1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2022 Oracle and/or its affiliates. 4 * 5 * KUnit test of SunRPC's GSS Kerberos mechanism. Subsystem 6 * name is "rpcsec_gss_krb5". 7 */ 8 9 #include <kunit/test.h> 10 #include <kunit/visibility.h> 11 12 #include <linux/kernel.h> 13 #include <crypto/hash.h> 14 15 #include <linux/sunrpc/xdr.h> 16 #include <linux/sunrpc/gss_krb5.h> 17 18 #include "gss_krb5_internal.h" 19 20 MODULE_IMPORT_NS("EXPORTED_FOR_KUNIT_TESTING"); 21 22 struct gss_krb5_test_param { 23 const char *desc; 24 u32 enctype; 25 u32 nfold; 26 u32 constant; 27 const struct xdr_netobj *base_key; 28 const struct xdr_netobj *Ke; 29 const struct xdr_netobj *usage; 30 const struct xdr_netobj *plaintext; 31 const struct xdr_netobj *confounder; 32 const struct xdr_netobj *expected_result; 33 const struct xdr_netobj *expected_hmac; 34 const struct xdr_netobj *next_iv; 35 }; 36 37 static inline void gss_krb5_get_desc(const struct gss_krb5_test_param *param, 38 char *desc) 39 { 40 strscpy(desc, param->desc, KUNIT_PARAM_DESC_SIZE); 41 } 42 43 static void kdf_case(struct kunit *test) 44 { 45 const struct gss_krb5_test_param *param = test->param_value; 46 const struct gss_krb5_enctype *gk5e; 47 struct xdr_netobj derivedkey; 48 int err; 49 50 /* Arrange */ 51 gk5e = gss_krb5_lookup_enctype(param->enctype); 52 if (!gk5e) 53 kunit_skip(test, "Encryption type is not available"); 54 55 derivedkey.data = kunit_kzalloc(test, param->expected_result->len, 56 GFP_KERNEL); 57 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, derivedkey.data); 58 derivedkey.len = param->expected_result->len; 59 60 /* Act */ 61 err = gk5e->derive_key(gk5e, param->base_key, &derivedkey, 62 param->usage, GFP_KERNEL); 63 KUNIT_ASSERT_EQ(test, err, 0); 64 65 /* Assert */ 66 KUNIT_EXPECT_MEMEQ_MSG(test, 67 param->expected_result->data, 68 derivedkey.data, 69 derivedkey.len, 70 "key mismatch"); 71 } 72 73 static void checksum_case(struct kunit *test) 74 { 75 const struct gss_krb5_test_param *param = test->param_value; 76 struct xdr_buf buf = { 77 .head[0].iov_len = param->plaintext->len, 78 .len = param->plaintext->len, 79 }; 80 const struct gss_krb5_enctype *gk5e; 81 struct xdr_netobj Kc, checksum; 82 struct crypto_ahash *tfm; 83 int err; 84 85 /* Arrange */ 86 gk5e = gss_krb5_lookup_enctype(param->enctype); 87 if (!gk5e) 88 kunit_skip(test, "Encryption type is not available"); 89 90 Kc.len = gk5e->Kc_length; 91 Kc.data = kunit_kzalloc(test, Kc.len, GFP_KERNEL); 92 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Kc.data); 93 err = gk5e->derive_key(gk5e, param->base_key, &Kc, 94 param->usage, GFP_KERNEL); 95 KUNIT_ASSERT_EQ(test, err, 0); 96 97 tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 98 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, tfm); 99 err = crypto_ahash_setkey(tfm, Kc.data, Kc.len); 100 KUNIT_ASSERT_EQ(test, err, 0); 101 102 buf.head[0].iov_base = kunit_kzalloc(test, buf.head[0].iov_len, GFP_KERNEL); 103 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, buf.head[0].iov_base); 104 memcpy(buf.head[0].iov_base, param->plaintext->data, buf.head[0].iov_len); 105 106 checksum.len = gk5e->cksumlength; 107 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 108 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 109 110 /* Act */ 111 err = gss_krb5_checksum(tfm, NULL, 0, &buf, 0, &checksum); 112 KUNIT_ASSERT_EQ(test, err, 0); 113 114 /* Assert */ 115 KUNIT_EXPECT_MEMEQ_MSG(test, 116 param->expected_result->data, 117 checksum.data, 118 checksum.len, 119 "checksum mismatch"); 120 121 crypto_free_ahash(tfm); 122 } 123 124 #define DEFINE_HEX_XDR_NETOBJ(name, hex_array...) \ 125 static const u8 name ## _data[] = { hex_array }; \ 126 static const struct xdr_netobj name = { \ 127 .data = (u8 *)name##_data, \ 128 .len = sizeof(name##_data), \ 129 } 130 131 #define DEFINE_STR_XDR_NETOBJ(name, string) \ 132 static const u8 name ## _str[] = string; \ 133 static const struct xdr_netobj name = { \ 134 .data = (u8 *)name##_str, \ 135 .len = sizeof(name##_str) - 1, \ 136 } 137 138 /* 139 * RFC 3961 Appendix A.1. n-fold 140 * 141 * The n-fold function is defined in section 5.1 of RFC 3961. 142 * 143 * This test material is copyright (C) The Internet Society (2005). 144 */ 145 146 DEFINE_HEX_XDR_NETOBJ(nfold_test1_plaintext, 147 0x30, 0x31, 0x32, 0x33, 0x34, 0x35 148 ); 149 DEFINE_HEX_XDR_NETOBJ(nfold_test1_expected_result, 150 0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55 151 ); 152 153 DEFINE_HEX_XDR_NETOBJ(nfold_test2_plaintext, 154 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 155 ); 156 DEFINE_HEX_XDR_NETOBJ(nfold_test2_expected_result, 157 0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa 158 ); 159 160 DEFINE_HEX_XDR_NETOBJ(nfold_test3_plaintext, 161 0x52, 0x6f, 0x75, 0x67, 0x68, 0x20, 0x43, 0x6f, 162 0x6e, 0x73, 0x65, 0x6e, 0x73, 0x75, 0x73, 0x2c, 163 0x20, 0x61, 0x6e, 0x64, 0x20, 0x52, 0x75, 0x6e, 164 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x43, 0x6f, 0x64, 165 0x65 166 ); 167 DEFINE_HEX_XDR_NETOBJ(nfold_test3_expected_result, 168 0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0 169 ); 170 171 DEFINE_HEX_XDR_NETOBJ(nfold_test4_plaintext, 172 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 173 ); 174 DEFINE_HEX_XDR_NETOBJ(nfold_test4_expected_result, 175 0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3, 176 0xc3, 0x7b, 0x3f, 0x6d, 0x20, 0x00, 0x24, 0x7c, 177 0xb6, 0xe6, 0xbd, 0x5b, 0x3e 178 ); 179 180 DEFINE_HEX_XDR_NETOBJ(nfold_test5_plaintext, 181 0x4d, 0x41, 0x53, 0x53, 0x41, 0x43, 0x48, 0x56, 182 0x53, 0x45, 0x54, 0x54, 0x53, 0x20, 0x49, 0x4e, 183 0x53, 0x54, 0x49, 0x54, 0x56, 0x54, 0x45, 0x20, 184 0x4f, 0x46, 0x20, 0x54, 0x45, 0x43, 0x48, 0x4e, 185 0x4f, 0x4c, 0x4f, 0x47, 0x59 186 ); 187 DEFINE_HEX_XDR_NETOBJ(nfold_test5_expected_result, 188 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 189 0x32, 0x82, 0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22, 190 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b 191 ); 192 193 DEFINE_HEX_XDR_NETOBJ(nfold_test6_plaintext, 194 0x51 195 ); 196 DEFINE_HEX_XDR_NETOBJ(nfold_test6_expected_result, 197 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a, 198 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a, 199 0x51, 0x8a, 0x54, 0xa2, 0x15 200 ); 201 202 DEFINE_HEX_XDR_NETOBJ(nfold_test7_plaintext, 203 0x62, 0x61 204 ); 205 DEFINE_HEX_XDR_NETOBJ(nfold_test7_expected_result, 206 0xfb, 0x25, 0xd5, 0x31, 0xae, 0x89, 0x74, 0x49, 207 0x9f, 0x52, 0xfd, 0x92, 0xea, 0x98, 0x57, 0xc4, 208 0xba, 0x24, 0xcf, 0x29, 0x7e 209 ); 210 211 DEFINE_HEX_XDR_NETOBJ(nfold_test_kerberos, 212 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 213 ); 214 DEFINE_HEX_XDR_NETOBJ(nfold_test8_expected_result, 215 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 216 ); 217 DEFINE_HEX_XDR_NETOBJ(nfold_test9_expected_result, 218 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 219 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93 220 ); 221 DEFINE_HEX_XDR_NETOBJ(nfold_test10_expected_result, 222 0x83, 0x72, 0xc2, 0x36, 0x34, 0x4e, 0x5f, 0x15, 223 0x50, 0xcd, 0x07, 0x47, 0xe1, 0x5d, 0x62, 0xca, 224 0x7a, 0x5a, 0x3b, 0xce, 0xa4 225 ); 226 DEFINE_HEX_XDR_NETOBJ(nfold_test11_expected_result, 227 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 228 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93, 229 0x5c, 0x9b, 0xdc, 0xda, 0xd9, 0x5c, 0x98, 0x99, 230 0xc4, 0xca, 0xe4, 0xde, 0xe6, 0xd6, 0xca, 0xe4 231 ); 232 233 static const struct gss_krb5_test_param rfc3961_nfold_test_params[] = { 234 { 235 .desc = "64-fold(\"012345\")", 236 .nfold = 64, 237 .plaintext = &nfold_test1_plaintext, 238 .expected_result = &nfold_test1_expected_result, 239 }, 240 { 241 .desc = "56-fold(\"password\")", 242 .nfold = 56, 243 .plaintext = &nfold_test2_plaintext, 244 .expected_result = &nfold_test2_expected_result, 245 }, 246 { 247 .desc = "64-fold(\"Rough Consensus, and Running Code\")", 248 .nfold = 64, 249 .plaintext = &nfold_test3_plaintext, 250 .expected_result = &nfold_test3_expected_result, 251 }, 252 { 253 .desc = "168-fold(\"password\")", 254 .nfold = 168, 255 .plaintext = &nfold_test4_plaintext, 256 .expected_result = &nfold_test4_expected_result, 257 }, 258 { 259 .desc = "192-fold(\"MASSACHVSETTS INSTITVTE OF TECHNOLOGY\")", 260 .nfold = 192, 261 .plaintext = &nfold_test5_plaintext, 262 .expected_result = &nfold_test5_expected_result, 263 }, 264 { 265 .desc = "168-fold(\"Q\")", 266 .nfold = 168, 267 .plaintext = &nfold_test6_plaintext, 268 .expected_result = &nfold_test6_expected_result, 269 }, 270 { 271 .desc = "168-fold(\"ba\")", 272 .nfold = 168, 273 .plaintext = &nfold_test7_plaintext, 274 .expected_result = &nfold_test7_expected_result, 275 }, 276 { 277 .desc = "64-fold(\"kerberos\")", 278 .nfold = 64, 279 .plaintext = &nfold_test_kerberos, 280 .expected_result = &nfold_test8_expected_result, 281 }, 282 { 283 .desc = "128-fold(\"kerberos\")", 284 .nfold = 128, 285 .plaintext = &nfold_test_kerberos, 286 .expected_result = &nfold_test9_expected_result, 287 }, 288 { 289 .desc = "168-fold(\"kerberos\")", 290 .nfold = 168, 291 .plaintext = &nfold_test_kerberos, 292 .expected_result = &nfold_test10_expected_result, 293 }, 294 { 295 .desc = "256-fold(\"kerberos\")", 296 .nfold = 256, 297 .plaintext = &nfold_test_kerberos, 298 .expected_result = &nfold_test11_expected_result, 299 }, 300 }; 301 302 /* Creates the function rfc3961_nfold_gen_params */ 303 KUNIT_ARRAY_PARAM(rfc3961_nfold, rfc3961_nfold_test_params, gss_krb5_get_desc); 304 305 static void rfc3961_nfold_case(struct kunit *test) 306 { 307 const struct gss_krb5_test_param *param = test->param_value; 308 u8 *result; 309 310 /* Arrange */ 311 result = kunit_kzalloc(test, 4096, GFP_KERNEL); 312 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, result); 313 314 /* Act */ 315 krb5_nfold(param->plaintext->len * 8, param->plaintext->data, 316 param->expected_result->len * 8, result); 317 318 /* Assert */ 319 KUNIT_EXPECT_MEMEQ_MSG(test, 320 param->expected_result->data, 321 result, 322 param->expected_result->len, 323 "result mismatch"); 324 } 325 326 static struct kunit_case rfc3961_test_cases[] = { 327 { 328 .name = "RFC 3961 n-fold", 329 .run_case = rfc3961_nfold_case, 330 .generate_params = rfc3961_nfold_gen_params, 331 }, 332 {} 333 }; 334 335 static struct kunit_suite rfc3961_suite = { 336 .name = "RFC 3961 tests", 337 .test_cases = rfc3961_test_cases, 338 }; 339 340 /* 341 * From RFC 3962 Appendix B: Sample Test Vectors 342 * 343 * Some test vectors for CBC with ciphertext stealing, using an 344 * initial vector of all-zero. 345 * 346 * This test material is copyright (C) The Internet Society (2005). 347 */ 348 349 DEFINE_HEX_XDR_NETOBJ(rfc3962_encryption_key, 350 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20, 351 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 352 ); 353 354 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_plaintext, 355 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 356 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 357 0x20 358 ); 359 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_expected_result, 360 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, 361 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, 362 0x97 363 ); 364 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_next_iv, 365 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, 366 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f 367 ); 368 369 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_plaintext, 370 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 371 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 372 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 373 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20 374 ); 375 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_expected_result, 376 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, 377 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22, 378 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 379 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 380 ); 381 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_next_iv, 382 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, 383 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22 384 ); 385 386 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_plaintext, 387 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 388 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 389 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 390 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43 391 ); 392 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_expected_result, 393 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 394 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 395 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 396 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 397 ); 398 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_next_iv, 399 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 400 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 401 ); 402 403 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_plaintext, 404 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 405 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 406 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 407 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 408 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 409 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c 410 ); 411 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_expected_result, 412 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 413 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 414 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, 415 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e, 416 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 417 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 418 ); 419 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_next_iv, 420 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, 421 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e 422 ); 423 424 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_plaintext, 425 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 426 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 427 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 428 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 429 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 430 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20 431 ); 432 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_expected_result, 433 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 434 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 435 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 436 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8, 437 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 438 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 439 ); 440 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_next_iv, 441 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 442 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 443 ); 444 445 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_plaintext, 446 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 447 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 448 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 449 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 450 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 451 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20, 452 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74, 453 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e 454 ); 455 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_expected_result, 456 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 457 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 458 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 459 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 460 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, 461 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40, 462 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 463 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 464 ); 465 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_next_iv, 466 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, 467 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40 468 ); 469 470 static const struct gss_krb5_test_param rfc3962_encrypt_test_params[] = { 471 { 472 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 1", 473 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 474 .Ke = &rfc3962_encryption_key, 475 .plaintext = &rfc3962_enc_test1_plaintext, 476 .expected_result = &rfc3962_enc_test1_expected_result, 477 .next_iv = &rfc3962_enc_test1_next_iv, 478 }, 479 { 480 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 2", 481 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 482 .Ke = &rfc3962_encryption_key, 483 .plaintext = &rfc3962_enc_test2_plaintext, 484 .expected_result = &rfc3962_enc_test2_expected_result, 485 .next_iv = &rfc3962_enc_test2_next_iv, 486 }, 487 { 488 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 3", 489 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 490 .Ke = &rfc3962_encryption_key, 491 .plaintext = &rfc3962_enc_test3_plaintext, 492 .expected_result = &rfc3962_enc_test3_expected_result, 493 .next_iv = &rfc3962_enc_test3_next_iv, 494 }, 495 { 496 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 4", 497 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 498 .Ke = &rfc3962_encryption_key, 499 .plaintext = &rfc3962_enc_test4_plaintext, 500 .expected_result = &rfc3962_enc_test4_expected_result, 501 .next_iv = &rfc3962_enc_test4_next_iv, 502 }, 503 { 504 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 5", 505 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 506 .Ke = &rfc3962_encryption_key, 507 .plaintext = &rfc3962_enc_test5_plaintext, 508 .expected_result = &rfc3962_enc_test5_expected_result, 509 .next_iv = &rfc3962_enc_test5_next_iv, 510 }, 511 { 512 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 6", 513 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 514 .Ke = &rfc3962_encryption_key, 515 .plaintext = &rfc3962_enc_test6_plaintext, 516 .expected_result = &rfc3962_enc_test6_expected_result, 517 .next_iv = &rfc3962_enc_test6_next_iv, 518 }, 519 }; 520 521 /* Creates the function rfc3962_encrypt_gen_params */ 522 KUNIT_ARRAY_PARAM(rfc3962_encrypt, rfc3962_encrypt_test_params, 523 gss_krb5_get_desc); 524 525 /* 526 * This tests the implementation of the encryption part of the mechanism. 527 * It does not apply a confounder or test the result of HMAC over the 528 * plaintext. 529 */ 530 static void rfc3962_encrypt_case(struct kunit *test) 531 { 532 const struct gss_krb5_test_param *param = test->param_value; 533 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 534 const struct gss_krb5_enctype *gk5e; 535 struct xdr_buf buf; 536 void *iv, *text; 537 u32 err; 538 539 /* Arrange */ 540 gk5e = gss_krb5_lookup_enctype(param->enctype); 541 if (!gk5e) 542 kunit_skip(test, "Encryption type is not available"); 543 544 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 545 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 546 err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len); 547 KUNIT_ASSERT_EQ(test, err, 0); 548 549 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 550 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 551 err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len); 552 KUNIT_ASSERT_EQ(test, err, 0); 553 554 iv = kunit_kzalloc(test, crypto_sync_skcipher_ivsize(cts_tfm), GFP_KERNEL); 555 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, iv); 556 557 text = kunit_kzalloc(test, param->plaintext->len, GFP_KERNEL); 558 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 559 560 memcpy(text, param->plaintext->data, param->plaintext->len); 561 memset(&buf, 0, sizeof(buf)); 562 buf.head[0].iov_base = text; 563 buf.head[0].iov_len = param->plaintext->len; 564 buf.len = buf.head[0].iov_len; 565 566 /* Act */ 567 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, 568 iv, crypto_sync_skcipher_ivsize(cts_tfm)); 569 KUNIT_ASSERT_EQ(test, err, 0); 570 571 /* Assert */ 572 KUNIT_EXPECT_EQ_MSG(test, 573 param->expected_result->len, buf.len, 574 "ciphertext length mismatch"); 575 KUNIT_EXPECT_MEMEQ_MSG(test, 576 param->expected_result->data, 577 text, 578 param->expected_result->len, 579 "ciphertext mismatch"); 580 KUNIT_EXPECT_MEMEQ_MSG(test, 581 param->next_iv->data, 582 iv, 583 param->next_iv->len, 584 "IV mismatch"); 585 586 crypto_free_sync_skcipher(cts_tfm); 587 crypto_free_sync_skcipher(cbc_tfm); 588 } 589 590 static struct kunit_case rfc3962_test_cases[] = { 591 { 592 .name = "RFC 3962 encryption", 593 .run_case = rfc3962_encrypt_case, 594 .generate_params = rfc3962_encrypt_gen_params, 595 }, 596 {} 597 }; 598 599 static struct kunit_suite rfc3962_suite = { 600 .name = "RFC 3962 suite", 601 .test_cases = rfc3962_test_cases, 602 }; 603 604 /* 605 * From RFC 6803 Section 10. Test vectors 606 * 607 * Sample results for key derivation 608 * 609 * Copyright (c) 2012 IETF Trust and the persons identified as the 610 * document authors. All rights reserved. 611 */ 612 613 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_basekey, 614 0x57, 0xd0, 0x29, 0x72, 0x98, 0xff, 0xd9, 0xd3, 615 0x5d, 0xe5, 0xa4, 0x7f, 0xb4, 0xbd, 0xe2, 0x4b 616 ); 617 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Kc, 618 0xd1, 0x55, 0x77, 0x5a, 0x20, 0x9d, 0x05, 0xf0, 619 0x2b, 0x38, 0xd4, 0x2a, 0x38, 0x9e, 0x5a, 0x56 620 ); 621 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ke, 622 0x64, 0xdf, 0x83, 0xf8, 0x5a, 0x53, 0x2f, 0x17, 623 0x57, 0x7d, 0x8c, 0x37, 0x03, 0x57, 0x96, 0xab 624 ); 625 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ki, 626 0x3e, 0x4f, 0xbd, 0xf3, 0x0f, 0xb8, 0x25, 0x9c, 627 0x42, 0x5c, 0xb6, 0xc9, 0x6f, 0x1f, 0x46, 0x35 628 ); 629 630 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_basekey, 631 0xb9, 0xd6, 0x82, 0x8b, 0x20, 0x56, 0xb7, 0xbe, 632 0x65, 0x6d, 0x88, 0xa1, 0x23, 0xb1, 0xfa, 0xc6, 633 0x82, 0x14, 0xac, 0x2b, 0x72, 0x7e, 0xcf, 0x5f, 634 0x69, 0xaf, 0xe0, 0xc4, 0xdf, 0x2a, 0x6d, 0x2c 635 ); 636 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Kc, 637 0xe4, 0x67, 0xf9, 0xa9, 0x55, 0x2b, 0xc7, 0xd3, 638 0x15, 0x5a, 0x62, 0x20, 0xaf, 0x9c, 0x19, 0x22, 639 0x0e, 0xee, 0xd4, 0xff, 0x78, 0xb0, 0xd1, 0xe6, 640 0xa1, 0x54, 0x49, 0x91, 0x46, 0x1a, 0x9e, 0x50 641 ); 642 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ke, 643 0x41, 0x2a, 0xef, 0xc3, 0x62, 0xa7, 0x28, 0x5f, 644 0xc3, 0x96, 0x6c, 0x6a, 0x51, 0x81, 0xe7, 0x60, 645 0x5a, 0xe6, 0x75, 0x23, 0x5b, 0x6d, 0x54, 0x9f, 646 0xbf, 0xc9, 0xab, 0x66, 0x30, 0xa4, 0xc6, 0x04 647 ); 648 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ki, 649 0xfa, 0x62, 0x4f, 0xa0, 0xe5, 0x23, 0x99, 0x3f, 650 0xa3, 0x88, 0xae, 0xfd, 0xc6, 0x7e, 0x67, 0xeb, 651 0xcd, 0x8c, 0x08, 0xe8, 0xa0, 0x24, 0x6b, 0x1d, 652 0x73, 0xb0, 0xd1, 0xdd, 0x9f, 0xc5, 0x82, 0xb0 653 ); 654 655 DEFINE_HEX_XDR_NETOBJ(usage_checksum, 656 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_CHECKSUM 657 ); 658 DEFINE_HEX_XDR_NETOBJ(usage_encryption, 659 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_ENCRYPTION 660 ); 661 DEFINE_HEX_XDR_NETOBJ(usage_integrity, 662 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_INTEGRITY 663 ); 664 665 static const struct gss_krb5_test_param rfc6803_kdf_test_params[] = { 666 { 667 .desc = "Derive Kc subkey for camellia128-cts-cmac", 668 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 669 .base_key = &camellia128_cts_cmac_basekey, 670 .usage = &usage_checksum, 671 .expected_result = &camellia128_cts_cmac_Kc, 672 }, 673 { 674 .desc = "Derive Ke subkey for camellia128-cts-cmac", 675 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 676 .base_key = &camellia128_cts_cmac_basekey, 677 .usage = &usage_encryption, 678 .expected_result = &camellia128_cts_cmac_Ke, 679 }, 680 { 681 .desc = "Derive Ki subkey for camellia128-cts-cmac", 682 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 683 .base_key = &camellia128_cts_cmac_basekey, 684 .usage = &usage_integrity, 685 .expected_result = &camellia128_cts_cmac_Ki, 686 }, 687 { 688 .desc = "Derive Kc subkey for camellia256-cts-cmac", 689 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 690 .base_key = &camellia256_cts_cmac_basekey, 691 .usage = &usage_checksum, 692 .expected_result = &camellia256_cts_cmac_Kc, 693 }, 694 { 695 .desc = "Derive Ke subkey for camellia256-cts-cmac", 696 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 697 .base_key = &camellia256_cts_cmac_basekey, 698 .usage = &usage_encryption, 699 .expected_result = &camellia256_cts_cmac_Ke, 700 }, 701 { 702 .desc = "Derive Ki subkey for camellia256-cts-cmac", 703 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 704 .base_key = &camellia256_cts_cmac_basekey, 705 .usage = &usage_integrity, 706 .expected_result = &camellia256_cts_cmac_Ki, 707 }, 708 }; 709 710 /* Creates the function rfc6803_kdf_gen_params */ 711 KUNIT_ARRAY_PARAM(rfc6803_kdf, rfc6803_kdf_test_params, gss_krb5_get_desc); 712 713 /* 714 * From RFC 6803 Section 10. Test vectors 715 * 716 * Sample checksums. 717 * 718 * Copyright (c) 2012 IETF Trust and the persons identified as the 719 * document authors. All rights reserved. 720 * 721 * XXX: These tests are likely to fail on EBCDIC or Unicode platforms. 722 */ 723 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test1_plaintext, 724 "abcdefghijk"); 725 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_basekey, 726 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93, 727 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3 728 ); 729 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_usage, 730 0x00, 0x00, 0x00, 0x07, KEY_USAGE_SEED_CHECKSUM 731 ); 732 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_expected_result, 733 0x11, 0x78, 0xe6, 0xc5, 0xc4, 0x7a, 0x8c, 0x1a, 734 0xe0, 0xc4, 0xb9, 0xc7, 0xd4, 0xeb, 0x7b, 0x6b 735 ); 736 737 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test2_plaintext, 738 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"); 739 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_basekey, 740 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d, 741 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c 742 ); 743 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_usage, 744 0x00, 0x00, 0x00, 0x08, KEY_USAGE_SEED_CHECKSUM 745 ); 746 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_expected_result, 747 0xd1, 0xb3, 0x4f, 0x70, 0x04, 0xa7, 0x31, 0xf2, 748 0x3a, 0x0c, 0x00, 0xbf, 0x6c, 0x3f, 0x75, 0x3a 749 ); 750 751 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test3_plaintext, 752 "123456789"); 753 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_basekey, 754 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57, 755 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03, 756 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd, 757 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b 758 ); 759 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_usage, 760 0x00, 0x00, 0x00, 0x09, KEY_USAGE_SEED_CHECKSUM 761 ); 762 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_expected_result, 763 0x87, 0xa1, 0x2c, 0xfd, 0x2b, 0x96, 0x21, 0x48, 764 0x10, 0xf0, 0x1c, 0x82, 0x6e, 0x77, 0x44, 0xb1 765 ); 766 767 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test4_plaintext, 768 "!@#$%^&*()!@#$%^&*()!@#$%^&*()"); 769 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_basekey, 770 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15, 771 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe, 772 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33, 773 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05 774 ); 775 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_usage, 776 0x00, 0x00, 0x00, 0x0a, KEY_USAGE_SEED_CHECKSUM 777 ); 778 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_expected_result, 779 0x3f, 0xa0, 0xb4, 0x23, 0x55, 0xe5, 0x2b, 0x18, 780 0x91, 0x87, 0x29, 0x4a, 0xa2, 0x52, 0xab, 0x64 781 ); 782 783 static const struct gss_krb5_test_param rfc6803_checksum_test_params[] = { 784 { 785 .desc = "camellia128-cts-cmac checksum test 1", 786 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 787 .base_key = &rfc6803_checksum_test1_basekey, 788 .usage = &rfc6803_checksum_test1_usage, 789 .plaintext = &rfc6803_checksum_test1_plaintext, 790 .expected_result = &rfc6803_checksum_test1_expected_result, 791 }, 792 { 793 .desc = "camellia128-cts-cmac checksum test 2", 794 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 795 .base_key = &rfc6803_checksum_test2_basekey, 796 .usage = &rfc6803_checksum_test2_usage, 797 .plaintext = &rfc6803_checksum_test2_plaintext, 798 .expected_result = &rfc6803_checksum_test2_expected_result, 799 }, 800 { 801 .desc = "camellia256-cts-cmac checksum test 3", 802 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 803 .base_key = &rfc6803_checksum_test3_basekey, 804 .usage = &rfc6803_checksum_test3_usage, 805 .plaintext = &rfc6803_checksum_test3_plaintext, 806 .expected_result = &rfc6803_checksum_test3_expected_result, 807 }, 808 { 809 .desc = "camellia256-cts-cmac checksum test 4", 810 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 811 .base_key = &rfc6803_checksum_test4_basekey, 812 .usage = &rfc6803_checksum_test4_usage, 813 .plaintext = &rfc6803_checksum_test4_plaintext, 814 .expected_result = &rfc6803_checksum_test4_expected_result, 815 }, 816 }; 817 818 /* Creates the function rfc6803_checksum_gen_params */ 819 KUNIT_ARRAY_PARAM(rfc6803_checksum, rfc6803_checksum_test_params, 820 gss_krb5_get_desc); 821 822 /* 823 * From RFC 6803 Section 10. Test vectors 824 * 825 * Sample encryptions (all using the default cipher state) 826 * 827 * Copyright (c) 2012 IETF Trust and the persons identified as the 828 * document authors. All rights reserved. 829 * 830 * Key usage values are from errata 4326 against RFC 6803. 831 */ 832 833 static const struct xdr_netobj rfc6803_enc_empty_plaintext = { 834 .len = 0, 835 }; 836 837 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_1byte_plaintext, "1"); 838 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_9byte_plaintext, "9 bytesss"); 839 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_13byte_plaintext, "13 bytes byte"); 840 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_30byte_plaintext, 841 "30 bytes bytes bytes bytes byt" 842 ); 843 844 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_confounder, 845 0xb6, 0x98, 0x22, 0xa1, 0x9a, 0x6b, 0x09, 0xc0, 846 0xeb, 0xc8, 0x55, 0x7d, 0x1f, 0x1b, 0x6c, 0x0a 847 ); 848 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_basekey, 849 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93, 850 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3 851 ); 852 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_expected_result, 853 0xc4, 0x66, 0xf1, 0x87, 0x10, 0x69, 0x92, 0x1e, 854 0xdb, 0x7c, 0x6f, 0xde, 0x24, 0x4a, 0x52, 0xdb, 855 0x0b, 0xa1, 0x0e, 0xdc, 0x19, 0x7b, 0xdb, 0x80, 856 0x06, 0x65, 0x8c, 0xa3, 0xcc, 0xce, 0x6e, 0xb8 857 ); 858 859 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_confounder, 860 0x6f, 0x2f, 0xc3, 0xc2, 0xa1, 0x66, 0xfd, 0x88, 861 0x98, 0x96, 0x7a, 0x83, 0xde, 0x95, 0x96, 0xd9 862 ); 863 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_basekey, 864 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d, 865 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c 866 ); 867 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_expected_result, 868 0x84, 0x2d, 0x21, 0xfd, 0x95, 0x03, 0x11, 0xc0, 869 0xdd, 0x46, 0x4a, 0x3f, 0x4b, 0xe8, 0xd6, 0xda, 870 0x88, 0xa5, 0x6d, 0x55, 0x9c, 0x9b, 0x47, 0xd3, 871 0xf9, 0xa8, 0x50, 0x67, 0xaf, 0x66, 0x15, 0x59, 872 0xb8 873 ); 874 875 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_confounder, 876 0xa5, 0xb4, 0xa7, 0x1e, 0x07, 0x7a, 0xee, 0xf9, 877 0x3c, 0x87, 0x63, 0xc1, 0x8f, 0xdb, 0x1f, 0x10 878 ); 879 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_basekey, 880 0xa1, 0xbb, 0x61, 0xe8, 0x05, 0xf9, 0xba, 0x6d, 881 0xde, 0x8f, 0xdb, 0xdd, 0xc0, 0x5c, 0xde, 0xa0 882 ); 883 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_expected_result, 884 0x61, 0x9f, 0xf0, 0x72, 0xe3, 0x62, 0x86, 0xff, 885 0x0a, 0x28, 0xde, 0xb3, 0xa3, 0x52, 0xec, 0x0d, 886 0x0e, 0xdf, 0x5c, 0x51, 0x60, 0xd6, 0x63, 0xc9, 887 0x01, 0x75, 0x8c, 0xcf, 0x9d, 0x1e, 0xd3, 0x3d, 888 0x71, 0xdb, 0x8f, 0x23, 0xaa, 0xbf, 0x83, 0x48, 889 0xa0 890 ); 891 892 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_confounder, 893 0x19, 0xfe, 0xe4, 0x0d, 0x81, 0x0c, 0x52, 0x4b, 894 0x5b, 0x22, 0xf0, 0x18, 0x74, 0xc6, 0x93, 0xda 895 ); 896 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_basekey, 897 0x2c, 0xa2, 0x7a, 0x5f, 0xaf, 0x55, 0x32, 0x24, 898 0x45, 0x06, 0x43, 0x4e, 0x1c, 0xef, 0x66, 0x76 899 ); 900 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_expected_result, 901 0xb8, 0xec, 0xa3, 0x16, 0x7a, 0xe6, 0x31, 0x55, 902 0x12, 0xe5, 0x9f, 0x98, 0xa7, 0xc5, 0x00, 0x20, 903 0x5e, 0x5f, 0x63, 0xff, 0x3b, 0xb3, 0x89, 0xaf, 904 0x1c, 0x41, 0xa2, 0x1d, 0x64, 0x0d, 0x86, 0x15, 905 0xc9, 0xed, 0x3f, 0xbe, 0xb0, 0x5a, 0xb6, 0xac, 906 0xb6, 0x76, 0x89, 0xb5, 0xea 907 ); 908 909 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_confounder, 910 0xca, 0x7a, 0x7a, 0xb4, 0xbe, 0x19, 0x2d, 0xab, 911 0xd6, 0x03, 0x50, 0x6d, 0xb1, 0x9c, 0x39, 0xe2 912 ); 913 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_basekey, 914 0x78, 0x24, 0xf8, 0xc1, 0x6f, 0x83, 0xff, 0x35, 915 0x4c, 0x6b, 0xf7, 0x51, 0x5b, 0x97, 0x3f, 0x43 916 ); 917 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_expected_result, 918 0xa2, 0x6a, 0x39, 0x05, 0xa4, 0xff, 0xd5, 0x81, 919 0x6b, 0x7b, 0x1e, 0x27, 0x38, 0x0d, 0x08, 0x09, 920 0x0c, 0x8e, 0xc1, 0xf3, 0x04, 0x49, 0x6e, 0x1a, 921 0xbd, 0xcd, 0x2b, 0xdc, 0xd1, 0xdf, 0xfc, 0x66, 922 0x09, 0x89, 0xe1, 0x17, 0xa7, 0x13, 0xdd, 0xbb, 923 0x57, 0xa4, 0x14, 0x6c, 0x15, 0x87, 0xcb, 0xa4, 924 0x35, 0x66, 0x65, 0x59, 0x1d, 0x22, 0x40, 0x28, 925 0x2f, 0x58, 0x42, 0xb1, 0x05, 0xa5 926 ); 927 928 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_confounder, 929 0x3c, 0xbb, 0xd2, 0xb4, 0x59, 0x17, 0x94, 0x10, 930 0x67, 0xf9, 0x65, 0x99, 0xbb, 0x98, 0x92, 0x6c 931 ); 932 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_basekey, 933 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57, 934 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03, 935 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd, 936 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b 937 ); 938 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_expected_result, 939 0x03, 0x88, 0x6d, 0x03, 0x31, 0x0b, 0x47, 0xa6, 940 0xd8, 0xf0, 0x6d, 0x7b, 0x94, 0xd1, 0xdd, 0x83, 941 0x7e, 0xcc, 0xe3, 0x15, 0xef, 0x65, 0x2a, 0xff, 942 0x62, 0x08, 0x59, 0xd9, 0x4a, 0x25, 0x92, 0x66 943 ); 944 945 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_confounder, 946 0xde, 0xf4, 0x87, 0xfc, 0xeb, 0xe6, 0xde, 0x63, 947 0x46, 0xd4, 0xda, 0x45, 0x21, 0xbb, 0xa2, 0xd2 948 ); 949 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_basekey, 950 0x1b, 0x97, 0xfe, 0x0a, 0x19, 0x0e, 0x20, 0x21, 951 0xeb, 0x30, 0x75, 0x3e, 0x1b, 0x6e, 0x1e, 0x77, 952 0xb0, 0x75, 0x4b, 0x1d, 0x68, 0x46, 0x10, 0x35, 953 0x58, 0x64, 0x10, 0x49, 0x63, 0x46, 0x38, 0x33 954 ); 955 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_expected_result, 956 0x2c, 0x9c, 0x15, 0x70, 0x13, 0x3c, 0x99, 0xbf, 957 0x6a, 0x34, 0xbc, 0x1b, 0x02, 0x12, 0x00, 0x2f, 958 0xd1, 0x94, 0x33, 0x87, 0x49, 0xdb, 0x41, 0x35, 959 0x49, 0x7a, 0x34, 0x7c, 0xfc, 0xd9, 0xd1, 0x8a, 960 0x12 961 ); 962 963 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_confounder, 964 0xad, 0x4f, 0xf9, 0x04, 0xd3, 0x4e, 0x55, 0x53, 965 0x84, 0xb1, 0x41, 0x00, 0xfc, 0x46, 0x5f, 0x88 966 ); 967 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_basekey, 968 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15, 969 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe, 970 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33, 971 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05 972 ); 973 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_expected_result, 974 0x9c, 0x6d, 0xe7, 0x5f, 0x81, 0x2d, 0xe7, 0xed, 975 0x0d, 0x28, 0xb2, 0x96, 0x35, 0x57, 0xa1, 0x15, 976 0x64, 0x09, 0x98, 0x27, 0x5b, 0x0a, 0xf5, 0x15, 977 0x27, 0x09, 0x91, 0x3f, 0xf5, 0x2a, 0x2a, 0x9c, 978 0x8e, 0x63, 0xb8, 0x72, 0xf9, 0x2e, 0x64, 0xc8, 979 0x39 980 ); 981 982 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_confounder, 983 0xcf, 0x9b, 0xca, 0x6d, 0xf1, 0x14, 0x4e, 0x0c, 984 0x0a, 0xf9, 0xb8, 0xf3, 0x4c, 0x90, 0xd5, 0x14 985 ); 986 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_basekey, 987 0xb0, 0x38, 0xb1, 0x32, 0xcd, 0x8e, 0x06, 0x61, 988 0x22, 0x67, 0xfa, 0xb7, 0x17, 0x00, 0x66, 0xd8, 989 0x8a, 0xec, 0xcb, 0xa0, 0xb7, 0x44, 0xbf, 0xc6, 990 0x0d, 0xc8, 0x9b, 0xca, 0x18, 0x2d, 0x07, 0x15 991 ); 992 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_expected_result, 993 0xee, 0xec, 0x85, 0xa9, 0x81, 0x3c, 0xdc, 0x53, 994 0x67, 0x72, 0xab, 0x9b, 0x42, 0xde, 0xfc, 0x57, 995 0x06, 0xf7, 0x26, 0xe9, 0x75, 0xdd, 0xe0, 0x5a, 996 0x87, 0xeb, 0x54, 0x06, 0xea, 0x32, 0x4c, 0xa1, 997 0x85, 0xc9, 0x98, 0x6b, 0x42, 0xaa, 0xbe, 0x79, 998 0x4b, 0x84, 0x82, 0x1b, 0xee 999 ); 1000 1001 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_confounder, 1002 0x64, 0x4d, 0xef, 0x38, 0xda, 0x35, 0x00, 0x72, 1003 0x75, 0x87, 0x8d, 0x21, 0x68, 0x55, 0xe2, 0x28 1004 ); 1005 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_basekey, 1006 0xcc, 0xfc, 0xd3, 0x49, 0xbf, 0x4c, 0x66, 0x77, 1007 0xe8, 0x6e, 0x4b, 0x02, 0xb8, 0xea, 0xb9, 0x24, 1008 0xa5, 0x46, 0xac, 0x73, 0x1c, 0xf9, 0xbf, 0x69, 1009 0x89, 0xb9, 0x96, 0xe7, 0xd6, 0xbf, 0xbb, 0xa7 1010 ); 1011 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_expected_result, 1012 0x0e, 0x44, 0x68, 0x09, 0x85, 0x85, 0x5f, 0x2d, 1013 0x1f, 0x18, 0x12, 0x52, 0x9c, 0xa8, 0x3b, 0xfd, 1014 0x8e, 0x34, 0x9d, 0xe6, 0xfd, 0x9a, 0xda, 0x0b, 1015 0xaa, 0xa0, 0x48, 0xd6, 0x8e, 0x26, 0x5f, 0xeb, 1016 0xf3, 0x4a, 0xd1, 0x25, 0x5a, 0x34, 0x49, 0x99, 1017 0xad, 0x37, 0x14, 0x68, 0x87, 0xa6, 0xc6, 0x84, 1018 0x57, 0x31, 0xac, 0x7f, 0x46, 0x37, 0x6a, 0x05, 1019 0x04, 0xcd, 0x06, 0x57, 0x14, 0x74 1020 ); 1021 1022 static const struct gss_krb5_test_param rfc6803_encrypt_test_params[] = { 1023 { 1024 .desc = "Encrypt empty plaintext with camellia128-cts-cmac", 1025 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1026 .constant = 0, 1027 .base_key = &rfc6803_enc_test1_basekey, 1028 .plaintext = &rfc6803_enc_empty_plaintext, 1029 .confounder = &rfc6803_enc_test1_confounder, 1030 .expected_result = &rfc6803_enc_test1_expected_result, 1031 }, 1032 { 1033 .desc = "Encrypt 1 byte with camellia128-cts-cmac", 1034 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1035 .constant = 1, 1036 .base_key = &rfc6803_enc_test2_basekey, 1037 .plaintext = &rfc6803_enc_1byte_plaintext, 1038 .confounder = &rfc6803_enc_test2_confounder, 1039 .expected_result = &rfc6803_enc_test2_expected_result, 1040 }, 1041 { 1042 .desc = "Encrypt 9 bytes with camellia128-cts-cmac", 1043 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1044 .constant = 2, 1045 .base_key = &rfc6803_enc_test3_basekey, 1046 .plaintext = &rfc6803_enc_9byte_plaintext, 1047 .confounder = &rfc6803_enc_test3_confounder, 1048 .expected_result = &rfc6803_enc_test3_expected_result, 1049 }, 1050 { 1051 .desc = "Encrypt 13 bytes with camellia128-cts-cmac", 1052 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1053 .constant = 3, 1054 .base_key = &rfc6803_enc_test4_basekey, 1055 .plaintext = &rfc6803_enc_13byte_plaintext, 1056 .confounder = &rfc6803_enc_test4_confounder, 1057 .expected_result = &rfc6803_enc_test4_expected_result, 1058 }, 1059 { 1060 .desc = "Encrypt 30 bytes with camellia128-cts-cmac", 1061 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1062 .constant = 4, 1063 .base_key = &rfc6803_enc_test5_basekey, 1064 .plaintext = &rfc6803_enc_30byte_plaintext, 1065 .confounder = &rfc6803_enc_test5_confounder, 1066 .expected_result = &rfc6803_enc_test5_expected_result, 1067 }, 1068 { 1069 .desc = "Encrypt empty plaintext with camellia256-cts-cmac", 1070 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1071 .constant = 0, 1072 .base_key = &rfc6803_enc_test6_basekey, 1073 .plaintext = &rfc6803_enc_empty_plaintext, 1074 .confounder = &rfc6803_enc_test6_confounder, 1075 .expected_result = &rfc6803_enc_test6_expected_result, 1076 }, 1077 { 1078 .desc = "Encrypt 1 byte with camellia256-cts-cmac", 1079 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1080 .constant = 1, 1081 .base_key = &rfc6803_enc_test7_basekey, 1082 .plaintext = &rfc6803_enc_1byte_plaintext, 1083 .confounder = &rfc6803_enc_test7_confounder, 1084 .expected_result = &rfc6803_enc_test7_expected_result, 1085 }, 1086 { 1087 .desc = "Encrypt 9 bytes with camellia256-cts-cmac", 1088 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1089 .constant = 2, 1090 .base_key = &rfc6803_enc_test8_basekey, 1091 .plaintext = &rfc6803_enc_9byte_plaintext, 1092 .confounder = &rfc6803_enc_test8_confounder, 1093 .expected_result = &rfc6803_enc_test8_expected_result, 1094 }, 1095 { 1096 .desc = "Encrypt 13 bytes with camellia256-cts-cmac", 1097 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1098 .constant = 3, 1099 .base_key = &rfc6803_enc_test9_basekey, 1100 .plaintext = &rfc6803_enc_13byte_plaintext, 1101 .confounder = &rfc6803_enc_test9_confounder, 1102 .expected_result = &rfc6803_enc_test9_expected_result, 1103 }, 1104 { 1105 .desc = "Encrypt 30 bytes with camellia256-cts-cmac", 1106 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1107 .constant = 4, 1108 .base_key = &rfc6803_enc_test10_basekey, 1109 .plaintext = &rfc6803_enc_30byte_plaintext, 1110 .confounder = &rfc6803_enc_test10_confounder, 1111 .expected_result = &rfc6803_enc_test10_expected_result, 1112 }, 1113 }; 1114 1115 /* Creates the function rfc6803_encrypt_gen_params */ 1116 KUNIT_ARRAY_PARAM(rfc6803_encrypt, rfc6803_encrypt_test_params, 1117 gss_krb5_get_desc); 1118 1119 static void rfc6803_encrypt_case(struct kunit *test) 1120 { 1121 const struct gss_krb5_test_param *param = test->param_value; 1122 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 1123 const struct gss_krb5_enctype *gk5e; 1124 struct xdr_netobj Ke, Ki, checksum; 1125 u8 usage_data[GSS_KRB5_K5CLENGTH]; 1126 struct xdr_netobj usage = { 1127 .data = usage_data, 1128 .len = sizeof(usage_data), 1129 }; 1130 struct crypto_ahash *ahash_tfm; 1131 unsigned int blocksize; 1132 struct xdr_buf buf; 1133 void *text; 1134 size_t len; 1135 u32 err; 1136 1137 /* Arrange */ 1138 gk5e = gss_krb5_lookup_enctype(param->enctype); 1139 if (!gk5e) 1140 kunit_skip(test, "Encryption type is not available"); 1141 1142 memset(usage_data, 0, sizeof(usage_data)); 1143 usage.data[3] = param->constant; 1144 1145 Ke.len = gk5e->Ke_length; 1146 Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL); 1147 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data); 1148 usage.data[4] = KEY_USAGE_SEED_ENCRYPTION; 1149 err = gk5e->derive_key(gk5e, param->base_key, &Ke, &usage, GFP_KERNEL); 1150 KUNIT_ASSERT_EQ(test, err, 0); 1151 1152 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 1153 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 1154 err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len); 1155 KUNIT_ASSERT_EQ(test, err, 0); 1156 1157 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 1158 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 1159 err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len); 1160 KUNIT_ASSERT_EQ(test, err, 0); 1161 blocksize = crypto_sync_skcipher_blocksize(cts_tfm); 1162 1163 len = param->confounder->len + param->plaintext->len + blocksize; 1164 text = kunit_kzalloc(test, len, GFP_KERNEL); 1165 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 1166 memcpy(text, param->confounder->data, param->confounder->len); 1167 memcpy(text + param->confounder->len, param->plaintext->data, 1168 param->plaintext->len); 1169 1170 memset(&buf, 0, sizeof(buf)); 1171 buf.head[0].iov_base = text; 1172 buf.head[0].iov_len = param->confounder->len + param->plaintext->len; 1173 buf.len = buf.head[0].iov_len; 1174 1175 checksum.len = gk5e->cksumlength; 1176 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 1177 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 1178 1179 Ki.len = gk5e->Ki_length; 1180 Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL); 1181 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data); 1182 usage.data[4] = KEY_USAGE_SEED_INTEGRITY; 1183 err = gk5e->derive_key(gk5e, param->base_key, &Ki, 1184 &usage, GFP_KERNEL); 1185 KUNIT_ASSERT_EQ(test, err, 0); 1186 ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 1187 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm); 1188 err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len); 1189 KUNIT_ASSERT_EQ(test, err, 0); 1190 1191 /* Act */ 1192 err = gss_krb5_checksum(ahash_tfm, NULL, 0, &buf, 0, &checksum); 1193 KUNIT_ASSERT_EQ(test, err, 0); 1194 1195 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); 1196 KUNIT_ASSERT_EQ(test, err, 0); 1197 1198 /* Assert */ 1199 KUNIT_EXPECT_EQ_MSG(test, param->expected_result->len, 1200 buf.len + checksum.len, 1201 "ciphertext length mismatch"); 1202 KUNIT_EXPECT_MEMEQ_MSG(test, 1203 param->expected_result->data, 1204 buf.head[0].iov_base, 1205 buf.len, 1206 "encrypted result mismatch"); 1207 KUNIT_EXPECT_MEMEQ_MSG(test, 1208 param->expected_result->data + 1209 (param->expected_result->len - checksum.len), 1210 checksum.data, 1211 checksum.len, 1212 "HMAC mismatch"); 1213 1214 crypto_free_ahash(ahash_tfm); 1215 crypto_free_sync_skcipher(cts_tfm); 1216 crypto_free_sync_skcipher(cbc_tfm); 1217 } 1218 1219 static struct kunit_case rfc6803_test_cases[] = { 1220 { 1221 .name = "RFC 6803 key derivation", 1222 .run_case = kdf_case, 1223 .generate_params = rfc6803_kdf_gen_params, 1224 }, 1225 { 1226 .name = "RFC 6803 checksum", 1227 .run_case = checksum_case, 1228 .generate_params = rfc6803_checksum_gen_params, 1229 }, 1230 { 1231 .name = "RFC 6803 encryption", 1232 .run_case = rfc6803_encrypt_case, 1233 .generate_params = rfc6803_encrypt_gen_params, 1234 }, 1235 {} 1236 }; 1237 1238 static struct kunit_suite rfc6803_suite = { 1239 .name = "RFC 6803 suite", 1240 .test_cases = rfc6803_test_cases, 1241 }; 1242 1243 /* 1244 * From RFC 8009 Appendix A. Test Vectors 1245 * 1246 * Sample results for SHA-2 enctype key derivation 1247 * 1248 * This test material is copyright (c) 2016 IETF Trust and the 1249 * persons identified as the document authors. All rights reserved. 1250 */ 1251 1252 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_basekey, 1253 0x37, 0x05, 0xd9, 0x60, 0x80, 0xc1, 0x77, 0x28, 1254 0xa0, 0xe8, 0x00, 0xea, 0xb6, 0xe0, 0xd2, 0x3c 1255 ); 1256 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Kc, 1257 0xb3, 0x1a, 0x01, 0x8a, 0x48, 0xf5, 0x47, 0x76, 1258 0xf4, 0x03, 0xe9, 0xa3, 0x96, 0x32, 0x5d, 0xc3 1259 ); 1260 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ke, 1261 0x9b, 0x19, 0x7d, 0xd1, 0xe8, 0xc5, 0x60, 0x9d, 1262 0x6e, 0x67, 0xc3, 0xe3, 0x7c, 0x62, 0xc7, 0x2e 1263 ); 1264 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ki, 1265 0x9f, 0xda, 0x0e, 0x56, 0xab, 0x2d, 0x85, 0xe1, 1266 0x56, 0x9a, 0x68, 0x86, 0x96, 0xc2, 0x6a, 0x6c 1267 ); 1268 1269 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_basekey, 1270 0x6d, 0x40, 0x4d, 0x37, 0xfa, 0xf7, 0x9f, 0x9d, 1271 0xf0, 0xd3, 0x35, 0x68, 0xd3, 0x20, 0x66, 0x98, 1272 0x00, 0xeb, 0x48, 0x36, 0x47, 0x2e, 0xa8, 0xa0, 1273 0x26, 0xd1, 0x6b, 0x71, 0x82, 0x46, 0x0c, 0x52 1274 ); 1275 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Kc, 1276 0xef, 0x57, 0x18, 0xbe, 0x86, 0xcc, 0x84, 0x96, 1277 0x3d, 0x8b, 0xbb, 0x50, 0x31, 0xe9, 0xf5, 0xc4, 1278 0xba, 0x41, 0xf2, 0x8f, 0xaf, 0x69, 0xe7, 0x3d 1279 ); 1280 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ke, 1281 0x56, 0xab, 0x22, 0xbe, 0xe6, 0x3d, 0x82, 0xd7, 1282 0xbc, 0x52, 0x27, 0xf6, 0x77, 0x3f, 0x8e, 0xa7, 1283 0xa5, 0xeb, 0x1c, 0x82, 0x51, 0x60, 0xc3, 0x83, 1284 0x12, 0x98, 0x0c, 0x44, 0x2e, 0x5c, 0x7e, 0x49 1285 ); 1286 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ki, 1287 0x69, 0xb1, 0x65, 0x14, 0xe3, 0xcd, 0x8e, 0x56, 1288 0xb8, 0x20, 0x10, 0xd5, 0xc7, 0x30, 0x12, 0xb6, 1289 0x22, 0xc4, 0xd0, 0x0f, 0xfc, 0x23, 0xed, 0x1f 1290 ); 1291 1292 static const struct gss_krb5_test_param rfc8009_kdf_test_params[] = { 1293 { 1294 .desc = "Derive Kc subkey for aes128-cts-hmac-sha256-128", 1295 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1296 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1297 .usage = &usage_checksum, 1298 .expected_result = &aes128_cts_hmac_sha256_128_Kc, 1299 }, 1300 { 1301 .desc = "Derive Ke subkey for aes128-cts-hmac-sha256-128", 1302 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1303 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1304 .usage = &usage_encryption, 1305 .expected_result = &aes128_cts_hmac_sha256_128_Ke, 1306 }, 1307 { 1308 .desc = "Derive Ki subkey for aes128-cts-hmac-sha256-128", 1309 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1310 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1311 .usage = &usage_integrity, 1312 .expected_result = &aes128_cts_hmac_sha256_128_Ki, 1313 }, 1314 { 1315 .desc = "Derive Kc subkey for aes256-cts-hmac-sha384-192", 1316 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1317 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1318 .usage = &usage_checksum, 1319 .expected_result = &aes256_cts_hmac_sha384_192_Kc, 1320 }, 1321 { 1322 .desc = "Derive Ke subkey for aes256-cts-hmac-sha384-192", 1323 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1324 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1325 .usage = &usage_encryption, 1326 .expected_result = &aes256_cts_hmac_sha384_192_Ke, 1327 }, 1328 { 1329 .desc = "Derive Ki subkey for aes256-cts-hmac-sha384-192", 1330 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1331 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1332 .usage = &usage_integrity, 1333 .expected_result = &aes256_cts_hmac_sha384_192_Ki, 1334 }, 1335 }; 1336 1337 /* Creates the function rfc8009_kdf_gen_params */ 1338 KUNIT_ARRAY_PARAM(rfc8009_kdf, rfc8009_kdf_test_params, gss_krb5_get_desc); 1339 1340 /* 1341 * From RFC 8009 Appendix A. Test Vectors 1342 * 1343 * These sample checksums use the above sample key derivation results, 1344 * including use of the same base-key and key usage values. 1345 * 1346 * This test material is copyright (c) 2016 IETF Trust and the 1347 * persons identified as the document authors. All rights reserved. 1348 */ 1349 1350 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_plaintext, 1351 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1352 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 1353 0x10, 0x11, 0x12, 0x13, 0x14 1354 ); 1355 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test1_expected_result, 1356 0xd7, 0x83, 0x67, 0x18, 0x66, 0x43, 0xd6, 0x7b, 1357 0x41, 0x1c, 0xba, 0x91, 0x39, 0xfc, 0x1d, 0xee 1358 ); 1359 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test2_expected_result, 1360 0x45, 0xee, 0x79, 0x15, 0x67, 0xee, 0xfc, 0xa3, 1361 0x7f, 0x4a, 0xc1, 0xe0, 0x22, 0x2d, 0xe8, 0x0d, 1362 0x43, 0xc3, 0xbf, 0xa0, 0x66, 0x99, 0x67, 0x2a 1363 ); 1364 1365 static const struct gss_krb5_test_param rfc8009_checksum_test_params[] = { 1366 { 1367 .desc = "Checksum with aes128-cts-hmac-sha256-128", 1368 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1369 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1370 .usage = &usage_checksum, 1371 .plaintext = &rfc8009_checksum_plaintext, 1372 .expected_result = &rfc8009_checksum_test1_expected_result, 1373 }, 1374 { 1375 .desc = "Checksum with aes256-cts-hmac-sha384-192", 1376 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1377 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1378 .usage = &usage_checksum, 1379 .plaintext = &rfc8009_checksum_plaintext, 1380 .expected_result = &rfc8009_checksum_test2_expected_result, 1381 }, 1382 }; 1383 1384 /* Creates the function rfc8009_checksum_gen_params */ 1385 KUNIT_ARRAY_PARAM(rfc8009_checksum, rfc8009_checksum_test_params, 1386 gss_krb5_get_desc); 1387 1388 /* 1389 * From RFC 8009 Appendix A. Test Vectors 1390 * 1391 * Sample encryptions (all using the default cipher state): 1392 * -------------------------------------------------------- 1393 * 1394 * These sample encryptions use the above sample key derivation results, 1395 * including use of the same base-key and key usage values. 1396 * 1397 * This test material is copyright (c) 2016 IETF Trust and the 1398 * persons identified as the document authors. All rights reserved. 1399 */ 1400 1401 static const struct xdr_netobj rfc8009_enc_empty_plaintext = { 1402 .len = 0, 1403 }; 1404 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_short_plaintext, 1405 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 1406 ); 1407 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_block_plaintext, 1408 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1409 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 1410 ); 1411 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_long_plaintext, 1412 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1413 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 1414 0x10, 0x11, 0x12, 0x13, 0x14 1415 ); 1416 1417 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_confounder, 1418 0x7e, 0x58, 0x95, 0xea, 0xf2, 0x67, 0x24, 0x35, 1419 0xba, 0xd8, 0x17, 0xf5, 0x45, 0xa3, 0x71, 0x48 1420 ); 1421 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_result, 1422 0xef, 0x85, 0xfb, 0x89, 0x0b, 0xb8, 0x47, 0x2f, 1423 0x4d, 0xab, 0x20, 0x39, 0x4d, 0xca, 0x78, 0x1d 1424 ); 1425 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_hmac, 1426 0xad, 0x87, 0x7e, 0xda, 0x39, 0xd5, 0x0c, 0x87, 1427 0x0c, 0x0d, 0x5a, 0x0a, 0x8e, 0x48, 0xc7, 0x18 1428 ); 1429 1430 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_confounder, 1431 0x7b, 0xca, 0x28, 0x5e, 0x2f, 0xd4, 0x13, 0x0f, 1432 0xb5, 0x5b, 0x1a, 0x5c, 0x83, 0xbc, 0x5b, 0x24 1433 ); 1434 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_result, 1435 0x84, 0xd7, 0xf3, 0x07, 0x54, 0xed, 0x98, 0x7b, 1436 0xab, 0x0b, 0xf3, 0x50, 0x6b, 0xeb, 0x09, 0xcf, 1437 0xb5, 0x54, 0x02, 0xce, 0xf7, 0xe6 1438 ); 1439 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_hmac, 1440 0x87, 0x7c, 0xe9, 0x9e, 0x24, 0x7e, 0x52, 0xd1, 1441 0x6e, 0xd4, 0x42, 0x1d, 0xfd, 0xf8, 0x97, 0x6c 1442 ); 1443 1444 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_confounder, 1445 0x56, 0xab, 0x21, 0x71, 0x3f, 0xf6, 0x2c, 0x0a, 1446 0x14, 0x57, 0x20, 0x0f, 0x6f, 0xa9, 0x94, 0x8f 1447 ); 1448 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_result, 1449 0x35, 0x17, 0xd6, 0x40, 0xf5, 0x0d, 0xdc, 0x8a, 1450 0xd3, 0x62, 0x87, 0x22, 0xb3, 0x56, 0x9d, 0x2a, 1451 0xe0, 0x74, 0x93, 0xfa, 0x82, 0x63, 0x25, 0x40, 1452 0x80, 0xea, 0x65, 0xc1, 0x00, 0x8e, 0x8f, 0xc2 1453 ); 1454 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_hmac, 1455 0x95, 0xfb, 0x48, 0x52, 0xe7, 0xd8, 0x3e, 0x1e, 1456 0x7c, 0x48, 0xc3, 0x7e, 0xeb, 0xe6, 0xb0, 0xd3 1457 ); 1458 1459 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_confounder, 1460 0xa7, 0xa4, 0xe2, 0x9a, 0x47, 0x28, 0xce, 0x10, 1461 0x66, 0x4f, 0xb6, 0x4e, 0x49, 0xad, 0x3f, 0xac 1462 ); 1463 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_result, 1464 0x72, 0x0f, 0x73, 0xb1, 0x8d, 0x98, 0x59, 0xcd, 1465 0x6c, 0xcb, 0x43, 0x46, 0x11, 0x5c, 0xd3, 0x36, 1466 0xc7, 0x0f, 0x58, 0xed, 0xc0, 0xc4, 0x43, 0x7c, 1467 0x55, 0x73, 0x54, 0x4c, 0x31, 0xc8, 0x13, 0xbc, 1468 0xe1, 0xe6, 0xd0, 0x72, 0xc1 1469 ); 1470 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_hmac, 1471 0x86, 0xb3, 0x9a, 0x41, 0x3c, 0x2f, 0x92, 0xca, 1472 0x9b, 0x83, 0x34, 0xa2, 0x87, 0xff, 0xcb, 0xfc 1473 ); 1474 1475 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_confounder, 1476 0xf7, 0x64, 0xe9, 0xfa, 0x15, 0xc2, 0x76, 0x47, 1477 0x8b, 0x2c, 0x7d, 0x0c, 0x4e, 0x5f, 0x58, 0xe4 1478 ); 1479 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_result, 1480 0x41, 0xf5, 0x3f, 0xa5, 0xbf, 0xe7, 0x02, 0x6d, 1481 0x91, 0xfa, 0xf9, 0xbe, 0x95, 0x91, 0x95, 0xa0 1482 ); 1483 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_hmac, 1484 0x58, 0x70, 0x72, 0x73, 0xa9, 0x6a, 0x40, 0xf0, 1485 0xa0, 0x19, 0x60, 0x62, 0x1a, 0xc6, 0x12, 0x74, 1486 0x8b, 0x9b, 0xbf, 0xbe, 0x7e, 0xb4, 0xce, 0x3c 1487 ); 1488 1489 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_confounder, 1490 0xb8, 0x0d, 0x32, 0x51, 0xc1, 0xf6, 0x47, 0x14, 1491 0x94, 0x25, 0x6f, 0xfe, 0x71, 0x2d, 0x0b, 0x9a 1492 ); 1493 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_result, 1494 0x4e, 0xd7, 0xb3, 0x7c, 0x2b, 0xca, 0xc8, 0xf7, 1495 0x4f, 0x23, 0xc1, 0xcf, 0x07, 0xe6, 0x2b, 0xc7, 1496 0xb7, 0x5f, 0xb3, 0xf6, 0x37, 0xb9 1497 ); 1498 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_hmac, 1499 0xf5, 0x59, 0xc7, 0xf6, 0x64, 0xf6, 0x9e, 0xab, 1500 0x7b, 0x60, 0x92, 0x23, 0x75, 0x26, 0xea, 0x0d, 1501 0x1f, 0x61, 0xcb, 0x20, 0xd6, 0x9d, 0x10, 0xf2 1502 ); 1503 1504 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_confounder, 1505 0x53, 0xbf, 0x8a, 0x0d, 0x10, 0x52, 0x65, 0xd4, 1506 0xe2, 0x76, 0x42, 0x86, 0x24, 0xce, 0x5e, 0x63 1507 ); 1508 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_result, 1509 0xbc, 0x47, 0xff, 0xec, 0x79, 0x98, 0xeb, 0x91, 1510 0xe8, 0x11, 0x5c, 0xf8, 0xd1, 0x9d, 0xac, 0x4b, 1511 0xbb, 0xe2, 0xe1, 0x63, 0xe8, 0x7d, 0xd3, 0x7f, 1512 0x49, 0xbe, 0xca, 0x92, 0x02, 0x77, 0x64, 0xf6 1513 ); 1514 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_hmac, 1515 0x8c, 0xf5, 0x1f, 0x14, 0xd7, 0x98, 0xc2, 0x27, 1516 0x3f, 0x35, 0xdf, 0x57, 0x4d, 0x1f, 0x93, 0x2e, 1517 0x40, 0xc4, 0xff, 0x25, 0x5b, 0x36, 0xa2, 0x66 1518 ); 1519 1520 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_confounder, 1521 0x76, 0x3e, 0x65, 0x36, 0x7e, 0x86, 0x4f, 0x02, 1522 0xf5, 0x51, 0x53, 0xc7, 0xe3, 0xb5, 0x8a, 0xf1 1523 ); 1524 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_result, 1525 0x40, 0x01, 0x3e, 0x2d, 0xf5, 0x8e, 0x87, 0x51, 1526 0x95, 0x7d, 0x28, 0x78, 0xbc, 0xd2, 0xd6, 0xfe, 1527 0x10, 0x1c, 0xcf, 0xd5, 0x56, 0xcb, 0x1e, 0xae, 1528 0x79, 0xdb, 0x3c, 0x3e, 0xe8, 0x64, 0x29, 0xf2, 1529 0xb2, 0xa6, 0x02, 0xac, 0x86 1530 ); 1531 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_hmac, 1532 0xfe, 0xf6, 0xec, 0xb6, 0x47, 0xd6, 0x29, 0x5f, 1533 0xae, 0x07, 0x7a, 0x1f, 0xeb, 0x51, 0x75, 0x08, 1534 0xd2, 0xc1, 0x6b, 0x41, 0x92, 0xe0, 0x1f, 0x62 1535 ); 1536 1537 static const struct gss_krb5_test_param rfc8009_encrypt_test_params[] = { 1538 { 1539 .desc = "Encrypt empty plaintext with aes128-cts-hmac-sha256-128", 1540 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1541 .plaintext = &rfc8009_enc_empty_plaintext, 1542 .confounder = &rfc8009_enc_test1_confounder, 1543 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1544 .expected_result = &rfc8009_enc_test1_expected_result, 1545 .expected_hmac = &rfc8009_enc_test1_expected_hmac, 1546 }, 1547 { 1548 .desc = "Encrypt short plaintext with aes128-cts-hmac-sha256-128", 1549 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1550 .plaintext = &rfc8009_enc_short_plaintext, 1551 .confounder = &rfc8009_enc_test2_confounder, 1552 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1553 .expected_result = &rfc8009_enc_test2_expected_result, 1554 .expected_hmac = &rfc8009_enc_test2_expected_hmac, 1555 }, 1556 { 1557 .desc = "Encrypt block plaintext with aes128-cts-hmac-sha256-128", 1558 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1559 .plaintext = &rfc8009_enc_block_plaintext, 1560 .confounder = &rfc8009_enc_test3_confounder, 1561 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1562 .expected_result = &rfc8009_enc_test3_expected_result, 1563 .expected_hmac = &rfc8009_enc_test3_expected_hmac, 1564 }, 1565 { 1566 .desc = "Encrypt long plaintext with aes128-cts-hmac-sha256-128", 1567 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1568 .plaintext = &rfc8009_enc_long_plaintext, 1569 .confounder = &rfc8009_enc_test4_confounder, 1570 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1571 .expected_result = &rfc8009_enc_test4_expected_result, 1572 .expected_hmac = &rfc8009_enc_test4_expected_hmac, 1573 }, 1574 { 1575 .desc = "Encrypt empty plaintext with aes256-cts-hmac-sha384-192", 1576 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1577 .plaintext = &rfc8009_enc_empty_plaintext, 1578 .confounder = &rfc8009_enc_test5_confounder, 1579 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1580 .expected_result = &rfc8009_enc_test5_expected_result, 1581 .expected_hmac = &rfc8009_enc_test5_expected_hmac, 1582 }, 1583 { 1584 .desc = "Encrypt short plaintext with aes256-cts-hmac-sha384-192", 1585 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1586 .plaintext = &rfc8009_enc_short_plaintext, 1587 .confounder = &rfc8009_enc_test6_confounder, 1588 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1589 .expected_result = &rfc8009_enc_test6_expected_result, 1590 .expected_hmac = &rfc8009_enc_test6_expected_hmac, 1591 }, 1592 { 1593 .desc = "Encrypt block plaintext with aes256-cts-hmac-sha384-192", 1594 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1595 .plaintext = &rfc8009_enc_block_plaintext, 1596 .confounder = &rfc8009_enc_test7_confounder, 1597 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1598 .expected_result = &rfc8009_enc_test7_expected_result, 1599 .expected_hmac = &rfc8009_enc_test7_expected_hmac, 1600 }, 1601 { 1602 .desc = "Encrypt long plaintext with aes256-cts-hmac-sha384-192", 1603 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1604 .plaintext = &rfc8009_enc_long_plaintext, 1605 .confounder = &rfc8009_enc_test8_confounder, 1606 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1607 .expected_result = &rfc8009_enc_test8_expected_result, 1608 .expected_hmac = &rfc8009_enc_test8_expected_hmac, 1609 }, 1610 }; 1611 1612 /* Creates the function rfc8009_encrypt_gen_params */ 1613 KUNIT_ARRAY_PARAM(rfc8009_encrypt, rfc8009_encrypt_test_params, 1614 gss_krb5_get_desc); 1615 1616 static void rfc8009_encrypt_case(struct kunit *test) 1617 { 1618 const struct gss_krb5_test_param *param = test->param_value; 1619 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 1620 const struct gss_krb5_enctype *gk5e; 1621 struct xdr_netobj Ke, Ki, checksum; 1622 u8 usage_data[GSS_KRB5_K5CLENGTH]; 1623 struct xdr_netobj usage = { 1624 .data = usage_data, 1625 .len = sizeof(usage_data), 1626 }; 1627 struct crypto_ahash *ahash_tfm; 1628 struct xdr_buf buf; 1629 void *text; 1630 size_t len; 1631 u32 err; 1632 1633 /* Arrange */ 1634 gk5e = gss_krb5_lookup_enctype(param->enctype); 1635 if (!gk5e) 1636 kunit_skip(test, "Encryption type is not available"); 1637 1638 *(__be32 *)usage.data = cpu_to_be32(2); 1639 1640 Ke.len = gk5e->Ke_length; 1641 Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL); 1642 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data); 1643 usage.data[4] = KEY_USAGE_SEED_ENCRYPTION; 1644 err = gk5e->derive_key(gk5e, param->base_key, &Ke, 1645 &usage, GFP_KERNEL); 1646 KUNIT_ASSERT_EQ(test, err, 0); 1647 1648 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 1649 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 1650 err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len); 1651 KUNIT_ASSERT_EQ(test, err, 0); 1652 1653 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 1654 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 1655 err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len); 1656 KUNIT_ASSERT_EQ(test, err, 0); 1657 1658 len = param->confounder->len + param->plaintext->len; 1659 text = kunit_kzalloc(test, len, GFP_KERNEL); 1660 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 1661 memcpy(text, param->confounder->data, param->confounder->len); 1662 memcpy(text + param->confounder->len, param->plaintext->data, 1663 param->plaintext->len); 1664 1665 memset(&buf, 0, sizeof(buf)); 1666 buf.head[0].iov_base = text; 1667 buf.head[0].iov_len = param->confounder->len + param->plaintext->len; 1668 buf.len = buf.head[0].iov_len; 1669 1670 checksum.len = gk5e->cksumlength; 1671 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 1672 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 1673 1674 Ki.len = gk5e->Ki_length; 1675 Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL); 1676 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data); 1677 usage.data[4] = KEY_USAGE_SEED_INTEGRITY; 1678 err = gk5e->derive_key(gk5e, param->base_key, &Ki, 1679 &usage, GFP_KERNEL); 1680 KUNIT_ASSERT_EQ(test, err, 0); 1681 1682 ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 1683 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm); 1684 err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len); 1685 KUNIT_ASSERT_EQ(test, err, 0); 1686 1687 /* Act */ 1688 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); 1689 KUNIT_ASSERT_EQ(test, err, 0); 1690 err = krb5_etm_checksum(cts_tfm, ahash_tfm, &buf, 0, &checksum); 1691 KUNIT_ASSERT_EQ(test, err, 0); 1692 1693 /* Assert */ 1694 KUNIT_EXPECT_EQ_MSG(test, 1695 param->expected_result->len, buf.len, 1696 "ciphertext length mismatch"); 1697 KUNIT_EXPECT_MEMEQ_MSG(test, 1698 param->expected_result->data, 1699 buf.head[0].iov_base, 1700 param->expected_result->len, 1701 "ciphertext mismatch"); 1702 KUNIT_EXPECT_MEMEQ_MSG(test, 1703 param->expected_hmac->data, 1704 checksum.data, 1705 checksum.len, 1706 "HMAC mismatch"); 1707 1708 crypto_free_ahash(ahash_tfm); 1709 crypto_free_sync_skcipher(cts_tfm); 1710 crypto_free_sync_skcipher(cbc_tfm); 1711 } 1712 1713 static struct kunit_case rfc8009_test_cases[] = { 1714 { 1715 .name = "RFC 8009 key derivation", 1716 .run_case = kdf_case, 1717 .generate_params = rfc8009_kdf_gen_params, 1718 }, 1719 { 1720 .name = "RFC 8009 checksum", 1721 .run_case = checksum_case, 1722 .generate_params = rfc8009_checksum_gen_params, 1723 }, 1724 { 1725 .name = "RFC 8009 encryption", 1726 .run_case = rfc8009_encrypt_case, 1727 .generate_params = rfc8009_encrypt_gen_params, 1728 }, 1729 {} 1730 }; 1731 1732 static struct kunit_suite rfc8009_suite = { 1733 .name = "RFC 8009 suite", 1734 .test_cases = rfc8009_test_cases, 1735 }; 1736 1737 /* 1738 * Encryption self-tests 1739 */ 1740 1741 DEFINE_STR_XDR_NETOBJ(encrypt_selftest_plaintext, 1742 "This is the plaintext for the encryption self-test."); 1743 1744 static const struct gss_krb5_test_param encrypt_selftest_params[] = { 1745 { 1746 .desc = "aes128-cts-hmac-sha1-96 encryption self-test", 1747 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 1748 .Ke = &rfc3962_encryption_key, 1749 .plaintext = &encrypt_selftest_plaintext, 1750 }, 1751 { 1752 .desc = "aes256-cts-hmac-sha1-96 encryption self-test", 1753 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96, 1754 .Ke = &rfc3962_encryption_key, 1755 .plaintext = &encrypt_selftest_plaintext, 1756 }, 1757 { 1758 .desc = "camellia128-cts-cmac encryption self-test", 1759 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1760 .Ke = &camellia128_cts_cmac_Ke, 1761 .plaintext = &encrypt_selftest_plaintext, 1762 }, 1763 { 1764 .desc = "camellia256-cts-cmac encryption self-test", 1765 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1766 .Ke = &camellia256_cts_cmac_Ke, 1767 .plaintext = &encrypt_selftest_plaintext, 1768 }, 1769 { 1770 .desc = "aes128-cts-hmac-sha256-128 encryption self-test", 1771 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1772 .Ke = &aes128_cts_hmac_sha256_128_Ke, 1773 .plaintext = &encrypt_selftest_plaintext, 1774 }, 1775 { 1776 .desc = "aes256-cts-hmac-sha384-192 encryption self-test", 1777 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1778 .Ke = &aes256_cts_hmac_sha384_192_Ke, 1779 .plaintext = &encrypt_selftest_plaintext, 1780 }, 1781 }; 1782 1783 /* Creates the function encrypt_selftest_gen_params */ 1784 KUNIT_ARRAY_PARAM(encrypt_selftest, encrypt_selftest_params, 1785 gss_krb5_get_desc); 1786 1787 /* 1788 * Encrypt and decrypt plaintext, and ensure the input plaintext 1789 * matches the output plaintext. A confounder is not added in this 1790 * case. 1791 */ 1792 static void encrypt_selftest_case(struct kunit *test) 1793 { 1794 const struct gss_krb5_test_param *param = test->param_value; 1795 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 1796 const struct gss_krb5_enctype *gk5e; 1797 struct xdr_buf buf; 1798 void *text; 1799 int err; 1800 1801 /* Arrange */ 1802 gk5e = gss_krb5_lookup_enctype(param->enctype); 1803 if (!gk5e) 1804 kunit_skip(test, "Encryption type is not available"); 1805 1806 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 1807 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 1808 err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len); 1809 KUNIT_ASSERT_EQ(test, err, 0); 1810 1811 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 1812 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 1813 err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len); 1814 KUNIT_ASSERT_EQ(test, err, 0); 1815 1816 text = kunit_kzalloc(test, roundup(param->plaintext->len, 1817 crypto_sync_skcipher_blocksize(cbc_tfm)), 1818 GFP_KERNEL); 1819 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 1820 1821 memcpy(text, param->plaintext->data, param->plaintext->len); 1822 memset(&buf, 0, sizeof(buf)); 1823 buf.head[0].iov_base = text; 1824 buf.head[0].iov_len = param->plaintext->len; 1825 buf.len = buf.head[0].iov_len; 1826 1827 /* Act */ 1828 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); 1829 KUNIT_ASSERT_EQ(test, err, 0); 1830 err = krb5_cbc_cts_decrypt(cts_tfm, cbc_tfm, 0, &buf); 1831 KUNIT_ASSERT_EQ(test, err, 0); 1832 1833 /* Assert */ 1834 KUNIT_EXPECT_EQ_MSG(test, 1835 param->plaintext->len, buf.len, 1836 "length mismatch"); 1837 KUNIT_EXPECT_MEMEQ_MSG(test, 1838 param->plaintext->data, 1839 buf.head[0].iov_base, 1840 buf.len, 1841 "plaintext mismatch"); 1842 1843 crypto_free_sync_skcipher(cts_tfm); 1844 crypto_free_sync_skcipher(cbc_tfm); 1845 } 1846 1847 static struct kunit_case encryption_test_cases[] = { 1848 { 1849 .name = "Encryption self-tests", 1850 .run_case = encrypt_selftest_case, 1851 .generate_params = encrypt_selftest_gen_params, 1852 }, 1853 {} 1854 }; 1855 1856 static struct kunit_suite encryption_test_suite = { 1857 .name = "Encryption test suite", 1858 .test_cases = encryption_test_cases, 1859 }; 1860 1861 kunit_test_suites(&rfc3961_suite, 1862 &rfc3962_suite, 1863 &rfc6803_suite, 1864 &rfc8009_suite, 1865 &encryption_test_suite); 1866 1867 MODULE_DESCRIPTION("Test RPCSEC GSS Kerberos 5 functions"); 1868 MODULE_LICENSE("GPL"); 1869