[dpdk-dev] [PATCH v4 2/2] crypto/qat: handle mixed hash-cipher crypto on GEN2 QAT
Adam Dybkowski
adamx.dybkowski at intel.com
Thu Mar 26 17:22:08 CET 2020
This patch adds handling of mixed hash-cipher algorithms
available on GEN2 QAT in particular firmware versions.
Also the documentation is updated to show the mixed crypto
algorithms are supported on QAT GEN2.
Signed-off-by: Adam Dybkowski <adamx.dybkowski at intel.com>
---
doc/guides/cryptodevs/qat.rst | 13 ++++++++-----
doc/guides/rel_notes/release_20_05.rst | 7 +++++++
drivers/crypto/qat/qat_sym_pmd.c | 27 ++++++++++++++++++++++++++
drivers/crypto/qat/qat_sym_pmd.h | 5 +++++
drivers/crypto/qat/qat_sym_session.c | 17 ++++++++++------
5 files changed, 58 insertions(+), 11 deletions(-)
diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst
index 1e83ed626..c79e686de 100644
--- a/doc/guides/cryptodevs/qat.rst
+++ b/doc/guides/cryptodevs/qat.rst
@@ -82,18 +82,17 @@ All the usual chains are supported and also some mixed chains:
+------------------+-----------+-------------+----------+----------+
| Cipher algorithm | NULL AUTH | SNOW3G UIA2 | ZUC EIA3 | AES CMAC |
+==================+===========+=============+==========+==========+
- | NULL CIPHER | Y | 3 | 3 | Y |
+ | NULL CIPHER | Y | 2&3 | 2&3 | Y |
+------------------+-----------+-------------+----------+----------+
- | SNOW3G UEA2 | 3 | Y | 3 | 3 |
+ | SNOW3G UEA2 | 2&3 | Y | 2&3 | 2&3 |
+------------------+-----------+-------------+----------+----------+
- | ZUC EEA3 | 3 | 3 | 2&3 | 3 |
+ | ZUC EEA3 | 2&3 | 2&3 | 2&3 | 2&3 |
+------------------+-----------+-------------+----------+----------+
- | AES CTR | Y | 3 | 3 | Y |
+ | AES CTR | Y | 2&3 | 2&3 | Y |
+------------------+-----------+-------------+----------+----------+
* The combinations marked as "Y" are supported on all QAT hardware versions.
* The combinations marked as "2&3" are supported on GEN2/GEN3 QAT hardware only.
-* The combinations marked as "3" are supported on GEN3 QAT hardware only.
Limitations
@@ -120,6 +119,8 @@ Limitations
enqueued to the device and will be marked as failed. The simplest way to
mitigate this is to use the bdf whitelist to avoid mixing devices of different
generations in the same process if planning to use for GCM.
+* The mixed algo feature on GEN2 is not supported by all kernel drivers. Check
+ the notes under the Available Kernel Drivers table below for specific details.
Extra notes on KASUMI F9
~~~~~~~~~~~~~~~~~~~~~~~~
@@ -379,6 +380,8 @@ to see the full table)
| Yes | No | No | 3 | P5xxx | p | qat_p5xxx | p5xxx | 18a0 | 1 | 18a1 | 128 |
+-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
+* Note: Symmetric mixed crypto algorithms feature on Gen 2 works only with 01.org driver version 4.9.0+
+
The first 3 columns indicate the service:
* S = Symmetric crypto service (via cryptodev API)
diff --git a/doc/guides/rel_notes/release_20_05.rst b/doc/guides/rel_notes/release_20_05.rst
index 1dfcfccee..fe3e649d5 100644
--- a/doc/guides/rel_notes/release_20_05.rst
+++ b/doc/guides/rel_notes/release_20_05.rst
@@ -70,6 +70,13 @@ New Features
by making use of the event device capabilities. The event mode currently supports
only inline IPsec protocol offload.
+* **Added handling of mixed crypto algorithms in QAT PMD for GEN2.**
+
+ Enabled handling of mixed algorithms in encrypted digest hash-cipher
+ (generation) and cipher-hash (verification) requests in QAT PMD
+ when running on GEN2 QAT hardware with particular firmware versions
+ (GEN3 support was added in DPDK 20.02).
+
Removed Items
-------------
diff --git a/drivers/crypto/qat/qat_sym_pmd.c b/drivers/crypto/qat/qat_sym_pmd.c
index 50abdf6f5..e887c880f 100644
--- a/drivers/crypto/qat/qat_sym_pmd.c
+++ b/drivers/crypto/qat/qat_sym_pmd.c
@@ -14,6 +14,8 @@
#include "qat_sym_session.h"
#include "qat_sym_pmd.h"
+#define MIXED_CRYPTO_MIN_FW_VER 0x04090000
+
uint8_t cryptodev_qat_driver_id;
static const struct rte_cryptodev_capabilities qat_gen1_sym_capabilities[] = {
@@ -187,6 +189,31 @@ static int qat_sym_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
qat_sgl_dst);
}
+ /* Get fw version from QAT (GEN2), skip if we've got it already */
+ if (qp->qat_dev_gen == QAT_GEN2 && !(qat_private->internal_capabilities
+ & QAT_SYM_CAP_VALID)) {
+ ret = qat_cq_get_fw_version(qp);
+
+ if (ret < 0) {
+ qat_sym_qp_release(dev, qp_id);
+ return ret;
+ }
+
+ if (ret != 0)
+ QAT_LOG(DEBUG, "QAT firmware version: %d.%d.%d",
+ (ret >> 24) & 0xff,
+ (ret >> 16) & 0xff,
+ (ret >> 8) & 0xff);
+ else
+ QAT_LOG(DEBUG, "unknown QAT firmware version");
+
+ /* set capabilities based on the fw version */
+ qat_private->internal_capabilities = QAT_SYM_CAP_VALID |
+ ((ret >= MIXED_CRYPTO_MIN_FW_VER) ?
+ QAT_SYM_CAP_MIXED_CRYPTO : 0);
+ ret = 0;
+ }
+
return ret;
}
diff --git a/drivers/crypto/qat/qat_sym_pmd.h b/drivers/crypto/qat/qat_sym_pmd.h
index a32c25abc..a5a31e512 100644
--- a/drivers/crypto/qat/qat_sym_pmd.h
+++ b/drivers/crypto/qat/qat_sym_pmd.h
@@ -15,6 +15,10 @@
/** Intel(R) QAT Symmetric Crypto PMD driver name */
#define CRYPTODEV_NAME_QAT_SYM_PMD crypto_qat
+/* Internal capabilities */
+#define QAT_SYM_CAP_MIXED_CRYPTO (1 << 0)
+#define QAT_SYM_CAP_VALID (1 << 31)
+
extern uint8_t cryptodev_qat_driver_id;
/** private data structure for a QAT device.
@@ -29,6 +33,7 @@ struct qat_sym_dev_private {
const struct rte_cryptodev_capabilities *qat_dev_capabilities;
/* QAT device symmetric crypto capabilities */
uint16_t min_enq_burst_threshold;
+ uint32_t internal_capabilities; /* see flags QAT_SYM_CAP_xxx */
};
int
diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c
index 61ab9edc4..fd2cc382e 100644
--- a/drivers/crypto/qat/qat_sym_session.c
+++ b/drivers/crypto/qat/qat_sym_session.c
@@ -464,18 +464,23 @@ qat_sym_session_set_ext_hash_flags(struct qat_sym_session *session,
}
static void
-qat_sym_session_handle_mixed(struct qat_sym_session *session)
+qat_sym_session_handle_mixed(const struct rte_cryptodev *dev,
+ struct qat_sym_session *session)
{
+ const struct qat_sym_dev_private *qat_private = dev->data->dev_private;
+ enum qat_device_gen min_dev_gen = (qat_private->internal_capabilities &
+ QAT_SYM_CAP_MIXED_CRYPTO) ? QAT_GEN2 : QAT_GEN3;
+
if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3 &&
session->qat_cipher_alg !=
ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3) {
- session->min_qat_dev_gen = QAT_GEN3;
+ session->min_qat_dev_gen = min_dev_gen;
qat_sym_session_set_ext_hash_flags(session,
1 << ICP_QAT_FW_AUTH_HDR_FLAG_ZUC_EIA3_BITPOS);
} else if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2 &&
session->qat_cipher_alg !=
ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2) {
- session->min_qat_dev_gen = QAT_GEN3;
+ session->min_qat_dev_gen = min_dev_gen;
qat_sym_session_set_ext_hash_flags(session,
1 << ICP_QAT_FW_AUTH_HDR_FLAG_SNOW3G_UIA2_BITPOS);
} else if ((session->aes_cmac ||
@@ -484,7 +489,7 @@ qat_sym_session_handle_mixed(struct qat_sym_session *session)
ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2 ||
session->qat_cipher_alg ==
ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3)) {
- session->min_qat_dev_gen = QAT_GEN3;
+ session->min_qat_dev_gen = min_dev_gen;
qat_sym_session_set_ext_hash_flags(session, 0);
}
}
@@ -537,7 +542,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
if (ret < 0)
return ret;
/* Special handling of mixed hash+cipher algorithms */
- qat_sym_session_handle_mixed(session);
+ qat_sym_session_handle_mixed(dev, session);
}
break;
case ICP_QAT_FW_LA_CMD_HASH_CIPHER:
@@ -556,7 +561,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
if (ret < 0)
return ret;
/* Special handling of mixed hash+cipher algorithms */
- qat_sym_session_handle_mixed(session);
+ qat_sym_session_handle_mixed(dev, session);
}
break;
case ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM:
--
2.17.1
More information about the dev
mailing list