xref: /linux/net/sunrpc/auth_gss/gss_krb5_test.c (revision a1c613ae4c322ddd58d5a8539dbfba2a0380a8c0)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (c) 2022 Oracle and/or its affiliates.
4  *
5  * KUnit test of SunRPC's GSS Kerberos mechanism. Subsystem
6  * name is "rpcsec_gss_krb5".
7  */
8 
9 #include <kunit/test.h>
10 #include <kunit/visibility.h>
11 
12 #include <linux/kernel.h>
13 #include <crypto/hash.h>
14 
15 #include <linux/sunrpc/xdr.h>
16 #include <linux/sunrpc/gss_krb5.h>
17 
18 #include "gss_krb5_internal.h"
19 
20 MODULE_IMPORT_NS(EXPORTED_FOR_KUNIT_TESTING);
21 
22 struct gss_krb5_test_param {
23 	const char			*desc;
24 	u32				enctype;
25 	u32				nfold;
26 	u32				constant;
27 	const struct xdr_netobj		*base_key;
28 	const struct xdr_netobj		*Ke;
29 	const struct xdr_netobj		*usage;
30 	const struct xdr_netobj		*plaintext;
31 	const struct xdr_netobj		*confounder;
32 	const struct xdr_netobj		*expected_result;
33 	const struct xdr_netobj		*expected_hmac;
34 	const struct xdr_netobj		*next_iv;
35 };
36 
gss_krb5_get_desc(const struct gss_krb5_test_param * param,char * desc)37 static inline void gss_krb5_get_desc(const struct gss_krb5_test_param *param,
38 				     char *desc)
39 {
40 	strscpy(desc, param->desc, KUNIT_PARAM_DESC_SIZE);
41 }
42 
kdf_case(struct kunit * test)43 static void kdf_case(struct kunit *test)
44 {
45 	const struct gss_krb5_test_param *param = test->param_value;
46 	const struct gss_krb5_enctype *gk5e;
47 	struct xdr_netobj derivedkey;
48 	int err;
49 
50 	/* Arrange */
51 	gk5e = gss_krb5_lookup_enctype(param->enctype);
52 	if (!gk5e)
53 		kunit_skip(test, "Encryption type is not available");
54 
55 	derivedkey.data = kunit_kzalloc(test, param->expected_result->len,
56 					GFP_KERNEL);
57 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, derivedkey.data);
58 	derivedkey.len = param->expected_result->len;
59 
60 	/* Act */
61 	err = gk5e->derive_key(gk5e, param->base_key, &derivedkey,
62 			       param->usage, GFP_KERNEL);
63 	KUNIT_ASSERT_EQ(test, err, 0);
64 
65 	/* Assert */
66 	KUNIT_EXPECT_EQ_MSG(test,
67 			    memcmp(param->expected_result->data,
68 				   derivedkey.data, derivedkey.len), 0,
69 			    "key mismatch");
70 }
71 
checksum_case(struct kunit * test)72 static void checksum_case(struct kunit *test)
73 {
74 	const struct gss_krb5_test_param *param = test->param_value;
75 	struct xdr_buf buf = {
76 		.head[0].iov_len	= param->plaintext->len,
77 		.len			= param->plaintext->len,
78 	};
79 	const struct gss_krb5_enctype *gk5e;
80 	struct xdr_netobj Kc, checksum;
81 	struct crypto_ahash *tfm;
82 	int err;
83 
84 	/* Arrange */
85 	gk5e = gss_krb5_lookup_enctype(param->enctype);
86 	if (!gk5e)
87 		kunit_skip(test, "Encryption type is not available");
88 
89 	Kc.len = gk5e->Kc_length;
90 	Kc.data = kunit_kzalloc(test, Kc.len, GFP_KERNEL);
91 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Kc.data);
92 	err = gk5e->derive_key(gk5e, param->base_key, &Kc,
93 			       param->usage, GFP_KERNEL);
94 	KUNIT_ASSERT_EQ(test, err, 0);
95 
96 	tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC);
97 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, tfm);
98 	err = crypto_ahash_setkey(tfm, Kc.data, Kc.len);
99 	KUNIT_ASSERT_EQ(test, err, 0);
100 
101 	buf.head[0].iov_base = kunit_kzalloc(test, buf.head[0].iov_len, GFP_KERNEL);
102 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, buf.head[0].iov_base);
103 	memcpy(buf.head[0].iov_base, param->plaintext->data, buf.head[0].iov_len);
104 
105 	checksum.len = gk5e->cksumlength;
106 	checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL);
107 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data);
108 
109 	/* Act */
110 	err = gss_krb5_checksum(tfm, NULL, 0, &buf, 0, &checksum);
111 	KUNIT_ASSERT_EQ(test, err, 0);
112 
113 	/* Assert */
114 	KUNIT_EXPECT_EQ_MSG(test,
115 			    memcmp(param->expected_result->data,
116 				   checksum.data, checksum.len), 0,
117 			    "checksum mismatch");
118 
119 	crypto_free_ahash(tfm);
120 }
121 
122 #define DEFINE_HEX_XDR_NETOBJ(name, hex_array...)		\
123 	static const u8 name ## _data[] = { hex_array };	\
124 	static const struct xdr_netobj name = {			\
125 		.data	= (u8 *)name##_data,			\
126 		.len	= sizeof(name##_data),			\
127 	}
128 
129 #define DEFINE_STR_XDR_NETOBJ(name, string)			\
130 	static const u8 name ## _str[] = string;		\
131 	static const struct xdr_netobj name = {			\
132 		.data	= (u8 *)name##_str,			\
133 		.len	= sizeof(name##_str) - 1,		\
134 	}
135 
136 /*
137  * RFC 3961 Appendix A.1.  n-fold
138  *
139  * The n-fold function is defined in section 5.1 of RFC 3961.
140  *
141  * This test material is copyright (C) The Internet Society (2005).
142  */
143 
144 DEFINE_HEX_XDR_NETOBJ(nfold_test1_plaintext,
145 		      0x30, 0x31, 0x32, 0x33, 0x34, 0x35
146 );
147 DEFINE_HEX_XDR_NETOBJ(nfold_test1_expected_result,
148 		      0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55
149 );
150 
151 DEFINE_HEX_XDR_NETOBJ(nfold_test2_plaintext,
152 		      0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64
153 );
154 DEFINE_HEX_XDR_NETOBJ(nfold_test2_expected_result,
155 		      0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa
156 );
157 
158 DEFINE_HEX_XDR_NETOBJ(nfold_test3_plaintext,
159 		      0x52, 0x6f, 0x75, 0x67, 0x68, 0x20, 0x43, 0x6f,
160 		      0x6e, 0x73, 0x65, 0x6e, 0x73, 0x75, 0x73, 0x2c,
161 		      0x20, 0x61, 0x6e, 0x64, 0x20, 0x52, 0x75, 0x6e,
162 		      0x6e, 0x69, 0x6e, 0x67, 0x20, 0x43, 0x6f, 0x64,
163 		      0x65
164 );
165 DEFINE_HEX_XDR_NETOBJ(nfold_test3_expected_result,
166 		      0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0
167 );
168 
169 DEFINE_HEX_XDR_NETOBJ(nfold_test4_plaintext,
170 		      0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64
171 );
172 DEFINE_HEX_XDR_NETOBJ(nfold_test4_expected_result,
173 		      0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3,
174 		      0xc3, 0x7b, 0x3f, 0x6d, 0x20, 0x00, 0x24, 0x7c,
175 		      0xb6, 0xe6, 0xbd, 0x5b, 0x3e
176 );
177 
178 DEFINE_HEX_XDR_NETOBJ(nfold_test5_plaintext,
179 		      0x4d, 0x41, 0x53, 0x53, 0x41, 0x43, 0x48, 0x56,
180 		      0x53, 0x45, 0x54, 0x54, 0x53, 0x20, 0x49, 0x4e,
181 		      0x53, 0x54, 0x49, 0x54, 0x56, 0x54, 0x45, 0x20,
182 		      0x4f, 0x46, 0x20, 0x54, 0x45, 0x43, 0x48, 0x4e,
183 		      0x4f, 0x4c, 0x4f, 0x47, 0x59
184 );
185 DEFINE_HEX_XDR_NETOBJ(nfold_test5_expected_result,
186 		      0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60,
187 		      0x32, 0x82, 0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22,
188 		      0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b
189 );
190 
191 DEFINE_HEX_XDR_NETOBJ(nfold_test6_plaintext,
192 		      0x51
193 );
194 DEFINE_HEX_XDR_NETOBJ(nfold_test6_expected_result,
195 		      0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a,
196 		      0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a,
197 		      0x51, 0x8a, 0x54, 0xa2, 0x15
198 );
199 
200 DEFINE_HEX_XDR_NETOBJ(nfold_test7_plaintext,
201 		      0x62, 0x61
202 );
203 DEFINE_HEX_XDR_NETOBJ(nfold_test7_expected_result,
204 		      0xfb, 0x25, 0xd5, 0x31, 0xae, 0x89, 0x74, 0x49,
205 		      0x9f, 0x52, 0xfd, 0x92, 0xea, 0x98, 0x57, 0xc4,
206 		      0xba, 0x24, 0xcf, 0x29, 0x7e
207 );
208 
209 DEFINE_HEX_XDR_NETOBJ(nfold_test_kerberos,
210 		      0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73
211 );
212 DEFINE_HEX_XDR_NETOBJ(nfold_test8_expected_result,
213 		      0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73
214 );
215 DEFINE_HEX_XDR_NETOBJ(nfold_test9_expected_result,
216 		      0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73,
217 		      0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93
218 );
219 DEFINE_HEX_XDR_NETOBJ(nfold_test10_expected_result,
220 		      0x83, 0x72, 0xc2, 0x36, 0x34, 0x4e, 0x5f, 0x15,
221 		      0x50, 0xcd, 0x07, 0x47, 0xe1, 0x5d, 0x62, 0xca,
222 		      0x7a, 0x5a, 0x3b, 0xce, 0xa4
223 );
224 DEFINE_HEX_XDR_NETOBJ(nfold_test11_expected_result,
225 		      0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73,
226 		      0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93,
227 		      0x5c, 0x9b, 0xdc, 0xda, 0xd9, 0x5c, 0x98, 0x99,
228 		      0xc4, 0xca, 0xe4, 0xde, 0xe6, 0xd6, 0xca, 0xe4
229 );
230 
231 static const struct gss_krb5_test_param rfc3961_nfold_test_params[] = {
232 	{
233 		.desc			= "64-fold(\"012345\")",
234 		.nfold			= 64,
235 		.plaintext		= &nfold_test1_plaintext,
236 		.expected_result	= &nfold_test1_expected_result,
237 	},
238 	{
239 		.desc			= "56-fold(\"password\")",
240 		.nfold			= 56,
241 		.plaintext		= &nfold_test2_plaintext,
242 		.expected_result	= &nfold_test2_expected_result,
243 	},
244 	{
245 		.desc			= "64-fold(\"Rough Consensus, and Running Code\")",
246 		.nfold			= 64,
247 		.plaintext		= &nfold_test3_plaintext,
248 		.expected_result	= &nfold_test3_expected_result,
249 	},
250 	{
251 		.desc			= "168-fold(\"password\")",
252 		.nfold			= 168,
253 		.plaintext		= &nfold_test4_plaintext,
254 		.expected_result	= &nfold_test4_expected_result,
255 	},
256 	{
257 		.desc			= "192-fold(\"MASSACHVSETTS INSTITVTE OF TECHNOLOGY\")",
258 		.nfold			= 192,
259 		.plaintext		= &nfold_test5_plaintext,
260 		.expected_result	= &nfold_test5_expected_result,
261 	},
262 	{
263 		.desc			= "168-fold(\"Q\")",
264 		.nfold			= 168,
265 		.plaintext		= &nfold_test6_plaintext,
266 		.expected_result	= &nfold_test6_expected_result,
267 	},
268 	{
269 		.desc			= "168-fold(\"ba\")",
270 		.nfold			= 168,
271 		.plaintext		= &nfold_test7_plaintext,
272 		.expected_result	= &nfold_test7_expected_result,
273 	},
274 	{
275 		.desc			= "64-fold(\"kerberos\")",
276 		.nfold			= 64,
277 		.plaintext		= &nfold_test_kerberos,
278 		.expected_result	= &nfold_test8_expected_result,
279 	},
280 	{
281 		.desc			= "128-fold(\"kerberos\")",
282 		.nfold			= 128,
283 		.plaintext		= &nfold_test_kerberos,
284 		.expected_result	= &nfold_test9_expected_result,
285 	},
286 	{
287 		.desc			= "168-fold(\"kerberos\")",
288 		.nfold			= 168,
289 		.plaintext		= &nfold_test_kerberos,
290 		.expected_result	= &nfold_test10_expected_result,
291 	},
292 	{
293 		.desc			= "256-fold(\"kerberos\")",
294 		.nfold			= 256,
295 		.plaintext		= &nfold_test_kerberos,
296 		.expected_result	= &nfold_test11_expected_result,
297 	},
298 };
299 
300 /* Creates the function rfc3961_nfold_gen_params */
301 KUNIT_ARRAY_PARAM(rfc3961_nfold, rfc3961_nfold_test_params, gss_krb5_get_desc);
302 
rfc3961_nfold_case(struct kunit * test)303 static void rfc3961_nfold_case(struct kunit *test)
304 {
305 	const struct gss_krb5_test_param *param = test->param_value;
306 	u8 *result;
307 
308 	/* Arrange */
309 	result = kunit_kzalloc(test, 4096, GFP_KERNEL);
310 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, result);
311 
312 	/* Act */
313 	krb5_nfold(param->plaintext->len * 8, param->plaintext->data,
314 		   param->expected_result->len * 8, result);
315 
316 	/* Assert */
317 	KUNIT_EXPECT_EQ_MSG(test,
318 			    memcmp(param->expected_result->data,
319 				   result, param->expected_result->len), 0,
320 			    "result mismatch");
321 }
322 
323 static struct kunit_case rfc3961_test_cases[] = {
324 	{
325 		.name			= "RFC 3961 n-fold",
326 		.run_case		= rfc3961_nfold_case,
327 		.generate_params	= rfc3961_nfold_gen_params,
328 	},
329 	{}
330 };
331 
332 static struct kunit_suite rfc3961_suite = {
333 	.name			= "RFC 3961 tests",
334 	.test_cases		= rfc3961_test_cases,
335 };
336 
337 /*
338  * From RFC 3962 Appendix B:   Sample Test Vectors
339  *
340  * Some test vectors for CBC with ciphertext stealing, using an
341  * initial vector of all-zero.
