Commit 4d2d15c0 authored by Chuck Lever's avatar Chuck Lever

SUNRPC: Add RFC 8009 encryption KUnit tests

RFC 8009 provides sample encryption results. Add KUnit tests to
ensure our implementation derives the expected results for the
provided sample input.

I hate how large this test is, but using non-standard key usage
values means rfc8009_encrypt_case() can't simply reuse ->import_ctx
to allocate and key its ciphers; and the test provides its own
confounders, which means krb5_etm_encrypt() can't be used directly.
Tested-by: default avatarScott Mayhew <smayhew@redhat.com>
Reviewed-by: default avatarSimo Sorce <simo@redhat.com>
Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
parent 003caf4f
...@@ -886,8 +886,25 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len, ...@@ -886,8 +886,25 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len,
return ret; return ret;
} }
static u32 /**
krb5_etm_checksum(struct crypto_sync_skcipher *cipher, * krb5_etm_checksum - Compute a MAC for a GSS Wrap token
* @cipher: an initialized cipher transform
* @tfm: an initialized hash transform
* @body: xdr_buf containing an RPC message (body.len is the message length)
* @body_offset: byte offset into @body to start checksumming
* @cksumout: OUT: a buffer to be filled in with the computed HMAC
*
* Usually expressed as H = HMAC(K, IV | ciphertext)[1..h] .
*
* Caller provides the truncation length of the output token (h) in
* cksumout.len.
*
* Return values:
* %GSS_S_COMPLETE: Digest computed, @cksumout filled in
* %GSS_S_FAILURE: Call failed
*/
VISIBLE_IF_KUNIT
u32 krb5_etm_checksum(struct crypto_sync_skcipher *cipher,
struct crypto_ahash *tfm, const struct xdr_buf *body, struct crypto_ahash *tfm, const struct xdr_buf *body,
int body_offset, struct xdr_netobj *cksumout) int body_offset, struct xdr_netobj *cksumout)
{ {
...@@ -936,6 +953,7 @@ krb5_etm_checksum(struct crypto_sync_skcipher *cipher, ...@@ -936,6 +953,7 @@ krb5_etm_checksum(struct crypto_sync_skcipher *cipher,
kfree_sensitive(checksumdata); kfree_sensitive(checksumdata);
return err ? GSS_S_FAILURE : GSS_S_COMPLETE; return err ? GSS_S_FAILURE : GSS_S_COMPLETE;
} }
EXPORT_SYMBOL_IF_KUNIT(krb5_etm_checksum);
/** /**
* krb5_etm_encrypt - Encrypt using the RFC 8009 rules * krb5_etm_encrypt - Encrypt using the RFC 8009 rules
......
...@@ -221,6 +221,9 @@ int krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm, ...@@ -221,6 +221,9 @@ int krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm,
struct crypto_sync_skcipher *cbc_tfm, u32 offset, struct crypto_sync_skcipher *cbc_tfm, u32 offset,
struct xdr_buf *buf, struct page **pages, struct xdr_buf *buf, struct page **pages,
u8 *iv, unsigned int ivsize); u8 *iv, unsigned int ivsize);
u32 krb5_etm_checksum(struct crypto_sync_skcipher *cipher,
struct crypto_ahash *tfm, const struct xdr_buf *body,
int body_offset, struct xdr_netobj *cksumout);
#endif #endif
#endif /* _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H */ #endif /* _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H */
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment