Commit e1a9a384 authored by Chuck Lever's avatar Chuck Lever

SUNRPC: Add Kunit tests for RFC 3962-defined encryption/decryption

Add Kunit tests for ENCTYPE_AES128_CTS_HMAC_SHA1_96. The test
vectors come from RFC 3962 Appendix B.
Tested-by: default avatarScott Mayhew <smayhew@redhat.com>
Reviewed-by: default avatarSimo Sorce <simo@redhat.com>
Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
parent 6eb6b8a4
......@@ -14,9 +14,11 @@ CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_DES=y
CONFIG_CRYPTO_AES=y
CONFIG_NFS_FS=y
CONFIG_SUNRPC=y
CONFIG_SUNRPC_GSS=y
CONFIG_RPCSEC_GSS_KRB5=y
CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_DES=y
CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1=y
CONFIG_RPCSEC_GSS_KRB5_KUNIT_TEST=y
......@@ -46,6 +46,7 @@
#include <linux/random.h>
#include <linux/sunrpc/gss_krb5.h>
#include <linux/sunrpc/xdr.h>
#include <kunit/visibility.h>
#include "gss_krb5_internal.h"
......@@ -640,14 +641,28 @@ gss_krb5_cts_crypt(struct crypto_sync_skcipher *cipher, struct xdr_buf *buf,
return ret;
}
/*
/**
* krb5_cbc_cts_encrypt - encrypt in CBC mode with CTS
* @cts_tfm: CBC cipher with CTS
* @cbc_tfm: base CBC cipher
* @offset: starting byte offset for plaintext
* @buf: OUT: output buffer
* @pages: plaintext
* @iv: output CBC initialization vector, or NULL
* @ivsize: size of @iv, in octets
*
* To provide confidentiality, encrypt using cipher block chaining
* with ciphertext stealing. Message integrity is handled separately.
*
* Return values:
* %0: encryption successful
* negative errno: encryption could not be completed
*/
static int
krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm,
VISIBLE_IF_KUNIT
int krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm,
struct crypto_sync_skcipher *cbc_tfm,
u32 offset, struct xdr_buf *buf, struct page **pages)
u32 offset, struct xdr_buf *buf, struct page **pages,
u8 *iv, unsigned int ivsize)
{
u32 blocksize, nbytes, nblocks, cbcbytes;
struct encryptor_desc desc;
......@@ -691,8 +706,11 @@ krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm,
if (err)
return err;
if (unlikely(iv))
memcpy(iv, desc.iv, ivsize);
return 0;
}
EXPORT_SYMBOL_IF_KUNIT(krb5_cbc_cts_encrypt);
static int
krb5_cbc_cts_decrypt(struct crypto_sync_skcipher *cts_tfm,
......@@ -800,7 +818,7 @@ gss_krb5_aes_encrypt(struct krb5_ctx *kctx, u32 offset,
err = krb5_cbc_cts_encrypt(cipher, aux_cipher,
offset + GSS_KRB5_TOK_HDR_LEN,
buf, pages);
buf, pages, NULL, 0);
if (err)
return GSS_S_FAILURE;
......@@ -992,7 +1010,7 @@ krb5_etm_encrypt(struct krb5_ctx *kctx, u32 offset,
err = krb5_cbc_cts_encrypt(cipher, aux_cipher,
offset + GSS_KRB5_TOK_HDR_LEN,
buf, pages);
buf, pages, NULL, 0);
if (err)
return GSS_S_FAILURE;
......
......@@ -217,6 +217,10 @@ u32 krb5_etm_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len,
#if IS_ENABLED(CONFIG_KUNIT)
void krb5_nfold(u32 inbits, const u8 *in, u32 outbits, u8 *out);
const struct gss_krb5_enctype *gss_krb5_lookup_enctype(u32 etype);
int krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm,
struct crypto_sync_skcipher *cbc_tfm, u32 offset,
struct xdr_buf *buf, struct page **pages,
u8 *iv, unsigned int ivsize);
#endif
#endif /* _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H */
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment