From: Thomas Monjalon Date: Wed, 5 Feb 2020 11:04:32 +0000 (+0100) Subject: cryptodev: revert Chacha20-Poly1305 AEAD algorithm X-Git-Url: http://git.droids-corp.org/?p=dpdk.git;a=commitdiff_plain;h=f5862ae99e058c0cee36a08dfd51f8a3b766999a cryptodev: revert Chacha20-Poly1305 AEAD algorithm API makes think that rte_cryptodev_info_get() cannot return a value >= 3 (RTE_CRYPTO_AEAD_LIST_END in 19.11). 20.02-rc1 was returning 3 (RTE_CRYPTO_AEAD_CHACHA20_POLY1305). So the ABI compatibility contract was broken. It could be solved with some function versioning, but because a lack of time, the feature is reverted for now. This reverts following commits: - 6c9f3b347e21 ("cryptodev: add Chacha20-Poly1305 AEAD algorithm") - 2c512e64d600 ("crypto/qat: support Chacha Poly") - d55e01f579e1 ("test/crypto: add Chacha Poly cases") Signed-off-by: Thomas Monjalon --- diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index b5aaca1315..fa044cb717 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -7814,7 +7814,6 @@ test_authenticated_encryption(const struct aead_test_data *tdata) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; - struct rte_cryptodev_sym_capability_idx cap_idx; int retval; uint8_t *ciphertext, *auth_tag; @@ -7828,15 +7827,6 @@ test_authenticated_encryption(const struct aead_test_data *tdata) tdata->key.data, tdata->key.len, tdata->aad.len, tdata->auth_tag.len, tdata->iv.len); - - cap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD; - cap_idx.algo.aead = tdata->algo; - - if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0], - &cap_idx) == NULL) { - return -ENOTSUP; - } - if (retval < 0) return retval; @@ -8714,7 +8704,6 @@ test_authenticated_decryption(const struct aead_test_data *tdata) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; - struct rte_cryptodev_sym_capability_idx cap_idx; int retval; uint8_t *plaintext; @@ -8730,14 +8719,6 @@ test_authenticated_decryption(const struct aead_test_data *tdata) if (retval < 0) return retval; - cap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD; - cap_idx.algo.aead = tdata->algo; - - if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0], - &cap_idx) == NULL) { - return -ENOTSUP; - } - /* alloc mbuf and set payload */ if (tdata->aad.len > MBUF_SIZE) { ut_params->ibuf = rte_pktmbuf_alloc(ts_params->large_mbuf_pool); @@ -8790,18 +8771,6 @@ test_authenticated_decryption(const struct aead_test_data *tdata) return 0; } -static int -test_chacha20_poly1305_encrypt_test_case_rfc8439(void) -{ - return test_authenticated_encryption(&chacha20_poly1305_case_rfc8439); -} - -static int -test_chacha20_poly1305_decrypt_test_case_rfc8439(void) -{ - return test_authenticated_decryption(&chacha20_poly1305_case_rfc8439); -} - static int test_AES_GCM_authenticated_decryption_test_case_1(void) { @@ -12199,10 +12168,6 @@ static struct unit_test_suite cryptodev_qat_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, test_AES_CCM_authenticated_decryption_test_case_128_3), - TEST_CASE_ST(ut_setup, ut_teardown, - test_chacha20_poly1305_encrypt_test_case_rfc8439), - TEST_CASE_ST(ut_setup, ut_teardown, - test_chacha20_poly1305_decrypt_test_case_rfc8439), /** AES GCM Authenticated Encryption */ TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_auth_encrypt_SGL_in_place_1500B), diff --git a/app/test/test_cryptodev_aead_test_vectors.h b/app/test/test_cryptodev_aead_test_vectors.h index 84802f0f4a..a4a3a25c9d 100644 --- a/app/test/test_cryptodev_aead_test_vectors.h +++ b/app/test/test_cryptodev_aead_test_vectors.h @@ -84,83 +84,6 @@ struct gmac_test_data { }; -static uint8_t chacha_aad_rfc8439[] = { - 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, - 0xc4, 0xc5, 0xc6, 0xc7 -}; - -static const struct aead_test_data chacha20_poly1305_case_rfc8439 = { - .