search

TinkerBoard / debian_kernel

Debian Kernel source for Tinker Board
Other
143 stars 64 forks source link

Please follow "Rockchip crypto driver sometimes produces wrong ciphertext" #39

Open noloader opened 5 years ago

noloader commented 5 years ago

From the kernel-crypto mailing list, Rockchip crypto driver sometimes produces wrong ciphertext:

Hello,

I don't know whether anyone is actually maintaining the Rockchip crypto driver in drivers/crypto/rockchip/, but it's failing the improved crypto tests that I currently have out for review: https://patchwork.kernel.org/cover/10778089/

See the boot logs for RK3288 from the KernelCI job here:

https://storage.kernelci.org/ardb/for-kernelci/v5.0-rc1-86-geaffe22db9d1/arm/multi_v7_defconfig/lab-collabora/boot-rk3288-rock2-square.txt https://storage.kernelci.org/ardb/for-kernelci/v5.0-rc1-86-geaffe22db9d1/arm/multi_v7_defconfig/lab-collabora/boot-rk3288-veyron-jaq.txt

alg: skcipher: ecb-aes-rk encryption test failed (wrong result) on test vector 0, cfg=\"random: use_digest src_divs=[15.64%@+3258, 84.36%@+4059] dst_divs=[69.11%@+1796, 8.49%@+4027, 6.34%@+1, 16.6%@+4058] iv_offset=21\" alg: skcipher: cbc-aes-rk encryption test failed (wrong result) on test vector 0, cfg=\"random: may_sleep use_digest src_divs=[100.0%@alignmask+3993] dst_divs=[65.31%@alignmask+1435, 34.69%@+14]\" alg: skcipher: ecb-des-rk encryption test failed (wrong result) on test vector 0, cfg=\"random: may_sleep use_final src_divs=[ 66.52%@+11, 33.48%@+1519] dst_divs=[58.82%@+1, 19.43%@+4082, 21.75%@+8]\" alg: skcipher: cbc-des-rk encryption test failed (wrong result) on test vector 0, cfg=\"random: may_sleep use_finup src_divs=[100.0%@+3980] dst_divs=[60.4%@+3763, 23.9%@+4011, 16.87%@+4046]\" alg: skcipher: ecb-des3-ede-rk encryption test failed (wrong result) on test vector 0, cfg=\"random: may_sleep use_digest src_divs=[100.0%@+4] dst_divs=[47.25%@+19, 14.83%@+22, 37.92%@+31]\" alg: skcipher: cbc-des3-ede-rk encryption test failed (wrong result) on test vector 0, cfg=\"two even aligned splits\"

In other words: the ecb-aes-rk, cbc-aes-rk, ecb-des-rk, cbc-des-rk, ecb-des3-ede-rk, and cbc-des3-ede-rk algorithms are failing because they produce the wrong ciphertext on some scatterlist layouts.

You can reproduce by pulling from https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git branch "testmgr-improvements", unsetting CONFIG_CRYPTO_MANAGER_DISABLE_TESTS, setting CONFIG_CRYPTO_MANAGER_EXTRA_TESTS=y, rebooting and checking dmesg.

Note that I don't have this hardware myself, so if it turns out that no one is interested in fixing this anytime soon I'll instead have to propose disabling these algorithms until they can be fixed.

jamess-huang commented 5 years ago

Thanks for sharing this information. We will keep watching this issue and update our code base once the commit be merged officially by linux.