Message ID | 2963701.QnyuGqI2Hv@myon.chronox.de (mailing list archive) |
---|---|
State | Not Applicable |
Delegated to: | Herbert Xu |
Headers | show |
On Thu, Oct 15, 2015 at 09:07:40AM +0200, Stephan Mueller wrote: > The testmanager code for symmetric ciphers is extended to allow > verification of the IV after a cipher operation. > > In addition, test vectors for kw(aes) for encryption and decryption are > added. > > Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> > Signed-off-by: Stephan Mueller <smueller@chronox.de> Oh I see. This patch can be applied without affect any existing drivers. In that case I'll just apply Boris's original patch #1 and then reapply your previous submission. Sorry for the confusion. Thanks,
Am Donnerstag, 15. Oktober 2015, 15:11:50 schrieb Herbert Xu: Hi Herbert, > On Thu, Oct 15, 2015 at 09:07:40AM +0200, Stephan Mueller wrote: > > The testmanager code for symmetric ciphers is extended to allow > > verification of the IV after a cipher operation. > > > > In addition, test vectors for kw(aes) for encryption and decryption are > > added. > > > > Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> > > Signed-off-by: Stephan Mueller <smueller@chronox.de> > > Oh I see. This patch can be applied without affect any existing > drivers. In that case I'll just apply Boris's original patch #1 > and then reapply your previous submission. > > Sorry for the confusion. Note, I had to convert akcipher to skcipher -- thus, I guess you want to take the newer patch and once you get back to Boris' original submission, just pull the updates to the test vectors. > > Thanks,
On Thu, Oct 15, 2015 at 09:13:55AM +0200, Stephan Mueller wrote: > Note, I had to convert akcipher to skcipher -- thus, I guess you want to take > the newer patch and once you get back to Boris' original submission, just pull > the updates to the test vectors. What I'll do is apply Boris's patch #1, and then followed by your v3. That should work, right? Thanks,
Am Donnerstag, 15. Oktober 2015, 15:17:12 schrieb Herbert Xu: Hi Herbert, > On Thu, Oct 15, 2015 at 09:13:55AM +0200, Stephan Mueller wrote: > > Note, I had to convert akcipher to skcipher -- thus, I guess you want to > > take the newer patch and once you get back to Boris' original submission, > > just pull the updates to the test vectors. > > What I'll do is apply Boris's patch #1, and then followed by your > v3. That should work, right? That would work, if you replace the ablkcipher calls in Boris' patch with skcipher to make that patch work. My patch v3 3/3 works unchanged on top of Boris' patch as tested before releasing v4 -- the patch 3/3 may have a hunk due to the changes in the number of lines.
On Thu, Oct 15, 2015 at 12:10:41PM +0200, Stephan Mueller wrote: > > That would work, if you replace the ablkcipher calls in Boris' patch with > skcipher to make that patch work. Right I'll do that when I merge the patch. Thanks for the heads up.
diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 25032b0..e48b1c8 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1034,12 +1034,22 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, q = data; if (memcmp(q, template[i].result, template[i].rlen)) { - pr_err("alg: skcipher%s: Test %d failed on %s for %s\n", + pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n", d, j, e, algo); hexdump(q, template[i].rlen); ret = -EINVAL; goto out; } + + if (template[i].iv_out && + memcmp(iv, template[i].iv_out, + crypto_skcipher_ivsize(tfm))) { + pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n", + d, j, e, algo); + hexdump(iv, crypto_skcipher_ivsize(tfm)); + ret = -EINVAL; + goto out; + } } j = 0; @@ -3277,6 +3287,22 @@ static const struct alg_test_desc alg_test_descs[] = { .fips_allowed = 1, .test = alg_test_null, }, { + .alg = "kw(aes)", + .test = alg_test_skcipher, + .fips_allowed = 1, + .suite = { + .cipher = { + .enc = { + .vecs = aes_kw_enc_tv_template, + .count = ARRAY_SIZE(aes_kw_enc_tv_template) + }, + .dec = { + .vecs = aes_kw_dec_tv_template, + .count = ARRAY_SIZE(aes_kw_dec_tv_template) + } + } + } + }, { .alg = "lrw(aes)", .test = alg_test_skcipher, .suite = { diff --git a/crypto/testmgr.h b/crypto/testmgr.h index e10582d..da0a8fd 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -67,6 +67,7 @@ struct hash_testvec { struct cipher_testvec { char *key; char *iv; + char *iv_out; char *input; char *result; unsigned short tap[MAX_TAP]; @@ -23832,6 +23833,46 @@ static struct aead_testvec rfc7539esp_dec_tv_template[] = { }; /* + * All key wrapping test vectors taken from + * http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip + * + * Note: as documented in keywrap.c, the ivout for encryption is the first + * semiblock of the ciphertext from the test vector. For decryption, iv is + * the first semiblock of the ciphertext. + */ +static struct cipher_testvec aes_kw_enc_tv_template[] = { + { + .key = "\x75\x75\xda\x3a\x93\x60\x7c\xc2" + "\xbf\xd8\xce\xc7\xaa\xdf\xd9\xa6", + .klen = 16, + .input = "\x42\x13\x6d\x3c\x38\x4a\x3e\xea" + "\xc9\x5a\x06\x6f\xd2\x8f\xed\x3f", + .ilen = 16, + .result = "\xf6\x85\x94\x81\x6f\x64\xca\xa3" + "\xf5\x6f\xab\xea\x25\x48\xf5\xfb", + .rlen = 16, + .iv_out = "\x03\x1f\x6b\xd7\xe6\x1e\x64\x3d", + }, +}; + +static struct cipher_testvec aes_kw_dec_tv_template[] = { + { + .key = "\x80\xaa\x99\x73\x27\xa4\x80\x6b" + "\x6a\x7a\x41\xa5\x2b\x86\xc3\x71" + "\x03\x86\xf9\x32\x78\x6e\xf7\x96" + "\x76\xfa\xfb\x90\xb8\x26\x3c\x5f", + .klen = 32, + .input = "\xd3\x3d\x3d\x97\x7b\xf0\xa9\x15" + "\x59\xf9\x9c\x8a\xcd\x29\x3d\x43", + .ilen = 16, + .result = "\x0a\x25\x6b\xa7\x5c\xfa\x03\xaa" + "\xa0\x2b\xa9\x42\x03\xf1\x5b\xaa", + .rlen = 16, + .iv = "\x42\x3c\x96\x0d\x8a\x2a\xc4\xc1", + }, +}; + +/* * ANSI X9.31 Continuous Pseudo-Random Number Generator (AES mode) * test vectors, taken from Appendix B.2.9 and B.2.10: * http://csrc.nist.gov/groups/STM/cavp/documents/rng/RNGVS.pdf