This patch adds selftests for the s390 specific protected key
AES (PAES) cipher implementations:
* cbc-paes-s390
* ctr-paes-s390
* ecb-paes-s390
* xts-paes-s390
PAES is an AES cipher but with encrypted ('protected') key
material. So here come ordinary AES enciphered data values
but with a special key format understood by the PAES
implementation.
The testdata definitons and testlist entries are surrounded
by #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) because they don't
make any sense on non s390 platforms or without the PAES
cipher implementation.
Signed-off-by: Harald Freudenberger <[email protected]>
---
crypto/testmgr.c | 36 +++++
crypto/testmgr.h | 334 +++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 370 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 82084f6d84b6..6bda67bdc662 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4104,6 +4104,15 @@ static const struct alg_test_desc alg_test_descs[] = {
.cipher = __VECS(tf_cbc_tv_template)
},
}, {
+#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
+ .alg = "cbc-paes-s390",
+ .fips_allowed = 1,
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(paes_cbc_tv_template)
+ }
+ }, {
+#endif
.alg = "cbcmac(aes)",
.fips_allowed = 1,
.test = alg_test_hash,
@@ -4252,6 +4261,15 @@ static const struct alg_test_desc alg_test_descs[] = {
.cipher = __VECS(tf_ctr_tv_template)
}
}, {
+#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
+ .alg = "ctr-paes-s390",
+ .fips_allowed = 1,
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(paes_ctr_tv_template)
+ }
+ }, {
+#endif
.alg = "cts(cbc(aes))",
.test = alg_test_skcipher,
.fips_allowed = 1,
@@ -4538,6 +4556,15 @@ static const struct alg_test_desc alg_test_descs[] = {
.cipher = __VECS(xtea_tv_template)
}
}, {
+#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
+ .alg = "ecb-paes-s390",
+ .fips_allowed = 1,
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(paes_ecb_tv_template)
+ }
+ }, {
+#endif
.alg = "ecdh",
.test = alg_test_kpp,
.fips_allowed = 1,
@@ -5109,6 +5136,15 @@ static const struct alg_test_desc alg_test_descs[] = {
.cipher = __VECS(tf_xts_tv_template)
}
}, {
+#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
+ .alg = "xts-paes-s390",
+ .fips_allowed = 1,
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(paes_xts_tv_template)
+ }
+ }, {
+#endif
.alg = "xts4096(paes)",
.test = alg_test_null,
.fips_allowed = 1,
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index d1d89101f1b5..14c594e8fbed 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -31942,4 +31942,338 @@ static const struct aead_testvec essiv_hmac_sha256_aes_cbc_tv_temp[] = {
},
};
+#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
+static const struct cipher_testvec paes_cbc_tv_template[] = {
+ {
+ .key = "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x01\x00\x00\x00\x10"
+ "\x4a\x6f\x68\x61\x6e\x6e\x20\x57"
+ "\x6f\x6c\x66\x67\x61\x6e\x67\x20",
+ .klen = 16 + 16,
+ .iv = "\x5a\x61\x75\x62\x65\x72\x6c\x65"
+ "\x68\x72\x6c\x69\x6e\x67\x00\x00",
+ .iv_out = "\x29\x4a\x3a\x21\x51\xbf\x9e\x57"
+ "\xd2\x79\x5b\xb1\x91\x4f\x54\x59",
+ .ptext = "\x48\x61\x74\x20\x64\x65\x72\x20"
+ "\x61\x6c\x74\x65\x20\x48\x65\x78",
+ .ctext = "\x29\x4a\x3a\x21\x51\xbf\x9e\x57"
+ "\xd2\x79\x5b\xb1\x91\x4f\x54\x59",
+ .len = 16,
+ }, {
+ .key = "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x01\x00\x00\x00\x10"
+ "\x4a\x6f\x68\x61\x6e\x6e\x20\x57"
+ "\x6f\x6c\x66\x67\x61\x6e\x67\x20",
+ .klen = 16 + 16,
+ .iv = "\x5a\x61\x75\x62\x65\x72\x6c\x65"
+ "\x68\x72\x6c\x69\x6e\x67\x00\x00",
