[PATCH 1/2] crypto/qat: fix block cipher misalignment for AES CBC and 3DES CBC

[PATCH 1/2] crypto/qat: fix block cipher misalignment for AES CBC and 3DES CBC

[Sivaramakrishnan Venkat]

check cipher length alignment for 3DES CBC and AES CBC
to change it to NULL op for buffer misalignment

Fixes: a815a04cea05 ("crypto/qat: support symmetric build op request")
Fixes: 85fec6fd9674 ("crypto/qat: unify raw data path functions")
Fixes: def38073ac90 ("crypto/qat: check cipher buffer alignment")
Cc: kai.ji@intel.com
Cc: stable@dpdk.org

Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
---
 drivers/crypto/qat/dev/qat_crypto_pmd_gens.h | 35 +++++++++++---------
 drivers/crypto/qat/dev/qat_sym_pmd_gen1.c    | 12 +++----
 drivers/crypto/qat/qat_sym.h                 |  9 +++++
 3 files changed, 35 insertions(+), 21 deletions(-)

diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
index 37647374d5..49053e662e 100644
--- a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
+++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
@@ -616,7 +616,8 @@ static __rte_always_inline void
 enqueue_one_cipher_job_gen1(struct qat_sym_session *ctx,
 	struct icp_qat_fw_la_bulk_req *req,
 	struct rte_crypto_va_iova_ptr *iv,
-	union rte_crypto_sym_ofs ofs, uint32_t data_len)
+	union rte_crypto_sym_ofs ofs, uint32_t data_len,
+	struct qat_sym_op_cookie *cookie)
 {
 	struct icp_qat_fw_la_cipher_req_params *cipher_param;
 
@@ -627,6 +628,15 @@ enqueue_one_cipher_job_gen1(struct qat_sym_session *ctx,
 	cipher_param->cipher_offset = ofs.ofs.cipher.head;
 	cipher_param->cipher_length = data_len - ofs.ofs.cipher.head -
 			ofs.ofs.cipher.tail;
+
+	if (AES_OR_3DES_MISALIGNED) {
+		QAT_LOG(DEBUG,
+	  "Input cipher buffer misalignment detected and change job as NULL operation");
+		struct icp_qat_fw_comn_req_hdr *header = &req->comn_hdr;
+		header->service_type = ICP_QAT_FW_COMN_REQ_NULL;
+		header->service_cmd_id = ICP_QAT_FW_NULL_REQ_SERV_ID;
+		cookie->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+	}
 }
 
 static __rte_always_inline void
@@ -683,7 +693,8 @@ enqueue_one_chain_job_gen1(struct qat_sym_session *ctx,
 	struct rte_crypto_va_iova_ptr *cipher_iv,
 	struct rte_crypto_va_iova_ptr *digest,
 	struct rte_crypto_va_iova_ptr *auth_iv,
-	union rte_crypto_sym_ofs ofs, uint32_t data_len)
+	union rte_crypto_sym_ofs ofs, uint32_t data_len,
+	struct qat_sym_op_cookie *cookie)
 {
 	struct icp_qat_fw_la_cipher_req_params *cipher_param;
 	struct icp_qat_fw_la_auth_req_params *auth_param;
@@ -711,20 +722,14 @@ enqueue_one_chain_job_gen1(struct qat_sym_session *ctx,
 	auth_param->auth_off = ofs.ofs.auth.head;
 	auth_param->auth_len = auth_len;
 	auth_param->auth_res_addr = digest->iova;
-	/* Input cipher length alignment requirement for 3DES-CBC and AES-CBC.
-	 * For 3DES-CBC cipher algo, ESP Payload size requires 8 Byte aligned.
-	 * For AES-CBC cipher algo, ESP Payload size requires 16 Byte aligned.
-	 * The alignment should be guaranteed by the ESP package padding field
-	 * according to the RFC4303. Under this condition, QAT will pass through
-	 * chain job as NULL cipher and NULL auth operation and report misalignment
-	 * error detected.
-	 */
 	if (AES_OR_3DES_MISALIGNED) {
-		QAT_LOG(ERR, "Input cipher length alignment error detected.\n");
-		ctx->qat_cipher_alg = ICP_QAT_HW_CIPHER_ALGO_NULL;
-		ctx->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_NULL;
-		cipher_param->cipher_length = 0;
-		auth_param->auth_len = 0;
+		QAT_LOG(DEBUG,
+	  "Input cipher buffer misalignment detected and change job as NULL operation");
+		struct icp_qat_fw_comn_req_hdr *header = &req->comn_hdr;
+		header->service_type = ICP_QAT_FW_COMN_REQ_NULL;
+		header->service_cmd_id = ICP_QAT_FW_NULL_REQ_SERV_ID;
+		cookie->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+		return -1;
 	}
 
 	switch (ctx->qat_hash_alg) {
diff --git a/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c b/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c
index e4bcfa59e7..208b7e0ba6 100644
--- a/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c
+++ b/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c
@@ -248,7 +248,7 @@ qat_sym_build_op_cipher_gen1(void *in_op, struct qat_sym_session *ctx,
 		return -EINVAL;
 	}
 
-	enqueue_one_cipher_job_gen1(ctx, req, &cipher_iv, ofs, total_len);
+	enqueue_one_cipher_job_gen1(ctx, req, &cipher_iv, ofs, total_len, op_cookie);
 
 	qat_sym_debug_log_dump(req, ctx, in_sgl.vec, in_sgl.num, &cipher_iv,
 			NULL, NULL, NULL);
@@ -383,7 +383,7 @@ qat_sym_build_op_chain_gen1(void *in_op, struct qat_sym_session *ctx,
 
 	enqueue_one_chain_job_gen1(ctx, req, in_sgl.vec, in_sgl.num,
 			out_sgl.vec, out_sgl.num, &cipher_iv, &digest, &auth_iv,
-			ofs, total_len);
+			ofs, total_len, cookie);
 
 	qat_sym_debug_log_dump(req, ctx, in_sgl.vec, in_sgl.num, &cipher_iv,
 			&auth_iv, NULL, &digest);
@@ -507,7 +507,7 @@ qat_sym_dp_enqueue_single_cipher_gen1(void *qp_data, uint8_t *drv_ctx,
 	if (unlikely(data_len < 0))
 		return -1;
 
-	enqueue_one_cipher_job_gen1(ctx, req, iv, ofs, (uint32_t)data_len);
+	enqueue_one_cipher_job_gen1(ctx, req, iv, ofs, (uint32_t)data_len, cookie);
 
 	qat_sym_debug_log_dump(req, ctx, data, n_data_vecs, iv,
 			NULL, NULL, NULL);
@@ -564,7 +564,7 @@ qat_sym_dp_enqueue_cipher_jobs_gen1(void *qp_data, uint8_t *drv_ctx,
 		if (unlikely(data_len < 0))
 			break;
 		enqueue_one_cipher_job_gen1(ctx, req, &vec->iv[i], ofs,
-			(uint32_t)data_len);
+			(uint32_t)data_len, cookie);
 		tail = (tail + tx_queue->msg_size) & tx_queue->modulo_mask;
 
 		qat_sym_debug_log_dump(req, ctx, vec->src_sgl[i].vec,
@@ -740,7 +740,7 @@ qat_sym_dp_enqueue_single_chain_gen1(void *qp_data, uint8_t *drv_ctx,
 
 	if (unlikely(enqueue_one_chain_job_gen1(ctx, req, data, n_data_vecs,
 			NULL, 0, cipher_iv, job_digest, auth_iv, ofs,
-			(uint32_t)data_len)))
+			(uint32_t)data_len, cookie)))
 		return -1;
 
 	dp_ctx->tail = tail;
@@ -811,7 +811,7 @@ qat_sym_dp_enqueue_chain_jobs_gen1(void *qp_data, uint8_t *drv_ctx,
 				vec->src_sgl[i].vec, vec->src_sgl[i].num,
 				NULL, 0,
 				&vec->iv[i], job_digest,
-				&vec->auth_iv[i], ofs, (uint32_t)data_len)))
+				&vec->auth_iv[i], ofs, (uint32_t)data_len, cookie)))
 			break;
 
 		tail = (tail + tx_queue->msg_size) & tx_queue->modulo_mask;
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index d19cadde86..bc25ddf33d 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -115,6 +115,7 @@ struct qat_sym_op_cookie {
 	} opt;
 	uint8_t digest_null[4];
 	phys_addr_t digest_null_phys_addr;
+	enum rte_crypto_op_status status;
 };
 
 struct qat_sym_dp_ctx {
@@ -319,6 +320,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 			(resp_msg->opaque_data);
 	struct qat_sym_session *sess;
 	uint8_t is_docsis_sec;
+	struct qat_sym_op_cookie *cookie = NULL;
 
 #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
 	QAT_DP_HEXDUMP_LOG(DEBUG, "qat_response:", (uint8_t *)resp_msg,
@@ -364,6 +366,13 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 				sess->auth_key_length);
 	}
 
+	cookie = (struct qat_sym_op_cookie *) op_cookie;
+	if (cookie->status == RTE_CRYPTO_OP_STATUS_INVALID_ARGS) {
+		rx_op->status = cookie->status;
+		resp_msg->comn_hdr.service_id = ICP_QAT_FW_COMN_RESP_SERV_CPM_FW;
+		cookie->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+	}
+
 	*op = (void *)rx_op;
 
 	/*
-- 
2.25.1

[PATCH 2/2] test/crypto: add negative test cases for cipher buffer alignment

[Sivaramakrishnan Venkat]

add negative test cases for 3DES CBC and AES CBC
cipher algorithms for buffer misalignment

Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
---
 app/test/test_cryptodev.c                  | 321 ++++++++++++++++++++-
 app/test/test_cryptodev_aes_test_vectors.h | 119 ++++++++
 app/test/test_cryptodev_blockcipher.c      |  20 +-
 app/test/test_cryptodev_blockcipher.h      |   1 +
 app/test/test_cryptodev_des_test_vectors.h |  38 +++
 5 files changed, 491 insertions(+), 8 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index d2c4c6f8b5..12e0cf8044 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -1371,6 +1371,42 @@ negative_hmac_sha1_testsuite_setup(void)
 	return 0;
 }
 
+static int
+negative_input_buffer_misalignment_testsuite_setup(void)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	uint8_t dev_id = ts_params->valid_devs[0];
+	struct rte_cryptodev_info dev_info;
+	const enum rte_crypto_cipher_algorithm ciphers[] = {
+		RTE_CRYPTO_CIPHER_3DES_CBC,
+		RTE_CRYPTO_CIPHER_AES_CBC
+	};
+	const enum rte_crypto_auth_algorithm auths[] = {
+		RTE_CRYPTO_AUTH_SHA256,
+		RTE_CRYPTO_AUTH_SHA256,
+	};
+
+	rte_cryptodev_info_get(dev_id, &dev_info);
+
+	if (!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO) ||
+			((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
+			!(dev_info.feature_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
+		RTE_LOG(INFO, USER1, "Feature flag requirements for Negative "
+				"Input Buffer misalignment testsuite not met\n");
+		return TEST_SKIPPED;
+	}
+
+	if (check_cipher_capabilities_supported(ciphers, RTE_DIM(ciphers)) != 0
+			&& check_auth_capabilities_supported(auths,
+			RTE_DIM(auths)) != 0) {
+		RTE_LOG(INFO, USER1, "Capability requirements for Negative "
+				"Input Buffer misalignment testsuite not met\n");
+		return TEST_SKIPPED;
+	}
+
+	return 0;
+}
+
 static int
 dev_configure_and_start(uint64_t ff_disable)
 {
@@ -14469,6 +14505,192 @@ aes128cbc_hmac_sha1_test_vector = {
 	}
 };
 
+static const struct test_crypto_vector
+aes128cbc_sha256_misalign_test_vector = {
+	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+	.cipher_offset = 0,
+	.cipher_len = 511,
+	.cipher_key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
+		},
+		.len = 16
+	},
+	.iv = {
+		.data = {
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = plaintext_aes_common,
+		.len = 511
+	},
+	.ciphertext = {
+		.data = ciphertext512_aes128cbc,
+		.len = 511
+	},
+	.auth_algo = RTE_CRYPTO_AUTH_SHA256,
+	.auth_offset = 0,
+	.auth_key = {
+		.data = {
+			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
+			0xF1, 0x35, 0x5C, 0x3B, 0xDD, 0x9A, 0x65, 0xBA,
+			0x58, 0x34, 0x85, 0x61, 0x1C, 0x42, 0x10, 0x76,
+			0x9A, 0x4F, 0x88, 0x1B, 0xB6, 0x8F, 0xD8, 0x60
+		},
+		.len = 32
+	},
+	.digest = {
+		.data = {
+			0xA8, 0xBC, 0xDB, 0x99, 0xAA, 0x45, 0x91, 0xA3,
+			0x2D, 0x75, 0x41, 0x92, 0x28, 0x01, 0x87, 0x5D,
+			0x45, 0xED, 0x49, 0x05, 0xD3, 0xAE, 0x32, 0x57,
+			0xB7, 0x79, 0x65, 0xFC, 0xFA, 0x6C, 0xFA, 0xDF
+		},
+		.len = 32
+	}
+};
+
+static const struct test_crypto_vector
+aes192cbc_sha256_misalign_test_vector = {
+	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+	.cipher_offset = 0,
+	.cipher_len = 511,
+	.cipher_key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+			0xD4, 0xC3, 0xA3, 0xAA, 0x33, 0x62, 0x61, 0xE0
+		},
+		.len = 24
+	},
+	.iv = {
+		.data = {
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = plaintext_hash,
+		.len = 511
+	},
+	.ciphertext = {
+		.data = ciphertext512_aes192cbc,
+		.len = 511
+	},
+	.auth_algo = RTE_CRYPTO_AUTH_SHA256,
+	.auth_offset = 0,
+	.auth_key = {
+		.data = {
+			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
+			0xF1, 0x35, 0x5C, 0x3B, 0xDD, 0x9A, 0x65, 0xBA,
+			0x58, 0x34, 0x85, 0x61, 0x1C, 0x42, 0x10, 0x76,
+			0x9A, 0x4F, 0x88, 0x1B, 0xB6, 0x8F, 0xD8, 0x60
+		},
+		.len = 32
+	},
+	.digest = {
+		.data = {
+			0xE0, 0x4E, 0x39, 0x67, 0xB8, 0xB4, 0x56, 0xF4,
+			0x03, 0x0C, 0xF5, 0x74, 0x52, 0xFF, 0x63, 0x48,
+			0xE0, 0x3C, 0x38, 0x49, 0x76, 0x29, 0xC0, 0x57,
+			0xF4, 0x4A, 0x3E, 0x4F, 0x88, 0xB5, 0x05, 0x0E
+		},
+		.len = 32
+	}
+};
+
+static const struct test_crypto_vector
+aes256cbc_sha256_misalign_test_vector = {
+	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+	.cipher_offset = 0,
+	.cipher_len = 511,
+	.cipher_key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+			0xD4, 0xC3, 0xA3, 0xAA, 0x33, 0x62, 0x61, 0xE0,
+			0x37, 0x07, 0xB8, 0x23, 0xA2, 0xA3, 0xB5, 0x8D
+		},
+		.len = 32
+	},
+	.iv = {
+		.data = {
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = plaintext_hash,
+		.len = 511
+	},
+	.ciphertext = {
+		.data = ciphertext512_aes256cbc,
+		.len = 511
+	},
+	.auth_algo = RTE_CRYPTO_AUTH_SHA256,
+	.auth_offset = 0,
+	.auth_key = {
+		.data = {
+			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
+			0xF1, 0x35, 0x5C, 0x3B, 0xDD, 0x9A, 0x65, 0xBA,
+			0x58, 0x34, 0x85, 0x61, 0x1C, 0x42, 0x10, 0x76,
+			0x9A, 0x4F, 0x88, 0x1B, 0xB6, 0x8F, 0xD8, 0x60
+		},
+		.len = 32
+	},
+	.digest = {
+		.data = {
+			0x29, 0x1A, 0x38, 0x7E, 0xBC, 0x57, 0xC4, 0xB6,
+			0xD6, 0xCE, 0xEF, 0x96, 0x5D, 0x76, 0x2F, 0x3C,
+			0xDA, 0x95, 0x51, 0x82, 0xD7, 0x7B, 0x11, 0x92,
+			0x85, 0xED, 0x2D, 0xB5, 0xCF, 0x03, 0xF4, 0x54
+		},
+		.len = 32
+	}
+};
+
+static const struct test_crypto_vector
+triple_des128cbc_sha1_misalign_test_vector = {
+	.crypto_algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+	.cipher_len = 511,
+	.cipher_key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
+		},
+		.len = 16
+	},
+	.iv = {
+		.data = {
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+		},
+		.len = 8
+	},
+	.plaintext = {
+		.data = plaintext_hash,
+		.len = 511
+	},
+	.ciphertext = {
+		.data = ciphertext512_des128cbc,
+		.len = 511
+	},
+	.auth_algo = RTE_CRYPTO_AUTH_SHA1,
+	.digest = {
+		.data = {
+			0x94, 0x45, 0x7B, 0xDF, 0xFE, 0x80, 0xB9, 0xA6,
+			0xA0, 0x7A, 0xE8, 0x93, 0x40, 0x7B, 0x85, 0x02,
+			0x1C, 0xD7, 0xE8, 0x87
+		},
+		.len = 20
+	}
+};
+
 static const struct test_crypto_vector
 aes128cbc_hmac_sha1_aad_test_vector = {
 	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
@@ -15058,7 +15280,7 @@ test_authenticated_decryption_fail_when_corruption(
 }
 
 static int
-test_authenticated_encrypt_with_esn(
+test_authenticated_encrypt(
 		struct crypto_testsuite_params *ts_params,
 		struct crypto_unittest_params *ut_params,
 		const struct test_crypto_vector *reference)
@@ -15159,7 +15381,7 @@ test_authenticated_encrypt_with_esn(
 		ut_params->op = process_crypto_request(
 			ts_params->valid_devs[0], ut_params->op);
 
-	TEST_ASSERT_NOT_NULL(ut_params->op, "no crypto operation returned");
+	TEST_ASSERT_NOT_NULL(ut_params->op, "Failed crypto process, no operation returned");
 
 	TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
 			"crypto op processing failed");
@@ -15191,7 +15413,7 @@ test_authenticated_encrypt_with_esn(
 }
 
 static int
-test_authenticated_decrypt_with_esn(
+test_authenticated_decrypt(
 		struct crypto_testsuite_params *ts_params,
 		struct crypto_unittest_params *ut_params,
 		const struct test_crypto_vector *reference)
@@ -15291,7 +15513,7 @@ test_authenticated_decrypt_with_esn(
 		ut_params->op = process_crypto_request(ts_params->valid_devs[0],
 			ut_params->op);
 
-	TEST_ASSERT_NOT_NULL(ut_params->op, "failed crypto process");
+	TEST_ASSERT_NOT_NULL(ut_params->op, "Failed crypto process, no operation returned");
 	TEST_ASSERT_EQUAL(ut_params->op->status,
 			RTE_CRYPTO_OP_STATUS_SUCCESS,
 			"crypto op processing passed");
@@ -15850,7 +16072,7 @@ auth_decryption_AES128CBC_HMAC_SHA1_fail_tag_corrupt(void)
 static int
 auth_encrypt_AES128CBC_HMAC_SHA1_esn_check(void)
 {
-	return test_authenticated_encrypt_with_esn(
+	return test_authenticated_encrypt(
 			&testsuite_params,
 			&unittest_params,
 			&aes128cbc_hmac_sha1_aad_test_vector);
@@ -15859,12 +16081,48 @@ auth_encrypt_AES128CBC_HMAC_SHA1_esn_check(void)
 static int
 auth_decrypt_AES128CBC_HMAC_SHA1_esn_check(void)
 {
-	return test_authenticated_decrypt_with_esn(
+	return test_authenticated_decrypt(
 			&testsuite_params,
 			&unittest_params,
 			&aes128cbc_hmac_sha1_aad_test_vector);
 }
 
+static int
+test_cipher_auth_encryption_fail_data_misalignment(const void *test_data)
+{
+	struct test_crypto_vector test_vector;
+	int res;
+
+	memcpy(&test_vector, test_data, sizeof(test_vector));
+	RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n");
+	res = test_authenticated_encrypt(
+			&testsuite_params,
+			&unittest_params,
+			&test_vector);
+	if (res == TEST_SKIPPED)
+		return res;
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
+	return TEST_SUCCESS;
+}
+
+static int
+test_cipher_auth_decryption_fail_data_misalignment(const void *test_data)
+{
+	struct test_crypto_vector test_vector;
+	int res;
+
+	memcpy(&test_vector, test_data, sizeof(test_vector));
+	RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n");
+	res = test_authenticated_decrypt(
+			&testsuite_params,
+			&unittest_params,
+			&test_vector);
+	if (res == TEST_SKIPPED)
+		return res;
+	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
+	return TEST_SUCCESS;
+}
+
 static int
 test_chacha20_poly1305_encrypt_test_case_rfc8439(void)
 {
@@ -16675,6 +16933,56 @@ static struct unit_test_suite cryptodev_negative_hmac_sha1_testsuite = {
 	}
 };
 
+static struct unit_test_suite cryptodev_negative_input_buffer_misalignment_testsuite = {
+	.suite_name = "Negative Input buffer misalignment Unit Test Suite",
+	.setup = negative_input_buffer_misalignment_testsuite_setup,
+	.unit_test_cases = {
+		/** Negative tests */
+		TEST_CASE_NAMED_WITH_DATA(
+			"3DES128 CBC SHA1 auth encryption negative test for data misalignment",
+			ut_setup, ut_teardown,
+			test_cipher_auth_encryption_fail_data_misalignment,
+			&triple_des128cbc_sha1_misalign_test_vector),
+		TEST_CASE_NAMED_WITH_DATA(
+			"3DES128 CBC SHA1 auth decryption negative test for data misalignment",
+			ut_setup, ut_teardown,
+			test_cipher_auth_decryption_fail_data_misalignment,
+			&triple_des128cbc_sha1_misalign_test_vector),
+		TEST_CASE_NAMED_WITH_DATA(
+			"AES128 CBC SHA256 auth encryption negative test for data misalignment",
+			ut_setup, ut_teardown,
+			test_cipher_auth_encryption_fail_data_misalignment,
+			&aes128cbc_sha256_misalign_test_vector),
+		TEST_CASE_NAMED_WITH_DATA(
+			"AES128 CBC SHA256 auth decryption negative test for data misalignment",
+			ut_setup, ut_teardown,
+			test_cipher_auth_decryption_fail_data_misalignment,
+			&aes128cbc_sha256_misalign_test_vector),
+		TEST_CASE_NAMED_WITH_DATA(
+			"AES192 CBC SHA256 auth encryption negative test for data misalignment",
+			ut_setup, ut_teardown,
+			test_cipher_auth_encryption_fail_data_misalignment,
+			&aes192cbc_sha256_misalign_test_vector),
+		TEST_CASE_NAMED_WITH_DATA(
+			"AES192 CBC SHA256 auth decryption negative test for data misalignment",
+			ut_setup, ut_teardown,
+			test_cipher_auth_decryption_fail_data_misalignment,
+			&aes192cbc_sha256_misalign_test_vector),
+		TEST_CASE_NAMED_WITH_DATA(
+			"AES256 CBC SHA256 auth encryption negative test for data misalignment",
+			ut_setup, ut_teardown,
+			test_cipher_auth_encryption_fail_data_misalignment,
+			&aes256cbc_sha256_misalign_test_vector),
+		TEST_CASE_NAMED_WITH_DATA(
+			"AES256 CBC SHA256 auth decryption negative test for data misalignment",
+			ut_setup, ut_teardown,
+			test_cipher_auth_decryption_fail_data_misalignment,
+			&aes256cbc_sha256_misalign_test_vector),
+
+		TEST_CASES_END() /**< NULL terminate unit test array */
+	}
+};
+
 static struct unit_test_suite cryptodev_multi_session_testsuite = {
 	.suite_name = "Multi Session Unit Test Suite",
 	.setup = multi_session_testsuite_setup,
@@ -17567,6 +17875,7 @@ run_cryptodev_testsuite(const char *pmd_name)
 		&cryptodev_esn_testsuite,
 		&cryptodev_negative_aes_gcm_testsuite,
 		&cryptodev_negative_aes_gmac_testsuite,
+		&cryptodev_negative_input_buffer_misalignment_testsuite,
 		&cryptodev_mixed_cipher_hash_testsuite,
 		&cryptodev_negative_hmac_sha1_testsuite,
 		&cryptodev_gen_testsuite,
diff --git a/app/test/test_cryptodev_aes_test_vectors.h b/app/test/test_cryptodev_aes_test_vectors.h
index 7127156cc4..a026c2ae0e 100644
--- a/app/test/test_cryptodev_aes_test_vectors.h
+++ b/app/test/test_cryptodev_aes_test_vectors.h
@@ -1533,6 +1533,33 @@ static const struct blockcipher_test_data aes_test_data_4 = {
 	}
 };
 
+/** AES-128-CBC Negative test vector */
+static const struct blockcipher_test_data aes_128_cbc_misalign_test_data = {
+	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+	.cipher_key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
+		},
+		.len = 16
+	},
+	.iv = {
+		.data = {
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = plaintext_aes_common,
+		.len = 511
+	},
+	.ciphertext = {
+		.data = ciphertext512_aes128cbc,
+		.len = 511
+	},
+};
+
 /** AES-128-CBC SHA1 test vector (Digest encrypted mode) */
 static const struct blockcipher_test_data aes_test_data_4_digest_enc = {
 	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
@@ -2000,6 +2027,33 @@ static const struct blockcipher_test_data aes_test_data_10 = {
 	}
 };
 
+/** AES-192-CBC neg test vector */
+static const struct blockcipher_test_data aes_192_cbc_misalign_test_data = {
+	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+	.cipher_key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+			0xD4, 0xC3, 0xA3, 0xAA, 0x33, 0x62, 0x61, 0xE0
+		},
+		.len = 24
+	},
+	.iv = {
+		.data = {
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = plaintext_aes_common,
+		.len = 511
+	},
+	.ciphertext = {
+		.data = ciphertext512_aes192cbc,
+		.len = 511
+	}
+};
 /** AES-192-CBC SHA1 test vector (Digest encrypted mode) */
 static const struct blockcipher_test_data aes_test_data_10_digest_enc = {
 	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
@@ -2212,6 +2266,35 @@ static const struct blockcipher_test_data aes_test_data_11 = {
 	}
 };
 
+/** AES-256-CBC neg test vector */
+static const struct blockcipher_test_data aes_256_cbc_misalign_test_data = {
+	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
+	.cipher_key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
+			0xD4, 0xC3, 0xA3, 0xAA, 0x33, 0x62, 0x61, 0xE0,
+			0x37, 0x07, 0xB8, 0x23, 0xA2, 0xA3, 0xB5, 0x8D
+		},
+		.len = 32
+	},
+	.iv = {
+		.data = {
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+		},
+		.len = 16
+	},
+	.plaintext = {
+		.data = plaintext_aes_common,
+		.len = 511
+	},
+	.ciphertext = {
+		.data = ciphertext512_aes256cbc,
+		.len = 511
+	}
+};
+
 /** AES-256-CBC SHA1 test vector (Digest encrypted mode) */
 static const struct blockcipher_test_data aes_test_data_11_digest_enc = {
 	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
@@ -5117,6 +5200,42 @@ static const struct blockcipher_test_case aes_cipheronly_test_cases[] = {
 		.test_data = &aes_test_data_21,
 		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
 	},
+	{
+		.test_descr = "AES-128-CBC Encryption Negative Test for data misalignment",
+		.test_data = &aes_128_cbc_misalign_test_data,
+		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
+		.feature_mask = BLOCKCIPHER_TEST_NEG_TEST,
+	},
+	{
+		.test_descr = "AES-192-CBC Encryption Negative Test for data misalignment",
+		.test_data = &aes_192_cbc_misalign_test_data,
+		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
+		.feature_mask = BLOCKCIPHER_TEST_NEG_TEST,
+	},
+	{
+		.test_descr = "AES-256-CBC Encryption Negative Test for data misalignment",
+		.test_data = &aes_256_cbc_misalign_test_data,
+		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
+		.feature_mask = BLOCKCIPHER_TEST_NEG_TEST,
+	},
+	{
+		.test_descr = "AES-128-CBC Decryption Negative Test for data misalignment",
+		.test_data = &aes_128_cbc_misalign_test_data,
+		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
+		.feature_mask = BLOCKCIPHER_TEST_NEG_TEST,
+	},
+	{
+		.test_descr = "AES-192-CBC Decryption Negative Test for data misalignment",
+		.test_data = &aes_192_cbc_misalign_test_data,
+		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
+		.feature_mask = BLOCKCIPHER_TEST_NEG_TEST,
+	},
+	{
+		.test_descr = "AES-256-CBC Decryption Negative Test for data misalignment",
+		.test_data = &aes_256_cbc_misalign_test_data,
+		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
+		.feature_mask = BLOCKCIPHER_TEST_NEG_TEST,
+	},
 };
 
 static const struct blockcipher_test_case aes_docsis_test_cases[] = {
diff --git a/app/test/test_cryptodev_blockcipher.c b/app/test/test_cryptodev_blockcipher.c
index 87a321fac3..afd5fd2f2e 100644
--- a/app/test/test_cryptodev_blockcipher.c
+++ b/app/test/test_cryptodev_blockcipher.c
@@ -100,6 +100,7 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 	int nb_segs_out = 1;
 	uint64_t sgl_type = t->sgl_flag;
 	uint32_t nb_iterates = 0;
+	bool validNegTestResult = false;
 
 	rte_cryptodev_info_get(dev_id, &dev_info);
 	uint64_t feat_flags = dev_info.feature_flags;
@@ -606,6 +607,8 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line %u "
 				"FAILED: Operation failed "
 				"(0x%X)", __LINE__, op->status);
+		if (t->feature_mask & BLOCKCIPHER_TEST_NEG_TEST)
+			validNegTestResult = true;
 		status = TEST_FAILED;
 		goto error_exit;
 	}
@@ -636,6 +639,8 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 				"FAILED: %s", __LINE__,
 				"Crypto data not as expected");
 			status = TEST_FAILED;
+			if (t->feature_mask & BLOCKCIPHER_TEST_NEG_TEST)
+				validNegTestResult = true;
 			goto error_exit;
 		}
 	}
@@ -655,6 +660,8 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 					"FAILED: %s", __LINE__, "Generated "
 					"digest data not as expected");
 				status = TEST_FAILED;
+				if (t->feature_mask & BLOCKCIPHER_TEST_NEG_TEST)
+					validNegTestResult = true;
 				goto error_exit;
 			}
 		}
@@ -806,10 +813,19 @@ test_blockcipher_one_case(const struct blockcipher_test_case *t,
 			}
 		}
 	}
-
-	snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "PASS");
+	if ((status == TEST_SUCCESS) &&
+		((t->feature_mask & BLOCKCIPHER_TEST_NEG_TEST) || (validNegTestResult))) {
+		snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "FAIL");
+		status = TEST_FAILED;
+	} else {
+		snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "PASS");
+	}
 
 error_exit:
+	if (validNegTestResult) {
+		snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "PASS");
+		status = TEST_SUCCESS;
+	}
 	if (!(t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS)) {
 		if (sess)
 			rte_cryptodev_sym_session_free(dev_id, sess);
diff --git a/app/test/test_cryptodev_blockcipher.h b/app/test/test_cryptodev_blockcipher.h
index e6f6c18067..b4d890d8cc 100644
--- a/app/test/test_cryptodev_blockcipher.h
+++ b/app/test/test_cryptodev_blockcipher.h
@@ -20,6 +20,7 @@
 #define BLOCKCIPHER_TEST_FEATURE_STOPPER	0x04 /* stop upon failing */
 #define BLOCKCIPHER_TEST_FEATURE_SG		0x08 /* Scatter Gather */
 #define BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED	0x10
+#define BLOCKCIPHER_TEST_NEG_TEST	0x80 /* MSB Bit is set for negative test */
 
 #define BLOCKCIPHER_TEST_OP_CIPHER	(BLOCKCIPHER_TEST_OP_ENCRYPT | \
 					BLOCKCIPHER_TEST_OP_DECRYPT)
diff --git a/app/test/test_cryptodev_des_test_vectors.h b/app/test/test_cryptodev_des_test_vectors.h
index 3ded90b6d4..9921b77501 100644
--- a/app/test/test_cryptodev_des_test_vectors.h
+++ b/app/test/test_cryptodev_des_test_vectors.h
@@ -541,6 +541,32 @@ triple_des128cbc_test_vector = {
 	}
 };
 
+static const struct blockcipher_test_data
+triple_des128cbc_misalign_test_vector = {
+	.crypto_algo = RTE_CRYPTO_CIPHER_3DES_CBC,
+	.cipher_key = {
+		.data = {
+			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
+			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
+		},
+		.len = 16
+	},
+	.iv = {
+		.data = {
+			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+		},
+		.len = 8
+	},
+	.plaintext = {
+		.data = plaintext_des,
+		.len = 511
+	},
+	.ciphertext = {
+		.data = ciphertext512_des128cbc,
+		.len = 511
+	}
+};
+
 static const struct blockcipher_test_data
 triple_des128cbc_sha1_test_vector = {
 	.crypto_algo = RTE_CRYPTO_CIPHER_3DES_CBC,
@@ -1183,6 +1209,18 @@ static const struct blockcipher_test_case triple_des_cipheronly_test_cases[] = {
 		.test_descr = "3DES-192-CTR Decryption",
 		.test_data = &triple_des192ctr_test_vector,
 		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
+	},
+	{
+		.test_descr = "3DES-128-CBC Encryption Negative Test for data misalignment",
+		.test_data = &triple_des128cbc_misalign_test_vector,
+		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
+		.feature_mask = BLOCKCIPHER_TEST_NEG_TEST,
+	},
+	{
+		.test_descr = "3DES-128-CBC Decryption Negative Test for data misalignment",
+		.test_data = &triple_des128cbc_misalign_test_vector,
+		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
+		.feature_mask = BLOCKCIPHER_TEST_NEG_TEST,
 	}
 };
 
-- 
2.25.1

Re: [PATCH 1/2] crypto/qat: fix block cipher misalignment for AES CBC and 3DES CBC

[Ji, Kai]

[-- Attachment #1: Type: text/plain, Size: 925 bytes --]

Acked-by: Kai Ji <kai.ji@intel.com>

________________________________
From: Sivaramakrishnan, VenkatX <venkatx.sivaramakrishnan@intel.com>
Sent: 03 November 2023 13:30
To: Ji, Kai <kai.ji@intel.com>
Cc: dev@dpdk.org <dev@dpdk.org>; stable@dpdk.org <stable@dpdk.org>; gakhil@marvell.com <gakhil@marvell.com>; Sivaramakrishnan, VenkatX <venkatx.sivaramakrishnan@intel.com>
Subject: [PATCH 1/2] crypto/qat: fix block cipher misalignment for AES CBC and 3DES CBC

check cipher length alignment for 3DES CBC and AES CBC
to change it to NULL op for buffer misalignment

Fixes: a815a04cea05 ("crypto/qat: support symmetric build op request")
Fixes: 85fec6fd9674 ("crypto/qat: unify raw data path functions")
Fixes: def38073ac90 ("crypto/qat: check cipher buffer alignment")
Cc: kai.ji@intel.com
Cc: stable@dpdk.org

Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
---

--
2.25.1


[-- Attachment #2: Type: text/html, Size: 1851 bytes --]

Re: [PATCH 2/2] test/crypto: add negative test cases for cipher buffer alignment

[Ji, Kai]

[-- Attachment #1: Type: text/plain, Size: 657 bytes --]

Acked-by: Kai Ji <kai.ji@intel.com>

________________________________
From: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
Sent: 03 November 2023 13:30
To: Akhil Goyal <gakhil@marvell.com>; Fan Zhang <fanzhang.oss@gmail.com>
Cc: dev@dpdk.org <dev@dpdk.org>; stable@dpdk.org <stable@dpdk.org>; Sivaramakrishnan, VenkatX <venkatx.sivaramakrishnan@intel.com>
Subject: [PATCH 2/2] test/crypto: add negative test cases for cipher buffer alignment

add negative test cases for 3DES CBC and AES CBC
cipher algorithms for buffer misalignment

Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
---
--
2.25.1


[-- Attachment #2: Type: text/html, Size: 1548 bytes --]

RE: [EXT] [PATCH 2/2] test/crypto: add negative test cases for cipher buffer alignment

[Akhil Goyal]

> add negative test cases for 3DES CBC and AES CBC
> cipher algorithms for buffer misalignment
> 
> Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
> ---
>  app/test/test_cryptodev.c                  | 321 ++++++++++++++++++++-
>  app/test/test_cryptodev_aes_test_vectors.h | 119 ++++++++
>  app/test/test_cryptodev_blockcipher.c      |  20 +-
>  app/test/test_cryptodev_blockcipher.h      |   1 +
>  app/test/test_cryptodev_des_test_vectors.h |  38 +++
>  5 files changed, 491 insertions(+), 8 deletions(-)
> 
> diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> index d2c4c6f8b5..12e0cf8044 100644
> --- a/app/test/test_cryptodev.c
> +++ b/app/test/test_cryptodev.c
> @@ -1371,6 +1371,42 @@ negative_hmac_sha1_testsuite_setup(void)
>  	return 0;
>  }
> 
> +static int
> +negative_input_buffer_misalignment_testsuite_setup(void)
> +{
> +	struct crypto_testsuite_params *ts_params = &testsuite_params;
> +	uint8_t dev_id = ts_params->valid_devs[0];
> +	struct rte_cryptodev_info dev_info;
> +	const enum rte_crypto_cipher_algorithm ciphers[] = {
> +		RTE_CRYPTO_CIPHER_3DES_CBC,
> +		RTE_CRYPTO_CIPHER_AES_CBC
> +	};
> +	const enum rte_crypto_auth_algorithm auths[] = {
> +		RTE_CRYPTO_AUTH_SHA256,
> +		RTE_CRYPTO_AUTH_SHA256,
> +	};
> +
> +	rte_cryptodev_info_get(dev_id, &dev_info);
> +
> +	if (!(dev_info.feature_flags &
> RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO) ||
> +			((global_api_test_type == CRYPTODEV_RAW_API_TEST)
> &&
> +			!(dev_info.feature_flags &
> RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
> +		RTE_LOG(INFO, USER1, "Feature flag requirements for Negative
> "
> +				"Input Buffer misalignment testsuite not
> met\n");
> +		return TEST_SKIPPED;
> +	}
> +
> +	if (check_cipher_capabilities_supported(ciphers, RTE_DIM(ciphers)) != 0
> +			&& check_auth_capabilities_supported(auths,
> +			RTE_DIM(auths)) != 0) {
> +		RTE_LOG(INFO, USER1, "Capability requirements for Negative "
> +				"Input Buffer misalignment testsuite not
> met\n");
> +		return TEST_SKIPPED;
> +	}
> +
> +	return 0;
> +}
> +
>  static int
>  dev_configure_and_start(uint64_t ff_disable)
>  {
> @@ -14469,6 +14505,192 @@ aes128cbc_hmac_sha1_test_vector = {
>  	}
>  };
> 
> +static const struct test_crypto_vector
> +aes128cbc_sha256_misalign_test_vector = {
> +	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> +	.cipher_offset = 0,
> +	.cipher_len = 511,
> +	.cipher_key = {
> +		.data = {
> +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
> +		},
> +		.len = 16
> +	},
> +	.iv = {
> +		.data = {
> +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> +			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
> +		},
> +		.len = 16
> +	},
> +	.plaintext = {
> +		.data = plaintext_aes_common,
> +		.len = 511
> +	},
> +	.ciphertext = {
> +		.data = ciphertext512_aes128cbc,
> +		.len = 511
> +	},
> +	.auth_algo = RTE_CRYPTO_AUTH_SHA256,
> +	.auth_offset = 0,
> +	.auth_key = {
> +		.data = {
> +			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
> +			0xF1, 0x35, 0x5C, 0x3B, 0xDD, 0x9A, 0x65, 0xBA,
> +			0x58, 0x34, 0x85, 0x61, 0x1C, 0x42, 0x10, 0x76,
> +			0x9A, 0x4F, 0x88, 0x1B, 0xB6, 0x8F, 0xD8, 0x60
> +		},
> +		.len = 32
> +	},
> +	.digest = {
> +		.data = {
> +			0xA8, 0xBC, 0xDB, 0x99, 0xAA, 0x45, 0x91, 0xA3,
> +			0x2D, 0x75, 0x41, 0x92, 0x28, 0x01, 0x87, 0x5D,
> +			0x45, 0xED, 0x49, 0x05, 0xD3, 0xAE, 0x32, 0x57,
> +			0xB7, 0x79, 0x65, 0xFC, 0xFA, 0x6C, 0xFA, 0xDF
> +		},
> +		.len = 32
> +	}
> +};

Why are the vectors added in .c file?


> +
> +static const struct test_crypto_vector
> +aes192cbc_sha256_misalign_test_vector = {
> +	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> +	.cipher_offset = 0,
> +	.cipher_len = 511,
> +	.cipher_key = {
> +		.data = {
> +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
> +			0xD4, 0xC3, 0xA3, 0xAA, 0x33, 0x62, 0x61, 0xE0
> +		},
> +		.len = 24
> +	},
> +	.iv = {
> +		.data = {
> +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> +			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
> +		},
> +		.len = 16
> +	},
> +	.plaintext = {
> +		.data = plaintext_hash,
> +		.len = 511
> +	},
> +	.ciphertext = {
> +		.data = ciphertext512_aes192cbc,
> +		.len = 511
> +	},
> +	.auth_algo = RTE_CRYPTO_AUTH_SHA256,
> +	.auth_offset = 0,
> +	.auth_key = {
> +		.data = {
> +			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
> +			0xF1, 0x35, 0x5C, 0x3B, 0xDD, 0x9A, 0x65, 0xBA,
> +			0x58, 0x34, 0x85, 0x61, 0x1C, 0x42, 0x10, 0x76,
> +			0x9A, 0x4F, 0x88, 0x1B, 0xB6, 0x8F, 0xD8, 0x60
> +		},
> +		.len = 32
> +	},
> +	.digest = {
> +		.data = {
> +			0xE0, 0x4E, 0x39, 0x67, 0xB8, 0xB4, 0x56, 0xF4,
> +			0x03, 0x0C, 0xF5, 0x74, 0x52, 0xFF, 0x63, 0x48,
> +			0xE0, 0x3C, 0x38, 0x49, 0x76, 0x29, 0xC0, 0x57,
> +			0xF4, 0x4A, 0x3E, 0x4F, 0x88, 0xB5, 0x05, 0x0E
> +		},
> +		.len = 32
> +	}
> +};
> +
> +static const struct test_crypto_vector
> +aes256cbc_sha256_misalign_test_vector = {
> +	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> +	.cipher_offset = 0,
> +	.cipher_len = 511,
> +	.cipher_key = {
> +		.data = {
> +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
> +			0xD4, 0xC3, 0xA3, 0xAA, 0x33, 0x62, 0x61, 0xE0,
> +			0x37, 0x07, 0xB8, 0x23, 0xA2, 0xA3, 0xB5, 0x8D
> +		},
> +		.len = 32
> +	},
> +	.iv = {
> +		.data = {
> +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> +			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
> +		},
> +		.len = 16
> +	},
> +	.plaintext = {
> +		.data = plaintext_hash,
> +		.len = 511
> +	},
> +	.ciphertext = {
> +		.data = ciphertext512_aes256cbc,
> +		.len = 511
> +	},
> +	.auth_algo = RTE_CRYPTO_AUTH_SHA256,
> +	.auth_offset = 0,
> +	.auth_key = {
> +		.data = {
> +			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
> +			0xF1, 0x35, 0x5C, 0x3B, 0xDD, 0x9A, 0x65, 0xBA,
> +			0x58, 0x34, 0x85, 0x61, 0x1C, 0x42, 0x10, 0x76,
> +			0x9A, 0x4F, 0x88, 0x1B, 0xB6, 0x8F, 0xD8, 0x60
> +		},
> +		.len = 32
> +	},
> +	.digest = {
> +		.data = {
> +			0x29, 0x1A, 0x38, 0x7E, 0xBC, 0x57, 0xC4, 0xB6,
> +			0xD6, 0xCE, 0xEF, 0x96, 0x5D, 0x76, 0x2F, 0x3C,
> +			0xDA, 0x95, 0x51, 0x82, 0xD7, 0x7B, 0x11, 0x92,
> +			0x85, 0xED, 0x2D, 0xB5, 0xCF, 0x03, 0xF4, 0x54
> +		},
> +		.len = 32
> +	}
> +};
> +
> +static const struct test_crypto_vector
> +triple_des128cbc_sha1_misalign_test_vector = {
> +	.crypto_algo = RTE_CRYPTO_CIPHER_3DES_CBC,
> +	.cipher_len = 511,
> +	.cipher_key = {
> +		.data = {
> +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
> +		},
> +		.len = 16
> +	},
> +	.iv = {
> +		.data = {
> +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
> +		},
> +		.len = 8
> +	},
> +	.plaintext = {
> +		.data = plaintext_hash,
> +		.len = 511
> +	},
> +	.ciphertext = {
> +		.data = ciphertext512_des128cbc,
> +		.len = 511
> +	},
> +	.auth_algo = RTE_CRYPTO_AUTH_SHA1,
> +	.digest = {
> +		.data = {
> +			0x94, 0x45, 0x7B, 0xDF, 0xFE, 0x80, 0xB9, 0xA6,
> +			0xA0, 0x7A, 0xE8, 0x93, 0x40, 0x7B, 0x85, 0x02,
> +			0x1C, 0xD7, 0xE8, 0x87
> +		},
> +		.len = 20
> +	}
> +};
> +
>  static const struct test_crypto_vector
>  aes128cbc_hmac_sha1_aad_test_vector = {
>  	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> @@ -15058,7 +15280,7 @@
> test_authenticated_decryption_fail_when_corruption(
>  }
> 
>  static int
> -test_authenticated_encrypt_with_esn(
> +test_authenticated_encrypt(

Any specific reason of changing the name of this function in this patch.


