Android gpg-agent crashes in libgcrypt when signing, decrypting, importing secret keys
Hans-Christoph Steiner
hans at guardianproject.info
Fri Jan 31 03:20:24 CET 2014
On 01/30/2014 02:56 PM, Hans-Christoph Steiner wrote:
>
> On 01/30/2014 02:49 PM, Hans-Christoph Steiner wrote:
>>
>>
>> On 01/30/2014 10:43 AM, Jussi Kivilinna wrote:
>>> On 30.01.2014 00:59, Hans-Christoph Steiner wrote:
>>>>
>>>>
>>>> On 01/28/2014 05:48 PM, Werner Koch wrote:
>>>>> On Tue, 28 Jan 2014 20:41, hans at guardianproject.info said:
>>>>>
>>>>>> I don't know if you saw this, but the current builds have these ./configure
>>>>>> flags in them:
>>>>>> --disable-padlock-support --disable-drng-support --disable-neon-support. The
>>>>>
>>>>> FWIW: --disable-neon-support was not working until I fixed that in
>>>>> master this afternoon.
>>>>
>>>> That was very helpful! Now all the tests so far pass on the emulator.
>>>
>>> Good news.
>>>
>>>> The
>>>> problem is that is has gotten stuck on libgcrypt/tests/random for over an
>>>> hour. Its stuck here:
>>>>
>>>> random: now running with options '--early-rng-check --prefer-system-rng'
>>>> random: checking whether RNG type switching works in the early stage
>>>> random: checking whether RNG type switching works
>>>> random: now running with options '--prefer-standard-rng'
>>>> random: checking whether RNG type switching works
>>>> random: now running with options '--prefer-fips-rng'
>>>> random: checking whether RNG type switching works
>>>>
>>>> The full test log is attached, the build log is here:
>>>> https://dev.guardianproject.info/attachments/download/1138/gpga-build_with-working---disable-neon-support.txt.bz2
>>>>
>>>> It would be great to also continue to debug the NEON support, since it'll make
>>>> a huge difference on Android devices. I think this change above confirms that
>>>> the process is working properly, sounds like the next step is getting Jussi
>>>> setup with an Android SDK/NDK and emulator. I'm happy to help with that
>>>> process, it shouldn't take longer than an hour. In my experience, it
>>>> generally much easier to do on Debian/Ubuntu.
>>>
>>> I setup SDK&NDK yesterday and managed to build 'make -C external/' and ndk-build stages.
>>>
>>> ant clean debug fails with:
>>> <snip>
>>> debug:
>>>
>>> -code-gen:
>>> [mergemanifest] Merging AndroidManifest files into one.
>>> [mergemanifest] Manifest merger disabled. Using project manifest only.
>>> [echo] Handling aidl files...
>>> [aidl] No AIDL files to compile.
>>> [echo] ----------
>>> [echo] Handling RenderScript files...
>>> [echo] ----------
>>> [echo] Handling Resources...
>>> [aapt] Generating resource IDs...
>>> [aapt] /home/jussi/kernel/gnupg-for-android/res/layout/first_run_setup_activity.xml:21: error: No resource identifier found for attribute 'textAlignment' in package 'android'
>>> [aapt] /home/jussi/kernel/gnupg-for-android/res/layout/first_run_welcome_activity.xml:22: error: No resource identifier found for attribute 'textAlignment' in package 'android'
>>> [aapt] /home/jussi/kernel/gnupg-for-android/res/layout/first_run_welcome_activity.xml:37: error: No resource identifier found for attribute 'textAlignment' in package 'android'
>>> [aapt] aapt: warning: string 'dialog_share_file_using' has no default translation in /home/jussi/kernel/gnupg-for-android/libs/appcompat/res; found: cs de es pl
>>>
>>> BUILD FAILED
>>> /home/jussi/android-sdk-linux/tools/ant/build.xml:653: The following error occurred while executing this line:
>>> /home/jussi/android-sdk-linux/tools/ant/build.xml:698: null returned: 1
>>>
>>> Total time: 3 seconds
>>>
>>> I'll look more closely at this on weekend.
