Hi,

I was attempting to get some fuzzing going for the RFC3686 AEAD ciphers I'm 
adding to the 
inside-secure driver, and I noticed some more things besides what I mentioned 
below:

1) If there is no test suite, but the entry does point to something other then 
alg_test_null,
then fuzzing is still not performed if there is no test suite, as all of the 
alg_test_xxx routines
first check for suite->count being > 0 and exit due to count being 0 in this 
case.
I would think that if there are no reference vectors, then fuzzing against the 
generic 
implementation (if enabled) is the very least you can do?

2) The AEAD fuzzing routine attempts to determine the maximum key size by 
actually
scanning the test suite. So if there is no test suite, this will remain at zero 
and the AEAD
fuzzing routine will still exit without performing any tests because of this.
Isn't there a better way to determine the maximum key size for AEAD ciphers?

3) The AEAD fuzzing vector generation generates fully random keydata that is <= 
maxlen.
However, for AEAD ciphers, the key blob is actually some RTA struct containing 
length
fields and types. Which means that most of the time, it will simply be 
generating illegal
key blobs and you are merely testing whether both implementations correctly 
flag the
key as illegal. (for which they likely use the same crypto_authenc_extractkeys
subroutine, so that check probably/likely always passes - and therefore is not 
very useful)

Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com

> -----Original Message-----
> From: linux-crypto-ow...@vger.kernel.org <linux-crypto-ow...@vger.kernel.org> 
> On Behalf Of Pascal Van Leeuwen
> Sent: Wednesday, July 3, 2019 11:51 PM
> To: linux-crypto@vger.kernel.org
> Subject: testmgr question
> 
> Hi,
> 
> I'm currently busy adding support for some AES-CTR based authenticated 
> encryption suites to the
> inside-secure driver, and I got the distinct impression they were silently 
> not getting tested at all.
> 
> Looking at testmgr.c, I noticed that they point to alg_test_null, confirming 
> my suspicion.
> I was wondering whether this was intentional and, if so, why that is the case?
> 
> I get that there are no reference vectors for these ciphersuites yet, but 
> that shouldn't stop
> testmgr from at least fuzzing the ciphersuite against the reference 
> implementation?
> 
> Regards,
> Pascal van Leeuwen
> Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
> www.insidesecure.com

Reply via email to