1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (c) 2022 Oracle and/or its affiliates.
4 *
5 * KUnit test of SunRPC's GSS Kerberos mechanism. Subsystem
6 * name is "rpcsec_gss_krb5".
7 */
8
9 #include <kunit/test.h>
10 #include <kunit/visibility.h>
11
12 #include <linux/kernel.h>
13 #include <crypto/hash.h>
14
15 #include <linux/sunrpc/xdr.h>
16 #include <linux/sunrpc/gss_krb5.h>
17
18 #include "gss_krb5_internal.h"
19
20 MODULE_IMPORT_NS(EXPORTED_FOR_KUNIT_TESTING);
21
22 struct gss_krb5_test_param {
23 const char *desc;
24 u32 enctype;
25 u32 nfold;
26 u32 constant;
27 const struct xdr_netobj *base_key;
28 const struct xdr_netobj *Ke;
29 const struct xdr_netobj *usage;
30 const struct xdr_netobj *plaintext;
31 const struct xdr_netobj *confounder;
32 const struct xdr_netobj *expected_result;
33 const struct xdr_netobj *expected_hmac;
34 const struct xdr_netobj *next_iv;
35 };
36
gss_krb5_get_desc(const struct gss_krb5_test_param * param,char * desc)37 static inline void gss_krb5_get_desc(const struct gss_krb5_test_param *param,
38 char *desc)
39 {
40 strscpy(desc, param->desc, KUNIT_PARAM_DESC_SIZE);
41 }
42
kdf_case(struct kunit * test)43 static void kdf_case(struct kunit *test)
44 {
45 const struct gss_krb5_test_param *param = test->param_value;
46 const struct gss_krb5_enctype *gk5e;
47 struct xdr_netobj derivedkey;
48 int err;
49
50 /* Arrange */
51 gk5e = gss_krb5_lookup_enctype(param->enctype);
52 if (!gk5e)
53 kunit_skip(test, "Encryption type is not available");
54
55 derivedkey.data = kunit_kzalloc(test, param->expected_result->len,
56 GFP_KERNEL);
57 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, derivedkey.data);
58 derivedkey.len = param->expected_result->len;
59
60 /* Act */
61 err = gk5e->derive_key(gk5e, param->base_key, &derivedkey,
62 param->usage, GFP_KERNEL);
63 KUNIT_ASSERT_EQ(test, err, 0);
64
65 /* Assert */
66 KUNIT_EXPECT_EQ_MSG(test,
67 memcmp(param->expected_result->data,
68 derivedkey.data, derivedkey.len), 0,
69 "key mismatch");
70 }
71
checksum_case(struct kunit * test)72 static void checksum_case(struct kunit *test)
73 {
74 const struct gss_krb5_test_param *param = test->param_value;
75 struct xdr_buf buf = {
76 .head[0].iov_len = param->plaintext->len,
77 .len = param->plaintext->len,
78 };
79 const struct gss_krb5_enctype *gk5e;
80 struct xdr_netobj Kc, checksum;
81 struct crypto_ahash *tfm;
82 int err;
83
84 /* Arrange */
85 gk5e = gss_krb5_lookup_enctype(param->enctype);
86 if (!gk5e)
87 kunit_skip(test, "Encryption type is not available");
88
89 Kc.len = gk5e->Kc_length;
90 Kc.data = kunit_kzalloc(test, Kc.len, GFP_KERNEL);
91 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Kc.data);
92 err = gk5e->derive_key(gk5e, param->base_key, &Kc,
93 param->usage, GFP_KERNEL);
94 KUNIT_ASSERT_EQ(test, err, 0);
95
96 tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC);
97 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, tfm);
98 err = crypto_ahash_setkey(tfm, Kc.data, Kc.len);
99 KUNIT_ASSERT_EQ(test, err, 0);
100
101 buf.head[0].iov_base = kunit_kzalloc(test, buf.head[0].iov_len, GFP_KERNEL);
102 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, buf.head[0].iov_base);
103 memcpy(buf.head[0].iov_base, param->plaintext->data, buf.head[0].iov_len);
104
105 checksum.len = gk5e->cksumlength;
106 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL);
107 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data);
108
109 /* Act */
110 err = gss_krb5_checksum(tfm, NULL, 0, &buf, 0, &checksum);
111 KUNIT_ASSERT_EQ(test, err, 0);
112
113 /* Assert */
114 KUNIT_EXPECT_EQ_MSG(test,
115 memcmp(param->expected_result->data,
116 checksum.data, checksum.len), 0,
117 "checksum mismatch");
118
119 crypto_free_ahash(tfm);
120 }
121
122 #define DEFINE_HEX_XDR_NETOBJ(name, hex_array...) \
123 static const u8 name ## _data[] = { hex_array }; \
124 static const struct xdr_netobj name = { \
125 .data = (u8 *)name##_data, \
126 .len = sizeof(name##_data), \
127 }
128
129 #define DEFINE_STR_XDR_NETOBJ(name, string) \
130 static const u8 name ## _str[] = string; \
131 static const struct xdr_netobj name = { \
132 .data = (u8 *)name##_str, \
133 .len = sizeof(name##_str) - 1, \
134 }
135
136 /*
137 * RFC 3961 Appendix A.1. n-fold
138 *
139 * The n-fold function is defined in section 5.1 of RFC 3961.
140 *
141 * This test material is copyright (C) The Internet Society (2005).
142 */
143
144 DEFINE_HEX_XDR_NETOBJ(nfold_test1_plaintext,
145 0x30, 0x31, 0x32, 0x33, 0x34, 0x35
146 );
147 DEFINE_HEX_XDR_NETOBJ(nfold_test1_expected_result,
148 0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55
149 );
150
151 DEFINE_HEX_XDR_NETOBJ(nfold_test2_plaintext,
152 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64
153 );
154 DEFINE_HEX_XDR_NETOBJ(nfold_test2_expected_result,
155 0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa
156 );
157
158 DEFINE_HEX_XDR_NETOBJ(nfold_test3_plaintext,
159 0x52, 0x6f, 0x75, 0x67, 0x68, 0x20, 0x43, 0x6f,
160 0x6e, 0x73, 0x65, 0x6e, 0x73, 0x75, 0x73, 0x2c,
161 0x20, 0x61, 0x6e, 0x64, 0x20, 0x52, 0x75, 0x6e,
162 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x43, 0x6f, 0x64,
163 0x65
164 );
165 DEFINE_HEX_XDR_NETOBJ(nfold_test3_expected_result,
166 0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0
167 );
168
169 DEFINE_HEX_XDR_NETOBJ(nfold_test4_plaintext,
170 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64
171 );
172 DEFINE_HEX_XDR_NETOBJ(nfold_test4_expected_result,
173 0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3,
174 0xc3, 0x7b, 0x3f, 0x6d, 0x20, 0x00, 0x24, 0x7c,
175 0xb6, 0xe6, 0xbd, 0x5b, 0x3e
176 );
177
178 DEFINE_HEX_XDR_NETOBJ(nfold_test5_plaintext,
179 0x4d, 0x41, 0x53, 0x53, 0x41, 0x43, 0x48, 0x56,
180 0x53, 0x45, 0x54, 0x54, 0x53, 0x20, 0x49, 0x4e,
181 0x53, 0x54, 0x49, 0x54, 0x56, 0x54, 0x45, 0x20,
182 0x4f, 0x46, 0x20, 0x54, 0x45, 0x43, 0x48, 0x4e,
183 0x4f, 0x4c, 0x4f, 0x47, 0x59
184 );
185 DEFINE_HEX_XDR_NETOBJ(nfold_test5_expected_result,
186 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60,
187 0x32, 0x82, 0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22,
188 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b
189 );
190
191 DEFINE_HEX_XDR_NETOBJ(nfold_test6_plaintext,
192 0x51
193 );
194 DEFINE_HEX_XDR_NETOBJ(nfold_test6_expected_result,
195 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a,
196 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a,
197 0x51, 0x8a, 0x54, 0xa2, 0x15
198 );
199
200 DEFINE_HEX_XDR_NETOBJ(nfold_test7_plaintext,
201 0x62, 0x61
202 );
203 DEFINE_HEX_XDR_NETOBJ(nfold_test7_expected_result,
204 0xfb, 0x25, 0xd5, 0x31, 0xae, 0x89, 0x74, 0x49,
205 0x9f, 0x52, 0xfd, 0x92, 0xea, 0x98, 0x57, 0xc4,
206 0xba, 0x24, 0xcf, 0x29, 0x7e
207 );
208
209 DEFINE_HEX_XDR_NETOBJ(nfold_test_kerberos,
210 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73
211 );
212 DEFINE_HEX_XDR_NETOBJ(nfold_test8_expected_result,
213 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73
214 );
215 DEFINE_HEX_XDR_NETOBJ(nfold_test9_expected_result,
216 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73,
217 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93
218 );
219 DEFINE_HEX_XDR_NETOBJ(nfold_test10_expected_result,
220 0x83, 0x72, 0xc2, 0x36, 0x34, 0x4e, 0x5f, 0x15,
221 0x50, 0xcd, 0x07, 0x47, 0xe1, 0x5d, 0x62, 0xca,
222 0x7a, 0x5a, 0x3b, 0xce, 0xa4
223 );
224 DEFINE_HEX_XDR_NETOBJ(nfold_test11_expected_result,
225 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73,
226 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93,
227 0x5c, 0x9b, 0xdc, 0xda, 0xd9, 0x5c, 0x98, 0x99,
228 0xc4, 0xca, 0xe4, 0xde, 0xe6, 0xd6, 0xca, 0xe4
229 );
230
231 static const struct gss_krb5_test_param rfc3961_nfold_test_params[] = {
232 {
233 .desc = "64-fold(\"012345\")",
234 .nfold = 64,
235 .plaintext = &nfold_test1_plaintext,
236 .expected_result = &nfold_test1_expected_result,
237 },
238 {
239 .desc = "56-fold(\"password\")",
240 .nfold = 56,
241 .plaintext = &nfold_test2_plaintext,
242 .expected_result = &nfold_test2_expected_result,
243 },
244 {
245 .desc = "64-fold(\"Rough Consensus, and Running Code\")",
246 .nfold = 64,
247 .plaintext = &nfold_test3_plaintext,
248 .expected_result = &nfold_test3_expected_result,
249 },
250 {
251 .desc = "168-fold(\"password\")",
252 .nfold = 168,
253 .plaintext = &nfold_test4_plaintext,
254 .expected_result = &nfold_test4_expected_result,
255 },
256 {
257 .desc = "192-fold(\"MASSACHVSETTS INSTITVTE OF TECHNOLOGY\")",
258 .nfold = 192,
259 .plaintext = &nfold_test5_plaintext,
260 .expected_result = &nfold_test5_expected_result,
261 },
262 {
263 .desc = "168-fold(\"Q\")",
264 .nfold = 168,
265 .plaintext = &nfold_test6_plaintext,
266 .expected_result = &nfold_test6_expected_result,
267 },
268 {
269 .desc = "168-fold(\"ba\")",
270 .nfold = 168,
271 .plaintext = &nfold_test7_plaintext,
272 .expected_result = &nfold_test7_expected_result,
273 },
274 {
275 .desc = "64-fold(\"kerberos\")",
276 .nfold = 64,
277 .plaintext = &nfold_test_kerberos,
278 .expected_result = &nfold_test8_expected_result,
279 },
280 {
281 .desc = "128-fold(\"kerberos\")",
282 .nfold = 128,
283 .plaintext = &nfold_test_kerberos,
284 .expected_result = &nfold_test9_expected_result,
285 },
286 {
287 .desc = "168-fold(\"kerberos\")",
288 .nfold = 168,
289 .plaintext = &nfold_test_kerberos,
290 .expected_result = &nfold_test10_expected_result,
291 },
292 {
293 .desc = "256-fold(\"kerberos\")",
294 .nfold = 256,
295 .plaintext = &nfold_test_kerberos,
296 .expected_result = &nfold_test11_expected_result,
297 },
298 };
299
300 /* Creates the function rfc3961_nfold_gen_params */
301 KUNIT_ARRAY_PARAM(rfc3961_nfold, rfc3961_nfold_test_params, gss_krb5_get_desc);
302
rfc3961_nfold_case(struct kunit * test)303 static void rfc3961_nfold_case(struct kunit *test)
304 {
305 const struct gss_krb5_test_param *param = test->param_value;
306 u8 *result;
307
308 /* Arrange */
309 result = kunit_kzalloc(test, 4096, GFP_KERNEL);
310 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, result);
311
312 /* Act */
313 krb5_nfold(param->plaintext->len * 8, param->plaintext->data,
314 param->expected_result->len * 8, result);
315
316 /* Assert */
317 KUNIT_EXPECT_EQ_MSG(test,
318 memcmp(param->expected_result->data,
319 result, param->expected_result->len), 0,
320 "result mismatch");
321 }
322
323 static struct kunit_case rfc3961_test_cases[] = {
324 {
325 .name = "RFC 3961 n-fold",
326 .run_case = rfc3961_nfold_case,
327 .generate_params = rfc3961_nfold_gen_params,
328 },
329 {}
330 };
331
332 static struct kunit_suite rfc3961_suite = {
333 .name = "RFC 3961 tests",
334 .test_cases = rfc3961_test_cases,
335 };
336
337 /*
338 * From RFC 3962 Appendix B: Sample Test Vectors
339 *
340 * Some test vectors for CBC with ciphertext stealing, using an
341 * initial vector of all-zero.
342 *
