1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * Copyright (c) 2022 Oracle and/or its affiliates. |
4 | * |
5 | * KUnit test of SunRPC's GSS Kerberos mechanism. Subsystem |
6 | * name is "rpcsec_gss_krb5". |
7 | */ |
8 | |
9 | #include <kunit/test.h> |
10 | #include <kunit/visibility.h> |
11 | |
12 | #include <linux/kernel.h> |
13 | #include <crypto/hash.h> |
14 | |
15 | #include <linux/sunrpc/xdr.h> |
16 | #include <linux/sunrpc/gss_krb5.h> |
17 | |
18 | #include "gss_krb5_internal.h" |
19 | |
20 | MODULE_IMPORT_NS(EXPORTED_FOR_KUNIT_TESTING); |
21 | |
22 | struct gss_krb5_test_param { |
23 | const char *desc; |
24 | u32 enctype; |
25 | u32 nfold; |
26 | u32 constant; |
27 | const struct xdr_netobj *base_key; |
28 | const struct xdr_netobj *Ke; |
29 | const struct xdr_netobj *usage; |
30 | const struct xdr_netobj *plaintext; |
31 | const struct xdr_netobj *confounder; |
32 | const struct xdr_netobj *expected_result; |
33 | const struct xdr_netobj *expected_hmac; |
34 | const struct xdr_netobj *next_iv; |
35 | }; |
36 | |
37 | static inline void gss_krb5_get_desc(const struct gss_krb5_test_param *param, |
38 | char *desc) |
39 | { |
40 | strscpy(desc, param->desc, KUNIT_PARAM_DESC_SIZE); |
41 | } |
42 | |
43 | static void kdf_case(struct kunit *test) |
44 | { |
45 | const struct gss_krb5_test_param *param = test->param_value; |
46 | const struct gss_krb5_enctype *gk5e; |
47 | struct xdr_netobj derivedkey; |
48 | int err; |
49 | |
50 | /* Arrange */ |
51 | gk5e = gss_krb5_lookup_enctype(etype: param->enctype); |
52 | if (!gk5e) |
53 | kunit_skip(test, "Encryption type is not available" ); |
54 | |
55 | derivedkey.data = kunit_kzalloc(test, size: param->expected_result->len, |
56 | GFP_KERNEL); |
57 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, derivedkey.data); |
58 | derivedkey.len = param->expected_result->len; |
59 | |
60 | /* Act */ |
61 | err = gk5e->derive_key(gk5e, param->base_key, &derivedkey, |
62 | param->usage, GFP_KERNEL); |
63 | KUNIT_ASSERT_EQ(test, err, 0); |
64 | |
65 | /* Assert */ |
66 | KUNIT_EXPECT_EQ_MSG(test, |
67 | memcmp(param->expected_result->data, |
68 | derivedkey.data, derivedkey.len), 0, |
69 | "key mismatch" ); |
70 | } |
71 | |
72 | static void checksum_case(struct kunit *test) |
73 | { |
74 | const struct gss_krb5_test_param *param = test->param_value; |
75 | struct xdr_buf buf = { |
76 | .head[0].iov_len = param->plaintext->len, |
77 | .len = param->plaintext->len, |
78 | }; |
79 | const struct gss_krb5_enctype *gk5e; |
80 | struct xdr_netobj Kc, checksum; |
81 | struct crypto_ahash *tfm; |
82 | int err; |
83 | |
84 | /* Arrange */ |
85 | gk5e = gss_krb5_lookup_enctype(etype: param->enctype); |
86 | if (!gk5e) |
87 | kunit_skip(test, "Encryption type is not available" ); |
88 | |
89 | Kc.len = gk5e->Kc_length; |
90 | Kc.data = kunit_kzalloc(test, size: Kc.len, GFP_KERNEL); |
91 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Kc.data); |
92 | err = gk5e->derive_key(gk5e, param->base_key, &Kc, |
93 | param->usage, GFP_KERNEL); |
94 | KUNIT_ASSERT_EQ(test, err, 0); |
95 | |
96 | tfm = crypto_alloc_ahash(alg_name: gk5e->cksum_name, type: 0, CRYPTO_ALG_ASYNC); |
97 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, tfm); |
98 | err = crypto_ahash_setkey(tfm, key: Kc.data, keylen: Kc.len); |
99 | KUNIT_ASSERT_EQ(test, err, 0); |
100 | |
101 | buf.head[0].iov_base = kunit_kzalloc(test, size: buf.head[0].iov_len, GFP_KERNEL); |
102 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, buf.head[0].iov_base); |
103 | memcpy(buf.head[0].iov_base, param->plaintext->data, buf.head[0].iov_len); |
104 | |
105 | checksum.len = gk5e->cksumlength; |
106 | checksum.data = kunit_kzalloc(test, size: checksum.len, GFP_KERNEL); |
107 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); |
108 | |
109 | /* Act */ |
110 | err = gss_krb5_checksum(tfm, NULL, hdrlen: 0, body: &buf, body_offset: 0, cksumout: &checksum); |
111 | KUNIT_ASSERT_EQ(test, err, 0); |
112 | |
113 | /* Assert */ |
114 | KUNIT_EXPECT_EQ_MSG(test, |
115 | memcmp(param->expected_result->data, |
116 | checksum.data, checksum.len), 0, |
117 | "checksum mismatch" ); |
118 | |
119 | crypto_free_ahash(tfm); |
120 | } |
121 | |
122 | #define DEFINE_HEX_XDR_NETOBJ(name, hex_array...) \ |
123 | static const u8 name ## _data[] = { hex_array }; \ |
124 | static const struct xdr_netobj name = { \ |
125 | .data = (u8 *)name##_data, \ |
126 | .len = sizeof(name##_data), \ |
127 | } |
128 | |
129 | #define DEFINE_STR_XDR_NETOBJ(name, string) \ |
130 | static const u8 name ## _str[] = string; \ |
131 | static const struct xdr_netobj name = { \ |
132 | .data = (u8 *)name##_str, \ |
133 | .len = sizeof(name##_str) - 1, \ |
134 | } |
135 | |
136 | /* |
137 | * RFC 3961 Appendix A.1. n-fold |
138 | * |
139 | * The n-fold function is defined in section 5.1 of RFC 3961. |
140 | * |
141 | * This test material is copyright (C) The Internet Society (2005). |
142 | */ |
143 | |
144 | DEFINE_HEX_XDR_NETOBJ(nfold_test1_plaintext, |
145 | 0x30, 0x31, 0x32, 0x33, 0x34, 0x35 |
146 | ); |
147 | DEFINE_HEX_XDR_NETOBJ(nfold_test1_expected_result, |
148 | 0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55 |
149 | ); |
150 | |
151 | DEFINE_HEX_XDR_NETOBJ(nfold_test2_plaintext, |
152 | 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 |
153 | ); |
154 | DEFINE_HEX_XDR_NETOBJ(nfold_test2_expected_result, |
155 | 0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa |
156 | ); |
157 | |
158 | DEFINE_HEX_XDR_NETOBJ(nfold_test3_plaintext, |
159 | 0x52, 0x6f, 0x75, 0x67, 0x68, 0x20, 0x43, 0x6f, |
160 | 0x6e, 0x73, 0x65, 0x6e, 0x73, 0x75, 0x73, 0x2c, |
161 | 0x20, 0x61, 0x6e, 0x64, 0x20, 0x52, 0x75, 0x6e, |
162 | 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x43, 0x6f, 0x64, |
163 | 0x65 |
164 | ); |
165 | DEFINE_HEX_XDR_NETOBJ(nfold_test3_expected_result, |
166 | 0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0 |
167 | ); |
168 | |
169 | DEFINE_HEX_XDR_NETOBJ(nfold_test4_plaintext, |
170 | 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 |
171 | ); |
172 | DEFINE_HEX_XDR_NETOBJ(nfold_test4_expected_result, |
173 | 0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3, |
174 | 0xc3, 0x7b, 0x3f, 0x6d, 0x20, 0x00, 0x24, 0x7c, |
175 | 0xb6, 0xe6, 0xbd, 0x5b, 0x3e |
176 | ); |
177 | |
178 | DEFINE_HEX_XDR_NETOBJ(nfold_test5_plaintext, |
179 | 0x4d, 0x41, 0x53, 0x53, 0x41, 0x43, 0x48, 0x56, |
180 | 0x53, 0x45, 0x54, 0x54, 0x53, 0x20, 0x49, 0x4e, |
181 | 0x53, 0x54, 0x49, 0x54, 0x56, 0x54, 0x45, 0x20, |
182 | 0x4f, 0x46, 0x20, 0x54, 0x45, 0x43, 0x48, 0x4e, |
183 | 0x4f, 0x4c, 0x4f, 0x47, 0x59 |
184 | ); |
185 | DEFINE_HEX_XDR_NETOBJ(nfold_test5_expected_result, |
186 | 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, |
187 | 0x32, 0x82, 0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22, |
188 | 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b |
189 | ); |
190 | |
191 | DEFINE_HEX_XDR_NETOBJ(nfold_test6_plaintext, |
192 | 0x51 |
193 | ); |
194 | DEFINE_HEX_XDR_NETOBJ(nfold_test6_expected_result, |
195 | 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a, |
196 | 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a, |
197 | 0x51, 0x8a, 0x54, 0xa2, 0x15 |
198 | ); |
199 | |
200 | DEFINE_HEX_XDR_NETOBJ(nfold_test7_plaintext, |
201 | 0x62, 0x61 |
202 | ); |
203 | DEFINE_HEX_XDR_NETOBJ(nfold_test7_expected_result, |
204 | 0xfb, 0x25, 0xd5, 0x31, 0xae, 0x89, 0x74, 0x49, |
205 | 0x9f, 0x52, 0xfd, 0x92, 0xea, 0x98, 0x57, 0xc4, |
206 | 0xba, 0x24, 0xcf, 0x29, 0x7e |
207 | ); |
208 | |
209 | DEFINE_HEX_XDR_NETOBJ(nfold_test_kerberos, |
210 | 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 |
211 | ); |
212 | DEFINE_HEX_XDR_NETOBJ(nfold_test8_expected_result, |
213 | 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 |
214 | ); |
215 | DEFINE_HEX_XDR_NETOBJ(nfold_test9_expected_result, |
216 | 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, |
217 | 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93 |
218 | ); |
219 | DEFINE_HEX_XDR_NETOBJ(nfold_test10_expected_result, |
220 | 0x83, 0x72, 0xc2, 0x36, 0x34, 0x4e, 0x5f, 0x15, |
221 | 0x50, 0xcd, 0x07, 0x47, 0xe1, 0x5d, 0x62, 0xca, |
222 | 0x7a, 0x5a, 0x3b, 0xce, 0xa4 |
223 | ); |
224 | DEFINE_HEX_XDR_NETOBJ(nfold_test11_expected_result, |
225 | 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, |
226 | 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93, |
227 | 0x5c, 0x9b, 0xdc, 0xda, 0xd9, 0x5c, 0x98, 0x99, |
228 | 0xc4, 0xca, 0xe4, 0xde, 0xe6, 0xd6, 0xca, 0xe4 |
229 | ); |
230 | |
231 | static const struct gss_krb5_test_param rfc3961_nfold_test_params[] = { |
232 | { |
233 | .desc = "64-fold(\"012345\")" , |
234 | .nfold = 64, |
235 | .plaintext = &nfold_test1_plaintext, |
236 | .expected_result = &nfold_test1_expected_result, |
237 | }, |
238 | { |
239 | .desc = "56-fold(\"password\")" , |
240 | .nfold = 56, |
241 | .plaintext = &nfold_test2_plaintext, |
242 | .expected_result = &nfold_test2_expected_result, |
243 | }, |
244 | { |
245 | .desc = "64-fold(\"Rough Consensus, and Running Code\")" , |
246 | .nfold = 64, |
247 | .plaintext = &nfold_test3_plaintext, |
248 | .expected_result = &nfold_test3_expected_result, |
249 | }, |
250 | { |
251 | .desc = "168-fold(\"password\")" , |
252 | .nfold = 168, |
253 | .plaintext = &nfold_test4_plaintext, |
254 | .expected_result = &nfold_test4_expected_result, |
255 | }, |
256 | { |
257 | .desc = "192-fold(\"MASSACHVSETTS INSTITVTE OF TECHNOLOGY\")" , |
258 | .nfold = 192, |
259 | .plaintext = &nfold_test5_plaintext, |
260 | .expected_result = &nfold_test5_expected_result, |
261 | }, |
262 | { |
263 | .desc = "168-fold(\"Q\")" , |
264 | .nfold = 168, |
265 | .plaintext = &nfold_test6_plaintext, |
266 | .expected_result = &nfold_test6_expected_result, |
267 | }, |
268 | { |
269 | .desc = "168-fold(\"ba\")" , |
270 | .nfold = 168, |
271 | .plaintext = &nfold_test7_plaintext, |
272 | .expected_result = &nfold_test7_expected_result, |
273 | }, |
274 | { |
275 | .desc = "64-fold(\"kerberos\")" , |
276 | .nfold = 64, |
277 | .plaintext = &nfold_test_kerberos, |
278 | .expected_result = &nfold_test8_expected_result, |
279 | }, |
280 | { |
281 | .desc = "128-fold(\"kerberos\")" , |
282 | .nfold = 128, |
283 | .plaintext = &nfold_test_kerberos, |
284 | .expected_result = &nfold_test9_expected_result, |
285 | }, |
286 | { |
287 | .desc = "168-fold(\"kerberos\")" , |
288 | .nfold = 168, |
289 | .plaintext = &nfold_test_kerberos, |
290 | .expected_result = &nfold_test10_expected_result, |
291 | }, |
292 | { |
293 | .desc = "256-fold(\"kerberos\")" , |
294 | .nfold = 256, |
295 | .plaintext = &nfold_test_kerberos, |
296 | .expected_result = &nfold_test11_expected_result, |
297 | }, |
298 | }; |
299 | |
300 | /* Creates the function rfc3961_nfold_gen_params */ |
301 | KUNIT_ARRAY_PARAM(rfc3961_nfold, rfc3961_nfold_test_params, gss_krb5_get_desc); |
302 | |
303 | static void rfc3961_nfold_case(struct kunit *test) |
304 | { |
305 | const struct gss_krb5_test_param *param = test->param_value; |
306 | u8 *result; |
307 | |
308 | /* Arrange */ |
309 | result = kunit_kzalloc(test, size: 4096, GFP_KERNEL); |
310 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, result); |
311 | |
312 | /* Act */ |
313 | krb5_nfold(inbits: param->plaintext->len * 8, in: param->plaintext->data, |
314 | outbits: param->expected_result->len * 8, out: result); |
315 | |
316 | /* Assert */ |
317 | KUNIT_EXPECT_EQ_MSG(test, |
318 | memcmp(param->expected_result->data, |
319 | result, param->expected_result->len), 0, |
320 | "result mismatch" ); |
321 | } |
322 | |
323 | static struct kunit_case rfc3961_test_cases[] = { |
324 | { |
325 | .name = "RFC 3961 n-fold" , |
326 | .run_case = rfc3961_nfold_case, |
327 | .generate_params = rfc3961_nfold_gen_params, |
328 | }, |
329 | {} |
330 | }; |
331 | |
332 | static struct kunit_suite rfc3961_suite = { |
333 | .name = "RFC 3961 tests" , |
334 | .test_cases = rfc3961_test_cases, |
335 | }; |
336 | |
337 | /* |
338 | * From RFC 3962 Appendix B: Sample Test Vectors |
339 | * |
340 | * Some test vectors for CBC with ciphertext stealing, using an |
341 | * initial vector of all-zero. |
342 | * |
343 | * This test material is copyright (C) The Internet Society (2005). |
344 | */ |
345 | |
346 | DEFINE_HEX_XDR_NETOBJ(rfc3962_encryption_key, |
347 | 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20, |
348 | 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 |
349 | ); |
350 | |
351 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_plaintext, |
352 | 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, |
353 | 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, |
354 | 0x20 |
355 | ); |
356 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_expected_result, |
357 | 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, |
358 | 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, |
359 | 0x97 |
360 | ); |
361 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_next_iv, |
362 | 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, |
363 | 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f |
364 | ); |
365 | |
366 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_plaintext, |
367 | 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, |
368 | 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, |
369 | 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, |
370 | 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20 |
371 | ); |
372 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_expected_result, |
373 | 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, |
374 | 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22, |
375 | 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, |
376 | 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 |
377 | ); |
378 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_next_iv, |
379 | 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, |
380 | 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22 |
381 | ); |
382 | |
383 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_plaintext, |
384 | 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, |
385 | 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, |
386 | 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, |
387 | 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43 |
388 | ); |
389 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_expected_result, |
390 | 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, |
391 | 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, |
392 | 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, |
393 | 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 |
394 | ); |
395 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_next_iv, |
396 | 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, |
397 | 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 |
398 | ); |
399 | |
400 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_plaintext, |
401 | 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, |
402 | 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, |
403 | 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, |
404 | 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, |
405 | 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, |
406 | 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c |
407 | ); |
408 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_expected_result, |
409 | 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, |
410 | 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, |
411 | 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, |
412 | 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e, |
413 | 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, |
414 | 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 |
415 | ); |
416 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_next_iv, |
417 | 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, |
418 | 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e |
419 | ); |
420 | |
421 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_plaintext, |
422 | 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, |
423 | 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, |
424 | 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, |
425 | 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, |
426 | 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, |
427 | 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20 |
428 | ); |
429 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_expected_result, |
430 | 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, |
431 | 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, |
432 | 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, |
433 | 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8, |
434 | 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, |
435 | 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 |
436 | ); |
437 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_next_iv, |
438 | 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, |
439 | 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 |
440 | ); |
441 | |
442 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_plaintext, |
443 | 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, |
444 | 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, |
445 | 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, |
446 | 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, |
447 | 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, |
448 | 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20, |
449 | 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74, |
450 | 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e |
451 | ); |
452 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_expected_result, |
453 | 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, |
454 | 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, |
455 | 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, |
456 | 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, |
457 | 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, |
458 | 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40, |
459 | 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, |
460 | 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 |
461 | ); |
462 | DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_next_iv, |
463 | 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, |
464 | 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40 |
465 | ); |
466 | |
467 | static const struct gss_krb5_test_param rfc3962_encrypt_test_params[] = { |
468 | { |
469 | .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 1" , |
470 | .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, |
471 | .Ke = &rfc3962_encryption_key, |
472 | .plaintext = &rfc3962_enc_test1_plaintext, |
473 | .expected_result = &rfc3962_enc_test1_expected_result, |
474 | .next_iv = &rfc3962_enc_test1_next_iv, |
475 | }, |
476 | { |
477 | .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 2" , |
478 | .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, |
479 | .Ke = &rfc3962_encryption_key, |
480 | .plaintext = &rfc3962_enc_test2_plaintext, |
481 | .expected_result = &rfc3962_enc_test2_expected_result, |
482 | .next_iv = &rfc3962_enc_test2_next_iv, |
483 | }, |
484 | { |
485 | .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 3" , |
486 | .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, |
487 | .Ke = &rfc3962_encryption_key, |
488 | .plaintext = &rfc3962_enc_test3_plaintext, |
489 | .expected_result = &rfc3962_enc_test3_expected_result, |
490 | .next_iv = &rfc3962_enc_test3_next_iv, |
491 | }, |
492 | { |
493 | .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 4" , |
494 | .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, |
495 | .Ke = &rfc3962_encryption_key, |
496 | .plaintext = &rfc3962_enc_test4_plaintext, |
497 | .expected_result = &rfc3962_enc_test4_expected_result, |
498 | .next_iv = &rfc3962_enc_test4_next_iv, |
499 | }, |
500 | { |
501 | .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 5" , |
502 | .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, |
503 | .Ke = &rfc3962_encryption_key, |
504 | .plaintext = &rfc3962_enc_test5_plaintext, |
505 | .expected_result = &rfc3962_enc_test5_expected_result, |
506 | .next_iv = &rfc3962_enc_test5_next_iv, |
507 | }, |
508 | { |
509 | .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 6" , |
510 | .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, |
511 | .Ke = &rfc3962_encryption_key, |
512 | .plaintext = &rfc3962_enc_test6_plaintext, |
513 | .expected_result = &rfc3962_enc_test6_expected_result, |
514 | .next_iv = &rfc3962_enc_test6_next_iv, |
515 | }, |
516 | }; |
517 | |
518 | /* Creates the function rfc3962_encrypt_gen_params */ |
519 | KUNIT_ARRAY_PARAM(rfc3962_encrypt, rfc3962_encrypt_test_params, |
520 | gss_krb5_get_desc); |
521 | |
522 | /* |
523 | * This tests the implementation of the encryption part of the mechanism. |
524 | * It does not apply a confounder or test the result of HMAC over the |
525 | * plaintext. |
526 | */ |
527 | static void rfc3962_encrypt_case(struct kunit *test) |
528 | { |
529 | const struct gss_krb5_test_param *param = test->param_value; |
530 | struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; |
531 | const struct gss_krb5_enctype *gk5e; |
532 | struct xdr_buf buf; |
533 | void *iv, *text; |
534 | u32 err; |
535 | |
536 | /* Arrange */ |
537 | gk5e = gss_krb5_lookup_enctype(etype: param->enctype); |
538 | if (!gk5e) |
539 | kunit_skip(test, "Encryption type is not available" ); |
540 | |
541 | cbc_tfm = crypto_alloc_sync_skcipher(alg_name: gk5e->aux_cipher, type: 0, mask: 0); |
542 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); |
543 | err = crypto_sync_skcipher_setkey(tfm: cbc_tfm, key: param->Ke->data, keylen: param->Ke->len); |
544 | KUNIT_ASSERT_EQ(test, err, 0); |
545 | |
546 | cts_tfm = crypto_alloc_sync_skcipher(alg_name: gk5e->encrypt_name, type: 0, mask: 0); |
547 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); |
548 | err = crypto_sync_skcipher_setkey(tfm: cts_tfm, key: param->Ke->data, keylen: param->Ke->len); |
549 | KUNIT_ASSERT_EQ(test, err, 0); |
550 | |
551 | iv = kunit_kzalloc(test, size: crypto_sync_skcipher_ivsize(tfm: cts_tfm), GFP_KERNEL); |
552 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, iv); |
553 | |
554 | text = kunit_kzalloc(test, size: param->plaintext->len, GFP_KERNEL); |
555 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); |
556 | |
557 | memcpy(text, param->plaintext->data, param->plaintext->len); |
558 | memset(&buf, 0, sizeof(buf)); |
559 | buf.head[0].iov_base = text; |
560 | buf.head[0].iov_len = param->plaintext->len; |
561 | buf.len = buf.head[0].iov_len; |
562 | |
563 | /* Act */ |
564 | err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, offset: 0, buf: &buf, NULL, |
565 | iv, ivsize: crypto_sync_skcipher_ivsize(tfm: cts_tfm)); |
566 | KUNIT_ASSERT_EQ(test, err, 0); |
567 | |
568 | /* Assert */ |
569 | KUNIT_EXPECT_EQ_MSG(test, |
570 | param->expected_result->len, buf.len, |
571 | "ciphertext length mismatch" ); |
572 | KUNIT_EXPECT_EQ_MSG(test, |
573 | memcmp(param->expected_result->data, |
574 | text, param->expected_result->len), 0, |
575 | "ciphertext mismatch" ); |
576 | KUNIT_EXPECT_EQ_MSG(test, |
577 | memcmp(param->next_iv->data, iv, |
578 | param->next_iv->len), 0, |
579 | "IV mismatch" ); |
580 | |
581 | crypto_free_sync_skcipher(tfm: cts_tfm); |
582 | crypto_free_sync_skcipher(tfm: cbc_tfm); |
583 | } |
584 | |
585 | static struct kunit_case rfc3962_test_cases[] = { |
586 | { |
587 | .name = "RFC 3962 encryption" , |
588 | .run_case = rfc3962_encrypt_case, |
589 | .generate_params = rfc3962_encrypt_gen_params, |
590 | }, |
591 | {} |
592 | }; |
593 | |
594 | static struct kunit_suite rfc3962_suite = { |
595 | .name = "RFC 3962 suite" , |
596 | .test_cases = rfc3962_test_cases, |
597 | }; |
598 | |
599 | /* |
600 | * From RFC 6803 Section 10. Test vectors |
601 | * |
602 | * Sample results for key derivation |
603 | * |
604 | * Copyright (c) 2012 IETF Trust and the persons identified as the |
605 | * document authors. All rights reserved. |
606 | */ |
607 | |
608 | DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_basekey, |
609 | 0x57, 0xd0, 0x29, 0x72, 0x98, 0xff, 0xd9, 0xd3, |
610 | 0x5d, 0xe5, 0xa4, 0x7f, 0xb4, 0xbd, 0xe2, 0x4b |
611 | ); |
612 | DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Kc, |
613 | 0xd1, 0x55, 0x77, 0x5a, 0x20, 0x9d, 0x05, 0xf0, |
614 | 0x2b, 0x38, 0xd4, 0x2a, 0x38, 0x9e, 0x5a, 0x56 |
615 | ); |
616 | DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ke, |
617 | 0x64, 0xdf, 0x83, 0xf8, 0x5a, 0x53, 0x2f, 0x17, |
618 | 0x57, 0x7d, 0x8c, 0x37, 0x03, 0x57, 0x96, 0xab |
619 | ); |
620 | DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ki, |
621 | 0x3e, 0x4f, 0xbd, 0xf3, 0x0f, 0xb8, 0x25, 0x9c, |
622 | 0x42, 0x5c, 0xb6, 0xc9, 0x6f, 0x1f, 0x46, 0x35 |
623 | ); |
624 | |
625 | DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_basekey, |
626 | 0xb9, 0xd6, 0x82, 0x8b, 0x20, 0x56, 0xb7, 0xbe, |
627 | 0x65, 0x6d, 0x88, 0xa1, 0x23, 0xb1, 0xfa, 0xc6, |
628 | 0x82, 0x14, 0xac, 0x2b, 0x72, 0x7e, 0xcf, 0x5f, |
629 | 0x69, 0xaf, 0xe0, 0xc4, 0xdf, 0x2a, 0x6d, 0x2c |
630 | ); |
631 | DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Kc, |
632 | 0xe4, 0x67, 0xf9, 0xa9, 0x55, 0x2b, 0xc7, 0xd3, |
633 | 0x15, 0x5a, 0x62, 0x20, 0xaf, 0x9c, 0x19, 0x22, |
634 | 0x0e, 0xee, 0xd4, 0xff, 0x78, 0xb0, 0xd1, 0xe6, |
635 | 0xa1, 0x54, 0x49, 0x91, 0x46, 0x1a, 0x9e, 0x50 |
636 | ); |
637 | DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ke, |
638 | 0x41, 0x2a, 0xef, 0xc3, 0x62, 0xa7, 0x28, 0x5f, |
639 | 0xc3, 0x96, 0x6c, 0x6a, 0x51, 0x81, 0xe7, 0x60, |
640 | 0x5a, 0xe6, 0x75, 0x23, 0x5b, 0x6d, 0x54, 0x9f, |
641 | 0xbf, 0xc9, 0xab, 0x66, 0x30, 0xa4, 0xc6, 0x04 |
642 | ); |
643 | DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ki, |
644 | 0xfa, 0x62, 0x4f, 0xa0, 0xe5, 0x23, 0x99, 0x3f, |
645 | 0xa3, 0x88, 0xae, 0xfd, 0xc6, 0x7e, 0x67, 0xeb, |
646 | 0xcd, 0x8c, 0x08, 0xe8, 0xa0, 0x24, 0x6b, 0x1d, |
647 | 0x73, 0xb0, 0xd1, 0xdd, 0x9f, 0xc5, 0x82, 0xb0 |
648 | ); |
649 | |
650 | DEFINE_HEX_XDR_NETOBJ(usage_checksum, |
651 | 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_CHECKSUM |
652 | ); |
653 | DEFINE_HEX_XDR_NETOBJ(usage_encryption, |
654 | 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_ENCRYPTION |
655 | ); |
656 | DEFINE_HEX_XDR_NETOBJ(usage_integrity, |
657 | 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_INTEGRITY |
658 | ); |
659 | |
660 | static const struct gss_krb5_test_param rfc6803_kdf_test_params[] = { |
661 | { |
662 | .desc = "Derive Kc subkey for camellia128-cts-cmac" , |
663 | .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, |
664 | .base_key = &camellia128_cts_cmac_basekey, |
665 | .usage = &usage_checksum, |
666 | .expected_result = &camellia128_cts_cmac_Kc, |
667 | }, |
668 | { |
669 | .desc = "Derive Ke subkey for camellia128-cts-cmac" , |
670 | .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, |
671 | .base_key = &camellia128_cts_cmac_basekey, |
672 | .usage = &usage_encryption, |
673 | .expected_result = &camellia128_cts_cmac_Ke, |
674 | }, |
675 | { |
676 | .desc = "Derive Ki subkey for camellia128-cts-cmac" , |
677 | .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, |
678 | .base_key = &camellia128_cts_cmac_basekey, |
679 | .usage = &usage_integrity, |
680 | .expected_result = &camellia128_cts_cmac_Ki, |
681 | }, |
682 | { |
683 | .desc = "Derive Kc subkey for camellia256-cts-cmac" , |
684 | .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, |
685 | .base_key = &camellia256_cts_cmac_basekey, |
686 | .usage = &usage_checksum, |
687 | .expected_result = &camellia256_cts_cmac_Kc, |
688 | }, |
689 | { |
690 | .desc = "Derive Ke subkey for camellia256-cts-cmac" , |
691 | .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, |
692 | .base_key = &camellia256_cts_cmac_basekey, |
693 | .usage = &usage_encryption, |
694 | .expected_result = &camellia256_cts_cmac_Ke, |
695 | }, |
696 | { |
697 | .desc = "Derive Ki subkey for camellia256-cts-cmac" , |
698 | .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, |
699 | .base_key = &camellia256_cts_cmac_basekey, |
700 | .usage = &usage_integrity, |
701 | .expected_result = &camellia256_cts_cmac_Ki, |
702 | }, |
703 | }; |
704 | |
705 | /* Creates the function rfc6803_kdf_gen_params */ |
706 | KUNIT_ARRAY_PARAM(rfc6803_kdf, rfc6803_kdf_test_params, gss_krb5_get_desc); |
707 | |
708 | /* |
709 | * From RFC 6803 Section 10. Test vectors |
710 | * |
711 | * Sample checksums. |
712 | * |
713 | * Copyright (c) 2012 IETF Trust and the persons identified as the |
714 | * document authors. All rights reserved. |
715 | * |
716 | * XXX: These tests are likely to fail on EBCDIC or Unicode platforms. |
717 | */ |
718 | DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test1_plaintext, |
719 | "abcdefghijk" ); |
720 | DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_basekey, |
721 | 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93, |
722 | 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3 |
723 | ); |
724 | DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_usage, |
725 | 0x00, 0x00, 0x00, 0x07, KEY_USAGE_SEED_CHECKSUM |
726 | ); |
727 | DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_expected_result, |
728 | 0x11, 0x78, 0xe6, 0xc5, 0xc4, 0x7a, 0x8c, 0x1a, |
729 | 0xe0, 0xc4, 0xb9, 0xc7, 0xd4, 0xeb, 0x7b, 0x6b |
730 | ); |
731 | |
732 | DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test2_plaintext, |
733 | "ABCDEFGHIJKLMNOPQRSTUVWXYZ" ); |
734 | DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_basekey, |
735 | 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d, |
736 | 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c |
737 | ); |
738 | DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_usage, |
739 | 0x00, 0x00, 0x00, 0x08, KEY_USAGE_SEED_CHECKSUM |
740 | ); |
741 | DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_expected_result, |
742 | 0xd1, 0xb3, 0x4f, 0x70, 0x04, 0xa7, 0x31, 0xf2, |
743 | 0x3a, 0x0c, 0x00, 0xbf, 0x6c, 0x3f, 0x75, 0x3a |
744 | ); |
745 | |
746 | DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test3_plaintext, |
747 | "123456789" ); |
748 | DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_basekey, |
749 | 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57, |
750 | 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03, |
751 | 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd, |
752 | 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b |
753 | ); |
754 | DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_usage, |
755 | 0x00, 0x00, 0x00, 0x09, KEY_USAGE_SEED_CHECKSUM |
756 | ); |
757 | DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_expected_result, |
758 | 0x87, 0xa1, 0x2c, 0xfd, 0x2b, 0x96, 0x21, 0x48, |
759 | 0x10, 0xf0, 0x1c, 0x82, 0x6e, 0x77, 0x44, 0xb1 |
760 | ); |
761 | |
762 | DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test4_plaintext, |
763 | "!@#$%^&*()!@#$%^&*()!@#$%^&*()" ); |
764 | DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_basekey, |
765 | 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15, |
766 | 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe, |
767 | 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33, |
768 | 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05 |
769 | ); |
770 | DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_usage, |
771 | 0x00, 0x00, 0x00, 0x0a, KEY_USAGE_SEED_CHECKSUM |
772 | ); |
773 | DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_expected_result, |
774 | 0x3f, 0xa0, 0xb4, 0x23, 0x55, 0xe5, 0x2b, 0x18, |
775 | 0x91, 0x87, 0x29, 0x4a, 0xa2, 0x52, 0xab, 0x64 |
776 | ); |
777 | |
778 | static const struct gss_krb5_test_param rfc6803_checksum_test_params[] = { |
779 | { |
780 | .desc = "camellia128-cts-cmac checksum test 1" , |
781 | .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, |
782 | .base_key = &rfc6803_checksum_test1_basekey, |
783 | .usage = &rfc6803_checksum_test1_usage, |
784 | .plaintext = &rfc6803_checksum_test1_plaintext, |
785 | .expected_result = &rfc6803_checksum_test1_expected_result, |
786 | }, |
787 | { |
788 | .desc = "camellia128-cts-cmac checksum test 2" , |
789 | .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, |
790 | .base_key = &rfc6803_checksum_test2_basekey, |
791 | .usage = &rfc6803_checksum_test2_usage, |
792 | .plaintext = &rfc6803_checksum_test2_plaintext, |
793 | .expected_result = &rfc6803_checksum_test2_expected_result, |
794 | }, |
795 | { |
796 | .desc = "camellia256-cts-cmac checksum test 3" , |
797 | .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, |
798 | .base_key = &rfc6803_checksum_test3_basekey, |
799 | .usage = &rfc6803_checksum_test3_usage, |
800 | .plaintext = &rfc6803_checksum_test3_plaintext, |
801 | .expected_result = &rfc6803_checksum_test3_expected_result, |
802 | }, |
803 | { |
804 | .desc = "camellia256-cts-cmac checksum test 4" , |
805 | .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, |
806 | .base_key = &rfc6803_checksum_test4_basekey, |
807 | .usage = &rfc6803_checksum_test4_usage, |
808 | .plaintext = &rfc6803_checksum_test4_plaintext, |
809 | .expected_result = &rfc6803_checksum_test4_expected_result, |
810 | }, |
811 | }; |
812 | |
813 | /* Creates the function rfc6803_checksum_gen_params */ |
814 | KUNIT_ARRAY_PARAM(rfc6803_checksum, rfc6803_checksum_test_params, |
815 | gss_krb5_get_desc); |
816 | |
817 | /* |
818 | * From RFC 6803 Section 10. Test vectors |
819 | * |
820 | * Sample encryptions (all using the default cipher state) |
821 | * |
822 | * Copyright (c) 2012 IETF Trust and the persons identified as the |
823 | * document authors. All rights reserved. |
824 | * |
825 | * Key usage values are from errata 4326 against RFC 6803. |
826 | */ |
827 | |
828 | static const struct xdr_netobj rfc6803_enc_empty_plaintext = { |
829 | .len = 0, |
830 | }; |
831 | |
832 | DEFINE_STR_XDR_NETOBJ(rfc6803_enc_1byte_plaintext, "1" ); |
833 | DEFINE_STR_XDR_NETOBJ(rfc6803_enc_9byte_plaintext, "9 bytesss" ); |
834 | DEFINE_STR_XDR_NETOBJ(rfc6803_enc_13byte_plaintext, "13 bytes byte" ); |
835 | DEFINE_STR_XDR_NETOBJ(rfc6803_enc_30byte_plaintext, |
836 | "30 bytes bytes bytes bytes byt" |
837 | ); |
838 | |
839 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_confounder, |
840 | 0xb6, 0x98, 0x22, 0xa1, 0x9a, 0x6b, 0x09, 0xc0, |
841 | 0xeb, 0xc8, 0x55, 0x7d, 0x1f, 0x1b, 0x6c, 0x0a |
842 | ); |
843 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_basekey, |
844 | 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93, |
845 | 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3 |
846 | ); |
847 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_expected_result, |
848 | 0xc4, 0x66, 0xf1, 0x87, 0x10, 0x69, 0x92, 0x1e, |
849 | 0xdb, 0x7c, 0x6f, 0xde, 0x24, 0x4a, 0x52, 0xdb, |
850 | 0x0b, 0xa1, 0x0e, 0xdc, 0x19, 0x7b, 0xdb, 0x80, |
851 | 0x06, 0x65, 0x8c, 0xa3, 0xcc, 0xce, 0x6e, 0xb8 |
852 | ); |
853 | |
854 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_confounder, |
855 | 0x6f, 0x2f, 0xc3, 0xc2, 0xa1, 0x66, 0xfd, 0x88, |
856 | 0x98, 0x96, 0x7a, 0x83, 0xde, 0x95, 0x96, 0xd9 |
857 | ); |
858 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_basekey, |
859 | 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d, |
860 | 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c |
861 | ); |
862 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_expected_result, |
863 | 0x84, 0x2d, 0x21, 0xfd, 0x95, 0x03, 0x11, 0xc0, |
864 | 0xdd, 0x46, 0x4a, 0x3f, 0x4b, 0xe8, 0xd6, 0xda, |
865 | 0x88, 0xa5, 0x6d, 0x55, 0x9c, 0x9b, 0x47, 0xd3, |
866 | 0xf9, 0xa8, 0x50, 0x67, 0xaf, 0x66, 0x15, 0x59, |
867 | 0xb8 |
868 | ); |
869 | |
870 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_confounder, |
871 | 0xa5, 0xb4, 0xa7, 0x1e, 0x07, 0x7a, 0xee, 0xf9, |
872 | 0x3c, 0x87, 0x63, 0xc1, 0x8f, 0xdb, 0x1f, 0x10 |
873 | ); |
874 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_basekey, |
875 | 0xa1, 0xbb, 0x61, 0xe8, 0x05, 0xf9, 0xba, 0x6d, |
876 | 0xde, 0x8f, 0xdb, 0xdd, 0xc0, 0x5c, 0xde, 0xa0 |
877 | ); |
878 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_expected_result, |
879 | 0x61, 0x9f, 0xf0, 0x72, 0xe3, 0x62, 0x86, 0xff, |
880 | 0x0a, 0x28, 0xde, 0xb3, 0xa3, 0x52, 0xec, 0x0d, |
881 | 0x0e, 0xdf, 0x5c, 0x51, 0x60, 0xd6, 0x63, 0xc9, |
882 | 0x01, 0x75, 0x8c, 0xcf, 0x9d, 0x1e, 0xd3, 0x3d, |
883 | 0x71, 0xdb, 0x8f, 0x23, 0xaa, 0xbf, 0x83, 0x48, |
884 | 0xa0 |
885 | ); |
886 | |
887 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_confounder, |
888 | 0x19, 0xfe, 0xe4, 0x0d, 0x81, 0x0c, 0x52, 0x4b, |
889 | 0x5b, 0x22, 0xf0, 0x18, 0x74, 0xc6, 0x93, 0xda |
890 | ); |
891 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_basekey, |
892 | 0x2c, 0xa2, 0x7a, 0x5f, 0xaf, 0x55, 0x32, 0x24, |
893 | 0x45, 0x06, 0x43, 0x4e, 0x1c, 0xef, 0x66, 0x76 |
894 | ); |
895 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_expected_result, |
896 | 0xb8, 0xec, 0xa3, 0x16, 0x7a, 0xe6, 0x31, 0x55, |
897 | 0x12, 0xe5, 0x9f, 0x98, 0xa7, 0xc5, 0x00, 0x20, |
898 | 0x5e, 0x5f, 0x63, 0xff, 0x3b, 0xb3, 0x89, 0xaf, |
899 | 0x1c, 0x41, 0xa2, 0x1d, 0x64, 0x0d, 0x86, 0x15, |
900 | 0xc9, 0xed, 0x3f, 0xbe, 0xb0, 0x5a, 0xb6, 0xac, |
901 | 0xb6, 0x76, 0x89, 0xb5, 0xea |
902 | ); |
903 | |
904 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_confounder, |
905 | 0xca, 0x7a, 0x7a, 0xb4, 0xbe, 0x19, 0x2d, 0xab, |
906 | 0xd6, 0x03, 0x50, 0x6d, 0xb1, 0x9c, 0x39, 0xe2 |
907 | ); |
908 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_basekey, |
909 | 0x78, 0x24, 0xf8, 0xc1, 0x6f, 0x83, 0xff, 0x35, |
910 | 0x4c, 0x6b, 0xf7, 0x51, 0x5b, 0x97, 0x3f, 0x43 |
911 | ); |
912 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_expected_result, |
913 | 0xa2, 0x6a, 0x39, 0x05, 0xa4, 0xff, 0xd5, 0x81, |
914 | 0x6b, 0x7b, 0x1e, 0x27, 0x38, 0x0d, 0x08, 0x09, |
915 | 0x0c, 0x8e, 0xc1, 0xf3, 0x04, 0x49, 0x6e, 0x1a, |
916 | 0xbd, 0xcd, 0x2b, 0xdc, 0xd1, 0xdf, 0xfc, 0x66, |
917 | 0x09, 0x89, 0xe1, 0x17, 0xa7, 0x13, 0xdd, 0xbb, |
918 | 0x57, 0xa4, 0x14, 0x6c, 0x15, 0x87, 0xcb, 0xa4, |
919 | 0x35, 0x66, 0x65, 0x59, 0x1d, 0x22, 0x40, 0x28, |
920 | 0x2f, 0x58, 0x42, 0xb1, 0x05, 0xa5 |
921 | ); |
922 | |
923 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_confounder, |
924 | 0x3c, 0xbb, 0xd2, 0xb4, 0x59, 0x17, 0x94, 0x10, |
925 | 0x67, 0xf9, 0x65, 0x99, 0xbb, 0x98, 0x92, 0x6c |
926 | ); |
927 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_basekey, |
928 | 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57, |
929 | 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03, |
930 | 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd, |
931 | 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b |
932 | ); |
933 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_expected_result, |
934 | 0x03, 0x88, 0x6d, 0x03, 0x31, 0x0b, 0x47, 0xa6, |
935 | 0xd8, 0xf0, 0x6d, 0x7b, 0x94, 0xd1, 0xdd, 0x83, |
936 | 0x7e, 0xcc, 0xe3, 0x15, 0xef, 0x65, 0x2a, 0xff, |
937 | 0x62, 0x08, 0x59, 0xd9, 0x4a, 0x25, 0x92, 0x66 |
938 | ); |
939 | |
940 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_confounder, |
941 | 0xde, 0xf4, 0x87, 0xfc, 0xeb, 0xe6, 0xde, 0x63, |
942 | 0x46, 0xd4, 0xda, 0x45, 0x21, 0xbb, 0xa2, 0xd2 |
943 | ); |
944 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_basekey, |
945 | 0x1b, 0x97, 0xfe, 0x0a, 0x19, 0x0e, 0x20, 0x21, |
946 | 0xeb, 0x30, 0x75, 0x3e, 0x1b, 0x6e, 0x1e, 0x77, |
947 | 0xb0, 0x75, 0x4b, 0x1d, 0x68, 0x46, 0x10, 0x35, |
948 | 0x58, 0x64, 0x10, 0x49, 0x63, 0x46, 0x38, 0x33 |
949 | ); |
950 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_expected_result, |
951 | 0x2c, 0x9c, 0x15, 0x70, 0x13, 0x3c, 0x99, 0xbf, |
952 | 0x6a, 0x34, 0xbc, 0x1b, 0x02, 0x12, 0x00, 0x2f, |
953 | 0xd1, 0x94, 0x33, 0x87, 0x49, 0xdb, 0x41, 0x35, |
954 | 0x49, 0x7a, 0x34, 0x7c, 0xfc, 0xd9, 0xd1, 0x8a, |
955 | 0x12 |
956 | ); |
957 | |
958 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_confounder, |
959 | 0xad, 0x4f, 0xf9, 0x04, 0xd3, 0x4e, 0x55, 0x53, |
960 | 0x84, 0xb1, 0x41, 0x00, 0xfc, 0x46, 0x5f, 0x88 |
961 | ); |
962 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_basekey, |
963 | 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15, |
964 | 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe, |
965 | 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33, |
966 | 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05 |
967 | ); |
968 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_expected_result, |
969 | 0x9c, 0x6d, 0xe7, 0x5f, 0x81, 0x2d, 0xe7, 0xed, |
970 | 0x0d, 0x28, 0xb2, 0x96, 0x35, 0x57, 0xa1, 0x15, |
971 | 0x64, 0x09, 0x98, 0x27, 0x5b, 0x0a, 0xf5, 0x15, |
972 | 0x27, 0x09, 0x91, 0x3f, 0xf5, 0x2a, 0x2a, 0x9c, |
973 | 0x8e, 0x63, 0xb8, 0x72, 0xf9, 0x2e, 0x64, 0xc8, |
974 | 0x39 |
975 | ); |
976 | |
977 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_confounder, |
978 | 0xcf, 0x9b, 0xca, 0x6d, 0xf1, 0x14, 0x4e, 0x0c, |
979 | 0x0a, 0xf9, 0xb8, 0xf3, 0x4c, 0x90, 0xd5, 0x14 |
980 | ); |
981 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_basekey, |
982 | 0xb0, 0x38, 0xb1, 0x32, 0xcd, 0x8e, 0x06, 0x61, |
983 | 0x22, 0x67, 0xfa, 0xb7, 0x17, 0x00, 0x66, 0xd8, |
984 | 0x8a, 0xec, 0xcb, 0xa0, 0xb7, 0x44, 0xbf, 0xc6, |
985 | 0x0d, 0xc8, 0x9b, 0xca, 0x18, 0x2d, 0x07, 0x15 |
986 | ); |
987 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_expected_result, |
988 | 0xee, 0xec, 0x85, 0xa9, 0x81, 0x3c, 0xdc, 0x53, |
989 | 0x67, 0x72, 0xab, 0x9b, 0x42, 0xde, 0xfc, 0x57, |
990 | 0x06, 0xf7, 0x26, 0xe9, 0x75, 0xdd, 0xe0, 0x5a, |
991 | 0x87, 0xeb, 0x54, 0x06, 0xea, 0x32, 0x4c, 0xa1, |
992 | 0x85, 0xc9, 0x98, 0x6b, 0x42, 0xaa, 0xbe, 0x79, |
993 | 0x4b, 0x84, 0x82, 0x1b, 0xee |
994 | ); |
995 | |
996 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_confounder, |
997 | 0x64, 0x4d, 0xef, 0x38, 0xda, 0x35, 0x00, 0x72, |
998 | 0x75, 0x87, 0x8d, 0x21, 0x68, 0x55, 0xe2, 0x28 |
999 | ); |
1000 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_basekey, |
1001 | 0xcc, 0xfc, 0xd3, 0x49, 0xbf, 0x4c, 0x66, 0x77, |
1002 | 0xe8, 0x6e, 0x4b, 0x02, 0xb8, 0xea, 0xb9, 0x24, |
1003 | 0xa5, 0x46, 0xac, 0x73, 0x1c, 0xf9, 0xbf, 0x69, |
1004 | 0x89, 0xb9, 0x96, 0xe7, 0xd6, 0xbf, 0xbb, 0xa7 |
1005 | ); |
1006 | DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_expected_result, |
1007 | 0x0e, 0x44, 0x68, 0x09, 0x85, 0x85, 0x5f, 0x2d, |
1008 | 0x1f, 0x18, 0x12, 0x52, 0x9c, 0xa8, 0x3b, 0xfd, |
1009 | 0x8e, 0x34, 0x9d, 0xe6, 0xfd, 0x9a, 0xda, 0x0b, |
1010 | 0xaa, 0xa0, 0x48, 0xd6, 0x8e, 0x26, 0x5f, 0xeb, |
1011 | 0xf3, 0x4a, 0xd1, 0x25, 0x5a, 0x34, 0x49, 0x99, |
1012 | 0xad, 0x37, 0x14, 0x68, 0x87, 0xa6, 0xc6, 0x84, |
1013 | 0x57, 0x31, 0xac, 0x7f, 0x46, 0x37, 0x6a, 0x05, |
1014 | 0x04, 0xcd, 0x06, 0x57, 0x14, 0x74 |
1015 | ); |
1016 | |
1017 | static const struct gss_krb5_test_param rfc6803_encrypt_test_params[] = { |
1018 | { |
1019 | .desc = "Encrypt empty plaintext with camellia128-cts-cmac" , |
1020 | .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, |
1021 | .constant = 0, |
1022 | .base_key = &rfc6803_enc_test1_basekey, |
1023 | .plaintext = &rfc6803_enc_empty_plaintext, |
1024 | .confounder = &rfc6803_enc_test1_confounder, |
1025 | .expected_result = &rfc6803_enc_test1_expected_result, |
1026 | }, |
1027 | { |
1028 | .desc = "Encrypt 1 byte with camellia128-cts-cmac" , |
1029 | .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, |
1030 | .constant = 1, |
1031 | .base_key = &rfc6803_enc_test2_basekey, |
1032 | .plaintext = &rfc6803_enc_1byte_plaintext, |
1033 | .confounder = &rfc6803_enc_test2_confounder, |
1034 | .expected_result = &rfc6803_enc_test2_expected_result, |
1035 | }, |
1036 | { |
1037 | .desc = "Encrypt 9 bytes with camellia128-cts-cmac" , |
1038 | .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, |
1039 | .constant = 2, |
1040 | .base_key = &rfc6803_enc_test3_basekey, |
1041 | .plaintext = &rfc6803_enc_9byte_plaintext, |
1042 | .confounder = &rfc6803_enc_test3_confounder, |
1043 | .expected_result = &rfc6803_enc_test3_expected_result, |
1044 | }, |
1045 | { |
1046 | .desc = "Encrypt 13 bytes with camellia128-cts-cmac" , |
1047 | .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, |
1048 | .constant = 3, |
1049 | .base_key = &rfc6803_enc_test4_basekey, |
1050 | .plaintext = &rfc6803_enc_13byte_plaintext, |
1051 | .confounder = &rfc6803_enc_test4_confounder, |
1052 | .expected_result = &rfc6803_enc_test4_expected_result, |
1053 | }, |
1054 | { |
1055 | .desc = "Encrypt 30 bytes with camellia128-cts-cmac" , |
1056 | .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, |
1057 | .constant = 4, |
1058 | .base_key = &rfc6803_enc_test5_basekey, |
1059 | .plaintext = &rfc6803_enc_30byte_plaintext, |
1060 | .confounder = &rfc6803_enc_test5_confounder, |
1061 | .expected_result = &rfc6803_enc_test5_expected_result, |
1062 | }, |
1063 | { |
1064 | .desc = "Encrypt empty plaintext with camellia256-cts-cmac" , |
1065 | .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, |
1066 | .constant = 0, |
1067 | .base_key = &rfc6803_enc_test6_basekey, |
1068 | .plaintext = &rfc6803_enc_empty_plaintext, |
1069 | .confounder = &rfc6803_enc_test6_confounder, |
1070 | .expected_result = &rfc6803_enc_test6_expected_result, |
1071 | }, |
1072 | { |
1073 | .desc = "Encrypt 1 byte with camellia256-cts-cmac" , |
1074 | .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, |
1075 | .constant = 1, |
1076 | .base_key = &rfc6803_enc_test7_basekey, |
1077 | .plaintext = &rfc6803_enc_1byte_plaintext, |
1078 | .confounder = &rfc6803_enc_test7_confounder, |
1079 | .expected_result = &rfc6803_enc_test7_expected_result, |
1080 | }, |
1081 | { |
1082 | .desc = "Encrypt 9 bytes with camellia256-cts-cmac" , |
1083 | .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, |
1084 | .constant = 2, |
1085 | .base_key = &rfc6803_enc_test8_basekey, |
1086 | .plaintext = &rfc6803_enc_9byte_plaintext, |
1087 | .confounder = &rfc6803_enc_test8_confounder, |
1088 | .expected_result = &rfc6803_enc_test8_expected_result, |
1089 | }, |
1090 | { |
1091 | .desc = "Encrypt 13 bytes with camellia256-cts-cmac" , |
1092 | .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, |
1093 | .constant = 3, |
1094 | .base_key = &rfc6803_enc_test9_basekey, |
1095 | .plaintext = &rfc6803_enc_13byte_plaintext, |
1096 | .confounder = &rfc6803_enc_test9_confounder, |
1097 | .expected_result = &rfc6803_enc_test9_expected_result, |
1098 | }, |
1099 | { |
1100 | .desc = "Encrypt 30 bytes with camellia256-cts-cmac" , |
1101 | .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, |
1102 | .constant = 4, |
1103 | .base_key = &rfc6803_enc_test10_basekey, |
1104 | .plaintext = &rfc6803_enc_30byte_plaintext, |
1105 | .confounder = &rfc6803_enc_test10_confounder, |
1106 | .expected_result = &rfc6803_enc_test10_expected_result, |
1107 | }, |
1108 | }; |
1109 | |
1110 | /* Creates the function rfc6803_encrypt_gen_params */ |
1111 | KUNIT_ARRAY_PARAM(rfc6803_encrypt, rfc6803_encrypt_test_params, |
1112 | gss_krb5_get_desc); |
1113 | |
1114 | static void rfc6803_encrypt_case(struct kunit *test) |
1115 | { |
1116 | const struct gss_krb5_test_param *param = test->param_value; |
1117 | struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; |
1118 | const struct gss_krb5_enctype *gk5e; |
1119 | struct xdr_netobj Ke, Ki, checksum; |
1120 | u8 usage_data[GSS_KRB5_K5CLENGTH]; |
1121 | struct xdr_netobj usage = { |
1122 | .data = usage_data, |
1123 | .len = sizeof(usage_data), |
1124 | }; |
1125 | struct crypto_ahash *ahash_tfm; |
1126 | unsigned int blocksize; |
1127 | struct xdr_buf buf; |
1128 | void *text; |
1129 | size_t len; |
1130 | u32 err; |
1131 | |
1132 | /* Arrange */ |
1133 | gk5e = gss_krb5_lookup_enctype(etype: param->enctype); |
1134 | if (!gk5e) |
1135 | kunit_skip(test, "Encryption type is not available" ); |
1136 | |
1137 | memset(usage_data, 0, sizeof(usage_data)); |
1138 | usage.data[3] = param->constant; |
1139 | |
1140 | Ke.len = gk5e->Ke_length; |
1141 | Ke.data = kunit_kzalloc(test, size: Ke.len, GFP_KERNEL); |
1142 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data); |
1143 | usage.data[4] = KEY_USAGE_SEED_ENCRYPTION; |
1144 | err = gk5e->derive_key(gk5e, param->base_key, &Ke, &usage, GFP_KERNEL); |
1145 | KUNIT_ASSERT_EQ(test, err, 0); |
1146 | |
1147 | cbc_tfm = crypto_alloc_sync_skcipher(alg_name: gk5e->aux_cipher, type: 0, mask: 0); |
1148 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); |
1149 | err = crypto_sync_skcipher_setkey(tfm: cbc_tfm, key: Ke.data, keylen: Ke.len); |
1150 | KUNIT_ASSERT_EQ(test, err, 0); |
1151 | |
1152 | cts_tfm = crypto_alloc_sync_skcipher(alg_name: gk5e->encrypt_name, type: 0, mask: 0); |
1153 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); |
1154 | err = crypto_sync_skcipher_setkey(tfm: cts_tfm, key: Ke.data, keylen: Ke.len); |
1155 | KUNIT_ASSERT_EQ(test, err, 0); |
1156 | blocksize = crypto_sync_skcipher_blocksize(tfm: cts_tfm); |
1157 | |
1158 | len = param->confounder->len + param->plaintext->len + blocksize; |
1159 | text = kunit_kzalloc(test, size: len, GFP_KERNEL); |
1160 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); |
1161 | memcpy(text, param->confounder->data, param->confounder->len); |
1162 | memcpy(text + param->confounder->len, param->plaintext->data, |
1163 | param->plaintext->len); |
1164 | |
1165 | memset(&buf, 0, sizeof(buf)); |
1166 | buf.head[0].iov_base = text; |
1167 | buf.head[0].iov_len = param->confounder->len + param->plaintext->len; |
1168 | buf.len = buf.head[0].iov_len; |
1169 | |
1170 | checksum.len = gk5e->cksumlength; |
1171 | checksum.data = kunit_kzalloc(test, size: checksum.len, GFP_KERNEL); |
1172 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); |
1173 | |
1174 | Ki.len = gk5e->Ki_length; |
1175 | Ki.data = kunit_kzalloc(test, size: Ki.len, GFP_KERNEL); |
1176 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data); |
1177 | usage.data[4] = KEY_USAGE_SEED_INTEGRITY; |
1178 | err = gk5e->derive_key(gk5e, param->base_key, &Ki, |
1179 | &usage, GFP_KERNEL); |
1180 | KUNIT_ASSERT_EQ(test, err, 0); |
1181 | ahash_tfm = crypto_alloc_ahash(alg_name: gk5e->cksum_name, type: 0, CRYPTO_ALG_ASYNC); |
1182 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm); |
1183 | err = crypto_ahash_setkey(tfm: ahash_tfm, key: Ki.data, keylen: Ki.len); |
1184 | KUNIT_ASSERT_EQ(test, err, 0); |
1185 | |
1186 | /* Act */ |
1187 | err = gss_krb5_checksum(tfm: ahash_tfm, NULL, hdrlen: 0, body: &buf, body_offset: 0, cksumout: &checksum); |
1188 | KUNIT_ASSERT_EQ(test, err, 0); |
1189 | |
1190 | err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, offset: 0, buf: &buf, NULL, NULL, ivsize: 0); |
1191 | KUNIT_ASSERT_EQ(test, err, 0); |
1192 | |
1193 | /* Assert */ |
1194 | KUNIT_EXPECT_EQ_MSG(test, param->expected_result->len, |
1195 | buf.len + checksum.len, |
1196 | "ciphertext length mismatch" ); |
1197 | KUNIT_EXPECT_EQ_MSG(test, |
1198 | memcmp(param->expected_result->data, |
1199 | buf.head[0].iov_base, buf.len), 0, |
1200 | "encrypted result mismatch" ); |
1201 | KUNIT_EXPECT_EQ_MSG(test, |
1202 | memcmp(param->expected_result->data + |
1203 | (param->expected_result->len - checksum.len), |
1204 | checksum.data, checksum.len), 0, |
1205 | "HMAC mismatch" ); |
1206 | |
1207 | crypto_free_ahash(tfm: ahash_tfm); |
1208 | crypto_free_sync_skcipher(tfm: cts_tfm); |
1209 | crypto_free_sync_skcipher(tfm: cbc_tfm); |
1210 | } |
1211 | |
1212 | static struct kunit_case rfc6803_test_cases[] = { |
1213 | { |
1214 | .name = "RFC 6803 key derivation" , |
1215 | .run_case = kdf_case, |
1216 | .generate_params = rfc6803_kdf_gen_params, |
1217 | }, |
1218 | { |
1219 | .name = "RFC 6803 checksum" , |
1220 | .run_case = checksum_case, |
1221 | .generate_params = rfc6803_checksum_gen_params, |
1222 | }, |
1223 | { |
1224 | .name = "RFC 6803 encryption" , |
1225 | .run_case = rfc6803_encrypt_case, |
1226 | .generate_params = rfc6803_encrypt_gen_params, |
1227 | }, |
1228 | {} |
1229 | }; |
1230 | |
1231 | static struct kunit_suite rfc6803_suite = { |
1232 | .name = "RFC 6803 suite" , |
1233 | .test_cases = rfc6803_test_cases, |
1234 | }; |
1235 | |
1236 | /* |
1237 | * From RFC 8009 Appendix A. Test Vectors |
1238 | * |
1239 | * Sample results for SHA-2 enctype key derivation |
1240 | * |
1241 | * This test material is copyright (c) 2016 IETF Trust and the |
1242 | * persons identified as the document authors. All rights reserved. |
1243 | */ |
1244 | |
1245 | DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_basekey, |
1246 | 0x37, 0x05, 0xd9, 0x60, 0x80, 0xc1, 0x77, 0x28, |
1247 | 0xa0, 0xe8, 0x00, 0xea, 0xb6, 0xe0, 0xd2, 0x3c |
1248 | ); |
1249 | DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Kc, |
1250 | 0xb3, 0x1a, 0x01, 0x8a, 0x48, 0xf5, 0x47, 0x76, |
1251 | 0xf4, 0x03, 0xe9, 0xa3, 0x96, 0x32, 0x5d, 0xc3 |
1252 | ); |
1253 | DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ke, |
1254 | 0x9b, 0x19, 0x7d, 0xd1, 0xe8, 0xc5, 0x60, 0x9d, |
1255 | 0x6e, 0x67, 0xc3, 0xe3, 0x7c, 0x62, 0xc7, 0x2e |
1256 | ); |
1257 | DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ki, |
1258 | 0x9f, 0xda, 0x0e, 0x56, 0xab, 0x2d, 0x85, 0xe1, |
1259 | 0x56, 0x9a, 0x68, 0x86, 0x96, 0xc2, 0x6a, 0x6c |
1260 | ); |
1261 | |
1262 | DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_basekey, |
1263 | 0x6d, 0x40, 0x4d, 0x37, 0xfa, 0xf7, 0x9f, 0x9d, |
1264 | 0xf0, 0xd3, 0x35, 0x68, 0xd3, 0x20, 0x66, 0x98, |
1265 | 0x00, 0xeb, 0x48, 0x36, 0x47, 0x2e, 0xa8, 0xa0, |
1266 | 0x26, 0xd1, 0x6b, 0x71, 0x82, 0x46, 0x0c, 0x52 |
1267 | ); |
1268 | DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Kc, |
1269 | 0xef, 0x57, 0x18, 0xbe, 0x86, 0xcc, 0x84, 0x96, |
1270 | 0x3d, 0x8b, 0xbb, 0x50, 0x31, 0xe9, 0xf5, 0xc4, |
1271 | 0xba, 0x41, 0xf2, 0x8f, 0xaf, 0x69, 0xe7, 0x3d |
1272 | ); |
1273 | DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ke, |
1274 | 0x56, 0xab, 0x22, 0xbe, 0xe6, 0x3d, 0x82, 0xd7, |
1275 | 0xbc, 0x52, 0x27, 0xf6, 0x77, 0x3f, 0x8e, 0xa7, |
1276 | 0xa5, 0xeb, 0x1c, 0x82, 0x51, 0x60, 0xc3, 0x83, |
1277 | 0x12, 0x98, 0x0c, 0x44, 0x2e, 0x5c, 0x7e, 0x49 |
1278 | ); |
1279 | DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ki, |
1280 | 0x69, 0xb1, 0x65, 0x14, 0xe3, 0xcd, 0x8e, 0x56, |
1281 | 0xb8, 0x20, 0x10, 0xd5, 0xc7, 0x30, 0x12, 0xb6, |
1282 | 0x22, 0xc4, 0xd0, 0x0f, 0xfc, 0x23, 0xed, 0x1f |
1283 | ); |
1284 | |
1285 | static const struct gss_krb5_test_param rfc8009_kdf_test_params[] = { |
1286 | { |
1287 | .desc = "Derive Kc subkey for aes128-cts-hmac-sha256-128" , |
1288 | .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, |
1289 | .base_key = &aes128_cts_hmac_sha256_128_basekey, |
1290 | .usage = &usage_checksum, |
1291 | .expected_result = &aes128_cts_hmac_sha256_128_Kc, |
1292 | }, |
1293 | { |
1294 | .desc = "Derive Ke subkey for aes128-cts-hmac-sha256-128" , |
1295 | .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, |
1296 | .base_key = &aes128_cts_hmac_sha256_128_basekey, |
1297 | .usage = &usage_encryption, |
1298 | .expected_result = &aes128_cts_hmac_sha256_128_Ke, |
1299 | }, |
1300 | { |
1301 | .desc = "Derive Ki subkey for aes128-cts-hmac-sha256-128" , |
1302 | .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, |
1303 | .base_key = &aes128_cts_hmac_sha256_128_basekey, |
1304 | .usage = &usage_integrity, |
1305 | .expected_result = &aes128_cts_hmac_sha256_128_Ki, |
1306 | }, |
1307 | { |
1308 | .desc = "Derive Kc subkey for aes256-cts-hmac-sha384-192" , |
1309 | .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, |
1310 | .base_key = &aes256_cts_hmac_sha384_192_basekey, |
1311 | .usage = &usage_checksum, |
1312 | .expected_result = &aes256_cts_hmac_sha384_192_Kc, |
1313 | }, |
1314 | { |
1315 | .desc = "Derive Ke subkey for aes256-cts-hmac-sha384-192" , |
1316 | .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, |
1317 | .base_key = &aes256_cts_hmac_sha384_192_basekey, |
1318 | .usage = &usage_encryption, |
1319 | .expected_result = &aes256_cts_hmac_sha384_192_Ke, |
1320 | }, |
1321 | { |
1322 | .desc = "Derive Ki subkey for aes256-cts-hmac-sha384-192" , |
1323 | .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, |
1324 | .base_key = &aes256_cts_hmac_sha384_192_basekey, |
1325 | .usage = &usage_integrity, |
1326 | .expected_result = &aes256_cts_hmac_sha384_192_Ki, |
1327 | }, |
1328 | }; |
1329 | |
1330 | /* Creates the function rfc8009_kdf_gen_params */ |
1331 | KUNIT_ARRAY_PARAM(rfc8009_kdf, rfc8009_kdf_test_params, gss_krb5_get_desc); |
1332 | |
1333 | /* |
1334 | * From RFC 8009 Appendix A. Test Vectors |
1335 | * |
1336 | * These sample checksums use the above sample key derivation results, |
1337 | * including use of the same base-key and key usage values. |
1338 | * |
1339 | * This test material is copyright (c) 2016 IETF Trust and the |
1340 | * persons identified as the document authors. All rights reserved. |
1341 | */ |
1342 | |
1343 | DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_plaintext, |
1344 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, |
1345 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, |
1346 | 0x10, 0x11, 0x12, 0x13, 0x14 |
1347 | ); |
1348 | DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test1_expected_result, |
1349 | 0xd7, 0x83, 0x67, 0x18, 0x66, 0x43, 0xd6, 0x7b, |
1350 | 0x41, 0x1c, 0xba, 0x91, 0x39, 0xfc, 0x1d, 0xee |
1351 | ); |
1352 | DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test2_expected_result, |
1353 | 0x45, 0xee, 0x79, 0x15, 0x67, 0xee, 0xfc, 0xa3, |
1354 | 0x7f, 0x4a, 0xc1, 0xe0, 0x22, 0x2d, 0xe8, 0x0d, |
1355 | 0x43, 0xc3, 0xbf, 0xa0, 0x66, 0x99, 0x67, 0x2a |
1356 | ); |
1357 | |
1358 | static const struct gss_krb5_test_param rfc8009_checksum_test_params[] = { |
1359 | { |
1360 | .desc = "Checksum with aes128-cts-hmac-sha256-128" , |
1361 | .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, |
1362 | .base_key = &aes128_cts_hmac_sha256_128_basekey, |
1363 | .usage = &usage_checksum, |
1364 | .plaintext = &rfc8009_checksum_plaintext, |
1365 | .expected_result = &rfc8009_checksum_test1_expected_result, |
1366 | }, |
1367 | { |
1368 | .desc = "Checksum with aes256-cts-hmac-sha384-192" , |
1369 | .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, |
1370 | .base_key = &aes256_cts_hmac_sha384_192_basekey, |
1371 | .usage = &usage_checksum, |
1372 | .plaintext = &rfc8009_checksum_plaintext, |
1373 | .expected_result = &rfc8009_checksum_test2_expected_result, |
1374 | }, |
1375 | }; |
1376 | |
1377 | /* Creates the function rfc8009_checksum_gen_params */ |
1378 | KUNIT_ARRAY_PARAM(rfc8009_checksum, rfc8009_checksum_test_params, |
1379 | gss_krb5_get_desc); |
1380 | |
1381 | /* |
1382 | * From RFC 8009 Appendix A. Test Vectors |
1383 | * |
1384 | * Sample encryptions (all using the default cipher state): |
1385 | * -------------------------------------------------------- |
1386 | * |
1387 | * These sample encryptions use the above sample key derivation results, |
1388 | * including use of the same base-key and key usage values. |
1389 | * |
1390 | * This test material is copyright (c) 2016 IETF Trust and the |
1391 | * persons identified as the document authors. All rights reserved. |
1392 | */ |
1393 | |
1394 | static const struct xdr_netobj rfc8009_enc_empty_plaintext = { |
1395 | .len = 0, |
1396 | }; |
1397 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_short_plaintext, |
1398 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 |
1399 | ); |
1400 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_block_plaintext, |
1401 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, |
