#
60a273e9 |
| 21-Feb-2022 |
Nicolai Stange <nstange@suse.de> |
crypto: testmgr - add known answer tests for ffdheXYZ(dh) templates
Add known answer tests for the ffdhe2048(dh), ffdhe3072(dh), ffdhe4096(dh), ffdhe6144(dh) and ffdhe8192(dh) templates introduced w
crypto: testmgr - add known answer tests for ffdheXYZ(dh) templates
Add known answer tests for the ffdhe2048(dh), ffdhe3072(dh), ffdhe4096(dh), ffdhe6144(dh) and ffdhe8192(dh) templates introduced with the previous patch to the testmgr. All TVs have been generated with OpenSSL.
Signed-off-by: Nicolai Stange <nstange@suse.de> Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v5.15.24, v5.15.23, v5.15.22, v5.15.21, v5.15.20, v5.15.19 |
|
#
c9c28ed0 |
| 01-Feb-2022 |
Stephan Müller <smueller@chronox.de> |
crypto: hmac - add fips_skip support
By adding the support for the flag fips_skip, hash / HMAC test vectors may be marked to be not applicable in FIPS mode. Such vectors are silently skipped in FIPS
crypto: hmac - add fips_skip support
By adding the support for the flag fips_skip, hash / HMAC test vectors may be marked to be not applicable in FIPS mode. Such vectors are silently skipped in FIPS mode.
Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v5.15.18, v5.15.17, v5.4.173, v5.15.16, v5.15.15 |
|
#
8fc5f2ad |
| 14-Jan-2022 |
Herbert Xu <herbert@gondor.apana.org.au> |
crypto: testmgr - Move crypto_simd_disabled_for_test out
As testmgr is part of cryptomgr which was designed to be unloadable as a module, it shouldn't export any symbols for other crypto modules to
crypto: testmgr - Move crypto_simd_disabled_for_test out
As testmgr is part of cryptomgr which was designed to be unloadable as a module, it shouldn't export any symbols for other crypto modules to use as that would prevent it from being unloaded. All its functionality is meant to be accessed through notifiers.
The symbol crypto_simd_disabled_for_test was added to testmgr which caused it to be pinned as a module if its users were also loaded. This patch moves it out of testmgr and into crypto/algapi.c so cryptomgr can again be unloaded and replaced on demand.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v5.16, v5.15.10, v5.15.9, v5.15.8, v5.15.7, v5.15.6, v5.15.5 |
|
#
330507fb |
| 21-Nov-2021 |
Stephan Müller <smueller@chronox.de> |
crypto: des - disallow des3 in FIPS mode
On Dec 31 2023 NIST sunsets TDES for FIPS use. To prevent FIPS validations to be completed in the future to be affected by the TDES sunsetting, disallow TDES
crypto: des - disallow des3 in FIPS mode
On Dec 31 2023 NIST sunsets TDES for FIPS use. To prevent FIPS validations to be completed in the future to be affected by the TDES sunsetting, disallow TDES already now. Otherwise a FIPS validation would need to be "touched again" end 2023 to handle TDES accordingly.
Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v5.15.4, v5.15.3, v5.15.2, v5.15.1, v5.15, v5.14.14, v5.14.13, v5.14.12, v5.14.11, v5.14.10, v5.14.9 |
|
#
82e269ad |
| 28-Sep-2021 |
Sebastian Andrzej Siewior <bigeasy@linutronix.de> |
crypto: testmgr - Only disable migration in crypto_disable_simd_for_test()
crypto_disable_simd_for_test() disables preemption in order to receive a stable per-CPU variable which it needs to modify i
crypto: testmgr - Only disable migration in crypto_disable_simd_for_test()
crypto_disable_simd_for_test() disables preemption in order to receive a stable per-CPU variable which it needs to modify in order to alter crypto_simd_usable() results.
This can also be achived by migrate_disable() which forbidds CPU migrations but allows the task to be preempted. The latter is important for PREEMPT_RT since operation like skcipher_walk_first() may allocate memory which must not happen with disabled preemption on PREEMPT_RT.
Use migrate_disable() in crypto_disable_simd_for_test() to achieve a stable per-CPU pointer.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
3dd33a09 |
| 28-May-2022 |
Jason A. Donenfeld <Jason@zx2c4.com> |
crypto: blake2s - remove shash module
[ Upstream commit 2d16803c562ecc644803d42ba98a8e0aef9c014e ]
BLAKE2s has no currently known use as an shash. Just remove all of this unnecessary plumbing. Remo
crypto: blake2s - remove shash module
[ Upstream commit 2d16803c562ecc644803d42ba98a8e0aef9c014e ]
BLAKE2s has no currently known use as an shash. Just remove all of this unnecessary plumbing. Removing this shash was something we talked about back when we were making BLAKE2s a built-in, but I simply never got around to doing it. So this completes that project.
Importantly, this fixs a bug in which the lib code depends on crypto_simd_disabled_for_test, causing linker errors.
Also add more alignment tests to the selftests and compare SIMD and non-SIMD compression functions, to make up for what we lose from testmgr.c.
Reported-by: gaochao <gaochao49@huawei.com> Cc: Eric Biggers <ebiggers@kernel.org> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: stable@vger.kernel.org Fixes: 6048fdcc5f26 ("lib/crypto: blake2s: include as built-in") Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org>
show more ...
|
Revision tags: v5.14.8, v5.14.7, v5.14.6, v5.10.67, v5.10.66, v5.14.5, v5.14.4, v5.10.65, v5.14.3, v5.10.64, v5.14.2, v5.10.63, v5.14.1, v5.10.62, v5.14, v5.10.61, v5.10.60 |
|
#
68039d60 |
| 13-Aug-2021 |
Tianjia Zhang <tianjia.zhang@linux.alibaba.com> |
crypto: testmgr - Add GCM/CCM mode test of SM4 algorithm
The GCM/CCM mode of the SM4 algorithm is defined in the rfc 8998 specification, and the test case data also comes from rfc 8998.
Signed-off-
crypto: testmgr - Add GCM/CCM mode test of SM4 algorithm
The GCM/CCM mode of the SM4 algorithm is defined in the rfc 8998 specification, and the test case data also comes from rfc 8998.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v5.10.53, v5.10.52, v5.10.51, v5.10.50, v5.10.49, v5.13 |
|
#
8833272d |
| 24-Jun-2021 |
Stephan Müller <smueller@chronox.de> |
crypto: drbg - self test for HMAC(SHA-512)
Considering that the HMAC(SHA-512) DRBG is the default DRBG now, a self test is to be provided.
The test vector is obtained from a successful NIST ACVP te
crypto: drbg - self test for HMAC(SHA-512)
Considering that the HMAC(SHA-512) DRBG is the default DRBG now, a self test is to be provided.
The test vector is obtained from a successful NIST ACVP test run.
Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v5.10.46, v5.10.43, v5.10.42, v5.10.41, v5.10.40, v5.10.39 |
|
#
8e568fc2 |
| 21-May-2021 |
Hui Tang <tanghui20@huawei.com> |
crypto: ecdh - add test suite for NIST P384
Add test vector params for NIST P384, add test vector for NIST P384 on vector of tests.
Vector param from: https://datatracker.ietf.org/doc/html/rfc5903#
crypto: ecdh - add test suite for NIST P384
Add test vector params for NIST P384, add test vector for NIST P384 on vector of tests.
Vector param from: https://datatracker.ietf.org/doc/html/rfc5903#section-3.1
Signed-off-by: Hui Tang <tanghui20@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
6889fc21 |
| 21-May-2021 |
Hui Tang <tanghui20@huawei.com> |
crypto: ecdh - fix ecdh-nist-p192's entry in testmgr
Add a comment that p192 will fail to register in FIPS mode.
Fix ecdh-nist-p192's entry in testmgr by removing the ifdefs and not setting fips_al
crypto: ecdh - fix ecdh-nist-p192's entry in testmgr
Add a comment that p192 will fail to register in FIPS mode.
Fix ecdh-nist-p192's entry in testmgr by removing the ifdefs and not setting fips_allowed.
Signed-off-by: Hui Tang <tanghui20@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v5.4.119, v5.10.36, v5.10.35, v5.10.34, v5.4.116, v5.10.33, v5.12, v5.10.32, v5.10.31, v5.10.30, v5.10.27, v5.10.26, v5.10.25, v5.10.24 |
|
#
c12d448b |
| 16-Mar-2021 |
Saulo Alessandre <saulo.alessandre@tse.jus.br> |
crypto: ecdsa - Register NIST P384 and extend test suite
Register NIST P384 as an akcipher and extend the testmgr with NIST P384-specific test vectors.
Summary of changes:
* crypto/ecdsa.c - add
crypto: ecdsa - Register NIST P384 and extend test suite
Register NIST P384 as an akcipher and extend the testmgr with NIST P384-specific test vectors.
