1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2022 Oracle and/or its affiliates. 4 * 5 * KUnit test of SunRPC's GSS Kerberos mechanism. Subsystem 6 * name is "rpcsec_gss_krb5". 7 */ 8 9 #include <kunit/test.h> 10 #include <kunit/visibility.h> 11 12 #include <linux/kernel.h> 13 #include <crypto/hash.h> 14 15 #include <linux/sunrpc/xdr.h> 16 #include <linux/sunrpc/gss_krb5.h> 17 18 #include "gss_krb5_internal.h" 19 20 MODULE_IMPORT_NS(EXPORTED_FOR_KUNIT_TESTING); 21 22 struct gss_krb5_test_param { 23 const char *desc; 24 u32 enctype; 25 u32 nfold; 26 u32 constant; 27 const struct xdr_netobj *base_key; 28 const struct xdr_netobj *Ke; 29 const struct xdr_netobj *usage; 30 const struct xdr_netobj *plaintext; 31 const struct xdr_netobj *confounder; 32 const struct xdr_netobj *expected_result; 33 const struct xdr_netobj *expected_hmac; 34 const struct xdr_netobj *next_iv; 35 }; 36 37 static inline void gss_krb5_get_desc(const struct gss_krb5_test_param *param, 38 char *desc) 39 { 40 strscpy(desc, param->desc, KUNIT_PARAM_DESC_SIZE); 41 } 42 43 static void kdf_case(struct kunit *test) 44 { 45 const struct gss_krb5_test_param *param = test->param_value; 46 const struct gss_krb5_enctype *gk5e; 47 struct xdr_netobj derivedkey; 48 int err; 49 50 /* Arrange */ 51 gk5e = gss_krb5_lookup_enctype(param->enctype); 52 KUNIT_ASSERT_NOT_NULL(test, gk5e); 53 54 derivedkey.data = kunit_kzalloc(test, param->expected_result->len, 55 GFP_KERNEL); 56 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, derivedkey.data); 57 derivedkey.len = param->expected_result->len; 58 59 /* Act */ 60 err = gk5e->derive_key(gk5e, param->base_key, &derivedkey, 61 param->usage, GFP_KERNEL); 62 KUNIT_ASSERT_EQ(test, err, 0); 63 64 /* Assert */ 65 KUNIT_EXPECT_EQ_MSG(test, 66 memcmp(param->expected_result->data, 67 derivedkey.data, derivedkey.len), 0, 68 "key mismatch"); 69 } 70 71 static void checksum_case(struct kunit *test) 72 { 73 const struct gss_krb5_test_param *param = test->param_value; 74 struct xdr_buf buf = { 75 .head[0].iov_base = param->plaintext->data, 76 .head[0].iov_len = param->plaintext->len, 77 .len = param->plaintext->len, 78 }; 79 const struct gss_krb5_enctype *gk5e; 80 struct xdr_netobj Kc, checksum; 81 struct crypto_ahash *tfm; 82 int err; 83 84 /* Arrange */ 85 gk5e = gss_krb5_lookup_enctype(param->enctype); 86 KUNIT_ASSERT_NOT_NULL(test, gk5e); 87 88 Kc.len = gk5e->Kc_length; 89 Kc.data = kunit_kzalloc(test, Kc.len, GFP_KERNEL); 90 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Kc.data); 91 err = gk5e->derive_key(gk5e, param->base_key, &Kc, 92 param->usage, GFP_KERNEL); 93 KUNIT_ASSERT_EQ(test, err, 0); 94 95 tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 96 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, tfm); 97 err = crypto_ahash_setkey(tfm, Kc.data, Kc.len); 98 KUNIT_ASSERT_EQ(test, err, 0); 99 100 checksum.len = gk5e->cksumlength; 101 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 102 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 103 104 /* Act */ 105 err = gss_krb5_checksum(tfm, NULL, 0, &buf, 0, &checksum); 106 KUNIT_ASSERT_EQ(test, err, 0); 107 108 /* Assert */ 109 KUNIT_EXPECT_EQ_MSG(test, 110 memcmp(param->expected_result->data, 111 checksum.data, checksum.len), 0, 112 "checksum mismatch"); 113 114 crypto_free_ahash(tfm); 115 } 116 117 #define DEFINE_HEX_XDR_NETOBJ(name, hex_array...) \ 118 static const u8 name ## _data[] = { hex_array }; \ 119 static const struct xdr_netobj name = { \ 120 .data = (u8 *)name##_data, \ 121 .len = sizeof(name##_data), \ 122 } 123 124 #define DEFINE_STR_XDR_NETOBJ(name, string) \ 125 static const u8 name ## _str[] = string; \ 126 static const struct xdr_netobj name = { \ 127 .data = (u8 *)name##_str, \ 128 .len = sizeof(name##_str) - 1, \ 129 } 130 131 /* 132 * RFC 3961 Appendix A.1. n-fold 133 * 134 * The n-fold function is defined in section 5.1 of RFC 3961. 135 * 136 * This test material is copyright (C) The Internet Society (2005). 137 */ 138 139 DEFINE_HEX_XDR_NETOBJ(nfold_test1_plaintext, 140 0x30, 0x31, 0x32, 0x33, 0x34, 0x35 141 ); 142 DEFINE_HEX_XDR_NETOBJ(nfold_test1_expected_result, 143 0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55 144 ); 145 146 DEFINE_HEX_XDR_NETOBJ(nfold_test2_plaintext, 147 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 148 ); 149 DEFINE_HEX_XDR_NETOBJ(nfold_test2_expected_result, 150 0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa 151 ); 152 153 DEFINE_HEX_XDR_NETOBJ(nfold_test3_plaintext, 154 0x52, 0x6f, 0x75, 0x67, 0x68, 0x20, 0x43, 0x6f, 155 0x6e, 0x73, 0x65, 0x6e, 0x73, 0x75, 0x73, 0x2c, 156 0x20, 0x61, 0x6e, 0x64, 0x20, 0x52, 0x75, 0x6e, 157 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x43, 0x6f, 0x64, 158 0x65 159 ); 160 DEFINE_HEX_XDR_NETOBJ(nfold_test3_expected_result, 161 0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0 162 ); 163 164 DEFINE_HEX_XDR_NETOBJ(nfold_test4_plaintext, 165 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 166 ); 167 DEFINE_HEX_XDR_NETOBJ(nfold_test4_expected_result, 168 0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3, 169 0xc3, 0x7b, 0x3f, 0x6d, 0x20, 0x00, 0x24, 0x7c, 170 0xb6, 0xe6, 0xbd, 0x5b, 0x3e 171 ); 172 173 DEFINE_HEX_XDR_NETOBJ(nfold_test5_plaintext, 174 0x4d, 0x41, 0x53, 0x53, 0x41, 0x43, 0x48, 0x56, 175 0x53, 0x45, 0x54, 0x54, 0x53, 0x20, 0x49, 0x4e, 176 0x53, 0x54, 0x49, 0x54, 0x56, 0x54, 0x45, 0x20, 177 0x4f, 0x46, 0x20, 0x54, 0x45, 0x43, 0x48, 0x4e, 178 0x4f, 0x4c, 0x4f, 0x47, 0x59 179 ); 180 DEFINE_HEX_XDR_NETOBJ(nfold_test5_expected_result, 181 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 182 0x32, 0x82, 0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22, 183 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b 184 ); 185 186 DEFINE_HEX_XDR_NETOBJ(nfold_test6_plaintext, 187 0x51 188 ); 189 DEFINE_HEX_XDR_NETOBJ(nfold_test6_expected_result, 190 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a, 191 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a, 192 0x51, 0x8a, 0x54, 0xa2, 0x15 193 ); 194 195 DEFINE_HEX_XDR_NETOBJ(nfold_test7_plaintext, 196 0x62, 0x61 197 ); 198 DEFINE_HEX_XDR_NETOBJ(nfold_test7_expected_result, 199 0xfb, 0x25, 0xd5, 0x31, 0xae, 0x89, 0x74, 0x49, 200 0x9f, 0x52, 0xfd, 0x92, 0xea, 0x98, 0x57, 0xc4, 201 0xba, 0x24, 0xcf, 0x29, 0x7e 202 ); 203 204 DEFINE_HEX_XDR_NETOBJ(nfold_test_kerberos, 205 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 206 ); 207 DEFINE_HEX_XDR_NETOBJ(nfold_test8_expected_result, 208 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 209 ); 210 DEFINE_HEX_XDR_NETOBJ(nfold_test9_expected_result, 211 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 212 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93 213 ); 214 DEFINE_HEX_XDR_NETOBJ(nfold_test10_expected_result, 215 0x83, 0x72, 0xc2, 0x36, 0x34, 0x4e, 0x5f, 0x15, 216 0x50, 0xcd, 0x07, 0x47, 0xe1, 0x5d, 0x62, 0xca, 217 0x7a, 0x5a, 0x3b, 0xce, 0xa4 218 ); 219 DEFINE_HEX_XDR_NETOBJ(nfold_test11_expected_result, 220 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 221 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93, 222 0x5c, 0x9b, 0xdc, 0xda, 0xd9, 0x5c, 0x98, 0x99, 223 0xc4, 0xca, 0xe4, 0xde, 0xe6, 0xd6, 0xca, 0xe4 224 ); 225 226 static const struct gss_krb5_test_param rfc3961_nfold_test_params[] = { 227 { 228 .desc = "64-fold(\"012345\")", 229 .nfold = 64, 230 .plaintext = &nfold_test1_plaintext, 231 .expected_result = &nfold_test1_expected_result, 232 }, 233 { 234 .desc = "56-fold(\"password\")", 235 .nfold = 56, 236 .plaintext = &nfold_test2_plaintext, 237 .expected_result = &nfold_test2_expected_result, 238 }, 239 { 240 .desc = "64-fold(\"Rough Consensus, and Running Code\")", 241 .nfold = 64, 242 .plaintext = &nfold_test3_plaintext, 243 .expected_result = &nfold_test3_expected_result, 244 }, 245 { 246 .desc = "168-fold(\"password\")", 247 .nfold = 168, 248 .plaintext = &nfold_test4_plaintext, 249 .expected_result = &nfold_test4_expected_result, 250 }, 251 { 252 .desc = "192-fold(\"MASSACHVSETTS INSTITVTE OF TECHNOLOGY\")", 253 .nfold = 192, 254 .plaintext = &nfold_test5_plaintext, 255 .expected_result = &nfold_test5_expected_result, 256 }, 257 { 258 .desc = "168-fold(\"Q\")", 259 .nfold = 168, 260 .plaintext = &nfold_test6_plaintext, 261 .expected_result = &nfold_test6_expected_result, 262 }, 263 { 264 .desc = "168-fold(\"ba\")", 265 .nfold = 168, 266 .plaintext = &nfold_test7_plaintext, 267 .expected_result = &nfold_test7_expected_result, 268 }, 269 { 270 .desc = "64-fold(\"kerberos\")", 271 .nfold = 64, 272 .plaintext = &nfold_test_kerberos, 273 .expected_result = &nfold_test8_expected_result, 274 }, 275 { 276 .desc = "128-fold(\"kerberos\")", 277 .nfold = 128, 278 .plaintext = &nfold_test_kerberos, 279 .expected_result = &nfold_test9_expected_result, 280 }, 281 { 282 .desc = "168-fold(\"kerberos\")", 283 .nfold = 168, 284 .plaintext = &nfold_test_kerberos, 285 .expected_result = &nfold_test10_expected_result, 286 }, 287 { 288 .desc = "256-fold(\"kerberos\")", 289 .nfold = 256, 290 .plaintext = &nfold_test_kerberos, 291 .expected_result = &nfold_test11_expected_result, 292 }, 293 }; 294 295 /* Creates the function rfc3961_nfold_gen_params */ 296 KUNIT_ARRAY_PARAM(rfc3961_nfold, rfc3961_nfold_test_params, gss_krb5_get_desc); 297 298 static void rfc3961_nfold_case(struct kunit *test) 299 { 300 const struct gss_krb5_test_param *param = test->param_value; 301 u8 *result; 302 303 /* Arrange */ 304 result = kunit_kzalloc(test, 4096, GFP_KERNEL); 305 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, result); 306 307 /* Act */ 308 krb5_nfold(param->plaintext->len * 8, param->plaintext->data, 309 param->expected_result->len * 8, result); 310 311 /* Assert */ 312 KUNIT_EXPECT_EQ_MSG(test, 313 memcmp(param->expected_result->data, 314 result, param->expected_result->len), 0, 315 "result mismatch"); 316 } 317 318 /* 319 * RFC 3961 Appendix A.3. DES3 DR and DK 320 * 321 * These tests show the derived-random and derived-key values for the 322 * des3-hmac-sha1-kd encryption scheme, using the DR and DK functions 323 * defined in section 6.3.1. The input keys were randomly generated; 324 * the usage values are from this specification. 