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305, - .key = { - .data = { - 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, - 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f - }, - .len = 32 - }, - .iv = { - .data = { - 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, - 0x44, 0x45, 0x46, 0x47 - }, - .len = 12 - }, - .aad = { - .data = chacha_aad_rfc8439, - .len = 12 - }, - .plaintext = { - .data = { - 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, - 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, - 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, - 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, - 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, - 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, - 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, - 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, - 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, - 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, - 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, - 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, - 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, - 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, - 0x74, 0x2e - - }, - .len = 114 - }, - .ciphertext = { - .data = { - 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, - 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2, - 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, - 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, - 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12, - 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, - 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, - 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36, - 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, - 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, - 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94, - 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, - 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, - 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b, - 0x61, 0x16 - }, - .len = 114 - }, - .auth_tag = { - .data = { - 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a, - 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91 - }, - .len = 16 - } -}; - /** AES-GCM-128 Test Vectors */ static const struct aead_test_data gcm_test_case_1 = { .algo = RTE_CRYPTO_AEAD_AES_GCM, diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini index 304a6a94f2..f639a882aa 100644 --- a/doc/guides/cryptodevs/features/default.ini +++ b/doc/guides/cryptodevs/features/default.ini @@ -93,13 +93,12 @@ SHA3_512 HMAC = ; Supported AEAD algorithms of a default crypto driver. ; [AEAD] -AES GCM (128) = -AES GCM (192) = -AES GCM (256) = -AES CCM (128) = -AES CCM (192) = -AES CCM (256) = -CHACHA20-POLY1305 = +AES GCM (128) = +AES GCM (192) = +AES GCM (256) = +AES CCM (128) = +AES CCM (192) = +AES CCM (256) = ; ; Supported Asymmetric algorithms of a default crypto driver. ; diff --git a/doc/guides/cryptodevs/features/qat.ini b/doc/guides/cryptodevs/features/qat.ini