From: Scott Mayhew <smayhew@redhat.com>
To: Chuck Lever III <chuck.lever@oracle.com>
Cc: David Howells <dhowells@redhat.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Ard Biesheuvel <ardb@kernel.org>,
Jeff Layton <jlayton@kernel.org>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>
Subject: Re: Did the in-kernel Camellia or CMAC crypto implementation break?
Date: Wed, 12 Apr 2023 13:44:52 -0400 [thread overview]
Message-ID: <ZDbuFO+f8FCvrawH@aion.usersys.redhat.com> (raw)
In-Reply-To: <48886D84-1A04-4B07-A666-BB56684E759F@oracle.com>
On Wed, 12 Apr 2023, Chuck Lever III wrote:
>
>
> > On Apr 12, 2023, at 11:56 AM, David Howells <dhowells@redhat.com> wrote:
> >
> > Hi Chuck, Herbert,
> >
> > I was trying to bring my krb5 crypto lib patches up to date, but noticed that
> > the Camellia encryption selftests are failing (the key derivation tests work,
> > but the crypto tests failed).
> >
> > After some investigation that didn't get anywhere, I tried the sunrpc kunit
> > tests that Chuck added - and those fail similarly (dmesg attached below). I
> > tried the hardware accelerated version also and that has the same failure.
>
> Ah, I see Scott is Cc'd. Yes, Scott reported this to me yesterday.
Yes, I found that if I run the test via kunit.py it works fine. If I
try to run it via loading the gss_krb5_test module, the checksum tests
fail. But if I build the tests directly into the kernel, then they also
run fine.
-Scott
>
>
> > Note that Chuck and I implemented the kerberos Camellia routines
> > independently.
>
> Yes, but we implemented the same unit tests (from RFC 6803).
>
>
> > David
> > ---
> > KTAP version 1
> > # Subtest: RFC 6803 suite
> > 1..3
> > KTAP version 1
> > # Subtest: RFC 6803 key derivation
> > ok 1 Derive Kc subkey for camellia128-cts-cmac
> > ok 2 Derive Ke subkey for camellia128-cts-cmac
> > ok 3 Derive Ki subkey for camellia128-cts-cmac
> > ok 4 Derive Kc subkey for camellia256-cts-cmac
> > ok 5 Derive Ke subkey for camellia256-cts-cmac
> > ok 6 Derive Ki subkey for camellia256-cts-cmac
> > # RFC 6803 key derivation: pass:6 fail:0 skip:0 total:6
> > ok 1 RFC 6803 key derivation
> > KTAP version 1
> > # Subtest: RFC 6803 checksum
> > ok 1 camellia128-cts-cmac checksum test 1
> > ok 2 camellia128-cts-cmac checksum test 2
> > ok 3 camellia256-cts-cmac checksum test 3
> > ok 4 camellia256-cts-cmac checksum test 4
> > # RFC 6803 checksum: pass:4 fail:0 skip:0 total:4
> > ok 2 RFC 6803 checksum
> > KTAP version 1
> > # Subtest: RFC 6803 encryption
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 135 (0x87)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -108 (0xffffffffffffff94)
> >
> > HMAC mismatch
> > not ok 1 Encrypt empty plaintext with camellia128-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -49 (0xffffffffffffffcf)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -3 (0xfffffffffffffffd)
> >
> > HMAC mismatch
> > not ok 2 Encrypt 1 byte with camellia128-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -36 (0xffffffffffffffdc)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 44 (0x2c)
> >
> > HMAC mismatch
> > not ok 3 Encrypt 9 bytes with camellia128-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -58 (0xffffffffffffffc6)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -103 (0xffffffffffffff99)
> >
> > HMAC mismatch
> > not ok 4 Encrypt 13 bytes with camellia128-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 160 (0xa0)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 95 (0x5f)
> >
> > HMAC mismatch
> > not ok 5 Encrypt 30 bytes with camellia128-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -150 (0xffffffffffffff6a)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 48 (0x30)
> >
> > HMAC mismatch
> > not ok 6 Encrypt empty plaintext with camellia256-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 24 (0x18)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 22 (0x16)
> >
> > HMAC mismatch
> > not ok 7 Encrypt 1 byte with camellia256-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 108 (0x6c)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -106 (0xffffffffffffff96)
> >
> > HMAC mismatch
> > not ok 8 Encrypt 9 bytes with camellia256-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 64 (0x40)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -196 (0xffffffffffffff3c)
> >
> > HMAC mismatch
> > not ok 9 Encrypt 13 bytes with camellia256-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -238 (0xffffffffffffff12)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 168 (0xa8)
> >
> > HMAC mismatch
> > not ok 10 Encrypt 30 bytes with camellia256-cts-cmac
> > # RFC 6803 encryption: pass:0 fail:10 skip:0 total:10
> > not ok 3 RFC 6803 encryption
> > # RFC 6803 suite: pass:2 fail:1 skip:0 total:3
> > # Totals: pass:10 fail:10 skip:0 total:20
> > not ok 3 RFC 6803 suite
> >
>
> --
> Chuck Lever
>
>
next prev parent reply other threads:[~2023-04-12 17:45 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-12 15:56 Did the in-kernel Camellia or CMAC crypto implementation break? David Howells
2023-04-12 16:57 ` Chuck Lever III
2023-04-12 17:44 ` Scott Mayhew [this message]
2023-04-12 17:50 ` David Howells
2023-04-13 6:07 ` Herbert Xu
2023-04-13 6:36 ` David Howells
2023-04-13 6:40 ` Herbert Xu
2023-04-13 8:59 ` David Howells
2023-04-13 13:55 ` David Howells
2023-04-14 2:08 ` Herbert Xu
2023-04-14 8:47 ` David Howells
2023-04-14 8:52 ` Herbert Xu
2023-04-14 10:17 ` David Howells
2023-04-14 10:18 ` Herbert Xu
2023-04-14 10:34 ` David Howells
2023-04-14 11:04 ` Herbert Xu
2023-04-14 12:32 ` David Howells
2023-05-22 21:07 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZDbuFO+f8FCvrawH@aion.usersys.redhat.com \
--to=smayhew@redhat.com \
--cc=ardb@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=jlayton@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.