1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2022 Oracle and/or its affiliates. 4 * 5 * KUnit test of SunRPC's GSS Kerberos mechanism. Subsystem 6 * name is "rpcsec_gss_krb5". 7 */ 8 9 #include <kunit/test.h> 10 #include <kunit/visibility.h> 11 12 #include <linux/kernel.h> 13 #include <crypto/hash.h> 14 15 #include <linux/sunrpc/xdr.h> 16 #include <linux/sunrpc/gss_krb5.h> 17 18 #include "gss_krb5_internal.h" 19 20 MODULE_IMPORT_NS("EXPORTED_FOR_KUNIT_TESTING"); 21 22 struct gss_krb5_test_param { 23 const char *desc; 24 u32 enctype; 25 u32 nfold; 26 u32 constant; 27 const struct xdr_netobj *base_key; 28 const struct xdr_netobj *Ke; 29 const struct xdr_netobj *usage; 30 const struct xdr_netobj *plaintext; 31 const struct xdr_netobj *confounder; 32 const struct xdr_netobj *expected_result; 33 const struct xdr_netobj *expected_hmac; 34 const struct xdr_netobj *next_iv; 35 }; 36 37 static inline void gss_krb5_get_desc(const struct gss_krb5_test_param *param, 38 char *desc) 39 { 40 strscpy(desc, param->desc, KUNIT_PARAM_DESC_SIZE); 41 } 42 43 static void kdf_case(struct kunit *test) 44 { 45 const struct gss_krb5_test_param *param = test->param_value; 46 const struct gss_krb5_enctype *gk5e; 47 struct xdr_netobj derivedkey; 48 int err; 49 50 /* Arrange */ 51 gk5e = gss_krb5_lookup_enctype(param->enctype); 52 if (!gk5e) 53 kunit_skip(test, "Encryption type is not available"); 54 55 derivedkey.data = kunit_kzalloc(test, param->expected_result->len, 56 GFP_KERNEL); 57 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, derivedkey.data); 58 derivedkey.len = param->expected_result->len; 59 60 /* Act */ 61 err = gk5e->derive_key(gk5e, param->base_key, &derivedkey, 62 param->usage, GFP_KERNEL); 63 KUNIT_ASSERT_EQ(test, err, 0); 64 65 /* Assert */ 66 KUNIT_EXPECT_EQ_MSG(test, 67 memcmp(param->expected_result->data, 68 derivedkey.data, derivedkey.len), 0, 69 "key mismatch"); 70 } 71 72 static void checksum_case(struct kunit *test) 73 { 74 const struct gss_krb5_test_param *param = test->param_value; 75 struct xdr_buf buf = { 76 .head[0].iov_len = param->plaintext->len, 77 .len = param->plaintext->len, 78 }; 79 const struct gss_krb5_enctype *gk5e; 80 struct xdr_netobj Kc, checksum; 81 struct crypto_ahash *tfm; 82 int err; 83 84 /* Arrange */ 85 gk5e = gss_krb5_lookup_enctype(param->enctype); 86 if (!gk5e) 87 kunit_skip(test, "Encryption type is not available"); 88 89 Kc.len = gk5e->Kc_length; 90 Kc.data = kunit_kzalloc(test, Kc.len, GFP_KERNEL); 91 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Kc.data); 92 err = gk5e->derive_key(gk5e, param->base_key, &Kc, 93 param->usage, GFP_KERNEL); 94 KUNIT_ASSERT_EQ(test, err, 0); 95 96 tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 97 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, tfm); 98 err = crypto_ahash_setkey(tfm, Kc.data, Kc.len); 99 KUNIT_ASSERT_EQ(test, err, 0); 100 101 buf.head[0].iov_base = kunit_kzalloc(test, buf.head[0].iov_len, GFP_KERNEL); 102 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, buf.head[0].iov_base); 103 memcpy(buf.head[0].iov_base, param->plaintext->data, buf.head[0].iov_len); 104 105 checksum.len = gk5e->cksumlength; 106 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 107 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 108 109 /* Act */ 110 err = gss_krb5_checksum(tfm, NULL, 0, &buf, 0, &checksum); 111 KUNIT_ASSERT_EQ(test, err, 0); 112 113 /* Assert */ 114 KUNIT_EXPECT_EQ_MSG(test, 115 memcmp(param->expected_result->data, 116 checksum.data, checksum.len), 0, 117 "checksum mismatch"); 118 119 crypto_free_ahash(tfm); 120 } 121 122 #define DEFINE_HEX_XDR_NETOBJ(name, hex_array...) \ 123 static const u8 name ## _data[] = { hex_array }; \ 124 static const struct xdr_netobj name = { \ 125 .data = (u8 *)name##_data, \ 126 .len = sizeof(name##_data), \ 127 } 128 129 #define DEFINE_STR_XDR_NETOBJ(name, string) \ 130 static const u8 name ## _str[] = string; \ 131 static const struct xdr_netobj name = { \ 132 .data = (u8 *)name##_str, \ 133 .len = sizeof(name##_str) - 1, \ 134 } 135 136 /* 137 * RFC 3961 Appendix A.1. n-fold 138 * 139 * The n-fold function is defined in section 5.1 of RFC 3961. 140 * 141 * This test material is copyright (C) The Internet Society (2005). 142 */ 143 144 DEFINE_HEX_XDR_NETOBJ(nfold_test1_plaintext, 145 0x30, 0x31, 0x32, 0x33, 0x34, 0x35 146 ); 147 DEFINE_HEX_XDR_NETOBJ(nfold_test1_expected_result, 148 0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55 149 ); 150 151 DEFINE_HEX_XDR_NETOBJ(nfold_test2_plaintext, 152 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 153 ); 154 DEFINE_HEX_XDR_NETOBJ(nfold_test2_expected_result, 155 0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa 156 ); 157 158 DEFINE_HEX_XDR_NETOBJ(nfold_test3_plaintext, 159 0x52, 0x6f, 0x75, 0x67, 0x68, 0x20, 0x43, 0x6f, 160 0x6e, 0x73, 0x65, 0x6e, 0x73, 0x75, 0x73, 0x2c, 161 0x20, 0x61, 0x6e, 0x64, 0x20, 0x52, 0x75, 0x6e, 162 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x43, 0x6f, 0x64, 163 0x65 164 ); 165 DEFINE_HEX_XDR_NETOBJ(nfold_test3_expected_result, 166 0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0 167 ); 168 169 DEFINE_HEX_XDR_NETOBJ(nfold_test4_plaintext, 170 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 171 ); 172 DEFINE_HEX_XDR_NETOBJ(nfold_test4_expected_result, 173 0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3, 174 0xc3, 0x7b, 0x3f, 0x6d, 0x20, 0x00, 0x24, 0x7c, 175 0xb6, 0xe6, 0xbd, 0x5b, 0x3e 176 ); 177 178 DEFINE_HEX_XDR_NETOBJ(nfold_test5_plaintext, 179 0x4d, 0x41, 0x53, 0x53, 0x41, 0x43, 0x48, 0x56, 180 0x53, 0x45, 0x54, 0x54, 0x53, 0x20, 0x49, 0x4e, 181 0x53, 0x54, 0x49, 0x54, 0x56, 0x54, 0x45, 0x20, 182 0x4f, 0x46, 0x20, 0x54, 0x45, 0x43, 0x48, 0x4e, 183 0x4f, 0x4c, 0x4f, 0x47, 0x59 184 ); 185 DEFINE_HEX_XDR_NETOBJ(nfold_test5_expected_result, 186 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 187 0x32, 0x82, 0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22, 188 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b 189 ); 190 191 DEFINE_HEX_XDR_NETOBJ(nfold_test6_plaintext, 192 0x51 193 ); 194 DEFINE_HEX_XDR_NETOBJ(nfold_test6_expected_result, 195 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a, 196 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a, 197 0x51, 0x8a, 0x54, 0xa2, 0x15 198 ); 199 200 DEFINE_HEX_XDR_NETOBJ(nfold_test7_plaintext, 201 0x62, 0x61 202 ); 203 DEFINE_HEX_XDR_NETOBJ(nfold_test7_expected_result, 204 0xfb, 0x25, 0xd5, 0x31, 0xae, 0x89, 0x74, 0x49, 205 0x9f, 0x52, 0xfd, 0x92, 0xea, 0x98, 0x57, 0xc4, 206 0xba, 0x24, 0xcf, 0x29, 0x7e 207 ); 208 209 DEFINE_HEX_XDR_NETOBJ(nfold_test_kerberos, 210 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 211 ); 212 DEFINE_HEX_XDR_NETOBJ(nfold_test8_expected_result, 213 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 214 ); 215 DEFINE_HEX_XDR_NETOBJ(nfold_test9_expected_result, 216 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 217 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93 218 ); 219 DEFINE_HEX_XDR_NETOBJ(nfold_test10_expected_result, 220 0x83, 0x72, 0xc2, 0x36, 0x34, 0x4e, 0x5f, 0x15, 221 0x50, 0xcd, 0x07, 0x47, 0xe1, 0x5d, 0x62, 0xca, 222 0x7a, 0x5a, 0x3b, 0xce, 0xa4 223 ); 224 DEFINE_HEX_XDR_NETOBJ(nfold_test11_expected_result, 225 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 226 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93, 227 0x5c, 0x9b, 0xdc, 0xda, 0xd9, 0x5c, 0x98, 0x99, 228 0xc4, 0xca, 0xe4, 0xde, 0xe6, 0xd6, 0xca, 0xe4 229 ); 230 231 static const struct gss_krb5_test_param rfc3961_nfold_test_params[] = { 232 { 233 .desc = "64-fold(\"012345\")", 234 .nfold = 64, 235 .plaintext = &nfold_test1_plaintext, 236 .expected_result = &nfold_test1_expected_result, 237 }, 238 { 239 .desc = "56-fold(\"password\")", 240 .nfold = 56, 241 .plaintext = &nfold_test2_plaintext, 242 .expected_result = &nfold_test2_expected_result, 243 }, 244 { 245 .desc = "64-fold(\"Rough Consensus, and Running Code\")", 246 .nfold = 64, 247 .plaintext = &nfold_test3_plaintext, 248 .expected_result = &nfold_test3_expected_result, 249 }, 250 { 251 .desc = "168-fold(\"password\")", 252 .nfold = 168, 253 .plaintext = &nfold_test4_plaintext, 254 .expected_result = &nfold_test4_expected_result, 255 }, 256 { 257 .desc = "192-fold(\"MASSACHVSETTS INSTITVTE OF TECHNOLOGY\")", 258 .nfold = 192, 259 .plaintext = &nfold_test5_plaintext, 260 .expected_result = &nfold_test5_expected_result, 261 }, 262 { 263 .desc = "168-fold(\"Q\")", 264 .nfold = 168, 265 .plaintext = &nfold_test6_plaintext, 266 .expected_result = &nfold_test6_expected_result, 267 }, 268 { 269 .desc = "168-fold(\"ba\")", 270 .nfold = 168, 271 .plaintext = &nfold_test7_plaintext, 272 .expected_result = &nfold_test7_expected_result, 273 }, 274 { 275 .desc = "64-fold(\"kerberos\")", 276 .nfold = 64, 277 .plaintext = &nfold_test_kerberos, 278 .expected_result = &nfold_test8_expected_result, 279 }, 280 { 281 .desc = "128-fold(\"kerberos\")", 282 .nfold = 128, 283 .plaintext = &nfold_test_kerberos, 284 .expected_result = &nfold_test9_expected_result, 285 }, 286 { 287 .desc = "168-fold(\"kerberos\")", 288 .nfold = 168, 289 .plaintext = &nfold_test_kerberos, 290 .expected_result = &nfold_test10_expected_result, 291 }, 292 { 293 .desc = "256-fold(\"kerberos\")", 294 .nfold = 256, 295 .plaintext = &nfold_test_kerberos, 296 .expected_result = &nfold_test11_expected_result, 297 }, 298 }; 299 300 /* Creates the function rfc3961_nfold_gen_params */ 301 KUNIT_ARRAY_PARAM(rfc3961_nfold, rfc3961_nfold_test_params, gss_krb5_get_desc); 302 303 static void rfc3961_nfold_case(struct kunit *test) 304 { 305 const struct gss_krb5_test_param *param = test->param_value; 306 u8 *result; 307 308 /* Arrange */ 309 result = kunit_kzalloc(test, 4096, GFP_KERNEL); 310 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, result); 311 312 /* Act */ 313 krb5_nfold(param->plaintext->len * 8, param->plaintext->data, 314 param->expected_result->len * 8, result); 315 316 /* Assert */ 317 KUNIT_EXPECT_EQ_MSG(test, 318 memcmp(param->expected_result->data, 319 result, param->expected_result->len), 0, 320 "result mismatch"); 321 } 322 323 static struct kunit_case rfc3961_test_cases[] = { 324 { 325 .name = "RFC 3961 n-fold", 326 .run_case = rfc3961_nfold_case, 327 .generate_params = rfc3961_nfold_gen_params, 328 }, 329 {} 330 }; 331 332 static struct kunit_suite rfc3961_suite = { 333 .name = "RFC 3961 tests", 334 .test_cases = rfc3961_test_cases, 335 }; 336 337 /* 338 * From RFC 3962 Appendix B: Sample Test Vectors 339 * 340 * Some test vectors for CBC with ciphertext stealing, using an 341 * initial vector of all-zero. 342 * 343 * This test material is copyright (C) The Internet Society (2005). 344 */ 345 346 DEFINE_HEX_XDR_NETOBJ(rfc3962_encryption_key, 347 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20, 348 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 349 ); 350 351 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_plaintext, 352 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 353 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 354 0x20 355 ); 356 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_expected_result, 357 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, 358 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, 359 0x97 360 ); 361 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_next_iv, 362 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, 363 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f 364 ); 365 366 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_plaintext, 367 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 368 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 369 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 370 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20 371 ); 372 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_expected_result, 373 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, 374 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22, 375 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 376 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 377 ); 378 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_next_iv, 379 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, 380 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22 381 ); 382 383 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_plaintext, 384 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 385 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 386 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 387 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43 388 ); 389 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_expected_result, 390 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 391 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 392 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 393 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 394 ); 395 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_next_iv, 396 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 397 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 398 ); 399 400 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_plaintext, 401 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 402 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 403 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 404 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 405 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 406 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c 407 ); 408 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_expected_result, 409 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 410 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 411 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, 412 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e, 413 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 414 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 415 ); 416 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_next_iv, 417 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, 418 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e 419 ); 420 421 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_plaintext, 422 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 423 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 424 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 425 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 426 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 427 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20 428 ); 429 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_expected_result, 430 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 431 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 432 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 433 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8, 434 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 435 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 436 ); 437 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_next_iv, 438 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 439 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 440 ); 441 442 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_plaintext, 443 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 444 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 445 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 446 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 447 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 448 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20, 449 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74, 450 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e 451 ); 452 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_expected_result, 453 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 454 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 455 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 456 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 457 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, 458 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40, 459 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 460 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 461 ); 462 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_next_iv, 463 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, 464 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40 465 ); 466 467 static const struct gss_krb5_test_param rfc3962_encrypt_test_params[] = { 468 { 469 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 1", 470 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 471 .Ke = &rfc3962_encryption_key, 472 .plaintext = &rfc3962_enc_test1_plaintext, 473 .expected_result = &rfc3962_enc_test1_expected_result, 474 .next_iv = &rfc3962_enc_test1_next_iv, 475 }, 476 { 477 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 2", 478 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 479 .Ke = &rfc3962_encryption_key, 480 .plaintext = &rfc3962_enc_test2_plaintext, 481 .expected_result = &rfc3962_enc_test2_expected_result, 482 .next_iv = &rfc3962_enc_test2_next_iv, 483 }, 484 { 485 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 3", 486 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 487 .Ke = &rfc3962_encryption_key, 488 .plaintext = &rfc3962_enc_test3_plaintext, 489 .expected_result = &rfc3962_enc_test3_expected_result, 490 .next_iv = &rfc3962_enc_test3_next_iv, 491 }, 492 { 493 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 4", 494 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 495 .Ke = &rfc3962_encryption_key, 496 .plaintext = &rfc3962_enc_test4_plaintext, 497 .expected_result = &rfc3962_enc_test4_expected_result, 498 .next_iv = &rfc3962_enc_test4_next_iv, 499 }, 500 { 501 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 5", 502 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 503 .Ke = &rfc3962_encryption_key, 504 .plaintext = &rfc3962_enc_test5_plaintext, 505 .expected_result = &rfc3962_enc_test5_expected_result, 506 .next_iv = &rfc3962_enc_test5_next_iv, 507 }, 508 { 509 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 6", 510 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 511 .Ke = &rfc3962_encryption_key, 512 .plaintext = &rfc3962_enc_test6_plaintext, 513 .expected_result = &rfc3962_enc_test6_expected_result, 514 .next_iv = &rfc3962_enc_test6_next_iv, 515 }, 516 }; 517 518 /* Creates the function rfc3962_encrypt_gen_params */ 519 KUNIT_ARRAY_PARAM(rfc3962_encrypt, rfc3962_encrypt_test_params, 520 gss_krb5_get_desc); 521 522 /* 523 * This tests the implementation of the encryption part of the mechanism. 524 * It does not apply a confounder or test the result of HMAC over the 525 * plaintext. 526 */ 527 static void rfc3962_encrypt_case(struct kunit *test) 528 { 529 const struct gss_krb5_test_param *param = test->param_value; 530 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 531 const struct gss_krb5_enctype *gk5e; 532 struct xdr_buf buf; 533 void *iv, *text; 534 u32 err; 535 536 /* Arrange */ 537 gk5e = gss_krb5_lookup_enctype(param->enctype); 538 if (!gk5e) 539 kunit_skip(test, "Encryption type is not available"); 540 541 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 542 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 543 err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len); 544 KUNIT_ASSERT_EQ(test, err, 0); 545 546 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 547 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 548 err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len); 549 KUNIT_ASSERT_EQ(test, err, 0); 550 551 iv = kunit_kzalloc(test, crypto_sync_skcipher_ivsize(cts_tfm), GFP_KERNEL); 552 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, iv); 553 554 text = kunit_kzalloc(test, param->plaintext->len, GFP_KERNEL); 555 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 556 557 memcpy(text, param->plaintext->data, param->plaintext->len); 558 memset(&buf, 0, sizeof(buf)); 559 buf.head[0].iov_base = text; 560 buf.head[0].iov_len = param->plaintext->len; 561 buf.len = buf.head[0].iov_len; 562 563 /* Act */ 564 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, 565 iv, crypto_sync_skcipher_ivsize(cts_tfm)); 566 KUNIT_ASSERT_EQ(test, err, 0); 567 568 /* Assert */ 569 KUNIT_EXPECT_EQ_MSG(test, 570 param->expected_result->len, buf.len, 571 "ciphertext length mismatch"); 572 KUNIT_EXPECT_EQ_MSG(test, 573 memcmp(param->expected_result->data, 574 text, param->expected_result->len), 0, 575 "ciphertext mismatch"); 576 KUNIT_EXPECT_EQ_MSG(test, 577 memcmp(param->next_iv->data, iv, 578 param->next_iv->len), 0, 579 "IV mismatch"); 580 581 crypto_free_sync_skcipher(cts_tfm); 582 crypto_free_sync_skcipher(cbc_tfm); 583 } 584 585 static struct kunit_case rfc3962_test_cases[] = { 586 { 587 .name = "RFC 3962 encryption", 588 .run_case = rfc3962_encrypt_case, 589 .generate_params = rfc3962_encrypt_gen_params, 590 }, 591 {} 592 }; 593 594 static struct kunit_suite rfc3962_suite = { 595 .name = "RFC 3962 suite", 596 .test_cases = rfc3962_test_cases, 597 }; 598 599 /* 600 * From RFC 6803 Section 10. Test vectors 601 * 602 * Sample results for key derivation 603 * 604 * Copyright (c) 2012 IETF Trust and the persons identified as the 605 * document authors. All rights reserved. 606 */ 607 608 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_basekey, 609 0x57, 0xd0, 0x29, 0x72, 0x98, 0xff, 0xd9, 0xd3, 610 0x5d, 0xe5, 0xa4, 0x7f, 0xb4, 0xbd, 0xe2, 0x4b 611 ); 612 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Kc, 613 0xd1, 0x55, 0x77, 0x5a, 0x20, 0x9d, 0x05, 0xf0, 614 0x2b, 0x38, 0xd4, 0x2a, 0x38, 0x9e, 0x5a, 0x56 615 ); 616 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ke, 617 0x64, 0xdf, 0x83, 0xf8, 0x5a, 0x53, 0x2f, 0x17, 618 0x57, 0x7d, 0x8c, 0x37, 0x03, 0x57, 0x96, 0xab 619 ); 620 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ki, 621 0x3e, 0x4f, 0xbd, 0xf3, 0x0f, 0xb8, 0x25, 0x9c, 622 0x42, 0x5c, 0xb6, 0xc9, 0x6f, 0x1f, 0x46, 0x35 623 ); 624 625 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_basekey, 626 0xb9, 0xd6, 0x82, 0x8b, 0x20, 0x56, 0xb7, 0xbe, 627 0x65, 0x6d, 0x88, 0xa1, 0x23, 0xb1, 0xfa, 0xc6, 628 0x82, 0x14, 0xac, 0x2b, 0x72, 0x7e, 0xcf, 0x5f, 629 0x69, 0xaf, 0xe0, 0xc4, 0xdf, 0x2a, 0x6d, 0x2c 630 ); 631 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Kc, 632 0xe4, 0x67, 0xf9, 0xa9, 0x55, 0x2b, 0xc7, 0xd3, 633 0x15, 0x5a, 0x62, 0x20, 0xaf, 0x9c, 0x19, 0x22, 634 0x0e, 0xee, 0xd4, 0xff, 0x78, 0xb0, 0xd1, 0xe6, 635 0xa1, 0x54, 0x49, 0x91, 0x46, 0x1a, 0x9e, 0x50 636 ); 637 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ke, 638 0x41, 0x2a, 0xef, 0xc3, 0x62, 0xa7, 0x28, 0x5f, 639 0xc3, 0x96, 0x6c, 0x6a, 0x51, 0x81, 0xe7, 0x60, 640 0x5a, 0xe6, 0x75, 0x23, 0x5b, 0x6d, 0x54, 0x9f, 641 0xbf, 0xc9, 0xab, 0x66, 0x30, 0xa4, 0xc6, 0x04 642 ); 643 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ki, 644 0xfa, 0x62, 0x4f, 0xa0, 0xe5, 0x23, 0x99, 0x3f, 645 0xa3, 0x88, 0xae, 0xfd, 0xc6, 0x7e, 0x67, 0xeb, 646 0xcd, 0x8c, 0x08, 0xe8, 0xa0, 0x24, 0x6b, 0x1d, 647 0x73, 0xb0, 0xd1, 0xdd, 0x9f, 0xc5, 0x82, 0xb0 648 ); 649 650 DEFINE_HEX_XDR_NETOBJ(usage_checksum, 651 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_CHECKSUM 652 ); 653 DEFINE_HEX_XDR_NETOBJ(usage_encryption, 654 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_ENCRYPTION 655 ); 656 DEFINE_HEX_XDR_NETOBJ(usage_integrity, 657 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_INTEGRITY 658 ); 659 660 static const struct gss_krb5_test_param rfc6803_kdf_test_params[] = { 661 { 662 .desc = "Derive Kc subkey for camellia128-cts-cmac", 663 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 664 .base_key = &camellia128_cts_cmac_basekey, 665 .usage = &usage_checksum, 666 .expected_result = &camellia128_cts_cmac_Kc, 667 }, 668 { 669 .desc = "Derive Ke subkey for camellia128-cts-cmac", 670 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 671 .base_key = &camellia128_cts_cmac_basekey, 672 .usage = &usage_encryption, 673 .expected_result = &camellia128_cts_cmac_Ke, 674 }, 675 { 676 .desc = "Derive Ki subkey for camellia128-cts-cmac", 677 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 678 .base_key = &camellia128_cts_cmac_basekey, 679 .usage = &usage_integrity, 680 .expected_result = &camellia128_cts_cmac_Ki, 681 }, 682 { 683 .desc = "Derive Kc subkey for camellia256-cts-cmac", 684 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 685 .base_key = &camellia256_cts_cmac_basekey, 686 .usage = &usage_checksum, 687 .expected_result = &camellia256_cts_cmac_Kc, 688 }, 689 { 690 .desc = "Derive Ke subkey for camellia256-cts-cmac", 691 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 692 .base_key = &camellia256_cts_cmac_basekey, 693 .usage = &usage_encryption, 694 .expected_result = &camellia256_cts_cmac_Ke, 695 }, 696 { 697 .desc = "Derive Ki subkey for camellia256-cts-cmac", 698 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 699 .base_key = &camellia256_cts_cmac_basekey, 700 .usage = &usage_integrity, 701 .expected_result = &camellia256_cts_cmac_Ki, 702 }, 703 }; 704 705 /* Creates the function rfc6803_kdf_gen_params */ 706 KUNIT_ARRAY_PARAM(rfc6803_kdf, rfc6803_kdf_test_params, gss_krb5_get_desc); 707 708 /* 709 * From RFC 6803 Section 10. Test vectors 710 * 711 * Sample checksums. 712 * 713 * Copyright (c) 2012 IETF Trust and the persons identified as the 714 * document authors. All rights reserved. 715 * 716 * XXX: These tests are likely to fail on EBCDIC or Unicode platforms. 