AES-CFB-128 test failed (using wpa_supplicant)

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

AES-CFB-128 test failed (using wpa_supplicant)

Belisko Marek
Hi,

I'm using wpa_supplicant v2.4 on custom x86 platform (VIA board). When
I'm trying
connect to AP with WPA2 and AES encryption I cannot connect due to the
errors like (with TKIP it works fine):

selftest for CFB failed - see syslog for details

and when inspecting syslog I found :
Libgcrypt warning: AES-CFB-128 test failed (plaintext mismatch, parallel path)

I'm using libgcryp 1.6.3 and whole system is build using yocto.
Compared to my laptop with same version of wpa_suplicant (v2.4) but
libgcrypt was 1.6.5 it works fine here . Could it be some missing
configuration or any pointer where to look? I have enabled in kernel
config CONFIG_CRYPTO_AES_NI_INTEL=y and also
CONFIG_CRYPTO_DEV_PADLOCK_AES=y. Thanks a lot.

BR,

marek

--
as simple and primitive as possible
-------------------------------------------------
Marek Belisko - OPEN-NANDRA
Freelance Developer

Ruska Nova Ves 219 | Presov, 08005 Slovak Republic
Tel: +421 915 052 184
skype: marekwhite
twitter: #opennandra
web: http://open-nandra.com

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: AES-CFB-128 test failed (using wpa_supplicant)

Jussi Kivilinna-2
Hello,

On 06.06.2017 10:17, Belisko Marek wrote:
> Hi,
>
> I'm using wpa_supplicant v2.4 on custom x86 platform (VIA board). When
> I'm trying
> connect to AP with WPA2 and AES encryption I cannot connect due to the
> errors like (with TKIP it works fine):
>
> selftest for CFB failed - see syslog for details

Looks like there is wrong use of assembly operand constraints in Padlock
accelerated AES code. Can you test if the attached patch helps? Patch is
for libgcrypt-1.6.x.

-Jussi

>
> and when inspecting syslog I found :
> Libgcrypt warning: AES-CFB-128 test failed (plaintext mismatch, parallel path)
>
> I'm using libgcryp 1.6.3 and whole system is build using yocto.
> Compared to my laptop with same version of wpa_suplicant (v2.4) but
> libgcrypt was 1.6.5 it works fine here . Could it be some missing
> configuration or any pointer where to look? I have enabled in kernel
> config CONFIG_CRYPTO_AES_NI_INTEL=y and also
> CONFIG_CRYPTO_DEV_PADLOCK_AES=y. Thanks a lot.
>
> BR,
>
> marek
>

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

fix-padlock-1.patch (1K) Download Attachment
signature.asc (685 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: AES-CFB-128 test failed (using wpa_supplicant)

Belisko Marek
Hi Jussi,

On Tue, Jun 6, 2017 at 6:55 PM, Jussi Kivilinna <[hidden email]> wrote:

> Hello,
>
> On 06.06.2017 10:17, Belisko Marek wrote:
>> Hi,
>>
>> I'm using wpa_supplicant v2.4 on custom x86 platform (VIA board). When
>> I'm trying
>> connect to AP with WPA2 and AES encryption I cannot connect due to the
>> errors like (with TKIP it works fine):
>>
>> selftest for CFB failed - see syslog for details
>
> Looks like there is wrong use of assembly operand constraints in Padlock
> accelerated AES code. Can you test if the attached patch helps? Patch is
> for libgcrypt-1.6.x.
After applying patch there are no more erro messages in syslog and I
can connect to wifi successfully.
Thanks a lot. Is this patch present in newer version of libgcrypt? Thanks.

>
> -Jussi
>
>>
>> and when inspecting syslog I found :
>> Libgcrypt warning: AES-CFB-128 test failed (plaintext mismatch, parallel path)
>>
>> I'm using libgcryp 1.6.3 and whole system is build using yocto.
>> Compared to my laptop with same version of wpa_suplicant (v2.4) but
>> libgcrypt was 1.6.5 it works fine here . Could it be some missing
>> configuration or any pointer where to look? I have enabled in kernel
>> config CONFIG_CRYPTO_AES_NI_INTEL=y and also
>> CONFIG_CRYPTO_DEV_PADLOCK_AES=y. Thanks a lot.
>>
>> BR,
>>
>> marek
>>
>
>
> _______________________________________________
> Gcrypt-devel mailing list
> [hidden email]
> http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
>

BR,

marek

--
as simple and primitive as possible
-------------------------------------------------
Marek Belisko - OPEN-NANDRA
Freelance Developer

Ruska Nova Ves 219 | Presov, 08005 Slovak Republic
Tel: +421 915 052 184
skype: marekwhite
twitter: #opennandra
web: http://open-nandra.com

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: AES-CFB-128 test failed (using wpa_supplicant)

Jussi Kivilinna-2
Hello,

On 07.06.2017 00:13, Belisko Marek wrote:

> Hi Jussi,
>
> On Tue, Jun 6, 2017 at 6:55 PM, Jussi Kivilinna <[hidden email]> wrote:
>> Hello,
>>
>> On 06.06.2017 10:17, Belisko Marek wrote:
>>
>> Looks like there is wrong use of assembly operand constraints in Padlock
>> accelerated AES code. Can you test if the attached patch helps? Patch is
>> for libgcrypt-1.6.x.
> After applying patch there are no more erro messages in syslog and I
> can connect to wifi successfully.
> Thanks a lot. Is this patch present in newer version of libgcrypt? Thanks.

Not yet, I'll prepare patch for development branch later this week.

The problem is less likely to manifest in 1.7 and later since
the Padlock assembly function is no longer inlined to bulk AES
functions (in this case CFB). This is because as Padlock function
has moved to separate sourcefile and behind indirect function
call, so compiler is much less likely to generate code that
break.

-Jussi

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Loading...