1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright (c) 2022 Oracle and/or its affiliates.
5 * KUnit test of SunRPC's GSS Kerberos mechanism. Subsystem
6 * name is "rpcsec_gss_krb5".
9 #include <kunit/test.h>
10 #include <kunit/visibility.h>
12 #include <linux/kernel.h>
13 #include <crypto/hash.h>
15 #include <linux/sunrpc/xdr.h>
16 #include <linux/sunrpc/gss_krb5.h>
18 #include "gss_krb5_internal.h"
20 MODULE_IMPORT_NS(EXPORTED_FOR_KUNIT_TESTING);
22 struct gss_krb5_test_param {
27 const struct xdr_netobj *base_key;
28 const struct xdr_netobj *Ke;
29 const struct xdr_netobj *usage;
30 const struct xdr_netobj *plaintext;
31 const struct xdr_netobj *confounder;
32 const struct xdr_netobj *expected_result;
33 const struct xdr_netobj *expected_hmac;
34 const struct xdr_netobj *next_iv;
37 static inline void gss_krb5_get_desc(const struct gss_krb5_test_param *param,
40 strscpy(desc, param->desc, KUNIT_PARAM_DESC_SIZE);
43 static void kdf_case(struct kunit *test)
45 const struct gss_krb5_test_param *param = test->param_value;
46 const struct gss_krb5_enctype *gk5e;
47 struct xdr_netobj derivedkey;
51 gk5e = gss_krb5_lookup_enctype(param->enctype);
53 kunit_skip(test, "Encryption type is not available");
55 derivedkey.data = kunit_kzalloc(test, param->expected_result->len,
57 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, derivedkey.data);
58 derivedkey.len = param->expected_result->len;
61 err = gk5e->derive_key(gk5e, param->base_key, &derivedkey,
62 param->usage, GFP_KERNEL);
63 KUNIT_ASSERT_EQ(test, err, 0);
66 KUNIT_EXPECT_EQ_MSG(test,
67 memcmp(param->expected_result->data,
68 derivedkey.data, derivedkey.len), 0,
72 static void checksum_case(struct kunit *test)
74 const struct gss_krb5_test_param *param = test->param_value;
75 struct xdr_buf buf = {
76 .head[0].iov_len = param->plaintext->len,
77 .len = param->plaintext->len,
79 const struct gss_krb5_enctype *gk5e;
80 struct xdr_netobj Kc, checksum;
81 struct crypto_ahash *tfm;
85 gk5e = gss_krb5_lookup_enctype(param->enctype);
87 kunit_skip(test, "Encryption type is not available");
89 Kc.len = gk5e->Kc_length;
90 Kc.data = kunit_kzalloc(test, Kc.len, GFP_KERNEL);
91 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Kc.data);
92 err = gk5e->derive_key(gk5e, param->base_key, &Kc,
93 param->usage, GFP_KERNEL);
94 KUNIT_ASSERT_EQ(test, err, 0);
96 tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC);
97 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, tfm);
98 err = crypto_ahash_setkey(tfm, Kc.data, Kc.len);
99 KUNIT_ASSERT_EQ(test, err, 0);
101 buf.head[0].iov_base = kunit_kzalloc(test, buf.head[0].iov_len, GFP_KERNEL);
102 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, buf.head[0].iov_base);
103 memcpy(buf.head[0].iov_base, param->plaintext->data, buf.head[0].iov_len);
105 checksum.len = gk5e->cksumlength;
106 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL);
107 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data);
110 err = gss_krb5_checksum(tfm, NULL, 0, &buf, 0, &checksum);
111 KUNIT_ASSERT_EQ(test, err, 0);
114 KUNIT_EXPECT_EQ_MSG(test,
115 memcmp(param->expected_result->data,
116 checksum.data, checksum.len), 0,
117 "checksum mismatch");
119 crypto_free_ahash(tfm);
122 #define DEFINE_HEX_XDR_NETOBJ(name, hex_array...) \
123 static const u8 name ## _data[] = { hex_array }; \
124 static const struct xdr_netobj name = { \
125 .data = (u8 *)name##_data, \
126 .len = sizeof(name##_data), \
129 #define DEFINE_STR_XDR_NETOBJ(name, string) \
130 static const u8 name ## _str[] = string; \
131 static const struct xdr_netobj name = { \
132 .data = (u8 *)name##_str, \
133 .len = sizeof(name##_str) - 1, \
137 * RFC 3961 Appendix A.1. n-fold
139 * The n-fold function is defined in section 5.1 of RFC 3961.
141 * This test material is copyright (C) The Internet Society (2005).
144 DEFINE_HEX_XDR_NETOBJ(nfold_test1_plaintext,
145 0x30, 0x31, 0x32, 0x33, 0x34, 0x35
147 DEFINE_HEX_XDR_NETOBJ(nfold_test1_expected_result,
148 0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55
151 DEFINE_HEX_XDR_NETOBJ(nfold_test2_plaintext,
152 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64
154 DEFINE_HEX_XDR_NETOBJ(nfold_test2_expected_result,
155 0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa
158 DEFINE_HEX_XDR_NETOBJ(nfold_test3_plaintext,
159 0x52, 0x6f, 0x75, 0x67, 0x68, 0x20, 0x43, 0x6f,
160 0x6e, 0x73, 0x65, 0x6e, 0x73, 0x75, 0x73, 0x2c,
161 0x20, 0x61, 0x6e, 0x64, 0x20, 0x52, 0x75, 0x6e,
162 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x43, 0x6f, 0x64,
165 DEFINE_HEX_XDR_NETOBJ(nfold_test3_expected_result,
166 0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0
169 DEFINE_HEX_XDR_NETOBJ(nfold_test4_plaintext,
170 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64
172 DEFINE_HEX_XDR_NETOBJ(nfold_test4_expected_result,
173 0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3,
174 0xc3, 0x7b, 0x3f, 0x6d, 0x20, 0x00, 0x24, 0x7c,
175 0xb6, 0xe6, 0xbd, 0x5b, 0x3e
178 DEFINE_HEX_XDR_NETOBJ(nfold_test5_plaintext,
179 0x4d, 0x41, 0x53, 0x53, 0x41, 0x43, 0x48, 0x56,
180 0x53, 0x45, 0x54, 0x54, 0x53, 0x20, 0x49, 0x4e,
181 0x53, 0x54, 0x49, 0x54, 0x56, 0x54, 0x45, 0x20,
182 0x4f, 0x46, 0x20, 0x54, 0x45, 0x43, 0x48, 0x4e,
183 0x4f, 0x4c, 0x4f, 0x47, 0x59
185 DEFINE_HEX_XDR_NETOBJ(nfold_test5_expected_result,
186 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60,
187 0x32, 0x82, 0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22,
188 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b
191 DEFINE_HEX_XDR_NETOBJ(nfold_test6_plaintext,
194 DEFINE_HEX_XDR_NETOBJ(nfold_test6_expected_result,
195 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a,
196 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a,
197 0x51, 0x8a, 0x54, 0xa2, 0x15
200 DEFINE_HEX_XDR_NETOBJ(nfold_test7_plaintext,
203 DEFINE_HEX_XDR_NETOBJ(nfold_test7_expected_result,
204 0xfb, 0x25, 0xd5, 0x31, 0xae, 0x89, 0x74, 0x49,
205 0x9f, 0x52, 0xfd, 0x92, 0xea, 0x98, 0x57, 0xc4,
206 0xba, 0x24, 0xcf, 0x29, 0x7e
209 DEFINE_HEX_XDR_NETOBJ(nfold_test_kerberos,
210 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73
212 DEFINE_HEX_XDR_NETOBJ(nfold_test8_expected_result,
213 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73
215 DEFINE_HEX_XDR_NETOBJ(nfold_test9_expected_result,
216 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73,
217 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93
219 DEFINE_HEX_XDR_NETOBJ(nfold_test10_expected_result,
220 0x83, 0x72, 0xc2, 0x36, 0x34, 0x4e, 0x5f, 0x15,
221 0x50, 0xcd, 0x07, 0x47, 0xe1, 0x5d, 0x62, 0xca,
222 0x7a, 0x5a, 0x3b, 0xce, 0xa4
224 DEFINE_HEX_XDR_NETOBJ(nfold_test11_expected_result,
225 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73,
226 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93,
227 0x5c, 0x9b, 0xdc, 0xda, 0xd9, 0x5c, 0x98, 0x99,
228 0xc4, 0xca, 0xe4, 0xde, 0xe6, 0xd6, 0xca, 0xe4
231 static const struct gss_krb5_test_param rfc3961_nfold_test_params[] = {
233 .desc = "64-fold(\"012345\")",
235 .plaintext = &nfold_test1_plaintext,
236 .expected_result = &nfold_test1_expected_result,
239 .desc = "56-fold(\"password\")",
241 .plaintext = &nfold_test2_plaintext,
242 .expected_result = &nfold_test2_expected_result,
245 .desc = "64-fold(\"Rough Consensus, and Running Code\")",
247 .plaintext = &nfold_test3_plaintext,
248 .expected_result = &nfold_test3_expected_result,
251 .desc = "168-fold(\"password\")",
253 .plaintext = &nfold_test4_plaintext,
254 .expected_result = &nfold_test4_expected_result,
257 .desc = "192-fold(\"MASSACHVSETTS INSTITVTE OF TECHNOLOGY\")",
259 .plaintext = &nfold_test5_plaintext,
260 .expected_result = &nfold_test5_expected_result,
263 .desc = "168-fold(\"Q\")",
265 .plaintext = &nfold_test6_plaintext,
266 .expected_result = &nfold_test6_expected_result,
269 .desc = "168-fold(\"ba\")",
271 .plaintext = &nfold_test7_plaintext,
272 .expected_result = &nfold_test7_expected_result,
275 .desc = "64-fold(\"kerberos\")",
277 .plaintext = &nfold_test_kerberos,
278 .expected_result = &nfold_test8_expected_result,
281 .desc = "128-fold(\"kerberos\")",
283 .plaintext = &nfold_test_kerberos,
284 .expected_result = &nfold_test9_expected_result,
287 .desc = "168-fold(\"kerberos\")",
289 .plaintext = &nfold_test_kerberos,
290 .expected_result = &nfold_test10_expected_result,
293 .desc = "256-fold(\"kerberos\")",
295 .plaintext = &nfold_test_kerberos,
296 .expected_result = &nfold_test11_expected_result,
300 /* Creates the function rfc3961_nfold_gen_params */
301 KUNIT_ARRAY_PARAM(rfc3961_nfold, rfc3961_nfold_test_params, gss_krb5_get_desc);
303 static void rfc3961_nfold_case(struct kunit *test)
305 const struct gss_krb5_test_param *param = test->param_value;
309 result = kunit_kzalloc(test, 4096, GFP_KERNEL);
310 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, result);
313 krb5_nfold(param->plaintext->len * 8, param->plaintext->data,
314 param->expected_result->len * 8, result);
317 KUNIT_EXPECT_EQ_MSG(test,
318 memcmp(param->expected_result->data,
319 result, param->expected_result->len), 0,
323 static struct kunit_case rfc3961_test_cases[] = {
325 .name = "RFC 3961 n-fold",
326 .run_case = rfc3961_nfold_case,
327 .generate_params = rfc3961_nfold_gen_params,
332 static struct kunit_suite rfc3961_suite = {
333 .name = "RFC 3961 tests",
334 .test_cases = rfc3961_test_cases,
338 * From RFC 3962 Appendix B: Sample Test Vectors
340 * Some test vectors for CBC with ciphertext stealing, using an
341 * initial vector of all-zero.
343 * This test material is copyright (C) The Internet Society (2005).
346 DEFINE_HEX_XDR_NETOBJ(rfc3962_encryption_key,
347 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
348 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
351 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_plaintext,
352 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
353 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
356 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_expected_result,
357 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
358 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
361 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_next_iv,
362 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
363 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f
366 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_plaintext,
367 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
368 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
369 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
370 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20
372 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_expected_result,
373 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
374 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
375 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
376 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
378 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_next_iv,
379 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
380 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22
383 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_plaintext,
384 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
385 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
386 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
387 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43
389 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_expected_result,
390 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
391 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
392 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
393 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
395 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_next_iv,
396 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
397 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
400 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_plaintext,
401 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
402 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
403 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
404 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
405 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
406 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c
408 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_expected_result,
409 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
410 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
411 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
412 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
413 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
414 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
416 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_next_iv,
417 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
418 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e
421 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_plaintext,
422 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
423 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
424 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
425 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
426 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
427 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20
429 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_expected_result,
430 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
431 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
432 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
433 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
434 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
435 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
437 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_next_iv,
438 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
439 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
442 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_plaintext,
443 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
444 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
445 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
446 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
447 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
448 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
449 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74,
450 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e
452 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_expected_result,
453 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
454 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
455 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
456 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
457 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
458 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
459 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
460 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
462 DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_next_iv,
463 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
464 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40
467 static const struct gss_krb5_test_param rfc3962_encrypt_test_params[] = {
469 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 1",
470 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
471 .Ke = &rfc3962_encryption_key,
472 .plaintext = &rfc3962_enc_test1_plaintext,
473 .expected_result = &rfc3962_enc_test1_expected_result,
474 .next_iv = &rfc3962_enc_test1_next_iv,
477 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 2",
478 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
479 .Ke = &rfc3962_encryption_key,
480 .plaintext = &rfc3962_enc_test2_plaintext,
481 .expected_result = &rfc3962_enc_test2_expected_result,
482 .next_iv = &rfc3962_enc_test2_next_iv,
485 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 3",
486 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
487 .Ke = &rfc3962_encryption_key,
488 .plaintext = &rfc3962_enc_test3_plaintext,
489 .expected_result = &rfc3962_enc_test3_expected_result,
490 .next_iv = &rfc3962_enc_test3_next_iv,
493 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 4",
494 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
495 .Ke = &rfc3962_encryption_key,
496 .plaintext = &rfc3962_enc_test4_plaintext,
497 .expected_result = &rfc3962_enc_test4_expected_result,
498 .next_iv = &rfc3962_enc_test4_next_iv,
501 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 5",
502 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
503 .Ke = &rfc3962_encryption_key,
504 .plaintext = &rfc3962_enc_test5_plaintext,
505 .expected_result = &rfc3962_enc_test5_expected_result,
506 .next_iv = &rfc3962_enc_test5_next_iv,
509 .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 6",
510 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
511 .Ke = &rfc3962_encryption_key,
512 .plaintext = &rfc3962_enc_test6_plaintext,
513 .expected_result = &rfc3962_enc_test6_expected_result,
514 .next_iv = &rfc3962_enc_test6_next_iv,
518 /* Creates the function rfc3962_encrypt_gen_params */
519 KUNIT_ARRAY_PARAM(rfc3962_encrypt, rfc3962_encrypt_test_params,
523 * This tests the implementation of the encryption part of the mechanism.
524 * It does not apply a confounder or test the result of HMAC over the
527 static void rfc3962_encrypt_case(struct kunit *test)
529 const struct gss_krb5_test_param *param = test->param_value;
530 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
531 const struct gss_krb5_enctype *gk5e;
537 gk5e = gss_krb5_lookup_enctype(param->enctype);
539 kunit_skip(test, "Encryption type is not available");
541 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
542 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
543 err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len);
544 KUNIT_ASSERT_EQ(test, err, 0);
546 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
547 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
548 err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len);
549 KUNIT_ASSERT_EQ(test, err, 0);
551 iv = kunit_kzalloc(test, crypto_sync_skcipher_ivsize(cts_tfm), GFP_KERNEL);
552 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, iv);
554 text = kunit_kzalloc(test, param->plaintext->len, GFP_KERNEL);
555 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
557 memcpy(text, param->plaintext->data, param->plaintext->len);
558 memset(&buf, 0, sizeof(buf));
559 buf.head[0].iov_base = text;
560 buf.head[0].iov_len = param->plaintext->len;
561 buf.len = buf.head[0].iov_len;
564 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL,
565 iv, crypto_sync_skcipher_ivsize(cts_tfm));
566 KUNIT_ASSERT_EQ(test, err, 0);
569 KUNIT_EXPECT_EQ_MSG(test,
570 param->expected_result->len, buf.len,
571 "ciphertext length mismatch");
572 KUNIT_EXPECT_EQ_MSG(test,
573 memcmp(param->expected_result->data,
574 text, param->expected_result->len), 0,
575 "ciphertext mismatch");
576 KUNIT_EXPECT_EQ_MSG(test,
577 memcmp(param->next_iv->data, iv,
578 param->next_iv->len), 0,
581 crypto_free_sync_skcipher(cts_tfm);
582 crypto_free_sync_skcipher(cbc_tfm);
585 static struct kunit_case rfc3962_test_cases[] = {
587 .name = "RFC 3962 encryption",
588 .run_case = rfc3962_encrypt_case,
589 .generate_params = rfc3962_encrypt_gen_params,
594 static struct kunit_suite rfc3962_suite = {
595 .name = "RFC 3962 suite",
596 .test_cases = rfc3962_test_cases,
600 * From RFC 6803 Section 10. Test vectors
602 * Sample results for key derivation
604 * Copyright (c) 2012 IETF Trust and the persons identified as the
605 * document authors. All rights reserved.
608 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_basekey,
609 0x57, 0xd0, 0x29, 0x72, 0x98, 0xff, 0xd9, 0xd3,
610 0x5d, 0xe5, 0xa4, 0x7f, 0xb4, 0xbd, 0xe2, 0x4b
612 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Kc,
613 0xd1, 0x55, 0x77, 0x5a, 0x20, 0x9d, 0x05, 0xf0,
614 0x2b, 0x38, 0xd4, 0x2a, 0x38, 0x9e, 0x5a, 0x56
616 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ke,
617 0x64, 0xdf, 0x83, 0xf8, 0x5a, 0x53, 0x2f, 0x17,
618 0x57, 0x7d, 0x8c, 0x37, 0x03, 0x57, 0x96, 0xab
620 DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ki,
621 0x3e, 0x4f, 0xbd, 0xf3, 0x0f, 0xb8, 0x25, 0x9c,
622 0x42, 0x5c, 0xb6, 0xc9, 0x6f, 0x1f, 0x46, 0x35
625 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_basekey,
626 0xb9, 0xd6, 0x82, 0x8b, 0x20, 0x56, 0xb7, 0xbe,
627 0x65, 0x6d, 0x88, 0xa1, 0x23, 0xb1, 0xfa, 0xc6,
628 0x82, 0x14, 0xac, 0x2b, 0x72, 0x7e, 0xcf, 0x5f,
629 0x69, 0xaf, 0xe0, 0xc4, 0xdf, 0x2a, 0x6d, 0x2c
631 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Kc,
632 0xe4, 0x67, 0xf9, 0xa9, 0x55, 0x2b, 0xc7, 0xd3,
633 0x15, 0x5a, 0x62, 0x20, 0xaf, 0x9c, 0x19, 0x22,
634 0x0e, 0xee, 0xd4, 0xff, 0x78, 0xb0, 0xd1, 0xe6,
635 0xa1, 0x54, 0x49, 0x91, 0x46, 0x1a, 0x9e, 0x50
637 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ke,
638 0x41, 0x2a, 0xef, 0xc3, 0x62, 0xa7, 0x28, 0x5f,
639 0xc3, 0x96, 0x6c, 0x6a, 0x51, 0x81, 0xe7, 0x60,
640 0x5a, 0xe6, 0x75, 0x23, 0x5b, 0x6d, 0x54, 0x9f,
641 0xbf, 0xc9, 0xab, 0x66, 0x30, 0xa4, 0xc6, 0x04
643 DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ki,
644 0xfa, 0x62, 0x4f, 0xa0, 0xe5, 0x23, 0x99, 0x3f,
645 0xa3, 0x88, 0xae, 0xfd, 0xc6, 0x7e, 0x67, 0xeb,
646 0xcd, 0x8c, 0x08, 0xe8, 0xa0, 0x24, 0x6b, 0x1d,
647 0x73, 0xb0, 0xd1, 0xdd, 0x9f, 0xc5, 0x82, 0xb0
650 DEFINE_HEX_XDR_NETOBJ(usage_checksum,
651 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_CHECKSUM
653 DEFINE_HEX_XDR_NETOBJ(usage_encryption,
654 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_ENCRYPTION
656 DEFINE_HEX_XDR_NETOBJ(usage_integrity,
657 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_INTEGRITY
660 static const struct gss_krb5_test_param rfc6803_kdf_test_params[] = {
662 .desc = "Derive Kc subkey for camellia128-cts-cmac",
663 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
664 .base_key = &camellia128_cts_cmac_basekey,
665 .usage = &usage_checksum,
666 .expected_result = &camellia128_cts_cmac_Kc,
669 .desc = "Derive Ke subkey for camellia128-cts-cmac",
670 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
671 .base_key = &camellia128_cts_cmac_basekey,
672 .usage = &usage_encryption,
673 .expected_result = &camellia128_cts_cmac_Ke,
676 .desc = "Derive Ki subkey for camellia128-cts-cmac",
677 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
678 .base_key = &camellia128_cts_cmac_basekey,
679 .usage = &usage_integrity,
680 .expected_result = &camellia128_cts_cmac_Ki,
683 .desc = "Derive Kc subkey for camellia256-cts-cmac",
684 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
685 .base_key = &camellia256_cts_cmac_basekey,
686 .usage = &usage_checksum,
687 .expected_result = &camellia256_cts_cmac_Kc,
690 .desc = "Derive Ke subkey for camellia256-cts-cmac",
691 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
692 .base_key = &camellia256_cts_cmac_basekey,
693 .usage = &usage_encryption,
694 .expected_result = &camellia256_cts_cmac_Ke,
697 .desc = "Derive Ki subkey for camellia256-cts-cmac",
698 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
699 .base_key = &camellia256_cts_cmac_basekey,
700 .usage = &usage_integrity,
701 .expected_result = &camellia256_cts_cmac_Ki,
705 /* Creates the function rfc6803_kdf_gen_params */
706 KUNIT_ARRAY_PARAM(rfc6803_kdf, rfc6803_kdf_test_params, gss_krb5_get_desc);
709 * From RFC 6803 Section 10. Test vectors
713 * Copyright (c) 2012 IETF Trust and the persons identified as the
714 * document authors. All rights reserved.
716 * XXX: These tests are likely to fail on EBCDIC or Unicode platforms.
718 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test1_plaintext,
720 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_basekey,
721 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93,
722 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3
724 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_usage,
725 0x00, 0x00, 0x00, 0x07, KEY_USAGE_SEED_CHECKSUM
727 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_expected_result,
728 0x11, 0x78, 0xe6, 0xc5, 0xc4, 0x7a, 0x8c, 0x1a,
729 0xe0, 0xc4, 0xb9, 0xc7, 0xd4, 0xeb, 0x7b, 0x6b
732 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test2_plaintext,
733 "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
734 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_basekey,
735 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d,
736 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c
738 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_usage,
739 0x00, 0x00, 0x00, 0x08, KEY_USAGE_SEED_CHECKSUM
741 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_expected_result,
742 0xd1, 0xb3, 0x4f, 0x70, 0x04, 0xa7, 0x31, 0xf2,
743 0x3a, 0x0c, 0x00, 0xbf, 0x6c, 0x3f, 0x75, 0x3a
746 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test3_plaintext,
748 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_basekey,
749 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57,
750 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03,
751 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd,
752 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b
754 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_usage,
755 0x00, 0x00, 0x00, 0x09, KEY_USAGE_SEED_CHECKSUM
757 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_expected_result,
758 0x87, 0xa1, 0x2c, 0xfd, 0x2b, 0x96, 0x21, 0x48,
759 0x10, 0xf0, 0x1c, 0x82, 0x6e, 0x77, 0x44, 0xb1
762 DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test4_plaintext,
763 "!@#$%^&*()!@#$%^&*()!@#$%^&*()");
764 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_basekey,
765 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15,
766 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe,
767 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33,
768 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05
770 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_usage,
771 0x00, 0x00, 0x00, 0x0a, KEY_USAGE_SEED_CHECKSUM
773 DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_expected_result,
774 0x3f, 0xa0, 0xb4, 0x23, 0x55, 0xe5, 0x2b, 0x18,
775 0x91, 0x87, 0x29, 0x4a, 0xa2, 0x52, 0xab, 0x64
778 static const struct gss_krb5_test_param rfc6803_checksum_test_params[] = {
780 .desc = "camellia128-cts-cmac checksum test 1",
781 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
782 .base_key = &rfc6803_checksum_test1_basekey,
783 .usage = &rfc6803_checksum_test1_usage,
784 .plaintext = &rfc6803_checksum_test1_plaintext,
785 .expected_result = &rfc6803_checksum_test1_expected_result,
788 .desc = "camellia128-cts-cmac checksum test 2",
789 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
790 .base_key = &rfc6803_checksum_test2_basekey,
791 .usage = &rfc6803_checksum_test2_usage,
792 .plaintext = &rfc6803_checksum_test2_plaintext,
793 .expected_result = &rfc6803_checksum_test2_expected_result,
796 .desc = "camellia256-cts-cmac checksum test 3",
797 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
798 .base_key = &rfc6803_checksum_test3_basekey,
799 .usage = &rfc6803_checksum_test3_usage,
800 .plaintext = &rfc6803_checksum_test3_plaintext,
801 .expected_result = &rfc6803_checksum_test3_expected_result,
804 .desc = "camellia256-cts-cmac checksum test 4",
805 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
806 .base_key = &rfc6803_checksum_test4_basekey,
807 .usage = &rfc6803_checksum_test4_usage,
808 .plaintext = &rfc6803_checksum_test4_plaintext,
809 .expected_result = &rfc6803_checksum_test4_expected_result,
813 /* Creates the function rfc6803_checksum_gen_params */
814 KUNIT_ARRAY_PARAM(rfc6803_checksum, rfc6803_checksum_test_params,
818 * From RFC 6803 Section 10. Test vectors
820 * Sample encryptions (all using the default cipher state)
822 * Copyright (c) 2012 IETF Trust and the persons identified as the
823 * document authors. All rights reserved.
825 * Key usage values are from errata 4326 against RFC 6803.
828 static const struct xdr_netobj rfc6803_enc_empty_plaintext = {
832 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_1byte_plaintext, "1");
833 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_9byte_plaintext, "9 bytesss");
834 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_13byte_plaintext, "13 bytes byte");
835 DEFINE_STR_XDR_NETOBJ(rfc6803_enc_30byte_plaintext,
836 "30 bytes bytes bytes bytes byt"
839 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_confounder,
840 0xb6, 0x98, 0x22, 0xa1, 0x9a, 0x6b, 0x09, 0xc0,
841 0xeb, 0xc8, 0x55, 0x7d, 0x1f, 0x1b, 0x6c, 0x0a
843 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_basekey,
844 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93,
845 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3
847 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_expected_result,
848 0xc4, 0x66, 0xf1, 0x87, 0x10, 0x69, 0x92, 0x1e,
849 0xdb, 0x7c, 0x6f, 0xde, 0x24, 0x4a, 0x52, 0xdb,
850 0x0b, 0xa1, 0x0e, 0xdc, 0x19, 0x7b, 0xdb, 0x80,
851 0x06, 0x65, 0x8c, 0xa3, 0xcc, 0xce, 0x6e, 0xb8
854 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_confounder,
855 0x6f, 0x2f, 0xc3, 0xc2, 0xa1, 0x66, 0xfd, 0x88,
856 0x98, 0x96, 0x7a, 0x83, 0xde, 0x95, 0x96, 0xd9
858 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_basekey,
859 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d,
860 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c
862 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_expected_result,
863 0x84, 0x2d, 0x21, 0xfd, 0x95, 0x03, 0x11, 0xc0,
864 0xdd, 0x46, 0x4a, 0x3f, 0x4b, 0xe8, 0xd6, 0xda,
865 0x88, 0xa5, 0x6d, 0x55, 0x9c, 0x9b, 0x47, 0xd3,
866 0xf9, 0xa8, 0x50, 0x67, 0xaf, 0x66, 0x15, 0x59,
870 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_confounder,
871 0xa5, 0xb4, 0xa7, 0x1e, 0x07, 0x7a, 0xee, 0xf9,
872 0x3c, 0x87, 0x63, 0xc1, 0x8f, 0xdb, 0x1f, 0x10
874 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_basekey,
875 0xa1, 0xbb, 0x61, 0xe8, 0x05, 0xf9, 0xba, 0x6d,
876 0xde, 0x8f, 0xdb, 0xdd, 0xc0, 0x5c, 0xde, 0xa0
878 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_expected_result,
879 0x61, 0x9f, 0xf0, 0x72, 0xe3, 0x62, 0x86, 0xff,
880 0x0a, 0x28, 0xde, 0xb3, 0xa3, 0x52, 0xec, 0x0d,
881 0x0e, 0xdf, 0x5c, 0x51, 0x60, 0xd6, 0x63, 0xc9,
882 0x01, 0x75, 0x8c, 0xcf, 0x9d, 0x1e, 0xd3, 0x3d,
883 0x71, 0xdb, 0x8f, 0x23, 0xaa, 0xbf, 0x83, 0x48,
887 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_confounder,
888 0x19, 0xfe, 0xe4, 0x0d, 0x81, 0x0c, 0x52, 0x4b,
889 0x5b, 0x22, 0xf0, 0x18, 0x74, 0xc6, 0x93, 0xda
891 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_basekey,
892 0x2c, 0xa2, 0x7a, 0x5f, 0xaf, 0x55, 0x32, 0x24,
893 0x45, 0x06, 0x43, 0x4e, 0x1c, 0xef, 0x66, 0x76
895 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_expected_result,
896 0xb8, 0xec, 0xa3, 0x16, 0x7a, 0xe6, 0x31, 0x55,
897 0x12, 0xe5, 0x9f, 0x98, 0xa7, 0xc5, 0x00, 0x20,
898 0x5e, 0x5f, 0x63, 0xff, 0x3b, 0xb3, 0x89, 0xaf,
899 0x1c, 0x41, 0xa2, 0x1d, 0x64, 0x0d, 0x86, 0x15,
900 0xc9, 0xed, 0x3f, 0xbe, 0xb0, 0x5a, 0xb6, 0xac,
901 0xb6, 0x76, 0x89, 0xb5, 0xea
904 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_confounder,
905 0xca, 0x7a, 0x7a, 0xb4, 0xbe, 0x19, 0x2d, 0xab,
906 0xd6, 0x03, 0x50, 0x6d, 0xb1, 0x9c, 0x39, 0xe2
908 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_basekey,
909 0x78, 0x24, 0xf8, 0xc1, 0x6f, 0x83, 0xff, 0x35,
910 0x4c, 0x6b, 0xf7, 0x51, 0x5b, 0x97, 0x3f, 0x43
912 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_expected_result,
913 0xa2, 0x6a, 0x39, 0x05, 0xa4, 0xff, 0xd5, 0x81,
914 0x6b, 0x7b, 0x1e, 0x27, 0x38, 0x0d, 0x08, 0x09,
915 0x0c, 0x8e, 0xc1, 0xf3, 0x04, 0x49, 0x6e, 0x1a,
916 0xbd, 0xcd, 0x2b, 0xdc, 0xd1, 0xdf, 0xfc, 0x66,
917 0x09, 0x89, 0xe1, 0x17, 0xa7, 0x13, 0xdd, 0xbb,
918 0x57, 0xa4, 0x14, 0x6c, 0x15, 0x87, 0xcb, 0xa4,
919 0x35, 0x66, 0x65, 0x59, 0x1d, 0x22, 0x40, 0x28,
920 0x2f, 0x58, 0x42, 0xb1, 0x05, 0xa5
923 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_confounder,
924 0x3c, 0xbb, 0xd2, 0xb4, 0x59, 0x17, 0x94, 0x10,
925 0x67, 0xf9, 0x65, 0x99, 0xbb, 0x98, 0x92, 0x6c
927 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_basekey,
928 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57,
929 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03,
930 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd,
931 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b
933 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_expected_result,
934 0x03, 0x88, 0x6d, 0x03, 0x31, 0x0b, 0x47, 0xa6,
935 0xd8, 0xf0, 0x6d, 0x7b, 0x94, 0xd1, 0xdd, 0x83,
936 0x7e, 0xcc, 0xe3, 0x15, 0xef, 0x65, 0x2a, 0xff,
937 0x62, 0x08, 0x59, 0xd9, 0x4a, 0x25, 0x92, 0x66
940 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_confounder,
941 0xde, 0xf4, 0x87, 0xfc, 0xeb, 0xe6, 0xde, 0x63,
942 0x46, 0xd4, 0xda, 0x45, 0x21, 0xbb, 0xa2, 0xd2
944 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_basekey,
945 0x1b, 0x97, 0xfe, 0x0a, 0x19, 0x0e, 0x20, 0x21,
946 0xeb, 0x30, 0x75, 0x3e, 0x1b, 0x6e, 0x1e, 0x77,
947 0xb0, 0x75, 0x4b, 0x1d, 0x68, 0x46, 0x10, 0x35,
948 0x58, 0x64, 0x10, 0x49, 0x63, 0x46, 0x38, 0x33
950 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_expected_result,
951 0x2c, 0x9c, 0x15, 0x70, 0x13, 0x3c, 0x99, 0xbf,
952 0x6a, 0x34, 0xbc, 0x1b, 0x02, 0x12, 0x00, 0x2f,
953 0xd1, 0x94, 0x33, 0x87, 0x49, 0xdb, 0x41, 0x35,
954 0x49, 0x7a, 0x34, 0x7c, 0xfc, 0xd9, 0xd1, 0x8a,
958 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_confounder,
959 0xad, 0x4f, 0xf9, 0x04, 0xd3, 0x4e, 0x55, 0x53,
960 0x84, 0xb1, 0x41, 0x00, 0xfc, 0x46, 0x5f, 0x88
962 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_basekey,
963 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15,
964 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe,
965 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33,
966 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05
968 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_expected_result,
969 0x9c, 0x6d, 0xe7, 0x5f, 0x81, 0x2d, 0xe7, 0xed,
970 0x0d, 0x28, 0xb2, 0x96, 0x35, 0x57, 0xa1, 0x15,
971 0x64, 0x09, 0x98, 0x27, 0x5b, 0x0a, 0xf5, 0x15,
972 0x27, 0x09, 0x91, 0x3f, 0xf5, 0x2a, 0x2a, 0x9c,
973 0x8e, 0x63, 0xb8, 0x72, 0xf9, 0x2e, 0x64, 0xc8,
977 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_confounder,
978 0xcf, 0x9b, 0xca, 0x6d, 0xf1, 0x14, 0x4e, 0x0c,
979 0x0a, 0xf9, 0xb8, 0xf3, 0x4c, 0x90, 0xd5, 0x14
981 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_basekey,
982 0xb0, 0x38, 0xb1, 0x32, 0xcd, 0x8e, 0x06, 0x61,
983 0x22, 0x67, 0xfa, 0xb7, 0x17, 0x00, 0x66, 0xd8,
984 0x8a, 0xec, 0xcb, 0xa0, 0xb7, 0x44, 0xbf, 0xc6,
985 0x0d, 0xc8, 0x9b, 0xca, 0x18, 0x2d, 0x07, 0x15
987 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_expected_result,
988 0xee, 0xec, 0x85, 0xa9, 0x81, 0x3c, 0xdc, 0x53,
989 0x67, 0x72, 0xab, 0x9b, 0x42, 0xde, 0xfc, 0x57,
990 0x06, 0xf7, 0x26, 0xe9, 0x75, 0xdd, 0xe0, 0x5a,
991 0x87, 0xeb, 0x54, 0x06, 0xea, 0x32, 0x4c, 0xa1,
992 0x85, 0xc9, 0x98, 0x6b, 0x42, 0xaa, 0xbe, 0x79,
993 0x4b, 0x84, 0x82, 0x1b, 0xee
996 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_confounder,
997 0x64, 0x4d, 0xef, 0x38, 0xda, 0x35, 0x00, 0x72,
998 0x75, 0x87, 0x8d, 0x21, 0x68, 0x55, 0xe2, 0x28
1000 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_basekey,
1001 0xcc, 0xfc, 0xd3, 0x49, 0xbf, 0x4c, 0x66, 0x77,
1002 0xe8, 0x6e, 0x4b, 0x02, 0xb8, 0xea, 0xb9, 0x24,
1003 0xa5, 0x46, 0xac, 0x73, 0x1c, 0xf9, 0xbf, 0x69,
1004 0x89, 0xb9, 0x96, 0xe7, 0xd6, 0xbf, 0xbb, 0xa7
1006 DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_expected_result,
1007 0x0e, 0x44, 0x68, 0x09, 0x85, 0x85, 0x5f, 0x2d,
1008 0x1f, 0x18, 0x12, 0x52, 0x9c, 0xa8, 0x3b, 0xfd,
1009 0x8e, 0x34, 0x9d, 0xe6, 0xfd, 0x9a, 0xda, 0x0b,
1010 0xaa, 0xa0, 0x48, 0xd6, 0x8e, 0x26, 0x5f, 0xeb,
1011 0xf3, 0x4a, 0xd1, 0x25, 0x5a, 0x34, 0x49, 0x99,