342  *
343  * This test material is copyright (C) The Internet Society (2005).
344  */
345 
346 DEFINE_HEX_XDR_NETOBJ(rfc3962_encryption_key,
347 		      0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
348 		      0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
349 );
350 
351 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_plaintext,
352 		      0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
353 		      0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
354 		      0x20
355 );
356 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_expected_result,
357 		      0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
358 		      0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
359 		      0x97
360 );
361 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_next_iv,
362 		      0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
363 		      0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f
364 );
365 
366 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_plaintext,
367 		      0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
368 		      0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
369 		      0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
370 		      0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20
371 );
372 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_expected_result,
373 		      0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
374 		      0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
375 		      0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
376 		      0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
377 );
378 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_next_iv,
379 		      0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
380 		      0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22
381 );
382 
383 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_plaintext,
384 		      0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
385 		      0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
386 		      0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
387 		      0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43
388 );
389 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_expected_result,
390 		      0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
391 		      0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
392 		      0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
393 		      0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
394 );
395 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_next_iv,
396 		      0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
397 		      0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
398 );
399 
400 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_plaintext,
401 		      0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
402 		      0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
403 		      0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
404 		      0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
405 		      0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
406 		      0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c
407 );
408 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_expected_result,
409 		      0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
410 		      0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
411 		      0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
412 		      0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
413 		      0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
414 		      0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
415 );
416 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_next_iv,
417 		      0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
418 		      0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e
419 );
420 
421 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_plaintext,
422 		      0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
423 		      0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
424 		      0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
425 		      0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
426 		      0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
427 		      0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20
428 );
429 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_expected_result,
430 		      0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
431 		      0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
432 		      0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
433 		      0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
434 		      0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
435 		      0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
436 );
437 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_next_iv,
438 		      0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
439 		      0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
440 );
441 
442 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_plaintext,
443 		      0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
444 		      0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
445 		      0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
446 		      0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
447 		      0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
448 		      0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
449 		      0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74,
450 		      0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e
451 );
452 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_expected_result,
453 		      0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
454 		      0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
455 		      0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
456 		      0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
457 		      0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
458 		      0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
459 		      0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
460 		      0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
461 );
462 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_next_iv,
463 		      0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
464 		      0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40
465 );
466 
467 static const struct gss_krb5_test_param rfc3962_encrypt_test_params[] = {
468 	{
469 		.desc			= "Encrypt with aes128-cts-hmac-sha1-96 case 1",
470 		.enctype		= ENCTYPE_AES128_CTS_HMAC_SHA1_96,
471 		.Ke			= &rfc3962_encryption_key,
472 		.plaintext		= &rfc3962_enc_test1_plaintext,
473 		.expected_result	= &rfc3962_enc_test1_expected_result,
474 		.next_iv		= &rfc3962_enc_test1_next_iv,
475 	},
476 	{
477 		.desc			= "Encrypt with aes128-cts-hmac-sha1-96 case 2",
478 		.enctype		= ENCTYPE_AES128_CTS_HMAC_SHA1_96,
479 		.Ke			= &rfc3962_encryption_key,
480 		.plaintext		= &rfc3962_enc_test2_plaintext,
481 		.expected_result	= &rfc3962_enc_test2_expected_result,
482 		.next_iv		= &rfc3962_enc_test2_next_iv,
483 	},
484 	{
485 		.desc			= "Encrypt with aes128-cts-hmac-sha1-96 case 3",
486 		.enctype		= ENCTYPE_AES128_CTS_HMAC_SHA1_96,
487 		.Ke			= &rfc3962_encryption_key,
488 		.plaintext		= &rfc3962_enc_test3_plaintext,
489 		.expected_result	= &rfc3962_enc_test3_expected_result,
490 		.next_iv		= &rfc3962_enc_test3_next_iv,
491 	},
492 	{
493 		.desc			= "Encrypt with aes128-cts-hmac-sha1-96 case 4",
494 		.enctype		= ENCTYPE_AES128_CTS_HMAC_SHA1_96,
495 		.Ke			= &rfc3962_encryption_key,
496 		.plaintext		= &rfc3962_enc_test4_plaintext,
497 		.expected_result	= &rfc3962_enc_test4_expected_result,
498 		.next_iv		= &rfc3962_enc_test4_next_iv,
499 	},
500 	{
501 		.desc			= "Encrypt with aes128-cts-hmac-sha1-96 case 5",
502 		.enctype		= ENCTYPE_AES128_CTS_HMAC_SHA1_96,
503 		.Ke			= &rfc3962_encryption_key,
504 		.plaintext		= &rfc3962_enc_test5_plaintext,
505 		.expected_result	= &rfc3962_enc_test5_expected_result,
506 		.next_iv		= &rfc3962_enc_test5_next_iv,
507 	},
508 	{
509 		.desc			= "Encrypt with aes128-cts-hmac-sha1-96 case 6",
510 		.enctype		= ENCTYPE_AES128_CTS_HMAC_SHA1_96,
511 		.Ke			= &rfc3962_encryption_key,
512 		.plaintext		= &rfc3962_enc_test6_plaintext,
513 		.expected_result	= &rfc3962_enc_test6_expected_result,
514 		.next_iv		= &rfc3962_enc_test6_next_iv,
515 	},
516 };
517 
518 /* Creates the function rfc3962_encrypt_gen_params */
519 KUNIT_ARRAY_PARAM(rfc3962_encrypt, rfc3962_encrypt_test_params,
520 		  gss_krb5_get_desc);
521 
522 /*
523  * This tests the implementation of the encryption part of the mechanism.
524  * It does not apply a confounder or test the result of HMAC over the
525  * plaintext.
526  */
rfc3962_encrypt_case(struct kunit * test)527 static void rfc3962_encrypt_case(struct kunit *test)
528 {
529 	const struct gss_krb5_test_param *param = test->param_value;
530 	struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
531 	const struct gss_krb5_enctype *gk5e;
532 	struct xdr_buf buf;
533 	void *iv, *text;
534 	u32 err;
535 
536 	/* Arrange */
537 	gk5e = gss_krb5_lookup_enctype(param->enctype);
538 	if (!gk5e)
539 		kunit_skip(test, "Encryption type is not available");
540 
541 	cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
542 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
543 	err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len);
544 	KUNIT_ASSERT_EQ(test, err, 0);
545 
546 	cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
547 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
548 	err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len);
549 	KUNIT_ASSERT_EQ(test, err, 0);
550 
551 	iv = kunit_kzalloc(test, crypto_sync_skcipher_ivsize(cts_tfm), GFP_KERNEL);
552 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, iv);
553 
554 	text = kunit_kzalloc(test, param->plaintext->len, GFP_KERNEL);
555 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
556 
557 	memcpy(text, param->plaintext->data, param->plaintext->len);
558 	memset(&buf, 0, sizeof(buf));
559 	buf.head[0].iov_base = text;
560 	buf.head[0].iov_len = param->plaintext->len;
561 	buf.len = buf.head[0].iov_len;
562 
563 	/* Act */
564 	err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL,
565 				   iv, crypto_sync_skcipher_ivsize(cts_tfm));
566 	KUNIT_ASSERT_EQ(test, err, 0);
567 
568 	/* Assert */
569 	KUNIT_EXPECT_EQ_MSG(test,
570 			    param->expected_result->len, buf.len,
571 			    "ciphertext length mismatch");
572 	KUNIT_EXPECT_EQ_MSG(test,
573 			    memcmp(param->expected_result->data,
574 				   text, param->expected_result->len), 0,
575 			    "ciphertext mismatch");
576 	KUNIT_EXPECT_EQ_MSG(test,
577 			    memcmp(param->next_iv->data, iv,
578 				   param->next_iv->len), 0,
579 			    "IV mismatch");
580 
581 	crypto_free_sync_skcipher(cts_tfm);
582 	crypto_free_sync_skcipher(cbc_tfm);
583 }
584 
585 static struct kunit_case rfc3962_test_cases[] = {
586 	{
587 		.name			= "RFC 3962 encryption",
588 		.run_case		= rfc3962_encrypt_case,
589 		.generate_params	= rfc3962_encrypt_gen_params,
590 	},
591 	{}
592 };
593 
594 static struct kunit_suite rfc3962_suite = {
595 	.name			= "RFC 3962 suite",
596 	.test_cases		= rfc3962_test_cases,
597 };
598 
599 /*
600  * From RFC 6803 Section 10.  Test vectors
601  *
602  * Sample results for key derivation
603  *
604  * Copyright (c) 2012 IETF Trust and the persons identified as the
605  * document authors.  All rights reserved.
606  */
607 
608 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_basekey,
609 		      0x57, 0xd0, 0x29, 0x72, 0x98, 0xff, 0xd9, 0xd3,
610 		      0x5d, 0xe5, 0xa4, 0x7f, 0xb4, 0xbd, 0xe2, 0x4b
611 );
612 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Kc,
613 		      0xd1, 0x55, 0x77, 0x5a, 0x20, 0x9d, 0x05, 0xf0,
614 		      0x2b, 0x38, 0xd4, 0x2a, 0x38, 0x9e, 0x5a, 0x56
615 );
616 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ke,
617 		      0x64, 0xdf, 0x83, 0xf8, 0x5a, 0x53, 0x2f, 0x17,
618 		      0x57, 0x7d, 0x8c, 0x37, 0x03, 0x57, 0x96, 0xab
619 );
620 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ki,
621 		      0x3e, 0x4f, 0xbd, 0xf3, 0x0f, 0xb8, 0x25, 0x9c,
622 		      0x42, 0x5c, 0xb6, 0xc9, 0x6f, 0x1f, 0x46, 0x35
623 );
624 
625 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_basekey,
626 		      0xb9, 0xd6, 0x82, 0x8b, 0x20, 0x56, 0xb7, 0xbe,
627 		      0x65, 0x6d, 0x88, 0xa1, 0x23, 0xb1, 0xfa, 0xc6,
628 		      0x82, 0x14, 0xac, 0x2b, 0x72, 0x7e, 0xcf, 0x5f,
629 		      0x69, 0xaf, 0xe0, 0xc4, 0xdf, 0x2a, 0x6d, 0x2c
630 );
631 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Kc,
632 		      0xe4, 0x67, 0xf9, 0xa9, 0x55, 0x2b, 0xc7, 0xd3,
633 		      0x15, 0x5a, 0x62, 0x20, 0xaf, 0x9c, 0x19, 0x22,
634 		      0x0e, 0xee, 0xd4, 0xff, 0x78, 0xb0, 0xd1, 0xe6,
635 		      0xa1, 0x54, 0x49, 0x91, 0x46, 0x1a, 0x9e, 0x50
636 );
637 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ke,
638 		      0x41, 0x2a, 0xef, 0xc3, 0x62, 0xa7, 0x28, 0x5f,
639 		      0xc3, 0x96, 0x6c, 0x6a, 0x51, 0x81, 0xe7, 0x60,
640 		      0x5a, 0xe6, 0x75, 0x23, 0x5b, 0x6d, 0x54, 0x9f,
641 		      0xbf, 0xc9, 0xab, 0x66, 0x30, 0xa4, 0xc6, 0x04
642 );
643 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ki,
644 		      0xfa, 0x62, 0x4f, 0xa0, 0xe5, 0x23, 0x99, 0x3f,
645 		      0xa3, 0x88, 0xae, 0xfd, 0xc6, 0x7e, 0x67, 0xeb,
646 		      0xcd, 0x8c, 0x08, 0xe8, 0xa0, 0x24, 0x6b, 0x1d,
647 		      0x73, 0xb0, 0xd1, 0xdd, 0x9f, 0xc5, 0x82, 0xb0
648 );
649 
650 DEFINE_HEX_XDR_NETOBJ(usage_checksum,
651 		      0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_CHECKSUM
652 );
653 DEFINE_HEX_XDR_NETOBJ(usage_encryption,
654 		      0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_ENCRYPTION
655 );
656 DEFINE_HEX_XDR_NETOBJ(usage_integrity,
657 		      0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_INTEGRITY
658 );
659 
660 static const struct gss_krb5_test_param rfc6803_kdf_test_params[] = {
661 	{
662 		.desc			= "Derive Kc subkey for camellia128-cts-cmac",
663 		.enctype		= ENCTYPE_CAMELLIA128_CTS_CMAC,
664 		.base_key		= &camellia128_cts_cmac_basekey,
665 		.usage			= &usage_checksum,
666 		.expected_result	= &camellia128_cts_cmac_Kc,
667 	},
668 	{
669 		.desc			= "Derive Ke subkey for camellia128-cts-cmac",
670 		.enctype		= ENCTYPE_CAMELLIA128_CTS_CMAC,
671 		.base_key		= &camellia128_cts_cmac_basekey,
672 		.usage			= &usage_encryption,
673 		.expected_result	= &camellia128_cts_cmac_Ke,
674 	},
675 	{
676 		.desc			= "Derive Ki subkey for camellia128-cts-cmac",
677 		.enctype		= ENCTYPE_CAMELLIA128_CTS_CMAC,
678 		.base_key		= &camellia128_cts_cmac_basekey,
679 		.usage			= &usage_integrity,
680 		.expected_result	= &camellia128_cts_cmac_Ki,
681 	},
682 	{
683 		.desc			= "Derive Kc subkey for camellia256-cts-cmac",
684 		.enctype		= ENCTYPE_CAMELLIA256_CTS_CMAC,
685 		.base_key		= &camellia256_cts_cmac_basekey,
686 		.usage			= &usage_checksum,
687 		.expected_result	= &camellia256_cts_cmac_Kc,
688 	},
689 	{
690 		.desc			= "Derive Ke subkey for camellia256-cts-cmac",
691 		.enctype		= ENCTYPE_CAMELLIA256_CTS_CMAC,
692 		.base_key		= &camellia256_cts_cmac_basekey,
693 		.usage			= &usage_encryption,
694 		.expected_result	= &camellia256_cts_cmac_Ke,
695 	},
696 	{
697 		.desc			= "Derive Ki subkey for camellia256-cts-cmac",
698 		.enctype		= ENCTYPE_CAMELLIA256_CTS_CMAC,
699 		.base_key		= &camellia256_cts_cmac_basekey,
700 		.usage			= &usage_integrity,
701 		.expected_result	= &camellia256_cts_cmac_Ki,
702 	},
703 };
704 
705 /* Creates the function rfc6803_kdf_gen_params */
706 KUNIT_ARRAY_PARAM(rfc6803_kdf, rfc6803_kdf_test_params, gss_krb5_get_desc);
707 
708 /*
709  * From RFC 6803 Section 10.  Test vectors
710  *
711  * Sample checksums.
712  *
713  * Copyright (c) 2012 IETF Trust and the persons identified as the
714  * document authors.  All rights reserved.
715  *
716  * XXX: These tests are likely to fail on EBCDIC or Unicode platforms.
717  */
718 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test1_plaintext,
719 		      "abcdefghijk");
720 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_basekey,
721 		      0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93,
722 		      0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3
723 );
724 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_usage,
725 		      0x00, 0x00, 0x00, 0x07, KEY_USAGE_SEED_CHECKSUM
726 );
727 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_expected_result,
728 		      0x11, 0x78, 0xe6, 0xc5, 0xc4, 0x7a, 0x8c, 0x1a,
729 		      0xe0, 0xc4, 0xb9, 0xc7, 0xd4, 0xeb, 0x7b, 0x6b
730 );
731 
732 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test2_plaintext,
733 		      "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
734 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_basekey,
735 		      0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d,
736 		      0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c
737 );
738 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_usage,
739 		      0x00, 0x00, 0x00, 0x08, KEY_USAGE_SEED_CHECKSUM
740 );
741 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_expected_result,
742 		      0xd1, 0xb3, 0x4f, 0x70, 0x04, 0xa7, 0x31, 0xf2,
743 		      0x3a, 0x0c, 0x00, 0xbf, 0x6c, 0x3f, 0x75, 0x3a
744 );
745 
746 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test3_plaintext,
747 		      "123456789");
748 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_basekey,
749 		      0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57,
750 		      0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03,
751 		      0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd,
752 		      0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b
753 );
754 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_usage,
755 		      0x00, 0x00, 0x00, 0x09, KEY_USAGE_SEED_CHECKSUM
756 );
757 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_expected_result,
758 		      0x87, 0xa1, 0x2c, 0xfd, 0x2b, 0x96, 0x21, 0x48,
759 		      0x10, 0xf0, 0x1c, 0x82, 0x6e, 0x77, 0x44, 0xb1
760 );
761 
762 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test4_plaintext,
763 		      "!@#$%^&*()!@#$%^&*()!@#$%^&*()");
764 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_basekey,
765 		      0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15,
766 		      0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe,
767 		      0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33,
768 		      0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05
769 );
770 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_usage,
771 		      0x00, 0x00, 0x00, 0x0a, KEY_USAGE_SEED_CHECKSUM
772 );
773 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_expected_result,
774 		      0x3f, 0xa0, 0xb4, 0x23, 0x55, 0xe5, 0x2b, 0x18,
775 		      0x91, 0x87, 0x29, 0x4a, 0xa2, 0x52, 0xab, 0x64
776 );
777 
778 static const struct gss_krb5_test_param rfc6803_checksum_test_params[] = {
779 	{
780 		.desc			= "camellia128-cts-cmac checksum test 1",
781 		.enctype		= ENCTYPE_CAMELLIA128_CTS_CMAC,
782 		.base_key		= &rfc6803_checksum_test1_basekey,
783 		.usage			= &rfc6803_checksum_test1_usage,
784 		.plaintext		= &rfc6803_checksum_test1_plaintext,
785 		.expected_result	= &rfc6803_checksum_test1_expected_result,
786 	},
787 	{
788 		.desc			= "camellia128-cts-cmac checksum test 2",
789 		.enctype		= ENCTYPE_CAMELLIA128_CTS_CMAC,
790 		.base_key		= &rfc6803_checksum_test2_basekey,
791 		.usage			= &rfc6803_checksum_test2_usage,
792 		.plaintext		= &rfc6803_checksum_test2_plaintext,
793 		.expected_result	= &rfc6803_checksum_test2_expected_result,
794 	},
795 	{
796 		.desc			= "camellia256-cts-cmac checksum test 3",
797 		.enctype		= ENCTYPE_CAMELLIA256_CTS_CMAC,
798 		.base_key		= &rfc6803_checksum_test3_basekey,
799 		.usage			= &rfc6803_checksum_test3_usage,
800 		.plaintext		= &rfc6803_checksum_test3_plaintext,
801 		.expected_result	= &rfc6803_checksum_test3_expected_result,
802 	},
803 	{
804 		.desc			= "camellia256-cts-cmac checksum test 4",
805 		.enctype		= ENCTYPE_CAMELLIA256_CTS_CMAC,
806 		.base_key		= &rfc6803_checksum_test4_basekey,
807 		.usage			= &rfc6803_checksum_test4_usage,
808 		.plaintext		= &rfc6803_checksum_test4_plaintext,
809 		.expected_result	= &rfc6803_checksum_test4_expected_result,
810 	},
811 };
812 
813 /* Creates the function rfc6803_checksum_gen_params */
814 KUNIT_ARRAY_PARAM(rfc6803_checksum, rfc6803_checksum_test_params,
815 		  gss_krb5_get_desc);
816 
817 /*
818  * From RFC 6803 Section 10.  Test vectors
819  *
820  * Sample encryptions (all using the default cipher state)
821  *
822  * Copyright (c) 2012 IETF Trust and the persons identified as the
823  * document authors.  All rights reserved.
824  *
825  * Key usage values are from errata 4326 against RFC 6803.
826  */
827 
828 static const struct xdr_netobj rfc6803_enc_empty_plaintext = {
829 	.len	= 0,
830 };
831 
832 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_1byte_plaintext, "1");
833 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_9byte_plaintext, "9 bytesss");
834 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_13byte_plaintext, "13 bytes byte");
835 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_30byte_plaintext,
836 		      "30 bytes bytes bytes bytes byt"
837 );
838 
839 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_confounder,
840 		      0xb6, 0x98, 0x22, 0xa1, 0x9a, 0x6b, 0x09, 0xc0,
841 		      0xeb, 0xc8, 0x55, 0x7d, 0x1f, 0x1b, 0x6c, 0x0a
842 );
843 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_basekey,
844 		      0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93,
845 		      0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3
846 );
847 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_expected_result,
848 		      0xc4, 0x66, 0xf1, 0x87, 0x10, 0x69, 0x92, 0x1e,
849 		      0xdb, 0x7c, 0x6f, 0xde, 0x24, 0x4a, 0x52, 0xdb,
850 		      0x0b, 0xa1, 0x0e, 0xdc, 0x19, 0x7b, 0xdb, 0x80,
851 		      0x06, 0x65, 0x8c, 0xa3, 0xcc, 0xce, 0x6e, 0xb8
852 );
853 
854 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_confounder,
855 		      0x6f, 0x2f, 0xc3, 0xc2, 0xa1, 0x66, 0xfd, 0x88,
856 		      0x98, 0x96, 0x7a, 0x83, 0xde, 0x95, 0x96, 0xd9
857 );
858 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_basekey,
859 		      0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d,
860 		      0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c
861 );
862 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_expected_result,
863 		      0x84, 0x2d, 0x21, 0xfd, 0x95, 0x03, 0x11, 0xc0,
864 		      0xdd, 0x46, 0x4a, 0x3f, 0x4b, 0xe8, 0xd6, 0xda,
865 		      0x88, 0xa5, 0x6d, 0x55, 0x9c, 0x9b, 0x47, 0xd3,
866 		      0xf9, 0xa8, 0x50, 0x67, 0xaf, 0x66, 0x15, 0x59,
867 		      0xb8
868 );
869 
870 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_confounder,
871 		      0xa5, 0xb4, 0xa7, 0x1e, 0x07, 0x7a, 0xee, 0xf9,
872 		      0x3c, 0x87, 0x63, 0xc1, 0x8f, 0xdb, 0x1f, 0x10
873 );
874 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_basekey,
875 		      0xa1, 0xbb, 0x61, 0xe8, 0x05, 0xf9, 0xba, 0x6d,
876 		      0xde, 0x8f, 0xdb, 0xdd, 0xc0, 0x5c, 0xde, 0xa0
877 );
878 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_expected_result,
879 		      0x61, 0x9f, 0xf0, 0x72, 0xe3, 0x62, 0x86, 0xff,
880 		      0x0a, 0x28, 0xde, 0xb3, 0xa3, 0x52, 0xec, 0x0d,
881 		      0x0e, 0xdf, 0x5c, 0x51, 0x60, 0xd6, 0x63, 0xc9,
882 		      0x01, 0x75, 0x8c, 0xcf, 0x9d, 0x1e, 0xd3, 0x3d,
883 		      0x71, 0xdb, 0x8f, 0x23, 0xaa, 0xbf, 0x83, 0x48,
884 		      0xa0
885 );
886 
887 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_confounder,
888 		      0x19, 0xfe, 0xe4, 0x0d, 0x81, 0x0c, 0x52, 0x4b,
889 		      0x5b, 0x22, 0xf0, 0x18, 0x74, 0xc6, 0x93, 0xda
890 );
891 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_basekey,
892 		      0x2c, 0xa2, 0x7a, 0x5f, 0xaf, 0x55, 0x32, 0x24,
893 		      0x45, 0x06, 0x43, 0x4e, 0x1c, 0xef, 0x66, 0x76
894 );
895 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_expected_result,
896 		      0xb8, 0xec, 0xa3, 0x16, 0x7a, 0xe6, 0x31, 0x55,
897 		      0x12, 0xe5, 0x9f, 0x98, 0xa7, 0xc5, 0x00, 0x20,
898 		      0x5e, 0x5f, 0x63, 0xff, 0x3b, 0xb3, 0x89, 0xaf,
899 		      0x1c, 0x41, 0xa2, 0x1d, 0x64, 0x0d, 0x86, 0x15,
900 		      0xc9, 0xed, 0x3f, 0xbe, 0xb0, 0x5a, 0xb6, 0xac,
901 		      0xb6, 0x76, 0x89, 0xb5, 0xea
902 );
903 
904 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_confounder,
905 		      0xca, 0x7a, 0x7a, 0xb4, 0xbe, 0x19, 0x2d, 0xab,
906 		      0xd6, 0x03, 0x50, 0x6d, 0xb1, 0x9c, 0x39, 0xe2
907 );
908 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_basekey,
909 		      0x78, 0x24, 0xf8, 0xc1, 0x6f, 0x83, 0xff, 0x35,
910 		      0x4c, 0x6b, 0xf7, 0x51, 0x5b, 0x97, 0x3f, 0x43
911 );
912 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_expected_result,
913 		      0xa2, 0x6a, 0x39, 0x05, 0xa4, 0xff, 0xd5, 0x81,
914 		      0x6b, 0x7b, 0x1e, 0x27, 0x38, 0x0d, 0x08, 0x09,
915 		      0x0c, 0x8e, 0xc1, 0xf3, 0x04, 0x49, 0x6e, 0x1a,
916 		      0xbd, 0xcd, 0x2b, 0xdc, 0xd1, 0xdf, 0xfc, 0x66,
917 		      0x09, 0x89, 0xe1, 0x17, 0xa7, 0x13, 0xdd, 0xbb,
918 		      0x57, 0xa4, 0x14, 0x6c, 0x15, 0x87, 0xcb, 0xa4,
919 		      0x35, 0x66, 0x65, 0x59, 0x1d, 0x22, 0x40, 0x28,
920 		      0x2f, 0x58, 0x42, 0xb1, 0x05, 0xa5
921 );
922 
923 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_confounder,
924 		      0x3c, 0xbb, 0xd2, 0xb4, 0x59, 0x17, 0x94, 0x10,
925 		      0x67, 0xf9, 0x65, 0x99, 0xbb, 0x98, 0x92, 0x6c
926 );
927 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_basekey,
928 		      0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57,
929 		      0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03,
930 		      0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd,
931 		      0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b
932 );
933 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_expected_result,
934 		      0x03, 0x88, 0x6d, 0x03, 0x31, 0x0b, 0x47, 0xa6,
935 		      0xd8, 0xf0, 0x6d, 0x7b, 0x94, 0xd1, 0xdd, 0x83,
936 		      0x7e, 0xcc, 0xe3, 0x15, 0xef, 0x65, 0x2a, 0xff,
937 		      0x62, 0x08, 0x59, 0xd9, 0x4a, 0x25, 0x92, 0x66
938 );
939 
940 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_confounder,
941 		      0xde, 0xf4, 0x87, 0xfc, 0xeb, 0xe6, 0xde, 0x63,
942 		      0x46, 0xd4, 0xda, 0x45, 0x21, 0xbb, 0xa2, 0xd2
943 );
944 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_basekey,
945 		      0x1b, 0x97, 0xfe, 0x0a, 0x19, 0x0e, 0x20, 0x21,
946 		      0xeb, 0x30, 0x75, 0x3e, 0x1b, 0x6e, 0x1e, 0x77,
947 		      0xb0, 0x75, 0x4b, 0x1d, 0x68, 0x46, 0x10, 0x35,
948 		      0x58, 0x64, 0x10, 0x49, 0x63, 0x46, 0x38, 0x33
949 );
950 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_expected_result,
951 		      0x2c, 0x9c, 0x15, 0x70, 0x13, 0x3c, 0x99, 0xbf,
952 		      0x6a, 0x34, 0xbc, 0x1b, 0x02, 0x12, 0x00, 0x2f,
953 		      0xd1, 0x94, 0x33, 0x87, 0x49, 0xdb, 0x41, 0x35,
954 		      0x49, 0x7a, 0x34, 0x7c, 0xfc, 0xd9, 0xd1, 0x8a,
955 		      0x12
956 );
957 
958 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_confounder,
959 		      0xad, 0x4f, 0xf9, 0x04, 0xd3, 0x4e, 0x55, 0x53,
960 		      0x84, 0xb1, 0x41, 0x00, 0xfc, 0x46, 0x5f, 0x88
961 );
962 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_basekey,
963 		      0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15,
964 		      0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe,
965 		      0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33,
966 		      0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05
967 );
968 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_expected_result,
969 		      0x9c, 0x6d, 0xe7, 0x5f, 0x81, 0x2d, 0xe7, 0xed,
970 		      0x0d, 0x28, 0xb2, 0x96, 0x35, 0x57, 0xa1, 0x15,
971 		      0x64, 0x09, 0x98, 0x27, 0x5b, 0x0a, 0xf5, 0x15,
972 		      0x27, 0x09, 0x91, 0x3f, 0xf5, 0x2a, 0x2a, 0x9c,
973 		      0x8e, 0x63, 0xb8, 0x72, 0xf9, 0x2e, 0x64, 0xc8,
974 		      0x39
975 );
976 
977 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_confounder,
978 		      0xcf, 0x9b, 0xca, 0x6d, 0xf1, 0x14, 0x4e, 0x0c,
979 		      0x0a, 0xf9, 0xb8, 0xf3, 0x4c, 0x90, 0xd5, 0x14
980 );
981 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_basekey,
982 		      0xb0, 0x38, 0xb1, 0x32, 0xcd, 0x8e, 0x06, 0x61,
983 		      0x22, 0x67, 0xfa, 0xb7, 0x17, 0x00, 0x66, 0xd8,
984 		      0x8a, 0xec, 0xcb, 0xa0, 0xb7, 0x44, 0xbf, 0xc6,
985 		      0x0d, 0xc8, 0x9b, 0xca, 0x18, 0x2d, 0x07, 0x15
986 );
987 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_expected_result,
988 		      0xee, 0xec, 0x85, 0xa9, 0x81, 0x3c, 0xdc, 0x53,
989 		      0x67, 0x72, 0xab, 0x9b, 0x42, 0xde, 0xfc, 0x57,
990 		      0x06, 0xf7, 0x26, 0xe9, 0x75, 0xdd, 0xe0, 0x5a,
991 		      0x87, 0xeb, 0x54, 0x06, 0xea, 0x32, 0x4c, 0xa1,
992 		      0x85, 0xc9, 0x98, 0x6b, 0x42, 0xaa, 0xbe, 0x79,
993 		      0x4b, 0x84, 0x82, 0x1b, 0xee
994 );
995 
996 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_confounder,
997 		      0x64, 0x4d, 0xef, 0x38, 0xda, 0x35, 0x00, 0x72,
998 		      0x75, 0x87, 0x8d, 0x21, 0x68, 0x55, 0xe2, 0x28
999 );
1000 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_basekey,
1001 		      0xcc, 0xfc, 0xd3, 0x49, 0xbf, 0x4c, 0x66, 0x77,
1002 		      0xe8, 0x6e, 0x4b, 0x02, 0xb8, 0xea, 0xb9, 0x24,
1003 		      0xa5, 0x46, 0xac, 0x73, 0x1c, 0xf9, 0xbf, 0x69,
1004 		      0x89, 0xb9, 0x96, 0xe7, 0xd6, 0xbf, 0xbb, 0xa7
1005 );
1006 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_expected_result,
1007 		      0x0e, 0x44, 0x68, 0x09, 0x85, 0x85, 0x5f, 0x2d,
1008 		      0x1f, 0x18, 0x12, 0x52, 0x9c, 0xa8, 0x3b, 0xfd,
1009 		      0x8e, 0x34, 0x9d, 0xe6, 0xfd, 0x9a, 0xda, 0x0b,
1010 		      0xaa, 0xa0, 0x48, 0xd6, 0x8e, 0x26, 0x5f, 0xeb,
1011 		      0xf3, 0x4a, 0xd1, 0x25, 0x5a, 0x34, 0x49, 0x99,
1012 		      0xad, 0x37, 0x14, 0x68, 0x87, 0xa6, 0xc6, 0x84,
1013 		      0x57, 0x31, 0xac, 0x7f, 0x46, 0x37, 0x6a, 0x05,
1014 		      0x04, 0xcd, 0x06, 0x57, 0x14, 0x74
1015 );
1016 
1017 static const struct gss_krb5_test_param rfc6803_encrypt_test_params[] = {
1018 	{
1019 		.desc			= "Encrypt empty plaintext with camellia128-cts-cmac",
1020 		.enctype		= ENCTYPE_CAMELLIA128_CTS_CMAC,
1021 		.constant		= 0,
1022 		.base_key		= &rfc6803_enc_test1_basekey,
1023 		.plaintext		= &rfc6803_enc_empty_plaintext,
1024 		.confounder		= &rfc6803_enc_test1_confounder,
1025 		.expected_result	= &rfc6803_enc_test1_expected_result,
1026 	},
1027 	{
1028 		.desc			= "Encrypt 1 byte with camellia128-cts-cmac",
1029 		.enctype		= ENCTYPE_CAMELLIA128_CTS_CMAC,
1030 		.constant		= 1,
1031 		.base_key		= &rfc6803_enc_test2_basekey,
1032 		.plaintext		= &rfc6803_enc_1byte_plaintext,
1033 		.confounder		= &rfc6803_enc_test2_confounder,
1034 		.expected_result	= &rfc6803_enc_test2_expected_result,
1035 	},
1036 	{
1037 		.desc			= "Encrypt 9 bytes with camellia128-cts-cmac",
1038 		.enctype		= ENCTYPE_CAMELLIA128_CTS_CMAC,
1039 		.constant		= 2,
1040 		.base_key		= &rfc6803_enc_test3_basekey,
1041 		.plaintext		= &rfc6803_enc_9byte_plaintext,
1042 		.confounder		= &rfc6803_enc_test3_confounder,
1043 		.expected_result	= &rfc6803_enc_test3_expected_result,
1044 	},
1045 	{
1046 		.desc			= "Encrypt 13 bytes with camellia128-cts-cmac",
1047 		.enctype		= ENCTYPE_CAMELLIA128_CTS_CMAC,
1048 		.constant		= 3,
1049 		.base_key		= &rfc6803_enc_test4_basekey,
1050 		.plaintext		= &rfc6803_enc_13byte_plaintext,
1051 		.confounder		= &rfc6803_enc_test4_confounder,
1052 		.expected_result	= &rfc6803_enc_test4_expected_result,
1053 	},
1054 	{
1055 		.desc			= "Encrypt 30 bytes with camellia128-cts-cmac",
1056 		.enctype		= ENCTYPE_CAMELLIA128_CTS_CMAC,
1057 		.constant		= 4,
1058 		.base_key		= &rfc6803_enc_test5_basekey,
1059 		.plaintext		= &rfc6803_enc_30byte_plaintext,
1060 		.confounder		= &rfc6803_enc_test5_confounder,
1061 		.expected_result	= &rfc6803_enc_test5_expected_result,
1062 	},
1063 	{
1064 		.desc			= "Encrypt empty plaintext with camellia256-cts-cmac",
1065 		.enctype		= ENCTYPE_CAMELLIA256_CTS_CMAC,
1066 		.constant		= 0,
1067 		.base_key		= &rfc6803_enc_test6_basekey,
1068 		.plaintext		= &rfc6803_enc_empty_plaintext,
1069 		.confounder		= &rfc6803_enc_test6_confounder,
1070 		.expected_result	= &rfc6803_enc_test6_expected_result,
1071 	},
1072 	{
1073 		.desc			= "Encrypt 1 byte with camellia256-cts-cmac",
1074 		.enctype		= ENCTYPE_CAMELLIA256_CTS_CMAC,
1075 		.constant		= 1,
1076 		.base_key		= &rfc6803_enc_test7_basekey,
1077 		.plaintext		= &rfc6803_enc_1byte_plaintext,
1078 		.confounder		= &rfc6803_enc_test7_confounder,
1079 		.expected_result	= &rfc6803_enc_test7_expected_result,
1080 	},
1081 	{
1082 		.desc			= "Encrypt 9 bytes with camellia256-cts-cmac",
1083 		.enctype		= ENCTYPE_CAMELLIA256_CTS_CMAC,
1084 		.constant		= 2,
1085 		.base_key		= &rfc6803_enc_test8_basekey,
1086 		.plaintext		= &rfc6803_enc_9byte_plaintext,
1087 		.confounder		= &rfc6803_enc_test8_confounder,
1088 		.expected_result	= &rfc6803_enc_test8_expected_result,
1089 	},
1090 	{
1091 		.desc			= "Encrypt 13 bytes with camellia256-cts-cmac",
1092 		.enctype		= ENCTYPE_CAMELLIA256_CTS_CMAC,
1093 		.constant		= 3,
1094 		.base_key		= &rfc6803_enc_test9_basekey,
1095 		.plaintext		= &rfc6803_enc_13byte_plaintext,
1096 		.confounder		= &rfc6803_enc_test9_confounder,
1097 		.expected_result	= &rfc6803_enc_test9_expected_result,
1098 	},
1099 	{
1100 		.desc			= "Encrypt 30 bytes with camellia256-cts-cmac",
1101 		.enctype		= ENCTYPE_CAMELLIA256_CTS_CMAC,
1102 		.constant		= 4,
1103 		.base_key		= &rfc6803_enc_test10_basekey,
1104 		.plaintext		= &rfc6803_enc_30byte_plaintext,
1105 		.confounder		= &rfc6803_enc_test10_confounder,
1106 		.expected_result	= &rfc6803_enc_test10_expected_result,
1107 	},
1108 };
1109 
1110 /* Creates the function rfc6803_encrypt_gen_params */
1111 KUNIT_ARRAY_PARAM(rfc6803_encrypt, rfc6803_encrypt_test_params,
1112 		  gss_krb5_get_desc);
1113 
rfc6803_encrypt_case(struct kunit * test)1114 static void rfc6803_encrypt_case(struct kunit *test)
1115 {
1116 	const struct gss_krb5_test_param *param = test->param_value;
1117 	struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
1118 	const struct gss_krb5_enctype *gk5e;
1119 	struct xdr_netobj Ke, Ki, checksum;
1120 	u8 usage_data[GSS_KRB5_K5CLENGTH];
1121 	struct xdr_netobj usage = {
1122 		.data = usage_data,
1123 		.len = sizeof(usage_data),
1124 	};
1125 	struct crypto_ahash *ahash_tfm;
1126 	unsigned int blocksize;
1127 	struct xdr_buf buf;
1128 	void *text;
1129 	size_t len;
1130 	u32 err;
1131 
1132 	/* Arrange */
1133 	gk5e = gss_krb5_lookup_enctype(param->enctype);
1134 	if (!gk5e)
1135 		kunit_skip(test, "Encryption type is not available");
1136 
1137 	memset(usage_data, 0, sizeof(usage_data));
1138 	usage.data[3] = param->constant;
1139 
1140 	Ke.len = gk5e->Ke_length;
1141 	Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL);
1142 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data);
1143 	usage.data[4] = KEY_USAGE_SEED_ENCRYPTION;
1144 	err = gk5e->derive_key(gk5e, param->base_key, &Ke, &usage, GFP_KERNEL);
1145 	KUNIT_ASSERT_EQ(test, err, 0);
1146 
1147 	cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
1148 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
1149 	err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len);
1150 	KUNIT_ASSERT_EQ(test, err, 0);
1151 
1152 	cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
1153 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
1154 	err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len);
1155 	KUNIT_ASSERT_EQ(test, err, 0);
1156 	blocksize = crypto_sync_skcipher_blocksize(cts_tfm);
1157 
1158 	len = param->confounder->len + param->plaintext->len + blocksize;
1159 	text = kunit_kzalloc(test, len, GFP_KERNEL);
1160 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
1161 	memcpy(text, param->confounder->data, param->confounder->len);
1162 	memcpy(text + param->confounder->len, param->plaintext->data,
1163 	       param->plaintext->len);
1164 
1165 	memset(&buf, 0, sizeof(buf));
1166 	buf.head[0].iov_base = text;
1167 	buf.head[0].iov_len = param->confounder->len + param->plaintext->len;
1168 	buf.len = buf.head[0].iov_len;
1169 
1170 	checksum.len = gk5e->cksumlength;
1171 	checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL);
1172 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data);
1173 
1174 	Ki.len = gk5e->Ki_length;
1175 	Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL);
1176 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data);
1177 	usage.data[4] = KEY_USAGE_SEED_INTEGRITY;
1178 	err = gk5e->derive_key(gk5e, param->base_key, &Ki,
1179 			       &usage, GFP_KERNEL);
1180 	KUNIT_ASSERT_EQ(test, err, 0);
1181 	ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC);
1182 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm);
1183 	err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len);
1184 	KUNIT_ASSERT_EQ(test, err, 0);
1185 
1186 	/* Act */
1187 	err = gss_krb5_checksum(ahash_tfm, NULL, 0, &buf, 0, &checksum);
1188 	KUNIT_ASSERT_EQ(test, err, 0);
1189 
1190 	err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0);
1191 	KUNIT_ASSERT_EQ(test, err, 0);
1192 
1193 	/* Assert */
1194 	KUNIT_EXPECT_EQ_MSG(test, param->expected_result->len,
1195 			    buf.len + checksum.len,
1196 			    "ciphertext length mismatch");
1197 	KUNIT_EXPECT_EQ_MSG(test,
1198 			    memcmp(param->expected_result->data,
1199 				   buf.head[0].iov_base, buf.len), 0,
1200 			    "encrypted result mismatch");
1201 	KUNIT_EXPECT_EQ_MSG(test,
1202 			    memcmp(param->expected_result->data +
1203 				   (param->expected_result->len - checksum.len),
1204 				   checksum.data, checksum.len), 0,
1205 			    "HMAC mismatch");
1206 
1207 	crypto_free_ahash(ahash_tfm);
1208 	crypto_free_sync_skcipher(cts_tfm);
1209 	crypto_free_sync_skcipher(cbc_tfm);
1210 }
1211 
1212 static struct kunit_case rfc6803_test_cases[] = {
1213 	{
1214 		.name			= "RFC 6803 key derivation",
1215 		.run_case		= kdf_case,
1216 		.generate_params	= rfc6803_kdf_gen_params,
1217 	},
1218 	{
1219 		.name			= "RFC 6803 checksum",
1220 		.run_case		= checksum_case,
1221 		.generate_params	= rfc6803_checksum_gen_params,
1222 	},
1223 	{
1224 		.name			= "RFC 6803 encryption",
1225 		.run_case		= rfc6803_encrypt_case,
1226 		.generate_params	= rfc6803_encrypt_gen_params,
1227 	},
1228 	{}
1229 };
1230 
1231 static struct kunit_suite rfc6803_suite = {
1232 	.name			= "RFC 6803 suite",
1233 	.test_cases		= rfc6803_test_cases,
1234 };
1235 
1236 /*
1237  * From RFC 8009 Appendix A.  Test Vectors
1238  *
1239  * Sample results for SHA-2 enctype key derivation
1240  *
1241  * This test material is copyright (c) 2016 IETF Trust and the
1242  * persons identified as the document authors.  All rights reserved.
