Bug#857790: sun4i_ss broken on Cubieboard (Allwinner A10)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#857790: sun4i_ss broken on Cubieboard (Allwinner A10)

Marco d'Itri
Package: src:linux
Version: 4.9.13-1
Severity: normal

Upgrading from 4.4.0-1 to 4.9.0-2 broke Kerberos security for NFS, at
least as a server.

kernel: CPU: ARMv7 Processor [413fc082] revision 2 (ARMv7), cr=10c5387d
kernel: OF: fdt:Machine model: Cubietech Cubieboard

Unless I blacklist the sun4i_ss module then mounting the exported file
system will not work and the kernel will log:

kernel: alg: skcipher: Test 1 failed (invalid result) on encryption for cts(cbc-aes-sun4i-ss)
kernel: 00000000: 4b 10 75 fc 2f 14 1b 6a 27 35 37 33 d1 b7 70 05
kernel: 00000010: 97

http://sunxi.org/Cryptographic_Hardware_Accelerators says that CTS mode
is not even implemented on A10 CPUS.

-- Package-specific info:
** Version:
Linux version 4.9.0-2-armmp ([hidden email]) (gcc version 6.3.0 20170221 (Debian 6.3.0-8) ) #1 SMP Debian 4.9.13-1 (2017-02-27)

--
ciao,
Marco

signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#857790: sun4i_ss broken on Cubieboard (Allwinner A10)

Ben Hutchings-3
Control: tag -1 moreinfo

On Wed, 2017-03-15 at 01:58 +0100, Marco d'Itri wrote:

> Package: src:linux
> Version: 4.9.13-1
> Severity: normal
>
> Upgrading from 4.4.0-1 to 4.9.0-2 broke Kerberos security for NFS, at 
> least as a server.
>
> kernel: CPU: ARMv7 Processor [413fc082] revision 2 (ARMv7), cr=10c5387d
> kernel: OF: fdt:Machine model: Cubietech Cubieboard
>
> Unless I blacklist the sun4i_ss module then mounting the exported file
> system will not work and the kernel will log:
>
> kernel: alg: skcipher: Test 1 failed (invalid result) on encryption for cts(cbc-aes-sun4i-ss)
> kernel: 00000000: 4b 10 75 fc 2f 14 1b 6a 27 35 37 33 d1 b7 70 05
> kernel: 00000010: 97
>
> http://sunxi.org/Cryptographic_Hardware_Accelerators says that CTS mode 
> is not even implemented on A10 CPUS.
So far as I can see, the hardware is being used in CBC mode and then
CTS is implemented generically in software on top of that.

The sun4i_ss driver hasn't changed much since 4.4, but the CTS
implementation did have one big change:

commit 0605c41cc53ca13775d202de0de33864a46162ba
Author: Herbert Xu <[hidden email]>
Date:   Tue Jul 12 13:17:48 2016 +0800

    crypto: cts - Convert to skcipher
    
    This patch converts cts over to the skcipher interface.  It also
    optimises the implementation to use one CBC operation for all but
    the last block, which is then processed separately.

So I think that might now be triggering a bug in the sun4i_ss driver's
AES CBC mode implementation.

You could try reverting that (patch attached) to verify that this is
what happened.  Obviously that won't be a proper solution though.

Ben.

--
Ben Hutchings
It's easier to fight for one's principles than to live up to them.

revert-crypto-cts-convert-to-skcipher.patch (24K) Download Attachment
signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Processed: Re: Bug#857790: sun4i_ss broken on Cubieboard (Allwinner A10)

Debian Bug Tracking System
In reply to this post by Marco d'Itri
Processing control commands:

> tag -1 moreinfo
Bug #857790 [src:linux] sun4i_ss broken on Cubieboard (Allwinner A10)
Added tag(s) moreinfo.

--
857790: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857790
Debian Bug Tracking System
Contact [hidden email] with problems