Commit 49763fc6 authored by Eric Biggers's avatar Eric Biggers Committed by Herbert Xu

crypto: testmgr - generate inauthentic AEAD test vectors

The whole point of using an AEAD over length-preserving encryption is
that the data is authenticated.  However currently the fuzz tests don't
test any inauthentic inputs to verify that the data is actually being
authenticated.  And only two algorithms ("rfc4543(gcm(aes))" and
"ccm(aes)") even have any inauthentic test vectors at all.

Therefore, update the AEAD fuzz tests to sometimes generate inauthentic
test vectors, either by generating a (ciphertext, AAD) pair without
using the key, or by mutating an authentic pair that was generated.

To avoid flakiness, only assume this works reliably if the auth tag is
at least 8 bytes.  Also account for the rfc4106, rfc4309, and rfc7539esp
algorithms intentionally ignoring the last 8 AAD bytes, and for some
algorithms doing extra checks that result in EINVAL rather than EBADMSG.
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 2ea91505
This diff is collapsed.
...@@ -85,16 +85,22 @@ struct cipher_testvec { ...@@ -85,16 +85,22 @@ struct cipher_testvec {
* @ctext: Pointer to the full authenticated ciphertext. For AEADs that * @ctext: Pointer to the full authenticated ciphertext. For AEADs that
* produce a separate "ciphertext" and "authentication tag", these * produce a separate "ciphertext" and "authentication tag", these
* two parts are concatenated: ciphertext || tag. * two parts are concatenated: ciphertext || tag.
* @novrfy: Decryption verification failure expected? * @novrfy: If set, this is an inauthentic input test: only decryption is
* tested, and it is expected to fail with either -EBADMSG or
* @crypt_error if it is nonzero.
* @wk: Does the test need CRYPTO_TFM_REQ_FORBID_WEAK_KEYS? * @wk: Does the test need CRYPTO_TFM_REQ_FORBID_WEAK_KEYS?
* (e.g. setkey() needs to fail due to a weak key) * (e.g. setkey() needs to fail due to a weak key)
* @klen: Length of @key in bytes * @klen: Length of @key in bytes
* @plen: Length of @ptext in bytes * @plen: Length of @ptext in bytes
* @alen: Length of @assoc in bytes * @alen: Length of @assoc in bytes
* @clen: Length of @ctext in bytes * @clen: Length of @ctext in bytes
* @setkey_error: Expected error from setkey() * @setkey_error: Expected error from setkey(). If set, neither encryption nor
* @setauthsize_error: Expected error from setauthsize() * decryption is tested.
* @crypt_error: Expected error from encrypt() and decrypt() * @setauthsize_error: Expected error from setauthsize(). If set, neither
* encryption nor decryption is tested.
* @crypt_error: When @novrfy=0, the expected error from encrypt(). When
* @novrfy=1, an optional alternate error code that is acceptable
* for decrypt() to return besides -EBADMSG.
*/ */
struct aead_testvec { struct aead_testvec {
const char *key; const char *key;
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment