kernels: Add missing self-test vector for ecdh-nist-p384 with genkey

Included newly added algorithms in LKCM 5.0 to canister_algs in
fips_canister_wrapper.c

Change-Id: I59d5cc53cf414d56c43ac7f2f699b2df0d7075e1
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/c/photon/+/22088
Tested-by: gerrit-photon <[email protected]>
Reviewed-by: Keerthana K <[email protected]>
Reviewed-by: Vamsi Krishna Brahmajosyula <[email protected]>
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/c/photon/+/22519
Tested-by: Ajay Kaher <[email protected]>

SPECS/linux/canister_builder/crypto/fips_canister_wrapper.c

@@ -288,11 +288,6 @@ void *fcw_memcpy(void *dst, const void *src, size_t len)
 	return memcpy(dst, src, len);
 }
 
-size_t fcw_strlcpy(char *dest, const char *src, size_t size)
-{
-	return strlcpy(dest, src, size);
-}
-
 int fcw_sha1_base_do_update(struct shash_desc *desc,
 				      const u8 *data,
 				      unsigned int len,
@@ -391,9 +386,34 @@ static char *canister_algs[] = {
 	"ctr-aes-aesni",
 	"cryptd(__xts-aes-aesni)",
 	"xts-aes-aesni",
+	"cbcmac(aes-generic)",
+	"ccm_base(ctr(aes-generic),cbcmac(aes-generic))",
+	"cfb(aes-generic)",
+	"cmac(aes-generic)",
+	"sha3-224-generic",
+	"hmac(sha3-224-generic)",
+	"sha3-256-generic",
+	"hmac(sha3-256-generic)",
+	"sha3-384-generic",
+	"hmac(sha3-384-generic)",
+	"sha3-512-generic",
+	"hmac(sha3-512-generic)",
+	"pkcs1pad(rsa-generic,sha1)",
+	"pkcs1pad(rsa-generic,sha224)",
+	"pkcs1pad(rsa-generic,sha384)",
+	"ecdsa-nist-p384-generic",
+	"ecdsa-nist-p256-generic",
+	"ecdh-nist-p384-generic",
+	"ecdh-nist-p256-generic",
+	"__cts-cbc-aes-aesni",
+	"cts-cbc-aes-aesni",
+	"__generic-gcm-aesni",
+	"generic-gcm-aesni",
+	"cryptd(__generic-gcm-aesni)",
 	// no certification require
 	"crc32c-generic",
 	"crct10dif-generic",
+	"crc32c-intel",
 };
 
 int fcw_fips_not_allowed_alg(char *name)

SPECS/linux/canister_builder/crypto/fips_canister_wrapper.h

@@ -67,7 +67,6 @@ extern int fcw_sha512_base_do_update(struct shash_desc *desc,
 					const u8 *data,
 					unsigned int len,
 					sha512_block_fn *block_fn);
-extern size_t fcw_strlcpy(char *dest, const char *src, size_t size);
 extern void fcw_bug(void);
 extern void fcw_bug_on(int cond);
 extern int fcw_warn_on(int cond);

SPECS/linux/canister_builder/patches/0005-Move-__bug_table-section-to-fips_canister_wrapper.patch

@@ -4,6 +4,7 @@ Date: Wed, 17 May 2023 16:11:40 +0000
 Subject: [PATCH 5/8] Move __bug_table section to fips_canister_wrapper
 
 Signed-off-by: Keerthana K <[email protected]>
+Signed-off-by: Srish Srinivasan <[email protected]>
 ---
  arch/x86/crypto/aesni-intel_glue.c |  16 +++--
  crypto/algboss.c                   |  10 +--
@@ -1286,7 +1287,7 @@ index 783c006d0..7899ab3cd 100644
 
  	sg_init_one(&src, xbuf[0], c_size);
  	sg_init_one(&dst, outbuf_dec, out_len_max);
-@@ -5814,13 +5814,13 @@ static void alg_check_test_descs_order(void)
+@@ -5829,13 +5829,13 @@ static void alg_check_test_descs_order(void)
  		int diff = strcmp(alg_test_descs[i - 1].alg,
  				  alg_test_descs[i].alg);
 
@@ -1302,7 +1303,7 @@ index 783c006d0..7899ab3cd 100644
  			pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n",
  				alg_test_descs[i].alg);
  		}
-@@ -5832,12 +5832,12 @@ static void alg_check_testvec_configs(void)
+@@ -5847,12 +5847,12 @@ static void alg_check_testvec_configs(void)
  	int i;
 
  	for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++)
@@ -1319,7 +1320,7 @@ index 783c006d0..7899ab3cd 100644
  }
 
  static void testmgr_onetime_init(void)
-@@ -5953,7 +5953,7 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
+@@ -5968,7 +5968,7 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
  		}
  		pr_warn("alg: self-tests for %s using %s failed (rc=%d)",
  			alg, driver, rc);
@@ -1328,19 +1329,6 @@ index 783c006d0..7899ab3cd 100644
  		     "alg: self-tests for %s using %s failed (rc=%d)",
  		     alg, driver, rc);
  	} else {
-diff --git a/crypto/xts.c b/crypto/xts.c
-index f548992c2..12edd6525 100644
---- a/crypto/xts.c
-+++ b/crypto/xts.c
-@@ -399,7 +399,7 @@ static int xts_create(struct crypto_template *tmpl, struct rtattr **tb)
- 	if (!strncmp(cipher_name, "ecb(", 4)) {
- 		unsigned len;
-
--		len = strlcpy(ctx->name, cipher_name + 4, sizeof(ctx->name));
-+		len = fcw_strlcpy(ctx->name, cipher_name + 4, sizeof(ctx->name));
- 		if (len < 2 || len >= sizeof(ctx->name))
- 			goto err_free_inst;
-
 diff --git a/lib/crypto/sha256.c b/lib/crypto/sha256.c
 index 72a4b0b1d..555ba2070 100644
 --- a/lib/crypto/sha256.c

SPECS/linux/crypto/0002-FIPS-crypto-self-tests.patch

@@ -15,8 +15,8 @@ Signed-off-by: Srish Srinivasan <[email protected]>
  crypto/Makefile           |    1 +
  crypto/crypto_self_test.c |  123 ++
  crypto/testmgr.c          |   84 +-
- crypto/testmgr.h          | 2294 ++++++++++++++++++++++++++++++++++++-
- 5 files changed, 2501 insertions(+), 16 deletions(-)
+ crypto/testmgr.h          | 2346 ++++++++++++++++++++++++++++++++++++-
+ 5 files changed, 2553 insertions(+), 16 deletions(-)
  create mode 100644 crypto/crypto_self_test.c
 
 diff --git a/crypto/Kconfig b/crypto/Kconfig
@@ -1945,7 +1945,66 @@ index 2e6b280f9..b23d8f1d9 100644
  static const struct kpp_testvec dh_tv_template[] = {
  	{
  	.secret =
-@@ -7640,6 +9199,98 @@ static const struct hash_testvec aes_cmac128_tv_template[] = {
+@@ -4399,6 +5958,58 @@ static const struct kpp_testvec ecdh_p384_tv_template[] = {
+ 	.b_public_size = 96,
+ 	.expected_a_public_size = 96,
+ 	.expected_ss_size = 48
++	}, {
++	.secret =
++#ifdef __LITTLE_ENDIAN
++	"\x02\x00" /* type */
++	"\x36\x00" /* len */
++	"\x30\x00" /* key_size */
++#else
++	"\x00\x02" /* type */
++	"\x00\x36" /* len */
++	"\x00\x30" /* key_size */
++#endif
++	"\x09\x9F\x3C\x70\x34\xD4\xA2\xC6"
++	"\x99\x88\x4D\x73\xA3\x75\xA6\x7F"
++	"\x76\x24\xEF\x7C\x6B\x3C\x0F\x16"
++	"\x06\x47\xB6\x74\x14\xDC\xE6\x55"
++	"\xE3\x5B\x53\x80\x41\xE6\x49\xEE"
++	"\x3F\xAE\xF8\x96\x78\x3A\xB1\x94",
++	.b_secret =
++#ifdef __LITTLE_ENDIAN
++	"\x02\x00" /* type */
++	"\x36\x00" /* len */
++	"\x30\x00" /* key_size */
++#else
++	"\x00\x02" /* type */
++	"\x00\x36" /* len */
++	"\x00\x30" /* key_size */
++#endif
++	"\x41\xCB\x07\x79\xB4\xBD\xB8\x5D"
++	"\x47\x84\x67\x25\xFB\xEC\x3C\x94"
++	"\x30\xFA\xB4\x6C\xC8\xDC\x50\x60"
++	"\x85\x5C\xC9\xBD\xA0\xAA\x29\x42"
++	"\xE0\x30\x83\x12\x91\x6B\x8E\xD2"
++	"\x96\x0E\x4B\xD5\x5A\x74\x48\xFC",
++	.b_public =
++	"\xE5\x58\xDB\xEF\x53\xEE\xCD\xE3"
++	"\xD3\xFC\xCF\xC1\xAE\xA0\x8A\x89"
++	"\xA9\x87\x47\x5D\x12\xFD\x95\x0D"
++	"\x83\xCF\xA4\x17\x32\xBC\x50\x9D"
++	"\x0D\x1A\xC4\x3A\x03\x36\xDE\xF9"
++	"\x6F\xDA\x41\xD0\x77\x4A\x35\x71"
++	"\xDC\xFB\xEC\x7A\xAC\xF3\x19\x64"
++	"\x72\x16\x9E\x83\x84\x30\x36\x7F"
++	"\x66\xEE\xBE\x3C\x6E\x70\xC4\x16"
++	"\xDD\x5F\x0C\x68\x75\x9D\xD1\xFF"
++	"\xF8\x3F\xA4\x01\x42\x20\x9D\xFF"
++	"\x5E\xAA\xD9\x6D\xB9\xE6\x38\x6C",
++	.secret_size = 54,
++	.b_secret_size = 54,
++	.b_public_size = 96,
++	.expected_a_public_size = 96,
++	.expected_ss_size = 48,
++	.genkey = true,
+ 	}
+ };
+
+@@ -7640,6 +9251,98 @@ static const struct hash_testvec aes_cmac128_tv_template[] = {
  				  "\x69\x6a\x2c\x05\x6c\x31\x54\x10",
  		.psize		= 64,
  		.ksize		= 32,
@@ -2044,7 +2103,7 @@ index 2e6b280f9..b23d8f1d9 100644
  	}
  };
 
-@@ -22994,6 +24645,185 @@ static const struct cprng_testvec ansi_cprng_aes_tv_template[] = {
+@@ -22994,6 +24697,185 @@ static const struct cprng_testvec ansi_cprng_aes_tv_template[] = {
  	},
  };
 
@@ -2230,7 +2289,7 @@ index 2e6b280f9..b23d8f1d9 100644
  /*
   * SP800-90A DRBG Test vectors from
   * http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgtestvectors.zip
-@@ -23318,6 +25148,40 @@ static const struct drbg_testvec drbg_pr_hmac_sha256_tv_template[] = {
+@@ -23318,6 +25200,40 @@ static const struct drbg_testvec drbg_pr_hmac_sha256_tv_template[] = {
  	},
  };
 
@@ -2271,7 +2330,7 @@ index 2e6b280f9..b23d8f1d9 100644
  static const struct drbg_testvec drbg_pr_ctr_aes128_tv_template[] = {
  	{
  		.entropy = (unsigned char *)
-@@ -23434,6 +25298,283 @@ static const struct drbg_testvec drbg_pr_ctr_aes128_tv_template[] = {
+@@ -23434,6 +25350,283 @@ static const struct drbg_testvec drbg_pr_ctr_aes128_tv_template[] = {
  	},
  };
 
@@ -2555,7 +2614,7 @@ index 2e6b280f9..b23d8f1d9 100644
  /*
   * SP800-90A DRBG Test vectors from
   * http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgtestvectors.zip
-@@ -23564,6 +25705,70 @@ static const struct drbg_testvec drbg_nopr_sha256_tv_template[] = {
+@@ -23564,6 +25757,70 @@ static const struct drbg_testvec drbg_nopr_sha256_tv_template[] = {
  	},
  };
 
@@ -2626,7 +2685,7 @@ index 2e6b280f9..b23d8f1d9 100644
  static const struct drbg_testvec drbg_nopr_hmac_sha256_tv_template[] = {
  	{
  		.entropy = (unsigned char *)
-@@ -34639,7 +36844,94 @@ static const struct cipher_testvec cts_mode_tv_template[] = {
+@@ -34639,7 +36896,94 @@ static const struct cipher_testvec cts_mode_tv_template[] = {
  			  "\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
  			  "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0"
  			  "\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8",

SPECS/linux/linux-esx.spec

@@ -23,7 +23,7 @@
 Summary:        Kernel
 Name:           linux-esx
 Version:        6.1.56
-Release:        2%{?kat_build:.kat}%{?dist}
+Release:        3%{?kat_build:.kat}%{?dist}
 License:        GPLv2
 URL:            http://www.kernel.org
 Group:          System Environment/Kernel
@@ -529,6 +529,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
 %{_usrsrc}/linux-headers-%{uname_r}
 
 %changelog
+* Wed Nov 29 2023 Srish Srinivasan <[email protected]> 6.1.56-3
+- Add missing self-test vector for ecdh-nist-p384 with genkey
 * Wed Nov 29 2023 Srinidhi Rao <[email protected]> 6.1.56-2
 - Jitterentropy wrapper changes.
 * Wed Nov 29 2023 Vamsi Krishna Brahmajosyula <[email protected]> 6.1.56-1

SPECS/linux/linux-rt.spec

@@ -16,7 +16,7 @@
 Summary:        Kernel
 Name:           linux-rt
 Version:        6.1.56
-Release:        2%{?kat_build:.kat}%{?dist}
+Release:        3%{?kat_build:.kat}%{?dist}
 License:        GPLv2
 URL:            http://www.kernel.org
 Group:          System Environment/Kernel
@@ -560,6 +560,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
 %{_usrsrc}/linux-headers-%{uname_r}
 
 %changelog
+* Wed Nov 29 2023 Srish Srinivasan <[email protected]> 6.1.56-3
+- Add missing self-test vector for ecdh-nist-p384 with genkey
 * Wed Nov 29 2023 Srinidhi Rao <[email protected]> 6.1.56-2
 - Jitterentropy wrapper changes.
 * Wed Nov 29 2023 Vamsi Krishna Brahmajosyula <[email protected]> 6.1.56-1

SPECS/linux/linux-secure.spec

@@ -16,7 +16,7 @@
 Summary:        Kernel
 Name:           linux-secure
 Version:        6.1.56
-Release:        2%{?kat_build:.kat}%{?dist}
+Release:        3%{?kat_build:.kat}%{?dist}
 License:        GPLv2
 URL:            http://www.kernel.org
 Group:          System Environment/Kernel
@@ -459,6 +459,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
 %endif
 
 %changelog
+* Wed Nov 29 2023 Srish Srinivasan <[email protected]> 6.1.56-3
+- Add missing self-test vector for ecdh-nist-p384 with genkey
 * Wed Nov 29 2023 Srinidhi Rao <[email protected]> 6.1.56-2
 - Jitterentropy wrapper changes.
 * Wed Nov 29 2023 Vamsi Krishna Brahmajosyula <[email protected]> 6.1.56-1

SPECS/linux/linux.spec

@@ -23,7 +23,7 @@
 Summary:        Kernel
 Name:           linux
 Version:        6.1.56
-Release:        2%{?kat_build:.kat}%{?dist}
+Release:        3%{?kat_build:.kat}%{?dist}
 License:        GPLv2
 URL:            http://www.kernel.org/
 Group:          System Environment/Kernel
@@ -746,6 +746,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
 %{_datadir}/bash-completion/completions/bpftool
 
 %changelog
+* Wed Nov 29 2023 Srish Srinivasan <[email protected]> 6.1.56-3
+- Add missing self-test vector for ecdh-nist-p384 with genkey
 * Wed Nov 29 2023 Srinidhi Rao <[email protected]> 6.1.56-2
 - Jitterentropy wrapper changes.
 * Wed Nov 29 2023 Vamsi Krishna Brahmajosyula <[email protected]> 6.1.56-1