DPDK patches and discussions
 help / color / mirror / Atom feed
From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>
Cc: Vidya Sagar Velumuri <vvelumuri@marvell.com>,
	Jerin Jacob <jerinj@marvell.com>,
	Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org>
Subject: [PATCH v2 23/24] crypto/cnxk: add TLS 1.3 capability
Date: Tue, 2 Jan 2024 10:24:16 +0530	[thread overview]
Message-ID: <20240102045417.115-24-anoobj@marvell.com> (raw)
In-Reply-To: <20240102045417.115-1-anoobj@marvell.com>

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Add TLS 1.3 record read and write capability

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 doc/guides/rel_notes/release_24_03.rst        |  4 +-
 .../crypto/cnxk/cnxk_cryptodev_capabilities.c | 92 +++++++++++++++++++
 2 files changed, 94 insertions(+), 2 deletions(-)

diff --git a/doc/guides/rel_notes/release_24_03.rst b/doc/guides/rel_notes/release_24_03.rst
index f5773bab5a..89110e0650 100644
--- a/doc/guides/rel_notes/release_24_03.rst
+++ b/doc/guides/rel_notes/release_24_03.rst
@@ -58,8 +58,8 @@ New Features
 * **Updated Marvell cnxk crypto driver.**
 
   * Added support for Rx inject in crypto_cn10k.
-  * Added support for TLS record processing in crypto_cn10k. Supports TLS 1.2
-    and DTLS 1.2.
+  * Added support for TLS record processing in crypto_cn10k. Supports TLS 1.2,
+    DTLS 1.2 and TLS 1.3.
   * Added PMD API to allow raw submission of instructions to CPT.
 
 Removed Items
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
index 73100377d9..db50de5d58 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c
@@ -40,6 +40,16 @@
 					   RTE_DIM(sec_tls12_caps_##name));     \
 	} while (0)
 
+#define SEC_TLS13_CAPS_ADD(cnxk_caps, cur_pos, hw_caps, name)                  \
+	do {                                                                   \
+		if ((hw_caps[CPT_ENG_TYPE_SE].name) ||                         \
+		    (hw_caps[CPT_ENG_TYPE_IE].name) ||                         \
+		    (hw_caps[CPT_ENG_TYPE_AE].name))                           \
+			sec_tls13_caps_add(cnxk_caps, cur_pos,                 \
+					   sec_tls13_caps_##name,               \
+					   RTE_DIM(sec_tls13_caps_##name));     \
+	} while (0)
+
 static const struct rte_cryptodev_capabilities caps_mul[] = {
 	{	/* RSA */
 		.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
@@ -1631,6 +1641,40 @@ static const struct rte_cryptodev_capabilities sec_tls12_caps_sha1_sha2[] = {
 	},
 };
 
+static const struct rte_cryptodev_capabilities sec_tls13_caps_aes[] = {
+	{	/* AES GCM */
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+		{.sym = {
+			.xform_type = RTE_CRYPTO_SYM_XFORM_AEAD,
+			{.aead = {
+				.algo = RTE_CRYPTO_AEAD_AES_GCM,
+				.block_size = 16,
+				.key_size = {
+					.min = 16,
+					.max = 32,
+					.increment = 16
+				},
+				.digest_size = {
+					.min = 16,
+					.max = 16,
+					.increment = 0
+				},
+				.aad_size = {
+					.min = 5,
+					.max = 5,
+					.increment = 0
+				},
+				.iv_size = {
+					.min = 0,
+					.max = 0,
+					.increment = 0
+				}
+			}, }
+		}, }
+	},
+};
+
+
 static const struct rte_security_capability sec_caps_templ[] = {
 	{	/* IPsec Lookaside Protocol ESP Tunnel Ingress */
 		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
@@ -1760,6 +1804,26 @@ static const struct rte_security_capability sec_caps_templ[] = {
 		},
 		.crypto_capabilities = NULL,
 	},
+	{	/* TLS 1.3 Record Read */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD,
+		.tls_record = {
+			.ver = RTE_SECURITY_VERSION_TLS_1_3,
+			.type = RTE_SECURITY_TLS_SESS_TYPE_READ,
+			.ar_win_size = 0,
+		},
+		.crypto_capabilities = NULL,
+	},
+	{	/* TLS 1.3 Record Write */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_TLS_RECORD,
+		.tls_record = {
+			.ver = RTE_SECURITY_VERSION_TLS_1_3,
+			.type = RTE_SECURITY_TLS_SESS_TYPE_WRITE,
+			.ar_win_size = 0,
+		},
+		.crypto_capabilities = NULL,
+	},
 	{
 		.action = RTE_SECURITY_ACTION_TYPE_NONE
 	}
@@ -2005,6 +2069,33 @@ sec_tls12_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],
 	sec_tls12_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end));
 }
 
+static void
+sec_tls13_caps_limit_check(int *cur_pos, int nb_caps)
+{
+	PLT_VERIFY(*cur_pos + nb_caps <= CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS);
+}
+
+static void
+sec_tls13_caps_add(struct rte_cryptodev_capabilities cnxk_caps[], int *cur_pos,
+		   const struct rte_cryptodev_capabilities *caps, int nb_caps)
+{
+	sec_tls13_caps_limit_check(cur_pos, nb_caps);
+
+	memcpy(&cnxk_caps[*cur_pos], caps, nb_caps * sizeof(caps[0]));
+	*cur_pos += nb_caps;
+}
+
+static void
+sec_tls13_crypto_caps_populate(struct rte_cryptodev_capabilities cnxk_caps[],
+			       union cpt_eng_caps *hw_caps)
+{
+	int cur_pos = 0;
+
+	SEC_TLS13_CAPS_ADD(cnxk_caps, &cur_pos, hw_caps, aes);
+
+	sec_tls13_caps_add(cnxk_caps, &cur_pos, caps_end, RTE_DIM(caps_end));
+}
+
 void
 cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf)
 {
@@ -2016,6 +2107,7 @@ cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf)
 	if (vf->cpt.hw_caps[CPT_ENG_TYPE_SE].tls) {
 		sec_tls12_crypto_caps_populate(vf->sec_tls_1_2_crypto_caps, vf->cpt.hw_caps);
 		sec_tls12_crypto_caps_populate(vf->sec_dtls_1_2_crypto_caps, vf->cpt.hw_caps);
+		sec_tls13_crypto_caps_populate(vf->sec_tls_1_3_crypto_caps, vf->cpt.hw_caps);
 	}
 
 	PLT_STATIC_ASSERT(RTE_DIM(sec_caps_templ) <= RTE_DIM(vf->sec_caps));
-- 
2.25.1


  parent reply	other threads:[~2024-01-02  4:57 UTC|newest]

Thread overview: 78+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-21 12:35 [PATCH 00/24] Fixes and improvements in crypto cnxk Anoob Joseph
2023-12-21 12:35 ` [PATCH 01/24] common/cnxk: fix memory leak Anoob Joseph
2023-12-21 12:35 ` [PATCH 02/24] crypto/cnxk: use common macro Anoob Joseph
2023-12-21 12:35 ` [PATCH 03/24] crypto/cnxk: fallback to SG if headroom is not available Anoob Joseph
2023-12-21 12:35 ` [PATCH 04/24] crypto/cnxk: return microcode completion code Anoob Joseph
2023-12-21 12:35 ` [PATCH 05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k Anoob Joseph
2023-12-21 12:35 ` [PATCH 06/24] crypto/cnxk: enable digest gen for zero len input Anoob Joseph
2023-12-21 12:35 ` [PATCH 07/24] crypto/cnxk: enable Rx inject in security lookaside Anoob Joseph
2023-12-21 12:35 ` [PATCH 08/24] common/cnxk: add Rx inject configs Anoob Joseph
2023-12-21 12:35 ` [PATCH 09/24] crypto/cnxk: Rx inject config update Anoob Joseph
2023-12-21 12:35 ` [PATCH 10/24] crypto/cnxk: enable Rx inject for 103 Anoob Joseph
2023-12-21 12:35 ` [PATCH 11/24] crypto/cnxk: rename security caps as IPsec security caps Anoob Joseph
2023-12-21 12:35 ` [PATCH 12/24] common/cnxk: update opad-ipad gen to handle TLS Anoob Joseph
2023-12-21 12:35 ` [PATCH 13/24] common/cnxk: add TLS record contexts Anoob Joseph
2023-12-21 12:35 ` [PATCH 14/24] crypto/cnxk: separate IPsec from security common code Anoob Joseph
2023-12-21 12:35 ` [PATCH 15/24] crypto/cnxk: add TLS record session ops Anoob Joseph
2023-12-21 12:35 ` [PATCH 16/24] crypto/cnxk: add TLS record datapath handling Anoob Joseph
2023-12-21 12:35 ` [PATCH 17/24] crypto/cnxk: add TLS capability Anoob Joseph
2023-12-21 12:35 ` [PATCH 18/24] crypto/cnxk: add PMD APIs for raw submission to CPT Anoob Joseph
2023-12-21 12:35 ` [PATCH 19/24] crypto/cnxk: replace PDCP with PDCP chain opcode Anoob Joseph
2023-12-21 12:35 ` [PATCH 20/24] crypto/cnxk: validate the combinations supported in TLS Anoob Joseph
2023-12-21 12:35 ` [PATCH 21/24] crypto/cnxk: use a single function for opad ipad Anoob Joseph
2023-12-21 12:35 ` [PATCH 22/24] crypto/cnxk: add support for TLS 1.3 Anoob Joseph
2023-12-21 12:35 ` [PATCH 23/24] crypto/cnxk: add TLS 1.3 capability Anoob Joseph
2023-12-21 12:35 ` [PATCH 24/24] crypto/cnxk: add CPT SG mode debug Anoob Joseph
2024-01-02  4:53 ` [PATCH v2 00/24] Fixes and improvements in crypto cnxk Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 01/24] common/cnxk: fix memory leak Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 02/24] crypto/cnxk: use common macro Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 03/24] crypto/cnxk: fallback to SG if headroom is not available Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 04/24] crypto/cnxk: return microcode completion code Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k Anoob Joseph
2024-01-02  4:53   ` [PATCH v2 06/24] crypto/cnxk: enable digest gen for zero len input Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 07/24] crypto/cnxk: enable Rx inject in security lookaside Anoob Joseph
2024-01-16  8:07     ` Akhil Goyal
2024-01-02  4:54   ` [PATCH v2 08/24] common/cnxk: add Rx inject configs Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 09/24] crypto/cnxk: Rx inject config update Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 10/24] crypto/cnxk: enable Rx inject for 103 Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 11/24] crypto/cnxk: rename security caps as IPsec security caps Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 12/24] common/cnxk: update opad-ipad gen to handle TLS Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 13/24] common/cnxk: add TLS record contexts Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 14/24] crypto/cnxk: separate IPsec from security common code Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 15/24] crypto/cnxk: add TLS record session ops Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 16/24] crypto/cnxk: add TLS record datapath handling Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 17/24] crypto/cnxk: add TLS capability Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 18/24] crypto/cnxk: add PMD APIs for raw submission to CPT Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 19/24] crypto/cnxk: replace PDCP with PDCP chain opcode Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 20/24] crypto/cnxk: validate the combinations supported in TLS Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 21/24] crypto/cnxk: use a single function for opad ipad Anoob Joseph
2024-01-02  4:54   ` [PATCH v2 22/24] crypto/cnxk: add support for TLS 1.3 Anoob Joseph
2024-01-02  4:54   ` Anoob Joseph [this message]
2024-01-02  4:54   ` [PATCH v2 24/24] crypto/cnxk: add CPT SG mode debug Anoob Joseph
2024-01-16  8:43   ` [PATCH v2 00/24] Fixes and improvements in crypto cnxk Akhil Goyal
2024-01-17 10:30   ` [PATCH v3 " Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 01/24] common/cnxk: fix memory leak Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 02/24] crypto/cnxk: use common macro Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 03/24] crypto/cnxk: fallback to SG if headroom is not available Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 04/24] crypto/cnxk: return microcode completion code Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 05/24] crypto/cnxk: fix ECDH pubkey verify in cn9k Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 06/24] crypto/cnxk: enable digest gen for zero len input Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 07/24] crypto/cnxk: enable Rx inject in security lookaside Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 08/24] common/cnxk: add Rx inject configs Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 09/24] crypto/cnxk: Rx inject config update Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 10/24] crypto/cnxk: enable Rx inject for 103 Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 11/24] crypto/cnxk: rename security caps as IPsec security caps Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 12/24] common/cnxk: update opad-ipad gen to handle TLS Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 13/24] common/cnxk: add TLS record contexts Anoob Joseph
2024-01-17 10:30     ` [PATCH v3 14/24] crypto/cnxk: separate IPsec from security common code Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 15/24] crypto/cnxk: add TLS record session ops Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 16/24] crypto/cnxk: add TLS record datapath handling Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 17/24] crypto/cnxk: add TLS capability Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 18/24] crypto/cnxk: add PMD APIs for raw submission to CPT Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 19/24] crypto/cnxk: replace PDCP with PDCP chain opcode Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 20/24] crypto/cnxk: validate the combinations supported in TLS Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 21/24] crypto/cnxk: use a single function for opad ipad Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 22/24] crypto/cnxk: add support for TLS 1.3 Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 23/24] crypto/cnxk: add TLS 1.3 capability Anoob Joseph
2024-01-17 10:31     ` [PATCH v3 24/24] crypto/cnxk: add CPT SG mode debug Anoob Joseph
2024-01-18 17:06     ` [PATCH v3 00/24] Fixes and improvements in crypto cnxk Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240102045417.115-24-anoobj@marvell.com \
    --to=anoobj@marvell.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=jerinj@marvell.com \
    --cc=ktejasree@marvell.com \
    --cc=vvelumuri@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).