xref: /aosp_15_r20/external/ltp/testcases/kernel/crypto/pcrypt_aead01.c (revision 49cdfc7efb34551c7342be41a7384b9c40d7cab7) 
1*49cdfc7eSAndroid Build Coastguard Worker // SPDX-License-Identifier: GPL-2.0-or-later
2*49cdfc7eSAndroid Build Coastguard Worker /*
3*49cdfc7eSAndroid Build Coastguard Worker  * Copyright (c) 2018 SUSE
4*49cdfc7eSAndroid Build Coastguard Worker  * Author: Nicolai Stange <[email protected]>
5*49cdfc7eSAndroid Build Coastguard Worker  * LTP conversion: Richard Palethorpe <[email protected]>
6*49cdfc7eSAndroid Build Coastguard Worker  *
7*49cdfc7eSAndroid Build Coastguard Worker  * Originally found by syzkaller:
8*49cdfc7eSAndroid Build Coastguard Worker  * https://groups.google.com/forum/#!topic/syzkaller-bugs/NKn_ivoPOpk
9*49cdfc7eSAndroid Build Coastguard Worker  *
10*49cdfc7eSAndroid Build Coastguard Worker  * Test for CVE-2017-18075 - pcrypt mishandles freeing instances.
11*49cdfc7eSAndroid Build Coastguard Worker  *
12*49cdfc7eSAndroid Build Coastguard Worker  * The test works by adding and then removing pcrypt-AEAD instances.
13*49cdfc7eSAndroid Build Coastguard Worker  * See commit d76c68109f37 crypto: pcrypt - fix freeing pcrypt instances.
14*49cdfc7eSAndroid Build Coastguard Worker  *
15*49cdfc7eSAndroid Build Coastguard Worker  * If the bug is present then this will probably crash the kernel, but also
16*49cdfc7eSAndroid Build Coastguard Worker  * sometimes the test simply times out.
17*49cdfc7eSAndroid Build Coastguard Worker  */
18*49cdfc7eSAndroid Build Coastguard Worker 
19*49cdfc7eSAndroid Build Coastguard Worker #include <errno.h>
20*49cdfc7eSAndroid Build Coastguard Worker #include <time.h>
21*49cdfc7eSAndroid Build Coastguard Worker 
22*49cdfc7eSAndroid Build Coastguard Worker #include "tst_test.h"
23*49cdfc7eSAndroid Build Coastguard Worker #include "tst_safe_net.h"
24*49cdfc7eSAndroid Build Coastguard Worker #include "tst_taint.h"
25*49cdfc7eSAndroid Build Coastguard Worker #include "tst_crypto.h"
26*49cdfc7eSAndroid Build Coastguard Worker 
27*49cdfc7eSAndroid Build Coastguard Worker #define ATTEMPTS 10000
28*49cdfc7eSAndroid Build Coastguard Worker 
29*49cdfc7eSAndroid Build Coastguard Worker static struct tst_netlink_context *ctx;
30*49cdfc7eSAndroid Build Coastguard Worker 
setup(void)31*49cdfc7eSAndroid Build Coastguard Worker void setup(void)
32*49cdfc7eSAndroid Build Coastguard Worker {
33*49cdfc7eSAndroid Build Coastguard Worker 	ctx = NETLINK_CREATE_CONTEXT(NETLINK_CRYPTO);
34*49cdfc7eSAndroid Build Coastguard Worker }
35*49cdfc7eSAndroid Build Coastguard Worker 
run(void)36*49cdfc7eSAndroid Build Coastguard Worker void run(void)
37*49cdfc7eSAndroid Build Coastguard Worker {
38*49cdfc7eSAndroid Build Coastguard Worker 	int i;
39*49cdfc7eSAndroid Build Coastguard Worker 	struct crypto_user_alg a = {
40*49cdfc7eSAndroid Build Coastguard Worker 		.cru_driver_name = "pcrypt(authenc(hmac(sha256-generic),cbc(aes-generic)))",
41*49cdfc7eSAndroid Build Coastguard Worker 		.cru_type = CRYPTO_ALG_TYPE_AEAD,
42*49cdfc7eSAndroid Build Coastguard Worker 		.cru_mask = CRYPTO_ALG_TYPE_MASK,
43*49cdfc7eSAndroid Build Coastguard Worker 	};
44*49cdfc7eSAndroid Build Coastguard Worker 
45*49cdfc7eSAndroid Build Coastguard Worker 	for (i = 0; i < ATTEMPTS; ++i) {
46*49cdfc7eSAndroid Build Coastguard Worker 		TEST(tst_crypto_add_alg(ctx, &a));
47*49cdfc7eSAndroid Build Coastguard Worker 		if (TST_RET && TST_RET == -ENOENT) {
48*49cdfc7eSAndroid Build Coastguard Worker 			tst_brk(TCONF | TRERRNO,
49*49cdfc7eSAndroid Build Coastguard Worker 				"pcrypt, hmac, sha256, cbc or aes not supported");
50*49cdfc7eSAndroid Build Coastguard Worker 		}
51*49cdfc7eSAndroid Build Coastguard Worker 		if (TST_RET && TST_RET != -EEXIST)
52*49cdfc7eSAndroid Build Coastguard Worker 			tst_brk(TBROK | TRERRNO, "add_alg");
53*49cdfc7eSAndroid Build Coastguard Worker 
54*49cdfc7eSAndroid Build Coastguard Worker 		TEST(tst_crypto_del_alg(ctx, &a, 1000));
55*49cdfc7eSAndroid Build Coastguard Worker 		if (TST_RET)
56*49cdfc7eSAndroid Build Coastguard Worker 			tst_brk(TBROK | TRERRNO, "del_alg");
57*49cdfc7eSAndroid Build Coastguard Worker 
58*49cdfc7eSAndroid Build Coastguard Worker 		if (!tst_remaining_runtime()) {
59*49cdfc7eSAndroid Build Coastguard Worker 			tst_res(TINFO, "Time limit reached, stopping at "
60*49cdfc7eSAndroid Build Coastguard Worker 				"%d iterations", i);
61*49cdfc7eSAndroid Build Coastguard Worker 			break;
62*49cdfc7eSAndroid Build Coastguard Worker 		}
63*49cdfc7eSAndroid Build Coastguard Worker 	}
64*49cdfc7eSAndroid Build Coastguard Worker 
65*49cdfc7eSAndroid Build Coastguard Worker 	tst_res(TPASS, "Nothing bad appears to have happened");
66*49cdfc7eSAndroid Build Coastguard Worker }
67*49cdfc7eSAndroid Build Coastguard Worker 
cleanup(void)68*49cdfc7eSAndroid Build Coastguard Worker void cleanup(void)
69*49cdfc7eSAndroid Build Coastguard Worker {
70*49cdfc7eSAndroid Build Coastguard Worker 	NETLINK_DESTROY_CONTEXT(ctx);
71*49cdfc7eSAndroid Build Coastguard Worker }
72*49cdfc7eSAndroid Build Coastguard Worker 
73*49cdfc7eSAndroid Build Coastguard Worker static struct tst_test test = {
74*49cdfc7eSAndroid Build Coastguard Worker 	.setup = setup,
75*49cdfc7eSAndroid Build Coastguard Worker 	.test_all = run,
76*49cdfc7eSAndroid Build Coastguard Worker 	.cleanup = cleanup,
77*49cdfc7eSAndroid Build Coastguard Worker 	.needs_root = 1,
78*49cdfc7eSAndroid Build Coastguard Worker 	.max_runtime = 300,
79*49cdfc7eSAndroid Build Coastguard Worker 	.tags = (const struct tst_tag[]) {
80*49cdfc7eSAndroid Build Coastguard Worker 		{"linux-git", "d76c68109f37"},
81*49cdfc7eSAndroid Build Coastguard Worker 		{"CVE", "2017-18075"},
82*49cdfc7eSAndroid Build Coastguard Worker 		{}
83*49cdfc7eSAndroid Build Coastguard Worker 	}
84*49cdfc7eSAndroid Build Coastguard Worker };
85