<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof">
Acked-by: Rupesh Chiluka <<a style="color: rgb(18, 100, 163);" rel="noopener noreferrer" class="OWAAutoLink" id="OWAc7cb2ab0-0e6c-462c-b31e-1c599c0b1041" target="_blank" href="mailto:your.email@example.com">r</a><a style="color: rgb(18, 100, 163);" rel="noopener noreferrer" class="OWAAutoLink" id="OWA357bd05a-b5f5-2c18-f0c3-4a2e2e651dd0" target="_blank" href="mailto:chiluka@marvell.com">chiluka@marvell.com</a>></div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Emma Finn <emma.finn@intel.com><br>
<b>Sent:</b> Monday, March 23, 2026 20:38<br>
<b>To:</b> Akhil Goyal <gakhil@marvell.com>; Fan Zhang <fanzhang.oss@gmail.com>; Kai Ji <kai.ji@intel.com>; Rupesh Chiluka <rchiluka@marvell.com><br>
<b>Cc:</b> dev@dpdk.org <dev@dpdk.org>; Emma Finn <emma.finn@intel.com><br>
<b>Subject:</b> [EXTERNAL] [PATCH 1/2] crypto/qat: fix asym session validation and gen4 EC caps</font>
<div> </div>
</div>
<div>
<div style="display:none!important; display:none; visibility:hidden; font-size:1px; color:#ffffff; line-height:1px; max-height:0px; opacity:0; overflow:hidden">
Fix asym tests to return TEST_SKIPPED when session creation returns -ENOTSUP. Add missing ECDH, ECDSA and ECPM capabilities to GEN4 asym caps table. Reject unsupported RSA padding and EC curves at session configure time with -ENOTSUP. Bugzilla</div>
<div style="display:none!important; display:none; visibility:hidden; font-size:1px; color:#ffffff; line-height:1px; max-height:0px; opacity:0; overflow:hidden">
ZjQcmQRYFpfptBannerStart</div>
<div dir="ltr" lang="en" id="x_pfptBannerj4wdga6" style="display:block!important; text-align:left!important; margin:0 0 10px 0!important; padding:7px 16px 8px 16px!important; border-radius:4px!important; min-width:200px!important; background-color:#d2d0d0!important; background-color:#d2d0d0; border-top:4px solid #8d8c8c!important; border-top:4px solid #8d8c8c">
<div id="x_pfptBannerj4wdga6" style="float:left!important; display:block!important; margin:1px 0 1px 0!important; max-width:600px!important">
<div id="x_pfptBannerj4wdga6" style="display:block!important; visibility:visible!important; background-color:#d2d0d0!important; color:#000000!important; color:#000000; font-family:'Arial',sans-serif!important; font-family:'Arial',sans-serif; font-weight:bold!important; font-weight:bold; font-size:14px!important; line-height:1.29!important; line-height:1.29">
Prioritize security for external emails: </div>
<div id="x_pfptBannerj4wdga6" style="display:block!important; visibility:visible!important; background-color:#d2d0d0!important; color:#000000!important; color:#000000; font-weight:normal; font-family:'Arial',sans-serif!important; font-family:'Arial',sans-serif; font-size:12px!important; line-height:1.5!important; line-height:1.5; margin-top:2px!important">
Confirm sender and content safety before clicking links or opening attachments </div>
</div>
<div id="x_pfptBannerj4wdga6" style="float:right!important; display:block!important; display:block; margin-left:16px!important; margin-top:1px!important; text-align:right!important; width:fit-content!important; font-size:12px!important">
<a id="x_pfptBannerj4wdga6" href="https://us-phishalarm-ewt.proofpoint.com/EWT/v1/CRVmXkqW!te3Z1f8UYnW6tG-cGdxazuubvGPgl6yTU24HHC1z9RV5wPQjtl7qP0oEMSmeVZTwYYHqm4_Boxty5bBSBE8DJtAeSS0s7DY$" style="display:inline-block!important; text-decoration:none">
<div class="x_pfptPrimaryButtonj4wdga6" style="display:inline-block!important; display:inline-block; visibility:visible!important; opacity:1!important; color:#000000!important; color:#000000; font-family:'Arial',sans-serif!important; font-family:'Arial',sans-serif; font-size:14px!important; font-weight:normal!important; text-decoration:none!important; border-radius:2px!important; margin-top:3px!important; margin-bottom:3px!important; margin-left:16px!important; padding:7.5px 16px!important; white-space:nowrap!important; width:fit-content!important; border:1px solid #666666">
Report Suspicious </div>
</a></div>
<div style="clear:both!important; display:block!important; visibility:hidden!important; line-height:0!important; font-size:0.01px!important; height:0px">
</div>
</div>
<div style="display:none!important; display:none; visibility:hidden; font-size:1px; color:#ffffff; line-height:1px; max-height:0px; opacity:0; overflow:hidden">
ZjQcmQRYFpfptBannerEnd</div>
<style>
<!--
#x_pfptBannerj4wdga6
{display:block!important;
visibility:visible!important;
opacity:1!important;
background-color:#d2d0d0!important;
max-width:none!important;
max-height:none!important}
html:root, html:root > div
{display:block!important;
visibility:visible!important;
opacity:1!important}
-->
</style>
<pre style="font-family:sans-serif; font-size:100%; white-space:pre-wrap; word-wrap:break-word">Fix asym tests to return TEST_SKIPPED when session
creation returns -ENOTSUP. Add missing ECDH, ECDSA and ECPM
capabilities to GEN4 asym caps table. Reject unsupported RSA
padding and EC curves at session configure time with -ENOTSUP.
