crypto/qat: support XTS

This patch adds XTS capabilities and enables
XTS cipher mode on QAT.
It also updates the documentation for newly
supported AES XTS mode on QAT.

Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

doc/guides/cryptodevs/features/qat.ini

@@ -24,6 +24,8 @@ AES CBC (256)  = Y
 AES CTR (128)  = Y
 AES CTR (192)  = Y
 AES CTR (256)  = Y
+AES XTS (128)  = Y
+AES XTS (256)  = Y
 3DES CBC       = Y
 3DES CTR       = Y
 DES CBC        = Y

doc/guides/cryptodevs/qat.rst

@@ -1,5 +1,5 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright(c) 2015-2016 Intel Corporation.
+    Copyright(c) 2015-2019 Intel Corporation.
 
 Intel(R) QuickAssist (QAT) Crypto Poll Mode Driver
 ==================================================
@@ -41,6 +41,7 @@ Cipher algorithms:
 * ``RTE_CRYPTO_CIPHER_AES128_CTR``
 * ``RTE_CRYPTO_CIPHER_AES192_CTR``
 * ``RTE_CRYPTO_CIPHER_AES256_CTR``
+* ``RTE_CRYPTO_CIPHER_AES_XTS``
 * ``RTE_CRYPTO_CIPHER_SNOW3G_UEA2``
 * ``RTE_CRYPTO_CIPHER_NULL``
 * ``RTE_CRYPTO_CIPHER_KASUMI_F8``

doc/guides/rel_notes/release_19_05.rst

@@ -91,6 +91,10 @@ New Features
 
   * Added promiscuous mode support.
 
+* **Updated the QuickAssist Technology PMD.**
+
+  Added support for AES-XTS with 128 and 256 bit AES keys.
+
 * **Updated the testpmd application.**
 
   Improved testpmd application performance on ARM platform. For ``macswap``
@@ -238,6 +242,12 @@ Known Issues
    Also, make sure to start the actual text at the margin.
    =========================================================
 
+* **No software AES-XTS implementation.**
+
+  There are currently no cryptodev software PMDs available which implement
+  support for the AES-XTS algorithm, so this feature can only be used
+  if compatible hardware and an associated PMD is available.
+
 
 Tested Platforms
 ----------------

drivers/crypto/qat/qat_sym_capabilities.h

@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2017-2018 Intel Corporation
+ * Copyright(c) 2017-2019 Intel Corporation
  */
 
 #ifndef _QAT_SYM_CAPABILITIES_H_
@@ -304,6 +304,26 @@
 			}, }						\
 		}, }							\
 	},								\
+	{	/* AES XTS */					\
+		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
+		{.sym = {						\
+			.xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,	\
+			{.cipher = {					\
+				.algo = RTE_CRYPTO_CIPHER_AES_XTS,	\
+				.block_size = 16,			\
+				.key_size = {				\
+					.min = 32,			\
+					.max = 64,			\
+					.increment = 0			\
+				},					\
+				.iv_size = {				\
+					.min = 16,			\
+					.max = 16,			\
+					.increment = 0			\
+				}					\
+			}, }						\
+		}, }							\
+	},								\
 	{	/* AES DOCSIS BPI */					\
 		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,			\
 		{.sym = {						\

drivers/crypto/qat/qat_sym_session.c

@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
- * Copyright(c) 2015-2018 Intel Corporation
+ * Copyright(c) 2015-2019 Intel Corporation
  */
 
 #include <openssl/sha.h>	/* Needed to calculate pre-compute values */
@@ -333,10 +333,23 @@ qat_sym_session_configure_cipher(struct rte_cryptodev *dev,
 		}
 		session->qat_mode = ICP_QAT_HW_CIPHER_ECB_MODE;
 		break;
+	case RTE_CRYPTO_CIPHER_AES_XTS:
+		if ((cipher_xform->key.length/2) == ICP_QAT_HW_AES_192_KEY_SZ) {
+			QAT_LOG(ERR, "AES-XTS-192 not supported");
+			ret = -EINVAL;
+			goto error_out;
+		}
+		if (qat_sym_validate_aes_key((cipher_xform->key.length/2),
+				&session->qat_cipher_alg) != 0) {
+			QAT_LOG(ERR, "Invalid AES-XTS cipher key size");
+			ret = -EINVAL;
+			goto error_out;
+		}
+		session->qat_mode = ICP_QAT_HW_CIPHER_XTS_MODE;
+		break;
 	case RTE_CRYPTO_CIPHER_3DES_ECB:
 	case RTE_CRYPTO_CIPHER_AES_ECB:
 	case RTE_CRYPTO_CIPHER_AES_F8:
-	case RTE_CRYPTO_CIPHER_AES_XTS:
 	case RTE_CRYPTO_CIPHER_ARC4:
 		QAT_LOG(ERR, "Crypto QAT PMD: Unsupported Cipher alg %u",
 				cipher_xform->algo);