* [dpdk-dev] [PATCH 1/2] crypto/qat: add chacha poly implementation
2019-12-06 18:13 [dpdk-dev] [PATCH 0/2] Add chacha20-poly1305 algorithm to QAT Arek Kusztal
@ 2019-12-06 18:13 ` Arek Kusztal
2020-01-14 17:16 ` Trahe, Fiona
2019-12-06 18:13 ` [dpdk-dev] [PATCH 2/2] test/cryptodev: add chacha poly test cases to cryptodev Arek Kusztal
1 sibling, 1 reply; 4+ messages in thread
From: Arek Kusztal @ 2019-12-06 18:13 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, Arek Kusztal
This patchset adds Chacha20-Poly1305 implementation to Intel
QuickAssist Technology pmd.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
doc/guides/cryptodevs/qat.rst | 1 +
doc/guides/rel_notes/release_20_02.rst | 4 ++++
drivers/common/qat/qat_adf/icp_qat_hw.h | 17 ++++++++++++++--
drivers/crypto/qat/qat_sym_capabilities.h | 32 +++++++++++++++++++++++++++++++
drivers/crypto/qat/qat_sym_pmd.c | 11 ++++++++++-
drivers/crypto/qat/qat_sym_session.c | 20 +++++++++++++++----
6 files changed, 78 insertions(+), 7 deletions(-)
diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
index 6197875..479f5cc 100644
--- a/doc/guides/cryptodevs/qat.rst
+++ b/doc/guides/cryptodevs/qat.rst
@@ -70,6 +70,7 @@ Supported AEAD algorithms:
* ``RTE_CRYPTO_AEAD_AES_GCM``
* ``RTE_CRYPTO_AEAD_AES_CCM``
+* ``RTE_CRYPTO_AEAD_CHACHA20_POLY1305``
Limitations
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index 6b60f47..72504ab 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -60,6 +60,10 @@ New Features
Chacha20-Poly1305 AEAD algorithm can now be supported in Cryptodev.
+* **Updated the Intel QuickAssist Technology (QAT) symmetric crypto PMD.**
+
+ Added Chacha20-Poly1305 AEAD algorithm.
+
Removed Items
-------------
diff --git a/drivers/common/qat/qat_adf/icp_qat_hw.h b/drivers/common/qat/qat_adf/icp_qat_hw.h
index cef6486..ed04178 100644
--- a/drivers/common/qat/qat_adf/icp_qat_hw.h
+++ b/drivers/common/qat/qat_adf/icp_qat_hw.h
@@ -51,7 +51,10 @@ enum icp_qat_hw_auth_algo {
ICP_QAT_HW_AUTH_ALGO_SHA3_256 = 17,
ICP_QAT_HW_AUTH_RESERVED_3 = 18,
ICP_QAT_HW_AUTH_ALGO_SHA3_512 = 19,
- ICP_QAT_HW_AUTH_ALGO_DELIMITER = 20
+ ICP_QAT_HW_AUTH_ALGO_SHAKE_128 = 20,
+ ICP_QAT_HW_AUTH_ALGO_SHAKE_256 = 21,
+ ICP_QAT_HW_AUTH_ALGO_POLY = 22,
+ ICP_QAT_HW_AUTH_ALGO_DELIMITER = 23
};
enum icp_qat_hw_auth_mode {
@@ -204,7 +207,9 @@ enum icp_qat_hw_cipher_algo {
ICP_QAT_HW_CIPHER_ALGO_KASUMI = 7,
ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2 = 8,
ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3 = 9,
- ICP_QAT_HW_CIPHER_DELIMITER = 10
+ ICP_QAT_HW_CIPHER_ALGO_SM4 = 10,
+ ICP_QAT_HW_CIPHER_ALGO_CHACHA20_POLY1305 = 11,
+ ICP_QAT_HW_CIPHER_DELIMITER = 12
};
enum icp_qat_hw_cipher_mode {
@@ -306,6 +311,14 @@ enum icp_qat_hw_cipher_convert {
#define ICP_QAT_HW_ZUC_3G_EEA3_KEY_SZ 16
#define ICP_QAT_HW_ZUC_3G_EEA3_IV_SZ 16
#define ICP_QAT_HW_MODE_F8_NUM_REG_TO_CLEAR 2
+#define ICP_QAT_HW_SM4_KEY_SZ 16
+#define ICP_QAT_HW_SM4_IV_SZ 16
+#define ICP_QAT_HW_CHACHAPOLY_KEY_SZ 32
+#define ICP_QAT_HW_CHACHAPOLY_IV_SZ 12
+#define ICP_QAT_HW_CHACHAPOLY_BLK_SZ 64
+#define ICP_QAT_HW_SPC_CTR_SZ 16
+#define ICP_QAT_HW_CHACHAPOLY_ICV__SZ 16
+#define ICP_QAT_HW_CHACHAPOLY_AAD_MAX_LOG 14
#define ICP_QAT_HW_CIPHER_MAX_KEY_SZ ICP_QAT_HW_AES_256_F8_KEY_SZ
diff --git a/drivers/crypto/qat/qat_sym_capabilities.h b/drivers/crypto/qat/qat_sym_capabilities.h
index 028a56c..acc5045 100644
--- a/drivers/crypto/qat/qat_sym_capabilities.h
+++ b/drivers/crypto/qat/qat_sym_capabilities.h
@@ -594,4 +594,36 @@
}, } \
}
+#define QAT_EXTRA_GEN3_SYM_CAPABILITIES \
+ { /* Chacha20-Poly1305 */ \
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \
+ {.sym = { \
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, \
+ {.aead = { \
+ .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305, \
+ .block_size = 64, \
+ .key_size = { \
+ .min = 32, \
+ .max = 32, \
+ .increment = 0 \
+ }, \
+ .digest_size = { \
+ .min = 16, \
+ .max = 16, \
+ .increment = 0 \
+ }, \
+ .aad_size = { \
+ .min = 0, \
+ .max = 240, \
+ .increment = 1 \
+ }, \
+ .iv_size = { \
+ .min = 12, \
+ .max = 12, \
+ .increment = 0 \
+ }, \
+ }, } \
+ }, } \
+ }
+
#endif /* _QAT_SYM_CAPABILITIES_H_ */
diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c
index 71f21ce..a6e2d24 100644
--- a/drivers/crypto/qat/qat_sym_pmd.c
+++ b/drivers/crypto/qat/qat_sym_pmd.c
@@ -27,6 +27,13 @@ static const struct rte_cryptodev_capabilities qat_gen2_sym_capabilities[] = {
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
+static const struct rte_cryptodev_capabilities qat_gen3_sym_capabilities[] = {
+ QAT_BASE_GEN1_SYM_CAPABILITIES,
+ QAT_EXTRA_GEN2_SYM_CAPABILITIES,
+ QAT_EXTRA_GEN3_SYM_CAPABILITIES,
+ RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
+};
+
static int qat_sym_qp_release(struct rte_cryptodev *dev,
uint16_t queue_pair_id);
@@ -291,9 +298,11 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev)
internals->qat_dev_capabilities = qat_gen1_sym_capabilities;
break;
case QAT_GEN2:
- case QAT_GEN3:
internals->qat_dev_capabilities = qat_gen2_sym_capabilities;
break;
+ case QAT_GEN3:
+ internals->qat_dev_capabilities = qat_gen3_sym_capabilities;
+ break;
default:
internals->qat_dev_capabilities = qat_gen2_sym_capabilities;
QAT_LOG(DEBUG,
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 72290ba..c6ca42c 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -519,7 +519,8 @@ qat_sym_session_handle_single_pass(struct qat_sym_dev_private *internals,
session->is_single_pass = 1;
session->min_qat_dev_gen = QAT_GEN3;
session->qat_cmd = ICP_QAT_FW_LA_CMD_CIPHER;
- session->qat_mode = ICP_QAT_HW_CIPHER_AEAD_MODE;
+ if (aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM)
+ session->qat_mode = ICP_QAT_HW_CIPHER_AEAD_MODE;
session->cipher_iv.offset = aead_xform->iv.offset;
session->cipher_iv.length = aead_xform->iv.length;
if (qat_sym_session_aead_create_cd_cipher(session,
@@ -566,6 +567,7 @@ qat_sym_session_handle_single_pass(struct qat_sym_dev_private *internals,
aead_xform->aad_length);
cipher_param->spc_aad_sz = aead_xform->aad_length;
cipher_param->spc_auth_res_sz = aead_xform->digest_length;
+
}
return 0;
}
@@ -727,6 +729,7 @@ qat_sym_session_configure_aead(struct rte_cryptodev *dev,
session->cipher_iv.offset = xform->aead.iv.offset;
session->cipher_iv.length = xform->aead.iv.length;
+ session->is_single_pass = 0;
switch (aead_xform->algo) {
case RTE_CRYPTO_AEAD_AES_GCM:
if (qat_sym_validate_aes_key(aead_xform->key.length,
@@ -746,15 +749,24 @@ qat_sym_session_configure_aead(struct rte_cryptodev *dev,
session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC;
break;
+ case RTE_CRYPTO_AEAD_CHACHA20_POLY1305:
+ if (aead_xform->key.length != ICP_QAT_HW_CHACHAPOLY_KEY_SZ)
+ return -EINVAL;
+ session->qat_cipher_alg = ICP_QAT_HW_CIPHER_ALGO_CHACHA20_POLY1305;
+ session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
+ session->min_qat_dev_gen = QAT_GEN3;
+ session->is_single_pass = 1;
+ break;
default:
QAT_LOG(ERR, "Crypto: Undefined AEAD specified %u\n",
aead_xform->algo);
return -EINVAL;
}
- session->is_single_pass = 0;
- if (aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) {
- /* Use faster Single-Pass GCM if possible */
+ if (aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM ||
+ aead_xform->algo == RTE_CRYPTO_AEAD_CHACHA20_POLY1305) {
+ /* Use faster Single-Pass GCM if possible, for ChachaPoly
+ it always is single pass */
int res = qat_sym_session_handle_single_pass(
dev->data->dev_private, session, aead_xform);
if (res < 0)
--
2.1.0
^ permalink raw reply [flat|nested] 4+ messages in thread* [dpdk-dev] [PATCH 2/2] test/cryptodev: add chacha poly test cases to cryptodev
2019-12-06 18:13 [dpdk-dev] [PATCH 0/2] Add chacha20-poly1305 algorithm to QAT Arek Kusztal
2019-12-06 18:13 ` [dpdk-dev] [PATCH 1/2] crypto/qat: add chacha poly implementation Arek Kusztal
@ 2019-12-06 18:13 ` Arek Kusztal
1 sibling, 0 replies; 4+ messages in thread
From: Arek Kusztal @ 2019-12-06 18:13 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, Arek Kusztal
This patch adds Chacha20-Poly1305 implementation to
cryptodev tests.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
app/test/test_cryptodev.c | 35 +++++++++++++
app/test/test_cryptodev_aead_test_vectors.h | 77 +++++++++++++++++++++++++++++
2 files changed, 112 insertions(+)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 1b56145..222e768 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -7541,6 +7541,7 @@ test_authenticated_encryption(const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
+ struct rte_cryptodev_sym_capability_idx cap_idx;
int retval;
uint8_t *ciphertext, *auth_tag;
@@ -7554,6 +7555,15 @@ test_authenticated_encryption(const struct aead_test_data *tdata)
tdata->key.data, tdata->key.len,
tdata->aad.len, tdata->auth_tag.len,
tdata->iv.len);
+
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+ cap_idx.algo.aead = tdata->algo;
+
+ if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
+ &cap_idx) == NULL) {
+ return -ENOTSUP;
+ }
+
if (retval < 0)
return retval;
@@ -8431,6 +8441,7 @@ test_authenticated_decryption(const struct aead_test_data *tdata)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
+ struct rte_cryptodev_sym_capability_idx cap_idx;
int retval;
uint8_t *plaintext;
@@ -8446,6 +8457,14 @@ test_authenticated_decryption(const struct aead_test_data *tdata)
if (retval < 0)
return retval;
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD;
+ cap_idx.algo.aead = tdata->algo;
+
+ if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
+ &cap_idx) == NULL) {
+ return -ENOTSUP;
+ }
+
/* alloc mbuf and set payload */
if (tdata->aad.len > MBUF_SIZE) {
ut_params->ibuf = rte_pktmbuf_alloc(ts_params->large_mbuf_pool);
@@ -8499,6 +8518,18 @@ test_authenticated_decryption(const struct aead_test_data *tdata)
}
static int
+test_chacha20_poly1305_encrypt_test_case_rfc8439(void)
+{
+ return test_authenticated_encryption(&chacha20_poly1305_case_rfc8439);
+}
+
+static int
+test_chacha20_poly1305_decrypt_test_case_rfc8439(void)
+{
+ return test_authenticated_decryption(&chacha20_poly1305_case_rfc8439);
+}
+
+static int
test_AES_GCM_authenticated_decryption_test_case_1(void)
{
return test_authenticated_decryption(&gcm_test_case_1);
@@ -11908,6 +11939,10 @@ static struct unit_test_suite cryptodev_qat_testsuite = {
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_CCM_authenticated_decryption_test_case_128_3),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_chacha20_poly1305_encrypt_test_case_rfc8439),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_chacha20_poly1305_decrypt_test_case_rfc8439),
/** AES GCM Authenticated Encryption */
TEST_CASE_ST(ut_setup, ut_teardown,
test_AES_GCM_auth_encrypt_SGL_in_place_1500B),
diff --git a/app/test/test_cryptodev_aead_test_vectors.h b/app/test/test_cryptodev_aead_test_vectors.h
index a4a3a25..b107510 100644
--- a/app/test/test_cryptodev_aead_test_vectors.h
+++ b/app/test/test_cryptodev_aead_test_vectors.h
@@ -84,6 +84,83 @@ struct gmac_test_data {
};
+static uint8_t chacha_aad_rfc8439[] = {
+ 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
+ 0xc4, 0xc5, 0xc6, 0xc7
+};
+
+static const struct aead_test_data chacha20_poly1305_case_rfc8439 = {
+ .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
+ .key = {
+ .data = {
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+ 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
+ },
+ .len = 32
+ },
+ .iv = {
+ .data = {
+ 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44,
+ 0x45, 0x46, 0x47
+ },
+ .len = 12
+ },
+ .aad = {
+ .data = chacha_aad_rfc8439,
+ .len = 12
+ },
+ .plaintext = {
+ .data = {
+ 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
+ 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
+ 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
+ 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
+ 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
+ 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
+ 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
+ 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
+ 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
+ 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
+ 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
+ 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
+ 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
+ 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
+ 0x74, 0x2e
+
+ },
+ .len = 114
+ },
+ .ciphertext = {
+ .data = {
+ 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
+ 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
+ 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
+ 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
+ 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
+ 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
+ 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
+ 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
+ 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
+ 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
+ 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
+ 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
+ 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
+ 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
+ 0x61, 0x16
+ },
+ .len = 114
+ },
+ .auth_tag = {
+ .data = {
+ 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
+ 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
+ },
+ .len = 16
+ }
+};
+
/** AES-GCM-128 Test Vectors */
static const struct aead_test_data gcm_test_case_1 = {
.algo = RTE_CRYPTO_AEAD_AES_GCM,
--
2.1.0
^ permalink raw reply [flat|nested] 4+ messages in thread