On 9/9/25 3:51 PM, Harald Freudenberger wrote:
On 2025-09-09 14:15, Milan Broz wrote:
On 9/9/25 1:50 PM, Ingo Franzki wrote:
On 09.09.2025 13:47, Milan Broz wrote:
On 9/9/25 1:18 PM, Ingo Franzki wrote:
Please, revert my patches and run the same test on a clean
6.17.0-rc5 just
to verify that the patches do not introduce the bug.
With your patches reverted the combined mode fails the same way as
with your patches.
So they did not introduce the bug.
Please report it as cryptsetup issue with a reproducer so we can
later check it.
I don't think its a cryptsetup bug, its rather that dm-crypt is
missing something to deal with async HMAC ciphers.
The point is that PHMAC is a async-only cipher, with no sync variant.
I know, but there is no tracker for dm-crypt and what I like to have
some kind of upstream CI testing for PHMAC/PAES
even without mainframe hw (we already talked about a fake cipher
module).
Let me think about this a bit... You are suggesting a test kernel module
for
e.g. x64 which acts like the phmac/paes implementation in a asynchronous
way.
I'll discuss this with Ingo.
Just for the context - we do not need a real implementation, only something
that pretends the alg with that name exists so we can check all options.
In reality we just cloned SHA ans AES modules and renamed them - we do not
care that keys is not wrapped, we use it directly here. This allows us
to prepare a test script that can run in our CI without mainframe HW.
(These modules are compiled on the CI builder and loaded to the kernel.)
If cryptd() can be used here, we can trivially add async path testing.
It will not be perfect, but still better than nothing.
That's all, no real magic :)
Milan
