| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250623131830.2194643-5-stefanb@linux.ibm.com>
Date: Mon, 23 Jun 2025 09:18:30 -0400
From: Stefan Berger <stefanb@...ux.ibm.com>
To: linux-crypto@...r.kernel.org, herbert@...dor.apana.org.au,
davem@...emloft.net
Cc: linux-kernel@...r.kernel.org, James.Bottomley@...senPartnership.com,
dhowells@...hat.com, simo@...hat.com,
Stefan Berger <stefanb@...ux.ibm.com>
Subject: [RFC PATCH 4/4] crypto: Extend testmgr with tests for shake128/256 XOFs
Extend the testmgr to run tests for XOFs where it squeezes a certain number
of bytes in a first step and then a different number in subsequent steps to
test for issues related to alignments and proper copying of bytes and
blocks.
Add test case data for shake128 and shake256 XOFs.
Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com>
---
crypto/testmgr.c | 58 +++++++++++++
crypto/testmgr.h | 212 +++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 270 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 2e4740448e3a..267307bd609d 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1647,6 +1647,59 @@ static int test_ahash_vec_cfg(const struct hash_testvec *vec,
driver, cfg);
}
+static int test_shash_xof(const struct hash_testvec *vec,
+ struct shash_desc *desc)
+{
+ struct shash_alg *alg = crypto_shash_alg(desc->tfm);
+ struct steps {
+ unsigned int first;
+ unsigned int other;
+ } steps[] = {
+ { .first = 0, .other = alg->base.cra_blocksize, },
+ { .first = 0, .other = alg->base.cra_blocksize + 1, },
+ { .first = 1, .other = alg->base.cra_blocksize, },
+ { .first = 1, .other = 1, },
+ { .first = 1, .other = 33, },
+ };
+ unsigned char *output = NULL, *tmp;
+ unsigned int off, req;
+ int ret = 0;
+ size_t i;
+
+ for (i = 0; i < ARRAY_SIZE(steps); i++) {
+ if (!vec->xof)
+ continue;
+
+ tmp = krealloc(output, vec->xof_size, GFP_KERNEL);
+ if (IS_ERR(output))
+ return PTR_ERR(output);
+ output = tmp;
+
+ crypto_shash_init(desc);
+ crypto_shash_update(desc, vec->plaintext, vec->psize);
+ crypto_shash_squeeze(desc, output, steps[i].first, false);
+ off = steps[i].first;
+
+ while (off < vec->xof_size) {
+ req = steps[i].other;
+ if (off + req > vec->xof_size)
+ req = vec->xof_size - off;
+ crypto_shash_squeeze(desc, &output[off], req, false);
+ off += req;
+ }
+
+ if (memcmp(output, vec->xof, vec->xof_size) != 0) {
+ pr_err("XOF output of %s is wrong! (steps: %d, %d)\n",
+ alg->base.cra_name, steps[i].first,
+ steps[i].other);
+ ret = -EINVAL;
+ }
+ }
+ kfree(output);
+
+ return ret;
+}
+
static int test_hash_vec_cfg(const struct hash_testvec *vec,
const char *vec_name,
const struct testvec_config *cfg,
@@ -1998,6 +2051,11 @@ static int __alg_test_hash(const struct hash_testvec *vecs,
err = test_hash_vec(&vecs[i], i, req, desc, tsgl, hashstate);
if (err)
goto out;
+ if (desc && crypto_shash_alg(desc->tfm)->squeeze) {
+ err = test_shash_xof(&vecs[i], desc);
+ if (err)
+ return err;
+ }
cond_resched();
}
err = test_hash_vs_generic_impl(generic_driver, maxkeysize, req,
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index c99dc61353b1..5160e5bb0489 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -30,8 +30,10 @@
* @key: Pointer to key (NULL if none)
* @plaintext: Pointer to source data
* @digest: Pointer to expected digest
+ * @xof: Pointer to extended output
* @psize: Length of source data in bytes
* @ksize: Length of @key in bytes (0 if no key)
+ * @xof_size: Length of extended output
* @setkey_error: Expected error from setkey()
* @digest_error: Expected error from digest()
* @fips_skip: Skip the test vector in FIPS mode
@@ -40,8 +42,10 @@ struct hash_testvec {
const char *key;
const char *plaintext;
const char *digest;
+ const char *xof;
unsigned int psize;
unsigned short ksize;
+ unsigned short xof_size;
int setkey_error;
int digest_error;
bool fips_skip;
@@ -5919,17 +5923,95 @@ static const struct hash_testvec shake128_tv_template[] = {
.plaintext = "",
.digest = "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d"
"\x61\x60\x45\x50\x76\x05\x85\x3e",
+ .xof = "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d"
+ "\x61\x60\x45\x50\x76\x05\x85\x3e"
+ "\xd7\x3b\x80\x93\xf6\xef\xbc\x88"
+ "\xeb\x1a\x6e\xac\xfa\x66\xef\x26"
+ "\x3c\xb1\xee\xa9\x88\x00\x4b\x93"
+ "\x10\x3c\xfb\x0a\xee\xfd\x2a\x68"
+ "\x6e\x01\xfa\x4a\x58\xe8\xa3\x63"
+ "\x9c\xa8\xa1\xe3\xf9\xae\x57\xe2"
+ "\x35\xb8\xcc\x87\x3c\x23\xdc\x62"
+ "\xb8\xd2\x60\x16\x9a\xfa\x2f\x75"
+ "\xab\x91\x6a\x58\xd9\x74\x91\x88"
+ "\x35\xd2\x5e\x6a\x43\x50\x85\xb2"
+ "\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5"
+ "\xef\xbb\x7b\xcc\x4b\x59\xd5\x38"
+ "\xdf\x9a\x04\x30\x2e\x10\xc8\xbc"
+ "\x1c\xbf\x1a\x0b\x3a\x51\x20\xea"
+ "\x17\xcd\xa7\xcf\xad\x76\x5f\x56"
+ "\x23\x47\x4d\x36\x8c\xcc\xa8\xaf"
+ "\x00\x07\xcd\x9f\x5e\x4c\x84\x9f"
+ "\x16\x7a\x58\x0b\x14\xaa\xbd\xef"
+ "\xae\xe7\xee\xf4\x7c\xb0\xfc\xa9"
+ "\x76\x7b\xe1\xfd\xa6\x94\x19\xdf"
+ "\xb9\x27\xe9\xdf\x07\x34\x8b\x19"
+ "\x66\x91\xab\xae\xb5\x80\xb3\x2d"
+ "\xef\x58\x53\x8b\x8d\x23\xf8\x77",
+ .xof_size = 200,
}, {
.plaintext = "a",
.psize = 1,
.digest = "\x85\xc8\xde\x88\xd2\x88\x66\xbf"
"\x08\x68\x09\x0b\x39\x61\x16\x2b",
+ .xof = "\x85\xc8\xde\x88\xd2\x88\x66\xbf"
+ "\x08\x68\x09\x0b\x39\x61\x16\x2b"
+ "\xf8\x23\x92\xf6\x90\xd9\xe4\x73"
+ "\x09\x10\xf4\xaf\x7c\x6a\xb3\xee"
+ "\x43\x54\xb4\x9c\xa7\x29\xeb\x35"
+ "\x6e\xe3\xf5\xb0\xfb\xd2\x9b\x66"
+ "\x76\x93\x83\xe5\xe4\x01\xb1\xf8"
+ "\x5e\x04\x4c\x92\xbb\x52\x31\xaa"
+ "\x4d\xee\x17\x99\xaf\x7a\x7c\xee"
+ "\x21\x3a\x23\xad\xcd\x03\xc4\x80"
+ "\x6c\x9a\x8b\x0d\x8a\x2e\xea\xd8"
+ "\xea\x7a\x61\x34\xc1\x3e\x52\x3c"
+ "\xcf\x93\xad\x39\xd2\x27\xd3\xe7"
+ "\xd0\x22\xd9\x65\x4f\x3b\x49\x41"
+ "\x37\x88\x75\x8a\x64\x17\xe4\x2d"
+ "\x41\x95\x7c\xb3\x0c\xf0\x4d\xa3"
+ "\x7f\x26\x89\x7c\x2c\xf2\xf8\x00"
+ "\x55\x84\x62\x93\xfd\xe0\x23\x31"
+ "\xcf\x4a\x26\x9a\xaf\x2d\x47\xeb"
+ "\x27\xab\xa0\xfa\xba\x4a\x67\x8e"
+ "\xc0\x02\xbc\x0d\x30\x64\xea\xd0"
+ "\xa3\xf2\xe0\xd8\xa7\xfa\x40\x4a"
+ "\xf5\x4e\xbf\x4f\x5b\x18\x35\x62"
+ "\xa8\xda\xd7\x3b\x9a\x55\xbf\x1c"
+ "\x06\x6e\x00\x07\xe7\xab\x8a\x89",
+ .xof_size = 200,
}, {
.plaintext = "abcdbcdecdefdefgefghfghighijhijkijkl"
"jklmklmnlmnomnopnopq",
.psize = 56,
.digest = "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e"
"\x74\xe0\xa7\x07\x78\x8f\x55\xe9",
+ .xof = "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e"
+ "\x74\xe0\xa7\x07\x78\x8f\x55\xe9"
+ "\x82\x09\xb8\xd9\x1f\xad\xe8\xf3"
+ "\x2f\x8d\xd5\xcf\xf7\xbf\x21\xf5"
+ "\x4e\xe5\xf1\x95\x50\x82\x5a\x6e"
+ "\x07\x00\x30\x51\x9e\x94\x42\x63"
+ "\xac\x1c\x67\x65\x28\x70\x65\x62"
+ "\x1f\x9f\xcb\x32\x01\x72\x3e\x32"
+ "\x23\xb6\x3a\x46\xc2\x93\x8a\xa9"
+ "\x53\xba\x84\x01\xd0\xea\x77\xb8"
+ "\xd2\x64\x90\x77\x55\x66\x40\x7b"
+ "\x95\x67\x3c\x0f\x4c\xc1\xce\x9f"
+ "\xd9\x66\x14\x8d\x7e\xfd\xff\x26"
+ "\xbb\xf9\xf4\x8a\x21\xc6\xda\x35"
+ "\xbf\xaa\x54\x56\x54\xf7\x0a\xe5"
+ "\x86\xff\x10\x13\x14\x20\x77\x14"
+ "\x83\xec\x92\xed\xab\x40\x8c\x76"
+ "\x7b\xf4\xc5\xb4\xff\xfa\xa8\x0c"
+ "\x8c\xa2\x14\xd8\x4c\x4d\xc7\x00"
+ "\xd0\xc5\x06\x30\xb2\xff\xc3\x79"
+ "\x3e\xa4\xd8\x72\x58\xb4\xc9\x54"
+ "\x8c\x54\x85\xa5\xca\x66\x6e\xf7"
+ "\x3f\xbd\x81\x6d\x41\x8a\xea\x63"
+ "\x95\xb5\x03\xad\xdd\x9b\x15\x0f"
+ "\x9e\x06\x63\x32\x5f\x01\xe5\x51",
+ .xof_size = 200,
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
@@ -6062,6 +6144,32 @@ static const struct hash_testvec shake128_tv_template[] = {
.psize = 1023,
.digest = "\x13\x0a\x5b\xcb\x83\x9f\x10\x89"
"\xbb\x62\xda\xe4\xf4\xd3\x21\xf8",
+ .xof = "\x13\x0a\x5b\xcb\x83\x9f\x10\x89"
+ "\xbb\x62\xda\xe4\xf4\xd3\x21\xf8"
+ "\xd1\xa1\x20\xeb\x55\x0a\x93\x04"
+ "\x9b\xe3\x14\x3c\x18\xd1\x7c\xa7"
+ "\xcd\xf3\x11\xe7\xe1\xcf\xaf\xbf"
+ "\x2e\x99\x8b\x4f\x5e\x0a\x13\x81"
+ "\x6e\x12\x36\x9e\x8e\x3a\xf6\x42"
+ "\xa1\x85\x4b\xda\xcf\x5a\x36\x65"
+ "\xe4\xea\x18\x3b\x19\x86\xf0\xd4"
+ "\xeb\x0f\x33\x98\xb5\x2b\xa7\x9b"
+ "\xba\x17\xd1\xd4\xc5\x5f\x0d\x8e"
+ "\x6c\xb0\xba\x4f\x94\x25\x29\x54"
+ "\xf8\x1d\x03\x14\xb7\xe5\x1e\xb2"
+ "\xf0\xe7\x0f\x32\x86\xfa\x13\x9f"
+ "\x60\x8d\x15\x03\x2d\x96\x2a\xa4"
+ "\x76\xf6\x49\x6c\x8a\x75\x7d\x79"
+ "\xa4\xcc\xcb\xe0\xf9\xbb\x7a\x80"
+ "\xc1\x20\x79\x32\x42\xe8\x0e\xd9"
+ "\x0f\x93\x0b\xaf\x56\x6e\x71\xc8"
+ "\x3f\xc3\x52\xe0\x4b\x4b\xbc\xf5"
+ "\x1f\xdf\xed\x88\xb8\x9d\x5a\x75"
+ "\x77\xa1\x59\x9b\x6a\x7c\x43\xe4"
+ "\x5b\x58\xaa\x84\x0a\x18\xb5\x37"
+ "\x3b\xda\xa8\xc9\x35\x76\x1b\x62"
+ "\x4f\x52\xc7\x42\x4e\x00\xb1\x46",
+ .xof_size = 200,
},
};
@@ -6072,6 +6180,32 @@ static const struct hash_testvec shake256_tv_template[] = {
"\x23\x3b\x3f\xeb\x74\x3e\xeb\x24"
"\x3f\xcd\x52\xea\x62\xb8\x1b\x82"
"\xb5\x0c\x27\x64\x6e\xd5\x76\x2f",
+ .xof = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13"
+ "\x23\x3b\x3f\xeb\x74\x3e\xeb\x24"
+ "\x3f\xcd\x52\xea\x62\xb8\x1b\x82"
+ "\xb5\x0c\x27\x64\x6e\xd5\x76\x2f"
+ "\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00"
