summaryrefslogtreecommitdiff
path: root/crypto/testmgr.c
AgeCommit message (Collapse)Author
2016-10-02crypto: testmgr - add guard to dst buffer for ahash_exportJan Stancek
Add a guard to 'state' buffer and warn if its consistency after call to crypto_ahash_export() changes, so that any write that goes beyond advertised statesize (and thus causing potential memory corruption [1]) is more visible. [1] https://marc.info/?l=linux-crypto-vger&m=147467656516085 Signed-off-by: Jan Stancek <jstancek@redhat.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Marcelo Cerri <marcelo.cerri@canonical.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-08-31crypto: FIPS - allow tests to be disabled in FIPS modeStephan Mueller
In FIPS mode, additional restrictions may apply. If these restrictions are violated, the kernel will panic(). This patch allows test vectors for symmetric ciphers to be marked as to be skipped in FIPS mode. Together with the patch, the XTS test vectors where the AES key is identical to the tweak key is disabled in FIPS mode. This test vector violates the FIPS requirement that both keys must be different. Reported-by: Tapas Sarangi <TSarangi@trustwave.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-08-09crypto: testmgr - fix !x==y confusionYanjiang Jin
"if (!ret == template[i].fail)" is confusing to compilers (gcc5): crypto/testmgr.c: In function '__test_aead': crypto/testmgr.c:531:12: warning: logical not is only applied to the left hand side of comparison [-Wlogical-not-parentheses] if (!ret == template[i].fail) { ^ Let there be 'if (template[i].fail == !ret) '. Signed-off-by: Yanjiang Jin <yanjiang.jin@windriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-07-19crypto: testmgr - Print akcipher algorithm nameHerbert Xu
When an akcipher test fails, we don't know which algorithm failed because the name is not printed. This patch fixes this. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-07-05crypto: testmgr - Set err before proceedingSalvatore Benedetto
Report correct error in case of failure Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-07-01crypto: sha3 - Add HMAC-SHA3 test modes and test vectorsraveendra padasalagi
This patch adds HMAC-SHA3 test modes in tcrypt module and related test vectors. Signed-off-by: Raveendra Padasalagi <raveendra.padasalagi@broadcom.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-07-01crypto: testmgr - Allow leading zeros in RSAHerbert Xu
This patch allows RSA implementations to produce output with leading zeroes. testmgr will skip leading zeroes when comparing the output. This patch also tries to make the RSA test function generic enough to potentially handle other akcipher algorithms. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-23crypto: ecdh - Add ECDH software supportSalvatore Benedetto
* Implement ECDH under kpp API * Provide ECC software support for curve P-192 and P-256. * Add kpp test for ECDH with data generated by OpenSSL Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-23crypto: dh - Add DH software implementationSalvatore Benedetto
* Implement MPI based Diffie-Hellman under kpp API * Test provided uses data generad by OpenSSL Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-06-20crypto: sha3 - Add SHA-3 Test's in tcryptraveendra padasalagi
Added support for SHA-3 algorithm test's in tcrypt module and related test vectors. Signed-off-by: Raveendra Padasalagi <raveendra.padasalagi@broadcom.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-05-17Merge branch 'linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto update from Herbert Xu: "API: - Crypto self tests can now be disabled at boot/run time. - Add async support to algif_aead. Algorithms: - A large number of fixes to MPI from Nicolai Stange. - Performance improvement for HMAC DRBG. Drivers: - Use generic crypto engine in omap-des. - Merge ppc4xx-rng and crypto4xx drivers. - Fix lockups in sun4i-ss driver by disabling IRQs. - Add DMA engine support to ccp. - Reenable talitos hash algorithms. - Add support for Hisilicon SoC RNG. - Add basic crypto driver for the MXC SCC. Others: - Do not allocate crypto hash tfm in NORECLAIM context in ecryptfs" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (77 commits) crypto: qat - change the adf_ctl_stop_devices to void crypto: caam - fix caam_jr_alloc() ret code crypto: vmx - comply with ABIs that specify vrsave as reserved. crypto: testmgr - Add a flag allowing the self-tests to be disabled at runtime. crypto: ccp - constify ccp_actions structure crypto: marvell/cesa - Use dma_pool_zalloc crypto: qat - make adf_vf_isr.c dependant on IOV config crypto: qat - Fix typo in comments lib: asn1_decoder - add MODULE_LICENSE("GPL") crypto: omap-sham - Use dma_request_chan() for requesting DMA channel crypto: omap-des - Use dma_request_chan() for requesting DMA channel crypto: omap-aes - Use dma_request_chan() for requesting DMA channel crypto: omap-des - Integrate with the crypto engine framework crypto: s5p-sss - fix incorrect usage of scatterlists api crypto: s5p-sss - Fix missed interrupts when working with 8 kB blocks crypto: s5p-sss - Use common BIT macro crypto: mxc-scc - fix unwinding in mxc_scc_crypto_register() crypto: mxc-scc - signedness bugs in mxc_scc_ablkcipher_req_init() crypto: talitos - fix ahash algorithms registration crypto: ccp - Ensure all dependencies are specified ...
2016-05-09crypto: testmgr - Use kmalloc memory for RSA inputHerbert Xu
As akcipher uses an SG interface, you must not use vmalloc memory as input for it. This patch fixes testmgr to copy the vmalloc test vectors to kmalloc memory before running the test. This patch also removes a superfluous sg_virt call in do_test_rsa. Cc: <stable@vger.kernel.org> Reported-by: Anatoly Pugachev <matorola@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-05-05crypto: testmgr - Add a flag allowing the self-tests to be disabled at runtime.Richard W.M. Jones
Running self-tests for a short-lived KVM VM takes 28ms on my laptop. This commit adds a flag 'cryptomgr.notests' which allows them to be disabled. However if fips=1 as well, we ignore this flag as FIPS mode mandates that the self-tests are run. Signed-off-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-27crypto: testmgr - allow rfc3686 aes-ctr variants in fips mode.Marcus Meissner
RFC 3686 CTR in various authenc methods. rfc3686(ctr(aes)) is already marked fips compliant, so these should be fine. Signed-off-by: Marcus Meissner <meissner@suse.de> Acked-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-16crypto: testmgr - mark authenticated ctr(aes) also as FIPS ableMarcus Meissner
(2nd try that adds missing , to build.) Signed-off-by: Marcus Meissner <meissner@suse.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: testmgr - mark more algorithms as FIPS compliantMarcus Meissner
Some more authenc() wrapped algorithms are FIPS compliant, tag them as such. Signed-off-by: Marcus Meissner <meissner@suse.de> Acked-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: testmgr - fix out of bound read in __test_aead()Jerome Marchand
__test_aead() reads MAX_IVLEN bytes from template[i].iv, but the actual length of the initialisation vector can be shorter. The length of the IV is already calculated earlier in the function. Let's just reuses that. Also the IV length is currently calculated several time for no reason. Let's fix that too. This fix an out-of-bound error detected by KASan. Signed-off-by: Jerome Marchand <jmarchan@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-02-06crypto: testmgr - Add a test case for import()/export()Wang, Rui Y
Modify __test_hash() so that hash import/export can be tested from within the kernel. The test is unconditionally done when a struct hash_testvec has its .np > 1. v3: make the test unconditional v2: Leverage template[i].np as suggested by Tim Chen Signed-off-by: Rui Wang <rui.y.wang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-01-27crypto: compress - remove unused pcomp interfaceJoonsoo Kim
It is unused now, so remove it. Signed-off-by: Joonsoo Kim <iamjoonsoo.kim@lge.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-01-25crypto: ansi_cprng - ANSI X9.31 DRNG is not allowed in FIPS 140-2Stephan Mueller
As per update of the FIPS 140-2 Annex C supported by SP800-131A, the ANSI X9.31 DRNG is not an allowed cipher in FIPS mode any more. CC: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-15crypto: keywrap - add testmgr supportStephan Mueller
The testmanager code for symmetric ciphers is extended to allow verification of the IV after a cipher operation. In addition, test vectors for kw(aes) for encryption and decryption are added. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-15crypto: testmgr - test IV value after a cipher operationBoris BREZILLON
