1f08c3bdfSopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 2f08c3bdfSopenharmony_ci/* 3f08c3bdfSopenharmony_ci * Copyright 2019 Google LLC 4f08c3bdfSopenharmony_ci * Copyright (c) Linux Test Project, 2019-2021 5f08c3bdfSopenharmony_ci */ 6f08c3bdfSopenharmony_ci 7f08c3bdfSopenharmony_ci/* 8f08c3bdfSopenharmony_ci * Regression test for commit af3ff8045bbf ("crypto: hmac - require that the 9f08c3bdfSopenharmony_ci * underlying hash algorithm is unkeyed"), or CVE-2017-17806. This test 10f08c3bdfSopenharmony_ci * verifies that the hmac template cannot be nested inside itself. 11f08c3bdfSopenharmony_ci */ 12f08c3bdfSopenharmony_ci 13f08c3bdfSopenharmony_ci#include <errno.h> 14f08c3bdfSopenharmony_ci#include <stdio.h> 15f08c3bdfSopenharmony_ci 16f08c3bdfSopenharmony_ci#include "tst_test.h" 17f08c3bdfSopenharmony_ci#include "tst_af_alg.h" 18f08c3bdfSopenharmony_ci#include "lapi/socket.h" 19f08c3bdfSopenharmony_ci 20f08c3bdfSopenharmony_cistatic void test_with_hash_alg(const char *hash_algname) 21f08c3bdfSopenharmony_ci{ 22f08c3bdfSopenharmony_ci char hmac_algname[64]; 23f08c3bdfSopenharmony_ci char key[4096] = { 0 }; 24f08c3bdfSopenharmony_ci 25f08c3bdfSopenharmony_ci if (!tst_have_alg("hash", hash_algname)) 26f08c3bdfSopenharmony_ci return; 27f08c3bdfSopenharmony_ci 28f08c3bdfSopenharmony_ci sprintf(hmac_algname, "hmac(%s)", hash_algname); 29f08c3bdfSopenharmony_ci if (!tst_have_alg("hash", hmac_algname)) 30f08c3bdfSopenharmony_ci return; 31f08c3bdfSopenharmony_ci 32f08c3bdfSopenharmony_ci sprintf(hmac_algname, "hmac(hmac(%s))", hash_algname); 33f08c3bdfSopenharmony_ci if (tst_try_alg("hash", hmac_algname) != ENOENT) { 34f08c3bdfSopenharmony_ci int algfd; 35f08c3bdfSopenharmony_ci 36f08c3bdfSopenharmony_ci tst_res(TFAIL, "instantiated nested hmac algorithm ('%s')!", 37f08c3bdfSopenharmony_ci hmac_algname); 38f08c3bdfSopenharmony_ci 39f08c3bdfSopenharmony_ci /* 40f08c3bdfSopenharmony_ci * Be extra annoying; with the bug, setting a key on 41f08c3bdfSopenharmony_ci * "hmac(hmac(sha3-256-generic))" crashed the kernel. 42f08c3bdfSopenharmony_ci */ 43f08c3bdfSopenharmony_ci algfd = tst_alg_setup("hash", hmac_algname, NULL, 0); 44f08c3bdfSopenharmony_ci if (setsockopt(algfd, SOL_ALG, ALG_SET_KEY, 45f08c3bdfSopenharmony_ci key, sizeof(key)) == 0) { 46f08c3bdfSopenharmony_ci tst_res(TFAIL, 47f08c3bdfSopenharmony_ci "set key on nested hmac algorithm ('%s')!", 48f08c3bdfSopenharmony_ci hmac_algname); 49f08c3bdfSopenharmony_ci } 50f08c3bdfSopenharmony_ci } else { 51f08c3bdfSopenharmony_ci tst_res(TPASS, 52f08c3bdfSopenharmony_ci "couldn't instantiate nested hmac algorithm ('%s')", 53f08c3bdfSopenharmony_ci hmac_algname); 54f08c3bdfSopenharmony_ci } 55f08c3bdfSopenharmony_ci} 56f08c3bdfSopenharmony_ci 57f08c3bdfSopenharmony_ci/* try several different unkeyed hash algorithms */ 58f08c3bdfSopenharmony_cistatic const char * const hash_algs[] = { 59f08c3bdfSopenharmony_ci "md5", "md5-generic", 60f08c3bdfSopenharmony_ci "sha1", "sha1-generic", 61f08c3bdfSopenharmony_ci "sha224", "sha224-generic", 62f08c3bdfSopenharmony_ci "sha256", "sha256-generic", 63f08c3bdfSopenharmony_ci "sha3-256", "sha3-256-generic", 64f08c3bdfSopenharmony_ci "sha3-512", "sha3-512-generic", 65f08c3bdfSopenharmony_ci "sm3", "sm3-generic", 66f08c3bdfSopenharmony_ci}; 67f08c3bdfSopenharmony_ci 68f08c3bdfSopenharmony_cistatic void do_test(unsigned int i) 69f08c3bdfSopenharmony_ci{ 70f08c3bdfSopenharmony_ci test_with_hash_alg(hash_algs[i]); 71f08c3bdfSopenharmony_ci} 72f08c3bdfSopenharmony_ci 73f08c3bdfSopenharmony_cistatic struct tst_test test = { 74f08c3bdfSopenharmony_ci .test = do_test, 75f08c3bdfSopenharmony_ci .tcnt = ARRAY_SIZE(hash_algs), 76f08c3bdfSopenharmony_ci .tags = (const struct tst_tag[]) { 77f08c3bdfSopenharmony_ci {"linux-git", "af3ff8045bbf"}, 78f08c3bdfSopenharmony_ci {"CVE", "2017-17806"}, 79f08c3bdfSopenharmony_ci {} 80f08c3bdfSopenharmony_ci } 81f08c3bdfSopenharmony_ci}; 82