2005-06-22 16:26:03 -04:00
|
|
|
/*
|
2005-04-16 18:20:36 -04:00
|
|
|
* Quick & dirty crypto testing module.
|
|
|
|
*
|
|
|
|
* This will only exist until we have a better testing mechanism
|
|
|
|
* (e.g. a char device).
|
|
|
|
*
|
|
|
|
* Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
|
|
|
|
* Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
|
2007-11-26 09:12:07 -05:00
|
|
|
* Copyright (c) 2007 Nokia Siemens Networks
|
2005-04-16 18:20:36 -04:00
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License as published by the Free
|
2005-06-22 16:26:03 -04:00
|
|
|
* Software Foundation; either version 2 of the License, or (at your option)
|
2005-04-16 18:20:36 -04:00
|
|
|
* any later version.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
2008-07-10 04:01:22 -04:00
|
|
|
#include <crypto/hash.h>
|
2006-08-12 18:26:09 -04:00
|
|
|
#include <linux/err.h>
|
2005-04-16 18:20:36 -04:00
|
|
|
#include <linux/init.h>
|
|
|
|
#include <linux/module.h>
|
|
|
|
#include <linux/slab.h>
|
2005-09-17 03:55:31 -04:00
|
|
|
#include <linux/scatterlist.h>
|
2005-04-16 18:20:36 -04:00
|
|
|
#include <linux/string.h>
|
|
|
|
#include <linux/moduleparam.h>
|
2005-06-22 16:27:23 -04:00
|
|
|
#include <linux/jiffies.h>
|
2005-06-22 16:29:03 -04:00
|
|
|
#include <linux/timex.h>
|
|
|
|
#include <linux/interrupt.h>
|
2005-04-16 18:20:36 -04:00
|
|
|
#include "tcrypt.h"
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
#include "internal.h"
|
2005-04-16 18:20:36 -04:00
|
|
|
|
|
|
|
/*
|
2008-07-31 00:23:53 -04:00
|
|
|
* Need slab memory for testing (size in number of pages).
|
2005-04-16 18:20:36 -04:00
|
|
|
*/
|
2008-07-31 00:23:53 -04:00
|
|
|
#define TVMEMSIZE 4
|
2005-04-16 18:20:36 -04:00
|
|
|
|
|
|
|
/*
|
2008-07-31 05:08:25 -04:00
|
|
|
* Used by test_cipher_speed()
|
2005-04-16 18:20:36 -04:00
|
|
|
*/
|
|
|
|
#define ENCRYPT 1
|
|
|
|
#define DECRYPT 0
|
|
|
|
|
2005-06-22 16:27:23 -04:00
|
|
|
/*
|
|
|
|
* Used by test_cipher_speed()
|
|
|
|
*/
|
2005-06-22 16:29:03 -04:00
|
|
|
static unsigned int sec;
|
2005-06-22 16:27:23 -04:00
|
|
|
|
2005-04-16 18:20:36 -04:00
|
|
|
static int mode;
|
2008-07-31 00:23:53 -04:00
|
|
|
static char *tvmem[TVMEMSIZE];
|
2005-04-16 18:20:36 -04:00
|
|
|
|
|
|
|
static char *check[] = {
|
2007-11-10 07:08:25 -05:00
|
|
|
"des", "md5", "des3_ede", "rot13", "sha1", "sha224", "sha256",
|
|
|
|
"blowfish", "twofish", "serpent", "sha384", "sha512", "md4", "aes",
|
|
|
|
"cast6", "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea",
|
2006-12-15 20:13:14 -05:00
|
|
|
"khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", "fcrypt",
|
2008-05-09 09:29:35 -04:00
|
|
|
"camellia", "seed", "salsa20", "rmd128", "rmd160", "rmd256", "rmd320",
|
2009-03-04 02:42:15 -05:00
|
|
|
"lzo", "cts", "zlib", NULL
|
2005-04-16 18:20:36 -04:00
|
|
|
};
|
|
|
|
|
2008-07-31 00:23:53 -04:00
|
|
|
static int test_cipher_jiffies(struct blkcipher_desc *desc, int enc,
|
|
|
|
struct scatterlist *sg, int blen, int sec)
|
2005-06-22 16:29:03 -04:00
|
|
|
{
|
|
|
|
unsigned long start, end;
|
|
|
|
int bcount;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
for (start = jiffies, end = start + sec * HZ, bcount = 0;
|
|
|
|
time_before(jiffies, end); bcount++) {
|
|
|
|
if (enc)
|
2006-08-12 18:26:09 -04:00
|
|
|
ret = crypto_blkcipher_encrypt(desc, sg, sg, blen);
|
2005-06-22 16:29:03 -04:00
|
|
|
else
|
2006-08-12 18:26:09 -04:00
|
|
|
ret = crypto_blkcipher_decrypt(desc, sg, sg, blen);
|
2005-06-22 16:29:03 -04:00
|
|
|
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
printk("%d operations in %d seconds (%ld bytes)\n",
|
|
|
|
bcount, sec, (long)bcount * blen);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2008-07-31 00:23:53 -04:00
|
|
|
static int test_cipher_cycles(struct blkcipher_desc *desc, int enc,
|
|
|
|
struct scatterlist *sg, int blen)
|
2005-06-22 16:29:03 -04:00
|
|
|
{
|
|
|
|
unsigned long cycles = 0;
|
|
|
|
int ret = 0;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
local_bh_disable();
|
|
|
|
local_irq_disable();
|
|
|
|
|
|
|
|
/* Warm-up run. */
|
|
|
|
for (i = 0; i < 4; i++) {
|
|
|
|
if (enc)
|
2006-08-12 18:26:09 -04:00
|
|
|
ret = crypto_blkcipher_encrypt(desc, sg, sg, blen);
|
2005-06-22 16:29:03 -04:00
|
|
|
else
|
2006-08-12 18:26:09 -04:00
|
|
|
ret = crypto_blkcipher_decrypt(desc, sg, sg, blen);
|
2005-06-22 16:29:03 -04:00
|
|
|
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* The real thing. */
|
|
|
|
for (i = 0; i < 8; i++) {
|
|
|
|
cycles_t start, end;
|
|
|
|
|
|
|
|
start = get_cycles();
|
|
|
|
if (enc)
|
2006-08-12 18:26:09 -04:00
|
|
|
ret = crypto_blkcipher_encrypt(desc, sg, sg, blen);
|
2005-06-22 16:29:03 -04:00
|
|
|
else
|
2006-08-12 18:26:09 -04:00
|
|
|
ret = crypto_blkcipher_decrypt(desc, sg, sg, blen);
|
2005-06-22 16:29:03 -04:00
|
|
|
end = get_cycles();
|
|
|
|
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
cycles += end - start;
|
|
|
|
}
|
|
|
|
|
|
|
|
out:
|
|
|
|
local_irq_enable();
|
|
|
|
local_bh_enable();
|
|
|
|
|
|
|
|
if (ret == 0)
|
|
|
|
printk("1 operation in %lu cycles (%d bytes)\n",
|
|
|
|
(cycles + 4) / 8, blen);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2008-03-11 09:27:11 -04:00
|
|
|
static u32 block_sizes[] = { 16, 64, 256, 1024, 8192, 0 };
|
|
|
|
|
2008-07-31 03:41:55 -04:00
|
|
|
static void test_cipher_speed(const char *algo, int enc, unsigned int sec,
|
2008-07-31 05:08:25 -04:00
|
|
|
struct cipher_speed_template *template,
|
2008-03-11 09:27:11 -04:00
|
|
|
unsigned int tcount, u8 *keysize)
|
2005-06-22 16:27:23 -04:00
|
|
|
{
|
2005-06-22 16:27:51 -04:00
|
|
|
unsigned int ret, i, j, iv_len;
|
2008-07-31 05:08:25 -04:00
|
|
|
const char *key, iv[128];
|
2006-08-12 18:26:09 -04:00
|
|
|
struct crypto_blkcipher *tfm;
|
|
|
|
struct blkcipher_desc desc;
|
|
|
|
const char *e;
|
2008-03-11 09:27:11 -04:00
|
|
|
u32 *b_size;
|
2005-06-22 16:27:23 -04:00
|
|
|
|
|
|
|
if (enc == ENCRYPT)
|
|
|
|
e = "encryption";
|
|
|
|
else
|
|
|
|
e = "decryption";
|
|
|
|
|
2006-08-12 18:26:09 -04:00
|
|
|
printk("\ntesting speed of %s %s\n", algo, e);
|
2005-06-22 16:27:23 -04:00
|
|
|
|
2006-08-12 18:26:09 -04:00
|
|
|
tfm = crypto_alloc_blkcipher(algo, 0, CRYPTO_ALG_ASYNC);
|
2005-06-22 16:27:23 -04:00
|
|
|
|
2006-08-12 18:26:09 -04:00
|
|
|
if (IS_ERR(tfm)) {
|
|
|
|
printk("failed to load transform for %s: %ld\n", algo,
|
|
|
|
PTR_ERR(tfm));
|
2005-06-22 16:27:23 -04:00
|
|
|
return;
|
|
|
|
}
|
2006-08-12 18:26:09 -04:00
|
|
|
desc.tfm = tfm;
|
|
|
|
desc.flags = 0;
|
2005-06-22 16:27:23 -04:00
|
|
|
|
2008-03-11 09:27:11 -04:00
|
|
|
i = 0;
|
|
|
|
do {
|
2005-06-22 16:27:23 -04:00
|
|
|
|
2008-03-11 09:27:11 -04:00
|
|
|
b_size = block_sizes;
|
|
|
|
do {
|
2008-07-31 00:23:53 -04:00
|
|
|
struct scatterlist sg[TVMEMSIZE];
|
2005-06-22 16:27:23 -04:00
|
|
|
|
2008-07-31 00:23:53 -04:00
|
|
|
if ((*keysize + *b_size) > TVMEMSIZE * PAGE_SIZE) {
|
|
|
|
printk("template (%u) too big for "
|
|
|
|
"tvmem (%lu)\n", *keysize + *b_size,
|
|
|
|
TVMEMSIZE * PAGE_SIZE);
|
2008-03-11 09:27:11 -04:00
|
|
|
goto out;
|
|
|
|
}
|
2005-06-22 16:27:23 -04:00
|
|
|
|
2008-03-11 09:27:11 -04:00
|
|
|
printk("test %u (%d bit key, %d byte blocks): ", i,
|
|
|
|
*keysize * 8, *b_size);
|
|
|
|
|
2008-07-31 00:23:53 -04:00
|
|
|
memset(tvmem[0], 0xff, PAGE_SIZE);
|
2008-03-11 09:27:11 -04:00
|
|
|
|
|
|
|
/* set key, plain text and IV */
|
2008-07-31 05:08:25 -04:00
|
|
|
key = tvmem[0];
|
2008-03-11 09:27:11 -04:00
|
|
|
for (j = 0; j < tcount; j++) {
|
|
|
|
if (template[j].klen == *keysize) {
|
|
|
|
key = template[j].key;
|
|
|
|
break;
|
|
|
|
}
|
2005-06-22 16:27:51 -04:00
|
|
|
}
|
2005-06-22 16:27:23 -04:00
|
|
|
|
2008-03-11 09:27:11 -04:00
|
|
|
ret = crypto_blkcipher_setkey(tfm, key, *keysize);
|
|
|
|
if (ret) {
|
|
|
|
printk("setkey() failed flags=%x\n",
|
|
|
|
crypto_blkcipher_get_flags(tfm));
|
|
|
|
goto out;
|
|
|
|
}
|
2005-06-22 16:27:23 -04:00
|
|
|
|
2008-07-31 00:23:53 -04:00
|
|
|
sg_init_table(sg, TVMEMSIZE);
|
|
|
|
sg_set_buf(sg, tvmem[0] + *keysize,
|
|
|
|
PAGE_SIZE - *keysize);
|
|
|
|
for (j = 1; j < TVMEMSIZE; j++) {
|
|
|
|
sg_set_buf(sg + j, tvmem[j], PAGE_SIZE);
|
|
|
|
memset (tvmem[j], 0xff, PAGE_SIZE);
|
|
|
|
}
|
|
|
|
|
2008-03-11 09:27:11 -04:00
|
|
|
iv_len = crypto_blkcipher_ivsize(tfm);
|
|
|
|
if (iv_len) {
|
|
|
|
memset(&iv, 0xff, iv_len);
|
|
|
|
crypto_blkcipher_set_iv(tfm, iv, iv_len);
|
|
|
|
}
|
2005-06-22 16:27:23 -04:00
|
|
|
|
2008-03-11 09:27:11 -04:00
|
|
|
if (sec)
|
2008-07-31 00:23:53 -04:00
|
|
|
ret = test_cipher_jiffies(&desc, enc, sg,
|
|
|
|
*b_size, sec);
|
2008-03-11 09:27:11 -04:00
|
|
|
else
|
2008-07-31 00:23:53 -04:00
|
|
|
ret = test_cipher_cycles(&desc, enc, sg,
|
|
|
|
*b_size);
|
2005-06-22 16:27:23 -04:00
|
|
|
|
2008-03-11 09:27:11 -04:00
|
|
|
if (ret) {
|
|
|
|
printk("%s() failed flags=%x\n", e, desc.flags);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
b_size++;
|
|
|
|
i++;
|
|
|
|
} while (*b_size);
|
|
|
|
keysize++;
|
|
|
|
} while (*keysize);
|
2005-06-22 16:27:23 -04:00
|
|
|
|
|
|
|
out:
|
2006-08-12 18:26:09 -04:00
|
|
|
crypto_free_blkcipher(tfm);
|
2005-06-22 16:27:23 -04:00
|
|
|
}
|
|
|
|
|
2008-07-31 00:23:53 -04:00
|
|
|
static int test_hash_jiffies_digest(struct hash_desc *desc,
|
|
|
|
struct scatterlist *sg, int blen,
|
2006-08-19 07:38:49 -04:00
|
|
|
char *out, int sec)
|
|
|
|
{
|
|
|
|
unsigned long start, end;
|
|
|
|
int bcount;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
for (start = jiffies, end = start + sec * HZ, bcount = 0;
|
|
|
|
time_before(jiffies, end); bcount++) {
|
|
|
|
ret = crypto_hash_digest(desc, sg, blen, out);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
printk("%6u opers/sec, %9lu bytes/sec\n",
|
|
|
|
bcount / sec, ((long)bcount * blen) / sec);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2008-07-31 00:23:53 -04:00
|
|
|
static int test_hash_jiffies(struct hash_desc *desc, struct scatterlist *sg,
|
|
|
|
int blen, int plen, char *out, int sec)
|
2006-05-30 08:04:19 -04:00
|
|
|
{
|
|
|
|
unsigned long start, end;
|
|
|
|
int bcount, pcount;
|
2006-08-19 07:38:49 -04:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (plen == blen)
|
2008-07-31 00:23:53 -04:00
|
|
|
return test_hash_jiffies_digest(desc, sg, blen, out, sec);
|
2007-10-27 03:51:21 -04:00
|
|
|
|
2006-05-30 08:04:19 -04:00
|
|
|
for (start = jiffies, end = start + sec * HZ, bcount = 0;
|
|
|
|
time_before(jiffies, end); bcount++) {
|
2006-08-19 07:38:49 -04:00
|
|
|
ret = crypto_hash_init(desc);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
2006-05-30 08:04:19 -04:00
|
|
|
for (pcount = 0; pcount < blen; pcount += plen) {
|
2006-08-19 07:38:49 -04:00
|
|
|
ret = crypto_hash_update(desc, sg, plen);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
2006-05-30 08:04:19 -04:00
|
|
|
}
|
|
|
|
/* we assume there is enough space in 'out' for the result */
|
2006-08-19 07:38:49 -04:00
|
|
|
ret = crypto_hash_final(desc, out);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
2006-05-30 08:04:19 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
printk("%6u opers/sec, %9lu bytes/sec\n",
|
|
|
|
bcount / sec, ((long)bcount * blen) / sec);
|
|
|
|
|
2006-08-19 07:38:49 -04:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2008-07-31 00:23:53 -04:00
|
|
|
static int test_hash_cycles_digest(struct hash_desc *desc,
|
|
|
|
struct scatterlist *sg, int blen, char *out)
|
2006-08-19 07:38:49 -04:00
|
|
|
{
|
|
|
|
unsigned long cycles = 0;
|
|
|
|
int i;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
local_bh_disable();
|
|
|
|
local_irq_disable();
|
|
|
|
|
|
|
|
/* Warm-up run. */
|
|
|
|
for (i = 0; i < 4; i++) {
|
|
|
|
ret = crypto_hash_digest(desc, sg, blen, out);
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* The real thing. */
|
|
|
|
for (i = 0; i < 8; i++) {
|
|
|
|
cycles_t start, end;
|
|
|
|
|
|
|
|
start = get_cycles();
|
|
|
|
|
|
|
|
ret = crypto_hash_digest(desc, sg, blen, out);
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
end = get_cycles();
|
|
|
|
|
|
|
|
cycles += end - start;
|
|
|
|
}
|
|
|
|
|
|
|
|
out:
|
|
|
|
local_irq_enable();
|
|
|
|
local_bh_enable();
|
|
|
|
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
printk("%6lu cycles/operation, %4lu cycles/byte\n",
|
|
|
|
cycles / 8, cycles / (8 * blen));
|
|
|
|
|
|
|
|
return 0;
|
2006-05-30 08:04:19 -04:00
|
|
|
}
|
|
|
|
|
2008-07-31 00:23:53 -04:00
|
|
|
static int test_hash_cycles(struct hash_desc *desc, struct scatterlist *sg,
|
|
|
|
int blen, int plen, char *out)
|
2006-05-30 08:04:19 -04:00
|
|
|
{
|
|
|
|
unsigned long cycles = 0;
|
|
|
|
int i, pcount;
|
2006-08-19 07:38:49 -04:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (plen == blen)
|
2008-07-31 00:23:53 -04:00
|
|
|
return test_hash_cycles_digest(desc, sg, blen, out);
|
2007-10-27 03:51:21 -04:00
|
|
|
|
2006-05-30 08:04:19 -04:00
|
|
|
local_bh_disable();
|
|
|
|
local_irq_disable();
|
|
|
|
|
|
|
|
/* Warm-up run. */
|
|
|
|
for (i = 0; i < 4; i++) {
|
2006-08-19 07:38:49 -04:00
|
|
|
ret = crypto_hash_init(desc);
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
2006-05-30 08:04:19 -04:00
|
|
|
for (pcount = 0; pcount < blen; pcount += plen) {
|
2006-08-19 07:38:49 -04:00
|
|
|
ret = crypto_hash_update(desc, sg, plen);
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
2006-05-30 08:04:19 -04:00
|
|
|
}
|
2007-05-18 02:25:19 -04:00
|
|
|
ret = crypto_hash_final(desc, out);
|
2006-08-19 07:38:49 -04:00
|
|
|
if (ret)
|
|
|
|
goto out;
|
2006-05-30 08:04:19 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/* The real thing. */
|
|
|
|
for (i = 0; i < 8; i++) {
|
|
|
|
cycles_t start, end;
|
|
|
|
|
|
|
|
start = get_cycles();
|
|
|
|
|
2006-08-19 07:38:49 -04:00
|
|
|
ret = crypto_hash_init(desc);
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
2006-05-30 08:04:19 -04:00
|
|
|
for (pcount = 0; pcount < blen; pcount += plen) {
|
2006-08-19 07:38:49 -04:00
|
|
|
ret = crypto_hash_update(desc, sg, plen);
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
2006-05-30 08:04:19 -04:00
|
|
|
}
|
2006-08-19 07:38:49 -04:00
|
|
|
ret = crypto_hash_final(desc, out);
|
|
|
|
if (ret)
|
|
|
|
goto out;
|
2006-05-30 08:04:19 -04:00
|
|
|
|
|
|
|
end = get_cycles();
|
|
|
|
|
|
|
|
cycles += end - start;
|
|
|
|
}
|
|
|
|
|
2006-08-19 07:38:49 -04:00
|
|
|
out:
|
2006-05-30 08:04:19 -04:00
|
|
|
local_irq_enable();
|
|
|
|
local_bh_enable();
|
|
|
|
|
2006-08-19 07:38:49 -04:00
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
|
2006-05-30 08:04:19 -04:00
|
|
|
printk("%6lu cycles/operation, %4lu cycles/byte\n",
|
|
|
|
cycles / 8, cycles / (8 * blen));
|
|
|
|
|
2006-08-19 07:38:49 -04:00
|
|
|
return 0;
|
2006-05-30 08:04:19 -04:00
|
|
|
}
|
|
|
|
|
2008-07-31 03:41:55 -04:00
|
|
|
static void test_hash_speed(const char *algo, unsigned int sec,
|
|
|
|
struct hash_speed *speed)
|
2006-05-30 08:04:19 -04:00
|
|
|
{
|
2008-07-31 00:23:53 -04:00
|
|
|
struct scatterlist sg[TVMEMSIZE];
|
2006-08-19 07:38:49 -04:00
|
|
|
struct crypto_hash *tfm;
|
|
|
|
struct hash_desc desc;
|
2009-03-29 03:18:39 -04:00
|
|
|
static char output[1024];
|
2006-05-30 08:04:19 -04:00
|
|
|
int i;
|
2006-08-19 07:38:49 -04:00
|
|
|
int ret;
|
2006-05-30 08:04:19 -04:00
|
|
|
|
2009-03-29 03:18:39 -04:00
|
|
|
printk(KERN_INFO "\ntesting speed of %s\n", algo);
|
2006-05-30 08:04:19 -04:00
|
|
|
|
2006-08-19 07:38:49 -04:00
|
|
|
tfm = crypto_alloc_hash(algo, 0, CRYPTO_ALG_ASYNC);
|
2006-05-30 08:04:19 -04:00
|
|
|
|
2006-08-19 07:38:49 -04:00
|
|
|
if (IS_ERR(tfm)) {
|
2009-03-29 03:18:39 -04:00
|
|
|
printk(KERN_ERR "failed to load transform for %s: %ld\n", algo,
|
2006-08-19 07:38:49 -04:00
|
|
|
PTR_ERR(tfm));
|
2006-05-30 08:04:19 -04:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2006-08-19 07:38:49 -04:00
|
|
|
desc.tfm = tfm;
|
|
|
|
desc.flags = 0;
|
|
|
|
|
|
|
|
if (crypto_hash_digestsize(tfm) > sizeof(output)) {
|
2009-03-29 03:18:39 -04:00
|
|
|
printk(KERN_ERR "digestsize(%u) > outputbuffer(%zu)\n",
|
2006-08-19 07:38:49 -04:00
|
|
|
crypto_hash_digestsize(tfm), sizeof(output));
|
2006-05-30 08:04:19 -04:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2008-07-31 00:23:53 -04:00
|
|
|
sg_init_table(sg, TVMEMSIZE);
|
|
|
|
for (i = 0; i < TVMEMSIZE; i++) {
|
|
|
|
sg_set_buf(sg + i, tvmem[i], PAGE_SIZE);
|
|
|
|
memset(tvmem[i], 0xff, PAGE_SIZE);
|
|
|
|
}
|
|
|
|
|
2006-05-30 08:04:19 -04:00
|
|
|
for (i = 0; speed[i].blen != 0; i++) {
|
2008-07-31 00:23:53 -04:00
|
|
|
if (speed[i].blen > TVMEMSIZE * PAGE_SIZE) {
|
2009-03-29 03:18:39 -04:00
|
|
|
printk(KERN_ERR
|
|
|
|
"template (%u) too big for tvmem (%lu)\n",
|
2008-07-31 00:23:53 -04:00
|
|
|
speed[i].blen, TVMEMSIZE * PAGE_SIZE);
|
2006-05-30 08:04:19 -04:00
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2009-03-29 03:18:39 -04:00
|
|
|
printk(KERN_INFO "test%3u "
|
|
|
|
"(%5u byte blocks,%5u bytes per update,%4u updates): ",
|
2006-05-30 08:04:19 -04:00
|
|
|
i, speed[i].blen, speed[i].plen, speed[i].blen / speed[i].plen);
|
|
|
|
|
|
|
|
if (sec)
|
2008-07-31 00:23:53 -04:00
|
|
|
ret = test_hash_jiffies(&desc, sg, speed[i].blen,
|
2006-08-19 07:38:49 -04:00
|
|
|
speed[i].plen, output, sec);
|
2006-05-30 08:04:19 -04:00
|
|
|
else
|
2008-07-31 00:23:53 -04:00
|
|
|
ret = test_hash_cycles(&desc, sg, speed[i].blen,
|
2006-08-19 07:38:49 -04:00
|
|
|
speed[i].plen, output);
|
|
|
|
|
|
|
|
if (ret) {
|
2009-03-29 03:18:39 -04:00
|
|
|
printk(KERN_ERR "hashing failed ret=%d\n", ret);
|
2006-08-19 07:38:49 -04:00
|
|
|
break;
|
|
|
|
}
|
2006-05-30 08:04:19 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
out:
|
2006-08-19 07:38:49 -04:00
|
|
|
crypto_free_hash(tfm);
|
2006-05-30 08:04:19 -04:00
|
|
|
}
|
|
|
|
|
2005-06-22 16:26:03 -04:00
|
|
|
static void test_available(void)
|
2005-04-16 18:20:36 -04:00
|
|
|
{
|
|
|
|
char **name = check;
|
2005-06-22 16:26:03 -04:00
|
|
|
|
2005-04-16 18:20:36 -04:00
|
|
|
while (*name) {
|
|
|
|
printk("alg %s ", *name);
|
2007-04-04 03:41:07 -04:00
|
|
|
printk(crypto_has_alg(*name, 0, 0) ?
|
2006-08-26 04:12:40 -04:00
|
|
|
"found\n" : "not found\n");
|
2005-04-16 18:20:36 -04:00
|
|
|
name++;
|
2005-06-22 16:26:03 -04:00
|
|
|
}
|
2005-04-16 18:20:36 -04:00
|
|
|
}
|
|
|
|
|
2008-07-31 03:41:55 -04:00
|
|
|
static inline int tcrypt_test(const char *alg)
|
|
|
|
{
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
ret = alg_test(alg, alg, 0, 0);
|
|
|
|
/* non-fips algs return -EINVAL in fips mode */
|
|
|
|
if (fips_enabled && ret == -EINVAL)
|
|
|
|
ret = 0;
|
|
|
|
return ret;
|
2008-07-31 03:41:55 -04:00
|
|
|
}
|
|
|
|
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
static int do_test(int m)
|
2008-07-31 03:41:55 -04:00
|
|
|
{
|
|
|
|
int i;
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
int ret = 0;
|
2008-07-31 03:41:55 -04:00
|
|
|
|
|
|
|
switch (m) {
|
2005-04-16 18:20:36 -04:00
|
|
|
case 0:
|
2008-07-31 03:41:55 -04:00
|
|
|
for (i = 1; i < 200; i++)
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += do_test(i);
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 1:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("md5");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 2:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("sha1");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 3:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(des)");
|
|
|
|
ret += tcrypt_test("cbc(des)");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 4:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(des3_ede)");
|
|
|
|
ret += tcrypt_test("cbc(des3_ede)");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 5:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("md4");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
2005-06-22 16:26:03 -04:00
|
|
|
|
2005-04-16 18:20:36 -04:00
|
|
|
case 6:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("sha256");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
2005-06-22 16:26:03 -04:00
|
|
|
|
2005-04-16 18:20:36 -04:00
|
|
|
case 7:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(blowfish)");
|
|
|
|
ret += tcrypt_test("cbc(blowfish)");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 8:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(twofish)");
|
|
|
|
ret += tcrypt_test("cbc(twofish)");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
2005-06-22 16:26:03 -04:00
|
|
|
|
2005-04-16 18:20:36 -04:00
|
|
|
case 9:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(serpent)");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 10:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(aes)");
|
|
|
|
ret += tcrypt_test("cbc(aes)");
|
|
|
|
ret += tcrypt_test("lrw(aes)");
|
|
|
|
ret += tcrypt_test("xts(aes)");
|
|
|
|
ret += tcrypt_test("ctr(aes)");
|
|
|
|
ret += tcrypt_test("rfc3686(ctr(aes))");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 11:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("sha384");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
2005-06-22 16:26:03 -04:00
|
|
|
|
2005-04-16 18:20:36 -04:00
|
|
|
case 12:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("sha512");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 13:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("deflate");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 14:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(cast5)");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 15:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(cast6)");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 16:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(arc4)");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 17:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("michael_mic");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 18:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("crc32c");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 19:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(tea)");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 20:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(xtea)");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 21:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(khazad)");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 22:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("wp512");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 23:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("wp384");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 24:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("wp256");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 25:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(tnepres)");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 26:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(anubis)");
|
|
|
|
ret += tcrypt_test("cbc(anubis)");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 27:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("tgr192");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 28:
|
|
|
|
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("tgr160");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 29:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("tgr128");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
2008-05-09 09:29:35 -04:00
|
|
|
|
2005-09-01 20:42:46 -04:00
|
|
|
case 30:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(xeta)");
|
2005-09-01 20:42:46 -04:00
|
|
|
break;
|
2005-04-16 18:20:36 -04:00
|
|
|
|
2006-12-15 20:13:14 -05:00
|
|
|
case 31:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("pcbc(fcrypt)");
|
2006-12-15 20:13:14 -05:00
|
|
|
break;
|
|
|
|
|
2007-01-24 05:48:19 -05:00
|
|
|
case 32:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(camellia)");
|
|
|
|
ret += tcrypt_test("cbc(camellia)");
|
2007-01-24 05:48:19 -05:00
|
|
|
break;
|
2007-11-10 07:08:25 -05:00
|
|
|
case 33:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("sha224");
|
2007-11-10 07:08:25 -05:00
|
|
|
break;
|
2007-01-24 05:48:19 -05:00
|
|
|
|
2007-11-23 06:45:00 -05:00
|
|
|
case 34:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("salsa20");
|
2007-11-23 06:45:00 -05:00
|
|
|
break;
|
|
|
|
|
2007-12-01 22:55:47 -05:00
|
|
|
case 35:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("gcm(aes)");
|
2007-12-01 22:55:47 -05:00
|
|
|
break;
|
|
|
|
|
2007-12-07 03:53:23 -05:00
|
|
|
case 36:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("lzo");
|
2007-12-07 03:53:23 -05:00
|
|
|
break;
|
|
|
|
|
2007-12-12 07:24:22 -05:00
|
|
|
case 37:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ccm(aes)");
|
2007-12-12 07:24:22 -05:00
|
|
|
break;
|
|
|
|
|
2008-03-24 09:26:16 -04:00
|
|
|
case 38:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("cts(cbc(aes))");
|
2008-03-24 09:26:16 -04:00
|
|
|
break;
|
|
|
|
|
2008-05-07 10:16:36 -04:00
|
|
|
case 39:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("rmd128");
|
2008-05-07 10:16:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 40:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("rmd160");
|
2008-05-07 10:16:36 -04:00
|
|
|
break;
|
|
|
|
|
2008-05-09 09:29:35 -04:00
|
|
|
case 41:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("rmd256");
|
2008-05-09 09:29:35 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 42:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("rmd320");
|
2008-07-31 03:41:55 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 43:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ecb(seed)");
|
2008-05-09 09:29:35 -04:00
|
|
|
break;
|
|
|
|
|
2009-03-04 02:42:15 -05:00
|
|
|
case 44:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("zlib");
|
2009-03-04 02:42:15 -05:00
|
|
|
break;
|
|
|
|
|
2009-05-04 07:23:40 -04:00
|
|
|
case 45:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("rfc4309(ccm(aes))");
|
2009-05-04 07:23:40 -04:00
|
|
|
break;
|
|
|
|
|
2005-04-16 18:20:36 -04:00
|
|
|
case 100:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("hmac(md5)");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
2005-06-22 16:26:03 -04:00
|
|
|
|
2005-04-16 18:20:36 -04:00
|
|
|
case 101:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("hmac(sha1)");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
2005-06-22 16:26:03 -04:00
|
|
|
|
2005-04-16 18:20:36 -04:00
|
|
|
case 102:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("hmac(sha256)");
|
2005-04-16 18:20:36 -04:00
|
|
|
break;
|
|
|
|
|
2006-12-09 20:10:20 -05:00
|
|
|
case 103:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("hmac(sha384)");
|
2006-12-09 20:10:20 -05:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 104:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("hmac(sha512)");
|
2006-12-09 20:10:20 -05:00
|
|
|
break;
|
2007-12-31 23:59:28 -05:00
|
|
|
|
2007-11-10 07:08:25 -05:00
|
|
|
case 105:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("hmac(sha224)");
|
2007-11-10 07:08:25 -05:00
|
|
|
break;
|
2005-04-16 18:20:36 -04:00
|
|
|
|
2007-12-31 23:59:28 -05:00
|
|
|
case 106:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("xcbc(aes)");
|
2007-12-31 23:59:28 -05:00
|
|
|
break;
|
|
|
|
|
2008-05-07 10:16:36 -04:00
|
|
|
case 107:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("hmac(rmd128)");
|
2008-05-07 10:16:36 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 108:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("hmac(rmd160)");
|
2008-05-07 10:16:36 -04:00
|
|
|
break;
|
|
|
|
|
2009-05-04 07:46:29 -04:00
|
|
|
case 150:
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
ret += tcrypt_test("ansi_cprng");
|
2009-05-04 07:46:29 -04:00
|
|
|
break;
|
|
|
|
|
2005-06-22 16:27:23 -04:00
|
|
|
case 200:
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_16_24_32);
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("ecb(aes)", DECRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_16_24_32);
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("cbc(aes)", ENCRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_16_24_32);
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("cbc(aes)", DECRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_16_24_32);
|
2006-11-29 03:01:41 -05:00
|
|
|
test_cipher_speed("lrw(aes)", ENCRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_32_40_48);
|
2006-11-29 03:01:41 -05:00
|
|
|
test_cipher_speed("lrw(aes)", DECRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_32_40_48);
|
2007-09-19 08:23:13 -04:00
|
|
|
test_cipher_speed("xts(aes)", ENCRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_32_48_64);
|
2007-09-19 08:23:13 -04:00
|
|
|
test_cipher_speed("xts(aes)", DECRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_32_48_64);
|
2005-06-22 16:27:23 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 201:
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("ecb(des3_ede)", ENCRYPT, sec,
|
2008-07-31 05:08:25 -04:00
|
|
|
des3_speed_template, DES3_SPEED_VECTORS,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_24);
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("ecb(des3_ede)", DECRYPT, sec,
|
2008-07-31 05:08:25 -04:00
|
|
|
des3_speed_template, DES3_SPEED_VECTORS,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_24);
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("cbc(des3_ede)", ENCRYPT, sec,
|
2008-07-31 05:08:25 -04:00
|
|
|
des3_speed_template, DES3_SPEED_VECTORS,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_24);
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("cbc(des3_ede)", DECRYPT, sec,
|
2008-07-31 05:08:25 -04:00
|
|
|
des3_speed_template, DES3_SPEED_VECTORS,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_24);
|
2005-06-22 16:27:23 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 202:
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("ecb(twofish)", ENCRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_16_24_32);
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("ecb(twofish)", DECRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_16_24_32);
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("cbc(twofish)", ENCRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_16_24_32);
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("cbc(twofish)", DECRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_16_24_32);
|
2005-06-22 16:27:23 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 203:
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("ecb(blowfish)", ENCRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_8_32);
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("ecb(blowfish)", DECRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_8_32);
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("cbc(blowfish)", ENCRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_8_32);
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("cbc(blowfish)", DECRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_8_32);
|
2005-06-22 16:27:23 -04:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 204:
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("ecb(des)", ENCRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_8);
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("ecb(des)", DECRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_8);
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("cbc(des)", ENCRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_8);
|
2006-08-12 18:26:09 -04:00
|
|
|
test_cipher_speed("cbc(des)", DECRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_8);
|
2005-06-22 16:27:23 -04:00
|
|
|
break;
|
|
|
|
|
2007-01-24 05:48:19 -05:00
|
|
|
case 205:
|
|
|
|
test_cipher_speed("ecb(camellia)", ENCRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_16_24_32);
|
2007-01-24 05:48:19 -05:00
|
|
|
test_cipher_speed("ecb(camellia)", DECRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_16_24_32);
|
2007-01-24 05:48:19 -05:00
|
|
|
test_cipher_speed("cbc(camellia)", ENCRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_16_24_32);
|
2007-01-24 05:48:19 -05:00
|
|
|
test_cipher_speed("cbc(camellia)", DECRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_16_24_32);
|
2007-01-24 05:48:19 -05:00
|
|
|
break;
|
|
|
|
|
2007-12-07 04:17:43 -05:00
|
|
|
case 206:
|
|
|
|
test_cipher_speed("salsa20", ENCRYPT, sec, NULL, 0,
|
2008-03-11 09:24:26 -04:00
|
|
|
speed_template_16_32);
|
2007-12-07 04:17:43 -05:00
|
|
|
break;
|
|
|
|
|
2006-05-30 08:04:19 -04:00
|
|
|
case 300:
|
|
|
|
/* fall through */
|
|
|
|
|
|
|
|
case 301:
|
2006-08-19 07:38:49 -04:00
|
|
|
test_hash_speed("md4", sec, generic_hash_speed_template);
|
2006-05-30 08:04:19 -04:00
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
|
|
|
case 302:
|
2006-08-19 07:38:49 -04:00
|
|
|
test_hash_speed("md5", sec, generic_hash_speed_template);
|
2006-05-30 08:04:19 -04:00
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
|
|
|
case 303:
|
2006-08-19 07:38:49 -04:00
|
|
|
test_hash_speed("sha1", sec, generic_hash_speed_template);
|
2006-05-30 08:04:19 -04:00
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
|
|
|
case 304:
|
2006-08-19 07:38:49 -04:00
|
|
|
test_hash_speed("sha256", sec, generic_hash_speed_template);
|
2006-05-30 08:04:19 -04:00
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
|
|
|
case 305:
|
2006-08-19 07:38:49 -04:00
|
|
|
test_hash_speed("sha384", sec, generic_hash_speed_template);
|
2006-05-30 08:04:19 -04:00
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
|
|
|
case 306:
|
2006-08-19 07:38:49 -04:00
|
|
|
test_hash_speed("sha512", sec, generic_hash_speed_template);
|
2006-05-30 08:04:19 -04:00
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
|
|
|
case 307:
|
2006-08-19 07:38:49 -04:00
|
|
|
test_hash_speed("wp256", sec, generic_hash_speed_template);
|
2006-05-30 08:04:19 -04:00
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
|
|
|
case 308:
|
2006-08-19 07:38:49 -04:00
|
|
|
test_hash_speed("wp384", sec, generic_hash_speed_template);
|
2006-05-30 08:04:19 -04:00
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
|
|
|
case 309:
|
2006-08-19 07:38:49 -04:00
|
|
|
test_hash_speed("wp512", sec, generic_hash_speed_template);
|
2006-05-30 08:04:19 -04:00
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
|
|
|
case 310:
|
2006-08-19 07:38:49 -04:00
|
|
|
test_hash_speed("tgr128", sec, generic_hash_speed_template);
|
2006-05-30 08:04:19 -04:00
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
|
|
|
case 311:
|
2006-08-19 07:38:49 -04:00
|
|
|
test_hash_speed("tgr160", sec, generic_hash_speed_template);
|
2006-05-30 08:04:19 -04:00
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
|
|
|
case 312:
|
2006-08-19 07:38:49 -04:00
|
|
|
test_hash_speed("tgr192", sec, generic_hash_speed_template);
|
2006-05-30 08:04:19 -04:00
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
2007-11-10 07:08:25 -05:00
|
|
|
case 313:
|
|
|
|
test_hash_speed("sha224", sec, generic_hash_speed_template);
|
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
2008-05-07 10:16:36 -04:00
|
|
|
case 314:
|
|
|
|
test_hash_speed("rmd128", sec, generic_hash_speed_template);
|
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
|
|
|
case 315:
|
|
|
|
test_hash_speed("rmd160", sec, generic_hash_speed_template);
|
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
2008-05-09 09:29:35 -04:00
|
|
|
case 316:
|
|
|
|
test_hash_speed("rmd256", sec, generic_hash_speed_template);
|
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
|
|
|
case 317:
|
|
|
|
test_hash_speed("rmd320", sec, generic_hash_speed_template);
|
|
|
|
if (mode > 300 && mode < 400) break;
|
|
|
|
|
2006-05-30 08:04:19 -04:00
|
|
|
case 399:
|
|
|
|
break;
|
|
|
|
|
2005-04-16 18:20:36 -04:00
|
|
|
case 1000:
|
|
|
|
test_available();
|
|
|
|
break;
|
|
|
|
}
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
|
|
|
|
return ret;
|
2005-04-16 18:20:36 -04:00
|
|
|
}
|
|
|
|
|
2008-04-05 09:00:57 -04:00
|
|
|
static int __init tcrypt_mod_init(void)
|
2005-04-16 18:20:36 -04:00
|
|
|
{
|
2007-11-26 09:12:07 -05:00
|
|
|
int err = -ENOMEM;
|
2008-07-31 00:23:53 -04:00
|
|
|
int i;
|
2007-11-26 09:12:07 -05:00
|
|
|
|
2008-07-31 00:23:53 -04:00
|
|
|
for (i = 0; i < TVMEMSIZE; i++) {
|
|
|
|
tvmem[i] = (void *)__get_free_page(GFP_KERNEL);
|
|
|
|
if (!tvmem[i])
|
|
|
|
goto err_free_tv;
|
|
|
|
}
|
2005-04-16 18:20:36 -04:00
|
|
|
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
err = do_test(mode);
|
|
|
|
if (err) {
|
|
|
|
printk(KERN_ERR "tcrypt: one or more tests failed!\n");
|
|
|
|
goto err_free_tv;
|
|
|
|
}
|
2006-05-30 00:49:38 -04:00
|
|
|
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
/* We intentionaly return -EAGAIN to prevent keeping the module,
|
|
|
|
* unless we're running in fips mode. It does all its work from
|
|
|
|
* init() and doesn't offer any runtime functionality, but in
|
|
|
|
* the fips case, checking for a successful load is helpful.
|
2006-05-30 00:49:38 -04:00
|
|
|
* => we don't need it in the memory, do we?
|
|
|
|
* -- mludvig
|
|
|
|
*/
|
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 01:10:21 -04:00
|
|
|
if (!fips_enabled)
|
|
|
|
err = -EAGAIN;
|
2007-11-26 09:12:07 -05:00
|
|
|
|
2008-07-31 00:23:53 -04:00
|
|
|
err_free_tv:
|
|
|
|
for (i = 0; i < TVMEMSIZE && tvmem[i]; i++)
|
|
|
|
free_page((unsigned long)tvmem[i]);
|
2007-11-26 09:12:07 -05:00
|
|
|
|
|
|
|
return err;
|
2005-04-16 18:20:36 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If an init function is provided, an exit function must also be provided
|
|
|
|
* to allow module unload.
|
|
|
|
*/
|
2008-04-05 09:00:57 -04:00
|
|
|
static void __exit tcrypt_mod_fini(void) { }
|
2005-04-16 18:20:36 -04:00
|
|
|
|
2008-04-05 09:00:57 -04:00
|
|
|
module_init(tcrypt_mod_init);
|
|
|
|
module_exit(tcrypt_mod_fini);
|
2005-04-16 18:20:36 -04:00
|
|
|
|
|
|
|
module_param(mode, int, 0);
|
2005-06-22 16:27:23 -04:00
|
|
|
module_param(sec, uint, 0);
|
2005-06-22 16:29:03 -04:00
|
|
|
MODULE_PARM_DESC(sec, "Length in seconds of speed tests "
|
|
|
|
"(defaults to zero which uses CPU cycles instead)");
|
2005-04-16 18:20:36 -04:00
|
|
|
|
|
|
|
MODULE_LICENSE("GPL");
|
|
|
|
MODULE_DESCRIPTION("Quick & dirty crypto testing module");
|
|
|
|
MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>");
|