| Message ID | 20230811071712.240-1-anoobj@marvell.com (mailing list archive) |
|---|---|
| Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C2B1C4302F; Fri, 11 Aug 2023 09:17:41 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2977F410E3; Fri, 11 Aug 2023 09:17:41 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id C1C2E40E03 for <dev@dpdk.org>; Fri, 11 Aug 2023 09:17:39 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 37AMkJDK002877; Fri, 11 Aug 2023 00:17:35 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=xrdU2Ne8rIfdHmpIZ1rfyQWbGsI2lfYRu+MPAkRJ7/M=; b=Dij6v00+uVZ6iLEvAYtHAbfRvTkiqOOjrxQ07Ey6xMf44F0gwgjvRA+aHHxjfVu2q/oL 0Kw9dy4GI07MOwlgUkfAYk6tX7tb0GFLdgE28OpWd3aJHyU/2e39fgQOqA0zT4ij9bKX PkjB6IPkvLurcB+4OOl01wUj+5BE+JCe9HUJYQOIlM06kHA/tlF+EBkV3tTOjAZWHzWc y79oFO05W5yGlo961pzqrSWbadmipFcN1su5h4zKfYf/eZDMPhnLCxkHXHiELeKCf/vh cGhHT02iluqpXQeto5y7QnizHvMVMDGAimiNdlp7MdDw14e+gHoWh0xnm4rBR6OVWyPT Jw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3sd8yp9f18-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 11 Aug 2023 00:17:35 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Fri, 11 Aug 2023 00:17:33 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Fri, 11 Aug 2023 00:17:33 -0700 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id 0C26F3F70C1; Fri, 11 Aug 2023 00:17:14 -0700 (PDT) From: Anoob Joseph <anoobj@marvell.com> To: Thomas Monjalon <thomas@monjalon.net>, Akhil Goyal <gakhil@marvell.com>, Jerin Jacob <jerinj@marvell.com>, Konstantin Ananyev <konstantin.v.ananyev@yandex.ru> CC: Hemant Agrawal <hemant.agrawal@nxp.com>, <dev@dpdk.org>, Olivier Matz <olivier.matz@6wind.com>, Vidya Sagar Velumuri <vvelumuri@marvell.com> Subject: [RFC PATCH 0/3] add TLS record processing security offload Date: Fri, 11 Aug 2023 12:47:09 +0530 Message-ID: <20230811071712.240-1-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: HpYHwcAjNYuFCnGgHYjrcMTBtDlbolRG X-Proofpoint-GUID: HpYHwcAjNYuFCnGgHYjrcMTBtDlbolRG X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-08-10_20,2023-08-10_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions <dev.dpdk.org> List-Unsubscribe: <https://mails.dpdk.org/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://mails.dpdk.org/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <https://mails.dpdk.org/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org |
| Series |
add TLS record processing security offload
|
|
Message
Anoob Joseph
Aug. 11, 2023, 7:17 a.m. UTC
Add Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The protocols provide communications privacy for L4 protocols such as TCP & UDP. TLS (and DTLS) protocol is composed of two layers, 1. TLS Record Protocol 2. TLS Handshake Protocol While TLS Handshake Protocol helps in establishing security parameters by which client and server can communicate, TLS Record Protocol provides the connection security. TLS Record Protocol leverages symmetric cryptographic operations such as data encryption and authentication for providing security to the communications. Cryptodevs that are capable of offloading TLS Record Protocol may perform other operations like IV generation, header insertion, atomic sequence number updates and anti-replay window check in addition to cryptographic transformations. In record write operations, message content type is a per packet field which is used in constructing the TLS header. One session is expected to handle all types of content types and so, 'rte_crypto_op.aux_flags' is used for passing the same. The support is added for TLS 1.2, TLS 1.3 and DTLS 1.2. Akhil Goyal (1): net: add headers for TLS/DTLS packets Anoob Joseph (2): security: add TLS record processing cryptodev: add details of datapath handling of TLS records doc/api/doxy-api-index.md | 2 + doc/guides/prog_guide/rte_security.rst | 68 +++++++++++++++ lib/cryptodev/rte_crypto.h | 6 ++ lib/net/meson.build | 2 + lib/net/rte_dtls.h | 61 ++++++++++++++ lib/net/rte_tls.h | 48 +++++++++++ lib/security/rte_security.c | 4 + lib/security/rte_security.h | 110 +++++++++++++++++++++++++ 8 files changed, 301 insertions(+) create mode 100644 lib/net/rte_dtls.h create mode 100644 lib/net/rte_tls.h
Comments
> -----Original Message----- > From: Anoob Joseph <anoobj@marvell.com> > Sent: Friday, August 11, 2023 8:17 AM > To: Thomas Monjalon <thomas@monjalon.net>; Akhil Goyal > <gakhil@marvell.com>; Jerin Jacob <jerinj@marvell.com>; Konstantin Ananyev > <konstantin.v.ananyev@yandex.ru> > Cc: Hemant Agrawal <hemant.agrawal@nxp.com>; dev@dpdk.org; Matz, > Olivier <olivier.matz@6wind.com>; Vidya Sagar Velumuri > <vvelumuri@marvell.com> > Subject: [RFC PATCH 0/3] add TLS record processing security offload > > Add Transport Layer Security (TLS) and Datagram Transport Layer Security > (DTLS). The protocols provide communications privacy for L4 protocols > such as TCP & UDP. > > TLS (and DTLS) protocol is composed of two layers, > 1. TLS Record Protocol > 2. TLS Handshake Protocol > > While TLS Handshake Protocol helps in establishing security parameters > by which client and server can communicate, TLS Record Protocol provides > the connection security. TLS Record Protocol leverages symmetric > cryptographic operations such as data encryption and authentication for > providing security to the communications. > > Cryptodevs that are capable of offloading TLS Record Protocol may > perform other operations like IV generation, header insertion, atomic > sequence number updates and anti-replay window check in addition to > cryptographic transformations. > > In record write operations, message content type is a per packet field > which is used in constructing the TLS header. One session is expected > to handle all types of content types and so, 'rte_crypto_op.aux_flags' > is used for passing the same. > > The support is added for TLS 1.2, TLS 1.3 and DTLS 1.2. > > Akhil Goyal (1): > net: add headers for TLS/DTLS packets > > Anoob Joseph (2): > security: add TLS record processing > cryptodev: add details of datapath handling of TLS records Hi Folks, I've reviewed these 3 patches, generally fine, with two main opens; 1) The part that I do not fully understand how it is defined is the 'rte_crypto_op.aux_flags' field usage, and what values to read/write there. 2) Error handling (again with aux_flags) is not well defined, and is critical to correct (high-bw/high-packet-count) usage. I do not understand how to do correct error handling today with aux_flags, so more docs/examples required. Some detail-level comments inline in the patch files. Regards -Harry <snip>