343 * This test material is copyright (C) The Internet Society (2005).
344 */
345
346 DEFINE_HEX_XDR_NETOBJ(rfc3962_encryption_key,
347 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
348 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
349 );
350
351 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_plaintext,
352 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
353 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
354 0x20
355 );
356 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_expected_result,
357 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
358 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
359 0x97
360 );
361 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_next_iv,
362 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
363 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f
364 );
365
366 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_plaintext,
367 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
368 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
369 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
370 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20
371 );
372 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_expected_result,
373 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
374 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
375 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
376 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
377 );
378 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_next_iv,
379 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
380 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22
381 );
382
383 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_plaintext,
384 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
385 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
386 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
387 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43
388 );
389 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_expected_result,
390 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
391 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
392 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
393 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
394 );
395 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_next_iv,
396 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
397 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
398 );
399
400 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_plaintext,
401 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
402 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
403 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
404 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
405 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
406 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c
407 );
408 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_expected_result,
409 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
410 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
411 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
412 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
413 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
414 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
415 );
416 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_next_iv,
417 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
418 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e
419 );
420
421 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_plaintext,
422 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
423 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
424 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
425 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
426 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
427 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20
428 );
429 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_expected_result,
430 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
431 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
432 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
433 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
434 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
435 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
436 );
437 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_next_iv,
438 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
439 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
440 );
441
442 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_plaintext,
443 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
444 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
445 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
446 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
447 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
448 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
449 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74,
450 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e
451 );
452 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_expected_result,
453 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
454 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
455 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
456 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
457 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
458 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
459 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
460 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
461 );
462 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_next_iv,
463 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
464 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40
465 );
466
467 static const struct gss_krb5_test_param rfc3962_encrypt_test_params[] = {
468 {
469 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 1",
470 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
471 .Ke = &rfc3962_encryption_key,
472 .plaintext = &rfc3962_enc_test1_plaintext,
473 .expected_result = &rfc3962_enc_test1_expected_result,
474 .next_iv = &rfc3962_enc_test1_next_iv,
475 },
476 {
477 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 2",
478 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
479 .Ke = &rfc3962_encryption_key,
480 .plaintext = &rfc3962_enc_test2_plaintext,
481 .expected_result = &rfc3962_enc_test2_expected_result,
482 .next_iv = &rfc3962_enc_test2_next_iv,
483 },
484 {
485 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 3",
486 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
487 .Ke = &rfc3962_encryption_key,
488 .plaintext = &rfc3962_enc_test3_plaintext,
489 .expected_result = &rfc3962_enc_test3_expected_result,
490 .next_iv = &rfc3962_enc_test3_next_iv,
491 },
492 {
493 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 4",
494 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
495 .Ke = &rfc3962_encryption_key,
496 .plaintext = &rfc3962_enc_test4_plaintext,
497 .expected_result = &rfc3962_enc_test4_expected_result,
498 .next_iv = &rfc3962_enc_test4_next_iv,
499 },
500 {
501 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 5",
502 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
503 .Ke = &rfc3962_encryption_key,
504 .plaintext = &rfc3962_enc_test5_plaintext,
505 .expected_result = &rfc3962_enc_test5_expected_result,
506 .next_iv = &rfc3962_enc_test5_next_iv,
507 },
508 {
509 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 6",
510 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
511 .Ke = &rfc3962_encryption_key,
512 .plaintext = &rfc3962_enc_test6_plaintext,
513 .expected_result = &rfc3962_enc_test6_expected_result,
514 .next_iv = &rfc3962_enc_test6_next_iv,
515 },
516 };
517
518 /* Creates the function rfc3962_encrypt_gen_params */
519 KUNIT_ARRAY_PARAM(rfc3962_encrypt, rfc3962_encrypt_test_params,
520 gss_krb5_get_desc);
521
522 /*
523 * This tests the implementation of the encryption part of the mechanism.
524 * It does not apply a confounder or test the result of HMAC over the
525 * plaintext.
526 */
rfc3962_encrypt_case(struct kunit * test)527 static void rfc3962_encrypt_case(struct kunit *test)
528 {
529 const struct gss_krb5_test_param *param = test->param_value;
530 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
531 const struct gss_krb5_enctype *gk5e;
532 struct xdr_buf buf;
533 void *iv, *text;
534 u32 err;
535
536 /* Arrange */
537 gk5e = gss_krb5_lookup_enctype(param->enctype);
538 if (!gk5e)
539 kunit_skip(test, "Encryption type is not available");
540
541 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
542 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
543 err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len);
544 KUNIT_ASSERT_EQ(test, err, 0);
545
546 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
547 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
548 err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len);
549 KUNIT_ASSERT_EQ(test, err, 0);
550
551 iv = kunit_kzalloc(test, crypto_sync_skcipher_ivsize(cts_tfm), GFP_KERNEL);
552 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, iv);
553
554 text = kunit_kzalloc(test, param->plaintext->len, GFP_KERNEL);
555 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
556
557 memcpy(text, param->plaintext->data, param->plaintext->len);
558 memset(&buf, 0, sizeof(buf));
559 buf.head[0].iov_base = text;
560 buf.head[0].iov_len = param->plaintext->len;
561 buf.len = buf.head[0].iov_len;
562
563 /* Act */
564 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL,
565 iv, crypto_sync_skcipher_ivsize(cts_tfm));
566 KUNIT_ASSERT_EQ(test, err, 0);
567
568 /* Assert */
569 KUNIT_EXPECT_EQ_MSG(test,
570 param->expected_result->len, buf.len,
571 "ciphertext length mismatch");
572 KUNIT_EXPECT_EQ_MSG(test,
573 memcmp(param->expected_result->data,
574 text, param->expected_result->len), 0,
575 "ciphertext mismatch");
576 KUNIT_EXPECT_EQ_MSG(test,
577 memcmp(param->next_iv->data, iv,
578 param->next_iv->len), 0,
579 "IV mismatch");
580
581 crypto_free_sync_skcipher(cts_tfm);
582 crypto_free_sync_skcipher(cbc_tfm);
583 }
584
585 static struct kunit_case rfc3962_test_cases[] = {
586 {
587 .name = "RFC 3962 encryption",
588 .run_case = rfc3962_encrypt_case,
589 .generate_params = rfc3962_encrypt_gen_params,
590 },
591 {}
592 };
593
594 static struct kunit_suite rfc3962_suite = {
595 .name = "RFC 3962 suite",
596 .test_cases = rfc3962_test_cases,
597 };
598
599 /*
600 * From RFC 6803 Section 10. Test vectors
601 *
602 * Sample results for key derivation
603 *
604 * Copyright (c) 2012 IETF Trust and the persons identified as the
605 * document authors. All rights reserved.
606 */
607
608 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_basekey,
609 0x57, 0xd0, 0x29, 0x72, 0x98, 0xff, 0xd9, 0xd3,
610 0x5d, 0xe5, 0xa4, 0x7f, 0xb4, 0xbd, 0xe2, 0x4b
611 );
612 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Kc,
613 0xd1, 0x55, 0x77, 0x5a, 0x20, 0x9d, 0x05, 0xf0,
614 0x2b, 0x38, 0xd4, 0x2a, 0x38, 0x9e, 0x5a, 0x56
615 );
616 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ke,
617 0x64, 0xdf, 0x83, 0xf8, 0x5a, 0x53, 0x2f, 0x17,
618 0x57, 0x7d, 0x8c, 0x37, 0x03, 0x57, 0x96, 0xab
619 );
620 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ki,
621 0x3e, 0x4f, 0xbd, 0xf3, 0x0f, 0xb8, 0x25, 0x9c,
622 0x42, 0x5c, 0xb6, 0xc9, 0x6f, 0x1f, 0x46, 0x35
623 );
624
625 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_basekey,
626 0xb9, 0xd6, 0x82, 0x8b, 0x20, 0x56, 0xb7, 0xbe,
627 0x65, 0x6d, 0x88, 0xa1, 0x23, 0xb1, 0xfa, 0xc6,
628 0x82, 0x14, 0xac, 0x2b, 0x72, 0x7e, 0xcf, 0x5f,
629 0x69, 0xaf, 0xe0, 0xc4, 0xdf, 0x2a, 0x6d, 0x2c
630 );
631 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Kc,
632 0xe4, 0x67, 0xf9, 0xa9, 0x55, 0x2b, 0xc7, 0xd3,
633 0x15, 0x5a, 0x62, 0x20, 0xaf, 0x9c, 0x19, 0x22,
634 0x0e, 0xee, 0xd4, 0xff, 0x78, 0xb0, 0xd1, 0xe6,
635 0xa1, 0x54, 0x49, 0x91, 0x46, 0x1a, 0x9e, 0x50
636 );
637 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ke,
638 0x41, 0x2a, 0xef, 0xc3, 0x62, 0xa7, 0x28, 0x5f,
639 0xc3, 0x96, 0x6c, 0x6a, 0x51, 0x81, 0xe7, 0x60,
640 0x5a, 0xe6, 0x75, 0x23, 0x5b, 0x6d, 0x54, 0x9f,
641 0xbf, 0xc9, 0xab, 0x66, 0x30, 0xa4, 0xc6, 0x04
642 );
643 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ki,
644 0xfa, 0x62, 0x4f, 0xa0, 0xe5, 0x23, 0x99, 0x3f,
645 0xa3, 0x88, 0xae, 0xfd, 0xc6, 0x7e, 0x67, 0xeb,
646 0xcd, 0x8c, 0x08, 0xe8, 0xa0, 0x24, 0x6b, 0x1d,
647 0x73, 0xb0, 0xd1, 0xdd, 0x9f, 0xc5, 0x82, 0xb0
648 );
649
650 DEFINE_HEX_XDR_NETOBJ(usage_checksum,
651 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_CHECKSUM
652 );
653 DEFINE_HEX_XDR_NETOBJ(usage_encryption,
654 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_ENCRYPTION
655 );
656 DEFINE_HEX_XDR_NETOBJ(usage_integrity,
657 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_INTEGRITY
658 );
659
660 static const struct gss_krb5_test_param rfc6803_kdf_test_params[] = {
661 {
662 .desc = "Derive Kc subkey for camellia128-cts-cmac",
663 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
664 .base_key = &camellia128_cts_cmac_basekey,
665 .usage = &usage_checksum,
666 .expected_result = &camellia128_cts_cmac_Kc,
667 },
668 {
669 .desc = "Derive Ke subkey for camellia128-cts-cmac",
670 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
671 .base_key = &camellia128_cts_cmac_basekey,
672 .usage = &usage_encryption,
673 .expected_result = &camellia128_cts_cmac_Ke,
674 },
675 {
676 .desc = "Derive Ki subkey for camellia128-cts-cmac",
677 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
678 .base_key = &camellia128_cts_cmac_basekey,
679 .usage = &usage_integrity,
680 .expected_result = &camellia128_cts_cmac_Ki,
681 },
682 {
683 .desc = "Derive Kc subkey for camellia256-cts-cmac",
684 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
685 .base_key = &camellia256_cts_cmac_basekey,
686 .usage = &usage_checksum,
687 .expected_result = &camellia256_cts_cmac_Kc,
688 },
689 {
690 .desc = "Derive Ke subkey for camellia256-cts-cmac",
691 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
692 .base_key = &camellia256_cts_cmac_basekey,
693 .usage = &usage_encryption,
694 .expected_result = &camellia256_cts_cmac_Ke,
695 },
696 {
697 .desc = "Derive Ki subkey for camellia256-cts-cmac",
698 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
699 .base_key = &camellia256_cts_cmac_basekey,
700 .usage = &usage_integrity,
701 .expected_result = &camellia256_cts_cmac_Ki,
702 },
703 };
704
705 /* Creates the function rfc6803_kdf_gen_params */
706 KUNIT_ARRAY_PARAM(rfc6803_kdf, rfc6803_kdf_test_params, gss_krb5_get_desc);
707
708 /*
709 * From RFC 6803 Section 10. Test vectors
710 *
711 * Sample checksums.
712 *
713 * Copyright (c) 2012 IETF Trust and the persons identified as the
714 * document authors. All rights reserved.
715 *
716 * XXX: These tests are likely to fail on EBCDIC or Unicode platforms.
717 */
718 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test1_plaintext,
719 "abcdefghijk");
720 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_basekey,
721 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93,
722 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3
723 );
724 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_usage,
725 0x00, 0x00, 0x00, 0x07, KEY_USAGE_SEED_CHECKSUM
726 );
727 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_expected_result,
728 0x11, 0x78, 0xe6, 0xc5, 0xc4, 0x7a, 0x8c, 0x1a,
729 0xe0, 0xc4, 0xb9, 0xc7, 0xd4, 0xeb, 0x7b, 0x6b
730 );
731
732 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test2_plaintext,
733 "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
734 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_basekey,
735 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d,
736 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c
737 );
738 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_usage,
739 0x00, 0x00, 0x00, 0x08, KEY_USAGE_SEED_CHECKSUM
740 );
741 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_expected_result,
742 0xd1, 0xb3, 0x4f, 0x70, 0x04, 0xa7, 0x31, 0xf2,
743 0x3a, 0x0c, 0x00, 0xbf, 0x6c, 0x3f, 0x75, 0x3a
744 );
745
746 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test3_plaintext,
747 "123456789");
748 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_basekey,
749 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57,
750 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03,
751 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd,
752 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b
753 );
754 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_usage,
755 0x00, 0x00, 0x00, 0x09, KEY_USAGE_SEED_CHECKSUM
756 );
757 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_expected_result,
758 0x87, 0xa1, 0x2c, 0xfd, 0x2b, 0x96, 0x21, 0x48,
759 0x10, 0xf0, 0x1c, 0x82, 0x6e, 0x77, 0x44, 0xb1
760 );
761
762 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test4_plaintext,
763 "!@#$%^&*()!@#$%^&*()!@#$%^&*()");
764 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_basekey,
765 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15,
766 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe,
767 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33,
768 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05
769 );
770 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_usage,
771 0x00, 0x00, 0x00, 0x0a, KEY_USAGE_SEED_CHECKSUM
772 );
773 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_expected_result,
774 0x3f, 0xa0, 0xb4, 0x23, 0x55, 0xe5, 0x2b, 0x18,
775 0x91, 0x87, 0x29, 0x4a, 0xa2, 0x52, 0xab, 0x64
776 );
777
778 static const struct gss_krb5_test_param rfc6803_checksum_test_params[] = {
779 {
780 .desc = "camellia128-cts-cmac checksum test 1",
781 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
782 .base_key = &rfc6803_checksum_test1_basekey,
783 .usage = &rfc6803_checksum_test1_usage,
784 .plaintext = &rfc6803_checksum_test1_plaintext,
785 .expected_result = &rfc6803_checksum_test1_expected_result,
786 },
787 {
788 .desc = "camellia128-cts-cmac checksum test 2",
789 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
790 .base_key = &rfc6803_checksum_test2_basekey,
791 .usage = &rfc6803_checksum_test2_usage,
792 .plaintext = &rfc6803_checksum_test2_plaintext,
793 .expected_result = &rfc6803_checksum_test2_expected_result,
794 },
795 {
796 .desc = "camellia256-cts-cmac checksum test 3",
797 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
798 .base_key = &rfc6803_checksum_test3_basekey,
799 .usage = &rfc6803_checksum_test3_usage,
800 .plaintext = &rfc6803_checksum_test3_plaintext,
801 .expected_result = &rfc6803_checksum_test3_expected_result,
802 },
803 {
804 .desc = "camellia256-cts-cmac checksum test 4",
805 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
806 .base_key = &rfc6803_checksum_test4_basekey,
807 .usage = &rfc6803_checksum_test4_usage,
808 .plaintext = &rfc6803_checksum_test4_plaintext,
809 .expected_result = &rfc6803_checksum_test4_expected_result,
810 },
811 };
812
813 /* Creates the function rfc6803_checksum_gen_params */
814 KUNIT_ARRAY_PARAM(rfc6803_checksum, rfc6803_checksum_test_params,
815 gss_krb5_get_desc);
816
817 /*
818 * From RFC 6803 Section 10. Test vectors
819 *
820 * Sample encryptions (all using the default cipher state)
821 *
822 * Copyright (c) 2012 IETF Trust and the persons identified as the
823 * document authors. All rights reserved.
824 *
825 * Key usage values are from errata 4326 against RFC 6803.
