[PATCH 2/2] crypto: testmgr - sync both RFC4106 IV copies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



RFC4106 AEAD ciphers the AAD is the concatenation of associated
authentication data || IV || plaintext or ciphertext but the
random AEAD message generation in testmgr extended tests did
not obey this requirements producing messages with undefined
behaviours. Fix it by syncing the copies if needed.

Since this only relevant for developer only extended tests any
additional cycles/run time costs are negligible.

This fixes extended AEAD test failures with the ccree driver
caused by illegal input.

Signed-off-by: Gilad Ben-Yossef <gilad@xxxxxxxxxxxxx>
Reported-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxx>
Cc: Eric Biggers <ebiggers@xxxxxxxxxx>
---
 crypto/testmgr.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index cf565b063cdf..288f349a0cae 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -95,6 +95,11 @@ struct aead_test_suite {
 	 * AAD buffer during decryption.
 	 */
 	unsigned int esp_aad : 1;
+
+	/*
+	 * Set if the algorithm requires the IV to trail the AAD buffer.
+	 */
+	unsigned int iv_aad : 1;
 };
 
 struct cipher_test_suite {
@@ -2207,6 +2212,10 @@ static void generate_aead_message(struct aead_request *req,
 
 	/* Generate the AAD. */
 	generate_random_bytes((u8 *)vec->assoc, vec->alen);
+	/* For RFC4106 algs, a copy of the IV is part of the AAD */
+	if (suite->iv_aad)
+		memcpy(((u8 *)vec->assoc + vec->alen - ivsize), vec->iv,
+		       ivsize);
 
 	if (inauthentic && prandom_u32() % 2 == 0) {
 		/* Generate a random ciphertext. */
@@ -2247,6 +2256,14 @@ static void generate_aead_message(struct aead_request *req,
 	vec->novrfy = 1;
 	if (suite->einval_allowed)
 		vec->crypt_error = -EINVAL;
+
+	/*
+	 * For RFC4106 algs, the IV is embedded as part of the AAD
+	 * and we might have mutated the AAD so sync the copies
+	 */
+	if (suite->iv_aad)
+		memcpy((u8 *)vec->iv, (vec->assoc + vec->alen - ivsize),
+		       ivsize);
 }
 
 /*
@@ -5243,6 +5260,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 				____VECS(aes_gcm_rfc4106_tv_template),
 				.einval_allowed = 1,
 				.esp_aad = 1,
+				.iv_aad = 1,
 			}
 		}
 	}, {
@@ -5255,6 +5273,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 				____VECS(aes_ccm_rfc4309_tv_template),
 				.einval_allowed = 1,
 				.esp_aad = 1,
+				.iv_aad = 1,
 			}
 		}
 	}, {
@@ -5265,6 +5284,7 @@ static const struct alg_test_desc alg_test_descs[] = {
 			.aead = {
 				____VECS(aes_gcm_rfc4543_tv_template),
 				.einval_allowed = 1,
+				.iv_aad = 1,
 			}
 		}
 	}, {
-- 
2.25.0




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux