lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAHzjS_sDeUTV3FMGD_iraCo7dxAbSf0BVx_-jSGyEQv_67ckkw@mail.gmail.com>
Date: Fri, 5 Dec 2025 17:14:54 -0800
From: Song Liu <song@...nel.org>
To: Daniel Hodges <git@...ielhodges.dev>
Cc: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org, 
	vadim.fedorenko@...ux.dev, martin.lau@...ux.dev, eddyz87@...il.com, 
	song@...nel.org, yonghong.song@...ux.dev, john.fastabend@...il.com, 
	kpsingh@...nel.org, sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org, 
	herbert@...dor.apana.org.au, davem@...emloft.net, shuah@...nel.org, 
	bpf@...r.kernel.org, linux-crypto@...r.kernel.org, 
	linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH bpf-next v2 3/5] selftests/bpf: Add tests for
 bpf_crypto_hash kfunc

On Fri, Dec 5, 2025 at 9:39 AM Daniel Hodges <git@...ielhodges.dev> wrote:
>
> Add selftests to validate the bpf_crypto_hash works properly. The tests
> verify both correct functionality and proper error handling.
>
> Test Data:
> All tests use the well-known NIST test vector input "abc" and validate
> against the standardized expected outputs for each algorithm. This ensures
> the BPF kfunc wrappers correctly delegate to the kernel crypto library.
>
> Signed-off-by: Daniel Hodges <git@...ielhodges.dev>
> ---
>  tools/testing/selftests/bpf/config            |   2 +
>  .../selftests/bpf/prog_tests/crypto_hash.c    | 158 ++++++++++++++++++
>  .../testing/selftests/bpf/progs/crypto_hash.c | 141 ++++++++++++++++
>  3 files changed, 301 insertions(+)
>  create mode 100644 tools/testing/selftests/bpf/prog_tests/crypto_hash.c
>  create mode 100644 tools/testing/selftests/bpf/progs/crypto_hash.c
>
> diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/bpf/config
> index 558839e3c185..d168b3073cba 100644
> --- a/tools/testing/selftests/bpf/config
> +++ b/tools/testing/selftests/bpf/config
> @@ -12,7 +12,9 @@ CONFIG_BPF_SYSCALL=y
>  # CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
>  CONFIG_CGROUP_BPF=y
>  CONFIG_CRYPTO_HMAC=y
> +CONFIG_CRYPTO_HASH2=y
>  CONFIG_CRYPTO_SHA256=y
> +CONFIG_CRYPTO_SHA512=y
>  CONFIG_CRYPTO_USER_API=y
>  CONFIG_CRYPTO_USER_API_HASH=y
>  CONFIG_CRYPTO_USER_API_SKCIPHER=y
> diff --git a/tools/testing/selftests/bpf/prog_tests/crypto_hash.c b/tools/testing/selftests/bpf/prog_tests/crypto_hash.c
> new file mode 100644
> index 000000000000..f1495ea85aae
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/crypto_hash.c
> @@ -0,0 +1,158 @@
> +// SPDX-License-Identifier: GPL-2.0

Maybe add Copyright here?

> +
> +#include <test_progs.h>
> +#include <errno.h>
> +#include "crypto_hash.skel.h"
> +
> +/* NIST test vectors for SHA-256("abc") */
> +static const unsigned char expected_sha256[32] = {
> +       0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
> +       0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
> +       0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
> +       0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
> +};
> +
> +/* NIST test vectors for SHA-384("abc") */
> +static const unsigned char expected_sha384[48] = {
> +       0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b,
> +       0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07,
> +       0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63,
> +       0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed,
> +       0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23,
> +       0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7
> +};
> +
> +/* NIST test vectors for SHA-512("abc") */
> +static const unsigned char expected_sha512[64] = {
> +       0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba,
> +       0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
> +       0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2,
> +       0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a,
> +       0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8,
> +       0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
> +       0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e,
> +       0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f
> +};
> +
> +static void test_sha256_basic(void)
> +{
> +       struct crypto_hash *skel;
> +       int err, prog_fd;
> +
> +       LIBBPF_OPTS(bpf_test_run_opts, topts);
> +
> +       skel = crypto_hash__open_and_load();
> +       if (!skel) {
> +               /* Skip if kfuncs not available (CONFIG_CRYPTO_HASH2 not set) */
> +               if (errno == ENOENT || errno == EINVAL) {
> +                       test__skip();
> +                       return;
> +               }
> +               ASSERT_OK_PTR(skel, "crypto_hash__open_and_load");
> +               return;
> +       }
> +
> +       prog_fd = bpf_program__fd(skel->progs.test_sha256);
> +       err = bpf_prog_test_run_opts(prog_fd, &topts);
> +       ASSERT_OK(err, "test_sha256");
> +       ASSERT_EQ(skel->data->sha256_status, 0, "sha256_status");
> +       ASSERT_EQ(memcmp(skel->bss->sha256_output, expected_sha256, 32), 0,
> +                 "sha256_output_match");
> +
> +       crypto_hash__destroy(skel);
> +}

nit: We have quite some duplicated code here. Maybe try to reuse some of
the code?

Thanks,
Song

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