Did the in-kernel Camellia or CMAC crypto implementation break?

David Howells <dhowells@xxxxxxxxxx> · Wed, 12 Apr 2023 16:56:37 +0100

Hi Chuck, Herbert,

I was trying to bring my krb5 crypto lib patches up to date, but noticed that
the Camellia encryption selftests are failing (the key derivation tests work,
but the crypto tests failed).

After some investigation that didn't get anywhere, I tried the sunrpc kunit
tests that Chuck added - and those fail similarly (dmesg attached below).  I
tried the hardware accelerated version also and that has the same failure.

Note that Chuck and I implemented the kerberos Camellia routines
independently.

David
---
    KTAP version 1
    # Subtest: RFC 6803 suite
    1..3
        KTAP version 1
        # Subtest: RFC 6803 key derivation
        ok 1 Derive Kc subkey for camellia128-cts-cmac
        ok 2 Derive Ke subkey for camellia128-cts-cmac
        ok 3 Derive Ki subkey for camellia128-cts-cmac
        ok 4 Derive Kc subkey for camellia256-cts-cmac
        ok 5 Derive Ke subkey for camellia256-cts-cmac
        ok 6 Derive Ki subkey for camellia256-cts-cmac
    # RFC 6803 key derivation: pass:6 fail:0 skip:0 total:6
    ok 1 RFC 6803 key derivation
        KTAP version 1
        # Subtest: RFC 6803 checksum
        ok 1 camellia128-cts-cmac checksum test 1
        ok 2 camellia128-cts-cmac checksum test 2
        ok 3 camellia256-cts-cmac checksum test 3
        ok 4 camellia256-cts-cmac checksum test 4
    # RFC 6803 checksum: pass:4 fail:0 skip:0 total:4
    ok 2 RFC 6803 checksum
        KTAP version 1
        # Subtest: RFC 6803 encryption
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 135 (0x87)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -108 (0xffffffffffffff94)

HMAC mismatch
        not ok 1 Encrypt empty plaintext with camellia128-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -49 (0xffffffffffffffcf)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -3 (0xfffffffffffffffd)

HMAC mismatch
        not ok 2 Encrypt 1 byte with camellia128-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -36 (0xffffffffffffffdc)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 44 (0x2c)

HMAC mismatch
        not ok 3 Encrypt 9 bytes with camellia128-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -58 (0xffffffffffffffc6)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -103 (0xffffffffffffff99)

HMAC mismatch
        not ok 4 Encrypt 13 bytes with camellia128-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 160 (0xa0)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 95 (0x5f)

HMAC mismatch
        not ok 5 Encrypt 30 bytes with camellia128-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -150 (0xffffffffffffff6a)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 48 (0x30)

HMAC mismatch
        not ok 6 Encrypt empty plaintext with camellia256-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 24 (0x18)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 22 (0x16)

HMAC mismatch
        not ok 7 Encrypt 1 byte with camellia256-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 108 (0x6c)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -106 (0xffffffffffffff96)

HMAC mismatch
        not ok 8 Encrypt 9 bytes with camellia256-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 64 (0x40)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == -196 (0xffffffffffffff3c)

HMAC mismatch
        not ok 9 Encrypt 13 bytes with camellia256-cts-cmac
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1389
    Expected memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == 0, but
        memcmp(param->expected_result->data, buf.head[0].iov_base, buf.len) == -238 (0xffffffffffffff12)

encrypted result mismatch
    # RFC 6803 encryption: EXPECTATION FAILED at net/sunrpc/auth_gss/gss_krb5_test.c:1393
    Expected memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 0, but
        memcmp(param->expected_result->data + (param->expected_result->len - checksum.len), checksum.data, checksum.len) == 168 (0xa8)

HMAC mismatch
        not ok 10 Encrypt 30 bytes with camellia256-cts-cmac
    # RFC 6803 encryption: pass:0 fail:10 skip:0 total:10
    not ok 3 RFC 6803 encryption
# RFC 6803 suite: pass:2 fail:1 skip:0 total:3
# Totals: pass:10 fail:10 skip:0 total:20
not ok 3 RFC 6803 suite