2 * Algorithm testing framework and tests.
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
6 * Copyright (c) 2007 Nokia Siemens Networks
7 * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
9 * Updated RFC4106 AES-GCM testing.
10 * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com)
11 * Adrian Hoban <adrian.hoban@intel.com>
12 * Gabriele Paoloni <gabriele.paoloni@intel.com>
13 * Tadeusz Struk (tadeusz.struk@intel.com)
14 * Copyright (c) 2010, Intel Corporation.
16 * This program is free software; you can redistribute it and/or modify it
17 * under the terms of the GNU General Public License as published by the Free
18 * Software Foundation; either version 2 of the License, or (at your option)
23 #include <crypto/aead.h>
24 #include <crypto/hash.h>
25 #include <crypto/skcipher.h>
26 #include <linux/err.h>
27 #include <linux/fips.h>
28 #include <linux/module.h>
29 #include <linux/scatterlist.h>
30 #include <linux/slab.h>
31 #include <linux/string.h>
32 #include <crypto/rng.h>
33 #include <crypto/drbg.h>
34 #include <crypto/akcipher.h>
35 #include <crypto/kpp.h>
36 #include <crypto/acompress.h>
41 module_param(notests, bool, 0644);
42 MODULE_PARM_DESC(notests, "disable crypto self-tests");
44 #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
47 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
57 * Need slab memory for testing (size in number of pages).
62 * Indexes into the xbuf to simulate cross-page access.
74 * Used by test_cipher()
79 struct aead_test_suite {
81 const struct aead_testvec *vecs;
86 struct cipher_test_suite {
88 const struct cipher_testvec *vecs;
93 struct comp_test_suite {
95 const struct comp_testvec *vecs;
100 struct hash_test_suite {
101 const struct hash_testvec *vecs;
105 struct cprng_test_suite {
106 const struct cprng_testvec *vecs;
110 struct drbg_test_suite {
111 const struct drbg_testvec *vecs;
115 struct akcipher_test_suite {
116 const struct akcipher_testvec *vecs;
120 struct kpp_test_suite {
121 const struct kpp_testvec *vecs;
125 struct alg_test_desc {
127 int (*test)(const struct alg_test_desc *desc, const char *driver,
129 int fips_allowed; /* set if alg is allowed in fips mode */
132 struct aead_test_suite aead;
133 struct cipher_test_suite cipher;
134 struct comp_test_suite comp;
135 struct hash_test_suite hash;
136 struct cprng_test_suite cprng;
137 struct drbg_test_suite drbg;
138 struct akcipher_test_suite akcipher;
139 struct kpp_test_suite kpp;
143 static const unsigned int IDX[8] = {
144 IDX1, IDX2, IDX3, IDX4, IDX5, IDX6, IDX7, IDX8 };
146 static void hexdump(unsigned char *buf, unsigned int len)
148 print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
153 static int testmgr_alloc_buf(char *buf[XBUFSIZE])
157 for (i = 0; i < XBUFSIZE; i++) {
158 buf[i] = (void *)__get_free_page(GFP_KERNEL);
167 free_page((unsigned long)buf[i]);
172 static void testmgr_free_buf(char *buf[XBUFSIZE])
176 for (i = 0; i < XBUFSIZE; i++)
177 free_page((unsigned long)buf[i]);
180 static int ahash_guard_result(char *result, char c, int size)
184 for (i = 0; i < size; i++) {
192 static int ahash_partial_update(struct ahash_request **preq,
193 struct crypto_ahash *tfm, const struct hash_testvec *template,
194 void *hash_buff, int k, int temp, struct scatterlist *sg,
195 const char *algo, char *result, struct crypto_wait *wait)
198 struct ahash_request *req;
199 int statesize, ret = -EINVAL;
200 static const unsigned char guard[] = { 0x00, 0xba, 0xad, 0x00 };
201 int digestsize = crypto_ahash_digestsize(tfm);
204 statesize = crypto_ahash_statesize(
205 crypto_ahash_reqtfm(req));
206 state = kmalloc(statesize + sizeof(guard), GFP_KERNEL);
208 pr_err("alg: hash: Failed to alloc state for %s\n", algo);
211 memcpy(state + statesize, guard, sizeof(guard));
212 memset(result, 1, digestsize);
213 ret = crypto_ahash_export(req, state);
214 WARN_ON(memcmp(state + statesize, guard, sizeof(guard)));
216 pr_err("alg: hash: Failed to export() for %s\n", algo);
219 ret = ahash_guard_result(result, 1, digestsize);
221 pr_err("alg: hash: Failed, export used req->result for %s\n",
225 ahash_request_free(req);
226 req = ahash_request_alloc(tfm, GFP_KERNEL);
228 pr_err("alg: hash: Failed to alloc request for %s\n", algo);
231 ahash_request_set_callback(req,
232 CRYPTO_TFM_REQ_MAY_BACKLOG,
233 crypto_req_done, wait);
235 memcpy(hash_buff, template->plaintext + temp,
237 sg_init_one(&sg[0], hash_buff, template->tap[k]);
238 ahash_request_set_crypt(req, sg, result, template->tap[k]);
239 ret = crypto_ahash_import(req, state);
241 pr_err("alg: hash: Failed to import() for %s\n", algo);
244 ret = ahash_guard_result(result, 1, digestsize);
246 pr_err("alg: hash: Failed, import used req->result for %s\n",
250 ret = crypto_wait_req(crypto_ahash_update(req), wait);
257 ahash_request_free(req);
264 static int __test_hash(struct crypto_ahash *tfm,
265 const struct hash_testvec *template, unsigned int tcount,
266 bool use_digest, const int align_offset)
268 const char *algo = crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
269 size_t digest_size = crypto_ahash_digestsize(tfm);
270 unsigned int i, j, k, temp;
271 struct scatterlist sg[8];
274 struct ahash_request *req;
275 struct crypto_wait wait;
277 char *xbuf[XBUFSIZE];
280 result = kmalloc(digest_size, GFP_KERNEL);
283 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
286 if (testmgr_alloc_buf(xbuf))
289 crypto_init_wait(&wait);
291 req = ahash_request_alloc(tfm, GFP_KERNEL);
293 printk(KERN_ERR "alg: hash: Failed to allocate request for "
297 ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
298 crypto_req_done, &wait);
301 for (i = 0; i < tcount; i++) {
306 if (WARN_ON(align_offset + template[i].psize > PAGE_SIZE))
310 memset(result, 0, digest_size);
313 hash_buff += align_offset;
315 memcpy(hash_buff, template[i].plaintext, template[i].psize);
316 sg_init_one(&sg[0], hash_buff, template[i].psize);
318 if (template[i].ksize) {
319 crypto_ahash_clear_flags(tfm, ~0);
320 if (template[i].ksize > MAX_KEYLEN) {
321 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
322 j, algo, template[i].ksize, MAX_KEYLEN);
326 memcpy(key, template[i].key, template[i].ksize);
327 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
329 printk(KERN_ERR "alg: hash: setkey failed on "
330 "test %d for %s: ret=%d\n", j, algo,
336 ahash_request_set_crypt(req, sg, result, template[i].psize);
338 ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
340 pr_err("alg: hash: digest failed on test %d "
341 "for %s: ret=%d\n", j, algo, -ret);
345 memset(result, 1, digest_size);
346 ret = crypto_wait_req(crypto_ahash_init(req), &wait);
348 pr_err("alg: hash: init failed on test %d "
349 "for %s: ret=%d\n", j, algo, -ret);
352 ret = ahash_guard_result(result, 1, digest_size);
354 pr_err("alg: hash: init failed on test %d "
355 "for %s: used req->result\n", j, algo);
358 ret = crypto_wait_req(crypto_ahash_update(req), &wait);
360 pr_err("alg: hash: update failed on test %d "
361 "for %s: ret=%d\n", j, algo, -ret);
364 ret = ahash_guard_result(result, 1, digest_size);
366 pr_err("alg: hash: update failed on test %d "
367 "for %s: used req->result\n", j, algo);
370 ret = crypto_wait_req(crypto_ahash_final(req), &wait);
372 pr_err("alg: hash: final failed on test %d "
373 "for %s: ret=%d\n", j, algo, -ret);
378 if (memcmp(result, template[i].digest,
379 crypto_ahash_digestsize(tfm))) {
380 printk(KERN_ERR "alg: hash: Test %d failed for %s\n",
382 hexdump(result, crypto_ahash_digestsize(tfm));
389 for (i = 0; i < tcount; i++) {
390 /* alignment tests are only done with continuous buffers */
391 if (align_offset != 0)
398 memset(result, 0, digest_size);
401 sg_init_table(sg, template[i].np);
403 for (k = 0; k < template[i].np; k++) {
404 if (WARN_ON(offset_in_page(IDX[k]) +
405 template[i].tap[k] > PAGE_SIZE))
408 memcpy(xbuf[IDX[k] >> PAGE_SHIFT] +
409 offset_in_page(IDX[k]),
410 template[i].plaintext + temp,
413 temp += template[i].tap[k];
416 if (template[i].ksize) {
417 if (template[i].ksize > MAX_KEYLEN) {
418 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
419 j, algo, template[i].ksize, MAX_KEYLEN);
423 crypto_ahash_clear_flags(tfm, ~0);
424 memcpy(key, template[i].key, template[i].ksize);
425 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
428 printk(KERN_ERR "alg: hash: setkey "
429 "failed on chunking test %d "
430 "for %s: ret=%d\n", j, algo, -ret);
435 ahash_request_set_crypt(req, sg, result, template[i].psize);
436 ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
438 pr_err("alg: hash: digest failed on chunking test %d for %s: ret=%d\n",
443 if (memcmp(result, template[i].digest,
444 crypto_ahash_digestsize(tfm))) {
445 printk(KERN_ERR "alg: hash: Chunking test %d "
446 "failed for %s\n", j, algo);
447 hexdump(result, crypto_ahash_digestsize(tfm));
453 /* partial update exercise */
455 for (i = 0; i < tcount; i++) {
456 /* alignment tests are only done with continuous buffers */
457 if (align_offset != 0)
460 if (template[i].np < 2)
464 memset(result, 0, digest_size);
468 memcpy(hash_buff, template[i].plaintext,
470 sg_init_one(&sg[0], hash_buff, template[i].tap[0]);
472 if (template[i].ksize) {
473 crypto_ahash_clear_flags(tfm, ~0);
474 if (template[i].ksize > MAX_KEYLEN) {
475 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
476 j, algo, template[i].ksize, MAX_KEYLEN);
480 memcpy(key, template[i].key, template[i].ksize);
481 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
483 pr_err("alg: hash: setkey failed on test %d for %s: ret=%d\n",
489 ahash_request_set_crypt(req, sg, result, template[i].tap[0]);
490 ret = crypto_wait_req(crypto_ahash_init(req), &wait);
492 pr_err("alg: hash: init failed on test %d for %s: ret=%d\n",
496 ret = crypto_wait_req(crypto_ahash_update(req), &wait);
498 pr_err("alg: hash: update failed on test %d for %s: ret=%d\n",
503 temp = template[i].tap[0];
504 for (k = 1; k < template[i].np; k++) {
505 ret = ahash_partial_update(&req, tfm, &template[i],
506 hash_buff, k, temp, &sg[0], algo, result,
509 pr_err("alg: hash: partial update failed on test %d for %s: ret=%d\n",
513 temp += template[i].tap[k];
515 ret = crypto_wait_req(crypto_ahash_final(req), &wait);
517 pr_err("alg: hash: final failed on test %d for %s: ret=%d\n",
521 if (memcmp(result, template[i].digest,
522 crypto_ahash_digestsize(tfm))) {
523 pr_err("alg: hash: Partial Test %d failed for %s\n",
525 hexdump(result, crypto_ahash_digestsize(tfm));
534 ahash_request_free(req);
536 testmgr_free_buf(xbuf);
543 static int test_hash(struct crypto_ahash *tfm,
544 const struct hash_testvec *template,
545 unsigned int tcount, bool use_digest)
547 unsigned int alignmask;
550 ret = __test_hash(tfm, template, tcount, use_digest, 0);
554 /* test unaligned buffers, check with one byte offset */
555 ret = __test_hash(tfm, template, tcount, use_digest, 1);
559 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
561 /* Check if alignment mask for tfm is correctly set. */
562 ret = __test_hash(tfm, template, tcount, use_digest,
571 static int __test_aead(struct crypto_aead *tfm, int enc,
572 const struct aead_testvec *template, unsigned int tcount,
573 const bool diff_dst, const int align_offset)
575 const char *algo = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
576 unsigned int i, j, k, n, temp;
580 struct aead_request *req;
581 struct scatterlist *sg;
582 struct scatterlist *sgout;
584 struct crypto_wait wait;
585 unsigned int authsize, iv_len;
590 char *xbuf[XBUFSIZE];
591 char *xoutbuf[XBUFSIZE];
592 char *axbuf[XBUFSIZE];
594 iv = kzalloc(MAX_IVLEN, GFP_KERNEL);
597 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
600 if (testmgr_alloc_buf(xbuf))
602 if (testmgr_alloc_buf(axbuf))
604 if (diff_dst && testmgr_alloc_buf(xoutbuf))
607 /* avoid "the frame size is larger than 1024 bytes" compiler warning */
608 sg = kmalloc(sizeof(*sg) * 8 * (diff_dst ? 4 : 2), GFP_KERNEL);
623 crypto_init_wait(&wait);
625 req = aead_request_alloc(tfm, GFP_KERNEL);
627 pr_err("alg: aead%s: Failed to allocate request for %s\n",
632 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
633 crypto_req_done, &wait);
635 iv_len = crypto_aead_ivsize(tfm);
637 for (i = 0, j = 0; i < tcount; i++) {
643 /* some templates have no input data but they will
647 input += align_offset;
651 if (WARN_ON(align_offset + template[i].ilen >
652 PAGE_SIZE || template[i].alen > PAGE_SIZE))
655 memcpy(input, template[i].input, template[i].ilen);
656 memcpy(assoc, template[i].assoc, template[i].alen);
658 memcpy(iv, template[i].iv, iv_len);
660 memset(iv, 0, iv_len);
662 crypto_aead_clear_flags(tfm, ~0);
664 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
666 if (template[i].klen > MAX_KEYLEN) {
667 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
668 d, j, algo, template[i].klen,
673 memcpy(key, template[i].key, template[i].klen);
675 ret = crypto_aead_setkey(tfm, key, template[i].klen);
676 if (template[i].fail == !ret) {
677 pr_err("alg: aead%s: setkey failed on test %d for %s: flags=%x\n",
678 d, j, algo, crypto_aead_get_flags(tfm));
683 authsize = abs(template[i].rlen - template[i].ilen);
684 ret = crypto_aead_setauthsize(tfm, authsize);
686 pr_err("alg: aead%s: Failed to set authsize to %u on test %d for %s\n",
687 d, authsize, j, algo);
691 k = !!template[i].alen;
692 sg_init_table(sg, k + 1);
693 sg_set_buf(&sg[0], assoc, template[i].alen);
694 sg_set_buf(&sg[k], input,
695 template[i].ilen + (enc ? authsize : 0));
699 sg_init_table(sgout, k + 1);
700 sg_set_buf(&sgout[0], assoc, template[i].alen);
703 output += align_offset;
704 sg_set_buf(&sgout[k], output,
705 template[i].rlen + (enc ? 0 : authsize));
708 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
709 template[i].ilen, iv);
711 aead_request_set_ad(req, template[i].alen);
713 ret = crypto_wait_req(enc ? crypto_aead_encrypt(req)
714 : crypto_aead_decrypt(req), &wait);
718 if (template[i].novrfy) {
719 /* verification was supposed to fail */
720 pr_err("alg: aead%s: %s failed on test %d for %s: ret was 0, expected -EBADMSG\n",
722 /* so really, we got a bad message */
728 if (template[i].novrfy)
729 /* verification failure was expected */
733 pr_err("alg: aead%s: %s failed on test %d for %s: ret=%d\n",
734 d, e, j, algo, -ret);
739 if (memcmp(q, template[i].result, template[i].rlen)) {
740 pr_err("alg: aead%s: Test %d failed on %s for %s\n",
742 hexdump(q, template[i].rlen);
748 for (i = 0, j = 0; i < tcount; i++) {
749 /* alignment tests are only done with continuous buffers */
750 if (align_offset != 0)
759 memcpy(iv, template[i].iv, iv_len);
761 memset(iv, 0, MAX_IVLEN);
763 crypto_aead_clear_flags(tfm, ~0);
765 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
766 if (template[i].klen > MAX_KEYLEN) {
767 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
768 d, j, algo, template[i].klen, MAX_KEYLEN);
772 memcpy(key, template[i].key, template[i].klen);
774 ret = crypto_aead_setkey(tfm, key, template[i].klen);
775 if (template[i].fail == !ret) {
776 pr_err("alg: aead%s: setkey failed on chunk test %d for %s: flags=%x\n",
777 d, j, algo, crypto_aead_get_flags(tfm));
782 authsize = abs(template[i].rlen - template[i].ilen);
785 sg_init_table(sg, template[i].anp + template[i].np);
787 sg_init_table(sgout, template[i].anp + template[i].np);
790 for (k = 0, temp = 0; k < template[i].anp; k++) {
791 if (WARN_ON(offset_in_page(IDX[k]) +
792 template[i].atap[k] > PAGE_SIZE))
795 memcpy(axbuf[IDX[k] >> PAGE_SHIFT] +
796 offset_in_page(IDX[k]),
797 template[i].assoc + temp,
798 template[i].atap[k]),
799 template[i].atap[k]);
801 sg_set_buf(&sgout[k],
802 axbuf[IDX[k] >> PAGE_SHIFT] +
803 offset_in_page(IDX[k]),
804 template[i].atap[k]);
805 temp += template[i].atap[k];
808 for (k = 0, temp = 0; k < template[i].np; k++) {
809 if (WARN_ON(offset_in_page(IDX[k]) +
810 template[i].tap[k] > PAGE_SIZE))
813 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
814 memcpy(q, template[i].input + temp, template[i].tap[k]);
815 sg_set_buf(&sg[template[i].anp + k],
816 q, template[i].tap[k]);
819 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
820 offset_in_page(IDX[k]);
822 memset(q, 0, template[i].tap[k]);
824 sg_set_buf(&sgout[template[i].anp + k],
825 q, template[i].tap[k]);
828 n = template[i].tap[k];
829 if (k == template[i].np - 1 && enc)
831 if (offset_in_page(q) + n < PAGE_SIZE)
834 temp += template[i].tap[k];
837 ret = crypto_aead_setauthsize(tfm, authsize);
839 pr_err("alg: aead%s: Failed to set authsize to %u on chunk test %d for %s\n",
840 d, authsize, j, algo);
845 if (WARN_ON(sg[template[i].anp + k - 1].offset +
846 sg[template[i].anp + k - 1].length +
847 authsize > PAGE_SIZE)) {
853 sgout[template[i].anp + k - 1].length +=
855 sg[template[i].anp + k - 1].length += authsize;
858 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
862 aead_request_set_ad(req, template[i].alen);
864 ret = crypto_wait_req(enc ? crypto_aead_encrypt(req)
865 : crypto_aead_decrypt(req), &wait);
869 if (template[i].novrfy) {
870 /* verification was supposed to fail */
871 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret was 0, expected -EBADMSG\n",
873 /* so really, we got a bad message */
879 if (template[i].novrfy)
880 /* verification failure was expected */
884 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret=%d\n",
885 d, e, j, algo, -ret);
890 for (k = 0, temp = 0; k < template[i].np; k++) {
892 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
893 offset_in_page(IDX[k]);
895 q = xbuf[IDX[k] >> PAGE_SHIFT] +
896 offset_in_page(IDX[k]);
898 n = template[i].tap[k];
899 if (k == template[i].np - 1)
900 n += enc ? authsize : -authsize;
902 if (memcmp(q, template[i].result + temp, n)) {
903 pr_err("alg: aead%s: Chunk test %d failed on %s at page %u for %s\n",
910 if (k == template[i].np - 1 && !enc) {
912 memcmp(q, template[i].input +
918 for (n = 0; offset_in_page(q + n) && q[n]; n++)
922 pr_err("alg: aead%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
923 d, j, e, k, algo, n);
928 temp += template[i].tap[k];
935 aead_request_free(req);
939 testmgr_free_buf(xoutbuf);
941 testmgr_free_buf(axbuf);
943 testmgr_free_buf(xbuf);
950 static int test_aead(struct crypto_aead *tfm, int enc,
951 const struct aead_testvec *template, unsigned int tcount)
953 unsigned int alignmask;
956 /* test 'dst == src' case */
957 ret = __test_aead(tfm, enc, template, tcount, false, 0);
961 /* test 'dst != src' case */
962 ret = __test_aead(tfm, enc, template, tcount, true, 0);
966 /* test unaligned buffers, check with one byte offset */
967 ret = __test_aead(tfm, enc, template, tcount, true, 1);
971 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
973 /* Check if alignment mask for tfm is correctly set. */
974 ret = __test_aead(tfm, enc, template, tcount, true,
983 static int test_cipher(struct crypto_cipher *tfm, int enc,
984 const struct cipher_testvec *template,
987 const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm));
988 unsigned int i, j, k;
992 char *xbuf[XBUFSIZE];
995 if (testmgr_alloc_buf(xbuf))
1004 for (i = 0; i < tcount; i++) {
1008 if (fips_enabled && template[i].fips_skip)
1014 if (WARN_ON(template[i].ilen > PAGE_SIZE))
1018 memcpy(data, template[i].input, template[i].ilen);
1020 crypto_cipher_clear_flags(tfm, ~0);
1022 crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
1024 ret = crypto_cipher_setkey(tfm, template[i].key,
1026 if (template[i].fail == !ret) {
1027 printk(KERN_ERR "alg: cipher: setkey failed "
1028 "on test %d for %s: flags=%x\n", j,
1029 algo, crypto_cipher_get_flags(tfm));
1034 for (k = 0; k < template[i].ilen;
1035 k += crypto_cipher_blocksize(tfm)) {
1037 crypto_cipher_encrypt_one(tfm, data + k,
1040 crypto_cipher_decrypt_one(tfm, data + k,
1045 if (memcmp(q, template[i].result, template[i].rlen)) {
1046 printk(KERN_ERR "alg: cipher: Test %d failed "
1047 "on %s for %s\n", j, e, algo);
1048 hexdump(q, template[i].rlen);
1057 testmgr_free_buf(xbuf);
1062 static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
1063 const struct cipher_testvec *template,
1064 unsigned int tcount,
1065 const bool diff_dst, const int align_offset)
1068 crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
1069 unsigned int i, j, k, n, temp;
1071 struct skcipher_request *req;
1072 struct scatterlist sg[8];
1073 struct scatterlist sgout[8];
1075 struct crypto_wait wait;
1078 char *xbuf[XBUFSIZE];
1079 char *xoutbuf[XBUFSIZE];
1081 unsigned int ivsize = crypto_skcipher_ivsize(tfm);
1083 if (testmgr_alloc_buf(xbuf))
1086 if (diff_dst && testmgr_alloc_buf(xoutbuf))
1099 crypto_init_wait(&wait);
1101 req = skcipher_request_alloc(tfm, GFP_KERNEL);
1103 pr_err("alg: skcipher%s: Failed to allocate request for %s\n",
1108 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1109 crypto_req_done, &wait);
1112 for (i = 0; i < tcount; i++) {
1113 if (template[i].np && !template[i].also_non_np)
1116 if (fips_enabled && template[i].fips_skip)
1120 memcpy(iv, template[i].iv, ivsize);
1122 memset(iv, 0, MAX_IVLEN);
1126 if (WARN_ON(align_offset + template[i].ilen > PAGE_SIZE))
1130 data += align_offset;
1131 memcpy(data, template[i].input, template[i].ilen);
1133 crypto_skcipher_clear_flags(tfm, ~0);
1135 crypto_skcipher_set_flags(tfm,
1136 CRYPTO_TFM_REQ_WEAK_KEY);
1138 ret = crypto_skcipher_setkey(tfm, template[i].key,
1140 if (template[i].fail == !ret) {
1141 pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n",
1142 d, j, algo, crypto_skcipher_get_flags(tfm));
1147 sg_init_one(&sg[0], data, template[i].ilen);
1150 data += align_offset;
1151 sg_init_one(&sgout[0], data, template[i].ilen);
1154 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1155 template[i].ilen, iv);
1156 ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
1157 crypto_skcipher_decrypt(req), &wait);
1160 pr_err("alg: skcipher%s: %s failed on test %d for %s: ret=%d\n",
1161 d, e, j, algo, -ret);
1166 if (memcmp(q, template[i].result, template[i].rlen)) {
1167 pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n",
1169 hexdump(q, template[i].rlen);
1174 if (template[i].iv_out &&
1175 memcmp(iv, template[i].iv_out,
1176 crypto_skcipher_ivsize(tfm))) {
1177 pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n",
1179 hexdump(iv, crypto_skcipher_ivsize(tfm));
1186 for (i = 0; i < tcount; i++) {
1187 /* alignment tests are only done with continuous buffers */
1188 if (align_offset != 0)
1191 if (!template[i].np)
1194 if (fips_enabled && template[i].fips_skip)
1198 memcpy(iv, template[i].iv, ivsize);
1200 memset(iv, 0, MAX_IVLEN);
1203 crypto_skcipher_clear_flags(tfm, ~0);
1205 crypto_skcipher_set_flags(tfm,
1206 CRYPTO_TFM_REQ_WEAK_KEY);
1208 ret = crypto_skcipher_setkey(tfm, template[i].key,
1210 if (template[i].fail == !ret) {
1211 pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n",
1212 d, j, algo, crypto_skcipher_get_flags(tfm));
1219 sg_init_table(sg, template[i].np);
1221 sg_init_table(sgout, template[i].np);
1222 for (k = 0; k < template[i].np; k++) {
1223 if (WARN_ON(offset_in_page(IDX[k]) +
1224 template[i].tap[k] > PAGE_SIZE))
1227 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
1229 memcpy(q, template[i].input + temp, template[i].tap[k]);
1231 if (offset_in_page(q) + template[i].tap[k] < PAGE_SIZE)
1232 q[template[i].tap[k]] = 0;
1234 sg_set_buf(&sg[k], q, template[i].tap[k]);
1236 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1237 offset_in_page(IDX[k]);
1239 sg_set_buf(&sgout[k], q, template[i].tap[k]);
1241 memset(q, 0, template[i].tap[k]);
1242 if (offset_in_page(q) +
1243 template[i].tap[k] < PAGE_SIZE)
1244 q[template[i].tap[k]] = 0;
1247 temp += template[i].tap[k];
1250 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1251 template[i].ilen, iv);
1253 ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
1254 crypto_skcipher_decrypt(req), &wait);
1257 pr_err("alg: skcipher%s: %s failed on chunk test %d for %s: ret=%d\n",
1258 d, e, j, algo, -ret);
1264 for (k = 0; k < template[i].np; k++) {
1266 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1267 offset_in_page(IDX[k]);
1269 q = xbuf[IDX[k] >> PAGE_SHIFT] +
1270 offset_in_page(IDX[k]);
1272 if (memcmp(q, template[i].result + temp,
1273 template[i].tap[k])) {
1274 pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n",
1276 hexdump(q, template[i].tap[k]);
1280 q += template[i].tap[k];
1281 for (n = 0; offset_in_page(q + n) && q[n]; n++)
1284 pr_err("alg: skcipher%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
1285 d, j, e, k, algo, n);
1289 temp += template[i].tap[k];
1296 skcipher_request_free(req);
1298 testmgr_free_buf(xoutbuf);
1300 testmgr_free_buf(xbuf);
1305 static int test_skcipher(struct crypto_skcipher *tfm, int enc,
1306 const struct cipher_testvec *template,
1307 unsigned int tcount)
1309 unsigned int alignmask;
1312 /* test 'dst == src' case */
1313 ret = __test_skcipher(tfm, enc, template, tcount, false, 0);
1317 /* test 'dst != src' case */
1318 ret = __test_skcipher(tfm, enc, template, tcount, true, 0);
1322 /* test unaligned buffers, check with one byte offset */
1323 ret = __test_skcipher(tfm, enc, template, tcount, true, 1);
1327 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
1329 /* Check if alignment mask for tfm is correctly set. */
1330 ret = __test_skcipher(tfm, enc, template, tcount, true,
1339 static int test_comp(struct crypto_comp *tfm,
1340 const struct comp_testvec *ctemplate,
1341 const struct comp_testvec *dtemplate,
1342 int ctcount, int dtcount)
1344 const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm));
1345 char *output, *decomp_output;
1349 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1353 decomp_output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1354 if (!decomp_output) {
1359 for (i = 0; i < ctcount; i++) {
1361 unsigned int dlen = COMP_BUF_SIZE;
1363 memset(output, 0, sizeof(COMP_BUF_SIZE));
1364 memset(decomp_output, 0, sizeof(COMP_BUF_SIZE));
1366 ilen = ctemplate[i].inlen;
1367 ret = crypto_comp_compress(tfm, ctemplate[i].input,
1368 ilen, output, &dlen);
1370 printk(KERN_ERR "alg: comp: compression failed "
1371 "on test %d for %s: ret=%d\n", i + 1, algo,
1377 dlen = COMP_BUF_SIZE;
1378 ret = crypto_comp_decompress(tfm, output,
1379 ilen, decomp_output, &dlen);
1381 pr_err("alg: comp: compression failed: decompress: on test %d for %s failed: ret=%d\n",
1386 if (dlen != ctemplate[i].inlen) {
1387 printk(KERN_ERR "alg: comp: Compression test %d "
1388 "failed for %s: output len = %d\n", i + 1, algo,
1394 if (memcmp(decomp_output, ctemplate[i].input,
1395 ctemplate[i].inlen)) {
1396 pr_err("alg: comp: compression failed: output differs: on test %d for %s\n",
1398 hexdump(decomp_output, dlen);
1404 for (i = 0; i < dtcount; i++) {
1406 unsigned int dlen = COMP_BUF_SIZE;
1408 memset(decomp_output, 0, sizeof(COMP_BUF_SIZE));
1410 ilen = dtemplate[i].inlen;
1411 ret = crypto_comp_decompress(tfm, dtemplate[i].input,
1412 ilen, decomp_output, &dlen);
1414 printk(KERN_ERR "alg: comp: decompression failed "
1415 "on test %d for %s: ret=%d\n", i + 1, algo,
1420 if (dlen != dtemplate[i].outlen) {
1421 printk(KERN_ERR "alg: comp: Decompression test %d "
1422 "failed for %s: output len = %d\n", i + 1, algo,
1428 if (memcmp(decomp_output, dtemplate[i].output, dlen)) {
1429 printk(KERN_ERR "alg: comp: Decompression test %d "
1430 "failed for %s\n", i + 1, algo);
1431 hexdump(decomp_output, dlen);
1440 kfree(decomp_output);
1445 static int test_acomp(struct crypto_acomp *tfm,
1446 const struct comp_testvec *ctemplate,
1447 const struct comp_testvec *dtemplate,
1448 int ctcount, int dtcount)
1450 const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm));
1452 char *output, *decomp_out;
1454 struct scatterlist src, dst;
1455 struct acomp_req *req;
1456 struct crypto_wait wait;
1458 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1462 decomp_out = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1468 for (i = 0; i < ctcount; i++) {
1469 unsigned int dlen = COMP_BUF_SIZE;
1470 int ilen = ctemplate[i].inlen;
1473 input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL);
1479 memset(output, 0, dlen);
1480 crypto_init_wait(&wait);
1481 sg_init_one(&src, input_vec, ilen);
1482 sg_init_one(&dst, output, dlen);
1484 req = acomp_request_alloc(tfm);
1486 pr_err("alg: acomp: request alloc failed for %s\n",
1493 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1494 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1495 crypto_req_done, &wait);
1497 ret = crypto_wait_req(crypto_acomp_compress(req), &wait);
1499 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1502 acomp_request_free(req);
1507 dlen = COMP_BUF_SIZE;
1508 sg_init_one(&src, output, ilen);
1509 sg_init_one(&dst, decomp_out, dlen);
1510 crypto_init_wait(&wait);
1511 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1513 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait);
1515 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1518 acomp_request_free(req);
1522 if (req->dlen != ctemplate[i].inlen) {
1523 pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n",
1524 i + 1, algo, req->dlen);
1527 acomp_request_free(req);
1531 if (memcmp(input_vec, decomp_out, req->dlen)) {
1532 pr_err("alg: acomp: Compression test %d failed for %s\n",
1534 hexdump(output, req->dlen);
1537 acomp_request_free(req);
1542 acomp_request_free(req);
1545 for (i = 0; i < dtcount; i++) {
1546 unsigned int dlen = COMP_BUF_SIZE;
1547 int ilen = dtemplate[i].inlen;
1550 input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL);
1556 memset(output, 0, dlen);
1557 crypto_init_wait(&wait);
1558 sg_init_one(&src, input_vec, ilen);
1559 sg_init_one(&dst, output, dlen);
1561 req = acomp_request_alloc(tfm);
1563 pr_err("alg: acomp: request alloc failed for %s\n",
1570 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1571 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1572 crypto_req_done, &wait);
1574 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait);
1576 pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n",
1579 acomp_request_free(req);
1583 if (req->dlen != dtemplate[i].outlen) {
1584 pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n",
1585 i + 1, algo, req->dlen);
1588 acomp_request_free(req);
1592 if (memcmp(output, dtemplate[i].output, req->dlen)) {
1593 pr_err("alg: acomp: Decompression test %d failed for %s\n",
1595 hexdump(output, req->dlen);
1598 acomp_request_free(req);
1603 acomp_request_free(req);
1614 static int test_cprng(struct crypto_rng *tfm,
1615 const struct cprng_testvec *template,
1616 unsigned int tcount)
1618 const char *algo = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm));
1619 int err = 0, i, j, seedsize;
1623 seedsize = crypto_rng_seedsize(tfm);
1625 seed = kmalloc(seedsize, GFP_KERNEL);
1627 printk(KERN_ERR "alg: cprng: Failed to allocate seed space "
1632 for (i = 0; i < tcount; i++) {
1633 memset(result, 0, 32);
1635 memcpy(seed, template[i].v, template[i].vlen);
1636 memcpy(seed + template[i].vlen, template[i].key,
1638 memcpy(seed + template[i].vlen + template[i].klen,
1639 template[i].dt, template[i].dtlen);
1641 err = crypto_rng_reset(tfm, seed, seedsize);
1643 printk(KERN_ERR "alg: cprng: Failed to reset rng "
1648 for (j = 0; j < template[i].loops; j++) {
1649 err = crypto_rng_get_bytes(tfm, result,
1652 printk(KERN_ERR "alg: cprng: Failed to obtain "
1653 "the correct amount of random data for "
1654 "%s (requested %d)\n", algo,
1660 err = memcmp(result, template[i].result,
1663 printk(KERN_ERR "alg: cprng: Test %d failed for %s\n",
1665 hexdump(result, template[i].rlen);
1676 static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
1679 struct crypto_aead *tfm;
1682 tfm = crypto_alloc_aead(driver, type, mask);
1684 printk(KERN_ERR "alg: aead: Failed to load transform for %s: "
1685 "%ld\n", driver, PTR_ERR(tfm));
1686 return PTR_ERR(tfm);
1689 if (desc->suite.aead.enc.vecs) {
1690 err = test_aead(tfm, ENCRYPT, desc->suite.aead.enc.vecs,
1691 desc->suite.aead.enc.count);
1696 if (!err && desc->suite.aead.dec.vecs)
1697 err = test_aead(tfm, DECRYPT, desc->suite.aead.dec.vecs,
1698 desc->suite.aead.dec.count);
1701 crypto_free_aead(tfm);
1705 static int alg_test_cipher(const struct alg_test_desc *desc,
1706 const char *driver, u32 type, u32 mask)
1708 struct crypto_cipher *tfm;
1711 tfm = crypto_alloc_cipher(driver, type, mask);
1713 printk(KERN_ERR "alg: cipher: Failed to load transform for "
1714 "%s: %ld\n", driver, PTR_ERR(tfm));
1715 return PTR_ERR(tfm);
1718 if (desc->suite.cipher.enc.vecs) {
1719 err = test_cipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs,
1720 desc->suite.cipher.enc.count);
1725 if (desc->suite.cipher.dec.vecs)
1726 err = test_cipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs,
1727 desc->suite.cipher.dec.count);
1730 crypto_free_cipher(tfm);
1734 static int alg_test_skcipher(const struct alg_test_desc *desc,
1735 const char *driver, u32 type, u32 mask)
1737 struct crypto_skcipher *tfm;
1740 tfm = crypto_alloc_skcipher(driver, type, mask);
1742 printk(KERN_ERR "alg: skcipher: Failed to load transform for "
1743 "%s: %ld\n", driver, PTR_ERR(tfm));
1744 return PTR_ERR(tfm);
1747 if (desc->suite.cipher.enc.vecs) {
1748 err = test_skcipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs,
1749 desc->suite.cipher.enc.count);
1754 if (desc->suite.cipher.dec.vecs)
1755 err = test_skcipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs,
1756 desc->suite.cipher.dec.count);
1759 crypto_free_skcipher(tfm);
1763 static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
1766 struct crypto_comp *comp;
1767 struct crypto_acomp *acomp;
1769 u32 algo_type = type & CRYPTO_ALG_TYPE_ACOMPRESS_MASK;
1771 if (algo_type == CRYPTO_ALG_TYPE_ACOMPRESS) {
1772 acomp = crypto_alloc_acomp(driver, type, mask);
1773 if (IS_ERR(acomp)) {
1774 pr_err("alg: acomp: Failed to load transform for %s: %ld\n",
1775 driver, PTR_ERR(acomp));
1776 return PTR_ERR(acomp);
1778 err = test_acomp(acomp, desc->suite.comp.comp.vecs,
1779 desc->suite.comp.decomp.vecs,
1780 desc->suite.comp.comp.count,
1781 desc->suite.comp.decomp.count);
1782 crypto_free_acomp(acomp);
1784 comp = crypto_alloc_comp(driver, type, mask);
1786 pr_err("alg: comp: Failed to load transform for %s: %ld\n",
1787 driver, PTR_ERR(comp));
1788 return PTR_ERR(comp);
1791 err = test_comp(comp, desc->suite.comp.comp.vecs,
1792 desc->suite.comp.decomp.vecs,
1793 desc->suite.comp.comp.count,
1794 desc->suite.comp.decomp.count);
1796 crypto_free_comp(comp);
1801 static int __alg_test_hash(const struct hash_testvec *template,
1802 unsigned int tcount, const char *driver,
1805 struct crypto_ahash *tfm;
1808 tfm = crypto_alloc_ahash(driver, type, mask);
1810 printk(KERN_ERR "alg: hash: Failed to load transform for %s: "
1811 "%ld\n", driver, PTR_ERR(tfm));
1812 return PTR_ERR(tfm);
1815 err = test_hash(tfm, template, tcount, true);
1817 err = test_hash(tfm, template, tcount, false);
1818 crypto_free_ahash(tfm);
1822 static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
1825 const struct hash_testvec *template = desc->suite.hash.vecs;
1826 unsigned int tcount = desc->suite.hash.count;
1827 unsigned int nr_unkeyed, nr_keyed;
1831 * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests
1832 * first, before setting a key on the tfm. To make this easier, we
1833 * require that the unkeyed test vectors (if any) are listed first.
1836 for (nr_unkeyed = 0; nr_unkeyed < tcount; nr_unkeyed++) {
1837 if (template[nr_unkeyed].ksize)
1840 for (nr_keyed = 0; nr_unkeyed + nr_keyed < tcount; nr_keyed++) {
1841 if (!template[nr_unkeyed + nr_keyed].ksize) {
1842 pr_err("alg: hash: test vectors for %s out of order, "
1843 "unkeyed ones must come first\n", desc->alg);
1850 err = __alg_test_hash(template, nr_unkeyed, driver, type, mask);
1851 template += nr_unkeyed;
1854 if (!err && nr_keyed)
1855 err = __alg_test_hash(template, nr_keyed, driver, type, mask);
1860 static int alg_test_crc32c(const struct alg_test_desc *desc,
1861 const char *driver, u32 type, u32 mask)
1863 struct crypto_shash *tfm;
1867 err = alg_test_hash(desc, driver, type, mask);
1871 tfm = crypto_alloc_shash(driver, type, mask);
1873 printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: "
1874 "%ld\n", driver, PTR_ERR(tfm));
1880 SHASH_DESC_ON_STACK(shash, tfm);
1881 u32 *ctx = (u32 *)shash_desc_ctx(shash);
1886 *ctx = le32_to_cpu(420553207);
1887 err = crypto_shash_final(shash, (u8 *)&val);
1889 printk(KERN_ERR "alg: crc32c: Operation failed for "
1890 "%s: %d\n", driver, err);
1894 if (val != ~420553207) {
1895 printk(KERN_ERR "alg: crc32c: Test failed for %s: "
1896 "%d\n", driver, val);
1901 crypto_free_shash(tfm);
1907 static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver,
1910 struct crypto_rng *rng;
1913 rng = crypto_alloc_rng(driver, type, mask);
1915 printk(KERN_ERR "alg: cprng: Failed to load transform for %s: "
1916 "%ld\n", driver, PTR_ERR(rng));
1917 return PTR_ERR(rng);
1920 err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count);
1922 crypto_free_rng(rng);
1928 static int drbg_cavs_test(const struct drbg_testvec *test, int pr,
1929 const char *driver, u32 type, u32 mask)
1932 struct crypto_rng *drng;
1933 struct drbg_test_data test_data;
1934 struct drbg_string addtl, pers, testentropy;
1935 unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL);
1940 drng = crypto_alloc_rng(driver, type, mask);
1942 printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for "
1948 test_data.testentropy = &testentropy;
1949 drbg_string_fill(&testentropy, test->entropy, test->entropylen);
1950 drbg_string_fill(&pers, test->pers, test->perslen);
1951 ret = crypto_drbg_reset_test(drng, &pers, &test_data);
1953 printk(KERN_ERR "alg: drbg: Failed to reset rng\n");
1957 drbg_string_fill(&addtl, test->addtla, test->addtllen);
1959 drbg_string_fill(&testentropy, test->entpra, test->entprlen);
1960 ret = crypto_drbg_get_bytes_addtl_test(drng,
1961 buf, test->expectedlen, &addtl, &test_data);
1963 ret = crypto_drbg_get_bytes_addtl(drng,
1964 buf, test->expectedlen, &addtl);
1967 printk(KERN_ERR "alg: drbg: could not obtain random data for "
1968 "driver %s\n", driver);
1972 drbg_string_fill(&addtl, test->addtlb, test->addtllen);
1974 drbg_string_fill(&testentropy, test->entprb, test->entprlen);
1975 ret = crypto_drbg_get_bytes_addtl_test(drng,
1976 buf, test->expectedlen, &addtl, &test_data);
1978 ret = crypto_drbg_get_bytes_addtl(drng,
1979 buf, test->expectedlen, &addtl);
1982 printk(KERN_ERR "alg: drbg: could not obtain random data for "
1983 "driver %s\n", driver);
1987 ret = memcmp(test->expected, buf, test->expectedlen);
1990 crypto_free_rng(drng);
1996 static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver,
2002 const struct drbg_testvec *template = desc->suite.drbg.vecs;
2003 unsigned int tcount = desc->suite.drbg.count;
2005 if (0 == memcmp(driver, "drbg_pr_", 8))
2008 for (i = 0; i < tcount; i++) {
2009 err = drbg_cavs_test(&template[i], pr, driver, type, mask);
2011 printk(KERN_ERR "alg: drbg: Test %d failed for %s\n",
2021 static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,
2024 struct kpp_request *req;
2025 void *input_buf = NULL;
2026 void *output_buf = NULL;
2027 void *a_public = NULL;
2029 void *shared_secret = NULL;
2030 struct crypto_wait wait;
2031 unsigned int out_len_max;
2033 struct scatterlist src, dst;
2035 req = kpp_request_alloc(tfm, GFP_KERNEL);
2039 crypto_init_wait(&wait);
2041 err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size);
2045 out_len_max = crypto_kpp_maxsize(tfm);
2046 output_buf = kzalloc(out_len_max, GFP_KERNEL);
2052 /* Use appropriate parameter as base */
2053 kpp_request_set_input(req, NULL, 0);
2054 sg_init_one(&dst, output_buf, out_len_max);
2055 kpp_request_set_output(req, &dst, out_len_max);
2056 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2057 crypto_req_done, &wait);
2059 /* Compute party A's public key */
2060 err = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait);
2062 pr_err("alg: %s: Party A: generate public key test failed. err %d\n",
2068 /* Save party A's public key */
2069 a_public = kzalloc(out_len_max, GFP_KERNEL);
2074 memcpy(a_public, sg_virt(req->dst), out_len_max);
2076 /* Verify calculated public key */
2077 if (memcmp(vec->expected_a_public, sg_virt(req->dst),
2078 vec->expected_a_public_size)) {
2079 pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n",
2086 /* Calculate shared secret key by using counter part (b) public key. */
2087 input_buf = kzalloc(vec->b_public_size, GFP_KERNEL);
2093 memcpy(input_buf, vec->b_public, vec->b_public_size);
2094 sg_init_one(&src, input_buf, vec->b_public_size);
2095 sg_init_one(&dst, output_buf, out_len_max);
2096 kpp_request_set_input(req, &src, vec->b_public_size);
2097 kpp_request_set_output(req, &dst, out_len_max);
2098 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2099 crypto_req_done, &wait);
2100 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait);
2102 pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n",
2108 /* Save the shared secret obtained by party A */
2109 a_ss = kzalloc(vec->expected_ss_size, GFP_KERNEL);
2114 memcpy(a_ss, sg_virt(req->dst), vec->expected_ss_size);
2117 * Calculate party B's shared secret by using party A's
2120 err = crypto_kpp_set_secret(tfm, vec->b_secret,
2121 vec->b_secret_size);
2125 sg_init_one(&src, a_public, vec->expected_a_public_size);
2126 sg_init_one(&dst, output_buf, out_len_max);
2127 kpp_request_set_input(req, &src, vec->expected_a_public_size);
2128 kpp_request_set_output(req, &dst, out_len_max);
2129 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2130 crypto_req_done, &wait);
2131 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req),
2134 pr_err("alg: %s: Party B: compute shared secret failed. err %d\n",
2139 shared_secret = a_ss;
2141 shared_secret = (void *)vec->expected_ss;
2145 * verify shared secret from which the user will derive
2146 * secret key by executing whatever hash it has chosen
2148 if (memcmp(shared_secret, sg_virt(req->dst),
2149 vec->expected_ss_size)) {
2150 pr_err("alg: %s: compute shared secret test failed. Invalid output\n",
2162 kpp_request_free(req);
2166 static int test_kpp(struct crypto_kpp *tfm, const char *alg,
2167 const struct kpp_testvec *vecs, unsigned int tcount)
2171 for (i = 0; i < tcount; i++) {
2172 ret = do_test_kpp(tfm, vecs++, alg);
2174 pr_err("alg: %s: test failed on vector %d, err=%d\n",
2182 static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,
2185 struct crypto_kpp *tfm;
2188 tfm = crypto_alloc_kpp(driver, type, mask);
2190 pr_err("alg: kpp: Failed to load tfm for %s: %ld\n",
2191 driver, PTR_ERR(tfm));
2192 return PTR_ERR(tfm);
2194 if (desc->suite.kpp.vecs)
2195 err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs,
2196 desc->suite.kpp.count);
2198 crypto_free_kpp(tfm);
2202 static int test_akcipher_one(struct crypto_akcipher *tfm,
2203 const struct akcipher_testvec *vecs)
2205 char *xbuf[XBUFSIZE];
2206 struct akcipher_request *req;
2207 void *outbuf_enc = NULL;
2208 void *outbuf_dec = NULL;
2209 struct crypto_wait wait;
2210 unsigned int out_len_max, out_len = 0;
2212 struct scatterlist src, dst, src_tab[2];
2214 if (testmgr_alloc_buf(xbuf))
2217 req = akcipher_request_alloc(tfm, GFP_KERNEL);
2221 crypto_init_wait(&wait);
2223 if (vecs->public_key_vec)
2224 err = crypto_akcipher_set_pub_key(tfm, vecs->key,
2227 err = crypto_akcipher_set_priv_key(tfm, vecs->key,
2233 out_len_max = crypto_akcipher_maxsize(tfm);
2234 outbuf_enc = kzalloc(out_len_max, GFP_KERNEL);
2238 if (WARN_ON(vecs->m_size > PAGE_SIZE))
2241 memcpy(xbuf[0], vecs->m, vecs->m_size);
2243 sg_init_table(src_tab, 2);
2244 sg_set_buf(&src_tab[0], xbuf[0], 8);
2245 sg_set_buf(&src_tab[1], xbuf[0] + 8, vecs->m_size - 8);
2246 sg_init_one(&dst, outbuf_enc, out_len_max);
2247 akcipher_request_set_crypt(req, src_tab, &dst, vecs->m_size,
2249 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2250 crypto_req_done, &wait);
2252 err = crypto_wait_req(vecs->siggen_sigver_test ?
2253 /* Run asymmetric signature generation */
2254 crypto_akcipher_sign(req) :
2255 /* Run asymmetric encrypt */
2256 crypto_akcipher_encrypt(req), &wait);
2258 pr_err("alg: akcipher: encrypt test failed. err %d\n", err);
2261 if (req->dst_len != vecs->c_size) {
2262 pr_err("alg: akcipher: encrypt test failed. Invalid output len\n");
2266 /* verify that encrypted message is equal to expected */
2267 if (memcmp(vecs->c, outbuf_enc, vecs->c_size)) {
2268 pr_err("alg: akcipher: encrypt test failed. Invalid output\n");
2269 hexdump(outbuf_enc, vecs->c_size);
2273 /* Don't invoke decrypt for vectors with public key */
2274 if (vecs->public_key_vec) {
2278 outbuf_dec = kzalloc(out_len_max, GFP_KERNEL);
2284 if (WARN_ON(vecs->c_size > PAGE_SIZE))
2287 memcpy(xbuf[0], vecs->c, vecs->c_size);
2289 sg_init_one(&src, xbuf[0], vecs->c_size);
2290 sg_init_one(&dst, outbuf_dec, out_len_max);
2291 crypto_init_wait(&wait);
2292 akcipher_request_set_crypt(req, &src, &dst, vecs->c_size, out_len_max);
2294 err = crypto_wait_req(vecs->siggen_sigver_test ?
2295 /* Run asymmetric signature verification */
2296 crypto_akcipher_verify(req) :
2297 /* Run asymmetric decrypt */
2298 crypto_akcipher_decrypt(req), &wait);
2300 pr_err("alg: akcipher: decrypt test failed. err %d\n", err);
2303 out_len = req->dst_len;
2304 if (out_len < vecs->m_size) {
2305 pr_err("alg: akcipher: decrypt test failed. "
2306 "Invalid output len %u\n", out_len);
2310 /* verify that decrypted message is equal to the original msg */
2311 if (memchr_inv(outbuf_dec, 0, out_len - vecs->m_size) ||
2312 memcmp(vecs->m, outbuf_dec + out_len - vecs->m_size,
2314 pr_err("alg: akcipher: decrypt test failed. Invalid output\n");
2315 hexdump(outbuf_dec, out_len);
2322 akcipher_request_free(req);
2324 testmgr_free_buf(xbuf);
2328 static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,
2329 const struct akcipher_testvec *vecs,
2330 unsigned int tcount)
2333 crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm));
2336 for (i = 0; i < tcount; i++) {
2337 ret = test_akcipher_one(tfm, vecs++);
2341 pr_err("alg: akcipher: test %d failed for %s, err=%d\n",
2348 static int alg_test_akcipher(const struct alg_test_desc *desc,
2349 const char *driver, u32 type, u32 mask)
2351 struct crypto_akcipher *tfm;
2354 tfm = crypto_alloc_akcipher(driver, type, mask);
2356 pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n",
2357 driver, PTR_ERR(tfm));
2358 return PTR_ERR(tfm);
2360 if (desc->suite.akcipher.vecs)
2361 err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs,
2362 desc->suite.akcipher.count);
2364 crypto_free_akcipher(tfm);
2368 static int alg_test_null(const struct alg_test_desc *desc,
2369 const char *driver, u32 type, u32 mask)
2374 #define __VECS(tv) { .vecs = tv, .count = ARRAY_SIZE(tv) }
2376 /* Please keep this list sorted by algorithm name. */
2377 static const struct alg_test_desc alg_test_descs[] = {
2380 .test = alg_test_aead,
2383 .enc = __VECS(aegis128_enc_tv_template),
2384 .dec = __VECS(aegis128_dec_tv_template),
2389 .test = alg_test_aead,
2392 .enc = __VECS(aegis128l_enc_tv_template),
2393 .dec = __VECS(aegis128l_dec_tv_template),
2398 .test = alg_test_aead,
2401 .enc = __VECS(aegis256_enc_tv_template),
2402 .dec = __VECS(aegis256_dec_tv_template),
2406 .alg = "ansi_cprng",
2407 .test = alg_test_cprng,
2409 .cprng = __VECS(ansi_cprng_aes_tv_template)
2412 .alg = "authenc(hmac(md5),ecb(cipher_null))",
2413 .test = alg_test_aead,
2416 .enc = __VECS(hmac_md5_ecb_cipher_null_enc_tv_template),
2417 .dec = __VECS(hmac_md5_ecb_cipher_null_dec_tv_template)
2421 .alg = "authenc(hmac(sha1),cbc(aes))",
2422 .test = alg_test_aead,
2426 .enc = __VECS(hmac_sha1_aes_cbc_enc_tv_temp)
2430 .alg = "authenc(hmac(sha1),cbc(des))",
2431 .test = alg_test_aead,
2434 .enc = __VECS(hmac_sha1_des_cbc_enc_tv_temp)
2438 .alg = "authenc(hmac(sha1),cbc(des3_ede))",
2439 .test = alg_test_aead,
2443 .enc = __VECS(hmac_sha1_des3_ede_cbc_enc_tv_temp)
2447 .alg = "authenc(hmac(sha1),ctr(aes))",
2448 .test = alg_test_null,
2451 .alg = "authenc(hmac(sha1),ecb(cipher_null))",
2452 .test = alg_test_aead,
2455 .enc = __VECS(hmac_sha1_ecb_cipher_null_enc_tv_temp),
2456 .dec = __VECS(hmac_sha1_ecb_cipher_null_dec_tv_temp)
2460 .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
2461 .test = alg_test_null,
2464 .alg = "authenc(hmac(sha224),cbc(des))",
2465 .test = alg_test_aead,
2468 .enc = __VECS(hmac_sha224_des_cbc_enc_tv_temp)
2472 .alg = "authenc(hmac(sha224),cbc(des3_ede))",
2473 .test = alg_test_aead,
2477 .enc = __VECS(hmac_sha224_des3_ede_cbc_enc_tv_temp)
2481 .alg = "authenc(hmac(sha256),cbc(aes))",
2482 .test = alg_test_aead,
2486 .enc = __VECS(hmac_sha256_aes_cbc_enc_tv_temp)
2490 .alg = "authenc(hmac(sha256),cbc(des))",
2491 .test = alg_test_aead,
2494 .enc = __VECS(hmac_sha256_des_cbc_enc_tv_temp)
2498 .alg = "authenc(hmac(sha256),cbc(des3_ede))",
2499 .test = alg_test_aead,
2503 .enc = __VECS(hmac_sha256_des3_ede_cbc_enc_tv_temp)
2507 .alg = "authenc(hmac(sha256),ctr(aes))",
2508 .test = alg_test_null,
2511 .alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
2512 .test = alg_test_null,
2515 .alg = "authenc(hmac(sha384),cbc(des))",
2516 .test = alg_test_aead,
2519 .enc = __VECS(hmac_sha384_des_cbc_enc_tv_temp)
2523 .alg = "authenc(hmac(sha384),cbc(des3_ede))",
2524 .test = alg_test_aead,
2528 .enc = __VECS(hmac_sha384_des3_ede_cbc_enc_tv_temp)
2532 .alg = "authenc(hmac(sha384),ctr(aes))",
2533 .test = alg_test_null,
2536 .alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
2537 .test = alg_test_null,
2540 .alg = "authenc(hmac(sha512),cbc(aes))",
2542 .test = alg_test_aead,
2545 .enc = __VECS(hmac_sha512_aes_cbc_enc_tv_temp)
2549 .alg = "authenc(hmac(sha512),cbc(des))",
2550 .test = alg_test_aead,
2553 .enc = __VECS(hmac_sha512_des_cbc_enc_tv_temp)
2557 .alg = "authenc(hmac(sha512),cbc(des3_ede))",
2558 .test = alg_test_aead,
2562 .enc = __VECS(hmac_sha512_des3_ede_cbc_enc_tv_temp)
2566 .alg = "authenc(hmac(sha512),ctr(aes))",
2567 .test = alg_test_null,
2570 .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
2571 .test = alg_test_null,
2575 .test = alg_test_skcipher,
2579 .enc = __VECS(aes_cbc_enc_tv_template),
2580 .dec = __VECS(aes_cbc_dec_tv_template)
2584 .alg = "cbc(anubis)",
2585 .test = alg_test_skcipher,
2588 .enc = __VECS(anubis_cbc_enc_tv_template),
2589 .dec = __VECS(anubis_cbc_dec_tv_template)
2593 .alg = "cbc(blowfish)",
2594 .test = alg_test_skcipher,
2597 .enc = __VECS(bf_cbc_enc_tv_template),
2598 .dec = __VECS(bf_cbc_dec_tv_template)
2602 .alg = "cbc(camellia)",
2603 .test = alg_test_skcipher,
2606 .enc = __VECS(camellia_cbc_enc_tv_template),
2607 .dec = __VECS(camellia_cbc_dec_tv_template)
2611 .alg = "cbc(cast5)",
2612 .test = alg_test_skcipher,
2615 .enc = __VECS(cast5_cbc_enc_tv_template),
2616 .dec = __VECS(cast5_cbc_dec_tv_template)
2620 .alg = "cbc(cast6)",
2621 .test = alg_test_skcipher,
2624 .enc = __VECS(cast6_cbc_enc_tv_template),
2625 .dec = __VECS(cast6_cbc_dec_tv_template)
2630 .test = alg_test_skcipher,
2633 .enc = __VECS(des_cbc_enc_tv_template),
2634 .dec = __VECS(des_cbc_dec_tv_template)
2638 .alg = "cbc(des3_ede)",
2639 .test = alg_test_skcipher,
2643 .enc = __VECS(des3_ede_cbc_enc_tv_template),
2644 .dec = __VECS(des3_ede_cbc_dec_tv_template)
2648 /* Same as cbc(aes) except the key is stored in
2649 * hardware secure memory which we reference by index
2652 .test = alg_test_null,
2655 .alg = "cbc(serpent)",
2656 .test = alg_test_skcipher,
2659 .enc = __VECS(serpent_cbc_enc_tv_template),
2660 .dec = __VECS(serpent_cbc_dec_tv_template)
2664 .alg = "cbc(twofish)",
2665 .test = alg_test_skcipher,
2668 .enc = __VECS(tf_cbc_enc_tv_template),
2669 .dec = __VECS(tf_cbc_dec_tv_template)
2673 .alg = "cbcmac(aes)",
2675 .test = alg_test_hash,
2677 .hash = __VECS(aes_cbcmac_tv_template)
2681 .test = alg_test_aead,
2685 .enc = __VECS(aes_ccm_enc_tv_template),
2686 .dec = __VECS(aes_ccm_dec_tv_template)
2691 .test = alg_test_skcipher,
2694 .enc = __VECS(chacha20_enc_tv_template),
2695 .dec = __VECS(chacha20_enc_tv_template),
2701 .test = alg_test_hash,
2703 .hash = __VECS(aes_cmac128_tv_template)
2706 .alg = "cmac(des3_ede)",
2708 .test = alg_test_hash,
2710 .hash = __VECS(des3_ede_cmac64_tv_template)
2713 .alg = "compress_null",
2714 .test = alg_test_null,
2717 .test = alg_test_hash,
2719 .hash = __VECS(crc32_tv_template)
2723 .test = alg_test_crc32c,
2726 .hash = __VECS(crc32c_tv_template)
2730 .test = alg_test_hash,
2733 .hash = __VECS(crct10dif_tv_template)
2737 .test = alg_test_skcipher,
2741 .enc = __VECS(aes_ctr_enc_tv_template),
2742 .dec = __VECS(aes_ctr_dec_tv_template)
2746 .alg = "ctr(blowfish)",
2747 .test = alg_test_skcipher,
2750 .enc = __VECS(bf_ctr_enc_tv_template),
2751 .dec = __VECS(bf_ctr_dec_tv_template)
2755 .alg = "ctr(camellia)",
2756 .test = alg_test_skcipher,
2759 .enc = __VECS(camellia_ctr_enc_tv_template),
2760 .dec = __VECS(camellia_ctr_dec_tv_template)
2764 .alg = "ctr(cast5)",
2765 .test = alg_test_skcipher,
2768 .enc = __VECS(cast5_ctr_enc_tv_template),
2769 .dec = __VECS(cast5_ctr_dec_tv_template)
2773 .alg = "ctr(cast6)",
2774 .test = alg_test_skcipher,
2777 .enc = __VECS(cast6_ctr_enc_tv_template),
2778 .dec = __VECS(cast6_ctr_dec_tv_template)
2783 .test = alg_test_skcipher,
2786 .enc = __VECS(des_ctr_enc_tv_template),
2787 .dec = __VECS(des_ctr_dec_tv_template)
2791 .alg = "ctr(des3_ede)",
2792 .test = alg_test_skcipher,
2796 .enc = __VECS(des3_ede_ctr_enc_tv_template),
2797 .dec = __VECS(des3_ede_ctr_dec_tv_template)
2801 /* Same as ctr(aes) except the key is stored in
2802 * hardware secure memory which we reference by index
2805 .test = alg_test_null,
2808 .alg = "ctr(serpent)",
2809 .test = alg_test_skcipher,
2812 .enc = __VECS(serpent_ctr_enc_tv_template),
2813 .dec = __VECS(serpent_ctr_dec_tv_template)
2817 .alg = "ctr(twofish)",
2818 .test = alg_test_skcipher,
2821 .enc = __VECS(tf_ctr_enc_tv_template),
2822 .dec = __VECS(tf_ctr_dec_tv_template)
2826 .alg = "cts(cbc(aes))",
2827 .test = alg_test_skcipher,
2830 .enc = __VECS(cts_mode_enc_tv_template),
2831 .dec = __VECS(cts_mode_dec_tv_template)
2836 .test = alg_test_comp,
2840 .comp = __VECS(deflate_comp_tv_template),
2841 .decomp = __VECS(deflate_decomp_tv_template)
2846 .test = alg_test_kpp,
2849 .kpp = __VECS(dh_tv_template)
2852 .alg = "digest_null",
2853 .test = alg_test_null,
2855 .alg = "drbg_nopr_ctr_aes128",
2856 .test = alg_test_drbg,
2859 .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template)
2862 .alg = "drbg_nopr_ctr_aes192",
2863 .test = alg_test_drbg,
2866 .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template)
2869 .alg = "drbg_nopr_ctr_aes256",
2870 .test = alg_test_drbg,
2873 .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template)
2877 * There is no need to specifically test the DRBG with every
2878 * backend cipher -- covered by drbg_nopr_hmac_sha256 test
2880 .alg = "drbg_nopr_hmac_sha1",
2882 .test = alg_test_null,
2884 .alg = "drbg_nopr_hmac_sha256",
2885 .test = alg_test_drbg,
2888 .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template)
2891 /* covered by drbg_nopr_hmac_sha256 test */
2892 .alg = "drbg_nopr_hmac_sha384",
2894 .test = alg_test_null,
2896 .alg = "drbg_nopr_hmac_sha512",
2897 .test = alg_test_null,
2900 .alg = "drbg_nopr_sha1",
2902 .test = alg_test_null,
2904 .alg = "drbg_nopr_sha256",
2905 .test = alg_test_drbg,
2908 .drbg = __VECS(drbg_nopr_sha256_tv_template)
2911 /* covered by drbg_nopr_sha256 test */
2912 .alg = "drbg_nopr_sha384",
2914 .test = alg_test_null,
2916 .alg = "drbg_nopr_sha512",
2918 .test = alg_test_null,
2920 .alg = "drbg_pr_ctr_aes128",
2921 .test = alg_test_drbg,
2924 .drbg = __VECS(drbg_pr_ctr_aes128_tv_template)
2927 /* covered by drbg_pr_ctr_aes128 test */
2928 .alg = "drbg_pr_ctr_aes192",
2930 .test = alg_test_null,
2932 .alg = "drbg_pr_ctr_aes256",
2934 .test = alg_test_null,
2936 .alg = "drbg_pr_hmac_sha1",
2938 .test = alg_test_null,
2940 .alg = "drbg_pr_hmac_sha256",
2941 .test = alg_test_drbg,
2944 .drbg = __VECS(drbg_pr_hmac_sha256_tv_template)
2947 /* covered by drbg_pr_hmac_sha256 test */
2948 .alg = "drbg_pr_hmac_sha384",
2950 .test = alg_test_null,
2952 .alg = "drbg_pr_hmac_sha512",
2953 .test = alg_test_null,
2956 .alg = "drbg_pr_sha1",
2958 .test = alg_test_null,
2960 .alg = "drbg_pr_sha256",
2961 .test = alg_test_drbg,
2964 .drbg = __VECS(drbg_pr_sha256_tv_template)
2967 /* covered by drbg_pr_sha256 test */
2968 .alg = "drbg_pr_sha384",
2970 .test = alg_test_null,
2972 .alg = "drbg_pr_sha512",
2974 .test = alg_test_null,
2977 .test = alg_test_skcipher,
2981 .enc = __VECS(aes_enc_tv_template),
2982 .dec = __VECS(aes_dec_tv_template)
2986 .alg = "ecb(anubis)",
2987 .test = alg_test_skcipher,
2990 .enc = __VECS(anubis_enc_tv_template),
2991 .dec = __VECS(anubis_dec_tv_template)
2996 .test = alg_test_skcipher,
2999 .enc = __VECS(arc4_enc_tv_template),
3000 .dec = __VECS(arc4_dec_tv_template)
3004 .alg = "ecb(blowfish)",
3005 .test = alg_test_skcipher,
3008 .enc = __VECS(bf_enc_tv_template),
3009 .dec = __VECS(bf_dec_tv_template)
3013 .alg = "ecb(camellia)",
3014 .test = alg_test_skcipher,
3017 .enc = __VECS(camellia_enc_tv_template),
3018 .dec = __VECS(camellia_dec_tv_template)
3022 .alg = "ecb(cast5)",
3023 .test = alg_test_skcipher,
3026 .enc = __VECS(cast5_enc_tv_template),
3027 .dec = __VECS(cast5_dec_tv_template)
3031 .alg = "ecb(cast6)",
3032 .test = alg_test_skcipher,
3035 .enc = __VECS(cast6_enc_tv_template),
3036 .dec = __VECS(cast6_dec_tv_template)
3040 .alg = "ecb(cipher_null)",
3041 .test = alg_test_null,
3045 .test = alg_test_skcipher,
3048 .enc = __VECS(des_enc_tv_template),
3049 .dec = __VECS(des_dec_tv_template)
3053 .alg = "ecb(des3_ede)",
3054 .test = alg_test_skcipher,
3058 .enc = __VECS(des3_ede_enc_tv_template),
3059 .dec = __VECS(des3_ede_dec_tv_template)
3063 .alg = "ecb(fcrypt)",
3064 .test = alg_test_skcipher,
3068 .vecs = fcrypt_pcbc_enc_tv_template,
3072 .vecs = fcrypt_pcbc_dec_tv_template,
3078 .alg = "ecb(khazad)",
3079 .test = alg_test_skcipher,
3082 .enc = __VECS(khazad_enc_tv_template),
3083 .dec = __VECS(khazad_dec_tv_template)
3087 /* Same as ecb(aes) except the key is stored in
3088 * hardware secure memory which we reference by index
3091 .test = alg_test_null,
3095 .test = alg_test_skcipher,
3098 .enc = __VECS(seed_enc_tv_template),
3099 .dec = __VECS(seed_dec_tv_template)
3103 .alg = "ecb(serpent)",
3104 .test = alg_test_skcipher,
3107 .enc = __VECS(serpent_enc_tv_template),
3108 .dec = __VECS(serpent_dec_tv_template)
3113 .test = alg_test_skcipher,
3116 .enc = __VECS(sm4_enc_tv_template),
3117 .dec = __VECS(sm4_dec_tv_template)
3121 .alg = "ecb(speck128)",
3122 .test = alg_test_skcipher,
3125 .enc = __VECS(speck128_enc_tv_template),
3126 .dec = __VECS(speck128_dec_tv_template)
3130 .alg = "ecb(speck64)",
3131 .test = alg_test_skcipher,
3134 .enc = __VECS(speck64_enc_tv_template),
3135 .dec = __VECS(speck64_dec_tv_template)
3140 .test = alg_test_skcipher,
3143 .enc = __VECS(tea_enc_tv_template),
3144 .dec = __VECS(tea_dec_tv_template)
3148 .alg = "ecb(tnepres)",
3149 .test = alg_test_skcipher,
3152 .enc = __VECS(tnepres_enc_tv_template),
3153 .dec = __VECS(tnepres_dec_tv_template)
3157 .alg = "ecb(twofish)",
3158 .test = alg_test_skcipher,
3161 .enc = __VECS(tf_enc_tv_template),
3162 .dec = __VECS(tf_dec_tv_template)
3167 .test = alg_test_skcipher,
3170 .enc = __VECS(xeta_enc_tv_template),
3171 .dec = __VECS(xeta_dec_tv_template)
3176 .test = alg_test_skcipher,
3179 .enc = __VECS(xtea_enc_tv_template),
3180 .dec = __VECS(xtea_dec_tv_template)
3185 .test = alg_test_kpp,
3188 .kpp = __VECS(ecdh_tv_template)
3192 .test = alg_test_aead,
3196 .enc = __VECS(aes_gcm_enc_tv_template),
3197 .dec = __VECS(aes_gcm_dec_tv_template)
3202 .test = alg_test_hash,
3205 .hash = __VECS(ghash_tv_template)
3209 .test = alg_test_hash,
3211 .hash = __VECS(hmac_md5_tv_template)
3214 .alg = "hmac(rmd128)",
3215 .test = alg_test_hash,
3217 .hash = __VECS(hmac_rmd128_tv_template)
3220 .alg = "hmac(rmd160)",
3221 .test = alg_test_hash,
3223 .hash = __VECS(hmac_rmd160_tv_template)
3226 .alg = "hmac(sha1)",
3227 .test = alg_test_hash,
3230 .hash = __VECS(hmac_sha1_tv_template)
3233 .alg = "hmac(sha224)",
3234 .test = alg_test_hash,
3237 .hash = __VECS(hmac_sha224_tv_template)
3240 .alg = "hmac(sha256)",
3241 .test = alg_test_hash,
3244 .hash = __VECS(hmac_sha256_tv_template)
3247 .alg = "hmac(sha3-224)",
3248 .test = alg_test_hash,
3251 .hash = __VECS(hmac_sha3_224_tv_template)
3254 .alg = "hmac(sha3-256)",
3255 .test = alg_test_hash,
3258 .hash = __VECS(hmac_sha3_256_tv_template)
3261 .alg = "hmac(sha3-384)",
3262 .test = alg_test_hash,
3265 .hash = __VECS(hmac_sha3_384_tv_template)
3268 .alg = "hmac(sha3-512)",
3269 .test = alg_test_hash,
3272 .hash = __VECS(hmac_sha3_512_tv_template)
3275 .alg = "hmac(sha384)",
3276 .test = alg_test_hash,
3279 .hash = __VECS(hmac_sha384_tv_template)
3282 .alg = "hmac(sha512)",
3283 .test = alg_test_hash,
3286 .hash = __VECS(hmac_sha512_tv_template)
3289 .alg = "jitterentropy_rng",
3291 .test = alg_test_null,
3294 .test = alg_test_skcipher,
3298 .enc = __VECS(aes_kw_enc_tv_template),
3299 .dec = __VECS(aes_kw_dec_tv_template)
3304 .test = alg_test_skcipher,
3307 .enc = __VECS(aes_lrw_enc_tv_template),
3308 .dec = __VECS(aes_lrw_dec_tv_template)
3312 .alg = "lrw(camellia)",
3313 .test = alg_test_skcipher,
3316 .enc = __VECS(camellia_lrw_enc_tv_template),
3317 .dec = __VECS(camellia_lrw_dec_tv_template)
3321 .alg = "lrw(cast6)",
3322 .test = alg_test_skcipher,
3325 .enc = __VECS(cast6_lrw_enc_tv_template),
3326 .dec = __VECS(cast6_lrw_dec_tv_template)
3330 .alg = "lrw(serpent)",
3331 .test = alg_test_skcipher,
3334 .enc = __VECS(serpent_lrw_enc_tv_template),
3335 .dec = __VECS(serpent_lrw_dec_tv_template)
3339 .alg = "lrw(twofish)",
3340 .test = alg_test_skcipher,
3343 .enc = __VECS(tf_lrw_enc_tv_template),
3344 .dec = __VECS(tf_lrw_dec_tv_template)
3349 .test = alg_test_comp,
3353 .comp = __VECS(lz4_comp_tv_template),
3354 .decomp = __VECS(lz4_decomp_tv_template)
3359 .test = alg_test_comp,
3363 .comp = __VECS(lz4hc_comp_tv_template),
3364 .decomp = __VECS(lz4hc_decomp_tv_template)
3369 .test = alg_test_comp,
3373 .comp = __VECS(lzo_comp_tv_template),
3374 .decomp = __VECS(lzo_decomp_tv_template)
3379 .test = alg_test_hash,
3381 .hash = __VECS(md4_tv_template)
3385 .test = alg_test_hash,
3387 .hash = __VECS(md5_tv_template)
3390 .alg = "michael_mic",
3391 .test = alg_test_hash,
3393 .hash = __VECS(michael_mic_tv_template)
3397 .test = alg_test_aead,
3400 .enc = __VECS(morus1280_enc_tv_template),
3401 .dec = __VECS(morus1280_dec_tv_template),
3406 .test = alg_test_aead,
3409 .enc = __VECS(morus640_enc_tv_template),
3410 .dec = __VECS(morus640_dec_tv_template),
3415 .test = alg_test_skcipher,
3419 .enc = __VECS(aes_ofb_enc_tv_template),
3420 .dec = __VECS(aes_ofb_dec_tv_template)
3424 /* Same as ofb(aes) except the key is stored in
3425 * hardware secure memory which we reference by index
3428 .test = alg_test_null,
3431 .alg = "pcbc(fcrypt)",
3432 .test = alg_test_skcipher,
3435 .enc = __VECS(fcrypt_pcbc_enc_tv_template),
3436 .dec = __VECS(fcrypt_pcbc_dec_tv_template)
3440 .alg = "pkcs1pad(rsa,sha224)",
3441 .test = alg_test_null,
3444 .alg = "pkcs1pad(rsa,sha256)",
3445 .test = alg_test_akcipher,
3448 .akcipher = __VECS(pkcs1pad_rsa_tv_template)
3451 .alg = "pkcs1pad(rsa,sha384)",
3452 .test = alg_test_null,
3455 .alg = "pkcs1pad(rsa,sha512)",
3456 .test = alg_test_null,
3460 .test = alg_test_hash,
3462 .hash = __VECS(poly1305_tv_template)
3465 .alg = "rfc3686(ctr(aes))",
3466 .test = alg_test_skcipher,
3470 .enc = __VECS(aes_ctr_rfc3686_enc_tv_template),
3471 .dec = __VECS(aes_ctr_rfc3686_dec_tv_template)
3475 .alg = "rfc4106(gcm(aes))",
3476 .test = alg_test_aead,
3480 .enc = __VECS(aes_gcm_rfc4106_enc_tv_template),
3481 .dec = __VECS(aes_gcm_rfc4106_dec_tv_template)
3485 .alg = "rfc4309(ccm(aes))",
3486 .test = alg_test_aead,
3490 .enc = __VECS(aes_ccm_rfc4309_enc_tv_template),
3491 .dec = __VECS(aes_ccm_rfc4309_dec_tv_template)
3495 .alg = "rfc4543(gcm(aes))",
3496 .test = alg_test_aead,
3499 .enc = __VECS(aes_gcm_rfc4543_enc_tv_template),
3500 .dec = __VECS(aes_gcm_rfc4543_dec_tv_template),
3504 .alg = "rfc7539(chacha20,poly1305)",
3505 .test = alg_test_aead,
3508 .enc = __VECS(rfc7539_enc_tv_template),
3509 .dec = __VECS(rfc7539_dec_tv_template),
3513 .alg = "rfc7539esp(chacha20,poly1305)",
3514 .test = alg_test_aead,
3517 .enc = __VECS(rfc7539esp_enc_tv_template),
3518 .dec = __VECS(rfc7539esp_dec_tv_template),
3523 .test = alg_test_hash,
3525 .hash = __VECS(rmd128_tv_template)
3529 .test = alg_test_hash,
3531 .hash = __VECS(rmd160_tv_template)
3535 .test = alg_test_hash,
3537 .hash = __VECS(rmd256_tv_template)
3541 .test = alg_test_hash,
3543 .hash = __VECS(rmd320_tv_template)
3547 .test = alg_test_akcipher,
3550 .akcipher = __VECS(rsa_tv_template)
3554 .test = alg_test_skcipher,
3557 .enc = __VECS(salsa20_stream_enc_tv_template)
3562 .test = alg_test_hash,
3565 .hash = __VECS(sha1_tv_template)
3569 .test = alg_test_hash,
3572 .hash = __VECS(sha224_tv_template)
3576 .test = alg_test_hash,
3579 .hash = __VECS(sha256_tv_template)
3583 .test = alg_test_hash,
3586 .hash = __VECS(sha3_224_tv_template)
3590 .test = alg_test_hash,
3593 .hash = __VECS(sha3_256_tv_template)
3597 .test = alg_test_hash,
3600 .hash = __VECS(sha3_384_tv_template)
3604 .test = alg_test_hash,
3607 .hash = __VECS(sha3_512_tv_template)
3611 .test = alg_test_hash,
3614 .hash = __VECS(sha384_tv_template)
3618 .test = alg_test_hash,
3621 .hash = __VECS(sha512_tv_template)
3625 .test = alg_test_hash,
3627 .hash = __VECS(sm3_tv_template)
3631 .test = alg_test_hash,
3633 .hash = __VECS(tgr128_tv_template)
3637 .test = alg_test_hash,
3639 .hash = __VECS(tgr160_tv_template)
3643 .test = alg_test_hash,
3645 .hash = __VECS(tgr192_tv_template)
3649 .test = alg_test_hash,
3651 .hash = __VECS(aes_vmac128_tv_template)
3655 .test = alg_test_hash,
3657 .hash = __VECS(wp256_tv_template)
3661 .test = alg_test_hash,
3663 .hash = __VECS(wp384_tv_template)
3667 .test = alg_test_hash,
3669 .hash = __VECS(wp512_tv_template)
3673 .test = alg_test_hash,
3675 .hash = __VECS(aes_xcbc128_tv_template)
3679 .test = alg_test_skcipher,
3683 .enc = __VECS(aes_xts_enc_tv_template),
3684 .dec = __VECS(aes_xts_dec_tv_template)
3688 .alg = "xts(camellia)",
3689 .test = alg_test_skcipher,
3692 .enc = __VECS(camellia_xts_enc_tv_template),
3693 .dec = __VECS(camellia_xts_dec_tv_template)
3697 .alg = "xts(cast6)",
3698 .test = alg_test_skcipher,
3701 .enc = __VECS(cast6_xts_enc_tv_template),
3702 .dec = __VECS(cast6_xts_dec_tv_template)
3706 /* Same as xts(aes) except the key is stored in
3707 * hardware secure memory which we reference by index
3710 .test = alg_test_null,
3713 .alg = "xts(serpent)",
3714 .test = alg_test_skcipher,
3717 .enc = __VECS(serpent_xts_enc_tv_template),
3718 .dec = __VECS(serpent_xts_dec_tv_template)
3722 .alg = "xts(speck128)",
3723 .test = alg_test_skcipher,
3726 .enc = __VECS(speck128_xts_enc_tv_template),
3727 .dec = __VECS(speck128_xts_dec_tv_template)
3731 .alg = "xts(speck64)",
3732 .test = alg_test_skcipher,
3735 .enc = __VECS(speck64_xts_enc_tv_template),
3736 .dec = __VECS(speck64_xts_dec_tv_template)
3740 .alg = "xts(twofish)",
3741 .test = alg_test_skcipher,
3744 .enc = __VECS(tf_xts_enc_tv_template),
3745 .dec = __VECS(tf_xts_dec_tv_template)
3749 .alg = "xts4096(paes)",
3750 .test = alg_test_null,
3753 .alg = "xts512(paes)",
3754 .test = alg_test_null,
3757 .alg = "zlib-deflate",
3758 .test = alg_test_comp,
3762 .comp = __VECS(zlib_deflate_comp_tv_template),
3763 .decomp = __VECS(zlib_deflate_decomp_tv_template)
3768 .test = alg_test_comp,
3772 .comp = __VECS(zstd_comp_tv_template),
3773 .decomp = __VECS(zstd_decomp_tv_template)
3779 static bool alg_test_descs_checked;
3781 static void alg_test_descs_check_order(void)
3785 /* only check once */
3786 if (alg_test_descs_checked)
3789 alg_test_descs_checked = true;
3791 for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) {
3792 int diff = strcmp(alg_test_descs[i - 1].alg,
3793 alg_test_descs[i].alg);
3795 if (WARN_ON(diff > 0)) {
3796 pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n",
3797 alg_test_descs[i - 1].alg,
3798 alg_test_descs[i].alg);
3801 if (WARN_ON(diff == 0)) {
3802 pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n",
3803 alg_test_descs[i].alg);
3808 static int alg_find_test(const char *alg)
3811 int end = ARRAY_SIZE(alg_test_descs);
3813 while (start < end) {
3814 int i = (start + end) / 2;
3815 int diff = strcmp(alg_test_descs[i].alg, alg);
3833 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
3839 if (!fips_enabled && notests) {
3840 printk_once(KERN_INFO "alg: self-tests disabled\n");
3844 alg_test_descs_check_order();
3846 if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
3847 char nalg[CRYPTO_MAX_ALG_NAME];
3849 if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >=
3851 return -ENAMETOOLONG;
3853 i = alg_find_test(nalg);
3857 if (fips_enabled && !alg_test_descs[i].fips_allowed)
3860 rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
3864 i = alg_find_test(alg);
3865 j = alg_find_test(driver);
3869 if (fips_enabled && ((i >= 0 && !alg_test_descs[i].fips_allowed) ||
3870 (j >= 0 && !alg_test_descs[j].fips_allowed)))
3875 rc |= alg_test_descs[i].test(alg_test_descs + i, driver,
3877 if (j >= 0 && j != i)
3878 rc |= alg_test_descs[j].test(alg_test_descs + j, driver,
3882 if (fips_enabled && rc)
3883 panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
3885 if (fips_enabled && !rc)
3886 pr_info("alg: self-tests for %s (%s) passed\n", driver, alg);
3891 printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
3897 #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */
3899 EXPORT_SYMBOL_GPL(alg_test);