2 * Algorithm testing framework and tests.
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
6 * Copyright (c) 2007 Nokia Siemens Networks
7 * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
9 * Updated RFC4106 AES-GCM testing.
10 * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com)
11 * Adrian Hoban <adrian.hoban@intel.com>
12 * Gabriele Paoloni <gabriele.paoloni@intel.com>
13 * Tadeusz Struk (tadeusz.struk@intel.com)
14 * Copyright (c) 2010, Intel Corporation.
16 * This program is free software; you can redistribute it and/or modify it
17 * under the terms of the GNU General Public License as published by the Free
18 * Software Foundation; either version 2 of the License, or (at your option)
23 #include <crypto/aead.h>
24 #include <crypto/hash.h>
25 #include <crypto/skcipher.h>
26 #include <linux/err.h>
27 #include <linux/fips.h>
28 #include <linux/module.h>
29 #include <linux/scatterlist.h>
30 #include <linux/slab.h>
31 #include <linux/string.h>
32 #include <crypto/rng.h>
33 #include <crypto/drbg.h>
34 #include <crypto/akcipher.h>
35 #include <crypto/kpp.h>
36 #include <crypto/acompress.h>
41 module_param(notests, bool, 0644);
42 MODULE_PARM_DESC(notests, "disable crypto self-tests");
44 #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
47 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
57 * Need slab memory for testing (size in number of pages).
62 * Indexes into the xbuf to simulate cross-page access.
74 * Used by test_cipher()
79 struct aead_test_suite {
81 const struct aead_testvec *vecs;
86 struct cipher_test_suite {
87 const struct cipher_testvec *vecs;
91 struct comp_test_suite {
93 const struct comp_testvec *vecs;
98 struct hash_test_suite {
99 const struct hash_testvec *vecs;
103 struct cprng_test_suite {
104 const struct cprng_testvec *vecs;
108 struct drbg_test_suite {
109 const struct drbg_testvec *vecs;
113 struct akcipher_test_suite {
114 const struct akcipher_testvec *vecs;
118 struct kpp_test_suite {
119 const struct kpp_testvec *vecs;
123 struct alg_test_desc {
125 int (*test)(const struct alg_test_desc *desc, const char *driver,
127 int fips_allowed; /* set if alg is allowed in fips mode */
130 struct aead_test_suite aead;
131 struct cipher_test_suite cipher;
132 struct comp_test_suite comp;
133 struct hash_test_suite hash;
134 struct cprng_test_suite cprng;
135 struct drbg_test_suite drbg;
136 struct akcipher_test_suite akcipher;
137 struct kpp_test_suite kpp;
141 static const unsigned int IDX[8] = {
142 IDX1, IDX2, IDX3, IDX4, IDX5, IDX6, IDX7, IDX8 };
144 static void hexdump(unsigned char *buf, unsigned int len)
146 print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
151 static int testmgr_alloc_buf(char *buf[XBUFSIZE])
155 for (i = 0; i < XBUFSIZE; i++) {
156 buf[i] = (void *)__get_free_page(GFP_KERNEL);
165 free_page((unsigned long)buf[i]);
170 static void testmgr_free_buf(char *buf[XBUFSIZE])
174 for (i = 0; i < XBUFSIZE; i++)
175 free_page((unsigned long)buf[i]);
178 static int ahash_guard_result(char *result, char c, int size)
182 for (i = 0; i < size; i++) {
190 static int ahash_partial_update(struct ahash_request **preq,
191 struct crypto_ahash *tfm, const struct hash_testvec *template,
192 void *hash_buff, int k, int temp, struct scatterlist *sg,
193 const char *algo, char *result, struct crypto_wait *wait)
196 struct ahash_request *req;
197 int statesize, ret = -EINVAL;
198 static const unsigned char guard[] = { 0x00, 0xba, 0xad, 0x00 };
199 int digestsize = crypto_ahash_digestsize(tfm);
202 statesize = crypto_ahash_statesize(
203 crypto_ahash_reqtfm(req));
204 state = kmalloc(statesize + sizeof(guard), GFP_KERNEL);
206 pr_err("alg: hash: Failed to alloc state for %s\n", algo);
209 memcpy(state + statesize, guard, sizeof(guard));
210 memset(result, 1, digestsize);
211 ret = crypto_ahash_export(req, state);
212 WARN_ON(memcmp(state + statesize, guard, sizeof(guard)));
214 pr_err("alg: hash: Failed to export() for %s\n", algo);
217 ret = ahash_guard_result(result, 1, digestsize);
219 pr_err("alg: hash: Failed, export used req->result for %s\n",
223 ahash_request_free(req);
224 req = ahash_request_alloc(tfm, GFP_KERNEL);
226 pr_err("alg: hash: Failed to alloc request for %s\n", algo);
229 ahash_request_set_callback(req,
230 CRYPTO_TFM_REQ_MAY_BACKLOG,
231 crypto_req_done, wait);
233 memcpy(hash_buff, template->plaintext + temp,
235 sg_init_one(&sg[0], hash_buff, template->tap[k]);
236 ahash_request_set_crypt(req, sg, result, template->tap[k]);
237 ret = crypto_ahash_import(req, state);
239 pr_err("alg: hash: Failed to import() for %s\n", algo);
242 ret = ahash_guard_result(result, 1, digestsize);
244 pr_err("alg: hash: Failed, import used req->result for %s\n",
248 ret = crypto_wait_req(crypto_ahash_update(req), wait);
255 ahash_request_free(req);
262 static int __test_hash(struct crypto_ahash *tfm,
263 const struct hash_testvec *template, unsigned int tcount,
264 bool use_digest, const int align_offset)
266 const char *algo = crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
267 size_t digest_size = crypto_ahash_digestsize(tfm);
268 unsigned int i, j, k, temp;
269 struct scatterlist sg[8];
272 struct ahash_request *req;
273 struct crypto_wait wait;
275 char *xbuf[XBUFSIZE];
278 result = kmalloc(digest_size, GFP_KERNEL);
281 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
284 if (testmgr_alloc_buf(xbuf))
287 crypto_init_wait(&wait);
289 req = ahash_request_alloc(tfm, GFP_KERNEL);
291 printk(KERN_ERR "alg: hash: Failed to allocate request for "
295 ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
296 crypto_req_done, &wait);
299 for (i = 0; i < tcount; i++) {
304 if (WARN_ON(align_offset + template[i].psize > PAGE_SIZE))
308 memset(result, 0, digest_size);
311 hash_buff += align_offset;
313 memcpy(hash_buff, template[i].plaintext, template[i].psize);
314 sg_init_one(&sg[0], hash_buff, template[i].psize);
316 if (template[i].ksize) {
317 crypto_ahash_clear_flags(tfm, ~0);
318 if (template[i].ksize > MAX_KEYLEN) {
319 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
320 j, algo, template[i].ksize, MAX_KEYLEN);
324 memcpy(key, template[i].key, template[i].ksize);
325 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
327 printk(KERN_ERR "alg: hash: setkey failed on "
328 "test %d for %s: ret=%d\n", j, algo,
334 ahash_request_set_crypt(req, sg, result, template[i].psize);
336 ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
338 pr_err("alg: hash: digest failed on test %d "
339 "for %s: ret=%d\n", j, algo, -ret);
343 memset(result, 1, digest_size);
344 ret = crypto_wait_req(crypto_ahash_init(req), &wait);
346 pr_err("alg: hash: init failed on test %d "
347 "for %s: ret=%d\n", j, algo, -ret);
350 ret = ahash_guard_result(result, 1, digest_size);
352 pr_err("alg: hash: init failed on test %d "
353 "for %s: used req->result\n", j, algo);
356 ret = crypto_wait_req(crypto_ahash_update(req), &wait);
358 pr_err("alg: hash: update failed on test %d "
359 "for %s: ret=%d\n", j, algo, -ret);
362 ret = ahash_guard_result(result, 1, digest_size);
364 pr_err("alg: hash: update failed on test %d "
365 "for %s: used req->result\n", j, algo);
368 ret = crypto_wait_req(crypto_ahash_final(req), &wait);
370 pr_err("alg: hash: final failed on test %d "
371 "for %s: ret=%d\n", j, algo, -ret);
376 if (memcmp(result, template[i].digest,
377 crypto_ahash_digestsize(tfm))) {
378 printk(KERN_ERR "alg: hash: Test %d failed for %s\n",
380 hexdump(result, crypto_ahash_digestsize(tfm));
387 for (i = 0; i < tcount; i++) {
388 /* alignment tests are only done with continuous buffers */
389 if (align_offset != 0)
396 memset(result, 0, digest_size);
399 sg_init_table(sg, template[i].np);
401 for (k = 0; k < template[i].np; k++) {
402 if (WARN_ON(offset_in_page(IDX[k]) +
403 template[i].tap[k] > PAGE_SIZE))
406 memcpy(xbuf[IDX[k] >> PAGE_SHIFT] +
407 offset_in_page(IDX[k]),
408 template[i].plaintext + temp,
411 temp += template[i].tap[k];
414 if (template[i].ksize) {
415 if (template[i].ksize > MAX_KEYLEN) {
416 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
417 j, algo, template[i].ksize, MAX_KEYLEN);
421 crypto_ahash_clear_flags(tfm, ~0);
422 memcpy(key, template[i].key, template[i].ksize);
423 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
426 printk(KERN_ERR "alg: hash: setkey "
427 "failed on chunking test %d "
428 "for %s: ret=%d\n", j, algo, -ret);
433 ahash_request_set_crypt(req, sg, result, template[i].psize);
434 ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
436 pr_err("alg: hash: digest failed on chunking test %d for %s: ret=%d\n",
441 if (memcmp(result, template[i].digest,
442 crypto_ahash_digestsize(tfm))) {
443 printk(KERN_ERR "alg: hash: Chunking test %d "
444 "failed for %s\n", j, algo);
445 hexdump(result, crypto_ahash_digestsize(tfm));
451 /* partial update exercise */
453 for (i = 0; i < tcount; i++) {
454 /* alignment tests are only done with continuous buffers */
455 if (align_offset != 0)
458 if (template[i].np < 2)
462 memset(result, 0, digest_size);
466 memcpy(hash_buff, template[i].plaintext,
468 sg_init_one(&sg[0], hash_buff, template[i].tap[0]);
470 if (template[i].ksize) {
471 crypto_ahash_clear_flags(tfm, ~0);
472 if (template[i].ksize > MAX_KEYLEN) {
473 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
474 j, algo, template[i].ksize, MAX_KEYLEN);
478 memcpy(key, template[i].key, template[i].ksize);
479 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
481 pr_err("alg: hash: setkey failed on test %d for %s: ret=%d\n",
487 ahash_request_set_crypt(req, sg, result, template[i].tap[0]);
488 ret = crypto_wait_req(crypto_ahash_init(req), &wait);
490 pr_err("alg: hash: init failed on test %d for %s: ret=%d\n",
494 ret = crypto_wait_req(crypto_ahash_update(req), &wait);
496 pr_err("alg: hash: update failed on test %d for %s: ret=%d\n",
501 temp = template[i].tap[0];
502 for (k = 1; k < template[i].np; k++) {
503 ret = ahash_partial_update(&req, tfm, &template[i],
504 hash_buff, k, temp, &sg[0], algo, result,
507 pr_err("alg: hash: partial update failed on test %d for %s: ret=%d\n",
511 temp += template[i].tap[k];
513 ret = crypto_wait_req(crypto_ahash_final(req), &wait);
515 pr_err("alg: hash: final failed on test %d for %s: ret=%d\n",
519 if (memcmp(result, template[i].digest,
520 crypto_ahash_digestsize(tfm))) {
521 pr_err("alg: hash: Partial Test %d failed for %s\n",
523 hexdump(result, crypto_ahash_digestsize(tfm));
532 ahash_request_free(req);
534 testmgr_free_buf(xbuf);
541 static int test_hash(struct crypto_ahash *tfm,
542 const struct hash_testvec *template,
543 unsigned int tcount, bool use_digest)
545 unsigned int alignmask;
548 ret = __test_hash(tfm, template, tcount, use_digest, 0);
552 /* test unaligned buffers, check with one byte offset */
553 ret = __test_hash(tfm, template, tcount, use_digest, 1);
557 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
559 /* Check if alignment mask for tfm is correctly set. */
560 ret = __test_hash(tfm, template, tcount, use_digest,
569 static int __test_aead(struct crypto_aead *tfm, int enc,
570 const struct aead_testvec *template, unsigned int tcount,
571 const bool diff_dst, const int align_offset)
573 const char *algo = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
574 unsigned int i, j, k, n, temp;
578 struct aead_request *req;
579 struct scatterlist *sg;
580 struct scatterlist *sgout;
582 struct crypto_wait wait;
583 unsigned int authsize, iv_len;
588 char *xbuf[XBUFSIZE];
589 char *xoutbuf[XBUFSIZE];
590 char *axbuf[XBUFSIZE];
592 iv = kzalloc(MAX_IVLEN, GFP_KERNEL);
595 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
598 if (testmgr_alloc_buf(xbuf))
600 if (testmgr_alloc_buf(axbuf))
602 if (diff_dst && testmgr_alloc_buf(xoutbuf))
605 /* avoid "the frame size is larger than 1024 bytes" compiler warning */
606 sg = kmalloc(array3_size(sizeof(*sg), 8, (diff_dst ? 4 : 2)),
622 crypto_init_wait(&wait);
624 req = aead_request_alloc(tfm, GFP_KERNEL);
626 pr_err("alg: aead%s: Failed to allocate request for %s\n",
631 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
632 crypto_req_done, &wait);
634 iv_len = crypto_aead_ivsize(tfm);
636 for (i = 0, j = 0; i < tcount; i++) {
642 /* some templates have no input data but they will
646 input += align_offset;
650 if (WARN_ON(align_offset + template[i].ilen >
651 PAGE_SIZE || template[i].alen > PAGE_SIZE))
654 memcpy(input, template[i].input, template[i].ilen);
655 memcpy(assoc, template[i].assoc, template[i].alen);
657 memcpy(iv, template[i].iv, iv_len);
659 memset(iv, 0, iv_len);
661 crypto_aead_clear_flags(tfm, ~0);
663 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
665 if (template[i].klen > MAX_KEYLEN) {
666 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
667 d, j, algo, template[i].klen,
672 memcpy(key, template[i].key, template[i].klen);
674 ret = crypto_aead_setkey(tfm, key, template[i].klen);
675 if (template[i].fail == !ret) {
676 pr_err("alg: aead%s: setkey failed on test %d for %s: flags=%x\n",
677 d, j, algo, crypto_aead_get_flags(tfm));
682 authsize = abs(template[i].rlen - template[i].ilen);
683 ret = crypto_aead_setauthsize(tfm, authsize);
685 pr_err("alg: aead%s: Failed to set authsize to %u on test %d for %s\n",
686 d, authsize, j, algo);
690 k = !!template[i].alen;
691 sg_init_table(sg, k + 1);
692 sg_set_buf(&sg[0], assoc, template[i].alen);
693 sg_set_buf(&sg[k], input,
694 template[i].ilen + (enc ? authsize : 0));
698 sg_init_table(sgout, k + 1);
699 sg_set_buf(&sgout[0], assoc, template[i].alen);
702 output += align_offset;
703 sg_set_buf(&sgout[k], output,
704 template[i].rlen + (enc ? 0 : authsize));
707 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
708 template[i].ilen, iv);
710 aead_request_set_ad(req, template[i].alen);
712 ret = crypto_wait_req(enc ? crypto_aead_encrypt(req)
713 : crypto_aead_decrypt(req), &wait);
717 if (template[i].novrfy) {
718 /* verification was supposed to fail */
719 pr_err("alg: aead%s: %s failed on test %d for %s: ret was 0, expected -EBADMSG\n",
721 /* so really, we got a bad message */
727 if (template[i].novrfy)
728 /* verification failure was expected */
732 pr_err("alg: aead%s: %s failed on test %d for %s: ret=%d\n",
733 d, e, j, algo, -ret);
738 if (memcmp(q, template[i].result, template[i].rlen)) {
739 pr_err("alg: aead%s: Test %d failed on %s for %s\n",
741 hexdump(q, template[i].rlen);
747 for (i = 0, j = 0; i < tcount; i++) {
748 /* alignment tests are only done with continuous buffers */
749 if (align_offset != 0)
758 memcpy(iv, template[i].iv, iv_len);
760 memset(iv, 0, MAX_IVLEN);
762 crypto_aead_clear_flags(tfm, ~0);
764 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
765 if (template[i].klen > MAX_KEYLEN) {
766 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
767 d, j, algo, template[i].klen, MAX_KEYLEN);
771 memcpy(key, template[i].key, template[i].klen);
773 ret = crypto_aead_setkey(tfm, key, template[i].klen);
774 if (template[i].fail == !ret) {
775 pr_err("alg: aead%s: setkey failed on chunk test %d for %s: flags=%x\n",
776 d, j, algo, crypto_aead_get_flags(tfm));
781 authsize = abs(template[i].rlen - template[i].ilen);
784 sg_init_table(sg, template[i].anp + template[i].np);
786 sg_init_table(sgout, template[i].anp + template[i].np);
789 for (k = 0, temp = 0; k < template[i].anp; k++) {
790 if (WARN_ON(offset_in_page(IDX[k]) +
791 template[i].atap[k] > PAGE_SIZE))
794 memcpy(axbuf[IDX[k] >> PAGE_SHIFT] +
795 offset_in_page(IDX[k]),
796 template[i].assoc + temp,
797 template[i].atap[k]),
798 template[i].atap[k]);
800 sg_set_buf(&sgout[k],
801 axbuf[IDX[k] >> PAGE_SHIFT] +
802 offset_in_page(IDX[k]),
803 template[i].atap[k]);
804 temp += template[i].atap[k];
807 for (k = 0, temp = 0; k < template[i].np; k++) {
808 if (WARN_ON(offset_in_page(IDX[k]) +
809 template[i].tap[k] > PAGE_SIZE))
812 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
813 memcpy(q, template[i].input + temp, template[i].tap[k]);
814 sg_set_buf(&sg[template[i].anp + k],
815 q, template[i].tap[k]);
818 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
819 offset_in_page(IDX[k]);
821 memset(q, 0, template[i].tap[k]);
823 sg_set_buf(&sgout[template[i].anp + k],
824 q, template[i].tap[k]);
827 n = template[i].tap[k];
828 if (k == template[i].np - 1 && enc)
830 if (offset_in_page(q) + n < PAGE_SIZE)
833 temp += template[i].tap[k];
836 ret = crypto_aead_setauthsize(tfm, authsize);
838 pr_err("alg: aead%s: Failed to set authsize to %u on chunk test %d for %s\n",
839 d, authsize, j, algo);
844 if (WARN_ON(sg[template[i].anp + k - 1].offset +
845 sg[template[i].anp + k - 1].length +
846 authsize > PAGE_SIZE)) {
852 sgout[template[i].anp + k - 1].length +=
854 sg[template[i].anp + k - 1].length += authsize;
857 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
861 aead_request_set_ad(req, template[i].alen);
863 ret = crypto_wait_req(enc ? crypto_aead_encrypt(req)
864 : crypto_aead_decrypt(req), &wait);
868 if (template[i].novrfy) {
869 /* verification was supposed to fail */
870 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret was 0, expected -EBADMSG\n",
872 /* so really, we got a bad message */
878 if (template[i].novrfy)
879 /* verification failure was expected */
883 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret=%d\n",
884 d, e, j, algo, -ret);
889 for (k = 0, temp = 0; k < template[i].np; k++) {
891 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
892 offset_in_page(IDX[k]);
894 q = xbuf[IDX[k] >> PAGE_SHIFT] +
895 offset_in_page(IDX[k]);
897 n = template[i].tap[k];
898 if (k == template[i].np - 1)
899 n += enc ? authsize : -authsize;
901 if (memcmp(q, template[i].result + temp, n)) {
902 pr_err("alg: aead%s: Chunk test %d failed on %s at page %u for %s\n",
909 if (k == template[i].np - 1 && !enc) {
911 memcmp(q, template[i].input +
917 for (n = 0; offset_in_page(q + n) && q[n]; n++)
921 pr_err("alg: aead%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
922 d, j, e, k, algo, n);
927 temp += template[i].tap[k];
934 aead_request_free(req);
938 testmgr_free_buf(xoutbuf);
940 testmgr_free_buf(axbuf);
942 testmgr_free_buf(xbuf);
949 static int test_aead(struct crypto_aead *tfm, int enc,
950 const struct aead_testvec *template, unsigned int tcount)
952 unsigned int alignmask;
955 /* test 'dst == src' case */
956 ret = __test_aead(tfm, enc, template, tcount, false, 0);
960 /* test 'dst != src' case */
961 ret = __test_aead(tfm, enc, template, tcount, true, 0);
965 /* test unaligned buffers, check with one byte offset */
966 ret = __test_aead(tfm, enc, template, tcount, true, 1);
970 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
972 /* Check if alignment mask for tfm is correctly set. */
973 ret = __test_aead(tfm, enc, template, tcount, true,
982 static int test_cipher(struct crypto_cipher *tfm, int enc,
983 const struct cipher_testvec *template,
986 const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm));
987 unsigned int i, j, k;
990 const char *input, *result;
992 char *xbuf[XBUFSIZE];
995 if (testmgr_alloc_buf(xbuf))
1004 for (i = 0; i < tcount; i++) {
1008 if (fips_enabled && template[i].fips_skip)
1011 input = enc ? template[i].ptext : template[i].ctext;
1012 result = enc ? template[i].ctext : template[i].ptext;
1016 if (WARN_ON(template[i].len > PAGE_SIZE))
1020 memcpy(data, input, template[i].len);
1022 crypto_cipher_clear_flags(tfm, ~0);
1024 crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
1026 ret = crypto_cipher_setkey(tfm, template[i].key,
1028 if (template[i].fail == !ret) {
1029 printk(KERN_ERR "alg: cipher: setkey failed "
1030 "on test %d for %s: flags=%x\n", j,
1031 algo, crypto_cipher_get_flags(tfm));
1036 for (k = 0; k < template[i].len;
1037 k += crypto_cipher_blocksize(tfm)) {
1039 crypto_cipher_encrypt_one(tfm, data + k,
1042 crypto_cipher_decrypt_one(tfm, data + k,
1047 if (memcmp(q, result, template[i].len)) {
1048 printk(KERN_ERR "alg: cipher: Test %d failed "
1049 "on %s for %s\n", j, e, algo);
1050 hexdump(q, template[i].len);
1059 testmgr_free_buf(xbuf);
1064 static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
1065 const struct cipher_testvec *template,
1066 unsigned int tcount,
1067 const bool diff_dst, const int align_offset)
1070 crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
1071 unsigned int i, j, k, n, temp;
1073 struct skcipher_request *req;
1074 struct scatterlist sg[8];
1075 struct scatterlist sgout[8];
1077 struct crypto_wait wait;
1078 const char *input, *result;
1081 char *xbuf[XBUFSIZE];
1082 char *xoutbuf[XBUFSIZE];
1084 unsigned int ivsize = crypto_skcipher_ivsize(tfm);
1086 if (testmgr_alloc_buf(xbuf))
1089 if (diff_dst && testmgr_alloc_buf(xoutbuf))
1102 crypto_init_wait(&wait);
1104 req = skcipher_request_alloc(tfm, GFP_KERNEL);
1106 pr_err("alg: skcipher%s: Failed to allocate request for %s\n",
1111 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1112 crypto_req_done, &wait);
1115 for (i = 0; i < tcount; i++) {
1116 if (template[i].np && !template[i].also_non_np)
1119 if (fips_enabled && template[i].fips_skip)
1122 if (template[i].iv && !(template[i].generates_iv && enc))
1123 memcpy(iv, template[i].iv, ivsize);
1125 memset(iv, 0, MAX_IVLEN);
1127 input = enc ? template[i].ptext : template[i].ctext;
1128 result = enc ? template[i].ctext : template[i].ptext;
1131 if (WARN_ON(align_offset + template[i].len > PAGE_SIZE))
1135 data += align_offset;
1136 memcpy(data, input, template[i].len);
1138 crypto_skcipher_clear_flags(tfm, ~0);
1140 crypto_skcipher_set_flags(tfm,
1141 CRYPTO_TFM_REQ_WEAK_KEY);
1143 ret = crypto_skcipher_setkey(tfm, template[i].key,
1145 if (template[i].fail == !ret) {
1146 pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n",
1147 d, j, algo, crypto_skcipher_get_flags(tfm));
1152 sg_init_one(&sg[0], data, template[i].len);
1155 data += align_offset;
1156 sg_init_one(&sgout[0], data, template[i].len);
1159 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1160 template[i].len, iv);
1161 ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
1162 crypto_skcipher_decrypt(req), &wait);
1165 pr_err("alg: skcipher%s: %s failed on test %d for %s: ret=%d\n",
1166 d, e, j, algo, -ret);
1171 if (memcmp(q, result, template[i].len)) {
1172 pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n",
1174 hexdump(q, template[i].len);
1179 if (template[i].generates_iv && enc &&
1180 memcmp(iv, template[i].iv, crypto_skcipher_ivsize(tfm))) {
1181 pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n",
1183 hexdump(iv, crypto_skcipher_ivsize(tfm));
1190 for (i = 0; i < tcount; i++) {
1191 /* alignment tests are only done with continuous buffers */
1192 if (align_offset != 0)
1195 if (!template[i].np)
1198 if (fips_enabled && template[i].fips_skip)
1201 if (template[i].iv && !(template[i].generates_iv && enc))
1202 memcpy(iv, template[i].iv, ivsize);
1204 memset(iv, 0, MAX_IVLEN);
1206 input = enc ? template[i].ptext : template[i].ctext;
1207 result = enc ? template[i].ctext : template[i].ptext;
1209 crypto_skcipher_clear_flags(tfm, ~0);
1211 crypto_skcipher_set_flags(tfm,
1212 CRYPTO_TFM_REQ_WEAK_KEY);
1214 ret = crypto_skcipher_setkey(tfm, template[i].key,
1216 if (template[i].fail == !ret) {
1217 pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n",
1218 d, j, algo, crypto_skcipher_get_flags(tfm));
1225 sg_init_table(sg, template[i].np);
1227 sg_init_table(sgout, template[i].np);
1228 for (k = 0; k < template[i].np; k++) {
1229 if (WARN_ON(offset_in_page(IDX[k]) +
1230 template[i].tap[k] > PAGE_SIZE))
1233 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
1235 memcpy(q, input + temp, template[i].tap[k]);
1237 if (offset_in_page(q) + template[i].tap[k] < PAGE_SIZE)
1238 q[template[i].tap[k]] = 0;
1240 sg_set_buf(&sg[k], q, template[i].tap[k]);
1242 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1243 offset_in_page(IDX[k]);
1245 sg_set_buf(&sgout[k], q, template[i].tap[k]);
1247 memset(q, 0, template[i].tap[k]);
1248 if (offset_in_page(q) +
1249 template[i].tap[k] < PAGE_SIZE)
1250 q[template[i].tap[k]] = 0;
1253 temp += template[i].tap[k];
1256 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1257 template[i].len, iv);
1259 ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
1260 crypto_skcipher_decrypt(req), &wait);
1263 pr_err("alg: skcipher%s: %s failed on chunk test %d for %s: ret=%d\n",
1264 d, e, j, algo, -ret);
1270 for (k = 0; k < template[i].np; k++) {
1272 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1273 offset_in_page(IDX[k]);
1275 q = xbuf[IDX[k] >> PAGE_SHIFT] +
1276 offset_in_page(IDX[k]);
1278 if (memcmp(q, result + temp, template[i].tap[k])) {
1279 pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n",
1281 hexdump(q, template[i].tap[k]);
1285 q += template[i].tap[k];
1286 for (n = 0; offset_in_page(q + n) && q[n]; n++)
1289 pr_err("alg: skcipher%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
1290 d, j, e, k, algo, n);
1294 temp += template[i].tap[k];
1301 skcipher_request_free(req);
1303 testmgr_free_buf(xoutbuf);
1305 testmgr_free_buf(xbuf);
1310 static int test_skcipher(struct crypto_skcipher *tfm, int enc,
1311 const struct cipher_testvec *template,
1312 unsigned int tcount)
1314 unsigned int alignmask;
1317 /* test 'dst == src' case */
1318 ret = __test_skcipher(tfm, enc, template, tcount, false, 0);
1322 /* test 'dst != src' case */
1323 ret = __test_skcipher(tfm, enc, template, tcount, true, 0);
1327 /* test unaligned buffers, check with one byte offset */
1328 ret = __test_skcipher(tfm, enc, template, tcount, true, 1);
1332 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
1334 /* Check if alignment mask for tfm is correctly set. */
1335 ret = __test_skcipher(tfm, enc, template, tcount, true,
1344 static int test_comp(struct crypto_comp *tfm,
1345 const struct comp_testvec *ctemplate,
1346 const struct comp_testvec *dtemplate,
1347 int ctcount, int dtcount)
1349 const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm));
1350 char *output, *decomp_output;
1354 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1358 decomp_output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1359 if (!decomp_output) {
1364 for (i = 0; i < ctcount; i++) {
1366 unsigned int dlen = COMP_BUF_SIZE;
1368 memset(output, 0, sizeof(COMP_BUF_SIZE));
1369 memset(decomp_output, 0, sizeof(COMP_BUF_SIZE));
1371 ilen = ctemplate[i].inlen;
1372 ret = crypto_comp_compress(tfm, ctemplate[i].input,
1373 ilen, output, &dlen);
1375 printk(KERN_ERR "alg: comp: compression failed "
1376 "on test %d for %s: ret=%d\n", i + 1, algo,
1382 dlen = COMP_BUF_SIZE;
1383 ret = crypto_comp_decompress(tfm, output,
1384 ilen, decomp_output, &dlen);
