DPDK patches and discussions
 help / color / Atom feed
* [dpdk-dev] [PATCH 0/2] QAT: handle Single Pass GCM
@ 2019-09-06 14:47 Adam Dybkowski
  2019-09-06 14:47 ` [dpdk-dev] [PATCH 1/2] common/qat: add new QAT GEN3 definitions Adam Dybkowski
                   ` (2 more replies)
  0 siblings, 3 replies; 16+ messages in thread
From: Adam Dybkowski @ 2019-09-06 14:47 UTC (permalink / raw)
  To: dev, fiona.trahe; +Cc: Adam Dybkowski

This patch improves the performance of AES GCM by using
the Single Pass Crypto Request functionality when running 
on GEN3 QAT.

Adam Dybkowski (2):
  common/qat: add new QAT GEN3 definitions
  crypto/qat: handle Single Pass Crypto Requests

 drivers/common/qat/qat_adf/icp_qat_fw_la.h | 19 +++++++++---
 drivers/crypto/qat/qat_sym.c               | 36 ++++++++++++++++++++--
 drivers/crypto/qat/qat_sym_session.c       |  2 +-
 3 files changed, 49 insertions(+), 8 deletions(-)

-- 
2.17.1


^ permalink raw reply	[flat|nested] 16+ messages in thread

* [dpdk-dev] [PATCH 1/2] common/qat: add new QAT GEN3 definitions
  2019-09-06 14:47 [dpdk-dev] [PATCH 0/2] QAT: handle Single Pass GCM Adam Dybkowski
@ 2019-09-06 14:47 ` Adam Dybkowski
  2019-09-06 14:47 ` [dpdk-dev] [PATCH 2/2] crypto/qat: handle Single Pass Crypto Requests Adam Dybkowski
  2019-09-27 15:47 ` [dpdk-dev] [PATCH v2 0/3] QAT: handle Single Pass GCM Adam Dybkowski
  2 siblings, 0 replies; 16+ messages in thread
From: Adam Dybkowski @ 2019-09-06 14:47 UTC (permalink / raw)
  To: dev, fiona.trahe; +Cc: Adam Dybkowski

This patch adds few definitions specific to GEN3 QAT.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
 drivers/common/qat/qat_adf/icp_qat_fw_la.h | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/drivers/common/qat/qat_adf/icp_qat_fw_la.h b/drivers/common/qat/qat_adf/icp_qat_fw_la.h
index c33bc3fe7..38891eb1f 100644
--- a/drivers/common/qat/qat_adf/icp_qat_fw_la.h
+++ b/drivers/common/qat/qat_adf/icp_qat_fw_la.h
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
- * Copyright(c) 2015-2018 Intel Corporation
+ * Copyright(c) 2015-2019 Intel Corporation
  */
 #ifndef _ICP_QAT_FW_LA_H_
 #define _ICP_QAT_FW_LA_H_
@@ -34,6 +34,9 @@ struct icp_qat_fw_la_bulk_req {
 	struct icp_qat_fw_comn_req_cd_ctrl cd_ctrl;
 };
 
+#define QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_BITPOS 13
+#define ICP_QAT_FW_LA_SINGLE_PASS_PROTO 1
+#define QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_MASK 0x1
 #define ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS 1
 #define ICP_QAT_FW_LA_GCM_IV_LEN_NOT_12_OCTETS 0
 #define QAT_FW_LA_ZUC_3G_PROTO_FLAG_BITPOS 12
@@ -152,6 +155,10 @@ struct icp_qat_fw_la_bulk_req {
 	QAT_FIELD_SET(flags, val, QAT_FW_LA_ZUC_3G_PROTO_FLAG_BITPOS, \
 	QAT_FW_LA_ZUC_3G_PROTO_FLAG_MASK)
 
+#define ICP_QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_SET(flags, val) \
+	QAT_FIELD_SET(flags, val, QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_BITPOS, \
+	QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_MASK)
+
 #define ICP_QAT_FW_LA_GCM_IV_LEN_FLAG_SET(flags, val) \
 	QAT_FIELD_SET(flags, val, QAT_LA_GCM_IV_LEN_FLAG_BITPOS, \
 	QAT_LA_GCM_IV_LEN_FLAG_MASK)
@@ -267,8 +274,7 @@ struct icp_qat_fw_cipher_auth_cd_ctrl_hdr {
 #define ICP_QAT_FW_AUTH_HDR_FLAG_DO_NESTED 1
 #define ICP_QAT_FW_AUTH_HDR_FLAG_NO_NESTED 0
 #define ICP_QAT_FW_CCM_GCM_AAD_SZ_MAX	240
-#define ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET \
-	(sizeof(struct icp_qat_fw_la_cipher_req_params_t))
+#define ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET 24
 #define ICP_QAT_FW_CIPHER_REQUEST_PARAMETERS_OFFSET (0)
 
 struct icp_qat_fw_la_cipher_req_params {
@@ -281,7 +287,12 @@ struct icp_qat_fw_la_cipher_req_params {
 			uint64_t resrvd1;
 		} s;
 	} u;
-};
+	uint64_t spc_aad_addr;
+	uint64_t spc_auth_res_addr;
+	uint16_t spc_aad_sz;
+	uint8_t reserved;
+	uint8_t spc_auth_res_sz;
+} __rte_packed;
 
 struct icp_qat_fw_la_auth_req_params {
 	uint32_t auth_off;
-- 
2.17.1


^ permalink raw reply	[flat|nested] 16+ messages in thread

* [dpdk-dev] [PATCH 2/2] crypto/qat: handle Single Pass Crypto Requests
  2019-09-06 14:47 [dpdk-dev] [PATCH 0/2] QAT: handle Single Pass GCM Adam Dybkowski
  2019-09-06 14:47 ` [dpdk-dev] [PATCH 1/2] common/qat: add new QAT GEN3 definitions Adam Dybkowski
@ 2019-09-06 14:47 ` Adam Dybkowski
  2019-09-27 15:47 ` [dpdk-dev] [PATCH v2 0/3] QAT: handle Single Pass GCM Adam Dybkowski
  2 siblings, 0 replies; 16+ messages in thread
From: Adam Dybkowski @ 2019-09-06 14:47 UTC (permalink / raw)
  To: dev, fiona.trahe; +Cc: Adam Dybkowski

This patch improves the performance of AES GCM by using
the Single Pass Crypto Request functionality when running
on GEN3 QAT.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
 drivers/crypto/qat/qat_sym.c         | 36 +++++++++++++++++++++++++---
 drivers/crypto/qat/qat_sym_session.c |  2 +-
 2 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 46ef27a6d..eb857c7dc 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2015-2018 Intel Corporation
+ * Copyright(c) 2015-2019 Intel Corporation
  */
 
 #include <openssl/evp.h>
@@ -12,6 +12,14 @@
 
 #include "qat_sym.h"
 
+/* 96-bit case of IV for CCP/GCM single pass algorithm */
+#define LAC_CIPHER_SPC_IV_SIZE 12
+
+/* Macro to check if the algorithm is single pass */
+#define LAC_CIPHER_IS_SPC(session)                                             \
+		(session->qat_mode == ICP_QAT_HW_CIPHER_CTR_MODE &&            \
+		session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128)
+
 /** Decrypt a single partial block
  *  Depends on openssl libcrypto
  *  Uses ECB+XOR to do CFB encryption, same result, more performant
@@ -151,6 +159,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 	struct icp_qat_fw_la_cipher_req_params *cipher_param;
 	struct icp_qat_fw_la_auth_req_params *auth_param;
 	register struct icp_qat_fw_la_bulk_req *qat_req;
+	rte_iova_t aad_phys_addr_aead = 0;
 	uint8_t do_auth = 0, do_cipher = 0, do_aead = 0;
 	uint32_t cipher_len = 0, cipher_ofs = 0;
 	uint32_t auth_len = 0, auth_ofs = 0;
@@ -195,7 +204,8 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 	rte_mov128((uint8_t *)qat_req, (const uint8_t *)&(ctx->fw_req));
 	qat_req->comn_mid.opaque_data = (uint64_t)(uintptr_t)op;
 	cipher_param = (void *)&qat_req->serv_specif_rqpars;
-	auth_param = (void *)((uint8_t *)cipher_param + sizeof(*cipher_param));
+	auth_param = (void *)((uint8_t *)cipher_param +
+			ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET);
 
 	if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_HASH_CIPHER ||
 			ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {
@@ -318,7 +328,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 		 * This address may used for setting AAD physical pointer
 		 * into IV offset from op
 		 */
-		rte_iova_t aad_phys_addr_aead = op->sym->aead.aad.phys_addr;
+		aad_phys_addr_aead = op->sym->aead.aad.phys_addr;
 		if (ctx->qat_hash_alg ==
 				ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
 				ctx->qat_hash_alg ==
@@ -593,6 +603,26 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 		qat_req->comn_mid.dest_data_addr = dst_buf_start;
 	}
 
+	/* Handle single pass GCM */
+	if (do_aead && qat_dev_gen == QAT_GEN3 && LAC_CIPHER_IS_SPC(ctx) &&
+			ctx->cipher_iv.length == LAC_CIPHER_SPC_IV_SIZE) {
+		/* New bit position (13) for SINGLE PASS.
+		 * The FW provides a specific macro to use
+		 * to set the proto flag.
+		 */
+		ICP_QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_SET(
+			qat_req->comn_hdr.serv_specif_flags,
+			ICP_QAT_FW_LA_SINGLE_PASS_PROTO);
+		ICP_QAT_FW_LA_PROTO_SET(
+			qat_req->comn_hdr.serv_specif_flags,
+			ICP_QAT_FW_LA_NO_PROTO);
+		cipher_param->spc_aad_addr = aad_phys_addr_aead;
+		cipher_param->spc_auth_res_addr =
+				op->sym->auth.digest.phys_addr;
+		cipher_param->spc_aad_sz = ctx->aad_len;
+		cipher_param->spc_auth_res_sz = ctx->digest_length;
+	}
+
 #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
 	QAT_DP_HEXDUMP_LOG(DEBUG, "qat_req:", qat_req,
 			sizeof(struct icp_qat_fw_la_bulk_req));
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index e5167b3fa..826f635c4 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -1444,7 +1444,7 @@ int qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc,
 	struct icp_qat_fw_la_auth_req_params *auth_param =
 		(struct icp_qat_fw_la_auth_req_params *)
 		((char *)&req_tmpl->serv_specif_rqpars +
-		sizeof(struct icp_qat_fw_la_cipher_req_params));
+		ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET);
 	uint16_t state1_size = 0, state2_size = 0;
 	uint16_t hash_offset, cd_size;
 	uint32_t *aad_len = NULL;
-- 
2.17.1


^ permalink raw reply	[flat|nested] 16+ messages in thread

* [dpdk-dev] [PATCH v2 0/3] QAT: handle Single Pass GCM
  2019-09-06 14:47 [dpdk-dev] [PATCH 0/2] QAT: handle Single Pass GCM Adam Dybkowski
  2019-09-06 14:47 ` [dpdk-dev] [PATCH 1/2] common/qat: add new QAT GEN3 definitions Adam Dybkowski
  2019-09-06 14:47 ` [dpdk-dev] [PATCH 2/2] crypto/qat: handle Single Pass Crypto Requests Adam Dybkowski
@ 2019-09-27 15:47 ` Adam Dybkowski
  2019-09-27 15:47   ` [dpdk-dev] [PATCH v2 1/3] test/crypto: add more AES GCM tests for QAT PMD Adam Dybkowski
                     ` (3 more replies)
  2 siblings, 4 replies; 16+ messages in thread
From: Adam Dybkowski @ 2019-09-27 15:47 UTC (permalink / raw)
  To: dev, fiona.trahe, arkadiuszx.kusztal, akhil.goyal; +Cc: Adam Dybkowski

This patch improves the performance of AES GCM
by using the Single Pass Crypto Request
when running on GEN3 QAT.
---
v2:
* Fix the session preparation function and request building code.
* Update release notes.

Adam Dybkowski (3):
  test/crypto: add more AES GCM tests for QAT PMD
  common/qat: add new QAT GEN3 definitions
  crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT

 app/test/test_cryptodev.c                  | 253 ++++++++++++++++++++-
 doc/guides/rel_notes/release_19_11.rst     |   7 +
 drivers/common/qat/qat_adf/icp_qat_fw_la.h |  19 +-
 drivers/common/qat/qat_adf/icp_qat_hw.h    |  19 ++
 drivers/crypto/qat/qat_sym.c               |  13 +-
 drivers/crypto/qat/qat_sym_session.c       |  86 ++++++-
 drivers/crypto/qat/qat_sym_session.h       |   9 +-
 7 files changed, 389 insertions(+), 17 deletions(-)

-- 
2.17.1


^ permalink raw reply	[flat|nested] 16+ messages in thread

* [dpdk-dev] [PATCH v2 1/3] test/crypto: add more AES GCM tests for QAT PMD
  2019-09-27 15:47 ` [dpdk-dev] [PATCH v2 0/3] QAT: handle Single Pass GCM Adam Dybkowski
@ 2019-09-27 15:47   ` Adam Dybkowski
  2019-10-03 12:41     ` Trahe, Fiona
  2019-09-27 15:47   ` [dpdk-dev] [PATCH v2 2/3] common/qat: add new QAT GEN3 definitions Adam Dybkowski
                     ` (2 subsequent siblings)
  3 siblings, 1 reply; 16+ messages in thread
From: Adam Dybkowski @ 2019-09-27 15:47 UTC (permalink / raw)
  To: dev, fiona.trahe, arkadiuszx.kusztal, akhil.goyal; +Cc: Adam Dybkowski

This patch adds 256-bit AES GCM tests for QAT PMD
(which already existed for AESNI and OpenSSL) and also adds
a number of negative unit tests for AES GCM for QAT PMD, in order
to verify authenticated encryption and decryption with modified data.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
 app/test/test_cryptodev.c | 253 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 248 insertions(+), 5 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 9a226bd15..a0629c402 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -6939,7 +6939,8 @@ create_aead_operation(enum rte_crypto_aead_operation op,
 }
 
 static int
-test_authenticated_encryption(const struct aead_test_data *tdata)
+test_authenticated_encryption_silent(const struct aead_test_data *tdata,
+		uint8_t silent_mode)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -7005,6 +7006,12 @@ test_authenticated_encryption(const struct aead_test_data *tdata)
 	debug_hexdump(stdout, "auth tag:", auth_tag, tdata->auth_tag.len);
 
 	/* Validate obuf */
+	if (silent_mode)
+		return !memcmp(ciphertext, tdata->ciphertext.data,
+				tdata->ciphertext.len) &&
+			!memcmp(auth_tag, tdata->auth_tag.data,
+				tdata->auth_tag.len) ? 0 : TEST_FAILED;
+
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
 			ciphertext,
 			tdata->ciphertext.data,
@@ -7021,6 +7028,12 @@ test_authenticated_encryption(const struct aead_test_data *tdata)
 
 }
 
+static int
+test_authenticated_encryption(const struct aead_test_data *tdata)
+{
+	return test_authenticated_encryption_silent(tdata, 0);
+}
+
 static int
 test_AES_GCM_authenticated_encryption_test_case_1(void)
 {
@@ -7063,6 +7076,12 @@ test_AES_GCM_authenticated_encryption_test_case_7(void)
 	return test_authenticated_encryption(&gcm_test_case_7);
 }
 
+static int
+test_AES_GCM_authenticated_encryption_test_case_8(void)
+{
+	return test_authenticated_encryption(&gcm_test_case_8);
+}
+
 static int
 test_AES_GCM_auth_encryption_test_case_192_1(void)
 {
@@ -7160,7 +7179,89 @@ test_AES_GCM_auth_encryption_test_case_aad_2(void)
 }
 
 static int
-test_authenticated_decryption(const struct aead_test_data *tdata)
+test_AES_GCM_auth_encryption_fail_iv_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.iv.data[0] += 1;
+	res = test_authenticated_encryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_in_data_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.plaintext.data[0] += 1;
+	res = test_authenticated_encryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_out_data_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.ciphertext.data[0] += 1;
+	res = test_authenticated_encryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_aad_len_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.aad.len += 1;
+	res = test_authenticated_encryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_aad_corrupt(void)
+{
+	struct aead_test_data tdata;
+	uint8_t aad[gcm_test_case_7.aad.len];
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	memcpy(aad, gcm_test_case_7.aad.data, gcm_test_case_7.aad.len);
+	aad[0] += 1;
+	tdata.aad.data = aad;
+	res = test_authenticated_encryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_tag_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.auth_tag.data[0] += 1;
+	res = test_authenticated_encryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_authenticated_decryption_silent(const struct aead_test_data *tdata,
+		uint8_t silent_mode)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
@@ -7217,19 +7318,30 @@ test_authenticated_decryption(const struct aead_test_data *tdata)
 
 	debug_hexdump(stdout, "plaintext:", plaintext, tdata->ciphertext.len);
 
+	TEST_ASSERT_EQUAL(ut_params->op->status,
+			RTE_CRYPTO_OP_STATUS_SUCCESS,
+			"Authentication failed");
+
 	/* Validate obuf */
+	if (silent_mode)
+		return !memcmp(plaintext, tdata->plaintext.data,
+				tdata->plaintext.len) ? 0 : TEST_FAILED;
+
 	TEST_ASSERT_BUFFERS_ARE_EQUAL(
 			plaintext,
 			tdata->plaintext.data,
 			tdata->plaintext.len,
 			"Plaintext data not as expected");
 
-	TEST_ASSERT_EQUAL(ut_params->op->status,
-			RTE_CRYPTO_OP_STATUS_SUCCESS,
-			"Authentication failed");
 	return 0;
 }
 
+static int
+test_authenticated_decryption(const struct aead_test_data *tdata)
+{
+	return test_authenticated_decryption_silent(tdata, 0);
+}
+
 static int
 test_AES_GCM_authenticated_decryption_test_case_1(void)
 {
@@ -7272,6 +7384,12 @@ test_AES_GCM_authenticated_decryption_test_case_7(void)
 	return test_authenticated_decryption(&gcm_test_case_7);
 }
 
+static int
+test_AES_GCM_authenticated_decryption_test_case_8(void)
+{
+	return test_authenticated_decryption(&gcm_test_case_8);
+}
+
 static int
 test_AES_GCM_auth_decryption_test_case_192_1(void)
 {
@@ -7368,6 +7486,87 @@ test_AES_GCM_auth_decryption_test_case_aad_2(void)
 	return test_authenticated_decryption(&gcm_test_case_aad_2);
 }
 
+static int
+test_AES_GCM_auth_decryption_fail_iv_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.iv.data[0] += 1;
+	res = test_authenticated_decryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_in_data_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.plaintext.data[0] += 1;
+	res = test_authenticated_decryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_out_data_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.ciphertext.data[0] += 1;
+	res = test_authenticated_decryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_aad_len_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.aad.len += 1;
+	res = test_authenticated_decryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_aad_corrupt(void)
+{
+	struct aead_test_data tdata;
+	uint8_t aad[gcm_test_case_7.aad.len];
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	memcpy(aad, gcm_test_case_7.aad.data, gcm_test_case_7.aad.len);
+	aad[0] += 1;
+	tdata.aad.data = aad;
+	res = test_authenticated_decryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_tag_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.auth_tag.data[0] += 1;
+	res = test_authenticated_decryption_silent(&tdata, 1);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "authentication not failed");
+	return TEST_SUCCESS;
+}
+
 static int
 test_authenticated_encryption_oop(const struct aead_test_data *tdata)
 {
@@ -10315,6 +10514,8 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 			test_AES_GCM_authenticated_encryption_test_case_6),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_AES_GCM_authenticated_encryption_test_case_7),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_authenticated_encryption_test_case_8),
 
 		/** AES GCM Authenticated Decryption */
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -10331,6 +10532,8 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 			test_AES_GCM_authenticated_decryption_test_case_6),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_AES_GCM_authenticated_decryption_test_case_7),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_authenticated_decryption_test_case_8),
 
 		/** AES GCM Authenticated Encryption 192 bits key */
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -10380,6 +10583,22 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_AES_GCM_auth_encryption_test_case_256_7),
 
+		/** AES GCM Authenticated Decryption 256 bits key */
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_3),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_4),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_5),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_6),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_7),
+
 		/** AES GMAC Authentication */
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_AES_GMAC_authentication_test_case_1),
@@ -10602,6 +10821,30 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 			authentication_verify_HMAC_SHA1_fail_data_corrupt),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			authentication_verify_HMAC_SHA1_fail_tag_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_iv_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_in_data_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_out_data_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_aad_len_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_aad_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_tag_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_iv_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_in_data_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_out_data_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_aad_len_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_aad_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_tag_corrupt),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			authentication_verify_AES128_GMAC_fail_data_corrupt),
 		TEST_CASE_ST(ut_setup, ut_teardown,
-- 
2.17.1


^ permalink raw reply	[flat|nested] 16+ messages in thread

* [dpdk-dev] [PATCH v2 2/3] common/qat: add new QAT GEN3 definitions
  2019-09-27 15:47 ` [dpdk-dev] [PATCH v2 0/3] QAT: handle Single Pass GCM Adam Dybkowski
  2019-09-27 15:47   ` [dpdk-dev] [PATCH v2 1/3] test/crypto: add more AES GCM tests for QAT PMD Adam Dybkowski
@ 2019-09-27 15:47   ` Adam Dybkowski
  2019-10-03 12:58     ` Trahe, Fiona
  2019-09-27 15:47   ` [dpdk-dev] [PATCH v2 3/3] crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT Adam Dybkowski
  2019-10-08 12:44   ` [dpdk-dev] [PATCH v3 0/3] QAT: handle Single Pass GCM Adam Dybkowski
  3 siblings, 1 reply; 16+ messages in thread
From: Adam Dybkowski @ 2019-09-27 15:47 UTC (permalink / raw)
  To: dev, fiona.trahe, arkadiuszx.kusztal, akhil.goyal; +Cc: Adam Dybkowski

This patch adds few definitions specific to GEN3 QAT.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
 drivers/common/qat/qat_adf/icp_qat_fw_la.h | 19 +++++++++++++++----
 drivers/common/qat/qat_adf/icp_qat_hw.h    | 19 +++++++++++++++++++
 2 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/drivers/common/qat/qat_adf/icp_qat_fw_la.h b/drivers/common/qat/qat_adf/icp_qat_fw_la.h
index c33bc3fe7..38891eb1f 100644
--- a/drivers/common/qat/qat_adf/icp_qat_fw_la.h
+++ b/drivers/common/qat/qat_adf/icp_qat_fw_la.h
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
- * Copyright(c) 2015-2018 Intel Corporation
+ * Copyright(c) 2015-2019 Intel Corporation
  */
 #ifndef _ICP_QAT_FW_LA_H_
 #define _ICP_QAT_FW_LA_H_
@@ -34,6 +34,9 @@ struct icp_qat_fw_la_bulk_req {
 	struct icp_qat_fw_comn_req_cd_ctrl cd_ctrl;
 };
 
+#define QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_BITPOS 13
+#define ICP_QAT_FW_LA_SINGLE_PASS_PROTO 1
+#define QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_MASK 0x1
 #define ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS 1
 #define ICP_QAT_FW_LA_GCM_IV_LEN_NOT_12_OCTETS 0
 #define QAT_FW_LA_ZUC_3G_PROTO_FLAG_BITPOS 12
@@ -152,6 +155,10 @@ struct icp_qat_fw_la_bulk_req {
 	QAT_FIELD_SET(flags, val, QAT_FW_LA_ZUC_3G_PROTO_FLAG_BITPOS, \
 	QAT_FW_LA_ZUC_3G_PROTO_FLAG_MASK)
 
+#define ICP_QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_SET(flags, val) \
+	QAT_FIELD_SET(flags, val, QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_BITPOS, \
+	QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_MASK)
+
 #define ICP_QAT_FW_LA_GCM_IV_LEN_FLAG_SET(flags, val) \
 	QAT_FIELD_SET(flags, val, QAT_LA_GCM_IV_LEN_FLAG_BITPOS, \
 	QAT_LA_GCM_IV_LEN_FLAG_MASK)
@@ -267,8 +274,7 @@ struct icp_qat_fw_cipher_auth_cd_ctrl_hdr {
 #define ICP_QAT_FW_AUTH_HDR_FLAG_DO_NESTED 1
 #define ICP_QAT_FW_AUTH_HDR_FLAG_NO_NESTED 0
 #define ICP_QAT_FW_CCM_GCM_AAD_SZ_MAX	240
-#define ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET \
-	(sizeof(struct icp_qat_fw_la_cipher_req_params_t))
+#define ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET 24
 #define ICP_QAT_FW_CIPHER_REQUEST_PARAMETERS_OFFSET (0)
 
 struct icp_qat_fw_la_cipher_req_params {
@@ -281,7 +287,12 @@ struct icp_qat_fw_la_cipher_req_params {
 			uint64_t resrvd1;
 		} s;
 	} u;
-};
+	uint64_t spc_aad_addr;
+	uint64_t spc_auth_res_addr;
+	uint16_t spc_aad_sz;
+	uint8_t reserved;
+	uint8_t spc_auth_res_sz;
+} __rte_packed;
 
 struct icp_qat_fw_la_auth_req_params {
 	uint32_t auth_off;
diff --git a/drivers/common/qat/qat_adf/icp_qat_hw.h b/drivers/common/qat/qat_adf/icp_qat_hw.h
index e7961dba2..cef64861f 100644
--- a/drivers/common/qat/qat_adf/icp_qat_hw.h
+++ b/drivers/common/qat/qat_adf/icp_qat_hw.h
@@ -212,6 +212,7 @@ enum icp_qat_hw_cipher_mode {
 	ICP_QAT_HW_CIPHER_CBC_MODE = 1,
 	ICP_QAT_HW_CIPHER_CTR_MODE = 2,
 	ICP_QAT_HW_CIPHER_F8_MODE = 3,
+	ICP_QAT_HW_CIPHER_AEAD_MODE = 4,
 	ICP_QAT_HW_CIPHER_XTS_MODE = 6,
 	ICP_QAT_HW_CIPHER_MODE_DELIMITER = 7
 };
@@ -244,6 +245,8 @@ enum icp_qat_hw_cipher_convert {
 #define QAT_CIPHER_CONVERT_MASK 0x1
 #define QAT_CIPHER_DIR_BITPOS 8
 #define QAT_CIPHER_DIR_MASK 0x1
+#define QAT_CIPHER_AEAD_HASH_CMP_LEN_BITPOS 10
+#define QAT_CIPHER_AEAD_HASH_CMP_LEN_MASK 0x1F
 #define QAT_CIPHER_MODE_F8_KEY_SZ_MULT 2
 #define QAT_CIPHER_MODE_XTS_KEY_SZ_MULT 2
 #define ICP_QAT_HW_CIPHER_CONFIG_BUILD(mode, algo, convert, dir) \
@@ -251,6 +254,22 @@ enum icp_qat_hw_cipher_convert {
 	((algo & QAT_CIPHER_ALGO_MASK) << QAT_CIPHER_ALGO_BITPOS) | \
 	((convert & QAT_CIPHER_CONVERT_MASK) << QAT_CIPHER_CONVERT_BITPOS) | \
 	((dir & QAT_CIPHER_DIR_MASK) << QAT_CIPHER_DIR_BITPOS))
+
+#define QAT_CIPHER_AEAD_AAD_LOWER_SHIFT 24
+#define QAT_CIPHER_AEAD_AAD_UPPER_SHIFT 8
+#define QAT_CIPHER_AEAD_AAD_SIZE_LOWER_MASK 0xFF
+#define QAT_CIPHER_AEAD_AAD_SIZE_UPPER_MASK 0x3F
+#define QAT_CIPHER_AEAD_AAD_SIZE_BITPOS 16
+#define ICP_QAT_HW_CIPHER_CONFIG_BUILD_UPPER(aad_size) \
+	({ \
+	typeof(aad_size) aad_size1 = aad_size; \
+	(((((aad_size1) >> QAT_CIPHER_AEAD_AAD_UPPER_SHIFT) & \
+	QAT_CIPHER_AEAD_AAD_SIZE_UPPER_MASK) << \
+	QAT_CIPHER_AEAD_AAD_SIZE_BITPOS) | \
+	(((aad_size1) & QAT_CIPHER_AEAD_AAD_SIZE_LOWER_MASK) << \
+	QAT_CIPHER_AEAD_AAD_LOWER_SHIFT)); \
+	})
+
 #define ICP_QAT_HW_DES_BLK_SZ 8
 #define ICP_QAT_HW_3DES_BLK_SZ 8
 #define ICP_QAT_HW_NULL_BLK_SZ 8
-- 
2.17.1


^ permalink raw reply	[flat|nested] 16+ messages in thread

* [dpdk-dev] [PATCH v2 3/3] crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT
  2019-09-27 15:47 ` [dpdk-dev] [PATCH v2 0/3] QAT: handle Single Pass GCM Adam Dybkowski
  2019-09-27 15:47   ` [dpdk-dev] [PATCH v2 1/3] test/crypto: add more AES GCM tests for QAT PMD Adam Dybkowski
  2019-09-27 15:47   ` [dpdk-dev] [PATCH v2 2/3] common/qat: add new QAT GEN3 definitions Adam Dybkowski
@ 2019-09-27 15:47   ` Adam Dybkowski
  2019-10-03 13:04     ` Trahe, Fiona
  2019-10-08 12:44   ` [dpdk-dev] [PATCH v3 0/3] QAT: handle Single Pass GCM Adam Dybkowski
  3 siblings, 1 reply; 16+ messages in thread
From: Adam Dybkowski @ 2019-09-27 15:47 UTC (permalink / raw)
  To: dev, fiona.trahe, arkadiuszx.kusztal, akhil.goyal; +Cc: Adam Dybkowski

This patch improves the performance of AES GCM by using
the Single Pass Crypto Request functionality when running
on GEN3 QAT. Falls back to classic chained mode on older
hardware.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
 doc/guides/rel_notes/release_19_11.rst |  7 +++
 drivers/crypto/qat/qat_sym.c           | 13 +++-
 drivers/crypto/qat/qat_sym_session.c   | 86 ++++++++++++++++++++++++--
 drivers/crypto/qat/qat_sym_session.h   |  9 ++-
 4 files changed, 107 insertions(+), 8 deletions(-)

diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
index 573683da4..4817b7f23 100644
--- a/doc/guides/rel_notes/release_19_11.rst
+++ b/doc/guides/rel_notes/release_19_11.rst
@@ -61,6 +61,13 @@ New Features
   Added stateful decompression support in the Intel QuickAssist Technology PMD.
   Please note that stateful compression is not supported.
 
