From patchwork Fri Sep 27 15:47:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Dybkowski, AdamX" X-Patchwork-Id: 60034 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 1FA6F1BF25; Fri, 27 Sep 2019 17:49:54 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id A31112C27 for ; Fri, 27 Sep 2019 17:49:47 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Sep 2019 08:49:47 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,556,1559545200"; d="scan'208";a="273854529" Received: from adamdybx-mobl.ger.corp.intel.com (HELO localhost.localdomain) ([10.104.14.185]) by orsmga001.jf.intel.com with ESMTP; 27 Sep 2019 08:49:45 -0700 From: Adam Dybkowski To: dev@dpdk.org, fiona.trahe@intel.com, arkadiuszx.kusztal@intel.com, akhil.goyal@nxp.com Cc: Adam Dybkowski Date: Fri, 27 Sep 2019 17:47:37 +0200 Message-Id: <20190927154739.26404-2-adamx.dybkowski@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190927154739.26404-1-adamx.dybkowski@intel.com> References: <20190906144751.3420-1-adamx.dybkowski@intel.com> <20190927154739.26404-1-adamx.dybkowski@intel.com> Subject: [dpdk-dev] [PATCH v2 1/3] test/crypto: add more AES GCM tests for QAT PMD X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch adds 256-bit AES GCM tests for QAT PMD (which already existed for AESNI and OpenSSL) and also adds a number of negative unit tests for AES GCM for QAT PMD, in order to verify authenticated encryption and decryption with modified data. Signed-off-by: Adam Dybkowski --- app/test/test_cryptodev.c | 253 +++++++++++++++++++++++++++++++++++++- 1 file changed, 248 insertions(+), 5 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 9a226bd15..a0629c402 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -6939,7 +6939,8 @@ create_aead_operation(enum rte_crypto_aead_operation op, } static int -test_authenticated_encryption(const struct aead_test_data *tdata) +test_authenticated_encryption_silent(const struct aead_test_data *tdata, + uint8_t silent_mode) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; @@ -7005,6 +7006,12 @@ test_authenticated_encryption(const struct aead_test_data *tdata) debug_hexdump(stdout, "auth tag:", auth_tag, tdata->auth_tag.len); /* Validate obuf */ + if (silent_mode) + return !memcmp(ciphertext, tdata->ciphertext.data, + tdata->ciphertext.len) && + !memcmp(auth_tag, tdata->auth_tag.data, + tdata->auth_tag.len) ? 0 : TEST_FAILED; + TEST_ASSERT_BUFFERS_ARE_EQUAL( ciphertext, tdata->ciphertext.data, @@ -7021,6 +7028,12 @@ test_authenticated_encryption(const struct aead_test_data *tdata) } +static int +test_authenticated_encryption(const struct aead_test_data *tdata) +{ + return test_authenticated_encryption_silent(tdata, 0); +} + static int test_AES_GCM_authenticated_encryption_test_case_1(void) { @@ -7063,6 +7076,12 @@ test_AES_GCM_authenticated_encryption_test_case_7(void) return test_authenticated_encryption(&gcm_test_case_7); } +static int +test_AES_GCM_authenticated_encryption_test_case_8(void) +{ + return test_authenticated_encryption(&gcm_test_case_8); +} + static int test_AES_GCM_auth_encryption_test_case_192_1(void) { @@ -7160,7 +7179,89 @@ test_AES_GCM_auth_encryption_test_case_aad_2(void) } static int -test_authenticated_decryption(const struct aead_test_data *tdata) +test_AES_GCM_auth_encryption_fail_iv_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.iv.data[0] += 1; + res = test_authenticated_encryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_encryption_fail_in_data_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.plaintext.data[0] += 1; + res = test_authenticated_encryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_encryption_fail_out_data_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.ciphertext.data[0] += 1; + res = test_authenticated_encryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_encryption_fail_aad_len_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.aad.len += 1; + res = test_authenticated_encryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_encryption_fail_aad_corrupt(void) +{ + struct aead_test_data tdata; + uint8_t aad[gcm_test_case_7.aad.len]; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + memcpy(aad, gcm_test_case_7.aad.data, gcm_test_case_7.aad.len); + aad[0] += 1; + tdata.aad.data = aad; + res = test_authenticated_encryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_encryption_fail_tag_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.auth_tag.data[0] += 1; + res = test_authenticated_encryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_authenticated_decryption_silent(const struct aead_test_data *tdata, + uint8_t silent_mode) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; @@ -7217,19 +7318,30 @@ test_authenticated_decryption(const struct aead_test_data *tdata) debug_hexdump(stdout, "plaintext:", plaintext, tdata->ciphertext.len); + TEST_ASSERT_EQUAL(ut_params->op->status, + RTE_CRYPTO_OP_STATUS_SUCCESS, + "Authentication failed"); + /* Validate obuf */ + if (silent_mode) + return !memcmp(plaintext, tdata->plaintext.data, + tdata->plaintext.len) ? 0 : TEST_FAILED; + TEST_ASSERT_BUFFERS_ARE_EQUAL( plaintext, tdata->plaintext.data, tdata->plaintext.len, "Plaintext data not as expected"); - TEST_ASSERT_EQUAL(ut_params->op->status, - RTE_CRYPTO_OP_STATUS_SUCCESS, - "Authentication failed"); return 0; } +static int +test_authenticated_decryption(const struct aead_test_data *tdata) +{ + return test_authenticated_decryption_silent(tdata, 0); +} + static int test_AES_GCM_authenticated_decryption_test_case_1(void) { @@ -7272,6 +7384,12 @@ test_AES_GCM_authenticated_decryption_test_case_7(void) return test_authenticated_decryption(&gcm_test_case_7); } +static int +test_AES_GCM_authenticated_decryption_test_case_8(void) +{ + return test_authenticated_decryption(&gcm_test_case_8); +} + static int test_AES_GCM_auth_decryption_test_case_192_1(void) { @@ -7368,6 +7486,87 @@ test_AES_GCM_auth_decryption_test_case_aad_2(void) return test_authenticated_decryption(&gcm_test_case_aad_2); } +static int +test_AES_GCM_auth_decryption_fail_iv_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.iv.data[0] += 1; + res = test_authenticated_decryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_decryption_fail_in_data_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.plaintext.data[0] += 1; + res = test_authenticated_decryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_decryption_fail_out_data_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.ciphertext.data[0] += 1; + res = test_authenticated_decryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_decryption_fail_aad_len_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.aad.len += 1; + res = test_authenticated_decryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_decryption_fail_aad_corrupt(void) +{ + struct aead_test_data tdata; + uint8_t aad[gcm_test_case_7.aad.len]; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + memcpy(aad, gcm_test_case_7.aad.data, gcm_test_case_7.aad.len); + aad[0] += 1; + tdata.aad.data = aad; + res = test_authenticated_decryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_decryption_fail_tag_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.auth_tag.data[0] += 1; + res = test_authenticated_decryption_silent(&tdata, 1); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "authentication not failed"); + return TEST_SUCCESS; +} + static int test_authenticated_encryption_oop(const struct aead_test_data *tdata) { @@ -10315,6 +10514,8 @@ static struct unit_test_suite cryptodev_qat_testsuite = { test_AES_GCM_authenticated_encryption_test_case_6), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_authenticated_encryption_test_case_7), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_authenticated_encryption_test_case_8), /** AES GCM Authenticated Decryption */ TEST_CASE_ST(ut_setup, ut_teardown, @@ -10331,6 +10532,8 @@ static struct unit_test_suite cryptodev_qat_testsuite = { test_AES_GCM_authenticated_decryption_test_case_6), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_authenticated_decryption_test_case_7), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_authenticated_decryption_test_case_8), /** AES GCM Authenticated Encryption 192 bits key */ TEST_CASE_ST(ut_setup, ut_teardown, @@ -10380,6 +10583,22 @@ static struct unit_test_suite cryptodev_qat_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_auth_encryption_test_case_256_7), + /** AES GCM Authenticated Decryption 256 bits key */ + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_4), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_5), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_6), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_7), + /** AES GMAC Authentication */ TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GMAC_authentication_test_case_1), @@ -10602,6 +10821,30 @@ static struct unit_test_suite cryptodev_qat_testsuite = { authentication_verify_HMAC_SHA1_fail_data_corrupt), TEST_CASE_ST(ut_setup, ut_teardown, authentication_verify_HMAC_SHA1_fail_tag_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_iv_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_in_data_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_out_data_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_aad_len_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_aad_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_tag_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_iv_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_in_data_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_out_data_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_aad_len_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_aad_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_tag_corrupt), TEST_CASE_ST(ut_setup, ut_teardown, authentication_verify_AES128_GMAC_fail_data_corrupt), TEST_CASE_ST(ut_setup, ut_teardown, From patchwork Fri Sep 27 15:47:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Dybkowski, AdamX" X-Patchwork-Id: 60035 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 611961BF35; Fri, 27 Sep 2019 17:49:56 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id 007CE2C27 for ; Fri, 27 Sep 2019 17:49:49 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Sep 2019 08:49:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,556,1559545200"; d="scan'208";a="273854540" Received: from adamdybx-mobl.ger.corp.intel.com (HELO localhost.localdomain) ([10.104.14.185]) by orsmga001.jf.intel.com with ESMTP; 27 Sep 2019 08:49:47 -0700 From: Adam Dybkowski To: dev@dpdk.org, fiona.trahe@intel.com, arkadiuszx.kusztal@intel.com, akhil.goyal@nxp.com Cc: Adam Dybkowski Date: Fri, 27 Sep 2019 17:47:38 +0200 Message-Id: <20190927154739.26404-3-adamx.dybkowski@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190927154739.26404-1-adamx.dybkowski@intel.com> References: <20190906144751.3420-1-adamx.dybkowski@intel.com> <20190927154739.26404-1-adamx.dybkowski@intel.com> Subject: [dpdk-dev] [PATCH v2 2/3] common/qat: add new QAT GEN3 definitions X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch adds few definitions specific to GEN3 QAT. Signed-off-by: Adam Dybkowski Acked-by: Fiona Trahe --- drivers/common/qat/qat_adf/icp_qat_fw_la.h | 19 +++++++++++++++---- drivers/common/qat/qat_adf/icp_qat_hw.h | 19 +++++++++++++++++++ 2 files changed, 34 insertions(+), 4 deletions(-) diff --git a/drivers/common/qat/qat_adf/icp_qat_fw_la.h b/drivers/common/qat/qat_adf/icp_qat_fw_la.h index c33bc3fe7..38891eb1f 100644 --- a/drivers/common/qat/qat_adf/icp_qat_fw_la.h +++ b/drivers/common/qat/qat_adf/icp_qat_fw_la.h @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0) - * Copyright(c) 2015-2018 Intel Corporation + * Copyright(c) 2015-2019 Intel Corporation */ #ifndef _ICP_QAT_FW_LA_H_ #define _ICP_QAT_FW_LA_H_ @@ -34,6 +34,9 @@ struct icp_qat_fw_la_bulk_req { struct icp_qat_fw_comn_req_cd_ctrl cd_ctrl; }; +#define QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_BITPOS 13 +#define ICP_QAT_FW_LA_SINGLE_PASS_PROTO 1 +#define QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_MASK 0x1 #define ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS 1 #define ICP_QAT_FW_LA_GCM_IV_LEN_NOT_12_OCTETS 0 #define QAT_FW_LA_ZUC_3G_PROTO_FLAG_BITPOS 12 @@ -152,6 +155,10 @@ struct icp_qat_fw_la_bulk_req { QAT_FIELD_SET(flags, val, QAT_FW_LA_ZUC_3G_PROTO_FLAG_BITPOS, \ QAT_FW_LA_ZUC_3G_PROTO_FLAG_MASK) +#define ICP_QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_SET(flags, val) \ + QAT_FIELD_SET(flags, val, QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_BITPOS, \ + QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_MASK) + #define ICP_QAT_FW_LA_GCM_IV_LEN_FLAG_SET(flags, val) \ QAT_FIELD_SET(flags, val, QAT_LA_GCM_IV_LEN_FLAG_BITPOS, \ QAT_LA_GCM_IV_LEN_FLAG_MASK) @@ -267,8 +274,7 @@ struct icp_qat_fw_cipher_auth_cd_ctrl_hdr { #define ICP_QAT_FW_AUTH_HDR_FLAG_DO_NESTED 1 #define ICP_QAT_FW_AUTH_HDR_FLAG_NO_NESTED 0 #define ICP_QAT_FW_CCM_GCM_AAD_SZ_MAX 240 -#define ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET \ - (sizeof(struct icp_qat_fw_la_cipher_req_params_t)) +#define ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET 24 #define ICP_QAT_FW_CIPHER_REQUEST_PARAMETERS_OFFSET (0) struct icp_qat_fw_la_cipher_req_params { @@ -281,7 +287,12 @@ struct icp_qat_fw_la_cipher_req_params { uint64_t resrvd1; } s; } u; -}; + uint64_t spc_aad_addr; + uint64_t spc_auth_res_addr; + uint16_t spc_aad_sz; + uint8_t reserved; + uint8_t spc_auth_res_sz; +} __rte_packed; struct icp_qat_fw_la_auth_req_params { uint32_t auth_off; diff --git a/drivers/common/qat/qat_adf/icp_qat_hw.h b/drivers/common/qat/qat_adf/icp_qat_hw.h index e7961dba2..cef64861f 100644 --- a/drivers/common/qat/qat_adf/icp_qat_hw.h +++ b/drivers/common/qat/qat_adf/icp_qat_hw.h @@ -212,6 +212,7 @@ enum icp_qat_hw_cipher_mode { ICP_QAT_HW_CIPHER_CBC_MODE = 1, ICP_QAT_HW_CIPHER_CTR_MODE = 2, ICP_QAT_HW_CIPHER_F8_MODE = 3, + ICP_QAT_HW_CIPHER_AEAD_MODE = 4, ICP_QAT_HW_CIPHER_XTS_MODE = 6, ICP_QAT_HW_CIPHER_MODE_DELIMITER = 7 }; @@ -244,6 +245,8 @@ enum icp_qat_hw_cipher_convert { #define QAT_CIPHER_CONVERT_MASK 0x1 #define QAT_CIPHER_DIR_BITPOS 8 #define QAT_CIPHER_DIR_MASK 0x1 +#define QAT_CIPHER_AEAD_HASH_CMP_LEN_BITPOS 10 +#define QAT_CIPHER_AEAD_HASH_CMP_LEN_MASK 0x1F #define QAT_CIPHER_MODE_F8_KEY_SZ_MULT 2 #define QAT_CIPHER_MODE_XTS_KEY_SZ_MULT 2 #define