+ .iv_out = "\x6c\xfd\xd0\xce\x12\x53\xf5\x01"
+ "\x9d\x87\xe6\xb1\x32\x72\xfd\x31",
+ .ptext = "\x65\x6e\x6d\x65\x69\x73\x74\x65"
+ "\x72\x0a\x53\x69\x63\x68\x20\x64"
+ "\x6f\x63\x68\x20\x65\x69\x6e\x6d"
+ "\x61\x6c\x20\x77\x65\x67\x62\x65",
+ .ctext = "\x58\xd0\x61\x98\x33\xf5\xee\x3e"
+ "\xcd\xe8\x2f\x8b\x05\x30\x3d\xf0"
+ "\x6c\xfd\xd0\xce\x12\x53\xf5\x01"
+ "\x9d\x87\xe6\xb1\x32\x72\xfd\x31",
+ .len = 32,
+ }, {
+ .key = "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x02\x00\x00\x00\x18"
+ "\x4a\x6f\x68\x61\x6e\x6e\x20\x57"
+ "\x6f\x6c\x66\x67\x61\x6e\x67\x20"
+ "\x76\x6f\x6e\x20\x47\x6f\x65\x74",
+ .klen = 16 + 24,
+ .iv = "\x5a\x61\x75\x62\x65\x72\x6c\x65"
+ "\x68\x72\x6c\x69\x6e\x67\x00\x00",
+ .iv_out = "\xfa\xce\xf8\x56\x00\x06\x07\xd0"
+ "\x80\xca\xd1\x92\x8b\x72\x3a\x37",
+ .ptext = "\x67\x65\x62\x65\x6e\x21\x0a\x55"
+ "\x6e\x64\x20\x6e\x75\x6e\x20\x73"
+ "\x6f\x6c\x6c\x65\x6e\x20\x73\x65"
+ "\x69\x6e\x65\x20\x47\x65\x69\x73"
+ "\x74\x65\x72\x0a\x41\x75\x63\x68"
+ "\x20\x6e\x61\x63\x68\x20\x6d\x65",
+ .ctext = "\xf9\x64\x0b\x55\x99\x95\xbb\x84"
+ "\xd2\x4e\x12\x63\xff\xde\x1d\x34"
+ "\x39\xdd\x05\x33\x70\x8d\x43\x3f"
+ "\xf8\xf2\x52\x00\xbd\xce\x35\x73"
+ "\xfa\xce\xf8\x56\x00\x06\x07\xd0"
+ "\x80\xca\xd1\x92\x8b\x72\x3a\x37",
+ .len = 48,
+ }, {
+ .key = "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x03\x00\x00\x00\x20"
+ "\x4a\x6f\x68\x61\x6e\x6e\x20\x57"
+ "\x6f\x6c\x66\x67\x61\x6e\x67\x20"
+ "\x76\x6f\x6e\x20\x47\x6f\x65\x74"
+ "\x68\x65\x0a\x00\x00\x00\x00\x00",
+ .klen = 16 + 32,
+ .iv = "\x5a\x61\x75\x62\x65\x72\x6c\x65"
+ "\x68\x72\x6c\x69\x6e\x67\x00\x00",
+ .iv_out = "\x2b\xea\x25\x71\x32\x2b\xe7\x5b"
+ "\xdd\x59\xb9\xfc\x3b\x34\x50\x62",
+ .ptext = "\x69\x6e\x65\x6d\x20\x57\x69\x6c"
+ "\x6c\x65\x6e\x20\x6c\x65\x62\x65"
+ "\x6e\x2e\x0a\x53\x65\x69\x6e\x65"
+ "\x20\x57\x6f\x72\x74\x20\x75\x6e"
+ "\x64\x20\x57\x65\x72\x6b\x65\x0a"
+ "\x4d\x65\x72\x6b\x74\x20\x69\x63"
+ "\x68\x20\x75\x6e\x64\x20\x64\x65"
+ "\x6e\x20\x42\x72\x61\x75\x63\x68",
+ .ctext = "\x04\x5b\x92\x57\xe4\xec\x01\xb8"
+ "\x92\xd9\xba\x28\x1e\xe9\xc0\xbd"
+ "\x9b\xa2\x08\xc2\xe1\x59\x34\xd9"
+ "\xc8\x30\x66\xfb\x28\x06\xb0\xac"
+ "\x37\x18\x1d\x82\xb5\xd4\x0c\xa0"
+ "\x80\x40\x2c\x51\x5d\x07\xc6\xe9"
+ "\x2b\xea\x25\x71\x32\x2b\xe7\x5b"
+ "\xdd\x59\xb9\xfc\x3b\x34\x50\x62",
+ .len = 64,
+ },
+};
+
+static const struct cipher_testvec paes_ctr_tv_template[] = {
+ {
+ .key = "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x01\x00\x00\x00\x10"
+ "\x4a\x6f\x68\x61\x6e\x6e\x20\x57"
+ "\x6f\x6c\x66\x67\x61\x6e\x67\x20",
+ .klen = 16 + 16,
+ .iv = "\x5a\x61\x75\x62\x65\x72\x6c\x65"
+ "\x68\x72\x6c\x69\x6e\x67\x00\x00",
+ .iv_out = "\x5a\x61\x75\x62\x65\x72\x6c\x65"
+ "\x68\x72\x6c\x69\x6e\x67\x00\x01",
+ .ptext = "\x2c\x0a\x55\x6e\x64\x20\x6d\x69"
+ "\x74\x20\x47\x65\x69\x73\x74\x65",
+ .ctext = "\x10\xfd\x9c\x75\x74\x7d\xa1\x49"
+ "\xef\xc9\x90\xa8\x24\x43\x8d\xee",
+ .len = 16,
+ }, {
+ .key = "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x01\x00\x00\x00\x10"
+ "\x4a\x6f\x68\x61\x6e\x6e\x20\x57"
+ "\x6f\x6c\x66\x67\x61\x6e\x67\x20",
+ .klen = 16 + 16,
+ .iv = "\x5a\x61\x75\x62\x65\x72\x6c\x65"
+ "\x68\x72\x6c\x69\x6e\x67\x00\x00",
+ .iv_out = "\x5a\x61\x75\x62\x65\x72\x6c\x65"
+ "\x68\x72\x6c\x69\x6e\x67\x00\x02",
+ .ptext = "\x73\x73\x74\xc3\xa4\x72\x6b\x65"
+ "\x0a\x54\x75\x20\x69\x63\x68\x20"
+ "\x57\x75\x6e\x64\x65\x72\x20\x61"
+ "\x75\x63\x68\x2e\x0a\x57\x61\x6c",
+ .ctext = "\x4f\x84\xbd\xd8\xb4\x2f\xa7\x45"
+ "\x91\xbd\xa2\xed\x24\x53\x91\xab"
+ "\x93\xbf\xe3\xce\xca\x97\x10\xaf"
+ "\x01\x50\x8a\xf8\x9f\x6c\x9c\x6c",
+ .len = 32,
+ }, {
+ .key = "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x02\x00\x00\x00\x18"
+ "\x4a\x6f\x68\x61\x6e\x6e\x20\x57"
+ "\x6f\x6c\x66\x67\x61\x6e\x67\x20"
+ "\x76\x6f\x6e\x20\x47\x6f\x65\x74",
+ .klen = 16 + 24,
+ .iv = "\x5a\x61\x75\x62\x65\x72\x6c\x65"
+ "\x68\x72\x6c\x69\x6e\x67\x00\x00",
+ .iv_out = "\x5a\x61\x75\x62\x65\x72\x6c\x65"
+ "\x68\x72\x6c\x69\x6e\x67\x00\x03",
+ .ptext = "\x6c\x65\x21\x20\x77\x61\x6c\x6c"
+ "\x65\x0a\x4d\x61\x6e\x63\x68\x65"
+ "\x20\x53\x74\x72\x65\x63\x6b\x65"
+ "\x2c\x0a\x44\x61\xc3\x9f\x2c\x20"
+ "\x7a\x75\x6d\x20\x5a\x77\x65\x63"
+ "\x6b\x65\x2c\x0a\x57\x61\x73\x73",
+ .ctext = "\xfa\x8a\x69\xe9\xb6\x0e\x33\x38"
+ "\x7a\x9b\x3a\x1d\x0e\xad\xb9\xc5"
+ "\x17\xc2\x8c\x5c\x0a\xa7\x6f\xf2"
+ "\x22\x81\xdd\x72\xf0\x69\x4a\xea"
+ "\x20\xb8\x8d\x3f\x4a\xf1\x96\xd9"
+ "\x45\x96\x87\x64\xae\xa4\x1c\xe0",
+ .len = 48,
+ }, {
+ .key = "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x03\x00\x00\x00\x20"
+ "\x4a\x6f\x68\x61\x6e\x6e\x20\x57"
+ "\x6f\x6c\x66\x67\x61\x6e\x67\x20"
+ "\x76\x6f\x6e\x20\x47\x6f\x65\x74"
+ "\x68\x65\x0a\x00\x00\x00\x00\x00",
+ .klen = 16 + 32,
+ .iv = "\x5a\x61\x75\x62\x65\x72\x6c\x65"
+ "\x68\x72\x6c\x69\x6e\x67\x00\x00",
+ .iv_out = "\x5a\x61\x75\x62\x65\x72\x6c\x65"
+ "\x68\x72\x6c\x69\x6e\x67\x00\x04",
+ .ptext = "\x65\x72\x20\x66\x6c\x69\x65\xc3"
+ "\x9f\x65\x0a\x55\x6e\x64\x20\x6d"
+ "\x69\x74\x20\x72\x65\x69\x63\x68"
+ "\x65\x6d\x2c\x20\x76\x6f\x6c\x6c"
+ "\x65\x6d\x20\x53\x63\x68\x77\x61"
+ "\x6c\x6c\x65\x0a\x5a\x75\x20\x64"
+ "\x65\x6d\x20\x42\x61\x64\x65\x20"
+ "\x73\x69\x63\x68\x20\x65\x72\x67",
+ .ctext = "\x7d\x37\x30\x05\x86\x89\x6c\x68"
+ "\xb9\xb1\xda\x71\xc7\x4d\x8e\x64"
+ "\x0b\x46\xdf\x0c\xd2\x25\x1f\x8f"
+ "\xd6\xc2\xd7\x35\x98\x6b\x31\x67"
+ "\xc0\x46\x69\x34\xc2\x3f\x2a\x13"
+ "\xc2\x4a\xbf\x5c\xe0\x6f\x92\x38"
+ "\x7b\xa5\x46\xc0\x70\x96\xa9\x09"
+ "\xe4\x03\x10\xbc\x28\xe7\xe9\xf8",
+ .len = 64,
+ },
+};
+
+static const struct cipher_testvec paes_ecb_tv_template[] = {
+ {
+ .key = "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x01\x00\x00\x00\x10"
+ "\x4a\x6f\x68\x61\x6e\x6e\x20\x57"
+ "\x6f\x6c\x66\x67\x61\x6e\x67\x20",
+ .klen = 16 + 16,
+ .ptext = "\x69\x65\xc3\x9f\x65\x2e\x0a\x55"
+ "\x6e\x64\x20\x6e\x75\x6e\x20\x6b",
+ .ctext = "\x22\xb1\xc6\x20\x52\x27\x69\xbc"
+ "\xac\x96\x6b\x39\xe7\x5f\x3c\x5e",
+ .len = 16,
+ }, {
+ .key = "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x01\x00\x00\x00\x10"
+ "\x4a\x6f\x68\x61\x6e\x6e\x20\x57"
+ "\x6f\x6c\x66\x67\x61\x6e\x67\x20",
+ .klen = 16 + 16,
+ .ptext = "\x6f\x6d\x6d\x2c\x20\x64\x75\x20"
+ "\x61\x6c\x74\x65\x72\x20\x42\x65"
+ "\x73\x65\x6e\x2c\x0a\x4e\x69\x6d"
+ "\x6d\x20\x64\x69\x65\x20\x73\x63",
+ .ctext = "\x74\x37\x97\x02\x47\xe8\x3f\xfd"
+ "\x06\xd4\x7f\x92\xe6\x86\xd5\xdd"
+ "\x20\x05\x7b\xa8\x5a\xe4\x55\x68"
+ "\xfe\x4e\x7e\x01\x47\x92\xc5\x9c",
+ .len = 32,
+ }, {
+ .key = "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x02\x00\x00\x00\x18"
+ "\x4a\x6f\x68\x61\x6e\x6e\x20\x57"
+ "\x6f\x6c\x66\x67\x61\x6e\x67\x20"
+ "\x76\x6f\x6e\x20\x47\x6f\x65\x74",
+ .klen = 16 + 24,
+ .ptext = "\x68\x6c\x65\x63\x68\x74\x65\x6e"
+ "\x20\x4c\x75\x6d\x70\x65\x6e\x68"
+ "\xc3\xbc\x6c\x6c\x65\x6e\x21\x0a"
+ "\x42\x69\x73\x74\x20\x73\x63\x68"
+ "\x6f\x6e\x20\x6c\x61\x6e\x67\x65"
+ "\x20\x4b\x6e\x65\x63\x68\x74\x20",
+ .ctext = "\x2c\xd6\xa7\x25\x94\x16\x47\xb0"
+ "\xad\x9f\x05\x17\x72\xa5\x5a\x82"
+ "\xcd\x0f\x01\xaa\x39\xd6\x52\x1e"
+ "\x8d\x3d\x87\x0e\xdd\x67\xa0\xb7"
+ "\xbc\x9e\xd6\xf4\x11\xad\x94\x21"
+ "\xd2\x95\x44\xca\x76\xfd\x75\xc2",
+ .len = 48,
+ }, {
+ .key = "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x03\x00\x00\x00\x20"
+ "\x4a\x6f\x68\x61\x6e\x6e\x20\x57"
+ "\x6f\x6c\x66\x67\x61\x6e\x67\x20"
+ "\x76\x6f\x6e\x20\x47\x6f\x65\x74"
+ "\x68\x65\x0a\x00\x00\x00\x00\x00",
+ .klen = 16 + 32,
+ .ptext = "\x67\x65\x77\x65\x73\x65\x6e\x3a"
+ "\x0a\x4e\x75\x6e\x20\x65\x72\x66"
+ "\xc3\xbc\x6c\x6c\x65\x20\x6d\x65"
+ "\x69\x6e\x65\x6e\x20\x57\x69\x6c"
+ "\x6c\x65\x6e\x21\x0a\x41\x75\x66"
+ "\x20\x7a\x77\x65\x69\x20\x42\x65"
+ "\x69\x6e\x65\x6e\x20\x73\x74\x65"
+ "\x68\x65\x2c\x0a\x4f\x62\x65\x6e",
+ .ctext = "\x93\x33\xa3\xb0\xa5\xda\x3d\x2b"
+ "\xf1\xde\x19\xb4\xe5\xa6\x89\xa9"
+ "\x3f\xaa\x25\x69\x2c\x54\xd1\x0d"
+ "\xaa\x6b\xd2\x91\xfb\x6d\xb7\x6c"
+ "\xad\xa6\xf5\x0a\x20\x24\x5a\x1e"
+ "\x41\x01\xc4\x45\x4a\x4b\xf9\x26"
+ "\xf0\xb3\x42\xfb\x5a\xe4\x55\x4c"
+ "\xea\x2b\xd8\x31\x60\x6e\xef\xe9",
+ .len = 64,
+ },
+};
+
+static const struct cipher_testvec paes_xts_tv_template[] = {
+ {
+ .key = "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x01\x00\x00\x00\x10"
+ "\x4a\x6f\x68\x61\x6e\x6e\x20\x57"
+ "\x6f\x6c\x66\x67\x61\x6e\x67\x20"
+ "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x01\x00\x00\x00\x10"
+ "\x44\x65\x72\x20\x5a\x61\x75\x62"
+ "\x65\x72\x6c\x65\x68\x72\x6c\x69",
+ .klen = 2 * (16 + 16),
+ .iv = "\x31\x37\x34\x39\x2d\x31\x38\x33"
+ "\x32\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x20\x73\x65\x69\x20\x65\x69\x6e"
+ "\x20\x4b\x6f\x70\x66\x2c\x0a\x45",
+ .ctext = "\x53\xc8\x2f\x3f\x95\x06\x19\x08"
+ "\xc5\xe0\xf4\x4a\xeb\x00\x50\xd9",
+ .len = 16,
+ }, {
+ .key = "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x01\x00\x00\x00\x10"
+ "\x4a\x6f\x68\x61\x6e\x6e\x20\x57"
+ "\x6f\x6c\x66\x67\x61\x6e\x67\x20"
+ "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x01\x00\x00\x00\x10"
+ "\x44\x65\x72\x20\x5a\x61\x75\x62"
+ "\x65\x72\x6c\x65\x68\x72\x6c\x69",
+ .klen = 2 * (16 + 16),
+ .iv = "\x31\x37\x34\x39\x2d\x31\x38\x33"
+ "\x32\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x69\x6c\x65\x20\x6e\x75\x6e\x20"
+ "\x75\x6e\x64\x20\x67\x65\x68\x65"
+ "\x0a\x4d\x69\x74\x20\x64\x65\x6d"
+ "\x20\x57\x61\x73\x73\x65\x72\x74",
+ .ctext = "\xe4\x08\xdc\x74\xba\xa2\xb2\x09"
+ "\xe4\x1a\x34\x81\xb6\x65\xe7\x7a"
+ "\x51\xe3\x88\x36\xb8\xb1\x23\xfe"
+ "\x83\x21\xd8\x2e\x9d\x78\xfb\x06",
+ .len = 32,
+ }, {
+ .key = "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x03\x00\x00\x00\x20"
+ "\x4a\x6f\x68\x61\x6e\x6e\x20\x57"
+ "\x6f\x6c\x66\x67\x61\x6e\x67\x20"
+ "\x76\x6f\x6e\x20\x47\x6f\x65\x74"
+ "\x68\x65\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x02\x00\x00\x00"
+ "\x00\x00\x00\x03\x00\x00\x00\x20"
+ "\x44\x65\x72\x20\x5a\x61\x75\x62"
+ "\x65\x72\x6c\x65\x68\x72\x6c\x69"
+ "\x6e\x67\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .klen = 2 * (16 + 32),
+ .iv = "\x31\x37\x34\x39\x2d\x31\x38\x33"
+ "\x32\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x6f\x70\x66\x21\x0a\x57\x61\x6c"
+ "\x6c\x65\x21\x20\x77\x61\x6c\x6c"
+ "\x65\x0a\x4d\x61\x6e\x63\x68\x65"
+ "\x20\x53\x74\x72\x65\x63\x6b\x65"
+ "\x2c\x0a\x44\x61\xc3\x9f\x2c\x20"
+ "\x7a\x75\x6d\x20\x5a\x77\x65\x63"
+ "\x6b\x65\x2c\x0a\x57\x61\x73\x73"
+ "\x65\x72\x20\x66\x6c\x69\x65\xc3",
+ .ctext = "\x04\x02\x88\xed\xe0\xce\x13\xad"
+ "\x9b\x9d\x7f\x10\xdf\x7d\x7b\xc5"
+ "\xf0\xab\x35\x07\x1a\xfa\xdd\x33"
+ "\xf1\x10\x52\x1e\x1f\x6b\x41\x3a"
+ "\xef\xae\xbb\xd9\xf0\x1d\x1b\x7b"
+ "\x2c\x77\xee\x18\xe4\x51\x18\xc5"
+ "\x99\xb6\x83\x3b\x5f\xae\x14\x6e"
+ "\xc9\x22\x9c\x0a\xaa\x2f\x0a\xe1",
+ .len = 64,
+ },
+};
+#endif /* CONFIG_CRYPTO_PAES_S390 */
+
#endif /* _CRYPTO_TESTMGR_H */
--
2.17.1
On Wed, Nov 13, 2019 at 11:55:23AM +0100, Harald Freudenberger wrote:
> This patch adds selftests for the s390 specific protected key
> AES (PAES) cipher implementations:
> * cbc-paes-s390
> * ctr-paes-s390
> * ecb-paes-s390
> * xts-paes-s390
> PAES is an AES cipher but with encrypted ('protected') key
> material. So here come ordinary AES enciphered data values
> but with a special key format understood by the PAES
> implementation.
>
> The testdata definitons and testlist entries are surrounded
> by #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) because they don't
> make any sense on non s390 platforms or without the PAES
> cipher implementation.
>
> Signed-off-by: Harald Freudenberger <[email protected]>
> ---
> crypto/testmgr.c | 36 +++++
> crypto/testmgr.h | 334 +++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 370 insertions(+)
So with your cleartext work, I gather that you can now supply
arbitrary keys to paes? If so my preferred method of testing it
would be to add a paes-specific tester function that massaged the
existing aes vectors into the format required by paes so you
get exactly the same testing coverage as plain aes.
Is this possible?
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On 22.11.19 09:16, Herbert Xu wrote:
> On Wed, Nov 13, 2019 at 11:55:23AM +0100, Harald Freudenberger wrote:
>> This patch adds selftests for the s390 specific protected key
>> AES (PAES) cipher implementations:
>> * cbc-paes-s390
>> * ctr-paes-s390
>> * ecb-paes-s390
>> * xts-paes-s390
>> PAES is an AES cipher but with encrypted ('protected') key
>> material. So here come ordinary AES enciphered data values
>> but with a special key format understood by the PAES
>> implementation.
>>
>> The testdata definitons and testlist entries are surrounded
>> by #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) because they don't
>> make any sense on non s390 platforms or without the PAES
>> cipher implementation.
>>
>> Signed-off-by: Harald Freudenberger <[email protected]>
>> ---
>> crypto/testmgr.c | 36 +++++
>> crypto/testmgr.h | 334 +++++++++++++++++++++++++++++++++++++++++++++++
>> 2 files changed, 370 insertions(+)
> So with your cleartext work, I gather that you can now supply
> arbitrary keys to paes? If so my preferred method of testing it
> would be to add a paes-specific tester function that massaged the
> existing aes vectors into the format required by paes so you
> get exactly the same testing coverage as plain aes.
>
> Is this possible?
>
> Thanks,
Thanks for your feedback.
I thought about this too. But it would require to implement own versions of
alg_test_skcipher() and test_skcipher() and test_skcipher_vs_generic_impl()
and that's a lot of complicated code unique for paes within testmgr.c
I'd like to avoid.
On Fri, Nov 22, 2019 at 10:11:30AM +0100, Harald Freudenberger wrote:
>
> I thought about this too. But it would require to implement own versions of
> alg_test_skcipher() and test_skcipher() and test_skcipher_vs_generic_impl()
> and that's a lot of complicated code unique for paes within testmgr.c
> I'd like to avoid.
I don't think you have to do test_skcipher_vs_generic_impl right
away. Just supporting the normal test vectors should be the same
as your current patch with the advantage that any changes to the
generic test vectors will be picked up automatically for paes.
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
On 22.11.19 09:16, Herbert Xu wrote:
> On Wed, Nov 13, 2019 at 11:55:23AM +0100, Harald Freudenberger wrote:
>> This patch adds selftests for the s390 specific protected key
>> AES (PAES) cipher implementations:
>> * cbc-paes-s390
>> * ctr-paes-s390
>> * ecb-paes-s390
>> * xts-paes-s390
>> PAES is an AES cipher but with encrypted ('protected') key
>> material. So here come ordinary AES enciphered data values
>> but with a special key format understood by the PAES
>> implementation.
>>
>> The testdata definitons and testlist entries are surrounded
>> by #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) because they don't
>> make any sense on non s390 platforms or without the PAES
>> cipher implementation.
>>
>> Signed-off-by: Harald Freudenberger <[email protected]>
>> ---
>> crypto/testmgr.c | 36 +++++
>> crypto/testmgr.h | 334 +++++++++++++++++++++++++++++++++++++++++++++++
>> 2 files changed, 370 insertions(+)
> So with your cleartext work, I gather that you can now supply
> arbitrary keys to paes? If so my preferred method of testing it
> would be to add a paes-specific tester function that massaged the
> existing aes vectors into the format required by paes so you
> get exactly the same testing coverage as plain aes.
>
> Is this possible?
>
> Thanks,
So here is now a reworked version of the paes selftest invocation within the testmanager code.
I picked your suggestions and now the paes ciphers are able to deal with plain aes key values
and so can benefit from the generic aes testcases.
Please note, this patch needs as a prerequirement some other patches which enable the
base functionality in the zcyrpt device driver and the pkey kernel module. These patches
will come with the next s390 subsystem merge for the 5.6 development kernel. If you agree
to this patch, then Vasily will push this patch with the s390 subsystem together as part of the patch
series.
Thanks and here is the patch for the testmanager:
============================================================
From fb82ea49910b8cde33ca7286c8855c0326e78177 Mon Sep 17 00:00:00 2001
From: Harald Freudenberger <[email protected]>
Date: Wed, 22 Jan 2020 14:43:23 +0100
Subject: [PATCH] crypto/testmgr: enable selftests for paes-s390 ciphers
This patch enables the selftests for the s390 specific protected key
AES (PAES) cipher implementations:
* cbc-paes-s390
* ctr-paes-s390
* ecb-paes-s390
* xts-paes-s390
PAES is an AES cipher but with encrypted ('protected') key
material. However, the paes ciphers are able to derive an protected
key from clear key material with the help of the pkey kernel module.
So this patch now enables the generic AES tests for the paes
ciphers. Under the hood the setkey() functions rearrange the clear key
values as clear key token and so the pkey kernel module is able to
provide protected key blobs from the given clear key values. The
derived protected key blobs are then used within the paes cipers and
should produce the very same results as the generic AES implementation
with the clear key values.
The s390-paes cipher testlist entries are surrounded
by #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) because they don't
make any sense on non s390 platforms or without the PAES
cipher implementation.
Signed-off-by: Harald Freudenberger <[email protected]>
Reviewed-by: Ingo Franzki <[email protected]>
Acked-by: Vasily Gorbik <[email protected]>
---
crypto/testmgr.c | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 82513b6b0abd..6c4a98102825 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4156,6 +4156,15 @@ static const struct alg_test_desc alg_test_descs[] = {
.cipher = __VECS(tf_cbc_tv_template)
},
}, {
+#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
+ .alg = "cbc-paes-s390",
+ .fips_allowed = 1,
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(aes_cbc_tv_template)
+ }
+ }, {
+#endif
.alg = "cbcmac(aes)",
.fips_allowed = 1,
.test = alg_test_hash,
@@ -4304,6 +4313,15 @@ static const struct alg_test_desc alg_test_descs[] = {
.cipher = __VECS(tf_ctr_tv_template)
}
}, {
+#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
+ .alg = "ctr-paes-s390",
+ .fips_allowed = 1,
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(aes_ctr_tv_template)
+ }
+ }, {
+#endif
.alg = "cts(cbc(aes))",
.test = alg_test_skcipher,
.fips_allowed = 1,
@@ -4596,6 +4614,15 @@ static const struct alg_test_desc alg_test_descs[] = {
.cipher = __VECS(xtea_tv_template)
}
}, {
+#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
+ .alg = "ecb-paes-s390",
+ .fips_allowed = 1,
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(aes_tv_template)
+ }
+ }, {
+#endif
.alg = "ecdh",
.test = alg_test_kpp,
.fips_allowed = 1,
@@ -5167,6 +5194,15 @@ static const struct alg_test_desc alg_test_descs[] = {
.cipher = __VECS(tf_xts_tv_template)
}
}, {
+#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
+ .alg = "xts-paes-s390",
+ .fips_allowed = 1,
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(aes_xts_tv_template)
+ }
+ }, {
+#endif
.alg = "xts4096(paes)",
.test = alg_test_null,
.fips_allowed = 1,
--
2.17.1
Hello Herbert
sorry for my pressing ... but I received questions from a distro about if they can pick
this. And the pre requirement is to have this upstream accepted. So will you accept this
and it will appear in the 5.6 kernel or do you want me to do some rework ?
Thanks
On 31.01.20 12:06, Harald Freudenberger wrote:
> On 22.11.19 09:16, Herbert Xu wrote:
>> On Wed, Nov 13, 2019 at 11:55:23AM +0100, Harald Freudenberger wrote:
>>> This patch adds selftests for the s390 specific protected key
>>> AES (PAES) cipher implementations:
>>> * cbc-paes-s390
>>> * ctr-paes-s390
>>> * ecb-paes-s390
>>> * xts-paes-s390
>>> PAES is an AES cipher but with encrypted ('protected') key
>>> material. So here come ordinary AES enciphered data values
>>> but with a special key format understood by the PAES
>>> implementation.
>>>
>>> The testdata definitons and testlist entries are surrounded
>>> by #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) because they don't
>>> make any sense on non s390 platforms or without the PAES
>>> cipher implementation.
>>>
>>> Signed-off-by: Harald Freudenberger <[email protected]>
>>> ---
>>> crypto/testmgr.c | 36 +++++
>>> crypto/testmgr.h | 334 +++++++++++++++++++++++++++++++++++++++++++++++
>>> 2 files changed, 370 insertions(+)
>> So with your cleartext work, I gather that you can now supply
>> arbitrary keys to paes? If so my preferred method of testing it
>> would be to add a paes-specific tester function that massaged the
>> existing aes vectors into the format required by paes so you
>> get exactly the same testing coverage as plain aes.
>>
>> Is this possible?
>>
>> Thanks,
>
> So here is now a reworked version of the paes selftest invocation within the testmanager code.
> I picked your suggestions and now the paes ciphers are able to deal with plain aes key values
> and so can benefit from the generic aes testcases.
> Please note, this patch needs as a prerequirement some other patches which enable the
> base functionality in the zcyrpt device driver and the pkey kernel module. These patches
> will come with the next s390 subsystem merge for the 5.6 development kernel. If you agree
> to this patch, then Vasily will push this patch with the s390 subsystem together as part of the patch
> series.
>
> Thanks and here is the patch for the testmanager:
>
> ============================================================
>
> From fb82ea49910b8cde33ca7286c8855c0326e78177 Mon Sep 17 00:00:00 2001
> From: Harald Freudenberger <[email protected]>
> Date: Wed, 22 Jan 2020 14:43:23 +0100
> Subject: [PATCH] crypto/testmgr: enable selftests for paes-s390 ciphers
>
> This patch enables the selftests for the s390 specific protected key
> AES (PAES) cipher implementations:
> * cbc-paes-s390
> * ctr-paes-s390
> * ecb-paes-s390
> * xts-paes-s390
> PAES is an AES cipher but with encrypted ('protected') key
> material. However, the paes ciphers are able to derive an protected
> key from clear key material with the help of the pkey kernel module.
>
> So this patch now enables the generic AES tests for the paes
> ciphers. Under the hood the setkey() functions rearrange the clear key
> values as clear key token and so the pkey kernel module is able to
> provide protected key blobs from the given clear key values. The
> derived protected key blobs are then used within the paes cipers and
> should produce the very same results as the generic AES implementation
> with the clear key values.
>
> The s390-paes cipher testlist entries are surrounded
> by #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) because they don't
> make any sense on non s390 platforms or without the PAES
> cipher implementation.
>
> Signed-off-by: Harald Freudenberger <[email protected]>
> Reviewed-by: Ingo Franzki <[email protected]>
> Acked-by: Vasily Gorbik <[email protected]>
> ---
> crypto/testmgr.c | 36 ++++++++++++++++++++++++++++++++++++
> 1 file changed, 36 insertions(+)
>
> diff --git a/crypto/testmgr.c b/crypto/testmgr.c
> index 82513b6b0abd..6c4a98102825 100644
> --- a/crypto/testmgr.c
> +++ b/crypto/testmgr.c
> @@ -4156,6 +4156,15 @@ static const struct alg_test_desc alg_test_descs[] = {
> .cipher = __VECS(tf_cbc_tv_template)
> },
> }, {
> +#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
> + .alg = "cbc-paes-s390",
> + .fips_allowed = 1,
> + .test = alg_test_skcipher,
> + .suite = {
> + .cipher = __VECS(aes_cbc_tv_template)
> + }
> + }, {
> +#endif
> .alg = "cbcmac(aes)",
> .fips_allowed = 1,
> .test = alg_test_hash,
> @@ -4304,6 +4313,15 @@ static const struct alg_test_desc alg_test_descs[] = {
> .cipher = __VECS(tf_ctr_tv_template)
> }
> }, {
> +#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
> + .alg = "ctr-paes-s390",
> + .fips_allowed = 1,
> + .test = alg_test_skcipher,
> + .suite = {
> + .cipher = __VECS(aes_ctr_tv_template)
> + }
> + }, {
> +#endif
> .alg = "cts(cbc(aes))",
> .test = alg_test_skcipher,
> .fips_allowed = 1,
> @@ -4596,6 +4614,15 @@ static const struct alg_test_desc alg_test_descs[] = {
> .cipher = __VECS(xtea_tv_template)
> }
> }, {
> +#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
> + .alg = "ecb-paes-s390",
> + .fips_allowed = 1,
> + .test = alg_test_skcipher,
> + .suite = {
> + .cipher = __VECS(aes_tv_template)
> + }
> + }, {
> +#endif
> .alg = "ecdh",
> .test = alg_test_kpp,
> .fips_allowed = 1,
> @@ -5167,6 +5194,15 @@ static const struct alg_test_desc alg_test_descs[] = {
> .cipher = __VECS(tf_xts_tv_template)
> }
> }, {
> +#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
> + .alg = "xts-paes-s390",
> + .fips_allowed = 1,
> + .test = alg_test_skcipher,
> + .suite = {
> + .cipher = __VECS(aes_xts_tv_template)
> + }
> + }, {
> +#endif
> .alg = "xts4096(paes)",
> .test = alg_test_null,
> .fips_allowed = 1,
On Mon, Feb 10, 2020 at 08:19:25AM +0100, Harald Freudenberger wrote:
> Hello Herbert
>
> sorry for my pressing ... but I received questions from a distro about if they can pick
> this. And the pre requirement is to have this upstream accepted. So will you accept this
> and it will appear in the 5.6 kernel or do you want me to do some rework ?
Hi Harald:
It's too late for 5.6 I'm afraid. However, if you can get them
submitted right away then 5.7 is certainly not a problem.
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
This patch enables the selftests for the s390 specific protected key
AES (PAES) cipher implementations:
? * cbc-paes-s390
? * ctr-paes-s390
? * ecb-paes-s390
? * xts-paes-s390
PAES is an AES cipher but with encrypted ('protected') key
material. However, the paes ciphers are able to derive an protected
key from clear key material with the help of the pkey kernel module.
So this patch now enables the generic AES tests for the paes
ciphers. Under the hood the setkey() functions rearrange the clear key
values as clear key token and so the pkey kernel module is able to
provide protected key blobs from the given clear key values. The
derived protected key blobs are then used within the paes cipers and
should produce the very same results as the generic AES implementation
with the clear key values.
The s390-paes cipher testlist entries are surrounded
by #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) because they don't
make any sense on non s390 platforms or without the PAES
cipher implementation.
Signed-off-by: Harald Freudenberger <[email protected]>
Signed-off-by: Vasily Gorbik <[email protected]>
---
?crypto/testmgr.c | 36 ++++++++++++++++++++++++++++++++++++
?1 file changed, 36 insertions(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 82513b6b0abd..6c4a98102825 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4156,6 +4156,15 @@ static const struct alg_test_desc alg_test_descs[] = {
???? ??? ??? .cipher = __VECS(tf_cbc_tv_template)
???? ??? },
???? }, {
+#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
+??? ??? .alg = "cbc-paes-s390",
+??? ??? .fips_allowed = 1,
+??? ??? .test = alg_test_skcipher,
+??? ??? .suite = {
+??? ??? ??? .cipher = __VECS(aes_cbc_tv_template)
+??? ??? }
+??? }, {
+#endif
???? ??? .alg = "cbcmac(aes)",
???? ??? .fips_allowed = 1,
???? ??? .test = alg_test_hash,
@@ -4304,6 +4313,15 @@ static const struct alg_test_desc alg_test_descs[] = {
???? ??? ??? .cipher = __VECS(tf_ctr_tv_template)
???? ??? }
???? }, {
+#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
+??? ??? .alg = "ctr-paes-s390",
+??? ??? .fips_allowed = 1,
+??? ??? .test = alg_test_skcipher,
+??? ??? .suite = {
+??? ??? ??? .cipher = __VECS(aes_ctr_tv_template)
+??? ??? }
+??? }, {
+#endif
???? ??? .alg = "cts(cbc(aes))",
???? ??? .test = alg_test_skcipher,
???? ??? .fips_allowed = 1,
@@ -4596,6 +4614,15 @@ static const struct alg_test_desc alg_test_descs[] = {
???? ??? ??? .cipher = __VECS(xtea_tv_template)
???? ??? }
???? }, {
+#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
+??? ??? .alg = "ecb-paes-s390",
+??? ??? .fips_allowed = 1,
+??? ??? .test = alg_test_skcipher,
+??? ??? .suite = {
+??? ??? ??? .cipher = __VECS(aes_tv_template)
+??? ??? }
+??? }, {
+#endif
???? ??? .alg = "ecdh",
???? ??? .test = alg_test_kpp,
???? ??? .fips_allowed = 1,
@@ -5167,6 +5194,15 @@ static const struct alg_test_desc alg_test_descs[] = {
???? ??? ??? .cipher = __VECS(tf_xts_tv_template)
???? ??? }
???? }, {
+#if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
+??? ??? .alg = "xts-paes-s390",
+??? ??? .fips_allowed = 1,
+??? ??? .test = alg_test_skcipher,
+??? ??? .suite = {
+??? ??? ??? .cipher = __VECS(aes_xts_tv_template)
+??? ??? }
+??? }, {
+#endif
???? ??? .alg = "xts4096(paes)",
???? ??? .test = alg_test_null,
???? ??? .fips_allowed = 1,
--
2.17.1
On Thu, Feb 13, 2020 at 08:40:06AM +0100, Harald Freudenberger wrote:
> This patch enables the selftests for the s390 specific protected key
> AES (PAES) cipher implementations:
> ? * cbc-paes-s390
> ? * ctr-paes-s390
> ? * ecb-paes-s390
> ? * xts-paes-s390
> PAES is an AES cipher but with encrypted ('protected') key
> material. However, the paes ciphers are able to derive an protected
> key from clear key material with the help of the pkey kernel module.
>
> So this patch now enables the generic AES tests for the paes
> ciphers. Under the hood the setkey() functions rearrange the clear key
> values as clear key token and so the pkey kernel module is able to
> provide protected key blobs from the given clear key values. The
> derived protected key blobs are then used within the paes cipers and
> should produce the very same results as the generic AES implementation
> with the clear key values.
>
> The s390-paes cipher testlist entries are surrounded
> by #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) because they don't
> make any sense on non s390 platforms or without the PAES
> cipher implementation.
>
> Signed-off-by: Harald Freudenberger <[email protected]>
> Signed-off-by: Vasily Gorbik <[email protected]>
> ---
> ?crypto/testmgr.c | 36 ++++++++++++++++++++++++++++++++++++
> ?1 file changed, 36 insertions(+)
Acked-by: Herbert Xu <[email protected]>
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt