| Message ID | 2391ff22-97be-bc6a-3650-3cade8a78393@linux.ibm.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | crypto/testmgr: add selftests for paes-s390 | expand |
On Thu, Feb 13, 2020 at 08:40:06AM +0100, Harald Freudenberger wrote: > This patch enables the selftests for the s390 specific protected key > AES (PAES) cipher implementations: > * cbc-paes-s390 > * ctr-paes-s390 > * ecb-paes-s390 > * xts-paes-s390 > PAES is an AES cipher but with encrypted ('protected') key > material. However, the paes ciphers are able to derive an protected > key from clear key material with the help of the pkey kernel module. > > So this patch now enables the generic AES tests for the paes > ciphers. Under the hood the setkey() functions rearrange the clear key > values as clear key token and so the pkey kernel module is able to > provide protected key blobs from the given clear key values. The > derived protected key blobs are then used within the paes cipers and > should produce the very same results as the generic AES implementation > with the clear key values. > > The s390-paes cipher testlist entries are surrounded > by #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) because they don't > make any sense on non s390 platforms or without the PAES > cipher implementation. > > Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> > Signed-off-by: Vasily Gorbik <gor@linux.ibm.com> > --- > crypto/testmgr.c | 36 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 36 insertions(+) Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Thanks,
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 82513b6b0abd..6c4a98102825 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -4156,6 +4156,15 @@ static const struct alg_test_desc alg_test_descs[] = { .cipher = __VECS(tf_cbc_tv_template) }, }, { +#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) + .alg = "cbc-paes-s390", + .fips_allowed = 1, + .test = alg_test_skcipher, + .suite = { + .cipher = __VECS(aes_cbc_tv_template) + } + }, { +#endif .alg = "cbcmac(aes)", .fips_allowed = 1, .test = alg_test_hash, @@ -4304,6 +4313,15 @@ static const struct alg_test_desc alg_test_descs[] = { .cipher = __VECS(tf_ctr_tv_template) } }, { +#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) + .alg = "ctr-paes-s390", + .fips_allowed = 1, + .test = alg_test_skcipher, + .suite = { + .cipher = __VECS(aes_ctr_tv_template) + } + }, { +#endif .alg = "cts(cbc(aes))", .test = alg_test_skcipher, .fips_allowed = 1, @@ -4596,6 +4614,15 @@ static const struct alg_test_desc alg_test_descs[] = { .cipher = __VECS(xtea_tv_template) } }, { +#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) + .alg = "ecb-paes-s390", + .fips_allowed = 1, + .test = alg_test_skcipher, + .suite = { + .cipher = __VECS(aes_tv_template) + } + }, { +#endif .alg = "ecdh", .test = alg_test_kpp, .fips_allowed = 1, @@ -5167,6 +5194,15 @@ static const struct alg_test_desc alg_test_descs[] = { .cipher = __VECS(tf_xts_tv_template) } }, { +#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) + .alg = "xts-paes-s390", + .fips_allowed = 1, + .test = alg_test_skcipher, + .suite = { + .cipher = __VECS(aes_xts_tv_template) + } + }, { +#endif .alg = "xts4096(paes)", .test = alg_test_null, .fips_allowed = 1,
This patch enables the selftests for the s390 specific protected key AES (PAES) cipher implementations: * cbc-paes-s390 * ctr-paes-s390 * ecb-paes-s390 * xts-paes-s390 PAES is an AES cipher but with encrypted ('protected') key material. However, the paes ciphers are able to derive an protected key from clear key material with the help of the pkey kernel module. So this patch now enables the generic AES tests for the paes ciphers. Under the hood the setkey() functions rearrange the clear key values as clear key token and so the pkey kernel module is able to provide protected key blobs from the given clear key values. The derived protected key blobs are then used within the paes cipers and should produce the very same results as the generic AES implementation with the clear key values. The s390-paes cipher testlist entries are surrounded by #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) because they don't make any sense on non s390 platforms or without the PAES cipher implementation. Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Vasily Gorbik <gor@linux.ibm.com> --- crypto/testmgr.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+)