index 32591b5d19..6e350eb81f 100644 --- a/doc/guides/cryptodevs/features/qat.ini +++ b/doc/guides/cryptodevs/features/qat.ini @@ -60,13 +60,12 @@ AES CMAC (128) = Y ; Supported AEAD algorithms of the 'qat' crypto driver. ; [AEAD] -AES GCM (128) = Y -AES GCM (192) = Y -AES GCM (256) = Y -AES CCM (128) = Y -AES CCM (192) = Y -AES CCM (256) = Y -CHACHA20-POLY1305 = Y +AES GCM (128) = Y +AES GCM (192) = Y +AES GCM (256) = Y +AES CCM (128) = Y +AES CCM (192) = Y +AES CCM (256) = Y ; ; Supported Asymmetric algorithms of the 'qat' crypto driver. diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst index b7623cc553..06985e3193 100644 --- a/doc/guides/cryptodevs/qat.rst +++ b/doc/guides/cryptodevs/qat.rst @@ -70,7 +70,6 @@ Supported AEAD algorithms: * ``RTE_CRYPTO_AEAD_AES_GCM`` * ``RTE_CRYPTO_AEAD_AES_CCM`` -* ``RTE_CRYPTO_AEAD_CHACHA20_POLY1305`` Supported Chains diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst index a601d18b00..6b5ca613fa 100644 --- a/doc/guides/rel_notes/release_20_02.rst +++ b/doc/guides/rel_notes/release_20_02.rst @@ -120,7 +120,6 @@ New Features * **Added algorithms to cryptodev API.** - * Chacha20-Poly1305 AEAD algorithm can now be supported in cryptodev. * ECDSA (Elliptic Curve Digital Signature Algorithm) is added to asymmetric crypto library specifications. * ECPM (Elliptic Curve Point Multiplication) is added to @@ -134,10 +133,6 @@ New Features Such algorithm combinations are not supported on GEN1/GEN2 hardware and executing the request returns RTE_CRYPTO_OP_STATUS_INVALID_SESSION. -* **Updated the Intel QuickAssist Technology (QAT) symmetric crypto PMD.** - - Added Chacha20-Poly1305 AEAD algorithm. - * **Added Marvell OCTEON TX2 End Point rawdev PMD.** Added a new OCTEON TX2 rawdev PMD for End Point mode of operation. diff --git a/drivers/common/qat/qat_adf/icp_qat_hw.h b/drivers/common/qat/qat_adf/icp_qat_hw.h index fdc0f191a2..cef64861f1 100644 --- a/drivers/common/qat/qat_adf/icp_qat_hw.h +++ b/drivers/common/qat/qat_adf/icp_qat_hw.h @@ -204,9 +204,7 @@ enum icp_qat_hw_cipher_algo { ICP_QAT_HW_CIPHER_ALGO_KASUMI = 7, ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2 = 8, ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3 = 9, - ICP_QAT_HW_CIPHER_ALGO_SM4 = 10, - ICP_QAT_HW_CIPHER_ALGO_CHACHA20_POLY1305 = 11, - ICP_QAT_HW_CIPHER_DELIMITER = 12 + ICP_QAT_HW_CIPHER_DELIMITER = 10 }; enum icp_qat_hw_cipher_mode { @@ -308,12 +306,6 @@ enum icp_qat_hw_cipher_convert { #define ICP_QAT_HW_ZUC_3G_EEA3_KEY_SZ 16 #define ICP_QAT_HW_ZUC_3G_EEA3_IV_SZ 16 #define ICP_QAT_HW_MODE_F8_NUM_REG_TO_CLEAR 2 -#define ICP_QAT_HW_CHACHAPOLY_KEY_SZ 32 -#define ICP_QAT_HW_CHACHAPOLY_IV_SZ 12 -#define ICP_QAT_HW_CHACHAPOLY_BLK_SZ 64 -#define ICP_QAT_HW_SPC_CTR_SZ 16 -#define ICP_QAT_HW_CHACHAPOLY_ICV_SZ 16 -#define ICP_QAT_HW_CHACHAPOLY_AAD_MAX_LOG 14 #define ICP_QAT_HW_CIPHER_MAX_KEY_SZ ICP_QAT_HW_AES_256_F8_KEY_SZ diff --git a/drivers/crypto/qat/qat_sym_capabilities.h b/drivers/crypto/qat/qat_sym_capabilities.h index f919cf3ea4..028a56c568 100644 --- a/drivers/crypto/qat/qat_sym_capabilities.h +++ b/drivers/crypto/qat/qat_sym_capabilities.h @@ -594,36 +594,4 @@ }, } \ } -#define QAT_EXTRA_GEN3_SYM_CAPABILITIES \ - { /* Chacha20-Poly1305 */ \ - .