Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.0/patches/2197961/?format=api
{ "id": 2197961, "url": "http://patchwork.ozlabs.org/api/1.0/patches/2197961/?format=api", "project": { "id": 12, "url": "http://patchwork.ozlabs.org/api/1.0/projects/12/?format=api", "name": "Linux CIFS Client", "link_name": "linux-cifs-client", "list_id": "linux-cifs.vger.kernel.org", "list_email": "linux-cifs@vger.kernel.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20260218213501.136844-7-ebiggers@kernel.org>", "date": "2026-02-18T21:34:52", "name": "[06/15] lib/crypto: tests: Add KUnit tests for CBC-based MACs", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "c056f2a6ddd427431432a28e34f9ab08ee6d9ff2", "submitter": { "id": 74690, "url": "http://patchwork.ozlabs.org/api/1.0/people/74690/?format=api", "name": "Eric Biggers", "email": "ebiggers@kernel.org" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260218213501.136844-7-ebiggers@kernel.org/mbox/", "series": [ { "id": 492621, "url": "http://patchwork.ozlabs.org/api/1.0/series/492621/?format=api", "date": "2026-02-18T21:34:46", "name": "AES-CMAC library", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/492621/mbox/" } ], "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2197961/checks/", "tags": {}, "headers": { "Return-Path": "\n <linux-cifs+bounces-9447-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linux-cifs@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=rPwtpcM4;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-cifs+bounces-9447-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"rPwtpcM4\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201" ], "Received": [ "from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fGVK96yC9z1xvS\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 19 Feb 2026 08:39:41 +1100 (AEDT)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 262803073A63\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 18 Feb 2026 21:37:06 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id BD7CB3358B6;\n\tWed, 18 Feb 2026 21:36:53 +0000 (UTC)", "from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 964EF3358A6;\n\tWed, 18 Feb 2026 21:36:53 +0000 (UTC)", "by smtp.kernel.org (Postfix) with ESMTPSA id 0CE09C2BCAF;\n\tWed, 18 Feb 2026 21:36:53 +0000 (UTC)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1771450613; cv=none;\n b=IVhjOdt9eChYodWmaD0u3R6GUjE8qQHEZMx24xN9c5ZCkLp4jmm2YNajiXZ4S4K/NpcBjrhd41cVvCHd9gwVXJQRp922VyLEoaJTUXIUyQmycdkfDCDJCZZizD9alXeM9EUdCIAa7HNOZ2mLoNkOvk9X26vzWopC5Uf5bGD04dA=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1771450613; c=relaxed/simple;\n\tbh=WsEqvASqnfKYvYAsnz2LEtDg1yiW7NveNu+mk7c4JE0=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=D84zCcpiqjYrIMrPFUGTBs5/70BR11jwvQPwSmvAF9UqN9UTsqE33vePyrFStTv6vm9DxlfCp+nlCxLd9ZahkXbmZJfVhAl5JsEuWDP9Efc1cRzn/P48ZJ8x7tLcqShoeTqNfxqz4t/EqCvTT61Y61yEDzFva0S7vR76+V+oWMk=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=rPwtpcM4; arc=none