kernel/linux.git/crypto/testmgr.h, branch v5.15.208 Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v5.15.208 2025-03-13T11:50:48+00:00 crypto: testmgr - some more fixes to RSA test vectors 2025-03-13T11:50:48+00:00 Ignat Korchagin ignat@cloudflare.com 2022-07-17T13:37:46+00:00 urn:sha1:e290d1fe37f79bbddf4e5738a677cc403cd5f689 [ Upstream commit 9d2bb9a74b2877f100637d6ab5685bcd33c69d44 ] Two more fixes: * some test vectors in commit 79e6e2f3f3ff ("crypto: testmgr - populate RSA CRT parameters in RSA test vectors") had misplaced commas, which break the test and trigger KASAN warnings at least on x86-64 * pkcs1pad test vector did not have its CRT parameters Fixes: 79e6e2f3f3ff ("crypto: testmgr - populate RSA CRT parameters in RSA test vectors") Reported-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Ignat Korchagin <ignat@cloudflare.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: testmgr - populate RSA CRT parameters in RSA test vectors 2025-03-13T11:50:48+00:00 Ignat Korchagin ignat@cloudflare.com 2022-07-04T10:38:40+00:00 urn:sha1:add54f9639388aaeac827f4bfd5be78a6aabce3d [ Upstream commit 79e6e2f3f3ff345947075341781e900e4f70db81 ] Changes from v1: * replace some accidental spaces with tabs In commit f145d411a67e ("crypto: rsa - implement Chinese Remainder Theorem for faster private key operations") we have started to use the additional primes and coefficients for RSA private key operations. However, these additional parameters are not present (defined as 0 integers) in the RSA test vectors. Some parameters were borrowed from OpenSSL, so I was able to find the source. I could not find the public source for 1 vector though, so had to recover the parameters by implementing Appendix C from [1]. [1]: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br1.pdf Fixes: f145d411a67e ("crypto: rsa - implement Chinese Remainder Theorem for faster private key operations") Reported-by: Tasmiya Nalatwad <tasmiya@linux.vnet.ibm.com> Signed-off-by: Ignat Korchagin <ignat@cloudflare.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: testmgr - fix version number of RSA tests 2025-03-13T11:50:47+00:00 lei he helei.sig11@bytedance.com 2022-06-24T10:06:25+00:00 urn:sha1:40689219a28bfcba76b87e7b641795a91e151677 [ Upstream commit 0bb8f125253843c445b70fc6ef4fb21aa7b25625 ] According to PKCS#1 standard, the 'otherPrimeInfos' field contains the information for the additional primes r_3, ..., r_u, in order. It shall be omitted if the version is 0 and shall contain at least one instance of OtherPrimeInfo if the version is 1, see: https://www.rfc-editor.org/rfc/rfc3447#page-44 Replace the version number '1' with 0, otherwise, some drivers may not pass the run-time tests. Signed-off-by: lei he <helei.sig11@bytedance.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: testmgr - Fix wrong test case of RSA 2025-03-13T11:50:47+00:00 Lei He helei.sig11@bytedance.com 2021-11-05T12:25:31+00:00 urn:sha1:bd258be9a8becffcf9c82a80f9ee1794832ba701 [ Upstream commit a9887010ed2da3fddaff83ceec80e2b71be8a966 ] According to the BER encoding rules, integer value should be encoded as two's complement, and if the highest bit of a positive integer is 1, should add a leading zero-octet. The kernel's built-in RSA algorithm cannot recognize negative numbers when parsing keys, so it can pass this test case. Export the key to file and run the following command to verify the fix result: openssl asn1parse -inform DER -in /path/to/key/file Signed-off-by: Lei He <helei.sig11@bytedance.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: testmgr - fix wrong key length for pkcs1pad 2025-03-13T11:50:47+00:00 Lei He helei.sig11@bytedance.com 2021-10-22T12:44:43+00:00 urn:sha1:8fbf27a746c3793822f374d0535a02c7ed8c700c [ Upstream commit 39ef08517082a424b5b65c3dbaa6c0fa9d3303b9 ] Fix wrong test data at testmgr.h, it seems to be caused by ignoring the last '\0' when calling sizeof. Signed-off-by: Lei He <helei.sig11@bytedance.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: blake2s - remove shash module 2022-08-17T12:24:19+00:00 Jason A. Donenfeld Jason@zx2c4.com 2022-05-28T19:44:07+00:00 urn:sha1:3dd33a09f5dc12ccb0902923c4c784eb0f8c7554 [ Upstream commit 2d16803c562ecc644803d42ba98a8e0aef9c014e ] BLAKE2s has no currently known use as an shash. Just remove all of this unnecessary plumbing. Removing this shash was something we talked about back when we were making BLAKE2s a built-in, but I simply never got around to doing it. So this completes that project. Importantly, this fixs a bug in which the lib code depends on crypto_simd_disabled_for_test, causing linker errors. Also add more alignment tests to the selftests and compare SIMD and non-SIMD compression functions, to make up for what we lose from testmgr.c. Reported-by: gaochao <gaochao49@huawei.com> Cc: Eric Biggers <ebiggers@kernel.org> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: stable@vger.kernel.org Fixes: 6048fdcc5f26 ("lib/crypto: blake2s: include as built-in") Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> crypto: testmgr - Add GCM/CCM mode test of SM4 algorithm 2021-08-21T07:44:57+00:00 Tianjia Zhang tianjia.zhang@linux.alibaba.com 2021-08-13T07:55:07+00:00 urn:sha1:68039d605f7bb34ea6dbd4e099bf98599d52b0ac The GCM/CCM mode of the SM4 algorithm is defined in the rfc 8998 specification, and the test case data also comes from rfc 8998. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: drbg - self test for HMAC(SHA-512) 2021-06-28T03:28:08+00:00 Stephan Müller smueller@chronox.de 2021-06-24T15:44:35+00:00 urn:sha1:8833272d876eb5320e4c7c31cc455542510dc4c3 Considering that the HMAC(SHA-512) DRBG is the default DRBG now, a self test is to be provided. The test vector is obtained from a successful NIST ACVP test run. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: ecdh - add test suite for NIST P384 2021-05-28T07:11:47+00:00 Hui Tang tanghui20@huawei.com 2021-05-22T02:44:31+00:00 urn:sha1:8e568fc2a71d097a5549043a39984a46262b6035 Add test vector params for NIST P384, add test vector for NIST P384 on vector of tests. Vector param from: https://datatracker.ietf.org/doc/html/rfc5903#section-3.1 Signed-off-by: Hui Tang <tanghui20@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: ecdh - fix ecdh-nist-p192's entry in testmgr 2021-05-28T07:11:47+00:00 Hui Tang tanghui20@huawei.com 2021-05-22T02:44:28+00:00 urn:sha1:6889fc2104e5d20899b91e61daf07a7524b2010d Add a comment that p192 will fail to register in FIPS mode. Fix ecdh-nist-p192's entry in testmgr by removing the ifdefs and not setting fips_allowed. Signed-off-by: Hui Tang <tanghui20@huawei.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>