Make fips140.ko run a suite of known answer self-tests at load time to
demonstrate the correct operation of cryptographic functionality, as
required by FIPS 140-2/3 and NIAP FPT_TST_EXT.1.1.
Bug: 153614920
Bug: 173104584
Bug: 188620248
Test: Built and loaded fips140.ko on a HiKey960, and on a Pixel device.
Change-Id: I38e5c8052ff57ddfe44624beb626d38b7706b0a4
Co-developed-by: Elena Petrova <lenaptr@google.com>
Signed-off-by: Elena Petrova <lenaptr@google.com>
[ebiggers: Rewrote most of lenaptr@'s original patch. Added some
missing tests, removed some unnecessary tests in accordance with the
FIPS 140-2 IG, changed most test vectors and added a script to generate
them, removed an unnecessary kconfig option, changed implementation of
error injection, and many other improvements.]
Signed-off-by: Eric Biggers <ebiggers@google.com>
[ardb: add generation of AES-CTR test vector and the associated runtime
selftest]
Signed-off-by: Ard Biesheuvel <ardb@google.com>
Eric Biggers
b7397e89db