From patchwork Tue Oct  3 10:48:53 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Anoob Joseph <anoobj@marvell.com>
X-Patchwork-Id: 132279
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 3A239426AE;
	Tue,  3 Oct 2023 12:49:26 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id C78AE4069D;
	Tue,  3 Oct 2023 12:49:13 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
 [67.231.148.174])
 by mails.dpdk.org (Postfix) with ESMTP id 415DE406BA
 for <dev@dpdk.org>; Tue,  3 Oct 2023 12:49:12 +0200 (CEST)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
 by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
 3933ifTI022105; Tue, 3 Oct 2023 03:49:07 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=eEuKQ/zjBWhv+s3EjmCO0ws4GpnR4otYTSOF7fPGLG0=;
 b=XJdF8b8QZz6iap8CrobApxEH9okXxe2Wjql94yiQL//mm+HiH/Q9Az3ag7iusED14dCZ
 cn0DcbCHGDzh71j5Zm7k0A5v4Jyje4OnT7TQ+RsmsfKCKN9ixjvpHmRoADVCfeXuMTk5
 vqsjyl7IDm43NvoIAmULXlrtLofYeRYXQYc9blwi0zzg4RlXd26c6IKNGSBXlQKLtleG
 bq4WCcb//UMTWHBaYKIVbqROcEnV01VsxfXIvZE9X1LgOrhWGDA3+Z8Gjr9g0+3azjPd
 r3DbzhzszwKAw3pQtBvxjUIm7Y+h1IUBcYPEwDRYhdqblaV3YZVtzWOmK4JbdFYFY7/V DQ==
Received: from dc5-exch01.marvell.com ([199.233.59.181])
 by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3tgbas98we-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Tue, 03 Oct 2023 03:49:07 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48;
 Tue, 3 Oct 2023 03:49:06 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend
 Transport; Tue, 3 Oct 2023 03:49:06 -0700
Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189])
 by maili.marvell.com (Postfix) with ESMTP id 45AEB3F7089;
 Tue,  3 Oct 2023 03:49:01 -0700 (PDT)
From: Anoob Joseph <anoobj@marvell.com>
To: Thomas Monjalon <thomas@monjalon.net>, Akhil Goyal <gakhil@marvell.com>,
 Jerin Jacob <jerinj@marvell.com>, Harry van Haaren
 <harry.van.haaren@intel.com>
CC: Vidya Sagar Velumuri <vvelumuri@marvell.com>, Konstantin Ananyev
 <konstantin.v.ananyev@yandex.ru>,
 Hemant Agrawal <hemant.agrawal@nxp.com>, <dev@dpdk.org>,
 Olivier Matz <olivier.matz@6wind.com>
Subject: [PATCH v2 4/5] security: support TLS record lifetime notification
Date: Tue, 3 Oct 2023 16:18:53 +0530
Message-ID: <20231003104854.1381-5-anoobj@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20231003104854.1381-1-anoobj@marvell.com>
References: <20230811071712.240-1-anoobj@marvell.com>
 <20231003104854.1381-1-anoobj@marvell.com>
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: -cmZ7A6sKwNnfYrWrvZFzcmet3EvSNRD
X-Proofpoint-GUID: -cmZ7A6sKwNnfYrWrvZFzcmet3EvSNRD
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26
 definitions=2023-10-03_07,2023-10-02_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Support TLS record lifetime notification. TLS record sessions may need
to be renegotiated after a specific number of records are processed. For
devices that are capable of tracking lifetime, application may request
to do so by configuring the lifetime parameters in session. Upon soft
expiry, PMD will set the notification in `rte_crypto_op.aux_flags` field.

Hard expiration of the session would mean any subsequent crypto
operation would fail.

Extend `rte_crypto_op.aux_flags` to support all sessions that may have a
lifetime notification and include TLS record lifetime under the same.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 lib/cryptodev/rte_crypto.h  | 11 ++++++++++-
 lib/security/rte_security.h | 18 ++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index 7b8f2bdc6d..9fe3e3d529 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -64,9 +64,18 @@ enum rte_crypto_op_sess_type {
 	RTE_CRYPTO_OP_SECURITY_SESSION	/**< Security session crypto operation */
 };
 
+/* Auxiliary flags related to crypto operation */
+#define RTE_CRYPTO_OP_AUX_FLAGS_SESS_SOFT_EXPIRY (1 << 0)
+/**< Session soft expiry limit has been reached. Applicable for any session that has a soft lifetime
+ * feature supported.
+ *
+ * @see rte_security_ipsec_lifetime
+ * @see rte_security_tls_record_lifetime
+ */
+
 /* Auxiliary flags related to IPsec offload with RTE_SECURITY */
 
-#define RTE_CRYPTO_OP_AUX_FLAGS_IPSEC_SOFT_EXPIRY (1 << 0)
+#define RTE_CRYPTO_OP_AUX_FLAGS_IPSEC_SOFT_EXPIRY RTE_CRYPTO_OP_AUX_FLAGS_SESS_SOFT_EXPIRY
 /**< SA soft expiry limit has been reached */
 
 /**
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 89e61e10ad..00d2a29a01 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -654,6 +654,22 @@ struct rte_security_tls_record_sess_options {
 	uint32_t extra_padding_enable : 1;
 };
 
+/**
+ * Configure soft and hard lifetime of a TLS record session
+ *
+ * Lifetime of a TLS record session would specify the maximum number of packets that can be
+ * processed. TLS record processing operations would start failing once hard limit is reached.
+ *
+ * Soft limits can be specified to generate notification when the TLS record session is approaching
+ * hard limits for lifetime. This would result in a warning returned in ``rte_crypto_op.aux_flags``.
+ */
+struct rte_security_tls_record_lifetime {
+	/** Soft expiry limit in number of packets */
+	uint64_t packets_soft_limit;
+	/** Hard expiry limit in number of packets */
+	uint64_t packets_hard_limit;
+};
+
 /**
  * TLS record protocol session configuration.
  *
@@ -666,6 +682,8 @@ struct rte_security_tls_record_xform {
 	enum rte_security_tls_sess_type type;
 	/** TLS record session options. */
 	struct rte_security_tls_record_sess_options options;
+	/** TLS record session lifetime. */
+	struct rte_security_tls_record_lifetime life;
 	union {
 		/** TLS 1.2 parameters. */
 		struct {