b7397e89db
Make fips140.ko run a suite of known answer self-tests at load time to demonstrate the correct operation of cryptographic functionality, as required by FIPS 140-2/3 and NIAP FPT_TST_EXT.1.1. Bug: 153614920 Bug: 173104584 Bug: 188620248 Test: Built and loaded fips140.ko on a HiKey960, and on a Pixel device. Change-Id: I38e5c8052ff57ddfe44624beb626d38b7706b0a4 Co-developed-by: Elena Petrova <lenaptr@google.com> Signed-off-by: Elena Petrova <lenaptr@google.com> [ebiggers: Rewrote most of lenaptr@'s original patch. Added some missing tests, removed some unnecessary tests in accordance with the FIPS 140-2 IG, changed most test vectors and added a script to generate them, removed an unnecessary kconfig option, changed implementation of error injection, and many other improvements.] Signed-off-by: Eric Biggers <ebiggers@google.com> [ardb: add generation of AES-CTR test vector and the associated runtime selftest] Signed-off-by: Ard Biesheuvel <ardb@google.com>
21 lines
409 B
C
21 lines
409 B
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* Copyright 2021 Google LLC
|
|
*/
|
|
|
|
#ifndef _CRYPTO_FIPS140_MODULE_H
|
|
#define _CRYPTO_FIPS140_MODULE_H
|
|
|
|
#include <linux/module.h>
|
|
|
|
#undef pr_fmt
|
|
#define pr_fmt(fmt) "fips140: " fmt
|
|
|
|
#ifdef CONFIG_CRYPTO_FIPS140_MOD_ERROR_INJECTION
|
|
extern char *fips140_broken_alg;
|
|
#endif
|
|
|
|
bool __init __must_check fips140_run_selftests(void);
|
|
|
|
#endif /* _CRYPTO_FIPS140_MODULE_H */
|