From patchwork Thu Feb 21 05:30:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10823163 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1C15B13A4 for ; Thu, 21 Feb 2019 05:31:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 090E32F3E8 for ; Thu, 21 Feb 2019 05:31:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F110C2F3FD; Thu, 21 Feb 2019 05:31:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 14F8B2F3F6 for ; Thu, 21 Feb 2019 05:31:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725831AbfBUFbE (ORCPT ); Thu, 21 Feb 2019 00:31:04 -0500 Received: from mail.kernel.org ([198.145.29.99]:58296 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725814AbfBUFbD (ORCPT ); Thu, 21 Feb 2019 00:31:03 -0500 Received: from sol.localdomain (c-107-3-167-184.hsd1.ca.comcast.net [107.3.167.184]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 35617214AF; Thu, 21 Feb 2019 05:31:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1550727062; bh=qIJ4uBZwuoShBSN68gJOIxZ4mZ7uwp0tjjOcS/mqFB4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mI1s4R7nJAMEaaAriksuD5QpRK5s/Ue3cRrY3N8DDaYfHr3W/tpNbnYgCGgHEoTGO Jbes02TC534zzLPiyn/VXnq8V5fTNGo+G9B/+0Vsn0rJjbRwXsc/8Mcc4wxG7ew1Sm cXDSPwxmeIqT+wRhrrs5wh2o1wVUlXhONRuPN4ok= From: Eric Biggers To: ltp@lists.linux.it Cc: linux-crypto@vger.kernel.org Subject: [PATCH 1/6] lib: add tst_af_alg lib Date: Wed, 20 Feb 2019 21:30:21 -0800 Message-Id: <20190221053026.18489-2-ebiggers@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190221053026.18489-1-ebiggers@kernel.org> References: <20190221053026.18489-1-ebiggers@kernel.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers Add helper functions for creating and using AF_ALG sockets. AF_ALG is the userspace interface to algorithms in the Linux kernel's crypto API. See https://www.kernel.org/doc/html/latest/crypto/userspace-if.html for more information about this interface. Signed-off-by: Eric Biggers --- configure.ac | 1 + include/lapi/if_alg.h | 40 ++++++++++++ include/tst_af_alg.h | 136 ++++++++++++++++++++++++++++++++++++++ lib/tst_af_alg.c | 147 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 324 insertions(+) create mode 100644 include/lapi/if_alg.h create mode 100644 include/tst_af_alg.h create mode 100644 lib/tst_af_alg.c diff --git a/configure.ac b/configure.ac index caea34462f..229815694c 100644 --- a/configure.ac +++ b/configure.ac @@ -40,6 +40,7 @@ AC_CHECK_HEADERS([ \ linux/cryptouser.h \ linux/genetlink.h \ linux/keyctl.h \ + linux/if_alg.h \ linux/if_packet.h \ linux/if_ether.h \ linux/mempolicy.h \ diff --git a/include/lapi/if_alg.h b/include/lapi/if_alg.h new file mode 100644 index 0000000000..2fc5e7b5e3 --- /dev/null +++ b/include/lapi/if_alg.h @@ -0,0 +1,40 @@ +#ifndef IF_ALG_H__ +#define IF_ALG_H__ + +#ifdef HAVE_LINUX_IF_ALG_H +# include +#else +# include + +struct sockaddr_alg { + uint16_t salg_family; + uint8_t salg_type[14]; + uint32_t salg_feat; + uint32_t salg_mask; + uint8_t salg_name[64]; +}; + +struct af_alg_iv { + uint32_t ivlen; + uint8_t iv[0]; +}; + +/* Socket options */ +#define ALG_SET_KEY 1 +#define ALG_SET_IV 2 +#define ALG_SET_OP 3 +#define ALG_SET_AEAD_ASSOCLEN 4 +#define ALG_SET_AEAD_AUTHSIZE 5 + +/* Operations */ +#define ALG_OP_DECRYPT 0 +#define ALG_OP_ENCRYPT 1 + +#endif /* !HAVE_LINUX_IF_ALG_H */ + +/* This isn't in any UAPI header */ +#ifndef SOL_ALG +# define SOL_ALG 279 +#endif + +#endif /* IF_ALG_H__ */ diff --git a/include/tst_af_alg.h b/include/tst_af_alg.h new file mode 100644 index 0000000000..55f080a574 --- /dev/null +++ b/include/tst_af_alg.h @@ -0,0 +1,136 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2019 Google LLC + */ +/** + * @file tst_af_alg.h + * + * Library for accessing kernel crypto algorithms via AF_ALG. + * + * See https://www.kernel.org/doc/html/latest/crypto/userspace-if.html + * for more information about AF_ALG. + */ + +#ifndef TST_AF_ALG_H +#define TST_AF_ALG_H + +#include "lapi/if_alg.h" +#include + +/** + * Create an AF_ALG algorithm socket. + * + * This creates an AF_ALG algorithm socket that is initially not bound to any + * particular algorithm. On failure, tst_brk() is called with TCONF if the + * kernel doesn't support AF_ALG, otherwise TBROK. + * + * @return a new AF_ALG algorithm socket + */ +int tst_alg_create(void); + +/** + * Bind an AF_ALG algorithm socket to an algorithm. + * + * @param alg_fd An AF_ALG algorithm socket + * @param addr A structure which specifies the algorithm to use + * + * On failure, tst_brk() is called with TCONF if the kernel doesn't support the + * specified algorithm, otherwise TBROK. + */ +void tst_alg_bind_addr(int alg_fd, const struct sockaddr_alg *addr); + +/** + * Bind an AF_ALG algorithm socket to an algorithm. + * + * @param alg_fd An AF_ALG algorithm socket + * @param algtype The type of algorithm, such as "hash" or "skcipher" + * @param algname The name of the algorithm, such as "sha256" or "xts(aes)" + * + * Like tst_alg_bind_addr(), except this just takes in the algorithm type and + * name. The 'feat' and 'mask' fields are left 0. + * + * On failure, tst_brk() is called with TCONF if the kernel doesn't support the + * specified algorithm, otherwise TBROK. + */ +void tst_alg_bind(int alg_fd, const char *algtype, const char *algname); + +/** + * Check for the availability of an algorithm. + * + * @param algtype The type of algorithm, such as "hash" or "skcipher" + * @param algname The name of the algorithm, such as "sha256" or "xts(aes)" + * + * Return true if the algorithm is available, or false if unavailable. + * If another error occurs, tst_brk() is called with TBROK. + */ +bool tst_have_alg(const char *algtype, const char *algname); + +/** + * Require the availability of an algorithm. + * + * @param algtype The type of algorithm, such as "hash" or "skcipher" + * @param algname The name of the algorithm, such as "sha256" or "xts(aes)" + * + * If the algorithm is unavailable, tst_brk() is called with TCONF. + * If another error occurs, tst_brk() is called with TBROK. + */ +void tst_require_alg(const char *algtype, const char *algname); + +/** + * Assign a cryptographic key to an AF_ALG algorithm socket. + * + * @param alg_fd An AF_ALG algorithm socket + * @param key Pointer to the key. If NULL, a random key is generated. + * @param keylen Length of the key in bytes + * + * On failure, tst_brk() is called with TBROK. + */ +void tst_alg_setkey(int alg_fd, const uint8_t *key, unsigned int keylen); + +/** + * Create an AF_ALG request socket for the given algorithm socket. + * + * @param alg_fd An AF_ALG algorithm socket + * + * This creates a request socket for the given algorithm socket, which must be + * bound to an algorithm. The same algorithm socket can have many request + * sockets used concurrently to perform independent cryptographic operations, + * e.g. hashing or encryption/decryption. But the key, if any, that has been + * assigned to the algorithm is shared by all request sockets. + * + * On failure, tst_brk() is called with TBROK. + * + * @return a new AF_ALG request socket + */ +int tst_alg_accept(int alg_fd); + +/** + * Set up an AF_ALG algorithm socket for the given algorithm w/ given key. + * + * @param algtype The type of algorithm, such as "hash" or "skcipher" + * @param algname The name of the algorithm, such as "sha256" or "xts(aes)" + * @param key The key to use (optional) + * @param keylen The length of the key in bytes (optional) + * + * This is a helper function which creates an AF_ALG algorithm socket, binds it + * to the specified algorithm, and optionally sets a key. If keylen is 0 then + * no key is set; otherwise if key is NULL a key of the given length is randomly + * generated and set; otherwise the given key is set. + * + * @return the AF_ALG algorithm socket that was set up + */ +int tst_alg_setup(const char *algtype, const char *algname, + const uint8_t *key, unsigned int keylen); + +/** + * Set up an AF_ALG request socket for the given algorithm w/ given key. + * + * This is like tst_alg_setup(), except this returns a request fd instead of the + * alg fd. The alg fd is closed, so it doesn't need to be kept track of. + * + * @return the AF_ALG request socket that was set up + */ +int tst_alg_setup_reqfd(const char *algtype, const char *algname, + const uint8_t *key, unsigned int keylen); + +#endif /* TST_AF_ALG_H */ diff --git a/lib/tst_af_alg.c b/lib/tst_af_alg.c new file mode 100644 index 0000000000..8702185d6f --- /dev/null +++ b/lib/tst_af_alg.c @@ -0,0 +1,147 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2019 Google LLC + */ + +#include +#include + +#define TST_NO_DEFAULT_MAIN +#include "tst_test.h" +#include "tst_af_alg.h" + +int tst_alg_create(void) +{ + TEST(socket(AF_ALG, SOCK_SEQPACKET, 0)); + if (TST_RET >= 0) + return TST_RET; + if (TST_ERR == EPROTONOSUPPORT) + tst_brk(TCONF, "kernel doesn't support AF_ALG"); + tst_brk(TBROK | TTERRNO, "unexpected error creating AF_ALG socket"); + return -1; +} + +void tst_alg_bind_addr(int algfd, const struct sockaddr_alg *addr) +{ + TEST(bind(algfd, (const struct sockaddr *)addr, sizeof(*addr))); + if (TST_RET == 0) + return; + if (TST_ERR == ENOENT) { + tst_brk(TCONF, "kernel doesn't support %s algorithm '%s'", + addr->salg_type, addr->salg_name); + } + tst_brk(TBROK | TTERRNO, + "unexpected error binding to AF_ALG socket for %s algorithm '%s'", + addr->salg_type, addr->salg_name); +} + +static void init_sockaddr_alg(struct sockaddr_alg *addr, + const char *algtype, const char *algname) +{ + memset(addr, 0, sizeof(*addr)); + + addr->salg_family = AF_ALG; + + strncpy((char *)addr->salg_type, algtype, sizeof(addr->salg_type)); + if (addr->salg_type[sizeof(addr->salg_type) - 1] != '\0') + tst_brk(TBROK, "algorithm type too long: '%s'", algtype); + + strncpy((char *)addr->salg_name, algname, sizeof(addr->salg_name)); + if (addr->salg_name[sizeof(addr->salg_name) - 1] != '\0') + tst_brk(TBROK, "algorithm name too long: '%s'", algname); +} + +void tst_alg_bind(int algfd, const char *algtype, const char *algname) +{ + struct sockaddr_alg addr; + + init_sockaddr_alg(&addr, algtype, algname); + + tst_alg_bind_addr(algfd, &addr); +} + +bool tst_have_alg(const char *algtype, const char *algname) +{ + int algfd; + struct sockaddr_alg addr; + bool have_alg = true; + + algfd = tst_alg_create(); + + init_sockaddr_alg(&addr, algtype, algname); + + TEST(bind(algfd, (const struct sockaddr *)&addr, sizeof(addr))); + if (TST_RET != 0) { + if (TST_ERR != ENOENT) { + tst_brk(TBROK | TTERRNO, + "unexpected error binding to AF_ALG socket for %s algorithm '%s'", + algtype, algname); + } + have_alg = false; + } + + close(algfd); + return have_alg; +} + +void tst_require_alg(const char *algtype, const char *algname) +{ + int algfd = tst_alg_create(); + + tst_alg_bind(algfd, algtype, algname); + + close(algfd); +} + +void tst_alg_setkey(int algfd, const uint8_t *key, unsigned int keylen) +{ + uint8_t *keybuf = NULL; + unsigned int i; + + if (key == NULL) { + /* generate a random key */ + keybuf = SAFE_MALLOC(keylen); + for (i = 0; i < keylen; i++) + keybuf[i] = rand(); + key = keybuf; + } + TEST(setsockopt(algfd, SOL_ALG, ALG_SET_KEY, key, keylen)); + if (TST_RET != 0) { + tst_brk(TBROK | TTERRNO, + "unexpected error setting key (len=%u)", keylen); + } + free(keybuf); +} + +int tst_alg_accept(int algfd) +{ + TEST(accept(algfd, NULL, NULL)); + if (TST_RET < 0) { + tst_brk(TBROK | TTERRNO, + "unexpected error accept()ing AF_ALG request socket"); + } + return TST_RET; +} + +int tst_alg_setup(const char *algtype, const char *algname, + const uint8_t *key, unsigned int keylen) +{ + int algfd = tst_alg_create(); + + tst_alg_bind(algfd, algtype, algname); + + if (keylen != 0) + tst_alg_setkey(algfd, key, keylen); + + return algfd; +} + +int tst_alg_setup_reqfd(const char *algtype, const char *algname, + const uint8_t *key, unsigned int keylen) +{ + int algfd = tst_alg_setup(algtype, algname, key, keylen); + int req_fd = tst_alg_accept(algfd); + + close(algfd); + return req_fd; +} From patchwork Thu Feb 21 05:30:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10823153 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A8FD4139A for ; Thu, 21 Feb 2019 05:31:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 981002F3F6 for ; Thu, 21 Feb 2019 05:31:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8C3852F42A; Thu, 21 Feb 2019 05:31:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2768C2F3F6 for ; Thu, 21 Feb 2019 05:31:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725891AbfBUFbD (ORCPT ); Thu, 21 Feb 2019 00:31:03 -0500 Received: from mail.kernel.org ([198.145.29.99]:58302 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725831AbfBUFbD (ORCPT ); Thu, 21 Feb 2019 00:31:03 -0500 Received: from sol.localdomain (c-107-3-167-184.hsd1.ca.comcast.net [107.3.167.184]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7985B21734; Thu, 21 Feb 2019 05:31:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1550727062; bh=L/8mT/YN7JwwFH4tx9u4eaeOEk1tUKKnDtW3DjJSUuA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ir6ORDvKNF0c2O455JtUYJfCk59AhGxDHf4P/DOiW6DAwcPFZ5DoyJpg3toN5uxO+ /b8SwFFv6EhP0TM4FVBF64FAEHqfCKb9xMLoDa7HL2oUv7n2O1COzuEYmXmmIM6Dsd jmnc9+x7Qmzn013l6B+hFvbMeKmodvnRevGLK7ek= From: Eric Biggers To: ltp@lists.linux.it Cc: linux-crypto@vger.kernel.org Subject: [PATCH 2/6] crypto/af_alg01: new regression test for hmac nesting bug Date: Wed, 20 Feb 2019 21:30:22 -0800 Message-Id: <20190221053026.18489-3-ebiggers@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190221053026.18489-1-ebiggers@kernel.org> References: <20190221053026.18489-1-ebiggers@kernel.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers Signed-off-by: Eric Biggers --- runtest/cve | 1 + testcases/kernel/crypto/.gitignore | 1 + testcases/kernel/crypto/af_alg01.c | 79 ++++++++++++++++++++++++++++++ 3 files changed, 81 insertions(+) create mode 100644 testcases/kernel/crypto/af_alg01.c diff --git a/runtest/cve b/runtest/cve index 8f38045e9a..f46c400cc4 100644 --- a/runtest/cve +++ b/runtest/cve @@ -27,6 +27,7 @@ cve-2017-15299 request_key03 -b cve-2017-15299 cve-2017-15537 ptrace07 cve-2017-15649 fanout01 cve-2017-15951 request_key03 -b cve-2017-15951 +cve-2017-17806 af_alg01 cve-2017-17807 request_key04 cve-2017-1000364 stack_clash cve-2017-5754 meltdown diff --git a/testcases/kernel/crypto/.gitignore b/testcases/kernel/crypto/.gitignore index 759592fbdf..998af17284 100644 --- a/testcases/kernel/crypto/.gitignore +++ b/testcases/kernel/crypto/.gitignore @@ -1,2 +1,3 @@ +af_alg01 pcrypt_aead01 crypto_user01 diff --git a/testcases/kernel/crypto/af_alg01.c b/testcases/kernel/crypto/af_alg01.c new file mode 100644 index 0000000000..79b61de279 --- /dev/null +++ b/testcases/kernel/crypto/af_alg01.c @@ -0,0 +1,79 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2019 Google LLC + */ + +/* + * Regression test for commit af3ff8045bbf ("crypto: hmac - require that the + * underlying hash algorithm is unkeyed"), or CVE-2017-17806. This test + * verifies that the hmac template cannot be nested inside itself. + */ + +#include +#include + +#include "tst_test.h" +#include "tst_af_alg.h" + +static void test_with_hash_alg(const char *hash_algname) +{ + char hmac_algname[64]; + char key[4096] = { 0 }; + + if (!tst_have_alg("hash", hash_algname)) { + tst_res(TCONF, "kernel doesn't have hash algorithm '%s'", + hash_algname); + return; + } + sprintf(hmac_algname, "hmac(%s)", hash_algname); + if (!tst_have_alg("hash", hmac_algname)) { + tst_res(TCONF, "kernel doesn't have hash algorithm '%s'", + hmac_algname); + return; + } + + sprintf(hmac_algname, "hmac(hmac(%s))", hash_algname); + if (tst_have_alg("hash", hmac_algname)) { + int algfd; + + tst_res(TFAIL, "instantiated nested hmac algorithm ('%s')!", + hmac_algname); + + /* + * Be extra annoying; with the bug, setting a key on + * "hmac(hmac(sha3-256-generic))" crashed the kernel. + */ + algfd = tst_alg_setup("hash", hmac_algname, NULL, 0); + if (setsockopt(algfd, SOL_ALG, ALG_SET_KEY, + key, sizeof(key)) == 0) { + tst_res(TFAIL, + "set key on nested hmac algorithm ('%s')!", + hmac_algname); + } + } else { + tst_res(TPASS, + "couldn't instantiate nested hmac algorithm ('%s')", + hmac_algname); + } +} + +static void run(void) +{ + /* try several different unkeyed hash algorithms */ + static const char * const hash_algs[] = { + "md5", "md5-generic", + "sha1", "sha1-generic", + "sha224", "sha224-generic", + "sha256", "sha256-generic", + "sha3-256", "sha3-256-generic", + "sha3-512", "sha3-512-generic", + }; + size_t i; + + for (i = 0; i < ARRAY_SIZE(hash_algs); i++) + test_with_hash_alg(hash_algs[i]); +} + +static struct tst_test test = { + .test_all = run, +}; From patchwork Thu Feb 21 05:30:23 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10823155 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E647A13A4 for ; Thu, 21 Feb 2019 05:31:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D52692F3F6 for ; Thu, 21 Feb 2019 05:31:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C9B9E2F408; Thu, 21 Feb 2019 05:31:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 497AF2F3FD for ; Thu, 21 Feb 2019 05:31:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725932AbfBUFbD (ORCPT ); Thu, 21 Feb 2019 00:31:03 -0500 Received: from mail.kernel.org ([198.145.29.99]:58310 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725648AbfBUFbD (ORCPT ); Thu, 21 Feb 2019 00:31:03 -0500 Received: from sol.localdomain (c-107-3-167-184.hsd1.ca.comcast.net [107.3.167.184]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B252F21738; Thu, 21 Feb 2019 05:31:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1550727062; bh=qONswH9D92mzxsmii4nDlzxEMrCWcwGmATtoTmD7W0U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=n6JBcYoxpsgHWavPAVJp5ppk/0LPo2sD7Md6s8i7DcJCsiZ/Rrx4OVWFZYNjn0nij KZP/1YPLcSwdIpHCdCBhYSlLIum5k84/dFwirCyDZfl64dqq1gp60a5KIdNWfkVRpZ 5FL+rhe7BhlHmnkW8KxU8uMlyaXRaGXoUawFIq1E= From: Eric Biggers To: ltp@lists.linux.it Cc: linux-crypto@vger.kernel.org Subject: [PATCH 3/6] crypto/af_alg02: new regression test for salsa20 empty message bug Date: Wed, 20 Feb 2019 21:30:23 -0800 Message-Id: <20190221053026.18489-4-ebiggers@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190221053026.18489-1-ebiggers@kernel.org> References: <20190221053026.18489-1-ebiggers@kernel.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers Signed-off-by: Eric Biggers --- runtest/cve | 1 + testcases/kernel/crypto/.gitignore | 1 + testcases/kernel/crypto/af_alg02.c | 29 +++++++++++++++++++++++++++++ 3 files changed, 31 insertions(+) create mode 100644 testcases/kernel/crypto/af_alg02.c diff --git a/runtest/cve b/runtest/cve index f46c400cc4..031bcdc2a7 100644 --- a/runtest/cve +++ b/runtest/cve @@ -27,6 +27,7 @@ cve-2017-15299 request_key03 -b cve-2017-15299 cve-2017-15537 ptrace07 cve-2017-15649 fanout01 cve-2017-15951 request_key03 -b cve-2017-15951 +cve-2017-17805 af_alg02 cve-2017-17806 af_alg01 cve-2017-17807 request_key04 cve-2017-1000364 stack_clash diff --git a/testcases/kernel/crypto/.gitignore b/testcases/kernel/crypto/.gitignore index 998af17284..dc79f3275b 100644 --- a/testcases/kernel/crypto/.gitignore +++ b/testcases/kernel/crypto/.gitignore @@ -1,3 +1,4 @@ af_alg01 +af_alg02 pcrypt_aead01 crypto_user01 diff --git a/testcases/kernel/crypto/af_alg02.c b/testcases/kernel/crypto/af_alg02.c new file mode 100644 index 0000000000..a9e8204230 --- /dev/null +++ b/testcases/kernel/crypto/af_alg02.c @@ -0,0 +1,29 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2019 Google LLC + */ + +/* + * Regression test for commit ecaaab564978 ("crypto: salsa20 - fix + * blkcipher_walk API usage"), or CVE-2017-17805. This test verifies that an + * empty message can be encrypted with Salsa20 without crashing the kernel. + */ + +#include "tst_test.h" +#include "tst_af_alg.h" + +static void run(void) +{ + char buf[16]; + int reqfd = tst_alg_setup_reqfd("skcipher", "salsa20", NULL, 16); + + /* With the bug the kernel crashed here */ + if (read(reqfd, buf, 16) == 0) + tst_res(TPASS, "Successfully \"encrypted\" an empty message"); + else + tst_res(TBROK, "read() didn't return 0"); +} + +static struct tst_test test = { + .test_all = run, +}; From patchwork Thu Feb 21 05:30:24 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10823159 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 05C44180E for ; Thu, 21 Feb 2019 05:31:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E9AC12F3F6 for ; Thu, 21 Feb 2019 05:31:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DE41C2F408; Thu, 21 Feb 2019 05:31:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 820152F3FD for ; Thu, 21 Feb 2019 05:31:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725785AbfBUFbE (ORCPT ); Thu, 21 Feb 2019 00:31:04 -0500 Received: from mail.kernel.org ([198.145.29.99]:58316 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725866AbfBUFbD (ORCPT ); Thu, 21 Feb 2019 00:31:03 -0500 Received: from sol.localdomain (c-107-3-167-184.hsd1.ca.comcast.net [107.3.167.184]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id EB96321841; Thu, 21 Feb 2019 05:31:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1550727063; bh=Pf/JjXMmC5Bv9Wyy7WsM65RalSU1ALUXYcJrygTl5qY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IDcouHzqjPpCMwuLHNQbt9dJHVjPvA1CYa2vwH3xTdjEGY/MedLbtDAeZyD+QDVkI Z22oYzR81ScudM+jHn48Chf7B7WRmYMbEj1APfmy9eJP0kEP01EHcWpcxTRZrTPEy9 ddrmkMeyGLlw6Z9p4fsdIO2LGQeaxUJmjUbZS/yw= From: Eric Biggers To: ltp@lists.linux.it Cc: linux-crypto@vger.kernel.org Subject: [PATCH 4/6] crypto/af_alg03: new regression test for rfc7539 hash alg validation Date: Wed, 20 Feb 2019 21:30:24 -0800 Message-Id: <20190221053026.18489-5-ebiggers@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190221053026.18489-1-ebiggers@kernel.org> References: <20190221053026.18489-1-ebiggers@kernel.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers Signed-off-by: Eric Biggers --- testcases/kernel/crypto/.gitignore | 1 + testcases/kernel/crypto/af_alg03.c | 31 ++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 testcases/kernel/crypto/af_alg03.c diff --git a/testcases/kernel/crypto/.gitignore b/testcases/kernel/crypto/.gitignore index dc79f3275b..3e7936fc94 100644 --- a/testcases/kernel/crypto/.gitignore +++ b/testcases/kernel/crypto/.gitignore @@ -1,4 +1,5 @@ af_alg01 af_alg02 +af_alg03 pcrypt_aead01 crypto_user01 diff --git a/testcases/kernel/crypto/af_alg03.c b/testcases/kernel/crypto/af_alg03.c new file mode 100644 index 0000000000..240c52835f --- /dev/null +++ b/testcases/kernel/crypto/af_alg03.c @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2019 Google LLC + */ + +/* + * Regression test for commit e57121d08c38 ("crypto: chacha20poly1305 - validate + * the digest size"). This test verifies that the rfc7539 template can't be + * instantiated with a hash algorithm whose digest size is not 16 bytes. + */ + +#include "tst_test.h" +#include "tst_af_alg.h" + +static void