xref: /third_party/ltp/testcases/kernel/crypto/crypto_user01.c

// SPDX-License-Identifier: GPL-2.0-or-later
/*
 * Copyright 2018 Google LLC
 */

/*
 * Regression test for commit f43f39958beb ("crypto: user - fix leaking
 * uninitialized memory to userspace"), or CVE-2018-19854; it was also a
 * re-introduction of CVE-2013-2547.  This bug caused uninitialized kernel stack
 * memory to be leaked in some string fields in the replies to CRYPTO_MSG_GETALG
 * messages over NETLINK_CRYPTO.  To try to detect the bug, this test dumps all
 * algorithms using NLM_F_DUMP mode and checks all string fields for unexpected
 * nonzero bytes.
 */

#include <stdlib.h>

#include "tst_test.h"
#include "tst_crypto.h"
#include "tst_netlink.h"

/*
 * include after <sys/socket.h> (via tst_test.h), to work around dependency bug
 * in old kernel headers (https://www.spinics.net/lists/netdev/msg171764.html)
 */
#include <linux/rtnetlink.h>

static struct tst_crypto_session ses = TST_CRYPTO_SESSION_INIT;

static void setup(void)
{
	tst_crypto_open(&ses);
}

static void do_check_for_leaks(const char *name, const char *value, size_t vlen)
{
	size_t i;

	for (i = strnlen(value, vlen); i < vlen; i++) {
		if (value[i] != '\0')
			tst_brk(TFAIL, "information leak in field '%s'", name);
	}
}

#define check_for_leaks(name, field)  \
	do_check_for_leaks(name, field, sizeof(field))

static void validate_attr(const struct rtattr *rta)
{
	switch (rta->rta_type) {
	case CRYPTOCFGA_REPORT_LARVAL: {
		const struct crypto_report_larval *p = RTA_DATA(rta);

		check_for_leaks("crypto_report_larval::type", p->type);
		break;
	}
	case CRYPTOCFGA_REPORT_HASH: {
		const struct crypto_report_hash *p = RTA_DATA(rta);

		check_for_leaks("crypto_report_hash::type", p->type);
		break;
	}
	case CRYPTOCFGA_REPORT_BLKCIPHER: {
		const struct crypto_report_blkcipher *p = RTA_DATA(rta);

		check_for_leaks("crypto_report_blkcipher::type", p->type);
		check_for_leaks("crypto_report_blkcipher::geniv", p->geniv);
		break;
	}
	case CRYPTOCFGA_REPORT_AEAD: {
		const struct crypto_report_aead *p = RTA_DATA(rta);

		check_for_leaks("crypto_report_aead::type", p->type);
		check_for_leaks("crypto_report_aead::geniv", p->geniv);
		break;
	}
	case CRYPTOCFGA_REPORT_COMPRESS: {
		const struct crypto_report_comp *p = RTA_DATA(rta);

		check_for_leaks("crypto_report_comp::type", p->type);
		break;
	}
	case CRYPTOCFGA_REPORT_RNG: {
		const struct crypto_report_rng *p = RTA_DATA(rta);

		check_for_leaks("crypto_report_rng::type", p->type);
		break;
	}
	case CRYPTOCFGA_REPORT_CIPHER: {
		const struct crypto_report_cipher *p = RTA_DATA(rta);

		check_for_leaks("crypto_report_cipher::type", p->type);
		break;
	}
	case CRYPTOCFGA_REPORT_AKCIPHER: {
		const struct crypto_report_akcipher *p = RTA_DATA(rta);

		check_for_leaks("crypto_report_akcipher::type", p->type);
		break;
	}
	case CRYPTOCFGA_REPORT_KPP: {
		const struct crypto_report_kpp *p = RTA_DATA(rta);

		check_for_leaks("crypto_report_kpp::type", p->type);
		break;
	}
	case CRYPTOCFGA_REPORT_ACOMP: {
		const struct crypto_report_acomp *p = RTA_DATA(rta);

		check_for_leaks("crypto_report_acomp::type", p->type);
		break;
	}
	} /* end switch */
}

static void validate_one_alg(const struct nlmsghdr *nh)
{
	const struct crypto_user_alg *alg = NLMSG_DATA(nh);
	const struct rtattr *rta = (void *)alg + NLMSG_ALIGN(sizeof(*alg));
	size_t remaining = NLMSG_PAYLOAD(nh, sizeof(*alg));

	check_for_leaks("crypto_user_alg::cru_name", alg->cru_name);
	check_for_leaks("crypto_user_alg::cru_driver_name",
			alg->cru_driver_name);
	check_for_leaks("crypto_user_alg::cru_module_name",
			alg->cru_module_name);

	while (RTA_OK(rta, remaining)) {
		validate_attr(rta);
		rta = RTA_NEXT(rta, remaining);
	}
}

static void validate_alg_list(const void *buf, size_t remaining)
{
	const struct nlmsghdr *nh;

	for (nh = buf; NLMSG_OK(nh, remaining);
	     nh = NLMSG_NEXT(nh, remaining)) {
		if (nh->nlmsg_seq != ses.seq_num) {
			tst_brk(TBROK,
				"Message out of sequence; type=0%hx, seq_num=%u (not %u)",
				nh->nlmsg_type, nh->nlmsg_seq, ses.seq_num);
		}
		if (nh->nlmsg_type == NLMSG_DONE)
			return;
		if (nh->nlmsg_type != CRYPTO_MSG_GETALG) {
			tst_brk(TBROK,
				"Unexpected message type; type=0x%hx, seq_num=%u",
				nh->nlmsg_type, nh->nlmsg_seq);
		}
		validate_one_alg(nh);
	}
}

static void run(void)
{
	struct crypto_user_alg payload = { 0 };
	struct nlmsghdr nh = {
		.nlmsg_len = sizeof(payload),
		.nlmsg_type = CRYPTO_MSG_GETALG,
		.nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP,
		.nlmsg_seq = ++(ses.seq_num),
		.nlmsg_pid = 0,
	};
	/*
	 * Due to an apparent kernel bug, this API cannot be used incrementally,
	 * so we just use a large recvmsg() buffer.  This is good enough since
	 * we don't necessarily have to check every algorithm for this test to
	 * be effective...
	 */
	const size_t bufsize = 1048576;
	void *buf = SAFE_MALLOC(bufsize);
	size_t res;

	SAFE_NETLINK_SEND(ses.fd, &nh, &payload);

	res = SAFE_NETLINK_RECV(ses.fd, buf, bufsize);

	validate_alg_list(buf, res);

	free(buf);
	tst_res(TPASS, "No information leaks found");
}

static void cleanup(void)
{
	tst_crypto_close(&ses);
}

static struct tst_test test = {
	.setup = setup,
	.test_all = run,
	.cleanup = cleanup,
	.tags = (const struct tst_tag[]) {
		{"linux-git", "f43f39958beb"},
		{"CVE", "2013-2547"},
		{"CVE", "2018-19854"},
		{}
	}
};