717 */ 718 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test1_plaintext, 719 "abcdefghijk"); 720 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_basekey, 721 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93, 722 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3 723 ); 724 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_usage, 725 0x00, 0x00, 0x00, 0x07, KEY_USAGE_SEED_CHECKSUM 726 ); 727 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_expected_result, 728 0x11, 0x78, 0xe6, 0xc5, 0xc4, 0x7a, 0x8c, 0x1a, 729 0xe0, 0xc4, 0xb9, 0xc7, 0xd4, 0xeb, 0x7b, 0x6b 730 ); 731 732 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test2_plaintext, 733 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"); 734 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_basekey, 735 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d, 736 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c 737 ); 738 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_usage, 739 0x00, 0x00, 0x00, 0x08, KEY_USAGE_SEED_CHECKSUM 740 ); 741 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_expected_result, 742 0xd1, 0xb3, 0x4f, 0x70, 0x04, 0xa7, 0x31, 0xf2, 743 0x3a, 0x0c, 0x00, 0xbf, 0x6c, 0x3f, 0x75, 0x3a 744 ); 745 746 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test3_plaintext, 747 "123456789"); 748 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_basekey, 749 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57, 750 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03, 751 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd, 752 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b 753 ); 754 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_usage, 755 0x00, 0x00, 0x00, 0x09, KEY_USAGE_SEED_CHECKSUM 756 ); 757 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_expected_result, 758 0x87, 0xa1, 0x2c, 0xfd, 0x2b, 0x96, 0x21, 0x48, 759 0x10, 0xf0, 0x1c, 0x82, 0x6e, 0x77, 0x44, 0xb1 760 ); 761 762 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test4_plaintext, 763 "!@#$%^&*()!@#$%^&*()!@#$%^&*()"); 764 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_basekey, 765 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15, 766 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe, 767 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33, 768 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05 769 ); 770 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_usage, 771 0x00, 0x00, 0x00, 0x0a, KEY_USAGE_SEED_CHECKSUM 772 ); 773 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_expected_result, 774 0x3f, 0xa0, 0xb4, 0x23, 0x55, 0xe5, 0x2b, 0x18, 775 0x91, 0x87, 0x29, 0x4a, 0xa2, 0x52, 0xab, 0x64 776 ); 777 778 static const struct gss_krb5_test_param rfc6803_checksum_test_params[] = { 779 { 780 .desc = "camellia128-cts-cmac checksum test 1", 781 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 782 .base_key = &rfc6803_checksum_test1_basekey, 783 .usage = &rfc6803_checksum_test1_usage, 784 .plaintext = &rfc6803_checksum_test1_plaintext, 785 .expected_result = &rfc6803_checksum_test1_expected_result, 786 }, 787 { 788 .desc = "camellia128-cts-cmac checksum test 2", 789 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 790 .base_key = &rfc6803_checksum_test2_basekey, 791 .usage = &rfc6803_checksum_test2_usage, 792 .plaintext = &rfc6803_checksum_test2_plaintext, 793 .expected_result = &rfc6803_checksum_test2_expected_result, 794 }, 795 { 796 .desc = "camellia256-cts-cmac checksum test 3", 797 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 798 .base_key = &rfc6803_checksum_test3_basekey, 799 .usage = &rfc6803_checksum_test3_usage, 800 .plaintext = &rfc6803_checksum_test3_plaintext, 801 .expected_result = &rfc6803_checksum_test3_expected_result, 802 }, 803 { 804 .desc = "camellia256-cts-cmac checksum test 4", 805 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 806 .base_key = &rfc6803_checksum_test4_basekey, 807 .usage = &rfc6803_checksum_test4_usage, 808 .plaintext = &rfc6803_checksum_test4_plaintext, 809 .expected_result = &rfc6803_checksum_test4_expected_result, 810 }, 811 }; 812 813 /* Creates the function rfc6803_checksum_gen_params */ 814 KUNIT_ARRAY_PARAM(rfc6803_checksum, rfc6803_checksum_test_params, 815 gss_krb5_get_desc); 816 817 /* 818 * From RFC 6803 Section 10. Test vectors 819 * 820 * Sample encryptions (all using the default cipher state) 821 * 822 * Copyright (c) 2012 IETF Trust and the persons identified as the 823 * document authors. All rights reserved. 824 * 825 * Key usage values are from errata 4326 against RFC 6803. 826 */ 827 828 static const struct xdr_netobj rfc6803_enc_empty_plaintext = { 829 .len = 0, 830 }; 831 832 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_1byte_plaintext, "1"); 833 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_9byte_plaintext, "9 bytesss"); 834 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_13byte_plaintext, "13 bytes byte"); 835 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_30byte_plaintext, 836 "30 bytes bytes bytes bytes byt" 837 ); 838 839 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_confounder, 840 0xb6, 0x98, 0x22, 0xa1, 0x9a, 0x6b, 0x09, 0xc0, 841 0xeb, 0xc8, 0x55, 0x7d, 0x1f, 0x1b, 0x6c, 0x0a 842 ); 843 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_basekey, 844 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93, 845 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3 846 ); 847 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_expected_result, 848 0xc4, 0x66, 0xf1, 0x87, 0x10, 0x69, 0x92, 0x1e, 849 0xdb, 0x7c, 0x6f, 0xde, 0x24, 0x4a, 0x52, 0xdb, 850 0x0b, 0xa1, 0x0e, 0xdc, 0x19, 0x7b, 0xdb, 0x80, 851 0x06, 0x65, 0x8c, 0xa3, 0xcc, 0xce, 0x6e, 0xb8 852 ); 853 854 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_confounder, 855 0x6f, 0x2f, 0xc3, 0xc2, 0xa1, 0x66, 0xfd, 0x88, 856 0x98, 0x96, 0x7a, 0x83, 0xde, 0x95, 0x96, 0xd9 857 ); 858 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_basekey, 859 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d, 860 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c 861 ); 862 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_expected_result, 863 0x84, 0x2d, 0x21, 0xfd, 0x95, 0x03, 0x11, 0xc0, 864 0xdd, 0x46, 0x4a, 0x3f, 0x4b, 0xe8, 0xd6, 0xda, 865 0x88, 0xa5, 0x6d, 0x55, 0x9c, 0x9b, 0x47, 0xd3, 866 0xf9, 0xa8, 0x50, 0x67, 0xaf, 0x66, 0x15, 0x59, 867 0xb8 868 ); 869 870 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_confounder, 871 0xa5, 0xb4, 0xa7, 0x1e, 0x07, 0x7a, 0xee, 0xf9, 872 0x3c, 0x87, 0x63, 0xc1, 0x8f, 0xdb, 0x1f, 0x10 873 ); 874 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_basekey, 875 0xa1, 0xbb, 0x61, 0xe8, 0x05, 0xf9, 0xba, 0x6d, 876 0xde, 0x8f, 0xdb, 0xdd, 0xc0, 0x5c, 0xde, 0xa0 877 ); 878 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_expected_result, 879 0x61, 0x9f, 0xf0, 0x72, 0xe3, 0x62, 0x86, 0xff, 880 0x0a, 0x28, 0xde, 0xb3, 0xa3, 0x52, 0xec, 0x0d, 881 0x0e, 0xdf, 0x5c, 0x51, 0x60, 0xd6, 0x63, 0xc9, 882 0x01, 0x75, 0x8c, 0xcf, 0x9d, 0x1e, 0xd3, 0x3d, 883 0x71, 0xdb, 0x8f, 0x23, 0xaa, 0xbf, 0x83, 0x48, 884 0xa0 885 ); 886 887 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_confounder, 888 0x19, 0xfe, 0xe4, 0x0d, 0x81, 0x0c, 0x52, 0x4b, 889 0x5b, 0x22, 0xf0, 0x18, 0x74, 0xc6, 0x93, 0xda 890 ); 891 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_basekey, 892 0x2c, 0xa2, 0x7a, 0x5f, 0xaf, 0x55, 0x32, 0x24, 893 0x45, 0x06, 0x43, 0x4e, 0x1c, 0xef, 0x66, 0x76 894 ); 895 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_expected_result, 896 0xb8, 0xec, 0xa3, 0x16, 0x7a, 0xe6, 0x31, 0x55, 897 0x12, 0xe5, 0x9f, 0x98, 0xa7, 0xc5, 0x00, 0x20, 898 0x5e, 0x5f, 0x63, 0xff, 0x3b, 0xb3, 0x89, 0xaf, 899 0x1c, 0x41, 0xa2, 0x1d, 0x64, 0x0d, 0x86, 0x15, 900 0xc9, 0xed, 0x3f, 0xbe, 0xb0, 0x5a, 0xb6, 0xac, 901 0xb6, 0x76, 0x89, 0xb5, 0xea 902 ); 903 904 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_confounder, 905 0xca, 0x7a, 0x7a, 0xb4, 0xbe, 0x19, 0x2d, 0xab, 906 0xd6, 0x03, 0x50, 0x6d, 0xb1, 0x9c, 0x39, 0xe2 907 ); 908 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_basekey, 909 0x78, 0x24, 0xf8, 0xc1, 0x6f, 0x83, 0xff, 0x35, 910 0x4c, 0x6b, 0xf7, 0x51, 0x5b, 0x97, 0x3f, 0x43 911 ); 912 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_expected_result, 913 0xa2, 0x6a, 0x39, 0x05, 0xa4, 0xff, 0xd5, 0x81, 914 0x6b, 0x7b, 0x1e, 0x27, 0x38, 0x0d, 0x08, 0x09, 915 0x0c, 0x8e, 0xc1, 0xf3, 0x04, 0x49, 0x6e, 0x1a, 916 0xbd, 0xcd, 0x2b, 0xdc, 0xd1, 0xdf, 0xfc, 0x66, 917 0x09, 0x89, 0xe1, 0x17, 0xa7, 0x13, 0xdd, 0xbb, 918 0x57, 0xa4, 0x14, 0x6c, 0x15, 0x87, 0xcb, 0xa4, 919 0x35, 0x66, 0x65, 0x59, 0x1d, 0x22, 0x40, 0x28, 920 0x2f, 0x58, 0x42, 0xb1, 0x05, 0xa5 921 ); 922 923 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_confounder, 924 0x3c, 0xbb, 0xd2, 0xb4, 0x59, 0x17, 0x94, 0x10, 925 0x67, 0xf9, 0x65, 0x99, 0xbb, 0x98, 0x92, 0x6c 926 ); 927 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_basekey, 928 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57, 929 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03, 930 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd, 931 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b 932 ); 933 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_expected_result, 934 0x03, 0x88, 0x6d, 0x03, 0x31, 0x0b, 0x47, 0xa6, 935 0xd8, 0xf0, 0x6d, 0x7b, 0x94, 0xd1, 0xdd, 0x83, 936 0x7e, 0xcc, 0xe3, 0x15, 0xef, 0x65, 0x2a, 0xff, 937 0x62, 0x08, 0x59, 0xd9, 0x4a, 0x25, 0x92, 0x66 938 ); 939 940 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_confounder, 941 0xde, 0xf4, 0x87, 0xfc, 0xeb, 0xe6, 0xde, 0x63, 942 0x46, 0xd4, 0xda, 0x45, 0x21, 0xbb, 0xa2, 0xd2 943 ); 944 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_basekey, 945 0x1b, 0x97, 0xfe, 0x0a, 0x19, 0x0e, 0x20, 0x21, 946 0xeb, 0x30, 0x75, 0x3e, 0x1b, 0x6e, 0x1e, 0x77, 947 0xb0, 0x75, 0x4b, 0x1d, 0x68, 0x46, 0x10, 0x35, 948 0x58, 0x64, 0x10, 0x49, 0x63, 0x46, 0x38, 0x33 949 ); 950 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_expected_result, 951 0x2c, 0x9c, 0x15, 0x70, 0x13, 0x3c, 0x99, 0xbf, 952 0x6a, 0x34, 0xbc, 0x1b, 0x02, 0x12, 0x00, 0x2f, 953 0xd1, 0x94, 0x33, 0x87, 0x49, 0xdb, 0x41, 0x35, 954 0x49, 0x7a, 0x34, 0x7c, 0xfc, 0xd9, 0xd1, 0x8a, 955 0x12 956 ); 957 958 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_confounder, 959 0xad, 0x4f, 0xf9, 0x04, 0xd3, 0x4e, 0x55, 0x53, 960 0x84, 0xb1, 0x41, 0x00, 0xfc, 0x46, 0x5f, 0x88 961 ); 962 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_basekey, 963 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15, 964 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe, 965 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33, 966 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05 967 ); 968 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_expected_result, 969 0x9c, 0x6d, 0xe7, 0x5f, 0x81, 0x2d, 0xe7, 0xed, 970 0x0d, 0x28, 0xb2, 0x96, 0x35, 0x57, 0xa1, 0x15, 971 0x64, 0x09, 0x98, 0x27, 0x5b, 0x0a, 0xf5, 0x15, 972 0x27, 0x09, 0x91, 0x3f, 0xf5, 0x2a, 0x2a, 0x9c, 973 0x8e, 0x63, 0xb8, 0x72, 0xf9, 0x2e, 0x64, 0xc8, 974 0x39 975 ); 976 977 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_confounder, 978 0xcf, 0x9b, 0xca, 0x6d, 0xf1, 0x14, 0x4e, 0x0c, 979 0x0a, 0xf9, 0xb8, 0xf3, 0x4c, 0x90, 0xd5, 0x14 980 ); 981 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_basekey, 982 0xb0, 0x38, 0xb1, 0x32, 0xcd, 0x8e, 0x06, 0x61, 983 0x22, 0x67, 0xfa, 0xb7, 0x17, 0x00, 0x66, 0xd8, 984 0x8a, 0xec, 0xcb, 0xa0, 0xb7, 0x44, 0xbf, 0xc6, 985 0x0d, 0xc8, 0x9b, 0xca, 0x18, 0x2d, 0x07, 0x15 986 ); 987 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_expected_result, 988 0xee, 0xec, 0x85, 0xa9, 0x81, 0x3c, 0xdc, 0x53, 989 0x67, 0x72, 0xab, 0x9b, 0x42, 0xde, 0xfc, 0x57, 990 0x06, 0xf7, 0x26, 0xe9, 0x75, 0xdd, 0xe0, 0x5a, 991 0x87, 0xeb, 0x54, 0x06, 0xea, 0x32, 0x4c, 0xa1, 992 0x85, 0xc9, 0x98, 0x6b, 0x42, 0xaa, 0xbe, 0x79, 993 0x4b, 0x84, 0x82, 0x1b, 0xee 994 ); 995 996 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_confounder, 997 0x64, 0x4d, 0xef, 0x38, 0xda, 0x35, 0x00, 0x72, 998 0x75, 0x87, 0x8d, 0x21, 0x68, 0x55, 0xe2, 0x28 999 ); 1000 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_basekey, 1001 0xcc, 0xfc, 0xd3, 0x49, 0xbf, 0x4c, 0x66, 0x77, 1002 0xe8, 0x6e, 0x4b, 0x02, 0xb8, 0xea, 0xb9, 0x24, 1003 0xa5, 0x46, 0xac, 0x73, 0x1c, 0xf9, 0xbf, 0x69, 1004 0x89, 0xb9, 0x96, 0xe7, 0xd6, 0xbf, 0xbb, 0xa7 1005 ); 1006 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_expected_result, 1007 0x0e, 0x44, 0x68, 0x09, 0x85, 0x85, 0x5f, 0x2d, 1008 0x1f, 0x18, 0x12, 0x52, 0x9c, 0xa8, 0x3b, 0xfd, 1009 0x8e, 0x34, 0x9d, 0xe6, 0xfd, 0x9a, 0xda, 0x0b, 1010 0xaa, 0xa0, 0x48, 0xd6, 0x8e, 0x26, 0x5f, 0xeb, 1011 0xf3, 0x4a, 0xd1, 0x25, 0x5a, 0x34, 0x49, 0x99, 1012 0xad, 0x37, 0x14, 0x68, 0x87, 0xa6, 0xc6, 0x84, 1013 0x57, 0x31, 0xac, 0x7f, 0x46, 0x37, 0x6a, 0x05, 1014 0x04, 0xcd, 0x06, 0x57, 0x14, 0x74 1015 ); 1016 1017 static const struct gss_krb5_test_param rfc6803_encrypt_test_params[] = { 1018 { 1019 .desc = "Encrypt empty plaintext with camellia128-cts-cmac", 1020 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1021 .constant = 0, 1022 .base_key = &rfc6803_enc_test1_basekey, 1023 .plaintext = &rfc6803_enc_empty_plaintext, 1024 .confounder = &rfc6803_enc_test1_confounder, 1025 .expected_result = &rfc6803_enc_test1_expected_result, 1026 }, 1027 { 1028 .desc = "Encrypt 1 byte with camellia128-cts-cmac", 1029 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1030 .constant = 1, 1031 .base_key = &rfc6803_enc_test2_basekey, 1032 .plaintext = &rfc6803_enc_1byte_plaintext, 1033 .confounder = &rfc6803_enc_test2_confounder, 1034 .expected_result = &rfc6803_enc_test2_expected_result, 1035 }, 1036 { 1037 .desc = "Encrypt 9 bytes with camellia128-cts-cmac", 1038 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1039 .constant = 2, 1040 .base_key = &rfc6803_enc_test3_basekey, 1041 .plaintext = &rfc6803_enc_9byte_plaintext, 1042 .confounder = &rfc6803_enc_test3_confounder, 1043 .expected_result = &rfc6803_enc_test3_expected_result, 1044 }, 1045 { 1046 .desc = "Encrypt 13 bytes with camellia128-cts-cmac", 1047 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1048 .constant = 3, 1049 .base_key = &rfc6803_enc_test4_basekey, 1050 .plaintext = &rfc6803_enc_13byte_plaintext, 1051 .confounder = &rfc6803_enc_test4_confounder, 1052 .expected_result = &rfc6803_enc_test4_expected_result, 1053 }, 1054 { 1055 .desc = "Encrypt 30 bytes with camellia128-cts-cmac", 1056 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1057 .constant = 4, 1058 .base_key = &rfc6803_enc_test5_basekey, 1059 .plaintext = &rfc6803_enc_30byte_plaintext, 1060 .confounder = &rfc6803_enc_test5_confounder, 1061 .expected_result = &rfc6803_enc_test5_expected_result, 1062 }, 1063 { 1064 .desc = "Encrypt empty plaintext with camellia256-cts-cmac", 1065 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1066 .constant = 0, 1067 .base_key = &rfc6803_enc_test6_basekey, 1068 .plaintext = &rfc6803_enc_empty_plaintext, 1069 .confounder = &rfc6803_enc_test6_confounder, 1070 .expected_result = &rfc6803_enc_test6_expected_result, 1071 }, 1072 { 1073 .desc = "Encrypt 1 byte with camellia256-cts-cmac", 1074 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1075 .constant = 1, 1076 .base_key = &rfc6803_enc_test7_basekey, 1077 .plaintext = &rfc6803_enc_1byte_plaintext, 1078 .confounder = &rfc6803_enc_test7_confounder, 1079 .expected_result = &rfc6803_enc_test7_expected_result, 1080 }, 1081 { 1082 .desc = "Encrypt 9 bytes with camellia256-cts-cmac", 1083 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1084 .constant = 2, 1085 .base_key = &rfc6803_enc_test8_basekey, 1086 .plaintext = &rfc6803_enc_9byte_plaintext, 1087 .confounder = &rfc6803_enc_test8_confounder, 1088 .expected_result = &rfc6803_enc_test8_expected_result, 1089 }, 1090 { 1091 .desc = "Encrypt 13 bytes with camellia256-cts-cmac", 1092 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1093 .constant = 3, 1094 .base_key = &rfc6803_enc_test9_basekey, 1095 .plaintext = &rfc6803_enc_13byte_plaintext, 1096 .confounder = &rfc6803_enc_test9_confounder, 1097 .expected_result = &rfc6803_enc_test9_expected_result, 1098 }, 1099 { 1100 .desc = "Encrypt 30 bytes with camellia256-cts-cmac", 1101 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1102 .constant = 4, 1103 .base_key = &rfc6803_enc_test10_basekey, 1104 .plaintext = &rfc6803_enc_30byte_plaintext, 1105 .confounder = &rfc6803_enc_test10_confounder, 1106 .expected_result = &rfc6803_enc_test10_expected_result, 1107 }, 1108 }; 1109 1110 /* Creates the function rfc6803_encrypt_gen_params */ 1111 KUNIT_ARRAY_PARAM(rfc6803_encrypt, rfc6803_encrypt_test_params, 1112 gss_krb5_get_desc); 1113 1114 static void rfc6803_encrypt_case(struct kunit *test) 1115 { 1116 const struct gss_krb5_test_param *param = test->param_value; 1117 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 1118 const struct gss_krb5_enctype *gk5e; 1119 struct xdr_netobj Ke, Ki, checksum; 1120 u8 usage_data[GSS_KRB5_K5CLENGTH]; 1121 struct xdr_netobj usage = { 1122 .data = usage_data, 1123 .len = sizeof(usage_data), 1124 }; 1125 struct crypto_ahash *ahash_tfm; 1126 unsigned int blocksize; 1127 struct xdr_buf buf; 1128 void *text; 1129 size_t len; 1130 u32 err; 1131 1132 /* Arrange */ 1133 gk5e = gss_krb5_lookup_enctype(param->enctype); 1134 if (!gk5e) 1135 kunit_skip(test, "Encryption type is not available"); 1136 1137 memset(usage_data, 0, sizeof(usage_data)); 1138 usage.data[3] = param->constant; 1139 1140 Ke.len = gk5e->Ke_length; 1141 Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL); 1142 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data); 1143 usage.data[4] = KEY_USAGE_SEED_ENCRYPTION; 1144 err = gk5e->derive_key(gk5e, param->base_key, &Ke, &usage, GFP_KERNEL); 1145 KUNIT_ASSERT_EQ(test, err, 0); 1146 1147 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 1148 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 1149 err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len); 1150 KUNIT_ASSERT_EQ(test, err, 0); 1151 1152 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 1153 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 1154 err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len); 1155 KUNIT_ASSERT_EQ(test, err, 0); 1156 blocksize = crypto_sync_skcipher_blocksize(cts_tfm); 1157 1158 len = param->confounder->len + param->plaintext->len + blocksize; 1159 text = kunit_kzalloc(test, len, GFP_KERNEL); 1160 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 1161 memcpy(text, param->confounder->data, param->confounder->len); 1162 memcpy(text + param->confounder->len, param->plaintext->data, 1163 param->plaintext->len); 1164 1165 memset(&buf, 0, sizeof(buf)); 1166 buf.head[0].iov_base = text; 1167 buf.head[0].iov_len = param->confounder->len + param->plaintext->len; 1168 buf.len = buf.head[0].iov_len; 1169 1170 checksum.len = gk5e->cksumlength; 1171 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 1172 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 1173 1174 Ki.len = gk5e->Ki_length; 1175 Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL); 1176 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data); 1177 usage.data[4] = KEY_USAGE_SEED_INTEGRITY; 1178 err = gk5e->derive_key(gk5e, param->base_key, &Ki, 1179 &usage, GFP_KERNEL); 1180 KUNIT_ASSERT_EQ(test, err, 0); 1181 ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 1182 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm); 1183 err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len); 1184 KUNIT_ASSERT_EQ(test, err, 0); 1185 1186 /* Act */ 1187 err = gss_krb5_checksum(ahash_tfm, NULL, 0, &buf, 0, &checksum); 1188 KUNIT_ASSERT_EQ(test, err, 0); 1189 1190 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); 1191 KUNIT_ASSERT_EQ(test, err, 0); 1192 1193 /* Assert */ 1194 KUNIT_EXPECT_EQ_MSG(test, param->expected_result->len, 1195 buf.len + checksum.len, 1196 "ciphertext length mismatch"); 1197 KUNIT_EXPECT_EQ_MSG(test, 1198 memcmp(param->expected_result->data, 1199 buf.head[0].iov_base, buf.len), 0, 1200 "encrypted result mismatch"); 1201 KUNIT_EXPECT_EQ_MSG(test, 1202 memcmp(param->expected_result->data + 1203 (param->expected_result->len - checksum.len), 1204 checksum.data, checksum.len), 0, 1205 "HMAC mismatch"); 1206 1207 crypto_free_ahash(ahash_tfm); 1208 crypto_free_sync_skcipher(cts_tfm); 1209 crypto_free_sync_skcipher(cbc_tfm); 1210 } 1211 1212 static struct kunit_case rfc6803_test_cases[] = { 1213 { 1214 .name = "RFC 6803 key derivation", 1215 .run_case = kdf_case, 1216 .generate_params = rfc6803_kdf_gen_params, 1217 }, 1218 { 1219 .name = "RFC 6803 checksum", 1220 .run_case = checksum_case, 1221 .generate_params = rfc6803_checksum_gen_params, 1222 }, 1223 { 1224 .name = "RFC 6803 encryption", 1225 .run_case = rfc6803_encrypt_case, 1226 .generate_params = rfc6803_encrypt_gen_params, 1227 }, 1228 {} 1229 }; 1230 1231 static struct kunit_suite rfc6803_suite = { 1232 .name = "RFC 6803 suite", 1233 .test_cases = rfc6803_test_cases, 1234 }; 1235 1236 /* 1237 * From RFC 8009 Appendix A. Test Vectors 1238 * 1239 * Sample results for SHA-2 enctype key derivation 1240 * 1241 * This test material is copyright (c) 2016 IETF Trust and the 1242 * persons identified as the document authors. All rights reserved. 1243 */ 1244 1245 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_basekey, 1246 0x37, 0x05, 0xd9, 0x60, 0x80, 0xc1, 0x77, 0x28, 1247 0xa0, 0xe8, 0x00, 0xea, 0xb6, 0xe0, 0xd2, 0x3c 1248 ); 1249 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Kc, 1250 0xb3, 0x1a, 0x01, 0x8a, 0x48, 0xf5, 0x47, 0x76, 1251 0xf4, 0x03, 0xe9, 0xa3, 0x96, 0x32, 0x5d, 0xc3 1252 ); 1253 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ke, 1254 0x9b, 0x19, 0x7d, 0xd1, 0xe8, 0xc5, 0x60, 0x9d, 1255 0x6e, 0x67, 0xc3, 0xe3, 0x7c, 0x62, 0xc7, 0x2e 1256 ); 1257 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ki, 1258 0x9f, 0xda, 0x0e, 0x56, 0xab, 0x2d, 0x85, 0xe1, 1259 0x56, 0x9a, 0x68, 0x86, 0x96, 0xc2, 0x6a, 0x6c 1260 ); 1261 1262 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_basekey, 1263 0x6d, 0x40, 0x4d, 0x37, 0xfa, 0xf7, 0x9f, 0x9d, 1264 0xf0, 0xd3, 0x35, 0x68, 0xd3, 0x20, 0x66, 0x98, 1265 0x00, 0xeb, 0x48, 0x36, 0x47, 0x2e, 0xa8, 0xa0, 1266 0x26, 0xd1, 0x6b, 0x71, 0x82, 0x46, 0x0c, 0x52 1267 ); 1268 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Kc, 1269 0xef, 0x57, 0x18, 0xbe, 0x86, 0xcc, 0x84, 0x96, 1270 0x3d, 0x8b, 0xbb, 0x50, 0x31, 0xe9, 0xf5, 0xc4, 1271 0xba, 0x41, 0xf2, 0x8f, 0xaf, 0x69, 0xe7, 0x3d 1272 ); 1273 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ke, 1274 0x56, 0xab, 0x22, 0xbe, 0xe6, 0x3d, 0x82, 0xd7, 1275 0xbc, 0x52, 0x27, 0xf6, 0x77, 0x3f, 0x8e, 0xa7, 1276 0xa5, 0xeb, 0x1c, 0x82, 0x51, 0x60, 0xc3, 0x83, 1277 0x12, 0x98, 0x0c, 0x44, 0x2e, 0x5c, 0x7e, 0x49 1278 ); 1279 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ki, 1280 0x69, 0xb1, 0x65, 0x14, 0xe3, 0xcd, 0x8e, 0x56, 1281 0xb8, 0x20, 0x10, 0xd5, 0xc7, 0x30, 0x12, 0xb6, 1282 0x22, 0xc4, 0xd0, 0x0f, 0xfc, 0x23, 0xed, 0x1f 1283 ); 1284 1285 static const struct gss_krb5_test_param rfc8009_kdf_test_params[] = { 1286 { 1287 .desc = "Derive Kc subkey for aes128-cts-hmac-sha256-128", 1288 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1289 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1290 .usage = &usage_checksum, 1291 .expected_result = &aes128_cts_hmac_sha256_128_Kc, 1292 }, 1293 { 1294 .desc = "Derive Ke subkey for aes128-cts-hmac-sha256-128", 1295 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1296 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1297 .usage = &usage_encryption, 1298 .expected_result = &aes128_cts_hmac_sha256_128_Ke, 1299 }, 1300 { 1301 .desc = "Derive Ki subkey for aes128-cts-hmac-sha256-128", 1302 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1303 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1304 .usage = &usage_integrity, 1305 .expected_result = &aes128_cts_hmac_sha256_128_Ki, 1306 }, 1307 { 1308 .desc = "Derive Kc subkey for aes256-cts-hmac-sha384-192", 1309 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1310 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1311 .usage = &usage_checksum, 1312 .expected_result = &aes256_cts_hmac_sha384_192_Kc, 1313 }, 1314 { 1315 .desc = "Derive Ke subkey for aes256-cts-hmac-sha384-192", 1316 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1317 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1318 .usage = &usage_encryption, 1319 .expected_result = &aes256_cts_hmac_sha384_192_Ke, 1320 }, 1321 { 1322 .desc = "Derive Ki subkey for aes256-cts-hmac-sha384-192", 1323 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1324 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1325 .usage = &usage_integrity, 1326 .expected_result = &aes256_cts_hmac_sha384_192_Ki, 1327 }, 1328 }; 1329 1330 /* Creates the function rfc8009_kdf_gen_params */ 1331 KUNIT_ARRAY_PARAM(rfc8009_kdf, rfc8009_kdf_test_params, gss_krb5_get_desc); 1332 1333 /* 1334 * From RFC 8009 Appendix A. Test Vectors 1335 * 1336 * These sample checksums use the above sample key derivation results, 1337 * including use of the same base-key and key usage values. 1338 * 1339 * This test material is copyright (c) 2016 IETF Trust and the 1340 * persons identified as the document authors. All rights reserved. 1341 */ 1342 1343 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_plaintext, 1344 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1345 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 1346 0x10, 0x11, 0x12, 0x13, 0x14 1347 ); 1348 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test1_expected_result, 1349 0xd7, 0x83, 0x67, 0x18, 0x66, 0x43, 0xd6, 0x7b, 1350 0x41, 0x1c, 0xba, 0x91, 0x39, 0xfc, 0x1d, 0xee 1351 ); 1352 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test2_expected_result, 1353 0x45, 0xee, 0x79, 0x15, 0x67, 0xee, 0xfc, 0xa3, 1354 0x7f, 0x4a, 0xc1, 0xe0, 0x22, 0x2d, 0xe8, 0x0d, 1355 0x43, 0xc3, 0xbf, 0xa0, 0x66, 0x99, 0x67, 0x2a 1356 ); 1357 1358 static const struct gss_krb5_test_param rfc8009_checksum_test_params[] = { 1359 { 1360 .desc = "Checksum with aes128-cts-hmac-sha256-128", 1361 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1362 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1363 .usage = &usage_checksum, 1364 .plaintext = &rfc8009_checksum_plaintext, 1365 .expected_result = &rfc8009_checksum_test1_expected_result, 1366 }, 1367 { 1368 .desc = "Checksum with aes256-cts-hmac-sha384-192", 1369 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1370 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1371 .usage = &usage_checksum, 1372 .plaintext = &rfc8009_checksum_plaintext, 1373 .expected_result = &rfc8009_checksum_test2_expected_result, 1374 }, 1375 }; 1376 1377 /* Creates the function rfc8009_checksum_gen_params */ 1378 KUNIT_ARRAY_PARAM(rfc8009_checksum, rfc8009_checksum_test_params, 1379 gss_krb5_get_desc); 1380 1381 /* 1382 * From RFC 8009 Appendix A. Test Vectors 1383 * 1384 * Sample encryptions (all using the default cipher state): 1385 * -------------------------------------------------------- 1386 * 1387 * These sample encryptions use the above sample key derivation results, 1388 * including use of the same base-key and key usage values. 1389 * 1390 * This test material is copyright (c) 2016 IETF Trust and the 1391 * persons identified as the document authors. All rights reserved. 1392 */ 1393 1394 static const struct xdr_netobj rfc8009_enc_empty_plaintext = { 1395 .len = 0, 1396 }; 1397 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_short_plaintext, 1398 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 1399 ); 1400 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_block_plaintext, 1401 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1402 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 1403 ); 1404 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_long_plaintext, 1405 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1406 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 1407 0x10, 0x11, 0x12, 0x13, 0x14 1408 ); 1409 1410 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_confounder, 1411 0x7e, 0x58, 0x95, 0xea, 0xf2, 0x67, 0x24, 0x35, 1412 0xba, 0xd8, 0x17, 0xf5, 0x45, 0xa3, 0x71, 0x48 1413 ); 1414 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_result, 1415 0xef, 0x85, 0xfb, 0x89, 0x0b, 0xb8, 0x47, 0x2f, 1416 0x4d, 0xab, 0x20, 0x39, 0x4d, 0xca, 0x78, 0x1d 1417 ); 1418 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_hmac, 1419 0xad, 0x87, 0x7e, 0xda, 0x39, 0xd5, 0x0c, 0x87, 1420 0x0c, 0x0d, 0x5a, 0x0a, 0x8e, 0x48, 0xc7, 0x18 1421 ); 1422 1423 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_confounder, 1424 0x7b, 0xca, 0x28, 0x5e, 0x2f, 0xd4, 0x13, 0x0f, 1425 0xb5, 0x5b, 0x1a, 0x5c, 0x83, 0xbc, 0x5b, 0x24 1426 ); 1427 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_result, 1428 0x84, 0xd7, 0xf3, 0x07, 0x54, 0xed, 0x98, 0x7b, 1429 0xab, 0x0b, 0xf3, 0x50, 0x6b, 0xeb, 0x09, 0xcf, 1430 0xb5, 0x54, 0x02, 0xce, 0xf7, 0xe6 1431 ); 1432 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_hmac, 1433 0x87, 0x7c, 0xe9, 0x9e, 0x24, 0x7e, 0x52, 0xd1, 1434 0x6e, 0xd4, 0x42, 0x1d, 0xfd, 0xf8, 0x97, 0x6c 1435 ); 1436 1437 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_confounder, 1438 0x56, 0xab, 0x21, 0x71, 0x3f, 0xf6, 0x2c, 0x0a, 1439 0x14, 0x57, 0x20, 0x0f, 0x6f, 0xa9, 0x94, 0x8f 1440 ); 1441 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_result, 1442 0x35, 0x17, 0xd6, 0x40, 0xf5, 0x0d, 0xdc, 0x8a, 1443 0xd3, 0x62, 0x87, 0x22, 0xb3, 0x56, 0x9d, 0x2a, 1444 0xe0, 0x74, 0x93, 0xfa, 0x82, 0x63, 0x25, 0x40, 1445 0x80, 0xea, 0x65, 0xc1, 0x00, 0x8e, 0x8f, 0xc2 1446 ); 1447 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_hmac, 1448 0x95, 0xfb, 0x48, 0x52, 0xe7, 0xd8, 0x3e, 0x1e, 1449 0x7c, 0x48, 0xc3, 0x7e, 0xeb, 0xe6, 0xb0, 0xd3 1450 ); 1451 1452 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_confounder, 1453 0xa7, 0xa4, 0xe2, 0x9a, 0x47, 0x28, 0xce, 0x10, 1454 0x66, 0x4f, 0xb6, 0x4e, 0x49, 0xad, 0x3f, 0xac 1455 ); 1456 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_result, 1457 0x72, 0x0f, 0x73, 0xb1, 0x8d, 0x98, 0x59, 0xcd, 1458 0x6c, 0xcb, 0x43, 0x46, 0x11, 0x5c, 0xd3, 0x36, 1459 0xc7, 0x0f, 0x58, 0xed, 0xc0, 0xc4, 0x43, 0x7c, 1460 0x55, 0x73, 0x54, 0x4c, 0x31, 0xc8, 0x13, 0xbc, 1461 0xe1, 0xe6, 0xd0, 0x72, 0xc1 1462 ); 1463 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_hmac, 1464 0x86, 0xb3, 0x9a, 0x41, 0x3c, 0x2f, 0x92, 0xca, 1465 0x9b, 0x83, 0x34, 0xa2, 0x87, 0xff, 0xcb, 0xfc 1466 ); 1467 1468 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_confounder, 1469 0xf7, 0x64, 0xe9, 0xfa, 0x15, 0xc2, 0x76, 0x47, 1470 0x8b, 0x2c, 0x7d, 0x0c, 0x4e, 0x5f, 0x58, 0xe4 1471 ); 1472 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_result, 1473 0x41, 0xf5, 0x3f, 0xa5, 0xbf, 0xe7, 0x02, 0x6d, 1474 0x91, 0xfa, 0xf9, 0xbe, 0x95, 0x91, 0x95, 0xa0 1475 ); 1476 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_hmac, 1477 0x58, 0x70, 0x72, 0x73, 0xa9, 0x6a, 0x40, 0xf0, 1478 0xa0, 0x19, 0x60, 0x62, 0x1a, 0xc6, 0x12, 0x74, 1479 0x8b, 0x9b, 0xbf, 0xbe, 0x7e, 0xb4, 0xce, 0x3c 1480 ); 1481 1482 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_confounder, 1483 0xb8, 0x0d, 0x32, 0x51, 0xc1, 0xf6, 0x47, 0x14, 1484 0x94, 0x25, 0x6f, 0xfe, 0x71, 0x2d, 0x0b, 0x9a 1485 ); 1486 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_result, 1487 0x4e, 0xd7, 0xb3, 0x7c, 0x2b, 0xca, 0xc8, 0xf7, 1488 0x4f, 0x23, 0xc1, 0xcf, 0x07, 0xe6, 0x2b, 0xc7, 1489 0xb7, 0x5f, 0xb3, 0xf6, 0x37, 0xb9 1490 ); 1491 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_hmac, 1492 0xf5, 0x59, 0xc7, 0xf6, 0x64, 0xf6, 0x9e, 0xab, 1493 0x7b, 0x60, 0x92, 0x23, 0x75, 0x26, 0xea, 0x0d, 1494 0x1f, 0x61, 0xcb, 0x20, 0xd6, 0x9d, 0x10, 0xf2 1495 ); 1496 1497 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_confounder, 1498 0x53, 0xbf, 0x8a, 0x0d, 0x10, 0x52, 0x65, 0xd4, 1499 0xe2, 0x76, 0x42, 0x86, 0x24, 0xce, 0x5e, 0x63 1500 ); 1501 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_result, 1502 0xbc, 0x47, 0xff, 0xec, 0x79, 0x98, 0xeb, 0x91, 1503 0xe8, 0x11, 0x5c, 0xf8, 0xd1, 0x9d, 0xac, 0x4b, 1504 0xbb, 0xe2, 0xe1, 0x63, 0xe8, 0x7d, 0xd3, 0x7f, 1505 0x49, 0xbe, 0xca, 0x92, 0x02, 0x77, 0x64, 0xf6 1506 ); 1507 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_hmac, 1508 0x8c, 0xf5, 0x1f, 0x14, 0xd7, 0x98, 0xc2, 0x27, 1509 0x3f, 0x35, 0xdf, 0x57, 0x4d, 0x1f, 0x93, 0x2e, 1510 0x40, 0xc4, 0xff, 0x25, 0x5b, 0x36, 0xa2, 0x66 1511 ); 1512 1513 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_confounder, 1514 0x76, 0x3e, 0x65, 0x36, 0x7e, 0x86, 0x4f, 0x02, 1515 0xf5, 0x51, 0x53, 0xc7, 0xe3, 0xb5, 0x8a, 0xf1 1516 ); 1517 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_result, 1518 0x40, 0x01, 0x3e, 0x2d, 0xf5, 0x8e, 0x87, 0x51, 1519 0x95, 0x7d, 0x28, 0x78, 0xbc, 0xd2, 0xd6, 0xfe, 1520 0x10, 0x1c, 0xcf, 0xd5, 0x56, 0xcb, 0x1e, 0xae, 1521 0x79, 0xdb, 0x3c, 0x3e, 0xe8, 0x64, 0x29, 0xf2, 1522 0xb2, 0xa6, 0x02, 0xac, 0x86 1523 ); 1524 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_hmac, 1525 0xfe, 0xf6, 0xec, 0xb6, 0x47, 0xd6, 0x29, 0x5f, 1526 0xae, 0x07, 0x7a, 0x1f, 0xeb, 0x51, 0x75, 0x08, 1527 0xd2, 0xc1, 0x6b, 0x41, 0x92, 0xe0, 0x1f, 0x62 1528 ); 1529 1530 static const struct gss_krb5_test_param rfc8009_encrypt_test_params[] = { 1531 { 1532 .desc = "Encrypt empty plaintext with aes128-cts-hmac-sha256-128", 1533 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1534 .plaintext = &rfc8009_enc_empty_plaintext, 1535 .confounder = &rfc8009_enc_test1_confounder, 1536 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1537 .expected_result = &rfc8009_enc_test1_expected_result, 1538 .expected_hmac = &rfc8009_enc_test1_expected_hmac, 1539 }, 1540 { 1541 .desc = "Encrypt short plaintext with aes128-cts-hmac-sha256-128", 1542 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1543 .plaintext = &rfc8009_enc_short_plaintext, 1544 .confounder = &rfc8009_enc_test2_confounder, 1545 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1546 .expected_result = &rfc8009_enc_test2_expected_result, 1547 .expected_hmac = &rfc8009_enc_test2_expected_hmac, 1548 }, 1549 { 1550 .desc = "Encrypt block plaintext with aes128-cts-hmac-sha256-128", 1551 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1552 .plaintext = &rfc8009_enc_block_plaintext, 1553 .confounder = &rfc8009_enc_test3_confounder, 1554 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1555 .expected_result = &rfc8009_enc_test3_expected_result, 1556 .expected_hmac = &rfc8009_enc_test3_expected_hmac, 1557 }, 1558 { 1559 .desc = "Encrypt long plaintext with aes128-cts-hmac-sha256-128", 1560 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1561 .plaintext = &rfc8009_enc_long_plaintext, 1562 .confounder = &rfc8009_enc_test4_confounder, 1563 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1564 .expected_result = &rfc8009_enc_test4_expected_result, 1565 .expected_hmac = &rfc8009_enc_test4_expected_hmac, 1566 }, 1567 { 1568 .desc = "Encrypt empty plaintext with aes256-cts-hmac-sha384-192", 1569 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1570 .plaintext = &rfc8009_enc_empty_plaintext, 1571 .confounder = &rfc8009_enc_test5_confounder, 1572 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1573 .expected_result = &rfc8009_enc_test5_expected_result, 1574 .expected_hmac = &rfc8009_enc_test5_expected_hmac, 1575 }, 1576 { 1577 .desc = "Encrypt short plaintext with aes256-cts-hmac-sha384-192", 1578 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1579 .plaintext = &rfc8009_enc_short_plaintext, 1580 .confounder = &rfc8009_enc_test6_confounder, 1581 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1582 .expected_result = &rfc8009_enc_test6_expected_result, 1583 .expected_hmac = &rfc8009_enc_test6_expected_hmac, 1584 }, 1585 { 1586 .desc = "Encrypt block plaintext with aes256-cts-hmac-sha384-192", 1587 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1588 .plaintext = &rfc8009_enc_block_plaintext, 1589 .confounder = &rfc8009_enc_test7_confounder, 1590 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1591 .expected_result = &rfc8009_enc_test7_expected_result, 1592 .expected_hmac = &rfc8009_enc_test7_expected_hmac, 1593 }, 1594 { 1595 .desc = "Encrypt long plaintext with aes256-cts-hmac-sha384-192", 1596 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1597 .plaintext = &rfc8009_enc_long_plaintext, 1598 .confounder = &rfc8009_enc_test8_confounder, 1599 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1600 .expected_result = &rfc8009_enc_test8_expected_result, 1601 .expected_hmac = &rfc8009_enc_test8_expected_hmac, 1602 }, 1603 }; 1604 1605 /* Creates the function rfc8009_encrypt_gen_params */ 1606 KUNIT_ARRAY_PARAM(rfc8009_encrypt, rfc8009_encrypt_test_params, 1607 gss_krb5_get_desc); 1608 1609 static void rfc8009_encrypt_case(struct kunit *test) 1610 { 1611 const struct gss_krb5_test_param *param = test->param_value; 1612 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 1613 const struct gss_krb5_enctype *gk5e; 1614 struct xdr_netobj Ke, Ki, checksum; 1615 u8 usage_data[GSS_KRB5_K5CLENGTH]; 1616 struct xdr_netobj usage = { 1617 .data = usage_data, 1618 .len = sizeof(usage_data), 1619 }; 1620 struct crypto_ahash *ahash_tfm; 1621 struct xdr_buf buf; 1622 void *text; 1623 size_t len; 1624 u32 err; 1625 1626 /* Arrange */ 1627 gk5e = gss_krb5_lookup_enctype(param->enctype); 1628 if (!gk5e) 1629 kunit_skip(test, "Encryption type is not available"); 1630 1631 *(__be32 *)usage.data = cpu_to_be32(2); 1632 1633 Ke.len = gk5e->Ke_length; 1634 Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL); 1635 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data); 1636 usage.data[4] = KEY_USAGE_SEED_ENCRYPTION; 1637 err = gk5e->derive_key(gk5e, param->base_key, &Ke, 1638 &usage, GFP_KERNEL); 1639 KUNIT_ASSERT_EQ(test, err, 0); 1640 1641 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 1642 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 1643 err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len); 1644 KUNIT_ASSERT_EQ(test, err, 0); 1645 1646 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 1647 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 1648 err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len); 1649 KUNIT_ASSERT_EQ(test, err, 0); 1650 1651 len = param->confounder->len + param->plaintext->len; 1652 text = kunit_kzalloc(test, len, GFP_KERNEL); 1653 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 1654 memcpy(text, param->confounder->data, param->confounder->len); 1655 memcpy(text + param->confounder->len, param->plaintext->data, 1656 param->plaintext->len); 1657 1658 memset(&buf, 0, sizeof(buf)); 1659 buf.head[0].iov_base = text; 1660 buf.head[0].iov_len = param->confounder->len + param->plaintext->len; 1661 buf.len = buf.head[0].iov_len; 1662 1663 checksum.len = gk5e->cksumlength; 1664 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 1665 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 1666 1667 Ki.len = gk5e->Ki_length; 1668 Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL); 1669 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data); 1670 usage.data[4] = KEY_USAGE_SEED_INTEGRITY; 1671 err = gk5e->derive_key(gk5e, param->base_key, &Ki, 1672 &usage, GFP_KERNEL); 1673 KUNIT_ASSERT_EQ(test, err, 0); 1674 1675 ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 1676 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm); 1677 err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len); 1678 KUNIT_ASSERT_EQ(test, err, 0); 1679 1680 /* Act */ 1681 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); 1682 KUNIT_ASSERT_EQ(test, err, 0); 1683 err = krb5_etm_checksum(cts_tfm, ahash_tfm, &buf, 0, &checksum); 1684 KUNIT_ASSERT_EQ(test, err, 0); 1685 1686 /* Assert */ 1687 KUNIT_EXPECT_EQ_MSG(test, 1688 param->expected_result->len, buf.len, 1689 "ciphertext length mismatch"); 1690 KUNIT_EXPECT_EQ_MSG(test, 1691 memcmp(param->expected_result->data, 1692 buf.head[0].iov_base, 1693 param->expected_result->len), 0, 1694 "ciphertext mismatch"); 1695 KUNIT_EXPECT_EQ_MSG(test, memcmp(param->expected_hmac->data, 1696 checksum.data, 1697 checksum.len), 0, 1698 "HMAC mismatch"); 1699 1700 crypto_free_ahash(ahash_tfm); 1701 crypto_free_sync_skcipher(cts_tfm); 1702 crypto_free_sync_skcipher(cbc_tfm); 1703 } 1704 1705 static struct kunit_case rfc8009_test_cases[] = { 1706 { 1707 .name = "RFC 8009 key derivation", 1708 .run_case = kdf_case, 1709 .generate_params = rfc8009_kdf_gen_params, 1710 }, 1711 { 1712 .name = "RFC 8009 checksum", 1713 .run_case = checksum_case, 1714 .generate_params = rfc8009_checksum_gen_params, 1715 }, 1716 { 1717 .name = "RFC 8009 encryption", 1718 .run_case = rfc8009_encrypt_case, 1719 .generate_params = rfc8009_encrypt_gen_params, 1720 }, 1721 {} 1722 }; 1723 1724 static struct kunit_suite rfc8009_suite = { 1725 .name = "RFC 8009 suite", 1726 .test_cases = rfc8009_test_cases, 1727 }; 1728 1729 /* 1730 * Encryption self-tests 1731 */ 1732 1733 DEFINE_STR_XDR_NETOBJ(encrypt_selftest_plaintext, 1734 "This is the plaintext for the encryption self-test."); 1735 1736 static const struct gss_krb5_test_param encrypt_selftest_params[] = { 1737 { 1738 .desc = "aes128-cts-hmac-sha1-96 encryption self-test", 1739 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 1740 .Ke = &rfc3962_encryption_key, 1741 .plaintext = &encrypt_selftest_plaintext, 1742 }, 1743 { 1744 .desc = "aes256-cts-hmac-sha1-96 encryption self-test", 1745 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96, 1746 .Ke = &rfc3962_encryption_key, 1747 .plaintext = &encrypt_selftest_plaintext, 1748 }, 1749 { 1750 .desc = "camellia128-cts-cmac encryption self-test", 1751 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1752 .Ke = &camellia128_cts_cmac_Ke, 1753 .plaintext = &encrypt_selftest_plaintext, 1754 }, 1755 { 1756 .desc = "camellia256-cts-cmac encryption self-test", 1757 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1758 .Ke = &camellia256_cts_cmac_Ke, 1759 .plaintext = &encrypt_selftest_plaintext, 1760 }, 1761 { 1762 .desc = "aes128-cts-hmac-sha256-128 encryption self-test", 1763 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1764 .Ke = &aes128_cts_hmac_sha256_128_Ke, 1765 .plaintext = &encrypt_selftest_plaintext, 1766 }, 1767 { 1768 .desc = "aes256-cts-hmac-sha384-192 encryption self-test", 1769 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1770 .Ke = &aes256_cts_hmac_sha384_192_Ke, 1771 .plaintext = &encrypt_selftest_plaintext, 1772 }, 1773 }; 1774 1775 /* Creates the function encrypt_selftest_gen_params */ 1776 KUNIT_ARRAY_PARAM(encrypt_selftest, encrypt_selftest_params, 1777 gss_krb5_get_desc); 1778 1779 /* 1780 * Encrypt and decrypt plaintext, and ensure the input plaintext 1781 * matches the output plaintext. A confounder is not added in this 1782 * case. 1783 */ 1784 static void encrypt_selftest_case(struct kunit *test) 1785 { 1786 const struct gss_krb5_test_param *param = test->param_value; 1787 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 1788 const struct gss_krb5_enctype *gk5e; 1789 struct xdr_buf buf; 1790 void *text; 1791 int err; 1792 1793 /* Arrange */ 1794 gk5e = gss_krb5_lookup_enctype(param->enctype); 1795 if (!gk5e) 1796 kunit_skip(test, "Encryption type is not available"); 1797 1798 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 1799 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 1800 err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len); 1801 KUNIT_ASSERT_EQ(test, err, 0); 1802 1803 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 1804 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 1805 err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len); 1806 KUNIT_ASSERT_EQ(test, err, 0); 1807 1808 text = kunit_kzalloc(test, roundup(param->plaintext->len, 1809 crypto_sync_skcipher_blocksize(cbc_tfm)), 1810 GFP_KERNEL); 1811 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 1812 1813 memcpy(text, param->plaintext->data, param->plaintext->len); 1814 memset(&buf, 0, sizeof(buf)); 1815 buf.head[0].iov_base = text; 1816 buf.head[0].iov_len = param->plaintext->len; 1817 buf.len = buf.head[0].iov_len; 1818 1819 /* Act */ 1820 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); 1821 KUNIT_ASSERT_EQ(test, err, 0); 1822 err = krb5_cbc_cts_decrypt(cts_tfm, cbc_tfm, 0, &buf); 1823 KUNIT_ASSERT_EQ(test, err, 0); 1824 1825 /* Assert */ 1826 KUNIT_EXPECT_EQ_MSG(test, 1827 param->plaintext->len, buf.len, 1828 "length mismatch"); 1829 KUNIT_EXPECT_EQ_MSG(test, 1830 memcmp(param->plaintext->data, 1831 buf.head[0].iov_base, buf.len), 0, 1832 "plaintext mismatch"); 1833 1834 crypto_free_sync_skcipher(cts_tfm); 1835 crypto_free_sync_skcipher(cbc_tfm); 1836 } 1837 1838 static struct kunit_case encryption_test_cases[] = { 1839 { 1840 .name = "Encryption self-tests", 1841 .run_case = encrypt_selftest_case, 1842 .generate_params = encrypt_selftest_gen_params, 1843 }, 1844 {} 1845 }; 1846 1847 static struct kunit_suite encryption_test_suite = { 1848 .name = "Encryption test suite", 1849 .test_cases = encryption_test_cases, 1850 }; 1851 1852 kunit_test_suites(&rfc3961_suite, 1853 &rfc3962_suite, 1854 &rfc6803_suite, 1855 &rfc8009_suite, 1856 &encryption_test_suite); 1857 1858 MODULE_DESCRIPTION("Test RPCSEC GSS Kerberos 5 functions"); 1859 MODULE_LICENSE("GPL"); 1860