I wanted to use this file as an example of how to use black keys (and hopefully to extend that to black blobs).
I kept looking more and more closely at the example, because when it goes to use the black key to encrypt the data, it doesn't specify anything about that the key it wants to use is a black key. So why does it work? Does the CAAM automatically recognize a black key? The documentation doesn't say it does that.
Well, the explanation appears to be that it doesn't work. The sm_keystore_slot_encapsulate() and sm_keystore_decapsulate() calls fail with a generic "DMA error". So what happens is test loads in the clear text key, encapsulates it in place (which fails), then decapsulates it in place (which also fails), the result being that the clear text key is stored in the black key buffer. Then the procedure goes on to encrypt the data using the supposed black key (which explains why it works without specifying that it's a black key -- it's not a black key, and nobody tells the CAAM to load a black key, so of course it just does a normal encryption using the clear text key left in the buffer). Then it decrypts the data using the correct cleartext key, and reports "test match OK".
There is NO error checking on the encapsulate/decapsulate operations themselves. The tail end of int sm_keystore_slot_encapsulate() has the following:
jstat = sm_key_job(dev, encapdesc);
dma_unmap_single(dev, keymod_dma, keymodlen, DMA_TO_DEVICE);
i.e. nothing ever checks "jstat". In my version, I added code to call caam_jr_strstatus(), which is how I determined the generic "DMA error".
As a result, the entire test "succeeds" because it uses cleartext keys throughout.
So my question is this: does anyone know how to make the sm_test.c example work the way it's supposed to, with actually using black keys? I really wanted to use it as a concrete example!