android_kernel_xiaomi_sm8450

History

Eric Biggers 2ee56aad31 ANDROID: fips140: add AES-CMAC AES-CMAC is a FIPS allowed algorithm, and fips140.ko already has arm64 implementations of it. Meanwhile, GKI includes both these arm64 implementations as well as the "cmac" template. Add the "cmac" template to fips140.ko too and add a self-test for AES-CMAC, so that we can include AES-CMAC in the set of algorithms which will be certified. As with a number of the other algorithms, the criteria for which algorithms need to be in the certified set are still not particularly clear, but the latest guidance we've received is to error on the side of including algorithms. Bug: 153614920 Bug: 188620248 Change-Id: I6c1d9281fe848a7101d5ef94ab48e5a41bbcc6f8 Signed-off-by: Eric Biggers <ebiggers@google.com> (cherry picked from commit 038dc9f2cc956cab561bd9d50120920010867b75)	2021-10-29 13:32:13 -07:00
..
gen_fips140_testvecs.py	ANDROID: fips140: add AES-CMAC	2021-10-29 13:32:13 -07:00

Eric Biggers 2ee56aad31 ANDROID: fips140: add AES-CMAC

AES-CMAC is a FIPS allowed algorithm, and fips140.ko already has
arm64 implementations of it.  Meanwhile, GKI includes both these arm64
implementations as well as the "cmac" template.  Add the "cmac" template
to fips140.ko too and add a self-test for AES-CMAC, so that we can
include AES-CMAC in the set of algorithms which will be certified.

As with a number of the other algorithms, the criteria for which
algorithms need to be in the certified set are still not particularly
clear, but the latest guidance we've received is to error on the side of
including algorithms.

Bug: 153614920
Bug: 188620248
Change-Id: I6c1d9281fe848a7101d5ef94ab48e5a41bbcc6f8
Signed-off-by: Eric Biggers <ebiggers@google.com>
(cherry picked from commit 038dc9f2cc956cab561bd9d50120920010867b75)

2021-10-29 13:32:13 -07:00

gen_fips140_testvecs.py

ANDROID: fips140: add AES-CMAC

2021-10-29 13:32:13 -07:00