ICP_QAT_HW_CIPHER_CONFIG_BUILD(mode, algo, convert, dir) \ @@ -251,6 +254,22 @@ enum icp_qat_hw_cipher_convert { ((algo & QAT_CIPHER_ALGO_MASK) << QAT_CIPHER_ALGO_BITPOS) | \ ((convert & QAT_CIPHER_CONVERT_MASK) << QAT_CIPHER_CONVERT_BITPOS) | \ ((dir & QAT_CIPHER_DIR_MASK) << QAT_CIPHER_DIR_BITPOS)) + +#define QAT_CIPHER_AEAD_AAD_LOWER_SHIFT 24 +#define QAT_CIPHER_AEAD_AAD_UPPER_SHIFT 8 +#define QAT_CIPHER_AEAD_AAD_SIZE_LOWER_MASK 0xFF +#define QAT_CIPHER_AEAD_AAD_SIZE_UPPER_MASK 0x3F +#define QAT_CIPHER_AEAD_AAD_SIZE_BITPOS 16 +#define ICP_QAT_HW_CIPHER_CONFIG_BUILD_UPPER(aad_size) \ + ({ \ + typeof(aad_size) aad_size1 = aad_size; \ + (((((aad_size1) >> QAT_CIPHER_AEAD_AAD_UPPER_SHIFT) & \ + QAT_CIPHER_AEAD_AAD_SIZE_UPPER_MASK) << \ + QAT_CIPHER_AEAD_AAD_SIZE_BITPOS) | \ + (((aad_size1) & QAT_CIPHER_AEAD_AAD_SIZE_LOWER_MASK) << \ + QAT_CIPHER_AEAD_AAD_LOWER_SHIFT)); \ + }) + #define ICP_QAT_HW_DES_BLK_SZ 8 #define ICP_QAT_HW_3DES_BLK_SZ 8 #define ICP_QAT_HW_NULL_BLK_SZ 8 From patchwork Fri Sep 27 15:47:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Dybkowski, AdamX" X-Patchwork-Id: 60036 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id C8F2A1BF3E; Fri, 27 Sep 2019 17:49:58 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id 3AB291BF14 for ; Fri, 27 Sep 2019 17:49:52 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Sep 2019 08:49:51 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,556,1559545200"; d="scan'208";a="273854554" Received: from adamdybx-mobl.ger.corp.intel.com (HELO localhost.localdomain) ([10.104.14.185]) by orsmga001.jf.intel.com with ESMTP; 27 Sep 2019 08:49:49 -0700 From: Adam Dybkowski To: dev@dpdk.org, fiona.trahe@intel.com, arkadiuszx.kusztal@intel.com, akhil.goyal@nxp.com Cc: Adam Dybkowski Date: Fri, 27 Sep 2019 17:47:39 +0200 Message-Id: <20190927154739.26404-4-adamx.dybkowski@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190927154739.26404-1-adamx.dybkowski@intel.com> References: <20190906144751.3420-1-adamx.dybkowski@intel.com> <20190927154739.26404-1-adamx.dybkowski@intel.com> Subject: [dpdk-dev] [PATCH v2 3/3] crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch improves the performance of AES GCM by using the Single Pass Crypto Request functionality when running on GEN3 QAT. Falls back to classic chained mode on older hardware. Signed-off-by: Adam Dybkowski --- doc/guides/rel_notes/release_19_11.rst | 7 +++ drivers/crypto/qat/qat_sym.c | 13 +++- drivers/crypto/qat/qat_sym_session.c | 86 ++++++++++++++++++++++++-- drivers/crypto/qat/qat_sym_session.h | 9 ++- 4 files changed, 107 insertions(+), 8 deletions(-) diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst index 573683da4..4817b7f23 100644 --- a/doc/guides/rel_notes/release_19_11.rst +++ b/doc/guides/rel_notes/release_19_11.rst @@ -61,6 +61,13 @@ New Features Added stateful decompression support in the Intel QuickAssist Technology PMD. Please note that stateful compression is not supported. +* **Enabled Single Pass GCM acceleration on QAT GEN3.** + + Added support for Single Pass GCM, available on QAT GEN3 only (Intel + QuickAssist Technology C4xxx). It is automatically chosen instead of the + classic chained mode when running on QAT GEN3, significantly improving + the performance of AES GCM operations. + Removed Items ------------- diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c index 46ef27a6d..5ff4aa1e5 100644 --- a/drivers/crypto/qat/qat_sym.c +++ b/drivers/crypto/qat/qat_sym.c @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: BSD-3-Clause - * Copyright(c) 2015-2018 Intel Corporation + * Copyright(c) 2015-2019 Intel