2 * Algorithm testing framework and tests.
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
6 * Copyright (c) 2007 Nokia Siemens Networks
7 * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
9 * Updated RFC4106 AES-GCM testing.
10 * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com)
11 * Adrian Hoban <adrian.hoban@intel.com>
12 * Gabriele Paoloni <gabriele.paoloni@intel.com>
13 * Tadeusz Struk (tadeusz.struk@intel.com)
14 * Copyright (c) 2010, Intel Corporation.
16 * This program is free software; you can redistribute it and/or modify it
17 * under the terms of the GNU General Public License as published by the Free
18 * Software Foundation; either version 2 of the License, or (at your option)
23 #include <crypto/aead.h>
24 #include <crypto/hash.h>
25 #include <crypto/skcipher.h>
26 #include <linux/err.h>
27 #include <linux/fips.h>
28 #include <linux/module.h>
29 #include <linux/scatterlist.h>
30 #include <linux/slab.h>
31 #include <linux/string.h>
32 #include <crypto/rng.h>
33 #include <crypto/drbg.h>
34 #include <crypto/akcipher.h>
35 #include <crypto/kpp.h>
36 #include <crypto/acompress.h>
41 module_param(notests, bool, 0644);
42 MODULE_PARM_DESC(notests, "disable crypto self-tests");
44 #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
47 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
57 * Need slab memory for testing (size in number of pages).
62 * Indexes into the xbuf to simulate cross-page access.
74 * Used by test_cipher()
79 struct aead_test_suite {
81 const struct aead_testvec *vecs;
86 struct cipher_test_suite {
87 const struct cipher_testvec *vecs;
91 struct comp_test_suite {
93 const struct comp_testvec *vecs;
98 struct hash_test_suite {
99 const struct hash_testvec *vecs;
103 struct cprng_test_suite {
104 const struct cprng_testvec *vecs;
108 struct drbg_test_suite {
109 const struct drbg_testvec *vecs;
113 struct akcipher_test_suite {
114 const struct akcipher_testvec *vecs;
118 struct kpp_test_suite {
119 const struct kpp_testvec *vecs;
123 struct alg_test_desc {
125 int (*test)(const struct alg_test_desc *desc, const char *driver,
127 int fips_allowed; /* set if alg is allowed in fips mode */
130 struct aead_test_suite aead;
131 struct cipher_test_suite cipher;
132 struct comp_test_suite comp;
133 struct hash_test_suite hash;
134 struct cprng_test_suite cprng;
135 struct drbg_test_suite drbg;
136 struct akcipher_test_suite akcipher;
137 struct kpp_test_suite kpp;
141 static const unsigned int IDX[8] = {
142 IDX1, IDX2, IDX3, IDX4, IDX5, IDX6, IDX7, IDX8 };
144 static void hexdump(unsigned char *buf, unsigned int len)
146 print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
151 static int testmgr_alloc_buf(char *buf[XBUFSIZE])
155 for (i = 0; i < XBUFSIZE; i++) {
156 buf[i] = (void *)__get_free_page(GFP_KERNEL);
165 free_page((unsigned long)buf[i]);
170 static void testmgr_free_buf(char *buf[XBUFSIZE])
174 for (i = 0; i < XBUFSIZE; i++)
175 free_page((unsigned long)buf[i]);
178 static int ahash_guard_result(char *result, char c, int size)
182 for (i = 0; i < size; i++) {
190 static int ahash_partial_update(struct ahash_request **preq,
191 struct crypto_ahash *tfm, const struct hash_testvec *template,
192 void *hash_buff, int k, int temp, struct scatterlist *sg,
193 const char *algo, char *result, struct crypto_wait *wait)
196 struct ahash_request *req;
197 int statesize, ret = -EINVAL;
198 static const unsigned char guard[] = { 0x00, 0xba, 0xad, 0x00 };
199 int digestsize = crypto_ahash_digestsize(tfm);
202 statesize = crypto_ahash_statesize(
203 crypto_ahash_reqtfm(req));
204 state = kmalloc(statesize + sizeof(guard), GFP_KERNEL);
206 pr_err("alg: hash: Failed to alloc state for %s\n", algo);
209 memcpy(state + statesize, guard, sizeof(guard));
210 memset(result, 1, digestsize);
211 ret = crypto_ahash_export(req, state);
212 WARN_ON(memcmp(state + statesize, guard, sizeof(guard)));
214 pr_err("alg: hash: Failed to export() for %s\n", algo);
217 ret = ahash_guard_result(result, 1, digestsize);
219 pr_err("alg: hash: Failed, export used req->result for %s\n",
223 ahash_request_free(req);
224 req = ahash_request_alloc(tfm, GFP_KERNEL);
226 pr_err("alg: hash: Failed to alloc request for %s\n", algo);
229 ahash_request_set_callback(req,
230 CRYPTO_TFM_REQ_MAY_BACKLOG,
231 crypto_req_done, wait);
233 memcpy(hash_buff, template->plaintext + temp,
235 sg_init_one(&sg[0], hash_buff, template->tap[k]);
236 ahash_request_set_crypt(req, sg, result, template->tap[k]);
237 ret = crypto_ahash_import(req, state);
239 pr_err("alg: hash: Failed to import() for %s\n", algo);
242 ret = ahash_guard_result(result, 1, digestsize);
244 pr_err("alg: hash: Failed, import used req->result for %s\n",
248 ret = crypto_wait_req(crypto_ahash_update(req), wait);
255 ahash_request_free(req);
262 static int __test_hash(struct crypto_ahash *tfm,
263 const struct hash_testvec *template, unsigned int tcount,
264 bool use_digest, const int align_offset)
266 const char *algo = crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
267 size_t digest_size = crypto_ahash_digestsize(tfm);
268 unsigned int i, j, k, temp;
269 struct scatterlist sg[8];
272 struct ahash_request *req;
273 struct crypto_wait wait;
275 char *xbuf[XBUFSIZE];
278 result = kmalloc(digest_size, GFP_KERNEL);
281 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
284 if (testmgr_alloc_buf(xbuf))
287 crypto_init_wait(&wait);
289 req = ahash_request_alloc(tfm, GFP_KERNEL);
291 printk(KERN_ERR "alg: hash: Failed to allocate request for "
295 ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
296 crypto_req_done, &wait);
299 for (i = 0; i < tcount; i++) {
304 if (WARN_ON(align_offset + template[i].psize > PAGE_SIZE))
308 memset(result, 0, digest_size);
311 hash_buff += align_offset;
313 memcpy(hash_buff, template[i].plaintext, template[i].psize);
314 sg_init_one(&sg[0], hash_buff, template[i].psize);
316 if (template[i].ksize) {
317 crypto_ahash_clear_flags(tfm, ~0);
318 if (template[i].ksize > MAX_KEYLEN) {
319 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
320 j, algo, template[i].ksize, MAX_KEYLEN);
324 memcpy(key, template[i].key, template[i].ksize);
325 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
327 printk(KERN_ERR "alg: hash: setkey failed on "
328 "test %d for %s: ret=%d\n", j, algo,
334 ahash_request_set_crypt(req, sg, result, template[i].psize);
336 ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
338 pr_err("alg: hash: digest failed on test %d "
339 "for %s: ret=%d\n", j, algo, -ret);
343 memset(result, 1, digest_size);
344 ret = crypto_wait_req(crypto_ahash_init(req), &wait);
346 pr_err("alg: hash: init failed on test %d "
347 "for %s: ret=%d\n", j, algo, -ret);
350 ret = ahash_guard_result(result, 1, digest_size);
352 pr_err("alg: hash: init failed on test %d "
353 "for %s: used req->result\n", j, algo);
356 ret = crypto_wait_req(crypto_ahash_update(req), &wait);
358 pr_err("alg: hash: update failed on test %d "
359 "for %s: ret=%d\n", j, algo, -ret);
362 ret = ahash_guard_result(result, 1, digest_size);
364 pr_err("alg: hash: update failed on test %d "
365 "for %s: used req->result\n", j, algo);
368 ret = crypto_wait_req(crypto_ahash_final(req), &wait);
370 pr_err("alg: hash: final failed on test %d "
371 "for %s: ret=%d\n", j, algo, -ret);
376 if (memcmp(result, template[i].digest,
377 crypto_ahash_digestsize(tfm))) {
378 printk(KERN_ERR "alg: hash: Test %d failed for %s\n",
380 hexdump(result, crypto_ahash_digestsize(tfm));
387 for (i = 0; i < tcount; i++) {
388 /* alignment tests are only done with continuous buffers */
389 if (align_offset != 0)
396 memset(result, 0, digest_size);
399 sg_init_table(sg, template[i].np);
401 for (k = 0; k < template[i].np; k++) {
402 if (WARN_ON(offset_in_page(IDX[k]) +
403 template[i].tap[k] > PAGE_SIZE))
406 memcpy(xbuf[IDX[k] >> PAGE_SHIFT] +
407 offset_in_page(IDX[k]),
408 template[i].plaintext + temp,
411 temp += template[i].tap[k];
414 if (template[i].ksize) {
415 if (template[i].ksize > MAX_KEYLEN) {
416 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
417 j, algo, template[i].ksize, MAX_KEYLEN);
421 crypto_ahash_clear_flags(tfm, ~0);
422 memcpy(key, template[i].key, template[i].ksize);
423 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
426 printk(KERN_ERR "alg: hash: setkey "
427 "failed on chunking test %d "
428 "for %s: ret=%d\n", j, algo, -ret);
433 ahash_request_set_crypt(req, sg, result, template[i].psize);
434 ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
436 pr_err("alg: hash: digest failed on chunking test %d for %s: ret=%d\n",
441 if (memcmp(result, template[i].digest,
442 crypto_ahash_digestsize(tfm))) {
443 printk(KERN_ERR "alg: hash: Chunking test %d "
444 "failed for %s\n", j, algo);
445 hexdump(result, crypto_ahash_digestsize(tfm));
451 /* partial update exercise */
453 for (i = 0; i < tcount; i++) {
454 /* alignment tests are only done with continuous buffers */
455 if (align_offset != 0)
458 if (template[i].np < 2)
462 memset(result, 0, digest_size);
466 memcpy(hash_buff, template[i].plaintext,
468 sg_init_one(&sg[0], hash_buff, template[i].tap[0]);
470 if (template[i].ksize) {
471 crypto_ahash_clear_flags(tfm, ~0);
472 if (template[i].ksize > MAX_KEYLEN) {
473 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
474 j, algo, template[i].ksize, MAX_KEYLEN);
478 memcpy(key, template[i].key, template[i].ksize);
479 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
481 pr_err("alg: hash: setkey failed on test %d for %s: ret=%d\n",
487 ahash_request_set_crypt(req, sg, result, template[i].tap[0]);
488 ret = crypto_wait_req(crypto_ahash_init(req), &wait);
490 pr_err("alg: hash: init failed on test %d for %s: ret=%d\n",
494 ret = crypto_wait_req(crypto_ahash_update(req), &wait);
496 pr_err("alg: hash: update failed on test %d for %s: ret=%d\n",
501 temp = template[i].tap[0];
502 for (k = 1; k < template[i].np; k++) {
503 ret = ahash_partial_update(&req, tfm, &template[i],
504 hash_buff, k, temp, &sg[0], algo, result,
507 pr_err("alg: hash: partial update failed on test %d for %s: ret=%d\n",
511 temp += template[i].tap[k];
513 ret = crypto_wait_req(crypto_ahash_final(req), &wait);
515 pr_err("alg: hash: final failed on test %d for %s: ret=%d\n",
519 if (memcmp(result, template[i].digest,
520 crypto_ahash_digestsize(tfm))) {
521 pr_err("alg: hash: Partial Test %d failed for %s\n",
523 hexdump(result, crypto_ahash_digestsize(tfm));
532 ahash_request_free(req);
534 testmgr_free_buf(xbuf);
541 static int test_hash(struct crypto_ahash *tfm,
542 const struct hash_testvec *template,
543 unsigned int tcount, bool use_digest)
545 unsigned int alignmask;
548 ret = __test_hash(tfm, template, tcount, use_digest, 0);
552 /* test unaligned buffers, check with one byte offset */
553 ret = __test_hash(tfm, template, tcount, use_digest, 1);
557 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
559 /* Check if alignment mask for tfm is correctly set. */
560 ret = __test_hash(tfm, template, tcount, use_digest,
569 static int __test_aead(struct crypto_aead *tfm, int enc,
570 const struct aead_testvec *template, unsigned int tcount,
571 const bool diff_dst, const int align_offset)
573 const char *algo = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
574 unsigned int i, j, k, n, temp;
578 struct aead_request *req;
579 struct scatterlist *sg;
580 struct scatterlist *sgout;
582 struct crypto_wait wait;
583 unsigned int authsize, iv_len;
588 char *xbuf[XBUFSIZE];
589 char *xoutbuf[XBUFSIZE];
590 char *axbuf[XBUFSIZE];
592 iv = kzalloc(MAX_IVLEN, GFP_KERNEL);
595 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
598 if (testmgr_alloc_buf(xbuf))
600 if (testmgr_alloc_buf(axbuf))
602 if (diff_dst && testmgr_alloc_buf(xoutbuf))
605 /* avoid "the frame size is larger than 1024 bytes" compiler warning */
606 sg = kmalloc(sizeof(*sg) * 8 * (diff_dst ? 4 : 2), GFP_KERNEL);
621 crypto_init_wait(&wait);
623 req = aead_request_alloc(tfm, GFP_KERNEL);
625 pr_err("alg: aead%s: Failed to allocate request for %s\n",
630 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
631 crypto_req_done, &wait);
633 iv_len = crypto_aead_ivsize(tfm);
635 for (i = 0, j = 0; i < tcount; i++) {
641 /* some templates have no input data but they will
645 input += align_offset;
649 if (WARN_ON(align_offset + template[i].ilen >
650 PAGE_SIZE || template[i].alen > PAGE_SIZE))
653 memcpy(input, template[i].input, template[i].ilen);
654 memcpy(assoc, template[i].assoc, template[i].alen);
656 memcpy(iv, template[i].iv, iv_len);
658 memset(iv, 0, iv_len);
660 crypto_aead_clear_flags(tfm, ~0);
662 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
664 if (template[i].klen > MAX_KEYLEN) {
665 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
666 d, j, algo, template[i].klen,
671 memcpy(key, template[i].key, template[i].klen);
673 ret = crypto_aead_setkey(tfm, key, template[i].klen);
674 if (template[i].fail == !ret) {
675 pr_err("alg: aead%s: setkey failed on test %d for %s: flags=%x\n",
676 d, j, algo, crypto_aead_get_flags(tfm));
681 authsize = abs(template[i].rlen - template[i].ilen);
682 ret = crypto_aead_setauthsize(tfm, authsize);
684 pr_err("alg: aead%s: Failed to set authsize to %u on test %d for %s\n",
685 d, authsize, j, algo);
689 k = !!template[i].alen;
690 sg_init_table(sg, k + 1);
691 sg_set_buf(&sg[0], assoc, template[i].alen);
692 sg_set_buf(&sg[k], input,
693 template[i].ilen + (enc ? authsize : 0));
697 sg_init_table(sgout, k + 1);
698 sg_set_buf(&sgout[0], assoc, template[i].alen);
701 output += align_offset;
702 sg_set_buf(&sgout[k], output,
703 template[i].rlen + (enc ? 0 : authsize));
706 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
707 template[i].ilen, iv);
709 aead_request_set_ad(req, template[i].alen);
711 ret = crypto_wait_req(enc ? crypto_aead_encrypt(req)
712 : crypto_aead_decrypt(req), &wait);
716 if (template[i].novrfy) {
717 /* verification was supposed to fail */
718 pr_err("alg: aead%s: %s failed on test %d for %s: ret was 0, expected -EBADMSG\n",
720 /* so really, we got a bad message */
726 if (template[i].novrfy)
727 /* verification failure was expected */
731 pr_err("alg: aead%s: %s failed on test %d for %s: ret=%d\n",
732 d, e, j, algo, -ret);
737 if (memcmp(q, template[i].result, template[i].rlen)) {
738 pr_err("alg: aead%s: Test %d failed on %s for %s\n",
740 hexdump(q, template[i].rlen);
746 for (i = 0, j = 0; i < tcount; i++) {
747 /* alignment tests are only done with continuous buffers */
748 if (align_offset != 0)
757 memcpy(iv, template[i].iv, iv_len);
759 memset(iv, 0, MAX_IVLEN);
761 crypto_aead_clear_flags(tfm, ~0);
763 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
764 if (template[i].klen > MAX_KEYLEN) {
765 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
766 d, j, algo, template[i].klen, MAX_KEYLEN);
770 memcpy(key, template[i].key, template[i].klen);
772 ret = crypto_aead_setkey(tfm, key, template[i].klen);
773 if (template[i].fail == !ret) {
774 pr_err("alg: aead%s: setkey failed on chunk test %d for %s: flags=%x\n",
775 d, j, algo, crypto_aead_get_flags(tfm));
780 authsize = abs(template[i].rlen - template[i].ilen);
783 sg_init_table(sg, template[i].anp + template[i].np);
785 sg_init_table(sgout, template[i].anp + template[i].np);
788 for (k = 0, temp = 0; k < template[i].anp; k++) {
789 if (WARN_ON(offset_in_page(IDX[k]) +
790 template[i].atap[k] > PAGE_SIZE))
793 memcpy(axbuf[IDX[k] >> PAGE_SHIFT] +
794 offset_in_page(IDX[k]),
795 template[i].assoc + temp,
796 template[i].atap[k]),
797 template[i].atap[k]);
799 sg_set_buf(&sgout[k],
800 axbuf[IDX[k] >> PAGE_SHIFT] +
801 offset_in_page(IDX[k]),
802 template[i].atap[k]);
803 temp += template[i].atap[k];
806 for (k = 0, temp = 0; k < template[i].np; k++) {
807 if (WARN_ON(offset_in_page(IDX[k]) +
808 template[i].tap[k] > PAGE_SIZE))
811 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
812 memcpy(q, template[i].input + temp, template[i].tap[k]);
813 sg_set_buf(&sg[template[i].anp + k],
814 q, template[i].tap[k]);
817 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
818 offset_in_page(IDX[k]);
820 memset(q, 0, template[i].tap[k]);
822 sg_set_buf(&sgout[template[i].anp + k],
823 q, template[i].tap[k]);
826 n = template[i].tap[k];
827 if (k == template[i].np - 1 && enc)
829 if (offset_in_page(q) + n < PAGE_SIZE)
832 temp += template[i].tap[k];
835 ret = crypto_aead_setauthsize(tfm, authsize);
837 pr_err("alg: aead%s: Failed to set authsize to %u on chunk test %d for %s\n",
838 d, authsize, j, algo);
843 if (WARN_ON(sg[template[i].anp + k - 1].offset +
844 sg[template[i].anp + k - 1].length +
845 authsize > PAGE_SIZE)) {
851 sgout[template[i].anp + k - 1].length +=
853 sg[template[i].anp + k - 1].length += authsize;
856 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
860 aead_request_set_ad(req, template[i].alen);
862 ret = crypto_wait_req(enc ? crypto_aead_encrypt(req)
863 : crypto_aead_decrypt(req), &wait);
867 if (template[i].novrfy) {
868 /* verification was supposed to fail */
869 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret was 0, expected -EBADMSG\n",
871 /* so really, we got a bad message */
877 if (template[i].novrfy)
878 /* verification failure was expected */
882 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret=%d\n",
883 d, e, j, algo, -ret);
888 for (k = 0, temp = 0; k < template[i].np; k++) {
890 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
891 offset_in_page(IDX[k]);
893 q = xbuf[IDX[k] >> PAGE_SHIFT] +
894 offset_in_page(IDX[k]);
896 n = template[i].tap[k];
897 if (k == template[i].np - 1)
898 n += enc ? authsize : -authsize;
900 if (memcmp(q, template[i].result + temp, n)) {
901 pr_err("alg: aead%s: Chunk test %d failed on %s at page %u for %s\n",
908 if (k == template[i].np - 1 && !enc) {
910 memcmp(q, template[i].input +
916 for (n = 0; offset_in_page(q + n) && q[n]; n++)
920 pr_err("alg: aead%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
921 d, j, e, k, algo, n);
926 temp += template[i].tap[k];
933 aead_request_free(req);
937 testmgr_free_buf(xoutbuf);
939 testmgr_free_buf(axbuf);
941 testmgr_free_buf(xbuf);
948 static int test_aead(struct crypto_aead *tfm, int enc,
949 const struct aead_testvec *template, unsigned int tcount)
951 unsigned int alignmask;
954 /* test 'dst == src' case */
955 ret = __test_aead(tfm, enc, template, tcount, false, 0);
959 /* test 'dst != src' case */
960 ret = __test_aead(tfm, enc, template, tcount, true, 0);
964 /* test unaligned buffers, check with one byte offset */
965 ret = __test_aead(tfm, enc, template, tcount, true, 1);
969 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
971 /* Check if alignment mask for tfm is correctly set. */
972 ret = __test_aead(tfm, enc, template, tcount, true,
981 static int test_cipher(struct crypto_cipher *tfm, int enc,
982 const struct cipher_testvec *template,
985 const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm));
986 unsigned int i, j, k;
989 const char *input, *result;
991 char *xbuf[XBUFSIZE];
994 if (testmgr_alloc_buf(xbuf))
1003 for (i = 0; i < tcount; i++) {
1007 if (fips_enabled && template[i].fips_skip)
1010 input = enc ? template[i].ptext : template[i].ctext;
1011 result = enc ? template[i].ctext : template[i].ptext;
1015 if (WARN_ON(template[i].len > PAGE_SIZE))
1019 memcpy(data, input, template[i].len);
1021 crypto_cipher_clear_flags(tfm, ~0);
1023 crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
1025 ret = crypto_cipher_setkey(tfm, template[i].key,
1027 if (template[i].fail == !ret) {
1028 printk(KERN_ERR "alg: cipher: setkey failed "
1029 "on test %d for %s: flags=%x\n", j,
1030 algo, crypto_cipher_get_flags(tfm));
1035 for (k = 0; k < template[i].len;
1036 k += crypto_cipher_blocksize(tfm)) {
1038 crypto_cipher_encrypt_one(tfm, data + k,
1041 crypto_cipher_decrypt_one(tfm, data + k,
1046 if (memcmp(q, result, template[i].len)) {
1047 printk(KERN_ERR "alg: cipher: Test %d failed "
1048 "on %s for %s\n", j, e, algo);
1049 hexdump(q, template[i].len);
1058 testmgr_free_buf(xbuf);
1063 static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
1064 const struct cipher_testvec *template,
1065 unsigned int tcount,
1066 const bool diff_dst, const int align_offset)
1069 crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
1070 unsigned int i, j, k, n, temp;
1072 struct skcipher_request *req;
1073 struct scatterlist sg[8];
1074 struct scatterlist sgout[8];
1076 struct crypto_wait wait;
1077 const char *input, *result;
1080 char *xbuf[XBUFSIZE];
1081 char *xoutbuf[XBUFSIZE];
1083 unsigned int ivsize = crypto_skcipher_ivsize(tfm);
1085 if (testmgr_alloc_buf(xbuf))
1088 if (diff_dst && testmgr_alloc_buf(xoutbuf))
1101 crypto_init_wait(&wait);
1103 req = skcipher_request_alloc(tfm, GFP_KERNEL);
1105 pr_err("alg: skcipher%s: Failed to allocate request for %s\n",
1110 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1111 crypto_req_done, &wait);
1114 for (i = 0; i < tcount; i++) {
1115 if (template[i].np && !template[i].also_non_np)
1118 if (fips_enabled && template[i].fips_skip)
1121 if (template[i].iv && !(template[i].generates_iv && enc))
1122 memcpy(iv, template[i].iv, ivsize);
1124 memset(iv, 0, MAX_IVLEN);
1126 input = enc ? template[i].ptext : template[i].ctext;
1127 result = enc ? template[i].ctext : template[i].ptext;
1130 if (WARN_ON(align_offset + template[i].len > PAGE_SIZE))
1134 data += align_offset;
1135 memcpy(data, input, template[i].len);
1137 crypto_skcipher_clear_flags(tfm, ~0);
1139 crypto_skcipher_set_flags(tfm,
1140 CRYPTO_TFM_REQ_WEAK_KEY);
1142 ret = crypto_skcipher_setkey(tfm, template[i].key,
1144 if (template[i].fail == !ret) {
1145 pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n",
1146 d, j, algo, crypto_skcipher_get_flags(tfm));
1151 sg_init_one(&sg[0], data, template[i].len);
1154 data += align_offset;
1155 sg_init_one(&sgout[0], data, template[i].len);
1158 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1159 template[i].len, iv);
1160 ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
1161 crypto_skcipher_decrypt(req), &wait);
1164 pr_err("alg: skcipher%s: %s failed on test %d for %s: ret=%d\n",
1165 d, e, j, algo, -ret);
1170 if (memcmp(q, result, template[i].len)) {
1171 pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n",
1173 hexdump(q, template[i].len);
1178 if (template[i].generates_iv && enc &&
1179 memcmp(iv, template[i].iv, crypto_skcipher_ivsize(tfm))) {
1180 pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n",
1182 hexdump(iv, crypto_skcipher_ivsize(tfm));
1189 for (i = 0; i < tcount; i++) {
1190 /* alignment tests are only done with continuous buffers */
1191 if (align_offset != 0)
1194 if (!template[i].np)
1197 if (fips_enabled && template[i].fips_skip)
1200 if (template[i].iv && !(template[i].generates_iv && enc))
1201 memcpy(iv, template[i].iv, ivsize);
1203 memset(iv, 0, MAX_IVLEN);
1205 input = enc ? template[i].ptext : template[i].ctext;
1206 result = enc ? template[i].ctext : template[i].ptext;
1208 crypto_skcipher_clear_flags(tfm, ~0);
1210 crypto_skcipher_set_flags(tfm,
1211 CRYPTO_TFM_REQ_WEAK_KEY);
1213 ret = crypto_skcipher_setkey(tfm, template[i].key,
1215 if (template[i].fail == !ret) {
1216 pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n",
1217 d, j, algo, crypto_skcipher_get_flags(tfm));
1224 sg_init_table(sg, template[i].np);
1226 sg_init_table(sgout, template[i].np);
1227 for (k = 0; k < template[i].np; k++) {
1228 if (WARN_ON(offset_in_page(IDX[k]) +
1229 template[i].tap[k] > PAGE_SIZE))
1232 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
1234 memcpy(q, input + temp, template[i].tap[k]);
1236 if (offset_in_page(q) + template[i].tap[k] < PAGE_SIZE)
1237 q[template[i].tap[k]] = 0;
1239 sg_set_buf(&sg[k], q, template[i].tap[k]);
1241 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1242 offset_in_page(IDX[k]);
1244 sg_set_buf(&sgout[k], q, template[i].tap[k]);
1246 memset(q, 0, template[i].tap[k]);
1247 if (offset_in_page(q) +
1248 template[i].tap[k] < PAGE_SIZE)
1249 q[template[i].tap[k]] = 0;
1252 temp += template[i].tap[k];
1255 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1256 template[i].len, iv);
1258 ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
1259 crypto_skcipher_decrypt(req), &wait);
1262 pr_err("alg: skcipher%s: %s failed on chunk test %d for %s: ret=%d\n",
1263 d, e, j, algo, -ret);
1269 for (k = 0; k < template[i].np; k++) {
1271 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1272 offset_in_page(IDX[k]);
1274 q = xbuf[IDX[k] >> PAGE_SHIFT] +
1275 offset_in_page(IDX[k]);
1277 if (memcmp(q, result + temp, template[i].tap[k])) {
1278 pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n",
1280 hexdump(q, template[i].tap[k]);
1284 q += template[i].tap[k];
1285 for (n = 0; offset_in_page(q + n) && q[n]; n++)
1288 pr_err("alg: skcipher%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
1289 d, j, e, k, algo, n);
1293 temp += template[i].tap[k];
1300 skcipher_request_free(req);
1302 testmgr_free_buf(xoutbuf);
1304 testmgr_free_buf(xbuf);
1309 static int test_skcipher(struct crypto_skcipher *tfm, int enc,
1310 const struct cipher_testvec *template,
1311 unsigned int tcount)
1313 unsigned int alignmask;
1316 /* test 'dst == src' case */
1317 ret = __test_skcipher(tfm, enc, template, tcount, false, 0);
1321 /* test 'dst != src' case */
1322 ret = __test_skcipher(tfm, enc, template, tcount, true, 0);
1326 /* test unaligned buffers, check with one byte offset */
1327 ret = __test_skcipher(tfm, enc, template, tcount, true, 1);
1331 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
1333 /* Check if alignment mask for tfm is correctly set. */
1334 ret = __test_skcipher(tfm, enc, template, tcount, true,
1343 static int test_comp(struct crypto_comp *tfm,
1344 const struct comp_testvec *ctemplate,
1345 const struct comp_testvec *dtemplate,
1346 int ctcount, int dtcount)
1348 const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm));
1349 char *output, *decomp_output;
1353 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1357 decomp_output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1358 if (!decomp_output) {
1363 for (i = 0; i < ctcount; i++) {
1365 unsigned int dlen = COMP_BUF_SIZE;
1367 memset(output, 0, sizeof(COMP_BUF_SIZE));
1368 memset(decomp_output, 0, sizeof(COMP_BUF_SIZE));
1370 ilen = ctemplate[i].inlen;
1371 ret = crypto_comp_compress(tfm, ctemplate[i].input,
1372 ilen, output, &dlen);
1374 printk(KERN_ERR "alg: comp: compression failed "
1375 "on test %d for %s: ret=%d\n", i + 1, algo,
1381 dlen = COMP_BUF_SIZE;
1382 ret = crypto_comp_decompress(tfm, output,
1383 ilen, decomp_output, &dlen);
1385 pr_err("alg: comp: compression failed: decompress: on test %d for %s failed: ret=%d\n",
1390 if (dlen != ctemplate[i].inlen) {
1391 printk(KERN_ERR "alg: comp: Compression test %d "
1392 "failed for %s: output len = %d\n", i + 1, algo,
1398 if (memcmp(decomp_output, ctemplate[i].input,
1399 ctemplate[i].inlen)) {
1400 pr_err("alg: comp: compression failed: output differs: on test %d for %s\n",
1402 hexdump(decomp_output, dlen);
1408 for (i = 0; i < dtcount; i++) {
1410 unsigned int dlen = COMP_BUF_SIZE;
1412 memset(decomp_output, 0, sizeof(COMP_BUF_SIZE));
1414 ilen = dtemplate[i].inlen;
1415 ret = crypto_comp_decompress(tfm, dtemplate[i].input,
1416 ilen, decomp_output, &dlen);
1418 printk(KERN_ERR "alg: comp: decompression failed "
1419 "on test %d for %s: ret=%d\n", i + 1, algo,
1424 if (dlen != dtemplate[i].outlen) {
1425 printk(KERN_ERR "alg: comp: Decompression test %d "
1426 "failed for %s: output len = %d\n", i + 1, algo,
1432 if (memcmp(decomp_output, dtemplate[i].output, dlen)) {
1433 printk(KERN_ERR "alg: comp: Decompression test %d "
1434 "failed for %s\n", i + 1, algo);
1435 hexdump(decomp_output, dlen);
1444 kfree(decomp_output);
1449 static int test_acomp(struct crypto_acomp *tfm,
1450 const struct comp_testvec *ctemplate,
1451 const struct comp_testvec *dtemplate,
1452 int ctcount, int dtcount)
1454 const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm));
1456 char *output, *decomp_out;
1458 struct scatterlist src, dst;
1459 struct acomp_req *req;
1460 struct crypto_wait wait;
1462 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1466 decomp_out = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1472 for (i = 0; i < ctcount; i++) {
1473 unsigned int dlen = COMP_BUF_SIZE;
1474 int ilen = ctemplate[i].inlen;
1477 input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL);
1483 memset(output, 0, dlen);
1484 crypto_init_wait(&wait);
1485 sg_init_one(&src, input_vec, ilen);
1486 sg_init_one(&dst, output, dlen);
1488 req = acomp_request_alloc(tfm);
1490 pr_err("alg: acomp: request alloc failed for %s\n",
1497 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1498 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1499 crypto_req_done, &wait);
1501 ret = crypto_wait_req(crypto_acomp_compress(req), &wait);
1503 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1506 acomp_request_free(req);
1511 dlen = COMP_BUF_SIZE;
1512 sg_init_one(&src, output, ilen);
1513 sg_init_one(&dst, decomp_out, dlen);
1514 crypto_init_wait(&wait);
1515 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1517 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait);
1519 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1522 acomp_request_free(req);
1526 if (req->dlen != ctemplate[i].inlen) {
1527 pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n",
1528 i + 1, algo, req->dlen);
1531 acomp_request_free(req);
1535 if (memcmp(input_vec, decomp_out, req->dlen)) {
1536 pr_err("alg: acomp: Compression test %d failed for %s\n",
1538 hexdump(output, req->dlen);
1541 acomp_request_free(req);
1546 acomp_request_free(req);
1549 for (i = 0; i < dtcount; i++) {
1550 unsigned int dlen = COMP_BUF_SIZE;
1551 int ilen = dtemplate[i].inlen;
1554 input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL);
1560 memset(output, 0, dlen);
1561 crypto_init_wait(&wait);
1562 sg_init_one(&src, input_vec, ilen);
1563 sg_init_one(&dst, output, dlen);
1565 req = acomp_request_alloc(tfm);
1567 pr_err("alg: acomp: request alloc failed for %s\n",
1574 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1575 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1576 crypto_req_done, &wait);
1578 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait);
1580 pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n",
1583 acomp_request_free(req);
1587 if (req->dlen != dtemplate[i].outlen) {
1588 pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n",
1589 i + 1, algo, req->dlen);
1592 acomp_request_free(req);
1596 if (memcmp(output, dtemplate[i].output, req->dlen)) {
1597 pr_err("alg: acomp: Decompression test %d failed for %s\n",
1599 hexdump(output, req->dlen);
1602 acomp_request_free(req);
1607 acomp_request_free(req);
1618 static int test_cprng(struct crypto_rng *tfm,
1619 const struct cprng_testvec *template,
1620 unsigned int tcount)
1622 const char *algo = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm));
1623 int err = 0, i, j, seedsize;
1627 seedsize = crypto_rng_seedsize(tfm);
1629 seed = kmalloc(seedsize, GFP_KERNEL);
1631 printk(KERN_ERR "alg: cprng: Failed to allocate seed space "
1636 for (i = 0; i < tcount; i++) {
1637 memset(result, 0, 32);
1639 memcpy(seed, template[i].v, template[i].vlen);
1640 memcpy(seed + template[i].vlen, template[i].key,
1642 memcpy(seed + template[i].vlen + template[i].klen,
1643 template[i].dt, template[i].dtlen);
1645 err = crypto_rng_reset(tfm, seed, seedsize);
1647 printk(KERN_ERR "alg: cprng: Failed to reset rng "
1652 for (j = 0; j < template[i].loops; j++) {
1653 err = crypto_rng_get_bytes(tfm, result,
1656 printk(KERN_ERR "alg: cprng: Failed to obtain "
1657 "the correct amount of random data for "
1658 "%s (requested %d)\n", algo,
1664 err = memcmp(result, template[i].result,
1667 printk(KERN_ERR "alg: cprng: Test %d failed for %s\n",
1669 hexdump(result, template[i].rlen);
1680 static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
1683 struct crypto_aead *tfm;
1686 tfm = crypto_alloc_aead(driver, type, mask);
1688 printk(KERN_ERR "alg: aead: Failed to load transform for %s: "
1689 "%ld\n", driver, PTR_ERR(tfm));
1690 return PTR_ERR(tfm);
1693 if (desc->suite.aead.enc.vecs) {
1694 err = test_aead(tfm, ENCRYPT, desc->suite.aead.enc.vecs,
1695 desc->suite.aead.enc.count);
1700 if (!err && desc->suite.aead.dec.vecs)
1701 err = test_aead(tfm, DECRYPT, desc->suite.aead.dec.vecs,
1702 desc->suite.aead.dec.count);
1705 crypto_free_aead(tfm);
1709 static int alg_test_cipher(const struct alg_test_desc *desc,
1710 const char *driver, u32 type, u32 mask)
1712 const struct cipher_test_suite *suite = &desc->suite.cipher;
1713 struct crypto_cipher *tfm;
1716 tfm = crypto_alloc_cipher(driver, type, mask);
1718 printk(KERN_ERR "alg: cipher: Failed to load transform for "
1719 "%s: %ld\n", driver, PTR_ERR(tfm));
1720 return PTR_ERR(tfm);
1723 err = test_cipher(tfm, ENCRYPT, suite->vecs, suite->count);
1725 err = test_cipher(tfm, DECRYPT, suite->vecs, suite->count);
1727 crypto_free_cipher(tfm);
1731 static int alg_test_skcipher(const struct alg_test_desc *desc,
1732 const char *driver, u32 type, u32 mask)
1734 const struct cipher_test_suite *suite = &desc->suite.cipher;
1735 struct crypto_skcipher *tfm;
1738 tfm = crypto_alloc_skcipher(driver, type, mask);
1740 printk(KERN_ERR "alg: skcipher: Failed to load transform for "
1741 "%s: %ld\n", driver, PTR_ERR(tfm));
1742 return PTR_ERR(tfm);
1745 err = test_skcipher(tfm, ENCRYPT, suite->vecs, suite->count);
1747 err = test_skcipher(tfm, DECRYPT, suite->vecs, suite->count);
1749 crypto_free_skcipher(tfm);
1753 static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
1756 struct crypto_comp *comp;
1757 struct crypto_acomp *acomp;
1759 u32 algo_type = type & CRYPTO_ALG_TYPE_ACOMPRESS_MASK;
1761 if (algo_type == CRYPTO_ALG_TYPE_ACOMPRESS) {
1762 acomp = crypto_alloc_acomp(driver, type, mask);
1763 if (IS_ERR(acomp)) {
1764 pr_err("alg: acomp: Failed to load transform for %s: %ld\n",
1765 driver, PTR_ERR(acomp));
1766 return PTR_ERR(acomp);
1768 err = test_acomp(acomp, desc->suite.comp.comp.vecs,
1769 desc->suite.comp.decomp.vecs,
1770 desc->suite.comp.comp.count,
1771 desc->suite.comp.decomp.count);
1772 crypto_free_acomp(acomp);
1774 comp = crypto_alloc_comp(driver, type, mask);
1776 pr_err("alg: comp: Failed to load transform for %s: %ld\n",
1777 driver, PTR_ERR(comp));
1778 return PTR_ERR(comp);
1781 err = test_comp(comp, desc->suite.comp.comp.vecs,
1782 desc->suite.comp.decomp.vecs,
1783 desc->suite.comp.comp.count,
1784 desc->suite.comp.decomp.count);
1786 crypto_free_comp(comp);
1791 static int __alg_test_hash(const struct hash_testvec *template,
1792 unsigned int tcount, const char *driver,
1795 struct crypto_ahash *tfm;
1798 tfm = crypto_alloc_ahash(driver, type, mask);
1800 printk(KERN_ERR "alg: hash: Failed to load transform for %s: "
1801 "%ld\n", driver, PTR_ERR(tfm));
1802 return PTR_ERR(tfm);
1805 err = test_hash(tfm, template, tcount, true);
1807 err = test_hash(tfm, template, tcount, false);
1808 crypto_free_ahash(tfm);
1812 static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
1815 const struct hash_testvec *template = desc->suite.hash.vecs;
1816 unsigned int tcount = desc->suite.hash.count;
1817 unsigned int nr_unkeyed, nr_keyed;
1821 * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests
1822 * first, before setting a key on the tfm. To make this easier, we
1823 * require that the unkeyed test vectors (if any) are listed first.
1826 for (nr_unkeyed = 0; nr_unkeyed < tcount; nr_unkeyed++) {
1827 if (template[nr_unkeyed].ksize)
1830 for (nr_keyed = 0; nr_unkeyed + nr_keyed < tcount; nr_keyed++) {
1831 if (!template[nr_unkeyed + nr_keyed].ksize) {
1832 pr_err("alg: hash: test vectors for %s out of order, "
1833 "unkeyed ones must come first\n", desc->alg);
1840 err = __alg_test_hash(template, nr_unkeyed, driver, type, mask);
1841 template += nr_unkeyed;
1844 if (!err && nr_keyed)
1845 err = __alg_test_hash(template, nr_keyed, driver, type, mask);
1850 static int alg_test_crc32c(const struct alg_test_desc *desc,
1851 const char *driver, u32 type, u32 mask)
1853 struct crypto_shash *tfm;
1857 err = alg_test_hash(desc, driver, type, mask);
1861 tfm = crypto_alloc_shash(driver, type, mask);
1863 printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: "
1864 "%ld\n", driver, PTR_ERR(tfm));
1870 SHASH_DESC_ON_STACK(shash, tfm);
1871 u32 *ctx = (u32 *)shash_desc_ctx(shash);
1876 *ctx = le32_to_cpu(420553207);
1877 err = crypto_shash_final(shash, (u8 *)&val);
1879 printk(KERN_ERR "alg: crc32c: Operation failed for "
1880 "%s: %d\n", driver, err);
1884 if (val != ~420553207) {
1885 printk(KERN_ERR "alg: crc32c: Test failed for %s: "
1886 "%d\n", driver, val);
1891 crypto_free_shash(tfm);
1897 static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver,
1900 struct crypto_rng *rng;
1903 rng = crypto_alloc_rng(driver, type, mask);
1905 printk(KERN_ERR "alg: cprng: Failed to load transform for %s: "
1906 "%ld\n", driver, PTR_ERR(rng));
1907 return PTR_ERR(rng);
1910 err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count);
1912 crypto_free_rng(rng);
1918 static int drbg_cavs_test(const struct drbg_testvec *test, int pr,
1919 const char *driver, u32 type, u32 mask)
1922 struct crypto_rng *drng;
1923 struct drbg_test_data test_data;
1924 struct drbg_string addtl, pers, testentropy;
1925 unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL);
1930 drng = crypto_alloc_rng(driver, type, mask);
1932 printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for "
1938 test_data.testentropy = &testentropy;
1939 drbg_string_fill(&testentropy, test->entropy, test->entropylen);
1940 drbg_string_fill(&pers, test->pers, test->perslen);
1941 ret = crypto_drbg_reset_test(drng, &pers, &test_data);
1943 printk(KERN_ERR "alg: drbg: Failed to reset rng\n");
1947 drbg_string_fill(&addtl, test->addtla, test->addtllen);
1949 drbg_string_fill(&testentropy, test->entpra, test->entprlen);
1950 ret = crypto_drbg_get_bytes_addtl_test(drng,
1951 buf, test->expectedlen, &addtl, &test_data);
1953 ret = crypto_drbg_get_bytes_addtl(drng,
1954 buf, test->expectedlen, &addtl);
1957 printk(KERN_ERR "alg: drbg: could not obtain random data for "
1958 "driver %s\n", driver);
1962 drbg_string_fill(&addtl, test->addtlb, test->addtllen);
1964 drbg_string_fill(&testentropy, test->entprb, test->entprlen);
1965 ret = crypto_drbg_get_bytes_addtl_test(drng,
1966 buf, test->expectedlen, &addtl, &test_data);
1968 ret = crypto_drbg_get_bytes_addtl(drng,
1969 buf, test->expectedlen, &addtl);
1972 printk(KERN_ERR "alg: drbg: could not obtain random data for "
1973 "driver %s\n", driver);
1977 ret = memcmp(test->expected, buf, test->expectedlen);
1980 crypto_free_rng(drng);
1986 static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver,
1992 const struct drbg_testvec *template = desc->suite.drbg.vecs;
1993 unsigned int tcount = desc->suite.drbg.count;
1995 if (0 == memcmp(driver, "drbg_pr_", 8))
1998 for (i = 0; i < tcount; i++) {
1999 err = drbg_cavs_test(&template[i], pr, driver, type, mask);
2001 printk(KERN_ERR "alg: drbg: Test %d failed for %s\n",
2011 static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,
2014 struct kpp_request *req;
2015 void *input_buf = NULL;
2016 void *output_buf = NULL;
2017 void *a_public = NULL;
2019 void *shared_secret = NULL;
2020 struct crypto_wait wait;
2021 unsigned int out_len_max;
2023 struct scatterlist src, dst;
2025 req = kpp_request_alloc(tfm, GFP_KERNEL);
2029 crypto_init_wait(&wait);
2031 err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size);
2035 out_len_max = crypto_kpp_maxsize(tfm);
2036 output_buf = kzalloc(out_len_max, GFP_KERNEL);
2042 /* Use appropriate parameter as base */
2043 kpp_request_set_input(req, NULL, 0);
2044 sg_init_one(&dst, output_buf, out_len_max);
2045 kpp_request_set_output(req, &dst, out_len_max);
2046 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2047 crypto_req_done, &wait);
2049 /* Compute party A's public key */
2050 err = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait);
2052 pr_err("alg: %s: Party A: generate public key test failed. err %d\n",
2058 /* Save party A's public key */
2059 a_public = kzalloc(out_len_max, GFP_KERNEL);
2064 memcpy(a_public, sg_virt(req->dst), out_len_max);
2066 /* Verify calculated public key */
2067 if (memcmp(vec->expected_a_public, sg_virt(req->dst),
2068 vec->expected_a_public_size)) {
2069 pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n",
2076 /* Calculate shared secret key by using counter part (b) public key. */
2077 input_buf = kzalloc(vec->b_public_size, GFP_KERNEL);
2083 memcpy(input_buf, vec->b_public, vec->b_public_size);
2084 sg_init_one(&src, input_buf, vec->b_public_size);
2085 sg_init_one(&dst, output_buf, out_len_max);
2086 kpp_request_set_input(req, &src, vec->b_public_size);
2087 kpp_request_set_output(req, &dst, out_len_max);
2088 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2089 crypto_req_done, &wait);
2090 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait);
2092 pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n",
2098 /* Save the shared secret obtained by party A */
2099 a_ss = kzalloc(vec->expected_ss_size, GFP_KERNEL);
2104 memcpy(a_ss, sg_virt(req->dst), vec->expected_ss_size);
2107 * Calculate party B's shared secret by using party A's
2110 err = crypto_kpp_set_secret(tfm, vec->b_secret,
2111 vec->b_secret_size);
2115 sg_init_one(&src, a_public, vec->expected_a_public_size);
2116 sg_init_one(&dst, output_buf, out_len_max);
2117 kpp_request_set_input(req, &src, vec->expected_a_public_size);
2118 kpp_request_set_output(req, &dst, out_len_max);
2119 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2120 crypto_req_done, &wait);
2121 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req),
2124 pr_err("alg: %s: Party B: compute shared secret failed. err %d\n",
2129 shared_secret = a_ss;
2131 shared_secret = (void *)vec->expected_ss;
2135 * verify shared secret from which the user will derive
2136 * secret key by executing whatever hash it has chosen
2138 if (memcmp(shared_secret, sg_virt(req->dst),
2139 vec->expected_ss_size)) {
2140 pr_err("alg: %s: compute shared secret test failed. Invalid output\n",
2152 kpp_request_free(req);
2156 static int test_kpp(struct crypto_kpp *tfm, const char *alg,
2157 const struct kpp_testvec *vecs, unsigned int tcount)
2161 for (i = 0; i < tcount; i++) {
2162 ret = do_test_kpp(tfm, vecs++, alg);
2164 pr_err("alg: %s: test failed on vector %d, err=%d\n",
2172 static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,
2175 struct crypto_kpp *tfm;
2178 tfm = crypto_alloc_kpp(driver, type, mask);
2180 pr_err("alg: kpp: Failed to load tfm for %s: %ld\n",
2181 driver, PTR_ERR(tfm));
2182 return PTR_ERR(tfm);
2184 if (desc->suite.kpp.vecs)
2185 err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs,
2186 desc->suite.kpp.count);
2188 crypto_free_kpp(tfm);
2192 static int test_akcipher_one(struct crypto_akcipher *tfm,
2193 const struct akcipher_testvec *vecs)
2195 char *xbuf[XBUFSIZE];
2196 struct akcipher_request *req;
2197 void *outbuf_enc = NULL;
2198 void *outbuf_dec = NULL;
2199 struct crypto_wait wait;
2200 unsigned int out_len_max, out_len = 0;
2202 struct scatterlist src, dst, src_tab[2];
2204 if (testmgr_alloc_buf(xbuf))
2207 req = akcipher_request_alloc(tfm, GFP_KERNEL);
2211 crypto_init_wait(&wait);
2213 if (vecs->public_key_vec)
2214 err = crypto_akcipher_set_pub_key(tfm, vecs->key,
2217 err = crypto_akcipher_set_priv_key(tfm, vecs->key,
2223 out_len_max = crypto_akcipher_maxsize(tfm);
2224 outbuf_enc = kzalloc(out_len_max, GFP_KERNEL);
2228 if (WARN_ON(vecs->m_size > PAGE_SIZE))
2231 memcpy(xbuf[0], vecs->m, vecs->m_size);
2233 sg_init_table(src_tab, 2);
2234 sg_set_buf(&src_tab[0], xbuf[0], 8);
2235 sg_set_buf(&src_tab[1], xbuf[0] + 8, vecs->m_size - 8);
2236 sg_init_one(&dst, outbuf_enc, out_len_max);
2237 akcipher_request_set_crypt(req, src_tab, &dst, vecs->m_size,
2239 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2240 crypto_req_done, &wait);
2242 err = crypto_wait_req(vecs->siggen_sigver_test ?
2243 /* Run asymmetric signature generation */
2244 crypto_akcipher_sign(req) :
2245 /* Run asymmetric encrypt */
2246 crypto_akcipher_encrypt(req), &wait);
2248 pr_err("alg: akcipher: encrypt test failed. err %d\n", err);
2251 if (req->dst_len != vecs->c_size) {
2252 pr_err("alg: akcipher: encrypt test failed. Invalid output len\n");
2256 /* verify that encrypted message is equal to expected */
2257 if (memcmp(vecs->c, outbuf_enc, vecs->c_size)) {
2258 pr_err("alg: akcipher: encrypt test failed. Invalid output\n");
2259 hexdump(outbuf_enc, vecs->c_size);
2263 /* Don't invoke decrypt for vectors with public key */
2264 if (vecs->public_key_vec) {
2268 outbuf_dec = kzalloc(out_len_max, GFP_KERNEL);
2274 if (WARN_ON(vecs->c_size > PAGE_SIZE))
2277 memcpy(xbuf[0], vecs->c, vecs->c_size);
2279 sg_init_one(&src, xbuf[0], vecs->c_size);
2280 sg_init_one(&dst, outbuf_dec, out_len_max);
2281 crypto_init_wait(&wait);
2282 akcipher_request_set_crypt(req, &src, &dst, vecs->c_size, out_len_max);
2284 err = crypto_wait_req(vecs->siggen_sigver_test ?
2285 /* Run asymmetric signature verification */
2286 crypto_akcipher_verify(req) :
2287 /* Run asymmetric decrypt */
2288 crypto_akcipher_decrypt(req), &wait);
2290 pr_err("alg: akcipher: decrypt test failed. err %d\n", err);
2293 out_len = req->dst_len;
2294 if (out_len < vecs->m_size) {
2295 pr_err("alg: akcipher: decrypt test failed. "
2296 "Invalid output len %u\n", out_len);
2300 /* verify that decrypted message is equal to the original msg */
2301 if (memchr_inv(outbuf_dec, 0, out_len - vecs->m_size) ||
2302 memcmp(vecs->m, outbuf_dec + out_len - vecs->m_size,
2304 pr_err("alg: akcipher: decrypt test failed. Invalid output\n");
2305 hexdump(outbuf_dec, out_len);
2312 akcipher_request_free(req);
2314 testmgr_free_buf(xbuf);
2318 static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,
2319 const struct akcipher_testvec *vecs,
2320 unsigned int tcount)
2323 crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm));
2326 for (i = 0; i < tcount; i++) {
2327 ret = test_akcipher_one(tfm, vecs++);
2331 pr_err("alg: akcipher: test %d failed for %s, err=%d\n",
2338 static int alg_test_akcipher(const struct alg_test_desc *desc,
2339 const char *driver, u32 type, u32 mask)
2341 struct crypto_akcipher *tfm;
2344 tfm = crypto_alloc_akcipher(driver, type, mask);
2346 pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n",
2347 driver, PTR_ERR(tfm));
2348 return PTR_ERR(tfm);
2350 if (desc->suite.akcipher.vecs)
2351 err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs,
2352 desc->suite.akcipher.count);
2354 crypto_free_akcipher(tfm);
2358 static int alg_test_null(const struct alg_test_desc *desc,
2359 const char *driver, u32 type, u32 mask)
2364 #define __VECS(tv) { .vecs = tv, .count = ARRAY_SIZE(tv) }
2366 /* Please keep this list sorted by algorithm name. */
2367 static const struct alg_test_desc alg_test_descs[] = {
2370 .test = alg_test_aead,
2373 .enc = __VECS(aegis128_enc_tv_template),
2374 .dec = __VECS(aegis128_dec_tv_template),
2379 .test = alg_test_aead,
2382 .enc = __VECS(aegis128l_enc_tv_template),
2383 .dec = __VECS(aegis128l_dec_tv_template),
2388 .test = alg_test_aead,
2391 .enc = __VECS(aegis256_enc_tv_template),
2392 .dec = __VECS(aegis256_dec_tv_template),
2396 .alg = "ansi_cprng",
2397 .test = alg_test_cprng,
2399 .cprng = __VECS(ansi_cprng_aes_tv_template)
2402 .alg = "authenc(hmac(md5),ecb(cipher_null))",
2403 .test = alg_test_aead,
2406 .enc = __VECS(hmac_md5_ecb_cipher_null_enc_tv_template),
2407 .dec = __VECS(hmac_md5_ecb_cipher_null_dec_tv_template)
2411 .alg = "authenc(hmac(sha1),cbc(aes))",
2412 .test = alg_test_aead,
2416 .enc = __VECS(hmac_sha1_aes_cbc_enc_tv_temp)
2420 .alg = "authenc(hmac(sha1),cbc(des))",
2421 .test = alg_test_aead,
2424 .enc = __VECS(hmac_sha1_des_cbc_enc_tv_temp)
2428 .alg = "authenc(hmac(sha1),cbc(des3_ede))",
2429 .test = alg_test_aead,
2433 .enc = __VECS(hmac_sha1_des3_ede_cbc_enc_tv_temp)
2437 .alg = "authenc(hmac(sha1),ctr(aes))",
2438 .test = alg_test_null,
2441 .alg = "authenc(hmac(sha1),ecb(cipher_null))",
2442 .test = alg_test_aead,
2445 .enc = __VECS(hmac_sha1_ecb_cipher_null_enc_tv_temp),
2446 .dec = __VECS(hmac_sha1_ecb_cipher_null_dec_tv_temp)
2450 .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
2451 .test = alg_test_null,
2454 .alg = "authenc(hmac(sha224),cbc(des))",
2455 .test = alg_test_aead,
2458 .enc = __VECS(hmac_sha224_des_cbc_enc_tv_temp)
2462 .alg = "authenc(hmac(sha224),cbc(des3_ede))",
2463 .test = alg_test_aead,
2467 .enc = __VECS(hmac_sha224_des3_ede_cbc_enc_tv_temp)
2471 .alg = "authenc(hmac(sha256),cbc(aes))",
2472 .test = alg_test_aead,
2476 .enc = __VECS(hmac_sha256_aes_cbc_enc_tv_temp)
2480 .alg = "authenc(hmac(sha256),cbc(des))",
2481 .test = alg_test_aead,
2484 .enc = __VECS(hmac_sha256_des_cbc_enc_tv_temp)
2488 .alg = "authenc(hmac(sha256),cbc(des3_ede))",
2489 .test = alg_test_aead,
2493 .enc = __VECS(hmac_sha256_des3_ede_cbc_enc_tv_temp)
2497 .alg = "authenc(hmac(sha256),ctr(aes))",
2498 .test = alg_test_null,
2501 .alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
2502 .test = alg_test_null,
2505 .alg = "authenc(hmac(sha384),cbc(des))",
2506 .test = alg_test_aead,
2509 .enc = __VECS(hmac_sha384_des_cbc_enc_tv_temp)
2513 .alg = "authenc(hmac(sha384),cbc(des3_ede))",
2514 .test = alg_test_aead,
2518 .enc = __VECS(hmac_sha384_des3_ede_cbc_enc_tv_temp)
2522 .alg = "authenc(hmac(sha384),ctr(aes))",
2523 .test = alg_test_null,
2526 .alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
2527 .test = alg_test_null,
2530 .alg = "authenc(hmac(sha512),cbc(aes))",
2532 .test = alg_test_aead,
2535 .enc = __VECS(hmac_sha512_aes_cbc_enc_tv_temp)
2539 .alg = "authenc(hmac(sha512),cbc(des))",
2540 .test = alg_test_aead,
2543 .enc = __VECS(hmac_sha512_des_cbc_enc_tv_temp)
2547 .alg = "authenc(hmac(sha512),cbc(des3_ede))",
2548 .test = alg_test_aead,
2552 .enc = __VECS(hmac_sha512_des3_ede_cbc_enc_tv_temp)
2556 .alg = "authenc(hmac(sha512),ctr(aes))",
2557 .test = alg_test_null,
2560 .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
2561 .test = alg_test_null,
2565 .test = alg_test_skcipher,
2568 .cipher = __VECS(aes_cbc_tv_template)
2571 .alg = "cbc(anubis)",
2572 .test = alg_test_skcipher,
2574 .cipher = __VECS(anubis_cbc_tv_template)
2577 .alg = "cbc(blowfish)",
2578 .test = alg_test_skcipher,
2580 .cipher = __VECS(bf_cbc_tv_template)
2583 .alg = "cbc(camellia)",
2584 .test = alg_test_skcipher,
2586 .cipher = __VECS(camellia_cbc_tv_template)
2589 .alg = "cbc(cast5)",
2590 .test = alg_test_skcipher,
2592 .cipher = __VECS(cast5_cbc_tv_template)
2595 .alg = "cbc(cast6)",
2596 .test = alg_test_skcipher,
2598 .cipher = __VECS(cast6_cbc_tv_template)
2602 .test = alg_test_skcipher,
2604 .cipher = __VECS(des_cbc_tv_template)
2607 .alg = "cbc(des3_ede)",
2608 .test = alg_test_skcipher,
2611 .cipher = __VECS(des3_ede_cbc_tv_template)
2614 /* Same as cbc(aes) except the key is stored in
2615 * hardware secure memory which we reference by index
2618 .test = alg_test_null,
2621 .alg = "cbc(serpent)",
2622 .test = alg_test_skcipher,
2624 .cipher = __VECS(serpent_cbc_tv_template)
2627 .alg = "cbc(twofish)",
2628 .test = alg_test_skcipher,
2630 .cipher = __VECS(tf_cbc_tv_template)
2633 .alg = "cbcmac(aes)",
2635 .test = alg_test_hash,
2637 .hash = __VECS(aes_cbcmac_tv_template)
2641 .test = alg_test_aead,
2645 .enc = __VECS(aes_ccm_enc_tv_template),
2646 .dec = __VECS(aes_ccm_dec_tv_template)
2651 .test = alg_test_skcipher,
2653 .cipher = __VECS(chacha20_tv_template)
2658 .test = alg_test_hash,
2660 .hash = __VECS(aes_cmac128_tv_template)
2663 .alg = "cmac(des3_ede)",
2665 .test = alg_test_hash,
2667 .hash = __VECS(des3_ede_cmac64_tv_template)
2670 .alg = "compress_null",
2671 .test = alg_test_null,
2674 .test = alg_test_hash,
2676 .hash = __VECS(crc32_tv_template)
2680 .test = alg_test_crc32c,
2683 .hash = __VECS(crc32c_tv_template)
2687 .test = alg_test_hash,
2690 .hash = __VECS(crct10dif_tv_template)
2694 .test = alg_test_skcipher,
2697 .cipher = __VECS(aes_ctr_tv_template)
2700 .alg = "ctr(blowfish)",
2701 .test = alg_test_skcipher,
2703 .cipher = __VECS(bf_ctr_tv_template)
2706 .alg = "ctr(camellia)",
2707 .test = alg_test_skcipher,
2709 .cipher = __VECS(camellia_ctr_tv_template)
2712 .alg = "ctr(cast5)",
2713 .test = alg_test_skcipher,
2715 .cipher = __VECS(cast5_ctr_tv_template)
2718 .alg = "ctr(cast6)",
2719 .test = alg_test_skcipher,
2721 .cipher = __VECS(cast6_ctr_tv_template)
2725 .test = alg_test_skcipher,
2727 .cipher = __VECS(des_ctr_tv_template)
2730 .alg = "ctr(des3_ede)",
2731 .test = alg_test_skcipher,
2734 .cipher = __VECS(des3_ede_ctr_tv_template)
2737 /* Same as ctr(aes) except the key is stored in
2738 * hardware secure memory which we reference by index
2741 .test = alg_test_null,
2744 .alg = "ctr(serpent)",
2745 .test = alg_test_skcipher,
2747 .cipher = __VECS(serpent_ctr_tv_template)
2750 .alg = "ctr(twofish)",
2751 .test = alg_test_skcipher,
2753 .cipher = __VECS(tf_ctr_tv_template)
2756 .alg = "cts(cbc(aes))",
2757 .test = alg_test_skcipher,
2759 .cipher = __VECS(cts_mode_tv_template)
2763 .test = alg_test_comp,
2767 .comp = __VECS(deflate_comp_tv_template),
2768 .decomp = __VECS(deflate_decomp_tv_template)
2773 .test = alg_test_kpp,
2776 .kpp = __VECS(dh_tv_template)
2779 .alg = "digest_null",
2780 .test = alg_test_null,
2782 .alg = "drbg_nopr_ctr_aes128",
2783 .test = alg_test_drbg,
2786 .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template)
2789 .alg = "drbg_nopr_ctr_aes192",
2790 .test = alg_test_drbg,
2793 .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template)
2796 .alg = "drbg_nopr_ctr_aes256",
2797 .test = alg_test_drbg,
2800 .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template)
2804 * There is no need to specifically test the DRBG with every
2805 * backend cipher -- covered by drbg_nopr_hmac_sha256 test
2807 .alg = "drbg_nopr_hmac_sha1",
2809 .test = alg_test_null,
2811 .alg = "drbg_nopr_hmac_sha256",
2812 .test = alg_test_drbg,
2815 .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template)
2818 /* covered by drbg_nopr_hmac_sha256 test */
2819 .alg = "drbg_nopr_hmac_sha384",
2821 .test = alg_test_null,
2823 .alg = "drbg_nopr_hmac_sha512",
2824 .test = alg_test_null,
2827 .alg = "drbg_nopr_sha1",
2829 .test = alg_test_null,
2831 .alg = "drbg_nopr_sha256",
2832 .test = alg_test_drbg,
2835 .drbg = __VECS(drbg_nopr_sha256_tv_template)
2838 /* covered by drbg_nopr_sha256 test */
2839 .alg = "drbg_nopr_sha384",
2841 .test = alg_test_null,
2843 .alg = "drbg_nopr_sha512",
2845 .test = alg_test_null,
2847 .alg = "drbg_pr_ctr_aes128",
2848 .test = alg_test_drbg,
2851 .drbg = __VECS(drbg_pr_ctr_aes128_tv_template)
2854 /* covered by drbg_pr_ctr_aes128 test */
2855 .alg = "drbg_pr_ctr_aes192",
2857 .test = alg_test_null,
2859 .alg = "drbg_pr_ctr_aes256",
2861 .test = alg_test_null,
2863 .alg = "drbg_pr_hmac_sha1",
2865 .test = alg_test_null,
2867 .alg = "drbg_pr_hmac_sha256",
2868 .test = alg_test_drbg,
2871 .drbg = __VECS(drbg_pr_hmac_sha256_tv_template)
2874 /* covered by drbg_pr_hmac_sha256 test */
2875 .alg = "drbg_pr_hmac_sha384",
2877 .test = alg_test_null,
2879 .alg = "drbg_pr_hmac_sha512",
2880 .test = alg_test_null,
2883 .alg = "drbg_pr_sha1",
2885 .test = alg_test_null,
2887 .alg = "drbg_pr_sha256",
2888 .test = alg_test_drbg,
2891 .drbg = __VECS(drbg_pr_sha256_tv_template)
2894 /* covered by drbg_pr_sha256 test */
2895 .alg = "drbg_pr_sha384",
2897 .test = alg_test_null,
2899 .alg = "drbg_pr_sha512",
2901 .test = alg_test_null,
2904 .test = alg_test_skcipher,
2907 .cipher = __VECS(aes_tv_template)
2910 .alg = "ecb(anubis)",
2911 .test = alg_test_skcipher,
2913 .cipher = __VECS(anubis_tv_template)
2917 .test = alg_test_skcipher,
2919 .cipher = __VECS(arc4_tv_template)
2922 .alg = "ecb(blowfish)",
2923 .test = alg_test_skcipher,
2925 .cipher = __VECS(bf_tv_template)
2928 .alg = "ecb(camellia)",
2929 .test = alg_test_skcipher,
2931 .cipher = __VECS(camellia_tv_template)
2934 .alg = "ecb(cast5)",
2935 .test = alg_test_skcipher,
2937 .cipher = __VECS(cast5_tv_template)
2940 .alg = "ecb(cast6)",
2941 .test = alg_test_skcipher,
2943 .cipher = __VECS(cast6_tv_template)
2946 .alg = "ecb(cipher_null)",
2947 .test = alg_test_null,
2951 .test = alg_test_skcipher,
2953 .cipher = __VECS(des_tv_template)
2956 .alg = "ecb(des3_ede)",
2957 .test = alg_test_skcipher,
2960 .cipher = __VECS(des3_ede_tv_template)
2963 .alg = "ecb(fcrypt)",
2964 .test = alg_test_skcipher,
2967 .vecs = fcrypt_pcbc_tv_template,
2972 .alg = "ecb(khazad)",
2973 .test = alg_test_skcipher,
2975 .cipher = __VECS(khazad_tv_template)
2978 /* Same as ecb(aes) except the key is stored in
2979 * hardware secure memory which we reference by index
2982 .test = alg_test_null,
2986 .test = alg_test_skcipher,
2988 .cipher = __VECS(seed_tv_template)
2991 .alg = "ecb(serpent)",
2992 .test = alg_test_skcipher,
2994 .cipher = __VECS(serpent_tv_template)
2998 .test = alg_test_skcipher,
3000 .cipher = __VECS(sm4_tv_template)
3003 .alg = "ecb(speck128)",
3004 .test = alg_test_skcipher,
3006 .cipher = __VECS(speck128_tv_template)
3009 .alg = "ecb(speck64)",
3010 .test = alg_test_skcipher,
3012 .cipher = __VECS(speck64_tv_template)
3016 .test = alg_test_skcipher,
3018 .cipher = __VECS(tea_tv_template)
3021 .alg = "ecb(tnepres)",
3022 .test = alg_test_skcipher,
3024 .cipher = __VECS(tnepres_tv_template)
3027 .alg = "ecb(twofish)",
3028 .test = alg_test_skcipher,
3030 .cipher = __VECS(tf_tv_template)
3034 .test = alg_test_skcipher,
3036 .cipher = __VECS(xeta_tv_template)
3040 .test = alg_test_skcipher,
3042 .cipher = __VECS(xtea_tv_template)
3046 .test = alg_test_kpp,
3049 .kpp = __VECS(ecdh_tv_template)
3053 .test = alg_test_aead,
3057 .enc = __VECS(aes_gcm_enc_tv_template),
3058 .dec = __VECS(aes_gcm_dec_tv_template)
3063 .test = alg_test_hash,
3066 .hash = __VECS(ghash_tv_template)
3070 .test = alg_test_hash,
3072 .hash = __VECS(hmac_md5_tv_template)
3075 .alg = "hmac(rmd128)",
3076 .test = alg_test_hash,
3078 .hash = __VECS(hmac_rmd128_tv_template)
3081 .alg = "hmac(rmd160)",
3082 .test = alg_test_hash,
3084 .hash = __VECS(hmac_rmd160_tv_template)
3087 .alg = "hmac(sha1)",
3088 .test = alg_test_hash,
3091 .hash = __VECS(hmac_sha1_tv_template)
3094 .alg = "hmac(sha224)",
3095 .test = alg_test_hash,
3098 .hash = __VECS(hmac_sha224_tv_template)
3101 .alg = "hmac(sha256)",
3102 .test = alg_test_hash,
3105 .hash = __VECS(hmac_sha256_tv_template)
3108 .alg = "hmac(sha3-224)",
3109 .test = alg_test_hash,
3112 .hash = __VECS(hmac_sha3_224_tv_template)
3115 .alg = "hmac(sha3-256)",
3116 .test = alg_test_hash,
3119 .hash = __VECS(hmac_sha3_256_tv_template)
3122 .alg = "hmac(sha3-384)",
3123 .test = alg_test_hash,
3126 .hash = __VECS(hmac_sha3_384_tv_template)
3129 .alg = "hmac(sha3-512)",
3130 .test = alg_test_hash,
3133 .hash = __VECS(hmac_sha3_512_tv_template)
3136 .alg = "hmac(sha384)",
3137 .test = alg_test_hash,
3140 .hash = __VECS(hmac_sha384_tv_template)
3143 .alg = "hmac(sha512)",
3144 .test = alg_test_hash,
3147 .hash = __VECS(hmac_sha512_tv_template)
3150 .alg = "jitterentropy_rng",
3152 .test = alg_test_null,
3155 .test = alg_test_skcipher,
3158 .cipher = __VECS(aes_kw_tv_template)
3162 .test = alg_test_skcipher,
3164 .cipher = __VECS(aes_lrw_tv_template)
3167 .alg = "lrw(camellia)",
3168 .test = alg_test_skcipher,
3170 .cipher = __VECS(camellia_lrw_tv_template)
3173 .alg = "lrw(cast6)",
3174 .test = alg_test_skcipher,
3176 .cipher = __VECS(cast6_lrw_tv_template)
3179 .alg = "lrw(serpent)",
3180 .test = alg_test_skcipher,
3182 .cipher = __VECS(serpent_lrw_tv_template)
3185 .alg = "lrw(twofish)",
3186 .test = alg_test_skcipher,
3188 .cipher = __VECS(tf_lrw_tv_template)
3192 .test = alg_test_comp,
3196 .comp = __VECS(lz4_comp_tv_template),
3197 .decomp = __VECS(lz4_decomp_tv_template)
3202 .test = alg_test_comp,
3206 .comp = __VECS(lz4hc_comp_tv_template),
3207 .decomp = __VECS(lz4hc_decomp_tv_template)
3212 .test = alg_test_comp,
3216 .comp = __VECS(lzo_comp_tv_template),
3217 .decomp = __VECS(lzo_decomp_tv_template)
3222 .test = alg_test_hash,
3224 .hash = __VECS(md4_tv_template)
3228 .test = alg_test_hash,
3230 .hash = __VECS(md5_tv_template)
3233 .alg = "michael_mic",
3234 .test = alg_test_hash,
3236 .hash = __VECS(michael_mic_tv_template)
3240 .test = alg_test_aead,
3243 .enc = __VECS(morus1280_enc_tv_template),
3244 .dec = __VECS(morus1280_dec_tv_template),
3249 .test = alg_test_aead,
3252 .enc = __VECS(morus640_enc_tv_template),
3253 .dec = __VECS(morus640_dec_tv_template),
3258 .test = alg_test_skcipher,
3261 .cipher = __VECS(aes_ofb_tv_template)
3264 /* Same as ofb(aes) except the key is stored in
3265 * hardware secure memory which we reference by index
3268 .test = alg_test_null,
3271 .alg = "pcbc(fcrypt)",
3272 .test = alg_test_skcipher,
3274 .cipher = __VECS(fcrypt_pcbc_tv_template)
3277 .alg = "pkcs1pad(rsa,sha224)",
3278 .test = alg_test_null,
3281 .alg = "pkcs1pad(rsa,sha256)",
3282 .test = alg_test_akcipher,
3285 .akcipher = __VECS(pkcs1pad_rsa_tv_template)
3288 .alg = "pkcs1pad(rsa,sha384)",
3289 .test = alg_test_null,
3292 .alg = "pkcs1pad(rsa,sha512)",
3293 .test = alg_test_null,
3297 .test = alg_test_hash,
3299 .hash = __VECS(poly1305_tv_template)
3302 .alg = "rfc3686(ctr(aes))",
3303 .test = alg_test_skcipher,
3306 .cipher = __VECS(aes_ctr_rfc3686_tv_template)
3309 .alg = "rfc4106(gcm(aes))",
3310 .test = alg_test_aead,
3314 .enc = __VECS(aes_gcm_rfc4106_enc_tv_template),
3315 .dec = __VECS(aes_gcm_rfc4106_dec_tv_template)
3319 .alg = "rfc4309(ccm(aes))",
3320 .test = alg_test_aead,
3324 .enc = __VECS(aes_ccm_rfc4309_enc_tv_template),
3325 .dec = __VECS(aes_ccm_rfc4309_dec_tv_template)
3329 .alg = "rfc4543(gcm(aes))",
3330 .test = alg_test_aead,
3333 .enc = __VECS(aes_gcm_rfc4543_enc_tv_template),
3334 .dec = __VECS(aes_gcm_rfc4543_dec_tv_template),
3338 .alg = "rfc7539(chacha20,poly1305)",
3339 .test = alg_test_aead,
3342 .enc = __VECS(rfc7539_enc_tv_template),
3343 .dec = __VECS(rfc7539_dec_tv_template),
3347 .alg = "rfc7539esp(chacha20,poly1305)",
3348 .test = alg_test_aead,
3351 .enc = __VECS(rfc7539esp_enc_tv_template),
3352 .dec = __VECS(rfc7539esp_dec_tv_template),
3357 .test = alg_test_hash,
3359 .hash = __VECS(rmd128_tv_template)
3363 .test = alg_test_hash,
3365 .hash = __VECS(rmd160_tv_template)
3369 .test = alg_test_hash,
3371 .hash = __VECS(rmd256_tv_template)
3375 .test = alg_test_hash,
3377 .hash = __VECS(rmd320_tv_template)
3381 .test = alg_test_akcipher,
3384 .akcipher = __VECS(rsa_tv_template)
3388 .test = alg_test_skcipher,
3390 .cipher = __VECS(salsa20_stream_tv_template)
3394 .test = alg_test_hash,
3397 .hash = __VECS(sha1_tv_template)
3401 .test = alg_test_hash,
3404 .hash = __VECS(sha224_tv_template)
3408 .test = alg_test_hash,
3411 .hash = __VECS(sha256_tv_template)
3415 .test = alg_test_hash,
3418 .hash = __VECS(sha3_224_tv_template)
3422 .test = alg_test_hash,
3425 .hash = __VECS(sha3_256_tv_template)
3429 .test = alg_test_hash,
3432 .hash = __VECS(sha3_384_tv_template)
3436 .test = alg_test_hash,
3439 .hash = __VECS(sha3_512_tv_template)
3443 .test = alg_test_hash,
3446 .hash = __VECS(sha384_tv_template)
3450 .test = alg_test_hash,
3453 .hash = __VECS(sha512_tv_template)
3457 .test = alg_test_hash,
3459 .hash = __VECS(sm3_tv_template)
3463 .test = alg_test_hash,
3465 .hash = __VECS(tgr128_tv_template)
3469 .test = alg_test_hash,
3471 .hash = __VECS(tgr160_tv_template)
3475 .test = alg_test_hash,
3477 .hash = __VECS(tgr192_tv_template)
3481 .test = alg_test_hash,
3483 .hash = __VECS(aes_vmac128_tv_template)
3487 .test = alg_test_hash,
3489 .hash = __VECS(wp256_tv_template)
3493 .test = alg_test_hash,
3495 .hash = __VECS(wp384_tv_template)
3499 .test = alg_test_hash,
3501 .hash = __VECS(wp512_tv_template)
3505 .test = alg_test_hash,
3507 .hash = __VECS(aes_xcbc128_tv_template)
3511 .test = alg_test_skcipher,
3514 .cipher = __VECS(aes_xts_tv_template)
3517 .alg = "xts(camellia)",
3518 .test = alg_test_skcipher,
3520 .cipher = __VECS(camellia_xts_tv_template)
3523 .alg = "xts(cast6)",
3524 .test = alg_test_skcipher,
3526 .cipher = __VECS(cast6_xts_tv_template)
3529 /* Same as xts(aes) except the key is stored in
3530 * hardware secure memory which we reference by index
3533 .test = alg_test_null,
3536 .alg = "xts(serpent)",
3537 .test = alg_test_skcipher,
3539 .cipher = __VECS(serpent_xts_tv_template)
3542 .alg = "xts(speck128)",
3543 .test = alg_test_skcipher,
3545 .cipher = __VECS(speck128_xts_tv_template)
3548 .alg = "xts(speck64)",
3549 .test = alg_test_skcipher,
3551 .cipher = __VECS(speck64_xts_tv_template)
3554 .alg = "xts(twofish)",
3555 .test = alg_test_skcipher,
3557 .cipher = __VECS(tf_xts_tv_template)
3560 .alg = "xts4096(paes)",
3561 .test = alg_test_null,
3564 .alg = "xts512(paes)",
3565 .test = alg_test_null,
3568 .alg = "zlib-deflate",
3569 .test = alg_test_comp,
3573 .comp = __VECS(zlib_deflate_comp_tv_template),
3574 .decomp = __VECS(zlib_deflate_decomp_tv_template)
3579 .test = alg_test_comp,
3583 .comp = __VECS(zstd_comp_tv_template),
3584 .decomp = __VECS(zstd_decomp_tv_template)
3590 static bool alg_test_descs_checked;
3592 static void alg_test_descs_check_order(void)
3596 /* only check once */
3597 if (alg_test_descs_checked)
3600 alg_test_descs_checked = true;
3602 for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) {
3603 int diff = strcmp(alg_test_descs[i - 1].alg,
3604 alg_test_descs[i].alg);
3606 if (WARN_ON(diff > 0)) {
3607 pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n",
3608 alg_test_descs[i - 1].alg,
3609 alg_test_descs[i].alg);
3612 if (WARN_ON(diff == 0)) {
3613 pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n",
3614 alg_test_descs[i].alg);
3619 static int alg_find_test(const char *alg)
3622 int end = ARRAY_SIZE(alg_test_descs);
3624 while (start < end) {
3625 int i = (start + end) / 2;
3626 int diff = strcmp(alg_test_descs[i].alg, alg);
3644 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
3650 if (!fips_enabled && notests) {
3651 printk_once(KERN_INFO "alg: self-tests disabled\n");
3655 alg_test_descs_check_order();
3657 if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
3658 char nalg[CRYPTO_MAX_ALG_NAME];
3660 if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >=
3662 return -ENAMETOOLONG;
3664 i = alg_find_test(nalg);
3668 if (fips_enabled && !alg_test_descs[i].fips_allowed)
3671 rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
3675 i = alg_find_test(alg);
3676 j = alg_find_test(driver);
3680 if (fips_enabled && ((i >= 0 && !alg_test_descs[i].fips_allowed) ||
3681 (j >= 0 && !alg_test_descs[j].fips_allowed)))
3686 rc |= alg_test_descs[i].test(alg_test_descs + i, driver,
3688 if (j >= 0 && j != i)
3689 rc |= alg_test_descs[j].test(alg_test_descs + j, driver,
3693 if (fips_enabled && rc)
3694 panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
3696 if (fips_enabled && !rc)
3697 pr_info("alg: self-tests for %s (%s) passed\n", driver, alg);
3702 printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
3708 #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */
3710 EXPORT_SYMBOL_GPL(alg_test);
projects / linux.git / blob