Add infrastructure to tcrypt to support handling ccm decryption test
vectors that are expected to fail verification.
Signed-off-by: Jarod Wilson
---
crypto/testmgr.c | 32
crypto/testmgr.h |1 +
2 files changed, 33 insertions(+), 0 deletions(-)
diff --git
Add an array of encryption and decryption + verification self-tests
for rfc4309(ccm(aes)).
Test vectors all come from sample FIPS CAVS files provided to
Red Hat by a testing lab. Unfortunately, all the published sample
vectors in RFC 3610 and NIST Special Publication 800-38C contain nonce
lengths
Currenty, if either input or associated data are null in an aead
test vector, we'll have random contents of the input and assoc
arrays. Similar to the iv, play it safe and zero out the contents.
Signed-off-by: Jarod Wilson
---
crypto/testmgr.c | 14 --
1 files changed, 12 insertio
This patch series adds necessary fix-ups and infrastructure additions to
testmgr/tcrypt to support the inclusion of rfc4309(ccm(aes)) self-tests,
and finally, the rfc4309 test vectors themselves.
[PATCH 1/3] crypto: properly handle null input and assoc data aead test vectors
[PATCH 2/3] crypto: ha
On Wed, Apr 15, 2009 at 02:19:02PM +0200, Steffen Klassert wrote:
>
> crypto: eseqiv - fix IV generation for sync algorithms
Applied to crypt-2.6. Thanks a lot!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~}
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: h
On Wednesday 15 April 2009 07:20:53 Herbert Xu wrote:
> On Mon, Apr 13, 2009 at 07:11:00PM -0400, Jarod Wilson wrote:
> >
> > + case -EBADMSG:
> > + if (template[i].novrfy)
> > + /* verification failure was expected */
>
On Wed, Apr 15, 2009 at 07:15:49PM +0800, Herbert Xu wrote:
>
> Well caught! Clearly no one has ever tried this before :)
>
I thought so :)
>
> So how about doing what seqiv does and check
>
> if (giv != req->giv)
>
Yes, that's probaply the better check.
An updated patch is below.
c
On Mon, Apr 13, 2009 at 07:11:00PM -0400, Jarod Wilson wrote:
>
> + case -EBADMSG:
> + if (template[i].novrfy)
> + /* verification failure was expected */
> + goto next_aead_vecto
On Tue, Apr 14, 2009 at 03:23:51PM +0200, Steffen Klassert wrote:
> If crypto_ablkcipher_encrypt() returns synchronous,
> eseqiv_complete2() is called even if req->giv is already the
> pointer to the generated IV. The generated IV is overwritten
> with some random data in this case. This patch fixe
