Acked-by: Rupesh Chiluka <r<mailto:[email protected]>[email protected]<mailto:[email protected]>> ________________________________ From: Emma Finn <[email protected]> Sent: Monday, March 23, 2026 20:38 To: Akhil Goyal <[email protected]>; Fan Zhang <[email protected]>; Kai Ji <[email protected]>; Rupesh Chiluka <[email protected]> Cc: [email protected] <[email protected]>; Emma Finn <[email protected]> Subject: [EXTERNAL] [PATCH 1/2] crypto/qat: fix asym session validation and gen4 EC caps
Fix asym tests to return TEST_SKIPPED when session creation returns -ENOTSUP. Add missing ECDH, ECDSA and ECPM capabilities to GEN4 asym caps table. Reject unsupported RSA padding and EC curves at session configure time with -ENOTSUP. Bugzilla ZjQcmQRYFpfptBannerStart Prioritize security for external emails: Confirm sender and content safety before clicking links or opening attachments <https://us-phishalarm-ewt.proofpoint.com/EWT/v1/CRVmXkqW!te3Z1f8UYnW6tG-cGdxazuubvGPgl6yTU24HHC1z9RV5wPQjtl7qP0oEMSmeVZTwYYHqm4_Boxty5bBSBE8DJtAeSS0s7DY$> Report Suspicious ZjQcmQRYFpfptBannerEnd Fix asym tests to return TEST_SKIPPED when session creation returns -ENOTSUP. Add missing ECDH, ECDSA and ECPM capabilities to GEN4 asym caps table. Reject unsupported RSA padding and EC curves at session configure time with -ENOTSUP. Bugzilla ID: 1903 Fixes: 064ef1b098d1 ("test/crypto: remove PMD-specific asym test suites") Signed-off-by: Emma Finn <[email protected]> --- app/test/test_cryptodev_asym.c | 38 ++++++++++++++++---- drivers/crypto/qat/dev/qat_crypto_pmd_gen4.c | 13 +++++++ drivers/crypto/qat/qat_asym.c | 10 ++++++ 3 files changed, 55 insertions(+), 6 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index 793cc5dce6..1515372a35 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -318,6 +318,9 @@ test_rsa_sign_verify(void) error_exit: rte_cryptodev_asym_session_free(dev_id, sess); + if (status == TEST_SKIPPED) + return status; + TEST_ASSERT_EQUAL(status, 0, "Test failed"); return status; @@ -368,6 +371,9 @@ test_rsa_enc_dec(void) rte_cryptodev_asym_session_free(dev_id, sess); + if (status == TEST_SKIPPED) + return status; + TEST_ASSERT_EQUAL(status, 0, "Test failed"); return status; @@ -414,6 +420,9 @@ test_rsa_sign_verify_crt(void) rte_cryptodev_asym_session_free(dev_id, sess); + if (status == TEST_SKIPPED) + return status; + TEST_ASSERT_EQUAL(status, 0, "Test failed"); return status; @@ -460,6 +469,9 @@ test_rsa_enc_dec_crt(void) rte_cryptodev_asym_session_free(dev_id, sess); + if (status == TEST_SKIPPED) + return status; + TEST_ASSERT_EQUAL(status, 0, "Test failed"); return status; @@ -1712,6 +1724,8 @@ test_ecdsa_sign_verify_all_curve(void) status = test_ecdsa_sign_verify(curve_id); if (status == TEST_SUCCESS) { msg = "succeeded"; + } else if (status == TEST_SKIPPED) { + msg = "skipped"; } else { msg = "failed"; overall_status = status; @@ -1901,6 +1915,8 @@ test_ecpm_all_curve(void) status = test_ecpm(curve_id); if (status == TEST_SUCCESS) { msg = "succeeded"; + } else if (status == TEST_SKIPPED) { + msg = "skipped"; } else { msg = "failed"; overall_status = status; @@ -1956,10 +1972,10 @@ test_ecdh_priv_key_generate(enum curve curve_id) idx.type = RTE_CRYPTO_ASYM_XFORM_ECDH; capa = rte_cryptodev_asym_capability_get(dev_id, &idx); if (capa == NULL) - return -ENOTSUP; + return TEST_SKIPPED; if (!(capa->op_types & (1 << RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE))) - return -ENOTSUP; + return TEST_SKIPPED; switch (curve_id) { case SECP192R1: @@ -2269,10 +2285,10 @@ test_ecdh_pub_key_verify(enum curve curve_id) idx.type = RTE_CRYPTO_ASYM_XFORM_ECDH; capa = rte_cryptodev_asym_capability_get(dev_id, &idx); if (capa == NULL) - return -ENOTSUP; + return TEST_SKIPPED; if (!(capa->op_types & (1 << RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY))) - return -ENOTSUP; + return TEST_SKIPPED; switch (curve_id) { case SECP192R1: @@ -2408,10 +2424,10 @@ test_ecdh_shared_secret(enum curve curve_id) idx.type = RTE_CRYPTO_ASYM_XFORM_ECDH; capa = rte_cryptodev_asym_capability_get(dev_id, &idx); if (capa == NULL) - return -ENOTSUP; + return TEST_SKIPPED; if (!(capa->op_types & (1 << RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE))) - return -ENOTSUP; + return TEST_SKIPPED; switch (curve_id) { case SECP192R1: @@ -2668,6 +2684,8 @@ test_ecdh_all_curve(void) status = test_ecdh_priv_key_generate(curve_id); if (status == TEST_SUCCESS) { msg = "succeeded"; + } else if (status == TEST_SKIPPED) { + msg = "skipped"; } else { msg = "failed"; overall_status = status; @@ -2700,6 +2718,8 @@ test_ecdh_all_curve(void) status = test_ecdh_pub_key_verify(curve_id); if (status == TEST_SUCCESS) { msg = "succeeded"; + } else if (status == TEST_SKIPPED) { + msg = "skipped"; } else { msg = "failed"; overall_status = status; @@ -2715,6 +2735,8 @@ test_ecdh_all_curve(void) status = test_ecdh_shared_secret(curve_id); if (status == TEST_SUCCESS) { msg = "succeeded"; + } else if (status == TEST_SKIPPED) { + msg = "skipped"; } else { msg = "failed"; overall_status = status; @@ -2752,6 +2774,8 @@ test_ecdh_qat_curves(void) status = test_ecdh_pub_key_verify(curve_id); if (status == TEST_SUCCESS) { msg = "succeeded"; + } else if (status == TEST_SKIPPED) { + msg = "skipped"; } else { msg = "failed"; overall_status = status; @@ -2764,6 +2788,8 @@ test_ecdh_qat_curves(void) status = test_ecdh_shared_secret(curve_id); if (status == TEST_SUCCESS) { msg = "succeeded"; + } else if (status == TEST_SKIPPED) { + msg = "skipped"; } else { msg = "failed"; overall_status = status; diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gen4.c b/drivers/crypto/qat/dev/qat_crypto_pmd_gen4.c index 82c5a40501..52577f6907 100644 --- a/drivers/crypto/qat/dev/qat_crypto_pmd_gen4.c +++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gen4.c @@ -144,6 +144,19 @@ static struct rte_cryptodev_capabilities qat_asym_crypto_caps_gen4[] = { } } }, + QAT_ASYM_CAP(ECDH, + ((1 << RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) | + (1 << RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE) | + (1 << RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY)), + 64, 512, 64), + QAT_ASYM_CAP(ECDSA, + ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | + (1 << RTE_CRYPTO_ASYM_OP_VERIFY)), + 64, 512, 64), + QAT_ASYM_CAP(ECPM, + ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | + (1 << RTE_CRYPTO_ASYM_OP_VERIFY)), + 64, 512, 64), RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c index 06f037cc14..beb5a27805 100644 --- a/drivers/crypto/qat/qat_asym.c +++ b/drivers/crypto/qat/qat_asym.c @@ -1483,6 +1483,12 @@ static int session_set_ec(struct qat_asym_session *qat_session, struct rte_crypto_asym_xform *xform) { + /* Validate curve for EC operations using pick_curve (not SM2) */ + if (xform->xform_type != RTE_CRYPTO_ASYM_XFORM_SM2) { + if (pick_curve(xform) < 0) + return -ENOTSUP; + } + uint8_t *pkey = xform->ec.pkey.data; uint8_t *q_x = xform->ec.q.x.data; uint8_t *q_y = xform->ec.q.y.data; @@ -1545,6 +1551,10 @@ qat_asym_session_configure(struct rte_cryptodev *dev __rte_unused, ret = session_set_modinv(qat_session, xform); break; case RTE_CRYPTO_ASYM_XFORM_RSA: { + if (xform->rsa.padding.type != RTE_CRYPTO_RSA_PADDING_NONE) { + ret = -ENOTSUP; + return ret; + } if (unlikely((xform->rsa.n.length < RSA_MODULUS_2048_BITS) && (crypto_qat->qat_dev->options.legacy_alg == 0))) { ret = -ENOTSUP; -- 2.43.0
