crypto/qat: handle mixed hash-cipher on GEN2

This patch adds handling of mixed hash-cipher algorithms
available on GEN2 QAT in particular firmware versions.
Also the documentation is updated to show the mixed crypto
algorithms are supported on QAT GEN2.

Signed-off-by: Adam Dybkowski <adamx.dybkowski@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

doc/guides/cryptodevs/qat.rst

@@ -82,18 +82,17 @@ All the usual chains are supported and also some mixed chains:
    +------------------+-----------+-------------+----------+----------+
    | Cipher algorithm | NULL AUTH | SNOW3G UIA2 | ZUC EIA3 | AES CMAC |
    +==================+===========+=============+==========+==========+
-   | NULL CIPHER      | Y         | 3           | 3        | Y        |
+   | NULL CIPHER      | Y         | 2&3         | 2&3      | Y        |
    +------------------+-----------+-------------+----------+----------+
-   | SNOW3G UEA2      | 3         | Y           | 3        | 3        |
+   | SNOW3G UEA2      | 2&3       | Y           | 2&3      | 2&3      |
    +------------------+-----------+-------------+----------+----------+
-   | ZUC EEA3         | 3         | 3           | 2&3      | 3        |
+   | ZUC EEA3         | 2&3       | 2&3         | 2&3      | 2&3      |
    +------------------+-----------+-------------+----------+----------+
-   | AES CTR          | Y         | 3           | 3        | Y        |
+   | AES CTR          | Y         | 2&3         | 2&3      | Y        |
    +------------------+-----------+-------------+----------+----------+
 
 * The combinations marked as "Y" are supported on all QAT hardware versions.
 * The combinations marked as "2&3" are supported on GEN2/GEN3 QAT hardware only.
-* The combinations marked as "3" are supported on GEN3 QAT hardware only.
 
 
 Limitations
@@ -120,6 +119,8 @@ Limitations
   enqueued to the device and will be marked as failed. The simplest way to
   mitigate this is to use the bdf whitelist to avoid mixing devices of different
   generations in the same process if planning to use for GCM.
+* The mixed algo feature on GEN2 is not supported by all kernel drivers. Check
+  the notes under the Available Kernel Drivers table below for specific details.
 
 Extra notes on KASUMI F9
 ~~~~~~~~~~~~~~~~~~~~~~~~
@@ -379,6 +380,8 @@ to see the full table)
    | Yes | No  | No  | 3   | P5xxx    | p             | qat_p5xxx     | p5xxx      | 18a0   | 1    | 18a1   | 128    |
    +-----+-----+-----+-----+----------+---------------+---------------+------------+--------+------+--------+--------+
 
+* Note: Symmetric mixed crypto algorithms feature on Gen 2 works only with 01.org driver version 4.9.0+
+
 The first 3 columns indicate the service:
 
 * S = Symmetric crypto service (via cryptodev API)

doc/guides/rel_notes/release_20_05.rst

@@ -62,6 +62,13 @@ New Features
 
   * Added support for matching on IPv4 Time To Live and IPv6 Hop Limit.
 
+* **Added handling of mixed crypto algorithms in QAT PMD for GEN2.**
+
+  Enabled handling of mixed algorithms in encrypted digest hash-cipher
+  (generation) and cipher-hash (verification) requests in QAT PMD
+  when running on GEN2 QAT hardware with particular firmware versions
+  (GEN3 support was added in DPDK 20.02).
+
 * **Updated the turbo_sw bbdev PMD.**
 
   Supported large size code blocks which does not fit in one mbuf segment.

drivers/crypto/qat/qat_sym_pmd.c

@@ -14,6 +14,8 @@
 #include "qat_sym_session.h"
 #include "qat_sym_pmd.h"
 
+#define MIXED_CRYPTO_MIN_FW_VER 0x04090000
+
 uint8_t cryptodev_qat_driver_id;
 
 static const struct rte_cryptodev_capabilities qat_gen1_sym_capabilities[] = {
@@ -187,6 +189,31 @@ static int qat_sym_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 				qat_sgl_dst);
 	}
 
+	/* Get fw version from QAT (GEN2), skip if we've got it already */
+	if (qp->qat_dev_gen == QAT_GEN2 && !(qat_private->internal_capabilities
+			& QAT_SYM_CAP_VALID)) {
+		ret = qat_cq_get_fw_version(qp);
+
+		if (ret < 0) {
+			qat_sym_qp_release(dev, qp_id);
+			return ret;
+		}
+
+		if (ret != 0)
+			QAT_LOG(DEBUG, "QAT firmware version: %d.%d.%d",
+					(ret >> 24) & 0xff,
+					(ret >> 16) & 0xff,
+					(ret >> 8) & 0xff);
+		else
+			QAT_LOG(DEBUG, "unknown QAT firmware version");
+
+		/* set capabilities based on the fw version */
+		qat_private->internal_capabilities = QAT_SYM_CAP_VALID |
+				((ret >= MIXED_CRYPTO_MIN_FW_VER) ?
+						QAT_SYM_CAP_MIXED_CRYPTO : 0);
+		ret = 0;
+	}
+
 	return ret;
 }
 

drivers/crypto/qat/qat_sym_pmd.h

@@ -15,6 +15,10 @@
 /** Intel(R) QAT Symmetric Crypto PMD driver name */
 #define CRYPTODEV_NAME_QAT_SYM_PMD	crypto_qat
 
+/* Internal capabilities */
+#define QAT_SYM_CAP_MIXED_CRYPTO	(1 << 0)
+#define QAT_SYM_CAP_VALID		(1 << 31)
+
 extern uint8_t cryptodev_qat_driver_id;
 
 /** private data structure for a QAT device.
@@ -29,6 +33,7 @@ struct qat_sym_dev_private {
 	const struct rte_cryptodev_capabilities *qat_dev_capabilities;
 	/* QAT device symmetric crypto capabilities */
 	uint16_t min_enq_burst_threshold;
+	uint32_t internal_capabilities; /* see flags QAT_SYM_CAP_xxx */
 };
 
 int

drivers/crypto/qat/qat_sym_session.c

@@ -464,18 +464,23 @@ qat_sym_session_set_ext_hash_flags(struct qat_sym_session *session,
 }
 
 static void
-qat_sym_session_handle_mixed(struct qat_sym_session *session)
+qat_sym_session_handle_mixed(const struct rte_cryptodev *dev,
+		struct qat_sym_session *session)
 {
+	const struct qat_sym_dev_private *qat_private = dev->data->dev_private;
+	enum qat_device_gen min_dev_gen = (qat_private->internal_capabilities &
+			QAT_SYM_CAP_MIXED_CRYPTO) ? QAT_GEN2 : QAT_GEN3;
+
 	if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3 &&
 			session->qat_cipher_alg !=
 			ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3) {
-		session->min_qat_dev_gen = QAT_GEN3;
+		session->min_qat_dev_gen = min_dev_gen;
 		qat_sym_session_set_ext_hash_flags(session,
 			1 << ICP_QAT_FW_AUTH_HDR_FLAG_ZUC_EIA3_BITPOS);
 	} else if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2 &&
 			session->qat_cipher_alg !=
 			ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2) {
-		session->min_qat_dev_gen = QAT_GEN3;
+		session->min_qat_dev_gen = min_dev_gen;
 		qat_sym_session_set_ext_hash_flags(session,
 			1 << ICP_QAT_FW_AUTH_HDR_FLAG_SNOW3G_UIA2_BITPOS);
 	} else if ((session->aes_cmac ||
@@ -484,7 +489,7 @@ qat_sym_session_handle_mixed(struct qat_sym_session *session)
 			ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2 ||
 			session->qat_cipher_alg ==
 			ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3)) {
-		session->min_qat_dev_gen = QAT_GEN3;
+		session->min_qat_dev_gen = min_dev_gen;
 		qat_sym_session_set_ext_hash_flags(session, 0);
 	}
 }
@@ -537,7 +542,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
 			if (ret < 0)
 				return ret;
 			/* Special handling of mixed hash+cipher algorithms */
-			qat_sym_session_handle_mixed(session);
+			qat_sym_session_handle_mixed(dev, session);
 		}
 		break;
 	case ICP_QAT_FW_LA_CMD_HASH_CIPHER:
@@ -556,7 +561,7 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev,
 			if (ret < 0)
 				return ret;
 			/* Special handling of mixed hash+cipher algorithms */
-			qat_sym_session_handle_mixed(session);
+			qat_sym_session_handle_mixed(dev, session);
 		}
 		break;
 	case ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM: