diff options
author | Jarod Wilson <jarod@redhat.com> | 2009-05-15 01:16:03 -0400 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2009-06-02 00:04:48 -0400 |
commit | a1915d51e8e7ee192d2101d621d425379088cbb0 (patch) | |
tree | 2e07e1e3dafce0bc4b5fb98c79df92754b272284 | |
parent | f7cb80f2b9fa06730be20d17c80b12e511a36c1c (diff) |
crypto: testmgr - Mark algs allowed in fips mode
Set the fips_allowed flag in testmgr.c's alg_test_descs[] for algs
that are allowed to be used when in fips mode.
One caveat: des isn't actually allowed anymore, but des (and thus also
ecb(des)) has to be permitted, because disallowing them results in
des3_ede being unable to properly register (see des module init func).
Also, crc32 isn't technically on the fips approved list, but I think
it gets used in various places that necessitate it being allowed.
This list is based on
http://csrc.nist.gov/groups/STM/cavp/index.html
Important note: allowed/approved here does NOT mean "validated", just
that its an alg that *could* be validated.
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r-- | crypto/testmgr.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index f4cc1780aee2..51bae62c332a 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c | |||
@@ -94,6 +94,7 @@ struct alg_test_desc { | |||
94 | const char *alg; | 94 | const char *alg; |
95 | int (*test)(const struct alg_test_desc *desc, const char *driver, | 95 | int (*test)(const struct alg_test_desc *desc, const char *driver, |
96 | u32 type, u32 mask); | 96 | u32 type, u32 mask); |
97 | int fips_allowed; /* set if alg is allowed in fips mode */ | ||
97 | 98 | ||
98 | union { | 99 | union { |
99 | struct aead_test_suite aead; | 100 | struct aead_test_suite aead; |
@@ -1432,6 +1433,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
1432 | { | 1433 | { |
1433 | .alg = "ansi_cprng", | 1434 | .alg = "ansi_cprng", |
1434 | .test = alg_test_cprng, | 1435 | .test = alg_test_cprng, |
1436 | .fips_allowed = 1, | ||
1435 | .suite = { | 1437 | .suite = { |
1436 | .cprng = { | 1438 | .cprng = { |
1437 | .vecs = ansi_cprng_aes_tv_template, | 1439 | .vecs = ansi_cprng_aes_tv_template, |
@@ -1441,6 +1443,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
1441 | }, { | 1443 | }, { |
1442 | .alg = "cbc(aes)", | 1444 | .alg = "cbc(aes)", |
1443 | .test = alg_test_skcipher, | 1445 | .test = alg_test_skcipher, |
1446 | .fips_allowed = 1, | ||
1444 | .suite = { | 1447 | .suite = { |
1445 | .cipher = { | 1448 | .cipher = { |
1446 | .enc = { | 1449 | .enc = { |
@@ -1516,6 +1519,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
1516 | }, { | 1519 | }, { |
1517 | .alg = "cbc(des3_ede)", | 1520 | .alg = "cbc(des3_ede)", |
1518 | .test = alg_test_skcipher, | 1521 | .test = alg_test_skcipher, |
1522 | .fips_allowed = 1, | ||
1519 | .suite = { | 1523 | .suite = { |
1520 | .cipher = { | 1524 | .cipher = { |
1521 | .enc = { | 1525 | .enc = { |
@@ -1546,6 +1550,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
1546 | }, { | 1550 | }, { |
1547 | .alg = "ccm(aes)", | 1551 | .alg = "ccm(aes)", |
1548 | .test = alg_test_aead, | 1552 | .test = alg_test_aead, |
1553 | .fips_allowed = 1, | ||
1549 | .suite = { | 1554 | .suite = { |
1550 | .aead = { | 1555 | .aead = { |
1551 | .enc = { | 1556 | .enc = { |
@@ -1561,6 +1566,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
1561 | }, { | 1566 | }, { |
1562 | .alg = "crc32c", | 1567 | .alg = "crc32c", |
1563 | .test = alg_test_crc32c, | 1568 | .test = alg_test_crc32c, |
1569 | .fips_allowed = 1, | ||
1564 | .suite = { | 1570 | .suite = { |
1565 | .hash = { | 1571 | .hash = { |
1566 | .vecs = crc32c_tv_template, | 1572 | .vecs = crc32c_tv_template, |
@@ -1570,6 +1576,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
1570 | }, { | 1576 | }, { |
1571 | .alg = "ctr(aes)", | 1577 | .alg = "ctr(aes)", |
1572 | .test = alg_test_skcipher, | 1578 | .test = alg_test_skcipher, |
1579 | .fips_allowed = 1, | ||
1573 | .suite = { | 1580 | .suite = { |
1574 | .cipher = { | 1581 | .cipher = { |
1575 | .enc = { | 1582 | .enc = { |
@@ -1615,6 +1622,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
1615 | }, { | 1622 | }, { |
1616 | .alg = "ecb(aes)", | 1623 | .alg = "ecb(aes)", |
1617 | .test = alg_test_skcipher, | 1624 | .test = alg_test_skcipher, |
1625 | .fips_allowed = 1, | ||
1618 | .suite = { | 1626 | .suite = { |
1619 | .cipher = { | 1627 | .cipher = { |
1620 | .enc = { | 1628 | .enc = { |
@@ -1720,6 +1728,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
1720 | }, { | 1728 | }, { |
1721 | .alg = "ecb(des)", | 1729 | .alg = "ecb(des)", |
1722 | .test = alg_test_skcipher, | 1730 | .test = alg_test_skcipher, |
1731 | .fips_allowed = 1, | ||
1723 | .suite = { | 1732 | .suite = { |
1724 | .cipher = { | 1733 | .cipher = { |
1725 | .enc = { | 1734 | .enc = { |
@@ -1735,6 +1744,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
1735 | }, { | 1744 | }, { |
1736 | .alg = "ecb(des3_ede)", | 1745 | .alg = "ecb(des3_ede)", |
1737 | .test = alg_test_skcipher, | 1746 | .test = alg_test_skcipher, |
1747 | .fips_allowed = 1, | ||
1738 | .suite = { | 1748 | .suite = { |
1739 | .cipher = { | 1749 | .cipher = { |
1740 | .enc = { | 1750 | .enc = { |
@@ -1870,6 +1880,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
1870 | }, { | 1880 | }, { |
1871 | .alg = "gcm(aes)", | 1881 | .alg = "gcm(aes)", |
1872 | .test = alg_test_aead, | 1882 | .test = alg_test_aead, |
1883 | .fips_allowed = 1, | ||
1873 | .suite = { | 1884 | .suite = { |
1874 | .aead = { | 1885 | .aead = { |
1875 | .enc = { | 1886 | .enc = { |
@@ -1912,6 +1923,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
1912 | }, { | 1923 | }, { |
1913 | .alg = "hmac(sha1)", | 1924 | .alg = "hmac(sha1)", |
1914 | .test = alg_test_hash, | 1925 | .test = alg_test_hash, |
1926 | .fips_allowed = 1, | ||
1915 | .suite = { | 1927 | .suite = { |
1916 | .hash = { | 1928 | .hash = { |
1917 | .vecs = hmac_sha1_tv_template, | 1929 | .vecs = hmac_sha1_tv_template, |
@@ -1921,6 +1933,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
1921 | }, { | 1933 | }, { |
1922 | .alg = "hmac(sha224)", | 1934 | .alg = "hmac(sha224)", |
1923 | .test = alg_test_hash, | 1935 | .test = alg_test_hash, |
1936 | .fips_allowed = 1, | ||
1924 | .suite = { | 1937 | .suite = { |
1925 | .hash = { | 1938 | .hash = { |
1926 | .vecs = hmac_sha224_tv_template, | 1939 | .vecs = hmac_sha224_tv_template, |
@@ -1930,6 +1943,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
1930 | }, { | 1943 | }, { |
1931 | .alg = "hmac(sha256)", | 1944 | .alg = "hmac(sha256)", |
1932 | .test = alg_test_hash, | 1945 | .test = alg_test_hash, |
1946 | .fips_allowed = 1, | ||
1933 | .suite = { | 1947 | .suite = { |
1934 | .hash = { | 1948 | .hash = { |
1935 | .vecs = hmac_sha256_tv_template, | 1949 | .vecs = hmac_sha256_tv_template, |
@@ -1939,6 +1953,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
1939 | }, { | 1953 | }, { |
1940 | .alg = "hmac(sha384)", | 1954 | .alg = "hmac(sha384)", |
