problem with testing a CTR block cipher mode which is partially working

problem with testing a CTR block cipher mode which is partially working

[Corentin LABBE]

hello

I am trying to add the CTR (counter) block cipher mode for AES on my Security System driver.

When testing with the tcrypt module I got the following result:
[ 1256.986989] alg: skcipher: Test 1 failed on encryption for ctr-aes-sunxi-ss
[ 1256.987004] 00000000: 87 4d 61 91 b6 20 e3 26 1b ef 68 64 99 0d b6 ce
[ 1256.987013] 00000010: 40 94 25 91 d7 b4 4f 49 ab c1 9d 33 a4 4e f6 54
[ 1256.987023] 00000020: ce 58 d2 f0 01 8f 92 a2 5f 2c bb 66 13 8b 9d 76
[ 1256.987032] 00000030: 30 fa 4a 40 b1 67 2e f3 46 b7 9a 7c ba 91 0b a2

As you can see the first ciphered block is correct (according to testmgr.h), the subsequent blocks are bad.

So Could I assume that the setting of key and IV are good (at least for the first cipher pass.

The number of inputs(register) are limited and I have tested near all the possibility.
Any idea of what could be wrong.

Regards
Thanks in advance

AW: problem with testing a CTR block cipher mode which is partially working

[Markus Stockhausen]

[-- Attachment #1: Type: text/plain, Size: 1505 bytes --]

> Von: linux-crypto-owner@vger.kernel.org [linux-crypto-owner@vger.kernel.org]" im Auftrag von "Corentin LABBE [clabbe.montjoie@gmail.com]
> Gesendet: Montag, 30. März 2015 19:59
> An: linux-crypto@vger.kernel.org
> Cc: linux-sunxi@googlegroups.com
> Betreff: problem with testing a CTR block cipher mode which is partially working
> 
> hello
> 
> I am trying to add the CTR (counter) block cipher mode for AES on my Security System driver.
> 
> When testing with the tcrypt module I got the following result:
> [ 1256.986989] alg: skcipher: Test 1 failed on encryption for ctr-aes-sunxi-ss
> [ 1256.987004] 00000000: 87 4d 61 91 b6 20 e3 26 1b ef 68 64 99 0d b6 ce
> [ 1256.987013] 00000010: 40 94 25 91 d7 b4 4f 49 ab c1 9d 33 a4 4e f6 54
> [ 1256.987023] 00000020: ce 58 d2 f0 01 8f 92 a2 5f 2c bb 66 13 8b 9d 76
> [ 1256.987032] 00000030: 30 fa 4a 40 b1 67 2e f3 46 b7 9a 7c ba 91 0b a2
> 
> As you can see the first ciphered block is correct (according to testmgr.h), the subsequent blocks are bad.
> 
> So Could I assume that the setting of key and IV are good (at least for the first cipher pass.
> 
> The number of inputs(register) are limited and I have tested near all the possibility.
> Any idea of what could be wrong.
> 

had a similar challenge a few months ago. I had to take care about

- counter IV is big endian (implemented it little endian in first place)
- CTR allows to encrypt data that does not need to be amultiple of 16 bytes.

Markus

=

[-- Attachment #2: InterScan_Disclaimer.txt --]
[-- Type: text/plain, Size: 1650 bytes --]

****************************************************************************
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
Weitergabe dieser Mail ist nicht gestattet.

Über das Internet versandte E-Mails können unter fremden Namen erstellt oder
manipuliert werden. Deshalb ist diese als E-Mail verschickte Nachricht keine
rechtsverbindliche Willenserklärung.

Collogia
Unternehmensberatung AG
Ubierring 11
D-50678 Köln

Vorstand:
Kadir Akin
Dr. Michael Höhnerbach

Vorsitzender des Aufsichtsrates:
Hans Kristian Langva

Registergericht: Amtsgericht Köln
Registernummer: HRB 52 497

This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.

e-mails sent over the internet may have been written under a wrong name or
been manipulated. That is why this message sent as an e-mail is not a
legally binding declaration of intention.

Collogia
Unternehmensberatung AG
Ubierring 11
D-50678 Köln

executive board:
Kadir Akin
Dr. Michael Höhnerbach

President of the supervisory board:
Hans Kristian Langva

Registry office: district court Cologne
Register number: HRB 52 497

****************************************************************************

Re: AW: problem with testing a CTR block cipher mode which is partially working

[Stephan Mueller]

Am Montag, 30. März 2015, 18:08:28 schrieb Markus Stockhausen:

Hi Markus,

> > Von: linux-crypto-owner@vger.kernel.org
> > [linux-crypto-owner@vger.kernel.org]" im Auftrag von "Corentin
> > LABBE [clabbe.montjoie@gmail.com] Gesendet: Montag, 30. März 2015 19:59
> > An: linux-crypto@vger.kernel.org
> > Cc: linux-sunxi@googlegroups.com
> > Betreff: problem with testing a CTR block cipher mode which is partially
> > working
> > 
> > hello
> > 
> > I am trying to add the CTR (counter) block cipher mode for AES on my
> > Security System driver.
> > 
> > When testing with the tcrypt module I got the following result:
> > [ 1256.986989] alg: skcipher: Test 1 failed on encryption for
> > ctr-aes-sunxi-ss [ 1256.987004] 00000000: 87 4d 61 91 b6 20 e3 26 1b ef
> > 68 64 99 0d b6 ce [ 1256.987013] 00000010: 40 94 25 91 d7 b4 4f 49 ab c1
> > 9d 33 a4 4e f6 54 [ 1256.987023] 00000020: ce 58 d2 f0 01 8f 92 a2 5f 2c
> > bb 66 13 8b 9d 76 [ 1256.987032] 00000030: 30 fa 4a 40 b1 67 2e f3 46 b7
> > 9a 7c ba 91 0b a2
> > 
> > As you can see the first ciphered block is correct (according to
> > testmgr.h), the subsequent blocks are bad.
> > 
> > So Could I assume that the setting of key and IV are good (at least for
> > the first cipher pass.
> > 
> > The number of inputs(register) are limited and I have tested near all the
> > possibility. Any idea of what could be wrong.
> 
> had a similar challenge a few months ago. I had to take care about
> 
> - counter IV is big endian (implemented it little endian in first place)

Use crypto_inc for the counter which properly increments in big endian.

> - CTR allows to encrypt data that does not need to be amultiple of 16 bytes.
> 
> Markus


-- 
Ciao
Stephan

Re: AW: problem with testing a CTR block cipher mode which is partially working

[Corentin LABBE]

Le 30/03/2015 20:08, Markus Stockhausen a écrit :
>> Von: linux-crypto-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org [linux-crypto-owner-u79uwXL29TasMV2rI37PzA@public.gmane.orgorg]" im Auftrag von "Corentin LABBE [clabbe.montjoie-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org]
>> Gesendet: Montag, 30. März 2015 19:59
>> An: linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
>> Cc: linux-sunxi-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
>> Betreff: problem with testing a CTR block cipher mode which is partially working
>>
>> hello
>>
>> I am trying to add the CTR (counter) block cipher mode for AES on my Security System driver.
>>
>> When testing with the tcrypt module I got the following result:
>> [ 1256.986989] alg: skcipher: Test 1 failed on encryption for ctr-aes-sunxi-ss
>> [ 1256.987004] 00000000: 87 4d 61 91 b6 20 e3 26 1b ef 68 64 99 0d b6 ce
>> [ 1256.987013] 00000010: 40 94 25 91 d7 b4 4f 49 ab c1 9d 33 a4 4e f6 54
>> [ 1256.987023] 00000020: ce 58 d2 f0 01 8f 92 a2 5f 2c bb 66 13 8b 9d 76
>> [ 1256.987032] 00000030: 30 fa 4a 40 b1 67 2e f3 46 b7 9a 7c ba 91 0b a2
>>
>> As you can see the first ciphered block is correct (according to testmgr.h), the subsequent blocks are bad.
>>
>> So Could I assume that the setting of key and IV are good (at least for the first cipher pass.
>>
>> The number of inputs(register) are limited and I have tested near all the possibility.
>> Any idea of what could be wrong.
>>
> 
> had a similar challenge a few months ago. I had to take care about
> 
> - counter IV is big endian (implemented it little endian in first place)
> - CTR allows to encrypt data that does not need to be amultiple of 16 bytes.
> 
> Markus
> 

Sorry but if I change endianness of anything, the first block became invalid.

I have tryed ctr(des) but the same problem rise, the first block (so the first 8bytes) are correctly ciphered then everything is bad.
So I suspect the hardware to not increasing counter between blocks, but why..


-- 
You received this message because you are subscribed to the Google Groups "linux-sunxi" group.
To unsubscribe from this group and stop receiving emails from it, send an email to linux-sunxi+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/d/optout.

Re: Re: AW: problem with testing a CTR block cipher mode which is partially working

[kevin.z.m.zh-Re5JQEeQqe8AvxtiuMwx3w]

[-- Attachment #1: Type: text/plain, Size: 3985 bytes --]

Dear All,

About the SS module, there is some detail information.
There is some issues on the SS hardware module, the issues make the some 
AES/DES/3DS algorithm be not available.
1. The byte order of the counter is wrong, make the result error, so, the CTR 
mode is not available.
2. Hardware don't support the continuous subcontracting, make the CTS mode is 
not available.
3. Another issue need be taken attention is that hardware will modify the key 
register when do AES encrypt, so, it need software to restore the key register
when doing every frame.

These issues are presented on the A10, A13, A20, A31 and A33.
The issues of SS module have been fixed on the A83T platform, so, I suggest to 
take more attention to the A83T platform if any interest in the SS module.

If any problem, please don't hesitate to contact me(kevin-0TFLnhJekD6UEPyfVivIlAC/G2K4zDHf@public.gmane.org)
or Shuge(shuge-0TFLnhJekD6UEPyfVivIlAC/G2K4zDHf@public.gmane.org).



kevin.z.m.zh-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
 
From: Corentin LABBE
Date: 2015-04-01 02:02
To: Markus Stockhausen; linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
CC: linux-sunxi-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
Subject: [linux-sunxi] Re: AW: problem with testing a CTR block cipher mode which is partially working
Le 30/03/2015 20:08, Markus Stockhausen a écrit :
>> Von: linux-crypto-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org [linux-crypto-owner-u79uwXL29TasMV2rI37PzA@public.gmane.orgorg]" im Auftrag von "Corentin LABBE [clabbe.montjoie-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org]
>> Gesendet: Montag, 30. März 2015 19:59
>> An: linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
>> Cc: linux-sunxi-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
>> Betreff: problem with testing a CTR block cipher mode which is partially working
>>
>> hello
>>
>> I am trying to add the CTR (counter) block cipher mode for AES on my Security System driver.
>>
>> When testing with the tcrypt module I got the following result:
>> [ 1256.986989] alg: skcipher: Test 1 failed on encryption for ctr-aes-sunxi-ss
>> [ 1256.987004] 00000000: 87 4d 61 91 b6 20 e3 26 1b ef 68 64 99 0d b6 ce
>> [ 1256.987013] 00000010: 40 94 25 91 d7 b4 4f 49 ab c1 9d 33 a4 4e f6 54
>> [ 1256.987023] 00000020: ce 58 d2 f0 01 8f 92 a2 5f 2c bb 66 13 8b 9d 76
>> [ 1256.987032] 00000030: 30 fa 4a 40 b1 67 2e f3 46 b7 9a 7c ba 91 0b a2
>>
>> As you can see the first ciphered block is correct (according to testmgr.h), the subsequent blocks are bad.
>>
>> So Could I assume that the setting of key and IV are good (at least for the first cipher pass.
>>
>> The number of inputs(register) are limited and I have tested near all the possibility.
>> Any idea of what could be wrong.
>>
> 
> had a similar challenge a few months ago. I had to take care about
> 
> - counter IV is big endian (implemented it little endian in first place)
> - CTR allows to encrypt data that does not need to be amultiple of 16 bytes.
> 
> Markus
> 
 
Sorry but if I change endianness of anything, the first block became invalid.
 
I have tryed ctr(des) but the same problem rise, the first block (so the first 8bytes) are correctly ciphered then everything is bad.
So I suspect the hardware to not increasing counter between blocks, but why..
 
 
-- 
You received this message because you are subscribed to the Google Groups "linux-sunxi" group.
To unsubscribe from this group and stop receiving emails from it, send an email to linux-sunxi+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups "linux-sunxi" group.
To unsubscribe from this group and stop receiving emails from it, send an email to linux-sunxi+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/d/optout.

[-- Attachment #2: Type: text/html, Size: 7413 bytes --]

Re: [linux-sunxi] Re: AW: problem with testing a CTR block cipher mode which is partially working

[Corentin LABBE]

On 04/01/15 04:06, kevin.z.m.zh@gmail.com wrote:
> Dear All,
> 
> 
> About the SS module, there is some detail information.
> There is some issues on the SS hardware module, the issues make the some
> AES/DES/3DS algorithm be not available.
> 1. The byte order of the counter is wrong, make the result error, so, the CTR
> mode is not available.
> 2. Hardware don't support the continuous subcontracting, make the CTS mode is
> not available.
> 3. Another issue need be taken attention is that hardware will modify the key
> register when do AES encrypt, so, it need software to restore the key register
> 
> when doing every frame.
> 
> These issues are presented on the A10, A13, A20, A31 and A33.
> The issues of SS module have been fixed on the A83T platform, so, I suggest to
> take more attention to the A83T platform if any interest in the SS module.
> 
> If any problem, please don't hesitate to contact me(kevin@allwinnertech.com)
> 
> or Shuge(shuge@allwinnertech.com).
> 

Thanks for your answer, I have loose hours on that problem.

Perhaps you could update all datasheet/user manual about this known issue ?

Regards

Re: Re: Re: AW: problem with testing a CTR block cipher mode which is partially working

[kevin.z.m.zh-Re5JQEeQqe8AvxtiuMwx3w]

[-- Attachment #1: Type: text/plain, Size: 2590 bytes --]

> Thanks for your answer, I have loose hours on that problem.
I'm sorry to hear that.
 
> Perhaps you could update all datasheet/user manual about this known issue ?
We have updated the user manual and datasheet, the latest version is 1.3 for 
A20 which is released in Oct. 2014. The CTR block mode is not support.
You can download it from the github: https://github.com/allwinner-zh/documents 
and check the details of the SS moudle.

Best Regards,


kevin.z.m.zh-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
 
From: Corentin LABBE
Date: 2015-04-01 19:16
To: linux-sunxi; linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [linux-sunxi] Re: AW: problem with testing a CTR block cipher mode which is partially working
On 04/01/15 04:06, kevin.z.m.zh-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:
> Dear All,
> 
> 
> About the SS module, there is some detail information.
> There is some issues on the SS hardware module, the issues make the some
> AES/DES/3DS algorithm be not available.
> 1. The byte order of the counter is wrong, make the result error, so, the CTR
> mode is not available.
> 2. Hardware don't support the continuous subcontracting, make the CTS mode is
> not available.
> 3. Another issue need be taken attention is that hardware will modify the key
> register when do AES encrypt, so, it need software to restore the key register
> 
> when doing every frame.
> 
> These issues are presented on the A10, A13, A20, A31 and A33.
> The issues of SS module have been fixed on the A83T platform, so, I suggest to
> take more attention to the A83T platform if any interest in the SS module.
> 
> If any problem, please don't hesitate to contact me(kevin-0TFLnhJekD6UEPyfVivIlAC/G2K4zDHf@public.gmane.org)
> 
> or Shuge(shuge-0TFLnhJekD6UEPyfVivIlAC/G2K4zDHf@public.gmane.org).
> 
 
Thanks for your answer, I have loose hours on that problem.
 
Perhaps you could update all datasheet/user manual about this known issue ?
 
Regards
 
-- 
You received this message because you are subscribed to the Google Groups "linux-sunxi" group.
To unsubscribe from this group and stop receiving emails from it, send an email to linux-sunxi+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups "linux-sunxi" group.
To unsubscribe from this group and stop receiving emails from it, send an email to linux-sunxi+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/d/optout.

[-- Attachment #2: Type: text/html, Size: 5045 bytes --]

Re: Re: AW: problem with testing a CTR block cipher mode which is partially working

[Corentin LABBE]

On 04/02/15 04:10, kevin.z.m.zh-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:
>> Thanks for your answer, I have loose hours on that problem.
> I'm sorry to hear that.
>  
>> Perhaps you could update all datasheet/user manual about this known issue ?
> We have updated the user manual and datasheet, the latest version is 1.3 for 
> A20 which is released in Oct. 2014. The CTR block mode is not support.
> You can download it from the github: https://github.com/allwinner-zh/documents 
> and check the details of the SS moudle.

Sorry, I believed to have the latest user manual.

Great thanks for the information.

Regards

> 
> Best Regards,
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> kevin.z.m.zh-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
> 
>      
>     *From:* Corentin LABBE <mailto:clabbe.montjoie-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
>     *Date:* 2015-04-01 19:16
>     *To:* linux-sunxi <mailto:linux-sunxi-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>; linux-crypto@vger.kernel.org <mailto:linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
>     *Subject:* Re: [linux-sunxi] Re: AW: problem with testing a CTR block cipher mode which is partially working
>     On 04/01/15 04:06, kevin.z.m.zh-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:
>     > Dear All,
>     >
>     >
>     > About the SS module, there is some detail information.
>     > There is some issues on the SS hardware module, the issues make the some
>     > AES/DES/3DS algorithm be not available.
>     > 1. The byte order of the counter is wrong, make the result error, so, the CTR
>     > mode is not available.
>     > 2. Hardware don't support the continuous subcontracting, make the CTS mode is
>     > not available.
>     > 3. Another issue need be taken attention is that hardware will modify the key
>     > register when do AES encrypt, so, it need software to restore the key register
>     >
>     > when doing every frame.
>     >
>     > These issues are presented on the A10, A13, A20, A31 and A33.
>     > The issues of SS module have been fixed on the A83T platform, so, I suggest to
>     > take more attention to the A83T platform if any interest in the SS module.
>     >
>     > If any problem, please don't hesitate to contact me(kevin@allwinnertech.com)
>     >
>     > or Shuge(shuge-0TFLnhJekD6UEPyfVivIlAC/G2K4zDHf@public.gmane.org).
>     >
>      
>     Thanks for your answer, I have loose hours on that problem.
>      
>     Perhaps you could update all datasheet/user manual about this known issue ?
>      
>     Regards
>      
>     -- 
>     You received this message because you are subscribed to the Google Groups "linux-sunxi" group.
>     To unsubscribe from this group and stop receiving emails from it, send an email to linux-sunxi+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
>     For more options, visit https://groups.google.com/d/optout.
> 
> -- 
> You received this message because you are subscribed to the Google Groups "linux-sunxi" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to linux-sunxi+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org <mailto:linux-sunxi+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups "linux-sunxi" group.
To unsubscribe from this group and stop receiving emails from it, send an email to linux-sunxi+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/d/optout.