From da7f033ddc9fdebb3223b0bf88a2a2ab5b797608 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 31 Jul 2008 17:08:25 +0800 Subject: crypto: cryptomgr - Add test infrastructure This patch moves the newly created alg_test infrastructure into cryptomgr. This shall allow us to use it for testing at algorithm registrations. Signed-off-by: Herbert Xu --- crypto/algboss.c | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 238 insertions(+) create mode 100644 crypto/algboss.c (limited to 'crypto/algboss.c') diff --git a/crypto/algboss.c b/crypto/algboss.c new file mode 100644 index 000000000000..2662ac014841 --- /dev/null +++ b/crypto/algboss.c @@ -0,0 +1,238 @@ +/* + * Create default crypto algorithm instances. + * + * Copyright (c) 2006 Herbert Xu + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "internal.h" + +struct cryptomgr_param { + struct rtattr *tb[CRYPTO_MAX_ATTRS + 2]; + + struct { + struct rtattr attr; + struct crypto_attr_type data; + } type; + + union { + struct rtattr attr; + struct { + struct rtattr attr; + struct crypto_attr_alg data; + } alg; + struct { + struct rtattr attr; + struct crypto_attr_u32 data; + } nu32; + } attrs[CRYPTO_MAX_ATTRS]; + + char larval[CRYPTO_MAX_ALG_NAME]; + char template[CRYPTO_MAX_ALG_NAME]; +}; + +static int cryptomgr_probe(void *data) +{ + struct cryptomgr_param *param = data; + struct crypto_template *tmpl; + struct crypto_instance *inst; + int err; + + tmpl = crypto_lookup_template(param->template); + if (!tmpl) + goto err; + + do { + inst = tmpl->alloc(param->tb); + if (IS_ERR(inst)) + err = PTR_ERR(inst); + else if ((err = crypto_register_instance(tmpl, inst))) + tmpl->free(inst); + } while (err == -EAGAIN && !signal_pending(current)); + + crypto_tmpl_put(tmpl); + + if (err) + goto err; + +out: + kfree(param); + module_put_and_exit(0); + +err: + crypto_larval_error(param->larval, param->type.data.type, + param->type.data.mask); + goto out; +} + +static int cryptomgr_schedule_probe(struct crypto_larval *larval) +{ + struct task_struct *thread; + struct cryptomgr_param *param; + const char *name = larval->alg.cra_name; + const char *p; + unsigned int len; + int i; + + if (!try_module_get(THIS_MODULE)) + goto err; + + param = kzalloc(sizeof(*param), GFP_KERNEL); + if (!param) + goto err_put_module; + + for (p = name; isalnum(*p) || *p == '-' || *p == '_'; p++) + ; + + len = p - name; + if (!len || *p != '(') + goto err_free_param; + + memcpy(param->template, name, len); + + i = 0; + for (;;) { + int notnum = 0; + + name = ++p; + len = 0; + + for (; isalnum(*p) || *p == '-' || *p == '_'; p++) + notnum |= !isdigit(*p); + + if (*p == '(') { + int recursion = 0; + + for (;;) { + if (!*++p) + goto err_free_param; + if (*p == '(') + recursion++; + else if (*p == ')' && !recursion--) + break; + } + + notnum = 1; + p++; + } + + len = p - name; + if (!len) + goto err_free_param; + + if (notnum) { + param->attrs[i].alg.attr.rta_len = + sizeof(param->attrs[i].alg); + param->attrs[i].alg.attr.rta_type = CRYPTOA_ALG; + memcpy(param->attrs[i].alg.data.name, name, len); + } else { + param->attrs[i].nu32.attr.rta_len = + sizeof(param->attrs[i].nu32); + param->attrs[i].nu32.attr.rta_type = CRYPTOA_U32; + param->attrs[i].nu32.data.num = + simple_strtol(name, NULL, 0); + } + + param->tb[i + 1] = ¶m->attrs[i].attr; + i++; + + if (i >= CRYPTO_MAX_ATTRS) + goto err_free_param; + + if (*p == ')') + break; + + if (*p != ',') + goto err_free_param; + } + + if (!i) + goto err_free_param; + + param->tb[i + 1] = NULL; + + param->type.attr.rta_len = sizeof(param->type); + param->type.attr.rta_type = CRYPTOA_TYPE; + param->type.data.type = larval->alg.cra_flags; + param->type.data.mask = larval->mask; + param->tb[0] = ¶m->type.attr; + + memcpy(param->larval, larval->alg.cra_name, CRYPTO_MAX_ALG_NAME); + + thread = kthread_run(cryptomgr_probe, param, "cryptomgr"); + if (IS_ERR(thread)) + goto err_free_param; + + return NOTIFY_STOP; + +err_free_param: + kfree(param); +err_put_module: + module_put(THIS_MODULE); +err: + return NOTIFY_OK; +} + +static int cryptomgr_notify(struct notifier_block *this, unsigned long msg, + void *data) +{ + switch (msg) { + case CRYPTO_MSG_ALG_REQUEST: + return cryptomgr_schedule_probe(data); + } + + return NOTIFY_DONE; +} + +static struct notifier_block cryptomgr_notifier = { + .notifier_call = cryptomgr_notify, +}; + +static int __init cryptomgr_init(void) +{ + int err; + + err = testmgr_init(); + if (err) + return err; + + err = crypto_register_notifier(&cryptomgr_notifier); + if (err) + goto free_testmgr; + + return 0; + +free_testmgr: + testmgr_exit(); + return err; +} + +static void __exit cryptomgr_exit(void) +{ + int err = crypto_unregister_notifier(&cryptomgr_notifier); + BUG_ON(err); + + testmgr_exit(); +} + +subsys_initcall(cryptomgr_init); +module_exit(cryptomgr_exit); + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("Crypto Algorithm Manager"); -- cgit v1.2.3-58-ga151 From 73d3864a4823abda19ebc4387b6ddcbf416e3a77 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Sun, 3 Aug 2008 21:15:23 +0800 Subject: crypto: api - Use test infrastructure This patch makes use of the new testing infrastructure by requiring algorithms to pass a run-time test before they're made available to users. Signed-off-by: Herbert Xu --- crypto/algapi.c | 143 ++++++++++++++++++++++++++++++++++++++++++------- crypto/algboss.c | 75 ++++++++++++++++++++++++-- crypto/api.c | 73 +++++++++++++++++++------ crypto/internal.h | 7 ++- crypto/proc.c | 3 ++ include/linux/crypto.h | 8 +++ 6 files changed, 267 insertions(+), 42 deletions(-) (limited to 'crypto/algboss.c') diff --git a/crypto/algapi.c b/crypto/algapi.c index e9154c1347ca..7c41e7405c41 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -21,6 +21,8 @@ #include "internal.h" +static void crypto_remove_final(struct list_head *list); + static LIST_HEAD(crypto_template_list); void crypto_larval_error(const char *name, u32 type, u32 mask) @@ -126,23 +128,97 @@ static void crypto_remove_spawns(struct list_head *spawns, } } -static int __crypto_register_alg(struct crypto_alg *alg, - struct list_head *list) +static struct crypto_larval *__crypto_register_alg(struct crypto_alg *alg) { struct crypto_alg *q; + struct crypto_larval *larval; int ret = -EAGAIN; if (crypto_is_dead(alg)) - goto out; + goto err; INIT_LIST_HEAD(&alg->cra_users); + /* No cheating! */ + alg->cra_flags &= ~CRYPTO_ALG_TESTED; + ret = -EEXIST; atomic_set(&alg->cra_refcnt, 1); list_for_each_entry(q, &crypto_alg_list, cra_list) { if (q == alg) - goto out; + goto err; + + if (crypto_is_larval(q)) { + if (!strcmp(alg->cra_driver_name, q->cra_driver_name)) + goto err; + continue; + } + + if (!strcmp(q->cra_driver_name, alg->cra_name) || + !strcmp(q->cra_name, alg->cra_driver_name)) + goto err; + } + + larval = crypto_larval_alloc(alg->cra_name, + alg->cra_flags | CRYPTO_ALG_TESTED, 0); + if (IS_ERR(larval)) + goto out; + + ret = -ENOENT; + larval->adult = crypto_mod_get(alg); + if (!larval->adult) + goto free_larval; + + atomic_set(&larval->alg.cra_refcnt, 1); + memcpy(larval->alg.cra_driver_name, alg->cra_driver_name, + CRYPTO_MAX_ALG_NAME); + larval->alg.cra_priority = alg->cra_priority; + + list_add(&alg->cra_list, &crypto_alg_list); + list_add(&larval->alg.cra_list, &crypto_alg_list); + +out: + return larval; + +free_larval: + kfree(larval); +err: + larval = ERR_PTR(ret); + goto out; +} + +void crypto_alg_tested(const char *name, int err) +{ + struct crypto_larval *test; + struct crypto_alg *alg; + struct crypto_alg *q; + LIST_HEAD(list); + + down_write(&crypto_alg_sem); + list_for_each_entry(q, &crypto_alg_list, cra_list) { + if (!crypto_is_larval(q)) + continue; + + test = (struct crypto_larval *)q; + + if (!strcmp(q->cra_driver_name, name)) + goto found; + } + + printk(KERN_ERR "alg: Unexpected test result for %s: %d\n", name, err); + goto unlock; + +found: + alg = test->adult; + if (err || list_empty(&alg->cra_list)) + goto complete; + + alg->cra_flags |= CRYPTO_ALG_TESTED; + + list_for_each_entry(q, &crypto_alg_list, cra_list) { + if (q == alg) + continue; if (crypto_is_moribund(q)) continue; @@ -178,17 +254,18 @@ static int __crypto_register_alg(struct crypto_alg *alg, q->cra_priority > alg->cra_priority) continue; - crypto_remove_spawns(&q->cra_users, list, alg->cra_flags); + crypto_remove_spawns(&q->cra_users, &list, alg->cra_flags); } - - list_add(&alg->cra_list, &crypto_alg_list); - crypto_notify(CRYPTO_MSG_ALG_REGISTER, alg); - ret = 0; +complete: + complete_all(&test->completion); -out: - return ret; +unlock: + up_write(&crypto_alg_sem); + + crypto_remove_final(&list); } +EXPORT_SYMBOL_GPL(crypto_alg_tested); static void crypto_remove_final(struct list_head *list) { @@ -201,9 +278,27 @@ static void crypto_remove_final(struct list_head *list) } } +static void crypto_wait_for_test(struct crypto_larval *larval) +{ + int err; + + err = crypto_probing_notify(CRYPTO_MSG_ALG_REGISTER, larval->adult); + if (err != NOTIFY_STOP) { + if (WARN_ON(err != NOTIFY_DONE)) + goto out; + crypto_alg_tested(larval->alg.cra_driver_name, 0); + } + + err = wait_for_completion_interruptible(&larval->completion); + WARN_ON(err); + +out: + crypto_larval_kill(&larval->alg); +} + int crypto_register_alg(struct crypto_alg *alg) { - LIST_HEAD(list); + struct crypto_larval *larval; int err; err = crypto_check_alg(alg); @@ -211,11 +306,14 @@ int crypto_register_alg(struct crypto_alg *alg) return err; down_write(&crypto_alg_sem); - err = __crypto_register_alg(alg, &list); + larval = __crypto_register_alg(alg); up_write(&crypto_alg_sem); - crypto_remove_final(&list); - return err; + if (IS_ERR(larval)) + return PTR_ERR(larval); + + crypto_wait_for_test(larval); + return 0; } EXPORT_SYMBOL_GPL(crypto_register_alg); @@ -333,8 +431,8 @@ EXPORT_SYMBOL_GPL(crypto_lookup_template); int crypto_register_instance(struct crypto_template *tmpl, struct crypto_instance *inst) { - LIST_HEAD(list); - int err = -EINVAL; + struct crypto_larval *larval; + int err; err = crypto_check_alg(&inst->alg); if (err) @@ -344,8 +442,8 @@ int crypto_register_instance(struct crypto_template *tmpl, down_write(&crypto_alg_sem); - err = __crypto_register_alg(&inst->alg, &list); - if (err) + larval = __crypto_register_alg(&inst->alg); + if (IS_ERR(larval)) goto unlock; hlist_add_head(&inst->list, &tmpl->instances); @@ -354,7 +452,12 @@ int crypto_register_instance(struct crypto_template *tmpl, unlock: up_write(&crypto_alg_sem); - crypto_remove_final(&list); + err = PTR_ERR(larval); + if (IS_ERR(larval)) + goto err; + + crypto_wait_for_test(larval); + err = 0; err: return err; diff --git a/crypto/algboss.c b/crypto/algboss.c index 2662ac014841..ed9f663c82c6 100644 --- a/crypto/algboss.c +++ b/crypto/algboss.c @@ -45,6 +45,15 @@ struct cryptomgr_param { char larval[CRYPTO_MAX_ALG_NAME]; char template[CRYPTO_MAX_ALG_NAME]; + + u32 otype; + u32 omask; +}; + +struct crypto_test_param { + char driver[CRYPTO_MAX_ALG_NAME]; + char alg[CRYPTO_MAX_ALG_NAME]; + u32 type; }; static int cryptomgr_probe(void *data) @@ -76,8 +85,7 @@ out: module_put_and_exit(0); err: - crypto_larval_error(param->larval, param->type.data.type, - param->type.data.mask); + crypto_larval_error(param->larval, param->otype, param->omask); goto out; } @@ -169,13 +177,68 @@ static int cryptomgr_schedule_probe(struct crypto_larval *larval) param->type.attr.rta_len = sizeof(param->type); param->type.attr.rta_type = CRYPTOA_TYPE; - param->type.data.type = larval->alg.cra_flags; - param->type.data.mask = larval->mask; + param->type.data.type = larval->alg.cra_flags & ~CRYPTO_ALG_TESTED; + param->type.data.mask = larval->mask & ~CRYPTO_ALG_TESTED; param->tb[0] = ¶m->type.attr; + param->otype = larval->alg.cra_flags; + param->omask = larval->mask; + memcpy(param->larval, larval->alg.cra_name, CRYPTO_MAX_ALG_NAME); - thread = kthread_run(cryptomgr_probe, param, "cryptomgr"); + thread = kthread_run(cryptomgr_probe, param, "cryptomgr_probe"); + if (IS_ERR(thread)) + goto err_free_param; + + return NOTIFY_STOP; + +err_free_param: + kfree(param); +err_put_module: + module_put(THIS_MODULE); +err: + return NOTIFY_OK; +} + +static int cryptomgr_test(void *data) +{ + struct crypto_test_param *param = data; + u32 type = param->type; + int err = 0; + + if (!((type ^ CRYPTO_ALG_TYPE_BLKCIPHER) & + CRYPTO_ALG_TYPE_BLKCIPHER_MASK) && !(type & CRYPTO_ALG_GENIV)) + goto skiptest; + + if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) + goto skiptest; + + err = alg_test(param->driver, param->alg, 0, CRYPTO_ALG_TESTED); + +skiptest: + crypto_alg_tested(param->driver, err); + + kfree(param); + module_put_and_exit(0); +} + +static int cryptomgr_schedule_test(struct crypto_alg *alg) +{ + struct task_struct *thread; + struct crypto_test_param *param; + + if (!try_module_get(THIS_MODULE)) + goto err; + + param = kzalloc(sizeof(*param), GFP_KERNEL); + if (!param) + goto err_put_module; + + memcpy(param->driver, alg->cra_driver_name, sizeof(param->driver)); + memcpy(param->alg, alg->cra_name, sizeof(param->alg)); + param->type = alg->cra_flags; + + thread = kthread_run(cryptomgr_test, param, "cryptomgr_test"); if (IS_ERR(thread)) goto err_free_param; @@ -195,6 +258,8 @@ static int cryptomgr_notify(struct notifier_block *this, unsigned long msg, switch (msg) { case CRYPTO_MSG_ALG_REQUEST: return cryptomgr_schedule_probe(data); + case CRYPTO_MSG_ALG_REGISTER: + return cryptomgr_schedule_test(data); } return NOTIFY_DONE; diff --git a/crypto/api.c b/crypto/api.c index 0906cedd4521..0444d242e985 100644 --- a/crypto/api.c +++ b/crypto/api.c @@ -55,6 +55,11 @@ void crypto_mod_put(struct crypto_alg *alg) } EXPORT_SYMBOL_GPL(crypto_mod_put); +static inline int crypto_is_test_larval(struct crypto_larval *larval) +{ + return larval->alg.cra_driver_name[0]; +} + static struct crypto_alg *__crypto_alg_lookup(const char *name, u32 type, u32 mask) { @@ -71,6 +76,7 @@ static struct crypto_alg *__crypto_alg_lookup(const char *name, u32 type, continue; if (crypto_is_larval(q) && + !crypto_is_test_larval((struct crypto_larval *)q) && ((struct crypto_larval *)q)->mask != mask) continue; @@ -104,10 +110,8 @@ static void crypto_larval_destroy(struct crypto_alg *alg) kfree(larval); } -static struct crypto_alg *crypto_larval_alloc(const char *name, u32 type, - u32 mask) +struct crypto_larval *crypto_larval_alloc(const char *name, u32 type, u32 mask) { - struct crypto_alg *alg; struct crypto_larval *larval; larval = kzalloc(sizeof(*larval), GFP_KERNEL); @@ -119,10 +123,25 @@ static struct crypto_alg *crypto_larval_alloc(const char *name, u32 type, larval->alg.cra_priority = -1; larval->alg.cra_destroy = crypto_larval_destroy; - atomic_set(&larval->alg.cra_refcnt, 2); strlcpy(larval->alg.cra_name, name, CRYPTO_MAX_ALG_NAME); init_completion(&larval->completion); + return larval; +} +EXPORT_SYMBOL_GPL(crypto_larval_alloc); + +static struct crypto_alg *crypto_larval_add(const char *name, u32 type, + u32 mask) +{ + struct crypto_alg *alg; + struct crypto_larval *larval; + + larval = crypto_larval_alloc(name, type, mask); + if (IS_ERR(larval)) + return ERR_CAST(larval); + + atomic_set(&larval->alg.cra_refcnt, 2); + down_write(&crypto_alg_sem); alg = __crypto_alg_lookup(name, type, mask); if (!alg) { @@ -152,14 +171,23 @@ EXPORT_SYMBOL_GPL(crypto_larval_kill); static struct crypto_alg *crypto_larval_wait(struct crypto_alg *alg) { struct crypto_larval *larval = (void *)alg; + long timeout; + + timeout = wait_for_completion_interruptible_timeout( + &larval->completion, 60 * HZ); - wait_for_completion_interruptible_timeout(&larval->completion, 60 * HZ); alg = larval->adult; - if (alg) { - if (!crypto_mod_get(alg)) - alg = ERR_PTR(-EAGAIN); - } else + if (timeout < 0) + alg = ERR_PTR(-EINTR); + else if (!timeout) + alg = ERR_PTR(-ETIMEDOUT); + else if (!alg) alg = ERR_PTR(-ENOENT); + else if (crypto_is_test_larval(larval) && + !(alg->cra_flags & CRYPTO_ALG_TESTED)) + alg = ERR_PTR(-EAGAIN); + else if (!crypto_mod_get(alg)) + alg = ERR_PTR(-EAGAIN); crypto_mod_put(&larval->alg); return alg; @@ -192,25 +220,40 @@ struct crypto_alg *crypto_larval_lookup(const char *name, u32 type, u32 mask) if (alg) return crypto_is_larval(alg) ? crypto_larval_wait(alg) : alg; - return crypto_larval_alloc(name, type, mask); + return crypto_larval_add(name, type, mask); } EXPORT_SYMBOL_GPL(crypto_larval_lookup); +int crypto_probing_notify(unsigned long val, void *v) +{ + int ok; + + ok = blocking_notifier_call_chain(&crypto_chain, val, v); + if (ok == NOTIFY_DONE) { + request_module("cryptomgr"); + ok = blocking_notifier_call_chain(&crypto_chain, val, v); + } + + return ok; +} +EXPORT_SYMBOL_GPL(crypto_probing_notify); + struct crypto_alg *crypto_alg_mod_lookup(const char *name, u32 type, u32 mask) { struct crypto_alg *alg; struct crypto_alg *larval; int ok; + if (!(mask & CRYPTO_ALG_TESTED)) { + type |= CRYPTO_ALG_TESTED; + mask |= CRYPTO_ALG_TESTED; + } + larval = crypto_larval_lookup(name, type, mask); if (IS_ERR(larval) || !crypto_is_larval(larval)) return larval; - ok = crypto_notify(CRYPTO_MSG_ALG_REQUEST, larval); - if (ok == NOTIFY_DONE) { - request_module("cryptomgr"); - ok = crypto_notify(CRYPTO_MSG_ALG_REQUEST, larval); - } + ok = crypto_probing_notify(CRYPTO_MSG_ALG_REQUEST, larval); if (ok == NOTIFY_STOP) alg = crypto_larval_wait(larval); diff --git a/crypto/internal.h b/crypto/internal.h index 48cb70416d59..fc93743c5d3e 100644 --- a/crypto/internal.h +++ b/crypto/internal.h @@ -94,9 +94,11 @@ void crypto_exit_digest_ops(struct crypto_tfm *tfm); void crypto_exit_cipher_ops(struct crypto_tfm *tfm); void crypto_exit_compress_ops(struct crypto_tfm *tfm); +struct crypto_larval *crypto_larval_alloc(const char *name, u32 type, u32 mask); void crypto_larval_kill(struct crypto_alg *alg); struct crypto_alg *crypto_larval_lookup(const char *name, u32 type, u32 mask); void crypto_larval_error(const char *name, u32 type, u32 mask); +void crypto_alg_tested(const char *name, int err); void crypto_shoot_alg(struct crypto_alg *alg); struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, @@ -107,6 +109,7 @@ int crypto_register_instance(struct crypto_template *tmpl, int crypto_register_notifier(struct notifier_block *nb); int crypto_unregister_notifier(struct notifier_block *nb); +int crypto_probing_notify(unsigned long val, void *v); int __init testmgr_init(void); void testmgr_exit(void); @@ -142,9 +145,9 @@ static inline int crypto_is_moribund(struct crypto_alg *alg) return alg->cra_flags & (CRYPTO_ALG_DEAD | CRYPTO_ALG_DYING); } -static inline int crypto_notify(unsigned long val, void *v) +static inline void crypto_notify(unsigned long val, void *v) { - return blocking_notifier_call_chain(&crypto_chain, val, v); + blocking_notifier_call_chain(&crypto_chain, val, v); } #endif /* _CRYPTO_INTERNAL_H */ diff --git a/crypto/proc.c b/crypto/proc.c index c6ede1e9c875..1d616adead0d 100644 --- a/crypto/proc.c +++ b/crypto/proc.c @@ -46,6 +46,9 @@ static int c_show(struct seq_file *m, void *p) seq_printf(m, "module : %s\n", module_name(alg->cra_module)); seq_printf(m, "priority : %d\n", alg->cra_priority); seq_printf(m, "refcnt : %d\n", atomic_read(&alg->cra_refcnt)); + seq_printf(m, "selftest : %s\n", + (alg->cra_flags & CRYPTO_ALG_TESTED) ? + "passed" : "unknown"); switch (alg->cra_flags & (CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_LARVAL)) { case CRYPTO_ALG_TYPE_CIPHER: diff --git a/include/linux/crypto.h b/include/linux/crypto.h index 7ea0a4bc4ced..81d994a3bdaf 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -60,6 +60,14 @@ */ #define CRYPTO_ALG_GENIV 0x00000200 +/* + * Set if the algorithm has passed automated run-time testing. Note that + * if there is no run-time testing for a given algorithm it is considered + * to have passed. + */ + +#define CRYPTO_ALG_TESTED 0x00000400 + /* * Transform masks and values (for crt_flags). */ -- cgit v1.2.3-58-ga151 From 1aa4ecd95d8d67d21731a00646326a71295dafa3 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Sun, 17 Aug 2008 17:01:56 +1000 Subject: crypto: cryptomgr - Test ciphers using ECB As it is we only test ciphers when combined with a mode. That means users that do not invoke a mode of operations may get an untested cipher. This patch tests all ciphers using the ECB mode so that simple cipher users such as ansi-cprng are also protected. Signed-off-by: Herbert Xu --- crypto/algboss.c | 5 +- crypto/testmgr.c | 214 +++++++++++++++++++++++++++++++++++++++++++------------ 2 files changed, 169 insertions(+), 50 deletions(-) (limited to 'crypto/algboss.c') diff --git a/crypto/algboss.c b/crypto/algboss.c index ed9f663c82c6..4601e4267c88 100644 --- a/crypto/algboss.c +++ b/crypto/algboss.c @@ -210,10 +210,7 @@ static int cryptomgr_test(void *data) CRYPTO_ALG_TYPE_BLKCIPHER_MASK) && !(type & CRYPTO_ALG_GENIV)) goto skiptest; - if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) - goto skiptest; - - err = alg_test(param->driver, param->alg, 0, CRYPTO_ALG_TESTED); + err = alg_test(param->driver, param->alg, type, CRYPTO_ALG_TESTED); skiptest: crypto_alg_tested(param->driver, err); diff --git a/crypto/testmgr.c b/crypto/testmgr.c index e8666b3ead67..b828c6cf1b1d 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -541,8 +541,73 @@ out: return ret; } -static int test_cipher(struct crypto_ablkcipher *tfm, int enc, +static int test_cipher(struct crypto_cipher *tfm, int enc, struct cipher_testvec *template, unsigned int tcount) +{ + const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm)); + unsigned int i, j, k; + int ret; + char *q; + const char *e; + void *data; + + if (enc == ENCRYPT) + e = "encryption"; + else + e = "decryption"; + + j = 0; + for (i = 0; i < tcount; i++) { + if (template[i].np) + continue; + + j++; + + data = xbuf[0]; + memcpy(data, template[i].input, template[i].ilen); + + crypto_cipher_clear_flags(tfm, ~0); + if (template[i].wk) + crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY); + + ret = crypto_cipher_setkey(tfm, template[i].key, + template[i].klen); + if (!ret == template[i].fail) { + printk(KERN_ERR "alg: cipher: setkey failed " + "on test %d for %s: flags=%x\n", j, + algo, crypto_cipher_get_flags(tfm)); + goto out; + } else if (ret) + continue; + + for (k = 0; k < template[i].ilen; + k += crypto_cipher_blocksize(tfm)) { + if (enc) + crypto_cipher_encrypt_one(tfm, data + k, + data + k); + else + crypto_cipher_decrypt_one(tfm, data + k, + data + k); + } + + q = data; + if (memcmp(q, template[i].result, template[i].rlen)) { + printk(KERN_ERR "alg: cipher: Test %d failed " + "on %s for %s\n", j, e, algo); + hexdump(q, template[i].rlen); + ret = -EINVAL; + goto out; + } + } + + ret = 0; + +out: + return ret; +} + +static int test_skcipher(struct crypto_ablkcipher *tfm, int enc, + struct cipher_testvec *template, unsigned int tcount) { const char *algo = crypto_tfm_alg_driver_name(crypto_ablkcipher_tfm(tfm)); @@ -565,8 +630,8 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc, req = ablkcipher_request_alloc(tfm, GFP_KERNEL); if (!req) { - printk(KERN_ERR "alg: cipher: Failed to allocate request for " - "%s\n", algo); + printk(KERN_ERR "alg: skcipher: Failed to allocate request " + "for %s\n", algo); ret = -ENOMEM; goto out; } @@ -595,7 +660,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc, ret = crypto_ablkcipher_setkey(tfm, template[i].key, template[i].klen); if (!ret == template[i].fail) { - printk(KERN_ERR "alg: cipher: setkey failed " + printk(KERN_ERR "alg: skcipher: setkey failed " "on test %d for %s: flags=%x\n", j, algo, crypto_ablkcipher_get_flags(tfm)); goto out; @@ -623,7 +688,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc, } /* fall through */ default: - printk(KERN_ERR "alg: cipher: %s failed on " + printk(KERN_ERR "alg: skcipher: %s failed on " "test %d for %s: ret=%d\n", e, j, algo, -ret); goto out; @@ -631,8 +696,8 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc, q = data; if (memcmp(q, template[i].result, template[i].rlen)) { - printk(KERN_ERR "alg: cipher: Test %d failed " - "on %s for %s\n", j, e, algo); + printk(KERN_ERR "alg: skcipher: Test %d " + "failed on %s for %s\n", j, e, algo); hexdump(q, template[i].rlen); ret = -EINVAL; goto out; @@ -659,7 +724,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc, ret = crypto_ablkcipher_setkey(tfm, template[i].key, template[i].klen); if (!ret == template[i].fail) { - printk(KERN_ERR "alg: cipher: setkey failed " + printk(KERN_ERR "alg: skcipher: setkey failed " "on chunk test %d for %s: flags=%x\n", j, algo, crypto_ablkcipher_get_flags(tfm)); @@ -710,7 +775,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc, } /* fall through */ default: - printk(KERN_ERR "alg: cipher: %s failed on " + printk(KERN_ERR "alg: skcipher: %s failed on " "chunk test %d for %s: ret=%d\n", e, j, algo, -ret); goto out; @@ -724,7 +789,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc, if (memcmp(q, template[i].result + temp, template[i].tap[k])) { - printk(KERN_ERR "alg: cipher: Chunk " + printk(KERN_ERR "alg: skcipher: Chunk " "test %d failed on %s at page " "%u for %s\n", j, e, k, algo); hexdump(q, template[i].tap[k]); @@ -735,7 +800,7 @@ static int test_cipher(struct crypto_ablkcipher *tfm, int enc, for (n = 0; offset_in_page(q + n) && q[n]; n++) ; if (n) { - printk(KERN_ERR "alg: cipher: " + printk(KERN_ERR "alg: skcipher: " "Result buffer corruption in " "chunk test %d on %s at page " "%u for %s: %u bytes:\n", j, e, @@ -849,10 +914,10 @@ out: static int alg_test_cipher(const struct alg_test_desc *desc, const char *driver, u32 type, u32 mask) { - struct crypto_ablkcipher *tfm; + struct crypto_cipher *tfm; int err = 0; - tfm = crypto_alloc_ablkcipher(driver, type, mask); + tfm = crypto_alloc_cipher(driver, type, mask); if (IS_ERR(tfm)) { printk(KERN_ERR "alg: cipher: Failed to load transform for " "%s: %ld\n", driver, PTR_ERR(tfm)); @@ -870,6 +935,35 @@ static int alg_test_cipher(const struct alg_test_desc *desc, err = test_cipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs, desc->suite.cipher.dec.count); +out: + crypto_free_cipher(tfm); + return err; +} + +static int alg_test_skcipher(const struct alg_test_desc *desc, + const char *driver, u32 type, u32 mask) +{ + struct crypto_ablkcipher *tfm; + int err = 0; + + tfm = crypto_alloc_ablkcipher(driver, type, mask); + if (IS_ERR(tfm)) { + printk(KERN_ERR "alg: skcipher: Failed to load transform for " + "%s: %ld\n", driver, PTR_ERR(tfm)); + return PTR_ERR(tfm); + } + + if (desc->suite.cipher.enc.vecs) { + err = test_skcipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs, + desc->suite.cipher.enc.count); + if (err) + goto out; + } + + if (desc->suite.cipher.dec.vecs) + err = test_skcipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs, + desc->suite.cipher.dec.count); + out: crypto_free_ablkcipher(tfm); return err; @@ -920,7 +1014,7 @@ static int alg_test_hash(const struct alg_test_desc *desc, const char *driver, static const struct alg_test_desc alg_test_descs[] = { { .alg = "cbc(aes)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -935,7 +1029,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "cbc(anubis)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -950,7 +1044,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "cbc(blowfish)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -965,7 +1059,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "cbc(camellia)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -980,7 +1074,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "cbc(des)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -995,7 +1089,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "cbc(des3_ede)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1010,7 +1104,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "cbc(twofish)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1049,7 +1143,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "cts(cbc(aes))", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1079,7 +1173,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(aes)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1094,7 +1188,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(anubis)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1109,7 +1203,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(arc4)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1124,7 +1218,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(blowfish)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1139,7 +1233,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(camellia)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1154,7 +1248,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(cast5)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1169,7 +1263,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(cast6)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1184,7 +1278,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(des)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1199,7 +1293,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(des3_ede)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1214,7 +1308,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(khazad)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1229,7 +1323,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(seed)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1244,7 +1338,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(serpent)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1259,7 +1353,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(tea)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1274,7 +1368,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(tnepres)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1289,7 +1383,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(twofish)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1304,7 +1398,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(xeta)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1319,7 +1413,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "ecb(xtea)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1421,7 +1515,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "lrw(aes)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1478,7 +1572,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "pcbc(fcrypt)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1493,7 +1587,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "rfc3686(ctr(aes))", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1544,7 +1638,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "salsa20", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1663,7 +1757,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "xts(aes)", - .test = alg_test_cipher, + .test = alg_test_skcipher, .suite = { .cipher = { .enc = { @@ -1679,7 +1773,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }; -int alg_test(const char *driver, const char *alg, u32 type, u32 mask) +static int alg_find_test(const char *alg) { int start = 0; int end = ARRAY_SIZE(alg_test_descs); @@ -1698,10 +1792,38 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask) continue; } - return alg_test_descs[i].test(alg_test_descs + i, driver, - type, mask); + return i; + } + + return -1; +} + +int alg_test(const char *driver, const char *alg, u32 type, u32 mask) +{ + int i; + + if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) { + char nalg[CRYPTO_MAX_ALG_NAME]; + + if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >= + sizeof(nalg)) + return -ENAMETOOLONG; + + i = alg_find_test(nalg); + if (i < 0) + goto notest; + + return alg_test_cipher(alg_test_descs + i, driver, type, mask); } + i = alg_find_test(alg); + if (i < 0) + goto notest; + + return alg_test_descs[i].test(alg_test_descs + i, driver, + type, mask); + +notest: printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver); return 0; } -- cgit v1.2.3-58-ga151