From patchwork Tue Oct 8 12:44:31 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Dybkowski, AdamX" X-Patchwork-Id: 60697 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 1BE3B1C1F8; Tue, 8 Oct 2019 14:52:40 +0200 (CEST) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id B66D91BEB3 for ; Tue, 8 Oct 2019 14:52:36 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Oct 2019 05:52:36 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,270,1566889200"; d="scan'208";a="206629513" Received: from adamdybx-mobl.ger.corp.intel.com (HELO addy-VirtualBox.isw.intel.com) ([10.103.104.111]) by fmsmga001.fm.intel.com with ESMTP; 08 Oct 2019 05:52:34 -0700 From: Adam Dybkowski To: dev@dpdk.org, fiona.trahe@intel.com, arkadiuszx.kusztal@intel.com, akhil.goyal@nxp.com Cc: Adam Dybkowski Date: Tue, 8 Oct 2019 14:44:31 +0200 Message-Id: <20191008124433.22304-2-adamx.dybkowski@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191008124433.22304-1-adamx.dybkowski@intel.com> References: <20190927154739.26404-1-adamx.dybkowski@intel.com> <20191008124433.22304-1-adamx.dybkowski@intel.com> Subject: [dpdk-dev] [PATCH v3 1/3] test/crypto: add more AES GCM tests for QAT PMD X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch adds 256-bit AES GCM tests for QAT PMD (which already existed for AESNI and OpenSSL) and also adds a number of negative unit tests for AES GCM for QAT PMD, in order to verify authenticated encryption and decryption with modified data. Signed-off-by: Adam Dybkowski --- app/test/test_cryptodev.c | 226 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 226 insertions(+) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 63cfa1af1..ffed298fd 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -7675,6 +7675,12 @@ test_AES_GCM_authenticated_encryption_test_case_7(void) return test_authenticated_encryption(&gcm_test_case_7); } +static int +test_AES_GCM_authenticated_encryption_test_case_8(void) +{ + return test_authenticated_encryption(&gcm_test_case_8); +} + static int test_AES_GCM_auth_encryption_test_case_192_1(void) { @@ -7771,6 +7777,93 @@ test_AES_GCM_auth_encryption_test_case_aad_2(void) return test_authenticated_encryption(&gcm_test_case_aad_2); } +static int +test_AES_GCM_auth_encryption_fail_iv_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n"); + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.iv.data[0] += 1; + res = test_authenticated_encryption(&tdata); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_encryption_fail_in_data_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n"); + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.plaintext.data[0] += 1; + res = test_authenticated_encryption(&tdata); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_encryption_fail_out_data_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n"); + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.ciphertext.data[0] += 1; + res = test_authenticated_encryption(&tdata); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_encryption_fail_aad_len_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n"); + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.aad.len += 1; + res = test_authenticated_encryption(&tdata); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_encryption_fail_aad_corrupt(void) +{ + struct aead_test_data tdata; + uint8_t aad[gcm_test_case_7.aad.len]; + int res; + + RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n"); + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + memcpy(aad, gcm_test_case_7.aad.data, gcm_test_case_7.aad.len); + aad[0] += 1; + tdata.aad.data = aad; + res = test_authenticated_encryption(&tdata); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_encryption_fail_tag_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n"); + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.auth_tag.data[0] += 1; + res = test_authenticated_encryption(&tdata); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed"); + return TEST_SUCCESS; +} + static int test_authenticated_decryption(const struct aead_test_data *tdata) { @@ -7839,6 +7932,7 @@ test_authenticated_decryption(const struct aead_test_data *tdata) TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS, "Authentication failed"); + return 0; } @@ -7884,6 +7978,12 @@ test_AES_GCM_authenticated_decryption_test_case_7(void) return test_authenticated_decryption(&gcm_test_case_7); } +static int +test_AES_GCM_authenticated_decryption_test_case_8(void) +{ + return test_authenticated_decryption(&gcm_test_case_8); +} + static int test_AES_GCM_auth_decryption_test_case_192_1(void) { @@ -7980,6 +8080,88 @@ test_AES_GCM_auth_decryption_test_case_aad_2(void) return test_authenticated_decryption(&gcm_test_case_aad_2); } +static int +test_AES_GCM_auth_decryption_fail_iv_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.iv.data[0] += 1; + res = test_authenticated_decryption(&tdata); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_decryption_fail_in_data_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n"); + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.plaintext.data[0] += 1; + res = test_authenticated_decryption(&tdata); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_decryption_fail_out_data_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.ciphertext.data[0] += 1; + res = test_authenticated_decryption(&tdata); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_decryption_fail_aad_len_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.aad.len += 1; + res = test_authenticated_decryption(&tdata); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_decryption_fail_aad_corrupt(void) +{ + struct aead_test_data tdata; + uint8_t aad[gcm_test_case_7.aad.len]; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + memcpy(aad, gcm_test_case_7.aad.data, gcm_test_case_7.aad.len); + aad[0] += 1; + tdata.aad.data = aad; + res = test_authenticated_decryption(&tdata); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed"); + return TEST_SUCCESS; +} + +static int +test_AES_GCM_auth_decryption_fail_tag_corrupt(void) +{ + struct aead_test_data tdata; + int res; + + memcpy(&tdata, &gcm_test_case_7, sizeof(struct aead_test_data)); + tdata.auth_tag.data[0] += 1; + res = test_authenticated_decryption(&tdata); + TEST_ASSERT_EQUAL(res, TEST_FAILED, "authentication not failed"); + return TEST_SUCCESS; +} + static int test_authenticated_encryption_oop(const struct aead_test_data *tdata) { @@ -10927,6 +11109,8 @@ static struct unit_test_suite cryptodev_qat_testsuite = { test_AES_GCM_authenticated_encryption_test_case_6), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_authenticated_encryption_test_case_7), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_authenticated_encryption_test_case_8), /** AES GCM Authenticated Decryption */ TEST_CASE_ST(ut_setup, ut_teardown, @@ -10943,6 +11127,8 @@ static struct unit_test_suite cryptodev_qat_testsuite = { test_AES_GCM_authenticated_decryption_test_case_6), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_authenticated_decryption_test_case_7), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_authenticated_decryption_test_case_8), /** AES GCM Authenticated Encryption 192 bits key */ TEST_CASE_ST(ut_setup, ut_teardown, @@ -10992,6 +11178,22 @@ static struct unit_test_suite cryptodev_qat_testsuite = { TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GCM_auth_encryption_test_case_256_7), + /** AES GCM Authenticated Decryption 256 bits key */ + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_1), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_2), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_4), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_5), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_6), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_test_case_256_7), + /** AES GMAC Authentication */ TEST_CASE_ST(ut_setup, ut_teardown, test_AES_GMAC_authentication_test_case_1), @@ -11214,6 +11416,30 @@ static struct unit_test_suite cryptodev_qat_testsuite = { authentication_verify_HMAC_SHA1_fail_data_corrupt), TEST_CASE_ST(ut_setup, ut_teardown, authentication_verify_HMAC_SHA1_fail_tag_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_iv_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_in_data_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_out_data_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_aad_len_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_aad_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_encryption_fail_tag_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_iv_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_in_data_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_out_data_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_aad_len_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_aad_corrupt), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_GCM_auth_decryption_fail_tag_corrupt), TEST_CASE_ST(ut_setup, ut_teardown, authentication_verify_AES128_GMAC_fail_data_corrupt), TEST_CASE_ST(ut_setup, ut_teardown, From patchwork Tue Oct 8 12:44:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Dybkowski, AdamX" X-Patchwork-Id: 60698 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 4C60C1D17C; Tue, 8 Oct 2019 14:52:43 +0200 (CEST) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id 9B4A41C128 for ; Tue, 8 Oct 2019 14:52:38 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Oct 2019 05:52:38 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,270,1566889200"; d="scan'208";a="206629518" Received: from adamdybx-mobl.ger.corp.intel.com (HELO addy-VirtualBox.isw.intel.com) ([10.103.104.111]) by fmsmga001.fm.intel.com with ESMTP; 08 Oct 2019 05:52:36 -0700 From: Adam Dybkowski To: dev@dpdk.org, fiona.trahe@intel.com, arkadiuszx.kusztal@intel.com, akhil.goyal@nxp.com Cc: Adam Dybkowski Date: Tue, 8 Oct 2019 14:44:32 +0200 Message-Id: <20191008124433.22304-3-adamx.dybkowski@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191008124433.22304-1-adamx.dybkowski@intel.com> References: <20190927154739.26404-1-adamx.dybkowski@intel.com> <20191008124433.22304-1-adamx.dybkowski@intel.com> Subject: [dpdk-dev] [PATCH v3 2/3] common/qat: add new QAT GEN3 definitions X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch adds few definitions specific to GEN3 QAT. Signed-off-by: Adam Dybkowski --- drivers/common/qat/qat_adf/icp_qat_fw_la.h | 19 +++++++++++++++---- drivers/common/qat/qat_adf/icp_qat_hw.h | 19 +++++++++++++++++++ 2 files changed, 34 insertions(+), 4 deletions(-) diff --git a/drivers/common/qat/qat_adf/icp_qat_fw_la.h b/drivers/common/qat/qat_adf/icp_qat_fw_la.h index c33bc3fe7..38891eb1f 100644 --- a/drivers/common/qat/qat_adf/icp_qat_fw_la.h +++ b/drivers/common/qat/qat_adf/icp_qat_fw_la.h @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0) - * Copyright(c) 2015-2018 Intel Corporation + * Copyright(c) 2015-2019 Intel Corporation */ #ifndef _ICP_QAT_FW_LA_H_ #define _ICP_QAT_FW_LA_H_ @@ -34,6 +34,9 @@ struct icp_qat_fw_la_bulk_req { struct icp_qat_fw_comn_req_cd_ctrl cd_ctrl; }; +#define QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_BITPOS 13 +#define ICP_QAT_FW_LA_SINGLE_PASS_PROTO 1 +#define QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_MASK 0x1 #define ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS 1 #define ICP_QAT_FW_LA_GCM_IV_LEN_NOT_12_OCTETS 0 #define QAT_FW_LA_ZUC_3G_PROTO_FLAG_BITPOS 12 @@ -152,6 +155,10 @@ struct icp_qat_fw_la_bulk_req { QAT_FIELD_SET(flags, val, QAT_FW_LA_ZUC_3G_PROTO_FLAG_BITPOS, \ QAT_FW_LA_ZUC_3G_PROTO_FLAG_MASK) +#define ICP_QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_SET(flags, val) \ + QAT_FIELD_SET(flags, val, QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_BITPOS, \ + QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_MASK) + #define ICP_QAT_FW_LA_GCM_IV_LEN_FLAG_SET(flags, val) \ QAT_FIELD_SET(flags, val, QAT_LA_GCM_IV_LEN_FLAG_BITPOS, \ QAT_LA_GCM_IV_LEN_FLAG_MASK) @@ -267,8 +274,7 @@ struct icp_qat_fw_cipher_auth_cd_ctrl_hdr { #define ICP_QAT_FW_AUTH_HDR_FLAG_DO_NESTED 1 #define ICP_QAT_FW_AUTH_HDR_FLAG_NO_NESTED 0 #define ICP_QAT_FW_CCM_GCM_AAD_SZ_MAX 240 -#define ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET \ - (sizeof(struct icp_qat_fw_la_cipher_req_params_t)) +#define ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET 24 #define ICP_QAT_FW_CIPHER_REQUEST_PARAMETERS_OFFSET (0) struct icp_qat_fw_la_cipher_req_params { @@ -281,7 +287,12 @@ struct icp_qat_fw_la_cipher_req_params { uint64_t resrvd1; } s; } u; -}; + uint64_t spc_aad_addr; + uint64_t spc_auth_res_addr; + uint16_t spc_aad_sz; + uint8_t reserved; + uint8_t spc_auth_res_sz; +} __rte_packed; struct icp_qat_fw_la_auth_req_params { uint32_t auth_off; diff --git a/drivers/common/qat/qat_adf/icp_qat_hw.h b/drivers/common/qat/qat_adf/icp_qat_hw.h index e7961dba2..cef64861f 100644 --- a/drivers/common/qat/qat_adf/icp_qat_hw.h +++ b/drivers/common/qat/qat_adf/icp_qat_hw.h @@ -212,6 +212,7 @@ enum icp_qat_hw_cipher_mode { ICP_QAT_HW_CIPHER_CBC_MODE = 1, ICP_QAT_HW_CIPHER_CTR_MODE = 2, ICP_QAT_HW_CIPHER_F8_MODE = 3, + ICP_QAT_HW_CIPHER_AEAD_MODE = 4, ICP_QAT_HW_CIPHER_XTS_MODE = 6, ICP_QAT_HW_CIPHER_MODE_DELIMITER = 7 }; @@ -244,6 +245,8 @@ enum icp_qat_hw_cipher_convert { #define QAT_CIPHER_CONVERT_MASK 0x1 #define QAT_CIPHER_DIR_BITPOS 8 #define QAT_CIPHER_DIR_MASK 0x1 +#define QAT_CIPHER_AEAD_HASH_CMP_LEN_BITPOS 10 +#define QAT_CIPHER_AEAD_HASH_CMP_LEN_MASK 0x1F #define QAT_CIPHER_MODE_F8_KEY_SZ_MULT 2 #define QAT_CIPHER_MODE_XTS_KEY_SZ_MULT 2 #define ICP_QAT_HW_CIPHER_CONFIG_BUILD(mode, algo, convert, dir) \ @@ -251,6 +254,22 @@ enum icp_qat_hw_cipher_convert { ((algo & QAT_CIPHER_ALGO_MASK) << QAT_CIPHER_ALGO_BITPOS) | \ ((convert & QAT_CIPHER_CONVERT_MASK) << QAT_CIPHER_CONVERT_BITPOS) | \ ((dir & QAT_CIPHER_DIR_MASK) << QAT_CIPHER_DIR_BITPOS)) + +#define QAT_CIPHER_AEAD_AAD_LOWER_SHIFT 24 +#define QAT_CIPHER_AEAD_AAD_UPPER_SHIFT 8 +#define QAT_CIPHER_AEAD_AAD_SIZE_LOWER_MASK 0xFF +#define QAT_CIPHER_AEAD_AAD_SIZE_UPPER_MASK 0x3F +#define QAT_CIPHER_AEAD_AAD_SIZE_BITPOS 16 +#define ICP_QAT_HW_CIPHER_CONFIG_BUILD_UPPER(aad_size) \ + ({ \ + typeof(aad_size) aad_size1 = aad_size; \ + (((((aad_size1) >> QAT_CIPHER_AEAD_AAD_UPPER_SHIFT) & \ + QAT_CIPHER_AEAD_AAD_SIZE_UPPER_MASK) << \ + QAT_CIPHER_AEAD_AAD_SIZE_BITPOS) | \ + (((aad_size1) & QAT_CIPHER_AEAD_AAD_SIZE_LOWER_MASK) << \ + QAT_CIPHER_AEAD_AAD_LOWER_SHIFT)); \ + }) + #define ICP_QAT_HW_DES_BLK_SZ 8 #define ICP_QAT_HW_3DES_BLK_SZ 8 #define ICP_QAT_HW_NULL_BLK_SZ 8 From patchwork Tue Oct 8 12:44:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Dybkowski, AdamX" X-Patchwork-Id: 60699 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 3DEB41D381; Tue, 8 Oct 2019 14:52:46 +0200 (CEST) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id 215231C1F9 for ; Tue, 8 Oct 2019 14:52:39 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Oct 2019 05:52:39 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,270,1566889200"; d="scan'208";a="206629531" Received: from adamdybx-mobl.ger.corp.intel.com (HELO addy-VirtualBox.isw.intel.com) ([10.103.104.111]) by fmsmga001.fm.intel.com with ESMTP; 08 Oct 2019 05:52:38 -0700 From: Adam Dybkowski To: dev@dpdk.org, fiona.trahe@intel.com, arkadiuszx.kusztal@intel.com, akhil.goyal@nxp.com Cc: Adam Dybkowski Date: Tue, 8 Oct 2019 14:44:33 +0200 Message-Id: <20191008124433.22304-4-adamx.dybkowski@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191008124433.22304-1-adamx.dybkowski@intel.com> References: <20190927154739.26404-1-adamx.dybkowski@intel.com> <20191008124433.22304-1-adamx.dybkowski@intel.com> Subject: [dpdk-dev] [PATCH v3 3/3] crypto/qat: handle Single Pass Crypto Requests on GEN3 QAT X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch improves the performance of AES GCM by using the Single Pass Crypto Request functionality when running on GEN3 QAT. Falls back to the classic 2-pass mode on older hardware. Signed-off-by: Adam Dybkowski --- doc/guides/cryptodevs/qat.rst | 11 ++++ doc/guides/rel_notes/release_19_11.rst | 6 ++ drivers/crypto/qat/qat_sym.c | 13 +++- drivers/crypto/qat/qat_sym_session.c | 87 ++++++++++++++++++++++++-- drivers/crypto/qat/qat_sym_session.h | 9 ++- 5 files changed, 118 insertions(+), 8 deletions(-) diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst index e905f6d00..ad685a7e5 100644 --- a/doc/guides/cryptodevs/qat.rst +++ b/doc/guides/cryptodevs/qat.rst @@ -82,6 +82,17 @@ Limitations * ZUC EEA3/EIA3 is not supported by dh895xcc devices * Maximum additional authenticated data (AAD) for GCM is 240 bytes long and must be passed to the device in a buffer rounded up to the nearest block-size multiple (x16) and padded with zeros. * Queue pairs are not thread-safe (that is, within a single queue pair, RX and TX from different lcores is not supported). +* A GCM limitation exists, but only in the case where there are multiple + generations of QAT devices on a single platform. + To optimise performance, the GCM crypto session should be initialised for the + device generation to which the ops will be enqueued. Specifically if a GCM + session is initialised on a GEN2 device, but then attached to an op enqueued + to a GEN3 device, it will work but cannot take advantage of hardware + optimisations in the GEN3 device. And if a GCM session is initialised on a + GEN3 device, then attached to an op sent to a GEN1/GEN2 device, it will not be + enqueued to the device and will be marked as failed. The simplest way to + mitigate this is to use the bdf whitelist to avoid mixing devices of different + generations in the same process if planning to use for GCM. Extra notes on KASUMI F9 ~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst index f971b3f77..be91b04ad 100644 --- a/doc/guides/rel_notes/release_19_11.rst +++ b/doc/guides/rel_notes/release_19_11.rst @@ -72,6 +72,12 @@ New Features Added a symmetric crypto PMD for Marvell NITROX V security processor. See the :doc:`../cryptodevs/nitrox` guide for more details on this new +* **Enabled Single Pass GCM acceleration on QAT GEN3.