From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8784F3D9DCC; Mon, 27 Apr 2026 13:51:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777297889; cv=none; b=jrSEO0o6ESOJL7ube7AiRrqLfum5mp2cA15s7QV2hLC/Zf4Q0iuzZp5Zgz3D7zJiEm9pOYK84JyemtpTlWHtXdM44d80AMgA+zS8AaDZk6T1Dr/s24jZmAw2bW+lqJFL15oB91Gg9HPZlzUhnKPQDaORF8lWjU9/CIzU1bTX/tE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777297889; c=relaxed/simple; bh=DoAQUp6UP8dEVH1N2UuA6CBfsiok/L4vYZbj17qBAaA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=UB24bG8YXfJpO0Kd70ZG12HdUswyefIAdNHpOFsYLzd64Fdd7j+p4Det9sINae4um7/hmKRXoKUSRzDrZ2ZkQCpU/SHxOHrShXa4/HRFU2UM0sNrQhRzAuYa1LT/Urgado4ViWL2aN2bel2ElF4CGt2ZoI0l4zu/lX8n6vkptdo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=C1zloG8b; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="C1zloG8b" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C542CC2BCB5; Mon, 27 Apr 2026 13:51:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777297889; bh=DoAQUp6UP8dEVH1N2UuA6CBfsiok/L4vYZbj17qBAaA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=C1zloG8bq0TZNzqqe8bk0L3DbDuiPtnM6hGcEIXt42+40P7CumcEg8aIIpBa2bE6j IDc5H+QL8On5VhYTrUSwicykNEQChbME16OKn2J7i5Ta2sYWODuRGpsOufkR566s/t jj3cDRaIVwDHjA0V/77qtB14EcVvBenfXyH1c0E/AAxWBf+SrGiwPGsoczIireGS37 lSi4htse5/ma3ZHqIvd0DpiVeeHeUngkth1cTTcEKZMXwquhJuKjoNW1yISDMqgU7k /ipntXoEF7OUl4wbOnfdRsG3NootH9/ApFAOP7eoRLFs/BjmKVJMogZn935el6mT61 +wZcZK1SPZyog== From: Chuck Lever Date: Mon, 27 Apr 2026 09:50:59 -0400 Subject: [PATCH 15/18] SUNRPC: Remove dead code from rpcsec_gss_krb5 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20260427-crypto-krb5-api-v1-15-1fc1253b64c0@oracle.com> References: <20260427-crypto-krb5-api-v1-0-1fc1253b64c0@oracle.com> In-Reply-To: <20260427-crypto-krb5-api-v1-0-1fc1253b64c0@oracle.com> To: Trond Myklebust , Anna Schumaker , Chuck Lever , Jeff Layton , NeilBrown , Olga Kornievskaia , Dai Ngo , Tom Talpey , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman Cc: linux-nfs@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Herbert Xu , David Howells , Simo Sorce X-Mailer: b4 0.16-dev X-Developer-Signature: v=1; a=openpgp-sha256; l=122092; i=chuck.lever@oracle.com; h=from:subject:message-id; bh=SHBgH+KIV8sFdMfmdbsoIMQcZcfDkzKWSw66PIPsKTg=; b=kA0DAAoBM2qzM29mf5cByyZiAGnvacag1vwVxsNrd53n4xSurSVm6Cq0nYYfMUi2grUwbafwt 4kCMwQAAQoAHRYhBCiy5bASht8kPPI+/jNqszNvZn+XBQJp72nGAAoJEDNqszNvZn+XdhUP/3Mz aPw3i04DS/ozBQiup2+2v8GM+GbqgkPTrOI2JQtffRZvtt4CVRKBz/4bTsxtkFnRTyO+2kpOrNb s7QH/ccV7+Ur1/W10YYwU8Phgh0t1KJkN0oYXxDKp3ov4+D61yleikDfS6GKJIhimR2et3kmd62 O5IxHo7nksztXrw8nEfEpPitY7Pq85j2qc5QT/mM6m66Po6KxsBcqJRlszWeBgW8tT1vpfQrYJK 12sMw5ZumE5E5Qcx1snNxVsCImP+tVnvlSK7pB3Ct+lTqhfgR8qObkITy5hRpwa7ZQcQ/z/DphP 4G1CmUSpcUghb24omn1JKoKcpwH/H60H2dlRToSwRdWN6CIvm7ERiQfaelFlalCP1F0MWEH4zyB 8RVgXVJI1GS+H3SZ0bfB1TufaA1OZ5pakQXHtZTlXp7vNXe/mGZ7Ri6/p0guoRZxuNdBssRC63G mmsMqbkTSc34yMgnwBN435lxqSNWTAXrjEFDEkhA98VpvJ4BYjWdtbDmYRMWmtJjRVQTohi1/aC XZ1MUalDEANDM+bETuxhpv1HpXMKNj4dVRAI7hR+Bw3YH1PNzyELn7+xl8B9ZnbEY7w8DqR/yUs +G3T416pEoatdt9nc57g7R5A3On7DqqoYMfFuL8Mlk9FY4vq22enyQMLc28uRdPJZjAQVIEcIgG /F36U X-Developer-Key: i=chuck.lever@oracle.com; a=openpgp; fpr=28B2E5B01286DF243CF23EFE336AB3336F667F97 From: Chuck Lever With all per-message crypto operations routed through crypto/krb5, a substantial body of code in rpcsec_gss_krb5 has no remaining callers. The internal key derivation functions (krb5_derive_key_v2, krb5_kdf_hmac_sha2, krb5_kdf_feedback_cmac) and the low-level crypto primitives (krb5_encrypt, gss_krb5_checksum, krb5_cbc_cts_ encrypt/decrypt, krb5_etm_checksum) are unreachable because their only call sites were the per-enctype function pointers removed in previous patches. Delete gss_krb5_keys.c entirely and strip the dead functions from gss_krb5_crypto.c. The KUnit test suite in gss_krb5_test.c exercised exactly these internal functions: RFC 3961 n-fold, RFC 3962 key derivation, RFC 6803 Camellia key derivation, and RFC 8009 AES-SHA2 key derivation, plus encryption self-tests that drove the now-removed encrypt routines. The corresponding test coverage is provided by the crypto/krb5 selftests in crypto/krb5/selftest.c. Remove the test file, the RPCSEC_GSS_KRB5_KUNIT_TEST Kconfig symbol, the .kunitconfig, and all VISIBLE_IF_KUNIT / EXPORT_SYMBOL_IF_KUNIT annotations. xdr_process_buf() walked xdr_buf segments through a per-segment callback and existed solely for the crypto routines in gss_krb5_crypto.c. With that file removed, xdr_process_buf() has no remaining callers. Its successor, xdr_buf_to_sg(), populates a scatterlist directly from an xdr_buf byte range and was introduced earlier in this series. With every consumer of struct gss_krb5_enctype removed, replace its remaining uses with the equivalent fields from struct krb5_enctype (key_len). Remove struct gss_krb5_enctype, the supported_gss_krb5_enctypes[] table, gss_krb5_lookup_enctype(), and the gk5e pointer from krb5_ctx. Signed-off-by: Chuck Lever --- include/linux/sunrpc/xdr.h | 1 - net/sunrpc/.kunitconfig | 29 - net/sunrpc/Kconfig | 15 - net/sunrpc/auth_gss/Makefile | 4 +- net/sunrpc/auth_gss/gss_krb5_crypto.c | 561 +--------- net/sunrpc/auth_gss/gss_krb5_internal.h | 75 -- net/sunrpc/auth_gss/gss_krb5_keys.c | 546 --------- net/sunrpc/auth_gss/gss_krb5_mech.c | 178 +-- net/sunrpc/auth_gss/gss_krb5_test.c | 1868 ------------------------------- net/sunrpc/xdr.c | 67 -- 10 files changed, 6 insertions(+), 3338 deletions(-) diff --git a/include/linux/sunrpc/xdr.h b/include/linux/sunrpc/xdr.h index f82446993fde..31971b01d962 100644 --- a/include/linux/sunrpc/xdr.h +++ b/include/linux/sunrpc/xdr.h @@ -275,7 +275,6 @@ extern void xdr_finish_decode(struct xdr_stream *xdr); extern __be32 *xdr_inline_decode(struct xdr_stream *xdr, size_t nbytes); extern unsigned int xdr_read_pages(struct xdr_stream *xdr, unsigned int len); extern void xdr_enter_page(struct xdr_stream *xdr, unsigned int len); -extern int xdr_process_buf(const struct xdr_buf *buf, unsigned int offset, unsigned int len, int (*actor)(struct scatterlist *, void *), void *data); extern void xdr_set_pagelen(struct xdr_stream *, unsigned int len); extern bool xdr_stream_subsegment(struct xdr_stream *xdr, struct xdr_buf *subbuf, unsigned int len); diff --git a/net/sunrpc/.kunitconfig b/net/sunrpc/.kunitconfig deleted file mode 100644 index eb02b906c295..000000000000 --- a/net/sunrpc/.kunitconfig +++ /dev/null @@ -1,29 +0,0 @@ -CONFIG_KUNIT=y -CONFIG_UBSAN=y -CONFIG_STACKTRACE=y -CONFIG_NET=y -CONFIG_NETWORK_FILESYSTEMS=y -CONFIG_INET=y -CONFIG_FILE_LOCKING=y -CONFIG_MULTIUSER=y -CONFIG_CRYPTO=y -CONFIG_CRYPTO_CBC=y -CONFIG_CRYPTO_CTS=y -CONFIG_CRYPTO_ECB=y -CONFIG_CRYPTO_HMAC=y -CONFIG_CRYPTO_CMAC=y -CONFIG_CRYPTO_MD5=y -CONFIG_CRYPTO_SHA1=y -CONFIG_CRYPTO_SHA256=y -CONFIG_CRYPTO_SHA512=y -CONFIG_CRYPTO_DES=y -CONFIG_CRYPTO_AES=y -CONFIG_CRYPTO_CAMELLIA=y -CONFIG_NFS_FS=y -CONFIG_SUNRPC=y -CONFIG_SUNRPC_GSS=y -CONFIG_RPCSEC_GSS_KRB5=y -CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1=y -CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA=y -CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2=y -CONFIG_RPCSEC_GSS_KRB5_KUNIT_TEST=y diff --git a/net/sunrpc/Kconfig b/net/sunrpc/Kconfig index 381e76975ea9..1c2e1fe9d365 100644 --- a/net/sunrpc/Kconfig +++ b/net/sunrpc/Kconfig @@ -73,21 +73,6 @@ config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2 SHA-2 digests. These include aes128-cts-hmac-sha256-128 and aes256-cts-hmac-sha384-192. -config RPCSEC_GSS_KRB5_KUNIT_TEST - tristate "KUnit tests for RPCSEC GSS Kerberos" if !KUNIT_ALL_TESTS - depends on RPCSEC_GSS_KRB5 && KUNIT - default KUNIT_ALL_TESTS - help - This builds the KUnit tests for RPCSEC GSS Kerberos 5. - - KUnit tests run during boot and output the results to the debug - log in TAP format (https://testanything.org/). Only useful for - kernel devs running KUnit test harness and are not for inclusion - into a production build. - - For more information on KUnit and unit tests in general, refer - to the KUnit documentation in Documentation/dev-tools/kunit/. - config SUNRPC_DEBUG bool "RPC: Enable dprintk debugging" depends on SUNRPC && SYSCTL diff --git a/net/sunrpc/auth_gss/Makefile b/net/sunrpc/auth_gss/Makefile index 452f67deebc6..68676389d65f 100644 --- a/net/sunrpc/auth_gss/Makefile +++ b/net/sunrpc/auth_gss/Makefile @@ -12,6 +12,4 @@ auth_rpcgss-y := auth_gss.o \ obj-$(CONFIG_RPCSEC_GSS_KRB5) += rpcsec_gss_krb5.o rpcsec_gss_krb5-y := gss_krb5_mech.o gss_krb5_seal.o gss_krb5_unseal.o \ - gss_krb5_wrap.o gss_krb5_crypto.o gss_krb5_keys.o - -obj-$(CONFIG_RPCSEC_GSS_KRB5_KUNIT_TEST) += gss_krb5_test.o + gss_krb5_wrap.o gss_krb5_crypto.o diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c index cfd5b56d1b52..cf461ebcdde5 100644 --- a/net/sunrpc/auth_gss/gss_krb5_crypto.c +++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c @@ -34,19 +34,14 @@ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ -#include -#include -#include #include #include #include #include #include #include -#include #include #include -#include #include "gss_krb5_internal.h" @@ -54,303 +49,6 @@ # define RPCDBG_FACILITY RPCDBG_AUTH #endif -/** - * krb5_make_confounder - Generate a confounder string - * @p: memory location into which to write the string - * @conflen: string length to write, in octets - * - * RFCs 1964 and 3961 mention only "a random confounder" without going - * into detail about its function or cryptographic requirements. The - * assumed purpose is to prevent repeated encryption of a plaintext with - * the same key from generating the same ciphertext. It is also used to - * pad minimum plaintext length to at least a single cipher block. - * - * However, in situations like the GSS Kerberos 5 mechanism, where the - * encryption IV is always all zeroes, the confounder also effectively - * functions like an IV. Thus, not only must it be unique from message - * to message, but it must also be difficult to predict. Otherwise an - * attacker can correlate the confounder to previous or future values, - * making the encryption easier to break. - * - * Given that the primary consumer of this encryption mechanism is a - * network storage protocol, a type of traffic that often carries - * predictable payloads (eg, all zeroes when reading unallocated blocks - * from a file), our confounder generation has to be cryptographically - * strong. - */ -void krb5_make_confounder(u8 *p, int conflen) -{ - get_random_bytes(p, conflen); -} - -/** - * krb5_encrypt - simple encryption of an RPCSEC GSS payload - * @tfm: initialized cipher transform - * @iv: pointer to an IV - * @in: plaintext to encrypt - * @out: OUT: ciphertext - * @length: length of input and output buffers, in bytes - * - * @iv may be NULL to force the use of an all-zero IV. - * The buffer containing the IV must be as large as the - * cipher's ivsize. - * - * Return values: - * %0: @in successfully encrypted into @out - * negative errno: @in not encrypted - */ -u32 -krb5_encrypt( - struct crypto_sync_skcipher *tfm, - void * iv, - void * in, - void * out, - int length) -{ - u32 ret = -EINVAL; - struct scatterlist sg[1]; - u8 local_iv[GSS_KRB5_MAX_BLOCKSIZE] = {0}; - SYNC_SKCIPHER_REQUEST_ON_STACK(req, tfm); - - if (length % crypto_sync_skcipher_blocksize(tfm) != 0) - goto out; - - if (crypto_sync_skcipher_ivsize(tfm) > GSS_KRB5_MAX_BLOCKSIZE) { - dprintk("RPC: gss_k5encrypt: tfm iv size too large %d\n", - crypto_sync_skcipher_ivsize(tfm)); - goto out; - } - - if (iv) - memcpy(local_iv, iv, crypto_sync_skcipher_ivsize(tfm)); - - memcpy(out, in, length); - sg_init_one(sg, out, length); - - skcipher_request_set_sync_tfm(req, tfm); - skcipher_request_set_callback(req, 0, NULL, NULL); - skcipher_request_set_crypt(req, sg, sg, length, local_iv); - - ret = crypto_skcipher_encrypt(req); - skcipher_request_zero(req); -out: - dprintk("RPC: krb5_encrypt returns %d\n", ret); - return ret; -} - -static int -checksummer(struct scatterlist *sg, void *data) -{ - struct ahash_request *req = data; - - ahash_request_set_crypt(req, sg, NULL, sg->length); - - return crypto_ahash_update(req); -} - -/** - * gss_krb5_checksum - Compute the MAC for a GSS Wrap or MIC token - * @tfm: an initialized hash transform - * @header: pointer to a buffer containing the token header, or NULL - * @hdrlen: number of octets in @header - * @body: xdr_buf containing an RPC message (body.len is the message length) - * @body_offset: byte offset into @body to start checksumming - * @cksumout: OUT: a buffer to be filled in with the computed HMAC - * - * Usually expressed as H = HMAC(K, message)[1..h] . - * - * Caller provides the truncation length of the output token (h) in - * cksumout.len. - * - * Return values: - * %GSS_S_COMPLETE: Digest computed, @cksumout filled in - * %GSS_S_FAILURE: Call failed - */ -u32 -gss_krb5_checksum(struct crypto_ahash *tfm, char *header, int hdrlen, - const struct xdr_buf *body, int body_offset, - struct xdr_netobj *cksumout) -{ - struct ahash_request *req; - int err = -ENOMEM; - u8 *checksumdata; - - checksumdata = kmalloc(crypto_ahash_digestsize(tfm), GFP_KERNEL); - if (!checksumdata) - return GSS_S_FAILURE; - - req = ahash_request_alloc(tfm, GFP_KERNEL); - if (!req) - goto out_free_cksum; - ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); - err = crypto_ahash_init(req); - if (err) - goto out_free_ahash; - - /* - * Per RFC 4121 Section 4.2.4, the checksum is performed over the - * data body first, then over the octets in "header". - */ - err = xdr_process_buf(body, body_offset, body->len - body_offset, - checksummer, req); - if (err) - goto out_free_ahash; - if (header) { - struct scatterlist sg[1]; - - sg_init_one(sg, header, hdrlen); - ahash_request_set_crypt(req, sg, NULL, hdrlen); - err = crypto_ahash_update(req); - if (err) - goto out_free_ahash; - } - - ahash_request_set_crypt(req, NULL, checksumdata, 0); - err = crypto_ahash_final(req); - if (err) - goto out_free_ahash; - - memcpy(cksumout->data, checksumdata, - min_t(int, cksumout->len, crypto_ahash_digestsize(tfm))); - -out_free_ahash: - ahash_request_free(req); -out_free_cksum: - kfree_sensitive(checksumdata); - return err ? GSS_S_FAILURE : GSS_S_COMPLETE; -} -EXPORT_SYMBOL_IF_KUNIT(gss_krb5_checksum); - -struct encryptor_desc { - u8 iv[GSS_KRB5_MAX_BLOCKSIZE]; - struct skcipher_request *req; - int pos; - struct xdr_buf *outbuf; - struct page **pages; - struct scatterlist infrags[4]; - struct scatterlist outfrags[4]; - int fragno; - int fraglen; -}; - -static int -encryptor(struct scatterlist *sg, void *data) -{ - struct encryptor_desc *desc = data; - struct xdr_buf *outbuf = desc->outbuf; - struct crypto_sync_skcipher *tfm = - crypto_sync_skcipher_reqtfm(desc->req); - struct page *in_page; - int thislen = desc->fraglen + sg->length; - int fraglen, ret; - int page_pos; - - /* Worst case is 4 fragments: head, end of page 1, start - * of page 2, tail. Anything more is a bug. */ - BUG_ON(desc->fragno > 3); - - page_pos = desc->pos - outbuf->head[0].iov_len; - if (page_pos >= 0 && page_pos < outbuf->page_len) { - /* pages are not in place: */ - int i = (page_pos + outbuf->page_base) >> PAGE_SHIFT; - in_page = desc->pages[i]; - } else { - in_page = sg_page(sg); - } - sg_set_page(&desc->infrags[desc->fragno], in_page, sg->length, - sg->offset); - sg_set_page(&desc->outfrags[desc->fragno], sg_page(sg), sg->length, - sg->offset); - desc->fragno++; - desc->fraglen += sg->length; - desc->pos += sg->length; - - fraglen = thislen & (crypto_sync_skcipher_blocksize(tfm) - 1); - thislen -= fraglen; - - if (thislen == 0) - return 0; - - sg_mark_end(&desc->infrags[desc->fragno - 1]); - sg_mark_end(&desc->outfrags[desc->fragno - 1]); - - skcipher_request_set_crypt(desc->req, desc->infrags, desc->outfrags, - thislen, desc->iv); - - ret = crypto_skcipher_encrypt(desc->req); - if (ret) - return ret; - - sg_init_table(desc->infrags, 4); - sg_init_table(desc->outfrags, 4); - - if (fraglen) { - sg_set_page(&desc->outfrags[0], sg_page(sg), fraglen, - sg->offset + sg->length - fraglen); - desc->infrags[0] = desc->outfrags[0]; - sg_assign_page(&desc->infrags[0], in_page); - desc->fragno = 1; - desc->fraglen = fraglen; - } else { - desc->fragno = 0; - desc->fraglen = 0; - } - return 0; -} - -struct decryptor_desc { - u8 iv[GSS_KRB5_MAX_BLOCKSIZE]; - struct skcipher_request *req; - struct scatterlist frags[4]; - int fragno; - int fraglen; -}; - -static int -decryptor(struct scatterlist *sg, void *data) -{ - struct decryptor_desc *desc = data; - int thislen = desc->fraglen + sg->length; - struct crypto_sync_skcipher *tfm = - crypto_sync_skcipher_reqtfm(desc->req); - int fraglen, ret; - - /* Worst case is 4 fragments: head, end of page 1, start - * of page 2, tail. Anything more is a bug. */ - BUG_ON(desc->fragno > 3); - sg_set_page(&desc->frags[desc->fragno], sg_page(sg), sg->length, - sg->offset); - desc->fragno++; - desc->fraglen += sg->length; - - fraglen = thislen & (crypto_sync_skcipher_blocksize(tfm) - 1); - thislen -= fraglen; - - if (thislen == 0) - return 0; - - sg_mark_end(&desc->frags[desc->fragno - 1]); - - skcipher_request_set_crypt(desc->req, desc->frags, desc->frags, - thislen, desc->iv); - - ret = crypto_skcipher_decrypt(desc->req); - if (ret) - return ret; - - sg_init_table(desc->frags, 4); - - if (fraglen) { - sg_set_page(&desc->frags[0], sg_page(sg), fraglen, - sg->offset + sg->length - fraglen); - desc->fragno = 1; - desc->fraglen = fraglen; - } else { - desc->fragno = 0; - desc->fraglen = 0; - } - return 0; -} /* * This function makes the assumption that it was ultimately called @@ -363,7 +61,7 @@ decryptor(struct scatterlist *sg, void *data) * * Even with that guarantee, this function may be called more than * once in the processing of gss_wrap(). The best we can do is - * verify at compile-time (see GSS_KRB5_SLACK_CHECK) that the + * verify at compile-time (see GSS_KRB5_MAX_SLACK_NEEDED) that the * largest expected shift will fit within RPC_MAX_AUTH_SIZE. * At run-time we can verify that a single invocation of this * function doesn't attempt to use more the RPC_MAX_AUTH_SIZE. @@ -389,263 +87,6 @@ xdr_extend_head(struct xdr_buf *buf, unsigned int base, unsigned int shiftlen) return 0; } -static u32 -gss_krb5_cts_crypt(struct crypto_sync_skcipher *cipher, struct xdr_buf *buf, - u32 offset, u8 *iv, struct page **pages, int encrypt) -{ - u32 ret; - struct scatterlist sg[1]; - SYNC_SKCIPHER_REQUEST_ON_STACK(req, cipher); - u8 *data; - struct page **save_pages; - u32 len = buf->len - offset; - - if (len > GSS_KRB5_MAX_BLOCKSIZE * 2) { - WARN_ON(0); - return -ENOMEM; - } - data = kmalloc(GSS_KRB5_MAX_BLOCKSIZE * 2, GFP_KERNEL); - if (!data) - return -ENOMEM; - - /* - * For encryption, we want to read from the cleartext - * page cache pages, and write the encrypted data to - * the supplied xdr_buf pages. - */ - save_pages = buf->pages; - if (encrypt) - buf->pages = pages; - - ret = read_bytes_from_xdr_buf(buf, offset, data, len); - buf->pages = save_pages; - if (ret) - goto out; - - sg_init_one(sg, data, len); - - skcipher_request_set_sync_tfm(req, cipher); - skcipher_request_set_callback(req, 0, NULL, NULL); - skcipher_request_set_crypt(req, sg, sg, len, iv); - - if (encrypt) - ret = crypto_skcipher_encrypt(req); - else - ret = crypto_skcipher_decrypt(req); - - skcipher_request_zero(req); - - if (ret) - goto out; - - ret = write_bytes_to_xdr_buf(buf, offset, data, len); - -#if IS_ENABLED(CONFIG_KUNIT) - /* - * CBC-CTS does not define an output IV but RFC 3962 defines it as the - * penultimate block of ciphertext, so copy that into the IV buffer - * before returning. - */ - if (encrypt) - memcpy(iv, data, crypto_sync_skcipher_ivsize(cipher)); -#endif - -out: - kfree(data); - return ret; -} - -/** - * krb5_cbc_cts_encrypt - encrypt in CBC mode with CTS - * @cts_tfm: CBC cipher with CTS - * @cbc_tfm: base CBC cipher - * @offset: starting byte offset for plaintext - * @buf: OUT: output buffer - * @pages: plaintext - * @iv: output CBC initialization vector, or NULL - * @ivsize: size of @iv, in octets - * - * To provide confidentiality, encrypt using cipher block chaining - * with ciphertext stealing. Message integrity is handled separately. - * - * Return values: - * %0: encryption successful - * negative errno: encryption could not be completed - */ -VISIBLE_IF_KUNIT -int krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm, - struct crypto_sync_skcipher *cbc_tfm, - u32 offset, struct xdr_buf *buf, struct page **pages, - u8 *iv, unsigned int ivsize) -{ - u32 blocksize, nbytes, nblocks, cbcbytes; - struct encryptor_desc desc; - int err; - - blocksize = crypto_sync_skcipher_blocksize(cts_tfm); - nbytes = buf->len - offset; - nblocks = (nbytes + blocksize - 1) / blocksize; - cbcbytes = 0; - if (nblocks > 2) - cbcbytes = (nblocks - 2) * blocksize; - - memset(desc.iv, 0, sizeof(desc.iv)); - - /* Handle block-sized chunks of plaintext with CBC. */ - if (cbcbytes) { - SYNC_SKCIPHER_REQUEST_ON_STACK(req, cbc_tfm); - - desc.pos = offset; - desc.fragno = 0; - desc.fraglen = 0; - desc.pages = pages; - desc.outbuf = buf; - desc.req = req; - - skcipher_request_set_sync_tfm(req, cbc_tfm); - skcipher_request_set_callback(req, 0, NULL, NULL); - - sg_init_table(desc.infrags, 4); - sg_init_table(desc.outfrags, 4); - - err = xdr_process_buf(buf, offset, cbcbytes, encryptor, &desc); - skcipher_request_zero(req); - if (err) - return err; - } - - /* Remaining plaintext is handled with CBC-CTS. */ - err = gss_krb5_cts_crypt(cts_tfm, buf, offset + cbcbytes, - desc.iv, pages, 1); - if (err) - return err; - - if (unlikely(iv)) - memcpy(iv, desc.iv, ivsize); - return 0; -} -EXPORT_SYMBOL_IF_KUNIT(krb5_cbc_cts_encrypt); - -/** - * krb5_cbc_cts_decrypt - decrypt in CBC mode with CTS - * @cts_tfm: CBC cipher with CTS - * @cbc_tfm: base CBC cipher - * @offset: starting byte offset for plaintext - * @buf: OUT: output buffer - * - * Return values: - * %0: decryption successful - * negative errno: decryption could not be completed - */ -VISIBLE_IF_KUNIT -int krb5_cbc_cts_decrypt(struct crypto_sync_skcipher *cts_tfm, - struct crypto_sync_skcipher *cbc_tfm, - u32 offset, struct xdr_buf *buf) -{ - u32 blocksize, nblocks, cbcbytes; - struct decryptor_desc desc; - int err; - - blocksize = crypto_sync_skcipher_blocksize(cts_tfm); - nblocks = (buf->len + blocksize - 1) / blocksize; - cbcbytes = 0; - if (nblocks > 2) - cbcbytes = (nblocks - 2) * blocksize; - - memset(desc.iv, 0, sizeof(desc.iv)); - - /* Handle block-sized chunks of plaintext with CBC. */ - if (cbcbytes) { - SYNC_SKCIPHER_REQUEST_ON_STACK(req, cbc_tfm); - - desc.fragno = 0; - desc.fraglen = 0; - desc.req = req; - - skcipher_request_set_sync_tfm(req, cbc_tfm); - skcipher_request_set_callback(req, 0, NULL, NULL); - - sg_init_table(desc.frags, 4); - - err = xdr_process_buf(buf, 0, cbcbytes, decryptor, &desc); - skcipher_request_zero(req); - if (err) - return err; - } - - /* Remaining plaintext is handled with CBC-CTS. */ - return gss_krb5_cts_crypt(cts_tfm, buf, cbcbytes, desc.iv, NULL, 0); -} -EXPORT_SYMBOL_IF_KUNIT(krb5_cbc_cts_decrypt); - -/** - * krb5_etm_checksum - Compute a MAC for a GSS Wrap token - * @cipher: an initialized cipher transform - * @tfm: an initialized hash transform - * @body: xdr_buf containing an RPC message (body.len is the message length) - * @body_offset: byte offset into @body to start checksumming - * @cksumout: OUT: a buffer to be filled in with the computed HMAC - * - * Usually expressed as H = HMAC(K, IV | ciphertext)[1..h] . - * - * Caller provides the truncation length of the output token (h) in - * cksumout.len. - * - * Return values: - * %GSS_S_COMPLETE: Digest computed, @cksumout filled in - * %GSS_S_FAILURE: Call failed - */ -VISIBLE_IF_KUNIT -u32 krb5_etm_checksum(struct crypto_sync_skcipher *cipher, - struct crypto_ahash *tfm, const struct xdr_buf *body, - int body_offset, struct xdr_netobj *cksumout) -{ - unsigned int ivsize = crypto_sync_skcipher_ivsize(cipher); - struct ahash_request *req; - struct scatterlist sg[1]; - u8 *iv, *checksumdata; - int err = -ENOMEM; - - checksumdata = kmalloc(crypto_ahash_digestsize(tfm), GFP_KERNEL); - if (!checksumdata) - return GSS_S_FAILURE; - /* For RPCSEC, the "initial cipher state" is always all zeroes. */ - iv = kzalloc(ivsize, GFP_KERNEL); - if (!iv) - goto out_free_mem; - - req = ahash_request_alloc(tfm, GFP_KERNEL); - if (!req) - goto out_free_mem; - ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL); - err = crypto_ahash_init(req); - if (err) - goto out_free_ahash; - - sg_init_one(sg, iv, ivsize); - ahash_request_set_crypt(req, sg, NULL, ivsize); - err = crypto_ahash_update(req); - if (err) - goto out_free_ahash; - err = xdr_process_buf(body, body_offset, body->len - body_offset, - checksummer, req); - if (err) - goto out_free_ahash; - - ahash_request_set_crypt(req, NULL, checksumdata, 0); - err = crypto_ahash_final(req); - if (err) - goto out_free_ahash; - memcpy(cksumout->data, checksumdata, cksumout->len); - -out_free_ahash: - ahash_request_free(req); -out_free_mem: - kfree(iv); - kfree_sensitive(checksumdata); - return err ? GSS_S_FAILURE : GSS_S_COMPLETE; -} -EXPORT_SYMBOL_IF_KUNIT(krb5_etm_checksum); /** * gss_krb5_aead_encrypt - Encrypt a wrap token using crypto/krb5 diff --git a/net/sunrpc/auth_gss/gss_krb5_internal.h b/net/sunrpc/auth_gss/gss_krb5_internal.h index 6b08a7486e0b..208f9df9ea96 100644 --- a/net/sunrpc/auth_gss/gss_krb5_internal.h +++ b/net/sunrpc/auth_gss/gss_krb5_internal.h @@ -10,38 +10,8 @@ #include -/* - * The RFCs often specify payload lengths in bits. This helper - * converts a specified bit-length to the number of octets/bytes. - */ -#define BITS2OCTETS(x) ((x) / 8) - struct krb5_ctx; -struct gss_krb5_enctype { - const u32 etype; /* encryption (key) type */ - const u32 ctype; /* checksum type */ - const char *name; /* "friendly" name */ - const char *encrypt_name; /* crypto encrypt name */ - const char *aux_cipher; /* aux encrypt cipher name */ - const char *cksum_name; /* crypto checksum name */ - const u16 signalg; /* signing algorithm */ - const u16 sealalg; /* sealing algorithm */ - const u32 cksumlength; /* checksum length */ - const u32 keyed_cksum; /* is it a keyed cksum? */ - const u32 keybytes; /* raw key len, in bytes */ - const u32 keylength; /* protocol key length, in octets */ - const u32 Kc_length; /* checksum subkey length, in octets */ - const u32 Ke_length; /* encryption subkey length, in octets */ - const u32 Ki_length; /* integrity subkey length, in octets */ - - int (*derive_key)(const struct gss_krb5_enctype *gk5e, - const struct xdr_netobj *in, - struct xdr_netobj *out, - const struct xdr_netobj *label, - gfp_t gfp_mask); -}; - /* krb5_ctx flags definitions */ #define KRB5_CTX_FLAG_INITIATOR 0x00000001 #define KRB5_CTX_FLAG_ACCEPTOR_SUBKEY 0x00000004 @@ -50,7 +20,6 @@ struct krb5_ctx { int initiate; /* 1 = initiating, 0 = accepting */ u32 enctype; u32 flags; - const struct gss_krb5_enctype *gk5e; /* enctype-specific info */ const struct krb5_enctype *krb5e; /* crypto/krb5 enctype */ struct crypto_aead *initiator_enc_aead; struct crypto_aead *acceptor_enc_aead; @@ -58,7 +27,6 @@ struct krb5_ctx { struct crypto_shash *acceptor_sign_shash; u8 Ksess[GSS_KRB5_MAX_KEYLEN]; /* session key */ u8 cksum[GSS_KRB5_MAX_KEYLEN]; - atomic_t seq_send; atomic64_t seq_send64; time64_t endtime; struct xdr_netobj mech_used; @@ -85,35 +53,6 @@ u32 gss_krb5_unwrap_v2(struct krb5_ctx *kctx, int offset, int len, * Implementation internal functions */ -/* Key Derivation Functions */ - -int krb5_derive_key_v2(const struct gss_krb5_enctype *gk5e, - const struct xdr_netobj *inkey, - struct xdr_netobj *outkey, - const struct xdr_netobj *label, - gfp_t gfp_mask); - -int krb5_kdf_hmac_sha2(const struct gss_krb5_enctype *gk5e, - const struct xdr_netobj *inkey, - struct xdr_netobj *outkey, - const struct xdr_netobj *in_constant, - gfp_t gfp_mask); - -int krb5_kdf_feedback_cmac(const struct gss_krb5_enctype *gk5e, - const struct xdr_netobj *inkey, - struct xdr_netobj *outkey, - const struct xdr_netobj *in_constant, - gfp_t gfp_mask); - -void krb5_make_confounder(u8 *p, int conflen); - -u32 gss_krb5_checksum(struct crypto_ahash *tfm, char *header, int hdrlen, - const struct xdr_buf *body, int body_offset, - struct xdr_netobj *cksumout); - -u32 krb5_encrypt(struct crypto_sync_skcipher *key, void *iv, void *in, - void *out, int length); - int xdr_extend_head(struct xdr_buf *buf, unsigned int base, unsigned int shiftlen); @@ -130,19 +69,5 @@ u32 gss_krb5_aead_encrypt(struct krb5_ctx *kctx, u32 offset, u32 gss_krb5_aead_decrypt(struct krb5_ctx *kctx, u32 offset, u32 len, struct xdr_buf *buf, u32 *headskip, u32 *tailskip); -#if IS_ENABLED(CONFIG_KUNIT) -void krb5_nfold(u32 inbits, const u8 *in, u32 outbits, u8 *out); -const struct gss_krb5_enctype *gss_krb5_lookup_enctype(u32 etype); -int krb5_cbc_cts_encrypt(struct crypto_sync_skcipher *cts_tfm, - struct crypto_sync_skcipher *cbc_tfm, u32 offset, - struct xdr_buf *buf, struct page **pages, - u8 *iv, unsigned int ivsize); -int krb5_cbc_cts_decrypt(struct crypto_sync_skcipher *cts_tfm, - struct crypto_sync_skcipher *cbc_tfm, - u32 offset, struct xdr_buf *buf); -u32 krb5_etm_checksum(struct crypto_sync_skcipher *cipher, - struct crypto_ahash *tfm, const struct xdr_buf *body, - int body_offset, struct xdr_netobj *cksumout); -#endif #endif /* _NET_SUNRPC_AUTH_GSS_KRB5_INTERNAL_H */ diff --git a/net/sunrpc/auth_gss/gss_krb5_keys.c b/net/sunrpc/auth_gss/gss_krb5_keys.c deleted file mode 100644 index 4eb19c3a54c7..000000000000 --- a/net/sunrpc/auth_gss/gss_krb5_keys.c +++ /dev/null @@ -1,546 +0,0 @@ -/* - * COPYRIGHT (c) 2008 - * The Regents of the University of Michigan - * ALL RIGHTS RESERVED - * - * Permission is granted to use, copy, create derivative works - * and redistribute this software and such derivative works - * for any purpose, so long as the name of The University of - * Michigan is not used in any advertising or publicity - * pertaining to the use of distribution of this software - * without specific, written prior authorization. If the - * above copyright notice or any other identification of the - * University of Michigan is included in any copy of any - * portion of this software, then the disclaimer below must - * also be included. - * - * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION - * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY - * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF - * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING - * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE - * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE - * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR - * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING - * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN - * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGES. - */ - -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "gss_krb5_internal.h" - -#if IS_ENABLED(CONFIG_SUNRPC_DEBUG) -# define RPCDBG_FACILITY RPCDBG_AUTH -#endif - -/** - * krb5_nfold - n-fold function - * @inbits: number of bits in @in - * @in: buffer containing input to fold - * @outbits: number of bits in the output buffer - * @out: buffer to hold the result - * - * This is the n-fold function as described in rfc3961, sec 5.1 - * Taken from MIT Kerberos and modified. - */ -VISIBLE_IF_KUNIT -void krb5_nfold(u32 inbits, const u8 *in, u32 outbits, u8 *out) -{ - unsigned long ulcm; - int byte, i, msbit; - - /* the code below is more readable if I make these bytes - instead of bits */ - - inbits >>= 3; - outbits >>= 3; - - /* first compute lcm(n,k) */ - ulcm = lcm(inbits, outbits); - - /* now do the real work */ - - memset(out, 0, outbits); - byte = 0; - - /* this will end up cycling through k lcm(k,n)/k times, which - is correct */ - for (i = ulcm-1; i >= 0; i--) { - /* compute the msbit in k which gets added into this byte */ - msbit = ( - /* first, start with the msbit in the first, - * unrotated byte */ - ((inbits << 3) - 1) - /* then, for each byte, shift to the right - * for each repetition */ - + (((inbits << 3) + 13) * (i/inbits)) - /* last, pick out the correct byte within - * that shifted repetition */ - + ((inbits - (i % inbits)) << 3) - ) % (inbits << 3); - - /* pull out the byte value itself */ - byte += (((in[((inbits - 1) - (msbit >> 3)) % inbits] << 8)| - (in[((inbits) - (msbit >> 3)) % inbits])) - >> ((msbit & 7) + 1)) & 0xff; - - /* do the addition */ - byte += out[i % outbits]; - out[i % outbits] = byte & 0xff; - - /* keep around the carry bit, if any */ - byte >>= 8; - - } - - /* if there's a carry bit left over, add it back in */ - if (byte) { - for (i = outbits - 1; i >= 0; i--) { - /* do the addition */ - byte += out[i]; - out[i] = byte & 0xff; - - /* keep around the carry bit, if any */ - byte >>= 8; - } - } -} -EXPORT_SYMBOL_IF_KUNIT(krb5_nfold); - -/* - * This is the DK (derive_key) function as described in rfc3961, sec 5.1 - * Taken from MIT Kerberos and modified. - */ -static int krb5_DK(const struct gss_krb5_enctype *gk5e, - const struct xdr_netobj *inkey, u8 *rawkey, - const struct xdr_netobj *in_constant, gfp_t gfp_mask) -{ - size_t blocksize, keybytes, keylength, n; - unsigned char *inblockdata, *outblockdata; - struct xdr_netobj inblock, outblock; - struct crypto_sync_skcipher *cipher; - int ret = -EINVAL; - - keybytes = gk5e->keybytes; - keylength = gk5e->keylength; - - if (inkey->len != keylength) - goto err_return; - - cipher = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); - if (IS_ERR(cipher)) - goto err_return; - blocksize = crypto_sync_skcipher_blocksize(cipher); - if (crypto_sync_skcipher_setkey(cipher, inkey->data, inkey->len)) - goto err_free_cipher; - - ret = -ENOMEM; - inblockdata = kmalloc(blocksize, gfp_mask); - if (inblockdata == NULL) - goto err_free_cipher; - - outblockdata = kmalloc(blocksize, gfp_mask); - if (outblockdata == NULL) - goto err_free_in; - - inblock.data = (char *) inblockdata; - inblock.len = blocksize; - - outblock.data = (char *) outblockdata; - outblock.len = blocksize; - - /* initialize the input block */ - - if (in_constant->len == inblock.len) { - memcpy(inblock.data, in_constant->data, inblock.len); - } else { - krb5_nfold(in_constant->len * 8, in_constant->data, - inblock.len * 8, inblock.data); - } - - /* loop encrypting the blocks until enough key bytes are generated */ - - n = 0; - while (n < keybytes) { - krb5_encrypt(cipher, NULL, inblock.data, outblock.data, - inblock.len); - - if ((keybytes - n) <= outblock.len) { - memcpy(rawkey + n, outblock.data, (keybytes - n)); - break; - } - - memcpy(rawkey + n, outblock.data, outblock.len); - memcpy(inblock.data, outblock.data, outblock.len); - n += outblock.len; - } - - ret = 0; - - kfree_sensitive(outblockdata); -err_free_in: - kfree_sensitive(inblockdata); -err_free_cipher: - crypto_free_sync_skcipher(cipher); -err_return: - return ret; -} - -/* - * This is the identity function, with some sanity checking. - */ -static int krb5_random_to_key_v2(const struct gss_krb5_enctype *gk5e, - struct xdr_netobj *randombits, - struct xdr_netobj *key) -{ - int ret = -EINVAL; - - if (key->len != 16 && key->len != 32) { - dprintk("%s: key->len is %d\n", __func__, key->len); - goto err_out; - } - if (randombits->len != 16 && randombits->len != 32) { - dprintk("%s: randombits->len is %d\n", - __func__, randombits->len); - goto err_out; - } - if (randombits->len != key->len) { - dprintk("%s: randombits->len is %d, key->len is %d\n", - __func__, randombits->len, key->len); - goto err_out; - } - memcpy(key->data, randombits->data, key->len); - ret = 0; -err_out: - return ret; -} - -/** - * krb5_derive_key_v2 - Derive a subkey for an RFC 3962 enctype - * @gk5e: Kerberos 5 enctype profile - * @inkey: base protocol key - * @outkey: OUT: derived key - * @label: subkey usage label - * @gfp_mask: memory allocation control flags - * - * Caller sets @outkey->len to the desired length of the derived key. - * - * On success, returns 0 and fills in @outkey. A negative errno value - * is returned on failure. - */ -int krb5_derive_key_v2(const struct gss_krb5_enctype *gk5e, - const struct xdr_netobj *inkey, - struct xdr_netobj *outkey, - const struct xdr_netobj *label, - gfp_t gfp_mask) -{ - struct xdr_netobj inblock; - int ret; - - inblock.len = gk5e->keybytes; - inblock.data = kmalloc(inblock.len, gfp_mask); - if (!inblock.data) - return -ENOMEM; - - ret = krb5_DK(gk5e, inkey, inblock.data, label, gfp_mask); - if (!ret) - ret = krb5_random_to_key_v2(gk5e, &inblock, outkey); - - kfree_sensitive(inblock.data); - return ret; -} - -/* - * K(i) = CMAC(key, K(i-1) | i | constant | 0x00 | k) - * - * i: A block counter is used with a length of 4 bytes, represented - * in big-endian order. - * - * constant: The label input to the KDF is the usage constant supplied - * to the key derivation function - * - * k: The length of the output key in bits, represented as a 4-byte - * string in big-endian order. - * - * Caller fills in K(i-1) in @step, and receives the result K(i) - * in the same buffer. - */ -static int -krb5_cmac_Ki(struct crypto_shash *tfm, const struct xdr_netobj *constant, - u32 outlen, u32 count, struct xdr_netobj *step) -{ - __be32 k = cpu_to_be32(outlen * 8); - SHASH_DESC_ON_STACK(desc, tfm); - __be32 i = cpu_to_be32(count); - u8 zero = 0; - int ret; - - desc->tfm = tfm; - ret = crypto_shash_init(desc); - if (ret) - goto out_err; - - ret = crypto_shash_update(desc, step->data, step->len); - if (ret) - goto out_err; - ret = crypto_shash_update(desc, (u8 *)&i, sizeof(i)); - if (ret) - goto out_err; - ret = crypto_shash_update(desc, constant->data, constant->len); - if (ret) - goto out_err; - ret = crypto_shash_update(desc, &zero, sizeof(zero)); - if (ret) - goto out_err; - ret = crypto_shash_update(desc, (u8 *)&k, sizeof(k)); - if (ret) - goto out_err; - ret = crypto_shash_final(desc, step->data); - if (ret) - goto out_err; - -out_err: - shash_desc_zero(desc); - return ret; -} - -/** - * krb5_kdf_feedback_cmac - Derive a subkey for a Camellia/CMAC-based enctype - * @gk5e: Kerberos 5 enctype parameters - * @inkey: base protocol key - * @outkey: OUT: derived key - * @constant: subkey usage label - * @gfp_mask: memory allocation control flags - * - * RFC 6803 Section 3: - * - * "We use a key derivation function from the family specified in - * [SP800-108], Section 5.2, 'KDF in Feedback Mode'." - * - * n = ceiling(k / 128) - * K(0) = zeros - * K(i) = CMAC(key, K(i-1) | i | constant | 0x00 | k) - * DR(key, constant) = k-truncate(K(1) | K(2) | ... | K(n)) - * KDF-FEEDBACK-CMAC(key, constant) = random-to-key(DR(key, constant)) - * - * Caller sets @outkey->len to the desired length of the derived key (k). - * - * On success, returns 0 and fills in @outkey. A negative errno value - * is returned on failure. - */ -int -krb5_kdf_feedback_cmac(const struct gss_krb5_enctype *gk5e, - const struct xdr_netobj *inkey, - struct xdr_netobj *outkey, - const struct xdr_netobj *constant, - gfp_t gfp_mask) -{ - struct xdr_netobj step = { .data = NULL }; - struct xdr_netobj DR = { .data = NULL }; - unsigned int blocksize, offset; - struct crypto_shash *tfm; - int n, count, ret; - - /* - * This implementation assumes the CMAC used for an enctype's - * key derivation is the same as the CMAC used for its - * checksumming. This happens to be true for enctypes that - * are currently supported by this implementation. - */ - tfm = crypto_alloc_shash(gk5e->cksum_name, 0, 0); - if (IS_ERR(tfm)) { - ret = PTR_ERR(tfm); - goto out; - } - ret = crypto_shash_setkey(tfm, inkey->data, inkey->len); - if (ret) - goto out_free_tfm; - - blocksize = crypto_shash_digestsize(tfm); - n = (outkey->len + blocksize - 1) / blocksize; - - /* K(0) is all zeroes */ - ret = -ENOMEM; - step.len = blocksize; - step.data = kzalloc(step.len, gfp_mask); - if (!step.data) - goto out_free_tfm; - - DR.len = blocksize * n; - DR.data = kmalloc(DR.len, gfp_mask); - if (!DR.data) - goto out_free_tfm; - - /* XXX: Does not handle partial-block key sizes */ - for (offset = 0, count = 1; count <= n; count++) { - ret = krb5_cmac_Ki(tfm, constant, outkey->len, count, &step); - if (ret) - goto out_free_tfm; - - memcpy(DR.data + offset, step.data, blocksize); - offset += blocksize; - } - - /* k-truncate and random-to-key */ - memcpy(outkey->data, DR.data, outkey->len); - ret = 0; - -out_free_tfm: - crypto_free_shash(tfm); -out: - kfree_sensitive(step.data); - kfree_sensitive(DR.data); - return ret; -} - -/* - * K1 = HMAC-SHA(key, 0x00000001 | label | 0x00 | k) - * - * key: The source of entropy from which subsequent keys are derived. - * - * label: An octet string describing the intended usage of the - * derived key. - * - * k: Length in bits of the key to be outputted, expressed in - * big-endian binary representation in 4 bytes. - */ -static int -krb5_hmac_K1(struct crypto_shash *tfm, const struct xdr_netobj *label, - u32 outlen, struct xdr_netobj *K1) -{ - __be32 k = cpu_to_be32(outlen * 8); - SHASH_DESC_ON_STACK(desc, tfm); - __be32 one = cpu_to_be32(1); - u8 zero = 0; - int ret; - - desc->tfm = tfm; - ret = crypto_shash_init(desc); - if (ret) - goto out_err; - ret = crypto_shash_update(desc, (u8 *)&one, sizeof(one)); - if (ret) - goto out_err; - ret = crypto_shash_update(desc, label->data, label->len); - if (ret) - goto out_err; - ret = crypto_shash_update(desc, &zero, sizeof(zero)); - if (ret) - goto out_err; - ret = crypto_shash_update(desc, (u8 *)&k, sizeof(k)); - if (ret) - goto out_err; - ret = crypto_shash_final(desc, K1->data); - if (ret) - goto out_err; - -out_err: - shash_desc_zero(desc); - return ret; -} - -/** - * krb5_kdf_hmac_sha2 - Derive a subkey for an AES/SHA2-based enctype - * @gk5e: Kerberos 5 enctype policy parameters - * @inkey: base protocol key - * @outkey: OUT: derived key - * @label: subkey usage label - * @gfp_mask: memory allocation control flags - * - * RFC 8009 Section 3: - * - * "We use a key derivation function from Section 5.1 of [SP800-108], - * which uses the HMAC algorithm as the PRF." - * - * function KDF-HMAC-SHA2(key, label, [context,] k): - * k-truncate(K1) - * - * Caller sets @outkey->len to the desired length of the derived key. - * - * On success, returns 0 and fills in @outkey. A negative errno value - * is returned on failure. - */ -int -krb5_kdf_hmac_sha2(const struct gss_krb5_enctype *gk5e, - const struct xdr_netobj *inkey, - struct xdr_netobj *outkey, - const struct xdr_netobj *label, - gfp_t gfp_mask) -{ - struct crypto_shash *tfm; - struct xdr_netobj K1 = { - .data = NULL, - }; - int ret; - - /* - * This implementation assumes the HMAC used for an enctype's - * key derivation is the same as the HMAC used for its - * checksumming. This happens to be true for enctypes that - * are currently supported by this implementation. - */ - tfm = crypto_alloc_shash(gk5e->cksum_name, 0, 0); - if (IS_ERR(tfm)) { - ret = PTR_ERR(tfm); - goto out; - } - ret = crypto_shash_setkey(tfm, inkey->data, inkey->len); - if (ret) - goto out_free_tfm; - - K1.len = crypto_shash_digestsize(tfm); - K1.data = kmalloc(K1.len, gfp_mask); - if (!K1.data) { - ret = -ENOMEM; - goto out_free_tfm; - } - - ret = krb5_hmac_K1(tfm, label, outkey->len, &K1); - if (ret) - goto out_free_tfm; - - /* k-truncate and random-to-key */ - memcpy(outkey->data, K1.data, outkey->len); - -out_free_tfm: - kfree_sensitive(K1.data); - crypto_free_shash(tfm); -out: - return ret; -} diff --git a/net/sunrpc/auth_gss/gss_krb5_mech.c b/net/sunrpc/auth_gss/gss_krb5_mech.c index d8cb79fd2463..5a52fd84f946 100644 --- a/net/sunrpc/auth_gss/gss_krb5_mech.c +++ b/net/sunrpc/auth_gss/gss_krb5_mech.c @@ -17,7 +17,6 @@ #include #include #include -#include #include "auth_gss_internal.h" #include "gss_krb5_internal.h" @@ -28,141 +27,6 @@ static struct gss_api_mech gss_kerberos_mech; -static const struct gss_krb5_enctype supported_gss_krb5_enctypes[] = { -#if defined(CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA1) - /* - * AES-128 with SHA-1 (RFC 3962) - */ - { - .etype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, - .ctype = CKSUMTYPE_HMAC_SHA1_96_AES128, - .name = "aes128-cts", - .encrypt_name = "cts(cbc(aes))", - .aux_cipher = "cbc(aes)", - .cksum_name = "hmac(sha1)", - .derive_key = krb5_derive_key_v2, - - .signalg = -1, - .sealalg = -1, - .keybytes = 16, - .keylength = BITS2OCTETS(128), - .Kc_length = BITS2OCTETS(128), - .Ke_length = BITS2OCTETS(128), - .Ki_length = BITS2OCTETS(128), - .cksumlength = BITS2OCTETS(96), - .keyed_cksum = 1, - }, - /* - * AES-256 with SHA-1 (RFC 3962) - */ - { - .etype = ENCTYPE_AES256_CTS_HMAC_SHA1_96, - .ctype = CKSUMTYPE_HMAC_SHA1_96_AES256, - .name = "aes256-cts", - .encrypt_name = "cts(cbc(aes))", - .aux_cipher = "cbc(aes)", - .cksum_name = "hmac(sha1)", - .derive_key = krb5_derive_key_v2, - - .signalg = -1, - .sealalg = -1, - .keybytes = 32, - .keylength = BITS2OCTETS(256), - .Kc_length = BITS2OCTETS(256), - .Ke_length = BITS2OCTETS(256), - .Ki_length = BITS2OCTETS(256), - .cksumlength = BITS2OCTETS(96), - .keyed_cksum = 1, - }, -#endif - -#if defined(CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_CAMELLIA) - /* - * Camellia-128 with CMAC (RFC 6803) - */ - { - .etype = ENCTYPE_CAMELLIA128_CTS_CMAC, - .ctype = CKSUMTYPE_CMAC_CAMELLIA128, - .name = "camellia128-cts-cmac", - .encrypt_name = "cts(cbc(camellia))", - .aux_cipher = "cbc(camellia)", - .cksum_name = "cmac(camellia)", - .cksumlength = BITS2OCTETS(128), - .keyed_cksum = 1, - .keylength = BITS2OCTETS(128), - .Kc_length = BITS2OCTETS(128), - .Ke_length = BITS2OCTETS(128), - .Ki_length = BITS2OCTETS(128), - - .derive_key = krb5_kdf_feedback_cmac, - - }, - /* - * Camellia-256 with CMAC (RFC 6803) - */ - { - .etype = ENCTYPE_CAMELLIA256_CTS_CMAC, - .ctype = CKSUMTYPE_CMAC_CAMELLIA256, - .name = "camellia256-cts-cmac", - .encrypt_name = "cts(cbc(camellia))", - .aux_cipher = "cbc(camellia)", - .cksum_name = "cmac(camellia)", - .cksumlength = BITS2OCTETS(128), - .keyed_cksum = 1, - .keylength = BITS2OCTETS(256), - .Kc_length = BITS2OCTETS(256), - .Ke_length = BITS2OCTETS(256), - .Ki_length = BITS2OCTETS(256), - - .derive_key = krb5_kdf_feedback_cmac, - - }, -#endif - -#if defined(CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2) - /* - * AES-128 with SHA-256 (RFC 8009) - */ - { - .etype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, - .ctype = CKSUMTYPE_HMAC_SHA256_128_AES128, - .name = "aes128-cts-hmac-sha256-128", - .encrypt_name = "cts(cbc(aes))", - .aux_cipher = "cbc(aes)", - .cksum_name = "hmac(sha256)", - .cksumlength = BITS2OCTETS(128), - .keyed_cksum = 1, - .keylength = BITS2OCTETS(128), - .Kc_length = BITS2OCTETS(128), - .Ke_length = BITS2OCTETS(128), - .Ki_length = BITS2OCTETS(128), - - .derive_key = krb5_kdf_hmac_sha2, - - }, - /* - * AES-256 with SHA-384 (RFC 8009) - */ - { - .etype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, - .ctype = CKSUMTYPE_HMAC_SHA384_192_AES256, - .name = "aes256-cts-hmac-sha384-192", - .encrypt_name = "cts(cbc(aes))", - .aux_cipher = "cbc(aes)", - .cksum_name = "hmac(sha384)", - .cksumlength = BITS2OCTETS(192), - .keyed_cksum = 1, - .keylength = BITS2OCTETS(256), - .Kc_length = BITS2OCTETS(192), - .Ke_length = BITS2OCTETS(256), - .Ki_length = BITS2OCTETS(192), - - .derive_key = krb5_kdf_hmac_sha2, - - }, -#endif -}; - /* * The list of advertised enctypes is specified in order of most * preferred to least. @@ -204,30 +68,11 @@ static void gss_krb5_prepare_enctype_priority_list(void) } } -/** - * gss_krb5_lookup_enctype - Retrieve profile information for a given enctype - * @etype: ENCTYPE value - * - * Returns a pointer to a gss_krb5_enctype structure, or NULL if no - * matching etype is found. - */ -VISIBLE_IF_KUNIT -const struct gss_krb5_enctype *gss_krb5_lookup_enctype(u32 etype) -{ - size_t i; - - for (i = 0; i < ARRAY_SIZE(supported_gss_krb5_enctypes); i++) - if (supported_gss_krb5_enctypes[i].etype == etype) - return &supported_gss_krb5_enctypes[i]; - return NULL; -} -EXPORT_SYMBOL_IF_KUNIT(gss_krb5_lookup_enctype); - static int gss_krb5_import_ctx_v2(struct krb5_ctx *ctx, gfp_t gfp_mask) { struct krb5_buffer TK = { - .len = ctx->gk5e->keylength, + .len = ctx->krb5e->key_len, .data = ctx->Ksess, }; int ret; @@ -298,32 +143,17 @@ gss_import_v2_context(const void *p, const void *end, struct krb5_ctx *ctx, if (IS_ERR(p)) goto out_err; atomic64_set(&ctx->seq_send64, seq_send64); - /* set seq_send for use by "older" enctypes */ - atomic_set(&ctx->seq_send, seq_send64); - if (seq_send64 != atomic_read(&ctx->seq_send)) { - dprintk("%s: seq_send64 %llx, seq_send %x overflow?\n", __func__, - seq_send64, atomic_read(&ctx->seq_send)); - p = ERR_PTR(-EINVAL); - goto out_err; - } p = simple_get_bytes(p, end, &ctx->enctype, sizeof(ctx->enctype)); if (IS_ERR(p)) goto out_err; - ctx->gk5e = gss_krb5_lookup_enctype(ctx->enctype); - if (ctx->gk5e == NULL) { + ctx->krb5e = crypto_krb5_find_enctype(ctx->enctype); + if (!ctx->krb5e) { dprintk("gss_kerberos_mech: unsupported krb5 enctype %u\n", ctx->enctype); p = ERR_PTR(-EINVAL); goto out_err; } - ctx->krb5e = crypto_krb5_find_enctype(ctx->enctype); - if (!ctx->krb5e) { - dprintk("gss_kerberos_mech: crypto/krb5 missing enctype %u\n", - ctx->enctype); - p = ERR_PTR(-EINVAL); - goto out_err; - } - keylen = ctx->gk5e->keylength; + keylen = ctx->krb5e->key_len; p = simple_get_bytes(p, end, ctx->Ksess, keylen); if (IS_ERR(p)) diff --git a/net/sunrpc/auth_gss/gss_krb5_test.c b/net/sunrpc/auth_gss/gss_krb5_test.c deleted file mode 100644 index dde1ee934d0d..000000000000 --- a/net/sunrpc/auth_gss/gss_krb5_test.c +++ /dev/null @@ -1,1868 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -/* - * Copyright (c) 2022 Oracle and/or its affiliates. - * - * KUnit test of SunRPC's GSS Kerberos mechanism. Subsystem - * name is "rpcsec_gss_krb5". - */ - -#include -#include - -#include -#include - -#include -#include - -#include "gss_krb5_internal.h" - -MODULE_IMPORT_NS("EXPORTED_FOR_KUNIT_TESTING"); - -struct gss_krb5_test_param { - const char *desc; - u32 enctype; - u32 nfold; - u32 constant; - const struct xdr_netobj *base_key; - const struct xdr_netobj *Ke; - const struct xdr_netobj *usage; - const struct xdr_netobj *plaintext; - const struct xdr_netobj *confounder; - const struct xdr_netobj *expected_result; - const struct xdr_netobj *expected_hmac; - const struct xdr_netobj *next_iv; -}; - -static inline void gss_krb5_get_desc(const struct gss_krb5_test_param *param, - char *desc) -{ - strscpy(desc, param->desc, KUNIT_PARAM_DESC_SIZE); -} - -static void kdf_case(struct kunit *test) -{ - const struct gss_krb5_test_param *param = test->param_value; - const struct gss_krb5_enctype *gk5e; - struct xdr_netobj derivedkey; - int err; - - /* Arrange */ - gk5e = gss_krb5_lookup_enctype(param->enctype); - if (!gk5e) - kunit_skip(test, "Encryption type is not available"); - - derivedkey.data = kunit_kzalloc(test, param->expected_result->len, - GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, derivedkey.data); - derivedkey.len = param->expected_result->len; - - /* Act */ - err = gk5e->derive_key(gk5e, param->base_key, &derivedkey, - param->usage, GFP_KERNEL); - KUNIT_ASSERT_EQ(test, err, 0); - - /* Assert */ - KUNIT_EXPECT_MEMEQ_MSG(test, - param->expected_result->data, - derivedkey.data, - derivedkey.len, - "key mismatch"); -} - -static void checksum_case(struct kunit *test) -{ - const struct gss_krb5_test_param *param = test->param_value; - struct xdr_buf buf = { - .head[0].iov_len = param->plaintext->len, - .len = param->plaintext->len, - }; - const struct gss_krb5_enctype *gk5e; - struct xdr_netobj Kc, checksum; - struct crypto_ahash *tfm; - int err; - - /* Arrange */ - gk5e = gss_krb5_lookup_enctype(param->enctype); - if (!gk5e) - kunit_skip(test, "Encryption type is not available"); - - Kc.len = gk5e->Kc_length; - Kc.data = kunit_kzalloc(test, Kc.len, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Kc.data); - err = gk5e->derive_key(gk5e, param->base_key, &Kc, - param->usage, GFP_KERNEL); - KUNIT_ASSERT_EQ(test, err, 0); - - tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, tfm); - err = crypto_ahash_setkey(tfm, Kc.data, Kc.len); - KUNIT_ASSERT_EQ(test, err, 0); - - buf.head[0].iov_base = kunit_kzalloc(test, buf.head[0].iov_len, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, buf.head[0].iov_base); - memcpy(buf.head[0].iov_base, param->plaintext->data, buf.head[0].iov_len); - - checksum.len = gk5e->cksumlength; - checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); - - /* Act */ - err = gss_krb5_checksum(tfm, NULL, 0, &buf, 0, &checksum); - KUNIT_ASSERT_EQ(test, err, 0); - - /* Assert */ - KUNIT_EXPECT_MEMEQ_MSG(test, - param->expected_result->data, - checksum.data, - checksum.len, - "checksum mismatch"); - - crypto_free_ahash(tfm); -} - -#define DEFINE_HEX_XDR_NETOBJ(name, hex_array...) \ - static const u8 name ## _data[] = { hex_array }; \ - static const struct xdr_netobj name = { \ - .data = (u8 *)name##_data, \ - .len = sizeof(name##_data), \ - } - -#define DEFINE_STR_XDR_NETOBJ(name, string) \ - static const u8 name ## _str[] = string; \ - static const struct xdr_netobj name = { \ - .data = (u8 *)name##_str, \ - .len = sizeof(name##_str) - 1, \ - } - -/* - * RFC 3961 Appendix A.1. n-fold - * - * The n-fold function is defined in section 5.1 of RFC 3961. - * - * This test material is copyright (C) The Internet Society (2005). - */ - -DEFINE_HEX_XDR_NETOBJ(nfold_test1_plaintext, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35 -); -DEFINE_HEX_XDR_NETOBJ(nfold_test1_expected_result, - 0xbe, 0x07, 0x26, 0x31, 0x27, 0x6b, 0x19, 0x55 -); - -DEFINE_HEX_XDR_NETOBJ(nfold_test2_plaintext, - 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 -); -DEFINE_HEX_XDR_NETOBJ(nfold_test2_expected_result, - 0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa -); - -DEFINE_HEX_XDR_NETOBJ(nfold_test3_plaintext, - 0x52, 0x6f, 0x75, 0x67, 0x68, 0x20, 0x43, 0x6f, - 0x6e, 0x73, 0x65, 0x6e, 0x73, 0x75, 0x73, 0x2c, - 0x20, 0x61, 0x6e, 0x64, 0x20, 0x52, 0x75, 0x6e, - 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x43, 0x6f, 0x64, - 0x65 -); -DEFINE_HEX_XDR_NETOBJ(nfold_test3_expected_result, - 0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0 -); - -DEFINE_HEX_XDR_NETOBJ(nfold_test4_plaintext, - 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 -); -DEFINE_HEX_XDR_NETOBJ(nfold_test4_expected_result, - 0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3, - 0xc3, 0x7b, 0x3f, 0x6d, 0x20, 0x00, 0x24, 0x7c, - 0xb6, 0xe6, 0xbd, 0x5b, 0x3e -); - -DEFINE_HEX_XDR_NETOBJ(nfold_test5_plaintext, - 0x4d, 0x41, 0x53, 0x53, 0x41, 0x43, 0x48, 0x56, - 0x53, 0x45, 0x54, 0x54, 0x53, 0x20, 0x49, 0x4e, - 0x53, 0x54, 0x49, 0x54, 0x56, 0x54, 0x45, 0x20, - 0x4f, 0x46, 0x20, 0x54, 0x45, 0x43, 0x48, 0x4e, - 0x4f, 0x4c, 0x4f, 0x47, 0x59 -); -DEFINE_HEX_XDR_NETOBJ(nfold_test5_expected_result, - 0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, - 0x32, 0x82, 0xb3, 0x08, 0xa5, 0x08, 0x41, 0x22, - 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b -); - -DEFINE_HEX_XDR_NETOBJ(nfold_test6_plaintext, - 0x51 -); -DEFINE_HEX_XDR_NETOBJ(nfold_test6_expected_result, - 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a, - 0x51, 0x8a, 0x54, 0xa2, 0x15, 0xa8, 0x45, 0x2a, - 0x51, 0x8a, 0x54, 0xa2, 0x15 -); - -DEFINE_HEX_XDR_NETOBJ(nfold_test7_plaintext, - 0x62, 0x61 -); -DEFINE_HEX_XDR_NETOBJ(nfold_test7_expected_result, - 0xfb, 0x25, 0xd5, 0x31, 0xae, 0x89, 0x74, 0x49, - 0x9f, 0x52, 0xfd, 0x92, 0xea, 0x98, 0x57, 0xc4, - 0xba, 0x24, 0xcf, 0x29, 0x7e -); - -DEFINE_HEX_XDR_NETOBJ(nfold_test_kerberos, - 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 -); -DEFINE_HEX_XDR_NETOBJ(nfold_test8_expected_result, - 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73 -); -DEFINE_HEX_XDR_NETOBJ(nfold_test9_expected_result, - 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, - 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93 -); -DEFINE_HEX_XDR_NETOBJ(nfold_test10_expected_result, - 0x83, 0x72, 0xc2, 0x36, 0x34, 0x4e, 0x5f, 0x15, - 0x50, 0xcd, 0x07, 0x47, 0xe1, 0x5d, 0x62, 0xca, - 0x7a, 0x5a, 0x3b, 0xce, 0xa4 -); -DEFINE_HEX_XDR_NETOBJ(nfold_test11_expected_result, - 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, - 0x7b, 0x9b, 0x5b, 0x2b, 0x93, 0x13, 0x2b, 0x93, - 0x5c, 0x9b, 0xdc, 0xda, 0xd9, 0x5c, 0x98, 0x99, - 0xc4, 0xca, 0xe4, 0xde, 0xe6, 0xd6, 0xca, 0xe4 -); - -static const struct gss_krb5_test_param rfc3961_nfold_test_params[] = { - { - .desc = "64-fold(\"012345\")", - .nfold = 64, - .plaintext = &nfold_test1_plaintext, - .expected_result = &nfold_test1_expected_result, - }, - { - .desc = "56-fold(\"password\")", - .nfold = 56, - .plaintext = &nfold_test2_plaintext, - .expected_result = &nfold_test2_expected_result, - }, - { - .desc = "64-fold(\"Rough Consensus, and Running Code\")", - .nfold = 64, - .plaintext = &nfold_test3_plaintext, - .expected_result = &nfold_test3_expected_result, - }, - { - .desc = "168-fold(\"password\")", - .nfold = 168, - .plaintext = &nfold_test4_plaintext, - .expected_result = &nfold_test4_expected_result, - }, - { - .desc = "192-fold(\"MASSACHVSETTS INSTITVTE OF TECHNOLOGY\")", - .nfold = 192, - .plaintext = &nfold_test5_plaintext, - .expected_result = &nfold_test5_expected_result, - }, - { - .desc = "168-fold(\"Q\")", - .nfold = 168, - .plaintext = &nfold_test6_plaintext, - .expected_result = &nfold_test6_expected_result, - }, - { - .desc = "168-fold(\"ba\")", - .nfold = 168, - .plaintext = &nfold_test7_plaintext, - .expected_result = &nfold_test7_expected_result, - }, - { - .desc = "64-fold(\"kerberos\")", - .nfold = 64, - .plaintext = &nfold_test_kerberos, - .expected_result = &nfold_test8_expected_result, - }, - { - .desc = "128-fold(\"kerberos\")", - .nfold = 128, - .plaintext = &nfold_test_kerberos, - .expected_result = &nfold_test9_expected_result, - }, - { - .desc = "168-fold(\"kerberos\")", - .nfold = 168, - .plaintext = &nfold_test_kerberos, - .expected_result = &nfold_test10_expected_result, - }, - { - .desc = "256-fold(\"kerberos\")", - .nfold = 256, - .plaintext = &nfold_test_kerberos, - .expected_result = &nfold_test11_expected_result, - }, -}; - -/* Creates the function rfc3961_nfold_gen_params */ -KUNIT_ARRAY_PARAM(rfc3961_nfold, rfc3961_nfold_test_params, gss_krb5_get_desc); - -static void rfc3961_nfold_case(struct kunit *test) -{ - const struct gss_krb5_test_param *param = test->param_value; - u8 *result; - - /* Arrange */ - result = kunit_kzalloc(test, 4096, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, result); - - /* Act */ - krb5_nfold(param->plaintext->len * 8, param->plaintext->data, - param->expected_result->len * 8, result); - - /* Assert */ - KUNIT_EXPECT_MEMEQ_MSG(test, - param->expected_result->data, - result, - param->expected_result->len, - "result mismatch"); -} - -static struct kunit_case rfc3961_test_cases[] = { - { - .name = "RFC 3961 n-fold", - .run_case = rfc3961_nfold_case, - .generate_params = rfc3961_nfold_gen_params, - }, - {} -}; - -static struct kunit_suite rfc3961_suite = { - .name = "RFC 3961 tests", - .test_cases = rfc3961_test_cases, -}; - -/* - * From RFC 3962 Appendix B: Sample Test Vectors - * - * Some test vectors for CBC with ciphertext stealing, using an - * initial vector of all-zero. - * - * This test material is copyright (C) The Internet Society (2005). - */ - -DEFINE_HEX_XDR_NETOBJ(rfc3962_encryption_key, - 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20, - 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 -); - -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_plaintext, - 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, - 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, - 0x20 -); -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_expected_result, - 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, - 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, - 0x97 -); -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test1_next_iv, - 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4, - 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f -); - -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_plaintext, - 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, - 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, - 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, - 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20 -); -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_expected_result, - 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, - 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22, - 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, - 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5 -); -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test2_next_iv, - 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1, - 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22 -); - -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_plaintext, - 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, - 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, - 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, - 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43 -); -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_expected_result, - 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, - 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, - 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, - 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 -); -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test3_next_iv, - 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, - 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 -); - -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_plaintext, - 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, - 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, - 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, - 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, - 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, - 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c -); -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_expected_result, - 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, - 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, - 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, - 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e, - 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, - 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5 -); -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test4_next_iv, - 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c, - 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e -); - -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_plaintext, - 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, - 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, - 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, - 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, - 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, - 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20 -); -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_expected_result, - 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, - 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, - 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, - 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8, - 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, - 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8 -); -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test5_next_iv, - 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, - 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 -); - -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_plaintext, - 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, - 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, - 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, - 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43, - 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20, - 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20, - 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74, - 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e -); -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_expected_result, - 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0, - 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84, - 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5, - 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8, - 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, - 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40, - 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0, - 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8 -); -DEFINE_HEX_XDR_NETOBJ(rfc3962_enc_test6_next_iv, - 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5, - 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40 -); - -static const struct gss_krb5_test_param rfc3962_encrypt_test_params[] = { - { - .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 1", - .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, - .Ke = &rfc3962_encryption_key, - .plaintext = &rfc3962_enc_test1_plaintext, - .expected_result = &rfc3962_enc_test1_expected_result, - .next_iv = &rfc3962_enc_test1_next_iv, - }, - { - .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 2", - .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, - .Ke = &rfc3962_encryption_key, - .plaintext = &rfc3962_enc_test2_plaintext, - .expected_result = &rfc3962_enc_test2_expected_result, - .next_iv = &rfc3962_enc_test2_next_iv, - }, - { - .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 3", - .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, - .Ke = &rfc3962_encryption_key, - .plaintext = &rfc3962_enc_test3_plaintext, - .expected_result = &rfc3962_enc_test3_expected_result, - .next_iv = &rfc3962_enc_test3_next_iv, - }, - { - .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 4", - .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, - .Ke = &rfc3962_encryption_key, - .plaintext = &rfc3962_enc_test4_plaintext, - .expected_result = &rfc3962_enc_test4_expected_result, - .next_iv = &rfc3962_enc_test4_next_iv, - }, - { - .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 5", - .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, - .Ke = &rfc3962_encryption_key, - .plaintext = &rfc3962_enc_test5_plaintext, - .expected_result = &rfc3962_enc_test5_expected_result, - .next_iv = &rfc3962_enc_test5_next_iv, - }, - { - .desc = "Encrypt with aes128-cts-hmac-sha1-96 case 6", - .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, - .Ke = &rfc3962_encryption_key, - .plaintext = &rfc3962_enc_test6_plaintext, - .expected_result = &rfc3962_enc_test6_expected_result, - .next_iv = &rfc3962_enc_test6_next_iv, - }, -}; - -/* Creates the function rfc3962_encrypt_gen_params */ -KUNIT_ARRAY_PARAM(rfc3962_encrypt, rfc3962_encrypt_test_params, - gss_krb5_get_desc); - -/* - * This tests the implementation of the encryption part of the mechanism. - * It does not apply a confounder or test the result of HMAC over the - * plaintext. - */ -static void rfc3962_encrypt_case(struct kunit *test) -{ - const struct gss_krb5_test_param *param = test->param_value; - struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; - const struct gss_krb5_enctype *gk5e; - struct xdr_buf buf; - void *iv, *text; - u32 err; - - /* Arrange */ - gk5e = gss_krb5_lookup_enctype(param->enctype); - if (!gk5e) - kunit_skip(test, "Encryption type is not available"); - - cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); - err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len); - KUNIT_ASSERT_EQ(test, err, 0); - - cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); - err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len); - KUNIT_ASSERT_EQ(test, err, 0); - - iv = kunit_kzalloc(test, crypto_sync_skcipher_ivsize(cts_tfm), GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, iv); - - text = kunit_kzalloc(test, param->plaintext->len, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); - - memcpy(text, param->plaintext->data, param->plaintext->len); - memset(&buf, 0, sizeof(buf)); - buf.head[0].iov_base = text; - buf.head[0].iov_len = param->plaintext->len; - buf.len = buf.head[0].iov_len; - - /* Act */ - err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, - iv, crypto_sync_skcipher_ivsize(cts_tfm)); - KUNIT_ASSERT_EQ(test, err, 0); - - /* Assert */ - KUNIT_EXPECT_EQ_MSG(test, - param->expected_result->len, buf.len, - "ciphertext length mismatch"); - KUNIT_EXPECT_MEMEQ_MSG(test, - param->expected_result->data, - text, - param->expected_result->len, - "ciphertext mismatch"); - KUNIT_EXPECT_MEMEQ_MSG(test, - param->next_iv->data, - iv, - param->next_iv->len, - "IV mismatch"); - - crypto_free_sync_skcipher(cts_tfm); - crypto_free_sync_skcipher(cbc_tfm); -} - -static struct kunit_case rfc3962_test_cases[] = { - { - .name = "RFC 3962 encryption", - .run_case = rfc3962_encrypt_case, - .generate_params = rfc3962_encrypt_gen_params, - }, - {} -}; - -static struct kunit_suite rfc3962_suite = { - .name = "RFC 3962 suite", - .test_cases = rfc3962_test_cases, -}; - -/* - * From RFC 6803 Section 10. Test vectors - * - * Sample results for key derivation - * - * Copyright (c) 2012 IETF Trust and the persons identified as the - * document authors. All rights reserved. - */ - -DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_basekey, - 0x57, 0xd0, 0x29, 0x72, 0x98, 0xff, 0xd9, 0xd3, - 0x5d, 0xe5, 0xa4, 0x7f, 0xb4, 0xbd, 0xe2, 0x4b -); -DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Kc, - 0xd1, 0x55, 0x77, 0x5a, 0x20, 0x9d, 0x05, 0xf0, - 0x2b, 0x38, 0xd4, 0x2a, 0x38, 0x9e, 0x5a, 0x56 -); -DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ke, - 0x64, 0xdf, 0x83, 0xf8, 0x5a, 0x53, 0x2f, 0x17, - 0x57, 0x7d, 0x8c, 0x37, 0x03, 0x57, 0x96, 0xab -); -DEFINE_HEX_XDR_NETOBJ(camellia128_cts_cmac_Ki, - 0x3e, 0x4f, 0xbd, 0xf3, 0x0f, 0xb8, 0x25, 0x9c, - 0x42, 0x5c, 0xb6, 0xc9, 0x6f, 0x1f, 0x46, 0x35 -); - -DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_basekey, - 0xb9, 0xd6, 0x82, 0x8b, 0x20, 0x56, 0xb7, 0xbe, - 0x65, 0x6d, 0x88, 0xa1, 0x23, 0xb1, 0xfa, 0xc6, - 0x82, 0x14, 0xac, 0x2b, 0x72, 0x7e, 0xcf, 0x5f, - 0x69, 0xaf, 0xe0, 0xc4, 0xdf, 0x2a, 0x6d, 0x2c -); -DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Kc, - 0xe4, 0x67, 0xf9, 0xa9, 0x55, 0x2b, 0xc7, 0xd3, - 0x15, 0x5a, 0x62, 0x20, 0xaf, 0x9c, 0x19, 0x22, - 0x0e, 0xee, 0xd4, 0xff, 0x78, 0xb0, 0xd1, 0xe6, - 0xa1, 0x54, 0x49, 0x91, 0x46, 0x1a, 0x9e, 0x50 -); -DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ke, - 0x41, 0x2a, 0xef, 0xc3, 0x62, 0xa7, 0x28, 0x5f, - 0xc3, 0x96, 0x6c, 0x6a, 0x51, 0x81, 0xe7, 0x60, - 0x5a, 0xe6, 0x75, 0x23, 0x5b, 0x6d, 0x54, 0x9f, - 0xbf, 0xc9, 0xab, 0x66, 0x30, 0xa4, 0xc6, 0x04 -); -DEFINE_HEX_XDR_NETOBJ(camellia256_cts_cmac_Ki, - 0xfa, 0x62, 0x4f, 0xa0, 0xe5, 0x23, 0x99, 0x3f, - 0xa3, 0x88, 0xae, 0xfd, 0xc6, 0x7e, 0x67, 0xeb, - 0xcd, 0x8c, 0x08, 0xe8, 0xa0, 0x24, 0x6b, 0x1d, - 0x73, 0xb0, 0xd1, 0xdd, 0x9f, 0xc5, 0x82, 0xb0 -); - -DEFINE_HEX_XDR_NETOBJ(usage_checksum, - 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_CHECKSUM -); -DEFINE_HEX_XDR_NETOBJ(usage_encryption, - 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_ENCRYPTION -); -DEFINE_HEX_XDR_NETOBJ(usage_integrity, - 0x00, 0x00, 0x00, 0x02, KEY_USAGE_SEED_INTEGRITY -); - -static const struct gss_krb5_test_param rfc6803_kdf_test_params[] = { - { - .desc = "Derive Kc subkey for camellia128-cts-cmac", - .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, - .base_key = &camellia128_cts_cmac_basekey, - .usage = &usage_checksum, - .expected_result = &camellia128_cts_cmac_Kc, - }, - { - .desc = "Derive Ke subkey for camellia128-cts-cmac", - .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, - .base_key = &camellia128_cts_cmac_basekey, - .usage = &usage_encryption, - .expected_result = &camellia128_cts_cmac_Ke, - }, - { - .desc = "Derive Ki subkey for camellia128-cts-cmac", - .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, - .base_key = &camellia128_cts_cmac_basekey, - .usage = &usage_integrity, - .expected_result = &camellia128_cts_cmac_Ki, - }, - { - .desc = "Derive Kc subkey for camellia256-cts-cmac", - .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, - .base_key = &camellia256_cts_cmac_basekey, - .usage = &usage_checksum, - .expected_result = &camellia256_cts_cmac_Kc, - }, - { - .desc = "Derive Ke subkey for camellia256-cts-cmac", - .