Re: Did the in-kernel Camellia or CMAC crypto implementation break?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 12 Apr 2023, Chuck Lever III wrote:

> 
> 
> > On Apr 12, 2023, at 11:56 AM, David Howells <dhowells@xxxxxxxxxx> wrote:
> > 
> > Hi Chuck, Herbert,
> > 
> > I was trying to bring my krb5 crypto lib patches up to date, but noticed that
> > the Camellia encryption selftests are failing (the key derivation tests work,
> > but the crypto tests failed).
> > 
> > After some investigation that didn't get anywhere, I tried the sunrpc kunit
> > tests that Chuck added - and those fail similarly (dmesg attached below).  I
> > tried the hardware accelerated version also and that has the same failure.
> 
> Ah, I see Scott is Cc'd. Yes, Scott reported this to me yesterday.

Yes, I found that if I run the test via kunit.py it works fine.  If I
try to run it via loading the gss_krb5_test module, the checksum tests
fail.  But if I build the tests directly into the kernel, then they also
run fine.

-Scott
> 
> 
> > Note that Chuck and I implemented the kerberos Camellia routines
> > independently.
> 
> Yes, but we implemented the same unit tests (from RFC 6803).
> 
> 
> > David
> > ---
> >    KTAP version 1
> >    # Subtest: RFC 6803 suite
> >    1..3
> >        KTAP version 1
> >        # Subtest: RFC 6803 key derivation
> >        ok 1 Derive Kc subkey for camellia128-cts-cmac
> >        ok 2 Derive Ke subkey for camellia128-cts-cmac
> >        ok 3 Derive Ki subkey for camellia128-cts-cmac
> >        ok 4 Derive Kc subkey for camellia256-cts-cmac
> >        ok 5 Derive Ke subkey for camellia256-cts-cmac
> >        ok 6 Derive Ki subkey for camellia256-cts-cmac
> >    # RFC 6803 key derivation: pass:6 fail:0 skip:0 total:6
> >    ok 1 RFC 6803 key derivation
> >        KTAP version 1
> >        # Subtest: RFC 6803 checksum
> >        ok 1 camellia128-cts-cmac checksum test 1
> >        ok 2 camellia128-cts-cmac checksum test 2
> >        ok 3 camellia256-cts-cmac checksum test 3
> >        ok 4 camellia256-cts-cmac checksum test 4
> >    # RFC 6803 checksum: pass:4 fail:0 skip:0 total:4
> >    ok 2 RFC 6803 checksum
> >        KTAP version 1
> >        # Subtest: RFC 6803 encryption
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> >    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> >        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 135 (0x87)
> > 
> > encrypted result mismatch
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> >    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> >        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -108 (0xffffffffffffff94)
> > 
> > HMAC mismatch
> >        not ok 1 Encrypt empty plaintext with camellia128-cts-cmac
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> >    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> >        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -49 (0xffffffffffffffcf)
> > 
> > encrypted result mismatch
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> >    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> >        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -3 (0xfffffffffffffffd)
> > 
> > HMAC mismatch
> >        not ok 2 Encrypt 1 byte with camellia128-cts-cmac
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> >    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> >        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -36 (0xffffffffffffffdc)
> > 
> > encrypted result mismatch
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> >    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> >        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 44 (0x2c)
> > 
> > HMAC mismatch
> >        not ok 3 Encrypt 9 bytes with camellia128-cts-cmac
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> >    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> >        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -58 (0xffffffffffffffc6)
> > 
> > encrypted result mismatch
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> >    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> >        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -103 (0xffffffffffffff99)
> > 
> > HMAC mismatch
> >        not ok 4 Encrypt 13 bytes with camellia128-cts-cmac
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> >    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> >        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 160 (0xa0)
> > 
> > encrypted result mismatch
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> >    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> >        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 95 (0x5f)
> > 
> > HMAC mismatch
> >        not ok 5 Encrypt 30 bytes with camellia128-cts-cmac
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> >    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> >        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -150 (0xffffffffffffff6a)
> > 
> > encrypted result mismatch
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> >    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> >        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 48 (0x30)
> > 
> > HMAC mismatch
> >        not ok 6 Encrypt empty plaintext with camellia256-cts-cmac
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> >    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> >        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 24 (0x18)
> > 
> > encrypted result mismatch
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> >    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> >        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 22 (0x16)
> > 
> > HMAC mismatch
> >        not ok 7 Encrypt 1 byte with camellia256-cts-cmac
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> >    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> >        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 108 (0x6c)
> > 
> > encrypted result mismatch
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> >    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> >        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -106 (0xffffffffffffff96)
> > 
> > HMAC mismatch
> >        not ok 8 Encrypt 9 bytes with camellia256-cts-cmac
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> >    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> >        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 64 (0x40)
> > 
> > encrypted result mismatch
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> >    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> >        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -196 (0xffffffffffffff3c)
> > 
> > HMAC mismatch
> >        not ok 9 Encrypt 13 bytes with camellia256-cts-cmac
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
> >    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
> >        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -238 (0xffffffffffffff12)
> > 
> > encrypted result mismatch
> >    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
> >    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
> >        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 168 (0xa8)
> > 
> > HMAC mismatch
> >        not ok 10 Encrypt 30 bytes with camellia256-cts-cmac
> >    # RFC 6803 encryption: pass:0 fail:10 skip:0 total:10
> >    not ok 3 RFC 6803 encryption
> > # RFC 6803 suite: pass:2 fail:1 skip:0 total:3
> > # Totals: pass:10 fail:10 skip:0 total:20
> > not ok 3 RFC 6803 suite
> > 
> 
> --
> Chuck Lever
> 
> 




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux