23 Feb, 2017
1 commit
-
Because the old rfc4543 implementation always injected an IV into
the AD, while the new one does not, we have to disable the test
while it is converted over to the new AEAD interface.Signed-off-by: Herbert Xu
02 Oct, 2016
1 commit
-
Add a guard to 'state' buffer and warn if its consistency after
call to crypto_ahash_export() changes, so that any write that
goes beyond advertised statesize (and thus causing potential
memory corruption [1]) is more visible.[1] https://marc.info/?l=linux-crypto-vger&m=147467656516085
Signed-off-by: Jan Stancek
Cc: Herbert Xu
Cc: Marcelo Cerri
Signed-off-by: Herbert Xu
31 Aug, 2016
1 commit
-
In FIPS mode, additional restrictions may apply. If these restrictions
are violated, the kernel will panic(). This patch allows test vectors
for symmetric ciphers to be marked as to be skipped in FIPS mode.Together with the patch, the XTS test vectors where the AES key is
identical to the tweak key is disabled in FIPS mode. This test vector
violates the FIPS requirement that both keys must be different.Reported-by: Tapas Sarangi
Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
09 Aug, 2016
1 commit
-
"if (!ret == template[i].fail)" is confusing to compilers (gcc5):
crypto/testmgr.c: In function '__test_aead':
crypto/testmgr.c:531:12: warning: logical not is only applied to the
left hand side of comparison [-Wlogical-not-parentheses]
if (!ret == template[i].fail) {
^Let there be 'if (template[i].fail == !ret) '.
Signed-off-by: Yanjiang Jin
Signed-off-by: Herbert Xu
19 Jul, 2016
1 commit
-
When an akcipher test fails, we don't know which algorithm failed
because the name is not printed. This patch fixes this.Signed-off-by: Herbert Xu
05 Jul, 2016
1 commit
-
Report correct error in case of failure
Signed-off-by: Salvatore Benedetto
Signed-off-by: Herbert Xu
01 Jul, 2016
2 commits
-
This patch adds HMAC-SHA3 test modes in tcrypt module
and related test vectors.Signed-off-by: Raveendra Padasalagi
Signed-off-by: Herbert Xu -
This patch allows RSA implementations to produce output with
leading zeroes. testmgr will skip leading zeroes when comparing
the output.This patch also tries to make the RSA test function generic enough
to potentially handle other akcipher algorithms.Signed-off-by: Herbert Xu
23 Jun, 2016
2 commits
-
* Implement ECDH under kpp API
* Provide ECC software support for curve P-192 and
P-256.
* Add kpp test for ECDH with data generated by OpenSSLSigned-off-by: Salvatore Benedetto
Signed-off-by: Herbert Xu -
* Implement MPI based Diffie-Hellman under kpp API
* Test provided uses data generad by OpenSSLSigned-off-by: Salvatore Benedetto
Signed-off-by: Herbert Xu
20 Jun, 2016
1 commit
-
Added support for SHA-3 algorithm test's
in tcrypt module and related test vectors.Signed-off-by: Raveendra Padasalagi
Signed-off-by: Herbert Xu
18 May, 2016
1 commit
-
Pull crypto update from Herbert Xu:
"API:- Crypto self tests can now be disabled at boot/run time.
- Add async support to algif_aead.Algorithms:
- A large number of fixes to MPI from Nicolai Stange.
- Performance improvement for HMAC DRBG.Drivers:
- Use generic crypto engine in omap-des.
- Merge ppc4xx-rng and crypto4xx drivers.
- Fix lockups in sun4i-ss driver by disabling IRQs.
- Add DMA engine support to ccp.
- Reenable talitos hash algorithms.
- Add support for Hisilicon SoC RNG.
- Add basic crypto driver for the MXC SCC.Others:
- Do not allocate crypto hash tfm in NORECLAIM context in ecryptfs"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (77 commits)
crypto: qat - change the adf_ctl_stop_devices to void
crypto: caam - fix caam_jr_alloc() ret code
crypto: vmx - comply with ABIs that specify vrsave as reserved.
crypto: testmgr - Add a flag allowing the self-tests to be disabled at runtime.
crypto: ccp - constify ccp_actions structure
crypto: marvell/cesa - Use dma_pool_zalloc
crypto: qat - make adf_vf_isr.c dependant on IOV config
crypto: qat - Fix typo in comments
lib: asn1_decoder - add MODULE_LICENSE("GPL")
crypto: omap-sham - Use dma_request_chan() for requesting DMA channel
crypto: omap-des - Use dma_request_chan() for requesting DMA channel
crypto: omap-aes - Use dma_request_chan() for requesting DMA channel
crypto: omap-des - Integrate with the crypto engine framework
crypto: s5p-sss - fix incorrect usage of scatterlists api
crypto: s5p-sss - Fix missed interrupts when working with 8 kB blocks
crypto: s5p-sss - Use common BIT macro
crypto: mxc-scc - fix unwinding in mxc_scc_crypto_register()
crypto: mxc-scc - signedness bugs in mxc_scc_ablkcipher_req_init()
crypto: talitos - fix ahash algorithms registration
crypto: ccp - Ensure all dependencies are specified
...
09 May, 2016
1 commit
-
As akcipher uses an SG interface, you must not use vmalloc memory
as input for it. This patch fixes testmgr to copy the vmalloc
test vectors to kmalloc memory before running the test.This patch also removes a superfluous sg_virt call in do_test_rsa.
Cc:
Reported-by: Anatoly Pugachev
Signed-off-by: Herbert Xu
05 May, 2016
1 commit
-
Running self-tests for a short-lived KVM VM takes 28ms on my laptop.
This commit adds a flag 'cryptomgr.notests' which allows them to be
disabled.However if fips=1 as well, we ignore this flag as FIPS mode mandates
that the self-tests are run.Signed-off-by: Richard W.M. Jones
Signed-off-by: Herbert Xu
28 Feb, 2016
1 commit
-
RFC 3686 CTR in various authenc methods.
rfc3686(ctr(aes)) is already marked fips compliant,
so these should be fine.Signed-off-by: Marcus Meissner
Acked-by: Stephan Mueller
Signed-off-by: Herbert Xu
17 Feb, 2016
1 commit
-
(2nd try that adds missing , to build.)
Signed-off-by: Marcus Meissner
Signed-off-by: Herbert Xu
06 Feb, 2016
3 commits
-
Some more authenc() wrapped algorithms are FIPS compliant, tag
them as such.Signed-off-by: Marcus Meissner
Acked-by: Stephan Mueller
Signed-off-by: Herbert Xu -
__test_aead() reads MAX_IVLEN bytes from template[i].iv, but the
actual length of the initialisation vector can be shorter.
The length of the IV is already calculated earlier in the
function. Let's just reuses that. Also the IV length is currently
calculated several time for no reason. Let's fix that too.
This fix an out-of-bound error detected by KASan.Signed-off-by: Jerome Marchand
Signed-off-by: Herbert Xu -
Modify __test_hash() so that hash import/export can be tested
from within the kernel. The test is unconditionally done when
a struct hash_testvec has its .np > 1.v3: make the test unconditional
v2: Leverage template[i].np as suggested by Tim ChenSigned-off-by: Rui Wang
Signed-off-by: Herbert Xu
27 Jan, 2016
1 commit
-
It is unused now, so remove it.
Signed-off-by: Joonsoo Kim
Signed-off-by: Herbert Xu
25 Jan, 2016
1 commit
-
As per update of the FIPS 140-2 Annex C supported by SP800-131A, the
ANSI X9.31 DRNG is not an allowed cipher in FIPS mode any more.CC: Neil Horman
Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
15 Oct, 2015
2 commits
-
The testmanager code for symmetric ciphers is extended to allow
verification of the IV after a cipher operation.In addition, test vectors for kw(aes) for encryption and decryption are
added.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu -
The crypto drivers are supposed to update the IV passed to the crypto
request before calling the completion callback.
Test for the IV value before considering the test as successful.Signed-off-by: Boris Brezillon
Signed-off-by: Herbert Xu
14 Oct, 2015
1 commit
-
Setkey function has been split into set_priv_key and set_pub_key.
Akcipher requests takes sgl for src and dst instead of void *.
Users of the API i.e. two existing RSA implementation and
test mgr code have been updated accordingly.Signed-off-by: Tadeusz Struk
Signed-off-by: Herbert Xu
01 Oct, 2015
1 commit
-
No authenc() ciphers are FIPS approved, nor is ecb(des).
After the end of 2015, ansi_cprng will also be non-approved.Signed-off-by: John Haxby
Acked-by: Stephan Mueller
Signed-off-by: Herbert Xu
11 Sep, 2015
1 commit
-
While the destination buffer 'iv' is MAX_IVLEN size,
the source 'template[i].iv' could be smaller, thus
memcpy may read read invalid memory.
Use crypto_skcipher_ivsize() to get real ivsize
and pass it to memcpy.Signed-off-by: Andrey Ryabinin
Signed-off-by: Herbert Xu
21 Aug, 2015
1 commit
-
This patch replaces uses of blkcipher and ablkcipher with the
new skcipher interface.Signed-off-by: Herbert Xu
19 Aug, 2015
1 commit
-
CMAC is an approved cipher in FIPS 140-2. The patch allows the use
of CMAC with TDES and AES in FIPS mode.Signed-off-by: Stephan Mueller
Signed-off-by: Herbert Xu
04 Aug, 2015
2 commits
-
Now that all implementations of authenc have been converted we can
reenable the tests.Signed-off-by: Herbert Xu
-
This patch disables the authenc tests while the conversion to the
new IV calling convention takes place. It also replaces the authenc
test vectors with ones that will work with the new IV convention.Signed-off-by: Herbert Xu
17 Jul, 2015
2 commits
-
Now that all implementations of rfc4309 have been converted we can
reenable the test.Signed-off-by: Herbert Xu
-
This patch disables the rfc4309 test while the conversion to the
new seqiv calling convention takes place. It also replaces the
rfc4309 test vectors with ones that will work with the new IV
convention.Signed-off-by: Herbert Xu
14 Jul, 2015
2 commits
-
Now that all implementations of rfc4106 have been converted we can
reenable the test.Signed-off-by: Herbert Xu
-
This patch disables the rfc4106 test while the conversion to the
new seqiv calling convention takes place. It also converts the
rfc4106 test vectors to the new format.Signed-off-by: Herbert Xu
25 Jun, 2015
1 commit
-
Don't print info about missing test for the internal
helper __driver-gcm-aes-aesnichanges in v2:
- marked test as fips allowedSigned-off-by: Tadeusz Struk
Signed-off-by: Herbert Xu
17 Jun, 2015
3 commits
-
New test vectors for RSA algorithm.
Signed-off-by: Tadeusz Struk
Signed-off-by: Herbert Xu -
This reverts commit 9b9f9296a7b73fbafe0a0a6f2494eaadd97f9f73 as
all in-kernel implementations of GCM have been converted to the
new AEAD interface, meaning that they should now pass the updated
rfc4543 test.Signed-off-by: Herbert Xu
-
Because the old rfc4543 implementation always injected an IV into
the AD, while the new one does not, we have to disable the test
while it is converted over to the new AEAD interface.Signed-off-by: Herbert Xu
04 Jun, 2015
2 commits
-
Signed-off-by: Martin Willi
Acked-by: Steffen Klassert
Signed-off-by: Herbert Xu -
Signed-off-by: Martin Willi
Acked-by: Steffen Klassert
Signed-off-by: Herbert Xu