From patchwork Wed Jan 17 10:31:05 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Anoob Joseph <anoobj@marvell.com>
X-Patchwork-Id: 135923
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 7A1B8438E9;
	Wed, 17 Jan 2024 11:33:55 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 8ABB8427D9;
	Wed, 17 Jan 2024 11:32:07 +0100 (CET)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
 [67.231.148.174])
 by mails.dpdk.org (Postfix) with ESMTP id 1466B41149
 for <dev@dpdk.org>; Wed, 17 Jan 2024 11:32:03 +0100 (CET)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
 by mx0a-0016f401.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id
 40H7jopC029521 for <dev@dpdk.org>; Wed, 17 Jan 2024 02:32:03 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=
 from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding:content-type; s=
 pfpt0220; bh=iqutT/3nImm6vGH0JjXh6Pklecx0ElpzIpNtxjvKZ3I=; b=Jmr
 QquWk+1w7O4bgsK4UujveviqHm/tX6YuBKIQwYuzZhJO69usrFmQ9T4mvX9v9qLi
 QGpL+nGR6TBo+u/rjDNehXKwPbzWlcELNXqE4PH2yE5jxFdr+syDgE6sclYrLUb5
 auW9elosNgu2cfEV5GNPhMLiqxNkpRIfvIurZNlPTHtSKvAk+2BIA2c0iZLEAlWA
 Lv+a9CDwBmvaJp52E9rwd7JVuZ1GFWMiDP8Sg0kZYiYsTNITP8F35UetqJf9COch
 z34fh/CQi+JSwe52Dny+Y6FIsL7f6AXmQ1pdqYDiD1AEQ4zsuLeDqAuX2DHWAgNT
 4zbK8pxe5liZVVTHpLw==
Received: from dc5-exch02.marvell.com ([199.233.59.182])
 by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3vpask8fa7-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT)
 for <dev@dpdk.org>; Wed, 17 Jan 2024 02:32:03 -0800 (PST)
Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com
 (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48;
 Wed, 17 Jan 2024 02:32:01 -0800
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com
 (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend
 Transport; Wed, 17 Jan 2024 02:32:01 -0800
Received: from BG-LT92004.corp.innovium.com (unknown [10.28.22.179])
 by maili.marvell.com (Postfix) with ESMTP id AF5065B6932;
 Wed, 17 Jan 2024 02:31:59 -0800 (PST)
From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>
CC: Vidya Sagar Velumuri <vvelumuri@marvell.com>, Jerin Jacob
 <jerinj@marvell.com>,
 Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org>
Subject: [PATCH v3 20/24] crypto/cnxk: validate the combinations supported in
 TLS
Date: Wed, 17 Jan 2024 16:01:05 +0530
Message-ID: <20240117103109.922-21-anoobj@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20240117103109.922-1-anoobj@marvell.com>
References: <20240102045417.115-1-anoobj@marvell.com>
 <20240117103109.922-1-anoobj@marvell.com>
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: 5HWkl30xXRkZt0hLcB4AYlP6CJGKpEdh
X-Proofpoint-GUID: 5HWkl30xXRkZt0hLcB4AYlP6CJGKpEdh
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26
 definitions=2024-01-17_05,2024-01-17_01,2023-05-22_02
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

From: Vidya Sagar Velumuri <vvelumuri@marvell.com>

Validate the cipher and auth combination to allow only the
ones supported by hardware.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
 drivers/crypto/cnxk/cn10k_tls.c | 35 ++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c
index afcf7ba6f1..3c2e0feb2a 100644
--- a/drivers/crypto/cnxk/cn10k_tls.c
+++ b/drivers/crypto/cnxk/cn10k_tls.c
@@ -17,6 +17,36 @@
 #include "cnxk_cryptodev_ops.h"
 #include "cnxk_security.h"
 
+static int
+tls_xform_cipher_auth_verify(struct rte_crypto_sym_xform *cipher_xform,
+			     struct rte_crypto_sym_xform *auth_xform)
+{
+	enum rte_crypto_cipher_algorithm c_algo = cipher_xform->cipher.algo;
+	enum rte_crypto_auth_algorithm a_algo = auth_xform->auth.algo;
+	int ret = -ENOTSUP;
+
+	switch (c_algo) {
+	case RTE_CRYPTO_CIPHER_NULL:
+		if ((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) || (a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) ||
+		    (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC))
+			ret = 0;
+		break;
+	case RTE_CRYPTO_CIPHER_3DES_CBC:
+		if (a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC)
+			ret = 0;
+		break;
+	case RTE_CRYPTO_CIPHER_AES_CBC:
+		if ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) ||
+		    (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC))
+			ret = 0;
+		break;
+	default:
+		break;
+	}
+
+	return ret;
+}
+
 static int
 tls_xform_cipher_verify(struct rte_crypto_sym_xform *crypto_xform)
 {
@@ -138,7 +168,10 @@ cnxk_tls_xform_verify(struct rte_security_tls_record_xform *tls_xform,
 		ret = tls_xform_cipher_verify(cipher_xform);
 
 	if (!ret)
-		return tls_xform_auth_verify(auth_xform);
+		ret = tls_xform_auth_verify(auth_xform);
+
+	if (cipher_xform && !ret)
+		return tls_xform_cipher_auth_verify(cipher_xform, auth_xform);
 
 	return ret;
 }