From: Scott Mayhew <smayhew@redhat.com>
To: Chuck Lever III <chuck.lever@oracle.com>
Cc: David Howells <dhowells@redhat.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Ard Biesheuvel <ardb@kernel.org>,
Jeff Layton <jlayton@kernel.org>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>
Subject: Re: Did the in-kernel Camellia or CMAC crypto implementation break?
Date: Wed, 12 Apr 2023 13:44:52 -0400 [thread overview]
Message-ID: <ZDbuFO+f8FCvrawH@aion.usersys.redhat.com> (raw)
In-Reply-To: <48886D84-1A04-4B07-A666-BB56684E759F@oracle.com>
On Wed, 12 Apr 2023, Chuck Lever III wrote:
>
>
> > On Apr 12, 2023, at 11:56 AM, David Howells <dhowells@redhat.com> wrote:
> >
> > Hi Chuck, Herbert,
> >
> > I was trying to bring my krb5 crypto lib patches up to date, but noticed that
> > the Camellia encryption selftests are failing (the key derivation tests work,
> > but the crypto tests failed).
> >
> > After some investigation that didn't get anywhere, I tried the sunrpc kunit
> > tests that Chuck added - and those fail similarly (dmesg attached below). I
> > tried the hardware accelerated version also and that has the same failure.
>
> Ah, I see Scott is Cc'd. Yes, Scott reported this to me yesterday.
Yes, I found that if I run the test via kunit.py it works fine. If I
try to run it via loading the gss_krb5_test module, the checksum tests
fail. But if I build the tests directly into the kernel, then they also
run fine.
-Scott
>
>
> > Note that Chuck and I implemented the kerberos Camellia routines
> > independently.
>
> Yes, but we implemented the same unit tests (from RFC 6803).
>
>
> > David
> > ---
> > KTAP version 1
> > # Subtest: RFC 6803 suite
> > 1..3
> > KTAP version 1
> > # Subtest: RFC 6803 key derivation
> > ok 1 Derive Kc subkey for camellia128-cts-cmac
> > ok 2 Derive Ke subkey for camellia128-cts-cmac
> > ok 3 Derive Ki subkey for camellia128-cts-cmac
> > ok 4 Derive Kc subkey for camellia256-cts-cmac
> > ok 5 Derive Ke subkey for camellia256-cts-cmac
> > ok 6 Derive Ki subkey for camellia256-cts-cmac
> > # RFC 6803 key derivation: pass:6 fail:0 skip:0 total:6
> > ok 1 RFC 6803 key derivation
> > KTAP version 1
> > # Subtest: RFC 6803 checksum
> > ok 1 camellia128-cts-cmac checksum test 1
> > ok 2 camellia128-cts-cmac checksum test 2
> > ok 3 camellia256-cts-cmac checksum test 3
> > ok 4 camellia256-cts-cmac checksum test 4
> > # RFC 6803 checksum: pass:4 fail:0 skip:0 total:4
> > ok 2 RFC 6803 checksum
> > KTAP version 1
> > # Subtest: RFC 6803 encryption
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 135 (0x87)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -108 (0xffffffffffffff94)
> >
> > HMAC mismatch
> > not ok 1 Encrypt empty plaintext with camellia128-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -49 (0xffffffffffffffcf)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -3 (0xfffffffffffffffd)
> >
> > HMAC mismatch
> > not ok 2 Encrypt 1 byte with camellia128-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -36 (0xffffffffffffffdc)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 44 (0x2c)
> >
> > HMAC mismatch
> > not ok 3 Encrypt 9 bytes with camellia128-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -58 (0xffffffffffffffc6)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -103 (0xffffffffffffff99)
> >
> > HMAC mismatch
> > not ok 4 Encrypt 13 bytes with camellia128-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 160 (0xa0)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 95 (0x5f)
> >
> > HMAC mismatch
> > not ok 5 Encrypt 30 bytes with camellia128-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -150 (0xffffffffffffff6a)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 48 (0x30)
> >
> > HMAC mismatch
> > not ok 6 Encrypt empty plaintext with camellia256-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 24 (0x18)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 22 (0x16)
> >
> > HMAC mismatch
> > not ok 7 Encrypt 1 byte with camellia256-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 108 (0x6c)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -106 (0xffffffffffffff96)
> >
> > HMAC mismatch
> > not ok 8 Encrypt 9 bytes with camellia256-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 64 (0x40)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -196 (0xffffffffffffff3c)
> >
> > HMAC mismatch
> > not ok 9 Encrypt 13 bytes with camellia256-cts-cmac
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> > Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> > memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -238 (0xffffffffffffff12)
> >
> > encrypted result mismatch
> > # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> > Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> > memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 168 (0xa8)
> >
> > HMAC mismatch
> > not ok 10 Encrypt 30 bytes with camellia256-cts-cmac
> > # RFC 6803 encryption: pass:0 fail:10 skip:0 total:10
> > not ok 3 RFC 6803 encryption
> > # RFC 6803 suite: pass:2 fail:1 skip:0 total:3
> > # Totals: pass:10 fail:10 skip:0 total:20
> > not ok 3 RFC 6803 suite
> >
>
> --
> Chuck Lever
>
>
next prev parent reply other threads:[~2023-04-12 17:45 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-12 15:56 Did the in-kernel Camellia or CMAC crypto implementation break? David Howells
2023-04-12 16:57 ` Chuck Lever III
2023-04-12 17:44 ` Scott Mayhew [this message]
2023-04-12 17:50 ` David Howells
2023-04-13 6:07 ` Herbert Xu
2023-04-13 6:36 ` David Howells
2023-04-13 6:40 ` Herbert Xu
2023-04-13 8:59 ` David Howells
2023-04-13 13:55 ` David Howells
2023-04-14 2:08 ` Herbert Xu
2023-04-14 8:47 ` David Howells
2023-04-14 8:52 ` Herbert Xu
2023-04-14 10:17 ` David Howells
2023-04-14 10:18 ` Herbert Xu
2023-04-14 10:34 ` David Howells
2023-04-14 11:04 ` Herbert Xu
2023-04-14 12:32 ` David Howells
2023-05-22 21:07 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZDbuFO+f8FCvrawH@aion.usersys.redhat.com \
--to=smayhew@redhat.com \
--cc=ardb@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=jlayton@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox