xref: /openbmc/qemu/tests/unit/test-crypto-block.c (revision 154fd4d1)
1 /*
2  * QEMU Crypto block encryption
3  *
4  * Copyright (c) 2016 Red Hat, Inc.
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  *
19  */
20 
21 #include "qemu/osdep.h"
22 #include "qapi/error.h"
23 #include "crypto/init.h"
24 #include "crypto/block.h"
25 #include "crypto/block-luks-priv.h"
26 #include "qemu/buffer.h"
27 #include "qemu/module.h"
28 #include "crypto/secret.h"
29 #ifndef _WIN32
30 #include <sys/resource.h>
31 #endif
32 
33 #if (defined(_WIN32) || defined RUSAGE_THREAD) && \
34     (defined(CONFIG_NETTLE) || defined(CONFIG_GCRYPT) || \
35      defined(CONFIG_GNUTLS_CRYPTO))
36 #define TEST_LUKS
37 #else
38 #undef TEST_LUKS
39 #endif
40 
41 static QCryptoBlockCreateOptions qcow_create_opts = {
42     .format = QCRYPTO_BLOCK_FORMAT_QCOW,
43     .u.qcow = {
44         .key_secret = (char *)"sec0",
45     },
46 };
47 
48 static QCryptoBlockOpenOptions qcow_open_opts = {
49     .format = QCRYPTO_BLOCK_FORMAT_QCOW,
50     .u.qcow = {
51         .key_secret = (char *)"sec0",
52     },
53 };
54 
55 
56 #ifdef TEST_LUKS
57 static QCryptoBlockOpenOptions luks_open_opts = {
58     .format = QCRYPTO_BLOCK_FORMAT_LUKS,
59     .u.luks = {
60         .key_secret = (char *)"sec0",
61     },
62 };
63 
64 
65 /* Creation with all default values */
66 static QCryptoBlockCreateOptions luks_create_opts_default = {
67     .format = QCRYPTO_BLOCK_FORMAT_LUKS,
68     .u.luks = {
69         .key_secret = (char *)"sec0",
70     },
71 };
72 
73 
74 /* ...and with explicit values */
75 static QCryptoBlockCreateOptions luks_create_opts_aes256_cbc_plain64 = {
76     .format = QCRYPTO_BLOCK_FORMAT_LUKS,
77     .u.luks = {
78         .key_secret = (char *)"sec0",
79         .has_cipher_alg = true,
80         .cipher_alg = QCRYPTO_CIPHER_ALG_AES_256,
81         .has_cipher_mode = true,
82         .cipher_mode = QCRYPTO_CIPHER_MODE_CBC,
83         .has_ivgen_alg = true,
84         .ivgen_alg = QCRYPTO_IVGEN_ALG_PLAIN64,
85     },
86 };
87 
88 
89 static QCryptoBlockCreateOptions luks_create_opts_aes256_cbc_essiv = {
90     .format = QCRYPTO_BLOCK_FORMAT_LUKS,
91     .u.luks = {
92         .key_secret = (char *)"sec0",
93         .has_cipher_alg = true,
94         .cipher_alg = QCRYPTO_CIPHER_ALG_AES_256,
95         .has_cipher_mode = true,
96         .cipher_mode = QCRYPTO_CIPHER_MODE_CBC,
97         .has_ivgen_alg = true,
98         .ivgen_alg = QCRYPTO_IVGEN_ALG_ESSIV,
99         .has_ivgen_hash_alg = true,
100         .ivgen_hash_alg = QCRYPTO_HASH_ALG_SHA256,
101         .has_hash_alg = true,
102         .hash_alg = QCRYPTO_HASH_ALG_SHA1,
103     },
104 };
105 #endif /* TEST_LUKS */
106 
107 
108 static struct QCryptoBlockTestData {
109     const char *path;
110     QCryptoBlockCreateOptions *create_opts;
111     QCryptoBlockOpenOptions *open_opts;
112 
113     bool expect_header;
114 
115     QCryptoCipherAlgorithm cipher_alg;
116     QCryptoCipherMode cipher_mode;
117     QCryptoHashAlgorithm hash_alg;
118 
119     QCryptoIVGenAlgorithm ivgen_alg;
120     QCryptoHashAlgorithm ivgen_hash;
121 
122     bool slow;
123 } test_data[] = {
124     {
125         .path = "/crypto/block/qcow",
126         .create_opts = &qcow_create_opts,
127         .open_opts = &qcow_open_opts,
128 
129         .expect_header = false,
130 
131         .cipher_alg = QCRYPTO_CIPHER_ALG_AES_128,
132         .cipher_mode = QCRYPTO_CIPHER_MODE_CBC,
133 
134         .ivgen_alg = QCRYPTO_IVGEN_ALG_PLAIN64,
135     },
136 #ifdef TEST_LUKS
137     {
138         .path = "/crypto/block/luks/default",
139         .create_opts = &luks_create_opts_default,
140         .open_opts = &luks_open_opts,
141 
142         .expect_header = true,
143 
144         .cipher_alg = QCRYPTO_CIPHER_ALG_AES_256,
145         .cipher_mode = QCRYPTO_CIPHER_MODE_XTS,
146         .hash_alg = QCRYPTO_HASH_ALG_SHA256,
147 
148         .ivgen_alg = QCRYPTO_IVGEN_ALG_PLAIN64,
149 
150         .slow = true,
151     },
152     {
153         .path = "/crypto/block/luks/aes-256-cbc-plain64",
154         .create_opts = &luks_create_opts_aes256_cbc_plain64,
155         .open_opts = &luks_open_opts,
156 
157         .expect_header = true,
158 
159         .cipher_alg = QCRYPTO_CIPHER_ALG_AES_256,
160         .cipher_mode = QCRYPTO_CIPHER_MODE_CBC,
161         .hash_alg = QCRYPTO_HASH_ALG_SHA256,
162 
163         .ivgen_alg = QCRYPTO_IVGEN_ALG_PLAIN64,
164 
165         .slow = true,
166     },
167     {
168         .path = "/crypto/block/luks/aes-256-cbc-essiv",
169         .create_opts = &luks_create_opts_aes256_cbc_essiv,
170         .open_opts = &luks_open_opts,
171 
172         .expect_header = true,
173 
174         .cipher_alg = QCRYPTO_CIPHER_ALG_AES_256,
175         .cipher_mode = QCRYPTO_CIPHER_MODE_CBC,
176         .hash_alg = QCRYPTO_HASH_ALG_SHA1,
177 
178         .ivgen_alg = QCRYPTO_IVGEN_ALG_ESSIV,
179         .ivgen_hash = QCRYPTO_HASH_ALG_SHA256,
180 
181         .slow = true,
182     },
183 #endif
184 };
185 
186 
187 static int test_block_read_func(QCryptoBlock *block,
188                                 size_t offset,
189                                 uint8_t *buf,
190                                 size_t buflen,
191                                 void *opaque,
192                                 Error **errp)
193 {
194     Buffer *header = opaque;
195 
196     g_assert_cmpint(offset + buflen, <=, header->capacity);
197 
198     memcpy(buf, header->buffer + offset, buflen);
199 
200     return 0;
201 }
202 
203 
204 static int test_block_init_func(QCryptoBlock *block,
205                                 size_t headerlen,
206                                 void *opaque,
207                                 Error **errp)
208 {
209     Buffer *header = opaque;
210 
211     g_assert_cmpint(header->capacity, ==, 0);
212 
213     buffer_reserve(header, headerlen);
214 
215     return 0;
216 }
217 
218 
219 static int test_block_write_func(QCryptoBlock *block,
220                                  size_t offset,
221                                  const uint8_t *buf,
222                                  size_t buflen,
223                                  void *opaque,
224                                  Error **errp)
225 {
226     Buffer *header = opaque;
227 
228     g_assert_cmpint(buflen + offset, <=, header->capacity);
229 
230     memcpy(header->buffer + offset, buf, buflen);
231     header->offset = offset + buflen;
232 
233     return 0;
234 }
235 
236 
237 static Object *test_block_secret(void)
238 {
239     return object_new_with_props(
240         TYPE_QCRYPTO_SECRET,
241         object_get_objects_root(),
242         "sec0",
243         &error_abort,
244         "data", "123456",
245         NULL);
246 }
247 
248 static void test_block_assert_setup(const struct QCryptoBlockTestData *data,
249                                     QCryptoBlock *blk)
250 {
251     QCryptoIVGen *ivgen;
252     QCryptoCipher *cipher;
253 
254     ivgen = qcrypto_block_get_ivgen(blk);
255     cipher = qcrypto_block_get_cipher(blk);
256 
257     g_assert(ivgen);
258     g_assert(cipher);
259 
260     g_assert_cmpint(data->cipher_alg, ==, cipher->alg);
261     g_assert_cmpint(data->cipher_mode, ==, cipher->mode);
262     g_assert_cmpint(data->hash_alg, ==,
263                     qcrypto_block_get_kdf_hash(blk));
264 