Bugzilla ID: 1903
Fixes: 064ef1b098d1 ("test/crypto: remove PMD-specific asym test suites")
Signed-off-by: Emma Finn <emma.finn@intel.com>
---
app/test/test_cryptodev_asym.c | 38 ++++++++++++++++----
drivers/crypto/qat/dev/qat_crypto_pmd_gen4.c | 13 +++++++
drivers/crypto/qat/qat_asym.c | 10 ++++++
3 files changed, 55 insertions(+), 6 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 793cc5dce6..1515372a35 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -318,6 +318,9 @@ test_rsa_sign_verify(void)
error_exit:
rte_cryptodev_asym_session_free(dev_id, sess);
+ if (status == TEST_SKIPPED)
+ return status;
+
TEST_ASSERT_EQUAL(status, 0, "Test failed");
return status;
@@ -368,6 +371,9 @@ test_rsa_enc_dec(void)
rte_cryptodev_asym_session_free(dev_id, sess);
+ if (status == TEST_SKIPPED)
+ return status;
+
TEST_ASSERT_EQUAL(status, 0, "Test failed");
return status;
@@ -414,6 +420,9 @@ test_rsa_sign_verify_crt(void)
rte_cryptodev_asym_session_free(dev_id, sess);
+ if (status == TEST_SKIPPED)
+ return status;
+
TEST_ASSERT_EQUAL(status, 0, "Test failed");
return status;
@@ -460,6 +469,9 @@ test_rsa_enc_dec_crt(void)
rte_cryptodev_asym_session_free(dev_id, sess);
+ if (status == TEST_SKIPPED)
+ return status;
+
TEST_ASSERT_EQUAL(status, 0, "Test failed");
return status;
@@ -1712,6 +1724,8 @@ test_ecdsa_sign_verify_all_curve(void)
status = test_ecdsa_sign_verify(curve_id);
if (status == TEST_SUCCESS) {
msg = "succeeded";
+ } else if (status == TEST_SKIPPED) {
+ msg = "skipped";
} else {
msg = "failed";
overall_status = status;
@@ -1901,6 +1915,8 @@ test_ecpm_all_curve(void)
status = test_ecpm(curve_id);
if (status == TEST_SUCCESS) {
msg = "succeeded";
+ } else if (status == TEST_SKIPPED) {
+ msg = "skipped";
} else {
msg = "failed";
overall_status = status;
@@ -1956,10 +1972,10 @@ test_ecdh_priv_key_generate(enum curve curve_id)
idx.type = RTE_CRYPTO_ASYM_XFORM_ECDH;
capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
if (capa == NULL)
- return -ENOTSUP;
+ return TEST_SKIPPED;
if (!(capa->op_types & (1 << RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE)))
- return -ENOTSUP;
+ return TEST_SKIPPED;
switch (curve_id) {
case SECP192R1:
@@ -2269,10 +2285,10 @@ test_ecdh_pub_key_verify(enum curve curve_id)
idx.type = RTE_CRYPTO_ASYM_XFORM_ECDH;
capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
if (capa == NULL)
- return -ENOTSUP;
+ return TEST_SKIPPED;
if (!(capa->op_types & (1 << RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY)))
- return -ENOTSUP;
+ return TEST_SKIPPED;
switch (curve_id) {
case SECP192R1:
@@ -2408,10 +2424,10 @@ test_ecdh_shared_secret(enum curve curve_id)
idx.type = RTE_CRYPTO_ASYM_XFORM_ECDH;
capa = rte_cryptodev_asym_capability_get(dev_id, &idx);
if (capa == NULL)
- return -ENOTSUP;
+ return TEST_SKIPPED;
if (!(capa->op_types & (1 << RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE)))
- return -ENOTSUP;
+ return TEST_SKIPPED;
switch (curve_id) {
case SECP192R1:
@@ -2668,6 +2684,8 @@ test_ecdh_all_curve(void)
status = test_ecdh_priv_key_generate(curve_id);
if (status == TEST_SUCCESS) {
msg = "succeeded";
+ } else if (status == TEST_SKIPPED) {
+ msg = "skipped";
} else {
msg = "failed";
overall_status = status;
@@ -2700,6 +2718,8 @@ test_ecdh_all_curve(void)
status = test_ecdh_pub_key_verify(curve_id);
if (status == TEST_SUCCESS) {
msg = "succeeded";
+ } else if (status == TEST_SKIPPED) {
+ msg = "skipped";
} else {
msg = "failed";
overall_status = status;
@@ -2715,6 +2735,8 @@ test_ecdh_all_curve(void)
status = test_ecdh_shared_secret(curve_id);
if (status == TEST_SUCCESS) {
msg = "succeeded";
+ } else if (status == TEST_SKIPPED) {
+ msg = "skipped";
} else {
msg = "failed";
overall_status = status;
@@ -2752,6 +2774,8 @@ test_ecdh_qat_curves(void)
status = test_ecdh_pub_key_verify(curve_id);
if (status == TEST_SUCCESS) {
msg = "succeeded";
+ } else if (status == TEST_SKIPPED) {
+ msg = "skipped";
} else {
msg = "failed";
overall_status = status;
@@ -2764,6 +2788,8 @@ test_ecdh_qat_curves(void)
status = test_ecdh_shared_secret(curve_id);
if (status == TEST_SUCCESS) {
msg = "succeeded";
+ } else if (status == TEST_SKIPPED) {
+ msg = "skipped";
} else {
msg = "failed";
overall_status = status;
diff --git a/drivers/crypto/qat/dev/qat_crypto_pmd_gen4.c b/drivers/crypto/qat/dev/qat_crypto_pmd_gen4.c
index 82c5a40501..52577f6907 100644
--- a/drivers/crypto/qat/dev/qat_crypto_pmd_gen4.c
+++ b/drivers/crypto/qat/dev/qat_crypto_pmd_gen4.c
@@ -144,6 +144,19 @@ static struct rte_cryptodev_capabilities qat_asym_crypto_caps_gen4[] = {
}
}
},
+ QAT_ASYM_CAP(ECDH,
+ ((1 << RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) |
+ (1 << RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE) |
+ (1 << RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY)),
+ 64, 512, 64),
+ QAT_ASYM_CAP(ECDSA,
+ ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
+ (1 << RTE_CRYPTO_ASYM_OP_VERIFY)),
+ 64, 512, 64),
+ QAT_ASYM_CAP(ECPM,
+ ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
+ (1 << RTE_CRYPTO_ASYM_OP_VERIFY)),
+ 64, 512, 64),
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 06f037cc14..beb5a27805 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -1483,6 +1483,12 @@ static int
session_set_ec(struct qat_asym_session *qat_session,
struct rte_crypto_asym_xform *xform)
{
+ /* Validate curve for EC operations using pick_curve (not SM2) */
+ if (xform->xform_type != RTE_CRYPTO_ASYM_XFORM_SM2) {
+ if (pick_curve(xform) < 0)
+ return -ENOTSUP;
+ }
+
uint8_t *pkey = xform->ec.pkey.data;
uint8_t *q_x = xform->ec.q.x.data;
uint8_t *q_y = xform->ec.q.y.data;
@@ -1545,6 +1551,10 @@ qat_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
ret = session_set_modinv(qat_session, xform);
break;
case RTE_CRYPTO_ASYM_XFORM_RSA: {
+ if (xform->rsa.padding.type != RTE_CRYPTO_RSA_PADDING_NONE) {
+ ret = -ENOTSUP;
+ return ret;
+ }
if (unlikely((xform->rsa.n.length < RSA_MODULUS_2048_BITS)
&& (crypto_qat->qat_dev->options.legacy_alg == 0))) {
ret = -ENOTSUP;
--
2.43.0
</pre>
</div>
</body>
</html>