+ "\xcb\x05\x01\x9d\x67\xb5\x92\xf6"
+ "\xfc\x82\x1c\x49\x47\x9a\xb4\x86"
+ "\x40\x29\x2e\xac\xb3\xb7\xc4\xbe"
+ "\x14\x1e\x96\x61\x6f\xb1\x39\x57"
+ "\x69\x2c\xc7\xed\xd0\xb4\x5a\xe3"
+ "\xdc\x07\x22\x3c\x8e\x92\x93\x7b"
+ "\xef\x84\xbc\x0e\xab\x86\x28\x53"
+ "\x34\x9e\xc7\x55\x46\xf5\x8f\xb7"
+ "\xc2\x77\x5c\x38\x46\x2c\x50\x10"
+ "\xd8\x46\xc1\x85\xc1\x51\x11\xe5"
+ "\x95\x52\x2a\x6b\xcd\x16\xcf\x86"
+ "\xf3\xd1\x22\x10\x9e\x3b\x1f\xdd"
+ "\x94\x3b\x6a\xec\x46\x8a\x2d\x62"
+ "\x1a\x7c\x06\xc6\xa9\x57\xc6\x2b"
+ "\x54\xda\xfc\x3b\xe8\x75\x67\xd6"
+ "\x77\x23\x13\x95\xf6\x14\x72\x93"
+ "\xb6\x8c\xea\xb7\xa9\xe0\xc5\x8d"
+ "\x86\x4e\x8e\xfd\xe4\xe1\xb9\xa4"
+ "\x6c\xbe\x85\x47\x13\x67\x2f\x5c"
+ "\xaa\xae\x31\x4e\xd9\x08\x3d\xab",
+ .xof_size = 200,
}, {
.plaintext = "a",
.psize = 1,
@@ -6079,6 +6213,32 @@ static const struct hash_testvec shake256_tv_template[] = {
"\xbd\x59\x25\x01\xa5\xe8\xfe\x9c"
"\xea\xaf\xca\x50\x25\x56\x26\xca"
"\x73\x6c\x13\x80\x42\x53\x0b\xa4",
+ .xof = "\x86\x7e\x2c\xb0\x4f\x5a\x04\xdc"
+ "\xbd\x59\x25\x01\xa5\xe8\xfe\x9c"
+ "\xea\xaf\xca\x50\x25\x56\x26\xca"
+ "\x73\x6c\x13\x80\x42\x53\x0b\xa4"
+ "\x36\xb7\xb1\xec\x0e\x06\xa2\x79"
+ "\xbc\x79\x07\x33\xbb\x0a\xee\x6f"
+ "\xa8\x02\x68\x3c\x7b\x35\x50\x63"
+ "\xc4\x34\xe9\x11\x89\xb0\xc6\x51"
+ "\xd0\x92\xb0\x1e\x55\xce\x4d\x61"
+ "\x0b\x54\xa5\x46\x6d\x02\xf8\x8f"
+ "\xc3\x78\x09\x6f\xb0\xda\xd0\x25"
+ "\x48\x57\xfe\x1e\x63\x81\xab\xc0"
+ "\x4e\x07\xe3\x3d\x91\x69\x35\x93"
+ "\x56\x36\x00\x48\x96\xc5\xb1\x25"
+ "\x34\x64\xf1\xcb\x5e\xa7\x3b\x00"
+ "\x7b\xc5\x02\x8b\xbb\xea\x13\xeb"
+ "\xc2\x86\x68\xdb\xfc\x26\xb1\x24"
+ "\x0c\xe4\x23\x9f\x8d\x50\x62\x7d"
+ "\xda\xa0\x16\x41\xdf\xea\xa9\xd2"
+ "\xfe\xf0\x3d\xd0\x25\xe0\xb8\x2c"
+ "\xf0\x71\xfb\x9c\xa3\x23\x2c\x74"
+ "\x2d\x83\x6b\x3c\xbc\xc8\xc3\xcb"
+ "\xa5\xb0\x58\xb7\x67\x95\xc1\x77"
+ "\x01\x23\x14\x19\x6d\xc8\x22\x76"
+ "\x89\x91\xc0\xf1\x6f\x8a\x65\x5a",
+ .xof_size = 200,
}, {
.plaintext = "abcdbcdecdefdefgefghfghighijhijkijkl"
"jklmklmnlmnomnopnopq",
@@ -6087,6 +6247,32 @@ static const struct hash_testvec shake256_tv_template[] = {
"\xee\xfb\xb8\xc3\x6f\x6f\x87\x13"
"\x3a\x79\x11\xe1\x8d\x97\x9e\xe1"
"\xae\x6b\xe5\xd4\xfd\x2e\x33\x29",
+ .xof = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28"
+ "\xee\xfb\xb8\xc3\x6f\x6f\x87\x13"
+ "\x3a\x79\x11\xe1\x8d\x97\x9e\xe1"
+ "\xae\x6b\xe5\xd4\xfd\x2e\x33\x29"
+ "\x40\xd8\x68\x8a\x4e\x6a\x59\xaa"
+ "\x80\x60\xf1\xf9\xbc\x99\x6c\x05"
+ "\xac\xa3\xc6\x96\xa8\xb6\x62\x79"
+ "\xdc\x67\x2c\x74\x0b\xb2\x24\xec"
+ "\x37\xa9\x2b\x65\xdb\x05\x39\xc0"
+ "\x20\x34\x55\xf5\x1d\x97\xcc\xe4"
+ "\xcf\xc4\x91\x27\xd7\x26\x0a\xfc"
+ "\x67\x3a\xf2\x08\xba\xf1\x9b\xe2"
+ "\x12\x33\xf3\xde\xbe\x78\xd0\x67"
+ "\x60\xcf\xa5\x51\xee\x1e\x07\x91"
+ "\x41\xd4\x9d\xd3\xef\x7e\x18\x2b"
+ "\x15\x24\xdf\x82\xea\x1c\xef\xe1"
+ "\xc6\xc3\x96\x61\x75\xf0\x22\x8d"
+ "\x35\x88\x7c\xd9\xf0\x9b\x05\x45"
+ "\x7f\x6d\x95\x2f\x9b\x3b\x32\x46"
+ "\x4e\x0b\x3c\x54\xdc\xc1\x3e\xfd"
+ "\xb4\xc5\x4e\x29\xcd\xb4\x08\x8f"
+ "\xaf\x48\x2c\xdd\xd0\xa5\xe6\xb8"
+ "\x22\xf5\xa8\x0d\x0c\xc7\x8d\x4c"
+ "\xc9\x01\x31\x90\x6f\xd5\x15\x9e"
+ "\xb5\x14\x2e\x15\x50\x24\xb6\x24",
+ .xof_size = 200,
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
@@ -6221,6 +6407,32 @@ static const struct hash_testvec shake256_tv_template[] = {
"\xce\xdc\xc1\x02\x31\x6c\x0f\x19"
"\x0a\xb2\x77\x24\xe7\x68\x71\x3b"
"\x9b\x6d\x5f\xbc\xcf\x60\x28\x4c",
+ .xof = "\x24\xab\xec\xa1\x22\x05\x1c\xf3"
+ "\xce\xdc\xc1\x02\x31\x6c\x0f\x19"
+ "\x0a\xb2\x77\x24\xe7\x68\x71\x3b"
+ "\x9b\x6d\x5f\xbc\xcf\x60\x28\x4c"
+ "\x97\x76\xdc\x50\xda\xa5\x14\x5e"
+ "\xe6\xb9\x1e\xbc\x42\x1e\x8d\xd5"
+ "\xb5\xae\xe2\x77\x48\xde\x80\x1f"
+ "\x7a\x74\x30\x79\x86\xc8\x6f\x2e"
+ "\x90\x76\x07\xb3\xed\x74\xdf\x44"
+ "\xcc\x3b\x00\x64\xb4\xb1\xdc\x11"
+ "\xa8\xcf\xbf\x01\xfc\x21\x00\xac"
+ "\x2c\xa1\xea\xbd\x84\x1c\x84\xa2"
+ "\x6b\x02\x7a\x19\xb9\xbf\xbb\xc0"
+ "\x21\x71\x4b\xb2\xc0\x50\xa4\xe9"
+ "\xe1\x48\xd2\xca\x14\xcc\x3f\x65"
+ "\x87\x38\xc5\xfb\xc0\x03\x23\x64"
+ "\x65\x5d\xb8\xd1\x9d\xd6\xd4\x3a"
+ "\xeb\x57\xe7\x3c\x22\x17\xb6\x5a"
+ "\x8e\x4b\x73\xf4\x36\x4a\x36\x17"
+ "\x8c\xbe\x7d\x2b\x37\xaf\xde\xbc"
+ "\xc7\xe8\x52\x00\x90\x90\x0e\x3b"
+ "\x22\x6f\xa7\xec\x2f\x99\x6d\x32"
+ "\x36\x20\x12\x4d\x14\xa8\x7f\xc4"
+ "\x9e\xb5\x7f\x6b\xc6\xe9\xe2\x8e"
+ "\xd5\xc8\x25\xe6\xf1\x97\xbf\x76",
+ .xof_size = 200,
},
};
--
2.49.0
Powered by blists - more mailing lists