Android gpg-agent crashes in libgcrypt when signing, decrypting, importing secret keys
Jussi Kivilinna
jussi.kivilinna at iki.fi
Sat Jan 25 11:16:59 CET 2014
On 20.01.2014 17:39, Hans-Christoph Steiner wrote:
>
>
> On 01/19/2014 04:25 AM, Jussi Kivilinna wrote:
>> On 19.01.2014 06:08, Hans-Christoph Steiner wrote:
>>>
>>>
>>> On 01/18/2014 06:31 AM, Jussi Kivilinna wrote:
>>>> On 17.01.2014 20:34, Hans-Christoph Steiner wrote:
>>>>>
>>>>> On GPG for Android, I've updated to the latest libgcrypt in master (or close
>>>>> to it, its commit 4b7db51ad5d1bf98fd08ca3048f258059eca61a4). Now it seems
>>>>> that any operation that needs a passphrase is crashing somewhere in libgcrypt.
>>>>> I've tried building with auto-detection of CPU which enables Padlock, Intelt
>>>>> DRNG, and NEON. I also tried with --disable-padlock-support
>>>>> --disable-drng-support --disable-neon-support, and seemed to get the same thing.
>>>>>
>>>>> I've also tried running gpg-agent with and without --enable-ssh-support, and
>>>>> same result each time.
>>>>>
>>>>> Here's the basic backtrace:
>>>> <..snip..>
>>>>> From the bug report in our tracker, you can download the complete build log, a
>>>>> debug log from the Android app, a log from gpg-agent, and a log from gpgme:
>>>>>
>>>>> https://dev.guardianproject.info/issues/2888
>>>>
>>>> Have you configured gcc flags correctly for target platform? It seems that
>>>> compiler (and libgcrypt assembly) are configured to allow unaligned memory
>>>> accesses, but target does not support them.
>>>>
>> <...snip...>
>>>> -Jussi
>>>>
>>>> [1] http://gcc.gnu.org/onlinedocs/gcc/ARM-Options.html
>>>
>>> I forget if I mentioned this before: the build flags are set by the default
>>> Android build system.
>>>
>>> So I built the whole thing again, manually adding -mno-unaligned-access to the
>>> libgcrypt build, and the tests seem to be failing in the same place. I tested
>>> head of master on the armv7a emulator, which failed a lot more, and the head
>>> of LIBGCRYPT-1-6-BRANCH on the Nexus 7 ARMv7 tablet, which failed in the same
>>> places. Any pointers for next steps?
>>>
>>
>> That's a bit strange. Do you have crash logs of these?
>>
>> -Jussi
>
> The crash log is here:
>
> https://dev.guardianproject.info/attachments/download/1130/gpg-agent-libgcrypt-mno-unaligned-access-crash-log.txt
>
> If you want to try running it on an Android device
> or emulator, you can find a recent build here, but one what does not have
> -mno-unaligned-access manually set:
>
> https://guardianproject.info/builds/GnuPrivacyGuard/
I disassembled the crash area ("code around pc:" section from crash-log) and it looks
the same as without '-mno-unaligned-access':
0: e1866469 orr r6, r6, r9, ror #8
4: e8900f00 ldm r0, {r8, r9, sl, fp}
8: e0244008 eor r4, r4, r8
c: e0255009 eor r5, r5, r9
10: e026600a eor r6, r6, sl
14: e027700b eor r7, r7, fp
18: eafffded b 0xfffff7d4
1c: e92d5ff0 push {r4, r5, r6, r7, r8, r9, sl, fp, ip, lr} <<<< _gcry_aes_arm_decrypt_block
20: e89200f0 ldm r2, {r4, r5, r6, r7} <<<< crashing instruction (load four 32-bit input words)
24: e24dd010 sub sp, sp, #16
28: e59fe864 ldr lr, [pc, #2148] ; 0x894
2c: e3a0c0ff mov ip, #255 ; 0xff
30: e58d1004 str r1, [sp, #4]
34: e1a0c18c lsl ip, ip, #3
38: e353000c cmp r3, #12
3c: aa000215 bge 0x898
...
When I compile with CFLAGS="-O2 -mno-unaligned-access" for ARM, the assembly function
ends up looking like this:
000011a8 <_gcry_aes_arm_decrypt_block>:
11a8: e92d5ff0 push {r4, r5, r6, r7, r8, r9, sl, fp, ip, lr}
11ac: e3120003 tst r2, #3 <<< Check if input is unaligned
11b0: 0a00001c beq 1228 <_gcry_aes_arm_decrypt_block+0x80> <<< Jump to aligned load
11b4: e5d24000 ldrb r4, [r2] <<< Input is not 32-bit aligned, so start unaligned load
11b8: e5d28001 ldrb r8, [r2, #1]
11bc: e1844408 orr r4, r4, r8, lsl #8
11c0: e5d28002 ldrb r8, [r2, #2]
11c4: e1844808 orr r4, r4, r8, lsl #16
11c8: e5d28003 ldrb r8, [r2, #3]
11cc: e1844c08 orr r4, r4, r8, lsl #24
11d0: e5d25004 ldrb r5, [r2, #4]
11d4: e5d29005 ldrb r9, [r2, #5]
11d8: e1855409 orr r5, r5, r9, lsl #8
11dc: e5d29006 ldrb r9, [r2, #6]
11e0: e1855809 orr r5, r5, r9, lsl #16
11e4: e5d29007 ldrb r9, [r2, #7]
11e8: e1855c09 orr r5, r5, r9, lsl #24
11ec: e5d26008 ldrb r6, [r2, #8]
11f0: e5d28009 ldrb r8, [r2, #9]
11f4: e1866408 orr r6, r6, r8, lsl #8
11f8: e5d2800a ldrb r8, [r2, #10]
11fc: e1866808 orr r6, r6, r8, lsl #16
1200: e5d2800b ldrb r8, [r2, #11]
1204: e1866c08 orr r6, r6, r8, lsl #24
1208: e5d2700c ldrb r7, [r2, #12]
120c: e5d2900d ldrb r9, [r2, #13]
1210: e1877409 orr r7, r7, r9, lsl #8
1214: e5d2900e ldrb r9, [r2, #14]
1218: e1877809 orr r7, r7, r9, lsl #16
121c: e5d2900f ldrb r9, [r2, #15]
1220: e1877c09 orr r7, r7, r9, lsl #24 <<< End unaligned load
1224: ea000000 b 122c <_gcry_aes_arm_decrypt_block+0x84> <<< Jump over aligned load
1228: e89200f0 ldm r2, {r4, r5, r6, r7} <<< Input is 32-bit aligned, so do aligned load
122c: e24dd010 sub sp, sp, #16
1230: e59fe8d8 ldr lr, [pc, #2264] ; 1b10 <_gcry_aes_arm_decrypt_block+0x968>
1234: e3a0c0ff mov ip, #255 ; 0xff
1238: e58d1004 str r1, [sp, #4]
123c: e1a0c18c lsl ip, ip, #3
1240: e353000c cmp r3, #12
1244: aa000234 bge 1b1c <_gcry_aes_arm_decrypt_block+0x974>
...
Are you sure that new binaries built with '-mno-unaligned-access' are included to
the Android application?
-Jussi
>
> .hc
>
>
>
>
>>> FYI, I'm gathering all these log files on our bug tracker:
>>> https://dev.guardianproject.info/issues/2888
>>>
>>> Attached are the latest test logs, including the full build log for head of
>>> master running tests on the armv7a emulator.
>>>
>>> .hc
>>>
>>>
>>
>
More information about the Gnupg-devel
mailing list