tcrypt failing on hmac(crc32)

linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* tcrypt failing on hmac(crc32)
@ 2016-05-25  7:07 Marcus Meissner
  2016-05-25  7:10 ` Stephan Mueller
  0 siblings, 1 reply; 7+ messages in thread
From: Marcus Meissner @ 2016-05-25  7:07 UTC (permalink / raw)
  To: linux-crypto

Hi,

when enabling the testmgr framework and FIPS in 4.6 and 4.4 and running "modprobe tcrypt"

[ 1153.298266] alg: hash: Failed to load transform for hmac(crc32): -2
[ 1153.340636] tcrypt: one or more tests failed!

I spent some hours making sense of what is missing, but I got lost in the maze
of the crypto apis between sync and async hashes somewhere.

Does anyone know the solution for this, otherwise I will need to continue looking.

Ciao, Marcus

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: tcrypt failing on hmac(crc32)
  2016-05-25  7:07 tcrypt failing on hmac(crc32) Marcus Meissner
@ 2016-05-25  7:10 ` Stephan Mueller
  2016-05-25 11:36   ` Marcus Meissner
  0 siblings, 1 reply; 7+ messages in thread
From: Stephan Mueller @ 2016-05-25  7:10 UTC (permalink / raw)
  To: Marcus Meissner; +Cc: linux-crypto

Am Mittwoch, 25. Mai 2016, 09:07:52 schrieb Marcus Meissner:

Hi Marcus,

> Hi,
> 
> when enabling the testmgr framework and FIPS in 4.6 and 4.4 and running
> "modprobe tcrypt"

        }, {
                .alg = "hmac(crc32)",
                .test = alg_test_hash,
...

fips_allowed = 1 missing?
> 
> [ 1153.298266] alg: hash: Failed to load transform for hmac(crc32): -2
> [ 1153.340636] tcrypt: one or more tests failed!
> 
> I spent some hours making sense of what is missing, but I got lost in the
> maze of the crypto apis between sync and async hashes somewhere.
> 
> Does anyone know the solution for this, otherwise I will need to continue
> looking.
> 
> Ciao, Marcus
> --
> To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


Ciao
Stephan

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: tcrypt failing on hmac(crc32)
  2016-05-25  7:10 ` Stephan Mueller
@ 2016-05-25 11:36   ` Marcus Meissner
  2016-05-25 11:39     ` Stephan Mueller
  0 siblings, 1 reply; 7+ messages in thread
From: Marcus Meissner @ 2016-05-25 11:36 UTC (permalink / raw)
  To: Stephan Mueller; +Cc: linux-crypto

Hi,

On Wed, May 25, 2016 at 09:10:31AM +0200, Stephan Mueller wrote:
> Am Mittwoch, 25. Mai 2016, 09:07:52 schrieb Marcus Meissner:
> 
> Hi Marcus,
> 
> > Hi,
> > 
> > when enabling the testmgr framework and FIPS in 4.6 and 4.4 and running
> > "modprobe tcrypt"
> 
>         }, {
>                 .alg = "hmac(crc32)",
>                 .test = alg_test_hash,
> ...
> 
> fips_allowed = 1 missing?

The kernel was not in FIPS mode, and adding it did not help. :/

Ciao, Marcus

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: tcrypt failing on hmac(crc32)
  2016-05-25 11:36   ` Marcus Meissner
@ 2016-05-25 11:39     ` Stephan Mueller
  2016-05-25 13:05       ` Marcus Meissner
  0 siblings, 1 reply; 7+ messages in thread
From: Stephan Mueller @ 2016-05-25 11:39 UTC (permalink / raw)
  To: Marcus Meissner; +Cc: linux-crypto

Am Mittwoch, 25. Mai 2016, 13:36:10 schrieb Marcus Meissner:

Hi Marcus,

> Hi,
> 
> On Wed, May 25, 2016 at 09:10:31AM +0200, Stephan Mueller wrote:
> > Am Mittwoch, 25. Mai 2016, 09:07:52 schrieb Marcus Meissner:
> > 
> > Hi Marcus,
> > 
> > > Hi,
> > > 
> > > when enabling the testmgr framework and FIPS in 4.6 and 4.4 and running
> > > "modprobe tcrypt"
> > > 
> >         }, {
> >         
> >                 .alg = "hmac(crc32)",
> >                 .test = alg_test_hash,
> > 
> > ...
> > 
> > fips_allowed = 1 missing?
> 
> The kernel was not in FIPS mode, and adding it did not help. :/

Sorry, I read FIPS and implied fips=1 :-)

Ciao
Stephan

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: tcrypt failing on hmac(crc32)
  2016-05-25 11:39     ` Stephan Mueller
@ 2016-05-25 13:05       ` Marcus Meissner
  2016-05-27  9:19         ` Marcus Meissner
  0 siblings, 1 reply; 7+ messages in thread
From: Marcus Meissner @ 2016-05-25 13:05 UTC (permalink / raw)
  To: Stephan Mueller; +Cc: linux-crypto

On Wed, May 25, 2016 at 01:39:46PM +0200, Stephan Mueller wrote:
> Am Mittwoch, 25. Mai 2016, 13:36:10 schrieb Marcus Meissner:
> 
> Hi Marcus,
> 
> > Hi,
> > 
> > On Wed, May 25, 2016 at 09:10:31AM +0200, Stephan Mueller wrote:
> > > Am Mittwoch, 25. Mai 2016, 09:07:52 schrieb Marcus Meissner:
> > > 
> > > Hi Marcus,
> > > 
> > > > Hi,
> > > > 
> > > > when enabling the testmgr framework and FIPS in 4.6 and 4.4 and running
> > > > "modprobe tcrypt"
> > > > 
> > >         }, {
> > >         
> > >                 .alg = "hmac(crc32)",
> > >                 .test = alg_test_hash,
> > > 
> > > ...
> > > 
> > > fips_allowed = 1 missing?
> > 
> > The kernel was not in FIPS mode, and adding it did not help. :/
> 
> Sorry, I read FIPS and implied fips=1 :-)

I think we are running in a precondition

        ds = salg->digestsize;		// is CHKSUM_DIGEST_SIZE == 4 for CRC32
        ss = salg->statesize;		// ? cant find it
        alg = &salg->base; 		// base.cra_blocksize seems CHKSUM_BLOCKSIZE == 1
        if (ds > alg->cra_blocksize ||
            ss < alg->cra_blocksize)
                goto out_put_alg;

	4 > 1 ... so EINVAL return.

If this is the case, hmac(crc32) might be kind of non-sensical?

Ciao, Marcus

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: tcrypt failing on hmac(crc32)
  2016-05-25 13:05       ` Marcus Meissner
@ 2016-05-27  9:19         ` Marcus Meissner
  2016-05-27  9:24           ` Stephan Mueller
  0 siblings, 1 reply; 7+ messages in thread
From: Marcus Meissner @ 2016-05-27  9:19 UTC (permalink / raw)
  To: Stephan Mueller; +Cc: linux-crypto

On Wed, May 25, 2016 at 03:05:28PM +0200, Marcus Meissner wrote:
> On Wed, May 25, 2016 at 01:39:46PM +0200, Stephan Mueller wrote:
> > Am Mittwoch, 25. Mai 2016, 13:36:10 schrieb Marcus Meissner:
> > 
> > Hi Marcus,
> > 
> > > Hi,
> > > 
> > > On Wed, May 25, 2016 at 09:10:31AM +0200, Stephan Mueller wrote:
> > > > Am Mittwoch, 25. Mai 2016, 09:07:52 schrieb Marcus Meissner:
> > > > 
> > > > Hi Marcus,
> > > > 
> > > > > Hi,
> > > > > 
> > > > > when enabling the testmgr framework and FIPS in 4.6 and 4.4 and running
> > > > > "modprobe tcrypt"
> > > > > 
> > > >         }, {
> > > >         
> > > >                 .alg = "hmac(crc32)",
> > > >                 .test = alg_test_hash,
> > > > 
> > > > ...
> > > > 
> > > > fips_allowed = 1 missing?
> > > 
> > > The kernel was not in FIPS mode, and adding it did not help. :/
> > 
> > Sorry, I read FIPS and implied fips=1 :-)
> 
> I think we are running in a precondition
> 
>         ds = salg->digestsize;		// is CHKSUM_DIGEST_SIZE == 4 for CRC32
>         ss = salg->statesize;		// ? cant find it
>         alg = &salg->base; 		// base.cra_blocksize seems CHKSUM_BLOCKSIZE == 1
>         if (ds > alg->cra_blocksize ||
>             ss < alg->cra_blocksize)
>                 goto out_put_alg;
> 
> 	4 > 1 ... so EINVAL return.
> 
> If this is the case, hmac(crc32) might be kind of non-sensical?

And it actually is:

[  180.942532] hmac: blocksize check failed, ds=4, cra_blocksize=1, ss=4
[  180.942541] alg: hash: Failed to load transform for hmac(crc32): -2
[  180.989191] tcrypt: one or more tests failed!

Should I remove hmac(crc32) from the testmgr list?

Ciao, Marcus

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: tcrypt failing on hmac(crc32)
  2016-05-27  9:19         ` Marcus Meissner
@ 2016-05-27  9:24           ` Stephan Mueller
  0 siblings, 0 replies; 7+ messages in thread
From: Stephan Mueller @ 2016-05-27  9:24 UTC (permalink / raw)
  To: Marcus Meissner; +Cc: linux-crypto

Am Freitag, 27. Mai 2016, 11:19:32 schrieb Marcus Meissner:

Hi Marcus,

> 
> And it actually is:
> 
> [  180.942532] hmac: blocksize check failed, ds=4, cra_blocksize=1, ss=4
> [  180.942541] alg: hash: Failed to load transform for hmac(crc32): -2
> [  180.989191] tcrypt: one or more tests failed!
> 
> Should I remove hmac(crc32) from the testmgr list?

I am wondering about that: there are test vectors for this cipher, so there 
seem to be valid use cases. But the implementation is broken and nobody 
noticed up to now. So, it seems it is not in use?

Given that, I would think that hmac(crc32) could be removed from testmgr.

Ciao
Stephan

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2016-05-27  9:24 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-25  7:07 tcrypt failing on hmac(crc32) Marcus Meissner
2016-05-25  7:10 ` Stephan Mueller
2016-05-25 11:36   ` Marcus Meissner
2016-05-25 11:39     ` Stephan Mueller
2016-05-25 13:05       ` Marcus Meissner
2016-05-27  9:19         ` Marcus Meissner
2016-05-27  9:24           ` Stephan Mueller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).