1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2022 Oracle and/or its affiliates. 4 * 5 * KUnit test of SunRPC's GSS Kerberos mechanism. Subsystem 6 * name is "rpcsec_gss_krb5". 7 */ 8 9 #include <kunit/test.h> 10 #include <kunit/visibility.h> 11 12 #include <linux/kernel.h> 13 #include <crypto/hash.h> 14 15 #include <linux/sunrpc/xdr.h> 16 #include <linux/sunrpc/gss_krb5.h> 17 18 #include "gss_krb5_internal.h" 19 20 MODULE_IMPORT_NS(EXPORTED_FOR_KUNIT_TESTING); 21 22 struct gss_krb5_test_param { 23 const char *desc; 24 u32 enctype; 25 u32 nfold; 26 u32 constant; 27 const struct xdr_netobj *base_key; 28 const struct xdr_netobj *Ke; 29 const struct xdr_netobj *usage; 30 const struct xdr_netobj *plaintext; 31 const struct xdr_netobj *confounder; 32 const struct xdr_netobj *expected_result; 33 const struct xdr_netobj *expected_hmac; 34 const struct xdr_netobj *next_iv; 35 }; 36 37 static inline void gss_krb5_get_desc(const struct gss_krb5_test_param *param, 38 char *desc) 39 { 40 strscpy(desc, param->desc, KUNIT_PARAM_DESC_SIZE); 41 } 42 43 static void kdf_case(struct kunit *test) 44 { 45 const struct gss_krb5_test_param *param = test->param_value; 46 const struct gss_krb5_enctype *gk5e; 47 struct xdr_netobj derivedkey; 48 int err; 49 50 /* Arrange */ 51 gk5e = gss_krb5_lookup_enctype(param->enctype); 52 if (!gk5e) 53 kunit_skip(test, "Encryption type is not available"); 54 55 derivedkey.data = kunit_kzalloc(test, param->expected_result->len, 56 GFP_KERNEL); 57 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, derivedkey.data); 58 derivedkey.len = param->expected_result->len; 59 60 /* Act */ 61 err = gk5e->derive_key(gk5e, param->base_key, &derivedkey, 62 param->usage, GFP_KERNEL); 63 KUNIT_ASSERT_EQ(test, err, 0); 64 65 /* Assert */ 66 KUNIT_EXPECT_EQ_MSG(test, 67 memcmp(param->expected_result->data, 68 derivedkey.data, derivedkey.len), 0, 69 "key mismatch"); 70 } 71 72 static void checksum_case(struct kunit *test) 73 { 74 const struct gss_krb5_test_param *param = test->param_value; 75 struct xdr_buf buf = { 76 .head[0].iov_base = param->plaintext->data, 77 .head[0].iov_len = param->plaintext->len, 78 .len = param->plaintext->len, 79 }; 80 const struct gss_krb5_enctype *gk5e; 81 struct xdr_netobj Kc, checksum; 82 struct crypto_ahash *tfm; 83 int err; 84 85 /* Arrange */ 86 gk5e = gss_krb5_lookup_enctype(param->enctype); 87 if (!gk5e) 88 kunit_skip(test, "Encryption type is not available"); 89 90 Kc.len = gk5e->Kc_length; 91 Kc.data = kunit_kzalloc(test, Kc.len, GFP_KERNEL); 92 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Kc.data); 93 err = gk5e->derive_key(gk5e, param->base_key, &Kc, 94 param->usage, GFP_KERNEL); 95 KUNIT_ASSERT_EQ(test, err, 0); 96 97 tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 98 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, tfm); 99 err = crypto_ahash_setkey(tfm, Kc.data, Kc.len); 100 KUNIT_ASSERT_EQ(test, err, 0); 101 102 checksum.len = gk5e->cksumlength; 103 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 104 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 105 106 /* Act */ 107 err = gss_krb5_checksum(tfm, NULL, 0, &buf, 0, &checksum); 108 KUNIT_ASSERT_EQ(test, err, 0); 109 110 /* Assert */ 111 KUNIT_EXPECT_EQ_MSG(test, 112 memcmp(param->expected_result->data, 113 checksum.data, checksum.len), 0, 114 "checksum mismatch"); 115 116 crypto_free_ahash(tfm); 117 } 118 119 #define DEFINE_HEX_XDR_NETOBJ(name, hex_array...) \ 120 static const u8 name ## _data[] = { hex_array }; \ 121 static const struct xdr_netobj name = { \ 122 .data = (u8 *)name##_data, \ 123 .len = sizeof(name##_data), \ 124 } 125 126 #define DEFINE_STR_XDR_NETOBJ(name, string) \ 127 static const u8 name ## _str[] = string; \ 128 static const struct xdr_netobj name = { \ 129 .data = (u8 *)name##_str, \ 130 .len = sizeof(name##_str) - 1, \ 131 } 132 133 /* 134 * RFC 3961 Appendix A.1. n-fold 135 * 136 * The n-fold function is defined in section 5.1 of RFC 3961. 137 * 138 * This test material is copyright (C) The Internet Society (2005). 139 */ 140 141 DEFINE_HEX_XDR_NETOBJ(nfold_test1_plaintext, 142 0x30, 0x31, 0x32, 0x33, 0x34, 0x35 143 ); 144 DEFINE_HEX_XDR_NETOBJ(nfold_test1_expected_result, 145 0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55 146 ); 147 148 DEFINE_HEX_XDR_NETOBJ(nfold_test2_plaintext, 149 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 150 ); 151 DEFINE_HEX_XDR_NETOBJ(nfold_test2_expected_result, 152 0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa 153 ); 154 155 DEFINE_HEX_XDR_NETOBJ(nfold_test3_plaintext, 156 0x52, 0x6f, 0x75, 0x67, 0x68, 0x20, 0x43, 0x6f, 157 0x6e, 0x73, 0x65, 0x6e, 0x73, 0x75, 0x73, 0x2c, 158 0x20, 0x61, 0x6e, 0x64, 0x20, 0x52, 0x75, 0x6e, 159 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x43, 0x6f, 0x64, 160 0x65 161 ); 162 DEFINE_HEX_XDR_NETOBJ(nfold_test3_expected_result, 163 0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0 164 ); 165 166 DEFINE_HEX_XDR_NETOBJ(nfold_test4_plaintext, 167 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 168 ); 169 DEFINE_HEX_XDR_NETOBJ(nfold_test4_expected_result, 170 0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3, 171 0xc3, 0x7b, 0x3f, 0x6d, 0x20, 0x00, 0x24, 0x7c, 172 0xb6, 0xe6, 0xbd, 0x5b, 0x3e 173 ); 174 175 DEFINE_HEX_XDR_NETOBJ(nfold_test5_plaintext, 176 0x4d, 0x41, 0x53, 0x53, 0x41, 0x43, 0x48, 0x56, 177 0x53, 0x45, 0x54, 0x54, 0x53, 0x20, 0x49, 0x4e, 178 0x53, 0x54, 0x49, 0x54, 0x56, 0x54, 0x45, 0x20, 179 0x4f, 0x46, 0x20, 0x54, 0x45, 0x43, 0x48, 0x4e, 180 0x4f, 0x4c, 0x4f, 0x47, 0x59 181 ); 182 DEFINE_HEX_XDR_NETOBJ(nfold_test5_expected_result, 183 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 184 0x32, 0x82, 0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22, 185 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b 186 ); 187 188 DEFINE_HEX_XDR_NETOBJ(nfold_test6_plaintext, 189 0x51 190 ); 191 DEFINE_HEX_XDR_NETOBJ(nfold_test6_expected_result, 192 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a, 193 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a, 194 0x51, 0x8a, 0x54, 0xa2, 0x15 195 ); 196 197 DEFINE_HEX_XDR_NETOBJ(nfold_test7_plaintext, 198 0x62, 0x61 199 ); 200 DEFINE_HEX_XDR_NETOBJ(nfold_test7_expected_result, 201 0xfb, 0x25, 0xd5, 0x31, 0xae, 0x89, 0x74, 0x49, 202 0x9f, 0x52, 0xfd, 0x92, 0xea, 0x98, 0x57, 0xc4, 203 0xba, 0x24, 0xcf, 0x29, 0x7e 204 ); 205 206 DEFINE_HEX_XDR_NETOBJ(nfold_test_kerberos, 207 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 208 ); 209 DEFINE_HEX_XDR_NETOBJ(nfold_test8_expected_result, 210 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 211 ); 212 DEFINE_HEX_XDR_NETOBJ(nfold_test9_expected_result, 213 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 214 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93 215 ); 216 DEFINE_HEX_XDR_NETOBJ(nfold_test10_expected_result, 217 0x83, 0x72, 0xc2, 0x36, 0x34, 0x4e, 0x5f, 0x15, 218 0x50, 0xcd, 0x07, 0x47, 0xe1, 0x5d, 0x62, 0xca, 219 0x7a, 0x5a, 0x3b, 0xce, 0xa4 220 ); 221 DEFINE_HEX_XDR_NETOBJ(nfold_test11_expected_result, 222 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 223 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93, 224 0x5c, 0x9b, 0xdc, 0xda, 0xd9, 0x5c, 0x98, 0x99, 225 0xc4, 0xca, 0xe4, 0xde, 0xe6, 0xd6, 0xca, 0xe4 226 ); 227 228 static const struct gss_krb5_test_param rfc3961_nfold_test_params[] = { 229 { 230 .desc = "64-fold(\"012345\")", 231 .nfold = 64, 232 .plaintext = &nfold_test1_plaintext, 233 .expected_result = &nfold_test1_expected_result, 234 }, 235 { 236 .desc = "56-fold(\"password\")", 237 .nfold = 56, 238 .plaintext = &nfold_test2_plaintext, 239 .expected_result = &nfold_test2_expected_result, 240 }, 241 { 242 .desc = "64-fold(\"Rough Consensus, and Running Code\")", 243 .nfold = 64, 244 .plaintext = &nfold_test3_plaintext, 245 .expected_result = &nfold_test3_expected_result, 246 }, 247 { 248 .desc = "168-fold(\"password\")", 249 .nfold = 168, 250 .plaintext = &nfold_test4_plaintext, 251 .expected_result = &nfold_test4_expected_result, 252 }, 253 { 254 .desc = "192-fold(\"MASSACHVSETTS INSTITVTE OF TECHNOLOGY\")", 255 .nfold = 192, 256 .plaintext = &nfold_test5_plaintext, 257 .expected_result = &nfold_test5_expected_result, 258 }, 259 { 260 .desc = "168-fold(\"Q\")", 261 .nfold = 168, 262 .plaintext = &nfold_test6_plaintext, 263 .expected_result = &nfold_test6_expected_result, 264 }, 265 { 266 .desc = "168-fold(\"ba\")", 267 .nfold = 168, 268 .plaintext = &nfold_test7_plaintext, 269 .expected_result = &nfold_test7_expected_result, 270 }, 271 { 272 .desc = "64-fold(\"kerberos\")", 273 .nfold = 64, 274 .plaintext = &nfold_test_kerberos, 275 .expected_result = &nfold_test8_expected_result, 276 }, 277 { 278 .desc = "128-fold(\"kerberos\")", 279 .nfold = 128, 280 .plaintext = &nfold_test_kerberos, 281 .expected_result = &nfold_test9_expected_result, 282 }, 283 { 284 .desc = "168-fold(\"kerberos\")", 285 .nfold = 168, 286 .plaintext = &nfold_test_kerberos, 287 .expected_result = &nfold_test10_expected_result, 288 }, 289 { 290 .desc = "256-fold(\"kerberos\")", 291 .nfold = 256, 292 .plaintext = &nfold_test_kerberos, 293 .expected_result = &nfold_test11_expected_result, 294 }, 295 }; 296 297 /* Creates the function rfc3961_nfold_gen_params */ 298 KUNIT_ARRAY_PARAM(rfc3961_nfold, rfc3961_nfold_test_params, gss_krb5_get_desc); 299 300 static void rfc3961_nfold_case(struct kunit *test) 301 { 302 const struct gss_krb5_test_param *param = test->param_value; 303 u8 *result; 304 305 /* Arrange */ 306 result = kunit_kzalloc(test, 4096, GFP_KERNEL); 307 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, result); 308 309 /* Act */ 310 krb5_nfold(param->plaintext->len * 8, param->plaintext->data, 311 param->expected_result->len * 8, result); 312 313 /* Assert */ 314 KUNIT_EXPECT_EQ_MSG(test, 315 memcmp(param->expected_result->data, 316 result, param->expected_result->len), 0, 317 "result mismatch"); 318 } 319 320 /* 321 * RFC 3961 Appendix A.3. DES3 DR and DK 322 * 323 * These tests show the derived-random and derived-key values for the 324 * des3-hmac-sha1-kd encryption scheme, using the DR and DK functions 325 * defined in section 6.3.1. The input keys were randomly generated; 326 * the usage values are from this specification. 327 * 328 * This test material is copyright (C) The Internet Society (2005). 329 */ 330 331 DEFINE_HEX_XDR_NETOBJ(des3_dk_usage_155, 332 0x00, 0x00, 0x00, 0x01, 0x55 333 ); 334 335 DEFINE_HEX_XDR_NETOBJ(des3_dk_usage_1aa, 336 0x00, 0x00, 0x00, 0x01, 0xaa 337 ); 338 339 DEFINE_HEX_XDR_NETOBJ(des3_dk_usage_kerberos, 340 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 341 ); 342 343 DEFINE_HEX_XDR_NETOBJ(des3_dk_test1_base_key, 344 0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, 345 0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c, 346 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92 347 ); 348 DEFINE_HEX_XDR_NETOBJ(des3_dk_test1_derived_key, 349 0x92, 0x51, 0x79, 0xd0, 0x45, 0x91, 0xa7, 0x9b, 350 0x5d, 0x31, 0x92, 0xc4, 0xa7, 0xe9, 0xc2, 0x89, 351 0xb0, 0x49, 0xc7, 0x1f, 0x6e, 0xe6, 0x04, 0xcd 352 ); 353 354 DEFINE_HEX_XDR_NETOBJ(des3_dk_test2_base_key, 355 0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, 356 0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b, 357 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2 358 ); 359 DEFINE_HEX_XDR_NETOBJ(des3_dk_test2_derived_key, 360 0x9e, 0x58, 0xe5, 0xa1, 0x46, 0xd9, 0x94, 0x2a, 361 0x10, 0x1c, 0x46, 0x98, 0x45, 0xd6, 0x7a, 0x20, 362 0xe3, 0xc4, 0x25, 0x9e, 0xd9, 0x13, 0xf2, 0x07 363 ); 364 365 DEFINE_HEX_XDR_NETOBJ(des3_dk_test3_base_key, 366 0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85, 367 0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52, 368 0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc 369 ); 370 DEFINE_HEX_XDR_NETOBJ(des3_dk_test3_derived_key, 371 0x13, 0xfe, 0xf8, 0x0d, 0x76, 0x3e, 0x94, 0xec, 372 0x6d, 0x13, 0xfd, 0x2c, 0xa1, 0xd0, 0x85, 0x07, 373 0x02, 0x49, 0xda, 0xd3, 0x98, 0x08, 0xea, 0xbf 374 ); 375 376 DEFINE_HEX_XDR_NETOBJ(des3_dk_test4_base_key, 377 0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad, 378 0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02, 379 0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5 380 ); 381 DEFINE_HEX_XDR_NETOBJ(des3_dk_test4_derived_key, 382 0xf8, 0xdf, 0xbf, 0x04, 0xb0, 0x97, 0xe6, 0xd9, 383 0xdc, 0x07, 0x02, 0x68, 0x6b, 0xcb, 0x34, 0x89, 384 0xd9, 0x1f, 0xd9, 0xa4, 0x51, 0x6b, 0x70, 0x3e 385 ); 386 387 DEFINE_HEX_XDR_NETOBJ(des3_dk_test5_base_key, 388 0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38, 389 0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92, 390 0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb 391 ); 392 DEFINE_HEX_XDR_NETOBJ(des3_dk_test5_derived_key, 393 0x23, 0x70, 0xda, 0x57, 0x5d, 0x2a, 0x3d, 0xa8, 394 0x64, 0xce, 0xbf, 0xdc, 0x52, 0x04, 0xd5, 0x6d, 395 0xf7, 0x79, 0xa7, 0xdf, 0x43, 0xd9, 0xda, 0x43 396 ); 397 398 DEFINE_HEX_XDR_NETOBJ(des3_dk_test6_base_key, 399 0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62, 400 0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d, 401 0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda 402 ); 403 DEFINE_HEX_XDR_NETOBJ(des3_dk_test6_derived_key, 404 0x34, 0x80, 0x57, 0xec, 0x98, 0xfd, 0xc4, 0x80, 405 0x16, 0x16, 0x1c, 0x2a, 0x4c, 0x7a, 0x94, 0x3e, 406 0x92, 0xae, 0x49, 0x2c, 0x98, 0x91, 0x75, 0xf7 407 ); 408 409 DEFINE_HEX_XDR_NETOBJ(des3_dk_test7_base_key, 410 0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13, 411 0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79, 412 0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c 413 ); 414 DEFINE_HEX_XDR_NETOBJ(des3_dk_test7_derived_key, 415 0xa8, 0x80, 0x8a, 0xc2, 0x67, 0xda, 0xda, 0x3d, 416 0xcb, 0xe9, 0xa7, 0xc8, 0x46, 0x26, 0xfb, 0xc7, 417 0x61, 0xc2, 0x94, 0xb0, 0x13, 0x15, 0xe5, 0xc1 418 ); 419 420 DEFINE_HEX_XDR_NETOBJ(des3_dk_test8_base_key, 421 0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57, 422 0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1, 423 0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43 424 ); 425 DEFINE_HEX_XDR_NETOBJ(des3_dk_test8_derived_key, 426 0xc8, 0x13, 0xf8, 0x8a, 0x3b, 0xe3, 0xb3, 0x34, 427 0xf7, 0x54, 0x25, 0xce, 0x91, 0x75, 0xfb, 0xe3, 428 0xc8, 0x49, 0x3b, 0x89, 0xc8, 0x70, 0x3b, 0x49 429 ); 430 431 DEFINE_HEX_XDR_NETOBJ(des3_dk_test9_base_key, 432 0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, 433 0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4, 434 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16 435 ); 436 DEFINE_HEX_XDR_NETOBJ(des3_dk_test9_derived_key, 437 0xf4, 0x8f, 0xfd, 0x6e, 0x83, 0xf8, 0x3e, 0x73, 438 0x54, 0xe6, 0x94, 0xfd, 0x25, 0x2c, 0xf8, 0x3b, 439 0xfe, 0x58, 0xf7, 0xd5, 0xba, 0x37, 0xec, 0x5d 440 ); 441 442 static const struct gss_krb5_test_param rfc3961_kdf_test_params[] = { 443 { 444 .desc = "des3-hmac-sha1 key derivation case 1", 445 .enctype = ENCTYPE_DES3_CBC_RAW, 446 .base_key = &des3_dk_test1_base_key, 447 .usage = &des3_dk_usage_155, 448 .expected_result = &des3_dk_test1_derived_key, 449 }, 450 { 451 .desc = "des3-hmac-sha1 key derivation case 2", 452 .enctype = ENCTYPE_DES3_CBC_RAW, 453 .base_key = &des3_dk_test2_base_key, 454 .usage = &des3_dk_usage_1aa, 455 .expected_result = &des3_dk_test2_derived_key, 456 }, 457 { 458 .desc = "des3-hmac-sha1 key derivation case 3", 459 .enctype = ENCTYPE_DES3_CBC_RAW, 460 .base_key = &des3_dk_test3_base_key, 461 .usage = &des3_dk_usage_155, 462 .expected_result = &des3_dk_test3_derived_key, 463 }, 464 { 465 .desc = "des3-hmac-sha1 key derivation case 4", 466 .enctype = ENCTYPE_DES3_CBC_RAW, 467 .base_key = &des3_dk_test4_base_key, 468 .usage = &des3_dk_usage_1aa, 469 .expected_result = &des3_dk_test4_derived_key, 470 }, 471 { 472 .desc = "des3-hmac-sha1 key derivation case 5", 473 .enctype = ENCTYPE_DES3_CBC_RAW, 474 .base_key = &des3_dk_test5_base_key, 475 .usage = &des3_dk_usage_kerberos, 476 .expected_result = &des3_dk_test5_derived_key, 477 }, 478 { 479 .desc = "des3-hmac-sha1 key derivation case 6", 480 .enctype = ENCTYPE_DES3_CBC_RAW, 481 .base_key = &des3_dk_test6_base_key, 482 .usage = &des3_dk_usage_155, 483 .expected_result = &des3_dk_test6_derived_key, 484 }, 485 { 486 .desc = "des3-hmac-sha1 key derivation case 7", 487 .enctype = ENCTYPE_DES3_CBC_RAW, 488 .base_key = &des3_dk_test7_base_key, 489 .usage = &des3_dk_usage_1aa, 490 .expected_result = &des3_dk_test7_derived_key, 491 }, 492 { 493 .desc = "des3-hmac-sha1 key derivation case 8", 494 .enctype = ENCTYPE_DES3_CBC_RAW, 495 .base_key = &des3_dk_test8_base_key, 496 .usage = &des3_dk_usage_155, 497 .expected_result = &des3_dk_test8_derived_key, 498 }, 499 { 500 .desc = "des3-hmac-sha1 key derivation case 9", 501 .enctype = ENCTYPE_DES3_CBC_RAW, 502 .base_key = &des3_dk_test9_base_key, 503 .usage = &des3_dk_usage_1aa, 504 .expected_result = &des3_dk_test9_derived_key, 505 }, 506 }; 507 508 /* Creates the function rfc3961_kdf_gen_params */ 509 KUNIT_ARRAY_PARAM(rfc3961_kdf, rfc3961_kdf_test_params, gss_krb5_get_desc); 510 511 static struct kunit_case rfc3961_test_cases[] = { 512 { 513 .name = "RFC 3961 n-fold", 514 .run_case = rfc3961_nfold_case, 515 .generate_params = rfc3961_nfold_gen_params, 516 }, 517 { 518 .name = "RFC 3961 key derivation", 519 .run_case = kdf_case, 520 .generate_params = rfc3961_kdf_gen_params, 521 }, 522 {} 523 }; 524 525 static struct kunit_suite rfc3961_suite = { 526 .name = "RFC 3961 tests", 527 .test_cases = rfc3961_test_cases, 528 }; 529 530 /* 531 * From RFC 3962 Appendix B: Sample Test Vectors 532 * 533 * Some test vectors for CBC with ciphertext stealing, using an 534 * initial vector of all-zero. 535 * 536 * This test material is copyright (C) The Internet Society (2005). 537 */ 538 539 DEFINE_HEX_XDR_NETOBJ(rfc3962_encryption_key, 540 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20, 541 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 542 ); 543 544 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_plaintext, 545 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 546 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 547 0x20 548 ); 549 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_expected_result, 550 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, 551 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, 552 0x97 553 ); 554 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_next_iv, 555 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, 556 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f 557 ); 558 559 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_plaintext, 560 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 561 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 562 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 563 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20 564 ); 565 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_expected_result, 566 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, 567 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22, 568 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 569 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 570 ); 571 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_next_iv, 572 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, 573 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22 574 ); 575 576 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_plaintext, 577 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 578 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 579 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 580 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43 581 ); 582 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_expected_result, 583 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 584 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 585 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 586 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 587 ); 588 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_next_iv, 589 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 590 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 591 ); 592 593 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_plaintext, 594 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 595 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 596 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 597 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 598 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 599 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c 600 ); 601 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_expected_result, 602 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 603 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 604 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, 605 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e, 606 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 607 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 608 ); 609 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_next_iv, 610 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, 611 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e 612 ); 613 614 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_plaintext, 615 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 616 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 617 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 618 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 619 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 620 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20 621 ); 622 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_expected_result, 623 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 624 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 625 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 626 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8, 627 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 628 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 629 ); 630 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_next_iv, 631 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 632 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 633 ); 634 635 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_plaintext, 636 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 637 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 638 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 639 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 640 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 641 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20, 642 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74, 643 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e 644 ); 645 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_expected_result, 646 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 647 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 648 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 649 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 650 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, 651 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40, 652 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 653 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 654 ); 655 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_next_iv, 656 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, 657 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40 658 ); 659 660 static const struct gss_krb5_test_param rfc3962_encrypt_test_params[] = { 661 { 662 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 1", 663 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 664 .Ke = &rfc3962_encryption_key, 665 .plaintext = &rfc3962_enc_test1_plaintext, 666 .expected_result = &rfc3962_enc_test1_expected_result, 667 .next_iv = &rfc3962_enc_test1_next_iv, 668 }, 669 { 670 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 2", 671 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 672 .Ke = &rfc3962_encryption_key, 673 .plaintext = &rfc3962_enc_test2_plaintext, 674 .expected_result = &rfc3962_enc_test2_expected_result, 675 .next_iv = &rfc3962_enc_test2_next_iv, 676 }, 677 { 678 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 3", 679 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 680 .Ke = &rfc3962_encryption_key, 681 .plaintext = &rfc3962_enc_test3_plaintext, 682 .expected_result = &rfc3962_enc_test3_expected_result, 683 .next_iv = &rfc3962_enc_test3_next_iv, 684 }, 685 { 686 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 4", 687 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 688 .Ke = &rfc3962_encryption_key, 689 .plaintext = &rfc3962_enc_test4_plaintext, 690 .expected_result = &rfc3962_enc_test4_expected_result, 691 .next_iv = &rfc3962_enc_test4_next_iv, 692 }, 693 { 694 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 5", 695 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 696 .Ke = &rfc3962_encryption_key, 697 .plaintext = &rfc3962_enc_test5_plaintext, 698 .expected_result = &rfc3962_enc_test5_expected_result, 699 .next_iv = &rfc3962_enc_test5_next_iv, 700 }, 701 { 702 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 6", 703 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 704 .Ke = &rfc3962_encryption_key, 705 .plaintext = &rfc3962_enc_test6_plaintext, 706 .expected_result = &rfc3962_enc_test6_expected_result, 707 .next_iv = &rfc3962_enc_test6_next_iv, 708 }, 709 }; 710 711 /* Creates the function rfc3962_encrypt_gen_params */ 712 KUNIT_ARRAY_PARAM(rfc3962_encrypt, rfc3962_encrypt_test_params, 713 gss_krb5_get_desc); 714 715 /* 716 * This tests the implementation of the encryption part of the mechanism. 717 * It does not apply a confounder or test the result of HMAC over the 718 * plaintext. 719 */ 720 static void rfc3962_encrypt_case(struct kunit *test) 721 { 722 const struct gss_krb5_test_param *param = test->param_value; 723 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 724 const struct gss_krb5_enctype *gk5e; 725 struct xdr_buf buf; 726 void *iv, *text; 727 u32 err; 728 729 /* Arrange */ 730 gk5e = gss_krb5_lookup_enctype(param->enctype); 731 if (!gk5e) 732 kunit_skip(test, "Encryption type is not available"); 733 734 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 735 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 736 err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len); 737 KUNIT_ASSERT_EQ(test, err, 0); 738 739 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 740 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 741 err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len); 742 KUNIT_ASSERT_EQ(test, err, 0); 743 744 iv = kunit_kzalloc(test, crypto_sync_skcipher_ivsize(cts_tfm), GFP_KERNEL); 745 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, iv); 746 747 text = kunit_kzalloc(test, param->plaintext->len, GFP_KERNEL); 748 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 749 750 memcpy(text, param->plaintext->data, param->plaintext->len); 751 memset(&buf, 0, sizeof(buf)); 752 buf.head[0].iov_base = text; 753 buf.head[0].iov_len = param->plaintext->len; 754 buf.len = buf.head[0].iov_len; 755 756 /* Act */ 757 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, 758 iv, crypto_sync_skcipher_ivsize(cts_tfm)); 759 KUNIT_ASSERT_EQ(test, err, 0); 760 761 /* Assert */ 762 KUNIT_EXPECT_EQ_MSG(test, 763 param->expected_result->len, buf.len, 764 "ciphertext length mismatch"); 765 KUNIT_EXPECT_EQ_MSG(test, 766 memcmp(param->expected_result->data, 767 text, param->expected_result->len), 0, 768 "ciphertext mismatch"); 769 KUNIT_EXPECT_EQ_MSG(test, 770 memcmp(param->next_iv->data, iv, 771 param->next_iv->len), 0, 772 "IV mismatch"); 773 774 crypto_free_sync_skcipher(cts_tfm); 775 crypto_free_sync_skcipher(cbc_tfm); 776 } 777 778 static struct kunit_case rfc3962_test_cases[] = { 779 { 780 .name = "RFC 3962 encryption", 781 .run_case = rfc3962_encrypt_case, 782 .generate_params = rfc3962_encrypt_gen_params, 783 }, 784 {} 785 }; 786 787 static struct kunit_suite rfc3962_suite = { 788 .name = "RFC 3962 suite", 789 .test_cases = rfc3962_test_cases, 790 }; 791 792 /* 793 * From RFC 6803 Section 10. Test vectors 794 * 795 * Sample results for key derivation 796 * 797 * Copyright (c) 2012 IETF Trust and the persons identified as the 798 * document authors. All rights reserved. 799 */ 800 801 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_basekey, 802 0x57, 0xd0, 0x29, 0x72, 0x98, 0xff, 0xd9, 0xd3, 803 0x5d, 0xe5, 0xa4, 0x7f, 0xb4, 0xbd, 0xe2, 0x4b 804 ); 805 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Kc, 806 0xd1, 0x55, 0x77, 0x5a, 0x20, 0x9d, 0x05, 0xf0, 807 0x2b, 0x38, 0xd4, 0x2a, 0x38, 0x9e, 0x5a, 0x56 808 ); 809 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ke, 810 0x64, 0xdf, 0x83, 0xf8, 0x5a, 0x53, 0x2f, 0x17, 811 0x57, 0x7d, 0x8c, 0x37, 0x03, 0x57, 0x96, 0xab 812 ); 813 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ki, 814 0x3e, 0x4f, 0xbd, 0xf3, 0x0f, 0xb8, 0x25, 0x9c, 815 0x42, 0x5c, 0xb6, 0xc9, 0x6f, 0x1f, 0x46, 0x35 816 ); 817 818 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_basekey, 819 0xb9, 0xd6, 0x82, 0x8b, 0x20, 0x56, 0xb7, 0xbe, 820 0x65, 0x6d, 0x88, 0xa1, 0x23, 0xb1, 0xfa, 0xc6, 821 0x82, 0x14, 0xac, 0x2b, 0x72, 0x7e, 0xcf, 0x5f, 822 0x69, 0xaf, 0xe0, 0xc4, 0xdf, 0x2a, 0x6d, 0x2c 823 ); 824 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Kc, 825 0xe4, 0x67, 0xf9, 0xa9, 0x55, 0x2b, 0xc7, 0xd3, 826 0x15, 0x5a, 0x62, 0x20, 0xaf, 0x9c, 0x19, 0x22, 827 0x0e, 0xee, 0xd4, 0xff, 0x78, 0xb0, 0xd1, 0xe6, 828 0xa1, 0x54, 0x49, 0x91, 0x46, 0x1a, 0x9e, 0x50 829 ); 830 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ke, 831 0x41, 0x2a, 0xef, 0xc3, 0x62, 0xa7, 0x28, 0x5f, 832 0xc3, 0x96, 0x6c, 0x6a, 0x51, 0x81, 0xe7, 0x60, 833 0x5a, 0xe6, 0x75, 0x23, 0x5b, 0x6d, 0x54, 0x9f, 834 0xbf, 0xc9, 0xab, 0x66, 0x30, 0xa4, 0xc6, 0x04 835 ); 836 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ki, 837 0xfa, 0x62, 0x4f, 0xa0, 0xe5, 0x23, 0x99, 0x3f, 838 0xa3, 0x88, 0xae, 0xfd, 0xc6, 0x7e, 0x67, 0xeb, 839 0xcd, 0x8c, 0x08, 0xe8, 0xa0, 0x24, 0x6b, 0x1d, 840 0x73, 0xb0, 0xd1, 0xdd, 0x9f, 0xc5, 0x82, 0xb0 841 ); 842 843 DEFINE_HEX_XDR_NETOBJ(usage_checksum, 844 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_CHECKSUM 845 ); 846 DEFINE_HEX_XDR_NETOBJ(usage_encryption, 847 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_ENCRYPTION 848 ); 849 DEFINE_HEX_XDR_NETOBJ(usage_integrity, 850 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_INTEGRITY 851 ); 852 853 static const struct gss_krb5_test_param rfc6803_kdf_test_params[] = { 854 { 855 .desc = "Derive Kc subkey for camellia128-cts-cmac", 856 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 857 .base_key = &camellia128_cts_cmac_basekey, 858 .usage = &usage_checksum, 859 .expected_result = &camellia128_cts_cmac_Kc, 860 }, 861 { 862 .desc = "Derive Ke subkey for camellia128-cts-cmac", 863 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 864 .base_key = &camellia128_cts_cmac_basekey, 865 .usage = &usage_encryption, 866 .expected_result = &camellia128_cts_cmac_Ke, 867 }, 868 { 869 .desc = "Derive Ki subkey for camellia128-cts-cmac", 870 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 871 .base_key = &camellia128_cts_cmac_basekey, 872 .usage = &usage_integrity, 873 .expected_result = &camellia128_cts_cmac_Ki, 874 }, 875 { 876 .desc = "Derive Kc subkey for camellia256-cts-cmac", 877 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 878 .base_key = &camellia256_cts_cmac_basekey, 879 .usage = &usage_checksum, 880 .expected_result = &camellia256_cts_cmac_Kc, 881 }, 882 { 883 .desc = "Derive Ke subkey for camellia256-cts-cmac", 884 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 885 .base_key = &camellia256_cts_cmac_basekey, 886 .usage = &usage_encryption, 887 .expected_result = &camellia256_cts_cmac_Ke, 888 }, 889 { 890 .desc = "Derive Ki subkey for camellia256-cts-cmac", 891 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 892 .base_key = &camellia256_cts_cmac_basekey, 893 .usage = &usage_integrity, 894 .expected_result = &camellia256_cts_cmac_Ki, 895 }, 896 }; 897 898 /* Creates the function rfc6803_kdf_gen_params */ 899 KUNIT_ARRAY_PARAM(rfc6803_kdf, rfc6803_kdf_test_params, gss_krb5_get_desc); 900 901 /* 902 * From RFC 6803 Section 10. Test vectors 903 * 904 * Sample checksums. 905 * 906 * Copyright (c) 2012 IETF Trust and the persons identified as the 907 * document authors. All rights reserved. 908 * 909 * XXX: These tests are likely to fail on EBCDIC or Unicode platforms. 910 */ 911 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test1_plaintext, 912 "abcdefghijk"); 913 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_basekey, 914 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93, 915 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3 916 ); 917 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_usage, 918 0x00, 0x00, 0x00, 0x07, KEY_USAGE_SEED_CHECKSUM 919 ); 920 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_expected_result, 921 0x11, 0x78, 0xe6, 0xc5, 0xc4, 0x7a, 0x8c, 0x1a, 922 0xe0, 0xc4, 0xb9, 0xc7, 0xd4, 0xeb, 0x7b, 0x6b 923 ); 924 925 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test2_plaintext, 926 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"); 927 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_basekey, 928 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d, 929 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c 930 ); 931 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_usage, 932 0x00, 0x00, 0x00, 0x08, KEY_USAGE_SEED_CHECKSUM 933 ); 934 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_expected_result, 935 0xd1, 0xb3, 0x4f, 0x70, 0x04, 0xa7, 0x31, 0xf2, 936 0x3a, 0x0c, 0x00, 0xbf, 0x6c, 0x3f, 0x75, 0x3a 937 ); 938 939 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test3_plaintext, 940 "123456789"); 941 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_basekey, 942 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57, 943 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03, 944 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd, 945 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b 946 ); 947 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_usage, 948 0x00, 0x00, 0x00, 0x09, KEY_USAGE_SEED_CHECKSUM 949 ); 950 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_expected_result, 951 0x87, 0xa1, 0x2c, 0xfd, 0x2b, 0x96, 0x21, 0x48, 952 0x10, 0xf0, 0x1c, 0x82, 0x6e, 0x77, 0x44, 0xb1 953 ); 954 955 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test4_plaintext, 956 "!@#$%^&*()!@#$%^&*()!@#$%^&*()"); 957 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_basekey, 958 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15, 959 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe, 960 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33, 961 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05 962 ); 963 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_usage, 964 0x00, 0x00, 0x00, 0x0a, KEY_USAGE_SEED_CHECKSUM 965 ); 966 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_expected_result, 967 0x3f, 0xa0, 0xb4, 0x23, 0x55, 0xe5, 0x2b, 0x18, 968 0x91, 0x87, 0x29, 0x4a, 0xa2, 0x52, 0xab, 0x64 969 ); 970 971 static const struct gss_krb5_test_param rfc6803_checksum_test_params[] = { 972 { 973 .desc = "camellia128-cts-cmac checksum test 1", 974 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 975 .base_key = &rfc6803_checksum_test1_basekey, 976 .usage = &rfc6803_checksum_test1_usage, 977 .plaintext = &rfc6803_checksum_test1_plaintext, 978 .expected_result = &rfc6803_checksum_test1_expected_result, 979 }, 980 { 981 .desc = "camellia128-cts-cmac checksum test 2", 982 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 983 .base_key = &rfc6803_checksum_test2_basekey, 984 .usage = &rfc6803_checksum_test2_usage, 985 .plaintext = &rfc6803_checksum_test2_plaintext, 986 .expected_result = &rfc6803_checksum_test2_expected_result, 987 }, 988 { 989 .desc = "camellia256-cts-cmac checksum test 3", 990 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 991 .base_key = &rfc6803_checksum_test3_basekey, 992 .usage = &rfc6803_checksum_test3_usage, 993 .plaintext = &rfc6803_checksum_test3_plaintext, 994 .expected_result = &rfc6803_checksum_test3_expected_result, 995 }, 996 { 997 .desc = "camellia256-cts-cmac checksum test 4", 998 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 999 .base_key = &rfc6803_checksum_test4_basekey, 1000 .usage = &rfc6803_checksum_test4_usage, 1001 .plaintext = &rfc6803_checksum_test4_plaintext, 1002 .expected_result = &rfc6803_checksum_test4_expected_result, 1003 }, 1004 }; 1005 1006 /* Creates the function rfc6803_checksum_gen_params */ 1007 KUNIT_ARRAY_PARAM(rfc6803_checksum, rfc6803_checksum_test_params, 1008 gss_krb5_get_desc); 1009 1010 /* 1011 * From RFC 6803 Section 10. Test vectors 1012 * 1013 * Sample encryptions (all using the default cipher state) 1014 * 1015 * Copyright (c) 2012 IETF Trust and the persons identified as the 1016 * document authors. All rights reserved. 1017 * 1018 * Key usage values are from errata 4326 against RFC 6803. 1019 */ 1020 1021 static const struct xdr_netobj rfc6803_enc_empty_plaintext = { 1022 .len = 0, 1023 }; 1024 1025 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_1byte_plaintext, "1"); 1026 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_9byte_plaintext, "9 bytesss"); 1027 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_13byte_plaintext, "13 bytes byte"); 1028 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_30byte_plaintext, 1029 "30 bytes bytes bytes bytes byt" 1030 ); 1031 1032 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_confounder, 1033 0xb6, 0x98, 0x22, 0xa1, 0x9a, 0x6b, 0x09, 0xc0, 1034 0xeb, 0xc8, 0x55, 0x7d, 0x1f, 0x1b, 0x6c, 0x0a 1035 ); 1036 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_basekey, 1037 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93, 1038 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3 1039 ); 1040 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_expected_result, 1041 0xc4, 0x66, 0xf1, 0x87, 0x10, 0x69, 0x92, 0x1e, 1042 0xdb, 0x7c, 0x6f, 0xde, 0x24, 0x4a, 0x52, 0xdb, 1043 0x0b, 0xa1, 0x0e, 0xdc, 0x19, 0x7b, 0xdb, 0x80, 1044 0x06, 0x65, 0x8c, 0xa3, 0xcc, 0xce, 0x6e, 0xb8 1045 ); 1046 1047 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_confounder, 1048 0x6f, 0x2f, 0xc3, 0xc2, 0xa1, 0x66, 0xfd, 0x88, 1049 0x98, 0x96, 0x7a, 0x83, 0xde, 0x95, 0x96, 0xd9 1050 ); 1051 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_basekey, 1052 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d, 1053 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c 1054 ); 1055 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_expected_result, 1056 0x84, 0x2d, 0x21, 0xfd, 0x95, 0x03, 0x11, 0xc0, 1057 0xdd, 0x46, 0x4a, 0x3f, 0x4b, 0xe8, 0xd6, 0xda, 1058 0x88, 0xa5, 0x6d, 0x55, 0x9c, 0x9b, 0x47, 0xd3, 1059 0xf9, 0xa8, 0x50, 0x67, 0xaf, 0x66, 0x15, 0x59, 1060 0xb8 1061 ); 1062 1063 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_confounder, 1064 0xa5, 0xb4, 0xa7, 0x1e, 0x07, 0x7a, 0xee, 0xf9, 1065 0x3c, 0x87, 0x63, 0xc1, 0x8f, 0xdb, 0x1f, 0x10 1066 ); 1067 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_basekey, 1068 0xa1, 0xbb, 0x61, 0xe8, 0x05, 0xf9, 0xba, 0x6d, 1069 0xde, 0x8f, 0xdb, 0xdd, 0xc0, 0x5c, 0xde, 0xa0 1070 ); 1071 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_expected_result, 1072 0x61, 0x9f, 0xf0, 0x72, 0xe3, 0x62, 0x86, 0xff, 1073 0x0a, 0x28, 0xde, 0xb3, 0xa3, 0x52, 0xec, 0x0d, 1074 0x0e, 0xdf, 0x5c, 0x51, 0x60, 0xd6, 0x63, 0xc9, 1075 0x01, 0x75, 0x8c, 0xcf, 0x9d, 0x1e, 0xd3, 0x3d, 1076 0x71, 0xdb, 0x8f, 0x23, 0xaa, 0xbf, 0x83, 0x48, 1077 0xa0 1078 ); 1079 1080 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_confounder, 1081 0x19, 0xfe, 0xe4, 0x0d, 0x81, 0x0c, 0x52, 0x4b, 1082 0x5b, 0x22, 0xf0, 0x18, 0x74, 0xc6, 0x93, 0xda 1083 ); 1084 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_basekey, 1085 0x2c, 0xa2, 0x7a, 0x5f, 0xaf, 0x55, 0x32, 0x24, 1086 0x45, 0x06, 0x43, 0x4e, 0x1c, 0xef, 0x66, 0x76 1087 ); 1088 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_expected_result, 1089 0xb8, 0xec, 0xa3, 0x16, 0x7a, 0xe6, 0x31, 0x55, 1090 0x12, 0xe5, 0x9f, 0x98, 0xa7, 0xc5, 0x00, 0x20, 1091 0x5e, 0x5f, 0x63, 0xff, 0x3b, 0xb3, 0x89, 0xaf, 1092 0x1c, 0x41, 0xa2, 0x1d, 0x64, 0x0d, 0x86, 0x15, 1093 0xc9, 0xed, 0x3f, 0xbe, 0xb0, 0x5a, 0xb6, 0xac, 1094 0xb6, 0x76, 0x89, 0xb5, 0xea 1095 ); 1096 1097 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_confounder, 1098 0xca, 0x7a, 0x7a, 0xb4, 0xbe, 0x19, 0x2d, 0xab, 1099 0xd6, 0x03, 0x50, 0x6d, 0xb1, 0x9c, 0x39, 0xe2 1100 ); 1101 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_basekey, 1102 0x78, 0x24, 0xf8, 0xc1, 0x6f, 0x83, 0xff, 0x35, 1103 0x4c, 0x6b, 0xf7, 0x51, 0x5b, 0x97, 0x3f, 0x43 1104 ); 1105 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_expected_result, 1106 0xa2, 0x6a, 0x39, 0x05, 0xa4, 0xff, 0xd5, 0x81, 1107 0x6b, 0x7b, 0x1e, 0x27, 0x38, 0x0d, 0x08, 0x09, 1108 0x0c, 0x8e, 0xc1, 0xf3, 0x04, 0x49, 0x6e, 0x1a, 1109 0xbd, 0xcd, 0x2b, 0xdc, 0xd1, 0xdf, 0xfc, 0x66, 1110 0x09, 0x89, 0xe1, 0x17, 0xa7, 0x13, 0xdd, 0xbb, 1111 0x57, 0xa4, 0x14, 0x6c, 0x15, 0x87, 0xcb, 0xa4, 1112 0x35, 0x66, 0x65, 0x59, 0x1d, 0x22, 0x40, 0x28, 1113 0x2f, 0x58, 0x42, 0xb1, 0x05, 0xa5 1114 ); 1115 1116 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_confounder, 1117 0x3c, 0xbb, 0xd2, 0xb4, 0x59, 0x17, 0x94, 0x10, 1118 0x67, 0xf9, 0x65, 0x99, 0xbb, 0x98, 0x92, 0x6c 1119 ); 1120 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_basekey, 1121 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57, 1122 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03, 1123 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd, 1124 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b 1125 ); 1126 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_expected_result, 1127 0x03, 0x88, 0x6d, 0x03, 0x31, 0x0b, 0x47, 0xa6, 1128 0xd8, 0xf0, 0x6d, 0x7b, 0x94, 0xd1, 0xdd, 0x83, 1129 0x7e, 0xcc, 0xe3, 0x15, 0xef, 0x65, 0x2a, 0xff, 1130 0x62, 0x08, 0x59, 0xd9, 0x4a, 0x25, 0x92, 0x66 1131 ); 1132 1133 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_confounder, 1134 0xde, 0xf4, 0x87, 0xfc, 0xeb, 0xe6, 0xde, 0x63, 1135 0x46, 0xd4, 0xda, 0x45, 0x21, 0xbb, 0xa2, 0xd2 1136 ); 1137 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_basekey, 1138 0x1b, 0x97, 0xfe, 0x0a, 0x19, 0x0e, 0x20, 0x21, 1139 0xeb, 0x30, 0x75, 0x3e, 0x1b, 0x6e, 0x1e, 0x77, 1140 0xb0, 0x75, 0x4b, 0x1d, 0x68, 0x46, 0x10, 0x35, 1141 0x58, 0x64, 0x10, 0x49, 0x63, 0x46, 0x38, 0x33 1142 ); 1143 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_expected_result, 1144 0x2c, 0x9c, 0x15, 0x70, 0x13, 0x3c, 0x99, 0xbf, 1145 0x6a, 0x34, 0xbc, 0x1b, 0x02, 0x12, 0x00, 0x2f, 1146 0xd1, 0x94, 0x33, 0x87, 0x49, 0xdb, 0x41, 0x35, 1147 0x49, 0x7a, 0x34, 0x7c, 0xfc, 0xd9, 0xd1, 0x8a, 1148 0x12 1149 ); 1150 1151 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_confounder, 1152 0xad, 0x4f, 0xf9, 0x04, 0xd3, 0x4e, 0x55, 0x53, 1153 0x84, 0xb1, 0x41, 0x00, 0xfc, 0x46, 0x5f, 0x88 1154 ); 1155 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_basekey, 1156 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15, 1157 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe, 1158 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33, 1159 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05 1160 ); 1161 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_expected_result, 1162 0x9c, 0x6d, 0xe7, 0x5f, 0x81, 0x2d, 0xe7, 0xed, 1163 0x0d, 0x28, 0xb2, 0x96, 0x35, 0x57, 0xa1, 0x15, 1164 0x64, 0x09, 0x98, 0x27, 0x5b, 0x0a, 0xf5, 0x15, 1165 0x27, 0x09, 0x91, 0x3f, 0xf5, 0x2a, 0x2a, 0x9c, 1166 0x8e, 0x63, 0xb8, 0x72, 0xf9, 0x2e, 0x64, 0xc8, 1167 0x39 1168 ); 1169 1170 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_confounder, 1171 0xcf, 0x9b, 0xca, 0x6d, 0xf1, 0x14, 0x4e, 0x0c, 1172 0x0a, 0xf9, 0xb8, 0xf3, 0x4c, 0x90, 0xd5, 0x14 1173 ); 1174 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_basekey, 1175 0xb0, 0x38, 0xb1, 0x32, 0xcd, 0x8e, 0x06, 0x61, 1176 0x22, 0x67, 0xfa, 0xb7, 0x17, 0x00, 0x66, 0xd8, 1177 0x8a, 0xec, 0xcb, 0xa0, 0xb7, 0x44, 0xbf, 0xc6, 1178 0x0d, 0xc8, 0x9b, 0xca, 0x18, 0x2d, 0x07, 0x15 1179 ); 1180 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_expected_result, 1181 0xee, 0xec, 0x85, 0xa9, 0x81, 0x3c, 0xdc, 0x53, 1182 0x67, 0x72, 0xab, 0x9b, 0x42, 0xde, 0xfc, 0x57, 1183 0x06, 0xf7, 0x26, 0xe9, 0x75, 0xdd, 0xe0, 0x5a, 1184 0x87, 0xeb, 0x54, 0x06, 0xea, 0x32, 0x4c, 0xa1, 1185 0x85, 0xc9, 0x98, 0x6b, 0x42, 0xaa, 0xbe, 0x79, 1186 0x4b, 0x84, 0x82, 0x1b, 0xee 1187 ); 1188 1189 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_confounder, 1190 0x64, 0x4d, 0xef, 0x38, 0xda, 0x35, 0x00, 0x72, 1191 0x75, 0x87, 0x8d, 0x21, 0x68, 0x55, 0xe2, 0x28 1192 ); 1193 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_basekey, 1194 0xcc, 0xfc, 0xd3, 0x49, 0xbf, 0x4c, 0x66, 0x77, 1195 0xe8, 0x6e, 0x4b, 0x02, 0xb8, 0xea, 0xb9, 0x24, 1196 0xa5, 0x46, 0xac, 0x73, 0x1c, 0xf9, 0xbf, 0x69, 1197 0x89, 0xb9, 0x96, 0xe7, 0xd6, 0xbf, 0xbb, 0xa7 1198 ); 1199 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_expected_result, 1200 0x0e, 0x44, 0x68, 0x09, 0x85, 0x85, 0x5f, 0x2d, 1201 0x1f, 0x18, 0x12, 0x52, 0x9c, 0xa8, 0x3b, 0xfd, 1202 0x8e, 0x34, 0x9d, 0xe6, 0xfd, 0x9a, 0xda, 0x0b, 1203 0xaa, 0xa0, 0x48, 0xd6, 0x8e, 0x26, 0x5f, 0xeb, 1204 0xf3, 0x4a, 0xd1, 0x25, 0x5a, 0x34, 0x49, 0x99, 1205 0xad, 0x37, 0x14, 0x68, 0x87, 0xa6, 0xc6, 0x84, 1206 0x57, 0x31, 0xac, 0x7f, 0x46, 0x37, 0x6a, 0x05, 1207 0x04, 0xcd, 0x06, 0x57, 0x14, 0x74 1208 ); 1209 1210 static const struct gss_krb5_test_param rfc6803_encrypt_test_params[] = { 1211 { 1212 .desc = "Encrypt empty plaintext with camellia128-cts-cmac", 1213 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1214 .constant = 0, 1215 .base_key = &rfc6803_enc_test1_basekey, 1216 .plaintext = &rfc6803_enc_empty_plaintext, 1217 .confounder = &rfc6803_enc_test1_confounder, 1218 .expected_result = &rfc6803_enc_test1_expected_result, 1219 }, 1220 { 1221 .desc = "Encrypt 1 byte with camellia128-cts-cmac", 1222 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1223 .constant = 1, 1224 .base_key = &rfc6803_enc_test2_basekey, 1225 .plaintext = &rfc6803_enc_1byte_plaintext, 1226 .confounder = &rfc6803_enc_test2_confounder, 1227 .expected_result = &rfc6803_enc_test2_expected_result, 1228 }, 1229 { 1230 .desc = "Encrypt 9 bytes with camellia128-cts-cmac", 1231 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1232 .constant = 2, 1233 .base_key = &rfc6803_enc_test3_basekey, 1234 .plaintext = &rfc6803_enc_9byte_plaintext, 1235 .confounder = &rfc6803_enc_test3_confounder, 1236 .expected_result = &rfc6803_enc_test3_expected_result, 1237 }, 1238 { 1239 .desc = "Encrypt 13 bytes with camellia128-cts-cmac", 1240 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1241 .constant = 3, 1242 .base_key = &rfc6803_enc_test4_basekey, 1243 .plaintext = &rfc6803_enc_13byte_plaintext, 1244 .confounder = &rfc6803_enc_test4_confounder, 1245 .expected_result = &rfc6803_enc_test4_expected_result, 1246 }, 1247 { 1248 .desc = "Encrypt 30 bytes with camellia128-cts-cmac", 1249 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1250 .constant = 4, 1251 .base_key = &rfc6803_enc_test5_basekey, 1252 .plaintext = &rfc6803_enc_30byte_plaintext, 1253 .confounder = &rfc6803_enc_test5_confounder, 1254 .expected_result = &rfc6803_enc_test5_expected_result, 1255 }, 1256 { 1257 .desc = "Encrypt empty plaintext with camellia256-cts-cmac", 1258 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1259 .constant = 0, 1260 .base_key = &rfc6803_enc_test6_basekey, 1261 .plaintext = &rfc6803_enc_empty_plaintext, 1262 .confounder = &rfc6803_enc_test6_confounder, 1263 .expected_result = &rfc6803_enc_test6_expected_result, 1264 }, 1265 { 1266 .desc = "Encrypt 1 byte with camellia256-cts-cmac", 1267 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1268 .constant = 1, 1269 .base_key = &rfc6803_enc_test7_basekey, 1270 .plaintext = &rfc6803_enc_1byte_plaintext, 1271 .confounder = &rfc6803_enc_test7_confounder, 1272 .expected_result = &rfc6803_enc_test7_expected_result, 1273 }, 1274 { 1275 .desc = "Encrypt 9 bytes with camellia256-cts-cmac", 1276 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1277 .constant = 2, 1278 .base_key = &rfc6803_enc_test8_basekey, 1279 .plaintext = &rfc6803_enc_9byte_plaintext, 1280 .confounder = &rfc6803_enc_test8_confounder, 1281 .expected_result = &rfc6803_enc_test8_expected_result, 1282 }, 1283 { 1284 .desc = "Encrypt 13 bytes with camellia256-cts-cmac", 1285 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1286 .constant = 3, 1287 .base_key = &rfc6803_enc_test9_basekey, 1288 .plaintext = &rfc6803_enc_13byte_plaintext, 1289 .confounder = &rfc6803_enc_test9_confounder, 1290 .expected_result = &rfc6803_enc_test9_expected_result, 1291 }, 1292 { 1293 .desc = "Encrypt 30 bytes with camellia256-cts-cmac", 1294 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1295 .constant = 4, 1296 .base_key = &rfc6803_enc_test10_basekey, 1297 .plaintext = &rfc6803_enc_30byte_plaintext, 1298 .confounder = &rfc6803_enc_test10_confounder, 1299 .expected_result = &rfc6803_enc_test10_expected_result, 1300 }, 1301 }; 1302 1303 /* Creates the function rfc6803_encrypt_gen_params */ 1304 KUNIT_ARRAY_PARAM(rfc6803_encrypt, rfc6803_encrypt_test_params, 1305 gss_krb5_get_desc); 1306 1307 static void rfc6803_encrypt_case(struct kunit *test) 1308 { 1309 const struct gss_krb5_test_param *param = test->param_value; 1310 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 1311 const struct gss_krb5_enctype *gk5e; 1312 struct xdr_netobj Ke, Ki, checksum; 1313 u8 usage_data[GSS_KRB5_K5CLENGTH]; 1314 struct xdr_netobj usage = { 1315 .data = usage_data, 1316 .len = sizeof(usage_data), 1317 }; 1318 struct crypto_ahash *ahash_tfm; 1319 unsigned int blocksize; 1320 struct xdr_buf buf; 1321 void *text; 1322 size_t len; 1323 u32 err; 1324 1325 /* Arrange */ 1326 gk5e = gss_krb5_lookup_enctype(param->enctype); 1327 if (!gk5e) 1328 kunit_skip(test, "Encryption type is not available"); 1329 1330 usage.data[3] = param->constant; 1331 1332 Ke.len = gk5e->Ke_length; 1333 Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL); 1334 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data); 1335 usage.data[4] = KEY_USAGE_SEED_ENCRYPTION; 1336 err = gk5e->derive_key(gk5e, param->base_key, &Ke, &usage, GFP_KERNEL); 1337 KUNIT_ASSERT_EQ(test, err, 0); 1338 1339 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 1340 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 1341 err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len); 1342 KUNIT_ASSERT_EQ(test, err, 0); 1343 1344 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 1345 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 1346 err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len); 1347 KUNIT_ASSERT_EQ(test, err, 0); 1348 blocksize = crypto_sync_skcipher_blocksize(cts_tfm); 1349 1350 len = param->confounder->len + param->plaintext->len + blocksize; 1351 text = kunit_kzalloc(test, len, GFP_KERNEL); 1352 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 1353 memcpy(text, param->confounder->data, param->confounder->len); 1354 memcpy(text + param->confounder->len, param->plaintext->data, 1355 param->plaintext->len); 1356 1357 memset(&buf, 0, sizeof(buf)); 1358 buf.head[0].iov_base = text; 1359 buf.head[0].iov_len = param->confounder->len + param->plaintext->len; 1360 buf.len = buf.head[0].iov_len; 1361 1362 checksum.len = gk5e->cksumlength; 1363 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 1364 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 1365 1366 Ki.len = gk5e->Ki_length; 1367 Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL); 1368 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data); 1369 usage.data[4] = KEY_USAGE_SEED_INTEGRITY; 1370 err = gk5e->derive_key(gk5e, param->base_key, &Ki, 1371 &usage, GFP_KERNEL); 1372 KUNIT_ASSERT_EQ(test, err, 0); 1373 ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 1374 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm); 1375 err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len); 1376 KUNIT_ASSERT_EQ(test, err, 0); 1377 1378 /* Act */ 1379 err = gss_krb5_checksum(ahash_tfm, NULL, 0, &buf, 0, &checksum); 1380 KUNIT_ASSERT_EQ(test, err, 0); 1381 1382 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); 1383 KUNIT_ASSERT_EQ(test, err, 0); 1384 1385 /* Assert */ 1386 KUNIT_EXPECT_EQ_MSG(test, param->expected_result->len, 1387 buf.len + checksum.len, 1388 "ciphertext length mismatch"); 1389 KUNIT_EXPECT_EQ_MSG(test, 1390 memcmp(param->expected_result->data, 1391 buf.head[0].iov_base, buf.len), 0, 1392 "encrypted result mismatch"); 1393 KUNIT_EXPECT_EQ_MSG(test, 1394 memcmp(param->expected_result->data + 1395 (param->expected_result->len - checksum.len), 1396 checksum.data, checksum.len), 0, 1397 "HMAC mismatch"); 1398 1399 crypto_free_ahash(ahash_tfm); 1400 crypto_free_sync_skcipher(cts_tfm); 1401 crypto_free_sync_skcipher(cbc_tfm); 1402 } 1403 1404 static struct kunit_case rfc6803_test_cases[] = { 1405 { 1406 .name = "RFC 6803 key derivation", 1407 .run_case = kdf_case, 1408 .generate_params = rfc6803_kdf_gen_params, 1409 }, 1410 { 1411 .name = "RFC 6803 checksum", 1412 .run_case = checksum_case, 1413 .generate_params = rfc6803_checksum_gen_params, 1414 }, 1415 { 1416 .name = "RFC 6803 encryption", 1417 .run_case = rfc6803_encrypt_case, 1418 .generate_params = rfc6803_encrypt_gen_params, 1419 }, 1420 {} 1421 }; 1422 1423 static struct kunit_suite rfc6803_suite = { 1424 .name = "RFC 6803 suite", 1425 .test_cases = rfc6803_test_cases, 1426 }; 1427 1428 /* 1429 * From RFC 8009 Appendix A. Test Vectors 1430 * 1431 * Sample results for SHA-2 enctype key derivation 1432 * 1433 * This test material is copyright (c) 2016 IETF Trust and the 1434 * persons identified as the document authors. All rights reserved. 1435 */ 1436 1437 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_basekey, 1438 0x37, 0x05, 0xd9, 0x60, 0x80, 0xc1, 0x77, 0x28, 1439 0xa0, 0xe8, 0x00, 0xea, 0xb6, 0xe0, 0xd2, 0x3c 1440 ); 1441 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Kc, 1442 0xb3, 0x1a, 0x01, 0x8a, 0x48, 0xf5, 0x47, 0x76, 1443 0xf4, 0x03, 0xe9, 0xa3, 0x96, 0x32, 0x5d, 0xc3 1444 ); 1445 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ke, 1446 0x9b, 0x19, 0x7d, 0xd1, 0xe8, 0xc5, 0x60, 0x9d, 1447 0x6e, 0x67, 0xc3, 0xe3, 0x7c, 0x62, 0xc7, 0x2e 1448 ); 1449 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ki, 1450 0x9f, 0xda, 0x0e, 0x56, 0xab, 0x2d, 0x85, 0xe1, 1451 0x56, 0x9a, 0x68, 0x86, 0x96, 0xc2, 0x6a, 0x6c 1452 ); 1453 1454 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_basekey, 1455 0x6d, 0x40, 0x4d, 0x37, 0xfa, 0xf7, 0x9f, 0x9d, 1456 0xf0, 0xd3, 0x35, 0x68, 0xd3, 0x20, 0x66, 0x98, 1457 0x00, 0xeb, 0x48, 0x36, 0x47, 0x2e, 0xa8, 0xa0, 1458 0x26, 0xd1, 0x6b, 0x71, 0x82, 0x46, 0x0c, 0x52 1459 ); 1460 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Kc, 1461 0xef, 0x57, 0x18, 0xbe, 0x86, 0xcc, 0x84, 0x96, 1462 0x3d, 0x8b, 0xbb, 0x50, 0x31, 0xe9, 0xf5, 0xc4, 1463 0xba, 0x41, 0xf2, 0x8f, 0xaf, 0x69, 0xe7, 0x3d 1464 ); 1465 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ke, 1466 0x56, 0xab, 0x22, 0xbe, 0xe6, 0x3d, 0x82, 0xd7, 1467 0xbc, 0x52, 0x27, 0xf6, 0x77, 0x3f, 0x8e, 0xa7, 1468 0xa5, 0xeb, 0x1c, 0x82, 0x51, 0x60, 0xc3, 0x83, 1469 0x12, 0x98, 0x0c, 0x44, 0x2e, 0x5c, 0x7e, 0x49 1470 ); 1471 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ki, 1472 0x69, 0xb1, 0x65, 0x14, 0xe3, 0xcd, 0x8e, 0x56, 1473 0xb8, 0x20, 0x10, 0xd5, 0xc7, 0x30, 0x12, 0xb6, 1474 0x22, 0xc4, 0xd0, 0x0f, 0xfc, 0x23, 0xed, 0x1f 1475 ); 1476 1477 static const struct gss_krb5_test_param rfc8009_kdf_test_params[] = { 1478 { 1479 .desc = "Derive Kc subkey for aes128-cts-hmac-sha256-128", 1480 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1481 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1482 .usage = &usage_checksum, 1483 .expected_result = &aes128_cts_hmac_sha256_128_Kc, 1484 }, 1485 { 1486 .desc = "Derive Ke subkey for aes128-cts-hmac-sha256-128", 1487 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1488 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1489 .usage = &usage_encryption, 1490 .expected_result = &aes128_cts_hmac_sha256_128_Ke, 1491 }, 1492 { 1493 .desc = "Derive Ki subkey for aes128-cts-hmac-sha256-128", 1494 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1495 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1496 .usage = &usage_integrity, 1497 .expected_result = &aes128_cts_hmac_sha256_128_Ki, 1498 }, 1499 { 1500 .desc = "Derive Kc subkey for aes256-cts-hmac-sha384-192", 1501 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1502 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1503 .usage = &usage_checksum, 1504 .expected_result = &aes256_cts_hmac_sha384_192_Kc, 1505 }, 1506 { 1507 .desc = "Derive Ke subkey for aes256-cts-hmac-sha384-192", 1508 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1509 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1510 .usage = &usage_encryption, 1511 .expected_result = &aes256_cts_hmac_sha384_192_Ke, 1512 }, 1513 { 1514 .desc = "Derive Ki subkey for aes256-cts-hmac-sha384-192", 1515 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1516 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1517 .usage = &usage_integrity, 1518 .expected_result = &aes256_cts_hmac_sha384_192_Ki, 1519 }, 1520 }; 1521 1522 /* Creates the function rfc8009_kdf_gen_params */ 1523 KUNIT_ARRAY_PARAM(rfc8009_kdf, rfc8009_kdf_test_params, gss_krb5_get_desc); 1524 1525 /* 1526 * From RFC 8009 Appendix A. Test Vectors 1527 * 1528 * These sample checksums use the above sample key derivation results, 1529 * including use of the same base-key and key usage values. 1530 * 1531 * This test material is copyright (c) 2016 IETF Trust and the 1532 * persons identified as the document authors. All rights reserved. 1533 */ 1534 1535 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_plaintext, 1536 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1537 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 1538 0x10, 0x11, 0x12, 0x13, 0x14 1539 ); 1540 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test1_expected_result, 1541 0xd7, 0x83, 0x67, 0x18, 0x66, 0x43, 0xd6, 0x7b, 1542 0x41, 0x1c, 0xba, 0x91, 0x39, 0xfc, 0x1d, 0xee 1543 ); 1544 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test2_expected_result, 1545 0x45, 0xee, 0x79, 0x15, 0x67, 0xee, 0xfc, 0xa3, 1546 0x7f, 0x4a, 0xc1, 0xe0, 0x22, 0x2d, 0xe8, 0x0d, 1547 0x43, 0xc3, 0xbf, 0xa0, 0x66, 0x99, 0x67, 0x2a 1548 ); 1549 1550 static const struct gss_krb5_test_param rfc8009_checksum_test_params[] = { 1551 { 1552 .desc = "Checksum with aes128-cts-hmac-sha256-128", 1553 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1554 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1555 .usage = &usage_checksum, 1556 .plaintext = &rfc8009_checksum_plaintext, 1557 .expected_result = &rfc8009_checksum_test1_expected_result, 1558 }, 1559 { 1560 .desc = "Checksum with aes256-cts-hmac-sha384-192", 1561 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1562 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1563 .usage = &usage_checksum, 1564 .plaintext = &rfc8009_checksum_plaintext, 1565 .expected_result = &rfc8009_checksum_test2_expected_result, 1566 }, 1567 }; 1568 1569 /* Creates the function rfc8009_checksum_gen_params */ 1570 KUNIT_ARRAY_PARAM(rfc8009_checksum, rfc8009_checksum_test_params, 1571 gss_krb5_get_desc); 1572 1573 /* 1574 * From RFC 8009 Appendix A. Test Vectors 1575 * 1576 * Sample encryptions (all using the default cipher state): 1577 * -------------------------------------------------------- 1578 * 1579 * These sample encryptions use the above sample key derivation results, 1580 * including use of the same base-key and key usage values. 1581 * 1582 * This test material is copyright (c) 2016 IETF Trust and the 1583 * persons identified as the document authors. All rights reserved. 1584 */ 1585 1586 static const struct xdr_netobj rfc8009_enc_empty_plaintext = { 1587 .len = 0, 1588 }; 1589 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_short_plaintext, 1590 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 1591 ); 1592 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_block_plaintext, 1593 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1594 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 1595 ); 1596 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_long_plaintext, 1597 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1598 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 1599 0x10, 0x11, 0x12, 0x13, 0x14 1600 ); 1601 1602 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_confounder, 1603 0x7e, 0x58, 0x95, 0xea, 0xf2, 0x67, 0x24, 0x35, 1604 0xba, 0xd8, 0x17, 0xf5, 0x45, 0xa3, 0x71, 0x48 1605 ); 1606 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_result, 1607 0xef, 0x85, 0xfb, 0x89, 0x0b, 0xb8, 0x47, 0x2f, 1608 0x4d, 0xab, 0x20, 0x39, 0x4d, 0xca, 0x78, 0x1d 1609 ); 1610 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_hmac, 1611 0xad, 0x87, 0x7e, 0xda, 0x39, 0xd5, 0x0c, 0x87, 1612 0x0c, 0x0d, 0x5a, 0x0a, 0x8e, 0x48, 0xc7, 0x18 1613 ); 1614 1615 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_confounder, 1616 0x7b, 0xca, 0x28, 0x5e, 0x2f, 0xd4, 0x13, 0x0f, 1617 0xb5, 0x5b, 0x1a, 0x5c, 0x83, 0xbc, 0x5b, 0x24 1618 ); 1619 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_result, 1620 0x84, 0xd7, 0xf3, 0x07, 0x54, 0xed, 0x98, 0x7b, 1621 0xab, 0x0b, 0xf3, 0x50, 0x6b, 0xeb, 0x09, 0xcf, 1622 0xb5, 0x54, 0x02, 0xce, 0xf7, 0xe6 1623 ); 1624 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_hmac, 1625 0x87, 0x7c, 0xe9, 0x9e, 0x24, 0x7e, 0x52, 0xd1, 1626 0x6e, 0xd4, 0x42, 0x1d, 0xfd, 0xf8, 0x97, 0x6c 1627 ); 1628 1629 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_confounder, 1630 0x56, 0xab, 0x21, 0x71, 0x3f, 0xf6, 0x2c, 0x0a, 1631 0x14, 0x57, 0x20, 0x0f, 0x6f, 0xa9, 0x94, 0x8f 1632 ); 1633 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_result, 1634 0x35, 0x17, 0xd6, 0x40, 0xf5, 0x0d, 0xdc, 0x8a, 1635 0xd3, 0x62, 0x87, 0x22, 0xb3, 0x56, 0x9d, 0x2a, 1636 0xe0, 0x74, 0x93, 0xfa, 0x82, 0x63, 0x25, 0x40, 1637 0x80, 0xea, 0x65, 0xc1, 0x00, 0x8e, 0x8f, 0xc2 1638 ); 1639 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_hmac, 1640 0x95, 0xfb, 0x48, 0x52, 0xe7, 0xd8, 0x3e, 0x1e, 1641 0x7c, 0x48, 0xc3, 0x7e, 0xeb, 0xe6, 0xb0, 0xd3 1642 ); 1643 1644 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_confounder, 1645 0xa7, 0xa4, 0xe2, 0x9a, 0x47, 0x28, 0xce, 0x10, 1646 0x66, 0x4f, 0xb6, 0x4e, 0x49, 0xad, 0x3f, 0xac 1647 ); 1648 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_result, 1649 0x72, 0x0f, 0x73, 0xb1, 0x8d, 0x98, 0x59, 0xcd, 1650 0x6c, 0xcb, 0x43, 0x46, 0x11, 0x5c, 0xd3, 0x36, 1651 0xc7, 0x0f, 0x58, 0xed, 0xc0, 0xc4, 0x43, 0x7c, 1652 0x55, 0x73, 0x54, 0x4c, 0x31, 0xc8, 0x13, 0xbc, 1653 0xe1, 0xe6, 0xd0, 0x72, 0xc1 1654 ); 1655 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_hmac, 1656 0x86, 0xb3, 0x9a, 0x41, 0x3c, 0x2f, 0x92, 0xca, 1657 0x9b, 0x83, 0x34, 0xa2, 0x87, 0xff, 0xcb, 0xfc 1658 ); 1659 1660 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_confounder, 1661 0xf7, 0x64, 0xe9, 0xfa, 0x15, 0xc2, 0x76, 0x47, 1662 0x8b, 0x2c, 0x7d, 0x0c, 0x4e, 0x5f, 0x58, 0xe4 1663 ); 1664 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_result, 1665 0x41, 0xf5, 0x3f, 0xa5, 0xbf, 0xe7, 0x02, 0x6d, 1666 0x91, 0xfa, 0xf9, 0xbe, 0x95, 0x91, 0x95, 0xa0 1667 ); 1668 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_hmac, 1669 0x58, 0x70, 0x72, 0x73, 0xa9, 0x6a, 0x40, 0xf0, 1670 0xa0, 0x19, 0x60, 0x62, 0x1a, 0xc6, 0x12, 0x74, 1671 0x8b, 0x9b, 0xbf, 0xbe, 0x7e, 0xb4, 0xce, 0x3c 1672 ); 1673 1674 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_confounder, 1675 0xb8, 0x0d, 0x32, 0x51, 0xc1, 0xf6, 0x47, 0x14, 1676 0x94, 0x25, 0x6f, 0xfe, 0x71, 0x2d, 0x0b, 0x9a 1677 ); 1678 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_result, 1679 0x4e, 0xd7, 0xb3, 0x7c, 0x2b, 0xca, 0xc8, 0xf7, 1680 0x4f, 0x23, 0xc1, 0xcf, 0x07, 0xe6, 0x2b, 0xc7, 1681 0xb7, 0x5f, 0xb3, 0xf6, 0x37, 0xb9 1682 ); 1683 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_hmac, 1684 0xf5, 0x59, 0xc7, 0xf6, 0x64, 0xf6, 0x9e, 0xab, 1685 0x7b, 0x60, 0x92, 0x23, 0x75, 0x26, 0xea, 0x0d, 1686 0x1f, 0x61, 0xcb, 0x20, 0xd6, 0x9d, 0x10, 0xf2 1687 ); 1688 1689 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_confounder, 1690 0x53, 0xbf, 0x8a, 0x0d, 0x10, 0x52, 0x65, 0xd4, 1691 0xe2, 0x76, 0x42, 0x86, 0x24, 0xce, 0x5e, 0x63 1692 ); 1693 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_result, 1694 0xbc, 0x47, 0xff, 0xec, 0x79, 0x98, 0xeb, 0x91, 1695 0xe8, 0x11, 0x5c, 0xf8, 0xd1, 0x9d, 0xac, 0x4b, 1696 0xbb, 0xe2, 0xe1, 0x63, 0xe8, 0x7d, 0xd3, 0x7f, 1697 0x49, 0xbe, 0xca, 0x92, 0x02, 0x77, 0x64, 0xf6 1698 ); 1699 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_hmac, 1700 0x8c, 0xf5, 0x1f, 0x14, 0xd7, 0x98, 0xc2, 0x27, 1701 0x3f, 0x35, 0xdf, 0x57, 0x4d, 0x1f, 0x93, 0x2e, 1702 0x40, 0xc4, 0xff, 0x25, 0x5b, 0x36, 0xa2, 0x66 1703 ); 1704 1705 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_confounder, 1706 0x76, 0x3e, 0x65, 0x36, 0x7e, 0x86, 0x4f, 0x02, 1707 0xf5, 0x51, 0x53, 0xc7, 0xe3, 0xb5, 0x8a, 0xf1 1708 ); 1709 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_result, 1710 0x40, 0x01, 0x3e, 0x2d, 0xf5, 0x8e, 0x87, 0x51, 1711 0x95, 0x7d, 0x28, 0x78, 0xbc, 0xd2, 0xd6, 0xfe, 1712 0x10, 0x1c, 0xcf, 0xd5, 0x56, 0xcb, 0x1e, 0xae, 1713 0x79, 0xdb, 0x3c, 0x3e, 0xe8, 0x64, 0x29, 0xf2, 1714 0xb2, 0xa6, 0x02, 0xac, 0x86 1715 ); 1716 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_hmac, 1717 0xfe, 0xf6, 0xec, 0xb6, 0x47, 0xd6, 0x29, 0x5f, 1718 0xae, 0x07, 0x7a, 0x1f, 0xeb, 0x51, 0x75, 0x08, 1719 0xd2, 0xc1, 0x6b, 0x41, 0x92, 0xe0, 0x1f, 0x62 1720 ); 1721 1722 static const struct gss_krb5_test_param rfc8009_encrypt_test_params[] = { 1723 { 1724 .desc = "Encrypt empty plaintext with aes128-cts-hmac-sha256-128", 1725 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1726 .plaintext = &rfc8009_enc_empty_plaintext, 1727 .confounder = &rfc8009_enc_test1_confounder, 1728 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1729 .expected_result = &rfc8009_enc_test1_expected_result, 1730 .expected_hmac = &rfc8009_enc_test1_expected_hmac, 1731 }, 1732 { 1733 .desc = "Encrypt short plaintext with aes128-cts-hmac-sha256-128", 1734 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1735 .plaintext = &rfc8009_enc_short_plaintext, 1736 .confounder = &rfc8009_enc_test2_confounder, 1737 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1738 .expected_result = &rfc8009_enc_test2_expected_result, 1739 .expected_hmac = &rfc8009_enc_test2_expected_hmac, 1740 }, 1741 { 1742 .desc = "Encrypt block plaintext with aes128-cts-hmac-sha256-128", 1743 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1744 .plaintext = &rfc8009_enc_block_plaintext, 1745 .confounder = &rfc8009_enc_test3_confounder, 1746 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1747 .expected_result = &rfc8009_enc_test3_expected_result, 1748 .expected_hmac = &rfc8009_enc_test3_expected_hmac, 1749 }, 1750 { 1751 .desc = "Encrypt long plaintext with aes128-cts-hmac-sha256-128", 1752 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1753 .plaintext = &rfc8009_enc_long_plaintext, 1754 .confounder = &rfc8009_enc_test4_confounder, 1755 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1756 .expected_result = &rfc8009_enc_test4_expected_result, 1757 .expected_hmac = &rfc8009_enc_test4_expected_hmac, 1758 }, 1759 { 1760 .desc = "Encrypt empty plaintext with aes256-cts-hmac-sha384-192", 1761 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1762 .plaintext = &rfc8009_enc_empty_plaintext, 1763 .confounder = &rfc8009_enc_test5_confounder, 1764 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1765 .expected_result = &rfc8009_enc_test5_expected_result, 1766 .expected_hmac = &rfc8009_enc_test5_expected_hmac, 1767 }, 1768 { 1769 .desc = "Encrypt short plaintext with aes256-cts-hmac-sha384-192", 1770 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1771 .plaintext = &rfc8009_enc_short_plaintext, 1772 .confounder = &rfc8009_enc_test6_confounder, 1773 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1774 .expected_result = &rfc8009_enc_test6_expected_result, 1775 .expected_hmac = &rfc8009_enc_test6_expected_hmac, 1776 }, 1777 { 1778 .desc = "Encrypt block plaintext with aes256-cts-hmac-sha384-192", 1779 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1780 .plaintext = &rfc8009_enc_block_plaintext, 1781 .confounder = &rfc8009_enc_test7_confounder, 1782 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1783 .expected_result = &rfc8009_enc_test7_expected_result, 1784 .expected_hmac = &rfc8009_enc_test7_expected_hmac, 1785 }, 1786 { 1787 .desc = "Encrypt long plaintext with aes256-cts-hmac-sha384-192", 1788 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1789 .plaintext = &rfc8009_enc_long_plaintext, 1790 .confounder = &rfc8009_enc_test8_confounder, 1791 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1792 .expected_result = &rfc8009_enc_test8_expected_result, 1793 .expected_hmac = &rfc8009_enc_test8_expected_hmac, 1794 }, 1795 }; 1796 1797 /* Creates the function rfc8009_encrypt_gen_params */ 1798 KUNIT_ARRAY_PARAM(rfc8009_encrypt, rfc8009_encrypt_test_params, 1799 gss_krb5_get_desc); 1800 1801 static void rfc8009_encrypt_case(struct kunit *test) 1802 { 1803 const struct gss_krb5_test_param *param = test->param_value; 1804 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 1805 const struct gss_krb5_enctype *gk5e; 1806 struct xdr_netobj Ke, Ki, checksum; 1807 u8 usage_data[GSS_KRB5_K5CLENGTH]; 1808 struct xdr_netobj usage = { 1809 .data = usage_data, 1810 .len = sizeof(usage_data), 1811 }; 1812 struct crypto_ahash *ahash_tfm; 1813 struct xdr_buf buf; 1814 void *text; 1815 size_t len; 1816 u32 err; 1817 1818 /* Arrange */ 1819 gk5e = gss_krb5_lookup_enctype(param->enctype); 1820 if (!gk5e) 1821 kunit_skip(test, "Encryption type is not available"); 1822 1823 *(__be32 *)usage.data = cpu_to_be32(2); 1824 1825 Ke.len = gk5e->Ke_length; 1826 Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL); 1827 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data); 1828 usage.data[4] = KEY_USAGE_SEED_ENCRYPTION; 1829 err = gk5e->derive_key(gk5e, param->base_key, &Ke, 1830 &usage, GFP_KERNEL); 1831 KUNIT_ASSERT_EQ(test, err, 0); 1832 1833 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 1834 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 1835 err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len); 1836 KUNIT_ASSERT_EQ(test, err, 0); 1837 1838 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 1839 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 1840 err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len); 1841 KUNIT_ASSERT_EQ(test, err, 0); 1842 1843 len = param->confounder->len + param->plaintext->len; 1844 text = kunit_kzalloc(test, len, GFP_KERNEL); 1845 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 1846 memcpy(text, param->confounder->data, param->confounder->len); 1847 memcpy(text + param->confounder->len, param->plaintext->data, 1848 param->plaintext->len); 1849 1850 memset(&buf, 0, sizeof(buf)); 1851 buf.head[0].iov_base = text; 1852 buf.head[0].iov_len = param->confounder->len + param->plaintext->len; 1853 buf.len = buf.head[0].iov_len; 1854 1855 checksum.len = gk5e->cksumlength; 1856 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 1857 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 1858 1859 Ki.len = gk5e->Ki_length; 1860 Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL); 1861 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data); 1862 usage.data[4] = KEY_USAGE_SEED_INTEGRITY; 1863 err = gk5e->derive_key(gk5e, param->base_key, &Ki, 1864 &usage, GFP_KERNEL); 1865 KUNIT_ASSERT_EQ(test, err, 0); 1866 1867 ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 1868 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm); 1869 err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len); 1870 KUNIT_ASSERT_EQ(test, err, 0); 1871 1872 /* Act */ 1873 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); 1874 KUNIT_ASSERT_EQ(test, err, 0); 1875 err = krb5_etm_checksum(cts_tfm, ahash_tfm, &buf, 0, &checksum); 1876 KUNIT_ASSERT_EQ(test, err, 0); 1877 1878 /* Assert */ 1879 KUNIT_EXPECT_EQ_MSG(test, 1880 param->expected_result->len, buf.len, 1881 "ciphertext length mismatch"); 1882 KUNIT_EXPECT_EQ_MSG(test, 1883 memcmp(param->expected_result->data, 1884 buf.head[0].iov_base, 1885 param->expected_result->len), 0, 1886 "ciphertext mismatch"); 1887 KUNIT_EXPECT_EQ_MSG(test, memcmp(param->expected_hmac->data, 1888 checksum.data, 1889 checksum.len), 0, 1890 "HMAC mismatch"); 1891 1892 crypto_free_ahash(ahash_tfm); 1893 crypto_free_sync_skcipher(cts_tfm); 1894 crypto_free_sync_skcipher(cbc_tfm); 1895 } 1896 1897 static struct kunit_case rfc8009_test_cases[] = { 1898 { 1899 .name = "RFC 8009 key derivation", 1900 .run_case = kdf_case, 1901 .generate_params = rfc8009_kdf_gen_params, 1902 }, 1903 { 1904 .name = "RFC 8009 checksum", 1905 .run_case = checksum_case, 1906 .generate_params = rfc8009_checksum_gen_params, 1907 }, 1908 { 1909 .name = "RFC 8009 encryption", 1910 .run_case = rfc8009_encrypt_case, 1911 .generate_params = rfc8009_encrypt_gen_params, 1912 }, 1913 {} 1914 }; 1915 1916 static struct kunit_suite rfc8009_suite = { 1917 .name = "RFC 8009 suite", 1918 .test_cases = rfc8009_test_cases, 1919 }; 1920 1921 /* 1922 * Encryption self-tests 1923 */ 1924 1925 DEFINE_STR_XDR_NETOBJ(encrypt_selftest_plaintext, 1926 "This is the plaintext for the encryption self-test."); 1927 1928 static const struct gss_krb5_test_param encrypt_selftest_params[] = { 1929 { 1930 .desc = "aes128-cts-hmac-sha1-96 encryption self-test", 1931 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 1932 .Ke = &rfc3962_encryption_key, 1933 .plaintext = &encrypt_selftest_plaintext, 1934 }, 1935 { 1936 .desc = "aes256-cts-hmac-sha1-96 encryption self-test", 1937 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96, 1938 .Ke = &rfc3962_encryption_key, 1939 .plaintext = &encrypt_selftest_plaintext, 1940 }, 1941 { 1942 .desc = "camellia128-cts-cmac encryption self-test", 1943 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1944 .Ke = &camellia128_cts_cmac_Ke, 1945 .plaintext = &encrypt_selftest_plaintext, 1946 }, 1947 { 1948 .desc = "camellia256-cts-cmac encryption self-test", 1949 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1950 .Ke = &camellia256_cts_cmac_Ke, 1951 .plaintext = &encrypt_selftest_plaintext, 1952 }, 1953 { 1954 .desc = "aes128-cts-hmac-sha256-128 encryption self-test", 1955 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1956 .Ke = &aes128_cts_hmac_sha256_128_Ke, 1957 .plaintext = &encrypt_selftest_plaintext, 1958 }, 1959 { 1960 .desc = "aes256-cts-hmac-sha384-192 encryption self-test", 1961 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1962 .Ke = &aes256_cts_hmac_sha384_192_Ke, 1963 .plaintext = &encrypt_selftest_plaintext, 1964 }, 1965 }; 1966 1967 /* Creates the function encrypt_selftest_gen_params */ 1968 KUNIT_ARRAY_PARAM(encrypt_selftest, encrypt_selftest_params, 1969 gss_krb5_get_desc); 1970 1971 /* 1972 * Encrypt and decrypt plaintext, and ensure the input plaintext 1973 * matches the output plaintext. A confounder is not added in this 1974 * case. 1975 */ 1976 static void encrypt_selftest_case(struct kunit *test) 1977 { 1978 const struct gss_krb5_test_param *param = test->param_value; 1979 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 1980 const struct gss_krb5_enctype *gk5e; 1981 struct xdr_buf buf; 1982 void *text; 1983 int err; 1984 1985 /* Arrange */ 1986 gk5e = gss_krb5_lookup_enctype(param->enctype); 1987 if (!gk5e) 1988 kunit_skip(test, "Encryption type is not available"); 1989 1990 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 1991 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 1992 err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len); 1993 KUNIT_ASSERT_EQ(test, err, 0); 1994 1995 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 1996 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 1997 err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len); 1998 KUNIT_ASSERT_EQ(test, err, 0); 1999 2000 text = kunit_kzalloc(test, roundup(param->plaintext->len, 2001 crypto_sync_skcipher_blocksize(cbc_tfm)), 2002 GFP_KERNEL); 2003 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 2004 2005 memcpy(text, param->plaintext->data, param->plaintext->len); 2006 memset(&buf, 0, sizeof(buf)); 2007 buf.head[0].iov_base = text; 2008 buf.head[0].iov_len = param->plaintext->len; 2009 buf.len = buf.head[0].iov_len; 2010 2011 /* Act */ 2012 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); 2013 KUNIT_ASSERT_EQ(test, err, 0); 2014 err = krb5_cbc_cts_decrypt(cts_tfm, cbc_tfm, 0, &buf); 2015 KUNIT_ASSERT_EQ(test, err, 0); 2016 2017 /* Assert */ 2018 KUNIT_EXPECT_EQ_MSG(test, 2019 param->plaintext->len, buf.len, 2020 "length mismatch"); 2021 KUNIT_EXPECT_EQ_MSG(test, 2022 memcmp(param->plaintext->data, 2023 buf.head[0].iov_base, buf.len), 0, 2024 "plaintext mismatch"); 2025 2026 crypto_free_sync_skcipher(cts_tfm); 2027 crypto_free_sync_skcipher(cbc_tfm); 2028 } 2029 2030 static struct kunit_case encryption_test_cases[] = { 2031 { 2032 .name = "Encryption self-tests", 2033 .run_case = encrypt_selftest_case, 2034 .generate_params = encrypt_selftest_gen_params, 2035 }, 2036 {} 2037 }; 2038 2039 static struct kunit_suite encryption_test_suite = { 2040 .name = "Encryption test suite", 2041 .test_cases = encryption_test_cases, 2042 }; 2043 2044 kunit_test_suites(&rfc3961_suite, 2045 &rfc3962_suite, 2046 &rfc6803_suite, 2047 &rfc8009_suite, 2048 &encryption_test_suite); 2049 2050 MODULE_DESCRIPTION("Test RPCSEC GSS Kerberos 5 functions"); 2051 MODULE_LICENSE("GPL"); 2052