From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>
Cc: Jerin Jacob <jerinj@marvell.com>,
Vidya Sagar Velumuri <vvelumuri@marvell.com>,
Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org>
Subject: [PATCH v2 13/24] common/cnxk: add TLS record contexts
Date: Tue, 2 Jan 2024 10:24:06 +0530 [thread overview]
Message-ID: <20240102045417.115-14-anoobj@marvell.com> (raw)
In-Reply-To: <20240102045417.115-1-anoobj@marvell.com>
Add TLS record read and write contexts.
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
drivers/common/cnxk/roc_cpt.h | 4 +-
drivers/common/cnxk/roc_ie_ot_tls.h | 199 ++++++++++++++++++++++++++++
drivers/common/cnxk/roc_se.h | 11 ++
3 files changed, 211 insertions(+), 3 deletions(-)
create mode 100644 drivers/common/cnxk/roc_ie_ot_tls.h
diff --git a/drivers/common/cnxk/roc_cpt.h b/drivers/common/cnxk/roc_cpt.h
index 001e71c55e..5a2b5caeb0 100644
--- a/drivers/common/cnxk/roc_cpt.h
+++ b/drivers/common/cnxk/roc_cpt.h
@@ -55,6 +55,7 @@
#define ROC_CPT_AES_CBC_IV_LEN 16
#define ROC_CPT_SHA1_HMAC_LEN 12
#define ROC_CPT_SHA2_HMAC_LEN 16
+#define ROC_CPT_DES_IV_LEN 8
#define ROC_CPT_DES3_KEY_LEN 24
#define ROC_CPT_AES128_KEY_LEN 16
@@ -71,9 +72,6 @@
#define ROC_CPT_DES_BLOCK_LENGTH 8
#define ROC_CPT_AES_BLOCK_LENGTH 16
-#define ROC_CPT_AES_GCM_ROUNDUP_BYTE_LEN 4
-#define ROC_CPT_AES_CBC_ROUNDUP_BYTE_LEN 16
-
/* Salt length for AES-CTR/GCM/CCM and AES-GMAC */
#define ROC_CPT_SALT_LEN 4
diff --git a/drivers/common/cnxk/roc_ie_ot_tls.h b/drivers/common/cnxk/roc_ie_ot_tls.h
new file mode 100644
index 0000000000..61955ef4d1
--- /dev/null
+++ b/drivers/common/cnxk/roc_ie_ot_tls.h
@@ -0,0 +1,199 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2023 Marvell.
+ */
+
+#ifndef __ROC_IE_OT_TLS_H__
+#define __ROC_IE_OT_TLS_H__
+
+#include "roc_platform.h"
+
+#define ROC_IE_OT_TLS_CTX_ILEN 1
+#define ROC_IE_OT_TLS_CTX_HDR_SIZE 1
+#define ROC_IE_OT_TLS_AR_WIN_SIZE_MAX 4096
+#define ROC_IE_OT_TLS_LOG_MIN_AR_WIN_SIZE_M1 5
+
+/* u64 array size to fit anti replay window bits */
+#define ROC_IE_OT_TLS_AR_WINBITS_SZ \
+ (PLT_ALIGN_CEIL(ROC_IE_OT_TLS_AR_WIN_SIZE_MAX, BITS_PER_LONG_LONG) / BITS_PER_LONG_LONG)
+
+/* CN10K TLS opcodes */
+#define ROC_IE_OT_TLS_MAJOR_OP_RECORD_ENC 0x16UL
+#define ROC_IE_OT_TLS_MAJOR_OP_RECORD_DEC 0x17UL
+
+#define ROC_IE_OT_TLS_CTX_MAX_OPAD_IPAD_LEN 128
+#define ROC_IE_OT_TLS_CTX_MAX_KEY_IV_LEN 48
+#define ROC_IE_OT_TLS_CTX_MAX_IV_LEN 16
+
+enum roc_ie_ot_tls_mac_type {
+ ROC_IE_OT_TLS_MAC_MD5 = 1,
+ ROC_IE_OT_TLS_MAC_SHA1 = 2,
+ ROC_IE_OT_TLS_MAC_SHA2_256 = 4,
+ ROC_IE_OT_TLS_MAC_SHA2_384 = 5,
+ ROC_IE_OT_TLS_MAC_SHA2_512 = 6,
+};
+
+enum roc_ie_ot_tls_cipher_type {
+ ROC_IE_OT_TLS_CIPHER_3DES = 1,
+ ROC_IE_OT_TLS_CIPHER_AES_CBC = 3,
+ ROC_IE_OT_TLS_CIPHER_AES_GCM = 7,
+ ROC_IE_OT_TLS_CIPHER_AES_CCM = 10,
+};
+
+enum roc_ie_ot_tls_ver {
+ ROC_IE_OT_TLS_VERSION_TLS_12 = 1,
+ ROC_IE_OT_TLS_VERSION_DTLS_12 = 2,
+};
+
+enum roc_ie_ot_tls_aes_key_len {
+ ROC_IE_OT_TLS_AES_KEY_LEN_128 = 1,
+ ROC_IE_OT_TLS_AES_KEY_LEN_256 = 3,
+};
+
+enum {
+ ROC_IE_OT_TLS_IV_SRC_DEFAULT = 0,
+ ROC_IE_OT_TLS_IV_SRC_FROM_SA = 1,
+};
+
+struct roc_ie_ot_tls_read_ctx_update_reg {
+ uint64_t ar_base;
+ uint64_t ar_valid_mask;
+ uint64_t hard_life;
+ uint64_t soft_life;
+ uint64_t mib_octs;
+ uint64_t mib_pkts;
+ uint64_t ar_winbits[ROC_IE_OT_TLS_AR_WINBITS_SZ];
+};
+
+union roc_ie_ot_tls_param2 {
+ uint16_t u16;
+ struct {
+ uint8_t msg_type;
+ uint8_t rsvd;
+ } s;
+};
+
+struct roc_ie_ot_tls_read_sa {
+ /* Word0 */
+ union {
+ struct {
+ uint64_t ar_win : 3;
+ uint64_t hard_life_dec : 1;
+ uint64_t soft_life_dec : 1;
+ uint64_t count_glb_octets : 1;
+ uint64_t count_glb_pkts : 1;
+ uint64_t count_mib_bytes : 1;
+
+ uint64_t count_mib_pkts : 1;
+ uint64_t hw_ctx_off : 7;
+
+ uint64_t ctx_id : 16;
+
+ uint64_t orig_pkt_fabs : 1;
+ uint64_t orig_pkt_free : 1;
+ uint64_t pkind : 6;
+
+ uint64_t rsvd0 : 1;
+ uint64_t et_ovrwr : 1;
+ uint64_t pkt_output : 2;
+ uint64_t pkt_format : 1;
+ uint64_t defrag_opt : 2;
+ uint64_t x2p_dst : 1;
+
+ uint64_t ctx_push_size : 7;
+ uint64_t rsvd1 : 1;
+
+ uint64_t ctx_hdr_size : 2;
+ uint64_t aop_valid : 1;
+ uint64_t rsvd2 : 1;
+ uint64_t ctx_size : 4;
+ } s;
+ uint64_t u64;
+ } w0;
+
+ /* Word1 */
+ uint64_t w1_rsvd3;
+
+ /* Word2 */
+ union {
+ struct {
+ uint64_t version_select : 4;
+ uint64_t aes_key_len : 2;
+ uint64_t cipher_select : 4;
+ uint64_t mac_select : 4;
+ uint64_t rsvd4 : 50;
+ } s;
+ uint64_t u64;
+ } w2;
+
+ /* Word3 */
+ uint64_t w3_rsvd5;
+
+ /* Word4 - Word9 */
+ uint8_t cipher_key[ROC_IE_OT_TLS_CTX_MAX_KEY_IV_LEN];
+
+ /* Word10 - Word25 */
+ uint8_t opad_ipad[ROC_IE_OT_TLS_CTX_MAX_OPAD_IPAD_LEN];
+
+ /* Word26 - Word32 */
+ struct roc_ie_ot_tls_read_ctx_update_reg ctx;
+};
+
+struct roc_ie_ot_tls_write_sa {
+ /* Word0 */
+ union {
+ struct {
+ uint64_t rsvd0 : 3;
+ uint64_t hard_life_dec : 1;
+ uint64_t soft_life_dec : 1;
+ uint64_t count_glb_octets : 1;
+ uint64_t count_glb_pkts : 1;
+ uint64_t count_mib_bytes : 1;
+
+ uint64_t count_mib_pkts : 1;
+ uint64_t hw_ctx_off : 7;
+
+ uint64_t rsvd1 : 32;
+
+ uint64_t ctx_push_size : 7;
+ uint64_t rsvd2 : 1;
+
+ uint64_t ctx_hdr_size : 2;
+ uint64_t aop_valid : 1;
+ uint64_t rsvd3 : 1;
+ uint64_t ctx_size : 4;
+ } s;
+ uint64_t u64;
+ } w0;
+
+ /* Word1 */
+ uint64_t w1_rsvd4;
+
+ /* Word2 */
+ union {
+ struct {
+ uint64_t version_select : 4;
+ uint64_t aes_key_len : 2;
+ uint64_t cipher_select : 4;
+ uint64_t mac_select : 4;
+ uint64_t iv_at_cptr : 1;
+ uint64_t rsvd5 : 49;
+ } s;
+ uint64_t u64;
+ } w2;
+
+ /* Word3 */
+ uint64_t w3_rsvd6;
+
+ /* Word4 - Word9 */
+ uint8_t cipher_key[ROC_IE_OT_TLS_CTX_MAX_KEY_IV_LEN];
+
+ /* Word10 - Word25 */
+ uint8_t opad_ipad[ROC_IE_OT_TLS_CTX_MAX_OPAD_IPAD_LEN];
+
+ /* Word26 */
+ uint64_t w26_rsvd7;
+
+ /* Word27 */
+ uint64_t seq_num;
+};
+#endif /* __ROC_IE_OT_TLS_H__ */
diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h
index d8cbd58c9a..abb8c6a149 100644
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -5,6 +5,8 @@
#ifndef __ROC_SE_H__
#define __ROC_SE_H__
+#include "roc_constants.h"
+
/* SE opcodes */
#define ROC_SE_MAJOR_OP_FC 0x33
#define ROC_SE_FC_MINOR_OP_ENCRYPT 0x0
@@ -162,6 +164,15 @@ typedef enum {
ROC_SE_ERR_GC_ICV_MISCOMPARE = 0x4c,
ROC_SE_ERR_GC_DATA_UNALIGNED = 0x4d,
+ ROC_SE_ERR_SSL_RECORD_LEN_INVALID = 0x82,
+ ROC_SE_ERR_SSL_CTX_LEN_INVALID = 0x83,
+ ROC_SE_ERR_SSL_CIPHER_UNSUPPORTED = 0x84,
+ ROC_SE_ERR_SSL_MAC_UNSUPPORTED = 0x85,
+ ROC_SE_ERR_SSL_VERSION_UNSUPPORTED = 0x86,
+ ROC_SE_ERR_SSL_MAC_MISMATCH = 0x89,
+ ROC_SE_ERR_SSL_PKT_REPLAY_SEQ_OUT_OF_WINDOW = 0xC1,
+ ROC_SE_ERR_SSL_PKT_REPLAY_SEQ = 0xC9,
+
/* API Layer */
ROC_SE_ERR_REQ_PENDING = 0xfe,
ROC_SE_ERR_REQ_TIMEOUT = 0xff,
--
2.25.1
next prev parent reply other threads:[~2024-01-02 4:56 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-21 12:35 [PATCH 00/24] Fixes and improvements in crypto cnxk Anoob Joseph
2023-12-21 12:35 ` [PATCH 01/24] common/cnxk: fix memory leak Anoob Joseph
2023-12-21 12:35 ` [PATCH 02/24] crypto/cnxk: use common macro Anoob Joseph
2023-12-21 12:35 ` [PATCH 03/24] crypto/cnxk: fallback to SG if headroom is not available Anoob Joseph
2023-12-21 12:35 ` [PATCH 04/24] crypto/cnxk: return microcode completion code Anoob Joseph
2023-12-21 12:35 ` [PATCH 05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k Anoob Joseph
2023-12-21 12:35 ` [PATCH 06/24] crypto/cnxk: enable digest gen for zero len input Anoob Joseph
2023-12-21 12:35 ` [PATCH 07/24] crypto/cnxk: enable Rx inject in security lookaside Anoob Joseph
2023-12-21 12:35 ` [PATCH 08/24] common/cnxk: add Rx inject configs Anoob Joseph
2023-12-21 12:35 ` [PATCH 09/24] crypto/cnxk: Rx inject config update Anoob Joseph
2023-12-21 12:35 ` [PATCH 10/24] crypto/cnxk: enable Rx inject for 103 Anoob Joseph
2023-12-21 12:35 ` [PATCH 11/24] crypto/cnxk: rename security caps as IPsec security caps Anoob Joseph
2023-12-21 12:35 ` [PATCH 12/24] common/cnxk: update opad-ipad gen to handle TLS Anoob Joseph
2023-12-21 12:35 ` [PATCH 13/24] common/cnxk: add TLS record contexts Anoob Joseph
2023-12-21 12:35 ` [PATCH 14/24] crypto/cnxk: separate IPsec from security common code Anoob Joseph
2023-12-21 12:35 ` [PATCH 15/24] crypto/cnxk: add TLS record session ops Anoob Joseph
2023-12-21 12:35 ` [PATCH 16/24] crypto/cnxk: add TLS record datapath handling Anoob Joseph
2023-12-21 12:35 ` [PATCH 17/24] crypto/cnxk: add TLS capability Anoob Joseph
2023-12-21 12:35 ` [PATCH 18/24] crypto/cnxk: add PMD APIs for raw submission to CPT Anoob Joseph
2023-12-21 12:35 ` [PATCH 19/24] crypto/cnxk: replace PDCP with PDCP chain opcode Anoob Joseph
2023-12-21 12:35 ` [PATCH 20/24] crypto/cnxk: validate the combinations supported in TLS Anoob Joseph
2023-12-21 12:35 ` [PATCH 21/24] crypto/cnxk: use a single function for opad ipad Anoob Joseph
2023-12-21 12:35 ` [PATCH 22/24] crypto/cnxk: add support for TLS 1.3 Anoob Joseph
2023-12-21 12:35 ` [PATCH 23/24] crypto/cnxk: add TLS 1.3 capability Anoob Joseph
2023-12-21 12:35 ` [PATCH 24/24] crypto/cnxk: add CPT SG mode debug Anoob Joseph
2024-01-02 4:53 ` [PATCH v2 00/24] Fixes and improvements in crypto cnxk Anoob Joseph
2024-01-02 4:53 ` [PATCH v2 01/24] common/cnxk: fix memory leak Anoob Joseph
2024-01-02 4:53 ` [PATCH v2 02/24] crypto/cnxk: use common macro Anoob Joseph
2024-01-02 4:53 ` [PATCH v2 03/24] crypto/cnxk: fallback to SG if headroom is not available Anoob Joseph
2024-01-02 4:53 ` [PATCH v2 04/24] crypto/cnxk: return microcode completion code Anoob Joseph
2024-01-02 4:53 ` [PATCH v2 05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k Anoob Joseph
2024-01-02 4:53 ` [PATCH v2 06/24] crypto/cnxk: enable digest gen for zero len input Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 07/24] crypto/cnxk: enable Rx inject in security lookaside Anoob Joseph
2024-01-16 8:07 ` Akhil Goyal
2024-01-02 4:54 ` [PATCH v2 08/24] common/cnxk: add Rx inject configs Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 09/24] crypto/cnxk: Rx inject config update Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 10/24] crypto/cnxk: enable Rx inject for 103 Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 11/24] crypto/cnxk: rename security caps as IPsec security caps Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 12/24] common/cnxk: update opad-ipad gen to handle TLS Anoob Joseph
2024-01-02 4:54 ` Anoob Joseph [this message]
2024-01-02 4:54 ` [PATCH v2 14/24] crypto/cnxk: separate IPsec from security common code Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 15/24] crypto/cnxk: add TLS record session ops Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 16/24] crypto/cnxk: add TLS record datapath handling Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 17/24] crypto/cnxk: add TLS capability Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 18/24] crypto/cnxk: add PMD APIs for raw submission to CPT Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 19/24] crypto/cnxk: replace PDCP with PDCP chain opcode Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 20/24] crypto/cnxk: validate the combinations supported in TLS Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 21/24] crypto/cnxk: use a single function for opad ipad Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 22/24] crypto/cnxk: add support for TLS 1.3 Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 23/24] crypto/cnxk: add TLS 1.3 capability Anoob Joseph
2024-01-02 4:54 ` [PATCH v2 24/24] crypto/cnxk: add CPT SG mode debug Anoob Joseph
2024-01-16 8:43 ` [PATCH v2 00/24] Fixes and improvements in crypto cnxk Akhil Goyal
2024-01-17 10:30 ` [PATCH v3 " Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 01/24] common/cnxk: fix memory leak Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 02/24] crypto/cnxk: use common macro Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 03/24] crypto/cnxk: fallback to SG if headroom is not available Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 04/24] crypto/cnxk: return microcode completion code Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 06/24] crypto/cnxk: enable digest gen for zero len input Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 07/24] crypto/cnxk: enable Rx inject in security lookaside Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 08/24] common/cnxk: add Rx inject configs Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 09/24] crypto/cnxk: Rx inject config update Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 10/24] crypto/cnxk: enable Rx inject for 103 Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 11/24] crypto/cnxk: rename security caps as IPsec security caps Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 12/24] common/cnxk: update opad-ipad gen to handle TLS Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 13/24] common/cnxk: add TLS record contexts Anoob Joseph
2024-01-17 10:30 ` [PATCH v3 14/24] crypto/cnxk: separate IPsec from security common code Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 15/24] crypto/cnxk: add TLS record session ops Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 16/24] crypto/cnxk: add TLS record datapath handling Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 17/24] crypto/cnxk: add TLS capability Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 18/24] crypto/cnxk: add PMD APIs for raw submission to CPT Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 19/24] crypto/cnxk: replace PDCP with PDCP chain opcode Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 20/24] crypto/cnxk: validate the combinations supported in TLS Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 21/24] crypto/cnxk: use a single function for opad ipad Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 22/24] crypto/cnxk: add support for TLS 1.3 Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 23/24] crypto/cnxk: add TLS 1.3 capability Anoob Joseph
2024-01-17 10:31 ` [PATCH v3 24/24] crypto/cnxk: add CPT SG mode debug Anoob Joseph
2024-01-18 17:06 ` [PATCH v3 00/24] Fixes and improvements in crypto cnxk Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240102045417.115-14-anoobj@marvell.com \
--to=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=jerinj@marvell.com \
--cc=ktejasree@marvell.com \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).