On Wed, Jan 3, 2024 at 12:50 PM Gaurav Jain <gaurav.jain@xxxxxxx> wrote: > > > > > -----Original Message----- > > From: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > > Sent: Saturday, December 23, 2023 7:29 PM > > To: Gaurav Jain <gaurav.jain@xxxxxxx> > > Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>; Horia Geanta > > <horia.geanta@xxxxxxx>; Pankaj Gupta <pankaj.gupta@xxxxxxx>; Linux > > Crypto Mailing List <linux-crypto@xxxxxxxxxxxxxxx> > > Subject: Re: [EXT] caam test failures with libkcapi > > > > Caution: This is an external email. Please take care when clicking links or > > opening attachments. When in doubt, report the message using the 'Report this > > email' button > > > > > > On Fri, Dec 22, 2023 at 11:50 AM Gaurav Jain <gaurav.jain@xxxxxxx> wrote: [...] > > > Can you please share the logs for libkcapi test failures. > > > > A log from our kernel CI testing is available here (it is from CentOS Stream 9, but > > it fails in the same way on the Fedora's 6.6.6-based > > kernel): > > https://s3.amaz/ > > onaws.com%2Farr-cki-prod-trusted-artifacts%2Ftrusted- > > artifacts%2F1109180874%2Ftest_aarch64%2F5766414724%2Fartifacts%2Frun.d > > one.03%2Fjob.01%2Frecipes%2F15194733%2Ftasks%2F31%2Flogs%2Ftaskout.l > > og&data=05%7C02%7Cgaurav.jain%40nxp.com%7C3b52a83449bf4b3fffe208dc > > 03bf4b66%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6383893673 > > 38072709%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l > > uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9SCFiT > > 1nNsTZg4bh6n75CeicDC51Jw3wacQCaL7w4vQ%3D&reserved=0 > > In this log I cannot see CAAM failures. can you tell which CAAM tfm failed? The test exercises the kernel crypto API via the AF_ALG interface. The failures basically detect that for certain inputs the crypto API returns different results than expected when the CAAM driver is used (the machine in question has the relevant hardware, so the caam_jr crypto drivers are registered for certain algorithms and they take priority). For example, when you install libkcapi-tools and run: kcapi -x 2 -s -e -c "gcm(aes)" -i 16c4b4bd1198f39f4ae817b7 \ -k 87c91a8b63f66934dd3703415b2538461fbfef55ce7a9ca9bb9425499f4cd1d6 \ -a "303bb57e4534b08a4d5f001a84b3052c9d0d58ee03eda5211a540950e819dc" \ -p "b05fbd403c2fa41a8cc702a7474ed9ba6c50fcc6c19732a7d300f1113862bc" -l 4 ...the caam_jr implementation results in b05fbd403c2fa41a8cc702a7474ed9ba6c50fcc6c19732a7d300f1113862bc6d2756d6, while the expected output is 9bea5263e7b365d5a06cb3ccab0d43cb9a1ca967dfb7b1a6955b3c493018af6d2756d6. You can search the test log for "FAILED" to find the other failing commands (note that in some cases you need to escape the -c argument as it contains parentheses). -- Ondrej Mosnacek Senior Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.