smtp.client-ip=10.30.226.201", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1771450613;\n\tbh=WsEqvASqnfKYvYAsnz2LEtDg1yiW7NveNu+mk7c4JE0=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n\tb=rPwtpcM4GMCYsfw00sGC/0Nbr6RO+bXz7y8PSeuDxJ/8iWe9dCU6q1Ldei6lNxaky\n\t h1k/vnVu1H7L3wVLQJ8ReOkR+5KmzPKLyIQn/Q/gTFS9YBqAB4M/DlGRsRnP66IcYa\n\t yGiWuieGWT1r8kmtTn3MU+DT/NlQrkC1fTxw7wo5tMz860tv8DvCy7TpYuxResQX9M\n\t 7ajbWg1UUYr+WAc+c3bDpXayUHXx86yV8X4U8soJmWkl5R4gyCmiPmTTKWsIz4fBEi\n\t NsBdFac05w3fqpoxe6DotFcIxXY5xs8iJ8yiCg1qzY/bwC/NdzDgKC8aYUPF+l/hyI\n\t lPhS6jBREfGog==", "From": "Eric Biggers <ebiggers@kernel.org>", "To": "linux-crypto@vger.kernel.org", "Cc": "linux-kernel@vger.kernel.org,\n\tArd Biesheuvel <ardb@kernel.org>,\n\t\"Jason A . Donenfeld\" <Jason@zx2c4.com>,\n\tHerbert Xu <herbert@gondor.apana.org.au>,\n\tlinux-arm-kernel@lists.infradead.org,\n\tlinux-cifs@vger.kernel.org,\n\tlinux-wireless@vger.kernel.org,\n\tEric Biggers <ebiggers@kernel.org>", "Subject": "[PATCH 06/15] lib/crypto: tests: Add KUnit tests for CBC-based MACs", "Date": "Wed, 18 Feb 2026 13:34:52 -0800", "Message-ID": "<20260218213501.136844-7-ebiggers@kernel.org>", "X-Mailer": "git-send-email 2.53.0", "In-Reply-To": "<20260218213501.136844-1-ebiggers@kernel.org>", "References": "<20260218213501.136844-1-ebiggers@kernel.org>", "Precedence": "bulk", "X-Mailing-List": "linux-cifs@vger.kernel.org", "List-Id": "<linux-cifs.vger.kernel.org>", "List-Subscribe": "<mailto:linux-cifs+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:linux-cifs+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit" }, "content": "Add a KUnit test suite for the AES-CMAC, AES-XCBC-MAC, and AES-CBC-MAC\nlibrary functions.\n\nSigned-off-by: Eric Biggers <ebiggers@kernel.org>\n---\n lib/crypto/tests/Kconfig | 10 ++\n lib/crypto/tests/Makefile | 1 +\n lib/crypto/tests/aes-cmac-testvecs.h | 181 ++++++++++++++++++++\n lib/crypto/tests/aes_cbc_macs_kunit.c | 228 ++++++++++++++++++++++++++\n scripts/crypto/gen-hash-testvecs.py | 31 +++-\n 5 files changed, 448 insertions(+), 3 deletions(-)\n create mode 100644 lib/crypto/tests/aes-cmac-testvecs.h\n create mode 100644 lib/crypto/tests/aes_cbc_macs_kunit.c", "diff": "diff --git a/lib/crypto/tests/Kconfig b/lib/crypto/tests/Kconfig\nindex 4970463ea0aa..2433b988bc5b 100644\n--- a/lib/crypto/tests/Kconfig\n+++ b/lib/crypto/tests/Kconfig\n@@ -1,7 +1,17 @@\n # SPDX-License-Identifier: GPL-2.0-or-later\n \n+config CRYPTO_LIB_AES_CBC_MACS_KUNIT_TEST\n+\ttristate \"KUnit tests for AES-CMAC, AES-XCBC-MAC, and AES-CBC-MAC\" if !KUNIT_ALL_TESTS\n+\tdepends on KUNIT\n+\tdefault KUNIT_ALL_TESTS || CRYPTO_SELFTESTS\n+\tselect CRYPTO_LIB_BENCHMARK_VISIBLE\n+\tselect CRYPTO_LIB_AES_CBC_MACS\n+\thelp\n+\t KUnit tests for the AES-CMAC, AES-XCBC-MAC, and AES-CBC-MAC message\n+\t authentication codes.\n+\n config CRYPTO_LIB_BLAKE2B_KUNIT_TEST\n \ttristate \"KUnit tests for BLAKE2b\" if !KUNIT_ALL_TESTS\n \tdepends on KUNIT\n \tdefault KUNIT_ALL_TESTS || CRYPTO_SELFTESTS\n \tselect CRYPTO_LIB_BENCHMARK_VISIBLE\ndiff --git a/lib/crypto/tests/Makefile b/lib/crypto/tests/Makefile\nindex f4262379f56c..f864e0ffbee4 100644\n--- a/lib/crypto/tests/Makefile\n+++ b/lib/crypto/tests/Makefile\n@@ -1,7 +1,8 @@\n # SPDX-License-Identifier: GPL-2.0-or-later\n \n+obj-$(CONFIG_CRYPTO_LIB_AES_CBC_MACS_KUNIT_TEST) += aes_cbc_macs_kunit.o\n obj-$(CONFIG_CRYPTO_LIB_BLAKE2B_KUNIT_TEST) += blake2b_kunit.o\n obj-$(CONFIG_CRYPTO_LIB_BLAKE2S_KUNIT_TEST) += blake2s_kunit.o\n obj-$(CONFIG_CRYPTO_LIB_CURVE25519_KUNIT_TEST) += curve25519_kunit.o\n obj-$(CONFIG_CRYPTO_LIB_MD5_KUNIT_TEST) += md5_kunit.o\n obj-$(CONFIG_CRYPTO_LIB_MLDSA_KUNIT_TEST) += mldsa_kunit.o\ndiff --git a/lib/crypto/tests/aes-cmac-testvecs.h b/lib/crypto/tests/aes-cmac-testvecs.h\nnew file mode 100644\nindex 000000000000..8177862ba5a3\n--- /dev/null\n+++ b/lib/crypto/tests/aes-cmac-testvecs.h\n@@ -0,0 +1,181 @@\n+/* SPDX-License-Identifier: GPL-2.0-or-later */\n+/* This file was generated by: ./scripts/crypto/gen-hash-testvecs.py aes-cmac */\n+\n+static const struct {\n+\tsize_t data_len;\n+\tu8 digest[AES_BLOCK_SIZE];\n+} hash_testvecs[] = {\n+\t{\n+\t\t.data_len = 0,\n+\t\t.digest = {\n+\t\t\t0x9a, 0xeb, 0x94, 0xc1, 0xe9, 0xc1, 0x57, 0x49,\n+\t\t\t0x7e, 0xba, 0x66, 0x47, 0x9f, 0x03, 0x2c, 0x5b,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 1,\n+\t\t.digest = {\n+\t\t\t0x52, 0xef, 0x65, 0xda, 0x7b, 0x92, 0x0c, 0x0f,\n+\t\t\t0xdd, 0xd6, 0xb9, 0x68, 0x3f, 0xcc, 0x5f, 0xea,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 2,\n+\t\t.digest = {\n+\t\t\t0xc3, 0x95, 0x15, 0xea, 0x16, 0x33, 0xbe, 0x5a,\n+\t\t\t0xd4, 0x2c, 0x25, 0x06, 0x15, 0xc6, 0x10, 0x19,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 3,\n+\t\t.digest = {\n+\t\t\t0x82, 0x41, 0x41, 0xd5, 0x33, 0x26, 0x0b, 0xb6,\n+\t\t\t0xc8, 0xf7, 0x8d, 0x76, 0x8a, 0xfc, 0x0e, 0xe4,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 16,\n+\t\t.digest = {\n+\t\t\t0x94, 0x09, 0x80, 0x07, 0xba, 0x7c, 0xed, 0xd2,\n+\t\t\t0x74, 0x72, 0x30, 0x26, 0xb5, 0x11, 0x64, 0xc1,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 32,\n+\t\t.digest = {\n+\t\t\t0xeb, 0xcf, 0x1e, 0x67, 0x21, 0x64, 0x93, 0xa0,\n+\t\t\t0xea, 0xc4, 0xb9, 0x2d, 0x55, 0xc8, 0xac, 0x99,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 48,\n+\t\t.digest = {\n+\t\t\t0xd0, 0xd6, 0xdb, 0xe2, 0x45, 0x98, 0x6a, 0x7a,\n+\t\t\t0x5f, 0xd6, 0xcd, 0x9d, 0x12, 0x26, 0x20, 0x87,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 49,\n+\t\t.digest = {\n+\t\t\t0x63, 0x25, 0x3c, 0xe2, 0x2a, 0xfa, 0xe3, 0x1e,\n+\t\t\t0x54, 0x10, 0x18, 0x28, 0xc6, 0xb8, 0xcb, 0x58,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 63,\n+\t\t.digest = {\n+\t\t\t0x4d, 0xab, 0xae, 0x99, 0x90, 0x13, 0x3f, 0x4f,\n+\t\t\t0x42, 0x0f, 0x19, 0x94, 0xa2, 0x52, 0xfd, 0xaf,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 64,\n+\t\t.digest = {\n+\t\t\t0xf7, 0x49, 0xb9, 0xa7, 0xf9, 0x3e, 0xa0, 0xca,\n+\t\t\t0xb2, 0x6c, 0xd7, 0x87, 0x7d, 0x1e, 0xd2, 0xcb,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 65,\n+\t\t.digest = {\n+\t\t\t0x27, 0x2c, 0xb7, 0xc8, 0xdd, 0x26, 0xa9, 0xfe,\n+\t\t\t0x37, 0x64, 0x84, 0x38, 0xa5, 0x7e, 0xbc, 0x04,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 127,\n+\t\t.digest = {\n+\t\t\t0xfd, 0x1f, 0x01, 0xa4, 0xea, 0x9b, 0xbd, 0xef,\n+\t\t\t0x09, 0x97, 0x57, 0x60, 0x95, 0x23, 0xcc, 0x71,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 128,\n+\t\t.digest = {\n+\t\t\t0x28, 0x21, 0xee, 0x56, 0x9f, 0x38, 0xd6, 0x0e,\n+\t\t\t0xe3, 0x22, 0x06, 0x20, 0xad, 0xd8, 0x33, 0x74,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 129,\n+\t\t.digest = {\n+\t\t\t0x07, 0x28, 0x4a, 0x2a, 0xd3, 0x85, 0xa6, 0x87,\n+\t\t\t0x5c, 0x01, 0x8c, 0xb9, 0xd3, 0x4b, 0xce, 0x20,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 256,\n+\t\t.digest = {\n+\t\t\t0xe6, 0x12, 0x25, 0x6b, 0xf9, 0x69, 0x4d, 0x5a,\n+\t\t\t0x1a, 0xb0, 0xe6, 0x11, 0x46, 0x24, 0x08, 0xdf,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 511,\n+\t\t.digest = {\n+\t\t\t0xce, 0x28, 0x1f, 0x14, 0xb9, 0xcc, 0x7e, 0x1f,\n+\t\t\t0xb5, 0x13, 0x2b, 0x45, 0x04, 0x54, 0xe9, 0x5f,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 513,\n+\t\t.digest = {\n+\t\t\t0x63, 0x12, 0xbd, 0x85, 0x60, 0x1b, 0x99, 0x7e,\n+\t\t\t0x0a, 0xf7, 0x0f, 0xc1, 0xb5, 0x66, 0xf8, 0x9a,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 1000,\n+\t\t.digest = {\n+\t\t\t0xbd, 0x49, 0x5e, 0x21, 0xc6, 0x58, 0x74, 0x6b,\n+\t\t\t0x21, 0xc2, 0x62, 0x6a, 0x15, 0xca, 0x1d, 0x8a,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 3333,\n+\t\t.digest = {\n+\t\t\t0xfe, 0x6b, 0xfa, 0xfc, 0x4c, 0x0b, 0x63, 0x0d,\n+\t\t\t0x41, 0x7f, 0xa9, 0xd8, 0xba, 0xe3, 0xce, 0xce,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 4096,\n+\t\t.digest = {\n+\t\t\t0x41, 0x7c, 0xbc, 0x2e, 0x2f, 0xff, 0xdf, 0x09,\n+\t\t\t0x31, 0xc5, 0x79, 0x0a, 0x1d, 0x6e, 0x46, 0xec,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 4128,\n+\t\t.digest = {\n+\t\t\t0x6a, 0x9d, 0x86, 0xa8, 0xab, 0xa5, 0xc1, 0xc5,\n+\t\t\t0x0d, 0x54, 0xf3, 0x51, 0x10, 0x46, 0x25, 0x5a,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 4160,\n+\t\t.digest = {\n+\t\t\t0x4c, 0x50, 0xff, 0x2a, 0xe9, 0xca, 0x9e, 0x07,\n+\t\t\t0x8a, 0x86, 0x67, 0x5e, 0xe5, 0x0a, 0xfd, 0x69,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 4224,\n+\t\t.digest = {\n+\t\t\t0x3a, 0xfa, 0x80, 0x9d, 0x80, 0xe3, 0x1e, 0x95,\n+\t\t\t0x53, 0x93, 0x39, 0x17, 0xd3, 0xda, 0x49, 0x15,\n+\t\t},\n+\t},\n+\t{\n+\t\t.data_len = 16384,\n+\t\t.digest = {\n+\t\t\t0x48, 0xf4, 0x4f, 0x2d, 0x5d, 0xf2, 0x02, 0xcf,\n+\t\t\t0x51, 0x3c, 0x1b, 0x12, 0x80, 0x8f, 0xb0, 0xd6,\n+\t\t},\n+\t},\n+};\n+\n+static const u8 hash_testvec_consolidated[AES_BLOCK_SIZE] = {\n+\t0x41, 0xad, 0x25, 0xa1, 0xeb, 0xce, 0x6b, 0x9c,\n+\t0x06, 0xdf, 0x47, 0xc4, 0x3a, 0x59, 0x50, 0x07,\n+};\ndiff --git a/lib/crypto/tests/aes_cbc_macs_kunit.c b/lib/crypto/tests/aes_cbc_macs_kunit.c\nnew file mode 100644\nindex 000000000000..ae3745212f03\n--- /dev/null\n+++ b/lib/crypto/tests/aes_cbc_macs_kunit.c\n@@ -0,0 +1,228 @@\n+// SPDX-License-Identifier: GPL-2.0-or-later\n+/*\n+ * Copyright 2026 Google LLC\n+ */\n+#include <crypto/aes-cbc-macs.h>\n+#include \"aes-cmac-testvecs.h\"\n+\n+/*\n+ * A fixed key used when presenting AES-CMAC as an unkeyed hash function in\n+ * order to reuse hash-test-template.h. At the beginning of the test suite,\n+ * this is initialized to a key prepared from bytes generated from a fixed seed.\n+ */\n+static struct aes_cmac_key test_key;\n+\n+static void aes_cmac_init_withtestkey(struct aes_cmac_ctx *ctx)\n+{\n+\taes_cmac_init(ctx, &test_key);\n+}\n+\n+static void aes_cmac_withtestkey(const u8 *data, size_t data_len,\n+\t\t\t\t u8 out[AES_BLOCK_SIZE])\n+{\n+\taes_cmac(&test_key, data, data_len, out);\n+}\n+\n+#define HASH aes_cmac_withtestkey\n+#define HASH_CTX aes_cmac_ctx\n+#define HASH_SIZE AES_BLOCK_SIZE\n+#define HASH_INIT aes_cmac_init_withtestkey\n+#define HASH_UPDATE aes_cmac_update\n+#define HASH_FINAL aes_cmac_final\n+#include \"hash-test-template.h\"\n+\n+static int aes_cbc_macs_suite_init(struct kunit_suite *suite)\n+{\n+\tu8 raw_key[AES_KEYSIZE_256];\n+\tint err;\n+\n+\trand_bytes_seeded_from_len(raw_key, sizeof(raw_key));\n+\terr = aes_cmac_preparekey(&test_key, raw_key, sizeof(raw_key));\n+\tif (err)\n+\t\treturn err;\n+\treturn hash_suite_init(suite);\n+}\n+\n+static void aes_cbc_macs_suite_exit(struct kunit_suite *suite)\n+{\n+\thash_suite_exit(suite);\n+}\n+\n+/* Verify compatibility of the AES-CMAC implementation with RFC 4493. */\n+static void test_aes_cmac_rfc4493(struct kunit *test)\n+{\n+\tstatic const u8 raw_key[AES_KEYSIZE_128] = {\n+\t\t0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,\n+\t\t0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,\n+\t};\n+\tstatic const struct {\n+\t\tsize_t data_len;\n+\t\tconst u8 data[40];\n+\t\tconst u8 mac[AES_BLOCK_SIZE];\n+\t} testvecs[] = {\n+\t\t{\n+\t\t\t/* Example 1 from RFC 4493 */\n+\t\t\t.data_len = 0,\n+\t\t\t.mac = {\n+\t\t\t\t0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,\n+\t\t\t\t0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46,\n+\t\t\t},\n+\n+\t\t},\n+\t\t{\n+\t\t\t/* Example 2 from RFC 4493 */\n+\t\t\t.data = {\n+\t\t\t\t0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,\n+\t\t\t\t0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,\n+\t\t\t},\n+\t\t\t.data_len = 16,\n+\t\t\t.mac = {\n+\t\t\t\t0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,\n+\t\t\t\t0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c,\n+\t\t\t},\n+\t\t},\n+\t\t{\n+\t\t\t/* Example 3 from RFC 4493 */\n+\t\t\t.data = {\n+\t\t\t\t0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,\n+\t\t\t\t0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,\n+\t\t\t\t0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,\n+\t\t\t\t0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,\n+\t\t\t\t0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,\n+\t\t\t},\n+\t\t\t.data_len = 40,\n+\t\t\t.mac = {\n+\t\t\t\t0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,\n+\t\t\t\t0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27,\n+\t\t\t},\n+\t\t},\n+\t};\n+\tstruct aes_cmac_key key;\n+\tint err;\n+\n+\terr = aes_cmac_preparekey(&key, raw_key, sizeof(raw_key));\n+\tKUNIT_ASSERT_EQ(test, err, 0);\n+\n+\tfor (size_t i = 0; i < ARRAY_SIZE(testvecs); i++) {\n+\t\tu8 mac[AES_BLOCK_SIZE];\n+\n+\t\taes_cmac(&key, testvecs[i].data, testvecs[i].data_len, mac);\n+\t\tKUNIT_ASSERT_MEMEQ(test, mac, testvecs[i].mac, AES_BLOCK_SIZE);\n+\t}\n+}\n+\n+/*\n+ * Verify compatibility of the AES-XCBC-MAC implementation with RFC 3566.\n+ *\n+ * Additional AES-XCBC-MAC tests are not necessary, since the AES-XCBC-MAC\n+ * implementation is well covered by the AES-CMAC tests already. Only the key\n+ * preparation function differs; the rest of the code is shared.\n+ */\n+static void test_aes_xcbcmac_rfc3566(struct kunit *test)\n+{\n+\tstruct aes_cmac_key key;\n+\t/* AES-XCBC-MAC Test Case #4 from RFC 3566 */\n+\tstatic const u8 raw_key[AES_KEYSIZE_128] = {\n+\t\t0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,\n+\t\t0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,\n+\t};\n+\tstatic const u8 message[20] = {\n+\t\t0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,\n+\t\t0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13,\n+\t};\n+\tstatic const u8 expected_mac[AES_BLOCK_SIZE] = {\n+\t\t0x47, 0xf5, 0x1b, 0x45, 0x64, 0x96, 0x62, 0x15,\n+\t\t0xb8, 0x98, 0x5c, 0x63, 0x05, 0x5e, 0xd3, 0x08,\n+\t};\n+\tu8 actual_mac[AES_BLOCK_SIZE];\n+\n+\taes_xcbcmac_preparekey(&key, raw_key);\n+\taes_cmac(&key, message, sizeof(message), actual_mac);\n+\tKUNIT_ASSERT_MEMEQ(test, actual_mac, expected_mac, AES_BLOCK_SIZE);\n+}\n+\n+static void test_aes_cbcmac_rfc3610(struct kunit *test)\n+{\n+\t/*\n+\t * The following AES-CBC-MAC test vector is extracted from RFC 3610\n+\t * Packet Vector #11. It required some rearrangement to get the actual\n+\t * input to AES-CBC-MAC from the values given.\n+\t */\n+\tstatic const u8 raw_key[AES_KEYSIZE_128] = {\n+\t\t0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,\n+\t\t0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,\n+\t};\n+\tconst size_t unpadded_data_len = 52;\n+\tstatic const u8 data[64] = {\n+\t\t/* clang-format off */\n+\t\t/* CCM header */\n+\t\t0x61, 0x00, 0x00, 0x00, 0x0d, 0x0c, 0x0b, 0x0a,\n+\t\t0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0x00, 0x14,\n+\t\t/* CCM additional authentication blocks */\n+\t\t0x00, 0x0c, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,\n+\t\t0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x00, 0x00,\n+\t\t/* CCM message blocks */\n+\t\t0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13,\n+\t\t0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,\n+\t\t0x1c, 0x1d, 0x1e, 0x1f, 0x00, 0x00, 0x00, 0x00,\n+\t\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n+\t\t/* clang-format on */\n+\t};\n+\tstatic const u8 expected_mac[AES_BLOCK_SIZE] = {\n+\t\t0x6b, 0x5e, 0x24, 0x34, 0x12, 0xcc, 0xc2, 0xad,\n+\t\t0x6f, 0x1b, 0x11, 0xc3, 0xa1, 0xa9, 0xd8, 0xbc,\n+\t};\n+\tstruct aes_enckey key;\n+\tstruct aes_cbcmac_ctx ctx;\n+\tu8 actual_mac[AES_BLOCK_SIZE];\n+\tint err;\n+\n+\terr = aes_prepareenckey(&key, raw_key, sizeof(raw_key));\n+\tKUNIT_ASSERT_EQ(test, err, 0);\n+\n+\t/*\n+\t * Trailing zeroes should not affect the CBC-MAC value, up to the next\n+\t * AES block boundary.\n+\t */\n+\tfor (size_t data_len = unpadded_data_len; data_len <= sizeof(data);\n+\t data_len++) {\n+\t\taes_cbcmac_init(&ctx, &key);\n+\t\taes_cbcmac_update(&ctx, data, data_len);\n+\t\taes_cbcmac_final(&ctx, actual_mac);\n+\t\tKUNIT_ASSERT_MEMEQ(test, actual_mac, expected_mac,\n+\t\t\t\t AES_BLOCK_SIZE);\n+\n+\t\t/* Incremental computations should produce the same result. */\n+\t\tfor (size_t part1_len = 0; part1_len <= data_len; part1_len++) {\n+\t\t\taes_cbcmac_init(&ctx, &key);\n+\t\t\taes_cbcmac_update(&ctx, data, part1_len);\n+\t\t\taes_cbcmac_update(&ctx, &data[part1_len],\n+\t\t\t\t\t data_len - part1_len);\n+\t\t\taes_cbcmac_final(&ctx, actual_mac);\n+\t\t\tKUNIT_ASSERT_MEMEQ(test, actual_mac, expected_mac,\n+\t\t\t\t\t AES_BLOCK_SIZE);\n+\t\t}\n+\t}\n+}\n+\n+static struct kunit_case aes_cbc_macs_test_cases[] = {\n+\tHASH_KUNIT_CASES,\n+\tKUNIT_CASE(test_aes_cmac_rfc4493),\n+\tKUNIT_CASE(test_aes_xcbcmac_rfc3566),\n+\tKUNIT_CASE(test_aes_cbcmac_rfc3610),\n+\tKUNIT_CASE(benchmark_hash),\n+\t{},\n+};\n+\n+static struct kunit_suite aes_cbc_macs_test_suite = {\n+\t.name = \"aes_cbc_macs\",\n+\t.test_cases = aes_cbc_macs_test_cases,\n+\t.suite_init = aes_cbc_macs_suite_init,\n+\t.suite_exit = aes_cbc_macs_suite_exit,\n+};\n+kunit_test_suite(aes_cbc_macs_test_suite);\n+\n+MODULE_DESCRIPTION(\n+\t\"KUnit tests and benchmark for AES-CMAC, AES-XCBC-MAC, and AES-CBC-MAC\");\n+MODULE_IMPORT_NS(\"CRYPTO_INTERNAL\");\n+MODULE_LICENSE(\"GPL\");\ndiff --git a/scripts/crypto/gen-hash-testvecs.py b/scripts/crypto/gen-hash-testvecs.py\nindex 8eeb650fcada..34b7c48f3456 100755\n--- a/scripts/crypto/gen-hash-testvecs.py\n+++ b/scripts/crypto/gen-hash-testvecs.py\n@@ -1,12 +1,16 @@\n #!