From: Chuck Lever <cel@kernel.org>
To: Trond Myklebust <trondmy@kernel.org>,
Anna Schumaker <anna@kernel.org>,
Chuck Lever <chuck.lever@oracle.com>,
Jeff Layton <jlayton@kernel.org>, NeilBrown <neil@brown.name>,
Olga Kornievskaia <okorniev@redhat.com>,
Dai Ngo <Dai.Ngo@oracle.com>, Tom Talpey <tom@talpey.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>
Cc: linux-nfs@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org,
Herbert Xu <herbert@gondor.apana.org.au>,
David Howells <dhowells@redhat.com>,
Simo Sorce <simo@redhat.com>
Subject: [PATCH 15/18] SUNRPC: Remove dead code from rpcsec_gss_krb5
Date: Mon, 27 Apr 2026 09:50:59 -0400 [thread overview]
Message-ID: <20260427-crypto-krb5-api-v1-15-1fc1253b64c0@oracle.com> (raw)
In-Reply-To: <20260427-crypto-krb5-api-v1-0-1fc1253b64c0@oracle.com>
From: Chuck Lever <chuck.lever@oracle.com>
With all per-message crypto operations routed through crypto/krb5,
a substantial body of code in rpcsec_gss_krb5 has no remaining
callers. The internal key derivation functions (krb5_derive_key_v2,
krb5_kdf_hmac_sha2, krb5_kdf_feedback_cmac) and the low-level
crypto primitives (krb5_encrypt, gss_krb5_checksum, krb5_cbc_cts_
encrypt/decrypt, krb5_etm_checksum) are unreachable because their
only call sites were the per-enctype function pointers removed in
previous patches. Delete gss_krb5_keys.c entirely and strip the
dead functions from gss_krb5_crypto.c.
The KUnit test suite in gss_krb5_test.c exercised exactly these
internal functions: RFC 3961 n-fold, RFC 3962 key derivation,
RFC 6803 Camellia key derivation, and RFC 8009 AES-SHA2 key
derivation, plus encryption self-tests that drove the now-removed
encrypt routines. The corresponding test coverage is provided by
the crypto/krb5 selftests in crypto/krb5/selftest.c. Remove the
test file, the RPCSEC_GSS_KRB5_KUNIT_TEST Kconfig symbol, the
.kunitconfig, and all VISIBLE_IF_KUNIT / EXPORT_SYMBOL_IF_KUNIT
annotations.
xdr_process_buf() walked xdr_buf segments through a per-segment
callback and existed solely for the crypto routines in
gss_krb5_crypto.c. With that file removed, xdr_process_buf()
has no remaining callers. Its successor, xdr_buf_to_sg(),
populates a scatterlist directly from an xdr_buf byte range
and was introduced earlier in this series.
With every consumer of struct gss_krb5_enctype removed, replace
its remaining uses with the equivalent fields from struct
krb5_enctype (key_len). Remove struct gss_krb5_enctype, the
supported_gss_krb5_enctypes[] table, gss_krb5_lookup_enctype(),
and the gk5e pointer from krb5_ctx.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
include/linux/sunrpc/xdr.h | 1 -
net/sunrpc/.kunitconfig | 29 -
net/sunrpc/Kconfig | 15 -
net/sunrpc/auth_gss/Makefile | 4 +-
net/sunrpc/auth_gss/gss_krb5_crypto.c | 561 +---------
net/sunrpc/auth_gss/gss_krb5_internal.h | 75 --
net/sunrpc/auth_gss/gss_krb5_keys.c | 546 ---------
net/sunrpc/auth_gss/gss_krb5_mech.c | 178 +--
net/sunrpc/auth_gss/gss_krb5_test.c | 1868 -------------------------------
net/sunrpc/xdr.c | 67 --
10 files changed, 6 insertions(+), 3338 deletions(-)
diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h
index f82446993fde..31971b01d962 100644
--- a/include/linux/sunrpc/xdr.h
+++ b/include/linux/sunrpc/xdr.h
@@ -275,7 +275,6 @@ extern void xdr_finish_decode(struct xdr_stream *xdr);
extern __be32 *xdr_inline_decode(struct xdr_stream *xdr, size_t nbytes);
extern unsigned int xdr_read_pages(struct xdr_stream *xdr, unsigned int len);
extern void xdr_enter_page(struct xdr_stream *xdr, unsigned int len);
-extern int xdr_process_buf(const struct xdr_buf *buf, unsigned int offset, unsigned int len, int (*actor)(struct scatterlist *, void *), void *data);
extern void xdr_set_pagelen(struct xdr_stream *, unsigned int len);
extern bool xdr_stream_subsegment(struct xdr_stream *xdr, struct xdr_buf *subbuf,
unsigned int len);
diff --git a/net/sunrpc/.kunitconfig b/net/sunrpc/.kunitconfig
deleted file mode 100644
index eb02b906c295..000000000000
--- a/net/sunrpc/.kunitconfig
+++ /dev/null
@@ -1,29 +0,0 @@
-CONFIG_KUNIT=y
-CONFIG_UBSAN=y
-CONFIG_STACKTRACE=y
-CONFIG_NET=y
-CONFIG_NETWORK_FILESYSTEMS=y
-CONFIG_INET=y
-CONFIG_FILE_LOCKING=y
-CONFIG_MULTIUSER=y
-CONFIG_CRYPTO=y
-CONFIG_CRYPTO_CBC=y
-CONFIG_CRYPTO_CTS=y
-CONFIG_CRYPTO_ECB=y
-CONFIG_CRYPTO_HMAC=y
-CONFIG_CRYPTO_CMAC=y
-CONFIG_CRYPTO_MD5=y
-CONFIG_CRYPTO_SHA1=y
-CONFIG_CRYPTO_SHA256=y
-CONFIG_CRYPTO_SHA512=y
-CONFIG_CRYPTO_DES=y
-CONFIG_CRYPTO_AES=y
-CONFIG_CRYPTO_CAMELLIA=y
-CONFIG_NFS_FS=y
-CONFIG_SUNRPC=y
-CONFIG_SUNRPC_GSS=y
-CONFIG_RPCSEC_GSS_KRB5=y
-CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1=y
-CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA=y
-CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2=y
-CONFIG_RPCSEC_GSS_KRB5_KUNIT_TEST=y
diff --git a/net/sunrpc/Kconfig b/net/sunrpc/Kconfig
index 381e76975ea9..1c2e1fe9d365 100644
--- a/net/sunrpc/Kconfig
+++ b/net/sunrpc/Kconfig
@@ -73,21 +73,6 @@ config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2
SHA-2 digests. These include aes128-cts-hmac-sha256-128 and
aes256-cts-hmac-sha384-192.
-config RPCSEC_GSS_KRB5_KUNIT_TEST
- tristate "KUnit tests for RPCSEC GSS Kerberos" if !KUNIT_ALL_TESTS
- depends on RPCSEC_GSS_KRB5 && KUNIT
- default KUNIT_ALL_TESTS
- help
- This builds the KUnit tests for RPCSEC GSS Kerberos 5.
-
- KUnit tests run during boot and output the results to the debug
- log in TAP format (https://testanything.org/). Only useful for
- kernel devs running KUnit test harness and are not for inclusion
- into a production build.
-
- For more information on KUnit and unit tests in general, refer
- to the KUnit documentation in Documentation/dev-tools/kunit/.
-
config SUNRPC_DEBUG
bool "RPC: Enable dprintk debugging"
depends on SUNRPC && SYSCTL
diff --git a/net/sunrpc/auth_gss/Makefile b/net/sunrpc/auth_gss/Makefile
index 452f67deebc6..68676389d65f 100644
--- a/net/sunrpc/auth_gss/Makefile
+++ b/net/sunrpc/auth_gss/Makefile
@@ -12,6 +12,4 @@ auth_rpcgss-y := auth_gss.o \
obj-$(CONFIG_RPCSEC_GSS_KRB5) += rpcsec_gss_krb5.o
rpcsec_gss_krb5-y := gss_krb5_mech.o gss_krb5_seal.o gss_krb5_unseal.o \
- gss_krb5_wrap.o gss_krb5_crypto.o gss_krb5_keys.o
-
-obj-$(CONFIG_RPCSEC_GSS_KRB5_KUNIT_TEST) += gss_krb5_test.o
+ gss_krb5_wrap.o gss_krb5_crypto.o
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index cfd5b56d1b52..cf461ebcdde5 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -34,19 +34,14 @@
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
-#include <crypto/hash.h>
-#include <crypto/skcipher.h>
-#include <crypto/utils.h>
#include <linux/err.h>
#include <linux/types.h>
#include <linux/mm.h>
#include <linux/scatterlist.h>
#include <linux/highmem.h>
#include <linux/pagemap.h>
-#include <linux/random.h>
#include <linux/sunrpc/gss_krb5.h>
#include <linux/sunrpc/xdr.h>
-#include <kunit/visibility.h>
#include "gss_krb5_internal.h"
@@ -54,303 +49,6 @@
# define RPCDBG_FACILITY RPCDBG_AUTH
#endif
-/**
- * krb5_make_confounder - Generate a confounder string
- * @p: memory location into which to write the string
- * @conflen: string length to write, in octets
- *
- * RFCs 1964 and 3961 mention only "a random confounder" without going
- * into detail about its function or cryptographic requirements. The
- * assumed purpose is to prevent repeated encryption of a plaintext with
- * the same key from generating the same ciphertext. It is also used to
- * pad minimum plaintext length to at least a single cipher block.
- *
- * However, in situations like the GSS Kerberos 5 mechanism, where the
- * encryption IV is always all zeroes, the confounder also effectively
- * functions like an IV. Thus, not only must it be unique from message
- * to message, but it must also be difficult to predict. Otherwise an
- * attacker can correlate the confounder to previous or future values,
- * making the encryption easier to break.
- *
- * Given that the primary consumer of this encryption mechanism is a
- * network storage protocol, a type of traffic that often carries
- * predictable payloads (eg, all zeroes when reading unallocated blocks
- * from a file), our confounder generation has to be cryptographically
- * strong.
- */
-void krb5_make_confounder(u8 *p, int conflen)
-{
- get_random_bytes(p, conflen);
-}
-
-/**
- * krb5_encrypt - simple encryption of an RPCSEC GSS payload
- * @tfm: initialized cipher transform
- * @iv: pointer to an IV
- * @in: plaintext to encrypt
- * @out: OUT: ciphertext
- * @length: length of input and output buffers, in bytes
- *
- * @iv may be NULL to force the use of an all-zero IV.
- * The buffer containing the IV must be as large as the
- * cipher's ivsize.
- *
- * Return values:
- * %0: @in successfully encrypted into @out
- * negative errno: @in not encrypted
- */
-u32
-krb5_encrypt(
- struct crypto_sync_skcipher *tfm,
- void * iv,
- void * in,
- void * out,
- int length)
-{
- u32 ret = -EINVAL;
- struct scatterlist sg[1];
- u8 local_iv[GSS_KRB5_MAX_BLOCKSIZE] = {0};
- SYNC_SKCIPHER_REQUEST_ON_STACK(req, tfm);
-
- if (length % crypto_sync_skcipher_blocksize(tfm) != 0)
- goto out;
-
- if (crypto_sync_skcipher_ivsize(tfm) > GSS_KRB5_MAX_BLOCKSIZE) {
- dprintk("RPC: gss_k5encrypt: tfm iv size too large %d\n",
- crypto_sync_skcipher_ivsize(tfm));
- goto out;
- }
-
- if (iv)
- memcpy(local_iv, iv, crypto_sync_skcipher_ivsize(tfm));
-
- memcpy(out, in, length);
- sg_init_one(sg, out, length);
-
- skcipher_request_set_sync_tfm(req, tfm);
- skcipher_request_set_callback(req, 0, NULL, NULL);
- skcipher_request_set_crypt(req, sg, sg, length, local_iv);
-
- ret = crypto_skcipher_encrypt(req);
- skcipher_request_zero(req);
-out:
- dprintk("RPC: krb5_encrypt returns %d\n", ret);
- return ret;
-}
-
-static int
-checksummer(struct scatterlist *sg, void *data)
-{
- struct ahash_request *req = data;
-
- ahash_request_set_crypt(req, sg, NULL, sg->length);
-
- return crypto_ahash_update(req);
-}
-
-/**
- * gss_krb5_checksum - Compute the MAC for a GSS Wrap or MIC token
- * @tfm: an initialized hash transform
- * @header: pointer to a buffer containing the token header, or NULL
- * @hdrlen: number of octets in @header
- * @body: xdr_buf containing an RPC message (body.len is the message length)
- * @body_offset: byte offset into @body to start checksumming
- * @cksumout: OUT: a buffer to be filled in with the computed HMAC
- *
- * Usually expressed as H = HMAC(K, message)[1..h] .
- *
- * Caller provides the truncation length of the output token (h) in
- * cksumout.len.
- *
- * Return values:
- * %GSS_S_COMPLETE: Digest computed, @cksumout filled in
- * %GSS_S_FAILURE: Call failed
- */
-u32
-gss_krb5_checksum(struct crypto_ahash *tfm, char *header, int hdrlen,
- const struct xdr_buf *body, int body_offset,
- struct xdr_netobj *cksumout)
-{
- struct ahash_request *req;
- int err = -ENOMEM;
- u8 *checksumdata;
-
- checksumdata = kmalloc(crypto_ahash_digestsize(tfm), GFP_KERNEL);
- if (!checksumdata)
- return GSS_S_FAILURE;
-
- req = ahash_request_alloc(tfm, GFP_KERNEL);
- if (!req)
- goto out_free_cksum;
- ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
- err = crypto_ahash_init(req);
- if (err)
- goto out_free_ahash;
-
- /*
- * Per RFC 4121 Section 4.2.4, the checksum is performed over the
- * data body first, then over the octets in "header".
- */
- err = xdr_process_buf(body, body_offset, body->len - body_offset,
- checksummer, req);
- if (err)
- goto out_free_ahash;
- if (header) {
- struct scatterlist sg[1];
-
- sg_init_one(sg, header, hdrlen);
- ahash_request_set_crypt(req, sg, NULL, hdrlen);
- err = crypto_ahash_update(req);
- if (err)
- goto out_free_ahash;
- }
-
- ahash_request_set_crypt(req, NULL, checksumdata, 0);
- err = crypto_ahash_final(req);
- if (err)
- goto out_free_ahash;
-
- memcpy(cksumout->data, checksumdata,
- min_t(int, cksumout->len, crypto_ahash_digestsize(tfm)));
-
-out_free_ahash:
- ahash_request_free(req);
-out_free_cksum:
- kfree_sensitive(checksumdata);
- return err ? GSS_S_FAILURE : GSS_S_COMPLETE;
-}
-EXPORT_SYMBOL_IF_KUNIT(gss_krb5_checksum);
-
-struct encryptor_desc {
- u8 iv[GSS_KRB5_MAX_BLOCKSIZE];
- struct skcipher_request *req;
- int pos;
- struct xdr_buf *outbuf;
- struct page **pages;
- struct scatterlist infrags[4];
- struct scatterlist outfrags[4];
- int fragno;
- int fraglen;
-};
-
-static int
-encryptor(struct scatterlist *sg, void *data)
-{
- struct encryptor_desc *desc = data;
- struct xdr_buf *outbuf = desc->outbuf;
- struct crypto_sync_skcipher *tfm =
- crypto_sync_skcipher_reqtfm(desc->req);
- struct page *in_page;
- int thislen = desc->fraglen + sg->length;
- int fraglen, ret;
- int page_pos;
-
- /* Worst case is 4 fragments: head, end of page 1, start
- * of page 2, tail. Anything more is a bug. */
- BUG_ON(desc->fragno > 3);
-
- page_pos = desc->pos - outbuf->head[0].iov_len;
- if (page_pos >= 0 && page_pos < outbuf->page_len) {
- /* pages are not in place: */
- int i = (page_pos + outbuf->page_base) >> PAGE_SHIFT;
- in_page = desc->pages[i];
- } else {
- in_page = sg_page(sg);
- }
- sg_set_page(&desc->infrags[desc->fragno], in_page, sg->length,
- sg->offset);
- sg_set_page(&desc->outfrags[desc->fragno], sg_page(sg), sg->length,
- sg->offset);
- desc->fragno++;
- desc->fraglen += sg->length;
- desc->pos += sg->length;
-
- fraglen = thislen & (crypto_sync_skcipher_blocksize(tfm) - 1);
- thislen -= fraglen;
-
- if (thislen == 0)
- return 0;
-
- sg_mark_end(&desc->infrags[desc->fragno - 1]);
- sg_mark_end(&desc->outfrags[desc->fragno - 1]);
-
- skcipher_request_set_crypt(desc->req, desc->infrags, desc->outfrags,
- thislen, desc->iv);
-
- ret = crypto_skcipher_encrypt(desc->req);
- if (ret)
- return ret;
-
- sg_init_table(desc->infrags, 4);
- sg_init_table(desc->outfrags, 4);
-
- if (fraglen) {
- sg_set_page(&desc->outfrags[0], sg_page(sg), fraglen,
- sg->offset + sg->length - fraglen);
- desc->infrags[0] = desc->outfrags[0];
- sg_assign_page(&desc->infrags[0], in_page);
- desc->fragno = 1;
- desc->fraglen = fraglen;
- } else {
- desc->fragno = 0;
- desc->fraglen = 0;
- }
- return 0;
-}
-
-struct decryptor_desc {
- u8 iv[GSS_KRB5_MAX_BLOCKSIZE];
- struct skcipher_request *req;
- struct scatterlist frags[4];
- int fragno;
- int fraglen;
-};
-
-static int
-decryptor(struct scatterlist *sg, void *data)
-{
- struct decryptor_desc *desc = data;
- int thislen = desc->fraglen + sg->length;
- struct crypto_sync_skcipher *tfm =
- crypto_sync_skcipher_reqtfm(desc->req);
- int fraglen, ret;
-
- /* Worst case is 4 fragments: head, end of page 1, start
- * of page 2, tail. Anything more is a bug. */
- BUG_ON(desc->fragno > 3);
- sg_set_page(&desc->frags[desc->fragno], sg_page(sg), sg->length,
- sg->offset);
- desc->fragno++;
- desc->fraglen += sg->length;
-
- fraglen = thislen & (crypto_sync_skcipher_blocksize(tfm) - 1);
- thislen -= fraglen;
-
- if (thislen == 0)
- return 0;
-
- sg_mark_end(&desc->frags[desc->fragno - 1]);
-
- skcipher_request_set_crypt(desc->req, desc->frags, desc->frags,
- thislen, desc->iv);
-
- ret = crypto_skcipher_decrypt(desc->req);
- if (ret)
- return ret;
-
- sg_init_table(desc->frags, 4);
-
- if (fraglen) {
- sg_set_page(&desc->frags[0], sg_page(sg), fraglen,
- sg->offset + sg->length - fraglen);
- desc->fragno = 1;
- desc->fraglen = fraglen;
- } else {
- desc->fragno = 0;
- desc->fraglen = 0;
- }
- return 0;
-}
/*
* This function makes the assumption that it was ultimately called
@@ -363,7 +61,7 @@ decryptor(struct scatterlist *sg, void *data)
*
* Even with that guarantee, this function may be called more than
* once in the processing of gss_wrap(). The best we can do is
- * verify at compile-time (see GSS_KRB5_SLACK_CHECK) that the
+ * verify at compile-time (see GSS_KRB5_MAX_SLACK_NEEDED) that the
* largest expected shift will fit within RPC_MAX_AUTH_SIZE.
* At run-time we can verify that a single invocation of this
* function doesn't attempt to use more the RPC_MAX_AUTH_SIZE.
@@ -389,263 +87,6 @@ xdr_extend_head(struct xdr_buf *buf, unsigned int base, unsigned int shiftlen)
return 0;
}
-static u32
-gss_krb5_cts_crypt(struct crypto_sync_skcipher *cipher, struct xdr_buf *buf,
- u32 offset, u8 *iv, struct page **pages, int encrypt)
-{
- u32 ret;
- struct scatterlist sg[1];
- SYNC_SKCIPHER_REQUEST_ON_STACK(req, cipher);
- u8 *data;
- struct page **save_pages;
- u32 len = buf->len - offset;
-
- if (len > GSS_KRB5_MAX_BLOCKSIZE * 2) {
- WARN_ON(0);
- return -ENOMEM;
- }
- data = kmalloc(GSS_KRB5_MAX_BLOCKSIZE * 2, GFP_KERNEL);
- if (!data)
- return -ENOMEM;
-
- /*
- * For encryption, we want to read from the cleartext
- * page cache pages, and write the encrypted data to
- * the supplied xdr_buf pages.
- */
- save_pages = buf->pages;
- if (encrypt)
- buf->pages = pages;
-
- ret = read_bytes_from_xdr_buf(buf, offset, data, len);
- buf->pages = save_pages;
- if (ret)
- goto out;
-
- sg_init_one(sg, data, len);
-
- skcipher_request_set_sync_tfm(req, cipher);
- skcipher_request_set_callback(req, 0, NULL, NULL);
- skcipher_request_set_crypt(req, sg, sg, len, iv);
-
- if (encrypt)
- ret = crypto_skcipher_encrypt(req);
- else
- ret = crypto_skcipher_decrypt(req);
-
- skcipher_request_zero(req);
-
- if (ret)
- goto out;
-
- ret = write_bytes_to_xdr_buf(buf, offset, data, len);
-
-#if IS_ENABLED(CONFIG_KUNIT)
- /*
- * CBC-CTS does not define an output IV but RFC 3962 defines it as the
- * penultimate block of ciphertext, so copy that into the IV buffer
- * before returning.
- */
- if (encrypt)
- memcpy(iv, data, crypto_sync_skcipher_ivsize(cipher));
-#endif
-
-out:
- kfree(data);
- return ret;
-}
-
-/**
- * krb5_cbc_cts_encrypt - encrypt in CBC mode with CTS
- * @cts_tfm: CBC cipher with CTS
- * @cbc_tfm: base CBC cipher
- * @offset: starting byte offset for plaintext
- * @buf: OUT: output buffer
- * @pages: plaintext
- * @iv: output CBC initialization vector, or NULL
- * @ivsize: size of @iv, in octets
- *
- * To provide confidentiality, encrypt using cipher block chaining
- * with ciphertext stealing. Message integrity is handled separately.
- *
- * Return values:
- * %0: encryption successful
- * negative errno: encryption could not be completed
- */
-VISIBLE_IF_KUNIT
-int krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm,
- struct crypto_sync_skcipher *cbc_tfm,
- u32 offset, struct xdr_buf *buf, struct page **pages,
- u8 *iv, unsigned int ivsize)
-{
- u32 blocksize, nbytes, nblocks, cbcbytes;
- struct encryptor_desc desc;
- int err;
-
- blocksize = crypto_sync_skcipher_blocksize(cts_tfm);
- nbytes = buf->len - offset;
- nblocks = (nbytes + blocksize - 1) / blocksize;
- cbcbytes = 0;
- if (nblocks > 2)
- cbcbytes = (nblocks - 2) * blocksize;
-
- memset(desc.iv, 0, sizeof(desc.iv));
-
- /* Handle block-sized chunks of plaintext with CBC. */
- if (cbcbytes) {
- SYNC_SKCIPHER_REQUEST_ON_STACK(req, cbc_tfm);
-
- desc.pos = offset;
- desc.fragno = 0;
- desc.fraglen = 0;
- desc.pages = pages;
- desc.outbuf = buf;
- desc.req = req;
-
- skcipher_request_set_sync_tfm(req, cbc_tfm);
- skcipher_request_set_callback(req, 0, NULL, NULL);
-
- sg_init_table(desc.infrags, 4);
- sg_init_table(desc.outfrags, 4);
-
- err = xdr_process_buf(buf, offset, cbcbytes, encryptor, &desc);
- skcipher_request_zero(req);
- if (err)
- return err;
- }
-
- /* Remaining plaintext is handled with CBC-CTS. */
- err = gss_krb5_cts_crypt(cts_tfm, buf, offset + cbcbytes,
- desc.iv, pages, 1);
- if (err)
- return err;
-
- if (unlikely(iv))
- memcpy(iv, desc.iv, ivsize);
- return 0;
-}
-EXPORT_SYMBOL_IF_KUNIT(krb5_cbc_cts_encrypt);
-
-/**
- * krb5_cbc_cts_decrypt - decrypt in CBC mode with CTS
- * @cts_tfm: CBC cipher with CTS
- * @cbc_tfm: base CBC cipher
- * @offset: starting byte offset for plaintext
- * @buf: OUT: output buffer
- *
- * Return values:
- * %0: decryption successful
- * negative errno: decryption could not be completed
- */
-VISIBLE_IF_KUNIT
-int krb5_cbc_cts_decrypt(struct crypto_sync_skcipher *cts_tfm,
- struct crypto_sync_skcipher *cbc_tfm,
- u32 offset, struct xdr_buf *buf)
-{
- u32 blocksize, nblocks, cbcbytes;
- struct decryptor_desc desc;
- int err;
-
- blocksize = crypto_sync_skcipher_blocksize(cts_tfm);
- nblocks = (buf->len + blocksize - 1) / blocksize;
- cbcbytes = 0;
- if (nblocks > 2)
- cbcbytes = (nblocks - 2) * blocksize;
-
- memset(desc.iv, 0, sizeof(desc.iv));
-
- /* Handle block-sized chunks of plaintext with CBC. */
- if (cbcbytes) {
- SYNC_SKCIPHER_REQUEST_ON_STACK(req, cbc_tfm);
-
- desc.fragno = 0;
- desc.fraglen = 0;
- desc.req = req;
-
- skcipher_request_set_sync_tfm(req, cbc_tfm);
- skcipher_request_set_callback(req, 0, NULL, NULL);
-
- sg_init_table(desc.frags, 4);
-
- err = xdr_process_buf(buf, 0, cbcbytes, decryptor, &desc);
- skcipher_request_zero(req);
- if (err)
- return err;
- }
-
- /* Remaining plaintext is handled with CBC-CTS. */
- return gss_krb5_cts_crypt(cts_tfm, buf, cbcbytes, desc.iv, NULL, 0);
-}
-EXPORT_SYMBOL_IF_KUNIT(krb5_cbc_cts_decrypt);
-
-/**
- * krb5_etm_checksum - Compute a MAC for a GSS Wrap token
- * @cipher: an initialized cipher transform
- * @tfm: an initialized hash transform
- * @body: xdr_buf containing an RPC message (body.len is the message length)
- * @body_offset: byte offset into @body to start checksumming
- * @cksumout: OUT: a buffer to be filled in with the computed HMAC
- *
- * Usually expressed as H = HMAC(K, IV | ciphertext)[1..h] .
- *
- * Caller provides the truncation length of the output token (h) in
- * cksumout.len.
- *
- * Return values:
- * %GSS_S_COMPLETE: Digest computed, @cksumout filled in
- * %GSS_S_FAILURE: Call failed
- */
-VISIBLE_IF_KUNIT
-u32 krb5_etm_checksum(struct crypto_sync_skcipher *cipher,
- struct crypto_ahash *tfm, const struct xdr_buf *body,
- int body_offset, struct xdr_netobj *cksumout)
-{
- unsigned int ivsize = crypto_sync_skcipher_ivsize(cipher);
- struct ahash_request *req;
- struct scatterlist sg[1];
- u8 *iv, *checksumdata;
- int err = -ENOMEM;
-
- checksumdata = kmalloc(crypto_ahash_digestsize(tfm), GFP_KERNEL);
- if (!checksumdata)
- return GSS_S_FAILURE;
- /* For RPCSEC, the "initial cipher state" is always all zeroes. */
- iv = kzalloc(ivsize, GFP_KERNEL);
- if (!iv)
- goto out_free_mem;
-
- req = ahash_request_alloc(tfm, GFP_KERNEL);
- if (!req)
- goto out_free_mem;
- ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
- err = crypto_ahash_init(req);
- if (err)
- goto out_free_ahash;
-
- sg_init_one(sg, iv, ivsize);
- ahash_request_set_crypt(req, sg, NULL, ivsize);
- err = crypto_ahash_update(req);
- if (err)
- goto out_free_ahash;
- err = xdr_process_buf(body, body_offset, body->len - body_offset,
- checksummer, req);
- if (err)
- goto out_free_ahash;
-
- ahash_request_set_crypt(req, NULL, checksumdata, 0);
- err = crypto_ahash_final(req);
- if (err)
- goto out_free_ahash;
- memcpy(cksumout->data, checksumdata, cksumout->len);
-
-out_free_ahash:
- ahash_request_free(req);
-out_free_mem:
- kfree(iv);
- kfree_sensitive(checksumdata);
- return err ? GSS_S_FAILURE : GSS_S_COMPLETE;
-}
-EXPORT_SYMBOL_IF_KUNIT(krb5_etm_checksum);
/**
* gss_krb5_aead_encrypt - Encrypt a wrap token using crypto/krb5
diff --git a/net/sunrpc/auth_gss/gss_krb5_internal.h b/net/sunrpc/auth_gss/gss_krb5_internal.h
index 6b08a7486e0b..208f9df9ea96 100644
--- a/net/sunrpc/auth_gss/gss_krb5_internal.h
+++ b/net/sunrpc/auth_gss/gss_krb5_internal.h
@@ -10,38 +10,8 @@
#include <crypto/krb5.h>
-/*
- * The RFCs often specify payload lengths in bits. This helper
- * converts a specified bit-length to the number of octets/bytes.
- */
-#define BITS2OCTETS(x) ((x) / 8)
-
struct krb5_ctx;
-struct gss_krb5_enctype {
- const u32 etype; /* encryption (key) type */
- const u32 ctype; /* checksum type */
- const char *name; /* "friendly" name */
- const char *encrypt_name; /* crypto encrypt name */
- const char *aux_cipher; /* aux encrypt cipher name */
- const char *cksum_name; /* crypto checksum name */
- const u16 signalg; /* signing algorithm */
- const u16 sealalg; /* sealing algorithm */
- const u32 cksumlength; /* checksum length */
- const u32 keyed_cksum; /* is it a keyed cksum? */
- const u32 keybytes; /* raw key len, in bytes */
- const u32 keylength; /* protocol key length, in octets */
- const u32 Kc_length; /* checksum subkey length, in octets */
- const u32 Ke_length; /* encryption subkey length, in octets */
- const u32 Ki_length; /* integrity subkey length, in octets */
-
- int (*derive_key)(const struct gss_krb5_enctype *gk5e,
- const struct xdr_netobj *in,
- struct xdr_netobj *out,
- const struct xdr_netobj *label,
- gfp_t gfp_mask);
-};
-
/* krb5_ctx flags definitions */
#define KRB5_CTX_FLAG_INITIATOR 0x00000001
#define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY 0x00000004
@@ -50,7 +20,6 @@ struct krb5_ctx {
int initiate; /* 1 = initiating, 0 = accepting */
u32 enctype;
u32 flags;
- const struct gss_krb5_enctype *gk5e; /* enctype-specific info */
const struct krb5_enctype *krb5e; /* crypto/krb5 enctype */
struct crypto_aead *initiator_enc_aead;
struct crypto_aead *acceptor_enc_aead;
@@ -58,7 +27,6 @@ struct krb5_ctx {
struct crypto_shash *acceptor_sign_shash;
u8 Ksess[GSS_KRB5_MAX_KEYLEN]; /* session key */
u8 cksum[GSS_KRB5_MAX_KEYLEN];
- atomic_t seq_send;
atomic64_t seq_send64;
time64_t endtime;
struct xdr_netobj mech_used;
@@ -85,35 +53,6 @@ u32 gss_krb5_unwrap_v2(struct krb5_ctx *kctx, int offset, int len,
* Implementation internal functions
*/
-/* Key Derivation Functions */
-
-int krb5_derive_key_v2(const struct gss_krb5_enctype *gk5e,
- const struct xdr_netobj *inkey,
- struct xdr_netobj *outkey,
- const struct xdr_netobj *label,
- gfp_t gfp_mask);
-
-int krb5_kdf_hmac_sha2(const struct gss_krb5_enctype *gk5e,
- const struct xdr_netobj *inkey,
- struct xdr_netobj *outkey,
- const struct xdr_netobj *in_constant,
- gfp_t gfp_mask);
-
-int krb5_kdf_feedback_cmac(const struct gss_krb5_enctype *gk5e,
- const struct xdr_netobj *inkey,
- struct xdr_netobj *outkey,
- const struct xdr_netobj *in_constant,
- gfp_t gfp_mask);
-
-void krb5_make_confounder(u8 *p, int conflen);
-
-u32 gss_krb5_checksum(struct crypto_ahash *tfm, char *header, int hdrlen,
- const struct xdr_buf *body, int body_offset,
- struct xdr_netobj *cksumout);
-
-u32 krb5_encrypt(struct crypto_sync_skcipher *key, void *iv, void *in,
- void *out, int length);
-
int xdr_extend_head(struct xdr_buf *buf, unsigned int base,
unsigned int shiftlen);
@@ -130,19 +69,5 @@ u32 gss_krb5_aead_encrypt(struct krb5_ctx *kctx, u32 offset,
u32 gss_krb5_aead_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len,
struct xdr_buf *buf, u32 *headskip, u32 *tailskip);
-#if IS_ENABLED(CONFIG_KUNIT)
-void krb5_nfold(u32 inbits, const u8 *in, u32 outbits, u8 *out);
-const struct gss_krb5_enctype *gss_krb5_lookup_enctype(u32 etype);
-int krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm,
- struct crypto_sync_skcipher *cbc_tfm, u32 offset,
- struct xdr_buf *buf, struct page **pages,
- u8 *iv, unsigned int ivsize);
-int krb5_cbc_cts_decrypt(struct crypto_sync_skcipher *cts_tfm,
- struct crypto_sync_skcipher *cbc_tfm,
- u32 offset, struct xdr_buf *buf);
-u32 krb5_etm_checksum(struct crypto_sync_skcipher *cipher,
- struct crypto_ahash *tfm, const struct xdr_buf *body,
- int body_offset, struct xdr_netobj *cksumout);
-#endif
#endif /* _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H */
diff --git a/net/sunrpc/auth_gss/gss_krb5_keys.c b/net/sunrpc/auth_gss/gss_krb5_keys.c
deleted file mode 100644
index 4eb19c3a54c7..000000000000
--- a/net/sunrpc/auth_gss/gss_krb5_keys.c
+++ /dev/null
@@ -1,546 +0,0 @@
-/*
- * COPYRIGHT (c) 2008
- * The Regents of the University of Michigan
- * ALL RIGHTS RESERVED
- *
- * Permission is granted to use, copy, create derivative works
- * and redistribute this software and such derivative works
- * for any purpose, so long as the name of The University of
- * Michigan is not used in any advertising or publicity
- * pertaining to the use of distribution of this software
- * without specific, written prior authorization. If the
- * above copyright notice or any other identification of the
- * University of Michigan is included in any copy of any
- * portion of this software, then the disclaimer below must
- * also be included.
- *
- * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
- * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
- * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
- * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
- * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
- * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
- * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
- * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
- * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGES.
- */
-
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government. It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. FundsXpress makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include <crypto/skcipher.h>
-#include <linux/err.h>
-#include <linux/types.h>
-#include <linux/sunrpc/gss_krb5.h>
-#include <linux/sunrpc/xdr.h>
-#include <linux/lcm.h>
-#include <crypto/hash.h>
-#include <kunit/visibility.h>
-
-#include "gss_krb5_internal.h"
-
-#if IS_ENABLED(CONFIG_SUNRPC_DEBUG)
-# define RPCDBG_FACILITY RPCDBG_AUTH
-#endif
-
-/**
- * krb5_nfold - n-fold function
- * @inbits: number of bits in @in
- * @in: buffer containing input to fold
- * @outbits: number of bits in the output buffer
- * @out: buffer to hold the result
- *
- * This is the n-fold function as described in rfc3961, sec 5.1
- * Taken from MIT Kerberos and modified.
- */
-VISIBLE_IF_KUNIT
-void krb5_nfold(u32 inbits, const u8 *in, u32 outbits, u8 *out)
-{
- unsigned long ulcm;
- int byte, i, msbit;
-
- /* the code below is more readable if I make these bytes
- instead of bits */
-
- inbits >>= 3;
- outbits >>= 3;
-
- /* first compute lcm(n,k) */
- ulcm = lcm(inbits, outbits);
-
- /* now do the real work */
-
- memset(out, 0, outbits);
- byte = 0;
-
- /* this will end up cycling through k lcm(k,n)/k times, which
- is correct */
- for (i = ulcm-1; i >= 0; i--) {
- /* compute the msbit in k which gets added into this byte */
- msbit = (
- /* first, start with the msbit in the first,
- * unrotated byte */
- ((inbits << 3) - 1)
- /* then, for each byte, shift to the right
- * for each repetition */
- + (((inbits << 3) + 13) * (i/inbits))
- /* last, pick out the correct byte within
- * that shifted repetition */
- + ((inbits - (i % inbits)) << 3)
- ) % (inbits << 3);
-
- /* pull out the byte value itself */
- byte += (((in[((inbits - 1) - (msbit >> 3)) % inbits] << 8)|
- (in[((inbits) - (msbit >> 3)) % inbits]))
- >> ((msbit & 7) + 1)) & 0xff;
-
- /* do the addition */
- byte += out[i % outbits];
- out[i % outbits] = byte & 0xff;
-
- /* keep around the carry bit, if any */
- byte >>= 8;
-
- }
-
- /* if there's a carry bit left over, add it back in */
- if (byte) {
- for (i = outbits - 1; i >= 0; i--) {
- /* do the addition */
- byte += out[i];
- out[i] = byte & 0xff;
-
- /* keep around the carry bit, if any */
- byte >>= 8;
- }
- }
-}
-EXPORT_SYMBOL_IF_KUNIT(krb5_nfold);
-
-/*
- * This is the DK (derive_key) function as described in rfc3961, sec 5.1
- * Taken from MIT Kerberos and modified.
- */
-static int krb5_DK(const struct gss_krb5_enctype *gk5e,
- const struct xdr_netobj *inkey, u8 *rawkey,
- const struct xdr_netobj *in_constant, gfp_t gfp_mask)
-{
- size_t blocksize, keybytes, keylength, n;
- unsigned char *inblockdata, *outblockdata;
- struct xdr_netobj inblock, outblock;
- struct crypto_sync_skcipher *cipher;
- int ret = -EINVAL;
-
- keybytes = gk5e->keybytes;
- keylength = gk5e->keylength;
-
- if (inkey->len != keylength)
- goto err_return;
-
- cipher = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
- if (IS_ERR(cipher))
- goto err_return;
- blocksize = crypto_sync_skcipher_blocksize(cipher);
- if (crypto_sync_skcipher_setkey(cipher, inkey->data, inkey->len))
- goto err_free_cipher;
-
- ret = -ENOMEM;
- inblockdata = kmalloc(blocksize, gfp_mask);
- if (inblockdata == NULL)
- goto err_free_cipher;
-
- outblockdata = kmalloc(blocksize, gfp_mask);
- if (outblockdata == NULL)
- goto err_free_in;
-
- inblock.data = (char *) inblockdata;
- inblock.len = blocksize;
-
- outblock.data = (char *) outblockdata;
- outblock.len = blocksize;
-
- /* initialize the input block */
-
- if (in_constant->len == inblock.len) {
- memcpy(inblock.data, in_constant->data, inblock.len);
- } else {
- krb5_nfold(in_constant->len * 8, in_constant->data,
- inblock.len * 8, inblock.data);
- }
-
- /* loop encrypting the blocks until enough key bytes are generated */
-
- n = 0;
- while (n < keybytes) {
- krb5_encrypt(cipher, NULL, inblock.data, outblock.data,
- inblock.len);
-
- if ((keybytes - n) <= outblock.len) {
- memcpy(rawkey + n, outblock.data, (keybytes - n));
- break;
- }
-
- memcpy(rawkey + n, outblock.data, outblock.len);
- memcpy(inblock.data, outblock.data, outblock.len);
- n += outblock.len;
- }
-
- ret = 0;
-
- kfree_sensitive(outblockdata);
-err_free_in:
- kfree_sensitive(inblockdata);
-err_free_cipher:
- crypto_free_sync_skcipher(cipher);
-err_return:
- return ret;
-}
-
-/*
- * This is the identity function, with some sanity checking.
- */
-static int krb5_random_to_key_v2(const struct gss_krb5_enctype *gk5e,
- struct xdr_netobj *randombits,
- struct xdr_netobj *key)
-{
- int ret = -EINVAL;
-
- if (key->len != 16 && key->len != 32) {
- dprintk("%s: key->len is %d\n", __func__, key->len);
- goto err_out;
- }
- if (randombits->len != 16 && randombits->len != 32) {
- dprintk("%s: randombits->len is %d\n",
- __func__, randombits->len);
- goto err_out;
- }
- if (randombits->len != key->len) {
- dprintk("%s: randombits->len is %d, key->len is %d\n",
- __func__, randombits->len, key->len);
- goto err_out;
- }
- memcpy(key->data, randombits->data, key->len);
- ret = 0;
-err_out:
- return ret;
-}
-
-/**
- * krb5_derive_key_v2 - Derive a subkey for an RFC 3962 enctype
- * @gk5e: Kerberos 5 enctype profile
- * @inkey: base protocol key
- * @outkey: OUT: derived key
- * @label: subkey usage label
- * @gfp_mask: memory allocation control flags
- *
- * Caller sets @outkey->len to the desired length of the derived key.
- *
- * On success, returns 0 and fills in @outkey. A negative errno value
- * is returned on failure.
- */
-int krb5_derive_key_v2(const struct gss_krb5_enctype *gk5e,
- const struct xdr_netobj *inkey,
- struct xdr_netobj *outkey,
- const struct xdr_netobj *label,
- gfp_t gfp_mask)
-{
- struct xdr_netobj inblock;
- int ret;
-
- inblock.len = gk5e->keybytes;
- inblock.data = kmalloc(inblock.len, gfp_mask);
- if (!inblock.data)
- return -ENOMEM;
-
- ret = krb5_DK(gk5e, inkey, inblock.data, label, gfp_mask);
- if (!ret)
- ret = krb5_random_to_key_v2(gk5e, &inblock, outkey);
-
- kfree_sensitive(inblock.data);
- return ret;
-}
-
-/*
- * K(i) = CMAC(key, K(i-1) | i | constant | 0x00 | k)
- *
- * i: A block counter is used with a length of 4 bytes, represented
- * in big-endian order.
- *
- * constant: The label input to the KDF is the usage constant supplied
- * to the key derivation function
- *
- * k: The length of the output key in bits, represented as a 4-byte
- * string in big-endian order.
- *
- * Caller fills in K(i-1) in @step, and receives the result K(i)
- * in the same buffer.
- */
-static int
-krb5_cmac_Ki(struct crypto_shash *tfm, const struct xdr_netobj *constant,
- u32 outlen, u32 count, struct xdr_netobj *step)
-{
- __be32 k = cpu_to_be32(outlen * 8);
- SHASH_DESC_ON_STACK(desc, tfm);
- __be32 i = cpu_to_be32(count);
- u8 zero = 0;
- int ret;
-
- desc->tfm = tfm;
- ret = crypto_shash_init(desc);
- if (ret)
- goto out_err;
-
- ret = crypto_shash_update(desc, step->data, step->len);
- if (ret)
- goto out_err;
- ret = crypto_shash_update(desc, (u8 *)&i, sizeof(i));
- if (ret)
- goto out_err;
- ret = crypto_shash_update(desc, constant->data, constant->len);
- if (ret)
- goto out_err;
- ret = crypto_shash_update(desc, &zero, sizeof(zero));
- if (ret)
- goto out_err;
- ret = crypto_shash_update(desc, (u8 *)&k, sizeof(k));
- if (ret)
- goto out_err;
- ret = crypto_shash_final(desc, step->data);
- if (ret)
- goto out_err;
-
-out_err:
- shash_desc_zero(desc);
- return ret;
-}
-
-/**
- * krb5_kdf_feedback_cmac - Derive a subkey for a Camellia/CMAC-based enctype
- * @gk5e: Kerberos 5 enctype parameters
- * @inkey: base protocol key
- * @outkey: OUT: derived key
- * @constant: subkey usage label
- * @gfp_mask: memory allocation control flags
- *
- * RFC 6803 Section 3:
- *
- * "We use a key derivation function from the family specified in
- * [SP800-108], Section 5.2, 'KDF in Feedback Mode'."
- *
- * n = ceiling(k / 128)
- * K(0) = zeros
- * K(i) = CMAC(key, K(i-1) | i | constant | 0x00 | k)
- * DR(key, constant) = k-truncate(K(1) | K(2) | ... | K(n))
- * KDF-FEEDBACK-CMAC(key, constant) = random-to-key(DR(key, constant))
- *
- * Caller sets @outkey->len to the desired length of the derived key (k).
- *
- * On success, returns 0 and fills in @outkey. A negative errno value
- * is returned on failure.
- */
-int
-krb5_kdf_feedback_cmac(const struct gss_krb5_enctype *gk5e,
- const struct xdr_netobj *inkey,
- struct xdr_netobj *outkey,
- const struct xdr_netobj *constant,
- gfp_t gfp_mask)
-{
- struct xdr_netobj step = { .data = NULL };
- struct xdr_netobj DR = { .data = NULL };
- unsigned int blocksize, offset;
- struct crypto_shash *tfm;
- int n, count, ret;
-
- /*
- * This implementation assumes the CMAC used for an enctype's
- * key derivation is the same as the CMAC used for its
- * checksumming. This happens to be true for enctypes that
- * are currently supported by this implementation.
- */
- tfm = crypto_alloc_shash(gk5e->cksum_name, 0, 0);
- if (IS_ERR(tfm)) {
- ret = PTR_ERR(tfm);
- goto out;
- }
- ret = crypto_shash_setkey(tfm, inkey->data, inkey->len);
- if (ret)
- goto out_free_tfm;
-
- blocksize = crypto_shash_digestsize(tfm);
- n = (outkey->len + blocksize - 1) / blocksize;
-
- /* K(0) is all zeroes */
- ret = -ENOMEM;
- step.len = blocksize;
- step.data = kzalloc(step.len, gfp_mask);
- if (!step.data)
- goto out_free_tfm;
-
- DR.len = blocksize * n;
- DR.data = kmalloc(DR.len, gfp_mask);
- if (!DR.data)
- goto out_free_tfm;
-
- /* XXX: Does not handle partial-block key sizes */
- for (offset = 0, count = 1; count <= n; count++) {
- ret = krb5_cmac_Ki(tfm, constant, outkey->len, count, &step);
- if (ret)
- goto out_free_tfm;
-
- memcpy(DR.data + offset, step.data, blocksize);
- offset += blocksize;
- }
-
- /* k-truncate and random-to-key */
- memcpy(outkey->data, DR.data, outkey->len);
- ret = 0;
-
-out_free_tfm:
- crypto_free_shash(tfm);
-out:
- kfree_sensitive(step.data);
- kfree_sensitive(DR.data);
- return ret;
-}
-
-/*
- * K1 = HMAC-SHA(key, 0x00000001 | label | 0x00 | k)
- *
- * key: The source of entropy from which subsequent keys are derived.
- *
- * label: An octet string describing the intended usage of the
- * derived key.
- *
- * k: Length in bits of the key to be outputted, expressed in
- * big-endian binary representation in 4 bytes.
- */
-static int
-krb5_hmac_K1(struct crypto_shash *tfm, const struct xdr_netobj *label,
- u32 outlen, struct xdr_netobj *K1)
-{
- __be32 k = cpu_to_be32(outlen * 8);
- SHASH_DESC_ON_STACK(desc, tfm);
- __be32 one = cpu_to_be32(1);
- u8 zero = 0;
- int ret;
-
- desc->tfm = tfm;
- ret = crypto_shash_init(desc);
- if (ret)
- goto out_err;
- ret = crypto_shash_update(desc, (u8 *)&one, sizeof(one));
- if (ret)
- goto out_err;
- ret = crypto_shash_update(desc, label->data, label->len);
- if (ret)
- goto out_err;
- ret = crypto_shash_update(desc, &zero, sizeof(zero));
- if (ret)
- goto out_err;
- ret = crypto_shash_update(desc, (u8 *)&k, sizeof(k));
- if (ret)
- goto out_err;
- ret = crypto_shash_final(desc, K1->data);
- if (ret)
- goto out_err;
-
-out_err:
- shash_desc_zero(desc);
- return ret;
-}
-
-/**
- * krb5_kdf_hmac_sha2 - Derive a subkey for an AES/SHA2-based enctype
- * @gk5e: Kerberos 5 enctype policy parameters
- * @inkey: base protocol key
- * @outkey: OUT: derived key
- * @label: subkey usage label
- * @gfp_mask: memory allocation control flags
- *
- * RFC 8009 Section 3:
- *
- * "We use a key derivation function from Section 5.1 of [SP800-108],
- * which uses the HMAC algorithm as the PRF."
- *
- * function KDF-HMAC-SHA2(key, label, [context,] k):
- * k-truncate(K1)
- *
- * Caller sets @outkey->len to the desired length of the derived key.
- *
- * On success, returns 0 and fills in @outkey. A negative errno value
- * is returned on failure.
- */
-int
-krb5_kdf_hmac_sha2(const struct gss_krb5_enctype *gk5e,
- const struct xdr_netobj *inkey,
- struct xdr_netobj *outkey,
- const struct xdr_netobj *label,
- gfp_t gfp_mask)
-{
- struct crypto_shash *tfm;
- struct xdr_netobj K1 = {
- .data = NULL,
- };
- int ret;
-
- /*
- * This implementation assumes the HMAC used for an enctype's
- * key derivation is the same as the HMAC used for its
- * checksumming. This happens to be true for enctypes that
- * are currently supported by this implementation.
- */
- tfm = crypto_alloc_shash(gk5e->cksum_name, 0, 0);
- if (IS_ERR(tfm)) {
- ret = PTR_ERR(tfm);
- goto out;
- }
- ret = crypto_shash_setkey(tfm, inkey->data, inkey->len);
- if (ret)
- goto out_free_tfm;
-
- K1.len = crypto_shash_digestsize(tfm);
- K1.data = kmalloc(K1.len, gfp_mask);
- if (!K1.data) {
- ret = -ENOMEM;
- goto out_free_tfm;
- }
-
- ret = krb5_hmac_K1(tfm, label, outkey->len, &K1);
- if (ret)
- goto out_free_tfm;
-
- /* k-truncate and random-to-key */
- memcpy(outkey->data, K1.data, outkey->len);
-
-out_free_tfm:
- kfree_sensitive(K1.data);
- crypto_free_shash(tfm);
-out:
- return ret;
-}
diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c
index d8cb79fd2463..5a52fd84f946 100644
--- a/net/sunrpc/auth_gss/gss_krb5_mech.c
+++ b/net/sunrpc/auth_gss/gss_krb5_mech.c
@@ -17,7 +17,6 @@
#include <linux/sunrpc/auth.h>
#include <linux/sunrpc/gss_krb5.h>
#include <linux/sunrpc/xdr.h>
-#include <kunit/visibility.h>
#include "auth_gss_internal.h"
#include "gss_krb5_internal.h"
@@ -28,141 +27,6 @@
static struct gss_api_mech gss_kerberos_mech;
-static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = {
-#if defined(CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1)
- /*
- * AES-128 with SHA-1 (RFC 3962)
- */
- {
- .etype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
- .ctype = CKSUMTYPE_HMAC_SHA1_96_AES128,
- .name = "aes128-cts",
- .encrypt_name = "cts(cbc(aes))",
- .aux_cipher = "cbc(aes)",
- .cksum_name = "hmac(sha1)",
- .derive_key = krb5_derive_key_v2,
-
- .signalg = -1,
- .sealalg = -1,
- .keybytes = 16,
- .keylength = BITS2OCTETS(128),
- .Kc_length = BITS2OCTETS(128),
- .Ke_length = BITS2OCTETS(128),
- .Ki_length = BITS2OCTETS(128),
- .cksumlength = BITS2OCTETS(96),
- .keyed_cksum = 1,
- },
- /*
- * AES-256 with SHA-1 (RFC 3962)
- */
- {
- .etype = ENCTYPE_AES256_CTS_HMAC_SHA1_96,
- .ctype = CKSUMTYPE_HMAC_SHA1_96_AES256,
- .name = "aes256-cts",
- .encrypt_name = "cts(cbc(aes))",
- .aux_cipher = "cbc(aes)",
- .cksum_name = "hmac(sha1)",
- .derive_key = krb5_derive_key_v2,
-
- .signalg = -1,
- .sealalg = -1,
- .keybytes = 32,
- .keylength = BITS2OCTETS(256),
- .Kc_length = BITS2OCTETS(256),
- .Ke_length = BITS2OCTETS(256),
- .Ki_length = BITS2OCTETS(256),
- .cksumlength = BITS2OCTETS(96),
- .keyed_cksum = 1,
- },
-#endif
-
-#if defined(CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA)
- /*
- * Camellia-128 with CMAC (RFC 6803)
- */
- {
- .etype = ENCTYPE_CAMELLIA128_CTS_CMAC,
- .ctype = CKSUMTYPE_CMAC_CAMELLIA128,
- .name = "camellia128-cts-cmac",
- .encrypt_name = "cts(cbc(camellia))",
- .aux_cipher = "cbc(camellia)",
- .cksum_name = "cmac(camellia)",
- .cksumlength = BITS2OCTETS(128),
- .keyed_cksum = 1,
- .keylength = BITS2OCTETS(128),
- .Kc_length = BITS2OCTETS(128),
- .Ke_length = BITS2OCTETS(128),
- .Ki_length = BITS2OCTETS(128),
-
- .derive_key = krb5_kdf_feedback_cmac,
-
- },
- /*
- * Camellia-256 with CMAC (RFC 6803)
- */
- {
- .etype = ENCTYPE_CAMELLIA256_CTS_CMAC,
- .ctype = CKSUMTYPE_CMAC_CAMELLIA256,
- .name = "camellia256-cts-cmac",
- .encrypt_name = "cts(cbc(camellia))",
- .aux_cipher = "cbc(camellia)",
- .cksum_name = "cmac(camellia)",
- .cksumlength = BITS2OCTETS(128),
- .keyed_cksum = 1,
- .keylength = BITS2OCTETS(256),
- .Kc_length = BITS2OCTETS(256),
- .Ke_length = BITS2OCTETS(256),
- .Ki_length = BITS2OCTETS(256),
-
- .derive_key = krb5_kdf_feedback_cmac,
-
- },
-#endif
-
-#if defined(CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2)
- /*
- * AES-128 with SHA-256 (RFC 8009)
- */
- {
- .etype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
- .ctype = CKSUMTYPE_HMAC_SHA256_128_AES128,
- .name = "aes128-cts-hmac-sha256-128",
- .encrypt_name = "cts(cbc(aes))",
- .aux_cipher = "cbc(aes)",
- .cksum_name = "hmac(sha256)",
- .cksumlength = BITS2OCTETS(128),
- .keyed_cksum = 1,
- .keylength = BITS2OCTETS(128),
- .Kc_length = BITS2OCTETS(128),
- .Ke_length = BITS2OCTETS(128),
- .Ki_length = BITS2OCTETS(128),
-
- .derive_key = krb5_kdf_hmac_sha2,
-
- },
- /*
- * AES-256 with SHA-384 (RFC 8009)
- */
- {
- .etype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
- .ctype = CKSUMTYPE_HMAC_SHA384_192_AES256,
- .name = "aes256-cts-hmac-sha384-192",
- .encrypt_name = "cts(cbc(aes))",
- .aux_cipher = "cbc(aes)",
- .cksum_name = "hmac(sha384)",
- .cksumlength = BITS2OCTETS(192),
- .keyed_cksum = 1,
- .keylength = BITS2OCTETS(256),
- .Kc_length = BITS2OCTETS(192),
- .Ke_length = BITS2OCTETS(256),
- .Ki_length = BITS2OCTETS(192),
-
- .derive_key = krb5_kdf_hmac_sha2,
-
- },
-#endif
-};
-
/*
* The list of advertised enctypes is specified in order of most
* preferred to least.
@@ -204,30 +68,11 @@ static void gss_krb5_prepare_enctype_priority_list(void)
}
}
-/**
- * gss_krb5_lookup_enctype - Retrieve profile information for a given enctype
- * @etype: ENCTYPE value
- *
- * Returns a pointer to a gss_krb5_enctype structure, or NULL if no
- * matching etype is found.
- */
-VISIBLE_IF_KUNIT
-const struct gss_krb5_enctype *gss_krb5_lookup_enctype(u32 etype)
-{
- size_t i;
-
- for (i = 0; i < ARRAY_SIZE(supported_gss_krb5_enctypes); i++)
- if (supported_gss_krb5_enctypes[i].etype == etype)
- return &supported_gss_krb5_enctypes[i];
- return NULL;
-}
-EXPORT_SYMBOL_IF_KUNIT(gss_krb5_lookup_enctype);
-
static int
gss_krb5_import_ctx_v2(struct krb5_ctx *ctx, gfp_t gfp_mask)
{
struct krb5_buffer TK = {
- .len = ctx->gk5e->keylength,
+ .len = ctx->krb5e->key_len,
.data = ctx->Ksess,
};
int ret;
@@ -298,32 +143,17 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx,
if (IS_ERR(p))
goto out_err;
atomic64_set(&ctx->seq_send64, seq_send64);
- /* set seq_send for use by "older" enctypes */
- atomic_set(&ctx->seq_send, seq_send64);
- if (seq_send64 != atomic_read(&ctx->seq_send)) {
- dprintk("%s: seq_send64 %llx, seq_send %x overflow?\n", __func__,
- seq_send64, atomic_read(&ctx->seq_send));
- p = ERR_PTR(-EINVAL);
- goto out_err;
- }
p = simple_get_bytes(p, end, &ctx->enctype, sizeof(ctx->enctype));
if (IS_ERR(p))
goto out_err;
- ctx->gk5e = gss_krb5_lookup_enctype(ctx->enctype);
- if (ctx->gk5e == NULL) {
+ ctx->krb5e = crypto_krb5_find_enctype(ctx->enctype);
+ if (!ctx->krb5e) {
dprintk("gss_kerberos_mech: unsupported krb5 enctype %u\n",
ctx->enctype);
p = ERR_PTR(-EINVAL);
goto out_err;
}
- ctx->krb5e = crypto_krb5_find_enctype(ctx->enctype);
- if (!ctx->krb5e) {
- dprintk("gss_kerberos_mech: crypto/krb5 missing enctype %u\n",
- ctx->enctype);
- p = ERR_PTR(-EINVAL);
- goto out_err;
- }
- keylen = ctx->gk5e->keylength;
+ keylen = ctx->krb5e->key_len;
p = simple_get_bytes(p, end, ctx->Ksess, keylen);
if (IS_ERR(p))
diff --git a/net/sunrpc/auth_gss/gss_krb5_test.c b/net/sunrpc/auth_gss/gss_krb5_test.c
deleted file mode 100644
index dde1ee934d0d..000000000000
--- a/net/sunrpc/auth_gss/gss_krb5_test.c
+++ /dev/null
@@ -1,1868 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-/*
- * Copyright (c) 2022 Oracle and/or its affiliates.
- *
- * KUnit test of SunRPC's GSS Kerberos mechanism. Subsystem
- * name is "rpcsec_gss_krb5".
- */
-
-#include <kunit/test.h>
-#include <kunit/visibility.h>
-
-#include <linux/kernel.h>
-#include <crypto/hash.h>
-
-#include <linux/sunrpc/xdr.h>
-#include <linux/sunrpc/gss_krb5.h>
-
-#include "gss_krb5_internal.h"
-
-MODULE_IMPORT_NS("EXPORTED_FOR_KUNIT_TESTING");
-
-struct gss_krb5_test_param {
- const char *desc;
- u32 enctype;
- u32 nfold;
- u32 constant;
- const struct xdr_netobj *base_key;
- const struct xdr_netobj *Ke;
- const struct xdr_netobj *usage;
- const struct xdr_netobj *plaintext;
- const struct xdr_netobj *confounder;
- const struct xdr_netobj *expected_result;
- const struct xdr_netobj *expected_hmac;
- const struct xdr_netobj *next_iv;
-};
-
-static inline void gss_krb5_get_desc(const struct gss_krb5_test_param *param,
- char *desc)
-{
- strscpy(desc, param->desc, KUNIT_PARAM_DESC_SIZE);
-}
-
-static void kdf_case(struct kunit *test)
-{
- const struct gss_krb5_test_param *param = test->param_value;
- const struct gss_krb5_enctype *gk5e;
- struct xdr_netobj derivedkey;
- int err;
-
- /* Arrange */
- gk5e = gss_krb5_lookup_enctype(param->enctype);
- if (!gk5e)
- kunit_skip(test, "Encryption type is not available");
-
- derivedkey.data = kunit_kzalloc(test, param->expected_result->len,
- GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, derivedkey.data);
- derivedkey.len = param->expected_result->len;
-
- /* Act */
- err = gk5e->derive_key(gk5e, param->base_key, &derivedkey,
- param->usage, GFP_KERNEL);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- /* Assert */
- KUNIT_EXPECT_MEMEQ_MSG(test,
- param->expected_result->data,
- derivedkey.data,
- derivedkey.len,
- "key mismatch");
-}
-
-static void checksum_case(struct kunit *test)
-{
- const struct gss_krb5_test_param *param = test->param_value;
- struct xdr_buf buf = {
- .head[0].iov_len = param->plaintext->len,
- .len = param->plaintext->len,
- };
- const struct gss_krb5_enctype *gk5e;
- struct xdr_netobj Kc, checksum;
- struct crypto_ahash *tfm;
- int err;
-
- /* Arrange */
- gk5e = gss_krb5_lookup_enctype(param->enctype);
- if (!gk5e)
- kunit_skip(test, "Encryption type is not available");
-
- Kc.len = gk5e->Kc_length;
- Kc.data = kunit_kzalloc(test, Kc.len, GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Kc.data);
- err = gk5e->derive_key(gk5e, param->base_key, &Kc,
- param->usage, GFP_KERNEL);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, tfm);
- err = crypto_ahash_setkey(tfm, Kc.data, Kc.len);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- buf.head[0].iov_base = kunit_kzalloc(test, buf.head[0].iov_len, GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, buf.head[0].iov_base);
- memcpy(buf.head[0].iov_base, param->plaintext->data, buf.head[0].iov_len);
-
- checksum.len = gk5e->cksumlength;
- checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data);
-
- /* Act */
- err = gss_krb5_checksum(tfm, NULL, 0, &buf, 0, &checksum);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- /* Assert */
- KUNIT_EXPECT_MEMEQ_MSG(test,
- param->expected_result->data,
- checksum.data,
- checksum.len,
- "checksum mismatch");
-
- crypto_free_ahash(tfm);
-}
-
-#define DEFINE_HEX_XDR_NETOBJ(name, hex_array...) \
- static const u8 name ## _data[] = { hex_array }; \
- static const struct xdr_netobj name = { \
- .data = (u8 *)name##_data, \
- .len = sizeof(name##_data), \
- }
-
-#define DEFINE_STR_XDR_NETOBJ(name, string) \
- static const u8 name ## _str[] = string; \
- static const struct xdr_netobj name = { \
- .data = (u8 *)name##_str, \
- .len = sizeof(name##_str) - 1, \
- }
-
-/*
- * RFC 3961 Appendix A.1. n-fold
- *
- * The n-fold function is defined in section 5.1 of RFC 3961.
- *
- * This test material is copyright (C) The Internet Society (2005).
- */
-
-DEFINE_HEX_XDR_NETOBJ(nfold_test1_plaintext,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35
-);
-DEFINE_HEX_XDR_NETOBJ(nfold_test1_expected_result,
- 0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55
-);
-
-DEFINE_HEX_XDR_NETOBJ(nfold_test2_plaintext,
- 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64
-);
-DEFINE_HEX_XDR_NETOBJ(nfold_test2_expected_result,
- 0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa
-);
-
-DEFINE_HEX_XDR_NETOBJ(nfold_test3_plaintext,
- 0x52, 0x6f, 0x75, 0x67, 0x68, 0x20, 0x43, 0x6f,
- 0x6e, 0x73, 0x65, 0x6e, 0x73, 0x75, 0x73, 0x2c,
- 0x20, 0x61, 0x6e, 0x64, 0x20, 0x52, 0x75, 0x6e,
- 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x43, 0x6f, 0x64,
- 0x65
-);
-DEFINE_HEX_XDR_NETOBJ(nfold_test3_expected_result,
- 0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0
-);
-
-DEFINE_HEX_XDR_NETOBJ(nfold_test4_plaintext,
- 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64
-);
-DEFINE_HEX_XDR_NETOBJ(nfold_test4_expected_result,
- 0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3,
- 0xc3, 0x7b, 0x3f, 0x6d, 0x20, 0x00, 0x24, 0x7c,
- 0xb6, 0xe6, 0xbd, 0x5b, 0x3e
-);
-
-DEFINE_HEX_XDR_NETOBJ(nfold_test5_plaintext,
- 0x4d, 0x41, 0x53, 0x53, 0x41, 0x43, 0x48, 0x56,
- 0x53, 0x45, 0x54, 0x54, 0x53, 0x20, 0x49, 0x4e,
- 0x53, 0x54, 0x49, 0x54, 0x56, 0x54, 0x45, 0x20,
- 0x4f, 0x46, 0x20, 0x54, 0x45, 0x43, 0x48, 0x4e,
- 0x4f, 0x4c, 0x4f, 0x47, 0x59
-);
-DEFINE_HEX_XDR_NETOBJ(nfold_test5_expected_result,
- 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60,
- 0x32, 0x82, 0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22,
- 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b
-);
-
-DEFINE_HEX_XDR_NETOBJ(nfold_test6_plaintext,
- 0x51
-);
-DEFINE_HEX_XDR_NETOBJ(nfold_test6_expected_result,
- 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a,
- 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a,
- 0x51, 0x8a, 0x54, 0xa2, 0x15
-);
-
-DEFINE_HEX_XDR_NETOBJ(nfold_test7_plaintext,
- 0x62, 0x61
-);
-DEFINE_HEX_XDR_NETOBJ(nfold_test7_expected_result,
- 0xfb, 0x25, 0xd5, 0x31, 0xae, 0x89, 0x74, 0x49,
- 0x9f, 0x52, 0xfd, 0x92, 0xea, 0x98, 0x57, 0xc4,
- 0xba, 0x24, 0xcf, 0x29, 0x7e
-);
-
-DEFINE_HEX_XDR_NETOBJ(nfold_test_kerberos,
- 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73
-);
-DEFINE_HEX_XDR_NETOBJ(nfold_test8_expected_result,
- 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73
-);
-DEFINE_HEX_XDR_NETOBJ(nfold_test9_expected_result,
- 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73,
- 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93
-);
-DEFINE_HEX_XDR_NETOBJ(nfold_test10_expected_result,
- 0x83, 0x72, 0xc2, 0x36, 0x34, 0x4e, 0x5f, 0x15,
- 0x50, 0xcd, 0x07, 0x47, 0xe1, 0x5d, 0x62, 0xca,
- 0x7a, 0x5a, 0x3b, 0xce, 0xa4
-);
-DEFINE_HEX_XDR_NETOBJ(nfold_test11_expected_result,
- 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73,
- 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93,
- 0x5c, 0x9b, 0xdc, 0xda, 0xd9, 0x5c, 0x98, 0x99,
- 0xc4, 0xca, 0xe4, 0xde, 0xe6, 0xd6, 0xca, 0xe4
-);
-
-static const struct gss_krb5_test_param rfc3961_nfold_test_params[] = {
- {
- .desc = "64-fold(\"012345\")",
- .nfold = 64,
- .plaintext = &nfold_test1_plaintext,
- .expected_result = &nfold_test1_expected_result,
- },
- {
- .desc = "56-fold(\"password\")",
- .nfold = 56,
- .plaintext = &nfold_test2_plaintext,
- .expected_result = &nfold_test2_expected_result,
- },
- {
- .desc = "64-fold(\"Rough Consensus, and Running Code\")",
- .nfold = 64,
- .plaintext = &nfold_test3_plaintext,
- .expected_result = &nfold_test3_expected_result,
- },
- {
- .desc = "168-fold(\"password\")",
- .nfold = 168,
- .plaintext = &nfold_test4_plaintext,
- .expected_result = &nfold_test4_expected_result,
- },
- {
- .desc = "192-fold(\"MASSACHVSETTS INSTITVTE OF TECHNOLOGY\")",
- .nfold = 192,
- .plaintext = &nfold_test5_plaintext,
- .expected_result = &nfold_test5_expected_result,
- },
- {
- .desc = "168-fold(\"Q\")",
- .nfold = 168,
- .plaintext = &nfold_test6_plaintext,
- .expected_result = &nfold_test6_expected_result,
- },
- {
- .desc = "168-fold(\"ba\")",
- .nfold = 168,
- .plaintext = &nfold_test7_plaintext,
- .expected_result = &nfold_test7_expected_result,
- },
- {
- .desc = "64-fold(\"kerberos\")",
- .nfold = 64,
- .plaintext = &nfold_test_kerberos,
- .expected_result = &nfold_test8_expected_result,
- },
- {
- .desc = "128-fold(\"kerberos\")",
- .nfold = 128,
- .plaintext = &nfold_test_kerberos,
- .expected_result = &nfold_test9_expected_result,
- },
- {
- .desc = "168-fold(\"kerberos\")",
- .nfold = 168,
- .plaintext = &nfold_test_kerberos,
- .expected_result = &nfold_test10_expected_result,
- },
- {
- .desc = "256-fold(\"kerberos\")",
- .nfold = 256,
- .plaintext = &nfold_test_kerberos,
- .expected_result = &nfold_test11_expected_result,
- },
-};
-
-/* Creates the function rfc3961_nfold_gen_params */
-KUNIT_ARRAY_PARAM(rfc3961_nfold, rfc3961_nfold_test_params, gss_krb5_get_desc);
-
-static void rfc3961_nfold_case(struct kunit *test)
-{
- const struct gss_krb5_test_param *param = test->param_value;
- u8 *result;
-
- /* Arrange */
- result = kunit_kzalloc(test, 4096, GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, result);
-
- /* Act */
- krb5_nfold(param->plaintext->len * 8, param->plaintext->data,
- param->expected_result->len * 8, result);
-
- /* Assert */
- KUNIT_EXPECT_MEMEQ_MSG(test,
- param->expected_result->data,
- result,
- param->expected_result->len,
- "result mismatch");
-}
-
-static struct kunit_case rfc3961_test_cases[] = {
- {
- .name = "RFC 3961 n-fold",
- .run_case = rfc3961_nfold_case,
- .generate_params = rfc3961_nfold_gen_params,
- },
- {}
-};
-
-static struct kunit_suite rfc3961_suite = {
- .name = "RFC 3961 tests",
- .test_cases = rfc3961_test_cases,
-};
-
-/*
- * From RFC 3962 Appendix B: Sample Test Vectors
- *
- * Some test vectors for CBC with ciphertext stealing, using an
- * initial vector of all-zero.
- *
- * This test material is copyright (C) The Internet Society (2005).
- */
-
-DEFINE_HEX_XDR_NETOBJ(rfc3962_encryption_key,
- 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
- 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_plaintext,
- 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20
-);
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_expected_result,
- 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
- 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
- 0x97
-);
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_next_iv,
- 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
- 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_plaintext,
- 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
- 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20
-);
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_expected_result,
- 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
- 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
- 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
- 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
-);
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_next_iv,
- 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
- 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_plaintext,
- 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
- 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43
-);
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_expected_result,
- 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
- 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
- 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
- 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
-);
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_next_iv,
- 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
- 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_plaintext,
- 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
- 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
- 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
- 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c
-);
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_expected_result,
- 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
- 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
- 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
- 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
- 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
- 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
-);
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_next_iv,
- 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
- 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_plaintext,
- 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
- 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
- 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
- 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20
-);
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_expected_result,
- 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
- 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
- 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
- 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
- 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
- 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
-);
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_next_iv,
- 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
- 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_plaintext,
- 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
- 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
- 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
- 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
- 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
- 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74,
- 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e
-);
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_expected_result,
- 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
- 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
- 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
- 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
- 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
- 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
- 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
- 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
-);
-DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_next_iv,
- 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
- 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40
-);
-
-static const struct gss_krb5_test_param rfc3962_encrypt_test_params[] = {
- {
- .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 1",
- .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
- .Ke = &rfc3962_encryption_key,
- .plaintext = &rfc3962_enc_test1_plaintext,
- .expected_result = &rfc3962_enc_test1_expected_result,
- .next_iv = &rfc3962_enc_test1_next_iv,
- },
- {
- .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 2",
- .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
- .Ke = &rfc3962_encryption_key,
- .plaintext = &rfc3962_enc_test2_plaintext,
- .expected_result = &rfc3962_enc_test2_expected_result,
- .next_iv = &rfc3962_enc_test2_next_iv,
- },
- {
- .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 3",
- .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
- .Ke = &rfc3962_encryption_key,
- .plaintext = &rfc3962_enc_test3_plaintext,
- .expected_result = &rfc3962_enc_test3_expected_result,
- .next_iv = &rfc3962_enc_test3_next_iv,
- },
- {
- .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 4",
- .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
- .Ke = &rfc3962_encryption_key,
- .plaintext = &rfc3962_enc_test4_plaintext,
- .expected_result = &rfc3962_enc_test4_expected_result,
- .next_iv = &rfc3962_enc_test4_next_iv,
- },
- {
- .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 5",
- .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
- .Ke = &rfc3962_encryption_key,
- .plaintext = &rfc3962_enc_test5_plaintext,
- .expected_result = &rfc3962_enc_test5_expected_result,
- .next_iv = &rfc3962_enc_test5_next_iv,
- },
- {
- .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 6",
- .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
- .Ke = &rfc3962_encryption_key,
- .plaintext = &rfc3962_enc_test6_plaintext,
- .expected_result = &rfc3962_enc_test6_expected_result,
- .next_iv = &rfc3962_enc_test6_next_iv,
- },
-};
-
-/* Creates the function rfc3962_encrypt_gen_params */
-KUNIT_ARRAY_PARAM(rfc3962_encrypt, rfc3962_encrypt_test_params,
- gss_krb5_get_desc);
-
-/*
- * This tests the implementation of the encryption part of the mechanism.
- * It does not apply a confounder or test the result of HMAC over the
- * plaintext.
- */
-static void rfc3962_encrypt_case(struct kunit *test)
-{
- const struct gss_krb5_test_param *param = test->param_value;
- struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
- const struct gss_krb5_enctype *gk5e;
- struct xdr_buf buf;
- void *iv, *text;
- u32 err;
-
- /* Arrange */
- gk5e = gss_krb5_lookup_enctype(param->enctype);
- if (!gk5e)
- kunit_skip(test, "Encryption type is not available");
-
- cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
- err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
- err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- iv = kunit_kzalloc(test, crypto_sync_skcipher_ivsize(cts_tfm), GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, iv);
-
- text = kunit_kzalloc(test, param->plaintext->len, GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
-
- memcpy(text, param->plaintext->data, param->plaintext->len);
- memset(&buf, 0, sizeof(buf));
- buf.head[0].iov_base = text;
- buf.head[0].iov_len = param->plaintext->len;
- buf.len = buf.head[0].iov_len;
-
- /* Act */
- err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL,
- iv, crypto_sync_skcipher_ivsize(cts_tfm));
- KUNIT_ASSERT_EQ(test, err, 0);
-
- /* Assert */
- KUNIT_EXPECT_EQ_MSG(test,
- param->expected_result->len, buf.len,
- "ciphertext length mismatch");
- KUNIT_EXPECT_MEMEQ_MSG(test,
- param->expected_result->data,
- text,
- param->expected_result->len,
- "ciphertext mismatch");
- KUNIT_EXPECT_MEMEQ_MSG(test,
- param->next_iv->data,
- iv,
- param->next_iv->len,
- "IV mismatch");
-
- crypto_free_sync_skcipher(cts_tfm);
- crypto_free_sync_skcipher(cbc_tfm);
-}
-
-static struct kunit_case rfc3962_test_cases[] = {
- {
- .name = "RFC 3962 encryption",
- .run_case = rfc3962_encrypt_case,
- .generate_params = rfc3962_encrypt_gen_params,
- },
- {}
-};
-
-static struct kunit_suite rfc3962_suite = {
- .name = "RFC 3962 suite",
- .test_cases = rfc3962_test_cases,
-};
-
-/*
- * From RFC 6803 Section 10. Test vectors
- *
- * Sample results for key derivation
- *
- * Copyright (c) 2012 IETF Trust and the persons identified as the
- * document authors. All rights reserved.
- */
-
-DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_basekey,
- 0x57, 0xd0, 0x29, 0x72, 0x98, 0xff, 0xd9, 0xd3,
- 0x5d, 0xe5, 0xa4, 0x7f, 0xb4, 0xbd, 0xe2, 0x4b
-);
-DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Kc,
- 0xd1, 0x55, 0x77, 0x5a, 0x20, 0x9d, 0x05, 0xf0,
- 0x2b, 0x38, 0xd4, 0x2a, 0x38, 0x9e, 0x5a, 0x56
-);
-DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ke,
- 0x64, 0xdf, 0x83, 0xf8, 0x5a, 0x53, 0x2f, 0x17,
- 0x57, 0x7d, 0x8c, 0x37, 0x03, 0x57, 0x96, 0xab
-);
-DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ki,
- 0x3e, 0x4f, 0xbd, 0xf3, 0x0f, 0xb8, 0x25, 0x9c,
- 0x42, 0x5c, 0xb6, 0xc9, 0x6f, 0x1f, 0x46, 0x35
-);
-
-DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_basekey,
- 0xb9, 0xd6, 0x82, 0x8b, 0x20, 0x56, 0xb7, 0xbe,
- 0x65, 0x6d, 0x88, 0xa1, 0x23, 0xb1, 0xfa, 0xc6,
- 0x82, 0x14, 0xac, 0x2b, 0x72, 0x7e, 0xcf, 0x5f,
- 0x69, 0xaf, 0xe0, 0xc4, 0xdf, 0x2a, 0x6d, 0x2c
-);
-DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Kc,
- 0xe4, 0x67, 0xf9, 0xa9, 0x55, 0x2b, 0xc7, 0xd3,
- 0x15, 0x5a, 0x62, 0x20, 0xaf, 0x9c, 0x19, 0x22,
- 0x0e, 0xee, 0xd4, 0xff, 0x78, 0xb0, 0xd1, 0xe6,
- 0xa1, 0x54, 0x49, 0x91, 0x46, 0x1a, 0x9e, 0x50
-);
-DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ke,
- 0x41, 0x2a, 0xef, 0xc3, 0x62, 0xa7, 0x28, 0x5f,
- 0xc3, 0x96, 0x6c, 0x6a, 0x51, 0x81, 0xe7, 0x60,
- 0x5a, 0xe6, 0x75, 0x23, 0x5b, 0x6d, 0x54, 0x9f,
- 0xbf, 0xc9, 0xab, 0x66, 0x30, 0xa4, 0xc6, 0x04
-);
-DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ki,
- 0xfa, 0x62, 0x4f, 0xa0, 0xe5, 0x23, 0x99, 0x3f,
- 0xa3, 0x88, 0xae, 0xfd, 0xc6, 0x7e, 0x67, 0xeb,
- 0xcd, 0x8c, 0x08, 0xe8, 0xa0, 0x24, 0x6b, 0x1d,
- 0x73, 0xb0, 0xd1, 0xdd, 0x9f, 0xc5, 0x82, 0xb0
-);
-
-DEFINE_HEX_XDR_NETOBJ(usage_checksum,
- 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_CHECKSUM
-);
-DEFINE_HEX_XDR_NETOBJ(usage_encryption,
- 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_ENCRYPTION
-);
-DEFINE_HEX_XDR_NETOBJ(usage_integrity,
- 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_INTEGRITY
-);
-
-static const struct gss_krb5_test_param rfc6803_kdf_test_params[] = {
- {
- .desc = "Derive Kc subkey for camellia128-cts-cmac",
- .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
- .base_key = &camellia128_cts_cmac_basekey,
- .usage = &usage_checksum,
- .expected_result = &camellia128_cts_cmac_Kc,
- },
- {
- .desc = "Derive Ke subkey for camellia128-cts-cmac",
- .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
- .base_key = &camellia128_cts_cmac_basekey,
- .usage = &usage_encryption,
- .expected_result = &camellia128_cts_cmac_Ke,
- },
- {
- .desc = "Derive Ki subkey for camellia128-cts-cmac",
- .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
- .base_key = &camellia128_cts_cmac_basekey,
- .usage = &usage_integrity,
- .expected_result = &camellia128_cts_cmac_Ki,
- },
- {
- .desc = "Derive Kc subkey for camellia256-cts-cmac",
- .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
- .base_key = &camellia256_cts_cmac_basekey,
- .usage = &usage_checksum,
- .expected_result = &camellia256_cts_cmac_Kc,
- },
- {
- .desc = "Derive Ke subkey for camellia256-cts-cmac",
- .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
- .base_key = &camellia256_cts_cmac_basekey,
- .usage = &usage_encryption,
- .expected_result = &camellia256_cts_cmac_Ke,
- },
- {
- .desc = "Derive Ki subkey for camellia256-cts-cmac",
- .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
- .base_key = &camellia256_cts_cmac_basekey,
- .usage = &usage_integrity,
- .expected_result = &camellia256_cts_cmac_Ki,
- },
-};
-
-/* Creates the function rfc6803_kdf_gen_params */
-KUNIT_ARRAY_PARAM(rfc6803_kdf, rfc6803_kdf_test_params, gss_krb5_get_desc);
-
-/*
- * From RFC 6803 Section 10. Test vectors
- *
- * Sample checksums.
- *
- * Copyright (c) 2012 IETF Trust and the persons identified as the
- * document authors. All rights reserved.
- *
- * XXX: These tests are likely to fail on EBCDIC or Unicode platforms.
- */
-DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test1_plaintext,
- "abcdefghijk");
-DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_basekey,
- 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93,
- 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_usage,
- 0x00, 0x00, 0x00, 0x07, KEY_USAGE_SEED_CHECKSUM
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_expected_result,
- 0x11, 0x78, 0xe6, 0xc5, 0xc4, 0x7a, 0x8c, 0x1a,
- 0xe0, 0xc4, 0xb9, 0xc7, 0xd4, 0xeb, 0x7b, 0x6b
-);
-
-DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test2_plaintext,
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
-DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_basekey,
- 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d,
- 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_usage,
- 0x00, 0x00, 0x00, 0x08, KEY_USAGE_SEED_CHECKSUM
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_expected_result,
- 0xd1, 0xb3, 0x4f, 0x70, 0x04, 0xa7, 0x31, 0xf2,
- 0x3a, 0x0c, 0x00, 0xbf, 0x6c, 0x3f, 0x75, 0x3a
-);
-
-DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test3_plaintext,
- "123456789");
-DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_basekey,
- 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57,
- 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03,
- 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd,
- 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_usage,
- 0x00, 0x00, 0x00, 0x09, KEY_USAGE_SEED_CHECKSUM
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_expected_result,
- 0x87, 0xa1, 0x2c, 0xfd, 0x2b, 0x96, 0x21, 0x48,
- 0x10, 0xf0, 0x1c, 0x82, 0x6e, 0x77, 0x44, 0xb1
-);
-
-DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test4_plaintext,
- "!@#$%^&*()!@#$%^&*()!@#$%^&*()");
-DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_basekey,
- 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15,
- 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe,
- 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33,
- 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_usage,
- 0x00, 0x00, 0x00, 0x0a, KEY_USAGE_SEED_CHECKSUM
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_expected_result,
- 0x3f, 0xa0, 0xb4, 0x23, 0x55, 0xe5, 0x2b, 0x18,
- 0x91, 0x87, 0x29, 0x4a, 0xa2, 0x52, 0xab, 0x64
-);
-
-static const struct gss_krb5_test_param rfc6803_checksum_test_params[] = {
- {
- .desc = "camellia128-cts-cmac checksum test 1",
- .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
- .base_key = &rfc6803_checksum_test1_basekey,
- .usage = &rfc6803_checksum_test1_usage,
- .plaintext = &rfc6803_checksum_test1_plaintext,
- .expected_result = &rfc6803_checksum_test1_expected_result,
- },
- {
- .desc = "camellia128-cts-cmac checksum test 2",
- .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
- .base_key = &rfc6803_checksum_test2_basekey,
- .usage = &rfc6803_checksum_test2_usage,
- .plaintext = &rfc6803_checksum_test2_plaintext,
- .expected_result = &rfc6803_checksum_test2_expected_result,
- },
- {
- .desc = "camellia256-cts-cmac checksum test 3",
- .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
- .base_key = &rfc6803_checksum_test3_basekey,
- .usage = &rfc6803_checksum_test3_usage,
- .plaintext = &rfc6803_checksum_test3_plaintext,
- .expected_result = &rfc6803_checksum_test3_expected_result,
- },
- {
- .desc = "camellia256-cts-cmac checksum test 4",
- .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
- .base_key = &rfc6803_checksum_test4_basekey,
- .usage = &rfc6803_checksum_test4_usage,
- .plaintext = &rfc6803_checksum_test4_plaintext,
- .expected_result = &rfc6803_checksum_test4_expected_result,
- },
-};
-
-/* Creates the function rfc6803_checksum_gen_params */
-KUNIT_ARRAY_PARAM(rfc6803_checksum, rfc6803_checksum_test_params,
- gss_krb5_get_desc);
-
-/*
- * From RFC 6803 Section 10. Test vectors
- *
- * Sample encryptions (all using the default cipher state)
- *
- * Copyright (c) 2012 IETF Trust and the persons identified as the
- * document authors. All rights reserved.
