QAT_Engine icon indicating copy to clipboard operation
QAT_Engine copied to clipboard
verified publisher icon intel

Test AES-128-CBC-HMAC-SHA256 fails when length is 1024 with qatprovider

Open foxriver1025 opened this issue 2 years ago • 5 comments

It passed by default len 2048, but it failed when I modified the length to 1024. Below is the modify code: 1115 static int run_aes_cbc_hmac_sha(void *pointer) 1116 { 1117 int ntls = sizeof(test_tls) / sizeof(tls_v); 1118 int i, cnt; 1119 int ret = 1; 1120 test_info ti; 1121 char msg[128]; 1122 TEST_PARAMS *args = (TEST_PARAMS *) pointer; 1123 ti.bufsz = 1024;//args->size; // modify

I set ti.bufsz = 1024, then make teset and run, result is failed make test ./testapp aes128_cbc_hmac_sha256 -provider qatprovider -p -v

[WARN][74662.403212] PID [204267] Thread [7facc89b0740][test/tests_aes_cbc_hmac_sha.c:737:test_encrypted_buffer()] # FAIL Failed to perform encrypt and compare operation for TLS1.0:AES-128-CBC-HMAC-SHA256

FAIL verify failed AES-128-CBC-HMAC-SHA256

foxriver1025 avatar Jul 27 '23 02:07 foxriver1025

Can you share the Hardware and software details ?

Yogaraj-Alamenda avatar Jul 27 '23 05:07 Yogaraj-Alamenda

@Yogaraj-Alamenda openssl is tongsuo: Tongsuo: Tongsuo 8.4.0-pre1 (Library: Tongsuo 8.4.0-pre1) OpenSSL 3.0.3 3 May 2022 (Library: OpenSSL 3.0.3 3 May 2022)

qatprovider version: QAT Provider v1.0.0

qatlib: QAT20.L.1.0.10-00005

hardware: f3:00.0 0b40: 8086:4942 (rev 40)

I found that size less than 2048 will not offload, It passed by changing CRYPTO_SMALL_PACKET_OFFLOAD_THRESHOLD_DEFAULT to 0

foxriver1025 avatar Jul 27 '23 06:07 foxriver1025

@Yogaraj-Alamenda I tried the v1.2.0 version and still have this issue

foxriver1025 avatar Jul 27 '23 06:07 foxriver1025

Yes we checked it from our end and it looks like bug in testapp. With OpenSSL Speed tests it is working fine as SMALL Packet offload is not working correctly with testapp.

Yogaraj-Alamenda avatar Jul 27 '23 17:07 Yogaraj-Alamenda

@Yogaraj-Alamenda I don't think it's a issue with testapp, it should be that openssl speed has no verification result. I tried TLS negotiation and it failed. s_server: /opt/tongsuo/bin/openssl s_server -provider qatprovider -cert server-rsa-sign.crt -key server-rsa-sign.key -accept 127.0.0.1:4433 -no_etm s_client: /opt/tongsuo/bin/openssl s_client -connect 127.0.0.1:4433 -cipher AES128-SHA256 -tls1_2 -no_etm

s_server print: ERROR 80FB37F4B87F0000:error:0A0000F4:SSL routines:ossl_statem_server_read_transition:unexpected message:ssl/statem/statem_srvr.c:311: 80FB37F4B87F0000:error:40800066:lib(129)::aad malloc failure:qat_prov_cbc.c:619: shutting down SSL CONNECTION CLOSED

when i enable small packet offload, still have a issue, s_server print: ERROR 80FB98C2317F0000:error:0A0000F4:SSL routines:ossl_statem_server_read_transition:unexpected message:ssl/statem/statem_srvr.c:311: shutting down SSL CONNECTION CLOSED

foxriver1025 avatar Jul 31 '23 08:07 foxriver1025