github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-06 13:37:36 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
e07a663f5d
linux/crypto
History
Eric Biggers 109f31ac23 ANDROID: fips140: add userspace interface for evaluation testing 
The FIPS lab is required to test the service indicators and version
information services of the module, i.e. the
fips140_is_approved_service() and fips140_module_version() functions.
There are several ways we could support this:

- Implement the tests in the module ourselves.  However it's unclear
  that CMVP would allow this, and we would need the full list of tests,
  which could change over time depending on what the lab decides to do.

- Support the lab writing, building, and loading a custom kernel module
  (or a custom kernel image) that tests these functions.

- Provide a userspace interface to these services, restricted to builds
  with CONFIG_CRYPTO_FIPS140_MOD_EVAL_TESTING=y.  This would allow
  writing the tests in userspace, which would be much easier.

Implement the last solution, since it's the easier of the two solutions
that are "guaranteed" to be allowed.  Make the module register a char
device which supports some ioctls, one per function that needs to be
tested.  Also provide some sample userspace code in samples/crypto/.

Note: copy_to_user() would break the integrity check, so take some care
to exclude it.  This is allowed since this is non-production code.

Bug: 188620248
Change-Id: Ic256d9c5bd4d0c57ede88a3e3e76e89554909b38
Signed-off-by: Eric Biggers <ebiggers@google.com>
2021-11-23 18:02:43 +00:00
..
asymmetric_keys X.509: Fix crash caused by NULL pointer 2021-01-23 16:03:58 +01:00
async_tx async_xor: check src_offs is not NULL before updating it 2021-06-16 12:01:40 +02:00
842.c
acompress.c
adiantum.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
aead.c
aegis.h
aegis128-core.c
aegis128-neon-inner.c
aegis128-neon.c
aes_generic.c
aes_ti.c
af_alg.c
ahash.c
akcipher.c
algapi.c
algboss.c
algif_aead.c
algif_hash.c
algif_rng.c
algif_skcipher.c
ansi_cprng.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
anubis.c
api.c crypto: api - check for ERR pointers in crypto_destroy_tfm() 2021-05-11 14:47:16 +02:00
arc4.c
authenc.c
authencesn.c
blake2b_generic.c UPSTREAM: crypto: blake2b - update file comment 2021-02-23 08:06:20 +01:00
blake2s_generic.c UPSTREAM: crypto: blake2s - share the "shash" API boilerplate code 2021-02-23 08:06:19 +01:00
blowfish_common.c
blowfish_generic.c
camellia_generic.c
cast_common.c
cast5_generic.c
cast6_generic.c
cbc.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
ccm.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
cfb.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
chacha_generic.c
chacha20poly1305.c
cipher.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
cmac.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
compress.c
crc32_generic.c
crc32c_generic.c
crct10dif_common.c
crct10dif_generic.c
cryptd.c
crypto_engine.c
crypto_null.c
crypto_user_base.c
crypto_user_stat.c
ctr.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
cts.c
curve25519-generic.c
deflate.c
des_generic.c
dh_helper.c
dh.c
drbg.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
ecb.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
ecc_curve_defs.h
ecc.c
ecc.h
ecdh_helper.c crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() 2021-03-04 11:37:49 +01:00
ecdh.c
echainiv.c
ecrdsa_defs.h
ecrdsa_params.asn1
ecrdsa_pub_key.asn1
ecrdsa.c
essiv.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
fcrypt.c
fips.c
fips140_gen_hmac.c ANDROID: fips140: preserve RELA sections without relying on the module loader 2021-10-29 13:32:14 -07:00
fips140-alg-registration.c ANDROID: fips140: block crypto operations until tests complete 2021-10-29 13:32:14 -07:00
fips140-defs.h ANDROID: fips140: block crypto operations until tests complete 2021-10-29 13:32:14 -07:00
fips140-eval-testing-uapi.h ANDROID: fips140: add userspace interface for evaluation testing 2021-11-23 18:02:43 +00:00
fips140-eval-testing.c ANDROID: fips140: add userspace interface for evaluation testing 2021-11-23 18:02:43 +00:00
fips140-generated-testvecs.h ANDROID: fips140: add AES-CMAC 2021-10-29 13:32:13 -07:00
fips140-module.c ANDROID: fips140: add support for injecting integrity error 2021-11-23 18:02:33 +00:00
fips140-module.h ANDROID: fips140: add support for injecting integrity error 2021-11-23 18:02:33 +00:00
fips140-refs.S ANDROID: fips140: preserve RELA sections without relying on the module loader 2021-10-29 13:32:14 -07:00
fips140-selftests.c ANDROID: fips140: refactor evaluation testing support 2021-11-23 18:02:24 +00:00
gcm.c
geniv.c
gf128mul.c
ghash-generic.c
hash_info.c
hmac.c
internal.h
jitterentropy-kcapi.c
jitterentropy.c
jitterentropy.h
Kconfig ANDROID: fips140: refactor evaluation testing support 2021-11-23 18:02:24 +00:00
keywrap.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
khazad.c
kpp.c
lrw.c
lz4.c
lz4hc.c
lzo-rle.c
lzo.c
Makefile ANDROID: fips140: refactor evaluation testing support 2021-11-23 18:02:24 +00:00
md4.c
md5.c
memneq.c
michael_mic.c crypto: michael_mic - fix broken misalignment handling 2021-03-04 11:38:31 +01:00
nhpoly1305.c
ofb.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
pcbc.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
pcrypt.c
poly1305_generic.c
proc.c
ripemd.h
rmd128.c
rmd160.c
rmd256.c
rmd320.c
rng.c crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS 2021-05-11 14:47:35 +02:00
rsa_helper.c
rsa-pkcs1pad.c
rsa.c
rsaprivkey.asn1
rsapubkey.asn1
salsa20_generic.c
scatterwalk.c
scompress.c
seed.c
seqiv.c
serpent_generic.c
sha1_generic.c
sha3_generic.c
sha256_generic.c
sha512_generic.c
shash.c crypto: shash - avoid comparing pointers to exported functions under CFI 2021-07-14 16:55:54 +02:00
simd.c
skcipher.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
sm2.c crypto: sm2 - fix a memory leak in sm2 2021-07-14 16:56:06 +02:00
sm2signature.asn1
sm3_generic.c
sm4_generic.c
streebog_generic.c
tcrypt.c crypto: tcrypt - avoid signed overflow in byte count 2021-03-07 12:34:11 +01:00
tcrypt.h
tea.c
testmgr.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
testmgr.h
tgr192.c
twofish_common.c
twofish_generic.c
vmac.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
wp512.c
xcbc.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
xor.c crypto: xor - Fix divide error in do_xor_speed() 2021-01-27 11:54:52 +01:00
xts.c UPSTREAM: crypto: remove cipher routines from public crypto API 2021-05-13 07:53:31 +00:00
xxhash_generic.c
zstd.c