>  		struct crypto_testsuite_params *ts_params,
>  		struct crypto_unittest_params *ut_params,
>  		const struct test_crypto_vector *reference)
> @@ -15159,7 +15381,7 @@ test_authenticated_encrypt_with_esn(
>  		ut_params->op = process_crypto_request(
>  			ts_params->valid_devs[0], ut_params->op);
> 
> -	TEST_ASSERT_NOT_NULL(ut_params->op, "no crypto operation
> returned");
> +	TEST_ASSERT_NOT_NULL(ut_params->op, "Failed crypto process, no
> operation returned");
> 
>  	TEST_ASSERT_EQUAL(ut_params->op->status,
> RTE_CRYPTO_OP_STATUS_SUCCESS,
>  			"crypto op processing failed");
> @@ -15191,7 +15413,7 @@ test_authenticated_encrypt_with_esn(
>  }
> 
>  static int
> -test_authenticated_decrypt_with_esn(
> +test_authenticated_decrypt(
>  		struct crypto_testsuite_params *ts_params,
>  		struct crypto_unittest_params *ut_params,
>  		const struct test_crypto_vector *reference)
> @@ -15291,7 +15513,7 @@ test_authenticated_decrypt_with_esn(
>  		ut_params->op = process_crypto_request(ts_params-
> >valid_devs[0],
>  			ut_params->op);
> 
> -	TEST_ASSERT_NOT_NULL(ut_params->op, "failed crypto process");
> +	TEST_ASSERT_NOT_NULL(ut_params->op, "Failed crypto process, no
> operation returned");
>  	TEST_ASSERT_EQUAL(ut_params->op->status,
>  			RTE_CRYPTO_OP_STATUS_SUCCESS,
>  			"crypto op processing passed");
> @@ -15850,7 +16072,7 @@
> auth_decryption_AES128CBC_HMAC_SHA1_fail_tag_corrupt(void)
>  static int
>  auth_encrypt_AES128CBC_HMAC_SHA1_esn_check(void)
>  {
> -	return test_authenticated_encrypt_with_esn(
> +	return test_authenticated_encrypt(
>  			&testsuite_params,
>  			&unittest_params,
>  			&aes128cbc_hmac_sha1_aad_test_vector);
> @@ -15859,12 +16081,48 @@
> auth_encrypt_AES128CBC_HMAC_SHA1_esn_check(void)
>  static int
>  auth_decrypt_AES128CBC_HMAC_SHA1_esn_check(void)
>  {
> -	return test_authenticated_decrypt_with_esn(
> +	return test_authenticated_decrypt(
>  			&testsuite_params,
>  			&unittest_params,
>  			&aes128cbc_hmac_sha1_aad_test_vector);
>  }
> 
> +static int
> +test_cipher_auth_encryption_fail_data_misalignment(const void *test_data)
> +{
> +	struct test_crypto_vector test_vector;
> +	int res;
> +
> +	memcpy(&test_vector, test_data, sizeof(test_vector));
> +	RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n");
> +	res = test_authenticated_encrypt(
> +			&testsuite_params,
> +			&unittest_params,
> +			&test_vector);
> +	if (res == TEST_SKIPPED)
> +		return res;
> +	TEST_ASSERT_EQUAL(res, TEST_FAILED, "encryption not failed");
> +	return TEST_SUCCESS;
> +}
> +
> +static int
> +test_cipher_auth_decryption_fail_data_misalignment(const void *test_data)
> +{
> +	struct test_crypto_vector test_vector;
> +	int res;
> +
> +	memcpy(&test_vector, test_data, sizeof(test_vector));
> +	RTE_LOG(INFO, USER1, "This is a negative test, errors are expected\n");
> +	res = test_authenticated_decrypt(
> +			&testsuite_params,
> +			&unittest_params,
> +			&test_vector);
> +	if (res == TEST_SKIPPED)
> +		return res;
> +	TEST_ASSERT_EQUAL(res, TEST_FAILED, "decryption not failed");
> +	return TEST_SUCCESS;
> +}
> +
>  static int
>  test_chacha20_poly1305_encrypt_test_case_rfc8439(void)
>  {
> @@ -16675,6 +16933,56 @@ static struct unit_test_suite
> cryptodev_negative_hmac_sha1_testsuite = {
>  	}
>  };
> 
> +static struct unit_test_suite
> cryptodev_negative_input_buffer_misalignment_testsuite = {
> +	.suite_name = "Negative Input buffer misalignment Unit Test Suite",
> +	.setup = negative_input_buffer_misalignment_testsuite_setup,
> +	.unit_test_cases = {
> +		/** Negative tests */
> +		TEST_CASE_NAMED_WITH_DATA(
> +			"3DES128 CBC SHA1 auth encryption negative test for
> data misalignment",
> +			ut_setup, ut_teardown,
> +			test_cipher_auth_encryption_fail_data_misalignment,
> +			&triple_des128cbc_sha1_misalign_test_vector),
> +		TEST_CASE_NAMED_WITH_DATA(
> +			"3DES128 CBC SHA1 auth decryption negative test for
> data misalignment",
> +			ut_setup, ut_teardown,
> +			test_cipher_auth_decryption_fail_data_misalignment,
> +			&triple_des128cbc_sha1_misalign_test_vector),
> +		TEST_CASE_NAMED_WITH_DATA(
> +			"AES128 CBC SHA256 auth encryption negative test for
> data misalignment",
> +			ut_setup, ut_teardown,
> +			test_cipher_auth_encryption_fail_data_misalignment,
> +			&aes128cbc_sha256_misalign_test_vector),
> +		TEST_CASE_NAMED_WITH_DATA(
> +			"AES128 CBC SHA256 auth decryption negative test for
> data misalignment",
> +			ut_setup, ut_teardown,
> +			test_cipher_auth_decryption_fail_data_misalignment,
> +			&aes128cbc_sha256_misalign_test_vector),
> +		TEST_CASE_NAMED_WITH_DATA(
> +			"AES192 CBC SHA256 auth encryption negative test for
> data misalignment",
> +			ut_setup, ut_teardown,
> +			test_cipher_auth_encryption_fail_data_misalignment,
> +			&aes192cbc_sha256_misalign_test_vector),
> +		TEST_CASE_NAMED_WITH_DATA(
> +			"AES192 CBC SHA256 auth decryption negative test for
> data misalignment",
> +			ut_setup, ut_teardown,
> +			test_cipher_auth_decryption_fail_data_misalignment,
> +			&aes192cbc_sha256_misalign_test_vector),
> +		TEST_CASE_NAMED_WITH_DATA(
> +			"AES256 CBC SHA256 auth encryption negative test for
> data misalignment",
> +			ut_setup, ut_teardown,
> +			test_cipher_auth_encryption_fail_data_misalignment,
> +			&aes256cbc_sha256_misalign_test_vector),
> +		TEST_CASE_NAMED_WITH_DATA(
> +			"AES256 CBC SHA256 auth decryption negative test for
> data misalignment",
> +			ut_setup, ut_teardown,
> +			test_cipher_auth_decryption_fail_data_misalignment,
> +			&aes256cbc_sha256_misalign_test_vector),
> +
> +		TEST_CASES_END() /**< NULL terminate unit test array */
> +	}
> +};
> +
>  static struct unit_test_suite cryptodev_multi_session_testsuite = {
>  	.suite_name = "Multi Session Unit Test Suite",
>  	.setup = multi_session_testsuite_setup,
> @@ -17567,6 +17875,7 @@ run_cryptodev_testsuite(const char *pmd_name)
>  		&cryptodev_esn_testsuite,
>  		&cryptodev_negative_aes_gcm_testsuite,
>  		&cryptodev_negative_aes_gmac_testsuite,
> +		&cryptodev_negative_input_buffer_misalignment_testsuite,
>  		&cryptodev_mixed_cipher_hash_testsuite,
>  		&cryptodev_negative_hmac_sha1_testsuite,
>  		&cryptodev_gen_testsuite,
> diff --git a/app/test/test_cryptodev_aes_test_vectors.h
> b/app/test/test_cryptodev_aes_test_vectors.h
> index 7127156cc4..a026c2ae0e 100644
> --- a/app/test/test_cryptodev_aes_test_vectors.h
> +++ b/app/test/test_cryptodev_aes_test_vectors.h
> @@ -1533,6 +1533,33 @@ static const struct blockcipher_test_data
> aes_test_data_4 = {
>  	}
>  };
> 
> +/** AES-128-CBC Negative test vector */
> +static const struct blockcipher_test_data aes_128_cbc_misalign_test_data = {
> +	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> +	.cipher_key = {
> +		.data = {
> +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
> +		},
> +		.len = 16
> +	},
> +	.iv = {
> +		.data = {
> +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> +			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
> +		},
> +		.len = 16
> +	},
> +	.plaintext = {
> +		.data = plaintext_aes_common,
> +		.len = 511
> +	},
> +	.ciphertext = {
> +		.data = ciphertext512_aes128cbc,
> +		.len = 511
> +	},
> +};
> +
>  /** AES-128-CBC SHA1 test vector (Digest encrypted mode) */
>  static const struct blockcipher_test_data aes_test_data_4_digest_enc = {
>  	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> @@ -2000,6 +2027,33 @@ static const struct blockcipher_test_data
> aes_test_data_10 = {
>  	}
>  };
> 
> +/** AES-192-CBC neg test vector */
> +static const struct blockcipher_test_data aes_192_cbc_misalign_test_data = {
> +	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> +	.cipher_key = {
> +		.data = {
> +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
> +			0xD4, 0xC3, 0xA3, 0xAA, 0x33, 0x62, 0x61, 0xE0
> +		},
> +		.len = 24
> +	},
> +	.iv = {
> +		.data = {
> +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> +			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
> +		},
> +		.len = 16
> +	},
> +	.plaintext = {
> +		.data = plaintext_aes_common,
> +		.len = 511
> +	},
> +	.ciphertext = {
> +		.data = ciphertext512_aes192cbc,
> +		.len = 511
> +	}
> +};
>  /** AES-192-CBC SHA1 test vector (Digest encrypted mode) */
>  static const struct blockcipher_test_data aes_test_data_10_digest_enc = {
>  	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> @@ -2212,6 +2266,35 @@ static const struct blockcipher_test_data
> aes_test_data_11 = {
>  	}
>  };
> 
> +/** AES-256-CBC neg test vector */
> +static const struct blockcipher_test_data aes_256_cbc_misalign_test_data = {
> +	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> +	.cipher_key = {
> +		.data = {
> +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
> +			0xD4, 0xC3, 0xA3, 0xAA, 0x33, 0x62, 0x61, 0xE0,
> +			0x37, 0x07, 0xB8, 0x23, 0xA2, 0xA3, 0xB5, 0x8D
> +		},
> +		.len = 32
> +	},
> +	.iv = {
> +		.data = {
> +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> +			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
> +		},
> +		.len = 16
> +	},
> +	.plaintext = {
> +		.data = plaintext_aes_common,
> +		.len = 511
> +	},
> +	.ciphertext = {
> +		.data = ciphertext512_aes256cbc,
> +		.len = 511
> +	}
> +};
> +
>  /** AES-256-CBC SHA1 test vector (Digest encrypted mode) */
>  static const struct blockcipher_test_data aes_test_data_11_digest_enc = {
>  	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> @@ -5117,6 +5200,42 @@ static const struct blockcipher_test_case
> aes_cipheronly_test_cases[] = {
>  		.test_data = &aes_test_data_21,
>  		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
>  	},
> +	{
> +		.test_descr = "AES-128-CBC Encryption Negative Test for data
> misalignment",
> +		.test_data = &aes_128_cbc_misalign_test_data,
> +		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> +		.feature_mask = BLOCKCIPHER_TEST_NEG_TEST,
> +	},
> +	{
> +		.test_descr = "AES-192-CBC Encryption Negative Test for data
> misalignment",
> +		.test_data = &aes_192_cbc_misalign_test_data,
> +		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> +		.feature_mask = BLOCKCIPHER_TEST_NEG_TEST,
> +	},
> +	{
> +		.test_descr = "AES-256-CBC Encryption Negative Test for data
> misalignment",
> +		.test_data = &aes_256_cbc_misalign_test_data,
> +		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> +		.feature_mask = BLOCKCIPHER_TEST_NEG_TEST,
> +	},
> +	{
> +		.test_descr = "AES-128-CBC Decryption Negative Test for data
> misalignment",
> +		.test_data = &aes_128_cbc_misalign_test_data,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> +		.feature_mask = BLOCKCIPHER_TEST_NEG_TEST,
> +	},
> +	{
> +		.test_descr = "AES-192-CBC Decryption Negative Test for data
> misalignment",
> +		.test_data = &aes_192_cbc_misalign_test_data,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> +		.feature_mask = BLOCKCIPHER_TEST_NEG_TEST,
> +	},
> +	{
> +		.test_descr = "AES-256-CBC Decryption Negative Test for data
> misalignment",
> +		.test_data = &aes_256_cbc_misalign_test_data,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> +		.feature_mask = BLOCKCIPHER_TEST_NEG_TEST,
> +	},
>  };
> 
>  static const struct blockcipher_test_case aes_docsis_test_cases[] = {
> diff --git a/app/test/test_cryptodev_blockcipher.c
> b/app/test/test_cryptodev_blockcipher.c
> index 87a321fac3..afd5fd2f2e 100644
> --- a/app/test/test_cryptodev_blockcipher.c
> +++ b/app/test/test_cryptodev_blockcipher.c
> @@ -100,6 +100,7 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  	int nb_segs_out = 1;
>  	uint64_t sgl_type = t->sgl_flag;
>  	uint32_t nb_iterates = 0;
> +	bool validNegTestResult = false;
> 
>  	rte_cryptodev_info_get(dev_id, &dev_info);
>  	uint64_t feat_flags = dev_info.feature_flags;
> @@ -606,6 +607,8 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  			snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "line
> %u "
>  				"FAILED: Operation failed "
>  				"(0x%X)", __LINE__, op->status);
> +		if (t->feature_mask & BLOCKCIPHER_TEST_NEG_TEST)
> +			validNegTestResult = true;
>  		status = TEST_FAILED;
>  		goto error_exit;
>  	}
> @@ -636,6 +639,8 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  				"FAILED: %s", __LINE__,
>  				"Crypto data not as expected");
>  			status = TEST_FAILED;
> +			if (t->feature_mask & BLOCKCIPHER_TEST_NEG_TEST)
> +				validNegTestResult = true;
>  			goto error_exit;
>  		}
>  	}
> @@ -655,6 +660,8 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  					"FAILED: %s", __LINE__, "Generated "
>  					"digest data not as expected");
>  				status = TEST_FAILED;
> +				if (t->feature_mask &
> BLOCKCIPHER_TEST_NEG_TEST)
> +					validNegTestResult = true;
>  				goto error_exit;
>  			}
>  		}
> @@ -806,10 +813,19 @@ test_blockcipher_one_case(const struct
> blockcipher_test_case *t,
>  			}
>  		}
>  	}
> -
> -	snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "PASS");
> +	if ((status == TEST_SUCCESS) &&
> +		((t->feature_mask & BLOCKCIPHER_TEST_NEG_TEST) ||
> (validNegTestResult))) {
> +		snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "FAIL");
> +		status = TEST_FAILED;
> +	} else {
> +		snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "PASS");
> +	}
> 
>  error_exit:
> +	if (validNegTestResult) {
> +		snprintf(test_msg, BLOCKCIPHER_TEST_MSG_LEN, "PASS");
> +		status = TEST_SUCCESS;
> +	}
>  	if (!(t->feature_mask & BLOCKCIPHER_TEST_FEATURE_SESSIONLESS)) {
>  		if (sess)
>  			rte_cryptodev_sym_session_free(dev_id, sess);
> diff --git a/app/test/test_cryptodev_blockcipher.h
> b/app/test/test_cryptodev_blockcipher.h
> index e6f6c18067..b4d890d8cc 100644
> --- a/app/test/test_cryptodev_blockcipher.h
> +++ b/app/test/test_cryptodev_blockcipher.h
> @@ -20,6 +20,7 @@
>  #define BLOCKCIPHER_TEST_FEATURE_STOPPER	0x04 /* stop upon
> failing */
>  #define BLOCKCIPHER_TEST_FEATURE_SG		0x08 /* Scatter Gather
> */
>  #define BLOCKCIPHER_TEST_FEATURE_DIGEST_ENCRYPTED	0x10
> +#define BLOCKCIPHER_TEST_NEG_TEST	0x80 /* MSB Bit is set for
> negative test */
> 
>  #define BLOCKCIPHER_TEST_OP_CIPHER
> 	(BLOCKCIPHER_TEST_OP_ENCRYPT | \
>  					BLOCKCIPHER_TEST_OP_DECRYPT)
> diff --git a/app/test/test_cryptodev_des_test_vectors.h
> b/app/test/test_cryptodev_des_test_vectors.h
> index 3ded90b6d4..9921b77501 100644
> --- a/app/test/test_cryptodev_des_test_vectors.h
> +++ b/app/test/test_cryptodev_des_test_vectors.h
> @@ -541,6 +541,32 @@ triple_des128cbc_test_vector = {
>  	}
>  };
> 
> +static const struct blockcipher_test_data
> +triple_des128cbc_misalign_test_vector = {
> +	.crypto_algo = RTE_CRYPTO_CIPHER_3DES_CBC,
> +	.cipher_key = {
> +		.data = {
> +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
> +		},
> +		.len = 16
> +	},
> +	.iv = {
> +		.data = {
> +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
> +		},
> +		.len = 8
> +	},
> +	.plaintext = {
> +		.data = plaintext_des,
> +		.len = 511
> +	},
> +	.ciphertext = {
> +		.data = ciphertext512_des128cbc,
> +		.len = 511
> +	}
> +};
> +
>  static const struct blockcipher_test_data
>  triple_des128cbc_sha1_test_vector = {
>  	.crypto_algo = RTE_CRYPTO_CIPHER_3DES_CBC,
> @@ -1183,6 +1209,18 @@ static const struct blockcipher_test_case
> triple_des_cipheronly_test_cases[] = {
>  		.test_descr = "3DES-192-CTR Decryption",
>  		.test_data = &triple_des192ctr_test_vector,
>  		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> +	},
> +	{
> +		.test_descr = "3DES-128-CBC Encryption Negative Test for data
> misalignment",
> +		.test_data = &triple_des128cbc_misalign_test_vector,
> +		.op_mask = BLOCKCIPHER_TEST_OP_ENCRYPT,
> +		.feature_mask = BLOCKCIPHER_TEST_NEG_TEST,
> +	},
> +	{
> +		.test_descr = "3DES-128-CBC Decryption Negative Test for data
> misalignment",
> +		.test_data = &triple_des128cbc_misalign_test_vector,
> +		.op_mask = BLOCKCIPHER_TEST_OP_DECRYPT,
> +		.feature_mask = BLOCKCIPHER_TEST_NEG_TEST,
>  	}
>  };
> 
> --
> 2.25.1

