Commit e1a9a384 authored by Chuck Lever's avatar Chuck Lever

SUNRPC: Add Kunit tests for RFC 3962-defined encryption/decryption

Add Kunit tests for ENCTYPE_AES128_CTS_HMAC_SHA1_96. The test
vectors come from RFC 3962 Appendix B.
Tested-by: default avatarScott Mayhew <smayhew@redhat.com>
Reviewed-by: default avatarSimo Sorce <simo@redhat.com>
Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
parent 6eb6b8a4
...@@ -14,9 +14,11 @@ CONFIG_CRYPTO_HMAC=y ...@@ -14,9 +14,11 @@ CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_MD5=y CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_DES=y CONFIG_CRYPTO_DES=y
CONFIG_CRYPTO_AES=y
CONFIG_NFS_FS=y CONFIG_NFS_FS=y
CONFIG_SUNRPC=y CONFIG_SUNRPC=y
CONFIG_SUNRPC_GSS=y CONFIG_SUNRPC_GSS=y
CONFIG_RPCSEC_GSS_KRB5=y CONFIG_RPCSEC_GSS_KRB5=y
CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_DES=y CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_DES=y
CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1=y
CONFIG_RPCSEC_GSS_KRB5_KUNIT_TEST=y CONFIG_RPCSEC_GSS_KRB5_KUNIT_TEST=y
...@@ -46,6 +46,7 @@ ...@@ -46,6 +46,7 @@
#include <linux/random.h> #include <linux/random.h>
#include <linux/sunrpc/gss_krb5.h> #include <linux/sunrpc/gss_krb5.h>
#include <linux/sunrpc/xdr.h> #include <linux/sunrpc/xdr.h>
#include <kunit/visibility.h>
#include "gss_krb5_internal.h" #include "gss_krb5_internal.h"
...@@ -640,14 +641,28 @@ gss_krb5_cts_crypt(struct crypto_sync_skcipher *cipher, struct xdr_buf *buf, ...@@ -640,14 +641,28 @@ gss_krb5_cts_crypt(struct crypto_sync_skcipher *cipher, struct xdr_buf *buf,
return ret; return ret;
} }
/* /**
* krb5_cbc_cts_encrypt - encrypt in CBC mode with CTS
* @cts_tfm: CBC cipher with CTS
* @cbc_tfm: base CBC cipher
* @offset: starting byte offset for plaintext
* @buf: OUT: output buffer
* @pages: plaintext
* @iv: output CBC initialization vector, or NULL
* @ivsize: size of @iv, in octets
*
* To provide confidentiality, encrypt using cipher block chaining * To provide confidentiality, encrypt using cipher block chaining
* with ciphertext stealing. Message integrity is handled separately. * with ciphertext stealing. Message integrity is handled separately.
*
* Return values:
* %0: encryption successful
* negative errno: encryption could not be completed
*/ */
static int VISIBLE_IF_KUNIT
krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm, int krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm,
struct crypto_sync_skcipher *cbc_tfm, struct crypto_sync_skcipher *cbc_tfm,
u32 offset, struct xdr_buf *buf, struct page **pages) u32 offset, struct xdr_buf *buf, struct page **pages,
u8 *iv, unsigned int ivsize)
{ {
u32 blocksize, nbytes, nblocks, cbcbytes; u32 blocksize, nbytes, nblocks, cbcbytes;
struct encryptor_desc desc; struct encryptor_desc desc;
...@@ -691,8 +706,11 @@ krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm, ...@@ -691,8 +706,11 @@ krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm,
if (err) if (err)
return err; return err;
if (unlikely(iv))
memcpy(iv, desc.iv, ivsize);
return 0; return 0;
} }
EXPORT_SYMBOL_IF_KUNIT(krb5_cbc_cts_encrypt);
static int static int
krb5_cbc_cts_decrypt(struct crypto_sync_skcipher *cts_tfm, krb5_cbc_cts_decrypt(struct crypto_sync_skcipher *cts_tfm,
...@@ -800,7 +818,7 @@ gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset, ...@@ -800,7 +818,7 @@ gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset,
err = krb5_cbc_cts_encrypt(cipher, aux_cipher, err = krb5_cbc_cts_encrypt(cipher, aux_cipher,
offset + GSS_KRB5_TOK_HDR_LEN, offset + GSS_KRB5_TOK_HDR_LEN,
buf, pages); buf, pages, NULL, 0);
if (err) if (err)
return GSS_S_FAILURE; return GSS_S_FAILURE;
...@@ -992,7 +1010,7 @@ krb5_etm_encrypt(struct krb5_ctx *kctx, u32 offset, ...@@ -992,7 +1010,7 @@ krb5_etm_encrypt(struct krb5_ctx *kctx, u32 offset,
err = krb5_cbc_cts_encrypt(cipher, aux_cipher, err = krb5_cbc_cts_encrypt(cipher, aux_cipher,
offset + GSS_KRB5_TOK_HDR_LEN, offset + GSS_KRB5_TOK_HDR_LEN,
buf, pages); buf, pages, NULL, 0);
if (err) if (err)
return GSS_S_FAILURE; return GSS_S_FAILURE;
......
...@@ -217,6 +217,10 @@ u32 krb5_etm_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len, ...@@ -217,6 +217,10 @@ u32 krb5_etm_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len,
#if IS_ENABLED(CONFIG_KUNIT) #if IS_ENABLED(CONFIG_KUNIT)
void krb5_nfold(u32 inbits, const u8 *in, u32 outbits, u8 *out); void krb5_nfold(u32 inbits, const u8 *in, u32 outbits, u8 *out);
const struct gss_krb5_enctype *gss_krb5_lookup_enctype(u32 etype); const struct gss_krb5_enctype *gss_krb5_lookup_enctype(u32 etype);
int krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm,
struct crypto_sync_skcipher *cbc_tfm, u32 offset,
struct xdr_buf *buf, struct page **pages,
u8 *iv, unsigned int ivsize);
#endif #endif
#endif /* _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H */ #endif /* _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H */
...@@ -23,9 +23,11 @@ struct gss_krb5_test_param { ...@@ -23,9 +23,11 @@ struct gss_krb5_test_param {
u32 enctype; u32 enctype;
u32 nfold; u32 nfold;
const struct xdr_netobj *base_key; const struct xdr_netobj *base_key;
const struct xdr_netobj *Ke;
const struct xdr_netobj *usage; const struct xdr_netobj *usage;
const struct xdr_netobj *plaintext; const struct xdr_netobj *plaintext;
const struct xdr_netobj *expected_result; const struct xdr_netobj *expected_result;
const struct xdr_netobj *next_iv;
}; };
static inline void gss_krb5_get_desc(const struct gss_krb5_test_param *param, static inline void gss_krb5_get_desc(const struct gss_krb5_test_param *param,
...@@ -465,7 +467,268 @@ static struct kunit_suite rfc3961_suite = { ...@@ -465,7 +467,268 @@ static struct kunit_suite rfc3961_suite = {
.test_cases = rfc3961_test_cases, .test_cases = rfc3961_test_cases,
}; };
kunit_test_suites(&rfc3961_suite); /*
* From RFC 3962 Appendix B: Sample Test Vectors
*
* Some test vectors for CBC with ciphertext stealing, using an
* initial vector of all-zero.
*
* This test material is copyright (C) The Internet Society (2005).
