[PATCH v2 5/5] cryptodev: add details of datapath handling of TLS records

[Anoob Joseph <anoobj@marvell.com>]

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

TLS/DTLS record processing requires content type to be provided per
packet (for record write operation). Extend usage of reserved fields in
rte_crypto_op for the same purpose.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 doc/guides/prog_guide/rte_security.rst | 12 ++++++++++++
 doc/guides/rel_notes/release_23_11.rst |  6 ++++++
 lib/cryptodev/rte_crypto.h             | 25 ++++++++++++++++++++++++-
 3 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst
index f90dee5df0..7a25a7e649 100644
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -453,6 +453,18 @@ Protocol. The TLS Record Protocol provides connection security that has two basi
                   V                              V
             TLSCiphertext                  TLSPlaintext
 
+TLS and DTLS header formation (in record write operation) would depend on
+type of content. It is a per packet variable and would need to be handled by
+the same session. Application may pass this info to a cryptodev performing
+lookaside protocol offload by passing the same in ``rte_crypto_op.param1``.
+
+In record read operation, application is required to preserve any info it may
+need from the TLS/DTLS header (such as content type and sequence number) as the
+cryptodev would remove the header and padding as part of the lookaside protocol
+processing. With TLS 1.3, the actual content type is part of the trailer (before
+padding) and would be stripped by the PMD. For applications that may need this
+info, PMD would return the value in ``rte_crypto_op.param1`` field.
+
 Supported Versions
 ^^^^^^^^^^^^^^^^^^
 
diff --git a/doc/guides/rel_notes/release_23_11.rst b/doc/guides/rel_notes/release_23_11.rst
index 250735efa9..663d1e9cf9 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -83,6 +83,12 @@ New Features
   Similar to out of place processing support for lookaside security session, added
   the same support for inline ingress security session.
 
+* **Added support for TLS and DTLS record in rte_security.**
+
+  Added TLS and DTLS record transform for rte_security session and added
+  enhancements to ``rte_crypto_op`` fields to handle all datapath requirements
+  of TLS and DTLS. The support is added for TLS 1.2, TLS 1.3 and DTLS 1.2.
+
 * **Updated ipsec_mb crypto driver.**
 
   Added support for digest encrypted to AESNI_MB asynchronous crypto driver.
diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index 9fe3e3d529..34aacd9312 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -123,7 +123,30 @@ struct rte_crypto_op {
 			 *
 			 * @see struct rte_security_tls_record_sess_options
 			 */
-			uint8_t reserved[2];
+			union {
+				struct {
+					uint8_t content_type;
+					/**< Content type. The field can act both as input
+					 * and output.
+					 *
+					 * As input, for passing message type in case of record
+					 * write (encrypt) operation. Applicable for,
+					 * 1. TLS 1.2
+					 * 2. TLS 1.3
+					 * 3. DTLS 1.2
+					 *
+					 * As output, for returning message type in case of record
+					 * read (decrypt) operation. Applicable for,
+					 * 1. TLS 1.3
+					 *
+					 * Message types are listed as RTE_TLS_TYPE_* and
+					 * RTE_DTLS_TYPE_*.
+					 */
+				} tls_record;
+				/**< TLS record */
+			} param1;
+			/**< Additional per operation parameter 1. */
+			uint8_t reserved[1];
 			/**< Reserved bytes to fill 64 bits for
 			 * future additions
 			 */
-- 
2.25.1