1012 0xad, 0x37, 0x14, 0x68, 0x87, 0xa6, 0xc6, 0x84,
1013 0x57, 0x31, 0xac, 0x7f, 0x46, 0x37, 0x6a, 0x05,
1014 0x04, 0xcd, 0x06, 0x57, 0x14, 0x74
1017 static const struct gss_krb5_test_param rfc6803_encrypt_test_params[] = {
1019 .desc = "Encrypt empty plaintext with camellia128-cts-cmac",
1020 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1022 .base_key = &rfc6803_enc_test1_basekey,
1023 .plaintext = &rfc6803_enc_empty_plaintext,
1024 .confounder = &rfc6803_enc_test1_confounder,
1025 .expected_result = &rfc6803_enc_test1_expected_result,
1028 .desc = "Encrypt 1 byte with camellia128-cts-cmac",
1029 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1031 .base_key = &rfc6803_enc_test2_basekey,
1032 .plaintext = &rfc6803_enc_1byte_plaintext,
1033 .confounder = &rfc6803_enc_test2_confounder,
1034 .expected_result = &rfc6803_enc_test2_expected_result,
1037 .desc = "Encrypt 9 bytes with camellia128-cts-cmac",
1038 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1040 .base_key = &rfc6803_enc_test3_basekey,
1041 .plaintext = &rfc6803_enc_9byte_plaintext,
1042 .confounder = &rfc6803_enc_test3_confounder,
1043 .expected_result = &rfc6803_enc_test3_expected_result,
1046 .desc = "Encrypt 13 bytes with camellia128-cts-cmac",
1047 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1049 .base_key = &rfc6803_enc_test4_basekey,
1050 .plaintext = &rfc6803_enc_13byte_plaintext,
1051 .confounder = &rfc6803_enc_test4_confounder,
1052 .expected_result = &rfc6803_enc_test4_expected_result,
1055 .desc = "Encrypt 30 bytes with camellia128-cts-cmac",
1056 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1058 .base_key = &rfc6803_enc_test5_basekey,
1059 .plaintext = &rfc6803_enc_30byte_plaintext,
1060 .confounder = &rfc6803_enc_test5_confounder,
1061 .expected_result = &rfc6803_enc_test5_expected_result,
1064 .desc = "Encrypt empty plaintext with camellia256-cts-cmac",
1065 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1067 .base_key = &rfc6803_enc_test6_basekey,
1068 .plaintext = &rfc6803_enc_empty_plaintext,
1069 .confounder = &rfc6803_enc_test6_confounder,
1070 .expected_result = &rfc6803_enc_test6_expected_result,
1073 .desc = "Encrypt 1 byte with camellia256-cts-cmac",
1074 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1076 .base_key = &rfc6803_enc_test7_basekey,
1077 .plaintext = &rfc6803_enc_1byte_plaintext,
1078 .confounder = &rfc6803_enc_test7_confounder,
1079 .expected_result = &rfc6803_enc_test7_expected_result,
1082 .desc = "Encrypt 9 bytes with camellia256-cts-cmac",
1083 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1085 .base_key = &rfc6803_enc_test8_basekey,
1086 .plaintext = &rfc6803_enc_9byte_plaintext,
1087 .confounder = &rfc6803_enc_test8_confounder,
1088 .expected_result = &rfc6803_enc_test8_expected_result,
1091 .desc = "Encrypt 13 bytes with camellia256-cts-cmac",
1092 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1094 .base_key = &rfc6803_enc_test9_basekey,
1095 .plaintext = &rfc6803_enc_13byte_plaintext,
1096 .confounder = &rfc6803_enc_test9_confounder,
1097 .expected_result = &rfc6803_enc_test9_expected_result,
1100 .desc = "Encrypt 30 bytes with camellia256-cts-cmac",
1101 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1103 .base_key = &rfc6803_enc_test10_basekey,
1104 .plaintext = &rfc6803_enc_30byte_plaintext,
1105 .confounder = &rfc6803_enc_test10_confounder,
1106 .expected_result = &rfc6803_enc_test10_expected_result,
1110 /* Creates the function rfc6803_encrypt_gen_params */
1111 KUNIT_ARRAY_PARAM(rfc6803_encrypt, rfc6803_encrypt_test_params,
1114 static void rfc6803_encrypt_case(struct kunit *test)
1116 const struct gss_krb5_test_param *param = test->param_value;
1117 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
1118 const struct gss_krb5_enctype *gk5e;
1119 struct xdr_netobj Ke, Ki, checksum;
1120 u8 usage_data[GSS_KRB5_K5CLENGTH];
1121 struct xdr_netobj usage = {
1123 .len = sizeof(usage_data),
1125 struct crypto_ahash *ahash_tfm;
1126 unsigned int blocksize;
1133 gk5e = gss_krb5_lookup_enctype(param->enctype);
1135 kunit_skip(test, "Encryption type is not available");
1137 memset(usage_data, 0, sizeof(usage_data));
1138 usage.data[3] = param->constant;
1140 Ke.len = gk5e->Ke_length;
1141 Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL);
1142 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data);
1143 usage.data[4] = KEY_USAGE_SEED_ENCRYPTION;
1144 err = gk5e->derive_key(gk5e, param->base_key, &Ke, &usage, GFP_KERNEL);
1145 KUNIT_ASSERT_EQ(test, err, 0);
1147 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
1148 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
1149 err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len);
1150 KUNIT_ASSERT_EQ(test, err, 0);
1152 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
1153 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
1154 err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len);
1155 KUNIT_ASSERT_EQ(test, err, 0);
1156 blocksize = crypto_sync_skcipher_blocksize(cts_tfm);
1158 len = param->confounder->len + param->plaintext->len + blocksize;
1159 text = kunit_kzalloc(test, len, GFP_KERNEL);
1160 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
1161 memcpy(text, param->confounder->data, param->confounder->len);
1162 memcpy(text + param->confounder->len, param->plaintext->data,
1163 param->plaintext->len);
1165 memset(&buf, 0, sizeof(buf));
1166 buf.head[0].iov_base = text;
1167 buf.head[0].iov_len = param->confounder->len + param->plaintext->len;
1168 buf.len = buf.head[0].iov_len;
1170 checksum.len = gk5e->cksumlength;
1171 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL);
1172 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data);
1174 Ki.len = gk5e->Ki_length;
1175 Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL);
1176 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data);
1177 usage.data[4] = KEY_USAGE_SEED_INTEGRITY;
1178 err = gk5e->derive_key(gk5e, param->base_key, &Ki,
1179 &usage, GFP_KERNEL);
1180 KUNIT_ASSERT_EQ(test, err, 0);
1181 ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC);
1182 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm);
1183 err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len);
1184 KUNIT_ASSERT_EQ(test, err, 0);
1187 err = gss_krb5_checksum(ahash_tfm, NULL, 0, &buf, 0, &checksum);
1188 KUNIT_ASSERT_EQ(test, err, 0);
1190 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0);
1191 KUNIT_ASSERT_EQ(test, err, 0);
1194 KUNIT_EXPECT_EQ_MSG(test, param->expected_result->len,
1195 buf.len + checksum.len,
1196 "ciphertext length mismatch");
1197 KUNIT_EXPECT_EQ_MSG(test,
1198 memcmp(param->expected_result->data,
1199 buf.head[0].iov_base, buf.len), 0,
1200 "encrypted result mismatch");
1201 KUNIT_EXPECT_EQ_MSG(test,
1202 memcmp(param->expected_result->data +
1203 (param->expected_result->len - checksum.len),
1204 checksum.data, checksum.len), 0,
1207 crypto_free_ahash(ahash_tfm);
1208 crypto_free_sync_skcipher(cts_tfm);
1209 crypto_free_sync_skcipher(cbc_tfm);
1212 static struct kunit_case rfc6803_test_cases[] = {
1214 .name = "RFC 6803 key derivation",
1215 .run_case = kdf_case,
1216 .generate_params = rfc6803_kdf_gen_params,
1219 .name = "RFC 6803 checksum",
1220 .run_case = checksum_case,
1221 .generate_params = rfc6803_checksum_gen_params,
1224 .name = "RFC 6803 encryption",
1225 .run_case = rfc6803_encrypt_case,
1226 .generate_params = rfc6803_encrypt_gen_params,
1231 static struct kunit_suite rfc6803_suite = {
1232 .name = "RFC 6803 suite",
1233 .test_cases = rfc6803_test_cases,
1237 * From RFC 8009 Appendix A. Test Vectors
1239 * Sample results for SHA-2 enctype key derivation
1241 * This test material is copyright (c) 2016 IETF Trust and the
1242 * persons identified as the document authors. All rights reserved.
1245 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_basekey,
1246 0x37, 0x05, 0xd9, 0x60, 0x80, 0xc1, 0x77, 0x28,
1247 0xa0, 0xe8, 0x00, 0xea, 0xb6, 0xe0, 0xd2, 0x3c
1249 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Kc,
1250 0xb3, 0x1a, 0x01, 0x8a, 0x48, 0xf5, 0x47, 0x76,
1251 0xf4, 0x03, 0xe9, 0xa3, 0x96, 0x32, 0x5d, 0xc3
1253 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ke,
1254 0x9b, 0x19, 0x7d, 0xd1, 0xe8, 0xc5, 0x60, 0x9d,
1255 0x6e, 0x67, 0xc3, 0xe3, 0x7c, 0x62, 0xc7, 0x2e
1257 DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ki,
1258 0x9f, 0xda, 0x0e, 0x56, 0xab, 0x2d, 0x85, 0xe1,
1259 0x56, 0x9a, 0x68, 0x86, 0x96, 0xc2, 0x6a, 0x6c
1262 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_basekey,
1263 0x6d, 0x40, 0x4d, 0x37, 0xfa, 0xf7, 0x9f, 0x9d,
1264 0xf0, 0xd3, 0x35, 0x68, 0xd3, 0x20, 0x66, 0x98,
1265 0x00, 0xeb, 0x48, 0x36, 0x47, 0x2e, 0xa8, 0xa0,
1266 0x26, 0xd1, 0x6b, 0x71, 0x82, 0x46, 0x0c, 0x52
1268 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Kc,
1269 0xef, 0x57, 0x18, 0xbe, 0x86, 0xcc, 0x84, 0x96,
1270 0x3d, 0x8b, 0xbb, 0x50, 0x31, 0xe9, 0xf5, 0xc4,
1271 0xba, 0x41, 0xf2, 0x8f, 0xaf, 0x69, 0xe7, 0x3d
1273 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ke,
1274 0x56, 0xab, 0x22, 0xbe, 0xe6, 0x3d, 0x82, 0xd7,
1275 0xbc, 0x52, 0x27, 0xf6, 0x77, 0x3f, 0x8e, 0xa7,
1276 0xa5, 0xeb, 0x1c, 0x82, 0x51, 0x60, 0xc3, 0x83,
1277 0x12, 0x98, 0x0c, 0x44, 0x2e, 0x5c, 0x7e, 0x49
1279 DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ki,
1280 0x69, 0xb1, 0x65, 0x14, 0xe3, 0xcd, 0x8e, 0x56,
1281 0xb8, 0x20, 0x10, 0xd5, 0xc7, 0x30, 0x12, 0xb6,
1282 0x22, 0xc4, 0xd0, 0x0f, 0xfc, 0x23, 0xed, 0x1f
1285 static const struct gss_krb5_test_param rfc8009_kdf_test_params[] = {
1287 .desc = "Derive Kc subkey for aes128-cts-hmac-sha256-128",
1288 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1289 .base_key = &aes128_cts_hmac_sha256_128_basekey,
1290 .usage = &usage_checksum,
1291 .expected_result = &aes128_cts_hmac_sha256_128_Kc,
1294 .desc = "Derive Ke subkey for aes128-cts-hmac-sha256-128",
1295 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1296 .base_key = &aes128_cts_hmac_sha256_128_basekey,
1297 .usage = &usage_encryption,
1298 .expected_result = &aes128_cts_hmac_sha256_128_Ke,
1301 .desc = "Derive Ki subkey for aes128-cts-hmac-sha256-128",
1302 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1303 .base_key = &aes128_cts_hmac_sha256_128_basekey,
1304 .usage = &usage_integrity,
1305 .expected_result = &aes128_cts_hmac_sha256_128_Ki,
1308 .desc = "Derive Kc subkey for aes256-cts-hmac-sha384-192",
1309 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1310 .base_key = &aes256_cts_hmac_sha384_192_basekey,
1311 .usage = &usage_checksum,
1312 .expected_result = &aes256_cts_hmac_sha384_192_Kc,
1315 .desc = "Derive Ke subkey for aes256-cts-hmac-sha384-192",
1316 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1317 .base_key = &aes256_cts_hmac_sha384_192_basekey,
1318 .usage = &usage_encryption,
1319 .expected_result = &aes256_cts_hmac_sha384_192_Ke,
1322 .desc = "Derive Ki subkey for aes256-cts-hmac-sha384-192",
1323 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1324 .base_key = &aes256_cts_hmac_sha384_192_basekey,
1325 .usage = &usage_integrity,
1326 .expected_result = &aes256_cts_hmac_sha384_192_Ki,
1330 /* Creates the function rfc8009_kdf_gen_params */
1331 KUNIT_ARRAY_PARAM(rfc8009_kdf, rfc8009_kdf_test_params, gss_krb5_get_desc);
1334 * From RFC 8009 Appendix A. Test Vectors
1336 * These sample checksums use the above sample key derivation results,
1337 * including use of the same base-key and key usage values.
1339 * This test material is copyright (c) 2016 IETF Trust and the
1340 * persons identified as the document authors. All rights reserved.
1343 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_plaintext,
1344 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1345 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1346 0x10, 0x11, 0x12, 0x13, 0x14
1348 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test1_expected_result,
1349 0xd7, 0x83, 0x67, 0x18, 0x66, 0x43, 0xd6, 0x7b,
1350 0x41, 0x1c, 0xba, 0x91, 0x39, 0xfc, 0x1d, 0xee
1352 DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test2_expected_result,
1353 0x45, 0xee, 0x79, 0x15, 0x67, 0xee, 0xfc, 0xa3,
1354 0x7f, 0x4a, 0xc1, 0xe0, 0x22, 0x2d, 0xe8, 0x0d,
1355 0x43, 0xc3, 0xbf, 0xa0, 0x66, 0x99, 0x67, 0x2a
1358 static const struct gss_krb5_test_param rfc8009_checksum_test_params[] = {
1360 .desc = "Checksum with aes128-cts-hmac-sha256-128",
1361 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1362 .base_key = &aes128_cts_hmac_sha256_128_basekey,
1363 .usage = &usage_checksum,
1364 .plaintext = &rfc8009_checksum_plaintext,
1365 .expected_result = &rfc8009_checksum_test1_expected_result,
1368 .desc = "Checksum with aes256-cts-hmac-sha384-192",
1369 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1370 .base_key = &aes256_cts_hmac_sha384_192_basekey,
1371 .usage = &usage_checksum,
1372 .plaintext = &rfc8009_checksum_plaintext,
1373 .expected_result = &rfc8009_checksum_test2_expected_result,
1377 /* Creates the function rfc8009_checksum_gen_params */
1378 KUNIT_ARRAY_PARAM(rfc8009_checksum, rfc8009_checksum_test_params,
1382 * From RFC 8009 Appendix A. Test Vectors
1384 * Sample encryptions (all using the default cipher state):
1385 * --------------------------------------------------------
1387 * These sample encryptions use the above sample key derivation results,
1388 * including use of the same base-key and key usage values.
1390 * This test material is copyright (c) 2016 IETF Trust and the
1391 * persons identified as the document authors. All rights reserved.
1394 static const struct xdr_netobj rfc8009_enc_empty_plaintext = {
1397 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_short_plaintext,
1398 0x00, 0x01, 0x02, 0x03, 0x04, 0x05
1400 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_block_plaintext,
1401 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1402 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
1404 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_long_plaintext,
1405 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
1406 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
1407 0x10, 0x11, 0x12, 0x13, 0x14
1410 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_confounder,
1411 0x7e, 0x58, 0x95, 0xea, 0xf2, 0x67, 0x24, 0x35,
1412 0xba, 0xd8, 0x17, 0xf5, 0x45, 0xa3, 0x71, 0x48
1414 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_result,
1415 0xef, 0x85, 0xfb, 0x89, 0x0b, 0xb8, 0x47, 0x2f,
1416 0x4d, 0xab, 0x20, 0x39, 0x4d, 0xca, 0x78, 0x1d
1418 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_hmac,
1419 0xad, 0x87, 0x7e, 0xda, 0x39, 0xd5, 0x0c, 0x87,
1420 0x0c, 0x0d, 0x5a, 0x0a, 0x8e, 0x48, 0xc7, 0x18
1423 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_confounder,
1424 0x7b, 0xca, 0x28, 0x5e, 0x2f, 0xd4, 0x13, 0x0f,
1425 0xb5, 0x5b, 0x1a, 0x5c, 0x83, 0xbc, 0x5b, 0x24
1427 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_result,
1428 0x84, 0xd7, 0xf3, 0x07, 0x54, 0xed, 0x98, 0x7b,
1429 0xab, 0x0b, 0xf3, 0x50, 0x6b, 0xeb, 0x09, 0xcf,
1430 0xb5, 0x54, 0x02, 0xce, 0xf7, 0xe6
1432 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_hmac,
1433 0x87, 0x7c, 0xe9, 0x9e, 0x24, 0x7e, 0x52, 0xd1,
1434 0x6e, 0xd4, 0x42, 0x1d, 0xfd, 0xf8, 0x97, 0x6c
1437 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_confounder,
1438 0x56, 0xab, 0x21, 0x71, 0x3f, 0xf6, 0x2c, 0x0a,
1439 0x14, 0x57, 0x20, 0x0f, 0x6f, 0xa9, 0x94, 0x8f
1441 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_result,
1442 0x35, 0x17, 0xd6, 0x40, 0xf5, 0x0d, 0xdc, 0x8a,
1443 0xd3, 0x62, 0x87, 0x22, 0xb3, 0x56, 0x9d, 0x2a,
1444 0xe0, 0x74, 0x93, 0xfa, 0x82, 0x63, 0x25, 0x40,
1445 0x80, 0xea, 0x65, 0xc1, 0x00, 0x8e, 0x8f, 0xc2
1447 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_hmac,
1448 0x95, 0xfb, 0x48, 0x52, 0xe7, 0xd8, 0x3e, 0x1e,
1449 0x7c, 0x48, 0xc3, 0x7e, 0xeb, 0xe6, 0xb0, 0xd3
1452 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_confounder,
1453 0xa7, 0xa4, 0xe2, 0x9a, 0x47, 0x28, 0xce, 0x10,
1454 0x66, 0x4f, 0xb6, 0x4e, 0x49, 0xad, 0x3f, 0xac
1456 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_result,
1457 0x72, 0x0f, 0x73, 0xb1, 0x8d, 0x98, 0x59, 0xcd,
1458 0x6c, 0xcb, 0x43, 0x46, 0x11, 0x5c, 0xd3, 0x36,
1459 0xc7, 0x0f, 0x58, 0xed, 0xc0, 0xc4, 0x43, 0x7c,
1460 0x55, 0x73, 0x54, 0x4c, 0x31, 0xc8, 0x13, 0xbc,
1461 0xe1, 0xe6, 0xd0, 0x72, 0xc1
1463 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_hmac,
1464 0x86, 0xb3, 0x9a, 0x41, 0x3c, 0x2f, 0x92, 0xca,
1465 0x9b, 0x83, 0x34, 0xa2, 0x87, 0xff, 0xcb, 0xfc
1468 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_confounder,
1469 0xf7, 0x64, 0xe9, 0xfa, 0x15, 0xc2, 0x76, 0x47,
1470 0x8b, 0x2c, 0x7d, 0x0c, 0x4e, 0x5f, 0x58, 0xe4
1472 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_result,
1473 0x41, 0xf5, 0x3f, 0xa5, 0xbf, 0xe7, 0x02, 0x6d,
1474 0x91, 0xfa, 0xf9, 0xbe, 0x95, 0x91, 0x95, 0xa0
1476 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_hmac,
1477 0x58, 0x70, 0x72, 0x73, 0xa9, 0x6a, 0x40, 0xf0,
1478 0xa0, 0x19, 0x60, 0x62, 0x1a, 0xc6, 0x12, 0x74,
1479 0x8b, 0x9b, 0xbf, 0xbe, 0x7e, 0xb4, 0xce, 0x3c
1482 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_confounder,
1483 0xb8, 0x0d, 0x32, 0x51, 0xc1, 0xf6, 0x47, 0x14,
1484 0x94, 0x25, 0x6f, 0xfe, 0x71, 0x2d, 0x0b, 0x9a
1486 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_result,
1487 0x4e, 0xd7, 0xb3, 0x7c, 0x2b, 0xca, 0xc8, 0xf7,
1488 0x4f, 0x23, 0xc1, 0xcf, 0x07, 0xe6, 0x2b, 0xc7,
1489 0xb7, 0x5f, 0xb3, 0xf6, 0x37, 0xb9
1491 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_hmac,
1492 0xf5, 0x59, 0xc7, 0xf6, 0x64, 0xf6, 0x9e, 0xab,
1493 0x7b, 0x60, 0x92, 0x23, 0x75, 0x26, 0xea, 0x0d,
1494 0x1f, 0x61, 0xcb, 0x20, 0xd6, 0x9d, 0x10, 0xf2
1497 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_confounder,
1498 0x53, 0xbf, 0x8a, 0x0d, 0x10, 0x52, 0x65, 0xd4,
1499 0xe2, 0x76, 0x42, 0x86, 0x24, 0xce, 0x5e, 0x63
1501 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_result,
1502 0xbc, 0x47, 0xff, 0xec, 0x79, 0x98, 0xeb, 0x91,
1503 0xe8, 0x11, 0x5c, 0xf8, 0xd1, 0x9d, 0xac, 0x4b,
1504 0xbb, 0xe2, 0xe1, 0x63, 0xe8, 0x7d, 0xd3, 0x7f,
1505 0x49, 0xbe, 0xca, 0x92, 0x02, 0x77, 0x64, 0xf6
1507 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_hmac,
1508 0x8c, 0xf5, 0x1f, 0x14, 0xd7, 0x98, 0xc2, 0x27,
1509 0x3f, 0x35, 0xdf, 0x57, 0x4d, 0x1f, 0x93, 0x2e,
1510 0x40, 0xc4, 0xff, 0x25, 0x5b, 0x36, 0xa2, 0x66
1513 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_confounder,
1514 0x76, 0x3e, 0x65, 0x36, 0x7e, 0x86, 0x4f, 0x02,
1515 0xf5, 0x51, 0x53, 0xc7, 0xe3, 0xb5, 0x8a, 0xf1
1517 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_result,
1518 0x40, 0x01, 0x3e, 0x2d, 0xf5, 0x8e, 0x87, 0x51,
1519 0x95, 0x7d, 0x28, 0x78, 0xbc, 0xd2, 0xd6, 0xfe,
1520 0x10, 0x1c, 0xcf, 0xd5, 0x56, 0xcb, 0x1e, 0xae,
1521 0x79, 0xdb, 0x3c, 0x3e, 0xe8, 0x64, 0x29, 0xf2,
1522 0xb2, 0xa6, 0x02, 0xac, 0x86
1524 DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_hmac,
1525 0xfe, 0xf6, 0xec, 0xb6, 0x47, 0xd6, 0x29, 0x5f,
1526 0xae, 0x07, 0x7a, 0x1f, 0xeb, 0x51, 0x75, 0x08,
1527 0xd2, 0xc1, 0x6b, 0x41, 0x92, 0xe0, 0x1f, 0x62
1530 static const struct gss_krb5_test_param rfc8009_encrypt_test_params[] = {
1532 .desc = "Encrypt empty plaintext with aes128-cts-hmac-sha256-128",
1533 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1534 .plaintext = &rfc8009_enc_empty_plaintext,
1535 .confounder = &rfc8009_enc_test1_confounder,
1536 .base_key = &aes128_cts_hmac_sha256_128_basekey,
1537 .expected_result = &rfc8009_enc_test1_expected_result,
1538 .expected_hmac = &rfc8009_enc_test1_expected_hmac,
1541 .desc = "Encrypt short plaintext with aes128-cts-hmac-sha256-128",
1542 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1543 .plaintext = &rfc8009_enc_short_plaintext,
1544 .confounder = &rfc8009_enc_test2_confounder,
1545 .base_key = &aes128_cts_hmac_sha256_128_basekey,
1546 .expected_result = &rfc8009_enc_test2_expected_result,
1547 .expected_hmac = &rfc8009_enc_test2_expected_hmac,
1550 .desc = "Encrypt block plaintext with aes128-cts-hmac-sha256-128",
1551 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1552 .plaintext = &rfc8009_enc_block_plaintext,
1553 .confounder = &rfc8009_enc_test3_confounder,
1554 .base_key = &aes128_cts_hmac_sha256_128_basekey,
1555 .expected_result = &rfc8009_enc_test3_expected_result,
1556 .expected_hmac = &rfc8009_enc_test3_expected_hmac,
1559 .desc = "Encrypt long plaintext with aes128-cts-hmac-sha256-128",
1560 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1561 .plaintext = &rfc8009_enc_long_plaintext,
1562 .confounder = &rfc8009_enc_test4_confounder,
1563 .base_key = &aes128_cts_hmac_sha256_128_basekey,
1564 .expected_result = &rfc8009_enc_test4_expected_result,
1565 .expected_hmac = &rfc8009_enc_test4_expected_hmac,
1568 .desc = "Encrypt empty plaintext with aes256-cts-hmac-sha384-192",
1569 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1570 .plaintext = &rfc8009_enc_empty_plaintext,
1571 .confounder = &rfc8009_enc_test5_confounder,
1572 .base_key = &aes256_cts_hmac_sha384_192_basekey,
1573 .expected_result = &rfc8009_enc_test5_expected_result,
1574 .expected_hmac = &rfc8009_enc_test5_expected_hmac,
1577 .desc = "Encrypt short plaintext with aes256-cts-hmac-sha384-192",
1578 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1579 .plaintext = &rfc8009_enc_short_plaintext,
1580 .confounder = &rfc8009_enc_test6_confounder,
1581 .base_key = &aes256_cts_hmac_sha384_192_basekey,
1582 .expected_result = &rfc8009_enc_test6_expected_result,
1583 .expected_hmac = &rfc8009_enc_test6_expected_hmac,
1586 .desc = "Encrypt block plaintext with aes256-cts-hmac-sha384-192",
1587 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1588 .plaintext = &rfc8009_enc_block_plaintext,
1589 .confounder = &rfc8009_enc_test7_confounder,
1590 .base_key = &aes256_cts_hmac_sha384_192_basekey,