1402 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f |
1403 | ); |
1404 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_long_plaintext, |
1405 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, |
1406 | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, |
1407 | 0x10, 0x11, 0x12, 0x13, 0x14 |
1408 | ); |
1409 | |
1410 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_confounder, |
1411 | 0x7e, 0x58, 0x95, 0xea, 0xf2, 0x67, 0x24, 0x35, |
1412 | 0xba, 0xd8, 0x17, 0xf5, 0x45, 0xa3, 0x71, 0x48 |
1413 | ); |
1414 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_result, |
1415 | 0xef, 0x85, 0xfb, 0x89, 0x0b, 0xb8, 0x47, 0x2f, |
1416 | 0x4d, 0xab, 0x20, 0x39, 0x4d, 0xca, 0x78, 0x1d |
1417 | ); |
1418 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_hmac, |
1419 | 0xad, 0x87, 0x7e, 0xda, 0x39, 0xd5, 0x0c, 0x87, |
1420 | 0x0c, 0x0d, 0x5a, 0x0a, 0x8e, 0x48, 0xc7, 0x18 |
1421 | ); |
1422 | |
1423 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_confounder, |
1424 | 0x7b, 0xca, 0x28, 0x5e, 0x2f, 0xd4, 0x13, 0x0f, |
1425 | 0xb5, 0x5b, 0x1a, 0x5c, 0x83, 0xbc, 0x5b, 0x24 |
1426 | ); |
1427 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_result, |
1428 | 0x84, 0xd7, 0xf3, 0x07, 0x54, 0xed, 0x98, 0x7b, |
1429 | 0xab, 0x0b, 0xf3, 0x50, 0x6b, 0xeb, 0x09, 0xcf, |
1430 | 0xb5, 0x54, 0x02, 0xce, 0xf7, 0xe6 |
1431 | ); |
1432 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_hmac, |
1433 | 0x87, 0x7c, 0xe9, 0x9e, 0x24, 0x7e, 0x52, 0xd1, |
1434 | 0x6e, 0xd4, 0x42, 0x1d, 0xfd, 0xf8, 0x97, 0x6c |
1435 | ); |
1436 | |
1437 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_confounder, |
1438 | 0x56, 0xab, 0x21, 0x71, 0x3f, 0xf6, 0x2c, 0x0a, |
1439 | 0x14, 0x57, 0x20, 0x0f, 0x6f, 0xa9, 0x94, 0x8f |
1440 | ); |
1441 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_result, |
1442 | 0x35, 0x17, 0xd6, 0x40, 0xf5, 0x0d, 0xdc, 0x8a, |
1443 | 0xd3, 0x62, 0x87, 0x22, 0xb3, 0x56, 0x9d, 0x2a, |
1444 | 0xe0, 0x74, 0x93, 0xfa, 0x82, 0x63, 0x25, 0x40, |
1445 | 0x80, 0xea, 0x65, 0xc1, 0x00, 0x8e, 0x8f, 0xc2 |
1446 | ); |
1447 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_hmac, |
1448 | 0x95, 0xfb, 0x48, 0x52, 0xe7, 0xd8, 0x3e, 0x1e, |
1449 | 0x7c, 0x48, 0xc3, 0x7e, 0xeb, 0xe6, 0xb0, 0xd3 |
1450 | ); |
1451 | |
1452 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_confounder, |
1453 | 0xa7, 0xa4, 0xe2, 0x9a, 0x47, 0x28, 0xce, 0x10, |
1454 | 0x66, 0x4f, 0xb6, 0x4e, 0x49, 0xad, 0x3f, 0xac |
1455 | ); |
1456 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_result, |
1457 | 0x72, 0x0f, 0x73, 0xb1, 0x8d, 0x98, 0x59, 0xcd, |
1458 | 0x6c, 0xcb, 0x43, 0x46, 0x11, 0x5c, 0xd3, 0x36, |
1459 | 0xc7, 0x0f, 0x58, 0xed, 0xc0, 0xc4, 0x43, 0x7c, |
1460 | 0x55, 0x73, 0x54, 0x4c, 0x31, 0xc8, 0x13, 0xbc, |
1461 | 0xe1, 0xe6, 0xd0, 0x72, 0xc1 |
1462 | ); |
1463 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_hmac, |
1464 | 0x86, 0xb3, 0x9a, 0x41, 0x3c, 0x2f, 0x92, 0xca, |
1465 | 0x9b, 0x83, 0x34, 0xa2, 0x87, 0xff, 0xcb, 0xfc |
1466 | ); |
1467 | |
1468 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_confounder, |
1469 | 0xf7, 0x64, 0xe9, 0xfa, 0x15, 0xc2, 0x76, 0x47, |
1470 | 0x8b, 0x2c, 0x7d, 0x0c, 0x4e, 0x5f, 0x58, 0xe4 |
1471 | ); |
1472 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_result, |
1473 | 0x41, 0xf5, 0x3f, 0xa5, 0xbf, 0xe7, 0x02, 0x6d, |
1474 | 0x91, 0xfa, 0xf9, 0xbe, 0x95, 0x91, 0x95, 0xa0 |
1475 | ); |
1476 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_hmac, |
1477 | 0x58, 0x70, 0x72, 0x73, 0xa9, 0x6a, 0x40, 0xf0, |
1478 | 0xa0, 0x19, 0x60, 0x62, 0x1a, 0xc6, 0x12, 0x74, |
1479 | 0x8b, 0x9b, 0xbf, 0xbe, 0x7e, 0xb4, 0xce, 0x3c |
1480 | ); |
1481 | |
1482 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_confounder, |
1483 | 0xb8, 0x0d, 0x32, 0x51, 0xc1, 0xf6, 0x47, 0x14, |
1484 | 0x94, 0x25, 0x6f, 0xfe, 0x71, 0x2d, 0x0b, 0x9a |
1485 | ); |
1486 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_result, |
1487 | 0x4e, 0xd7, 0xb3, 0x7c, 0x2b, 0xca, 0xc8, 0xf7, |
1488 | 0x4f, 0x23, 0xc1, 0xcf, 0x07, 0xe6, 0x2b, 0xc7, |
1489 | 0xb7, 0x5f, 0xb3, 0xf6, 0x37, 0xb9 |
1490 | ); |
1491 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_hmac, |
1492 | 0xf5, 0x59, 0xc7, 0xf6, 0x64, 0xf6, 0x9e, 0xab, |
1493 | 0x7b, 0x60, 0x92, 0x23, 0x75, 0x26, 0xea, 0x0d, |
1494 | 0x1f, 0x61, 0xcb, 0x20, 0xd6, 0x9d, 0x10, 0xf2 |
1495 | ); |
1496 | |
1497 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_confounder, |
1498 | 0x53, 0xbf, 0x8a, 0x0d, 0x10, 0x52, 0x65, 0xd4, |
1499 | 0xe2, 0x76, 0x42, 0x86, 0x24, 0xce, 0x5e, 0x63 |
1500 | ); |
1501 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_result, |
1502 | 0xbc, 0x47, 0xff, 0xec, 0x79, 0x98, 0xeb, 0x91, |
1503 | 0xe8, 0x11, 0x5c, 0xf8, 0xd1, 0x9d, 0xac, 0x4b, |
1504 | 0xbb, 0xe2, 0xe1, 0x63, 0xe8, 0x7d, 0xd3, 0x7f, |
1505 | 0x49, 0xbe, 0xca, 0x92, 0x02, 0x77, 0x64, 0xf6 |
1506 | ); |
1507 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_hmac, |
1508 | 0x8c, 0xf5, 0x1f, 0x14, 0xd7, 0x98, 0xc2, 0x27, |
1509 | 0x3f, 0x35, 0xdf, 0x57, 0x4d, 0x1f, 0x93, 0x2e, |
1510 | 0x40, 0xc4, 0xff, 0x25, 0x5b, 0x36, 0xa2, 0x66 |
1511 | ); |
1512 | |
1513 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_confounder, |
1514 | 0x76, 0x3e, 0x65, 0x36, 0x7e, 0x86, 0x4f, 0x02, |
1515 | 0xf5, 0x51, 0x53, 0xc7, 0xe3, 0xb5, 0x8a, 0xf1 |
1516 | ); |
1517 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_result, |
1518 | 0x40, 0x01, 0x3e, 0x2d, 0xf5, 0x8e, 0x87, 0x51, |
1519 | 0x95, 0x7d, 0x28, 0x78, 0xbc, 0xd2, 0xd6, 0xfe, |
1520 | 0x10, 0x1c, 0xcf, 0xd5, 0x56, 0xcb, 0x1e, 0xae, |
1521 | 0x79, 0xdb, 0x3c, 0x3e, 0xe8, 0x64, 0x29, 0xf2, |
1522 | 0xb2, 0xa6, 0x02, 0xac, 0x86 |
1523 | ); |
1524 | DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_hmac, |
1525 | 0xfe, 0xf6, 0xec, 0xb6, 0x47, 0xd6, 0x29, 0x5f, |
1526 | 0xae, 0x07, 0x7a, 0x1f, 0xeb, 0x51, 0x75, 0x08, |
1527 | 0xd2, 0xc1, 0x6b, 0x41, 0x92, 0xe0, 0x1f, 0x62 |
1528 | ); |
1529 | |
1530 | static const struct gss_krb5_test_param rfc8009_encrypt_test_params[] = { |
1531 | { |
1532 | .desc = "Encrypt empty plaintext with aes128-cts-hmac-sha256-128" , |
1533 | .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, |
1534 | .plaintext = &rfc8009_enc_empty_plaintext, |
1535 | .confounder = &rfc8009_enc_test1_confounder, |
1536 | .base_key = &aes128_cts_hmac_sha256_128_basekey, |
1537 | .expected_result = &rfc8009_enc_test1_expected_result, |
1538 | .expected_hmac = &rfc8009_enc_test1_expected_hmac, |
1539 | }, |
1540 | { |
1541 | .desc = "Encrypt short plaintext with aes128-cts-hmac-sha256-128" , |
1542 | .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, |
1543 | .plaintext = &rfc8009_enc_short_plaintext, |
1544 | .confounder = &rfc8009_enc_test2_confounder, |
1545 | .base_key = &aes128_cts_hmac_sha256_128_basekey, |
1546 | .expected_result = &rfc8009_enc_test2_expected_result, |
1547 | .expected_hmac = &rfc8009_enc_test2_expected_hmac, |
1548 | }, |
1549 | { |
1550 | .desc = "Encrypt block plaintext with aes128-cts-hmac-sha256-128" , |
1551 | .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, |
1552 | .plaintext = &rfc8009_enc_block_plaintext, |
1553 | .confounder = &rfc8009_enc_test3_confounder, |
1554 | .base_key = &aes128_cts_hmac_sha256_128_basekey, |
1555 | .expected_result = &rfc8009_enc_test3_expected_result, |
1556 | .expected_hmac = &rfc8009_enc_test3_expected_hmac, |
1557 | }, |
1558 | { |
1559 | .desc = "Encrypt long plaintext with aes128-cts-hmac-sha256-128" , |
1560 | .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, |
1561 | .plaintext = &rfc8009_enc_long_plaintext, |
1562 | .confounder = &rfc8009_enc_test4_confounder, |
1563 | .base_key = &aes128_cts_hmac_sha256_128_basekey, |
1564 | .expected_result = &rfc8009_enc_test4_expected_result, |
1565 | .expected_hmac = &rfc8009_enc_test4_expected_hmac, |
1566 | }, |
1567 | { |
1568 | .desc = "Encrypt empty plaintext with aes256-cts-hmac-sha384-192" , |
1569 | .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, |
1570 | .plaintext = &rfc8009_enc_empty_plaintext, |
1571 | .confounder = &rfc8009_enc_test5_confounder, |
1572 | .base_key = &aes256_cts_hmac_sha384_192_basekey, |
1573 | .expected_result = &rfc8009_enc_test5_expected_result, |
1574 | .expected_hmac = &rfc8009_enc_test5_expected_hmac, |
1575 | }, |
1576 | { |
1577 | .desc = "Encrypt short plaintext with aes256-cts-hmac-sha384-192" , |
1578 | .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, |
1579 | .plaintext = &rfc8009_enc_short_plaintext, |
1580 | .confounder = &rfc8009_enc_test6_confounder, |
1581 | .base_key = &aes256_cts_hmac_sha384_192_basekey, |
1582 | .expected_result = &rfc8009_enc_test6_expected_result, |
1583 | .expected_hmac = &rfc8009_enc_test6_expected_hmac, |
1584 | }, |
1585 | { |
1586 | .desc = "Encrypt block plaintext with aes256-cts-hmac-sha384-192" , |
1587 | .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, |
1588 | .plaintext = &rfc8009_enc_block_plaintext, |
1589 | .confounder = &rfc8009_enc_test7_confounder, |
1590 | .base_key = &aes256_cts_hmac_sha384_192_basekey, |
1591 | .expected_result = &rfc8009_enc_test7_expected_result, |
1592 | .expected_hmac = &rfc8009_enc_test7_expected_hmac, |
1593 | }, |
1594 | { |
1595 | .desc = "Encrypt long plaintext with aes256-cts-hmac-sha384-192" , |
1596 | .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, |
1597 | .plaintext = &rfc8009_enc_long_plaintext, |
1598 | .confounder = &rfc8009_enc_test8_confounder, |
1599 | .base_key = &aes256_cts_hmac_sha384_192_basekey, |
1600 | .expected_result = &rfc8009_enc_test8_expected_result, |
1601 | .expected_hmac = &rfc8009_enc_test8_expected_hmac, |
1602 | }, |
1603 | }; |
1604 | |
1605 | /* Creates the function rfc8009_encrypt_gen_params */ |
1606 | KUNIT_ARRAY_PARAM(rfc8009_encrypt, rfc8009_encrypt_test_params, |
1607 | gss_krb5_get_desc); |
1608 | |
1609 | static void rfc8009_encrypt_case(struct kunit *test) |
1610 | { |
1611 | const struct gss_krb5_test_param *param = test->param_value; |
1612 | struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; |
1613 | const struct gss_krb5_enctype *gk5e; |
1614 | struct xdr_netobj Ke, Ki, checksum; |
1615 | u8 usage_data[GSS_KRB5_K5CLENGTH]; |
1616 | struct xdr_netobj usage = { |
1617 | .data = usage_data, |
1618 | .len = sizeof(usage_data), |
1619 | }; |
1620 | struct crypto_ahash *ahash_tfm; |
1621 | struct xdr_buf buf; |
1622 | void *text; |
1623 | size_t len; |
1624 | u32 err; |
1625 | |
1626 | /* Arrange */ |
1627 | gk5e = gss_krb5_lookup_enctype(etype: param->enctype); |
1628 | if (!gk5e) |
1629 | kunit_skip(test, "Encryption type is not available" ); |
1630 | |
1631 | *(__be32 *)usage.data = cpu_to_be32(2); |
1632 | |
1633 | Ke.len = gk5e->Ke_length; |
1634 | Ke.data = kunit_kzalloc(test, size: Ke.len, GFP_KERNEL); |
1635 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data); |
1636 | usage.data[4] = KEY_USAGE_SEED_ENCRYPTION; |
1637 | err = gk5e->derive_key(gk5e, param->base_key, &Ke, |
1638 | &usage, GFP_KERNEL); |
1639 | KUNIT_ASSERT_EQ(test, err, 0); |
1640 | |
1641 | cbc_tfm = crypto_alloc_sync_skcipher(alg_name: gk5e->aux_cipher, type: 0, mask: 0); |
1642 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); |
1643 | err = crypto_sync_skcipher_setkey(tfm: cbc_tfm, key: Ke.data, keylen: Ke.len); |
1644 | KUNIT_ASSERT_EQ(test, err, 0); |
1645 | |
1646 | cts_tfm = crypto_alloc_sync_skcipher(alg_name: gk5e->encrypt_name, type: 0, mask: 0); |
1647 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); |
1648 | err = crypto_sync_skcipher_setkey(tfm: cts_tfm, key: Ke.data, keylen: Ke.len); |
1649 | KUNIT_ASSERT_EQ(test, err, 0); |
1650 | |
1651 | len = param->confounder->len + param->plaintext->len; |
1652 | text = kunit_kzalloc(test, size: len, GFP_KERNEL); |
1653 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); |
1654 | memcpy(text, param->confounder->data, param->confounder->len); |
1655 | memcpy(text + param->confounder->len, param->plaintext->data, |
1656 | param->plaintext->len); |
1657 | |
1658 | memset(&buf, 0, sizeof(buf)); |
1659 | buf.head[0].iov_base = text; |
1660 | buf.head[0].iov_len = param->confounder->len + param->plaintext->len; |
1661 | buf.len = buf.head[0].iov_len; |
1662 | |
1663 | checksum.len = gk5e->cksumlength; |
1664 | checksum.data = kunit_kzalloc(test, size: checksum.len, GFP_KERNEL); |
1665 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); |
1666 | |
1667 | Ki.len = gk5e->Ki_length; |
1668 | Ki.data = kunit_kzalloc(test, size: Ki.len, GFP_KERNEL); |
1669 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data); |
1670 | usage.data[4] = KEY_USAGE_SEED_INTEGRITY; |
1671 | err = gk5e->derive_key(gk5e, param->base_key, &Ki, |
1672 | &usage, GFP_KERNEL); |
1673 | KUNIT_ASSERT_EQ(test, err, 0); |
1674 | |
1675 | ahash_tfm = crypto_alloc_ahash(alg_name: gk5e->cksum_name, type: 0, CRYPTO_ALG_ASYNC); |
1676 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm); |
1677 | err = crypto_ahash_setkey(tfm: ahash_tfm, key: Ki.data, keylen: Ki.len); |
1678 | KUNIT_ASSERT_EQ(test, err, 0); |
1679 | |
1680 | /* Act */ |
1681 | err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, offset: 0, buf: &buf, NULL, NULL, ivsize: 0); |
1682 | KUNIT_ASSERT_EQ(test, err, 0); |
1683 | err = krb5_etm_checksum(cipher: cts_tfm, tfm: ahash_tfm, body: &buf, body_offset: 0, cksumout: &checksum); |
1684 | KUNIT_ASSERT_EQ(test, err, 0); |
1685 | |
1686 | /* Assert */ |
1687 | KUNIT_EXPECT_EQ_MSG(test, |
1688 | param->expected_result->len, buf.len, |
1689 | "ciphertext length mismatch" ); |
1690 | KUNIT_EXPECT_EQ_MSG(test, |
1691 | memcmp(param->expected_result->data, |
1692 | buf.head[0].iov_base, |
1693 | param->expected_result->len), 0, |
1694 | "ciphertext mismatch" ); |
1695 | KUNIT_EXPECT_EQ_MSG(test, memcmp(param->expected_hmac->data, |
1696 | checksum.data, |
1697 | checksum.len), 0, |
1698 | "HMAC mismatch" ); |
1699 | |
1700 | crypto_free_ahash(tfm: ahash_tfm); |
1701 | crypto_free_sync_skcipher(tfm: cts_tfm); |
1702 | crypto_free_sync_skcipher(tfm: cbc_tfm); |
1703 | } |
1704 | |
1705 | static struct kunit_case rfc8009_test_cases[] = { |
1706 | { |
1707 | .name = "RFC 8009 key derivation" , |
1708 | .run_case = kdf_case, |
1709 | .generate_params = rfc8009_kdf_gen_params, |
1710 | }, |
1711 | { |
1712 | .name = "RFC 8009 checksum" , |
1713 | .run_case = checksum_case, |
1714 | .generate_params = rfc8009_checksum_gen_params, |
1715 | }, |
1716 | { |
1717 | .name = "RFC 8009 encryption" , |
1718 | .run_case = rfc8009_encrypt_case, |
1719 | .generate_params = rfc8009_encrypt_gen_params, |
1720 | }, |
1721 | {} |
1722 | }; |
1723 | |
1724 | static struct kunit_suite rfc8009_suite = { |
1725 | .name = "RFC 8009 suite" , |
1726 | .test_cases = rfc8009_test_cases, |
1727 | }; |
1728 | |
1729 | /* |
1730 | * Encryption self-tests |
1731 | */ |
1732 | |
1733 | DEFINE_STR_XDR_NETOBJ(encrypt_selftest_plaintext, |
1734 | "This is the plaintext for the encryption self-test." ); |
1735 | |
1736 | static const struct gss_krb5_test_param encrypt_selftest_params[] = { |
1737 | { |
1738 | .desc = "aes128-cts-hmac-sha1-96 encryption self-test" , |
1739 | .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, |
1740 | .Ke = &rfc3962_encryption_key, |
1741 | .plaintext = &encrypt_selftest_plaintext, |
1742 | }, |
1743 | { |
1744 | .desc = "aes256-cts-hmac-sha1-96 encryption self-test" , |
1745 | .enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96, |
1746 | .Ke = &rfc3962_encryption_key, |
1747 | .plaintext = &encrypt_selftest_plaintext, |
1748 | }, |
1749 | { |
1750 | .desc = "camellia128-cts-cmac encryption self-test" , |
1751 | .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, |
1752 | .Ke = &camellia128_cts_cmac_Ke, |
1753 | .plaintext = &encrypt_selftest_plaintext, |
1754 | }, |
1755 | { |
1756 | .desc = "camellia256-cts-cmac encryption self-test" , |
1757 | .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, |
1758 | .Ke = &camellia256_cts_cmac_Ke, |
1759 | .plaintext = &encrypt_selftest_plaintext, |
1760 | }, |
1761 | { |
1762 | .desc = "aes128-cts-hmac-sha256-128 encryption self-test" , |
1763 | .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, |
1764 | .Ke = &aes128_cts_hmac_sha256_128_Ke, |
1765 | .plaintext = &encrypt_selftest_plaintext, |
1766 | }, |
1767 | { |
1768 | .desc = "aes256-cts-hmac-sha384-192 encryption self-test" , |
1769 | .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, |
1770 | .Ke = &aes256_cts_hmac_sha384_192_Ke, |
1771 | .plaintext = &encrypt_selftest_plaintext, |
1772 | }, |
1773 | }; |
1774 | |
1775 | /* Creates the function encrypt_selftest_gen_params */ |
1776 | KUNIT_ARRAY_PARAM(encrypt_selftest, encrypt_selftest_params, |
1777 | gss_krb5_get_desc); |
1778 | |
1779 | /* |
1780 | * Encrypt and decrypt plaintext, and ensure the input plaintext |
1781 | * matches the output plaintext. A confounder is not added in this |
1782 | * case. |
1783 | */ |
1784 | static void encrypt_selftest_case(struct kunit *test) |
1785 | { |
1786 | const struct gss_krb5_test_param *param = test->param_value; |
1787 | struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; |
1788 | const struct gss_krb5_enctype *gk5e; |
1789 | struct xdr_buf buf; |
1790 | void *text; |
1791 | int err; |
1792 | |
1793 | /* Arrange */ |
1794 | gk5e = gss_krb5_lookup_enctype(etype: param->enctype); |
1795 | if (!gk5e) |
1796 | kunit_skip(test, "Encryption type is not available" ); |
1797 | |
1798 | cbc_tfm = crypto_alloc_sync_skcipher(alg_name: gk5e->aux_cipher, type: 0, mask: 0); |
1799 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); |
1800 | err = crypto_sync_skcipher_setkey(tfm: cbc_tfm, key: param->Ke->data, keylen: param->Ke->len); |
1801 | KUNIT_ASSERT_EQ(test, err, 0); |
1802 | |
1803 | cts_tfm = crypto_alloc_sync_skcipher(alg_name: gk5e->encrypt_name, type: 0, mask: 0); |
1804 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); |
1805 | err = crypto_sync_skcipher_setkey(tfm: cts_tfm, key: param->Ke->data, keylen: param->Ke->len); |
1806 | KUNIT_ASSERT_EQ(test, err, 0); |
1807 | |
1808 | text = kunit_kzalloc(test, roundup(param->plaintext->len, |
1809 | crypto_sync_skcipher_blocksize(cbc_tfm)), |
1810 | GFP_KERNEL); |
1811 | KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); |
1812 | |
1813 | memcpy(text, param->plaintext->data, param->plaintext->len); |
1814 | memset(&buf, 0, sizeof(buf)); |
1815 | buf.head[0].iov_base = text; |
1816 | buf.head[0].iov_len = param->plaintext->len; |
1817 | buf.len = buf.head[0].iov_len; |
1818 | |
1819 | /* Act */ |
1820 | err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, offset: 0, buf: &buf, NULL, NULL, ivsize: 0); |
1821 | KUNIT_ASSERT_EQ(test, err, 0); |
1822 | err = krb5_cbc_cts_decrypt(cts_tfm, cbc_tfm, offset: 0, buf: &buf); |
1823 | KUNIT_ASSERT_EQ(test, err, 0); |
1824 | |
1825 | /* Assert */ |
1826 | KUNIT_EXPECT_EQ_MSG(test, |
1827 | param->plaintext->len, buf.len, |
1828 | "length mismatch" ); |
1829 | KUNIT_EXPECT_EQ_MSG(test, |
1830 | memcmp(param->plaintext->data, |
1831 | buf.head[0].iov_base, buf.len), 0, |
1832 | "plaintext mismatch" ); |
1833 | |
1834 | crypto_free_sync_skcipher(tfm: cts_tfm); |
1835 | crypto_free_sync_skcipher(tfm: cbc_tfm); |
1836 | } |
1837 | |
1838 | static struct kunit_case encryption_test_cases[] = { |
1839 | { |
1840 | .name = "Encryption self-tests" , |
1841 | .run_case = encrypt_selftest_case, |
1842 | .generate_params = encrypt_selftest_gen_params, |
1843 | }, |
1844 | {} |
1845 | }; |
1846 | |
1847 | static struct kunit_suite encryption_test_suite = { |
1848 | .name = "Encryption test suite" , |
1849 | .test_cases = encryption_test_cases, |
1850 | }; |
1851 | |
1852 | kunit_test_suites(&rfc3961_suite, |
1853 | &rfc3962_suite, |
1854 | &rfc6803_suite, |
1855 | &rfc8009_suite, |
1856 | &encryption_test_suite); |
1857 | |
1858 | MODULE_DESCRIPTION("Test RPCSEC GSS Kerberos 5 functions" ); |
1859 | MODULE_LICENSE("GPL" ); |
1860 | |