Commit a1915d51e8e7ee192d2101d621d425379088cbb0
Committed by
Herbert Xu
1 parent
f7cb80f2b9
Exists in
master
and in
4 other branches
crypto: testmgr - Mark algs allowed in fips mode
Set the fips_allowed flag in testmgr.c's alg_test_descs[] for algs that are allowed to be used when in fips mode. One caveat: des isn't actually allowed anymore, but des (and thus also ecb(des)) has to be permitted, because disallowing them results in des3_ede being unable to properly register (see des module init func). Also, crc32 isn't technically on the fips approved list, but I think it gets used in various places that necessitate it being allowed. This list is based on http://csrc.nist.gov/groups/STM/cavp/index.html Important note: allowed/approved here does NOT mean "validated", just that its an alg that *could* be validated. Signed-off-by: Jarod Wilson <jarod@redhat.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Showing 1 changed file with 23 additions and 0 deletions Side-by-side Diff
crypto/testmgr.c
... | ... | @@ -94,6 +94,7 @@ |
94 | 94 | const char *alg; |
95 | 95 | int (*test)(const struct alg_test_desc *desc, const char *driver, |
96 | 96 | u32 type, u32 mask); |
97 | + int fips_allowed; /* set if alg is allowed in fips mode */ | |
97 | 98 | |
98 | 99 | union { |
99 | 100 | struct aead_test_suite aead; |
... | ... | @@ -1432,6 +1433,7 @@ |
1432 | 1433 | { |
1433 | 1434 | .alg = "ansi_cprng", |
1434 | 1435 | .test = alg_test_cprng, |
1436 | + .fips_allowed = 1, | |
1435 | 1437 | .suite = { |
1436 | 1438 | .cprng = { |
1437 | 1439 | .vecs = ansi_cprng_aes_tv_template, |
... | ... | @@ -1441,6 +1443,7 @@ |
1441 | 1443 | }, { |
1442 | 1444 | .alg = "cbc(aes)", |
1443 | 1445 | .test = alg_test_skcipher, |
1446 | + .fips_allowed = 1, | |
1444 | 1447 | .suite = { |
1445 | 1448 | .cipher = { |
1446 | 1449 | .enc = { |
... | ... | @@ -1516,6 +1519,7 @@ |
1516 | 1519 | }, { |
1517 | 1520 | .alg = "cbc(des3_ede)", |
1518 | 1521 | .test = alg_test_skcipher, |
1522 | + .fips_allowed = 1, | |
1519 | 1523 | .suite = { |
1520 | 1524 | .cipher = { |
1521 | 1525 | .enc = { |
... | ... | @@ -1546,6 +1550,7 @@ |
1546 | 1550 | }, { |
1547 | 1551 | .alg = "ccm(aes)", |
1548 | 1552 | .test = alg_test_aead, |
1553 | + .fips_allowed = 1, | |
1549 | 1554 | .suite = { |
1550 | 1555 | .aead = { |
1551 | 1556 | .enc = { |
... | ... | @@ -1561,6 +1566,7 @@ |
1561 | 1566 | }, { |
1562 | 1567 | .alg = "crc32c", |
1563 | 1568 | .test = alg_test_crc32c, |
1569 | + .fips_allowed = 1, | |
1564 | 1570 | .suite = { |
1565 | 1571 | .hash = { |
1566 | 1572 | .vecs = crc32c_tv_template, |
... | ... | @@ -1570,6 +1576,7 @@ |
1570 | 1576 | }, { |
1571 | 1577 | .alg = "ctr(aes)", |
1572 | 1578 | .test = alg_test_skcipher, |
1579 | + .fips_allowed = 1, | |
1573 | 1580 | .suite = { |
1574 | 1581 | .cipher = { |
1575 | 1582 | .enc = { |
... | ... | @@ -1615,6 +1622,7 @@ |
1615 | 1622 | }, { |
1616 | 1623 | .alg = "ecb(aes)", |
1617 | 1624 | .test = alg_test_skcipher, |
1625 | + .fips_allowed = 1, | |
1618 | 1626 | .suite = { |
1619 | 1627 | .cipher = { |
1620 | 1628 | .enc = { |
... | ... | @@ -1720,6 +1728,7 @@ |
1720 | 1728 | }, { |
1721 | 1729 | .alg = "ecb(des)", |
1722 | 1730 | .test = alg_test_skcipher, |
1731 | + .fips_allowed = 1, | |
1723 | 1732 | .suite = { |
1724 | 1733 | .cipher = { |
1725 | 1734 | .enc = { |
... | ... | @@ -1735,6 +1744,7 @@ |
1735 | 1744 | }, { |
1736 | 1745 | .alg = "ecb(des3_ede)", |
1737 | 1746 | .test = alg_test_skcipher, |
1747 | + .fips_allowed = 1, | |
1738 | 1748 | .suite = { |
1739 | 1749 | .cipher = { |
1740 | 1750 | .enc = { |
... | ... | @@ -1870,6 +1880,7 @@ |
1870 | 1880 | }, { |
1871 | 1881 | .alg = "gcm(aes)", |
1872 | 1882 | .test = alg_test_aead, |
1883 | + .fips_allowed = 1, | |
1873 | 1884 | .suite = { |
1874 | 1885 | .aead = { |
1875 | 1886 | .enc = { |
... | ... | @@ -1912,6 +1923,7 @@ |
1912 | 1923 | }, { |
1913 | 1924 | .alg = "hmac(sha1)", |
1914 | 1925 | .test = alg_test_hash, |
1926 | + .fips_allowed = 1, | |
1915 | 1927 | .suite = { |
1916 | 1928 | .hash = { |
1917 | 1929 | .vecs = hmac_sha1_tv_template, |
... | ... | @@ -1921,6 +1933,7 @@ |
1921 | 1933 | }, { |
1922 | 1934 | .alg = "hmac(sha224)", |
1923 | 1935 | .test = alg_test_hash, |
1936 | + .fips_allowed = 1, | |
1924 | 1937 | .suite = { |
1925 | 1938 | .hash = { |
1926 | 1939 | .vecs = hmac_sha224_tv_template, |
... | ... | @@ -1930,6 +1943,7 @@ |
1930 | 1943 | }, { |
1931 | 1944 | .alg = "hmac(sha256)", |
1932 | 1945 | .test = alg_test_hash, |
1946 | + .fips_allowed = 1, | |
1933 | 1947 | .suite = { |
1934 | 1948 | .hash = { |
1935 | 1949 | .vecs = hmac_sha256_tv_template, |
... | ... | @@ -1939,6 +1953,7 @@ |
1939 | 1953 | }, { |
1940 | 1954 | .alg = "hmac(sha384)", |
1941 | 1955 | .test = alg_test_hash, |
1956 | + .fips_allowed = 1, | |
1942 | 1957 | .suite = { |
1943 | 1958 | .hash = { |
1944 | 1959 | .vecs = hmac_sha384_tv_template, |
... | ... | @@ -1948,6 +1963,7 @@ |
1948 | 1963 | }, { |
1949 | 1964 | .alg = "hmac(sha512)", |
1950 | 1965 | .test = alg_test_hash, |
1966 | + .fips_allowed = 1, | |
1951 | 1967 | .suite = { |
1952 | 1968 | .hash = { |
1953 | 1969 | .vecs = hmac_sha512_tv_template, |
... | ... | @@ -2029,6 +2045,7 @@ |
2029 | 2045 | }, { |
2030 | 2046 | .alg = "rfc3686(ctr(aes))", |
2031 | 2047 | .test = alg_test_skcipher, |
2048 | + .fips_allowed = 1, | |
2032 | 2049 | .suite = { |
2033 | 2050 | .cipher = { |
2034 | 2051 | .enc = { |
... | ... | @@ -2044,6 +2061,7 @@ |
2044 | 2061 | }, { |
2045 | 2062 | .alg = "rfc4309(ccm(aes))", |
2046 | 2063 | .test = alg_test_aead, |
2064 | + .fips_allowed = 1, | |
2047 | 2065 | .suite = { |
2048 | 2066 | .aead = { |
2049 | 2067 | .enc = { |
... | ... | @@ -2106,6 +2124,7 @@ |
2106 | 2124 | }, { |
2107 | 2125 | .alg = "sha1", |
2108 | 2126 | .test = alg_test_hash, |
2127 | + .fips_allowed = 1, | |
2109 | 2128 | .suite = { |
2110 | 2129 | .hash = { |
2111 | 2130 | .vecs = sha1_tv_template, |
... | ... | @@ -2115,6 +2134,7 @@ |
2115 | 2134 | }, { |
2116 | 2135 | .alg = "sha224", |
2117 | 2136 | .test = alg_test_hash, |
2137 | + .fips_allowed = 1, | |
2118 | 2138 | .suite = { |
2119 | 2139 | .hash = { |
2120 | 2140 | .vecs = sha224_tv_template, |
... | ... | @@ -2124,6 +2144,7 @@ |
2124 | 2144 | }, { |
2125 | 2145 | .alg = "sha256", |
2126 | 2146 | .test = alg_test_hash, |
2147 | + .fips_allowed = 1, | |
2127 | 2148 | .suite = { |
2128 | 2149 | .hash = { |
2129 | 2150 | .vecs = sha256_tv_template, |
... | ... | @@ -2133,6 +2154,7 @@ |
2133 | 2154 | }, { |
2134 | 2155 | .alg = "sha384", |
2135 | 2156 | .test = alg_test_hash, |
2157 | + .fips_allowed = 1, | |
2136 | 2158 | .suite = { |
2137 | 2159 | .hash = { |
2138 | 2160 | .vecs = sha384_tv_template, |
... | ... | @@ -2142,6 +2164,7 @@ |
2142 | 2164 | }, { |
2143 | 2165 | .alg = "sha512", |
2144 | 2166 | .test = alg_test_hash, |
2167 | + .fips_allowed = 1, | |
2145 | 2168 | .suite = { |
2146 | 2169 | .hash = { |
2147 | 2170 | .vecs = sha512_tv_template, |