From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9E35EA0487 for ; Wed, 3 Jul 2019 13:16:51 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id ABEFB1B958; Wed, 3 Jul 2019 13:16:32 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 021721B94E for ; Wed, 3 Jul 2019 13:16:28 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Jul 2019 04:16:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.63,446,1557212400"; d="scan'208";a="184724697" Received: from damiannx-mobl1.ger.corp.intel.com ([10.103.104.101]) by fmsmga001.fm.intel.com with ESMTP; 03 Jul 2019 04:16:27 -0700 From: Damian Nowak To: dev@dpdk.org Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com, arkadiuszx.kusztal@intel.com, Damian Nowak Date: Wed, 3 Jul 2019 13:15:53 +0200 Message-Id: <20190703111558.11552-4-damianx.nowak@intel.com> X-Mailer: git-send-email 2.21.0.windows.1 In-Reply-To: <20190703111558.11552-1-damianx.nowak@intel.com> References: <20190607100608.16212-1-damianx.nowak@intel.com> <20190703111558.11552-1-damianx.nowak@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v3 3/8] crypto/qat: extend support for digest-encrypted auth-cipher X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch adds condition to be met when using out-of-place auth-cipher operations. It checks if the digest location overlaps with the data to be encrypted or decrypted and if so, treats as a digest-encrypted case. Patch adds checking, if the digest is being encrypted or decrypted partially and extends PMD buffers accordingly. It also adds feature flag for QuickAssist Technology to emphasize it's support for digest appended auth-cipher operations. Signed-off-by: Damian Nowak --- doc/guides/cryptodevs/features/qat.ini | 1 + doc/guides/rel_notes/release_19_08.rst | 5 +++ drivers/crypto/qat/qat_sym.c | 63 ++++++++++++++++++++++++++-------- drivers/crypto/qat/qat_sym_pmd.c | 3 +- 4 files changed, 57 insertions(+), 15 deletions(-) diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini index e8f9060..0832e59 100644 --- a/doc/guides/cryptodevs/features/qat.ini +++ b/doc/guides/cryptodevs/features/qat.ini @@ -12,6 +12,7 @@ OOP SGL In SGL Out = Y OOP SGL In LB Out = Y OOP LB In SGL Out = Y OOP LB In LB Out = Y +Digest encrypted = Y ; ; Supported crypto algorithms of the 'qat' crypto driver. diff --git a/doc/guides/rel_notes/release_19_08.rst b/doc/guides/rel_notes/release_19_08.rst index c82b7f5..8cf4067 100644 --- a/doc/guides/rel_notes/release_19_08.rst +++ b/doc/guides/rel_notes/release_19_08.rst @@ -126,6 +126,11 @@ New Features Added telemetry mode to l3fwd-power application to report application level busyness, empty and full polls of rte_eth_rx_burst(). +* **Updated the QuickAssist Technology (QAT) symmetric crypto PMD.** + + Added support for digest-encrypted cases where digest is appended + to the data. + Removed Items ------------- diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c index 7515a55..2dc0614 100644 --- a/drivers/crypto/qat/qat_sym.c +++ b/drivers/crypto/qat/qat_sym.c @@ -156,8 +156,9 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, uint32_t auth_len = 0, auth_ofs = 0; uint32_t min_ofs = 0; uint64_t src_buf_start = 0, dst_buf_start = 0; + uint64_t digest_start = 0; uint8_t do_sgl = 0; - uint8_t wireless_auth = 0, in_place = 1; + uint8_t in_place = 1; struct rte_crypto_op *op = (struct rte_crypto_op *)in_op; struct qat_sym_op_cookie *cookie = (struct qat_sym_op_cookie *)op_cookie; @@ -270,7 +271,6 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, } auth_ofs = op->sym->auth.data.offset >> 3; auth_len = op->sym->auth.data.length >> 3; - wireless_auth = 1; auth_param->u1.aad_adr = rte_crypto_op_ctophys_offset(op, @@ -493,6 +493,53 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, (cipher_param->cipher_offset + cipher_param->cipher_length) : (auth_param->auth_off + auth_param->auth_len); + if (do_auth && do_cipher) { + if (do_sgl) { + uint32_t remaining_off = auth_param->auth_off + + auth_param->auth_len; + struct rte_mbuf *sgl_buf = + (in_place ? + op->sym->m_src : op->sym->m_dst); + while (remaining_off >= rte_pktmbuf_data_len( + sgl_buf)) { + remaining_off -= rte_pktmbuf_data_len( + sgl_buf); + sgl_buf = sgl_buf->next; + } + digest_start = (uint64_t)rte_pktmbuf_iova_offset( + sgl_buf, remaining_off); + } else { + digest_start = (in_place ? + src_buf_start : dst_buf_start) + + auth_param->auth_off + auth_param->auth_len; + } + /* Handle cases of auth-gen-then-cipher and + * cipher-decrypt-then-auth-verify with digest encrypted + */ + if ((auth_param->auth_off + auth_param->auth_len < + cipher_param->cipher_offset + + cipher_param->cipher_length) && + (op->sym->auth.digest.phys_addr == + digest_start)) { + /* Handle partial digest encryption */ + if (cipher_param->cipher_offset + + cipher_param->cipher_length < + auth_param->auth_off + + auth_param->auth_len + + ctx->digest_length) + qat_req->comn_mid.dst_length = + qat_req->comn_mid.src_length = + auth_param->auth_off + + auth_param->auth_len + + ctx->digest_length; + struct icp_qat_fw_comn_req_hdr *header = + &qat_req->comn_hdr; + ICP_QAT_FW_LA_DIGEST_IN_BUFFER_SET( + header->serv_specif_flags, + ICP_QAT_FW_LA_DIGEST_IN_BUFFER); + } + } + if (do_sgl) { ICP_QAT_FW_COMN_PTR_TYPE_SET(qat_req->comn_hdr.comn_req_flags, @@ -535,18 +582,6 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, } else { qat_req->comn_mid.src_data_addr = src_buf_start; qat_req->comn_mid.dest_data_addr = dst_buf_start; - /* handle case of auth-gen-then-cipher with digest encrypted */ - if (wireless_auth && in_place && - (op->sym->auth.digest.phys_addr == - src_buf_start + auth_ofs + auth_len) && - (auth_ofs + auth_len + ctx->digest_length <= - cipher_ofs + cipher_len)) { - struct icp_qat_fw_comn_req_hdr *header = - &qat_req->comn_hdr; - ICP_QAT_FW_LA_DIGEST_IN_BUFFER_SET( - header->serv_specif_flags, - ICP_QAT_FW_LA_DIGEST_IN_BUFFER); - } } #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c index af21270..71f21ce 100644 --- a/drivers/crypto/qat/qat_sym_pmd.c +++ b/drivers/crypto/qat/qat_sym_pmd.c @@ -278,7 +278,8 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev) RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT | RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT | - RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT; + RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | + RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED; internals = cryptodev->data->dev_private; internals->qat_dev = qat_pci_dev; -- 2.7.4