1591 .expected_result = &rfc8009_enc_test7_expected_result,
1592 .expected_hmac = &rfc8009_enc_test7_expected_hmac,
1595 .desc = "Encrypt long plaintext with aes256-cts-hmac-sha384-192",
1596 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1597 .plaintext = &rfc8009_enc_long_plaintext,
1598 .confounder = &rfc8009_enc_test8_confounder,
1599 .base_key = &aes256_cts_hmac_sha384_192_basekey,
1600 .expected_result = &rfc8009_enc_test8_expected_result,
1601 .expected_hmac = &rfc8009_enc_test8_expected_hmac,
1605 /* Creates the function rfc8009_encrypt_gen_params */
1606 KUNIT_ARRAY_PARAM(rfc8009_encrypt, rfc8009_encrypt_test_params,
1609 static void rfc8009_encrypt_case(struct kunit *test)
1611 const struct gss_krb5_test_param *param = test->param_value;
1612 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
1613 const struct gss_krb5_enctype *gk5e;
1614 struct xdr_netobj Ke, Ki, checksum;
1615 u8 usage_data[GSS_KRB5_K5CLENGTH];
1616 struct xdr_netobj usage = {
1618 .len = sizeof(usage_data),
1620 struct crypto_ahash *ahash_tfm;
1627 gk5e = gss_krb5_lookup_enctype(param->enctype);
1629 kunit_skip(test, "Encryption type is not available");
1631 *(__be32 *)usage.data = cpu_to_be32(2);
1633 Ke.len = gk5e->Ke_length;
1634 Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL);
1635 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data);
1636 usage.data[4] = KEY_USAGE_SEED_ENCRYPTION;
1637 err = gk5e->derive_key(gk5e, param->base_key, &Ke,
1638 &usage, GFP_KERNEL);
1639 KUNIT_ASSERT_EQ(test, err, 0);
1641 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
1642 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
1643 err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len);
1644 KUNIT_ASSERT_EQ(test, err, 0);
1646 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
1647 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
1648 err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len);
1649 KUNIT_ASSERT_EQ(test, err, 0);
1651 len = param->confounder->len + param->plaintext->len;
1652 text = kunit_kzalloc(test, len, GFP_KERNEL);
1653 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
1654 memcpy(text, param->confounder->data, param->confounder->len);
1655 memcpy(text + param->confounder->len, param->plaintext->data,
1656 param->plaintext->len);
1658 memset(&buf, 0, sizeof(buf));
1659 buf.head[0].iov_base = text;
1660 buf.head[0].iov_len = param->confounder->len + param->plaintext->len;
1661 buf.len = buf.head[0].iov_len;
1663 checksum.len = gk5e->cksumlength;
1664 checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL);
1665 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data);
1667 Ki.len = gk5e->Ki_length;
1668 Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL);
1669 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data);
1670 usage.data[4] = KEY_USAGE_SEED_INTEGRITY;
1671 err = gk5e->derive_key(gk5e, param->base_key, &Ki,
1672 &usage, GFP_KERNEL);
1673 KUNIT_ASSERT_EQ(test, err, 0);
1675 ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC);
1676 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm);
1677 err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len);
1678 KUNIT_ASSERT_EQ(test, err, 0);
1681 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0);
1682 KUNIT_ASSERT_EQ(test, err, 0);
1683 err = krb5_etm_checksum(cts_tfm, ahash_tfm, &buf, 0, &checksum);
1684 KUNIT_ASSERT_EQ(test, err, 0);
1687 KUNIT_EXPECT_EQ_MSG(test,
1688 param->expected_result->len, buf.len,
1689 "ciphertext length mismatch");
1690 KUNIT_EXPECT_EQ_MSG(test,
1691 memcmp(param->expected_result->data,
1692 buf.head[0].iov_base,
1693 param->expected_result->len), 0,
1694 "ciphertext mismatch");
1695 KUNIT_EXPECT_EQ_MSG(test, memcmp(param->expected_hmac->data,
1700 crypto_free_ahash(ahash_tfm);
1701 crypto_free_sync_skcipher(cts_tfm);
1702 crypto_free_sync_skcipher(cbc_tfm);
1705 static struct kunit_case rfc8009_test_cases[] = {
1707 .name = "RFC 8009 key derivation",
1708 .run_case = kdf_case,
1709 .generate_params = rfc8009_kdf_gen_params,
1712 .name = "RFC 8009 checksum",
1713 .run_case = checksum_case,
1714 .generate_params = rfc8009_checksum_gen_params,
1717 .name = "RFC 8009 encryption",
1718 .run_case = rfc8009_encrypt_case,
1719 .generate_params = rfc8009_encrypt_gen_params,
1724 static struct kunit_suite rfc8009_suite = {
1725 .name = "RFC 8009 suite",
1726 .test_cases = rfc8009_test_cases,
1730 * Encryption self-tests
1733 DEFINE_STR_XDR_NETOBJ(encrypt_selftest_plaintext,
1734 "This is the plaintext for the encryption self-test.");
1736 static const struct gss_krb5_test_param encrypt_selftest_params[] = {
1738 .desc = "aes128-cts-hmac-sha1-96 encryption self-test",
1739 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
1740 .Ke = &rfc3962_encryption_key,
1741 .plaintext = &encrypt_selftest_plaintext,
1744 .desc = "aes256-cts-hmac-sha1-96 encryption self-test",
1745 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96,
1746 .Ke = &rfc3962_encryption_key,
1747 .plaintext = &encrypt_selftest_plaintext,
1750 .desc = "camellia128-cts-cmac encryption self-test",
1751 .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
1752 .Ke = &camellia128_cts_cmac_Ke,
1753 .plaintext = &encrypt_selftest_plaintext,
1756 .desc = "camellia256-cts-cmac encryption self-test",
1757 .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
1758 .Ke = &camellia256_cts_cmac_Ke,
1759 .plaintext = &encrypt_selftest_plaintext,
1762 .desc = "aes128-cts-hmac-sha256-128 encryption self-test",
1763 .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
1764 .Ke = &aes128_cts_hmac_sha256_128_Ke,
1765 .plaintext = &encrypt_selftest_plaintext,
1768 .desc = "aes256-cts-hmac-sha384-192 encryption self-test",
1769 .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
1770 .Ke = &aes256_cts_hmac_sha384_192_Ke,
1771 .plaintext = &encrypt_selftest_plaintext,
1775 /* Creates the function encrypt_selftest_gen_params */
1776 KUNIT_ARRAY_PARAM(encrypt_selftest, encrypt_selftest_params,
1780 * Encrypt and decrypt plaintext, and ensure the input plaintext
1781 * matches the output plaintext. A confounder is not added in this
1784 static void encrypt_selftest_case(struct kunit *test)
1786 const struct gss_krb5_test_param *param = test->param_value;
1787 struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
1788 const struct gss_krb5_enctype *gk5e;
1794 gk5e = gss_krb5_lookup_enctype(param->enctype);
1796 kunit_skip(test, "Encryption type is not available");
1798 cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
1799 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
1800 err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len);
1801 KUNIT_ASSERT_EQ(test, err, 0);
1803 cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
1804 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
1805 err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len);
1806 KUNIT_ASSERT_EQ(test, err, 0);
1808 text = kunit_kzalloc(test, roundup(param->plaintext->len,
1809 crypto_sync_skcipher_blocksize(cbc_tfm)),
1811 KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
1813 memcpy(text, param->plaintext->data, param->plaintext->len);
1814 memset(&buf, 0, sizeof(buf));
1815 buf.head[0].iov_base = text;
1816 buf.head[0].iov_len = param->plaintext->len;
1817 buf.len = buf.head[0].iov_len;
1820 err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0);
1821 KUNIT_ASSERT_EQ(test, err, 0);
1822 err = krb5_cbc_cts_decrypt(cts_tfm, cbc_tfm, 0, &buf);
1823 KUNIT_ASSERT_EQ(test, err, 0);
1826 KUNIT_EXPECT_EQ_MSG(test,
1827 param->plaintext->len, buf.len,
1829 KUNIT_EXPECT_EQ_MSG(test,
1830 memcmp(param->plaintext->data,
1831 buf.head[0].iov_base, buf.len), 0,
1832 "plaintext mismatch");
1834 crypto_free_sync_skcipher(cts_tfm);
1835 crypto_free_sync_skcipher(cbc_tfm);
1838 static struct kunit_case encryption_test_cases[] = {
1840 .name = "Encryption self-tests",
1841 .run_case = encrypt_selftest_case,
1842 .generate_params = encrypt_selftest_gen_params,
1847 static struct kunit_suite encryption_test_suite = {
1848 .name = "Encryption test suite",
1849 .test_cases = encryption_test_cases,
1852 kunit_test_suites(&rfc3961_suite,
1856 &encryption_test_suite);
1858 MODULE_DESCRIPTION("Test RPCSEC GSS Kerberos 5 functions");
1859 MODULE_LICENSE("GPL");