RE: [EXT] [PATCH 2/2] test/crypto: add negative test cases for cipher buffer alignment

[Sivaramakrishnan, VenkatX]

Hi Akhil,


> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Monday, November 13, 2023 12:31 PM
> To: Sivaramakrishnan, VenkatX <venkatx.sivaramakrishnan@intel.com>; Fan
> Zhang <fanzhang.oss@gmail.com>
> Cc: dev@dpdk.org; stable@dpdk.org
> Subject: RE: [EXT] [PATCH 2/2] test/crypto: add negative test cases for cipher
> buffer alignment
> 
> > add negative test cases for 3DES CBC and AES CBC cipher algorithms for
> > buffer misalignment
> >
> > Signed-off-by: Sivaramakrishnan Venkat
> > <venkatx.sivaramakrishnan@intel.com>
> > ---
> >  app/test/test_cryptodev.c                  | 321 ++++++++++++++++++++-
> >  app/test/test_cryptodev_aes_test_vectors.h | 119 ++++++++
> >  app/test/test_cryptodev_blockcipher.c      |  20 +-
> >  app/test/test_cryptodev_blockcipher.h      |   1 +
> >  app/test/test_cryptodev_des_test_vectors.h |  38 +++
> >  5 files changed, 491 insertions(+), 8 deletions(-)
> >
> > diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> > index d2c4c6f8b5..12e0cf8044 100644
> > --- a/app/test/test_cryptodev.c
> > +++ b/app/test/test_cryptodev.c
> > @@ -1371,6 +1371,42 @@ negative_hmac_sha1_testsuite_setup(void)
> >  	return 0;
> >  }
> >
> > +static int
> > +negative_input_buffer_misalignment_testsuite_setup(void)
> > +{
> > +	struct crypto_testsuite_params *ts_params = &testsuite_params;
> > +	uint8_t dev_id = ts_params->valid_devs[0];
> > +	struct rte_cryptodev_info dev_info;
> > +	const enum rte_crypto_cipher_algorithm ciphers[] = {
> > +		RTE_CRYPTO_CIPHER_3DES_CBC,
> > +		RTE_CRYPTO_CIPHER_AES_CBC
> > +	};
> > +	const enum rte_crypto_auth_algorithm auths[] = {
> > +		RTE_CRYPTO_AUTH_SHA256,
> > +		RTE_CRYPTO_AUTH_SHA256,
> > +	};
> > +
> > +	rte_cryptodev_info_get(dev_id, &dev_info);
> > +
> > +	if (!(dev_info.feature_flags &
> > RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO) ||
> > +			((global_api_test_type ==
> CRYPTODEV_RAW_API_TEST)
> > &&
> > +			!(dev_info.feature_flags &
> > RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
> > +		RTE_LOG(INFO, USER1, "Feature flag requirements for
> Negative
> > "
> > +				"Input Buffer misalignment testsuite not
> > met\n");
> > +		return TEST_SKIPPED;
> > +	}
> > +
> > +	if (check_cipher_capabilities_supported(ciphers, RTE_DIM(ciphers))
> != 0
> > +			&& check_auth_capabilities_supported(auths,
> > +			RTE_DIM(auths)) != 0) {
> > +		RTE_LOG(INFO, USER1, "Capability requirements for Negative
> "
> > +				"Input Buffer misalignment testsuite not
> > met\n");
> > +		return TEST_SKIPPED;
> > +	}
> > +
> > +	return 0;
> > +}
> > +
> >  static int
> >  dev_configure_and_start(uint64_t ff_disable)  { @@ -14469,6
> > +14505,192 @@ aes128cbc_hmac_sha1_test_vector = {
> >  	}
> >  };
> >
> > +static const struct test_crypto_vector
> > +aes128cbc_sha256_misalign_test_vector = {
> > +	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC,
> > +	.cipher_offset = 0,
> > +	.cipher_len = 511,
> > +	.cipher_key = {
> > +		.data = {
> > +			0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
> > +			0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A
> > +		},
> > +		.len = 16
> > +	},
> > +	.iv = {
> > +		.data = {
> > +			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> > +			0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
> > +		},
> > +		.len = 16
> > +	},
> > +	.plaintext = {
> > +		.data = plaintext_aes_common,
> > +		.len = 511
> > +	},
> > +	.ciphertext = {
> > +		.data = ciphertext512_aes128cbc,
> > +		.len = 511
> > +	},
> > +	.auth_algo = RTE_CRYPTO_AUTH_SHA256,
> > +	.auth_offset = 0,
> > +	.auth_key = {
> > +		.data = {
> > +			0x42, 0x1A, 0x7D, 0x3D, 0xF5, 0x82, 0x80, 0xF1,
> > +			0xF1, 0x35, 0x5C, 0x3B, 0xDD, 0x9A, 0x65, 0xBA,
> > +			0x58, 0x34, 0x85, 0x61, 0x1C, 0x42, 0x10, 0x76,
> > +			0x9A, 0x4F, 0x88, 0x1B, 0xB6, 0x8F, 0xD8, 0x60
> > +		},
> > +		.len = 32
> > +	},
> > +	.digest = {
> > +		.data = {
> > +			0xA8, 0xBC, 0xDB, 0x99, 0xAA, 0x45, 0x91, 0xA3,
> > +			0x2D, 0x75, 0x41, 0x92, 0x28, 0x01, 0x87, 0x5D,
> > +			0x45, 0xED, 0x49, 0x05, 0xD3, 0xAE, 0x32, 0x57,
> > +			0xB7, 0x79, 0x65, 0xFC, 0xFA, 0x6C, 0xFA, 0xDF
> > +		},
> > +		.len = 32
> > +	}
> > +};
> 
> Why are the vectors added in .c file?
> 
We will move the tests to blockcipher test vectors and put in test vector header files with others.
> 

<snip>
> > +
> >  static const struct test_crypto_vector
> > aes128cbc_hmac_sha1_aad_test_vector = {
> >  	.crypto_algo = RTE_CRYPTO_CIPHER_AES_CBC, @@ -15058,7
> +15280,7 @@
> > test_authenticated_decryption_fail_when_corruption(
> >  }
> >
> >  static int
> > -test_authenticated_encrypt_with_esn(
> > +test_authenticated_encrypt(
> 
> Any specific reason of changing the name of this function in this patch.
>  


Renamed so that we could reuse with these tests and not just the ESN tests.
For the next version, as tests are moved to blockcipher test functions, this change is no longer needed.

> 
> >  		struct crypto_testsuite_params *ts_params,
> >  		struct crypto_unittest_params *ut_params,
> >  		const struct test_crypto_vector *reference) @@ -15159,7
> +15381,7 @@

<snip>

more work is needed on the tests so will drop this patch for 23.11.
Will send a new version of QAT patch Today.

Thanks,
Venkat.

[PATCH v2] crypto/qat: fix block cipher misalignment for AES CBC and 3DES CBC

[Sivaramakrishnan Venkat]

check cipher length alignment for 3DES CBC and AES CBC
to change it to NULL service type for buffer misalignment.

Fixes: def38073ac90 ("crypto/qat: check cipher buffer alignment")
Cc: stable@dpdk.org

Signed-off-by: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
Acked-by: Kai Ji <kai.ji@intel.com>
---
v2:
    Dropped new tests patch.
    Removed settings reponse header directly.
    Cleared cookie status instead of setting to SUCCESS.
---
 drivers/crypto/qat/dev/qat_crypto_pmd_gens.h | 27 +++++++++++++++-----
 drivers/crypto/qat/dev/qat_sym_pmd_gen1.c    | 12 ++++-----
 drivers/crypto/qat/qat_sym.h                 |  8 ++++++
 3 files changed, 34 insertions(+), 13 deletions(-)

diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
index eebf2e6eb8..b8ddf42d6f 100644
--- a/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
+++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gens.h
@@ -618,7 +618,8 @@ static __rte_always_inline void
 enqueue_one_cipher_job_gen1(struct qat_sym_session *ctx,
 	struct icp_qat_fw_la_bulk_req *req,
 	struct rte_crypto_va_iova_ptr *iv,
-	union rte_crypto_sym_ofs ofs, uint32_t data_len)
+	union rte_crypto_sym_ofs ofs, uint32_t data_len,
+	struct qat_sym_op_cookie *cookie)
 {
 	struct icp_qat_fw_la_cipher_req_params *cipher_param;
 
@@ -629,6 +630,15 @@ enqueue_one_cipher_job_gen1(struct qat_sym_session *ctx,
 	cipher_param->cipher_offset = ofs.ofs.cipher.head;
 	cipher_param->cipher_length = data_len - ofs.ofs.cipher.head -
 			ofs.ofs.cipher.tail;
+
+	if (AES_OR_3DES_MISALIGNED) {
+		QAT_LOG(DEBUG,
+	  "Input cipher buffer misalignment detected and change job as NULL operation");
+		struct icp_qat_fw_comn_req_hdr *header = &req->comn_hdr;
+		header->service_type = ICP_QAT_FW_COMN_REQ_NULL;
+		header->service_cmd_id = ICP_QAT_FW_NULL_REQ_SERV_ID;
+		cookie->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+	}
 }
 
 static __rte_always_inline void
@@ -685,7 +695,8 @@ enqueue_one_chain_job_gen1(struct qat_sym_session *ctx,
 	struct rte_crypto_va_iova_ptr *cipher_iv,
 	struct rte_crypto_va_iova_ptr *digest,
 	struct rte_crypto_va_iova_ptr *auth_iv,
-	union rte_crypto_sym_ofs ofs, uint32_t data_len)
+	union rte_crypto_sym_ofs ofs, uint32_t data_len,
+	struct qat_sym_op_cookie *cookie)
 {
 	struct icp_qat_fw_la_cipher_req_params *cipher_param;
 	struct icp_qat_fw_la_auth_req_params *auth_param;
@@ -722,11 +733,13 @@ enqueue_one_chain_job_gen1(struct qat_sym_session *ctx,
 	 * error detected.
 	 */
 	if (AES_OR_3DES_MISALIGNED) {
-		QAT_LOG(ERR, "Input cipher length alignment error detected.\n");
-		ctx->qat_cipher_alg = ICP_QAT_HW_CIPHER_ALGO_NULL;
-		ctx->qat_hash_alg = ICP_QAT_HW_AUTH_ALGO_NULL;
-		cipher_param->cipher_length = 0;
-		auth_param->auth_len = 0;
+		QAT_LOG(DEBUG,
+	  "Input cipher buffer misalignment detected and change job as NULL operation");
+		struct icp_qat_fw_comn_req_hdr *header = &req->comn_hdr;
+		header->service_type = ICP_QAT_FW_COMN_REQ_NULL;
+		header->service_cmd_id = ICP_QAT_FW_NULL_REQ_SERV_ID;
+		cookie->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+		return -1;
 	}
 
 	switch (ctx->qat_hash_alg) {
diff --git a/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c b/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c
index e4bcfa59e7..208b7e0ba6 100644
--- a/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c
+++ b/drivers/crypto/qat/dev/qat_sym_pmd_gen1.c
@@ -248,7 +248,7 @@ qat_sym_build_op_cipher_gen1(void *in_op, struct qat_sym_session *ctx,
 		return -EINVAL;
 	}
 
-	enqueue_one_cipher_job_gen1(ctx, req, &cipher_iv, ofs, total_len);
+	enqueue_one_cipher_job_gen1(ctx, req, &cipher_iv, ofs, total_len, op_cookie);
 
 	qat_sym_debug_log_dump(req, ctx, in_sgl.vec, in_sgl.num, &cipher_iv,
 			NULL, NULL, NULL);
@@ -383,7 +383,7 @@ qat_sym_build_op_chain_gen1(void *in_op, struct qat_sym_session *ctx,
 
 	enqueue_one_chain_job_gen1(ctx, req, in_sgl.vec, in_sgl.num,
 			out_sgl.vec, out_sgl.num, &cipher_iv, &digest, &auth_iv,
-			ofs, total_len);
+			ofs, total_len, cookie);
 
 	qat_sym_debug_log_dump(req, ctx, in_sgl.vec, in_sgl.num, &cipher_iv,
 			&auth_iv, NULL, &digest);
@@ -507,7 +507,7 @@ qat_sym_dp_enqueue_single_cipher_gen1(void *qp_data, uint8_t *drv_ctx,
 	if (unlikely(data_len < 0))
 		return -1;
 
-	enqueue_one_cipher_job_gen1(ctx, req, iv, ofs, (uint32_t)data_len);
+	enqueue_one_cipher_job_gen1(ctx, req, iv, ofs, (uint32_t)data_len, cookie);
 
 	qat_sym_debug_log_dump(req, ctx, data, n_data_vecs, iv,
 			NULL, NULL, NULL);
@@ -564,7 +564,7 @@ qat_sym_dp_enqueue_cipher_jobs_gen1(void *qp_data, uint8_t *drv_ctx,
 		if (unlikely(data_len < 0))
 			break;
 		enqueue_one_cipher_job_gen1(ctx, req, &vec->iv[i], ofs,
-			(uint32_t)data_len);
+			(uint32_t)data_len, cookie);
 		tail = (tail + tx_queue->msg_size) & tx_queue->modulo_mask;
 
 		qat_sym_debug_log_dump(req, ctx, vec->src_sgl[i].vec,
@@ -740,7 +740,7 @@ qat_sym_dp_enqueue_single_chain_gen1(void *qp_data, uint8_t *drv_ctx,
 
 	if (unlikely(enqueue_one_chain_job_gen1(ctx, req, data, n_data_vecs,
 			NULL, 0, cipher_iv, job_digest, auth_iv, ofs,
-			(uint32_t)data_len)))
+			(uint32_t)data_len, cookie)))
 		return -1;
 
 	dp_ctx->tail = tail;
@@ -811,7 +811,7 @@ qat_sym_dp_enqueue_chain_jobs_gen1(void *qp_data, uint8_t *drv_ctx,
 				vec->src_sgl[i].vec, vec->src_sgl[i].num,
 				NULL, 0,
 				&vec->iv[i], job_digest,
-				&vec->auth_iv[i], ofs, (uint32_t)data_len)))
+				&vec->auth_iv[i], ofs, (uint32_t)data_len, cookie)))
 			break;
 
 		tail = (tail + tx_queue->msg_size) & tx_queue->modulo_mask;
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index b4e19e3015..71e9d5f34b 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -117,6 +117,7 @@ struct qat_sym_op_cookie {
 	} opt;
 	uint8_t digest_null[4];
 	phys_addr_t digest_null_phys_addr;
+	enum rte_crypto_op_status status;
 };
 
 struct qat_sym_dp_ctx {
@@ -321,6 +322,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 			(resp_msg->opaque_data);
 	struct qat_sym_session *sess;
 	uint8_t is_docsis_sec;
+	struct qat_sym_op_cookie *cookie = NULL;
 
 #if RTE_LOG_DP_LEVEL >= RTE_LOG_DEBUG
 	QAT_DP_HEXDUMP_LOG(DEBUG, "qat_response:", (uint8_t *)resp_msg,
@@ -366,6 +368,12 @@ qat_sym_process_response(void **op, uint8_t *resp, void *op_cookie,
 				sess->auth_key_length);
 	}
 
+	cookie = (struct qat_sym_op_cookie *) op_cookie;
+	if (cookie->status == RTE_CRYPTO_OP_STATUS_INVALID_ARGS) {
+		rx_op->status = cookie->status;
+		cookie->status = 0;
+	}
+
 	*op = (void *)rx_op;
 
 	/*
-- 
2.25.1

RE: [PATCH v2] crypto/qat: fix block cipher misalignment for AES CBC and 3DES CBC

[Power, Ciara]

> -----Original Message-----
> From: Sivaramakrishnan Venkat <venkatx.sivaramakrishnan@intel.com>
> Sent: Friday, November 17, 2023 12:38 PM
> To: dev@dpdk.org
> Cc: stable@dpdk.org; Ji, Kai <kai.ji@intel.com>; gakhil@marvell.com;
> Sivaramakrishnan, VenkatX <venkatx.sivaramakrishnan@intel.com>
> Subject: [PATCH v2] crypto/qat: fix block cipher misalignment for AES CBC and
> 3DES CBC
> 
> check cipher length alignment for 3DES CBC and AES CBC to change it to NULL
> service type for buffer misalignment.
> 
> Fixes: def38073ac90 ("crypto/qat: check cipher buffer alignment")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Sivaramakrishnan Venkat
> <venkatx.sivaramakrishnan@intel.com>
> Acked-by: Kai Ji <kai.ji@intel.com>
> ---
> v2:
>     Dropped new tests patch.
>     Removed settings reponse header directly.
>     Cleared cookie status instead of setting to SUCCESS.

Acked-by: Ciara Power <ciara.power@intel.com>

Re: [PATCH v2] crypto/qat: fix block cipher misalignment for AES CBC and 3DES CBC

[Thomas Monjalon]

> > check cipher length alignment for 3DES CBC and AES CBC to change it to NULL
> > service type for buffer misalignment.
> > 
> > Fixes: def38073ac90 ("crypto/qat: check cipher buffer alignment")
> > Cc: stable@dpdk.org
> > 
> > Signed-off-by: Sivaramakrishnan Venkat
> > <venkatx.sivaramakrishnan@intel.com>
> > Acked-by: Kai Ji <kai.ji@intel.com>
> > ---
> > v2:
> >     Dropped new tests patch.
> >     Removed settings reponse header directly.
> >     Cleared cookie status instead of setting to SUCCESS.
> 
> Acked-by: Ciara Power <ciara.power@intel.com>

Applied, thanks.