From nicolas at babelouest.org Tue Sep 21 18:02:10 2021 From: nicolas at babelouest.org (Nicolas Mora) Date: Tue, 21 Sep 2021 12:02:10 -0400 Subject: [gnutls-help] gnutls_cipher_init Error on armv7 architecture but not on amd64 Message-ID: <441f8739-4e83-8944-76d9-a232f818d706@babelouest.org> Hello, I'm seeing a different behavior between two architectures when using gnutls_cipher_init with incorrect key size. If I use gnutls_cipher_init with the gnutls_cipher_algorithm_t GNUTLS_CIPHER_AES_128_GCM and a key of 24 bits, I have a different result value if I execute the same code on an AMD64 or an ARMV7 architecture. On a AMD64 CPU, using the attached sample program, I have the following output: $ gcc -o gnutls-cipher-init gnutls-cipher-init.c -lgnutls && ./gnutls-cipher-init gnutls_cipher_init OK On an ARMV7 CPU (Odroid C2 or Raspberry Pi), gnutls_cipher_init returns an error: $ gcc -o gnutls-cipher-init gnutls-cipher-init.c -lgnutls && ./gnutls-cipher-init gnutls_cipher_init Error: The request is invalid. Is it a bug? If so, which architecture has the correct answer? /Nicolas -------------- next part -------------- A non-text attachment was scrubbed... Name: gnutls-cipher-init.c Type: text/x-csrc Size: 824 bytes Desc: not available URL: From ueno at gnu.org Wed Sep 22 14:44:42 2021 From: ueno at gnu.org (Daiki Ueno) Date: Wed, 22 Sep 2021 14:44:42 +0200 Subject: [gnutls-help] gnutls_cipher_init Error on armv7 architecture but not on amd64 In-Reply-To: <441f8739-4e83-8944-76d9-a232f818d706@babelouest.org> (Nicolas Mora's message of "Tue, 21 Sep 2021 12:02:10 -0400") References: <441f8739-4e83-8944-76d9-a232f818d706@babelouest.org> Message-ID: <871r5gzsn9.fsf-ueno@gnu.org> Hello Nicolas, Nicolas Mora writes: > On an ARMV7 CPU (Odroid C2 or Raspberry Pi), gnutls_cipher_init > returns an error: > $ gcc -o gnutls-cipher-init gnutls-cipher-init.c -lgnutls && > ./gnutls-cipher-init > gnutls_cipher_init Error: The request is invalid. Given the error is GNUTLS_E_INVALID_REQUEST, I guess it is failing because some parameters are incorrect. At first glance IV length for AES-128-GCM seems to be correct (= 12), while the key length is a bit longer (= 24). I tried to reproduce it with qemu-user-static and a docker image from: https://hub.docker.com/layers/multiarch/fedora/34-aarch64/images/sha256-0f4ec96493357cfb3465368d93094d54ecacdd39c1d7ce53d7e2ae843a55273b?context=explore but couldn't. Would it be possible to identify the point where the error is returned? Regards, -- Daiki Ueno From nicolas at babelouest.org Wed Sep 22 21:30:35 2021 From: nicolas at babelouest.org (Nicolas Mora) Date: Wed, 22 Sep 2021 15:30:35 -0400 Subject: [gnutls-help] gnutls_cipher_init Error on armv7 architecture but not on amd64 In-Reply-To: <871r5gzsn9.fsf-ueno@gnu.org> References: <441f8739-4e83-8944-76d9-a232f818d706@babelouest.org> <871r5gzsn9.fsf-ueno@gnu.org> Message-ID: <8822d6e0-b90f-a2e0-c704-0d70f3f2356e@babelouest.org> Hello, Le 2021-09-22 ? 08 h 44, Daiki Ueno a ?crit?: > >> On an ARMV7 CPU (Odroid C2 or Raspberry Pi), gnutls_cipher_init >> returns an error: >> $ gcc -o gnutls-cipher-init gnutls-cipher-init.c -lgnutls && >> ./gnutls-cipher-init >> gnutls_cipher_init Error: The request is invalid. > > Given the error is GNUTLS_E_INVALID_REQUEST, I guess it is failing > because some parameters are incorrect. At first glance IV length for > AES-128-GCM seems to be correct (= 12), while the key length is a bit > longer (= 24). > > I tried to reproduce it with qemu-user-static and a docker image from: > https://hub.docker.com/layers/multiarch/fedora/34-aarch64/images/sha256-0f4ec96493357cfb3465368d93094d54ecacdd39c1d7ce53d7e2ae843a55273b?context=explore > but couldn't. Would it be possible to identify the point where the > error is returned? > The problem is the value returned by gnutls_cipher_init which is different between architectures. - On an amd64 architecture, gnutls_cipher_init with an incorrect key length returns GNUTLE_E_SUCCESS - On an ArmV7 architecture, gnutls_cipher_init with an incorrect key length returns GNUTLS_E_INVALID_REQUEST The documentation on gnutls_cipher_init doesn't mention what must be returned on incorrect parameters. /Nicolas From ueno at gnu.org Thu Sep 23 06:44:27 2021 From: ueno at gnu.org (Daiki Ueno) Date: Thu, 23 Sep 2021 06:44:27 +0200 Subject: [gnutls-help] gnutls_cipher_init Error on armv7 architecture but not on amd64 In-Reply-To: <8822d6e0-b90f-a2e0-c704-0d70f3f2356e@babelouest.org> (Nicolas Mora's message of "Wed, 22 Sep 2021 15:30:35 -0400") References: <441f8739-4e83-8944-76d9-a232f818d706@babelouest.org> <871r5gzsn9.fsf-ueno@gnu.org> <8822d6e0-b90f-a2e0-c704-0d70f3f2356e@babelouest.org> Message-ID: <87tuibq4t0.fsf-ueno@gnu.org> Nicolas Mora writes: > The problem is the value returned by gnutls_cipher_init which is > different between architectures. > > - On an amd64 architecture, gnutls_cipher_init with an incorrect key > length returns GNUTLE_E_SUCCESS > - On an ArmV7 architecture, gnutls_cipher_init with an incorrect key > length returns GNUTLS_E_INVALID_REQUEST Key length mismatch is just my random guess, so I would like to first confirm that it works if you truncate the key to 16 bytes? If so, it's likely that we miss some checks when calling out our accelerated code (lib/accelerated/x86/aes-gcm-*.c) or nettle functions (I'm more worried about what happens -- under valgrind or ASan -- if you use a shorter key). > The documentation on gnutls_cipher_init doesn't mention what must be > returned on incorrect parameters. Absolutely. Regards, -- Daiki Ueno