1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2022 Oracle and/or its affiliates. 4 * 5 * KUnit test of SunRPC's GSS Kerberos mechanism. Subsystem 6 * name is "rpcsec_gss_krb5". 7 */ 8 9 #include <kunit/test.h> 10 #include <kunit/visibility.h> 11 12 #include <linux/kernel.h> 13 #include <crypto/hash.h> 14 15 #include <linux/sunrpc/xdr.h> 16 #include <linux/sunrpc/gss_krb5.h> 17 18 #include "gss_krb5_internal.h" 19 20 MODULE_IMPORT_NS(EXPORTED_FOR_KUNIT_TESTING); 21 22 struct gss_krb5_test_param { 23 const char *desc; 24 u32 enctype; 25 u32 nfold; 26 u32 constant; 27 const struct xdr_netobj *base_key; 28 const struct xdr_netobj *Ke; 29 const struct xdr_netobj *usage; 30 const struct xdr_netobj *plaintext; 31 const struct xdr_netobj *confounder; 32 const struct xdr_netobj *expected_result; 33 const struct xdr_netobj *expected_hmac; 34 const struct xdr_netobj *next_iv; 35 }; 36 37 static inline void gss_krb5_get_desc(const struct gss_krb5_test_param *param, 38 char *desc) 39 { 40 strscpy(desc, param->desc, KUNIT_PARAM_DESC_SIZE); 41 } 42 43 static void kdf_case(struct kunit *test) 44 { 45 const struct gss_krb5_test_param *param = test->param_value; 46 const struct gss_krb5_enctype *gk5e; 47 struct xdr_netobj derivedkey; 48 int err; 49 50 /* Arrange */ 51 gk5e = gss_krb5_lookup_enctype(param->enctype); 52 if (!gk5e) 53 kunit_skip(test, "Encryption type is not available"); 54 55 derivedkey.data = kunit_kzalloc(test, param->expected_result->len, 56 GFP_KERNEL); 57 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, derivedkey.data); 58 derivedkey.len = param->expected_result->len; 59 60 /* Act */ 61 err = gk5e->derive_key(gk5e, param->base_key, &derivedkey, 62 param->usage, GFP_KERNEL); 63 KUNIT_ASSERT_EQ(test, err, 0); 64 65 /* Assert */ 66 KUNIT_EXPECT_EQ_MSG(test, 67 memcmp(param->expected_result->data, 68 derivedkey.data, derivedkey.len), 0, 69 "key mismatch"); 70 } 71 72 static void checksum_case(struct kunit *test) 73 { 74 const struct gss_krb5_test_param *param = test->param_value; 75 struct xdr_buf buf = { 76 .head[0].iov_len = param->plaintext->len, 77 .len = param->plaintext->len, 78 }; 79 const struct gss_krb5_enctype *gk5e; 80 struct xdr_netobj Kc, checksum; 81 struct crypto_ahash *tfm; 82 int err; 83 84 /* Arrange */ 85 gk5e = gss_krb5_lookup_enctype(param->enctype); 86 if (!gk5e) 87 kunit_skip(test, "Encryption type is not available"); 88 89 Kc.len = gk5e->Kc_length; 90 Kc.data = kunit_kzalloc(test, Kc.len, GFP_KERNEL); 91 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Kc.data); 92 err = gk5e->derive_key(gk5e, param->base_key, &Kc, 93 param->usage, GFP_KERNEL); 94 KUNIT_ASSERT_EQ(test, err, 0); 95 96 tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 97 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, tfm); 98 err = crypto_ahash_setkey(tfm, Kc.data, Kc.len); 99 KUNIT_ASSERT_EQ(test, err, 0); 100 101 buf.head[0].iov_base = kunit_kzalloc(test, buf.head[0].iov_len, GFP_KERNEL); 102 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, buf.head[0].iov_base); 103 memcpy(buf.head[0].iov_base, param->plaintext->data, buf.head[0].iov_len); 104 105 checksum.len = gk5e->cksumlength; 106 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 107 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 108 109 /* Act */ 110 err = gss_krb5_checksum(tfm, NULL, 0, &buf, 0, &checksum); 111 KUNIT_ASSERT_EQ(test, err, 0); 112 113 /* Assert */ 114 KUNIT_EXPECT_EQ_MSG(test, 115 memcmp(param->expected_result->data, 116 checksum.data, checksum.len), 0, 117 "checksum mismatch"); 118 119 crypto_free_ahash(tfm); 120 } 121 122 #define DEFINE_HEX_XDR_NETOBJ(name, hex_array...) \ 123 static const u8 name ## _data[] = { hex_array }; \ 124 static const struct xdr_netobj name = { \ 125 .data = (u8 *)name##_data, \ 126 .len = sizeof(name##_data), \ 127 } 128 129 #define DEFINE_STR_XDR_NETOBJ(name, string) \ 130 static const u8 name ## _str[] = string; \ 131 static const struct xdr_netobj name = { \ 132 .data = (u8 *)name##_str, \ 133 .len = sizeof(name##_str) - 1, \ 134 } 135 136 /* 137 * RFC 3961 Appendix A.1. n-fold 138 * 139 * The n-fold function is defined in section 5.1 of RFC 3961. 140 * 141 * This test material is copyright (C) The Internet Society (2005). 142 */ 143 144 DEFINE_HEX_XDR_NETOBJ(nfold_test1_plaintext, 145 0x30, 0x31, 0x32, 0x33, 0x34, 0x35 146 ); 147 DEFINE_HEX_XDR_NETOBJ(nfold_test1_expected_result, 148 0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55 149 ); 150 151 DEFINE_HEX_XDR_NETOBJ(nfold_test2_plaintext, 152 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 153 ); 154 DEFINE_HEX_XDR_NETOBJ(nfold_test2_expected_result, 155 0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa 156 ); 157 158 DEFINE_HEX_XDR_NETOBJ(nfold_test3_plaintext, 159 0x52, 0x6f, 0x75, 0x67, 0x68, 0x20, 0x43, 0x6f, 160 0x6e, 0x73, 0x65, 0x6e, 0x73, 0x75, 0x73, 0x2c, 161 0x20, 0x61, 0x6e, 0x64, 0x20, 0x52, 0x75, 0x6e, 162 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x43, 0x6f, 0x64, 163 0x65 164 ); 165 DEFINE_HEX_XDR_NETOBJ(nfold_test3_expected_result, 166 0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0 167 ); 168 169 DEFINE_HEX_XDR_NETOBJ(nfold_test4_plaintext, 170 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 171 ); 172 DEFINE_HEX_XDR_NETOBJ(nfold_test4_expected_result, 173 0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3, 174 0xc3, 0x7b, 0x3f, 0x6d, 0x20, 0x00, 0x24, 0x7c, 175 0xb6, 0xe6, 0xbd, 0x5b, 0x3e 176 ); 177 178 DEFINE_HEX_XDR_NETOBJ(nfold_test5_plaintext, 179 0x4d, 0x41, 0x53, 0x53, 0x41, 0x43, 0x48, 0x56, 180 0x53, 0x45, 0x54, 0x54, 0x53, 0x20, 0x49, 0x4e, 181 0x53, 0x54, 0x49, 0x54, 0x56, 0x54, 0x45, 0x20, 182 0x4f, 0x46, 0x20, 0x54, 0x45, 0x43, 0x48, 0x4e, 183 0x4f, 0x4c, 0x4f, 0x47, 0x59 184 ); 185 DEFINE_HEX_XDR_NETOBJ(nfold_test5_expected_result, 186 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 187 0x32, 0x82, 0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22, 188 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b 189 ); 190 191 DEFINE_HEX_XDR_NETOBJ(nfold_test6_plaintext, 192 0x51 193 ); 194 DEFINE_HEX_XDR_NETOBJ(nfold_test6_expected_result, 195 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a, 196 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a, 197 0x51, 0x8a, 0x54, 0xa2, 0x15 198 ); 199 200 DEFINE_HEX_XDR_NETOBJ(nfold_test7_plaintext, 201 0x62, 0x61 202 ); 203 DEFINE_HEX_XDR_NETOBJ(nfold_test7_expected_result, 204 0xfb, 0x25, 0xd5, 0x31, 0xae, 0x89, 0x74, 0x49, 205 0x9f, 0x52, 0xfd, 0x92, 0xea, 0x98, 0x57, 0xc4, 206 0xba, 0x24, 0xcf, 0x29, 0x7e 207 ); 208 209 DEFINE_HEX_XDR_NETOBJ(nfold_test_kerberos, 210 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 211 ); 212 DEFINE_HEX_XDR_NETOBJ(nfold_test8_expected_result, 213 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 214 ); 215 DEFINE_HEX_XDR_NETOBJ(nfold_test9_expected_result, 216 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 217 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93 218 ); 219 DEFINE_HEX_XDR_NETOBJ(nfold_test10_expected_result, 220 0x83, 0x72, 0xc2, 0x36, 0x34, 0x4e, 0x5f, 0x15, 221 0x50, 0xcd, 0x07, 0x47, 0xe1, 0x5d, 0x62, 0xca, 222 0x7a, 0x5a, 0x3b, 0xce, 0xa4 223 ); 224 DEFINE_HEX_XDR_NETOBJ(nfold_test11_expected_result, 225 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 226 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93, 227 0x5c, 0x9b, 0xdc, 0xda, 0xd9, 0x5c, 0x98, 0x99, 228 0xc4, 0xca, 0xe4, 0xde, 0xe6, 0xd6, 0xca, 0xe4 229 ); 230 231 static const struct gss_krb5_test_param rfc3961_nfold_test_params[] = { 232 { 233 .desc = "64-fold(\"012345\")", 234 .nfold = 64, 235 .plaintext = &nfold_test1_plaintext, 236 .expected_result = &nfold_test1_expected_result, 237 }, 238 { 239 .desc = "56-fold(\"password\")", 240 .nfold = 56, 241 .plaintext = &nfold_test2_plaintext, 242 .expected_result = &nfold_test2_expected_result, 243 }, 244 { 245 .desc = "64-fold(\"Rough Consensus, and Running Code\")", 246 .nfold = 64, 247 .plaintext = &nfold_test3_plaintext, 248 .expected_result = &nfold_test3_expected_result, 249 }, 250 { 251 .desc = "168-fold(\"password\")", 252 .nfold = 168, 253 .plaintext = &nfold_test4_plaintext, 254 .expected_result = &nfold_test4_expected_result, 255 }, 256 { 257 .desc = "192-fold(\"MASSACHVSETTS INSTITVTE OF TECHNOLOGY\")", 258 .nfold = 192, 259 .plaintext = &nfold_test5_plaintext, 260 .expected_result = &nfold_test5_expected_result, 261 }, 262 { 263 .desc = "168-fold(\"Q\")", 264 .nfold = 168, 265 .plaintext = &nfold_test6_plaintext, 266 .expected_result = &nfold_test6_expected_result, 267 }, 268 { 269 .desc = "168-fold(\"ba\")", 270 .nfold = 168, 271 .plaintext = &nfold_test7_plaintext, 272 .expected_result = &nfold_test7_expected_result, 273 }, 274 { 275 .desc = "64-fold(\"kerberos\")", 276 .nfold = 64, 277 .plaintext = &nfold_test_kerberos, 278 .expected_result = &nfold_test8_expected_result, 279 }, 280 { 281 .desc = "128-fold(\"kerberos\")", 282 .nfold = 128, 283 .plaintext = &nfold_test_kerberos, 284 .expected_result = &nfold_test9_expected_result, 285 }, 286 { 287 .desc = "168-fold(\"kerberos\")", 288 .nfold = 168, 289 .plaintext = &nfold_test_kerberos, 290 .expected_result = &nfold_test10_expected_result, 291 }, 292 { 293 .desc = "256-fold(\"kerberos\")", 294 .nfold = 256, 295 .plaintext = &nfold_test_kerberos, 296 .expected_result = &nfold_test11_expected_result, 297 }, 298 }; 299 300 /* Creates the function rfc3961_nfold_gen_params */ 301 KUNIT_ARRAY_PARAM(rfc3961_nfold, rfc3961_nfold_test_params, gss_krb5_get_desc); 302 303 static void rfc3961_nfold_case(struct kunit *test) 304 { 305 const struct gss_krb5_test_param *param = test->param_value; 306 u8 *result; 307 308 /* Arrange */ 309 result = kunit_kzalloc(test, 4096, GFP_KERNEL); 310 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, result); 311 312 /* Act */ 313 krb5_nfold(param->plaintext->len * 8, param->plaintext->data, 314 param->expected_result->len * 8, result); 315 316 /* Assert */ 317 KUNIT_EXPECT_EQ_MSG(test, 318 memcmp(param->expected_result->data, 319 result, param->expected_result->len), 0, 320 "result mismatch"); 321 } 322 323 /* 324 * RFC 3961 Appendix A.3. DES3 DR and DK 325 * 326 * These tests show the derived-random and derived-key values for the 327 * des3-hmac-sha1-kd encryption scheme, using the DR and DK functions 328 * defined in section 6.3.1. The input keys were randomly generated; 329 * the usage values are from this specification. 330 * 331 * This test material is copyright (C) The Internet Society (2005). 332 */ 333 334 DEFINE_HEX_XDR_NETOBJ(des3_dk_usage_155, 335 0x00, 0x00, 0x00, 0x01, 0x55 336 ); 337 338 DEFINE_HEX_XDR_NETOBJ(des3_dk_usage_1aa, 339 0x00, 0x00, 0x00, 0x01, 0xaa 340 ); 341 342 DEFINE_HEX_XDR_NETOBJ(des3_dk_usage_kerberos, 343 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 344 ); 345 346 DEFINE_HEX_XDR_NETOBJ(des3_dk_test1_base_key, 347 0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, 348 0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c, 349 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92 350 ); 351 DEFINE_HEX_XDR_NETOBJ(des3_dk_test1_derived_key, 352 0x92, 0x51, 0x79, 0xd0, 0x45, 0x91, 0xa7, 0x9b, 353 0x5d, 0x31, 0x92, 0xc4, 0xa7, 0xe9, 0xc2, 0x89, 354 0xb0, 0x49, 0xc7, 0x1f, 0x6e, 0xe6, 0x04, 0xcd 355 ); 356 357 DEFINE_HEX_XDR_NETOBJ(des3_dk_test2_base_key, 358 0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, 359 0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b, 360 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2 361 ); 362 DEFINE_HEX_XDR_NETOBJ(des3_dk_test2_derived_key, 363 0x9e, 0x58, 0xe5, 0xa1, 0x46, 0xd9, 0x94, 0x2a, 364 0x10, 0x1c, 0x46, 0x98, 0x45, 0xd6, 0x7a, 0x20, 365 0xe3, 0xc4, 0x25, 0x9e, 0xd9, 0x13, 0xf2, 0x07 366 ); 367 368 DEFINE_HEX_XDR_NETOBJ(des3_dk_test3_base_key, 369 0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85, 370 0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52, 371 0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc 372 ); 373 DEFINE_HEX_XDR_NETOBJ(des3_dk_test3_derived_key, 374 0x13, 0xfe, 0xf8, 0x0d, 0x76, 0x3e, 0x94, 0xec, 375 0x6d, 0x13, 0xfd, 0x2c, 0xa1, 0xd0, 0x85, 0x07, 376 0x02, 0x49, 0xda, 0xd3, 0x98, 0x08, 0xea, 0xbf 377 ); 378 379 DEFINE_HEX_XDR_NETOBJ(des3_dk_test4_base_key, 380 0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad, 381 0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02, 382 0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5 383 ); 384 DEFINE_HEX_XDR_NETOBJ(des3_dk_test4_derived_key, 385 0xf8, 0xdf, 0xbf, 0x04, 0xb0, 0x97, 0xe6, 0xd9, 386 0xdc, 0x07, 0x02, 0x68, 0x6b, 0xcb, 0x34, 0x89, 387 0xd9, 0x1f, 0xd9, 0xa4, 0x51, 0x6b, 0x70, 0x3e 388 ); 389 390 DEFINE_HEX_XDR_NETOBJ(des3_dk_test5_base_key, 391 0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38, 392 0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92, 393 0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb 394 ); 395 DEFINE_HEX_XDR_NETOBJ(des3_dk_test5_derived_key, 396 0x23, 0x70, 0xda, 0x57, 0x5d, 0x2a, 0x3d, 0xa8, 397 0x64, 0xce, 0xbf, 0xdc, 0x52, 0x04, 0xd5, 0x6d, 398 0xf7, 0x79, 0xa7, 0xdf, 0x43, 0xd9, 0xda, 0x43 399 ); 400 401 DEFINE_HEX_XDR_NETOBJ(des3_dk_test6_base_key, 402 0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62, 403 0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d, 404 0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda 405 ); 406 DEFINE_HEX_XDR_NETOBJ(des3_dk_test6_derived_key, 407 0x34, 0x80, 0x57, 0xec, 0x98, 0xfd, 0xc4, 0x80, 408 0x16, 0x16, 0x1c, 0x2a, 0x4c, 0x7a, 0x94, 0x3e, 409 0x92, 0xae, 0x49, 0x2c, 0x98, 0x91, 0x75, 0xf7 410 ); 411 412 DEFINE_HEX_XDR_NETOBJ(des3_dk_test7_base_key, 413 0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13, 414 0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79, 415 0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c 416 ); 417 DEFINE_HEX_XDR_NETOBJ(des3_dk_test7_derived_key, 418 0xa8, 0x80, 0x8a, 0xc2, 0x67, 0xda, 0xda, 0x3d, 419 0xcb, 0xe9, 0xa7, 0xc8, 0x46, 0x26, 0xfb, 0xc7, 420 0x61, 0xc2, 0x94, 0xb0, 0x13, 0x15, 0xe5, 0xc1 421 ); 422 423 DEFINE_HEX_XDR_NETOBJ(des3_dk_test8_base_key, 424 0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57, 425 0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1, 426 0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43 427 ); 428 DEFINE_HEX_XDR_NETOBJ(des3_dk_test8_derived_key, 429 0xc8, 0x13, 0xf8, 0x8a, 0x3b, 0xe3, 0xb3, 0x34, 430 0xf7, 0x54, 0x25, 0xce, 0x91, 0x75, 0xfb, 0xe3, 431 0xc8, 0x49, 0x3b, 0x89, 0xc8, 0x70, 0x3b, 0x49 432 ); 433 434 DEFINE_HEX_XDR_NETOBJ(des3_dk_test9_base_key, 435 0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, 436 0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4, 437 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16 438 ); 439 DEFINE_HEX_XDR_NETOBJ(des3_dk_test9_derived_key, 440 0xf4, 0x8f, 0xfd, 0x6e, 0x83, 0xf8, 0x3e, 0x73, 441 0x54, 0xe6, 0x94, 0xfd, 0x25, 0x2c, 0xf8, 0x3b, 442 0xfe, 0x58, 0xf7, 0xd5, 0xba, 0x37, 0xec, 0x5d 443 ); 444 445 static const struct gss_krb5_test_param rfc3961_kdf_test_params[] = { 446 { 447 .desc = "des3-hmac-sha1 key derivation case 1", 448 .enctype = ENCTYPE_DES3_CBC_RAW, 449 .base_key = &des3_dk_test1_base_key, 450 .usage = &des3_dk_usage_155, 451 .expected_result = &des3_dk_test1_derived_key, 452 }, 453 { 454 .desc = "des3-hmac-sha1 key derivation case 2", 455 .enctype = ENCTYPE_DES3_CBC_RAW, 456 .base_key = &des3_dk_test2_base_key, 457 .usage = &des3_dk_usage_1aa, 458 .expected_result = &des3_dk_test2_derived_key, 459 }, 460 { 461 .desc = "des3-hmac-sha1 key derivation case 3", 462 .enctype = ENCTYPE_DES3_CBC_RAW, 463 .base_key = &des3_dk_test3_base_key, 464 .usage = &des3_dk_usage_155, 465 .expected_result = &des3_dk_test3_derived_key, 466 }, 467 { 468 .desc = "des3-hmac-sha1 key derivation case 4", 469 .enctype = ENCTYPE_DES3_CBC_RAW, 470 .base_key = &des3_dk_test4_base_key, 471 .usage = &des3_dk_usage_1aa, 472 .expected_result = &des3_dk_test4_derived_key, 473 }, 474 { 475 .desc = "des3-hmac-sha1 key derivation case 5", 476 .enctype = ENCTYPE_DES3_CBC_RAW, 477 .base_key = &des3_dk_test5_base_key, 478 .usage = &des3_dk_usage_kerberos, 479 .expected_result = &des3_dk_test5_derived_key, 480 }, 481 { 482 .desc = "des3-hmac-sha1 key derivation case 6", 483 .enctype = ENCTYPE_DES3_CBC_RAW, 484 .base_key = &des3_dk_test6_base_key, 485 .usage = &des3_dk_usage_155, 486 .expected_result = &des3_dk_test6_derived_key, 487 }, 488 { 489 .desc = "des3-hmac-sha1 key derivation case 7", 490 .enctype = ENCTYPE_DES3_CBC_RAW, 491 .base_key = &des3_dk_test7_base_key, 492 .usage = &des3_dk_usage_1aa, 493 .expected_result = &des3_dk_test7_derived_key, 494 }, 495 { 496 .desc = "des3-hmac-sha1 key derivation case 8", 497 .enctype = ENCTYPE_DES3_CBC_RAW, 498 .base_key = &des3_dk_test8_base_key, 499 .usage = &des3_dk_usage_155, 500 .expected_result = &des3_dk_test8_derived_key, 501 }, 502 { 503 .desc = "des3-hmac-sha1 key derivation case 9", 504 .enctype = ENCTYPE_DES3_CBC_RAW, 505 .base_key = &des3_dk_test9_base_key, 506 .usage = &des3_dk_usage_1aa, 507 .expected_result = &des3_dk_test9_derived_key, 508 }, 509 }; 510 511 /* Creates the function rfc3961_kdf_gen_params */ 512 KUNIT_ARRAY_PARAM(rfc3961_kdf, rfc3961_kdf_test_params, gss_krb5_get_desc); 513 514 static struct kunit_case rfc3961_test_cases[] = { 515 { 516 .name = "RFC 3961 n-fold", 517 .run_case = rfc3961_nfold_case, 518 .generate_params = rfc3961_nfold_gen_params, 519 }, 520 { 521 .name = "RFC 3961 key derivation", 522 .run_case = kdf_case, 523 .generate_params = rfc3961_kdf_gen_params, 524 }, 525 {} 526 }; 527 528 static struct kunit_suite rfc3961_suite = { 529 .name = "RFC 3961 tests", 530 .test_cases = rfc3961_test_cases, 531 }; 532 533 /* 534 * From RFC 3962 Appendix B: Sample Test Vectors 535 * 536 * Some test vectors for CBC with ciphertext stealing, using an 537 * initial vector of all-zero. 538 * 539 * This test material is copyright (C) The Internet Society (2005). 540 */ 541 542 DEFINE_HEX_XDR_NETOBJ(rfc3962_encryption_key, 543 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20, 544 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 545 ); 546 547 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_plaintext, 548 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 549 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 550 0x20 551 ); 552 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_expected_result, 553 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, 554 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, 555 0x97 556 ); 557 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_next_iv, 558 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, 559 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f 560 ); 561 562 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_plaintext, 563 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 564 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 565 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 566 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20 567 ); 568 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_expected_result, 569 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, 570 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22, 571 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 572 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 573 ); 574 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_next_iv, 575 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, 576 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22 577 ); 578 579 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_plaintext, 580 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 581 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 582 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 583 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43 584 ); 585 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_expected_result, 586 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 587 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 588 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 589 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 590 ); 591 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_next_iv, 592 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 593 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 594 ); 595 596 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_plaintext, 597 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 598 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 599 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 600 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 601 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 602 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c 603 ); 604 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_expected_result, 605 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 606 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 607 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, 608 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e, 609 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 610 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 611 ); 612 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_next_iv, 613 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, 614 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e 615 ); 616 617 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_plaintext, 618 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 619 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 620 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 621 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 622 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 623 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20 624 ); 625 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_expected_result, 626 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 627 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 628 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 629 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8, 630 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 631 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 632 ); 633 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_next_iv, 634 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 635 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 636 ); 637 638 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_plaintext, 639 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 640 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 641 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 642 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, 643 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, 644 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20, 645 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74, 646 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e 647 ); 648 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_expected_result, 649 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, 650 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, 651 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, 652 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, 653 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, 654 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40, 655 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, 656 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 657 ); 658 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_next_iv, 659 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, 660 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40 661 ); 662 663 static const struct gss_krb5_test_param rfc3962_encrypt_test_params[] = { 664 { 665 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 1", 666 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 667 .Ke = &rfc3962_encryption_key, 668 .plaintext = &rfc3962_enc_test1_plaintext, 669 .expected_result = &rfc3962_enc_test1_expected_result, 670 .next_iv = &rfc3962_enc_test1_next_iv, 671 }, 672 { 673 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 2", 674 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 675 .Ke = &rfc3962_encryption_key, 676 .plaintext = &rfc3962_enc_test2_plaintext, 677 .expected_result = &rfc3962_enc_test2_expected_result, 678 .next_iv = &rfc3962_enc_test2_next_iv, 679 }, 680 { 681 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 3", 682 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 683 .Ke = &rfc3962_encryption_key, 684 .plaintext = &rfc3962_enc_test3_plaintext, 685 .expected_result = &rfc3962_enc_test3_expected_result, 686 .next_iv = &rfc3962_enc_test3_next_iv, 687 }, 688 { 689 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 4", 690 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 691 .Ke = &rfc3962_encryption_key, 692 .plaintext = &rfc3962_enc_test4_plaintext, 693 .expected_result = &rfc3962_enc_test4_expected_result, 694 .next_iv = &rfc3962_enc_test4_next_iv, 695 }, 696 { 697 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 5", 698 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 699 .Ke = &rfc3962_encryption_key, 700 .plaintext = &rfc3962_enc_test5_plaintext, 701 .expected_result = &rfc3962_enc_test5_expected_result, 702 .next_iv = &rfc3962_enc_test5_next_iv, 703 }, 704 { 705 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 6", 706 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 707 .Ke = &rfc3962_encryption_key, 708 .plaintext = &rfc3962_enc_test6_plaintext, 709 .expected_result = &rfc3962_enc_test6_expected_result, 710 .next_iv = &rfc3962_enc_test6_next_iv, 711 }, 712 }; 713 714 /* Creates the function rfc3962_encrypt_gen_params */ 715 KUNIT_ARRAY_PARAM(rfc3962_encrypt, rfc3962_encrypt_test_params, 716 gss_krb5_get_desc); 717 718 /* 719 * This tests the implementation of the encryption part of the mechanism. 720 * It does not apply a confounder or test the result of HMAC over the 721 * plaintext. 722 */ 723 static void rfc3962_encrypt_case(struct kunit *test) 724 { 725 const struct gss_krb5_test_param *param = test->param_value; 726 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 727 const struct gss_krb5_enctype *gk5e; 728 struct xdr_buf buf; 729 void *iv, *text; 730 u32 err; 731 732 /* Arrange */ 733 gk5e = gss_krb5_lookup_enctype(param->enctype); 734 if (!gk5e) 735 kunit_skip(test, "Encryption type is not available"); 736 737 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 738 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 739 err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len); 740 KUNIT_ASSERT_EQ(test, err, 0); 741 742 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 743 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 744 err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len); 745 KUNIT_ASSERT_EQ(test, err, 0); 746 747 iv = kunit_kzalloc(test, crypto_sync_skcipher_ivsize(cts_tfm), GFP_KERNEL); 748 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, iv); 749 750 text = kunit_kzalloc(test, param->plaintext->len, GFP_KERNEL); 751 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 752 753 memcpy(text, param->plaintext->data, param->plaintext->len); 754 memset(&buf, 0, sizeof(buf)); 755 buf.head[0].iov_base = text; 756 buf.head[0].iov_len = param->plaintext->len; 757 buf.len = buf.head[0].iov_len; 758 759 /* Act */ 760 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, 761 iv, crypto_sync_skcipher_ivsize(cts_tfm)); 762 KUNIT_ASSERT_EQ(test, err, 0); 763 764 /* Assert */ 765 KUNIT_EXPECT_EQ_MSG(test, 766 param->expected_result->len, buf.len, 767 "ciphertext length mismatch"); 768 KUNIT_EXPECT_EQ_MSG(test, 769 memcmp(param->expected_result->data, 770 text, param->expected_result->len), 0, 771 "ciphertext mismatch"); 772 KUNIT_EXPECT_EQ_MSG(test, 773 memcmp(param->next_iv->data, iv, 774 param->next_iv->len), 0, 775 "IV mismatch"); 776 777 crypto_free_sync_skcipher(cts_tfm); 778 crypto_free_sync_skcipher(cbc_tfm); 779 } 780 781 static struct kunit_case rfc3962_test_cases[] = { 782 { 783 .name = "RFC 3962 encryption", 784 .run_case = rfc3962_encrypt_case, 785 .generate_params = rfc3962_encrypt_gen_params, 786 }, 787 {} 788 }; 789 790 static struct kunit_suite rfc3962_suite = { 791 .name = "RFC 3962 suite", 792 .test_cases = rfc3962_test_cases, 793 }; 794 795 /* 796 * From RFC 6803 Section 10. Test vectors 797 * 798 * Sample results for key derivation 799 * 800 * Copyright (c) 2012 IETF Trust and the persons identified as the 801 * document authors. All rights reserved. 802 */ 803 804 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_basekey, 805 0x57, 0xd0, 0x29, 0x72, 0x98, 0xff, 0xd9, 0xd3, 806 0x5d, 0xe5, 0xa4, 0x7f, 0xb4, 0xbd, 0xe2, 0x4b 807 ); 808 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Kc, 809 0xd1, 0x55, 0x77, 0x5a, 0x20, 0x9d, 0x05, 0xf0, 810 0x2b, 0x38, 0xd4, 0x2a, 0x38, 0x9e, 0x5a, 0x56 811 ); 812 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ke, 813 0x64, 0xdf, 0x83, 0xf8, 0x5a, 0x53, 0x2f, 0x17, 814 0x57, 0x7d, 0x8c, 0x37, 0x03, 0x57, 0x96, 0xab 815 ); 816 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ki, 817 0x3e, 0x4f, 0xbd, 0xf3, 0x0f, 0xb8, 0x25, 0x9c, 818 0x42, 0x5c, 0xb6, 0xc9, 0x6f, 0x1f, 0x46, 0x35 819 ); 820 821 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_basekey, 822 0xb9, 0xd6, 0x82, 0x8b, 0x20, 0x56, 0xb7, 0xbe, 823 0x65, 0x6d, 0x88, 0xa1, 0x23, 0xb1, 0xfa, 0xc6, 824 0x82, 0x14, 0xac, 0x2b, 0x72, 0x7e, 0xcf, 0x5f, 825 0x69, 0xaf, 0xe0, 0xc4, 0xdf, 0x2a, 0x6d, 0x2c 826 ); 827 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Kc, 828 0xe4, 0x67, 0xf9, 0xa9, 0x55, 0x2b, 0xc7, 0xd3, 829 0x15, 0x5a, 0x62, 0x20, 0xaf, 0x9c, 0x19, 0x22, 830 0x0e, 0xee, 0xd4, 0xff, 0x78, 0xb0, 0xd1, 0xe6, 831 0xa1, 0x54, 0x49, 0x91, 0x46, 0x1a, 0x9e, 0x50 832 ); 833 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ke, 834 0x41, 0x2a, 0xef, 0xc3, 0x62, 0xa7, 0x28, 0x5f, 835 0xc3, 0x96, 0x6c, 0x6a, 0x51, 0x81, 0xe7, 0x60, 836 0x5a, 0xe6, 0x75, 0x23, 0x5b, 0x6d, 0x54, 0x9f, 837 0xbf, 0xc9, 0xab, 0x66, 0x30, 0xa4, 0xc6, 0x04 838 ); 839 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ki, 840 0xfa, 0x62, 0x4f, 0xa0, 0xe5, 0x23, 0x99, 0x3f, 841 0xa3, 0x88, 0xae, 0xfd, 0xc6, 0x7e, 0x67, 0xeb, 842 0xcd, 0x8c, 0x08, 0xe8, 0xa0, 0x24, 0x6b, 0x1d, 843 0x73, 0xb0, 0xd1, 0xdd, 0x9f, 0xc5, 0x82, 0xb0 844 ); 845 846 DEFINE_HEX_XDR_NETOBJ(usage_checksum, 847 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_CHECKSUM 848 ); 849 DEFINE_HEX_XDR_NETOBJ(usage_encryption, 850 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_ENCRYPTION 851 ); 852 DEFINE_HEX_XDR_NETOBJ(usage_integrity, 853 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_INTEGRITY 854 ); 855 856 static const struct gss_krb5_test_param rfc6803_kdf_test_params[] = { 857 { 858 .desc = "Derive Kc subkey for camellia128-cts-cmac", 859 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 860 .base_key = &camellia128_cts_cmac_basekey, 861 .usage = &usage_checksum, 862 .expected_result = &camellia128_cts_cmac_Kc, 863 }, 864 { 865 .desc = "Derive Ke subkey for camellia128-cts-cmac", 866 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 867 .base_key = &camellia128_cts_cmac_basekey, 868 .usage = &usage_encryption, 869 .expected_result = &camellia128_cts_cmac_Ke, 870 }, 871 { 872 .desc = "Derive Ki subkey for camellia128-cts-cmac", 873 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 874 .base_key = &camellia128_cts_cmac_basekey, 875 .usage = &usage_integrity, 876 .expected_result = &camellia128_cts_cmac_Ki, 877 }, 878 { 879 .desc = "Derive Kc subkey for camellia256-cts-cmac", 880 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 881 .base_key = &camellia256_cts_cmac_basekey, 882 .usage = &usage_checksum, 883 .expected_result = &camellia256_cts_cmac_Kc, 884 }, 885 { 886 .desc = "Derive Ke subkey for camellia256-cts-cmac", 887 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 888 .base_key = &camellia256_cts_cmac_basekey, 889 .usage = &usage_encryption, 890 .expected_result = &camellia256_cts_cmac_Ke, 891 }, 892 { 893 .desc = "Derive Ki subkey for camellia256-cts-cmac", 894 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 895 .base_key = &camellia256_cts_cmac_basekey, 896 .usage = &usage_integrity, 897 .expected_result = &camellia256_cts_cmac_Ki, 898 }, 899 }; 900 901 /* Creates the function rfc6803_kdf_gen_params */ 902 KUNIT_ARRAY_PARAM(rfc6803_kdf, rfc6803_kdf_test_params, gss_krb5_get_desc); 903 904 /* 905 * From RFC 6803 Section 10. Test vectors 906 * 907 * Sample checksums. 908 * 909 * Copyright (c) 2012 IETF Trust and the persons identified as the 910 * document authors. All rights reserved. 911 * 912 * XXX: These tests are likely to fail on EBCDIC or Unicode platforms. 913 */ 914 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test1_plaintext, 915 "abcdefghijk"); 916 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_basekey, 917 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93, 918 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3 919 ); 920 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_usage, 921 0x00, 0x00, 0x00, 0x07, KEY_USAGE_SEED_CHECKSUM 922 ); 923 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_expected_result, 924 0x11, 0x78, 0xe6, 0xc5, 0xc4, 0x7a, 0x8c, 0x1a, 925 0xe0, 0xc4, 0xb9, 0xc7, 0xd4, 0xeb, 0x7b, 0x6b 926 ); 927 928 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test2_plaintext, 929 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"); 930 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_basekey, 931 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d, 932 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c 933 ); 934 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_usage, 935 0x00, 0x00, 0x00, 0x08, KEY_USAGE_SEED_CHECKSUM 936 ); 937 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_expected_result, 938 0xd1, 0xb3, 0x4f, 0x70, 0x04, 0xa7, 0x31, 0xf2, 939 0x3a, 0x0c, 0x00, 0xbf, 0x6c, 0x3f, 0x75, 0x3a 940 ); 941 942 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test3_plaintext, 943 "123456789"); 944 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_basekey, 945 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57, 946 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03, 947 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd, 948 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b 949 ); 950 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_usage, 951 0x00, 0x00, 0x00, 0x09, KEY_USAGE_SEED_CHECKSUM 952 ); 953 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_expected_result, 954 0x87, 0xa1, 0x2c, 0xfd, 0x2b, 0x96, 0x21, 0x48, 955 0x10, 0xf0, 0x1c, 0x82, 0x6e, 0x77, 0x44, 0xb1 956 ); 957 958 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test4_plaintext, 959 "!@#$%^&*()!@#$%^&*()!@#$%^&*()"); 960 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_basekey, 961 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15, 962 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe, 963 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33, 964 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05 965 ); 966 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_usage, 967 0x00, 0x00, 0x00, 0x0a, KEY_USAGE_SEED_CHECKSUM 968 ); 969 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_expected_result, 970 0x3f, 0xa0, 0xb4, 0x23, 0x55, 0xe5, 0x2b, 0x18, 971 0x91, 0x87, 0x29, 0x4a, 0xa2, 0x52, 0xab, 0x64 972 ); 973 974 static const struct gss_krb5_test_param rfc6803_checksum_test_params[] = { 975 { 976 .desc = "camellia128-cts-cmac checksum test 1", 977 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 978 .base_key = &rfc6803_checksum_test1_basekey, 979 .usage = &rfc6803_checksum_test1_usage, 980 .plaintext = &rfc6803_checksum_test1_plaintext, 981 .expected_result = &rfc6803_checksum_test1_expected_result, 982 }, 983 { 984 .desc = "camellia128-cts-cmac checksum test 2", 985 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 986 .base_key = &rfc6803_checksum_test2_basekey, 987 .usage = &rfc6803_checksum_test2_usage, 988 .plaintext = &rfc6803_checksum_test2_plaintext, 989 .expected_result = &rfc6803_checksum_test2_expected_result, 990 }, 991 { 992 .desc = "camellia256-cts-cmac checksum test 3", 993 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 994 .base_key = &rfc6803_checksum_test3_basekey, 995 .usage = &rfc6803_checksum_test3_usage, 996 .plaintext = &rfc6803_checksum_test3_plaintext, 997 .expected_result = &rfc6803_checksum_test3_expected_result, 998 }, 999 { 1000 .desc = "camellia256-cts-cmac checksum test 4", 1001 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1002 .base_key = &rfc6803_checksum_test4_basekey, 1003 .usage = &rfc6803_checksum_test4_usage, 1004 .plaintext = &rfc6803_checksum_test4_plaintext, 1005 .expected_result = &rfc6803_checksum_test4_expected_result, 1006 }, 1007 }; 1008 1009 /* Creates the function rfc6803_checksum_gen_params */ 1010 KUNIT_ARRAY_PARAM(rfc6803_checksum, rfc6803_checksum_test_params, 1011 gss_krb5_get_desc); 1012 1013 /* 1014 * From RFC 6803 Section 10. Test vectors 1015 * 1016 * Sample encryptions (all using the default cipher state) 1017 * 1018 * Copyright (c) 2012 IETF Trust and the persons identified as the 1019 * document authors. All rights reserved. 1020 * 1021 * Key usage values are from errata 4326 against RFC 6803. 1022 */ 1023 1024 static const struct xdr_netobj rfc6803_enc_empty_plaintext = { 1025 .len = 0, 1026 }; 1027 1028 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_1byte_plaintext, "1"); 1029 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_9byte_plaintext, "9 bytesss"); 1030 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_13byte_plaintext, "13 bytes byte"); 1031 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_30byte_plaintext, 1032 "30 bytes bytes bytes bytes byt" 1033 ); 1034 1035 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_confounder, 1036 0xb6, 0x98, 0x22, 0xa1, 0x9a, 0x6b, 0x09, 0xc0, 1037 0xeb, 0xc8, 0x55, 0x7d, 0x1f, 0x1b, 0x6c, 0x0a 1038 ); 1039 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_basekey, 1040 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93, 1041 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3 1042 ); 1043 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_expected_result, 1044 0xc4, 0x66, 0xf1, 0x87, 0x10, 0x69, 0x92, 0x1e, 1045 0xdb, 0x7c, 0x6f, 0xde, 0x24, 0x4a, 0x52, 0xdb, 1046 0x0b, 0xa1, 0x0e, 0xdc, 0x19, 0x7b, 0xdb, 0x80, 1047 0x06, 0x65, 0x8c, 0xa3, 0xcc, 0xce, 0x6e, 0xb8 1048 ); 1049 1050 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_confounder, 1051 0x6f, 0x2f, 0xc3, 0xc2, 0xa1, 0x66, 0xfd, 0x88, 1052 0x98, 0x96, 0x7a, 0x83, 0xde, 0x95, 0x96, 0xd9 1053 ); 1054 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_basekey, 1055 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d, 1056 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c 1057 ); 1058 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_expected_result, 1059 0x84, 0x2d, 0x21, 0xfd, 0x95, 0x03, 0x11, 0xc0, 1060 0xdd, 0x46, 0x4a, 0x3f, 0x4b, 0xe8, 0xd6, 0xda, 1061 0x88, 0xa5, 0x6d, 0x55, 0x9c, 0x9b, 0x47, 0xd3, 1062 0xf9, 0xa8, 0x50, 0x67, 0xaf, 0x66, 0x15, 0x59, 1063 0xb8 1064 ); 1065 1066 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_confounder, 1067 0xa5, 0xb4, 0xa7, 0x1e, 0x07, 0x7a, 0xee, 0xf9, 1068 0x3c, 0x87, 0x63, 0xc1, 0x8f, 0xdb, 0x1f, 0x10 1069 ); 1070 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_basekey, 1071 0xa1, 0xbb, 0x61, 0xe8, 0x05, 0xf9, 0xba, 0x6d, 1072 0xde, 0x8f, 0xdb, 0xdd, 0xc0, 0x5c, 0xde, 0xa0 1073 ); 1074 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_expected_result, 1075 0x61, 0x9f, 0xf0, 0x72, 0xe3, 0x62, 0x86, 0xff, 1076 0x0a, 0x28, 0xde, 0xb3, 0xa3, 0x52, 0xec, 0x0d, 1077 0x0e, 0xdf, 0x5c, 0x51, 0x60, 0xd6, 0x63, 0xc9, 1078 0x01, 0x75, 0x8c, 0xcf, 0x9d, 0x1e, 0xd3, 0x3d, 1079 0x71, 0xdb, 0x8f, 0x23, 0xaa, 0xbf, 0x83, 0x48, 1080 0xa0 1081 ); 1082 1083 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_confounder, 1084 0x19, 0xfe, 0xe4, 0x0d, 0x81, 0x0c, 0x52, 0x4b, 1085 0x5b, 0x22, 0xf0, 0x18, 0x74, 0xc6, 0x93, 0xda 1086 ); 1087 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_basekey, 1088 0x2c, 0xa2, 0x7a, 0x5f, 0xaf, 0x55, 0x32, 0x24, 1089 0x45, 0x06, 0x43, 0x4e, 0x1c, 0xef, 0x66, 0x76 1090 ); 1091 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_expected_result, 1092 0xb8, 0xec, 0xa3, 0x16, 0x7a, 0xe6, 0x31, 0x55, 1093 0x12, 0xe5, 0x9f, 0x98, 0xa7, 0xc5, 0x00, 0x20, 1094 0x5e, 0x5f, 0x63, 0xff, 0x3b, 0xb3, 0x89, 0xaf, 1095 0x1c, 0x41, 0xa2, 0x1d, 0x64, 0x0d, 0x86, 0x15, 1096 0xc9, 0xed, 0x3f, 0xbe, 0xb0, 0x5a, 0xb6, 0xac, 1097 0xb6, 0x76, 0x89, 0xb5, 0xea 1098 ); 1099 1100 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_confounder, 1101 0xca, 0x7a, 0x7a, 0xb4, 0xbe, 0x19, 0x2d, 0xab, 1102 0xd6, 0x03, 0x50, 0x6d, 0xb1, 0x9c, 0x39, 0xe2 1103 ); 1104 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_basekey, 1105 0x78, 0x24, 0xf8, 0xc1, 0x6f, 0x83, 0xff, 0x35, 1106 0x4c, 0x6b, 0xf7, 0x51, 0x5b, 0x97, 0x3f, 0x43 1107 ); 1108 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_expected_result, 1109 0xa2, 0x6a, 0x39, 0x05, 0xa4, 0xff, 0xd5, 0x81, 1110 0x6b, 0x7b, 0x1e, 0x27, 0x38, 0x0d, 0x08, 0x09, 1111 0x0c, 0x8e, 0xc1, 0xf3, 0x04, 0x49, 0x6e, 0x1a, 1112 0xbd, 0xcd, 0x2b, 0xdc, 0xd1, 0xdf, 0xfc, 0x66, 1113 0x09, 0x89, 0xe1, 0x17, 0xa7, 0x13, 0xdd, 0xbb, 1114 0x57, 0xa4, 0x14, 0x6c, 0x15, 0x87, 0xcb, 0xa4, 1115 0x35, 0x66, 0x65, 0x59, 0x1d, 0x22, 0x40, 0x28, 1116 0x2f, 0x58, 0x42, 0xb1, 0x05, 0xa5 1117 ); 1118 1119 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_confounder, 1120 0x3c, 0xbb, 0xd2, 0xb4, 0x59, 0x17, 0x94, 0x10, 1121 0x67, 0xf9, 0x65, 0x99, 0xbb, 0x98, 0x92, 0x6c 1122 ); 1123 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_basekey, 1124 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57, 1125 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03, 1126 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd, 1127 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b 1128 ); 1129 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_expected_result, 1130 0x03, 0x88, 0x6d, 0x03, 0x31, 0x0b, 0x47, 0xa6, 1131 0xd8, 0xf0, 0x6d, 0x7b, 0x94, 0xd1, 0xdd, 0x83, 1132 0x7e, 0xcc, 0xe3, 0x15, 0xef, 0x65, 0x2a, 0xff, 1133 0x62, 0x08, 0x59, 0xd9, 0x4a, 0x25, 0x92, 0x66 1134 ); 1135 1136 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_confounder, 1137 0xde, 0xf4, 0x87, 0xfc, 0xeb, 0xe6, 0xde, 0x63, 1138 0x46, 0xd4, 0xda, 0x45, 0x21, 0xbb, 0xa2, 0xd2 1139 ); 1140 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_basekey, 1141 0x1b, 0x97, 0xfe, 0x0a, 0x19, 0x0e, 0x20, 0x21, 1142 0xeb, 0x30, 0x75, 0x3e, 0x1b, 0x6e, 0x1e, 0x77, 1143 0xb0, 0x75, 0x4b, 0x1d, 0x68, 0x46, 0x10, 0x35, 1144 0x58, 0x64, 0x10, 0x49, 0x63, 0x46, 0x38, 0x33 1145 ); 1146 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_expected_result, 1147 0x2c, 0x9c, 0x15, 0x70, 0x13, 0x3c, 0x99, 0xbf, 1148 0x6a, 0x34, 0xbc, 0x1b, 0x02, 0x12, 0x00, 0x2f, 1149 0xd1, 0x94, 0x33, 0x87, 0x49, 0xdb, 0x41, 0x35, 1150 0x49, 0x7a, 0x34, 0x7c, 0xfc, 0xd9, 0xd1, 0x8a, 1151 0x12 1152 ); 1153 1154 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_confounder, 1155 0xad, 0x4f, 0xf9, 0x04, 0xd3, 0x4e, 0x55, 0x53, 1156 0x84, 0xb1, 0x41, 0x00, 0xfc, 0x46, 0x5f, 0x88 1157 ); 1158 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_basekey, 1159 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15, 1160 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe, 1161 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33, 1162 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05 1163 ); 1164 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_expected_result, 1165 0x9c, 0x6d, 0xe7, 0x5f, 0x81, 0x2d, 0xe7, 0xed, 1166 0x0d, 0x28, 0xb2, 0x96, 0x35, 0x57, 0xa1, 0x15, 1167 0x64, 0x09, 0x98, 0x27, 0x5b, 0x0a, 0xf5, 0x15, 1168 0x27, 0x09, 0x91, 0x3f, 0xf5, 0x2a, 0x2a, 0x9c, 1169 0x8e, 0x63, 0xb8, 0x72, 0xf9, 0x2e, 0x64, 0xc8, 1170 0x39 1171 ); 1172 1173 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_confounder, 1174 0xcf, 0x9b, 0xca, 0x6d, 0xf1, 0x14, 0x4e, 0x0c, 1175 0x0a, 0xf9, 0xb8, 0xf3, 0x4c, 0x90, 0xd5, 0x14 1176 ); 1177 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_basekey, 1178 0xb0, 0x38, 0xb1, 0x32, 0xcd, 0x8e, 0x06, 0x61, 1179 0x22, 0x67, 0xfa, 0xb7, 0x17, 0x00, 0x66, 0xd8, 1180 0x8a, 0xec, 0xcb, 0xa0, 0xb7, 0x44, 0xbf, 0xc6, 1181 0x0d, 0xc8, 0x9b, 0xca, 0x18, 0x2d, 0x07, 0x15 1182 ); 1183 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_expected_result, 1184 0xee, 0xec, 0x85, 0xa9, 0x81, 0x3c, 0xdc, 0x53, 1185 0x67, 0x72, 0xab, 0x9b, 0x42, 0xde, 0xfc, 0x57, 1186 0x06, 0xf7, 0x26, 0xe9, 0x75, 0xdd, 0xe0, 0x5a, 1187 0x87, 0xeb, 0x54, 0x06, 0xea, 0x32, 0x4c, 0xa1, 1188 0x85, 0xc9, 0x98, 0x6b, 0x42, 0xaa, 0xbe, 0x79, 1189 0x4b, 0x84, 0x82, 0x1b, 0xee 1190 ); 1191 1192 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_confounder, 1193 0x64, 0x4d, 0xef, 0x38, 0xda, 0x35, 0x00, 0x72, 1194 0x75, 0x87, 0x8d, 0x21, 0x68, 0x55, 0xe2, 0x28 1195 ); 1196 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_basekey, 1197 0xcc, 0xfc, 0xd3, 0x49, 0xbf, 0x4c, 0x66, 0x77, 1198 0xe8, 0x6e, 0x4b, 0x02, 0xb8, 0xea, 0xb9, 0x24, 1199 0xa5, 0x46, 0xac, 0x73, 0x1c, 0xf9, 0xbf, 0x69, 1200 0x89, 0xb9, 0x96, 0xe7, 0xd6, 0xbf, 0xbb, 0xa7 1201 ); 1202 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_expected_result, 1203 0x0e, 0x44, 0x68, 0x09, 0x85, 0x85, 0x5f, 0x2d, 1204 0x1f, 0x18, 0x12, 0x52, 0x9c, 0xa8, 0x3b, 0xfd, 1205 0x8e, 0x34, 0x9d, 0xe6, 0xfd, 0x9a, 0xda, 0x0b, 1206 0xaa, 0xa0, 0x48, 0xd6, 0x8e, 0x26, 0x5f, 0xeb, 1207 0xf3, 0x4a, 0xd1, 0x25, 0x5a, 0x34, 0x49, 0x99, 1208 0xad, 0x37, 0x14, 0x68, 0x87, 0xa6, 0xc6, 0x84, 1209 0x57, 0x31, 0xac, 0x7f, 0x46, 0x37, 0x6a, 0x05, 1210 0x04, 0xcd, 0x06, 0x57, 0x14, 0x74 1211 ); 1212 1213 static const struct gss_krb5_test_param rfc6803_encrypt_test_params[] = { 1214 { 1215 .desc = "Encrypt empty plaintext with camellia128-cts-cmac", 1216 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1217 .constant = 0, 1218 .base_key = &rfc6803_enc_test1_basekey, 1219 .plaintext = &rfc6803_enc_empty_plaintext, 1220 .confounder = &rfc6803_enc_test1_confounder, 1221 .expected_result = &rfc6803_enc_test1_expected_result, 1222 }, 1223 { 1224 .desc = "Encrypt 1 byte with camellia128-cts-cmac", 1225 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1226 .constant = 1, 1227 .base_key = &rfc6803_enc_test2_basekey, 1228 .plaintext = &rfc6803_enc_1byte_plaintext, 1229 .confounder = &rfc6803_enc_test2_confounder, 1230 .expected_result = &rfc6803_enc_test2_expected_result, 1231 }, 1232 { 1233 .desc = "Encrypt 9 bytes with camellia128-cts-cmac", 1234 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1235 .constant = 2, 1236 .base_key = &rfc6803_enc_test3_basekey, 1237 .plaintext = &rfc6803_enc_9byte_plaintext, 1238 .confounder = &rfc6803_enc_test3_confounder, 1239 .expected_result = &rfc6803_enc_test3_expected_result, 1240 }, 1241 { 1242 .desc = "Encrypt 13 bytes with camellia128-cts-cmac", 1243 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1244 .constant = 3, 1245 .base_key = &rfc6803_enc_test4_basekey, 1246 .plaintext = &rfc6803_enc_13byte_plaintext, 1247 .confounder = &rfc6803_enc_test4_confounder, 1248 .expected_result = &rfc6803_enc_test4_expected_result, 1249 }, 1250 { 1251 .desc = "Encrypt 30 bytes with camellia128-cts-cmac", 1252 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1253 .constant = 4, 1254 .base_key = &rfc6803_enc_test5_basekey, 1255 .plaintext = &rfc6803_enc_30byte_plaintext, 1256 .confounder = &rfc6803_enc_test5_confounder, 1257 .expected_result = &rfc6803_enc_test5_expected_result, 1258 }, 1259 { 1260 .desc = "Encrypt empty plaintext with camellia256-cts-cmac", 1261 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1262 .constant = 0, 1263 .base_key = &rfc6803_enc_test6_basekey, 1264 .plaintext = &rfc6803_enc_empty_plaintext, 1265 .confounder = &rfc6803_enc_test6_confounder, 1266 .expected_result = &rfc6803_enc_test6_expected_result, 1267 }, 1268 { 1269 .desc = "Encrypt 1 byte with camellia256-cts-cmac", 1270 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1271 .constant = 1, 1272 .base_key = &rfc6803_enc_test7_basekey, 1273 .plaintext = &rfc6803_enc_1byte_plaintext, 1274 .confounder = &rfc6803_enc_test7_confounder, 1275 .expected_result = &rfc6803_enc_test7_expected_result, 1276 }, 1277 { 1278 .desc = "Encrypt 9 bytes with camellia256-cts-cmac", 1279 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1280 .constant = 2, 1281 .base_key = &rfc6803_enc_test8_basekey, 1282 .plaintext = &rfc6803_enc_9byte_plaintext, 1283 .confounder = &rfc6803_enc_test8_confounder, 1284 .expected_result = &rfc6803_enc_test8_expected_result, 1285 }, 1286 { 1287 .desc = "Encrypt 13 bytes with camellia256-cts-cmac", 1288 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1289 .constant = 3, 1290 .base_key = &rfc6803_enc_test9_basekey, 1291 .plaintext = &rfc6803_enc_13byte_plaintext, 1292 .confounder = &rfc6803_enc_test9_confounder, 1293 .expected_result = &rfc6803_enc_test9_expected_result, 1294 }, 1295 { 1296 .desc = "Encrypt 30 bytes with camellia256-cts-cmac", 1297 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1298 .constant = 4, 1299 .base_key = &rfc6803_enc_test10_basekey, 1300 .plaintext = &rfc6803_enc_30byte_plaintext, 1301 .confounder = &rfc6803_enc_test10_confounder, 1302 .expected_result = &rfc6803_enc_test10_expected_result, 1303 }, 1304 }; 1305 1306 /* Creates the function rfc6803_encrypt_gen_params */ 1307 KUNIT_ARRAY_PARAM(rfc6803_encrypt, rfc6803_encrypt_test_params, 1308 gss_krb5_get_desc); 1309 1310 static void rfc6803_encrypt_case(struct kunit *test) 1311 { 1312 const struct gss_krb5_test_param *param = test->param_value; 1313 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 1314 const struct gss_krb5_enctype *gk5e; 1315 struct xdr_netobj Ke, Ki, checksum; 1316 u8 usage_data[GSS_KRB5_K5CLENGTH]; 1317 struct xdr_netobj usage = { 1318 .data = usage_data, 1319 .len = sizeof(usage_data), 1320 }; 1321 struct crypto_ahash *ahash_tfm; 1322 unsigned int blocksize; 1323 struct xdr_buf buf; 1324 void *text; 1325 size_t len; 1326 u32 err; 1327 1328 /* Arrange */ 1329 gk5e = gss_krb5_lookup_enctype(param->enctype); 1330 if (!gk5e) 1331 kunit_skip(test, "Encryption type is not available"); 1332 1333 memset(usage_data, 0, sizeof(usage_data)); 1334 usage.data[3] = param->constant; 1335 1336 Ke.len = gk5e->Ke_length; 1337 Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL); 1338 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data); 1339 usage.data[4] = KEY_USAGE_SEED_ENCRYPTION; 1340 err = gk5e->derive_key(gk5e, param->base_key, &Ke, &usage, GFP_KERNEL); 1341 KUNIT_ASSERT_EQ(test, err, 0); 1342 1343 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 1344 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 1345 err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len); 1346 KUNIT_ASSERT_EQ(test, err, 0); 1347 1348 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 1349 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 1350 err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len); 1351 KUNIT_ASSERT_EQ(test, err, 0); 1352 blocksize = crypto_sync_skcipher_blocksize(cts_tfm); 1353 1354 len = param->confounder->len + param->plaintext->len + blocksize; 1355 text = kunit_kzalloc(test, len, GFP_KERNEL); 1356 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 1357 memcpy(text, param->confounder->data, param->confounder->len); 1358 memcpy(text + param->confounder->len, param->plaintext->data, 1359 param->plaintext->len); 1360 1361 memset(&buf, 0, sizeof(buf)); 1362 buf.head[0].iov_base = text; 1363 buf.head[0].iov_len = param->confounder->len + param->plaintext->len; 1364 buf.len = buf.head[0].iov_len; 1365 1366 checksum.len = gk5e->cksumlength; 1367 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 1368 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 1369 1370 Ki.len = gk5e->Ki_length; 1371 Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL); 1372 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data); 1373 usage.data[4] = KEY_USAGE_SEED_INTEGRITY; 1374 err = gk5e->derive_key(gk5e, param->base_key, &Ki, 1375 &usage, GFP_KERNEL); 1376 KUNIT_ASSERT_EQ(test, err, 0); 1377 ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 1378 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm); 1379 err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len); 1380 KUNIT_ASSERT_EQ(test, err, 0); 1381 1382 /* Act */ 1383 err = gss_krb5_checksum(ahash_tfm, NULL, 0, &buf, 0, &checksum); 1384 KUNIT_ASSERT_EQ(test, err, 0); 1385 1386 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); 1387 KUNIT_ASSERT_EQ(test, err, 0); 1388 1389 /* Assert */ 1390 KUNIT_EXPECT_EQ_MSG(test, param->expected_result->len, 1391 buf.len + checksum.len, 1392 "ciphertext length mismatch"); 1393 KUNIT_EXPECT_EQ_MSG(test, 1394 memcmp(param->expected_result->data, 1395 buf.head[0].iov_base, buf.len), 0, 1396 "encrypted result mismatch"); 1397 KUNIT_EXPECT_EQ_MSG(test, 1398 memcmp(param->expected_result->data + 1399 (param->expected_result->len - checksum.len), 1400 checksum.data, checksum.len), 0, 1401 "HMAC mismatch"); 1402 1403 crypto_free_ahash(ahash_tfm); 1404 crypto_free_sync_skcipher(cts_tfm); 1405 crypto_free_sync_skcipher(cbc_tfm); 1406 } 1407 1408 static struct kunit_case rfc6803_test_cases[] = { 1409 { 1410 .name = "RFC 6803 key derivation", 1411 .run_case = kdf_case, 1412 .generate_params = rfc6803_kdf_gen_params, 1413 }, 1414 { 1415 .name = "RFC 6803 checksum", 1416 .run_case = checksum_case, 1417 .generate_params = rfc6803_checksum_gen_params, 1418 }, 1419 { 1420 .name = "RFC 6803 encryption", 1421 .run_case = rfc6803_encrypt_case, 1422 .generate_params = rfc6803_encrypt_gen_params, 1423 }, 1424 {} 1425 }; 1426 1427 static struct kunit_suite rfc6803_suite = { 1428 .name = "RFC 6803 suite", 1429 .test_cases = rfc6803_test_cases, 1430 }; 1431 1432 /* 1433 * From RFC 8009 Appendix A. Test Vectors 1434 * 1435 * Sample results for SHA-2 enctype key derivation 1436 * 1437 * This test material is copyright (c) 2016 IETF Trust and the 1438 * persons identified as the document authors. All rights reserved. 1439 */ 1440 1441 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_basekey, 1442 0x37, 0x05, 0xd9, 0x60, 0x80, 0xc1, 0x77, 0x28, 1443 0xa0, 0xe8, 0x00, 0xea, 0xb6, 0xe0, 0xd2, 0x3c 1444 ); 1445 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Kc, 1446 0xb3, 0x1a, 0x01, 0x8a, 0x48, 0xf5, 0x47, 0x76, 1447 0xf4, 0x03, 0xe9, 0xa3, 0x96, 0x32, 0x5d, 0xc3 1448 ); 1449 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ke, 1450 0x9b, 0x19, 0x7d, 0xd1, 0xe8, 0xc5, 0x60, 0x9d, 1451 0x6e, 0x67, 0xc3, 0xe3, 0x7c, 0x62, 0xc7, 0x2e 1452 ); 1453 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ki, 1454 0x9f, 0xda, 0x0e, 0x56, 0xab, 0x2d, 0x85, 0xe1, 1455 0x56, 0x9a, 0x68, 0x86, 0x96, 0xc2, 0x6a, 0x6c 1456 ); 1457 1458 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_basekey, 1459 0x6d, 0x40, 0x4d, 0x37, 0xfa, 0xf7, 0x9f, 0x9d, 1460 0xf0, 0xd3, 0x35, 0x68, 0xd3, 0x20, 0x66, 0x98, 1461 0x00, 0xeb, 0x48, 0x36, 0x47, 0x2e, 0xa8, 0xa0, 1462 0x26, 0xd1, 0x6b, 0x71, 0x82, 0x46, 0x0c, 0x52 1463 ); 1464 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Kc, 1465 0xef, 0x57, 0x18, 0xbe, 0x86, 0xcc, 0x84, 0x96, 1466 0x3d, 0x8b, 0xbb, 0x50, 0x31, 0xe9, 0xf5, 0xc4, 1467 0xba, 0x41, 0xf2, 0x8f, 0xaf, 0x69, 0xe7, 0x3d 1468 ); 1469 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ke, 1470 0x56, 0xab, 0x22, 0xbe, 0xe6, 0x3d, 0x82, 0xd7, 1471 0xbc, 0x52, 0x27, 0xf6, 0x77, 0x3f, 0x8e, 0xa7, 1472 0xa5, 0xeb, 0x1c, 0x82, 0x51, 0x60, 0xc3, 0x83, 1473 0x12, 0x98, 0x0c, 0x44, 0x2e, 0x5c, 0x7e, 0x49 1474 ); 1475 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ki, 1476 0x69, 0xb1, 0x65, 0x14, 0xe3, 0xcd, 0x8e, 0x56, 1477 0xb8, 0x20, 0x10, 0xd5, 0xc7, 0x30, 0x12, 0xb6, 1478 0x22, 0xc4, 0xd0, 0x0f, 0xfc, 0x23, 0xed, 0x1f 1479 ); 1480 1481 static const struct gss_krb5_test_param rfc8009_kdf_test_params[] = { 1482 { 1483 .desc = "Derive Kc subkey for aes128-cts-hmac-sha256-128", 1484 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1485 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1486 .usage = &usage_checksum, 1487 .expected_result = &aes128_cts_hmac_sha256_128_Kc, 1488 }, 1489 { 1490 .desc = "Derive Ke subkey for aes128-cts-hmac-sha256-128", 1491 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1492 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1493 .usage = &usage_encryption, 1494 .expected_result = &aes128_cts_hmac_sha256_128_Ke, 1495 }, 1496 { 1497 .desc = "Derive Ki subkey for aes128-cts-hmac-sha256-128", 1498 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1499 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1500 .usage = &usage_integrity, 1501 .expected_result = &aes128_cts_hmac_sha256_128_Ki, 1502 }, 1503 { 1504 .desc = "Derive Kc subkey for aes256-cts-hmac-sha384-192", 1505 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1506 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1507 .usage = &usage_checksum, 1508 .expected_result = &aes256_cts_hmac_sha384_192_Kc, 1509 }, 1510 { 1511 .desc = "Derive Ke subkey for aes256-cts-hmac-sha384-192", 1512 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1513 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1514 .usage = &usage_encryption, 1515 .expected_result = &aes256_cts_hmac_sha384_192_Ke, 1516 }, 1517 { 1518 .desc = "Derive Ki subkey for aes256-cts-hmac-sha384-192", 1519 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1520 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1521 .usage = &usage_integrity, 1522 .expected_result = &aes256_cts_hmac_sha384_192_Ki, 1523 }, 1524 }; 1525 1526 /* Creates the function rfc8009_kdf_gen_params */ 1527 KUNIT_ARRAY_PARAM(rfc8009_kdf, rfc8009_kdf_test_params, gss_krb5_get_desc); 1528 1529 /* 1530 * From RFC 8009 Appendix A. Test Vectors 1531 * 1532 * These sample checksums use the above sample key derivation results, 1533 * including use of the same base-key and key usage values. 1534 * 1535 * This test material is copyright (c) 2016 IETF Trust and the 1536 * persons identified as the document authors. All rights reserved. 1537 */ 1538 1539 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_plaintext, 1540 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1541 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 1542 0x10, 0x11, 0x12, 0x13, 0x14 1543 ); 1544 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test1_expected_result, 1545 0xd7, 0x83, 0x67, 0x18, 0x66, 0x43, 0xd6, 0x7b, 1546 0x41, 0x1c, 0xba, 0x91, 0x39, 0xfc, 0x1d, 0xee 1547 ); 1548 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test2_expected_result, 1549 0x45, 0xee, 0x79, 0x15, 0x67, 0xee, 0xfc, 0xa3, 1550 0x7f, 0x4a, 0xc1, 0xe0, 0x22, 0x2d, 0xe8, 0x0d, 1551 0x43, 0xc3, 0xbf, 0xa0, 0x66, 0x99, 0x67, 0x2a 1552 ); 1553 1554 static const struct gss_krb5_test_param rfc8009_checksum_test_params[] = { 1555 { 1556 .desc = "Checksum with aes128-cts-hmac-sha256-128", 1557 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1558 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1559 .usage = &usage_checksum, 1560 .plaintext = &rfc8009_checksum_plaintext, 1561 .expected_result = &rfc8009_checksum_test1_expected_result, 1562 }, 1563 { 1564 .desc = "Checksum with aes256-cts-hmac-sha384-192", 1565 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1566 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1567 .usage = &usage_checksum, 1568 .plaintext = &rfc8009_checksum_plaintext, 1569 .expected_result = &rfc8009_checksum_test2_expected_result, 1570 }, 1571 }; 1572 1573 /* Creates the function rfc8009_checksum_gen_params */ 1574 KUNIT_ARRAY_PARAM(rfc8009_checksum, rfc8009_checksum_test_params, 1575 gss_krb5_get_desc); 1576 1577 /* 1578 * From RFC 8009 Appendix A. Test Vectors 1579 * 1580 * Sample encryptions (all using the default cipher state): 1581 * -------------------------------------------------------- 1582 * 1583 * These sample encryptions use the above sample key derivation results, 1584 * including use of the same base-key and key usage values. 1585 * 1586 * This test material is copyright (c) 2016 IETF Trust and the 1587 * persons identified as the document authors. All rights reserved. 1588 */ 1589 1590 static const struct xdr_netobj rfc8009_enc_empty_plaintext = { 1591 .len = 0, 1592 }; 1593 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_short_plaintext, 1594 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 1595 ); 1596 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_block_plaintext, 1597 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1598 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 1599 ); 1600 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_long_plaintext, 1601 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 1602 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 1603 0x10, 0x11, 0x12, 0x13, 0x14 1604 ); 1605 1606 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_confounder, 1607 0x7e, 0x58, 0x95, 0xea, 0xf2, 0x67, 0x24, 0x35, 1608 0xba, 0xd8, 0x17, 0xf5, 0x45, 0xa3, 0x71, 0x48 1609 ); 1610 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_result, 1611 0xef, 0x85, 0xfb, 0x89, 0x0b, 0xb8, 0x47, 0x2f, 1612 0x4d, 0xab, 0x20, 0x39, 0x4d, 0xca, 0x78, 0x1d 1613 ); 1614 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_hmac, 1615 0xad, 0x87, 0x7e, 0xda, 0x39, 0xd5, 0x0c, 0x87, 1616 0x0c, 0x0d, 0x5a, 0x0a, 0x8e, 0x48, 0xc7, 0x18 1617 ); 1618 1619 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_confounder, 1620 0x7b, 0xca, 0x28, 0x5e, 0x2f, 0xd4, 0x13, 0x0f, 1621 0xb5, 0x5b, 0x1a, 0x5c, 0x83, 0xbc, 0x5b, 0x24 1622 ); 1623 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_result, 1624 0x84, 0xd7, 0xf3, 0x07, 0x54, 0xed, 0x98, 0x7b, 1625 0xab, 0x0b, 0xf3, 0x50, 0x6b, 0xeb, 0x09, 0xcf, 1626 0xb5, 0x54, 0x02, 0xce, 0xf7, 0xe6 1627 ); 1628 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_hmac, 1629 0x87, 0x7c, 0xe9, 0x9e, 0x24, 0x7e, 0x52, 0xd1, 1630 0x6e, 0xd4, 0x42, 0x1d, 0xfd, 0xf8, 0x97, 0x6c 1631 ); 1632 1633 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_confounder, 1634 0x56, 0xab, 0x21, 0x71, 0x3f, 0xf6, 0x2c, 0x0a, 1635 0x14, 0x57, 0x20, 0x0f, 0x6f, 0xa9, 0x94, 0x8f 1636 ); 1637 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_result, 1638 0x35, 0x17, 0xd6, 0x40, 0xf5, 0x0d, 0xdc, 0x8a, 1639 0xd3, 0x62, 0x87, 0x22, 0xb3, 0x56, 0x9d, 0x2a, 1640 0xe0, 0x74, 0x93, 0xfa, 0x82, 0x63, 0x25, 0x40, 1641 0x80, 0xea, 0x65, 0xc1, 0x00, 0x8e, 0x8f, 0xc2 1642 ); 1643 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_hmac, 1644 0x95, 0xfb, 0x48, 0x52, 0xe7, 0xd8, 0x3e, 0x1e, 1645 0x7c, 0x48, 0xc3, 0x7e, 0xeb, 0xe6, 0xb0, 0xd3 1646 ); 1647 1648 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_confounder, 1649 0xa7, 0xa4, 0xe2, 0x9a, 0x47, 0x28, 0xce, 0x10, 1650 0x66, 0x4f, 0xb6, 0x4e, 0x49, 0xad, 0x3f, 0xac 1651 ); 1652 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_result, 1653 0x72, 0x0f, 0x73, 0xb1, 0x8d, 0x98, 0x59, 0xcd, 1654 0x6c, 0xcb, 0x43, 0x46, 0x11, 0x5c, 0xd3, 0x36, 1655 0xc7, 0x0f, 0x58, 0xed, 0xc0, 0xc4, 0x43, 0x7c, 1656 0x55, 0x73, 0x54, 0x4c, 0x31, 0xc8, 0x13, 0xbc, 1657 0xe1, 0xe6, 0xd0, 0x72, 0xc1 1658 ); 1659 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_hmac, 1660 0x86, 0xb3, 0x9a, 0x41, 0x3c, 0x2f, 0x92, 0xca, 1661 0x9b, 0x83, 0x34, 0xa2, 0x87, 0xff, 0xcb, 0xfc 1662 ); 1663 1664 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_confounder, 1665 0xf7, 0x64, 0xe9, 0xfa, 0x15, 0xc2, 0x76, 0x47, 1666 0x8b, 0x2c, 0x7d, 0x0c, 0x4e, 0x5f, 0x58, 0xe4 1667 ); 1668 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_result, 1669 0x41, 0xf5, 0x3f, 0xa5, 0xbf, 0xe7, 0x02, 0x6d, 1670 0x91, 0xfa, 0xf9, 0xbe, 0x95, 0x91, 0x95, 0xa0 1671 ); 1672 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_hmac, 1673 0x58, 0x70, 0x72, 0x73, 0xa9, 0x6a, 0x40, 0xf0, 1674 0xa0, 0x19, 0x60, 0x62, 0x1a, 0xc6, 0x12, 0x74, 1675 0x8b, 0x9b, 0xbf, 0xbe, 0x7e, 0xb4, 0xce, 0x3c 1676 ); 1677 1678 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_confounder, 1679 0xb8, 0x0d, 0x32, 0x51, 0xc1, 0xf6, 0x47, 0x14, 1680 0x94, 0x25, 0x6f, 0xfe, 0x71, 0x2d, 0x0b, 0x9a 1681 ); 1682 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_result, 1683 0x4e, 0xd7, 0xb3, 0x7c, 0x2b, 0xca, 0xc8, 0xf7, 1684 0x4f, 0x23, 0xc1, 0xcf, 0x07, 0xe6, 0x2b, 0xc7, 1685 0xb7, 0x5f, 0xb3, 0xf6, 0x37, 0xb9 1686 ); 1687 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_hmac, 1688 0xf5, 0x59, 0xc7, 0xf6, 0x64, 0xf6, 0x9e, 0xab, 1689 0x7b, 0x60, 0x92, 0x23, 0x75, 0x26, 0xea, 0x0d, 1690 0x1f, 0x61, 0xcb, 0x20, 0xd6, 0x9d, 0x10, 0xf2 1691 ); 1692 1693 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_confounder, 1694 0x53, 0xbf, 0x8a, 0x0d, 0x10, 0x52, 0x65, 0xd4, 1695 0xe2, 0x76, 0x42, 0x86, 0x24, 0xce, 0x5e, 0x63 1696 ); 1697 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_result, 1698 0xbc, 0x47, 0xff, 0xec, 0x79, 0x98, 0xeb, 0x91, 1699 0xe8, 0x11, 0x5c, 0xf8, 0xd1, 0x9d, 0xac, 0x4b, 1700 0xbb, 0xe2, 0xe1, 0x63, 0xe8, 0x7d, 0xd3, 0x7f, 1701 0x49, 0xbe, 0xca, 0x92, 0x02, 0x77, 0x64, 0xf6 1702 ); 1703 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_hmac, 1704 0x8c, 0xf5, 0x1f, 0x14, 0xd7, 0x98, 0xc2, 0x27, 1705 0x3f, 0x35, 0xdf, 0x57, 0x4d, 0x1f, 0x93, 0x2e, 1706 0x40, 0xc4, 0xff, 0x25, 0x5b, 0x36, 0xa2, 0x66 1707 ); 1708 1709 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_confounder, 1710 0x76, 0x3e, 0x65, 0x36, 0x7e, 0x86, 0x4f, 0x02, 1711 0xf5, 0x51, 0x53, 0xc7, 0xe3, 0xb5, 0x8a, 0xf1 1712 ); 1713 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_result, 1714 0x40, 0x01, 0x3e, 0x2d, 0xf5, 0x8e, 0x87, 0x51, 1715 0x95, 0x7d, 0x28, 0x78, 0xbc, 0xd2, 0xd6, 0xfe, 1716 0x10, 0x1c, 0xcf, 0xd5, 0x56, 0xcb, 0x1e, 0xae, 1717 0x79, 0xdb, 0x3c, 0x3e, 0xe8, 0x64, 0x29, 0xf2, 1718 0xb2, 0xa6, 0x02, 0xac, 0x86 1719 ); 1720 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_hmac, 1721 0xfe, 0xf6, 0xec, 0xb6, 0x47, 0xd6, 0x29, 0x5f, 1722 0xae, 0x07, 0x7a, 0x1f, 0xeb, 0x51, 0x75, 0x08, 1723 0xd2, 0xc1, 0x6b, 0x41, 0x92, 0xe0, 0x1f, 0x62 1724 ); 1725 1726 static const struct gss_krb5_test_param rfc8009_encrypt_test_params[] = { 1727 { 1728 .desc = "Encrypt empty plaintext with aes128-cts-hmac-sha256-128", 1729 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1730 .plaintext = &rfc8009_enc_empty_plaintext, 1731 .confounder = &rfc8009_enc_test1_confounder, 1732 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1733 .expected_result = &rfc8009_enc_test1_expected_result, 1734 .expected_hmac = &rfc8009_enc_test1_expected_hmac, 1735 }, 1736 { 1737 .desc = "Encrypt short plaintext with aes128-cts-hmac-sha256-128", 1738 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1739 .plaintext = &rfc8009_enc_short_plaintext, 1740 .confounder = &rfc8009_enc_test2_confounder, 1741 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1742 .expected_result = &rfc8009_enc_test2_expected_result, 1743 .expected_hmac = &rfc8009_enc_test2_expected_hmac, 1744 }, 1745 { 1746 .desc = "Encrypt block plaintext with aes128-cts-hmac-sha256-128", 1747 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1748 .plaintext = &rfc8009_enc_block_plaintext, 1749 .confounder = &rfc8009_enc_test3_confounder, 1750 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1751 .expected_result = &rfc8009_enc_test3_expected_result, 1752 .expected_hmac = &rfc8009_enc_test3_expected_hmac, 1753 }, 1754 { 1755 .desc = "Encrypt long plaintext with aes128-cts-hmac-sha256-128", 1756 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1757 .plaintext = &rfc8009_enc_long_plaintext, 1758 .confounder = &rfc8009_enc_test4_confounder, 1759 .base_key = &aes128_cts_hmac_sha256_128_basekey, 1760 .expected_result = &rfc8009_enc_test4_expected_result, 1761 .expected_hmac = &rfc8009_enc_test4_expected_hmac, 1762 }, 1763 { 1764 .desc = "Encrypt empty plaintext with aes256-cts-hmac-sha384-192", 1765 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1766 .plaintext = &rfc8009_enc_empty_plaintext, 1767 .confounder = &rfc8009_enc_test5_confounder, 1768 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1769 .expected_result = &rfc8009_enc_test5_expected_result, 1770 .expected_hmac = &rfc8009_enc_test5_expected_hmac, 1771 }, 1772 { 1773 .desc = "Encrypt short plaintext with aes256-cts-hmac-sha384-192", 1774 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1775 .plaintext = &rfc8009_enc_short_plaintext, 1776 .confounder = &rfc8009_enc_test6_confounder, 1777 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1778 .expected_result = &rfc8009_enc_test6_expected_result, 1779 .expected_hmac = &rfc8009_enc_test6_expected_hmac, 1780 }, 1781 { 1782 .desc = "Encrypt block plaintext with aes256-cts-hmac-sha384-192", 1783 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1784 .plaintext = &rfc8009_enc_block_plaintext, 1785 .confounder = &rfc8009_enc_test7_confounder, 1786 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1787 .expected_result = &rfc8009_enc_test7_expected_result, 1788 .expected_hmac = &rfc8009_enc_test7_expected_hmac, 1789 }, 1790 { 1791 .desc = "Encrypt long plaintext with aes256-cts-hmac-sha384-192", 1792 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1793 .plaintext = &rfc8009_enc_long_plaintext, 1794 .confounder = &rfc8009_enc_test8_confounder, 1795 .base_key = &aes256_cts_hmac_sha384_192_basekey, 1796 .expected_result = &rfc8009_enc_test8_expected_result, 1797 .expected_hmac = &rfc8009_enc_test8_expected_hmac, 1798 }, 1799 }; 1800 1801 /* Creates the function rfc8009_encrypt_gen_params */ 1802 KUNIT_ARRAY_PARAM(rfc8009_encrypt, rfc8009_encrypt_test_params, 1803 gss_krb5_get_desc); 1804 1805 static void rfc8009_encrypt_case(struct kunit *test) 1806 { 1807 const struct gss_krb5_test_param *param = test->param_value; 1808 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 1809 const struct gss_krb5_enctype *gk5e; 1810 struct xdr_netobj Ke, Ki, checksum; 1811 u8 usage_data[GSS_KRB5_K5CLENGTH]; 1812 struct xdr_netobj usage = { 1813 .data = usage_data, 1814 .len = sizeof(usage_data), 1815 }; 1816 struct crypto_ahash *ahash_tfm; 1817 struct xdr_buf buf; 1818 void *text; 1819 size_t len; 1820 u32 err; 1821 1822 /* Arrange */ 1823 gk5e = gss_krb5_lookup_enctype(param->enctype); 1824 if (!gk5e) 1825 kunit_skip(test, "Encryption type is not available"); 1826 1827 *(__be32 *)usage.data = cpu_to_be32(2); 1828 1829 Ke.len = gk5e->Ke_length; 1830 Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL); 1831 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data); 1832 usage.data[4] = KEY_USAGE_SEED_ENCRYPTION; 1833 err = gk5e->derive_key(gk5e, param->base_key, &Ke, 1834 &usage, GFP_KERNEL); 1835 KUNIT_ASSERT_EQ(test, err, 0); 1836 1837 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 1838 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 1839 err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len); 1840 KUNIT_ASSERT_EQ(test, err, 0); 1841 1842 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 1843 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 1844 err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len); 1845 KUNIT_ASSERT_EQ(test, err, 0); 1846 1847 len = param->confounder->len + param->plaintext->len; 1848 text = kunit_kzalloc(test, len, GFP_KERNEL); 1849 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 1850 memcpy(text, param->confounder->data, param->confounder->len); 1851 memcpy(text + param->confounder->len, param->plaintext->data, 1852 param->plaintext->len); 1853 1854 memset(&buf, 0, sizeof(buf)); 1855 buf.head[0].iov_base = text; 1856 buf.head[0].iov_len = param->confounder->len + param->plaintext->len; 1857 buf.len = buf.head[0].iov_len; 1858 1859 checksum.len = gk5e->cksumlength; 1860 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); 1861 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); 1862 1863 Ki.len = gk5e->Ki_length; 1864 Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL); 1865 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data); 1866 usage.data[4] = KEY_USAGE_SEED_INTEGRITY; 1867 err = gk5e->derive_key(gk5e, param->base_key, &Ki, 1868 &usage, GFP_KERNEL); 1869 KUNIT_ASSERT_EQ(test, err, 0); 1870 1871 ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); 1872 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm); 1873 err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len); 1874 KUNIT_ASSERT_EQ(test, err, 0); 1875 1876 /* Act */ 1877 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); 1878 KUNIT_ASSERT_EQ(test, err, 0); 1879 err = krb5_etm_checksum(cts_tfm, ahash_tfm, &buf, 0, &checksum); 1880 KUNIT_ASSERT_EQ(test, err, 0); 1881 1882 /* Assert */ 1883 KUNIT_EXPECT_EQ_MSG(test, 1884 param->expected_result->len, buf.len, 1885 "ciphertext length mismatch"); 1886 KUNIT_EXPECT_EQ_MSG(test, 1887 memcmp(param->expected_result->data, 1888 buf.head[0].iov_base, 1889 param->expected_result->len), 0, 1890 "ciphertext mismatch"); 1891 KUNIT_EXPECT_EQ_MSG(test, memcmp(param->expected_hmac->data, 1892 checksum.data, 1893 checksum.len), 0, 1894 "HMAC mismatch"); 1895 1896 crypto_free_ahash(ahash_tfm); 1897 crypto_free_sync_skcipher(cts_tfm); 1898 crypto_free_sync_skcipher(cbc_tfm); 1899 } 1900 1901 static struct kunit_case rfc8009_test_cases[] = { 1902 { 1903 .name = "RFC 8009 key derivation", 1904 .run_case = kdf_case, 1905 .generate_params = rfc8009_kdf_gen_params, 1906 }, 1907 { 1908 .name = "RFC 8009 checksum", 1909 .run_case = checksum_case, 1910 .generate_params = rfc8009_checksum_gen_params, 1911 }, 1912 { 1913 .name = "RFC 8009 encryption", 1914 .run_case = rfc8009_encrypt_case, 1915 .generate_params = rfc8009_encrypt_gen_params, 1916 }, 1917 {} 1918 }; 1919 1920 static struct kunit_suite rfc8009_suite = { 1921 .name = "RFC 8009 suite", 1922 .test_cases = rfc8009_test_cases, 1923 }; 1924 1925 /* 1926 * Encryption self-tests 1927 */ 1928 1929 DEFINE_STR_XDR_NETOBJ(encrypt_selftest_plaintext, 1930 "This is the plaintext for the encryption self-test."); 1931 1932 static const struct gss_krb5_test_param encrypt_selftest_params[] = { 1933 { 1934 .desc = "aes128-cts-hmac-sha1-96 encryption self-test", 1935 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, 1936 .Ke = &rfc3962_encryption_key, 1937 .plaintext = &encrypt_selftest_plaintext, 1938 }, 1939 { 1940 .desc = "aes256-cts-hmac-sha1-96 encryption self-test", 1941 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96, 1942 .Ke = &rfc3962_encryption_key, 1943 .plaintext = &encrypt_selftest_plaintext, 1944 }, 1945 { 1946 .desc = "camellia128-cts-cmac encryption self-test", 1947 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, 1948 .Ke = &camellia128_cts_cmac_Ke, 1949 .plaintext = &encrypt_selftest_plaintext, 1950 }, 1951 { 1952 .desc = "camellia256-cts-cmac encryption self-test", 1953 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, 1954 .Ke = &camellia256_cts_cmac_Ke, 1955 .plaintext = &encrypt_selftest_plaintext, 1956 }, 1957 { 1958 .desc = "aes128-cts-hmac-sha256-128 encryption self-test", 1959 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, 1960 .Ke = &aes128_cts_hmac_sha256_128_Ke, 1961 .plaintext = &encrypt_selftest_plaintext, 1962 }, 1963 { 1964 .desc = "aes256-cts-hmac-sha384-192 encryption self-test", 1965 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, 1966 .Ke = &aes256_cts_hmac_sha384_192_Ke, 1967 .plaintext = &encrypt_selftest_plaintext, 1968 }, 1969 }; 1970 1971 /* Creates the function encrypt_selftest_gen_params */ 1972 KUNIT_ARRAY_PARAM(encrypt_selftest, encrypt_selftest_params, 1973 gss_krb5_get_desc); 1974 1975 /* 1976 * Encrypt and decrypt plaintext, and ensure the input plaintext 1977 * matches the output plaintext. A confounder is not added in this 1978 * case. 1979 */ 1980 static void encrypt_selftest_case(struct kunit *test) 1981 { 1982 const struct gss_krb5_test_param *param = test->param_value; 1983 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; 1984 const struct gss_krb5_enctype *gk5e; 1985 struct xdr_buf buf; 1986 void *text; 1987 int err; 1988 1989 /* Arrange */ 1990 gk5e = gss_krb5_lookup_enctype(param->enctype); 1991 if (!gk5e) 1992 kunit_skip(test, "Encryption type is not available"); 1993 1994 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); 1995 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); 1996 err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len); 1997 KUNIT_ASSERT_EQ(test, err, 0); 1998 1999 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); 2000 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); 2001 err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len); 2002 KUNIT_ASSERT_EQ(test, err, 0); 2003 2004 text = kunit_kzalloc(test, roundup(param->plaintext->len, 2005 crypto_sync_skcipher_blocksize(cbc_tfm)), 2006 GFP_KERNEL); 2007 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); 2008 2009 memcpy(text, param->plaintext->data, param->plaintext->len); 2010 memset(&buf, 0, sizeof(buf)); 2011 buf.head[0].iov_base = text; 2012 buf.head[0].iov_len = param->plaintext->len; 2013 buf.len = buf.head[0].iov_len; 2014 2015 /* Act */ 2016 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); 2017 KUNIT_ASSERT_EQ(test, err, 0); 2018 err = krb5_cbc_cts_decrypt(cts_tfm, cbc_tfm, 0, &buf); 2019 KUNIT_ASSERT_EQ(test, err, 0); 2020 2021 /* Assert */ 2022 KUNIT_EXPECT_EQ_MSG(test, 2023 param->plaintext->len, buf.len, 2024 "length mismatch"); 2025 KUNIT_EXPECT_EQ_MSG(test, 2026 memcmp(param->plaintext->data, 2027 buf.head[0].iov_base, buf.len), 0, 2028 "plaintext mismatch"); 2029 2030 crypto_free_sync_skcipher(cts_tfm); 2031 crypto_free_sync_skcipher(cbc_tfm); 2032 } 2033 2034 static struct kunit_case encryption_test_cases[] = { 2035 { 2036 .name = "Encryption self-tests", 2037 .run_case = encrypt_selftest_case, 2038 .generate_params = encrypt_selftest_gen_params, 2039 }, 2040 {} 2041 }; 2042 2043 static struct kunit_suite encryption_test_suite = { 2044 .name = "Encryption test suite", 2045 .test_cases = encryption_test_cases, 2046 }; 2047 2048 kunit_test_suites(&rfc3961_suite, 2049 &rfc3962_suite, 2050 &rfc6803_suite, 2051 &rfc8009_suite, 2052 &encryption_test_suite); 2053 2054 MODULE_DESCRIPTION("Test RPCSEC GSS Kerberos 5 functions"); 2055 MODULE_LICENSE("GPL"); 2056