[PATCH v2 8/8] crypto/cnxk: update the context structure of tls

Vidya Sagar Velumuri vvelumuri at marvell.com
Thu Mar 14 14:18:39 CET 2024

Previous message (by thread): [PATCH v2 7/8] crypto/cnxk: add support for oop processing in TLS
Next message (by thread): [DPDK/examples Bug 1401] [dpdk-24.03][asan] cbdma: ERROR: AddressSanitizer: SEGV on unknown address in rte_rwlock_write_lock when launch dpdk-dma
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Keep the record context for TLS-1.3 in sync with microcode
structure.

Report error if optional padding is enabled for AEAD
case in both TLS-1.2 and DTLS-1.2.

Use the proper offset for calculating the context size in case of TLS-1.3.

Signed-off-by: Vidya Sagar Velumuri <vvelumuri at marvell.com>
---
 drivers/common/cnxk/roc_ie_ot_tls.h | 17 ++++++++++++-----
 drivers/crypto/cnxk/cn10k_tls.c     |  6 +++---
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/drivers/common/cnxk/roc_ie_ot_tls.h b/drivers/common/cnxk/roc_ie_ot_tls.h
index 39c42775f4..2d6a290d9b 100644
--- a/drivers/common/cnxk/roc_ie_ot_tls.h
+++ b/drivers/common/cnxk/roc_ie_ot_tls.h
@@ -68,6 +68,16 @@ struct roc_ie_ot_tls_read_ctx_update_reg {
 	uint64_t ar_winbits[ROC_IE_OT_TLS_AR_WINBITS_SZ];
 };
 
+struct roc_ie_ot_tls_1_3_read_ctx_update_reg {
+	uint64_t rsvd0;
+	uint64_t ar_valid_mask;
+	uint64_t hard_life;
+	uint64_t soft_life;
+	uint64_t mib_octs;
+	uint64_t mib_pkts;
+	uint64_t rsvd1;
+};
+
 union roc_ie_ot_tls_param2 {
 	uint16_t u16;
 	struct {
@@ -137,11 +147,8 @@ struct roc_ie_ot_tls_read_sa {
 
 	union {
 		struct {
-			/* Word10 */
-			uint64_t w10_rsvd6;
-
-			/* Word11 - Word25 */
-			struct roc_ie_ot_tls_read_ctx_update_reg ctx;
+			/* Word10 - Word16 */
+			struct roc_ie_ot_tls_1_3_read_ctx_update_reg ctx;
 		} tls_13;
 
 		struct {
diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c
index 3505a71a6c..7b73a58d2a 100644
--- a/drivers/crypto/cnxk/cn10k_tls.c
+++ b/drivers/crypto/cnxk/cn10k_tls.c
@@ -121,8 +121,8 @@ cnxk_tls_xform_verify(struct rte_security_tls_record_xform *tls_xform,
 
 	if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
 		/* optional padding is not allowed in TLS-1.2 for AEAD */
-		if ((tls_xform->ver == RTE_SECURITY_VERSION_TLS_1_2) &&
-		    (tls_xform->options.extra_padding_enable == 1))
+		if ((tls_xform->options.extra_padding_enable == 1) &&
+		    (tls_xform->ver != RTE_SECURITY_VERSION_TLS_1_3))
 			return -EINVAL;
 
 		return tls_xform_aead_verify(tls_xform, crypto_xform);
@@ -312,7 +312,7 @@ tls_read_ctx_size(struct roc_ie_ot_tls_read_sa *sa, enum rte_security_tls_versio
 	/* Variable based on Anti-replay Window */
 	if (tls_ver == RTE_SECURITY_VERSION_TLS_1_3) {
 		size = offsetof(struct roc_ie_ot_tls_read_sa, tls_13.ctx) +
-		       offsetof(struct roc_ie_ot_tls_read_ctx_update_reg, ar_winbits);
+		       sizeof(struct roc_ie_ot_tls_1_3_read_ctx_update_reg);
 	} else {
 		size = offsetof(struct roc_ie_ot_tls_read_sa, tls_12.ctx) +
 		       offsetof(struct roc_ie_ot_tls_read_ctx_update_reg, ar_winbits);
-- 
2.25.1

Previous message (by thread): [PATCH v2 7/8] crypto/cnxk: add support for oop processing in TLS
Next message (by thread): [DPDK/examples Bug 1401] [dpdk-24.03][asan] cbdma: ERROR: AddressSanitizer: SEGV on unknown address in rte_rwlock_write_lock when launch dpdk-dma
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list