+------------------+-----------+-------------+----------+----------+
| Cipher algorithm | NULL AUTH | SNOW3G UIA2 | ZUC EIA3 | AES CMAC |
+==================+===========+=============+==========+==========+
- | NULL CIPHER | Y | 3 | 3 | Y |
+ | NULL CIPHER | Y | 2&3 | 2&3 | Y |
+------------------+-----------+-------------+----------+----------+
- | SNOW3G UEA2 | 3 | Y | 3 | 3 |
+ | SNOW3G UEA2 | 2&3 | Y | 2&3 | 2&3 |
+------------------+-----------+-------------+----------+----------+
- | ZUC EEA3 | 3 | 3 | 2&3 | 3 |
+ | ZUC EEA3 | 2&3 | 2&3 | 2&3 | 2&3 |
+------------------+-----------+-------------+----------+----------+
- | AES CTR | Y | 3 | 3 | Y |
+ | AES CTR | Y | 2&3 | 2&3 | Y |
+------------------+-----------+-------------+----------+----------+
* The combinations marked as "Y" are supported on all QAT hardware versions.
* The combinations marked as "2&3" are supported on GEN2/GEN3 QAT hardware only.
-* The combinations marked as "3" are supported on GEN3 QAT hardware only.
Limitations
enqueued to the device and will be marked as failed. The simplest way to
mitigate this is to use the bdf whitelist to avoid mixing devices of different
generations in the same process if planning to use for GCM.
+* The mixed algo feature on GEN2 is not supported by all kernel drivers. Check
+ the notes under the Available Kernel Drivers table below for specific details.
Extra notes on KASUMI F9
~~~~~~~~~~~~~~~~~~~~~~~~
| Yes | No | No | 3 | P5xxx | p | qat_p5xxx | p5xxx | 18a0 | 1 | 18a1 | 128 |
+-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
+* Note: Symmetric mixed crypto algorithms feature on Gen 2 works only with 01.org driver version 4.9.0+
+
The first 3 columns indicate the service:
* S = Symmetric crypto service (via cryptodev API)
* Added support for matching on IPv4 Time To Live and IPv6 Hop Limit.
+* **Added handling of mixed crypto algorithms in QAT PMD for GEN2.**
+
+ Enabled handling of mixed algorithms in encrypted digest hash-cipher
+ (generation) and cipher-hash (verification) requests in QAT PMD
+ when running on GEN2 QAT hardware with particular firmware versions
+ (GEN3 support was added in DPDK 20.02).
+
* **Updated the turbo_sw bbdev PMD.**
Supported large size code blocks which does not fit in one mbuf segment.
#include "qat_sym_session.h"
#include "qat_sym_pmd.h"
+#define MIXED_CRYPTO_MIN_FW_VER 0x04090000
+
uint8_t cryptodev_qat_driver_id;
static const struct rte_cryptodev_capabilities qat_gen1_sym_capabilities[] = {
qat_sgl_dst);
}
+ /* Get fw version from QAT (GEN2), skip if we've got it already */
+ if (qp->qat_dev_gen == QAT_GEN2 && !(qat_private->internal_capabilities
+ & QAT_SYM_CAP_VALID)) {
+ ret = qat_cq_get_fw_version(qp);
+
+ if (ret < 0) {
+ qat_sym_qp_release(dev, qp_id);
+ return ret;
+ }
+
+ if (ret != 0)
+ QAT_LOG(DEBUG, "QAT firmware version: %d.%d.%d",
+ (ret >> 24) & 0xff,
+ (ret >> 16) & 0xff,
+ (ret >> 8) & 0xff);
+ else
+ QAT_LOG(DEBUG, "unknown QAT firmware version");
+
+ /* set capabilities based on the fw version */
+ qat_private->internal_capabilities = QAT_SYM_CAP_VALID |
+ ((ret >= MIXED_CRYPTO_MIN_FW_VER) ?
+ QAT_SYM_CAP_MIXED_CRYPTO : 0);
+ ret = 0;
+ }
+
return ret;
}
/** Intel(R) QAT Symmetric Crypto PMD driver name */
#define CRYPTODEV_NAME_QAT_SYM_PMD crypto_qat
+/* Internal capabilities */
+#define QAT_SYM_CAP_MIXED_CRYPTO (1 << 0)
+#define QAT_SYM_CAP_VALID (1 << 31)
+
extern uint8_t cryptodev_qat_driver_id;
/** private data structure for a QAT device.
const struct rte_cryptodev_capabilities *qat_dev_capabilities;
/* QAT device symmetric crypto capabilities */
uint16_t min_enq_burst_threshold;
+ uint32_t internal_capabilities; /* see flags QAT_SYM_CAP_xxx */
};
int
}
static void
-qat_sym_session_handle_mixed(struct qat_sym_session *session)
+qat_sym_session_handle_mixed(const struct rte_cryptodev *dev,
+ struct qat_sym_session *session)
{
+ const struct qat_sym_dev_private *qat_private = dev->data->dev_private;
+ enum qat_device_gen min_dev_gen = (qat_private->internal_capabilities &
+ QAT_SYM_CAP_MIXED_CRYPTO) ? QAT_GEN2 : QAT_GEN3;
+
if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3 &&
session->qat_cipher_alg !=
ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3) {
- session->min_qat_dev_gen = QAT_GEN3;
+ session->min_qat_dev_gen = min_dev_gen;
qat_sym_session_set_ext_hash_flags(session,
1 << ICP_QAT_FW_AUTH_HDR_FLAG_ZUC_EIA3_BITPOS);
} else if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2 &&
session->qat_cipher_alg !=
ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2) {
- session->min_qat_dev_gen = QAT_GEN3;
+ session->min_qat_dev_gen = min_dev_gen;
qat_sym_session_set_ext_hash_flags(session,
1 << ICP_QAT_FW_AUTH_HDR_FLAG_SNOW3G_UIA2_BITPOS);
} else if ((session->aes_cmac ||
ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2 ||
session->qat_cipher_alg ==
ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3)) {
- session->min_qat_dev_gen = QAT_GEN3;
+ session->min_qat_dev_gen = min_dev_gen;
qat_sym_session_set_ext_hash_flags(session, 0);
}
}
if (ret < 0)
return ret;
/* Special handling of mixed hash+cipher algorithms */
- qat_sym_session_handle_mixed(session);
+ qat_sym_session_handle_mixed(dev, session);
}
break;
case ICP_QAT_FW_LA_CMD_HASH_CIPHER:
if (ret < 0)
return ret;
/* Special handling of mixed hash+cipher algorithms */
- qat_sym_session_handle_mixed(session);
+ qat_sym_session_handle_mixed(dev, session);
}
break;
case ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM:
git.droids-corp.org / dpdk.git / commitdiff