Bug 2188749
| Summary: | [RHEL9] libblockdev crypto_test case failed after enable fips | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | guazhang <guazhang> |
| Component: | libblockdev | Assignee: | Vojtech Trefny <vtrefny> |
| Status: | VERIFIED --- | QA Contact: | guazhang <guazhang> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 9.3 | Keywords: | Triaged |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libblockdev-2.28-7.el9 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The two crypto_test.CryptoTestEscrow test cases are failing because of https://bugzilla.redhat.com/show_bug.cgi?id=2143223 The crypto_test.CryptoTestFormat test case is failing because we are trying to create a LUKS2 with argon2id which is not supported in FIPS. The tests were not written with FIPS support in mind and in general, I don't plan to support FIPS in the tests. have added 'tested' to verified ,please move to next. any update ? |
Description of problem: libblockdev regression failed after enable fips Version-Release number of selected component (if applicable): 5.14.0-299.el9.x86_64 udisks2-2.9.4-7.el9.x86_64 libblockdev-2.28-5.el9.x86_64 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: root@storageqe-65 tests]# python3 run_tests.py crypto_test /root/rpmbuild/BUILD/libblockdev-2.28/tests/crypto_test.py:14: PyGIWarning: BlockDev was imported without specifying a version first. Use gi.require_version('BlockDev', '2.0') before import to ensure that the right version gets loaded. from gi.repository import BlockDev, GLib test_luks2_add_key (crypto_test.CryptoTestAddKey) ... ok test_luks_add_key (crypto_test.CryptoTestAddKey) ... ok test_bitlk_open_close (crypto_test.CryptoTestBitlk) Verify that opening/closing a BitLocker device works ... ok test_luks2_change_key (crypto_test.CryptoTestChangeKey) ... ok test_luks_change_key (crypto_test.CryptoTestChangeKey) ... ok test_error_locale_key (crypto_test.CryptoTestErrorLocale) ... ok test_backup_passphrase (crypto_test.CryptoTestEscrow) Verify that a backup passphrase can be created for a device ... Generating key. This may take a few moments... ERROR test_escrow_packet (crypto_test.CryptoTestEscrow) Verify that an escrow packet can be created for a device ... Generating key. This may take a few moments... ERROR test_luks2_format (crypto_test.CryptoTestFormat) Verify that formating device as LUKS 2 works ... ERROR test_luks_format (crypto_test.CryptoTestFormat) Verify that formating device as LUKS works ... ok test_luks_format_key_size (crypto_test.CryptoTestFormat) Verify that formating device as LUKS works ... ok test_generate_backup_passhprase (crypto_test.CryptoTestGenerateBackupPassphrase) Verify that backup passphrase generation works as expected ... ok test_luks2_get_metadata_size (crypto_test.CryptoTestGetMetadataSize) Verify that getting LUKS 2 device metadata size works ... ok test_luks_get_metadata_size (crypto_test.CryptoTestGetMetadataSize) Verify that getting LUKS device metadata size works ... ok test_luks2_get_uuid (crypto_test.CryptoTestGetUUID) ... ok test_luks_get_uuid (crypto_test.CryptoTestGetUUID) ... ok test_luks2_header_backup_restore (crypto_test.CryptoTestHeaderBackupRestore) Verify that header backup/restore with LUKS2 works ... ok test_luks_header_backup_restore (crypto_test.CryptoTestHeaderBackupRestore) Verify that header backup/restore with LUKS works ... ok test_luks2_format (crypto_test.CryptoTestInfo) Verify that we can get information about a LUKS 2 device ... ok test_luks_format (crypto_test.CryptoTestInfo) Verify that we can get information about a LUKS device ... ok test_integrity (crypto_test.CryptoTestIntegrity) ... ok test_integrity_wipe (crypto_test.CryptoTestIntegrity) ... ok test_is_luks (crypto_test.CryptoTestIsLuks) ... ok test_is_luks2 (crypto_test.CryptoTestIsLuks) ... ok test_luks2_kill_slot (crypto_test.CryptoTestKillSlot) Verify that killing a key slot on LUKS 2 device works ... ok test_luks_kill_slot (crypto_test.CryptoTestKillSlot) Verify that killing a key slot on LUKS device works ... ok test_luks2_integrity (crypto_test.CryptoTestLUKS2Integrity) Verify that we can get create a LUKS 2 device with integrity ... ok test_luks2_open_rw (crypto_test.CryptoTestLuksOpenRW) ... ok test_luks_open_rw (crypto_test.CryptoTestLuksOpenRW) ... ok test_luks2_sector_size_autodetect (crypto_test.CryptoTestLuksSectorSize) Verify that we can autodetect 4k drives and set 4k sector size for them ... ok test_luks2_status (crypto_test.CryptoTestLuksStatus) ... ok test_luks_status (crypto_test.CryptoTestLuksStatus) ... ok test_luks2_open_close (crypto_test.CryptoTestOpenClose) ... ok test_luks_open_close (crypto_test.CryptoTestOpenClose) ... ok test_luks2_remove_key (crypto_test.CryptoTestRemoveKey) ... ok test_luks_remove_key (crypto_test.CryptoTestRemoveKey) ... ok test_luks2_resize (crypto_test.CryptoTestResize) Verify that resizing LUKS 2 device works ... ok test_luks_resize (crypto_test.CryptoTestResize) Verify that resizing LUKS device works ... ok test_luks2_suspend_resume (crypto_test.CryptoTestSuspendResume) Verify that suspending/resuming LUKS 2 device works ... ok test_luks_suspend_resume (crypto_test.CryptoTestSuspendResume) Verify that suspending/resuming LUKS device works ... ok test_truecrypt_open_close (crypto_test.CryptoTestTrueCrypt) Verify that opening/closing TrueCrypt device works ... ok test_veracrypt_open_close (crypto_test.CryptoTestTrueCrypt) Verify that opening/closing VeraCrypt device works ... ok ====================================================================== ERROR: test_backup_passphrase (crypto_test.CryptoTestEscrow) Verify that a backup passphrase can be created for a device ---------------------------------------------------------------------- Traceback (most recent call last): File "/root/rpmbuild/BUILD/libblockdev-2.28/tests/crypto_test.py", line 725, in test_backup_passphrase succ = BlockDev.crypto_escrow_device(self.loop_dev, PASSWD, cert_file.read(), File "/root/rpmbuild/BUILD/libblockdev-2.28/src/python/gi/overrides/BlockDev.py", line 254, in crypto_escrow_device return _crypto_escrow_device(device, passphrase, cert_data, directory, backup_passphrase) gi.repository.GLib.GError: g-bd-crypto-error-quark: Failed to get escrow data: security library: received bad data. (12) ====================================================================== ERROR: test_escrow_packet (crypto_test.CryptoTestEscrow) Verify that an escrow packet can be created for a device ---------------------------------------------------------------------- Traceback (most recent call last): File "/root/rpmbuild/BUILD/libblockdev-2.28/tests/crypto_test.py", line 682, in test_escrow_packet succ = BlockDev.crypto_escrow_device(self.loop_dev, PASSWD, cert_file.read(), File "/root/rpmbuild/BUILD/libblockdev-2.28/src/python/gi/overrides/BlockDev.py", line 254, in crypto_escrow_device return _crypto_escrow_device(device, passphrase, cert_data, directory, backup_passphrase) gi.repository.GLib.GError: g-bd-crypto-error-quark: Failed to get escrow data: security library: received bad data. (12) ====================================================================== ERROR: test_luks2_format (crypto_test.CryptoTestFormat) Verify that formating device as LUKS 2 works ---------------------------------------------------------------------- Traceback (most recent call last): File "/root/rpmbuild/BUILD/libblockdev-2.28/tests/crypto_test.py", line 181, in test_luks2_format succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-xts-plain64", 0, None, self.keyfile, 0, File "/root/rpmbuild/BUILD/libblockdev-2.28/src/python/gi/overrides/BlockDev.py", line 224, in crypto_luks_format return _crypto_luks_format(device, cipher, key_size, passphrase, key_file, min_entropy, luks_version, extra) gi.repository.GLib.GError: g-bd-crypto-error-quark: Failed to format device: Invalid argument (3) ---------------------------------------------------------------------- Ran 42 tests in 531.140s FAILED (errors=3) [root@storageqe-65 tests]#