1941 | .test = alg_test_hash, | 1955 | .test = alg_test_hash, |
1956 | .fips_allowed = 1, | ||
1942 | .suite = { | 1957 | .suite = { |
1943 | .hash = { | 1958 | .hash = { |
1944 | .vecs = hmac_sha384_tv_template, | 1959 | .vecs = hmac_sha384_tv_template, |
@@ -1948,6 +1963,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
1948 | }, { | 1963 | }, { |
1949 | .alg = "hmac(sha512)", | 1964 | .alg = "hmac(sha512)", |
1950 | .test = alg_test_hash, | 1965 | .test = alg_test_hash, |
1966 | .fips_allowed = 1, | ||
1951 | .suite = { | 1967 | .suite = { |
1952 | .hash = { | 1968 | .hash = { |
1953 | .vecs = hmac_sha512_tv_template, | 1969 | .vecs = hmac_sha512_tv_template, |
@@ -2029,6 +2045,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
2029 | }, { | 2045 | }, { |
2030 | .alg = "rfc3686(ctr(aes))", | 2046 | .alg = "rfc3686(ctr(aes))", |
2031 | .test = alg_test_skcipher, | 2047 | .test = alg_test_skcipher, |
2048 | .fips_allowed = 1, | ||
2032 | .suite = { | 2049 | .suite = { |
2033 | .cipher = { | 2050 | .cipher = { |
2034 | .enc = { | 2051 | .enc = { |
@@ -2044,6 +2061,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
2044 | }, { | 2061 | }, { |
2045 | .alg = "rfc4309(ccm(aes))", | 2062 | .alg = "rfc4309(ccm(aes))", |
2046 | .test = alg_test_aead, | 2063 | .test = alg_test_aead, |
2064 | .fips_allowed = 1, | ||
2047 | .suite = { | 2065 | .suite = { |
2048 | .aead = { | 2066 | .aead = { |
2049 | .enc = { | 2067 | .enc = { |
@@ -2106,6 +2124,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
2106 | }, { | 2124 | }, { |
2107 | .alg = "sha1", | 2125 | .alg = "sha1", |
2108 | .test = alg_test_hash, | 2126 | .test = alg_test_hash, |
2127 | .fips_allowed = 1, | ||
2109 | .suite = { | 2128 | .suite = { |
2110 | .hash = { | 2129 | .hash = { |
2111 | .vecs = sha1_tv_template, | 2130 | .vecs = sha1_tv_template, |
@@ -2115,6 +2134,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
2115 | }, { | 2134 | }, { |
2116 | .alg = "sha224", | 2135 | .alg = "sha224", |
2117 | .test = alg_test_hash, | 2136 | .test = alg_test_hash, |
2137 | .fips_allowed = 1, | ||
2118 | .suite = { | 2138 | .suite = { |
2119 | .hash = { | 2139 | .hash = { |
2120 | .vecs = sha224_tv_template, | 2140 | .vecs = sha224_tv_template, |
@@ -2124,6 +2144,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
2124 | }, { | 2144 | }, { |
2125 | .alg = "sha256", | 2145 | .alg = "sha256", |
2126 | .test = alg_test_hash, | 2146 | .test = alg_test_hash, |
2147 | .fips_allowed = 1, | ||
2127 | .suite = { | 2148 | .suite = { |
2128 | .hash = { | 2149 | .hash = { |
2129 | .vecs = sha256_tv_template, | 2150 | .vecs = sha256_tv_template, |
@@ -2133,6 +2154,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
2133 | }, { | 2154 | }, { |
2134 | .alg = "sha384", | 2155 | .alg = "sha384", |
2135 | .test = alg_test_hash, | 2156 | .test = alg_test_hash, |
2157 | .fips_allowed = 1, | ||
2136 | .suite = { | 2158 | .suite = { |
2137 | .hash = { | 2159 | .hash = { |
2138 | .vecs = sha384_tv_template, | 2160 | .vecs = sha384_tv_template, |
@@ -2142,6 +2164,7 @@ static const struct alg_test_desc alg_test_descs[] = { | |||
2142 | }, { | 2164 | }, { |
2143 | .alg = "sha512", | 2165 | .alg = "sha512", |
2144 | .test = alg_test_hash, | 2166 | .test = alg_test_hash, |
2167 | .fips_allowed = 1, | ||
2145 | .suite = { | 2168 | .suite = { |
2146 | .hash = { | 2169 | .hash = { |
2147 | .vecs = sha512_tv_template, | 2170 | .vecs = sha512_tv_template, |