Commit a1915d51e8e7ee192d2101d621d425379088cbb0
Committed by
Herbert Xu
Herbert Xu
1 parent
f7cb80f2b9
Exists in
master
and in
4 other branches
crypto: testmgr - Mark algs allowed in fips mode
Set the fips_allowed flag in testmgr.c's alg_test_descs[] for algs that are allowed to be used when in fips mode. One caveat: des isn't actually allowed anymore, but des (and thus also ecb(des)) has to be permitted, because disallowing them results in des3_ede being unable to properly register (see des module init func). Also, crc32 isn't technically on the fips approved list, but I think it gets used in various places that necessitate it being allowed. This list is based on http://csrc.nist.gov/groups/STM/cavp/index.html Important note: allowed/approved here does NOT mean "validated", just that its an alg that *could* be validated. Signed-off-by: Jarod Wilson <jarod@redhat.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Showing 1 changed file with 23 additions and 0 deletions Side-by-side Diff
crypto/testmgr.c
| ... | ... | @@ -94,6 +94,7 @@ |
| 94 | 94 | const char *alg; |
| 95 | 95 | int (*test)(const struct alg_test_desc *desc, const char *driver, |
| 96 | 96 | u32 type, u32 mask); |
| 97 | + int fips_allowed; /* set if alg is allowed in fips mode */ | |
| 97 | 98 | |
| 98 | 99 | union { |
| 99 | 100 | struct aead_test_suite aead; |
| ... | ... | @@ -1432,6 +1433,7 @@ |
| 1432 | 1433 | { |
| 1433 | 1434 | .alg = "ansi_cprng", |
| 1434 | 1435 | .test = alg_test_cprng, |
| 1436 | + .fips_allowed = 1, | |
| 1435 | 1437 | .suite = { |
| 1436 | 1438 | .cprng = { |
| 1437 | 1439 | .vecs = ansi_cprng_aes_tv_template, |
| ... | ... | @@ -1441,6 +1443,7 @@ |
| 1441 | 1443 | }, { |
| 1442 | 1444 | .alg = "cbc(aes)", |
| 1443 | 1445 | .test = alg_test_skcipher, |
| 1446 | + .fips_allowed = 1, | |
| 1444 | 1447 | .suite = { |
| 1445 | 1448 | .cipher = { |
| 1446 | 1449 | .enc = { |
| ... | ... | @@ -1516,6 +1519,7 @@ |
| 1516 | 1519 | }, { |
| 1517 | 1520 | .alg = "cbc(des3_ede)", |
| 1518 | 1521 | .test = alg_test_skcipher, |
| 1522 | + .fips_allowed = 1, | |
| 1519 | 1523 | .suite = { |
| 1520 | 1524 | .cipher = { |
| 1521 | 1525 | .enc = { |
| ... | ... | @@ -1546,6 +1550,7 @@ |
| 1546 | 1550 | }, { |
| 1547 | 1551 | .alg = "ccm(aes)", |
| 1548 | 1552 | .test = alg_test_aead, |
| 1553 | + .fips_allowed = 1, | |
| 1549 | 1554 | .suite = { |
| 1550 | 1555 | .aead = { |
| 1551 | 1556 | .enc = { |
| ... | ... | @@ -1561,6 +1566,7 @@ |
| 1561 | 1566 | }, { |
| 1562 | 1567 | .alg = "crc32c", |
| 1563 | 1568 | .test = alg_test_crc32c, |
| 1569 | + .fips_allowed = 1, | |
| 1564 | 1570 | .suite = { |
| 1565 | 1571 | .hash = { |
| 1566 | 1572 | .vecs = crc32c_tv_template, |
| ... | ... | @@ -1570,6 +1576,7 @@ |
| 1570 | 1576 | }, { |
| 1571 | 1577 | .alg = "ctr(aes)", |
| 1572 | 1578 | .test = alg_test_skcipher, |
| 1579 | + .fips_allowed = 1, | |
| 1573 | 1580 | .suite = { |
| 1574 | 1581 | .cipher = { |
| 1575 | 1582 | .enc = { |
| ... | ... | @@ -1615,6 +1622,7 @@ |
| 1615 | 1622 | }, { |
| 1616 | 1623 | .alg = "ecb(aes)", |
| 1617 | 1624 | .test = alg_test_skcipher, |
| 1625 | + .fips_allowed = 1, | |
| 1618 | 1626 | .suite = { |
| 1619 | 1627 | .cipher = { |
| 1620 | 1628 | .enc = { |
| ... | ... | @@ -1720,6 +1728,7 @@ |
| 1720 | 1728 | }, { |
| 1721 | 1729 | .alg = "ecb(des)", |
| 1722 | 1730 | .test = alg_test_skcipher, |
| 1731 | + .fips_allowed = 1, | |
| 1723 | 1732 | .suite = { |
| 1724 | 1733 | .cipher = { |
| 1725 | 1734 | .enc = { |
| ... | ... | @@ -1735,6 +1744,7 @@ |
| 1735 | 1744 | }, { |
| 1736 | 1745 | .alg = "ecb(des3_ede)", |
| 1737 | 1746 | .test = alg_test_skcipher, |
| 1747 | + .fips_allowed = 1, | |
| 1738 | 1748 | .suite = { |
| 1739 | 1749 | .cipher = { |
| 1740 | 1750 | .enc = { |
| ... | ... | @@ -1870,6 +1880,7 @@ |
| 1870 | 1880 | }, { |
| 1871 | 1881 | .alg = "gcm(aes)", |
| 1872 | 1882 | .test = alg_test_aead, |
| 1883 | + .fips_allowed = 1, | |
| 1873 | 1884 | .suite = { |
| 1874 | 1885 | .aead = { |
| 1875 | 1886 | .enc = { |
| ... | ... | @@ -1912,6 +1923,7 @@ |
| 1912 | 1923 | }, { |
| 1913 | 1924 | .alg = "hmac(sha1)", |
| 1914 | 1925 | .test = alg_test_hash, |
| 1926 | + .fips_allowed = 1, | |
| 1915 | 1927 | .suite = { |
| 1916 | 1928 | .hash = { |
| 1917 | 1929 | .vecs = hmac_sha1_tv_template, |
| ... | ... | @@ -1921,6 +1933,7 @@ |
| 1921 | 1933 | }, { |
| 1922 | 1934 | .alg = "hmac(sha224)", |
| 1923 | 1935 | .test = alg_test_hash, |
| 1936 | + .fips_allowed = 1, | |
| 1924 | 1937 | .suite = { |
| 1925 | 1938 | .hash = { |
| 1926 | 1939 | .vecs = hmac_sha224_tv_template, |
| ... | ... | @@ -1930,6 +1943,7 @@ |
| 1930 | 1943 | }, { |
| 1931 | 1944 | .alg = "hmac(sha256)", |
| 1932 | 1945 | .test = alg_test_hash, |
| 1946 | + .fips_allowed = 1, | |
| 1933 | 1947 | .suite = { |
| 1934 | 1948 | .hash = { |
| 1935 | 1949 | .vecs = hmac_sha256_tv_template, |
| ... | ... | @@ -1939,6 +1953,7 @@ |
| 1939 | 1953 | }, { |
| 1940 | 1954 | .alg = "hmac(sha384)", |
| 1941 | 1955 | .test = alg_test_hash, |
| 1956 | + .fips_allowed = 1, | |
| 1942 | 1957 | .suite = { |
| 1943 | 1958 | .hash = { |
| 1944 | 1959 | .vecs = hmac_sha384_tv_template, |
| ... | ... | @@ -1948,6 +1963,7 @@ |
| 1948 | 1963 | }, { |
| 1949 | 1964 | .alg = "hmac(sha512)", |
| 1950 | 1965 | .test = alg_test_hash, |
| 1966 | + .fips_allowed = 1, | |
| 1951 | 1967 | .suite = { |
| 1952 | 1968 | .hash = { |
| 1953 | 1969 | .vecs = hmac_sha512_tv_template, |
| ... | ... | @@ -2029,6 +2045,7 @@ |
| 2029 | 2045 | }, { |
| 2030 | 2046 | .alg = "rfc3686(ctr(aes))", |
| 2031 | 2047 | .test = alg_test_skcipher, |
| 2048 | + .fips_allowed = 1, | |
| 2032 | 2049 | .suite = { |
| 2033 | 2050 | .cipher = { |
| 2034 | 2051 | .enc = { |
| ... | ... | @@ -2044,6 +2061,7 @@ |
| 2044 | 2061 | }, { |
| 2045 | 2062 | .alg = "rfc4309(ccm(aes))", |
| 2046 | 2063 | .test = alg_test_aead, |
| 2064 | + .fips_allowed = 1, | |
| 2047 | 2065 | .suite = { |
| 2048 | 2066 | .aead = { |
| 2049 | 2067 | .enc = { |
| ... | ... | @@ -2106,6 +2124,7 @@ |
| 2106 | 2124 | }, { |
| 2107 | 2125 | .alg = "sha1", |
| 2108 | 2126 | .test = alg_test_hash, |
| 2127 | + .fips_allowed = 1, | |
| 2109 | 2128 | .suite = { |
| 2110 | 2129 | .hash = { |
| 2111 | 2130 | .vecs = sha1_tv_template, |
| ... | ... | @@ -2115,6 +2134,7 @@ |
| 2115 | 2134 | }, { |
| 2116 | 2135 | .alg = "sha224", |
| 2117 | 2136 | .test = alg_test_hash, |
| 2137 | + .fips_allowed = 1, | |
| 2118 | 2138 | .suite = { |
| 2119 | 2139 | .hash = { |
| 2120 | 2140 | .vecs = sha224_tv_template, |
| ... | ... | @@ -2124,6 +2144,7 @@ |
| 2124 | 2144 | }, { |
| 2125 | 2145 | .alg = "sha256", |
| 2126 | 2146 | .test = alg_test_hash, |
| 2147 | + .fips_allowed = 1, | |
| 2127 | 2148 | .suite = { |
| 2128 | 2149 | .hash = { |
| 2129 | 2150 | .vecs = sha256_tv_template, |
| ... | ... | @@ -2133,6 +2154,7 @@ |
| 2133 | 2154 | }, { |
| 2134 | 2155 | .alg = "sha384", |
| 2135 | 2156 | .test = alg_test_hash, |
| 2157 | + .fips_allowed = 1, | |
| 2136 | 2158 | .suite = { |
| 2137 | 2159 | .hash = { |
| 2138 | 2160 | .vecs = sha384_tv_template, |
| ... | ... | @@ -2142,6 +2164,7 @@ |
| 2142 | 2164 | }, { |
| 2143 | 2165 | .alg = "sha512", |
| 2144 | 2166 | .test = alg_test_hash, |
| 2167 | + .fips_allowed = 1, | |
| 2145 | 2168 | .suite = { |
| 2146 | 2169 | .hash = { |
| 2147 | 2170 | .vecs = sha512_tv_template, |