*/
DEFINE_HEX_XDR_NETOBJ(rfc3962_encryption_key,
0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_plaintext,
0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
0x20
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_expected_result,
0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
0x97
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_next_iv,
0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_plaintext,
0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_expected_result,
0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_next_iv,
0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_plaintext,
0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_expected_result,
0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_next_iv,
0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_plaintext,
0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_expected_result,
0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_next_iv,
0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_plaintext,
0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_expected_result,
0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_next_iv,
0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_plaintext,
0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74,
0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_expected_result,
0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
);
DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_next_iv,
0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40
);
static const struct gss_krb5_test_param rfc3962_encrypt_test_params[] = {
{
.desc = "Encrypt with aes128-cts-hmac-sha1-96 case 1",
.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
.Ke = &rfc3962_encryption_key,
.plaintext = &rfc3962_enc_test1_plaintext,
.expected_result = &rfc3962_enc_test1_expected_result,
.next_iv = &rfc3962_enc_test1_next_iv,
},
{
.desc = "Encrypt with aes128-cts-hmac-sha1-96 case 2",
.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
.Ke = &rfc3962_encryption_key,
.plaintext = &rfc3962_enc_test2_plaintext,
.expected_result = &rfc3962_enc_test2_expected_result,
.next_iv = &rfc3962_enc_test2_next_iv,
},
{
.desc = "Encrypt with aes128-cts-hmac-sha1-96 case 3",
.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
.Ke = &rfc3962_encryption_key,
.plaintext = &rfc3962_enc_test3_plaintext,
.expected_result = &rfc3962_enc_test3_expected_result,
.next_iv = &rfc3962_enc_test3_next_iv,
},
{
.desc = "Encrypt with aes128-cts-hmac-sha1-96 case 4",
.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
.Ke = &rfc3962_encryption_key,
.plaintext = &rfc3962_enc_test4_plaintext,
.expected_result = &rfc3962_enc_test4_expected_result,
.next_iv = &rfc3962_enc_test4_next_iv,
},
{
.desc = "Encrypt with aes128-cts-hmac-sha1-96 case 5",
.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
.Ke = &rfc3962_encryption_key,
.plaintext = &rfc3962_enc_test5_plaintext,
.expected_result = &rfc3962_enc_test5_expected_result,
.next_iv = &rfc3962_enc_test5_next_iv,
},
{
.desc = "Encrypt with aes128-cts-hmac-sha1-96 case 6",
.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
.Ke = &rfc3962_encryption_key,
.plaintext = &rfc3962_enc_test6_plaintext,
.expected_result = &rfc3962_enc_test6_expected_result,
.next_iv = &rfc3962_enc_test6_next_iv,
},
};
/* Creates the function rfc3962_encrypt_gen_params */
KUNIT_ARRAY_PARAM(rfc3962_encrypt, rfc3962_encrypt_test_params,
gss_krb5_get_desc);
/*
* This tests the implementation of the encryption part of the mechanism.
* It does not apply a confounder or test the result of HMAC over the
* plaintext.
*/
static void rfc3962_encrypt_case(struct kunit *test)
{
const struct gss_krb5_test_param *param = test->param_value;
struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
const struct gss_krb5_enctype *gk5e;
struct xdr_buf buf;
void *iv, *text;
u32 err;
/* Arrange */
gk5e = gss_krb5_lookup_enctype(param->enctype);
KUNIT_ASSERT_NOT_NULL(test, gk5e);
cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len);
KUNIT_ASSERT_EQ(test, err, 0);
cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len);
KUNIT_ASSERT_EQ(test, err, 0);
iv = kunit_kzalloc(test, crypto_sync_skcipher_ivsize(cts_tfm), GFP_KERNEL);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, iv);
text = kunit_kzalloc(test, param->plaintext->len, GFP_KERNEL);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
memcpy(text, param->plaintext->data, param->plaintext->len);
memset(&buf, 0, sizeof(buf));
buf.head[0].iov_base = text;
buf.head[0].iov_len = param->plaintext->len;
buf.len = buf.head[0].iov_len;
/* Act */
err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL,
iv, crypto_sync_skcipher_ivsize(cts_tfm));
KUNIT_ASSERT_EQ(test, err, 0);
/* Assert */
KUNIT_EXPECT_EQ_MSG(test,
param->expected_result->len, buf.len,
"ciphertext length mismatch");
KUNIT_EXPECT_EQ_MSG(test,
memcmp(param->expected_result->data,
text, param->expected_result->len), 0,
"ciphertext mismatch");
KUNIT_EXPECT_EQ_MSG(test,
memcmp(param->next_iv->data, iv,
param->next_iv->len), 0,
"IV mismatch");
crypto_free_sync_skcipher(cts_tfm);
crypto_free_sync_skcipher(cbc_tfm);
}
static struct kunit_case rfc3962_test_cases[] = {
{
.name = "RFC 3962 encryption",
.run_case = rfc3962_encrypt_case,
.generate_params = rfc3962_encrypt_gen_params,
},
};
static struct kunit_suite rfc3962_suite = {
.name = "RFC 3962 suite",
.test_cases = rfc3962_test_cases,
};
kunit_test_suites(&rfc3961_suite,
&rfc3962_suite);
MODULE_DESCRIPTION("Test RPCSEC GSS Kerberos 5 functions"); MODULE_DESCRIPTION("Test RPCSEC GSS Kerberos 5 functions");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment