mirror of
https://github.com/adulau/aha.git
synced 2024-12-28 11:46:19 +00:00
crypto: cryptomgr - Test ciphers using ECB
As it is we only test ciphers when combined with a mode. That means users that do not invoke a mode of operations may get an untested cipher. This patch tests all ciphers using the ECB mode so that simple cipher users such as ansi-cprng are also protected. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
73d3864a48
commit
1aa4ecd95d
2 changed files with 169 additions and 50 deletions
|
@ -210,10 +210,7 @@ static int cryptomgr_test(void *data)
|
|||
CRYPTO_ALG_TYPE_BLKCIPHER_MASK) && !(type & CRYPTO_ALG_GENIV))
|
||||
goto skiptest;
|
||||
|
||||
if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER)
|
||||
goto skiptest;
|
||||
|
||||
err = alg_test(param->driver, param->alg, 0, CRYPTO_ALG_TESTED);
|
||||
err = alg_test(param->driver, param->alg, type, CRYPTO_ALG_TESTED);
|
||||
|
||||
skiptest:
|
||||
crypto_alg_tested(param->driver, err);
|
||||
|
|
214
crypto/testmgr.c
214
crypto/testmgr.c
|
@ -541,7 +541,72 @@ out:
|
|||
return ret;
|
||||
}
|
||||
|
||||
static int test_cipher(struct crypto_ablkcipher *tfm, int enc,
|
||||
static int test_cipher(struct crypto_cipher *tfm, int enc,
|
||||
struct cipher_testvec *template, unsigned int tcount)
|
||||
{
|
||||
const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm));
|
||||
unsigned int i, j, k;
|
||||
int ret;
|
||||
char *q;
|
||||
const char *e;
|
||||
void *data;
|
||||
|
||||
if (enc == ENCRYPT)
|
||||
e = "encryption";
|
||||
else
|
||||
e = "decryption";
|
||||
|
||||
j = 0;
|
||||
for (i = 0; i < tcount; i++) {
|
||||
if (template[i].np)
|
||||
continue;
|
||||
|
||||
j++;
|
||||
|
||||
data = xbuf[0];
|
||||
memcpy(data, template[i].input, template[i].ilen);
|
||||
|
||||
crypto_cipher_clear_flags(tfm, ~0);
|
||||
if (template[i].wk)
|
||||
crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
|
||||
|
||||
ret = crypto_cipher_setkey(tfm, template[i].key,
|
||||
template[i].klen);
|
||||
if (!ret == template[i].fail) {
|
||||
printk(KERN_ERR "alg: cipher: setkey failed "
|
||||
"on test %d for %s: flags=%x\n", j,
|
||||
algo, crypto_cipher_get_flags(tfm));
|
||||
goto out;
|
||||
} else if (ret)
|
||||
continue;
|
||||
|
||||
for (k = 0; k < template[i].ilen;
|
||||
k += crypto_cipher_blocksize(tfm)) {
|
||||
if (enc)
|
||||
crypto_cipher_encrypt_one(tfm, data + k,
|
||||
data + k);
|
||||
else
|
||||
crypto_cipher_decrypt_one(tfm, data + k,
|
||||
data + k);
|
||||
}
|
||||
|
||||
q = data;
|
||||
if (memcmp(q, template[i].result, template[i].rlen)) {
|
||||
printk(KERN_ERR "alg: cipher: Test %d failed "
|
||||
"on %s for %s\n", j, e, algo);
|
||||
hexdump(q, template[i].rlen);
|
||||
ret = -EINVAL;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
||||
out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int test_skcipher(struct crypto_ablkcipher *tfm, int enc,
|
||||
struct cipher_testvec *template, unsigned int tcount)
|
||||
{
|
||||
const char *algo =
|
||||
|
@ -565,8 +630,8 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc,
|
|||
|
||||
req = ablkcipher_request_alloc(tfm, GFP_KERNEL);
|
||||
if (!req) {
|
||||
printk(KERN_ERR "alg: cipher: Failed to allocate request for "
|
||||
"%s\n", algo);
|
||||
printk(KERN_ERR "alg: skcipher: Failed to allocate request "
|
||||
"for %s\n", algo);
|
||||
ret = -ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
|
@ -595,7 +660,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc,
|
|||
ret = crypto_ablkcipher_setkey(tfm, template[i].key,
|
||||
template[i].klen);
|
||||
if (!ret == template[i].fail) {
|
||||
printk(KERN_ERR "alg: cipher: setkey failed "
|
||||
printk(KERN_ERR "alg: skcipher: setkey failed "
|
||||
"on test %d for %s: flags=%x\n", j,
|
||||
algo, crypto_ablkcipher_get_flags(tfm));
|
||||
goto out;
|
||||
|
@ -623,7 +688,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc,
|
|||
}
|
||||
/* fall through */
|
||||
default:
|
||||
printk(KERN_ERR "alg: cipher: %s failed on "
|
||||
printk(KERN_ERR "alg: skcipher: %s failed on "
|
||||
"test %d for %s: ret=%d\n", e, j, algo,
|
||||
-ret);
|
||||
goto out;
|
||||
|
@ -631,8 +696,8 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc,
|
|||
|
||||
q = data;
|
||||
if (memcmp(q, template[i].result, template[i].rlen)) {
|
||||
printk(KERN_ERR "alg: cipher: Test %d failed "
|
||||
"on %s for %s\n", j, e, algo);
|
||||
printk(KERN_ERR "alg: skcipher: Test %d "
|
||||
"failed on %s for %s\n", j, e, algo);
|
||||
hexdump(q, template[i].rlen);
|
||||
ret = -EINVAL;
|
||||
goto out;
|
||||
|
@ -659,7 +724,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc,
|
|||
ret = crypto_ablkcipher_setkey(tfm, template[i].key,
|
||||
template[i].klen);
|
||||
if (!ret == template[i].fail) {
|
||||
printk(KERN_ERR "alg: cipher: setkey failed "
|
||||
printk(KERN_ERR "alg: skcipher: setkey failed "
|
||||
"on chunk test %d for %s: flags=%x\n",
|
||||
j, algo,
|
||||
crypto_ablkcipher_get_flags(tfm));
|
||||
|
@ -710,7 +775,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc,
|
|||
}
|
||||
/* fall through */
|
||||
default:
|
||||
printk(KERN_ERR "alg: cipher: %s failed on "
|
||||
printk(KERN_ERR "alg: skcipher: %s failed on "
|
||||
"chunk test %d for %s: ret=%d\n", e, j,
|
||||
algo, -ret);
|
||||
goto out;
|
||||
|
@ -724,7 +789,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc,
|
|||
|
||||
if (memcmp(q, template[i].result + temp,
|
||||
template[i].tap[k])) {
|
||||
printk(KERN_ERR "alg: cipher: Chunk "
|
||||
printk(KERN_ERR "alg: skcipher: Chunk "
|
||||
"test %d failed on %s at page "
|
||||
"%u for %s\n", j, e, k, algo);
|
||||
hexdump(q, template[i].tap[k]);
|
||||
|
@ -735,7 +800,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc,
|
|||
for (n = 0; offset_in_page(q + n) && q[n]; n++)
|
||||
;
|
||||
if (n) {
|
||||
printk(KERN_ERR "alg: cipher: "
|
||||
printk(KERN_ERR "alg: skcipher: "
|
||||
"Result buffer corruption in "
|
||||
"chunk test %d on %s at page "
|
||||
"%u for %s: %u bytes:\n", j, e,
|
||||
|
@ -849,10 +914,10 @@ out:
|
|||
static int alg_test_cipher(const struct alg_test_desc *desc,
|
||||
const char *driver, u32 type, u32 mask)
|
||||
{
|
||||
struct crypto_ablkcipher *tfm;
|
||||
struct crypto_cipher *tfm;
|
||||
int err = 0;
|
||||
|
||||
tfm = crypto_alloc_ablkcipher(driver, type, mask);
|
||||
tfm = crypto_alloc_cipher(driver, type, mask);
|
||||
if (IS_ERR(tfm)) {
|
||||
printk(KERN_ERR "alg: cipher: Failed to load transform for "
|
||||
"%s: %ld\n", driver, PTR_ERR(tfm));
|
||||
|
@ -870,6 +935,35 @@ static int alg_test_cipher(const struct alg_test_desc *desc,
|
|||
err = test_cipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs,
|
||||
desc->suite.cipher.dec.count);
|
||||
|
||||
out:
|
||||
crypto_free_cipher(tfm);
|
||||
return err;
|
||||
}
|
||||
|
||||
static int alg_test_skcipher(const struct alg_test_desc *desc,
|
||||
const char *driver, u32 type, u32 mask)
|
||||
{
|
||||
struct crypto_ablkcipher *tfm;
|
||||
int err = 0;
|
||||
|
||||
tfm = crypto_alloc_ablkcipher(driver, type, mask);
|
||||
if (IS_ERR(tfm)) {
|
||||
printk(KERN_ERR "alg: skcipher: Failed to load transform for "
|
||||
"%s: %ld\n", driver, PTR_ERR(tfm));
|
||||
return PTR_ERR(tfm);
|
||||
}
|
||||
|
||||
if (desc->suite.cipher.enc.vecs) {
|
||||
err = test_skcipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs,
|
||||
desc->suite.cipher.enc.count);
|
||||
if (err)
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (desc->suite.cipher.dec.vecs)
|
||||
err = test_skcipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs,
|
||||
desc->suite.cipher.dec.count);
|
||||
|
||||
out:
|
||||
crypto_free_ablkcipher(tfm);
|
||||
return err;
|
||||
|
@ -920,7 +1014,7 @@ static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
|
|||
static const struct alg_test_desc alg_test_descs[] = {
|
||||
{
|
||||
.alg = "cbc(aes)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -935,7 +1029,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "cbc(anubis)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -950,7 +1044,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "cbc(blowfish)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -965,7 +1059,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "cbc(camellia)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -980,7 +1074,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "cbc(des)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -995,7 +1089,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "cbc(des3_ede)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1010,7 +1104,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "cbc(twofish)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1049,7 +1143,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "cts(cbc(aes))",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1079,7 +1173,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(aes)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1094,7 +1188,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(anubis)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1109,7 +1203,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(arc4)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1124,7 +1218,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(blowfish)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1139,7 +1233,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(camellia)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1154,7 +1248,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(cast5)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1169,7 +1263,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(cast6)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1184,7 +1278,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(des)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1199,7 +1293,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(des3_ede)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1214,7 +1308,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(khazad)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1229,7 +1323,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(seed)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1244,7 +1338,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(serpent)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1259,7 +1353,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(tea)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1274,7 +1368,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(tnepres)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1289,7 +1383,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(twofish)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1304,7 +1398,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(xeta)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1319,7 +1413,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "ecb(xtea)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1421,7 +1515,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "lrw(aes)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1478,7 +1572,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "pcbc(fcrypt)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1493,7 +1587,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "rfc3686(ctr(aes))",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1544,7 +1638,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "salsa20",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1663,7 +1757,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
}, {
|
||||
.alg = "xts(aes)",
|
||||
.test = alg_test_cipher,
|
||||
.test = alg_test_skcipher,
|
||||
.suite = {
|
||||
.cipher = {
|
||||
.enc = {
|
||||
|
@ -1679,7 +1773,7 @@ static const struct alg_test_desc alg_test_descs[] = {
|
|||
}
|
||||
};
|
||||
|
||||
int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
|
||||
static int alg_find_test(const char *alg)
|
||||
{
|
||||
int start = 0;
|
||||
int end = ARRAY_SIZE(alg_test_descs);
|
||||
|
@ -1698,10 +1792,38 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
|
|||
continue;
|
||||
}
|
||||
|
||||
return alg_test_descs[i].test(alg_test_descs + i, driver,
|
||||
type, mask);
|
||||
return i;
|
||||
}
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
|
||||
{
|
||||
int i;
|
||||
|
||||
if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
|
||||
char nalg[CRYPTO_MAX_ALG_NAME];
|
||||
|
||||
if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >=
|
||||
sizeof(nalg))
|
||||
return -ENAMETOOLONG;
|
||||
|
||||
i = alg_find_test(nalg);
|
||||
if (i < 0)
|
||||
goto notest;
|
||||
|
||||
return alg_test_cipher(alg_test_descs + i, driver, type, mask);
|
||||
}
|
||||
|
||||
i = alg_find_test(alg);
|
||||
if (i < 0)
|
||||
goto notest;
|
||||
|
||||
return alg_test_descs[i].test(alg_test_descs + i, driver,
|
||||
type, mask);
|
||||
|
||||
notest:
|
||||
printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
|
||||
return 0;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue