diff options
| author | Eric Biggers <ebiggers@google.com> | 2019-04-12 00:57:36 -0400 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2019-04-18 10:15:03 -0400 |
| commit | 5283a8ee9badf699bd4a5a622011f9d4d50fecde (patch) | |
| tree | ed17500760d781ec80bd9e38aba058bc5a0fdb6b /crypto/testmgr.c | |
| parent | be08f0c681a8469f2537f04de76e73a68c9c96e1 (diff) | |
crypto: testmgr - expand ability to test for errors
Update testmgr to support testing for specific errors from setkey() and
digest() for hashes; setkey() and encrypt()/decrypt() for skciphers and
ciphers; and setkey(), setauthsize(), and encrypt()/decrypt() for AEADs.
This is useful because algorithms usually restrict the lengths or format
of the message, key, and/or authentication tag in some way. And bad
inputs should be tested too, not just good inputs.
As part of this change, remove the ambiguously-named 'fail' flag and
replace it with 'setkey_error = -EINVAL' for the only test vector that
used it -- the DES weak key test vector. Note that this tightens the
test to require -EINVAL rather than any error code, but AFAICS this
won't cause any test failure.
Other than that, these new fields aren't set on any test vectors yet.
Later patches will do so.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/testmgr.c')
| -rw-r--r-- | crypto/testmgr.c | 134 |
1 files changed, 89 insertions, 45 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 3e16be68792d..675446157721 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c | |||
| @@ -971,11 +971,18 @@ static int test_hash_vec_cfg(const char *driver, | |||
| 971 | if (vec->ksize) { | 971 | if (vec->ksize) { |
| 972 | err = crypto_ahash_setkey(tfm, vec->key, vec->ksize); | 972 | err = crypto_ahash_setkey(tfm, vec->key, vec->ksize); |
| 973 | if (err) { | 973 | if (err) { |
| 974 | pr_err("alg: hash: %s setkey failed with err %d on test vector %u; flags=%#x\n", | 974 | if (err == vec->setkey_error) |
| 975 | driver, err, vec_num, | 975 | return 0; |
| 976 | pr_err("alg: hash: %s setkey failed on test vector %u; expected_error=%d, actual_error=%d, flags=%#x\n", | ||
| 977 | driver, vec_num, vec->setkey_error, err, | ||
| 976 | crypto_ahash_get_flags(tfm)); | 978 | crypto_ahash_get_flags(tfm)); |
| 977 | return err; | 979 | return err; |
| 978 | } | 980 | } |
| 981 | if (vec->setkey_error) { | ||
| 982 | pr_err("alg: hash: %s setkey unexpectedly succeeded on test vector %u; expected_error=%d\n", | ||
| 983 | driver, vec_num, vec->setkey_error); | ||
| 984 | return -EINVAL; | ||
| 985 | } | ||
| 979 | } | 986 | } |
| 980 | 987 | ||
| 981 | /* Build the scatterlist for the source data */ | 988 | /* Build the scatterlist for the source data */ |
| @@ -995,17 +1002,26 @@ static int test_hash_vec_cfg(const char *driver, | |||
| 995 | testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm)); | 1002 | testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm)); |
| 996 | testmgr_poison(result, digestsize + TESTMGR_POISON_LEN); | 1003 | testmgr_poison(result, digestsize + TESTMGR_POISON_LEN); |
| 997 | 1004 | ||
| 998 | if (cfg->finalization_type == FINALIZATION_TYPE_DIGEST) { | 1005 | if (cfg->finalization_type == FINALIZATION_TYPE_DIGEST || |
| 1006 | vec->digest_error) { | ||
| 999 | /* Just using digest() */ | 1007 | /* Just using digest() */ |
| 1000 | ahash_request_set_callback(req, req_flags, crypto_req_done, | 1008 | ahash_request_set_callback(req, req_flags, crypto_req_done, |
| 1001 | &wait); | 1009 | &wait); |
| 1002 | ahash_request_set_crypt(req, tsgl->sgl, result, vec->psize); | 1010 | ahash_request_set_crypt(req, tsgl->sgl, result, vec->psize); |
| 1003 | err = do_ahash_op(crypto_ahash_digest, req, &wait, cfg->nosimd); | 1011 | err = do_ahash_op(crypto_ahash_digest, req, &wait, cfg->nosimd); |
| 1004 | if (err) { | 1012 | if (err) { |
| 1005 | pr_err("alg: hash: %s digest() failed with err %d on test vector %u, cfg=\"%s\"\n", | 1013 | if (err == vec->digest_error) |
| 1006 | driver, err, vec_num, cfg->name); | 1014 | return 0; |
| 1015 | pr_err("alg: hash: %s digest() failed on test vector %u; expected_error=%d, actual_error=%d, cfg=\"%s\"\n", | ||
| 1016 | driver, vec_num, vec->digest_error, err, | ||
| 1017 | cfg->name); | ||
| 1007 | return err; | 1018 | return err; |
| 1008 | } | 1019 | } |
| 1020 | if (vec->digest_error) { | ||
| 1021 | pr_err("alg: hash: %s digest() unexpectedly succeeded on test vector %u; expected_error=%d, cfg=\"%s\"\n", | ||
| 1022 | driver, vec_num, vec->digest_error, cfg->name); | ||
| 1023 | return -EINVAL; | ||
| 1024 | } | ||
| 1009 | goto result_ready; | 1025 | goto result_ready; |
| 1010 | } | 1026 | } |
| 1011 | 1027 | ||
| @@ -1262,6 +1278,7 @@ static int test_aead_vec_cfg(const char *driver, int enc, | |||
| 1262 | cfg->iv_offset + | 1278 | cfg->iv_offset + |
| 1263 | (cfg->iv_offset_relative_to_alignmask ? alignmask : 0); | 1279 | (cfg->iv_offset_relative_to_alignmask ? alignmask : 0); |
| 1264 | struct kvec input[2]; | 1280 | struct kvec input[2]; |
| 1281 | int expected_error; | ||
| 1265 | int err; | 1282 | int err; |
| 1266 | 1283 | ||
| 1267 | /* Set the key */ | 1284 | /* Set the key */ |
| @@ -1270,26 +1287,33 @@ static int test_aead_vec_cfg(const char *driver, int enc, | |||
| 1270 | else | 1287 | else |
| 1271 | crypto_aead_clear_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); | 1288 | crypto_aead_clear_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); |
| 1272 | err = crypto_aead_setkey(tfm, vec->key, vec->klen); | 1289 | err = crypto_aead_setkey(tfm, vec->key, vec->klen); |
| 1273 | if (err) { | 1290 | if (err && err != vec->setkey_error) { |
| 1274 | if (vec->fail) /* expectedly failed to set key? */ | 1291 | pr_err("alg: aead: %s setkey failed on test vector %u; expected_error=%d, actual_error=%d, flags=%#x\n", |
| 1275 | return 0; | 1292 | driver, vec_num, vec->setkey_error, err, |
| 1276 | pr_err("alg: aead: %s setkey failed with err %d on test vector %u; flags=%#x\n", | 1293 | crypto_aead_get_flags(tfm)); |
| 1277 | driver, err, vec_num, crypto_aead_get_flags(tfm)); | ||
| 1278 | return err; | 1294 | return err; |
| 1279 | } | 1295 | } |
| 1280 | if (vec->fail) { | 1296 | if (!err && vec->setkey_error) { |
| 1281 | pr_err("alg: aead: %s setkey unexpectedly succeeded on test vector %u\n", | 1297 | pr_err("alg: aead: %s setkey unexpectedly succeeded on test vector %u; expected_error=%d\n", |
| 1282 | driver, vec_num); | 1298 | driver, vec_num, vec->setkey_error); |
| 1283 | return -EINVAL; | 1299 | return -EINVAL; |
| 1284 | } | 1300 | } |
| 1285 | 1301 | ||
| 1286 | /* Set the authentication tag size */ | 1302 | /* Set the authentication tag size */ |
| 1287 | err = crypto_aead_setauthsize(tfm, authsize); | 1303 | err = crypto_aead_setauthsize(tfm, authsize); |
| 1288 | if (err) { | 1304 | if (err && err != vec->setauthsize_error) { |
| 1289 | pr_err("alg: aead: %s setauthsize failed with err %d on test vector %u\n", | 1305 | pr_err("alg: aead: %s setauthsize failed on test vector %u; expected_error=%d, actual_error=%d\n", |
| 1290 | driver, err, vec_num); | 1306 | driver, vec_num, vec->setauthsize_error, err); |
| 1291 | return err; | 1307 | return err; |
| 1292 | } | 1308 | } |
| 1309 | if (!err && vec->setauthsize_error) { | ||
| 1310 | pr_err("alg: aead: %s setauthsize unexpectedly succeeded on test vector %u; expected_error=%d\n", | ||
| 1311 | driver, vec_num, vec->setauthsize_error); | ||
| 1312 | return -EINVAL; | ||
| 1313 | } | ||
| 1314 | |||
| 1315 | if (vec->setkey_error || vec->setauthsize_error) | ||
| 1316 | return 0; | ||
| 1293 | 1317 | ||
| 1294 | /* The IV must be copied to a buffer, as the algorithm may modify it */ | 1318 | /* The IV must be copied to a buffer, as the algorithm may modify it */ |
| 1295 | if (WARN_ON(ivsize > MAX_IVLEN)) | 1319 | if (WARN_ON(ivsize > MAX_IVLEN)) |
| @@ -1328,18 +1352,6 @@ static int test_aead_vec_cfg(const char *driver, int enc, | |||
| 1328 | if (cfg->nosimd) | 1352 | if (cfg->nosimd) |
| 1329 | crypto_reenable_simd_for_test(); | 1353 | crypto_reenable_simd_for_test(); |
| 1330 | err = crypto_wait_req(err, &wait); | 1354 | err = crypto_wait_req(err, &wait); |
| 1331 | if (err) { | ||
| 1332 | if (err == -EBADMSG && vec->novrfy) | ||
| 1333 | return 0; | ||
| 1334 | pr_err("alg: aead: %s %s failed with err %d on test vector %u, cfg=\"%s\"\n", | ||
| 1335 | driver, op, err, vec_num, cfg->name); | ||
| 1336 | return err; | ||
| 1337 | } | ||
| 1338 | if (vec->novrfy) { | ||
| 1339 | pr_err("alg: aead: %s %s unexpectedly succeeded on test vector %u, cfg=\"%s\"\n", | ||
| 1340 | driver, op, vec_num, cfg->name); | ||
| 1341 | return -EINVAL; | ||
| 1342 | } | ||
| 1343 | 1355 | ||
| 1344 | /* Check that the algorithm didn't overwrite things it shouldn't have */ | 1356 | /* Check that the algorithm didn't overwrite things it shouldn't have */ |
| 1345 | if (req->cryptlen != (enc ? vec->plen : vec->clen) || | 1357 | if (req->cryptlen != (enc ? vec->plen : vec->clen) || |
| @@ -1385,6 +1397,21 @@ static int test_aead_vec_cfg(const char *driver, int enc, | |||
| 1385 | return -EINVAL; | 1397 | return -EINVAL; |
| 1386 | } | 1398 | } |
| 1387 | 1399 | ||
| 1400 | /* Check for success or failure */ | ||
| 1401 | expected_error = vec->novrfy ? -EBADMSG : vec->crypt_error; | ||
| 1402 | if (err) { | ||
| 1403 | if (err == expected_error) | ||
| 1404 | return 0; | ||
| 1405 | pr_err("alg: aead: %s %s failed on test vector %u; expected_error=%d, actual_error=%d, cfg=\"%s\"\n", | ||
| 1406 | driver, op, vec_num, expected_error, err, cfg->name); | ||
| 1407 | return err; | ||
| 1408 | } | ||
| 1409 | if (expected_error) { | ||
| 1410 | pr_err("alg: aead: %s %s unexpectedly succeeded on test vector %u; expected_error=%d, cfg=\"%s\"\n", | ||
| 1411 | driver, op, vec_num, expected_error, cfg->name); | ||
| 1412 | return -EINVAL; | ||
| 1413 | } | ||
| 1414 | |||
| 1388 | /* Check for the correct output (ciphertext or plaintext) */ | 1415 | /* Check for the correct output (ciphertext or plaintext) */ |
| 1389 | err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, | 1416 | err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, |
| 1390 | enc ? vec->clen : vec->plen, | 1417 | enc ? vec->clen : vec->plen, |
| @@ -1550,13 +1577,20 @@ static int test_cipher(struct crypto_cipher *tfm, int enc, | |||
| 1550 | 1577 | ||
| 1551 | ret = crypto_cipher_setkey(tfm, template[i].key, | 1578 | ret = crypto_cipher_setkey(tfm, template[i].key, |
| 1552 | template[i].klen); | 1579 | template[i].klen); |
| 1553 | if (template[i].fail == !ret) { | 1580 | if (ret) { |
| 1554 | printk(KERN_ERR "alg: cipher: setkey failed " | 1581 | if (ret == template[i].setkey_error) |
| 1555 | "on test %d for %s: flags=%x\n", j, | 1582 | continue; |
| 1556 | algo, crypto_cipher_get_flags(tfm)); | 1583 | pr_err("alg: cipher: %s setkey failed on test vector %u; expected_error=%d, actual_error=%d, flags=%#x\n", |
| 1584 | algo, j, template[i].setkey_error, ret, | ||
| 1585 | crypto_cipher_get_flags(tfm)); | ||
| 1557 | goto out; | 1586 | goto out; |
| 1558 | } else if (ret) | 1587 | } |
| 1559 | continue; | 1588 | if (template[i].setkey_error) { |
| 1589 | pr_err("alg: cipher: %s setkey unexpectedly succeeded on test vector %u; expected_error=%d\n", | ||
| 1590 | algo, j, template[i].setkey_error); | ||
| 1591 | ret = -EINVAL; | ||
| 1592 | goto out; | ||
| 1593 | } | ||
| 1560 | 1594 | ||
| 1561 | for (k = 0; k < template[i].len; | 1595 | for (k = 0; k < template[i].len; |
| 1562 | k += crypto_cipher_blocksize(tfm)) { | 1596 | k += crypto_cipher_blocksize(tfm)) { |
| @@ -1614,15 +1648,16 @@ static int test_skcipher_vec_cfg(const char *driver, int enc, | |||
| 1614 | CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); | 1648 | CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); |
| 1615 | err = crypto_skcipher_setkey(tfm, vec->key, vec->klen); | 1649 | err = crypto_skcipher_setkey(tfm, vec->key, vec->klen); |
| 1616 | if (err) { | 1650 | if (err) { |
| 1617 | if (vec->fail) /* expectedly failed to set key? */ | 1651 | if (err == vec->setkey_error) |
| 1618 | return 0; | 1652 | return 0; |
| 1619 | pr_err("alg: skcipher: %s setkey failed with err %d on test vector %u; flags=%#x\n", | 1653 | pr_err("alg: skcipher: %s setkey failed on test vector %u; expected_error=%d, actual_error=%d, flags=%#x\n", |
| 1620 | driver, err, vec_num, crypto_skcipher_get_flags(tfm)); | 1654 | driver, vec_num, vec->setkey_error, err, |
| 1655 | crypto_skcipher_get_flags(tfm)); | ||
| 1621 | return err; | 1656 | return err; |
| 1622 | } | 1657 | } |
| 1623 | if (vec->fail) { | 1658 | if (vec->setkey_error) { |
| 1624 | pr_err("alg: skcipher: %s setkey unexpectedly succeeded on test vector %u\n", | 1659 | pr_err("alg: skcipher: %s setkey unexpectedly succeeded on test vector %u; expected_error=%d\n", |
| 1625 | driver, vec_num); | 1660 | driver, vec_num, vec->setkey_error); |
| 1626 | return -EINVAL; | 1661 | return -EINVAL; |
| 1627 | } | 1662 | } |
| 1628 | 1663 | ||
| @@ -1667,11 +1702,6 @@ static int test_skcipher_vec_cfg(const char *driver, int enc, | |||
| 1667 | if (cfg->nosimd) | 1702 | if (cfg->nosimd) |
| 1668 | crypto_reenable_simd_for_test(); | 1703 | crypto_reenable_simd_for_test(); |
| 1669 | err = crypto_wait_req(err, &wait); | 1704 | err = crypto_wait_req(err, &wait); |
| 1670 | if (err) { | ||
| 1671 | pr_err("alg: skcipher: %s %s failed with err %d on test vector %u, cfg=\"%s\"\n", | ||
| 1672 | driver, op, err, vec_num, cfg->name); | ||
| 1673 | return err; | ||
| 1674 | } | ||
| 1675 | 1705 | ||
| 1676 | /* Check that the algorithm didn't overwrite things it shouldn't have */ | 1706 | /* Check that the algorithm didn't overwrite things it shouldn't have */ |
| 1677 | if (req->cryptlen != vec->len || | 1707 | if (req->cryptlen != vec->len || |
| @@ -1714,6 +1744,20 @@ static int test_skcipher_vec_cfg(const char *driver, int enc, | |||
| 1714 | return -EINVAL; | 1744 | return -EINVAL; |
| 1715 | } | 1745 | } |
| 1716 | 1746 | ||
| 1747 | /* Check for success or failure */ | ||
| 1748 | if (err) { | ||
| 1749 | if (err == vec->crypt_error) | ||
| 1750 | return 0; | ||
| 1751 | pr_err("alg: skcipher: %s %s failed on test vector %u; expected_error=%d, actual_error=%d, cfg=\"%s\"\n", | ||
| 1752 | driver, op, vec_num, vec->crypt_error, err, cfg->name); | ||
| 1753 | return err; | ||
| 1754 | } | ||
| 1755 | if (vec->crypt_error) { | ||
| 1756 | pr_err("alg: skcipher: %s %s unexpectedly succeeded on test vector %u; expected_error=%d, cfg=\"%s\"\n", | ||
| 1757 | driver, op, vec_num, vec->crypt_error, cfg->name); | ||
| 1758 | return -EINVAL; | ||
| 1759 | } | ||
| 1760 | |||
| 1717 | /* Check for the correct output (ciphertext or plaintext) */ | 1761 | /* Check for the correct output (ciphertext or plaintext) */ |
| 1718 | err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, | 1762 | err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, |
| 1719 | vec->len, 0, true); | 1763 | vec->len, 0, true); |