Corporation */ #include @@ -12,6 +12,7 @@ #include "qat_sym.h" + /** Decrypt a single partial block * Depends on openssl libcrypto * Uses ECB+XOR to do CFB encryption, same result, more performant @@ -195,7 +196,8 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, rte_mov128((uint8_t *)qat_req, (const uint8_t *)&(ctx->fw_req)); qat_req->comn_mid.opaque_data = (uint64_t)(uintptr_t)op; cipher_param = (void *)&qat_req->serv_specif_rqpars; - auth_param = (void *)((uint8_t *)cipher_param + sizeof(*cipher_param)); + auth_param = (void *)((uint8_t *)cipher_param + + ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET); if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_HASH_CIPHER || ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) { @@ -593,6 +595,13 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, qat_req->comn_mid.dest_data_addr = dst_buf_start; } + /* Handle Single-Pass GCM */ + if (ctx->is_single_pass) { + cipher_param->spc_aad_addr = op->sym->aead.aad.phys_addr; + cipher_param->spc_auth_res_addr = + op->sym->aead.digest.phys_addr; + } + #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG QAT_DP_HEXDUMP_LOG(DEBUG, "qat_req:", qat_req, sizeof(struct icp_qat_fw_la_bulk_req)); diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index e5167b3fa..7d0f4a69d 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -450,7 +450,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, break; case ICP_QAT_FW_LA_CMD_CIPHER_HASH: if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { - ret = qat_sym_session_configure_aead(xform, + ret = qat_sym_session_configure_aead(dev, xform, session); if (ret < 0) return ret; @@ -467,7 +467,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, break; case ICP_QAT_FW_LA_CMD_HASH_CIPHER: if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { - ret = qat_sym_session_configure_aead(xform, + ret = qat_sym_session_configure_aead(dev, xform, session); if (ret < 0) return ret; @@ -503,6 +503,72 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, return 0; } +static int +qat_sym_session_handle_single_pass(struct qat_sym_dev_private *internals, + struct qat_sym_session *session, + struct rte_crypto_aead_xform *aead_xform) +{ + enum qat_device_gen qat_dev_gen = internals->qat_dev->qat_dev_gen; + + if (qat_dev_gen == QAT_GEN3 && + aead_xform->iv.length == QAT_AES_GCM_SPC_IV_SIZE) { + /* Use faster Single-Pass GCM */ + struct icp_qat_fw_la_cipher_req_params *cipher_param = + (void *) &session->fw_req.serv_specif_rqpars; + + session->is_single_pass = 1; + session->qat_cmd = ICP_QAT_FW_LA_CMD_CIPHER; + session->qat_mode = ICP_QAT_HW_CIPHER_AEAD_MODE; + session->cipher_iv.offset = aead_xform->iv.offset; + session->cipher_iv.length = aead_xform->iv.length; + if (qat_sym_session_aead_create_cd_cipher(session, + aead_xform->key.data, aead_xform->key.length)) + return -EINVAL; + session->aad_len = aead_xform->aad_length; + session->digest_length = aead_xform->digest_length; + if (aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) { + session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT; + session->auth_op = ICP_QAT_HW_AUTH_GENERATE; + ICP_QAT_FW_LA_RET_AUTH_SET( + session->fw_req.comn_hdr.serv_specif_flags, + ICP_QAT_FW_LA_RET_AUTH_RES); + } else { + session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT; + session->auth_op = ICP_QAT_HW_AUTH_VERIFY; + ICP_QAT_FW_LA_CMP_AUTH_SET( + session->fw_req.comn_hdr.serv_specif_flags, + ICP_QAT_FW_LA_CMP_AUTH_RES); + } + ICP_QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_SET( + session->fw_req.comn_hdr.serv_specif_flags, + ICP_QAT_FW_LA_SINGLE_PASS_PROTO); + ICP_QAT_FW_LA_PROTO_SET( + session->fw_req.comn_hdr.serv_specif_flags, + ICP_QAT_FW_LA_NO_PROTO); + ICP_QAT_FW_LA_GCM_IV_LEN_FLAG_SET( + session->fw_req.comn_hdr.serv_specif_flags, + ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS); + session->fw_req.comn_hdr.service_cmd_id = + ICP_QAT_FW_LA_CMD_CIPHER; + session->cd.cipher.cipher_config.val = + ICP_QAT_HW_CIPHER_CONFIG_BUILD( + ICP_QAT_HW_CIPHER_AEAD_MODE, + session->qat_cipher_alg, + ICP_QAT_HW_CIPHER_NO_CONVERT, + session->qat_dir); + QAT_FIELD_SET(session->cd.cipher.cipher_config.val, + aead_xform->digest_length, + QAT_CIPHER_AEAD_HASH_CMP_LEN_BITPOS, + QAT_CIPHER_AEAD_HASH_CMP_LEN_MASK); + session->cd.cipher.cipher_config.reserved = + ICP_QAT_HW_CIPHER_CONFIG_BUILD_UPPER( + aead_xform->aad_length); + cipher_param->spc_aad_sz = aead_xform->aad_length; + cipher_param->spc_auth_res_sz = aead_xform->digest_length; + } + return 0; +} + int qat_sym_session_configure_auth(struct rte_cryptodev *dev, struct rte_crypto_sym_xform *xform, @@ -646,7 +712,8 @@ qat_sym_session_configure_auth(struct rte_cryptodev *dev, } int -qat_sym_session_configure_aead(struct rte_crypto_sym_xform *xform, +qat_sym_session_configure_aead(struct rte_cryptodev *dev, + struct rte_crypto_sym_xform *xform, struct qat_sym_session *session) { struct rte_crypto_aead_xform *aead_xform = &xform->aead; @@ -684,6 +751,17 @@ qat_sym_session_configure_aead(struct rte_crypto_sym_xform *xform, return -EINVAL; } + session->is_single_pass = 0; + if (aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) { + /* Use faster Single-Pass GCM if possible */ + int res = qat_sym_session_handle_single_pass( + dev->data->dev_private, session, aead_xform); + if (res < 0) + return res; + if (session->is_single_pass) + return 0; + } + if ((aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT && aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) || (aead_xform->op == RTE_CRYPTO_AEAD_OP_DECRYPT && @@ -1444,7 +1522,7 @@ int qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc, struct icp_qat_fw_la_auth_req_params *auth_param = (struct icp_qat_fw_la_auth_req_params *) ((char *)&req_tmpl->serv_specif_rqpars + - sizeof(struct icp_qat_fw_la_cipher_req_params)); + ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET); uint16_t state1_size = 0, state2_size = 0; uint16_t hash_offset, cd_size; uint32_t *aad_len = NULL; diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h index ce1ca5af8..98985d686 100644 --- a/drivers/crypto/qat/qat_sym_session.h +++ b/drivers/crypto/qat/qat_sym_session.h @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: BSD-3-Clause - * Copyright(c) 2015-2018 Intel Corporation + * Copyright(c) 2015-2019 Intel Corporation */ #ifndef _QAT_SYM_SESSION_H_ #define _QAT_SYM_SESSION_H_ @@ -25,6 +25,9 @@ #define QAT_3DES_KEY_SZ_OPT2 16 /* K3=K1 */ #define QAT_3DES_KEY_SZ_OPT3 8 /* K1=K2=K3 */ +/* 96-bit case of IV for CCP/GCM single pass algorithm */ +#define QAT_AES_GCM_SPC_IV_SIZE 12 + #define QAT_AES_HW_CONFIG_CBC_ENC(alg) \ ICP_QAT_HW_CIPHER_CONFIG_BUILD(ICP_QAT_HW_CIPHER_CBC_MODE, alg, \ @@ -78,6 +81,7 @@ struct qat_sym_session { rte_spinlock_t lock; /* protects this struct */ enum qat_device_gen min_qat_dev_gen; uint8_t aes_cmac; + uint8_t is_single_pass; }; int @@ -91,7 +95,8 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, struct rte_crypto_sym_xform *xform, void *session_private); int -qat_sym_session_configure_aead(struct rte_crypto_sym_xform *xform, +qat_sym_session_configure_aead(struct rte_cryptodev *dev, + struct rte_crypto_sym_xform *xform, struct qat_sym_session *session); int