1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2022 Oracle and/or its affiliates. 4 * 5 * KUnit test of SunRPC's GSS Kerberos mechanism. Subsystem 6 * name is "rpcsec_gss_krb5". 7 */ 8 9 #include <kunit/test.h> 10 #include <kunit/visibility.h> 11 12 #include <linux/kernel.h> 13 #include <crypto/hash.h> 14 15 #include <linux/sunrpc/xdr.h> 16 #include <linux/sunrpc/gss_krb5.h> 17 18 #include "gss_krb5_internal.h" 19 20 MODULE_IMPORT_NS(EXPORTED_FOR_KUNIT_TESTING); 21 22 struct gss_krb5_test_param { 23 const char *desc; 24 u32 enctype; 25 u32 nfold; 26 u32 constant; 27 const struct xdr_netobj *base_key; 28 const struct xdr_netobj *Ke; 29 const struct xdr_netobj *usage; 30 const struct xdr_netobj *plaintext; 31 const struct xdr_netobj *confounder; 32 const struct xdr_netobj *expected_result; 33 const struct xdr_netobj *next_iv; 34 }; 35 36 static inline void gss_krb5_get_desc(const struct gss_krb5_test_param *param, 37 char *desc) 38 { 39 strscpy(desc, param->desc, KUNIT_PARAM_DESC_SIZE); 40 } 41 42 static void kdf_case(struct kunit *test) 43 { 44 const struct gss_krb5_test_param *param = test->param_value; 45 const struct gss_krb5_enctype *gk5e; 46 struct xdr_netobj derivedkey; 47 int err; 48 49 /* Arrange */ 50 gk5e = gss_krb5_lookup_enctype(param->enctype); 51 KUNIT_ASSERT_NOT_NULL(test, gk5e); 52 53 derivedkey.data = kunit_kzalloc(test, param->expected_result->len, 54 GFP_KERNEL); 55 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, derivedkey.data); 56 derivedkey.len = param->expected_result->len; 57 58 /* Act */ 59 err = gk5e->derive_key(gk5e, param->base_key, &derivedkey, 60 param->usage, GFP_KERNEL); 61 KUNIT_ASSERT_EQ(test, err, 0); 62 63 /* Assert */ 64 KUNIT_EXPECT_EQ_MSG(test, 65 memcmp(param->expected_result->data, 66 derivedkey.data, derivedkey.len), 0, 67 "key mismatch"); 68 } 69 70 static void checksum_case(struct kunit *test) 71 { 72 const struct gss_krb5_test_param *param = test->param_value; 73 struct xdr_buf buf = { 74 .head[0].iov_base = param->plaintext->data, 75 .head[0].iov_len = param->plaintext->len, 76 .len = param->plaintext->len, 77 }; 78 const struct gss_krb5_enctype *gk5e; 79 struct xdr_netobj Kc, checksum; 80 struct crypto_ahash *tfm; 81 int err; 82 83 /* Arrange */ 84 gk5e = gss_krb5_lookup_enctype(param->enctype); 85 KUNIT_ASSERT_NOT_NULL(test, gk5e); 86 87 Kc.len = gk5e->Kc_length; 88 Kc.data = kunit_kzalloc(test, Kc.len, GFP_KERNEL); 89 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Kc.data); 90 err = gk5e->derive_key(gk5e, param->base_key, &Kc, 91 param->usage, GFP_KERNEL); 92 KUNIT_ASSERT_EQ(test, err, 0); 93 94 tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 95 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, tfm); 96 err = crypto_ahash_setkey(tfm, Kc.data, Kc.len); 97 KUNIT_ASSERT_EQ(test, err, 0); 98 99 checksum.len = gk5e->cksumlength; 100 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 101 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 102 103 /* Act */ 104 err = gss_krb5_checksum(tfm, NULL, 0, &buf, 0, &checksum); 105 KUNIT_ASSERT_EQ(test, err, 0); 106 107 /* Assert */ 108 KUNIT_EXPECT_EQ_MSG(test, 109 memcmp(param->expected_result->data, 110 checksum.data, checksum.len), 0, 111 "checksum mismatch"); 112 113 crypto_free_ahash(tfm); 114 } 115 116 #define DEFINE_HEX_XDR_NETOBJ(name, hex_array...) \ 117 static const u8 name ## _data[] = { hex_array }; \ 118 static const struct xdr_netobj name = { \ 119 .data = (u8 *)name##_data, \ 120 .len = sizeof(name##_data), \ 121 } 122 123 #define DEFINE_STR_XDR_NETOBJ(name, string) \ 124 static const u8 name ## _str[] = string; \ 125 static const struct xdr_netobj name = { \ 126 .data = (u8 *)name##_str, \ 127 .len = sizeof(name##_str) - 1, \ 128 } 129 130 /* 131 * RFC 3961 Appendix A.1. n-fold 132 * 133 * The n-fold function is defined in section 5.1 of RFC 3961. 134 * 135 * This test material is copyright (C) The Internet Society (2005). 136 */ 137 138 DEFINE_HEX_XDR_NETOBJ(nfold_test1_plaintext, 139 0x30, 0x31, 0x32, 0x33, 0x34, 0x35 140 ); 141 DEFINE_HEX_XDR_NETOBJ(nfold_test1_expected_result, 142 0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55 143 ); 144 145 DEFINE_HEX_XDR_NETOBJ(nfold_test2_plaintext, 146 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 147 ); 148 DEFINE_HEX_XDR_NETOBJ(nfold_test2_expected_result, 149 0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa 150 ); 151 152 DEFINE_HEX_XDR_NETOBJ(nfold_test3_plaintext, 153 0x52, 0x6f, 0x75, 0x67, 0x68, 0x20, 0x43, 0x6f, 154 0x6e, 0x73, 0x65, 0x6e, 0x73, 0x75, 0x73, 0x2c, 155 0x20, 0x61, 0x6e, 0x64, 0x20, 0x52, 0x75, 0x6e, 156 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x43, 0x6f, 0x64, 157 0x65 158 ); 159 DEFINE_HEX_XDR_NETOBJ(nfold_test3_expected_result, 160 0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0 161 ); 162 163 DEFINE_HEX_XDR_NETOBJ(nfold_test4_plaintext, 164 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 165 ); 166 DEFINE_HEX_XDR_NETOBJ(nfold_test4_expected_result, 167 0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3, 168 0xc3, 0x7b, 0x3f, 0x6d, 0x20, 0x00, 0x24, 0x7c, 169 0xb6, 0xe6, 0xbd, 0x5b, 0x3e 170 ); 171 172 DEFINE_HEX_XDR_NETOBJ(nfold_test5_plaintext, 173 0x4d, 0x41, 0x53, 0x53, 0x41, 0x43, 0x48, 0x56, 174 0x53, 0x45, 0x54, 0x54, 0x53, 0x20, 0x49, 0x4e, 175 0x53, 0x54, 0x49, 0x54, 0x56, 0x54, 0x45, 0x20, 176 0x4f, 0x46, 0x20, 0x54, 0x45, 0x43, 0x48, 0x4e, 177 0x4f, 0x4c, 0x4f, 0x47, 0x59 178 ); 179 DEFINE_HEX_XDR_NETOBJ(nfold_test5_expected_result, 180 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 181 0x32, 0x82, 0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22, 182 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b 183 ); 184 185 DEFINE_HEX_XDR_NETOBJ(nfold_test6_plaintext, 186 0x51 187 ); 188 DEFINE_HEX_XDR_NETOBJ(nfold_test6_expected_result, 189 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a, 190 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a, 191 0x51, 0x8a, 0x54, 0xa2, 0x15 192 ); 193 194 DEFINE_HEX_XDR_NETOBJ(nfold_test7_plaintext, 195 0x62, 0x61 196 ); 197 DEFINE_HEX_XDR_NETOBJ(nfold_test7_expected_result, 198 0xfb, 0x25, 0xd5, 0x31, 0xae, 0x89, 0x74, 0x49, 199 0x9f, 0x52, 0xfd, 0x92, 0xea, 0x98, 0x57, 0xc4, 200 0xba, 0x24, 0xcf, 0x29, 0x7e 201 ); 202 203 DEFINE_HEX_XDR_NETOBJ(nfold_test_kerberos, 204 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 205 ); 206 DEFINE_HEX_XDR_NETOBJ(nfold_test8_expected_result, 207 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 208 ); 209 DEFINE_HEX_XDR_NETOBJ(nfold_test9_expected_result, 210 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 211 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93 212 ); 213 DEFINE_HEX_XDR_NETOBJ(nfold_test10_expected_result, 214 0x83, 0x72, 0xc2, 0x36, 0x34, 0x4e, 0x5f, 0x15, 215 0x50, 0xcd, 0x07, 0x47, 0xe1, 0x5d, 0x62, 0xca, 216 0x7a, 0x5a, 0x3b, 0xce, 0xa4 217 ); 218 DEFINE_HEX_XDR_NETOBJ(nfold_test11_expected_result, 219 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 220 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93, 221 0x5c, 0x9b, 0xdc, 0xda, 0xd9, 0x5c, 0x98, 0x99, 222 0xc4, 0xca, 0xe4, 0xde, 0xe6, 0xd6, 0xca, 0xe4 223 ); 224 225 static const struct gss_krb5_test_param rfc3961_nfold_test_params[] = { 226 { 227 .desc = "64-fold(\"012345\")", 228 .nfold = 64, 229 .plaintext = &nfold_test1_plaintext, 230 .expected_result = &nfold_test1_expected_result, 231 }, 232 { 233 .desc = "56-fold(\"password\")", 234 .nfold = 56, 235 .plaintext = &nfold_test2_plaintext, 236 .expected_result = &nfold_test2_expected_result, 237 }, 238 { 239 .desc = "64-fold(\"Rough Consensus, and Running Code\")", 240 .nfold = 64, 241 .plaintext = &nfold_test3_plaintext, 242 .expected_result = &nfold_test3_expected_result, 243 }, 244 { 245 .desc = "168-fold(\"password\")", 246 .nfold = 168, 247 .plaintext = &nfold_test4_plaintext, 248 .expected_result = &nfold_test4_expected_result, 249 }, 250 { 251 .desc = "192-fold(\"MASSACHVSETTS INSTITVTE OF TECHNOLOGY\")", 252 .nfold = 192, 253 .plaintext = &nfold_test5_plaintext, 254 .expected_result = &nfold_test5_expected_result, 255 }, 256 { 257 .desc = "168-fold(\"Q\")", 258 .nfold = 168, 259 .plaintext = &nfold_test6_plaintext, 260 .expected_result = &nfold_test6_expected_result, 261 }, 262 { 263 .desc = "168-fold(\"ba\")", 264 .nfold = 168, 265 .plaintext = &nfold_test7_plaintext, 266 .expected_result = &nfold_test7_expected_result, 267 }, 268 { 269 .desc = "64-fold(\"kerberos\")", 270 .nfold = 64, 271 .plaintext = &nfold_test_kerberos, 272 .expected_result = &nfold_test8_expected_result, 273 }, 274 { 275 .desc = "128-fold(\"kerberos\")", 276 .nfold = 128, 277 .plaintext = &nfold_test_kerberos, 278 .expected_result = &nfold_test9_expected_result, 279 }, 280 { 281 .desc = "168-fold(\"kerberos\")", 282 .nfold = 168, 283 .plaintext = &nfold_test_kerberos, 284 .expected_result = &nfold_test10_expected_result, 285 }, 286 { 287 .desc = "256-fold(\"kerberos\")", 288 .nfold = 256, 289 .plaintext = &nfold_test_kerberos, 290 .expected_result = &nfold_test11_expected_result, 291 }, 292 }; 293 294 /* Creates the function rfc3961_nfold_gen_params */ 295 KUNIT_ARRAY_PARAM(rfc3961_nfold, rfc3961_nfold_test_params, gss_krb5_get_desc); 296 297 static void rfc3961_nfold_case(struct kunit *test) 298 { 299 const struct gss_krb5_test_param *param = test->param_value; 300 u8 *result; 301 302 /* Arrange */ 303 result = kunit_kzalloc(test, 4096, GFP_KERNEL); 304 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, result); 305 306 /* Act */ 307 krb5_nfold(param->plaintext->len * 8, param->plaintext->data, 308 param->expected_result->len * 8, result); 309 310 /* Assert */ 311 KUNIT_EXPECT_EQ_MSG(test, 312 memcmp(param->expected_result->data, 313 result, param->expected_result->len), 0, 314 "result mismatch"); 315 } 316 317 /* 318 * RFC 3961 Appendix A.3. DES3 DR and DK 319 * 320 * These tests show the derived-random and derived-key values for the 321 * des3-hmac-sha1-kd encryption scheme, using the DR and DK functions 322 * defined in section 6.3.1. The input keys were randomly generated; 323 * the usage values are from this specification. 324 * 325 * This test material is copyright (C) The Internet Society (2005). 326 */ 327 328 DEFINE_HEX_XDR_NETOBJ(des3_dk_usage_155, 329 0x00, 0x00, 0x00, 0x01, 0x55 330 ); 331 332 DEFINE_HEX_XDR_NETOBJ(des3_dk_usage_1aa, 333 0x00, 0x00, 0x00, 0x01, 0xaa 334 ); 335 336 DEFINE_HEX_XDR_NETOBJ(des3_dk_usage_kerberos, 337 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 338 ); 339 340 DEFINE_HEX_XDR_NETOBJ(des3_dk_test1_base_key, 341 0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, 342 0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c, 343 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92 344 ); 345 DEFINE_HEX_XDR_NETOBJ(des3_dk_test1_derived_key, 346 0x92, 0x51, 0x79, 0xd0, 0x45, 0x91, 0xa7, 0x9b, 347 0x5d, 0x31, 0x92, 0xc4, 0xa7, 0xe9, 0xc2, 0x89, 348 0xb0, 0x49, 0xc7, 0x1f, 0x6e, 0xe6, 0x04, 0xcd 349 ); 350 351 DEFINE_HEX_XDR_NETOBJ(des3_dk_test2_base_key, 352 0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, 353 0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b, 354 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2 355 ); 356 DEFINE_HEX_XDR_NETOBJ(des3_dk_test2_derived_key, 357 0x9e, 0x58, 0xe5, 0xa1, 0x46, 0xd9, 0x94, 0x2a, 358 0x10, 0x1c, 0x46, 0x98, 0x45, 0xd6, 0x7a, 0x20, 359 0xe3, 0xc4, 0x25, 0x9e, 0xd9, 0x13, 0xf2, 0x07 360 ); 361 362 DEFINE_HEX_XDR_NETOBJ(des3_dk_test3_base_key, 363 0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85, 364 0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52, 365 0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc 366 ); 367 DEFINE_HEX_XDR_NETOBJ(des3_dk_test3_derived_key, 368 0x13, 0xfe, 0xf8, 0x0d, 0x76, 0x3e, 0x94, 0xec, 369 0x6d, 0x13, 0xfd, 0x2c, 0xa1, 0xd0, 0x85, 0x07, 370 0x02, 0x49, 0xda, 0xd3, 0x98, 0x08, 0xea, 0xbf 371 ); 372 373 DEFINE_HEX_XDR_NETOBJ(des3_dk_test4_base_key, 374 0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad, 375 0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02, 376 0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5 377 ); 378 DEFINE_HEX_XDR_NETOBJ(des3_dk_test4_derived_key, 379 0xf8, 0xdf, 0xbf, 0x04, 0xb0, 0x97, 0xe6, 0xd9, 380 0xdc, 0x07, 0x02, 0x68, 0x6b, 0xcb, 0x34, 0x89, 381 0xd9, 0x1f, 0xd9, 0xa4, 0x51, 0x6b, 0x70, 0x3e 382 ); 383 384 DEFINE_HEX_XDR_NETOBJ(des3_dk_test5_base_key, 385 0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38, 386 0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92, 387 0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb 388 ); 389 DEFINE_HEX_XDR_NETOBJ(des3_dk_test5_derived_key, 390 0x23, 0x70, 0xda, 0x57, 0x5d, 0x2a, 0x3d, 0xa8, 391 0x64, 0xce, 0xbf, 0xdc, 0x52, 0x04, 0xd5, 0x6d, 392 0xf7, 0x79, 0xa7, 0xdf, 0x43, 0xd9, 0xda, 0x43 393 ); 394 395 DEFINE_HEX_XDR_NETOBJ(des3_dk_test6_base_key, 396 0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62, 397 0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d, 398 0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda 399 ); 400 DEFINE_HEX_XDR_NETOBJ(des3_dk_test6_derived_key, 401 0x34, 0x80, 0x57, 0xec, 0x98, 0xfd, 0xc4, 0x80, 402 0x16, 0x16, 0x1c, 0x2a, 0x4c, 0x7a, 0x94, 0x3e, 403 0x92, 0xae, 0x49, 0x2c, 0x98, 0x91, 0x75, 0xf7 404 ); 405 406 DEFINE_HEX_XDR_NETOBJ(des3_dk_test7_base_key, 407 0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13, 408 0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79, 409 0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c 410 ); 411 DEFINE_HEX_XDR_NETOBJ(des3_dk_test7_derived_key, 412 0xa8, 0x80, 0x8a, 0xc2, 0x67, 0xda, 0xda, 0x3d, 413 0xcb, 0xe9, 0xa7, 0xc8, 0x46, 0x26, 0xfb, 0xc7, 414 0x61, 0xc2, 0x94, 0xb0, 0x13, 0x15, 0xe5, 0xc1 415 ); 416 417 DEFINE_HEX_XDR_NETOBJ(des3_dk_test8_base_key, 418 0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57, 419 0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1, 420 0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43 421 ); 422 DEFINE_HEX_XDR_NETOBJ(des3_dk_test8_derived_key, 423 0xc8, 0x13, 0xf8, 0x8a, 0x3b, 0xe3, 0xb3, 0x34, 424 0xf7, 0x54, 0x25, 0xce, 0x91, 0x75, 0xfb, 0xe3, 425 0xc8, 0x49, 0x3b, 0x89, 0xc8, 0x70, 0x3b, 0x49 426 ); 427 428 DEFINE_HEX_XDR_NETOBJ(des3_dk_test9_base_key, 429 0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, 430 0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4, 431 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16 432 ); 433 DEFINE_HEX_XDR_NETOBJ(des3_dk_test9_derived_key, 434 0xf4, 0x8f, 0xfd, 0x6e, 0x83, 0xf8, 0x3e, 0x73, 435 0x54, 0xe6, 0x94, 0xfd, 0x25, 0x2c, 0xf8, 0x3b, 436 0xfe, 0x58, 0xf7, 0xd5, 0xba, 0x37, 0xec, 0x5d 437 ); 438 439 static const struct gss_krb5_test_param rfc3961_kdf_test_params[] = { 440 { 441 .desc = "des3-hmac-sha1 key derivation case 1", 442 .enctype = ENCTYPE_DES3_CBC_RAW, 443 .base_key = &des3_dk_test1_base_key, 444 .usage = &des3_dk_usage_155, 445 .expected_result = &des3_dk_test1_derived_key, 446 }, 447 { 448 .desc = "des3-hmac-sha1 key derivation case 2", 449 .enctype = ENCTYPE_DES3_CBC_RAW, 450 .base_key = &des3_dk_test2_base_key, 451 .usage = &des3_dk_usage_1aa, 452 .expected_result = &des3_dk_test2_derived_key, 453 }, 454 { 455 .desc = "des3-hmac-sha1 key derivation case 3", 456 .enctype = ENCTYPE_DES3_CBC_RAW, 457 .base_key = &des3_dk_test3_base_key, 458 .usage = &des3_dk_usage_155, 459 .expected_result = &des3_dk_test3_derived_key, 460 }, 461 { 462 .desc = "des3-hmac-sha1 key derivation case 4", 463 .enctype = ENCTYPE_DES3_CBC_RAW, 464 .base_key = &des3_dk_test4_base_key, 465 .usage = &des3_dk_usage_1aa, 466 .expected_result = &des3_dk_test4_derived_key, 467 }, 468 { 469 .desc = "des3-hmac-sha1 key derivation case 5", 470 .enctype = ENCTYPE_DES3_CBC_RAW, 471 .base_key = &des3_dk_test5_base_key, 472 .usage = &des3_dk_usage_kerberos, 473 .expected_result = &des3_dk_test5_derived_key, 474 }, 475 { 476 .desc = "des3-hmac-sha1 key derivation case 6", 477 .enctype = ENCTYPE_DES3_CBC_RAW, 478 .base_key = &des3_dk_test6_base_key, 479 .usage = &des3_dk_usage_155, 480 .expected_result = &des3_dk_test6_derived_key, 481 }, 482 { 483 .desc = "des3-hmac-sha1 key derivation case 7", 484 .enctype = ENCTYPE_DES3_CBC_RAW, 485 .base_key = &des3_dk_test7_base_key, 486 .usage = &des3_dk_usage_1aa, 487 .expected_result = &des3_dk_test7_derived_key, 488 }, 489 { 490 .desc = "des3-hmac-sha1 key derivation case 8", 491 .enctype = ENCTYPE_DES3_CBC_RAW, 492 .base_key = &des3_dk_test8_base_key, 493 .usage = &des3_dk_usage_155, 494 .expected_result = &des3_dk_test8_derived_key, 495 }, 496 { 497 .desc = "des3-hmac-sha1 key derivation case 9", 498 .enctype = ENCTYPE_DES3_CBC_RAW, 499 .base_key = &des3_dk_test9_base_key, 500 .usage = &des3_dk_usage_1aa, 501 .expected_result = &des3_dk_test9_derived_key, 502 }, 503 }; 504 505 /* Creates the function rfc3961_kdf_gen_params */ 506 KUNIT_ARRAY_PARAM(rfc3961_kdf, rfc3961_kdf_test_params, gss_krb5_get_desc); 507 508 static struct kunit_case rfc3961_test_cases[] = { 509 { 510 .name = "RFC 3961 n-fold", 511 .run_case = rfc3961_nfold_case, 512 .generate_params = rfc3961_nfold_gen_params, 513 }, 514 { 515 .name = "RFC 3961 key derivation", 516 .run_case = kdf_case, 517 .generate_params = rfc3961_kdf_gen_params, 518 }, 519 }; 520 521 static struct kunit_suite rfc3961_suite = { 522 .name = "RFC 3961 tests", 523 .test_cases = rfc3961_test_cases, 524 }; 525 526 /* 527 * From RFC 3962 Appendix B: Sample Test Vectors 528 * 529 * Some test vectors for CBC with ciphertext stealing, using an 530 * initial vector of all-zero. 531 * 532 * This test material is copyright (C) The Internet Society (2005). 533 */ 534 535 DEFINE_HEX_XDR_NETOBJ(rfc3962_encryption_key, 536 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20, 537 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 538 ); 539 540 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_plaintext, 541 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 542 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 543 0x20 544 ); 545 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_expected_result, 546 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, 547 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, 548 0x97 549 ); 550 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_next_iv, 551 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, 552 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f 553 ); 554 555 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_plaintext, 556 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 557 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 558 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 559 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20 560 ); 561 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_expected_result, 562 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, 563 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22, 564 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 565 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 566 ); 567 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_next_iv, 568 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, 569 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22 570 ); 571 572 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_plaintext, 573 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 574 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 575 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 576 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43 577 ); 578 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_expected_result, 579 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 580 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 581 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 582 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 583 ); 584 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_next_iv, 585 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 586 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 587 ); 588 589 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_plaintext, 590 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 591 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 592 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 593 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 594 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 595 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c 596 ); 597 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_expected_result, 598 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 599 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 600 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, 601 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e, 602 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 603 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 604 ); 605 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_next_iv, 606 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, 607 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e 608 ); 609 610 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_plaintext, 611 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 612 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 613 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 614 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 615 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 616 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20 617 ); 618 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_expected_result, 619 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 620 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 621 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 622 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8, 623 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 624 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 625 ); 626 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_next_iv, 627 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 628 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 629 ); 630 631 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_plaintext, 632 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 633 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 634 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 635 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 636 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 637 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20, 638 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74, 639 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e 640 ); 641 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_expected_result, 642 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 643 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 644 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 645 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 646 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, 647 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40, 648 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 649 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 650 ); 651 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_next_iv, 652 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, 653 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40 654 ); 655 656 static const struct gss_krb5_test_param rfc3962_encrypt_test_params[] = { 657 { 658 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 1", 659 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 660 .Ke = &rfc3962_encryption_key, 661 .plaintext = &rfc3962_enc_test1_plaintext, 662 .expected_result = &rfc3962_enc_test1_expected_result, 663 .next_iv = &rfc3962_enc_test1_next_iv, 664 }, 665 { 666 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 2", 667 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 668 .Ke = &rfc3962_encryption_key, 669 .plaintext = &rfc3962_enc_test2_plaintext, 670 .expected_result = &rfc3962_enc_test2_expected_result, 671 .next_iv = &rfc3962_enc_test2_next_iv, 672 }, 673 { 674 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 3", 675 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 676 .Ke = &rfc3962_encryption_key, 677 .plaintext = &rfc3962_enc_test3_plaintext, 678 .expected_result = &rfc3962_enc_test3_expected_result, 679 .next_iv = &rfc3962_enc_test3_next_iv, 680 }, 681 { 682 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 4", 683 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 684 .Ke = &rfc3962_encryption_key, 685 .plaintext = &rfc3962_enc_test4_plaintext, 686 .expected_result = &rfc3962_enc_test4_expected_result, 687 .next_iv = &rfc3962_enc_test4_next_iv, 688 }, 689 { 690 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 5", 691 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 692 .Ke = &rfc3962_encryption_key, 693 .plaintext = &rfc3962_enc_test5_plaintext, 694 .expected_result = &rfc3962_enc_test5_expected_result, 695 .next_iv = &rfc3962_enc_test5_next_iv, 696 }, 697 { 698 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 6", 699 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 700 .Ke = &rfc3962_encryption_key, 701 .plaintext = &rfc3962_enc_test6_plaintext, 702 .expected_result = &rfc3962_enc_test6_expected_result, 703 .next_iv = &rfc3962_enc_test6_next_iv, 704 }, 705 }; 706 707 /* Creates the function rfc3962_encrypt_gen_params */ 708 KUNIT_ARRAY_PARAM(rfc3962_encrypt, rfc3962_encrypt_test_params, 709 gss_krb5_get_desc); 710 711 /* 712 * This tests the implementation of the encryption part of the mechanism. 713 * It does not apply a confounder or test the result of HMAC over the 714 * plaintext. 715 */ 716 static void rfc3962_encrypt_case(struct kunit *test) 717 { 718 const struct gss_krb5_test_param *param = test->param_value; 719 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 720 const struct gss_krb5_enctype *gk5e; 721 struct xdr_buf buf; 722 void *iv, *text; 723 u32 err; 724 725 /* Arrange */ 726 gk5e = gss_krb5_lookup_enctype(param->enctype); 727 KUNIT_ASSERT_NOT_NULL(test, gk5e); 728 729 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 730 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 731 err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len); 732 KUNIT_ASSERT_EQ(test, err, 0); 733 734 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 735 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 736 err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len); 737 KUNIT_ASSERT_EQ(test, err, 0); 738 739 iv = kunit_kzalloc(test, crypto_sync_skcipher_ivsize(cts_tfm), GFP_KERNEL); 740 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, iv); 741 742 text = kunit_kzalloc(test, param->plaintext->len, GFP_KERNEL); 743 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 744 745 memcpy(text, param->plaintext->data, param->plaintext->len); 746 memset(&buf, 0, sizeof(buf)); 747 buf.head[0].iov_base = text; 748 buf.head[0].iov_len = param->plaintext->len; 749 buf.len = buf.head[0].iov_len; 750 751 /* Act */ 752 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, 753 iv, crypto_sync_skcipher_ivsize(cts_tfm)); 754 KUNIT_ASSERT_EQ(test, err, 0); 755 756 /* Assert */ 757 KUNIT_EXPECT_EQ_MSG(test, 758 param->expected_result->len, buf.len, 759 "ciphertext length mismatch"); 760 KUNIT_EXPECT_EQ_MSG(test, 761 memcmp(param->expected_result->data, 762 text, param->expected_result->len), 0, 763 "ciphertext mismatch"); 764 KUNIT_EXPECT_EQ_MSG(test, 765 memcmp(param->next_iv->data, iv, 766 param->next_iv->len), 0, 767 "IV mismatch"); 768 769 crypto_free_sync_skcipher(cts_tfm); 770 crypto_free_sync_skcipher(cbc_tfm); 771 } 772 773 static struct kunit_case rfc3962_test_cases[] = { 774 { 775 .name = "RFC 3962 encryption", 776 .run_case = rfc3962_encrypt_case, 777 .generate_params = rfc3962_encrypt_gen_params, 778 }, 779 }; 780 781 static struct kunit_suite rfc3962_suite = { 782 .name = "RFC 3962 suite", 783 .test_cases = rfc3962_test_cases, 784 }; 785 786 /* 787 * From RFC 6803 Section 10. Test vectors 788 * 789 * Sample results for key derivation 790 * 791 * Copyright (c) 2012 IETF Trust and the persons identified as the 792 * document authors. All rights reserved. 793 */ 794 795 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_basekey, 796 0x57, 0xd0, 0x29, 0x72, 0x98, 0xff, 0xd9, 0xd3, 797 0x5d, 0xe5, 0xa4, 0x7f, 0xb4, 0xbd, 0xe2, 0x4b 798 ); 799 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Kc, 800 0xd1, 0x55, 0x77, 0x5a, 0x20, 0x9d, 0x05, 0xf0, 801 0x2b, 0x38, 0xd4, 0x2a, 0x38, 0x9e, 0x5a, 0x56 802 ); 803 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ke, 804 0x64, 0xdf, 0x83, 0xf8, 0x5a, 0x53, 0x2f, 0x17, 805 0x57, 0x7d, 0x8c, 0x37, 0x03, 0x57, 0x96, 0xab 806 ); 807 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ki, 808 0x3e, 0x4f, 0xbd, 0xf3, 0x0f, 0xb8, 0x25, 0x9c, 809 0x42, 0x5c, 0xb6, 0xc9, 0x6f, 0x1f, 0x46, 0x35 810 ); 811 812 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_basekey, 813 0xb9, 0xd6, 0x82, 0x8b, 0x20, 0x56, 0xb7, 0xbe, 814 0x65, 0x6d, 0x88, 0xa1, 0x23, 0xb1, 0xfa, 0xc6, 815 0x82, 0x14, 0xac, 0x2b, 0x72, 0x7e, 0xcf, 0x5f, 816 0x69, 0xaf, 0xe0, 0xc4, 0xdf, 0x2a, 0x6d, 0x2c 817 ); 818 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Kc, 819 0xe4, 0x67, 0xf9, 0xa9, 0x55, 0x2b, 0xc7, 0xd3, 820 0x15, 0x5a, 0x62, 0x20, 0xaf, 0x9c, 0x19, 0x22, 821 0x0e, 0xee, 0xd4, 0xff, 0x78, 0xb0, 0xd1, 0xe6, 822 0xa1, 0x54, 0x49, 0x91, 0x46, 0x1a, 0x9e, 0x50 823 ); 824 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ke, 825 0x41, 0x2a, 0xef, 0xc3, 0x62, 0xa7, 0x28, 0x5f, 826 0xc3, 0x96, 0x6c, 0x6a, 0x51, 0x81, 0xe7, 0x60, 827 0x5a, 0xe6, 0x75, 0x23, 0x5b, 0x6d, 0x54, 0x9f, 828 0xbf, 0xc9, 0xab, 0x66, 0x30, 0xa4, 0xc6, 0x04 829 ); 830 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ki, 831 0xfa, 0x62, 0x4f, 0xa0, 0xe5, 0x23, 0x99, 0x3f, 832 0xa3, 0x88, 0xae, 0xfd, 0xc6, 0x7e, 0x67, 0xeb, 833 0xcd, 0x8c, 0x08, 0xe8, 0xa0, 0x24, 0x6b, 0x1d, 834 0x73, 0xb0, 0xd1, 0xdd, 0x9f, 0xc5, 0x82, 0xb0 835 ); 836 837 