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC, \ - {.sym = { \ - .xform_type = RTE_CRYPTO_SYM_XFORM_AEAD, \ - {.aead = { \ - .algo = RTE_CRYPTO_AEAD_CHACHA20_POLY1305, \ - .block_size = 64, \ - .key_size = { \ - .min = 32, \ - .max = 32, \ - .increment = 0 \ - }, \ - .digest_size = { \ - .min = 16, \ - .max = 16, \ - .increment = 0 \ - }, \ - .aad_size = { \ - .min = 0, \ - .max = 240, \ - .increment = 1 \ - }, \ - .iv_size = { \ - .min = 12, \ - .max = 12, \ - .increment = 0 \ - }, \ - }, } \ - }, } \ - } - #endif /* _QAT_SYM_CAPABILITIES_H_ */ diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c index e0aa25c56d..666ede7265 100644 --- a/drivers/crypto/qat/qat_sym_pmd.c +++ b/drivers/crypto/qat/qat_sym_pmd.c @@ -27,13 +27,6 @@ static const struct rte_cryptodev_capabilities qat_gen2_sym_capabilities[] = { RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -static const struct rte_cryptodev_capabilities qat_gen3_sym_capabilities[] = { - QAT_BASE_GEN1_SYM_CAPABILITIES, - QAT_EXTRA_GEN2_SYM_CAPABILITIES, - QAT_EXTRA_GEN3_SYM_CAPABILITIES, - RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() -}; - static int qat_sym_qp_release(struct rte_cryptodev *dev, uint16_t queue_pair_id); @@ -301,10 +294,8 @@ qat_sym_dev_create(struct qat_pci_device *qat_pci_dev, internals->qat_dev_capabilities = qat_gen1_sym_capabilities; break; case QAT_GEN2: - internals->qat_dev_capabilities = qat_gen2_sym_capabilities; - break; case QAT_GEN3: - internals->qat_dev_capabilities = qat_gen3_sym_capabilities; + internals->qat_dev_capabilities = qat_gen2_sym_capabilities; break; default: internals->qat_dev_capabilities = qat_gen2_sym_capabilities; diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index 1adef8faf4..4359f2f0b8 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -576,68 +576,69 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, } static int -qat_sym_session_handle_single_pass(struct qat_sym_session *session, +qat_sym_session_handle_single_pass(struct qat_sym_dev_private *internals, + struct qat_sym_session *session, struct rte_crypto_aead_xform *aead_xform) { - struct icp_qat_fw_la_cipher_req_params *cipher_param = - (void *) &session->fw_req.serv_specif_rqpars; + enum qat_device_gen qat_dev_gen = internals->qat_dev->qat_dev_gen; - session->is_single_pass = 1; - session->min_qat_dev_gen = QAT_GEN3; - session->qat_cmd = ICP_QAT_FW_LA_CMD_CIPHER; - if (aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) { + if (qat_dev_gen == QAT_GEN3 && + aead_xform->iv.length == QAT_AES_GCM_SPC_IV_SIZE) { + /* Use faster Single-Pass GCM */ + struct icp_qat_fw_la_cipher_req_params *cipher_param = + (void *) &session->fw_req.serv_specif_rqpars; + + session->is_single_pass = 1; + session->min_qat_dev_gen = QAT_GEN3; + session->qat_cmd = ICP_QAT_FW_LA_CMD_CIPHER; session->qat_mode = ICP_QAT_HW_CIPHER_AEAD_MODE; + session->cipher_iv.offset = aead_xform->iv.offset; + session->cipher_iv.length = aead_xform->iv.length; + if (qat_sym_session_aead_create_cd_cipher(session, + aead_xform->key.data, aead_xform->key.length)) + return -EINVAL; + session->aad_len = aead_xform->aad_length; + session->digest_length = aead_xform->digest_length; + if (aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) { + session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT; + session->auth_op = ICP_QAT_HW_AUTH_GENERATE; + ICP_QAT_FW_LA_RET_AUTH_SET( + session->fw_req.comn_hdr.serv_specif_flags, + ICP_QAT_FW_LA_RET_AUTH_RES); + } else { + session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT; + session->auth_op = ICP_QAT_HW_AUTH_VERIFY; + ICP_QAT_FW_LA_CMP_AUTH_SET( + session->fw_req.comn_hdr.serv_specif_flags, + ICP_QAT_FW_LA_CMP_AUTH_RES); + } + ICP_QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_SET( + session->fw_req.comn_hdr.serv_specif_flags, + ICP_QAT_FW_LA_SINGLE_PASS_PROTO); + ICP_QAT_FW_LA_PROTO_SET( + session->fw_req.comn_hdr.serv_specif_flags, + ICP_QAT_FW_LA_NO_PROTO); ICP_QAT_FW_LA_GCM_IV_LEN_FLAG_SET( - session->fw_req.comn_hdr.serv_specif_flags, - ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS); - } else { - /* Chacha-Poly is special case that use QAT CTR mode */ - session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE; - } - session->cipher_iv.offset = aead_xform->iv.offset; - session->cipher_iv.length = aead_xform->iv.length; - if (qat_sym_session_aead_create_cd_cipher(session, - aead_xform->key.data, aead_xform->key.length)) - return -EINVAL; - session->aad_len = aead_xform->aad_length; - session->digest_length = aead_xform->digest_length; - if (aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) { - session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT; - session->auth_op = ICP_QAT_HW_AUTH_GENERATE; - ICP_QAT_FW_LA_RET_AUTH_SET( - session->fw_req.comn_hdr.serv_specif_flags, - ICP_QAT_FW_LA_RET_AUTH_RES); - } else { - session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT; - session->auth_op = ICP_QAT_HW_AUTH_VERIFY; - ICP_QAT_FW_LA_CMP_AUTH_SET( - session->fw_req.comn_hdr.serv_specif_flags, - ICP_QAT_FW_LA_CMP_AUTH_RES); + session->fw_req.comn_hdr.serv_specif_flags, + ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS); + session->fw_req.comn_hdr.service_cmd_id = + ICP_QAT_FW_LA_CMD_CIPHER; + session->cd.cipher.cipher_config.val = + ICP_QAT_HW_CIPHER_CONFIG_BUILD( + ICP_QAT_HW_CIPHER_AEAD_MODE, + session->qat_cipher_alg, + ICP_QAT_HW_CIPHER_NO_CONVERT, + session->qat_dir); + QAT_FIELD_SET(session->cd.cipher.cipher_config.val, + aead_xform->digest_length, + QAT_CIPHER_AEAD_HASH_CMP_LEN_BITPOS, + QAT_CIPHER_AEAD_HASH_CMP_LEN_MASK); + session->cd.cipher.cipher_config.reserved = + ICP_QAT_HW_CIPHER_CONFIG_BUILD_UPPER( + aead_xform->aad_length); + cipher_param->spc_aad_sz = aead_xform->aad_length; + cipher_param->spc_auth_res_sz = aead_xform->digest_length; } - ICP_QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_SET( - session->fw_req.comn_hdr.serv_specif_flags, - ICP_QAT_FW_LA_SINGLE_PASS_PROTO); - ICP_QAT_FW_LA_PROTO_SET( - session->fw_req.comn_hdr.serv_specif_flags, - ICP_QAT_FW_LA_NO_PROTO); - session->fw_req.comn_hdr.service_cmd_id = - ICP_QAT_FW_LA_CMD_CIPHER; - session->cd.cipher.cipher_config.val = - ICP_QAT_HW_CIPHER_CONFIG_BUILD( - ICP_QAT_HW_CIPHER_AEAD_MODE, - session->qat_cipher_alg, - ICP_QAT_HW_CIPHER_NO_CONVERT, - session->qat_dir); - QAT_FIELD_SET(session->cd.cipher.cipher_config.val, - aead_xform->digest_length, - QAT_CIPHER_AEAD_HASH_CMP_LEN_BITPOS, - QAT_CIPHER_AEAD_HASH_CMP_LEN_MASK); - session->cd.cipher.cipher_config.reserved = - ICP_QAT_HW_CIPHER_CONFIG_BUILD_UPPER( - aead_xform->aad_length); - cipher_param->spc_aad_sz = aead_xform->aad_length; - cipher_param->spc_auth_res_sz = aead_xform->digest_length; - return 0; } @@ -790,10 +791,6 @@ qat_sym_session_configure_aead(struct rte_cryptodev *dev, { struct rte_crypto_aead_xform *aead_xform = &xform->aead; enum rte_crypto_auth_operation crypto_operation; - struct qat_sym_dev_private *internals = - dev->data->dev_private; - enum qat_device_gen qat_dev_gen = - internals->qat_dev->qat_dev_gen; /* * Store AEAD IV parameters as cipher IV, @@ -802,7 +799,6 @@ qat_sym_session_configure_aead(struct rte_cryptodev *dev, session->cipher_iv.offset = xform->aead.iv.offset; session->cipher_iv.length = xform->aead.iv.length; - session->is_single_pass = 0; switch (aead_xform->algo) { case RTE_CRYPTO_AEAD_AES_GCM: if (qat_sym_validate_aes_key(aead_xform->key.length, @@ -811,13 +807,7 @@ qat_sym_session_configure_aead(struct rte_cryptodev *dev, return -EINVAL; } session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE; - session->qat_hash_alg = - ICP_QAT_HW_AUTH_ALGO_GALOIS_128; - if (qat_dev_gen > QAT_GEN2 && aead_xform->iv.length == - QAT_AES_GCM_SPC_IV_SIZE) { - return qat_sym_session_handle_single_pass(session, - aead_xform); - } + session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128; break; case RTE_CRYPTO_AEAD_AES_CCM: if (qat_sym_validate_aes_key(aead_xform->key.length, @@ -828,19 +818,23 @@ qat_sym_session_configure_aead(struct rte_cryptodev *dev, session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE; session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_CBC_MAC; break; - case RTE_CRYPTO_AEAD_CHACHA20_POLY1305: - if (aead_xform->key.length != ICP_QAT_HW_CHACHAPOLY_KEY_SZ) - return -EINVAL; - session->qat_cipher_alg = - ICP_QAT_HW_CIPHER_ALGO_CHACHA20_POLY1305; - return qat_sym_session_handle_single_pass(session, - aead_xform); default: QAT_LOG(ERR, "Crypto: Undefined AEAD specified %u\n", aead_xform->algo); return -EINVAL; } + session->is_single_pass = 0; + if (aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) { + /* Use faster Single-Pass GCM if possible */ + int res = qat_sym_session_handle_single_pass( + dev->data->dev_private, session, aead_xform); + if (res < 0) + return res; + if (session->is_single_pass) + return 0; + } + if ((aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT && aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) || (aead_xform->op == RTE_CRYPTO_AEAD_OP_DECRYPT && diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index bc356f6ff0..ffa038dc40 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -348,8 +348,6 @@ enum rte_crypto_aead_algorithm { /**< AES algorithm in CCM mode. */ RTE_CRYPTO_AEAD_AES_GCM, /**< AES algorithm in GCM mode. */ - RTE_CRYPTO_AEAD_CHACHA20_POLY1305, - /**< Chacha20 cipher with poly1305 authenticator */ RTE_CRYPTO_AEAD_LIST_END }; @@ -393,11 +391,6 @@ struct rte_crypto_aead_xform { * be allocated, even though the length field will * have a value less than this. * - * - For Chacha20-Poly1305 it is 96-bit nonce. - * PMD sets initial counter for Poly1305 key generation - * part to 0 and for Chacha20 encryption to 1 as per - * rfc8439 2.8. AEAD construction. - * * For optimum performance, the data pointed to SHOULD * be 8-byte aligned. */ @@ -414,8 +407,6 @@ struct rte_crypto_aead_xform { * * - For CCM mode, this is the length of the nonce, * which can be in the range 7 to 13 inclusive. - * - * - For Chacha20-Poly1305 this field is always 12. */ } iv; /**< Initialisation vector parameters */ diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c index 5c6359b5cc..ab4b231962 100644 --- a/lib/librte_cryptodev/rte_cryptodev.c +++ b/lib/librte_cryptodev/rte_cryptodev.c @@ -151,7 +151,6 @@ const char * rte_crypto_aead_algorithm_strings[] = { [RTE_CRYPTO_AEAD_AES_CCM] = "aes-ccm", [RTE_CRYPTO_AEAD_AES_GCM] = "aes-gcm", - [RTE_CRYPTO_AEAD_CHACHA20_POLY1305] = "chacha20-poly1305" }; /**