lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1ad64e3d-5252-4aaf-82be-5162edd1e781@arista.com>
Date: Wed, 24 Jan 2024 17:46:10 +0000
From: Dmitry Safonov <dima@...sta.com>
To: Jakub Kicinski <kuba@...nel.org>
Cc: "David S. Miller" <davem@...emloft.net>,
 Eric Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>,
 Shuah Khan <shuah@...nel.org>, Dmitry Safonov <0x7f454c46@...il.com>,
 Mohammad Nassiri <mnassiri@...na.com>, netdev@...r.kernel.org,
 linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/3] selftests/net: A couple of typos fixes in
 key-management test

Hi Jakub,

On 1/24/24 15:12, Jakub Kicinski wrote:
> On Fri, 19 Jan 2024 18:39:14 +0000 Dmitry Safonov wrote:
>>> You probably want something smaller to be honest.
>>> tools/testing/selftests/net/config has a lot of stuff in it 
>>> and it's actually missing a lot more. I'm working thru adding
>>> the missing options to tools/testing/selftests/net/config 
>>> right now so far I got:  
>>
>> Thanks!
>>
>> I'll send a patch for it in version 2 (as I anyway need to address
>> Simon's feedback).
> 
> Hi Dmitry!
> 
> I put TCP_AO and VETH in the config and the tests seem to fail with

Thanks for wiring it up and for https://netdev.bots.linux.dev/status.html!

> selftests: net/tcp_ao: rst_ipv4
> not ok 1 # error 834[lib/kconfig.c:143] Failed to initialize kconfig 2: No such file or directory
> # Planned tests != run tests (0 != 1)
> # Totals: pass:0 fail:0 xfail:0 xpass:0 skip:0 error:1

Hehe, yeah I wanted to detect kernels with !CONFIG_TCP_AO, to SKIP the
test, rather than FAIL it, which this lib/kconfig.c does.
But from a glance, I think it's failing in your run because there are
checks with and without TCP_AO, but I didn't think of checking for
the hashing algorithms support.

I think what happens is has_tcp_ao():
: strcpy(tmp.alg_name, "hmac(sha1)");
..
: if (setsockopt(sk, IPPROTO_TCP, TCP_AO_ADD_KEY, &tmp, sizeof(tmp)) < 0)

Could you check that what I suppose is failing, is actually failing?
[dima@...dolluin linux-master]$ grep -e '\<CONFIG_CRYPTO_SHA1\>' -e
'\<CONFIG_CRYPTO_HMAC\>' .config
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_SHA1=y

If that's the case, I'll  add the detection for hashing algorithms to
lib/kconfig.c (together with a patch for
tools/testing/selftests/net/config).
And also heads up for key-management.c - that tries a bunch of hashing
algorithms to check that the work and that the key rotation between
different algorithms works:

: const char *test_algos[] = {
: 	"cmac(aes128)",
: 	"hmac(sha1)", "hmac(sha512)", "hmac(sha384)", "hmac(sha256)",
: 	"hmac(sha224)", "hmac(sha3-512)",
: 	/* only if !CONFIG_FIPS */
: #define TEST_NON_FIPS_ALGOS	2
: 	"hmac(rmd160)", "hmac(md5)"
: };


> The script does:
> 
> target=net/tcp_ao
> make mrproper
> 
> vng -v -b -f tools/testing/selftests/$target
> # build the scripts
> make headers
> make -C tools/testing/selftests/$target
> 
> vng -v -r arch/x86/boot/bzImage --user root
> # inside the VM
> make -C tools/testing/selftests TARGETS=$target run_tests

Thanks,
            Dmitry


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