search

secure-io / siv-go

Go implementation of AES-SIV-CMAC and AES-GCM-SIV
MIT License
6 stars 3 forks source link

Tests fail with `fatal error: fault` #11

Open rfjakob opened 2 years ago

rfjakob commented 2 years ago

Testing current master ( 5ff40651e2c4476835bf9f18a6bee513f588d9bc ):

siv-go$ go version
go version go1.16.5 linux/amd64

siv-go$ go test
unexpected fault address 0x0
fatal error: fault
[signal SIGSEGV: segmentation violation code=0x80 addr=0x0 pc=0x51a0da]

goroutine 1 [running]:
runtime.throw(0x55bec6, 0x5)
    /usr/local/go/src/runtime/panic.go:1117 +0x72 fp=0xc00006ba38 sp=0xc00006ba08 pc=0x436b32
runtime.sigpanic()
    /usr/local/go/src/runtime/signal_unix.go:741 +0x268 fp=0xc00006ba70 sp=0xc00006ba38 pc=0x44c588
github.com/secure-io/siv-go.aesCMacXORKeyStream(0xc00001a190, 0x11, 0x11, 0xc000018288, 0x11, 0x11, 0xc000320f80, 0x10, 0x10, 0xc000342160, ...)
    /tmp/tmp.dgNUM9q2bl/siv-go/aes_cmac_amd64.s:165 +0x10ba fp=0xc00006ba78 sp=0xc00006ba70 pc=0x51a0da
github.com/secure-io/siv-go.(*aesSivCMacAsm).seal(0xc000328c90, 0xc00001a180, 0x21, 0x21, 0x0, 0x0, 0x0, 0xc000018288, 0x11, 0x11, ...)
    /tmp/tmp.dgNUM9q2bl/siv-go/aes_cmac_amd64.go:46 +0x1f7 fp=0xc00006bb10 sp=0xc00006ba78 pc=0x510417
github.com/secure-io/siv-go.(*aesSivCMac).Seal(0xc0004855c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000018288, 0x11, 0x11, ...)
    /tmp/tmp.dgNUM9q2bl/siv-go/aes_cmac.go:36 +0x13f fp=0xc00006bba0 sp=0xc00006bb10 pc=0x50fc1f
github.com/secure-io/siv-go_test.ExampleNewCMAC_encrypt()
    /tmp/tmp.dgNUM9q2bl/siv-go/example_test.go:31 +0x17a fp=0xc00006bc60 sp=0xc00006bba0 pc=0x51d05a
testing.runExample(0x55f71d, 0x16, 0x567260, 0x566660, 0x43, 0x0, 0x0)
    /usr/local/go/src/testing/run_example.go:63 +0x222 fp=0xc00006bd58 sp=0xc00006bc60 pc=0x4ca022
testing.runExamples(0xc00006bed0, 0x641e80, 0x6, 0x6, 0xc03dfc8c190d901a)
    /usr/local/go/src/testing/example.go:44 +0x17a fp=0xc00006be10 sp=0xc00006bd58 pc=0x4c835a
testing.(*M).Run(0xc000112000, 0x0)
    /usr/local/go/src/testing/testing.go:1418 +0x273 fp=0xc00006bf20 sp=0xc00006be10 pc=0x4ce3f3
main.main()
    _testmain.go:123 +0x138 fp=0xc00006bf88 sp=0xc00006bf20 pc=0x51e578
runtime.main()
    /usr/local/go/src/runtime/proc.go:225 +0x256 fp=0xc00006bfe0 sp=0xc00006bf88 pc=0x439376
runtime.goexit()
    /usr/local/go/src/runtime/asm_amd64.s:1371 +0x1 fp=0xc00006bfe8 sp=0xc00006bfe0 pc=0x46c7e1

goroutine 19 [runnable]:
syscall.Syscall(0x0, 0x6, 0xc000564000, 0x8000, 0xffffffffffffffff, 0x0, 0xb)
    /usr/local/go/src/syscall/asm_linux_amd64.s:20 +0x5
syscall.read(0x6, 0xc000564000, 0x8000, 0x8000, 0x0, 0xc000036e70, 0x40d8fb)
    /usr/local/go/src/syscall/zsyscall_linux_amd64.go:686 +0x5a
syscall.Read(...)
    /usr/local/go/src/syscall/syscall_unix.go:187
internal/poll.ignoringEINTRIO(...)
    /usr/local/go/src/internal/poll/fd_unix.go:581
internal/poll.(*FD).Read(0xc00005a2a0, 0xc000564000, 0x8000, 0x8000, 0x0, 0x0, 0x0)
    /usr/local/go/src/internal/poll/fd_unix.go:162 +0x145
os.(*File).read(...)
    /usr/local/go/src/os/file_posix.go:31
os.(*File).Read(0xc00000e038, 0xc000564000, 0x8000, 0x8000, 0x0, 0x0, 0xc000080000)
    /usr/local/go/src/os/file.go:117 +0x77
io.copyBuffer(0x5897f8, 0xc00002a020, 0x589758, 0xc00000e038, 0xc000564000, 0x8000, 0x8000, 0x462e40, 0xc000022180, 0xc000036fa8)
    /usr/local/go/src/io/io.go:423 +0x12c
io.Copy(...)
    /usr/local/go/src/io/io.go:382
testing.runExample.func1(0xc00000e038, 0xc000022240)
    /usr/local/go/src/testing/run_example.go:37 +0x85
created by testing.runExample
    /usr/local/go/src/testing/run_example.go:35 +0x17c
exit status 2
FAIL    github.com/secure-io/siv-go 0.336s
sify21 commented 2 years ago

@aead I report a similiar error. It's in aesGcmXORKeyStream. This is only a problem for long messges. not familiar with assembly, can't figure it out myself.

unexpected fault address 0x0
fatal error: fault
[signal SIGSEGV: segmentation violation code=0x80 addr=0x0 pc=0x6f6041]

goroutine 1 [running, locked to thread]:
runtime.throw(0x1c48f29, 0x5)
    /usr/local/go/src/runtime/panic.go:1117 +0x72 fp=0xc0001ef7e0 sp=0xc0001ef7b0 pc=0x436652
runtime.sigpanic()
    /usr/local/go/src/runtime/signal_unix.go:741 +0x268 fp=0xc0001ef818 sp=0xc0001ef7e0 pc=0x44cf08
github.com/secure-io/siv-go.aesGcmXORKeyStream(0xc000134780, 0x1d, 0x1d, 0xc000122a8c, 0x1d, 0x2d, 0xc00010a3c0, 0x10, 0x10, 0xc0002081e0, ...)
    /project/vendor/github.com/secure-io/siv-go/aes_gcm_amd64.s:146 +0xaa1 fp=0xc0001ef820 sp=0xc0001ef818 pc=0x6f6041
github.com/secure-io/siv-go.(*aesGcmSivAsm).open(0xc00012c420, 0xc000134780, 0x1d, 0x1d, 0xc000122a80, 0xc, 0x39, 0xc000122a8c, 0x2d, 0x2d, ...)
    /project/vendor/github.com/secure-io/siv-go/aes_gcm_amd64.go:67 +0x248 fp=0xc0001ef8f0 sp=0xc0001ef820 pc=0x6f36a8
github.com/secure-io/siv-go.(*aesGcmSiv).Open(0xc000330ad0, 0x0, 0x0, 0x0, 0xc000122a80, 0xc, 0x39, 0xc000122a8c, 0x2d, 0x2d, ...)
    /project/vendor/github.com/secure-io/siv-go/aes_gcm.go:58 +0x183 fp=0xc0001ef990 sp=0xc0001ef8f0 pc=0x6f2d63
greatroar commented 2 years ago

The issue is here:

https://github.com/secure-io/siv-go/blob/5ff40651e2c4476835bf9f18a6bee513f588d9bc/aes_cmac_amd64.s#L165

This assumes SI (= &src[i]) is 16-byte aligned, but it need not be. This can be solved by an unaligned load:

MOVOU  0(SI), X9
PXOR   X9, X0

But I'm hesitant to submit a PR, since this problem occurs in several more places throughout the code.

ericlagergren commented 2 years ago

I haven't implemented CMAC, but: https://github.com/ericlagergren/siv

FWIW: Tink also has AES-GCM-SIV. Unfortunately, it is not hardware accelerated.