From patchwork Fri Aug 11 07:17:09 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Anoob Joseph <anoobj@marvell.com>
X-Patchwork-Id: 38
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id C2B1C4302F;
	Fri, 11 Aug 2023 09:17:41 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 2977F410E3;
	Fri, 11 Aug 2023 09:17:41 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
 [67.231.148.174])
 by mails.dpdk.org (Postfix) with ESMTP id C1C2E40E03
 for <dev@dpdk.org>; Fri, 11 Aug 2023 09:17:39 +0200 (CEST)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
 by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
 37AMkJDK002877; Fri, 11 Aug 2023 00:17:35 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : mime-version : content-transfer-encoding :
 content-type; s=pfpt0220; bh=xrdU2Ne8rIfdHmpIZ1rfyQWbGsI2lfYRu+MPAkRJ7/M=;
 b=Dij6v00+uVZ6iLEvAYtHAbfRvTkiqOOjrxQ07Ey6xMf44F0gwgjvRA+aHHxjfVu2q/oL
 0Kw9dy4GI07MOwlgUkfAYk6tX7tb0GFLdgE28OpWd3aJHyU/2e39fgQOqA0zT4ij9bKX
 PkjB6IPkvLurcB+4OOl01wUj+5BE+JCe9HUJYQOIlM06kHA/tlF+EBkV3tTOjAZWHzWc
 y79oFO05W5yGlo961pzqrSWbadmipFcN1su5h4zKfYf/eZDMPhnLCxkHXHiELeKCf/vh
 cGhHT02iluqpXQeto5y7QnizHvMVMDGAimiNdlp7MdDw14e+gHoWh0xnm4rBR6OVWyPT Jw==
Received: from dc5-exch01.marvell.com ([199.233.59.181])
 by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3sd8yp9f18-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Fri, 11 Aug 2023 00:17:35 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48;
 Fri, 11 Aug 2023 00:17:33 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend
 Transport; Fri, 11 Aug 2023 00:17:33 -0700
Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189])
 by maili.marvell.com (Postfix) with ESMTP id 0C26F3F70C1;
 Fri, 11 Aug 2023 00:17:14 -0700 (PDT)
From: Anoob Joseph <anoobj@marvell.com>
To: Thomas Monjalon <thomas@monjalon.net>, Akhil Goyal <gakhil@marvell.com>,
 Jerin Jacob <jerinj@marvell.com>, Konstantin Ananyev
 <konstantin.v.ananyev@yandex.ru>
CC: Hemant Agrawal <hemant.agrawal@nxp.com>, <dev@dpdk.org>, Olivier Matz
 <olivier.matz@6wind.com>, Vidya Sagar Velumuri <vvelumuri@marvell.com>
Subject: [RFC PATCH 0/3] add TLS record processing security offload
Date: Fri, 11 Aug 2023 12:47:09 +0530
Message-ID: <20230811071712.240-1-anoobj@marvell.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: HpYHwcAjNYuFCnGgHYjrcMTBtDlbolRG
X-Proofpoint-GUID: HpYHwcAjNYuFCnGgHYjrcMTBtDlbolRG
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.267,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26
 definitions=2023-08-10_20,2023-08-10_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Add Transport Layer Security (TLS) and Datagram Transport Layer Security
(DTLS). The protocols provide communications privacy for L4 protocols
such as TCP & UDP.

TLS (and DTLS) protocol is composed of two layers,
1. TLS Record Protocol
2. TLS Handshake Protocol

While TLS Handshake Protocol helps in establishing security parameters
by which client and server can communicate, TLS Record Protocol provides
the connection security. TLS Record Protocol leverages symmetric
cryptographic operations such as data encryption and authentication for
providing security to the communications.

Cryptodevs that are capable of offloading TLS Record Protocol may
perform other operations like IV generation, header insertion, atomic
sequence number updates and anti-replay window check in addition to
cryptographic transformations.

In record write operations, message content type is a per packet field
which is used in constructing the TLS header. One session is expected
to handle all types of content types and so, 'rte_crypto_op.aux_flags'
is used for passing the same.

The support is added for TLS 1.2, TLS 1.3 and DTLS 1.2.

Akhil Goyal (1):
  net: add headers for TLS/DTLS packets

Anoob Joseph (2):
  security: add TLS record processing
  cryptodev: add details of datapath handling of TLS records

 doc/api/doxy-api-index.md              |   2 +
 doc/guides/prog_guide/rte_security.rst |  68 +++++++++++++++
 lib/cryptodev/rte_crypto.h             |   6 ++
 lib/net/meson.build                    |   2 +
 lib/net/rte_dtls.h                     |  61 ++++++++++++++
 lib/net/rte_tls.h                      |  48 +++++++++++
 lib/security/rte_security.c            |   4 +
 lib/security/rte_security.h            | 110 +++++++++++++++++++++++++
 8 files changed, 301 insertions(+)
 create mode 100644 lib/net/rte_dtls.h
 create mode 100644 lib/net/rte_tls.h