From: Eric Biggers <ebiggers@google.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Alexander Potapenko <glider@google.com>,
linux-crypto@vger.kernel.org, Kostya Serebryany <kcc@google.com>,
keyrings@vger.kernel.org,
Andrey Konovalov <andreyknvl@google.com>
Subject: Re: x509 parsing bug + fuzzing crypto in the userspace
Date: Tue, 21 Nov 2017 12:46:28 -0800 [thread overview]
Message-ID: <20171121204628.GA56006@google.com> (raw)
In-Reply-To: <CACT4Y+b5n-G_+mjYHMzaibrMKAwXZ=SqsnK3f+Qu=uT8VN1yMQ@mail.gmail.com>
On Tue, Nov 21, 2017 at 09:00:26AM +0100, Dmitry Vyukov wrote:
> >
> > Note that separate from asymmetric_keys (which you can think of as being
> > in-between the keyrings subsystem and the crypto subsystem) there is also the
> > userspace interface to cryptographic algorithms, AF_ALG. It might be possible
> > to port a lot of the crypto API to userspace, but it would require a lot of work
> > to stub things out. Maybe a simpler improvement would be to teach syzkaller to
> > more thoroughly test AF_ALG. For example it could be made aware of algorithm
> > templates so that it could try combining them in unusual ways. (Example:
> > https://marc.info/?l=linux-crypto-vger&m=148063683310477&w=2 was a NULL pointer
> > dereference bug that occurred if you asked to use the algorithm "mcryptd(md5)",
> > i.e. the mcryptd template wrapping md5.) Also,
> > CONFIG_CRYPTO_MANAGER_DISABLE_TESTS should be unset, so that the crypto
> > self-tests are enabled.
>
>
> Can you please outline all uncovered by the current syzkaller
> descriptions parts? We should add least TODO's for them. Or maybe we
> could just resolve them right away.
>
Just focusing on the algorithm names, the syzkaller descriptions currently use a
fixed set of algorithm names:
salg_name = "cmac(aes)", "ecb(aes)", "cbc(aes)", "hmac(sha1)", [...]
But algorithm names are not just fixed strings; you can create "new" algorithms
by composing templates. For example "cmac(aes)" indicates the "cmac" template
instantiated using "aes" as the underlying block cipher. But it could also be
"cmac(des)", "cmac(blowfish)", etc. Templates can even take multiple arguments,
e.g. "gcm_base(ctr(aes),ghash)".
So ideally the descriptions would contain the list of all templates which might
be available in addition to all "primitive" algorithm names, then express that
an algorithm name has a syntax like:
alg_name -> primitive_alg_name | template_name(alg_name[,alg_name]*)
To get the list of all "primitive" algorithm names which might be available you
can run:
git grep -E '\.cra_(driver_)?name' | grep -o '".*"' | sort | uniq
It's a long list, though it doesn't distinguish between the different types of
algorithm (hash, symmetric cipher, AEAD, etc.), and not all are actually
accessible through AF_ALG. Note that it still includes names with parentheses
because a module may directly implement an algorithm like "xts(aes)", which then
may be used instead of the template version.
And to get the list of templates which might be available you can run:
git grep -A5 'struct crypto_template.*{' | grep '\.name' | grep -o '".*"' | sort
(There is probably more to improve for AF_ALG besides the algorithm names; this
is just what I happened to notice for now.)
Eric
next prev parent reply other threads:[~2017-11-21 20:46 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-20 14:10 x509 parsing bug + fuzzing crypto in the userspace Alexander Potapenko
2017-11-20 21:42 ` Eric Biggers
2017-11-21 8:00 ` Dmitry Vyukov
2017-11-21 20:46 ` Eric Biggers [this message]
2017-11-22 10:44 ` Dmitry Vyukov
2017-11-22 17:08 ` Stephan Mueller
2017-11-23 9:32 ` Dmitry Vyukov
2017-11-23 9:35 ` Dmitry Vyukov
2017-11-23 9:37 ` Dmitry Vyukov
2017-11-23 11:10 ` Stephan Mueller
2017-11-23 11:27 ` Dmitry Vyukov
2017-11-23 11:34 ` Dmitry Vyukov
2017-11-23 12:35 ` Stephan Mueller
2017-11-24 13:49 ` Dmitry Vyukov
2017-11-24 14:36 ` Stephan Mueller
2017-11-24 14:55 ` Dmitry Vyukov
2017-11-24 15:13 ` Stephan Mueller
2017-11-24 15:53 ` Dmitry Vyukov
2017-11-24 16:07 ` Stephan Mueller
2017-11-24 15:03 ` Stephan Mueller
2017-11-24 16:10 ` Dmitry Vyukov
2017-11-24 16:19 ` Stephan Mueller
2017-11-24 16:25 ` Dmitry Vyukov
2017-11-24 16:31 ` Stephan Mueller
2017-11-28 9:59 ` Dmitry Vyukov
2017-11-24 16:18 ` Dmitry Vyukov
2017-11-24 16:23 ` Stephan Mueller
2017-11-23 12:32 ` Stephan Mueller
2017-11-22 16:54 ` Stephan Mueller
2017-11-22 17:03 ` Dmitry Vyukov
2017-11-22 17:15 ` Stephan Mueller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171121204628.GA56006@google.com \
--to=ebiggers@google.com \
--cc=andreyknvl@google.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=kcc@google.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox