2 * Algorithm testing framework and tests.
6 * Copyright (c) 2007 Nokia Siemens Networks
9 * Updated RFC4106 AES-GCM testing.
14 * Copyright (c) 2010, Intel Corporation.
16 * This program is free software; you can redistribute it and/or modify it
17 * under the terms of the GNU General Public License as published by the Free
18 * Software Foundation; either version 2 of the License, or (at your option)
23 #include <crypto/aead.h>
24 #include <crypto/hash.h>
25 #include <crypto/skcipher.h>
26 #include <linux/err.h>
27 #include <linux/fips.h>
28 #include <linux/module.h>
29 #include <linux/scatterlist.h>
30 #include <linux/slab.h>
31 #include <linux/string.h>
32 #include <crypto/rng.h>
33 #include <crypto/drbg.h>
34 #include <crypto/akcipher.h>
35 #include <crypto/kpp.h>
36 #include <crypto/acompress.h>
41 module_param(notests, bool, 0644);
42 MODULE_PARM_DESC(notests, "disable crypto self-tests");
44 #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
47 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
57 * Need slab memory for testing (size in number of pages).
62 * Indexes into the xbuf to simulate cross-page access.
74 * Used by test_cipher()
79 struct tcrypt_result {
80 struct completion completion;
84 struct aead_test_suite {
86 const struct aead_testvec *vecs;
91 struct cipher_test_suite {
93 const struct cipher_testvec *vecs;
98 struct comp_test_suite {
100 const struct comp_testvec *vecs;
105 struct hash_test_suite {
106 const struct hash_testvec *vecs;
110 struct cprng_test_suite {
111 const struct cprng_testvec *vecs;
115 struct drbg_test_suite {
116 const struct drbg_testvec *vecs;
120 struct akcipher_test_suite {
121 const struct akcipher_testvec *vecs;
125 struct kpp_test_suite {
126 const struct kpp_testvec *vecs;
130 struct alg_test_desc {
132 int (*test)(const struct alg_test_desc *desc, const char *driver,
134 int fips_allowed; /* set if alg is allowed in fips mode */
137 struct aead_test_suite aead;
138 struct cipher_test_suite cipher;
139 struct comp_test_suite comp;
140 struct hash_test_suite hash;
141 struct cprng_test_suite cprng;
142 struct drbg_test_suite drbg;
143 struct akcipher_test_suite akcipher;
144 struct kpp_test_suite kpp;
148 static const unsigned int IDX[8] = {
149 IDX1, IDX2, IDX3, IDX4, IDX5, IDX6, IDX7, IDX8 };
151 static void hexdump(unsigned char *buf, unsigned int len)
153 print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
158 static void tcrypt_complete(struct crypto_async_request *req, int err)
160 struct tcrypt_result *res = req->data;
162 if (err == -EINPROGRESS)
166 complete(&res->completion);
169 static int testmgr_alloc_buf(char *buf[XBUFSIZE])
173 for (i = 0; i < XBUFSIZE; i++) {
174 buf[i] = (void *)__get_free_page(GFP_KERNEL);
183 free_page((unsigned long)buf[i]);
188 static void testmgr_free_buf(char *buf[XBUFSIZE])
192 for (i = 0; i < XBUFSIZE; i++)
193 free_page((unsigned long)buf[i]);
196 static int wait_async_op(struct tcrypt_result *tr, int ret)
198 if (ret == -EINPROGRESS || ret == -EBUSY) {
199 wait_for_completion(&tr->completion);
200 reinit_completion(&tr->completion);
206 static int ahash_partial_update(struct ahash_request **preq,
207 struct crypto_ahash *tfm, const struct hash_testvec *template,
208 void *hash_buff, int k, int temp, struct scatterlist *sg,
209 const char *algo, char *result, struct tcrypt_result *tresult)
212 struct ahash_request *req;
213 int statesize, ret = -EINVAL;
214 const char guard[] = { 0x00, 0xba, 0xad, 0x00 };
217 statesize = crypto_ahash_statesize(
218 crypto_ahash_reqtfm(req));
219 state = kmalloc(statesize + sizeof(guard), GFP_KERNEL);
221 pr_err("alt: hash: Failed to alloc state for %s\n", algo);
224 memcpy(state + statesize, guard, sizeof(guard));
225 ret = crypto_ahash_export(req, state);
226 WARN_ON(memcmp(state + statesize, guard, sizeof(guard)));
228 pr_err("alt: hash: Failed to export() for %s\n", algo);
231 ahash_request_free(req);
232 req = ahash_request_alloc(tfm, GFP_KERNEL);
234 pr_err("alg: hash: Failed to alloc request for %s\n", algo);
237 ahash_request_set_callback(req,
238 CRYPTO_TFM_REQ_MAY_BACKLOG,
239 tcrypt_complete, tresult);
241 memcpy(hash_buff, template->plaintext + temp,
243 sg_init_one(&sg[0], hash_buff, template->tap[k]);
244 ahash_request_set_crypt(req, sg, result, template->tap[k]);
245 ret = crypto_ahash_import(req, state);
247 pr_err("alg: hash: Failed to import() for %s\n", algo);
250 ret = wait_async_op(tresult, crypto_ahash_update(req));
257 ahash_request_free(req);
264 static int __test_hash(struct crypto_ahash *tfm,
265 const struct hash_testvec *template, unsigned int tcount,
266 bool use_digest, const int align_offset)
268 const char *algo = crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
269 size_t digest_size = crypto_ahash_digestsize(tfm);
270 unsigned int i, j, k, temp;
271 struct scatterlist sg[8];
274 struct ahash_request *req;
275 struct tcrypt_result tresult;
277 char *xbuf[XBUFSIZE];
280 result = kmalloc(digest_size, GFP_KERNEL);
283 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
286 if (testmgr_alloc_buf(xbuf))
289 init_completion(&tresult.completion);
291 req = ahash_request_alloc(tfm, GFP_KERNEL);
293 printk(KERN_ERR "alg: hash: Failed to allocate request for "
297 ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
298 tcrypt_complete, &tresult);
301 for (i = 0; i < tcount; i++) {
306 if (WARN_ON(align_offset + template[i].psize > PAGE_SIZE))
310 memset(result, 0, digest_size);
313 hash_buff += align_offset;
315 memcpy(hash_buff, template[i].plaintext, template[i].psize);
316 sg_init_one(&sg[0], hash_buff, template[i].psize);
318 if (template[i].ksize) {
319 crypto_ahash_clear_flags(tfm, ~0);
320 if (template[i].ksize > MAX_KEYLEN) {
321 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
322 j, algo, template[i].ksize, MAX_KEYLEN);
326 memcpy(key, template[i].key, template[i].ksize);
327 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
329 printk(KERN_ERR "alg: hash: setkey failed on "
330 "test %d for %s: ret=%d\n", j, algo,
336 ahash_request_set_crypt(req, sg, result, template[i].psize);
338 ret = wait_async_op(&tresult, crypto_ahash_digest(req));
340 pr_err("alg: hash: digest failed on test %d "
341 "for %s: ret=%d\n", j, algo, -ret);
345 ret = wait_async_op(&tresult, crypto_ahash_init(req));
347 pr_err("alt: hash: init failed on test %d "
348 "for %s: ret=%d\n", j, algo, -ret);
351 ret = wait_async_op(&tresult, crypto_ahash_update(req));
353 pr_err("alt: hash: update failed on test %d "
354 "for %s: ret=%d\n", j, algo, -ret);
357 ret = wait_async_op(&tresult, crypto_ahash_final(req));
359 pr_err("alt: hash: final failed on test %d "
360 "for %s: ret=%d\n", j, algo, -ret);
365 if (memcmp(result, template[i].digest,
366 crypto_ahash_digestsize(tfm))) {
367 printk(KERN_ERR "alg: hash: Test %d failed for %s\n",
369 hexdump(result, crypto_ahash_digestsize(tfm));
376 for (i = 0; i < tcount; i++) {
377 /* alignment tests are only done with continuous buffers */
378 if (align_offset != 0)
385 memset(result, 0, digest_size);
388 sg_init_table(sg, template[i].np);
390 for (k = 0; k < template[i].np; k++) {
391 if (WARN_ON(offset_in_page(IDX[k]) +
392 template[i].tap[k] > PAGE_SIZE))
395 memcpy(xbuf[IDX[k] >> PAGE_SHIFT] +
396 offset_in_page(IDX[k]),
397 template[i].plaintext + temp,
400 temp += template[i].tap[k];
403 if (template[i].ksize) {
404 if (template[i].ksize > MAX_KEYLEN) {
405 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
406 j, algo, template[i].ksize, MAX_KEYLEN);
410 crypto_ahash_clear_flags(tfm, ~0);
411 memcpy(key, template[i].key, template[i].ksize);
412 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
415 printk(KERN_ERR "alg: hash: setkey "
416 "failed on chunking test %d "
417 "for %s: ret=%d\n", j, algo, -ret);
422 ahash_request_set_crypt(req, sg, result, template[i].psize);
423 ret = crypto_ahash_digest(req);
429 wait_for_completion(&tresult.completion);
430 reinit_completion(&tresult.completion);
436 printk(KERN_ERR "alg: hash: digest failed "
437 "on chunking test %d for %s: "
438 "ret=%d\n", j, algo, -ret);
442 if (memcmp(result, template[i].digest,
443 crypto_ahash_digestsize(tfm))) {
444 printk(KERN_ERR "alg: hash: Chunking test %d "
445 "failed for %s\n", j, algo);
446 hexdump(result, crypto_ahash_digestsize(tfm));
452 /* partial update exercise */
454 for (i = 0; i < tcount; i++) {
455 /* alignment tests are only done with continuous buffers */
456 if (align_offset != 0)
459 if (template[i].np < 2)
463 memset(result, 0, digest_size);
467 memcpy(hash_buff, template[i].plaintext,
469 sg_init_one(&sg[0], hash_buff, template[i].tap[0]);
471 if (template[i].ksize) {
472 crypto_ahash_clear_flags(tfm, ~0);
473 if (template[i].ksize > MAX_KEYLEN) {
474 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
475 j, algo, template[i].ksize, MAX_KEYLEN);
479 memcpy(key, template[i].key, template[i].ksize);
480 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
482 pr_err("alg: hash: setkey failed on test %d for %s: ret=%d\n",
488 ahash_request_set_crypt(req, sg, result, template[i].tap[0]);
489 ret = wait_async_op(&tresult, crypto_ahash_init(req));
491 pr_err("alt: hash: init failed on test %d for %s: ret=%d\n",
495 ret = wait_async_op(&tresult, crypto_ahash_update(req));
497 pr_err("alt: hash: update failed on test %d for %s: ret=%d\n",
502 temp = template[i].tap[0];
503 for (k = 1; k < template[i].np; k++) {
504 ret = ahash_partial_update(&req, tfm, &template[i],
505 hash_buff, k, temp, &sg[0], algo, result,
508 pr_err("hash: partial update failed on test %d for %s: ret=%d\n",
512 temp += template[i].tap[k];
514 ret = wait_async_op(&tresult, crypto_ahash_final(req));
516 pr_err("alt: hash: final failed on test %d for %s: ret=%d\n",
520 if (memcmp(result, template[i].digest,
521 crypto_ahash_digestsize(tfm))) {
522 pr_err("alg: hash: Partial Test %d failed for %s\n",
524 hexdump(result, crypto_ahash_digestsize(tfm));
533 ahash_request_free(req);
535 testmgr_free_buf(xbuf);
542 static int test_hash(struct crypto_ahash *tfm,
543 const struct hash_testvec *template,
544 unsigned int tcount, bool use_digest)
546 unsigned int alignmask;
549 ret = __test_hash(tfm, template, tcount, use_digest, 0);
553 /* test unaligned buffers, check with one byte offset */
554 ret = __test_hash(tfm, template, tcount, use_digest, 1);
558 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
560 /* Check if alignment mask for tfm is correctly set. */
561 ret = __test_hash(tfm, template, tcount, use_digest,
570 static int __test_aead(struct crypto_aead *tfm, int enc,
571 const struct aead_testvec *template, unsigned int tcount,
572 const bool diff_dst, const int align_offset)
574 const char *algo = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
575 unsigned int i, j, k, n, temp;
579 struct aead_request *req;
580 struct scatterlist *sg;
581 struct scatterlist *sgout;
583 struct tcrypt_result result;
584 unsigned int authsize, iv_len;
589 char *xbuf[XBUFSIZE];
590 char *xoutbuf[XBUFSIZE];
591 char *axbuf[XBUFSIZE];
593 iv = kzalloc(MAX_IVLEN, GFP_KERNEL);
596 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
599 if (testmgr_alloc_buf(xbuf))
601 if (testmgr_alloc_buf(axbuf))
603 if (diff_dst && testmgr_alloc_buf(xoutbuf))
606 /* avoid "the frame size is larger than 1024 bytes" compiler warning */
607 sg = kmalloc(sizeof(*sg) * 8 * (diff_dst ? 4 : 2), GFP_KERNEL);
622 init_completion(&result.completion);
624 req = aead_request_alloc(tfm, GFP_KERNEL);
626 pr_err("alg: aead%s: Failed to allocate request for %s\n",
631 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
632 tcrypt_complete, &result);
634 iv_len = crypto_aead_ivsize(tfm);
636 for (i = 0, j = 0; i < tcount; i++) {
642 /* some templates have no input data but they will
646 input += align_offset;
650 if (WARN_ON(align_offset + template[i].ilen >
651 PAGE_SIZE || template[i].alen > PAGE_SIZE))
654 memcpy(input, template[i].input, template[i].ilen);
655 memcpy(assoc, template[i].assoc, template[i].alen);
657 memcpy(iv, template[i].iv, iv_len);
659 memset(iv, 0, iv_len);
661 crypto_aead_clear_flags(tfm, ~0);
663 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
665 if (template[i].klen > MAX_KEYLEN) {
666 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
667 d, j, algo, template[i].klen,
672 memcpy(key, template[i].key, template[i].klen);
674 ret = crypto_aead_setkey(tfm, key, template[i].klen);
675 if (template[i].fail == !ret) {
676 pr_err("alg: aead%s: setkey failed on test %d for %s: flags=%x\n",
677 d, j, algo, crypto_aead_get_flags(tfm));
682 authsize = abs(template[i].rlen - template[i].ilen);
683 ret = crypto_aead_setauthsize(tfm, authsize);
685 pr_err("alg: aead%s: Failed to set authsize to %u on test %d for %s\n",
686 d, authsize, j, algo);
690 k = !!template[i].alen;
691 sg_init_table(sg, k + 1);
692 sg_set_buf(&sg[0], assoc, template[i].alen);
693 sg_set_buf(&sg[k], input,
694 template[i].ilen + (enc ? authsize : 0));
698 sg_init_table(sgout, k + 1);
699 sg_set_buf(&sgout[0], assoc, template[i].alen);
702 output += align_offset;
703 sg_set_buf(&sgout[k], output,
704 template[i].rlen + (enc ? 0 : authsize));
707 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
708 template[i].ilen, iv);
710 aead_request_set_ad(req, template[i].alen);
712 ret = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);
716 if (template[i].novrfy) {
717 /* verification was supposed to fail */
718 pr_err("alg: aead%s: %s failed on test %d for %s: ret was 0, expected -EBADMSG\n",
720 /* so really, we got a bad message */
727 wait_for_completion(&result.completion);
728 reinit_completion(&result.completion);
733 if (template[i].novrfy)
734 /* verification failure was expected */
738 pr_err("alg: aead%s: %s failed on test %d for %s: ret=%d\n",
739 d, e, j, algo, -ret);
744 if (memcmp(q, template[i].result, template[i].rlen)) {
745 pr_err("alg: aead%s: Test %d failed on %s for %s\n",
747 hexdump(q, template[i].rlen);
753 for (i = 0, j = 0; i < tcount; i++) {
754 /* alignment tests are only done with continuous buffers */
755 if (align_offset != 0)
764 memcpy(iv, template[i].iv, iv_len);
766 memset(iv, 0, MAX_IVLEN);
768 crypto_aead_clear_flags(tfm, ~0);
770 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
771 if (template[i].klen > MAX_KEYLEN) {
772 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
773 d, j, algo, template[i].klen, MAX_KEYLEN);
777 memcpy(key, template[i].key, template[i].klen);
779 ret = crypto_aead_setkey(tfm, key, template[i].klen);
780 if (template[i].fail == !ret) {
781 pr_err("alg: aead%s: setkey failed on chunk test %d for %s: flags=%x\n",
782 d, j, algo, crypto_aead_get_flags(tfm));
787 authsize = abs(template[i].rlen - template[i].ilen);
790 sg_init_table(sg, template[i].anp + template[i].np);
792 sg_init_table(sgout, template[i].anp + template[i].np);
795 for (k = 0, temp = 0; k < template[i].anp; k++) {
796 if (WARN_ON(offset_in_page(IDX[k]) +
797 template[i].atap[k] > PAGE_SIZE))
800 memcpy(axbuf[IDX[k] >> PAGE_SHIFT] +
801 offset_in_page(IDX[k]),
802 template[i].assoc + temp,
803 template[i].atap[k]),
804 template[i].atap[k]);
806 sg_set_buf(&sgout[k],
807 axbuf[IDX[k] >> PAGE_SHIFT] +
808 offset_in_page(IDX[k]),
809 template[i].atap[k]);
810 temp += template[i].atap[k];
813 for (k = 0, temp = 0; k < template[i].np; k++) {
814 if (WARN_ON(offset_in_page(IDX[k]) +
815 template[i].tap[k] > PAGE_SIZE))
818 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
819 memcpy(q, template[i].input + temp, template[i].tap[k]);
820 sg_set_buf(&sg[template[i].anp + k],
821 q, template[i].tap[k]);
824 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
825 offset_in_page(IDX[k]);
827 memset(q, 0, template[i].tap[k]);
829 sg_set_buf(&sgout[template[i].anp + k],
830 q, template[i].tap[k]);
833 n = template[i].tap[k];
834 if (k == template[i].np - 1 && enc)
836 if (offset_in_page(q) + n < PAGE_SIZE)
839 temp += template[i].tap[k];
842 ret = crypto_aead_setauthsize(tfm, authsize);
844 pr_err("alg: aead%s: Failed to set authsize to %u on chunk test %d for %s\n",
845 d, authsize, j, algo);
850 if (WARN_ON(sg[template[i].anp + k - 1].offset +
851 sg[template[i].anp + k - 1].length +
852 authsize > PAGE_SIZE)) {
858 sgout[template[i].anp + k - 1].length +=
860 sg[template[i].anp + k - 1].length += authsize;
863 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
867 aead_request_set_ad(req, template[i].alen);
869 ret = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);
873 if (template[i].novrfy) {
874 /* verification was supposed to fail */
875 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret was 0, expected -EBADMSG\n",
877 /* so really, we got a bad message */
884 wait_for_completion(&result.completion);
885 reinit_completion(&result.completion);
890 if (template[i].novrfy)
891 /* verification failure was expected */
895 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret=%d\n",
896 d, e, j, algo, -ret);
901 for (k = 0, temp = 0; k < template[i].np; k++) {
903 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
904 offset_in_page(IDX[k]);
906 q = xbuf[IDX[k] >> PAGE_SHIFT] +
907 offset_in_page(IDX[k]);
909 n = template[i].tap[k];
910 if (k == template[i].np - 1)
911 n += enc ? authsize : -authsize;
913 if (memcmp(q, template[i].result + temp, n)) {
914 pr_err("alg: aead%s: Chunk test %d failed on %s at page %u for %s\n",
921 if (k == template[i].np - 1 && !enc) {
923 memcmp(q, template[i].input +
929 for (n = 0; offset_in_page(q + n) && q[n]; n++)
933 pr_err("alg: aead%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
934 d, j, e, k, algo, n);
939 temp += template[i].tap[k];
946 aead_request_free(req);
950 testmgr_free_buf(xoutbuf);
952 testmgr_free_buf(axbuf);
954 testmgr_free_buf(xbuf);
961 static int test_aead(struct crypto_aead *tfm, int enc,
962 const struct aead_testvec *template, unsigned int tcount)
964 unsigned int alignmask;
967 /* test 'dst == src' case */
968 ret = __test_aead(tfm, enc, template, tcount, false, 0);
972 /* test 'dst != src' case */
973 ret = __test_aead(tfm, enc, template, tcount, true, 0);
977 /* test unaligned buffers, check with one byte offset */
978 ret = __test_aead(tfm, enc, template, tcount, true, 1);
982 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
984 /* Check if alignment mask for tfm is correctly set. */
985 ret = __test_aead(tfm, enc, template, tcount, true,
994 static int test_cipher(struct crypto_cipher *tfm, int enc,
995 const struct cipher_testvec *template,
998 const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm));
999 unsigned int i, j, k;
1003 char *xbuf[XBUFSIZE];
1006 if (testmgr_alloc_buf(xbuf))
1015 for (i = 0; i < tcount; i++) {
1019 if (fips_enabled && template[i].fips_skip)
1025 if (WARN_ON(template[i].ilen > PAGE_SIZE))
1029 memcpy(data, template[i].input, template[i].ilen);
1031 crypto_cipher_clear_flags(tfm, ~0);
1033 crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
1035 ret = crypto_cipher_setkey(tfm, template[i].key,
1037 if (template[i].fail == !ret) {
1038 printk(KERN_ERR "alg: cipher: setkey failed "
1039 "on test %d for %s: flags=%x\n", j,
1040 algo, crypto_cipher_get_flags(tfm));
1045 for (k = 0; k < template[i].ilen;
1046 k += crypto_cipher_blocksize(tfm)) {
1048 crypto_cipher_encrypt_one(tfm, data + k,
1051 crypto_cipher_decrypt_one(tfm, data + k,
1056 if (memcmp(q, template[i].result, template[i].rlen)) {
1057 printk(KERN_ERR "alg: cipher: Test %d failed "
1058 "on %s for %s\n", j, e, algo);
1059 hexdump(q, template[i].rlen);
1068 testmgr_free_buf(xbuf);
1073 static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
1074 const struct cipher_testvec *template,
1075 unsigned int tcount,
1076 const bool diff_dst, const int align_offset)
1079 crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
1080 unsigned int i, j, k, n, temp;
1082 struct skcipher_request *req;
1083 struct scatterlist sg[8];
1084 struct scatterlist sgout[8];
1086 struct tcrypt_result result;
1089 char *xbuf[XBUFSIZE];
1090 char *xoutbuf[XBUFSIZE];
1092 unsigned int ivsize = crypto_skcipher_ivsize(tfm);
1094 if (testmgr_alloc_buf(xbuf))
1097 if (diff_dst && testmgr_alloc_buf(xoutbuf))
1110 init_completion(&result.completion);
1112 req = skcipher_request_alloc(tfm, GFP_KERNEL);
1114 pr_err("alg: skcipher%s: Failed to allocate request for %s\n",
1119 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1120 tcrypt_complete, &result);
1123 for (i = 0; i < tcount; i++) {
1124 if (template[i].np && !template[i].also_non_np)
1127 if (fips_enabled && template[i].fips_skip)
1131 memcpy(iv, template[i].iv, ivsize);
1133 memset(iv, 0, MAX_IVLEN);
1137 if (WARN_ON(align_offset + template[i].ilen > PAGE_SIZE))
1141 data += align_offset;
1142 memcpy(data, template[i].input, template[i].ilen);
1144 crypto_skcipher_clear_flags(tfm, ~0);
1146 crypto_skcipher_set_flags(tfm,
1147 CRYPTO_TFM_REQ_WEAK_KEY);
1149 ret = crypto_skcipher_setkey(tfm, template[i].key,
1151 if (template[i].fail == !ret) {
1152 pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n",
1153 d, j, algo, crypto_skcipher_get_flags(tfm));
1158 sg_init_one(&sg[0], data, template[i].ilen);
1161 data += align_offset;
1162 sg_init_one(&sgout[0], data, template[i].ilen);
1165 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1166 template[i].ilen, iv);
1167 ret = enc ? crypto_skcipher_encrypt(req) :
1168 crypto_skcipher_decrypt(req);
1175 wait_for_completion(&result.completion);
1176 reinit_completion(&result.completion);
1182 pr_err("alg: skcipher%s: %s failed on test %d for %s: ret=%d\n",
1183 d, e, j, algo, -ret);
1188 if (memcmp(q, template[i].result, template[i].rlen)) {
1189 pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n",
1191 hexdump(q, template[i].rlen);
1196 if (template[i].iv_out &&
1197 memcmp(iv, template[i].iv_out,
1198 crypto_skcipher_ivsize(tfm))) {
1199 pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n",
1201 hexdump(iv, crypto_skcipher_ivsize(tfm));
1208 for (i = 0; i < tcount; i++) {
1209 /* alignment tests are only done with continuous buffers */
1210 if (align_offset != 0)
1213 if (!template[i].np)
1216 if (fips_enabled && template[i].fips_skip)
1220 memcpy(iv, template[i].iv, ivsize);
1222 memset(iv, 0, MAX_IVLEN);
1225 crypto_skcipher_clear_flags(tfm, ~0);
1227 crypto_skcipher_set_flags(tfm,
1228 CRYPTO_TFM_REQ_WEAK_KEY);
1230 ret = crypto_skcipher_setkey(tfm, template[i].key,
1232 if (template[i].fail == !ret) {
1233 pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n",
1234 d, j, algo, crypto_skcipher_get_flags(tfm));
1241 sg_init_table(sg, template[i].np);
1243 sg_init_table(sgout, template[i].np);
1244 for (k = 0; k < template[i].np; k++) {
1245 if (WARN_ON(offset_in_page(IDX[k]) +
1246 template[i].tap[k] > PAGE_SIZE))
1249 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
1251 memcpy(q, template[i].input + temp, template[i].tap[k]);
1253 if (offset_in_page(q) + template[i].tap[k] < PAGE_SIZE)
1254 q[template[i].tap[k]] = 0;
1256 sg_set_buf(&sg[k], q, template[i].tap[k]);
1258 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1259 offset_in_page(IDX[k]);
1261 sg_set_buf(&sgout[k], q, template[i].tap[k]);
1263 memset(q, 0, template[i].tap[k]);
1264 if (offset_in_page(q) +
1265 template[i].tap[k] < PAGE_SIZE)
1266 q[template[i].tap[k]] = 0;
1269 temp += template[i].tap[k];
1272 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1273 template[i].ilen, iv);
1275 ret = enc ? crypto_skcipher_encrypt(req) :
1276 crypto_skcipher_decrypt(req);
1283 wait_for_completion(&result.completion);
1284 reinit_completion(&result.completion);
1290 pr_err("alg: skcipher%s: %s failed on chunk test %d for %s: ret=%d\n",
1291 d, e, j, algo, -ret);
1297 for (k = 0; k < template[i].np; k++) {
1299 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1300 offset_in_page(IDX[k]);
1302 q = xbuf[IDX[k] >> PAGE_SHIFT] +
1303 offset_in_page(IDX[k]);
1305 if (memcmp(q, template[i].result + temp,
1306 template[i].tap[k])) {
1307 pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n",
1309 hexdump(q, template[i].tap[k]);
1313 q += template[i].tap[k];
1314 for (n = 0; offset_in_page(q + n) && q[n]; n++)
1317 pr_err("alg: skcipher%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
1318 d, j, e, k, algo, n);
1322 temp += template[i].tap[k];
1329 skcipher_request_free(req);
1331 testmgr_free_buf(xoutbuf);
1333 testmgr_free_buf(xbuf);
1338 static int test_skcipher(struct crypto_skcipher *tfm, int enc,
1339 const struct cipher_testvec *template,
1340 unsigned int tcount)
1342 unsigned int alignmask;
1345 /* test 'dst == src' case */
1346 ret = __test_skcipher(tfm, enc, template, tcount, false, 0);
1350 /* test 'dst != src' case */
1351 ret = __test_skcipher(tfm, enc, template, tcount, true, 0);
1355 /* test unaligned buffers, check with one byte offset */
1356 ret = __test_skcipher(tfm, enc, template, tcount, true, 1);
1360 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
1362 /* Check if alignment mask for tfm is correctly set. */
1363 ret = __test_skcipher(tfm, enc, template, tcount, true,
1372 static int test_comp(struct crypto_comp *tfm,
1373 const struct comp_testvec *ctemplate,
1374 const struct comp_testvec *dtemplate,
1375 int ctcount, int dtcount)
1377 const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm));
1379 char result[COMP_BUF_SIZE];
1382 for (i = 0; i < ctcount; i++) {
1384 unsigned int dlen = COMP_BUF_SIZE;
1386 memset(result, 0, sizeof (result));
1388 ilen = ctemplate[i].inlen;
1389 ret = crypto_comp_compress(tfm, ctemplate[i].input,
1390 ilen, result, &dlen);
1392 printk(KERN_ERR "alg: comp: compression failed "
1393 "on test %d for %s: ret=%d\n", i + 1, algo,
1398 if (dlen != ctemplate[i].outlen) {
1399 printk(KERN_ERR "alg: comp: Compression test %d "
1400 "failed for %s: output len = %d\n", i + 1, algo,
1406 if (memcmp(result, ctemplate[i].output, dlen)) {
1407 printk(KERN_ERR "alg: comp: Compression test %d "
1408 "failed for %s\n", i + 1, algo);
1409 hexdump(result, dlen);
1415 for (i = 0; i < dtcount; i++) {
1417 unsigned int dlen = COMP_BUF_SIZE;
1419 memset(result, 0, sizeof (result));
1421 ilen = dtemplate[i].inlen;
1422 ret = crypto_comp_decompress(tfm, dtemplate[i].input,
1423 ilen, result, &dlen);
1425 printk(KERN_ERR "alg: comp: decompression failed "
1426 "on test %d for %s: ret=%d\n", i + 1, algo,
1431 if (dlen != dtemplate[i].outlen) {
1432 printk(KERN_ERR "alg: comp: Decompression test %d "
1433 "failed for %s: output len = %d\n", i + 1, algo,
1439 if (memcmp(result, dtemplate[i].output, dlen)) {
1440 printk(KERN_ERR "alg: comp: Decompression test %d "
1441 "failed for %s\n", i + 1, algo);
1442 hexdump(result, dlen);
1454 static int test_acomp(struct crypto_acomp *tfm,
1455 const struct comp_testvec *ctemplate,
1456 const struct comp_testvec *dtemplate,
1457 int ctcount, int dtcount)
1459 const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm));
1461 char *output, *decomp_out;
1463 struct scatterlist src, dst;
1464 struct acomp_req *req;
1465 struct tcrypt_result result;
1467 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1471 decomp_out = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1477 for (i = 0; i < ctcount; i++) {
1478 unsigned int dlen = COMP_BUF_SIZE;
1479 int ilen = ctemplate[i].inlen;
1482 input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL);
1488 memset(output, 0, dlen);
1489 init_completion(&result.completion);
1490 sg_init_one(&src, input_vec, ilen);
1491 sg_init_one(&dst, output, dlen);
1493 req = acomp_request_alloc(tfm);
1495 pr_err("alg: acomp: request alloc failed for %s\n",
1502 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1503 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1504 tcrypt_complete, &result);
1506 ret = wait_async_op(&result, crypto_acomp_compress(req));
1508 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1511 acomp_request_free(req);
1516 dlen = COMP_BUF_SIZE;
1517 sg_init_one(&src, output, ilen);
1518 sg_init_one(&dst, decomp_out, dlen);
1519 init_completion(&result.completion);
1520 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1522 ret = wait_async_op(&result, crypto_acomp_decompress(req));
1524 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1527 acomp_request_free(req);
1531 if (req->dlen != ctemplate[i].inlen) {
1532 pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n",
1533 i + 1, algo, req->dlen);
1536 acomp_request_free(req);
1540 if (memcmp(input_vec, decomp_out, req->dlen)) {
1541 pr_err("alg: acomp: Compression test %d failed for %s\n",
1543 hexdump(output, req->dlen);
1546 acomp_request_free(req);
1551 acomp_request_free(req);
1554 for (i = 0; i < dtcount; i++) {
1555 unsigned int dlen = COMP_BUF_SIZE;
1556 int ilen = dtemplate[i].inlen;
1559 input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL);
1565 memset(output, 0, dlen);
1566 init_completion(&result.completion);
1567 sg_init_one(&src, input_vec, ilen);
1568 sg_init_one(&dst, output, dlen);
1570 req = acomp_request_alloc(tfm);
1572 pr_err("alg: acomp: request alloc failed for %s\n",
1579 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1580 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1581 tcrypt_complete, &result);
1583 ret = wait_async_op(&result, crypto_acomp_decompress(req));
1585 pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n",
1588 acomp_request_free(req);
1592 if (req->dlen != dtemplate[i].outlen) {
1593 pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n",
1594 i + 1, algo, req->dlen);
1597 acomp_request_free(req);
1601 if (memcmp(output, dtemplate[i].output, req->dlen)) {
1602 pr_err("alg: acomp: Decompression test %d failed for %s\n",
1604 hexdump(output, req->dlen);
1607 acomp_request_free(req);
1612 acomp_request_free(req);
1623 static int test_cprng(struct crypto_rng *tfm,
1624 const struct cprng_testvec *template,
1625 unsigned int tcount)
1627 const char *algo = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm));
1628 int err = 0, i, j, seedsize;
1632 seedsize = crypto_rng_seedsize(tfm);
1634 seed = kmalloc(seedsize, GFP_KERNEL);
1636 printk(KERN_ERR "alg: cprng: Failed to allocate seed space "
1641 for (i = 0; i < tcount; i++) {
1642 memset(result, 0, 32);
1644 memcpy(seed, template[i].v, template[i].vlen);
1645 memcpy(seed + template[i].vlen, template[i].key,
1647 memcpy(seed + template[i].vlen + template[i].klen,
1648 template[i].dt, template[i].dtlen);
1650 err = crypto_rng_reset(tfm, seed, seedsize);
1652 printk(KERN_ERR "alg: cprng: Failed to reset rng "
1657 for (j = 0; j < template[i].loops; j++) {
1658 err = crypto_rng_get_bytes(tfm, result,
1661 printk(KERN_ERR "alg: cprng: Failed to obtain "
1662 "the correct amount of random data for "
1663 "%s (requested %d)\n", algo,
1669 err = memcmp(result, template[i].result,
1672 printk(KERN_ERR "alg: cprng: Test %d failed for %s\n",
1674 hexdump(result, template[i].rlen);
1685 static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
1688 struct crypto_aead *tfm;
1691 tfm = crypto_alloc_aead(driver, type, mask);
1693 printk(KERN_ERR "alg: aead: Failed to load transform for %s: "
1694 "%ld\n", driver, PTR_ERR(tfm));
1695 return PTR_ERR(tfm);
1698 if (desc->suite.aead.enc.vecs) {
1699 err = test_aead(tfm, ENCRYPT, desc->suite.aead.enc.vecs,
1700 desc->suite.aead.enc.count);
1705 if (!err && desc->suite.aead.dec.vecs)
1706 err = test_aead(tfm, DECRYPT, desc->suite.aead.dec.vecs,
1707 desc->suite.aead.dec.count);
1710 crypto_free_aead(tfm);
1714 static int alg_test_cipher(const struct alg_test_desc *desc,
1715 const char *driver, u32 type, u32 mask)
1717 struct crypto_cipher *tfm;
1720 tfm = crypto_alloc_cipher(driver, type, mask);
1722 printk(KERN_ERR "alg: cipher: Failed to load transform for "
1723 "%s: %ld\n", driver, PTR_ERR(tfm));
1724 return PTR_ERR(tfm);
1727 if (desc->suite.cipher.enc.vecs) {
1728 err = test_cipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs,
1729 desc->suite.cipher.enc.count);
1734 if (desc->suite.cipher.dec.vecs)
1735 err = test_cipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs,
1736 desc->suite.cipher.dec.count);
1739 crypto_free_cipher(tfm);
1743 static int alg_test_skcipher(const struct alg_test_desc *desc,
1744 const char *driver, u32 type, u32 mask)
1746 struct crypto_skcipher *tfm;
1749 tfm = crypto_alloc_skcipher(driver, type, mask);
1751 printk(KERN_ERR "alg: skcipher: Failed to load transform for "
1752 "%s: %ld\n", driver, PTR_ERR(tfm));
1753 return PTR_ERR(tfm);
1756 if (desc->suite.cipher.enc.vecs) {
1757 err = test_skcipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs,
1758 desc->suite.cipher.enc.count);
1763 if (desc->suite.cipher.dec.vecs)
1764 err = test_skcipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs,
1765 desc->suite.cipher.dec.count);
1768 crypto_free_skcipher(tfm);
1772 static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
1775 struct crypto_comp *comp;
1776 struct crypto_acomp *acomp;
1778 u32 algo_type = type & CRYPTO_ALG_TYPE_ACOMPRESS_MASK;
1780 if (algo_type == CRYPTO_ALG_TYPE_ACOMPRESS) {
1781 acomp = crypto_alloc_acomp(driver, type, mask);
1782 if (IS_ERR(acomp)) {
1783 pr_err("alg: acomp: Failed to load transform for %s: %ld\n",
1784 driver, PTR_ERR(acomp));
1785 return PTR_ERR(acomp);
1787 err = test_acomp(acomp, desc->suite.comp.comp.vecs,
1788 desc->suite.comp.decomp.vecs,
1789 desc->suite.comp.comp.count,
1790 desc->suite.comp.decomp.count);
1791 crypto_free_acomp(acomp);
1793 comp = crypto_alloc_comp(driver, type, mask);
1795 pr_err("alg: comp: Failed to load transform for %s: %ld\n",
1796 driver, PTR_ERR(comp));
1797 return PTR_ERR(comp);
1800 err = test_comp(comp, desc->suite.comp.comp.vecs,
1801 desc->suite.comp.decomp.vecs,
1802 desc->suite.comp.comp.count,
1803 desc->suite.comp.decomp.count);
1805 crypto_free_comp(comp);
1810 static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
1813 struct crypto_ahash *tfm;
1816 tfm = crypto_alloc_ahash(driver, type, mask);
1818 printk(KERN_ERR "alg: hash: Failed to load transform for %s: "
1819 "%ld\n", driver, PTR_ERR(tfm));
1820 return PTR_ERR(tfm);
1823 err = test_hash(tfm, desc->suite.hash.vecs,
1824 desc->suite.hash.count, true);
1826 err = test_hash(tfm, desc->suite.hash.vecs,
1827 desc->suite.hash.count, false);
1829 crypto_free_ahash(tfm);
1833 static int alg_test_crc32c(const struct alg_test_desc *desc,
1834 const char *driver, u32 type, u32 mask)
1836 struct crypto_shash *tfm;
1840 err = alg_test_hash(desc, driver, type, mask);
1844 tfm = crypto_alloc_shash(driver, type, mask);
1846 printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: "
1847 "%ld\n", driver, PTR_ERR(tfm));
1853 SHASH_DESC_ON_STACK(shash, tfm);
1854 u32 *ctx = (u32 *)shash_desc_ctx(shash);
1859 *ctx = le32_to_cpu(420553207);
1860 err = crypto_shash_final(shash, (u8 *)&val);
1862 printk(KERN_ERR "alg: crc32c: Operation failed for "
1863 "%s: %d\n", driver, err);
1867 if (val != ~420553207) {
1868 printk(KERN_ERR "alg: crc32c: Test failed for %s: "
1869 "%d\n", driver, val);
1874 crypto_free_shash(tfm);
1880 static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver,
1883 struct crypto_rng *rng;
1886 rng = crypto_alloc_rng(driver, type, mask);
1888 printk(KERN_ERR "alg: cprng: Failed to load transform for %s: "
1889 "%ld\n", driver, PTR_ERR(rng));
1890 return PTR_ERR(rng);
1893 err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count);
1895 crypto_free_rng(rng);
1901 static int drbg_cavs_test(const struct drbg_testvec *test, int pr,
1902 const char *driver, u32 type, u32 mask)
1905 struct crypto_rng *drng;
1906 struct drbg_test_data test_data;
1907 struct drbg_string addtl, pers, testentropy;
1908 unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL);
1913 drng = crypto_alloc_rng(driver, type, mask);
1915 printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for "
1921 test_data.testentropy = &testentropy;
1922 drbg_string_fill(&testentropy, test->entropy, test->entropylen);
1923 drbg_string_fill(&pers, test->pers, test->perslen);
1924 ret = crypto_drbg_reset_test(drng, &pers, &test_data);
1926 printk(KERN_ERR "alg: drbg: Failed to reset rng\n");
1930 drbg_string_fill(&addtl, test->addtla, test->addtllen);
1932 drbg_string_fill(&testentropy, test->entpra, test->entprlen);
1933 ret = crypto_drbg_get_bytes_addtl_test(drng,
1934 buf, test->expectedlen, &addtl, &test_data);
1936 ret = crypto_drbg_get_bytes_addtl(drng,
1937 buf, test->expectedlen, &addtl);
1940 printk(KERN_ERR "alg: drbg: could not obtain random data for "
1941 "driver %s\n", driver);
1945 drbg_string_fill(&addtl, test->addtlb, test->addtllen);
1947 drbg_string_fill(&testentropy, test->entprb, test->entprlen);
1948 ret = crypto_drbg_get_bytes_addtl_test(drng,
1949 buf, test->expectedlen, &addtl, &test_data);
1951 ret = crypto_drbg_get_bytes_addtl(drng,
1952 buf, test->expectedlen, &addtl);
1955 printk(KERN_ERR "alg: drbg: could not obtain random data for "
1956 "driver %s\n", driver);
1960 ret = memcmp(test->expected, buf, test->expectedlen);
1963 crypto_free_rng(drng);
1969 static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver,
1975 const struct drbg_testvec *template = desc->suite.drbg.vecs;
1976 unsigned int tcount = desc->suite.drbg.count;
1978 if (0 == memcmp(driver, "drbg_pr_", 8))
1981 for (i = 0; i < tcount; i++) {
1982 err = drbg_cavs_test(&template[i], pr, driver, type, mask);
1984 printk(KERN_ERR "alg: drbg: Test %d failed for %s\n",
1994 static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,
1997 struct kpp_request *req;
1998 void *input_buf = NULL;
1999 void *output_buf = NULL;
2000 void *a_public = NULL;
2002 void *shared_secret = NULL;
2003 struct tcrypt_result result;
2004 unsigned int out_len_max;
2006 struct scatterlist src, dst;
2008 req = kpp_request_alloc(tfm, GFP_KERNEL);
2012 init_completion(&result.completion);
2014 err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size);
2018 out_len_max = crypto_kpp_maxsize(tfm);
2019 output_buf = kzalloc(out_len_max, GFP_KERNEL);
2025 /* Use appropriate parameter as base */
2026 kpp_request_set_input(req, NULL, 0);
2027 sg_init_one(&dst, output_buf, out_len_max);
2028 kpp_request_set_output(req, &dst, out_len_max);
2029 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2030 tcrypt_complete, &result);
2032 /* Compute party A's public key */
2033 err = wait_async_op(&result, crypto_kpp_generate_public_key(req));
2035 pr_err("alg: %s: Party A: generate public key test failed. err %d\n",
2041 /* Save party A's public key */
2042 a_public = kzalloc(out_len_max, GFP_KERNEL);
2047 memcpy(a_public, sg_virt(req->dst), out_len_max);
2049 /* Verify calculated public key */
2050 if (memcmp(vec->expected_a_public, sg_virt(req->dst),
2051 vec->expected_a_public_size)) {
2052 pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n",
2059 /* Calculate shared secret key by using counter part (b) public key. */
2060 input_buf = kzalloc(vec->b_public_size, GFP_KERNEL);
2066 memcpy(input_buf, vec->b_public, vec->b_public_size);
2067 sg_init_one(&src, input_buf, vec->b_public_size);
2068 sg_init_one(&dst, output_buf, out_len_max);
2069 kpp_request_set_input(req, &src, vec->b_public_size);
2070 kpp_request_set_output(req, &dst, out_len_max);
2071 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2072 tcrypt_complete, &result);
2073 err = wait_async_op(&result, crypto_kpp_compute_shared_secret(req));
2075 pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n",
2081 /* Save the shared secret obtained by party A */
2082 a_ss = kzalloc(vec->expected_ss_size, GFP_KERNEL);
2087 memcpy(a_ss, sg_virt(req->dst), vec->expected_ss_size);
2090 * Calculate party B's shared secret by using party A's
2093 err = crypto_kpp_set_secret(tfm, vec->b_secret,
2094 vec->b_secret_size);
2098 sg_init_one(&src, a_public, vec->expected_a_public_size);
2099 sg_init_one(&dst, output_buf, out_len_max);
2100 kpp_request_set_input(req, &src, vec->expected_a_public_size);
2101 kpp_request_set_output(req, &dst, out_len_max);
2102 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2103 tcrypt_complete, &result);
2104 err = wait_async_op(&result,
2105 crypto_kpp_compute_shared_secret(req));
2107 pr_err("alg: %s: Party B: compute shared secret failed. err %d\n",
2112 shared_secret = a_ss;
2114 shared_secret = (void *)vec->expected_ss;
2118 * verify shared secret from which the user will derive
2119 * secret key by executing whatever hash it has chosen
2121 if (memcmp(shared_secret, sg_virt(req->dst),
2122 vec->expected_ss_size)) {
2123 pr_err("alg: %s: compute shared secret test failed. Invalid output\n",
2135 kpp_request_free(req);
2139 static int test_kpp(struct crypto_kpp *tfm, const char *alg,
2140 const struct kpp_testvec *vecs, unsigned int tcount)
2144 for (i = 0; i < tcount; i++) {
2145 ret = do_test_kpp(tfm, vecs++, alg);
2147 pr_err("alg: %s: test failed on vector %d, err=%d\n",
2155 static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,
2158 struct crypto_kpp *tfm;
2161 tfm = crypto_alloc_kpp(driver, type, mask);
2163 pr_err("alg: kpp: Failed to load tfm for %s: %ld\n",
2164 driver, PTR_ERR(tfm));
2165 return PTR_ERR(tfm);
2167 if (desc->suite.kpp.vecs)
2168 err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs,
2169 desc->suite.kpp.count);
2171 crypto_free_kpp(tfm);
2175 static int test_akcipher_one(struct crypto_akcipher *tfm,
2176 const struct akcipher_testvec *vecs)
2178 char *xbuf[XBUFSIZE];
2179 struct akcipher_request *req;
2180 void *outbuf_enc = NULL;
2181 void *outbuf_dec = NULL;
2182 struct tcrypt_result result;
2183 unsigned int out_len_max, out_len = 0;
2185 struct scatterlist src, dst, src_tab[2];
2187 if (testmgr_alloc_buf(xbuf))
2190 req = akcipher_request_alloc(tfm, GFP_KERNEL);
2194 init_completion(&result.completion);
2196 if (vecs->public_key_vec)
2197 err = crypto_akcipher_set_pub_key(tfm, vecs->key,
2200 err = crypto_akcipher_set_priv_key(tfm, vecs->key,
2206 out_len_max = crypto_akcipher_maxsize(tfm);
2207 outbuf_enc = kzalloc(out_len_max, GFP_KERNEL);
2211 if (WARN_ON(vecs->m_size > PAGE_SIZE))
2214 memcpy(xbuf[0], vecs->m, vecs->m_size);
2216 sg_init_table(src_tab, 2);
2217 sg_set_buf(&src_tab[0], xbuf[0], 8);
2218 sg_set_buf(&src_tab[1], xbuf[0] + 8, vecs->m_size - 8);
2219 sg_init_one(&dst, outbuf_enc, out_len_max);
2220 akcipher_request_set_crypt(req, src_tab, &dst, vecs->m_size,
2222 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2223 tcrypt_complete, &result);
2225 /* Run RSA encrypt - c = m^e mod n;*/
2226 err = wait_async_op(&result, crypto_akcipher_encrypt(req));
2228 pr_err("alg: akcipher: encrypt test failed. err %d\n", err);
2231 if (req->dst_len != vecs->c_size) {
2232 pr_err("alg: akcipher: encrypt test failed. Invalid output len\n");
2236 /* verify that encrypted message is equal to expected */
2237 if (memcmp(vecs->c, outbuf_enc, vecs->c_size)) {
2238 pr_err("alg: akcipher: encrypt test failed. Invalid output\n");
2239 hexdump(outbuf_enc, vecs->c_size);
2243 /* Don't invoke decrypt for vectors with public key */
2244 if (vecs->public_key_vec) {
2248 outbuf_dec = kzalloc(out_len_max, GFP_KERNEL);
2254 if (WARN_ON(vecs->c_size > PAGE_SIZE))
2257 memcpy(xbuf[0], vecs->c, vecs->c_size);
2259 sg_init_one(&src, xbuf[0], vecs->c_size);
2260 sg_init_one(&dst, outbuf_dec, out_len_max);
2261 init_completion(&result.completion);
2262 akcipher_request_set_crypt(req, &src, &dst, vecs->c_size, out_len_max);
2264 /* Run RSA decrypt - m = c^d mod n;*/
2265 err = wait_async_op(&result, crypto_akcipher_decrypt(req));
2267 pr_err("alg: akcipher: decrypt test failed. err %d\n", err);
2270 out_len = req->dst_len;
2271 if (out_len < vecs->m_size) {
2272 pr_err("alg: akcipher: decrypt test failed. "
2273 "Invalid output len %u\n", out_len);
2277 /* verify that decrypted message is equal to the original msg */
2278 if (memchr_inv(outbuf_dec, 0, out_len - vecs->m_size) ||
2279 memcmp(vecs->m, outbuf_dec + out_len - vecs->m_size,
2281 pr_err("alg: akcipher: decrypt test failed. Invalid output\n");
2282 hexdump(outbuf_dec, out_len);
2289 akcipher_request_free(req);
2291 testmgr_free_buf(xbuf);
2295 static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,
2296 const struct akcipher_testvec *vecs,
2297 unsigned int tcount)
2300 crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm));
2303 for (i = 0; i < tcount; i++) {
2304 ret = test_akcipher_one(tfm, vecs++);
2308 pr_err("alg: akcipher: test %d failed for %s, err=%d\n",
2315 static int alg_test_akcipher(const struct alg_test_desc *desc,
2316 const char *driver, u32 type, u32 mask)
2318 struct crypto_akcipher *tfm;
2321 tfm = crypto_alloc_akcipher(driver, type, mask);
2323 pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n",
2324 driver, PTR_ERR(tfm));
2325 return PTR_ERR(tfm);
2327 if (desc->suite.akcipher.vecs)
2328 err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs,
2329 desc->suite.akcipher.count);
2331 crypto_free_akcipher(tfm);
2335 static int alg_test_null(const struct alg_test_desc *desc,
2336 const char *driver, u32 type, u32 mask)
2341 #define __VECS(tv) { .vecs = tv, .count = ARRAY_SIZE(tv) }
2343 /* Please keep this list sorted by algorithm name. */
2344 static const struct alg_test_desc alg_test_descs[] = {
2346 .alg = "ansi_cprng",
2347 .test = alg_test_cprng,
2349 .cprng = __VECS(ansi_cprng_aes_tv_template)
2352 .alg = "authenc(hmac(md5),ecb(cipher_null))",
2353 .test = alg_test_aead,
2356 .enc = __VECS(hmac_md5_ecb_cipher_null_enc_tv_template),
2357 .dec = __VECS(hmac_md5_ecb_cipher_null_dec_tv_template)
2361 .alg = "authenc(hmac(sha1),cbc(aes))",
2362 .test = alg_test_aead,
2365 .enc = __VECS(hmac_sha1_aes_cbc_enc_tv_temp)
2369 .alg = "authenc(hmac(sha1),cbc(des))",
2370 .test = alg_test_aead,
2373 .enc = __VECS(hmac_sha1_des_cbc_enc_tv_temp)
2377 .alg = "authenc(hmac(sha1),cbc(des3_ede))",
2378 .test = alg_test_aead,
2382 .enc = __VECS(hmac_sha1_des3_ede_cbc_enc_tv_temp)
2386 .alg = "authenc(hmac(sha1),ctr(aes))",
2387 .test = alg_test_null,
2390 .alg = "authenc(hmac(sha1),ecb(cipher_null))",
2391 .test = alg_test_aead,
2394 .enc = __VECS(hmac_sha1_ecb_cipher_null_enc_tv_temp),
2395 .dec = __VECS(hmac_sha1_ecb_cipher_null_dec_tv_temp)
2399 .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
2400 .test = alg_test_null,
2403 .alg = "authenc(hmac(sha224),cbc(des))",
2404 .test = alg_test_aead,
2407 .enc = __VECS(hmac_sha224_des_cbc_enc_tv_temp)
2411 .alg = "authenc(hmac(sha224),cbc(des3_ede))",
2412 .test = alg_test_aead,
2416 .enc = __VECS(hmac_sha224_des3_ede_cbc_enc_tv_temp)
2420 .alg = "authenc(hmac(sha256),cbc(aes))",
2421 .test = alg_test_aead,
2425 .enc = __VECS(hmac_sha256_aes_cbc_enc_tv_temp)
2429 .alg = "authenc(hmac(sha256),cbc(des))",
2430 .test = alg_test_aead,
2433 .enc = __VECS(hmac_sha256_des_cbc_enc_tv_temp)
2437 .alg = "authenc(hmac(sha256),cbc(des3_ede))",
2438 .test = alg_test_aead,
2442 .enc = __VECS(hmac_sha256_des3_ede_cbc_enc_tv_temp)
2446 .alg = "authenc(hmac(sha256),ctr(aes))",
2447 .test = alg_test_null,
2450 .alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
2451 .test = alg_test_null,
2454 .alg = "authenc(hmac(sha384),cbc(des))",
2455 .test = alg_test_aead,
2458 .enc = __VECS(hmac_sha384_des_cbc_enc_tv_temp)
2462 .alg = "authenc(hmac(sha384),cbc(des3_ede))",
2463 .test = alg_test_aead,
2467 .enc = __VECS(hmac_sha384_des3_ede_cbc_enc_tv_temp)
2471 .alg = "authenc(hmac(sha384),ctr(aes))",
2472 .test = alg_test_null,
2475 .alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
2476 .test = alg_test_null,
2479 .alg = "authenc(hmac(sha512),cbc(aes))",
2481 .test = alg_test_aead,
2484 .enc = __VECS(hmac_sha512_aes_cbc_enc_tv_temp)
2488 .alg = "authenc(hmac(sha512),cbc(des))",
2489 .test = alg_test_aead,
2492 .enc = __VECS(hmac_sha512_des_cbc_enc_tv_temp)
2496 .alg = "authenc(hmac(sha512),cbc(des3_ede))",
2497 .test = alg_test_aead,
2501 .enc = __VECS(hmac_sha512_des3_ede_cbc_enc_tv_temp)
2505 .alg = "authenc(hmac(sha512),ctr(aes))",
2506 .test = alg_test_null,
2509 .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
2510 .test = alg_test_null,
2514 .test = alg_test_skcipher,
2518 .enc = __VECS(aes_cbc_enc_tv_template),
2519 .dec = __VECS(aes_cbc_dec_tv_template)
2523 .alg = "cbc(anubis)",
2524 .test = alg_test_skcipher,
2527 .enc = __VECS(anubis_cbc_enc_tv_template),
2528 .dec = __VECS(anubis_cbc_dec_tv_template)
2532 .alg = "cbc(blowfish)",
2533 .test = alg_test_skcipher,
2536 .enc = __VECS(bf_cbc_enc_tv_template),
2537 .dec = __VECS(bf_cbc_dec_tv_template)
2541 .alg = "cbc(camellia)",
2542 .test = alg_test_skcipher,
2545 .enc = __VECS(camellia_cbc_enc_tv_template),
2546 .dec = __VECS(camellia_cbc_dec_tv_template)
2550 .alg = "cbc(cast5)",
2551 .test = alg_test_skcipher,
2554 .enc = __VECS(cast5_cbc_enc_tv_template),
2555 .dec = __VECS(cast5_cbc_dec_tv_template)
2559 .alg = "cbc(cast6)",
2560 .test = alg_test_skcipher,
2563 .enc = __VECS(cast6_cbc_enc_tv_template),
2564 .dec = __VECS(cast6_cbc_dec_tv_template)
2569 .test = alg_test_skcipher,
2572 .enc = __VECS(des_cbc_enc_tv_template),
2573 .dec = __VECS(des_cbc_dec_tv_template)
2577 .alg = "cbc(des3_ede)",
2578 .test = alg_test_skcipher,
2582 .enc = __VECS(des3_ede_cbc_enc_tv_template),
2583 .dec = __VECS(des3_ede_cbc_dec_tv_template)
2587 .alg = "cbc(serpent)",
2588 .test = alg_test_skcipher,
2591 .enc = __VECS(serpent_cbc_enc_tv_template),
2592 .dec = __VECS(serpent_cbc_dec_tv_template)
2596 .alg = "cbc(twofish)",
2597 .test = alg_test_skcipher,
2600 .enc = __VECS(tf_cbc_enc_tv_template),
2601 .dec = __VECS(tf_cbc_dec_tv_template)
2605 .alg = "cbcmac(aes)",
2607 .test = alg_test_hash,
2609 .hash = __VECS(aes_cbcmac_tv_template)
2613 .test = alg_test_aead,
2617 .enc = __VECS(aes_ccm_enc_tv_template),
2618 .dec = __VECS(aes_ccm_dec_tv_template)
2623 .test = alg_test_skcipher,
2626 .enc = __VECS(chacha20_enc_tv_template),
2627 .dec = __VECS(chacha20_enc_tv_template),
2633 .test = alg_test_hash,
2635 .hash = __VECS(aes_cmac128_tv_template)
2638 .alg = "cmac(des3_ede)",
2640 .test = alg_test_hash,
2642 .hash = __VECS(des3_ede_cmac64_tv_template)
2645 .alg = "compress_null",
2646 .test = alg_test_null,
2649 .test = alg_test_hash,
2651 .hash = __VECS(crc32_tv_template)
2655 .test = alg_test_crc32c,
2658 .hash = __VECS(crc32c_tv_template)
2662 .test = alg_test_hash,
2665 .hash = __VECS(crct10dif_tv_template)
2669 .test = alg_test_skcipher,
2673 .enc = __VECS(aes_ctr_enc_tv_template),
2674 .dec = __VECS(aes_ctr_dec_tv_template)
2678 .alg = "ctr(blowfish)",
2679 .test = alg_test_skcipher,
2682 .enc = __VECS(bf_ctr_enc_tv_template),
2683 .dec = __VECS(bf_ctr_dec_tv_template)
2687 .alg = "ctr(camellia)",
2688 .test = alg_test_skcipher,
2691 .enc = __VECS(camellia_ctr_enc_tv_template),
2692 .dec = __VECS(camellia_ctr_dec_tv_template)
2696 .alg = "ctr(cast5)",
2697 .test = alg_test_skcipher,
2700 .enc = __VECS(cast5_ctr_enc_tv_template),
2701 .dec = __VECS(cast5_ctr_dec_tv_template)
2705 .alg = "ctr(cast6)",
2706 .test = alg_test_skcipher,
2709 .enc = __VECS(cast6_ctr_enc_tv_template),
2710 .dec = __VECS(cast6_ctr_dec_tv_template)
2715 .test = alg_test_skcipher,
2718 .enc = __VECS(des_ctr_enc_tv_template),
2719 .dec = __VECS(des_ctr_dec_tv_template)
2723 .alg = "ctr(des3_ede)",
2724 .test = alg_test_skcipher,
2728 .enc = __VECS(des3_ede_ctr_enc_tv_template),
2729 .dec = __VECS(des3_ede_ctr_dec_tv_template)
2733 .alg = "ctr(serpent)",
2734 .test = alg_test_skcipher,
2737 .enc = __VECS(serpent_ctr_enc_tv_template),
2738 .dec = __VECS(serpent_ctr_dec_tv_template)
2742 .alg = "ctr(twofish)",
2743 .test = alg_test_skcipher,
2746 .enc = __VECS(tf_ctr_enc_tv_template),
2747 .dec = __VECS(tf_ctr_dec_tv_template)
2751 .alg = "cts(cbc(aes))",
2752 .test = alg_test_skcipher,
2755 .enc = __VECS(cts_mode_enc_tv_template),
2756 .dec = __VECS(cts_mode_dec_tv_template)
2761 .test = alg_test_comp,
2765 .comp = __VECS(deflate_comp_tv_template),
2766 .decomp = __VECS(deflate_decomp_tv_template)
2771 .test = alg_test_kpp,
2774 .kpp = __VECS(dh_tv_template)
2777 .alg = "digest_null",
2778 .test = alg_test_null,
2780 .alg = "drbg_nopr_ctr_aes128",
2781 .test = alg_test_drbg,
2784 .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template)
2787 .alg = "drbg_nopr_ctr_aes192",
2788 .test = alg_test_drbg,
2791 .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template)
2794 .alg = "drbg_nopr_ctr_aes256",
2795 .test = alg_test_drbg,
2798 .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template)
2802 * There is no need to specifically test the DRBG with every
2803 * backend cipher -- covered by drbg_nopr_hmac_sha256 test
2805 .alg = "drbg_nopr_hmac_sha1",
2807 .test = alg_test_null,
2809 .alg = "drbg_nopr_hmac_sha256",
2810 .test = alg_test_drbg,
2813 .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template)
2816 /* covered by drbg_nopr_hmac_sha256 test */
2817 .alg = "drbg_nopr_hmac_sha384",
2819 .test = alg_test_null,
2821 .alg = "drbg_nopr_hmac_sha512",
2822 .test = alg_test_null,
2825 .alg = "drbg_nopr_sha1",
2827 .test = alg_test_null,
2829 .alg = "drbg_nopr_sha256",
2830 .test = alg_test_drbg,
2833 .drbg = __VECS(drbg_nopr_sha256_tv_template)
2836 /* covered by drbg_nopr_sha256 test */
2837 .alg = "drbg_nopr_sha384",
2839 .test = alg_test_null,
2841 .alg = "drbg_nopr_sha512",
2843 .test = alg_test_null,
2845 .alg = "drbg_pr_ctr_aes128",
2846 .test = alg_test_drbg,
2849 .drbg = __VECS(drbg_pr_ctr_aes128_tv_template)
2852 /* covered by drbg_pr_ctr_aes128 test */
2853 .alg = "drbg_pr_ctr_aes192",
2855 .test = alg_test_null,
2857 .alg = "drbg_pr_ctr_aes256",
2859 .test = alg_test_null,
2861 .alg = "drbg_pr_hmac_sha1",
2863 .test = alg_test_null,
2865 .alg = "drbg_pr_hmac_sha256",
2866 .test = alg_test_drbg,
2869 .drbg = __VECS(drbg_pr_hmac_sha256_tv_template)
2872 /* covered by drbg_pr_hmac_sha256 test */
2873 .alg = "drbg_pr_hmac_sha384",
2875 .test = alg_test_null,
2877 .alg = "drbg_pr_hmac_sha512",
2878 .test = alg_test_null,
2881 .alg = "drbg_pr_sha1",
2883 .test = alg_test_null,
2885 .alg = "drbg_pr_sha256",
2886 .test = alg_test_drbg,
2889 .drbg = __VECS(drbg_pr_sha256_tv_template)
2892 /* covered by drbg_pr_sha256 test */
2893 .alg = "drbg_pr_sha384",
2895 .test = alg_test_null,
2897 .alg = "drbg_pr_sha512",
2899 .test = alg_test_null,
2902 .test = alg_test_skcipher,
2906 .enc = __VECS(aes_enc_tv_template),
2907 .dec = __VECS(aes_dec_tv_template)
2911 .alg = "ecb(anubis)",
2912 .test = alg_test_skcipher,
2915 .enc = __VECS(anubis_enc_tv_template),
2916 .dec = __VECS(anubis_dec_tv_template)
2921 .test = alg_test_skcipher,
2924 .enc = __VECS(arc4_enc_tv_template),
2925 .dec = __VECS(arc4_dec_tv_template)
2929 .alg = "ecb(blowfish)",
2930 .test = alg_test_skcipher,
2933 .enc = __VECS(bf_enc_tv_template),
2934 .dec = __VECS(bf_dec_tv_template)
2938 .alg = "ecb(camellia)",
2939 .test = alg_test_skcipher,
2942 .enc = __VECS(camellia_enc_tv_template),
2943 .dec = __VECS(camellia_dec_tv_template)
2947 .alg = "ecb(cast5)",
2948 .test = alg_test_skcipher,
2951 .enc = __VECS(cast5_enc_tv_template),
2952 .dec = __VECS(cast5_dec_tv_template)
2956 .alg = "ecb(cast6)",
2957 .test = alg_test_skcipher,
2960 .enc = __VECS(cast6_enc_tv_template),
2961 .dec = __VECS(cast6_dec_tv_template)
2965 .alg = "ecb(cipher_null)",
2966 .test = alg_test_null,
2970 .test = alg_test_skcipher,
2973 .enc = __VECS(des_enc_tv_template),
2974 .dec = __VECS(des_dec_tv_template)
2978 .alg = "ecb(des3_ede)",
2979 .test = alg_test_skcipher,
2983 .enc = __VECS(des3_ede_enc_tv_template),
2984 .dec = __VECS(des3_ede_dec_tv_template)
2988 .alg = "ecb(fcrypt)",
2989 .test = alg_test_skcipher,
2993 .vecs = fcrypt_pcbc_enc_tv_template,
2997 .vecs = fcrypt_pcbc_dec_tv_template,
3003 .alg = "ecb(khazad)",
3004 .test = alg_test_skcipher,
3007 .enc = __VECS(khazad_enc_tv_template),
3008 .dec = __VECS(khazad_dec_tv_template)
3013 .test = alg_test_skcipher,
3016 .enc = __VECS(seed_enc_tv_template),
3017 .dec = __VECS(seed_dec_tv_template)
3021 .alg = "ecb(serpent)",
3022 .test = alg_test_skcipher,
3025 .enc = __VECS(serpent_enc_tv_template),
3026 .dec = __VECS(serpent_dec_tv_template)
3031 .test = alg_test_skcipher,
3034 .enc = __VECS(tea_enc_tv_template),
3035 .dec = __VECS(tea_dec_tv_template)
3039 .alg = "ecb(tnepres)",
3040 .test = alg_test_skcipher,
3043 .enc = __VECS(tnepres_enc_tv_template),
3044 .dec = __VECS(tnepres_dec_tv_template)
3048 .alg = "ecb(twofish)",
3049 .test = alg_test_skcipher,
3052 .enc = __VECS(tf_enc_tv_template),
3053 .dec = __VECS(tf_dec_tv_template)
3058 .test = alg_test_skcipher,
3061 .enc = __VECS(xeta_enc_tv_template),
3062 .dec = __VECS(xeta_dec_tv_template)
3067 .test = alg_test_skcipher,
3070 .enc = __VECS(xtea_enc_tv_template),
3071 .dec = __VECS(xtea_dec_tv_template)
3076 .test = alg_test_kpp,
3079 .kpp = __VECS(ecdh_tv_template)
3083 .test = alg_test_aead,
3087 .enc = __VECS(aes_gcm_enc_tv_template),
3088 .dec = __VECS(aes_gcm_dec_tv_template)
3093 .test = alg_test_hash,
3096 .hash = __VECS(ghash_tv_template)
3099 .alg = "hmac(crc32)",
3100 .test = alg_test_hash,
3102 .hash = __VECS(bfin_crc_tv_template)
3106 .test = alg_test_hash,
3108 .hash = __VECS(hmac_md5_tv_template)
3111 .alg = "hmac(rmd128)",
3112 .test = alg_test_hash,
3114 .hash = __VECS(hmac_rmd128_tv_template)
3117 .alg = "hmac(rmd160)",
3118 .test = alg_test_hash,
3120 .hash = __VECS(hmac_rmd160_tv_template)
3123 .alg = "hmac(sha1)",
3124 .test = alg_test_hash,
3127 .hash = __VECS(hmac_sha1_tv_template)
3130 .alg = "hmac(sha224)",
3131 .test = alg_test_hash,
3134 .hash = __VECS(hmac_sha224_tv_template)
3137 .alg = "hmac(sha256)",
3138 .test = alg_test_hash,
3141 .hash = __VECS(hmac_sha256_tv_template)
3144 .alg = "hmac(sha3-224)",
3145 .test = alg_test_hash,
3148 .hash = __VECS(hmac_sha3_224_tv_template)
3151 .alg = "hmac(sha3-256)",
3152 .test = alg_test_hash,
3155 .hash = __VECS(hmac_sha3_256_tv_template)
3158 .alg = "hmac(sha3-384)",
3159 .test = alg_test_hash,
3162 .hash = __VECS(hmac_sha3_384_tv_template)
3165 .alg = "hmac(sha3-512)",
3166 .test = alg_test_hash,
3169 .hash = __VECS(hmac_sha3_512_tv_template)
3172 .alg = "hmac(sha384)",
3173 .test = alg_test_hash,
3176 .hash = __VECS(hmac_sha384_tv_template)
3179 .alg = "hmac(sha512)",
3180 .test = alg_test_hash,
3183 .hash = __VECS(hmac_sha512_tv_template)
3186 .alg = "jitterentropy_rng",
3188 .test = alg_test_null,
3191 .test = alg_test_skcipher,
3195 .enc = __VECS(aes_kw_enc_tv_template),
3196 .dec = __VECS(aes_kw_dec_tv_template)
3201 .test = alg_test_skcipher,
3204 .enc = __VECS(aes_lrw_enc_tv_template),
3205 .dec = __VECS(aes_lrw_dec_tv_template)
3209 .alg = "lrw(camellia)",
3210 .test = alg_test_skcipher,
3213 .enc = __VECS(camellia_lrw_enc_tv_template),
3214 .dec = __VECS(camellia_lrw_dec_tv_template)
3218 .alg = "lrw(cast6)",
3219 .test = alg_test_skcipher,
3222 .enc = __VECS(cast6_lrw_enc_tv_template),
3223 .dec = __VECS(cast6_lrw_dec_tv_template)
3227 .alg = "lrw(serpent)",
3228 .test = alg_test_skcipher,
3231 .enc = __VECS(serpent_lrw_enc_tv_template),
3232 .dec = __VECS(serpent_lrw_dec_tv_template)
3236 .alg = "lrw(twofish)",
3237 .test = alg_test_skcipher,
3240 .enc = __VECS(tf_lrw_enc_tv_template),
3241 .dec = __VECS(tf_lrw_dec_tv_template)
3246 .test = alg_test_comp,
3250 .comp = __VECS(lz4_comp_tv_template),
3251 .decomp = __VECS(lz4_decomp_tv_template)
3256 .test = alg_test_comp,
3260 .comp = __VECS(lz4hc_comp_tv_template),
3261 .decomp = __VECS(lz4hc_decomp_tv_template)
3266 .test = alg_test_comp,
3270 .comp = __VECS(lzo_comp_tv_template),
3271 .decomp = __VECS(lzo_decomp_tv_template)
3276 .test = alg_test_hash,
3278 .hash = __VECS(md4_tv_template)
3282 .test = alg_test_hash,
3284 .hash = __VECS(md5_tv_template)
3287 .alg = "michael_mic",
3288 .test = alg_test_hash,
3290 .hash = __VECS(michael_mic_tv_template)
3294 .test = alg_test_skcipher,
3298 .enc = __VECS(aes_ofb_enc_tv_template),
3299 .dec = __VECS(aes_ofb_dec_tv_template)
3303 .alg = "pcbc(fcrypt)",
3304 .test = alg_test_skcipher,
3307 .enc = __VECS(fcrypt_pcbc_enc_tv_template),
3308 .dec = __VECS(fcrypt_pcbc_dec_tv_template)
3313 .test = alg_test_hash,
3315 .hash = __VECS(poly1305_tv_template)
3318 .alg = "rfc3686(ctr(aes))",
3319 .test = alg_test_skcipher,
3323 .enc = __VECS(aes_ctr_rfc3686_enc_tv_template),
3324 .dec = __VECS(aes_ctr_rfc3686_dec_tv_template)
3328 .alg = "rfc4106(gcm(aes))",
3329 .test = alg_test_aead,
3333 .enc = __VECS(aes_gcm_rfc4106_enc_tv_template),
3334 .dec = __VECS(aes_gcm_rfc4106_dec_tv_template)
3338 .alg = "rfc4309(ccm(aes))",
3339 .test = alg_test_aead,
3343 .enc = __VECS(aes_ccm_rfc4309_enc_tv_template),
3344 .dec = __VECS(aes_ccm_rfc4309_dec_tv_template)
3348 .alg = "rfc4543(gcm(aes))",
3349 .test = alg_test_aead,
3352 .enc = __VECS(aes_gcm_rfc4543_enc_tv_template),
3353 .dec = __VECS(aes_gcm_rfc4543_dec_tv_template),
3357 .alg = "rfc7539(chacha20,poly1305)",
3358 .test = alg_test_aead,
3361 .enc = __VECS(rfc7539_enc_tv_template),
3362 .dec = __VECS(rfc7539_dec_tv_template),
3366 .alg = "rfc7539esp(chacha20,poly1305)",
3367 .test = alg_test_aead,
3370 .enc = __VECS(rfc7539esp_enc_tv_template),
3371 .dec = __VECS(rfc7539esp_dec_tv_template),
3376 .test = alg_test_hash,
3378 .hash = __VECS(rmd128_tv_template)
3382 .test = alg_test_hash,
3384 .hash = __VECS(rmd160_tv_template)
3388 .test = alg_test_hash,
3390 .hash = __VECS(rmd256_tv_template)
3394 .test = alg_test_hash,
3396 .hash = __VECS(rmd320_tv_template)
3400 .test = alg_test_akcipher,
3403 .akcipher = __VECS(rsa_tv_template)
3407 .test = alg_test_skcipher,
3410 .enc = __VECS(salsa20_stream_enc_tv_template)
3415 .test = alg_test_hash,
3418 .hash = __VECS(sha1_tv_template)
3422 .test = alg_test_hash,
3425 .hash = __VECS(sha224_tv_template)
3429 .test = alg_test_hash,
3432 .hash = __VECS(sha256_tv_template)
3436 .test = alg_test_hash,
3439 .hash = __VECS(sha3_224_tv_template)
3443 .test = alg_test_hash,
3446 .hash = __VECS(sha3_256_tv_template)
3450 .test = alg_test_hash,
3453 .hash = __VECS(sha3_384_tv_template)
3457 .test = alg_test_hash,
3460 .hash = __VECS(sha3_512_tv_template)
3464 .test = alg_test_hash,
3467 .hash = __VECS(sha384_tv_template)
3471 .test = alg_test_hash,
3474 .hash = __VECS(sha512_tv_template)
3478 .test = alg_test_hash,
3480 .hash = __VECS(tgr128_tv_template)
3484 .test = alg_test_hash,
3486 .hash = __VECS(tgr160_tv_template)
3490 .test = alg_test_hash,
3492 .hash = __VECS(tgr192_tv_template)
3496 .test = alg_test_hash,
3498 .hash = __VECS(aes_vmac128_tv_template)
3502 .test = alg_test_hash,
3504 .hash = __VECS(wp256_tv_template)
3508 .test = alg_test_hash,
3510 .hash = __VECS(wp384_tv_template)
3514 .test = alg_test_hash,
3516 .hash = __VECS(wp512_tv_template)
3520 .test = alg_test_hash,
3522 .hash = __VECS(aes_xcbc128_tv_template)
3526 .test = alg_test_skcipher,
3530 .enc = __VECS(aes_xts_enc_tv_template),
3531 .dec = __VECS(aes_xts_dec_tv_template)
3535 .alg = "xts(camellia)",
3536 .test = alg_test_skcipher,
3539 .enc = __VECS(camellia_xts_enc_tv_template),
3540 .dec = __VECS(camellia_xts_dec_tv_template)
3544 .alg = "xts(cast6)",
3545 .test = alg_test_skcipher,
3548 .enc = __VECS(cast6_xts_enc_tv_template),
3549 .dec = __VECS(cast6_xts_dec_tv_template)
3553 .alg = "xts(serpent)",
3554 .test = alg_test_skcipher,
3557 .enc = __VECS(serpent_xts_enc_tv_template),
3558 .dec = __VECS(serpent_xts_dec_tv_template)
3562 .alg = "xts(twofish)",
3563 .test = alg_test_skcipher,
3566 .enc = __VECS(tf_xts_enc_tv_template),
3567 .dec = __VECS(tf_xts_dec_tv_template)
3571 .alg = "zlib-deflate",
3572 .test = alg_test_comp,
3576 .comp = __VECS(zlib_deflate_comp_tv_template),
3577 .decomp = __VECS(zlib_deflate_decomp_tv_template)
3583 static bool alg_test_descs_checked;
3585 static void alg_test_descs_check_order(void)
3589 /* only check once */
3590 if (alg_test_descs_checked)
3593 alg_test_descs_checked = true;
3595 for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) {
3596 int diff = strcmp(alg_test_descs[i - 1].alg,
3597 alg_test_descs[i].alg);
3599 if (WARN_ON(diff > 0)) {
3600 pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n",
3601 alg_test_descs[i - 1].alg,
3602 alg_test_descs[i].alg);
3605 if (WARN_ON(diff == 0)) {
3606 pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n",
3607 alg_test_descs[i].alg);
3612 static int alg_find_test(const char *alg)
3615 int end = ARRAY_SIZE(alg_test_descs);
3617 while (start < end) {
3618 int i = (start + end) / 2;
3619 int diff = strcmp(alg_test_descs[i].alg, alg);
3637 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
3643 if (!fips_enabled && notests) {
3644 printk_once(KERN_INFO "alg: self-tests disabled\n");
3648 alg_test_descs_check_order();
3650 if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
3651 char nalg[CRYPTO_MAX_ALG_NAME];
3653 if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >=
3655 return -ENAMETOOLONG;
3657 i = alg_find_test(nalg);
3661 if (fips_enabled && !alg_test_descs[i].fips_allowed)
3664 rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
3668 i = alg_find_test(alg);
3669 j = alg_find_test(driver);
3673 if (fips_enabled && ((i >= 0 && !alg_test_descs[i].fips_allowed) ||
3674 (j >= 0 && !alg_test_descs[j].fips_allowed)))
3679 rc |= alg_test_descs[i].test(alg_test_descs + i, driver,
3681 if (j >= 0 && j != i)
3682 rc |= alg_test_descs[j].test(alg_test_descs + j, driver,
3686 if (fips_enabled && rc)
3687 panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
3689 if (fips_enabled && !rc)
3690 pr_info("alg: self-tests for %s (%s) passed\n", driver, alg);
3695 printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
3701 #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */
3703 EXPORT_SYMBOL_GPL(alg_test);
projects / linux.git / blob