903e97a0ca
It turns out that we have to add more code to the module to support lab evaluation testing, beyond the error injection support we currently have. Therefore, rename CONFIG_CRYPTO_FIPS140_MOD_ERROR_INJECTION to CONFIG_CRYPTO_FIPS140_MOD_EVAL_TESTING, and move the relevant code into a new file fips140-eval-testing.c which is conditionally compiled. Also rename the "broken_alg" module parameter to "fail_selftest" so that it is similar to "fail_integrity_check" which we'll be adding. Bug: 188620248 Change-Id: I01bcbf7525690e277854ba4ed8dd89e7cd08d98e Signed-off-by: Eric Biggers <ebiggers@google.com>
32 lines
852 B
C
32 lines
852 B
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* Copyright 2021 Google LLC
|
|
*
|
|
* This file can optionally be built into fips140.ko in order to support certain
|
|
* types of testing that the FIPS lab has to do to evaluate the module. It
|
|
* should not be included in production builds of the module.
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
|
|
#include "fips140-module.h"
|
|
|
|
/*
|
|
* This option allows deliberately failing the self-tests for a particular
|
|
* algorithm.
|
|
*/
|
|
static char *fips140_fail_selftest;
|
|
module_param_named(fail_selftest, fips140_fail_selftest, charp, 0);
|
|
|
|
/* Inject a self-test failure (via corrupting the result) if requested. */
|
|
void fips140_inject_selftest_failure(const char *impl, u8 *result)
|
|
{
|
|
if (fips140_fail_selftest && strcmp(impl, fips140_fail_selftest) == 0)
|
|
result[0] ^= 0xff;
|
|
}
|
|
|
|
bool fips140_eval_testing_init(void)
|
|
{
|
|
return true;
|
|
}
|