diff mbox series

crypto/qat: support to enable insecure algorithms

Message ID 20230420095816.1312737-1-vikash.chandrax.poddar@intel.com (mailing list archive)
State Superseded, archived
Delegated to: akhil goyal
Headers
Series crypto/qat: support to enable insecure algorithms |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/loongarch-compilation success Compilation OK
ci/loongarch-unit-testing success Unit Testing PASS
ci/github-robot: build success github build: passed
ci/Intel-compilation success Compilation OK
ci/intel-Testing success Testing PASS
ci/intel-Functional success Functional PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-broadcom-Functional success Functional Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-aarch64-unit-testing success Testing PASS
ci/iol-abi-testing success Testing PASS
ci/iol-unit-testing success Testing PASS
ci/iol-x86_64-compile-testing success Testing PASS
ci/iol-testing success Testing PASS
ci/iol-x86_64-unit-testing success Testing PASS
ci/iol-aarch64-compile-testing success Testing PASS

Commit Message

Vikash Poddar April 20, 2023, 9:58 a.m. UTC 
  All the insecure algorithms are default disable from
cryptodev.
use qat_legacy_capa to enable all the legacy
algorithms.

Signed-off-by: Vikash Poddar <vikash.chandrax.poddar@intel.com>
---
 drivers/common/qat/qat_device.c              |  1 +
 drivers/common/qat/qat_device.h              |  3 +-
 drivers/crypto/qat/dev/qat_crypto_pmd_gen2.c | 90 ++++++++++++--------
 drivers/crypto/qat/qat_crypto.h              |  1 +
 drivers/crypto/qat/qat_sym.c                 |  3 +
 5 files changed, 62 insertions(+), 36 deletions(-)
diff mbox series

Patch

diff --git a/drivers/common/qat/qat_device.c b/drivers/common/qat/qat_device.c
index 8bce2ac073..b8da684973 100644
--- a/drivers/common/qat/qat_device.c
+++ b/drivers/common/qat/qat_device.c
@@ -365,6 +365,7 @@  static int qat_pci_probe(struct rte_pci_driver *pci_drv __rte_unused,
 	struct qat_pci_device *qat_pci_dev;
 	struct qat_dev_hw_spec_funcs *ops_hw;
 	struct qat_dev_cmd_param qat_dev_cmd_param[] = {
+			{ QAT_LEGACY_CAPA, 0 },
 			{ QAT_IPSEC_MB_LIB, 0 },
 			{ SYM_ENQ_THRESHOLD_NAME, 0 },
 			{ ASYM_ENQ_THRESHOLD_NAME, 0 },
diff --git a/drivers/common/qat/qat_device.h b/drivers/common/qat/qat_device.h
index bc3da04238..12b8cc46b1 100644
--- a/drivers/common/qat/qat_device.h
+++ b/drivers/common/qat/qat_device.h
@@ -17,12 +17,13 @@ 
 
 #define QAT_DEV_NAME_MAX_LEN	64
 
+#define QAT_LEGACY_CAPA "qat_legacy_capa"
 #define QAT_IPSEC_MB_LIB "qat_ipsec_mb_lib"
 #define SYM_ENQ_THRESHOLD_NAME "qat_sym_enq_threshold"
 #define ASYM_ENQ_THRESHOLD_NAME "qat_asym_enq_threshold"
 #define COMP_ENQ_THRESHOLD_NAME "qat_comp_enq_threshold"
 #define QAT_CMD_SLICE_MAP "qat_cmd_slice_disable"
-#define QAT_CMD_SLICE_MAP_POS	4
+#define QAT_CMD_SLICE_MAP_POS	5
 #define MAX_QP_THRESHOLD_SIZE	32
 
 /**
diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gen2.c b/drivers/crypto/qat/dev/qat_crypto_pmd_gen2.c
index 60ca0fc0d2..3cd1c42d94 100644
--- a/drivers/crypto/qat/dev/qat_crypto_pmd_gen2.c
+++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gen2.c
@@ -12,10 +12,39 @@ 
 
 #define MIXED_CRYPTO_MIN_FW_VER 0x04090000
 
-static struct rte_cryptodev_capabilities qat_sym_crypto_caps_gen2[] = {
+static struct rte_cryptodev_capabilities qat_sym_crypto_legacy_caps_gen2[] = {
+	QAT_SYM_CIPHER_CAP(DES_CBC,
+		CAP_SET(block_size, 8),
+		CAP_RNG(key_size, 8, 24, 8), CAP_RNG(iv_size, 8, 8, 0)),
+	QAT_SYM_CIPHER_CAP(3DES_CBC,
+		CAP_SET(block_size, 8),
+		CAP_RNG(key_size, 8, 24, 8), CAP_RNG(iv_size, 8, 8, 0)),
+	QAT_SYM_CIPHER_CAP(3DES_CTR,
+		CAP_SET(block_size, 8),
+		CAP_RNG(key_size, 16, 24, 8), CAP_RNG(iv_size, 8, 8, 0)),
+	QAT_SYM_CIPHER_CAP(DES_DOCSISBPI,
+		CAP_SET(block_size, 8),
+		CAP_RNG(key_size, 8, 8, 0), CAP_RNG(iv_size, 8, 8, 0)),
 	QAT_SYM_PLAIN_AUTH_CAP(SHA1,
 		CAP_SET(block_size, 64),
 		CAP_RNG(digest_size, 1, 20, 1)),
+	QAT_SYM_AUTH_CAP(SHA224,
+		CAP_SET(block_size, 64),
+		CAP_RNG_ZERO(key_size), CAP_RNG(digest_size, 1, 28, 1),
+		CAP_RNG_ZERO(aad_size), CAP_RNG_ZERO(iv_size)),
+	QAT_SYM_AUTH_CAP(SHA224_HMAC,
+		CAP_SET(block_size, 64),
+		CAP_RNG(key_size, 1, 64, 1), CAP_RNG(digest_size, 1, 28, 1),
+		CAP_RNG_ZERO(aad_size), CAP_RNG_ZERO(iv_size)),
+	QAT_SYM_AUTH_CAP(SHA1_HMAC,
+		CAP_SET(block_size, 64),
+		CAP_RNG(key_size, 1, 64, 1), CAP_RNG(digest_size, 1, 20, 1),
+		CAP_RNG_ZERO(aad_size), CAP_RNG_ZERO(iv_size)),
+	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
+};
+
+
+static struct rte_cryptodev_capabilities qat_sym_crypto_caps_gen2[] = {
 	QAT_SYM_AEAD_CAP(AES_GCM,
 		CAP_SET(block_size, 16),
 		CAP_RNG(key_size, 16, 32, 8), CAP_RNG(digest_size, 8, 16, 4),
@@ -32,10 +61,6 @@  static struct rte_cryptodev_capabilities qat_sym_crypto_caps_gen2[] = {
 		CAP_SET(block_size, 16),
 		CAP_RNG(key_size, 16, 16, 0), CAP_RNG(digest_size, 4, 16, 4),
 			CAP_RNG_ZERO(aad_size), CAP_RNG_ZERO(iv_size)),
-	QAT_SYM_AUTH_CAP(SHA224,
-		CAP_SET(block_size, 64),
-		CAP_RNG_ZERO(key_size), CAP_RNG(digest_size, 1, 28, 1),
-		CAP_RNG_ZERO(aad_size), CAP_RNG_ZERO(iv_size)),
 	QAT_SYM_AUTH_CAP(SHA256,
 		CAP_SET(block_size, 64),
 		CAP_RNG_ZERO(key_size), CAP_RNG(digest_size, 1, 32, 1),
@@ -51,14 +76,6 @@  static struct rte_cryptodev_capabilities qat_sym_crypto_caps_gen2[] = {
 	QAT_SYM_PLAIN_AUTH_CAP(SHA3_256,
 		CAP_SET(block_size, 136),
 		CAP_RNG(digest_size, 32, 32, 0)),
-	QAT_SYM_AUTH_CAP(SHA1_HMAC,
-		CAP_SET(block_size, 64),
-		CAP_RNG(key_size, 1, 64, 1), CAP_RNG(digest_size, 1, 20, 1),
-		CAP_RNG_ZERO(aad_size), CAP_RNG_ZERO(iv_size)),
-	QAT_SYM_AUTH_CAP(SHA224_HMAC,
-		CAP_SET(block_size, 64),
-		CAP_RNG(key_size, 1, 64, 1), CAP_RNG(digest_size, 1, 28, 1),
-		CAP_RNG_ZERO(aad_size), CAP_RNG_ZERO(iv_size)),
 	QAT_SYM_AUTH_CAP(SHA256_HMAC,
 		CAP_SET(block_size, 64),
 		CAP_RNG(key_size, 1, 64, 1), CAP_RNG(digest_size, 1, 32, 1),
@@ -112,18 +129,6 @@  static struct rte_cryptodev_capabilities qat_sym_crypto_caps_gen2[] = {
 	QAT_SYM_CIPHER_CAP(NULL,
 		CAP_SET(block_size, 1),
 		CAP_RNG_ZERO(key_size), CAP_RNG_ZERO(iv_size)),
-	QAT_SYM_CIPHER_CAP(3DES_CBC,
-		CAP_SET(block_size, 8),
-		CAP_RNG(key_size, 8, 24, 8), CAP_RNG(iv_size, 8, 8, 0)),
-	QAT_SYM_CIPHER_CAP(3DES_CTR,
-		CAP_SET(block_size, 8),
-		CAP_RNG(key_size, 16, 24, 8), CAP_RNG(iv_size, 8, 8, 0)),
-	QAT_SYM_CIPHER_CAP(DES_CBC,
-		CAP_SET(block_size, 8),
-		CAP_RNG(key_size, 8, 24, 8), CAP_RNG(iv_size, 8, 8, 0)),
-	QAT_SYM_CIPHER_CAP(DES_DOCSISBPI,
-		CAP_SET(block_size, 8),
-		CAP_RNG(key_size, 8, 8, 0), CAP_RNG(iv_size, 8, 8, 0)),
 	QAT_SYM_CIPHER_CAP(ZUC_EEA3,
 		CAP_SET(block_size, 16),
 		CAP_RNG(key_size, 16, 16, 0), CAP_RNG(iv_size, 16, 16, 0)),
@@ -131,7 +136,6 @@  static struct rte_cryptodev_capabilities qat_sym_crypto_caps_gen2[] = {
 		CAP_SET(block_size, 16),
 		CAP_RNG(key_size, 16, 16, 0), CAP_RNG(digest_size, 4, 4, 0),
 		CAP_RNG_ZERO(aad_size), CAP_RNG(iv_size, 16, 16, 0)),
-	RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
 };
 
