GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/1.0/patches/2197963/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2197963,
    "url": "http://patchwork.ozlabs.org/api/1.0/patches/2197963/?format=api",
    "project": {
        "id": 12,
        "url": "http://patchwork.ozlabs.org/api/1.0/projects/12/?format=api",
        "name": "Linux CIFS Client",
        "link_name": "linux-cifs-client",
        "list_id": "linux-cifs.vger.kernel.org",
        "list_email": "linux-cifs@vger.kernel.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": ""
    },
    "msgid": "<20260218213501.136844-8-ebiggers@kernel.org>",
    "date": "2026-02-18T21:34:53",
    "name": "[07/15] lib/crypto: aes: Add FIPS self-test for CMAC",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "f68bacf9b4469122d6e5d40816d0478f7d81862b",
    "submitter": {
        "id": 74690,
        "url": "http://patchwork.ozlabs.org/api/1.0/people/74690/?format=api",
        "name": "Eric Biggers",
        "email": "ebiggers@kernel.org"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260218213501.136844-8-ebiggers@kernel.org/mbox/",
    "series": [
        {
            "id": 492621,
            "url": "http://patchwork.ozlabs.org/api/1.0/series/492621/?format=api",
            "date": "2026-02-18T21:34:46",
            "name": "AES-CMAC library",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/492621/mbox/"
        }
    ],
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2197963/checks/",
    "tags": {},
    "headers": {
        "Return-Path": "\n <linux-cifs+bounces-9448-incoming=patchwork.ozlabs.org@vger.kernel.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "linux-cifs@vger.kernel.org"
        ],
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=bS8mXGBZ;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-cifs+bounces-9448-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)",
            "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"bS8mXGBZ\"",
            "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201"
        ],
        "Received": [
            "from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fGVKp3dyGz1xvg\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 19 Feb 2026 08:40:14 +1100 (AEDT)",
            "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 43C7730804EA\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 18 Feb 2026 21:37:09 +0000 (UTC)",
            "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 663CC336ECE;\n\tWed, 18 Feb 2026 21:36:54 +0000 (UTC)",
            "from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 40F962F39B4;\n\tWed, 18 Feb 2026 21:36:54 +0000 (UTC)",
            "by smtp.kernel.org (Postfix) with ESMTPSA id 9BBBCC2BC86;\n\tWed, 18 Feb 2026 21:36:53 +0000 (UTC)"
        ],
        "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1771450614; cv=none;\n b=Ia7eueX7L3bPG5hAROmCo+U8afODD7VpsDbknsoKQ2xFCN4UkgQ4vd2gN4DKdvclY8k4zmbrmQ1Zrp0D1MdfxSMc5V26Fh4/RzXh2AHFSXznXi+AX10CKPGh9uv3mPsmAxOsDsoWMNDGloeZ/sJvMMCL6UuKVfOSyqgOF+eQc1w=",
        "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1771450614; c=relaxed/simple;\n\tbh=rAp5p3HDmh8Bp7UNW6r+uRPuPyK59EaigYeIc+rCLB8=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=SDOPEFR+XQFxggpvgpq5VrLMaGurMfcdUk484/UkSDqU6ZhT6vZJ7jmHUGSqbMBxcVj/zUpWM9iARuZ84dI8/2LxqLRmdqUwx2TnxbMZPYR5asSM0W7/z56hDRo0Z4PAx6Q0tMR/SseBmgspBjs2ytZDyYlsI/3AoEa/herL9p8=",
        "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=bS8mXGBZ; arc=none smtp.client-ip=10.30.226.201",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1771450614;\n\tbh=rAp5p3HDmh8Bp7UNW6r+uRPuPyK59EaigYeIc+rCLB8=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n\tb=bS8mXGBZIZm7D0xIRb2dfANtTBm2nMQJn6ZJn7qSQafN8cLWnn0Tj4h0VgxNQmDFf\n\t 2zlPR/kUlg3EUQfA87QF3iw4xHUotS7vyUwK4Jzwua2Rzc/Stfkx6codz/EwHcw338\n\t xoq5em8nIQnw9Nw0mHlnIE+SUx4U5hbuGRJxM7+k/tLlnsTVuBGBtE74MfMJqGqeTb\n\t 4d6ch0xmQPfPHj6odH2o+0FK/dZs4Yb75iBZOL2Q8WfXY++UMA/7GVcKP9XhWJG7zN\n\t SauD09ZbBVfcBZCmwC8nyVrjJQ0MegCrEzksJtgY0Fz8tXfPq9BLYaLStNBWJVwLBl\n\t RhYga15fgJqXA==",
        "From": "Eric Biggers <ebiggers@kernel.org>",
        "To": "linux-crypto@vger.kernel.org",
        "Cc": "linux-kernel@vger.kernel.org,\n\tArd Biesheuvel <ardb@kernel.org>,\n\t\"Jason A . Donenfeld\" <Jason@zx2c4.com>,\n\tHerbert Xu <herbert@gondor.apana.org.au>,\n\tlinux-arm-kernel@lists.infradead.org,\n\tlinux-cifs@vger.kernel.org,\n\tlinux-wireless@vger.kernel.org,\n\tEric Biggers <ebiggers@kernel.org>",
        "Subject": "[PATCH 07/15] lib/crypto: aes: Add FIPS self-test for CMAC",
        "Date": "Wed, 18 Feb 2026 13:34:53 -0800",
        "Message-ID": "<20260218213501.136844-8-ebiggers@kernel.org>",
        "X-Mailer": "git-send-email 2.53.0",
        "In-Reply-To": "<20260218213501.136844-1-ebiggers@kernel.org>",
        "References": "<20260218213501.136844-1-ebiggers@kernel.org>",
        "Precedence": "bulk",
        "X-Mailing-List": "linux-cifs@vger.kernel.org",
        "List-Id": "<linux-cifs.vger.kernel.org>",
        "List-Subscribe": "<mailto:linux-cifs+subscribe@vger.kernel.org>",
        "List-Unsubscribe": "<mailto:linux-cifs+unsubscribe@vger.kernel.org>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit"
    },
    "content": "Add a FIPS cryptographic algorithm self-test for AES-CMAC to fulfill the\nself-test requirement when this code is built into a FIPS 140\ncryptographic module.  This provides parity with the traditional crypto\nAPI, which uses crypto/testmgr.c to meet the FIPS self-test requirement.\n\nSigned-off-by: Eric Biggers <ebiggers@kernel.org>\n---\n lib/crypto/aes.c                    | 35 ++++++++++++++++++++++++++---\n lib/crypto/fips.h                   |  5 +++++\n scripts/crypto/gen-fips-testvecs.py | 10 +++++++++\n 3 files changed, 47 insertions(+), 3 deletions(-)",
    "diff": "diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c\nindex 39deae6105c0..ca733f15b2a8 100644\n--- a/lib/crypto/aes.c\n+++ b/lib/crypto/aes.c\n@@ -10,10 +10,11 @@\n #include <linux/cache.h>\n #include <linux/crypto.h>\n #include <linux/export.h>\n #include <linux/module.h>\n #include <linux/unaligned.h>\n+#include \"fips.h\"\n \n static const u8 ____cacheline_aligned aes_sbox[] = {\n \t0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,\n \t0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,\n \t0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,\n@@ -706,25 +707,53 @@ void aes_cbcmac_final(struct aes_cbcmac_ctx *ctx, u8 out[AES_BLOCK_SIZE])\n \telse\n \t\tmemcpy(out, ctx->h, AES_BLOCK_SIZE);\n \tmemzero_explicit(ctx, sizeof(*ctx));\n }\n EXPORT_SYMBOL_NS_GPL(aes_cbcmac_final, \"CRYPTO_INTERNAL\");\n-#endif /* CONFIG_CRYPTO_LIB_AES_CBC_MACS */\n \n-#ifdef aes_mod_init_arch\n+/*\n+ * FIPS cryptographic algorithm self-test for AES-CMAC.  As per the FIPS 140-3\n+ * Implementation Guidance, a cryptographic algorithm self-test for at least one\n+ * of AES-GCM, AES-CCM, AES-CMAC, or AES-GMAC is required if any of those modes\n+ * is implemented.  This fulfills that requirement via AES-CMAC.\n+ *\n+ * This is just for FIPS.  The full tests are in the KUnit test suite.\n+ */\n+static void __init aes_cmac_fips_test(void)\n+{\n+\tstruct aes_cmac_key key;\n+\tu8 mac[AES_BLOCK_SIZE];\n+\n+\tif (aes_cmac_preparekey(&key, fips_test_key, sizeof(fips_test_key)) !=\n+\t    0)\n+\t\tpanic(\"aes: CMAC FIPS self-test failed (preparekey)\\n\");\n+\taes_cmac(&key, fips_test_data, sizeof(fips_test_data), mac);\n+\tif (memcmp(fips_test_aes_cmac_value, mac, sizeof(mac)) != 0)\n+\t\tpanic(\"aes: CMAC FIPS self-test failed (wrong MAC)\\n\");\n+\tmemzero_explicit(&key, sizeof(key));\n+}\n+#else /* CONFIG_CRYPTO_LIB_AES_CBC_MACS */\n+static inline void aes_cmac_fips_test(void)\n+{\n+}\n+#endif /* !CONFIG_CRYPTO_LIB_AES_CBC_MACS */\n+\n static int __init aes_mod_init(void)\n {\n+#ifdef aes_mod_init_arch\n \taes_mod_init_arch();\n+#endif\n+\tif (fips_enabled)\n+\t\taes_cmac_fips_test();\n \treturn 0;\n }\n subsys_initcall(aes_mod_init);\n \n static void __exit aes_mod_exit(void)\n {\n }\n module_exit(aes_mod_exit);\n-#endif\n \n MODULE_DESCRIPTION(\"AES block cipher\");\n MODULE_AUTHOR(\"Ard Biesheuvel <ard.biesheuvel@linaro.org>\");\n MODULE_AUTHOR(\"Eric Biggers <ebiggers@kernel.org>\");\n MODULE_LICENSE(\"GPL v2\");\ndiff --git a/lib/crypto/fips.h b/lib/crypto/fips.h\nindex 023410c2e0db..9fc49747db64 100644\n--- a/lib/crypto/fips.h\n+++ b/lib/crypto/fips.h\n@@ -41,5 +41,10 @@ static const u8 fips_test_sha3_256_value[] __initconst __maybe_unused = {\n \t0x77, 0xc4, 0x8b, 0x69, 0x70, 0x5f, 0x0a, 0xb1,\n \t0xb1, 0xa5, 0x82, 0x0a, 0x22, 0x2b, 0x49, 0x31,\n \t0xba, 0x9b, 0xb6, 0xaa, 0x32, 0xa7, 0x97, 0x00,\n \t0x98, 0xdb, 0xff, 0xe7, 0xc6, 0xde, 0xb5, 0x82,\n };\n+\n+static const u8 fips_test_aes_cmac_value[] __initconst __maybe_unused = {\n+\t0xc5, 0x88, 0x28, 0x55, 0xd7, 0x2c, 0x00, 0xb6,\n+\t0x6a, 0xa7, 0xfc, 0x82, 0x90, 0x81, 0xcf, 0x18,\n+};\ndiff --git a/scripts/crypto/gen-fips-testvecs.py b/scripts/crypto/gen-fips-testvecs.py\nindex db873f88619a..9f18bcb97412 100755\n--- a/scripts/crypto/gen-fips-testvecs.py\n+++ b/scripts/crypto/gen-fips-testvecs.py\n@@ -1,12 +1,16 @@\n #!/usr/bin/env python3\n # SPDX-License-Identifier: GPL-2.0-or-later\n #\n # Script that generates lib/crypto/fips.h\n #\n+# Requires that python-cryptography be installed.\n+#\n # Copyright 2025 Google LLC\n \n+import cryptography.hazmat.primitives.ciphers\n+import cryptography.hazmat.primitives.cmac\n import hashlib\n import hmac\n \n fips_test_data = b\"fips test data\\0\\0\"\n fips_test_key = b\"fips test key\\0\\0\\0\"\n@@ -32,5 +36,11 @@ for alg in 'sha1', 'sha256', 'sha512':\n     ctx.update(fips_test_data)\n     print_static_u8_array_definition(f'fips_test_hmac_{alg}_value', ctx.digest())\n \n print_static_u8_array_definition(f'fips_test_sha3_256_value',\n                                  hashlib.sha3_256(fips_test_data).digest())\n+\n+aes = cryptography.hazmat.primitives.ciphers.algorithms.AES(fips_test_key)\n+aes_cmac = cryptography.hazmat.primitives.cmac.CMAC(aes)\n+aes_cmac.update(fips_test_data)\n+print_static_u8_array_definition('fips_test_aes_cmac_value',\n+                                 aes_cmac.finalize())\n",
    "prefixes": [
        "07/15"
    ]
}