3e621c5c41377f1498f94281800a2eaf07b154d0
[dpdk.git] / drivers / crypto / qat / qat_crypto.c
1 /*-
2  *   BSD LICENSE
3  *
4  *   Copyright(c) 2015-2017 Intel Corporation. All rights reserved.
5  *   All rights reserved.
6  *
7  *   Redistribution and use in source and binary forms, with or without
8  *   modification, are permitted provided that the following conditions
9  *   are met:
10  *
11  *       * Redistributions of source code must retain the above copyright
12  *         notice, this list of conditions and the following disclaimer.
13  *       * Redistributions in binary form must reproduce the above copyright
14  *         notice, this list of conditions and the following disclaimer in
15  *         the documentation and/or other materials provided with the
16  *         distribution.
17  *       * Neither the name of Intel Corporation nor the names of its
18  *         contributors may be used to endorse or promote products derived
19  *         from this software without specific prior written permission.
20  *
21  *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24  *   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25  *   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26  *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27  *   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28  *   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29  *   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30  *   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31  *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32  */
33
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <strings.h>
37 #include <string.h>
38 #include <inttypes.h>
39 #include <errno.h>
40 #include <sys/queue.h>
41 #include <stdarg.h>
42
43 #include <rte_common.h>
44 #include <rte_log.h>
45 #include <rte_debug.h>
46 #include <rte_memory.h>
47 #include <rte_memzone.h>
48 #include <rte_tailq.h>
49 #include <rte_ether.h>
50 #include <rte_malloc.h>
51 #include <rte_launch.h>
52 #include <rte_eal.h>
53 #include <rte_per_lcore.h>
54 #include <rte_lcore.h>
55 #include <rte_atomic.h>
56 #include <rte_branch_prediction.h>
57 #include <rte_mempool.h>
58 #include <rte_mbuf.h>
59 #include <rte_string_fns.h>
60 #include <rte_spinlock.h>
61 #include <rte_hexdump.h>
62 #include <rte_crypto_sym.h>
63 #include <rte_cryptodev_pci.h>
64 #include <openssl/evp.h>
65
66 #include "qat_logs.h"
67 #include "qat_algs.h"
68 #include "qat_crypto.h"
69 #include "adf_transport_access_macros.h"
70
71 #define BYTE_LENGTH    8
72
73 static int
74 qat_is_cipher_alg_supported(enum rte_crypto_cipher_algorithm algo,
75                 struct qat_pmd_private *internals) {
76         int i = 0;
77         const struct rte_cryptodev_capabilities *capability;
78
79         while ((capability = &(internals->qat_dev_capabilities[i++]))->op !=
80                         RTE_CRYPTO_OP_TYPE_UNDEFINED) {
81                 if (capability->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
82                         continue;
83
84                 if (capability->sym.xform_type != RTE_CRYPTO_SYM_XFORM_CIPHER)
85                         continue;
86
87                 if (capability->sym.cipher.algo == algo)
88                         return 1;
89         }
90         return 0;
91 }
92
93 static int
94 qat_is_auth_alg_supported(enum rte_crypto_auth_algorithm algo,
95                 struct qat_pmd_private *internals) {
96         int i = 0;
97         const struct rte_cryptodev_capabilities *capability;
98
99         while ((capability = &(internals->qat_dev_capabilities[i++]))->op !=
100                         RTE_CRYPTO_OP_TYPE_UNDEFINED) {
101                 if (capability->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
102                         continue;
103
104                 if (capability->sym.xform_type != RTE_CRYPTO_SYM_XFORM_AUTH)
105                         continue;
106
107                 if (capability->sym.auth.algo == algo)
108                         return 1;
109         }
110         return 0;
111 }
112
113 /** Encrypt a single partial block
114  *  Depends on openssl libcrypto
115  *  Uses ECB+XOR to do CFB encryption, same result, more performant
116  */
117 static inline int
118 bpi_cipher_encrypt(uint8_t *src, uint8_t *dst,
119                 uint8_t *iv, int ivlen, int srclen,
120                 void *bpi_ctx)
121 {
122         EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)bpi_ctx;
123         int encrypted_ivlen;
124         uint8_t encrypted_iv[16];
125         int i;
126
127         /* ECB method: encrypt the IV, then XOR this with plaintext */
128         if (EVP_EncryptUpdate(ctx, encrypted_iv, &encrypted_ivlen, iv, ivlen)
129                                                                 <= 0)
130                 goto cipher_encrypt_err;
131
132         for (i = 0; i < srclen; i++)
133                 *(dst+i) = *(src+i)^(encrypted_iv[i]);
134
135         return 0;
136
137 cipher_encrypt_err:
138         PMD_DRV_LOG(ERR, "libcrypto ECB cipher encrypt failed");
139         return -EINVAL;
140 }
141
142 /** Decrypt a single partial block
143  *  Depends on openssl libcrypto
144  *  Uses ECB+XOR to do CFB encryption, same result, more performant
145  */
146 static inline int
147 bpi_cipher_decrypt(uint8_t *src, uint8_t *dst,
148                 uint8_t *iv, int ivlen, int srclen,
149                 void *bpi_ctx)
150 {
151         EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)bpi_ctx;
152         int encrypted_ivlen;
153         uint8_t encrypted_iv[16];
154         int i;
155
156         /* ECB method: encrypt (not decrypt!) the IV, then XOR with plaintext */
157         if (EVP_EncryptUpdate(ctx, encrypted_iv, &encrypted_ivlen, iv, ivlen)
158                                                                 <= 0)
159                 goto cipher_decrypt_err;
160
161         for (i = 0; i < srclen; i++)
162                 *(dst+i) = *(src+i)^(encrypted_iv[i]);
163
164         return 0;
165
166 cipher_decrypt_err:
167         PMD_DRV_LOG(ERR, "libcrypto ECB cipher encrypt for BPI IV failed");
168         return -EINVAL;
169 }
170
171 /** Creates a context in either AES or DES in ECB mode
172  *  Depends on openssl libcrypto
173  */
174 static void *
175 bpi_cipher_ctx_init(enum rte_crypto_cipher_algorithm cryptodev_algo,
176                 enum rte_crypto_cipher_operation direction __rte_unused,
177                                         uint8_t *key)
178 {
179         const EVP_CIPHER *algo = NULL;
180         EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
181
182         if (ctx == NULL)
183                 goto ctx_init_err;
184
185         if (cryptodev_algo == RTE_CRYPTO_CIPHER_DES_DOCSISBPI)
186                 algo = EVP_des_ecb();
187         else
188                 algo = EVP_aes_128_ecb();
189
190         /* IV will be ECB encrypted whether direction is encrypt or decrypt*/
191         if (EVP_EncryptInit_ex(ctx, algo, NULL, key, 0) != 1)
192                 goto ctx_init_err;
193
194         return ctx;
195
196 ctx_init_err:
197         if (ctx != NULL)
198                 EVP_CIPHER_CTX_free(ctx);
199         return NULL;
200 }
201
202 /** Frees a context previously created
203  *  Depends on openssl libcrypto
204  */
205 static void
206 bpi_cipher_ctx_free(void *bpi_ctx)
207 {
208         if (bpi_ctx != NULL)
209                 EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)bpi_ctx);
210 }
211
212 static inline uint32_t
213 adf_modulo(uint32_t data, uint32_t shift);
214
215 static inline int
216 qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
217                 struct qat_crypto_op_cookie *qat_op_cookie);
218
219 void
220 qat_crypto_sym_clear_session(struct rte_cryptodev *dev,
221                 struct rte_cryptodev_sym_session *sess)
222 {
223         PMD_INIT_FUNC_TRACE();
224         uint8_t index = dev->driver_id;
225         void *sess_priv = get_session_private_data(sess, index);
226         struct qat_session *s = (struct qat_session *)sess_priv;
227
228         if (sess_priv) {
229                 if (s->bpi_ctx)
230                         bpi_cipher_ctx_free(s->bpi_ctx);
231                 memset(s, 0, qat_crypto_sym_get_session_private_size(dev));
232                 struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
233                 set_session_private_data(sess, index, NULL);
234                 rte_mempool_put(sess_mp, sess_priv);
235         }
236 }
237
238 static int
239 qat_get_cmd_id(const struct rte_crypto_sym_xform *xform)
240 {
241         /* Cipher Only */
242         if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL)
243                 return ICP_QAT_FW_LA_CMD_CIPHER;
244
245         /* Authentication Only */
246         if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && xform->next == NULL)
247                 return ICP_QAT_FW_LA_CMD_AUTH;
248
249         /* AEAD */
250         if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) {
251                 if (xform->aead.op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
252                         return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
253                 else
254                         return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
255         }
256
257         if (xform->next == NULL)
258                 return -1;
259
260         /* Cipher then Authenticate */
261         if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
262                         xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH)
263                 return ICP_QAT_FW_LA_CMD_CIPHER_HASH;
264
265         /* Authenticate then Cipher */
266         if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
267                         xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
268                 return ICP_QAT_FW_LA_CMD_HASH_CIPHER;
269
270         return -1;
271 }
272
273 static struct rte_crypto_auth_xform *
274 qat_get_auth_xform(struct rte_crypto_sym_xform *xform)
275 {
276         do {
277                 if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH)
278                         return &xform->auth;
279
280                 xform = xform->next;
281         } while (xform);
282
283         return NULL;
284 }
285
286 static struct rte_crypto_cipher_xform *
287 qat_get_cipher_xform(struct rte_crypto_sym_xform *xform)
288 {
289         do {
290                 if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER)
291                         return &xform->cipher;
292
293                 xform = xform->next;
294         } while (xform);
295
296         return NULL;
297 }
298 void *
299 qat_crypto_sym_configure_session_cipher(struct rte_cryptodev *dev,
300                 struct rte_crypto_sym_xform *xform, void *session_private)
301 {
302         struct qat_session *session = session_private;
303         struct qat_pmd_private *internals = dev->data->dev_private;
304         struct rte_crypto_cipher_xform *cipher_xform = NULL;
305
306         /* Get cipher xform from crypto xform chain */
307         cipher_xform = qat_get_cipher_xform(xform);
308
309         session->cipher_iv.offset = cipher_xform->iv.offset;
310         session->cipher_iv.length = cipher_xform->iv.length;
311
312         switch (cipher_xform->algo) {
313         case RTE_CRYPTO_CIPHER_AES_CBC:
314                 if (qat_alg_validate_aes_key(cipher_xform->key.length,
315                                 &session->qat_cipher_alg) != 0) {
316                         PMD_DRV_LOG(ERR, "Invalid AES cipher key size");
317                         goto error_out;
318                 }
319                 session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
320                 break;
321         case RTE_CRYPTO_CIPHER_AES_CTR:
322                 if (qat_alg_validate_aes_key(cipher_xform->key.length,
323                                 &session->qat_cipher_alg) != 0) {
324                         PMD_DRV_LOG(ERR, "Invalid AES cipher key size");
325                         goto error_out;
326                 }
327                 session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
328                 break;
329         case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
330                 if (qat_alg_validate_snow3g_key(cipher_xform->key.length,
331                                         &session->qat_cipher_alg) != 0) {
332                         PMD_DRV_LOG(ERR, "Invalid SNOW 3G cipher key size");
333                         goto error_out;
334                 }
335                 session->qat_mode = ICP_QAT_HW_CIPHER_ECB_MODE;
336                 break;
337         case RTE_CRYPTO_CIPHER_NULL:
338                 session->qat_mode = ICP_QAT_HW_CIPHER_ECB_MODE;
339                 break;
340         case RTE_CRYPTO_CIPHER_KASUMI_F8:
341                 if (qat_alg_validate_kasumi_key(cipher_xform->key.length,
342                                         &session->qat_cipher_alg) != 0) {
343                         PMD_DRV_LOG(ERR, "Invalid KASUMI cipher key size");
344                         goto error_out;
345                 }
346                 session->qat_mode = ICP_QAT_HW_CIPHER_F8_MODE;
347                 break;
348         case RTE_CRYPTO_CIPHER_3DES_CBC:
349                 if (qat_alg_validate_3des_key(cipher_xform->key.length,
350                                 &session->qat_cipher_alg) != 0) {
351                         PMD_DRV_LOG(ERR, "Invalid 3DES cipher key size");
352                         goto error_out;
353                 }
354                 session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
355                 break;
356         case RTE_CRYPTO_CIPHER_DES_CBC:
357                 if (qat_alg_validate_des_key(cipher_xform->key.length,
358                                 &session->qat_cipher_alg) != 0) {
359                         PMD_DRV_LOG(ERR, "Invalid DES cipher key size");
360                         goto error_out;
361                 }
362                 session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
363                 break;
364         case RTE_CRYPTO_CIPHER_3DES_CTR:
365                 if (qat_alg_validate_3des_key(cipher_xform->key.length,
366                                 &session->qat_cipher_alg) != 0) {
367                         PMD_DRV_LOG(ERR, "Invalid 3DES cipher key size");
368                         goto error_out;
369                 }
370                 session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
371                 break;
372         case RTE_CRYPTO_CIPHER_DES_DOCSISBPI:
373                 session->bpi_ctx = bpi_cipher_ctx_init(
374                                         cipher_xform->algo,
375                                         cipher_xform->op,
376                                         cipher_xform->key.data);
377                 if (session->bpi_ctx == NULL) {
378                         PMD_DRV_LOG(ERR, "failed to create DES BPI ctx");
379                         goto error_out;
380                 }
381                 if (qat_alg_validate_des_key(cipher_xform->key.length,
382                                 &session->qat_cipher_alg) != 0) {
383                         PMD_DRV_LOG(ERR, "Invalid DES cipher key size");
384                         goto error_out;
385                 }
386                 session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
387                 break;
388         case RTE_CRYPTO_CIPHER_AES_DOCSISBPI:
389                 session->bpi_ctx = bpi_cipher_ctx_init(
390                                         cipher_xform->algo,
391                                         cipher_xform->op,
392                                         cipher_xform->key.data);
393                 if (session->bpi_ctx == NULL) {
394                         PMD_DRV_LOG(ERR, "failed to create AES BPI ctx");
395                         goto error_out;
396                 }
397                 if (qat_alg_validate_aes_docsisbpi_key(cipher_xform->key.length,
398                                 &session->qat_cipher_alg) != 0) {
399                         PMD_DRV_LOG(ERR, "Invalid AES DOCSISBPI key size");
400                         goto error_out;
401                 }
402                 session->qat_mode = ICP_QAT_HW_CIPHER_CBC_MODE;
403                 break;
404         case RTE_CRYPTO_CIPHER_ZUC_EEA3:
405                 if (!qat_is_cipher_alg_supported(
406                         cipher_xform->algo, internals)) {
407                         PMD_DRV_LOG(ERR, "%s not supported on this device",
408                                 rte_crypto_cipher_algorithm_strings
409                                         [cipher_xform->algo]);
410                         goto error_out;
411                 }
412                 if (qat_alg_validate_zuc_key(cipher_xform->key.length,
413                                 &session->qat_cipher_alg) != 0) {
414                         PMD_DRV_LOG(ERR, "Invalid ZUC cipher key size");
415                         goto error_out;
416                 }
417                 session->qat_mode = ICP_QAT_HW_CIPHER_ECB_MODE;
418                 break;
419         case RTE_CRYPTO_CIPHER_3DES_ECB:
420         case RTE_CRYPTO_CIPHER_AES_ECB:
421         case RTE_CRYPTO_CIPHER_AES_F8:
422         case RTE_CRYPTO_CIPHER_AES_XTS:
423         case RTE_CRYPTO_CIPHER_ARC4:
424                 PMD_DRV_LOG(ERR, "Crypto QAT PMD: Unsupported Cipher alg %u",
425                                 cipher_xform->algo);
426                 goto error_out;
427         default:
428                 PMD_DRV_LOG(ERR, "Crypto: Undefined Cipher specified %u\n",
429                                 cipher_xform->algo);
430                 goto error_out;
431         }
432
433         if (cipher_xform->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
434                 session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
435         else
436                 session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
437
438         if (qat_alg_aead_session_create_content_desc_cipher(session,
439                                                 cipher_xform->key.data,
440                                                 cipher_xform->key.length))
441                 goto error_out;
442
443         return session;
444
445 error_out:
446         if (session->bpi_ctx) {
447                 bpi_cipher_ctx_free(session->bpi_ctx);
448                 session->bpi_ctx = NULL;
449         }
450         return NULL;
451 }
452
453 int
454 qat_crypto_sym_configure_session(struct rte_cryptodev *dev,
455                 struct rte_crypto_sym_xform *xform,
456                 struct rte_cryptodev_sym_session *sess,
457                 struct rte_mempool *mempool)
458 {
459         void *sess_private_data;
460
461         if (rte_mempool_get(mempool, &sess_private_data)) {
462                 CDEV_LOG_ERR(
463                         "Couldn't get object from session mempool");
464                 return -1;
465         }
466
467         if (qat_crypto_set_session_parameters(dev, xform, sess_private_data) != 0) {
468                 PMD_DRV_LOG(ERR, "Crypto QAT PMD: failed to configure "
469                                 "session parameters");
470
471                 /* Return session to mempool */
472                 rte_mempool_put(mempool, sess_private_data);
473                 return -1;
474         }
475
476         set_session_private_data(sess, dev->driver_id,
477                 sess_private_data);
478
479         return 0;
480 }
481
482 int
483 qat_crypto_set_session_parameters(struct rte_cryptodev *dev,
484                 struct rte_crypto_sym_xform *xform, void *session_private)
485 {
486         struct qat_session *session = session_private;
487
488         int qat_cmd_id;
489         PMD_INIT_FUNC_TRACE();
490
491         /* Set context descriptor physical address */
492         session->cd_paddr = rte_mempool_virt2phy(NULL, session) +
493                         offsetof(struct qat_session, cd);
494
495         /* Get requested QAT command id */
496         qat_cmd_id = qat_get_cmd_id(xform);
497         if (qat_cmd_id < 0 || qat_cmd_id >= ICP_QAT_FW_LA_CMD_DELIMITER) {
498                 PMD_DRV_LOG(ERR, "Unsupported xform chain requested");
499                 goto error_out;
500         }
501         session->qat_cmd = (enum icp_qat_fw_la_cmd_id)qat_cmd_id;
502         switch (session->qat_cmd) {
503         case ICP_QAT_FW_LA_CMD_CIPHER:
504         session = qat_crypto_sym_configure_session_cipher(dev, xform, session);
505                 break;
506         case ICP_QAT_FW_LA_CMD_AUTH:
507         session = qat_crypto_sym_configure_session_auth(dev, xform, session);
508                 break;
509         case ICP_QAT_FW_LA_CMD_CIPHER_HASH:
510                 if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
511                         session = qat_crypto_sym_configure_session_aead(xform,
512                                         session);
513                 else {
514                         session = qat_crypto_sym_configure_session_cipher(dev,
515                                         xform, session);
516                         session = qat_crypto_sym_configure_session_auth(dev,
517                                         xform, session);
518                 }
519                 break;
520         case ICP_QAT_FW_LA_CMD_HASH_CIPHER:
521                 if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD)
522                         session = qat_crypto_sym_configure_session_aead(xform,
523                                         session);
524                 else {
525                         session = qat_crypto_sym_configure_session_auth(dev,
526                                         xform, session);
527                         session = qat_crypto_sym_configure_session_cipher(dev,
528                                         xform, session);
529                 }
530                 break;
531         case ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM:
532         case ICP_QAT_FW_LA_CMD_TRNG_TEST:
533         case ICP_QAT_FW_LA_CMD_SSL3_KEY_DERIVE:
534         case ICP_QAT_FW_LA_CMD_TLS_V1_1_KEY_DERIVE:
535         case ICP_QAT_FW_LA_CMD_TLS_V1_2_KEY_DERIVE:
536         case ICP_QAT_FW_LA_CMD_MGF1:
537         case ICP_QAT_FW_LA_CMD_AUTH_PRE_COMP:
538         case ICP_QAT_FW_LA_CMD_CIPHER_PRE_COMP:
539         case ICP_QAT_FW_LA_CMD_DELIMITER:
540         PMD_DRV_LOG(ERR, "Unsupported Service %u",
541                 session->qat_cmd);
542                 goto error_out;
543         default:
544         PMD_DRV_LOG(ERR, "Unsupported Service %u",
545                 session->qat_cmd);
546                 goto error_out;
547         }
548
549         return 0;
550
551 error_out:
552         return -1;
553 }
554
555 struct qat_session *
556 qat_crypto_sym_configure_session_auth(struct rte_cryptodev *dev,
557                                 struct rte_crypto_sym_xform *xform,
558                                 struct qat_session *session_private)
559 {
560
561         struct qat_session *session = session_private;
562         struct rte_crypto_auth_xform *auth_xform = NULL;
563         struct qat_pmd_private *internals = dev->data->dev_private;
564         auth_xform = qat_get_auth_xform(xform);
565         uint8_t *key_data = auth_xform->key.data;
566         uint8_t key_length = auth_xform->key.length;
567
568         switch (auth_xform->algo) {
569         case RTE_CRYPTO_AUTH_SHA1_HMAC:
570                 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA1;
571                 break;
572         case RTE_CRYPTO_AUTH_SHA224_HMAC:
573                 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA224;
574                 break;
575         case RTE_CRYPTO_AUTH_SHA256_HMAC:
576                 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA256;
577                 break;
578         case RTE_CRYPTO_AUTH_SHA384_HMAC:
579                 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA384;
580                 break;
581         case RTE_CRYPTO_AUTH_SHA512_HMAC:
582                 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SHA512;
583                 break;
584         case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
585                 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_AES_XCBC_MAC;
586                 break;
587         case RTE_CRYPTO_AUTH_AES_GMAC:
588                 if (qat_alg_validate_aes_key(auth_xform->key.length,
589                                 &session->qat_cipher_alg) != 0) {
590                         PMD_DRV_LOG(ERR, "Invalid AES key size");
591                         goto error_out;
592                 }
593                 session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
594                 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
595
596                 break;
597         case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
598                 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2;
599                 break;
600         case RTE_CRYPTO_AUTH_MD5_HMAC:
601                 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_MD5;
602                 break;
603         case RTE_CRYPTO_AUTH_NULL:
604                 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_NULL;
605                 break;
606         case RTE_CRYPTO_AUTH_KASUMI_F9:
607                 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_KASUMI_F9;
608                 break;
609         case RTE_CRYPTO_AUTH_ZUC_EIA3:
610                 if (!qat_is_auth_alg_supported(auth_xform->algo, internals)) {
611                         PMD_DRV_LOG(ERR, "%s not supported on this device",
612                                 rte_crypto_auth_algorithm_strings
613                                 [auth_xform->algo]);
614                         goto error_out;
615                 }
616                 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3;
617                 break;
618         case RTE_CRYPTO_AUTH_SHA1:
619         case RTE_CRYPTO_AUTH_SHA256:
620         case RTE_CRYPTO_AUTH_SHA512:
621         case RTE_CRYPTO_AUTH_SHA224:
622         case RTE_CRYPTO_AUTH_SHA384:
623         case RTE_CRYPTO_AUTH_MD5:
624         case RTE_CRYPTO_AUTH_AES_CMAC:
625         case RTE_CRYPTO_AUTH_AES_CBC_MAC:
626                 PMD_DRV_LOG(ERR, "Crypto: Unsupported hash alg %u",
627                                 auth_xform->algo);
628                 goto error_out;
629         default:
630                 PMD_DRV_LOG(ERR, "Crypto: Undefined Hash algo %u specified",
631                                 auth_xform->algo);
632                 goto error_out;
633         }
634
635         session->auth_iv.offset = auth_xform->iv.offset;
636         session->auth_iv.length = auth_xform->iv.length;
637
638         if (auth_xform->algo == RTE_CRYPTO_AUTH_AES_GMAC) {
639                 if (auth_xform->op == RTE_CRYPTO_AUTH_OP_GENERATE) {
640                         session->qat_cmd = ICP_QAT_FW_LA_CMD_CIPHER_HASH;
641                         session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
642                         /*
643                          * It needs to create cipher desc content first,
644                          * then authentication
645                          */
646                         if (qat_alg_aead_session_create_content_desc_cipher(session,
647                                                 auth_xform->key.data,
648                                                 auth_xform->key.length))
649                                 goto error_out;
650
651                         if (qat_alg_aead_session_create_content_desc_auth(session,
652                                                 key_data,
653                                                 key_length,
654                                                 0,
655                                                 auth_xform->digest_length,
656                                                 auth_xform->op))
657                                 goto error_out;
658                 } else {
659                         session->qat_cmd = ICP_QAT_FW_LA_CMD_HASH_CIPHER;
660                         session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
661                         /*
662                          * It needs to create authentication desc content first,
663                          * then cipher
664                          */
665                         if (qat_alg_aead_session_create_content_desc_auth(session,
666                                         key_data,
667                                         key_length,
668                                         0,
669                                         auth_xform->digest_length,
670                                         auth_xform->op))
671                                 goto error_out;
672
673                         if (qat_alg_aead_session_create_content_desc_cipher(session,
674                                                 auth_xform->key.data,
675                                                 auth_xform->key.length))
676                                 goto error_out;
677                 }
678                 /* Restore to authentication only only */
679                 session->qat_cmd = ICP_QAT_FW_LA_CMD_AUTH;
680         } else {
681                 if (qat_alg_aead_session_create_content_desc_auth(session,
682                                 key_data,
683                                 key_length,
684                                 0,
685                                 auth_xform->digest_length,
686                                 auth_xform->op))
687                         goto error_out;
688         }
689
690         session->digest_length = auth_xform->digest_length;
691         return session;
692
693 error_out:
694         return NULL;
695 }
696
697 struct qat_session *
698 qat_crypto_sym_configure_session_aead(struct rte_crypto_sym_xform *xform,
699                                 struct qat_session *session_private)
700 {
701         struct qat_session *session = session_private;
702         struct rte_crypto_aead_xform *aead_xform = &xform->aead;
703
704         /*
705          * Store AEAD IV parameters as cipher IV,
706          * to avoid unnecessary memory usage
707          */
708         session->cipher_iv.offset = xform->aead.iv.offset;
709         session->cipher_iv.length = xform->aead.iv.length;
710
711         switch (aead_xform->algo) {
712         case RTE_CRYPTO_AEAD_AES_GCM:
713                 if (qat_alg_validate_aes_key(aead_xform->key.length,
714                                 &session->qat_cipher_alg) != 0) {
715                         PMD_DRV_LOG(ERR, "Invalid AES key size");
716                         goto error_out;
717                 }
718                 session->qat_mode = ICP_QAT_HW_CIPHER_CTR_MODE;
719                 session->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_GALOIS_128;
720                 break;
721         case RTE_CRYPTO_AEAD_AES_CCM:
722                 PMD_DRV_LOG(ERR, "Crypto QAT PMD: Unsupported AEAD alg %u",
723                                 aead_xform->algo);
724                 goto error_out;
725         default:
726                 PMD_DRV_LOG(ERR, "Crypto: Undefined AEAD specified %u\n",
727                                 aead_xform->algo);
728                 goto error_out;
729         }
730
731         if (aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) {
732                 session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT;
733                 /*
734                  * It needs to create cipher desc content first,
735                  * then authentication
736                  */
737                 if (qat_alg_aead_session_create_content_desc_cipher(session,
738                                         aead_xform->key.data,
739                                         aead_xform->key.length))
740                         goto error_out;
741
742                 if (qat_alg_aead_session_create_content_desc_auth(session,
743                                         aead_xform->key.data,
744                                         aead_xform->key.length,
745                                         aead_xform->add_auth_data_length,
746                                         aead_xform->digest_length,
747                                         RTE_CRYPTO_AUTH_OP_GENERATE))
748                         goto error_out;
749         } else {
750                 session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT;
751                 /*
752                  * It needs to create authentication desc content first,
753                  * then cipher
754                  */
755                 if (qat_alg_aead_session_create_content_desc_auth(session,
756                                         aead_xform->key.data,
757                                         aead_xform->key.length,
758                                         aead_xform->add_auth_data_length,
759                                         aead_xform->digest_length,
760                                         RTE_CRYPTO_AUTH_OP_VERIFY))
761                         goto error_out;
762
763                 if (qat_alg_aead_session_create_content_desc_cipher(session,
764                                         aead_xform->key.data,
765                                         aead_xform->key.length))
766                         goto error_out;
767         }
768
769         session->digest_length = aead_xform->digest_length;
770         return session;
771
772 error_out:
773         return NULL;
774 }
775
776 unsigned qat_crypto_sym_get_session_private_size(
777                 struct rte_cryptodev *dev __rte_unused)
778 {
779         return RTE_ALIGN_CEIL(sizeof(struct qat_session), 8);
780 }
781
782 static inline uint32_t
783 qat_bpicipher_preprocess(struct qat_session *ctx,
784                                 struct rte_crypto_op *op)
785 {
786         uint8_t block_len = qat_cipher_get_block_size(ctx->qat_cipher_alg);
787         struct rte_crypto_sym_op *sym_op = op->sym;
788         uint8_t last_block_len = sym_op->cipher.data.length % block_len;
789
790         if (last_block_len &&
791                         ctx->qat_dir == ICP_QAT_HW_CIPHER_DECRYPT) {
792
793                 /* Decrypt last block */
794                 uint8_t *last_block, *dst, *iv;
795                 uint32_t last_block_offset = sym_op->cipher.data.offset +
796                                 sym_op->cipher.data.length - last_block_len;
797                 last_block = (uint8_t *) rte_pktmbuf_mtod_offset(sym_op->m_src,
798                                 uint8_t *, last_block_offset);
799
800                 if (unlikely(sym_op->m_dst != NULL))
801                         /* out-of-place operation (OOP) */
802                         dst = (uint8_t *) rte_pktmbuf_mtod_offset(sym_op->m_dst,
803                                                 uint8_t *, last_block_offset);
804                 else
805                         dst = last_block;
806
807                 if (last_block_len < sym_op->cipher.data.length)
808                         /* use previous block ciphertext as IV */
809                         iv = last_block - block_len;
810                 else
811                         /* runt block, i.e. less than one full block */
812                         iv = rte_crypto_op_ctod_offset(op, uint8_t *,
813                                         ctx->cipher_iv.offset);
814
815 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
816                 rte_hexdump(stdout, "BPI: src before pre-process:", last_block,
817                         last_block_len);
818                 if (sym_op->m_dst != NULL)
819                         rte_hexdump(stdout, "BPI: dst before pre-process:", dst,
820                                 last_block_len);
821 #endif
822                 bpi_cipher_decrypt(last_block, dst, iv, block_len,
823                                 last_block_len, ctx->bpi_ctx);
824 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
825                 rte_hexdump(stdout, "BPI: src after pre-process:", last_block,
826                         last_block_len);
827                 if (sym_op->m_dst != NULL)
828                         rte_hexdump(stdout, "BPI: dst after pre-process:", dst,
829                                 last_block_len);
830 #endif
831         }
832
833         return sym_op->cipher.data.length - last_block_len;
834 }
835
836 static inline uint32_t
837 qat_bpicipher_postprocess(struct qat_session *ctx,
838                                 struct rte_crypto_op *op)
839 {
840         uint8_t block_len = qat_cipher_get_block_size(ctx->qat_cipher_alg);
841         struct rte_crypto_sym_op *sym_op = op->sym;
842         uint8_t last_block_len = sym_op->cipher.data.length % block_len;
843
844         if (last_block_len > 0 &&
845                         ctx->qat_dir == ICP_QAT_HW_CIPHER_ENCRYPT) {
846
847                 /* Encrypt last block */
848                 uint8_t *last_block, *dst, *iv;
849                 uint32_t last_block_offset;
850
851                 last_block_offset = sym_op->cipher.data.offset +
852                                 sym_op->cipher.data.length - last_block_len;
853                 last_block = (uint8_t *) rte_pktmbuf_mtod_offset(sym_op->m_src,
854                                 uint8_t *, last_block_offset);
855
856                 if (unlikely(sym_op->m_dst != NULL))
857                         /* out-of-place operation (OOP) */
858                         dst = (uint8_t *) rte_pktmbuf_mtod_offset(sym_op->m_dst,
859                                                 uint8_t *, last_block_offset);
860                 else
861                         dst = last_block;
862
863                 if (last_block_len < sym_op->cipher.data.length)
864                         /* use previous block ciphertext as IV */
865                         iv = dst - block_len;
866                 else
867                         /* runt block, i.e. less than one full block */
868                         iv = rte_crypto_op_ctod_offset(op, uint8_t *,
869                                         ctx->cipher_iv.offset);
870
871 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX
872                 rte_hexdump(stdout, "BPI: src before post-process:", last_block,
873                         last_block_len);
874                 if (sym_op->m_dst != NULL)
875                         rte_hexdump(stdout, "BPI: dst before post-process:",
876                                         dst, last_block_len);
877 #endif
878                 bpi_cipher_encrypt(last_block, dst, iv, block_len,
879                                 last_block_len, ctx->bpi_ctx);
880 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX
881                 rte_hexdump(stdout, "BPI: src after post-process:", last_block,
882                         last_block_len);
883                 if (sym_op->m_dst != NULL)
884                         rte_hexdump(stdout, "BPI: dst after post-process:", dst,
885                                 last_block_len);
886 #endif
887         }
888         return sym_op->cipher.data.length - last_block_len;
889 }
890
891 uint16_t
892 qat_pmd_enqueue_op_burst(void *qp, struct rte_crypto_op **ops,
893                 uint16_t nb_ops)
894 {
895         register struct qat_queue *queue;
896         struct qat_qp *tmp_qp = (struct qat_qp *)qp;
897         register uint32_t nb_ops_sent = 0;
898         register struct rte_crypto_op **cur_op = ops;
899         register int ret;
900         uint16_t nb_ops_possible = nb_ops;
901         register uint8_t *base_addr;
902         register uint32_t tail;
903         int overflow;
904
905         if (unlikely(nb_ops == 0))
906                 return 0;
907
908         /* read params used a lot in main loop into registers */
909         queue = &(tmp_qp->tx_q);
910         base_addr = (uint8_t *)queue->base_addr;
911         tail = queue->tail;
912
913         /* Find how many can actually fit on the ring */
914         overflow = rte_atomic16_add_return(&tmp_qp->inflights16, nb_ops)
915                                 - queue->max_inflights;
916         if (overflow > 0) {
917                 rte_atomic16_sub(&tmp_qp->inflights16, overflow);
918                 nb_ops_possible = nb_ops - overflow;
919                 if (nb_ops_possible == 0)
920                         return 0;
921         }
922
923         while (nb_ops_sent != nb_ops_possible) {
924                 ret = qat_write_hw_desc_entry(*cur_op, base_addr + tail,
925                                 tmp_qp->op_cookies[tail / queue->msg_size]);
926                 if (ret != 0) {
927                         tmp_qp->stats.enqueue_err_count++;
928                         /*
929                          * This message cannot be enqueued,
930                          * decrease number of ops that wasn't sent
931                          */
932                         rte_atomic16_sub(&tmp_qp->inflights16,
933                                         nb_ops_possible - nb_ops_sent);
934                         if (nb_ops_sent == 0)
935                                 return 0;
936                         goto kick_tail;
937                 }
938
939                 tail = adf_modulo(tail + queue->msg_size, queue->modulo);
940                 nb_ops_sent++;
941                 cur_op++;
942         }
943 kick_tail:
944         WRITE_CSR_RING_TAIL(tmp_qp->mmap_bar_addr, queue->hw_bundle_number,
945                         queue->hw_queue_number, tail);
946         queue->tail = tail;
947         tmp_qp->stats.enqueued_count += nb_ops_sent;
948         return nb_ops_sent;
949 }
950
951 uint16_t
952 qat_pmd_dequeue_op_burst(void *qp, struct rte_crypto_op **ops,
953                 uint16_t nb_ops)
954 {
955         struct qat_queue *queue;
956         struct qat_qp *tmp_qp = (struct qat_qp *)qp;
957         uint32_t msg_counter = 0;
958         struct rte_crypto_op *rx_op;
959         struct icp_qat_fw_comn_resp *resp_msg;
960
961         queue = &(tmp_qp->rx_q);
962         resp_msg = (struct icp_qat_fw_comn_resp *)
963                         ((uint8_t *)queue->base_addr + queue->head);
964
965         while (*(uint32_t *)resp_msg != ADF_RING_EMPTY_SIG &&
966                         msg_counter != nb_ops) {
967                 rx_op = (struct rte_crypto_op *)(uintptr_t)
968                                 (resp_msg->opaque_data);
969
970 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX
971                 rte_hexdump(stdout, "qat_response:", (uint8_t *)resp_msg,
972                         sizeof(struct icp_qat_fw_comn_resp));
973
974 #endif
975                 if (ICP_QAT_FW_COMN_STATUS_FLAG_OK !=
976                                 ICP_QAT_FW_COMN_RESP_CRYPTO_STAT_GET(
977                                         resp_msg->comn_hdr.comn_status)) {
978                         rx_op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
979                 } else {
980                         struct qat_session *sess = (struct qat_session *)