Summary of changes:
* crypto/ecdsa.c - add ecdsa_nist_p384_init_tfm - register and unregister P384 tfm
* crypto/testmgr.c - add test vector for P384 on vector of tests
* crypto/testmgr.h - add test vector params for P384(sha1, sha224, sha256, sha384 and sha512)
Signed-off-by: Saulo Alessandre <saulo.alessandre@tse.jus.br> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Acked-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
4e660291 |
| 16-Mar-2021 |
Stefan Berger <stefanb@linux.ibm.com> |
crypto: ecdsa - Add support for ECDSA signature verification
Add support for parsing the parameters of a NIST P256 or NIST P192 key. Enable signature verification using these keys. The new module is
crypto: ecdsa - Add support for ECDSA signature verification
Add support for parsing the parameters of a NIST P256 or NIST P192 key. Enable signature verification using these keys. The new module is enabled with CONFIG_ECDSA: Elliptic Curve Digital Signature Algorithm (NIST P192, P256 etc.) is A NIST cryptographic standard algorithm. Only signature verification is implemented.
Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-crypto@vger.kernel.org Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v5.10.23, v5.10.22, v5.10.21, v5.10.20 |
|
#
6763f5ea |
| 04-Mar-2021 |
Meng Yu <yumeng18@huawei.com> |
crypto: ecdh - move curve_id of ECDH from the key to algorithm name
1. crypto and crypto/atmel-ecc: Move curve id of ECDH from the key into the algorithm name instead in crypto and atmel-ecc,
crypto: ecdh - move curve_id of ECDH from the key to algorithm name
1. crypto and crypto/atmel-ecc: Move curve id of ECDH from the key into the algorithm name instead in crypto and atmel-ecc, so ECDH algorithm name change form 'ecdh' to 'ecdh-nist-pxxx', and we cannot use 'curve_id' in 'struct ecdh'; 2. crypto/testmgr and net/bluetooth: Modify 'testmgr.c', 'testmgr.h' and 'net/bluetooth' to adapt the modification.
Signed-off-by: Meng Yu <yumeng18@huawei.com> Reviewed-by: Zaibo Xu <xuzaibo@huawei.com> Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v5.10.19, v5.4.101, v5.10.18 |
|
#
e40ff6f3 |
| 22-Feb-2021 |
Kai Ye <yekai13@huawei.com> |
crypto: testmgr - delete some redundant code
Delete sg_data function, because sg_data function definition same as sg_virt(), so need to delete it and use sg_virt() replace to sg_data().
Signed-off-
crypto: testmgr - delete some redundant code
Delete sg_data function, because sg_data function definition same as sg_virt(), so need to delete it and use sg_virt() replace to sg_data().
Signed-off-by: Kai Ye <yekai13@huawei.com> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v5.10.17, v5.11, v5.10.16, v5.10.15, v5.10.14 |
|
#
784506a1 |
| 01-Feb-2021 |
Ard Biesheuvel <ardb@kernel.org> |
crypto: serpent - get rid of obsolete tnepres variant
It is not trivial to trace back why exactly the tnepres variant of serpent was added ~17 years ago - Google searches come up mostly empty, but i
crypto: serpent - get rid of obsolete tnepres variant
It is not trivial to trace back why exactly the tnepres variant of serpent was added ~17 years ago - Google searches come up mostly empty, but it seems to be related with the 'kerneli' version, which was based on an incorrect interpretation of the serpent spec.
In other words, nobody is likely to care anymore today, so let's get rid of it.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
663f63ee |
| 21-Jan-2021 |
Ard Biesheuvel <ardb@kernel.org> |
crypto: salsa20 - remove Salsa20 stream cipher algorithm
Salsa20 is not used anywhere in the kernel, is not suitable for disk encryption, and widely considered to have been superseded by ChaCha20. S
crypto: salsa20 - remove Salsa20 stream cipher algorithm
Salsa20 is not used anywhere in the kernel, is not suitable for disk encryption, and widely considered to have been superseded by ChaCha20. So let's remove it.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Mike Snitzer <snitzer@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
87cd723f |
| 21-Jan-2021 |
Ard Biesheuvel <ardb@kernel.org> |
crypto: tgr192 - remove Tiger 128/160/192 hash algorithms
Tiger is never referenced anywhere in the kernel, and unlikely to be depended upon by userspace via AF_ALG. So let's remove it.
Signed-off-
crypto: tgr192 - remove Tiger 128/160/192 hash algorithms
Tiger is never referenced anywhere in the kernel, and unlikely to be depended upon by userspace via AF_ALG. So let's remove it.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
93f64202 |
| 21-Jan-2021 |
Ard Biesheuvel <ardb@kernel.org> |
crypto: rmd320 - remove RIPE-MD 320 hash algorithm
RIPE-MD 320 is never referenced anywhere in the kernel, and unlikely to be depended upon by userspace via AF_ALG. So let's remove it
Signed-off-by
crypto: rmd320 - remove RIPE-MD 320 hash algorithm
RIPE-MD 320 is never referenced anywhere in the kernel, and unlikely to be depended upon by userspace via AF_ALG. So let's remove it
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
c15d4167 |
| 21-Jan-2021 |
Ard Biesheuvel <ardb@kernel.org> |
crypto: rmd256 - remove RIPE-MD 256 hash algorithm
RIPE-MD 256 is never referenced anywhere in the kernel, and unlikely to be depended upon by userspace via AF_ALG. So let's remove it
Signed-off-by
crypto: rmd256 - remove RIPE-MD 256 hash algorithm
RIPE-MD 256 is never referenced anywhere in the kernel, and unlikely to be depended upon by userspace via AF_ALG. So let's remove it
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
b21b9a5e |
| 21-Jan-2021 |
Ard Biesheuvel <ardb@kernel.org> |
crypto: rmd128 - remove RIPE-MD 128 hash algorithm
RIPE-MD 128 is never referenced anywhere in the kernel, and unlikely to be depended upon by userspace via AF_ALG. So let's remove it.
