tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

selftests: vDSO: also test counter in vdso_test_chacha

The chacha vDSO selftest doesn't check the way the counter is handled by
__arch_chacha20_blocks_nostack(). It indirectly checks that the counter
is writen on exit and read back on new entry, but it doesn't check that
the format is correct. When implementing this function on powerpc, I
missed a case where the counter was writen and read in wrong byte order.

Also, the counter uses two words, but the tests with a zero counter and
uses a small amount of blocks, so at the end the upper part of the
counter is always 0, so it is not checked.

Add a verification of counter's content in addition to the verification
of the output.

Also add two tests where the counter crosses the u32 upper limit. The
first test verifies that the function properly writes back the upper
word, the second test verifies that the function properly reads back the
upper word.

Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

authored by

Christophe Leroy and committed by
Jason A. Donenfeld bb10ffe0 ecb8bd70

+27 -9
+27 -9
tools/testing/selftests/vDSO/vdso_test_chacha.c
··· 15 15 return (word << (shift & 31)) | (word >> ((-shift) & 31)); 16 16 } 17 17 18 - static void reference_chacha20_blocks(uint8_t *dst_bytes, const uint32_t *key, size_t nblocks) 18 + static void reference_chacha20_blocks(uint8_t *dst_bytes, const uint32_t *key, uint32_t *counter, size_t nblocks) 19 19 { 20 20 uint32_t s[16] = { 21 21 0x61707865U, 0x3320646eU, 0x79622d32U, 0x6b206574U, 22 - key[0], key[1], key[2], key[3], key[4], key[5], key[6], key[7] 22 + key[0], key[1], key[2], key[3], key[4], key[5], key[6], key[7], 23 + counter[0], counter[1], 0, 0 23 24 }; 24 25 25 26 while (nblocks--) { ··· 51 50 if (!++s[12]) 52 51 ++s[13]; 53 52 } 53 + counter[0] = s[12]; 54 + counter[1] = s[13]; 54 55 } 55 56 56 57 typedef uint8_t u8; ··· 63 60 int main(int argc, char *argv[]) 64 61 { 65 62 enum { TRIALS = 1000, BLOCKS = 128, BLOCK_SIZE = 64 }; 66 - uint32_t counter[2]; 67 - uint32_t key[8]; 63 + uint32_t key[8], counter1[2], counter2[2]; 68 64 uint8_t output1[BLOCK_SIZE * BLOCKS], output2[BLOCK_SIZE * BLOCKS]; 69 65 70 66 ksft_print_header(); ··· 74 72 printf("getrandom() failed!\n"); 75 73 return KSFT_SKIP; 76 74 } 77 - reference_chacha20_blocks(output1, key, BLOCKS); 75 + memset(counter1, 0, sizeof(counter1)); 76 + reference_chacha20_blocks(output1, key, counter1, BLOCKS); 78 77 for (unsigned int split = 0; split < BLOCKS; ++split) { 79 78 memset(output2, 'X', sizeof(output2)); 80 - memset(counter, 0, sizeof(counter)); 79 + memset(counter2, 0, sizeof(counter2)); 81 80 if (split) 82 - __arch_chacha20_blocks_nostack(output2, key, counter, split); 83 - __arch_chacha20_blocks_nostack(output2 + split * BLOCK_SIZE, key, counter, BLOCKS - split); 84 - if (memcmp(output1, output2, sizeof(output1))) 81 + __arch_chacha20_blocks_nostack(output2, key, counter2, split); 82 + __arch_chacha20_blocks_nostack(output2 + split * BLOCK_SIZE, key, counter2, BLOCKS - split); 83 + if (memcmp(output1, output2, sizeof(output1)) || memcmp(counter1, counter2, sizeof(counter1))) 85 84 return KSFT_FAIL; 86 85 } 87 86 } 87 + memset(counter1, 0, sizeof(counter1)); 88 + counter1[0] = (uint32_t)-BLOCKS + 2; 89 + memset(counter2, 0, sizeof(counter2)); 90 + counter2[0] = (uint32_t)-BLOCKS + 2; 91 + 92 + reference_chacha20_blocks(output1, key, counter1, BLOCKS); 93 + __arch_chacha20_blocks_nostack(output2, key, counter2, BLOCKS); 94 + if (memcmp(output1, output2, sizeof(output1)) || memcmp(counter1, counter2, sizeof(counter1))) 95 + return KSFT_FAIL; 96 + 97 + reference_chacha20_blocks(output1, key, counter1, BLOCKS); 98 + __arch_chacha20_blocks_nostack(output2, key, counter2, BLOCKS); 99 + if (memcmp(output1, output2, sizeof(output1)) || memcmp(counter1, counter2, sizeof(counter1))) 100 + return KSFT_FAIL; 101 + 88 102 ksft_test_result_pass("chacha: PASS\n"); 89 103 return KSFT_PASS; 90 104 }