From a1598e90f353b609df41b077c59dbd1f378d23c0 Mon Sep 17 00:00:00 2001 From: Adam Dybkowski Date: Thu, 26 Mar 2020 17:22:08 +0100 Subject: [PATCH] crypto/qat: handle mixed hash-cipher on GEN2 This patch adds handling of mixed hash-cipher algorithms available on GEN2 QAT in particular firmware versions. Also the documentation is updated to show the mixed crypto algorithms are supported on QAT GEN2. Signed-off-by: Adam Dybkowski Acked-by: Fiona Trahe --- doc/guides/cryptodevs/qat.rst | 13 ++++++++----- doc/guides/rel_notes/release_20_05.rst | 7 +++++++ drivers/crypto/qat/qat_sym_pmd.c | 27 ++++++++++++++++++++++++++ drivers/crypto/qat/qat_sym_pmd.h | 5 +++++ drivers/crypto/qat/qat_sym_session.c | 17 ++++++++++------ 5 files changed, 58 insertions(+), 11 deletions(-) diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst index 1e83ed6267..c79e686deb 100644 --- a/doc/guides/cryptodevs/qat.rst +++ b/doc/guides/cryptodevs/qat.rst @@ -82,18 +82,17 @@ All the usual chains are supported and also some mixed chains: +------------------+-----------+-------------+----------+----------+ | Cipher algorithm | NULL AUTH | SNOW3G UIA2 | ZUC EIA3 | AES CMAC | +==================+===========+=============+==========+==========+ - | NULL CIPHER | Y | 3 | 3 | Y | + | NULL CIPHER | Y | 2&3 | 2&3 | Y | +------------------+-----------+-------------+----------+----------+ - | SNOW3G UEA2 | 3 | Y | 3 | 3 | + | SNOW3G UEA2 | 2&3 | Y | 2&3 | 2&3 | +------------------+-----------+-------------+----------+----------+ - | ZUC EEA3 | 3 | 3 | 2&3 | 3 | + | ZUC EEA3 | 2&3 | 2&3 | 2&3 | 2&3 | +------------------+-----------+-------------+----------+----------+ - | AES CTR | Y | 3 | 3 | Y | + | AES CTR | Y | 2&3 | 2&3 | Y | +------------------+-----------+-------------+----------+----------+ * The combinations marked as "Y" are supported on all QAT hardware versions. * The combinations marked as "2&3" are supported on GEN2/GEN3 QAT hardware only. -* The combinations marked as "3" are supported on GEN3 QAT hardware only. Limitations @@ -120,6 +119,8 @@ Limitations enqueued to the device and will be marked as failed. The simplest way to mitigate this is to use the bdf whitelist to avoid mixing devices of different generations in the same process if planning to use for GCM. +* The mixed algo feature on GEN2 is not supported by all kernel drivers. Check + the notes under the Available Kernel Drivers table below for specific details. Extra notes on KASUMI F9 ~~~~~~~~~~~~~~~~~~~~~~~~ @@ -379,6 +380,8 @@ to see the full table) | Yes | No | No | 3 | P5xxx | p | qat_p5xxx | p5xxx | 18a0 | 1 | 18a1 | 128 | +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+ +* Note: Symmetric mixed crypto algorithms feature on Gen 2 works only with 01.org driver version 4.9.0+ + The first 3 columns indicate the service: * S = Symmetric crypto service (via cryptodev API) diff --git a/doc/guides/rel_notes/release_20_05.rst b/doc/guides/rel_notes/release_20_05.rst index c9b243c693..1849678444 100644 --- a/doc/guides/rel_notes/release_20_05.rst +++ b/doc/guides/rel_notes/release_20_05.rst @@ -62,6 +62,13 @@ New Features * Added support for matching on IPv4 Time To Live and IPv6 Hop Limit. +* **Added handling of mixed crypto algorithms in QAT PMD for GEN2.** + + Enabled handling of mixed algorithms in encrypted digest hash-cipher + (generation) and cipher-hash (verification) requests in QAT PMD + when running on GEN2 QAT hardware with particular firmware versions + (GEN3 support was added in DPDK 20.02). + * **Updated the turbo_sw bbdev PMD.** Supported large size code blocks which does not fit in one mbuf segment. diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c index 50abdf6f5b..e887c880fb 100644 --- a/drivers/crypto/qat/qat_sym_pmd.c +++ b/drivers/crypto/qat/qat_sym_pmd.c @@ -14,6 +14,8 @@ #include "qat_sym_session.h" #include "qat_sym_pmd.h" +#define MIXED_CRYPTO_MIN_FW_VER 0x04090000 + uint8_t cryptodev_qat_driver_id; static const struct rte_cryptodev_capabilities qat_gen1_sym_capabilities[] = { @@ -187,6 +189,31 @@ static int qat_sym_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, qat_sgl_dst); } + /* Get fw version from QAT (GEN2), skip if we've got it already */ + if (qp->qat_dev_gen == QAT_GEN2 && !