325 * 326 * This test material is copyright (C) The Internet Society (2005). 327 */ 328 329 DEFINE_HEX_XDR_NETOBJ(des3_dk_usage_155, 330 0x00, 0x00, 0x00, 0x01, 0x55 331 ); 332 333 DEFINE_HEX_XDR_NETOBJ(des3_dk_usage_1aa, 334 0x00, 0x00, 0x00, 0x01, 0xaa 335 ); 336 337 DEFINE_HEX_XDR_NETOBJ(des3_dk_usage_kerberos, 338 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 339 ); 340 341 DEFINE_HEX_XDR_NETOBJ(des3_dk_test1_base_key, 342 0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, 343 0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c, 344 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92 345 ); 346 DEFINE_HEX_XDR_NETOBJ(des3_dk_test1_derived_key, 347 0x92, 0x51, 0x79, 0xd0, 0x45, 0x91, 0xa7, 0x9b, 348 0x5d, 0x31, 0x92, 0xc4, 0xa7, 0xe9, 0xc2, 0x89, 349 0xb0, 0x49, 0xc7, 0x1f, 0x6e, 0xe6, 0x04, 0xcd 350 ); 351 352 DEFINE_HEX_XDR_NETOBJ(des3_dk_test2_base_key, 353 0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, 354 0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b, 355 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2 356 ); 357 DEFINE_HEX_XDR_NETOBJ(des3_dk_test2_derived_key, 358 0x9e, 0x58, 0xe5, 0xa1, 0x46, 0xd9, 0x94, 0x2a, 359 0x10, 0x1c, 0x46, 0x98, 0x45, 0xd6, 0x7a, 0x20, 360 0xe3, 0xc4, 0x25, 0x9e, 0xd9, 0x13, 0xf2, 0x07 361 ); 362 363 DEFINE_HEX_XDR_NETOBJ(des3_dk_test3_base_key, 364 0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85, 365 0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52, 366 0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc 367 ); 368 DEFINE_HEX_XDR_NETOBJ(des3_dk_test3_derived_key, 369 0x13, 0xfe, 0xf8, 0x0d, 0x76, 0x3e, 0x94, 0xec, 370 0x6d, 0x13, 0xfd, 0x2c, 0xa1, 0xd0, 0x85, 0x07, 371 0x02, 0x49, 0xda, 0xd3, 0x98, 0x08, 0xea, 0xbf 372 ); 373 374 DEFINE_HEX_XDR_NETOBJ(des3_dk_test4_base_key, 375 0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad, 376 0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02, 377 0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5 378 ); 379 DEFINE_HEX_XDR_NETOBJ(des3_dk_test4_derived_key, 380 0xf8, 0xdf, 0xbf, 0x04, 0xb0, 0x97, 0xe6, 0xd9, 381 0xdc, 0x07, 0x02, 0x68, 0x6b, 0xcb, 0x34, 0x89, 382 0xd9, 0x1f, 0xd9, 0xa4, 0x51, 0x6b, 0x70, 0x3e 383 ); 384 385 DEFINE_HEX_XDR_NETOBJ(des3_dk_test5_base_key, 386 0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38, 387 0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92, 388 0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb 389 ); 390 DEFINE_HEX_XDR_NETOBJ(des3_dk_test5_derived_key, 391 0x23, 0x70, 0xda, 0x57, 0x5d, 0x2a, 0x3d, 0xa8, 392 0x64, 0xce, 0xbf, 0xdc, 0x52, 0x04, 0xd5, 0x6d, 393 0xf7, 0x79, 0xa7, 0xdf, 0x43, 0xd9, 0xda, 0x43 394 ); 395 396 DEFINE_HEX_XDR_NETOBJ(des3_dk_test6_base_key, 397 0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62, 398 0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d, 399 0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda 400 ); 401 DEFINE_HEX_XDR_NETOBJ(des3_dk_test6_derived_key, 402 0x34, 0x80, 0x57, 0xec, 0x98, 0xfd, 0xc4, 0x80, 403 0x16, 0x16, 0x1c, 0x2a, 0x4c, 0x7a, 0x94, 0x3e, 404 0x92, 0xae, 0x49, 0x2c, 0x98, 0x91, 0x75, 0xf7 405 ); 406 407 DEFINE_HEX_XDR_NETOBJ(des3_dk_test7_base_key, 408 0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13, 409 0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79, 410 0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c 411 ); 412 DEFINE_HEX_XDR_NETOBJ(des3_dk_test7_derived_key, 413 0xa8, 0x80, 0x8a, 0xc2, 0x67, 0xda, 0xda, 0x3d, 414 0xcb, 0xe9, 0xa7, 0xc8, 0x46, 0x26, 0xfb, 0xc7, 415 0x61, 0xc2, 0x94, 0xb0, 0x13, 0x15, 0xe5, 0xc1 416 ); 417 418 DEFINE_HEX_XDR_NETOBJ(des3_dk_test8_base_key, 419 0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57, 420 0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1, 421 0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43 422 ); 423 DEFINE_HEX_XDR_NETOBJ(des3_dk_test8_derived_key, 424 0xc8, 0x13, 0xf8, 0x8a, 0x3b, 0xe3, 0xb3, 0x34, 425 0xf7, 0x54, 0x25, 0xce, 0x91, 0x75, 0xfb, 0xe3, 426 0xc8, 0x49, 0x3b, 0x89, 0xc8, 0x70, 0x3b, 0x49 427 ); 428 429 DEFINE_HEX_XDR_NETOBJ(des3_dk_test9_base_key, 430 0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, 431 0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4, 432 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16 433 ); 434 DEFINE_HEX_XDR_NETOBJ(des3_dk_test9_derived_key, 435 0xf4, 0x8f, 0xfd, 0x6e, 0x83, 0xf8, 0x3e, 0x73, 436 0x54, 0xe6, 0x94, 0xfd, 0x25, 0x2c, 0xf8, 0x3b, 437 0xfe, 0x58, 0xf7, 0xd5, 0xba, 0x37, 0xec, 0x5d 438 ); 439 440 static const struct gss_krb5_test_param rfc3961_kdf_test_params[] = { 441 { 442 .desc = "des3-hmac-sha1 key derivation case 1", 443 .enctype = ENCTYPE_DES3_CBC_RAW, 444 .base_key = &des3_dk_test1_base_key, 445 .usage = &des3_dk_usage_155, 446 .expected_result = &des3_dk_test1_derived_key, 447 }, 448 { 449 .desc = "des3-hmac-sha1 key derivation case 2", 450 .enctype = ENCTYPE_DES3_CBC_RAW, 451 .base_key = &des3_dk_test2_base_key, 452 .usage = &des3_dk_usage_1aa, 453 .expected_result = &des3_dk_test2_derived_key, 454 }, 455 { 456 .desc = "des3-hmac-sha1 key derivation case 3", 457 .enctype = ENCTYPE_DES3_CBC_RAW, 458 .base_key = &des3_dk_test3_base_key, 459 .usage = &des3_dk_usage_155, 460 .expected_result = &des3_dk_test3_derived_key, 461 }, 462 { 463 .desc = "des3-hmac-sha1 key derivation case 4", 464 .enctype = ENCTYPE_DES3_CBC_RAW, 465 .base_key = &des3_dk_test4_base_key, 466 .usage = &des3_dk_usage_1aa, 467 .expected_result = &des3_dk_test4_derived_key, 468 }, 469 { 470 .desc = "des3-hmac-sha1 key derivation case 5", 471 .enctype = ENCTYPE_DES3_CBC_RAW, 472 .base_key = &des3_dk_test5_base_key, 473 .usage = &des3_dk_usage_kerberos, 474 .expected_result = &des3_dk_test5_derived_key, 475 }, 476 { 477 .desc = "des3-hmac-sha1 key derivation case 6", 478 .enctype = ENCTYPE_DES3_CBC_RAW, 479 .base_key = &des3_dk_test6_base_key, 480 .usage = &des3_dk_usage_155, 481 .expected_result = &des3_dk_test6_derived_key, 482 }, 483 { 484 .desc = "des3-hmac-sha1 key derivation case 7", 485 .enctype = ENCTYPE_DES3_CBC_RAW, 486 .base_key = &des3_dk_test7_base_key, 487 .usage = &des3_dk_usage_1aa, 488 .expected_result = &des3_dk_test7_derived_key, 489 }, 490 { 491 .desc = "des3-hmac-sha1 key derivation case 8", 492 .enctype = ENCTYPE_DES3_CBC_RAW, 493 .base_key = &des3_dk_test8_base_key, 494 .usage = &des3_dk_usage_155, 495 .expected_result = &des3_dk_test8_derived_key, 496 }, 497 { 498 .desc = "des3-hmac-sha1 key derivation case 9", 499 .enctype = ENCTYPE_DES3_CBC_RAW, 500 .base_key = &des3_dk_test9_base_key, 501 .usage = &des3_dk_usage_1aa, 502 .expected_result = &des3_dk_test9_derived_key, 503 }, 504 }; 505 506 /* Creates the function rfc3961_kdf_gen_params */ 507 KUNIT_ARRAY_PARAM(rfc3961_kdf, rfc3961_kdf_test_params, gss_krb5_get_desc); 508 509 static struct kunit_case rfc3961_test_cases[] = { 510 { 511 .name = "RFC 3961 n-fold", 512 .run_case = rfc3961_nfold_case, 513 .generate_params = rfc3961_nfold_gen_params, 514 }, 515 { 516 .name = "RFC 3961 key derivation", 517 .run_case = kdf_case, 518 .generate_params = rfc3961_kdf_gen_params, 519 }, 520 }; 521 522 static struct kunit_suite rfc3961_suite = { 523 .name = "RFC 3961 tests", 524 .test_cases = rfc3961_test_cases, 525 }; 526 527 /* 528 * From RFC 3962 Appendix B: Sample Test Vectors 529 * 530 * Some test vectors for CBC with ciphertext stealing, using an 531 * initial vector of all-zero. 532 * 533 * This test material is copyright (C) The Internet Society (2005). 534 */ 535 536 DEFINE_HEX_XDR_NETOBJ(rfc3962_encryption_key, 537 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20, 538 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 539 ); 540 541 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_plaintext, 542 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 543 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 544 0x20 545 ); 546 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_expected_result, 547 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, 548 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, 549 0x97 550 ); 551 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_next_iv, 552 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, 553 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f 554 ); 555 556 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_plaintext, 557 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 558 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 559 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 560 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20 561 ); 562 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_expected_result, 563 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, 564 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22, 565 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 566 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 567 ); 568 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_next_iv, 569 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, 570 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22 571 ); 572 573 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_plaintext, 574 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 575 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 576 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 577 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43 578 ); 579 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_expected_result, 580 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 581 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 582 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 583 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 584 ); 585 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_next_iv, 586 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 587 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 588 ); 589 590 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_plaintext, 591 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 592 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 593 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 594 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 595 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 596 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c 597 ); 598 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_expected_result, 599 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 600 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 601 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, 602 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e, 603 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 604 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 605 ); 606 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_next_iv, 607 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, 608 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e 609 ); 610 611 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_plaintext, 612 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 613 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 614 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 615 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 616 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 617 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20 618 ); 619 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_expected_result, 620 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 621 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 622 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 623 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8, 624 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 625 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 626 ); 627 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_next_iv, 628 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 629 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 630 ); 631 632 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_plaintext, 633 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 634 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 635 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 636 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 637 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 638 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20, 639 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74, 640 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e 641 ); 642 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_expected_result, 643 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 644 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 645 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 646 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 647 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, 648 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40, 649 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 650 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 651 ); 652 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_next_iv, 653 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, 654 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40 655 ); 656 657 static const struct gss_krb5_test_param rfc3962_encrypt_test_params[] = { 658 { 659 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 1", 660 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 661 .Ke = &rfc3962_encryption_key, 662 .plaintext = &rfc3962_enc_test1_plaintext, 663 .expected_result = &rfc3962_enc_test1_expected_result, 664 .next_iv = &rfc3962_enc_test1_next_iv, 665 }, 666 { 667 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 2", 668 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 669 .Ke = &rfc3962_encryption_key, 670 .plaintext = &rfc3962_enc_test2_plaintext, 671 .expected_result = &rfc3962_enc_test2_expected_result, 672 .next_iv = &rfc3962_enc_test2_next_iv, 673 }, 674 { 675 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 3", 676 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 677 .Ke = &rfc3962_encryption_key, 678 .plaintext = &rfc3962_enc_test3_plaintext, 679 .expected_result = &rfc3962_enc_test3_expected_result, 680 .next_iv = &rfc3962_enc_test3_next_iv, 681 }, 682 { 683 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 4", 684 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 685 .Ke = &rfc3962_encryption_key, 686 .plaintext = &rfc3962_enc_test4_plaintext, 687 .expected_result = &rfc3962_enc_test4_expected_result, 688 .next_iv = &rfc3962_enc_test4_next_iv, 689 }, 690 { 691 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 5", 692 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 693 .Ke = &rfc3962_encryption_key, 694 .plaintext = &rfc3962_enc_test5_plaintext, 695 .expected_result = &rfc3962_enc_test5_expected_result, 696 .next_iv = &rfc3962_enc_test5_next_iv, 697 }, 698 { 699 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 6", 700 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 701 .Ke = &rfc3962_encryption_key, 702 .plaintext = &rfc3962_enc_test6_plaintext, 703 .expected_result = &rfc3962_enc_test6_expected_result, 704 .next_iv = &rfc3962_enc_test6_next_iv, 705 }, 706 }; 707 708 /* Creates the function rfc3962_encrypt_gen_params */ 709 KUNIT_ARRAY_PARAM(rfc3962_encrypt, rfc3962_encrypt_test_params, 710 gss_krb5_get_desc); 711 712 /* 713 * This tests the implementation of the encryption part of the mechanism. 714 * It does not apply a confounder or test the result of HMAC over the 715 * plaintext. 716 */ 717 static void rfc3962_encrypt_case(struct kunit *test) 718 { 719 const struct gss_krb5_test_param *param = test->param_value; 720 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 721 const struct gss_krb5_enctype *gk5e; 722 struct xdr_buf buf; 723 void *iv, *text; 724 u32 err; 725 726 /* Arrange */ 727 gk5e = gss_krb5_lookup_enctype(param->enctype); 728 KUNIT_ASSERT_NOT_NULL(test, gk5e); 729 730 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 731 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 732 err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len); 733 KUNIT_ASSERT_EQ(test, err, 0); 734 735 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 736 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 737 err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len); 738 KUNIT_ASSERT_EQ(test, err, 0); 739 740 iv = kunit_kzalloc(test, crypto_sync_skcipher_ivsize(cts_tfm), GFP_KERNEL); 741 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, iv); 742 743 text = kunit_kzalloc(test, param->plaintext->len, GFP_KERNEL); 744 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 745 746 memcpy(text, param->plaintext->data, param->plaintext->len); 747 memset(&buf, 0, sizeof(buf)); 748 buf.head[0].iov_base = text; 749 buf.head[0].iov_len = param->plaintext->len; 750 buf.len = buf.head[0].iov_len; 751 752 /* Act */ 753 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, 754 iv, crypto_sync_skcipher_ivsize(cts_tfm)); 755 KUNIT_ASSERT_EQ(test, err, 0); 756 757 /* Assert */ 758 KUNIT_EXPECT_EQ_MSG(test, 759 param->expected_result->len, buf.len, 760 "ciphertext length mismatch"); 761 KUNIT_EXPECT_EQ_MSG(test, 762 memcmp(param->expected_result->data, 763 text, param->expected_result->len), 0, 764 "ciphertext mismatch"); 765 KUNIT_EXPECT_EQ_MSG(test, 766 memcmp(param->next_iv->data, iv, 767 param->next_iv->len), 0, 768 "IV mismatch"); 769 770 crypto_free_sync_skcipher(cts_tfm); 771 crypto_free_sync_skcipher(cbc_tfm); 772 } 773 774 static struct kunit_case rfc3962_test_cases[] = { 775 { 776 .name = "RFC 3962 encryption", 777 .run_case = rfc3962_encrypt_case, 778 .generate_params = rfc3962_encrypt_gen_params, 779 }, 780 }; 781 782 static struct kunit_suite rfc3962_suite = { 783 .name = "RFC 3962 suite", 784 .test_cases = rfc3962_test_cases, 785 }; 786 787 /* 788 * From RFC 6803 Section 10. Test vectors 789 * 790 * Sample results for key derivation 791 * 792 * Copyright (c) 2012 IETF Trust and the persons identified as the 793 * document authors. All rights reserved. 794 */ 795 796 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_basekey, 797 0x57, 0xd0, 0x29, 0x72, 0x98, 0xff, 0xd9, 0xd3, 798 0x5d, 0xe5, 0xa4, 0x7f, 0xb4, 0xbd, 0xe2, 0x4b 799 ); 800 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Kc, 801 0xd1, 0x55, 0x77, 0x5a, 0x20, 0x9d, 0x05, 0xf0, 802 0x2b, 0x38, 0xd4, 0x2a, 0x38, 0x9e, 0x5a, 0x56 803 ); 804 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ke, 805 0x64, 0xdf, 0x83, 0xf8, 0x5a, 0x53, 0x2f, 0x17, 806 0x57, 0x7d, 0x8c, 0x37, 0x03, 0x57, 0x96, 0xab 807 ); 808 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ki, 809 0x3e, 0x4f, 0xbd, 0xf3, 0x0f, 0xb8, 0x25, 0x9c, 810 0x42, 0x5c, 0xb6, 0xc9, 0x6f, 0x1f, 0x46, 0x35 811 ); 812 813 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_basekey, 814 0xb9, 0xd6, 0x82, 0x8b, 0x20, 0x56, 0xb7, 0xbe, 815 0x65, 0x6d, 0x88, 0xa1, 0x23, 0xb1, 0xfa, 0xc6, 816 0x82, 0x14, 0xac, 0x2b, 0x72, 0x7e, 0xcf, 0x5f, 817 0x69, 0xaf, 0xe0, 0xc4, 0xdf, 0x2a, 0x6d, 0x2c 818 ); 819 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Kc, 820 0xe4, 0x67, 0xf9, 0xa9, 0x55, 0x2b, 0xc7, 0xd3, 821 0x15, 0x5a, 0x62, 0x20, 0xaf, 0x9c, 0x19, 0x22, 822 0x0e, 0xee, 0xd4, 0xff, 0x78, 0xb0, 0xd1, 0xe6, 823 0xa1, 0x54, 0x49, 0x91, 0x46, 0x1a, 0x9e, 0x50 824 ); 825 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ke, 826 0x41, 0x2a, 0xef, 0xc3, 0x62, 0xa7, 0x28, 0x5f, 827 0xc3, 0x96, 0x6c, 0x6a, 0x51, 0x81, 0xe7, 0x60, 828 0x5a, 0xe6, 0x75, 0x23, 0x5b, 0x6d, 0x54, 0x9f, 829 0xbf, 0xc9, 0xab, 0x66, 0x30, 0xa4, 0xc6, 0x04 830 ); 831 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ki, 832 0xfa, 0x62, 0x4f, 0xa0, 0xe5, 0x23, 0x99, 0x3f, 833 0xa3, 0x88, 0xae, 0xfd, 0xc6, 0x7e, 0x67, 0xeb, 834 0xcd, 0x8c, 0x08, 0xe8, 0xa0, 0x24, 0x6b, 0x1d, 835 0x73, 0xb0, 0xd1, 0xdd, 0x9f, 0xc5, 0x82, 0xb0 836 ); 837 838 DEFINE_HEX_XDR_NETOBJ(usage_checksum, 839 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_CHECKSUM 840 ); 841 DEFINE_HEX_XDR_NETOBJ(usage_encryption, 842 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_ENCRYPTION 843 ); 844 DEFINE_HEX_XDR_NETOBJ(usage_integrity, 845 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_INTEGRITY 846 ); 847 848 static const struct gss_krb5_test_param rfc6803_kdf_test_params[] = { 849 { 850 .desc = "Derive Kc subkey for camellia128-cts-cmac", 851 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 852 .base_key = &camellia128_cts_cmac_basekey, 853 .usage = &usage_checksum, 854 .expected_result = &camellia128_cts_cmac_Kc, 855 }, 856 { 857 .desc = "Derive Ke subkey for camellia128-cts-cmac", 858 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 859 .base_key = &camellia128_cts_cmac_basekey, 860 .usage = &usage_encryption, 861 .expected_result = &camellia128_cts_cmac_Ke, 862 }, 863 { 864 .desc = "Derive Ki subkey for camellia128-cts-cmac", 865 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 866 .base_key = &camellia128_cts_cmac_basekey, 867 .usage = &usage_integrity, 868 .expected_result = &camellia128_cts_cmac_Ki, 869 }, 870 { 871 .desc = "Derive Kc subkey for camellia256-cts-cmac", 872 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 873 .base_key = &camellia256_cts_cmac_basekey, 874 .usage = &usage_checksum, 875 .expected_result = &camellia256_cts_cmac_Kc, 876 }, 877 { 878 .desc = "Derive Ke subkey for camellia256-cts-cmac", 879 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 880 .base_key = &camellia256_cts_cmac_basekey, 881 .usage = &usage_encryption, 882 .expected_result = &camellia256_cts_cmac_Ke, 883 }, 884 { 885 .desc = "Derive Ki subkey for camellia256-cts-cmac", 886 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 887 .base_key = &camellia256_cts_cmac_basekey, 888 .usage = &usage_integrity, 889 .expected_result = &camellia256_cts_cmac_Ki, 890 }, 891 }; 892 893 /* Creates the function rfc6803_kdf_gen_params */ 894 KUNIT_ARRAY_PARAM(rfc6803_kdf, rfc6803_kdf_test_params, gss_krb5_get_desc); 895 896 /* 897 * From RFC 6803 Section 10. Test vectors 898 * 899 * Sample checksums. 900 * 901 * Copyright (c) 2012 IETF Trust and the persons identified as the 902 * document authors. All rights reserved. 903 * 904 * XXX: These tests are likely to fail on EBCDIC or Unicode platforms. 905 */ 906 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test1_plaintext, 907 "abcdefghijk"); 908 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_basekey, 909 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93, 910 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3 911 ); 912 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_usage, 913 0x00, 0x00, 0x00, 0x07, KEY_USAGE_SEED_CHECKSUM 914 ); 915 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_expected_result, 916 0x11, 0x78, 0xe6, 0xc5, 0xc4, 0x7a, 0x8c, 0x1a, 917 0xe0, 0xc4, 0xb9, 0xc7, 0xd4, 0xeb, 0x7b, 0x6b 918 ); 919 920 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test2_plaintext, 921 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"); 922 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_basekey, 923 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d, 924 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c 925 ); 926 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_usage, 927 0x00, 0x00, 0x00, 0x08, KEY_USAGE_SEED_CHECKSUM 928 ); 929 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_expected_result, 930 0xd1, 0xb3, 0x4f, 0x70, 0x04, 0xa7, 0x31, 0xf2, 931 0x3a, 0x0c, 0x00, 0xbf, 0x6c, 0x3f, 0x75, 0x3a 932 ); 933 934 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test3_plaintext, 935 "123456789"); 936 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_basekey, 937 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57, 938 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03, 939 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd, 940 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b 941 ); 942 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_usage, 943 0x00, 0x00, 0x00, 0x09, KEY_USAGE_SEED_CHECKSUM 944 ); 945 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_expected_result, 946 0x87, 0xa1, 0x2c, 0xfd, 0x2b, 0x96, 0x21, 0x48, 947 0x10, 0xf0, 0x1c, 0x82, 0x6e, 0x77, 0x44, 0xb1 948 ); 949 950 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test4_plaintext, 951 "!@#$%^&*()!@#$%^&*()!@#$%^&*()"); 952 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_basekey, 953 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15, 954 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe, 955 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33, 956 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05 957 ); 958 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_usage, 959 0x00, 0x00, 0x00, 0x0a, KEY_USAGE_SEED_CHECKSUM 960 ); 961 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_expected_result, 962 0x3f, 0xa0, 0xb4, 0x23, 0x55, 0xe5, 0x2b, 0x18, 963 0x91, 0x87, 0x29, 0x4a, 0xa2, 0x52, 0xab, 0x64 964 ); 965 966 static const struct gss_krb5_test_param rfc6803_checksum_test_params[] = { 967 { 968 .desc = "camellia128-cts-cmac checksum test 1", 969 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 970 .base_key = &rfc6803_checksum_test1_basekey, 971 .usage = &rfc6803_checksum_test1_usage, 972 .plaintext = &rfc6803_checksum_test1_plaintext, 973 .expected_result = &rfc6803_checksum_test1_expected_result, 974 }, 975 { 976 .desc = "camellia128-cts-cmac checksum test 2", 977 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 978 .base_key = &rfc6803_checksum_test2_basekey, 979 .usage = &rfc6803_checksum_test2_usage, 980 .plaintext = &rfc6803_checksum_test2_plaintext, 981 .expected_result = &rfc6803_checksum_test2_expected_result, 982 }, 983 { 984 .desc = "camellia256-cts-cmac checksum test 3", 985 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 986 .base_key = &rfc6803_checksum_test3_basekey, 987 .usage = &rfc6803_checksum_test3_usage, 988 .plaintext = &rfc6803_checksum_test3_plaintext, 989 .expected_result = &rfc6803_checksum_test3_expected_result, 990 }, 991 { 992 .desc = "camellia256-cts-cmac checksum test 4", 993 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 994 .base_key = &rfc6803_checksum_test4_basekey, 995 .usage = &rfc6803_checksum_test4_usage, 996 .plaintext = &rfc6803_checksum_test4_plaintext, 997 .expected_result = &rfc6803_checksum_test4_expected_result, 998 }, 999 }; 1000 1001 /* Creates the function rfc6803_checksum_gen_params */ 1002 KUNIT_ARRAY_PARAM(rfc6803_checksum, rfc6803_checksum_test_params, 1003 gss_krb5_get_desc); 1004 1005 /* 1006 * From RFC 6803 Section 10. Test vectors 1007 * 1008 * Sample encryptions (all using the default cipher state) 1009 * 1010 * Copyright (c) 2012 IETF Trust and the persons identified as the 1011 * document authors. All rights reserved. 1012 * 1013 * Key usage values are from errata 4326 against RFC 6803. 1014 */ 1015 1016 static const struct xdr_netobj rfc6803_enc_empty_plaintext = { 1017 .len = 0, 1018 }; 1019 1020 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_1byte_plaintext, "1"); 1021 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_9byte_plaintext, "9 bytesss"); 1022 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_13byte_plaintext, "13 bytes byte"); 1023 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_30byte_plaintext, 1024 "30 bytes bytes bytes bytes byt" 1025 ); 1026 1027 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_confounder, 1028 0xb6, 0x98, 0x22, 0xa1, 0x9a, 0x6b, 0x09, 0xc0, 1029 0xeb, 0xc8, 0x55, 0x7d, 0x1f, 0x1b, 0x6c, 0x0a 1030 ); 1031 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_basekey, 1032 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93, 1033 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3 1034 ); 1035 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_expected_result, 1036 0xc4, 0x66, 0xf1, 0x87, 0x10, 0x69, 0x92, 0x1e, 1037 0xdb, 0x7c, 0x6f, 0xde, 0x24, 0x4a, 0x52, 0xdb, 1038 0x0b, 0xa1, 0x0e, 0xdc, 0x19, 0x7b, 0xdb, 0x80, 1039 0x06, 0x65, 0x8c, 0xa3, 0xcc, 0xce, 0x6e, 0xb8 1040 ); 1041 1042 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_confounder, 1043 0x6f, 0x2f, 0xc3, 0xc2, 0xa1, 0x66, 0xfd, 0x88, 1044 0x98, 0x96, 0x7a, 0x83, 0xde, 0x95, 0x96, 0xd9 1045 ); 1046 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_basekey, 1047 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d, 1048 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c 1049 ); 1050 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_expected_result, 1051 0x84, 0x2d, 0x21, 0xfd, 0x95, 0x03, 0x11, 0xc0, 1052 0xdd, 0x46, 0x4a, 0x3f, 0x4b, 0xe8, 0xd6, 0xda, 1053 0x88, 0xa5, 0x6d, 0x55, 0x9c, 0x9b, 0x47, 0xd3, 1054 0xf9, 0xa8, 0x50, 0x67, 0xaf, 0x66, 0x15, 0x59, 1055 0xb8 1056 ); 1057 1058 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_confounder, 1059 0xa5, 0xb4, 0xa7, 0x1e, 0x07, 0x7a, 0xee, 0xf9, 1060 0x3c, 0x87, 0x63, 0xc1, 0x8f, 0xdb, 0x1f, 0x10 1061 ); 1062 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_basekey, 1063 0xa1, 0xbb, 0x61, 0xe8, 0x05, 0xf9, 0xba, 0x6d, 1064 0xde, 0x8f, 0xdb, 0xdd, 0xc0, 0x5c, 0xde, 0xa0 1065 ); 1066 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_expected_result, 1067 0x61, 0x9f, 0xf0, 0x72, 0xe3, 0x62, 0x86, 0xff, 1068 0x0a, 0x28, 0xde, 0xb3, 0xa3, 0x52, 0xec, 0x0d, 1069 0x0e, 0xdf, 0x5c, 0x51, 0x60, 0xd6, 0x63, 0xc9, 1070 0x01, 0x75, 0x8c, 0xcf, 0x9d, 0x1e, 0xd3, 0x3d, 1071 0x71, 0xdb, 0x8f, 0x23, 0xaa, 0xbf, 0x83, 0x48, 1072 0xa0 1073 ); 1074 1075 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_confounder, 1076 0x19, 0xfe, 0xe4, 0x0d, 0x81, 0x0c, 0x52, 0x4b, 1077 0x5b, 0x22, 0xf0, 0x18, 0x74, 0xc6, 0x93, 0xda 1078 ); 1079 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_basekey, 1080 0x2c, 0xa2, 0x7a, 0x5f, 0xaf, 0x55, 0x32, 0x24, 1081 0x45, 0x06, 0x43, 0x4e, 0x1c, 0xef, 0x66, 0x76 1082 ); 1083 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_expected_result, 1084 0xb8, 0xec, 0xa3, 0x16, 0x7a, 0xe6, 0x31, 0x55, 1085 0x12, 0xe5, 0x9f, 0x98, 0xa7, 0xc5, 0x00, 0x20, 1086 0x5e, 0x5f, 0x63, 0xff, 0x3b, 0xb3, 0x89, 0xaf, 1087 0x1c, 0x41, 0xa2, 0x1d, 0x64, 0x0d, 0x86, 0x15, 1088 0xc9, 0xed, 0x3f, 0xbe, 0xb0, 0x5a, 0xb6, 0xac, 1089 0xb6, 0x76, 0x89, 0xb5, 0xea 1090 ); 1091 1092 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_confounder, 1093 0xca, 0x7a, 0x7a, 0xb4, 0xbe, 0x19, 0x2d, 0xab, 1094 0xd6, 0x03, 0x50, 0x6d, 0xb1, 0x9c, 0x39, 0xe2 1095 ); 1096 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_basekey, 1097 0x78, 0x24, 0xf8, 0xc1, 0x6f, 0x83, 0xff, 0x35, 1098 0x4c, 0x6b, 0xf7, 0x51, 0x5b, 0x97, 0x3f, 0x43 1099 ); 1100 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_expected_result, 1101 0xa2, 0x6a, 0x39, 0x05, 0xa4, 0xff, 0xd5, 0x81, 1102 0x6b, 0x7b, 0x1e, 0x27, 0x38, 0x0d, 0x08, 0x09, 1103 0x0c, 0x8e, 0xc1, 0xf3, 0x04, 0x49, 0x6e, 0x1a, 1104 0xbd, 0xcd, 0x2b, 0xdc, 0xd1, 0xdf, 0xfc, 0x66, 1105 0x09, 0x89, 0xe1, 0x17, 0xa7, 0x13, 0xdd, 0xbb, 1106 0x57, 0xa4, 0x14, 0x6c, 0x15, 0x87, 0xcb, 0xa4, 1107 0x35, 0x66, 0x65, 0x59, 0x1d, 0x22, 0x40, 0x28, 1108 0x2f, 0x58, 0x42, 0xb1, 0x05, 0xa5 1109 ); 1110 1111 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_confounder, 1112 0x3c, 0xbb, 0xd2, 0xb4, 0x59, 0x17, 0x94, 0x10, 1113 0x67, 0xf9, 0x65, 0x99, 0xbb, 0x98, 0x92, 0x6c 1114 ); 1115 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_basekey, 1116 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57, 1117 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03, 1118 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd, 1119 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b 1120 ); 1121 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_expected_result, 1122 0x03, 0x88, 0x6d, 0x03, 0x31, 0x0b, 0x47, 0xa6, 1123 0xd8, 0xf0, 0x6d, 0x7b, 0x94, 0xd1, 0xdd, 0x83, 1124 0x7e, 0xcc, 0xe3, 0x15, 0xef, 0x65, 0x2a, 0xff, 1125 0x62, 0x08, 0x59, 0xd9, 0x4a, 0x25, 0x92, 0x66 1126 ); 1127 1128 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_confounder, 1129 0xde, 0xf4, 0x87, 0xfc, 0xeb, 0xe6, 0xde, 0x63, 1130 0x46, 0xd4, 0xda, 0x45, 0x21, 0xbb, 0xa2, 0xd2 1131 ); 1132 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_basekey, 1133 0x1b, 0x97, 0xfe, 0x0a, 0x19, 0x0e, 0x20, 0x21, 1134 0xeb, 0x30, 0x75, 0x3e, 0x1b, 0x6e, 0x1e, 0x77, 1135 0xb0, 0x75, 0x4b, 0x1d, 0x68, 0x46, 0x10, 0x35, 1136 0x58, 0x64, 0x10, 0x49, 0x63, 0x46, 0x38, 0x33 1137 ); 1138 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_expected_result, 1139 0x2c, 0x9c, 0x15, 0x70, 0x13, 0x3c, 0x99, 0xbf, 1140 0x6a, 0x34, 0xbc, 0x1b, 0x02, 0x12, 0x00, 0x2f, 1141 0xd1, 0x94, 0x33, 0x87, 0x49, 0xdb, 0x41, 0x35, 1142 0x49, 0x7a, 0x34, 0x7c, 0xfc, 0xd9, 0xd1, 0x8a, 1143 0x12 1144 ); 1145 1146 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_confounder, 1147 0xad, 0x4f, 0xf9, 0x04, 0xd3, 0x4e, 0x55, 0x53, 1148 0x84, 0xb1, 0x41, 0x00, 0xfc, 0x46, 0x5f, 0x88 1149 ); 1150 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_basekey, 1151 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15, 1152 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe, 1153 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33, 1154 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05 1155 ); 1156 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_expected_result, 1157 0x9c, 0x6d, 0xe7, 0x5f, 0x81, 0x2d, 0xe7, 0xed, 1158 0x0d, 0x28, 0xb2, 0x96, 0x35, 0x57, 0xa1, 0x15, 1159 0x64, 0x09, 0x98, 0x27, 0x5b, 0x0a, 0xf5, 0x15, 1160 0x27, 0x09, 0x91, 0x3f, 0xf5, 0x2a, 0x2a, 0x9c, 1161 0x8e, 0x63, 0xb8, 0x72, 0xf9, 0x2e, 0x64, 0xc8, 1162 0x39 1163 ); 1164 1165 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_confounder, 1166 0xcf, 0x9b, 0xca, 0x6d, 0xf1, 0x14, 0x4e, 0x0c, 1167 0x0a, 0xf9, 0xb8, 0xf3, 0x4c, 0x90, 0xd5, 0x14 1168 ); 1169 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_basekey, 1170 0xb0, 0x38, 0xb1, 0x32, 0xcd, 0x8e, 0x06, 0x61, 1171 0x22, 0x67, 0xfa, 0xb7, 0x17, 0x00, 0x66, 0xd8, 1172 0x8a, 0xec, 0xcb, 0xa0, 0xb7, 0x44, 0xbf, 0xc6, 1173 0x0d, 0xc8, 0x9b, 0xca, 0x18, 0x2d, 0x07, 0x15 1174 ); 1175 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_expected_result, 1176 0xee, 0xec, 0x85, 0xa9, 0x81, 0x3c, 0xdc, 0x53, 1177 0x67, 0x72, 0xab, 0x9b, 0x42, 0xde, 0xfc, 0x57, 1178 0x06, 0xf7, 0x26, 0xe9, 0x75, 0xdd, 0xe0, 0x5a, 1179 0x87, 0xeb, 0x54, 0x06, 0xea, 0x32, 0x4c, 0xa1, 1180 0x85, 0xc9, 0x98, 0x6b, 0x42, 0xaa, 0xbe, 0x79, 1181 0x4b, 0x84, 0x82, 0x1b, 0xee 1182 ); 1183 1184 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_confounder, 1185 0x64, 0x4d, 0xef, 0x38, 0xda, 0x35, 0x00, 0x72, 1186 0x75, 0x87, 0x8d, 0x21, 0x68, 0x55, 0xe2, 0x28 1187 ); 1188 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_basekey, 1189 0xcc, 0xfc, 0xd3, 0x49, 0xbf, 0x4c, 0x66, 0x77, 1190 0xe8, 0x6e, 0x4b, 0x02, 0xb8, 0xea, 0xb9, 0x24, 1191 0xa5, 0x46, 0xac, 0x73, 0x1c, 0xf9, 0xbf, 0x69, 1192 0x89, 0xb9, 0x96, 0xe7, 0xd6, 0xbf, 0xbb, 0xa7 1193 ); 1194 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_expected_result, 1195 0x0e, 0x44, 0x68, 0x09, 0x85, 0x85, 0x5f, 0x2d, 1196 0x1f, 0x18, 0x12, 0x52, 0x9c, 0xa8, 0x3b, 0xfd, 1197 0x8e, 0x34, 0x9d, 0xe6, 0xfd, 0x9a, 0xda, 0x0b, 1198 0xaa, 0xa0, 0x48, 0xd6, 0x8e, 0x26, 0x5f, 0xeb, 1199 0xf3, 0x4a, 0xd1, 0x25, 0x5a, 0x34, 0x49, 0x99, 1200 0xad, 0x37, 0x14, 0x68, 0x87, 0xa6, 0xc6, 0x84, 1201 0x57, 0x31, 0xac, 0x7f, 0x46, 0x37, 0x6a, 0x05, 1202 0x04, 0xcd, 0x06, 0x57, 0x14, 0x74 1203 ); 1204 1205 static const struct gss_krb5_test_param rfc6803_encrypt_test_params[] = { 1206 { 1207 .desc = "Encrypt empty plaintext with camellia128-cts-cmac", 1208 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1209 .constant = 0, 1210 .base_key = &rfc6803_enc_test1_basekey, 1211 .plaintext = &rfc6803_enc_empty_plaintext, 1212 .confounder = &rfc6803_enc_test1_confounder, 1213 .expected_result = &rfc6803_enc_test1_expected_result, 1214 }, 1215 { 1216 .desc = "Encrypt 1 byte with camellia128-cts-cmac", 1217 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1218 .constant = 1, 1219 .base_key = &rfc6803_enc_test2_basekey, 1220 .plaintext = &rfc6803_enc_1byte_plaintext, 1221 .confounder = &rfc6803_enc_test2_confounder, 1222 .expected_result = &rfc6803_enc_test2_expected_result, 1223 }, 1224 { 1225 .desc = "Encrypt 9 bytes with camellia128-cts-cmac", 1226 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1227 .constant = 2, 1228 .base_key = &rfc6803_enc_test3_basekey, 1229 .plaintext = &rfc6803_enc_9byte_plaintext, 1230 .confounder = &rfc6803_enc_test3_confounder, 1231 .expected_result = &rfc6803_enc_test3_expected_result, 1232 }, 1233 { 1234 .desc = "Encrypt 13 bytes with camellia128-cts-cmac", 1235 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1236 .constant = 3, 1237 .base_key = &rfc6803_enc_test4_basekey, 1238 .plaintext = &rfc6803_enc_13byte_plaintext, 1239 .confounder = &rfc6803_enc_test4_confounder, 1240 .expected_result = &rfc6803_enc_test4_expected_result, 1241 }, 1242 { 1243 .desc = "Encrypt 30 bytes with camellia128-cts-cmac", 1244 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1245 .constant = 4, 1246 .base_key = &rfc6803_enc_test5_basekey, 1247 .plaintext = &rfc6803_enc_30byte_plaintext, 1248 .confounder = &rfc6803_enc_test5_confounder, 1249 .expected_result = &rfc6803_enc_test5_expected_result, 1250 }, 1251 { 1252 .desc = "Encrypt empty plaintext with camellia256-cts-cmac", 1253 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1254 .constant = 0, 1255 .base_key = &rfc6803_enc_test6_basekey, 1256 .plaintext = &rfc6803_enc_empty_plaintext, 1257 .confounder = &rfc6803_enc_test6_confounder, 1258 .expected_result = &rfc6803_enc_test6_expected_result, 1259 }, 1260 { 1261 .desc = "Encrypt 1 byte with camellia256-cts-cmac", 1262 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1263 .constant = 1, 1264 .base_key = &rfc6803_enc_test7_basekey, 1265 .plaintext = &rfc6803_enc_1byte_plaintext, 1266 .confounder = &rfc6803_enc_test7_confounder, 1267 .expected_result = &rfc6803_enc_test7_expected_result, 1268 }, 1269 { 1270 .desc = "Encrypt 9 bytes with camellia256-cts-cmac", 1271 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1272 .constant = 2, 1273 .base_key = &rfc6803_enc_test8_basekey, 1274 .plaintext = &rfc6803_enc_9byte_plaintext, 1275 .confounder = &rfc6803_enc_test8_confounder, 1276 .expected_result = &rfc6803_enc_test8_expected_result, 1277 }, 1278 { 1279 .desc = "Encrypt 13 bytes with camellia256-cts-cmac", 1280 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1281 .constant = 3, 1282 .base_key = &rfc6803_enc_test9_basekey, 1283 .plaintext = &rfc6803_enc_13byte_plaintext, 1284 .confounder = &rfc6803_enc_test9_confounder, 1285 .expected_result = &rfc6803_enc_test9_expected_result, 1286 }, 1287 { 1288 .desc = "Encrypt 30 bytes with camellia256-cts-cmac", 1289 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1290 .constant = 4, 1291 .base_key = &rfc6803_enc_test10_basekey, 1292 .plaintext = &rfc6803_enc_30byte_plaintext, 1293 .confounder = &rfc6803_enc_test10_confounder, 1294 .expected_result = &rfc6803_enc_test10_expected_result, 1295 }, 1296 }; 1297 1298 /* Creates the function rfc6803_encrypt_gen_params */ 1299 KUNIT_ARRAY_PARAM(rfc6803_encrypt, rfc6803_encrypt_test_params, 1300 gss_krb5_get_desc); 1301 1302 static void rfc6803_encrypt_case(struct kunit *test) 1303 { 1304 const struct gss_krb5_test_param *param = test->param_value; 1305 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 1306 const struct gss_krb5_enctype *gk5e; 1307 struct xdr_netobj Ke, Ki, checksum; 1308 u8 usage_data[GSS_KRB5_K5CLENGTH]; 1309 struct xdr_netobj usage = { 1310 .data = usage_data, 1311 .len = sizeof(usage_data), 1312 }; 1313 struct crypto_ahash *ahash_tfm; 1314 unsigned int blocksize; 1315 struct xdr_buf buf; 1316 void *text; 1317 size_t len; 1318 u32 err; 1319 1320 /* Arrange */ 1321 gk5e = gss_krb5_lookup_enctype(param->enctype); 1322 KUNIT_ASSERT_NOT_NULL(test, gk5e); 1323 1324 usage.data[3] = param->constant; 1325 1326 Ke.len = gk5e->Ke_length; 1327 Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL); 1328 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data); 1329 usage.data[4] = KEY_USAGE_SEED_ENCRYPTION; 1330 err = gk5e->derive_key(gk5e, param->base_key, &Ke, &usage, GFP_KERNEL); 1331 KUNIT_ASSERT_EQ(test, err, 0); 1332 1333 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 1334 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 1335 err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len); 1336 KUNIT_ASSERT_EQ(test, err, 0); 1337 1338 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 1339 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 1340 err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len); 1341 KUNIT_ASSERT_EQ(test, err, 0); 1342 blocksize = crypto_sync_skcipher_blocksize(cts_tfm); 1343 1344 len = param->confounder->len + param->plaintext->len + blocksize; 1345 text = kunit_kzalloc(test, len, GFP_KERNEL); 1346 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 1347 memcpy(text, param->confounder->data, param->confounder->len); 1348 memcpy(text + param->confounder->len, param->plaintext->data, 1349 param->plaintext->len); 1350 1351 memset(&buf, 0, sizeof(buf)); 1352 buf.head[0].iov_base = text; 1353 buf.head[0].iov_len = param->confounder->len + param->plaintext->len; 1354 buf.len = buf.head[0].iov_len; 1355 1356 checksum.len = gk5e->cksumlength; 1357 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 1358 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 1359 1360 Ki.len = gk5e->Ki_length; 1361 Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL); 1362 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data); 1363 usage.data[4] = KEY_USAGE_SEED_INTEGRITY; 1364 err = gk5e->derive_key(gk5e, param->base_key, &Ki, 1365 &usage, GFP_KERNEL); 1366 KUNIT_ASSERT_EQ(test, err, 0); 1367 ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 1368 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm); 1369 err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len); 1370 KUNIT_ASSERT_EQ(test, err, 0); 1371 1372 /* Act */ 1373 err = gss_krb5_checksum(ahash_tfm, NULL, 0, &buf, 0, &checksum); 1374 KUNIT_ASSERT_EQ(test, err, 0); 1375 1376 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); 1377 KUNIT_ASSERT_EQ(test, err, 0); 1378 1379 /* Assert */ 1380 KUNIT_EXPECT_EQ_MSG(test, param->expected_result->len, 1381 buf.len + checksum.len, 1382 "ciphertext length mismatch"); 1383 KUNIT_EXPECT_EQ_MSG(test, 1384 memcmp(param->expected_result->data, 1385 buf.head[0].iov_base, buf.len), 0, 1386 "encrypted result mismatch"); 1387 KUNIT_EXPECT_EQ_MSG(test, 1388 memcmp(param->expected_result->data + 1389 (param->expected_result->len - checksum.len), 1390 checksum.data, checksum.len), 0, 1391 "HMAC mismatch"); 1392 1393 crypto_free_ahash(ahash_tfm); 1394 crypto_free_sync_skcipher(cts_tfm); 1395 crypto_free_sync_skcipher(cbc_tfm); 1396 } 1397 1398 static struct kunit_case rfc6803_test_cases[] = { 1399 { 1400 .name = "RFC 6803 key derivation", 1401 .run_case = kdf_case, 1402 .generate_params = rfc6803_kdf_gen_params, 1403 }, 1404 { 1405 .name = "RFC 6803 checksum", 1406 .run_case = checksum_case, 1407 .generate_params = rfc6803_checksum_gen_params, 1408 }, 1409 { 1410 .name = "RFC 6803 encryption", 1411 .run_case = rfc6803_encrypt_case, 1412 .generate_params = rfc6803_encrypt_gen_params, 1413 }, 1414 }; 1415 1416 static struct kunit_suite rfc6803_suite = { 1417 .name = "RFC 6803 suite", 1418 .test_cases = rfc6803_test_cases, 1419 }; 1420 1421 /* 1422 * From RFC 8009 Appendix A. Test Vectors 1423 * 1424 * Sample results for SHA-2 enctype key derivation 1425 * 1426 * This test material is copyright (c) 2016 IETF Trust and the 1427 * persons identified as the document authors. All rights reserved. 1428 */ 1429 1430 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_basekey, 1431 0x37, 0x05, 0xd9, 0x60, 0x80, 0xc1, 0x77, 0x28, 1432 0xa0, 0xe8, 0x00, 0xea, 0xb6, 0xe0, 0xd2, 0x3c 1433 ); 1434 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Kc, 1435 0xb3, 0x1a, 0x01, 0x8a, 0x48, 0xf5, 0x47, 0x76, 1436 0xf4, 0x03, 0xe9, 0xa3, 0x96, 0x32, 0x5d, 0xc3 1437 ); 1438 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ke, 1439 0x9b, 0x19, 0x7d, 0xd1, 0xe8, 0xc5, 0x60, 0x9d, 1440 0x6e, 0x67, 0xc3, 0xe3, 0x7c, 0x62, 0xc7, 0x2e 1441 ); 1442 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ki, 1443 0x9f, 0xda, 0x0e, 0x56, 0xab, 0x2d, 0x85, 0xe1, 1444 0x56, 0x9a, 0x68, 0x86, 0x96, 0xc2, 0x6a, 0x6c 1445 ); 1446 1447 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_basekey, 1448 0x6d, 0x40, 0x4d, 0x37, 0xfa, 0xf7, 0x9f, 0x9d, 1449 0xf0, 0xd3, 0x35, 0x68, 0xd3, 0x20, 0x66, 0x98, 1450 0x00, 0xeb, 0x48, 0x36, 0x47, 0x2e, 0xa8, 0xa0, 1451 0x26, 0xd1, 0x6b, 0x71, 0x82, 0x46, 0x0c, 0x52 1452 ); 1453 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Kc, 1454 0xef, 0x57, 0x18, 0xbe, 0x86, 0xcc, 0x84, 0x96, 1455 0x3d, 0x8b, 0xbb, 0x50, 0x31, 0xe9, 0xf5, 0xc4, 1456 0xba, 0x41, 0xf2, 0x8f, 0xaf, 0x69, 0xe7, 0x3d 1457 ); 1458 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ke, 1459 0x56, 0xab, 0x22, 0xbe, 0xe6, 0x3d, 0x82, 0xd7, 1460 0xbc, 0x52, 0x27, 0xf6, 0x77, 0x3f, 0x8e, 0xa7, 1461 0xa5, 0xeb, 0x1c, 0x82, 0x51, 0x60, 0xc3, 0x83, 1462 0x12, 0x98, 0x0c, 0x44, 0x2e, 0x5c, 0x7e, 0x49 1463 ); 1464 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ki, 1465 0x69, 0xb1, 0x65, 0x14, 0xe3, 0xcd, 0x8e, 0x56, 1466 0xb8, 0x20, 0x10, 0xd5, 0xc7, 0x30, 0x12, 0xb6, 1467 0x22, 0xc4, 0xd0, 0x0f, 0xfc, 0x23, 0xed, 0x1f 1468 ); 1469 1470 static const struct gss_krb5_test_param rfc8009_kdf_test_params[] = { 1471 { 1472 .desc = "Derive Kc subkey for aes128-cts-hmac-sha256-128", 1473 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1474 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1475 .usage = &usage_checksum, 1476 .expected_result = &aes128_cts_hmac_sha256_128_Kc, 1477 }, 1478 { 1479 .desc = "Derive Ke subkey for aes128-cts-hmac-sha256-128", 1480 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1481 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1482 .usage = &usage_encryption, 1483 .expected_result = &aes128_cts_hmac_sha256_128_Ke, 1484 }, 1485 { 1486 .desc = "Derive Ki subkey for aes128-cts-hmac-sha256-128", 1487 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1488 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1489 .usage = &usage_integrity, 1490 .expected_result = &aes128_cts_hmac_sha256_128_Ki, 1491 }, 1492 { 1493 .desc = "Derive Kc subkey for aes256-cts-hmac-sha384-192", 1494 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1495 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1496 .usage = &usage_checksum, 1497 .expected_result = &aes256_cts_hmac_sha384_192_Kc, 1498 }, 1499 { 1500 .desc = "Derive Ke subkey for aes256-cts-hmac-sha384-192", 1501 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1502 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1503 .usage = &usage_encryption, 1504 .expected_result = &aes256_cts_hmac_sha384_192_Ke, 1505 }, 1506 { 1507 .desc = "Derive Ki subkey for aes256-cts-hmac-sha384-192", 1508 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1509 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1510 .usage = &usage_integrity, 1511 .expected_result = &aes256_cts_hmac_sha384_192_Ki, 1512 }, 1513 }; 1514 1515 /* Creates the function rfc8009_kdf_gen_params */ 1516 KUNIT_ARRAY_PARAM(rfc8009_kdf, rfc8009_kdf_test_params, gss_krb5_get_desc); 1517 1518 /* 1519 * From RFC 8009 Appendix A. Test Vectors 1520 * 1521 * These sample checksums use the above sample key derivation results, 1522 * including use of the same base-key and key usage values. 1523 * 1524 * This test material is copyright (c) 2016 IETF Trust and the 1525 * persons identified as the document authors. All rights reserved. 1526 */ 1527 1528 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_plaintext, 1529 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1530 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 1531 0x10, 0x11, 0x12, 0x13, 0x14 1532 ); 1533 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test1_expected_result, 1534 0xd7, 0x83, 0x67, 0x18, 0x66, 0x43, 0xd6, 0x7b, 1535 0x41, 0x1c, 0xba, 0x91, 0x39, 0xfc, 0x1d, 0xee 1536 ); 1537 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test2_expected_result, 1538 0x45, 0xee, 0x79, 0x15, 0x67, 0xee, 0xfc, 0xa3, 1539 0x7f, 0x4a, 0xc1, 0xe0, 0x22, 0x2d, 0xe8, 0x0d, 1540 0x43, 0xc3, 0xbf, 0xa0, 0x66, 0x99, 0x67, 0x2a 1541 ); 1542 1543 static const struct gss_krb5_test_param rfc8009_checksum_test_params[] = { 1544 { 1545 .desc = "Checksum with aes128-cts-hmac-sha256-128", 1546 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1547 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1548 .usage = &usage_checksum, 1549 .plaintext = &rfc8009_checksum_plaintext, 1550 .expected_result = &rfc8009_checksum_test1_expected_result, 1551 }, 1552 { 1553 .desc = "Checksum with aes256-cts-hmac-sha384-192", 1554 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1555 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1556 .usage = &usage_checksum, 1557 .plaintext = &rfc8009_checksum_plaintext, 1558 .expected_result = &rfc8009_checksum_test2_expected_result, 1559 }, 1560 }; 1561 1562 /* Creates the function rfc8009_checksum_gen_params */ 1563 KUNIT_ARRAY_PARAM(rfc8009_checksum, rfc8009_checksum_test_params, 1564 gss_krb5_get_desc); 1565 1566 /* 1567 * From RFC 8009 Appendix A. Test Vectors 1568 * 1569 * Sample encryptions (all using the default cipher state): 1570 * -------------------------------------------------------- 1571 * 1572 * These sample encryptions use the above sample key derivation results, 1573 * including use of the same base-key and key usage values. 1574 * 1575 * This test material is copyright (c) 2016 IETF Trust and the 1576 * persons identified as the document authors. All rights reserved. 1577 */ 1578 1579 static const struct xdr_netobj rfc8009_enc_empty_plaintext = { 1580 .len = 0, 1581 }; 1582 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_short_plaintext, 1583 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 1584 ); 1585 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_block_plaintext, 1586 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1587 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 1588 ); 1589 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_long_plaintext, 1590 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1591 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 1592 0x10, 0x11, 0x12, 0x13, 0x14 1593 ); 1594 1595 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_confounder, 1596 0x7e, 0x58, 0x95, 0xea, 0xf2, 0x67, 0x24, 0x35, 1597 0xba, 0xd8, 0x17, 0xf5, 0x45, 0xa3, 0x71, 0x48 1598 ); 1599 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_result, 1600 0xef, 0x85, 0xfb, 0x89, 0x0b, 0xb8, 0x47, 0x2f, 1601 0x4d, 0xab, 0x20, 0x39, 0x4d, 0xca, 0x78, 0x1d 1602 ); 1603 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_hmac, 1604 0xad, 0x87, 0x7e, 0xda, 0x39, 0xd5, 0x0c, 0x87, 1605 0x0c, 0x0d, 0x5a, 0x0a, 0x8e, 0x48, 0xc7, 0x18 1606 ); 1607 1608 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_confounder, 1609 0x7b, 0xca, 0x28, 0x5e, 0x2f, 0xd4, 0x13, 0x0f, 1610 0xb5, 0x5b, 0x1a, 0x5c, 0x83, 0xbc, 0x5b, 0x24 1611 ); 1612 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_result, 1613 0x84, 0xd7, 0xf3, 0x07, 0x54, 0xed, 0x98, 0x7b, 1614 0xab, 0x0b, 0xf3, 0x50, 0x6b, 0xeb, 0x09, 0xcf, 1615 0xb5, 0x54, 0x02, 0xce, 0xf7, 0xe6 1616 ); 1617 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_hmac, 1618 0x87, 0x7c, 0xe9, 0x9e, 0x24, 0x7e, 0x52, 0xd1, 1619 0x6e, 0xd4, 0x42, 0x1d, 0xfd, 0xf8, 0x97, 0x6c 1620 ); 1621 1622 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_confounder, 1623 0x56, 0xab, 0x21, 0x71, 0x3f, 0xf6, 0x2c, 0x0a, 1624 0x14, 0x57, 0x20, 0x0f, 0x6f, 0xa9, 0x94, 0x8f 1625 ); 1626 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_result, 1627 0x35, 0x17, 0xd6, 0x40, 0xf5, 0x0d, 0xdc, 0x8a, 1628 0xd3, 0x62, 0x87, 0x22, 0xb3, 0x56, 0x9d, 0x2a, 1629 0xe0, 0x74, 0x93, 0xfa, 0x82, 0x63, 0x25, 0x40, 1630 0x80, 0xea, 0x65, 0xc1, 0x00, 0x8e, 0x8f, 0xc2 1631 ); 1632 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_hmac, 1633 0x95, 0xfb, 0x48, 0x52, 0xe7, 0xd8, 0x3e, 0x1e, 1634 0x7c, 0x48, 0xc3, 0x7e, 0xeb, 0xe6, 0xb0, 0xd3 1635 ); 1636 1637 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_confounder, 1638 0xa7, 0xa4, 0xe2, 0x9a, 0x47, 0x28, 0xce, 0x10, 1639 0x66, 0x4f, 0xb6, 0x4e, 0x49, 0xad, 0x3f, 0xac 1640 ); 1641 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_result, 1642 0x72, 0x0f, 0x73, 0xb1, 0x8d, 0x98, 0x59, 0xcd, 1643 0x6c, 0xcb, 0x43, 0x46, 0x11, 0x5c, 0xd3, 0x36, 1644 0xc7, 0x0f, 0x58, 0xed, 0xc0, 0xc4, 0x43, 0x7c, 1645 0x55, 0x73, 0x54, 0x4c, 0x31, 0xc8, 0x13, 0xbc, 1646 0xe1, 0xe6, 0xd0, 0x72, 0xc1 1647 ); 1648 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_hmac, 1649 0x86, 0xb3, 0x9a, 0x41, 0x3c, 0x2f, 0x92, 0xca, 1650 0x9b, 0x83, 0x34, 0xa2, 0x87, 0xff, 0xcb, 0xfc 1651 ); 1652 1653 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_confounder, 1654 0xf7, 0x64, 0xe9, 0xfa, 0x15, 0xc2, 0x76, 0x47, 1655 0x8b, 0x2c, 0x7d, 0x0c, 0x4e, 0x5f, 0x58, 0xe4 1656 ); 1657 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_result, 1658 0x41, 0xf5, 0x3f, 0xa5, 0xbf, 0xe7, 0x02, 0x6d, 1659 0x91, 0xfa, 0xf9, 0xbe, 0x95, 0x91, 0x95, 0xa0 1660 ); 1661 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_hmac, 1662 0x58, 0x70, 0x72, 0x73, 0xa9, 0x6a, 0x40, 0xf0, 1663 0xa0, 0x19, 0x60, 0x62, 0x1a, 0xc6, 0x12, 0x74, 1664 0x8b, 0x9b, 0xbf, 0xbe, 0x7e, 0xb4, 0xce, 0x3c 1665 ); 1666 1667 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_confounder, 1668 0xb8, 0x0d, 0x32, 0x51, 0xc1, 0xf6, 0x47, 0x14, 1669 0x94, 0x25, 0x6f, 0xfe, 0x71, 0x2d, 0x0b, 0x9a 1670 ); 1671 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_result, 1672 0x4e, 0xd7, 0xb3, 0x7c, 0x2b, 0xca, 0xc8, 0xf7, 1673 0x4f, 0x23, 0xc1, 0xcf, 0x07, 0xe6, 0x2b, 0xc7, 1674 0xb7, 0x5f, 0xb3, 0xf6, 0x37, 0xb9 1675 ); 1676 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_hmac, 1677 0xf5, 0x59, 0xc7, 0xf6, 0x64, 0xf6, 0x9e, 0xab, 1678 0x7b, 0x60, 0x92, 0x23, 0x75, 0x26, 0xea, 0x0d, 1679 0x1f, 0x61, 0xcb, 0x20, 0xd6, 0x9d, 0x10, 0xf2 1680 ); 1681 1682 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_confounder, 1683 0x53, 0xbf, 0x8a, 0x0d, 0x10, 0x52, 0x65, 0xd4, 1684 0xe2, 0x76, 0x42, 0x86, 0x24, 0xce, 0x5e, 0x63 1685 ); 1686 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_result, 1687 0xbc, 0x47, 0xff, 0xec, 0x79, 0x98, 0xeb, 0x91, 1688 0xe8, 0x11, 0x5c, 0xf8, 0xd1, 0x9d, 0xac, 0x4b, 1689 0xbb, 0xe2, 0xe1, 0x63, 0xe8, 0x7d, 0xd3, 0x7f, 1690 0x49, 0xbe, 0xca, 0x92, 0x02, 0x77, 0x64, 0xf6 1691 ); 1692 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_hmac, 1693 0x8c, 0xf5, 0x1f, 0x14, 0xd7, 0x98, 0xc2, 0x27, 1694 0x3f, 0x35, 0xdf, 0x57, 0x4d, 0x1f, 0x93, 0x2e, 1695 0x40, 0xc4, 0xff, 0x25, 0x5b, 0x36, 0xa2, 0x66 1696 ); 1697 1698 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_confounder, 1699 0x76, 0x3e, 0x65, 0x36, 0x7e, 0x86, 0x4f, 0x02, 1700 0xf5, 0x51, 0x53, 0xc7, 0xe3, 0xb5, 0x8a, 0xf1 1701 ); 1702 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_result, 1703 0x40, 0x01, 0x3e, 0x2d, 0xf5, 0x8e, 0x87, 0x51, 1704 0x95, 0x7d, 0x28, 0x78, 0xbc, 0xd2, 0xd6, 0xfe, 1705 0x10, 0x1c, 0xcf, 0xd5, 0x56, 0xcb, 0x1e, 0xae, 1706 0x79, 0xdb, 0x3c, 0x3e, 0xe8, 0x64, 0x29, 0xf2, 1707 0xb2, 0xa6, 0x02, 0xac, 0x86 1708 ); 1709 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_hmac, 1710 0xfe, 0xf6, 0xec, 0xb6, 0x47, 0xd6, 0x29, 0x5f, 1711 0xae, 0x07, 0x7a, 0x1f, 0xeb, 0x51, 0x75, 0x08, 1712 0xd2, 0xc1, 0x6b, 0x41, 0x92, 0xe0, 0x1f, 0x62 1713 ); 1714 1715 static const struct gss_krb5_test_param rfc8009_encrypt_test_params[] = { 1716 { 1717 .desc = "Encrypt empty plaintext with aes128-cts-hmac-sha256-128", 1718 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1719 .plaintext = &rfc8009_enc_empty_plaintext, 1720 .confounder = &rfc8009_enc_test1_confounder, 1721 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1722 .expected_result = &rfc8009_enc_test1_expected_result, 1723 .expected_hmac = &rfc8009_enc_test1_expected_hmac, 1724 }, 1725 { 1726 .desc = "Encrypt short plaintext with aes128-cts-hmac-sha256-128", 1727 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1728 .plaintext = &rfc8009_enc_short_plaintext, 1729 .confounder = &rfc8009_enc_test2_confounder, 1730 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1731 .expected_result = &rfc8009_enc_test2_expected_result, 1732 .expected_hmac = &rfc8009_enc_test2_expected_hmac, 1733 }, 1734 { 1735 .desc = "Encrypt block plaintext with aes128-cts-hmac-sha256-128", 1736 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1737 .plaintext = &rfc8009_enc_block_plaintext, 1738 .confounder = &rfc8009_enc_test3_confounder, 1739 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1740 .expected_result = &rfc8009_enc_test3_expected_result, 1741 .expected_hmac = &rfc8009_enc_test3_expected_hmac, 1742 }, 1743 { 1744 .desc = "Encrypt long plaintext with aes128-cts-hmac-sha256-128", 1745 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1746 .plaintext = &rfc8009_enc_long_plaintext, 1747 .confounder = &rfc8009_enc_test4_confounder, 1748 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1749 .expected_result = &rfc8009_enc_test4_expected_result, 1750 .expected_hmac = &rfc8009_enc_test4_expected_hmac, 1751 }, 1752 { 1753 .desc = "Encrypt empty plaintext with aes256-cts-hmac-sha384-192", 1754 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1755 .plaintext = &rfc8009_enc_empty_plaintext, 1756 .confounder = &rfc8009_enc_test5_confounder, 1757 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1758 .expected_result = &rfc8009_enc_test5_expected_result, 1759 .expected_hmac = &rfc8009_enc_test5_expected_hmac, 1760 }, 1761 { 1762 .desc = "Encrypt short plaintext with aes256-cts-hmac-sha384-192", 1763 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1764 .plaintext = &rfc8009_enc_short_plaintext, 1765 .confounder = &rfc8009_enc_test6_confounder, 1766 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1767 .expected_result = &rfc8009_enc_test6_expected_result, 1768 .expected_hmac = &rfc8009_enc_test6_expected_hmac, 1769 }, 1770 { 1771 .desc = "Encrypt block plaintext with aes256-cts-hmac-sha384-192", 1772 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1773 .plaintext = &rfc8009_enc_block_plaintext, 1774 .confounder = &rfc8009_enc_test7_confounder, 1775 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1776 .expected_result = &rfc8009_enc_test7_expected_result, 1777 .expected_hmac = &rfc8009_enc_test7_expected_hmac, 1778 }, 1779 { 1780 .desc = "Encrypt long plaintext with aes256-cts-hmac-sha384-192", 1781 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1782 .plaintext = &rfc8009_enc_long_plaintext, 1783 .confounder = &rfc8009_enc_test8_confounder, 1784 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1785 .expected_result = &rfc8009_enc_test8_expected_result, 1786 .expected_hmac = &rfc8009_enc_test8_expected_hmac, 1787 }, 1788 }; 1789 1790 /* Creates the function rfc8009_encrypt_gen_params */ 1791 KUNIT_ARRAY_PARAM(rfc8009_encrypt, rfc8009_encrypt_test_params, 1792 gss_krb5_get_desc); 1793 1794 static void rfc8009_encrypt_case(struct kunit *test) 1795 { 1796 const struct gss_krb5_test_param *param = test->param_value; 1797 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 1798 const struct gss_krb5_enctype *gk5e; 1799 struct xdr_netobj Ke, Ki, checksum; 1800 u8 usage_data[GSS_KRB5_K5CLENGTH]; 1801 struct xdr_netobj usage = { 1802 .data = usage_data, 1803 .len = sizeof(usage_data), 1804 }; 1805 struct crypto_ahash *ahash_tfm; 1806 struct xdr_buf buf; 1807 void *text; 1808 size_t len; 1809 u32 err; 1810 1811 /* Arrange */ 1812 gk5e = gss_krb5_lookup_enctype(param->enctype); 1813 KUNIT_ASSERT_NOT_NULL(test, gk5e); 1814 1815 *(__be32 *)usage.data = cpu_to_be32(2); 1816 1817 Ke.len = gk5e->Ke_length; 1818 Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL); 1819 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data); 1820 usage.data[4] = KEY_USAGE_SEED_ENCRYPTION; 1821 err = gk5e->derive_key(gk5e, param->base_key, &Ke, 1822 &usage, GFP_KERNEL); 1823 KUNIT_ASSERT_EQ(test, err, 0); 1824 1825 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 1826 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 1827 err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len); 1828 KUNIT_ASSERT_EQ(test, err, 0); 1829 1830 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 1831 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 1832 err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len); 1833 KUNIT_ASSERT_EQ(test, err, 0); 1834 1835 len = param->confounder->len + param->plaintext->len; 1836 text = kunit_kzalloc(test, len, GFP_KERNEL); 1837 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 1838 memcpy(text, param->confounder->data, param->confounder->len); 1839 memcpy(text + param->confounder->len, param->plaintext->data, 1840 param->plaintext->len); 1841 1842 memset(&buf, 0, sizeof(buf)); 1843 buf.head[0].iov_base = text; 1844 buf.head[0].iov_len = param->confounder->len + param->plaintext->len; 1845 buf.len = buf.head[0].iov_len; 1846 1847 checksum.len = gk5e->cksumlength; 1848 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 1849 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 1850 1851 Ki.len = gk5e->Ki_length; 1852 Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL); 1853 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data); 1854 usage.data[4] = KEY_USAGE_SEED_INTEGRITY; 1855 err = gk5e->derive_key(gk5e, param->base_key, &Ki, 1856 &usage, GFP_KERNEL); 1857 KUNIT_ASSERT_EQ(test, err, 0); 1858 1859 ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 1860 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm); 1861 err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len); 1862 KUNIT_ASSERT_EQ(test, err, 0); 1863 1864 /* Act */ 1865 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); 1866 KUNIT_ASSERT_EQ(test, err, 0); 1867 err = krb5_etm_checksum(cts_tfm, ahash_tfm, &buf, 0, &checksum); 1868 KUNIT_ASSERT_EQ(test, err, 0); 1869 1870 /* Assert */ 1871 KUNIT_EXPECT_EQ_MSG(test, 1872 param->expected_result->len, buf.len, 1873 "ciphertext length mismatch"); 1874 KUNIT_EXPECT_EQ_MSG(test, 1875 memcmp(param->expected_result->data, 1876 buf.head[0].iov_base, 1877 param->expected_result->len), 0, 1878 "ciphertext mismatch"); 1879 KUNIT_EXPECT_EQ_MSG(test, memcmp(param->expected_hmac->data, 1880 checksum.data, 1881 checksum.len), 0, 1882 "HMAC mismatch"); 1883 1884 crypto_free_ahash(ahash_tfm); 1885 crypto_free_sync_skcipher(cts_tfm); 1886 crypto_free_sync_skcipher(cbc_tfm); 1887 } 1888 1889 static struct kunit_case rfc8009_test_cases[] = { 1890 { 1891 .name = "RFC 8009 key derivation", 1892 .run_case = kdf_case, 1893 .generate_params = rfc8009_kdf_gen_params, 1894 }, 1895 { 1896 .name = "RFC 8009 checksum", 1897 .run_case = checksum_case, 1898 .generate_params = rfc8009_checksum_gen_params, 1899 }, 1900 { 1901 .name = "RFC 8009 encryption", 1902 .run_case = rfc8009_encrypt_case, 1903 .generate_params = rfc8009_encrypt_gen_params, 1904 }, 1905 }; 1906 1907 static struct kunit_suite rfc8009_suite = { 1908 .name = "RFC 8009 suite", 1909 .test_cases = rfc8009_test_cases, 1910 }; 1911 1912 /* 1913 * Encryption self-tests 1914 */ 1915 1916 DEFINE_STR_XDR_NETOBJ(encrypt_selftest_plaintext, 1917 "This is the plaintext for the encryption self-test."); 1918 1919 static const struct gss_krb5_test_param encrypt_selftest_params[] = { 1920 { 1921 .desc = "aes128-cts-hmac-sha1-96 encryption self-test", 1922 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 1923 .Ke = &rfc3962_encryption_key, 1924 .plaintext = &encrypt_selftest_plaintext, 1925 }, 1926 { 1927 .desc = "aes256-cts-hmac-sha1-96 encryption self-test", 1928 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96, 1929 .Ke = &rfc3962_encryption_key, 1930 .plaintext = &encrypt_selftest_plaintext, 1931 }, 1932 { 1933 .desc = "camellia128-cts-cmac encryption self-test", 1934 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1935 .Ke = &camellia128_cts_cmac_Ke, 1936 .plaintext = &encrypt_selftest_plaintext, 1937 }, 1938 { 1939 .desc = "camellia256-cts-cmac encryption self-test", 1940 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1941 .Ke = &camellia256_cts_cmac_Ke, 1942 .plaintext = &encrypt_selftest_plaintext, 1943 }, 1944 { 1945 .desc = "aes128-cts-hmac-sha256-128 encryption self-test", 1946 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1947 .Ke = &aes128_cts_hmac_sha256_128_Ke, 1948 .plaintext = &encrypt_selftest_plaintext, 1949 }, 1950 { 1951 .desc = "aes256-cts-hmac-sha384-192 encryption self-test", 1952 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1953 .Ke = &aes256_cts_hmac_sha384_192_Ke, 1954 .plaintext = &encrypt_selftest_plaintext, 1955 }, 1956 }; 1957 1958 /* Creates the function encrypt_selftest_gen_params */ 1959 KUNIT_ARRAY_PARAM(encrypt_selftest, encrypt_selftest_params, 1960 gss_krb5_get_desc); 1961 1962 /* 1963 * Encrypt and decrypt plaintext, and ensure the input plaintext 1964 * matches the output plaintext. A confounder is not added in this 1965 * case. 1966 */ 1967 static void encrypt_selftest_case(struct kunit *test) 1968 { 1969 const struct gss_krb5_test_param *param = test->param_value; 1970 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 1971 const struct gss_krb5_enctype *gk5e; 1972 struct xdr_buf buf; 1973 void *text; 1974 int err; 1975 1976 /* Arrange */ 1977 gk5e = gss_krb5_lookup_enctype(param->enctype); 1978 KUNIT_ASSERT_NOT_NULL(test, gk5e); 1979 1980 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 1981 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 1982 err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len); 1983 KUNIT_ASSERT_EQ(test, err, 0); 1984 1985 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 1986 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 1987 err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len); 1988 KUNIT_ASSERT_EQ(test, err, 0); 1989 1990 text = kunit_kzalloc(test, roundup(param->plaintext->len, 1991 crypto_sync_skcipher_blocksize(cbc_tfm)), 1992 GFP_KERNEL); 1993 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 1994 1995 memcpy(text, param->plaintext->data, param->plaintext->len); 1996 memset(&buf, 0, sizeof(buf)); 1997 buf.head[0].iov_base = text; 1998 buf.head[0].iov_len = param->plaintext->len; 1999 buf.len = buf.head[0].iov_len; 2000 2001 /* Act */ 2002 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); 2003 KUNIT_ASSERT_EQ(test, err, 0); 2004 err = krb5_cbc_cts_decrypt(cts_tfm, cbc_tfm, 0, &buf); 2005 KUNIT_ASSERT_EQ(test, err, 0); 2006 2007 /* Assert */ 2008 KUNIT_EXPECT_EQ_MSG(test, 2009 param->plaintext->len, buf.len, 2010 "length mismatch"); 2011 KUNIT_EXPECT_EQ_MSG(test, 2012 memcmp(param->plaintext->data, 2013 buf.head[0].iov_base, buf.len), 0, 2014 "plaintext mismatch"); 2015 2016 crypto_free_sync_skcipher(cts_tfm); 2017 crypto_free_sync_skcipher(cbc_tfm); 2018 } 2019 2020 static struct kunit_case encryption_test_cases[] = { 2021 { 2022 .name = "Encryption self-tests", 2023 .run_case = encrypt_selftest_case, 2024 .generate_params = encrypt_selftest_gen_params, 2025 }, 2026 }; 2027 2028 static struct kunit_suite encryption_test_suite = { 2029 .name = "Encryption test suite", 2030 .test_cases = encryption_test_cases, 2031 }; 2032 2033 kunit_test_suites(&rfc3961_suite, 2034 &rfc3962_suite, 2035 &rfc6803_suite, 2036 &rfc8009_suite, 2037 &encryption_test_suite); 2038 2039 MODULE_DESCRIPTION("Test RPCSEC GSS Kerberos 5 functions"); 2040 MODULE_LICENSE("GPL"); 2041