1243  */
1244 
1245 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_basekey,
1246 		      0x37, 0x05, 0xd9, 0x60, 0x80, 0xc1, 0x77, 0x28,
1247 		      0xa0, 0xe8, 0x00, 0xea, 0xb6, 0xe0, 0xd2, 0x3c
1248 );
1249 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Kc,
1250 		      0xb3, 0x1a, 0x01, 0x8a, 0x48, 0xf5, 0x47, 0x76,
1251 		      0xf4, 0x03, 0xe9, 0xa3, 0x96, 0x32, 0x5d, 0xc3
1252 );
1253 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ke,
1254 		      0x9b, 0x19, 0x7d, 0xd1, 0xe8, 0xc5, 0x60, 0x9d,
1255 		      0x6e, 0x67, 0xc3, 0xe3, 0x7c, 0x62, 0xc7, 0x2e
1256 );
1257 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ki,
1258 		      0x9f, 0xda, 0x0e, 0x56, 0xab, 0x2d, 0x85, 0xe1,
1259 		      0x56, 0x9a, 0x68, 0x86, 0x96, 0xc2, 0x6a, 0x6c
1260 );
1261 
1262 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_basekey,
1263 		      0x6d, 0x40, 0x4d, 0x37, 0xfa, 0xf7, 0x9f, 0x9d,
1264 		      0xf0, 0xd3, 0x35, 0x68, 0xd3, 0x20, 0x66, 0x98,
1265 		      0x00, 0xeb, 0x48, 0x36, 0x47, 0x2e, 0xa8, 0xa0,
1266 		      0x26, 0xd1, 0x6b, 0x71, 0x82, 0x46, 0x0c, 0x52
1267 );
1268 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Kc,
1269 		      0xef, 0x57, 0x18, 0xbe, 0x86, 0xcc, 0x84, 0x96,
1270 		      0x3d, 0x8b, 0xbb, 0x50, 0x31, 0xe9, 0xf5, 0xc4,
1271 		      0xba, 0x41, 0xf2, 0x8f, 0xaf, 0x69, 0xe7, 0x3d
1272 );
1273 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ke,
1274 		      0x56, 0xab, 0x22, 0xbe, 0xe6, 0x3d, 0x82, 0xd7,
1275 		      0xbc, 0x52, 0x27, 0xf6, 0x77, 0x3f, 0x8e, 0xa7,
1276 		      0xa5, 0xeb, 0x1c, 0x82, 0x51, 0x60, 0xc3, 0x83,
1277 		      0x12, 0x98, 0x0c, 0x44, 0x2e, 0x5c, 0x7e, 0x49
1278 );
1279 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ki,
1280 		      0x69, 0xb1, 0x65, 0x14, 0xe3, 0xcd, 0x8e, 0x56,
1281 		      0xb8, 0x20, 0x10, 0xd5, 0xc7, 0x30, 0x12, 0xb6,
1282 		      0x22, 0xc4, 0xd0, 0x0f, 0xfc, 0x23, 0xed, 0x1f
1283 );
1284 
1285 static const struct gss_krb5_test_param rfc8009_kdf_test_params[] = {
1286 	{
1287 		.desc			= "Derive Kc subkey for aes128-cts-hmac-sha256-128",
1288 		.enctype		= ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1289 		.base_key		= &aes128_cts_hmac_sha256_128_basekey,
1290 		.usage			= &usage_checksum,
1291 		.expected_result	= &aes128_cts_hmac_sha256_128_Kc,
1292 	},
1293 	{
1294 		.desc			= "Derive Ke subkey for aes128-cts-hmac-sha256-128",
1295 		.enctype		= ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1296 		.base_key		= &aes128_cts_hmac_sha256_128_basekey,
1297 		.usage			= &usage_encryption,
1298 		.expected_result	= &aes128_cts_hmac_sha256_128_Ke,
1299 	},
1300 	{
1301 		.desc			= "Derive Ki subkey for aes128-cts-hmac-sha256-128",
1302 		.enctype		= ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1303 		.base_key		= &aes128_cts_hmac_sha256_128_basekey,
1304 		.usage			= &usage_integrity,
1305 		.expected_result	= &aes128_cts_hmac_sha256_128_Ki,
1306 	},
1307 	{
1308 		.desc			= "Derive Kc subkey for aes256-cts-hmac-sha384-192",
1309 		.enctype		= ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1310 		.base_key		= &aes256_cts_hmac_sha384_192_basekey,
1311 		.usage			= &usage_checksum,
1312 		.expected_result	= &aes256_cts_hmac_sha384_192_Kc,
1313 	},
1314 	{
1315 		.desc			= "Derive Ke subkey for aes256-cts-hmac-sha384-192",
1316 		.enctype		= ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1317 		.base_key		= &aes256_cts_hmac_sha384_192_basekey,
1318 		.usage			= &usage_encryption,
1319 		.expected_result	= &aes256_cts_hmac_sha384_192_Ke,
1320 	},
1321 	{
1322 		.desc			= "Derive Ki subkey for aes256-cts-hmac-sha384-192",
1323 		.enctype		= ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1324 		.base_key		= &aes256_cts_hmac_sha384_192_basekey,
1325 		.usage			= &usage_integrity,
1326 		.expected_result	= &aes256_cts_hmac_sha384_192_Ki,
1327 	},
1328 };
1329 
1330 /* Creates the function rfc8009_kdf_gen_params */
1331 KUNIT_ARRAY_PARAM(rfc8009_kdf, rfc8009_kdf_test_params, gss_krb5_get_desc);
1332 
1333 /*
1334  * From RFC 8009 Appendix A.  Test Vectors
1335  *
1336  * These sample checksums use the above sample key derivation results,
1337  * including use of the same base-key and key usage values.
1338  *
1339  * This test material is copyright (c) 2016 IETF Trust and the
1340  * persons identified as the document authors.  All rights reserved.
1341  */
1342 
1343 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_plaintext,
1344 		      0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1345 		      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1346 		      0x10, 0x11, 0x12, 0x13, 0x14
1347 );
1348 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test1_expected_result,
1349 		      0xd7, 0x83, 0x67, 0x18, 0x66, 0x43, 0xd6, 0x7b,
1350 		      0x41, 0x1c, 0xba, 0x91, 0x39, 0xfc, 0x1d, 0xee
1351 );
1352 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test2_expected_result,
1353 		      0x45, 0xee, 0x79, 0x15, 0x67, 0xee, 0xfc, 0xa3,
1354 		      0x7f, 0x4a, 0xc1, 0xe0, 0x22, 0x2d, 0xe8, 0x0d,
1355 		      0x43, 0xc3, 0xbf, 0xa0, 0x66, 0x99, 0x67, 0x2a
1356 );
1357 
1358 static const struct gss_krb5_test_param rfc8009_checksum_test_params[] = {
1359 	{
1360 		.desc			= "Checksum with aes128-cts-hmac-sha256-128",
1361 		.enctype		= ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1362 		.base_key		= &aes128_cts_hmac_sha256_128_basekey,
1363 		.usage			= &usage_checksum,
1364 		.plaintext		= &rfc8009_checksum_plaintext,
1365 		.expected_result	= &rfc8009_checksum_test1_expected_result,
1366 	},
1367 	{
1368 		.desc			= "Checksum with aes256-cts-hmac-sha384-192",
1369 		.enctype		= ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1370 		.base_key		= &aes256_cts_hmac_sha384_192_basekey,
1371 		.usage			= &usage_checksum,
1372 		.plaintext		= &rfc8009_checksum_plaintext,
1373 		.expected_result	= &rfc8009_checksum_test2_expected_result,
1374 	},
1375 };
1376 
1377 /* Creates the function rfc8009_checksum_gen_params */
1378 KUNIT_ARRAY_PARAM(rfc8009_checksum, rfc8009_checksum_test_params,
1379 		  gss_krb5_get_desc);
1380 
1381 /*
1382  * From RFC 8009 Appendix A.  Test Vectors
1383  *
1384  * Sample encryptions (all using the default cipher state):
1385  * --------------------------------------------------------
1386  *
1387  * These sample encryptions use the above sample key derivation results,
1388  * including use of the same base-key and key usage values.
1389  *
1390  * This test material is copyright (c) 2016 IETF Trust and the
1391  * persons identified as the document authors.  All rights reserved.
1392  */
1393 
1394 static const struct xdr_netobj rfc8009_enc_empty_plaintext = {
1395 	.len	= 0,
1396 };
1397 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_short_plaintext,
1398 		      0x00, 0x01, 0x02, 0x03, 0x04, 0x05
1399 );
1400 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_block_plaintext,
1401 		      0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1402 		      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
1403 );
1404 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_long_plaintext,
1405 		      0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1406 		      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1407 		      0x10, 0x11, 0x12, 0x13, 0x14
1408 );
1409 
1410 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_confounder,
1411 		      0x7e, 0x58, 0x95, 0xea, 0xf2, 0x67, 0x24, 0x35,
1412 		      0xba, 0xd8, 0x17, 0xf5, 0x45, 0xa3, 0x71, 0x48
1413 );
1414 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_result,
1415 		      0xef, 0x85, 0xfb, 0x89, 0x0b, 0xb8, 0x47, 0x2f,
1416 		      0x4d, 0xab, 0x20, 0x39, 0x4d, 0xca, 0x78, 0x1d
1417 );
1418 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_hmac,
1419 		      0xad, 0x87, 0x7e, 0xda, 0x39, 0xd5, 0x0c, 0x87,
1420 		      0x0c, 0x0d, 0x5a, 0x0a, 0x8e, 0x48, 0xc7, 0x18
1421 );
1422 
1423 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_confounder,
1424 		      0x7b, 0xca, 0x28, 0x5e, 0x2f, 0xd4, 0x13, 0x0f,
1425 		      0xb5, 0x5b, 0x1a, 0x5c, 0x83, 0xbc, 0x5b, 0x24
1426 );
1427 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_result,
1428 		      0x84, 0xd7, 0xf3, 0x07, 0x54, 0xed, 0x98, 0x7b,
1429 		      0xab, 0x0b, 0xf3, 0x50, 0x6b, 0xeb, 0x09, 0xcf,
1430 		      0xb5, 0x54, 0x02, 0xce, 0xf7, 0xe6
1431 );
1432 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_hmac,
1433 		      0x87, 0x7c, 0xe9, 0x9e, 0x24, 0x7e, 0x52, 0xd1,
1434 		      0x6e, 0xd4, 0x42, 0x1d, 0xfd, 0xf8, 0x97, 0x6c
1435 );
1436 
1437 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_confounder,
1438 		      0x56, 0xab, 0x21, 0x71, 0x3f, 0xf6, 0x2c, 0x0a,
1439 		      0x14, 0x57, 0x20, 0x0f, 0x6f, 0xa9, 0x94, 0x8f
1440 );
1441 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_result,
1442 		      0x35, 0x17, 0xd6, 0x40, 0xf5, 0x0d, 0xdc, 0x8a,
1443 		      0xd3, 0x62, 0x87, 0x22, 0xb3, 0x56, 0x9d, 0x2a,
1444 		      0xe0, 0x74, 0x93, 0xfa, 0x82, 0x63, 0x25, 0x40,
1445 		      0x80, 0xea, 0x65, 0xc1, 0x00, 0x8e, 0x8f, 0xc2
1446 );
1447 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_hmac,
1448 		      0x95, 0xfb, 0x48, 0x52, 0xe7, 0xd8, 0x3e, 0x1e,
1449 		      0x7c, 0x48, 0xc3, 0x7e, 0xeb, 0xe6, 0xb0, 0xd3
1450 );
1451 
1452 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_confounder,
1453 		      0xa7, 0xa4, 0xe2, 0x9a, 0x47, 0x28, 0xce, 0x10,
1454 		      0x66, 0x4f, 0xb6, 0x4e, 0x49, 0xad, 0x3f, 0xac
1455 );
1456 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_result,
1457 		      0x72, 0x0f, 0x73, 0xb1, 0x8d, 0x98, 0x59, 0xcd,
1458 		      0x6c, 0xcb, 0x43, 0x46, 0x11, 0x5c, 0xd3, 0x36,
1459 		      0xc7, 0x0f, 0x58, 0xed, 0xc0, 0xc4, 0x43, 0x7c,
1460 		      0x55, 0x73, 0x54, 0x4c, 0x31, 0xc8, 0x13, 0xbc,
1461 		      0xe1, 0xe6, 0xd0, 0x72, 0xc1
1462 );
1463 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_hmac,
1464 		      0x86, 0xb3, 0x9a, 0x41, 0x3c, 0x2f, 0x92, 0xca,
1465 		      0x9b, 0x83, 0x34, 0xa2, 0x87, 0xff, 0xcb, 0xfc
1466 );
1467 
1468 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_confounder,
1469 		      0xf7, 0x64, 0xe9, 0xfa, 0x15, 0xc2, 0x76, 0x47,
1470 		      0x8b, 0x2c, 0x7d, 0x0c, 0x4e, 0x5f, 0x58, 0xe4
1471 );
1472 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_result,
1473 		      0x41, 0xf5, 0x3f, 0xa5, 0xbf, 0xe7, 0x02, 0x6d,
1474 		      0x91, 0xfa, 0xf9, 0xbe, 0x95, 0x91, 0x95, 0xa0
1475 );
1476 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_hmac,
1477 		      0x58, 0x70, 0x72, 0x73, 0xa9, 0x6a, 0x40, 0xf0,
1478 		      0xa0, 0x19, 0x60, 0x62, 0x1a, 0xc6, 0x12, 0x74,
1479 		      0x8b, 0x9b, 0xbf, 0xbe, 0x7e, 0xb4, 0xce, 0x3c
1480 );
1481 
1482 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_confounder,
1483 		      0xb8, 0x0d, 0x32, 0x51, 0xc1, 0xf6, 0x47, 0x14,
1484 		      0x94, 0x25, 0x6f, 0xfe, 0x71, 0x2d, 0x0b, 0x9a
1485 );
1486 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_result,
1487 		      0x4e, 0xd7, 0xb3, 0x7c, 0x2b, 0xca, 0xc8, 0xf7,
1488 		      0x4f, 0x23, 0xc1, 0xcf, 0x07, 0xe6, 0x2b, 0xc7,
1489 		      0xb7, 0x5f, 0xb3, 0xf6, 0x37, 0xb9
1490 );
1491 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_hmac,
1492 		      0xf5, 0x59, 0xc7, 0xf6, 0x64, 0xf6, 0x9e, 0xab,
1493 		      0x7b, 0x60, 0x92, 0x23, 0x75, 0x26, 0xea, 0x0d,
1494 		      0x1f, 0x61, 0xcb, 0x20, 0xd6, 0x9d, 0x10, 0xf2
1495 );
1496 
1497 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_confounder,
1498 		      0x53, 0xbf, 0x8a, 0x0d, 0x10, 0x52, 0x65, 0xd4,
1499 		      0xe2, 0x76, 0x42, 0x86, 0x24, 0xce, 0x5e, 0x63
1500 );
1501 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_result,
1502 		      0xbc, 0x47, 0xff, 0xec, 0x79, 0x98, 0xeb, 0x91,
1503 		      0xe8, 0x11, 0x5c, 0xf8, 0xd1, 0x9d, 0xac, 0x4b,
1504 		      0xbb, 0xe2, 0xe1, 0x63, 0xe8, 0x7d, 0xd3, 0x7f,
1505 		      0x49, 0xbe, 0xca, 0x92, 0x02, 0x77, 0x64, 0xf6
1506 );
1507 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_hmac,
1508 		      0x8c, 0xf5, 0x1f, 0x14, 0xd7, 0x98, 0xc2, 0x27,
1509 		      0x3f, 0x35, 0xdf, 0x57, 0x4d, 0x1f, 0x93, 0x2e,
1510 		      0x40, 0xc4, 0xff, 0x25, 0x5b, 0x36, 0xa2, 0x66
1511 );
1512 
1513 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_confounder,
1514 		      0x76, 0x3e, 0x65, 0x36, 0x7e, 0x86, 0x4f, 0x02,
1515 		      0xf5, 0x51, 0x53, 0xc7, 0xe3, 0xb5, 0x8a, 0xf1
1516 );
1517 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_result,
1518 		      0x40, 0x01, 0x3e, 0x2d, 0xf5, 0x8e, 0x87, 0x51,
1519 		      0x95, 0x7d, 0x28, 0x78, 0xbc, 0xd2, 0xd6, 0xfe,
1520 		      0x10, 0x1c, 0xcf, 0xd5, 0x56, 0xcb, 0x1e, 0xae,
1521 		      0x79, 0xdb, 0x3c, 0x3e, 0xe8, 0x64, 0x29, 0xf2,
1522 		      0xb2, 0xa6, 0x02, 0xac, 0x86
1523 );
1524 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_hmac,
1525 		      0xfe, 0xf6, 0xec, 0xb6, 0x47, 0xd6, 0x29, 0x5f,
1526 		      0xae, 0x07, 0x7a, 0x1f, 0xeb, 0x51, 0x75, 0x08,
1527 		      0xd2, 0xc1, 0x6b, 0x41, 0x92, 0xe0, 0x1f, 0x62
1528 );
1529 
1530 static const struct gss_krb5_test_param rfc8009_encrypt_test_params[] = {
1531 	{
1532 		.desc			= "Encrypt empty plaintext with aes128-cts-hmac-sha256-128",
1533 		.enctype		= ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1534 		.plaintext		= &rfc8009_enc_empty_plaintext,
1535 		.confounder		= &rfc8009_enc_test1_confounder,
1536 		.base_key		= &aes128_cts_hmac_sha256_128_basekey,
1537 		.expected_result	= &rfc8009_enc_test1_expected_result,
1538 		.expected_hmac		= &rfc8009_enc_test1_expected_hmac,
1539 	},
1540 	{
1541 		.desc			= "Encrypt short plaintext with aes128-cts-hmac-sha256-128",
1542 		.enctype		= ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1543 		.plaintext		= &rfc8009_enc_short_plaintext,
1544 		.confounder		= &rfc8009_enc_test2_confounder,
1545 		.base_key		= &aes128_cts_hmac_sha256_128_basekey,
1546 		.expected_result	= &rfc8009_enc_test2_expected_result,
1547 		.expected_hmac		= &rfc8009_enc_test2_expected_hmac,
1548 	},
1549 	{
1550 		.desc			= "Encrypt block plaintext with aes128-cts-hmac-sha256-128",
1551 		.enctype		= ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1552 		.plaintext		= &rfc8009_enc_block_plaintext,
1553 		.confounder		= &rfc8009_enc_test3_confounder,
1554 		.base_key		= &aes128_cts_hmac_sha256_128_basekey,
1555 		.expected_result	= &rfc8009_enc_test3_expected_result,
1556 		.expected_hmac		= &rfc8009_enc_test3_expected_hmac,
1557 	},
1558 	{
1559 		.desc			= "Encrypt long plaintext with aes128-cts-hmac-sha256-128",
1560 		.enctype		= ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1561 		.plaintext		= &rfc8009_enc_long_plaintext,
1562 		.confounder		= &rfc8009_enc_test4_confounder,
1563 		.base_key		= &aes128_cts_hmac_sha256_128_basekey,
1564 		.expected_result	= &rfc8009_enc_test4_expected_result,
1565 		.expected_hmac		= &rfc8009_enc_test4_expected_hmac,
1566 	},
1567 	{
1568 		.desc			= "Encrypt empty plaintext with aes256-cts-hmac-sha384-192",
1569 		.enctype		= ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1570 		.plaintext		= &rfc8009_enc_empty_plaintext,
1571 		.confounder		= &rfc8009_enc_test5_confounder,
1572 		.base_key		= &aes256_cts_hmac_sha384_192_basekey,
1573 		.expected_result	= &rfc8009_enc_test5_expected_result,
1574 		.expected_hmac		= &rfc8009_enc_test5_expected_hmac,
1575 	},
1576 	{
1577 		.desc			= "Encrypt short plaintext with aes256-cts-hmac-sha384-192",
1578 		.enctype		= ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1579 		.plaintext		= &rfc8009_enc_short_plaintext,
1580 		.confounder		= &rfc8009_enc_test6_confounder,
1581 		.base_key		= &aes256_cts_hmac_sha384_192_basekey,
1582 		.expected_result	= &rfc8009_enc_test6_expected_result,
1583 		.expected_hmac		= &rfc8009_enc_test6_expected_hmac,
1584 	},
1585 	{
1586 		.desc			= "Encrypt block plaintext with aes256-cts-hmac-sha384-192",
1587 		.enctype		= ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1588 		.plaintext		= &rfc8009_enc_block_plaintext,
1589 		.confounder		= &rfc8009_enc_test7_confounder,
1590 		.base_key		= &aes256_cts_hmac_sha384_192_basekey,
1591 		.expected_result	= &rfc8009_enc_test7_expected_result,
1592 		.expected_hmac		= &rfc8009_enc_test7_expected_hmac,
1593 	},
1594 	{
1595 		.desc			= "Encrypt long plaintext with aes256-cts-hmac-sha384-192",
1596 		.enctype		= ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1597 		.plaintext		= &rfc8009_enc_long_plaintext,
1598 		.confounder		= &rfc8009_enc_test8_confounder,
1599 		.base_key		= &aes256_cts_hmac_sha384_192_basekey,
1600 		.expected_result	= &rfc8009_enc_test8_expected_result,
1601 		.expected_hmac		= &rfc8009_enc_test8_expected_hmac,
1602 	},
1603 };
1604 
1605 /* Creates the function rfc8009_encrypt_gen_params */
1606 KUNIT_ARRAY_PARAM(rfc8009_encrypt, rfc8009_encrypt_test_params,
1607 		  gss_krb5_get_desc);
1608 
rfc8009_encrypt_case(struct kunit * test)1609 static void rfc8009_encrypt_case(struct kunit *test)
1610 {
1611 	const struct gss_krb5_test_param *param = test->param_value;
1612 	struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
1613 	const struct gss_krb5_enctype *gk5e;
1614 	struct xdr_netobj Ke, Ki, checksum;
1615 	u8 usage_data[GSS_KRB5_K5CLENGTH];
1616 	struct xdr_netobj usage = {
1617 		.data = usage_data,
1618 		.len = sizeof(usage_data),
1619 	};
1620 	struct crypto_ahash *ahash_tfm;
1621 	struct xdr_buf buf;
1622 	void *text;
1623 	size_t len;
1624 	u32 err;
1625 
1626 	/* Arrange */
1627 	gk5e = gss_krb5_lookup_enctype(param->enctype);
1628 	if (!gk5e)
1629 		kunit_skip(test, "Encryption type is not available");
1630 
1631 	*(__be32 *)usage.data = cpu_to_be32(2);
1632 
1633 	Ke.len = gk5e->Ke_length;
1634 	Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL);
1635 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data);
1636 	usage.data[4] = KEY_USAGE_SEED_ENCRYPTION;
1637 	err = gk5e->derive_key(gk5e, param->base_key, &Ke,
1638 			       &usage, GFP_KERNEL);
1639 	KUNIT_ASSERT_EQ(test, err, 0);
1640 
1641 	cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
1642 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
1643 	err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len);
1644 	KUNIT_ASSERT_EQ(test, err, 0);
1645 
1646 	cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
1647 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
1648 	err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len);
1649 	KUNIT_ASSERT_EQ(test, err, 0);
1650 
1651 	len = param->confounder->len + param->plaintext->len;
1652 	text = kunit_kzalloc(test, len, GFP_KERNEL);
1653 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
1654 	memcpy(text, param->confounder->data, param->confounder->len);
1655 	memcpy(text + param->confounder->len, param->plaintext->data,
1656 	       param->plaintext->len);
1657 
1658 	memset(&buf, 0, sizeof(buf));
1659 	buf.head[0].iov_base = text;
1660 	buf.head[0].iov_len = param->confounder->len + param->plaintext->len;
1661 	buf.len = buf.head[0].iov_len;
1662 
1663 	checksum.len = gk5e->cksumlength;
1664 	checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL);
1665 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data);
1666 
1667 	Ki.len = gk5e->Ki_length;
1668 	Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL);
1669 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data);
1670 	usage.data[4] = KEY_USAGE_SEED_INTEGRITY;
1671 	err = gk5e->derive_key(gk5e, param->base_key, &Ki,
1672 			       &usage, GFP_KERNEL);
1673 	KUNIT_ASSERT_EQ(test, err, 0);
1674 
1675 	ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC);
1676 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm);
1677 	err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len);
1678 	KUNIT_ASSERT_EQ(test, err, 0);
1679 
1680 	/* Act */
1681 	err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0);
1682 	KUNIT_ASSERT_EQ(test, err, 0);
1683 	err = krb5_etm_checksum(cts_tfm, ahash_tfm, &buf, 0, &checksum);
1684 	KUNIT_ASSERT_EQ(test, err, 0);
1685 
1686 	/* Assert */
1687 	KUNIT_EXPECT_EQ_MSG(test,
1688 			    param->expected_result->len, buf.len,
1689 			    "ciphertext length mismatch");
1690 	KUNIT_EXPECT_EQ_MSG(test,
1691 			    memcmp(param->expected_result->data,
1692 				   buf.head[0].iov_base,
1693 				   param->expected_result->len), 0,
1694 			    "ciphertext mismatch");
1695 	KUNIT_EXPECT_EQ_MSG(test, memcmp(param->expected_hmac->data,
1696 					 checksum.data,
1697 					 checksum.len), 0,
1698 			    "HMAC mismatch");
1699 
1700 	crypto_free_ahash(ahash_tfm);
1701 	crypto_free_sync_skcipher(cts_tfm);
1702 	crypto_free_sync_skcipher(cbc_tfm);
1703 }
1704 
1705 static struct kunit_case rfc8009_test_cases[] = {
1706 	{
1707 		.name			= "RFC 8009 key derivation",
1708 		.run_case		= kdf_case,
1709 		.generate_params	= rfc8009_kdf_gen_params,
1710 	},
1711 	{
1712 		.name			= "RFC 8009 checksum",
1713 		.run_case		= checksum_case,
1714 		.generate_params	= rfc8009_checksum_gen_params,
1715 	},
1716 	{
1717 		.name			= "RFC 8009 encryption",
1718 		.run_case		= rfc8009_encrypt_case,
1719 		.generate_params	= rfc8009_encrypt_gen_params,
1720 	},
1721 	{}
1722 };
1723 
1724 static struct kunit_suite rfc8009_suite = {
1725 	.name			= "RFC 8009 suite",
1726 	.test_cases		= rfc8009_test_cases,
1727 };
1728 
1729 /*
1730  * Encryption self-tests
1731  */
1732 
1733 DEFINE_STR_XDR_NETOBJ(encrypt_selftest_plaintext,
1734 		      "This is the plaintext for the encryption self-test.");
1735 
1736 static const struct gss_krb5_test_param encrypt_selftest_params[] = {
1737 	{
1738 		.desc			= "aes128-cts-hmac-sha1-96 encryption self-test",
1739 		.enctype		= ENCTYPE_AES128_CTS_HMAC_SHA1_96,
1740 		.Ke			= &rfc3962_encryption_key,
1741 		.plaintext		= &encrypt_selftest_plaintext,
1742 	},
1743 	{
1744 		.desc			= "aes256-cts-hmac-sha1-96 encryption self-test",
1745 		.enctype		= ENCTYPE_AES256_CTS_HMAC_SHA1_96,
1746 		.Ke			= &rfc3962_encryption_key,
1747 		.plaintext		= &encrypt_selftest_plaintext,
1748 	},
1749 	{
1750 		.desc			= "camellia128-cts-cmac encryption self-test",
1751 		.enctype		= ENCTYPE_CAMELLIA128_CTS_CMAC,
1752 		.Ke			= &camellia128_cts_cmac_Ke,
1753 		.plaintext		= &encrypt_selftest_plaintext,
1754 	},
1755 	{
1756 		.desc			= "camellia256-cts-cmac encryption self-test",
1757 		.enctype		= ENCTYPE_CAMELLIA256_CTS_CMAC,
1758 		.Ke			= &camellia256_cts_cmac_Ke,
1759 		.plaintext		= &encrypt_selftest_plaintext,
1760 	},
1761 	{
1762 		.desc			= "aes128-cts-hmac-sha256-128 encryption self-test",
1763 		.enctype		= ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1764 		.Ke			= &aes128_cts_hmac_sha256_128_Ke,
1765 		.plaintext		= &encrypt_selftest_plaintext,
1766 	},
1767 	{
1768 		.desc			= "aes256-cts-hmac-sha384-192 encryption self-test",
1769 		.enctype		= ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1770 		.Ke			= &aes256_cts_hmac_sha384_192_Ke,
1771 		.plaintext		= &encrypt_selftest_plaintext,
1772 	},
1773 };
1774 
1775 /* Creates the function encrypt_selftest_gen_params */
1776 KUNIT_ARRAY_PARAM(encrypt_selftest, encrypt_selftest_params,
1777 		  gss_krb5_get_desc);
1778 
1779 /*
1780  * Encrypt and decrypt plaintext, and ensure the input plaintext
1781  * matches the output plaintext. A confounder is not added in this
1782  * case.
1783  */
encrypt_selftest_case(struct kunit * test)1784 static void encrypt_selftest_case(struct kunit *test)
1785 {
1786 	const struct gss_krb5_test_param *param = test->param_value;
1787 	struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
1788 	const struct gss_krb5_enctype *gk5e;
1789 	struct xdr_buf buf;
1790 	void *text;
1791 	int err;
1792 
1793 	/* Arrange */
1794 	gk5e = gss_krb5_lookup_enctype(param->enctype);
1795 	if (!gk5e)
1796 		kunit_skip(test, "Encryption type is not available");
1797 
1798 	cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
1799 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
1800 	err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len);
1801 	KUNIT_ASSERT_EQ(test, err, 0);
1802 
1803 	cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
1804 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
1805 	err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len);
1806 	KUNIT_ASSERT_EQ(test, err, 0);
1807 
1808 	text = kunit_kzalloc(test, roundup(param->plaintext->len,
1809 					   crypto_sync_skcipher_blocksize(cbc_tfm)),
1810 			     GFP_KERNEL);
1811 	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
1812 
1813 	memcpy(text, param->plaintext->data, param->plaintext->len);
1814 	memset(&buf, 0, sizeof(buf));
1815 	buf.head[0].iov_base = text;
1816 	buf.head[0].iov_len = param->plaintext->len;
1817 	buf.len = buf.head[0].iov_len;
1818 
1819 	/* Act */
1820 	err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0);
1821 	KUNIT_ASSERT_EQ(test, err, 0);
1822 	err = krb5_cbc_cts_decrypt(cts_tfm, cbc_tfm, 0, &buf);
1823 	KUNIT_ASSERT_EQ(test, err, 0);
1824 
1825 	/* Assert */
1826 	KUNIT_EXPECT_EQ_MSG(test,
1827 			    param->plaintext->len, buf.len,
1828 			    "length mismatch");
1829 	KUNIT_EXPECT_EQ_MSG(test,
1830 			    memcmp(param->plaintext->data,
1831 				   buf.head[0].iov_base, buf.len), 0,
1832 			    "plaintext mismatch");
1833 
1834 	crypto_free_sync_skcipher(cts_tfm);
1835 	crypto_free_sync_skcipher(cbc_tfm);
1836 }
1837 
1838 static struct kunit_case encryption_test_cases[] = {
1839 	{
1840 		.name			= "Encryption self-tests",
1841 		.run_case		= encrypt_selftest_case,
1842 		.generate_params	= encrypt_selftest_gen_params,
1843 	},
1844 	{}
1845 };
1846 
1847 static struct kunit_suite encryption_test_suite = {
1848 	.name			= "Encryption test suite",
1849 	.test_cases		= encryption_test_cases,
1850 };
1851 
1852 kunit_test_suites(&rfc3961_suite,
1853 		  &rfc3962_suite,
1854 		  &rfc6803_suite,
1855 		  &rfc8009_suite,
1856 		  &encryption_test_suite);
1857 
1858 MODULE_DESCRIPTION("Test RPCSEC GSS Kerberos 5 functions");
1859 MODULE_LICENSE("GPL");
1860