[PWCI] "[1/2] cryptodev: add support for 256-NxA4/5/6 algorithms"

[ovsrobot]

NOTE: This is an auto submission for "[1/2] cryptodev: add support for 256-NxA4/5/6 algorithms".

See "http://patchwork.dpdk.org/project/dpdk/list/?series=36979" for details.

Summary by Sourcery

Add cryptodev support and coverage for 256-bit NxA4/5/6 cipher, authentication, and AEAD algorithms.

New Features:

• Introduce new symmetric cipher algorithm identifiers for SNOW5G NEA4, AES NEA5, and ZUC-256 NEA6.
• Introduce new authentication algorithm identifiers for SNOW5G NIA4, AES NIA5, and ZUC-256 NIA6.
• Introduce new AEAD algorithm identifiers for SNOW5G NCA4, AES NCA5, and ZUC-256 NCA6.

Documentation:

• Document default crypto driver feature entries for the new 256-bit NxA4/5/6 cipher, authentication, and AEAD algorithms.

Tests:

• Add extensive unit test suites and vectors for 256-bit NEA4/5/6 cipher algorithms across encrypt/decrypt flows.
• Add unit test suites and vectors for 256-bit NIA4/5/6 integrity algorithms.
• Add unit test suites and vectors for 256-bit NCA4/5/6 AEAD algorithms, covering multiple message, AAD, and tag sizes.

Summary by CodeRabbit

• New Features

  • Added nine new cryptographic algorithms: SNOW5G NEA4, AES NEA5, ZUC-256 NEA6 (ciphers); SNOW5G NIA4, AES NIA5, ZUC-256 NIA6 (authentication); and SNOW5G NCA4, AES NCA5, ZUC-256 NCA6 (AEAD).

• Tests

  • Added comprehensive test suites and vectors for the new NXAN algorithms.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[sourcery-ai]

Reviewer's Guide

Adds 3GPP 256-bit NxA4/5/6 cipher, auth, and AEAD algorithm support into DPDK cryptodev by defining new enum values and string mappings, wiring them into default driver features, and introducing extensive unit tests and test vectors for these algorithms in the cryptodev test app.

Class diagram for updated cryptodev cipher/auth/AEAD enums

classDiagram
    class rte_crypto_cipher_algorithm {
        <<enum>>
        RTE_CRYPTO_CIPHER_SM4_CFB
        RTE_CRYPTO_CIPHER_SM4_XTS
        RTE_CRYPTO_CIPHER_SNOW5G_NEA4
        RTE_CRYPTO_CIPHER_AES_NEA5
        RTE_CRYPTO_CIPHER_ZUC_NEA6
    }

    class rte_crypto_auth_algorithm {
        <<enum>>
        RTE_CRYPTO_AUTH_SHAKE_128
        RTE_CRYPTO_AUTH_SHAKE_256
        RTE_CRYPTO_AUTH_SM3_HMAC
        RTE_CRYPTO_AUTH_SNOW5G_NIA4
        RTE_CRYPTO_AUTH_AES_NIA5
        RTE_CRYPTO_AUTH_ZUC_NIA6
    }

    class rte_crypto_aead_algorithm {
        <<enum>>
        RTE_CRYPTO_AEAD_AES_GCM
        RTE_CRYPTO_AEAD_CHACHA20_POLY1305
        RTE_CRYPTO_AEAD_SM4_GCM
        RTE_CRYPTO_AEAD_SNOW5G_NCA4
        RTE_CRYPTO_AEAD_AES_NCA5
        RTE_CRYPTO_AEAD_ZUC_NCA6
    }

Loading

Flow diagram for new NxA4/5/6 algorithm usage in cryptodev

flowchart LR
    app_test_cryptodev["app/test/test_cryptodev.c"] --> nxan_vectors["test_cryptodev_nxan_test_vectors.h"]
    app_test_cryptodev --> rte_cryptodev["lib/cryptodev/rte_cryptodev.c"]

    rte_cryptodev --> cipher_enum["rte_crypto_cipher_algorithm (includes *_NEA4/5/6)"]
    rte_cryptodev --> auth_enum["rte_crypto_auth_algorithm (includes *_NIA4/5/6)"]
    rte_cryptodev --> aead_enum["rte_crypto_aead_algorithm (includes *_NCA4/5/6)"]

    cipher_enum --> cipher_strings["crypto_cipher_algorithm_strings[] (e.g. snow5g-nea4)"]
    auth_enum --> auth_strings["crypto_auth_algorithm_strings[] (e.g. snow5g-nia4)"]
    aead_enum --> aead_strings["crypto_aead_algorithm_strings[] (e.g. snow5g-nca4)"]

    rte_cryptodev --> default_ini["doc/guides/cryptodevs/features/default.ini"]
    default_ini --> features_cipher["SNOW5G NEA4 / AES NEA5 / ZUC-256 NEA6 (cipher)"]
    default_ini --> features_auth["SNOW5G NIA4 / AES NIA5 / ZUC-256 NIA6 (auth)"]
    default_ini --> features_aead["SNOW5G NCA4 / AES NCA5 / ZUC-256 NCA6 (AEAD)"]

Loading

File-Level Changes

Change	Details	Files
Introduce new 256-bit NxA4/5/6 cipher/auth/AEAD algorithms to the cryptodev public API and map them to string names.	Extend rte_crypto_cipher_algorithm with SNOW5G_NEA4, AES_NEA5, and ZUC_NEA6 values and document them Extend rte_crypto_auth_algorithm with SNOW5G_NIA4, AES_NIA5, and ZUC_NIA6 values and document them Extend rte_crypto_aead_algorithm with SNOW5G_NCA4, AES_NCA5, and ZUC_NCA6 values and document them Add matching entries for the new algorithms in crypto_cipher_algorithm_strings, crypto_auth_algorithm_strings, and crypto_aead_algorithm_strings so apps and drivers can refer to them by name	lib/cryptodev/rte_crypto_sym.h lib/cryptodev/rte_cryptodev.c
Declare default feature flags for the new NxA4/5/6 algorithms in the cryptodev features documentation.	Mark SNOW5G NEA4, AES NEA5, and ZUC-256 NEA6 under the default cipher algorithms section Mark SNOW5G NIA4, AES NIA5, and ZUC-256 NIA6 under the default authentication algorithms section Mark SNOW5G NCA4, AES NCA5, and ZUC-256 NCA6 under the default AEAD algorithms section	doc/guides/cryptodevs/features/default.ini
Add cryptodev unit tests and test vectors for 256-bit NEA4/5/6 (cipher), NIA4/5/6 (auth), and NCA4/5/6 (AEAD) algorithms.	Create nxa_256_test_data structure and populate exhaustive NEA4/5/6, NIA4/5/6, and NCA4/5/6 test vectors (keys, IVs, (A)AD, plaintext, ciphertext, tags, sizes, and algorithm ids) based on 3GPP specifications Implement helper routines for NEA (cipher), NIA (auth/verify), and NCA (AEAD) that set up sessions, allocate and pad mbufs, build crypto operations, submit them via either raw or normal API, and compare results against reference vectors Define dedicated unit_test_suite instances for each of 256 NEA4/5/6, NIA4/5/6, and NCA4/5/6, wiring in per-case encrypt/decrypt or verify functions and a shared nxan_testsuite_setup that checks device feature flags and algorithm capabilities, and register all these suites into run_cryptodev_testsuite	app/test/test_cryptodev.c app/test/test_cryptodev_nxan_test_vectors.h

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces support for NXAN 256-bit cryptographic algorithms across the codebase. Changes include new public enum constants for nine cipher/auth/AEAD algorithm variants (SNOW5G/AES/ZUC NEA4–6, NIA4–6, NCA4–6), corresponding string mappings, test infrastructure with setup functions and test suites, comprehensive test vectors, and documentation updates to the feature matrix.

Changes

Cohort / File(s)	Summary
Public API Definitions lib/cryptodev/rte_crypto_sym.h	Added nine new enum constants: SNOW5G_NEA4, AES_NEA5, ZUC_NEA6 to rte_crypto_cipher_algorithm; SNOW5G_NIA4, AES_NIA5, ZUC_NIA6 to rte_crypto_auth_algorithm; SNOW5G_NCA4, AES_NCA5, ZUC_NCA6 to rte_crypto_aead_algorithm. Added trailing comma to RTE_CRYPTO_CIPHER_SM4_XTS for extensibility.
Algorithm String Mappings lib/cryptodev/rte_cryptodev.c	Added nine algorithm-to-string mappings across three static tables (crypto_cipher_algorithm_strings, crypto_auth_algorithm_strings, crypto_aead_algorithm_strings), enabling string-based algorithm identification.
Test Infrastructure app/test/test_cryptodev.c	Introduced nxan_testsuite_setup() function; added nine static test suite definitions (cryptodev_256_NEA4/5/6_testsuite, cryptodev_256_NIA4/5/6_testsuite, cryptodev_256_NCA4/5/6_testsuite); registered NXAN suites in test discovery and execution flow via static_suites array and run_cryptodev_testsuite function. Includes feature capability checks for NXAN algorithms.
Test Vectors & Data app/test/test_cryptodev_nxan_test_vectors.h	New header file defining struct nxa_256_test_data data structure and 79 global test vector instances covering NEA4–6, NIA4–6, and NCA4–6 algorithms (10 vectors each for most, 7 for NIA4/5), each containing key, IV, plaintext, ciphertext, AAD, tag, and size metadata.
Documentation doc/guides/cryptodevs/features/default.ini	Added nine algorithm entries across [Cipher], [Auth], and [AEAD] sections: SNOW5G NEA4, AES NEA5, ZUC-256 NEA6 (cipher); SNOW5G NIA4, AES NIA5, ZUC-256 NIA6 (auth); SNOW5G NCA4, AES NCA5, ZUC-256 NCA6 (AEAD).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Poem

🐰 Nine new algorithms hop into the fold,
NEA, NIA, NCA—stories to be told!
Test vectors aligned in perfect array,
NXAN support brightens the crypto day! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main objective of the PR: adding support for 256-bit NxA4/5/6 algorithms (NEA4/5/6, NIA4/5/6, NCA4/5/6) in cryptodev, which is demonstrated by changes across enum definitions, string mappings, test vectors, and test suites.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Hey - I've found 5 issues, and left some high level feedback:

• In rte_crypto_sym.h, the comments for the new NEA5/NIA5/NCA5 and NEA6/NIA6/NCA6 enum values still say "NEA4/NIA4/NCA4 mode"; it would be clearer and less misleading to update those strings to reference the correct 5/6 algorithm variants.
• In test_NIA_helper, the final return 0; after the if (ut_params->op->status == ...) block is dead code and can be removed to avoid confusion about the intended control flow.
• The nea6_test_9 test vector appears to be a duplicate of nea6_test_7 and is not referenced by any test case, so consider either removing it or wiring it into a test to avoid unused/duplicated data.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In `rte_crypto_sym.h`, the comments for the new NEA5/NIA5/NCA5 and NEA6/NIA6/NCA6 enum values still say "NEA4/NIA4/NCA4 mode"; it would be clearer and less misleading to update those strings to reference the correct 5/6 algorithm variants.
- In `test_NIA_helper`, the final `return 0;` after the `if (ut_params->op->status == ...)` block is dead code and can be removed to avoid confusion about the intended control flow.
- The `nea6_test_9` test vector appears to be a duplicate of `nea6_test_7` and is not referenced by any test case, so consider either removing it or wiring it into a test to avoid unused/duplicated data.

## Individual Comments

### Comment 1
<location> `lib/cryptodev/rte_crypto_sym.h:184-189` </location>
<code_context>
+	RTE_CRYPTO_CIPHER_SM4_XTS,
 	/**< ShangMi 4 (SM4) algorithm in XTS mode */
+
+	RTE_CRYPTO_CIPHER_SNOW5G_NEA4,
+	/**< Snow 5G algorithm in NEA4 mode */
+	RTE_CRYPTO_CIPHER_AES_NEA5,
+	/**< AES algorithm in NEA4 mode */
+	RTE_CRYPTO_CIPHER_ZUC_NEA6,
+	/**< ZUC-256 algorithm in NEA4 mode */
 };

</code_context>

<issue_to_address>
**issue (typo):** Enum comments reference NEA4 for NEA5/NEA6 variants, which looks inconsistent with the enum names.

The comments for `..._NEA4`, `..._NEA5`, and `..._NEA6` all say `NEA4 mode`, which could confuse users reading the API docs. Please update each comment to reference the correct NEA variant to match the enum names.

```suggestion
	RTE_CRYPTO_CIPHER_SNOW5G_NEA4,
	/**< Snow 5G algorithm in NEA4 mode */
	RTE_CRYPTO_CIPHER_AES_NEA5,
	/**< AES algorithm in NEA5 mode */
	RTE_CRYPTO_CIPHER_ZUC_NEA6,
	/**< ZUC-256 algorithm in NEA6 mode */
```
</issue_to_address>

### Comment 2
<location> `lib/cryptodev/rte_crypto_sym.h:395-400` </location>
<code_context>
 	RTE_CRYPTO_AUTH_SM3_HMAC,
 	/** < HMAC using ShangMi 3 (SM3) algorithm */
+
+	RTE_CRYPTO_AUTH_SNOW5G_NIA4,
+	/**< Snow 5G algorithm in NIA4 mode */
+	RTE_CRYPTO_AUTH_AES_NIA5,
+	/**< AES algorithm in NIA4 mode */
+	RTE_CRYPTO_AUTH_ZUC_NIA6,
+	/**< ZUC-256 algorithm in NIA4 mode */
+
 };
</code_context>

<issue_to_address>
**issue:** Auth enum comments all mention NIA4 even for NIA5/NIA6 entries.

The enum names distinguish NIA4/NIA5/NIA6, but all three comments currently say `NIA4 mode`. Please update each comment to match its specific mode (e.g., `NIA4/NIA5/NIA6`) so the public header remains accurate and self-explanatory.
</issue_to_address>

### Comment 3
<location> `lib/cryptodev/rte_crypto_sym.h:505-510` </location>
<code_context>
 	RTE_CRYPTO_AEAD_SM4_GCM,
 	/**< SM4 cipher in GCM mode */
+
+	RTE_CRYPTO_AEAD_SNOW5G_NCA4,
+	/**< Snow 5G algorithm in NCA4 mode */
+	RTE_CRYPTO_AEAD_AES_NCA5,
+	/**< AES algorithm in NCA4 mode */
+	RTE_CRYPTO_AEAD_ZUC_NCA6,
+	/**< ZUC-256 algorithm in NCA4 mode */
 };

</code_context>

<issue_to_address>
**issue (typo):** AEAD enum comments use NCA4 wording for all NCA4/NCA5/NCA6 variants.

Each of these new enums currently has the same `NCA4 mode` comment. Please update the comments so that each one correctly names its own mode (`NCA4`, `NCA5`, or `NCA6`) to avoid confusion with the 5G naming.

```suggestion
	RTE_CRYPTO_AEAD_SNOW5G_NCA4,
	/**< Snow 5G algorithm in NCA4 mode */
	RTE_CRYPTO_AEAD_AES_NCA5,
	/**< AES algorithm in NCA5 mode */
	RTE_CRYPTO_AEAD_ZUC_NCA6,
	/**< ZUC-256 algorithm in NCA6 mode */
```
</issue_to_address>

### Comment 4
<location> `app/test/test_cryptodev.c:19916-19925` </location>
<code_context>
+}
+
+static int
+test_NEA_helper(
+	struct nxa_256_test_data *tdata,
+	enum rte_crypto_cipher_operation op)
+{
+	struct crypto_testsuite_params *ts_params = &testsuite_params;
+	struct crypto_unittest_params *ut_params = &unittest_params;
+
+	int retval;
+	uint8_t *input, *output;
+	uint32_t pad_len;
+	uint32_t len;
+	bool is_enc = (op == RTE_CRYPTO_CIPHER_OP_ENCRYPT);
+
+	if (gbl_action_type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO)
+		return TEST_SKIPPED;
+
+	/* Create session */
+	retval = create_wireless_algo_cipher_session(ts_params->valid_devs[0],
+					RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+					tdata->cipher_algo, tdata->key, 32, 16);
</code_context>

<issue_to_address>
**issue (testing):** NEA decrypt tests never exercise a DECRYPT session and may be misleading

In `test_NEA_helper`, `op` is only used for selecting reference output and logging, while the session is always created with `RTE_CRYPTO_CIPHER_OP_ENCRYPT`. As a result, the `*_decrypt` tests just perform another encryption (which happens to match for this stream cipher) and never exercise `RTE_CRYPTO_CIPHER_OP_DECRYPT` or its capabilities. Please either pass `op` into `create_wireless_algo_cipher_session` so decrypt mode is actually tested, or rename the tests to avoid suggesting that API-level decrypt behavior is covered.
</issue_to_address>

### Comment 5
<location> `app/test/test_cryptodev_nxan_test_vectors.h:441-279` </location>
<code_context>
+};
+
+
+struct nxa_256_test_data nea6_test_9 = {
+	.key = {
+		0xdc, 0xe0, 0x01, 0xa5, 0xef, 0x61, 0x7d, 0x7e,
+		0x6c, 0xff, 0x9f, 0x64, 0x19, 0x1c, 0x1f, 0xa3,
+		0x5c, 0x95, 0x32, 0x30, 0xa6, 0x22, 0x82, 0x99,
+		0x9e, 0xe6, 0x77, 0x3a, 0x7c, 0x44, 0xb5, 0xb4
+	},
+	.iv = {
+		0x00, 0x35, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab,
+		0x01, 0x23, 0x45, 0x67, 0x00, 0x00, 0x00, 0x00
+	},
+	.plaintext = {
+		0xff
+	},
+	.ciphertext = {
+		0xde
+	},
+	.msg_size = 8,
+	.cipher_algo = RTE_CRYPTO_CIPHER_ZUC_NEA6
+};
+
</code_context>

<issue_to_address>
**question (testing):** NEA6 test vector `nea6_test_9` appears unused by any test case

I can’t find any `test_NEA6_case_*` that uses `nea6_test_9` (only 1–7 are referenced). If this is an intentional extra edge case, please add a test that uses it; otherwise, consider removing it to avoid unused test data and confusion.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (typo): Enum comments reference NEA4 for NEA5/NEA6 variants, which looks inconsistent with the enum names.

The comments for ..._NEA4, ..._NEA5, and ..._NEA6 all say NEA4 mode, which could confuse users reading the API docs. Please update each comment to reference the correct NEA variant to match the enum names.

Suggested change

	RTE_CRYPTO_CIPHER_SNOW5G_NEA4,
	/**< Snow 5G algorithm in NEA4 mode */
	RTE_CRYPTO_CIPHER_AES_NEA5,
	/**< AES algorithm in NEA4 mode */
	RTE_CRYPTO_CIPHER_ZUC_NEA6,
	/**< ZUC-256 algorithm in NEA4 mode */
	RTE_CRYPTO_CIPHER_SNOW5G_NEA4,
	/**< Snow 5G algorithm in NEA4 mode */
	RTE_CRYPTO_CIPHER_AES_NEA5,
	/**< AES algorithm in NEA5 mode */
	RTE_CRYPTO_CIPHER_ZUC_NEA6,
	/**< ZUC-256 algorithm in NEA6 mode */

[sourcery-ai]

issue: Auth enum comments all mention NIA4 even for NIA5/NIA6 entries.

The enum names distinguish NIA4/NIA5/NIA6, but all three comments currently say NIA4 mode. Please update each comment to match its specific mode (e.g., NIA4/NIA5/NIA6) so the public header remains accurate and self-explanatory.

[sourcery-ai]

issue (typo): AEAD enum comments use NCA4 wording for all NCA4/NCA5/NCA6 variants.

Each of these new enums currently has the same NCA4 mode comment. Please update the comments so that each one correctly names its own mode (NCA4, NCA5, or NCA6) to avoid confusion with the 5G naming.

Suggested change

	RTE_CRYPTO_AEAD_SNOW5G_NCA4,
	/**< Snow 5G algorithm in NCA4 mode */
	RTE_CRYPTO_AEAD_AES_NCA5,
	/**< AES algorithm in NCA4 mode */
	RTE_CRYPTO_AEAD_ZUC_NCA6,
	/**< ZUC-256 algorithm in NCA4 mode */
	RTE_CRYPTO_AEAD_SNOW5G_NCA4,
	/**< Snow 5G algorithm in NCA4 mode */
	RTE_CRYPTO_AEAD_AES_NCA5,
	/**< AES algorithm in NCA5 mode */
	RTE_CRYPTO_AEAD_ZUC_NCA6,
	/**< ZUC-256 algorithm in NCA6 mode */

[sourcery-ai]

issue (testing): NEA decrypt tests never exercise a DECRYPT session and may be misleading

In test_NEA_helper, op is only used for selecting reference output and logging, while the session is always created with RTE_CRYPTO_CIPHER_OP_ENCRYPT. As a result, the *_decrypt tests just perform another encryption (which happens to match for this stream cipher) and never exercise RTE_CRYPTO_CIPHER_OP_DECRYPT or its capabilities. Please either pass op into create_wireless_algo_cipher_session so decrypt mode is actually tested, or rename the tests to avoid suggesting that API-level decrypt behavior is covered.

[sourcery-ai]

question (testing): NEA6 test vector nea6_test_9 appears unused by any test case

I can’t find any test_NEA6_case_* that uses nea6_test_9 (only 1–7 are referenced). If this is an intentional extra edge case, please add a test that uses it; otherwise, consider removing it to avoid unused test data and confusion.

[coderabbitai]

Actionable comments posted: 6

🤖 Fix all issues with AI agents

In @app/test/test_cryptodev_nxan_test_vectors.h:
- Around line 830-836: The test vector nca5_test_2 has a 5-byte tag
{0x7a,0x4d,0xf4,0xfa,0xfe} but tag_size is incorrectly 32; update the tag_size
for nca5_test_2 to match 5 bytes (40 bits) — i.e., change tag_size from 32 to 40
so it correctly reflects the 5-byte tag used with RTE_CRYPTO_AEAD_AES_NCA5.
- Around line 24-57: The header defines non-static global test vectors (e.g.,
nea4_test_1) which will produce multiple-definition linker errors when included
by more than one TU; mark each test vector definition in the header as static to
give them internal linkage—apply this change to all test vector symbols
mentioned (nea4_test_*, nea5_test_*, nea6_test_*, nia4_test_*, nia5_test_*,
nia6_test_*, nca4_test_*, nca5_test_*, nca6_test_*) so every declaration in the
header becomes static.
- Around line 439-441: There is a numbering gap in the test vectors: the
sequence has nea6_test_7 followed by nea6_test_9 but no nea6_test_8; inspect the
declarations of struct nxa_256_test_data instances (especially nea6_test_7 and
nea6_test_9), determine whether a missing test was accidentally omitted or the
later entry was misnamed, then either add the omitted nea6_test_8 test data or
rename nea6_test_9 to nea6_test_8 (and update any references) so the test vector
names are consecutive and consistent.

In @lib/cryptodev/rte_crypto_sym.h:
- Around line 394-401: Update the inline comments for the two enum entries to
match their suffixes: change the comment on RTE_CRYPTO_AUTH_AES_NIA5 from "AES
algorithm in NIA4 mode" to "AES algorithm in NIA5 mode" and change the comment
on RTE_CRYPTO_AUTH_ZUC_NIA6 from "ZUC-256 algorithm in NIA4 mode" to "ZUC-256
algorithm in NIA6 mode" so the descriptions correctly reflect the enum names.
- Around line 181-190: Update the inline comments for the NEA cipher enums so
they match the enum names: change the comment for RTE_CRYPTO_CIPHER_AES_NEA5 to
"AES algorithm in NEA5 mode" and change the comment for
RTE_CRYPTO_CIPHER_ZUC_NEA6 to "ZUC-256 algorithm in NEA6 mode"; locate these
comments adjacent to the RTE_CRYPTO_CIPHER_AES_NEA5 and
RTE_CRYPTO_CIPHER_ZUC_NEA6 enum entries and correct the numeral from "NEA4" to
the appropriate "NEA5" and "NEA6".
- Around line 504-511: Update the inline comments for the enum entries
RTE_CRYPTO_AEAD_AES_NCA5 and RTE_CRYPTO_AEAD_ZUC_NCA6 so they reference the
correct modes: change the comment for RTE_CRYPTO_AEAD_AES_NCA5 to "AES algorithm
in NCA5 mode" and change the comment for RTE_CRYPTO_AEAD_ZUC_NCA6 to "ZUC-256
algorithm in NCA6 mode".

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cd60dcd and 1a09d89.

📒 Files selected for processing (5)

• app/test/test_cryptodev.c
• app/test/test_cryptodev_nxan_test_vectors.h
• doc/guides/cryptodevs/features/default.ini
• lib/cryptodev/rte_crypto_sym.h
• lib/cryptodev/rte_cryptodev.c

👮 Files not reviewed due to content moderation or server errors (1)

• app/test/test_cryptodev.c

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Sourcery review

🔇 Additional comments (8)

lib/cryptodev/rte_cryptodev.c (3)

105-108: LGTM! Cipher algorithm strings correctly added.

The trailing comma on SM4_XTS and the new cipher algorithm string mappings are correctly implemented and follow the existing conventions.

---

168-172: LGTM! Auth algorithm strings correctly added.

The new authentication algorithm string mappings are correctly implemented and follow the existing conventions.

---

185-189: LGTM! AEAD algorithm strings correctly added.

The new AEAD algorithm string mappings are correctly implemented and follow the existing conventions.

doc/guides/cryptodevs/features/default.ini (3)

71-73: LGTM! Cipher documentation entries correctly added.

The new cipher algorithm options are correctly documented and align with the code changes.

---

112-114: LGTM! Auth documentation entries correctly added.

The new authentication algorithm options are correctly documented and align with the code changes.

---

128-130: LGTM! AEAD documentation entries correctly added.

The new AEAD algorithm options are correctly documented and align with the code changes.

app/test/test_cryptodev_nxan_test_vectors.h (2)

5-22: Structure definition looks appropriate for 256-bit test vectors.

The fixed-size arrays for key[32] (256 bits) and iv[16] (128 bits) are correctly sized for the 256-bit NXAN algorithms, and MAX_DATA_SZ of 1024 bytes provides sufficient room for test data.

---

1446-1962: Verify test vectors against official specification.

The integrity tests (NIA4/5/6) and remaining AEAD tests appear correctly structured. Please confirm these test vectors are sourced from the official 3GPP or ETSI specification documents for the 256-bit NXAN algorithms.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add static to global variable definitions in header.

Defining non-static global variables in a header file will cause linker errors ("multiple definition") if this header is ever included in more than one translation unit.

🔧 Proposed fix (apply pattern to all test vectors)

-struct nxa_256_test_data nea4_test_1 = {
+static struct nxa_256_test_data nea4_test_1 = {

Apply the same static keyword to all test vector definitions (nea4_test_*, nea5_test_*, nea6_test_*, nia4_test_*, nia5_test_*, nia6_test_*, nca4_test_*, nca5_test_*, nca6_test_*).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	struct nxa_256_test_data nea4_test_1 = {
	.key = {
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
	},
	.iv = {
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
	},
	.plaintext = {
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
	},
	.ciphertext = {
	0x95, 0xce, 0x19, 0x61, 0xb4, 0x94, 0x12, 0x73,
	0xfb, 0xd9, 0x2d, 0xcc, 0x74, 0x57, 0xd4, 0xeb,
	0xbe, 0x88, 0x25, 0x2c, 0x71, 0x9b, 0xcb, 0x6c,
	0x06, 0x30, 0xcf, 0x0d, 0xc3, 0x8c, 0x5b, 0x7e,
	0x80, 0xbf, 0x72, 0x3a, 0x85, 0x19, 0xcd, 0xaa,
	0xf2, 0xa5, 0xf5, 0x16, 0x63, 0x43, 0x5a, 0x0a,
	0x83, 0x31, 0xd8, 0xda, 0xae, 0x90, 0xbe, 0xde,
	0xa9, 0x48, 0x81, 0x5f, 0xb8, 0x90, 0x6f, 0xef
	},
	.msg_size = 512,
	.cipher_algo = RTE_CRYPTO_CIPHER_SNOW5G_NEA4
	};
	static struct nxa_256_test_data nea4_test_1 = {
	.key = {
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
	},
	.iv = {
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
	},
	.plaintext = {
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
	},
	.ciphertext = {
	0x95, 0xce, 0x19, 0x61, 0xb4, 0x94, 0x12, 0x73,
	0xfb, 0xd9, 0x2d, 0xcc, 0x74, 0x57, 0xd4, 0xeb,
	0xbe, 0x88, 0x25, 0x2c, 0x71, 0x9b, 0xcb, 0x6c,
	0x06, 0x30, 0xcf, 0x0d, 0xc3, 0x8c, 0x5b, 0x7e,
	0x80, 0xbf, 0x72, 0x3a, 0x85, 0x19, 0xcd, 0xaa,
	0xf2, 0xa5, 0xf5, 0x16, 0x63, 0x43, 0x5a, 0x0a,
	0x83, 0x31, 0xd8, 0xda, 0xae, 0x90, 0xbe, 0xde,
	0xa9, 0x48, 0x81, 0x5f, 0xb8, 0x90, 0x6f, 0xef
	},
	.msg_size = 512,
	.cipher_algo = RTE_CRYPTO_CIPHER_SNOW5G_NEA4
	};

🤖 Prompt for AI Agents

In @app/test/test_cryptodev_nxan_test_vectors.h around lines 24 - 57, The header
defines non-static global test vectors (e.g., nea4_test_1) which will produce
multiple-definition linker errors when included by more than one TU; mark each
test vector definition in the header as static to give them internal
linkage—apply this change to all test vector symbols mentioned (nea4_test_*,
nea5_test_*, nea6_test_*, nia4_test_*, nia5_test_*, nia6_test_*, nca4_test_*,
nca5_test_*, nca6_test_*) so every declaration in the header becomes static.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, check if the file exists and get its size
if [ -f "app/test/test_cryptodev_nxan_test_vectors.h" ]; then
  echo "=== File exists ==="
  wc -l "app/test/test_cryptodev_nxan_test_vectors.h"
  echo ""
  
  # Read lines around 419-461 to see the test vector sequence
  echo "=== Lines 410-470 (test vector sequence) ==="
  sed -n '410,470p' "app/test/test_cryptodev_nxan_test_vectors.h" | cat -n
else
  echo "File not found"
fi

Repository: ovsrobot/dpdk

Length of output: 2179

---

🏁 Script executed:

#!/bin/bash
# Search for all nea6_test definitions in the file
echo "=== All nea6_test definitions ==="
rg "struct nxa_256_test_data nea6_test" "app/test/test_cryptodev_nxan_test_vectors.h" -n

Repository: ovsrobot/dpdk

Length of output: 450

---

🏁 Script executed:

#!/bin/bash
# Check for any comments or patterns around line 419-441 that might explain the gap
echo "=== Context around lines 410-450 ==="
sed -n '410,450p' "app/test/test_cryptodev_nxan_test_vectors.h"

Repository: ovsrobot/dpdk

Length of output: 1239

---

Test vector numbering inconsistency: nea6_test_8 is missing.

The test sequence jumps from nea6_test_7 to nea6_test_9—nea6_test_8 does not exist in the file. Clarify whether this gap is intentional or was omitted by mistake, and update the numbering accordingly.

🤖 Prompt for AI Agents

In @app/test/test_cryptodev_nxan_test_vectors.h around lines 439 - 441, There is
a numbering gap in the test vectors: the sequence has nea6_test_7 followed by
nea6_test_9 but no nea6_test_8; inspect the declarations of struct
nxa_256_test_data instances (especially nea6_test_7 and nea6_test_9), determine
whether a missing test was accidentally omitted or the later entry was misnamed,
then either add the omitted nea6_test_8 test data or rename nea6_test_9 to
nea6_test_8 (and update any references) so the test vector names are consecutive
and consistent.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Incorrect tag_size for nca5_test_2.

The tag array contains 5 bytes (40 bits): {0x7a, 0x4d, 0xf4, 0xfa, 0xfe}, but tag_size is set to 32. This mismatch will likely cause test failures.

🐛 Proposed fix

 	.msg_size = 8,
 	.aad_size = 0,
-	.tag_size = 32,
+	.tag_size = 40,
 	.aead_algo = RTE_CRYPTO_AEAD_AES_NCA5

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	.tag = {
	0x7a, 0x4d, 0xf4, 0xfa, 0xfe
	},
	.msg_size = 8,
	.aad_size = 0,
	.tag_size = 32,
	.aead_algo = RTE_CRYPTO_AEAD_AES_NCA5
	.tag = {
	0x7a, 0x4d, 0xf4, 0xfa, 0xfe
	},
	.msg_size = 8,
	.aad_size = 0,
	.tag_size = 40,
	.aead_algo = RTE_CRYPTO_AEAD_AES_NCA5

🤖 Prompt for AI Agents

In @app/test/test_cryptodev_nxan_test_vectors.h around lines 830 - 836, The test
vector nca5_test_2 has a 5-byte tag {0x7a,0x4d,0xf4,0xfa,0xfe} but tag_size is
incorrectly 32; update the tag_size for nca5_test_2 to match 5 bytes (40 bits) —
i.e., change tag_size from 32 to 40 so it correctly reflects the 5-byte tag used
with RTE_CRYPTO_AEAD_AES_NCA5.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix comment typos for NEA5 and NEA6 algorithms.

The comments for RTE_CRYPTO_CIPHER_AES_NEA5 and RTE_CRYPTO_CIPHER_ZUC_NEA6 incorrectly reference "NEA4 mode". They should match the algorithm suffix:

• Line 187: Should say "NEA5 mode" not "NEA4 mode"
• Line 189: Should say "NEA6 mode" not "NEA4 mode"

📝 Proposed fix for comment typos

 	RTE_CRYPTO_CIPHER_SM4_XTS,
 	/**< ShangMi 4 (SM4) algorithm in XTS mode */
 
 	RTE_CRYPTO_CIPHER_SNOW5G_NEA4,
 	/**< Snow 5G algorithm in NEA4 mode */
 	RTE_CRYPTO_CIPHER_AES_NEA5,
-	/**< AES algorithm in NEA4 mode */
+	/**< AES algorithm in NEA5 mode */
 	RTE_CRYPTO_CIPHER_ZUC_NEA6,
-	/**< ZUC-256 algorithm in NEA4 mode */
+	/**< ZUC-256 algorithm in NEA6 mode */
 };

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	RTE_CRYPTO_CIPHER_SM4_XTS,
	/**< ShangMi 4 (SM4) algorithm in XTS mode */
	RTE_CRYPTO_CIPHER_SNOW5G_NEA4,
	/**< Snow 5G algorithm in NEA4 mode */
	RTE_CRYPTO_CIPHER_AES_NEA5,
	/**< AES algorithm in NEA4 mode */
	RTE_CRYPTO_CIPHER_ZUC_NEA6,
	/**< ZUC-256 algorithm in NEA4 mode */
	};
	RTE_CRYPTO_CIPHER_SM4_XTS,
	/**< ShangMi 4 (SM4) algorithm in XTS mode */
	RTE_CRYPTO_CIPHER_SNOW5G_NEA4,
	/**< Snow 5G algorithm in NEA4 mode */
	RTE_CRYPTO_CIPHER_AES_NEA5,
	/**< AES algorithm in NEA5 mode */
	RTE_CRYPTO_CIPHER_ZUC_NEA6,
	/**< ZUC-256 algorithm in NEA6 mode */
	};

🤖 Prompt for AI Agents

In @lib/cryptodev/rte_crypto_sym.h around lines 181 - 190, Update the inline
comments for the NEA cipher enums so they match the enum names: change the
comment for RTE_CRYPTO_CIPHER_AES_NEA5 to "AES algorithm in NEA5 mode" and
change the comment for RTE_CRYPTO_CIPHER_ZUC_NEA6 to "ZUC-256 algorithm in NEA6
mode"; locate these comments adjacent to the RTE_CRYPTO_CIPHER_AES_NEA5 and
RTE_CRYPTO_CIPHER_ZUC_NEA6 enum entries and correct the numeral from "NEA4" to
the appropriate "NEA5" and "NEA6".

