From: Vikash Poddar <vikash.chandrax.poddar@intel.com>
To: Kai Ji <kai.ji@intel.com>
Cc: dev@dpdk.org, Vikash Poddar <vikash.chandrax.poddar@intel.com>
Subject: [PATCH] crypto/qat: support to enable insecure algorithms
Date: Thu, 20 Apr 2023 09:58:16 +0000 [thread overview]
Message-ID: <20230420095816.1312737-1-vikash.chandrax.poddar@intel.com> (raw)
All the insecure algorithms are default disable from
cryptodev.
use qat_legacy_capa to enable all the legacy
algorithms.
Signed-off-by: Vikash Poddar <vikash.chandrax.poddar@intel.com>
---
drivers/common/qat/qat_device.c | 1 +
drivers/common/qat/qat_device.h | 3 +-
drivers/crypto/qat/dev/qat_crypto_pmd_gen2.c | 90 ++++++++++++--------
drivers/crypto/qat/qat_crypto.h | 1 +
drivers/crypto/qat/qat_sym.c | 3 +
5 files changed, 62 insertions(+), 36 deletions(-)
diff --git a/drivers/common/qat/qat_device.c b/drivers/common/qat/qat_device.c
index 8bce2ac073..b8da684973 100644
--- a/drivers/common/qat/qat_device.c
+++ b/drivers/common/qat/qat_device.c
@@ -365,6 +365,7 @@ static int qat_pci_probe(struct rte_pci_driver *pci_drv __rte_unused,
struct qat_pci_device *qat_pci_dev;
struct qat_dev_hw_spec_funcs *ops_hw;
struct qat_dev_cmd_param qat_dev_cmd_param[] = {
+ { QAT_LEGACY_CAPA, 0 },
{ QAT_IPSEC_MB_LIB, 0 },
{ SYM_ENQ_THRESHOLD_NAME, 0 },
{ ASYM_ENQ_THRESHOLD_NAME, 0 },
diff --git a/drivers/common/qat/qat_device.h b/drivers/common/qat/qat_device.h
index bc3da04238..12b8cc46b1 100644
--- a/drivers/common/qat/qat_device.h
+++ b/drivers/common/qat/qat_device.h
@@ -17,12 +17,13 @@
#define QAT_DEV_NAME_MAX_LEN 64
+#define QAT_LEGACY_CAPA "qat_legacy_capa"
#define QAT_IPSEC_MB_LIB "qat_ipsec_mb_lib"
#define SYM_ENQ_THRESHOLD_NAME "qat_sym_enq_threshold"
#define ASYM_ENQ_THRESHOLD_NAME "qat_asym_enq_threshold"
#define COMP_ENQ_THRESHOLD_NAME "qat_comp_enq_threshold"
#define QAT_CMD_SLICE_MAP "qat_cmd_slice_disable"
-#define QAT_CMD_SLICE_MAP_POS 4
+#define QAT_CMD_SLICE_MAP_POS 5
#define MAX_QP_THRESHOLD_SIZE 32
/**
diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gen2.c b/drivers/crypto/qat/dev/qat_crypto_pmd_gen2.c
index 60ca0fc0d2..3cd1c42d94 100644
--- a/drivers/crypto/qat/dev/qat_crypto_pmd_gen2.c
+++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gen2.c
@@ -12,10 +12,39 @@
#define MIXED_CRYPTO_MIN_FW_VER 0x04090000
-static struct rte_cryptodev_capabilities qat_sym_crypto_caps_gen2[] = {
+static struct rte_cryptodev_capabilities qat_sym_crypto_legacy_caps_gen2[] = {
+ QAT_SYM_CIPHER_CAP(DES_CBC,
+ CAP_SET(block_size, 8),
+ CAP_RNG(key_size, 8, 24, 8), CAP_RNG(iv_size, 8, 8, 0)),
+ QAT_SYM_CIPHER_CAP(3DES_CBC,
+ CAP_SET(block_size, 8),
+ CAP_RNG(key_size, 8, 24, 8), CAP_RNG(iv_size, 8, 8, 0)),
+ QAT_SYM_CIPHER_CAP(3DES_CTR,
+ CAP_SET(block_size, 8),
+ CAP_RNG(key_size, 16, 24, 8), CAP_RNG(iv_size, 8, 8, 0)),
+ QAT_SYM_CIPHER_CAP(DES_DOCSISBPI,
+ CAP_SET(block_size, 8),
+ CAP_RNG(key_size, 8, 8, 0), CAP_RNG(iv_size, 8, 8, 0)),
QAT_SYM_PLAIN_AUTH_CAP(SHA1,
CAP_SET(block_size, 64),
CAP_RNG(digest_size, 1, 20, 1)),
+ QAT_SYM_AUTH_CAP(SHA224,
+ CAP_SET(block_size, 64),
+ CAP_RNG_ZERO(key_size), CAP_RNG(digest_size, 1, 28, 1),
+ CAP_RNG_ZERO(aad_size), CAP_RNG_ZERO(iv_size)),
+ QAT_SYM_AUTH_CAP(SHA224_HMAC,
+ CAP_SET(block_size, 64),
+ CAP_RNG(key_size, 1, 64, 1), CAP_RNG(digest_size, 1, 28, 1),
+ CAP_RNG_ZERO(aad_size), CAP_RNG_ZERO(iv_size)),
+ QAT_SYM_AUTH_CAP(SHA1_HMAC,
+ CAP_SET(block_size, 64),
+ CAP_RNG(key_size, 1, 64, 1), CAP_RNG(digest_size, 1, 20, 1),
+ CAP_RNG_ZERO(aad_size), CAP_RNG_ZERO(iv_size)),
+ RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
+};
+
+
+static struct rte_cryptodev_capabilities qat_sym_crypto_caps_gen2[] = {
QAT_SYM_AEAD_CAP(AES_GCM,
CAP_SET(block_size, 16),
CAP_RNG(key_size, 16, 32, 8), CAP_RNG(digest_size, 8, 16, 4),
@@ -32,10 +61,6 @@ static struct rte_cryptodev_capabilities qat_sym_crypto_caps_gen2[] = {
CAP_SET(block_size, 16),
CAP_RNG(key_size, 16, 16, 0), CAP_RNG(digest_size, 4, 16, 4),
CAP_RNG_ZERO(aad_size), CAP_RNG_ZERO(iv_size)),
- QAT_SYM_AUTH_CAP(SHA224,
- CAP_SET(block_size, 64),
- CAP_RNG_ZERO(key_size), CAP_RNG(digest_size, 1, 28, 1),
- CAP_RNG_ZERO(aad_size), CAP_RNG_ZERO(iv_size)),
QAT_SYM_AUTH_CAP(SHA256,
CAP_SET(block_size, 64),
CAP_RNG_ZERO(key_size), CAP_RNG(digest_size, 1, 32, 1),
@@ -51,14 +76,6 @@ static struct rte_cryptodev_capabilities qat_sym_crypto_caps_gen2[] = {
QAT_SYM_PLAIN_AUTH_CAP(SHA3_256,
CAP_SET(block_size, 136),
CAP_RNG(digest_size, 32, 32, 0)),
- QAT_SYM_AUTH_CAP(SHA1_HMAC,
- CAP_SET(block_size, 64),
- CAP_RNG(key_size, 1, 64, 1), CAP_RNG(digest_size, 1, 20, 1),
- CAP_RNG_ZERO(aad_size), CAP_RNG_ZERO(iv_size)),
- QAT_SYM_AUTH_CAP(SHA224_HMAC,
- CAP_SET(block_size, 64),
- CAP_RNG(key_size, 1, 64, 1), CAP_RNG(digest_size, 1, 28, 1),
- CAP_RNG_ZERO(aad_size), CAP_RNG_ZERO(iv_size)),
QAT_SYM_AUTH_CAP(SHA256_HMAC,
CAP_SET(block_size, 64),
CAP_RNG(key_size, 1, 64, 1), CAP_RNG(digest_size, 1, 32, 1),
@@ -112,18 +129,6 @@ static struct rte_cryptodev_capabilities qat_sym_crypto_caps_gen2[] = {
QAT_SYM_CIPHER_CAP(NULL,
CAP_SET(block_size, 1),
CAP_RNG_ZERO(key_size), CAP_RNG_ZERO(iv_size)),
- QAT_SYM_CIPHER_CAP(3DES_CBC,
- CAP_SET(block_size, 8),
- CAP_RNG(key_size, 8, 24, 8), CAP_RNG(iv_size, 8, 8, 0)),
- QAT_SYM_CIPHER_CAP(3DES_CTR,
- CAP_SET(block_size, 8),
- CAP_RNG(key_size, 16, 24, 8), CAP_RNG(iv_size, 8, 8, 0)),
- QAT_SYM_CIPHER_CAP(DES_CBC,
- CAP_SET(block_size, 8),
- CAP_RNG(key_size, 8, 24, 8), CAP_RNG(iv_size, 8, 8, 0)),
- QAT_SYM_CIPHER_CAP(DES_DOCSISBPI,
- CAP_SET(block_size, 8),
- CAP_RNG(key_size, 8, 8, 0), CAP_RNG(iv_size, 8, 8, 0)),
QAT_SYM_CIPHER_CAP(ZUC_EEA3,
CAP_SET(block_size, 16),
CAP_RNG(key_size, 16, 16, 0), CAP_RNG(iv_size, 16, 16, 0)),
@@ -131,7 +136,6 @@ static struct rte_cryptodev_capabilities qat_sym_crypto_caps_gen2[] = {
CAP_SET(block_size, 16),
CAP_RNG(key_size, 16, 16, 0), CAP_RNG(digest_size, 4, 4, 0),
CAP_RNG_ZERO(aad_size), CAP_RNG(iv_size, 16, 16, 0)),
- RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
static int
@@ -283,8 +287,16 @@ qat_sym_crypto_cap_get_gen2(struct qat_cryptodev_private *internals,
const char *capa_memz_name,
const uint16_t __rte_unused slice_map)
{
- const uint32_t size = sizeof(qat_sym_crypto_caps_gen2);
- uint32_t i;
+ uint32_t i, j;
+ uint32_t curr_capa = 0;
+ uint32_t capa_num, legacy_capa_num;
+ uint32_t size = sizeof(qat_sym_crypto_caps_gen2);
+ uint32_t legacy_size = sizeof(qat_sym_crypto_legacy_caps_gen2);
+ capa_num = size/sizeof(struct rte_cryptodev_capabilities);
+ legacy_capa_num = legacy_size/sizeof(struct rte_cryptodev_capabilities);
+
+ if (unlikely(qat_legacy_capa))
+ size = size + legacy_size;
internals->capa_mz = rte_memzone_lookup(capa_memz_name);
if (internals->capa_mz == NULL) {
@@ -300,16 +312,24 @@ qat_sym_crypto_cap_get_gen2(struct qat_cryptodev_private *internals,
struct rte_cryptodev_capabilities *addr =
(struct rte_cryptodev_capabilities *)
internals->capa_mz->addr;
- const struct rte_cryptodev_capabilities *capabilities =
- qat_sym_crypto_caps_gen2;
- const uint32_t capa_num =
- size / sizeof(struct rte_cryptodev_capabilities);
- uint32_t curr_capa = 0;
+ struct rte_cryptodev_capabilities *capabilities;
- for (i = 0; i < capa_num; i++) {
- memcpy(addr + curr_capa, capabilities + i,
+ capabilities = qat_sym_crypto_caps_gen2;
+ if (unlikely(qat_legacy_capa))
+ capa_num += legacy_capa_num;
+
+ for (i = 0, j = 0; i < capa_num; i++) {
+ memcpy(addr + curr_capa, capabilities + j,
sizeof(struct rte_cryptodev_capabilities));
curr_capa++;
+ j++;
+
+ if (unlikely(qat_legacy_capa) && (i == capa_num-legacy_capa_num-1)) {
+ capabilities = qat_sym_crypto_legacy_caps_gen2;
+ addr += curr_capa;
+ j = 0;
+ curr_capa = 0;
+ }
}
internals->qat_dev_capabilities = internals->capa_mz->addr;
diff --git a/drivers/crypto/qat/qat_crypto.h b/drivers/crypto/qat/qat_crypto.h
index 6fe1326c51..a4152302bc 100644
--- a/drivers/crypto/qat/qat_crypto.h
+++ b/drivers/crypto/qat/qat_crypto.h
@@ -11,6 +11,7 @@
extern uint8_t qat_sym_driver_id;
extern uint8_t qat_asym_driver_id;
+extern int qat_legacy_capa;
/**
* helper macro to set cryptodev capability range
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 08e92191a3..61f5cd9a36 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -17,6 +17,7 @@
uint8_t qat_sym_driver_id;
int qat_ipsec_mb_lib;
+int qat_legacy_capa;
struct qat_crypto_gen_dev_ops qat_sym_gen_dev_ops[QAT_N_GENS];
@@ -281,6 +282,8 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev,
qat_dev_cmd_param[i].val;
if (!strcmp(qat_dev_cmd_param[i].name, QAT_IPSEC_MB_LIB))
qat_ipsec_mb_lib = qat_dev_cmd_param[i].val;
+ if (!strcmp(qat_dev_cmd_param[i].name, QAT_LEGACY_CAPA))
+ qat_legacy_capa = qat_dev_cmd_param[i].val;
if (!strcmp(qat_dev_cmd_param[i].name, QAT_CMD_SLICE_MAP))
slice_map = qat_dev_cmd_param[i].val;
i++;
--
2.25.1
--------------------------------------------------------------
Intel Research and Development Ireland Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263
This e-mail and any attachments may contain confidential material for the sole
use of the intended recipient(s). Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact the
sender and delete all copies.
next reply other threads:[~2023-04-20 9:58 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-20 9:58 Vikash Poddar [this message]
2023-05-23 9:14 ` [PATCH v2] " Vikash Poddar
2023-05-23 14:35 ` Ji, Kai
2023-05-25 7:56 ` [EXT] " Akhil Goyal
2023-05-25 16:10 ` [PATCH v3] " Vikash Poddar
2023-05-26 6:48 ` [PATCH v4] " Vikash Poddar
2023-05-29 6:32 ` [PATCH v5] " Vikash Poddar
2023-05-29 10:45 ` [PATCH v6] " Vikash Poddar
2023-06-08 13:14 ` Power, Ciara
2023-06-14 18:30 ` [EXT] " Akhil Goyal
2023-06-16 14:00 ` [PATCH v7 1/3] common/qat: fix qat_dev_cmd_param corruption Vikash Poddar
2023-06-16 14:00 ` [PATCH v7 2/3] crypto/qat: support to enable insecure algorithms Vikash Poddar
2023-06-16 14:00 ` [PATCH v7 3/3] test/crypto: skip asym test for " Vikash Poddar
2023-06-20 7:33 ` [EXT] [PATCH v7 1/3] common/qat: fix qat_dev_cmd_param corruption Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230420095816.1312737-1-vikash.chandrax.poddar@intel.com \
--to=vikash.chandrax.poddar@intel.com \
--cc=dev@dpdk.org \
--cc=kai.ji@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).