Did the in-kernel Camellia or CMAC crypto implementation break?

Linux NFS development
 help / color / mirror / Atom feed

From: David Howells <dhowells@redhat.com>
To: Chuck Lever <chuck.lever@oracle.com>,
	Herbert Xu <herbert@gondor.apana.org.au>
Cc: dhowells@redhat.com, Scott Mayhew <smayhew@redhat.com>,
	Ard Biesheuvel <ardb@kernel.org>,
	Jeff Layton <jlayton@kernel.org>,
	linux-nfs@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: Did the in-kernel Camellia or CMAC crypto implementation break?
Date: Wed, 12 Apr 2023 16:56:37 +0100	[thread overview]
Message-ID: <380323.1681314997@warthog.procyon.org.uk> (raw)

Hi Chuck, Herbert,

I was trying to bring my krb5 crypto lib patches up to date, but noticed that
the Camellia encryption selftests are failing (the key derivation tests work,
but the crypto tests failed).

After some investigation that didn't get anywhere, I tried the sunrpc kunit
tests that Chuck added - and those fail similarly (dmesg attached below).  I
tried the hardware accelerated version also and that has the same failure.

Note that Chuck and I implemented the kerberos Camellia routines
independently.

David
---
    KTAP version 1
    # Subtest: RFC 6803 suite
    1..3
        KTAP version 1
        # Subtest: RFC 6803 key derivation
        ok 1 Derive Kc subkey for camellia128-cts-cmac
        ok 2 Derive Ke subkey for camellia128-cts-cmac
        ok 3 Derive Ki subkey for camellia128-cts-cmac
        ok 4 Derive Kc subkey for camellia256-cts-cmac
        ok 5 Derive Ke subkey for camellia256-cts-cmac
        ok 6 Derive Ki subkey for camellia256-cts-cmac
    # RFC 6803 key derivation: pass:6 fail:0 skip:0 total:6
    ok 1 RFC 6803 key derivation
        KTAP version 1
        # Subtest: RFC 6803 checksum
        ok 1 camellia128-cts-cmac checksum test 1
        ok 2 camellia128-cts-cmac checksum test 2
        ok 3 camellia256-cts-cmac checksum test 3
        ok 4 camellia256-cts-cmac checksum test 4
    # RFC 6803 checksum: pass:4 fail:0 skip:0 total:4
    ok 2 RFC 6803 checksum
        KTAP version 1
        # Subtest: RFC 6803 encryption
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 135 (0x87)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -108 (0xffffffffffffff94)

HMAC mismatch
        not ok 1 Encrypt empty plaintext with camellia128-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -49 (0xffffffffffffffcf)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -3 (0xfffffffffffffffd)

HMAC mismatch
        not ok 2 Encrypt 1 byte with camellia128-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -36 (0xffffffffffffffdc)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 44 (0x2c)

HMAC mismatch
        not ok 3 Encrypt 9 bytes with camellia128-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -58 (0xffffffffffffffc6)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -103 (0xffffffffffffff99)

HMAC mismatch
        not ok 4 Encrypt 13 bytes with camellia128-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 160 (0xa0)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 95 (0x5f)

HMAC mismatch
        not ok 5 Encrypt 30 bytes with camellia128-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -150 (0xffffffffffffff6a)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 48 (0x30)

HMAC mismatch
        not ok 6 Encrypt empty plaintext with camellia256-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 24 (0x18)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 22 (0x16)

HMAC mismatch
        not ok 7 Encrypt 1 byte with camellia256-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 108 (0x6c)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -106 (0xffffffffffffff96)

HMAC mismatch
        not ok 8 Encrypt 9 bytes with camellia256-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 64 (0x40)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -196 (0xffffffffffffff3c)

HMAC mismatch
        not ok 9 Encrypt 13 bytes with camellia256-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -238 (0xffffffffffffff12)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 168 (0xa8)

HMAC mismatch
        not ok 10 Encrypt 30 bytes with camellia256-cts-cmac
    # RFC 6803 encryption: pass:0 fail:10 skip:0 total:10
    not ok 3 RFC 6803 encryption
# RFC 6803 suite: pass:2 fail:1 skip:0 total:3
# Totals: pass:10 fail:10 skip:0 total:20
not ok 3 RFC 6803 suite

next             reply	other threads:[~2023-04-12 15:57 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-12 15:56 David Howells [this message]
2023-04-12 16:57 ` Did the in-kernel Camellia or CMAC crypto implementation break? Chuck Lever III
2023-04-12 17:44   ` Scott Mayhew
2023-04-12 17:50     ` David Howells
2023-04-13  6:07       ` Herbert Xu
2023-04-13  6:36         ` David Howells
2023-04-13  6:40           ` Herbert Xu
2023-04-13  8:59             ` David Howells
2023-04-13 13:55   ` David Howells
2023-04-14  2:08     ` Herbert Xu
2023-04-14  8:47       ` David Howells
2023-04-14  8:52         ` Herbert Xu
2023-04-14 10:17           ` David Howells
2023-04-14 10:18             ` Herbert Xu
2023-04-14 10:34               ` David Howells
2023-04-14 11:04                 ` Herbert Xu
2023-04-14 12:32               ` David Howells
2023-05-22 21:07           ` David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=380323.1681314997@warthog.procyon.org.uk \
    --to=dhowells@redhat.com \
    --cc=ardb@kernel.org \
    --cc=chuck.lever@oracle.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=jlayton@kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=smayhew@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox