2023-08-10 10:04:51

by Andy Chiu

[permalink] [raw]
Subject: Re: [PATCH v4 06/12] RISC-V: crypto: add Zvbb+Zvbc accelerated GCM GHASH implementation

On Tue, Jul 11, 2023 at 05:37:37PM +0200, Heiko Stuebner wrote:
Hi Heiko,

> From: Heiko Stuebner <[email protected]>
>
> Add a gcm hash implementation using the Zvbb+Zvbc crypto extensions.
> It gets possibly registered alongside the Zbc-based variant, with a higher
> priority so that the crypto subsystem will be able to select the most
> performant variant, but the algorithm itself will still be part of the
> crypto selftests that run during registration.
>

All newly added crypto algorithms are passing on my side, except for
this one. I was testing on a QEMU and toolchain that support the
frozen spec.

It seems like it was failing on a small 16-Byte input. Here are the
input, expected digest and the (mismatched-)result.

(gdb) x/2gx vec->key
0xffffffff8163cc38: 0x03db81ed4dbfa6df 0x61f030f895ffcaff
(gdb) x/2gx vec->plaintext
0xffffffff8163cc50: 0xc04a60a5562a2b95 0xb6405ba056662bb3
(gdb) x/2gx vec->digest
0xffffffff8163cc68: 0xb65bc5d20aeb53da 0x60dafec32c80c44f
(gdb) x/2gx result
0xff20000000943bb8: 0x0000000000000000 0xb18de0d5e7abcf10

And here is the bootlog, do you have any idea?
[ 5.007043] alg: shash: riscv64_zvbb_zvbc_ghash test failed (wrong result) on test vector 0, cfg="init+update+final aligned buffer"
[ 5.008164] alg: self-tests for ghash using riscv64_zvbb_zvbc_ghash failed (rc=-22)
[ 5.008450] ------------[ cut here ]------------
[ 5.009226] alg: self-tests for ghash using riscv64_zvbb_zvbc_ghash failed (rc=-22)
[ 5.010678] WARNING: CPU: 1 PID: 87 at crypto/testmgr.c:5867 alg_test+0x3e2/0x41e
[ 5.011792] Modules linked in:
[ 5.013314] CPU: 1 PID: 87 Comm: cryptomgr_test Not tainted 6.2.2-02529-g4b0fb43edd0f-dirty #37
[ 5.014037] Hardware name: riscv-virtio,qemu (DT)
[ 5.014582] epc : alg_test+0x3e2/0x41e
[ 5.014938] ra : alg_test+0x3e2/0x41e
[ 5.015256] epc : ffffffff80677744 ra : ffffffff80677744 sp : ff2000000095bd70
[ 5.015718] gp : ffffffff81c896b8 tp : ff6000000464d280 t0 : ffffffff81a2c970
[ 5.016171] t1 : ffffffffffffffff t2 : 2d2d2d2d2d2d2d2d s0 : ff2000000095be80
[ 5.016616] s1 : ffffffffffffffea a0 : 0000000000000047 a1 : ffffffff81a97c70
[ 5.017078] a2 : 0000000000000010 a3 : fffffffffffffffe a4 : 0000000000000000
[ 5.017582] a5 : 0000000000000000 a6 : 0000000000000000 a7 : 0000000000000000
[ 5.018079] s2 : 000000000000000e s3 : ff60000002adf200 s4 : ff60000002adf280
[ 5.018576] s5 : 0000000000000171 s6 : 00000000000000b8 s7 : 0000000000000088
[ 5.019083] s8 : ffffffffffffffff s9 : 00000000000000b8 s10: 0000000000002e00
[ 5.019584] s11: ffffffff8127fd78 t3 : ffffffff81ca0f17 t4 : ffffffff81ca0f17
[ 5.020074] t5 : ffffffff81ca0f18 t6 : ff2000000095bb88
[ 5.020455] status: 0000000200000120 badaddr: 0000000000000000 cause: 0000000000000003
[ 5.021234] [<ffffffff80677744>] alg_test+0x3e2/0x41e
[ 5.021906] [<ffffffff8067490e>] cryptomgr_test+0x28/0x4a
[ 5.022306] [<ffffffff80055ba0>] kthread+0xe0/0xf6
[ 5.022710] [<ffffffff80003edc>] ret_from_exception+0x0/0x16
[ 5.023755] ---[ end trace 0000000000000000 ]---

Thanks,
Andy