1386 pr_err("alg: comp: compression failed: decompress: on test %d for %s failed: ret=%d\n",
1391 if (dlen != ctemplate[i].inlen) {
1392 printk(KERN_ERR "alg: comp: Compression test %d "
1393 "failed for %s: output len = %d\n", i + 1, algo,
1399 if (memcmp(decomp_output, ctemplate[i].input,
1400 ctemplate[i].inlen)) {
1401 pr_err("alg: comp: compression failed: output differs: on test %d for %s\n",
1403 hexdump(decomp_output, dlen);
1409 for (i = 0; i < dtcount; i++) {
1411 unsigned int dlen = COMP_BUF_SIZE;
1413 memset(decomp_output, 0, sizeof(COMP_BUF_SIZE));
1415 ilen = dtemplate[i].inlen;
1416 ret = crypto_comp_decompress(tfm, dtemplate[i].input,
1417 ilen, decomp_output, &dlen);
1419 printk(KERN_ERR "alg: comp: decompression failed "
1420 "on test %d for %s: ret=%d\n", i + 1, algo,
1425 if (dlen != dtemplate[i].outlen) {
1426 printk(KERN_ERR "alg: comp: Decompression test %d "
1427 "failed for %s: output len = %d\n", i + 1, algo,
1433 if (memcmp(decomp_output, dtemplate[i].output, dlen)) {
1434 printk(KERN_ERR "alg: comp: Decompression test %d "
1435 "failed for %s\n", i + 1, algo);
1436 hexdump(decomp_output, dlen);
1445 kfree(decomp_output);
1450 static int test_acomp(struct crypto_acomp *tfm,
1451 const struct comp_testvec *ctemplate,
1452 const struct comp_testvec *dtemplate,
1453 int ctcount, int dtcount)
1455 const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm));
1457 char *output, *decomp_out;
1459 struct scatterlist src, dst;
1460 struct acomp_req *req;
1461 struct crypto_wait wait;
1463 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1467 decomp_out = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1473 for (i = 0; i < ctcount; i++) {
1474 unsigned int dlen = COMP_BUF_SIZE;
1475 int ilen = ctemplate[i].inlen;
1478 input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL);
1484 memset(output, 0, dlen);
1485 crypto_init_wait(&wait);
1486 sg_init_one(&src, input_vec, ilen);
1487 sg_init_one(&dst, output, dlen);
1489 req = acomp_request_alloc(tfm);
1491 pr_err("alg: acomp: request alloc failed for %s\n",
1498 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1499 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1500 crypto_req_done, &wait);
1502 ret = crypto_wait_req(crypto_acomp_compress(req), &wait);
1504 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1507 acomp_request_free(req);
1512 dlen = COMP_BUF_SIZE;
1513 sg_init_one(&src, output, ilen);
1514 sg_init_one(&dst, decomp_out, dlen);
1515 crypto_init_wait(&wait);
1516 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1518 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait);
1520 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1523 acomp_request_free(req);
1527 if (req->dlen != ctemplate[i].inlen) {
1528 pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n",
1529 i + 1, algo, req->dlen);
1532 acomp_request_free(req);
1536 if (memcmp(input_vec, decomp_out, req->dlen)) {
1537 pr_err("alg: acomp: Compression test %d failed for %s\n",
1539 hexdump(output, req->dlen);
1542 acomp_request_free(req);
1547 acomp_request_free(req);
1550 for (i = 0; i < dtcount; i++) {
1551 unsigned int dlen = COMP_BUF_SIZE;
1552 int ilen = dtemplate[i].inlen;
1555 input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL);
1561 memset(output, 0, dlen);
1562 crypto_init_wait(&wait);
1563 sg_init_one(&src, input_vec, ilen);
1564 sg_init_one(&dst, output, dlen);
1566 req = acomp_request_alloc(tfm);
1568 pr_err("alg: acomp: request alloc failed for %s\n",
1575 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1576 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1577 crypto_req_done, &wait);
1579 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait);
1581 pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n",
1584 acomp_request_free(req);
1588 if (req->dlen != dtemplate[i].outlen) {
1589 pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n",
1590 i + 1, algo, req->dlen);
1593 acomp_request_free(req);
1597 if (memcmp(output, dtemplate[i].output, req->dlen)) {
1598 pr_err("alg: acomp: Decompression test %d failed for %s\n",
1600 hexdump(output, req->dlen);
1603 acomp_request_free(req);
1608 acomp_request_free(req);
1619 static int test_cprng(struct crypto_rng *tfm,
1620 const struct cprng_testvec *template,
1621 unsigned int tcount)
1623 const char *algo = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm));
1624 int err = 0, i, j, seedsize;
1628 seedsize = crypto_rng_seedsize(tfm);
1630 seed = kmalloc(seedsize, GFP_KERNEL);
1632 printk(KERN_ERR "alg: cprng: Failed to allocate seed space "
1637 for (i = 0; i < tcount; i++) {
1638 memset(result, 0, 32);
1640 memcpy(seed, template[i].v, template[i].vlen);
1641 memcpy(seed + template[i].vlen, template[i].key,
1643 memcpy(seed + template[i].vlen + template[i].klen,
1644 template[i].dt, template[i].dtlen);
1646 err = crypto_rng_reset(tfm, seed, seedsize);
1648 printk(KERN_ERR "alg: cprng: Failed to reset rng "
1653 for (j = 0; j < template[i].loops; j++) {
1654 err = crypto_rng_get_bytes(tfm, result,
1657 printk(KERN_ERR "alg: cprng: Failed to obtain "
1658 "the correct amount of random data for "
1659 "%s (requested %d)\n", algo,
1665 err = memcmp(result, template[i].result,
1668 printk(KERN_ERR "alg: cprng: Test %d failed for %s\n",
1670 hexdump(result, template[i].rlen);
1681 static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
1684 struct crypto_aead *tfm;
1687 tfm = crypto_alloc_aead(driver, type, mask);
1689 printk(KERN_ERR "alg: aead: Failed to load transform for %s: "
1690 "%ld\n", driver, PTR_ERR(tfm));
1691 return PTR_ERR(tfm);
1694 if (desc->suite.aead.enc.vecs) {
1695 err = test_aead(tfm, ENCRYPT, desc->suite.aead.enc.vecs,
1696 desc->suite.aead.enc.count);
1701 if (!err && desc->suite.aead.dec.vecs)
1702 err = test_aead(tfm, DECRYPT, desc->suite.aead.dec.vecs,
1703 desc->suite.aead.dec.count);
1706 crypto_free_aead(tfm);
1710 static int alg_test_cipher(const struct alg_test_desc *desc,
1711 const char *driver, u32 type, u32 mask)
1713 const struct cipher_test_suite *suite = &desc->suite.cipher;
1714 struct crypto_cipher *tfm;
1717 tfm = crypto_alloc_cipher(driver, type, mask);
1719 printk(KERN_ERR "alg: cipher: Failed to load transform for "
1720 "%s: %ld\n", driver, PTR_ERR(tfm));
1721 return PTR_ERR(tfm);
1724 err = test_cipher(tfm, ENCRYPT, suite->vecs, suite->count);
1726 err = test_cipher(tfm, DECRYPT, suite->vecs, suite->count);
1728 crypto_free_cipher(tfm);
1732 static int alg_test_skcipher(const struct alg_test_desc *desc,
1733 const char *driver, u32 type, u32 mask)
1735 const struct cipher_test_suite *suite = &desc->suite.cipher;
1736 struct crypto_skcipher *tfm;
1739 tfm = crypto_alloc_skcipher(driver, type, mask);
1741 printk(KERN_ERR "alg: skcipher: Failed to load transform for "
1742 "%s: %ld\n", driver, PTR_ERR(tfm));
1743 return PTR_ERR(tfm);
1746 err = test_skcipher(tfm, ENCRYPT, suite->vecs, suite->count);
1748 err = test_skcipher(tfm, DECRYPT, suite->vecs, suite->count);
1750 crypto_free_skcipher(tfm);
1754 static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
1757 struct crypto_comp *comp;
1758 struct crypto_acomp *acomp;
1760 u32 algo_type = type & CRYPTO_ALG_TYPE_ACOMPRESS_MASK;
1762 if (algo_type == CRYPTO_ALG_TYPE_ACOMPRESS) {
1763 acomp = crypto_alloc_acomp(driver, type, mask);
1764 if (IS_ERR(acomp)) {
1765 pr_err("alg: acomp: Failed to load transform for %s: %ld\n",
1766 driver, PTR_ERR(acomp));
1767 return PTR_ERR(acomp);
1769 err = test_acomp(acomp, desc->suite.comp.comp.vecs,
1770 desc->suite.comp.decomp.vecs,
1771 desc->suite.comp.comp.count,
1772 desc->suite.comp.decomp.count);
1773 crypto_free_acomp(acomp);
1775 comp = crypto_alloc_comp(driver, type, mask);
1777 pr_err("alg: comp: Failed to load transform for %s: %ld\n",
1778 driver, PTR_ERR(comp));
1779 return PTR_ERR(comp);
1782 err = test_comp(comp, desc->suite.comp.comp.vecs,
1783 desc->suite.comp.decomp.vecs,
1784 desc->suite.comp.comp.count,
1785 desc->suite.comp.decomp.count);
1787 crypto_free_comp(comp);
1792 static int __alg_test_hash(const struct hash_testvec *template,
1793 unsigned int tcount, const char *driver,
1796 struct crypto_ahash *tfm;
1799 tfm = crypto_alloc_ahash(driver, type, mask);
1801 printk(KERN_ERR "alg: hash: Failed to load transform for %s: "
1802 "%ld\n", driver, PTR_ERR(tfm));
1803 return PTR_ERR(tfm);
1806 err = test_hash(tfm, template, tcount, true);
1808 err = test_hash(tfm, template, tcount, false);
1809 crypto_free_ahash(tfm);
1813 static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
1816 const struct hash_testvec *template = desc->suite.hash.vecs;
1817 unsigned int tcount = desc->suite.hash.count;
1818 unsigned int nr_unkeyed, nr_keyed;
1822 * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests
1823 * first, before setting a key on the tfm. To make this easier, we
1824 * require that the unkeyed test vectors (if any) are listed first.
