Enable SHA384-HMAC support for TLS & DTLS 1.2.
Signed-off-by: Vidya Sagar Velumuri <vvelumuri@marvell.com>
---
drivers/crypto/cnxk/cn10k_tls.c | 16 +++++++++++---
drivers/crypto/cnxk/cnxk_cryptodev.h | 4 ++--
.../crypto/cnxk/cnxk_cryptodev_capabilities.c | 21 +++++++++++++++++++
3 files changed, 36 insertions(+), 5 deletions(-)
@@ -28,7 +28,8 @@ tls_xform_cipher_auth_verify(struct rte_crypto_sym_xform *cipher_xform,
switch (c_algo) {
case RTE_CRYPTO_CIPHER_NULL:
if ((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) || (a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) ||
- (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC))
+ (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) ||
+ (a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC))
ret = 0;
break;
case RTE_CRYPTO_CIPHER_3DES_CBC:
@@ -37,7 +38,8 @@ tls_xform_cipher_auth_verify(struct rte_crypto_sym_xform *cipher_xform,
break;
case RTE_CRYPTO_CIPHER_AES_CBC:
if ((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) ||
- (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC))
+ (a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) ||
+ (a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC))
ret = 0;
break;
default:
@@ -69,7 +71,8 @@ tls_xform_auth_verify(struct rte_crypto_sym_xform *crypto_xform)
if (((a_algo == RTE_CRYPTO_AUTH_MD5_HMAC) && (keylen == 16)) ||
((a_algo == RTE_CRYPTO_AUTH_SHA1_HMAC) && (keylen == 20)) ||
- ((a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) && (keylen == 32)))
+ ((a_algo == RTE_CRYPTO_AUTH_SHA256_HMAC) && (keylen == 32)) ||
+ ((a_algo == RTE_CRYPTO_AUTH_SHA384_HMAC) && (keylen == 48)))
return 0;
return -EINVAL;
@@ -251,6 +254,9 @@ tls_write_rlens_get(struct rte_security_tls_record_xform *tls_xfrm,
case RTE_CRYPTO_AUTH_SHA256_HMAC:
mac_len = 32;
break;
+ case RTE_CRYPTO_AUTH_SHA384_HMAC:
+ mac_len = 32;
+ break;
default:
mac_len = 0;
break;
@@ -397,6 +403,8 @@ tls_read_sa_fill(struct roc_ie_ot_tls_read_sa *read_sa,
read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA1;
else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)
read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_256;
+ else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA384_HMAC)
+ read_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_384;
else
return -EINVAL;
@@ -538,6 +546,8 @@ tls_write_sa_fill(struct roc_ie_ot_tls_write_sa *write_sa,
write_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA1;
else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA256_HMAC)
write_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_256;
+ else if (auth_xfrm->auth.algo == RTE_CRYPTO_AUTH_SHA384_HMAC)
+ write_sa->w2.s.mac_select = ROC_IE_OT_TLS_MAC_SHA2_384;
else
return -EINVAL;
@@ -14,8 +14,8 @@
#define CNXK_CPT_MAX_CAPS 55
#define CNXK_SEC_IPSEC_CRYPTO_MAX_CAPS 16
#define CNXK_SEC_TLS_1_3_CRYPTO_MAX_CAPS 2
-#define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 6
-#define CNXK_SEC_MAX_CAPS 17
+#define CNXK_SEC_TLS_1_2_CRYPTO_MAX_CAPS 7
+#define CNXK_SEC_MAX_CAPS 18
/**
* Device private data
@@ -1639,6 +1639,27 @@ static const struct rte_cryptodev_capabilities sec_tls12_caps_sha1_sha2[] = {
}, }
}, }
},
+ { /* SHA384 HMAC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SHA384_HMAC,
+ .block_size = 64,
+ .key_size = {
+ .min = 48,
+ .max = 48,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 48,
+ .max = 48,
+ .increment = 0
+ },
+ }, }
+ }, }
+ },
+
};
static const struct rte_cryptodev_capabilities sec_tls13_caps_aes[] = {