{"id":2197963,"url":"http://patchwork.ozlabs.org/api/1.0/patches/2197963/?format=json","project":{"id":12,"url":"http://patchwork.ozlabs.org/api/1.0/projects/12/?format=json","name":"Linux CIFS Client","link_name":"linux-cifs-client","list_id":"linux-cifs.vger.kernel.org","list_email":"linux-cifs@vger.kernel.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260218213501.136844-8-ebiggers@kernel.org>","date":"2026-02-18T21:34:53","name":"[07/15] lib/crypto: aes: Add FIPS self-test for CMAC","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"f68bacf9b4469122d6e5d40816d0478f7d81862b","submitter":{"id":74690,"url":"http://patchwork.ozlabs.org/api/1.0/people/74690/?format=json","name":"Eric Biggers","email":"ebiggers@kernel.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linux-cifs-client/patch/20260218213501.136844-8-ebiggers@kernel.org/mbox/","series":[{"id":492621,"url":"http://patchwork.ozlabs.org/api/1.0/series/492621/?format=json","date":"2026-02-18T21:34:46","name":"AES-CMAC library","version":1,"mbox":"http://patchwork.ozlabs.org/series/492621/mbox/"}],"check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2197963/checks/","tags":{},"headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","linux-cifs@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=bS8mXGBZ;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-cifs+bounces-9448-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"bS8mXGBZ\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fGVKp3dyGz1xvg\n\tfor ; Thu, 19 Feb 2026 08:40:14 +1100 (AEDT)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 43C7730804EA\n\tfor ; Wed, 18 Feb 2026 21:37:09 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 663CC336ECE;\n\tWed, 18 Feb 2026 21:36:54 +0000 (UTC)","from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 40F962F39B4;\n\tWed, 18 Feb 2026 21:36:54 +0000 (UTC)","by smtp.kernel.org (Postfix) with ESMTPSA id 9BBBCC2BC86;\n\tWed, 18 Feb 2026 21:36:53 +0000 (UTC)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1771450614; cv=none;\n b=Ia7eueX7L3bPG5hAROmCo+U8afODD7VpsDbknsoKQ2xFCN4UkgQ4vd2gN4DKdvclY8k4zmbrmQ1Zrp0D1MdfxSMc5V26Fh4/RzXh2AHFSXznXi+AX10CKPGh9uv3mPsmAxOsDsoWMNDGloeZ/sJvMMCL6UuKVfOSyqgOF+eQc1w=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1771450614; c=relaxed/simple;\n\tbh=rAp5p3HDmh8Bp7UNW6r+uRPuPyK59EaigYeIc+rCLB8=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=SDOPEFR+XQFxggpvgpq5VrLMaGurMfcdUk484/UkSDqU6ZhT6vZJ7jmHUGSqbMBxcVj/zUpWM9iARuZ84dI8/2LxqLRmdqUwx2TnxbMZPYR5asSM0W7/z56hDRo0Z4PAx6Q0tMR/SseBmgspBjs2ytZDyYlsI/3AoEa/herL9p8=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=bS8mXGBZ; arc=none smtp.client-ip=10.30.226.201","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1771450614;\n\tbh=rAp5p3HDmh8Bp7UNW6r+uRPuPyK59EaigYeIc+rCLB8=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n\tb=bS8mXGBZIZm7D0xIRb2dfANtTBm2nMQJn6ZJn7qSQafN8cLWnn0Tj4h0VgxNQmDFf\n\t 2zlPR/kUlg3EUQfA87QF3iw4xHUotS7vyUwK4Jzwua2Rzc/Stfkx6codz/EwHcw338\n\t xoq5em8nIQnw9Nw0mHlnIE+SUx4U5hbuGRJxM7+k/tLlnsTVuBGBtE74MfMJqGqeTb\n\t 4d6ch0xmQPfPHj6odH2o+0FK/dZs4Yb75iBZOL2Q8WfXY++UMA/7GVcKP9XhWJG7zN\n\t SauD09ZbBVfcBZCmwC8nyVrjJQ0MegCrEzksJtgY0Fz8tXfPq9BLYaLStNBWJVwLBl\n\t RhYga15fgJqXA==","From":"Eric Biggers ","To":"linux-crypto@vger.kernel.org","Cc":"linux-kernel@vger.kernel.org,\n\tArd Biesheuvel ,\n\t\"Jason A . Donenfeld\" ,\n\tHerbert Xu ,\n\tlinux-arm-kernel@lists.infradead.org,\n\tlinux-cifs@vger.kernel.org,\n\tlinux-wireless@vger.kernel.org,\n\tEric Biggers ","Subject":"[PATCH 07/15] lib/crypto: aes: Add FIPS self-test for CMAC","Date":"Wed, 18 Feb 2026 13:34:53 -0800","Message-ID":"<20260218213501.136844-8-ebiggers@kernel.org>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260218213501.136844-1-ebiggers@kernel.org>","References":"<20260218213501.136844-1-ebiggers@kernel.org>","Precedence":"bulk","X-Mailing-List":"linux-cifs@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit"},"content":"Add a FIPS cryptographic algorithm self-test for AES-CMAC to fulfill the\nself-test requirement when this code is built into a FIPS 140\ncryptographic module. This provides parity with the traditional crypto\nAPI, which uses crypto/testmgr.c to meet the FIPS self-test requirement.\n\nSigned-off-by: Eric Biggers \n---\n lib/crypto/aes.c | 35 ++++++++++++++++++++++++++---\n lib/crypto/fips.h | 5 +++++\n scripts/crypto/gen-fips-testvecs.py | 10 +++++++++\n 3 files changed, 47 insertions(+), 3 deletions(-)","diff":"diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c\nindex 39deae6105c0..ca733f15b2a8 100644\n--- a/lib/crypto/aes.c\n+++ b/lib/crypto/aes.c\n@@ -10,10 +10,11 @@\n #include \n #include \n #include \n #include \n #include \n+#include \"fips.h\"\n \n static const u8 ____cacheline_aligned aes_sbox[] = {\n \t0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,\n \t0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,\n \t0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,\n@@ -706,25 +707,53 @@ void aes_cbcmac_final(struct aes_cbcmac_ctx *ctx, u8 out[AES_BLOCK_SIZE])\n \telse\n \t\tmemcpy(out, ctx->h, AES_BLOCK_SIZE);\n \tmemzero_explicit(ctx, sizeof(*ctx));\n }\n EXPORT_SYMBOL_NS_GPL(aes_cbcmac_final, \"CRYPTO_INTERNAL\");\n-#endif /* CONFIG_CRYPTO_LIB_AES_CBC_MACS */\n \n-#ifdef aes_mod_init_arch\n+/*\n+ * FIPS cryptographic algorithm self-test for AES-CMAC. As per the FIPS 140-3\n+ * Implementation Guidance, a cryptographic algorithm self-test for at least one\n+ * of AES-GCM, AES-CCM, AES-CMAC, or AES-GMAC is required if any of those modes\n+ * is implemented. This fulfills that requirement via AES-CMAC.\n+ *\n+ * This is just for FIPS. The full tests are in the KUnit test suite.\n+ */\n+static void __init aes_cmac_fips_test(void)\n+{\n+\tstruct aes_cmac_key key;\n+\tu8 mac[AES_BLOCK_SIZE];\n+\n+\tif (aes_cmac_preparekey(&key, fips_test_key, sizeof(fips_test_key)) !=\n+\t 0)\n+\t\tpanic(\"aes: CMAC FIPS self-test failed (preparekey)\\n\");\n+\taes_cmac(&key, fips_test_data, sizeof(fips_test_data), mac);\n+\tif (memcmp(fips_test_aes_cmac_value, mac, sizeof(mac)) != 0)\n+\t\tpanic(\"aes: CMAC FIPS self-test failed (wrong MAC)\\n\");\n+\tmemzero_explicit(&key, sizeof(key));\n+}\n+#else /* CONFIG_CRYPTO_LIB_AES_CBC_MACS */\n+static inline void aes_cmac_fips_test(void)\n+{\n+}\n+#endif /* !CONFIG_CRYPTO_LIB_AES_CBC_MACS */\n+\n static int __init aes_mod_init(void)\n {\n+#ifdef aes_mod_init_arch\n \taes_mod_init_arch();\n+#endif\n+\tif (fips_enabled)\n+\t\taes_cmac_fips_test();\n \treturn 0;\n }\n subsys_initcall(aes_mod_init);\n \n static void __exit aes_mod_exit(void)\n {\n }\n module_exit(aes_mod_exit);\n-#endif\n \n MODULE_DESCRIPTION(\"AES block cipher\");\n MODULE_AUTHOR(\"Ard Biesheuvel \");\n MODULE_AUTHOR(\"Eric Biggers \");\n MODULE_LICENSE(\"GPL v2\");\ndiff --git a/lib/crypto/fips.h b/lib/crypto/fips.h\nindex 023410c2e0db..9fc49747db64 100644\n--- a/lib/crypto/fips.h\n+++ b/lib/crypto/fips.h\n@@ -41,5 +41,10 @@ static const u8 fips_test_sha3_256_value[] __initconst __maybe_unused = {\n \t0x77, 0xc4, 0x8b, 0x69, 0x70, 0x5f, 0x0a, 0xb1,\n \t0xb1, 0xa5, 0x82, 0x0a, 0x22, 0x2b, 0x49, 0x31,\n \t0xba, 0x9b, 0xb6, 0xaa, 0x32, 0xa7, 0x97, 0x00,\n \t0x98, 0xdb, 0xff, 0xe7, 0xc6, 0xde, 0xb5, 0x82,\n };\n+\n+static const u8 fips_test_aes_cmac_value[] __initconst __maybe_unused = {\n+\t0xc5, 0x88, 0x28, 0x55, 0xd7, 0x2c, 0x00, 0xb6,\n+\t0x6a, 0xa7, 0xfc, 0x82, 0x90, 0x81, 0xcf, 0x18,\n+};\ndiff --git a/scripts/crypto/gen-fips-testvecs.py b/scripts/crypto/gen-fips-testvecs.py\nindex db873f88619a..9f18bcb97412 100755\n--- a/scripts/crypto/gen-fips-testvecs.py\n+++ b/scripts/crypto/gen-fips-testvecs.py\n@@ -1,12 +1,16 @@\n #!/usr/bin/env python3\n # SPDX-License-Identifier: GPL-2.0-or-later\n #\n # Script that generates lib/crypto/fips.h\n #\n+# Requires that python-cryptography be installed.\n+#\n # Copyright 2025 Google LLC\n \n+import cryptography.hazmat.primitives.ciphers\n+import cryptography.hazmat.primitives.cmac\n import hashlib\n import hmac\n \n fips_test_data = b\"fips test data\\0\\0\"\n fips_test_key = b\"fips test key\\0\\0\\0\"\n@@ -32,5 +36,11 @@ for alg in 'sha1', 'sha256', 'sha512':\n ctx.update(fips_test_data)\n print_static_u8_array_definition(f'fips_test_hmac_{alg}_value', ctx.digest())\n \n print_static_u8_array_definition(f'fips_test_sha3_256_value',\n hashlib.sha3_256(fips_test_data).digest())\n+\n+aes = cryptography.hazmat.primitives.ciphers.algorithms.AES(fips_test_key)\n+aes_cmac = cryptography.hazmat.primitives.cmac.CMAC(aes)\n+aes_cmac.update(fips_test_data)\n+print_static_u8_array_definition('fips_test_aes_cmac_value',\n+ aes_cmac.finalize())\n","prefixes":["07/15"]}