1827 for (nr_unkeyed = 0; nr_unkeyed < tcount; nr_unkeyed++) {
1828 if (template[nr_unkeyed].ksize)
1831 for (nr_keyed = 0; nr_unkeyed + nr_keyed < tcount; nr_keyed++) {
1832 if (!template[nr_unkeyed + nr_keyed].ksize) {
1833 pr_err("alg: hash: test vectors for %s out of order, "
1834 "unkeyed ones must come first\n", desc->alg);
1841 err = __alg_test_hash(template, nr_unkeyed, driver, type, mask);
1842 template += nr_unkeyed;
1845 if (!err && nr_keyed)
1846 err = __alg_test_hash(template, nr_keyed, driver, type, mask);
1851 static int alg_test_crc32c(const struct alg_test_desc *desc,
1852 const char *driver, u32 type, u32 mask)
1854 struct crypto_shash *tfm;
1858 err = alg_test_hash(desc, driver, type, mask);
1862 tfm = crypto_alloc_shash(driver, type, mask);
1864 printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: "
1865 "%ld\n", driver, PTR_ERR(tfm));
1871 SHASH_DESC_ON_STACK(shash, tfm);
1872 u32 *ctx = (u32 *)shash_desc_ctx(shash);
1877 *ctx = le32_to_cpu(420553207);
1878 err = crypto_shash_final(shash, (u8 *)&val);
1880 printk(KERN_ERR "alg: crc32c: Operation failed for "
1881 "%s: %d\n", driver, err);
1885 if (val != ~420553207) {
1886 printk(KERN_ERR "alg: crc32c: Test failed for %s: "
1887 "%d\n", driver, val);
1892 crypto_free_shash(tfm);
1898 static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver,
1901 struct crypto_rng *rng;
1904 rng = crypto_alloc_rng(driver, type, mask);
1906 printk(KERN_ERR "alg: cprng: Failed to load transform for %s: "
1907 "%ld\n", driver, PTR_ERR(rng));
1908 return PTR_ERR(rng);
1911 err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count);
1913 crypto_free_rng(rng);
1919 static int drbg_cavs_test(const struct drbg_testvec *test, int pr,
1920 const char *driver, u32 type, u32 mask)
1923 struct crypto_rng *drng;
1924 struct drbg_test_data test_data;
1925 struct drbg_string addtl, pers, testentropy;
1926 unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL);
1931 drng = crypto_alloc_rng(driver, type, mask);
1933 printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for "
1939 test_data.testentropy = &testentropy;
1940 drbg_string_fill(&testentropy, test->entropy, test->entropylen);
1941 drbg_string_fill(&pers, test->pers, test->perslen);
1942 ret = crypto_drbg_reset_test(drng, &pers, &test_data);
1944 printk(KERN_ERR "alg: drbg: Failed to reset rng\n");
1948 drbg_string_fill(&addtl, test->addtla, test->addtllen);
1950 drbg_string_fill(&testentropy, test->entpra, test->entprlen);
1951 ret = crypto_drbg_get_bytes_addtl_test(drng,
1952 buf, test->expectedlen, &addtl, &test_data);
1954 ret = crypto_drbg_get_bytes_addtl(drng,
1955 buf, test->expectedlen, &addtl);
1958 printk(KERN_ERR "alg: drbg: could not obtain random data for "
1959 "driver %s\n", driver);
1963 drbg_string_fill(&addtl, test->addtlb, test->addtllen);
1965 drbg_string_fill(&testentropy, test->entprb, test->entprlen);
1966 ret = crypto_drbg_get_bytes_addtl_test(drng,
1967 buf, test->expectedlen, &addtl, &test_data);
1969 ret = crypto_drbg_get_bytes_addtl(drng,
1970 buf, test->expectedlen, &addtl);
1973 printk(KERN_ERR "alg: drbg: could not obtain random data for "
1974 "driver %s\n", driver);
1978 ret = memcmp(test->expected, buf, test->expectedlen);
1981 crypto_free_rng(drng);
1987 static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver,
1993 const struct drbg_testvec *template = desc->suite.drbg.vecs;
1994 unsigned int tcount = desc->suite.drbg.count;
1996 if (0 == memcmp(driver, "drbg_pr_", 8))
1999 for (i = 0; i < tcount; i++) {
2000 err = drbg_cavs_test(&template[i], pr, driver, type, mask);
2002 printk(KERN_ERR "alg: drbg: Test %d failed for %s\n",
2012 static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,
2015 struct kpp_request *req;
2016 void *input_buf = NULL;
2017 void *output_buf = NULL;
2018 void *a_public = NULL;
2020 void *shared_secret = NULL;
2021 struct crypto_wait wait;
2022 unsigned int out_len_max;
2024 struct scatterlist src, dst;
2026 req = kpp_request_alloc(tfm, GFP_KERNEL);
2030 crypto_init_wait(&wait);
2032 err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size);
2036 out_len_max = crypto_kpp_maxsize(tfm);
2037 output_buf = kzalloc(out_len_max, GFP_KERNEL);
2043 /* Use appropriate parameter as base */
2044 kpp_request_set_input(req, NULL, 0);
2045 sg_init_one(&dst, output_buf, out_len_max);
2046 kpp_request_set_output(req, &dst, out_len_max);
2047 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2048 crypto_req_done, &wait);
2050 /* Compute party A's public key */
2051 err = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait);
2053 pr_err("alg: %s: Party A: generate public key test failed. err %d\n",
2059 /* Save party A's public key */
2060 a_public = kzalloc(out_len_max, GFP_KERNEL);
2065 memcpy(a_public, sg_virt(req->dst), out_len_max);
2067 /* Verify calculated public key */
2068 if (memcmp(vec->expected_a_public, sg_virt(req->dst),
2069 vec->expected_a_public_size)) {
2070 pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n",
2077 /* Calculate shared secret key by using counter part (b) public key. */
2078 input_buf = kzalloc(vec->b_public_size, GFP_KERNEL);
2084 memcpy(input_buf, vec->b_public, vec->b_public_size);
2085 sg_init_one(&src, input_buf, vec->b_public_size);
2086 sg_init_one(&dst, output_buf, out_len_max);
2087 kpp_request_set_input(req, &src, vec->b_public_size);
2088 kpp_request_set_output(req, &dst, out_len_max);
2089 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2090 crypto_req_done, &wait);
2091 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait);
2093 pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n",
2099 /* Save the shared secret obtained by party A */
2100 a_ss = kzalloc(vec->expected_ss_size, GFP_KERNEL);
2105 memcpy(a_ss, sg_virt(req->dst), vec->expected_ss_size);
2108 * Calculate party B's shared secret by using party A's
2111 err = crypto_kpp_set_secret(tfm, vec->b_secret,
2112 vec->b_secret_size);
2116 sg_init_one(&src, a_public, vec->expected_a_public_size);
2117 sg_init_one(&dst, output_buf, out_len_max);
2118 kpp_request_set_input(req, &src, vec->expected_a_public_size);
2119 kpp_request_set_output(req, &dst, out_len_max);
2120 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2121 crypto_req_done, &wait);
2122 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req),
2125 pr_err("alg: %s: Party B: compute shared secret failed. err %d\n",
2130 shared_secret = a_ss;
2132 shared_secret = (void *)vec->expected_ss;
2136 * verify shared secret from which the user will derive
2137 * secret key by executing whatever hash it has chosen
2139 if (memcmp(shared_secret, sg_virt(req->dst),
2140 vec->expected_ss_size)) {
2141 pr_err("alg: %s: compute shared secret test failed. Invalid output\n",
2153 kpp_request_free(req);
2157 static int test_kpp(struct crypto_kpp *tfm, const char *alg,
2158 const struct kpp_testvec *vecs, unsigned int tcount)
2162 for (i = 0; i < tcount; i++) {
2163 ret = do_test_kpp(tfm, vecs++, alg);
2165 pr_err("alg: %s: test failed on vector %d, err=%d\n",
2173 static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,
2176 struct crypto_kpp *tfm;
2179 tfm = crypto_alloc_kpp(driver, type, mask);
2181 pr_err("alg: kpp: Failed to load tfm for %s: %ld\n",
2182 driver, PTR_ERR(tfm));
2183 return PTR_ERR(tfm);
2185 if (desc->suite.kpp.vecs)
2186 err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs,
2187 desc->suite.kpp.count);
2189 crypto_free_kpp(tfm);
2193 static int test_akcipher_one(struct crypto_akcipher *tfm,
2194 const struct akcipher_testvec *vecs)
2196 char *xbuf[XBUFSIZE];
2197 struct akcipher_request *req;
2198 void *outbuf_enc = NULL;
2199 void *outbuf_dec = NULL;
2200 struct crypto_wait wait;
2201 unsigned int out_len_max, out_len = 0;
2203 struct scatterlist src, dst, src_tab[2];
2205 if (testmgr_alloc_buf(xbuf))
2208 req = akcipher_request_alloc(tfm, GFP_KERNEL);
2212 crypto_init_wait(&wait);
2214 if (vecs->public_key_vec)
2215 err = crypto_akcipher_set_pub_key(tfm, vecs->key,
2218 err = crypto_akcipher_set_priv_key(tfm, vecs->key,
2224 out_len_max = crypto_akcipher_maxsize(tfm);
2225 outbuf_enc = kzalloc(out_len_max, GFP_KERNEL);
2229 if (WARN_ON(vecs->m_size > PAGE_SIZE))
2232 memcpy(xbuf[0], vecs->m, vecs->m_size);
2234 sg_init_table(src_tab, 2);
2235 sg_set_buf(&src_tab[0], xbuf[0], 8);
2236 sg_set_buf(&src_tab[1], xbuf[0] + 8, vecs->m_size - 8);
2237 sg_init_one(&dst, outbuf_enc, out_len_max);
2238 akcipher_request_set_crypt(req, src_tab, &dst, vecs->m_size,
2240 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2241 crypto_req_done, &wait);
2243 err = crypto_wait_req(vecs->siggen_sigver_test ?
2244 /* Run asymmetric signature generation */
2245 crypto_akcipher_sign(req) :
2246 /* Run asymmetric encrypt */
2247 crypto_akcipher_encrypt(req), &wait);
2249 pr_err("alg: akcipher: encrypt test failed. err %d\n", err);
2252 if (req->dst_len != vecs->c_size) {
2253 pr_err("alg: akcipher: encrypt test failed. Invalid output len\n");
2257 /* verify that encrypted message is equal to expected */
2258 if (memcmp(vecs->c, outbuf_enc, vecs->c_size)) {
2259 pr_err("alg: akcipher: encrypt test failed. Invalid output\n");
2260 hexdump(outbuf_enc, vecs->c_size);
2264 /* Don't invoke decrypt for vectors with public key */
2265 if (vecs->public_key_vec) {
2269 outbuf_dec = kzalloc(out_len_max, GFP_KERNEL);
2275 if (WARN_ON(vecs->c_size > PAGE_SIZE))
2278 memcpy(xbuf[0], vecs->c, vecs->c_size);
2280 sg_init_one(&src, xbuf[0], vecs->c_size);
2281 sg_init_one(&dst, outbuf_dec, out_len_max);
2282 crypto_init_wait(&wait);
2283 akcipher_request_set_crypt(req, &src, &dst, vecs->c_size, out_len_max);
2285 err = crypto_wait_req(vecs->siggen_sigver_test ?
2286 /* Run asymmetric signature verification */
2287 crypto_akcipher_verify(req) :
2288 /* Run asymmetric decrypt */
2289 crypto_akcipher_decrypt(req), &wait);
2291 pr_err("alg: akcipher: decrypt test failed. err %d\n", err);
2294 out_len = req->dst_len;
2295 if (out_len < vecs->m_size) {
2296 pr_err("alg: akcipher: decrypt test failed. "
2297 "Invalid output len %u\n", out_len);
2301 /* verify that decrypted message is equal to the original msg */
2302 if (memchr_inv(outbuf_dec, 0, out_len - vecs->m_size) ||
2303 memcmp(vecs->m, outbuf_dec + out_len - vecs->m_size,
2305 pr_err("alg: akcipher: decrypt test failed. Invalid output\n");
2306 hexdump(outbuf_dec, out_len);
2313 akcipher_request_free(req);
2315 testmgr_free_buf(xbuf);
2319 static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,
2320 const struct akcipher_testvec *vecs,
2321 unsigned int tcount)
2324 crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm));
2327 for (i = 0; i < tcount; i++) {
2328 ret = test_akcipher_one(tfm, vecs++);
2332 pr_err("alg: akcipher: test %d failed for %s, err=%d\n",
2339 static int alg_test_akcipher(const struct alg_test_desc *desc,
2340 const char *driver, u32 type, u32 mask)
2342 struct crypto_akcipher *tfm;
2345 tfm = crypto_alloc_akcipher(driver, type, mask);
2347 pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n",
2348 driver, PTR_ERR(tfm));
2349 return PTR_ERR(tfm);
2351 if (desc->suite.akcipher.vecs)
2352 err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs,
2353 desc->suite.akcipher.count);
2355 crypto_free_akcipher(tfm);
2359 static int alg_test_null(const struct alg_test_desc *desc,
2360 const char *driver, u32 type, u32 mask)
2365 #define __VECS(tv) { .vecs = tv, .count = ARRAY_SIZE(tv) }
2367 /* Please keep this list sorted by algorithm name. */
2368 static const struct alg_test_desc alg_test_descs[] = {
2371 .test = alg_test_aead,
2374 .enc = __VECS(aegis128_enc_tv_template),
2375 .dec = __VECS(aegis128_dec_tv_template),
2380 .test = alg_test_aead,
2383 .enc = __VECS(aegis128l_enc_tv_template),
2384 .dec = __VECS(aegis128l_dec_tv_template),
2389 .test = alg_test_aead,
2392 .enc = __VECS(aegis256_enc_tv_template),
2393 .dec = __VECS(aegis256_dec_tv_template),
2397 .alg = "ansi_cprng",
2398 .test = alg_test_cprng,
2400 .cprng = __VECS(ansi_cprng_aes_tv_template)
2403 .alg = "authenc(hmac(md5),ecb(cipher_null))",
2404 .test = alg_test_aead,
2407 .enc = __VECS(hmac_md5_ecb_cipher_null_enc_tv_template),
2408 .dec = __VECS(hmac_md5_ecb_cipher_null_dec_tv_template)
2412 .alg = "authenc(hmac(sha1),cbc(aes))",
2413 .test = alg_test_aead,
2417 .enc = __VECS(hmac_sha1_aes_cbc_enc_tv_temp)
2421 .alg = "authenc(hmac(sha1),cbc(des))",
2422 .test = alg_test_aead,
2425 .enc = __VECS(hmac_sha1_des_cbc_enc_tv_temp)
2429 .alg = "authenc(hmac(sha1),cbc(des3_ede))",
2430 .test = alg_test_aead,
2434 .enc = __VECS(hmac_sha1_des3_ede_cbc_enc_tv_temp)
2438 .alg = "authenc(hmac(sha1),ctr(aes))",
2439 .test = alg_test_null,
2442 .alg = "authenc(hmac(sha1),ecb(cipher_null))",
2443 .test = alg_test_aead,
2446 .enc = __VECS(hmac_sha1_ecb_cipher_null_enc_tv_temp),
2447 .dec = __VECS(hmac_sha1_ecb_cipher_null_dec_tv_temp)
2451 .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
2452 .test = alg_test_null,
2455 .alg = "authenc(hmac(sha224),cbc(des))",
2456 .test = alg_test_aead,
2459 .enc = __VECS(hmac_sha224_des_cbc_enc_tv_temp)
2463 .alg = "authenc(hmac(sha224),cbc(des3_ede))",
2464 .test = alg_test_aead,
2468 .enc = __VECS(hmac_sha224_des3_ede_cbc_enc_tv_temp)
2472 .alg = "authenc(hmac(sha256),cbc(aes))",
2473 .test = alg_test_aead,
2477 .enc = __VECS(hmac_sha256_aes_cbc_enc_tv_temp)
2481 .alg = "authenc(hmac(sha256),cbc(des))",
2482 .test = alg_test_aead,
2485 .enc = __VECS(hmac_sha256_des_cbc_enc_tv_temp)
2489 .alg = "authenc(hmac(sha256),cbc(des3_ede))",
2490 .test = alg_test_aead,
2494 .enc = __VECS(hmac_sha256_des3_ede_cbc_enc_tv_temp)
2498 .alg = "authenc(hmac(sha256),ctr(aes))",
2499 .test = alg_test_null,
2502 .alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
2503 .test = alg_test_null,
2506 .alg = "authenc(hmac(sha384),cbc(des))",
2507 .test = alg_test_aead,
2510 .enc = __VECS(hmac_sha384_des_cbc_enc_tv_temp)
2514 .alg = "authenc(hmac(sha384),cbc(des3_ede))",
2515 .test = alg_test_aead,
2519 .enc = __VECS(hmac_sha384_des3_ede_cbc_enc_tv_temp)
2523 .alg = "authenc(hmac(sha384),ctr(aes))",
2524 .test = alg_test_null,
2527 .alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
2528 .test = alg_test_null,
2531 .alg = "authenc(hmac(sha512),cbc(aes))",
2533 .test = alg_test_aead,
2536 .enc = __VECS(hmac_sha512_aes_cbc_enc_tv_temp)
2540 .alg = "authenc(hmac(sha512),cbc(des))",
2541 .test = alg_test_aead,
2544 .enc = __VECS(hmac_sha512_des_cbc_enc_tv_temp)
2548 .alg = "authenc(hmac(sha512),cbc(des3_ede))",
2549 .test = alg_test_aead,
2553 .enc = __VECS(hmac_sha512_des3_ede_cbc_enc_tv_temp)
2557 .alg = "authenc(hmac(sha512),ctr(aes))",
2558 .test = alg_test_null,
2561 .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
2562 .test = alg_test_null,
2566 .test = alg_test_skcipher,
2569 .cipher = __VECS(aes_cbc_tv_template)
2572 .alg = "cbc(anubis)",
2573 .test = alg_test_skcipher,
2575 .cipher = __VECS(anubis_cbc_tv_template)
2578 .alg = "cbc(blowfish)",
2579 .test = alg_test_skcipher,
2581 .cipher = __VECS(bf_cbc_tv_template)
2584 .alg = "cbc(camellia)",
2585 .test = alg_test_skcipher,
2587 .cipher = __VECS(camellia_cbc_tv_template)
2590 .alg = "cbc(cast5)",
2591 .test = alg_test_skcipher,
2593 .cipher = __VECS(cast5_cbc_tv_template)
2596 .alg = "cbc(cast6)",
2597 .test = alg_test_skcipher,
2599 .cipher = __VECS(cast6_cbc_tv_template)
2603 .test = alg_test_skcipher,
2605 .cipher = __VECS(des_cbc_tv_template)
2608 .alg = "cbc(des3_ede)",
2609 .test = alg_test_skcipher,
2612 .cipher = __VECS(des3_ede_cbc_tv_template)
2615 /* Same as cbc(aes) except the key is stored in
2616 * hardware secure memory which we reference by index
2619 .test = alg_test_null,
2622 .alg = "cbc(serpent)",
2623 .test = alg_test_skcipher,
2625 .cipher = __VECS(serpent_cbc_tv_template)
2628 .alg = "cbc(twofish)",
2629 .test = alg_test_skcipher,
2631 .cipher = __VECS(tf_cbc_tv_template)
2634 .alg = "cbcmac(aes)",
2636 .test = alg_test_hash,
2638 .hash = __VECS(aes_cbcmac_tv_template)
2642 .test = alg_test_aead,
2646 .enc = __VECS(aes_ccm_enc_tv_template),
2647 .dec = __VECS(aes_ccm_dec_tv_template)
2652 .test = alg_test_skcipher,
2654 .cipher = __VECS(chacha20_tv_template)
2659 .test = alg_test_hash,
2661 .hash = __VECS(aes_cmac128_tv_template)
2664 .alg = "cmac(des3_ede)",
2666 .test = alg_test_hash,
2668 .hash = __VECS(des3_ede_cmac64_tv_template)
2671 .alg = "compress_null",
2672 .test = alg_test_null,
2675 .test = alg_test_hash,
2677 .hash = __VECS(crc32_tv_template)
2681 .test = alg_test_crc32c,
2684 .hash = __VECS(crc32c_tv_template)
2688 .test = alg_test_hash,
2691 .hash = __VECS(crct10dif_tv_template)
2695 .test = alg_test_skcipher,
2698 .cipher = __VECS(aes_ctr_tv_template)
2701 .alg = "ctr(blowfish)",
2702 .test = alg_test_skcipher,
2704 .cipher = __VECS(bf_ctr_tv_template)
2707 .alg = "ctr(camellia)",
2708 .test = alg_test_skcipher,
2710 .cipher = __VECS(camellia_ctr_tv_template)
2713 .alg = "ctr(cast5)",
2714 .test = alg_test_skcipher,
2716 .cipher = __VECS(cast5_ctr_tv_template)
2719 .alg = "ctr(cast6)",
2720 .test = alg_test_skcipher,
2722 .cipher = __VECS(cast6_ctr_tv_template)
2726 .test = alg_test_skcipher,
2728 .cipher = __VECS(des_ctr_tv_template)
2731 .alg = "ctr(des3_ede)",
2732 .test = alg_test_skcipher,
2735 .cipher = __VECS(des3_ede_ctr_tv_template)
2738 /* Same as ctr(aes) except the key is stored in
2739 * hardware secure memory which we reference by index
2742 .test = alg_test_null,
2745 .alg = "ctr(serpent)",
2746 .test = alg_test_skcipher,
2748 .cipher = __VECS(serpent_ctr_tv_template)
2751 .alg = "ctr(twofish)",
2752 .test = alg_test_skcipher,
2754 .cipher = __VECS(tf_ctr_tv_template)
2757 .alg = "cts(cbc(aes))",
2758 .test = alg_test_skcipher,
2760 .cipher = __VECS(cts_mode_tv_template)
2764 .test = alg_test_comp,
2768 .comp = __VECS(deflate_comp_tv_template),
2769 .decomp = __VECS(deflate_decomp_tv_template)
2774 .test = alg_test_kpp,
2777 .kpp = __VECS(dh_tv_template)
2780 .alg = "digest_null",
2781 .test = alg_test_null,
2783 .alg = "drbg_nopr_ctr_aes128",
2784 .test = alg_test_drbg,
2787 .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template)
2790 .alg = "drbg_nopr_ctr_aes192",
2791 .test = alg_test_drbg,
2794 .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template)
2797 .alg = "drbg_nopr_ctr_aes256",
2798 .test = alg_test_drbg,
2801 .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template)
2805 * There is no need to specifically test the DRBG with every
2806 * backend cipher -- covered by drbg_nopr_hmac_sha256 test
2808 .alg = "drbg_nopr_hmac_sha1",
2810 .test = alg_test_null,
2812 .alg = "drbg_nopr_hmac_sha256",
2813 .test = alg_test_drbg,
2816 .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template)
2819 /* covered by drbg_nopr_hmac_sha256 test */
2820 .alg = "drbg_nopr_hmac_sha384",
2822 .test = alg_test_null,
2824 .alg = "drbg_nopr_hmac_sha512",
2825 .test = alg_test_null,
2828 .alg = "drbg_nopr_sha1",
2830 .test = alg_test_null,
2832 .alg = "drbg_nopr_sha256",
2833 .test = alg_test_drbg,
2836 .drbg = __VECS(drbg_nopr_sha256_tv_template)
2839 /* covered by drbg_nopr_sha256 test */
2840 .alg = "drbg_nopr_sha384",
2842 .test = alg_test_null,
2844 .alg = "drbg_nopr_sha512",
2846 .test = alg_test_null,
2848 .alg = "drbg_pr_ctr_aes128",
2849 .test = alg_test_drbg,
2852 .drbg = __VECS(drbg_pr_ctr_aes128_tv_template)
2855 /* covered by drbg_pr_ctr_aes128 test */
2856 .alg = "drbg_pr_ctr_aes192",
2858 .test = alg_test_null,
2860 .alg = "drbg_pr_ctr_aes256",
2862 .test = alg_test_null,
2864 .alg = "drbg_pr_hmac_sha1",
2866 .test = alg_test_null,
2868 .alg = "drbg_pr_hmac_sha256",
2869 .test = alg_test_drbg,
2872 .drbg = __VECS(drbg_pr_hmac_sha256_tv_template)
2875 /* covered by drbg_pr_hmac_sha256 test */
2876 .alg = "drbg_pr_hmac_sha384",
2878 .test = alg_test_null,
2880 .alg = "drbg_pr_hmac_sha512",
2881 .test = alg_test_null,
2884 .alg = "drbg_pr_sha1",
2886 .test = alg_test_null,
2888 .alg = "drbg_pr_sha256",
2889 .test = alg_test_drbg,
2892 .drbg = __VECS(drbg_pr_sha256_tv_template)
2895 /* covered by drbg_pr_sha256 test */
2896 .alg = "drbg_pr_sha384",
2898 .test = alg_test_null,
2900 .alg = "drbg_pr_sha512",
2902 .test = alg_test_null,
2905 .test = alg_test_skcipher,
2908 .cipher = __VECS(aes_tv_template)
2911 .alg = "ecb(anubis)",
2912 .test = alg_test_skcipher,
2914 .cipher = __VECS(anubis_tv_template)
2918 .test = alg_test_skcipher,
2920 .cipher = __VECS(arc4_tv_template)
2923 .alg = "ecb(blowfish)",
2924 .test = alg_test_skcipher,
2926 .cipher = __VECS(bf_tv_template)
2929 .alg = "ecb(camellia)",
2930 .test = alg_test_skcipher,
2932 .cipher = __VECS(camellia_tv_template)
2935 .alg = "ecb(cast5)",
2936 .test = alg_test_skcipher,
2938 .cipher = __VECS(cast5_tv_template)
2941 .alg = "ecb(cast6)",
2942 .test = alg_test_skcipher,
2944 .cipher = __VECS(cast6_tv_template)
2947 .alg = "ecb(cipher_null)",
2948 .test = alg_test_null,
2952 .test = alg_test_skcipher,
2954 .cipher = __VECS(des_tv_template)
2957 .alg = "ecb(des3_ede)",
2958 .test = alg_test_skcipher,
2961 .cipher = __VECS(des3_ede_tv_template)
2964 .alg = "ecb(fcrypt)",
2965 .test = alg_test_skcipher,
2968 .vecs = fcrypt_pcbc_tv_template,
2973 .alg = "ecb(khazad)",
2974 .test = alg_test_skcipher,
2976 .cipher = __VECS(khazad_tv_template)
2979 /* Same as ecb(aes) except the key is stored in
2980 * hardware secure memory which we reference by index
2983 .test = alg_test_null,
2987 .test = alg_test_skcipher,
2989 .cipher = __VECS(seed_tv_template)
2992 .alg = "ecb(serpent)",
2993 .test = alg_test_skcipher,
2995 .cipher = __VECS(serpent_tv_template)
2999 .test = alg_test_skcipher,
3001 .cipher = __VECS(sm4_tv_template)
3004 .alg = "ecb(speck128)",
3005 .test = alg_test_skcipher,
3007 .cipher = __VECS(speck128_tv_template)
3010 .alg = "ecb(speck64)",
3011 .test = alg_test_skcipher,
3013 .cipher = __VECS(speck64_tv_template)
3017 .test = alg_test_skcipher,
3019 .cipher = __VECS(tea_tv_template)
3022 .alg = "ecb(tnepres)",
3023 .test = alg_test_skcipher,
3025 .cipher = __VECS(tnepres_tv_template)
3028 .alg = "ecb(twofish)",
3029 .test = alg_test_skcipher,
3031 .cipher = __VECS(tf_tv_template)
3035 .test = alg_test_skcipher,
3037 .cipher = __VECS(xeta_tv_template)
3041 .test = alg_test_skcipher,
3043 .cipher = __VECS(xtea_tv_template)
3047 .test = alg_test_kpp,
3050 .kpp = __VECS(ecdh_tv_template)
3054 .test = alg_test_aead,
3058 .enc = __VECS(aes_gcm_enc_tv_template),
3059 .dec = __VECS(aes_gcm_dec_tv_template)
3064 .test = alg_test_hash,
3067 .hash = __VECS(ghash_tv_template)
3071 .test = alg_test_hash,
3073 .hash = __VECS(hmac_md5_tv_template)
3076 .alg = "hmac(rmd128)",
3077 .test = alg_test_hash,
3079 .hash = __VECS(hmac_rmd128_tv_template)
3082 .alg = "hmac(rmd160)",
3083 .test = alg_test_hash,
3085 .hash = __VECS(hmac_rmd160_tv_template)
3088 .alg = "hmac(sha1)",
3089 .test = alg_test_hash,
3092 .hash = __VECS(hmac_sha1_tv_template)
3095 .alg = "hmac(sha224)",
3096 .test = alg_test_hash,
3099 .hash = __VECS(hmac_sha224_tv_template)
3102 .alg = "hmac(sha256)",
3103 .test = alg_test_hash,
3106 .hash = __VECS(hmac_sha256_tv_template)
3109 .alg = "hmac(sha3-224)",
3110 .test = alg_test_hash,
3113 .hash = __VECS(hmac_sha3_224_tv_template)
3116 .alg = "hmac(sha3-256)",
3117 .test = alg_test_hash,
3120 .hash = __VECS(hmac_sha3_256_tv_template)
3123 .alg = "hmac(sha3-384)",
3124 .test = alg_test_hash,
3127 .hash = __VECS(hmac_sha3_384_tv_template)
3130 .alg = "hmac(sha3-512)",
3131 .test = alg_test_hash,
3134 .hash = __VECS(hmac_sha3_512_tv_template)
3137 .alg = "hmac(sha384)",
3138 .test = alg_test_hash,
3141 .hash = __VECS(hmac_sha384_tv_template)
3144 .alg = "hmac(sha512)",
3145 .test = alg_test_hash,
3148 .hash = __VECS(hmac_sha512_tv_template)
3151 .alg = "jitterentropy_rng",
3153 .test = alg_test_null,
3156 .test = alg_test_skcipher,
3159 .cipher = __VECS(aes_kw_tv_template)
3163 .test = alg_test_skcipher,
3165 .cipher = __VECS(aes_lrw_tv_template)
3168 .alg = "lrw(camellia)",
3169 .test = alg_test_skcipher,
3171 .cipher = __VECS(camellia_lrw_tv_template)
3174 .alg = "lrw(cast6)",
3175 .test = alg_test_skcipher,
3177 .cipher = __VECS(cast6_lrw_tv_template)
3180 .alg = "lrw(serpent)",
3181 .test = alg_test_skcipher,
3183 .cipher = __VECS(serpent_lrw_tv_template)
3186 .alg = "lrw(twofish)",
3187 .test = alg_test_skcipher,
3189 .cipher = __VECS(tf_lrw_tv_template)
3193 .test = alg_test_comp,
3197 .comp = __VECS(lz4_comp_tv_template),
3198 .decomp = __VECS(lz4_decomp_tv_template)
3203 .test = alg_test_comp,
3207 .comp = __VECS(lz4hc_comp_tv_template),
3208 .decomp = __VECS(lz4hc_decomp_tv_template)
3213 .test = alg_test_comp,
3217 .comp = __VECS(lzo_comp_tv_template),
3218 .decomp = __VECS(lzo_decomp_tv_template)
3223 .test = alg_test_hash,
3225 .hash = __VECS(md4_tv_template)
3229 .test = alg_test_hash,
3231 .hash = __VECS(md5_tv_template)
3234 .alg = "michael_mic",
3235 .test = alg_test_hash,
3237 .hash = __VECS(michael_mic_tv_template)
3241 .test = alg_test_aead,
3244 .enc = __VECS(morus1280_enc_tv_template),
3245 .dec = __VECS(morus1280_dec_tv_template),
3250 .test = alg_test_aead,
3253 .enc = __VECS(morus640_enc_tv_template),
3254 .dec = __VECS(morus640_dec_tv_template),
3259 .test = alg_test_skcipher,
3262 .cipher = __VECS(aes_ofb_tv_template)
3265 /* Same as ofb(aes) except the key is stored in
3266 * hardware secure memory which we reference by index
3269 .test = alg_test_null,
3272 .alg = "pcbc(fcrypt)",
3273 .test = alg_test_skcipher,
3275 .cipher = __VECS(fcrypt_pcbc_tv_template)
3278 .alg = "pkcs1pad(rsa,sha224)",
3279 .test = alg_test_null,
3282 .alg = "pkcs1pad(rsa,sha256)",
3283 .test = alg_test_akcipher,
3286 .akcipher = __VECS(pkcs1pad_rsa_tv_template)
3289 .alg = "pkcs1pad(rsa,sha384)",
3290 .test = alg_test_null,
3293 .alg = "pkcs1pad(rsa,sha512)",
3294 .test = alg_test_null,
3298 .test = alg_test_hash,
3300 .hash = __VECS(poly1305_tv_template)
3303 .alg = "rfc3686(ctr(aes))",
3304 .test = alg_test_skcipher,
3307 .cipher = __VECS(aes_ctr_rfc3686_tv_template)
3310 .alg = "rfc4106(gcm(aes))",
3311 .test = alg_test_aead,
3315 .enc = __VECS(aes_gcm_rfc4106_enc_tv_template),
3316 .dec = __VECS(aes_gcm_rfc4106_dec_tv_template)
3320 .alg = "rfc4309(ccm(aes))",
3321 .test = alg_test_aead,
3325 .enc = __VECS(aes_ccm_rfc4309_enc_tv_template),
3326 .dec = __VECS(aes_ccm_rfc4309_dec_tv_template)
3330 .alg = "rfc4543(gcm(aes))",
3331 .test = alg_test_aead,
3334 .enc = __VECS(aes_gcm_rfc4543_enc_tv_template),
3335 .dec = __VECS(aes_gcm_rfc4543_dec_tv_template),
3339 .alg = "rfc7539(chacha20,poly1305)",
3340 .test = alg_test_aead,
3343 .enc = __VECS(rfc7539_enc_tv_template),
3344 .dec = __VECS(rfc7539_dec_tv_template),
3348 .alg = "rfc7539esp(chacha20,poly1305)",
3349 .test = alg_test_aead,
3352 .enc = __VECS(rfc7539esp_enc_tv_template),
3353 .dec = __VECS(rfc7539esp_dec_tv_template),
3358 .test = alg_test_hash,
3360 .hash = __VECS(rmd128_tv_template)
3364 .test = alg_test_hash,
3366 .hash = __VECS(rmd160_tv_template)
3370 .test = alg_test_hash,
3372 .hash = __VECS(rmd256_tv_template)
3376 .test = alg_test_hash,
3378 .hash = __VECS(rmd320_tv_template)
3382 .test = alg_test_akcipher,
3385 .akcipher = __VECS(rsa_tv_template)
3389 .test = alg_test_skcipher,
3391 .cipher = __VECS(salsa20_stream_tv_template)
3395 .test = alg_test_hash,
3398 .hash = __VECS(sha1_tv_template)
3402 .test = alg_test_hash,
3405 .hash = __VECS(sha224_tv_template)
3409 .test = alg_test_hash,
3412 .hash = __VECS(sha256_tv_template)
3416 .test = alg_test_hash,
3419 .hash = __VECS(sha3_224_tv_template)
3423 .test = alg_test_hash,
3426 .hash = __VECS(sha3_256_tv_template)
3430 .test = alg_test_hash,
3433 .hash = __VECS(sha3_384_tv_template)
3437 .test = alg_test_hash,
3440 .hash = __VECS(sha3_512_tv_template)
3444 .test = alg_test_hash,
3447 .hash = __VECS(sha384_tv_template)
3451 .test = alg_test_hash,
3454 .hash = __VECS(sha512_tv_template)
3458 .test = alg_test_hash,
3460 .hash = __VECS(sm3_tv_template)
3464 .test = alg_test_hash,
3466 .hash = __VECS(tgr128_tv_template)
3470 .test = alg_test_hash,
3472 .hash = __VECS(tgr160_tv_template)
3476 .test = alg_test_hash,
3478 .hash = __VECS(tgr192_tv_template)
3482 .test = alg_test_hash,
3484 .hash = __VECS(aes_vmac128_tv_template)
3488 .test = alg_test_hash,
3490 .hash = __VECS(wp256_tv_template)
3494 .test = alg_test_hash,
3496 .hash = __VECS(wp384_tv_template)
3500 .test = alg_test_hash,
3502 .hash = __VECS(wp512_tv_template)
3506 .test = alg_test_hash,
3508 .hash = __VECS(aes_xcbc128_tv_template)
3512 .test = alg_test_skcipher,
3515 .cipher = __VECS(aes_xts_tv_template)
3518 .alg = "xts(camellia)",
3519 .test = alg_test_skcipher,
3521 .cipher = __VECS(camellia_xts_tv_template)
3524 .alg = "xts(cast6)",
3525 .test = alg_test_skcipher,
3527 .cipher = __VECS(cast6_xts_tv_template)
3530 /* Same as xts(aes) except the key is stored in
3531 * hardware secure memory which we reference by index
3534 .test = alg_test_null,
3537 .alg = "xts(serpent)",
3538 .test = alg_test_skcipher,
3540 .cipher = __VECS(serpent_xts_tv_template)
3543 .alg = "xts(speck128)",
3544 .test = alg_test_skcipher,
3546 .cipher = __VECS(speck128_xts_tv_template)
3549 .alg = "xts(speck64)",
3550 .test = alg_test_skcipher,
3552 .cipher = __VECS(speck64_xts_tv_template)
3555 .alg = "xts(twofish)",
3556 .test = alg_test_skcipher,
3558 .cipher = __VECS(tf_xts_tv_template)
3561 .alg = "xts4096(paes)",
3562 .test = alg_test_null,
3565 .alg = "xts512(paes)",
3566 .test = alg_test_null,
3569 .alg = "zlib-deflate",
3570 .test = alg_test_comp,
3574 .comp = __VECS(zlib_deflate_comp_tv_template),
3575 .decomp = __VECS(zlib_deflate_decomp_tv_template)
3580 .test = alg_test_comp,
3584 .comp = __VECS(zstd_comp_tv_template),
3585 .decomp = __VECS(zstd_decomp_tv_template)
3591 static bool alg_test_descs_checked;
3593 static void alg_test_descs_check_order(void)
3597 /* only check once */
3598 if (alg_test_descs_checked)
3601 alg_test_descs_checked = true;
3603 for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) {
3604 int diff = strcmp(alg_test_descs[i - 1].alg,
3605 alg_test_descs[i].alg);
3607 if (WARN_ON(diff > 0)) {
3608 pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n",
3609 alg_test_descs[i - 1].alg,
3610 alg_test_descs[i].alg);
3613 if (WARN_ON(diff == 0)) {
3614 pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n",
3615 alg_test_descs[i].alg);
3620 static int alg_find_test(const char *alg)
3623 int end = ARRAY_SIZE(alg_test_descs);
3625 while (start < end) {
3626 int i = (start + end) / 2;
3627 int diff = strcmp(alg_test_descs[i].alg, alg);
3645 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
3651 if (!fips_enabled && notests) {
3652 printk_once(KERN_INFO "alg: self-tests disabled\n");
3656 alg_test_descs_check_order();
3658 if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
3659 char nalg[CRYPTO_MAX_ALG_NAME];
3661 if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >=
3663 return -ENAMETOOLONG;
3665 i = alg_find_test(nalg);
3669 if (fips_enabled && !alg_test_descs[i].fips_allowed)
3672 rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
3676 i = alg_find_test(alg);
3677 j = alg_find_test(driver);
3681 if (fips_enabled && ((i >= 0 && !alg_test_descs[i].fips_allowed) ||
3682 (j >= 0 && !alg_test_descs[j].fips_allowed)))
3687 rc |= alg_test_descs[i].test(alg_test_descs + i, driver,
3689 if (j >= 0 && j != i)
3690 rc |= alg_test_descs[j].test(alg_test_descs + j, driver,
3694 if (fips_enabled && rc)
3695 panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
3697 if (fips_enabled && !rc)
3698 pr_info("alg: self-tests for %s (%s) passed\n", driver, alg);
3703 printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
3709 #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */
3711 EXPORT_SYMBOL_GPL(alg_test);
projects / linux-2.6-block.git / blob