Project

General

Profile

Issue #3507

Unable to load parallel crypto modules with tcrypt and pcrypt

Added by Rakesh Patil about 1 month ago. Updated about 1 month ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
kernel
Affected version:
5.7.2
Resolution:

Description

Running strongswan 5.7.2 on RHEL7.7, I m unable to load specific algorithmic modules using pcrypt, tcrypt or crconf. The documentation I referred is : https://wiki.strongswan.org/projects/strongswan/wiki/Pcrypt

[root@rhelvm1 ~]# modprobe tcrypt alg="pcrypt(rfc4106(gcm(aes)))" type=3
modprobe: ERROR: could not insert 'tcrypt': Unknown symbol in module, or unknown parameter (see dmesg)

[ 226.666281] alg: No test for fips(ansi_cprng) (fips_ansi_cprng)

[root@rhelvm1 ~]# lsmod |grep -i crypt
pcrypt 13389 2
cryptd 20359 5 ghash_clmulni_intel,aesni_intel,ablk_helper

OR

[root@rhelvm1 ~]# crconf add driver "pcrypt(rfc4106(gcm(aes)))" type=3
Cannot open netlink socket: Protocol not supported

[ 7538.660350] tcrypt: one or more tests failed!
[ 7560.771335] INFO: task cryptomgr_test:18215 blocked for more than 120 seconds.
[ 7560.779102] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 7560.785812] cryptomgr_test D ffff88102b309fa0 0 18215 2 0x00000080
[ 7560.792453] Call Trace:
[ 7560.794906] [<ffffffff816bb8d9>] schedule+0x29/0x70
[ 7560.799597] [<ffffffff816b9299>] schedule_timeout+0x239/0x2c0
[ 7560.804581] [<ffffffff810ad3dc>] ? __queue_work+0x13c/0x3e0
[ 7560.809047] [<ffffffff816bbc8d>] wait_for_completion+0xfd/0x140
[ 7560.814421] [<ffffffff810cb100>] ? wake_up_state+0x20/0x20
[ 7560.819243] [<ffffffff812efc06>] __test_aead+0x8b6/0x1080
[ 7560.826382] [<ffffffff812e3164>] ? __crypto_alloc_tfm+0x114/0x190
[ 7560.831477] [<ffffffff812e48d5>] ? crypto_spawn_tfm+0x45/0x80
[ 7560.836905] [<ffffffff812ea0ee>] ? seqiv_aead_init+0x3e/0x50
[ 7560.841746] [<ffffffff812e3164>] ? __crypto_alloc_tfm+0x114/0x190
[ 7560.846774] [<ffffffff812e48d5>] ? crypto_spawn_tfm+0x45/0x80
[ 7560.852189] [<ffffffff812e3164>] ? __crypto_alloc_tfm+0x114/0x190
[ 7560.857222] [<ffffffff812f03f4>] test_aead+0x24/0x50
[ 7560.889973] [<ffffffff812f046d>] alg_test_aead+0x4d/0xb0
[ 7560.899837] [<ffffffff812ed89c>] alg_test+0xec/0x300
[ 7560.904954] [<ffffffff812ec330>] ? crypto_unregister_kpp+0x20/0x20
[ 7560.910547] [<ffffffff812ec371>] cryptomgr_test+0x41/0x50
[ 7560.915573] [<ffffffff810b74d1>] kthread+0xd1/0xe0
[ 7560.921037] [<ffffffff810b7400>] ? insert_kthread_work+0x40/0x40
[ 7560.926281] [<ffffffff816c8537>] ret_from_fork+0x77/0xb0
[ 7560.930822] [<ffffffff810b7400>] ? insert_kthread_work+0x40/0x40

History

#1 Updated by Tobias Brunner about 1 month ago

  • Category set to kernel
  • Status changed from New to Feedback

[root@rhelvm1 ~]# modprobe tcrypt alg="pcrypt(rfc4106(gcm(aes)))" type=3
modprobe: ERROR: could not insert 'tcrypt': Unknown symbol in module, or unknown parameter (see dmesg)

It's possible that this is an "OK" error, but I really don't know. You'd have to check what /proc/crypto eventually shows.

[root@rhelvm1 ~]# crconf add driver "pcrypt(rfc4106(gcm(aes)))" type=3
Cannot open netlink socket: Protocol not supported

As described on pcrypt, this requires the crypto_user module, which is not available (or not loaded) here apparently.

[ 7538.660350] tcrypt: one or more tests failed!
[ 7560.771335] INFO: task cryptomgr_test:18215 blocked for more than 120 seconds.

That doesn't sound good. But you'd have to check with the kernel devs what exactly it means. It seems to happen while testing some AEAD implementation.

I'm not sure if pcrypt actually works properly on current kernels (or what the expected gain would be) and even if it does it only increases performance if you have many flows and may require network devices with multiple queues, stuff like RSS/RPS, IRQ pinning/management, etc.

Also available in: Atom PDF