From 1aa4ecd95d8d67d21731a00646326a71295dafa3 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Sun, 17 Aug 2008 17:01:56 +1000 Subject: [PATCH] crypto: cryptomgr - Test ciphers using ECB As it is we only test ciphers when combined with a mode. That means users that do not invoke a mode of operations may get an untested cipher. This patch tests all ciphers using the ECB mode so that simple cipher users such as ansi-cprng are also protected. Signed-off-by: Herbert Xu --- crypto/algboss.c | 5 +- crypto/testmgr.c | 214 +++++++++++++++++++++++++++++++++++++---------- 2 files changed, 169 insertions(+), 50 deletions(-) diff --git a/crypto/algboss.c b/crypto/algboss.c index ed9f663c82c..4601e4267c8 100644 --- a/crypto/algboss.c +++ b/crypto/algboss.c @@ -210,10 +210,7 @@ static int cryptomgr_test(void *data) CRYPTO_ALG_TYPE_BLKCIPHER_MASK) && !(type & CRYPTO_ALG_GENIV)) goto skiptest; - if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) - goto skiptest; - - err = alg_test(param->driver, param->alg, 0, CRYPTO_ALG_TESTED); + err = alg_test(param->driver, param->alg, type, CRYPTO_ALG_TESTED); skiptest: crypto_alg_tested(param->driver, err); diff --git a/crypto/testmgr.c b/crypto/testmgr.c index e8666b3ead6..b828c6cf1b1 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -541,8 +541,73 @@ out: return ret; } -static int test_cipher(struct crypto_ablkcipher *tfm, int enc, +static int test_cipher(struct crypto_cipher *tfm, int enc, struct cipher_testvec *template, unsigned int tcount) +{ + const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm)); + unsigned int i, j, k; + int ret; + char *q; + const char *e; + void *data; + + if (enc == ENCRYPT) + e = "encryption"; + else + e = "decryption"; + + j = 0; + for (i = 0; i < tcount; i++) { + if (template[i].np) + continue; + + j++; + + data = xbuf[0]; + memcpy(data, template[i].input, template[i].ilen); + + crypto_cipher_clear_flags(tfm, ~0); + if (template[i].wk) + crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY); + + ret = crypto_cipher_setkey(tfm, template[i].key, + template[i].klen); + if (!ret == template[i].fail) { + printk(KERN_ERR "alg: cipher: setkey failed " + "on test %d for %s: flags=%x\n", j, + algo, crypto_cipher_get_flags(tfm)); + goto out; + } else if (ret) + continue; + + for (k = 0; k < template[i].ilen; + k += crypto_cipher_blocksize(tfm)) { + if (enc) + crypto_cipher_encrypt_one(tfm, data + k, + data + k); + else + crypto_cipher_decrypt_one(tfm, data + k, + data + k); + } + + q = data; + if (memcmp(q, template[i].result, template[i].rlen)) { + printk(KERN_ERR "alg: cipher: Test %d failed " + "on %s for %s\n", j, e, algo); + hexdump(q, template[i].rlen); + ret = -EINVAL; + goto out; + } + } + + ret = 0; + +out: + return ret; +} + +static int test_skcipher(struct crypto_ablkcipher *tfm, int enc, + struct cipher_testvec *template, unsigned int tcount) { const char *algo = crypto_tfm_alg_driver_name(crypto_ablkcipher_tfm(tfm)); @@ -565,8 +630,8 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc, req = ablkcipher_request_alloc(tfm, GFP_KERNEL); if (!req) { - printk(KERN_ERR "alg: cipher: Failed to allocate request for " - "%s\n", algo); + printk(KERN_ERR "alg: skcipher: Failed to allocate request " + "for %s\n", algo); ret = -ENOMEM; goto out; } @@ -595,7 +660,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc, ret = crypto_ablkcipher_setkey(tfm, template[i].key, template[i].klen); if (!ret == template[i].fail) { - printk(KERN_ERR "alg: cipher: setkey failed " + printk(KERN_ERR "alg: skcipher: setkey failed " "on test %d for %s: flags=%x\n", j, algo, crypto_ablkcipher_get_flags(tfm)); goto out; @@ -623,7 +688,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc, } /* fall through */ default: - printk(KERN_ERR "alg: cipher: %s failed on " + printk(KERN_ERR "alg: skcipher: %s failed on " "test %d for %s: ret=%d\n", e, j, algo, -ret); goto out; @@ -631,8 +696,8 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc, q = data; if (memcmp(q, template[i].result, template[i].rlen)) { - printk(KERN_ERR "alg: cipher: Test %d failed " - "on %s for %s\n", j, e, algo); + printk(KERN_ERR "alg: skcipher: Test %d " + "failed on %s for %s\n", j, e, algo); hexdump(q, template[i].rlen); ret = -EINVAL; goto out; @@ -659,7 +724,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc, ret = crypto_ablkcipher_setkey(tfm, template[i].key, template[i].klen); if (!ret == template[i].fail) { - printk(KERN_ERR "alg: cipher: setkey failed " + printk(KERN_ERR "alg: skcipher: setkey failed " "on chunk test %d for %s: flags=%x\n", j, algo, crypto_ablkcipher_get_flags(tfm)); @@ -710,7 +775,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc, } /* fall through */ default: - printk(KERN_ERR "alg: cipher: %s failed on " + printk(KERN_ERR "alg: skcipher: %s failed on " "chunk test %d for %s: ret=%d\n", e, j, algo, -ret); goto out; @@ -724,7 +789,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc, if (memcmp(q, template[i].result + temp, template[i].tap[k])) { - printk(KERN_ERR "alg: cipher: Chunk " + printk(KERN_ERR "alg: skcipher: Chunk " "test %d failed on %s at page " "%u for %s\n", j, e, k, algo); hexdump(q, template[i].tap[k]); @@ -735,7 +800,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc, for (n = 0; offset_in_page(q + n) && q[n]; n++) ; if (n) { - printk(KERN_ERR "alg: cipher: " + printk(KERN_ERR "alg: skcipher: " "Result buffer corruption in " "chunk test %d on %s at page " "%u for %s: %u bytes:\n", j, e, @@ -849,10 +914,10 @@ out: static int alg_test_cipher(const struct alg_test_desc *desc, const char *driver, u32 type, u32 mask) { - struct crypto_ablkcipher *tfm; + struct crypto_cipher *tfm; int err = 0; - tfm = crypto_alloc_ablkcipher(driver, type, mask); + tfm = crypto_alloc_cipher(driver, type, mask); if (IS_ERR(tfm)) { printk(KERN_ERR "alg: cipher: Failed to load transform for " "%s: %ld\n", driver, PTR_ERR(tfm)); @@ -870,6 +935,35 @@ static int alg_test_cipher(const struct alg_test_desc *desc, err = test_cipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs, desc->suite.cipher.dec.count); +out: + crypto_free_cipher(tfm); + return err; +} + +static int alg_test_skcipher(const struct alg_test_desc *desc, + const char *driver, u32 type, u32 mask) +{ + struct crypto_ablkcipher *tfm; + int err = 0; + + tfm = crypto_alloc_ablkcipher(driver, type, mask); + if (IS_ERR(tfm)) { + printk(KERN_ERR "alg: skcipher: Failed to load transform for " + "%s: %ld\n", driver, PTR_ERR(tfm)); + return PTR_ERR(tfm); + } + + if (desc->suite.cipher.enc.vecs) { + err = test_skcipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs, + desc->suite.cipher.enc.count); + if (err) + goto out; + } + + if (desc->suite.cipher.dec.vecs) + err = test_skcipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs, + desc->suite.cipher.dec.count); + out: crypto_free_ablkcipher(tfm); return err; @@ -920,7 +1014,7 @@ static int alg_test_hash(const struct alg_test_desc *desc, const char *driver, static const struct alg_test_desc alg_test_descs[] = { { .alg = "cbc(aes)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -935,7 +1029,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "cbc(anubis)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -950,7 +1044,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "cbc(blowfish)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -965,7 +1059,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "cbc(camellia)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -980,7 +1074,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "cbc(des)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -995,7 +1089,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "cbc(des3_ede)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1010,7 +1104,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "cbc(twofish)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1049,7 +1143,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "cts(cbc(aes))", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1079,7 +1173,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(aes)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1094,7 +1188,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(anubis)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1109,7 +1203,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(arc4)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1124,7 +1218,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(blowfish)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1139,7 +1233,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(camellia)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1154,7 +1248,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(cast5)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1169,7 +1263,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(cast6)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1184,7 +1278,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(des)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1199,7 +1293,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(des3_ede)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1214,7 +1308,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(khazad)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1229,7 +1323,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(seed)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1244,7 +1338,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(serpent)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1259,7 +1353,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(tea)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1274,7 +1368,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(tnepres)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1289,7 +1383,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(twofish)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1304,7 +1398,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(xeta)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1319,7 +1413,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(xtea)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1421,7 +1515,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "lrw(aes)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1478,7 +1572,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "pcbc(fcrypt)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1493,7 +1587,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "rfc3686(ctr(aes))", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1544,7 +1638,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "salsa20", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1663,7 +1757,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "xts(aes)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1679,7 +1773,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }; -int alg_test(const char *driver, const char *alg, u32 type, u32 mask) +static int alg_find_test(const char *alg) { int start = 0; int end = ARRAY_SIZE(alg_test_descs); @@ -1698,10 +1792,38 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask) continue; } - return alg_test_descs[i].test(alg_test_descs + i, driver, - type, mask); + return i; + } + + return -1; +} + +int alg_test(const char *driver, const char *alg, u32 type, u32 mask) +{ + int i; + + if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) { + char nalg[CRYPTO_MAX_ALG_NAME]; + + if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >= + sizeof(nalg)) + return -ENAMETOOLONG; + + i = alg_find_test(nalg); + if (i < 0) + goto notest; + + return alg_test_cipher(alg_test_descs + i, driver, type, mask); } + i = alg_find_test(alg); + if (i < 0) + goto notest; + + return alg_test_descs[i].test(alg_test_descs + i, driver, + type, mask); + +notest: printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver); return 0; } -- 2.41.1