DPDK patches and discussions
 help / color / mirror / Atom feed
From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>
Cc: Vidya Sagar Velumuri <vvelumuri@marvell.com>,
	Jerin Jacob <jerinj@marvell.com>,
	Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org>
Subject: [PATCH 20/24] crypto/cnxk: validate the combinations supported in TLS
Date: Thu, 21 Dec 2023 18:05:41 +0530	[thread overview]
Message-ID: <20231221123545.510-21-anoobj@marvell.com> (raw)
In-Reply-To: <20231221123545.510-1-anoobj@marvell.com>

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Validate the cipher and auth combination to allow only the
ones supported by hardware.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 drivers/crypto/cnxk/cn10k_tls.c | 35 ++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c
index e1ed65b06a..fa3ce3e758 100644
--- a/drivers/crypto/cnxk/cn10k_tls.c
+++ b/drivers/crypto/cnxk/cn10k_tls.c
@@ -17,6 +17,36 @@
 #include "cnxk_cryptodev_ops.h"
 #include "cnxk_security.h"
 
+static int
+tls_xform_cipher_auth_verify(struct rte_crypto_sym_xform *cipher_xform,
+			     struct rte_crypto_sym_xform *auth_xform)
+{
+	enum rte_crypto_cipher_algorithm c_algo = cipher_xform->cipher.algo;
+	enum rte_crypto_auth_algorithm a_algo = auth_xform->auth.algo;
+	int ret = -ENOTSUP;
+
+	switch (c_algo) {
+	case RTE_CRYPTO_CIPHER_NULL:
+		if ((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) || (a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) ||
+		    (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC))
+			ret = 0;
+		break;
+	case RTE_CRYPTO_CIPHER_3DES_CBC:
+		if (a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC)
+			ret = 0;
+		break;
+	case RTE_CRYPTO_CIPHER_AES_CBC:
+		if ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) ||
+		    (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC))
+			ret = 0;
+		break;
+	default:
+		break;
+	}
+
+	return ret;
+}
+
 static int
 tls_xform_cipher_verify(struct rte_crypto_sym_xform *crypto_xform)
 {
@@ -138,7 +168,10 @@ cnxk_tls_xform_verify(struct rte_security_tls_record_xform *tls_xform,
 		ret = tls_xform_cipher_verify(cipher_xform);
 
 	if (!ret)
-		return tls_xform_auth_verify(auth_xform);
+		ret = tls_xform_auth_verify(auth_xform);
+
+	if (cipher_xform && !ret)
+		return tls_xform_cipher_auth_verify(cipher_xform, auth_xform);
 
 	return ret;
 }
-- 
2.25.1


  parent reply	other threads:[~2023-12-21 12:38 UTC|newest]

