AES-CMAC is a FIPS allowed algorithm, and fips140.ko already has
arm64 implementations of it. Meanwhile, GKI includes both these arm64
implementations as well as the "cmac" template. Add the "cmac" template
to fips140.ko too and add a self-test for AES-CMAC, so that we can
include AES-CMAC in the set of algorithms which will be certified.
As with a number of the other algorithms, the criteria for which
algorithms need to be in the certified set are still not particularly
clear, but the latest guidance we've received is to error on the side of
including algorithms.
Bug: 153614920
Bug: 188620248
Change-Id: I6c1d9281fe848a7101d5ef94ab48e5a41bbcc6f8
Signed-off-by: Eric Biggers <ebiggers@google.com>
(cherry picked from commit 038dc9f2cc956cab561bd9d50120920010867b75)
By using the initial_value parameter when creating the pycryptodome
AES-CTR instance, we can use any 16-byte IV, like the other AES modes.
Therefore, there's no need for the last 4 bytes of the IV to be 0.
This doesn't really matter, but it seems nice to avoid this quirk.
Bug: 153614920
Bug: 188620248
Change-Id: If33de260b1119f2b3e004164199b08364781ab23
Signed-off-by: Eric Biggers <ebiggers@google.com>
(cherry picked from commit fa5a44b364374dd3ed53215b9edf47ffee8a1a82)
Make fips140.ko run a suite of known answer self-tests at load time to
demonstrate the correct operation of cryptographic functionality, as
required by FIPS 140-2/3 and NIAP FPT_TST_EXT.1.1.
Bug: 153614920
Bug: 173104584
Bug: 188620248
Test: Built and loaded fips140.ko on a HiKey960, and on a Pixel device.
Change-Id: I38e5c8052ff57ddfe44624beb626d38b7706b0a4
Co-developed-by: Elena Petrova <lenaptr@google.com>
Signed-off-by: Elena Petrova <lenaptr@google.com>
[ebiggers: Rewrote most of lenaptr@'s original patch. Added some
missing tests, removed some unnecessary tests in accordance with the
FIPS 140-2 IG, changed most test vectors and added a script to generate
them, removed an unnecessary kconfig option, changed implementation of
error injection, and many other improvements.]
Signed-off-by: Eric Biggers <ebiggers@google.com>
[ardb: add generation of AES-CTR test vector and the associated runtime
selftest]
Signed-off-by: Ard Biesheuvel <ardb@google.com>
The directory tools/crypto and the only file under it never gets
built anywhere. This program should instead be incorporated into
one of the existing user-space projects, crconf or libkcapi.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Since now all crypto stats are on their own structures, it is now
useless to have the algorithm name in the err_cnt member.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch converts the getstat example tool to the recent changes done in crypto_user_stat
- changed all stats to u64
- separated struct stats for each crypto alg
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds an userspace tool for displaying kernel crypto API
statistics.
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
