2005-06-23 00:26:03 +04:00
/*
2005-04-17 02:20:36 +04:00
* Quick & dirty crypto testing module .
*
* This will only exist until we have a better testing mechanism
* ( e . g . a char device ) .
*
* Copyright ( c ) 2002 James Morris < jmorris @ intercode . com . au >
* Copyright ( c ) 2002 Jean - Francois Dive < jef @ linuxbe . org >
2007-11-26 17:12:07 +03:00
* Copyright ( c ) 2007 Nokia Siemens Networks
2005-04-17 02:20:36 +04:00
*
* This program is free software ; you can redistribute it and / or modify it
* under the terms of the GNU General Public License as published by the Free
2005-06-23 00:26:03 +04:00
* Software Foundation ; either version 2 of the License , or ( at your option )
2005-04-17 02:20:36 +04:00
* any later version .
*
*/
2008-07-10 12:01:22 +04:00
# include <crypto/hash.h>
2006-08-13 02:26:09 +04:00
# include <linux/err.h>
2005-04-17 02:20:36 +04:00
# include <linux/init.h>
# include <linux/module.h>
# include <linux/slab.h>
2005-09-17 11:55:31 +04:00
# include <linux/scatterlist.h>
2005-04-17 02:20:36 +04:00
# include <linux/string.h>
# include <linux/moduleparam.h>
2005-06-23 00:27:23 +04:00
# include <linux/jiffies.h>
2005-06-23 00:29:03 +04:00
# include <linux/timex.h>
# include <linux/interrupt.h>
2005-04-17 02:20:36 +04:00
# include "tcrypt.h"
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
# include "internal.h"
2005-04-17 02:20:36 +04:00
/*
2008-07-31 08:23:53 +04:00
* Need slab memory for testing ( size in number of pages ) .
2005-04-17 02:20:36 +04:00
*/
2008-07-31 08:23:53 +04:00
# define TVMEMSIZE 4
2005-04-17 02:20:36 +04:00
/*
2008-07-31 13:08:25 +04:00
* Used by test_cipher_speed ( )
2005-04-17 02:20:36 +04:00
*/
# define ENCRYPT 1
# define DECRYPT 0
2005-06-23 00:27:23 +04:00
/*
* Used by test_cipher_speed ( )
*/
2005-06-23 00:29:03 +04:00
static unsigned int sec ;
2005-06-23 00:27:23 +04:00
2009-06-19 15:46:53 +04:00
static char * alg = NULL ;
static u32 type ;
2009-07-14 12:06:54 +04:00
static u32 mask ;
2005-04-17 02:20:36 +04:00
static int mode ;
2008-07-31 08:23:53 +04:00
static char * tvmem [ TVMEMSIZE ] ;
2005-04-17 02:20:36 +04:00
static char * check [ ] = {
2007-11-10 15:08:25 +03:00
" des " , " md5 " , " des3_ede " , " rot13 " , " sha1 " , " sha224 " , " sha256 " ,
" blowfish " , " twofish " , " serpent " , " sha384 " , " sha512 " , " md4 " , " aes " ,
" cast6 " , " arc4 " , " michael_mic " , " deflate " , " crc32c " , " tea " , " xtea " ,
2006-12-16 04:13:14 +03:00
" khazad " , " wp512 " , " wp384 " , " wp256 " , " tnepres " , " xeta " , " fcrypt " ,
2008-05-09 17:29:35 +04:00
" camellia " , " seed " , " salsa20 " , " rmd128 " , " rmd160 " , " rmd256 " , " rmd320 " ,
2009-03-04 10:42:15 +03:00
" lzo " , " cts " , " zlib " , NULL
2005-04-17 02:20:36 +04:00
} ;
2008-07-31 08:23:53 +04:00
static int test_cipher_jiffies ( struct blkcipher_desc * desc , int enc ,
struct scatterlist * sg , int blen , int sec )
2005-06-23 00:29:03 +04:00
{
unsigned long start , end ;
int bcount ;
int ret ;
for ( start = jiffies , end = start + sec * HZ , bcount = 0 ;
time_before ( jiffies , end ) ; bcount + + ) {
if ( enc )
2006-08-13 02:26:09 +04:00
ret = crypto_blkcipher_encrypt ( desc , sg , sg , blen ) ;
2005-06-23 00:29:03 +04:00
else
2006-08-13 02:26:09 +04:00
ret = crypto_blkcipher_decrypt ( desc , sg , sg , blen ) ;
2005-06-23 00:29:03 +04:00
if ( ret )
return ret ;
}
printk ( " %d operations in %d seconds (%ld bytes) \n " ,
bcount , sec , ( long ) bcount * blen ) ;
return 0 ;
}
2008-07-31 08:23:53 +04:00
static int test_cipher_cycles ( struct blkcipher_desc * desc , int enc ,
struct scatterlist * sg , int blen )
2005-06-23 00:29:03 +04:00
{
unsigned long cycles = 0 ;
int ret = 0 ;
int i ;
local_bh_disable ( ) ;
local_irq_disable ( ) ;
/* Warm-up run. */
for ( i = 0 ; i < 4 ; i + + ) {
if ( enc )
2006-08-13 02:26:09 +04:00
ret = crypto_blkcipher_encrypt ( desc , sg , sg , blen ) ;
2005-06-23 00:29:03 +04:00
else
2006-08-13 02:26:09 +04:00
ret = crypto_blkcipher_decrypt ( desc , sg , sg , blen ) ;
2005-06-23 00:29:03 +04:00
if ( ret )
goto out ;
}
/* The real thing. */
for ( i = 0 ; i < 8 ; i + + ) {
cycles_t start , end ;
start = get_cycles ( ) ;
if ( enc )
2006-08-13 02:26:09 +04:00
ret = crypto_blkcipher_encrypt ( desc , sg , sg , blen ) ;
2005-06-23 00:29:03 +04:00
else
2006-08-13 02:26:09 +04:00
ret = crypto_blkcipher_decrypt ( desc , sg , sg , blen ) ;
2005-06-23 00:29:03 +04:00
end = get_cycles ( ) ;
if ( ret )
goto out ;
cycles + = end - start ;
}
out :
local_irq_enable ( ) ;
local_bh_enable ( ) ;
if ( ret = = 0 )
printk ( " 1 operation in %lu cycles (%d bytes) \n " ,
( cycles + 4 ) / 8 , blen ) ;
return ret ;
}
2008-03-11 16:27:11 +03:00
static u32 block_sizes [ ] = { 16 , 64 , 256 , 1024 , 8192 , 0 } ;
2008-07-31 11:41:55 +04:00
static void test_cipher_speed ( const char * algo , int enc , unsigned int sec ,
2008-07-31 13:08:25 +04:00
struct cipher_speed_template * template ,
2008-03-11 16:27:11 +03:00
unsigned int tcount , u8 * keysize )
2005-06-23 00:27:23 +04:00
{
2005-06-23 00:27:51 +04:00
unsigned int ret , i , j , iv_len ;
2008-07-31 13:08:25 +04:00
const char * key , iv [ 128 ] ;
2006-08-13 02:26:09 +04:00
struct crypto_blkcipher * tfm ;
struct blkcipher_desc desc ;
const char * e ;
2008-03-11 16:27:11 +03:00
u32 * b_size ;
2005-06-23 00:27:23 +04:00
if ( enc = = ENCRYPT )
e = " encryption " ;
else
e = " decryption " ;
2006-08-13 02:26:09 +04:00
printk ( " \n testing speed of %s %s \n " , algo , e ) ;
2005-06-23 00:27:23 +04:00
2006-08-13 02:26:09 +04:00
tfm = crypto_alloc_blkcipher ( algo , 0 , CRYPTO_ALG_ASYNC ) ;
2005-06-23 00:27:23 +04:00
2006-08-13 02:26:09 +04:00
if ( IS_ERR ( tfm ) ) {
printk ( " failed to load transform for %s: %ld \n " , algo ,
PTR_ERR ( tfm ) ) ;
2005-06-23 00:27:23 +04:00
return ;
}
2006-08-13 02:26:09 +04:00
desc . tfm = tfm ;
desc . flags = 0 ;
2005-06-23 00:27:23 +04:00
2008-03-11 16:27:11 +03:00
i = 0 ;
do {
2005-06-23 00:27:23 +04:00
2008-03-11 16:27:11 +03:00
b_size = block_sizes ;
do {
2008-07-31 08:23:53 +04:00
struct scatterlist sg [ TVMEMSIZE ] ;
2005-06-23 00:27:23 +04:00
2008-07-31 08:23:53 +04:00
if ( ( * keysize + * b_size ) > TVMEMSIZE * PAGE_SIZE ) {
printk ( " template (%u) too big for "
" tvmem (%lu) \n " , * keysize + * b_size ,
TVMEMSIZE * PAGE_SIZE ) ;
2008-03-11 16:27:11 +03:00
goto out ;
}
2005-06-23 00:27:23 +04:00
2008-03-11 16:27:11 +03:00
printk ( " test %u (%d bit key, %d byte blocks): " , i ,
* keysize * 8 , * b_size ) ;
2008-07-31 08:23:53 +04:00
memset ( tvmem [ 0 ] , 0xff , PAGE_SIZE ) ;
2008-03-11 16:27:11 +03:00
/* set key, plain text and IV */
2008-07-31 13:08:25 +04:00
key = tvmem [ 0 ] ;
2008-03-11 16:27:11 +03:00
for ( j = 0 ; j < tcount ; j + + ) {
if ( template [ j ] . klen = = * keysize ) {
key = template [ j ] . key ;
break ;
}
2005-06-23 00:27:51 +04:00
}
2005-06-23 00:27:23 +04:00
2008-03-11 16:27:11 +03:00
ret = crypto_blkcipher_setkey ( tfm , key , * keysize ) ;
if ( ret ) {
printk ( " setkey() failed flags=%x \n " ,
crypto_blkcipher_get_flags ( tfm ) ) ;
goto out ;
}
2005-06-23 00:27:23 +04:00
2008-07-31 08:23:53 +04:00
sg_init_table ( sg , TVMEMSIZE ) ;
sg_set_buf ( sg , tvmem [ 0 ] + * keysize ,
PAGE_SIZE - * keysize ) ;
for ( j = 1 ; j < TVMEMSIZE ; j + + ) {
sg_set_buf ( sg + j , tvmem [ j ] , PAGE_SIZE ) ;
memset ( tvmem [ j ] , 0xff , PAGE_SIZE ) ;
}
2008-03-11 16:27:11 +03:00
iv_len = crypto_blkcipher_ivsize ( tfm ) ;
if ( iv_len ) {
memset ( & iv , 0xff , iv_len ) ;
crypto_blkcipher_set_iv ( tfm , iv , iv_len ) ;
}
2005-06-23 00:27:23 +04:00
2008-03-11 16:27:11 +03:00
if ( sec )
2008-07-31 08:23:53 +04:00
ret = test_cipher_jiffies ( & desc , enc , sg ,
* b_size , sec ) ;
2008-03-11 16:27:11 +03:00
else
2008-07-31 08:23:53 +04:00
ret = test_cipher_cycles ( & desc , enc , sg ,
* b_size ) ;
2005-06-23 00:27:23 +04:00
2008-03-11 16:27:11 +03:00
if ( ret ) {
printk ( " %s() failed flags=%x \n " , e , desc . flags ) ;
break ;
}
b_size + + ;
i + + ;
} while ( * b_size ) ;
keysize + + ;
} while ( * keysize ) ;
2005-06-23 00:27:23 +04:00
out :
2006-08-13 02:26:09 +04:00
crypto_free_blkcipher ( tfm ) ;
2005-06-23 00:27:23 +04:00
}
2008-07-31 08:23:53 +04:00
static int test_hash_jiffies_digest ( struct hash_desc * desc ,
struct scatterlist * sg , int blen ,
2006-08-19 15:38:49 +04:00
char * out , int sec )
{
unsigned long start , end ;
int bcount ;
int ret ;
for ( start = jiffies , end = start + sec * HZ , bcount = 0 ;
time_before ( jiffies , end ) ; bcount + + ) {
ret = crypto_hash_digest ( desc , sg , blen , out ) ;
if ( ret )
return ret ;
}
printk ( " %6u opers/sec, %9lu bytes/sec \n " ,
bcount / sec , ( ( long ) bcount * blen ) / sec ) ;
return 0 ;
}
2008-07-31 08:23:53 +04:00
static int test_hash_jiffies ( struct hash_desc * desc , struct scatterlist * sg ,
int blen , int plen , char * out , int sec )
2006-05-30 16:04:19 +04:00
{
unsigned long start , end ;
int bcount , pcount ;
2006-08-19 15:38:49 +04:00
int ret ;
if ( plen = = blen )
2008-07-31 08:23:53 +04:00
return test_hash_jiffies_digest ( desc , sg , blen , out , sec ) ;
2007-10-27 11:51:21 +04:00
2006-05-30 16:04:19 +04:00
for ( start = jiffies , end = start + sec * HZ , bcount = 0 ;
time_before ( jiffies , end ) ; bcount + + ) {
2006-08-19 15:38:49 +04:00
ret = crypto_hash_init ( desc ) ;
if ( ret )
return ret ;
2006-05-30 16:04:19 +04:00
for ( pcount = 0 ; pcount < blen ; pcount + = plen ) {
2006-08-19 15:38:49 +04:00
ret = crypto_hash_update ( desc , sg , plen ) ;
if ( ret )
return ret ;
2006-05-30 16:04:19 +04:00
}
/* we assume there is enough space in 'out' for the result */
2006-08-19 15:38:49 +04:00
ret = crypto_hash_final ( desc , out ) ;
if ( ret )
return ret ;
2006-05-30 16:04:19 +04:00
}
printk ( " %6u opers/sec, %9lu bytes/sec \n " ,
bcount / sec , ( ( long ) bcount * blen ) / sec ) ;
2006-08-19 15:38:49 +04:00
return 0 ;
}
2008-07-31 08:23:53 +04:00
static int test_hash_cycles_digest ( struct hash_desc * desc ,
struct scatterlist * sg , int blen , char * out )
2006-08-19 15:38:49 +04:00
{
unsigned long cycles = 0 ;
int i ;
int ret ;
local_bh_disable ( ) ;
local_irq_disable ( ) ;
/* Warm-up run. */
for ( i = 0 ; i < 4 ; i + + ) {
ret = crypto_hash_digest ( desc , sg , blen , out ) ;
if ( ret )
goto out ;
}
/* The real thing. */
for ( i = 0 ; i < 8 ; i + + ) {
cycles_t start , end ;
start = get_cycles ( ) ;
ret = crypto_hash_digest ( desc , sg , blen , out ) ;
if ( ret )
goto out ;
end = get_cycles ( ) ;
cycles + = end - start ;
}
out :
local_irq_enable ( ) ;
local_bh_enable ( ) ;
if ( ret )
return ret ;
printk ( " %6lu cycles/operation, %4lu cycles/byte \n " ,
cycles / 8 , cycles / ( 8 * blen ) ) ;
return 0 ;
2006-05-30 16:04:19 +04:00
}
2008-07-31 08:23:53 +04:00
static int test_hash_cycles ( struct hash_desc * desc , struct scatterlist * sg ,
int blen , int plen , char * out )
2006-05-30 16:04:19 +04:00
{
unsigned long cycles = 0 ;
int i , pcount ;
2006-08-19 15:38:49 +04:00
int ret ;
if ( plen = = blen )
2008-07-31 08:23:53 +04:00
return test_hash_cycles_digest ( desc , sg , blen , out ) ;
2007-10-27 11:51:21 +04:00
2006-05-30 16:04:19 +04:00
local_bh_disable ( ) ;
local_irq_disable ( ) ;
/* Warm-up run. */
for ( i = 0 ; i < 4 ; i + + ) {
2006-08-19 15:38:49 +04:00
ret = crypto_hash_init ( desc ) ;
if ( ret )
goto out ;
2006-05-30 16:04:19 +04:00
for ( pcount = 0 ; pcount < blen ; pcount + = plen ) {
2006-08-19 15:38:49 +04:00
ret = crypto_hash_update ( desc , sg , plen ) ;
if ( ret )
goto out ;
2006-05-30 16:04:19 +04:00
}
2007-05-18 10:25:19 +04:00
ret = crypto_hash_final ( desc , out ) ;
2006-08-19 15:38:49 +04:00
if ( ret )
goto out ;
2006-05-30 16:04:19 +04:00
}
/* The real thing. */
for ( i = 0 ; i < 8 ; i + + ) {
cycles_t start , end ;
start = get_cycles ( ) ;
2006-08-19 15:38:49 +04:00
ret = crypto_hash_init ( desc ) ;
if ( ret )
goto out ;
2006-05-30 16:04:19 +04:00
for ( pcount = 0 ; pcount < blen ; pcount + = plen ) {
2006-08-19 15:38:49 +04:00
ret = crypto_hash_update ( desc , sg , plen ) ;
if ( ret )
goto out ;
2006-05-30 16:04:19 +04:00
}
2006-08-19 15:38:49 +04:00
ret = crypto_hash_final ( desc , out ) ;
if ( ret )
goto out ;
2006-05-30 16:04:19 +04:00
end = get_cycles ( ) ;
cycles + = end - start ;
}
2006-08-19 15:38:49 +04:00
out :
2006-05-30 16:04:19 +04:00
local_irq_enable ( ) ;
local_bh_enable ( ) ;
2006-08-19 15:38:49 +04:00
if ( ret )
return ret ;
2006-05-30 16:04:19 +04:00
printk ( " %6lu cycles/operation, %4lu cycles/byte \n " ,
cycles / 8 , cycles / ( 8 * blen ) ) ;
2006-08-19 15:38:49 +04:00
return 0 ;
2006-05-30 16:04:19 +04:00
}
2008-07-31 11:41:55 +04:00
static void test_hash_speed ( const char * algo , unsigned int sec ,
struct hash_speed * speed )
2006-05-30 16:04:19 +04:00
{
2008-07-31 08:23:53 +04:00
struct scatterlist sg [ TVMEMSIZE ] ;
2006-08-19 15:38:49 +04:00
struct crypto_hash * tfm ;
struct hash_desc desc ;
2009-03-29 11:18:39 +04:00
static char output [ 1024 ] ;
2006-05-30 16:04:19 +04:00
int i ;
2006-08-19 15:38:49 +04:00
int ret ;
2006-05-30 16:04:19 +04:00
2009-03-29 11:18:39 +04:00
printk ( KERN_INFO " \n testing speed of %s \n " , algo ) ;
2006-05-30 16:04:19 +04:00
2006-08-19 15:38:49 +04:00
tfm = crypto_alloc_hash ( algo , 0 , CRYPTO_ALG_ASYNC ) ;
2006-05-30 16:04:19 +04:00
2006-08-19 15:38:49 +04:00
if ( IS_ERR ( tfm ) ) {
2009-03-29 11:18:39 +04:00
printk ( KERN_ERR " failed to load transform for %s: %ld \n " , algo ,
2006-08-19 15:38:49 +04:00
PTR_ERR ( tfm ) ) ;
2006-05-30 16:04:19 +04:00
return ;
}
2006-08-19 15:38:49 +04:00
desc . tfm = tfm ;
desc . flags = 0 ;
if ( crypto_hash_digestsize ( tfm ) > sizeof ( output ) ) {
2009-03-29 11:18:39 +04:00
printk ( KERN_ERR " digestsize(%u) > outputbuffer(%zu) \n " ,
2006-08-19 15:38:49 +04:00
crypto_hash_digestsize ( tfm ) , sizeof ( output ) ) ;
2006-05-30 16:04:19 +04:00
goto out ;
}
2008-07-31 08:23:53 +04:00
sg_init_table ( sg , TVMEMSIZE ) ;
for ( i = 0 ; i < TVMEMSIZE ; i + + ) {
sg_set_buf ( sg + i , tvmem [ i ] , PAGE_SIZE ) ;
memset ( tvmem [ i ] , 0xff , PAGE_SIZE ) ;
}
2006-05-30 16:04:19 +04:00
for ( i = 0 ; speed [ i ] . blen ! = 0 ; i + + ) {
2008-07-31 08:23:53 +04:00
if ( speed [ i ] . blen > TVMEMSIZE * PAGE_SIZE ) {
2009-03-29 11:18:39 +04:00
printk ( KERN_ERR
" template (%u) too big for tvmem (%lu) \n " ,
2008-07-31 08:23:53 +04:00
speed [ i ] . blen , TVMEMSIZE * PAGE_SIZE ) ;
2006-05-30 16:04:19 +04:00
goto out ;
}
2009-03-29 11:18:39 +04:00
printk ( KERN_INFO " test%3u "
" (%5u byte blocks,%5u bytes per update,%4u updates): " ,
2006-05-30 16:04:19 +04:00
i , speed [ i ] . blen , speed [ i ] . plen , speed [ i ] . blen / speed [ i ] . plen ) ;
if ( sec )
2008-07-31 08:23:53 +04:00
ret = test_hash_jiffies ( & desc , sg , speed [ i ] . blen ,
2006-08-19 15:38:49 +04:00
speed [ i ] . plen , output , sec ) ;
2006-05-30 16:04:19 +04:00
else
2008-07-31 08:23:53 +04:00
ret = test_hash_cycles ( & desc , sg , speed [ i ] . blen ,
2006-08-19 15:38:49 +04:00
speed [ i ] . plen , output ) ;
if ( ret ) {
2009-03-29 11:18:39 +04:00
printk ( KERN_ERR " hashing failed ret=%d \n " , ret ) ;
2006-08-19 15:38:49 +04:00
break ;
}
2006-05-30 16:04:19 +04:00
}
out :
2006-08-19 15:38:49 +04:00
crypto_free_hash ( tfm ) ;
2006-05-30 16:04:19 +04:00
}
2005-06-23 00:26:03 +04:00
static void test_available ( void )
2005-04-17 02:20:36 +04:00
{
char * * name = check ;
2005-06-23 00:26:03 +04:00
2005-04-17 02:20:36 +04:00
while ( * name ) {
printk ( " alg %s " , * name ) ;
2007-04-04 11:41:07 +04:00
printk ( crypto_has_alg ( * name , 0 , 0 ) ?
2006-08-26 12:12:40 +04:00
" found \n " : " not found \n " ) ;
2005-04-17 02:20:36 +04:00
name + + ;
2005-06-23 00:26:03 +04:00
}
2005-04-17 02:20:36 +04:00
}
2008-07-31 11:41:55 +04:00
static inline int tcrypt_test ( const char * alg )
{
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
int ret ;
ret = alg_test ( alg , alg , 0 , 0 ) ;
/* non-fips algs return -EINVAL in fips mode */
if ( fips_enabled & & ret = = - EINVAL )
ret = 0 ;
return ret ;
2008-07-31 11:41:55 +04:00
}
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
static int do_test ( int m )
2008-07-31 11:41:55 +04:00
{
int i ;
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
int ret = 0 ;
2008-07-31 11:41:55 +04:00
switch ( m ) {
2005-04-17 02:20:36 +04:00
case 0 :
2008-07-31 11:41:55 +04:00
for ( i = 1 ; i < 200 ; i + + )
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = do_test ( i ) ;
2005-04-17 02:20:36 +04:00
break ;
case 1 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " md5 " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 2 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " sha1 " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 3 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(des) " ) ;
ret + = tcrypt_test ( " cbc(des) " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 4 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(des3_ede) " ) ;
ret + = tcrypt_test ( " cbc(des3_ede) " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 5 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " md4 " ) ;
2005-04-17 02:20:36 +04:00
break ;
2005-06-23 00:26:03 +04:00
2005-04-17 02:20:36 +04:00
case 6 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " sha256 " ) ;
2005-04-17 02:20:36 +04:00
break ;
2005-06-23 00:26:03 +04:00
2005-04-17 02:20:36 +04:00
case 7 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(blowfish) " ) ;
ret + = tcrypt_test ( " cbc(blowfish) " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 8 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(twofish) " ) ;
ret + = tcrypt_test ( " cbc(twofish) " ) ;
2005-04-17 02:20:36 +04:00
break ;
2005-06-23 00:26:03 +04:00
2005-04-17 02:20:36 +04:00
case 9 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(serpent) " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 10 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(aes) " ) ;
ret + = tcrypt_test ( " cbc(aes) " ) ;
ret + = tcrypt_test ( " lrw(aes) " ) ;
ret + = tcrypt_test ( " xts(aes) " ) ;
ret + = tcrypt_test ( " ctr(aes) " ) ;
ret + = tcrypt_test ( " rfc3686(ctr(aes)) " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 11 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " sha384 " ) ;
2005-04-17 02:20:36 +04:00
break ;
2005-06-23 00:26:03 +04:00
2005-04-17 02:20:36 +04:00
case 12 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " sha512 " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 13 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " deflate " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 14 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(cast5) " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 15 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(cast6) " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 16 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(arc4) " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 17 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " michael_mic " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 18 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " crc32c " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 19 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(tea) " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 20 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(xtea) " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 21 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(khazad) " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 22 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " wp512 " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 23 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " wp384 " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 24 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " wp256 " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 25 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(tnepres) " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 26 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(anubis) " ) ;
ret + = tcrypt_test ( " cbc(anubis) " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 27 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " tgr192 " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 28 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " tgr160 " ) ;
2005-04-17 02:20:36 +04:00
break ;
case 29 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " tgr128 " ) ;
2005-04-17 02:20:36 +04:00
break ;
2008-05-09 17:29:35 +04:00
2005-09-02 04:42:46 +04:00
case 30 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(xeta) " ) ;
2005-09-02 04:42:46 +04:00
break ;
2005-04-17 02:20:36 +04:00
2006-12-16 04:13:14 +03:00
case 31 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " pcbc(fcrypt) " ) ;
2006-12-16 04:13:14 +03:00
break ;
2007-01-24 13:48:19 +03:00
case 32 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(camellia) " ) ;
ret + = tcrypt_test ( " cbc(camellia) " ) ;
2007-01-24 13:48:19 +03:00
break ;
2007-11-10 15:08:25 +03:00
case 33 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " sha224 " ) ;
2007-11-10 15:08:25 +03:00
break ;
2007-01-24 13:48:19 +03:00
2007-11-23 14:45:00 +03:00
case 34 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " salsa20 " ) ;
2007-11-23 14:45:00 +03:00
break ;
2007-12-02 06:55:47 +03:00
case 35 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " gcm(aes) " ) ;
2007-12-02 06:55:47 +03:00
break ;
2007-12-07 11:53:23 +03:00
case 36 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " lzo " ) ;
2007-12-07 11:53:23 +03:00
break ;
2007-12-12 15:24:22 +03:00
case 37 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ccm(aes) " ) ;
2007-12-12 15:24:22 +03:00
break ;
2008-03-24 16:26:16 +03:00
case 38 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " cts(cbc(aes)) " ) ;
2008-03-24 16:26:16 +03:00
break ;
2008-05-07 18:16:36 +04:00
case 39 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " rmd128 " ) ;
2008-05-07 18:16:36 +04:00
break ;
case 40 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " rmd160 " ) ;
2008-05-07 18:16:36 +04:00
break ;
2008-05-09 17:29:35 +04:00
case 41 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " rmd256 " ) ;
2008-05-09 17:29:35 +04:00
break ;
case 42 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " rmd320 " ) ;
2008-07-31 11:41:55 +04:00
break ;
case 43 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ecb(seed) " ) ;
2008-05-09 17:29:35 +04:00
break ;
2009-03-04 10:42:15 +03:00
case 44 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " zlib " ) ;
2009-03-04 10:42:15 +03:00
break ;
2009-05-04 15:23:40 +04:00
case 45 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " rfc4309(ccm(aes)) " ) ;
2009-05-04 15:23:40 +04:00
break ;
2005-04-17 02:20:36 +04:00
case 100 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " hmac(md5) " ) ;
2005-04-17 02:20:36 +04:00
break ;
2005-06-23 00:26:03 +04:00
2005-04-17 02:20:36 +04:00
case 101 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " hmac(sha1) " ) ;
2005-04-17 02:20:36 +04:00
break ;
2005-06-23 00:26:03 +04:00
2005-04-17 02:20:36 +04:00
case 102 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " hmac(sha256) " ) ;
2005-04-17 02:20:36 +04:00
break ;
2006-12-10 04:10:20 +03:00
case 103 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " hmac(sha384) " ) ;
2006-12-10 04:10:20 +03:00
break ;
case 104 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " hmac(sha512) " ) ;
2006-12-10 04:10:20 +03:00
break ;
2008-01-01 07:59:28 +03:00
2007-11-10 15:08:25 +03:00
case 105 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " hmac(sha224) " ) ;
2007-11-10 15:08:25 +03:00
break ;
2005-04-17 02:20:36 +04:00
2008-01-01 07:59:28 +03:00
case 106 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " xcbc(aes) " ) ;
2008-01-01 07:59:28 +03:00
break ;
2008-05-07 18:16:36 +04:00
case 107 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " hmac(rmd128) " ) ;
2008-05-07 18:16:36 +04:00
break ;
case 108 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " hmac(rmd160) " ) ;
2008-05-07 18:16:36 +04:00
break ;
2009-09-02 14:05:22 +04:00
case 109 :
ret + = tcrypt_test ( " vmac(aes) " ) ;
break ;
2009-05-04 15:46:29 +04:00
case 150 :
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
ret + = tcrypt_test ( " ansi_cprng " ) ;
2009-05-04 15:46:29 +04:00
break ;
2005-06-23 00:27:23 +04:00
case 200 :
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " ecb(aes) " , ENCRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_16_24_32 ) ;
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " ecb(aes) " , DECRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_16_24_32 ) ;
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " cbc(aes) " , ENCRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_16_24_32 ) ;
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " cbc(aes) " , DECRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_16_24_32 ) ;
2006-11-29 11:01:41 +03:00
test_cipher_speed ( " lrw(aes) " , ENCRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_32_40_48 ) ;
2006-11-29 11:01:41 +03:00
test_cipher_speed ( " lrw(aes) " , DECRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_32_40_48 ) ;
2007-09-19 16:23:13 +04:00
test_cipher_speed ( " xts(aes) " , ENCRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_32_48_64 ) ;
2007-09-19 16:23:13 +04:00
test_cipher_speed ( " xts(aes) " , DECRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_32_48_64 ) ;
2005-06-23 00:27:23 +04:00
break ;
case 201 :
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " ecb(des3_ede) " , ENCRYPT , sec ,
2008-07-31 13:08:25 +04:00
des3_speed_template , DES3_SPEED_VECTORS ,
2008-03-11 16:24:26 +03:00
speed_template_24 ) ;
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " ecb(des3_ede) " , DECRYPT , sec ,
2008-07-31 13:08:25 +04:00
des3_speed_template , DES3_SPEED_VECTORS ,
2008-03-11 16:24:26 +03:00
speed_template_24 ) ;
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " cbc(des3_ede) " , ENCRYPT , sec ,
2008-07-31 13:08:25 +04:00
des3_speed_template , DES3_SPEED_VECTORS ,
2008-03-11 16:24:26 +03:00
speed_template_24 ) ;
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " cbc(des3_ede) " , DECRYPT , sec ,
2008-07-31 13:08:25 +04:00
des3_speed_template , DES3_SPEED_VECTORS ,
2008-03-11 16:24:26 +03:00
speed_template_24 ) ;
2005-06-23 00:27:23 +04:00
break ;
case 202 :
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " ecb(twofish) " , ENCRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_16_24_32 ) ;
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " ecb(twofish) " , DECRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_16_24_32 ) ;
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " cbc(twofish) " , ENCRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_16_24_32 ) ;
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " cbc(twofish) " , DECRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_16_24_32 ) ;
2005-06-23 00:27:23 +04:00
break ;
case 203 :
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " ecb(blowfish) " , ENCRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_8_32 ) ;
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " ecb(blowfish) " , DECRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_8_32 ) ;
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " cbc(blowfish) " , ENCRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_8_32 ) ;
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " cbc(blowfish) " , DECRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_8_32 ) ;
2005-06-23 00:27:23 +04:00
break ;
case 204 :
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " ecb(des) " , ENCRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_8 ) ;
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " ecb(des) " , DECRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_8 ) ;
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " cbc(des) " , ENCRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_8 ) ;
2006-08-13 02:26:09 +04:00
test_cipher_speed ( " cbc(des) " , DECRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_8 ) ;
2005-06-23 00:27:23 +04:00
break ;
2007-01-24 13:48:19 +03:00
case 205 :
test_cipher_speed ( " ecb(camellia) " , ENCRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_16_24_32 ) ;
2007-01-24 13:48:19 +03:00
test_cipher_speed ( " ecb(camellia) " , DECRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_16_24_32 ) ;
2007-01-24 13:48:19 +03:00
test_cipher_speed ( " cbc(camellia) " , ENCRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_16_24_32 ) ;
2007-01-24 13:48:19 +03:00
test_cipher_speed ( " cbc(camellia) " , DECRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_16_24_32 ) ;
2007-01-24 13:48:19 +03:00
break ;
2007-12-07 12:17:43 +03:00
case 206 :
test_cipher_speed ( " salsa20 " , ENCRYPT , sec , NULL , 0 ,
2008-03-11 16:24:26 +03:00
speed_template_16_32 ) ;
2007-12-07 12:17:43 +03:00
break ;
2006-05-30 16:04:19 +04:00
case 300 :
/* fall through */
case 301 :
2006-08-19 15:38:49 +04:00
test_hash_speed ( " md4 " , sec , generic_hash_speed_template ) ;
2006-05-30 16:04:19 +04:00
if ( mode > 300 & & mode < 400 ) break ;
case 302 :
2006-08-19 15:38:49 +04:00
test_hash_speed ( " md5 " , sec , generic_hash_speed_template ) ;
2006-05-30 16:04:19 +04:00
if ( mode > 300 & & mode < 400 ) break ;
case 303 :
2006-08-19 15:38:49 +04:00
test_hash_speed ( " sha1 " , sec , generic_hash_speed_template ) ;
2006-05-30 16:04:19 +04:00
if ( mode > 300 & & mode < 400 ) break ;
case 304 :
2006-08-19 15:38:49 +04:00
test_hash_speed ( " sha256 " , sec , generic_hash_speed_template ) ;
2006-05-30 16:04:19 +04:00
if ( mode > 300 & & mode < 400 ) break ;
case 305 :
2006-08-19 15:38:49 +04:00
test_hash_speed ( " sha384 " , sec , generic_hash_speed_template ) ;
2006-05-30 16:04:19 +04:00
if ( mode > 300 & & mode < 400 ) break ;
case 306 :
2006-08-19 15:38:49 +04:00
test_hash_speed ( " sha512 " , sec , generic_hash_speed_template ) ;
2006-05-30 16:04:19 +04:00
if ( mode > 300 & & mode < 400 ) break ;
case 307 :
2006-08-19 15:38:49 +04:00
test_hash_speed ( " wp256 " , sec , generic_hash_speed_template ) ;
2006-05-30 16:04:19 +04:00
if ( mode > 300 & & mode < 400 ) break ;
case 308 :
2006-08-19 15:38:49 +04:00
test_hash_speed ( " wp384 " , sec , generic_hash_speed_template ) ;
2006-05-30 16:04:19 +04:00
if ( mode > 300 & & mode < 400 ) break ;
case 309 :
2006-08-19 15:38:49 +04:00
test_hash_speed ( " wp512 " , sec , generic_hash_speed_template ) ;
2006-05-30 16:04:19 +04:00
if ( mode > 300 & & mode < 400 ) break ;
case 310 :
2006-08-19 15:38:49 +04:00
test_hash_speed ( " tgr128 " , sec , generic_hash_speed_template ) ;
2006-05-30 16:04:19 +04:00
if ( mode > 300 & & mode < 400 ) break ;
case 311 :
2006-08-19 15:38:49 +04:00
test_hash_speed ( " tgr160 " , sec , generic_hash_speed_template ) ;
2006-05-30 16:04:19 +04:00
if ( mode > 300 & & mode < 400 ) break ;
case 312 :
2006-08-19 15:38:49 +04:00
test_hash_speed ( " tgr192 " , sec , generic_hash_speed_template ) ;
2006-05-30 16:04:19 +04:00
if ( mode > 300 & & mode < 400 ) break ;
2007-11-10 15:08:25 +03:00
case 313 :
test_hash_speed ( " sha224 " , sec , generic_hash_speed_template ) ;
if ( mode > 300 & & mode < 400 ) break ;
2008-05-07 18:16:36 +04:00
case 314 :
test_hash_speed ( " rmd128 " , sec , generic_hash_speed_template ) ;
if ( mode > 300 & & mode < 400 ) break ;
case 315 :
test_hash_speed ( " rmd160 " , sec , generic_hash_speed_template ) ;
if ( mode > 300 & & mode < 400 ) break ;
2008-05-09 17:29:35 +04:00
case 316 :
test_hash_speed ( " rmd256 " , sec , generic_hash_speed_template ) ;
if ( mode > 300 & & mode < 400 ) break ;
case 317 :
test_hash_speed ( " rmd320 " , sec , generic_hash_speed_template ) ;
if ( mode > 300 & & mode < 400 ) break ;
2006-05-30 16:04:19 +04:00
case 399 :
break ;
2005-04-17 02:20:36 +04:00
case 1000 :
test_available ( ) ;
break ;
}
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
return ret ;
2005-04-17 02:20:36 +04:00
}
2009-07-14 12:06:54 +04:00
static int do_alg_test ( const char * alg , u32 type , u32 mask )
2009-06-19 15:46:53 +04:00
{
2009-07-14 12:06:54 +04:00
return crypto_has_alg ( alg , type , mask ? : CRYPTO_ALG_TYPE_MASK ) ?
0 : - ENOENT ;
2009-06-19 15:46:53 +04:00
}
2008-04-05 17:00:57 +04:00
static int __init tcrypt_mod_init ( void )
2005-04-17 02:20:36 +04:00
{
2007-11-26 17:12:07 +03:00
int err = - ENOMEM ;
2008-07-31 08:23:53 +04:00
int i ;
2007-11-26 17:12:07 +03:00
2008-07-31 08:23:53 +04:00
for ( i = 0 ; i < TVMEMSIZE ; i + + ) {
tvmem [ i ] = ( void * ) __get_free_page ( GFP_KERNEL ) ;
if ( ! tvmem [ i ] )
goto err_free_tv ;
}
2005-04-17 02:20:36 +04:00
2009-06-19 15:46:53 +04:00
if ( alg )
2009-07-14 12:06:54 +04:00
err = do_alg_test ( alg , type , mask ) ;
2009-06-19 15:46:53 +04:00
else
err = do_test ( mode ) ;
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
if ( err ) {
printk ( KERN_ERR " tcrypt: one or more tests failed! \n " ) ;
goto err_free_tv ;
}
2006-05-30 08:49:38 +04:00
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
/* We intentionaly return -EAGAIN to prevent keeping the module,
* unless we ' re running in fips mode . It does all its work from
* init ( ) and doesn ' t offer any runtime functionality , but in
* the fips case , checking for a successful load is helpful .
2006-05-30 08:49:38 +04:00
* = > we don ' t need it in the memory , do we ?
* - - mludvig
*/
crypto: tcrypt - Do not exit on success in fips mode
At present, the tcrypt module always exits with an -EAGAIN upon
successfully completing all the tests its been asked to run. In fips
mode, integrity checking is done by running all self-tests from the
initrd, and its much simpler to check the ret from modprobe for
success than to scrape dmesg and/or /proc/crypto. Simply stay
loaded, giving modprobe a retval of 0, if self-tests all pass and
we're in fips mode.
A side-effect of tracking success/failure for fips mode is that in
non-fips mode, self-test failures will return the actual failure
return codes, rather than always returning -EAGAIN, which seems more
correct anyway.
The tcrypt_test() portion of the patch is dependent on my earlier
pair of patches that skip non-fips algs in fips mode, at least to
achieve the fully intended behavior.
Nb: testing this patch against the cryptodev tree revealed a test
failure for sha384, which I have yet to look into...
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2009-05-27 09:10:21 +04:00
if ( ! fips_enabled )
err = - EAGAIN ;
2007-11-26 17:12:07 +03:00
2008-07-31 08:23:53 +04:00
err_free_tv :
for ( i = 0 ; i < TVMEMSIZE & & tvmem [ i ] ; i + + )
free_page ( ( unsigned long ) tvmem [ i ] ) ;
2007-11-26 17:12:07 +03:00
return err ;
2005-04-17 02:20:36 +04:00
}
/*
* If an init function is provided , an exit function must also be provided
* to allow module unload .
*/
2008-04-05 17:00:57 +04:00
static void __exit tcrypt_mod_fini ( void ) { }
2005-04-17 02:20:36 +04:00
2008-04-05 17:00:57 +04:00
module_init ( tcrypt_mod_init ) ;
module_exit ( tcrypt_mod_fini ) ;
2005-04-17 02:20:36 +04:00
2009-06-19 15:46:53 +04:00
module_param ( alg , charp , 0 ) ;
module_param ( type , uint , 0 ) ;
2009-07-14 12:06:54 +04:00
module_param ( mask , uint , 0 ) ;
2005-04-17 02:20:36 +04:00
module_param ( mode , int , 0 ) ;
2005-06-23 00:27:23 +04:00
module_param ( sec , uint , 0 ) ;
2005-06-23 00:29:03 +04:00
MODULE_PARM_DESC ( sec , " Length in seconds of speed tests "
" (defaults to zero which uses CPU cycles instead) " ) ;
2005-04-17 02:20:36 +04:00
MODULE_LICENSE ( " GPL " ) ;
MODULE_DESCRIPTION ( " Quick & dirty crypto testing module " ) ;
MODULE_AUTHOR ( " James Morris <jmorris@intercode.com.au> " ) ;