Signed-off-b
crypto: rmd128 - remove RIPE-MD 128 hash algorithm
RIPE-MD 128 is never referenced anywhere in the kernel, and unlikely to be depended upon by userspace via AF_ALG. So let's remove it.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v5.10 |
|
#
0eb76ba2 |
| 11-Dec-2020 |
Ard Biesheuvel <ardb@kernel.org> |
crypto: remove cipher routines from public crypto API
The cipher routines in the crypto API are mostly intended for templates implementing skcipher modes generically in software, and shouldn't be us
crypto: remove cipher routines from public crypto API
The cipher routines in the crypto API are mostly intended for templates implementing skcipher modes generically in software, and shouldn't be used outside of the crypto subsystem. So move the prototypes and all related definitions to a new header file under include/crypto/internal. Also, let's use the new module namespace feature to move the symbol exports into a new namespace CRYPTO_INTERNAL.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
Revision tags: v5.8.17 |
|
#
09a5ef96 |
| 26-Oct-2020 |
Eric Biggers <ebiggers@google.com> |
crypto: testmgr - WARN on test failure
Currently, by default crypto self-test failures only result in a pr_warn() message and an "unknown" status in /proc/crypto. Both of these are easy to miss. T
crypto: testmgr - WARN on test failure
Currently, by default crypto self-test failures only result in a pr_warn() message and an "unknown" status in /proc/crypto. Both of these are easy to miss. There is also an option to panic the kernel when a test fails, but that can't be the default behavior.
A crypto self-test failure always indicates a kernel bug, however, and there's already a standard way to report (recoverable) kernel bugs -- the WARN() family of macros. WARNs are noisier and harder to miss, and existing test systems already know to look for them in dmesg or via /proc/sys/kernel/tainted.
Therefore, call WARN() when an algorithm fails its self-tests.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
6e5972fa |
| 26-Oct-2020 |
Eric Biggers <ebiggers@google.com> |
crypto: testmgr - always print the actual skcipher driver name
When alg_test() is called from tcrypt.ko rather than from the algorithm registration code, "driver" is actually the algorithm name, not
crypto: testmgr - always print the actual skcipher driver name
When alg_test() is called from tcrypt.ko rather than from the algorithm registration code, "driver" is actually the algorithm name, not the driver name. So it shouldn't be used in places where a driver name is wanted, e.g. when reporting a test failure or when checking whether the driver is the generic driver or not.
Fix this for the skcipher algorithm tests by getting the driver name from the crypto_skcipher that actually got allocated.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
2257f471 |
| 26-Oct-2020 |
Eric Biggers <ebiggers@google.com> |
crypto: testmgr - always print the actual AEAD driver name
When alg_test() is called from tcrypt.ko rather than from the algorithm registration code, "driver" is actually the algorithm name, not the
crypto: testmgr - always print the actual AEAD driver name
When alg_test() is called from tcrypt.ko rather than from the algorithm registration code, "driver" is actually the algorithm name, not the driver name. So it shouldn't be used in places where a driver name is wanted, e.g. when reporting a test failure or when checking whether the driver is the generic driver or not.
Fix this for the AEAD algorithm tests by getting the driver name from the crypto_aead that actually got allocated.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
79cafe9a |
| 26-Oct-2020 |
Eric Biggers <ebiggers@google.com> |
crypto: testmgr - always print the actual hash driver name
When alg_test() is called from tcrypt.ko rather than from the algorithm registration code, "driver" is actually the algorithm name, not the
crypto: testmgr - always print the actual hash driver name
When alg_test() is called from tcrypt.ko rather than from the algorithm registration code, "driver" is actually the algorithm name, not the driver name. So it shouldn't be used in places where a driver name is wanted, e.g. when reporting a test failure or when checking whether the driver is the generic driver or not.
Fix this for the hash algorithm tests by getting the driver name from the crypto_ahash or crypto_shash that actually got allocated.
Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|