The crypto drivers are supposed to update the IV passed to the crypto request before calling the completion callback. Test for the IV value before considering the test as successful. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-14crypto: akcipher - Changes to asymmetric key APITadeusz Struk
Setkey function has been split into set_priv_key and set_pub_key. Akcipher requests takes sgl for src and dst instead of void *. Users of the API i.e. two existing RSA implementation and test mgr code have been updated accordingly. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-10-01crypto: testmgr - Disable fips-allowed for authenc() and des() ciphersJohn Haxby
No authenc() ciphers are FIPS approved, nor is ecb(des). After the end of 2015, ansi_cprng will also be non-approved. Signed-off-by: John Haxby <john.haxby@oracle.com> Acked-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-09-11crypto: testmgr - don't copy from source IV too muchAndrey Ryabinin
While the destination buffer 'iv' is MAX_IVLEN size, the source 'template[i].iv' could be smaller, thus memcpy may read read invalid memory. Use crypto_skcipher_ivsize() to get real ivsize and pass it to memcpy. Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-08-21crypto: testmgr - Use new skcipher interfaceHerbert Xu
This patch replaces uses of blkcipher and ablkcipher with the new skcipher interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-08-19crypto: cmac - allow usage in FIPS modeStephan Mueller
CMAC is an approved cipher in FIPS 140-2. The patch allows the use of CMAC with TDES and AES in FIPS mode. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-08-04crypto: testmgr - Reenable authenc testsHerbert Xu
Now that all implementations of authenc have been converted we can reenable the tests. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-08-04crypto: testmgr - Disable authenc test and convert test vectorsHerbert Xu
This patch disables the authenc tests while the conversion to the new IV calling convention takes place. It also replaces the authenc test vectors with ones that will work with the new IV convention. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-07-17crypto: testmgr - Reenable rfc4309 testHerbert Xu
Now that all implementations of rfc4309 have been converted we can reenable the test. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-07-17crypto: testmgr - Disable rfc4309 test and convert test vectorsHerbert Xu
This patch disables the rfc4309 test while the conversion to the new seqiv calling convention takes place. It also replaces the rfc4309 test vectors with ones that will work with the new IV convention. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-07-14crypto: testmgr - Reenable rfc4106 testHerbert Xu
Now that all implementations of rfc4106 have been converted we can reenable the test. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-07-14crypto: testmgr - Disable rfc4106 test and convert test vectorsHerbert Xu
This patch disables the rfc4106 test while the conversion to the new seqiv calling convention takes place. It also converts the rfc4106 test vectors to the new format. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-25crypto: testmgr - don't print info about missing test for gcm-aes-aesniTadeusz Struk
Don't print info about missing test for the internal helper __driver-gcm-aes-aesni changes in v2: - marked test as fips allowed Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-17crypto: testmgr - add tests vectors for RSATadeusz Struk
New test vectors for RSA algorithm. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-17Revert "crypto: testmgr - Disable rfc4543 test"Herbert Xu
This reverts commit 9b9f9296a7b73fbafe0a0a6f2494eaadd97f9f73 as all in-kernel implementations of GCM have been converted to the new AEAD interface, meaning that they should now pass the updated rfc4543 test. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-17crypto: testmgr - Disable rfc4543 testHerbert Xu
Because the old rfc4543 implementation always injected an IV into the AD, while the new one does not, we have to disable the test while it is converted over to the new AEAD interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-04crypto: testmgr - Add draft-ietf-ipsecme-chacha20-poly1305 test vectorMartin Willi
Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-04crypto: testmgr - Add ChaCha20-Poly1305 test vectors from RFC7539Martin Willi
Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-04crypto: testmgr - Add Poly1305 test vectors from RFC7539Martin Willi
Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-06-04crypto: testmgr - Add ChaCha20 test vectors from RFC7539Martin Willi
We explicitly set the Initial block Counter by prepending it to the nonce in Little Endian. The same test vector is used for both encryption and decryption, ChaCha20 is a cipher XORing a keystream. Signed-off-by: Martin Willi <martin@strongswan.org> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-28crypto: testmgr - Switch to new AEAD interfaceHerbert Xu
This patch makes use of the new AEAD interface which uses a single SG list instead of separate lists for the AD and plain text. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-27crypto: jitterentropy - add jitterentropy RNGStephan Mueller
The CPU Jitter RNG provides a source of good entropy by collecting CPU executing time jitter. The entropy in the CPU execution time jitter is magnified by the CPU Jitter Random Number Generator. The CPU Jitter Random Number Generator uses the CPU execution timing jitter to generate a bit stream which complies with different statistical measurements that determine the bit stream is random. The CPU Jitter Random Number Generator delivers entropy which follows information theoretical requirements. Based on these studies and the implementation, the caller can assume that one bit of data extracted from the CPU Jitter Random Number Generator holds one bit of entropy. The CPU Jitter Random Number Generator provides a decentralized source of entropy, i.e. every caller can operate on a private state of the entropy pool. The RNG does not have any dependencies on any other service in the kernel. The RNG only needs a high-resolution time stamp. Further design details, the cryptographic assessment and large array of test results are documented at http://www.chronox.de/jent.html. CC: Andreas Steffen <andreas.steffen@strongswan.org> CC: Theodore Ts'o <tytso@mit.edu> CC: Sandy Harris <sandyinchina@gmail.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-05-11crypto: testmgr - add test cases for CRC32Ard Biesheuvel
This adds a couple of test cases for CRC32 (not CRC32c) to ensure that the generic and arch specific implementations are in sync. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Steve Capper <steve.capper@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-04-23crypto: testmgr - Include crypto/aead.hHerbert Xu
All users of AEAD should include crypto/aead.h instead of include/linux/crypto.h. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: David S. Miller <davem@davemloft.net>
2015-04-23crypto: testmgr - Include linux/fips.h for fips_enabledHerbert Xu
All users of fips_enabled should include linux/fips.h directly instead of getting it through internal.h. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-03-31crypto: testmgr - use CRYPTO_ALG_INTERNALStephan Mueller
Allocate the ciphers irrespectively if they are marked as internal or not. As all ciphers, including the internal ciphers will be processed by the testmgr, it needs to be able to allocate those ciphers. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-03-13crypto: testmgr - fix RNG return code enforcementStephan Mueller
Due to the change to RNGs to always return zero in success case, the invocation of the RNGs in the test manager must be updated as otherwise the RNG self tests are not properly executed any more. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Alexander Bergmann <abergmann@suse.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-02-04crypto: testmgr - limit IV copy length in aead testsCristian Stoica
The working copy of IV is the same size as the transformation's IV. It is not necessary to copy more than that from the template since iv_len is usually less than MAX_IVLEN and the rest of the copied data is garbage. Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-01-26crypto: testmgr - mark rfc4106(gcm(aes)) as fips_allowedJarod Wilson
This gcm variant is popular for ipsec use, and there are folks who would like to use it while in fips mode. Mark it with fips_allowed=1 to facilitate that. CC: LKML <linux-kernel@vger.kernel.org> CC: Stephan Mueller <smueller@atsec.com> Signed-off-by: Jarod Wilson <jarod@redhat.com> Acked-by: Stephan Mueller <smueller@atsec.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>