826 */
827
828 static const struct xdr_netobj rfc6803_enc_empty_plaintext = {
829 .len = 0,
830 };
831
832 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_1byte_plaintext, "1");
833 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_9byte_plaintext, "9 bytesss");
834 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_13byte_plaintext, "13 bytes byte");
835 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_30byte_plaintext,
836 "30 bytes bytes bytes bytes byt"
837 );
838
839 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_confounder,
840 0xb6, 0x98, 0x22, 0xa1, 0x9a, 0x6b, 0x09, 0xc0,
841 0xeb, 0xc8, 0x55, 0x7d, 0x1f, 0x1b, 0x6c, 0x0a
842 );
843 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_basekey,
844 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93,
845 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3
846 );
847 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_expected_result,
848 0xc4, 0x66, 0xf1, 0x87, 0x10, 0x69, 0x92, 0x1e,
849 0xdb, 0x7c, 0x6f, 0xde, 0x24, 0x4a, 0x52, 0xdb,
850 0x0b, 0xa1, 0x0e, 0xdc, 0x19, 0x7b, 0xdb, 0x80,
851 0x06, 0x65, 0x8c, 0xa3, 0xcc, 0xce, 0x6e, 0xb8
852 );
853
854 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_confounder,
855 0x6f, 0x2f, 0xc3, 0xc2, 0xa1, 0x66, 0xfd, 0x88,
856 0x98, 0x96, 0x7a, 0x83, 0xde, 0x95, 0x96, 0xd9
857 );
858 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_basekey,
859 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d,
860 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c
861 );
862 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_expected_result,
863 0x84, 0x2d, 0x21, 0xfd, 0x95, 0x03, 0x11, 0xc0,
864 0xdd, 0x46, 0x4a, 0x3f, 0x4b, 0xe8, 0xd6, 0xda,
865 0x88, 0xa5, 0x6d, 0x55, 0x9c, 0x9b, 0x47, 0xd3,
866 0xf9, 0xa8, 0x50, 0x67, 0xaf, 0x66, 0x15, 0x59,
867 0xb8
868 );
869
870 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_confounder,
871 0xa5, 0xb4, 0xa7, 0x1e, 0x07, 0x7a, 0xee, 0xf9,
872 0x3c, 0x87, 0x63, 0xc1, 0x8f, 0xdb, 0x1f, 0x10
873 );
874 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_basekey,
875 0xa1, 0xbb, 0x61, 0xe8, 0x05, 0xf9, 0xba, 0x6d,
876 0xde, 0x8f, 0xdb, 0xdd, 0xc0, 0x5c, 0xde, 0xa0
877 );
878 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_expected_result,
879 0x61, 0x9f, 0xf0, 0x72, 0xe3, 0x62, 0x86, 0xff,
880 0x0a, 0x28, 0xde, 0xb3, 0xa3, 0x52, 0xec, 0x0d,
881 0x0e, 0xdf, 0x5c, 0x51, 0x60, 0xd6, 0x63, 0xc9,
882 0x01, 0x75, 0x8c, 0xcf, 0x9d, 0x1e, 0xd3, 0x3d,
883 0x71, 0xdb, 0x8f, 0x23, 0xaa, 0xbf, 0x83, 0x48,
884 0xa0
885 );
886
887 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_confounder,
888 0x19, 0xfe, 0xe4, 0x0d, 0x81, 0x0c, 0x52, 0x4b,
889 0x5b, 0x22, 0xf0, 0x18, 0x74, 0xc6, 0x93, 0xda
890 );
891 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_basekey,
892 0x2c, 0xa2, 0x7a, 0x5f, 0xaf, 0x55, 0x32, 0x24,
893 0x45, 0x06, 0x43, 0x4e, 0x1c, 0xef, 0x66, 0x76
894 );
895 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_expected_result,
896 0xb8, 0xec, 0xa3, 0x16, 0x7a, 0xe6, 0x31, 0x55,
897 0x12, 0xe5, 0x9f, 0x98, 0xa7, 0xc5, 0x00, 0x20,
898 0x5e, 0x5f, 0x63, 0xff, 0x3b, 0xb3, 0x89, 0xaf,
899 0x1c, 0x41, 0xa2, 0x1d, 0x64, 0x0d, 0x86, 0x15,
900 0xc9, 0xed, 0x3f, 0xbe, 0xb0, 0x5a, 0xb6, 0xac,
901 0xb6, 0x76, 0x89, 0xb5, 0xea
902 );
903
904 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_confounder,
905 0xca, 0x7a, 0x7a, 0xb4, 0xbe, 0x19, 0x2d, 0xab,
906 0xd6, 0x03, 0x50, 0x6d, 0xb1, 0x9c, 0x39, 0xe2
907 );
908 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_basekey,
909 0x78, 0x24, 0xf8, 0xc1, 0x6f, 0x83, 0xff, 0x35,
910 0x4c, 0x6b, 0xf7, 0x51, 0x5b, 0x97, 0x3f, 0x43
911 );
912 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_expected_result,
913 0xa2, 0x6a, 0x39, 0x05, 0xa4, 0xff, 0xd5, 0x81,
914 0x6b, 0x7b, 0x1e, 0x27, 0x38, 0x0d, 0x08, 0x09,
915 0x0c, 0x8e, 0xc1, 0xf3, 0x04, 0x49, 0x6e, 0x1a,
916 0xbd, 0xcd, 0x2b, 0xdc, 0xd1, 0xdf, 0xfc, 0x66,
917 0x09, 0x89, 0xe1, 0x17, 0xa7, 0x13, 0xdd, 0xbb,
918 0x57, 0xa4, 0x14, 0x6c, 0x15, 0x87, 0xcb, 0xa4,
919 0x35, 0x66, 0x65, 0x59, 0x1d, 0x22, 0x40, 0x28,
920 0x2f, 0x58, 0x42, 0xb1, 0x05, 0xa5
921 );
922
923 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_confounder,
924 0x3c, 0xbb, 0xd2, 0xb4, 0x59, 0x17, 0x94, 0x10,
925 0x67, 0xf9, 0x65, 0x99, 0xbb, 0x98, 0x92, 0x6c
926 );
927 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_basekey,
928 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57,
929 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03,
930 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd,
931 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b
932 );
933 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_expected_result,
934 0x03, 0x88, 0x6d, 0x03, 0x31, 0x0b, 0x47, 0xa6,
935 0xd8, 0xf0, 0x6d, 0x7b, 0x94, 0xd1, 0xdd, 0x83,
936 0x7e, 0xcc, 0xe3, 0x15, 0xef, 0x65, 0x2a, 0xff,
937 0x62, 0x08, 0x59, 0xd9, 0x4a, 0x25, 0x92, 0x66
938 );
939
940 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_confounder,
941 0xde, 0xf4, 0x87, 0xfc, 0xeb, 0xe6, 0xde, 0x63,
942 0x46, 0xd4, 0xda, 0x45, 0x21, 0xbb, 0xa2, 0xd2
943 );
944 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_basekey,
945 0x1b, 0x97, 0xfe, 0x0a, 0x19, 0x0e, 0x20, 0x21,
946 0xeb, 0x30, 0x75, 0x3e, 0x1b, 0x6e, 0x1e, 0x77,
947 0xb0, 0x75, 0x4b, 0x1d, 0x68, 0x46, 0x10, 0x35,
948 0x58, 0x64, 0x10, 0x49, 0x63, 0x46, 0x38, 0x33
949 );
950 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_expected_result,
951 0x2c, 0x9c, 0x15, 0x70, 0x13, 0x3c, 0x99, 0xbf,
952 0x6a, 0x34, 0xbc, 0x1b, 0x02, 0x12, 0x00, 0x2f,
953 0xd1, 0x94, 0x33, 0x87, 0x49, 0xdb, 0x41, 0x35,
954 0x49, 0x7a, 0x34, 0x7c, 0xfc, 0xd9, 0xd1, 0x8a,
955 0x12
956 );
957
958 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_confounder,
959 0xad, 0x4f, 0xf9, 0x04, 0xd3, 0x4e, 0x55, 0x53,
960 0x84, 0xb1, 0x41, 0x00, 0xfc, 0x46, 0x5f, 0x88
961 );
962 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_basekey,
963 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15,
964 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe,
965 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33,
966 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05
967 );
968 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_expected_result,
969 0x9c, 0x6d, 0xe7, 0x5f, 0x81, 0x2d, 0xe7, 0xed,
970 0x0d, 0x28, 0xb2, 0x96, 0x35, 0x57, 0xa1, 0x15,
971 0x64, 0x09, 0x98, 0x27, 0x5b, 0x0a, 0xf5, 0x15,
972 0x27, 0x09, 0x91, 0x3f, 0xf5, 0x2a, 0x2a, 0x9c,
973 0x8e, 0x63, 0xb8, 0x72, 0xf9, 0x2e, 0x64, 0xc8,
974 0x39
975 );
976
977 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_confounder,
978 0xcf, 0x9b, 0xca, 0x6d, 0xf1, 0x14, 0x4e, 0x0c,
979 0x0a, 0xf9, 0xb8, 0xf3, 0x4c, 0x90, 0xd5, 0x14
980 );
981 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_basekey,
982 0xb0, 0x38, 0xb1, 0x32, 0xcd, 0x8e, 0x06, 0x61,
983 0x22, 0x67, 0xfa, 0xb7, 0x17, 0x00, 0x66, 0xd8,
984 0x8a, 0xec, 0xcb, 0xa0, 0xb7, 0x44, 0xbf, 0xc6,
985 0x0d, 0xc8, 0x9b, 0xca, 0x18, 0x2d, 0x07, 0x15
986 );
987 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_expected_result,
988 0xee, 0xec, 0x85, 0xa9, 0x81, 0x3c, 0xdc, 0x53,
989 0x67, 0x72, 0xab, 0x9b, 0x42, 0xde, 0xfc, 0x57,
990 0x06, 0xf7, 0x26, 0xe9, 0x75, 0xdd, 0xe0, 0x5a,
991 0x87, 0xeb, 0x54, 0x06, 0xea, 0x32, 0x4c, 0xa1,
992 0x85, 0xc9, 0x98, 0x6b, 0x42, 0xaa, 0xbe, 0x79,
993 0x4b, 0x84, 0x82, 0x1b, 0xee
994 );
995
996 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_confounder,
997 0x64, 0x4d, 0xef, 0x38, 0xda, 0x35, 0x00, 0x72,
998 0x75, 0x87, 0x8d, 0x21, 0x68, 0x55, 0xe2, 0x28
999 );
1000 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_basekey,
1001 0xcc, 0xfc, 0xd3, 0x49, 0xbf, 0x4c, 0x66, 0x77,
1002 0xe8, 0x6e, 0x4b, 0x02, 0xb8, 0xea, 0xb9, 0x24,
1003 0xa5, 0x46, 0xac, 0x73, 0x1c, 0xf9, 0xbf, 0x69,
1004 0x89, 0xb9, 0x96, 0xe7, 0xd6, 0xbf, 0xbb, 0xa7
1005 );
1006 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_expected_result,
1007 0x0e, 0x44, 0x68, 0x09, 0x85, 0x85, 0x5f, 0x2d,
1008 0x1f, 0x18, 0x12, 0x52, 0x9c, 0xa8, 0x3b, 0xfd,
1009 0x8e, 0x34, 0x9d, 0xe6, 0xfd, 0x9a, 0xda, 0x0b,
1010 0xaa, 0xa0, 0x48, 0xd6, 0x8e, 0x26, 0x5f, 0xeb,
1011 0xf3, 0x4a, 0xd1, 0x25, 0x5a, 0x34, 0x49, 0x99,
1012 0xad, 0x37, 0x14, 0x68, 0x87, 0xa6, 0xc6, 0x84,
1013 0x57, 0x31, 0xac, 0x7f, 0x46, 0x37, 0x6a, 0x05,
1014 0x04, 0xcd, 0x06, 0x57, 0x14, 0x74
1015 );
1016
1017 static const struct gss_krb5_test_param rfc6803_encrypt_test_params[] = {
1018 {
1019 .desc = "Encrypt empty plaintext with camellia128-cts-cmac",
1020 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1021 .constant = 0,
1022 .base_key = &rfc6803_enc_test1_basekey,
1023 .plaintext = &rfc6803_enc_empty_plaintext,
1024 .confounder = &rfc6803_enc_test1_confounder,
1025 .expected_result = &rfc6803_enc_test1_expected_result,
1026 },
1027 {
1028 .desc = "Encrypt 1 byte with camellia128-cts-cmac",
1029 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1030 .constant = 1,
1031 .base_key = &rfc6803_enc_test2_basekey,
1032 .plaintext = &rfc6803_enc_1byte_plaintext,
1033 .confounder = &rfc6803_enc_test2_confounder,
1034 .expected_result = &rfc6803_enc_test2_expected_result,
1035 },
1036 {
1037 .desc = "Encrypt 9 bytes with camellia128-cts-cmac",
1038 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1039 .constant = 2,
1040 .base_key = &rfc6803_enc_test3_basekey,
1041 .plaintext = &rfc6803_enc_9byte_plaintext,
1042 .confounder = &rfc6803_enc_test3_confounder,
1043 .expected_result = &rfc6803_enc_test3_expected_result,
1044 },
1045 {
1046 .desc = "Encrypt 13 bytes with camellia128-cts-cmac",
1047 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1048 .constant = 3,
1049 .base_key = &rfc6803_enc_test4_basekey,
1050 .plaintext = &rfc6803_enc_13byte_plaintext,
1051 .confounder = &rfc6803_enc_test4_confounder,
1052 .expected_result = &rfc6803_enc_test4_expected_result,
1053 },
1054 {
1055 .desc = "Encrypt 30 bytes with camellia128-cts-cmac",
1056 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1057 .constant = 4,
1058 .base_key = &rfc6803_enc_test5_basekey,
1059 .plaintext = &rfc6803_enc_30byte_plaintext,
1060 .confounder = &rfc6803_enc_test5_confounder,
1061 .expected_result = &rfc6803_enc_test5_expected_result,
1062 },
1063 {
1064 .desc = "Encrypt empty plaintext with camellia256-cts-cmac",
1065 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1066 .constant = 0,
1067 .base_key = &rfc6803_enc_test6_basekey,
1068 .plaintext = &rfc6803_enc_empty_plaintext,
1069 .confounder = &rfc6803_enc_test6_confounder,
1070 .expected_result = &rfc6803_enc_test6_expected_result,
1071 },
1072 {
1073 .desc = "Encrypt 1 byte with camellia256-cts-cmac",
1074 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1075 .constant = 1,
1076 .base_key = &rfc6803_enc_test7_basekey,
1077 .plaintext = &rfc6803_enc_1byte_plaintext,
1078 .confounder = &rfc6803_enc_test7_confounder,
1079 .expected_result = &rfc6803_enc_test7_expected_result,
1080 },
1081 {
1082 .desc = "Encrypt 9 bytes with camellia256-cts-cmac",
1083 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1084 .constant = 2,
1085 .base_key = &rfc6803_enc_test8_basekey,
1086 .plaintext = &rfc6803_enc_9byte_plaintext,
1087 .confounder = &rfc6803_enc_test8_confounder,
1088 .expected_result = &rfc6803_enc_test8_expected_result,
1089 },
1090 {
1091 .desc = "Encrypt 13 bytes with camellia256-cts-cmac",
1092 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1093 .constant = 3,
1094 .base_key = &rfc6803_enc_test9_basekey,
1095 .plaintext = &rfc6803_enc_13byte_plaintext,
1096 .confounder = &rfc6803_enc_test9_confounder,
1097 .expected_result = &rfc6803_enc_test9_expected_result,
1098 },
1099 {
1100 .desc = "Encrypt 30 bytes with camellia256-cts-cmac",
1101 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1102 .constant = 4,
1103 .base_key = &rfc6803_enc_test10_basekey,
1104 .plaintext = &rfc6803_enc_30byte_plaintext,
1105 .confounder = &rfc6803_enc_test10_confounder,
1106 .expected_result = &rfc6803_enc_test10_expected_result,
1107 },
1108 };
1109
1110 /* Creates the function rfc6803_encrypt_gen_params */
1111 KUNIT_ARRAY_PARAM(rfc6803_encrypt, rfc6803_encrypt_test_params,
1112 gss_krb5_get_desc);
1113
rfc6803_encrypt_case(struct kunit * test)1114 static void rfc6803_encrypt_case(struct kunit *test)
1115 {
1116 const struct gss_krb5_test_param *param = test->param_value;
1117 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
1118 const struct gss_krb5_enctype *gk5e;
1119 struct xdr_netobj Ke, Ki, checksum;
1120 u8 usage_data[GSS_KRB5_K5CLENGTH];
1121 struct xdr_netobj usage = {
1122 .data = usage_data,
1123 .len = sizeof(usage_data),
1124 };
1125 struct crypto_ahash *ahash_tfm;
1126 unsigned int blocksize;
1127 struct xdr_buf buf;
1128 void *text;
1129 size_t len;
1130 u32 err;
1131
1132 /* Arrange */
1133 gk5e = gss_krb5_lookup_enctype(param->enctype);
1134 if (!gk5e)
1135 kunit_skip(test, "Encryption type is not available");
1136
1137 memset(usage_data, 0, sizeof(usage_data));
1138 usage.data[3] = param->constant;
1139
1140 Ke.len = gk5e->Ke_length;
1141 Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL);
1142 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data);
1143 usage.data[4] = KEY_USAGE_SEED_ENCRYPTION;
1144 err = gk5e->derive_key(gk5e, param->base_key, &Ke, &usage, GFP_KERNEL);
1145 KUNIT_ASSERT_EQ(test, err, 0);
1146
1147 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
1148 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
1149 err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len);
1150 KUNIT_ASSERT_EQ(test, err, 0);
1151
1152 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
1153 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
1154 err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len);
1155 KUNIT_ASSERT_EQ(test, err, 0);
1156 blocksize = crypto_sync_skcipher_blocksize(cts_tfm);
1157
1158 len = param->confounder->len + param->plaintext->len + blocksize;
1159 text = kunit_kzalloc(test, len, GFP_KERNEL);
1160 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
1161 memcpy(text, param->confounder->data, param->confounder->len);
1162 memcpy(text + param->confounder->len, param->plaintext->data,
1163 param->plaintext->len);
1164
1165 memset(&buf, 0, sizeof(buf));
1166 buf.head[0].iov_base = text;
1167 buf.head[0].iov_len = param->confounder->len + param->plaintext->len;
1168 buf.len = buf.head[0].iov_len;
1169
1170 checksum.len = gk5e->cksumlength;
1171 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL);
1172 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data);
1173
1174 Ki.len = gk5e->Ki_length;
1175 Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL);
1176 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data);
1177 usage.data[4] = KEY_USAGE_SEED_INTEGRITY;
1178 err = gk5e->derive_key(gk5e, param->base_key, &Ki,
1179 &usage, GFP_KERNEL);
1180 KUNIT_ASSERT_EQ(test, err, 0);
1181 ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC);
1182 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm);
1183 err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len);
1184 KUNIT_ASSERT_EQ(test, err, 0);
1185
1186 /* Act */
1187 err = gss_krb5_checksum(ahash_tfm, NULL, 0, &buf, 0, &checksum);
1188 KUNIT_ASSERT_EQ(test, err, 0);
1189
1190 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0);
1191 KUNIT_ASSERT_EQ(test, err, 0);
1192
1193 /* Assert */
1194 KUNIT_EXPECT_EQ_MSG(test, param->expected_result->len,
1195 buf.len + checksum.len,
1196 "ciphertext length mismatch");
1197 KUNIT_EXPECT_EQ_MSG(test,
1198 memcmp(param->expected_result->data,
1199 buf.head[0].iov_base, buf.len), 0,
1200 "encrypted result mismatch");
1201 KUNIT_EXPECT_EQ_MSG(test,
1202 memcmp(param->expected_result->data +
1203 (param->expected_result->len - checksum.len),
1204 checksum.data, checksum.len), 0,
1205 "HMAC mismatch");
1206
1207 crypto_free_ahash(ahash_tfm);
1208 crypto_free_sync_skcipher(cts_tfm);
1209 crypto_free_sync_skcipher(cbc_tfm);
1210 }
1211
1212 static struct kunit_case rfc6803_test_cases[] = {
1213 {
1214 .name = "RFC 6803 key derivation",
1215 .run_case = kdf_case,
1216 .generate_params = rfc6803_kdf_gen_params,
1217 },
1218 {
1219 .name = "RFC 6803 checksum",
1220 .run_case = checksum_case,
1221 .generate_params = rfc6803_checksum_gen_params,
1222 },
1223 {
1224 .name = "RFC 6803 encryption",
1225 .run_case = rfc6803_encrypt_case,
1226 .generate_params = rfc6803_encrypt_gen_params,
1227 },
1228 {}
1229 };
1230
1231 static struct kunit_suite rfc6803_suite = {
1232 .name = "RFC 6803 suite",
1233 .test_cases = rfc6803_test_cases,
1234 };
1235
1236 /*
1237 * From RFC 8009 Appendix A. Test Vectors
1238 *
1239 * Sample results for SHA-2 enctype key derivation
1240 *
1241 * This test material is copyright (c) 2016 IETF Trust and the
1242 * persons identified as the document authors. All rights reserved.
1243 */
1244
1245 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_basekey,
1246 0x37, 0x05, 0xd9, 0x60, 0x80, 0xc1, 0x77, 0x28,
1247 0xa0, 0xe8, 0x00, 0xea, 0xb6, 0xe0, 0xd2, 0x3c
1248 );
1249 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Kc,
1250 0xb3, 0x1a, 0x01, 0x8a, 0x48, 0xf5, 0x47, 0x76,
1251 0xf4, 0x03, 0xe9, 0xa3, 0x96, 0x32, 0x5d, 0xc3
1252 );
1253 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ke,
1254 0x9b, 0x19, 0x7d, 0xd1, 0xe8, 0xc5, 0x60, 0x9d,
1255 0x6e, 0x67, 0xc3, 0xe3, 0x7c, 0x62, 0xc7, 0x2e
1256 );
1257 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ki,
1258 0x9f, 0xda, 0x0e, 0x56, 0xab, 0x2d, 0x85, 0xe1,
1259 0x56, 0x9a, 0x68, 0x86, 0x96, 0xc2, 0x6a, 0x6c
1260 );
1261
1262 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_basekey,
1263 0x6d, 0x40, 0x4d, 0x37, 0xfa, 0xf7, 0x9f, 0x9d,
1264 0xf0, 0xd3, 0x35, 0x68, 0xd3, 0x20, 0x66, 0x98,
1265 0x00, 0xeb, 0x48, 0x36, 0x47, 0x2e, 0xa8, 0xa0,
1266 0x26, 0xd1, 0x6b, 0x71, 0x82, 0x46, 0x0c, 0x52
1267 );
1268 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Kc,
1269 0xef, 0x57, 0x18, 0xbe, 0x86, 0xcc, 0x84, 0x96,
1270 0x3d, 0x8b, 0xbb, 0x50, 0x31, 0xe9, 0xf5, 0xc4,
1271 0xba, 0x41, 0xf2, 0x8f, 0xaf, 0x69, 0xe7, 0x3d
1272 );
1273 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ke,
1274 0x56, 0xab, 0x22, 0xbe, 0xe6, 0x3d, 0x82, 0xd7,
1275 0xbc, 0x52, 0x27, 0xf6, 0x77, 0x3f, 0x8e, 0xa7,
1276 0xa5, 0xeb, 0x1c, 0x82, 0x51, 0x60, 0xc3, 0x83,
1277 0x12, 0x98, 0x0c, 0x44, 0x2e, 0x5c, 0x7e, 0x49
1278 );
1279 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ki,
1280 0x69, 0xb1, 0x65, 0x14, 0xe3, 0xcd, 0x8e, 0x56,
1281 0xb8, 0x20, 0x10, 0xd5, 0xc7, 0x30, 0x12, 0xb6,
1282 0x22, 0xc4, 0xd0, 0x0f, 0xfc, 0x23, 0xed, 0x1f
1283 );
1284
1285 static const struct gss_krb5_test_param rfc8009_kdf_test_params[] = {
1286 {
1287 .desc = "Derive Kc subkey for aes128-cts-hmac-sha256-128",
1288 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1289 .base_key = &aes128_cts_hmac_sha256_128_basekey,
1290 .usage = &usage_checksum,
1291 .expected_result = &aes128_cts_hmac_sha256_128_Kc,
1292 },
1293 {
1294 .desc = "Derive Ke subkey for aes128-cts-hmac-sha256-128",
1295 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1296 .base_key = &aes128_cts_hmac_sha256_128_basekey,
1297 .usage = &usage_encryption,
1298 .expected_result = &aes128_cts_hmac_sha256_128_Ke,
1299 },
1300 {
1301 .desc = "Derive Ki subkey for aes128-cts-hmac-sha256-128",
1302 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1303 .base_key = &aes128_cts_hmac_sha256_128_basekey,
1304 .usage = &usage_integrity,
1305 .expected_result = &aes128_cts_hmac_sha256_128_Ki,
1306 },
1307 {
1308 .desc = "Derive Kc subkey for aes256-cts-hmac-sha384-192",
1309 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1310 .base_key = &aes256_cts_hmac_sha384_192_basekey,
1311 .usage = &usage_checksum,
1312 .expected_result = &aes256_cts_hmac_sha384_192_Kc,
1313 },
1314 {
1315 .desc = "Derive Ke subkey for aes256-cts-hmac-sha384-192",
1316 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1317 .base_key = &aes256_cts_hmac_sha384_192_basekey,
1318 .usage = &usage_encryption,
1319 .expected_result = &aes256_cts_hmac_sha384_192_Ke,
1320 },
1321 {
1322 .desc = "Derive Ki subkey for aes256-cts-hmac-sha384-192",
1323 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1324 .base_key = &aes256_cts_hmac_sha384_192_basekey,
1325 .usage = &usage_integrity,
1326 .expected_result = &aes256_cts_hmac_sha384_192_Ki,
1327 },
1328 };
1329
1330 /* Creates the function rfc8009_kdf_gen_params */
1331 KUNIT_ARRAY_PARAM(rfc8009_kdf, rfc8009_kdf_test_params, gss_krb5_get_desc);
1332
1333 /*
1334 * From RFC 8009 Appendix A. Test Vectors
1335 *
1336 * These sample checksums use the above sample key derivation results,
1337 * including use of the same base-key and key usage values.
1338 *
1339 * This test material is copyright (c) 2016 IETF Trust and the
1340 * persons identified as the document authors. All rights reserved.
1341 */
1342
1343 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_plaintext,
1344 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1345 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1346 0x10, 0x11, 0x12, 0x13, 0x14
1347 );
1348 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test1_expected_result,
1349 0xd7, 0x83, 0x67, 0x18, 0x66, 0x43, 0xd6, 0x7b,
1350 0x41, 0x1c, 0xba, 0x91, 0x39, 0xfc, 0x1d, 0xee
1351 );
1352 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test2_expected_result,
1353 0x45, 0xee, 0x79, 0x15, 0x67, 0xee, 0xfc, 0xa3,
1354 0x7f, 0x4a, 0xc1, 0xe0, 0x22, 0x2d, 0xe8, 0x0d,
1355 0x43, 0xc3, 0xbf, 0xa0, 0x66, 0x99, 0x67, 0x2a
1356 );
1357
1358 static const struct gss_krb5_test_param rfc8009_checksum_test_params[] = {
1359 {
1360 .desc = "Checksum with aes128-cts-hmac-sha256-128",
1361 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1362 .base_key = &aes128_cts_hmac_sha256_128_basekey,
1363 .usage = &usage_checksum,
1364 .plaintext = &rfc8009_checksum_plaintext,
1365 .expected_result = &rfc8009_checksum_test1_expected_result,
1366 },
1367 {
1368 .desc = "Checksum with aes256-cts-hmac-sha384-192",
1369 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1370 .base_key = &aes256_cts_hmac_sha384_192_basekey,
1371 .usage = &usage_checksum,
1372 .plaintext = &rfc8009_checksum_plaintext,
1373 .expected_result = &rfc8009_checksum_test2_expected_result,
1374 },
1375 };
1376
1377 /* Creates the function rfc8009_checksum_gen_params */
1378 KUNIT_ARRAY_PARAM(rfc8009_checksum, rfc8009_checksum_test_params,
1379 gss_krb5_get_desc);
1380
1381 /*
1382 * From RFC 8009 Appendix A. Test Vectors
1383 *
1384 * Sample encryptions (all using the default cipher state):
1385 * --------------------------------------------------------
1386 *
1387 * These sample encryptions use the above sample key derivation results,
1388 * including use of the same base-key and key usage values.
1389 *
1390 * This test material is copyright (c) 2016 IETF Trust and the
1391 * persons identified as the document authors. All rights reserved.
1392 */
1393
1394 static const struct xdr_netobj rfc8009_enc_empty_plaintext = {
1395 .len = 0,
1396 };
1397 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_short_plaintext,
1398 0x00, 0x01, 0x02, 0x03, 0x04, 0x05
1399 );
1400 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_block_plaintext,
1401 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1402 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
1403 );
1404 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_long_plaintext,
1405 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1406 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1407 0x10, 0x11, 0x12, 0x13, 0x14
1408 );
1409
1410 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_confounder,
1411 0x7e, 0x58, 0x95, 0xea, 0xf2, 0x67, 0x24, 0x35,
1412 0xba, 0xd8, 0x17, 0xf5, 0x45, 0xa3, 0x71, 0x48
1413 );
1414 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_result,
1415 0xef, 0x85, 0xfb, 0x89, 0x0b, 0xb8, 0x47, 0x2f,
1416 0x4d, 0xab, 0x20, 0x39, 0x4d, 0xca, 0x78, 0x1d
1417 );
1418 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_hmac,
1419 0xad, 0x87, 0x7e, 0xda, 0x39, 0xd5, 0x0c, 0x87,
1420 0x0c, 0x0d, 0x5a, 0x0a, 0x8e, 0x48, 0xc7, 0x18
1421 );
1422
1423 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_confounder,
1424 0x7b, 0xca, 0x28, 0x5e, 0x2f, 0xd4, 0x13, 0x0f,
1425 0xb5, 0x5b, 0x1a, 0x5c, 0x83, 0xbc, 0x5b, 0x24
1426 );
1427 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_result,
1428 0x84, 0xd7, 0xf3, 0x07, 0x54, 0xed, 0x98, 0x7b,
1429 0xab, 0x0b, 0xf3, 0x50, 0x6b, 0xeb, 0x09, 0xcf,
1430 0xb5, 0x54, 0x02, 0xce, 0xf7, 0xe6
1431 );
1432 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_hmac,
1433 0x87, 0x7c, 0xe9, 0x9e, 0x24, 0x7e, 0x52, 0xd1,
1434 0x6e, 0xd4, 0x42, 0x1d, 0xfd, 0xf8, 0x97, 0x6c
1435 );
1436
1437 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_confounder,
1438 0x56, 0xab, 0x21, 0x71, 0x3f, 0xf6, 0x2c, 0x0a,
1439 0x14, 0x57, 0x20, 0x0f, 0x6f, 0xa9, 0x94, 0x8f
1440 );
1441 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_result,
1442 0x35, 0x17, 0xd6, 0x40, 0xf5, 0x0d, 0xdc, 0x8a,
1443 0xd3, 0x62, 0x87, 0x22, 0xb3, 0x56, 0x9d, 0x2a,
1444 0xe0, 0x74, 0x93, 0xfa, 0x82, 0x63, 0x25, 0x40,
1445 0x80, 0xea, 0x65, 0xc1, 0x00, 0x8e, 0x8f, 0xc2
1446 );
1447 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_hmac,
1448 0x95, 0xfb, 0x48, 0x52, 0xe7, 0xd8, 0x3e, 0x1e,
1449 0x7c, 0x48, 0xc3, 0x7e, 0xeb, 0xe6, 0xb0, 0xd3
1450 );
1451
1452 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_confounder,
1453 0xa7, 0xa4, 0xe2, 0x9a, 0x47, 0x28, 0xce, 0x10,
1454 0x66, 0x4f, 0xb6, 0x4e, 0x49, 0xad, 0x3f, 0xac
1455 );
1456 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_result,
1457 0x72, 0x0f, 0x73, 0xb1, 0x8d, 0x98, 0x59, 0xcd,
1458 0x6c, 0xcb, 0x43, 0x46, 0x11, 0x5c, 0xd3, 0x36,
1459 0xc7, 0x0f, 0x58, 0xed, 0xc0, 0xc4, 0x43, 0x7c,
1460 0x55, 0x73, 0x54, 0x4c, 0x31, 0xc8, 0x13, 0xbc,
1461 0xe1, 0xe6, 0xd0, 0x72, 0xc1
1462 );
1463 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_hmac,
1464 0x86, 0xb3, 0x9a, 0x41, 0x3c, 0x2f, 0x92, 0xca,
1465 0x9b, 0x83, 0x34, 0xa2, 0x87, 0xff, 0xcb, 0xfc
1466 );
1467
1468 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_confounder,
1469 0xf7, 0x64, 0xe9, 0xfa, 0x15, 0xc2, 0x76, 0x47,
1470 0x8b, 0x2c, 0x7d, 0x0c, 0x4e, 0x5f, 0x58, 0xe4
1471 );
1472 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_result,
1473 0x41, 0xf5, 0x3f, 0xa5, 0xbf, 0xe7, 0x02, 0x6d,
1474 0x91, 0xfa, 0xf9, 0xbe, 0x95, 0x91, 0x95, 0xa0
1475 );
1476 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_hmac,
1477 0x58, 0x70, 0x72, 0x73, 0xa9, 0x6a, 0x40, 0xf0,
1478 0xa0, 0x19, 0x60, 0x62, 0x1a, 0xc6, 0x12, 0x74,
1479 0x8b, 0x9b, 0xbf, 0xbe, 0x7e, 0xb4, 0xce, 0x3c
1480 );
1481
1482 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_confounder,
1483 0xb8, 0x0d, 0x32, 0x51, 0xc1, 0xf6, 0x47, 0x14,
1484 0x94, 0x25, 0x6f, 0xfe, 0x71, 0x2d, 0x0b, 0x9a
1485 );
1486 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_result,
1487 0x4e, 0xd7, 0xb3, 0x7c, 0x2b, 0xca, 0xc8, 0xf7,
1488 0x4f, 0x23, 0xc1, 0xcf, 0x07, 0xe6, 0x2b, 0xc7,
1489 0xb7, 0x5f, 0xb3, 0xf6, 0x37, 0xb9
1490 );
1491 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_hmac,
1492 0xf5, 0x59, 0xc7, 0xf6, 0x64, 0xf6, 0x9e, 0xab,
1493 0x7b, 0x60, 0x92, 0x23, 0x75, 0x26, 0xea, 0x0d,
1494 0x1f, 0x61, 0xcb, 0x20, 0xd6, 0x9d, 0x10, 0xf2
1495 );
1496
1497 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_confounder,
1498 0x53, 0xbf, 0x8a, 0x0d, 0x10, 0x52, 0x65, 0xd4,
1499 0xe2, 0x76, 0x42, 0x86, 0x24, 0xce, 0x5e, 0x63
1500 );
1501 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_result,
1502 0xbc, 0x47, 0xff, 0xec, 0x79, 0x98, 0xeb, 0x91,
1503 0xe8, 0x11, 0x5c, 0xf8, 0xd1, 0x9d, 0xac, 0x4b,
1504 0xbb, 0xe2, 0xe1, 0x63, 0xe8, 0x7d, 0xd3, 0x7f,
1505 0x49, 0xbe, 0xca, 0x92, 0x02, 0x77, 0x64, 0xf6
1506 );
1507 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_hmac,
1508 0x8c, 0xf5, 0x1f, 0x14, 0xd7, 0x98, 0xc2, 0x27,
1509 0x3f, 0x35, 0xdf, 0x57, 0x4d, 0x1f, 0x93, 0x2e,
1510 0x40, 0xc4, 0xff, 0x25, 0x5b, 0x36, 0xa2, 0x66
1511 );
1512
1513 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_confounder,
1514 0x76, 0x3e, 0x65, 0x36, 0x7e, 0x86, 0x4f, 0x02,
1515 0xf5, 0x51, 0x53, 0xc7, 0xe3, 0xb5, 0x8a, 0xf1
1516 );
1517 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_result,
1518 0x40, 0x01, 0x3e, 0x2d, 0xf5, 0x8e, 0x87, 0x51,
1519 0x95, 0x7d, 0x28, 0x78, 0xbc, 0xd2, 0xd6, 0xfe,
1520 0x10, 0x1c, 0xcf, 0xd5, 0x56, 0xcb, 0x1e, 0xae,
1521 0x79, 0xdb, 0x3c, 0x3e, 0xe8, 0x64, 0x29, 0xf2,
1522 0xb2, 0xa6, 0x02, 0xac, 0x86
1523 );
1524 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_hmac,
1525 0xfe, 0xf6, 0xec, 0xb6, 0x47, 0xd6, 0x29, 0x5f,
1526 0xae, 0x07, 0x7a, 0x1f, 0xeb, 0x51, 0x75, 0x08,
1527 0xd2, 0xc1, 0x6b, 0x41, 0x92, 0xe0, 0x1f, 0x62
1528 );
1529
1530 static const struct gss_krb5_test_param rfc8009_encrypt_test_params[] = {
1531 {
1532 .desc = "Encrypt empty plaintext with aes128-cts-hmac-sha256-128",
1533 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1534 .plaintext = &rfc8009_enc_empty_plaintext,
1535 .confounder = &rfc8009_enc_test1_confounder,
1536 .base_key = &aes128_cts_hmac_sha256_128_basekey,
1537 .expected_result = &rfc8009_enc_test1_expected_result,
1538 .expected_hmac = &rfc8009_enc_test1_expected_hmac,
1539 },
1540 {
1541 .desc = "Encrypt short plaintext with aes128-cts-hmac-sha256-128",
1542 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1543 .plaintext = &rfc8009_enc_short_plaintext,
1544 .confounder = &rfc8009_enc_test2_confounder,
1545 .base_key = &aes128_cts_hmac_sha256_128_basekey,
1546 .expected_result = &rfc8009_enc_test2_expected_result,
1547 .expected_hmac = &rfc8009_enc_test2_expected_hmac,
1548 },
1549 {
1550 .desc = "Encrypt block plaintext with aes128-cts-hmac-sha256-128",
1551 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1552 .plaintext = &rfc8009_enc_block_plaintext,
1553 .confounder = &rfc8009_enc_test3_confounder,
1554 .base_key = &aes128_cts_hmac_sha256_128_basekey,
1555 .expected_result = &rfc8009_enc_test3_expected_result,
1556 .expected_hmac = &rfc8009_enc_test3_expected_hmac,
1557 },
1558 {
1559 .desc = "Encrypt long plaintext with aes128-cts-hmac-sha256-128",
1560 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1561 .plaintext = &rfc8009_enc_long_plaintext,
1562 .confounder = &rfc8009_enc_test4_confounder,
1563 .base_key = &aes128_cts_hmac_sha256_128_basekey,
1564 .expected_result = &rfc8009_enc_test4_expected_result,
1565 .expected_hmac = &rfc8009_enc_test4_expected_hmac,
1566 },
1567 {
1568 .desc = "Encrypt empty plaintext with aes256-cts-hmac-sha384-192",
1569 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1570 .plaintext = &rfc8009_enc_empty_plaintext,
1571 .confounder = &rfc8009_enc_test5_confounder,
1572 .base_key = &aes256_cts_hmac_sha384_192_basekey,
1573 .expected_result = &rfc8009_enc_test5_expected_result,
1574 .expected_hmac = &rfc8009_enc_test5_expected_hmac,
1575 },
1576 {
1577 .desc = "Encrypt short plaintext with aes256-cts-hmac-sha384-192",
1578 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1579 .plaintext = &rfc8009_enc_short_plaintext,
1580 .confounder = &rfc8009_enc_test6_confounder,
1581 .base_key = &aes256_cts_hmac_sha384_192_basekey,
1582 .expected_result = &rfc8009_enc_test6_expected_result,
1583 .expected_hmac = &rfc8009_enc_test6_expected_hmac,
1584 },
1585 {
1586 .desc = "Encrypt block plaintext with aes256-cts-hmac-sha384-192",
1587 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1588 .plaintext = &rfc8009_enc_block_plaintext,
1589 .confounder = &rfc8009_enc_test7_confounder,
1590 .base_key = &aes256_cts_hmac_sha384_192_basekey,
1591 .expected_result = &rfc8009_enc_test7_expected_result,
1592 .expected_hmac = &rfc8009_enc_test7_expected_hmac,
1593 },
1594 {
1595 .desc = "Encrypt long plaintext with aes256-cts-hmac-sha384-192",
1596 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1597 .plaintext = &rfc8009_enc_long_plaintext,
1598 .confounder = &rfc8009_enc_test8_confounder,
1599 .base_key = &aes256_cts_hmac_sha384_192_basekey,
1600 .expected_result = &rfc8009_enc_test8_expected_result,
1601 .expected_hmac = &rfc8009_enc_test8_expected_hmac,
1602 },
1603 };
1604
1605 /* Creates the function rfc8009_encrypt_gen_params */
1606 KUNIT_ARRAY_PARAM(rfc8009_encrypt, rfc8009_encrypt_test_params,
1607 gss_krb5_get_desc);
1608
rfc8009_encrypt_case(struct kunit * test)1609 static void rfc8009_encrypt_case(struct kunit *test)
1610 {
1611 const struct gss_krb5_test_param *param = test->param_value;
1612 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
1613 const struct gss_krb5_enctype *gk5e;
1614 struct xdr_netobj Ke, Ki, checksum;
1615 u8 usage_data[GSS_KRB5_K5CLENGTH];
1616 struct xdr_netobj usage = {
1617 .data = usage_data,
1618 .len = sizeof(usage_data),
1619 };
1620 struct crypto_ahash *ahash_tfm;
1621 struct xdr_buf buf;
1622 void *text;
1623 size_t len;
1624 u32 err;
1625
1626 /* Arrange */
1627 gk5e = gss_krb5_lookup_enctype(param->enctype);
1628 if (!gk5e)
1629 kunit_skip(test, "Encryption type is not available");
1630
1631 *(__be32 *)usage.data = cpu_to_be32(2);
1632
1633 Ke.len = gk5e->Ke_length;
1634 Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL);
1635 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data);
1636 usage.data[4] = KEY_USAGE_SEED_ENCRYPTION;
1637 err = gk5e->derive_key(gk5e, param->base_key, &Ke,
1638 &usage, GFP_KERNEL);
1639 KUNIT_ASSERT_EQ(test, err, 0);
1640
1641 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
1642 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
1643 err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len);
1644 KUNIT_ASSERT_EQ(test, err, 0);
1645
1646 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
1647 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
1648 err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len);
1649 KUNIT_ASSERT_EQ(test, err, 0);
1650
1651 len = param->confounder->len + param->plaintext->len;
1652 text = kunit_kzalloc(test, len, GFP_KERNEL);
1653 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
1654 memcpy(text, param->confounder->data, param->confounder->len);
1655 memcpy(text + param->confounder->len, param->plaintext->data,
1656 param->plaintext->len);
1657
1658 memset(&buf, 0, sizeof(buf));
1659 buf.head[0].iov_base = text;
1660 buf.head[0].iov_len = param->confounder->len + param->plaintext->len;
1661 buf.len = buf.head[0].iov_len;
1662
1663 checksum.len = gk5e->cksumlength;
1664 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL);
1665 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data);
1666
1667 Ki.len = gk5e->Ki_length;
1668 Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL);
1669 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data);
1670 usage.data[4] = KEY_USAGE_SEED_INTEGRITY;
1671 err = gk5e->derive_key(gk5e, param->base_key, &Ki,
1672 &usage, GFP_KERNEL);
1673 KUNIT_ASSERT_EQ(test, err, 0);
1674
1675 ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC);
1676 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm);
1677 err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len);
1678 KUNIT_ASSERT_EQ(test, err, 0);
1679
1680 /* Act */
1681 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0);
1682 KUNIT_ASSERT_EQ(test, err, 0);
1683 err = krb5_etm_checksum(cts_tfm, ahash_tfm, &buf, 0, &checksum);
1684 KUNIT_ASSERT_EQ(test, err, 0);
1685
1686 /* Assert */
1687 KUNIT_EXPECT_EQ_MSG(test,
1688 param->expected_result->len, buf.len,
1689 "ciphertext length mismatch");
1690 KUNIT_EXPECT_EQ_MSG(test,
1691 memcmp(param->expected_result->data,
1692 buf.head[0].iov_base,
1693 param->expected_result->len), 0,
1694 "ciphertext mismatch");
1695 KUNIT_EXPECT_EQ_MSG(test, memcmp(param->expected_hmac->data,
1696 checksum.data,
1697 checksum.len), 0,
1698 "HMAC mismatch");
1699
1700 crypto_free_ahash(ahash_tfm);
1701 crypto_free_sync_skcipher(cts_tfm);
1702 crypto_free_sync_skcipher(cbc_tfm);
1703 }
1704
1705 static struct kunit_case rfc8009_test_cases[] = {
1706 {
1707 .name = "RFC 8009 key derivation",
1708 .run_case = kdf_case,
1709 .generate_params = rfc8009_kdf_gen_params,
1710 },
1711 {
1712 .name = "RFC 8009 checksum",
1713 .run_case = checksum_case,
1714 .generate_params = rfc8009_checksum_gen_params,
1715 },
1716 {
1717 .name = "RFC 8009 encryption",
1718 .run_case = rfc8009_encrypt_case,
1719 .generate_params = rfc8009_encrypt_gen_params,
1720 },
1721 {}
1722 };
1723
1724 static struct kunit_suite rfc8009_suite = {
1725 .name = "RFC 8009 suite",
1726 .test_cases = rfc8009_test_cases,
1727 };
1728
1729 /*
1730 * Encryption self-tests
1731 */
1732
1733 DEFINE_STR_XDR_NETOBJ(encrypt_selftest_plaintext,
1734 "This is the plaintext for the encryption self-test.");
1735
1736 static const struct gss_krb5_test_param encrypt_selftest_params[] = {
1737 {
1738 .desc = "aes128-cts-hmac-sha1-96 encryption self-test",
1739 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
1740 .Ke = &rfc3962_encryption_key,
1741 .plaintext = &encrypt_selftest_plaintext,
1742 },
1743 {
1744 .desc = "aes256-cts-hmac-sha1-96 encryption self-test",
1745 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96,
1746 .Ke = &rfc3962_encryption_key,
1747 .plaintext = &encrypt_selftest_plaintext,
1748 },
1749 {
1750 .desc = "camellia128-cts-cmac encryption self-test",
1751 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1752 .Ke = &camellia128_cts_cmac_Ke,
1753 .plaintext = &encrypt_selftest_plaintext,
1754 },
1755 {
1756 .desc = "camellia256-cts-cmac encryption self-test",
1757 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1758 .Ke = &camellia256_cts_cmac_Ke,
1759 .plaintext = &encrypt_selftest_plaintext,
1760 },
1761 {
1762 .desc = "aes128-cts-hmac-sha256-128 encryption self-test",
1763 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1764 .Ke = &aes128_cts_hmac_sha256_128_Ke,
1765 .plaintext = &encrypt_selftest_plaintext,
1766 },
1767 {
1768 .desc = "aes256-cts-hmac-sha384-192 encryption self-test",
1769 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1770 .Ke = &aes256_cts_hmac_sha384_192_Ke,
1771 .plaintext = &encrypt_selftest_plaintext,
1772 },
1773 };
1774
1775 /* Creates the function encrypt_selftest_gen_params */
1776 KUNIT_ARRAY_PARAM(encrypt_selftest, encrypt_selftest_params,
1777 gss_krb5_get_desc);
1778
1779 /*
1780 * Encrypt and decrypt plaintext, and ensure the input plaintext
1781 * matches the output plaintext. A confounder is not added in this
1782 * case.
1783 */
encrypt_selftest_case(struct kunit * test)1784 static void encrypt_selftest_case(struct kunit *test)
1785 {
1786 const struct gss_krb5_test_param *param = test->param_value;
1787 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
1788 const struct gss_krb5_enctype *gk5e;
1789 struct xdr_buf buf;
1790 void *text;
1791 int err;
1792
1793 /* Arrange */
1794 gk5e = gss_krb5_lookup_enctype(param->enctype);
1795 if (!gk5e)
1796 kunit_skip(test, "Encryption type is not available");
1797
1798 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
1799 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
1800 err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len);
1801 KUNIT_ASSERT_EQ(test, err, 0);
1802
1803 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
1804 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
1805 err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len);
1806 KUNIT_ASSERT_EQ(test, err, 0);
1807
1808 text = kunit_kzalloc(test, roundup(param->plaintext->len,
1809 crypto_sync_skcipher_blocksize(cbc_tfm)),
1810 GFP_KERNEL);
1811 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
1812
1813 memcpy(text, param->plaintext->data, param->plaintext->len);
1814 memset(&buf, 0, sizeof(buf));
1815 buf.head[0].iov_base = text;
1816 buf.head[0].iov_len = param->plaintext->len;
1817 buf.len = buf.head[0].iov_len;
1818
1819 /* Act */
1820 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0);
1821 KUNIT_ASSERT_EQ(test, err, 0);
1822 err = krb5_cbc_cts_decrypt(cts_tfm, cbc_tfm, 0, &buf);
1823 KUNIT_ASSERT_EQ(test, err, 0);
1824
1825 /* Assert */
1826 KUNIT_EXPECT_EQ_MSG(test,
1827 param->plaintext->len, buf.len,
1828 "length mismatch");
1829 KUNIT_EXPECT_EQ_MSG(test,
1830 memcmp(param->plaintext->data,
1831 buf.head[0].iov_base, buf.len), 0,
1832 "plaintext mismatch");
1833
1834 crypto_free_sync_skcipher(cts_tfm);
1835 crypto_free_sync_skcipher(cbc_tfm);
1836 }
1837
1838 static struct kunit_case encryption_test_cases[] = {
1839 {
1840 .name = "Encryption self-tests",
1841 .run_case = encrypt_selftest_case,
1842 .generate_params = encrypt_selftest_gen_params,
1843 },
1844 {}
1845 };
1846
1847 static struct kunit_suite encryption_test_suite = {
1848 .name = "Encryption test suite",
1849 .test_cases = encryption_test_cases,
1850 };
1851
1852 kunit_test_suites(&rfc3961_suite,
1853 &rfc3962_suite,
1854 &rfc6803_suite,
1855 &rfc8009_suite,
1856 &encryption_test_suite);
1857
1858 MODULE_DESCRIPTION("Test RPCSEC GSS Kerberos 5 functions");
1859 MODULE_LICENSE("GPL");
1860