aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJarod Wilson <jarod@redhat.com>2009-05-15 01:16:03 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2009-06-02 00:04:48 -0400
commita1915d51e8e7ee192d2101d621d425379088cbb0 (patch)
tree2e07e1e3dafce0bc4b5fb98c79df92754b272284
parentf7cb80f2b9fa06730be20d17c80b12e511a36c1c (diff)
crypto: testmgr - Mark algs allowed in fips mode
Set the fips_allowed flag in testmgr.c's alg_test_descs[] for algs that are allowed to be used when in fips mode. One caveat: des isn't actually allowed anymore, but des (and thus also ecb(des)) has to be permitted, because disallowing them results in des3_ede being unable to properly register (see des module init func). Also, crc32 isn't technically on the fips approved list, but I think it gets used in various places that necessitate it being allowed. This list is based on http://csrc.nist.gov/groups/STM/cavp/index.html Important note: allowed/approved here does NOT mean "validated", just that its an alg that *could* be validated. Signed-off-by: Jarod Wilson <jarod@redhat.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--crypto/testmgr.c23
1 files changed, 23 insertions, 0 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index f4cc1780aee2..51bae62c332a 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -94,6 +94,7 @@ struct alg_test_desc {
94 const char *alg; 94 const char *alg;
95 int (*test)(const struct alg_test_desc *desc, const char *driver, 95 int (*test)(const struct alg_test_desc *desc, const char *driver,
96 u32 type, u32 mask); 96 u32 type, u32 mask);
97 int fips_allowed; /* set if alg is allowed in fips mode */
97 98
98 union { 99 union {
99 struct aead_test_suite aead; 100 struct aead_test_suite aead;
@@ -1432,6 +1433,7 @@ static const struct alg_test_desc alg_test_descs[] = {
1432 { 1433 {
1433 .alg = "ansi_cprng", 1434 .alg = "ansi_cprng",
1434 .test = alg_test_cprng, 1435 .test = alg_test_cprng,
1436 .fips_allowed = 1,
1435 .suite = { 1437 .suite = {
1436 .cprng = { 1438 .cprng = {
1437 .vecs = ansi_cprng_aes_tv_template, 1439 .vecs = ansi_cprng_aes_tv_template,
@@ -1441,6 +1443,7 @@ static const struct alg_test_desc alg_test_descs[] = {
1441 }, { 1443 }, {
1442 .alg = "cbc(aes)", 1444 .alg = "cbc(aes)",
1443 .test = alg_test_skcipher, 1445 .test = alg_test_skcipher,
1446 .fips_allowed = 1,
1444 .suite = { 1447 .suite = {
1445 .cipher = { 1448 .cipher = {
1446 .enc = { 1449 .enc = {
@@ -1516,6 +1519,7 @@ static const struct alg_test_desc alg_test_descs[] = {
1516 }, { 1519 }, {
1517 .alg = "cbc(des3_ede)", 1520 .alg = "cbc(des3_ede)",
1518 .test = alg_test_skcipher, 1521 .test = alg_test_skcipher,
1522 .fips_allowed = 1,
1519 .suite = { 1523 .suite = {
1520 .cipher = { 1524 .cipher = {
1521 .enc = { 1525 .enc = {
@@ -1546,6 +1550,7 @@ static const struct alg_test_desc alg_test_descs[] = {
1546 }, { 1550 }, {
1547 .alg = "ccm(aes)", 1551 .alg = "ccm(aes)",
1548 .test = alg_test_aead, 1552 .test = alg_test_aead,
1553 .fips_allowed = 1,
1549 .suite = { 1554 .suite = {
1550 .aead = { 1555 .aead = {
1551 .enc = { 1556 .enc = {
@@ -1561,6 +1566,7 @@ static const struct alg_test_desc alg_test_descs[] = {
1561 }, { 1566 }, {
1562 .alg = "crc32c", 1567 .alg = "crc32c",
1563 .test = alg_test_crc32c, 1568 .test = alg_test_crc32c,
1569 .fips_allowed = 1,
1564 .suite = { 1570 .suite = {
1565 .hash = { 1571 .hash = {
1566 .vecs = crc32c_tv_template, 1572 .vecs = crc32c_tv_template,
@@ -1570,6 +1576,7 @@ static const struct alg_test_desc alg_test_descs[] = {
1570 }, { 1576 }, {
1571 .alg = "ctr(aes)", 1577 .alg = "ctr(aes)",
1572 .test = alg_test_skcipher, 1578 .test = alg_test_skcipher,
1579 .fips_allowed = 1,
1573 .suite = { 1580 .suite = {
1574 .cipher = { 1581 .cipher = {
1575 .enc = { 1582 .enc = {
@@ -1615,6 +1622,7 @@ static const struct alg_test_desc alg_test_descs[] = {
1615 }, { 1622 }, {
1616 .alg = "ecb(aes)", 1623 .alg = "ecb(aes)",
1617 .test = alg_test_skcipher, 1624 .test = alg_test_skcipher,
1625 .fips_allowed = 1,
1618 .suite = { 1626 .suite = {
1619 .cipher = { 1627 .cipher = {
1620 .enc = { 1628 .enc = {
@@ -1720,6 +1728,7 @@ static const struct alg_test_desc alg_test_descs[] = {
1720 }, { 1728 }, {
1721 .alg = "ecb(des)", 1729 .alg = "ecb(des)",
1722 .test = alg_test_skcipher, 1730 .test = alg_test_skcipher,
1731 .fips_allowed = 1,
1723 .suite = { 1732 .suite = {
1724 .cipher = { 1733 .cipher = {
1725 .enc = { 1734 .enc = {
@@ -1735,6 +1744,7 @@ static const struct alg_test_desc alg_test_descs[] = {
1735 }, { 1744 }, {
1736 .alg = "ecb(des3_ede)", 1745 .alg = "ecb(des3_ede)",
1737 .test = alg_test_skcipher, 1746 .test = alg_test_skcipher,
1747 .fips_allowed = 1,
1738 .suite = { 1748 .suite = {
1739 .cipher = { 1749 .cipher = {
1740 .enc = { 1750 .enc = {
@@ -1870,6 +1880,7 @@ static const struct alg_test_desc alg_test_descs[] = {
1870 }, { 1880 }, {
1871 .alg = "gcm(aes)", 1881 .alg = "gcm(aes)",
1872 .test = alg_test_aead, 1882 .test = alg_test_aead,
1883 .fips_allowed = 1,
1873 .suite = { 1884 .suite = {
1874 .aead = { 1885 .aead = {
1875 .enc = { 1886 .enc = {
@@ -1912,6 +1923,7 @@ static const struct alg_test_desc alg_test_descs[] = {
1912 }, { 1923 }, {
1913 .alg = "hmac(sha1)", 1924 .alg = "hmac(sha1)",
1914 .test = alg_test_hash, 1925 .test = alg_test_hash,
1926 .fips_allowed = 1,
1915 .suite = { 1927 .suite = {
1916 .hash = { 1928 .hash = {
1917 .vecs = hmac_sha1_tv_template, 1929 .vecs = hmac_sha1_tv_template,
@@ -1921,6 +1933,7 @@ static const struct alg_test_desc alg_test_descs[] = {
1921 }, { 1933 }, {
1922 .alg = "hmac(sha224)", 1934 .alg = "hmac(sha224)",
1923 .test = alg_test_hash, 1935 .test = alg_test_hash,
1936 .fips_allowed = 1,
1924 .suite = { 1937 .suite = {
1925 .hash = { 1938 .hash = {
1926 .vecs = hmac_sha224_tv_template, 1939 .vecs = hmac_sha224_tv_template,
@@ -1930,6 +1943,7 @@ static const struct alg_test_desc alg_test_descs[] = {
1930 }, { 1943 }, {
1931 .alg = "hmac(sha256)", 1944 .alg = "hmac(sha256)",
1932 .test = alg_test_hash, 1945 .test = alg_test_hash,
1946 .fips_allowed = 1,
1933 .suite = { 1947 .suite = {
1934 .hash = { 1948 .hash = {
1935 .vecs = hmac_sha256_tv_template, 1949 .vecs = hmac_sha256_tv_template,
@@ -1939,6 +1953,7 @@ static const struct alg_test_desc alg_test_descs[] = {
1939 }, { 1953 }, {
1940 .alg = "hmac(sha384)", 1954 .alg = "hmac(sha384)",
1941 .test = alg_test_hash, 1955 .test = alg_test_hash,
1956 .fips_allowed = 1,
1942 .suite = { 1957 .suite = {
1943 .hash = { 1958 .hash = {
1944 .vecs = hmac_sha384_tv_template, 1959 .vecs = hmac_sha384_tv_template,
@@ -1948,6 +1963,7 @@ static const struct alg_test_desc alg_test_descs[] = {
1948 }, { 1963 }, {
1949 .alg = "hmac(sha512)", 1964 .alg = "hmac(sha512)",
1950 .test = alg_test_hash, 1965 .test = alg_test_hash,
1966 .fips_allowed = 1,
1951 .suite = { 1967 .suite = {
1952 .hash = { 1968 .hash = {
1953 .vecs = hmac_sha512_tv_template, 1969 .vecs = hmac_sha512_tv_template,
@@ -2029,6 +2045,7 @@ static const struct alg_test_desc alg_test_descs[] = {
2029 }, { 2045 }, {
2030 .alg = "rfc3686(ctr(aes))", 2046 .alg = "rfc3686(ctr(aes))",
2031 .test = alg_test_skcipher, 2047 .test = alg_test_skcipher,
2048 .fips_allowed = 1,
2032 .suite = { 2049 .suite = {
2033 .cipher = { 2050 .cipher = {
2034 .enc = { 2051 .enc = {
@@ -2044,6 +2061,7 @@ static const struct alg_test_desc alg_test_descs[] = {
2044 }, { 2061 }, {
2045 .alg = "rfc4309(ccm(aes))", 2062 .alg = "rfc4309(ccm(aes))",
2046 .test = alg_test_aead, 2063 .test = alg_test_aead,
2064 .fips_allowed = 1,
2047 .suite = { 2065 .suite = {
2048 .aead = { 2066 .aead = {
2049 .enc = { 2067 .enc = {
@@ -2106,6 +2124,7 @@ static const struct alg_test_desc alg_test_descs[] = {
2106 }, { 2124 }, {
2107 .alg = "sha1", 2125 .alg = "sha1",
2108 .test = alg_test_hash, 2126 .test = alg_test_hash,
2127 .fips_allowed = 1,
2109 .suite = { 2128 .suite = {
2110 .hash = { 2129 .hash = {
2111 .vecs = sha1_tv_template, 2130 .vecs = sha1_tv_template,
@@ -2115,6 +2134,7 @@ static const struct alg_test_desc alg_test_descs[] = {
2115 }, { 2134 }, {
2116 .alg = "sha224", 2135 .alg = "sha224",
2117 .test = alg_test_hash, 2136 .test = alg_test_hash,
2137 .fips_allowed = 1,
2118 .suite = { 2138 .suite = {
2119 .hash = { 2139 .hash = {
2120 .vecs = sha224_tv_template, 2140 .vecs = sha224_tv_template,
@@ -2124,6 +2144,7 @@ static const struct alg_test_desc alg_test_descs[] = {
2124 }, { 2144 }, {
2125 .alg = "sha256", 2145 .alg = "sha256",
2126 .test = alg_test_hash, 2146 .test = alg_test_hash,
2147 .fips_allowed = 1,
2127 .suite = { 2148 .suite = {
2128 .hash = { 2149 .hash = {
2129 .vecs = sha256_tv_template, 2150 .vecs = sha256_tv_template,
@@ -2133,6 +2154,7 @@ static const struct alg_test_desc alg_test_descs[] = {
2133 }, { 2154 }, {
2134 .alg = "sha384", 2155 .alg = "sha384",
2135 .test = alg_test_hash, 2156 .test = alg_test_hash,
2157 .fips_allowed = 1,
2136 .suite = { 2158 .suite = {
2137 .hash = { 2159 .hash = {
2138 .vecs = sha384_tv_template, 2160 .vecs = sha384_tv_template,
@@ -2142,6 +2164,7 @@ static const struct alg_test_desc alg_test_descs[] = {
2142 }, { 2164 }, {
2143 .alg = "sha512", 2165 .alg = "sha512",
2144 .test = alg_test_hash, 2166 .test = alg_test_hash,
2167 .fips_allowed = 1,
2145 .suite = { 2168 .suite = {
2146 .hash = { 2169 .hash = {
2147 .vecs = sha512_tv_template, 2170 .vecs = sha512_tv_template,