git: e1b50e8184fc - main - qat.4: Minor tweaks

Mark Johnston markj at FreeBSD.org
Wed Jan 27 20:32:21 UTC 2021 

The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=e1b50e8184fca00520774d43bd7bdd0ccbe9a1d2

commit e1b50e8184fca00520774d43bd7bdd0ccbe9a1d2
Author:     Mark Johnston <markj at FreeBSD.org>
AuthorDate: 2021-01-27 20:31:10 +0000
Commit:     Mark Johnston <markj at FreeBSD.org>
CommitDate: 2021-01-27 20:31:10 +0000

    qat.4: Minor tweaks
    
    - Document a constraint on the AAD size for AES-GCM.
    - Note that the list of supported platforms and add-on devices is not
      complete and indicate that QAT devices will show up in pciconf
      output. [1]
    
    PR:             252984 [1]
    MFC after:      3 days
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 share/man/man4/qat.4 | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/share/man/man4/qat.4 b/share/man/man4/qat.4
index 9e9491f22aea..92ee85ac64eb 100644
--- a/share/man/man4/qat.4
+++ b/share/man/man4/qat.4
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd November 5, 2020
+.Dd January 27, 2021
 .Dt QAT 4
 .Os
 .Sh NAME
@@ -57,17 +57,29 @@ The
 driver implements
 .Xr crypto 4
 support for some of the cryptographic acceleration functions of the Intel
-QuickAssist device.
+QuickAssist (QAT) device.
 The
 .Nm
 driver supports the QAT devices integrated with Atom C2000 and C3000 and Xeon
-C620 and D-1500 chipsets, and the Intel QAT Adapter 8950.
-It can accelerate AES in CBC, CTR, XTS (except for the C2000) and GCM modes,
+C620 and D-1500 platforms, and the Intel QAT Adapter 8950.
+Other platforms and adapters not listed here may also be supported.
+QAT devices are enumerated through PCIe and are thus visible in
+.Xr pciconf 8
+output.
+.Pp
+The
+.Nm
+driver can accelerate AES in CBC, CTR, XTS (except for the C2000) and GCM modes,
 and can perform authenticated encryption combining the CBC, CTR and XTS modes
 with SHA1-HMAC and SHA2-HMAC.
 The
 .Nm
 driver can also compute SHA1 and SHA2 digests.
+The implementation of AES-GCM has a firmware-imposed constraint that the length
+of any additional authenticated data (AAD) must not exceed 240 bytes.
+The driver thus rejects
+.Xr crypto 9
+requests that do not satisfy this constraint.
 .Sh SEE ALSO
 .Xr crypto 4 ,
 .Xr ipsec 4 ,

More information about the dev-commits-src-main mailing list