RPCSEC GSS krb5 KUnit test fails on arm64 with h/w accelerated ciphers enabled

public inbox for linux-crypto@vger.kernel.org
 help / color / mirror / Atom feed

From: Scott Mayhew <smayhew@redhat.com>
To: linux-crypto@vger.kernel.org
Cc: chuck.lever@oracle.com, linux-nfs@vger.kernel.org
Subject: RPCSEC GSS krb5 KUnit test fails on arm64 with h/w accelerated ciphers enabled
Date: Wed, 19 Apr 2023 17:53:53 -0400	[thread overview]
Message-ID: <ZEBi8ReG9LKLcmW3@aion.usersys.redhat.com> (raw)

Chuck's recently-added RPCSEC GSS krb5 KUnit test
(net/sunrpc/auth_gss/gss_krb5_test.c) is failing on arm64, specifically
the RFC 3962 test cases (I'm just pasting the output of 1 case, but all
6 cases fail):

---8<---
[  237.255197]         # Subtest: RFC 3962 encryption
[  237.255588]     # RFC 3962 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:772
                   Expected memcmp(param->next_iv->data, iv, param->next_iv->len) == 0, but
                       memcmp(param->next_iv->data, iv, param->next_iv->len) == 1 (0x1)

               IV mismatch
---8<---

If I disable the hardware accelerated ciphers
(CONFIG_CRYPTO_AES_ARM64_CE_BLK and CONFIG_CRYPTO_AES_ARM64_NEON_BLK),
then the test works.

Likewise, if I modify Chuck's test to explicitly request
"cts(cbc(aes-generic))", then the test works.

The problem is that the asm helper aes_cbc_cts_encrypt in
arch/arm64/crypto/aes-modes.S doesn't return the next IV.

If I make the following change, then the test works:

diff --git a/arch/arm64/crypto/aes-modes.S b/arch/arm64/crypto/aes-modes.S
index 0e834a2c062c..477605fad76b 100644
--- a/arch/arm64/crypto/aes-modes.S
+++ b/arch/arm64/crypto/aes-modes.S
@@ -268,6 +268,7 @@ AES_FUNC_START(aes_cbc_cts_encrypt)
 	add		x4, x0, x4
 	st1		{v0.16b}, [x4]			/* overlapping stores */
 	st1		{v1.16b}, [x0]
+	st1		{v1.16b}, [x5]
 	ret
 AES_FUNC_END(aes_cbc_cts_encrypt)

But I don't know if that change is at all correct! (I've never even
looked at arm64 asm before).  If someone who's knowledgeable about this
code could chime in, I'd appreciate it.

-Scott

next             reply	other threads:[~2023-04-19 21:55 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-19 21:53 Scott Mayhew [this message]
2023-04-28  9:44 ` RPCSEC GSS krb5 KUnit test fails on arm64 with h/w accelerated ciphers enabled Herbert Xu
2023-04-28  9:57   ` Ard Biesheuvel
2023-04-28 12:59     ` Chuck Lever III
2023-04-28 16:09       ` Ard Biesheuvel
2023-04-28 16:18         ` Chuck Lever III
2023-04-28 16:48           ` Ard Biesheuvel
2023-04-28 23:46             ` Eric Biggers
2023-05-01 13:02             ` Scott Mayhew

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:0e834a2c062 dfblob:477605fad76 )
 OR (
bs:"RPCSEC GSS krb5 KUnit test fails on arm64 with h/w accelerated ciphers enabled" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZEBi8ReG9LKLcmW3@aion.usersys.redhat.com \
    --to=smayhew@redhat.com \
    --cc=chuck.lever@oracle.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox