* md5sum (from libkcapi) fails as splice() returns -ENOKEY
@ 2017-09-11 17:07 christophe leroy
2017-09-11 19:17 ` Stephan Müller
0 siblings, 1 reply; 8+ messages in thread
From: christophe leroy @ 2017-09-11 17:07 UTC (permalink / raw)
To: smueller; +Cc: linux-crypto
Hello Stephan,
I'm trying to use md5sum from the latest libkcapi 0.14 and I getting a
failure with return code -5.
What am I missing ? See strace below, splice() return -ENOKEY.
Christophe
execve("./md5sum", ["./md5sum", "kcapi.tar"], [/* 11 vars */]) = 0
brk(0) = 0x10024000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/ppc823/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/tls/ppc823", 0x7ffa2328) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/tls", 0x7ffa2328) = -1 ENOENT (No such file or directory)
open("/usr/lib/ppc823/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/ppc823", 0x7ffa2328) = -1 ENOENT (No such file or directory)
open("/usr/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/usr/lib", {st_mode=S_IFDIR|0755, st_size=3568, ...}) = 0
open("/lib/tls/ppc823/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/ppc823", 0x7ffa2328) = -1 ENOENT (No such file or directory)
open("/lib/tls/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/tls", 0x7ffa2328) = -1 ENOENT (No such file or directory)
open("/lib/ppc823/libc.so.6", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat64("/lib/ppc823", 0x7ffa2328) = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\2\1\3\0\0\0\0\0\0\0\0\0\3\0\24\0\0\0\1\0\2\35\\\0\0\0004"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1797540, ...}) = 0
mmap(0xfe58000, 1661856, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xfe58000
mprotect(0xffc8000, 114688, PROT_NONE) = 0
mmap(0xffe4000, 32768, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17c000) = 0xffe4000
mmap(0xffec000, 7072, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xffec000
close(3) = 0
mprotect(0xffe4000, 16384, PROT_READ) = 0
mprotect(0x1001c000, 16384, PROT_READ) = 0
mprotect(0x779f8000, 16384, PROT_READ) = 0
brk(0) = 0x10024000
brk(0x10048000) = 0x10048000
open("/proc/sys/crypto/fips_enabled", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
read(3, "0\n", 1024) = 2
close(3) = 0
socket(PF_ALG, SOCK_SEQPACKET, 0) = 3
bind(3, {sa_family=AF_ALG, sa_data="hash\0\0\0\0\0\0\0\0\0\0"}, 88) = 0
pipe([4, 5]) = 0
socket(PF_NETLINK, SOCK_RAW, 21) = 6
bind(6, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(6, {sa_family=AF_NETLINK, pid=266, groups=00000000}, [12]) = 0
sendmsg(6, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\0\0\0\340\0\23\0\1\0;\232\247\0\0\0\0md5\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 224}], msg_controllen=0, msg_flags=0}, 0) = 224
recvmsg(6, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\0\0\0014\0\23\0\0\0;\232\247\0\0\1\nmd5\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 308
close(6) = 0
open("kcapi.tar", O_RDONLY|O_CLOEXEC) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=378880, ...}) = 0
mmap(NULL, 378880, PROT_READ, MAP_SHARED, 6, 0) = 0x7795c000
accept(3, 0, NULL) = 7
vmsplice(5, [{"bin/\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 378880}], 1, SPLICE_F_MORE|SPLICE_F_GIFT) = 262144
splice(4, NULL, 7, NULL, 262144, SPLICE_F_MORE) = -1 ENOKEY (Required key not available)
write(2, "Generation of hash for file kcap"..., 50) = 50
munmap(0x7795c000, 378880) = 0
close(6) = 0
close(3) = 0
close(7) = 0
close(4) = 0
close(5) = 0
exit_group(-5) = ?
+++ exited with 251 +++
---
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast.
https://www.avast.com/antivirus
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: md5sum (from libkcapi) fails as splice() returns -ENOKEY
2017-09-11 17:07 md5sum (from libkcapi) fails as splice() returns -ENOKEY christophe leroy
@ 2017-09-11 19:17 ` Stephan Müller
2017-09-12 7:01 ` Christophe LEROY
0 siblings, 1 reply; 8+ messages in thread
From: Stephan Müller @ 2017-09-11 19:17 UTC (permalink / raw)
To: christophe leroy; +Cc: linux-crypto
Am Montag, 11. September 2017, 19:07:31 CEST schrieb christophe leroy:
Hi christophe,
> Hello Stephan,
>
> I'm trying to use md5sum from the latest libkcapi 0.14 and I getting a
> failure with return code -5.
>
> What am I missing ? See strace below, splice() return -ENOKEY.
The ENOKEY error is due to an accept() at the wrong location. But I do not see
that error:
tar xvfJ libkcapi-0.14.0.tar.xz
cd libkcapi-0.14.0
autoreconf -i
./configure --enable-kcapi-hasher
make
cd bin/.libs/ # I make no make install for testing
ln kcapi-hasher md5sum # create md5sum app
export LD_LIBRARY_PATH=../../.libs/ # location of current library
$ ./md5sum md5sum
ddd1a82680b16fb6c241d81656b844df md5sum
So, it works for me.
Can you please check whether you use the current library version? Note,
library version 0.10.1 fixed the aforementioned accept() call for kernel 4.4
and later.
$ ./md5sum -v
md5sum: libkcapi 0.14.0
Ciao
Stephan
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: md5sum (from libkcapi) fails as splice() returns -ENOKEY
2017-09-11 19:17 ` Stephan Müller
@ 2017-09-12 7:01 ` Christophe LEROY
2017-09-12 7:20 ` Stephan Mueller
0 siblings, 1 reply; 8+ messages in thread
From: Christophe LEROY @ 2017-09-12 7:01 UTC (permalink / raw)
To: Stephan Müller; +Cc: linux-crypto
Hi Stephan
Le 11/09/2017 à 21:17, Stephan Müller a écrit :
> Am Montag, 11. September 2017, 19:07:31 CEST schrieb christophe leroy:
>
> Hi christophe,
>
>> Hello Stephan,
>>
>> I'm trying to use md5sum from the latest libkcapi 0.14 and I getting a
>> failure with return code -5.
>>
>> What am I missing ? See strace below, splice() return -ENOKEY.
>
> The ENOKEY error is due to an accept() at the wrong location. But I do not see
> that error:
I did the test once more without the Talitos Crypto driver compiled in
the kernel, and this time it works.
I believe it must then be an issue with that driver.
What could be the issue, what should I look for in the driver ?
>
> tar xvfJ libkcapi-0.14.0.tar.xz
> cd libkcapi-0.14.0
> autoreconf -i
I get an error here, have to replace AC_CONFIG_MACRO_DIRS by
AC_CONFIG_MACRO_DIR in configure.ac
# tar xfJ libkcapi-0.14.0.tar.xz
# cd libkcapi-0.14.0
# autoreconf -i
libtoolize: putting auxiliary files in `.'.
libtoolize: copying file `./ltmain.sh'
libtoolize: putting macros in `m4'.
libtoolize: copying file `m4/libtool.m4'
libtoolize: copying file `m4/ltoptions.m4'
libtoolize: copying file `m4/ltsugar.m4'
libtoolize: copying file `m4/ltversion.m4'
libtoolize: copying file `m4/lt~obsolete.m4'
libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.ac and
libtoolize: rerunning libtoolize, to keep the correct libtool macros
in-tree.
configure.ac:26: error: possibly undefined macro: AC_CONFIG_MACRO_DIRS
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
autoreconf: /usr/bin/autoconf failed with exit status: 1
# sed -i s/AC_CONFIG_MACRO_DIRS/AC_CONFIG_MACRO_DIR/g configure.ac
# autoreconf -i
configure.ac:22: installing `./config.guess'
configure.ac:22: installing `./config.sub'
configure.ac:21: installing `./install-sh'
configure.ac:21: installing `./missing'
lib/doc/Makefile.am: installing `./depcomp'
# autoreconf --version
autoreconf (GNU Autoconf) 2.63
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv2+: GNU GPL version 2 or later
<http://gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by David J. MacKenzie and Akim Demaille.
Thanks
Christophe
> ./configure --enable-kcapi-hasher
> make
> cd bin/.libs/ # I make no make install for testing
> ln kcapi-hasher md5sum # create md5sum app
> export LD_LIBRARY_PATH=../../.libs/ # location of current library
>
> $ ./md5sum md5sum
> ddd1a82680b16fb6c241d81656b844df md5sum
>
> So, it works for me.
>
> Can you please check whether you use the current library version? Note,
> library version 0.10.1 fixed the aforementioned accept() call for kernel 4.4
> and later.
