> Subject: [PATCH v2 0/5] add TLS record processing security offload > > Add Transport Layer Security (TLS) and Datagram Transport Layer Security > (DTLS). The protocols provide communications privacy for L4 protocols > such as TCP & UDP. > > TLS (and DTLS) protocol is composed of two layers, > 1. TLS Record Protocol > 2. TLS Handshake Protocol > > While TLS Handshake Protocol helps in establishing security parameters > by which client and server can communicate, TLS Record Protocol provides > the connection security. TLS Record Protocol leverages symmetric > cryptographic operations such as data encryption and authentication for > providing security to the communications. > > Cryptodevs that are capable of offloading TLS Record Protocol may > perform other operations like IV generation, header insertion, atomic > sequence number updates and anti-replay window check in addition to > cryptographic transformations. > > In record write operations, message content type is a per packet field > which is used in constructing the TLS header. One session is expected > to handle all types of content types and so, 'rte_crypto_op.aux_flags' > is used for passing the same. > > Support for TLS record protocol is added for TLS 1.2, TLS 1.3 and > DTLS 1.2. > > Changes in v2: > - Replaced CCS with CHANGE_CIPHER_SPEC (Harry) > - Split patches to clarify lifetime tracking and notification of the > same in rte_crypto_op (Harry) > - Use 8 bits reserved space in rte_crypto_op to pass content type from > application to PMD (in case of record write) and from PMD to > application (in case of of record read). TLS 1.3 has content type as > part of trailer which would be encrypted and would be removed by PMD. > - Updated documentation (Harry) > > Akhil Goyal (1): > net: add headers for TLS/DTLS packets > > Anoob Joseph (2): > security: add TLS record processing > security: support extra padding with TLS > > Vidya Sagar Velumuri (2): > security: support TLS record lifetime notification > cryptodev: add details of datapath handling of TLS records > > doc/api/doxy-api-index.md | 2 + > doc/guides/prog_guide/rte_security.rst | 74 +++++++++++++ > doc/guides/rel_notes/release_23_11.rst | 6 ++ > lib/cryptodev/rte_crypto.h | 50 ++++++++- > lib/net/meson.build | 2 + > lib/net/rte_dtls.h | 61 +++++++++++ > lib/net/rte_tls.h | 48 +++++++++ > lib/security/rte_security.c | 4 + > lib/security/rte_security.h | 144 +++++++++++++++++++++++++ > 9 files changed, 388 insertions(+), 3 deletions(-) > create mode 100644 lib/net/rte_dtls.h > create mode 100644 lib/net/rte_tls.h > Series Applied to dpdk-next-crypto Updated comments with minor formatting across the patches. Please check.
Thanks.
