From: Akhil Goyal <gakhil@marvell.com>
To: "Ji, Kai" <kai.ji@intel.com>, "Finn, Emma" <emma.finn@intel.com>,
Fan Zhang <fanzhang.oss@gmail.com>,
"Trahe, Fiona" <fiona.trahe@intel.com>,
Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
Cc: "dev@dpdk.org" <dev@dpdk.org>
Subject: RE: [v2] crypto/qat: fix CCM request descriptor hash_state_sz field
Date: Wed, 12 Nov 2025 04:08:44 +0000 [thread overview]
Message-ID: <CO6PR18MB44845D586452EF7DBD081B85D8CCA@CO6PR18MB4484.namprd18.prod.outlook.com> (raw)
In-Reply-To: <DS0PR11MB7458C0A1EE0B7FDDF2CD89CA81CFA@DS0PR11MB7458.namprd11.prod.outlook.com>
> Acked-by: Kai Ji <kai.ji@intel.com>
> ________________________________
>
> From: Finn, Emma <emma.finn@intel.com>
> Sent: 10 November 2025 17:01
> To: Akhil Goyal <gakhil@marvell.com>; Fan Zhang <fanzhang.oss@gmail.com>; Ji,
> Kai <kai.ji@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>; Arkadiusz Kusztal
> <arkadiuszx.kusztal@intel.com>
> Cc: dev@dpdk.org <dev@dpdk.org>; Finn, Emma <emma.finn@intel.com>
> Subject: [v2] crypto/qat: fix CCM request descriptor hash_state_sz field
>
> The hash_state_sz field in the QAT request descriptor for AES-CCM
> operations was incorrectly set to the digest length. According to
> the QAT firmware specification, this field should contain the
> length of AAD in quadwords for CCM operations.
>
> This incorrect field value caused QAT firmware to return
> INVALID_PARAMS errors for certain AAD buffer sizes. A new unit
> test is also added to cover this case.
>
> Fixes: ab56c4d9ed9a ("crypto/qat: support AES-CCM")
>
> Signed-off-by: Emma Finn <emma.finn@intel.com>
> ---
> v2:
> * Updated to use 16-byte alignment.
> ---
> app/test/test_cryptodev.c | 16 +++++++
> app/test/test_cryptodev_aead_test_vectors.h | 53 +++++++++++++++++++++
> drivers/crypto/qat/qat_sym_session.c | 3 +-
> 3 files changed, 71 insertions(+), 1 deletion(-)
>
Can you rework this patch to split the app/test changes in another patch?
You are adding a new test case in a fix for QAT.
> diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> index 6e5f308e55..9bdd357727 100644
> --- a/app/test/test_cryptodev.c
> +++ b/app/test/test_cryptodev.c
> @@ -14271,6 +14271,12 @@
> test_AES_CCM_authenticated_encryption_test_case_128_3(void)
> return test_authenticated_encryption(&ccm_test_case_128_3);
> }
>
> +static int
> +test_AES_CCM_authenticated_encryption_test_case_128_4(void)
> +{
> + return test_authenticated_encryption(&ccm_test_case_128_4);
> +}
> +
> static int
> test_AES_CCM_authenticated_decryption_test_case_128_1(void)
> {
> @@ -14289,6 +14295,12 @@
> test_AES_CCM_authenticated_decryption_test_case_128_3(void)
> return test_authenticated_decryption(&ccm_test_case_128_3);
> }
>
> +static int
> +test_AES_CCM_authenticated_decryption_test_case_128_4(void)
> +{
> + return test_authenticated_decryption(&ccm_test_case_128_4);
> +}
> +
> static int
> test_AES_CCM_authenticated_encryption_test_case_192_1(void)
> {
> @@ -18975,6 +18987,8 @@ static struct unit_test_suite
> cryptodev_aes_ccm_auth_testsuite = {
> test_AES_CCM_authenticated_encryption_test_case_128_2),
> TEST_CASE_ST(ut_setup, ut_teardown,
> test_AES_CCM_authenticated_encryption_test_case_128_3),
> + TEST_CASE_ST(ut_setup, ut_teardown,
> + test_AES_CCM_authenticated_encryption_test_case_128_4),
>
> /** AES CCM Authenticated Decryption 128 bits key*/
> TEST_CASE_ST(ut_setup, ut_teardown,
> @@ -18983,6 +18997,8 @@ static struct unit_test_suite
> cryptodev_aes_ccm_auth_testsuite = {
> test_AES_CCM_authenticated_decryption_test_case_128_2),
> TEST_CASE_ST(ut_setup, ut_teardown,
> test_AES_CCM_authenticated_decryption_test_case_128_3),
> + TEST_CASE_ST(ut_setup, ut_teardown,
> + test_AES_CCM_authenticated_decryption_test_case_128_4),
>
> /** AES CCM Authenticated Encryption 192 bits key */
> TEST_CASE_ST(ut_setup, ut_teardown,
> diff --git a/app/test/test_cryptodev_aead_test_vectors.h
> b/app/test/test_cryptodev_aead_test_vectors.h
> index 73bedaf557..6b9642e339 100644
> --- a/app/test/test_cryptodev_aead_test_vectors.h
> +++ b/app/test/test_cryptodev_aead_test_vectors.h
> @@ -50,6 +50,13 @@ static uint8_t ccm_aad_test_2[22] = {
> 0xA5, 0xB8, 0xFC, 0xBA, 0x00, 0x00
> };
>
> +static uint8_t ccm_aad_test_4[32] = {
> + 0xD2, 0x3D, 0xBD, 0xF2, 0x13, 0xAA, 0xD5, 0x03,
> + 0xDB, 0xA5, 0x3E, 0x44, 0xBB, 0x1E, 0xD7, 0x19,
> + 0x65, 0x2F, 0x37, 0xA0, 0x97, 0xD6, 0x5F, 0x59,
> + 0x0B, 0xD1, 0xE6, 0xA4, 0xCC, 0x50, 0xEB, 0x62
> +};
> +
> static uint8_t sm4_gcm_aad_test_2[] = {
> 0x3f, 0x89, 0x42, 0x20
> };
> @@ -3714,6 +3721,52 @@ static const struct aead_test_data
> ccm_test_case_128_3 = {
> }
> };
>
> +static const struct aead_test_data ccm_test_case_128_4 = {
> + .algo = RTE_CRYPTO_AEAD_AES_CCM,
> + .key = {
> + .data = {
> + 0x2F, 0x55, 0xF2, 0xF8, 0x4E, 0x66, 0x5E, 0x4B,
> + 0x1D, 0x56, 0x91, 0x62, 0x6C, 0xE7, 0xD4, 0xB8
> + },
> + .len = 16
> + },
> + .iv = {
> + .data = {
> + 0x2C, 0x39, 0xBE, 0x24, 0xAF, 0xF4, 0xC1, 0x0E,
> + 0x20, 0x26, 0x11, 0x49, 0x49
> + },
> + .len = 13
> + },
> + .aad = {
> + .data = ccm_aad_test_4,
> + .len = 32
> + },
> + .plaintext = {
> + .data = {
> + 0xF5, 0x2A, 0xEC, 0xEF, 0x88, 0x73, 0x10, 0x11,
> + 0xD0, 0x68, 0xCB, 0x8E, 0x82, 0xBE, 0xED, 0x68,
> + 0xC1, 0xC6, 0xF2, 0xA5, 0x9E, 0x99, 0xF6, 0x3D,
> + 0xDA, 0xEA, 0xA0, 0x49, 0xD0, 0xF4, 0x18, 0xC0
> + },
> + .len = 32
> + },
> + .ciphertext = {
> + .data = {
> + 0x0F, 0x7B, 0x8A, 0x0D, 0x79, 0xB6, 0x1C, 0x93,
> + 0x00, 0x26, 0x57, 0x52, 0xC8, 0x68, 0x30, 0xF6,
> + 0x92, 0xA4, 0x9C, 0x86, 0x5E, 0x77, 0x51, 0x9C,
> + 0x79, 0x15, 0x7C, 0xF3, 0x87, 0x27, 0x2A, 0x77
> + },
> + .len = 32
> + },
> + .auth_tag = {
> + .data = {
> + 0x64, 0x2F, 0x58, 0x61
> + },
> + .len = 4
> + }
> +};
> +
> /** AES-CCM-192 Test Vectors */
> static const struct aead_test_data ccm_test_case_192_1 = {
> .algo = RTE_CRYPTO_AEAD_AES_CCM,
> diff --git a/drivers/crypto/qat/qat_sym_session.c
> b/drivers/crypto/qat/qat_sym_session.c
> index 98ab82ffb3..2ba4fc0a3a 100644
> --- a/drivers/crypto/qat/qat_sym_session.c
> +++ b/drivers/crypto/qat/qat_sym_session.c
> @@ -2774,7 +2774,8 @@ static int qat_sym_cd_auth_set(struct
> qat_sym_session *cdesc,
> hash->auth_counter.counter = 0;
>
> hash_cd_ctrl->outer_prefix_sz = digestsize;
> - auth_param->hash_state_sz = digestsize;
> + auth_param->hash_state_sz = (RTE_ALIGN_CEIL(auth_param-
> >u2.aad_sz,
> + ICP_QAT_HW_CCM_AAD_ALIGNMENT) >> 3);
>
> memcpy(cdesc->cd_cur_ptr + state1_size, authkey, authkeylen);
> break;
> --
> 2.34.1
>
prev parent reply other threads:[~2025-11-12 4:08 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-07 16:23 [PATCH] " Emma Finn
2025-11-07 16:43 ` Emma Finn
2025-11-10 17:01 ` [v2] " Emma Finn
2025-11-11 14:44 ` Ji, Kai
2025-11-12 4:08 ` Akhil Goyal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CO6PR18MB44845D586452EF7DBD081B85D8CCA@CO6PR18MB4484.namprd18.prod.outlook.com \
--to=gakhil@marvell.com \
--cc=arkadiuszx.kusztal@intel.com \
--cc=dev@dpdk.org \
--cc=emma.finn@intel.com \
--cc=fanzhang.oss@gmail.com \
--cc=fiona.trahe@intel.com \
--cc=kai.ji@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).