olivier.matz@6wind.com \
--cc=thomas@monjalon.net \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).