From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 61E38C3ABDD for ; Tue, 20 May 2025 14:58:46 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uHOQ9-0001IJ-LD; Tue, 20 May 2025 10:58:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uHOQ6-0001Ht-BQ for qemu-devel@nongnu.org; Tue, 20 May 2025 10:58:18 -0400 Received: from smtp-out2.suse.de ([2a07:de40:b251:101:10:150:64:2]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uHOQ3-00010L-U4 for qemu-devel@nongnu.org; Tue, 20 May 2025 10:58:18 -0400 Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id AAE6B2075D; Tue, 20 May 2025 14:58:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1747753092; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=zc0NXxGaHDQilt4Hjkb52J4hyjntzmNysUNSSQjbnqo=; b=A8M1a7bwJxwIEh4Ra+2PT47u9pCkyPCtuqtOE0cuKSCu74yVAy7v8zMmcLWkwspusIQ5Bw 8PLpmLtNJ//yTYR9NKtYnf9+Fn3qqzpetlB0cIeFshX+lMYA2l0bigKa0GjBKggFDs7c6U TEz5ksB9fODTQgYOg1n7AChMxR9a+v4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1747753092; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=zc0NXxGaHDQilt4Hjkb52J4hyjntzmNysUNSSQjbnqo=; b=1dWi5dCgt+HWmo4tnRCmUdlzsqGkWf38Gkgg+opPpUWnaP7YqO7TJ4HdBM1EU3gwct+MUD BgazlstvBGpnd9Ag== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1747753092; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=zc0NXxGaHDQilt4Hjkb52J4hyjntzmNysUNSSQjbnqo=; b=A8M1a7bwJxwIEh4Ra+2PT47u9pCkyPCtuqtOE0cuKSCu74yVAy7v8zMmcLWkwspusIQ5Bw 8PLpmLtNJ//yTYR9NKtYnf9+Fn3qqzpetlB0cIeFshX+lMYA2l0bigKa0GjBKggFDs7c6U TEz5ksB9fODTQgYOg1n7AChMxR9a+v4= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1747753092; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=zc0NXxGaHDQilt4Hjkb52J4hyjntzmNysUNSSQjbnqo=; b=1dWi5dCgt+HWmo4tnRCmUdlzsqGkWf38Gkgg+opPpUWnaP7YqO7TJ4HdBM1EU3gwct+MUD BgazlstvBGpnd9Ag== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 1530013888; Tue, 20 May 2025 14:58:11 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id 2jdlMYOYLGjcLAAAD6G6ig (envelope-from ); Tue, 20 May 2025 14:58:11 +0000 From: Fabiano Rosas To: Jamin Lin via , =?utf-8?Q?C=C3=A9dric?= Le Goater , Peter Maydell , Steven Lee , Troy Lee , Andrew Jeffery , Joel Stanley , Laurent Vivier , Paolo Bonzini , "open list:ASPEED BMCs" , "open list:All patches CC here" Cc: jamin_lin@aspeedtech.com, troy_lee@aspeedtech.com Subject: Re: [PATCH v3 00/28] Fix incorrect hash results on AST2700 In-Reply-To: <20250515081008.583578-1-jamin_lin@aspeedtech.com> References: <20250515081008.583578-1-jamin_lin@aspeedtech.com> Date: Tue, 20 May 2025 11:58:09 -0300 Message-ID: <8734cz72im.fsf@suse.de> MIME-Version: 1.0 Content-Type: text/plain X-Spamd-Result: default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; FUZZY_BLOCKED(0.00)[rspamd.com]; FREEMAIL_ENVRCPT(0.00)[gmail.com]; URIBL_BLOCKED(0.00)[imap1.dmz-prg2.suse.org:helo,suse.de:email,suse.de:mid,ast2700-default:email,nongnu.org:email]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FREEMAIL_TO(0.00)[nongnu.org,kaod.org,linaro.org,aspeedtech.com,gmail.com,codeconstruct.com.au,jms.id.au,redhat.com]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; RCPT_COUNT_TWELVE(0.00)[13]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_ALL(0.00)[]; MISSING_XM_UA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email,suse.de:mid] Received-SPF: pass client-ip=2a07:de40:b251:101:10:150:64:2; envelope-from=farosas@suse.de; helo=smtp-out2.suse.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Jamin Lin via writes: > v1: > 1. Added support for 64-bit DMA in the HACE model > 2. Refactored the do_hash operation in the HACE model > 3. Fixed a crash caused by out-of-bound memory access in HACE > 4. Added more trace events and implemented dumping of source hash data and > resulting digests to improve debugging > 5. Refactored the HACE QTest framework to support both AST1030 and AST2700 > 6. Added a test case for SHA384 > > v2: > 1. Create new helper functions > hash_get_source_addr > hash_prepare_direct_iov > hash_prepare_sg_iov > hash_get_digest_addr > hash_write_digest_and_unmap_iov > hash_execute_non_acc_mode > hash_execute_acc_mode > 2. Refactor do_hash_operation > 3. Fix review issue > 4. Revise trace-events > 5. Move register size to instance class and dynamically allocate regs > > v3: > 1. Split patch to introduce these routines one by one : > hash_prepare_sg_iov > hash_prepare_direct_iov > hash_execute_acc_mode > hash_execute_non_acc_mode > hash_write_digest_and_unmap_iov > 2. Fix run qtest failed > > This patchset resolves incorrect hash results reported on the AST2700 platform. > This update addresses the following kernel warnings and test failures related to > the crypto self-test framework: > > aspeed-hmac-sha512 test failed (incorrect result) > aspeed-hmac-sha384 test failed (incorrect result) > aspeed-sha512 test failed (incorrect result) > aspeed-sha384 test failed (incorrect result) > aspeed-hmac-sha256 test failed (incorrect result) > aspeed-hmac-sha224 test failed (incorrect result) > aspeed-hmac-sha1 test failed (incorrect result) > aspeed-sha224 test failed (incorrect result) > aspeed-sha256 test failed (incorrect result) > aspeed-sha1 test failed (incorrect result) > > How to test it > > Use the following command to dump information about the supported digest methods > via the ast_crypto_engine hardware engine: > > root@ast2700-default:~# openssl engine -pre DUMP_INFO ast_crypto_engine > > Digest SHA1, NID=64, AF_ALG info: name=sha1ALG_ERR: , driver=aspeed-sha1 (hw accelerated) > Digest SHA224, NID=675, AF_ALG info: name=sha224ALG_ERR: , driver=aspeed-sha224 (hw accelerated) > Digest SHA256, NID=672, AF_ALG info: name=sha256ALG_ERR: , driver=aspeed-sha256 (hw accelerated) > Digest SHA384, NID=673, AF_ALG info: name=sha384ALG_ERR: , driver=aspeed-sha384 (hw accelerated) > Digest SHA512, NID=674, AF_ALG info: name=sha512ALG_ERR: , driver=aspeed-sha512 (hw accelerated) > > The status of SHA1, SHA224, SHA256, SHA384, and SHA512 should be marked as > hw accelerated, indicating that these algorithms are supported by hardware > acceleration via the aspeed drivers. > > Create a test file on the host machine and compute its HASH value as the > expected result > > Create a 256MB test file > > $ dd if=/dev/random of=/tmp/256M bs=1M count=256 > Generate Hash Values Using SHA1, SHA224, SHA256, SHA384, and SHA512 > > Use the following commands to generate HASH values for a 256MB file using > different SHA algorithms: > > $ sha1sum /tmp/256M > 7fc628811a31ab87b0502dab3ed8d3ef07565885 /tmp/256M > > $ sha224sum /tmp/256M > 2d261c11ba05b3a62e0efeab51c307d9933426c7e18204683ef3da54 /tmp/256M > > $ sha256sum /tmp/256M > 5716d1700ee35c92ca5ca5b466639e9c36eed3f1447c1aec27f16d0fe113f94d /tmp/256M > > $ sha384sum /tmp/256M > fb6bc62afa1096dcd3b870e7d2546b7a5a177b5f2bbd5c9759218182454709e0c504a2d9c26404e04aa8010a291b7f1c /tmp/256M > > $ sha512sum /tmp/256M > fbceda7be34836fe857781656318ecd5b457a833a24c8736d5b8ef8d07e1950eebcdb140eebe4f12b5ff59586f7eb1c64fa95869c63dd9e4703d91261093c5c9 /tmp/256M > > Generate HASH Values Using the Hardware Engine > > Use the following commands to generate HASH values for a 256MB file using > various SHA algorithms with the ast_crypto_engine hardware engine: > > root@ast2700-default:~# openssl dgst -sha1 -engine ast_crypto_engine /tmp/256M > Engine "ast_crypto_engine" set. > SHA1(/tmp/256M)= 7fc628811a31ab87b0502dab3ed8d3ef07565885 > > root@ast2700-default:~# openssl dgst -sha224 -engine ast_crypto_engine /tmp/256M > Engine "ast_crypto_engine" set. > SHA2-224(/tmp/256M)= 2d261c11ba05b3a62e0efeab51c307d9933426c7e18204683ef3da54 > > root@ast2700-default:~# openssl dgst -sha256 -engine ast_crypto_engine /tmp/256M > Engine "ast_crypto_engine" set. > SHA2-256(/tmp/256M)= 5716d1700ee35c92ca5ca5b466639e9c36eed3f1447c1aec27f16d0fe113f94d > > root@ast2700-default:~# openssl dgst -sha384 -engine ast_crypto_engine /tmp/256M > Engine "ast_crypto_engine" set. > SHA2-384(/tmp/256M)= fb6bc62afa1096dcd3b870e7d2546b7a5a177b5f2bbd5c9759218182454709e0c504a2d9c26404e04aa8010a291b7f1c > > root@ast2700-default:~# openssl dgst -sha512 -engine ast_crypto_engine /tmp/256M > Engine "ast_crypto_engine" set. > SHA2-512(/tmp/256M)= fbceda7be34836fe857781656318ecd5b457a833a24c8736d5b8ef8d07e1950eebcdb140eebe4f12b5ff59586f7eb1c64fa95869c63dd9e4703d91261093c5c9 > > The HASH values generated here should exactly match those computed on the host > machine using sha shell commands, verifying both the correctness of the > hardware-accelerated results and the functionality of the ast_crypto_engine. > > Jamin Lin (28): > hw/misc/aspeed_hace: Remove unused code for better readability > hw/misc/aspeed_hace: Improve readability and consistency in variable > naming > hw/misc/aspeed_hace: Ensure HASH_IRQ is always set to prevent firmware > hang > hw/misc/aspeed_hace: Extract direct mode hash buffer setup into helper > function > hw/misc/aspeed_hace: Extract SG-mode hash buffer setup into helper > function > hw/misc/aspeed_hace: Extract digest write and iov unmap into helper > function > hw/misc/aspeed_hace: Extract non-accumulation hash execution into > helper function > hw/misc/aspeed_hace: Extract accumulation-mode hash execution into > helper function > hw/misc/aspeed_hace: Introduce 64-bit hash source address helper > function > hw/misc/aspeed_hace: Rename R_HASH_DEST to R_HASH_DIGEST and introduce > 64-bit hash digest address helper > hw/misc/aspeed_hace: Support accumulative mode for direct access mode > hw/misc/aspeed_hace: Move register size to instance class and > dynamically allocate regs > hw/misc/aspeed_hace: Add support for source, digest, key buffer 64 bit > addresses > hw/misc/aspeed_hace: Support DMA 64 bits dram address > hw/misc/aspeed_hace: Add trace-events for better debugging > hw/misc/aspeed_hace: Support to dump plaintext and digest for better > debugging > tests/qtest: Reorder aspeed test list > test/qtest: Introduce a new aspeed-hace-utils.c to place common > testcases > test/qtest/hace: Specify explicit array sizes for test vectors and > hash results > test/qtest/hace: Adjust test address range for AST1030 due to SRAM > limitations > test/qtest/hace: Add SHA-384 test cases for ASPEED HACE model > test/qtest/hace: Add SHA-384 tests for AST2600 > test/qtest/hace: Add tests for AST1030 > test/qtest/hace: Update source data and digest data type to 64-bit > test/qtest/hace: Support 64-bit source and digest addresses for > AST2700 > test/qtest/hace: Support to test upper 32 bits of digest and source > addresses > test/qtest/hace: Support to validate 64-bit hmac key buffer addresses > test/qtest/hace: Add tests for AST2700 > > include/hw/misc/aspeed_hace.h | 11 +- > tests/qtest/aspeed-hace-utils.h | 84 +++++ > hw/misc/aspeed_hace.c | 479 +++++++++++++++-------- > tests/qtest/aspeed-hace-utils.c | 646 ++++++++++++++++++++++++++++++++ > tests/qtest/aspeed_hace-test.c | 577 +++++----------------------- > tests/qtest/ast2700-hace-test.c | 98 +++++ > hw/misc/trace-events | 8 + > tests/qtest/meson.build | 13 +- > 8 files changed, 1279 insertions(+), 637 deletions(-) > create mode 100644 tests/qtest/aspeed-hace-utils.h > create mode 100644 tests/qtest/aspeed-hace-utils.c > create mode 100644 tests/qtest/ast2700-hace-test.c For qtest: Acked-by: Fabiano Rosas