subject:"\[PATCH RFC v3 3\/3\] crypto\: add tests vectors for RSA"

Re: [PATCH RFC v3 3/3] crypto: add tests vectors for RSA

2015-06-04 Thread Tadeusz Struk

Hi Stephan
On 06/03/2015 05:15 PM, Stephan Mueller wrote:
 May I ask that the outbuf_enc is memcmp()ed with an expected value? This 
 check 
 is required for FIPS 140-2 compliance. Without that memcmp, FIPS 140-2 
 validations will not be successful.

Sure, I will do that. I wasn't aware that this was required.

 
 Sorry for bringing that one up just now: 512 and 1024 bit test vectors will 
 not be helpful for several use cases, including FIPS. I can offer to give you 
 2k or 3k vectors.

I have one 2K vector from openSSL fips so I'll use it instead of the 512 one.

 Besides, wouldn't one vector be sufficient?

I think there is no harm to have these 3 vectors to make sure an implementation
is well tested.
--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH RFC v3 3/3] crypto: add tests vectors for RSA

2015-06-03 Thread Tadeusz Struk

New test vectors for RSA algorithm.

Signed-off-by: Tadeusz Struk tadeusz.st...@intel.com
---
 crypto/testmgr.c |  151 ++
 crypto/testmgr.h |   86 +++
 2 files changed, 237 insertions(+)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 717d6f2..54a5412 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -30,6 +30,8 @@
 #include linux/string.h
 #include crypto/rng.h
 #include crypto/drbg.h
+#include crypto/public_key.h
+#include crypto/akcipher.h
 
 #include internal.h
 
@@ -116,6 +118,11 @@ struct drbg_test_suite {
unsigned int count;
 };
 
+struct akcipher_test_suite {
+   struct akcipher_testvec *vecs;
+   unsigned int count;
+};
+
 struct alg_test_desc {
const char *alg;
int (*test)(const struct alg_test_desc *desc, const char *driver,
@@ -130,6 +137,7 @@ struct alg_test_desc {
struct hash_test_suite hash;
struct cprng_test_suite cprng;
struct drbg_test_suite drbg;
+   struct akcipher_test_suite akcipher;
} suite;
 };
 
@@ -1825,6 +1833,139 @@ static int alg_test_drbg(const struct alg_test_desc 
*desc, const char *driver,
 
 }
 
+static int do_test_rsa(struct crypto_akcipher *tfm,
+  struct akcipher_testvec *vecs)
+{
+   struct akcipher_request *req;
+   struct public_key pkey;
+   void *outbuf_enc = NULL;
+   void *outbuf_dec = NULL;
+   struct tcrypt_result result;
+   unsigned int out_len = vecs-c_size;
+   int err = -ENOMEM;
+
+   req = akcipher_request_alloc(tfm, GFP_KERNEL);
+   if (!req)
+   return err;
+
+   pkey.rsa.n = mpi_read_raw_data(vecs-pub_key_n, vecs-pub_key_n_size);
+   if (!pkey.rsa.n)
+   goto free_req;
+
+   pkey.rsa.e = mpi_read_raw_data(vecs-pub_key_e, vecs-pub_key_e_size);
+   if (!pkey.rsa.e)
+   goto free_n;
+
+   pkey.rsa.d = mpi_read_raw_data(vecs-sec_key_d, vecs-sec_key_d_size);
+   if (!pkey.rsa.d)
+   goto free_e;
+
+   outbuf_enc = kzalloc(vecs-c_size, GFP_KERNEL);
+   if (!outbuf_enc)
+   goto free_d;
+
+   /* Run RSA encrypt - c = m^e mod n;*/
+   init_completion(result.completion);
+   crypto_akcipher_setkey(tfm, pkey);
+   akcipher_request_set_crypt(req, vecs-m, outbuf_enc, vecs-m_size,
+  out_len, out_len);
+   akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
+ tcrypt_complete, result);
+   err = wait_async_op(result, crypto_akcipher_encrypt(req));
+   if (err) {
+   pr_err(alg: rsa: encrypt test failed. err %d\n, err);
+   goto free_all;
+   }
+
+   if (out_len != vecs-c_size) {
+   err = -EINVAL;
+   goto free_all;
+   }
+
+   outbuf_dec = kzalloc(out_len, GFP_KERNEL);
+   if (!outbuf_dec) {
+   err = -ENOMEM;
+   goto free_all;
+   }
+
+   init_completion(result.completion);
+   akcipher_request_set_crypt(req, outbuf_enc, outbuf_dec, vecs-c_size,
+  out_len, out_len);
+   /* Run RSA decrypt - m = c^d mod n;*/
+   err = wait_async_op(result, crypto_akcipher_decrypt(req));
+   if (err) {
+   pr_err(alg: rsa: decrypt test failed. err %d\n, err);
+   goto free_all;
+   }
+
+   if (out_len != vecs-m_size) {
+   err = -EINVAL;
+   goto free_all;
+   }
+
+   /* verify that decrypted message is equal to the original msg */
+   if (memcmp(vecs-m, outbuf_dec, vecs-m_size)) {
+   pr_err(alg: rsa: encrypt test failed. Invalid output\n);
+   err = -EINVAL;
+   }
+free_all:
+   kfree(outbuf_dec);
+   kfree(outbuf_enc);
+free_d:
+   mpi_free(pkey.rsa.d);
+free_e:
+   mpi_free(pkey.rsa.e);
+free_n:
+   mpi_free(pkey.rsa.n);
+free_req:
+   akcipher_request_free(req);
+   return err;
+}
+
+static int test_rsa(struct crypto_akcipher *tfm, struct akcipher_testvec *vecs,
+   unsigned int tcount)
+{
+   int ret, i;
+
+   for (i = 0; i  tcount; i++) {
+   ret = do_test_rsa(tfm, vecs++);
+   if (ret) {
+   pr_err(alg: rsa: test failed on vector %d\n, i + 1);
+   return ret;
+   }
+   }
+   return 0;
+}
+
+static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,
+struct akcipher_testvec *vecs, unsigned int tcount)
+{
+   if (strncmp(alg, rsa, 3) == 0)
+   return test_rsa(tfm, vecs, tcount);
+
+   return 0;
+}
+
+static int alg_test_akcipher(const struct alg_test_desc *desc,
+const char *driver, u32 type, u32 mask)
+{
+   struct crypto_akcipher *tfm;
+   int err = 0;
+
+   tfm =

Re: [PATCH RFC v3 3/3] crypto: add tests vectors for RSA

2015-06-03 Thread Stephan Mueller

Am Mittwoch, 3. Juni 2015, 15:44:24 schrieb Tadeusz Struk:

Hi Tadeusz,

 New test vectors for RSA algorithm.
 
 Signed-off-by: Tadeusz Struk tadeusz.st...@intel.com
 ---
  crypto/testmgr.c |  151
 ++ crypto/testmgr.h |  
 86 +++
  2 files changed, 237 insertions(+)
 
 diff --git a/crypto/testmgr.c b/crypto/testmgr.c
 index 717d6f2..54a5412 100644
 --- a/crypto/testmgr.c
 +++ b/crypto/testmgr.c
 @@ -30,6 +30,8 @@
  #include linux/string.h
  #include crypto/rng.h
  #include crypto/drbg.h
 +#include crypto/public_key.h
 +#include crypto/akcipher.h
 
  #include internal.h
 
 @@ -116,6 +118,11 @@ struct drbg_test_suite {
   unsigned int count;
  };
 
 +struct akcipher_test_suite {
 + struct akcipher_testvec *vecs;
 + unsigned int count;
 +};
 +
  struct alg_test_desc {
   const char *alg;
   int (*test)(const struct alg_test_desc *desc, const char *driver,
 @@ -130,6 +137,7 @@ struct alg_test_desc {
   struct hash_test_suite hash;
   struct cprng_test_suite cprng;
   struct drbg_test_suite drbg;
 + struct akcipher_test_suite akcipher;
   } suite;
  };
 
 @@ -1825,6 +1833,139 @@ static int alg_test_drbg(const struct alg_test_desc
 *desc, const char *driver,
 
  }
 
 +static int do_test_rsa(struct crypto_akcipher *tfm,
 +struct akcipher_testvec *vecs)
 +{
 + struct akcipher_request *req;
 + struct public_key pkey;
 + void *outbuf_enc = NULL;
 + void *outbuf_dec = NULL;
 + struct tcrypt_result result;
 + unsigned int out_len = vecs-c_size;
 + int err = -ENOMEM;
 +
 + req = akcipher_request_alloc(tfm, GFP_KERNEL);
 + if (!req)
 + return err;
 +
 + pkey.rsa.n = mpi_read_raw_data(vecs-pub_key_n, vecs-pub_key_n_size);
 + if (!pkey.rsa.n)
 + goto free_req;
 +
 + pkey.rsa.e = mpi_read_raw_data(vecs-pub_key_e, vecs-pub_key_e_size);
 + if (!pkey.rsa.e)
 + goto free_n;
 +
 + pkey.rsa.d = mpi_read_raw_data(vecs-sec_key_d, vecs-sec_key_d_size);
 + if (!pkey.rsa.d)
 + goto free_e;
 +
 + outbuf_enc = kzalloc(vecs-c_size, GFP_KERNEL);
 + if (!outbuf_enc)
 + goto free_d;
 +
 + /* Run RSA encrypt - c = m^e mod n;*/
 + init_completion(result.completion);
 + crypto_akcipher_setkey(tfm, pkey);
 + akcipher_request_set_crypt(req, vecs-m, outbuf_enc, vecs-m_size,
 +out_len, out_len);
 + akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
 +   tcrypt_complete, result);
 + err = wait_async_op(result, crypto_akcipher_encrypt(req));
 + if (err) {
 + pr_err(alg: rsa: encrypt test failed. err %d\n, err);
 + goto free_all;
 + }
 +
 + if (out_len != vecs-c_size) {
 + err = -EINVAL;
 + goto free_all;
 + }
 +

May I ask that the outbuf_enc is memcmp()ed with an expected value? This check 
is required for FIPS 140-2 compliance. Without that memcmp, FIPS 140-2 
validations will not be successful.

 + outbuf_dec = kzalloc(out_len, GFP_KERNEL);
 + if (!outbuf_dec) {
 + err = -ENOMEM;
 + goto free_all;
 + }
 +
 + init_completion(result.completion);
 + akcipher_request_set_crypt(req, outbuf_enc, outbuf_dec, vecs-c_size,
 +out_len, out_len);
 + /* Run RSA decrypt - m = c^d mod n;*/
 + err = wait_async_op(result, crypto_akcipher_decrypt(req));
 + if (err) {
 + pr_err(alg: rsa: decrypt test failed. err %d\n, err);
 + goto free_all;
 + }
 +
 + if (out_len != vecs-m_size) {
 + err = -EINVAL;
 + goto free_all;
 + }
 +
 + /* verify that decrypted message is equal to the original msg */
 + if (memcmp(vecs-m, outbuf_dec, vecs-m_size)) {
 + pr_err(alg: rsa: encrypt test failed. Invalid output\n);
 + err = -EINVAL;
 + }
 +free_all:
 + kfree(outbuf_dec);
 + kfree(outbuf_enc);
 +free_d:
 + mpi_free(pkey.rsa.d);
 +free_e:
 + mpi_free(pkey.rsa.e);
 +free_n:
 + mpi_free(pkey.rsa.n);
 +free_req:
 + akcipher_request_free(req);
 + return err;
 +}
 +
 +static int test_rsa(struct crypto_akcipher *tfm, struct akcipher_testvec
 *vecs, +  unsigned int tcount)
 +{
 + int ret, i;
 +
 + for (i = 0; i  tcount; i++) {
 + ret = do_test_rsa(tfm, vecs++);
 + if (ret) {
 + pr_err(alg: rsa: test failed on vector %d\n, i + 1);
 + return ret;
 + }
 + }
 + return 0;
 +}
 +
 +static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,
 +  struct akcipher_testvec *vecs, unsigned int tcount)
 +{
 + if (strncmp(alg, rsa, 3) == 0)
 + return test_rsa(tfm, vecs, tcount);
 +
 +

Re: [PATCH RFC v3 3/3] crypto: add tests vectors for RSA

[PATCH RFC v3 3/3] crypto: add tests vectors for RSA

Re: [PATCH RFC v3 3/3] crypto: add tests vectors for RSA

3 matches

Site Navigation

Mail list logo

Footer information