[2/2] crypto/qat: handle mixed hash-cipher crypto on GEN2 QAT
Checks
Commit Message
This patch adds handling of mixed hash-cipher algorithms
available on GEN2 QAT in particular firmware versions.
Also the documentation is updated to show the mixed crypto
algorithms are supported on QAT GEN2.
Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
---
doc/guides/cryptodevs/qat.rst | 9 ++++-----
doc/guides/rel_notes/release_20_05.rst | 7 +++++++
drivers/crypto/qat/qat_sym_pmd.c | 23 +++++++++++++++++++++++
drivers/crypto/qat/qat_sym_pmd.h | 5 +++++
drivers/crypto/qat/qat_sym_session.c | 17 +++++++++++------
5 files changed, 50 insertions(+), 11 deletions(-)
Comments
Hi Adam,
> -----Original Message-----
> From: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> Sent: Thursday, March 12, 2020 2:14 PM
> To: dev@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com
> Cc: Dybkowski, AdamX <adamx.dybkowski@intel.com>
> Subject: [PATCH 2/2] crypto/qat: handle mixed hash-cipher crypto on GEN2 QAT
>
> This patch adds handling of mixed hash-cipher algorithms
> available on GEN2 QAT in particular firmware versions.
> Also the documentation is updated to show the mixed crypto
> algorithms are supported on QAT GEN2.
>
> Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
> ---
> doc/guides/cryptodevs/qat.rst | 9 ++++-----
> doc/guides/rel_notes/release_20_05.rst | 7 +++++++
> drivers/crypto/qat/qat_sym_pmd.c | 23 +++++++++++++++++++++++
> drivers/crypto/qat/qat_sym_pmd.h | 5 +++++
> drivers/crypto/qat/qat_sym_session.c | 17 +++++++++++------
> 5 files changed, 50 insertions(+), 11 deletions(-)
>
> diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
> index 06985e319..2e0dc1b00 100644
> --- a/doc/guides/cryptodevs/qat.rst
> +++ b/doc/guides/cryptodevs/qat.rst
> @@ -82,18 +82,17 @@ All the usual chains are supported and also some mixed chains:
> +------------------+-----------+-------------+----------+----------+
> | Cipher algorithm | NULL AUTH | SNOW3G UIA2 | ZUC EIA3 | AES CMAC |
> +==================+===========+=============+==========+==========+
> - | NULL CIPHER | Y | 3 | 3 | Y |
> + | NULL CIPHER | Y | 2&3 | 2&3 | Y |
> +------------------+-----------+-------------+----------+----------+
> - | SNOW3G UEA2 | 3 | Y | 3 | 3 |
> + | SNOW3G UEA2 | 2&3 | Y | 2&3 | 2&3 |
> +------------------+-----------+-------------+----------+----------+
> - | ZUC EEA3 | 3 | 3 | 2&3 | 3 |
> + | ZUC EEA3 | 2&3 | 2&3 | 2&3 | 2&3 |
> +------------------+-----------+-------------+----------+----------+
> - | AES CTR | Y | 3 | 3 | Y |
> + | AES CTR | Y | 2&3 | 2&3 | Y |
> +------------------+-----------+-------------+----------+----------+
>
> * The combinations marked as "Y" are supported on all QAT hardware versions.
> * The combinations marked as "2&3" are supported on GEN2/GEN3 QAT hardware only.
> -* The combinations marked as "3" are supported on GEN3 QAT hardware only.
>
>
> Limitations
> diff --git a/doc/guides/rel_notes/release_20_05.rst b/doc/guides/rel_notes/release_20_05.rst
> index 2190eaf85..bdfa64973 100644
> --- a/doc/guides/rel_notes/release_20_05.rst
> +++ b/doc/guides/rel_notes/release_20_05.rst
> @@ -56,6 +56,13 @@ New Features
> Also, make sure to start the actual text at the margin.
> =========================================================
>
> +* **Added handling of mixed crypto algorithms in QAT PMD for GEN2.**
> +
> + Enabled handling of mixed algorithms in encrypted digest hash-cipher
> + (generation) and cipher-hash (verification) requests in QAT PMD
> + when running on GEN2 QAT hardware with particular firmware versions
> + (GEN3 support was added in DPDK 20.02).
> +
>
> Removed Items
> -------------
> diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c
> index 666ede726..69b11ec78 100644
> --- a/drivers/crypto/qat/qat_sym_pmd.c
> +++ b/drivers/crypto/qat/qat_sym_pmd.c
> @@ -14,6 +14,8 @@
> #include "qat_sym_session.h"
> #include "qat_sym_pmd.h"
>
> +#define MIXED_CRYPTO_MIN_FW_VER 0x04090000
> +
> uint8_t cryptodev_qat_driver_id;
>
> static const struct rte_cryptodev_capabilities qat_gen1_sym_capabilities[] = {
> @@ -187,6 +189,27 @@ static int qat_sym_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
> qat_sgl_dst);
> }
>
> + /* Get fw version from QAT (GEN2), skip if we've got it already */
> + if (qp->qat_dev_gen == QAT_GEN2 && !(qat_private->internal_capabilities
> + & QAT_SYM_CAP_VALID)) {
> + ret = qat_cq_get_fw_version(qp);
> +
> + if (ret < 0)
> + return ret;
[Fiona] if this fails, then need to clean up the ring before returning
> +
> + if (ret != 0)
> + QAT_LOG(DEBUG, "QAT firmware version: %d.%d.%d",
> + (ret >> 24) & 0xff,
> + (ret >> 16) & 0xff,
> + (ret >> 8) & 0xff);
[Fiona] add debug log with "unknown firmware version" in else case
> +
> + /* set capabilities based on the fw version */
> + qat_private->internal_capabilities = QAT_SYM_CAP_VALID |
> + ((ret >= MIXED_CRYPTO_MIN_FW_VER) ?
> + QAT_SYM_CAP_MIXED_CRYPTO : 0);
> + ret = 0;
> + }
> +
> return ret;
> }
>
> diff --git a/drivers/crypto/qat/qat_sym_pmd.h b/drivers/crypto/qat/qat_sym_pmd.h
> index a32c25abc..a5a31e512 100644
> --- a/drivers/crypto/qat/qat_sym_pmd.h
> +++ b/drivers/crypto/qat/qat_sym_pmd.h
> @@ -15,6 +15,10 @@
> /** Intel(R) QAT Symmetric Crypto PMD driver name */
> #define CRYPTODEV_NAME_QAT_SYM_PMD crypto_qat
>
> +/* Internal capabilities */
> +#define QAT_SYM_CAP_MIXED_CRYPTO (1 << 0)
> +#define QAT_SYM_CAP_VALID (1 << 31)
> +
> extern uint8_t cryptodev_qat_driver_id;
>
> /** private data structure for a QAT device.
> @@ -29,6 +33,7 @@ struct qat_sym_dev_private {
> const struct rte_cryptodev_capabilities *qat_dev_capabilities;
> /* QAT device symmetric crypto capabilities */
> uint16_t min_enq_burst_threshold;
> + uint32_t internal_capabilities; /* see flags QAT_SYM_CAP_xxx */
> };
>
> int
> diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
> index 4359f2f0b..bf6af60aa 100644
> --- a/drivers/crypto/qat/qat_sym_session.c
> +++ b/drivers/crypto/qat/qat_sym_session.c
> @@ -459,18 +459,23 @@ qat_sym_session_set_ext_hash_flags(struct qat_sym_session *session,
> }
>
> static void
> -qat_sym_session_handle_mixed(struct qat_sym_session *session)
> +qat_sym_session_handle_mixed(const struct rte_cryptodev *dev,
> + struct qat_sym_session *session)
> {
> + const struct qat_sym_dev_private *qat_private = dev->data->dev_private;
> + enum qat_device_gen min_dev_gen = (qat_private->internal_capabilities &
> + QAT_SYM_CAP_MIXED_CRYPTO) ? QAT_GEN2 : QAT_GEN3;
> +
> if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3 &&
> session->qat_cipher_alg !=
> ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3) {
> - session->min_qat_dev_gen = QAT_GEN3;
> + session->min_qat_dev_gen = min_dev_gen;
> qat_sym_session_set_ext_hash_flags(session,
> 1 << ICP_QAT_FW_AUTH_HDR_FLAG_ZUC_EIA3_BITPOS);
> } else if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2 &&
> session->qat_cipher_alg !=
> ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2) {
> - session->min_qat_dev_gen = QAT_GEN3;
> + session->min_qat_dev_gen = min_dev_gen;
> qat_sym_session_set_ext_hash_flags(session,
> 1 << ICP_QAT_FW_AUTH_HDR_FLAG_SNOW3G_UIA2_BITPOS);
> } else if ((session->aes_cmac ||
> @@ -479,7 +484,7 @@ qat_sym_session_handle_mixed(struct qat_sym_session *session)
> ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2 ||
> session->qat_cipher_alg ==
> ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3)) {
> - session->min_qat_dev_gen = QAT_GEN3;
> + session->min_qat_dev_gen = min_dev_gen;
> qat_sym_session_set_ext_hash_flags(session, 0);
> }
> }
> @@ -532,7 +537,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
> if (ret < 0)
> return ret;
> /* Special handling of mixed hash+cipher algorithms */
> - qat_sym_session_handle_mixed(session);
> + qat_sym_session_handle_mixed(dev, session);
> }
> break;
> case ICP_QAT_FW_LA_CMD_HASH_CIPHER:
> @@ -551,7 +556,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
> if (ret < 0)
> return ret;
> /* Special handling of mixed hash+cipher algorithms */
> - qat_sym_session_handle_mixed(session);
> + qat_sym_session_handle_mixed(dev, session);
> }
> break;
> case ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM:
> --
> 2.17.1
@@ -82,18 +82,17 @@ All the usual chains are supported and also some mixed chains:
+------------------+-----------+-------------+----------+----------+
| Cipher algorithm | NULL AUTH | SNOW3G UIA2 | ZUC EIA3 | AES CMAC |
+==================+===========+=============+==========+==========+
- | NULL CIPHER | Y | 3 | 3 | Y |
+ | NULL CIPHER | Y | 2&3 | 2&3 | Y |
+------------------+-----------+-------------+----------+----------+
- | SNOW3G UEA2 | 3 | Y | 3 | 3 |
+ | SNOW3G UEA2 | 2&3 | Y | 2&3 | 2&3 |
+------------------+-----------+-------------+----------+----------+
- | ZUC EEA3 | 3 | 3 | 2&3 | 3 |
+ | ZUC EEA3 | 2&3 | 2&3 | 2&3 | 2&3 |
+------------------+-----------+-------------+----------+----------+
- | AES CTR | Y | 3 | 3 | Y |
+ | AES CTR | Y | 2&3 | 2&3 | Y |
+------------------+-----------+-------------+----------+----------+
* The combinations marked as "Y" are supported on all QAT hardware versions.
* The combinations marked as "2&3" are supported on GEN2/GEN3 QAT hardware only.
-* The combinations marked as "3" are supported on GEN3 QAT hardware only.
Limitations
@@ -56,6 +56,13 @@ New Features
Also, make sure to start the actual text at the margin.
=========================================================
+* **Added handling of mixed crypto algorithms in QAT PMD for GEN2.**
+
+ Enabled handling of mixed algorithms in encrypted digest hash-cipher
+ (generation) and cipher-hash (verification) requests in QAT PMD
+ when running on GEN2 QAT hardware with particular firmware versions
+ (GEN3 support was added in DPDK 20.02).
+
Removed Items
-------------
@@ -14,6 +14,8 @@
#include "qat_sym_session.h"
#include "qat_sym_pmd.h"
+#define MIXED_CRYPTO_MIN_FW_VER 0x04090000
+
uint8_t cryptodev_qat_driver_id;
static const struct rte_cryptodev_capabilities qat_gen1_sym_capabilities[] = {
@@ -187,6 +189,27 @@ static int qat_sym_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
qat_sgl_dst);
}
+ /* Get fw version from QAT (GEN2), skip if we've got it already */
+ if (qp->qat_dev_gen == QAT_GEN2 && !(qat_private->internal_capabilities
+ & QAT_SYM_CAP_VALID)) {
+ ret = qat_cq_get_fw_version(qp);
+
+ if (ret < 0)
+ return ret;
+
+ if (ret != 0)
+ QAT_LOG(DEBUG, "QAT firmware version: %d.%d.%d",
+ (ret >> 24) & 0xff,
+ (ret >> 16) & 0xff,
+ (ret >> 8) & 0xff);
+
+ /* set capabilities based on the fw version */
+ qat_private->internal_capabilities = QAT_SYM_CAP_VALID |
+ ((ret >= MIXED_CRYPTO_MIN_FW_VER) ?
+ QAT_SYM_CAP_MIXED_CRYPTO : 0);
+ ret = 0;
+ }
+
return ret;
}
@@ -15,6 +15,10 @@
/** Intel(R) QAT Symmetric Crypto PMD driver name */
#define CRYPTODEV_NAME_QAT_SYM_PMD crypto_qat
+/* Internal capabilities */
+#define QAT_SYM_CAP_MIXED_CRYPTO (1 << 0)
+#define QAT_SYM_CAP_VALID (1 << 31)
+
extern uint8_t cryptodev_qat_driver_id;
/** private data structure for a QAT device.
@@ -29,6 +33,7 @@ struct qat_sym_dev_private {
const struct rte_cryptodev_capabilities *qat_dev_capabilities;
/* QAT device symmetric crypto capabilities */
uint16_t min_enq_burst_threshold;
+ uint32_t internal_capabilities; /* see flags QAT_SYM_CAP_xxx */
};
int
@@ -459,18 +459,23 @@ qat_sym_session_set_ext_hash_flags(struct qat_sym_session *session,
}
static void
-qat_sym_session_handle_mixed(struct qat_sym_session *session)
+qat_sym_session_handle_mixed(const struct rte_cryptodev *dev,
+ struct qat_sym_session *session)
{
+ const struct qat_sym_dev_private *qat_private = dev->data->dev_private;
+ enum qat_device_gen min_dev_gen = (qat_private->internal_capabilities &
+ QAT_SYM_CAP_MIXED_CRYPTO) ? QAT_GEN2 : QAT_GEN3;
+
if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3 &&
session->qat_cipher_alg !=
ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3) {
- session->min_qat_dev_gen = QAT_GEN3;
+ session->min_qat_dev_gen = min_dev_gen;
qat_sym_session_set_ext_hash_flags(session,
1 << ICP_QAT_FW_AUTH_HDR_FLAG_ZUC_EIA3_BITPOS);
} else if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2 &&
session->qat_cipher_alg !=
ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2) {
- session->min_qat_dev_gen = QAT_GEN3;
+ session->min_qat_dev_gen = min_dev_gen;
qat_sym_session_set_ext_hash_flags(session,
1 << ICP_QAT_FW_AUTH_HDR_FLAG_SNOW3G_UIA2_BITPOS);
} else if ((session->aes_cmac ||
@@ -479,7 +484,7 @@ qat_sym_session_handle_mixed(struct qat_sym_session *session)
ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2 ||
session->qat_cipher_alg ==
ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3)) {
- session->min_qat_dev_gen = QAT_GEN3;
+ session->min_qat_dev_gen = min_dev_gen;
qat_sym_session_set_ext_hash_flags(session, 0);
}
}
@@ -532,7 +537,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
if (ret < 0)
return ret;
/* Special handling of mixed hash+cipher algorithms */
- qat_sym_session_handle_mixed(session);
+ qat_sym_session_handle_mixed(dev, session);
}
break;
case ICP_QAT_FW_LA_CMD_HASH_CIPHER:
@@ -551,7 +556,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
if (ret < 0)
return ret;
/* Special handling of mixed hash+cipher algorithms */
- qat_sym_session_handle_mixed(session);
+ qat_sym_session_handle_mixed(dev, session);
}
break;
case ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM: