From: Stephan Mueller <smueller@chronox.de> To: Dmitry Vyukov <dvyukov@google.com> Cc: Eric Biggers <ebiggers@google.com>, Alexander Potapenko <glider@google.com>, linux-crypto@vger.kernel.org, Kostya Serebryany <kcc@google.com>, keyrings@vger.kernel.org, Andrey Konovalov <andreyknvl@google.com> Subject: Re: x509 parsing bug + fuzzing crypto in the userspace Date: Wed, 22 Nov 2017 18:15:55 +0100 [thread overview] Message-ID: <3689525.KZ9gHdGHIR@tauon.chronox.de> (raw) In-Reply-To: <CACT4Y+YSZngVgt24DyQD1hrMyBF9uue=aGzKcWNA6CFDuCO=ug@mail.gmail.com> Am Mittwoch, 22. November 2017, 18:03:14 CET schrieb Dmitry Vyukov: Hi Dmitry, > On Wed, Nov 22, 2017 at 5:54 PM, Stephan Mueller <smueller@chronox.de> wrote: > > Am Dienstag, 21. November 2017, 21:46:28 CET schrieb Eric Biggers: > > > > Hi Eric, > > > >> (There is probably more to improve for AF_ALG besides the algorithm > >> names; > >> this is just what I happened to notice for now.) > > > > Just grepping may not cover all possibilities. Attached is a script that I > > use to invoke an array different tests for different cipher > > implementations. For now, it only covers C, ASM and CPU-based cipher > > implementations. > > Hi Stephan, > > I see it has lots of names hardcoded. Is it possible to extract > up-to-date list from kernel? Maybe at runtime from running kernel? Nope, this is currently not possible because the names where templates are used are "created" on the fly. I.e. the kernel parses the name up to a paranthesis and tries to allocate that name. Thus, the content of /proc/crypto is NOT complete per definition as it only contains registered ciphers and allocated templates/cipher combos. > > What's the max number of arguments for a template? I see there is at least > 2: rfc4106(gcm_base(ctr(aes-aesni),ghash-clmulni)) > can there be more? This is always defined by an implementation. For gcm_base, you see that as follows: crypto/gcm.c: see all invocations of crypto_gcm_create_common where the last but one argument is the CTR implementation and the last argument is the GHASH implementation. > > Do you know answer to this question by any chance? > what's the relation between alg names and type ("aead", "hash", "rng", > "skcipher")? I remember I already looked at it before and could not > figure it out. Are all algorithms and templates partitioned between > types? Or they are orthogonal? See other email. > > Thanks > -- > To unsubscribe from this list: send the line "unsubscribe keyrings" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html Ciao Stephan
WARNING: multiple messages have this Message-ID (diff)
From: Stephan Mueller <smueller@chronox.de> To: Dmitry Vyukov <dvyukov@google.com> Cc: Eric Biggers <ebiggers@google.com>, Alexander Potapenko <glider@google.com>, linux-crypto@vger.kernel.org, Kostya Serebryany <kcc@google.com>, keyrings@vger.kernel.org, Andrey Konovalov <andreyknvl@google.com> Subject: Re: x509 parsing bug + fuzzing crypto in the userspace Date: Wed, 22 Nov 2017 17:15:55 +0000 [thread overview] Message-ID: <3689525.KZ9gHdGHIR@tauon.chronox.de> (raw) In-Reply-To: <CACT4Y+YSZngVgt24DyQD1hrMyBF9uue=aGzKcWNA6CFDuCO=ug@mail.gmail.com> Am Mittwoch, 22. November 2017, 18:03:14 CET schrieb Dmitry Vyukov: Hi Dmitry, > On Wed, Nov 22, 2017 at 5:54 PM, Stephan Mueller <smueller@chronox.de> wrote: > > Am Dienstag, 21. November 2017, 21:46:28 CET schrieb Eric Biggers: > > > > Hi Eric, > > > >> (There is probably more to improve for AF_ALG besides the algorithm > >> names; > >> this is just what I happened to notice for now.) > > > > Just grepping may not cover all possibilities. Attached is a script that I > > use to invoke an array different tests for different cipher > > implementations. For now, it only covers C, ASM and CPU-based cipher > > implementations. > > Hi Stephan, > > I see it has lots of names hardcoded. Is it possible to extract > up-to-date list from kernel? Maybe at runtime from running kernel? Nope, this is currently not possible because the names where templates are used are "created" on the fly. I.e. the kernel parses the name up to a paranthesis and tries to allocate that name. Thus, the content of /proc/crypto is NOT complete per definition as it only contains registered ciphers and allocated templates/cipher combos. > > What's the max number of arguments for a template? I see there is at least > 2: rfc4106(gcm_base(ctr(aes-aesni),ghash-clmulni)) > can there be more? This is always defined by an implementation. For gcm_base, you see that as follows: crypto/gcm.c: see all invocations of crypto_gcm_create_common where the last but one argument is the CTR implementation and the last argument is the GHASH implementation. > > Do you know answer to this question by any chance? > what's the relation between alg names and type ("aead", "hash", "rng", > "skcipher")? I remember I already looked at it before and could not > figure it out. Are all algorithms and templates partitioned between > types? Or they are orthogonal? See other email. > > Thanks > -- > To unsubscribe from this list: send the line "unsubscribe keyrings" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html Ciao Stephan
next prev parent reply other threads:[~2017-11-22 17:15 UTC|newest] Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-11-20 14:10 x509 parsing bug + fuzzing crypto in the userspace Alexander Potapenko 2017-11-20 21:42 ` Eric Biggers 2017-11-20 21:42 ` Eric Biggers 2017-11-21 8:00 ` Dmitry Vyukov 2017-11-21 8:00 ` Dmitry Vyukov 2017-11-21 20:46 ` Eric Biggers 2017-11-21 20:46 ` Eric Biggers 2017-11-22 10:44 ` Dmitry Vyukov 2017-11-22 10:44 ` Dmitry Vyukov 2017-11-22 17:08 ` Stephan Mueller 2017-11-22 17:08 ` Stephan Mueller 2017-11-23 9:32 ` Dmitry Vyukov 2017-11-23 9:32 ` Dmitry Vyukov 2017-11-23 9:35 ` Dmitry Vyukov 2017-11-23 9:35 ` Dmitry Vyukov 2017-11-23 9:37 ` Dmitry Vyukov 2017-11-23 9:37 ` Dmitry Vyukov 2017-11-23 11:10 ` Stephan Mueller 2017-11-23 11:10 ` Stephan Mueller 2017-11-23 11:27 ` Dmitry Vyukov 2017-11-23 11:27 ` Dmitry Vyukov 2017-11-23 11:34 ` Dmitry Vyukov 2017-11-23 11:34 ` Dmitry Vyukov 2017-11-23 12:35 ` Stephan Mueller 2017-11-23 12:35 ` Stephan Mueller 2017-11-24 13:49 ` Dmitry Vyukov 2017-11-24 13:49 ` Dmitry Vyukov 2017-11-24 14:36 ` Stephan Mueller 2017-11-24 14:36 ` Stephan Mueller 2017-11-24 14:55 ` Dmitry Vyukov 2017-11-24 14:55 ` Dmitry Vyukov 2017-11-24 15:13 ` Stephan Mueller 2017-11-24 15:13 ` Stephan Mueller 2017-11-24 15:53 ` Dmitry Vyukov 2017-11-24 15:53 ` Dmitry Vyukov 2017-11-24 16:07 ` Stephan Mueller 2017-11-24 16:07 ` Stephan Mueller 2017-11-24 15:03 ` Stephan Mueller 2017-11-24 15:03 ` Stephan Mueller 2017-11-24 16:10 ` Dmitry Vyukov 2017-11-24 16:10 ` Dmitry Vyukov 2017-11-24 16:19 ` Stephan Mueller 2017-11-24 16:19 ` Stephan Mueller 2017-11-24 16:25 ` Dmitry Vyukov 2017-11-24 16:25 ` Dmitry Vyukov 2017-11-24 16:31 ` Stephan Mueller 2017-11-24 16:31 ` Stephan Mueller 2017-11-28 9:59 ` Dmitry Vyukov 2017-11-28 9:59 ` Dmitry Vyukov 2017-11-24 16:18 ` Dmitry Vyukov 2017-11-24 16:18 ` Dmitry Vyukov 2017-11-24 16:23 ` Stephan Mueller 2017-11-24 16:23 ` Stephan Mueller 2017-11-23 12:32 ` Stephan Mueller 2017-11-23 12:32 ` Stephan Mueller 2017-11-22 16:54 ` Stephan Mueller 2017-11-22 16:54 ` Stephan Mueller 2017-11-22 17:03 ` Dmitry Vyukov 2017-11-22 17:03 ` Dmitry Vyukov 2017-11-22 17:15 ` Stephan Mueller [this message] 2017-11-22 17:15 ` Stephan Mueller
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=3689525.KZ9gHdGHIR@tauon.chronox.de \ --to=smueller@chronox.de \ --cc=andreyknvl@google.com \ --cc=dvyukov@google.com \ --cc=ebiggers@google.com \ --cc=glider@google.com \ --cc=kcc@google.com \ --cc=keyrings@vger.kernel.org \ --cc=linux-crypto@vger.kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.