(qat_private->internal_capabilities + & QAT_SYM_CAP_VALID)) { + ret = qat_cq_get_fw_version(qp); + + if (ret < 0) { + qat_sym_qp_release(dev, qp_id); + return ret; + } + + if (ret != 0) + QAT_LOG(DEBUG, "QAT firmware version: %d.%d.%d", + (ret >> 24) & 0xff, + (ret >> 16) & 0xff, + (ret >> 8) & 0xff); + else + QAT_LOG(DEBUG, "unknown QAT firmware version"); + + /* set capabilities based on the fw version */ + qat_private->internal_capabilities = QAT_SYM_CAP_VALID | + ((ret >= MIXED_CRYPTO_MIN_FW_VER) ? + QAT_SYM_CAP_MIXED_CRYPTO : 0); + ret = 0; + } + return ret; } diff --git a/drivers/crypto/qat/qat_sym_pmd.h b/drivers/crypto/qat/qat_sym_pmd.h index a32c25abc0..a5a31e5128 100644 --- a/drivers/crypto/qat/qat_sym_pmd.h +++ b/drivers/crypto/qat/qat_sym_pmd.h @@ -15,6 +15,10 @@ /** Intel(R) QAT Symmetric Crypto PMD driver name */ #define CRYPTODEV_NAME_QAT_SYM_PMD crypto_qat +/* Internal capabilities */ +#define QAT_SYM_CAP_MIXED_CRYPTO (1 << 0) +#define QAT_SYM_CAP_VALID (1 << 31) + extern uint8_t cryptodev_qat_driver_id; /** private data structure for a QAT device. @@ -29,6 +33,7 @@ struct qat_sym_dev_private { const struct rte_cryptodev_capabilities *qat_dev_capabilities; /* QAT device symmetric crypto capabilities */ uint16_t min_enq_burst_threshold; + uint32_t internal_capabilities; /* see flags QAT_SYM_CAP_xxx */ }; int diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index 61ab9edc4f..fd2cc382e6 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -464,18 +464,23 @@ qat_sym_session_set_ext_hash_flags(struct qat_sym_session *session, } static void -qat_sym_session_handle_mixed(struct qat_sym_session *session) +qat_sym_session_handle_mixed(const struct rte_cryptodev *dev, + struct qat_sym_session *session) { + const struct qat_sym_dev_private *qat_private = dev->data->dev_private; + enum qat_device_gen min_dev_gen = (qat_private->internal_capabilities & + QAT_SYM_CAP_MIXED_CRYPTO) ? QAT_GEN2 : QAT_GEN3; + if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3 && session->qat_cipher_alg != ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3) { - session->min_qat_dev_gen = QAT_GEN3; + session->min_qat_dev_gen = min_dev_gen; qat_sym_session_set_ext_hash_flags(session, 1 << ICP_QAT_FW_AUTH_HDR_FLAG_ZUC_EIA3_BITPOS); } else if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2 && session->qat_cipher_alg != ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2) { - session->min_qat_dev_gen = QAT_GEN3; + session->min_qat_dev_gen = min_dev_gen; qat_sym_session_set_ext_hash_flags(session, 1 << ICP_QAT_FW_AUTH_HDR_FLAG_SNOW3G_UIA2_BITPOS); } else if ((session->aes_cmac || @@ -484,7 +489,7 @@ qat_sym_session_handle_mixed(struct qat_sym_session *session) ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2 || session->qat_cipher_alg == ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3)) { - session->min_qat_dev_gen = QAT_GEN3; + session->min_qat_dev_gen = min_dev_gen; qat_sym_session_set_ext_hash_flags(session, 0); } } @@ -537,7 +542,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, if (ret < 0) return ret; /* Special handling of mixed hash+cipher algorithms */ - qat_sym_session_handle_mixed(session); + qat_sym_session_handle_mixed(dev, session); } break; case ICP_QAT_FW_LA_CMD_HASH_CIPHER: @@ -556,7 +561,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, if (ret < 0) return ret; /* Special handling of mixed hash+cipher algorithms */ - qat_sym_session_handle_mixed(session); + qat_sym_session_handle_mixed(dev, session); } break; case ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM: -- 2.20.1