Thread overview: 78+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-21 12:35 [PATCH 00/24] Fixes and improvements in crypto cnxk Anoob Joseph
2023-12-21 12:35 ` [PATCH 01/24] common/cnxk: fix memory leak Anoob Joseph
2023-12-21 12:35 ` [PATCH 02/24] crypto/cnxk: use common macro Anoob Joseph
2023-12-21 12:35 ` [PATCH 03/24] crypto/cnxk: fallback to SG if headroom is not available Anoob Joseph
2023-12-21 12:35 ` [PATCH 04/24] crypto/cnxk: return microcode completion code Anoob Joseph
2023-12-21 12:35 ` [PATCH 05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k Anoob Joseph
2023-12-21 12:35 ` [PATCH 06/24] crypto/cnxk: enable digest gen for zero len input Anoob Joseph
2023-12-21 12:35 ` [PATCH 07/24] crypto/cnxk: enable Rx inject in security lookaside Anoob Joseph
2023-12-21 12:35 ` [PATCH 08/24] common/cnxk: add Rx inject configs Anoob Joseph
2023-12-21 12:35 ` [PATCH 09/24] crypto/cnxk: Rx inject config update Anoob Joseph
2023-12-21 12:35 ` [PATCH 10/24] crypto/cnxk: enable Rx inject for 103 Anoob Joseph
2023-12-21 12:35 ` [PATCH 11/24] crypto/cnxk: rename security caps as IPsec security caps Anoob Joseph
2023-12-21 12:35 ` [PATCH 12/24] common/cnxk: update opad-ipad gen to handle TLS Anoob Joseph
2023-12-21 12:35 ` [PATCH 13/24] common/cnxk: add TLS record contexts Anoob Joseph
2023-12-21 12:35 ` [PATCH 14/24] crypto/cnxk: separate IPsec from security common code Anoob Joseph
2023-12-21 12:35 ` [PATCH 15/24] crypto/cnxk: add TLS record session ops Anoob Joseph
2023-12-21 12:35 ` [PATCH 16/24] crypto/cnxk: add TLS record datapath handling Anoob Joseph
2023-12-21 12:35 ` [PATCH 17/24] crypto/cnxk: add TLS capability Anoob Joseph
2023-12-21 12:35 ` [PATCH 18/24] crypto/cnxk: add PMD APIs for raw submission to CPT Anoob Joseph
2023-12-21 12:35 ` [PATCH 19/24] crypto/cnxk: replace PDCP with PDCP chain opcode Anoob Joseph
2023-12-21 12:35 ` Anoob Joseph [this message]
2023-12-21 12:35 ` [PATCH 21/24] crypto/cnxk: use a single function for opad ipad Anoob Joseph
2023-12-21 12:35 ` [PATCH 22/24] crypto/cnxk: add support for TLS 1.3 Anoob Joseph
2023-12-21 12:35 ` [PATCH 23/24] crypto/cnxk: add TLS 1.3 capability Anoob Joseph
2023-12-21 12:35 ` [PATCH 24/24] crypto/cnxk: add CPT SG mode debug Anoob Joseph
2024-01-02  4:53 ` [PATCH v2 00/24] Fixes and improvements in crypto cnxk Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 01/24] common/cnxk: fix memory leak Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 02/24] crypto/cnxk: use common macro Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 03/24] crypto/cnxk: fallback to SG if headroom is not available Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 04/24] crypto/cnxk: return microcode completion code Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 06/24] crypto/cnxk: enable digest gen for zero len input Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 07/24] crypto/cnxk: enable Rx inject in security lookaside Anoob Joseph
2024-01-16  8:07     ` Akhil Goyal
2024-01-02  4:54   ` [PATCH v2 08/24] common/cnxk: add Rx inject configs Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 09/24] crypto/cnxk: Rx inject config update Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 10/24] crypto/cnxk: enable Rx inject for 103 Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 11/24] crypto/cnxk: rename security caps as IPsec security caps Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 12/24] common/cnxk: update opad-ipad gen to handle TLS Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 13/24] common/cnxk: add TLS record contexts Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 14/24] crypto/cnxk: separate IPsec from security common code Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 15/24] crypto/cnxk: add TLS record session ops Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 16/24] crypto/cnxk: add TLS record datapath handling Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 17/24] crypto/cnxk: add TLS capability Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 18/24] crypto/cnxk: add PMD APIs for raw submission to CPT Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 19/24] crypto/cnxk: replace PDCP with PDCP chain opcode Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 20/24] crypto/cnxk: validate the combinations supported in TLS Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 21/24] crypto/cnxk: use a single function for opad ipad Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 22/24] crypto/cnxk: add support for TLS 1.3 Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 23/24] crypto/cnxk: add TLS 1.3 capability Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 24/24] crypto/cnxk: add CPT SG mode debug Anoob Joseph
2024-01-16  8:43   ` [PATCH v2 00/24] Fixes and improvements in crypto cnxk Akhil Goyal
2024-01-17 10:30   ` [PATCH v3 " Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 01/24] common/cnxk: fix memory leak Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 02/24] crypto/cnxk: use common macro Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 03/24] crypto/cnxk: fallback to SG if headroom is not available Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 04/24] crypto/cnxk: return microcode completion code Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 06/24] crypto/cnxk: enable digest gen for zero len input Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 07/24] crypto/cnxk: enable Rx inject in security lookaside Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 08/24] common/cnxk: add Rx inject configs Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 09/24] crypto/cnxk: Rx inject config update Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 10/24] crypto/cnxk: enable Rx inject for 103 Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 11/24] crypto/cnxk: rename security caps as IPsec security caps Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 12/24] common/cnxk: update opad-ipad gen to handle TLS Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 13/24] common/cnxk: add TLS record contexts Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 14/24] crypto/cnxk: separate IPsec from security common code Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 15/24] crypto/cnxk: add TLS record session ops Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 16/24] crypto/cnxk: add TLS record datapath handling Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 17/24] crypto/cnxk: add TLS capability Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 18/24] crypto/cnxk: add PMD APIs for raw submission to CPT Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 19/24] crypto/cnxk: replace PDCP with PDCP chain opcode Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 20/24] crypto/cnxk: validate the combinations supported in TLS Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 21/24] crypto/cnxk: use a single function for opad ipad Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 22/24] crypto/cnxk: add support for TLS 1.3 Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 23/24] crypto/cnxk: add TLS 1.3 capability Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 24/24] crypto/cnxk: add CPT SG mode debug Anoob Joseph
2024-01-18 17:06     ` [PATCH v3 00/24] Fixes and improvements in crypto cnxk Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231221123545.510-21-anoobj@marvell.com \
    --to=anoobj@marvell.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=jerinj@marvell.com \
    --cc=ktejasree@marvell.com \
    --cc=vvelumuri@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).