* [LTP] [PATCH v3 1/2] tst_af_alg: Moving tst_res(TCONF) to tst_have_alg()
@ 2021-12-22 19:26 Petr Vorel
2021-12-22 19:26 ` [LTP] [PATCH v3 2/2] tst_af_alg: TCONF on ciphers disabled by FIPS Petr Vorel
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Petr Vorel @ 2021-12-22 19:26 UTC (permalink / raw)
To: ltp; +Cc: Eric Biggers
+ introduce tst_try_alg() for cases where tst_res(TCONF) cannot be used.
It reduces duplicity for tst_have_alg() use.
Suggested-by: Cyril Hrubis <chrubis@suse.cz>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
New in v3.
include/tst_af_alg.h | 16 ++++++++++--
lib/tst_af_alg.c | 41 ++++++++++++++++++++++--------
testcases/kernel/crypto/af_alg01.c | 14 ++++------
testcases/kernel/crypto/af_alg03.c | 3 ++-
testcases/kernel/crypto/af_alg04.c | 6 ++---
5 files changed, 53 insertions(+), 27 deletions(-)
diff --git a/include/tst_af_alg.h b/include/tst_af_alg.h
index fd2ff06478..93ff5715b7 100644
--- a/include/tst_af_alg.h
+++ b/include/tst_af_alg.h
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright 2019 Google LLC
+ * Copyright (c) Linux Test Project, 2021
*/
/**
* @file tst_af_alg.h
@@ -60,8 +61,19 @@ void tst_alg_bind(int algfd, const char *algtype, const char *algname);
* @param algtype The type of algorithm, such as "hash" or "skcipher"
* @param algname The name of the algorithm, such as "sha256" or "xts(aes)"
*
- * Return true if the algorithm is available, or false if unavailable.
- * If another error occurs, tst_brk() is called with TBROK.
+ * Return 0 if the algorithm is available, or errno if unavailable.
+ */
+int tst_try_alg(const char *algtype, const char *algname);
+
+/**
+ * Check for the availability of an algorithm.
+ *
+ * @param algtype The type of algorithm, such as "hash" or "skcipher"
+ * @param algname The name of the algorithm, such as "sha256" or "xts(aes)"
+ *
+ * Return true if the algorithm is available, or false if unavailable
+ * and call tst_res() with TCONF. If another error occurs, tst_brk() is called
+ * with TBROK.
*/
bool tst_have_alg(const char *algtype, const char *algname);
diff --git a/lib/tst_af_alg.c b/lib/tst_af_alg.c
index 05caa63016..d99a9ee2ef 100644
--- a/lib/tst_af_alg.c
+++ b/lib/tst_af_alg.c
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright 2019 Google LLC
+ * Copyright (c) Linux Test Project, 2019-2021
*/
#include <errno.h>
@@ -64,29 +65,47 @@ void tst_alg_bind(int algfd, const char *algtype, const char *algname)
tst_alg_bind_addr(algfd, &addr);
}
-bool tst_have_alg(const char *algtype, const char *algname)
+int tst_try_alg(const char *algtype, const char *algname)
{
long ret;
+ int retval = 0;
int algfd;
struct sockaddr_alg addr;
- bool have_alg = true;
algfd = tst_alg_create();
init_sockaddr_alg(&addr, algtype, algname);
ret = bind(algfd, (const struct sockaddr *)&addr, sizeof(addr));
- if (ret != 0) {
- if (errno != ENOENT) {
- tst_brk(TBROK | TERRNO,
- "unexpected error binding AF_ALG socket to %s algorithm '%s'",
- algtype, algname);
- }
- have_alg = false;
- }
+
+ if (ret != 0)
+ retval = errno;
close(algfd);
- return have_alg;
+ return retval;
+}
+
+bool tst_have_alg(const char *algtype, const char *algname)
+{
+ int ret;
+
+ ret = tst_try_alg(algtype, algname);
+
+ switch (ret) {
+ case 0:
+ return true;
+ case ENOENT:
+ tst_res(TCONF, "kernel doesn't have %s algorithm '%s'",
+ algtype, algname);
+ return false;
+ default:
+ errno = ret;
+ tst_brk(TBROK | TERRNO,
+ "unexpected error binding AF_ALG socket to %s algorithm '%s'",
+ algtype, algname);
+ return false;
+ break;
+ }
}
void tst_require_alg(const char *algtype, const char *algname)
diff --git a/testcases/kernel/crypto/af_alg01.c b/testcases/kernel/crypto/af_alg01.c
index 47292ee328..7cefe59461 100644
--- a/testcases/kernel/crypto/af_alg01.c
+++ b/testcases/kernel/crypto/af_alg01.c
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright 2019 Google LLC
+ * Copyright (c) Linux Test Project, 2019-2021
*/
/*
@@ -21,20 +22,15 @@ static void test_with_hash_alg(const char *hash_algname)
char hmac_algname[64];
char key[4096] = { 0 };
- if (!tst_have_alg("hash", hash_algname)) {
- tst_res(TCONF, "kernel doesn't have hash algorithm '%s'",
- hash_algname);
+ if (!tst_have_alg("hash", hash_algname))
return;
- }
+
sprintf(hmac_algname, "hmac(%s)", hash_algname);
- if (!tst_have_alg("hash", hmac_algname)) {
- tst_res(TCONF, "kernel doesn't have hash algorithm '%s'",
- hmac_algname);
+ if (!tst_have_alg("hash", hmac_algname))
return;
- }
sprintf(hmac_algname, "hmac(hmac(%s))", hash_algname);
- if (tst_have_alg("hash", hmac_algname)) {
+ if (tst_try_alg("hash", hmac_algname) != ENOENT) {
int algfd;
tst_res(TFAIL, "instantiated nested hmac algorithm ('%s')!",
diff --git a/testcases/kernel/crypto/af_alg03.c b/testcases/kernel/crypto/af_alg03.c
index 5f214e48ba..bb8d480e28 100644
--- a/testcases/kernel/crypto/af_alg03.c
+++ b/testcases/kernel/crypto/af_alg03.c
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright 2019 Google LLC
+ * Copyright (c) Linux Test Project, 2019-2021
*/
/*
@@ -17,7 +18,7 @@ static void run(void)
tst_require_alg("aead", "rfc7539(chacha20,poly1305)");
tst_require_alg("hash", "sha256");
- if (tst_have_alg("aead", "rfc7539(chacha20,sha256)")) {
+ if (tst_try_alg("aead", "rfc7539(chacha20,sha256)") != ENOENT) {
tst_res(TFAIL,
"instantiated rfc7539 template with wrong digest size");
} else {
diff --git a/testcases/kernel/crypto/af_alg04.c b/testcases/kernel/crypto/af_alg04.c
index 112afcd527..7b665f89a3 100644
--- a/testcases/kernel/crypto/af_alg04.c
+++ b/testcases/kernel/crypto/af_alg04.c
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright 2019 Google LLC
+ * Copyright (c) Linux Test Project, 2019-2021
*/
/*
@@ -28,11 +29,8 @@ static void test_with_symm_enc_algs(const char *symm_enc_algname)
sprintf(vmac_algname, "vmac64(%s)", symm_enc_algname);
if (!tst_have_alg("hash", vmac_algname)) {
sprintf(vmac_algname, "vmac(%s)", symm_enc_algname);
- if (!tst_have_alg("hash", vmac_algname)) {
- tst_res(TCONF, "kernel doesn't have hash algorithm '%s'",
- vmac_algname);
+ if (!tst_have_alg("hash", vmac_algname))
return;
- }
}
algfd = tst_alg_setup("hash", vmac_algname, NULL, 16);
--
2.34.1
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [LTP] [PATCH v3 2/2] tst_af_alg: TCONF on ciphers disabled by FIPS
2021-12-22 19:26 [LTP] [PATCH v3 1/2] tst_af_alg: Moving tst_res(TCONF) to tst_have_alg() Petr Vorel
@ 2021-12-22 19:26 ` Petr Vorel
2022-01-05 14:44 ` Cyril Hrubis
2022-01-05 15:04 ` Eric Biggers
2022-01-05 14:41 ` [LTP] [PATCH v3 1/2] tst_af_alg: Moving tst_res(TCONF) to tst_have_alg() Cyril Hrubis
2022-01-05 15:03 ` Eric Biggers
2 siblings, 2 replies; 7+ messages in thread
From: Petr Vorel @ 2021-12-22 19:26 UTC (permalink / raw)
To: ltp; +Cc: Eric Biggers
Similar fix to 4fa302ef9d. It fixes:
./af_alg01
tst_af_alg.c:84: TBROK: unexpected error binding AF_ALG socket to hash algorithm 'md5': ELIBBAD (80)
become
tst_fips.c:22: TINFO: FIPS: on
tst_af_alg.c:111: TCONF: FIPS enabled => hash algorithm 'md5' disabled
tst_fips.c:22: TINFO: FIPS: on
tst_af_alg.c:111: TCONF: FIPS enabled => hash algorithm 'md5-generic' disabled
./af_alg02
tst_af_alg.c:37: TBROK: unexpected error binding AF_ALG socket to skcipher algorithm 'salsa20': ELIBBAD (80)
become
tst_fips.c:22: TINFO: FIPS: on
tst_af_alg.c:36: TCONF: FIPS enabled => skcipher algorithm 'salsa20' disabled
./af_alg04
tst_af_alg.c:81: TBROK: unexpected error binding AF_ALG socket to hash algorithm 'vmac64(aes)': ELIBBAD (80)
become
tst_fips.c:22: TINFO: FIPS: on
tst_af_alg.c:111: TCONF: FIPS enabled => hash algorithm 'vmac64(aes)' disabled
Tested on Debian stable bullseye and SLES 15-SP4.
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
NOTE: I asked Herbert Xu for confirmation that my code understanding is
correct and ELIBBAD is expected for ciphers disabled by FIPS.
include/tst_af_alg.h | 2 +-
lib/tst_af_alg.c | 16 ++++++++++++++++
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/include/tst_af_alg.h b/include/tst_af_alg.h
index 93ff5715b7..86df18eb81 100644
--- a/include/tst_af_alg.h
+++ b/include/tst_af_alg.h
@@ -73,7 +73,7 @@ int tst_try_alg(const char *algtype, const char *algname);
*
* Return true if the algorithm is available, or false if unavailable
* and call tst_res() with TCONF. If another error occurs, tst_brk() is called
- * with TBROK.
+ * with TBROK unless algorithm is disabled due FIPS mode (errno ELIBBAD).
*/
bool tst_have_alg(const char *algtype, const char *algname);
diff --git a/lib/tst_af_alg.c b/lib/tst_af_alg.c
index d99a9ee2ef..52c0b0abb4 100644
--- a/lib/tst_af_alg.c
+++ b/lib/tst_af_alg.c
@@ -31,10 +31,18 @@ void tst_alg_bind_addr(int algfd, const struct sockaddr_alg *addr)
if (ret == 0)
return;
+
+ if (errno == ELIBBAD && tst_fips_enabled()) {
+ tst_brk(TCONF,
+ "FIPS enabled => %s algorithm '%s' disabled",
+ addr->salg_type, addr->salg_name);
+ }
+
if (errno == ENOENT) {
tst_brk(TCONF, "kernel doesn't support %s algorithm '%s'",
addr->salg_type, addr->salg_name);
}
+
tst_brk(TBROK | TERRNO,
"unexpected error binding AF_ALG socket to %s algorithm '%s'",
addr->salg_type, addr->salg_name);
@@ -98,6 +106,14 @@ bool tst_have_alg(const char *algtype, const char *algname)
tst_res(TCONF, "kernel doesn't have %s algorithm '%s'",
algtype, algname);
return false;
+ case ELIBBAD:
+ if (tst_fips_enabled()) {
+ tst_res(TCONF,
+ "FIPS enabled => %s algorithm '%s' disabled",
+ algtype, algname);
+ return false;
+ }
+ /* fallthrough */
default:
errno = ret;
tst_brk(TBROK | TERRNO,
--
2.34.1
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [LTP] [PATCH v3 1/2] tst_af_alg: Moving tst_res(TCONF) to tst_have_alg()
2021-12-22 19:26 [LTP] [PATCH v3 1/2] tst_af_alg: Moving tst_res(TCONF) to tst_have_alg() Petr Vorel
2021-12-22 19:26 ` [LTP] [PATCH v3 2/2] tst_af_alg: TCONF on ciphers disabled by FIPS Petr Vorel
@ 2022-01-05 14:41 ` Cyril Hrubis
2022-01-05 15:03 ` Eric Biggers
2 siblings, 0 replies; 7+ messages in thread
From: Cyril Hrubis @ 2022-01-05 14:41 UTC (permalink / raw)
To: Petr Vorel; +Cc: ltp
Hi!
> +bool tst_have_alg(const char *algtype, const char *algname)
> +{
> + int ret;
> +
> + ret = tst_try_alg(algtype, algname);
> +
> + switch (ret) {
> + case 0:
> + return true;
> + case ENOENT:
> + tst_res(TCONF, "kernel doesn't have %s algorithm '%s'",
> + algtype, algname);
> + return false;
> + default:
> + errno = ret;
> + tst_brk(TBROK | TERRNO,
> + "unexpected error binding AF_ALG socket to %s algorithm '%s'",
> + algtype, algname);
> + return false;
> + break;
This break is useless, otherwise:
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
--
Cyril Hrubis
chrubis@suse.cz
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [LTP] [PATCH v3 2/2] tst_af_alg: TCONF on ciphers disabled by FIPS
2021-12-22 19:26 ` [LTP] [PATCH v3 2/2] tst_af_alg: TCONF on ciphers disabled by FIPS Petr Vorel
@ 2022-01-05 14:44 ` Cyril Hrubis
2022-01-05 15:04 ` Eric Biggers
1 sibling, 0 replies; 7+ messages in thread
From: Cyril Hrubis @ 2022-01-05 14:44 UTC (permalink / raw)
To: Petr Vorel; +Cc: ltp
Hi!
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
--
Cyril Hrubis
chrubis@suse.cz
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [LTP] [PATCH v3 1/2] tst_af_alg: Moving tst_res(TCONF) to tst_have_alg()
2021-12-22 19:26 [LTP] [PATCH v3 1/2] tst_af_alg: Moving tst_res(TCONF) to tst_have_alg() Petr Vorel
2021-12-22 19:26 ` [LTP] [PATCH v3 2/2] tst_af_alg: TCONF on ciphers disabled by FIPS Petr Vorel
2022-01-05 14:41 ` [LTP] [PATCH v3 1/2] tst_af_alg: Moving tst_res(TCONF) to tst_have_alg() Cyril Hrubis
@ 2022-01-05 15:03 ` Eric Biggers
2 siblings, 0 replies; 7+ messages in thread
From: Eric Biggers @ 2022-01-05 15:03 UTC (permalink / raw)
To: Petr Vorel; +Cc: ltp
On Wed, Dec 22, 2021 at 08:26:03PM +0100, Petr Vorel wrote:
> + introduce tst_try_alg() for cases where tst_res(TCONF) cannot be used.
>
> It reduces duplicity for tst_have_alg() use.
>
> Suggested-by: Cyril Hrubis <chrubis@suse.cz>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Eric Biggers <ebiggers@google.com>
- Eric
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [LTP] [PATCH v3 2/2] tst_af_alg: TCONF on ciphers disabled by FIPS
2021-12-22 19:26 ` [LTP] [PATCH v3 2/2] tst_af_alg: TCONF on ciphers disabled by FIPS Petr Vorel
2022-01-05 14:44 ` Cyril Hrubis
@ 2022-01-05 15:04 ` Eric Biggers
2022-01-05 16:52 ` Petr Vorel
1 sibling, 1 reply; 7+ messages in thread
From: Eric Biggers @ 2022-01-05 15:04 UTC (permalink / raw)
To: Petr Vorel; +Cc: ltp
On Wed, Dec 22, 2021 at 08:26:04PM +0100, Petr Vorel wrote:
> Similar fix to 4fa302ef9d. It fixes:
>
> ./af_alg01
> tst_af_alg.c:84: TBROK: unexpected error binding AF_ALG socket to hash algorithm 'md5': ELIBBAD (80)
> become
> tst_fips.c:22: TINFO: FIPS: on
> tst_af_alg.c:111: TCONF: FIPS enabled => hash algorithm 'md5' disabled
> tst_fips.c:22: TINFO: FIPS: on
> tst_af_alg.c:111: TCONF: FIPS enabled => hash algorithm 'md5-generic' disabled
>
> ./af_alg02
> tst_af_alg.c:37: TBROK: unexpected error binding AF_ALG socket to skcipher algorithm 'salsa20': ELIBBAD (80)
> become
> tst_fips.c:22: TINFO: FIPS: on
> tst_af_alg.c:36: TCONF: FIPS enabled => skcipher algorithm 'salsa20' disabled
>
> ./af_alg04
> tst_af_alg.c:81: TBROK: unexpected error binding AF_ALG socket to hash algorithm 'vmac64(aes)': ELIBBAD (80)
> become
> tst_fips.c:22: TINFO: FIPS: on
> tst_af_alg.c:111: TCONF: FIPS enabled => hash algorithm 'vmac64(aes)' disabled
>
> Tested on Debian stable bullseye and SLES 15-SP4.
>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
> NOTE: I asked Herbert Xu for confirmation that my code understanding is
> correct and ELIBBAD is expected for ciphers disabled by FIPS.
Can you link to the mailing list thread where it was established that ELIBBAD is
the "expected" behavior? Otherwise I guess this is fine.
Reviewed-by: Eric Biggers <ebiggers@google.com>
- Eric
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [LTP] [PATCH v3 2/2] tst_af_alg: TCONF on ciphers disabled by FIPS
2022-01-05 15:04 ` Eric Biggers
@ 2022-01-05 16:52 ` Petr Vorel
0 siblings, 0 replies; 7+ messages in thread
From: Petr Vorel @ 2022-01-05 16:52 UTC (permalink / raw)
To: Eric Biggers; +Cc: ltp
Hi Eric, Cyril,
> > NOTE: I asked Herbert Xu for confirmation that my code understanding is
> > correct and ELIBBAD is expected for ciphers disabled by FIPS.
> Can you link to the mailing list thread where it was established that ELIBBAD is
> the "expected" behavior? Otherwise I guess this is fine.
Link added, fixed useless break and merged.
Thank you both!
Kind regards,
Petr
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-01-05 16:52 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-22 19:26 [LTP] [PATCH v3 1/2] tst_af_alg: Moving tst_res(TCONF) to tst_have_alg() Petr Vorel
2021-12-22 19:26 ` [LTP] [PATCH v3 2/2] tst_af_alg: TCONF on ciphers disabled by FIPS Petr Vorel
2022-01-05 14:44 ` Cyril Hrubis
2022-01-05 15:04 ` Eric Biggers
2022-01-05 16:52 ` Petr Vorel
2022-01-05 14:41 ` [LTP] [PATCH v3 1/2] tst_af_alg: Moving tst_res(TCONF) to tst_have_alg() Cyril Hrubis
2022-01-05 15:03 ` Eric Biggers
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.