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix comment typos for NIA5 and NIA6 algorithms.

The comments for RTE_CRYPTO_AUTH_AES_NIA5 and RTE_CRYPTO_AUTH_ZUC_NIA6 incorrectly reference "NIA4 mode". They should match the algorithm suffix:

• Line 398: Should say "NIA5 mode" not "NIA4 mode"
• Line 400: Should say "NIA6 mode" not "NIA4 mode"

📝 Proposed fix for comment typos

 	RTE_CRYPTO_AUTH_SM3_HMAC,
 	/** < HMAC using ShangMi 3 (SM3) algorithm */
 
 	RTE_CRYPTO_AUTH_SNOW5G_NIA4,
 	/**< Snow 5G algorithm in NIA4 mode */
 	RTE_CRYPTO_AUTH_AES_NIA5,
-	/**< AES algorithm in NIA4 mode */
+	/**< AES algorithm in NIA5 mode */
 	RTE_CRYPTO_AUTH_ZUC_NIA6,
-	/**< ZUC-256 algorithm in NIA4 mode */
+	/**< ZUC-256 algorithm in NIA6 mode */
 
 };

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	RTE_CRYPTO_AUTH_SNOW5G_NIA4,
	/**< Snow 5G algorithm in NIA4 mode */
	RTE_CRYPTO_AUTH_AES_NIA5,
	/**< AES algorithm in NIA4 mode */
	RTE_CRYPTO_AUTH_ZUC_NIA6,
	/**< ZUC-256 algorithm in NIA4 mode */
	RTE_CRYPTO_AUTH_SNOW5G_NIA4,
	/**< Snow 5G algorithm in NIA4 mode */
	RTE_CRYPTO_AUTH_AES_NIA5,
	/**< AES algorithm in NIA5 mode */
	RTE_CRYPTO_AUTH_ZUC_NIA6,
	/**< ZUC-256 algorithm in NIA6 mode */

🤖 Prompt for AI Agents

In @lib/cryptodev/rte_crypto_sym.h around lines 394 - 401, Update the inline
comments for the two enum entries to match their suffixes: change the comment on
RTE_CRYPTO_AUTH_AES_NIA5 from "AES algorithm in NIA4 mode" to "AES algorithm in
NIA5 mode" and change the comment on RTE_CRYPTO_AUTH_ZUC_NIA6 from "ZUC-256
algorithm in NIA4 mode" to "ZUC-256 algorithm in NIA6 mode" so the descriptions
correctly reflect the enum names.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix comment typos for NCA5 and NCA6 algorithms.

The comments for RTE_CRYPTO_AEAD_AES_NCA5 and RTE_CRYPTO_AEAD_ZUC_NCA6 incorrectly reference "NCA4 mode". They should match the algorithm suffix:

• Line 508: Should say "NCA5 mode" not "NCA4 mode"
• Line 510: Should say "NCA6 mode" not "NCA4 mode"

📝 Proposed fix for comment typos

 	RTE_CRYPTO_AEAD_SM4_GCM,
 	/**< SM4 cipher in GCM mode */
 
 	RTE_CRYPTO_AEAD_SNOW5G_NCA4,
 	/**< Snow 5G algorithm in NCA4 mode */
 	RTE_CRYPTO_AEAD_AES_NCA5,
-	/**< AES algorithm in NCA4 mode */
+	/**< AES algorithm in NCA5 mode */
 	RTE_CRYPTO_AEAD_ZUC_NCA6,
-	/**< ZUC-256 algorithm in NCA4 mode */
+	/**< ZUC-256 algorithm in NCA6 mode */
 };

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	RTE_CRYPTO_AEAD_SNOW5G_NCA4,
	/**< Snow 5G algorithm in NCA4 mode */
	RTE_CRYPTO_AEAD_AES_NCA5,
	/**< AES algorithm in NCA4 mode */
	RTE_CRYPTO_AEAD_ZUC_NCA6,
	/**< ZUC-256 algorithm in NCA4 mode */
	};
	RTE_CRYPTO_AEAD_SNOW5G_NCA4,
	/**< Snow 5G algorithm in NCA4 mode */
	RTE_CRYPTO_AEAD_AES_NCA5,
	/**< AES algorithm in NCA5 mode */
	RTE_CRYPTO_AEAD_ZUC_NCA6,
	/**< ZUC-256 algorithm in NCA6 mode */
	};

🤖 Prompt for AI Agents

In @lib/cryptodev/rte_crypto_sym.h around lines 504 - 511, Update the inline
comments for the enum entries RTE_CRYPTO_AEAD_AES_NCA5 and
RTE_CRYPTO_AEAD_ZUC_NCA6 so they reference the correct modes: change the comment
for RTE_CRYPTO_AEAD_AES_NCA5 to "AES algorithm in NCA5 mode" and change the
comment for RTE_CRYPTO_AEAD_ZUC_NCA6 to "ZUC-256 algorithm in NCA6 mode".