Re: Did the in-kernel Camellia or CMAC crypto implementation break?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


> On Apr 12, 2023, at 11:56 AM, David Howells <dhowells@xxxxxxxxxx> wrote:
> 
> Hi Chuck, Herbert,
> 
> I was trying to bring my krb5 crypto lib patches up to date, but noticed that
> the Camellia encryption selftests are failing (the key derivation tests work,
> but the crypto tests failed).
> 
> After some investigation that didn't get anywhere, I tried the sunrpc kunit
> tests that Chuck added - and those fail similarly (dmesg attached below).  I
> tried the hardware accelerated version also and that has the same failure.

Ah, I see Scott is Cc'd. Yes, Scott reported this to me yesterday.


> Note that Chuck and I implemented the kerberos Camellia routines
> independently.

Yes, but we implemented the same unit tests (from RFC 6803).


> David
> ---
>    KTAP version 1
>    # Subtest: RFC 6803 suite
>    1..3
>        KTAP version 1
>        # Subtest: RFC 6803 key derivation
>        ok 1 Derive Kc subkey for camellia128-cts-cmac
>        ok 2 Derive Ke subkey for camellia128-cts-cmac
>        ok 3 Derive Ki subkey for camellia128-cts-cmac
>        ok 4 Derive Kc subkey for camellia256-cts-cmac
>        ok 5 Derive Ke subkey for camellia256-cts-cmac
>        ok 6 Derive Ki subkey for camellia256-cts-cmac
>    # RFC 6803 key derivation: pass:6 fail:0 skip:0 total:6
>    ok 1 RFC 6803 key derivation
>        KTAP version 1
>        # Subtest: RFC 6803 checksum
>        ok 1 camellia128-cts-cmac checksum test 1
>        ok 2 camellia128-cts-cmac checksum test 2
>        ok 3 camellia256-cts-cmac checksum test 3
>        ok 4 camellia256-cts-cmac checksum test 4
>    # RFC 6803 checksum: pass:4 fail:0 skip:0 total:4
>    ok 2 RFC 6803 checksum
>        KTAP version 1
>        # Subtest: RFC 6803 encryption
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
>    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
>        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 135 (0x87)
> 
> encrypted result mismatch
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
>    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
>        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -108 (0xffffffffffffff94)
> 
> HMAC mismatch
>        not ok 1 Encrypt empty plaintext with camellia128-cts-cmac
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
>    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
>        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -49 (0xffffffffffffffcf)
> 
> encrypted result mismatch
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
>    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
>        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -3 (0xfffffffffffffffd)
> 
> HMAC mismatch
>        not ok 2 Encrypt 1 byte with camellia128-cts-cmac
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
>    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
>        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -36 (0xffffffffffffffdc)
> 
> encrypted result mismatch
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
>    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
>        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 44 (0x2c)
> 
> HMAC mismatch
>        not ok 3 Encrypt 9 bytes with camellia128-cts-cmac
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
>    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
>        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -58 (0xffffffffffffffc6)
> 
> encrypted result mismatch
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
>    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
>        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -103 (0xffffffffffffff99)
> 
> HMAC mismatch
>        not ok 4 Encrypt 13 bytes with camellia128-cts-cmac
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
>    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
>        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 160 (0xa0)
> 
> encrypted result mismatch
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
>    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
>        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 95 (0x5f)
> 
> HMAC mismatch
>        not ok 5 Encrypt 30 bytes with camellia128-cts-cmac
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
>    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
>        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -150 (0xffffffffffffff6a)
> 
> encrypted result mismatch
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
>    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
>        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 48 (0x30)
> 
> HMAC mismatch
>        not ok 6 Encrypt empty plaintext with camellia256-cts-cmac
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
>    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
>        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 24 (0x18)
> 
> encrypted result mismatch
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
>    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
>        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 22 (0x16)
> 
> HMAC mismatch
>        not ok 7 Encrypt 1 byte with camellia256-cts-cmac
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
>    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
>        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 108 (0x6c)
> 
> encrypted result mismatch
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
>    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
>        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -106 (0xffffffffffffff96)
> 
> HMAC mismatch
>        not ok 8 Encrypt 9 bytes with camellia256-cts-cmac
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
>    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
>        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 64 (0x40)
> 
> encrypted result mismatch
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
>    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
>        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -196 (0xffffffffffffff3c)
> 
> HMAC mismatch
>        not ok 9 Encrypt 13 bytes with camellia256-cts-cmac
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
>    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
>        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -238 (0xffffffffffffff12)
> 
> encrypted result mismatch
>    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
>    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
>        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 168 (0xa8)
> 
> HMAC mismatch
>        not ok 10 Encrypt 30 bytes with camellia256-cts-cmac
>    # RFC 6803 encryption: pass:0 fail:10 skip:0 total:10
>    not ok 3 RFC 6803 encryption
> # RFC 6803 suite: pass:2 fail:1 skip:0 total:3
> # Totals: pass:10 fail:10 skip:0 total:20
> not ok 3 RFC 6803 suite
> 

--
Chuck Lever
[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux