Description of problem: libblockdev regression failed after enable fips Version-Release number of selected component (if applicable): 5.14.0-299.el9.x86_64 udisks2-2.9.4-7.el9.x86_64 libblockdev-2.28-5.el9.x86_64 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: root@storageqe-65 tests]# python3 run_tests.py crypto_test /root/rpmbuild/BUILD/libblockdev-2.28/tests/crypto_test.py:14: PyGIWarning: BlockDev was imported without specifying a version first. Use gi.require_version('BlockDev', '2.0') before import to ensure that the right version gets loaded. from gi.repository import BlockDev, GLib test_luks2_add_key (crypto_test.CryptoTestAddKey) ... ok test_luks_add_key (crypto_test.CryptoTestAddKey) ... ok test_bitlk_open_close (crypto_test.CryptoTestBitlk) Verify that opening/closing a BitLocker device works ... ok test_luks2_change_key (crypto_test.CryptoTestChangeKey) ... ok test_luks_change_key (crypto_test.CryptoTestChangeKey) ... ok test_error_locale_key (crypto_test.CryptoTestErrorLocale) ... ok test_backup_passphrase (crypto_test.CryptoTestEscrow) Verify that a backup passphrase can be created for a device ... Generating key. This may take a few moments... ERROR test_escrow_packet (crypto_test.CryptoTestEscrow) Verify that an escrow packet can be created for a device ... Generating key. This may take a few moments... ERROR test_luks2_format (crypto_test.CryptoTestFormat) Verify that formating device as LUKS 2 works ... ERROR test_luks_format (crypto_test.CryptoTestFormat) Verify that formating device as LUKS works ... ok test_luks_format_key_size (crypto_test.CryptoTestFormat) Verify that formating device as LUKS works ... ok test_generate_backup_passhprase (crypto_test.CryptoTestGenerateBackupPassphrase) Verify that backup passphrase generation works as expected ... ok test_luks2_get_metadata_size (crypto_test.CryptoTestGetMetadataSize) Verify that getting LUKS 2 device metadata size works ... ok test_luks_get_metadata_size (crypto_test.CryptoTestGetMetadataSize) Verify that getting LUKS device metadata size works ... ok test_luks2_get_uuid (crypto_test.CryptoTestGetUUID) ... ok test_luks_get_uuid (crypto_test.CryptoTestGetUUID) ... ok test_luks2_header_backup_restore (crypto_test.CryptoTestHeaderBackupRestore) Verify that header backup/restore with LUKS2 works ... ok test_luks_header_backup_restore (crypto_test.CryptoTestHeaderBackupRestore) Verify that header backup/restore with LUKS works ... ok test_luks2_format (crypto_test.CryptoTestInfo) Verify that we can get information about a LUKS 2 device ... ok test_luks_format (crypto_test.CryptoTestInfo) Verify that we can get information about a LUKS device ... ok test_integrity (crypto_test.CryptoTestIntegrity) ... ok test_integrity_wipe (crypto_test.CryptoTestIntegrity) ... ok test_is_luks (crypto_test.CryptoTestIsLuks) ... ok test_is_luks2 (crypto_test.CryptoTestIsLuks) ... ok test_luks2_kill_slot (crypto_test.CryptoTestKillSlot) Verify that killing a key slot on LUKS 2 device works ... ok test_luks_kill_slot (crypto_test.CryptoTestKillSlot) Verify that killing a key slot on LUKS device works ... ok test_luks2_integrity (crypto_test.CryptoTestLUKS2Integrity) Verify that we can get create a LUKS 2 device with integrity ... ok test_luks2_open_rw (crypto_test.CryptoTestLuksOpenRW) ... ok test_luks_open_rw (crypto_test.CryptoTestLuksOpenRW) ... ok test_luks2_sector_size_autodetect (crypto_test.CryptoTestLuksSectorSize) Verify that we can autodetect 4k drives and set 4k sector size for them ... ok test_luks2_status (crypto_test.CryptoTestLuksStatus) ... ok test_luks_status (crypto_test.CryptoTestLuksStatus) ... ok test_luks2_open_close (crypto_test.CryptoTestOpenClose) ... ok test_luks_open_close (crypto_test.CryptoTestOpenClose) ... ok test_luks2_remove_key (crypto_test.CryptoTestRemoveKey) ... ok test_luks_remove_key (crypto_test.CryptoTestRemoveKey) ... ok test_luks2_resize (crypto_test.CryptoTestResize) Verify that resizing LUKS 2 device works ... ok test_luks_resize (crypto_test.CryptoTestResize) Verify that resizing LUKS device works ... ok test_luks2_suspend_resume (crypto_test.CryptoTestSuspendResume) Verify that suspending/resuming LUKS 2 device works ... ok test_luks_suspend_resume (crypto_test.CryptoTestSuspendResume) Verify that suspending/resuming LUKS device works ... ok test_truecrypt_open_close (crypto_test.CryptoTestTrueCrypt) Verify that opening/closing TrueCrypt device works ... ok test_veracrypt_open_close (crypto_test.CryptoTestTrueCrypt) Verify that opening/closing VeraCrypt device works ... ok ====================================================================== ERROR: test_backup_passphrase (crypto_test.CryptoTestEscrow) Verify that a backup passphrase can be created for a device ---------------------------------------------------------------------- Traceback (most recent call last): File "/root/rpmbuild/BUILD/libblockdev-2.28/tests/crypto_test.py", line 725, in test_backup_passphrase succ = BlockDev.crypto_escrow_device(self.loop_dev, PASSWD, cert_file.read(), File "/root/rpmbuild/BUILD/libblockdev-2.28/src/python/gi/overrides/BlockDev.py", line 254, in crypto_escrow_device return _crypto_escrow_device(device, passphrase, cert_data, directory, backup_passphrase) gi.repository.GLib.GError: g-bd-crypto-error-quark: Failed to get escrow data: security library: received bad data. (12) ====================================================================== ERROR: test_escrow_packet (crypto_test.CryptoTestEscrow) Verify that an escrow packet can be created for a device ---------------------------------------------------------------------- Traceback (most recent call last): File "/root/rpmbuild/BUILD/libblockdev-2.28/tests/crypto_test.py", line 682, in test_escrow_packet succ = BlockDev.crypto_escrow_device(self.loop_dev, PASSWD, cert_file.read(), File "/root/rpmbuild/BUILD/libblockdev-2.28/src/python/gi/overrides/BlockDev.py", line 254, in crypto_escrow_device return _crypto_escrow_device(device, passphrase, cert_data, directory, backup_passphrase) gi.repository.GLib.GError: g-bd-crypto-error-quark: Failed to get escrow data: security library: received bad data. (12) ====================================================================== ERROR: test_luks2_format (crypto_test.CryptoTestFormat) Verify that formating device as LUKS 2 works ---------------------------------------------------------------------- Traceback (most recent call last): File "/root/rpmbuild/BUILD/libblockdev-2.28/tests/crypto_test.py", line 181, in test_luks2_format succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-xts-plain64", 0, None, self.keyfile, 0, File "/root/rpmbuild/BUILD/libblockdev-2.28/src/python/gi/overrides/BlockDev.py", line 224, in crypto_luks_format return _crypto_luks_format(device, cipher, key_size, passphrase, key_file, min_entropy, luks_version, extra) gi.repository.GLib.GError: g-bd-crypto-error-quark: Failed to format device: Invalid argument (3) ---------------------------------------------------------------------- Ran 42 tests in 531.140s FAILED (errors=3) [root@storageqe-65 tests]#
The two crypto_test.CryptoTestEscrow test cases are failing because of https://bugzilla.redhat.com/show_bug.cgi?id=2143223 The crypto_test.CryptoTestFormat test case is failing because we are trying to create a LUKS2 with argon2id which is not supported in FIPS. The tests were not written with FIPS support in mind and in general, I don't plan to support FIPS in the tests.
have added 'tested' to verified ,please move to next.
any update ?