265     g_assert_cmpint(data->ivgen_alg, ==,
266                     qcrypto_ivgen_get_algorithm(ivgen));
267     g_assert_cmpint(data->ivgen_hash, ==,
268                     qcrypto_ivgen_get_hash(ivgen));
269 }
270 
271 
272 static void test_block(gconstpointer opaque)
273 {
274     const struct QCryptoBlockTestData *data = opaque;
275     QCryptoBlock *blk;
276     Buffer header;
277     Object *sec = test_block_secret();
278 
279     memset(&header, 0, sizeof(header));
280     buffer_init(&header, "header");
281 
282     blk = qcrypto_block_create(data->create_opts, NULL,
283                                test_block_init_func,
284                                test_block_write_func,
285                                &header,
286                                0,
287                                &error_abort);
288     g_assert(blk);
289 
290     if (data->expect_header) {
291         g_assert_cmpint(header.capacity, >, 0);
292     } else {
293         g_assert_cmpint(header.capacity, ==, 0);
294     }
295 
296     test_block_assert_setup(data, blk);
297 
298     qcrypto_block_free(blk);
299     object_unparent(sec);
300 
301     /* Ensure we can't open without the secret */
302     blk = qcrypto_block_open(data->open_opts, NULL,
303                              test_block_read_func,
304                              &header,
305                              0,
306                              NULL);
307     g_assert(blk == NULL);
308 
309     /* Ensure we can't open without the secret, unless NO_IO */
310     blk = qcrypto_block_open(data->open_opts, NULL,
311                              test_block_read_func,
312                              &header,
313                              QCRYPTO_BLOCK_OPEN_NO_IO,
314                              &error_abort);
315 
316     g_assert(qcrypto_block_get_cipher(blk) == NULL);
317     g_assert(qcrypto_block_get_ivgen(blk) == NULL);
318 
319     qcrypto_block_free(blk);
320 
321 
322     /* Now open for real with secret */
323     sec = test_block_secret();
324     blk = qcrypto_block_open(data->open_opts, NULL,
325                              test_block_read_func,
326                              &header,
327                              0,
328                              &error_abort);
329     g_assert(blk);
330 
331     test_block_assert_setup(data, blk);
332 
333     qcrypto_block_free(blk);
334 
335     object_unparent(sec);
336 
337     buffer_free(&header);
338 }
339 
340 
341 #ifdef TEST_LUKS
342 typedef const char *(*LuksHeaderDoBadStuff)(QCryptoBlockLUKSHeader *hdr);
343 
344 static void
345 test_luks_bad_header(gconstpointer data)
346 {
347     LuksHeaderDoBadStuff badstuff = data;
348     QCryptoBlock *blk;
349     Buffer buf;
350     Object *sec = test_block_secret();
351     QCryptoBlockLUKSHeader hdr;
352     Error *err = NULL;
353     const char *msg;
354 
355     memset(&buf, 0, sizeof(buf));
356     buffer_init(&buf, "header");
357 
358     /* Correctly create the volume initially */
359     blk = qcrypto_block_create(&luks_create_opts_default, NULL,
360                                test_block_init_func,
361                                test_block_write_func,
362                                &buf,
363                                0,
364                                &error_abort);
365     g_assert(blk);
366 
367     qcrypto_block_free(blk);
368 
369     /* Mangle it in some unpleasant way */
370     g_assert(buf.offset >= sizeof(hdr));
371     memcpy(&hdr, buf.buffer, sizeof(hdr));
372     qcrypto_block_luks_to_disk_endian(&hdr);
373 
374     msg = badstuff(&hdr);
375 
376     qcrypto_block_luks_from_disk_endian(&hdr);
377     memcpy(buf.buffer, &hdr, sizeof(hdr));
378 
379     /* Check that we fail to open it again */
380     blk = qcrypto_block_open(&luks_open_opts, NULL,
381                              test_block_read_func,
382                              &buf,
383                              0,
384                              &err);
385     g_assert(!blk);
386     g_assert(err);
387 
388     g_assert_cmpstr(error_get_pretty(err), ==, msg);
389     error_free(err);
390 
391     object_unparent(sec);
392 
393     buffer_free(&buf);
394 }
395 
396 static const char *luks_bad_null_term_cipher_name(QCryptoBlockLUKSHeader *hdr)
397 {
398     /* Replace NUL termination with spaces */
399     char *offset = hdr->cipher_name + strlen(hdr->cipher_name);
400     memset(offset, ' ', sizeof(hdr->cipher_name) - (offset - hdr->cipher_name));
401 
402     return "LUKS header cipher name is not NUL terminated";
403 }
404 
405 static const char *luks_bad_null_term_cipher_mode(QCryptoBlockLUKSHeader *hdr)
406 {
407     /* Replace NUL termination with spaces */
408     char *offset = hdr->cipher_mode + strlen(hdr->cipher_mode);
409     memset(offset, ' ', sizeof(hdr->cipher_mode) - (offset - hdr->cipher_mode));
410 
411     return "LUKS header cipher mode is not NUL terminated";
412 }
413 
414 static const char *luks_bad_null_term_hash_spec(QCryptoBlockLUKSHeader *hdr)
415 {
416     /* Replace NUL termination with spaces */
417     char *offset = hdr->hash_spec + strlen(hdr->hash_spec);
418     memset(offset, ' ', sizeof(hdr->hash_spec) - (offset - hdr->hash_spec));
419 
420     return "LUKS header hash spec is not NUL terminated";
421 }
422 
423 static const char *luks_bad_cipher_name_empty(QCryptoBlockLUKSHeader *hdr)
424 {
425     memcpy(hdr->cipher_name, "", 1);
426 
427     return "Algorithm '' with key size 32 bytes not supported";
428 }
429 
430 static const char *luks_bad_cipher_name_unknown(QCryptoBlockLUKSHeader *hdr)
431 {
432     memcpy(hdr->cipher_name, "aess", 5);
433 
434     return "Algorithm 'aess' with key size 32 bytes not supported";
435 }
436 
437 static const char *luks_bad_cipher_xts_size(QCryptoBlockLUKSHeader *hdr)
438 {
439     hdr->master_key_len = 33;
440 
441     return "XTS cipher key length should be a multiple of 2";
442 }
443 
444 static const char *luks_bad_cipher_cbc_size(QCryptoBlockLUKSHeader *hdr)
445 {
446     hdr->master_key_len = 33;
447     memcpy(hdr->cipher_mode, "cbc-essiv", 10);
448 
449     return "Algorithm 'aes' with key size 33 bytes not supported";
450 }
451 
452 static const char *luks_bad_cipher_mode_empty(QCryptoBlockLUKSHeader *hdr)
453 {
454     memcpy(hdr->cipher_mode, "", 1);
455 
456     return "Unexpected cipher mode string format ''";
457 }
458 
459 static const char *luks_bad_cipher_mode_unknown(QCryptoBlockLUKSHeader *hdr)
460 {
461     memcpy(hdr->cipher_mode, "xfs", 4);
462 
463     return "Unexpected cipher mode string format 'xfs'";
464 }
465 
466 static const char *luks_bad_ivgen_separator(QCryptoBlockLUKSHeader *hdr)
467 {
468     memcpy(hdr->cipher_mode, "xts:plain64", 12);
469 
470     return "Unexpected cipher mode string format 'xts:plain64'";
471 }
472 
473 static const char *luks_bad_ivgen_name_empty(QCryptoBlockLUKSHeader *hdr)
474 {
475     memcpy(hdr->cipher_mode, "xts-", 5);
476 
477     return "IV generator '' not supported";
478 }
479 
480 static const char *luks_bad_ivgen_name_unknown(QCryptoBlockLUKSHeader *hdr)
481 {
482     memcpy(hdr->cipher_mode, "xts-plain65", 12);
483 
484     return "IV generator 'plain65' not supported";
485 }
486 
487 static const char *luks_bad_ivgen_hash_empty(QCryptoBlockLUKSHeader *hdr)
488 {
489     memcpy(hdr->cipher_mode, "xts-plain65:", 13);
490 
491     return "Hash algorithm '' not supported";
492 }
493 
494 static const char *luks_bad_ivgen_hash_unknown(QCryptoBlockLUKSHeader *hdr)
495 {
496     memcpy(hdr->cipher_mode, "xts-plain65:sha257", 19);
497 
498     return "Hash algorithm 'sha257' not supported";
499 }
500 
501 static const char *luks_bad_hash_spec_empty(QCryptoBlockLUKSHeader *hdr)
502 {
503     memcpy(hdr->hash_spec, "", 1);
504 
505     return "Hash algorithm '' not supported";
506 }
507 
508 static const char *luks_bad_hash_spec_unknown(QCryptoBlockLUKSHeader *hdr)
509 {
510     memcpy(hdr->hash_spec, "sha2566", 8);
511 
512     return "Hash algorithm 'sha2566' not supported";
513 }
514 
515 static const char *luks_bad_stripes(QCryptoBlockLUKSHeader *hdr)
516 {
517     hdr->key_slots[0].stripes = 3999;
518 
519     return "Keyslot 0 is corrupted (stripes 3999 != 4000)";
520 }
521 
522 static const char *luks_bad_key_overlap_header(QCryptoBlockLUKSHeader *hdr)
523 {
524     hdr->key_slots[0].key_offset_sector = 2;
525 
526     return "Keyslot 0 is overlapping with the LUKS header";
527 }
528 
529 static const char *luks_bad_key_overlap_key(QCryptoBlockLUKSHeader *hdr)
530 {
531     hdr->key_slots[0].key_offset_sector = hdr->key_slots[1].key_offset_sector;
532 
533     return "Keyslots 0 and 1 are overlapping in the header";
534 }
535 
536 static const char *luks_bad_key_overlap_payload(QCryptoBlockLUKSHeader *hdr)
537 {
538     hdr->key_slots[0].key_offset_sector = hdr->payload_offset_sector + 42;
539 
540     return "Keyslot 0 is overlapping with the encrypted payload";
541 }
542 
543 static const char *luks_bad_payload_overlap_header(QCryptoBlockLUKSHeader *hdr)
544 {
545     hdr->payload_offset_sector = 2;
546 
547     return "LUKS payload is overlapping with the header";
548 }
549 
550 static const char *luks_bad_key_iterations(QCryptoBlockLUKSHeader *hdr)
551 {
552     hdr->key_slots[0].iterations = 0;
553 
554     return "Keyslot 0 iteration count is zero";
555 }
556 
557 static const char *luks_bad_iterations(QCryptoBlockLUKSHeader *hdr)
558 {
559     hdr->master_key_iterations = 0;
560 
561     return "LUKS key iteration count is zero";
562 }
563 #endif
564 
565 int main(int argc, char **argv)
566 {
567     gsize i;
568 
569     module_call_init(MODULE_INIT_QOM);
570     g_test_init(&argc, &argv, NULL);
571 
572     g_assert(qcrypto_init(NULL) == 0);
573 
574     for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
575         if (test_data[i].open_opts->format == QCRYPTO_BLOCK_FORMAT_LUKS &&
576             !qcrypto_hash_supports(test_data[i].hash_alg)) {
577             continue;
578         }
579         if (!test_data[i].slow ||
580             g_test_slow()) {
581             g_test_add_data_func(test_data[i].path, &test_data[i], test_block);
582         }
583     }
584 
585 #ifdef TEST_LUKS
586     if (g_test_slow()) {
587         g_test_add_data_func("/crypto/block/luks/bad/cipher-name-nul-term",
588                              luks_bad_null_term_cipher_name,
589                              test_luks_bad_header);
590         g_test_add_data_func("/crypto/block/luks/bad/cipher-mode-nul-term",
591                              luks_bad_null_term_cipher_mode,
592                              test_luks_bad_header);
593         g_test_add_data_func("/crypto/block/luks/bad/hash-spec-nul-term",
594                              luks_bad_null_term_hash_spec,
595                              test_luks_bad_header);
596         g_test_add_data_func("/crypto/block/luks/bad/cipher-name-empty",
597                              luks_bad_cipher_name_empty,
598                              test_luks_bad_header);
599         g_test_add_data_func("/crypto/block/luks/bad/cipher-name-unknown",
600                              luks_bad_cipher_name_unknown,
601                              test_luks_bad_header);
602         g_test_add_data_func("/crypto/block/luks/bad/cipher-xts-size",
603                              luks_bad_cipher_xts_size,
604                              test_luks_bad_header);
605         g_test_add_data_func("/crypto/block/luks/bad/cipher-cbc-size",
606                              luks_bad_cipher_cbc_size,
607                              test_luks_bad_header);
608         g_test_add_data_func("/crypto/block/luks/bad/cipher-mode-empty",
609                              luks_bad_cipher_mode_empty,
610                              test_luks_bad_header);
611         g_test_add_data_func("/crypto/block/luks/bad/cipher-mode-unknown",
612                              luks_bad_cipher_mode_unknown,
613                              test_luks_bad_header);
614         g_test_add_data_func("/crypto/block/luks/bad/ivgen-separator",
615                              luks_bad_ivgen_separator,
616                              test_luks_bad_header);
617         g_test_add_data_func("/crypto/block/luks/bad/ivgen-name-empty",
618                              luks_bad_ivgen_name_empty,
619                              test_luks_bad_header);
620         g_test_add_data_func("/crypto/block/luks/bad/ivgen-name-unknown",
621                              luks_bad_ivgen_name_unknown,
622                              test_luks_bad_header);
623         g_test_add_data_func("/crypto/block/luks/bad/ivgen-hash-empty",
624                              luks_bad_ivgen_hash_empty,
625                              test_luks_bad_header);
626         g_test_add_data_func("/crypto/block/luks/bad/ivgen-hash-unknown",
627                              luks_bad_ivgen_hash_unknown,
628                              test_luks_bad_header);
629         g_test_add_data_func("/crypto/block/luks/bad/hash-spec-empty",
630                              luks_bad_hash_spec_empty,
631                              test_luks_bad_header);
632         g_test_add_data_func("/crypto/block/luks/bad/hash-spec-unknown",
633                              luks_bad_hash_spec_unknown,
634                              test_luks_bad_header);
635         g_test_add_data_func("/crypto/block/luks/bad/stripes",
636                              luks_bad_stripes,
637                              test_luks_bad_header);
638         g_test_add_data_func("/crypto/block/luks/bad/key-overlap-header",
639                              luks_bad_key_overlap_header,
640                              test_luks_bad_header);
641         g_test_add_data_func("/crypto/block/luks/bad/key-overlap-key",
642                              luks_bad_key_overlap_key,
643                              test_luks_bad_header);
644         g_test_add_data_func("/crypto/block/luks/bad/key-overlap-payload",
645                              luks_bad_key_overlap_payload,
646                              test_luks_bad_header);
647         g_test_add_data_func("/crypto/block/luks/bad/payload-overlap-header",
648                              luks_bad_payload_overlap_header,
649                              test_luks_bad_header);
650         g_test_add_data_func("/crypto/block/luks/bad/iterations",
651                              luks_bad_iterations,
652                              test_luks_bad_header);
653         g_test_add_data_func("/crypto/block/luks/bad/key-iterations",
654                              luks_bad_key_iterations,
655                              test_luks_bad_header);
656     }
657 #endif
658 
659     return g_test_run();
660 }
661