DPDK patches and discussions
 help / color / mirror / Atom feed
From: Damian Nowak <damianx.nowak@intel.com>
To: dev@dpdk.org
Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com,
	arkadiuszx.kusztal@intel.com,
	Damian Nowak <damianx.nowak@intel.com>
Subject: [dpdk-dev] [PATCH v3 3/8] crypto/qat: extend support for digest-encrypted auth-cipher
Date: Wed,  3 Jul 2019 13:15:53 +0200	[thread overview]
Message-ID: <20190703111558.11552-4-damianx.nowak@intel.com> (raw)
In-Reply-To: <20190703111558.11552-1-damianx.nowak@intel.com>

This patch adds condition to be met when using
out-of-place auth-cipher operations. It checks
if the digest location overlaps with the data to
be encrypted or decrypted and if so, treats as a
digest-encrypted case.
Patch adds checking, if the digest is being
encrypted or decrypted partially and extends PMD
buffers accordingly.
It also adds feature flag for QuickAssist
Technology to emphasize it's support for digest
appended auth-cipher operations.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
 doc/guides/cryptodevs/features/qat.ini |  1 +
 doc/guides/rel_notes/release_19_08.rst |  5 +++
 drivers/crypto/qat/qat_sym.c           | 63 ++++++++++++++++++++++++++--------
 drivers/crypto/qat/qat_sym_pmd.c       |  3 +-
 4 files changed, 57 insertions(+), 15 deletions(-)

diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini
index e8f9060..0832e59 100644
--- a/doc/guides/cryptodevs/features/qat.ini
+++ b/doc/guides/cryptodevs/features/qat.ini
@@ -12,6 +12,7 @@ OOP SGL In SGL Out     = Y
 OOP SGL In LB  Out     = Y
 OOP LB  In SGL Out     = Y
 OOP LB  In LB  Out     = Y
+Digest encrypted       = Y
 
 ;
 ; Supported crypto algorithms of the 'qat' crypto driver.
diff --git a/doc/guides/rel_notes/release_19_08.rst b/doc/guides/rel_notes/release_19_08.rst
index c82b7f5..8cf4067 100644
--- a/doc/guides/rel_notes/release_19_08.rst
+++ b/doc/guides/rel_notes/release_19_08.rst
@@ -126,6 +126,11 @@ New Features
   Added telemetry mode to l3fwd-power application to report
   application level busyness, empty and full polls of rte_eth_rx_burst().
 
+* **Updated the QuickAssist Technology (QAT) symmetric crypto PMD.**
+
+  Added support for digest-encrypted cases where digest is appended
+  to the data.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 7515a55..2dc0614 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -156,8 +156,9 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 	uint32_t auth_len = 0, auth_ofs = 0;
 	uint32_t min_ofs = 0;
 	uint64_t src_buf_start = 0, dst_buf_start = 0;
+	uint64_t digest_start = 0;
 	uint8_t do_sgl = 0;
-	uint8_t wireless_auth = 0, in_place = 1;
+	uint8_t in_place = 1;
 	struct rte_crypto_op *op = (struct rte_crypto_op *)in_op;
 	struct qat_sym_op_cookie *cookie =
 				(struct qat_sym_op_cookie *)op_cookie;
@@ -270,7 +271,6 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 			}
 			auth_ofs = op->sym->auth.data.offset >> 3;
 			auth_len = op->sym->auth.data.length >> 3;
-			wireless_auth = 1;
 
 			auth_param->u1.aad_adr =
 					rte_crypto_op_ctophys_offset(op,
@@ -493,6 +493,53 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 		(cipher_param->cipher_offset + cipher_param->cipher_length)
 		: (auth_param->auth_off + auth_param->auth_len);
 
+	if (do_auth && do_cipher) {
+		if (do_sgl) {
+			uint32_t remaining_off = auth_param->auth_off +
+				auth_param->auth_len;
+			struct rte_mbuf *sgl_buf =
+				(in_place ?
+				op->sym->m_src : op->sym->m_dst);
+			while (remaining_off >= rte_pktmbuf_data_len(
+					sgl_buf)) {
+				remaining_off -= rte_pktmbuf_data_len(
+						sgl_buf);
+				sgl_buf = sgl_buf->next;
+			}
+			digest_start = (uint64_t)rte_pktmbuf_iova_offset(
+				sgl_buf, remaining_off);
+		} else {
+			digest_start = (in_place ?
+				src_buf_start : dst_buf_start) +
+				auth_param->auth_off + auth_param->auth_len;
+		}
+		/* Handle cases of auth-gen-then-cipher and
+		 * cipher-decrypt-then-auth-verify with digest encrypted
+		 */
+		if ((auth_param->auth_off + auth_param->auth_len <
+					cipher_param->cipher_offset +
+					cipher_param->cipher_length) &&
+				(op->sym->auth.digest.phys_addr ==
+					digest_start)) {
+			/* Handle partial digest encryption */
+			if (cipher_param->cipher_offset +
+					cipher_param->cipher_length <
+					auth_param->auth_off +
+					auth_param->auth_len +
+					ctx->digest_length)
+				qat_req->comn_mid.dst_length =
+					qat_req->comn_mid.src_length =
+					auth_param->auth_off +
+					auth_param->auth_len +
+					ctx->digest_length;
+			struct icp_qat_fw_comn_req_hdr *header =
+				&qat_req->comn_hdr;
+			ICP_QAT_FW_LA_DIGEST_IN_BUFFER_SET(
+				header->serv_specif_flags,
+				ICP_QAT_FW_LA_DIGEST_IN_BUFFER);
+		}
+	}
+
 	if (do_sgl) {
 
 		ICP_QAT_FW_COMN_PTR_TYPE_SET(qat_req->comn_hdr.comn_req_flags,
@@ -535,18 +582,6 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 	} else {
 		qat_req->comn_mid.src_data_addr = src_buf_start;
 		qat_req->comn_mid.dest_data_addr = dst_buf_start;
-		/* handle case of auth-gen-then-cipher with digest encrypted */
-		if (wireless_auth && in_place &&
-		    (op->sym->auth.digest.phys_addr ==
-				src_buf_start + auth_ofs + auth_len) &&
-		    (auth_ofs + auth_len + ctx->digest_length <=
-				cipher_ofs + cipher_len)) {
-			struct icp_qat_fw_comn_req_hdr *header =
-						&qat_req->comn_hdr;
-			ICP_QAT_FW_LA_DIGEST_IN_BUFFER_SET(
-				header->serv_specif_flags,
-				ICP_QAT_FW_LA_DIGEST_IN_BUFFER);
-		}
 	}
 
 #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c
index af21270..71f21ce 100644
--- a/drivers/crypto/qat/qat_sym_pmd.c
+++ b/drivers/crypto/qat/qat_sym_pmd.c
@@ -278,7 +278,8 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev)
 			RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT |
 			RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
 			RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT |
-			RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT;
+			RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
+			RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED;
 
 	internals = cryptodev->data->dev_private;
 	internals->qat_dev = qat_pci_dev;
-- 
2.7.4


  parent reply	other threads:[~2019-07-03 11:16 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-03 14:50 [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 1/9] crypto/qat: check buffer size for oop auth-cipher Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 2/9] test/crypto: add snow3g test cases for oop operation Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 3/9] test/crypto: add kasumi " Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 4/9] test/crypto: add sgl test cases for ip and oop Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 5/9] cryptodev: document usage of digest-appended operations Nowak
2019-06-04  9:11   ` Mcnamara, John
2019-06-03 14:50 ` [dpdk-dev] [PATCH 6/9] cryptodev: add digest encrypted feature flag Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 7/9] crypto/qat: " Nowak
2019-06-04 13:45   ` Trahe, Fiona
2019-06-03 14:50 ` [dpdk-dev] [PATCH 8/9] test/crypto: add digest encrypted feature flag check Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 9/9] test/crypto: return correct value if feature not supported Nowak
2019-06-04 13:16 ` [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Trahe, Fiona
2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
2019-06-07 10:05   ` [dpdk-dev] [PATCH v2 01/10] cryptodev: document usage of digest-appended operations Damian Nowak
2019-06-13 13:56     ` Trahe, Fiona
2019-06-07 10:05   ` [dpdk-dev] [PATCH v2 02/10] cryptodev: add digest encrypted feature flag Damian Nowak
2019-06-13 14:16     ` Trahe, Fiona
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 03/10] crypto/qat: handle buffer size for digest-encrypted auth-cipher Damian Nowak
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 04/10] crypto/qat: add digest encrypted feature flag Damian Nowak
2019-06-13  8:18     ` Akhil Goyal
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 05/10] test/crypto: add snow3g test cases for auth-cipher Damian Nowak
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 06/10] test/crypto: add kasumi " Damian Nowak
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 07/10] test/crypto: add sgl test cases for ip and oop Damian Nowak
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 08/10] test/crypto: return correct value if feature not supported Damian Nowak
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 09/10] doc/crypto: document digest-encrypted limitations in qat Damian Nowak
2019-06-13  8:12     ` Akhil Goyal
2019-06-07 10:06   ` [dpdk-dev] [PATCH v2 10/10] doc: update release notes for 19.08 Damian Nowak
2019-06-13  8:14     ` Akhil Goyal
2019-07-03 11:15   ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 1/8] cryptodev: document usage of digest-appended operations Damian Nowak
2019-07-03 16:13       ` De Lara Guarch, Pablo
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 2/8] cryptodev: add digest encrypted feature flag Damian Nowak
2019-07-03 16:14       ` De Lara Guarch, Pablo
2019-07-05  7:10         ` Akhil Goyal
2019-07-03 11:15     ` Damian Nowak [this message]
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 4/8] test/crypto: add snow3g test cases for auth-cipher Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 5/8] test/crypto: add zuc " Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 6/8] test/crypto: add kasumi " Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 7/8] test/crypto: add sgl test cases for ip and oop Damian Nowak
2019-07-03 11:15     ` [dpdk-dev] [PATCH v3 8/8] test/crypto: return correct value if feature not supported Damian Nowak
2019-07-03 15:28     ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Trahe, Fiona

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190703111558.11552-4-damianx.nowak@intel.com \
    --to=damianx.nowak@intel.com \
    --cc=akhil.goyal@nxp.com \
    --cc=arkadiuszx.kusztal@intel.com \
    --cc=dev@dpdk.org \
    --cc=fiona.trahe@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).