From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4D4A048A9D; Fri, 7 Nov 2025 17:27:12 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1648A402D6; Fri, 7 Nov 2025 17:27:12 +0100 (CET) Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.20]) by mails.dpdk.org (Postfix) with ESMTP id 9EBF24021F for ; Fri, 7 Nov 2025 17:27:10 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1762532831; x=1794068831; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=n/agAEseF8t+jtoInlYaVCxnF8GqldAM9MXIslDwD3Y=; b=dFq7NAIH5U3B1GNOASJ7EdonNBCvlZpac9NK7O9fnrdRW8c6n6vdX4yX UO/Yd4P9ziIOZm3ZvA2eulQO6HFtzS2LYBgw6ECoQm3rMXf/kyRO8tWXi cc2TC2ZeB6pCyEMSuIv+/CHw+Fe9QqLrsDe1T/5H5m8rTVWx2+73Vcdhj XKMGuQyEVzJF3rrp9zEtHorte6qId59+Xoh+mC7k/wPGSoVxwtLcUKOsh tWk4q/GuyVufRLcP1fJO8sTw462CjfSpbp61Op9W91n6m6syzGG6V8PKb 5Em9FLDI5aa0bzyBipar3EWqsJly01RCWnqVulIjtRPr1Uxn9H9AoPHlE A==; X-CSE-ConnectionGUID: wF78dLgVRoeNzQom11tj9A== X-CSE-MsgGUID: fXqJui2aQ9iUZaM0QkJjyw== X-IronPort-AV: E=McAfee;i="6800,10657,11606"; a="64383182" X-IronPort-AV: E=Sophos;i="6.19,287,1754982000"; d="scan'208";a="64383182" Received: from orviesa008.jf.intel.com ([10.64.159.148]) by orvoesa112.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Nov 2025 08:27:09 -0800 X-CSE-ConnectionGUID: 3Hme+Ui4R/iab36kemgIKQ== X-CSE-MsgGUID: zBdPO/dZRqaFSKAoZVLZvA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.19,287,1754982000"; d="scan'208";a="188240463" Received: from silpixa00401454.ir.intel.com ([10.20.224.230]) by orviesa008.jf.intel.com with ESMTP; 07 Nov 2025 08:27:08 -0800 From: Emma Finn To: Akhil Goyal , Fan Zhang , Kai Ji , Arkadiusz Kusztal , Fiona Trahe Cc: dev@dpdk.org, Emma Finn Subject: [PATCH] crypto/qat: fix CCM request descriptor hash_state_sz field Date: Fri, 7 Nov 2025 16:23:08 +0000 Message-Id: <20251107162308.2150642-1-emma.finn@intel.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org The hash_state_sz field in the QAT request descriptor for AES-CCM operations was incorrectly set to the digest length. According to the QAT firmware specification, this field should contain the length of AAD in quadwords for CCM operations. This incorrect field value caused QAT firmware to return INVALID_PARAMS errors for certain AAD buffer sizes. A new unit test is also added to cover this case. Fixes: ab56c4d ("crypto/qat: add AES-CCM support") Signed-off-by: Emma Finn --- app/test/test_cryptodev.c | 16 +++++++ app/test/test_cryptodev_aead_test_vectors.h | 53 +++++++++++++++++++++ drivers/crypto/qat/qat_sym_session.c | 2 +- 3 files changed, 70 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 6e5f308e55..9bdd357727 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -14271,6 +14271,12 @@ test_AES_CCM_authenticated_encryption_test_case_128_3(void) return test_authenticated_encryption(&ccm_test_case_128_3); } +static int +test_AES_CCM_authenticated_encryption_test_case_128_4(void) +{ + return test_authenticated_encryption(&ccm_test_case_128_4); +} + static int test_AES_CCM_authenticated_decryption_test_case_128_1(void) { @@ -14289,6 +14295,12 @@ test_AES_CCM_authenticated_decryption_test_case_128_3(void) return test_authenticated_decryption(&ccm_test_case_128_3); } +static int +test_AES_CCM_authenticated_decryption_test_case_128_4(void) +{ + return test_authenticated_decryption(&ccm_test_case_128_4); +} + static int test_AES_CCM_authenticated_encryption_test_case_192_1(void) { @@ -18975,6 +18987,8 @@ static struct unit_test_suite cryptodev_aes_ccm_auth_testsuite = { test_AES_CCM_authenticated_encryption_test_case_128_2), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_CCM_authenticated_encryption_test_case_128_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_CCM_authenticated_encryption_test_case_128_4), /** AES CCM Authenticated Decryption 128 bits key*/ TEST_CASE_ST(ut_setup, ut_teardown, @@ -18983,6 +18997,8 @@ static struct unit_test_suite cryptodev_aes_ccm_auth_testsuite = { test_AES_CCM_authenticated_decryption_test_case_128_2), TEST_CASE_ST(ut_setup, ut_teardown, test_AES_CCM_authenticated_decryption_test_case_128_3), + TEST_CASE_ST(ut_setup, ut_teardown, + test_AES_CCM_authenticated_decryption_test_case_128_4), /** AES CCM Authenticated Encryption 192 bits key */ TEST_CASE_ST(ut_setup, ut_teardown, diff --git a/app/test/test_cryptodev_aead_test_vectors.h b/app/test/test_cryptodev_aead_test_vectors.h index 73bedaf557..6b9642e339 100644 --- a/app/test/test_cryptodev_aead_test_vectors.h +++ b/app/test/test_cryptodev_aead_test_vectors.h @@ -50,6 +50,13 @@ static uint8_t ccm_aad_test_2[22] = { 0xA5, 0xB8, 0xFC, 0xBA, 0x00, 0x00 }; +static uint8_t ccm_aad_test_4[32] = { + 0xD2, 0x3D, 0xBD, 0xF2, 0x13, 0xAA, 0xD5, 0x03, + 0xDB, 0xA5, 0x3E, 0x44, 0xBB, 0x1E, 0xD7, 0x19, + 0x65, 0x2F, 0x37, 0xA0, 0x97, 0xD6, 0x5F, 0x59, + 0x0B, 0xD1, 0xE6, 0xA4, 0xCC, 0x50, 0xEB, 0x62 +}; + static uint8_t sm4_gcm_aad_test_2[] = { 0x3f, 0x89, 0x42, 0x20 }; @@ -3714,6 +3721,52 @@ static const struct aead_test_data ccm_test_case_128_3 = { } }; +static const struct aead_test_data ccm_test_case_128_4 = { + .algo = RTE_CRYPTO_AEAD_AES_CCM, + .key = { + .data = { + 0x2F, 0x55, 0xF2, 0xF8, 0x4E, 0x66, 0x5E, 0x4B, + 0x1D, 0x56, 0x91, 0x62, 0x6C, 0xE7, 0xD4, 0xB8 + }, + .len = 16 + }, + .iv = { + .data = { + 0x2C, 0x39, 0xBE, 0x24, 0xAF, 0xF4, 0xC1, 0x0E, + 0x20, 0x26, 0x11, 0x49, 0x49 + }, + .len = 13 + }, + .aad = { + .data = ccm_aad_test_4, + .len = 32 + }, + .plaintext = { + .data = { + 0xF5, 0x2A, 0xEC, 0xEF, 0x88, 0x73, 0x10, 0x11, + 0xD0, 0x68, 0xCB, 0x8E, 0x82, 0xBE, 0xED, 0x68, + 0xC1, 0xC6, 0xF2, 0xA5, 0x9E, 0x99, 0xF6, 0x3D, + 0xDA, 0xEA, 0xA0, 0x49, 0xD0, 0xF4, 0x18, 0xC0 + }, + .len = 32 + }, + .ciphertext = { + .data = { + 0x0F, 0x7B, 0x8A, 0x0D, 0x79, 0xB6, 0x1C, 0x93, + 0x00, 0x26, 0x57, 0x52, 0xC8, 0x68, 0x30, 0xF6, + 0x92, 0xA4, 0x9C, 0x86, 0x5E, 0x77, 0x51, 0x9C, + 0x79, 0x15, 0x7C, 0xF3, 0x87, 0x27, 0x2A, 0x77 + }, + .len = 32 + }, + .auth_tag = { + .data = { + 0x64, 0x2F, 0x58, 0x61 + }, + .len = 4 + } +}; + /** AES-CCM-192 Test Vectors */ static const struct aead_test_data ccm_test_case_192_1 = { .algo = RTE_CRYPTO_AEAD_AES_CCM, diff --git a/drivers/crypto/qat/qat_sym_session.c b/drivers/crypto/qat/qat_sym_session.c index 98ab82ffb3..0a00c3927a 100644 --- a/drivers/crypto/qat/qat_sym_session.c +++ b/drivers/crypto/qat/qat_sym_session.c @@ -2774,7 +2774,7 @@ static int qat_sym_cd_auth_set(struct qat_sym_session *cdesc, hash->auth_counter.counter = 0; hash_cd_ctrl->outer_prefix_sz = digestsize; - auth_param->hash_state_sz = digestsize; + auth_param->hash_state_sz = (RTE_ALIGN_CEIL(auth_param->u2.aad_sz, 8) >> 3); memcpy(cdesc->cd_cur_ptr + state1_size, authkey, authkeylen); break; -- 2.34.1