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, - .base_key = &camellia256_cts_cmac_basekey, - .usage = &usage_encryption, - .expected_result = &camellia256_cts_cmac_Ke, - }, - { - .desc = "Derive Ki subkey for camellia256-cts-cmac", - .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, - .base_key = &camellia256_cts_cmac_basekey, - .usage = &usage_integrity, - .expected_result = &camellia256_cts_cmac_Ki, - }, -}; - -/* Creates the function rfc6803_kdf_gen_params */ -KUNIT_ARRAY_PARAM(rfc6803_kdf, rfc6803_kdf_test_params, gss_krb5_get_desc); - -/* - * From RFC 6803 Section 10. Test vectors - * - * Sample checksums. - * - * Copyright (c) 2012 IETF Trust and the persons identified as the - * document authors. All rights reserved. - * - * XXX: These tests are likely to fail on EBCDIC or Unicode platforms. - */ -DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test1_plaintext, - "abcdefghijk"); -DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_basekey, - 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93, - 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_usage, - 0x00, 0x00, 0x00, 0x07, KEY_USAGE_SEED_CHECKSUM -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test1_expected_result, - 0x11, 0x78, 0xe6, 0xc5, 0xc4, 0x7a, 0x8c, 0x1a, - 0xe0, 0xc4, 0xb9, 0xc7, 0xd4, 0xeb, 0x7b, 0x6b -); - -DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test2_plaintext, - "ABCDEFGHIJKLMNOPQRSTUVWXYZ"); -DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_basekey, - 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d, - 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_usage, - 0x00, 0x00, 0x00, 0x08, KEY_USAGE_SEED_CHECKSUM -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test2_expected_result, - 0xd1, 0xb3, 0x4f, 0x70, 0x04, 0xa7, 0x31, 0xf2, - 0x3a, 0x0c, 0x00, 0xbf, 0x6c, 0x3f, 0x75, 0x3a -); - -DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test3_plaintext, - "123456789"); -DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_basekey, - 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57, - 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03, - 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd, - 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_usage, - 0x00, 0x00, 0x00, 0x09, KEY_USAGE_SEED_CHECKSUM -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test3_expected_result, - 0x87, 0xa1, 0x2c, 0xfd, 0x2b, 0x96, 0x21, 0x48, - 0x10, 0xf0, 0x1c, 0x82, 0x6e, 0x77, 0x44, 0xb1 -); - -DEFINE_STR_XDR_NETOBJ(rfc6803_checksum_test4_plaintext, - "!@#$%^&*()!@#$%^&*()!@#$%^&*()"); -DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_basekey, - 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15, - 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe, - 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33, - 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_usage, - 0x00, 0x00, 0x00, 0x0a, KEY_USAGE_SEED_CHECKSUM -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_checksum_test4_expected_result, - 0x3f, 0xa0, 0xb4, 0x23, 0x55, 0xe5, 0x2b, 0x18, - 0x91, 0x87, 0x29, 0x4a, 0xa2, 0x52, 0xab, 0x64 -); - -static const struct gss_krb5_test_param rfc6803_checksum_test_params[] = { - { - .desc = "camellia128-cts-cmac checksum test 1", - .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, - .base_key = &rfc6803_checksum_test1_basekey, - .usage = &rfc6803_checksum_test1_usage, - .plaintext = &rfc6803_checksum_test1_plaintext, - .expected_result = &rfc6803_checksum_test1_expected_result, - }, - { - .desc = "camellia128-cts-cmac checksum test 2", - .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, - .base_key = &rfc6803_checksum_test2_basekey, - .usage = &rfc6803_checksum_test2_usage, - .plaintext = &rfc6803_checksum_test2_plaintext, - .expected_result = &rfc6803_checksum_test2_expected_result, - }, - { - .desc = "camellia256-cts-cmac checksum test 3", - .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, - .base_key = &rfc6803_checksum_test3_basekey, - .usage = &rfc6803_checksum_test3_usage, - .plaintext = &rfc6803_checksum_test3_plaintext, - .expected_result = &rfc6803_checksum_test3_expected_result, - }, - { - .desc = "camellia256-cts-cmac checksum test 4", - .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, - .base_key = &rfc6803_checksum_test4_basekey, - .usage = &rfc6803_checksum_test4_usage, - .plaintext = &rfc6803_checksum_test4_plaintext, - .expected_result = &rfc6803_checksum_test4_expected_result, - }, -}; - -/* Creates the function rfc6803_checksum_gen_params */ -KUNIT_ARRAY_PARAM(rfc6803_checksum, rfc6803_checksum_test_params, - gss_krb5_get_desc); - -/* - * From RFC 6803 Section 10. Test vectors - * - * Sample encryptions (all using the default cipher state) - * - * Copyright (c) 2012 IETF Trust and the persons identified as the - * document authors. All rights reserved. - * - * Key usage values are from errata 4326 against RFC 6803. - */ - -static const struct xdr_netobj rfc6803_enc_empty_plaintext = { - .len = 0, -}; - -DEFINE_STR_XDR_NETOBJ(rfc6803_enc_1byte_plaintext, "1"); -DEFINE_STR_XDR_NETOBJ(rfc6803_enc_9byte_plaintext, "9 bytesss"); -DEFINE_STR_XDR_NETOBJ(rfc6803_enc_13byte_plaintext, "13 bytes byte"); -DEFINE_STR_XDR_NETOBJ(rfc6803_enc_30byte_plaintext, - "30 bytes bytes bytes bytes byt" -); - -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_confounder, - 0xb6, 0x98, 0x22, 0xa1, 0x9a, 0x6b, 0x09, 0xc0, - 0xeb, 0xc8, 0x55, 0x7d, 0x1f, 0x1b, 0x6c, 0x0a -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_basekey, - 0x1d, 0xc4, 0x6a, 0x8d, 0x76, 0x3f, 0x4f, 0x93, - 0x74, 0x2b, 0xcb, 0xa3, 0x38, 0x75, 0x76, 0xc3 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test1_expected_result, - 0xc4, 0x66, 0xf1, 0x87, 0x10, 0x69, 0x92, 0x1e, - 0xdb, 0x7c, 0x6f, 0xde, 0x24, 0x4a, 0x52, 0xdb, - 0x0b, 0xa1, 0x0e, 0xdc, 0x19, 0x7b, 0xdb, 0x80, - 0x06, 0x65, 0x8c, 0xa3, 0xcc, 0xce, 0x6e, 0xb8 -); - -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_confounder, - 0x6f, 0x2f, 0xc3, 0xc2, 0xa1, 0x66, 0xfd, 0x88, - 0x98, 0x96, 0x7a, 0x83, 0xde, 0x95, 0x96, 0xd9 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_basekey, - 0x50, 0x27, 0xbc, 0x23, 0x1d, 0x0f, 0x3a, 0x9d, - 0x23, 0x33, 0x3f, 0x1c, 0xa6, 0xfd, 0xbe, 0x7c -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test2_expected_result, - 0x84, 0x2d, 0x21, 0xfd, 0x95, 0x03, 0x11, 0xc0, - 0xdd, 0x46, 0x4a, 0x3f, 0x4b, 0xe8, 0xd6, 0xda, - 0x88, 0xa5, 0x6d, 0x55, 0x9c, 0x9b, 0x47, 0xd3, - 0xf9, 0xa8, 0x50, 0x67, 0xaf, 0x66, 0x15, 0x59, - 0xb8 -); - -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_confounder, - 0xa5, 0xb4, 0xa7, 0x1e, 0x07, 0x7a, 0xee, 0xf9, - 0x3c, 0x87, 0x63, 0xc1, 0x8f, 0xdb, 0x1f, 0x10 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_basekey, - 0xa1, 0xbb, 0x61, 0xe8, 0x05, 0xf9, 0xba, 0x6d, - 0xde, 0x8f, 0xdb, 0xdd, 0xc0, 0x5c, 0xde, 0xa0 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test3_expected_result, - 0x61, 0x9f, 0xf0, 0x72, 0xe3, 0x62, 0x86, 0xff, - 0x0a, 0x28, 0xde, 0xb3, 0xa3, 0x52, 0xec, 0x0d, - 0x0e, 0xdf, 0x5c, 0x51, 0x60, 0xd6, 0x63, 0xc9, - 0x01, 0x75, 0x8c, 0xcf, 0x9d, 0x1e, 0xd3, 0x3d, - 0x71, 0xdb, 0x8f, 0x23, 0xaa, 0xbf, 0x83, 0x48, - 0xa0 -); - -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_confounder, - 0x19, 0xfe, 0xe4, 0x0d, 0x81, 0x0c, 0x52, 0x4b, - 0x5b, 0x22, 0xf0, 0x18, 0x74, 0xc6, 0x93, 0xda -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_basekey, - 0x2c, 0xa2, 0x7a, 0x5f, 0xaf, 0x55, 0x32, 0x24, - 0x45, 0x06, 0x43, 0x4e, 0x1c, 0xef, 0x66, 0x76 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test4_expected_result, - 0xb8, 0xec, 0xa3, 0x16, 0x7a, 0xe6, 0x31, 0x55, - 0x12, 0xe5, 0x9f, 0x98, 0xa7, 0xc5, 0x00, 0x20, - 0x5e, 0x5f, 0x63, 0xff, 0x3b, 0xb3, 0x89, 0xaf, - 0x1c, 0x41, 0xa2, 0x1d, 0x64, 0x0d, 0x86, 0x15, - 0xc9, 0xed, 0x3f, 0xbe, 0xb0, 0x5a, 0xb6, 0xac, - 0xb6, 0x76, 0x89, 0xb5, 0xea -); - -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_confounder, - 0xca, 0x7a, 0x7a, 0xb4, 0xbe, 0x19, 0x2d, 0xab, - 0xd6, 0x03, 0x50, 0x6d, 0xb1, 0x9c, 0x39, 0xe2 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_basekey, - 0x78, 0x24, 0xf8, 0xc1, 0x6f, 0x83, 0xff, 0x35, - 0x4c, 0x6b, 0xf7, 0x51, 0x5b, 0x97, 0x3f, 0x43 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test5_expected_result, - 0xa2, 0x6a, 0x39, 0x05, 0xa4, 0xff, 0xd5, 0x81, - 0x6b, 0x7b, 0x1e, 0x27, 0x38, 0x0d, 0x08, 0x09, - 0x0c, 0x8e, 0xc1, 0xf3, 0x04, 0x49, 0x6e, 0x1a, - 0xbd, 0xcd, 0x2b, 0xdc, 0xd1, 0xdf, 0xfc, 0x66, - 0x09, 0x89, 0xe1, 0x17, 0xa7, 0x13, 0xdd, 0xbb, - 0x57, 0xa4, 0x14, 0x6c, 0x15, 0x87, 0xcb, 0xa4, - 0x35, 0x66, 0x65, 0x59, 0x1d, 0x22, 0x40, 0x28, - 0x2f, 0x58, 0x42, 0xb1, 0x05, 0xa5 -); - -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_confounder, - 0x3c, 0xbb, 0xd2, 0xb4, 0x59, 0x17, 0x94, 0x10, - 0x67, 0xf9, 0x65, 0x99, 0xbb, 0x98, 0x92, 0x6c -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_basekey, - 0xb6, 0x1c, 0x86, 0xcc, 0x4e, 0x5d, 0x27, 0x57, - 0x54, 0x5a, 0xd4, 0x23, 0x39, 0x9f, 0xb7, 0x03, - 0x1e, 0xca, 0xb9, 0x13, 0xcb, 0xb9, 0x00, 0xbd, - 0x7a, 0x3c, 0x6d, 0xd8, 0xbf, 0x92, 0x01, 0x5b -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test6_expected_result, - 0x03, 0x88, 0x6d, 0x03, 0x31, 0x0b, 0x47, 0xa6, - 0xd8, 0xf0, 0x6d, 0x7b, 0x94, 0xd1, 0xdd, 0x83, - 0x7e, 0xcc, 0xe3, 0x15, 0xef, 0x65, 0x2a, 0xff, - 0x62, 0x08, 0x59, 0xd9, 0x4a, 0x25, 0x92, 0x66 -); - -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_confounder, - 0xde, 0xf4, 0x87, 0xfc, 0xeb, 0xe6, 0xde, 0x63, - 0x46, 0xd4, 0xda, 0x45, 0x21, 0xbb, 0xa2, 0xd2 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_basekey, - 0x1b, 0x97, 0xfe, 0x0a, 0x19, 0x0e, 0x20, 0x21, - 0xeb, 0x30, 0x75, 0x3e, 0x1b, 0x6e, 0x1e, 0x77, - 0xb0, 0x75, 0x4b, 0x1d, 0x68, 0x46, 0x10, 0x35, - 0x58, 0x64, 0x10, 0x49, 0x63, 0x46, 0x38, 0x33 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test7_expected_result, - 0x2c, 0x9c, 0x15, 0x70, 0x13, 0x3c, 0x99, 0xbf, - 0x6a, 0x34, 0xbc, 0x1b, 0x02, 0x12, 0x00, 0x2f, - 0xd1, 0x94, 0x33, 0x87, 0x49, 0xdb, 0x41, 0x35, - 0x49, 0x7a, 0x34, 0x7c, 0xfc, 0xd9, 0xd1, 0x8a, - 0x12 -); - -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_confounder, - 0xad, 0x4f, 0xf9, 0x04, 0xd3, 0x4e, 0x55, 0x53, - 0x84, 0xb1, 0x41, 0x00, 0xfc, 0x46, 0x5f, 0x88 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_basekey, - 0x32, 0x16, 0x4c, 0x5b, 0x43, 0x4d, 0x1d, 0x15, - 0x38, 0xe4, 0xcf, 0xd9, 0xbe, 0x80, 0x40, 0xfe, - 0x8c, 0x4a, 0xc7, 0xac, 0xc4, 0xb9, 0x3d, 0x33, - 0x14, 0xd2, 0x13, 0x36, 0x68, 0x14, 0x7a, 0x05 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test8_expected_result, - 0x9c, 0x6d, 0xe7, 0x5f, 0x81, 0x2d, 0xe7, 0xed, - 0x0d, 0x28, 0xb2, 0x96, 0x35, 0x57, 0xa1, 0x15, - 0x64, 0x09, 0x98, 0x27, 0x5b, 0x0a, 0xf5, 0x15, - 0x27, 0x09, 0x91, 0x3f, 0xf5, 0x2a, 0x2a, 0x9c, - 0x8e, 0x63, 0xb8, 0x72, 0xf9, 0x2e, 0x64, 0xc8, - 0x39 -); - -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_confounder, - 0xcf, 0x9b, 0xca, 0x6d, 0xf1, 0x14, 0x4e, 0x0c, - 0x0a, 0xf9, 0xb8, 0xf3, 0x4c, 0x90, 0xd5, 0x14 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_basekey, - 0xb0, 0x38, 0xb1, 0x32, 0xcd, 0x8e, 0x06, 0x61, - 0x22, 0x67, 0xfa, 0xb7, 0x17, 0x00, 0x66, 0xd8, - 0x8a, 0xec, 0xcb, 0xa0, 0xb7, 0x44, 0xbf, 0xc6, - 0x0d, 0xc8, 0x9b, 0xca, 0x18, 0x2d, 0x07, 0x15 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test9_expected_result, - 0xee, 0xec, 0x85, 0xa9, 0x81, 0x3c, 0xdc, 0x53, - 0x67, 0x72, 0xab, 0x9b, 0x42, 0xde, 0xfc, 0x57, - 0x06, 0xf7, 0x26, 0xe9, 0x75, 0xdd, 0xe0, 0x5a, - 0x87, 0xeb, 0x54, 0x06, 0xea, 0x32, 0x4c, 0xa1, - 0x85, 0xc9, 0x98, 0x6b, 0x42, 0xaa, 0xbe, 0x79, - 0x4b, 0x84, 0x82, 0x1b, 0xee -); - -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_confounder, - 0x64, 0x4d, 0xef, 0x38, 0xda, 0x35, 0x00, 0x72, - 0x75, 0x87, 0x8d, 0x21, 0x68, 0x55, 0xe2, 0x28 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_basekey, - 0xcc, 0xfc, 0xd3, 0x49, 0xbf, 0x4c, 0x66, 0x77, - 0xe8, 0x6e, 0x4b, 0x02, 0xb8, 0xea, 0xb9, 0x24, - 0xa5, 0x46, 0xac, 0x73, 0x1c, 0xf9, 0xbf, 0x69, - 0x89, 0xb9, 0x96, 0xe7, 0xd6, 0xbf, 0xbb, 0xa7 -); -DEFINE_HEX_XDR_NETOBJ(rfc6803_enc_test10_expected_result, - 0x0e, 0x44, 0x68, 0x09, 0x85, 0x85, 0x5f, 0x2d, - 0x1f, 0x18, 0x12, 0x52, 0x9c, 0xa8, 0x3b, 0xfd, - 0x8e, 0x34, 0x9d, 0xe6, 0xfd, 0x9a, 0xda, 0x0b, - 0xaa, 0xa0, 0x48, 0xd6, 0x8e, 0x26, 0x5f, 0xeb, - 0xf3, 0x4a, 0xd1, 0x25, 0x5a, 0x34, 0x49, 0x99, - 0xad, 0x37, 0x14, 0x68, 0x87, 0xa6, 0xc6, 0x84, - 0x57, 0x31, 0xac, 0x7f, 0x46, 0x37, 0x6a, 0x05, - 0x04, 0xcd, 0x06, 0x57, 0x14, 0x74 -); - -static const struct gss_krb5_test_param rfc6803_encrypt_test_params[] = { - { - .desc = "Encrypt empty plaintext with camellia128-cts-cmac", - .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, - .constant = 0, - .base_key = &rfc6803_enc_test1_basekey, - .plaintext = &rfc6803_enc_empty_plaintext, - .confounder = &rfc6803_enc_test1_confounder, - .expected_result = &rfc6803_enc_test1_expected_result, - }, - { - .desc = "Encrypt 1 byte with camellia128-cts-cmac", - .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, - .constant = 1, - .base_key = &rfc6803_enc_test2_basekey, - .plaintext = &rfc6803_enc_1byte_plaintext, - .confounder = &rfc6803_enc_test2_confounder, - .expected_result = &rfc6803_enc_test2_expected_result, - }, - { - .desc = "Encrypt 9 bytes with camellia128-cts-cmac", - .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, - .constant = 2, - .base_key = &rfc6803_enc_test3_basekey, - .plaintext = &rfc6803_enc_9byte_plaintext, - .confounder = &rfc6803_enc_test3_confounder, - .expected_result = &rfc6803_enc_test3_expected_result, - }, - { - .desc = "Encrypt 13 bytes with camellia128-cts-cmac", - .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, - .constant = 3, - .base_key = &rfc6803_enc_test4_basekey, - .plaintext = &rfc6803_enc_13byte_plaintext, - .confounder = &rfc6803_enc_test4_confounder, - .expected_result = &rfc6803_enc_test4_expected_result, - }, - { - .desc = "Encrypt 30 bytes with camellia128-cts-cmac", - .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, - .constant = 4, - .base_key = &rfc6803_enc_test5_basekey, - .plaintext = &rfc6803_enc_30byte_plaintext, - .confounder = &rfc6803_enc_test5_confounder, - .expected_result = &rfc6803_enc_test5_expected_result, - }, - { - .desc = "Encrypt empty plaintext with camellia256-cts-cmac", - .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, - .constant = 0, - .base_key = &rfc6803_enc_test6_basekey, - .plaintext = &rfc6803_enc_empty_plaintext, - .confounder = &rfc6803_enc_test6_confounder, - .expected_result = &rfc6803_enc_test6_expected_result, - }, - { - .desc = "Encrypt 1 byte with camellia256-cts-cmac", - .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, - .constant = 1, - .base_key = &rfc6803_enc_test7_basekey, - .plaintext = &rfc6803_enc_1byte_plaintext, - .confounder = &rfc6803_enc_test7_confounder, - .expected_result = &rfc6803_enc_test7_expected_result, - }, - { - .desc = "Encrypt 9 bytes with camellia256-cts-cmac", - .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, - .constant = 2, - .base_key = &rfc6803_enc_test8_basekey, - .plaintext = &rfc6803_enc_9byte_plaintext, - .confounder = &rfc6803_enc_test8_confounder, - .expected_result = &rfc6803_enc_test8_expected_result, - }, - { - .desc = "Encrypt 13 bytes with camellia256-cts-cmac", - .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, - .constant = 3, - .base_key = &rfc6803_enc_test9_basekey, - .plaintext = &rfc6803_enc_13byte_plaintext, - .confounder = &rfc6803_enc_test9_confounder, - .expected_result = &rfc6803_enc_test9_expected_result, - }, - { - .desc = "Encrypt 30 bytes with camellia256-cts-cmac", - .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, - .constant = 4, - .base_key = &rfc6803_enc_test10_basekey, - .plaintext = &rfc6803_enc_30byte_plaintext, - .confounder = &rfc6803_enc_test10_confounder, - .expected_result = &rfc6803_enc_test10_expected_result, - }, -}; - -/* Creates the function rfc6803_encrypt_gen_params */ -KUNIT_ARRAY_PARAM(rfc6803_encrypt, rfc6803_encrypt_test_params, - gss_krb5_get_desc); - -static void rfc6803_encrypt_case(struct kunit *test) -{ - const struct gss_krb5_test_param *param = test->param_value; - struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; - const struct gss_krb5_enctype *gk5e; - struct xdr_netobj Ke, Ki, checksum; - u8 usage_data[GSS_KRB5_K5CLENGTH]; - struct xdr_netobj usage = { - .data = usage_data, - .len = sizeof(usage_data), - }; - struct crypto_ahash *ahash_tfm; - unsigned int blocksize; - struct xdr_buf buf; - void *text; - size_t len; - u32 err; - - /* Arrange */ - gk5e = gss_krb5_lookup_enctype(param->enctype); - if (!gk5e) - kunit_skip(test, "Encryption type is not available"); - - memset(usage_data, 0, sizeof(usage_data)); - usage.data[3] = param->constant; - - Ke.len = gk5e->Ke_length; - Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data); - usage.data[4] = KEY_USAGE_SEED_ENCRYPTION; - err = gk5e->derive_key(gk5e, param->base_key, &Ke, &usage, GFP_KERNEL); - KUNIT_ASSERT_EQ(test, err, 0); - - cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); - err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len); - KUNIT_ASSERT_EQ(test, err, 0); - - cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); - err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len); - KUNIT_ASSERT_EQ(test, err, 0); - blocksize = crypto_sync_skcipher_blocksize(cts_tfm); - - len = param->confounder->len + param->plaintext->len + blocksize; - text = kunit_kzalloc(test, len, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); - memcpy(text, param->confounder->data, param->confounder->len); - memcpy(text + param->confounder->len, param->plaintext->data, - param->plaintext->len); - - memset(&buf, 0, sizeof(buf)); - buf.head[0].iov_base = text; - buf.head[0].iov_len = param->confounder->len + param->plaintext->len; - buf.len = buf.head[0].iov_len; - - checksum.len = gk5e->cksumlength; - checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); - - Ki.len = gk5e->Ki_length; - Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data); - usage.data[4] = KEY_USAGE_SEED_INTEGRITY; - err = gk5e->derive_key(gk5e, param->base_key, &Ki, - &usage, GFP_KERNEL); - KUNIT_ASSERT_EQ(test, err, 0); - ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm); - err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len); - KUNIT_ASSERT_EQ(test, err, 0); - - /* Act */ - err = gss_krb5_checksum(ahash_tfm, NULL, 0, &buf, 0, &checksum); - KUNIT_ASSERT_EQ(test, err, 0); - - err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); - KUNIT_ASSERT_EQ(test, err, 0); - - /* Assert */ - KUNIT_EXPECT_EQ_MSG(test, param->expected_result->len, - buf.len + checksum.len, - "ciphertext length mismatch"); - KUNIT_EXPECT_MEMEQ_MSG(test, - param->expected_result->data, - buf.head[0].iov_base, - buf.len, - "encrypted result mismatch"); - KUNIT_EXPECT_MEMEQ_MSG(test, - param->expected_result->data + - (param->expected_result->len - checksum.len), - checksum.data, - checksum.len, - "HMAC mismatch"); - - crypto_free_ahash(ahash_tfm); - crypto_free_sync_skcipher(cts_tfm); - crypto_free_sync_skcipher(cbc_tfm); -} - -static struct kunit_case rfc6803_test_cases[] = { - { - .name = "RFC 6803 key derivation", - .run_case = kdf_case, - .generate_params = rfc6803_kdf_gen_params, - }, - { - .name = "RFC 6803 checksum", - .run_case = checksum_case, - .generate_params = rfc6803_checksum_gen_params, - }, - { - .name = "RFC 6803 encryption", - .run_case = rfc6803_encrypt_case, - .generate_params = rfc6803_encrypt_gen_params, - }, - {} -}; - -static struct kunit_suite rfc6803_suite = { - .name = "RFC 6803 suite", - .test_cases = rfc6803_test_cases, -}; - -/* - * From RFC 8009 Appendix A. Test Vectors - * - * Sample results for SHA-2 enctype key derivation - * - * This test material is copyright (c) 2016 IETF Trust and the - * persons identified as the document authors. All rights reserved. - */ - -DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_basekey, - 0x37, 0x05, 0xd9, 0x60, 0x80, 0xc1, 0x77, 0x28, - 0xa0, 0xe8, 0x00, 0xea, 0xb6, 0xe0, 0xd2, 0x3c -); -DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Kc, - 0xb3, 0x1a, 0x01, 0x8a, 0x48, 0xf5, 0x47, 0x76, - 0xf4, 0x03, 0xe9, 0xa3, 0x96, 0x32, 0x5d, 0xc3 -); -DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ke, - 0x9b, 0x19, 0x7d, 0xd1, 0xe8, 0xc5, 0x60, 0x9d, - 0x6e, 0x67, 0xc3, 0xe3, 0x7c, 0x62, 0xc7, 0x2e -); -DEFINE_HEX_XDR_NETOBJ(aes128_cts_hmac_sha256_128_Ki, - 0x9f, 0xda, 0x0e, 0x56, 0xab, 0x2d, 0x85, 0xe1, - 0x56, 0x9a, 0x68, 0x86, 0x96, 0xc2, 0x6a, 0x6c -); - -DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_basekey, - 0x6d, 0x40, 0x4d, 0x37, 0xfa, 0xf7, 0x9f, 0x9d, - 0xf0, 0xd3, 0x35, 0x68, 0xd3, 0x20, 0x66, 0x98, - 0x00, 0xeb, 0x48, 0x36, 0x47, 0x2e, 0xa8, 0xa0, - 0x26, 0xd1, 0x6b, 0x71, 0x82, 0x46, 0x0c, 0x52 -); -DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Kc, - 0xef, 0x57, 0x18, 0xbe, 0x86, 0xcc, 0x84, 0x96, - 0x3d, 0x8b, 0xbb, 0x50, 0x31, 0xe9, 0xf5, 0xc4, - 0xba, 0x41, 0xf2, 0x8f, 0xaf, 0x69, 0xe7, 0x3d -); -DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ke, - 0x56, 0xab, 0x22, 0xbe, 0xe6, 0x3d, 0x82, 0xd7, - 0xbc, 0x52, 0x27, 0xf6, 0x77, 0x3f, 0x8e, 0xa7, - 0xa5, 0xeb, 0x1c, 0x82, 0x51, 0x60, 0xc3, 0x83, - 0x12, 0x98, 0x0c, 0x44, 0x2e, 0x5c, 0x7e, 0x49 -); -DEFINE_HEX_XDR_NETOBJ(aes256_cts_hmac_sha384_192_Ki, - 0x69, 0xb1, 0x65, 0x14, 0xe3, 0xcd, 0x8e, 0x56, - 0xb8, 0x20, 0x10, 0xd5, 0xc7, 0x30, 0x12, 0xb6, - 0x22, 0xc4, 0xd0, 0x0f, 0xfc, 0x23, 0xed, 0x1f -); - -static const struct gss_krb5_test_param rfc8009_kdf_test_params[] = { - { - .desc = "Derive Kc subkey for aes128-cts-hmac-sha256-128", - .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, - .base_key = &aes128_cts_hmac_sha256_128_basekey, - .usage = &usage_checksum, - .expected_result = &aes128_cts_hmac_sha256_128_Kc, - }, - { - .desc = "Derive Ke subkey for aes128-cts-hmac-sha256-128", - .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, - .base_key = &aes128_cts_hmac_sha256_128_basekey, - .usage = &usage_encryption, - .expected_result = &aes128_cts_hmac_sha256_128_Ke, - }, - { - .desc = "Derive Ki subkey for aes128-cts-hmac-sha256-128", - .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, - .base_key = &aes128_cts_hmac_sha256_128_basekey, - .usage = &usage_integrity, - .expected_result = &aes128_cts_hmac_sha256_128_Ki, - }, - { - .desc = "Derive Kc subkey for aes256-cts-hmac-sha384-192", - .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, - .base_key = &aes256_cts_hmac_sha384_192_basekey, - .usage = &usage_checksum, - .expected_result = &aes256_cts_hmac_sha384_192_Kc, - }, - { - .desc = "Derive Ke subkey for aes256-cts-hmac-sha384-192", - .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, - .base_key = &aes256_cts_hmac_sha384_192_basekey, - .usage = &usage_encryption, - .expected_result = &aes256_cts_hmac_sha384_192_Ke, - }, - { - .desc = "Derive Ki subkey for aes256-cts-hmac-sha384-192", - .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, - .base_key = &aes256_cts_hmac_sha384_192_basekey, - .usage = &usage_integrity, - .expected_result = &aes256_cts_hmac_sha384_192_Ki, - }, -}; - -/* Creates the function rfc8009_kdf_gen_params */ -KUNIT_ARRAY_PARAM(rfc8009_kdf, rfc8009_kdf_test_params, gss_krb5_get_desc); - -/* - * From RFC 8009 Appendix A. Test Vectors - * - * These sample checksums use the above sample key derivation results, - * including use of the same base-key and key usage values. - * - * This test material is copyright (c) 2016 IETF Trust and the - * persons identified as the document authors. All rights reserved. - */ - -DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_plaintext, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14 -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test1_expected_result, - 0xd7, 0x83, 0x67, 0x18, 0x66, 0x43, 0xd6, 0x7b, - 0x41, 0x1c, 0xba, 0x91, 0x39, 0xfc, 0x1d, 0xee -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_checksum_test2_expected_result, - 0x45, 0xee, 0x79, 0x15, 0x67, 0xee, 0xfc, 0xa3, - 0x7f, 0x4a, 0xc1, 0xe0, 0x22, 0x2d, 0xe8, 0x0d, - 0x43, 0xc3, 0xbf, 0xa0, 0x66, 0x99, 0x67, 0x2a -); - -static const struct gss_krb5_test_param rfc8009_checksum_test_params[] = { - { - .desc = "Checksum with aes128-cts-hmac-sha256-128", - .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, - .base_key = &aes128_cts_hmac_sha256_128_basekey, - .usage = &usage_checksum, - .plaintext = &rfc8009_checksum_plaintext, - .expected_result = &rfc8009_checksum_test1_expected_result, - }, - { - .desc = "Checksum with aes256-cts-hmac-sha384-192", - .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, - .base_key = &aes256_cts_hmac_sha384_192_basekey, - .usage = &usage_checksum, - .plaintext = &rfc8009_checksum_plaintext, - .expected_result = &rfc8009_checksum_test2_expected_result, - }, -}; - -/* Creates the function rfc8009_checksum_gen_params */ -KUNIT_ARRAY_PARAM(rfc8009_checksum, rfc8009_checksum_test_params, - gss_krb5_get_desc); - -/* - * From RFC 8009 Appendix A. Test Vectors - * - * Sample encryptions (all using the default cipher state): - * -------------------------------------------------------- - * - * These sample encryptions use the above sample key derivation results, - * including use of the same base-key and key usage values. - * - * This test material is copyright (c) 2016 IETF Trust and the - * persons identified as the document authors. All rights reserved. - */ - -static const struct xdr_netobj rfc8009_enc_empty_plaintext = { - .len = 0, -}; -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_short_plaintext, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_block_plaintext, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_long_plaintext, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14 -); - -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_confounder, - 0x7e, 0x58, 0x95, 0xea, 0xf2, 0x67, 0x24, 0x35, - 0xba, 0xd8, 0x17, 0xf5, 0x45, 0xa3, 0x71, 0x48 -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_result, - 0xef, 0x85, 0xfb, 0x89, 0x0b, 0xb8, 0x47, 0x2f, - 0x4d, 0xab, 0x20, 0x39, 0x4d, 0xca, 0x78, 0x1d -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test1_expected_hmac, - 0xad, 0x87, 0x7e, 0xda, 0x39, 0xd5, 0x0c, 0x87, - 0x0c, 0x0d, 0x5a, 0x0a, 0x8e, 0x48, 0xc7, 0x18 -); - -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_confounder, - 0x7b, 0xca, 0x28, 0x5e, 0x2f, 0xd4, 0x13, 0x0f, - 0xb5, 0x5b, 0x1a, 0x5c, 0x83, 0xbc, 0x5b, 0x24 -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_result, - 0x84, 0xd7, 0xf3, 0x07, 0x54, 0xed, 0x98, 0x7b, - 0xab, 0x0b, 0xf3, 0x50, 0x6b, 0xeb, 0x09, 0xcf, - 0xb5, 0x54, 0x02, 0xce, 0xf7, 0xe6 -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test2_expected_hmac, - 0x87, 0x7c, 0xe9, 0x9e, 0x24, 0x7e, 0x52, 0xd1, - 0x6e, 0xd4, 0x42, 0x1d, 0xfd, 0xf8, 0x97, 0x6c -); - -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_confounder, - 0x56, 0xab, 0x21, 0x71, 0x3f, 0xf6, 0x2c, 0x0a, - 0x14, 0x57, 0x20, 0x0f, 0x6f, 0xa9, 0x94, 0x8f -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_result, - 0x35, 0x17, 0xd6, 0x40, 0xf5, 0x0d, 0xdc, 0x8a, - 0xd3, 0x62, 0x87, 0x22, 0xb3, 0x56, 0x9d, 0x2a, - 0xe0, 0x74, 0x93, 0xfa, 0x82, 0x63, 0x25, 0x40, - 0x80, 0xea, 0x65, 0xc1, 0x00, 0x8e, 0x8f, 0xc2 -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test3_expected_hmac, - 0x95, 0xfb, 0x48, 0x52, 0xe7, 0xd8, 0x3e, 0x1e, - 0x7c, 0x48, 0xc3, 0x7e, 0xeb, 0xe6, 0xb0, 0xd3 -); - -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_confounder, - 0xa7, 0xa4, 0xe2, 0x9a, 0x47, 0x28, 0xce, 0x10, - 0x66, 0x4f, 0xb6, 0x4e, 0x49, 0xad, 0x3f, 0xac -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_result, - 0x72, 0x0f, 0x73, 0xb1, 0x8d, 0x98, 0x59, 0xcd, - 0x6c, 0xcb, 0x43, 0x46, 0x11, 0x5c, 0xd3, 0x36, - 0xc7, 0x0f, 0x58, 0xed, 0xc0, 0xc4, 0x43, 0x7c, - 0x55, 0x73, 0x54, 0x4c, 0x31, 0xc8, 0x13, 0xbc, - 0xe1, 0xe6, 0xd0, 0x72, 0xc1 -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test4_expected_hmac, - 0x86, 0xb3, 0x9a, 0x41, 0x3c, 0x2f, 0x92, 0xca, - 0x9b, 0x83, 0x34, 0xa2, 0x87, 0xff, 0xcb, 0xfc -); - -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_confounder, - 0xf7, 0x64, 0xe9, 0xfa, 0x15, 0xc2, 0x76, 0x47, - 0x8b, 0x2c, 0x7d, 0x0c, 0x4e, 0x5f, 0x58, 0xe4 -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_result, - 0x41, 0xf5, 0x3f, 0xa5, 0xbf, 0xe7, 0x02, 0x6d, - 0x91, 0xfa, 0xf9, 0xbe, 0x95, 0x91, 0x95, 0xa0 -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test5_expected_hmac, - 0x58, 0x70, 0x72, 0x73, 0xa9, 0x6a, 0x40, 0xf0, - 0xa0, 0x19, 0x60, 0x62, 0x1a, 0xc6, 0x12, 0x74, - 0x8b, 0x9b, 0xbf, 0xbe, 0x7e, 0xb4, 0xce, 0x3c -); - -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_confounder, - 0xb8, 0x0d, 0x32, 0x51, 0xc1, 0xf6, 0x47, 0x14, - 0x94, 0x25, 0x6f, 0xfe, 0x71, 0x2d, 0x0b, 0x9a -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_result, - 0x4e, 0xd7, 0xb3, 0x7c, 0x2b, 0xca, 0xc8, 0xf7, - 0x4f, 0x23, 0xc1, 0xcf, 0x07, 0xe6, 0x2b, 0xc7, - 0xb7, 0x5f, 0xb3, 0xf6, 0x37, 0xb9 -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test6_expected_hmac, - 0xf5, 0x59, 0xc7, 0xf6, 0x64, 0xf6, 0x9e, 0xab, - 0x7b, 0x60, 0x92, 0x23, 0x75, 0x26, 0xea, 0x0d, - 0x1f, 0x61, 0xcb, 0x20, 0xd6, 0x9d, 0x10, 0xf2 -); - -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_confounder, - 0x53, 0xbf, 0x8a, 0x0d, 0x10, 0x52, 0x65, 0xd4, - 0xe2, 0x76, 0x42, 0x86, 0x24, 0xce, 0x5e, 0x63 -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_result, - 0xbc, 0x47, 0xff, 0xec, 0x79, 0x98, 0xeb, 0x91, - 0xe8, 0x11, 0x5c, 0xf8, 0xd1, 0x9d, 0xac, 0x4b, - 0xbb, 0xe2, 0xe1, 0x63, 0xe8, 0x7d, 0xd3, 0x7f, - 0x49, 0xbe, 0xca, 0x92, 0x02, 0x77, 0x64, 0xf6 -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test7_expected_hmac, - 0x8c, 0xf5, 0x1f, 0x14, 0xd7, 0x98, 0xc2, 0x27, - 0x3f, 0x35, 0xdf, 0x57, 0x4d, 0x1f, 0x93, 0x2e, - 0x40, 0xc4, 0xff, 0x25, 0x5b, 0x36, 0xa2, 0x66 -); - -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_confounder, - 0x76, 0x3e, 0x65, 0x36, 0x7e, 0x86, 0x4f, 0x02, - 0xf5, 0x51, 0x53, 0xc7, 0xe3, 0xb5, 0x8a, 0xf1 -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_result, - 0x40, 0x01, 0x3e, 0x2d, 0xf5, 0x8e, 0x87, 0x51, - 0x95, 0x7d, 0x28, 0x78, 0xbc, 0xd2, 0xd6, 0xfe, - 0x10, 0x1c, 0xcf, 0xd5, 0x56, 0xcb, 0x1e, 0xae, - 0x79, 0xdb, 0x3c, 0x3e, 0xe8, 0x64, 0x29, 0xf2, - 0xb2, 0xa6, 0x02, 0xac, 0x86 -); -DEFINE_HEX_XDR_NETOBJ(rfc8009_enc_test8_expected_hmac, - 0xfe, 0xf6, 0xec, 0xb6, 0x47, 0xd6, 0x29, 0x5f, - 0xae, 0x07, 0x7a, 0x1f, 0xeb, 0x51, 0x75, 0x08, - 0xd2, 0xc1, 0x6b, 0x41, 0x92, 0xe0, 0x1f, 0x62 -); - -static const struct gss_krb5_test_param rfc8009_encrypt_test_params[] = { - { - .desc = "Encrypt empty plaintext with aes128-cts-hmac-sha256-128", - .