+* **Enabled Single Pass GCM acceleration on QAT GEN3.**
+
+  Added support for Single Pass GCM, available on QAT GEN3 only (Intel
+  QuickAssist Technology C4xxx). It is automatically chosen instead of the
+  classic chained mode when running on QAT GEN3, significantly improving
+  the performance of AES GCM operations.
+
 Removed Items
 -------------
 
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 46ef27a6d..5ff4aa1e5 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2015-2018 Intel Corporation
+ * Copyright(c) 2015-2019 Intel Corporation
  */
 
 #include <openssl/evp.h>
@@ -12,6 +12,7 @@
 
 #include "qat_sym.h"
 
+
 /** Decrypt a single partial block
  *  Depends on openssl libcrypto
  *  Uses ECB+XOR to do CFB encryption, same result, more performant
@@ -195,7 +196,8 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 	rte_mov128((uint8_t *)qat_req, (const uint8_t *)&(ctx->fw_req));
 	qat_req->comn_mid.opaque_data = (uint64_t)(uintptr_t)op;
 	cipher_param = (void *)&qat_req->serv_specif_rqpars;
-	auth_param = (void *)((uint8_t *)cipher_param + sizeof(*cipher_param));
+	auth_param = (void *)((uint8_t *)cipher_param +
+			ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET);
 
 	if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_HASH_CIPHER ||
 			ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {
@@ -593,6 +595,13 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 		qat_req->comn_mid.dest_data_addr = dst_buf_start;
 	}
 
+	/* Handle Single-Pass GCM */
+	if (ctx->is_single_pass) {
+		cipher_param->spc_aad_addr = op->sym->aead.aad.phys_addr;
+		cipher_param->spc_auth_res_addr =
+				op->sym->aead.digest.phys_addr;
+	}
+
 #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
 	QAT_DP_HEXDUMP_LOG(DEBUG, "qat_req:", qat_req,
 			sizeof(struct icp_qat_fw_la_bulk_req));
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index e5167b3fa..7d0f4a69d 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -450,7 +450,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
 		break;
 	case ICP_QAT_FW_LA_CMD_CIPHER_HASH:
 		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
-			ret = qat_sym_session_configure_aead(xform,
+			ret = qat_sym_session_configure_aead(dev, xform,
 					session);
 			if (ret < 0)
 				return ret;
@@ -467,7 +467,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
 		break;
 	case ICP_QAT_FW_LA_CMD_HASH_CIPHER:
 		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
-			ret = qat_sym_session_configure_aead(xform,
+			ret = qat_sym_session_configure_aead(dev, xform,
 					session);
 			if (ret < 0)
 				return ret;
@@ -503,6 +503,72 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
 	return 0;
 }
 
+static int
+qat_sym_session_handle_single_pass(struct qat_sym_dev_private *internals,
+		struct qat_sym_session *session,
+		struct rte_crypto_aead_xform *aead_xform)
+{
+	enum qat_device_gen qat_dev_gen = internals->qat_dev->qat_dev_gen;
+
+	if (qat_dev_gen == QAT_GEN3 &&
+			aead_xform->iv.length == QAT_AES_GCM_SPC_IV_SIZE) {
+		/* Use faster Single-Pass GCM */
+		struct icp_qat_fw_la_cipher_req_params *cipher_param =
+				(void *) &session->fw_req.serv_specif_rqpars;
+
+		session->is_single_pass = 1;
+		session->qat_cmd = ICP_QAT_FW_LA_CMD_CIPHER;
+		session->qat_mode = ICP_QAT_HW_CIPHER_AEAD_MODE;
+		session->cipher_iv.offset = aead_xform->iv.offset;
+		session->cipher_iv.length = aead_xform->iv.length;
+		if (qat_sym_session_aead_create_cd_cipher(session,
+				aead_xform->key.data, aead_xform->key.length))
+			return -EINVAL;
+		session->aad_len = aead_xform->aad_length;
+		session->digest_length = aead_xform->digest_length;
+		if (aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
+			session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
+			session->auth_op = ICP_QAT_HW_AUTH_GENERATE;
+			ICP_QAT_FW_LA_RET_AUTH_SET(
+				session->fw_req.comn_hdr.serv_specif_flags,
+				ICP_QAT_FW_LA_RET_AUTH_RES);
+		} else {
+			session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
+			session->auth_op = ICP_QAT_HW_AUTH_VERIFY;
+			ICP_QAT_FW_LA_CMP_AUTH_SET(
+				session->fw_req.comn_hdr.serv_specif_flags,
+				ICP_QAT_FW_LA_CMP_AUTH_RES);
+		}
+		ICP_QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_SET(
+				session->fw_req.comn_hdr.serv_specif_flags,
+				ICP_QAT_FW_LA_SINGLE_PASS_PROTO);
+		ICP_QAT_FW_LA_PROTO_SET(
+				session->fw_req.comn_hdr.serv_specif_flags,
+				ICP_QAT_FW_LA_NO_PROTO);
+		ICP_QAT_FW_LA_GCM_IV_LEN_FLAG_SET(
+				session->fw_req.comn_hdr.serv_specif_flags,
+				ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS);
+		session->fw_req.comn_hdr.service_cmd_id =
+				ICP_QAT_FW_LA_CMD_CIPHER;
+		session->cd.cipher.cipher_config.val =
+				ICP_QAT_HW_CIPHER_CONFIG_BUILD(
+					ICP_QAT_HW_CIPHER_AEAD_MODE,
+					session->qat_cipher_alg,
+					ICP_QAT_HW_CIPHER_NO_CONVERT,
+					session->qat_dir);
+		QAT_FIELD_SET(session->cd.cipher.cipher_config.val,
+				aead_xform->digest_length,
+				QAT_CIPHER_AEAD_HASH_CMP_LEN_BITPOS,
+				QAT_CIPHER_AEAD_HASH_CMP_LEN_MASK);
+		session->cd.cipher.cipher_config.reserved =
+				ICP_QAT_HW_CIPHER_CONFIG_BUILD_UPPER(
+					aead_xform->aad_length);
+		cipher_param->spc_aad_sz = aead_xform->aad_length;
+		cipher_param->spc_auth_res_sz = aead_xform->digest_length;
+	}
+	return 0;
+}
+
 int
 qat_sym_session_configure_auth(struct rte_cryptodev *dev,
 				struct rte_crypto_sym_xform *xform,
@@ -646,7 +712,8 @@ qat_sym_session_configure_auth(struct rte_cryptodev *dev,
 }
 
 int
-qat_sym_session_configure_aead(struct rte_crypto_sym_xform *xform,
+qat_sym_session_configure_aead(struct rte_cryptodev *dev,
+				struct rte_crypto_sym_xform *xform,
 				struct qat_sym_session *session)
 {
 	struct rte_crypto_aead_xform *aead_xform = &xform->aead;
@@ -684,6 +751,17 @@ qat_sym_session_configure_aead(struct rte_crypto_sym_xform *xform,
 		return -EINVAL;
 	}
 
+	session->is_single_pass = 0;
+	if (aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) {
+		/* Use faster Single-Pass GCM if possible */
+		int res = qat_sym_session_handle_single_pass(
+				dev->data->dev_private, session, aead_xform);
+		if (res < 0)
+			return res;
+		if (session->is_single_pass)
+			return 0;
+	}
+
 	if ((aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT &&
 			aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) ||
 			(aead_xform->op == RTE_CRYPTO_AEAD_OP_DECRYPT &&
@@ -1444,7 +1522,7 @@ int qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc,
 	struct icp_qat_fw_la_auth_req_params *auth_param =
 		(struct icp_qat_fw_la_auth_req_params *)
 		((char *)&req_tmpl->serv_specif_rqpars +
-		sizeof(struct icp_qat_fw_la_cipher_req_params));
+		ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET);
 	uint16_t state1_size = 0, state2_size = 0;
 	uint16_t hash_offset, cd_size;
 	uint32_t *aad_len = NULL;
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index ce1ca5af8..98985d686 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2015-2018 Intel Corporation
+ * Copyright(c) 2015-2019 Intel Corporation
  */
 #ifndef _QAT_SYM_SESSION_H_
 #define _QAT_SYM_SESSION_H_
@@ -25,6 +25,9 @@
 #define QAT_3DES_KEY_SZ_OPT2 16 /* K3=K1 */
 #define QAT_3DES_KEY_SZ_OPT3 8 /* K1=K2=K3 */
 
+/* 96-bit case of IV for CCP/GCM single pass algorithm */
+#define QAT_AES_GCM_SPC_IV_SIZE 12
+
 
 #define QAT_AES_HW_CONFIG_CBC_ENC(alg) \
 	ICP_QAT_HW_CIPHER_CONFIG_BUILD(ICP_QAT_HW_CIPHER_CBC_MODE, alg, \
@@ -78,6 +81,7 @@ struct qat_sym_session {
 	rte_spinlock_t lock;	/* protects this struct */
 	enum qat_device_gen min_qat_dev_gen;
 	uint8_t aes_cmac;
+	uint8_t is_single_pass;
 };
 
 int
@@ -91,7 +95,8 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform, void *session_private);
 
 int
-qat_sym_session_configure_aead(struct rte_crypto_sym_xform *xform,
+qat_sym_session_configure_aead(struct rte_cryptodev *dev,
+				struct rte_crypto_sym_xform *xform,
 				struct qat_sym_session *session);
 
 int
-- 
2.17.1


^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: [dpdk-dev] [PATCH v2 1/3] test/crypto: add more AES GCM tests for QAT PMD
  2019-09-27 15:47   ` [dpdk-dev] [PATCH v2 1/3] test/crypto: add more AES GCM tests for QAT PMD Adam Dybkowski
@ 2019-10-03 12:41     ` Trahe, Fiona
  0 siblings, 0 replies; 16+ messages in thread
From: Trahe, Fiona @ 2019-10-03 12:41 UTC (permalink / raw)
  To: Dybkowski, AdamX, dev; +Cc: Trahe, Fiona, Kusztal, ArkadiuszX, akhil.goyal

Hi Adam,

> -----Original Message-----
> From: Dybkowski, AdamX
> Sent: Friday, September 27, 2019 4:48 PM
> To: dev@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>; akhil.goyal@nxp.com
> Cc: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> Subject: [PATCH v2 1/3] test/crypto: add more AES GCM tests for QAT PMD
> 
> This patch adds 256-bit AES GCM tests for QAT PMD
> (which already existed for AESNI and OpenSSL) and also adds
> a number of negative unit tests for AES GCM for QAT PMD, in order
> to verify authenticated encryption and decryption with modified data.
> 
> Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
> ---
These are a great set of tests to add, thanks.
However, I find the silent terminology misleading. as the fn is not silent, other errors may print, debug may print and depending on the flag passed in the compare error may print.
Also, if the test fails for some other reason than the one it should, this will be missed.
What you want to do is catch specific expected errors so I'd suggest following:
leave test_authenticated_encryption() name as is.
Add a fail_expected enum to crypto_unittest_params, with elements like NONE, DIGEST_CORRUPT, ENCRYPTED_DATA_CORRUPT, UNENCRYPTED_DATA_CORRUPT
Don't suppress the errors, instead in wrapper fns, print "Negative test - errors are expected" at top of each negative test, corrupt the input and set the appropriate fail.
In test_authenticated_encryption() and test_authenticated_encryption() use the enum to check for the expected failure.
Does that make sense?