DEFINE_HEX_XDR_NETOBJ(usage_checksum, 838 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_CHECKSUM 839 ); 840 DEFINE_HEX_XDR_NETOBJ(usage_encryption, 841 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_ENCRYPTION 842 ); 843 DEFINE_HEX_XDR_NETOBJ(usage_integrity, 844 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_INTEGRITY 845 ); 846 847 static const struct gss_krb5_test_param rfc6803_kdf_test_params[] = { 848 { 849 .desc = "Derive Kc subkey for camellia128-cts-cmac", 850 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 851 .base_key = &camellia128_cts_cmac_basekey, 852 .usage = &usage_checksum, 853 .expected_result = &camellia128_cts_cmac_Kc, 854 }, 855 { 856 .desc = "Derive Ke subkey for camellia128-cts-cmac", 857 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 858 .base_key = &camellia128_cts_cmac_basekey, 859 .usage = &usage_encryption, 860 .expected_result = &camellia128_cts_cmac_Ke, 861 }, 862 { 863 .desc = "Derive Ki subkey for camellia128-cts-cmac", 864 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 865 .base_key = &camellia128_cts_cmac_basekey, 866 .usage = &usage_integrity, 867 .expected_result = &camellia128_cts_cmac_Ki, 868 }, 869 { 870 .desc = "Derive Kc subkey for camellia256-cts-cmac", 871 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 872 .base_key = &camellia256_cts_cmac_basekey, 873 .usage = &usage_checksum, 874 .expected_result = &camellia256_cts_cmac_Kc, 875 }, 876 { 877 .desc = "Derive Ke subkey for camellia256-cts-cmac", 878 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 879 .base_key = &camellia256_cts_cmac_basekey, 880 .usage = &usage_encryption, 881 .expected_result = &camellia256_cts_cmac_Ke, 882 }, 883 { 884 .desc = "Derive Ki subkey for camellia256-cts-cmac", 885 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 886 .base_key = &camellia256_cts_cmac_basekey, 887 .usage = &usage_integrity, 888 .expected_result = &camellia256_cts_cmac_Ki, 889 }, 890 }; 891 892 /* Creates the function rfc6803_kdf_gen_params */ 893 KUNIT_ARRAY_PARAM(rfc6803_kdf, rfc6803_kdf_test_params, gss_krb5_get_desc); 894 895 /* 896 * From RFC 6803 Section 10. Test vectors 897 * 898 * Sample checksums. 899 * 900 * Copyright (c) 2012 IETF Trust and the persons identified as the 901 * document authors. All rights reserved. 902 * 903 * XXX: These tests are likely to fail on EBCDIC or Unicode platforms. 904 */ 905 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test1_plaintext, 906 "abcdefghijk"); 907 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_basekey, 908 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93, 909 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3 910 ); 911 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_usage, 912 0x00, 0x00, 0x00, 0x07, KEY_USAGE_SEED_CHECKSUM 913 ); 914 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_expected_result, 915 0x11, 0x78, 0xe6, 0xc5, 0xc4, 0x7a, 0x8c, 0x1a, 916 0xe0, 0xc4, 0xb9, 0xc7, 0xd4, 0xeb, 0x7b, 0x6b 917 ); 918 919 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test2_plaintext, 920 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"); 921 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_basekey, 922 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d, 923 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c 924 ); 925 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_usage, 926 0x00, 0x00, 0x00, 0x08, KEY_USAGE_SEED_CHECKSUM 927 ); 928 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_expected_result, 929 0xd1, 0xb3, 0x4f, 0x70, 0x04, 0xa7, 0x31, 0xf2, 930 0x3a, 0x0c, 0x00, 0xbf, 0x6c, 0x3f, 0x75, 0x3a 931 ); 932 933 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test3_plaintext, 934 "123456789"); 935 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_basekey, 936 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57, 937 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03, 938 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd, 939 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b 940 ); 941 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_usage, 942 0x00, 0x00, 0x00, 0x09, KEY_USAGE_SEED_CHECKSUM 943 ); 944 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_expected_result, 945 0x87, 0xa1, 0x2c, 0xfd, 0x2b, 0x96, 0x21, 0x48, 946 0x10, 0xf0, 0x1c, 0x82, 0x6e, 0x77, 0x44, 0xb1 947 ); 948 949 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test4_plaintext, 950 "!@#$%^&*()!@#$%^&*()!@#$%^&*()"); 951 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_basekey, 952 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15, 953 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe, 954 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33, 955 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05 956 ); 957 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_usage, 958 0x00, 0x00, 0x00, 0x0a, KEY_USAGE_SEED_CHECKSUM 959 ); 960 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_expected_result, 961 0x3f, 0xa0, 0xb4, 0x23, 0x55, 0xe5, 0x2b, 0x18, 962 0x91, 0x87, 0x29, 0x4a, 0xa2, 0x52, 0xab, 0x64 963 ); 964 965 static const struct gss_krb5_test_param rfc6803_checksum_test_params[] = { 966 { 967 .desc = "camellia128-cts-cmac checksum test 1", 968 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 969 .base_key = &rfc6803_checksum_test1_basekey, 970 .usage = &rfc6803_checksum_test1_usage, 971 .plaintext = &rfc6803_checksum_test1_plaintext, 972 .expected_result = &rfc6803_checksum_test1_expected_result, 973 }, 974 { 975 .desc = "camellia128-cts-cmac checksum test 2", 976 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 977 .base_key = &rfc6803_checksum_test2_basekey, 978 .usage = &rfc6803_checksum_test2_usage, 979 .plaintext = &rfc6803_checksum_test2_plaintext, 980 .expected_result = &rfc6803_checksum_test2_expected_result, 981 }, 982 { 983 .desc = "camellia256-cts-cmac checksum test 3", 984 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 985 .base_key = &rfc6803_checksum_test3_basekey, 986 .usage = &rfc6803_checksum_test3_usage, 987 .plaintext = &rfc6803_checksum_test3_plaintext, 988 .expected_result = &rfc6803_checksum_test3_expected_result, 989 }, 990 { 991 .desc = "camellia256-cts-cmac checksum test 4", 992 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 993 .base_key = &rfc6803_checksum_test4_basekey, 994 .usage = &rfc6803_checksum_test4_usage, 995 .plaintext = &rfc6803_checksum_test4_plaintext, 996 .expected_result = &rfc6803_checksum_test4_expected_result, 997 }, 998 }; 999 1000 /* Creates the function rfc6803_checksum_gen_params */ 1001 KUNIT_ARRAY_PARAM(rfc6803_checksum, rfc6803_checksum_test_params, 1002 gss_krb5_get_desc); 1003 1004 /* 1005 * From RFC 6803 Section 10. Test vectors 1006 * 1007 * Sample encryptions (all using the default cipher state) 1008 * 1009 * Copyright (c) 2012 IETF Trust and the persons identified as the 1010 * document authors. All rights reserved. 1011 * 1012 * Key usage values are from errata 4326 against RFC 6803. 1013 */ 1014 1015 static const struct xdr_netobj rfc6803_enc_empty_plaintext = { 1016 .len = 0, 1017 }; 1018 1019 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_1byte_plaintext, "1"); 1020 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_9byte_plaintext, "9 bytesss"); 1021 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_13byte_plaintext, "13 bytes byte"); 1022 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_30byte_plaintext, 1023 "30 bytes bytes bytes bytes byt" 1024 ); 1025 1026 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_confounder, 1027 0xb6, 0x98, 0x22, 0xa1, 0x9a, 0x6b, 0x09, 0xc0, 1028 0xeb, 0xc8, 0x55, 0x7d, 0x1f, 0x1b, 0x6c, 0x0a 1029 ); 1030 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_basekey, 1031 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93, 1032 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3 1033 ); 1034 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_expected_result, 1035 0xc4, 0x66, 0xf1, 0x87, 0x10, 0x69, 0x92, 0x1e, 1036 0xdb, 0x7c, 0x6f, 0xde, 0x24, 0x4a, 0x52, 0xdb, 1037 0x0b, 0xa1, 0x0e, 0xdc, 0x19, 0x7b, 0xdb, 0x80, 1038 0x06, 0x65, 0x8c, 0xa3, 0xcc, 0xce, 0x6e, 0xb8 1039 ); 1040 1041 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_confounder, 1042 0x6f, 0x2f, 0xc3, 0xc2, 0xa1, 0x66, 0xfd, 0x88, 1043 0x98, 0x96, 0x7a, 0x83, 0xde, 0x95, 0x96, 0xd9 1044 ); 1045 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_basekey, 1046 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d, 1047 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c 1048 ); 1049 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_expected_result, 1050 0x84, 0x2d, 0x21, 0xfd, 0x95, 0x03, 0x11, 0xc0, 1051 0xdd, 0x46, 0x4a, 0x3f, 0x4b, 0xe8, 0xd6, 0xda, 1052 0x88, 0xa5, 0x6d, 0x55, 0x9c, 0x9b, 0x47, 0xd3, 1053 0xf9, 0xa8, 0x50, 0x67, 0xaf, 0x66, 0x15, 0x59, 1054 0xb8 1055 ); 1056 1057 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_confounder, 1058 0xa5, 0xb4, 0xa7, 0x1e, 0x07, 0x7a, 0xee, 0xf9, 1059 0x3c, 0x87, 0x63, 0xc1, 0x8f, 0xdb, 0x1f, 0x10 1060 ); 1061 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_basekey, 1062 0xa1, 0xbb, 0x61, 0xe8, 0x05, 0xf9, 0xba, 0x6d, 1063 0xde, 0x8f, 0xdb, 0xdd, 0xc0, 0x5c, 0xde, 0xa0 1064 ); 1065 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_expected_result, 1066 0x61, 0x9f, 0xf0, 0x72, 0xe3, 0x62, 0x86, 0xff, 1067 0x0a, 0x28, 0xde, 0xb3, 0xa3, 0x52, 0xec, 0x0d, 1068 0x0e, 0xdf, 0x5c, 0x51, 0x60, 0xd6, 0x63, 0xc9, 1069 0x01, 0x75, 0x8c, 0xcf, 0x9d, 0x1e, 0xd3, 0x3d, 1070 0x71, 0xdb, 0x8f, 0x23, 0xaa, 0xbf, 0x83, 0x48, 1071 0xa0 1072 ); 1073 1074 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_confounder, 1075 0x19, 0xfe, 0xe4, 0x0d, 0x81, 0x0c, 0x52, 0x4b, 1076 0x5b, 0x22, 0xf0, 0x18, 0x74, 0xc6, 0x93, 0xda 1077 ); 1078 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_basekey, 1079 0x2c, 0xa2, 0x7a, 0x5f, 0xaf, 0x55, 0x32, 0x24, 1080 0x45, 0x06, 0x43, 0x4e, 0x1c, 0xef, 0x66, 0x76 1081 ); 1082 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_expected_result, 1083 0xb8, 0xec, 0xa3, 0x16, 0x7a, 0xe6, 0x31, 0x55, 1084 0x12, 0xe5, 0x9f, 0x98, 0xa7, 0xc5, 0x00, 0x20, 1085 0x5e, 0x5f, 0x63, 0xff, 0x3b, 0xb3, 0x89, 0xaf, 1086 0x1c, 0x41, 0xa2, 0x1d, 0x64, 0x0d, 0x86, 0x15, 1087 0xc9, 0xed, 0x3f, 0xbe, 0xb0, 0x5a, 0xb6, 0xac, 1088 0xb6, 0x76, 0x89, 0xb5, 0xea 1089 ); 1090 1091 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_confounder, 1092 0xca, 0x7a, 0x7a, 0xb4, 0xbe, 0x19, 0x2d, 0xab, 1093 0xd6, 0x03, 0x50, 0x6d, 0xb1, 0x9c, 0x39, 0xe2 1094 ); 1095 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_basekey, 1096 0x78, 0x24, 0xf8, 0xc1, 0x6f, 0x83, 0xff, 0x35, 1097 0x4c, 0x6b, 0xf7, 0x51, 0x5b, 0x97, 0x3f, 0x43 1098 ); 1099 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_expected_result, 1100 0xa2, 0x6a, 0x39, 0x05, 0xa4, 0xff, 0xd5, 0x81, 1101 0x6b, 0x7b, 0x1e, 0x27, 0x38, 0x0d, 0x08, 0x09, 1102 0x0c, 0x8e, 0xc1, 0xf3, 0x04, 0x49, 0x6e, 0x1a, 1103 0xbd, 0xcd, 0x2b, 0xdc, 0xd1, 0xdf, 0xfc, 0x66, 1104 0x09, 0x89, 0xe1, 0x17, 0xa7, 0x13, 0xdd, 0xbb, 1105 0x57, 0xa4, 0x14, 0x6c, 0x15, 0x87, 0xcb, 0xa4, 1106 0x35, 0x66, 0x65, 0x59, 0x1d, 0x22, 0x40, 0x28, 1107 0x2f, 0x58, 0x42, 0xb1, 0x05, 0xa5 1108 ); 1109 1110 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_confounder, 1111 0x3c, 0xbb, 0xd2, 0xb4, 0x59, 0x17, 0x94, 0x10, 1112 0x67, 0xf9, 0x65, 0x99, 0xbb, 0x98, 0x92, 0x6c 1113 ); 1114 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_basekey, 1115 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57, 1116 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03, 1117 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd, 1118 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b 1119 ); 1120 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_expected_result, 1121 0x03, 0x88, 0x6d, 0x03, 0x31, 0x0b, 0x47, 0xa6, 1122 0xd8, 0xf0, 0x6d, 0x7b, 0x94, 0xd1, 0xdd, 0x83, 1123 0x7e, 0xcc, 0xe3, 0x15, 0xef, 0x65, 0x2a, 0xff, 1124 0x62, 0x08, 0x59, 0xd9, 0x4a, 0x25, 0x92, 0x66 1125 ); 1126 1127 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_confounder, 1128 0xde, 0xf4, 0x87, 0xfc, 0xeb, 0xe6, 0xde, 0x63, 1129 0x46, 0xd4, 0xda, 0x45, 0x21, 0xbb, 0xa2, 0xd2 1130 ); 1131 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_basekey, 1132 0x1b, 0x97, 0xfe, 0x0a, 0x19, 0x0e, 0x20, 0x21, 1133 0xeb, 0x30, 0x75, 0x3e, 0x1b, 0x6e, 0x1e, 0x77, 1134 0xb0, 0x75, 0x4b, 0x1d, 0x68, 0x46, 0x10, 0x35, 1135 0x58, 0x64, 0x10, 0x49, 0x63, 0x46, 0x38, 0x33 1136 ); 1137 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_expected_result, 1138 0x2c, 0x9c, 0x15, 0x70, 0x13, 0x3c, 0x99, 0xbf, 1139 0x6a, 0x34, 0xbc, 0x1b, 0x02, 0x12, 0x00, 0x2f, 1140 0xd1, 0x94, 0x33, 0x87, 0x49, 0xdb, 0x41, 0x35, 1141 0x49, 0x7a, 0x34, 0x7c, 0xfc, 0xd9, 0xd1, 0x8a, 1142 0x12 1143 ); 1144 1145 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_confounder, 1146 0xad, 0x4f, 0xf9, 0x04, 0xd3, 0x4e, 0x55, 0x53, 1147 0x84, 0xb1, 0x41, 0x00, 0xfc, 0x46, 0x5f, 0x88 1148 ); 1149 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_basekey, 1150 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15, 1151 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe, 1152 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33, 1153 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05 1154 ); 1155 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_expected_result, 1156 0x9c, 0x6d, 0xe7, 0x5f, 0x81, 0x2d, 0xe7, 0xed, 1157 0x0d, 0x28, 0xb2, 0x96, 0x35, 0x57, 0xa1, 0x15, 1158 0x64, 0x09, 0x98, 0x27, 0x5b, 0x0a, 0xf5, 0x15, 1159 0x27, 0x09, 0x91, 0x3f, 0xf5, 0x2a, 0x2a, 0x9c, 1160 0x8e, 0x63, 0xb8, 0x72, 0xf9, 0x2e, 0x64, 0xc8, 1161 0x39 1162 ); 1163 1164 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_confounder, 1165 0xcf, 0x9b, 0xca, 0x6d, 0xf1, 0x14, 0x4e, 0x0c, 1166 0x0a, 0xf9, 0xb8, 0xf3, 0x4c, 0x90, 0xd5, 0x14 1167 ); 1168 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_basekey, 1169 0xb0, 0x38, 0xb1, 0x32, 0xcd, 0x8e, 0x06, 0x61, 1170 0x22, 0x67, 0xfa, 0xb7, 0x17, 0x00, 0x66, 0xd8, 1171 0x8a, 0xec, 0xcb, 0xa0, 0xb7, 0x44, 0xbf, 0xc6, 1172 0x0d, 0xc8, 0x9b, 0xca, 0x18, 0x2d, 0x07, 0x15 1173 ); 1174 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_expected_result, 1175 0xee, 0xec, 0x85, 0xa9, 0x81, 0x3c, 0xdc, 0x53, 1176 0x67, 0x72, 0xab, 0x9b, 0x42, 0xde, 0xfc, 0x57, 1177 0x06, 0xf7, 0x26, 0xe9, 0x75, 0xdd, 0xe0, 0x5a, 1178 0x87, 0xeb, 0x54, 0x06, 0xea, 0x32, 0x4c, 0xa1, 1179 0x85, 0xc9, 0x98, 0x6b, 0x42, 0xaa, 0xbe, 0x79, 1180 0x4b, 0x84, 0x82, 0x1b, 0xee 1181 ); 1182 1183 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_confounder, 1184 0x64, 0x4d, 0xef, 0x38, 0xda, 0x35, 0x00, 0x72, 1185 0x75, 0x87, 0x8d, 0x21, 0x68, 0x55, 0xe2, 0x28 1186 ); 1187 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_basekey, 1188 0xcc, 0xfc, 0xd3, 0x49, 0xbf, 0x4c, 0x66, 0x77, 1189 0xe8, 0x6e, 0x4b, 0x02, 0xb8, 0xea, 0xb9, 0x24, 1190 0xa5, 0x46, 0xac, 0x73, 0x1c, 0xf9, 0xbf, 0x69, 1191 0x89, 0xb9, 0x96, 0xe7, 0xd6, 0xbf, 0xbb, 0xa7 1192 ); 1193 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_expected_result, 1194 0x0e, 0x44, 0x68, 0x09, 0x85, 0x85, 0x5f, 0x2d, 1195 0x1f, 0x18, 0x12, 0x52, 0x9c, 0xa8, 0x3b, 0xfd, 1196 0x8e, 0x34, 0x9d, 0xe6, 0xfd, 0x9a, 0xda, 0x0b, 1197 0xaa, 0xa0, 0x48, 0xd6, 0x8e, 0x26, 0x5f, 0xeb, 1198 0xf3, 0x4a, 0xd1, 0x25, 0x5a, 0x34, 0x49, 0x99, 1199 0xad, 0x37, 0x14, 0x68, 0x87, 0xa6, 0xc6, 0x84, 1200 0x57, 0x31, 0xac, 0x7f, 0x46, 0x37, 0x6a, 0x05, 1201 0x04, 0xcd, 0x06, 0x57, 0x14, 0x74 1202 ); 1203 1204 static const struct gss_krb5_test_param rfc6803_encrypt_test_params[] = { 1205 { 1206 .desc = "Encrypt empty plaintext with camellia128-cts-cmac", 1207 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1208 .constant = 0, 1209 .base_key = &rfc6803_enc_test1_basekey, 1210 .plaintext = &rfc6803_enc_empty_plaintext, 1211 .confounder = &rfc6803_enc_test1_confounder, 1212 .expected_result = &rfc6803_enc_test1_expected_result, 1213 }, 1214 { 1215 .desc = "Encrypt 1 byte with camellia128-cts-cmac", 1216 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1217 .constant = 1, 1218 .base_key = &rfc6803_enc_test2_basekey, 1219 .plaintext = &rfc6803_enc_1byte_plaintext, 1220 .confounder = &rfc6803_enc_test2_confounder, 1221 .expected_result = &rfc6803_enc_test2_expected_result, 1222 }, 1223 { 1224 .desc = "Encrypt 9 bytes with camellia128-cts-cmac", 1225 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1226 .constant = 2, 1227 .base_key = &rfc6803_enc_test3_basekey, 1228 .plaintext = &rfc6803_enc_9byte_plaintext, 1229 .confounder = &rfc6803_enc_test3_confounder, 1230 .expected_result = &rfc6803_enc_test3_expected_result, 1231 }, 1232 { 1233 .desc = "Encrypt 13 bytes with camellia128-cts-cmac", 1234 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1235 .constant = 3, 1236 .base_key = &rfc6803_enc_test4_basekey, 1237 .plaintext = &rfc6803_enc_13byte_plaintext, 1238 .confounder = &rfc6803_enc_test4_confounder, 1239 .expected_result = &rfc6803_enc_test4_expected_result, 1240 }, 1241 { 1242 .desc = "Encrypt 30 bytes with camellia128-cts-cmac", 1243 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1244 .constant = 4, 1245 .base_key = &rfc6803_enc_test5_basekey, 1246 .plaintext = &rfc6803_enc_30byte_plaintext, 1247 .confounder = &rfc6803_enc_test5_confounder, 1248 .expected_result = &rfc6803_enc_test5_expected_result, 1249 }, 1250 { 1251 .desc = "Encrypt empty plaintext with camellia256-cts-cmac", 1252 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1253 .constant = 0, 1254 .base_key = &rfc6803_enc_test6_basekey, 1255 .plaintext = &rfc6803_enc_empty_plaintext, 1256 .confounder = &rfc6803_enc_test6_confounder, 1257 .expected_result = &rfc6803_enc_test6_expected_result, 1258 }, 1259 { 1260 .desc = "Encrypt 1 byte with camellia256-cts-cmac", 1261 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1262 .constant = 1, 1263 .base_key = &rfc6803_enc_test7_basekey, 1264 .plaintext = &rfc6803_enc_1byte_plaintext, 1265 .confounder = &rfc6803_enc_test7_confounder, 1266 .expected_result = &rfc6803_enc_test7_expected_result, 1267 }, 1268 { 1269 .desc = "Encrypt 9 bytes with camellia256-cts-cmac", 1270 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1271 .constant = 2, 1272 .base_key = &rfc6803_enc_test8_basekey, 1273 .plaintext = &rfc6803_enc_9byte_plaintext, 1274 .confounder = &rfc6803_enc_test8_confounder, 1275 .expected_result = &rfc6803_enc_test8_expected_result, 1276 }, 1277 { 1278 .desc = "Encrypt 13 bytes with camellia256-cts-cmac", 1279 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1280 .constant = 3, 1281 .base_key = &rfc6803_enc_test9_basekey, 1282 .plaintext = &rfc6803_enc_13byte_plaintext, 1283 .confounder = &rfc6803_enc_test9_confounder, 1284 .expected_result = &rfc6803_enc_test9_expected_result, 1285 }, 1286 { 1287 .desc = "Encrypt 30 bytes with camellia256-cts-cmac", 1288 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1289 .constant = 4, 1290 .base_key = &rfc6803_enc_test10_basekey, 1291 .plaintext = &rfc6803_enc_30byte_plaintext, 1292 .confounder = &rfc6803_enc_test10_confounder, 1293 .expected_result = &rfc6803_enc_test10_expected_result, 1294 }, 1295 }; 1296 1297 /* Creates the function rfc6803_encrypt_gen_params */ 1298 KUNIT_ARRAY_PARAM(rfc6803_encrypt, rfc6803_encrypt_test_params, 1299 gss_krb5_get_desc); 1300 1301 static void rfc6803_encrypt_case(struct kunit *test) 1302 { 1303 const struct gss_krb5_test_param *param = test->param_value; 1304 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 1305 const struct gss_krb5_enctype *gk5e; 1306 struct xdr_netobj Ke, Ki, checksum; 1307 u8 usage_data[GSS_KRB5_K5CLENGTH]; 1308 struct xdr_netobj usage = { 1309 .data = usage_data, 1310 .len = sizeof(usage_data), 1311 }; 1312 struct crypto_ahash *ahash_tfm; 1313 unsigned int blocksize; 1314 struct xdr_buf buf; 1315 void *text; 1316 size_t len; 1317 u32 err; 1318 1319 /* Arrange */ 1320 gk5e = gss_krb5_lookup_enctype(param->enctype); 1321 KUNIT_ASSERT_NOT_NULL(test, gk5e); 1322 1323 usage.data[3] = param->constant; 1324 1325 Ke.len = gk5e->Ke_length; 1326 Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL); 1327 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data); 1328 usage.data[4] = KEY_USAGE_SEED_ENCRYPTION; 1329 err = gk5e->derive_key(gk5e, param->base_key, &Ke, &usage, GFP_KERNEL); 1330 KUNIT_ASSERT_EQ(test, err, 0); 1331 1332 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 1333 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 1334 err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len); 1335 KUNIT_ASSERT_EQ(test, err, 0); 1336 1337 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 1338 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 1339 err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len); 1340 KUNIT_ASSERT_EQ(test, err, 0); 1341 blocksize = crypto_sync_skcipher_blocksize(cts_tfm); 1342 1343 len = param->confounder->len + param->plaintext->len + blocksize; 1344 text = kunit_kzalloc(test, len, GFP_KERNEL); 1345 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 1346 memcpy(text, param->confounder->data, param->confounder->len); 1347 memcpy(text + param->confounder->len, param->plaintext->data, 1348 param->plaintext->len); 1349 1350 memset(&buf, 0, sizeof(buf)); 1351 buf.head[0].iov_base = text; 1352 buf.head[0].iov_len = param->confounder->len + param->plaintext->len; 1353 buf.len = buf.head[0].iov_len; 1354 1355 checksum.len = gk5e->cksumlength; 1356 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 1357 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 1358 1359 Ki.len = gk5e->Ki_length; 1360 Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL); 1361 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data); 1362 usage.data[4] = KEY_USAGE_SEED_INTEGRITY; 1363 err = gk5e->derive_key(gk5e, param->base_key, &Ki, 1364 &usage, GFP_KERNEL); 1365 KUNIT_ASSERT_EQ(test, err, 0); 1366 ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 1367 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm); 1368 err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len); 1369 KUNIT_ASSERT_EQ(test, err, 0); 1370 1371 /* Act */ 1372 err = gss_krb5_checksum(ahash_tfm, NULL, 0, &buf, 0, &checksum); 1373 KUNIT_ASSERT_EQ(test, err, 0); 1374 1375 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); 1376 KUNIT_ASSERT_EQ(test, err, 0); 1377 1378 /* Assert */ 1379 KUNIT_EXPECT_EQ_MSG(test, param->expected_result->len, 1380 buf.len + checksum.len, 1381 "ciphertext length mismatch"); 1382 KUNIT_EXPECT_EQ_MSG(test, 1383 memcmp(param->expected_result->data, 1384 buf.head[0].iov_base, buf.len), 0, 1385 "encrypted result mismatch"); 1386 KUNIT_EXPECT_EQ_MSG(test, 1387 memcmp(param->expected_result->data + 1388 (param->expected_result->len - checksum.len), 1389 checksum.data, checksum.len), 0, 1390 "HMAC mismatch"); 1391 1392 crypto_free_ahash(ahash_tfm); 1393 crypto_free_sync_skcipher(cts_tfm); 1394 crypto_free_sync_skcipher(cbc_tfm); 1395 } 1396 1397 static struct kunit_case rfc6803_test_cases[] = { 1398 { 1399 .name = "RFC 6803 key derivation", 1400 .run_case = kdf_case, 1401 .generate_params = rfc6803_kdf_gen_params, 1402 }, 1403 { 1404 .name = "RFC 6803 checksum", 1405 .run_case = checksum_case, 1406 .generate_params = rfc6803_checksum_gen_params, 1407 }, 1408 { 1409 .name = "RFC 6803 encryption", 1410 .run_case = rfc6803_encrypt_case, 1411 .generate_params = rfc6803_encrypt_gen_params, 1412 }, 1413 }; 1414 1415 static struct kunit_suite rfc6803_suite = { 1416 .name = "RFC 6803 suite", 1417 .test_cases = rfc6803_test_cases, 1418 }; 1419 1420 /* 1421 * From RFC 8009 Appendix A. Test Vectors 1422 * 1423 * Sample results for SHA-2 enctype key derivation 1424 * 1425 * This test material is copyright (c) 2016 IETF Trust and the 1426 * persons identified as the document authors. All rights reserved. 1427 */ 1428 1429 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_basekey, 1430 0x37, 0x05, 0xd9, 0x60, 0x80, 0xc1, 0x77, 0x28, 1431 0xa0, 0xe8, 0x00, 0xea, 0xb6, 0xe0, 0xd2, 0x3c 1432 ); 1433 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Kc, 1434 0xb3, 0x1a, 0x01, 0x8a, 0x48, 0xf5, 0x47, 0x76, 1435 0xf4, 0x03, 0xe9, 0xa3, 0x96, 0x32, 0x5d, 0xc3 1436 ); 1437 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ke, 1438 0x9b, 0x19, 0x7d, 0xd1, 0xe8, 0xc5, 0x60, 0x9d, 1439 0x6e, 0x67, 0xc3, 0xe3, 0x7c, 0x62, 0xc7, 0x2e 1440 ); 1441 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ki, 1442 0x9f, 0xda, 0x0e, 0x56, 0xab, 0x2d, 0x85, 0xe1, 1443 0x56, 0x9a, 0x68, 0x86, 0x96, 0xc2, 0x6a, 0x6c 1444 ); 1445 1446 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_basekey, 1447 0x6d, 0x40, 0x4d, 0x37, 0xfa, 0xf7, 0x9f, 0x9d, 1448 0xf0, 0xd3, 0x35, 0x68, 0xd3, 0x20, 0x66, 0x98, 1449 0x00, 0xeb, 0x48, 0x36, 0x47, 0x2e, 0xa8, 0xa0, 1450 0x26, 0xd1, 0x6b, 0x71, 0x82, 0x46, 0x0c, 0x52 1451 ); 1452 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Kc, 1453 0xef, 0x57, 0x18, 0xbe, 0x86, 0xcc, 0x84, 0x96, 1454 0x3d, 0x8b, 0xbb, 0x50, 0x31, 0xe9, 0xf5, 0xc4, 1455 0xba, 0x41, 0xf2, 0x8f, 0xaf, 0x69, 0xe7, 0x3d 1456 ); 1457 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ke, 1458 0x56, 0xab, 0x22, 0xbe, 0xe6, 0x3d, 0x82, 0xd7, 1459 0xbc, 0x52, 0x27, 0xf6, 0x77, 0x3f, 0x8e, 0xa7, 1460 0xa5, 0xeb, 0x1c, 0x82, 0x51, 0x60, 0xc3, 0x83, 1461 0x12, 0x98, 0x0c, 0x44, 0x2e, 0x5c, 0x7e, 0x49 1462 ); 1463 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ki, 1464 0x69, 0xb1, 0x65, 0x14, 0xe3, 0xcd, 0x8e, 0x56, 1465 0xb8, 0x20, 0x10, 0xd5, 0xc7, 0x30, 0x12, 0xb6, 1466 0x22, 0xc4, 0xd0, 0x0f, 0xfc, 0x23, 0xed, 0x1f 1467 ); 1468 1469 static const struct gss_krb5_test_param rfc8009_kdf_test_params[] = { 1470 { 1471 .desc = "Derive Kc subkey for aes128-cts-hmac-sha256-128", 1472 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1473 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1474 .usage = &usage_checksum, 1475 .expected_result = &aes128_cts_hmac_sha256_128_Kc, 1476 }, 1477 { 1478 .desc = "Derive Ke subkey for aes128-cts-hmac-sha256-128", 1479 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1480 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1481 .usage = &usage_encryption, 1482 .expected_result = &aes128_cts_hmac_sha256_128_Ke, 1483 }, 1484 { 1485 .desc = "Derive Ki subkey for aes128-cts-hmac-sha256-128", 1486 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1487 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1488 .usage = &usage_integrity, 1489 .expected_result = &aes128_cts_hmac_sha256_128_Ki, 1490 }, 1491 { 1492 .desc = "Derive Kc subkey for aes256-cts-hmac-sha384-192", 1493 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1494 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1495 .usage = &usage_checksum, 1496 .expected_result = &aes256_cts_hmac_sha384_192_Kc, 1497 }, 1498 { 1499 .desc = "Derive Ke subkey for aes256-cts-hmac-sha384-192", 1500 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1501 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1502 .usage = &usage_encryption, 1503 .expected_result = &aes256_cts_hmac_sha384_192_Ke, 1504 }, 1505 { 1506 .desc = "Derive Ki subkey for aes256-cts-hmac-sha384-192", 1507 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1508 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1509 .usage = &usage_integrity, 1510 .expected_result = &aes256_cts_hmac_sha384_192_Ki, 1511 }, 1512 }; 1513 1514 /* Creates the function rfc8009_kdf_gen_params */ 1515 KUNIT_ARRAY_PARAM(rfc8009_kdf, rfc8009_kdf_test_params, gss_krb5_get_desc); 1516 1517 /* 1518 * From RFC 8009 Appendix A. Test Vectors 1519 * 1520 * These sample checksums use the above sample key derivation results, 1521 * including use of the same base-key and key usage values. 1522 * 1523 * This test material is copyright (c) 2016 IETF Trust and the 1524 * persons identified as the document authors. All rights reserved. 1525 */ 1526 1527 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_plaintext, 1528 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1529 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 1530 0x10, 0x11, 0x12, 0x13, 0x14 1531 ); 1532 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test1_expected_result, 1533 0xd7, 0x83, 0x67, 0x18, 0x66, 0x43, 0xd6, 0x7b, 1534 0x41, 0x1c, 0xba, 0x91, 0x39, 0xfc, 0x1d, 0xee 1535 ); 1536 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test2_expected_result, 1537 0x45, 0xee, 0x79, 0x15, 0x67, 0xee, 0xfc, 0xa3, 1538 0x7f, 0x4a, 0xc1, 0xe0, 0x22, 0x2d, 0xe8, 0x0d, 1539 0x43, 0xc3, 0xbf, 0xa0, 0x66, 0x99, 0x67, 0x2a 1540 ); 1541 1542 static const struct gss_krb5_test_param rfc8009_checksum_test_params[] = { 1543 { 1544 .desc = "Checksum with aes128-cts-hmac-sha256-128", 1545 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1546 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1547 .usage = &usage_checksum, 1548 .plaintext = &rfc8009_checksum_plaintext, 1549 .expected_result = &rfc8009_checksum_test1_expected_result, 1550 }, 1551 { 1552 .desc = "Checksum with aes256-cts-hmac-sha384-192", 1553 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1554 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1555 .usage = &usage_checksum, 1556 .plaintext = &rfc8009_checksum_plaintext, 1557 .expected_result = &rfc8009_checksum_test2_expected_result, 1558 }, 1559 }; 1560 1561 /* Creates the function rfc8009_checksum_gen_params */ 1562 KUNIT_ARRAY_PARAM(rfc8009_checksum, rfc8009_checksum_test_params, 1563 gss_krb5_get_desc); 1564 1565 static struct kunit_case rfc8009_test_cases[] = { 1566 { 1567 .name = "RFC 8009 key derivation", 1568 .run_case = kdf_case, 1569 .generate_params = rfc8009_kdf_gen_params, 1570 }, 1571 { 1572 .name = "RFC 8009 checksum", 1573 .run_case = checksum_case, 1574 .generate_params = rfc8009_checksum_gen_params, 1575 }, 1576 }; 1577 1578 static struct kunit_suite rfc8009_suite = { 1579 .name = "RFC 8009 suite", 1580 .test_cases = rfc8009_test_cases, 1581 }; 1582 1583 kunit_test_suites(&rfc3961_suite, 1584 &rfc3962_suite, 1585 &rfc6803_suite, 1586 &rfc8009_suite); 1587 1588 MODULE_DESCRIPTION("Test RPCSEC GSS Kerberos 5 functions"); 1589 MODULE_LICENSE("GPL"); 1590