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, - .plaintext = &rfc8009_enc_empty_plaintext, - .confounder = &rfc8009_enc_test1_confounder, - .base_key = &aes128_cts_hmac_sha256_128_basekey, - .expected_result = &rfc8009_enc_test1_expected_result, - .expected_hmac = &rfc8009_enc_test1_expected_hmac, - }, - { - .desc = "Encrypt short plaintext with aes128-cts-hmac-sha256-128", - .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, - .plaintext = &rfc8009_enc_short_plaintext, - .confounder = &rfc8009_enc_test2_confounder, - .base_key = &aes128_cts_hmac_sha256_128_basekey, - .expected_result = &rfc8009_enc_test2_expected_result, - .expected_hmac = &rfc8009_enc_test2_expected_hmac, - }, - { - .desc = "Encrypt block plaintext with aes128-cts-hmac-sha256-128", - .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, - .plaintext = &rfc8009_enc_block_plaintext, - .confounder = &rfc8009_enc_test3_confounder, - .base_key = &aes128_cts_hmac_sha256_128_basekey, - .expected_result = &rfc8009_enc_test3_expected_result, - .expected_hmac = &rfc8009_enc_test3_expected_hmac, - }, - { - .desc = "Encrypt long plaintext with aes128-cts-hmac-sha256-128", - .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, - .plaintext = &rfc8009_enc_long_plaintext, - .confounder = &rfc8009_enc_test4_confounder, - .base_key = &aes128_cts_hmac_sha256_128_basekey, - .expected_result = &rfc8009_enc_test4_expected_result, - .expected_hmac = &rfc8009_enc_test4_expected_hmac, - }, - { - .desc = "Encrypt empty plaintext with aes256-cts-hmac-sha384-192", - .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, - .plaintext = &rfc8009_enc_empty_plaintext, - .confounder = &rfc8009_enc_test5_confounder, - .base_key = &aes256_cts_hmac_sha384_192_basekey, - .expected_result = &rfc8009_enc_test5_expected_result, - .expected_hmac = &rfc8009_enc_test5_expected_hmac, - }, - { - .desc = "Encrypt short plaintext with aes256-cts-hmac-sha384-192", - .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, - .plaintext = &rfc8009_enc_short_plaintext, - .confounder = &rfc8009_enc_test6_confounder, - .base_key = &aes256_cts_hmac_sha384_192_basekey, - .expected_result = &rfc8009_enc_test6_expected_result, - .expected_hmac = &rfc8009_enc_test6_expected_hmac, - }, - { - .desc = "Encrypt block plaintext with aes256-cts-hmac-sha384-192", - .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, - .plaintext = &rfc8009_enc_block_plaintext, - .confounder = &rfc8009_enc_test7_confounder, - .base_key = &aes256_cts_hmac_sha384_192_basekey, - .expected_result = &rfc8009_enc_test7_expected_result, - .expected_hmac = &rfc8009_enc_test7_expected_hmac, - }, - { - .desc = "Encrypt long plaintext with aes256-cts-hmac-sha384-192", - .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, - .plaintext = &rfc8009_enc_long_plaintext, - .confounder = &rfc8009_enc_test8_confounder, - .base_key = &aes256_cts_hmac_sha384_192_basekey, - .expected_result = &rfc8009_enc_test8_expected_result, - .expected_hmac = &rfc8009_enc_test8_expected_hmac, - }, -}; - -/* Creates the function rfc8009_encrypt_gen_params */ -KUNIT_ARRAY_PARAM(rfc8009_encrypt, rfc8009_encrypt_test_params, - gss_krb5_get_desc); - -static void rfc8009_encrypt_case(struct kunit *test) -{ - const struct gss_krb5_test_param *param = test->param_value; - struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; - const struct gss_krb5_enctype *gk5e; - struct xdr_netobj Ke, Ki, checksum; - u8 usage_data[GSS_KRB5_K5CLENGTH]; - struct xdr_netobj usage = { - .data = usage_data, - .len = sizeof(usage_data), - }; - struct crypto_ahash *ahash_tfm; - struct xdr_buf buf; - void *text; - size_t len; - u32 err; - - /* Arrange */ - gk5e = gss_krb5_lookup_enctype(param->enctype); - if (!gk5e) - kunit_skip(test, "Encryption type is not available"); - - *(__be32 *)usage.data = cpu_to_be32(2); - - Ke.len = gk5e->Ke_length; - Ke.data = kunit_kzalloc(test, Ke.len, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ke.data); - usage.data[4] = KEY_USAGE_SEED_ENCRYPTION; - err = gk5e->derive_key(gk5e, param->base_key, &Ke, - &usage, GFP_KERNEL); - KUNIT_ASSERT_EQ(test, err, 0); - - cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); - err = crypto_sync_skcipher_setkey(cbc_tfm, Ke.data, Ke.len); - KUNIT_ASSERT_EQ(test, err, 0); - - cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); - err = crypto_sync_skcipher_setkey(cts_tfm, Ke.data, Ke.len); - KUNIT_ASSERT_EQ(test, err, 0); - - len = param->confounder->len + param->plaintext->len; - text = kunit_kzalloc(test, len, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); - memcpy(text, param->confounder->data, param->confounder->len); - memcpy(text + param->confounder->len, param->plaintext->data, - param->plaintext->len); - - memset(&buf, 0, sizeof(buf)); - buf.head[0].iov_base = text; - buf.head[0].iov_len = param->confounder->len + param->plaintext->len; - buf.len = buf.head[0].iov_len; - - checksum.len = gk5e->cksumlength; - checksum.data = kunit_kzalloc(test, checksum.len, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, checksum.data); - - Ki.len = gk5e->Ki_length; - Ki.data = kunit_kzalloc(test, Ki.len, GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, Ki.data); - usage.data[4] = KEY_USAGE_SEED_INTEGRITY; - err = gk5e->derive_key(gk5e, param->base_key, &Ki, - &usage, GFP_KERNEL); - KUNIT_ASSERT_EQ(test, err, 0); - - ahash_tfm = crypto_alloc_ahash(gk5e->cksum_name, 0, CRYPTO_ALG_ASYNC); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ahash_tfm); - err = crypto_ahash_setkey(ahash_tfm, Ki.data, Ki.len); - KUNIT_ASSERT_EQ(test, err, 0); - - /* Act */ - err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); - KUNIT_ASSERT_EQ(test, err, 0); - err = krb5_etm_checksum(cts_tfm, ahash_tfm, &buf, 0, &checksum); - KUNIT_ASSERT_EQ(test, err, 0); - - /* Assert */ - KUNIT_EXPECT_EQ_MSG(test, - param->expected_result->len, buf.len, - "ciphertext length mismatch"); - KUNIT_EXPECT_MEMEQ_MSG(test, - param->expected_result->data, - buf.head[0].iov_base, - param->expected_result->len, - "ciphertext mismatch"); - KUNIT_EXPECT_MEMEQ_MSG(test, - param->expected_hmac->data, - checksum.data, - checksum.len, - "HMAC mismatch"); - - crypto_free_ahash(ahash_tfm); - crypto_free_sync_skcipher(cts_tfm); - crypto_free_sync_skcipher(cbc_tfm); -} - -static struct kunit_case rfc8009_test_cases[] = { - { - .name = "RFC 8009 key derivation", - .run_case = kdf_case, - .generate_params = rfc8009_kdf_gen_params, - }, - { - .name = "RFC 8009 checksum", - .run_case = checksum_case, - .generate_params = rfc8009_checksum_gen_params, - }, - { - .name = "RFC 8009 encryption", - .run_case = rfc8009_encrypt_case, - .generate_params = rfc8009_encrypt_gen_params, - }, - {} -}; - -static struct kunit_suite rfc8009_suite = { - .name = "RFC 8009 suite", - .test_cases = rfc8009_test_cases, -}; - -/* - * Encryption self-tests - */ - -DEFINE_STR_XDR_NETOBJ(encrypt_selftest_plaintext, - "This is the plaintext for the encryption self-test."); - -static const struct gss_krb5_test_param encrypt_selftest_params[] = { - { - .desc = "aes128-cts-hmac-sha1-96 encryption self-test", - .enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96, - .Ke = &rfc3962_encryption_key, - .plaintext = &encrypt_selftest_plaintext, - }, - { - .desc = "aes256-cts-hmac-sha1-96 encryption self-test", - .enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96, - .Ke = &rfc3962_encryption_key, - .plaintext = &encrypt_selftest_plaintext, - }, - { - .desc = "camellia128-cts-cmac encryption self-test", - .enctype = ENCTYPE_CAMELLIA128_CTS_CMAC, - .Ke = &camellia128_cts_cmac_Ke, - .plaintext = &encrypt_selftest_plaintext, - }, - { - .desc = "camellia256-cts-cmac encryption self-test", - .enctype = ENCTYPE_CAMELLIA256_CTS_CMAC, - .Ke = &camellia256_cts_cmac_Ke, - .plaintext = &encrypt_selftest_plaintext, - }, - { - .desc = "aes128-cts-hmac-sha256-128 encryption self-test", - .enctype = ENCTYPE_AES128_CTS_HMAC_SHA256_128, - .Ke = &aes128_cts_hmac_sha256_128_Ke, - .plaintext = &encrypt_selftest_plaintext, - }, - { - .desc = "aes256-cts-hmac-sha384-192 encryption self-test", - .enctype = ENCTYPE_AES256_CTS_HMAC_SHA384_192, - .Ke = &aes256_cts_hmac_sha384_192_Ke, - .plaintext = &encrypt_selftest_plaintext, - }, -}; - -/* Creates the function encrypt_selftest_gen_params */ -KUNIT_ARRAY_PARAM(encrypt_selftest, encrypt_selftest_params, - gss_krb5_get_desc); - -/* - * Encrypt and decrypt plaintext, and ensure the input plaintext - * matches the output plaintext. A confounder is not added in this - * case. - */ -static void encrypt_selftest_case(struct kunit *test) -{ - const struct gss_krb5_test_param *param = test->param_value; - struct crypto_sync_skcipher *cts_tfm, *cbc_tfm; - const struct gss_krb5_enctype *gk5e; - struct xdr_buf buf; - void *text; - int err; - - /* Arrange */ - gk5e = gss_krb5_lookup_enctype(param->enctype); - if (!gk5e) - kunit_skip(test, "Encryption type is not available"); - - cbc_tfm = crypto_alloc_sync_skcipher(gk5e->aux_cipher, 0, 0); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cbc_tfm); - err = crypto_sync_skcipher_setkey(cbc_tfm, param->Ke->data, param->Ke->len); - KUNIT_ASSERT_EQ(test, err, 0); - - cts_tfm = crypto_alloc_sync_skcipher(gk5e->encrypt_name, 0, 0); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, cts_tfm); - err = crypto_sync_skcipher_setkey(cts_tfm, param->Ke->data, param->Ke->len); - KUNIT_ASSERT_EQ(test, err, 0); - - text = kunit_kzalloc(test, roundup(param->plaintext->len, - crypto_sync_skcipher_blocksize(cbc_tfm)), - GFP_KERNEL); - KUNIT_ASSERT_NOT_ERR_OR_NULL(test, text); - - memcpy(text, param->plaintext->data, param->plaintext->len); - memset(&buf, 0, sizeof(buf)); - buf.head[0].iov_base = text; - buf.head[0].iov_len = param->plaintext->len; - buf.len = buf.head[0].iov_len; - - /* Act */ - err = krb5_cbc_cts_encrypt(cts_tfm, cbc_tfm, 0, &buf, NULL, NULL, 0); - KUNIT_ASSERT_EQ(test, err, 0); - err = krb5_cbc_cts_decrypt(cts_tfm, cbc_tfm, 0, &buf); - KUNIT_ASSERT_EQ(test, err, 0); - - /* Assert */ - KUNIT_EXPECT_EQ_MSG(test, - param->plaintext->len, buf.len, - "length mismatch"); - KUNIT_EXPECT_MEMEQ_MSG(test, - param->plaintext->data, - buf.head[0].iov_base, - buf.len, - "plaintext mismatch"); - - crypto_free_sync_skcipher(cts_tfm); - crypto_free_sync_skcipher(cbc_tfm); -} - -static struct kunit_case encryption_test_cases[] = { - { - .name = "Encryption self-tests", - .run_case = encrypt_selftest_case, - .generate_params = encrypt_selftest_gen_params, - }, - {} -}; - -static struct kunit_suite encryption_test_suite = { - .name = "Encryption test suite", - .test_cases = encryption_test_cases, -}; - -kunit_test_suites(&rfc3961_suite, - &rfc3962_suite, - &rfc6803_suite, - &rfc8009_suite, - &encryption_test_suite); - -MODULE_DESCRIPTION("Test RPCSEC GSS Kerberos 5 functions"); -MODULE_LICENSE("GPL"); diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c index 516833b4c114..6bd588dfbfc0 100644 --- a/net/sunrpc/xdr.c +++ b/net/sunrpc/xdr.c @@ -2348,73 +2348,6 @@ int xdr_encode_array2(const struct xdr_buf *buf, unsigned int base, } EXPORT_SYMBOL_GPL(xdr_encode_array2); -int xdr_process_buf(const struct xdr_buf *buf, unsigned int offset, - unsigned int len, - int (*actor)(struct scatterlist *, void *), void *data) -{ - int i, ret = 0; - unsigned int page_len, thislen, page_offset; - struct scatterlist sg[1]; - - sg_init_table(sg, 1); - - if (offset >= buf->head[0].iov_len) { - offset -= buf->head[0].iov_len; - } else { - thislen = buf->head[0].iov_len - offset; - if (thislen > len) - thislen = len; - sg_set_buf(sg, buf->head[0].iov_base + offset, thislen); - ret = actor(sg, data); - if (ret) - goto out; - offset = 0; - len -= thislen; - } - if (len == 0) - goto out; - - if (offset >= buf->page_len) { - offset -= buf->page_len; - } else { - page_len = buf->page_len - offset; - if (page_len > len) - page_len = len; - len -= page_len; - page_offset = (offset + buf->page_base) & (PAGE_SIZE - 1); - i = (offset + buf->page_base) >> PAGE_SHIFT; - thislen = PAGE_SIZE - page_offset; - do { - if (thislen > page_len) - thislen = page_len; - sg_set_page(sg, buf->pages[i], thislen, page_offset); - ret = actor(sg, data); - if (ret) - goto out; - page_len -= thislen; - i++; - page_offset = 0; - thislen = PAGE_SIZE; - } while (page_len != 0); - offset = 0; - } - if (len == 0) - goto out; - if (offset < buf->tail[0].iov_len) { - thislen = buf->tail[0].iov_len - offset; - if (thislen > len) - thislen = len; - sg_set_buf(sg, buf->tail[0].iov_base + offset, thislen); - ret = actor(sg, data); - len -= thislen; - } - if (len != 0) - ret = -EINVAL; -out: - return ret; -} -EXPORT_SYMBOL_GPL(xdr_process_buf); - /** * xdr_stream_decode_string_dup - Decode and duplicate variable length string * @xdr: pointer to xdr_stream -- 2.53.0