From patchwork Mon Mar 18 17:13:23 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Biggers <ebiggers@kernel.org>
X-Patchwork-Id: 1057950
X-Patchwork-Delegate: petr.vorel@gmail.com
Return-Path: <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=lists.linux.it
	(client-ip=213.254.12.146; helo=picard.linux.it;
	envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=kernel.org header.i=@kernel.org
	header.b="baQIFL0H"; dkim-atps=neutral
Received: from picard.linux.it (picard.linux.it [213.254.12.146])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 44NN8b3r1hz9s9N
	for <incoming@patchwork.ozlabs.org>;
	Tue, 19 Mar 2019 04:14:39 +1100 (AEDT)
Received: from picard.linux.it (localhost [IPv6:::1])
	by picard.linux.it (Postfix) with ESMTP id 196653EADB5
	for <incoming@patchwork.ozlabs.org>;
	Mon, 18 Mar 2019 18:14:37 +0100 (CET)
X-Original-To: ltp@lists.linux.it
Delivered-To: ltp@picard.linux.it
Received: from in-7.smtp.seeweb.it (in-7.smtp.seeweb.it
	[IPv6:2001:4b78:1:20::7])
	by picard.linux.it (Postfix) with ESMTP id 2D2613EA195
	for <ltp@lists.linux.it>; Mon, 18 Mar 2019 18:14:25 +0100 (CET)
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by in-7.smtp.seeweb.it (Postfix) with ESMTPS id 7B4DA201374
	for <ltp@lists.linux.it>; Mon, 18 Mar 2019 18:14:24 +0100 (CET)
Received: from ebiggers-linuxstation.mtv.corp.google.com (unknown
	[104.132.1.77])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPSA id 578E22133F;
	Mon, 18 Mar 2019 17:14:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=default; t=1552929262;
	bh=13Zak3DZtNI4C0gqlDBE1xCbN890wA7xMrV5SRY/zpA=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=baQIFL0HOelwZI0yqKseHuZsnCWYdVwIpPyWjXo+Vkufl/aKwXb10fxn4t2JszeQa
	S0qlDIufOaMX5qLN886B59k22Ws3Jsx7xQwMeB8FBeowNjVUIhyPbEbllIqxLKKz+S
	XyLxZWCCkaj4FWhXLyjz63qwDAxPH5lQz1P8cgh4=
From: Eric Biggers <ebiggers@kernel.org>
To: ltp@lists.linux.it
Date: Mon, 18 Mar 2019 10:13:23 -0700
Message-Id: <20190318171327.237014-3-ebiggers@kernel.org>
X-Mailer: git-send-email 2.21.0.225.g810b269d1ac-goog
In-Reply-To: <20190318171327.237014-1-ebiggers@kernel.org>
References: <20190318171327.237014-1-ebiggers@kernel.org>
MIME-Version: 1.0
X-Virus-Scanned: clamav-milter 0.99.2 at in-7.smtp.seeweb.it
X-Virus-Status: Clean
X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,SPF_PASS autolearn=disabled version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	in-7.smtp.seeweb.it
Cc: linux-crypto@vger.kernel.org
Subject: [LTP] [PATCH v2 2/6] crypto/af_alg01: new regression test for hmac
	nesting bug
X-BeenThere: ltp@lists.linux.it
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Linux Test Project <ltp.lists.linux.it>
List-Unsubscribe: <https://lists.linux.it/options/ltp>,
	<mailto:ltp-request@lists.linux.it?subject=unsubscribe>
List-Archive: <http://lists.linux.it/pipermail/ltp/>
List-Post: <mailto:ltp@lists.linux.it>
List-Help: <mailto:ltp-request@lists.linux.it?subject=help>
List-Subscribe: <https://lists.linux.it/listinfo/ltp>,
	<mailto:ltp-request@lists.linux.it?subject=subscribe>
Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it
Sender: "ltp" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>

From: Eric Biggers <ebiggers@google.com>

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 runtest/crypto                     |  1 +
 runtest/cve                        |  1 +
 testcases/kernel/crypto/.gitignore |  1 +
 testcases/kernel/crypto/af_alg01.c | 78 ++++++++++++++++++++++++++++++
 4 files changed, 81 insertions(+)
 create mode 100644 testcases/kernel/crypto/af_alg01.c

diff --git a/runtest/crypto b/runtest/crypto
index cdbc44cc8..45c8cdd2d 100644
--- a/runtest/crypto
+++ b/runtest/crypto
@@ -1,2 +1,3 @@
+af_alg01 af_alg01
 pcrypt_aead01 pcrypt_aead01
 crypto_user01 crypto_user01
diff --git a/runtest/cve b/runtest/cve
index 8f38045e9..f46c400cc 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -27,6 +27,7 @@ cve-2017-15299 request_key03 -b cve-2017-15299
 cve-2017-15537 ptrace07
 cve-2017-15649 fanout01
 cve-2017-15951 request_key03 -b cve-2017-15951
+cve-2017-17806 af_alg01
 cve-2017-17807 request_key04
 cve-2017-1000364 stack_clash
 cve-2017-5754 meltdown
diff --git a/testcases/kernel/crypto/.gitignore b/testcases/kernel/crypto/.gitignore
index 759592fbd..998af1728 100644
--- a/testcases/kernel/crypto/.gitignore
+++ b/testcases/kernel/crypto/.gitignore
@@ -1,2 +1,3 @@
+af_alg01
 pcrypt_aead01
 crypto_user01
diff --git a/testcases/kernel/crypto/af_alg01.c b/testcases/kernel/crypto/af_alg01.c
new file mode 100644
index 000000000..1ce0e2508
--- /dev/null
+++ b/testcases/kernel/crypto/af_alg01.c
@@ -0,0 +1,78 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright 2019 Google LLC
+ */
+
+/*
+ * Regression test for commit af3ff8045bbf ("crypto: hmac - require that the
+ * underlying hash algorithm is unkeyed"), or CVE-2017-17806.  This test
+ * verifies that the hmac template cannot be nested inside itself.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+
+#include "tst_test.h"
+#include "tst_af_alg.h"
+
+static void test_with_hash_alg(const char *hash_algname)
+{
+	char hmac_algname[64];
+	char key[4096] = { 0 };
+
+	if (!tst_have_alg("hash", hash_algname)) {
+		tst_res(TCONF, "kernel doesn't have hash algorithm '%s'",
+			hash_algname);
+		return;
+	}
+	sprintf(hmac_algname, "hmac(%s)", hash_algname);
+	if (!tst_have_alg("hash", hmac_algname)) {
+		tst_res(TCONF, "kernel doesn't have hash algorithm '%s'",
+			hmac_algname);
+		return;
+	}
+
+	sprintf(hmac_algname, "hmac(hmac(%s))", hash_algname);
+	if (tst_have_alg("hash", hmac_algname)) {
+		int algfd;
+
+		tst_res(TFAIL, "instantiated nested hmac algorithm ('%s')!",
+			hmac_algname);
+
+		/*
+		 * Be extra annoying; with the bug, setting a key on
+		 * "hmac(hmac(sha3-256-generic))" crashed the kernel.
+		 */
+		algfd = tst_alg_setup("hash", hmac_algname, NULL, 0);
+		if (setsockopt(algfd, SOL_ALG, ALG_SET_KEY,
+			       key, sizeof(key)) == 0) {
+			tst_res(TFAIL,
+				"set key on nested hmac algorithm ('%s')!",
+				hmac_algname);
+		}
+	} else {
+		tst_res(TPASS,
+			"couldn't instantiate nested hmac algorithm ('%s')",
+			hmac_algname);
+	}
+}
+
+/* try several different unkeyed hash algorithms */
+static const char * const hash_algs[] = {
+	"md5", "md5-generic",
+	"sha1", "sha1-generic",
+	"sha224", "sha224-generic",
+	"sha256", "sha256-generic",
+	"sha3-256", "sha3-256-generic",
+	"sha3-512", "sha3-512-generic",
+};
+
+static void do_test(unsigned int i)
+{
+	test_with_hash_alg(hash_algs[i]);
+}
+
+static struct tst_test test = {
+	.test = do_test,
+	.tcnt = ARRAY_SIZE(hash_algs),
+};