run(void) +{ + tst_require_alg("aead", "rfc7539(chacha20,poly1305)"); + tst_require_alg("hash", "sha256"); + + if (tst_have_alg("aead", "rfc7539(chacha20,sha256)")) { + tst_res(TFAIL, + "instantiated rfc7539 template with wrong digest size"); + } else { + tst_res(TPASS, + "couldn't instantiate rfc7539 template with wrong digest size"); + } +} + +static struct tst_test test = { + .test_all = run, +}; From patchwork Thu Feb 21 05:30:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10823165 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9FBC4180E for ; Thu, 21 Feb 2019 05:31:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8F2ED2F3E8 for ; Thu, 21 Feb 2019 05:31:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 841382F3FD; Thu, 21 Feb 2019 05:31:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 321CA2F3E8 for ; Thu, 21 Feb 2019 05:31:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725814AbfBUFbG (ORCPT ); Thu, 21 Feb 2019 00:31:06 -0500 Received: from mail.kernel.org ([198.145.29.99]:58326 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725880AbfBUFbE (ORCPT ); Thu, 21 Feb 2019 00:31:04 -0500 Received: from sol.localdomain (c-107-3-167-184.hsd1.ca.comcast.net [107.3.167.184]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3343921848; Thu, 21 Feb 2019 05:31:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1550727063; bh=r/750kU+RajtSgc4JeJzMXO/+77Fx8fBlrSa4+BuTi0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Jzb0Q2QP/XXuqB3UMpmyVPi4fYXDXbbFp6lEnTb3YK0JLupGwWQYadbnDcLnlttW/ /7RZB9Or1T0464438T129g0yqLJLkT0vTAOmcq+YB1edcnwRVq/TA892KAXGCImVnF edr48cndvIE3ZcF60co7P4jSqU1kGAGNdgJ7emOU= From: Eric Biggers To: ltp@lists.linux.it Cc: linux-crypto@vger.kernel.org Subject: [PATCH 5/6] crypto/af_alg04: new regression test for vmac race conditions Date: Wed, 20 Feb 2019 21:30:25 -0800 Message-Id: <20190221053026.18489-6-ebiggers@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190221053026.18489-1-ebiggers@kernel.org> References: <20190221053026.18489-1-ebiggers@kernel.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers Signed-off-by: Eric Biggers --- testcases/kernel/crypto/.gitignore | 1 + testcases/kernel/crypto/af_alg04.c | 56 ++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 testcases/kernel/crypto/af_alg04.c diff --git a/testcases/kernel/crypto/.gitignore b/testcases/kernel/crypto/.gitignore index 3e7936fc94..df6b7e73cb 100644 --- a/testcases/kernel/crypto/.gitignore +++ b/testcases/kernel/crypto/.gitignore @@ -1,5 +1,6 @@ af_alg01 af_alg02 af_alg03 +af_alg04 pcrypt_aead01 crypto_user01 diff --git a/testcases/kernel/crypto/af_alg04.c b/testcases/kernel/crypto/af_alg04.c new file mode 100644 index 0000000000..b8e494b870 --- /dev/null +++ b/testcases/kernel/crypto/af_alg04.c @@ -0,0 +1,56 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2019 Google LLC + */ + +/* + * Regression test for commit bb2964810233 ("crypto: vmac - separate tfm and + * request context"). This test verifies that a VMAC transform can be used by + * multiple concurrent hash requests without crashing the kernel. Based on the + * reproducer from the commit message. + */ + +#include + +#include "tst_test.h" +#include "tst_af_alg.h" + +static void run(void) +{ + int algfd, reqfd; + char buf[256] = { 0 }; + pid_t pid; + int status; + int i; + + if (tst_have_alg("hash", "vmac64(aes)")) + algfd = tst_alg_setup("hash", "vmac64(aes)", NULL, 16); + else + algfd = tst_alg_setup("hash", "vmac(aes)", NULL, 16); + + pid = SAFE_FORK(); + + reqfd = tst_alg_accept(algfd); + + for (i = 0; i < 500000; i++) + SAFE_WRITE(1, reqfd, buf, sizeof(buf)); + + close(reqfd); + + if (pid != 0) { + SAFE_WAIT(&status); + if (WIFEXITED(status) && WEXITSTATUS(status) == 0) + tst_res(TPASS, "didn't crash"); + else if (WIFSIGNALED(status) && WTERMSIG(status) == SIGKILL) + tst_res(TFAIL, "crashed"); + else + tst_brk(TBROK, "child %s", tst_strstatus(status)); + + close(algfd); + } +} + +static struct tst_test test = { + .test_all = run, + .forks_child = 1, +}; From patchwork Thu Feb 21 05:30:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10823157 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D5E0113A4 for ; Thu, 21 Feb 2019 05:31:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C44752F3F6 for ; Thu, 21 Feb 2019 05:31:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B8E272F42A; Thu, 21 Feb 2019 05:31:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6182B2F3F6 for ; Thu, 21 Feb 2019 05:31:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725648AbfBUFbE (ORCPT ); Thu, 21 Feb 2019 00:31:04 -0500 Received: from mail.kernel.org ([198.145.29.99]:58310 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725831AbfBUFbD (ORCPT ); Thu, 21 Feb 2019 00:31:03 -0500 Received: from sol.localdomain (c-107-3-167-184.hsd1.ca.comcast.net [107.3.167.184]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6C796218D8; Thu, 21 Feb 2019 05:31:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1550727063; bh=gQPCOSJfsWJewBTLoBTcQ/3QKXLvlRPr+402AgwnCck=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=i/887sRV22xugyTL64VrtEiFT7N4X8Sh4JDZAAOddSKUrNXHiGrecQoJCrAUtOs7H 7UXULf3weGB07LTyJq4ms4ui0nB0KWdKMMVV28QOvuxF9/4D3nZIlSqA+vKg/Xn8FX GnnLyPlR2e1LBnysvEIg0AXF1DF+/wB9DwpoY8Ss= From: Eric Biggers To: ltp@lists.linux.it Cc: linux-crypto@vger.kernel.org Subject: [PATCH 6/6] crypto/af_alg05: new regression test for skcipher_walk error bug Date: Wed, 20 Feb 2019 21:30:26 -0800 Message-Id: <20190221053026.18489-7-ebiggers@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190221053026.18489-1-ebiggers@kernel.org> References: <20190221053026.18489-1-ebiggers@kernel.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers Signed-off-by: Eric Biggers --- testcases/kernel/crypto/.gitignore | 1 + testcases/kernel/crypto/af_alg05.c | 43 ++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 testcases/kernel/crypto/af_alg05.c diff --git a/testcases/kernel/crypto/.gitignore b/testcases/kernel/crypto/.gitignore index df6b7e73cb..17faf3eefc 100644 --- a/testcases/kernel/crypto/.gitignore +++ b/testcases/kernel/crypto/.gitignore @@ -2,5 +2,6 @@ af_alg01 af_alg02 af_alg03 af_alg04 +af_alg05 pcrypt_aead01 crypto_user01 diff --git a/testcases/kernel/crypto/af_alg05.c b/testcases/kernel/crypto/af_alg05.c new file mode 100644 index 0000000000..419c65eabd --- /dev/null +++ b/testcases/kernel/crypto/af_alg05.c @@ -0,0 +1,43 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright 2019 Google LLC + */ + +/* + * Regression test for commit 8088d3dd4d7c ("crypto: skcipher - fix crash + * flushing dcache in error path"). This test verifies the kernel doesn't crash + * when trying to encrypt a message with size not aligned to the block cipher's + * block size, and where the destination buffer starts exactly at a page + * boundary. Based on the reproducer from the commit message. Note that this + * issue only reproduces on certain architectures, such as arm and arm64. + */ + +#include + +#include "tst_test.h" +#include "tst_af_alg.h" + +static void run(void) +{ + char buffer[4096] __attribute__((aligned(4096))) = { 0 }; + int reqfd; + + reqfd = tst_alg_setup_reqfd("skcipher", "cbc(aes-generic)", NULL, 16); + + SAFE_WRITE(1, reqfd, buffer, 15); + /* with the bug, this crashed the kernel on some architectures */ + TEST(read(reqfd, buffer, 15)); + + if (TST_RET == 0) + tst_res(TBROK, "read() unexpectedly succeeded"); + else if (TST_ERR == EINVAL) + tst_res(TPASS, "read() expectedly failed with EINVAL"); + else + tst_res(TBROK | TTERRNO, "read() failed with unexpected error"); + + close(reqfd); +} + +static struct tst_test test = { + .test_all = run, +};