crypto: drbg - remove FIPS 140-2 continuous test

The newly released FIPS 140-2 IG 9.8 specifies that for SP800-90A compliant DRBGs, the FIPS 140-2 continuous random number generator test is not required any more. This patch removes the test and all associated data structures. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Stephan Mueller <sm@eperm.de> 2016-01-22 03:52:28 -0500
committer: Herbert Xu <herbert@gondor.apana.org.au> 2016-01-25 09:42:11 -0500
commit: b3614763059b82c26bdd02ffcb1c016c1132aad0 (patch)
tree: 8d6d529fe676c6e41fe67759df49a977985f106c /crypto/drbg.c
parent: 973fb3fb50e3959d90179d09ed3ce454dd7bc6e4 (diff)
1 files changed, 0 insertions, 64 deletions
diff --git a/crypto/drbg.c b/crypto/drbg.c
index ab6ef1d08568..1b86310db7b1 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -220,48 +220,6 @@ static inline unsigned short drbg_sec_strength(drbg_flag_t flags)
 }
 /*
- * FIPS 140-2 continuous self test
- * The test is performed on the result of one round of the output
- * function. Thus, the function implicitly knows the size of the
- * buffer.
- *
- * @drbg DRBG handle
- * @buf output buffer of random data to be checked
- *
- * return:
- *      true on success
- *      false on error
- */
-static bool drbg_fips_continuous_test(struct drbg_state *drbg,
-                                      const unsigned char *buf)
-{
-#ifdef CONFIG_CRYPTO_FIPS
-        int ret = 0;
-        /* skip test if we test the overall system */
-        if (list_empty(&drbg->test_data.list))
-                return true;
-        /* only perform test in FIPS mode */
-        if (0 == fips_enabled)
-                return true;
-        if (!drbg->fips_primed) {
-                /* Priming of FIPS test */
-                memcpy(drbg->prev, buf, drbg_blocklen(drbg));
-                drbg->fips_primed = true;
-                /* return false due to priming, i.e. another round is needed */
-                return false;
-        }
-        ret = memcmp(drbg->prev, buf, drbg_blocklen(drbg));
-        if (!ret)
-                panic("DRBG continuous self test failed\n");
-        memcpy(drbg->prev, buf, drbg_blocklen(drbg));
-        /* the test shall pass when the two compared values are not equal */
-        return ret != 0;
-#else
-        return true;
-#endif /* CONFIG_CRYPTO_FIPS */
-}
-/*
 * Convert an integer into a byte representation of this integer.
 * The byte representation is big-endian
 *
@@ -603,11 +561,6 @@ static int drbg_ctr_generate(struct drbg_state *drbg,
                }
                outlen = (drbg_blocklen(drbg) < (buflen - len)) ?
                          drbg_blocklen(drbg) : (buflen - len);
-                if (!drbg_fips_continuous_test(drbg, drbg->scratchpad)) {
-                        /* 10.2.1.5.2 step 6 */
-                        crypto_inc(drbg->V, drbg_blocklen(drbg));
-                        continue;
-                }
                /* 10.2.1.5.2 step 4.3 */
                memcpy(buf + len, drbg->scratchpad, outlen);
                len += outlen;
@@ -733,8 +686,6 @@ static int drbg_hmac_generate(struct drbg_state *drbg,
                        return ret;
                outlen = (drbg_blocklen(drbg) < (buflen - len)) ?
                          drbg_blocklen(drbg) : (buflen - len);
-                if (!drbg_fips_continuous_test(drbg, drbg->V))
-                        continue;
                /* 10.1.2.5 step 4.2 */
                memcpy(buf + len, drbg->V, outlen);
@@ -963,10 +914,6 @@ static int drbg_hash_hashgen(struct drbg_state *drbg,
                }
                outlen = (drbg_blocklen(drbg) < (buflen - len)) ?
                          drbg_blocklen(drbg) : (buflen - len);
-                if (!drbg_fips_continuous_test(drbg, dst)) {
-                        crypto_inc(src, drbg_statelen(drbg));
-                        continue;
-                }
                /* 10.1.1.4 step hashgen 4.2 */
                memcpy(buf + len, dst, outlen);
                len += outlen;
@@ -1201,11 +1148,6 @@ static inline void drbg_dealloc_state(struct drbg_state *drbg)
        drbg->reseed_ctr = 0;
        drbg->d_ops = NULL;
        drbg->core = NULL;
-#ifdef CONFIG_CRYPTO_FIPS
-        kzfree(drbg->prev);
-        drbg->prev = NULL;
-        drbg->fips_primed = false;
-#endif
 }
 /*
@@ -1244,12 +1186,6 @@ static inline int drbg_alloc_state(struct drbg_state *drbg)
        drbg->C = kmalloc(drbg_statelen(drbg), GFP_KERNEL);
        if (!drbg->C)
                goto err;
-#ifdef CONFIG_CRYPTO_FIPS
-        drbg->prev = kmalloc(drbg_blocklen(drbg), GFP_KERNEL);
-        if (!drbg->prev)
-                goto err;
-        drbg->fips_primed = false;
-#endif
        /* scratchpad is only generated for CTR and Hash */
        if (drbg->core->flags & DRBG_HMAC)
                sb_size = 0;
author	Stephan Mueller <sm@eperm.de>	2016-01-22 03:52:28 -0500
committer	Herbert Xu <herbert@gondor.apana.org.au>	2016-01-25 09:42:11 -0500
commit	b3614763059b82c26bdd02ffcb1c016c1132aad0 (patch)
tree	8d6d529fe676c6e41fe67759df49a977985f106c /crypto/drbg.c
parent	973fb3fb50e3959d90179d09ed3ce454dd7bc6e4 (diff)

diff --git a/crypto/drbg.c b/crypto/drbg.c index ab6ef1d08568..1b86310db7b1 100644 --- a/crypto/drbg.c +++ b/crypto/drbg.c
@@ -220,48 +220,6 @@ static inline unsigned short drbg_sec_strength(drbg_flag_t flags)
220	}	220	}
221		221
222	/*	222	/*
223	* FIPS 140-2 continuous self test
224	* The test is performed on the result of one round of the output
225	* function. Thus, the function implicitly knows the size of the
226	* buffer.
227	*
228	* @drbg DRBG handle
229	* @buf output buffer of random data to be checked
230	*
231	* return:
232	* true on success
233	* false on error
234	*/
235	static bool drbg_fips_continuous_test(struct drbg_state *drbg,
236	const unsigned char *buf)
237	{
238	#ifdef CONFIG_CRYPTO_FIPS
239	int ret = 0;
240	/* skip test if we test the overall system */
241	if (list_empty(&drbg->test_data.list))
242	return true;
243	/* only perform test in FIPS mode */
244	if (0 == fips_enabled)
245	return true;
246	if (!drbg->fips_primed) {
247	/* Priming of FIPS test */
248	memcpy(drbg->prev, buf, drbg_blocklen(drbg));
249	drbg->fips_primed = true;
250	/* return false due to priming, i.e. another round is needed */
251	return false;
252	}
253	ret = memcmp(drbg->prev, buf, drbg_blocklen(drbg));
254	if (!ret)
255	panic("DRBG continuous self test failed\n");
256	memcpy(drbg->prev, buf, drbg_blocklen(drbg));
257	/* the test shall pass when the two compared values are not equal */
258	return ret != 0;
259	#else
260	return true;
261	#endif /* CONFIG_CRYPTO_FIPS */
262	}
263
264	/*
265	* Convert an integer into a byte representation of this integer.	223	* Convert an integer into a byte representation of this integer.
266	* The byte representation is big-endian	224	* The byte representation is big-endian
267	*	225	*
@@ -603,11 +561,6 @@ static int drbg_ctr_generate(struct drbg_state *drbg,
603	}	561	}
604	outlen = (drbg_blocklen(drbg) < (buflen - len)) ?	562	outlen = (drbg_blocklen(drbg) < (buflen - len)) ?
605	drbg_blocklen(drbg) : (buflen - len);	563	drbg_blocklen(drbg) : (buflen - len);
606	if (!drbg_fips_continuous_test(drbg, drbg->scratchpad)) {
607	/* 10.2.1.5.2 step 6 */
608	crypto_inc(drbg->V, drbg_blocklen(drbg));
609	continue;
610	}
611	/* 10.2.1.5.2 step 4.3 */	564	/* 10.2.1.5.2 step 4.3 */
612	memcpy(buf + len, drbg->scratchpad, outlen);	565	memcpy(buf + len, drbg->scratchpad, outlen);
613	len += outlen;	566	len += outlen;
@@ -733,8 +686,6 @@ static int drbg_hmac_generate(struct drbg_state *drbg,
733	return ret;	686	return ret;
734	outlen = (drbg_blocklen(drbg) < (buflen - len)) ?	687	outlen = (drbg_blocklen(drbg) < (buflen - len)) ?
735	drbg_blocklen(drbg) : (buflen - len);	688	drbg_blocklen(drbg) : (buflen - len);
736	if (!drbg_fips_continuous_test(drbg, drbg->V))
737	continue;
738		689
739	/* 10.1.2.5 step 4.2 */	690	/* 10.1.2.5 step 4.2 */
740	memcpy(buf + len, drbg->V, outlen);	691	memcpy(buf + len, drbg->V, outlen);
@@ -963,10 +914,6 @@ static int drbg_hash_hashgen(struct drbg_state *drbg,
963	}	914	}
964	outlen = (drbg_blocklen(drbg) < (buflen - len)) ?	915	outlen = (drbg_blocklen(drbg) < (buflen - len)) ?
965	drbg_blocklen(drbg) : (buflen - len);	916	drbg_blocklen(drbg) : (buflen - len);
966	if (!drbg_fips_continuous_test(drbg, dst)) {
967	crypto_inc(src, drbg_statelen(drbg));
968	continue;
969	}
970	/* 10.1.1.4 step hashgen 4.2 */	917	/* 10.1.1.4 step hashgen 4.2 */
971	memcpy(buf + len, dst, outlen);	918	memcpy(buf + len, dst, outlen);
972	len += outlen;	919	len += outlen;
@@ -1201,11 +1148,6 @@ static inline void drbg_dealloc_state(struct drbg_state *drbg)
1201	drbg->reseed_ctr = 0;	1148	drbg->reseed_ctr = 0;
1202	drbg->d_ops = NULL;	1149	drbg->d_ops = NULL;
1203	drbg->core = NULL;	1150	drbg->core = NULL;
1204	#ifdef CONFIG_CRYPTO_FIPS
1205	kzfree(drbg->prev);
1206	drbg->prev = NULL;
1207	drbg->fips_primed = false;
1208	#endif
1209	}	1151	}
1210		1152
1211	/*	1153	/*
@@ -1244,12 +1186,6 @@ static inline int drbg_alloc_state(struct drbg_state *drbg)
1244	drbg->C = kmalloc(drbg_statelen(drbg), GFP_KERNEL);	1186	drbg->C = kmalloc(drbg_statelen(drbg), GFP_KERNEL);
1245	if (!drbg->C)	1187	if (!drbg->C)
1246	goto err;	1188	goto err;
1247	#ifdef CONFIG_CRYPTO_FIPS
1248	drbg->prev = kmalloc(drbg_blocklen(drbg), GFP_KERNEL);
1249	if (!drbg->prev)
1250	goto err;
1251	drbg->fips_primed = false;
1252	#endif
1253	/* scratchpad is only generated for CTR and Hash */	1189	/* scratchpad is only generated for CTR and Hash */
1254	if (drbg->core->flags & DRBG_HMAC)	1190	if (drbg->core->flags & DRBG_HMAC)
1255	sb_size = 0;	1191	sb_size = 0;