From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 694E5A0513; Wed, 15 Jan 2020 15:59:38 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id C38891C191; Wed, 15 Jan 2020 15:59:30 +0100 (CET) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by dpdk.org (Postfix) with ESMTP id 8D2091BFC3 for ; Wed, 15 Jan 2020 15:59:27 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Jan 2020 06:59:27 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,322,1574150400"; d="scan'208";a="256799453" Received: from adamdybx-mobl.ger.corp.intel.com (HELO localhost.localdomain) ([10.104.125.6]) by fmsmga002.fm.intel.com with ESMTP; 15 Jan 2020 06:59:25 -0800 From: Adam Dybkowski To: dev@dpdk.org, fiona.trahe@intel.com, akhil.goyal@nxp.com Cc: Adam Dybkowski Date: Wed, 15 Jan 2020 15:59:22 +0100 Message-Id: <20200115145923.29515-2-adamx.dybkowski@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200115145923.29515-1-adamx.dybkowski@intel.com> References: <20191211140935.9503-1-adamx.dybkowski@intel.com> <20200115145923.29515-1-adamx.dybkowski@intel.com> Subject: [dpdk-dev] [PATCH v3 1/2] crypto/qat: handle mixed hash-cipher requests on GEN3 QAT X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch implements handling mixed encrypted digest hash-cipher requests (e.g. SNOW3G + ZUC or ZUC + AES CTR) possible when running on GEN3 QAT. Such algorithm combinations are not supported on GEN1/GEN2 hardware. Signed-off-by: Adam Dybkowski --- doc/guides/cryptodevs/qat.rst | 24 ++++++++ doc/guides/rel_notes/release_20_02.rst | 7 +++ drivers/common/qat/qat_adf/icp_qat_fw.h | 3 + drivers/common/qat/qat_adf/icp_qat_fw_la.h | 2 + drivers/crypto/qat/qat_sym_session.c | 72 ++++++++++++++++++++++ 5 files changed, 108 insertions(+) diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst index 6197875fe..9053ae9c0 100644 --- a/doc/guides/cryptodevs/qat.rst +++ b/doc/guides/cryptodevs/qat.rst @@ -72,6 +72,30 @@ Supported AEAD algorithms: * ``RTE_CRYPTO_AEAD_AES_CCM`` +Supported Chains +~~~~~~~~~~~~~~~~ + +All the usual chains are supported and also some mixed chains: + +.. table:: Supported hash-cipher chains for wireless digest-encrypted cases + + +------------------+-----------+-------------+----------+----------+ + | Cipher algorithm | NULL AUTH | SNOW3G UIA2 | ZUC EIA3 | AES CMAC | + +==================+===========+=============+==========+==========+ + | NULL CIPHER | Y | 3 | 3 | Y | + +------------------+-----------+-------------+----------+----------+ + | SNOW3G UEA2 | 3 | Y | 3 | 3 | + +------------------+-----------+-------------+----------+----------+ + | ZUC EEA3 | 3 | 3 | 2&3 | 3 | + +------------------+-----------+-------------+----------+----------+ + | AES CTR | Y | 3 | 3 | Y | + +------------------+-----------+-------------+----------+----------+ + +* The combinations marked as "Y" are supported on all QAT hardware versions. +* The combinations marked as "2&3" are supported on GEN2/GEN3 QAT hardware only. +* The combinations marked as "3" are supported on GEN3 QAT hardware only. + + Limitations ~~~~~~~~~~~ diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst index 6b60f4737..b99abddfd 100644 --- a/doc/guides/rel_notes/release_20_02.rst +++ b/doc/guides/rel_notes/release_20_02.rst @@ -60,6 +60,13 @@ New Features Chacha20-Poly1305 AEAD algorithm can now be supported in Cryptodev. +* **Added handling of mixed algorithms in encrypted digest requests in QAT PMD.** + + Added handling of mixed algorithms in encrypted digest hash-cipher + (generation) and cipher-hash (verification) requests (e.g. SNOW3G + ZUC or + ZUC + AES CTR) in QAT PMD possible when running on GEN3 QAT hardware. + Such algorithm combinations are not supported on GEN1/GEN2 hardware + and executing the request returns RTE_CRYPTO_OP_STATUS_INVALID_SESSION. Removed Items ------------- diff --git a/drivers/common/qat/qat_adf/icp_qat_fw.h b/drivers/common/qat/qat_adf/icp_qat_fw.h index 8f7cb37b4..1265c2a13 100644 --- a/drivers/common/qat/qat_adf/icp_qat_fw.h +++ b/drivers/common/qat/qat_adf/icp_qat_fw.h @@ -175,6 +175,9 @@ struct icp_qat_fw_comn_resp { #define QAT_COMN_PTR_TYPE_SGL 0x1 #define QAT_COMN_CD_FLD_TYPE_64BIT_ADR 0x0 #define QAT_COMN_CD_FLD_TYPE_16BYTE_DATA 0x1 +#define QAT_COMN_EXT_FLAGS_BITPOS 8 +#define QAT_COMN_EXT_FLAGS_MASK 0x1 +#define QAT_COMN_EXT_FLAGS_USED 0x1 #define ICP_QAT_FW_COMN_FLAGS_BUILD(cdt, ptr) \ ((((cdt) & QAT_COMN_CD_FLD_TYPE_MASK) << QAT_COMN_CD_FLD_TYPE_BITPOS) \ diff --git a/drivers/common/qat/qat_adf/icp_qat_fw_la.h b/drivers/common/qat/qat_adf/icp_qat_fw_la.h index 38891eb1f..20eb145de 100644 --- a/drivers/common/qat/qat_adf/icp_qat_fw_la.h +++ b/drivers/common/qat/qat_adf/icp_qat_fw_la.h @@ -273,6 +273,8 @@ struct icp_qat_fw_cipher_auth_cd_ctrl_hdr { #define ICP_QAT_FW_AUTH_HDR_FLAG_DO_NESTED 1 #define ICP_QAT_FW_AUTH_HDR_FLAG_NO_NESTED 0 +#define ICP_QAT_FW_AUTH_HDR_FLAG_SNOW3G_UIA2_BITPOS 3 +#define ICP_QAT_FW_AUTH_HDR_FLAG_ZUC_EIA3_BITPOS 4 #define ICP_QAT_FW_CCM_GCM_AAD_SZ_MAX 240 #define ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET 24 #define ICP_QAT_FW_CIPHER_REQUEST_PARAMETERS_OFFSET (0) diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index 72290ba48..4359f2f0b 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -416,6 +416,74 @@ qat_sym_session_configure(struct rte_cryptodev *dev, return 0; } +static void +qat_sym_session_set_ext_hash_flags(struct qat_sym_session *session, + uint8_t hash_flag) +{ + struct icp_qat_fw_comn_req_hdr *header = &session->fw_req.comn_hdr; + struct icp_qat_fw_cipher_auth_cd_ctrl_hdr *cd_ctrl = + (struct icp_qat_fw_cipher_auth_cd_ctrl_hdr *) + session->fw_req.cd_ctrl.content_desc_ctrl_lw; + + /* Set the Use Extended Protocol Flags bit in LW 1 */ + QAT_FIELD_SET(header->comn_req_flags, + QAT_COMN_EXT_FLAGS_USED, + QAT_COMN_EXT_FLAGS_BITPOS, + QAT_COMN_EXT_FLAGS_MASK); + + /* Set Hash Flags in LW 28 */ + cd_ctrl->hash_flags |= hash_flag; + + /* Set proto flags in LW 1 */ + switch (session->qat_cipher_alg) { + case ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2: + ICP_QAT_FW_LA_PROTO_SET(header->serv_specif_flags, + ICP_QAT_FW_LA_SNOW_3G_PROTO); + ICP_QAT_FW_LA_ZUC_3G_PROTO_FLAG_SET( + header->serv_specif_flags, 0); + break; + case ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3: + ICP_QAT_FW_LA_PROTO_SET(header->serv_specif_flags, + ICP_QAT_FW_LA_NO_PROTO); + ICP_QAT_FW_LA_ZUC_3G_PROTO_FLAG_SET( + header->serv_specif_flags, + ICP_QAT_FW_LA_ZUC_3G_PROTO); + break; + default: + ICP_QAT_FW_LA_PROTO_SET(header->serv_specif_flags, + ICP_QAT_FW_LA_NO_PROTO); + ICP_QAT_FW_LA_ZUC_3G_PROTO_FLAG_SET( + header->serv_specif_flags, 0); + break; + } +} + +static void +qat_sym_session_handle_mixed(struct qat_sym_session *session) +{ + if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3 && + session->qat_cipher_alg != + ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3) { + session->min_qat_dev_gen = QAT_GEN3; + qat_sym_session_set_ext_hash_flags(session, + 1 << ICP_QAT_FW_AUTH_HDR_FLAG_ZUC_EIA3_BITPOS); + } else if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2 && + session->qat_cipher_alg != + ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2) { + session->min_qat_dev_gen = QAT_GEN3; + qat_sym_session_set_ext_hash_flags(session, + 1 << ICP_QAT_FW_AUTH_HDR_FLAG_SNOW3G_UIA2_BITPOS); + } else if ((session->aes_cmac || + session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_NULL) && + (session->qat_cipher_alg == + ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2 || + session->qat_cipher_alg == + ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3)) { + session->min_qat_dev_gen = QAT_GEN3; + qat_sym_session_set_ext_hash_flags(session, 0); + } +} + int qat_sym_session_set_parameters(struct rte_cryptodev *dev, struct rte_crypto_sym_xform *xform, void *session_private) @@ -463,6 +531,8 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, xform, session); if (ret < 0) return ret; + /* Special handling of mixed hash+cipher algorithms */ + qat_sym_session_handle_mixed(session); } break; case ICP_QAT_FW_LA_CMD_HASH_CIPHER: @@ -480,6 +550,8 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, xform, session); if (ret < 0) return ret; + /* Special handling of mixed hash+cipher algorithms */ + qat_sym_session_handle_mixed(session); } break; case ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM: -- 2.17.1