>>
>> Odd that this didn't fail on our build server, but I pushed a fix for this
>> anyhow. Here is the whole procedure for including the tests in the APK:
>>
>> make -C external/ distclean clean-assets
>> make -C external/
>> make -C external/ assets-tests
>> ndk-build clean
>> ndk-build
>> ./setup-ant.sh
>> ant clean debug
>>
>> Then to run the tests, first install the APK and run it so that it sets up all
>> of its included assets. Once the Android app has completed its initial setup, run:
>>
>> ./assets/tests/launch_run-tests_on-android.sh
>>
>> Since the whole thing is quite a big package, I find it easier to copy only
>> the tests that changed into place using `adb push`. That only works if you
>> have root access to your device, which you do for an emulator.
>>
>> You can also use `adb shell` to get a shell and run things there. Keep in
>> mind that the only way an executable can find shared libraries is by setting
>> LD_LIBRARY_PATH, so you'll probably need to set that in `adb shell` in order
>> for the tests to find the shared libraries. That would look something like this:
>>
>> export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/data/data/info.guardianproject/gpg/lib:\
>> /data/data/info.guardianproject/gpg/app_opt/lib
>>
>> .hc
>
> I forgot to add, I attached two patches which I use for the testing setup.
>
> .hc
Ok, I removed --prefer-fips-rng from the random test, and all the rest work
fine, and complete in well under an hour. So its just fdpassing and 'random
--prefer-fips-rng' that are still failing.
As for the NEON build, I removed -mno-unaligned-access from libgcrypt CFLAGS,
and removed --disable-padlock-support --disable-drng-support
--disable-neon-support from libgcrypt ./configure, and it detects NEON
support, and all of the same tests pass. Since the failures, I've switched
libgcrypt from master to the 1.6.x branch, which does not include "Parse
/proc/cpuinfo for ARM HW features". So its likely building with NEON
instructions, but not running with them on the device.
Here's the submodule change list from master to 1.6.x:
> cipher: Take care of ENABLE_NEON_SUPPORT.
> Post release updates.
> Release 1.6.1.
> Reserve control code for FIPS extensions.
> Support non weak symbol pthread platforms.
> tests: Remove non-portable format specifiers.
> Fix RSA Blinding.
> sexp: Fix broken gcry_sexp_nth.
> mpi: Minor fix for Atari-mint.
> tests: Pass -no-install to libtool
> Fix most of memory leaks in tests code
> Fix memory leaks in ecc code
> Check compiler features only for the relevant platform.
> Truncate hash values for ECDSA signature scheme
> Support locking under Windows.
> cipher: Fix commit 77f28793
> md: Add Whirlpool bug emulation feature.
> PBKDF2: Use gcry_md_reset to speed up calculation.
> Update NEWS.
> Fix macro conflict in NetBSD
> Fix typo in search_oid
> Correct formatting of gcry_mac_get_algo_keylen documentation
> * cipher/Makefile.am: Add 'blowfish-arm.S' and 'serpent-armv7-neon.S'. --
> Fix buggy/incomplete detection of AVX/AVX2 support
> Use the generic autogen.sh script.
> Move all helper scripts to build-aux/
< Fix another minor typo.
< Typo fixes.
< Add blowfish/serpent ARM assembly files to Makefile.am
< Add AMD64 assembly implementation for arcfour
< Parse /proc/cpuinfo for ARM HW features
< Fix buggy/incomplete detection of AVX/AVX2 support
< Change utf-8 copyright characters to '(C)'
< Add ARM/NEON implementation for SHA-1
< Improve performance of SHA-512/ARM/NEON implementation
< Add AVX and AVX2/BMI implementations for SHA-256
< Add AVX and AVX/BMI2 implementations for SHA-1
< SHA-1/SSSE3: Improve performance on large buffers
< Add bulk processing for hash transform functions
< Open new development branch.
.hc
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 969 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140130/370f8bc7/attachment-0001.sig>
More information about the Gnupg-devel
mailing list