linux/crypto
Eric Biggers 49763fc6b1 crypto: testmgr - generate inauthentic AEAD test vectors
The whole point of using an AEAD over length-preserving encryption is
that the data is authenticated.  However currently the fuzz tests don't
test any inauthentic inputs to verify that the data is actually being
authenticated.  And only two algorithms ("rfc4543(gcm(aes))" and
"ccm(aes)") even have any inauthentic test vectors at all.

Therefore, update the AEAD fuzz tests to sometimes generate inauthentic
test vectors, either by generating a (ciphertext, AAD) pair without
using the key, or by mutating an authentic pair that was generated.

To avoid flakiness, only assume this works reliably if the auth tag is
at least 8 bytes.  Also account for the rfc4106, rfc4309, and rfc7539esp
algorithms intentionally ignoring the last 8 AAD bytes, and for some
algorithms doing extra checks that result in EINVAL rather than EBADMSG.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-12-11 16:37:01 +08:00
..
asymmetric_keys KEYS: trusted: Create trusted keys subsystem 2019-11-12 21:45:37 +02:00
async_tx treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 335 2019-06-05 17:37:06 +02:00
842.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
acompress.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
adiantum.c crypto: poly1305 - move core routines into a separate library 2019-11-17 09:02:41 +08:00
aead.c crypto: aead - Split out geniv into its own module 2019-11-17 09:02:38 +08:00
aegis128-core.c crypto: aegis128 - duplicate init() and final() hooks in SIMD code 2019-10-26 02:06:05 +11:00
aegis128-neon-inner.c crypto: aegis128 - duplicate init() and final() hooks in SIMD code 2019-10-26 02:06:05 +11:00
aegis128-neon.c crypto: aegis128 - duplicate init() and final() hooks in SIMD code 2019-10-26 02:06:05 +11:00
aegis.h crypto: aegis128 - Fix -Wunused-const-variable warning 2019-08-30 18:05:30 +10:00
aes_generic.c crypto: aes-generic - remove unused variable 'rco_tab' 2019-08-15 21:52:14 +10:00
aes_ti.c crypto: aes - create AES library based on the fixed time AES code 2019-07-26 14:55:33 +10:00
af_alg.c crypto: af_alg - cast ki_complete ternary op to int 2019-10-10 23:42:45 +11:00
ahash.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
akcipher.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
algapi.c crypto: ablkcipher - remove deprecated and unused ablkcipher support 2019-11-17 09:02:49 +08:00
algboss.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
algif_aead.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
algif_hash.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
algif_rng.c net: remove sock_no_poll 2018-05-26 09:16:44 +02:00
algif_skcipher.c crypto: algif_skcipher - Use chunksize instead of blocksize 2019-10-05 01:04:31 +10:00
ansi_cprng.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 42 2019-05-24 17:27:12 +02:00
anubis.c crypto: make all generic algorithms set cra_driver_name 2019-06-13 14:31:39 +08:00
api.c crypto: api - remove another reference to blkcipher 2019-12-11 16:36:56 +08:00
arc4.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
authenc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
authencesn.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
blake2b_generic.c crypto: blake2b - rename tfm context and _setkey callback 2019-11-22 18:48:35 +08:00
blake2s_generic.c crypto: blake2s - implement generic shash driver 2019-11-17 09:02:42 +08:00
blowfish_common.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
blowfish_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
camellia_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
cast5_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 140 2019-05-30 11:25:16 -07:00
cast6_generic.c crypto: x86 - Regularize glue function prototypes 2019-12-11 16:36:54 +08:00
cast_common.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 44 2019-05-24 17:27:12 +02:00
cbc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ccm.c wusb: switch to cbcmac transform 2019-06-18 08:52:34 +02:00
cfb.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
chacha20poly1305.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
chacha_generic.c crypto: chacha_generic - remove unnecessary setkey() functions 2019-11-22 18:48:39 +08:00
cipher.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cmac.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
compress.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
crc32_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
crc32c_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
crct10dif_common.c
crct10dif_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
cryptd.c crypto: skcipher - remove the "blkcipher" algorithm type 2019-11-01 13:38:32 +08:00
crypto_engine.c crypto: ablkcipher - remove deprecated and unused ablkcipher support 2019-11-17 09:02:49 +08:00
crypto_null.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
crypto_user_base.c crypto: user - fix memory leak in crypto_report 2019-10-10 23:42:45 +11:00
crypto_user_stat.c crypto: skcipher - remove the "blkcipher" algorithm type 2019-11-01 13:38:32 +08:00
ctr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
cts.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
curve25519-generic.c crypto: curve25519 - implement generic KPP driver 2019-11-17 09:02:43 +08:00
deflate.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
des_generic.c crypto: des - remove now unused __des3_ede_setkey() 2019-08-22 14:57:33 +10:00
dh_helper.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
dh.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
drbg.c crypto: drbg - add FIPS 140-2 CTRNG for noise source 2019-05-23 14:01:06 +08:00
ecb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ecc_curve_defs.h crypto: ecc - make ecc into separate module 2019-04-18 22:15:02 +08:00
ecc.c int128: move __uint128_t compiler test to Kconfig 2019-11-17 09:02:42 +08:00
ecc.h crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ecdh_helper.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ecdh.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
echainiv.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ecrdsa_defs.h crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ecrdsa_params.asn1 crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ecrdsa_pub_key.asn1 crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ecrdsa.c crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
essiv.c crypto: shash - allow essiv and hmac to use OPTIONAL_KEY algorithms 2019-12-11 16:36:57 +08:00
fcrypt.c crypto: make all generic algorithms set cra_driver_name 2019-06-13 14:31:39 +08:00
fips.c crypto: fips - add FIPS test failure notification chain 2019-07-26 14:51:57 +10:00
gcm.c crypto: gcm - restrict assoclen for rfc4543 2019-08-09 15:11:58 +10:00
geniv.c crypto: aead - Split out geniv into its own module 2019-11-17 09:02:38 +08:00
gf128mul.c crypto: gf128mul - remove incorrect comment 2017-12-22 19:52:40 +11:00
ghash-generic.c crypto: ghash - add comment and improve help text 2019-07-27 21:08:38 +10:00
hash_info.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
hmac.c crypto: shash - allow essiv and hmac to use OPTIONAL_KEY algorithms 2019-12-11 16:36:57 +08:00
internal.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
jitterentropy-kcapi.c crypto: jitter - add header to fix buildwarnings 2019-10-18 18:49:40 +11:00
jitterentropy.c crypto: jitter - add header to fix buildwarnings 2019-10-18 18:49:40 +11:00
jitterentropy.h crypto: jitter - add header to fix buildwarnings 2019-10-18 18:49:40 +11:00
Kconfig crypto: mips/chacha - select CRYPTO_SKCIPHER, not CRYPTO_BLKCIPHER 2019-11-22 18:48:38 +08:00
keywrap.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
khazad.c crypto: make all generic algorithms set cra_driver_name 2019-06-13 14:31:39 +08:00
kpp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
lrw.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
lz4.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
lz4hc.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
lzo-rle.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
lzo.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
Makefile crypto: ablkcipher - remove deprecated and unused ablkcipher support 2019-11-17 09:02:49 +08:00
md4.c crypto: make all generic algorithms set cra_driver_name 2019-06-13 14:31:39 +08:00
md5.c crypto: make all generic algorithms set cra_driver_name 2019-06-13 14:31:39 +08:00
memneq.c
michael_mic.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
nhpoly1305.c crypto: poly1305 - move core routines into a separate library 2019-11-17 09:02:41 +08:00
ofb.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
pcbc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
pcrypt.c crypto: pcrypt - Do not clear MAY_SLEEP flag in original request 2019-12-11 16:36:55 +08:00
poly1305_generic.c crypto: x86/poly1305 - depend on generic library not generic shash 2019-11-17 09:02:41 +08:00
proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ripemd.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rmd128.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
rmd160.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
rmd256.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
rmd320.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
rng.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rsa_helper.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rsa-pkcs1pad.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rsa.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
rsaprivkey.asn1
rsapubkey.asn1
salsa20_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
scatterwalk.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
scompress.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
seed.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
seqiv.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
serpent_generic.c crypto: x86 - Regularize glue function prototypes 2019-12-11 16:36:54 +08:00
sha1_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sha3_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sha256_generic.c crypto: sha256 - Merge crypto/sha256.h into crypto/sha.h 2019-09-05 14:54:54 +10:00
sha512_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 45 2019-05-24 17:27:12 +02:00
shash.c crypto: shash - allow essiv and hmac to use OPTIONAL_KEY algorithms 2019-12-11 16:36:57 +08:00
simd.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
skcipher.c crypto: skcipher - remove crypto_skcipher_extsize() 2019-12-11 16:36:56 +08:00
sm3_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 234 2019-06-19 17:09:07 +02:00
sm4_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
streebog_generic.c crypto: streebog - remove two unused variables 2019-08-15 21:52:14 +10:00
tcrypt.c crypto: tcrypt - constify check alg list 2019-11-17 09:02:44 +08:00
tcrypt.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tea.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00
testmgr.c crypto: testmgr - generate inauthentic AEAD test vectors 2019-12-11 16:37:01 +08:00
testmgr.h crypto: testmgr - generate inauthentic AEAD test vectors 2019-12-11 16:37:01 +08:00
tgr192.c crypto: tgr192 - remove unneeded semicolon 2019-11-15 13:44:17 +08:00
twofish_common.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
twofish_generic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
vmac.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
wp512.c crypto: make all generic algorithms set cra_driver_name 2019-06-13 14:31:39 +08:00
xcbc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
xor.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 47 2019-05-24 17:27:13 +02:00
xts.c crypto: xts - add support for ciphertext stealing 2019-08-15 21:52:14 +10:00
xxhash_generic.c crypto: xxhash - Implement xxhash support 2019-06-06 14:38:57 +08:00
zstd.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-08 20:57:08 -07:00