Re: [EXT] caam test failures with libkcapi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jan 3, 2024 at 12:50 PM Gaurav Jain <gaurav.jain@xxxxxxx> wrote:
>
>
>
> > -----Original Message-----
> > From: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> > Sent: Saturday, December 23, 2023 7:29 PM
> > To: Gaurav Jain <gaurav.jain@xxxxxxx>
> > Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>; Horia Geanta
> > <horia.geanta@xxxxxxx>; Pankaj Gupta <pankaj.gupta@xxxxxxx>; Linux
> > Crypto Mailing List <linux-crypto@xxxxxxxxxxxxxxx>
> > Subject: Re: [EXT] caam test failures with libkcapi
> >
> > Caution: This is an external email. Please take care when clicking links or
> > opening attachments. When in doubt, report the message using the 'Report this
> > email' button
> >
> >
> > On Fri, Dec 22, 2023 at 11:50 AM Gaurav Jain <gaurav.jain@xxxxxxx> wrote:
[...]
> > > Can you please share the logs for libkcapi test failures.
> >
> > A log from our kernel CI testing is available here (it is from CentOS Stream 9, but
> > it fails in the same way on the Fedora's 6.6.6-based
> > kernel):
> > https://s3.amaz/
> > onaws.com%2Farr-cki-prod-trusted-artifacts%2Ftrusted-
> > artifacts%2F1109180874%2Ftest_aarch64%2F5766414724%2Fartifacts%2Frun.d
> > one.03%2Fjob.01%2Frecipes%2F15194733%2Ftasks%2F31%2Flogs%2Ftaskout.l
> > og&data=05%7C02%7Cgaurav.jain%40nxp.com%7C3b52a83449bf4b3fffe208dc
> > 03bf4b66%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6383893673
> > 38072709%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l
> > uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9SCFiT
> > 1nNsTZg4bh6n75CeicDC51Jw3wacQCaL7w4vQ%3D&reserved=0
>
> In this log I cannot see CAAM failures. can you tell which CAAM tfm failed?

The test exercises the kernel crypto API via the AF_ALG interface. The
failures basically detect that for certain inputs the crypto API
returns different results than expected when the CAAM driver is used
(the machine in question has the relevant hardware, so the caam_jr
crypto drivers are registered for certain algorithms and they take
priority).

For example, when you install libkcapi-tools and run:

kcapi -x 2 -s  -e -c "gcm(aes)" -i 16c4b4bd1198f39f4ae817b7 \
    -k 87c91a8b63f66934dd3703415b2538461fbfef55ce7a9ca9bb9425499f4cd1d6 \
    -a "303bb57e4534b08a4d5f001a84b3052c9d0d58ee03eda5211a540950e819dc" \
    -p "b05fbd403c2fa41a8cc702a7474ed9ba6c50fcc6c19732a7d300f1113862bc" -l 4

...the caam_jr implementation results in
b05fbd403c2fa41a8cc702a7474ed9ba6c50fcc6c19732a7d300f1113862bc6d2756d6,
while the expected output is
9bea5263e7b365d5a06cb3ccab0d43cb9a1ca967dfb7b1a6955b3c493018af6d2756d6.
You can search the test log for "FAILED" to find the other failing
commands (note that in some cases you need to escape the -c argument
as it contains parentheses).

--
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.






[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux