X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=drivers%2Fcrypto%2Fqat%2Fqat_sym.c;h=8801ca5674a7ebbe60c029707650eda0f5298401;hb=64d96a83889b9047ebfac15f92dc052eb2aa0353;hp=f613adce6277bbb905a7881f55c0b39faadbbb6e;hpb=3ed20d8b6e36ca98232e1d3d90bc0c45a62590ba;p=dpdk.git diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c index f613adce62..8801ca5674 100644 --- a/drivers/crypto/qat/qat_sym.c +++ b/drivers/crypto/qat/qat_sym.c @@ -6,50 +6,11 @@ #include #include -#include #include #include #include -#include "qat_logs.h" -#include "qat_sym_session.h" #include "qat_sym.h" -#include "qat_sym_pmd.h" - -#define BYTE_LENGTH 8 -/* bpi is only used for partial blocks of DES and AES - * so AES block len can be assumed as max len for iv, src and dst - */ -#define BPI_MAX_ENCR_IV_LEN ICP_QAT_HW_AES_BLK_SZ - -/** Encrypt a single partial block - * Depends on openssl libcrypto - * Uses ECB+XOR to do CFB encryption, same result, more performant - */ -static inline int -bpi_cipher_encrypt(uint8_t *src, uint8_t *dst, - uint8_t *iv, int ivlen, int srclen, - void *bpi_ctx) -{ - EVP_CIPHER_CTX *ctx = (EVP_CIPHER_CTX *)bpi_ctx; - int encrypted_ivlen; - uint8_t encrypted_iv[BPI_MAX_ENCR_IV_LEN]; - uint8_t *encr = encrypted_iv; - - /* ECB method: encrypt the IV, then XOR this with plaintext */ - if (EVP_EncryptUpdate(ctx, encrypted_iv, &encrypted_ivlen, iv, ivlen) - <= 0) - goto cipher_encrypt_err; - - for (; srclen != 0; --srclen, ++dst, ++src, ++encr) - *dst = *src ^ *encr; - - return 0; - -cipher_encrypt_err: - PMD_DRV_LOG(ERR, "libcrypto ECB cipher encrypt failed"); - return -EINVAL; -} /** Decrypt a single partial block * Depends on openssl libcrypto @@ -76,7 +37,7 @@ bpi_cipher_decrypt(uint8_t *src, uint8_t *dst, return 0; cipher_decrypt_err: - PMD_DRV_LOG(ERR, "libcrypto ECB cipher decrypt for BPI IV failed"); + QAT_DP_LOG(ERR, "libcrypto ECB cipher decrypt for BPI IV failed"); return -EINVAL; } @@ -115,83 +76,27 @@ qat_bpicipher_preprocess(struct qat_sym_session *ctx, iv = rte_crypto_op_ctod_offset(op, uint8_t *, ctx->cipher_iv.offset); -#ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX - rte_hexdump(stdout, "BPI: src before pre-process:", last_block, - last_block_len); +#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG + QAT_DP_HEXDUMP_LOG(DEBUG, "BPI: src before pre-process:", + last_block, last_block_len); if (sym_op->m_dst != NULL) - rte_hexdump(stdout, "BPI: dst before pre-process:", dst, - last_block_len); + QAT_DP_HEXDUMP_LOG(DEBUG, "BPI:dst before pre-process:", + dst, last_block_len); #endif bpi_cipher_decrypt(last_block, dst, iv, block_len, last_block_len, ctx->bpi_ctx); -#ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX - rte_hexdump(stdout, "BPI: src after pre-process:", last_block, - last_block_len); +#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG + QAT_DP_HEXDUMP_LOG(DEBUG, "BPI: src after pre-process:", + last_block, last_block_len); if (sym_op->m_dst != NULL) - rte_hexdump(stdout, "BPI: dst after pre-process:", dst, - last_block_len); + QAT_DP_HEXDUMP_LOG(DEBUG, "BPI: dst after pre-process:", + dst, last_block_len); #endif } return sym_op->cipher.data.length - last_block_len; } -static inline uint32_t -qat_bpicipher_postprocess(struct qat_sym_session *ctx, - struct rte_crypto_op *op) -{ - int block_len = qat_cipher_get_block_size(ctx->qat_cipher_alg); - struct rte_crypto_sym_op *sym_op = op->sym; - uint8_t last_block_len = block_len > 0 ? - sym_op->cipher.data.length % block_len : 0; - - if (last_block_len > 0 && - ctx->qat_dir == ICP_QAT_HW_CIPHER_ENCRYPT) { - - /* Encrypt last block */ - uint8_t *last_block, *dst, *iv; - uint32_t last_block_offset; - - last_block_offset = sym_op->cipher.data.offset + - sym_op->cipher.data.length - last_block_len; - last_block = (uint8_t *) rte_pktmbuf_mtod_offset(sym_op->m_src, - uint8_t *, last_block_offset); - - if (unlikely(sym_op->m_dst != NULL)) - /* out-of-place operation (OOP) */ - dst = (uint8_t *) rte_pktmbuf_mtod_offset(sym_op->m_dst, - uint8_t *, last_block_offset); - else - dst = last_block; - - if (last_block_len < sym_op->cipher.data.length) - /* use previous block ciphertext as IV */ - iv = dst - block_len; - else - /* runt block, i.e. less than one full block */ - iv = rte_crypto_op_ctod_offset(op, uint8_t *, - ctx->cipher_iv.offset); - -#ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX - rte_hexdump(stdout, "BPI: src before post-process:", last_block, - last_block_len); - if (sym_op->m_dst != NULL) - rte_hexdump(stdout, "BPI: dst before post-process:", - dst, last_block_len); -#endif - bpi_cipher_encrypt(last_block, dst, iv, block_len, - last_block_len, ctx->bpi_ctx); -#ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX - rte_hexdump(stdout, "BPI: src after post-process:", last_block, - last_block_len); - if (sym_op->m_dst != NULL) - rte_hexdump(stdout, "BPI: dst after post-process:", dst, - last_block_len); -#endif - } - return sym_op->cipher.data.length - last_block_len; -} - static inline void set_cipher_iv(uint16_t iv_length, uint16_t iv_offset, struct icp_qat_fw_la_cipher_req_params *cipher_param, @@ -252,34 +157,34 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, uint32_t min_ofs = 0; uint64_t src_buf_start = 0, dst_buf_start = 0; uint8_t do_sgl = 0; + uint8_t wireless_auth = 0, in_place = 1; struct rte_crypto_op *op = (struct rte_crypto_op *)in_op; struct qat_sym_op_cookie *cookie = (struct qat_sym_op_cookie *)op_cookie; -#ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) { - PMD_DRV_LOG(ERR, "QAT PMD only supports symmetric crypto " + QAT_DP_LOG(ERR, "QAT PMD only supports symmetric crypto " "operation requests, op (%p) is not a " "symmetric operation.", op); return -EINVAL; } -#endif + if (unlikely(op->sess_type == RTE_CRYPTO_OP_SESSIONLESS)) { - PMD_DRV_LOG(ERR, "QAT PMD only supports session oriented" + QAT_DP_LOG(ERR, "QAT PMD only supports session oriented" " requests, op (%p) is sessionless.", op); return -EINVAL; } - ctx = (struct qat_sym_session *)get_session_private_data( + ctx = (struct qat_sym_session *)get_sym_session_private_data( op->sym->session, cryptodev_qat_driver_id); if (unlikely(ctx == NULL)) { - PMD_DRV_LOG(ERR, "Session was not created for this device"); + QAT_DP_LOG(ERR, "Session was not created for this device"); return -EINVAL; } if (unlikely(ctx->min_qat_dev_gen > qat_dev_gen)) { - PMD_DRV_LOG(ERR, "Session alg not supported on this device gen"); + QAT_DP_LOG(ERR, "Session alg not supported on this device gen"); op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION; return -EINVAL; } @@ -321,10 +226,9 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3) { if (unlikely( - (cipher_param->cipher_length % BYTE_LENGTH != 0) - || (cipher_param->cipher_offset - % BYTE_LENGTH != 0))) { - PMD_DRV_LOG(ERR, + (op->sym->cipher.data.length % BYTE_LENGTH != 0) || + (op->sym->cipher.data.offset % BYTE_LENGTH != 0))) { + QAT_DP_LOG(ERR, "SNOW3G/KASUMI/ZUC in QAT PMD only supports byte aligned values"); op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; return -EINVAL; @@ -356,15 +260,17 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_KASUMI_F9 || ctx->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3) { - if (unlikely((auth_param->auth_off % BYTE_LENGTH != 0) - || (auth_param->auth_len % BYTE_LENGTH != 0))) { - PMD_DRV_LOG(ERR, + if (unlikely( + (op->sym->auth.data.offset % BYTE_LENGTH != 0) || + (op->sym->auth.data.length % BYTE_LENGTH != 0))) { + QAT_DP_LOG(ERR, "For SNOW3G/KASUMI/ZUC, QAT PMD only supports byte aligned values"); op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; return -EINVAL; } auth_ofs = op->sym->auth.data.offset >> 3; auth_len = op->sym->auth.data.length >> 3; + wireless_auth = 1; auth_param->u1.aad_adr = rte_crypto_op_ctophys_offset(op, @@ -534,6 +440,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, * Don't align DMA start. DMA the minimum data-set * so as not to overwrite data in dest buffer */ + in_place = 0; src_buf_start = rte_pktmbuf_iova_offset(op->sym->m_src, min_ofs); dst_buf_start = @@ -590,11 +497,14 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, ICP_QAT_FW_COMN_PTR_TYPE_SET(qat_req->comn_hdr.comn_req_flags, QAT_COMN_PTR_TYPE_SGL); - ret = qat_sgl_fill_array(op->sym->m_src, src_buf_start, - &cookie->qat_sgl_src, - qat_req->comn_mid.src_length); - if (ret) { - PMD_DRV_LOG(ERR, "QAT PMD Cannot fill sgl array"); + ret = qat_sgl_fill_array(op->sym->m_src, + (int64_t)(src_buf_start - rte_pktmbuf_iova(op->sym->m_src)), + &cookie->qat_sgl_src, + qat_req->comn_mid.src_length, + QAT_SYM_SGL_MAX_NUMBER); + + if (unlikely(ret)) { + QAT_DP_LOG(ERR, "QAT PMD Cannot fill sgl array"); return ret; } @@ -604,13 +514,14 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, cookie->qat_sgl_src_phys_addr; else { ret = qat_sgl_fill_array(op->sym->m_dst, - dst_buf_start, - &cookie->qat_sgl_dst, - qat_req->comn_mid.dst_length); - - if (ret) { - PMD_DRV_LOG(ERR, "QAT PMD Cannot " - "fill sgl array"); + (int64_t)(dst_buf_start - + rte_pktmbuf_iova(op->sym->m_dst)), + &cookie->qat_sgl_dst, + qat_req->comn_mid.dst_length, + QAT_SYM_SGL_MAX_NUMBER); + + if (unlikely(ret)) { + QAT_DP_LOG(ERR, "QAT PMD can't fill sgl array"); return ret; } @@ -622,19 +533,31 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, } else { qat_req->comn_mid.src_data_addr = src_buf_start; qat_req->comn_mid.dest_data_addr = dst_buf_start; + /* handle case of auth-gen-then-cipher with digest encrypted */ + if (wireless_auth && in_place && + (op->sym->auth.digest.phys_addr == + src_buf_start + auth_ofs + auth_len) && + (auth_ofs + auth_len + ctx->digest_length <= + cipher_ofs + cipher_len)) { + struct icp_qat_fw_comn_req_hdr *header = + &qat_req->comn_hdr; + ICP_QAT_FW_LA_DIGEST_IN_BUFFER_SET( + header->serv_specif_flags, + ICP_QAT_FW_LA_DIGEST_IN_BUFFER); + } } -#ifdef RTE_LIBRTE_PMD_QAT_DEBUG_TX - rte_hexdump(stdout, "qat_req:", qat_req, +#if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG + QAT_DP_HEXDUMP_LOG(DEBUG, "qat_req:", qat_req, sizeof(struct icp_qat_fw_la_bulk_req)); - rte_hexdump(stdout, "src_data:", + QAT_DP_HEXDUMP_LOG(DEBUG, "src_data:", rte_pktmbuf_mtod(op->sym->m_src, uint8_t*), rte_pktmbuf_data_len(op->sym->m_src)); if (do_cipher) { uint8_t *cipher_iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *, ctx->cipher_iv.offset); - rte_hexdump(stdout, "cipher iv:", cipher_iv_ptr, + QAT_DP_HEXDUMP_LOG(DEBUG, "cipher iv:", cipher_iv_ptr, ctx->cipher_iv.length); } @@ -643,53 +566,19 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, uint8_t *auth_iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *, ctx->auth_iv.offset); - rte_hexdump(stdout, "auth iv:", auth_iv_ptr, + QAT_DP_HEXDUMP_LOG(DEBUG, "auth iv:", auth_iv_ptr, ctx->auth_iv.length); } - rte_hexdump(stdout, "digest:", op->sym->auth.digest.data, + QAT_DP_HEXDUMP_LOG(DEBUG, "digest:", op->sym->auth.digest.data, ctx->digest_length); } if (do_aead) { - rte_hexdump(stdout, "digest:", op->sym->aead.digest.data, + QAT_DP_HEXDUMP_LOG(DEBUG, "digest:", op->sym->aead.digest.data, ctx->digest_length); - rte_hexdump(stdout, "aad:", op->sym->aead.aad.data, + QAT_DP_HEXDUMP_LOG(DEBUG, "aad:", op->sym->aead.aad.data, ctx->aad_len); } #endif return 0; } - -int -qat_sym_process_response(void **op, uint8_t *resp) -{ - - struct icp_qat_fw_comn_resp *resp_msg = - (struct icp_qat_fw_comn_resp *)resp; - struct rte_crypto_op *rx_op = (struct rte_crypto_op *)(uintptr_t) - (resp_msg->opaque_data); - -#ifdef RTE_LIBRTE_PMD_QAT_DEBUG_RX - rte_hexdump(stdout, "qat_response:", (uint8_t *)resp_msg, - sizeof(struct icp_qat_fw_comn_resp)); -#endif - - if (ICP_QAT_FW_COMN_STATUS_FLAG_OK != - ICP_QAT_FW_COMN_RESP_CRYPTO_STAT_GET( - resp_msg->comn_hdr.comn_status)) { - - rx_op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } else { - struct qat_sym_session *sess = (struct qat_sym_session *) - get_session_private_data( - rx_op->sym->session, - cryptodev_qat_driver_id); - - if (sess->bpi_ctx) - qat_bpicipher_postprocess(sess, rx_op); - rx_op->status = RTE_CRYPTO_OP_STATUS_SUCCESS; - } - *op = (void *)rx_op; - - return 0; -}