[][openwrt][common][Add libkcapi to test fips140-3]
[Description]
Add libkcapi to pass fips140-3.
Libkcapi allow user-space to access the Linux kernel crypto API.
In this package, we add two command, `kcapi-drbg` and `kcapi-mtk-digst`
The `kcapi-drbg` is to test drbg in linux kernel cryto.
Usage:
-b --bytes <BYTES> Number of bytes to generate
(required option)
-r --rng name <RNGNAME> DRNG name as advertised in
/proc/crypto(require option))
-e --entropy <RNGNAME> DRBG entropy(require option))
-n --nonce <RNGNAME> DRBG nonce(require option))
-p --personalization string <RNGNAME> DRBG personaliztion
string(require option))
--hex The random number is returned
in hexadecimal notation
-h --help This help information
For example:
kcapi-drbg -e entropy -n nonce -p personalization string \
--hex -b 80 -r drbg_nopr_hmac_sha1
The `kcapi-mtk-digest` is to test hmac and sha in linux kernel crypto.
Usage:
-k Key (hmac required option)
-n Digest name such as sha1, sha224, sha256 sha512
hmac-sha1 hmac-sha224 hmac-sha256
hmac-sha384 hmac-sha512
-e empty input
-m message(require option))
-l output len(require option))
notation
-h --help This help information
Worth a question, it only use key in hmac.
For example:
kcapi-mtk-dgst -n sha512 -m data -l 10
kcapi-mtk-dgst -k key -n hmac-sha512 -m data -l 10
[Release-log]
Change-Id: I8a7061873a4cd52cbc02c0f2e2c6b188c7de456f
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/8248293
4 files changed