** + + Added support for Single Pass GCM, available on QAT GEN3 only (Intel + QuickAssist Technology C4xxx). It is automatically chosen instead of the + classic 2-pass mode when running on QAT GEN3, significantly improving + the performance of AES GCM operations. Removed Items ------------- diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c index 46ef27a6d..5ff4aa1e5 100644 --- a/drivers/crypto/qat/qat_sym.c +++ b/drivers/crypto/qat/qat_sym.c @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: BSD-3-Clause - * Copyright(c) 2015-2018 Intel Corporation + * Copyright(c) 2015-2019 Intel Corporation */ #include @@ -12,6 +12,7 @@ #include "qat_sym.h" + /** Decrypt a single partial block * Depends on openssl libcrypto * Uses ECB+XOR to do CFB encryption, same result, more performant @@ -195,7 +196,8 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, rte_mov128((uint8_t *)qat_req, (const uint8_t *)&(ctx->fw_req)); qat_req->comn_mid.opaque_data = (uint64_t)(uintptr_t)op; cipher_param = (void *)&qat_req->serv_specif_rqpars; - auth_param = (void *)((uint8_t *)cipher_param + sizeof(*cipher_param)); + auth_param = (void *)((uint8_t *)cipher_param + + ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET); if (ctx->qat_cmd == ICP_QAT_FW_LA_CMD_HASH_CIPHER || ctx->qat_cmd == ICP_QAT_FW_LA_CMD_CIPHER_HASH) { @@ -593,6 +595,13 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg, qat_req->comn_mid.dest_data_addr = dst_buf_start; } + /* Handle Single-Pass GCM */ + if (ctx->is_single_pass) { + cipher_param->spc_aad_addr = op->sym->aead.aad.phys_addr; + cipher_param->spc_auth_res_addr = + op->sym->aead.digest.phys_addr; + } + #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG QAT_DP_HEXDUMP_LOG(DEBUG, "qat_req:", qat_req, sizeof(struct icp_qat_fw_la_bulk_req)); diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index e5167b3fa..72290ba48 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -450,7 +450,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, break; case ICP_QAT_FW_LA_CMD_CIPHER_HASH: if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { - ret = qat_sym_session_configure_aead(xform, + ret = qat_sym_session_configure_aead(dev, xform, session); if (ret < 0) return ret; @@ -467,7 +467,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, break; case ICP_QAT_FW_LA_CMD_HASH_CIPHER: if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) { - ret = qat_sym_session_configure_aead(xform, + ret = qat_sym_session_configure_aead(dev, xform, session); if (ret < 0) return ret; @@ -503,6 +503,73 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, return 0; } +static int +qat_sym_session_handle_single_pass(struct qat_sym_dev_private *internals, + struct qat_sym_session *session, + struct rte_crypto_aead_xform *aead_xform) +{ + enum qat_device_gen qat_dev_gen = internals->qat_dev->qat_dev_gen; + + if (qat_dev_gen == QAT_GEN3 && + aead_xform->iv.length == QAT_AES_GCM_SPC_IV_SIZE) { + /* Use faster Single-Pass GCM */ + struct icp_qat_fw_la_cipher_req_params *cipher_param = + (void *) &session->fw_req.serv_specif_rqpars; + + session->is_single_pass = 1; + session->min_qat_dev_gen = QAT_GEN3; + session->qat_cmd = ICP_QAT_FW_LA_CMD_CIPHER; + session->qat_mode = ICP_QAT_HW_CIPHER_AEAD_MODE; + session->cipher_iv.offset = aead_xform->iv.offset; + session->cipher_iv.length = aead_xform->iv.length; + if (qat_sym_session_aead_create_cd_cipher(session, + aead_xform->key.data, aead_xform->key.length)) + return -EINVAL; + session->aad_len = aead_xform->aad_length; + session->digest_length = aead_xform->digest_length; + if (aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT) { + session->qat_dir = ICP_QAT_HW_CIPHER_ENCRYPT; + session->auth_op = ICP_QAT_HW_AUTH_GENERATE; + ICP_QAT_FW_LA_RET_AUTH_SET( + session->fw_req.comn_hdr.serv_specif_flags, + ICP_QAT_FW_LA_RET_AUTH_RES); + } else { + session->qat_dir = ICP_QAT_HW_CIPHER_DECRYPT; + session->auth_op = ICP_QAT_HW_AUTH_VERIFY; + ICP_QAT_FW_LA_CMP_AUTH_SET( + session->fw_req.comn_hdr.serv_specif_flags, + ICP_QAT_FW_LA_CMP_AUTH_RES); + } + ICP_QAT_FW_LA_SINGLE_PASS_PROTO_FLAG_SET( + session->fw_req.comn_hdr.serv_specif_flags, + ICP_QAT_FW_LA_SINGLE_PASS_PROTO); + ICP_QAT_FW_LA_PROTO_SET( + session->fw_req.comn_hdr.serv_specif_flags, + ICP_QAT_FW_LA_NO_PROTO); + ICP_QAT_FW_LA_GCM_IV_LEN_FLAG_SET( + session->fw_req.comn_hdr.serv_specif_flags, + ICP_QAT_FW_LA_GCM_IV_LEN_12_OCTETS); + session->fw_req.comn_hdr.service_cmd_id = + ICP_QAT_FW_LA_CMD_CIPHER; + session->cd.cipher.cipher_config.val = + ICP_QAT_HW_CIPHER_CONFIG_BUILD( + ICP_QAT_HW_CIPHER_AEAD_MODE, + session->qat_cipher_alg, + ICP_QAT_HW_CIPHER_NO_CONVERT, + session->qat_dir); + QAT_FIELD_SET(session->cd.cipher.cipher_config.val, + aead_xform->digest_length, + QAT_CIPHER_AEAD_HASH_CMP_LEN_BITPOS, + QAT_CIPHER_AEAD_HASH_CMP_LEN_MASK); + session->cd.cipher.cipher_config.reserved = + ICP_QAT_HW_CIPHER_CONFIG_BUILD_UPPER( + aead_xform->aad_length); + cipher_param->spc_aad_sz = aead_xform->aad_length; + cipher_param->spc_auth_res_sz = aead_xform->digest_length; + } + return 0; +} + int qat_sym_session_configure_auth(struct rte_cryptodev *dev, struct rte_crypto_sym_xform *xform, @@ -646,7 +713,8 @@ qat_sym_session_configure_auth(struct rte_cryptodev *dev, } int -qat_sym_session_configure_aead(struct rte_crypto_sym_xform *xform, +qat_sym_session_configure_aead(struct rte_cryptodev *dev, + struct rte_crypto_sym_xform *xform, struct qat_sym_session *session) { struct rte_crypto_aead_xform *aead_xform = &xform->aead; @@ -684,6 +752,17 @@ qat_sym_session_configure_aead(struct rte_crypto_sym_xform *xform, return -EINVAL; } + session->is_single_pass = 0; + if (aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) { + /* Use faster Single-Pass GCM if possible */ + int res = qat_sym_session_handle_single_pass( + dev->data->dev_private, session, aead_xform); + if (res < 0) + return res; + if (session->is_single_pass) + return 0; + } + if ((aead_xform->op == RTE_CRYPTO_AEAD_OP_ENCRYPT && aead_xform->algo == RTE_CRYPTO_AEAD_AES_GCM) || (aead_xform->op == RTE_CRYPTO_AEAD_OP_DECRYPT && @@ -1444,7 +1523,7 @@ int qat_sym_session_aead_create_cd_auth(struct qat_sym_session *cdesc, struct icp_qat_fw_la_auth_req_params *auth_param = (struct icp_qat_fw_la_auth_req_params *) ((char *)&req_tmpl->serv_specif_rqpars + - sizeof(struct icp_qat_fw_la_cipher_req_params)); + ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET); uint16_t state1_size = 0, state2_size = 0; uint16_t hash_offset, cd_size; uint32_t *aad_len = NULL; diff --git a/drivers/crypto/qat/qat_sym_session.h b/drivers/crypto/qat/qat_sym_session.h index ce1ca5af8..98985d686 100644 --- a/drivers/crypto/qat/qat_sym_session.h +++ b/drivers/crypto/qat/qat_sym_session.h @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: BSD-3-Clause - * Copyright(c) 2015-2018 Intel Corporation + * Copyright(c) 2015-2019 Intel Corporation */ #ifndef _QAT_SYM_SESSION_H_ #define _QAT_SYM_SESSION_H_ @@ -25,6 +25,9 @@ #define QAT_3DES_KEY_SZ_OPT2 16 /* K3=K1 */ #define QAT_3DES_KEY_SZ_OPT3 8 /* K1=K2=K3 */ +/* 96-bit case of IV for CCP/GCM single pass algorithm */ +#define QAT_AES_GCM_SPC_IV_SIZE 12 + #define QAT_AES_HW_CONFIG_CBC_ENC(alg) \ ICP_QAT_HW_CIPHER_CONFIG_BUILD(ICP_QAT_HW_CIPHER_CBC_MODE, alg, \ @@ -78,6 +81,7 @@ struct qat_sym_session { rte_spinlock_t lock; /* protects this struct */ enum qat_device_gen min_qat_dev_gen; uint8_t aes_cmac; + uint8_t is_single_pass; }; int @@ -91,7 +95,8 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, struct rte_crypto_sym_xform *xform, void *session_private); int -qat_sym_session_configure_aead(struct rte_crypto_sym_xform *xform, +qat_sym_session_configure_aead(struct rte_cryptodev *dev, + struct rte_crypto_sym_xform *xform, struct qat_sym_session *session); int