1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* Copyright (c) 2022 Oracle and/or its affiliates.
4	*
5	* KUnit test of SunRPC's GSS Kerberos mechanism. Subsystem
6	* name is "rpcsec_gss_krb5".
7	*/
8
9	#include <kunit/test.h>
10	#include <kunit/visibility.h>
11
12	#include <linux/kernel.h>
13	#include <crypto/hash.h>
14
15	#include <linux/sunrpc/xdr.h>
16	#include <linux/sunrpc/gss_krb5.h>
17
18	#include "gss_krb5_internal.h"
19
20	MODULE_IMPORT_NS(EXPORTED_FOR_KUNIT_TESTING);
21
22	struct gss_krb5_test_param {
23	const char *desc;
24	u32 enctype;
25	u32 nfold;
26	u32 constant;
27	const struct xdr_netobj *base_key;
28	const struct xdr_netobj *Ke;
29	const struct xdr_netobj *usage;
30	const struct xdr_netobj *plaintext;
31	const struct xdr_netobj *confounder;
32	const struct xdr_netobj *expected_result;
33	const struct xdr_netobj *expected_hmac;
34	const struct xdr_netobj *next_iv;
35	};
36
37	static inline void gss_krb5_get_desc(const struct gss_krb5_test_param *param,
38	char *desc)
39	{
40	strscpy(desc, param->desc, KUNIT_PARAM_DESC_SIZE);
41	}
42
43	static void kdf_case(struct kunit *test)
44	{
45	const struct gss_krb5_test_param *param = test->param_value;
46	const struct gss_krb5_enctype *gk5e;
47	struct xdr_netobj derivedkey;
48	int err;
49
50	/* Arrange */
51	gk5e = gss_krb5_lookup_enctype(etype: param->enctype);
52	if (!gk5e)
53	kunit_skip(test, "Encryption type is not available");
54
55	derivedkey.data = kunit_kzalloc(test, size: param->expected_result->len,
56	GFP_KERNEL);
57	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, derivedkey.data);
58	derivedkey.len = param->expected_result->len;
59
60	/* Act */
61	err = gk5e->derive_key(gk5e, param->base_key, &derivedkey,
62	param->usage, GFP_KERNEL);
63	KUNIT_ASSERT_EQ(test, err, 0);
64
65	/* Assert */
66	KUNIT_EXPECT_EQ_MSG(test,
67	memcmp(param->expected_result->data,
68	derivedkey.data, derivedkey.len), 0,
69	"key mismatch");
70	}
71
72	static void checksum_case(struct kunit *test)
73	{
74	const struct gss_krb5_test_param *param = test->param_value;
75	struct xdr_buf buf = {
76	.head[0].iov_len = param->plaintext->len,
77	.len = param->plaintext->len,
78	};
79	const struct gss_krb5_enctype *gk5e;
80	struct xdr_netobj Kc, checksum;
81	struct crypto_ahash *tfm;
82	int err;
83
84	/* Arrange */
85	gk5e = gss_krb5_lookup_enctype(etype: param->enctype);
86	if (!gk5e)
87	kunit_skip(test, "Encryption type is not available");
88
89	Kc.len = gk5e->Kc_length;
90	Kc.data = kunit_kzalloc(test, size: Kc.len, GFP_KERNEL);
91	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Kc.data);
92	err = gk5e->derive_key(gk5e, param->base_key, &Kc,
93	param->usage, GFP_KERNEL);
94	KUNIT_ASSERT_EQ(test, err, 0);
95
96	tfm = crypto_alloc_ahash(alg_name: gk5e->cksum_name, type: 0, CRYPTO_ALG_ASYNC);
97	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, tfm);
98	err = crypto_ahash_setkey(tfm, key: Kc.data, keylen: Kc.len);
99	KUNIT_ASSERT_EQ(test, err, 0);
100
101	buf.head[0].iov_base = kunit_kzalloc(test, size: buf.head[0].iov_len, GFP_KERNEL);
102	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, buf.head[0].iov_base);
103	memcpy(buf.head[0].iov_base, param->plaintext->data, buf.head[0].iov_len);
104
105	checksum.len = gk5e->cksumlength;
106	checksum.data = kunit_kzalloc(test, size: checksum.len, GFP_KERNEL);
107	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data);
108
109	/* Act */
110	err = gss_krb5_checksum(tfm, NULL, hdrlen: 0, body: &buf, body_offset: 0, cksumout: &checksum);
111	KUNIT_ASSERT_EQ(test, err, 0);
112
113	/* Assert */
114	KUNIT_EXPECT_EQ_MSG(test,
115	memcmp(param->expected_result->data,
116	checksum.data, checksum.len), 0,
117	"checksum mismatch");
118
119	crypto_free_ahash(tfm);
120	}
121
122	#define DEFINE_HEX_XDR_NETOBJ(name, hex_array...) \
123	static const u8 name ## _data[] = { hex_array }; \
124	static const struct xdr_netobj name = { \
125	.data = (u8 *)name##_data, \
126	.len = sizeof(name##_data), \
127	}
128
129	#define DEFINE_STR_XDR_NETOBJ(name, string) \
130	static const u8 name ## _str[] = string; \
131	static const struct xdr_netobj name = { \
132	.data = (u8 *)name##_str, \
133	.len = sizeof(name##_str) - 1, \
134	}
135
136	/*
137	* RFC 3961 Appendix A.1. n-fold
138	*
139	* The n-fold function is defined in section 5.1 of RFC 3961.
140	*
141	* This test material is copyright (C) The Internet Society (2005).
142	*/
143
144	DEFINE_HEX_XDR_NETOBJ(nfold_test1_plaintext,
145	0x30, 0x31, 0x32, 0x33, 0x34, 0x35
146	);
147	DEFINE_HEX_XDR_NETOBJ(nfold_test1_expected_result,
148	0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55
149	);
150
151	DEFINE_HEX_XDR_NETOBJ(nfold_test2_plaintext,
152	0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64
153	);
154	DEFINE_HEX_XDR_NETOBJ(nfold_test2_expected_result,
155	0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa
156	);
157
158	DEFINE_HEX_XDR_NETOBJ(nfold_test3_plaintext,
159	0x52, 0x6f, 0x75, 0x67, 0x68, 0x20, 0x43, 0x6f,
160	0x6e, 0x73, 0x65, 0x6e, 0x73, 0x75, 0x73, 0x2c,
161	0x20, 0x61, 0x6e, 0x64, 0x20, 0x52, 0x75, 0x6e,
162	0x6e, 0x69, 0x6e, 0x67, 0x20, 0x43, 0x6f, 0x64,
163	0x65
164	);
165	DEFINE_HEX_XDR_NETOBJ(nfold_test3_expected_result,
166	0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0
167	);
168
169	DEFINE_HEX_XDR_NETOBJ(nfold_test4_plaintext,
170	0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64
171	);
172	DEFINE_HEX_XDR_NETOBJ(nfold_test4_expected_result,
173	0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3,
174	0xc3, 0x7b, 0x3f, 0x6d, 0x20, 0x00, 0x24, 0x7c,
175	0xb6, 0xe6, 0xbd, 0x5b, 0x3e
176	);
177
178	DEFINE_HEX_XDR_NETOBJ(nfold_test5_plaintext,
179	0x4d, 0x41, 0x53, 0x53, 0x41, 0x43, 0x48, 0x56,
180	0x53, 0x45, 0x54, 0x54, 0x53, 0x20, 0x49, 0x4e,
181	0x53, 0x54, 0x49, 0x54, 0x56, 0x54, 0x45, 0x20,
182	0x4f, 0x46, 0x20, 0x54, 0x45, 0x43, 0x48, 0x4e,
183	0x4f, 0x4c, 0x4f, 0x47, 0x59
184	);
185	DEFINE_HEX_XDR_NETOBJ(nfold_test5_expected_result,
186	0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60,
187	0x32, 0x82, 0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22,
188	0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b
189	);
190
191	DEFINE_HEX_XDR_NETOBJ(nfold_test6_plaintext,
192	0x51
193	);
194	DEFINE_HEX_XDR_NETOBJ(nfold_test6_expected_result,
195	0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a,
196	0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a,
197	0x51, 0x8a, 0x54, 0xa2, 0x15
198	);
199
200	DEFINE_HEX_XDR_NETOBJ(nfold_test7_plaintext,
201	0x62, 0x61
202	);
203	DEFINE_HEX_XDR_NETOBJ(nfold_test7_expected_result,
204	0xfb, 0x25, 0xd5, 0x31, 0xae, 0x89, 0x74, 0x49,
205	0x9f, 0x52, 0xfd, 0x92, 0xea, 0x98, 0x57, 0xc4,
206	0xba, 0x24, 0xcf, 0x29, 0x7e
207	);
208
209	DEFINE_HEX_XDR_NETOBJ(nfold_test_kerberos,
210	0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73
211	);
212	DEFINE_HEX_XDR_NETOBJ(nfold_test8_expected_result,
213	0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73
214	);
215	DEFINE_HEX_XDR_NETOBJ(nfold_test9_expected_result,
216	0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73,
217	0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93
218	);
219	DEFINE_HEX_XDR_NETOBJ(nfold_test10_expected_result,
220	0x83, 0x72, 0xc2, 0x36, 0x34, 0x4e, 0x5f, 0x15,
221	0x50, 0xcd, 0x07, 0x47, 0xe1, 0x5d, 0x62, 0xca,
222	0x7a, 0x5a, 0x3b, 0xce, 0xa4
223	);
224	DEFINE_HEX_XDR_NETOBJ(nfold_test11_expected_result,
225	0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73,
226	0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93,
227	0x5c, 0x9b, 0xdc, 0xda, 0xd9, 0x5c, 0x98, 0x99,
228	0xc4, 0xca, 0xe4, 0xde, 0xe6, 0xd6, 0xca, 0xe4
229	);
230
231	static const struct gss_krb5_test_param rfc3961_nfold_test_params[] = {
232	{
233	.desc = "64-fold(\"012345\")",
234	.nfold = 64,
235	.plaintext = &nfold_test1_plaintext,
236	.expected_result = &nfold_test1_expected_result,
237	},
238	{
239	.desc = "56-fold(\"password\")",
240	.nfold = 56,
241	.plaintext = &nfold_test2_plaintext,
242	.expected_result = &nfold_test2_expected_result,
243	},
244	{
245	.desc = "64-fold(\"Rough Consensus, and Running Code\")",
246	.nfold = 64,
247	.plaintext = &nfold_test3_plaintext,
248	.expected_result = &nfold_test3_expected_result,
249	},
250	{
251	.desc = "168-fold(\"password\")",
252	.nfold = 168,
253	.plaintext = &nfold_test4_plaintext,
254	.expected_result = &nfold_test4_expected_result,
255	},
256	{
257	.desc = "192-fold(\"MASSACHVSETTS INSTITVTE OF TECHNOLOGY\")",
258	.nfold = 192,
259	.plaintext = &nfold_test5_plaintext,
260	.expected_result = &nfold_test5_expected_result,
261	},
262	{
263	.desc = "168-fold(\"Q\")",
264	.nfold = 168,
265	.plaintext = &nfold_test6_plaintext,
266	.expected_result = &nfold_test6_expected_result,
267	},
268	{
269	.desc = "168-fold(\"ba\")",
270	.nfold = 168,
271	.plaintext = &nfold_test7_plaintext,
272	.expected_result = &nfold_test7_expected_result,
273	},
274	{
275	.desc = "64-fold(\"kerberos\")",
276	.nfold = 64,
277	.plaintext = &nfold_test_kerberos,
278	.expected_result = &nfold_test8_expected_result,
279	},
280	{
281	.desc = "128-fold(\"kerberos\")",
282	.nfold = 128,
283	.plaintext = &nfold_test_kerberos,
284	.expected_result = &nfold_test9_expected_result,
285	},
286	{
287	.desc = "168-fold(\"kerberos\")",
288	.nfold = 168,
289	.plaintext = &nfold_test_kerberos,
290	.expected_result = &nfold_test10_expected_result,
291	},
292	{
293	.desc = "256-fold(\"kerberos\")",
294	.nfold = 256,
295	.plaintext = &nfold_test_kerberos,
296	.expected_result = &nfold_test11_expected_result,
297	},
298	};
299
300	/* Creates the function rfc3961_nfold_gen_params */
301	KUNIT_ARRAY_PARAM(rfc3961_nfold, rfc3961_nfold_test_params, gss_krb5_get_desc);
302
303	static void rfc3961_nfold_case(struct kunit *test)
304	{
305	const struct gss_krb5_test_param *param = test->param_value;
306	u8 *result;
307
308	/* Arrange */
309	result = kunit_kzalloc(test, size: 4096, GFP_KERNEL);
310	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, result);
311
312	/* Act */
313	krb5_nfold(inbits: param->plaintext->len * 8, in: param->plaintext->data,
314	outbits: param->expected_result->len * 8, out: result);
315
316	/* Assert */
317	KUNIT_EXPECT_EQ_MSG(test,
318	memcmp(param->expected_result->data,
319	result, param->expected_result->len), 0,
320	"result mismatch");
321	}
322
323	static struct kunit_case rfc3961_test_cases[] = {
324	{
325	.name = "RFC 3961 n-fold",
326	.run_case = rfc3961_nfold_case,
327	.generate_params = rfc3961_nfold_gen_params,
328	},
329	{}
330	};
331
332	static struct kunit_suite rfc3961_suite = {
333	.name = "RFC 3961 tests",
334	.test_cases = rfc3961_test_cases,
335	};
336
337	/*
338	* From RFC 3962 Appendix B: Sample Test Vectors
339	*
340	* Some test vectors for CBC with ciphertext stealing, using an
341	* initial vector of all-zero.
342	*
343	* This test material is copyright (C) The Internet Society (2005).
344	*/
345
346	DEFINE_HEX_XDR_NETOBJ(rfc3962_encryption_key,
347	0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
348	0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
349	);
350
351	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_plaintext,
352	0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
353	0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
354	0x20
355	);
356	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_expected_result,
357	0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
358	0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
359	0x97
360	);
361	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_next_iv,
362	0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
363	0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f
364	);
365
366	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_plaintext,
367	0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
368	0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
369	0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
370	0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20
371	);
372	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_expected_result,
373	0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
374	0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
375	0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
376	0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
377	);
378	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_next_iv,
379	0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
380	0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22
381	);
382
383	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_plaintext,
384	0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
385	0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
386	0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
387	0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43
388	);
389	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_expected_result,
390	0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
391	0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
392	0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
393	0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
394	);
395	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_next_iv,
396	0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
397	0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
398	);
399
400	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_plaintext,
401	0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
402	0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
403	0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
404	0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
405	0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
406	0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c
407	);
408	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_expected_result,
409	0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
410	0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
411	0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
412	0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
413	0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
414	0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
415	);
416	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_next_iv,
417	0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
418	0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e
419	);
420
421	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_plaintext,
422	0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
423	0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
424	0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
425	0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
426	0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
427	0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20
428	);
429	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_expected_result,
430	0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
431	0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
432	0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
433	0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
434	0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
435	0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
436	);
437	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_next_iv,
438	0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
439	0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
440	);
441
442	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_plaintext,
443	0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
444	0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
445	0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
446	0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
447	0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
448	0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
449	0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74,
450	0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e
451	);
452	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_expected_result,
453	0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
454	0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
455	0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
456	0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
457	0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
458	0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
459	0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
460	0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
461	);
462	DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_next_iv,
463	0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
464	0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40
465	);
466
467	static const struct gss_krb5_test_param rfc3962_encrypt_test_params[] = {
468	{
469	.desc = "Encrypt with aes128-cts-hmac-sha1-96 case 1",
470	.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
471	.Ke = &rfc3962_encryption_key,
472	.plaintext = &rfc3962_enc_test1_plaintext,
473	.expected_result = &rfc3962_enc_test1_expected_result,
474	.next_iv = &rfc3962_enc_test1_next_iv,
475	},
476	{
477	.desc = "Encrypt with aes128-cts-hmac-sha1-96 case 2",
478	.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
479	.Ke = &rfc3962_encryption_key,
480	.plaintext = &rfc3962_enc_test2_plaintext,
481	.expected_result = &rfc3962_enc_test2_expected_result,
482	.next_iv = &rfc3962_enc_test2_next_iv,
483	},
484	{
485	.desc = "Encrypt with aes128-cts-hmac-sha1-96 case 3",
486	.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
487	.Ke = &rfc3962_encryption_key,
488	.plaintext = &rfc3962_enc_test3_plaintext,
489	.expected_result = &rfc3962_enc_test3_expected_result,
490	.next_iv = &rfc3962_enc_test3_next_iv,
491	},
492	{
493	.desc = "Encrypt with aes128-cts-hmac-sha1-96 case 4",
494	.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
495	.Ke = &rfc3962_encryption_key,
496	.plaintext = &rfc3962_enc_test4_plaintext,
497	.expected_result = &rfc3962_enc_test4_expected_result,
498	.next_iv = &rfc3962_enc_test4_next_iv,
499	},
500	{
501	.desc = "Encrypt with aes128-cts-hmac-sha1-96 case 5",
502	.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
503	.Ke = &rfc3962_encryption_key,
504	.plaintext = &rfc3962_enc_test5_plaintext,
505	.expected_result = &rfc3962_enc_test5_expected_result,
506	.next_iv = &rfc3962_enc_test5_next_iv,
507	},
508	{
509	.desc = "Encrypt with aes128-cts-hmac-sha1-96 case 6",
510	.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
511	.Ke = &rfc3962_encryption_key,
512	.plaintext = &rfc3962_enc_test6_plaintext,
513	.expected_result = &rfc3962_enc_test6_expected_result,
514	.next_iv = &rfc3962_enc_test6_next_iv,
515	},
516	};
517
518	/* Creates the function rfc3962_encrypt_gen_params */
519	KUNIT_ARRAY_PARAM(rfc3962_encrypt, rfc3962_encrypt_test_params,
520	gss_krb5_get_desc);
521
522	/*
523	* This tests the implementation of the encryption part of the mechanism.
524	* It does not apply a confounder or test the result of HMAC over the
525	* plaintext.
526	*/
527	static void rfc3962_encrypt_case(struct kunit *test)
528	{
529	const struct gss_krb5_test_param *param = test->param_value;
530	struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
531	const struct gss_krb5_enctype *gk5e;
532	struct xdr_buf buf;
533	void *iv, *text;
534	u32 err;
535
536	/* Arrange */
537	gk5e = gss_krb5_lookup_enctype(etype: param->enctype);
538	if (!gk5e)
539	kunit_skip(test, "Encryption type is not available");
540
541	cbc_tfm = crypto_alloc_sync_skcipher(alg_name: gk5e->aux_cipher, type: 0, mask: 0);
542	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
543	err = crypto_sync_skcipher_setkey(tfm: cbc_tfm, key: param->Ke->data, keylen: param->Ke->len);
544	KUNIT_ASSERT_EQ(test, err, 0);
545
546	cts_tfm = crypto_alloc_sync_skcipher(alg_name: gk5e->encrypt_name, type: 0, mask: 0);
547	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
548	err = crypto_sync_skcipher_setkey(tfm: cts_tfm, key: param->Ke->data, keylen: param->Ke->len);
549	KUNIT_ASSERT_EQ(test, err, 0);
550
551	iv = kunit_kzalloc(test, size: crypto_sync_skcipher_ivsize(tfm: cts_tfm), GFP_KERNEL);
552	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, iv);
553
554	text = kunit_kzalloc(test, size: param->plaintext->len, GFP_KERNEL);
555	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
556
557	memcpy(text, param->plaintext->data, param->plaintext->len);
558	memset(&buf, 0, sizeof(buf));
559	buf.head[0].iov_base = text;
560	buf.head[0].iov_len = param->plaintext->len;
561	buf.len = buf.head[0].iov_len;
562
563	/* Act */
564	err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, offset: 0, buf: &buf, NULL,
565	iv, ivsize: crypto_sync_skcipher_ivsize(tfm: cts_tfm));
566	KUNIT_ASSERT_EQ(test, err, 0);
567
568	/* Assert */
569	KUNIT_EXPECT_EQ_MSG(test,
570	param->expected_result->len, buf.len,
571	"ciphertext length mismatch");
572	KUNIT_EXPECT_EQ_MSG(test,
573	memcmp(param->expected_result->data,
574	text, param->expected_result->len), 0,
575	"ciphertext mismatch");
576	KUNIT_EXPECT_EQ_MSG(test,
577	memcmp(param->next_iv->data, iv,
578	param->next_iv->len), 0,
579	"IV mismatch");
580
581	crypto_free_sync_skcipher(tfm: cts_tfm);
582	crypto_free_sync_skcipher(tfm: cbc_tfm);
583	}
584
585	static struct kunit_case rfc3962_test_cases[] = {
586	{
587	.name = "RFC 3962 encryption",
588	.run_case = rfc3962_encrypt_case,
589	.generate_params = rfc3962_encrypt_gen_params,
590	},
591	{}
592	};
593
594	static struct kunit_suite rfc3962_suite = {
595	.name = "RFC 3962 suite",
596	.test_cases = rfc3962_test_cases,
597	};
598
599	/*
600	* From RFC 6803 Section 10. Test vectors
601	*
602	* Sample results for key derivation
603	*
604	* Copyright (c) 2012 IETF Trust and the persons identified as the
605	* document authors. All rights reserved.
606	*/
607
608	DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_basekey,
609	0x57, 0xd0, 0x29, 0x72, 0x98, 0xff, 0xd9, 0xd3,
610	0x5d, 0xe5, 0xa4, 0x7f, 0xb4, 0xbd, 0xe2, 0x4b
611	);
612	DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Kc,
613	0xd1, 0x55, 0x77, 0x5a, 0x20, 0x9d, 0x05, 0xf0,
614	0x2b, 0x38, 0xd4, 0x2a, 0x38, 0x9e, 0x5a, 0x56
615	);
616	DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ke,
617	0x64, 0xdf, 0x83, 0xf8, 0x5a, 0x53, 0x2f, 0x17,
618	0x57, 0x7d, 0x8c, 0x37, 0x03, 0x57, 0x96, 0xab
619	);
620	DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ki,
621	0x3e, 0x4f, 0xbd, 0xf3, 0x0f, 0xb8, 0x25, 0x9c,
622	0x42, 0x5c, 0xb6, 0xc9, 0x6f, 0x1f, 0x46, 0x35
623	);
624
625	DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_basekey,
626	0xb9, 0xd6, 0x82, 0x8b, 0x20, 0x56, 0xb7, 0xbe,
627	0x65, 0x6d, 0x88, 0xa1, 0x23, 0xb1, 0xfa, 0xc6,
628	0x82, 0x14, 0xac, 0x2b, 0x72, 0x7e, 0xcf, 0x5f,
629	0x69, 0xaf, 0xe0, 0xc4, 0xdf, 0x2a, 0x6d, 0x2c
630	);
631	DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Kc,
632	0xe4, 0x67, 0xf9, 0xa9, 0x55, 0x2b, 0xc7, 0xd3,
633	0x15, 0x5a, 0x62, 0x20, 0xaf, 0x9c, 0x19, 0x22,
634	0x0e, 0xee, 0xd4, 0xff, 0x78, 0xb0, 0xd1, 0xe6,
635	0xa1, 0x54, 0x49, 0x91, 0x46, 0x1a, 0x9e, 0x50
636	);
637	DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ke,
638	0x41, 0x2a, 0xef, 0xc3, 0x62, 0xa7, 0x28, 0x5f,
639	0xc3, 0x96, 0x6c, 0x6a, 0x51, 0x81, 0xe7, 0x60,
640	0x5a, 0xe6, 0x75, 0x23, 0x5b, 0x6d, 0x54, 0x9f,
641	0xbf, 0xc9, 0xab, 0x66, 0x30, 0xa4, 0xc6, 0x04
642	);
643	DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ki,
644	0xfa, 0x62, 0x4f, 0xa0, 0xe5, 0x23, 0x99, 0x3f,
645	0xa3, 0x88, 0xae, 0xfd, 0xc6, 0x7e, 0x67, 0xeb,
646	0xcd, 0x8c, 0x08, 0xe8, 0xa0, 0x24, 0x6b, 0x1d,
647	0x73, 0xb0, 0xd1, 0xdd, 0x9f, 0xc5, 0x82, 0xb0
648	);
649
650	DEFINE_HEX_XDR_NETOBJ(usage_checksum,
651	0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_CHECKSUM
652	);
653	DEFINE_HEX_XDR_NETOBJ(usage_encryption,
654	0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_ENCRYPTION
655	);
656	DEFINE_HEX_XDR_NETOBJ(usage_integrity,
657	0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_INTEGRITY
658	);
659
660	static const struct gss_krb5_test_param rfc6803_kdf_test_params[] = {
661	{
662	.desc = "Derive Kc subkey for camellia128-cts-cmac",
663	.enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
664	.base_key = &camellia128_cts_cmac_basekey,
665	.usage = &usage_checksum,
666	.expected_result = &camellia128_cts_cmac_Kc,
667	},
668	{
669	.desc = "Derive Ke subkey for camellia128-cts-cmac",
670	.enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
671	.base_key = &camellia128_cts_cmac_basekey,
672	.usage = &usage_encryption,
673	.expected_result = &camellia128_cts_cmac_Ke,
674	},
675	{
676	.desc = "Derive Ki subkey for camellia128-cts-cmac",
677	.enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
678	.base_key = &camellia128_cts_cmac_basekey,
679	.usage = &usage_integrity,
680	.expected_result = &camellia128_cts_cmac_Ki,
681	},
682	{
683	.desc = "Derive Kc subkey for camellia256-cts-cmac",
684	.enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
685	.base_key = &camellia256_cts_cmac_basekey,
686	.usage = &usage_checksum,
687	.expected_result = &camellia256_cts_cmac_Kc,
688	},
689	{
690	.desc = "Derive Ke subkey for camellia256-cts-cmac",
691	.enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
692	.base_key = &camellia256_cts_cmac_basekey,
693	.usage = &usage_encryption,
694	.expected_result = &camellia256_cts_cmac_Ke,
695	},
696	{
697	.desc = "Derive Ki subkey for camellia256-cts-cmac",
698	.enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
699	.base_key = &camellia256_cts_cmac_basekey,
700	.usage = &usage_integrity,
701	.expected_result = &camellia256_cts_cmac_Ki,
702	},
703	};
704
705	/* Creates the function rfc6803_kdf_gen_params */
706	KUNIT_ARRAY_PARAM(rfc6803_kdf, rfc6803_kdf_test_params, gss_krb5_get_desc);
707
708	/*
709	* From RFC 6803 Section 10. Test vectors
710	*
711	* Sample checksums.
712	*
713	* Copyright (c) 2012 IETF Trust and the persons identified as the
714	* document authors. All rights reserved.
715	*
716	* XXX: These tests are likely to fail on EBCDIC or Unicode platforms.
717	*/
718	DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test1_plaintext,
719	"abcdefghijk");
720	DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_basekey,
721	0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93,
722	0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3
723	);
724	DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_usage,
725	0x00, 0x00, 0x00, 0x07, KEY_USAGE_SEED_CHECKSUM
726	);
727	DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_expected_result,
728	0x11, 0x78, 0xe6, 0xc5, 0xc4, 0x7a, 0x8c, 0x1a,
729	0xe0, 0xc4, 0xb9, 0xc7, 0xd4, 0xeb, 0x7b, 0x6b
730	);
731
732	DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test2_plaintext,
733	"ABCDEFGHIJKLMNOPQRSTUVWXYZ");
734	DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_basekey,
735	0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d,
736	0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c
737	);
738	DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_usage,
739	0x00, 0x00, 0x00, 0x08, KEY_USAGE_SEED_CHECKSUM
740	);
741	DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_expected_result,
742	0xd1, 0xb3, 0x4f, 0x70, 0x04, 0xa7, 0x31, 0xf2,
743	0x3a, 0x0c, 0x00, 0xbf, 0x6c, 0x3f, 0x75, 0x3a
744	);
745
746	DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test3_plaintext,
747	"123456789");
748	DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_basekey,
749	0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57,
750	0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03,
751	0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd,
752	0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b
753	);
754	DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_usage,
755	0x00, 0x00, 0x00, 0x09, KEY_USAGE_SEED_CHECKSUM
756	);
757	DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_expected_result,
758	0x87, 0xa1, 0x2c, 0xfd, 0x2b, 0x96, 0x21, 0x48,
759	0x10, 0xf0, 0x1c, 0x82, 0x6e, 0x77, 0x44, 0xb1
760	);
761
762	DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test4_plaintext,
763	"!@#$%^&*()!@#$%^&*()!@#$%^&*()");
764	DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_basekey,
765	0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15,
766	0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe,
767	0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33,
768	0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05
769	);
770	DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_usage,
771	0x00, 0x00, 0x00, 0x0a, KEY_USAGE_SEED_CHECKSUM
772	);
773	DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_expected_result,
774	0x3f, 0xa0, 0xb4, 0x23, 0x55, 0xe5, 0x2b, 0x18,
775	0x91, 0x87, 0x29, 0x4a, 0xa2, 0x52, 0xab, 0x64
776	);
777
778	static const struct gss_krb5_test_param rfc6803_checksum_test_params[] = {
779	{
780	.desc = "camellia128-cts-cmac checksum test 1",
781	.enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
782	.base_key = &rfc6803_checksum_test1_basekey,
783	.usage = &rfc6803_checksum_test1_usage,
784	.plaintext = &rfc6803_checksum_test1_plaintext,
785	.expected_result = &rfc6803_checksum_test1_expected_result,
786	},
787	{
788	.desc = "camellia128-cts-cmac checksum test 2",
789	.enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
790	.base_key = &rfc6803_checksum_test2_basekey,
791	.usage = &rfc6803_checksum_test2_usage,
792	.plaintext = &rfc6803_checksum_test2_plaintext,
793	.expected_result = &rfc6803_checksum_test2_expected_result,
794	},
795	{
796	.desc = "camellia256-cts-cmac checksum test 3",
797	.enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
798	.base_key = &rfc6803_checksum_test3_basekey,
799	.usage = &rfc6803_checksum_test3_usage,
800	.plaintext = &rfc6803_checksum_test3_plaintext,
801	.expected_result = &rfc6803_checksum_test3_expected_result,
802	},
803	{
804	.desc = "camellia256-cts-cmac checksum test 4",
805	.enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
806	.base_key = &rfc6803_checksum_test4_basekey,
807	.usage = &rfc6803_checksum_test4_usage,
808	.plaintext = &rfc6803_checksum_test4_plaintext,
809	.expected_result = &rfc6803_checksum_test4_expected_result,
810	},
811	};
812
813	/* Creates the function rfc6803_checksum_gen_params */
814	KUNIT_ARRAY_PARAM(rfc6803_checksum, rfc6803_checksum_test_params,
815	gss_krb5_get_desc);
816
817	/*
818	* From RFC 6803 Section 10. Test vectors
819	*
820	* Sample encryptions (all using the default cipher state)
821	*
822	* Copyright (c) 2012 IETF Trust and the persons identified as the
823	* document authors. All rights reserved.
824	*
825	* Key usage values are from errata 4326 against RFC 6803.
826	*/
827
828	static const struct xdr_netobj rfc6803_enc_empty_plaintext = {
829	.len = 0,
830	};
831
832	DEFINE_STR_XDR_NETOBJ(rfc6803_enc_1byte_plaintext, "1");
833	DEFINE_STR_XDR_NETOBJ(rfc6803_enc_9byte_plaintext, "9 bytesss");
834	DEFINE_STR_XDR_NETOBJ(rfc6803_enc_13byte_plaintext, "13 bytes byte");
835	DEFINE_STR_XDR_NETOBJ(rfc6803_enc_30byte_plaintext,
836	"30 bytes bytes bytes bytes byt"
837	);
838
839	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_confounder,
840	0xb6, 0x98, 0x22, 0xa1, 0x9a, 0x6b, 0x09, 0xc0,
841	0xeb, 0xc8, 0x55, 0x7d, 0x1f, 0x1b, 0x6c, 0x0a
842	);
843	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_basekey,
844	0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93,
845	0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3
846	);
847	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_expected_result,
848	0xc4, 0x66, 0xf1, 0x87, 0x10, 0x69, 0x92, 0x1e,
849	0xdb, 0x7c, 0x6f, 0xde, 0x24, 0x4a, 0x52, 0xdb,
850	0x0b, 0xa1, 0x0e, 0xdc, 0x19, 0x7b, 0xdb, 0x80,
851	0x06, 0x65, 0x8c, 0xa3, 0xcc, 0xce, 0x6e, 0xb8
852	);
853
854	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_confounder,
855	0x6f, 0x2f, 0xc3, 0xc2, 0xa1, 0x66, 0xfd, 0x88,
856	0x98, 0x96, 0x7a, 0x83, 0xde, 0x95, 0x96, 0xd9
857	);
858	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_basekey,
859	0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d,
860	0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c
861	);
862	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_expected_result,
863	0x84, 0x2d, 0x21, 0xfd, 0x95, 0x03, 0x11, 0xc0,
864	0xdd, 0x46, 0x4a, 0x3f, 0x4b, 0xe8, 0xd6, 0xda,
865	0x88, 0xa5, 0x6d, 0x55, 0x9c, 0x9b, 0x47, 0xd3,
866	0xf9, 0xa8, 0x50, 0x67, 0xaf, 0x66, 0x15, 0x59,
867	0xb8
868	);
869
870	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_confounder,
871	0xa5, 0xb4, 0xa7, 0x1e, 0x07, 0x7a, 0xee, 0xf9,
872	0x3c, 0x87, 0x63, 0xc1, 0x8f, 0xdb, 0x1f, 0x10
873	);
874	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_basekey,
875	0xa1, 0xbb, 0x61, 0xe8, 0x05, 0xf9, 0xba, 0x6d,
876	0xde, 0x8f, 0xdb, 0xdd, 0xc0, 0x5c, 0xde, 0xa0
877	);
878	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_expected_result,
879	0x61, 0x9f, 0xf0, 0x72, 0xe3, 0x62, 0x86, 0xff,
880	0x0a, 0x28, 0xde, 0xb3, 0xa3, 0x52, 0xec, 0x0d,
881	0x0e, 0xdf, 0x5c, 0x51, 0x60, 0xd6, 0x63, 0xc9,
882	0x01, 0x75, 0x8c, 0xcf, 0x9d, 0x1e, 0xd3, 0x3d,
883	0x71, 0xdb, 0x8f, 0x23, 0xaa, 0xbf, 0x83, 0x48,
884	0xa0
885	);
886
887	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_confounder,
888	0x19, 0xfe, 0xe4, 0x0d, 0x81, 0x0c, 0x52, 0x4b,
889	0x5b, 0x22, 0xf0, 0x18, 0x74, 0xc6, 0x93, 0xda
890	);
891	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_basekey,
892	0x2c, 0xa2, 0x7a, 0x5f, 0xaf, 0x55, 0x32, 0x24,
893	0x45, 0x06, 0x43, 0x4e, 0x1c, 0xef, 0x66, 0x76
894	);
895	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_expected_result,
896	0xb8, 0xec, 0xa3, 0x16, 0x7a, 0xe6, 0x31, 0x55,
897	0x12, 0xe5, 0x9f, 0x98, 0xa7, 0xc5, 0x00, 0x20,
898	0x5e, 0x5f, 0x63, 0xff, 0x3b, 0xb3, 0x89, 0xaf,
899	0x1c, 0x41, 0xa2, 0x1d, 0x64, 0x0d, 0x86, 0x15,
900	0xc9, 0xed, 0x3f, 0xbe, 0xb0, 0x5a, 0xb6, 0xac,
901	0xb6, 0x76, 0x89, 0xb5, 0xea
902	);
903
904	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_confounder,
905	0xca, 0x7a, 0x7a, 0xb4, 0xbe, 0x19, 0x2d, 0xab,
906	0xd6, 0x03, 0x50, 0x6d, 0xb1, 0x9c, 0x39, 0xe2
907	);
908	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_basekey,
909	0x78, 0x24, 0xf8, 0xc1, 0x6f, 0x83, 0xff, 0x35,
910	0x4c, 0x6b, 0xf7, 0x51, 0x5b, 0x97, 0x3f, 0x43
911	);
912	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_expected_result,
913	0xa2, 0x6a, 0x39, 0x05, 0xa4, 0xff, 0xd5, 0x81,
914	0x6b, 0x7b, 0x1e, 0x27, 0x38, 0x0d, 0x08, 0x09,
915	0x0c, 0x8e, 0xc1, 0xf3, 0x04, 0x49, 0x6e, 0x1a,
916	0xbd, 0xcd, 0x2b, 0xdc, 0xd1, 0xdf, 0xfc, 0x66,
917	0x09, 0x89, 0xe1, 0x17, 0xa7, 0x13, 0xdd, 0xbb,
918	0x57, 0xa4, 0x14, 0x6c, 0x15, 0x87, 0xcb, 0xa4,
919	0x35, 0x66, 0x65, 0x59, 0x1d, 0x22, 0x40, 0x28,
920	0x2f, 0x58, 0x42, 0xb1, 0x05, 0xa5
921	);
922
923	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_confounder,
924	0x3c, 0xbb, 0xd2, 0xb4, 0x59, 0x17, 0x94, 0x10,
925	0x67, 0xf9, 0x65, 0x99, 0xbb, 0x98, 0x92, 0x6c
926	);
927	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_basekey,
928	0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57,
929	0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03,
930	0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd,
931	0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b
932	);
933	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_expected_result,
934	0x03, 0x88, 0x6d, 0x03, 0x31, 0x0b, 0x47, 0xa6,
935	0xd8, 0xf0, 0x6d, 0x7b, 0x94, 0xd1, 0xdd, 0x83,
936	0x7e, 0xcc, 0xe3, 0x15, 0xef, 0x65, 0x2a, 0xff,
937	0x62, 0x08, 0x59, 0xd9, 0x4a, 0x25, 0x92, 0x66
938	);
939
940	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_confounder,
941	0xde, 0xf4, 0x87, 0xfc, 0xeb, 0xe6, 0xde, 0x63,
942	0x46, 0xd4, 0xda, 0x45, 0x21, 0xbb, 0xa2, 0xd2
943	);
944	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_basekey,
945	0x1b, 0x97, 0xfe, 0x0a, 0x19, 0x0e, 0x20, 0x21,
946	0xeb, 0x30, 0x75, 0x3e, 0x1b, 0x6e, 0x1e, 0x77,
947	0xb0, 0x75, 0x4b, 0x1d, 0x68, 0x46, 0x10, 0x35,
948	0x58, 0x64, 0x10, 0x49, 0x63, 0x46, 0x38, 0x33
949	);
950	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_expected_result,
951	0x2c, 0x9c, 0x15, 0x70, 0x13, 0x3c, 0x99, 0xbf,
952	0x6a, 0x34, 0xbc, 0x1b, 0x02, 0x12, 0x00, 0x2f,
953	0xd1, 0x94, 0x33, 0x87, 0x49, 0xdb, 0x41, 0x35,
954	0x49, 0x7a, 0x34, 0x7c, 0xfc, 0xd9, 0xd1, 0x8a,
955	0x12
956	);
957
958	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_confounder,
959	0xad, 0x4f, 0xf9, 0x04, 0xd3, 0x4e, 0x55, 0x53,
960	0x84, 0xb1, 0x41, 0x00, 0xfc, 0x46, 0x5f, 0x88
961	);
962	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_basekey,
963	0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15,
964	0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe,
965	0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33,
966	0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05
967	);
968	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_expected_result,
969	0x9c, 0x6d, 0xe7, 0x5f, 0x81, 0x2d, 0xe7, 0xed,
970	0x0d, 0x28, 0xb2, 0x96, 0x35, 0x57, 0xa1, 0x15,
971	0x64, 0x09, 0x98, 0x27, 0x5b, 0x0a, 0xf5, 0x15,
972	0x27, 0x09, 0x91, 0x3f, 0xf5, 0x2a, 0x2a, 0x9c,
973	0x8e, 0x63, 0xb8, 0x72, 0xf9, 0x2e, 0x64, 0xc8,
974	0x39
975	);
976
977	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_confounder,
978	0xcf, 0x9b, 0xca, 0x6d, 0xf1, 0x14, 0x4e, 0x0c,
979	0x0a, 0xf9, 0xb8, 0xf3, 0x4c, 0x90, 0xd5, 0x14
980	);
981	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_basekey,
982	0xb0, 0x38, 0xb1, 0x32, 0xcd, 0x8e, 0x06, 0x61,
983	0x22, 0x67, 0xfa, 0xb7, 0x17, 0x00, 0x66, 0xd8,
984	0x8a, 0xec, 0xcb, 0xa0, 0xb7, 0x44, 0xbf, 0xc6,
985	0x0d, 0xc8, 0x9b, 0xca, 0x18, 0x2d, 0x07, 0x15
986	);
987	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_expected_result,
988	0xee, 0xec, 0x85, 0xa9, 0x81, 0x3c, 0xdc, 0x53,
989	0x67, 0x72, 0xab, 0x9b, 0x42, 0xde, 0xfc, 0x57,
990	0x06, 0xf7, 0x26, 0xe9, 0x75, 0xdd, 0xe0, 0x5a,
991	0x87, 0xeb, 0x54, 0x06, 0xea, 0x32, 0x4c, 0xa1,
992	0x85, 0xc9, 0x98, 0x6b, 0x42, 0xaa, 0xbe, 0x79,
993	0x4b, 0x84, 0x82, 0x1b, 0xee
994	);
995
996	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_confounder,
997	0x64, 0x4d, 0xef, 0x38, 0xda, 0x35, 0x00, 0x72,
998	0x75, 0x87, 0x8d, 0x21, 0x68, 0x55, 0xe2, 0x28
999	);
1000	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_basekey,
1001	0xcc, 0xfc, 0xd3, 0x49, 0xbf, 0x4c, 0x66, 0x77,
1002	0xe8, 0x6e, 0x4b, 0x02, 0xb8, 0xea, 0xb9, 0x24,
1003	0xa5, 0x46, 0xac, 0x73, 0x1c, 0xf9, 0xbf, 0x69,
1004	0x89, 0xb9, 0x96, 0xe7, 0xd6, 0xbf, 0xbb, 0xa7
1005	);
1006	DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_expected_result,
1007	0x0e, 0x44, 0x68, 0x09, 0x85, 0x85, 0x5f, 0x2d,
1008	0x1f, 0x18, 0x12, 0x52, 0x9c, 0xa8, 0x3b, 0xfd,
1009	0x8e, 0x34, 0x9d, 0xe6, 0xfd, 0x9a, 0xda, 0x0b,
1010	0xaa, 0xa0, 0x48, 0xd6, 0x8e, 0x26, 0x5f, 0xeb,
1011	0xf3, 0x4a, 0xd1, 0x25, 0x5a, 0x34, 0x49, 0x99,
1012	0xad, 0x37, 0x14, 0x68, 0x87, 0xa6, 0xc6, 0x84,
1013	0x57, 0x31, 0xac, 0x7f, 0x46, 0x37, 0x6a, 0x05,
1014	0x04, 0xcd, 0x06, 0x57, 0x14, 0x74
1015	);
1016
1017	static const struct gss_krb5_test_param rfc6803_encrypt_test_params[] = {
1018	{
1019	.desc = "Encrypt empty plaintext with camellia128-cts-cmac",
1020	.enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1021	.constant = 0,
1022	.base_key = &rfc6803_enc_test1_basekey,
1023	.plaintext = &rfc6803_enc_empty_plaintext,
1024	.confounder = &rfc6803_enc_test1_confounder,
1025	.expected_result = &rfc6803_enc_test1_expected_result,
1026	},
1027	{
1028	.desc = "Encrypt 1 byte with camellia128-cts-cmac",
1029	.enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1030	.constant = 1,
1031	.base_key = &rfc6803_enc_test2_basekey,
1032	.plaintext = &rfc6803_enc_1byte_plaintext,
1033	.confounder = &rfc6803_enc_test2_confounder,
1034	.expected_result = &rfc6803_enc_test2_expected_result,
1035	},
1036	{
1037	.desc = "Encrypt 9 bytes with camellia128-cts-cmac",
1038	.enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1039	.constant = 2,
1040	.base_key = &rfc6803_enc_test3_basekey,
1041	.plaintext = &rfc6803_enc_9byte_plaintext,
1042	.confounder = &rfc6803_enc_test3_confounder,
1043	.expected_result = &rfc6803_enc_test3_expected_result,
1044	},
1045	{
1046	.desc = "Encrypt 13 bytes with camellia128-cts-cmac",
1047	.enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1048	.constant = 3,
1049	.base_key = &rfc6803_enc_test4_basekey,
1050	.plaintext = &rfc6803_enc_13byte_plaintext,
1051	.confounder = &rfc6803_enc_test4_confounder,
1052	.expected_result = &rfc6803_enc_test4_expected_result,
1053	},
1054	{
1055	.desc = "Encrypt 30 bytes with camellia128-cts-cmac",
1056	.enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1057	.constant = 4,
1058	.base_key = &rfc6803_enc_test5_basekey,
1059	.plaintext = &rfc6803_enc_30byte_plaintext,
1060	.confounder = &rfc6803_enc_test5_confounder,
1061	.expected_result = &rfc6803_enc_test5_expected_result,
1062	},
1063	{
1064	.desc = "Encrypt empty plaintext with camellia256-cts-cmac",
1065	.enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1066	.constant = 0,
1067	.base_key = &rfc6803_enc_test6_basekey,
1068	.plaintext = &rfc6803_enc_empty_plaintext,
1069	.confounder = &rfc6803_enc_test6_confounder,
1070	.expected_result = &rfc6803_enc_test6_expected_result,
1071	},
1072	{
1073	.desc = "Encrypt 1 byte with camellia256-cts-cmac",
1074	.enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1075	.constant = 1,
1076	.base_key = &rfc6803_enc_test7_basekey,
1077	.plaintext = &rfc6803_enc_1byte_plaintext,
1078	.confounder = &rfc6803_enc_test7_confounder,
1079	.expected_result = &rfc6803_enc_test7_expected_result,
1080	},
1081	{
1082	.desc = "Encrypt 9 bytes with camellia256-cts-cmac",
1083	.enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1084	.constant = 2,
1085	.base_key = &rfc6803_enc_test8_basekey,
1086	.plaintext = &rfc6803_enc_9byte_plaintext,
1087	.confounder = &rfc6803_enc_test8_confounder,
1088	.expected_result = &rfc6803_enc_test8_expected_result,
1089	},
1090	{
1091	.desc = "Encrypt 13 bytes with camellia256-cts-cmac",
1092	.enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1093	.constant = 3,
1094	.base_key = &rfc6803_enc_test9_basekey,
1095	.plaintext = &rfc6803_enc_13byte_plaintext,
1096	.confounder = &rfc6803_enc_test9_confounder,
1097	.expected_result = &rfc6803_enc_test9_expected_result,
1098	},
1099	{
1100	.desc = "Encrypt 30 bytes with camellia256-cts-cmac",
1101	.enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1102	.constant = 4,
1103	.base_key = &rfc6803_enc_test10_basekey,
1104	.plaintext = &rfc6803_enc_30byte_plaintext,
1105	.confounder = &rfc6803_enc_test10_confounder,
1106	.expected_result = &rfc6803_enc_test10_expected_result,
1107	},
1108	};
1109
1110	/* Creates the function rfc6803_encrypt_gen_params */
1111	KUNIT_ARRAY_PARAM(rfc6803_encrypt, rfc6803_encrypt_test_params,
1112	gss_krb5_get_desc);
1113
1114	static void rfc6803_encrypt_case(struct kunit *test)
1115	{
1116	const struct gss_krb5_test_param *param = test->param_value;
1117	struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
1118	const struct gss_krb5_enctype *gk5e;
1119	struct xdr_netobj Ke, Ki, checksum;
1120	u8 usage_data[GSS_KRB5_K5CLENGTH];
1121	struct xdr_netobj usage = {
1122	.data = usage_data,
1123	.len = sizeof(usage_data),
1124	};
1125	struct crypto_ahash *ahash_tfm;
1126	unsigned int blocksize;
1127	struct xdr_buf buf;
1128	void *text;
1129	size_t len;
1130	u32 err;
1131
1132	/* Arrange */
1133	gk5e = gss_krb5_lookup_enctype(etype: param->enctype);
1134	if (!gk5e)
1135	kunit_skip(test, "Encryption type is not available");
1136
1137	memset(usage_data, 0, sizeof(usage_data));
1138	usage.data[3] = param->constant;
1139
1140	Ke.len = gk5e->Ke_length;
1141	Ke.data = kunit_kzalloc(test, size: Ke.len, GFP_KERNEL);
1142	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data);
1143	usage.data[4] = KEY_USAGE_SEED_ENCRYPTION;
1144	err = gk5e->derive_key(gk5e, param->base_key, &Ke, &usage, GFP_KERNEL);
1145	KUNIT_ASSERT_EQ(test, err, 0);
1146
1147	cbc_tfm = crypto_alloc_sync_skcipher(alg_name: gk5e->aux_cipher, type: 0, mask: 0);
1148	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
1149	err = crypto_sync_skcipher_setkey(tfm: cbc_tfm, key: Ke.data, keylen: Ke.len);
1150	KUNIT_ASSERT_EQ(test, err, 0);
1151
1152	cts_tfm = crypto_alloc_sync_skcipher(alg_name: gk5e->encrypt_name, type: 0, mask: 0);
1153	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
1154	err = crypto_sync_skcipher_setkey(tfm: cts_tfm, key: Ke.data, keylen: Ke.len);
1155	KUNIT_ASSERT_EQ(test, err, 0);
1156	blocksize = crypto_sync_skcipher_blocksize(tfm: cts_tfm);
1157
1158	len = param->confounder->len + param->plaintext->len + blocksize;
1159	text = kunit_kzalloc(test, size: len, GFP_KERNEL);
1160	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
1161	memcpy(text, param->confounder->data, param->confounder->len);
1162	memcpy(text + param->confounder->len, param->plaintext->data,
1163	param->plaintext->len);
1164
1165	memset(&buf, 0, sizeof(buf));
1166	buf.head[0].iov_base = text;
1167	buf.head[0].iov_len = param->confounder->len + param->plaintext->len;
1168	buf.len = buf.head[0].iov_len;
1169
1170	checksum.len = gk5e->cksumlength;
1171	checksum.data = kunit_kzalloc(test, size: checksum.len, GFP_KERNEL);
1172	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data);
1173
1174	Ki.len = gk5e->Ki_length;
1175	Ki.data = kunit_kzalloc(test, size: Ki.len, GFP_KERNEL);
1176	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data);
1177	usage.data[4] = KEY_USAGE_SEED_INTEGRITY;
1178	err = gk5e->derive_key(gk5e, param->base_key, &Ki,
1179	&usage, GFP_KERNEL);
1180	KUNIT_ASSERT_EQ(test, err, 0);
1181	ahash_tfm = crypto_alloc_ahash(alg_name: gk5e->cksum_name, type: 0, CRYPTO_ALG_ASYNC);
1182	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm);
1183	err = crypto_ahash_setkey(tfm: ahash_tfm, key: Ki.data, keylen: Ki.len);
1184	KUNIT_ASSERT_EQ(test, err, 0);
1185
1186	/* Act */
1187	err = gss_krb5_checksum(tfm: ahash_tfm, NULL, hdrlen: 0, body: &buf, body_offset: 0, cksumout: &checksum);
1188	KUNIT_ASSERT_EQ(test, err, 0);
1189
1190	err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, offset: 0, buf: &buf, NULL, NULL, ivsize: 0);
1191	KUNIT_ASSERT_EQ(test, err, 0);
1192
1193	/* Assert */
1194	KUNIT_EXPECT_EQ_MSG(test, param->expected_result->len,
1195	buf.len + checksum.len,
1196	"ciphertext length mismatch");
1197	KUNIT_EXPECT_EQ_MSG(test,
1198	memcmp(param->expected_result->data,
1199	buf.head[0].iov_base, buf.len), 0,
1200	"encrypted result mismatch");
1201	KUNIT_EXPECT_EQ_MSG(test,
1202	memcmp(param->expected_result->data +
1203	(param->expected_result->len - checksum.len),
1204	checksum.data, checksum.len), 0,
1205	"HMAC mismatch");
1206
1207	crypto_free_ahash(tfm: ahash_tfm);
1208	crypto_free_sync_skcipher(tfm: cts_tfm);
1209	crypto_free_sync_skcipher(tfm: cbc_tfm);
1210	}
1211
1212	static struct kunit_case rfc6803_test_cases[] = {
1213	{
1214	.name = "RFC 6803 key derivation",
1215	.run_case = kdf_case,
1216	.generate_params = rfc6803_kdf_gen_params,
1217	},
1218	{
1219	.name = "RFC 6803 checksum",
1220	.run_case = checksum_case,
1221	.generate_params = rfc6803_checksum_gen_params,
1222	},
1223	{
1224	.name = "RFC 6803 encryption",
1225	.run_case = rfc6803_encrypt_case,
1226	.generate_params = rfc6803_encrypt_gen_params,
1227	},
1228	{}
1229	};
1230
1231	static struct kunit_suite rfc6803_suite = {
1232	.name = "RFC 6803 suite",
1233	.test_cases = rfc6803_test_cases,
1234	};
1235
1236	/*
1237	* From RFC 8009 Appendix A. Test Vectors
1238	*
1239	* Sample results for SHA-2 enctype key derivation
1240	*
1241	* This test material is copyright (c) 2016 IETF Trust and the
1242	* persons identified as the document authors. All rights reserved.
1243	*/
1244
1245	DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_basekey,
1246	0x37, 0x05, 0xd9, 0x60, 0x80, 0xc1, 0x77, 0x28,
1247	0xa0, 0xe8, 0x00, 0xea, 0xb6, 0xe0, 0xd2, 0x3c
1248	);
1249	DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Kc,
1250	0xb3, 0x1a, 0x01, 0x8a, 0x48, 0xf5, 0x47, 0x76,
1251	0xf4, 0x03, 0xe9, 0xa3, 0x96, 0x32, 0x5d, 0xc3
1252	);
1253	DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ke,
1254	0x9b, 0x19, 0x7d, 0xd1, 0xe8, 0xc5, 0x60, 0x9d,
1255	0x6e, 0x67, 0xc3, 0xe3, 0x7c, 0x62, 0xc7, 0x2e
1256	);
1257	DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ki,
1258	0x9f, 0xda, 0x0e, 0x56, 0xab, 0x2d, 0x85, 0xe1,
1259	0x56, 0x9a, 0x68, 0x86, 0x96, 0xc2, 0x6a, 0x6c
1260	);
1261
1262	DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_basekey,
1263	0x6d, 0x40, 0x4d, 0x37, 0xfa, 0xf7, 0x9f, 0x9d,
1264	0xf0, 0xd3, 0x35, 0x68, 0xd3, 0x20, 0x66, 0x98,
1265	0x00, 0xeb, 0x48, 0x36, 0x47, 0x2e, 0xa8, 0xa0,
1266	0x26, 0xd1, 0x6b, 0x71, 0x82, 0x46, 0x0c, 0x52
1267	);
1268	DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Kc,
1269	0xef, 0x57, 0x18, 0xbe, 0x86, 0xcc, 0x84, 0x96,
1270	0x3d, 0x8b, 0xbb, 0x50, 0x31, 0xe9, 0xf5, 0xc4,
1271	0xba, 0x41, 0xf2, 0x8f, 0xaf, 0x69, 0xe7, 0x3d
1272	);
1273	DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ke,
1274	0x56, 0xab, 0x22, 0xbe, 0xe6, 0x3d, 0x82, 0xd7,
1275	0xbc, 0x52, 0x27, 0xf6, 0x77, 0x3f, 0x8e, 0xa7,
1276	0xa5, 0xeb, 0x1c, 0x82, 0x51, 0x60, 0xc3, 0x83,
1277	0x12, 0x98, 0x0c, 0x44, 0x2e, 0x5c, 0x7e, 0x49
1278	);
1279	DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ki,
1280	0x69, 0xb1, 0x65, 0x14, 0xe3, 0xcd, 0x8e, 0x56,
1281	0xb8, 0x20, 0x10, 0xd5, 0xc7, 0x30, 0x12, 0xb6,
1282	0x22, 0xc4, 0xd0, 0x0f, 0xfc, 0x23, 0xed, 0x1f
1283	);
1284
1285	static const struct gss_krb5_test_param rfc8009_kdf_test_params[] = {
1286	{
1287	.desc = "Derive Kc subkey for aes128-cts-hmac-sha256-128",
1288	.enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1289	.base_key = &aes128_cts_hmac_sha256_128_basekey,
1290	.usage = &usage_checksum,
1291	.expected_result = &aes128_cts_hmac_sha256_128_Kc,
1292	},
1293	{
1294	.desc = "Derive Ke subkey for aes128-cts-hmac-sha256-128",
1295	.enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1296	.base_key = &aes128_cts_hmac_sha256_128_basekey,
1297	.usage = &usage_encryption,
1298	.expected_result = &aes128_cts_hmac_sha256_128_Ke,
1299	},
1300	{
1301	.desc = "Derive Ki subkey for aes128-cts-hmac-sha256-128",
1302	.enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1303	.base_key = &aes128_cts_hmac_sha256_128_basekey,
1304	.usage = &usage_integrity,
1305	.expected_result = &aes128_cts_hmac_sha256_128_Ki,
1306	},
1307	{
1308	.desc = "Derive Kc subkey for aes256-cts-hmac-sha384-192",
1309	.enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1310	.base_key = &aes256_cts_hmac_sha384_192_basekey,
1311	.usage = &usage_checksum,
1312	.expected_result = &aes256_cts_hmac_sha384_192_Kc,
1313	},
1314	{
1315	.desc = "Derive Ke subkey for aes256-cts-hmac-sha384-192",
1316	.enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1317	.base_key = &aes256_cts_hmac_sha384_192_basekey,
1318	.usage = &usage_encryption,
1319	.expected_result = &aes256_cts_hmac_sha384_192_Ke,
1320	},
1321	{
1322	.desc = "Derive Ki subkey for aes256-cts-hmac-sha384-192",
1323	.enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1324	.base_key = &aes256_cts_hmac_sha384_192_basekey,
1325	.usage = &usage_integrity,
1326	.expected_result = &aes256_cts_hmac_sha384_192_Ki,
1327	},
1328	};
1329
1330	/* Creates the function rfc8009_kdf_gen_params */
1331	KUNIT_ARRAY_PARAM(rfc8009_kdf, rfc8009_kdf_test_params, gss_krb5_get_desc);
1332
1333	/*
1334	* From RFC 8009 Appendix A. Test Vectors
1335	*
1336	* These sample checksums use the above sample key derivation results,
1337	* including use of the same base-key and key usage values.
1338	*
1339	* This test material is copyright (c) 2016 IETF Trust and the
1340	* persons identified as the document authors. All rights reserved.
1341	*/
1342
1343	DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_plaintext,
1344	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1345	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1346	0x10, 0x11, 0x12, 0x13, 0x14
1347	);
1348	DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test1_expected_result,
1349	0xd7, 0x83, 0x67, 0x18, 0x66, 0x43, 0xd6, 0x7b,
1350	0x41, 0x1c, 0xba, 0x91, 0x39, 0xfc, 0x1d, 0xee
1351	);
1352	DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test2_expected_result,
1353	0x45, 0xee, 0x79, 0x15, 0x67, 0xee, 0xfc, 0xa3,
1354	0x7f, 0x4a, 0xc1, 0xe0, 0x22, 0x2d, 0xe8, 0x0d,
1355	0x43, 0xc3, 0xbf, 0xa0, 0x66, 0x99, 0x67, 0x2a
1356	);
1357
1358	static const struct gss_krb5_test_param rfc8009_checksum_test_params[] = {
1359	{
1360	.desc = "Checksum with aes128-cts-hmac-sha256-128",
1361	.enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1362	.base_key = &aes128_cts_hmac_sha256_128_basekey,
1363	.usage = &usage_checksum,
1364	.plaintext = &rfc8009_checksum_plaintext,
1365	.expected_result = &rfc8009_checksum_test1_expected_result,
1366	},
1367	{
1368	.desc = "Checksum with aes256-cts-hmac-sha384-192",
1369	.enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1370	.base_key = &aes256_cts_hmac_sha384_192_basekey,
1371	.usage = &usage_checksum,
1372	.plaintext = &rfc8009_checksum_plaintext,
1373	.expected_result = &rfc8009_checksum_test2_expected_result,
1374	},
1375	};
1376
1377	/* Creates the function rfc8009_checksum_gen_params */
1378	KUNIT_ARRAY_PARAM(rfc8009_checksum, rfc8009_checksum_test_params,
1379	gss_krb5_get_desc);
1380
1381	/*
1382	* From RFC 8009 Appendix A. Test Vectors
1383	*
1384	* Sample encryptions (all using the default cipher state):
1385	* --------------------------------------------------------
1386	*
1387	* These sample encryptions use the above sample key derivation results,
1388	* including use of the same base-key and key usage values.
1389	*
1390	* This test material is copyright (c) 2016 IETF Trust and the
1391	* persons identified as the document authors. All rights reserved.
1392	*/
1393
1394	static const struct xdr_netobj rfc8009_enc_empty_plaintext = {
1395	.len = 0,
1396	};
1397	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_short_plaintext,
1398	0x00, 0x01, 0x02, 0x03, 0x04, 0x05
1399	);
1400	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_block_plaintext,
1401	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1402	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
1403	);
1404	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_long_plaintext,
1405	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1406	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1407	0x10, 0x11, 0x12, 0x13, 0x14
1408	);
1409
1410	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_confounder,
1411	0x7e, 0x58, 0x95, 0xea, 0xf2, 0x67, 0x24, 0x35,
1412	0xba, 0xd8, 0x17, 0xf5, 0x45, 0xa3, 0x71, 0x48
1413	);
1414	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_result,
1415	0xef, 0x85, 0xfb, 0x89, 0x0b, 0xb8, 0x47, 0x2f,
1416	0x4d, 0xab, 0x20, 0x39, 0x4d, 0xca, 0x78, 0x1d
1417	);
1418	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_hmac,
1419	0xad, 0x87, 0x7e, 0xda, 0x39, 0xd5, 0x0c, 0x87,
1420	0x0c, 0x0d, 0x5a, 0x0a, 0x8e, 0x48, 0xc7, 0x18
1421	);
1422
1423	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_confounder,
1424	0x7b, 0xca, 0x28, 0x5e, 0x2f, 0xd4, 0x13, 0x0f,
1425	0xb5, 0x5b, 0x1a, 0x5c, 0x83, 0xbc, 0x5b, 0x24
1426	);
1427	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_result,
1428	0x84, 0xd7, 0xf3, 0x07, 0x54, 0xed, 0x98, 0x7b,
1429	0xab, 0x0b, 0xf3, 0x50, 0x6b, 0xeb, 0x09, 0xcf,
1430	0xb5, 0x54, 0x02, 0xce, 0xf7, 0xe6
1431	);
1432	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_hmac,
1433	0x87, 0x7c, 0xe9, 0x9e, 0x24, 0x7e, 0x52, 0xd1,
1434	0x6e, 0xd4, 0x42, 0x1d, 0xfd, 0xf8, 0x97, 0x6c
1435	);
1436
1437	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_confounder,
1438	0x56, 0xab, 0x21, 0x71, 0x3f, 0xf6, 0x2c, 0x0a,
1439	0x14, 0x57, 0x20, 0x0f, 0x6f, 0xa9, 0x94, 0x8f
1440	);
1441	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_result,
1442	0x35, 0x17, 0xd6, 0x40, 0xf5, 0x0d, 0xdc, 0x8a,
1443	0xd3, 0x62, 0x87, 0x22, 0xb3, 0x56, 0x9d, 0x2a,
1444	0xe0, 0x74, 0x93, 0xfa, 0x82, 0x63, 0x25, 0x40,
1445	0x80, 0xea, 0x65, 0xc1, 0x00, 0x8e, 0x8f, 0xc2
1446	);
1447	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_hmac,
1448	0x95, 0xfb, 0x48, 0x52, 0xe7, 0xd8, 0x3e, 0x1e,
1449	0x7c, 0x48, 0xc3, 0x7e, 0xeb, 0xe6, 0xb0, 0xd3
1450	);
1451
1452	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_confounder,
1453	0xa7, 0xa4, 0xe2, 0x9a, 0x47, 0x28, 0xce, 0x10,
1454	0x66, 0x4f, 0xb6, 0x4e, 0x49, 0xad, 0x3f, 0xac
1455	);
1456	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_result,
1457	0x72, 0x0f, 0x73, 0xb1, 0x8d, 0x98, 0x59, 0xcd,
1458	0x6c, 0xcb, 0x43, 0x46, 0x11, 0x5c, 0xd3, 0x36,
1459	0xc7, 0x0f, 0x58, 0xed, 0xc0, 0xc4, 0x43, 0x7c,
1460	0x55, 0x73, 0x54, 0x4c, 0x31, 0xc8, 0x13, 0xbc,
1461	0xe1, 0xe6, 0xd0, 0x72, 0xc1
1462	);
1463	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_hmac,
1464	0x86, 0xb3, 0x9a, 0x41, 0x3c, 0x2f, 0x92, 0xca,
1465	0x9b, 0x83, 0x34, 0xa2, 0x87, 0xff, 0xcb, 0xfc
1466	);
1467
1468	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_confounder,
1469	0xf7, 0x64, 0xe9, 0xfa, 0x15, 0xc2, 0x76, 0x47,
1470	0x8b, 0x2c, 0x7d, 0x0c, 0x4e, 0x5f, 0x58, 0xe4
1471	);
1472	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_result,
1473	0x41, 0xf5, 0x3f, 0xa5, 0xbf, 0xe7, 0x02, 0x6d,
1474	0x91, 0xfa, 0xf9, 0xbe, 0x95, 0x91, 0x95, 0xa0
1475	);
1476	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_hmac,
1477	0x58, 0x70, 0x72, 0x73, 0xa9, 0x6a, 0x40, 0xf0,
1478	0xa0, 0x19, 0x60, 0x62, 0x1a, 0xc6, 0x12, 0x74,
1479	0x8b, 0x9b, 0xbf, 0xbe, 0x7e, 0xb4, 0xce, 0x3c
1480	);
1481
1482	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_confounder,
1483	0xb8, 0x0d, 0x32, 0x51, 0xc1, 0xf6, 0x47, 0x14,
1484	0x94, 0x25, 0x6f, 0xfe, 0x71, 0x2d, 0x0b, 0x9a
1485	);
1486	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_result,
1487	0x4e, 0xd7, 0xb3, 0x7c, 0x2b, 0xca, 0xc8, 0xf7,
1488	0x4f, 0x23, 0xc1, 0xcf, 0x07, 0xe6, 0x2b, 0xc7,
1489	0xb7, 0x5f, 0xb3, 0xf6, 0x37, 0xb9
1490	);
1491	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_hmac,
1492	0xf5, 0x59, 0xc7, 0xf6, 0x64, 0xf6, 0x9e, 0xab,
1493	0x7b, 0x60, 0x92, 0x23, 0x75, 0x26, 0xea, 0x0d,
1494	0x1f, 0x61, 0xcb, 0x20, 0xd6, 0x9d, 0x10, 0xf2
1495	);
1496
1497	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_confounder,
1498	0x53, 0xbf, 0x8a, 0x0d, 0x10, 0x52, 0x65, 0xd4,
1499	0xe2, 0x76, 0x42, 0x86, 0x24, 0xce, 0x5e, 0x63
1500	);
1501	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_result,
1502	0xbc, 0x47, 0xff, 0xec, 0x79, 0x98, 0xeb, 0x91,
1503	0xe8, 0x11, 0x5c, 0xf8, 0xd1, 0x9d, 0xac, 0x4b,
1504	0xbb, 0xe2, 0xe1, 0x63, 0xe8, 0x7d, 0xd3, 0x7f,
1505	0x49, 0xbe, 0xca, 0x92, 0x02, 0x77, 0x64, 0xf6
1506	);
1507	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_hmac,
1508	0x8c, 0xf5, 0x1f, 0x14, 0xd7, 0x98, 0xc2, 0x27,
1509	0x3f, 0x35, 0xdf, 0x57, 0x4d, 0x1f, 0x93, 0x2e,
1510	0x40, 0xc4, 0xff, 0x25, 0x5b, 0x36, 0xa2, 0x66
1511	);
1512
1513	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_confounder,
1514	0x76, 0x3e, 0x65, 0x36, 0x7e, 0x86, 0x4f, 0x02,
1515	0xf5, 0x51, 0x53, 0xc7, 0xe3, 0xb5, 0x8a, 0xf1
1516	);
1517	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_result,
1518	0x40, 0x01, 0x3e, 0x2d, 0xf5, 0x8e, 0x87, 0x51,
1519	0x95, 0x7d, 0x28, 0x78, 0xbc, 0xd2, 0xd6, 0xfe,
1520	0x10, 0x1c, 0xcf, 0xd5, 0x56, 0xcb, 0x1e, 0xae,
1521	0x79, 0xdb, 0x3c, 0x3e, 0xe8, 0x64, 0x29, 0xf2,
1522	0xb2, 0xa6, 0x02, 0xac, 0x86
1523	);
1524	DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_hmac,
1525	0xfe, 0xf6, 0xec, 0xb6, 0x47, 0xd6, 0x29, 0x5f,
1526	0xae, 0x07, 0x7a, 0x1f, 0xeb, 0x51, 0x75, 0x08,
1527	0xd2, 0xc1, 0x6b, 0x41, 0x92, 0xe0, 0x1f, 0x62
1528	);
1529
1530	static const struct gss_krb5_test_param rfc8009_encrypt_test_params[] = {
1531	{
1532	.desc = "Encrypt empty plaintext with aes128-cts-hmac-sha256-128",
1533	.enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1534	.plaintext = &rfc8009_enc_empty_plaintext,
1535	.confounder = &rfc8009_enc_test1_confounder,
1536	.base_key = &aes128_cts_hmac_sha256_128_basekey,
1537	.expected_result = &rfc8009_enc_test1_expected_result,
1538	.expected_hmac = &rfc8009_enc_test1_expected_hmac,
1539	},
1540	{
1541	.desc = "Encrypt short plaintext with aes128-cts-hmac-sha256-128",
1542	.enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1543	.plaintext = &rfc8009_enc_short_plaintext,
1544	.confounder = &rfc8009_enc_test2_confounder,
1545	.base_key = &aes128_cts_hmac_sha256_128_basekey,
1546	.expected_result = &rfc8009_enc_test2_expected_result,
1547	.expected_hmac = &rfc8009_enc_test2_expected_hmac,
1548	},
1549	{
1550	.desc = "Encrypt block plaintext with aes128-cts-hmac-sha256-128",
1551	.enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1552	.plaintext = &rfc8009_enc_block_plaintext,
1553	.confounder = &rfc8009_enc_test3_confounder,
1554	.base_key = &aes128_cts_hmac_sha256_128_basekey,
1555	.expected_result = &rfc8009_enc_test3_expected_result,
1556	.expected_hmac = &rfc8009_enc_test3_expected_hmac,
1557	},
1558	{
1559	.desc = "Encrypt long plaintext with aes128-cts-hmac-sha256-128",
1560	.enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1561	.plaintext = &rfc8009_enc_long_plaintext,
1562	.confounder = &rfc8009_enc_test4_confounder,
1563	.base_key = &aes128_cts_hmac_sha256_128_basekey,
1564	.expected_result = &rfc8009_enc_test4_expected_result,
1565	.expected_hmac = &rfc8009_enc_test4_expected_hmac,
1566	},
1567	{
1568	.desc = "Encrypt empty plaintext with aes256-cts-hmac-sha384-192",
1569	.enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1570	.plaintext = &rfc8009_enc_empty_plaintext,
1571	.confounder = &rfc8009_enc_test5_confounder,
1572	.base_key = &aes256_cts_hmac_sha384_192_basekey,
1573	.expected_result = &rfc8009_enc_test5_expected_result,
1574	.expected_hmac = &rfc8009_enc_test5_expected_hmac,
1575	},
1576	{
1577	.desc = "Encrypt short plaintext with aes256-cts-hmac-sha384-192",
1578	.enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1579	.plaintext = &rfc8009_enc_short_plaintext,
1580	.confounder = &rfc8009_enc_test6_confounder,
1581	.base_key = &aes256_cts_hmac_sha384_192_basekey,
1582	.expected_result = &rfc8009_enc_test6_expected_result,
1583	.expected_hmac = &rfc8009_enc_test6_expected_hmac,
1584	},
1585	{
1586	.desc = "Encrypt block plaintext with aes256-cts-hmac-sha384-192",
1587	.enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1588	.plaintext = &rfc8009_enc_block_plaintext,
1589	.confounder = &rfc8009_enc_test7_confounder,
1590	.base_key = &aes256_cts_hmac_sha384_192_basekey,
1591	.expected_result = &rfc8009_enc_test7_expected_result,
1592	.expected_hmac = &rfc8009_enc_test7_expected_hmac,
1593	},
1594	{
1595	.desc = "Encrypt long plaintext with aes256-cts-hmac-sha384-192",
1596	.enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1597	.plaintext = &rfc8009_enc_long_plaintext,
1598	.confounder = &rfc8009_enc_test8_confounder,
1599	.base_key = &aes256_cts_hmac_sha384_192_basekey,
1600	.expected_result = &rfc8009_enc_test8_expected_result,
1601	.expected_hmac = &rfc8009_enc_test8_expected_hmac,
1602	},
1603	};
1604
1605	/* Creates the function rfc8009_encrypt_gen_params */
1606	KUNIT_ARRAY_PARAM(rfc8009_encrypt, rfc8009_encrypt_test_params,
1607	gss_krb5_get_desc);
1608
1609	static void rfc8009_encrypt_case(struct kunit *test)
1610	{
1611	const struct gss_krb5_test_param *param = test->param_value;
1612	struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
1613	const struct gss_krb5_enctype *gk5e;
1614	struct xdr_netobj Ke, Ki, checksum;
1615	u8 usage_data[GSS_KRB5_K5CLENGTH];
1616	struct xdr_netobj usage = {
1617	.data = usage_data,
1618	.len = sizeof(usage_data),
1619	};
1620	struct crypto_ahash *ahash_tfm;
1621	struct xdr_buf buf;
1622	void *text;
1623	size_t len;
1624	u32 err;
1625
1626	/* Arrange */
1627	gk5e = gss_krb5_lookup_enctype(etype: param->enctype);
1628	if (!gk5e)
1629	kunit_skip(test, "Encryption type is not available");
1630
1631	*(__be32 *)usage.data = cpu_to_be32(2);
1632
1633	Ke.len = gk5e->Ke_length;
1634	Ke.data = kunit_kzalloc(test, size: Ke.len, GFP_KERNEL);
1635	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data);
1636	usage.data[4] = KEY_USAGE_SEED_ENCRYPTION;
1637	err = gk5e->derive_key(gk5e, param->base_key, &Ke,
1638	&usage, GFP_KERNEL);
1639	KUNIT_ASSERT_EQ(test, err, 0);
1640
1641	cbc_tfm = crypto_alloc_sync_skcipher(alg_name: gk5e->aux_cipher, type: 0, mask: 0);
1642	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
1643	err = crypto_sync_skcipher_setkey(tfm: cbc_tfm, key: Ke.data, keylen: Ke.len);
1644	KUNIT_ASSERT_EQ(test, err, 0);
1645
1646	cts_tfm = crypto_alloc_sync_skcipher(alg_name: gk5e->encrypt_name, type: 0, mask: 0);
1647	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
1648	err = crypto_sync_skcipher_setkey(tfm: cts_tfm, key: Ke.data, keylen: Ke.len);
1649	KUNIT_ASSERT_EQ(test, err, 0);
1650
1651	len = param->confounder->len + param->plaintext->len;
1652	text = kunit_kzalloc(test, size: len, GFP_KERNEL);
1653	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
1654	memcpy(text, param->confounder->data, param->confounder->len);
1655	memcpy(text + param->confounder->len, param->plaintext->data,
1656	param->plaintext->len);
1657
1658	memset(&buf, 0, sizeof(buf));
1659	buf.head[0].iov_base = text;
1660	buf.head[0].iov_len = param->confounder->len + param->plaintext->len;
1661	buf.len = buf.head[0].iov_len;
1662
1663	checksum.len = gk5e->cksumlength;
1664	checksum.data = kunit_kzalloc(test, size: checksum.len, GFP_KERNEL);
1665	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data);
1666
1667	Ki.len = gk5e->Ki_length;
1668	Ki.data = kunit_kzalloc(test, size: Ki.len, GFP_KERNEL);
1669	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data);
1670	usage.data[4] = KEY_USAGE_SEED_INTEGRITY;
1671	err = gk5e->derive_key(gk5e, param->base_key, &Ki,
1672	&usage, GFP_KERNEL);
1673	KUNIT_ASSERT_EQ(test, err, 0);
1674
1675	ahash_tfm = crypto_alloc_ahash(alg_name: gk5e->cksum_name, type: 0, CRYPTO_ALG_ASYNC);
1676	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm);
1677	err = crypto_ahash_setkey(tfm: ahash_tfm, key: Ki.data, keylen: Ki.len);
1678	KUNIT_ASSERT_EQ(test, err, 0);
1679
1680	/* Act */
1681	err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, offset: 0, buf: &buf, NULL, NULL, ivsize: 0);
1682	KUNIT_ASSERT_EQ(test, err, 0);
1683	err = krb5_etm_checksum(cipher: cts_tfm, tfm: ahash_tfm, body: &buf, body_offset: 0, cksumout: &checksum);
1684	KUNIT_ASSERT_EQ(test, err, 0);
1685
1686	/* Assert */
1687	KUNIT_EXPECT_EQ_MSG(test,
1688	param->expected_result->len, buf.len,
1689	"ciphertext length mismatch");
1690	KUNIT_EXPECT_EQ_MSG(test,
1691	memcmp(param->expected_result->data,
1692	buf.head[0].iov_base,
1693	param->expected_result->len), 0,
1694	"ciphertext mismatch");
1695	KUNIT_EXPECT_EQ_MSG(test, memcmp(param->expected_hmac->data,
1696	checksum.data,
1697	checksum.len), 0,
1698	"HMAC mismatch");
1699
1700	crypto_free_ahash(tfm: ahash_tfm);
1701	crypto_free_sync_skcipher(tfm: cts_tfm);
1702	crypto_free_sync_skcipher(tfm: cbc_tfm);
1703	}
1704
1705	static struct kunit_case rfc8009_test_cases[] = {
1706	{
1707	.name = "RFC 8009 key derivation",
1708	.run_case = kdf_case,
1709	.generate_params = rfc8009_kdf_gen_params,
1710	},
1711	{
1712	.name = "RFC 8009 checksum",
1713	.run_case = checksum_case,
1714	.generate_params = rfc8009_checksum_gen_params,
1715	},
1716	{
1717	.name = "RFC 8009 encryption",
1718	.run_case = rfc8009_encrypt_case,
1719	.generate_params = rfc8009_encrypt_gen_params,
1720	},
1721	{}
1722	};
1723
1724	static struct kunit_suite rfc8009_suite = {
1725	.name = "RFC 8009 suite",
1726	.test_cases = rfc8009_test_cases,
1727	};
1728
1729	/*
1730	* Encryption self-tests
1731	*/
1732
1733	DEFINE_STR_XDR_NETOBJ(encrypt_selftest_plaintext,
1734	"This is the plaintext for the encryption self-test.");
1735
1736	static const struct gss_krb5_test_param encrypt_selftest_params[] = {
1737	{
1738	.desc = "aes128-cts-hmac-sha1-96 encryption self-test",
1739	.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
1740	.Ke = &rfc3962_encryption_key,
1741	.plaintext = &encrypt_selftest_plaintext,
1742	},
1743	{
1744	.desc = "aes256-cts-hmac-sha1-96 encryption self-test",
1745	.enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96,
1746	.Ke = &rfc3962_encryption_key,
1747	.plaintext = &encrypt_selftest_plaintext,
1748	},
1749	{
1750	.desc = "camellia128-cts-cmac encryption self-test",
1751	.enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1752	.Ke = &camellia128_cts_cmac_Ke,
1753	.plaintext = &encrypt_selftest_plaintext,
1754	},
1755	{
1756	.desc = "camellia256-cts-cmac encryption self-test",
1757	.enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1758	.Ke = &camellia256_cts_cmac_Ke,
1759	.plaintext = &encrypt_selftest_plaintext,
1760	},
1761	{
1762	.desc = "aes128-cts-hmac-sha256-128 encryption self-test",
1763	.enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1764	.Ke = &aes128_cts_hmac_sha256_128_Ke,
1765	.plaintext = &encrypt_selftest_plaintext,
1766	},
1767	{
1768	.desc = "aes256-cts-hmac-sha384-192 encryption self-test",
1769	.enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1770	.Ke = &aes256_cts_hmac_sha384_192_Ke,
1771	.plaintext = &encrypt_selftest_plaintext,
1772	},
1773	};
1774
1775	/* Creates the function encrypt_selftest_gen_params */
1776	KUNIT_ARRAY_PARAM(encrypt_selftest, encrypt_selftest_params,
1777	gss_krb5_get_desc);
1778
1779	/*
1780	* Encrypt and decrypt plaintext, and ensure the input plaintext
1781	* matches the output plaintext. A confounder is not added in this
1782	* case.
1783	*/
1784	static void encrypt_selftest_case(struct kunit *test)
1785	{
1786	const struct gss_krb5_test_param *param = test->param_value;
1787	struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
1788	const struct gss_krb5_enctype *gk5e;
1789	struct xdr_buf buf;
1790	void *text;
1791	int err;
1792
1793	/* Arrange */
1794	gk5e = gss_krb5_lookup_enctype(etype: param->enctype);
1795	if (!gk5e)
1796	kunit_skip(test, "Encryption type is not available");
1797
1798	cbc_tfm = crypto_alloc_sync_skcipher(alg_name: gk5e->aux_cipher, type: 0, mask: 0);
1799	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
1800	err = crypto_sync_skcipher_setkey(tfm: cbc_tfm, key: param->Ke->data, keylen: param->Ke->len);
1801	KUNIT_ASSERT_EQ(test, err, 0);
1802
1803	cts_tfm = crypto_alloc_sync_skcipher(alg_name: gk5e->encrypt_name, type: 0, mask: 0);
1804	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
1805	err = crypto_sync_skcipher_setkey(tfm: cts_tfm, key: param->Ke->data, keylen: param->Ke->len);
1806	KUNIT_ASSERT_EQ(test, err, 0);
1807
1808	text = kunit_kzalloc(test, roundup(param->plaintext->len,
1809	crypto_sync_skcipher_blocksize(cbc_tfm)),
1810	GFP_KERNEL);
1811	KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
1812
1813	memcpy(text, param->plaintext->data, param->plaintext->len);
1814	memset(&buf, 0, sizeof(buf));
1815	buf.head[0].iov_base = text;
1816	buf.head[0].iov_len = param->plaintext->len;
1817	buf.len = buf.head[0].iov_len;
1818
1819	/* Act */
1820	err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, offset: 0, buf: &buf, NULL, NULL, ivsize: 0);
1821	KUNIT_ASSERT_EQ(test, err, 0);
1822	err = krb5_cbc_cts_decrypt(cts_tfm, cbc_tfm, offset: 0, buf: &buf);
1823	KUNIT_ASSERT_EQ(test, err, 0);
1824
1825	/* Assert */
1826	KUNIT_EXPECT_EQ_MSG(test,
1827	param->plaintext->len, buf.len,
1828	"length mismatch");
1829	KUNIT_EXPECT_EQ_MSG(test,
1830	memcmp(param->plaintext->data,
1831	buf.head[0].iov_base, buf.len), 0,
1832	"plaintext mismatch");
1833
1834	crypto_free_sync_skcipher(tfm: cts_tfm);
1835	crypto_free_sync_skcipher(tfm: cbc_tfm);
1836	}
1837
1838	static struct kunit_case encryption_test_cases[] = {
1839	{
1840	.name = "Encryption self-tests",
1841	.run_case = encrypt_selftest_case,
1842	.generate_params = encrypt_selftest_gen_params,
1843	},
1844	{}
1845	};
1846
1847	static struct kunit_suite encryption_test_suite = {
1848	.name = "Encryption test suite",
1849	.test_cases = encryption_test_cases,
1850	};
1851
1852	kunit_test_suites(&rfc3961_suite,
1853	&rfc3962_suite,
1854	&rfc6803_suite,
1855	&rfc8009_suite,
1856	&encryption_test_suite);
1857
1858	MODULE_DESCRIPTION("Test RPCSEC GSS Kerberos 5 functions");
1859	MODULE_LICENSE("GPL");
1860