Keep the record context for TLS-1.3 in sync with microcode
structure.
Report error if optional padding is enabled for AEAD
case in both TLS-1.2 and DTLS-1.2.
Signed-off-by: Vidya Sagar Velumuri <vvelum...@marvell.com>
---
drivers/common/cnxk/roc_ie_ot_tls.h | 17 ++++++++++++-----
drivers/crypto/cnxk/cn10k_tls.c | 4 ++--
2 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/drivers/common/cnxk/roc_ie_ot_tls.h
b/drivers/common/cnxk/roc_ie_ot_tls.h
index b85d075e86..44850f7060 100644
--- a/drivers/common/cnxk/roc_ie_ot_tls.h
+++ b/drivers/common/cnxk/roc_ie_ot_tls.h
@@ -67,6 +67,16 @@ struct roc_ie_ot_tls_read_ctx_update_reg {
uint64_t ar_winbits[ROC_IE_OT_TLS_AR_WINBITS_SZ];
};
+struct roc_ie_ot_tls_1_3_read_ctx_update_reg {
+ uint64_t rsvd0;
+ uint64_t ar_valid_mask;
+ uint64_t hard_life;
+ uint64_t soft_life;
+ uint64_t mib_octs;
+ uint64_t mib_pkts;
+ uint64_t rsvd1;
+};
+
union roc_ie_ot_tls_param2 {
uint16_t u16;
struct {
@@ -136,11 +146,8 @@ struct roc_ie_ot_tls_read_sa {
union {
struct {
- /* Word10 */
- uint64_t w10_rsvd6;
-
- /* Word11 - Word25 */
- struct roc_ie_ot_tls_read_ctx_update_reg ctx;
+ /* Word10 - Word16 */
+ struct roc_ie_ot_tls_1_3_read_ctx_update_reg ctx;
} tls_13;
struct {
diff --git a/drivers/crypto/cnxk/cn10k_tls.c b/drivers/crypto/cnxk/cn10k_tls.c
index dea4e501f3..fbf45c464a 100644
--- a/drivers/crypto/cnxk/cn10k_tls.c
+++ b/drivers/crypto/cnxk/cn10k_tls.c
@@ -118,8 +118,8 @@ cnxk_tls_xform_verify(struct rte_security_tls_record_xform
*tls_xform,
if (crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
/* optional padding is not allowed in TLS-1.2 for AEAD */
- if ((tls_xform->ver == RTE_SECURITY_VERSION_TLS_1_2) &&
- (tls_xform->options.extra_padding_enable == 1))
+ if ((tls_xform->options.extra_padding_enable == 1) &&
+ (tls_xform->ver != RTE_SECURITY_VERSION_TLS_1_3))
return -EINVAL;
return tls_xform_aead_verify(tls_xform, crypto_xform);
--
2.25.1
