diff options
author | Eric Biggers <ebiggers@google.com> | 2019-12-01 22:53:30 +0100 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2019-12-11 09:37:01 +0100 |
commit | 49763fc6b1af422e742e58fd04e078ab011edd96 (patch) | |
tree | af3c9af3fa69ea1fc6256f58343602a279fa5432 /crypto/api.c | |
parent | crypto: testmgr - create struct aead_extra_tests_ctx (diff) | |
download | linux-49763fc6b1af422e742e58fd04e078ab011edd96.tar.xz linux-49763fc6b1af422e742e58fd04e078ab011edd96.zip |
crypto: testmgr - generate inauthentic AEAD test vectors
The whole point of using an AEAD over length-preserving encryption is
that the data is authenticated. However currently the fuzz tests don't
test any inauthentic inputs to verify that the data is actually being
authenticated. And only two algorithms ("rfc4543(gcm(aes))" and
"ccm(aes)") even have any inauthentic test vectors at all.
Therefore, update the AEAD fuzz tests to sometimes generate inauthentic
test vectors, either by generating a (ciphertext, AAD) pair without
using the key, or by mutating an authentic pair that was generated.
To avoid flakiness, only assume this works reliably if the auth tag is
at least 8 bytes. Also account for the rfc4106, rfc4309, and rfc7539esp
algorithms intentionally ignoring the last 8 AAD bytes, and for some
algorithms doing extra checks that result in EINVAL rather than EBADMSG.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/api.c')
0 files changed, 0 insertions, 0 deletions