Hi, I was attempting to get some fuzzing going for the RFC3686 AEAD ciphers I'm adding to the inside-secure driver, and I noticed some more things besides what I mentioned below: 1) If there is no test suite, but the entry does point to something other then alg_test_null, then fuzzing is still not performed if there is no test suite, as all of the alg_test_xxx routines first check for suite->count being > 0 and exit due to count being 0 in this case. I would think that if there are no reference vectors, then fuzzing against the generic implementation (if enabled) is the very least you can do? 2) The AEAD fuzzing routine attempts to determine the maximum key size by actually scanning the test suite. So if there is no test suite, this will remain at zero and the AEAD fuzzing routine will still exit without performing any tests because of this. Isn't there a better way to determine the maximum key size for AEAD ciphers? 3) The AEAD fuzzing vector generation generates fully random keydata that is <= maxlen. However, for AEAD ciphers, the key blob is actually some RTA struct containing length fields and types. Which means that most of the time, it will simply be generating illegal key blobs and you are merely testing whether both implementations correctly flag the key as illegal. (for which they likely use the same crypto_authenc_extractkeys subroutine, so that check probably/likely always passes - and therefore is not very useful) Regards, Pascal van Leeuwen Silicon IP Architect, Multi-Protocol Engines @ Verimatrix www.insidesecure.com > -----Original Message----- > From: linux-crypto-owner@xxxxxxxxxxxxxxx <linux-crypto-owner@xxxxxxxxxxxxxxx> On Behalf Of Pascal Van Leeuwen > Sent: Wednesday, July 3, 2019 11:51 PM > To: linux-crypto@xxxxxxxxxxxxxxx > Subject: testmgr question > > Hi, > > I'm currently busy adding support for some AES-CTR based authenticated encryption suites to the > inside-secure driver, and I got the distinct impression they were silently not getting tested at all. > > Looking at testmgr.c, I noticed that they point to alg_test_null, confirming my suspicion. > I was wondering whether this was intentional and, if so, why that is the case? > > I get that there are no reference vectors for these ciphersuites yet, but that shouldn't stop > testmgr from at least fuzzing the ciphersuite against the reference implementation? > > Regards, > Pascal van Leeuwen > Silicon IP Architect, Multi-Protocol Engines @ Verimatrix > www.insidesecure.com