^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: [dpdk-dev] [PATCH v2 2/3] common/qat: add new QAT GEN3 definitions
  2019-09-27 15:47   ` [dpdk-dev] [PATCH v2 2/3] common/qat: add new QAT GEN3 definitions Adam Dybkowski
@ 2019-10-03 12:58     ` Trahe, Fiona
  0 siblings, 0 replies; 16+ messages in thread
From: Trahe, Fiona @ 2019-10-03 12:58 UTC (permalink / raw)
  To: Dybkowski, AdamX, dev, Kusztal, ArkadiuszX, akhil.goyal; +Cc: Trahe, Fiona



> -----Original Message-----
> From: Dybkowski, AdamX
> Sent: Friday, September 27, 2019 4:48 PM
> To: dev@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>; akhil.goyal@nxp.com
> Cc: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> Subject: [PATCH v2 2/3] common/qat: add new QAT GEN3 definitions
> 
> This patch adds few definitions specific to GEN3 QAT.
> 
> Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: [dpdk-dev] [PATCH v2 3/3] crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT
  2019-09-27 15:47   ` [dpdk-dev] [PATCH v2 3/3] crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT Adam Dybkowski
@ 2019-10-03 13:04     ` Trahe, Fiona
  0 siblings, 0 replies; 16+ messages in thread
From: Trahe, Fiona @ 2019-10-03 13:04 UTC (permalink / raw)
  To: Dybkowski, AdamX, dev, Kusztal, ArkadiuszX, akhil.goyal; +Cc: Trahe, Fiona

Hi Adam,

> -----Original Message-----
> From: Dybkowski, AdamX
> Sent: Friday, September 27, 2019 4:48 PM
> To: dev@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>; akhil.goyal@nxp.com
> Cc: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> Subject: [PATCH v2 3/3] crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT
> 
> This patch improves the performance of AES GCM by using
> the Single Pass Crypto Request functionality when running
> on GEN3 QAT. Falls back to classic chained mode on older
> hardware.
> 
> Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
> ---
>  doc/guides/rel_notes/release_19_11.rst |  7 +++
>  drivers/crypto/qat/qat_sym.c           | 13 +++-
>  drivers/crypto/qat/qat_sym_session.c   | 86 ++++++++++++++++++++++++--
>  drivers/crypto/qat/qat_sym_session.h   |  9 ++-
>  4 files changed, 107 insertions(+), 8 deletions(-)
> 
> diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
> index 573683da4..4817b7f23 100644
> --- a/doc/guides/rel_notes/release_19_11.rst
> +++ b/doc/guides/rel_notes/release_19_11.rst
> @@ -61,6 +61,13 @@ New Features
>    Added stateful decompression support in the Intel QuickAssist Technology PMD.
>    Please note that stateful compression is not supported.
> 
> +* **Enabled Single Pass GCM acceleration on QAT GEN3.**
> +
> +  Added support for Single Pass GCM, available on QAT GEN3 only (Intel
> +  QuickAssist Technology C4xxx). It is automatically chosen instead of the
> +  classic chained mode when running on QAT GEN3, significantly improving
> +  the performance of AES GCM operations.
> +
>  Removed Items
>  -------------
> 
> diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
> index 46ef27a6d..5ff4aa1e5 100644
> --- a/drivers/crypto/qat/qat_sym.c
> +++ b/drivers/crypto/qat/qat_sym.c
> @@ -1,5 +1,5 @@
>  /* SPDX-License-Identifier: BSD-3-Clause
> - * Copyright(c) 2015-2018 Intel Corporation
> + * Copyright(c) 2015-2019 Intel Corporation
>   */
> 
>  #include <openssl/evp.h>
> @@ -12,6 +12,7 @@
> 
>  #include "qat_sym.h"
> 
> +
>  /** Decrypt a single partial block
>   *  Depends on openssl libcrypto
>   *  Uses ECB+XOR to do CFB encryption, same result, more performant
> @@ -195,7 +196,8 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
>  	rte_mov128((uint8_t *)qat_req, (const uint8_t *)&(ctx->fw_req));
>  	qat_req->comn_mid.opaque_data = (uint64_t)(uintptr_t)op;
>  	cipher_param = (void *)&qat_req->serv_specif_rqpars;
> -	auth_param = (void *)((uint8_t *)cipher_param + sizeof(*cipher_param));
> +	auth_param = (void *)((uint8_t *)cipher_param +
> +			ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET);
> 
>  	if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_HASH_CIPHER ||
>  			ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {
> @@ -593,6 +595,13 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
>  		qat_req->comn_mid.dest_data_addr = dst_buf_start;
>  	}
> 
> +	/* Handle Single-Pass GCM */
> +	if (ctx->is_single_pass) {
> +		cipher_param->spc_aad_addr = op->sym->aead.aad.phys_addr;
> +		cipher_param->spc_auth_res_addr =
> +				op->sym->aead.digest.phys_addr;
> +	}
> +
>  #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
>  	QAT_DP_HEXDUMP_LOG(DEBUG, "qat_req:", qat_req,
>  			sizeof(struct icp_qat_fw_la_bulk_req));
> diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
> index e5167b3fa..7d0f4a69d 100644
> --- a/drivers/crypto/qat/qat_sym_session.c
> +++ b/drivers/crypto/qat/qat_sym_session.c
> @@ -450,7 +450,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
>  		break;
>  	case ICP_QAT_FW_LA_CMD_CIPHER_HASH:
>  		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
> -			ret = qat_sym_session_configure_aead(xform,
> +			ret = qat_sym_session_configure_aead(dev, xform,
>  					session);
>  			if (ret < 0)
>  				return ret;
> @@ -467,7 +467,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
>  		break;
>  	case ICP_QAT_FW_LA_CMD_HASH_CIPHER:
>  		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
> -			ret = qat_sym_session_configure_aead(xform,
> +			ret = qat_sym_session_configure_aead(dev, xform,
>  					session);
>  			if (ret < 0)
>  				return ret;
> @@ -503,6 +503,72 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
>  	return 0;
>  }
> 
> +static int
> +qat_sym_session_handle_single_pass(struct qat_sym_dev_private *internals,
> +		struct qat_sym_session *session,
> +		struct rte_crypto_aead_xform *aead_xform)
> +{
> +	enum qat_device_gen qat_dev_gen = internals->qat_dev->qat_dev_gen;
> +
> +	if (qat_dev_gen == QAT_GEN3 &&
> +			aead_xform->iv.length == QAT_AES_GCM_SPC_IV_SIZE) {
> +		/* Use faster Single-Pass GCM */
[Fiona] Need to set min_qat_dev_gen in session here. 
Crypto sessions can be built independently of the device. Catches a very unlikely corner case.
If e.g. platform had a gen1 and gen3 device, did the session init on the gen3, then attached it to an op sent to gen1,
This min_qat_dev_gen would catch it. Same situation possible with ZUC so we added that check then.


^ permalink raw reply	[flat|nested] 16+ messages in thread

* [dpdk-dev] [PATCH v3 0/3] QAT: handle Single Pass GCM
  2019-09-27 15:47 ` [dpdk-dev] [PATCH v2 0/3] QAT: handle Single Pass GCM Adam Dybkowski
                     ` (2 preceding siblings ...)
  2019-09-27 15:47   ` [dpdk-dev] [PATCH v2 3/3] crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT Adam Dybkowski
@ 2019-10-08 12:44   ` Adam Dybkowski
  2019-10-08 12:44     ` [dpdk-dev] [PATCH v3 1/3] test/crypto: add more AES GCM tests for QAT PMD Adam Dybkowski
                       ` (3 more replies)
  3 siblings, 4 replies; 16+ messages in thread
From: Adam Dybkowski @ 2019-10-08 12:44 UTC (permalink / raw)
  To: dev, fiona.trahe, arkadiuszx.kusztal, akhil.goyal; +Cc: Adam Dybkowski

This patch improves the performance of AES GCM
by using the Single Pass Crypto Request
when running on GEN3 QAT.
---
v3:
* Block GCM session prepared on QAT GEN3 to be used for executing op on QAT GEN1/2
* Update QAT sym. crypto documentation

v2:
* Fix the session preparation function and request building code.
* Update release notes.

Adam Dybkowski (3):
  test/crypto: add more AES GCM tests for QAT PMD
  common/qat: add new QAT GEN3 definitions
  crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT

 app/test/test_cryptodev.c                  | 226 +++++++++++++++++++++
 doc/guides/cryptodevs/qat.rst              |  11 +
 doc/guides/rel_notes/release_19_11.rst     |   6 +
 drivers/common/qat/qat_adf/icp_qat_fw_la.h |  19 +-
 drivers/common/qat/qat_adf/icp_qat_hw.h    |  19 ++
 drivers/crypto/qat/qat_sym.c               |  13 +-
 drivers/crypto/qat/qat_sym_session.c       |  87 +++++++-
 drivers/crypto/qat/qat_sym_session.h       |   9 +-
 8 files changed, 378 insertions(+), 12 deletions(-)

-- 
2.17.1


^ permalink raw reply	[flat|nested] 16+ messages in thread

* [dpdk-dev] [PATCH v3 1/3] test/crypto: add more AES GCM tests for QAT PMD
  2019-10-08 12:44   ` [dpdk-dev] [PATCH v3 0/3] QAT: handle Single Pass GCM Adam Dybkowski
@ 2019-10-08 12:44     ` Adam Dybkowski
  2019-10-08 12:44     ` [dpdk-dev] [PATCH v3 2/3] common/qat: add new QAT GEN3 definitions Adam Dybkowski
                       ` (2 subsequent siblings)
  3 siblings, 0 replies; 16+ messages in thread
From: Adam Dybkowski @ 2019-10-08 12:44 UTC (permalink / raw)
  To: dev, fiona.trahe, arkadiuszx.kusztal, akhil.goyal; +Cc: Adam Dybkowski

This patch adds 256-bit AES GCM tests for QAT PMD
(which already existed for AESNI and OpenSSL) and also adds
a number of negative unit tests for AES GCM for QAT PMD, in order
to verify authenticated encryption and decryption with modified data.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
 app/test/test_cryptodev.c | 226 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 226 insertions(+)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 63cfa1af1..ffed298fd 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -7675,6 +7675,12 @@ test_AES_GCM_authenticated_encryption_test_case_7(void)
 	return test_authenticated_encryption(&gcm_test_case_7);
 }
 
+static int
+test_AES_GCM_authenticated_encryption_test_case_8(void)
+{
+	return test_authenticated_encryption(&gcm_test_case_8);
+}
+
 static int
 test_AES_GCM_auth_encryption_test_case_192_1(void)
 {
@@ -7771,6 +7777,93 @@ test_AES_GCM_auth_encryption_test_case_aad_2(void)
 	return test_authenticated_encryption(&gcm_test_case_aad_2);
 }
 
+static int
+test_AES_GCM_auth_encryption_fail_iv_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n");
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.iv.data[0] += 1;
+	res = test_authenticated_encryption(&tdata);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_in_data_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n");
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.plaintext.data[0] += 1;
+	res = test_authenticated_encryption(&tdata);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_out_data_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n");
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.ciphertext.data[0] += 1;
+	res = test_authenticated_encryption(&tdata);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_aad_len_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n");
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.aad.len += 1;
+	res = test_authenticated_encryption(&tdata);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_aad_corrupt(void)
+{
+	struct aead_test_data tdata;
+	uint8_t aad[gcm_test_case_7.aad.len];
+	int res;
+
+	RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n");
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	memcpy(aad, gcm_test_case_7.aad.data, gcm_test_case_7.aad.len);
+	aad[0] += 1;
+	tdata.aad.data = aad;
+	res = test_authenticated_encryption(&tdata);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_encryption_fail_tag_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n");
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.auth_tag.data[0] += 1;
+	res = test_authenticated_encryption(&tdata);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
 static int
 test_authenticated_decryption(const struct aead_test_data *tdata)
 {
@@ -7839,6 +7932,7 @@ test_authenticated_decryption(const struct aead_test_data *tdata)
 	TEST_ASSERT_EQUAL(ut_params->op->status,
 			RTE_CRYPTO_OP_STATUS_SUCCESS,
 			"Authentication failed");
+
 	return 0;
 }
 
@@ -7884,6 +7978,12 @@ test_AES_GCM_authenticated_decryption_test_case_7(void)
 	return test_authenticated_decryption(&gcm_test_case_7);
 }
 
+static int
+test_AES_GCM_authenticated_decryption_test_case_8(void)
+{
+	return test_authenticated_decryption(&gcm_test_case_8);
+}
+
 static int
 test_AES_GCM_auth_decryption_test_case_192_1(void)
 {
@@ -7980,6 +8080,88 @@ test_AES_GCM_auth_decryption_test_case_aad_2(void)
 	return test_authenticated_decryption(&gcm_test_case_aad_2);
 }
 
+static int
+test_AES_GCM_auth_decryption_fail_iv_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.iv.data[0] += 1;
+	res = test_authenticated_decryption(&tdata);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_in_data_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n");
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.plaintext.data[0] += 1;
+	res = test_authenticated_decryption(&tdata);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_out_data_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.ciphertext.data[0] += 1;
+	res = test_authenticated_decryption(&tdata);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_aad_len_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.aad.len += 1;
+	res = test_authenticated_decryption(&tdata);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_aad_corrupt(void)
+{
+	struct aead_test_data tdata;
+	uint8_t aad[gcm_test_case_7.aad.len];
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	memcpy(aad, gcm_test_case_7.aad.data, gcm_test_case_7.aad.len);
+	aad[0] += 1;
+	tdata.aad.data = aad;
+	res = test_authenticated_decryption(&tdata);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_AES_GCM_auth_decryption_fail_tag_corrupt(void)
+{
+	struct aead_test_data tdata;
+	int res;
+
+	memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data));
+	tdata.auth_tag.data[0] += 1;
+	res = test_authenticated_decryption(&tdata);
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "authentication not failed");
+	return TEST_SUCCESS;
+}
+
 static int
 test_authenticated_encryption_oop(const struct aead_test_data *tdata)
 {
@@ -10927,6 +11109,8 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 			test_AES_GCM_authenticated_encryption_test_case_6),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_AES_GCM_authenticated_encryption_test_case_7),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_authenticated_encryption_test_case_8),
 
 		/** AES GCM Authenticated Decryption */
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -10943,6 +11127,8 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 			test_AES_GCM_authenticated_decryption_test_case_6),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_AES_GCM_authenticated_decryption_test_case_7),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_authenticated_decryption_test_case_8),
 
 		/** AES GCM Authenticated Encryption 192 bits key */
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -10992,6 +11178,22 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_AES_GCM_auth_encryption_test_case_256_7),
 
+		/** AES GCM Authenticated Decryption 256 bits key */
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_1),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_2),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_3),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_4),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_5),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_6),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_test_case_256_7),
+
 		/** AES GMAC Authentication */
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_AES_GMAC_authentication_test_case_1),
@@ -11214,6 +11416,30 @@ static struct unit_test_suite cryptodev_qat_testsuite  = {
 			authentication_verify_HMAC_SHA1_fail_data_corrupt),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			authentication_verify_HMAC_SHA1_fail_tag_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_iv_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_in_data_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_out_data_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_aad_len_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_aad_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_encryption_fail_tag_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_iv_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_in_data_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_out_data_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_aad_len_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_aad_corrupt),
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_AES_GCM_auth_decryption_fail_tag_corrupt),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			authentication_verify_AES128_GMAC_fail_data_corrupt),
 		TEST_CASE_ST(ut_setup, ut_teardown,
-- 
2.17.1


^ permalink raw reply	[flat|nested] 16+ messages in thread

* [dpdk-dev] [PATCH v3 2/3] common/qat: add new QAT GEN3 definitions
  2019-10-08 12:44   ` [dpdk-dev] [PATCH v3 0/3] QAT: handle Single Pass GCM Adam Dybkowski
  2019-10-08 12:44     ` [dpdk-dev] [PATCH v3 1/3] test/crypto: add more AES GCM tests for QAT PMD Adam Dybkowski
@ 2019-10-08 12:44     ` Adam Dybkowski
  2019-10-08 12:44     ` [dpdk-dev] [PATCH v3 3/3] crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT Adam Dybkowski
  2019-10-08 15:03     ` [dpdk-dev] [PATCH v3 0/3] QAT: handle Single Pass GCM Trahe, Fiona
  3 siblings, 0 replies; 16+ messages in thread
From: Adam Dybkowski @ 2019-10-08 12:44 UTC (permalink / raw)
  To: dev, fiona.trahe, arkadiuszx.kusztal, akhil.goyal; +Cc: Adam Dybkowski

This patch adds few definitions specific to GEN3 QAT.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
 drivers/common/qat/qat_adf/icp_qat_fw_la.h | 19 +++++++++++++++----
 drivers/common/qat/qat_adf/icp_qat_hw.h    | 19 +++++++++++++++++++
 2 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/drivers/common/qat/qat_adf/icp_qat_fw_la.h b/drivers/common/qat/qat_adf/icp_qat_fw_la.h
index c33bc3fe7..38891eb1f 100644
--- a/drivers/common/qat/qat_adf/icp_qat_fw_la.h
+++ b/drivers/common/qat/qat_adf/icp_qat_fw_la.h
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
- * Copyright(c) 2015-2018 Intel Corporation
+ * Copyright(c) 2015-2019 Intel Corporation
  */
 #ifndef _ICP_QAT_FW_LA_H_
 #define _ICP_QAT_FW_LA_H_
@@ -34,6 +34,9 @@ struct icp_qat_fw_la_bulk_req {
 	struct icp_qat_fw_comn_req_cd_ctrl cd_ctrl;
 };
 
+#define QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_BITPOS 13
+#define ICP_QAT_FW_LA_SINGLE_PASS_PROTO 1
+#define QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_MASK 0x1
 #define ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS 1
 #define ICP_QAT_FW_LA_GCM_IV_LEN_NOT_12_OCTETS 0
 #define QAT_FW_LA_ZUC_3G_PROTO_FLAG_BITPOS 12
@@ -152,6 +155,10 @@ struct icp_qat_fw_la_bulk_req {
 	QAT_FIELD_SET(flags, val, QAT_FW_LA_ZUC_3G_PROTO_FLAG_BITPOS, \
 	QAT_FW_LA_ZUC_3G_PROTO_FLAG_MASK)
 
+#define ICP_QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_SET(flags, val) \
+	QAT_FIELD_SET(flags, val, QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_BITPOS, \
+	QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_MASK)
+
 #define ICP_QAT_FW_LA_GCM_IV_LEN_FLAG_SET(flags, val) \
 	QAT_FIELD_SET(flags, val, QAT_LA_GCM_IV_LEN_FLAG_BITPOS, \
 	QAT_LA_GCM_IV_LEN_FLAG_MASK)
@@ -267,8 +274,7 @@ struct icp_qat_fw_cipher_auth_cd_ctrl_hdr {
 #define ICP_QAT_FW_AUTH_HDR_FLAG_DO_NESTED 1
 #define ICP_QAT_FW_AUTH_HDR_FLAG_NO_NESTED 0
 #define ICP_QAT_FW_CCM_GCM_AAD_SZ_MAX	240
-#define ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET \
-	(sizeof(struct icp_qat_fw_la_cipher_req_params_t))
+#define ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET 24
 #define ICP_QAT_FW_CIPHER_REQUEST_PARAMETERS_OFFSET (0)
 
 struct icp_qat_fw_la_cipher_req_params {
@@ -281,7 +287,12 @@ struct icp_qat_fw_la_cipher_req_params {
 			uint64_t resrvd1;
 		} s;
 	} u;
-};
+	uint64_t spc_aad_addr;
+	uint64_t spc_auth_res_addr;
+	uint16_t spc_aad_sz;
+	uint8_t reserved;
+	uint8_t spc_auth_res_sz;
+} __rte_packed;
 
 struct icp_qat_fw_la_auth_req_params {
 	uint32_t auth_off;
diff --git a/drivers/common/qat/qat_adf/icp_qat_hw.h b/drivers/common/qat/qat_adf/icp_qat_hw.h
index e7961dba2..cef64861f 100644
--- a/drivers/common/qat/qat_adf/icp_qat_hw.h
+++ b/drivers/common/qat/qat_adf/icp_qat_hw.h
@@ -212,6 +212,7 @@ enum icp_qat_hw_cipher_mode {
 	ICP_QAT_HW_CIPHER_CBC_MODE = 1,
 	ICP_QAT_HW_CIPHER_CTR_MODE = 2,
 	ICP_QAT_HW_CIPHER_F8_MODE = 3,
+	ICP_QAT_HW_CIPHER_AEAD_MODE = 4,
 	ICP_QAT_HW_CIPHER_XTS_MODE = 6,
 	ICP_QAT_HW_CIPHER_MODE_DELIMITER = 7
 };
@@ -244,6 +245,8 @@ enum icp_qat_hw_cipher_convert {
 #define QAT_CIPHER_CONVERT_MASK 0x1
 #define QAT_CIPHER_DIR_BITPOS 8
 #define QAT_CIPHER_DIR_MASK 0x1
+#define QAT_CIPHER_AEAD_HASH_CMP_LEN_BITPOS 10
+#define QAT_CIPHER_AEAD_HASH_CMP_LEN_MASK 0x1F
 #define QAT_CIPHER_MODE_F8_KEY_SZ_MULT 2
 #define QAT_CIPHER_MODE_XTS_KEY_SZ_MULT 2
 #define ICP_QAT_HW_CIPHER_CONFIG_BUILD(mode, algo, convert, dir) \
@@ -251,6 +254,22 @@ enum icp_qat_hw_cipher_convert {
 	((algo & QAT_CIPHER_ALGO_MASK) << QAT_CIPHER_ALGO_BITPOS) | \
 	((convert & QAT_CIPHER_CONVERT_MASK) << QAT_CIPHER_CONVERT_BITPOS) | \
 	((dir & QAT_CIPHER_DIR_MASK) << QAT_CIPHER_DIR_BITPOS))
+
+#define QAT_CIPHER_AEAD_AAD_LOWER_SHIFT 24
+#define QAT_CIPHER_AEAD_AAD_UPPER_SHIFT 8
+#define QAT_CIPHER_AEAD_AAD_SIZE_LOWER_MASK 0xFF
+#define QAT_CIPHER_AEAD_AAD_SIZE_UPPER_MASK 0x3F
+#define QAT_CIPHER_AEAD_AAD_SIZE_BITPOS 16
+#define ICP_QAT_HW_CIPHER_CONFIG_BUILD_UPPER(aad_size) \
+	({ \
+	typeof(aad_size) aad_size1 = aad_size; \
+	(((((aad_size1) >> QAT_CIPHER_AEAD_AAD_UPPER_SHIFT) & \
+	QAT_CIPHER_AEAD_AAD_SIZE_UPPER_MASK) << \
+	QAT_CIPHER_AEAD_AAD_SIZE_BITPOS) | \
+	(((aad_size1) & QAT_CIPHER_AEAD_AAD_SIZE_LOWER_MASK) << \
+	QAT_CIPHER_AEAD_AAD_LOWER_SHIFT)); \
+	})
+
 #define ICP_QAT_HW_DES_BLK_SZ 8
 #define ICP_QAT_HW_3DES_BLK_SZ 8
 #define ICP_QAT_HW_NULL_BLK_SZ 8
-- 
2.17.1


^ permalink raw reply	[flat|nested] 16+ messages in thread

* [dpdk-dev] [PATCH v3 3/3] crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT
  2019-10-08 12:44   ` [dpdk-dev] [PATCH v3 0/3] QAT: handle Single Pass GCM Adam Dybkowski
  2019-10-08 12:44     ` [dpdk-dev] [PATCH v3 1/3] test/crypto: add more AES GCM tests for QAT PMD Adam Dybkowski
  2019-10-08 12:44     ` [dpdk-dev] [PATCH v3 2/3] common/qat: add new QAT GEN3 definitions Adam Dybkowski
@ 2019-10-08 12:44     ` Adam Dybkowski
  2019-10-08 15:03     ` [dpdk-dev] [PATCH v3 0/3] QAT: handle Single Pass GCM Trahe, Fiona
  3 siblings, 0 replies; 16+ messages in thread
From: Adam Dybkowski @ 2019-10-08 12:44 UTC (permalink / raw)
  To: dev, fiona.trahe, arkadiuszx.kusztal, akhil.goyal; +Cc: Adam Dybkowski

This patch improves the performance of AES GCM by using
the Single Pass Crypto Request functionality when running
on GEN3 QAT. Falls back to the classic 2-pass mode on older
hardware.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
 doc/guides/cryptodevs/qat.rst          | 11 ++++
 doc/guides/rel_notes/release_19_11.rst |  6 ++
 drivers/crypto/qat/qat_sym.c           | 13 +++-
 drivers/crypto/qat/qat_sym_session.c   | 87 ++++++++++++++++++++++++--
 drivers/crypto/qat/qat_sym_session.h   |  9 ++-
 5 files changed, 118 insertions(+), 8 deletions(-)

diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
index e905f6d00..ad685a7e5 100644
--- a/doc/guides/cryptodevs/qat.rst
+++ b/doc/guides/cryptodevs/qat.rst
@@ -82,6 +82,17 @@ Limitations
 * ZUC EEA3/EIA3 is not supported by dh895xcc devices
 * Maximum additional authenticated data (AAD) for GCM is 240 bytes long and must be passed to the device in a buffer rounded up to the nearest block-size multiple (x16) and padded with zeros.
 * Queue pairs are not thread-safe (that is, within a single queue pair, RX and TX from different lcores is not supported).
+* A GCM limitation exists, but only in the case where there are multiple
+  generations of QAT devices on a single platform.
+  To optimise performance, the GCM crypto session should be initialised for the
+  device generation to which the ops will be enqueued. Specifically if a GCM
+  session is initialised on a GEN2 device, but then attached to an op enqueued
+  to a GEN3 device, it will work but cannot take advantage of hardware
+  optimisations in the GEN3 device. And if a GCM session is initialised on a
+  GEN3 device, then attached to an op sent to a GEN1/GEN2 device, it will not be
+  enqueued to the device and will be marked as failed. The simplest way to
+  mitigate this is to use the bdf whitelist to avoid mixing devices of different
+  generations in the same process if planning to use for GCM.
 
 Extra notes on KASUMI F9
 ~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
index f971b3f77..be91b04ad 100644
--- a/doc/guides/rel_notes/release_19_11.rst
+++ b/doc/guides/rel_notes/release_19_11.rst
@@ -72,6 +72,12 @@ New Features
   Added a symmetric crypto PMD for Marvell NITROX V security processor.
   See the :doc:`../cryptodevs/nitrox` guide for more details on this new
 
+* **Enabled Single Pass GCM acceleration on QAT GEN3.**
+
+  Added support for Single Pass GCM, available on QAT GEN3 only (Intel
+  QuickAssist Technology C4xxx). It is automatically chosen instead of the
+  classic 2-pass mode when running on QAT GEN3, significantly improving
+  the performance of AES GCM operations.
 
 Removed Items
 -------------
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 46ef27a6d..5ff4aa1e5 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2015-2018 Intel Corporation
+ * Copyright(c) 2015-2019 Intel Corporation
  */
 
 #include <openssl/evp.h>
@@ -12,6 +12,7 @@
 
 #include "qat_sym.h"
 
+
 /** Decrypt a single partial block
  *  Depends on openssl libcrypto
  *  Uses ECB+XOR to do CFB encryption, same result, more performant
@@ -195,7 +196,8 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 	rte_mov128((uint8_t *)qat_req, (const uint8_t *)&(ctx->fw_req));
 	qat_req->comn_mid.opaque_data = (uint64_t)(uintptr_t)op;
 	cipher_param = (void *)&qat_req->serv_specif_rqpars;
-	auth_param = (void *)((uint8_t *)cipher_param + sizeof(*cipher_param));
+	auth_param = (void *)((uint8_t *)cipher_param +
+			ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET);
 
 	if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_HASH_CIPHER ||
 			ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {
@@ -593,6 +595,13 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 		qat_req->comn_mid.dest_data_addr = dst_buf_start;
 	}
 
+	/* Handle Single-Pass GCM */
+	if (ctx->is_single_pass) {
+		cipher_param->spc_aad_addr = op->sym->aead.aad.phys_addr;
+		cipher_param->spc_auth_res_addr =
+				op->sym->aead.digest.phys_addr;
+	}
+
 #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
 	QAT_DP_HEXDUMP_LOG(DEBUG, "qat_req:", qat_req,
 			sizeof(struct icp_qat_fw_la_bulk_req));
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index e5167b3fa..72290ba48 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -450,7 +450,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
 		break;
 	case ICP_QAT_FW_LA_CMD_CIPHER_HASH:
 		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
-			ret = qat_sym_session_configure_aead(xform,
+			ret = qat_sym_session_configure_aead(dev, xform,
 					session);
 			if (ret < 0)
 				return ret;
@@ -467,7 +467,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
 		break;
 	case ICP_QAT_FW_LA_CMD_HASH_CIPHER:
 		if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
-			ret = qat_sym_session_configure_aead(xform,
+			ret = qat_sym_session_configure_aead(dev, xform,
 					session);
 			if (ret < 0)
 				return ret;
@@ -503,6 +503,73 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
 	return 0;
 }
 
+static int
+qat_sym_session_handle_single_pass(struct qat_sym_dev_private *internals,
+		struct qat_sym_session *session,
+		struct rte_crypto_aead_xform *aead_xform)
+{
+	enum qat_device_gen qat_dev_gen = internals->qat_dev->qat_dev_gen;
+
+	if (qat_dev_gen == QAT_GEN3 &&
+			aead_xform->iv.length == QAT_AES_GCM_SPC_IV_SIZE) {
+		/* Use faster Single-Pass GCM */
+		struct icp_qat_fw_la_cipher_req_params *cipher_param =
+				(void *) &session->fw_req.serv_specif_rqpars;
+
+		session->is_single_pass = 1;
+		session->min_qat_dev_gen = QAT_GEN3;
+		session->qat_cmd = ICP_QAT_FW_LA_CMD_CIPHER;
+		session->qat_mode = ICP_QAT_HW_CIPHER_AEAD_MODE;
+		session->cipher_iv.offset = aead_xform->iv.offset;
+		session->cipher_iv.length = aead_xform->iv.length;
+		if (qat_sym_session_aead_create_cd_cipher(session,
+				aead_xform->key.data, aead_xform->key.length))
+			return -EINVAL;
+		session->aad_len = aead_xform->aad_length;
+		session->digest_length = aead_xform->digest_length;
+		if (aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
+			session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
+			session->auth_op = ICP_QAT_HW_AUTH_GENERATE;
+			ICP_QAT_FW_LA_RET_AUTH_SET(
+				session->fw_req.comn_hdr.serv_specif_flags,
+				ICP_QAT_FW_LA_RET_AUTH_RES);
+		} else {
+			session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
+			session->auth_op = ICP_QAT_HW_AUTH_VERIFY;
+			ICP_QAT_FW_LA_CMP_AUTH_SET(
+				session->fw_req.comn_hdr.serv_specif_flags,
+				ICP_QAT_FW_LA_CMP_AUTH_RES);
+		}
+		ICP_QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_SET(
+				session->fw_req.comn_hdr.serv_specif_flags,
+				ICP_QAT_FW_LA_SINGLE_PASS_PROTO);
+		ICP_QAT_FW_LA_PROTO_SET(
+				session->fw_req.comn_hdr.serv_specif_flags,
+				ICP_QAT_FW_LA_NO_PROTO);
+		ICP_QAT_FW_LA_GCM_IV_LEN_FLAG_SET(
+				session->fw_req.comn_hdr.serv_specif_flags,
+				ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS);
+		session->fw_req.comn_hdr.service_cmd_id =
+				ICP_QAT_FW_LA_CMD_CIPHER;
+		session->cd.cipher.cipher_config.val =
+				ICP_QAT_HW_CIPHER_CONFIG_BUILD(
+					ICP_QAT_HW_CIPHER_AEAD_MODE,
+					session->qat_cipher_alg,
+					ICP_QAT_HW_CIPHER_NO_CONVERT,
+					session->qat_dir);
+		QAT_FIELD_SET(session->cd.cipher.cipher_config.val,
+				aead_xform->digest_length,
+				QAT_CIPHER_AEAD_HASH_CMP_LEN_BITPOS,
+				QAT_CIPHER_AEAD_HASH_CMP_LEN_MASK);
+		session->cd.cipher.cipher_config.reserved =
+				ICP_QAT_HW_CIPHER_CONFIG_BUILD_UPPER(
+					aead_xform->aad_length);
+		cipher_param->spc_aad_sz = aead_xform->aad_length;
+		cipher_param->spc_auth_res_sz = aead_xform->digest_length;
+	}
+	return 0;
+}
+
 int
 qat_sym_session_configure_auth(struct rte_cryptodev *dev,
 				struct rte_crypto_sym_xform *xform,
@@ -646,7 +713,8 @@ qat_sym_session_configure_auth(struct rte_cryptodev *dev,
 }
 
 int
-qat_sym_session_configure_aead(struct rte_crypto_sym_xform *xform,
+qat_sym_session_configure_aead(struct rte_cryptodev *dev,
+				struct rte_crypto_sym_xform *xform,
 				struct qat_sym_session *session)
 {
 	struct rte_crypto_aead_xform *aead_xform = &xform->aead;
@@ -684,6 +752,17 @@ qat_sym_session_configure_aead(struct rte_crypto_sym_xform *xform,
 		return -EINVAL;
 	}
 
+	session->is_single_pass = 0;
+	if (aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) {
+		/* Use faster Single-Pass GCM if possible */
+		int res = qat_sym_session_handle_single_pass(
+				dev->data->dev_private, session, aead_xform);
+		if (res < 0)
+			return res;
+		if (session->is_single_pass)
+			return 0;
+	}
+
 	if ((aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT &&
 			aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) ||
 			(aead_xform->op == RTE_CRYPTO_AEAD_OP_DECRYPT &&
@@ -1444,7 +1523,7 @@ int qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc,
 	struct icp_qat_fw_la_auth_req_params *auth_param =
 		(struct icp_qat_fw_la_auth_req_params *)
 		((char *)&req_tmpl->serv_specif_rqpars +
-		sizeof(struct icp_qat_fw_la_cipher_req_params));
+		ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET);
 	uint16_t state1_size = 0, state2_size = 0;
 	uint16_t hash_offset, cd_size;
 	uint32_t *aad_len = NULL;
diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h
index ce1ca5af8..98985d686 100644
--- a/drivers/crypto/qat/qat_sym_session.h
+++ b/drivers/crypto/qat/qat_sym_session.h
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2015-2018 Intel Corporation
+ * Copyright(c) 2015-2019 Intel Corporation
  */
 #ifndef _QAT_SYM_SESSION_H_
 #define _QAT_SYM_SESSION_H_
@@ -25,6 +25,9 @@
 #define QAT_3DES_KEY_SZ_OPT2 16 /* K3=K1 */
 #define QAT_3DES_KEY_SZ_OPT3 8 /* K1=K2=K3 */
 
+/* 96-bit case of IV for CCP/GCM single pass algorithm */
+#define QAT_AES_GCM_SPC_IV_SIZE 12
+
 
 #define QAT_AES_HW_CONFIG_CBC_ENC(alg) \
 	ICP_QAT_HW_CIPHER_CONFIG_BUILD(ICP_QAT_HW_CIPHER_CBC_MODE, alg, \
@@ -78,6 +81,7 @@ struct qat_sym_session {
 	rte_spinlock_t lock;	/* protects this struct */
 	enum qat_device_gen min_qat_dev_gen;
 	uint8_t aes_cmac;
+	uint8_t is_single_pass;
 };
 
 int
@@ -91,7 +95,8 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform, void *session_private);
 
 int
-qat_sym_session_configure_aead(struct rte_crypto_sym_xform *xform,
+qat_sym_session_configure_aead(struct rte_cryptodev *dev,
+				struct rte_crypto_sym_xform *xform,
 				struct qat_sym_session *session);
 
 int
-- 
2.17.1


^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: [dpdk-dev] [PATCH v3 0/3] QAT: handle Single Pass GCM
  2019-10-08 12:44   ` [dpdk-dev] [PATCH v3 0/3] QAT: handle Single Pass GCM Adam Dybkowski
                       ` (2 preceding siblings ...)
  2019-10-08 12:44     ` [dpdk-dev] [PATCH v3 3/3] crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT Adam Dybkowski
@ 2019-10-08 15:03     ` Trahe, Fiona
  2019-10-09  9:17       ` Akhil Goyal
  3 siblings, 1 reply; 16+ messages in thread
From: Trahe, Fiona @ 2019-10-08 15:03 UTC (permalink / raw)
  To: Dybkowski, AdamX, dev, Kusztal, ArkadiuszX, akhil.goyal; +Cc: Trahe, Fiona



> -----Original Message-----
> From: Dybkowski, AdamX
> Sent: Tuesday, October 8, 2019 1:45 PM
> To: dev@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>; akhil.goyal@nxp.com
> Cc: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> Subject: [PATCH v3 0/3] QAT: handle Single Pass GCM
> 
> This patch improves the performance of AES GCM
> by using the Single Pass Crypto Request
> when running on GEN3 QAT.
> ---
> v3:
> * Block GCM session prepared on QAT GEN3 to be used for executing op on QAT GEN1/2
> * Update QAT sym. crypto documentation
> 
> v2:
> * Fix the session preparation function and request building code.
> * Update release notes.
> 
> Adam Dybkowski (3):
>   test/crypto: add more AES GCM tests for QAT PMD
>   common/qat: add new QAT GEN3 definitions
>   crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT
> 
>  app/test/test_cryptodev.c                  | 226 +++++++++++++++++++++
>  doc/guides/cryptodevs/qat.rst              |  11 +
>  doc/guides/rel_notes/release_19_11.rst     |   6 +
>  drivers/common/qat/qat_adf/icp_qat_fw_la.h |  19 +-
>  drivers/common/qat/qat_adf/icp_qat_hw.h    |  19 ++
>  drivers/crypto/qat/qat_sym.c               |  13 +-
>  drivers/crypto/qat/qat_sym_session.c       |  87 +++++++-
>  drivers/crypto/qat/qat_sym_session.h       |   9 +-
>  8 files changed, 378 insertions(+), 12 deletions(-)
> 
> --
> 2.17.1
Series
Acked-by: Fiona Trahe <fiona.trahe@intel.com>


^ permalink raw reply	[flat|nested] 16+ messages in thread

* Re: [dpdk-dev] [PATCH v3 0/3] QAT: handle Single Pass GCM
  2019-10-08 15:03     ` [dpdk-dev] [PATCH v3 0/3] QAT: handle Single Pass GCM Trahe, Fiona
@ 2019-10-09  9:17       ` Akhil Goyal
  0 siblings, 0 replies; 16+ messages in thread
From: Akhil Goyal @ 2019-10-09  9:17 UTC (permalink / raw)
  To: Trahe, Fiona, Dybkowski, AdamX, dev, Kusztal, ArkadiuszX


> > This patch improves the performance of AES GCM
> > by using the Single Pass Crypto Request
> > when running on GEN3 QAT.
> > ---
> > v3:
> > * Block GCM session prepared on QAT GEN3 to be used for executing op on
> QAT GEN1/2
> > * Update QAT sym. crypto documentation
> >
> > v2:
> > * Fix the session preparation function and request building code.
> > * Update release notes.
> >
> > Adam Dybkowski (3):
> >   test/crypto: add more AES GCM tests for QAT PMD
> >   common/qat: add new QAT GEN3 definitions
> >   crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT
> >
> >  app/test/test_cryptodev.c                  | 226 +++++++++++++++++++++
> >  doc/guides/cryptodevs/qat.rst              |  11 +
> >  doc/guides/rel_notes/release_19_11.rst     |   6 +
> >  drivers/common/qat/qat_adf/icp_qat_fw_la.h |  19 +-
> >  drivers/common/qat/qat_adf/icp_qat_hw.h    |  19 ++
> >  drivers/crypto/qat/qat_sym.c               |  13 +-
> >  drivers/crypto/qat/qat_sym_session.c       |  87 +++++++-
> >  drivers/crypto/qat/qat_sym_session.h       |   9 +-
> >  8 files changed, 378 insertions(+), 12 deletions(-)
> >
> > --
> > 2.17.1
> Series
> Acked-by: Fiona Trahe <fiona.trahe@intel.com>

Applied to dpdk-next-crypto

Thanks

^ permalink raw reply	[flat|nested] 16+ messages in thread

end of thread, back to index

Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-06 14:47 [dpdk-dev] [PATCH 0/2] QAT: handle Single Pass GCM Adam Dybkowski
2019-09-06 14:47 ` [dpdk-dev] [PATCH 1/2] common/qat: add new QAT GEN3 definitions Adam Dybkowski
2019-09-06 14:47 ` [dpdk-dev] [PATCH 2/2] crypto/qat: handle Single Pass Crypto Requests Adam Dybkowski
2019-09-27 15:47 ` [dpdk-dev] [PATCH v2 0/3] QAT: handle Single Pass GCM Adam Dybkowski
2019-09-27 15:47   ` [dpdk-dev] [PATCH v2 1/3] test/crypto: add more AES GCM tests for QAT PMD Adam Dybkowski
2019-10-03 12:41     ` Trahe, Fiona
2019-09-27 15:47   ` [dpdk-dev] [PATCH v2 2/3] common/qat: add new QAT GEN3 definitions Adam Dybkowski
2019-10-03 12:58     ` Trahe, Fiona
2019-09-27 15:47   ` [dpdk-dev] [PATCH v2 3/3] crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT Adam Dybkowski
2019-10-03 13:04     ` Trahe, Fiona
2019-10-08 12:44   ` [dpdk-dev] [PATCH v3 0/3] QAT: handle Single Pass GCM Adam Dybkowski
2019-10-08 12:44     ` [dpdk-dev] [PATCH v3 1/3] test/crypto: add more AES GCM tests for QAT PMD Adam Dybkowski
2019-10-08 12:44     ` [dpdk-dev] [PATCH v3 2/3] common/qat: add new QAT GEN3 definitions Adam Dybkowski
2019-10-08 12:44     ` [dpdk-dev] [PATCH v3 3/3] crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT Adam Dybkowski
2019-10-08 15:03     ` [dpdk-dev] [PATCH v3 0/3] QAT: handle Single Pass GCM Trahe, Fiona
2019-10-09  9:17       ` Akhil Goyal

DPDK patches and discussions

Archives are clonable:
	git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev


Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/ public-inbox