 static int
@@ -283,8 +287,16 @@  qat_sym_crypto_cap_get_gen2(struct qat_cryptodev_private *internals,
 			const char *capa_memz_name,
 			const uint16_t __rte_unused slice_map)
 {
-	const uint32_t size = sizeof(qat_sym_crypto_caps_gen2);
-	uint32_t i;
+	uint32_t i, j;
+	uint32_t curr_capa = 0;
+	uint32_t capa_num, legacy_capa_num;
+	uint32_t size = sizeof(qat_sym_crypto_caps_gen2);
+	uint32_t legacy_size = sizeof(qat_sym_crypto_legacy_caps_gen2);
+	capa_num = size/sizeof(struct rte_cryptodev_capabilities);
+	legacy_capa_num = legacy_size/sizeof(struct rte_cryptodev_capabilities);
+
+	if (unlikely(qat_legacy_capa))
+		size = size + legacy_size;
 
 	internals->capa_mz = rte_memzone_lookup(capa_memz_name);
 	if (internals->capa_mz == NULL) {
@@ -300,16 +312,24 @@  qat_sym_crypto_cap_get_gen2(struct qat_cryptodev_private *internals,
 	struct rte_cryptodev_capabilities *addr =
 			(struct rte_cryptodev_capabilities *)
 				internals->capa_mz->addr;
-	const struct rte_cryptodev_capabilities *capabilities =
-		qat_sym_crypto_caps_gen2;
-	const uint32_t capa_num =
-		size / sizeof(struct rte_cryptodev_capabilities);
-	uint32_t curr_capa = 0;
+	struct rte_cryptodev_capabilities *capabilities;
 
-	for (i = 0; i < capa_num; i++) {
-		memcpy(addr + curr_capa, capabilities + i,
+	capabilities = qat_sym_crypto_caps_gen2;
+	if (unlikely(qat_legacy_capa))
+		capa_num += legacy_capa_num;
+
+	for (i = 0, j = 0; i < capa_num; i++) {
+		memcpy(addr + curr_capa, capabilities + j,
 			sizeof(struct rte_cryptodev_capabilities));
 		curr_capa++;
+		j++;
+
+		if (unlikely(qat_legacy_capa) && (i == capa_num-legacy_capa_num-1)) {
+			capabilities = qat_sym_crypto_legacy_caps_gen2;
+			addr += curr_capa;
+			j = 0;
+			curr_capa = 0;
+		}
 	}
 	internals->qat_dev_capabilities = internals->capa_mz->addr;
 
diff --git a/drivers/crypto/qat/qat_crypto.h b/drivers/crypto/qat/qat_crypto.h
index 6fe1326c51..a4152302bc 100644
--- a/drivers/crypto/qat/qat_crypto.h
+++ b/drivers/crypto/qat/qat_crypto.h
@@ -11,6 +11,7 @@ 
 
 extern uint8_t qat_sym_driver_id;
 extern uint8_t qat_asym_driver_id;
+extern int qat_legacy_capa;
 
 /**
  * helper macro to set cryptodev capability range
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index 08e92191a3..61f5cd9a36 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -17,6 +17,7 @@ 
 
 uint8_t qat_sym_driver_id;
 int qat_ipsec_mb_lib;
+int qat_legacy_capa;
 
 struct qat_crypto_gen_dev_ops qat_sym_gen_dev_ops[QAT_N_GENS];
 
@@ -281,6 +282,8 @@  qat_sym_dev_create(struct qat_pci_device *qat_pci_dev,
 					qat_dev_cmd_param[i].val;
 		if (!strcmp(qat_dev_cmd_param[i].name, QAT_IPSEC_MB_LIB))
 			qat_ipsec_mb_lib = qat_dev_cmd_param[i].val;
+		if (!strcmp(qat_dev_cmd_param[i].name, QAT_LEGACY_CAPA))
+			qat_legacy_capa = qat_dev_cmd_param[i].val;
 		if (!strcmp(qat_dev_cmd_param[i].name, QAT_CMD_SLICE_MAP))
 			slice_map = qat_dev_cmd_param[i].val;
 		i++;