From: Eric Biggers <ebiggers@kernel.org>
To: ltp@lists.linux.it
Cc: linux-crypto@vger.kernel.org
Subject: [PATCH v2 2/6] crypto/af_alg01: new regression test for hmac nesting bug
Date: Mon, 18 Mar 2019 10:13:23 -0700 [thread overview]
Message-ID: <20190318171327.237014-3-ebiggers@kernel.org> (raw)
In-Reply-To: <20190318171327.237014-1-ebiggers@kernel.org>
From: Eric Biggers <ebiggers@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
runtest/crypto | 1 +
runtest/cve | 1 +
testcases/kernel/crypto/.gitignore | 1 +
testcases/kernel/crypto/af_alg01.c | 78 ++++++++++++++++++++++++++++++
4 files changed, 81 insertions(+)
create mode 100644 testcases/kernel/crypto/af_alg01.c
diff --git a/runtest/crypto b/runtest/crypto
index cdbc44cc8..45c8cdd2d 100644
--- a/runtest/crypto
+++ b/runtest/crypto
@@ -1,2 +1,3 @@
+af_alg01 af_alg01
pcrypt_aead01 pcrypt_aead01
crypto_user01 crypto_user01
diff --git a/runtest/cve b/runtest/cve
index 8f38045e9..f46c400cc 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -27,6 +27,7 @@ cve-2017-15299 request_key03 -b cve-2017-15299
cve-2017-15537 ptrace07
cve-2017-15649 fanout01
cve-2017-15951 request_key03 -b cve-2017-15951
+cve-2017-17806 af_alg01
cve-2017-17807 request_key04
cve-2017-1000364 stack_clash
cve-2017-5754 meltdown
diff --git a/testcases/kernel/crypto/.gitignore b/testcases/kernel/crypto/.gitignore
index 759592fbd..998af1728 100644
--- a/testcases/kernel/crypto/.gitignore
+++ b/testcases/kernel/crypto/.gitignore
@@ -1,2 +1,3 @@
+af_alg01
pcrypt_aead01
crypto_user01
diff --git a/testcases/kernel/crypto/af_alg01.c b/testcases/kernel/crypto/af_alg01.c
new file mode 100644
index 000000000..1ce0e2508
--- /dev/null
+++ b/testcases/kernel/crypto/af_alg01.c
@@ -0,0 +1,78 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright 2019 Google LLC
+ */
+
+/*
+ * Regression test for commit af3ff8045bbf ("crypto: hmac - require that the
+ * underlying hash algorithm is unkeyed"), or CVE-2017-17806. This test
+ * verifies that the hmac template cannot be nested inside itself.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+
+#include "tst_test.h"
+#include "tst_af_alg.h"
+
+static void test_with_hash_alg(const char *hash_algname)
+{
+ char hmac_algname[64];
+ char key[4096] = { 0 };
+
+ if (!tst_have_alg("hash", hash_algname)) {
+ tst_res(TCONF, "kernel doesn't have hash algorithm '%s'",
+ hash_algname);
+ return;
+ }
+ sprintf(hmac_algname, "hmac(%s)", hash_algname);
+ if (!tst_have_alg("hash", hmac_algname)) {
+ tst_res(TCONF, "kernel doesn't have hash algorithm '%s'",
+ hmac_algname);
+ return;
+ }
+
+ sprintf(hmac_algname, "hmac(hmac(%s))", hash_algname);
+ if (tst_have_alg("hash", hmac_algname)) {
+ int algfd;
+
+ tst_res(TFAIL, "instantiated nested hmac algorithm ('%s')!",
+ hmac_algname);
+
+ /*
+ * Be extra annoying; with the bug, setting a key on
+ * "hmac(hmac(sha3-256-generic))" crashed the kernel.
+ */
+ algfd = tst_alg_setup("hash", hmac_algname, NULL, 0);
+ if (setsockopt(algfd, SOL_ALG, ALG_SET_KEY,
+ key, sizeof(key)) == 0) {
+ tst_res(TFAIL,
+ "set key on nested hmac algorithm ('%s')!",
+ hmac_algname);
+ }
+ } else {
+ tst_res(TPASS,
+ "couldn't instantiate nested hmac algorithm ('%s')",
+ hmac_algname);
+ }
+}
+
+/* try several different unkeyed hash algorithms */
+static const char * const hash_algs[] = {
+ "md5", "md5-generic",
+ "sha1", "sha1-generic",
+ "sha224", "sha224-generic",
+ "sha256", "sha256-generic",
+ "sha3-256", "sha3-256-generic",
+ "sha3-512", "sha3-512-generic",
+};
+
+static void do_test(unsigned int i)
+{
+ test_with_hash_alg(hash_algs[i]);
+}
+
+static struct tst_test test = {
+ .test = do_test,
+ .tcnt = ARRAY_SIZE(hash_algs),
+};
--
2.21.0.225.g810b269d1ac-goog
WARNING: multiple messages have this Message-ID (diff)
From: Eric Biggers <ebiggers@kernel.org>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v2 2/6] crypto/af_alg01: new regression test for hmac nesting bug
Date: Mon, 18 Mar 2019 10:13:23 -0700 [thread overview]
Message-ID: <20190318171327.237014-3-ebiggers@kernel.org> (raw)
In-Reply-To: <20190318171327.237014-1-ebiggers@kernel.org>
From: Eric Biggers <ebiggers@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
runtest/crypto | 1 +
runtest/cve | 1 +
testcases/kernel/crypto/.gitignore | 1 +
testcases/kernel/crypto/af_alg01.c | 78 ++++++++++++++++++++++++++++++
4 files changed, 81 insertions(+)
create mode 100644 testcases/kernel/crypto/af_alg01.c
diff --git a/runtest/crypto b/runtest/crypto
index cdbc44cc8..45c8cdd2d 100644
--- a/runtest/crypto
+++ b/runtest/crypto
@@ -1,2 +1,3 @@
+af_alg01 af_alg01
pcrypt_aead01 pcrypt_aead01
crypto_user01 crypto_user01
diff --git a/runtest/cve b/runtest/cve
index 8f38045e9..f46c400cc 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -27,6 +27,7 @@ cve-2017-15299 request_key03 -b cve-2017-15299
cve-2017-15537 ptrace07
cve-2017-15649 fanout01
cve-2017-15951 request_key03 -b cve-2017-15951
+cve-2017-17806 af_alg01
cve-2017-17807 request_key04
cve-2017-1000364 stack_clash
cve-2017-5754 meltdown
diff --git a/testcases/kernel/crypto/.gitignore b/testcases/kernel/crypto/.gitignore
index 759592fbd..998af1728 100644
--- a/testcases/kernel/crypto/.gitignore
+++ b/testcases/kernel/crypto/.gitignore
@@ -1,2 +1,3 @@
+af_alg01
pcrypt_aead01
crypto_user01
diff --git a/testcases/kernel/crypto/af_alg01.c b/testcases/kernel/crypto/af_alg01.c
new file mode 100644
index 000000000..1ce0e2508
--- /dev/null
+++ b/testcases/kernel/crypto/af_alg01.c
@@ -0,0 +1,78 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright 2019 Google LLC
+ */
+
+/*
+ * Regression test for commit af3ff8045bbf ("crypto: hmac - require that the
+ * underlying hash algorithm is unkeyed"), or CVE-2017-17806. This test
+ * verifies that the hmac template cannot be nested inside itself.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+
+#include "tst_test.h"
+#include "tst_af_alg.h"
+
+static void test_with_hash_alg(const char *hash_algname)
+{
+ char hmac_algname[64];
+ char key[4096] = { 0 };
+
+ if (!tst_have_alg("hash", hash_algname)) {
+ tst_res(TCONF, "kernel doesn't have hash algorithm '%s'",
+ hash_algname);
+ return;
+ }
+ sprintf(hmac_algname, "hmac(%s)", hash_algname);
+ if (!tst_have_alg("hash", hmac_algname)) {
+ tst_res(TCONF, "kernel doesn't have hash algorithm '%s'",
+ hmac_algname);
+ return;
+ }
+
+ sprintf(hmac_algname, "hmac(hmac(%s))", hash_algname);
+ if (tst_have_alg("hash", hmac_algname)) {
+ int algfd;
+
+ tst_res(TFAIL, "instantiated nested hmac algorithm ('%s')!",
+ hmac_algname);
+
+ /*
+ * Be extra annoying; with the bug, setting a key on
+ * "hmac(hmac(sha3-256-generic))" crashed the kernel.
+ */
+ algfd = tst_alg_setup("hash", hmac_algname, NULL, 0);
+ if (setsockopt(algfd, SOL_ALG, ALG_SET_KEY,
+ key, sizeof(key)) == 0) {
+ tst_res(TFAIL,
+ "set key on nested hmac algorithm ('%s')!",
+ hmac_algname);
+ }
+ } else {
+ tst_res(TPASS,
+ "couldn't instantiate nested hmac algorithm ('%s')",
+ hmac_algname);
+ }
+}
+
+/* try several different unkeyed hash algorithms */
+static const char * const hash_algs[] = {
+ "md5", "md5-generic",
+ "sha1", "sha1-generic",
+ "sha224", "sha224-generic",
+ "sha256", "sha256-generic",
+ "sha3-256", "sha3-256-generic",
+ "sha3-512", "sha3-512-generic",
+};
+
+static void do_test(unsigned int i)
+{
+ test_with_hash_alg(hash_algs[i]);
+}
+
+static struct tst_test test = {
+ .test = do_test,
+ .tcnt = ARRAY_SIZE(hash_algs),
+};
--
2.21.0.225.g810b269d1ac-goog
next prev parent reply other threads:[~2019-03-18 17:14 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-18 17:13 [PATCH v2 0/6] ltp: AF_ALG test helpers and a few regression tests Eric Biggers
2019-03-18 17:13 ` [LTP] " Eric Biggers
2019-03-18 17:13 ` [PATCH v2 1/6] lib: add tst_af_alg lib Eric Biggers
2019-03-18 17:13 ` [LTP] " Eric Biggers
2019-03-18 17:13 ` Eric Biggers [this message]
2019-03-18 17:13 ` [LTP] [PATCH v2 2/6] crypto/af_alg01: new regression test for hmac nesting bug Eric Biggers
2019-03-18 17:13 ` [PATCH v2 3/6] crypto/af_alg02: new regression test for salsa20 empty message bug Eric Biggers
2019-03-18 17:13 ` [LTP] " Eric Biggers
2019-03-18 17:13 ` [PATCH v2 4/6] crypto/af_alg03: new regression test for rfc7539 hash alg validation Eric Biggers
2019-03-18 17:13 ` [LTP] " Eric Biggers
2019-03-18 17:13 ` [PATCH v2 5/6] crypto/af_alg04: new regression test for vmac race conditions Eric Biggers
2019-03-18 17:13 ` [LTP] " Eric Biggers
2019-03-18 17:13 ` [PATCH v2 6/6] crypto/af_alg05: new regression test for skcipher_walk error bug Eric Biggers
2019-03-18 17:13 ` [LTP] " Eric Biggers
2019-03-18 18:27 ` [LTP] [PATCH v2 0/6] ltp: AF_ALG test helpers and a few regression tests Petr Vorel
2019-03-18 18:27 ` Petr Vorel
2019-03-18 19:10 ` Petr Vorel
2019-03-18 19:10 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190318171327.237014-3-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.