From 8537544679272b77b8bca1e02263bee4bbea14e6 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 9 Jul 2015 07:17:25 +0800 Subject: crypto: testmgr - Disable rfc4106 test and convert test vectors This patch disables the rfc4106 test while the conversion to the new seqiv calling convention takes place. It also converts the rfc4106 test vectors to the new format. Signed-off-by: Herbert Xu --- crypto/testmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/testmgr.c') diff --git a/crypto/testmgr.c b/crypto/testmgr.c index d0a42bd3aae9..c4fe6a8068f5 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -3492,7 +3492,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "rfc4106(gcm(aes))", + .alg = "rfc4106(gcm(aes))-disabled", .test = alg_test_aead, .fips_allowed = 1, .suite = { -- cgit v1.2.3 From 3f31a740c42e07f81bed8178c8ac1c7936ed6993 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 9 Jul 2015 07:17:34 +0800 Subject: crypto: testmgr - Reenable rfc4106 test Now that all implementations of rfc4106 have been converted we can reenable the test. Signed-off-by: Herbert Xu --- crypto/testmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/testmgr.c') diff --git a/crypto/testmgr.c b/crypto/testmgr.c index c4fe6a8068f5..d0a42bd3aae9 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -3492,7 +3492,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "rfc4106(gcm(aes))-disabled", + .alg = "rfc4106(gcm(aes))", .test = alg_test_aead, .fips_allowed = 1, .suite = { -- cgit v1.2.3 From 0bc5a6c5c79a947e47af9655b0e3cc7e7a2bd0ca Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 14 Jul 2015 16:53:17 +0800 Subject: crypto: testmgr - Disable rfc4309 test and convert test vectors This patch disables the rfc4309 test while the conversion to the new seqiv calling convention takes place. It also replaces the rfc4309 test vectors with ones that will work with the new IV convention. Signed-off-by: Herbert Xu --- crypto/testmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/testmgr.c') diff --git a/crypto/testmgr.c b/crypto/testmgr.c index d0a42bd3aae9..f89b028c760c 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -3508,7 +3508,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "rfc4309(ccm(aes))", + .alg = "rfc4309(ccm(aes))-disabled", .test = alg_test_aead, .fips_allowed = 1, .suite = { -- cgit v1.2.3 From 544c436a8ecec2dc162c63116025da0e4e66ea4e Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 14 Jul 2015 16:53:22 +0800 Subject: crypto: testmgr - Reenable rfc4309 test Now that all implementations of rfc4309 have been converted we can reenable the test. Signed-off-by: Herbert Xu --- crypto/testmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/testmgr.c') diff --git a/crypto/testmgr.c b/crypto/testmgr.c index f89b028c760c..d0a42bd3aae9 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -3508,7 +3508,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "rfc4309(ccm(aes))-disabled", + .alg = "rfc4309(ccm(aes))", .test = alg_test_aead, .fips_allowed = 1, .suite = { -- cgit v1.2.3 From 7079ce62c0e9bfcca35214105c08a2d00fbea9ee Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 30 Jul 2015 17:53:14 +0800 Subject: crypto: testmgr - Disable authenc test and convert test vectors This patch disables the authenc tests while the conversion to the new IV calling convention takes place. It also replaces the authenc test vectors with ones that will work with the new IV convention. Signed-off-by: Herbert Xu --- crypto/testmgr.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'crypto/testmgr.c') diff --git a/crypto/testmgr.c b/crypto/testmgr.c index d0a42bd3aae9..0b14f71cf3d6 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -2090,7 +2090,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha1),cbc(aes))", + .alg = "authenc(hmac(sha1),cbc(aes))-disabled", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2104,7 +2104,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha1),cbc(des))", + .alg = "authenc(hmac(sha1),cbc(des))-disabled", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2118,7 +2118,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha1),cbc(des3_ede))", + .alg = "authenc(hmac(sha1),cbc(des3_ede))-disabled", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2152,7 +2152,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha224),cbc(des))", + .alg = "authenc(hmac(sha224),cbc(des))-disabled", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2166,7 +2166,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha224),cbc(des3_ede))", + .alg = "authenc(hmac(sha224),cbc(des3_ede))-disabled", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2180,7 +2180,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha256),cbc(aes))", + .alg = "authenc(hmac(sha256),cbc(aes))-disabled", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2194,7 +2194,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha256),cbc(des))", + .alg = "authenc(hmac(sha256),cbc(des))-disabled", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2208,7 +2208,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha256),cbc(des3_ede))", + .alg = "authenc(hmac(sha256),cbc(des3_ede))-disabled", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2222,7 +2222,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha384),cbc(des))", + .alg = "authenc(hmac(sha384),cbc(des))-disabled", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2236,7 +2236,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha384),cbc(des3_ede))", + .alg = "authenc(hmac(sha384),cbc(des3_ede))-disabled", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2250,7 +2250,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha512),cbc(aes))", + .alg = "authenc(hmac(sha512),cbc(aes))-disabled", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2264,7 +2264,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha512),cbc(des))", + .alg = "authenc(hmac(sha512),cbc(des))-disabled", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2278,7 +2278,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha512),cbc(des3_ede))", + .alg = "authenc(hmac(sha512),cbc(des3_ede))-disabled", .test = alg_test_aead, .fips_allowed = 1, .suite = { -- cgit v1.2.3 From a4198fd4b487afc60810f5a12b994721df220022 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 30 Jul 2015 17:53:23 +0800 Subject: crypto: testmgr - Reenable authenc tests Now that all implementations of authenc have been converted we can reenable the tests. Signed-off-by: Herbert Xu --- crypto/testmgr.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'crypto/testmgr.c') diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 0b14f71cf3d6..d0a42bd3aae9 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -2090,7 +2090,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha1),cbc(aes))-disabled", + .alg = "authenc(hmac(sha1),cbc(aes))", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2104,7 +2104,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha1),cbc(des))-disabled", + .alg = "authenc(hmac(sha1),cbc(des))", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2118,7 +2118,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha1),cbc(des3_ede))-disabled", + .alg = "authenc(hmac(sha1),cbc(des3_ede))", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2152,7 +2152,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha224),cbc(des))-disabled", + .alg = "authenc(hmac(sha224),cbc(des))", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2166,7 +2166,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha224),cbc(des3_ede))-disabled", + .alg = "authenc(hmac(sha224),cbc(des3_ede))", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2180,7 +2180,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha256),cbc(aes))-disabled", + .alg = "authenc(hmac(sha256),cbc(aes))", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2194,7 +2194,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha256),cbc(des))-disabled", + .alg = "authenc(hmac(sha256),cbc(des))", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2208,7 +2208,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha256),cbc(des3_ede))-disabled", + .alg = "authenc(hmac(sha256),cbc(des3_ede))", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2222,7 +2222,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha384),cbc(des))-disabled", + .alg = "authenc(hmac(sha384),cbc(des))", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2236,7 +2236,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha384),cbc(des3_ede))-disabled", + .alg = "authenc(hmac(sha384),cbc(des3_ede))", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2250,7 +2250,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha512),cbc(aes))-disabled", + .alg = "authenc(hmac(sha512),cbc(aes))", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2264,7 +2264,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha512),cbc(des))-disabled", + .alg = "authenc(hmac(sha512),cbc(des))", .test = alg_test_aead, .fips_allowed = 1, .suite = { @@ -2278,7 +2278,7 @@ static const struct alg_test_desc alg_test_descs[] = { } } }, { - .alg = "authenc(hmac(sha512),cbc(des3_ede))-disabled", + .alg = "authenc(hmac(sha512),cbc(des3_ede))", .test = alg_test_aead, .fips_allowed = 1, .suite = { -- cgit v1.2.3 From 8f183751a8604be5aaf0ad6dedac4890bb6fa0d5 Mon Sep 17 00:00:00 2001 From: Stephan Mueller Date: Wed, 19 Aug 2015 08:42:07 +0200 Subject: crypto: cmac - allow usage in FIPS mode CMAC is an approved cipher in FIPS 140-2. The patch allows the use of CMAC with TDES and AES in FIPS mode. Signed-off-by: Stephan Mueller Signed-off-by: Herbert Xu --- crypto/testmgr.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'crypto/testmgr.c') diff --git a/crypto/testmgr.c b/crypto/testmgr.c index d0a42bd3aae9..a865ea99a057 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -2476,6 +2476,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "cmac(aes)", + .fips_allowed = 1, .test = alg_test_hash, .suite = { .hash = { @@ -2485,6 +2486,7 @@ static const struct alg_test_desc alg_test_descs[] = { } }, { .alg = "cmac(des3_ede)", + .fips_allowed = 1, .test = alg_test_hash, .suite = { .hash = { -- cgit v1.2.3 From 12773d932fc22c60e0d5a20660d564542fab811b Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 20 Aug 2015 15:21:46 +0800 Subject: crypto: testmgr - Use new skcipher interface This patch replaces uses of blkcipher and ablkcipher with the new skcipher interface. Signed-off-by: Herbert Xu --- crypto/testmgr.c | 61 +++++++++++++++++++++++++++++--------------------------- 1 file changed, 32 insertions(+), 29 deletions(-) (limited to 'crypto/testmgr.c') diff --git a/crypto/testmgr.c b/crypto/testmgr.c index a865ea99a057..35c2de136971 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -22,6 +22,7 @@ #include #include +#include #include #include #include @@ -921,15 +922,15 @@ out_nobuf: return ret; } -static int __test_skcipher(struct crypto_ablkcipher *tfm, int enc, +static int __test_skcipher(struct crypto_skcipher *tfm, int enc, struct cipher_testvec *template, unsigned int tcount, const bool diff_dst, const int align_offset) { const char *algo = - crypto_tfm_alg_driver_name(crypto_ablkcipher_tfm(tfm)); + crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)); unsigned int i, j, k, n, temp; char *q; - struct ablkcipher_request *req; + struct skcipher_request *req; struct scatterlist sg[8]; struct scatterlist sgout[8]; const char *e, *d; @@ -958,15 +959,15 @@ static int __test_skcipher(struct crypto_ablkcipher *tfm, int enc, init_completion(&result.completion); - req = ablkcipher_request_alloc(tfm, GFP_KERNEL); + req = skcipher_request_alloc(tfm, GFP_KERNEL); if (!req) { pr_err("alg: skcipher%s: Failed to allocate request for %s\n", d, algo); goto out; } - ablkcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, - tcrypt_complete, &result); + skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, + tcrypt_complete, &result); j = 0; for (i = 0; i < tcount; i++) { @@ -987,15 +988,16 @@ static int __test_skcipher(struct crypto_ablkcipher *tfm, int enc, data += align_offset; memcpy(data, template[i].input, template[i].ilen); - crypto_ablkcipher_clear_flags(tfm, ~0); + crypto_skcipher_clear_flags(tfm, ~0); if (template[i].wk) - crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY); + crypto_skcipher_set_flags(tfm, + CRYPTO_TFM_REQ_WEAK_KEY); - ret = crypto_ablkcipher_setkey(tfm, template[i].key, - template[i].klen); + ret = crypto_skcipher_setkey(tfm, template[i].key, + template[i].klen); if (!ret == template[i].fail) { pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n", - d, j, algo, crypto_ablkcipher_get_flags(tfm)); + d, j, algo, crypto_skcipher_get_flags(tfm)); goto out; } else if (ret) continue; @@ -1007,10 +1009,10 @@ static int __test_skcipher(struct crypto_ablkcipher *tfm, int enc, sg_init_one(&sgout[0], data, template[i].ilen); } - ablkcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, - template[i].ilen, iv); - ret = enc ? crypto_ablkcipher_encrypt(req) : - crypto_ablkcipher_decrypt(req); + skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, + template[i].ilen, iv); + ret = enc ? crypto_skcipher_encrypt(req) : + crypto_skcipher_decrypt(req); switch (ret) { case 0: @@ -1054,15 +1056,16 @@ static int __test_skcipher(struct crypto_ablkcipher *tfm, int enc, memset(iv, 0, MAX_IVLEN); j++; - crypto_ablkcipher_clear_flags(tfm, ~0); + crypto_skcipher_clear_flags(tfm, ~0); if (template[i].wk) - crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY); + crypto_skcipher_set_flags(tfm, + CRYPTO_TFM_REQ_WEAK_KEY); - ret = crypto_ablkcipher_setkey(tfm, template[i].key, - template[i].klen); + ret = crypto_skcipher_setkey(tfm, template[i].key, + template[i].klen); if (!ret == template[i].fail) { pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n", - d, j, algo, crypto_ablkcipher_get_flags(tfm)); + d, j, algo, crypto_skcipher_get_flags(tfm)); goto out; } else if (ret) continue; @@ -1100,11 +1103,11 @@ static int __test_skcipher(struct crypto_ablkcipher *tfm, int enc, temp += template[i].tap[k]; } - ablkcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, - template[i].ilen, iv); + skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, + template[i].ilen, iv); - ret = enc ? crypto_ablkcipher_encrypt(req) : - crypto_ablkcipher_decrypt(req); + ret = enc ? crypto_skcipher_encrypt(req) : + crypto_skcipher_decrypt(req); switch (ret) { case 0: @@ -1157,7 +1160,7 @@ static int __test_skcipher(struct crypto_ablkcipher *tfm, int enc, ret = 0; out: - ablkcipher_request_free(req); + skcipher_request_free(req); if (diff_dst) testmgr_free_buf(xoutbuf); out_nooutbuf: @@ -1166,7 +1169,7 @@ out_nobuf: return ret; } -static int test_skcipher(struct crypto_ablkcipher *tfm, int enc, +static int test_skcipher(struct crypto_skcipher *tfm, int enc, struct cipher_testvec *template, unsigned int tcount) { unsigned int alignmask; @@ -1578,10 +1581,10 @@ out: static int alg_test_skcipher(const struct alg_test_desc *desc, const char *driver, u32 type, u32 mask) { - struct crypto_ablkcipher *tfm; + struct crypto_skcipher *tfm; int err = 0; - tfm = crypto_alloc_ablkcipher(driver, type | CRYPTO_ALG_INTERNAL, mask); + tfm = crypto_alloc_skcipher(driver, type | CRYPTO_ALG_INTERNAL, mask); if (IS_ERR(tfm)) { printk(KERN_ERR "alg: skcipher: Failed to load transform for " "%s: %ld\n", driver, PTR_ERR(tfm)); @@ -1600,7 +1603,7 @@ static int alg_test_skcipher(const struct alg_test_desc *desc, desc->suite.cipher.dec.count); out: - crypto_free_ablkcipher(tfm); + crypto_free_skcipher(tfm); return err; } -- cgit v1.2.3