981                                         get_session_private_data(
982                                         rx_op->sym->session,
983                                         cryptodev_qat_driver_id);
984
985                         if (sess->bpi_ctx)
986                                 qat_bpicipher_postprocess(sess, rx_op);
987                         rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
988                 }
989
990                 *(uint32_t *)resp_msg = ADF_RING_EMPTY_SIG;
991                 queue->head = adf_modulo(queue->head +
992                                 queue->msg_size,
993                                 ADF_RING_SIZE_MODULO(queue->queue_size));
994                 resp_msg = (struct icp_qat_fw_comn_resp *)
995                                         ((uint8_t *)queue->base_addr +
996                                                         queue->head);
997                 *ops = rx_op;
998                 ops++;
999                 msg_counter++;
1000         }
1001         if (msg_counter > 0) {
1002                 WRITE_CSR_RING_HEAD(tmp_qp->mmap_bar_addr,
1003                                         queue->hw_bundle_number,
1004                                         queue->hw_queue_number, queue->head);
1005                 rte_atomic16_sub(&tmp_qp->inflights16, msg_counter);
1006                 tmp_qp->stats.dequeued_count += msg_counter;
1007         }
1008         return msg_counter;
1009 }
1010
1011 static inline int
1012 qat_sgl_fill_array(struct rte_mbuf *buf, uint64_t buff_start,
1013                 struct qat_alg_buf_list *list, uint32_t data_len)
1014 {
1015         int nr = 1;
1016
1017         uint32_t buf_len = rte_pktmbuf_mtophys(buf) -
1018                         buff_start + rte_pktmbuf_data_len(buf);
1019
1020         list->bufers[0].addr = buff_start;
1021         list->bufers[0].resrvd = 0;
1022         list->bufers[0].len = buf_len;
1023
1024         if (data_len <= buf_len) {
1025                 list->num_bufs = nr;
1026                 list->bufers[0].len = data_len;
1027                 return 0;
1028         }
1029
1030         buf = buf->next;
1031         while (buf) {
1032                 if (unlikely(nr == QAT_SGL_MAX_NUMBER)) {
1033                         PMD_DRV_LOG(ERR, "QAT PMD exceeded size of QAT SGL"
1034                                         " entry(%u)",
1035                                         QAT_SGL_MAX_NUMBER);
1036                         return -EINVAL;
1037                 }
1038
1039                 list->bufers[nr].len = rte_pktmbuf_data_len(buf);
1040                 list->bufers[nr].resrvd = 0;
1041                 list->bufers[nr].addr = rte_pktmbuf_mtophys(buf);
1042
1043                 buf_len += list->bufers[nr].len;
1044                 buf = buf->next;
1045
1046                 if (buf_len > data_len) {
1047                         list->bufers[nr].len -=
1048                                 buf_len - data_len;
1049                         buf = NULL;
1050                 }
1051                 ++nr;
1052         }
1053         list->num_bufs = nr;
1054
1055         return 0;
1056 }
1057
1058 static inline void
1059 set_cipher_iv(uint16_t iv_length, uint16_t iv_offset,
1060                 struct icp_qat_fw_la_cipher_req_params *cipher_param,
1061                 struct rte_crypto_op *op,
1062                 struct icp_qat_fw_la_bulk_req *qat_req)
1063 {
1064         /* copy IV into request if it fits */
1065         if (iv_length <= sizeof(cipher_param->u.cipher_IV_array)) {
1066                 rte_memcpy(cipher_param->u.cipher_IV_array,
1067                                 rte_crypto_op_ctod_offset(op, uint8_t *,
1068                                         iv_offset),
1069                                 iv_length);
1070         } else {
1071                 ICP_QAT_FW_LA_CIPH_IV_FLD_FLAG_SET(
1072                                 qat_req->comn_hdr.serv_specif_flags,
1073                                 ICP_QAT_FW_CIPH_IV_64BIT_PTR);
1074                 cipher_param->u.s.cipher_IV_ptr =
1075                                 rte_crypto_op_ctophys_offset(op,
1076                                         iv_offset);
1077         }
1078 }
1079
1080 static inline int
1081 qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
1082                 struct qat_crypto_op_cookie *qat_op_cookie)
1083 {
1084         int ret = 0;
1085         struct qat_session *ctx;
1086         struct icp_qat_fw_la_cipher_req_params *cipher_param;
1087         struct icp_qat_fw_la_auth_req_params *auth_param;
1088         register struct icp_qat_fw_la_bulk_req *qat_req;
1089         uint8_t do_auth = 0, do_cipher = 0, do_aead = 0;
1090         uint32_t cipher_len = 0, cipher_ofs = 0;
1091         uint32_t auth_len = 0, auth_ofs = 0;
1092         uint32_t min_ofs = 0;
1093         uint64_t src_buf_start = 0, dst_buf_start = 0;
1094         uint8_t do_sgl = 0;
1095
1096 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
1097         if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) {
1098                 PMD_DRV_LOG(ERR, "QAT PMD only supports symmetric crypto "
1099                                 "operation requests, op (%p) is not a "
1100                                 "symmetric operation.", op);
1101                 return -EINVAL;
1102         }
1103 #endif
1104         if (unlikely(op->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) {
1105                 PMD_DRV_LOG(ERR, "QAT PMD only supports session oriented"
1106                                 " requests, op (%p) is sessionless.", op);
1107                 return -EINVAL;
1108         }
1109
1110         ctx = (struct qat_session *)get_session_private_data(
1111                         op->sym->session, cryptodev_qat_driver_id);
1112
1113         if (unlikely(ctx == NULL)) {
1114                 PMD_DRV_LOG(ERR, "Session was not created for this device");
1115                 return -EINVAL;
1116         }
1117
1118         qat_req = (struct icp_qat_fw_la_bulk_req *)out_msg;
1119         rte_mov128((uint8_t *)qat_req, (const uint8_t *)&(ctx->fw_req));
1120         qat_req->comn_mid.opaque_data = (uint64_t)(uintptr_t)op;
1121         cipher_param = (void *)&qat_req->serv_specif_rqpars;
1122         auth_param = (void *)((uint8_t *)cipher_param + sizeof(*cipher_param));
1123
1124         if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_HASH_CIPHER ||
1125                         ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) {
1126                 /* AES-GCM */
1127                 if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
1128                                 ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
1129                         do_aead = 1;
1130                 } else {
1131                         do_auth = 1;
1132                         do_cipher = 1;
1133                 }
1134         } else if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_AUTH) {
1135                 do_auth = 1;
1136                 do_cipher = 0;
1137         } else if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER) {
1138                 do_auth = 0;
1139                 do_cipher = 1;
1140         }
1141
1142         if (do_cipher) {
1143
1144                 if (ctx->qat_cipher_alg ==
1145                                          ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2 ||
1146                         ctx->qat_cipher_alg == ICP_QAT_HW_CIPHER_ALGO_KASUMI ||
1147                         ctx->qat_cipher_alg ==
1148                                 ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3) {
1149
1150                         if (unlikely(
1151                                 (cipher_param->cipher_length % BYTE_LENGTH != 0)
1152                                  || (cipher_param->cipher_offset
1153                                                         % BYTE_LENGTH != 0))) {
1154                                 PMD_DRV_LOG(ERR,
1155                   "SNOW3G/KASUMI/ZUC in QAT PMD only supports byte aligned values");
1156                                 op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
1157                                 return -EINVAL;
1158                         }
1159                         cipher_len = op->sym->cipher.data.length >> 3;
1160                         cipher_ofs = op->sym->cipher.data.offset >> 3;
1161
1162                 } else if (ctx->bpi_ctx) {
1163                         /* DOCSIS - only send complete blocks to device
1164                          * Process any partial block using CFB mode.
1165                          * Even if 0 complete blocks, still send this to device
1166                          * to get into rx queue for post-process and dequeuing
1167                          */
1168                         cipher_len = qat_bpicipher_preprocess(ctx, op);
1169                         cipher_ofs = op->sym->cipher.data.offset;
1170                 } else {
1171                         cipher_len = op->sym->cipher.data.length;
1172                         cipher_ofs = op->sym->cipher.data.offset;
1173                 }
1174
1175                 set_cipher_iv(ctx->cipher_iv.length, ctx->cipher_iv.offset,
1176                                 cipher_param, op, qat_req);
1177                 min_ofs = cipher_ofs;
1178         }
1179
1180         if (do_auth) {
1181
1182                 if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2 ||
1183                         ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_KASUMI_F9 ||
1184                         ctx->qat_hash_alg ==
1185                                 ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3) {
1186                         if (unlikely((auth_param->auth_off % BYTE_LENGTH != 0)
1187                                 || (auth_param->auth_len % BYTE_LENGTH != 0))) {
1188                                 PMD_DRV_LOG(ERR,
1189                 "For SNOW3G/KASUMI/ZUC, QAT PMD only supports byte aligned values");
1190                                 op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
1191                                 return -EINVAL;
1192                         }
1193                         auth_ofs = op->sym->auth.data.offset >> 3;
1194                         auth_len = op->sym->auth.data.length >> 3;
1195
1196                         if (ctx->qat_hash_alg ==
1197                                         ICP_QAT_HW_AUTH_ALGO_KASUMI_F9) {
1198                                 if (do_cipher) {
1199                                         auth_len = auth_len + auth_ofs + 1 -
1200                                                 ICP_QAT_HW_KASUMI_BLK_SZ;
1201                                         auth_ofs = ICP_QAT_HW_KASUMI_BLK_SZ;
1202                                 } else {
1203                                         auth_len = auth_len + auth_ofs + 1;
1204                                         auth_ofs = 0;
1205                                 }
1206                         } else
1207                                 auth_param->u1.aad_adr =
1208                                         rte_crypto_op_ctophys_offset(op,
1209                                                         ctx->auth_iv.offset);
1210
1211                 } else if (ctx->qat_hash_alg ==
1212                                         ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
1213                                 ctx->qat_hash_alg ==
1214                                         ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
1215                         /* AES-GMAC */
1216                         set_cipher_iv(ctx->auth_iv.length,
1217                                 ctx->auth_iv.offset,
1218                                 cipher_param, op, qat_req);
1219                 } else {
1220                         auth_ofs = op->sym->auth.data.offset;
1221                         auth_len = op->sym->auth.data.length;
1222
1223                 }
1224                 min_ofs = auth_ofs;
1225
1226                 auth_param->auth_res_addr = op->sym->auth.digest.phys_addr;
1227
1228         }
1229
1230         if (do_aead) {
1231                 cipher_len = op->sym->aead.data.length;
1232                 cipher_ofs = op->sym->aead.data.offset;
1233                 auth_len = op->sym->aead.data.length;
1234                 auth_ofs = op->sym->aead.data.offset;
1235
1236                 auth_param->u1.aad_adr = op->sym->aead.aad.phys_addr;
1237                 auth_param->auth_res_addr = op->sym->aead.digest.phys_addr;
1238                 set_cipher_iv(ctx->cipher_iv.length, ctx->cipher_iv.offset,
1239                                 cipher_param, op, qat_req);
1240                 min_ofs = op->sym->aead.data.offset;
1241         }
1242
1243         if (op->sym->m_src->next || (op->sym->m_dst && op->sym->m_dst->next))
1244                 do_sgl = 1;
1245
1246         /* adjust for chain case */
1247         if (do_cipher && do_auth)
1248                 min_ofs = cipher_ofs < auth_ofs ? cipher_ofs : auth_ofs;
1249
1250         if (unlikely(min_ofs >= rte_pktmbuf_data_len(op->sym->m_src) && do_sgl))
1251                 min_ofs = 0;
1252
1253         if (unlikely(op->sym->m_dst != NULL)) {
1254                 /* Out-of-place operation (OOP)
1255                  * Don't align DMA start. DMA the minimum data-set
1256                  * so as not to overwrite data in dest buffer
1257                  */
1258                 src_buf_start =
1259                         rte_pktmbuf_mtophys_offset(op->sym->m_src, min_ofs);
1260                 dst_buf_start =
1261                         rte_pktmbuf_mtophys_offset(op->sym->m_dst, min_ofs);
1262
1263         } else {
1264                 /* In-place operation
1265                  * Start DMA at nearest aligned address below min_ofs
1266                  */
1267                 src_buf_start =
1268                         rte_pktmbuf_mtophys_offset(op->sym->m_src, min_ofs)
1269                                                 & QAT_64_BTYE_ALIGN_MASK;
1270
1271                 if (unlikely((rte_pktmbuf_mtophys(op->sym->m_src) -
1272                                         rte_pktmbuf_headroom(op->sym->m_src))
1273                                                         > src_buf_start)) {
1274                         /* alignment has pushed addr ahead of start of mbuf
1275                          * so revert and take the performance hit
1276                          */
1277                         src_buf_start =
1278                                 rte_pktmbuf_mtophys_offset(op->sym->m_src,
1279                                                                 min_ofs);
1280                 }
1281                 dst_buf_start = src_buf_start;
1282         }
1283
1284         if (do_cipher || do_aead) {
1285                 cipher_param->cipher_offset =
1286                                 (uint32_t)rte_pktmbuf_mtophys_offset(
1287                                 op->sym->m_src, cipher_ofs) - src_buf_start;
1288                 cipher_param->cipher_length = cipher_len;
1289         } else {
1290                 cipher_param->cipher_offset = 0;
1291                 cipher_param->cipher_length = 0;
1292         }
1293
1294         if (do_auth || do_aead) {
1295                 auth_param->auth_off = (uint32_t)rte_pktmbuf_mtophys_offset(
1296                                 op->sym->m_src, auth_ofs) - src_buf_start;
1297                 auth_param->auth_len = auth_len;
1298         } else {
1299                 auth_param->auth_off = 0;
1300                 auth_param->auth_len = 0;
1301         }
1302
1303         qat_req->comn_mid.dst_length =
1304                 qat_req->comn_mid.src_length =
1305                 (cipher_param->cipher_offset + cipher_param->cipher_length)
1306                 > (auth_param->auth_off + auth_param->auth_len) ?
1307                 (cipher_param->cipher_offset + cipher_param->cipher_length)
1308                 : (auth_param->auth_off + auth_param->auth_len);
1309
1310         if (do_sgl) {
1311
1312                 ICP_QAT_FW_COMN_PTR_TYPE_SET(qat_req->comn_hdr.comn_req_flags,
1313                                 QAT_COMN_PTR_TYPE_SGL);
1314                 ret = qat_sgl_fill_array(op->sym->m_src, src_buf_start,
1315                                 &qat_op_cookie->qat_sgl_list_src,
1316                                 qat_req->comn_mid.src_length);
1317                 if (ret) {
1318                         PMD_DRV_LOG(ERR, "QAT PMD Cannot fill sgl array");
1319                         return ret;
1320                 }
1321
1322                 if (likely(op->sym->m_dst == NULL))
1323                         qat_req->comn_mid.dest_data_addr =
1324                                 qat_req->comn_mid.src_data_addr =
1325                                 qat_op_cookie->qat_sgl_src_phys_addr;
1326                 else {
1327                         ret = qat_sgl_fill_array(op->sym->m_dst,
1328                                         dst_buf_start,
1329                                         &qat_op_cookie->qat_sgl_list_dst,
1330                                                 qat_req->comn_mid.dst_length);
1331
1332                         if (ret) {
1333                                 PMD_DRV_LOG(ERR, "QAT PMD Cannot "
1334                                                 "fill sgl array");
1335                                 return ret;
1336                         }
1337
1338                         qat_req->comn_mid.src_data_addr =
1339                                 qat_op_cookie->qat_sgl_src_phys_addr;
1340                         qat_req->comn_mid.dest_data_addr =
1341                                         qat_op_cookie->qat_sgl_dst_phys_addr;
1342                 }
1343         } else {
1344                 qat_req->comn_mid.src_data_addr = src_buf_start;
1345                 qat_req->comn_mid.dest_data_addr = dst_buf_start;
1346         }
1347
1348         if (ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_128 ||
1349                         ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_GALOIS_64) {
1350                 if (ctx->cipher_iv.length == 12 ||
1351                                 ctx->auth_iv.length == 12) {
1352                         /*
1353                          * For GCM a 12 byte IV is allowed,
1354                          * but we need to inform the f/w
1355                          */
1356                         ICP_QAT_FW_LA_GCM_IV_LEN_FLAG_SET(
1357                                 qat_req->comn_hdr.serv_specif_flags,
1358                                 ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS);
1359                 }
1360                 /* GMAC */
1361                 if (!do_aead) {
1362                         qat_req->comn_mid.dst_length =
1363                                 qat_req->comn_mid.src_length =
1364                                         rte_pktmbuf_data_len(op->sym->m_src);
1365                         auth_param->u1.aad_adr = 0;
1366                         auth_param->auth_len = op->sym->auth.data.length;
1367                         auth_param->auth_off = op->sym->auth.data.offset;
1368                         auth_param->u2.aad_sz = 0;
1369                 }
1370         }
1371
1372 #ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX
1373         rte_hexdump(stdout, "qat_req:", qat_req,
1374                         sizeof(struct icp_qat_fw_la_bulk_req));
1375         rte_hexdump(stdout, "src_data:",
1376                         rte_pktmbuf_mtod(op->sym->m_src, uint8_t*),
1377                         rte_pktmbuf_data_len(op->sym->m_src));
1378         if (do_cipher) {
1379                 uint8_t *cipher_iv_ptr = rte_crypto_op_ctod_offset(op,
1380                                                 uint8_t *,
1381                                                 ctx->cipher_iv.offset);
1382                 rte_hexdump(stdout, "cipher iv:", cipher_iv_ptr,
1383                                 ctx->cipher_iv.length);
1384         }
1385
1386         if (do_auth) {
1387                 if (ctx->auth_iv.length) {
1388                         uint8_t *auth_iv_ptr = rte_crypto_op_ctod_offset(op,
1389                                                         uint8_t *,
1390                                                         ctx->auth_iv.offset);
1391                         rte_hexdump(stdout, "auth iv:", auth_iv_ptr,
1392                                                 ctx->auth_iv.length);
1393                 }
1394                 rte_hexdump(stdout, "digest:", op->sym->auth.digest.data,
1395                                 ctx->digest_length);
1396         }
1397
1398         if (do_aead) {
1399                 rte_hexdump(stdout, "digest:", op->sym->aead.digest.data,
1400                                 ctx->digest_length);
1401                 rte_hexdump(stdout, "aad:", op->sym->aead.aad.data,
1402                                 ctx->aad_len);
1403         }
1404 #endif
1405         return 0;
1406 }
1407
1408 static inline uint32_t adf_modulo(uint32_t data, uint32_t shift)
1409 {
1410         uint32_t div = data >> shift;
1411         uint32_t mult = div << shift;
1412
1413         return data - mult;
1414 }
1415
1416 int qat_dev_config(__rte_unused struct rte_cryptodev *dev,
1417                 __rte_unused struct rte_cryptodev_config *config)
1418 {
1419         PMD_INIT_FUNC_TRACE();
1420         return 0;
1421 }
1422
1423 int qat_dev_start(__rte_unused struct rte_cryptodev *dev)
1424 {
1425         PMD_INIT_FUNC_TRACE();
1426         return 0;
1427 }
1428
1429 void qat_dev_stop(__rte_unused struct rte_cryptodev *dev)
1430 {
1431         PMD_INIT_FUNC_TRACE();
1432 }
1433
1434 int qat_dev_close(struct rte_cryptodev *dev)
1435 {
1436         int i, ret;
1437
1438         PMD_INIT_FUNC_TRACE();
1439
1440         for (i = 0; i < dev->data->nb_queue_pairs; i++) {
1441                 ret = qat_crypto_sym_qp_release(dev, i);
1442                 if (ret < 0)
1443                         return ret;
1444         }
1445
1446         return 0;
1447 }
1448
1449 void qat_dev_info_get(struct rte_cryptodev *dev,
1450                         struct rte_cryptodev_info *info)
1451 {
1452         struct qat_pmd_private *internals = dev->data->dev_private;
1453
1454         PMD_INIT_FUNC_TRACE();
1455         if (info != NULL) {
1456                 info->max_nb_queue_pairs =
1457                                 ADF_NUM_SYM_QPS_PER_BUNDLE *
1458                                 ADF_NUM_BUNDLES_PER_DEV;
1459                 info->feature_flags = dev->feature_flags;
1460                 info->capabilities = internals->qat_dev_capabilities;
1461                 info->sym.max_nb_sessions = internals->max_nb_sessions;
1462                 info->driver_id = cryptodev_qat_driver_id;
1463                 info->pci_dev = RTE_DEV_TO_PCI(dev->device);
1464         }
1465 }
1466
1467 void qat_crypto_sym_stats_get(struct rte_cryptodev *dev,
1468                 struct rte_cryptodev_stats *stats)
1469 {
1470         int i;
1471         struct qat_qp **qp = (struct qat_qp **)(dev->data->queue_pairs);
1472
1473         PMD_INIT_FUNC_TRACE();
1474         if (stats == NULL) {
1475                 PMD_DRV_LOG(ERR, "invalid stats ptr NULL");
1476                 return;
1477         }
1478         for (i = 0; i < dev->data->nb_queue_pairs; i++) {
1479                 if (qp[i] == NULL) {
1480                         PMD_DRV_LOG(DEBUG, "Uninitialised queue pair");
1481                         continue;
1482                 }
1483
1484                 stats->enqueued_count += qp[i]->stats.enqueued_count;
1485                 stats->dequeued_count += qp[i]->stats.dequeued_count;
1486                 stats->enqueue_err_count += qp[i]->stats.enqueue_err_count;
1487                 stats->dequeue_err_count += qp[i]->stats.dequeue_err_count;
1488         }
1489 }
1490
1491 void qat_crypto_sym_stats_reset(struct rte_cryptodev *dev)
1492 {
1493         int i;
1494         struct qat_qp **qp = (struct qat_qp **)(dev->data->queue_pairs);
1495
1496         PMD_INIT_FUNC_TRACE();
1497         for (i = 0; i < dev->data->nb_queue_pairs; i++)
1498                 memset(&(qp[i]->stats), 0, sizeof(qp[i]->stats));
1499         PMD_DRV_LOG(DEBUG, "QAT crypto: stats cleared");
1500 }