/usr/bin/env python3\n # SPDX-License-Identifier: GPL-2.0-or-later\n #\n # Script that generates test vectors for the given hash function.\n #\n+# Requires that python-cryptography be installed.\n+#\n # Copyright 2025 Google LLC\n \n+import cryptography.hazmat.primitives.ciphers\n+import cryptography.hazmat.primitives.cmac\n import hashlib\n import hmac\n import sys\n \n DATA_LENS = [0, 1, 2, 3, 16, 32, 48, 49, 63, 64, 65, 127, 128, 129, 256, 511,\n@@ -22,10 +26,24 @@ def rand_bytes(length):\n for _ in range(length):\n seed = (seed * 25214903917 + 11) % 2**48\n out.append((seed >> 16) % 256)\n return bytes(out)\n \n+AES_256_KEY_SIZE = 32\n+\n+# AES-CMAC. Just wraps the implementation from python-cryptography.\n+class AesCmac:\n+ def __init__(self, key):\n+ aes = cryptography.hazmat.primitives.ciphers.algorithms.AES(key)\n+ self.cmac = cryptography.hazmat.primitives.cmac.CMAC(aes)\n+\n+ def update(self, data):\n+ self.cmac.update(data)\n+\n+ def digest(self):\n+ return self.cmac.finalize()\n+\n POLY1305_KEY_SIZE = 32\n \n # A straightforward, unoptimized implementation of Poly1305.\n # Reference: https://cr.yp.to/mac/poly1305-20050329.pdf\n class Poly1305:\n@@ -78,13 +96,16 @@ class Polyval:\n \n def digest(self):\n return self.acc.to_bytes(16, byteorder='little')\n \n def hash_init(alg):\n+ # The keyed hash functions are assigned a fixed random key here, to present\n+ # them as unkeyed hash functions. This allows all the test cases for\n+ # unkeyed hash functions to work on them.\n+ if alg == 'aes-cmac':\n+ return AesCmac(rand_bytes(AES_256_KEY_SIZE))\n if alg == 'poly1305':\n- # Use a fixed random key here, to present Poly1305 as an unkeyed hash.\n- # This allows all the test cases for unkeyed hashes to work on Poly1305.\n return Poly1305(rand_bytes(POLY1305_KEY_SIZE))\n if alg == 'polyval':\n return Polyval(rand_bytes(POLYVAL_BLOCK_SIZE))\n return hashlib.new(alg)\n \n@@ -114,10 +135,12 @@ def print_c_struct_u8_array_field(name, value):\n print(f'\\t\\t.{name} = {{')\n print_bytes('\\t\\t\\t', value, 8)\n print('\\t\\t},')\n \n def alg_digest_size_const(alg):\n+ if alg == 'aes-cmac':\n+ return 'AES_BLOCK_SIZE'\n if alg.startswith('blake2'):\n return f'{alg.upper()}_HASH_SIZE'\n return f\"{alg.upper().replace('-', '_')}_DIGEST_SIZE\"\n \n def gen_unkeyed_testvecs(alg):\n@@ -250,11 +273,13 @@ if len(sys.argv) != 2:\n sys.exit(1)\n \n alg = sys.argv[1]\n print('/* SPDX-License-Identifier: GPL-2.0-or-later */')\n print(f'/* This file was generated by: {sys.argv[0]} {\" \".join(sys.argv[1:])} */')\n-if alg.startswith('blake2'):\n+if alg == 'aes-cmac':\n+ gen_unkeyed_testvecs(alg)\n+elif alg.startswith('blake2'):\n gen_unkeyed_testvecs(alg)\n gen_additional_blake2_testvecs(alg)\n elif alg == 'nh':\n gen_nh_testvecs()\n elif alg == 'poly1305':\n", "prefixes": [ "06/15" ] }