>
> $ ./md5sum -v
> md5sum: libkcapi 0.14.0
>
> Ciao
> Stephan
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: md5sum (from libkcapi) fails as splice() returns -ENOKEY
2017-09-12 7:01 ` Christophe LEROY
@ 2017-09-12 7:20 ` Stephan Mueller
2017-09-12 7:22 ` Stephan Mueller
2017-09-12 9:06 ` Christophe LEROY
0 siblings, 2 replies; 8+ messages in thread
From: Stephan Mueller @ 2017-09-12 7:20 UTC (permalink / raw)
To: Christophe LEROY; +Cc: linux-crypto
Am Dienstag, 12. September 2017, 09:01:08 CEST schrieb Christophe LEROY:
Hi Christophe,
> Hi Stephan
>
> Le 11/09/2017 à 21:17, Stephan Müller a écrit :
> > Am Montag, 11. September 2017, 19:07:31 CEST schrieb christophe leroy:
> >
> > Hi christophe,
> >
> >> Hello Stephan,
> >>
> >> I'm trying to use md5sum from the latest libkcapi 0.14 and I getting a
> >> failure with return code -5.
> >>
> >> What am I missing ? See strace below, splice() return -ENOKEY.
> >
> > The ENOKEY error is due to an accept() at the wrong location. But I do not
> > see
> > that error:
> I did the test once more without the Talitos Crypto driver compiled in
> the kernel, and this time it works.
> I believe it must then be an issue with that driver.
> What could be the issue, what should I look for in the driver ?
>
I think I see the error in talitos.c -- yet I do not have that hardware so I
cannot create a patch and test.
In talitos_alg_alloc the function pointer setkey is set unconditional for
CRYPTO_ALG_TYPE_AHASH. This is correct for HMAC/CMAC, but not correct for
staight hashes. As both, md5 and hmac(md5) (and also for the SHA equivalents)
are marked as CRYPTO_ALG_TYPE_AHASH in driver_algs, they all will get a setkey
function.
This will trigger the following code in algif_hash:
static int hash_accept_parent(void *private, struct sock *sk)
{
struct algif_hash_tfm *tfm = private;
if (!tfm->has_key && crypto_ahash_has_setkey(tfm->hash))
return -ENOKEY;
If the setkey would not be present for the straight hashes, ENOKEY would not
be returned.
...
>
> # autoreconf --version
> autoreconf (GNU Autoconf) 2.63
Thanks for the bug report. But I think the autoconf tools are not up to date.
It should be 2.69.
Could you please check whether you can update?
I am thinking now to add AC_PREREQ([2.60]) to configure.ac.
Ciao
Stephan
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: md5sum (from libkcapi) fails as splice() returns -ENOKEY
2017-09-12 7:20 ` Stephan Mueller
@ 2017-09-12 7:22 ` Stephan Mueller
2017-09-12 9:07 ` Christophe LEROY
2017-09-12 9:06 ` Christophe LEROY
1 sibling, 1 reply; 8+ messages in thread
From: Stephan Mueller @ 2017-09-12 7:22 UTC (permalink / raw)
To: Stephan Mueller; +Cc: Christophe LEROY, linux-crypto
Am Dienstag, 12. September 2017, 09:20:41 CEST schrieb Stephan Mueller:
> I am thinking now to add AC_PREREQ([2.60]) to configure.ac.
I meant 2.69, of course? :-)
Ciao
Stephan
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: md5sum (from libkcapi) fails as splice() returns -ENOKEY
2017-09-12 7:20 ` Stephan Mueller
2017-09-12 7:22 ` Stephan Mueller
@ 2017-09-12 9:06 ` Christophe LEROY
1 sibling, 0 replies; 8+ messages in thread
From: Christophe LEROY @ 2017-09-12 9:06 UTC (permalink / raw)
To: Stephan Mueller; +Cc: linux-crypto
Hi Stephan,
Le 12/09/2017 à 09:20, Stephan Mueller a écrit :
> Am Dienstag, 12. September 2017, 09:01:08 CEST schrieb Christophe LEROY:
>
> Hi Christophe,
>
>> Hi Stephan
>>
>> Le 11/09/2017 à 21:17, Stephan Müller a écrit :
>>> Am Montag, 11. September 2017, 19:07:31 CEST schrieb christophe leroy:
>>>
>>> Hi christophe,
>>>
>>>> Hello Stephan,
>>>>
>>>> I'm trying to use md5sum from the latest libkcapi 0.14 and I getting a
>>>> failure with return code -5.
>>>>
>>>> What am I missing ? See strace below, splice() return -ENOKEY.
>>>
>>> The ENOKEY error is due to an accept() at the wrong location. But I do not
>>> see
>>> that error:
>> I did the test once more without the Talitos Crypto driver compiled in
>> the kernel, and this time it works.
>> I believe it must then be an issue with that driver.
>> What could be the issue, what should I look for in the driver ?
>>
>
> I think I see the error in talitos.c -- yet I do not have that hardware so I
> cannot create a patch and test.
>
> In talitos_alg_alloc the function pointer setkey is set unconditional for
> CRYPTO_ALG_TYPE_AHASH. This is correct for HMAC/CMAC, but not correct for
> staight hashes. As both, md5 and hmac(md5) (and also for the SHA equivalents)
> are marked as CRYPTO_ALG_TYPE_AHASH in driver_algs, they all will get a setkey
> function.
>
> This will trigger the following code in algif_hash:
>
> static int hash_accept_parent(void *private, struct sock *sk)
> {
> struct algif_hash_tfm *tfm = private;
>
> if (!tfm->has_key && crypto_ahash_has_setkey(tfm->hash))
> return -ENOKEY;
>
> If the setkey would not be present for the straight hashes, ENOKEY would not
> be returned.
Thanks.
I modified it and it now works (allthough it doesn't provide the correct
MD5sum ... have to findout why)
I submitted a patch for it.
Christophe
>
> ...
>
>>
>> # autoreconf --version
>> autoreconf (GNU Autoconf) 2.63
>
> Thanks for the bug report. But I think the autoconf tools are not up to date.
> It should be 2.69.
>
> Could you please check whether you can update?
>
> I am thinking now to add AC_PREREQ([2.60]) to configure.ac.
>
>
>
> Ciao
> Stephan
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: md5sum (from libkcapi) fails as splice() returns -ENOKEY
2017-09-12 7:22 ` Stephan Mueller
@ 2017-09-12 9:07 ` Christophe LEROY
2017-09-12 9:11 ` Stephan Mueller
0 siblings, 1 reply; 8+ messages in thread
From: Christophe LEROY @ 2017-09-12 9:07 UTC (permalink / raw)
To: Stephan Mueller; +Cc: linux-crypto
Hi again
Le 12/09/2017 à 09:22, Stephan Mueller a écrit :
> Am Dienstag, 12. September 2017, 09:20:41 CEST schrieb Stephan Mueller:
>
>> I am thinking now to add AC_PREREQ([2.60]) to configure.ac.
>
> I meant 2.69, of course? :-)
Ok ... CentOS ships with 2.63 and no update seems available via 'yum
update'.
Is 2.69 really necessary ? It seems to work just fine with 2.63 once the
modification is done.
Christophe
>
> Ciao
> Stephan
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: md5sum (from libkcapi) fails as splice() returns -ENOKEY
2017-09-12 9:07 ` Christophe LEROY
@ 2017-09-12 9:11 ` Stephan Mueller
0 siblings, 0 replies; 8+ messages in thread
From: Stephan Mueller @ 2017-09-12 9:11 UTC (permalink / raw)
To: Christophe LEROY; +Cc: linux-crypto
Am Dienstag, 12. September 2017, 11:07:26 CEST schrieb Christophe LEROY:
Hi Christophe,
> Hi again
>
> Le 12/09/2017 à 09:22, Stephan Mueller a écrit :
> > Am Dienstag, 12. September 2017, 09:20:41 CEST schrieb Stephan Mueller:
> >> I am thinking now to add AC_PREREQ([2.60]) to configure.ac.
> >
> > I meant 2.69, of course? :-)
>
> Ok ... CentOS ships with 2.63 and no update seems available via 'yum
> update'.
>
> Is 2.69 really necessary ? It seems to work just fine with 2.63 once the
> modification is done.
Ok, then I will make that change, thanks for letting me know.
>
> Christophe
>
> > Ciao
> > Stephan
Ciao
Stephan
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-09-12 9:11 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-11 17:07 md5sum (from libkcapi) fails as splice() returns -ENOKEY christophe leroy
2017-09-11 19:17 ` Stephan Müller
2017-09-12 7:01 ` Christophe LEROY
2017-09-12 7:20 ` Stephan Mueller
2017-09-12 7:22 ` Stephan Mueller
2017-09-12 9:07 ` Christophe LEROY
2017-09-12 9:11 ` Stephan Mueller
2017-09-12 9:06 ` Christophe LEROY
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.