search

smuellerDD / libkcapi

Linux Kernel Crypto API User Space Interface Library
http://www.chronox.de/libkcapi
Other
164 stars 70 forks source link

library checksum differs from fipshmac output #187

Open ZoltanFridrich opened 1 month ago

ZoltanFridrich commented 1 month ago

Running fipshmac <lib_path>/libkcapi.so.<version> generates different output then what kcapi-hasher -n <name> -L expects. Now in order to correctly compute library hmac it is necessary to use fipshmac -h sha512 -K "FIPS-FTW-RHT2009" <lib_path>/libkcapi.so.<version>. This seems to me like a bug and fipshmac should run with -h sha512 -K "FIPS-FTW-RHT2009 as default.

ZoltanFridrich commented 1 month ago

@smuellerDD I have seen the comment in https://github.com/smuellerDD/libkcapi/commit/85bce6035be143be8d075edc2d7f8ff017c21b34 but I don't quite understand what the last part means. Am I not supposed to create library hmac with fipshmac anymore? Can you please clarify whether this is really a bug or just misunderstanding?

smuellerDD commented 1 month ago

Am Mittwoch, 31. Juli 2024, 12:52:56 MESZ schrieb Zoltán Fridrich:

Hi Zoltán,

@smuellerDD I have seen the comment in https://github.com/smuellerDD/libkcapi/commit/85bce6035be143be8d075edc2d7f8 ff017c21b34 but I don't quite understand what the last part means. Am I not supposed to create library hmac with fipshmac anymore? Can you please clarify whether this is really a bug or just misunderstanding?

The issue is that due to all apps have changed from a hard to a symlink, a common integrity check is needed as there is only one HMAC value now.

As the patch mentioned, this is a breaking change. If someone wanted to get the old behavior back, the apps code would need to change such that they read /proc/self/cmdline and adjust the self-test based on this finding. So, if you really need the old behavior back, additional patches are needed.

Ciao Stephan

ZoltanFridrich commented 1 month ago

The apps might be symlinks, but they do have different behavior based on their name. And currently the fipshmac symlink by default produces hmac that is incompatible with the expected hmac when -L is used. The expected lib hmac has changed from sha256 with fips_key to sha512 with hmaccalc_key as a result of merging the self-check behavior of the apps, but the default for fipshmac stayed the same sha256 with fips_key. It would make sense if fipshmacs default were changed to sha512 with hmaccalc_key so it by default produces hmac that matches the expectations of -L lib check.