<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/crypto/testmgr.c, branch v4.12</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>crypto: scomp - add support for deflate rfc1950 (zlib)</title>
<updated>2017-04-24T10:11:08+00:00</updated>
<author>
<name>Giovanni Cabiddu</name>
<email>giovanni.cabiddu@intel.com</email>
</author>
<published>2017-04-21T20:54:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=a368f43d6e3a001e684e9191a27df384fbff12f5'/>
<id>a368f43d6e3a001e684e9191a27df384fbff12f5</id>
<content type='text'>
Add scomp backend for zlib-deflate compression algorithm.
This backend outputs data using the format defined in rfc1950
(raw deflate surrounded by zlib header and footer).

Signed-off-by: Giovanni Cabiddu &lt;giovanni.cabiddu@intel.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add scomp backend for zlib-deflate compression algorithm.
This backend outputs data using the format defined in rfc1950
(raw deflate surrounded by zlib header and footer).

Signed-off-by: Giovanni Cabiddu &lt;giovanni.cabiddu@intel.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: testmgr - Allow ecb(cipher_null) in FIPS mode</title>
<updated>2017-04-24T10:11:04+00:00</updated>
<author>
<name>Milan Broz</name>
<email>gmazyland@gmail.com</email>
</author>
<published>2017-04-21T11:03:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=6175ca2ba7d2c4265d6d5590d699fbd907b24708'/>
<id>6175ca2ba7d2c4265d6d5590d699fbd907b24708</id>
<content type='text'>
The cipher_null is not a real cipher, FIPS mode should not restrict its use.

It is used for several tests (for example in cryptsetup testsuite) and also
temporarily for reencryption of not yet encrypted device in cryptsetup-reencrypt tool.

Problem is easily reproducible with
  cryptsetup benchmark -c null

Signed-off-by: Milan Broz &lt;gmazyland@gmail.com&gt;
Acked-by: Stephan Müller &lt;smueller@chronox.de&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The cipher_null is not a real cipher, FIPS mode should not restrict its use.

It is used for several tests (for example in cryptsetup testsuite) and also
temporarily for reencryption of not yet encrypted device in cryptsetup-reencrypt tool.

Problem is easily reproducible with
  cryptsetup benchmark -c null

Signed-off-by: Milan Broz &lt;gmazyland@gmail.com&gt;
Acked-by: Stephan Müller &lt;smueller@chronox.de&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: testmgr - replace compression known answer test</title>
<updated>2017-04-21T12:30:50+00:00</updated>
<author>
<name>Giovanni Cabiddu</name>
<email>giovanni.cabiddu@intel.com</email>
</author>
<published>2017-04-19T13:27:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=a9943a0ad19f4a23bb5c4217df0fb37feb7ac339'/>
<id>a9943a0ad19f4a23bb5c4217df0fb37feb7ac339</id>
<content type='text'>
Compression implementations might return valid outputs that
do not match what specified in the test vectors.
For this reason, the testmgr might report that a compression
implementation failed the test even if the data produced
by the compressor is correct.
This implements a decompress-and-verify test for acomp
compression tests rather than a known answer test.

Signed-off-by: Giovanni Cabiddu &lt;giovanni.cabiddu@intel.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Compression implementations might return valid outputs that
do not match what specified in the test vectors.
For this reason, the testmgr might report that a compression
implementation failed the test even if the data produced
by the compressor is correct.
This implements a decompress-and-verify test for acomp
compression tests rather than a known answer test.

Signed-off-by: Giovanni Cabiddu &lt;giovanni.cabiddu@intel.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: testmgr - mark ctr(des3_ede) as fips_allowed</title>
<updated>2017-03-24T14:03:01+00:00</updated>
<author>
<name>Marcelo Cerri</name>
<email>marcelo.cerri@canonical.com</email>
</author>
<published>2017-03-20T20:28:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=0d8da104840ab4244fe122e5b25570aa13fb00c0'/>
<id>0d8da104840ab4244fe122e5b25570aa13fb00c0</id>
<content type='text'>
3DES is missing the fips_allowed flag for CTR mode.

Signed-off-by: Marcelo Henrique Cerri &lt;marcelo.cerri@canonical.com&gt;
Acked-by: Stephan Mueller &lt;smueller@chronox.de&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
3DES is missing the fips_allowed flag for CTR mode.

Signed-off-by: Marcelo Henrique Cerri &lt;marcelo.cerri@canonical.com&gt;
Acked-by: Stephan Mueller &lt;smueller@chronox.de&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: testmgr - constify all test vectors</title>
<updated>2017-03-09T10:34:39+00:00</updated>
<author>
<name>Eric Biggers</name>
<email>ebiggers@google.com</email>
</author>
<published>2017-02-24T23:46:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=b13b1e0c6b171b4f6ad94dd99020708719983494'/>
<id>b13b1e0c6b171b4f6ad94dd99020708719983494</id>
<content type='text'>
Cryptographic test vectors should never be modified, so constify them to
enforce this at both compile-time and run-time.  This moves a significant
amount of data from .data to .rodata when the crypto tests are enabled.

Signed-off-by: Eric Biggers &lt;ebiggers@google.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Cryptographic test vectors should never be modified, so constify them to
enforce this at both compile-time and run-time.  This moves a significant
amount of data from .data to .rodata when the crypto tests are enabled.

Signed-off-by: Eric Biggers &lt;ebiggers@google.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: testmgr - add test cases for cbcmac(aes)</title>
<updated>2017-02-11T09:50:44+00:00</updated>
<author>
<name>Ard Biesheuvel</name>
<email>ard.biesheuvel@linaro.org</email>
</author>
<published>2017-02-03T14:49:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=092acf069813a7a07371de0d05010de80d8e613b'/>
<id>092acf069813a7a07371de0d05010de80d8e613b</id>
<content type='text'>
In preparation of splitting off the CBC-MAC transform in the CCM
driver into a separate algorithm, define some test cases for the
AES incarnation of cbcmac.

Signed-off-by: Ard Biesheuvel &lt;ard.biesheuvel@linaro.org&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
In preparation of splitting off the CBC-MAC transform in the CCM
driver into a separate algorithm, define some test cases for the
AES incarnation of cbcmac.

Signed-off-by: Ard Biesheuvel &lt;ard.biesheuvel@linaro.org&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: testmgr - use calculated count for number of test vectors</title>
<updated>2017-01-13T10:47:15+00:00</updated>
<author>
<name>Ard Biesheuvel</name>
<email>ard.biesheuvel@linaro.org</email>
</author>
<published>2017-01-12T13:40:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=21c8e72037fb163b87b101724438259bc7651975'/>
<id>21c8e72037fb163b87b101724438259bc7651975</id>
<content type='text'>
When working on AES in CCM mode for ARM, my code passed the internal
tcrypt test before I had even bothered to implement the AES-192 and
AES-256 code paths, which is strange because the tcrypt does contain
AES-192 and AES-256 test vectors for CCM.

As it turned out, the define AES_CCM_ENC_TEST_VECTORS was out of sync
with the actual number of test vectors, causing only the AES-128 ones
to be executed.

So get rid of the defines, and wrap the test vector references in a
macro that calculates the number of vectors automatically.

The following test vector counts were out of sync with the respective
defines:

    BF_CTR_ENC_TEST_VECTORS          2 -&gt;  3
    BF_CTR_DEC_TEST_VECTORS          2 -&gt;  3
    TF_CTR_ENC_TEST_VECTORS          2 -&gt;  3
    TF_CTR_DEC_TEST_VECTORS          2 -&gt;  3
    SERPENT_CTR_ENC_TEST_VECTORS     2 -&gt;  3
    SERPENT_CTR_DEC_TEST_VECTORS     2 -&gt;  3
    AES_CCM_ENC_TEST_VECTORS         8 -&gt; 14
    AES_CCM_DEC_TEST_VECTORS         7 -&gt; 17
    AES_CCM_4309_ENC_TEST_VECTORS    7 -&gt; 23
    AES_CCM_4309_DEC_TEST_VECTORS   10 -&gt; 23
    CAMELLIA_CTR_ENC_TEST_VECTORS    2 -&gt;  3
    CAMELLIA_CTR_DEC_TEST_VECTORS    2 -&gt;  3

Signed-off-by: Ard Biesheuvel &lt;ard.biesheuvel@linaro.org&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When working on AES in CCM mode for ARM, my code passed the internal
tcrypt test before I had even bothered to implement the AES-192 and
AES-256 code paths, which is strange because the tcrypt does contain
AES-192 and AES-256 test vectors for CCM.

As it turned out, the define AES_CCM_ENC_TEST_VECTORS was out of sync
with the actual number of test vectors, causing only the AES-128 ones
to be executed.

So get rid of the defines, and wrap the test vector references in a
macro that calculates the number of vectors automatically.

The following test vector counts were out of sync with the respective
defines:

    BF_CTR_ENC_TEST_VECTORS          2 -&gt;  3
    BF_CTR_DEC_TEST_VECTORS          2 -&gt;  3
    TF_CTR_ENC_TEST_VECTORS          2 -&gt;  3
    TF_CTR_DEC_TEST_VECTORS          2 -&gt;  3
    SERPENT_CTR_ENC_TEST_VECTORS     2 -&gt;  3
    SERPENT_CTR_DEC_TEST_VECTORS     2 -&gt;  3
    AES_CCM_ENC_TEST_VECTORS         8 -&gt; 14
    AES_CCM_DEC_TEST_VECTORS         7 -&gt; 17
    AES_CCM_4309_ENC_TEST_VECTORS    7 -&gt; 23
    AES_CCM_4309_DEC_TEST_VECTORS   10 -&gt; 23
    CAMELLIA_CTR_ENC_TEST_VECTORS    2 -&gt;  3
    CAMELLIA_CTR_DEC_TEST_VECTORS    2 -&gt;  3

Signed-off-by: Ard Biesheuvel &lt;ard.biesheuvel@linaro.org&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: testmgr - Allocate only the required output size for hash tests</title>
<updated>2017-01-12T16:26:45+00:00</updated>
<author>
<name>Andrew Lutomirski</name>
<email>luto@kernel.org</email>
</author>
<published>2017-01-10T23:24:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=e93acd6f6778825a4e0b5a1a9b70324bf901d516'/>
<id>e93acd6f6778825a4e0b5a1a9b70324bf901d516</id>
<content type='text'>
There are some hashes (e.g. sha224) that have some internal trickery
to make sure that only the correct number of output bytes are
generated.  If something goes wrong, they could potentially overrun
the output buffer.

Make the test more robust by allocating only enough space for the
correct output size so that memory debugging will catch the error if
the output is overrun.

Tested by intentionally breaking sha224 to output all 256
internally-generated bits while running on KASAN.

Cc: Ard Biesheuvel &lt;ard.biesheuvel@linaro.org&gt;
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Andy Lutomirski &lt;luto@kernel.org&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
There are some hashes (e.g. sha224) that have some internal trickery
to make sure that only the correct number of output bytes are
generated.  If something goes wrong, they could potentially overrun
the output buffer.

Make the test more robust by allocating only enough space for the
correct output size so that memory debugging will catch the error if
the output is overrun.

Tested by intentionally breaking sha224 to output all 256
internally-generated bits while running on KASAN.

Cc: Ard Biesheuvel &lt;ard.biesheuvel@linaro.org&gt;
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Andy Lutomirski &lt;luto@kernel.org&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: testmgr - use kmemdup instead of kmalloc+memcpy</title>
<updated>2017-01-12T16:24:37+00:00</updated>
<author>
<name>Eric Biggers</name>
<email>ebiggers@google.com</email>
</author>
<published>2016-12-30T20:12:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=d2110224a66779fc2c833d2c16caa73e2e23591e'/>
<id>d2110224a66779fc2c833d2c16caa73e2e23591e</id>
<content type='text'>
It's recommended to use kmemdup instead of kmalloc followed by memcpy.

Signed-off-by: Eric Biggers &lt;ebiggers@google.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
It's recommended to use kmemdup instead of kmalloc followed by memcpy.

Signed-off-by: Eric Biggers &lt;ebiggers@google.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: testmgr - Use heap buffer for acomp test input</title>
<updated>2016-12-27T09:32:11+00:00</updated>
<author>
<name>Laura Abbott</name>
<email>labbott@redhat.com</email>
</author>
<published>2016-12-21T20:32:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=02608e02fbec04fccf2eb0cc8d8082f65c0a4286'/>
<id>02608e02fbec04fccf2eb0cc8d8082f65c0a4286</id>
<content type='text'>
Christopher Covington reported a crash on aarch64 on recent Fedora
kernels:

kernel BUG at ./include/linux/scatterlist.h:140!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 2 PID: 752 Comm: cryptomgr_test Not tainted 4.9.0-11815-ge93b1cc #162
Hardware name: linux,dummy-virt (DT)
task: ffff80007c650080 task.stack: ffff800008910000
PC is at sg_init_one+0xa0/0xb8
LR is at sg_init_one+0x24/0xb8
...
[&lt;ffff000008398db8&gt;] sg_init_one+0xa0/0xb8
[&lt;ffff000008350a44&gt;] test_acomp+0x10c/0x438
[&lt;ffff000008350e20&gt;] alg_test_comp+0xb0/0x118
[&lt;ffff00000834f28c&gt;] alg_test+0x17c/0x2f0
[&lt;ffff00000834c6a4&gt;] cryptomgr_test+0x44/0x50
[&lt;ffff0000080dac70&gt;] kthread+0xf8/0x128
[&lt;ffff000008082ec0&gt;] ret_from_fork+0x10/0x50

The test vectors used for input are part of the kernel image. These
inputs are passed as a buffer to sg_init_one which eventually blows up
with BUG_ON(!virt_addr_valid(buf)). On arm64, virt_addr_valid returns
false for the kernel image since virt_to_page will not return the
correct page. Fix this by copying the input vectors to heap buffer
before setting up the scatterlist.

Reported-by: Christopher Covington &lt;cov@codeaurora.org&gt;
Fixes: d7db7a882deb ("crypto: acomp - update testmgr with support for acomp")
Signed-off-by: Laura Abbott &lt;labbott@redhat.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Christopher Covington reported a crash on aarch64 on recent Fedora
kernels:

kernel BUG at ./include/linux/scatterlist.h:140!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 2 PID: 752 Comm: cryptomgr_test Not tainted 4.9.0-11815-ge93b1cc #162
Hardware name: linux,dummy-virt (DT)
task: ffff80007c650080 task.stack: ffff800008910000
PC is at sg_init_one+0xa0/0xb8
LR is at sg_init_one+0x24/0xb8
...
[&lt;ffff000008398db8&gt;] sg_init_one+0xa0/0xb8
[&lt;ffff000008350a44&gt;] test_acomp+0x10c/0x438
[&lt;ffff000008350e20&gt;] alg_test_comp+0xb0/0x118
[&lt;ffff00000834f28c&gt;] alg_test+0x17c/0x2f0
[&lt;ffff00000834c6a4&gt;] cryptomgr_test+0x44/0x50
[&lt;ffff0000080dac70&gt;] kthread+0xf8/0x128
[&lt;ffff000008082ec0&gt;] ret_from_fork+0x10/0x50

The test vectors used for input are part of the kernel image. These
inputs are passed as a buffer to sg_init_one which eventually blows up
with BUG_ON(!virt_addr_valid(buf)). On arm64, virt_addr_valid returns
false for the kernel image since virt_to_page will not return the
correct page. Fix this by copying the input vectors to heap buffer
before setting up the scatterlist.

Reported-by: Christopher Covington &lt;cov@codeaurora.org&gt;
Fixes: d7db7a882deb ("crypto: acomp - update testmgr with support for acomp")
Signed-off-by: Laura Abbott &lt;labbott@redhat.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
</feed>
