diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst index 12b8e799a2..06985e3193 100644 --- a/doc/guides/cryptodevs/qat.rst +++ b/doc/guides/cryptodevs/qat.rst @@ -72,6 +72,30 @@ Supported AEAD algorithms: * ``RTE_CRYPTO_AEAD_AES_CCM`` +Supported Chains +~~~~~~~~~~~~~~~~ + +All the usual chains are supported and also some mixed chains: + +.. table:: Supported hash-cipher chains for wireless digest-encrypted cases + + +------------------+-----------+-------------+----------+----------+ + | Cipher algorithm | NULL AUTH | SNOW3G UIA2 | ZUC EIA3 | AES CMAC | + +==================+===========+=============+==========+==========+ + | NULL CIPHER | Y | 3 | 3 | Y | + +------------------+-----------+-------------+----------+----------+ + | SNOW3G UEA2 | 3 | Y | 3 | 3 | + +------------------+-----------+-------------+----------+----------+ + | ZUC EEA3 | 3 | 3 | 2&3 | 3 | + +------------------+-----------+-------------+----------+----------+ + | AES CTR | Y | 3 | 3 | Y | + +------------------+-----------+-------------+----------+----------+ + +* The combinations marked as "Y" are supported on all QAT hardware versions. +* The combinations marked as "2&3" are supported on GEN2/GEN3 QAT hardware only. +* The combinations marked as "3" are supported on GEN3 QAT hardware only. + + Limitations ~~~~~~~~~~~ diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst index 01bde80c27..ec516daf41 100644 --- a/doc/guides/rel_notes/release_20_02.rst +++ b/doc/guides/rel_notes/release_20_02.rst @@ -69,6 +69,14 @@ New Features * ECPM (Elliptic Curve Point Multiplication) is added to asymmetric crypto library specifications. +* **Added handling of mixed algorithms in encrypted digest requests in QAT PMD.** + + Added handling of mixed algorithms in encrypted digest hash-cipher + (generation) and cipher-hash (verification) requests (e.g. SNOW3G + ZUC or + ZUC + AES CTR) in QAT PMD possible when running on GEN3 QAT hardware. + Such algorithm combinations are not supported on GEN1/GEN2 hardware + and executing the request returns RTE_CRYPTO_OP_STATUS_INVALID_SESSION. + Removed Items ------------- diff --git a/drivers/common/qat/qat_adf/icp_qat_fw.h b/drivers/common/qat/qat_adf/icp_qat_fw.h index 8f7cb37b43..1265c2a138 100644 --- a/drivers/common/qat/qat_adf/icp_qat_fw.h +++ b/drivers/common/qat/qat_adf/icp_qat_fw.h @@ -175,6 +175,9 @@ struct icp_qat_fw_comn_resp { #define QAT_COMN_PTR_TYPE_SGL 0x1 #define QAT_COMN_CD_FLD_TYPE_64BIT_ADR 0x0 #define QAT_COMN_CD_FLD_TYPE_16BYTE_DATA 0x1 +#define QAT_COMN_EXT_FLAGS_BITPOS 8 +#define QAT_COMN_EXT_FLAGS_MASK 0x1 +#define QAT_COMN_EXT_FLAGS_USED 0x1 #define ICP_QAT_FW_COMN_FLAGS_BUILD(cdt, ptr) \ ((((cdt) & QAT_COMN_CD_FLD_TYPE_MASK) << QAT_COMN_CD_FLD_TYPE_BITPOS) \ diff --git a/drivers/common/qat/qat_adf/icp_qat_fw_la.h b/drivers/common/qat/qat_adf/icp_qat_fw_la.h index 38891eb1f9..20eb145def 100644 --- a/drivers/common/qat/qat_adf/icp_qat_fw_la.h +++ b/drivers/common/qat/qat_adf/icp_qat_fw_la.h @@ -273,6 +273,8 @@ struct icp_qat_fw_cipher_auth_cd_ctrl_hdr { #define ICP_QAT_FW_AUTH_HDR_FLAG_DO_NESTED 1 #define ICP_QAT_FW_AUTH_HDR_FLAG_NO_NESTED 0 +#define ICP_QAT_FW_AUTH_HDR_FLAG_SNOW3G_UIA2_BITPOS 3 +#define ICP_QAT_FW_AUTH_HDR_FLAG_ZUC_EIA3_BITPOS 4 #define ICP_QAT_FW_CCM_GCM_AAD_SZ_MAX 240 #define ICP_QAT_FW_HASH_REQUEST_PARAMETERS_OFFSET 24 #define ICP_QAT_FW_CIPHER_REQUEST_PARAMETERS_OFFSET (0) diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index 72290ba480..4359f2f0b8 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -416,6 +416,74 @@ qat_sym_session_configure(struct rte_cryptodev *dev, return 0; } +static void +qat_sym_session_set_ext_hash_flags(struct qat_sym_session *session, + uint8_t hash_flag) +{ + struct icp_qat_fw_comn_req_hdr *header = &session->fw_req.comn_hdr; + struct icp_qat_fw_cipher_auth_cd_ctrl_hdr *cd_ctrl = + (struct icp_qat_fw_cipher_auth_cd_ctrl_hdr *) + session->fw_req.cd_ctrl.content_desc_ctrl_lw; + + /* Set the Use Extended Protocol Flags bit in LW 1 */ + QAT_FIELD_SET(header->comn_req_flags, + QAT_COMN_EXT_FLAGS_USED, + QAT_COMN_EXT_FLAGS_BITPOS, + QAT_COMN_EXT_FLAGS_MASK); + + /* Set Hash Flags in LW 28 */ + cd_ctrl->hash_flags |= hash_flag; + + /* Set proto flags in LW 1 */ + switch (session->qat_cipher_alg) { + case ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2: + ICP_QAT_FW_LA_PROTO_SET(header->serv_specif_flags, + ICP_QAT_FW_LA_SNOW_3G_PROTO); + ICP_QAT_FW_LA_ZUC_3G_PROTO_FLAG_SET( + header->serv_specif_flags, 0); + break; + case ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3: + ICP_QAT_FW_LA_PROTO_SET(header->serv_specif_flags, + ICP_QAT_FW_LA_NO_PROTO); + ICP_QAT_FW_LA_ZUC_3G_PROTO_FLAG_SET( + header->serv_specif_flags, + ICP_QAT_FW_LA_ZUC_3G_PROTO); + break; + default: + ICP_QAT_FW_LA_PROTO_SET(header->serv_specif_flags, + ICP_QAT_FW_LA_NO_PROTO); + ICP_QAT_FW_LA_ZUC_3G_PROTO_FLAG_SET( + header->serv_specif_flags, 0); + break; + } +} + +static void +qat_sym_session_handle_mixed(struct qat_sym_session *session) +{ + if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_ZUC_3G_128_EIA3 && + session->qat_cipher_alg != + ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3) { + session->min_qat_dev_gen = QAT_GEN3; + qat_sym_session_set_ext_hash_flags(session, + 1 << ICP_QAT_FW_AUTH_HDR_FLAG_ZUC_EIA3_BITPOS); + } else if (session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_SNOW_3G_UIA2 && + session->qat_cipher_alg != + ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2) { + session->min_qat_dev_gen = QAT_GEN3; + qat_sym_session_set_ext_hash_flags(session, + 1 << ICP_QAT_FW_AUTH_HDR_FLAG_SNOW3G_UIA2_BITPOS); + } else if ((session->aes_cmac || + session->qat_hash_alg == ICP_QAT_HW_AUTH_ALGO_NULL) && + (session->qat_cipher_alg == + ICP_QAT_HW_CIPHER_ALGO_SNOW_3G_UEA2 || + session->qat_cipher_alg == + ICP_QAT_HW_CIPHER_ALGO_ZUC_3G_128_EEA3)) { + session->min_qat_dev_gen = QAT_GEN3; + qat_sym_session_set_ext_hash_flags(session, 0); + } +} + int qat_sym_session_set_parameters(struct rte_cryptodev *dev, struct rte_crypto_sym_xform *xform, void *session_private) @@ -463,6 +531,8 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, xform, session); if (ret < 0) return ret; + /* Special handling of mixed hash+cipher algorithms */ + qat_sym_session_handle_mixed(session); } break; case ICP_QAT_FW_LA_CMD_HASH_CIPHER: @@ -480,6 +550,8 @@ qat_sym_session_set_parameters(struct rte_cryptodev *dev, xform, session); if (ret < 0) return ret; + /* Special handling of mixed hash+cipher algorithms */ + qat_sym_session_handle_mixed(session); } break; case ICP_QAT_FW_LA_CMD_TRNG_GET_RANDOM: