The lab is required to test injecting an integrity error, so add a
module parameter fail_integrity_check=1 which does this. This parameter
is only supported when CONFIG_CRYPTO_FIPS140_MOD_EVAL_TESTING=y.
Bug: 188620248
Change-Id: I1f3683837706dc1df2755ca5b6e88f21f7956135
Signed-off-by: Eric Biggers <ebiggers@google.com>
It turns out that we have to add more code to the module to support lab
evaluation testing, beyond the error injection support we currently
have. Therefore, rename CONFIG_CRYPTO_FIPS140_MOD_ERROR_INJECTION to
CONFIG_CRYPTO_FIPS140_MOD_EVAL_TESTING, and move the relevant code into
a new file fips140-eval-testing.c which is conditionally compiled.
Also rename the "broken_alg" module parameter to "fail_selftest" so that
it is similar to "fail_integrity_check" which we'll be adding.
Bug: 188620248
Change-Id: I01bcbf7525690e277854ba4ed8dd89e7cd08d98e
Signed-off-by: Eric Biggers <ebiggers@google.com>
Use the standard auto-generated kernel version string instead of a
manually assigned version number that will get out-of-date. There was
discussion of custom version numbers being needed for certification
purposes, but it appears that they won't be needed after all.
This will produce a version string like
"5.10.66-android12-9-00017-g0b8a0a4df237".
Bug: 188620248
Change-Id: Ia369e91e4a18f489418123c672686e05ca99063d
Signed-off-by: Eric Biggers <ebiggers@google.com>
(cherry picked from commit 4e0c1040758540aac34b753ed41792c8ad322a8c)
This is needed to meet a FIPS 140-3 requirement that modules provide a
service that retrieves their name and versioning information.
Bug: 188620248
Change-Id: I36049c839c4217e3616daab52ec536b46479c12a
Signed-off-by: Eric Biggers <ebiggers@google.com>
(cherry picked from commit 2888f960d09f3af00d1e45f1facd311ccd5b778a)
To satisfy the FIPS 140-3 "service indicators" requirement, add a
function which checks whether the given algorithm is "approved" or not.
Note that this function is a bit different from the module's other APIs
in that it is an exported symbol rather than a registration-based API.
This avoids needing to make kernel/KMI changes, so I think we should do
it this way if possible, given that it's unlikely this function will be
used in practice outside of the lab test. Built-in code can still call
this function via symbol_get() if it really wants to.
Bug: 188620248
Change-Id: I26c976258fa9446b34eb189bba7154142d85da16
Signed-off-by: Eric Biggers <ebiggers@google.com>
(cherry picked from commit fe4b8d3c687efcf27064e472730291edbd81dad6)
As per the new guidance from the lab, the module must block crypto
operations until the tests have completed. It's unclear what this means
exactly (given that technically this is impossible), but let's make some
changes that should be enough to comply with the requirement's intent.
First, register the library functions and update the live algorithms
after the tests rather than before the tests. This is a trivial change.
Much more problematic is the fact that the algorithms are registered
with the kernel's crypto framework before the tests run, as the tests
depend on the framework. Unfortunately, the lab believes that the
kernel isn't allowed to enforce the ordering here; the module itself
must. Moreover, trying to solve this by copying the crypto API
framework into the module proved to be heavily problematic.
Thus, implement an alternate solution: make the module override the tfm
initialization function of every algorithm it registers, so that it can
wait for the tests to complete before allowing the use of any algorithm.
This is sufficient if the user makes a supported sequence of API calls.
Bug: 153614920
Bug: 188620248
Change-Id: I11ffba90c08114dda4e91c4be7ce8b608c4e14c1
Signed-off-by: Eric Biggers <ebiggers@google.com>
(cherry picked from commit 02e48f383b2acb42c85028563cc75453842f11ce)
Make fips140.ko run a suite of known answer self-tests at load time to
demonstrate the correct operation of cryptographic functionality, as
required by FIPS 140-2/3 and NIAP FPT_TST_EXT.1.1.
Bug: 153614920
Bug: 173104584
Bug: 188620248
Test: Built and loaded fips140.ko on a HiKey960, and on a Pixel device.
Change-Id: I38e5c8052ff57ddfe44624beb626d38b7706b0a4
Co-developed-by: Elena Petrova <lenaptr@google.com>
Signed-off-by: Elena Petrova <lenaptr@google.com>
[ebiggers: Rewrote most of lenaptr@'s original patch. Added some
missing tests, removed some unnecessary tests in accordance with the
FIPS 140-2 IG, changed most test vectors and added a script to generate
them, removed an unnecessary kconfig option, changed implementation of
error injection, and many other improvements.]
Signed-off-by: Eric Biggers <ebiggers@google.com>
[ardb: add generation of AES-CTR test vector and the associated runtime
selftest]
Signed-off-by: Ard Biesheuvel <ardb@google.com>
