From: Vidya Sagar Velumuri <vvelum...@marvell.com>

TLS/DTLS record processing requires content type to be provided per
packet (for record write operation). Extend usage of reserved fields in
rte_crypto_op for the same purpose.

Signed-off-by: Anoob Joseph <ano...@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelum...@marvell.com>
---
 doc/guides/prog_guide/rte_security.rst | 12 ++++++++++++
 doc/guides/rel_notes/release_23_11.rst |  6 ++++++
 lib/cryptodev/rte_crypto.h             | 25 ++++++++++++++++++++++++-
 3 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/doc/guides/prog_guide/rte_security.rst 
b/doc/guides/prog_guide/rte_security.rst
index f90dee5df0..7a25a7e649 100644
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -453,6 +453,18 @@ Protocol. The TLS Record Protocol provides connection 
security that has two basi
                   V                              V
             TLSCiphertext                  TLSPlaintext
 
+TLS and DTLS header formation (in record write operation) would depend on
+type of content. It is a per packet variable and would need to be handled by
+the same session. Application may pass this info to a cryptodev performing
+lookaside protocol offload by passing the same in ``rte_crypto_op.param1``.
+
+In record read operation, application is required to preserve any info it may
+need from the TLS/DTLS header (such as content type and sequence number) as the
+cryptodev would remove the header and padding as part of the lookaside protocol
+processing. With TLS 1.3, the actual content type is part of the trailer 
(before
+padding) and would be stripped by the PMD. For applications that may need this
+info, PMD would return the value in ``rte_crypto_op.param1`` field.
+
 Supported Versions
 ^^^^^^^^^^^^^^^^^^
 
diff --git a/doc/guides/rel_notes/release_23_11.rst 
b/doc/guides/rel_notes/release_23_11.rst
index 250735efa9..663d1e9cf9 100644
--- a/doc/guides/rel_notes/release_23_11.rst
+++ b/doc/guides/rel_notes/release_23_11.rst
@@ -83,6 +83,12 @@ New Features
   Similar to out of place processing support for lookaside security session, 
added
   the same support for inline ingress security session.
 
+* **Added support for TLS and DTLS record in rte_security.**
+
+  Added TLS and DTLS record transform for rte_security session and added
+  enhancements to ``rte_crypto_op`` fields to handle all datapath requirements
+  of TLS and DTLS. The support is added for TLS 1.2, TLS 1.3 and DTLS 1.2.
+
 * **Updated ipsec_mb crypto driver.**
 
   Added support for digest encrypted to AESNI_MB asynchronous crypto driver.
diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index 9fe3e3d529..34aacd9312 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -123,7 +123,30 @@ struct rte_crypto_op {
                         *
                         * @see struct rte_security_tls_record_sess_options
                         */
-                       uint8_t reserved[2];
+                       union {
+                               struct {
+                                       uint8_t content_type;
+                                       /**< Content type. The field can act 
both as input
+                                        * and output.
+                                        *
+                                        * As input, for passing message type 
in case of record
+                                        * write (encrypt) operation. 
Applicable for,
+                                        * 1. TLS 1.2
+                                        * 2. TLS 1.3
+                                        * 3. DTLS 1.2
+                                        *
+                                        * As output, for returning message 
type in case of record
+                                        * read (decrypt) operation. Applicable 
for,
+                                        * 1. TLS 1.3
+                                        *
+                                        * Message types are listed as 
RTE_TLS_TYPE_* and
+                                        * RTE_DTLS_TYPE_*.
+                                        */
+                               } tls_record;
+                               /**< TLS record */
+                       } param1;
+                       /**< Additional per operation parameter 1. */
+                       uint8_t reserved[1];
                        /**< Reserved bytes to fill 64 bits for
                         * future additions
                         */
-- 
2.25.1

Reply via email to