- *
- * Key usage values are from errata 4326 against RFC 6803.
- */
-
-static const struct xdr_netobj rfc6803_enc_empty_plaintext = {
- .len = 0,
-};
-
-DEFINE_STR_XDR_NETOBJ(rfc6803_enc_1byte_plaintext, "1");
-DEFINE_STR_XDR_NETOBJ(rfc6803_enc_9byte_plaintext, "9 bytesss");
-DEFINE_STR_XDR_NETOBJ(rfc6803_enc_13byte_plaintext, "13 bytes byte");
-DEFINE_STR_XDR_NETOBJ(rfc6803_enc_30byte_plaintext,
- "30 bytes bytes bytes bytes byt"
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_confounder,
- 0xb6, 0x98, 0x22, 0xa1, 0x9a, 0x6b, 0x09, 0xc0,
- 0xeb, 0xc8, 0x55, 0x7d, 0x1f, 0x1b, 0x6c, 0x0a
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_basekey,
- 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93,
- 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_expected_result,
- 0xc4, 0x66, 0xf1, 0x87, 0x10, 0x69, 0x92, 0x1e,
- 0xdb, 0x7c, 0x6f, 0xde, 0x24, 0x4a, 0x52, 0xdb,
- 0x0b, 0xa1, 0x0e, 0xdc, 0x19, 0x7b, 0xdb, 0x80,
- 0x06, 0x65, 0x8c, 0xa3, 0xcc, 0xce, 0x6e, 0xb8
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_confounder,
- 0x6f, 0x2f, 0xc3, 0xc2, 0xa1, 0x66, 0xfd, 0x88,
- 0x98, 0x96, 0x7a, 0x83, 0xde, 0x95, 0x96, 0xd9
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_basekey,
- 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d,
- 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_expected_result,
- 0x84, 0x2d, 0x21, 0xfd, 0x95, 0x03, 0x11, 0xc0,
- 0xdd, 0x46, 0x4a, 0x3f, 0x4b, 0xe8, 0xd6, 0xda,
- 0x88, 0xa5, 0x6d, 0x55, 0x9c, 0x9b, 0x47, 0xd3,
- 0xf9, 0xa8, 0x50, 0x67, 0xaf, 0x66, 0x15, 0x59,
- 0xb8
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_confounder,
- 0xa5, 0xb4, 0xa7, 0x1e, 0x07, 0x7a, 0xee, 0xf9,
- 0x3c, 0x87, 0x63, 0xc1, 0x8f, 0xdb, 0x1f, 0x10
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_basekey,
- 0xa1, 0xbb, 0x61, 0xe8, 0x05, 0xf9, 0xba, 0x6d,
- 0xde, 0x8f, 0xdb, 0xdd, 0xc0, 0x5c, 0xde, 0xa0
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_expected_result,
- 0x61, 0x9f, 0xf0, 0x72, 0xe3, 0x62, 0x86, 0xff,
- 0x0a, 0x28, 0xde, 0xb3, 0xa3, 0x52, 0xec, 0x0d,
- 0x0e, 0xdf, 0x5c, 0x51, 0x60, 0xd6, 0x63, 0xc9,
- 0x01, 0x75, 0x8c, 0xcf, 0x9d, 0x1e, 0xd3, 0x3d,
- 0x71, 0xdb, 0x8f, 0x23, 0xaa, 0xbf, 0x83, 0x48,
- 0xa0
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_confounder,
- 0x19, 0xfe, 0xe4, 0x0d, 0x81, 0x0c, 0x52, 0x4b,
- 0x5b, 0x22, 0xf0, 0x18, 0x74, 0xc6, 0x93, 0xda
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_basekey,
- 0x2c, 0xa2, 0x7a, 0x5f, 0xaf, 0x55, 0x32, 0x24,
- 0x45, 0x06, 0x43, 0x4e, 0x1c, 0xef, 0x66, 0x76
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_expected_result,
- 0xb8, 0xec, 0xa3, 0x16, 0x7a, 0xe6, 0x31, 0x55,
- 0x12, 0xe5, 0x9f, 0x98, 0xa7, 0xc5, 0x00, 0x20,
- 0x5e, 0x5f, 0x63, 0xff, 0x3b, 0xb3, 0x89, 0xaf,
- 0x1c, 0x41, 0xa2, 0x1d, 0x64, 0x0d, 0x86, 0x15,
- 0xc9, 0xed, 0x3f, 0xbe, 0xb0, 0x5a, 0xb6, 0xac,
- 0xb6, 0x76, 0x89, 0xb5, 0xea
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_confounder,
- 0xca, 0x7a, 0x7a, 0xb4, 0xbe, 0x19, 0x2d, 0xab,
- 0xd6, 0x03, 0x50, 0x6d, 0xb1, 0x9c, 0x39, 0xe2
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_basekey,
- 0x78, 0x24, 0xf8, 0xc1, 0x6f, 0x83, 0xff, 0x35,
- 0x4c, 0x6b, 0xf7, 0x51, 0x5b, 0x97, 0x3f, 0x43
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_expected_result,
- 0xa2, 0x6a, 0x39, 0x05, 0xa4, 0xff, 0xd5, 0x81,
- 0x6b, 0x7b, 0x1e, 0x27, 0x38, 0x0d, 0x08, 0x09,
- 0x0c, 0x8e, 0xc1, 0xf3, 0x04, 0x49, 0x6e, 0x1a,
- 0xbd, 0xcd, 0x2b, 0xdc, 0xd1, 0xdf, 0xfc, 0x66,
- 0x09, 0x89, 0xe1, 0x17, 0xa7, 0x13, 0xdd, 0xbb,
- 0x57, 0xa4, 0x14, 0x6c, 0x15, 0x87, 0xcb, 0xa4,
- 0x35, 0x66, 0x65, 0x59, 0x1d, 0x22, 0x40, 0x28,
- 0x2f, 0x58, 0x42, 0xb1, 0x05, 0xa5
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_confounder,
- 0x3c, 0xbb, 0xd2, 0xb4, 0x59, 0x17, 0x94, 0x10,
- 0x67, 0xf9, 0x65, 0x99, 0xbb, 0x98, 0x92, 0x6c
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_basekey,
- 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57,
- 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03,
- 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd,
- 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_expected_result,
- 0x03, 0x88, 0x6d, 0x03, 0x31, 0x0b, 0x47, 0xa6,
- 0xd8, 0xf0, 0x6d, 0x7b, 0x94, 0xd1, 0xdd, 0x83,
- 0x7e, 0xcc, 0xe3, 0x15, 0xef, 0x65, 0x2a, 0xff,
- 0x62, 0x08, 0x59, 0xd9, 0x4a, 0x25, 0x92, 0x66
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_confounder,
- 0xde, 0xf4, 0x87, 0xfc, 0xeb, 0xe6, 0xde, 0x63,
- 0x46, 0xd4, 0xda, 0x45, 0x21, 0xbb, 0xa2, 0xd2
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_basekey,
- 0x1b, 0x97, 0xfe, 0x0a, 0x19, 0x0e, 0x20, 0x21,
- 0xeb, 0x30, 0x75, 0x3e, 0x1b, 0x6e, 0x1e, 0x77,
- 0xb0, 0x75, 0x4b, 0x1d, 0x68, 0x46, 0x10, 0x35,
- 0x58, 0x64, 0x10, 0x49, 0x63, 0x46, 0x38, 0x33
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_expected_result,
- 0x2c, 0x9c, 0x15, 0x70, 0x13, 0x3c, 0x99, 0xbf,
- 0x6a, 0x34, 0xbc, 0x1b, 0x02, 0x12, 0x00, 0x2f,
- 0xd1, 0x94, 0x33, 0x87, 0x49, 0xdb, 0x41, 0x35,
- 0x49, 0x7a, 0x34, 0x7c, 0xfc, 0xd9, 0xd1, 0x8a,
- 0x12
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_confounder,
- 0xad, 0x4f, 0xf9, 0x04, 0xd3, 0x4e, 0x55, 0x53,
- 0x84, 0xb1, 0x41, 0x00, 0xfc, 0x46, 0x5f, 0x88
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_basekey,
- 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15,
- 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe,
- 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33,
- 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_expected_result,
- 0x9c, 0x6d, 0xe7, 0x5f, 0x81, 0x2d, 0xe7, 0xed,
- 0x0d, 0x28, 0xb2, 0x96, 0x35, 0x57, 0xa1, 0x15,
- 0x64, 0x09, 0x98, 0x27, 0x5b, 0x0a, 0xf5, 0x15,
- 0x27, 0x09, 0x91, 0x3f, 0xf5, 0x2a, 0x2a, 0x9c,
- 0x8e, 0x63, 0xb8, 0x72, 0xf9, 0x2e, 0x64, 0xc8,
- 0x39
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_confounder,
- 0xcf, 0x9b, 0xca, 0x6d, 0xf1, 0x14, 0x4e, 0x0c,
- 0x0a, 0xf9, 0xb8, 0xf3, 0x4c, 0x90, 0xd5, 0x14
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_basekey,
- 0xb0, 0x38, 0xb1, 0x32, 0xcd, 0x8e, 0x06, 0x61,
- 0x22, 0x67, 0xfa, 0xb7, 0x17, 0x00, 0x66, 0xd8,
- 0x8a, 0xec, 0xcb, 0xa0, 0xb7, 0x44, 0xbf, 0xc6,
- 0x0d, 0xc8, 0x9b, 0xca, 0x18, 0x2d, 0x07, 0x15
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_expected_result,
- 0xee, 0xec, 0x85, 0xa9, 0x81, 0x3c, 0xdc, 0x53,
- 0x67, 0x72, 0xab, 0x9b, 0x42, 0xde, 0xfc, 0x57,
- 0x06, 0xf7, 0x26, 0xe9, 0x75, 0xdd, 0xe0, 0x5a,
- 0x87, 0xeb, 0x54, 0x06, 0xea, 0x32, 0x4c, 0xa1,
- 0x85, 0xc9, 0x98, 0x6b, 0x42, 0xaa, 0xbe, 0x79,
- 0x4b, 0x84, 0x82, 0x1b, 0xee
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_confounder,
- 0x64, 0x4d, 0xef, 0x38, 0xda, 0x35, 0x00, 0x72,
- 0x75, 0x87, 0x8d, 0x21, 0x68, 0x55, 0xe2, 0x28
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_basekey,
- 0xcc, 0xfc, 0xd3, 0x49, 0xbf, 0x4c, 0x66, 0x77,
- 0xe8, 0x6e, 0x4b, 0x02, 0xb8, 0xea, 0xb9, 0x24,
- 0xa5, 0x46, 0xac, 0x73, 0x1c, 0xf9, 0xbf, 0x69,
- 0x89, 0xb9, 0x96, 0xe7, 0xd6, 0xbf, 0xbb, 0xa7
-);
-DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_expected_result,
- 0x0e, 0x44, 0x68, 0x09, 0x85, 0x85, 0x5f, 0x2d,
- 0x1f, 0x18, 0x12, 0x52, 0x9c, 0xa8, 0x3b, 0xfd,
- 0x8e, 0x34, 0x9d, 0xe6, 0xfd, 0x9a, 0xda, 0x0b,
- 0xaa, 0xa0, 0x48, 0xd6, 0x8e, 0x26, 0x5f, 0xeb,
- 0xf3, 0x4a, 0xd1, 0x25, 0x5a, 0x34, 0x49, 0x99,
- 0xad, 0x37, 0x14, 0x68, 0x87, 0xa6, 0xc6, 0x84,
- 0x57, 0x31, 0xac, 0x7f, 0x46, 0x37, 0x6a, 0x05,
- 0x04, 0xcd, 0x06, 0x57, 0x14, 0x74
-);
-
-static const struct gss_krb5_test_param rfc6803_encrypt_test_params[] = {
- {
- .desc = "Encrypt empty plaintext with camellia128-cts-cmac",
- .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
- .constant = 0,
- .base_key = &rfc6803_enc_test1_basekey,
- .plaintext = &rfc6803_enc_empty_plaintext,
- .confounder = &rfc6803_enc_test1_confounder,
- .expected_result = &rfc6803_enc_test1_expected_result,
- },
- {
- .desc = "Encrypt 1 byte with camellia128-cts-cmac",
- .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
- .constant = 1,
- .base_key = &rfc6803_enc_test2_basekey,
- .plaintext = &rfc6803_enc_1byte_plaintext,
- .confounder = &rfc6803_enc_test2_confounder,
- .expected_result = &rfc6803_enc_test2_expected_result,
- },
- {
- .desc = "Encrypt 9 bytes with camellia128-cts-cmac",
- .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
- .constant = 2,
- .base_key = &rfc6803_enc_test3_basekey,
- .plaintext = &rfc6803_enc_9byte_plaintext,
- .confounder = &rfc6803_enc_test3_confounder,
- .expected_result = &rfc6803_enc_test3_expected_result,
- },
- {
- .desc = "Encrypt 13 bytes with camellia128-cts-cmac",
- .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
- .constant = 3,
- .base_key = &rfc6803_enc_test4_basekey,
- .plaintext = &rfc6803_enc_13byte_plaintext,
- .confounder = &rfc6803_enc_test4_confounder,
- .expected_result = &rfc6803_enc_test4_expected_result,
- },
- {
- .desc = "Encrypt 30 bytes with camellia128-cts-cmac",
- .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
- .constant = 4,
- .base_key = &rfc6803_enc_test5_basekey,
- .plaintext = &rfc6803_enc_30byte_plaintext,
- .confounder = &rfc6803_enc_test5_confounder,
- .expected_result = &rfc6803_enc_test5_expected_result,
- },
- {
- .desc = "Encrypt empty plaintext with camellia256-cts-cmac",
- .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
- .constant = 0,
- .base_key = &rfc6803_enc_test6_basekey,
- .plaintext = &rfc6803_enc_empty_plaintext,
- .confounder = &rfc6803_enc_test6_confounder,
- .expected_result = &rfc6803_enc_test6_expected_result,
- },
- {
- .desc = "Encrypt 1 byte with camellia256-cts-cmac",
- .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
- .constant = 1,
- .base_key = &rfc6803_enc_test7_basekey,
- .plaintext = &rfc6803_enc_1byte_plaintext,
- .confounder = &rfc6803_enc_test7_confounder,
- .expected_result = &rfc6803_enc_test7_expected_result,
- },
- {
- .desc = "Encrypt 9 bytes with camellia256-cts-cmac",
- .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
- .constant = 2,
- .base_key = &rfc6803_enc_test8_basekey,
- .plaintext = &rfc6803_enc_9byte_plaintext,
- .confounder = &rfc6803_enc_test8_confounder,
- .expected_result = &rfc6803_enc_test8_expected_result,
- },
- {
- .desc = "Encrypt 13 bytes with camellia256-cts-cmac",
- .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
- .constant = 3,
- .base_key = &rfc6803_enc_test9_basekey,
- .plaintext = &rfc6803_enc_13byte_plaintext,
- .confounder = &rfc6803_enc_test9_confounder,
- .expected_result = &rfc6803_enc_test9_expected_result,
- },
- {
- .desc = "Encrypt 30 bytes with camellia256-cts-cmac",
- .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
- .constant = 4,
- .base_key = &rfc6803_enc_test10_basekey,
- .plaintext = &rfc6803_enc_30byte_plaintext,
- .confounder = &rfc6803_enc_test10_confounder,
- .expected_result = &rfc6803_enc_test10_expected_result,
- },
-};
-
-/* Creates the function rfc6803_encrypt_gen_params */
-KUNIT_ARRAY_PARAM(rfc6803_encrypt, rfc6803_encrypt_test_params,
- gss_krb5_get_desc);
-
-static void rfc6803_encrypt_case(struct kunit *test)
-{
- const struct gss_krb5_test_param *param = test->param_value;
- struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
- const struct gss_krb5_enctype *gk5e;
- struct xdr_netobj Ke, Ki, checksum;
- u8 usage_data[GSS_KRB5_K5CLENGTH];
- struct xdr_netobj usage = {
- .data = usage_data,
- .len = sizeof(usage_data),
- };
- struct crypto_ahash *ahash_tfm;
- unsigned int blocksize;
- struct xdr_buf buf;
- void *text;
- size_t len;
- u32 err;
-
- /* Arrange */
- gk5e = gss_krb5_lookup_enctype(param->enctype);
- if (!gk5e)
- kunit_skip(test, "Encryption type is not available");
-
- memset(usage_data, 0, sizeof(usage_data));
- usage.data[3] = param->constant;
-
- Ke.len = gk5e->Ke_length;
- Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data);
- usage.data[4] = KEY_USAGE_SEED_ENCRYPTION;
- err = gk5e->derive_key(gk5e, param->base_key, &Ke, &usage, GFP_KERNEL);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
- err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
- err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len);
- KUNIT_ASSERT_EQ(test, err, 0);
- blocksize = crypto_sync_skcipher_blocksize(cts_tfm);
-
- len = param->confounder->len + param->plaintext->len + blocksize;
- text = kunit_kzalloc(test, len, GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
- memcpy(text, param->confounder->data, param->confounder->len);
- memcpy(text + param->confounder->len, param->plaintext->data,
- param->plaintext->len);
-
- memset(&buf, 0, sizeof(buf));
- buf.head[0].iov_base = text;
- buf.head[0].iov_len = param->confounder->len + param->plaintext->len;
- buf.len = buf.head[0].iov_len;
-
- checksum.len = gk5e->cksumlength;
- checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data);
-
- Ki.len = gk5e->Ki_length;
- Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data);
- usage.data[4] = KEY_USAGE_SEED_INTEGRITY;
- err = gk5e->derive_key(gk5e, param->base_key, &Ki,
- &usage, GFP_KERNEL);
- KUNIT_ASSERT_EQ(test, err, 0);
- ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm);
- err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- /* Act */
- err = gss_krb5_checksum(ahash_tfm, NULL, 0, &buf, 0, &checksum);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- /* Assert */
- KUNIT_EXPECT_EQ_MSG(test, param->expected_result->len,
- buf.len + checksum.len,
- "ciphertext length mismatch");
- KUNIT_EXPECT_MEMEQ_MSG(test,
- param->expected_result->data,
- buf.head[0].iov_base,
- buf.len,
- "encrypted result mismatch");
- KUNIT_EXPECT_MEMEQ_MSG(test,
- param->expected_result->data +
- (param->expected_result->len - checksum.len),
- checksum.data,
- checksum.len,
- "HMAC mismatch");
-
- crypto_free_ahash(ahash_tfm);
- crypto_free_sync_skcipher(cts_tfm);
- crypto_free_sync_skcipher(cbc_tfm);
-}
-
-static struct kunit_case rfc6803_test_cases[] = {
- {
- .name = "RFC 6803 key derivation",
- .run_case = kdf_case,
- .generate_params = rfc6803_kdf_gen_params,
- },
- {
- .name = "RFC 6803 checksum",
- .run_case = checksum_case,
- .generate_params = rfc6803_checksum_gen_params,
- },
- {
- .name = "RFC 6803 encryption",
- .run_case = rfc6803_encrypt_case,
- .generate_params = rfc6803_encrypt_gen_params,
- },
- {}
-};
-
-static struct kunit_suite rfc6803_suite = {
- .name = "RFC 6803 suite",
- .test_cases = rfc6803_test_cases,
-};
-
-/*
- * From RFC 8009 Appendix A. Test Vectors
- *
- * Sample results for SHA-2 enctype key derivation
- *
- * This test material is copyright (c) 2016 IETF Trust and the
- * persons identified as the document authors. All rights reserved.
- */
-
-DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_basekey,
- 0x37, 0x05, 0xd9, 0x60, 0x80, 0xc1, 0x77, 0x28,
- 0xa0, 0xe8, 0x00, 0xea, 0xb6, 0xe0, 0xd2, 0x3c
-);
-DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Kc,
- 0xb3, 0x1a, 0x01, 0x8a, 0x48, 0xf5, 0x47, 0x76,
- 0xf4, 0x03, 0xe9, 0xa3, 0x96, 0x32, 0x5d, 0xc3
-);
-DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ke,
- 0x9b, 0x19, 0x7d, 0xd1, 0xe8, 0xc5, 0x60, 0x9d,
- 0x6e, 0x67, 0xc3, 0xe3, 0x7c, 0x62, 0xc7, 0x2e
-);
-DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ki,
- 0x9f, 0xda, 0x0e, 0x56, 0xab, 0x2d, 0x85, 0xe1,
- 0x56, 0x9a, 0x68, 0x86, 0x96, 0xc2, 0x6a, 0x6c
-);
-
-DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_basekey,
- 0x6d, 0x40, 0x4d, 0x37, 0xfa, 0xf7, 0x9f, 0x9d,
- 0xf0, 0xd3, 0x35, 0x68, 0xd3, 0x20, 0x66, 0x98,
- 0x00, 0xeb, 0x48, 0x36, 0x47, 0x2e, 0xa8, 0xa0,
- 0x26, 0xd1, 0x6b, 0x71, 0x82, 0x46, 0x0c, 0x52
-);
-DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Kc,
- 0xef, 0x57, 0x18, 0xbe, 0x86, 0xcc, 0x84, 0x96,
- 0x3d, 0x8b, 0xbb, 0x50, 0x31, 0xe9, 0xf5, 0xc4,
- 0xba, 0x41, 0xf2, 0x8f, 0xaf, 0x69, 0xe7, 0x3d
-);
-DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ke,
- 0x56, 0xab, 0x22, 0xbe, 0xe6, 0x3d, 0x82, 0xd7,
- 0xbc, 0x52, 0x27, 0xf6, 0x77, 0x3f, 0x8e, 0xa7,
- 0xa5, 0xeb, 0x1c, 0x82, 0x51, 0x60, 0xc3, 0x83,
- 0x12, 0x98, 0x0c, 0x44, 0x2e, 0x5c, 0x7e, 0x49
-);
-DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ki,
- 0x69, 0xb1, 0x65, 0x14, 0xe3, 0xcd, 0x8e, 0x56,
- 0xb8, 0x20, 0x10, 0xd5, 0xc7, 0x30, 0x12, 0xb6,
- 0x22, 0xc4, 0xd0, 0x0f, 0xfc, 0x23, 0xed, 0x1f
-);
-
-static const struct gss_krb5_test_param rfc8009_kdf_test_params[] = {
- {
- .desc = "Derive Kc subkey for aes128-cts-hmac-sha256-128",
- .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
- .base_key = &aes128_cts_hmac_sha256_128_basekey,
- .usage = &usage_checksum,
- .expected_result = &aes128_cts_hmac_sha256_128_Kc,
- },
- {
- .desc = "Derive Ke subkey for aes128-cts-hmac-sha256-128",
- .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
- .base_key = &aes128_cts_hmac_sha256_128_basekey,
- .usage = &usage_encryption,
- .expected_result = &aes128_cts_hmac_sha256_128_Ke,
- },
- {
- .desc = "Derive Ki subkey for aes128-cts-hmac-sha256-128",
- .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
- .base_key = &aes128_cts_hmac_sha256_128_basekey,
- .usage = &usage_integrity,
- .expected_result = &aes128_cts_hmac_sha256_128_Ki,
- },
- {
- .desc = "Derive Kc subkey for aes256-cts-hmac-sha384-192",
- .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
- .base_key = &aes256_cts_hmac_sha384_192_basekey,
- .usage = &usage_checksum,
- .expected_result = &aes256_cts_hmac_sha384_192_Kc,
- },
- {
- .desc = "Derive Ke subkey for aes256-cts-hmac-sha384-192",
- .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
- .base_key = &aes256_cts_hmac_sha384_192_basekey,
- .usage = &usage_encryption,
- .expected_result = &aes256_cts_hmac_sha384_192_Ke,
- },
- {
- .desc = "Derive Ki subkey for aes256-cts-hmac-sha384-192",
- .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
- .base_key = &aes256_cts_hmac_sha384_192_basekey,
- .usage = &usage_integrity,
- .expected_result = &aes256_cts_hmac_sha384_192_Ki,
- },
-};
-
-/* Creates the function rfc8009_kdf_gen_params */
-KUNIT_ARRAY_PARAM(rfc8009_kdf, rfc8009_kdf_test_params, gss_krb5_get_desc);
-
-/*
- * From RFC 8009 Appendix A. Test Vectors
- *
- * These sample checksums use the above sample key derivation results,
- * including use of the same base-key and key usage values.
- *
- * This test material is copyright (c) 2016 IETF Trust and the
- * persons identified as the document authors. All rights reserved.
- */
-
-DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_plaintext,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test1_expected_result,
- 0xd7, 0x83, 0x67, 0x18, 0x66, 0x43, 0xd6, 0x7b,
- 0x41, 0x1c, 0xba, 0x91, 0x39, 0xfc, 0x1d, 0xee
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test2_expected_result,
- 0x45, 0xee, 0x79, 0x15, 0x67, 0xee, 0xfc, 0xa3,
- 0x7f, 0x4a, 0xc1, 0xe0, 0x22, 0x2d, 0xe8, 0x0d,
- 0x43, 0xc3, 0xbf, 0xa0, 0x66, 0x99, 0x67, 0x2a
-);
-
-static const struct gss_krb5_test_param rfc8009_checksum_test_params[] = {
- {
- .desc = "Checksum with aes128-cts-hmac-sha256-128",
- .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
- .base_key = &aes128_cts_hmac_sha256_128_basekey,
- .usage = &usage_checksum,
- .plaintext = &rfc8009_checksum_plaintext,
- .expected_result = &rfc8009_checksum_test1_expected_result,
- },
- {
- .desc = "Checksum with aes256-cts-hmac-sha384-192",
- .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
- .base_key = &aes256_cts_hmac_sha384_192_basekey,
- .usage = &usage_checksum,
- .plaintext = &rfc8009_checksum_plaintext,
- .expected_result = &rfc8009_checksum_test2_expected_result,
- },
-};
-
-/* Creates the function rfc8009_checksum_gen_params */
-KUNIT_ARRAY_PARAM(rfc8009_checksum, rfc8009_checksum_test_params,
- gss_krb5_get_desc);
-
-/*
- * From RFC 8009 Appendix A. Test Vectors
- *
- * Sample encryptions (all using the default cipher state):
- * --------------------------------------------------------
- *
- * These sample encryptions use the above sample key derivation results,
- * including use of the same base-key and key usage values.
- *
- * This test material is copyright (c) 2016 IETF Trust and the
- * persons identified as the document authors. All rights reserved.
- */
-
-static const struct xdr_netobj rfc8009_enc_empty_plaintext = {
- .len = 0,
-};
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_short_plaintext,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_block_plaintext,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_long_plaintext,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_confounder,
- 0x7e, 0x58, 0x95, 0xea, 0xf2, 0x67, 0x24, 0x35,
- 0xba, 0xd8, 0x17, 0xf5, 0x45, 0xa3, 0x71, 0x48
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_result,
- 0xef, 0x85, 0xfb, 0x89, 0x0b, 0xb8, 0x47, 0x2f,
- 0x4d, 0xab, 0x20, 0x39, 0x4d, 0xca, 0x78, 0x1d
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_hmac,
- 0xad, 0x87, 0x7e, 0xda, 0x39, 0xd5, 0x0c, 0x87,
- 0x0c, 0x0d, 0x5a, 0x0a, 0x8e, 0x48, 0xc7, 0x18
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_confounder,
- 0x7b, 0xca, 0x28, 0x5e, 0x2f, 0xd4, 0x13, 0x0f,
- 0xb5, 0x5b, 0x1a, 0x5c, 0x83, 0xbc, 0x5b, 0x24
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_result,
- 0x84, 0xd7, 0xf3, 0x07, 0x54, 0xed, 0x98, 0x7b,
- 0xab, 0x0b, 0xf3, 0x50, 0x6b, 0xeb, 0x09, 0xcf,
- 0xb5, 0x54, 0x02, 0xce, 0xf7, 0xe6
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_hmac,
- 0x87, 0x7c, 0xe9, 0x9e, 0x24, 0x7e, 0x52, 0xd1,
- 0x6e, 0xd4, 0x42, 0x1d, 0xfd, 0xf8, 0x97, 0x6c
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_confounder,
- 0x56, 0xab, 0x21, 0x71, 0x3f, 0xf6, 0x2c, 0x0a,
- 0x14, 0x57, 0x20, 0x0f, 0x6f, 0xa9, 0x94, 0x8f
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_result,
- 0x35, 0x17, 0xd6, 0x40, 0xf5, 0x0d, 0xdc, 0x8a,
- 0xd3, 0x62, 0x87, 0x22, 0xb3, 0x56, 0x9d, 0x2a,
- 0xe0, 0x74, 0x93, 0xfa, 0x82, 0x63, 0x25, 0x40,
- 0x80, 0xea, 0x65, 0xc1, 0x00, 0x8e, 0x8f, 0xc2
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_hmac,
- 0x95, 0xfb, 0x48, 0x52, 0xe7, 0xd8, 0x3e, 0x1e,
- 0x7c, 0x48, 0xc3, 0x7e, 0xeb, 0xe6, 0xb0, 0xd3
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_confounder,
- 0xa7, 0xa4, 0xe2, 0x9a, 0x47, 0x28, 0xce, 0x10,
- 0x66, 0x4f, 0xb6, 0x4e, 0x49, 0xad, 0x3f, 0xac
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_result,
- 0x72, 0x0f, 0x73, 0xb1, 0x8d, 0x98, 0x59, 0xcd,
- 0x6c, 0xcb, 0x43, 0x46, 0x11, 0x5c, 0xd3, 0x36,
- 0xc7, 0x0f, 0x58, 0xed, 0xc0, 0xc4, 0x43, 0x7c,
- 0x55, 0x73, 0x54, 0x4c, 0x31, 0xc8, 0x13, 0xbc,
- 0xe1, 0xe6, 0xd0, 0x72, 0xc1
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_hmac,
- 0x86, 0xb3, 0x9a, 0x41, 0x3c, 0x2f, 0x92, 0xca,
- 0x9b, 0x83, 0x34, 0xa2, 0x87, 0xff, 0xcb, 0xfc
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_confounder,
- 0xf7, 0x64, 0xe9, 0xfa, 0x15, 0xc2, 0x76, 0x47,
- 0x8b, 0x2c, 0x7d, 0x0c, 0x4e, 0x5f, 0x58, 0xe4
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_result,
- 0x41, 0xf5, 0x3f, 0xa5, 0xbf, 0xe7, 0x02, 0x6d,
- 0x91, 0xfa, 0xf9, 0xbe, 0x95, 0x91, 0x95, 0xa0
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_hmac,
- 0x58, 0x70, 0x72, 0x73, 0xa9, 0x6a, 0x40, 0xf0,
- 0xa0, 0x19, 0x60, 0x62, 0x1a, 0xc6, 0x12, 0x74,
- 0x8b, 0x9b, 0xbf, 0xbe, 0x7e, 0xb4, 0xce, 0x3c
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_confounder,
- 0xb8, 0x0d, 0x32, 0x51, 0xc1, 0xf6, 0x47, 0x14,
- 0x94, 0x25, 0x6f, 0xfe, 0x71, 0x2d, 0x0b, 0x9a
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_result,
- 0x4e, 0xd7, 0xb3, 0x7c, 0x2b, 0xca, 0xc8, 0xf7,
- 0x4f, 0x23, 0xc1, 0xcf, 0x07, 0xe6, 0x2b, 0xc7,
- 0xb7, 0x5f, 0xb3, 0xf6, 0x37, 0xb9
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_hmac,
- 0xf5, 0x59, 0xc7, 0xf6, 0x64, 0xf6, 0x9e, 0xab,
- 0x7b, 0x60, 0x92, 0x23, 0x75, 0x26, 0xea, 0x0d,
- 0x1f, 0x61, 0xcb, 0x20, 0xd6, 0x9d, 0x10, 0xf2
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_confounder,
- 0x53, 0xbf, 0x8a, 0x0d, 0x10, 0x52, 0x65, 0xd4,
- 0xe2, 0x76, 0x42, 0x86, 0x24, 0xce, 0x5e, 0x63
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_result,
- 0xbc, 0x47, 0xff, 0xec, 0x79, 0x98, 0xeb, 0x91,
- 0xe8, 0x11, 0x5c, 0xf8, 0xd1, 0x9d, 0xac, 0x4b,
- 0xbb, 0xe2, 0xe1, 0x63, 0xe8, 0x7d, 0xd3, 0x7f,
- 0x49, 0xbe, 0xca, 0x92, 0x02, 0x77, 0x64, 0xf6
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_hmac,
- 0x8c, 0xf5, 0x1f, 0x14, 0xd7, 0x98, 0xc2, 0x27,
- 0x3f, 0x35, 0xdf, 0x57, 0x4d, 0x1f, 0x93, 0x2e,
- 0x40, 0xc4, 0xff, 0x25, 0x5b, 0x36, 0xa2, 0x66
-);
-
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_confounder,
- 0x76, 0x3e, 0x65, 0x36, 0x7e, 0x86, 0x4f, 0x02,
- 0xf5, 0x51, 0x53, 0xc7, 0xe3, 0xb5, 0x8a, 0xf1
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_result,
- 0x40, 0x01, 0x3e, 0x2d, 0xf5, 0x8e, 0x87, 0x51,
- 0x95, 0x7d, 0x28, 0x78, 0xbc, 0xd2, 0xd6, 0xfe,
- 0x10, 0x1c, 0xcf, 0xd5, 0x56, 0xcb, 0x1e, 0xae,
- 0x79, 0xdb, 0x3c, 0x3e, 0xe8, 0x64, 0x29, 0xf2,
- 0xb2, 0xa6, 0x02, 0xac, 0x86
-);
-DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_hmac,
- 0xfe, 0xf6, 0xec, 0xb6, 0x47, 0xd6, 0x29, 0x5f,
- 0xae, 0x07, 0x7a, 0x1f, 0xeb, 0x51, 0x75, 0x08,
- 0xd2, 0xc1, 0x6b, 0x41, 0x92, 0xe0, 0x1f, 0x62
-);
-
-static const struct gss_krb5_test_param rfc8009_encrypt_test_params[] = {
- {
- .desc = "Encrypt empty plaintext with aes128-cts-hmac-sha256-128",
- .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
- .plaintext = &rfc8009_enc_empty_plaintext,
- .confounder = &rfc8009_enc_test1_confounder,
- .base_key = &aes128_cts_hmac_sha256_128_basekey,
- .expected_result = &rfc8009_enc_test1_expected_result,
- .expected_hmac = &rfc8009_enc_test1_expected_hmac,
- },
- {
- .desc = "Encrypt short plaintext with aes128-cts-hmac-sha256-128",
- .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
- .plaintext = &rfc8009_enc_short_plaintext,
- .confounder = &rfc8009_enc_test2_confounder,
- .base_key = &aes128_cts_hmac_sha256_128_basekey,
- .expected_result = &rfc8009_enc_test2_expected_result,
- .expected_hmac = &rfc8009_enc_test2_expected_hmac,
- },
- {
- .desc = "Encrypt block plaintext with aes128-cts-hmac-sha256-128",
- .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
- .plaintext = &rfc8009_enc_block_plaintext,
- .confounder = &rfc8009_enc_test3_confounder,
- .base_key = &aes128_cts_hmac_sha256_128_basekey,
- .expected_result = &rfc8009_enc_test3_expected_result,
- .expected_hmac = &rfc8009_enc_test3_expected_hmac,
- },
- {
- .desc = "Encrypt long plaintext with aes128-cts-hmac-sha256-128",
- .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
- .plaintext = &rfc8009_enc_long_plaintext,
- .confounder = &rfc8009_enc_test4_confounder,
- .base_key = &aes128_cts_hmac_sha256_128_basekey,
- .expected_result = &rfc8009_enc_test4_expected_result,
- .expected_hmac = &rfc8009_enc_test4_expected_hmac,
- },
- {
- .desc = "Encrypt empty plaintext with aes256-cts-hmac-sha384-192",
- .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
- .plaintext = &rfc8009_enc_empty_plaintext,
- .confounder = &rfc8009_enc_test5_confounder,
- .base_key = &aes256_cts_hmac_sha384_192_basekey,
- .expected_result = &rfc8009_enc_test5_expected_result,
- .expected_hmac = &rfc8009_enc_test5_expected_hmac,
- },
- {
- .desc = "Encrypt short plaintext with aes256-cts-hmac-sha384-192",
- .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
- .plaintext = &rfc8009_enc_short_plaintext,
- .confounder = &rfc8009_enc_test6_confounder,
- .base_key = &aes256_cts_hmac_sha384_192_basekey,
- .expected_result = &rfc8009_enc_test6_expected_result,
- .expected_hmac = &rfc8009_enc_test6_expected_hmac,
- },
- {
- .desc = "Encrypt block plaintext with aes256-cts-hmac-sha384-192",
- .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
- .plaintext = &rfc8009_enc_block_plaintext,
- .confounder = &rfc8009_enc_test7_confounder,
- .base_key = &aes256_cts_hmac_sha384_192_basekey,
- .expected_result = &rfc8009_enc_test7_expected_result,
- .expected_hmac = &rfc8009_enc_test7_expected_hmac,
- },
- {
- .desc = "Encrypt long plaintext with aes256-cts-hmac-sha384-192",
- .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
- .plaintext = &rfc8009_enc_long_plaintext,
- .confounder = &rfc8009_enc_test8_confounder,
- .base_key = &aes256_cts_hmac_sha384_192_basekey,
- .expected_result = &rfc8009_enc_test8_expected_result,
- .expected_hmac = &rfc8009_enc_test8_expected_hmac,
- },
-};
-
-/* Creates the function rfc8009_encrypt_gen_params */
-KUNIT_ARRAY_PARAM(rfc8009_encrypt, rfc8009_encrypt_test_params,
- gss_krb5_get_desc);
-
-static void rfc8009_encrypt_case(struct kunit *test)
-{
- const struct gss_krb5_test_param *param = test->param_value;
- struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
- const struct gss_krb5_enctype *gk5e;
- struct xdr_netobj Ke, Ki, checksum;
- u8 usage_data[GSS_KRB5_K5CLENGTH];
- struct xdr_netobj usage = {
- .data = usage_data,
- .len = sizeof(usage_data),
- };
- struct crypto_ahash *ahash_tfm;
- struct xdr_buf buf;
- void *text;
- size_t len;
- u32 err;
-
- /* Arrange */
- gk5e = gss_krb5_lookup_enctype(param->enctype);
- if (!gk5e)
- kunit_skip(test, "Encryption type is not available");
-
- *(__be32 *)usage.data = cpu_to_be32(2);
-
- Ke.len = gk5e->Ke_length;
- Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data);
- usage.data[4] = KEY_USAGE_SEED_ENCRYPTION;
- err = gk5e->derive_key(gk5e, param->base_key, &Ke,
- &usage, GFP_KERNEL);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
- err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
- err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- len = param->confounder->len + param->plaintext->len;
- text = kunit_kzalloc(test, len, GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
- memcpy(text, param->confounder->data, param->confounder->len);
- memcpy(text + param->confounder->len, param->plaintext->data,
- param->plaintext->len);
-
- memset(&buf, 0, sizeof(buf));
- buf.head[0].iov_base = text;
- buf.head[0].iov_len = param->confounder->len + param->plaintext->len;
- buf.len = buf.head[0].iov_len;
-
- checksum.len = gk5e->cksumlength;
- checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data);
-
- Ki.len = gk5e->Ki_length;
- Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data);
- usage.data[4] = KEY_USAGE_SEED_INTEGRITY;
- err = gk5e->derive_key(gk5e, param->base_key, &Ki,
- &usage, GFP_KERNEL);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm);
- err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- /* Act */
- err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0);
- KUNIT_ASSERT_EQ(test, err, 0);
- err = krb5_etm_checksum(cts_tfm, ahash_tfm, &buf, 0, &checksum);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- /* Assert */
- KUNIT_EXPECT_EQ_MSG(test,
- param->expected_result->len, buf.len,
- "ciphertext length mismatch");
- KUNIT_EXPECT_MEMEQ_MSG(test,
- param->expected_result->data,
- buf.head[0].iov_base,
- param->expected_result->len,
- "ciphertext mismatch");
- KUNIT_EXPECT_MEMEQ_MSG(test,
- param->expected_hmac->data,
- checksum.data,
- checksum.len,
- "HMAC mismatch");
-
- crypto_free_ahash(ahash_tfm);
- crypto_free_sync_skcipher(cts_tfm);
- crypto_free_sync_skcipher(cbc_tfm);
-}
-
-static struct kunit_case rfc8009_test_cases[] = {
- {
- .name = "RFC 8009 key derivation",
- .run_case = kdf_case,
- .generate_params = rfc8009_kdf_gen_params,
- },
- {
- .name = "RFC 8009 checksum",
- .run_case = checksum_case,
- .generate_params = rfc8009_checksum_gen_params,
- },
- {
- .name = "RFC 8009 encryption",
- .run_case = rfc8009_encrypt_case,
- .generate_params = rfc8009_encrypt_gen_params,
- },
- {}
-};
-
-static struct kunit_suite rfc8009_suite = {
- .name = "RFC 8009 suite",
- .test_cases = rfc8009_test_cases,
-};
-
-/*
- * Encryption self-tests
- */
-
-DEFINE_STR_XDR_NETOBJ(encrypt_selftest_plaintext,
- "This is the plaintext for the encryption self-test.");
-
-static const struct gss_krb5_test_param encrypt_selftest_params[] = {
- {
- .desc = "aes128-cts-hmac-sha1-96 encryption self-test",
- .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96,
- .Ke = &rfc3962_encryption_key,
- .plaintext = &encrypt_selftest_plaintext,
- },
- {
- .desc = "aes256-cts-hmac-sha1-96 encryption self-test",
- .enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96,
- .Ke = &rfc3962_encryption_key,
- .plaintext = &encrypt_selftest_plaintext,
- },
- {
- .desc = "camellia128-cts-cmac encryption self-test",
- .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC,
- .Ke = &camellia128_cts_cmac_Ke,
- .plaintext = &encrypt_selftest_plaintext,
- },
- {
- .desc = "camellia256-cts-cmac encryption self-test",
- .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC,
- .Ke = &camellia256_cts_cmac_Ke,
- .plaintext = &encrypt_selftest_plaintext,
- },
- {
- .desc = "aes128-cts-hmac-sha256-128 encryption self-test",
- .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128,
- .Ke = &aes128_cts_hmac_sha256_128_Ke,
- .plaintext = &encrypt_selftest_plaintext,
- },
- {
- .desc = "aes256-cts-hmac-sha384-192 encryption self-test",
- .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192,
- .Ke = &aes256_cts_hmac_sha384_192_Ke,
- .plaintext = &encrypt_selftest_plaintext,
- },
-};
-
-/* Creates the function encrypt_selftest_gen_params */
-KUNIT_ARRAY_PARAM(encrypt_selftest, encrypt_selftest_params,
- gss_krb5_get_desc);
-
-/*
- * Encrypt and decrypt plaintext, and ensure the input plaintext
- * matches the output plaintext. A confounder is not added in this
- * case.
- */
-static void encrypt_selftest_case(struct kunit *test)
-{
- const struct gss_krb5_test_param *param = test->param_value;
- struct crypto_sync_skcipher *cts_tfm, *cbc_tfm;
- const struct gss_krb5_enctype *gk5e;
- struct xdr_buf buf;
- void *text;
- int err;
-
- /* Arrange */
- gk5e = gss_krb5_lookup_enctype(param->enctype);
- if (!gk5e)
- kunit_skip(test, "Encryption type is not available");
-
- cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm);
- err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm);
- err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- text = kunit_kzalloc(test, roundup(param->plaintext->len,
- crypto_sync_skcipher_blocksize(cbc_tfm)),
- GFP_KERNEL);
- KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text);
-
- memcpy(text, param->plaintext->data, param->plaintext->len);
- memset(&buf, 0, sizeof(buf));
- buf.head[0].iov_base = text;
- buf.head[0].iov_len = param->plaintext->len;
- buf.len = buf.head[0].iov_len;
-
- /* Act */
- err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0);
- KUNIT_ASSERT_EQ(test, err, 0);
- err = krb5_cbc_cts_decrypt(cts_tfm, cbc_tfm, 0, &buf);
- KUNIT_ASSERT_EQ(test, err, 0);
-
- /* Assert */
- KUNIT_EXPECT_EQ_MSG(test,
- param->plaintext->len, buf.len,
- "length mismatch");
- KUNIT_EXPECT_MEMEQ_MSG(test,
- param->plaintext->data,
- buf.head[0].iov_base,
- buf.len,
- "plaintext mismatch");
-
- crypto_free_sync_skcipher(cts_tfm);
- crypto_free_sync_skcipher(cbc_tfm);
-}
-
-static struct kunit_case encryption_test_cases[] = {
- {
- .name = "Encryption self-tests",
- .run_case = encrypt_selftest_case,
- .generate_params = encrypt_selftest_gen_params,
- },
- {}
-};
-
-static struct kunit_suite encryption_test_suite = {
- .name = "Encryption test suite",
- .test_cases = encryption_test_cases,
-};
-
-kunit_test_suites(&rfc3961_suite,
- &rfc3962_suite,
- &rfc6803_suite,
- &rfc8009_suite,
- &encryption_test_suite);
-
-MODULE_DESCRIPTION("Test RPCSEC GSS Kerberos 5 functions");
-MODULE_LICENSE("GPL");
diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c
index 516833b4c114..6bd588dfbfc0 100644
--- a/net/sunrpc/xdr.c
+++ b/net/sunrpc/xdr.c
@@ -2348,73 +2348,6 @@ int xdr_encode_array2(const struct xdr_buf *buf, unsigned int base,
}
EXPORT_SYMBOL_GPL(xdr_encode_array2);
-int xdr_process_buf(const struct xdr_buf *buf, unsigned int offset,
- unsigned int len,
- int (*actor)(struct scatterlist *, void *), void *data)
-{
- int i, ret = 0;
- unsigned int page_len, thislen, page_offset;
- struct scatterlist sg[1];
-
- sg_init_table(sg, 1);
-
- if (offset >= buf->head[0].iov_len) {
- offset -= buf->head[0].iov_len;
- } else {
- thislen = buf->head[0].iov_len - offset;
- if (thislen > len)
- thislen = len;
- sg_set_buf(sg, buf->head[0].iov_base + offset, thislen);
- ret = actor(sg, data);
- if (ret)
- goto out;
- offset = 0;
- len -= thislen;
- }
- if (len == 0)
- goto out;
-
- if (offset >= buf->page_len) {
- offset -= buf->page_len;
- } else {
- page_len = buf->page_len - offset;
- if (page_len > len)
- page_len = len;
- len -= page_len;
- page_offset = (offset + buf->page_base) & (PAGE_SIZE - 1);
- i = (offset + buf->page_base) >> PAGE_SHIFT;
- thislen = PAGE_SIZE - page_offset;
- do {
- if (thislen > page_len)
- thislen = page_len;
- sg_set_page(sg, buf->pages[i], thislen, page_offset);
- ret = actor(sg, data);
- if (ret)
- goto out;
- page_len -= thislen;
- i++;
- page_offset = 0;
- thislen = PAGE_SIZE;
- } while (page_len != 0);
- offset = 0;
- }
- if (len == 0)
- goto out;
- if (offset < buf->tail[0].iov_len) {
- thislen = buf->tail[0].iov_len - offset;
- if (thislen > len)
- thislen = len;
- sg_set_buf(sg, buf->tail[0].iov_base + offset, thislen);
- ret = actor(sg, data);
- len -= thislen;
- }
- if (len != 0)
- ret = -EINVAL;
-out:
- return ret;
-}
-EXPORT_SYMBOL_GPL(xdr_process_buf);
-
/**
* xdr_stream_decode_string_dup - Decode and duplicate variable length string
* @xdr: pointer to xdr_stream
--
2.53.0
next prev parent reply other threads:[~2026-04-27 13:51 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-27 13:50 [PATCH 00/18] Migrate rpcsec_gss_krb5 to the crypto/krb5 library Chuck Lever
2026-04-27 13:50 ` [PATCH 01/18] SUNRPC: Add Kconfig dependency on CRYPTO_KRB5 Chuck Lever
2026-04-27 13:50 ` [PATCH 02/18] SUNRPC: Add crypto/krb5 enctype lookup to krb5_ctx Chuck Lever
2026-04-27 13:50 ` [PATCH 03/18] SUNRPC: Add helpers to convert xdr_buf byte ranges to scatterlists Chuck Lever
2026-04-27 13:50 ` [PATCH 04/18] SUNRPC: Add errno-to-GSS status conversion helper Chuck Lever
2026-04-27 13:50 ` [PATCH 05/18] SUNRPC: Prepare crypto/krb5 encryption and checksum handles Chuck Lever
2026-04-27 13:50 ` [PATCH 06/18] SUNRPC: Switch wrap token encryption to crypto/krb5 Chuck Lever
2026-04-27 13:50 ` [PATCH 07/18] SUNRPC: Switch wrap token decryption " Chuck Lever
2026-04-27 13:50 ` [PATCH 08/18] SUNRPC: Switch Camellia decrypt " Chuck Lever
2026-04-27 13:50 ` [PATCH 09/18] SUNRPC: Switch MIC token generation " Chuck Lever
2026-04-27 13:50 ` [PATCH 10/18] SUNRPC: Switch MIC token verification " Chuck Lever
2026-04-27 13:50 ` [PATCH 11/18] SUNRPC: Remove get_mic/verify_mic function pointers from enctype table Chuck Lever
2026-04-27 13:50 ` [PATCH 12/18] SUNRPC: Remove wrap/unwrap " Chuck Lever
2026-04-27 13:50 ` [PATCH 13/18] SUNRPC: Remove encrypt/decrypt " Chuck Lever
2026-04-27 13:50 ` [PATCH 14/18] SUNRPC: Remove legacy skcipher/ahash handles from krb5_ctx Chuck Lever
2026-04-27 13:50 ` Chuck Lever [this message]
2026-04-27 13:51 ` [PATCH 16/18] SUNRPC: Remove per-enctype Kconfig options Chuck Lever
2026-04-27 13:51 ` [PATCH 17/18] SUNRPC: Remove redundant crypto Kconfig dependencies Chuck Lever
2026-04-27 13:51 ` [PATCH 18/18] SUNRPC: Remove dead rpcsec_gss_krb5 definitions Chuck Lever
2026-04-29 6:39 ` [PATCH 00/18] Migrate rpcsec_gss_krb5 to the crypto/krb5 library Jeff Layton
2026-04-29 15:17 ` Chuck Lever
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260427-crypto-krb5-api-v1-15-1fc1253b64c0@oracle.com \
--to=cel@kernel.org \
--cc=Dai.Ngo@oracle.com \
--cc=anna@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=edumazet@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=horms@kernel.org \
--cc=jlayton@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neil@brown.name \
--cc=netdev@vger.kernel.org \
--cc=okorniev@redhat.com \
--cc=pabeni@redhat.com \
--cc=simo@redhat.com \
--cc=tom@talpey.com \
--cc=trondmy@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox