Commit | Line | Data |
---|---|---|
2874c5fd | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
da7f033d HX |
2 | /* |
3 | * Algorithm testing framework and tests. | |
4 | * | |
5 | * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> | |
6 | * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org> | |
7 | * Copyright (c) 2007 Nokia Siemens Networks | |
8 | * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au> | |
3f47a03d | 9 | * Copyright (c) 2019 Google LLC |
da7f033d | 10 | * |
69435b94 AH |
11 | * Updated RFC4106 AES-GCM testing. |
12 | * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com) | |
13 | * Adrian Hoban <adrian.hoban@intel.com> | |
14 | * Gabriele Paoloni <gabriele.paoloni@intel.com> | |
15 | * Tadeusz Struk (tadeusz.struk@intel.com) | |
16 | * Copyright (c) 2010, Intel Corporation. | |
da7f033d HX |
17 | */ |
18 | ||
1ce33115 | 19 | #include <crypto/aead.h> |
da7f033d | 20 | #include <crypto/hash.h> |
12773d93 | 21 | #include <crypto/skcipher.h> |
da7f033d | 22 | #include <linux/err.h> |
1c41b882 | 23 | #include <linux/fips.h> |
da7f033d | 24 | #include <linux/module.h> |
3f47a03d | 25 | #include <linux/once.h> |
25f9dddb | 26 | #include <linux/random.h> |
da7f033d HX |
27 | #include <linux/scatterlist.h> |
28 | #include <linux/slab.h> | |
29 | #include <linux/string.h> | |
0c3dc787 | 30 | #include <linux/uio.h> |
7647d6ce | 31 | #include <crypto/rng.h> |
64d1cdfb | 32 | #include <crypto/drbg.h> |
946cc463 | 33 | #include <crypto/akcipher.h> |
802c7f1c | 34 | #include <crypto/kpp.h> |
d7db7a88 | 35 | #include <crypto/acompress.h> |
0eb76ba2 | 36 | #include <crypto/internal/cipher.h> |
b55e1a39 | 37 | #include <crypto/internal/simd.h> |
da7f033d HX |
38 | |
39 | #include "internal.h" | |
0b767f96 | 40 | |
0eb76ba2 AB |
41 | MODULE_IMPORT_NS(CRYPTO_INTERNAL); |
42 | ||
9e5c9fe4 RJ |
43 | static bool notests; |
44 | module_param(notests, bool, 0644); | |
45 | MODULE_PARM_DESC(notests, "disable crypto self-tests"); | |
46 | ||
eda69b0c EB |
47 | static bool panic_on_fail; |
48 | module_param(panic_on_fail, bool, 0444); | |
49 | ||
5b2706a4 EB |
50 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS |
51 | static bool noextratests; | |
52 | module_param(noextratests, bool, 0644); | |
53 | MODULE_PARM_DESC(noextratests, "disable expensive crypto self-tests"); | |
54 | ||
55 | static unsigned int fuzz_iterations = 100; | |
56 | module_param(fuzz_iterations, uint, 0644); | |
57 | MODULE_PARM_DESC(fuzz_iterations, "number of fuzz test iterations"); | |
58 | #endif | |
59 | ||
326a6346 | 60 | #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS |
0b767f96 AS |
61 | |
62 | /* a perfect nop */ | |
63 | int alg_test(const char *driver, const char *alg, u32 type, u32 mask) | |
64 | { | |
65 | return 0; | |
66 | } | |
67 | ||
68 | #else | |
69 | ||
da7f033d HX |
70 | #include "testmgr.h" |
71 | ||
72 | /* | |
73 | * Need slab memory for testing (size in number of pages). | |
74 | */ | |
75 | #define XBUFSIZE 8 | |
76 | ||
da7f033d HX |
77 | /* |
78 | * Used by test_cipher() | |
79 | */ | |
80 | #define ENCRYPT 1 | |
81 | #define DECRYPT 0 | |
82 | ||
da7f033d | 83 | struct aead_test_suite { |
a0d608ee EB |
84 | const struct aead_testvec *vecs; |
85 | unsigned int count; | |
49763fc6 EB |
86 | |
87 | /* | |
88 | * Set if trying to decrypt an inauthentic ciphertext with this | |
89 | * algorithm might result in EINVAL rather than EBADMSG, due to other | |
90 | * validation the algorithm does on the inputs such as length checks. | |
91 | */ | |
92 | unsigned int einval_allowed : 1; | |
93 | ||
94 | /* | |
6f3a06d9 EB |
95 | * Set if this algorithm requires that the IV be located at the end of |
96 | * the AAD buffer, in addition to being given in the normal way. The | |
97 | * behavior when the two IV copies differ is implementation-defined. | |
49763fc6 | 98 | */ |
6f3a06d9 | 99 | unsigned int aad_iv : 1; |
da7f033d HX |
100 | }; |
101 | ||
102 | struct cipher_test_suite { | |
92a4c9fe EB |
103 | const struct cipher_testvec *vecs; |
104 | unsigned int count; | |
da7f033d HX |
105 | }; |
106 | ||
107 | struct comp_test_suite { | |
108 | struct { | |
b13b1e0c | 109 | const struct comp_testvec *vecs; |
da7f033d HX |
110 | unsigned int count; |
111 | } comp, decomp; | |
112 | }; | |
113 | ||
114 | struct hash_test_suite { | |
b13b1e0c | 115 | const struct hash_testvec *vecs; |
da7f033d HX |
116 | unsigned int count; |
117 | }; | |
118 | ||
7647d6ce | 119 | struct cprng_test_suite { |
b13b1e0c | 120 | const struct cprng_testvec *vecs; |
7647d6ce JW |
121 | unsigned int count; |
122 | }; | |
123 | ||
64d1cdfb | 124 | struct drbg_test_suite { |
b13b1e0c | 125 | const struct drbg_testvec *vecs; |
64d1cdfb SM |
126 | unsigned int count; |
127 | }; | |
128 | ||
946cc463 | 129 | struct akcipher_test_suite { |
b13b1e0c | 130 | const struct akcipher_testvec *vecs; |
946cc463 TS |
131 | unsigned int count; |
132 | }; | |
133 | ||
802c7f1c | 134 | struct kpp_test_suite { |
b13b1e0c | 135 | const struct kpp_testvec *vecs; |
802c7f1c SB |
136 | unsigned int count; |
137 | }; | |
138 | ||
da7f033d HX |
139 | struct alg_test_desc { |
140 | const char *alg; | |
f2bb770a | 141 | const char *generic_driver; |
da7f033d HX |
142 | int (*test)(const struct alg_test_desc *desc, const char *driver, |
143 | u32 type, u32 mask); | |
a1915d51 | 144 | int fips_allowed; /* set if alg is allowed in fips mode */ |
da7f033d HX |
145 | |
146 | union { | |
147 | struct aead_test_suite aead; | |
148 | struct cipher_test_suite cipher; | |
149 | struct comp_test_suite comp; | |
150 | struct hash_test_suite hash; | |
7647d6ce | 151 | struct cprng_test_suite cprng; |
64d1cdfb | 152 | struct drbg_test_suite drbg; |
946cc463 | 153 | struct akcipher_test_suite akcipher; |
802c7f1c | 154 | struct kpp_test_suite kpp; |
da7f033d HX |
155 | } suite; |
156 | }; | |
157 | ||
da7f033d HX |
158 | static void hexdump(unsigned char *buf, unsigned int len) |
159 | { | |
160 | print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET, | |
161 | 16, 1, | |
162 | buf, len, false); | |
163 | } | |
164 | ||
3f47a03d | 165 | static int __testmgr_alloc_buf(char *buf[XBUFSIZE], int order) |
f8b0d4d0 HX |
166 | { |
167 | int i; | |
168 | ||
169 | for (i = 0; i < XBUFSIZE; i++) { | |
3f47a03d | 170 | buf[i] = (char *)__get_free_pages(GFP_KERNEL, order); |
f8b0d4d0 HX |
171 | if (!buf[i]) |
172 | goto err_free_buf; | |
173 | } | |
174 | ||
175 | return 0; | |
176 | ||
177 | err_free_buf: | |
178 | while (i-- > 0) | |
3f47a03d | 179 | free_pages((unsigned long)buf[i], order); |
f8b0d4d0 HX |
180 | |
181 | return -ENOMEM; | |
182 | } | |
183 | ||
3f47a03d EB |
184 | static int testmgr_alloc_buf(char *buf[XBUFSIZE]) |
185 | { | |
186 | return __testmgr_alloc_buf(buf, 0); | |
187 | } | |
188 | ||
189 | static void __testmgr_free_buf(char *buf[XBUFSIZE], int order) | |
f8b0d4d0 HX |
190 | { |
191 | int i; | |
192 | ||
193 | for (i = 0; i < XBUFSIZE; i++) | |
3f47a03d EB |
194 | free_pages((unsigned long)buf[i], order); |
195 | } | |
196 | ||
197 | static void testmgr_free_buf(char *buf[XBUFSIZE]) | |
198 | { | |
199 | __testmgr_free_buf(buf, 0); | |
200 | } | |
201 | ||
202 | #define TESTMGR_POISON_BYTE 0xfe | |
203 | #define TESTMGR_POISON_LEN 16 | |
204 | ||
205 | static inline void testmgr_poison(void *addr, size_t len) | |
206 | { | |
207 | memset(addr, TESTMGR_POISON_BYTE, len); | |
208 | } | |
209 | ||
210 | /* Is the memory region still fully poisoned? */ | |
211 | static inline bool testmgr_is_poison(const void *addr, size_t len) | |
212 | { | |
213 | return memchr_inv(addr, TESTMGR_POISON_BYTE, len) == NULL; | |
214 | } | |
215 | ||
216 | /* flush type for hash algorithms */ | |
217 | enum flush_type { | |
218 | /* merge with update of previous buffer(s) */ | |
219 | FLUSH_TYPE_NONE = 0, | |
220 | ||
221 | /* update with previous buffer(s) before doing this one */ | |
222 | FLUSH_TYPE_FLUSH, | |
223 | ||
224 | /* likewise, but also export and re-import the intermediate state */ | |
225 | FLUSH_TYPE_REIMPORT, | |
226 | }; | |
227 | ||
228 | /* finalization function for hash algorithms */ | |
229 | enum finalization_type { | |
230 | FINALIZATION_TYPE_FINAL, /* use final() */ | |
231 | FINALIZATION_TYPE_FINUP, /* use finup() */ | |
232 | FINALIZATION_TYPE_DIGEST, /* use digest() */ | |
233 | }; | |
234 | ||
f17f9e90 EB |
235 | /* |
236 | * Whether the crypto operation will occur in-place, and if so whether the | |
237 | * source and destination scatterlist pointers will coincide (req->src == | |
238 | * req->dst), or whether they'll merely point to two separate scatterlists | |
239 | * (req->src != req->dst) that reference the same underlying memory. | |
240 | * | |
241 | * This is only relevant for algorithm types that support in-place operation. | |
242 | */ | |
243 | enum inplace_mode { | |
244 | OUT_OF_PLACE, | |
245 | INPLACE_ONE_SGLIST, | |
246 | INPLACE_TWO_SGLISTS, | |
247 | }; | |
248 | ||
3f47a03d EB |
249 | #define TEST_SG_TOTAL 10000 |
250 | ||
251 | /** | |
252 | * struct test_sg_division - description of a scatterlist entry | |
253 | * | |
254 | * This struct describes one entry of a scatterlist being constructed to check a | |
255 | * crypto test vector. | |
256 | * | |
257 | * @proportion_of_total: length of this chunk relative to the total length, | |
258 | * given as a proportion out of TEST_SG_TOTAL so that it | |
259 | * scales to fit any test vector | |
260 | * @offset: byte offset into a 2-page buffer at which this chunk will start | |
261 | * @offset_relative_to_alignmask: if true, add the algorithm's alignmask to the | |
262 | * @offset | |
263 | * @flush_type: for hashes, whether an update() should be done now vs. | |
264 | * continuing to accumulate data | |
6570737c | 265 | * @nosimd: if doing the pending update(), do it with SIMD disabled? |
3f47a03d EB |
266 | */ |
267 | struct test_sg_division { | |
268 | unsigned int proportion_of_total; | |
269 | unsigned int offset; | |
270 | bool offset_relative_to_alignmask; | |
271 | enum flush_type flush_type; | |
6570737c | 272 | bool nosimd; |
3f47a03d EB |
273 | }; |
274 | ||
275 | /** | |
276 | * struct testvec_config - configuration for testing a crypto test vector | |
277 | * | |
278 | * This struct describes the data layout and other parameters with which each | |
279 | * crypto test vector can be tested. | |
280 | * | |
281 | * @name: name of this config, logged for debugging purposes if a test fails | |
f17f9e90 | 282 | * @inplace_mode: whether and how to operate on the data in-place, if applicable |
3f47a03d EB |
283 | * @req_flags: extra request_flags, e.g. CRYPTO_TFM_REQ_MAY_SLEEP |
284 | * @src_divs: description of how to arrange the source scatterlist | |
285 | * @dst_divs: description of how to arrange the dst scatterlist, if applicable | |
286 | * for the algorithm type. Defaults to @src_divs if unset. | |
287 | * @iv_offset: misalignment of the IV in the range [0..MAX_ALGAPI_ALIGNMASK+1], | |
288 | * where 0 is aligned to a 2*(MAX_ALGAPI_ALIGNMASK+1) byte boundary | |
289 | * @iv_offset_relative_to_alignmask: if true, add the algorithm's alignmask to | |
290 | * the @iv_offset | |
fd8c37c7 EB |
291 | * @key_offset: misalignment of the key, where 0 is default alignment |
292 | * @key_offset_relative_to_alignmask: if true, add the algorithm's alignmask to | |
293 | * the @key_offset | |
3f47a03d | 294 | * @finalization_type: what finalization function to use for hashes |
6570737c | 295 | * @nosimd: execute with SIMD disabled? Requires !CRYPTO_TFM_REQ_MAY_SLEEP. |
fa501bf2 EB |
296 | * This applies to the parts of the operation that aren't controlled |
297 | * individually by @nosimd_setkey or @src_divs[].nosimd. | |
298 | * @nosimd_setkey: set the key (if applicable) with SIMD disabled? Requires | |
299 | * !CRYPTO_TFM_REQ_MAY_SLEEP. | |
3f47a03d EB |
300 | */ |
301 | struct testvec_config { | |
302 | const char *name; | |
f17f9e90 | 303 | enum inplace_mode inplace_mode; |
3f47a03d EB |
304 | u32 req_flags; |
305 | struct test_sg_division src_divs[XBUFSIZE]; | |
306 | struct test_sg_division dst_divs[XBUFSIZE]; | |
307 | unsigned int iv_offset; | |
fd8c37c7 | 308 | unsigned int key_offset; |
3f47a03d | 309 | bool iv_offset_relative_to_alignmask; |
fd8c37c7 | 310 | bool key_offset_relative_to_alignmask; |
3f47a03d | 311 | enum finalization_type finalization_type; |
6570737c | 312 | bool nosimd; |
fa501bf2 | 313 | bool nosimd_setkey; |
3f47a03d EB |
314 | }; |
315 | ||
316 | #define TESTVEC_CONFIG_NAMELEN 192 | |
317 | ||
4e7babba EB |
318 | /* |
319 | * The following are the lists of testvec_configs to test for each algorithm | |
320 | * type when the basic crypto self-tests are enabled, i.e. when | |
321 | * CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is unset. They aim to provide good test | |
322 | * coverage, while keeping the test time much shorter than the full fuzz tests | |
323 | * so that the basic tests can be enabled in a wider range of circumstances. | |
324 | */ | |
325 | ||
326 | /* Configs for skciphers and aeads */ | |
327 | static const struct testvec_config default_cipher_testvec_configs[] = { | |
328 | { | |
f17f9e90 EB |
329 | .name = "in-place (one sglist)", |
330 | .inplace_mode = INPLACE_ONE_SGLIST, | |
331 | .src_divs = { { .proportion_of_total = 10000 } }, | |
332 | }, { | |
333 | .name = "in-place (two sglists)", | |
334 | .inplace_mode = INPLACE_TWO_SGLISTS, | |
4e7babba EB |
335 | .src_divs = { { .proportion_of_total = 10000 } }, |
336 | }, { | |
337 | .name = "out-of-place", | |
f17f9e90 | 338 | .inplace_mode = OUT_OF_PLACE, |
4e7babba EB |
339 | .src_divs = { { .proportion_of_total = 10000 } }, |
340 | }, { | |
341 | .name = "unaligned buffer, offset=1", | |
342 | .src_divs = { { .proportion_of_total = 10000, .offset = 1 } }, | |
343 | .iv_offset = 1, | |
fd8c37c7 | 344 | .key_offset = 1, |
4e7babba EB |
345 | }, { |
346 | .name = "buffer aligned only to alignmask", | |
347 | .src_divs = { | |
348 | { | |
349 | .proportion_of_total = 10000, | |
350 | .offset = 1, | |
351 | .offset_relative_to_alignmask = true, | |
352 | }, | |
353 | }, | |
354 | .iv_offset = 1, | |
355 | .iv_offset_relative_to_alignmask = true, | |
fd8c37c7 EB |
356 | .key_offset = 1, |
357 | .key_offset_relative_to_alignmask = true, | |
4e7babba EB |
358 | }, { |
359 | .name = "two even aligned splits", | |
360 | .src_divs = { | |
361 | { .proportion_of_total = 5000 }, | |
362 | { .proportion_of_total = 5000 }, | |
363 | }, | |
acd4045d ZY |
364 | }, { |
365 | .name = "one src, two even splits dst", | |
366 | .inplace_mode = OUT_OF_PLACE, | |
367 | .src_divs = { { .proportion_of_total = 10000 } }, | |
368 | .dst_divs = { | |
369 | { .proportion_of_total = 5000 }, | |
370 | { .proportion_of_total = 5000 }, | |
371 | }, | |
4e7babba EB |
372 | }, { |
373 | .name = "uneven misaligned splits, may sleep", | |
374 | .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP, | |
375 | .src_divs = { | |
376 | { .proportion_of_total = 1900, .offset = 33 }, | |
377 | { .proportion_of_total = 3300, .offset = 7 }, | |
378 | { .proportion_of_total = 4800, .offset = 18 }, | |
379 | }, | |
380 | .iv_offset = 3, | |
fd8c37c7 | 381 | .key_offset = 3, |
4e7babba EB |
382 | }, { |
383 | .name = "misaligned splits crossing pages, inplace", | |
f17f9e90 | 384 | .inplace_mode = INPLACE_ONE_SGLIST, |
4e7babba EB |
385 | .src_divs = { |
386 | { | |
387 | .proportion_of_total = 7500, | |
388 | .offset = PAGE_SIZE - 32 | |
389 | }, { | |
390 | .proportion_of_total = 2500, | |
391 | .offset = PAGE_SIZE - 7 | |
392 | }, | |
393 | }, | |
394 | } | |
395 | }; | |
396 | ||
4cc2dcf9 EB |
397 | static const struct testvec_config default_hash_testvec_configs[] = { |
398 | { | |
399 | .name = "init+update+final aligned buffer", | |
400 | .src_divs = { { .proportion_of_total = 10000 } }, | |
401 | .finalization_type = FINALIZATION_TYPE_FINAL, | |
402 | }, { | |
403 | .name = "init+finup aligned buffer", | |
404 | .src_divs = { { .proportion_of_total = 10000 } }, | |
405 | .finalization_type = FINALIZATION_TYPE_FINUP, | |
406 | }, { | |
407 | .name = "digest aligned buffer", | |
408 | .src_divs = { { .proportion_of_total = 10000 } }, | |
409 | .finalization_type = FINALIZATION_TYPE_DIGEST, | |
410 | }, { | |
411 | .name = "init+update+final misaligned buffer", | |
412 | .src_divs = { { .proportion_of_total = 10000, .offset = 1 } }, | |
413 | .finalization_type = FINALIZATION_TYPE_FINAL, | |
fd8c37c7 | 414 | .key_offset = 1, |
4cc2dcf9 | 415 | }, { |
93f367a9 | 416 | .name = "digest misaligned buffer", |
4cc2dcf9 EB |
417 | .src_divs = { |
418 | { | |
419 | .proportion_of_total = 10000, | |
420 | .offset = 1, | |
4cc2dcf9 EB |
421 | }, |
422 | }, | |
423 | .finalization_type = FINALIZATION_TYPE_DIGEST, | |
fd8c37c7 | 424 | .key_offset = 1, |
4cc2dcf9 EB |
425 | }, { |
426 | .name = "init+update+update+final two even splits", | |
427 | .src_divs = { | |
428 | { .proportion_of_total = 5000 }, | |
429 | { | |
430 | .proportion_of_total = 5000, | |
431 | .flush_type = FLUSH_TYPE_FLUSH, | |
432 | }, | |
433 | }, | |
434 | .finalization_type = FINALIZATION_TYPE_FINAL, | |
435 | }, { | |
436 | .name = "digest uneven misaligned splits, may sleep", | |
437 | .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP, | |
438 | .src_divs = { | |
439 | { .proportion_of_total = 1900, .offset = 33 }, | |
440 | { .proportion_of_total = 3300, .offset = 7 }, | |
441 | { .proportion_of_total = 4800, .offset = 18 }, | |
442 | }, | |
443 | .finalization_type = FINALIZATION_TYPE_DIGEST, | |
444 | }, { | |
445 | .name = "digest misaligned splits crossing pages", | |
446 | .src_divs = { | |
447 | { | |
448 | .proportion_of_total = 7500, | |
449 | .offset = PAGE_SIZE - 32, | |
450 | }, { | |
451 | .proportion_of_total = 2500, | |
452 | .offset = PAGE_SIZE - 7, | |
453 | }, | |
454 | }, | |
455 | .finalization_type = FINALIZATION_TYPE_DIGEST, | |
456 | }, { | |
457 | .name = "import/export", | |
458 | .src_divs = { | |
459 | { | |
460 | .proportion_of_total = 6500, | |
461 | .flush_type = FLUSH_TYPE_REIMPORT, | |
462 | }, { | |
463 | .proportion_of_total = 3500, | |
464 | .flush_type = FLUSH_TYPE_REIMPORT, | |
465 | }, | |
466 | }, | |
467 | .finalization_type = FINALIZATION_TYPE_FINAL, | |
468 | } | |
469 | }; | |
470 | ||
3f47a03d EB |
471 | static unsigned int count_test_sg_divisions(const struct test_sg_division *divs) |
472 | { | |
473 | unsigned int remaining = TEST_SG_TOTAL; | |
474 | unsigned int ndivs = 0; | |
475 | ||
476 | do { | |
477 | remaining -= divs[ndivs++].proportion_of_total; | |
478 | } while (remaining); | |
479 | ||
480 | return ndivs; | |
481 | } | |
482 | ||
6570737c EB |
483 | #define SGDIVS_HAVE_FLUSHES BIT(0) |
484 | #define SGDIVS_HAVE_NOSIMD BIT(1) | |
485 | ||
3f47a03d | 486 | static bool valid_sg_divisions(const struct test_sg_division *divs, |
6570737c | 487 | unsigned int count, int *flags_ret) |
3f47a03d EB |
488 | { |
489 | unsigned int total = 0; | |
490 | unsigned int i; | |
491 | ||
492 | for (i = 0; i < count && total != TEST_SG_TOTAL; i++) { | |
493 | if (divs[i].proportion_of_total <= 0 || | |
494 | divs[i].proportion_of_total > TEST_SG_TOTAL - total) | |
495 | return false; | |
496 | total += divs[i].proportion_of_total; | |
497 | if (divs[i].flush_type != FLUSH_TYPE_NONE) | |
6570737c EB |
498 | *flags_ret |= SGDIVS_HAVE_FLUSHES; |
499 | if (divs[i].nosimd) | |
500 | *flags_ret |= SGDIVS_HAVE_NOSIMD; | |
3f47a03d EB |
501 | } |
502 | return total == TEST_SG_TOTAL && | |
503 | memchr_inv(&divs[i], 0, (count - i) * sizeof(divs[0])) == NULL; | |
504 | } | |
505 | ||
506 | /* | |
507 | * Check whether the given testvec_config is valid. This isn't strictly needed | |
508 | * since every testvec_config should be valid, but check anyway so that people | |
509 | * don't unknowingly add broken configs that don't do what they wanted. | |
510 | */ | |
511 | static bool valid_testvec_config(const struct testvec_config *cfg) | |
512 | { | |
6570737c | 513 | int flags = 0; |
3f47a03d EB |
514 | |
515 | if (cfg->name == NULL) | |
516 | return false; | |
517 | ||
518 | if (!valid_sg_divisions(cfg->src_divs, ARRAY_SIZE(cfg->src_divs), | |
6570737c | 519 | &flags)) |
3f47a03d EB |
520 | return false; |
521 | ||
522 | if (cfg->dst_divs[0].proportion_of_total) { | |
523 | if (!valid_sg_divisions(cfg->dst_divs, | |
6570737c | 524 | ARRAY_SIZE(cfg->dst_divs), &flags)) |
3f47a03d EB |
525 | return false; |
526 | } else { | |
527 | if (memchr_inv(cfg->dst_divs, 0, sizeof(cfg->dst_divs))) | |
528 | return false; | |
529 | /* defaults to dst_divs=src_divs */ | |
530 | } | |
531 | ||
532 | if (cfg->iv_offset + | |
533 | (cfg->iv_offset_relative_to_alignmask ? MAX_ALGAPI_ALIGNMASK : 0) > | |
534 | MAX_ALGAPI_ALIGNMASK + 1) | |
535 | return false; | |
536 | ||
6570737c EB |
537 | if ((flags & (SGDIVS_HAVE_FLUSHES | SGDIVS_HAVE_NOSIMD)) && |
538 | cfg->finalization_type == FINALIZATION_TYPE_DIGEST) | |
539 | return false; | |
540 | ||
fa501bf2 EB |
541 | if ((cfg->nosimd || cfg->nosimd_setkey || |
542 | (flags & SGDIVS_HAVE_NOSIMD)) && | |
6570737c | 543 | (cfg->req_flags & CRYPTO_TFM_REQ_MAY_SLEEP)) |
3f47a03d EB |
544 | return false; |
545 | ||
546 | return true; | |
547 | } | |
548 | ||
549 | struct test_sglist { | |
550 | char *bufs[XBUFSIZE]; | |
551 | struct scatterlist sgl[XBUFSIZE]; | |
552 | struct scatterlist sgl_saved[XBUFSIZE]; | |
553 | struct scatterlist *sgl_ptr; | |
554 | unsigned int nents; | |
555 | }; | |
556 | ||
557 | static int init_test_sglist(struct test_sglist *tsgl) | |
558 | { | |
559 | return __testmgr_alloc_buf(tsgl->bufs, 1 /* two pages per buffer */); | |
560 | } | |
561 | ||
562 | static void destroy_test_sglist(struct test_sglist *tsgl) | |
563 | { | |
564 | return __testmgr_free_buf(tsgl->bufs, 1 /* two pages per buffer */); | |
565 | } | |
566 | ||
567 | /** | |
568 | * build_test_sglist() - build a scatterlist for a crypto test | |
569 | * | |
570 | * @tsgl: the scatterlist to build. @tsgl->bufs[] contains an array of 2-page | |
571 | * buffers which the scatterlist @tsgl->sgl[] will be made to point into. | |
572 | * @divs: the layout specification on which the scatterlist will be based | |
573 | * @alignmask: the algorithm's alignmask | |
574 | * @total_len: the total length of the scatterlist to build in bytes | |
575 | * @data: if non-NULL, the buffers will be filled with this data until it ends. | |
576 | * Otherwise the buffers will be poisoned. In both cases, some bytes | |
577 | * past the end of each buffer will be poisoned to help detect overruns. | |
578 | * @out_divs: if non-NULL, the test_sg_division to which each scatterlist entry | |
579 | * corresponds will be returned here. This will match @divs except | |
580 | * that divisions resolving to a length of 0 are omitted as they are | |
581 | * not included in the scatterlist. | |
582 | * | |
583 | * Return: 0 or a -errno value | |
584 | */ | |
585 | static int build_test_sglist(struct test_sglist *tsgl, | |
586 | const struct test_sg_division *divs, | |
587 | const unsigned int alignmask, | |
588 | const unsigned int total_len, | |
589 | struct iov_iter *data, | |
590 | const struct test_sg_division *out_divs[XBUFSIZE]) | |
591 | { | |
592 | struct { | |
593 | const struct test_sg_division *div; | |
594 | size_t length; | |
595 | } partitions[XBUFSIZE]; | |
596 | const unsigned int ndivs = count_test_sg_divisions(divs); | |
597 | unsigned int len_remaining = total_len; | |
598 | unsigned int i; | |
599 | ||
600 | BUILD_BUG_ON(ARRAY_SIZE(partitions) != ARRAY_SIZE(tsgl->sgl)); | |
601 | if (WARN_ON(ndivs > ARRAY_SIZE(partitions))) | |
602 | return -EINVAL; | |
603 | ||
604 | /* Calculate the (div, length) pairs */ | |
605 | tsgl->nents = 0; | |
606 | for (i = 0; i < ndivs; i++) { | |
607 | unsigned int len_this_sg = | |
608 | min(len_remaining, | |
609 | (total_len * divs[i].proportion_of_total + | |
610 | TEST_SG_TOTAL / 2) / TEST_SG_TOTAL); | |
611 | ||
612 | if (len_this_sg != 0) { | |
613 | partitions[tsgl->nents].div = &divs[i]; | |
614 | partitions[tsgl->nents].length = len_this_sg; | |
615 | tsgl->nents++; | |
616 | len_remaining -= len_this_sg; | |
617 | } | |
618 | } | |
619 | if (tsgl->nents == 0) { | |
620 | partitions[tsgl->nents].div = &divs[0]; | |
621 | partitions[tsgl->nents].length = 0; | |
622 | tsgl->nents++; | |
623 | } | |
624 | partitions[tsgl->nents - 1].length += len_remaining; | |
625 | ||
626 | /* Set up the sgl entries and fill the data or poison */ | |
627 | sg_init_table(tsgl->sgl, tsgl->nents); | |
628 | for (i = 0; i < tsgl->nents; i++) { | |
629 | unsigned int offset = partitions[i].div->offset; | |
630 | void *addr; | |
631 | ||
632 | if (partitions[i].div->offset_relative_to_alignmask) | |
633 | offset += alignmask; | |
634 | ||
635 | while (offset + partitions[i].length + TESTMGR_POISON_LEN > | |
636 | 2 * PAGE_SIZE) { | |
637 | if (WARN_ON(offset <= 0)) | |
638 | return -EINVAL; | |
639 | offset /= 2; | |
640 | } | |
641 | ||
642 | addr = &tsgl->bufs[i][offset]; | |
643 | sg_set_buf(&tsgl->sgl[i], addr, partitions[i].length); | |
644 | ||
645 | if (out_divs) | |
646 | out_divs[i] = partitions[i].div; | |
647 | ||
648 | if (data) { | |
649 | size_t copy_len, copied; | |
650 | ||
651 | copy_len = min(partitions[i].length, data->count); | |
652 | copied = copy_from_iter(addr, copy_len, data); | |
653 | if (WARN_ON(copied != copy_len)) | |
654 | return -EINVAL; | |
655 | testmgr_poison(addr + copy_len, partitions[i].length + | |
656 | TESTMGR_POISON_LEN - copy_len); | |
657 | } else { | |
658 | testmgr_poison(addr, partitions[i].length + | |
659 | TESTMGR_POISON_LEN); | |
660 | } | |
661 | } | |
662 | ||
663 | sg_mark_end(&tsgl->sgl[tsgl->nents - 1]); | |
664 | tsgl->sgl_ptr = tsgl->sgl; | |
665 | memcpy(tsgl->sgl_saved, tsgl->sgl, tsgl->nents * sizeof(tsgl->sgl[0])); | |
666 | return 0; | |
667 | } | |
668 | ||
669 | /* | |
670 | * Verify that a scatterlist crypto operation produced the correct output. | |
671 | * | |
672 | * @tsgl: scatterlist containing the actual output | |
673 | * @expected_output: buffer containing the expected output | |
674 | * @len_to_check: length of @expected_output in bytes | |
675 | * @unchecked_prefix_len: number of ignored bytes in @tsgl prior to real result | |
676 | * @check_poison: verify that the poison bytes after each chunk are intact? | |
677 | * | |
678 | * Return: 0 if correct, -EINVAL if incorrect, -EOVERFLOW if buffer overrun. | |
679 | */ | |
680 | static int verify_correct_output(const struct test_sglist *tsgl, | |
681 | const char *expected_output, | |
682 | unsigned int len_to_check, | |
683 | unsigned int unchecked_prefix_len, | |
684 | bool check_poison) | |
685 | { | |
686 | unsigned int i; | |
687 | ||
688 | for (i = 0; i < tsgl->nents; i++) { | |
689 | struct scatterlist *sg = &tsgl->sgl_ptr[i]; | |
690 | unsigned int len = sg->length; | |
691 | unsigned int offset = sg->offset; | |
692 | const char *actual_output; | |
693 | ||
694 | if (unchecked_prefix_len) { | |
695 | if (unchecked_prefix_len >= len) { | |
696 | unchecked_prefix_len -= len; | |
697 | continue; | |
698 | } | |
699 | offset += unchecked_prefix_len; | |
700 | len -= unchecked_prefix_len; | |
701 | unchecked_prefix_len = 0; | |
702 | } | |
703 | len = min(len, len_to_check); | |
704 | actual_output = page_address(sg_page(sg)) + offset; | |
705 | if (memcmp(expected_output, actual_output, len) != 0) | |
706 | return -EINVAL; | |
707 | if (check_poison && | |
708 | !testmgr_is_poison(actual_output + len, TESTMGR_POISON_LEN)) | |
709 | return -EOVERFLOW; | |
710 | len_to_check -= len; | |
711 | expected_output += len; | |
712 | } | |
713 | if (WARN_ON(len_to_check != 0)) | |
714 | return -EINVAL; | |
715 | return 0; | |
716 | } | |
717 | ||
718 | static bool is_test_sglist_corrupted(const struct test_sglist *tsgl) | |
719 | { | |
720 | unsigned int i; | |
721 | ||
722 | for (i = 0; i < tsgl->nents; i++) { | |
723 | if (tsgl->sgl[i].page_link != tsgl->sgl_saved[i].page_link) | |
724 | return true; | |
725 | if (tsgl->sgl[i].offset != tsgl->sgl_saved[i].offset) | |
726 | return true; | |
727 | if (tsgl->sgl[i].length != tsgl->sgl_saved[i].length) | |
728 | return true; | |
729 | } | |
730 | return false; | |
731 | } | |
732 | ||
733 | struct cipher_test_sglists { | |
734 | struct test_sglist src; | |
735 | struct test_sglist dst; | |
736 | }; | |
737 | ||
738 | static struct cipher_test_sglists *alloc_cipher_test_sglists(void) | |
739 | { | |
740 | struct cipher_test_sglists *tsgls; | |
741 | ||
742 | tsgls = kmalloc(sizeof(*tsgls), GFP_KERNEL); | |
743 | if (!tsgls) | |
744 | return NULL; | |
745 | ||
746 | if (init_test_sglist(&tsgls->src) != 0) | |
747 | goto fail_kfree; | |
748 | if (init_test_sglist(&tsgls->dst) != 0) | |
749 | goto fail_destroy_src; | |
750 | ||
751 | return tsgls; | |
752 | ||
753 | fail_destroy_src: | |
754 | destroy_test_sglist(&tsgls->src); | |
755 | fail_kfree: | |
756 | kfree(tsgls); | |
757 | return NULL; | |
758 | } | |
759 | ||
760 | static void free_cipher_test_sglists(struct cipher_test_sglists *tsgls) | |
761 | { | |
762 | if (tsgls) { | |
763 | destroy_test_sglist(&tsgls->src); | |
764 | destroy_test_sglist(&tsgls->dst); | |
765 | kfree(tsgls); | |
766 | } | |
767 | } | |
768 | ||
769 | /* Build the src and dst scatterlists for an skcipher or AEAD test */ | |
770 | static int build_cipher_test_sglists(struct cipher_test_sglists *tsgls, | |
771 | const struct testvec_config *cfg, | |
772 | unsigned int alignmask, | |
773 | unsigned int src_total_len, | |
774 | unsigned int dst_total_len, | |
775 | const struct kvec *inputs, | |
776 | unsigned int nr_inputs) | |
777 | { | |
778 | struct iov_iter input; | |
779 | int err; | |
780 | ||
de4eda9d | 781 | iov_iter_kvec(&input, ITER_SOURCE, inputs, nr_inputs, src_total_len); |
3f47a03d | 782 | err = build_test_sglist(&tsgls->src, cfg->src_divs, alignmask, |
f17f9e90 | 783 | cfg->inplace_mode != OUT_OF_PLACE ? |
3f47a03d EB |
784 | max(dst_total_len, src_total_len) : |
785 | src_total_len, | |
786 | &input, NULL); | |
787 | if (err) | |
788 | return err; | |
789 | ||
f17f9e90 EB |
790 | /* |
791 | * In-place crypto operations can use the same scatterlist for both the | |
792 | * source and destination (req->src == req->dst), or can use separate | |
793 | * scatterlists (req->src != req->dst) which point to the same | |
794 | * underlying memory. Make sure to test both cases. | |
795 | */ | |
796 | if (cfg->inplace_mode == INPLACE_ONE_SGLIST) { | |
3f47a03d EB |
797 | tsgls->dst.sgl_ptr = tsgls->src.sgl; |
798 | tsgls->dst.nents = tsgls->src.nents; | |
799 | return 0; | |
800 | } | |
f17f9e90 EB |
801 | if (cfg->inplace_mode == INPLACE_TWO_SGLISTS) { |
802 | /* | |
803 | * For now we keep it simple and only test the case where the | |
804 | * two scatterlists have identical entries, rather than | |
805 | * different entries that split up the same memory differently. | |
806 | */ | |
807 | memcpy(tsgls->dst.sgl, tsgls->src.sgl, | |
808 | tsgls->src.nents * sizeof(tsgls->src.sgl[0])); | |
809 | memcpy(tsgls->dst.sgl_saved, tsgls->src.sgl, | |
810 | tsgls->src.nents * sizeof(tsgls->src.sgl[0])); | |
811 | tsgls->dst.sgl_ptr = tsgls->dst.sgl; | |
812 | tsgls->dst.nents = tsgls->src.nents; | |
813 | return 0; | |
814 | } | |
815 | /* Out of place */ | |
3f47a03d EB |
816 | return build_test_sglist(&tsgls->dst, |
817 | cfg->dst_divs[0].proportion_of_total ? | |
818 | cfg->dst_divs : cfg->src_divs, | |
819 | alignmask, dst_total_len, NULL, NULL); | |
f8b0d4d0 HX |
820 | } |
821 | ||
fd8c37c7 EB |
822 | /* |
823 | * Support for testing passing a misaligned key to setkey(): | |
824 | * | |
825 | * If cfg->key_offset is set, copy the key into a new buffer at that offset, | |
826 | * optionally adding alignmask. Else, just use the key directly. | |
827 | */ | |
828 | static int prepare_keybuf(const u8 *key, unsigned int ksize, | |
829 | const struct testvec_config *cfg, | |
830 | unsigned int alignmask, | |
831 | const u8 **keybuf_ret, const u8 **keyptr_ret) | |
832 | { | |
833 | unsigned int key_offset = cfg->key_offset; | |
834 | u8 *keybuf = NULL, *keyptr = (u8 *)key; | |
835 | ||
836 | if (key_offset != 0) { | |
837 | if (cfg->key_offset_relative_to_alignmask) | |
838 | key_offset += alignmask; | |
839 | keybuf = kmalloc(key_offset + ksize, GFP_KERNEL); | |
840 | if (!keybuf) | |
841 | return -ENOMEM; | |
842 | keyptr = keybuf + key_offset; | |
843 | memcpy(keyptr, key, ksize); | |
844 | } | |
845 | *keybuf_ret = keybuf; | |
846 | *keyptr_ret = keyptr; | |
847 | return 0; | |
848 | } | |
849 | ||
fa501bf2 EB |
850 | /* |
851 | * Like setkey_f(tfm, key, ksize), but sometimes misalign the key. | |
852 | * In addition, run the setkey function in no-SIMD context if requested. | |
853 | */ | |
fd8c37c7 EB |
854 | #define do_setkey(setkey_f, tfm, key, ksize, cfg, alignmask) \ |
855 | ({ \ | |
856 | const u8 *keybuf, *keyptr; \ | |
857 | int err; \ | |
858 | \ | |
859 | err = prepare_keybuf((key), (ksize), (cfg), (alignmask), \ | |
860 | &keybuf, &keyptr); \ | |
861 | if (err == 0) { \ | |
fa501bf2 EB |
862 | if ((cfg)->nosimd_setkey) \ |
863 | crypto_disable_simd_for_test(); \ | |
fd8c37c7 | 864 | err = setkey_f((tfm), keyptr, (ksize)); \ |
fa501bf2 EB |
865 | if ((cfg)->nosimd_setkey) \ |
866 | crypto_reenable_simd_for_test(); \ | |
fd8c37c7 EB |
867 | kfree(keybuf); \ |
868 | } \ | |
869 | err; \ | |
870 | }) | |
871 | ||
25f9dddb | 872 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS |
f2bb770a | 873 | |
f900fde2 EB |
874 | /* |
875 | * The fuzz tests use prandom instead of the normal Linux RNG since they don't | |
876 | * need cryptographically secure random numbers. This greatly improves the | |
877 | * performance of these tests, especially if they are run before the Linux RNG | |
878 | * has been initialized or if they are run on a lockdep-enabled kernel. | |
879 | */ | |
880 | ||
881 | static inline void init_rnd_state(struct rnd_state *rng) | |
882 | { | |
883 | prandom_seed_state(rng, get_random_u64()); | |
884 | } | |
885 | ||
886 | static inline u8 prandom_u8(struct rnd_state *rng) | |
887 | { | |
888 | return prandom_u32_state(rng); | |
889 | } | |
890 | ||
891 | static inline u32 prandom_u32_below(struct rnd_state *rng, u32 ceil) | |
892 | { | |
893 | /* | |
894 | * This is slightly biased for non-power-of-2 values of 'ceil', but this | |
895 | * isn't important here. | |
896 | */ | |
897 | return prandom_u32_state(rng) % ceil; | |
898 | } | |
899 | ||
900 | static inline bool prandom_bool(struct rnd_state *rng) | |
901 | { | |
902 | return prandom_u32_below(rng, 2); | |
903 | } | |
904 | ||
905 | static inline u32 prandom_u32_inclusive(struct rnd_state *rng, | |
906 | u32 floor, u32 ceil) | |
907 | { | |
908 | return floor + prandom_u32_below(rng, ceil - floor + 1); | |
909 | } | |
910 | ||
f2bb770a | 911 | /* Generate a random length in range [0, max_len], but prefer smaller values */ |
f900fde2 EB |
912 | static unsigned int generate_random_length(struct rnd_state *rng, |
913 | unsigned int max_len) | |
f2bb770a | 914 | { |
f900fde2 | 915 | unsigned int len = prandom_u32_below(rng, max_len + 1); |
f2bb770a | 916 | |
f900fde2 | 917 | switch (prandom_u32_below(rng, 4)) { |
f2bb770a | 918 | case 0: |
101e99c2 EB |
919 | len %= 64; |
920 | break; | |
f2bb770a | 921 | case 1: |
101e99c2 EB |
922 | len %= 256; |
923 | break; | |
f2bb770a | 924 | case 2: |
101e99c2 EB |
925 | len %= 1024; |
926 | break; | |
f2bb770a | 927 | default: |
101e99c2 | 928 | break; |
f2bb770a | 929 | } |
101e99c2 EB |
930 | if (len && prandom_u32_below(rng, 4) == 0) |
931 | len = rounddown_pow_of_two(len); | |
932 | return len; | |
f2bb770a EB |
933 | } |
934 | ||
49763fc6 | 935 | /* Flip a random bit in the given nonempty data buffer */ |
f900fde2 | 936 | static void flip_random_bit(struct rnd_state *rng, u8 *buf, size_t size) |
49763fc6 EB |
937 | { |
938 | size_t bitpos; | |
939 | ||
f900fde2 | 940 | bitpos = prandom_u32_below(rng, size * 8); |
49763fc6 EB |
941 | buf[bitpos / 8] ^= 1 << (bitpos % 8); |
942 | } | |
943 | ||
944 | /* Flip a random byte in the given nonempty data buffer */ | |
f900fde2 | 945 | static void flip_random_byte(struct rnd_state *rng, u8 *buf, size_t size) |
49763fc6 | 946 | { |
f900fde2 | 947 | buf[prandom_u32_below(rng, size)] ^= 0xff; |
49763fc6 EB |
948 | } |
949 | ||
950 | /* Sometimes make some random changes to the given nonempty data buffer */ | |
f900fde2 | 951 | static void mutate_buffer(struct rnd_state *rng, u8 *buf, size_t size) |
f2bb770a EB |
952 | { |
953 | size_t num_flips; | |
954 | size_t i; | |
f2bb770a EB |
955 | |
956 | /* Sometimes flip some bits */ | |
f900fde2 EB |
957 | if (prandom_u32_below(rng, 4) == 0) { |
958 | num_flips = min_t(size_t, 1 << prandom_u32_below(rng, 8), | |
959 | size * 8); | |
49763fc6 | 960 | for (i = 0; i < num_flips; i++) |
f900fde2 | 961 | flip_random_bit(rng, buf, size); |
f2bb770a EB |
962 | } |
963 | ||
964 | /* Sometimes flip some bytes */ | |
f900fde2 EB |
965 | if (prandom_u32_below(rng, 4) == 0) { |
966 | num_flips = min_t(size_t, 1 << prandom_u32_below(rng, 8), size); | |
f2bb770a | 967 | for (i = 0; i < num_flips; i++) |
f900fde2 | 968 | flip_random_byte(rng, buf, size); |
f2bb770a EB |
969 | } |
970 | } | |
971 | ||
972 | /* Randomly generate 'count' bytes, but sometimes make them "interesting" */ | |
f900fde2 | 973 | static void generate_random_bytes(struct rnd_state *rng, u8 *buf, size_t count) |
f2bb770a EB |
974 | { |
975 | u8 b; | |
976 | u8 increment; | |
977 | size_t i; | |
978 | ||
979 | if (count == 0) | |
980 | return; | |
981 | ||
f900fde2 | 982 | switch (prandom_u32_below(rng, 8)) { /* Choose a generation strategy */ |
f2bb770a EB |
983 | case 0: |
984 | case 1: | |
985 | /* All the same byte, plus optional mutations */ | |
f900fde2 | 986 | switch (prandom_u32_below(rng, 4)) { |
f2bb770a EB |
987 | case 0: |
988 | b = 0x00; | |
989 | break; | |
990 | case 1: | |
991 | b = 0xff; | |
992 | break; | |
993 | default: | |
f900fde2 | 994 | b = prandom_u8(rng); |
f2bb770a EB |
995 | break; |
996 | } | |
997 | memset(buf, b, count); | |
f900fde2 | 998 | mutate_buffer(rng, buf, count); |
f2bb770a EB |
999 | break; |
1000 | case 2: | |
1001 | /* Ascending or descending bytes, plus optional mutations */ | |
f900fde2 EB |
1002 | increment = prandom_u8(rng); |
1003 | b = prandom_u8(rng); | |
f2bb770a EB |
1004 | for (i = 0; i < count; i++, b += increment) |
1005 | buf[i] = b; | |
f900fde2 | 1006 | mutate_buffer(rng, buf, count); |
f2bb770a EB |
1007 | break; |
1008 | default: | |
1009 | /* Fully random bytes */ | |
f900fde2 | 1010 | prandom_bytes_state(rng, buf, count); |
f2bb770a EB |
1011 | } |
1012 | } | |
1013 | ||
f900fde2 EB |
1014 | static char *generate_random_sgl_divisions(struct rnd_state *rng, |
1015 | struct test_sg_division *divs, | |
25f9dddb | 1016 | size_t max_divs, char *p, char *end, |
6570737c | 1017 | bool gen_flushes, u32 req_flags) |
25f9dddb EB |
1018 | { |
1019 | struct test_sg_division *div = divs; | |
1020 | unsigned int remaining = TEST_SG_TOTAL; | |
1021 | ||
1022 | do { | |
1023 | unsigned int this_len; | |
6570737c | 1024 | const char *flushtype_str; |
25f9dddb | 1025 | |
f900fde2 | 1026 | if (div == &divs[max_divs - 1] || prandom_bool(rng)) |
25f9dddb | 1027 | this_len = remaining; |
101e99c2 EB |
1028 | else if (prandom_u32_below(rng, 4) == 0) |
1029 | this_len = (remaining + 1) / 2; | |
25f9dddb | 1030 | else |
f900fde2 | 1031 | this_len = prandom_u32_inclusive(rng, 1, remaining); |
25f9dddb EB |
1032 | div->proportion_of_total = this_len; |
1033 | ||
f900fde2 EB |
1034 | if (prandom_u32_below(rng, 4) == 0) |
1035 | div->offset = prandom_u32_inclusive(rng, | |
1036 | PAGE_SIZE - 128, | |
1037 | PAGE_SIZE - 1); | |
1038 | else if (prandom_bool(rng)) | |
1039 | div->offset = prandom_u32_below(rng, 32); | |
25f9dddb | 1040 | else |
f900fde2 EB |
1041 | div->offset = prandom_u32_below(rng, PAGE_SIZE); |
1042 | if (prandom_u32_below(rng, 8) == 0) | |
25f9dddb EB |
1043 | div->offset_relative_to_alignmask = true; |
1044 | ||
1045 | div->flush_type = FLUSH_TYPE_NONE; | |
1046 | if (gen_flushes) { | |
f900fde2 | 1047 | switch (prandom_u32_below(rng, 4)) { |
25f9dddb EB |
1048 | case 0: |
1049 | div->flush_type = FLUSH_TYPE_REIMPORT; | |
1050 | break; | |
1051 | case 1: | |
1052 | div->flush_type = FLUSH_TYPE_FLUSH; | |
1053 | break; | |
1054 | } | |
1055 | } | |
1056 | ||
6570737c EB |
1057 | if (div->flush_type != FLUSH_TYPE_NONE && |
1058 | !(req_flags & CRYPTO_TFM_REQ_MAY_SLEEP) && | |
f900fde2 | 1059 | prandom_bool(rng)) |
6570737c EB |
1060 | div->nosimd = true; |
1061 | ||
1062 | switch (div->flush_type) { | |
1063 | case FLUSH_TYPE_FLUSH: | |
1064 | if (div->nosimd) | |
1065 | flushtype_str = "<flush,nosimd>"; | |
1066 | else | |
1067 | flushtype_str = "<flush>"; | |
1068 | break; | |
1069 | case FLUSH_TYPE_REIMPORT: | |
1070 | if (div->nosimd) | |
1071 | flushtype_str = "<reimport,nosimd>"; | |
1072 | else | |
1073 | flushtype_str = "<reimport>"; | |
1074 | break; | |
1075 | default: | |
1076 | flushtype_str = ""; | |
1077 | break; | |
1078 | } | |
1079 | ||
25f9dddb | 1080 | BUILD_BUG_ON(TEST_SG_TOTAL != 10000); /* for "%u.%u%%" */ |
6570737c | 1081 | p += scnprintf(p, end - p, "%s%u.%u%%@%s+%u%s", flushtype_str, |
25f9dddb EB |
1082 | this_len / 100, this_len % 100, |
1083 | div->offset_relative_to_alignmask ? | |
1084 | "alignmask" : "", | |
1085 | div->offset, this_len == remaining ? "" : ", "); | |
1086 | remaining -= this_len; | |
1087 | div++; | |
1088 | } while (remaining); | |
1089 | ||
1090 | return p; | |
1091 | } | |
1092 | ||
1093 | /* Generate a random testvec_config for fuzz testing */ | |
f900fde2 EB |
1094 | static void generate_random_testvec_config(struct rnd_state *rng, |
1095 | struct testvec_config *cfg, | |
25f9dddb EB |
1096 | char *name, size_t max_namelen) |
1097 | { | |
1098 | char *p = name; | |
1099 | char * const end = name + max_namelen; | |
1100 | ||
1101 | memset(cfg, 0, sizeof(*cfg)); | |
1102 | ||
1103 | cfg->name = name; | |
1104 | ||
1105 | p += scnprintf(p, end - p, "random:"); | |
1106 | ||
f900fde2 | 1107 | switch (prandom_u32_below(rng, 4)) { |
f17f9e90 EB |
1108 | case 0: |
1109 | case 1: | |
1110 | cfg->inplace_mode = OUT_OF_PLACE; | |
1111 | break; | |
1112 | case 2: | |
1113 | cfg->inplace_mode = INPLACE_ONE_SGLIST; | |
1114 | p += scnprintf(p, end - p, " inplace_one_sglist"); | |
1115 | break; | |
1116 | default: | |
1117 | cfg->inplace_mode = INPLACE_TWO_SGLISTS; | |
1118 | p += scnprintf(p, end - p, " inplace_two_sglists"); | |
1119 | break; | |
25f9dddb EB |
1120 | } |
1121 | ||
f900fde2 | 1122 | if (prandom_bool(rng)) { |
25f9dddb EB |
1123 | cfg->req_flags |= CRYPTO_TFM_REQ_MAY_SLEEP; |
1124 | p += scnprintf(p, end - p, " may_sleep"); | |
1125 | } | |
1126 | ||
f900fde2 | 1127 | switch (prandom_u32_below(rng, 4)) { |
25f9dddb EB |
1128 | case 0: |
1129 | cfg->finalization_type = FINALIZATION_TYPE_FINAL; | |
1130 | p += scnprintf(p, end - p, " use_final"); | |
1131 | break; | |
1132 | case 1: | |
1133 | cfg->finalization_type = FINALIZATION_TYPE_FINUP; | |
1134 | p += scnprintf(p, end - p, " use_finup"); | |
1135 | break; | |
1136 | default: | |
1137 | cfg->finalization_type = FINALIZATION_TYPE_DIGEST; | |
1138 | p += scnprintf(p, end - p, " use_digest"); | |
1139 | break; | |
1140 | } | |
1141 | ||
fa501bf2 EB |
1142 | if (!(cfg->req_flags & CRYPTO_TFM_REQ_MAY_SLEEP)) { |
1143 | if (prandom_bool(rng)) { | |
1144 | cfg->nosimd = true; | |
1145 | p += scnprintf(p, end - p, " nosimd"); | |
1146 | } | |
1147 | if (prandom_bool(rng)) { | |
1148 | cfg->nosimd_setkey = true; | |
1149 | p += scnprintf(p, end - p, " nosimd_setkey"); | |
1150 | } | |
6570737c EB |
1151 | } |
1152 | ||
25f9dddb | 1153 | p += scnprintf(p, end - p, " src_divs=["); |
f900fde2 | 1154 | p = generate_random_sgl_divisions(rng, cfg->src_divs, |
25f9dddb EB |
1155 | ARRAY_SIZE(cfg->src_divs), p, end, |
1156 | (cfg->finalization_type != | |
6570737c EB |
1157 | FINALIZATION_TYPE_DIGEST), |
1158 | cfg->req_flags); | |
25f9dddb EB |
1159 | p += scnprintf(p, end - p, "]"); |
1160 | ||
f900fde2 | 1161 | if (cfg->inplace_mode == OUT_OF_PLACE && prandom_bool(rng)) { |
25f9dddb | 1162 | p += scnprintf(p, end - p, " dst_divs=["); |
f900fde2 | 1163 | p = generate_random_sgl_divisions(rng, cfg->dst_divs, |
25f9dddb | 1164 | ARRAY_SIZE(cfg->dst_divs), |
6570737c EB |
1165 | p, end, false, |
1166 | cfg->req_flags); | |
25f9dddb EB |
1167 | p += scnprintf(p, end - p, "]"); |
1168 | } | |
1169 | ||
f900fde2 EB |
1170 | if (prandom_bool(rng)) { |
1171 | cfg->iv_offset = prandom_u32_inclusive(rng, 1, | |
1172 | MAX_ALGAPI_ALIGNMASK); | |
25f9dddb EB |
1173 | p += scnprintf(p, end - p, " iv_offset=%u", cfg->iv_offset); |
1174 | } | |
1175 | ||
f900fde2 EB |
1176 | if (prandom_bool(rng)) { |
1177 | cfg->key_offset = prandom_u32_inclusive(rng, 1, | |
1178 | MAX_ALGAPI_ALIGNMASK); | |
fd8c37c7 EB |
1179 | p += scnprintf(p, end - p, " key_offset=%u", cfg->key_offset); |
1180 | } | |
1181 | ||
25f9dddb EB |
1182 | WARN_ON_ONCE(!valid_testvec_config(cfg)); |
1183 | } | |
b55e1a39 EB |
1184 | |
1185 | static void crypto_disable_simd_for_test(void) | |
1186 | { | |
82e269ad | 1187 | migrate_disable(); |
b55e1a39 EB |
1188 | __this_cpu_write(crypto_simd_disabled_for_test, true); |
1189 | } | |
1190 | ||
1191 | static void crypto_reenable_simd_for_test(void) | |
1192 | { | |
1193 | __this_cpu_write(crypto_simd_disabled_for_test, false); | |
82e269ad | 1194 | migrate_enable(); |
b55e1a39 | 1195 | } |
f2bb770a EB |
1196 | |
1197 | /* | |
1198 | * Given an algorithm name, build the name of the generic implementation of that | |
1199 | * algorithm, assuming the usual naming convention. Specifically, this appends | |
1200 | * "-generic" to every part of the name that is not a template name. Examples: | |
1201 | * | |
1202 | * aes => aes-generic | |
1203 | * cbc(aes) => cbc(aes-generic) | |
1204 | * cts(cbc(aes)) => cts(cbc(aes-generic)) | |
1205 | * rfc7539(chacha20,poly1305) => rfc7539(chacha20-generic,poly1305-generic) | |
1206 | * | |
1207 | * Return: 0 on success, or -ENAMETOOLONG if the generic name would be too long | |
1208 | */ | |
1209 | static int build_generic_driver_name(const char *algname, | |
1210 | char driver_name[CRYPTO_MAX_ALG_NAME]) | |
1211 | { | |
1212 | const char *in = algname; | |
1213 | char *out = driver_name; | |
1214 | size_t len = strlen(algname); | |
1215 | ||
1216 | if (len >= CRYPTO_MAX_ALG_NAME) | |
1217 | goto too_long; | |
1218 | do { | |
1219 | const char *in_saved = in; | |
1220 | ||
1221 | while (*in && *in != '(' && *in != ')' && *in != ',') | |
1222 | *out++ = *in++; | |
1223 | if (*in != '(' && in > in_saved) { | |
1224 | len += 8; | |
1225 | if (len >= CRYPTO_MAX_ALG_NAME) | |
1226 | goto too_long; | |
1227 | memcpy(out, "-generic", 8); | |
1228 | out += 8; | |
1229 | } | |
1230 | } while ((*out++ = *in++) != '\0'); | |
1231 | return 0; | |
1232 | ||
1233 | too_long: | |
1234 | pr_err("alg: generic driver name for \"%s\" would be too long\n", | |
1235 | algname); | |
1236 | return -ENAMETOOLONG; | |
1237 | } | |
b55e1a39 EB |
1238 | #else /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */ |
1239 | static void crypto_disable_simd_for_test(void) | |
1240 | { | |
1241 | } | |
1242 | ||
1243 | static void crypto_reenable_simd_for_test(void) | |
1244 | { | |
1245 | } | |
1246 | #endif /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */ | |
25f9dddb | 1247 | |
d8ea98aa EB |
1248 | static int build_hash_sglist(struct test_sglist *tsgl, |
1249 | const struct hash_testvec *vec, | |
1250 | const struct testvec_config *cfg, | |
1251 | unsigned int alignmask, | |
1252 | const struct test_sg_division *divs[XBUFSIZE]) | |
1253 | { | |
1254 | struct kvec kv; | |
1255 | struct iov_iter input; | |
1256 | ||
1257 | kv.iov_base = (void *)vec->plaintext; | |
1258 | kv.iov_len = vec->psize; | |
de4eda9d | 1259 | iov_iter_kvec(&input, ITER_SOURCE, &kv, 1, vec->psize); |
d8ea98aa EB |
1260 | return build_test_sglist(tsgl, cfg->src_divs, alignmask, vec->psize, |
1261 | &input, divs); | |
1262 | } | |
1263 | ||
1264 | static int check_hash_result(const char *type, | |
1265 | const u8 *result, unsigned int digestsize, | |
1266 | const struct hash_testvec *vec, | |
1267 | const char *vec_name, | |
1268 | const char *driver, | |
1269 | const struct testvec_config *cfg) | |
1270 | { | |
1271 | if (memcmp(result, vec->digest, digestsize) != 0) { | |
1272 | pr_err("alg: %s: %s test failed (wrong result) on test vector %s, cfg=\"%s\"\n", | |
1273 | type, driver, vec_name, cfg->name); | |
1274 | return -EINVAL; | |
1275 | } | |
1276 | if (!testmgr_is_poison(&result[digestsize], TESTMGR_POISON_LEN)) { | |
1277 | pr_err("alg: %s: %s overran result buffer on test vector %s, cfg=\"%s\"\n", | |
1278 | type, driver, vec_name, cfg->name); | |
1279 | return -EOVERFLOW; | |
1280 | } | |
1281 | return 0; | |
1282 | } | |
1283 | ||
1284 | static inline int check_shash_op(const char *op, int err, | |
1285 | const char *driver, const char *vec_name, | |
1286 | const struct testvec_config *cfg) | |
1287 | { | |
1288 | if (err) | |
1289 | pr_err("alg: shash: %s %s() failed with err %d on test vector %s, cfg=\"%s\"\n", | |
1290 | driver, op, err, vec_name, cfg->name); | |
1291 | return err; | |
1292 | } | |
1293 | ||
d8ea98aa | 1294 | /* Test one hash test vector in one configuration, using the shash API */ |
79cafe9a | 1295 | static int test_shash_vec_cfg(const struct hash_testvec *vec, |
d8ea98aa EB |
1296 | const char *vec_name, |
1297 | const struct testvec_config *cfg, | |
1298 | struct shash_desc *desc, | |
1299 | struct test_sglist *tsgl, | |
1300 | u8 *hashstate) | |
1301 | { | |
1302 | struct crypto_shash *tfm = desc->tfm; | |
d8ea98aa EB |
1303 | const unsigned int digestsize = crypto_shash_digestsize(tfm); |
1304 | const unsigned int statesize = crypto_shash_statesize(tfm); | |
79cafe9a | 1305 | const char *driver = crypto_shash_driver_name(tfm); |
d8ea98aa EB |
1306 | const struct test_sg_division *divs[XBUFSIZE]; |
1307 | unsigned int i; | |
1308 | u8 result[HASH_MAX_DIGESTSIZE + TESTMGR_POISON_LEN]; | |
1309 | int err; | |
1310 | ||
1311 | /* Set the key, if specified */ | |
1312 | if (vec->ksize) { | |
fd8c37c7 | 1313 | err = do_setkey(crypto_shash_setkey, tfm, vec->key, vec->ksize, |
2125c11e | 1314 | cfg, 0); |
d8ea98aa EB |
1315 | if (err) { |
1316 | if (err == vec->setkey_error) | |
1317 | return 0; | |
1318 | pr_err("alg: shash: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n", | |
1319 | driver, vec_name, vec->setkey_error, err, | |
1320 | crypto_shash_get_flags(tfm)); | |
1321 | return err; | |
1322 | } | |
1323 | if (vec->setkey_error) { | |
1324 | pr_err("alg: shash: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n", | |
1325 | driver, vec_name, vec->setkey_error); | |
1326 | return -EINVAL; | |
1327 | } | |
1328 | } | |
1329 | ||
1330 | /* Build the scatterlist for the source data */ | |
2125c11e | 1331 | err = build_hash_sglist(tsgl, vec, cfg, 0, divs); |
d8ea98aa EB |
1332 | if (err) { |
1333 | pr_err("alg: shash: %s: error preparing scatterlist for test vector %s, cfg=\"%s\"\n", | |
1334 | driver, vec_name, cfg->name); | |
1335 | return err; | |
1336 | } | |
1337 | ||
1338 | /* Do the actual hashing */ | |
1339 | ||
1340 | testmgr_poison(desc->__ctx, crypto_shash_descsize(tfm)); | |
1341 | testmgr_poison(result, digestsize + TESTMGR_POISON_LEN); | |
1342 | ||
1343 | if (cfg->finalization_type == FINALIZATION_TYPE_DIGEST || | |
1344 | vec->digest_error) { | |
1345 | /* Just using digest() */ | |
1346 | if (tsgl->nents != 1) | |
1347 | return 0; | |
1348 | if (cfg->nosimd) | |
1349 | crypto_disable_simd_for_test(); | |
e40ff6f3 | 1350 | err = crypto_shash_digest(desc, sg_virt(&tsgl->sgl[0]), |
d8ea98aa EB |
1351 | tsgl->sgl[0].length, result); |
1352 | if (cfg->nosimd) | |
1353 | crypto_reenable_simd_for_test(); | |
1354 | if (err) { | |
1355 | if (err == vec->digest_error) | |
1356 | return 0; | |
1357 | pr_err("alg: shash: %s digest() failed on test vector %s; expected_error=%d, actual_error=%d, cfg=\"%s\"\n", | |
1358 | driver, vec_name, vec->digest_error, err, | |
1359 | cfg->name); | |
1360 | return err; | |
1361 | } | |
1362 | if (vec->digest_error) { | |
1363 | pr_err("alg: shash: %s digest() unexpectedly succeeded on test vector %s; expected_error=%d, cfg=\"%s\"\n", | |
1364 | driver, vec_name, vec->digest_error, cfg->name); | |
1365 | return -EINVAL; | |
1366 | } | |
1367 | goto result_ready; | |
1368 | } | |
1369 | ||
1370 | /* Using init(), zero or more update(), then final() or finup() */ | |
1371 | ||
1372 | if (cfg->nosimd) | |
1373 | crypto_disable_simd_for_test(); | |
1374 | err = crypto_shash_init(desc); | |
1375 | if (cfg->nosimd) | |
1376 | crypto_reenable_simd_for_test(); | |
1377 | err = check_shash_op("init", err, driver, vec_name, cfg); | |
1378 | if (err) | |
1379 | return err; | |
1380 | ||
1381 | for (i = 0; i < tsgl->nents; i++) { | |
1382 | if (i + 1 == tsgl->nents && | |
1383 | cfg->finalization_type == FINALIZATION_TYPE_FINUP) { | |
1384 | if (divs[i]->nosimd) | |
1385 | crypto_disable_simd_for_test(); | |
e40ff6f3 | 1386 | err = crypto_shash_finup(desc, sg_virt(&tsgl->sgl[i]), |
d8ea98aa EB |
1387 | tsgl->sgl[i].length, result); |
1388 | if (divs[i]->nosimd) | |
1389 | crypto_reenable_simd_for_test(); | |
1390 | err = check_shash_op("finup", err, driver, vec_name, | |
1391 | cfg); | |
1392 | if (err) | |
1393 | return err; | |
1394 | goto result_ready; | |
1395 | } | |
1396 | if (divs[i]->nosimd) | |
1397 | crypto_disable_simd_for_test(); | |
e40ff6f3 | 1398 | err = crypto_shash_update(desc, sg_virt(&tsgl->sgl[i]), |
d8ea98aa EB |
1399 | tsgl->sgl[i].length); |
1400 | if (divs[i]->nosimd) | |
1401 | crypto_reenable_simd_for_test(); | |
1402 | err = check_shash_op("update", err, driver, vec_name, cfg); | |
1403 | if (err) | |
1404 | return err; | |
1405 | if (divs[i]->flush_type == FLUSH_TYPE_REIMPORT) { | |
1406 | /* Test ->export() and ->import() */ | |
1407 | testmgr_poison(hashstate + statesize, | |
1408 | TESTMGR_POISON_LEN); | |
1409 | err = crypto_shash_export(desc, hashstate); | |
1410 | err = check_shash_op("export", err, driver, vec_name, | |
1411 | cfg); | |
1412 | if (err) | |
1413 | return err; | |
1414 | if (!testmgr_is_poison(hashstate + statesize, | |
1415 | TESTMGR_POISON_LEN)) { | |
1416 | pr_err("alg: shash: %s export() overran state buffer on test vector %s, cfg=\"%s\"\n", | |
1417 | driver, vec_name, cfg->name); | |
1418 | return -EOVERFLOW; | |
1419 | } | |
1420 | testmgr_poison(desc->__ctx, crypto_shash_descsize(tfm)); | |
1421 | err = crypto_shash_import(desc, hashstate); | |
1422 | err = check_shash_op("import", err, driver, vec_name, | |
1423 | cfg); | |
1424 | if (err) | |
1425 | return err; | |
1426 | } | |
1427 | } | |
1428 | ||
1429 | if (cfg->nosimd) | |
1430 | crypto_disable_simd_for_test(); | |
1431 | err = crypto_shash_final(desc, result); | |
1432 | if (cfg->nosimd) | |
1433 | crypto_reenable_simd_for_test(); | |
1434 | err = check_shash_op("final", err, driver, vec_name, cfg); | |
1435 | if (err) | |
1436 | return err; | |
1437 | result_ready: | |
1438 | return check_hash_result("shash", result, digestsize, vec, vec_name, | |
1439 | driver, cfg); | |
1440 | } | |
1441 | ||
6570737c EB |
1442 | static int do_ahash_op(int (*op)(struct ahash_request *req), |
1443 | struct ahash_request *req, | |
1444 | struct crypto_wait *wait, bool nosimd) | |
1445 | { | |
1446 | int err; | |
1447 | ||
1448 | if (nosimd) | |
1449 | crypto_disable_simd_for_test(); | |
1450 | ||
1451 | err = op(req); | |
1452 | ||
1453 | if (nosimd) | |
1454 | crypto_reenable_simd_for_test(); | |
1455 | ||
1456 | return crypto_wait_req(err, wait); | |
1457 | } | |
1458 | ||
d8ea98aa EB |
1459 | static int check_nonfinal_ahash_op(const char *op, int err, |
1460 | u8 *result, unsigned int digestsize, | |
1461 | const char *driver, const char *vec_name, | |
1462 | const struct testvec_config *cfg) | |
466d7b9f | 1463 | { |
4cc2dcf9 | 1464 | if (err) { |
d8ea98aa | 1465 | pr_err("alg: ahash: %s %s() failed with err %d on test vector %s, cfg=\"%s\"\n", |
951d1332 | 1466 | driver, op, err, vec_name, cfg->name); |
4cc2dcf9 | 1467 | return err; |
018ba95c | 1468 | } |
4cc2dcf9 | 1469 | if (!testmgr_is_poison(result, digestsize)) { |
d8ea98aa | 1470 | pr_err("alg: ahash: %s %s() used result buffer on test vector %s, cfg=\"%s\"\n", |
951d1332 | 1471 | driver, op, vec_name, cfg->name); |
4cc2dcf9 | 1472 | return -EINVAL; |
466d7b9f | 1473 | } |
4cc2dcf9 | 1474 | return 0; |
018ba95c WR |
1475 | } |
1476 | ||
d8ea98aa | 1477 | /* Test one hash test vector in one configuration, using the ahash API */ |
79cafe9a | 1478 | static int test_ahash_vec_cfg(const struct hash_testvec *vec, |
d8ea98aa EB |
1479 | const char *vec_name, |
1480 | const struct testvec_config *cfg, | |
1481 | struct ahash_request *req, | |
1482 | struct test_sglist *tsgl, | |
1483 | u8 *hashstate) | |
da7f033d | 1484 | { |
4cc2dcf9 | 1485 | struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); |
4cc2dcf9 EB |
1486 | const unsigned int digestsize = crypto_ahash_digestsize(tfm); |
1487 | const unsigned int statesize = crypto_ahash_statesize(tfm); | |
79cafe9a | 1488 | const char *driver = crypto_ahash_driver_name(tfm); |
4cc2dcf9 EB |
1489 | const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; |
1490 | const struct test_sg_division *divs[XBUFSIZE]; | |
1491 | DECLARE_CRYPTO_WAIT(wait); | |
4cc2dcf9 EB |
1492 | unsigned int i; |
1493 | struct scatterlist *pending_sgl; | |
1494 | unsigned int pending_len; | |
1495 | u8 result[HASH_MAX_DIGESTSIZE + TESTMGR_POISON_LEN]; | |
1496 | int err; | |
da7f033d | 1497 | |
4cc2dcf9 EB |
1498 | /* Set the key, if specified */ |
1499 | if (vec->ksize) { | |
fd8c37c7 | 1500 | err = do_setkey(crypto_ahash_setkey, tfm, vec->key, vec->ksize, |
93f367a9 | 1501 | cfg, 0); |
4cc2dcf9 | 1502 | if (err) { |
5283a8ee EB |
1503 | if (err == vec->setkey_error) |
1504 | return 0; | |
d8ea98aa | 1505 | pr_err("alg: ahash: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n", |
951d1332 | 1506 | driver, vec_name, vec->setkey_error, err, |
4cc2dcf9 EB |
1507 | crypto_ahash_get_flags(tfm)); |
1508 | return err; | |
1509 | } | |
5283a8ee | 1510 | if (vec->setkey_error) { |
d8ea98aa | 1511 | pr_err("alg: ahash: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n", |
951d1332 | 1512 | driver, vec_name, vec->setkey_error); |
5283a8ee EB |
1513 | return -EINVAL; |
1514 | } | |
4cc2dcf9 | 1515 | } |
da7f033d | 1516 | |
4cc2dcf9 | 1517 | /* Build the scatterlist for the source data */ |
93f367a9 | 1518 | err = build_hash_sglist(tsgl, vec, cfg, 0, divs); |
4cc2dcf9 | 1519 | if (err) { |
d8ea98aa | 1520 | pr_err("alg: ahash: %s: error preparing scatterlist for test vector %s, cfg=\"%s\"\n", |
951d1332 | 1521 | driver, vec_name, cfg->name); |
4cc2dcf9 | 1522 | return err; |
da7f033d | 1523 | } |
da7f033d | 1524 | |
4cc2dcf9 | 1525 | /* Do the actual hashing */ |
a0cfae59 | 1526 | |
4cc2dcf9 EB |
1527 | testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm)); |
1528 | testmgr_poison(result, digestsize + TESTMGR_POISON_LEN); | |
da5ffe11 | 1529 | |
5283a8ee EB |
1530 | if (cfg->finalization_type == FINALIZATION_TYPE_DIGEST || |
1531 | vec->digest_error) { | |
4cc2dcf9 EB |
1532 | /* Just using digest() */ |
1533 | ahash_request_set_callback(req, req_flags, crypto_req_done, | |
1534 | &wait); | |
1535 | ahash_request_set_crypt(req, tsgl->sgl, result, vec->psize); | |
6570737c | 1536 | err = do_ahash_op(crypto_ahash_digest, req, &wait, cfg->nosimd); |
4cc2dcf9 | 1537 | if (err) { |
5283a8ee EB |
1538 | if (err == vec->digest_error) |
1539 | return 0; | |
d8ea98aa | 1540 | pr_err("alg: ahash: %s digest() failed on test vector %s; expected_error=%d, actual_error=%d, cfg=\"%s\"\n", |
951d1332 | 1541 | driver, vec_name, vec->digest_error, err, |
5283a8ee | 1542 | cfg->name); |
4cc2dcf9 EB |
1543 | return err; |
1544 | } | |
5283a8ee | 1545 | if (vec->digest_error) { |
d8ea98aa | 1546 | pr_err("alg: ahash: %s digest() unexpectedly succeeded on test vector %s; expected_error=%d, cfg=\"%s\"\n", |
951d1332 | 1547 | driver, vec_name, vec->digest_error, cfg->name); |
5283a8ee EB |
1548 | return -EINVAL; |
1549 | } | |
4cc2dcf9 EB |
1550 | goto result_ready; |
1551 | } | |
da7f033d | 1552 | |
4cc2dcf9 | 1553 | /* Using init(), zero or more update(), then final() or finup() */ |
da7f033d | 1554 | |
4cc2dcf9 EB |
1555 | ahash_request_set_callback(req, req_flags, crypto_req_done, &wait); |
1556 | ahash_request_set_crypt(req, NULL, result, 0); | |
6570737c | 1557 | err = do_ahash_op(crypto_ahash_init, req, &wait, cfg->nosimd); |
d8ea98aa EB |
1558 | err = check_nonfinal_ahash_op("init", err, result, digestsize, |
1559 | driver, vec_name, cfg); | |
4cc2dcf9 EB |
1560 | if (err) |
1561 | return err; | |
da7f033d | 1562 | |
4cc2dcf9 EB |
1563 | pending_sgl = NULL; |
1564 | pending_len = 0; | |
1565 | for (i = 0; i < tsgl->nents; i++) { | |
1566 | if (divs[i]->flush_type != FLUSH_TYPE_NONE && | |
1567 | pending_sgl != NULL) { | |
1568 | /* update() with the pending data */ | |
1569 | ahash_request_set_callback(req, req_flags, | |
1570 | crypto_req_done, &wait); | |
1571 | ahash_request_set_crypt(req, pending_sgl, result, | |
1572 | pending_len); | |
6570737c EB |
1573 | err = do_ahash_op(crypto_ahash_update, req, &wait, |
1574 | divs[i]->nosimd); | |
d8ea98aa EB |
1575 | err = check_nonfinal_ahash_op("update", err, |
1576 | result, digestsize, | |
1577 | driver, vec_name, cfg); | |
4cc2dcf9 EB |
1578 | if (err) |
1579 | return err; | |
1580 | pending_sgl = NULL; | |
1581 | pending_len = 0; | |
da7f033d | 1582 | } |
4cc2dcf9 EB |
1583 | if (divs[i]->flush_type == FLUSH_TYPE_REIMPORT) { |
1584 | /* Test ->export() and ->import() */ | |
1585 | testmgr_poison(hashstate + statesize, | |
1586 | TESTMGR_POISON_LEN); | |
1587 | err = crypto_ahash_export(req, hashstate); | |
d8ea98aa EB |
1588 | err = check_nonfinal_ahash_op("export", err, |
1589 | result, digestsize, | |
1590 | driver, vec_name, cfg); | |
4cc2dcf9 EB |
1591 | if (err) |
1592 | return err; | |
1593 | if (!testmgr_is_poison(hashstate + statesize, | |
1594 | TESTMGR_POISON_LEN)) { | |
d8ea98aa | 1595 | pr_err("alg: ahash: %s export() overran state buffer on test vector %s, cfg=\"%s\"\n", |
951d1332 | 1596 | driver, vec_name, cfg->name); |
4cc2dcf9 | 1597 | return -EOVERFLOW; |
da7f033d | 1598 | } |
76715095 | 1599 | |
4cc2dcf9 EB |
1600 | testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm)); |
1601 | err = crypto_ahash_import(req, hashstate); | |
d8ea98aa EB |
1602 | err = check_nonfinal_ahash_op("import", err, |
1603 | result, digestsize, | |
1604 | driver, vec_name, cfg); | |
4cc2dcf9 EB |
1605 | if (err) |
1606 | return err; | |
da7f033d | 1607 | } |
4cc2dcf9 EB |
1608 | if (pending_sgl == NULL) |
1609 | pending_sgl = &tsgl->sgl[i]; | |
1610 | pending_len += tsgl->sgl[i].length; | |
1611 | } | |
da7f033d | 1612 | |
4cc2dcf9 EB |
1613 | ahash_request_set_callback(req, req_flags, crypto_req_done, &wait); |
1614 | ahash_request_set_crypt(req, pending_sgl, result, pending_len); | |
1615 | if (cfg->finalization_type == FINALIZATION_TYPE_FINAL) { | |
1616 | /* finish with update() and final() */ | |
6570737c | 1617 | err = do_ahash_op(crypto_ahash_update, req, &wait, cfg->nosimd); |
d8ea98aa EB |
1618 | err = check_nonfinal_ahash_op("update", err, result, digestsize, |
1619 | driver, vec_name, cfg); | |
4cc2dcf9 EB |
1620 | if (err) |
1621 | return err; | |
6570737c | 1622 | err = do_ahash_op(crypto_ahash_final, req, &wait, cfg->nosimd); |
4cc2dcf9 | 1623 | if (err) { |
d8ea98aa | 1624 | pr_err("alg: ahash: %s final() failed with err %d on test vector %s, cfg=\"%s\"\n", |
951d1332 | 1625 | driver, err, vec_name, cfg->name); |
4cc2dcf9 EB |
1626 | return err; |
1627 | } | |
1628 | } else { | |
1629 | /* finish with finup() */ | |
6570737c | 1630 | err = do_ahash_op(crypto_ahash_finup, req, &wait, cfg->nosimd); |
4cc2dcf9 | 1631 | if (err) { |
d8ea98aa | 1632 | pr_err("alg: ahash: %s finup() failed with err %d on test vector %s, cfg=\"%s\"\n", |
951d1332 | 1633 | driver, err, vec_name, cfg->name); |
4cc2dcf9 | 1634 | return err; |
da7f033d HX |
1635 | } |
1636 | } | |
1637 | ||
4cc2dcf9 | 1638 | result_ready: |
d8ea98aa EB |
1639 | return check_hash_result("ahash", result, digestsize, vec, vec_name, |
1640 | driver, cfg); | |
1641 | } | |
1642 | ||
79cafe9a | 1643 | static int test_hash_vec_cfg(const struct hash_testvec *vec, |
d8ea98aa EB |
1644 | const char *vec_name, |
1645 | const struct testvec_config *cfg, | |
1646 | struct ahash_request *req, | |
1647 | struct shash_desc *desc, | |
1648 | struct test_sglist *tsgl, | |
1649 | u8 *hashstate) | |
1650 | { | |
1651 | int err; | |
1652 | ||
1653 | /* | |
1654 | * For algorithms implemented as "shash", most bugs will be detected by | |
1655 | * both the shash and ahash tests. Test the shash API first so that the | |
1656 | * failures involve less indirection, so are easier to debug. | |
1657 | */ | |
1658 | ||
1659 | if (desc) { | |
79cafe9a | 1660 | err = test_shash_vec_cfg(vec, vec_name, cfg, desc, tsgl, |
d8ea98aa EB |
1661 | hashstate); |
1662 | if (err) | |
1663 | return err; | |
4cc2dcf9 | 1664 | } |
da5ffe11 | 1665 | |
79cafe9a | 1666 | return test_ahash_vec_cfg(vec, vec_name, cfg, req, tsgl, hashstate); |
4cc2dcf9 | 1667 | } |
da7f033d | 1668 | |
79cafe9a EB |
1669 | static int test_hash_vec(const struct hash_testvec *vec, unsigned int vec_num, |
1670 | struct ahash_request *req, struct shash_desc *desc, | |
1671 | struct test_sglist *tsgl, u8 *hashstate) | |
4cc2dcf9 | 1672 | { |
951d1332 | 1673 | char vec_name[16]; |
4cc2dcf9 EB |
1674 | unsigned int i; |
1675 | int err; | |
da7f033d | 1676 | |
951d1332 EB |
1677 | sprintf(vec_name, "%u", vec_num); |
1678 | ||
4cc2dcf9 | 1679 | for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++) { |
79cafe9a | 1680 | err = test_hash_vec_cfg(vec, vec_name, |
4cc2dcf9 | 1681 | &default_hash_testvec_configs[i], |
d8ea98aa | 1682 | req, desc, tsgl, hashstate); |
4cc2dcf9 EB |
1683 | if (err) |
1684 | return err; | |
1685 | } | |
5f2b424e | 1686 | |
4cc2dcf9 EB |
1687 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS |
1688 | if (!noextratests) { | |
f900fde2 | 1689 | struct rnd_state rng; |
4cc2dcf9 EB |
1690 | struct testvec_config cfg; |
1691 | char cfgname[TESTVEC_CONFIG_NAMELEN]; | |
5f2b424e | 1692 | |
f900fde2 EB |
1693 | init_rnd_state(&rng); |
1694 | ||
4cc2dcf9 | 1695 | for (i = 0; i < fuzz_iterations; i++) { |
f900fde2 | 1696 | generate_random_testvec_config(&rng, &cfg, cfgname, |
4cc2dcf9 | 1697 | sizeof(cfgname)); |
79cafe9a | 1698 | err = test_hash_vec_cfg(vec, vec_name, &cfg, |
d8ea98aa | 1699 | req, desc, tsgl, hashstate); |
4cc2dcf9 EB |
1700 | if (err) |
1701 | return err; | |
e63e1b0d | 1702 | cond_resched(); |
018ba95c WR |
1703 | } |
1704 | } | |
4cc2dcf9 EB |
1705 | #endif |
1706 | return 0; | |
1707 | } | |
018ba95c | 1708 | |
9a8a6b3f EB |
1709 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS |
1710 | /* | |
1711 | * Generate a hash test vector from the given implementation. | |
1712 | * Assumes the buffers in 'vec' were already allocated. | |
1713 | */ | |
f900fde2 EB |
1714 | static void generate_random_hash_testvec(struct rnd_state *rng, |
1715 | struct shash_desc *desc, | |
9a8a6b3f EB |
1716 | struct hash_testvec *vec, |
1717 | unsigned int maxkeysize, | |
1718 | unsigned int maxdatasize, | |
1719 | char *name, size_t max_namelen) | |
1720 | { | |
9a8a6b3f | 1721 | /* Data */ |
f900fde2 EB |
1722 | vec->psize = generate_random_length(rng, maxdatasize); |
1723 | generate_random_bytes(rng, (u8 *)vec->plaintext, vec->psize); | |
9a8a6b3f EB |
1724 | |
1725 | /* | |
1726 | * Key: length in range [1, maxkeysize], but usually choose maxkeysize. | |
1727 | * If algorithm is unkeyed, then maxkeysize == 0 and set ksize = 0. | |
1728 | */ | |
1729 | vec->setkey_error = 0; | |
1730 | vec->ksize = 0; | |
1731 | if (maxkeysize) { | |
1732 | vec->ksize = maxkeysize; | |
f900fde2 EB |
1733 | if (prandom_u32_below(rng, 4) == 0) |
1734 | vec->ksize = prandom_u32_inclusive(rng, 1, maxkeysize); | |
1735 | generate_random_bytes(rng, (u8 *)vec->key, vec->ksize); | |
9a8a6b3f | 1736 | |
149c4e6e | 1737 | vec->setkey_error = crypto_shash_setkey(desc->tfm, vec->key, |
9a8a6b3f EB |
1738 | vec->ksize); |
1739 | /* If the key couldn't be set, no need to continue to digest. */ | |
1740 | if (vec->setkey_error) | |
1741 | goto done; | |
1742 | } | |
1743 | ||
1744 | /* Digest */ | |
9a8a6b3f EB |
1745 | vec->digest_error = crypto_shash_digest(desc, vec->plaintext, |
1746 | vec->psize, (u8 *)vec->digest); | |
1747 | done: | |
1748 | snprintf(name, max_namelen, "\"random: psize=%u ksize=%u\"", | |
1749 | vec->psize, vec->ksize); | |
1750 | } | |
1751 | ||
1752 | /* | |
1753 | * Test the hash algorithm represented by @req against the corresponding generic | |
1754 | * implementation, if one is available. | |
1755 | */ | |
79cafe9a | 1756 | static int test_hash_vs_generic_impl(const char *generic_driver, |
9a8a6b3f EB |
1757 | unsigned int maxkeysize, |
1758 | struct ahash_request *req, | |
d8ea98aa | 1759 | struct shash_desc *desc, |
9a8a6b3f EB |
1760 | struct test_sglist *tsgl, |
1761 | u8 *hashstate) | |
1762 | { | |
1763 | struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); | |
1764 | const unsigned int digestsize = crypto_ahash_digestsize(tfm); | |
1765 | const unsigned int blocksize = crypto_ahash_blocksize(tfm); | |
1766 | const unsigned int maxdatasize = (2 * PAGE_SIZE) - TESTMGR_POISON_LEN; | |
1767 | const char *algname = crypto_hash_alg_common(tfm)->base.cra_name; | |
79cafe9a | 1768 | const char *driver = crypto_ahash_driver_name(tfm); |
f900fde2 | 1769 | struct rnd_state rng; |
9a8a6b3f EB |
1770 | char _generic_driver[CRYPTO_MAX_ALG_NAME]; |
1771 | struct crypto_shash *generic_tfm = NULL; | |
149c4e6e | 1772 | struct shash_desc *generic_desc = NULL; |
9a8a6b3f EB |
1773 | unsigned int i; |
1774 | struct hash_testvec vec = { 0 }; | |
1775 | char vec_name[64]; | |
6b5ca646 | 1776 | struct testvec_config *cfg; |
9a8a6b3f EB |
1777 | char cfgname[TESTVEC_CONFIG_NAMELEN]; |
1778 | int err; | |
1779 | ||
1780 | if (noextratests) | |
1781 | return 0; | |
1782 | ||
f900fde2 EB |
1783 | init_rnd_state(&rng); |
1784 | ||
9a8a6b3f EB |
1785 | if (!generic_driver) { /* Use default naming convention? */ |
1786 | err = build_generic_driver_name(algname, _generic_driver); | |
1787 | if (err) | |
1788 | return err; | |
1789 | generic_driver = _generic_driver; | |
1790 | } | |
1791 | ||
1792 | if (strcmp(generic_driver, driver) == 0) /* Already the generic impl? */ | |
1793 | return 0; | |
1794 | ||
1795 | generic_tfm = crypto_alloc_shash(generic_driver, 0, 0); | |
1796 | if (IS_ERR(generic_tfm)) { | |
1797 | err = PTR_ERR(generic_tfm); | |
1798 | if (err == -ENOENT) { | |
1799 | pr_warn("alg: hash: skipping comparison tests for %s because %s is unavailable\n", | |
1800 | driver, generic_driver); | |
1801 | return 0; | |
1802 | } | |
1803 | pr_err("alg: hash: error allocating %s (generic impl of %s): %d\n", | |
1804 | generic_driver, algname, err); | |
1805 | return err; | |
1806 | } | |
1807 | ||
6b5ca646 AB |
1808 | cfg = kzalloc(sizeof(*cfg), GFP_KERNEL); |
1809 | if (!cfg) { | |
1810 | err = -ENOMEM; | |
1811 | goto out; | |
1812 | } | |
1813 | ||
149c4e6e AB |
1814 | generic_desc = kzalloc(sizeof(*desc) + |
1815 | crypto_shash_descsize(generic_tfm), GFP_KERNEL); | |
1816 | if (!generic_desc) { | |
1817 | err = -ENOMEM; | |
1818 | goto out; | |
1819 | } | |
1820 | generic_desc->tfm = generic_tfm; | |
1821 | ||
9a8a6b3f EB |
1822 | /* Check the algorithm properties for consistency. */ |
1823 | ||
1824 | if (digestsize != crypto_shash_digestsize(generic_tfm)) { | |
1825 | pr_err("alg: hash: digestsize for %s (%u) doesn't match generic impl (%u)\n", | |
1826 | driver, digestsize, | |
1827 | crypto_shash_digestsize(generic_tfm)); | |
1828 | err = -EINVAL; | |
1829 | goto out; | |
1830 | } | |
1831 | ||
1832 | if (blocksize != crypto_shash_blocksize(generic_tfm)) { | |
1833 | pr_err("alg: hash: blocksize for %s (%u) doesn't match generic impl (%u)\n", | |
1834 | driver, blocksize, crypto_shash_blocksize(generic_tfm)); | |
1835 | err = -EINVAL; | |
1836 | goto out; | |
1837 | } | |
1838 | ||
1839 | /* | |
1840 | * Now generate test vectors using the generic implementation, and test | |
1841 | * the other implementation against them. | |
1842 | */ | |
1843 | ||
1844 | vec.key = kmalloc(maxkeysize, GFP_KERNEL); | |
1845 | vec.plaintext = kmalloc(maxdatasize, GFP_KERNEL); | |
1846 | vec.digest = kmalloc(digestsize, GFP_KERNEL); | |
1847 | if (!vec.key || !vec.plaintext || !vec.digest) { | |
1848 | err = -ENOMEM; | |
1849 | goto out; | |
1850 | } | |
1851 | ||
1852 | for (i = 0; i < fuzz_iterations * 8; i++) { | |
f900fde2 | 1853 | generate_random_hash_testvec(&rng, generic_desc, &vec, |
9a8a6b3f EB |
1854 | maxkeysize, maxdatasize, |
1855 | vec_name, sizeof(vec_name)); | |
f900fde2 EB |
1856 | generate_random_testvec_config(&rng, cfg, cfgname, |
1857 | sizeof(cfgname)); | |
9a8a6b3f | 1858 | |
79cafe9a | 1859 | err = test_hash_vec_cfg(&vec, vec_name, cfg, |
d8ea98aa | 1860 | req, desc, tsgl, hashstate); |
9a8a6b3f EB |
1861 | if (err) |
1862 | goto out; | |
1863 | cond_resched(); | |
1864 | } | |
1865 | err = 0; | |
1866 | out: | |
6b5ca646 | 1867 | kfree(cfg); |
9a8a6b3f EB |
1868 | kfree(vec.key); |
1869 | kfree(vec.plaintext); | |
1870 | kfree(vec.digest); | |
1871 | crypto_free_shash(generic_tfm); | |
453431a5 | 1872 | kfree_sensitive(generic_desc); |
9a8a6b3f EB |
1873 | return err; |
1874 | } | |
1875 | #else /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */ | |
79cafe9a | 1876 | static int test_hash_vs_generic_impl(const char *generic_driver, |
9a8a6b3f EB |
1877 | unsigned int maxkeysize, |
1878 | struct ahash_request *req, | |
d8ea98aa | 1879 | struct shash_desc *desc, |
9a8a6b3f EB |
1880 | struct test_sglist *tsgl, |
1881 | u8 *hashstate) | |
1882 | { | |
1883 | return 0; | |
1884 | } | |
1885 | #endif /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */ | |
1886 | ||
d8ea98aa EB |
1887 | static int alloc_shash(const char *driver, u32 type, u32 mask, |
1888 | struct crypto_shash **tfm_ret, | |
1889 | struct shash_desc **desc_ret) | |
1890 | { | |
1891 | struct crypto_shash *tfm; | |
1892 | struct shash_desc *desc; | |
1893 | ||
1894 | tfm = crypto_alloc_shash(driver, type, mask); | |
1895 | if (IS_ERR(tfm)) { | |
1896 | if (PTR_ERR(tfm) == -ENOENT) { | |
1897 | /* | |
1898 | * This algorithm is only available through the ahash | |
1899 | * API, not the shash API, so skip the shash tests. | |
1900 | */ | |
1901 | return 0; | |
1902 | } | |
1903 | pr_err("alg: hash: failed to allocate shash transform for %s: %ld\n", | |
1904 | driver, PTR_ERR(tfm)); | |
1905 | return PTR_ERR(tfm); | |
1906 | } | |
1907 | ||
1908 | desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(tfm), GFP_KERNEL); | |
1909 | if (!desc) { | |
1910 | crypto_free_shash(tfm); | |
1911 | return -ENOMEM; | |
1912 | } | |
1913 | desc->tfm = tfm; | |
1914 | ||
1915 | *tfm_ret = tfm; | |
1916 | *desc_ret = desc; | |
1917 | return 0; | |
1918 | } | |
1919 | ||
4cc2dcf9 EB |
1920 | static int __alg_test_hash(const struct hash_testvec *vecs, |
1921 | unsigned int num_vecs, const char *driver, | |
9a8a6b3f EB |
1922 | u32 type, u32 mask, |
1923 | const char *generic_driver, unsigned int maxkeysize) | |
4cc2dcf9 | 1924 | { |
d8ea98aa | 1925 | struct crypto_ahash *atfm = NULL; |
4cc2dcf9 | 1926 | struct ahash_request *req = NULL; |
d8ea98aa EB |
1927 | struct crypto_shash *stfm = NULL; |
1928 | struct shash_desc *desc = NULL; | |
4cc2dcf9 EB |
1929 | struct test_sglist *tsgl = NULL; |
1930 | u8 *hashstate = NULL; | |
d8ea98aa | 1931 | unsigned int statesize; |
4cc2dcf9 EB |
1932 | unsigned int i; |
1933 | int err; | |
018ba95c | 1934 | |
d8ea98aa EB |
1935 | /* |
1936 | * Always test the ahash API. This works regardless of whether the | |
1937 | * algorithm is implemented as ahash or shash. | |
1938 | */ | |
1939 | ||
1940 | atfm = crypto_alloc_ahash(driver, type, mask); | |
1941 | if (IS_ERR(atfm)) { | |
4eded6d1 HX |
1942 | if (PTR_ERR(atfm) == -ENOENT) |
1943 | return -ENOENT; | |
4cc2dcf9 | 1944 | pr_err("alg: hash: failed to allocate transform for %s: %ld\n", |
d8ea98aa EB |
1945 | driver, PTR_ERR(atfm)); |
1946 | return PTR_ERR(atfm); | |
4cc2dcf9 | 1947 | } |
79cafe9a | 1948 | driver = crypto_ahash_driver_name(atfm); |
018ba95c | 1949 | |
d8ea98aa | 1950 | req = ahash_request_alloc(atfm, GFP_KERNEL); |
4cc2dcf9 EB |
1951 | if (!req) { |
1952 | pr_err("alg: hash: failed to allocate request for %s\n", | |
1953 | driver); | |
1954 | err = -ENOMEM; | |
1955 | goto out; | |
1956 | } | |
018ba95c | 1957 | |
d8ea98aa EB |
1958 | /* |
1959 | * If available also test the shash API, to cover corner cases that may | |
1960 | * be missed by testing the ahash API only. | |
1961 | */ | |
1962 | err = alloc_shash(driver, type, mask, &stfm, &desc); | |
1963 | if (err) | |
1964 | goto out; | |
1965 | ||
4cc2dcf9 EB |
1966 | tsgl = kmalloc(sizeof(*tsgl), GFP_KERNEL); |
1967 | if (!tsgl || init_test_sglist(tsgl) != 0) { | |
1968 | pr_err("alg: hash: failed to allocate test buffers for %s\n", | |
1969 | driver); | |
1970 | kfree(tsgl); | |
1971 | tsgl = NULL; | |
1972 | err = -ENOMEM; | |
1973 | goto out; | |
1974 | } | |
018ba95c | 1975 | |
d8ea98aa EB |
1976 | statesize = crypto_ahash_statesize(atfm); |
1977 | if (stfm) | |
1978 | statesize = max(statesize, crypto_shash_statesize(stfm)); | |
1979 | hashstate = kmalloc(statesize + TESTMGR_POISON_LEN, GFP_KERNEL); | |
4cc2dcf9 EB |
1980 | if (!hashstate) { |
1981 | pr_err("alg: hash: failed to allocate hash state buffer for %s\n", | |
1982 | driver); | |
1983 | err = -ENOMEM; | |
1984 | goto out; | |
1985 | } | |
018ba95c | 1986 | |
4cc2dcf9 | 1987 | for (i = 0; i < num_vecs; i++) { |
c9c28ed0 SM |
1988 | if (fips_enabled && vecs[i].fips_skip) |
1989 | continue; | |
1990 | ||
79cafe9a | 1991 | err = test_hash_vec(&vecs[i], i, req, desc, tsgl, hashstate); |
4cc2dcf9 | 1992 | if (err) |
5f2b424e | 1993 | goto out; |
e63e1b0d | 1994 | cond_resched(); |
da7f033d | 1995 | } |
79cafe9a | 1996 | err = test_hash_vs_generic_impl(generic_driver, maxkeysize, req, |
d8ea98aa | 1997 | desc, tsgl, hashstate); |
da7f033d | 1998 | out: |
4cc2dcf9 EB |
1999 | kfree(hashstate); |
2000 | if (tsgl) { | |
2001 | destroy_test_sglist(tsgl); | |
2002 | kfree(tsgl); | |
2003 | } | |
d8ea98aa EB |
2004 | kfree(desc); |
2005 | crypto_free_shash(stfm); | |
da7f033d | 2006 | ahash_request_free(req); |
d8ea98aa | 2007 | crypto_free_ahash(atfm); |
4cc2dcf9 | 2008 | return err; |
da7f033d HX |
2009 | } |
2010 | ||
4cc2dcf9 EB |
2011 | static int alg_test_hash(const struct alg_test_desc *desc, const char *driver, |
2012 | u32 type, u32 mask) | |
da5ffe11 | 2013 | { |
4cc2dcf9 EB |
2014 | const struct hash_testvec *template = desc->suite.hash.vecs; |
2015 | unsigned int tcount = desc->suite.hash.count; | |
2016 | unsigned int nr_unkeyed, nr_keyed; | |
9a8a6b3f | 2017 | unsigned int maxkeysize = 0; |
4cc2dcf9 | 2018 | int err; |
da5ffe11 | 2019 | |
4cc2dcf9 EB |
2020 | /* |
2021 | * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests | |
2022 | * first, before setting a key on the tfm. To make this easier, we | |
2023 | * require that the unkeyed test vectors (if any) are listed first. | |
2024 | */ | |
da5ffe11 | 2025 | |
4cc2dcf9 EB |
2026 | for (nr_unkeyed = 0; nr_unkeyed < tcount; nr_unkeyed++) { |
2027 | if (template[nr_unkeyed].ksize) | |
2028 | break; | |
2029 | } | |
2030 | for (nr_keyed = 0; nr_unkeyed + nr_keyed < tcount; nr_keyed++) { | |
2031 | if (!template[nr_unkeyed + nr_keyed].ksize) { | |
2032 | pr_err("alg: hash: test vectors for %s out of order, " | |
2033 | "unkeyed ones must come first\n", desc->alg); | |
2034 | return -EINVAL; | |
2035 | } | |
9a8a6b3f EB |
2036 | maxkeysize = max_t(unsigned int, maxkeysize, |
2037 | template[nr_unkeyed + nr_keyed].ksize); | |
4cc2dcf9 | 2038 | } |
da5ffe11 | 2039 | |
4cc2dcf9 EB |
2040 | err = 0; |
2041 | if (nr_unkeyed) { | |
9a8a6b3f EB |
2042 | err = __alg_test_hash(template, nr_unkeyed, driver, type, mask, |
2043 | desc->generic_driver, maxkeysize); | |
4cc2dcf9 | 2044 | template += nr_unkeyed; |
da5ffe11 JK |
2045 | } |
2046 | ||
4cc2dcf9 | 2047 | if (!err && nr_keyed) |
9a8a6b3f EB |
2048 | err = __alg_test_hash(template, nr_keyed, driver, type, mask, |
2049 | desc->generic_driver, maxkeysize); | |
4cc2dcf9 EB |
2050 | |
2051 | return err; | |
da5ffe11 JK |
2052 | } |
2053 | ||
2257f471 | 2054 | static int test_aead_vec_cfg(int enc, const struct aead_testvec *vec, |
951d1332 | 2055 | const char *vec_name, |
ed96804f EB |
2056 | const struct testvec_config *cfg, |
2057 | struct aead_request *req, | |
2058 | struct cipher_test_sglists *tsgls) | |
da7f033d | 2059 | { |
ed96804f EB |
2060 | struct crypto_aead *tfm = crypto_aead_reqtfm(req); |
2061 | const unsigned int alignmask = crypto_aead_alignmask(tfm); | |
2062 | const unsigned int ivsize = crypto_aead_ivsize(tfm); | |
2063 | const unsigned int authsize = vec->clen - vec->plen; | |
2257f471 | 2064 | const char *driver = crypto_aead_driver_name(tfm); |
ed96804f EB |
2065 | const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; |
2066 | const char *op = enc ? "encryption" : "decryption"; | |
2067 | DECLARE_CRYPTO_WAIT(wait); | |
2068 | u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN]; | |
2069 | u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) + | |
2070 | cfg->iv_offset + | |
2071 | (cfg->iv_offset_relative_to_alignmask ? alignmask : 0); | |
2072 | struct kvec input[2]; | |
2073 | int err; | |
d8a32ac2 | 2074 | |
ed96804f EB |
2075 | /* Set the key */ |
2076 | if (vec->wk) | |
2077 | crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); | |
da7f033d | 2078 | else |
ed96804f | 2079 | crypto_aead_clear_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); |
fd8c37c7 EB |
2080 | |
2081 | err = do_setkey(crypto_aead_setkey, tfm, vec->key, vec->klen, | |
2082 | cfg, alignmask); | |
5283a8ee | 2083 | if (err && err != vec->setkey_error) { |
951d1332 EB |
2084 | pr_err("alg: aead: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n", |
2085 | driver, vec_name, vec->setkey_error, err, | |
5283a8ee | 2086 | crypto_aead_get_flags(tfm)); |
ed96804f | 2087 | return err; |
da7f033d | 2088 | } |
5283a8ee | 2089 | if (!err && vec->setkey_error) { |
951d1332 EB |
2090 | pr_err("alg: aead: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n", |
2091 | driver, vec_name, vec->setkey_error); | |
ed96804f | 2092 | return -EINVAL; |
da7f033d HX |
2093 | } |
2094 | ||
ed96804f EB |
2095 | /* Set the authentication tag size */ |
2096 | err = crypto_aead_setauthsize(tfm, authsize); | |
5283a8ee | 2097 | if (err && err != vec->setauthsize_error) { |
951d1332 EB |
2098 | pr_err("alg: aead: %s setauthsize failed on test vector %s; expected_error=%d, actual_error=%d\n", |
2099 | driver, vec_name, vec->setauthsize_error, err); | |
ed96804f EB |
2100 | return err; |
2101 | } | |
5283a8ee | 2102 | if (!err && vec->setauthsize_error) { |
951d1332 EB |
2103 | pr_err("alg: aead: %s setauthsize unexpectedly succeeded on test vector %s; expected_error=%d\n", |
2104 | driver, vec_name, vec->setauthsize_error); | |
5283a8ee EB |
2105 | return -EINVAL; |
2106 | } | |
2107 | ||
2108 | if (vec->setkey_error || vec->setauthsize_error) | |
2109 | return 0; | |
8ec25c51 | 2110 | |
ed96804f EB |
2111 | /* The IV must be copied to a buffer, as the algorithm may modify it */ |
2112 | if (WARN_ON(ivsize > MAX_IVLEN)) | |
2113 | return -EINVAL; | |
2114 | if (vec->iv) | |
2115 | memcpy(iv, vec->iv, ivsize); | |
2116 | else | |
2117 | memset(iv, 0, ivsize); | |
da7f033d | 2118 | |
ed96804f EB |
2119 | /* Build the src/dst scatterlists */ |
2120 | input[0].iov_base = (void *)vec->assoc; | |
2121 | input[0].iov_len = vec->alen; | |
2122 | input[1].iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext; | |
2123 | input[1].iov_len = enc ? vec->plen : vec->clen; | |
2124 | err = build_cipher_test_sglists(tsgls, cfg, alignmask, | |
2125 | vec->alen + (enc ? vec->plen : | |
2126 | vec->clen), | |
2127 | vec->alen + (enc ? vec->clen : | |
2128 | vec->plen), | |
2129 | input, 2); | |
2130 | if (err) { | |
951d1332 EB |
2131 | pr_err("alg: aead: %s %s: error preparing scatterlists for test vector %s, cfg=\"%s\"\n", |
2132 | driver, op, vec_name, cfg->name); | |
ed96804f EB |
2133 | return err; |
2134 | } | |
da7f033d | 2135 | |
ed96804f EB |
2136 | /* Do the actual encryption or decryption */ |
2137 | testmgr_poison(req->__ctx, crypto_aead_reqsize(tfm)); | |
2138 | aead_request_set_callback(req, req_flags, crypto_req_done, &wait); | |
2139 | aead_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr, | |
2140 | enc ? vec->plen : vec->clen, iv); | |
2141 | aead_request_set_ad(req, vec->alen); | |
6570737c EB |
2142 | if (cfg->nosimd) |
2143 | crypto_disable_simd_for_test(); | |
2144 | err = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req); | |
2145 | if (cfg->nosimd) | |
2146 | crypto_reenable_simd_for_test(); | |
2147 | err = crypto_wait_req(err, &wait); | |
a6e5ef9b EB |
2148 | |
2149 | /* Check that the algorithm didn't overwrite things it shouldn't have */ | |
2150 | if (req->cryptlen != (enc ? vec->plen : vec->clen) || | |
2151 | req->assoclen != vec->alen || | |
2152 | req->iv != iv || | |
2153 | req->src != tsgls->src.sgl_ptr || | |
2154 | req->dst != tsgls->dst.sgl_ptr || | |
2155 | crypto_aead_reqtfm(req) != tfm || | |
2156 | req->base.complete != crypto_req_done || | |
2157 | req->base.flags != req_flags || | |
2158 | req->base.data != &wait) { | |
951d1332 EB |
2159 | pr_err("alg: aead: %s %s corrupted request struct on test vector %s, cfg=\"%s\"\n", |
2160 | driver, op, vec_name, cfg->name); | |
a6e5ef9b EB |
2161 | if (req->cryptlen != (enc ? vec->plen : vec->clen)) |
2162 | pr_err("alg: aead: changed 'req->cryptlen'\n"); | |
2163 | if (req->assoclen != vec->alen) | |
2164 | pr_err("alg: aead: changed 'req->assoclen'\n"); | |
2165 | if (req->iv != iv) | |
2166 | pr_err("alg: aead: changed 'req->iv'\n"); | |
2167 | if (req->src != tsgls->src.sgl_ptr) | |
2168 | pr_err("alg: aead: changed 'req->src'\n"); | |
2169 | if (req->dst != tsgls->dst.sgl_ptr) | |
2170 | pr_err("alg: aead: changed 'req->dst'\n"); | |
2171 | if (crypto_aead_reqtfm(req) != tfm) | |
2172 | pr_err("alg: aead: changed 'req->base.tfm'\n"); | |
2173 | if (req->base.complete != crypto_req_done) | |
2174 | pr_err("alg: aead: changed 'req->base.complete'\n"); | |
2175 | if (req->base.flags != req_flags) | |
2176 | pr_err("alg: aead: changed 'req->base.flags'\n"); | |
2177 | if (req->base.data != &wait) | |
2178 | pr_err("alg: aead: changed 'req->base.data'\n"); | |
2179 | return -EINVAL; | |
2180 | } | |
2181 | if (is_test_sglist_corrupted(&tsgls->src)) { | |
951d1332 EB |
2182 | pr_err("alg: aead: %s %s corrupted src sgl on test vector %s, cfg=\"%s\"\n", |
2183 | driver, op, vec_name, cfg->name); | |
a6e5ef9b EB |
2184 | return -EINVAL; |
2185 | } | |
2186 | if (tsgls->dst.sgl_ptr != tsgls->src.sgl && | |
2187 | is_test_sglist_corrupted(&tsgls->dst)) { | |
951d1332 EB |
2188 | pr_err("alg: aead: %s %s corrupted dst sgl on test vector %s, cfg=\"%s\"\n", |
2189 | driver, op, vec_name, cfg->name); | |
a6e5ef9b | 2190 | return -EINVAL; |
ed96804f | 2191 | } |
da7f033d | 2192 | |
49763fc6 EB |
2193 | /* Check for unexpected success or failure, or wrong error code */ |
2194 | if ((err == 0 && vec->novrfy) || | |
2195 | (err != vec->crypt_error && !(err == -EBADMSG && vec->novrfy))) { | |
2196 | char expected_error[32]; | |
2197 | ||
2198 | if (vec->novrfy && | |
2199 | vec->crypt_error != 0 && vec->crypt_error != -EBADMSG) | |
2200 | sprintf(expected_error, "-EBADMSG or %d", | |
2201 | vec->crypt_error); | |
2202 | else if (vec->novrfy) | |
2203 | sprintf(expected_error, "-EBADMSG"); | |
2204 | else | |
2205 | sprintf(expected_error, "%d", vec->crypt_error); | |
2206 | if (err) { | |
2207 | pr_err("alg: aead: %s %s failed on test vector %s; expected_error=%s, actual_error=%d, cfg=\"%s\"\n", | |
2208 | driver, op, vec_name, expected_error, err, | |
2209 | cfg->name); | |
2210 | return err; | |
2211 | } | |
2212 | pr_err("alg: aead: %s %s unexpectedly succeeded on test vector %s; expected_error=%s, cfg=\"%s\"\n", | |
951d1332 | 2213 | driver, op, vec_name, expected_error, cfg->name); |
5283a8ee EB |
2214 | return -EINVAL; |
2215 | } | |
49763fc6 EB |
2216 | if (err) /* Expectedly failed. */ |
2217 | return 0; | |
5283a8ee | 2218 | |
ed96804f EB |
2219 | /* Check for the correct output (ciphertext or plaintext) */ |
2220 | err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, | |
2221 | enc ? vec->clen : vec->plen, | |
f17f9e90 EB |
2222 | vec->alen, |
2223 | enc || cfg->inplace_mode == OUT_OF_PLACE); | |
ed96804f | 2224 | if (err == -EOVERFLOW) { |
951d1332 EB |
2225 | pr_err("alg: aead: %s %s overran dst buffer on test vector %s, cfg=\"%s\"\n", |
2226 | driver, op, vec_name, cfg->name); | |
ed96804f EB |
2227 | return err; |
2228 | } | |
2229 | if (err) { | |
951d1332 EB |
2230 | pr_err("alg: aead: %s %s test failed (wrong result) on test vector %s, cfg=\"%s\"\n", |
2231 | driver, op, vec_name, cfg->name); | |
ed96804f EB |
2232 | return err; |
2233 | } | |
da7f033d | 2234 | |
ed96804f EB |
2235 | return 0; |
2236 | } | |
da7f033d | 2237 | |
2257f471 EB |
2238 | static int test_aead_vec(int enc, const struct aead_testvec *vec, |
2239 | unsigned int vec_num, struct aead_request *req, | |
ed96804f EB |
2240 | struct cipher_test_sglists *tsgls) |
2241 | { | |
951d1332 | 2242 | char vec_name[16]; |
ed96804f EB |
2243 | unsigned int i; |
2244 | int err; | |
da7f033d | 2245 | |
ed96804f EB |
2246 | if (enc && vec->novrfy) |
2247 | return 0; | |
da7f033d | 2248 | |
951d1332 EB |
2249 | sprintf(vec_name, "%u", vec_num); |
2250 | ||
ed96804f | 2251 | for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) { |
2257f471 | 2252 | err = test_aead_vec_cfg(enc, vec, vec_name, |
ed96804f EB |
2253 | &default_cipher_testvec_configs[i], |
2254 | req, tsgls); | |
2255 | if (err) | |
2256 | return err; | |
2257 | } | |
da7f033d | 2258 | |
ed96804f EB |
2259 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS |
2260 | if (!noextratests) { | |
f900fde2 | 2261 | struct rnd_state rng; |
ed96804f EB |
2262 | struct testvec_config cfg; |
2263 | char cfgname[TESTVEC_CONFIG_NAMELEN]; | |
05b1d338 | 2264 | |
f900fde2 EB |
2265 | init_rnd_state(&rng); |
2266 | ||
ed96804f | 2267 | for (i = 0; i < fuzz_iterations; i++) { |
f900fde2 | 2268 | generate_random_testvec_config(&rng, &cfg, cfgname, |
ed96804f | 2269 | sizeof(cfgname)); |
2257f471 | 2270 | err = test_aead_vec_cfg(enc, vec, vec_name, |
ed96804f EB |
2271 | &cfg, req, tsgls); |
2272 | if (err) | |
2273 | return err; | |
e63e1b0d | 2274 | cond_resched(); |
da7f033d HX |
2275 | } |
2276 | } | |
ed96804f EB |
2277 | #endif |
2278 | return 0; | |
2279 | } | |
da7f033d | 2280 | |
40153b10 | 2281 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS |
2ea91505 EB |
2282 | |
2283 | struct aead_extra_tests_ctx { | |
f900fde2 | 2284 | struct rnd_state rng; |
2ea91505 EB |
2285 | struct aead_request *req; |
2286 | struct crypto_aead *tfm; | |
2ea91505 EB |
2287 | const struct alg_test_desc *test_desc; |
2288 | struct cipher_test_sglists *tsgls; | |
2289 | unsigned int maxdatasize; | |
2290 | unsigned int maxkeysize; | |
2291 | ||
2292 | struct aead_testvec vec; | |
2293 | char vec_name[64]; | |
2294 | char cfgname[TESTVEC_CONFIG_NAMELEN]; | |
2295 | struct testvec_config cfg; | |
2296 | }; | |
2297 | ||
40153b10 | 2298 | /* |
49763fc6 EB |
2299 | * Make at least one random change to a (ciphertext, AAD) pair. "Ciphertext" |
2300 | * here means the full ciphertext including the authentication tag. The | |
2301 | * authentication tag (and hence also the ciphertext) is assumed to be nonempty. | |
2302 | */ | |
f900fde2 EB |
2303 | static void mutate_aead_message(struct rnd_state *rng, |
2304 | struct aead_testvec *vec, bool aad_iv, | |
6f3a06d9 | 2305 | unsigned int ivsize) |
49763fc6 | 2306 | { |
6f3a06d9 | 2307 | const unsigned int aad_tail_size = aad_iv ? ivsize : 0; |
49763fc6 EB |
2308 | const unsigned int authsize = vec->clen - vec->plen; |
2309 | ||
f900fde2 | 2310 | if (prandom_bool(rng) && vec->alen > aad_tail_size) { |
49763fc6 | 2311 | /* Mutate the AAD */ |
f900fde2 EB |
2312 | flip_random_bit(rng, (u8 *)vec->assoc, |
2313 | vec->alen - aad_tail_size); | |
2314 | if (prandom_bool(rng)) | |
49763fc6 EB |
2315 | return; |
2316 | } | |
f900fde2 | 2317 | if (prandom_bool(rng)) { |
49763fc6 | 2318 | /* Mutate auth tag (assuming it's at the end of ciphertext) */ |
f900fde2 | 2319 | flip_random_bit(rng, (u8 *)vec->ctext + vec->plen, authsize); |
49763fc6 EB |
2320 | } else { |
2321 | /* Mutate any part of the ciphertext */ | |
f900fde2 | 2322 | flip_random_bit(rng, (u8 *)vec->ctext, vec->clen); |
49763fc6 EB |
2323 | } |
2324 | } | |
2325 | ||
2326 | /* | |
2327 | * Minimum authentication tag size in bytes at which we assume that we can | |
2328 | * reliably generate inauthentic messages, i.e. not generate an authentic | |
2329 | * message by chance. | |
2330 | */ | |
2331 | #define MIN_COLLISION_FREE_AUTHSIZE 8 | |
2332 | ||
f900fde2 EB |
2333 | static void generate_aead_message(struct rnd_state *rng, |
2334 | struct aead_request *req, | |
49763fc6 EB |
2335 | const struct aead_test_suite *suite, |
2336 | struct aead_testvec *vec, | |
2337 | bool prefer_inauthentic) | |
2338 | { | |
2339 | struct crypto_aead *tfm = crypto_aead_reqtfm(req); | |
2340 | const unsigned int ivsize = crypto_aead_ivsize(tfm); | |
2341 | const unsigned int authsize = vec->clen - vec->plen; | |
2342 | const bool inauthentic = (authsize >= MIN_COLLISION_FREE_AUTHSIZE) && | |
f900fde2 EB |
2343 | (prefer_inauthentic || |
2344 | prandom_u32_below(rng, 4) == 0); | |
49763fc6 EB |
2345 | |
2346 | /* Generate the AAD. */ | |
f900fde2 | 2347 | generate_random_bytes(rng, (u8 *)vec->assoc, vec->alen); |
6f3a06d9 EB |
2348 | if (suite->aad_iv && vec->alen >= ivsize) |
2349 | /* Avoid implementation-defined behavior. */ | |
2350 | memcpy((u8 *)vec->assoc + vec->alen - ivsize, vec->iv, ivsize); | |
49763fc6 | 2351 | |
f900fde2 | 2352 | if (inauthentic && prandom_bool(rng)) { |
49763fc6 | 2353 | /* Generate a random ciphertext. */ |
f900fde2 | 2354 | generate_random_bytes(rng, (u8 *)vec->ctext, vec->clen); |
49763fc6 EB |
2355 | } else { |
2356 | int i = 0; | |
2357 | struct scatterlist src[2], dst; | |
2358 | u8 iv[MAX_IVLEN]; | |
2359 | DECLARE_CRYPTO_WAIT(wait); | |
2360 | ||
2361 | /* Generate a random plaintext and encrypt it. */ | |
2362 | sg_init_table(src, 2); | |
2363 | if (vec->alen) | |
2364 | sg_set_buf(&src[i++], vec->assoc, vec->alen); | |
2365 | if (vec->plen) { | |
f900fde2 | 2366 | generate_random_bytes(rng, (u8 *)vec->ptext, vec->plen); |
49763fc6 EB |
2367 | sg_set_buf(&src[i++], vec->ptext, vec->plen); |
2368 | } | |
2369 | sg_init_one(&dst, vec->ctext, vec->alen + vec->clen); | |
2370 | memcpy(iv, vec->iv, ivsize); | |
2371 | aead_request_set_callback(req, 0, crypto_req_done, &wait); | |
2372 | aead_request_set_crypt(req, src, &dst, vec->plen, iv); | |
2373 | aead_request_set_ad(req, vec->alen); | |
2374 | vec->crypt_error = crypto_wait_req(crypto_aead_encrypt(req), | |
2375 | &wait); | |
2376 | /* If encryption failed, we're done. */ | |
2377 | if (vec->crypt_error != 0) | |
2378 | return; | |
2379 | memmove((u8 *)vec->ctext, vec->ctext + vec->alen, vec->clen); | |
2380 | if (!inauthentic) | |
2381 | return; | |
2382 | /* | |
2383 | * Mutate the authentic (ciphertext, AAD) pair to get an | |
2384 | * inauthentic one. | |
2385 | */ | |
f900fde2 | 2386 | mutate_aead_message(rng, vec, suite->aad_iv, ivsize); |
49763fc6 EB |
2387 | } |
2388 | vec->novrfy = 1; | |
2389 | if (suite->einval_allowed) | |
2390 | vec->crypt_error = -EINVAL; | |
2391 | } | |
2392 | ||
2393 | /* | |
2394 | * Generate an AEAD test vector 'vec' using the implementation specified by | |
2395 | * 'req'. The buffers in 'vec' must already be allocated. | |
2396 | * | |
2397 | * If 'prefer_inauthentic' is true, then this function will generate inauthentic | |
2398 | * test vectors (i.e. vectors with 'vec->novrfy=1') more often. | |
40153b10 | 2399 | */ |
f900fde2 EB |
2400 | static void generate_random_aead_testvec(struct rnd_state *rng, |
2401 | struct aead_request *req, | |
40153b10 | 2402 | struct aead_testvec *vec, |
49763fc6 | 2403 | const struct aead_test_suite *suite, |
40153b10 EB |
2404 | unsigned int maxkeysize, |
2405 | unsigned int maxdatasize, | |
49763fc6 EB |
2406 | char *name, size_t max_namelen, |
2407 | bool prefer_inauthentic) | |
40153b10 EB |
2408 | { |
2409 | struct crypto_aead *tfm = crypto_aead_reqtfm(req); | |
2410 | const unsigned int ivsize = crypto_aead_ivsize(tfm); | |
2ea91505 | 2411 | const unsigned int maxauthsize = crypto_aead_maxauthsize(tfm); |
40153b10 EB |
2412 | unsigned int authsize; |
2413 | unsigned int total_len; | |
40153b10 EB |
2414 | |
2415 | /* Key: length in [0, maxkeysize], but usually choose maxkeysize */ | |
2416 | vec->klen = maxkeysize; | |
f900fde2 EB |
2417 | if (prandom_u32_below(rng, 4) == 0) |
2418 | vec->klen = prandom_u32_below(rng, maxkeysize + 1); | |
2419 | generate_random_bytes(rng, (u8 *)vec->key, vec->klen); | |
40153b10 EB |
2420 | vec->setkey_error = crypto_aead_setkey(tfm, vec->key, vec->klen); |
2421 | ||
2422 | /* IV */ | |
f900fde2 | 2423 | generate_random_bytes(rng, (u8 *)vec->iv, ivsize); |
40153b10 EB |
2424 | |
2425 | /* Tag length: in [0, maxauthsize], but usually choose maxauthsize */ | |
2426 | authsize = maxauthsize; | |
f900fde2 EB |
2427 | if (prandom_u32_below(rng, 4) == 0) |
2428 | authsize = prandom_u32_below(rng, maxauthsize + 1); | |
49763fc6 EB |
2429 | if (prefer_inauthentic && authsize < MIN_COLLISION_FREE_AUTHSIZE) |
2430 | authsize = MIN_COLLISION_FREE_AUTHSIZE; | |
40153b10 EB |
2431 | if (WARN_ON(authsize > maxdatasize)) |
2432 | authsize = maxdatasize; | |
2433 | maxdatasize -= authsize; | |
2434 | vec->setauthsize_error = crypto_aead_setauthsize(tfm, authsize); | |
2435 | ||
49763fc6 | 2436 | /* AAD, plaintext, and ciphertext lengths */ |
f900fde2 EB |
2437 | total_len = generate_random_length(rng, maxdatasize); |
2438 | if (prandom_u32_below(rng, 4) == 0) | |
40153b10 EB |
2439 | vec->alen = 0; |
2440 | else | |
f900fde2 | 2441 | vec->alen = generate_random_length(rng, total_len); |
40153b10 | 2442 | vec->plen = total_len - vec->alen; |
40153b10 EB |
2443 | vec->clen = vec->plen + authsize; |
2444 | ||
2445 | /* | |
49763fc6 EB |
2446 | * Generate the AAD, plaintext, and ciphertext. Not applicable if the |
2447 | * key or the authentication tag size couldn't be set. | |
40153b10 | 2448 | */ |
49763fc6 | 2449 | vec->novrfy = 0; |
eb455dbd | 2450 | vec->crypt_error = 0; |
49763fc6 | 2451 | if (vec->setkey_error == 0 && vec->setauthsize_error == 0) |
f900fde2 | 2452 | generate_aead_message(rng, req, suite, vec, prefer_inauthentic); |
40153b10 | 2453 | snprintf(name, max_namelen, |
49763fc6 EB |
2454 | "\"random: alen=%u plen=%u authsize=%u klen=%u novrfy=%d\"", |
2455 | vec->alen, vec->plen, authsize, vec->klen, vec->novrfy); | |
2456 | } | |
2457 | ||
2458 | static void try_to_generate_inauthentic_testvec( | |
2459 | struct aead_extra_tests_ctx *ctx) | |
2460 | { | |
2461 | int i; | |
2462 | ||
2463 | for (i = 0; i < 10; i++) { | |
f900fde2 | 2464 | generate_random_aead_testvec(&ctx->rng, ctx->req, &ctx->vec, |
49763fc6 EB |
2465 | &ctx->test_desc->suite.aead, |
2466 | ctx->maxkeysize, ctx->maxdatasize, | |
2467 | ctx->vec_name, | |
2468 | sizeof(ctx->vec_name), true); | |
2469 | if (ctx->vec.novrfy) | |
2470 | return; | |
2471 | } | |
2472 | } | |
2473 | ||
2474 | /* | |
2475 | * Generate inauthentic test vectors (i.e. ciphertext, AAD pairs that aren't the | |
2476 | * result of an encryption with the key) and verify that decryption fails. | |
2477 | */ | |
2478 | static int test_aead_inauthentic_inputs(struct aead_extra_tests_ctx *ctx) | |
2479 | { | |
2480 | unsigned int i; | |
2481 | int err; | |
2482 | ||
2483 | for (i = 0; i < fuzz_iterations * 8; i++) { | |
2484 | /* | |
2485 | * Since this part of the tests isn't comparing the | |
2486 | * implementation to another, there's no point in testing any | |
2487 | * test vectors other than inauthentic ones (vec.novrfy=1) here. | |
2488 | * | |
2489 | * If we're having trouble generating such a test vector, e.g. | |
2490 | * if the algorithm keeps rejecting the generated keys, don't | |
2491 | * retry forever; just continue on. | |
2492 | */ | |
2493 | try_to_generate_inauthentic_testvec(ctx); | |
2494 | if (ctx->vec.novrfy) { | |
f900fde2 EB |
2495 | generate_random_testvec_config(&ctx->rng, &ctx->cfg, |
2496 | ctx->cfgname, | |
49763fc6 | 2497 | sizeof(ctx->cfgname)); |
2257f471 | 2498 | err = test_aead_vec_cfg(DECRYPT, &ctx->vec, |
49763fc6 EB |
2499 | ctx->vec_name, &ctx->cfg, |
2500 | ctx->req, ctx->tsgls); | |
2501 | if (err) | |
2502 | return err; | |
2503 | } | |
2504 | cond_resched(); | |
2505 | } | |
2506 | return 0; | |
40153b10 EB |
2507 | } |
2508 | ||
2509 | /* | |
2ea91505 EB |
2510 | * Test the AEAD algorithm against the corresponding generic implementation, if |
2511 | * one is available. | |
40153b10 | 2512 | */ |
2ea91505 | 2513 | static int test_aead_vs_generic_impl(struct aead_extra_tests_ctx *ctx) |
40153b10 | 2514 | { |
2ea91505 | 2515 | struct crypto_aead *tfm = ctx->tfm; |
40153b10 | 2516 | const char *algname = crypto_aead_alg(tfm)->base.cra_name; |
2257f471 | 2517 | const char *driver = crypto_aead_driver_name(tfm); |
2ea91505 | 2518 | const char *generic_driver = ctx->test_desc->generic_driver; |
40153b10 EB |
2519 | char _generic_driver[CRYPTO_MAX_ALG_NAME]; |
2520 | struct crypto_aead *generic_tfm = NULL; | |
2521 | struct aead_request *generic_req = NULL; | |
40153b10 | 2522 | unsigned int i; |
40153b10 EB |
2523 | int err; |
2524 | ||
40153b10 EB |
2525 | if (!generic_driver) { /* Use default naming convention? */ |
2526 | err = build_generic_driver_name(algname, _generic_driver); | |
2527 | if (err) | |
2528 | return err; | |
2529 | generic_driver = _generic_driver; | |
2530 | } | |
2531 | ||
2532 | if (strcmp(generic_driver, driver) == 0) /* Already the generic impl? */ | |
2533 | return 0; | |
2534 | ||
2535 | generic_tfm = crypto_alloc_aead(generic_driver, 0, 0); | |
2536 | if (IS_ERR(generic_tfm)) { | |
2537 | err = PTR_ERR(generic_tfm); | |
2538 | if (err == -ENOENT) { | |
2539 | pr_warn("alg: aead: skipping comparison tests for %s because %s is unavailable\n", | |
2540 | driver, generic_driver); | |
2541 | return 0; | |
2542 | } | |
2543 | pr_err("alg: aead: error allocating %s (generic impl of %s): %d\n", | |
2544 | generic_driver, algname, err); | |
2545 | return err; | |
2546 | } | |
2547 | ||
2548 | generic_req = aead_request_alloc(generic_tfm, GFP_KERNEL); | |
2549 | if (!generic_req) { | |
2550 | err = -ENOMEM; | |
2551 | goto out; | |
2552 | } | |
2553 | ||
2554 | /* Check the algorithm properties for consistency. */ | |
2555 | ||
2ea91505 EB |
2556 | if (crypto_aead_maxauthsize(tfm) != |
2557 | crypto_aead_maxauthsize(generic_tfm)) { | |
40153b10 | 2558 | pr_err("alg: aead: maxauthsize for %s (%u) doesn't match generic impl (%u)\n", |
2ea91505 EB |
2559 | driver, crypto_aead_maxauthsize(tfm), |
2560 | crypto_aead_maxauthsize(generic_tfm)); | |
40153b10 EB |
2561 | err = -EINVAL; |
2562 | goto out; | |
2563 | } | |
2564 | ||
2ea91505 | 2565 | if (crypto_aead_ivsize(tfm) != crypto_aead_ivsize(generic_tfm)) { |
40153b10 | 2566 | pr_err("alg: aead: ivsize for %s (%u) doesn't match generic impl (%u)\n", |
2ea91505 EB |
2567 | driver, crypto_aead_ivsize(tfm), |
2568 | crypto_aead_ivsize(generic_tfm)); | |
40153b10 EB |
2569 | err = -EINVAL; |
2570 | goto out; | |
2571 | } | |
2572 | ||
2ea91505 | 2573 | if (crypto_aead_blocksize(tfm) != crypto_aead_blocksize(generic_tfm)) { |
40153b10 | 2574 | pr_err("alg: aead: blocksize for %s (%u) doesn't match generic impl (%u)\n", |
2ea91505 EB |
2575 | driver, crypto_aead_blocksize(tfm), |
2576 | crypto_aead_blocksize(generic_tfm)); | |
40153b10 EB |
2577 | err = -EINVAL; |
2578 | goto out; | |
2579 | } | |
2580 | ||
2581 | /* | |
2582 | * Now generate test vectors using the generic implementation, and test | |
2583 | * the other implementation against them. | |
2584 | */ | |
40153b10 | 2585 | for (i = 0; i < fuzz_iterations * 8; i++) { |
f900fde2 | 2586 | generate_random_aead_testvec(&ctx->rng, generic_req, &ctx->vec, |
49763fc6 | 2587 | &ctx->test_desc->suite.aead, |
2ea91505 EB |
2588 | ctx->maxkeysize, ctx->maxdatasize, |
2589 | ctx->vec_name, | |
49763fc6 | 2590 | sizeof(ctx->vec_name), false); |
f900fde2 EB |
2591 | generate_random_testvec_config(&ctx->rng, &ctx->cfg, |
2592 | ctx->cfgname, | |
2ea91505 | 2593 | sizeof(ctx->cfgname)); |
49763fc6 | 2594 | if (!ctx->vec.novrfy) { |
2257f471 | 2595 | err = test_aead_vec_cfg(ENCRYPT, &ctx->vec, |
49763fc6 EB |
2596 | ctx->vec_name, &ctx->cfg, |
2597 | ctx->req, ctx->tsgls); | |
2598 | if (err) | |
2599 | goto out; | |
2600 | } | |
2601 | if (ctx->vec.crypt_error == 0 || ctx->vec.novrfy) { | |
2257f471 | 2602 | err = test_aead_vec_cfg(DECRYPT, &ctx->vec, |
2ea91505 EB |
2603 | ctx->vec_name, &ctx->cfg, |
2604 | ctx->req, ctx->tsgls); | |
eb455dbd EB |
2605 | if (err) |
2606 | goto out; | |
2607 | } | |
40153b10 EB |
2608 | cond_resched(); |
2609 | } | |
2610 | err = 0; | |
2611 | out: | |
40153b10 EB |
2612 | crypto_free_aead(generic_tfm); |
2613 | aead_request_free(generic_req); | |
2614 | return err; | |
2615 | } | |
2ea91505 | 2616 | |
2257f471 | 2617 | static int test_aead_extra(const struct alg_test_desc *test_desc, |
2ea91505 EB |
2618 | struct aead_request *req, |
2619 | struct cipher_test_sglists *tsgls) | |
2620 | { | |
2621 | struct aead_extra_tests_ctx *ctx; | |
2622 | unsigned int i; | |
2623 | int err; | |
2624 | ||
2625 | if (noextratests) | |
2626 | return 0; | |
2627 | ||
2628 | ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); | |
2629 | if (!ctx) | |
2630 | return -ENOMEM; | |
f900fde2 | 2631 | init_rnd_state(&ctx->rng); |
2ea91505 EB |
2632 | ctx->req = req; |
2633 | ctx->tfm = crypto_aead_reqtfm(req); | |
2ea91505 EB |
2634 | ctx->test_desc = test_desc; |
2635 | ctx->tsgls = tsgls; | |
2636 | ctx->maxdatasize = (2 * PAGE_SIZE) - TESTMGR_POISON_LEN; | |
2637 | ctx->maxkeysize = 0; | |
2638 | for (i = 0; i < test_desc->suite.aead.count; i++) | |
2639 | ctx->maxkeysize = max_t(unsigned int, ctx->maxkeysize, | |
2640 | test_desc->suite.aead.vecs[i].klen); | |
2641 | ||
2642 | ctx->vec.key = kmalloc(ctx->maxkeysize, GFP_KERNEL); | |
2643 | ctx->vec.iv = kmalloc(crypto_aead_ivsize(ctx->tfm), GFP_KERNEL); | |
2644 | ctx->vec.assoc = kmalloc(ctx->maxdatasize, GFP_KERNEL); | |
2645 | ctx->vec.ptext = kmalloc(ctx->maxdatasize, GFP_KERNEL); | |
2646 | ctx->vec.ctext = kmalloc(ctx->maxdatasize, GFP_KERNEL); | |
2647 | if (!ctx->vec.key || !ctx->vec.iv || !ctx->vec.assoc || | |
2648 | !ctx->vec.ptext || !ctx->vec.ctext) { | |
2649 | err = -ENOMEM; | |
2650 | goto out; | |
2651 | } | |
2652 | ||
8ff357a9 | 2653 | err = test_aead_vs_generic_impl(ctx); |
49763fc6 EB |
2654 | if (err) |
2655 | goto out; | |
2656 | ||
8ff357a9 | 2657 | err = test_aead_inauthentic_inputs(ctx); |
2ea91505 EB |
2658 | out: |
2659 | kfree(ctx->vec.key); | |
2660 | kfree(ctx->vec.iv); | |
2661 | kfree(ctx->vec.assoc); | |
2662 | kfree(ctx->vec.ptext); | |
2663 | kfree(ctx->vec.ctext); | |
2664 | kfree(ctx); | |
2665 | return err; | |
2666 | } | |
40153b10 | 2667 | #else /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */ |
2257f471 | 2668 | static int test_aead_extra(const struct alg_test_desc *test_desc, |
2ea91505 EB |
2669 | struct aead_request *req, |
2670 | struct cipher_test_sglists *tsgls) | |
40153b10 EB |
2671 | { |
2672 | return 0; | |
2673 | } | |
2674 | #endif /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */ | |
2675 | ||
2257f471 | 2676 | static int test_aead(int enc, const struct aead_test_suite *suite, |
ed96804f EB |
2677 | struct aead_request *req, |
2678 | struct cipher_test_sglists *tsgls) | |
2679 | { | |
2680 | unsigned int i; | |
2681 | int err; | |
da7f033d | 2682 | |
ed96804f | 2683 | for (i = 0; i < suite->count; i++) { |
2257f471 | 2684 | err = test_aead_vec(enc, &suite->vecs[i], i, req, tsgls); |
ed96804f EB |
2685 | if (err) |
2686 | return err; | |
e63e1b0d | 2687 | cond_resched(); |
ed96804f EB |
2688 | } |
2689 | return 0; | |
da7f033d HX |
2690 | } |
2691 | ||
ed96804f EB |
2692 | static int alg_test_aead(const struct alg_test_desc *desc, const char *driver, |
2693 | u32 type, u32 mask) | |
d8a32ac2 | 2694 | { |
ed96804f EB |
2695 | const struct aead_test_suite *suite = &desc->suite.aead; |
2696 | struct crypto_aead *tfm; | |
2697 | struct aead_request *req = NULL; | |
2698 | struct cipher_test_sglists *tsgls = NULL; | |
2699 | int err; | |
d8a32ac2 | 2700 | |
ed96804f EB |
2701 | if (suite->count <= 0) { |
2702 | pr_err("alg: aead: empty test suite for %s\n", driver); | |
2703 | return -EINVAL; | |
2704 | } | |
d8a32ac2 | 2705 | |
ed96804f EB |
2706 | tfm = crypto_alloc_aead(driver, type, mask); |
2707 | if (IS_ERR(tfm)) { | |
4eded6d1 HX |
2708 | if (PTR_ERR(tfm) == -ENOENT) |
2709 | return -ENOENT; | |
ed96804f EB |
2710 | pr_err("alg: aead: failed to allocate transform for %s: %ld\n", |
2711 | driver, PTR_ERR(tfm)); | |
2712 | return PTR_ERR(tfm); | |
2713 | } | |
2257f471 | 2714 | driver = crypto_aead_driver_name(tfm); |
58dcf548 | 2715 | |
ed96804f EB |
2716 | req = aead_request_alloc(tfm, GFP_KERNEL); |
2717 | if (!req) { | |
2718 | pr_err("alg: aead: failed to allocate request for %s\n", | |
2719 | driver); | |
2720 | err = -ENOMEM; | |
2721 | goto out; | |
2722 | } | |
58dcf548 | 2723 | |
ed96804f EB |
2724 | tsgls = alloc_cipher_test_sglists(); |
2725 | if (!tsgls) { | |
2726 | pr_err("alg: aead: failed to allocate test buffers for %s\n", | |
2727 | driver); | |
2728 | err = -ENOMEM; | |
2729 | goto out; | |
58dcf548 JK |
2730 | } |
2731 | ||
2257f471 | 2732 | err = test_aead(ENCRYPT, suite, req, tsgls); |
ed96804f EB |
2733 | if (err) |
2734 | goto out; | |
2735 | ||
2257f471 | 2736 | err = test_aead(DECRYPT, suite, req, tsgls); |
40153b10 EB |
2737 | if (err) |
2738 | goto out; | |
2739 | ||
2257f471 | 2740 | err = test_aead_extra(desc, req, tsgls); |
ed96804f EB |
2741 | out: |
2742 | free_cipher_test_sglists(tsgls); | |
2743 | aead_request_free(req); | |
2744 | crypto_free_aead(tfm); | |
2745 | return err; | |
d8a32ac2 JK |
2746 | } |
2747 | ||
1aa4ecd9 | 2748 | static int test_cipher(struct crypto_cipher *tfm, int enc, |
b13b1e0c EB |
2749 | const struct cipher_testvec *template, |
2750 | unsigned int tcount) | |
1aa4ecd9 HX |
2751 | { |
2752 | const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm)); | |
2753 | unsigned int i, j, k; | |
1aa4ecd9 HX |
2754 | char *q; |
2755 | const char *e; | |
92a4c9fe | 2756 | const char *input, *result; |
1aa4ecd9 | 2757 | void *data; |
f8b0d4d0 HX |
2758 | char *xbuf[XBUFSIZE]; |
2759 | int ret = -ENOMEM; | |
2760 | ||
2761 | if (testmgr_alloc_buf(xbuf)) | |
2762 | goto out_nobuf; | |
1aa4ecd9 HX |
2763 | |
2764 | if (enc == ENCRYPT) | |
2765 | e = "encryption"; | |
2766 | else | |
2767 | e = "decryption"; | |
2768 | ||
2769 | j = 0; | |
2770 | for (i = 0; i < tcount; i++) { | |
1aa4ecd9 | 2771 | |
10faa8c0 SM |
2772 | if (fips_enabled && template[i].fips_skip) |
2773 | continue; | |
2774 | ||
92a4c9fe EB |
2775 | input = enc ? template[i].ptext : template[i].ctext; |
2776 | result = enc ? template[i].ctext : template[i].ptext; | |
1aa4ecd9 HX |
2777 | j++; |
2778 | ||
fd57f22a | 2779 | ret = -EINVAL; |
92a4c9fe | 2780 | if (WARN_ON(template[i].len > PAGE_SIZE)) |
fd57f22a HX |
2781 | goto out; |
2782 | ||
1aa4ecd9 | 2783 | data = xbuf[0]; |
92a4c9fe | 2784 | memcpy(data, input, template[i].len); |
1aa4ecd9 HX |
2785 | |
2786 | crypto_cipher_clear_flags(tfm, ~0); | |
2787 | if (template[i].wk) | |
231baecd | 2788 | crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); |
1aa4ecd9 HX |
2789 | |
2790 | ret = crypto_cipher_setkey(tfm, template[i].key, | |
2791 | template[i].klen); | |
5283a8ee EB |
2792 | if (ret) { |
2793 | if (ret == template[i].setkey_error) | |
2794 | continue; | |
2795 | pr_err("alg: cipher: %s setkey failed on test vector %u; expected_error=%d, actual_error=%d, flags=%#x\n", | |
2796 | algo, j, template[i].setkey_error, ret, | |
2797 | crypto_cipher_get_flags(tfm)); | |
1aa4ecd9 | 2798 | goto out; |
5283a8ee EB |
2799 | } |
2800 | if (template[i].setkey_error) { | |
2801 | pr_err("alg: cipher: %s setkey unexpectedly succeeded on test vector %u; expected_error=%d\n", | |
2802 | algo, j, template[i].setkey_error); | |
2803 | ret = -EINVAL; | |
2804 | goto out; | |
2805 | } | |
1aa4ecd9 | 2806 | |
92a4c9fe | 2807 | for (k = 0; k < template[i].len; |
1aa4ecd9 HX |
2808 | k += crypto_cipher_blocksize(tfm)) { |
2809 | if (enc) | |
2810 | crypto_cipher_encrypt_one(tfm, data + k, | |
2811 | data + k); | |
2812 | else | |
2813 | crypto_cipher_decrypt_one(tfm, data + k, | |
2814 | data + k); | |
2815 | } | |
2816 | ||
2817 | q = data; | |
92a4c9fe | 2818 | if (memcmp(q, result, template[i].len)) { |
1aa4ecd9 HX |
2819 | printk(KERN_ERR "alg: cipher: Test %d failed " |
2820 | "on %s for %s\n", j, e, algo); | |
92a4c9fe | 2821 | hexdump(q, template[i].len); |
1aa4ecd9 HX |
2822 | ret = -EINVAL; |
2823 | goto out; | |
2824 | } | |
2825 | } | |
2826 | ||
2827 | ret = 0; | |
2828 | ||
2829 | out: | |
f8b0d4d0 HX |
2830 | testmgr_free_buf(xbuf); |
2831 | out_nobuf: | |
1aa4ecd9 HX |
2832 | return ret; |
2833 | } | |
2834 | ||
6e5972fa | 2835 | static int test_skcipher_vec_cfg(int enc, const struct cipher_testvec *vec, |
951d1332 | 2836 | const char *vec_name, |
4e7babba EB |
2837 | const struct testvec_config *cfg, |
2838 | struct skcipher_request *req, | |
2839 | struct cipher_test_sglists *tsgls) | |
da7f033d | 2840 | { |
4e7babba EB |
2841 | struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); |
2842 | const unsigned int alignmask = crypto_skcipher_alignmask(tfm); | |
2843 | const unsigned int ivsize = crypto_skcipher_ivsize(tfm); | |
6e5972fa | 2844 | const char *driver = crypto_skcipher_driver_name(tfm); |
4e7babba EB |
2845 | const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; |
2846 | const char *op = enc ? "encryption" : "decryption"; | |
2847 | DECLARE_CRYPTO_WAIT(wait); | |
2848 | u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN]; | |
2849 | u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) + | |
2850 | cfg->iv_offset + | |
2851 | (cfg->iv_offset_relative_to_alignmask ? alignmask : 0); | |
2852 | struct kvec input; | |
2853 | int err; | |
08d6af8c | 2854 | |
4e7babba EB |
2855 | /* Set the key */ |
2856 | if (vec->wk) | |
2857 | crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); | |
da7f033d | 2858 | else |
4e7babba EB |
2859 | crypto_skcipher_clear_flags(tfm, |
2860 | CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); | |
fd8c37c7 EB |
2861 | err = do_setkey(crypto_skcipher_setkey, tfm, vec->key, vec->klen, |
2862 | cfg, alignmask); | |
4e7babba | 2863 | if (err) { |
5283a8ee | 2864 | if (err == vec->setkey_error) |
4e7babba | 2865 | return 0; |
951d1332 EB |
2866 | pr_err("alg: skcipher: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n", |
2867 | driver, vec_name, vec->setkey_error, err, | |
5283a8ee | 2868 | crypto_skcipher_get_flags(tfm)); |
4e7babba EB |
2869 | return err; |
2870 | } | |
5283a8ee | 2871 | if (vec->setkey_error) { |
951d1332 EB |
2872 | pr_err("alg: skcipher: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n", |
2873 | driver, vec_name, vec->setkey_error); | |
4e7babba | 2874 | return -EINVAL; |
da7f033d HX |
2875 | } |
2876 | ||
4e7babba EB |
2877 | /* The IV must be copied to a buffer, as the algorithm may modify it */ |
2878 | if (ivsize) { | |
2879 | if (WARN_ON(ivsize > MAX_IVLEN)) | |
2880 | return -EINVAL; | |
8efd972e EB |
2881 | if (vec->generates_iv && !enc) |
2882 | memcpy(iv, vec->iv_out, ivsize); | |
2883 | else if (vec->iv) | |
4e7babba | 2884 | memcpy(iv, vec->iv, ivsize); |
da7f033d | 2885 | else |
4e7babba EB |
2886 | memset(iv, 0, ivsize); |
2887 | } else { | |
2888 | if (vec->generates_iv) { | |
951d1332 EB |
2889 | pr_err("alg: skcipher: %s has ivsize=0 but test vector %s generates IV!\n", |
2890 | driver, vec_name); | |
4e7babba | 2891 | return -EINVAL; |
8a826a34 | 2892 | } |
4e7babba | 2893 | iv = NULL; |
da7f033d HX |
2894 | } |
2895 | ||
4e7babba EB |
2896 | /* Build the src/dst scatterlists */ |
2897 | input.iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext; | |
2898 | input.iov_len = vec->len; | |
2899 | err = build_cipher_test_sglists(tsgls, cfg, alignmask, | |
2900 | vec->len, vec->len, &input, 1); | |
2901 | if (err) { | |
951d1332 EB |
2902 | pr_err("alg: skcipher: %s %s: error preparing scatterlists for test vector %s, cfg=\"%s\"\n", |
2903 | driver, op, vec_name, cfg->name); | |
4e7babba EB |
2904 | return err; |
2905 | } | |
da7f033d | 2906 | |
4e7babba EB |
2907 | /* Do the actual encryption or decryption */ |
2908 | testmgr_poison(req->__ctx, crypto_skcipher_reqsize(tfm)); | |
2909 | skcipher_request_set_callback(req, req_flags, crypto_req_done, &wait); | |
2910 | skcipher_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr, | |
2911 | vec->len, iv); | |
6570737c EB |
2912 | if (cfg->nosimd) |
2913 | crypto_disable_simd_for_test(); | |
2914 | err = enc ? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req); | |
2915 | if (cfg->nosimd) | |
2916 | crypto_reenable_simd_for_test(); | |
2917 | err = crypto_wait_req(err, &wait); | |
da7f033d | 2918 | |
fa353c99 EB |
2919 | /* Check that the algorithm didn't overwrite things it shouldn't have */ |
2920 | if (req->cryptlen != vec->len || | |
2921 | req->iv != iv || | |
2922 | req->src != tsgls->src.sgl_ptr || | |
2923 | req->dst != tsgls->dst.sgl_ptr || | |
2924 | crypto_skcipher_reqtfm(req) != tfm || | |
2925 | req->base.complete != crypto_req_done || | |
2926 | req->base.flags != req_flags || | |
2927 | req->base.data != &wait) { | |
951d1332 EB |
2928 | pr_err("alg: skcipher: %s %s corrupted request struct on test vector %s, cfg=\"%s\"\n", |
2929 | driver, op, vec_name, cfg->name); | |
fa353c99 EB |
2930 | if (req->cryptlen != vec->len) |
2931 | pr_err("alg: skcipher: changed 'req->cryptlen'\n"); | |
2932 | if (req->iv != iv) | |
2933 | pr_err("alg: skcipher: changed 'req->iv'\n"); | |
2934 | if (req->src != tsgls->src.sgl_ptr) | |
2935 | pr_err("alg: skcipher: changed 'req->src'\n"); | |
2936 | if (req->dst != tsgls->dst.sgl_ptr) | |
2937 | pr_err("alg: skcipher: changed 'req->dst'\n"); | |
2938 | if (crypto_skcipher_reqtfm(req) != tfm) | |
2939 | pr_err("alg: skcipher: changed 'req->base.tfm'\n"); | |
2940 | if (req->base.complete != crypto_req_done) | |
2941 | pr_err("alg: skcipher: changed 'req->base.complete'\n"); | |
2942 | if (req->base.flags != req_flags) | |
2943 | pr_err("alg: skcipher: changed 'req->base.flags'\n"); | |
2944 | if (req->base.data != &wait) | |
2945 | pr_err("alg: skcipher: changed 'req->base.data'\n"); | |
2946 | return -EINVAL; | |
2947 | } | |
2948 | if (is_test_sglist_corrupted(&tsgls->src)) { | |
951d1332 EB |
2949 | pr_err("alg: skcipher: %s %s corrupted src sgl on test vector %s, cfg=\"%s\"\n", |
2950 | driver, op, vec_name, cfg->name); | |
fa353c99 EB |
2951 | return -EINVAL; |
2952 | } | |
2953 | if (tsgls->dst.sgl_ptr != tsgls->src.sgl && | |
2954 | is_test_sglist_corrupted(&tsgls->dst)) { | |
951d1332 EB |
2955 | pr_err("alg: skcipher: %s %s corrupted dst sgl on test vector %s, cfg=\"%s\"\n", |
2956 | driver, op, vec_name, cfg->name); | |
fa353c99 EB |
2957 | return -EINVAL; |
2958 | } | |
2959 | ||
5283a8ee EB |
2960 | /* Check for success or failure */ |
2961 | if (err) { | |
2962 | if (err == vec->crypt_error) | |
2963 | return 0; | |
951d1332 EB |
2964 | pr_err("alg: skcipher: %s %s failed on test vector %s; expected_error=%d, actual_error=%d, cfg=\"%s\"\n", |
2965 | driver, op, vec_name, vec->crypt_error, err, cfg->name); | |
5283a8ee EB |
2966 | return err; |
2967 | } | |
2968 | if (vec->crypt_error) { | |
951d1332 EB |
2969 | pr_err("alg: skcipher: %s %s unexpectedly succeeded on test vector %s; expected_error=%d, cfg=\"%s\"\n", |
2970 | driver, op, vec_name, vec->crypt_error, cfg->name); | |
5283a8ee EB |
2971 | return -EINVAL; |
2972 | } | |
2973 | ||
4e7babba EB |
2974 | /* Check for the correct output (ciphertext or plaintext) */ |
2975 | err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, | |
2976 | vec->len, 0, true); | |
2977 | if (err == -EOVERFLOW) { | |
951d1332 EB |
2978 | pr_err("alg: skcipher: %s %s overran dst buffer on test vector %s, cfg=\"%s\"\n", |
2979 | driver, op, vec_name, cfg->name); | |
4e7babba EB |
2980 | return err; |
2981 | } | |
2982 | if (err) { | |
951d1332 EB |
2983 | pr_err("alg: skcipher: %s %s test failed (wrong result) on test vector %s, cfg=\"%s\"\n", |
2984 | driver, op, vec_name, cfg->name); | |
4e7babba EB |
2985 | return err; |
2986 | } | |
08d6af8c | 2987 | |
4e7babba | 2988 | /* If applicable, check that the algorithm generated the correct IV */ |
8efd972e | 2989 | if (vec->iv_out && memcmp(iv, vec->iv_out, ivsize) != 0) { |
951d1332 EB |
2990 | pr_err("alg: skcipher: %s %s test failed (wrong output IV) on test vector %s, cfg=\"%s\"\n", |
2991 | driver, op, vec_name, cfg->name); | |
4e7babba EB |
2992 | hexdump(iv, ivsize); |
2993 | return -EINVAL; | |
2994 | } | |
08d6af8c | 2995 | |
4e7babba EB |
2996 | return 0; |
2997 | } | |
da7f033d | 2998 | |
6e5972fa | 2999 | static int test_skcipher_vec(int enc, const struct cipher_testvec *vec, |
4e7babba EB |
3000 | unsigned int vec_num, |
3001 | struct skcipher_request *req, | |
3002 | struct cipher_test_sglists *tsgls) | |
3003 | { | |
951d1332 | 3004 | char vec_name[16]; |
4e7babba EB |
3005 | unsigned int i; |
3006 | int err; | |
da7f033d | 3007 | |
4e7babba EB |
3008 | if (fips_enabled && vec->fips_skip) |
3009 | return 0; | |
da7f033d | 3010 | |
951d1332 EB |
3011 | sprintf(vec_name, "%u", vec_num); |
3012 | ||
4e7babba | 3013 | for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) { |
6e5972fa | 3014 | err = test_skcipher_vec_cfg(enc, vec, vec_name, |
4e7babba EB |
3015 | &default_cipher_testvec_configs[i], |
3016 | req, tsgls); | |
3017 | if (err) | |
3018 | return err; | |
3019 | } | |
da7f033d | 3020 | |
4e7babba EB |
3021 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS |
3022 | if (!noextratests) { | |
f900fde2 | 3023 | struct rnd_state rng; |
4e7babba EB |
3024 | struct testvec_config cfg; |
3025 | char cfgname[TESTVEC_CONFIG_NAMELEN]; | |
3026 | ||
f900fde2 EB |
3027 | init_rnd_state(&rng); |
3028 | ||
4e7babba | 3029 | for (i = 0; i < fuzz_iterations; i++) { |
f900fde2 | 3030 | generate_random_testvec_config(&rng, &cfg, cfgname, |
4e7babba | 3031 | sizeof(cfgname)); |
6e5972fa | 3032 | err = test_skcipher_vec_cfg(enc, vec, vec_name, |
4e7babba EB |
3033 | &cfg, req, tsgls); |
3034 | if (err) | |
3035 | return err; | |
e63e1b0d | 3036 | cond_resched(); |
da7f033d HX |
3037 | } |
3038 | } | |
4e7babba EB |
3039 | #endif |
3040 | return 0; | |
3041 | } | |
da7f033d | 3042 | |
d435e10e EB |
3043 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS |
3044 | /* | |
3045 | * Generate a symmetric cipher test vector from the given implementation. | |
3046 | * Assumes the buffers in 'vec' were already allocated. | |
3047 | */ | |
f900fde2 EB |
3048 | static void generate_random_cipher_testvec(struct rnd_state *rng, |
3049 | struct skcipher_request *req, | |
d435e10e EB |
3050 | struct cipher_testvec *vec, |
3051 | unsigned int maxdatasize, | |
3052 | char *name, size_t max_namelen) | |
3053 | { | |
3054 | struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); | |
9ac0d136 | 3055 | const unsigned int maxkeysize = crypto_skcipher_max_keysize(tfm); |
d435e10e EB |
3056 | const unsigned int ivsize = crypto_skcipher_ivsize(tfm); |
3057 | struct scatterlist src, dst; | |
3058 | u8 iv[MAX_IVLEN]; | |
3059 | DECLARE_CRYPTO_WAIT(wait); | |
3060 | ||
3061 | /* Key: length in [0, maxkeysize], but usually choose maxkeysize */ | |
3062 | vec->klen = maxkeysize; | |
f900fde2 EB |
3063 | if (prandom_u32_below(rng, 4) == 0) |
3064 | vec->klen = prandom_u32_below(rng, maxkeysize + 1); | |
3065 | generate_random_bytes(rng, (u8 *)vec->key, vec->klen); | |
d435e10e EB |
3066 | vec->setkey_error = crypto_skcipher_setkey(tfm, vec->key, vec->klen); |
3067 | ||
3068 | /* IV */ | |
f900fde2 | 3069 | generate_random_bytes(rng, (u8 *)vec->iv, ivsize); |
d435e10e EB |
3070 | |
3071 | /* Plaintext */ | |
f900fde2 EB |
3072 | vec->len = generate_random_length(rng, maxdatasize); |
3073 | generate_random_bytes(rng, (u8 *)vec->ptext, vec->len); | |
d435e10e EB |
3074 | |
3075 | /* If the key couldn't be set, no need to continue to encrypt. */ | |
3076 | if (vec->setkey_error) | |
3077 | goto done; | |
3078 | ||
3079 | /* Ciphertext */ | |
3080 | sg_init_one(&src, vec->ptext, vec->len); | |
3081 | sg_init_one(&dst, vec->ctext, vec->len); | |
3082 | memcpy(iv, vec->iv, ivsize); | |
3083 | skcipher_request_set_callback(req, 0, crypto_req_done, &wait); | |
3084 | skcipher_request_set_crypt(req, &src, &dst, vec->len, iv); | |
3085 | vec->crypt_error = crypto_wait_req(crypto_skcipher_encrypt(req), &wait); | |
eb455dbd EB |
3086 | if (vec->crypt_error != 0) { |
3087 | /* | |
3088 | * The only acceptable error here is for an invalid length, so | |
3089 | * skcipher decryption should fail with the same error too. | |
3090 | * We'll test for this. But to keep the API usage well-defined, | |
3091 | * explicitly initialize the ciphertext buffer too. | |
3092 | */ | |
3093 | memset((u8 *)vec->ctext, 0, vec->len); | |
3094 | } | |
d435e10e EB |
3095 | done: |
3096 | snprintf(name, max_namelen, "\"random: len=%u klen=%u\"", | |
3097 | vec->len, vec->klen); | |
3098 | } | |
3099 | ||
3100 | /* | |
3101 | * Test the skcipher algorithm represented by @req against the corresponding | |
3102 | * generic implementation, if one is available. | |
3103 | */ | |
6e5972fa | 3104 | static int test_skcipher_vs_generic_impl(const char *generic_driver, |
d435e10e EB |
3105 | struct skcipher_request *req, |
3106 | struct cipher_test_sglists *tsgls) | |
3107 | { | |
3108 | struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); | |
9ac0d136 | 3109 | const unsigned int maxkeysize = crypto_skcipher_max_keysize(tfm); |
d435e10e EB |
3110 | const unsigned int ivsize = crypto_skcipher_ivsize(tfm); |
3111 | const unsigned int blocksize = crypto_skcipher_blocksize(tfm); | |
3112 | const unsigned int maxdatasize = (2 * PAGE_SIZE) - TESTMGR_POISON_LEN; | |
3113 | const char *algname = crypto_skcipher_alg(tfm)->base.cra_name; | |
6e5972fa | 3114 | const char *driver = crypto_skcipher_driver_name(tfm); |
f900fde2 | 3115 | struct rnd_state rng; |
d435e10e EB |
3116 | char _generic_driver[CRYPTO_MAX_ALG_NAME]; |
3117 | struct crypto_skcipher *generic_tfm = NULL; | |
3118 | struct skcipher_request *generic_req = NULL; | |
3119 | unsigned int i; | |
3120 | struct cipher_testvec vec = { 0 }; | |
3121 | char vec_name[64]; | |
6b5ca646 | 3122 | struct testvec_config *cfg; |
d435e10e EB |
3123 | char cfgname[TESTVEC_CONFIG_NAMELEN]; |
3124 | int err; | |
3125 | ||
3126 | if (noextratests) | |
3127 | return 0; | |
3128 | ||
3129 | /* Keywrap isn't supported here yet as it handles its IV differently. */ | |
3130 | if (strncmp(algname, "kw(", 3) == 0) | |
3131 | return 0; | |
3132 | ||
f900fde2 EB |
3133 | init_rnd_state(&rng); |
3134 | ||
d435e10e EB |
3135 | if (!generic_driver) { /* Use default naming convention? */ |
3136 | err = build_generic_driver_name(algname, _generic_driver); | |
3137 | if (err) | |
3138 | return err; | |
3139 | generic_driver = _generic_driver; | |
3140 | } | |
3141 | ||
3142 | if (strcmp(generic_driver, driver) == 0) /* Already the generic impl? */ | |
3143 | return 0; | |
3144 | ||
3145 | generic_tfm = crypto_alloc_skcipher(generic_driver, 0, 0); | |
3146 | if (IS_ERR(generic_tfm)) { | |
3147 | err = PTR_ERR(generic_tfm); | |
3148 | if (err == -ENOENT) { | |
3149 | pr_warn("alg: skcipher: skipping comparison tests for %s because %s is unavailable\n", | |
3150 | driver, generic_driver); | |
3151 | return 0; | |
3152 | } | |
3153 | pr_err("alg: skcipher: error allocating %s (generic impl of %s): %d\n", | |
3154 | generic_driver, algname, err); | |
3155 | return err; | |
3156 | } | |
3157 | ||
6b5ca646 AB |
3158 | cfg = kzalloc(sizeof(*cfg), GFP_KERNEL); |
3159 | if (!cfg) { | |
3160 | err = -ENOMEM; | |
3161 | goto out; | |
3162 | } | |
3163 | ||
d435e10e EB |
3164 | generic_req = skcipher_request_alloc(generic_tfm, GFP_KERNEL); |
3165 | if (!generic_req) { | |
3166 | err = -ENOMEM; | |
3167 | goto out; | |
3168 | } | |
3169 | ||
3170 | /* Check the algorithm properties for consistency. */ | |
3171 | ||
fd60f727 EB |
3172 | if (crypto_skcipher_min_keysize(tfm) != |
3173 | crypto_skcipher_min_keysize(generic_tfm)) { | |
3174 | pr_err("alg: skcipher: min keysize for %s (%u) doesn't match generic impl (%u)\n", | |
3175 | driver, crypto_skcipher_min_keysize(tfm), | |
3176 | crypto_skcipher_min_keysize(generic_tfm)); | |
3177 | err = -EINVAL; | |
3178 | goto out; | |
3179 | } | |
3180 | ||
9ac0d136 | 3181 | if (maxkeysize != crypto_skcipher_max_keysize(generic_tfm)) { |
d435e10e | 3182 | pr_err("alg: skcipher: max keysize for %s (%u) doesn't match generic impl (%u)\n", |
9ac0d136 EB |
3183 | driver, maxkeysize, |
3184 | crypto_skcipher_max_keysize(generic_tfm)); | |
d435e10e EB |
3185 | err = -EINVAL; |
3186 | goto out; | |
3187 | } | |
3188 | ||
3189 | if (ivsize != crypto_skcipher_ivsize(generic_tfm)) { | |
3190 | pr_err("alg: skcipher: ivsize for %s (%u) doesn't match generic impl (%u)\n", | |
3191 | driver, ivsize, crypto_skcipher_ivsize(generic_tfm)); | |
3192 | err = -EINVAL; | |
3193 | goto out; | |
3194 | } | |
3195 | ||
3196 | if (blocksize != crypto_skcipher_blocksize(generic_tfm)) { | |
3197 | pr_err("alg: skcipher: blocksize for %s (%u) doesn't match generic impl (%u)\n", | |
3198 | driver, blocksize, | |
3199 | crypto_skcipher_blocksize(generic_tfm)); | |
3200 | err = -EINVAL; | |
3201 | goto out; | |
3202 | } | |
3203 | ||
3204 | /* | |
3205 | * Now generate test vectors using the generic implementation, and test | |
3206 | * the other implementation against them. | |
3207 | */ | |
3208 | ||
9ac0d136 | 3209 | vec.key = kmalloc(maxkeysize, GFP_KERNEL); |
d435e10e EB |
3210 | vec.iv = kmalloc(ivsize, GFP_KERNEL); |
3211 | vec.ptext = kmalloc(maxdatasize, GFP_KERNEL); | |
3212 | vec.ctext = kmalloc(maxdatasize, GFP_KERNEL); | |
3213 | if (!vec.key || !vec.iv || !vec.ptext || !vec.ctext) { | |
3214 | err = -ENOMEM; | |
3215 | goto out; | |
3216 | } | |
3217 | ||
3218 | for (i = 0; i < fuzz_iterations * 8; i++) { | |
f900fde2 EB |
3219 | generate_random_cipher_testvec(&rng, generic_req, &vec, |
3220 | maxdatasize, | |
d435e10e | 3221 | vec_name, sizeof(vec_name)); |
f900fde2 EB |
3222 | generate_random_testvec_config(&rng, cfg, cfgname, |
3223 | sizeof(cfgname)); | |
d435e10e | 3224 | |
6e5972fa | 3225 | err = test_skcipher_vec_cfg(ENCRYPT, &vec, vec_name, |
6b5ca646 | 3226 | cfg, req, tsgls); |
d435e10e EB |
3227 | if (err) |
3228 | goto out; | |
6e5972fa | 3229 | err = test_skcipher_vec_cfg(DECRYPT, &vec, vec_name, |
6b5ca646 | 3230 | cfg, req, tsgls); |
d435e10e EB |
3231 | if (err) |
3232 | goto out; | |
3233 | cond_resched(); | |
3234 | } | |
3235 | err = 0; | |
3236 | out: | |
6b5ca646 | 3237 | kfree(cfg); |
d435e10e EB |
3238 | kfree(vec.key); |
3239 | kfree(vec.iv); | |
3240 | kfree(vec.ptext); | |
3241 | kfree(vec.ctext); | |
3242 | crypto_free_skcipher(generic_tfm); | |
3243 | skcipher_request_free(generic_req); | |
3244 | return err; | |
3245 | } | |
3246 | #else /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */ | |
6e5972fa | 3247 | static int test_skcipher_vs_generic_impl(const char *generic_driver, |
d435e10e EB |
3248 | struct skcipher_request *req, |
3249 | struct cipher_test_sglists *tsgls) | |
3250 | { | |
3251 | return 0; | |
3252 | } | |
3253 | #endif /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */ | |
3254 | ||
6e5972fa | 3255 | static int test_skcipher(int enc, const struct cipher_test_suite *suite, |
4e7babba EB |
3256 | struct skcipher_request *req, |
3257 | struct cipher_test_sglists *tsgls) | |
3258 | { | |
3259 | unsigned int i; | |
3260 | int err; | |
da7f033d | 3261 | |
4e7babba | 3262 | for (i = 0; i < suite->count; i++) { |
6e5972fa | 3263 | err = test_skcipher_vec(enc, &suite->vecs[i], i, req, tsgls); |
4e7babba EB |
3264 | if (err) |
3265 | return err; | |
e63e1b0d | 3266 | cond_resched(); |
4e7babba EB |
3267 | } |
3268 | return 0; | |
da7f033d HX |
3269 | } |
3270 | ||
4e7babba EB |
3271 | static int alg_test_skcipher(const struct alg_test_desc *desc, |
3272 | const char *driver, u32 type, u32 mask) | |
08d6af8c | 3273 | { |
4e7babba EB |
3274 | const struct cipher_test_suite *suite = &desc->suite.cipher; |
3275 | struct crypto_skcipher *tfm; | |
3276 | struct skcipher_request *req = NULL; | |
3277 | struct cipher_test_sglists *tsgls = NULL; | |
3278 | int err; | |
08d6af8c | 3279 | |
4e7babba EB |
3280 | if (suite->count <= 0) { |
3281 | pr_err("alg: skcipher: empty test suite for %s\n", driver); | |
3282 | return -EINVAL; | |
3283 | } | |
08d6af8c | 3284 | |
4e7babba EB |
3285 | tfm = crypto_alloc_skcipher(driver, type, mask); |
3286 | if (IS_ERR(tfm)) { | |
4eded6d1 HX |
3287 | if (PTR_ERR(tfm) == -ENOENT) |
3288 | return -ENOENT; | |
4e7babba EB |
3289 | pr_err("alg: skcipher: failed to allocate transform for %s: %ld\n", |
3290 | driver, PTR_ERR(tfm)); | |
3291 | return PTR_ERR(tfm); | |
3292 | } | |
6e5972fa | 3293 | driver = crypto_skcipher_driver_name(tfm); |
3a338f20 | 3294 | |
4e7babba EB |
3295 | req = skcipher_request_alloc(tfm, GFP_KERNEL); |
3296 | if (!req) { | |
3297 | pr_err("alg: skcipher: failed to allocate request for %s\n", | |
3298 | driver); | |
3299 | err = -ENOMEM; | |
3300 | goto out; | |
3301 | } | |
3a338f20 | 3302 | |
4e7babba EB |
3303 | tsgls = alloc_cipher_test_sglists(); |
3304 | if (!tsgls) { | |
3305 | pr_err("alg: skcipher: failed to allocate test buffers for %s\n", | |
3306 | driver); | |
3307 | err = -ENOMEM; | |
3308 | goto out; | |
3a338f20 JK |
3309 | } |
3310 | ||
6e5972fa | 3311 | err = test_skcipher(ENCRYPT, suite, req, tsgls); |
4e7babba EB |
3312 | if (err) |
3313 | goto out; | |
3314 | ||
6e5972fa | 3315 | err = test_skcipher(DECRYPT, suite, req, tsgls); |
d435e10e EB |
3316 | if (err) |
3317 | goto out; | |
3318 | ||
6e5972fa | 3319 | err = test_skcipher_vs_generic_impl(desc->generic_driver, req, tsgls); |
4e7babba EB |
3320 | out: |
3321 | free_cipher_test_sglists(tsgls); | |
3322 | skcipher_request_free(req); | |
3323 | crypto_free_skcipher(tfm); | |
3324 | return err; | |
08d6af8c JK |
3325 | } |
3326 | ||
b13b1e0c EB |
3327 | static int test_comp(struct crypto_comp *tfm, |
3328 | const struct comp_testvec *ctemplate, | |
3329 | const struct comp_testvec *dtemplate, | |
3330 | int ctcount, int dtcount) | |
da7f033d HX |
3331 | { |
3332 | const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm)); | |
33607384 | 3333 | char *output, *decomp_output; |
da7f033d | 3334 | unsigned int i; |
da7f033d HX |
3335 | int ret; |
3336 | ||
33607384 MC |
3337 | output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); |
3338 | if (!output) | |
3339 | return -ENOMEM; | |
3340 | ||
3341 | decomp_output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); | |
3342 | if (!decomp_output) { | |
3343 | kfree(output); | |
3344 | return -ENOMEM; | |
3345 | } | |
3346 | ||
da7f033d | 3347 | for (i = 0; i < ctcount; i++) { |
c79cf910 GU |
3348 | int ilen; |
3349 | unsigned int dlen = COMP_BUF_SIZE; | |
da7f033d | 3350 | |
22a8118d MS |
3351 | memset(output, 0, COMP_BUF_SIZE); |
3352 | memset(decomp_output, 0, COMP_BUF_SIZE); | |
da7f033d HX |
3353 | |
3354 | ilen = ctemplate[i].inlen; | |
3355 | ret = crypto_comp_compress(tfm, ctemplate[i].input, | |
33607384 | 3356 | ilen, output, &dlen); |
da7f033d HX |
3357 | if (ret) { |
3358 | printk(KERN_ERR "alg: comp: compression failed " | |
3359 | "on test %d for %s: ret=%d\n", i + 1, algo, | |
3360 | -ret); | |
3361 | goto out; | |
3362 | } | |
3363 | ||
33607384 MC |
3364 | ilen = dlen; |
3365 | dlen = COMP_BUF_SIZE; | |
3366 | ret = crypto_comp_decompress(tfm, output, | |
3367 | ilen, decomp_output, &dlen); | |
3368 | if (ret) { | |
3369 | pr_err("alg: comp: compression failed: decompress: on test %d for %s failed: ret=%d\n", | |
3370 | i + 1, algo, -ret); | |
3371 | goto out; | |
3372 | } | |
3373 | ||
3374 | if (dlen != ctemplate[i].inlen) { | |
b812eb00 GU |
3375 | printk(KERN_ERR "alg: comp: Compression test %d " |
3376 | "failed for %s: output len = %d\n", i + 1, algo, | |
3377 | dlen); | |
3378 | ret = -EINVAL; | |
3379 | goto out; | |
3380 | } | |
3381 | ||
33607384 MC |
3382 | if (memcmp(decomp_output, ctemplate[i].input, |
3383 | ctemplate[i].inlen)) { | |
3384 | pr_err("alg: comp: compression failed: output differs: on test %d for %s\n", | |
3385 | i + 1, algo); | |
3386 | hexdump(decomp_output, dlen); | |
da7f033d HX |
3387 | ret = -EINVAL; |
3388 | goto out; | |
3389 | } | |
3390 | } | |
3391 | ||
3392 | for (i = 0; i < dtcount; i++) { | |
c79cf910 GU |
3393 | int ilen; |
3394 | unsigned int dlen = COMP_BUF_SIZE; | |
da7f033d | 3395 | |
22a8118d | 3396 | memset(decomp_output, 0, COMP_BUF_SIZE); |
da7f033d HX |
3397 | |
3398 | ilen = dtemplate[i].inlen; | |
3399 | ret = crypto_comp_decompress(tfm, dtemplate[i].input, | |
33607384 | 3400 | ilen, decomp_output, &dlen); |
da7f033d HX |
3401 | if (ret) { |
3402 | printk(KERN_ERR "alg: comp: decompression failed " | |
3403 | "on test %d for %s: ret=%d\n", i + 1, algo, | |
3404 | -ret); | |
3405 | goto out; | |
3406 | } | |
3407 | ||
b812eb00 GU |
3408 | if (dlen != dtemplate[i].outlen) { |
3409 | printk(KERN_ERR "alg: comp: Decompression test %d " | |
3410 | "failed for %s: output len = %d\n", i + 1, algo, | |
3411 | dlen); | |
3412 | ret = -EINVAL; | |
3413 | goto out; | |
3414 | } | |
3415 | ||
33607384 | 3416 | if (memcmp(decomp_output, dtemplate[i].output, dlen)) { |
da7f033d HX |
3417 | printk(KERN_ERR "alg: comp: Decompression test %d " |
3418 | "failed for %s\n", i + 1, algo); | |
33607384 | 3419 | hexdump(decomp_output, dlen); |
da7f033d HX |
3420 | ret = -EINVAL; |
3421 | goto out; | |
3422 | } | |
3423 | } | |
3424 | ||
3425 | ret = 0; | |
3426 | ||
3427 | out: | |
33607384 MC |
3428 | kfree(decomp_output); |
3429 | kfree(output); | |
da7f033d HX |
3430 | return ret; |
3431 | } | |
3432 | ||
b13b1e0c | 3433 | static int test_acomp(struct crypto_acomp *tfm, |
442f0606 | 3434 | const struct comp_testvec *ctemplate, |
b13b1e0c EB |
3435 | const struct comp_testvec *dtemplate, |
3436 | int ctcount, int dtcount) | |
d7db7a88 GC |
3437 | { |
3438 | const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm)); | |
3439 | unsigned int i; | |
a9943a0a | 3440 | char *output, *decomp_out; |
d7db7a88 GC |
3441 | int ret; |
3442 | struct scatterlist src, dst; | |
3443 | struct acomp_req *req; | |
7f397136 | 3444 | struct crypto_wait wait; |
d7db7a88 | 3445 | |
eb095593 EB |
3446 | output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); |
3447 | if (!output) | |
3448 | return -ENOMEM; | |
3449 | ||
a9943a0a GC |
3450 | decomp_out = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); |
3451 | if (!decomp_out) { | |
3452 | kfree(output); | |
3453 | return -ENOMEM; | |
3454 | } | |
3455 | ||
d7db7a88 GC |
3456 | for (i = 0; i < ctcount; i++) { |
3457 | unsigned int dlen = COMP_BUF_SIZE; | |
3458 | int ilen = ctemplate[i].inlen; | |
02608e02 | 3459 | void *input_vec; |
d7db7a88 | 3460 | |
d2110224 | 3461 | input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL); |
02608e02 LA |
3462 | if (!input_vec) { |
3463 | ret = -ENOMEM; | |
3464 | goto out; | |
3465 | } | |
3466 | ||
eb095593 | 3467 | memset(output, 0, dlen); |
7f397136 | 3468 | crypto_init_wait(&wait); |
02608e02 | 3469 | sg_init_one(&src, input_vec, ilen); |
d7db7a88 GC |
3470 | sg_init_one(&dst, output, dlen); |
3471 | ||
3472 | req = acomp_request_alloc(tfm); | |
3473 | if (!req) { | |
3474 | pr_err("alg: acomp: request alloc failed for %s\n", | |
3475 | algo); | |
02608e02 | 3476 | kfree(input_vec); |
d7db7a88 GC |
3477 | ret = -ENOMEM; |
3478 | goto out; | |
3479 | } | |
3480 | ||
3481 | acomp_request_set_params(req, &src, &dst, ilen, dlen); | |
3482 | acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
7f397136 | 3483 | crypto_req_done, &wait); |
d7db7a88 | 3484 | |
7f397136 | 3485 | ret = crypto_wait_req(crypto_acomp_compress(req), &wait); |
d7db7a88 GC |
3486 | if (ret) { |
3487 | pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n", | |
3488 | i + 1, algo, -ret); | |
02608e02 | 3489 | kfree(input_vec); |
d7db7a88 GC |
3490 | acomp_request_free(req); |
3491 | goto out; | |
3492 | } | |
3493 | ||
a9943a0a GC |
3494 | ilen = req->dlen; |
3495 | dlen = COMP_BUF_SIZE; | |
3496 | sg_init_one(&src, output, ilen); | |
3497 | sg_init_one(&dst, decomp_out, dlen); | |
7f397136 | 3498 | crypto_init_wait(&wait); |
a9943a0a GC |
3499 | acomp_request_set_params(req, &src, &dst, ilen, dlen); |
3500 | ||
7f397136 | 3501 | ret = crypto_wait_req(crypto_acomp_decompress(req), &wait); |
a9943a0a GC |
3502 | if (ret) { |
3503 | pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n", | |
3504 | i + 1, algo, -ret); | |
3505 | kfree(input_vec); | |
3506 | acomp_request_free(req); | |
3507 | goto out; | |
3508 | } | |
3509 | ||
3510 | if (req->dlen != ctemplate[i].inlen) { | |
d7db7a88 GC |
3511 | pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n", |
3512 | i + 1, algo, req->dlen); | |
3513 | ret = -EINVAL; | |
02608e02 | 3514 | kfree(input_vec); |
d7db7a88 GC |
3515 | acomp_request_free(req); |
3516 | goto out; | |
3517 | } | |
3518 | ||
a9943a0a | 3519 | if (memcmp(input_vec, decomp_out, req->dlen)) { |
d7db7a88 GC |
3520 | pr_err("alg: acomp: Compression test %d failed for %s\n", |
3521 | i + 1, algo); | |
3522 | hexdump(output, req->dlen); | |
3523 | ret = -EINVAL; | |
02608e02 | 3524 | kfree(input_vec); |
d7db7a88 GC |
3525 | acomp_request_free(req); |
3526 | goto out; | |
3527 | } | |
3528 | ||
5a4c2936 LSF |
3529 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS |
3530 | crypto_init_wait(&wait); | |
3531 | sg_init_one(&src, input_vec, ilen); | |
3532 | acomp_request_set_params(req, &src, NULL, ilen, 0); | |
3533 | ||
3534 | ret = crypto_wait_req(crypto_acomp_compress(req), &wait); | |
3535 | if (ret) { | |
3536 | pr_err("alg: acomp: compression failed on NULL dst buffer test %d for %s: ret=%d\n", | |
3537 | i + 1, algo, -ret); | |
3538 | kfree(input_vec); | |
3539 | acomp_request_free(req); | |
3540 | goto out; | |
3541 | } | |
3542 | #endif | |
3543 | ||
02608e02 | 3544 | kfree(input_vec); |
d7db7a88 GC |
3545 | acomp_request_free(req); |
3546 | } | |
3547 | ||
3548 | for (i = 0; i < dtcount; i++) { | |
3549 | unsigned int dlen = COMP_BUF_SIZE; | |
3550 | int ilen = dtemplate[i].inlen; | |
02608e02 LA |
3551 | void *input_vec; |
3552 | ||
d2110224 | 3553 | input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL); |
02608e02 LA |
3554 | if (!input_vec) { |
3555 | ret = -ENOMEM; | |
3556 | goto out; | |
3557 | } | |
d7db7a88 | 3558 | |
eb095593 | 3559 | memset(output, 0, dlen); |
7f397136 | 3560 | crypto_init_wait(&wait); |
02608e02 | 3561 | sg_init_one(&src, input_vec, ilen); |
d7db7a88 GC |
3562 | sg_init_one(&dst, output, dlen); |
3563 | ||
3564 | req = acomp_request_alloc(tfm); | |
3565 | if (!req) { | |
3566 | pr_err("alg: acomp: request alloc failed for %s\n", | |
3567 | algo); | |
02608e02 | 3568 | kfree(input_vec); |
d7db7a88 GC |
3569 | ret = -ENOMEM; |
3570 | goto out; | |
3571 | } | |
3572 | ||
3573 | acomp_request_set_params(req, &src, &dst, ilen, dlen); | |
3574 | acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
7f397136 | 3575 | crypto_req_done, &wait); |
d7db7a88 | 3576 | |
7f397136 | 3577 | ret = crypto_wait_req(crypto_acomp_decompress(req), &wait); |
d7db7a88 GC |
3578 | if (ret) { |
3579 | pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n", | |
3580 | i + 1, algo, -ret); | |
02608e02 | 3581 | kfree(input_vec); |
d7db7a88 GC |
3582 | acomp_request_free(req); |
3583 | goto out; | |
3584 | } | |
3585 | ||
3586 | if (req->dlen != dtemplate[i].outlen) { | |
3587 | pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n", | |
3588 | i + 1, algo, req->dlen); | |
3589 | ret = -EINVAL; | |
02608e02 | 3590 | kfree(input_vec); |
d7db7a88 GC |
3591 | acomp_request_free(req); |
3592 | goto out; | |
3593 | } | |
3594 | ||
3595 | if (memcmp(output, dtemplate[i].output, req->dlen)) { | |
3596 | pr_err("alg: acomp: Decompression test %d failed for %s\n", | |
3597 | i + 1, algo); | |
3598 | hexdump(output, req->dlen); | |
3599 | ret = -EINVAL; | |
02608e02 | 3600 | kfree(input_vec); |
d7db7a88 GC |
3601 | acomp_request_free(req); |
3602 | goto out; | |
3603 | } | |
3604 | ||
5a4c2936 LSF |
3605 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS |
3606 | crypto_init_wait(&wait); | |
3607 | acomp_request_set_params(req, &src, NULL, ilen, 0); | |
3608 | ||
3609 | ret = crypto_wait_req(crypto_acomp_decompress(req), &wait); | |
3610 | if (ret) { | |
3611 | pr_err("alg: acomp: decompression failed on NULL dst buffer test %d for %s: ret=%d\n", | |
3612 | i + 1, algo, -ret); | |
3613 | kfree(input_vec); | |
3614 | acomp_request_free(req); | |
3615 | goto out; | |
3616 | } | |
3617 | #endif | |
3618 | ||
02608e02 | 3619 | kfree(input_vec); |
d7db7a88 GC |
3620 | acomp_request_free(req); |
3621 | } | |
3622 | ||
3623 | ret = 0; | |
3624 | ||
3625 | out: | |
a9943a0a | 3626 | kfree(decomp_out); |
eb095593 | 3627 | kfree(output); |
d7db7a88 GC |
3628 | return ret; |
3629 | } | |
3630 | ||
b13b1e0c EB |
3631 | static int test_cprng(struct crypto_rng *tfm, |
3632 | const struct cprng_testvec *template, | |
7647d6ce JW |
3633 | unsigned int tcount) |
3634 | { | |
3635 | const char *algo = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm)); | |
fa4ef8a6 | 3636 | int err = 0, i, j, seedsize; |
7647d6ce JW |
3637 | u8 *seed; |
3638 | char result[32]; | |
3639 | ||
3640 | seedsize = crypto_rng_seedsize(tfm); | |
3641 | ||
3642 | seed = kmalloc(seedsize, GFP_KERNEL); | |
3643 | if (!seed) { | |
3644 | printk(KERN_ERR "alg: cprng: Failed to allocate seed space " | |
3645 | "for %s\n", algo); | |
3646 | return -ENOMEM; | |
3647 | } | |
3648 | ||
3649 | for (i = 0; i < tcount; i++) { | |
3650 | memset(result, 0, 32); | |
3651 | ||
3652 | memcpy(seed, template[i].v, template[i].vlen); | |
3653 | memcpy(seed + template[i].vlen, template[i].key, | |
3654 | template[i].klen); | |
3655 | memcpy(seed + template[i].vlen + template[i].klen, | |
3656 | template[i].dt, template[i].dtlen); | |
3657 | ||
3658 | err = crypto_rng_reset(tfm, seed, seedsize); | |
3659 | if (err) { | |
3660 | printk(KERN_ERR "alg: cprng: Failed to reset rng " | |
3661 | "for %s\n", algo); | |
3662 | goto out; | |
3663 | } | |
3664 | ||
3665 | for (j = 0; j < template[i].loops; j++) { | |
3666 | err = crypto_rng_get_bytes(tfm, result, | |
3667 | template[i].rlen); | |
19e60e13 | 3668 | if (err < 0) { |
7647d6ce JW |
3669 | printk(KERN_ERR "alg: cprng: Failed to obtain " |
3670 | "the correct amount of random data for " | |
19e60e13 SM |
3671 | "%s (requested %d)\n", algo, |
3672 | template[i].rlen); | |
7647d6ce JW |
3673 | goto out; |
3674 | } | |
3675 | } | |
3676 | ||
3677 | err = memcmp(result, template[i].result, | |
3678 | template[i].rlen); | |
3679 | if (err) { | |
3680 | printk(KERN_ERR "alg: cprng: Test %d failed for %s\n", | |
3681 | i, algo); | |
3682 | hexdump(result, template[i].rlen); | |
3683 | err = -EINVAL; | |
3684 | goto out; | |
3685 | } | |
3686 | } | |
3687 | ||
3688 | out: | |
3689 | kfree(seed); | |
3690 | return err; | |
3691 | } | |
3692 | ||
da7f033d HX |
3693 | static int alg_test_cipher(const struct alg_test_desc *desc, |
3694 | const char *driver, u32 type, u32 mask) | |
3695 | { | |
92a4c9fe | 3696 | const struct cipher_test_suite *suite = &desc->suite.cipher; |
1aa4ecd9 | 3697 | struct crypto_cipher *tfm; |
92a4c9fe | 3698 | int err; |
da7f033d | 3699 | |
eed93e0c | 3700 | tfm = crypto_alloc_cipher(driver, type, mask); |
da7f033d | 3701 | if (IS_ERR(tfm)) { |
4eded6d1 HX |
3702 | if (PTR_ERR(tfm) == -ENOENT) |
3703 | return -ENOENT; | |
da7f033d HX |
3704 | printk(KERN_ERR "alg: cipher: Failed to load transform for " |
3705 | "%s: %ld\n", driver, PTR_ERR(tfm)); | |
3706 | return PTR_ERR(tfm); | |
3707 | } | |
3708 | ||
92a4c9fe EB |
3709 | err = test_cipher(tfm, ENCRYPT, suite->vecs, suite->count); |
3710 | if (!err) | |
3711 | err = test_cipher(tfm, DECRYPT, suite->vecs, suite->count); | |
da7f033d | 3712 | |
1aa4ecd9 HX |
3713 | crypto_free_cipher(tfm); |
3714 | return err; | |
3715 | } | |
3716 | ||
da7f033d HX |
3717 | static int alg_test_comp(const struct alg_test_desc *desc, const char *driver, |
3718 | u32 type, u32 mask) | |
3719 | { | |
d7db7a88 GC |
3720 | struct crypto_comp *comp; |
3721 | struct crypto_acomp *acomp; | |
da7f033d | 3722 | int err; |
d7db7a88 GC |
3723 | u32 algo_type = type & CRYPTO_ALG_TYPE_ACOMPRESS_MASK; |
3724 | ||
3725 | if (algo_type == CRYPTO_ALG_TYPE_ACOMPRESS) { | |
3726 | acomp = crypto_alloc_acomp(driver, type, mask); | |
3727 | if (IS_ERR(acomp)) { | |
4eded6d1 HX |
3728 | if (PTR_ERR(acomp) == -ENOENT) |
3729 | return -ENOENT; | |
d7db7a88 GC |
3730 | pr_err("alg: acomp: Failed to load transform for %s: %ld\n", |
3731 | driver, PTR_ERR(acomp)); | |
3732 | return PTR_ERR(acomp); | |
3733 | } | |
3734 | err = test_acomp(acomp, desc->suite.comp.comp.vecs, | |
3735 | desc->suite.comp.decomp.vecs, | |
3736 | desc->suite.comp.comp.count, | |
3737 | desc->suite.comp.decomp.count); | |
3738 | crypto_free_acomp(acomp); | |
3739 | } else { | |
3740 | comp = crypto_alloc_comp(driver, type, mask); | |
3741 | if (IS_ERR(comp)) { | |
4eded6d1 HX |
3742 | if (PTR_ERR(comp) == -ENOENT) |
3743 | return -ENOENT; | |
d7db7a88 GC |
3744 | pr_err("alg: comp: Failed to load transform for %s: %ld\n", |
3745 | driver, PTR_ERR(comp)); | |
3746 | return PTR_ERR(comp); | |
3747 | } | |
da7f033d | 3748 | |
d7db7a88 GC |
3749 | err = test_comp(comp, desc->suite.comp.comp.vecs, |
3750 | desc->suite.comp.decomp.vecs, | |
3751 | desc->suite.comp.comp.count, | |
3752 | desc->suite.comp.decomp.count); | |
da7f033d | 3753 | |
d7db7a88 GC |
3754 | crypto_free_comp(comp); |
3755 | } | |
da7f033d HX |
3756 | return err; |
3757 | } | |
3758 | ||
8e3ee85e HX |
3759 | static int alg_test_crc32c(const struct alg_test_desc *desc, |
3760 | const char *driver, u32 type, u32 mask) | |
3761 | { | |
3762 | struct crypto_shash *tfm; | |
cb9dde88 | 3763 | __le32 val; |
8e3ee85e HX |
3764 | int err; |
3765 | ||
3766 | err = alg_test_hash(desc, driver, type, mask); | |
3767 | if (err) | |
eb5e6730 | 3768 | return err; |
8e3ee85e | 3769 | |
eed93e0c | 3770 | tfm = crypto_alloc_shash(driver, type, mask); |
8e3ee85e | 3771 | if (IS_ERR(tfm)) { |
eb5e6730 EB |
3772 | if (PTR_ERR(tfm) == -ENOENT) { |
3773 | /* | |
3774 | * This crc32c implementation is only available through | |
3775 | * ahash API, not the shash API, so the remaining part | |
3776 | * of the test is not applicable to it. | |
3777 | */ | |
3778 | return 0; | |
3779 | } | |
8e3ee85e HX |
3780 | printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: " |
3781 | "%ld\n", driver, PTR_ERR(tfm)); | |
eb5e6730 | 3782 | return PTR_ERR(tfm); |
8e3ee85e | 3783 | } |
79cafe9a | 3784 | driver = crypto_shash_driver_name(tfm); |
8e3ee85e HX |
3785 | |
3786 | do { | |
4c5c3024 JSM |
3787 | SHASH_DESC_ON_STACK(shash, tfm); |
3788 | u32 *ctx = (u32 *)shash_desc_ctx(shash); | |
8e3ee85e | 3789 | |
4c5c3024 | 3790 | shash->tfm = tfm; |
8e3ee85e | 3791 | |
cb9dde88 | 3792 | *ctx = 420553207; |
4c5c3024 | 3793 | err = crypto_shash_final(shash, (u8 *)&val); |
8e3ee85e HX |
3794 | if (err) { |
3795 | printk(KERN_ERR "alg: crc32c: Operation failed for " | |
3796 | "%s: %d\n", driver, err); | |
3797 | break; | |
3798 | } | |
3799 | ||
cb9dde88 EB |
3800 | if (val != cpu_to_le32(~420553207)) { |
3801 | pr_err("alg: crc32c: Test failed for %s: %u\n", | |
3802 | driver, le32_to_cpu(val)); | |
8e3ee85e HX |
3803 | err = -EINVAL; |
3804 | } | |
3805 | } while (0); | |
3806 | ||
3807 | crypto_free_shash(tfm); | |
3808 | ||
8e3ee85e HX |
3809 | return err; |
3810 | } | |
3811 | ||
7647d6ce JW |
3812 | static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver, |
3813 | u32 type, u32 mask) | |
3814 | { | |
3815 | struct crypto_rng *rng; | |
3816 | int err; | |
3817 | ||
eed93e0c | 3818 | rng = crypto_alloc_rng(driver, type, mask); |
7647d6ce | 3819 | if (IS_ERR(rng)) { |
4eded6d1 HX |
3820 | if (PTR_ERR(rng) == -ENOENT) |
3821 | return -ENOENT; | |
7647d6ce JW |
3822 | printk(KERN_ERR "alg: cprng: Failed to load transform for %s: " |
3823 | "%ld\n", driver, PTR_ERR(rng)); | |
3824 | return PTR_ERR(rng); | |
3825 | } | |
3826 | ||
3827 | err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count); | |
3828 | ||
3829 | crypto_free_rng(rng); | |
3830 | ||
3831 | return err; | |
3832 | } | |
3833 | ||
64d1cdfb | 3834 | |
b13b1e0c | 3835 | static int drbg_cavs_test(const struct drbg_testvec *test, int pr, |
64d1cdfb SM |
3836 | const char *driver, u32 type, u32 mask) |
3837 | { | |
3838 | int ret = -EAGAIN; | |
3839 | struct crypto_rng *drng; | |
3840 | struct drbg_test_data test_data; | |
3841 | struct drbg_string addtl, pers, testentropy; | |
3842 | unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL); | |
3843 | ||
3844 | if (!buf) | |
3845 | return -ENOMEM; | |
3846 | ||
eed93e0c | 3847 | drng = crypto_alloc_rng(driver, type, mask); |
64d1cdfb | 3848 | if (IS_ERR(drng)) { |
4eded6d1 HX |
3849 | if (PTR_ERR(drng) == -ENOENT) |
3850 | goto out_no_rng; | |
2fc0d258 | 3851 | printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for " |
64d1cdfb | 3852 | "%s\n", driver); |
4eded6d1 | 3853 | out_no_rng: |
453431a5 | 3854 | kfree_sensitive(buf); |
4eded6d1 | 3855 | return PTR_ERR(drng); |
64d1cdfb SM |
3856 | } |
3857 | ||
3858 | test_data.testentropy = &testentropy; | |
3859 | drbg_string_fill(&testentropy, test->entropy, test->entropylen); | |
3860 | drbg_string_fill(&pers, test->pers, test->perslen); | |
3861 | ret = crypto_drbg_reset_test(drng, &pers, &test_data); | |
3862 | if (ret) { | |
3863 | printk(KERN_ERR "alg: drbg: Failed to reset rng\n"); | |
3864 | goto outbuf; | |
3865 | } | |
3866 | ||
3867 | drbg_string_fill(&addtl, test->addtla, test->addtllen); | |
3868 | if (pr) { | |
3869 | drbg_string_fill(&testentropy, test->entpra, test->entprlen); | |
3870 | ret = crypto_drbg_get_bytes_addtl_test(drng, | |
3871 | buf, test->expectedlen, &addtl, &test_data); | |
3872 | } else { | |
3873 | ret = crypto_drbg_get_bytes_addtl(drng, | |
3874 | buf, test->expectedlen, &addtl); | |
3875 | } | |
19e60e13 | 3876 | if (ret < 0) { |
2fc0d258 | 3877 | printk(KERN_ERR "alg: drbg: could not obtain random data for " |
64d1cdfb SM |
3878 | "driver %s\n", driver); |
3879 | goto outbuf; | |
3880 | } | |
3881 | ||
3882 | drbg_string_fill(&addtl, test->addtlb, test->addtllen); | |
3883 | if (pr) { | |
3884 | drbg_string_fill(&testentropy, test->entprb, test->entprlen); | |
3885 | ret = crypto_drbg_get_bytes_addtl_test(drng, | |
3886 | buf, test->expectedlen, &addtl, &test_data); | |
3887 | } else { | |
3888 | ret = crypto_drbg_get_bytes_addtl(drng, | |
3889 | buf, test->expectedlen, &addtl); | |
3890 | } | |
19e60e13 | 3891 | if (ret < 0) { |
2fc0d258 | 3892 | printk(KERN_ERR "alg: drbg: could not obtain random data for " |
64d1cdfb SM |
3893 | "driver %s\n", driver); |
3894 | goto outbuf; | |
3895 | } | |
3896 | ||
3897 | ret = memcmp(test->expected, buf, test->expectedlen); | |
3898 | ||
3899 | outbuf: | |
3900 | crypto_free_rng(drng); | |
453431a5 | 3901 | kfree_sensitive(buf); |
64d1cdfb SM |
3902 | return ret; |
3903 | } | |
3904 | ||
3905 | ||
3906 | static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver, | |
3907 | u32 type, u32 mask) | |
3908 | { | |
3909 | int err = 0; | |
3910 | int pr = 0; | |
3911 | int i = 0; | |
b13b1e0c | 3912 | const struct drbg_testvec *template = desc->suite.drbg.vecs; |
64d1cdfb SM |
3913 | unsigned int tcount = desc->suite.drbg.count; |
3914 | ||
3915 | if (0 == memcmp(driver, "drbg_pr_", 8)) | |
3916 | pr = 1; | |
3917 | ||
3918 | for (i = 0; i < tcount; i++) { | |
3919 | err = drbg_cavs_test(&template[i], pr, driver, type, mask); | |
3920 | if (err) { | |
3921 | printk(KERN_ERR "alg: drbg: Test %d failed for %s\n", | |
3922 | i, driver); | |
3923 | err = -EINVAL; | |
3924 | break; | |
3925 | } | |
3926 | } | |
3927 | return err; | |
3928 | ||
3929 | } | |
3930 | ||
b13b1e0c | 3931 | static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec, |
802c7f1c SB |
3932 | const char *alg) |
3933 | { | |
3934 | struct kpp_request *req; | |
3935 | void *input_buf = NULL; | |
3936 | void *output_buf = NULL; | |
47d3fd39 TDA |
3937 | void *a_public = NULL; |
3938 | void *a_ss = NULL; | |
3939 | void *shared_secret = NULL; | |
7f397136 | 3940 | struct crypto_wait wait; |
802c7f1c SB |
3941 | unsigned int out_len_max; |
3942 | int err = -ENOMEM; | |
3943 | struct scatterlist src, dst; | |
3944 | ||
3945 | req = kpp_request_alloc(tfm, GFP_KERNEL); | |
3946 | if (!req) | |
3947 | return err; | |
3948 | ||
7f397136 | 3949 | crypto_init_wait(&wait); |
802c7f1c SB |
3950 | |
3951 | err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size); | |
3952 | if (err < 0) | |
3953 | goto free_req; | |
3954 | ||
3955 | out_len_max = crypto_kpp_maxsize(tfm); | |
3956 | output_buf = kzalloc(out_len_max, GFP_KERNEL); | |
3957 | if (!output_buf) { | |
3958 | err = -ENOMEM; | |
3959 | goto free_req; | |
3960 | } | |
3961 | ||
3962 | /* Use appropriate parameter as base */ | |
3963 | kpp_request_set_input(req, NULL, 0); | |
3964 | sg_init_one(&dst, output_buf, out_len_max); | |
3965 | kpp_request_set_output(req, &dst, out_len_max); | |
3966 | kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
7f397136 | 3967 | crypto_req_done, &wait); |
802c7f1c | 3968 | |
47d3fd39 | 3969 | /* Compute party A's public key */ |
7f397136 | 3970 | err = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait); |
802c7f1c | 3971 | if (err) { |
47d3fd39 | 3972 | pr_err("alg: %s: Party A: generate public key test failed. err %d\n", |
802c7f1c SB |
3973 | alg, err); |
3974 | goto free_output; | |
3975 | } | |
47d3fd39 TDA |
3976 | |
3977 | if (vec->genkey) { | |
3978 | /* Save party A's public key */ | |
e3d90e52 | 3979 | a_public = kmemdup(sg_virt(req->dst), out_len_max, GFP_KERNEL); |
47d3fd39 TDA |
3980 | if (!a_public) { |
3981 | err = -ENOMEM; | |
3982 | goto free_output; | |
3983 | } | |
47d3fd39 TDA |
3984 | } else { |
3985 | /* Verify calculated public key */ | |
3986 | if (memcmp(vec->expected_a_public, sg_virt(req->dst), | |
3987 | vec->expected_a_public_size)) { | |
3988 | pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n", | |
3989 | alg); | |
3990 | err = -EINVAL; | |
3991 | goto free_output; | |
3992 | } | |
802c7f1c SB |
3993 | } |
3994 | ||
3995 | /* Calculate shared secret key by using counter part (b) public key. */ | |
e3d90e52 | 3996 | input_buf = kmemdup(vec->b_public, vec->b_public_size, GFP_KERNEL); |
802c7f1c SB |
3997 | if (!input_buf) { |
3998 | err = -ENOMEM; | |
3999 | goto free_output; | |
4000 | } | |
4001 | ||
802c7f1c SB |
4002 | sg_init_one(&src, input_buf, vec->b_public_size); |
4003 | sg_init_one(&dst, output_buf, out_len_max); | |
4004 | kpp_request_set_input(req, &src, vec->b_public_size); | |
4005 | kpp_request_set_output(req, &dst, out_len_max); | |
4006 | kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
7f397136 GBY |
4007 | crypto_req_done, &wait); |
4008 | err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait); | |
802c7f1c | 4009 | if (err) { |
47d3fd39 | 4010 | pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n", |
802c7f1c SB |
4011 | alg, err); |
4012 | goto free_all; | |
4013 | } | |
47d3fd39 TDA |
4014 | |
4015 | if (vec->genkey) { | |
4016 | /* Save the shared secret obtained by party A */ | |
e3d90e52 | 4017 | a_ss = kmemdup(sg_virt(req->dst), vec->expected_ss_size, GFP_KERNEL); |
47d3fd39 TDA |
4018 | if (!a_ss) { |
4019 | err = -ENOMEM; | |
4020 | goto free_all; | |
4021 | } | |
47d3fd39 TDA |
4022 | |
4023 | /* | |
4024 | * Calculate party B's shared secret by using party A's | |
4025 | * public key. | |
4026 | */ | |
4027 | err = crypto_kpp_set_secret(tfm, vec->b_secret, | |
4028 | vec->b_secret_size); | |
4029 | if (err < 0) | |
4030 | goto free_all; | |
4031 | ||
4032 | sg_init_one(&src, a_public, vec->expected_a_public_size); | |
4033 | sg_init_one(&dst, output_buf, out_len_max); | |
4034 | kpp_request_set_input(req, &src, vec->expected_a_public_size); | |
4035 | kpp_request_set_output(req, &dst, out_len_max); | |
4036 | kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
7f397136 GBY |
4037 | crypto_req_done, &wait); |
4038 | err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), | |
4039 | &wait); | |
47d3fd39 TDA |
4040 | if (err) { |
4041 | pr_err("alg: %s: Party B: compute shared secret failed. err %d\n", | |
4042 | alg, err); | |
4043 | goto free_all; | |
4044 | } | |
4045 | ||
4046 | shared_secret = a_ss; | |
4047 | } else { | |
4048 | shared_secret = (void *)vec->expected_ss; | |
4049 | } | |
4050 | ||
802c7f1c SB |
4051 | /* |
4052 | * verify shared secret from which the user will derive | |
4053 | * secret key by executing whatever hash it has chosen | |
4054 | */ | |
47d3fd39 | 4055 | if (memcmp(shared_secret, sg_virt(req->dst), |
802c7f1c SB |
4056 | vec->expected_ss_size)) { |
4057 | pr_err("alg: %s: compute shared secret test failed. Invalid output\n", | |
4058 | alg); | |
4059 | err = -EINVAL; | |
4060 | } | |
4061 | ||
4062 | free_all: | |
47d3fd39 | 4063 | kfree(a_ss); |
802c7f1c SB |
4064 | kfree(input_buf); |
4065 | free_output: | |
47d3fd39 | 4066 | kfree(a_public); |
802c7f1c SB |
4067 | kfree(output_buf); |
4068 | free_req: | |
4069 | kpp_request_free(req); | |
4070 | return err; | |
4071 | } | |
4072 | ||
4073 | static int test_kpp(struct crypto_kpp *tfm, const char *alg, | |
b13b1e0c | 4074 | const struct kpp_testvec *vecs, unsigned int tcount) |
802c7f1c SB |
4075 | { |
4076 | int ret, i; | |
4077 | ||
4078 | for (i = 0; i < tcount; i++) { | |
4079 | ret = do_test_kpp(tfm, vecs++, alg); | |
4080 | if (ret) { | |
4081 | pr_err("alg: %s: test failed on vector %d, err=%d\n", | |
4082 | alg, i + 1, ret); | |
4083 | return ret; | |
4084 | } | |
4085 | } | |
4086 | return 0; | |
4087 | } | |
4088 | ||
4089 | static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver, | |
4090 | u32 type, u32 mask) | |
4091 | { | |
4092 | struct crypto_kpp *tfm; | |
4093 | int err = 0; | |
4094 | ||
eed93e0c | 4095 | tfm = crypto_alloc_kpp(driver, type, mask); |
802c7f1c | 4096 | if (IS_ERR(tfm)) { |
4eded6d1 HX |
4097 | if (PTR_ERR(tfm) == -ENOENT) |
4098 | return -ENOENT; | |
802c7f1c SB |
4099 | pr_err("alg: kpp: Failed to load tfm for %s: %ld\n", |
4100 | driver, PTR_ERR(tfm)); | |
4101 | return PTR_ERR(tfm); | |
4102 | } | |
4103 | if (desc->suite.kpp.vecs) | |
4104 | err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs, | |
4105 | desc->suite.kpp.count); | |
4106 | ||
4107 | crypto_free_kpp(tfm); | |
4108 | return err; | |
4109 | } | |
4110 | ||
f1774cb8 VC |
4111 | static u8 *test_pack_u32(u8 *dst, u32 val) |
4112 | { | |
4113 | memcpy(dst, &val, sizeof(val)); | |
4114 | return dst + sizeof(val); | |
4115 | } | |
4116 | ||
50d2b643 | 4117 | static int test_akcipher_one(struct crypto_akcipher *tfm, |
b13b1e0c | 4118 | const struct akcipher_testvec *vecs) |
946cc463 | 4119 | { |
df27b26f | 4120 | char *xbuf[XBUFSIZE]; |
946cc463 TS |
4121 | struct akcipher_request *req; |
4122 | void *outbuf_enc = NULL; | |
4123 | void *outbuf_dec = NULL; | |
7f397136 | 4124 | struct crypto_wait wait; |
946cc463 TS |
4125 | unsigned int out_len_max, out_len = 0; |
4126 | int err = -ENOMEM; | |
c7381b01 | 4127 | struct scatterlist src, dst, src_tab[3]; |
0507de94 VC |
4128 | const char *m, *c; |
4129 | unsigned int m_size, c_size; | |
4130 | const char *op; | |
f1774cb8 | 4131 | u8 *key, *ptr; |
946cc463 | 4132 | |
df27b26f HX |
4133 | if (testmgr_alloc_buf(xbuf)) |
4134 | return err; | |
4135 | ||
946cc463 TS |
4136 | req = akcipher_request_alloc(tfm, GFP_KERNEL); |
4137 | if (!req) | |
df27b26f | 4138 | goto free_xbuf; |
946cc463 | 4139 | |
7f397136 | 4140 | crypto_init_wait(&wait); |
946cc463 | 4141 | |
f1774cb8 VC |
4142 | key = kmalloc(vecs->key_len + sizeof(u32) * 2 + vecs->param_len, |
4143 | GFP_KERNEL); | |
4144 | if (!key) | |
2b403867 | 4145 | goto free_req; |
f1774cb8 VC |
4146 | memcpy(key, vecs->key, vecs->key_len); |
4147 | ptr = key + vecs->key_len; | |
4148 | ptr = test_pack_u32(ptr, vecs->algo); | |
4149 | ptr = test_pack_u32(ptr, vecs->param_len); | |
4150 | memcpy(ptr, vecs->params, vecs->param_len); | |
4151 | ||
22287b0b | 4152 | if (vecs->public_key_vec) |
f1774cb8 | 4153 | err = crypto_akcipher_set_pub_key(tfm, key, vecs->key_len); |
22287b0b | 4154 | else |
f1774cb8 | 4155 | err = crypto_akcipher_set_priv_key(tfm, key, vecs->key_len); |
22287b0b | 4156 | if (err) |
2b403867 | 4157 | goto free_key; |
946cc463 | 4158 | |
0507de94 VC |
4159 | /* |
4160 | * First run test which do not require a private key, such as | |
4161 | * encrypt or verify. | |
4162 | */ | |
c7381b01 VC |
4163 | err = -ENOMEM; |
4164 | out_len_max = crypto_akcipher_maxsize(tfm); | |
946cc463 TS |
4165 | outbuf_enc = kzalloc(out_len_max, GFP_KERNEL); |
4166 | if (!outbuf_enc) | |
2b403867 | 4167 | goto free_key; |
946cc463 | 4168 | |
0507de94 VC |
4169 | if (!vecs->siggen_sigver_test) { |
4170 | m = vecs->m; | |
4171 | m_size = vecs->m_size; | |
4172 | c = vecs->c; | |
4173 | c_size = vecs->c_size; | |
4174 | op = "encrypt"; | |
4175 | } else { | |
4176 | /* Swap args so we could keep plaintext (digest) | |
4177 | * in vecs->m, and cooked signature in vecs->c. | |
4178 | */ | |
4179 | m = vecs->c; /* signature */ | |
4180 | m_size = vecs->c_size; | |
4181 | c = vecs->m; /* digest */ | |
4182 | c_size = vecs->m_size; | |
4183 | op = "verify"; | |
4184 | } | |
df27b26f | 4185 | |
2b403867 | 4186 | err = -E2BIG; |
0507de94 VC |
4187 | if (WARN_ON(m_size > PAGE_SIZE)) |
4188 | goto free_all; | |
4189 | memcpy(xbuf[0], m, m_size); | |
df27b26f | 4190 | |
c7381b01 | 4191 | sg_init_table(src_tab, 3); |
df27b26f | 4192 | sg_set_buf(&src_tab[0], xbuf[0], 8); |
0507de94 | 4193 | sg_set_buf(&src_tab[1], xbuf[0] + 8, m_size - 8); |
c7381b01 VC |
4194 | if (vecs->siggen_sigver_test) { |
4195 | if (WARN_ON(c_size > PAGE_SIZE)) | |
4196 | goto free_all; | |
4197 | memcpy(xbuf[1], c, c_size); | |
4198 | sg_set_buf(&src_tab[2], xbuf[1], c_size); | |
4199 | akcipher_request_set_crypt(req, src_tab, NULL, m_size, c_size); | |
4200 | } else { | |
4201 | sg_init_one(&dst, outbuf_enc, out_len_max); | |
4202 | akcipher_request_set_crypt(req, src_tab, &dst, m_size, | |
4203 | out_len_max); | |
4204 | } | |
946cc463 | 4205 | akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, |
7f397136 | 4206 | crypto_req_done, &wait); |
946cc463 | 4207 | |
7f397136 | 4208 | err = crypto_wait_req(vecs->siggen_sigver_test ? |
0507de94 VC |
4209 | /* Run asymmetric signature verification */ |
4210 | crypto_akcipher_verify(req) : | |
7f397136 GBY |
4211 | /* Run asymmetric encrypt */ |
4212 | crypto_akcipher_encrypt(req), &wait); | |
946cc463 | 4213 | if (err) { |
0507de94 | 4214 | pr_err("alg: akcipher: %s test failed. err %d\n", op, err); |
946cc463 TS |
4215 | goto free_all; |
4216 | } | |
a1f62c21 | 4217 | if (!vecs->siggen_sigver_test && c) { |
c7381b01 VC |
4218 | if (req->dst_len != c_size) { |
4219 | pr_err("alg: akcipher: %s test failed. Invalid output len\n", | |
4220 | op); | |
4221 | err = -EINVAL; | |
4222 | goto free_all; | |
4223 | } | |
4224 | /* verify that encrypted message is equal to expected */ | |
4225 | if (memcmp(c, outbuf_enc, c_size) != 0) { | |
4226 | pr_err("alg: akcipher: %s test failed. Invalid output\n", | |
4227 | op); | |
4228 | hexdump(outbuf_enc, c_size); | |
4229 | err = -EINVAL; | |
4230 | goto free_all; | |
4231 | } | |
946cc463 | 4232 | } |
0507de94 VC |
4233 | |
4234 | /* | |
4235 | * Don't invoke (decrypt or sign) test which require a private key | |
4236 | * for vectors with only a public key. | |
4237 | */ | |
946cc463 TS |
4238 | if (vecs->public_key_vec) { |
4239 | err = 0; | |
4240 | goto free_all; | |
4241 | } | |
4242 | outbuf_dec = kzalloc(out_len_max, GFP_KERNEL); | |
4243 | if (!outbuf_dec) { | |
4244 | err = -ENOMEM; | |
4245 | goto free_all; | |
4246 | } | |
df27b26f | 4247 | |
a1f62c21 TZ |
4248 | if (!vecs->siggen_sigver_test && !c) { |
4249 | c = outbuf_enc; | |
4250 | c_size = req->dst_len; | |
4251 | } | |
4252 | ||
2b403867 | 4253 | err = -E2BIG; |
0507de94 VC |
4254 | op = vecs->siggen_sigver_test ? "sign" : "decrypt"; |
4255 | if (WARN_ON(c_size > PAGE_SIZE)) | |
df27b26f | 4256 | goto free_all; |
0507de94 | 4257 | memcpy(xbuf[0], c, c_size); |
df27b26f | 4258 | |
0507de94 | 4259 | sg_init_one(&src, xbuf[0], c_size); |
22287b0b | 4260 | sg_init_one(&dst, outbuf_dec, out_len_max); |
7f397136 | 4261 | crypto_init_wait(&wait); |
0507de94 | 4262 | akcipher_request_set_crypt(req, &src, &dst, c_size, out_len_max); |
946cc463 | 4263 | |
7f397136 | 4264 | err = crypto_wait_req(vecs->siggen_sigver_test ? |
0507de94 VC |
4265 | /* Run asymmetric signature generation */ |
4266 | crypto_akcipher_sign(req) : | |
7f397136 GBY |
4267 | /* Run asymmetric decrypt */ |
4268 | crypto_akcipher_decrypt(req), &wait); | |
946cc463 | 4269 | if (err) { |
0507de94 | 4270 | pr_err("alg: akcipher: %s test failed. err %d\n", op, err); |
946cc463 TS |
4271 | goto free_all; |
4272 | } | |
4273 | out_len = req->dst_len; | |
0507de94 VC |
4274 | if (out_len < m_size) { |
4275 | pr_err("alg: akcipher: %s test failed. Invalid output len %u\n", | |
4276 | op, out_len); | |
946cc463 TS |
4277 | err = -EINVAL; |
4278 | goto free_all; | |
4279 | } | |
4280 | /* verify that decrypted message is equal to the original msg */ | |
0507de94 VC |
4281 | if (memchr_inv(outbuf_dec, 0, out_len - m_size) || |
4282 | memcmp(m, outbuf_dec + out_len - m_size, m_size)) { | |
4283 | pr_err("alg: akcipher: %s test failed. Invalid output\n", op); | |
50d2b643 | 4284 | hexdump(outbuf_dec, out_len); |
946cc463 TS |
4285 | err = -EINVAL; |
4286 | } | |
4287 | free_all: | |
4288 | kfree(outbuf_dec); | |
4289 | kfree(outbuf_enc); | |
2b403867 TZ |
4290 | free_key: |
4291 | kfree(key); | |
946cc463 TS |
4292 | free_req: |
4293 | akcipher_request_free(req); | |
df27b26f HX |
4294 | free_xbuf: |
4295 | testmgr_free_buf(xbuf); | |
946cc463 TS |
4296 | return err; |
4297 | } | |
4298 | ||
50d2b643 | 4299 | static int test_akcipher(struct crypto_akcipher *tfm, const char *alg, |
b13b1e0c EB |
4300 | const struct akcipher_testvec *vecs, |
4301 | unsigned int tcount) | |
946cc463 | 4302 | { |
15226e48 HX |
4303 | const char *algo = |
4304 | crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm)); | |
946cc463 TS |
4305 | int ret, i; |
4306 | ||
4307 | for (i = 0; i < tcount; i++) { | |
50d2b643 HX |
4308 | ret = test_akcipher_one(tfm, vecs++); |
4309 | if (!ret) | |
4310 | continue; | |
946cc463 | 4311 | |
15226e48 HX |
4312 | pr_err("alg: akcipher: test %d failed for %s, err=%d\n", |
4313 | i + 1, algo, ret); | |
50d2b643 HX |
4314 | return ret; |
4315 | } | |
946cc463 TS |
4316 | return 0; |
4317 | } | |
4318 | ||
4319 | static int alg_test_akcipher(const struct alg_test_desc *desc, | |
4320 | const char *driver, u32 type, u32 mask) | |
4321 | { | |
4322 | struct crypto_akcipher *tfm; | |
4323 | int err = 0; | |
4324 | ||
eed93e0c | 4325 | tfm = crypto_alloc_akcipher(driver, type, mask); |
946cc463 | 4326 | if (IS_ERR(tfm)) { |
4eded6d1 HX |
4327 | if (PTR_ERR(tfm) == -ENOENT) |
4328 | return -ENOENT; | |
946cc463 TS |
4329 | pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n", |
4330 | driver, PTR_ERR(tfm)); | |
4331 | return PTR_ERR(tfm); | |
4332 | } | |
4333 | if (desc->suite.akcipher.vecs) | |
4334 | err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs, | |
4335 | desc->suite.akcipher.count); | |
4336 | ||
4337 | crypto_free_akcipher(tfm); | |
4338 | return err; | |
4339 | } | |
4340 | ||
863b557a YS |
4341 | static int alg_test_null(const struct alg_test_desc *desc, |
4342 | const char *driver, u32 type, u32 mask) | |
4343 | { | |
4344 | return 0; | |
4345 | } | |
4346 | ||
49763fc6 EB |
4347 | #define ____VECS(tv) .vecs = tv, .count = ARRAY_SIZE(tv) |
4348 | #define __VECS(tv) { ____VECS(tv) } | |
21c8e720 | 4349 | |
da7f033d HX |
4350 | /* Please keep this list sorted by algorithm name. */ |
4351 | static const struct alg_test_desc alg_test_descs[] = { | |
4352 | { | |
059c2a4d | 4353 | .alg = "adiantum(xchacha12,aes)", |
d435e10e | 4354 | .generic_driver = "adiantum(xchacha12-generic,aes-generic,nhpoly1305-generic)", |
059c2a4d EB |
4355 | .test = alg_test_skcipher, |
4356 | .suite = { | |
4357 | .cipher = __VECS(adiantum_xchacha12_aes_tv_template) | |
4358 | }, | |
4359 | }, { | |
4360 | .alg = "adiantum(xchacha20,aes)", | |
d435e10e | 4361 | .generic_driver = "adiantum(xchacha20-generic,aes-generic,nhpoly1305-generic)", |
059c2a4d EB |
4362 | .test = alg_test_skcipher, |
4363 | .suite = { | |
4364 | .cipher = __VECS(adiantum_xchacha20_aes_tv_template) | |
4365 | }, | |
4366 | }, { | |
b87dc203 OM |
4367 | .alg = "aegis128", |
4368 | .test = alg_test_aead, | |
4369 | .suite = { | |
a0d608ee | 4370 | .aead = __VECS(aegis128_tv_template) |
b87dc203 | 4371 | } |
b87dc203 | 4372 | }, { |
e08ca2da JW |
4373 | .alg = "ansi_cprng", |
4374 | .test = alg_test_cprng, | |
4375 | .suite = { | |
21c8e720 | 4376 | .cprng = __VECS(ansi_cprng_aes_tv_template) |
e08ca2da | 4377 | } |
bca4feb0 HG |
4378 | }, { |
4379 | .alg = "authenc(hmac(md5),ecb(cipher_null))", | |
4380 | .test = alg_test_aead, | |
bca4feb0 | 4381 | .suite = { |
a0d608ee | 4382 | .aead = __VECS(hmac_md5_ecb_cipher_null_tv_template) |
bca4feb0 | 4383 | } |
e46e9a46 | 4384 | }, { |
a4198fd4 | 4385 | .alg = "authenc(hmac(sha1),cbc(aes))", |
e46e9a46 | 4386 | .test = alg_test_aead, |
bcf741cb | 4387 | .fips_allowed = 1, |
e46e9a46 | 4388 | .suite = { |
a0d608ee | 4389 | .aead = __VECS(hmac_sha1_aes_cbc_tv_temp) |
5208ed2c NL |
4390 | } |
4391 | }, { | |
a4198fd4 | 4392 | .alg = "authenc(hmac(sha1),cbc(des))", |
5208ed2c | 4393 | .test = alg_test_aead, |
5208ed2c | 4394 | .suite = { |
a0d608ee | 4395 | .aead = __VECS(hmac_sha1_des_cbc_tv_temp) |
5208ed2c NL |
4396 | } |
4397 | }, { | |
a4198fd4 | 4398 | .alg = "authenc(hmac(sha1),cbc(des3_ede))", |
5208ed2c | 4399 | .test = alg_test_aead, |
5208ed2c | 4400 | .suite = { |
a0d608ee | 4401 | .aead = __VECS(hmac_sha1_des3_ede_cbc_tv_temp) |
e46e9a46 | 4402 | } |
fb16abc2 MM |
4403 | }, { |
4404 | .alg = "authenc(hmac(sha1),ctr(aes))", | |
4405 | .test = alg_test_null, | |
4406 | .fips_allowed = 1, | |
bca4feb0 HG |
4407 | }, { |
4408 | .alg = "authenc(hmac(sha1),ecb(cipher_null))", | |
4409 | .test = alg_test_aead, | |
bca4feb0 | 4410 | .suite = { |
a0d608ee | 4411 | .aead = __VECS(hmac_sha1_ecb_cipher_null_tv_temp) |
5208ed2c | 4412 | } |
8888690e MM |
4413 | }, { |
4414 | .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))", | |
4415 | .test = alg_test_null, | |
4416 | .fips_allowed = 1, | |
5208ed2c | 4417 | }, { |
a4198fd4 | 4418 | .alg = "authenc(hmac(sha224),cbc(des))", |
5208ed2c | 4419 | .test = alg_test_aead, |
5208ed2c | 4420 | .suite = { |
a0d608ee | 4421 | .aead = __VECS(hmac_sha224_des_cbc_tv_temp) |
5208ed2c NL |
4422 | } |
4423 | }, { | |
a4198fd4 | 4424 | .alg = "authenc(hmac(sha224),cbc(des3_ede))", |
5208ed2c | 4425 | .test = alg_test_aead, |
5208ed2c | 4426 | .suite = { |
a0d608ee | 4427 | .aead = __VECS(hmac_sha224_des3_ede_cbc_tv_temp) |
bca4feb0 | 4428 | } |
e46e9a46 | 4429 | }, { |
a4198fd4 | 4430 | .alg = "authenc(hmac(sha256),cbc(aes))", |
e46e9a46 | 4431 | .test = alg_test_aead, |
ed1afac9 | 4432 | .fips_allowed = 1, |
e46e9a46 | 4433 | .suite = { |
a0d608ee | 4434 | .aead = __VECS(hmac_sha256_aes_cbc_tv_temp) |
5208ed2c NL |
4435 | } |
4436 | }, { | |
a4198fd4 | 4437 | .alg = "authenc(hmac(sha256),cbc(des))", |
5208ed2c | 4438 | .test = alg_test_aead, |
5208ed2c | 4439 | .suite = { |
a0d608ee | 4440 | .aead = __VECS(hmac_sha256_des_cbc_tv_temp) |
5208ed2c NL |
4441 | } |
4442 | }, { | |
a4198fd4 | 4443 | .alg = "authenc(hmac(sha256),cbc(des3_ede))", |
5208ed2c | 4444 | .test = alg_test_aead, |
5208ed2c | 4445 | .suite = { |
a0d608ee | 4446 | .aead = __VECS(hmac_sha256_des3_ede_cbc_tv_temp) |
5208ed2c | 4447 | } |
fb16abc2 MM |
4448 | }, { |
4449 | .alg = "authenc(hmac(sha256),ctr(aes))", | |
4450 | .test = alg_test_null, | |
4451 | .fips_allowed = 1, | |
8888690e MM |
4452 | }, { |
4453 | .alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))", | |
4454 | .test = alg_test_null, | |
4455 | .fips_allowed = 1, | |
5208ed2c | 4456 | }, { |
a4198fd4 | 4457 | .alg = "authenc(hmac(sha384),cbc(des))", |
5208ed2c | 4458 | .test = alg_test_aead, |
5208ed2c | 4459 | .suite = { |
a0d608ee | 4460 | .aead = __VECS(hmac_sha384_des_cbc_tv_temp) |
5208ed2c NL |
4461 | } |
4462 | }, { | |
a4198fd4 | 4463 | .alg = "authenc(hmac(sha384),cbc(des3_ede))", |
5208ed2c | 4464 | .test = alg_test_aead, |
5208ed2c | 4465 | .suite = { |
a0d608ee | 4466 | .aead = __VECS(hmac_sha384_des3_ede_cbc_tv_temp) |
e46e9a46 | 4467 | } |
fb16abc2 MM |
4468 | }, { |
4469 | .alg = "authenc(hmac(sha384),ctr(aes))", | |
4470 | .test = alg_test_null, | |
4471 | .fips_allowed = 1, | |
8888690e MM |
4472 | }, { |
4473 | .alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))", | |
4474 | .test = alg_test_null, | |
4475 | .fips_allowed = 1, | |
e46e9a46 | 4476 | }, { |
a4198fd4 | 4477 | .alg = "authenc(hmac(sha512),cbc(aes))", |
ed1afac9 | 4478 | .fips_allowed = 1, |
e46e9a46 | 4479 | .test = alg_test_aead, |
e46e9a46 | 4480 | .suite = { |
a0d608ee | 4481 | .aead = __VECS(hmac_sha512_aes_cbc_tv_temp) |
5208ed2c NL |
4482 | } |
4483 | }, { | |
a4198fd4 | 4484 | .alg = "authenc(hmac(sha512),cbc(des))", |
5208ed2c | 4485 | .test = alg_test_aead, |
5208ed2c | 4486 | .suite = { |
a0d608ee | 4487 | .aead = __VECS(hmac_sha512_des_cbc_tv_temp) |
5208ed2c NL |
4488 | } |
4489 | }, { | |
a4198fd4 | 4490 | .alg = "authenc(hmac(sha512),cbc(des3_ede))", |
5208ed2c | 4491 | .test = alg_test_aead, |
5208ed2c | 4492 | .suite = { |
a0d608ee | 4493 | .aead = __VECS(hmac_sha512_des3_ede_cbc_tv_temp) |
e46e9a46 | 4494 | } |
fb16abc2 MM |
4495 | }, { |
4496 | .alg = "authenc(hmac(sha512),ctr(aes))", | |
4497 | .test = alg_test_null, | |
4498 | .fips_allowed = 1, | |
8888690e MM |
4499 | }, { |
4500 | .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))", | |
4501 | .test = alg_test_null, | |
4502 | .fips_allowed = 1, | |
a1afe274 DS |
4503 | }, { |
4504 | .alg = "blake2b-160", | |
4505 | .test = alg_test_hash, | |
4506 | .fips_allowed = 0, | |
4507 | .suite = { | |
4508 | .hash = __VECS(blake2b_160_tv_template) | |
4509 | } | |
4510 | }, { | |
4511 | .alg = "blake2b-256", | |
4512 | .test = alg_test_hash, | |
4513 | .fips_allowed = 0, | |
4514 | .suite = { | |
4515 | .hash = __VECS(blake2b_256_tv_template) | |
4516 | } | |
4517 | }, { | |
4518 | .alg = "blake2b-384", | |
4519 | .test = alg_test_hash, | |
4520 | .fips_allowed = 0, | |
4521 | .suite = { | |
4522 | .hash = __VECS(blake2b_384_tv_template) | |
4523 | } | |
4524 | }, { | |
4525 | .alg = "blake2b-512", | |
4526 | .test = alg_test_hash, | |
4527 | .fips_allowed = 0, | |
4528 | .suite = { | |
4529 | .hash = __VECS(blake2b_512_tv_template) | |
4530 | } | |
e08ca2da | 4531 | }, { |
da7f033d | 4532 | .alg = "cbc(aes)", |
1aa4ecd9 | 4533 | .test = alg_test_skcipher, |
a1915d51 | 4534 | .fips_allowed = 1, |
da7f033d | 4535 | .suite = { |
92a4c9fe EB |
4536 | .cipher = __VECS(aes_cbc_tv_template) |
4537 | }, | |
da7f033d HX |
4538 | }, { |
4539 | .alg = "cbc(anubis)", | |
1aa4ecd9 | 4540 | .test = alg_test_skcipher, |
da7f033d | 4541 | .suite = { |
92a4c9fe EB |
4542 | .cipher = __VECS(anubis_cbc_tv_template) |
4543 | }, | |
01ce31de TY |
4544 | }, { |
4545 | .alg = "cbc(aria)", | |
4546 | .test = alg_test_skcipher, | |
4547 | .suite = { | |
4548 | .cipher = __VECS(aria_cbc_tv_template) | |
4549 | }, | |
da7f033d HX |
4550 | }, { |
4551 | .alg = "cbc(blowfish)", | |
1aa4ecd9 | 4552 | .test = alg_test_skcipher, |
da7f033d | 4553 | .suite = { |
92a4c9fe EB |
4554 | .cipher = __VECS(bf_cbc_tv_template) |
4555 | }, | |
da7f033d HX |
4556 | }, { |
4557 | .alg = "cbc(camellia)", | |
1aa4ecd9 | 4558 | .test = alg_test_skcipher, |
da7f033d | 4559 | .suite = { |
92a4c9fe EB |
4560 | .cipher = __VECS(camellia_cbc_tv_template) |
4561 | }, | |
a2c58260 JG |
4562 | }, { |
4563 | .alg = "cbc(cast5)", | |
4564 | .test = alg_test_skcipher, | |
4565 | .suite = { | |
92a4c9fe EB |
4566 | .cipher = __VECS(cast5_cbc_tv_template) |
4567 | }, | |
9b8b0405 JG |
4568 | }, { |
4569 | .alg = "cbc(cast6)", | |
4570 | .test = alg_test_skcipher, | |
4571 | .suite = { | |
92a4c9fe EB |
4572 | .cipher = __VECS(cast6_cbc_tv_template) |
4573 | }, | |
da7f033d HX |
4574 | }, { |
4575 | .alg = "cbc(des)", | |
1aa4ecd9 | 4576 | .test = alg_test_skcipher, |
da7f033d | 4577 | .suite = { |
92a4c9fe EB |
4578 | .cipher = __VECS(des_cbc_tv_template) |
4579 | }, | |
da7f033d HX |
4580 | }, { |
4581 | .alg = "cbc(des3_ede)", | |
1aa4ecd9 | 4582 | .test = alg_test_skcipher, |
da7f033d | 4583 | .suite = { |
92a4c9fe EB |
4584 | .cipher = __VECS(des3_ede_cbc_tv_template) |
4585 | }, | |
a794d8d8 GBY |
4586 | }, { |
4587 | /* Same as cbc(aes) except the key is stored in | |
4588 | * hardware secure memory which we reference by index | |
4589 | */ | |
4590 | .alg = "cbc(paes)", | |
4591 | .test = alg_test_null, | |
4592 | .fips_allowed = 1, | |
f0372c00 GBY |
4593 | }, { |
4594 | /* Same as cbc(sm4) except the key is stored in | |
4595 | * hardware secure memory which we reference by index | |
4596 | */ | |
4597 | .alg = "cbc(psm4)", | |
4598 | .test = alg_test_null, | |
9d25917d JK |
4599 | }, { |
4600 | .alg = "cbc(serpent)", | |
4601 | .test = alg_test_skcipher, | |
4602 | .suite = { | |
92a4c9fe EB |
4603 | .cipher = __VECS(serpent_cbc_tv_template) |
4604 | }, | |
95ba5973 GBY |
4605 | }, { |
4606 | .alg = "cbc(sm4)", | |
4607 | .test = alg_test_skcipher, | |
4608 | .suite = { | |
4609 | .cipher = __VECS(sm4_cbc_tv_template) | |
4610 | } | |
da7f033d HX |
4611 | }, { |
4612 | .alg = "cbc(twofish)", | |
1aa4ecd9 | 4613 | .test = alg_test_skcipher, |
da7f033d | 4614 | .suite = { |
92a4c9fe EB |
4615 | .cipher = __VECS(tf_cbc_tv_template) |
4616 | }, | |
092acf06 | 4617 | }, { |
c7ff8573 HF |
4618 | #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) |
4619 | .alg = "cbc-paes-s390", | |
4620 | .fips_allowed = 1, | |
4621 | .test = alg_test_skcipher, | |
4622 | .suite = { | |
4623 | .cipher = __VECS(aes_cbc_tv_template) | |
4624 | } | |
4625 | }, { | |
4626 | #endif | |
092acf06 | 4627 | .alg = "cbcmac(aes)", |
092acf06 AB |
4628 | .test = alg_test_hash, |
4629 | .suite = { | |
4630 | .hash = __VECS(aes_cbcmac_tv_template) | |
4631 | } | |
68039d60 TZ |
4632 | }, { |
4633 | .alg = "cbcmac(sm4)", | |
4634 | .test = alg_test_hash, | |
4635 | .suite = { | |
4636 | .hash = __VECS(sm4_cbcmac_tv_template) | |
4637 | } | |
da7f033d HX |
4638 | }, { |
4639 | .alg = "ccm(aes)", | |
40153b10 | 4640 | .generic_driver = "ccm_base(ctr(aes-generic),cbcmac(aes-generic))", |
da7f033d | 4641 | .test = alg_test_aead, |
a1915d51 | 4642 | .fips_allowed = 1, |
da7f033d | 4643 | .suite = { |
49763fc6 EB |
4644 | .aead = { |
4645 | ____VECS(aes_ccm_tv_template), | |
4646 | .einval_allowed = 1, | |
4647 | } | |
da7f033d | 4648 | } |
68039d60 TZ |
4649 | }, { |
4650 | .alg = "ccm(sm4)", | |
4651 | .generic_driver = "ccm_base(ctr(sm4-generic),cbcmac(sm4-generic))", | |
4652 | .test = alg_test_aead, | |
4653 | .suite = { | |
4654 | .aead = { | |
4655 | ____VECS(sm4_ccm_tv_template), | |
4656 | .einval_allowed = 1, | |
4657 | } | |
4658 | } | |
3590ebf2 MW |
4659 | }, { |
4660 | .alg = "chacha20", | |
4661 | .test = alg_test_skcipher, | |
4662 | .suite = { | |
92a4c9fe EB |
4663 | .cipher = __VECS(chacha20_tv_template) |
4664 | }, | |
93b5e86a JK |
4665 | }, { |
4666 | .alg = "cmac(aes)", | |
8f183751 | 4667 | .fips_allowed = 1, |
93b5e86a JK |
4668 | .test = alg_test_hash, |
4669 | .suite = { | |
21c8e720 | 4670 | .hash = __VECS(aes_cmac128_tv_template) |
93b5e86a | 4671 | } |
ba24b8eb DH |
4672 | }, { |
4673 | .alg = "cmac(camellia)", | |
4674 | .test = alg_test_hash, | |
4675 | .suite = { | |
4676 | .hash = __VECS(camellia_cmac128_tv_template) | |
4677 | } | |
93b5e86a JK |
4678 | }, { |
4679 | .alg = "cmac(des3_ede)", | |
4680 | .test = alg_test_hash, | |
4681 | .suite = { | |
21c8e720 | 4682 | .hash = __VECS(des3_ede_cmac64_tv_template) |
93b5e86a | 4683 | } |
68039d60 TZ |
4684 | }, { |
4685 | .alg = "cmac(sm4)", | |
4686 | .test = alg_test_hash, | |
4687 | .suite = { | |
4688 | .hash = __VECS(sm4_cmac128_tv_template) | |
4689 | } | |
e448370d JK |
4690 | }, { |
4691 | .alg = "compress_null", | |
4692 | .test = alg_test_null, | |
ebb3472f AB |
4693 | }, { |
4694 | .alg = "crc32", | |
4695 | .test = alg_test_hash, | |
a8a34416 | 4696 | .fips_allowed = 1, |
ebb3472f | 4697 | .suite = { |
21c8e720 | 4698 | .hash = __VECS(crc32_tv_template) |
ebb3472f | 4699 | } |
da7f033d HX |
4700 | }, { |
4701 | .alg = "crc32c", | |
8e3ee85e | 4702 | .test = alg_test_crc32c, |
a1915d51 | 4703 | .fips_allowed = 1, |
da7f033d | 4704 | .suite = { |
21c8e720 | 4705 | .hash = __VECS(crc32c_tv_template) |
da7f033d | 4706 | } |
f3813f4b KB |
4707 | }, { |
4708 | .alg = "crc64-rocksoft", | |
4709 | .test = alg_test_hash, | |
4710 | .fips_allowed = 1, | |
4711 | .suite = { | |
4712 | .hash = __VECS(crc64_rocksoft_tv_template) | |
4713 | } | |
68411521 HX |
4714 | }, { |
4715 | .alg = "crct10dif", | |
4716 | .test = alg_test_hash, | |
4717 | .fips_allowed = 1, | |
4718 | .suite = { | |
21c8e720 | 4719 | .hash = __VECS(crct10dif_tv_template) |
68411521 | 4720 | } |
f7cb80f2 JW |
4721 | }, { |
4722 | .alg = "ctr(aes)", | |
4723 | .test = alg_test_skcipher, | |
a1915d51 | 4724 | .fips_allowed = 1, |
f7cb80f2 | 4725 | .suite = { |
92a4c9fe | 4726 | .cipher = __VECS(aes_ctr_tv_template) |
f7cb80f2 | 4727 | } |
01ce31de TY |
4728 | }, { |
4729 | .alg = "ctr(aria)", | |
4730 | .test = alg_test_skcipher, | |
4731 | .suite = { | |
4732 | .cipher = __VECS(aria_ctr_tv_template) | |
4733 | } | |
85b63e34 JK |
4734 | }, { |
4735 | .alg = "ctr(blowfish)", | |
4736 | .test = alg_test_skcipher, | |
4737 | .suite = { | |
92a4c9fe | 4738 | .cipher = __VECS(bf_ctr_tv_template) |
85b63e34 | 4739 | } |
0840605e JK |
4740 | }, { |
4741 | .alg = "ctr(camellia)", | |
4742 | .test = alg_test_skcipher, | |
4743 | .suite = { | |
92a4c9fe | 4744 | .cipher = __VECS(camellia_ctr_tv_template) |
0840605e | 4745 | } |
a2c58260 JG |
4746 | }, { |
4747 | .alg = "ctr(cast5)", | |
4748 | .test = alg_test_skcipher, | |
4749 | .suite = { | |
92a4c9fe | 4750 | .cipher = __VECS(cast5_ctr_tv_template) |
a2c58260 | 4751 | } |
9b8b0405 JG |
4752 | }, { |
4753 | .alg = "ctr(cast6)", | |
4754 | .test = alg_test_skcipher, | |
4755 | .suite = { | |
92a4c9fe | 4756 | .cipher = __VECS(cast6_ctr_tv_template) |
9b8b0405 | 4757 | } |
8163fc30 JK |
4758 | }, { |
4759 | .alg = "ctr(des)", | |
4760 | .test = alg_test_skcipher, | |
4761 | .suite = { | |
92a4c9fe | 4762 | .cipher = __VECS(des_ctr_tv_template) |
8163fc30 | 4763 | } |
e080b17a JK |
4764 | }, { |
4765 | .alg = "ctr(des3_ede)", | |
4766 | .test = alg_test_skcipher, | |
4767 | .suite = { | |
92a4c9fe | 4768 | .cipher = __VECS(des3_ede_ctr_tv_template) |
e080b17a | 4769 | } |
a794d8d8 GBY |
4770 | }, { |
4771 | /* Same as ctr(aes) except the key is stored in | |
4772 | * hardware secure memory which we reference by index | |
4773 | */ | |
4774 | .alg = "ctr(paes)", | |
4775 | .test = alg_test_null, | |
4776 | .fips_allowed = 1, | |
9d25917d | 4777 | }, { |
f0372c00 GBY |
4778 | |
4779 | /* Same as ctr(sm4) except the key is stored in | |
4780 | * hardware secure memory which we reference by index | |
4781 | */ | |
4782 | .alg = "ctr(psm4)", | |
4783 | .test = alg_test_null, | |
4784 | }, { | |
9d25917d JK |
4785 | .alg = "ctr(serpent)", |
4786 | .test = alg_test_skcipher, | |
4787 | .suite = { | |
92a4c9fe | 4788 | .cipher = __VECS(serpent_ctr_tv_template) |
9d25917d | 4789 | } |
95ba5973 GBY |
4790 | }, { |
4791 | .alg = "ctr(sm4)", | |
4792 | .test = alg_test_skcipher, | |
4793 | .suite = { | |
4794 | .cipher = __VECS(sm4_ctr_tv_template) | |
4795 | } | |
573da620 JK |
4796 | }, { |
4797 | .alg = "ctr(twofish)", | |
4798 | .test = alg_test_skcipher, | |
4799 | .suite = { | |
92a4c9fe | 4800 | .cipher = __VECS(tf_ctr_tv_template) |
573da620 | 4801 | } |
da7f033d | 4802 | }, { |
c7ff8573 HF |
4803 | #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) |
4804 | .alg = "ctr-paes-s390", | |
4805 | .fips_allowed = 1, | |
4806 | .test = alg_test_skcipher, | |
4807 | .suite = { | |
4808 | .cipher = __VECS(aes_ctr_tv_template) | |
4809 | } | |
4810 | }, { | |
4811 | #endif | |
da7f033d | 4812 | .alg = "cts(cbc(aes))", |
1aa4ecd9 | 4813 | .test = alg_test_skcipher, |
196ad604 | 4814 | .fips_allowed = 1, |
da7f033d | 4815 | .suite = { |
92a4c9fe | 4816 | .cipher = __VECS(cts_mode_tv_template) |
da7f033d | 4817 | } |
f0372c00 GBY |
4818 | }, { |
4819 | /* Same as cts(cbc((aes)) except the key is stored in | |
4820 | * hardware secure memory which we reference by index | |
4821 | */ | |
4822 | .alg = "cts(cbc(paes))", | |
4823 | .test = alg_test_null, | |
4824 | .fips_allowed = 1, | |
c24ee936 TZ |
4825 | }, { |
4826 | .alg = "cts(cbc(sm4))", | |
4827 | .test = alg_test_skcipher, | |
4828 | .suite = { | |
4829 | .cipher = __VECS(sm4_cts_tv_template) | |
4830 | } | |
f613457a AB |
4831 | }, { |
4832 | .alg = "curve25519", | |
4833 | .test = alg_test_kpp, | |
4834 | .suite = { | |
4835 | .kpp = __VECS(curve25519_tv_template) | |
4836 | } | |
da7f033d HX |
4837 | }, { |
4838 | .alg = "deflate", | |
4839 | .test = alg_test_comp, | |
0818904d | 4840 | .fips_allowed = 1, |
da7f033d HX |
4841 | .suite = { |
4842 | .comp = { | |
21c8e720 AB |
4843 | .comp = __VECS(deflate_comp_tv_template), |
4844 | .decomp = __VECS(deflate_decomp_tv_template) | |
da7f033d HX |
4845 | } |
4846 | } | |
2ec6761d TZ |
4847 | }, { |
4848 | .alg = "deflate-iaa", | |
4849 | .test = alg_test_comp, | |
4850 | .fips_allowed = 1, | |
4851 | .suite = { | |
4852 | .comp = { | |
4853 | .comp = __VECS(deflate_comp_tv_template), | |
4854 | .decomp = __VECS(deflate_decomp_tv_template) | |
4855 | } | |
4856 | } | |
802c7f1c SB |
4857 | }, { |
4858 | .alg = "dh", | |
4859 | .test = alg_test_kpp, | |
802c7f1c | 4860 | .suite = { |
21c8e720 | 4861 | .kpp = __VECS(dh_tv_template) |
802c7f1c | 4862 | } |
e448370d JK |
4863 | }, { |
4864 | .alg = "digest_null", | |
4865 | .test = alg_test_null, | |
64d1cdfb SM |
4866 | }, { |
4867 | .alg = "drbg_nopr_ctr_aes128", | |
4868 | .test = alg_test_drbg, | |
4869 | .fips_allowed = 1, | |
4870 | .suite = { | |
21c8e720 | 4871 | .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template) |
64d1cdfb SM |
4872 | } |
4873 | }, { | |
4874 | .alg = "drbg_nopr_ctr_aes192", | |
4875 | .test = alg_test_drbg, | |
4876 | .fips_allowed = 1, | |
4877 | .suite = { | |
21c8e720 | 4878 | .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template) |
64d1cdfb SM |
4879 | } |
4880 | }, { | |
4881 | .alg = "drbg_nopr_ctr_aes256", | |
4882 | .test = alg_test_drbg, | |
4883 | .fips_allowed = 1, | |
4884 | .suite = { | |
21c8e720 | 4885 | .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template) |
64d1cdfb | 4886 | } |
64d1cdfb SM |
4887 | }, { |
4888 | .alg = "drbg_nopr_hmac_sha256", | |
4889 | .test = alg_test_drbg, | |
4890 | .fips_allowed = 1, | |
4891 | .suite = { | |
21c8e720 | 4892 | .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template) |
64d1cdfb SM |
4893 | } |
4894 | }, { | |
bc197f57 DJL |
4895 | /* |
4896 | * There is no need to specifically test the DRBG with every | |
4897 | * backend cipher -- covered by drbg_nopr_hmac_sha512 test | |
4898 | */ | |
64d1cdfb | 4899 | .alg = "drbg_nopr_hmac_sha384", |
64d1cdfb SM |
4900 | .test = alg_test_null, |
4901 | }, { | |
4902 | .alg = "drbg_nopr_hmac_sha512", | |
8833272d | 4903 | .test = alg_test_drbg, |
64d1cdfb | 4904 | .fips_allowed = 1, |
8833272d SM |
4905 | .suite = { |
4906 | .drbg = __VECS(drbg_nopr_hmac_sha512_tv_template) | |
4907 | } | |
64d1cdfb SM |
4908 | }, { |
4909 | .alg = "drbg_nopr_sha256", | |
4910 | .test = alg_test_drbg, | |
4911 | .fips_allowed = 1, | |
4912 | .suite = { | |
21c8e720 | 4913 | .drbg = __VECS(drbg_nopr_sha256_tv_template) |
64d1cdfb SM |
4914 | } |
4915 | }, { | |
4916 | /* covered by drbg_nopr_sha256 test */ | |
4917 | .alg = "drbg_nopr_sha384", | |
64d1cdfb SM |
4918 | .test = alg_test_null, |
4919 | }, { | |
4920 | .alg = "drbg_nopr_sha512", | |
4921 | .fips_allowed = 1, | |
4922 | .test = alg_test_null, | |
4923 | }, { | |
4924 | .alg = "drbg_pr_ctr_aes128", | |
4925 | .test = alg_test_drbg, | |
4926 | .fips_allowed = 1, | |
4927 | .suite = { | |
21c8e720 | 4928 | .drbg = __VECS(drbg_pr_ctr_aes128_tv_template) |
64d1cdfb SM |
4929 | } |
4930 | }, { | |
4931 | /* covered by drbg_pr_ctr_aes128 test */ | |
4932 | .alg = "drbg_pr_ctr_aes192", | |
4933 | .fips_allowed = 1, | |
4934 | .test = alg_test_null, | |
4935 | }, { | |
4936 | .alg = "drbg_pr_ctr_aes256", | |
4937 | .fips_allowed = 1, | |
4938 | .test = alg_test_null, | |
64d1cdfb SM |
4939 | }, { |
4940 | .alg = "drbg_pr_hmac_sha256", | |
4941 | .test = alg_test_drbg, | |
4942 | .fips_allowed = 1, | |
4943 | .suite = { | |
21c8e720 | 4944 | .drbg = __VECS(drbg_pr_hmac_sha256_tv_template) |
64d1cdfb SM |
4945 | } |
4946 | }, { | |
4947 | /* covered by drbg_pr_hmac_sha256 test */ | |
4948 | .alg = "drbg_pr_hmac_sha384", | |
64d1cdfb SM |
4949 | .test = alg_test_null, |
4950 | }, { | |
4951 | .alg = "drbg_pr_hmac_sha512", | |
4952 | .test = alg_test_null, | |
4953 | .fips_allowed = 1, | |
64d1cdfb SM |
4954 | }, { |
4955 | .alg = "drbg_pr_sha256", | |
4956 | .test = alg_test_drbg, | |
4957 | .fips_allowed = 1, | |
4958 | .suite = { | |
21c8e720 | 4959 | .drbg = __VECS(drbg_pr_sha256_tv_template) |
64d1cdfb SM |
4960 | } |
4961 | }, { | |
4962 | /* covered by drbg_pr_sha256 test */ | |
4963 | .alg = "drbg_pr_sha384", | |
64d1cdfb SM |
4964 | .test = alg_test_null, |
4965 | }, { | |
4966 | .alg = "drbg_pr_sha512", | |
4967 | .fips_allowed = 1, | |
4968 | .test = alg_test_null, | |
da7f033d HX |
4969 | }, { |
4970 | .alg = "ecb(aes)", | |
1aa4ecd9 | 4971 | .test = alg_test_skcipher, |
a1915d51 | 4972 | .fips_allowed = 1, |
da7f033d | 4973 | .suite = { |
92a4c9fe | 4974 | .cipher = __VECS(aes_tv_template) |
da7f033d HX |
4975 | } |
4976 | }, { | |
4977 | .alg = "ecb(anubis)", | |
1aa4ecd9 | 4978 | .test = alg_test_skcipher, |
da7f033d | 4979 | .suite = { |
92a4c9fe | 4980 | .cipher = __VECS(anubis_tv_template) |
da7f033d HX |
4981 | } |
4982 | }, { | |
4983 | .alg = "ecb(arc4)", | |
9a91792d | 4984 | .generic_driver = "arc4-generic", |
1aa4ecd9 | 4985 | .test = alg_test_skcipher, |
da7f033d | 4986 | .suite = { |
92a4c9fe | 4987 | .cipher = __VECS(arc4_tv_template) |
da7f033d | 4988 | } |
01ce31de TY |
4989 | }, { |
4990 | .alg = "ecb(aria)", | |
4991 | .test = alg_test_skcipher, | |
4992 | .suite = { | |
4993 | .cipher = __VECS(aria_tv_template) | |
4994 | } | |
da7f033d HX |
4995 | }, { |
4996 | .alg = "ecb(blowfish)", | |
1aa4ecd9 | 4997 | .test = alg_test_skcipher, |
da7f033d | 4998 | .suite = { |
92a4c9fe | 4999 | .cipher = __VECS(bf_tv_template) |
da7f033d HX |
5000 | } |
5001 | }, { | |
5002 | .alg = "ecb(camellia)", | |
1aa4ecd9 | 5003 | .test = alg_test_skcipher, |
da7f033d | 5004 | .suite = { |
92a4c9fe | 5005 | .cipher = __VECS(camellia_tv_template) |
da7f033d HX |
5006 | } |
5007 | }, { | |
5008 | .alg = "ecb(cast5)", | |
1aa4ecd9 | 5009 | .test = alg_test_skcipher, |
da7f033d | 5010 | .suite = { |
92a4c9fe | 5011 | .cipher = __VECS(cast5_tv_template) |
da7f033d HX |
5012 | } |
5013 | }, { | |
5014 | .alg = "ecb(cast6)", | |
1aa4ecd9 | 5015 | .test = alg_test_skcipher, |
da7f033d | 5016 | .suite = { |
92a4c9fe | 5017 | .cipher = __VECS(cast6_tv_template) |
da7f033d | 5018 | } |
e448370d JK |
5019 | }, { |
5020 | .alg = "ecb(cipher_null)", | |
5021 | .test = alg_test_null, | |
6175ca2b | 5022 | .fips_allowed = 1, |
da7f033d HX |
5023 | }, { |
5024 | .alg = "ecb(des)", | |
1aa4ecd9 | 5025 | .test = alg_test_skcipher, |
da7f033d | 5026 | .suite = { |
92a4c9fe | 5027 | .cipher = __VECS(des_tv_template) |
da7f033d HX |
5028 | } |
5029 | }, { | |
5030 | .alg = "ecb(des3_ede)", | |
1aa4ecd9 | 5031 | .test = alg_test_skcipher, |
da7f033d | 5032 | .suite = { |
92a4c9fe | 5033 | .cipher = __VECS(des3_ede_tv_template) |
da7f033d | 5034 | } |
66e5bd00 JK |
5035 | }, { |
5036 | .alg = "ecb(fcrypt)", | |
5037 | .test = alg_test_skcipher, | |
5038 | .suite = { | |
5039 | .cipher = { | |
92a4c9fe EB |
5040 | .vecs = fcrypt_pcbc_tv_template, |
5041 | .count = 1 | |
66e5bd00 JK |
5042 | } |
5043 | } | |
da7f033d HX |
5044 | }, { |
5045 | .alg = "ecb(khazad)", | |
1aa4ecd9 | 5046 | .test = alg_test_skcipher, |
da7f033d | 5047 | .suite = { |
92a4c9fe | 5048 | .cipher = __VECS(khazad_tv_template) |
da7f033d | 5049 | } |
15f47ce5 GBY |
5050 | }, { |
5051 | /* Same as ecb(aes) except the key is stored in | |
5052 | * hardware secure memory which we reference by index | |
5053 | */ | |
5054 | .alg = "ecb(paes)", | |
5055 | .test = alg_test_null, | |
5056 | .fips_allowed = 1, | |
da7f033d HX |
5057 | }, { |
5058 | .alg = "ecb(seed)", | |
1aa4ecd9 | 5059 | .test = alg_test_skcipher, |
da7f033d | 5060 | .suite = { |
92a4c9fe | 5061 | .cipher = __VECS(seed_tv_template) |
da7f033d HX |
5062 | } |
5063 | }, { | |
5064 | .alg = "ecb(serpent)", | |
1aa4ecd9 | 5065 | .test = alg_test_skcipher, |
da7f033d | 5066 | .suite = { |
92a4c9fe | 5067 | .cipher = __VECS(serpent_tv_template) |
da7f033d | 5068 | } |
cd83a8a7 GBY |
5069 | }, { |
5070 | .alg = "ecb(sm4)", | |
5071 | .test = alg_test_skcipher, | |
5072 | .suite = { | |
92a4c9fe | 5073 | .cipher = __VECS(sm4_tv_template) |
cd83a8a7 | 5074 | } |
da7f033d HX |
5075 | }, { |
5076 | .alg = "ecb(tea)", | |
1aa4ecd9 | 5077 | .test = alg_test_skcipher, |
da7f033d | 5078 | .suite = { |
92a4c9fe | 5079 | .cipher = __VECS(tea_tv_template) |
da7f033d | 5080 | } |
da7f033d HX |
5081 | }, { |
5082 | .alg = "ecb(twofish)", | |
1aa4ecd9 | 5083 | .test = alg_test_skcipher, |
da7f033d | 5084 | .suite = { |
92a4c9fe | 5085 | .cipher = __VECS(tf_tv_template) |
da7f033d HX |
5086 | } |
5087 | }, { | |
5088 | .alg = "ecb(xeta)", | |
1aa4ecd9 | 5089 | .test = alg_test_skcipher, |
da7f033d | 5090 | .suite = { |
92a4c9fe | 5091 | .cipher = __VECS(xeta_tv_template) |
da7f033d HX |
5092 | } |
5093 | }, { | |
5094 | .alg = "ecb(xtea)", | |
1aa4ecd9 | 5095 | .test = alg_test_skcipher, |
da7f033d | 5096 | .suite = { |
92a4c9fe | 5097 | .cipher = __VECS(xtea_tv_template) |
da7f033d | 5098 | } |
3c4b2390 | 5099 | }, { |
c7ff8573 HF |
5100 | #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) |
5101 | .alg = "ecb-paes-s390", | |
5102 | .fips_allowed = 1, | |
5103 | .test = alg_test_skcipher, | |
5104 | .suite = { | |
5105 | .cipher = __VECS(aes_tv_template) | |
5106 | } | |
5107 | }, { | |
5108 | #endif | |
6763f5ea | 5109 | .alg = "ecdh-nist-p192", |
3c4b2390 | 5110 | .test = alg_test_kpp, |
3c4b2390 | 5111 | .suite = { |
6763f5ea MY |
5112 | .kpp = __VECS(ecdh_p192_tv_template) |
5113 | } | |
5114 | }, { | |
6763f5ea MY |
5115 | .alg = "ecdh-nist-p256", |
5116 | .test = alg_test_kpp, | |
5117 | .fips_allowed = 1, | |
5118 | .suite = { | |
5119 | .kpp = __VECS(ecdh_p256_tv_template) | |
3c4b2390 | 5120 | } |
8e568fc2 HT |
5121 | }, { |
5122 | .alg = "ecdh-nist-p384", | |
5123 | .test = alg_test_kpp, | |
5124 | .fips_allowed = 1, | |
5125 | .suite = { | |
5126 | .kpp = __VECS(ecdh_p384_tv_template) | |
5127 | } | |
4e660291 SB |
5128 | }, { |
5129 | .alg = "ecdsa-nist-p192", | |
5130 | .test = alg_test_akcipher, | |
5131 | .suite = { | |
5132 | .akcipher = __VECS(ecdsa_nist_p192_tv_template) | |
5133 | } | |
5134 | }, { | |
5135 | .alg = "ecdsa-nist-p256", | |
5136 | .test = alg_test_akcipher, | |
c27b2d20 | 5137 | .fips_allowed = 1, |
4e660291 SB |
5138 | .suite = { |
5139 | .akcipher = __VECS(ecdsa_nist_p256_tv_template) | |
5140 | } | |
c12d448b SA |
5141 | }, { |
5142 | .alg = "ecdsa-nist-p384", | |
5143 | .test = alg_test_akcipher, | |
c27b2d20 | 5144 | .fips_allowed = 1, |
c12d448b SA |
5145 | .suite = { |
5146 | .akcipher = __VECS(ecdsa_nist_p384_tv_template) | |
5147 | } | |
a7d45ba7 SB |
5148 | }, { |
5149 | .alg = "ecdsa-nist-p521", | |
5150 | .test = alg_test_akcipher, | |
5151 | .fips_allowed = 1, | |
5152 | .suite = { | |
5153 | .akcipher = __VECS(ecdsa_nist_p521_tv_template) | |
5154 | } | |
32fbdbd3 VC |
5155 | }, { |
5156 | .alg = "ecrdsa", | |
5157 | .test = alg_test_akcipher, | |
5158 | .suite = { | |
5159 | .akcipher = __VECS(ecrdsa_tv_template) | |
5160 | } | |
f975abb2 AB |
5161 | }, { |
5162 | .alg = "essiv(authenc(hmac(sha256),cbc(aes)),sha256)", | |
5163 | .test = alg_test_aead, | |
5164 | .fips_allowed = 1, | |
5165 | .suite = { | |
5166 | .aead = __VECS(essiv_hmac_sha256_aes_cbc_tv_temp) | |
5167 | } | |
5168 | }, { | |
5169 | .alg = "essiv(cbc(aes),sha256)", | |
5170 | .test = alg_test_skcipher, | |
5171 | .fips_allowed = 1, | |
5172 | .suite = { | |
5173 | .cipher = __VECS(essiv_aes_cbc_tv_template) | |
5174 | } | |
da7f033d | 5175 | }, { |
60a273e9 NS |
5176 | #if IS_ENABLED(CONFIG_CRYPTO_DH_RFC7919_GROUPS) |
5177 | .alg = "ffdhe2048(dh)", | |
5178 | .test = alg_test_kpp, | |
5179 | .fips_allowed = 1, | |
5180 | .suite = { | |
5181 | .kpp = __VECS(ffdhe2048_dh_tv_template) | |
5182 | } | |
5183 | }, { | |
5184 | .alg = "ffdhe3072(dh)", | |
5185 | .test = alg_test_kpp, | |
5186 | .fips_allowed = 1, | |
5187 | .suite = { | |
5188 | .kpp = __VECS(ffdhe3072_dh_tv_template) | |
5189 | } | |
5190 | }, { | |
5191 | .alg = "ffdhe4096(dh)", | |
5192 | .test = alg_test_kpp, | |
5193 | .fips_allowed = 1, | |
5194 | .suite = { | |
5195 | .kpp = __VECS(ffdhe4096_dh_tv_template) | |
5196 | } | |
5197 | }, { | |
5198 | .alg = "ffdhe6144(dh)", | |
5199 | .test = alg_test_kpp, | |
5200 | .fips_allowed = 1, | |
5201 | .suite = { | |
5202 | .kpp = __VECS(ffdhe6144_dh_tv_template) | |
5203 | } | |
5204 | }, { | |
5205 | .alg = "ffdhe8192(dh)", | |
5206 | .test = alg_test_kpp, | |
5207 | .fips_allowed = 1, | |
5208 | .suite = { | |
5209 | .kpp = __VECS(ffdhe8192_dh_tv_template) | |
5210 | } | |
5211 | }, { | |
5212 | #endif /* CONFIG_CRYPTO_DH_RFC7919_GROUPS */ | |
da7f033d | 5213 | .alg = "gcm(aes)", |
40153b10 | 5214 | .generic_driver = "gcm_base(ctr(aes-generic),ghash-generic)", |
da7f033d | 5215 | .test = alg_test_aead, |
a1915d51 | 5216 | .fips_allowed = 1, |
da7f033d | 5217 | .suite = { |
a0d608ee | 5218 | .aead = __VECS(aes_gcm_tv_template) |
68039d60 | 5219 | } |
01ce31de TY |
5220 | }, { |
5221 | .alg = "gcm(aria)", | |
5222 | .generic_driver = "gcm_base(ctr(aria-generic),ghash-generic)", | |
5223 | .test = alg_test_aead, | |
5224 | .suite = { | |
5225 | .aead = __VECS(aria_gcm_tv_template) | |
5226 | } | |
68039d60 TZ |
5227 | }, { |
5228 | .alg = "gcm(sm4)", | |
5229 | .generic_driver = "gcm_base(ctr(sm4-generic),ghash-generic)", | |
5230 | .test = alg_test_aead, | |
5231 | .suite = { | |
5232 | .aead = __VECS(sm4_gcm_tv_template) | |
da7f033d | 5233 | } |
507069c9 YS |
5234 | }, { |
5235 | .alg = "ghash", | |
5236 | .test = alg_test_hash, | |
5237 | .suite = { | |
21c8e720 | 5238 | .hash = __VECS(ghash_tv_template) |
507069c9 | 5239 | } |
7ff554ce NH |
5240 | }, { |
5241 | .alg = "hctr2(aes)", | |
5242 | .generic_driver = | |
5243 | "hctr2_base(xctr(aes-generic),polyval-generic)", | |
5244 | .test = alg_test_skcipher, | |
5245 | .suite = { | |
5246 | .cipher = __VECS(aes_hctr2_tv_template) | |
5247 | } | |
da7f033d HX |
5248 | }, { |
5249 | .alg = "hmac(md5)", | |
5250 | .test = alg_test_hash, | |
5251 | .suite = { | |
21c8e720 | 5252 | .hash = __VECS(hmac_md5_tv_template) |
da7f033d | 5253 | } |
da7f033d HX |
5254 | }, { |
5255 | .alg = "hmac(rmd160)", | |
5256 | .test = alg_test_hash, | |
5257 | .suite = { | |
21c8e720 | 5258 | .hash = __VECS(hmac_rmd160_tv_template) |
da7f033d HX |
5259 | } |
5260 | }, { | |
5261 | .alg = "hmac(sha1)", | |
5262 | .test = alg_test_hash, | |
a1915d51 | 5263 | .fips_allowed = 1, |
da7f033d | 5264 | .suite = { |
21c8e720 | 5265 | .hash = __VECS(hmac_sha1_tv_template) |
da7f033d HX |
5266 | } |
5267 | }, { | |
5268 | .alg = "hmac(sha224)", | |
5269 | .test = alg_test_hash, | |
a1915d51 | 5270 | .fips_allowed = 1, |
da7f033d | 5271 | .suite = { |
21c8e720 | 5272 | .hash = __VECS(hmac_sha224_tv_template) |
da7f033d HX |
5273 | } |
5274 | }, { | |
5275 | .alg = "hmac(sha256)", | |
5276 | .test = alg_test_hash, | |
a1915d51 | 5277 | .fips_allowed = 1, |
da7f033d | 5278 | .suite = { |
21c8e720 | 5279 | .hash = __VECS(hmac_sha256_tv_template) |
da7f033d | 5280 | } |
98eca72f | 5281 | }, { |
5282 | .alg = "hmac(sha3-224)", | |
5283 | .test = alg_test_hash, | |
5284 | .fips_allowed = 1, | |
5285 | .suite = { | |
21c8e720 | 5286 | .hash = __VECS(hmac_sha3_224_tv_template) |
98eca72f | 5287 | } |
5288 | }, { | |
5289 | .alg = "hmac(sha3-256)", | |
5290 | .test = alg_test_hash, | |
5291 | .fips_allowed = 1, | |
5292 | .suite = { | |
21c8e720 | 5293 | .hash = __VECS(hmac_sha3_256_tv_template) |
98eca72f | 5294 | } |
5295 | }, { | |
5296 | .alg = "hmac(sha3-384)", | |
5297 | .test = alg_test_hash, | |
5298 | .fips_allowed = 1, | |
5299 | .suite = { | |
21c8e720 | 5300 | .hash = __VECS(hmac_sha3_384_tv_template) |
98eca72f | 5301 | } |
5302 | }, { | |
5303 | .alg = "hmac(sha3-512)", | |
5304 | .test = alg_test_hash, | |
5305 | .fips_allowed = 1, | |
5306 | .suite = { | |
21c8e720 | 5307 | .hash = __VECS(hmac_sha3_512_tv_template) |
98eca72f | 5308 | } |
da7f033d HX |
5309 | }, { |
5310 | .alg = "hmac(sha384)", | |
5311 | .test = alg_test_hash, | |
a1915d51 | 5312 | .fips_allowed = 1, |
da7f033d | 5313 | .suite = { |
21c8e720 | 5314 | .hash = __VECS(hmac_sha384_tv_template) |
da7f033d HX |
5315 | } |
5316 | }, { | |
5317 | .alg = "hmac(sha512)", | |
5318 | .test = alg_test_hash, | |
a1915d51 | 5319 | .fips_allowed = 1, |
da7f033d | 5320 | .suite = { |
21c8e720 | 5321 | .hash = __VECS(hmac_sha512_tv_template) |
da7f033d | 5322 | } |
8194fd1d PL |
5323 | }, { |
5324 | .alg = "hmac(sm3)", | |
5325 | .test = alg_test_hash, | |
5326 | .suite = { | |
5327 | .hash = __VECS(hmac_sm3_tv_template) | |
5328 | } | |
25a0b9d4 VC |
5329 | }, { |
5330 | .alg = "hmac(streebog256)", | |
5331 | .test = alg_test_hash, | |
5332 | .suite = { | |
5333 | .hash = __VECS(hmac_streebog256_tv_template) | |
5334 | } | |
5335 | }, { | |
5336 | .alg = "hmac(streebog512)", | |
5337 | .test = alg_test_hash, | |
5338 | .suite = { | |
5339 | .hash = __VECS(hmac_streebog512_tv_template) | |
5340 | } | |
bb5530e4 SM |
5341 | }, { |
5342 | .alg = "jitterentropy_rng", | |
5343 | .fips_allowed = 1, | |
5344 | .test = alg_test_null, | |
35351988 SM |
5345 | }, { |
5346 | .alg = "kw(aes)", | |
5347 | .test = alg_test_skcipher, | |
5348 | .fips_allowed = 1, | |
5349 | .suite = { | |
92a4c9fe | 5350 | .cipher = __VECS(aes_kw_tv_template) |
35351988 | 5351 | } |
da7f033d HX |
5352 | }, { |
5353 | .alg = "lrw(aes)", | |
d435e10e | 5354 | .generic_driver = "lrw(ecb(aes-generic))", |
1aa4ecd9 | 5355 | .test = alg_test_skcipher, |
da7f033d | 5356 | .suite = { |
92a4c9fe | 5357 | .cipher = __VECS(aes_lrw_tv_template) |
da7f033d | 5358 | } |
0840605e JK |
5359 | }, { |
5360 | .alg = "lrw(camellia)", | |
d435e10e | 5361 | .generic_driver = "lrw(ecb(camellia-generic))", |
0840605e JK |
5362 | .test = alg_test_skcipher, |
5363 | .suite = { | |
92a4c9fe | 5364 | .cipher = __VECS(camellia_lrw_tv_template) |
0840605e | 5365 | } |
9b8b0405 JG |
5366 | }, { |
5367 | .alg = "lrw(cast6)", | |
d435e10e | 5368 | .generic_driver = "lrw(ecb(cast6-generic))", |
9b8b0405 JG |
5369 | .test = alg_test_skcipher, |
5370 | .suite = { | |
92a4c9fe | 5371 | .cipher = __VECS(cast6_lrw_tv_template) |
9b8b0405 | 5372 | } |
d7bfc0fa JK |
5373 | }, { |
5374 | .alg = "lrw(serpent)", | |
d435e10e | 5375 | .generic_driver = "lrw(ecb(serpent-generic))", |
d7bfc0fa JK |
5376 | .test = alg_test_skcipher, |
5377 | .suite = { | |
92a4c9fe | 5378 | .cipher = __VECS(serpent_lrw_tv_template) |
d7bfc0fa | 5379 | } |
0b2a1551 JK |
5380 | }, { |
5381 | .alg = "lrw(twofish)", | |
d435e10e | 5382 | .generic_driver = "lrw(ecb(twofish-generic))", |
0b2a1551 JK |
5383 | .test = alg_test_skcipher, |
5384 | .suite = { | |
92a4c9fe | 5385 | .cipher = __VECS(tf_lrw_tv_template) |
0b2a1551 | 5386 | } |
1443cc9b KK |
5387 | }, { |
5388 | .alg = "lz4", | |
5389 | .test = alg_test_comp, | |
5390 | .fips_allowed = 1, | |
5391 | .suite = { | |
5392 | .comp = { | |
21c8e720 AB |
5393 | .comp = __VECS(lz4_comp_tv_template), |
5394 | .decomp = __VECS(lz4_decomp_tv_template) | |
1443cc9b KK |
5395 | } |
5396 | } | |
5397 | }, { | |
5398 | .alg = "lz4hc", | |
5399 | .test = alg_test_comp, | |
5400 | .fips_allowed = 1, | |
5401 | .suite = { | |
5402 | .comp = { | |
21c8e720 AB |
5403 | .comp = __VECS(lz4hc_comp_tv_template), |
5404 | .decomp = __VECS(lz4hc_decomp_tv_template) | |
1443cc9b KK |
5405 | } |
5406 | } | |
da7f033d HX |
5407 | }, { |
5408 | .alg = "lzo", | |
5409 | .test = alg_test_comp, | |
0818904d | 5410 | .fips_allowed = 1, |
da7f033d HX |
5411 | .suite = { |
5412 | .comp = { | |
21c8e720 AB |
5413 | .comp = __VECS(lzo_comp_tv_template), |
5414 | .decomp = __VECS(lzo_decomp_tv_template) | |
da7f033d HX |
5415 | } |
5416 | } | |
f248caf9 HP |
5417 | }, { |
5418 | .alg = "lzo-rle", | |
5419 | .test = alg_test_comp, | |
5420 | .fips_allowed = 1, | |
5421 | .suite = { | |
5422 | .comp = { | |
5423 | .comp = __VECS(lzorle_comp_tv_template), | |
5424 | .decomp = __VECS(lzorle_decomp_tv_template) | |
5425 | } | |
5426 | } | |
da7f033d HX |
5427 | }, { |
5428 | .alg = "md4", | |
5429 | .test = alg_test_hash, | |
5430 | .suite = { | |
21c8e720 | 5431 | .hash = __VECS(md4_tv_template) |
da7f033d HX |
5432 | } |
5433 | }, { | |
5434 | .alg = "md5", | |
5435 | .test = alg_test_hash, | |
5436 | .suite = { | |
21c8e720 | 5437 | .hash = __VECS(md5_tv_template) |
da7f033d HX |
5438 | } |
5439 | }, { | |
5440 | .alg = "michael_mic", | |
5441 | .test = alg_test_hash, | |
5442 | .suite = { | |
21c8e720 | 5443 | .hash = __VECS(michael_mic_tv_template) |
da7f033d | 5444 | } |
26609a21 EB |
5445 | }, { |
5446 | .alg = "nhpoly1305", | |
5447 | .test = alg_test_hash, | |
5448 | .suite = { | |
5449 | .hash = __VECS(nhpoly1305_tv_template) | |
5450 | } | |
da7f033d HX |
5451 | }, { |
5452 | .alg = "pcbc(fcrypt)", | |
1aa4ecd9 | 5453 | .test = alg_test_skcipher, |
da7f033d | 5454 | .suite = { |
92a4c9fe | 5455 | .cipher = __VECS(fcrypt_pcbc_tv_template) |
da7f033d | 5456 | } |
1207107c SM |
5457 | }, { |
5458 | .alg = "pkcs1pad(rsa,sha224)", | |
5459 | .test = alg_test_null, | |
5460 | .fips_allowed = 1, | |
5461 | }, { | |
5462 | .alg = "pkcs1pad(rsa,sha256)", | |
5463 | .test = alg_test_akcipher, | |
5464 | .fips_allowed = 1, | |
5465 | .suite = { | |
5466 | .akcipher = __VECS(pkcs1pad_rsa_tv_template) | |
5467 | } | |
5468 | }, { | |
b030c458 | 5469 | .alg = "pkcs1pad(rsa,sha3-256)", |
1207107c SM |
5470 | .test = alg_test_null, |
5471 | .fips_allowed = 1, | |
5472 | }, { | |
b030c458 | 5473 | .alg = "pkcs1pad(rsa,sha3-384)", |
1207107c SM |
5474 | .test = alg_test_null, |
5475 | .fips_allowed = 1, | |
ee62afb9 | 5476 | }, { |
b030c458 | 5477 | .alg = "pkcs1pad(rsa,sha3-512)", |
ee62afb9 DJL |
5478 | .test = alg_test_null, |
5479 | .fips_allowed = 1, | |
5480 | }, { | |
b030c458 | 5481 | .alg = "pkcs1pad(rsa,sha384)", |
ee62afb9 DJL |
5482 | .test = alg_test_null, |
5483 | .fips_allowed = 1, | |
5484 | }, { | |
b030c458 | 5485 | .alg = "pkcs1pad(rsa,sha512)", |
ee62afb9 DJL |
5486 | .test = alg_test_null, |
5487 | .fips_allowed = 1, | |
eee9dc61 MW |
5488 | }, { |
5489 | .alg = "poly1305", | |
5490 | .test = alg_test_hash, | |
5491 | .suite = { | |
21c8e720 | 5492 | .hash = __VECS(poly1305_tv_template) |
eee9dc61 | 5493 | } |
f3c923a0 NH |
5494 | }, { |
5495 | .alg = "polyval", | |
5496 | .test = alg_test_hash, | |
5497 | .suite = { | |
5498 | .hash = __VECS(polyval_tv_template) | |
5499 | } | |
da7f033d HX |
5500 | }, { |
5501 | .alg = "rfc3686(ctr(aes))", | |
1aa4ecd9 | 5502 | .test = alg_test_skcipher, |
a1915d51 | 5503 | .fips_allowed = 1, |
da7f033d | 5504 | .suite = { |
92a4c9fe | 5505 | .cipher = __VECS(aes_ctr_rfc3686_tv_template) |
da7f033d | 5506 | } |
e4886214 PL |
5507 | }, { |
5508 | .alg = "rfc3686(ctr(sm4))", | |
5509 | .test = alg_test_skcipher, | |
5510 | .suite = { | |
5511 | .cipher = __VECS(sm4_ctr_rfc3686_tv_template) | |
5512 | } | |
5d667322 | 5513 | }, { |
3f31a740 | 5514 | .alg = "rfc4106(gcm(aes))", |
40153b10 | 5515 | .generic_driver = "rfc4106(gcm_base(ctr(aes-generic),ghash-generic))", |
69435b94 | 5516 | .test = alg_test_aead, |
db71f29a | 5517 | .fips_allowed = 1, |
69435b94 | 5518 | .suite = { |
49763fc6 EB |
5519 | .aead = { |
5520 | ____VECS(aes_gcm_rfc4106_tv_template), | |
5521 | .einval_allowed = 1, | |
6f3a06d9 | 5522 | .aad_iv = 1, |
49763fc6 | 5523 | } |
69435b94 AH |
5524 | } |
5525 | }, { | |
544c436a | 5526 | .alg = "rfc4309(ccm(aes))", |
40153b10 | 5527 | .generic_driver = "rfc4309(ccm_base(ctr(aes-generic),cbcmac(aes-generic)))", |
5d667322 | 5528 | .test = alg_test_aead, |
a1915d51 | 5529 | .fips_allowed = 1, |
5d667322 | 5530 | .suite = { |
49763fc6 EB |
5531 | .aead = { |
5532 | ____VECS(aes_ccm_rfc4309_tv_template), | |
5533 | .einval_allowed = 1, | |
6f3a06d9 | 5534 | .aad_iv = 1, |
49763fc6 | 5535 | } |
5d667322 | 5536 | } |
e9b7441a | 5537 | }, { |
bb68745e | 5538 | .alg = "rfc4543(gcm(aes))", |
40153b10 | 5539 | .generic_driver = "rfc4543(gcm_base(ctr(aes-generic),ghash-generic))", |
e9b7441a JK |
5540 | .test = alg_test_aead, |
5541 | .suite = { | |
49763fc6 EB |
5542 | .aead = { |
5543 | ____VECS(aes_gcm_rfc4543_tv_template), | |
5544 | .einval_allowed = 1, | |
6f3a06d9 | 5545 | .aad_iv = 1, |
49763fc6 | 5546 | } |
e9b7441a | 5547 | } |
af2b76b5 MW |
5548 | }, { |
5549 | .alg = "rfc7539(chacha20,poly1305)", | |
5550 | .test = alg_test_aead, | |
5551 | .suite = { | |
a0d608ee | 5552 | .aead = __VECS(rfc7539_tv_template) |
af2b76b5 | 5553 | } |
5900758d MW |
5554 | }, { |
5555 | .alg = "rfc7539esp(chacha20,poly1305)", | |
5556 | .test = alg_test_aead, | |
5557 | .suite = { | |
49763fc6 EB |
5558 | .aead = { |
5559 | ____VECS(rfc7539esp_tv_template), | |
5560 | .einval_allowed = 1, | |
6f3a06d9 | 5561 | .aad_iv = 1, |
49763fc6 | 5562 | } |
5900758d | 5563 | } |
da7f033d HX |
5564 | }, { |
5565 | .alg = "rmd160", | |
5566 | .test = alg_test_hash, | |
5567 | .suite = { | |
21c8e720 | 5568 | .hash = __VECS(rmd160_tv_template) |
da7f033d | 5569 | } |
946cc463 TS |
5570 | }, { |
5571 | .alg = "rsa", | |
5572 | .test = alg_test_akcipher, | |
5573 | .fips_allowed = 1, | |
5574 | .suite = { | |
21c8e720 | 5575 | .akcipher = __VECS(rsa_tv_template) |
946cc463 | 5576 | } |
da7f033d HX |
5577 | }, { |
5578 | .alg = "sha1", | |
5579 | .test = alg_test_hash, | |
a1915d51 | 5580 | .fips_allowed = 1, |
da7f033d | 5581 | .suite = { |
21c8e720 | 5582 | .hash = __VECS(sha1_tv_template) |
da7f033d HX |
5583 | } |
5584 | }, { | |
5585 | .alg = "sha224", | |
5586 | .test = alg_test_hash, | |
a1915d51 | 5587 | .fips_allowed = 1, |
da7f033d | 5588 | .suite = { |
21c8e720 | 5589 | .hash = __VECS(sha224_tv_template) |
da7f033d HX |
5590 | } |
5591 | }, { | |
5592 | .alg = "sha256", | |
5593 | .test = alg_test_hash, | |
a1915d51 | 5594 | .fips_allowed = 1, |
da7f033d | 5595 | .suite = { |
21c8e720 | 5596 | .hash = __VECS(sha256_tv_template) |
da7f033d | 5597 | } |
79cc6ab8 | 5598 | }, { |
5599 | .alg = "sha3-224", | |
5600 | .test = alg_test_hash, | |
5601 | .fips_allowed = 1, | |
5602 | .suite = { | |
21c8e720 | 5603 | .hash = __VECS(sha3_224_tv_template) |
79cc6ab8 | 5604 | } |
5605 | }, { | |
5606 | .alg = "sha3-256", | |
5607 | .test = alg_test_hash, | |
5608 | .fips_allowed = 1, | |
5609 | .suite = { | |
21c8e720 | 5610 | .hash = __VECS(sha3_256_tv_template) |
79cc6ab8 | 5611 | } |
5612 | }, { | |
5613 | .alg = "sha3-384", | |
5614 | .test = alg_test_hash, | |
5615 | .fips_allowed = 1, | |
5616 | .suite = { | |
21c8e720 | 5617 | .hash = __VECS(sha3_384_tv_template) |
79cc6ab8 | 5618 | } |
5619 | }, { | |
5620 | .alg = "sha3-512", | |
5621 | .test = alg_test_hash, | |
5622 | .fips_allowed = 1, | |
5623 | .suite = { | |
21c8e720 | 5624 | .hash = __VECS(sha3_512_tv_template) |
79cc6ab8 | 5625 | } |
da7f033d HX |
5626 | }, { |
5627 | .alg = "sha384", | |
5628 | .test = alg_test_hash, | |
a1915d51 | 5629 | .fips_allowed = 1, |
da7f033d | 5630 | .suite = { |
21c8e720 | 5631 | .hash = __VECS(sha384_tv_template) |
da7f033d HX |
5632 | } |
5633 | }, { | |
5634 | .alg = "sha512", | |
5635 | .test = alg_test_hash, | |
a1915d51 | 5636 | .fips_allowed = 1, |
da7f033d | 5637 | .suite = { |
21c8e720 | 5638 | .hash = __VECS(sha512_tv_template) |
da7f033d | 5639 | } |
b7e27530 GBY |
5640 | }, { |
5641 | .alg = "sm3", | |
5642 | .test = alg_test_hash, | |
5643 | .suite = { | |
5644 | .hash = __VECS(sm3_tv_template) | |
5645 | } | |
25a0b9d4 VC |
5646 | }, { |
5647 | .alg = "streebog256", | |
5648 | .test = alg_test_hash, | |
5649 | .suite = { | |
5650 | .hash = __VECS(streebog256_tv_template) | |
5651 | } | |
5652 | }, { | |
5653 | .alg = "streebog512", | |
5654 | .test = alg_test_hash, | |
5655 | .suite = { | |
5656 | .hash = __VECS(streebog512_tv_template) | |
5657 | } | |
ed331ada EB |
5658 | }, { |
5659 | .alg = "vmac64(aes)", | |
5660 | .test = alg_test_hash, | |
5661 | .suite = { | |
5662 | .hash = __VECS(vmac64_aes_tv_template) | |
5663 | } | |
da7f033d HX |
5664 | }, { |
5665 | .alg = "wp256", | |
5666 | .test = alg_test_hash, | |
5667 | .suite = { | |
21c8e720 | 5668 | .hash = __VECS(wp256_tv_template) |
da7f033d HX |
5669 | } |
5670 | }, { | |
5671 | .alg = "wp384", | |
5672 | .test = alg_test_hash, | |
5673 | .suite = { | |
21c8e720 | 5674 | .hash = __VECS(wp384_tv_template) |
da7f033d HX |
5675 | } |
5676 | }, { | |
5677 | .alg = "wp512", | |
5678 | .test = alg_test_hash, | |
5679 | .suite = { | |
21c8e720 | 5680 | .hash = __VECS(wp512_tv_template) |
da7f033d HX |
5681 | } |
5682 | }, { | |
5683 | .alg = "xcbc(aes)", | |
5684 | .test = alg_test_hash, | |
5685 | .suite = { | |
21c8e720 | 5686 | .hash = __VECS(aes_xcbc128_tv_template) |
da7f033d | 5687 | } |
c24ee936 TZ |
5688 | }, { |
5689 | .alg = "xcbc(sm4)", | |
5690 | .test = alg_test_hash, | |
5691 | .suite = { | |
5692 | .hash = __VECS(sm4_xcbc128_tv_template) | |
5693 | } | |
aa762409 EB |
5694 | }, { |
5695 | .alg = "xchacha12", | |
5696 | .test = alg_test_skcipher, | |
5697 | .suite = { | |
5698 | .cipher = __VECS(xchacha12_tv_template) | |
5699 | }, | |
de61d7ae EB |
5700 | }, { |
5701 | .alg = "xchacha20", | |
5702 | .test = alg_test_skcipher, | |
5703 | .suite = { | |
5704 | .cipher = __VECS(xchacha20_tv_template) | |
5705 | }, | |
17fee07a NH |
5706 | }, { |
5707 | .alg = "xctr(aes)", | |
5708 | .test = alg_test_skcipher, | |
5709 | .suite = { | |
5710 | .cipher = __VECS(aes_xctr_tv_template) | |
5711 | } | |
da7f033d HX |
5712 | }, { |
5713 | .alg = "xts(aes)", | |
d435e10e | 5714 | .generic_driver = "xts(ecb(aes-generic))", |
1aa4ecd9 | 5715 | .test = alg_test_skcipher, |
2918aa8d | 5716 | .fips_allowed = 1, |
da7f033d | 5717 | .suite = { |
92a4c9fe | 5718 | .cipher = __VECS(aes_xts_tv_template) |
da7f033d | 5719 | } |
0840605e JK |
5720 | }, { |
5721 | .alg = "xts(camellia)", | |
d435e10e | 5722 | .generic_driver = "xts(ecb(camellia-generic))", |
0840605e JK |
5723 | .test = alg_test_skcipher, |
5724 | .suite = { | |
92a4c9fe | 5725 | .cipher = __VECS(camellia_xts_tv_template) |
0840605e | 5726 | } |
9b8b0405 JG |
5727 | }, { |
5728 | .alg = "xts(cast6)", | |
d435e10e | 5729 | .generic_driver = "xts(ecb(cast6-generic))", |
9b8b0405 JG |
5730 | .test = alg_test_skcipher, |
5731 | .suite = { | |
92a4c9fe | 5732 | .cipher = __VECS(cast6_xts_tv_template) |
9b8b0405 | 5733 | } |
15f47ce5 GBY |
5734 | }, { |
5735 | /* Same as xts(aes) except the key is stored in | |
5736 | * hardware secure memory which we reference by index | |
5737 | */ | |
5738 | .alg = "xts(paes)", | |
5739 | .test = alg_test_null, | |
5740 | .fips_allowed = 1, | |
18be20b9 JK |
5741 | }, { |
5742 | .alg = "xts(serpent)", | |
d435e10e | 5743 | .generic_driver = "xts(ecb(serpent-generic))", |
18be20b9 JK |
5744 | .test = alg_test_skcipher, |
5745 | .suite = { | |
92a4c9fe | 5746 | .cipher = __VECS(serpent_xts_tv_template) |
18be20b9 | 5747 | } |
c24ee936 TZ |
5748 | }, { |
5749 | .alg = "xts(sm4)", | |
5750 | .generic_driver = "xts(ecb(sm4-generic))", | |
5751 | .test = alg_test_skcipher, | |
5752 | .suite = { | |
5753 | .cipher = __VECS(sm4_xts_tv_template) | |
5754 | } | |
aed265b9 JK |
5755 | }, { |
5756 | .alg = "xts(twofish)", | |
d435e10e | 5757 | .generic_driver = "xts(ecb(twofish-generic))", |
aed265b9 JK |
5758 | .test = alg_test_skcipher, |
5759 | .suite = { | |
92a4c9fe | 5760 | .cipher = __VECS(tf_xts_tv_template) |
aed265b9 | 5761 | } |
15f47ce5 | 5762 | }, { |
c7ff8573 HF |
5763 | #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390) |
5764 | .alg = "xts-paes-s390", | |
5765 | .fips_allowed = 1, | |
5766 | .test = alg_test_skcipher, | |
5767 | .suite = { | |
5768 | .cipher = __VECS(aes_xts_tv_template) | |
5769 | } | |
5770 | }, { | |
5771 | #endif | |
67882e76 NB |
5772 | .alg = "xxhash64", |
5773 | .test = alg_test_hash, | |
5774 | .fips_allowed = 1, | |
5775 | .suite = { | |
5776 | .hash = __VECS(xxhash64_tv_template) | |
5777 | } | |
d28fc3db NT |
5778 | }, { |
5779 | .alg = "zstd", | |
5780 | .test = alg_test_comp, | |
5781 | .fips_allowed = 1, | |
5782 | .suite = { | |
5783 | .comp = { | |
5784 | .comp = __VECS(zstd_comp_tv_template), | |
5785 | .decomp = __VECS(zstd_decomp_tv_template) | |
5786 | } | |
5787 | } | |
da7f033d HX |
5788 | } |
5789 | }; | |
5790 | ||
3f47a03d | 5791 | static void alg_check_test_descs_order(void) |
5714758b JK |
5792 | { |
5793 | int i; | |
5794 | ||
5714758b JK |
5795 | for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) { |
5796 | int diff = strcmp(alg_test_descs[i - 1].alg, | |
5797 | alg_test_descs[i].alg); | |
5798 | ||
5799 | if (WARN_ON(diff > 0)) { | |
5800 | pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n", | |
5801 | alg_test_descs[i - 1].alg, | |
5802 | alg_test_descs[i].alg); | |
5803 | } | |
5804 | ||
5805 | if (WARN_ON(diff == 0)) { | |
5806 | pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n", | |
5807 | alg_test_descs[i].alg); | |
5808 | } | |
5809 | } | |
5810 | } | |
5811 | ||
3f47a03d EB |
5812 | static void alg_check_testvec_configs(void) |
5813 | { | |
4e7babba EB |
5814 | int i; |
5815 | ||
5816 | for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) | |
5817 | WARN_ON(!valid_testvec_config( | |
5818 | &default_cipher_testvec_configs[i])); | |
4cc2dcf9 EB |
5819 | |
5820 | for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++) | |
5821 | WARN_ON(!valid_testvec_config( | |
5822 | &default_hash_testvec_configs[i])); | |
3f47a03d EB |
5823 | } |
5824 | ||
5825 | static void testmgr_onetime_init(void) | |
5826 | { | |
5827 | alg_check_test_descs_order(); | |
5828 | alg_check_testvec_configs(); | |
5b2706a4 EB |
5829 | |
5830 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS | |
5831 | pr_warn("alg: extra crypto tests enabled. This is intended for developer use only.\n"); | |
5832 | #endif | |
3f47a03d EB |
5833 | } |
5834 | ||
1aa4ecd9 | 5835 | static int alg_find_test(const char *alg) |
da7f033d HX |
5836 | { |
5837 | int start = 0; | |
5838 | int end = ARRAY_SIZE(alg_test_descs); | |
5839 | ||
5840 | while (start < end) { | |
5841 | int i = (start + end) / 2; | |
5842 | int diff = strcmp(alg_test_descs[i].alg, alg); | |
5843 | ||
5844 | if (diff > 0) { | |
5845 | end = i; | |
5846 | continue; | |
5847 | } | |
5848 | ||
5849 | if (diff < 0) { | |
5850 | start = i + 1; | |
5851 | continue; | |
5852 | } | |
5853 | ||
1aa4ecd9 HX |
5854 | return i; |
5855 | } | |
5856 | ||
5857 | return -1; | |
5858 | } | |
5859 | ||
d6097b8d NS |
5860 | static int alg_fips_disabled(const char *driver, const char *alg) |
5861 | { | |
5862 | pr_info("alg: %s (%s) is disabled due to FIPS\n", alg, driver); | |
5863 | ||
5864 | return -ECANCELED; | |
5865 | } | |
5866 | ||
1aa4ecd9 HX |
5867 | int alg_test(const char *driver, const char *alg, u32 type, u32 mask) |
5868 | { | |
5869 | int i; | |
a68f6610 | 5870 | int j; |
d12d6b6d | 5871 | int rc; |
1aa4ecd9 | 5872 | |
9e5c9fe4 RJ |
5873 | if (!fips_enabled && notests) { |
5874 | printk_once(KERN_INFO "alg: self-tests disabled\n"); | |
5875 | return 0; | |
5876 | } | |
5877 | ||
3f47a03d | 5878 | DO_ONCE(testmgr_onetime_init); |
5714758b | 5879 | |
1aa4ecd9 HX |
5880 | if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) { |
5881 | char nalg[CRYPTO_MAX_ALG_NAME]; | |
5882 | ||
5883 | if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >= | |
5884 | sizeof(nalg)) | |
5885 | return -ENAMETOOLONG; | |
5886 | ||
5887 | i = alg_find_test(nalg); | |
5888 | if (i < 0) | |
5889 | goto notest; | |
5890 | ||
a3bef3a3 JW |
5891 | if (fips_enabled && !alg_test_descs[i].fips_allowed) |
5892 | goto non_fips_alg; | |
5893 | ||
941fb328 JW |
5894 | rc = alg_test_cipher(alg_test_descs + i, driver, type, mask); |
5895 | goto test_done; | |
da7f033d HX |
5896 | } |
5897 | ||
1aa4ecd9 | 5898 | i = alg_find_test(alg); |
a68f6610 HX |
5899 | j = alg_find_test(driver); |
5900 | if (i < 0 && j < 0) | |
1aa4ecd9 HX |
5901 | goto notest; |
5902 | ||
d6097b8d NS |
5903 | if (fips_enabled) { |
5904 | if (j >= 0 && !alg_test_descs[j].fips_allowed) | |
5905 | return -EINVAL; | |
5906 | ||
5907 | if (i >= 0 && !alg_test_descs[i].fips_allowed) | |
5908 | goto non_fips_alg; | |
5909 | } | |
a3bef3a3 | 5910 | |
a68f6610 HX |
5911 | rc = 0; |
5912 | if (i >= 0) | |
5913 | rc |= alg_test_descs[i].test(alg_test_descs + i, driver, | |
5914 | type, mask); | |
032c8cac | 5915 | if (j >= 0 && j != i) |
a68f6610 HX |
5916 | rc |= alg_test_descs[j].test(alg_test_descs + j, driver, |
5917 | type, mask); | |
5918 | ||
941fb328 | 5919 | test_done: |
09a5ef96 EB |
5920 | if (rc) { |
5921 | if (fips_enabled || panic_on_fail) { | |
5922 | fips_fail_notify(); | |
5923 | panic("alg: self-tests for %s (%s) failed in %s mode!\n", | |
5924 | driver, alg, | |
5925 | fips_enabled ? "fips" : "panic_on_fail"); | |
5926 | } | |
a76bd86a RE |
5927 | pr_warn("alg: self-tests for %s using %s failed (rc=%d)", |
5928 | alg, driver, rc); | |
5929 | WARN(rc != -ENOENT, | |
5930 | "alg: self-tests for %s using %s failed (rc=%d)", | |
5931 | alg, driver, rc); | |
09a5ef96 EB |
5932 | } else { |
5933 | if (fips_enabled) | |
5934 | pr_info("alg: self-tests for %s (%s) passed\n", | |
5935 | driver, alg); | |
9552389c | 5936 | } |
d12d6b6d NH |
5937 | |
5938 | return rc; | |
1aa4ecd9 HX |
5939 | |
5940 | notest: | |
3dfe8786 HX |
5941 | if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_LSKCIPHER) { |
5942 | char nalg[CRYPTO_MAX_ALG_NAME]; | |
5943 | ||
5944 | if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >= | |
5945 | sizeof(nalg)) | |
5946 | goto notest2; | |
5947 | ||
5948 | i = alg_find_test(nalg); | |
5949 | if (i < 0) | |
5950 | goto notest2; | |
5951 | ||
5952 | if (fips_enabled && !alg_test_descs[i].fips_allowed) | |
5953 | goto non_fips_alg; | |
5954 | ||
5955 | rc = alg_test_skcipher(alg_test_descs + i, driver, type, mask); | |
5956 | goto test_done; | |
5957 | } | |
5958 | ||
5959 | notest2: | |
da7f033d | 5960 | printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver); |
d6097b8d NS |
5961 | |
5962 | if (type & CRYPTO_ALG_FIPS_INTERNAL) | |
5963 | return alg_fips_disabled(driver, alg); | |
5964 | ||
da7f033d | 5965 | return 0; |
a3bef3a3 | 5966 | non_fips_alg: |
d6097b8d | 5967 | return alg_fips_disabled(driver, alg); |
da7f033d | 5968 | } |
0b767f96 | 5969 | |
326a6346 | 5970 | #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */ |
0b767f96 | 5971 | |
da7f033d | 5972 | EXPORT_SYMBOL_GPL(alg_test); |