kernel/crypto/fips140-selftests.c

33  * our test vectors except the AES-CBC-CTS and DRBG ones were generated by the
51  *     SHA-256 and AES library APIs, despite that being needed here.
54 #include <crypto/aes.h>
563 	 * Test for the AES library API.
565 	 * Since the AES library API may use its own AES implementation and the
567 	 * (it's just plain AES), we must test it directly.
569 	 * In contrast, we don't need to directly test the "aes" ciphers that
570 	 * are accessible through the crypto_cipher API (e.g. "aes-ce"), as they
571 	 * are covered indirectly by AES-CMAC and AES-ECB tests.
574 		.alg		= "aes",
575 		.impls		= {"aes-lib"},
586 	 * Tests for AES-CMAC, a.k.a. "cmac(aes)" in crypto API syntax.
588 	 * The IG requires that each underlying AES implementation be tested in
590 	 * implements AES-GCM and AES-CMAC.  However, AES-GCM doesn't "count"
591 	 * because this module's implementations of AES-GCM won't actually be
594 	 * Therefore, for us this requirement applies to AES-CMAC, so we must
595 	 * test the "cmac" template composed with each "aes" implementation.
598 	 * implementations of "cmac(aes)" such as "cmac-aes-ce", as they don't
599 	 * reuse another full AES implementation and thus can't be covered by
603 		.alg		= "cmac(aes)",
605 			/* "cmac" template with all "aes" implementations */
606 			"cmac(aes-generic)",
607 			"cmac(aes-arm64)",
608 			"cmac(aes-ce)",
609 			/* All standalone implementations of "cmac(aes)" */
610 			"cmac-aes-neon",
611 			"cmac-aes-ce",
624 	 * Tests for AES-ECB, a.k.a. "ecb(aes)" in crypto API syntax.
626 	 * The IG requires that each underlying AES implementation be tested in
627 	 * a mode that exercises the encryption direction of AES and in a mode
628 	 * that exercises the decryption direction of AES.  CMAC only covers the
630 	 * test the "ecb" template composed with each "aes" implementation.
633 	 * implementations of "ecb(aes)" such as "ecb-aes-ce", as they don't
634 	 * reuse another full AES implementation and thus can't be covered by
638 		.alg		= "ecb(aes)",
640 			/* "ecb" template with all "aes" implementations */
641 			"ecb(aes-generic)",
642 			"ecb(aes-arm64)",
643 			"ecb(aes-ce)",
644 			/* All standalone implementations of "ecb(aes)" */
645 			"ecb-aes-neon",
646 			"ecb-aes-neonbs",
647 			"ecb-aes-ce",
659 	 * Tests for AES-CBC, AES-CBC-CTS, AES-CTR, AES-XTS, and AES-GCM.
661 	 * According to the IG, an AES mode of operation doesn't need to have
663 	 * directions of the underlying AES implementation are already tested
667 	 * we don't need to test any other AES mode templates.
670 	 * such as "cbc-aes-ce", as such implementations don't reuse another
671 	 * full AES implementation and thus can't be covered by another test.
674 	 * The AES-GCM test isn't actually required, as it's expected that this
675 	 * module's AES-GCM implementation won't actually be able to be
678 	 * don't generate their own IVs.  We choose to still include the AES-GCM
680 	 * case it turns out that AES-GCM can be approved after all.
683 		.alg		= "cbc(aes)",
685 			/* All standalone implementations of "cbc(aes)" */
686 			"cbc-aes-neon",
687 			"cbc-aes-neonbs",
688 			"cbc-aes-ce",
701 		.alg		= "cts(cbc(aes))",
703 			/* All standalone implementations of "cts(cbc(aes))" */
704 			"cts-cbc-aes-neon",
705 			"cts-cbc-aes-ce",
727 		.alg		= "ctr(aes)",
729 			/* All standalone implementations of "ctr(aes)" */
730 			"ctr-aes-neon",
731 			"ctr-aes-neonbs",
732 			"ctr-aes-ce",
745 		.alg		= "xts(aes)",
747 			/* All standalone implementations of "xts(aes)" */
748 			"xts-aes-neon",
749 			"xts-aes-neonbs",
750 			"xts-aes-ce",
763 		.alg		= "gcm(aes)",
765 			/* All standalone implementations of "gcm(aes)" */
766 			"gcm-aes-ce",