2 * Algorithm testing framework and tests.
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
6 * Copyright (c) 2007 Nokia Siemens Networks
7 * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
9 * Updated RFC4106 AES-GCM testing.
10 * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com)
11 * Adrian Hoban <adrian.hoban@intel.com>
12 * Gabriele Paoloni <gabriele.paoloni@intel.com>
13 * Tadeusz Struk (tadeusz.struk@intel.com)
14 * Copyright (c) 2010, Intel Corporation.
16 * This program is free software; you can redistribute it and/or modify it
17 * under the terms of the GNU General Public License as published by the Free
18 * Software Foundation; either version 2 of the License, or (at your option)
23 #include <crypto/aead.h>
24 #include <crypto/hash.h>
25 #include <crypto/skcipher.h>
26 #include <linux/err.h>
27 #include <linux/fips.h>
28 #include <linux/module.h>
29 #include <linux/scatterlist.h>
30 #include <linux/slab.h>
31 #include <linux/string.h>
32 #include <crypto/rng.h>
33 #include <crypto/drbg.h>
34 #include <crypto/akcipher.h>
35 #include <crypto/kpp.h>
36 #include <crypto/acompress.h>
41 module_param(notests, bool, 0644);
42 MODULE_PARM_DESC(notests, "disable crypto self-tests");
44 #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
47 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
57 * Need slab memory for testing (size in number of pages).
62 * Indexes into the xbuf to simulate cross-page access.
74 * Used by test_cipher()
79 struct aead_test_suite {
81 const struct aead_testvec *vecs;
86 struct cipher_test_suite {
88 const struct cipher_testvec *vecs;
93 struct comp_test_suite {
95 const struct comp_testvec *vecs;
100 struct hash_test_suite {
101 const struct hash_testvec *vecs;
105 struct cprng_test_suite {
106 const struct cprng_testvec *vecs;
110 struct drbg_test_suite {
111 const struct drbg_testvec *vecs;
115 struct akcipher_test_suite {
116 const struct akcipher_testvec *vecs;
120 struct kpp_test_suite {
121 const struct kpp_testvec *vecs;
125 struct alg_test_desc {
127 int (*test)(const struct alg_test_desc *desc, const char *driver,
129 int fips_allowed; /* set if alg is allowed in fips mode */
132 struct aead_test_suite aead;
133 struct cipher_test_suite cipher;
134 struct comp_test_suite comp;
135 struct hash_test_suite hash;
136 struct cprng_test_suite cprng;
137 struct drbg_test_suite drbg;
138 struct akcipher_test_suite akcipher;
139 struct kpp_test_suite kpp;
143 static const unsigned int IDX[8] = {
144 IDX1, IDX2, IDX3, IDX4, IDX5, IDX6, IDX7, IDX8 };
146 static void hexdump(unsigned char *buf, unsigned int len)
148 print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
153 static int testmgr_alloc_buf(char *buf[XBUFSIZE])
157 for (i = 0; i < XBUFSIZE; i++) {
158 buf[i] = (void *)__get_free_page(GFP_KERNEL);
167 free_page((unsigned long)buf[i]);
172 static void testmgr_free_buf(char *buf[XBUFSIZE])
176 for (i = 0; i < XBUFSIZE; i++)
177 free_page((unsigned long)buf[i]);
180 static int ahash_partial_update(struct ahash_request **preq,
181 struct crypto_ahash *tfm, const struct hash_testvec *template,
182 void *hash_buff, int k, int temp, struct scatterlist *sg,
183 const char *algo, char *result, struct crypto_wait *wait)
186 struct ahash_request *req;
187 int statesize, ret = -EINVAL;
188 const char guard[] = { 0x00, 0xba, 0xad, 0x00 };
191 statesize = crypto_ahash_statesize(
192 crypto_ahash_reqtfm(req));
193 state = kmalloc(statesize + sizeof(guard), GFP_KERNEL);
195 pr_err("alg: hash: Failed to alloc state for %s\n", algo);
198 memcpy(state + statesize, guard, sizeof(guard));
199 ret = crypto_ahash_export(req, state);
200 WARN_ON(memcmp(state + statesize, guard, sizeof(guard)));
202 pr_err("alg: hash: Failed to export() for %s\n", algo);
205 ahash_request_free(req);
206 req = ahash_request_alloc(tfm, GFP_KERNEL);
208 pr_err("alg: hash: Failed to alloc request for %s\n", algo);
211 ahash_request_set_callback(req,
212 CRYPTO_TFM_REQ_MAY_BACKLOG,
213 crypto_req_done, wait);
215 memcpy(hash_buff, template->plaintext + temp,
217 sg_init_one(&sg[0], hash_buff, template->tap[k]);
218 ahash_request_set_crypt(req, sg, result, template->tap[k]);
219 ret = crypto_ahash_import(req, state);
221 pr_err("alg: hash: Failed to import() for %s\n", algo);
224 ret = crypto_wait_req(crypto_ahash_update(req), wait);
231 ahash_request_free(req);
238 static int __test_hash(struct crypto_ahash *tfm,
239 const struct hash_testvec *template, unsigned int tcount,
240 bool use_digest, const int align_offset)
242 const char *algo = crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
243 size_t digest_size = crypto_ahash_digestsize(tfm);
244 unsigned int i, j, k, temp;
245 struct scatterlist sg[8];
248 struct ahash_request *req;
249 struct crypto_wait wait;
251 char *xbuf[XBUFSIZE];
254 result = kmalloc(digest_size, GFP_KERNEL);
257 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
260 if (testmgr_alloc_buf(xbuf))
263 crypto_init_wait(&wait);
265 req = ahash_request_alloc(tfm, GFP_KERNEL);
267 printk(KERN_ERR "alg: hash: Failed to allocate request for "
271 ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
272 crypto_req_done, &wait);
275 for (i = 0; i < tcount; i++) {
280 if (WARN_ON(align_offset + template[i].psize > PAGE_SIZE))
284 memset(result, 0, digest_size);
287 hash_buff += align_offset;
289 memcpy(hash_buff, template[i].plaintext, template[i].psize);
290 sg_init_one(&sg[0], hash_buff, template[i].psize);
292 if (template[i].ksize) {
293 crypto_ahash_clear_flags(tfm, ~0);
294 if (template[i].ksize > MAX_KEYLEN) {
295 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
296 j, algo, template[i].ksize, MAX_KEYLEN);
300 memcpy(key, template[i].key, template[i].ksize);
301 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
303 printk(KERN_ERR "alg: hash: setkey failed on "
304 "test %d for %s: ret=%d\n", j, algo,
310 ahash_request_set_crypt(req, sg, result, template[i].psize);
312 ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
314 pr_err("alg: hash: digest failed on test %d "
315 "for %s: ret=%d\n", j, algo, -ret);
319 ret = crypto_wait_req(crypto_ahash_init(req), &wait);
321 pr_err("alg: hash: init failed on test %d "
322 "for %s: ret=%d\n", j, algo, -ret);
325 ret = crypto_wait_req(crypto_ahash_update(req), &wait);
327 pr_err("alg: hash: update failed on test %d "
328 "for %s: ret=%d\n", j, algo, -ret);
331 ret = crypto_wait_req(crypto_ahash_final(req), &wait);
333 pr_err("alg: hash: final failed on test %d "
334 "for %s: ret=%d\n", j, algo, -ret);
339 if (memcmp(result, template[i].digest,
340 crypto_ahash_digestsize(tfm))) {
341 printk(KERN_ERR "alg: hash: Test %d failed for %s\n",
343 hexdump(result, crypto_ahash_digestsize(tfm));
350 for (i = 0; i < tcount; i++) {
351 /* alignment tests are only done with continuous buffers */
352 if (align_offset != 0)
359 memset(result, 0, digest_size);
362 sg_init_table(sg, template[i].np);
364 for (k = 0; k < template[i].np; k++) {
365 if (WARN_ON(offset_in_page(IDX[k]) +
366 template[i].tap[k] > PAGE_SIZE))
369 memcpy(xbuf[IDX[k] >> PAGE_SHIFT] +
370 offset_in_page(IDX[k]),
371 template[i].plaintext + temp,
374 temp += template[i].tap[k];
377 if (template[i].ksize) {
378 if (template[i].ksize > MAX_KEYLEN) {
379 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
380 j, algo, template[i].ksize, MAX_KEYLEN);
384 crypto_ahash_clear_flags(tfm, ~0);
385 memcpy(key, template[i].key, template[i].ksize);
386 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
389 printk(KERN_ERR "alg: hash: setkey "
390 "failed on chunking test %d "
391 "for %s: ret=%d\n", j, algo, -ret);
396 ahash_request_set_crypt(req, sg, result, template[i].psize);
397 ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
399 pr_err("alg: hash: digest failed on chunking test %d for %s: ret=%d\n",
404 if (memcmp(result, template[i].digest,
405 crypto_ahash_digestsize(tfm))) {
406 printk(KERN_ERR "alg: hash: Chunking test %d "
407 "failed for %s\n", j, algo);
408 hexdump(result, crypto_ahash_digestsize(tfm));
414 /* partial update exercise */
416 for (i = 0; i < tcount; i++) {
417 /* alignment tests are only done with continuous buffers */
418 if (align_offset != 0)
421 if (template[i].np < 2)
425 memset(result, 0, digest_size);
429 memcpy(hash_buff, template[i].plaintext,
431 sg_init_one(&sg[0], hash_buff, template[i].tap[0]);
433 if (template[i].ksize) {
434 crypto_ahash_clear_flags(tfm, ~0);
435 if (template[i].ksize > MAX_KEYLEN) {
436 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
437 j, algo, template[i].ksize, MAX_KEYLEN);
441 memcpy(key, template[i].key, template[i].ksize);
442 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
444 pr_err("alg: hash: setkey failed on test %d for %s: ret=%d\n",
450 ahash_request_set_crypt(req, sg, result, template[i].tap[0]);
451 ret = crypto_wait_req(crypto_ahash_init(req), &wait);
453 pr_err("alg: hash: init failed on test %d for %s: ret=%d\n",
457 ret = crypto_wait_req(crypto_ahash_update(req), &wait);
459 pr_err("alg: hash: update failed on test %d for %s: ret=%d\n",
464 temp = template[i].tap[0];
465 for (k = 1; k < template[i].np; k++) {
466 ret = ahash_partial_update(&req, tfm, &template[i],
467 hash_buff, k, temp, &sg[0], algo, result,
470 pr_err("alg: hash: partial update failed on test %d for %s: ret=%d\n",
474 temp += template[i].tap[k];
476 ret = crypto_wait_req(crypto_ahash_final(req), &wait);
478 pr_err("alg: hash: final failed on test %d for %s: ret=%d\n",
482 if (memcmp(result, template[i].digest,
483 crypto_ahash_digestsize(tfm))) {
484 pr_err("alg: hash: Partial Test %d failed for %s\n",
486 hexdump(result, crypto_ahash_digestsize(tfm));
495 ahash_request_free(req);
497 testmgr_free_buf(xbuf);
504 static int test_hash(struct crypto_ahash *tfm,
505 const struct hash_testvec *template,
506 unsigned int tcount, bool use_digest)
508 unsigned int alignmask;
511 ret = __test_hash(tfm, template, tcount, use_digest, 0);
515 /* test unaligned buffers, check with one byte offset */
516 ret = __test_hash(tfm, template, tcount, use_digest, 1);
520 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
522 /* Check if alignment mask for tfm is correctly set. */
523 ret = __test_hash(tfm, template, tcount, use_digest,
532 static int __test_aead(struct crypto_aead *tfm, int enc,
533 const struct aead_testvec *template, unsigned int tcount,
534 const bool diff_dst, const int align_offset)
536 const char *algo = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
537 unsigned int i, j, k, n, temp;
541 struct aead_request *req;
542 struct scatterlist *sg;
543 struct scatterlist *sgout;
545 struct crypto_wait wait;
546 unsigned int authsize, iv_len;
551 char *xbuf[XBUFSIZE];
552 char *xoutbuf[XBUFSIZE];
553 char *axbuf[XBUFSIZE];
555 iv = kzalloc(MAX_IVLEN, GFP_KERNEL);
558 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
561 if (testmgr_alloc_buf(xbuf))
563 if (testmgr_alloc_buf(axbuf))
565 if (diff_dst && testmgr_alloc_buf(xoutbuf))
568 /* avoid "the frame size is larger than 1024 bytes" compiler warning */
569 sg = kmalloc(sizeof(*sg) * 8 * (diff_dst ? 4 : 2), GFP_KERNEL);
584 crypto_init_wait(&wait);
586 req = aead_request_alloc(tfm, GFP_KERNEL);
588 pr_err("alg: aead%s: Failed to allocate request for %s\n",
593 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
594 crypto_req_done, &wait);
596 iv_len = crypto_aead_ivsize(tfm);
598 for (i = 0, j = 0; i < tcount; i++) {
604 /* some templates have no input data but they will
608 input += align_offset;
612 if (WARN_ON(align_offset + template[i].ilen >
613 PAGE_SIZE || template[i].alen > PAGE_SIZE))
616 memcpy(input, template[i].input, template[i].ilen);
617 memcpy(assoc, template[i].assoc, template[i].alen);
619 memcpy(iv, template[i].iv, iv_len);
621 memset(iv, 0, iv_len);
623 crypto_aead_clear_flags(tfm, ~0);
625 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
627 if (template[i].klen > MAX_KEYLEN) {
628 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
629 d, j, algo, template[i].klen,
634 memcpy(key, template[i].key, template[i].klen);
636 ret = crypto_aead_setkey(tfm, key, template[i].klen);
637 if (template[i].fail == !ret) {
638 pr_err("alg: aead%s: setkey failed on test %d for %s: flags=%x\n",
639 d, j, algo, crypto_aead_get_flags(tfm));
644 authsize = abs(template[i].rlen - template[i].ilen);
645 ret = crypto_aead_setauthsize(tfm, authsize);
647 pr_err("alg: aead%s: Failed to set authsize to %u on test %d for %s\n",
648 d, authsize, j, algo);
652 k = !!template[i].alen;
653 sg_init_table(sg, k + 1);
654 sg_set_buf(&sg[0], assoc, template[i].alen);
655 sg_set_buf(&sg[k], input,
656 template[i].ilen + (enc ? authsize : 0));
660 sg_init_table(sgout, k + 1);
661 sg_set_buf(&sgout[0], assoc, template[i].alen);
664 output += align_offset;
665 sg_set_buf(&sgout[k], output,
666 template[i].rlen + (enc ? 0 : authsize));
669 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
670 template[i].ilen, iv);
672 aead_request_set_ad(req, template[i].alen);
674 ret = crypto_wait_req(enc ? crypto_aead_encrypt(req)
675 : crypto_aead_decrypt(req), &wait);
679 if (template[i].novrfy) {
680 /* verification was supposed to fail */
681 pr_err("alg: aead%s: %s failed on test %d for %s: ret was 0, expected -EBADMSG\n",
683 /* so really, we got a bad message */
689 if (template[i].novrfy)
690 /* verification failure was expected */
694 pr_err("alg: aead%s: %s failed on test %d for %s: ret=%d\n",
695 d, e, j, algo, -ret);
700 if (memcmp(q, template[i].result, template[i].rlen)) {
701 pr_err("alg: aead%s: Test %d failed on %s for %s\n",
703 hexdump(q, template[i].rlen);
709 for (i = 0, j = 0; i < tcount; i++) {
710 /* alignment tests are only done with continuous buffers */
711 if (align_offset != 0)
720 memcpy(iv, template[i].iv, iv_len);
722 memset(iv, 0, MAX_IVLEN);
724 crypto_aead_clear_flags(tfm, ~0);
726 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
727 if (template[i].klen > MAX_KEYLEN) {
728 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
729 d, j, algo, template[i].klen, MAX_KEYLEN);
733 memcpy(key, template[i].key, template[i].klen);
735 ret = crypto_aead_setkey(tfm, key, template[i].klen);
736 if (template[i].fail == !ret) {
737 pr_err("alg: aead%s: setkey failed on chunk test %d for %s: flags=%x\n",
738 d, j, algo, crypto_aead_get_flags(tfm));
743 authsize = abs(template[i].rlen - template[i].ilen);
746 sg_init_table(sg, template[i].anp + template[i].np);
748 sg_init_table(sgout, template[i].anp + template[i].np);
751 for (k = 0, temp = 0; k < template[i].anp; k++) {
752 if (WARN_ON(offset_in_page(IDX[k]) +
753 template[i].atap[k] > PAGE_SIZE))
756 memcpy(axbuf[IDX[k] >> PAGE_SHIFT] +
757 offset_in_page(IDX[k]),
758 template[i].assoc + temp,
759 template[i].atap[k]),
760 template[i].atap[k]);
762 sg_set_buf(&sgout[k],
763 axbuf[IDX[k] >> PAGE_SHIFT] +
764 offset_in_page(IDX[k]),
765 template[i].atap[k]);
766 temp += template[i].atap[k];
769 for (k = 0, temp = 0; k < template[i].np; k++) {
770 if (WARN_ON(offset_in_page(IDX[k]) +
771 template[i].tap[k] > PAGE_SIZE))
774 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
775 memcpy(q, template[i].input + temp, template[i].tap[k]);
776 sg_set_buf(&sg[template[i].anp + k],
777 q, template[i].tap[k]);
780 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
781 offset_in_page(IDX[k]);
783 memset(q, 0, template[i].tap[k]);
785 sg_set_buf(&sgout[template[i].anp + k],
786 q, template[i].tap[k]);
789 n = template[i].tap[k];
790 if (k == template[i].np - 1 && enc)
792 if (offset_in_page(q) + n < PAGE_SIZE)
795 temp += template[i].tap[k];
798 ret = crypto_aead_setauthsize(tfm, authsize);
800 pr_err("alg: aead%s: Failed to set authsize to %u on chunk test %d for %s\n",
801 d, authsize, j, algo);
806 if (WARN_ON(sg[template[i].anp + k - 1].offset +
807 sg[template[i].anp + k - 1].length +
808 authsize > PAGE_SIZE)) {
814 sgout[template[i].anp + k - 1].length +=
816 sg[template[i].anp + k - 1].length += authsize;
819 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
823 aead_request_set_ad(req, template[i].alen);
825 ret = crypto_wait_req(enc ? crypto_aead_encrypt(req)
826 : crypto_aead_decrypt(req), &wait);
830 if (template[i].novrfy) {
831 /* verification was supposed to fail */
832 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret was 0, expected -EBADMSG\n",
834 /* so really, we got a bad message */
840 if (template[i].novrfy)
841 /* verification failure was expected */
845 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret=%d\n",
846 d, e, j, algo, -ret);
851 for (k = 0, temp = 0; k < template[i].np; k++) {
853 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
854 offset_in_page(IDX[k]);
856 q = xbuf[IDX[k] >> PAGE_SHIFT] +
857 offset_in_page(IDX[k]);
859 n = template[i].tap[k];
860 if (k == template[i].np - 1)
861 n += enc ? authsize : -authsize;
863 if (memcmp(q, template[i].result + temp, n)) {
864 pr_err("alg: aead%s: Chunk test %d failed on %s at page %u for %s\n",
871 if (k == template[i].np - 1 && !enc) {
873 memcmp(q, template[i].input +
879 for (n = 0; offset_in_page(q + n) && q[n]; n++)
883 pr_err("alg: aead%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
884 d, j, e, k, algo, n);
889 temp += template[i].tap[k];
896 aead_request_free(req);
900 testmgr_free_buf(xoutbuf);
902 testmgr_free_buf(axbuf);
904 testmgr_free_buf(xbuf);
911 static int test_aead(struct crypto_aead *tfm, int enc,
912 const struct aead_testvec *template, unsigned int tcount)
914 unsigned int alignmask;
917 /* test 'dst == src' case */
918 ret = __test_aead(tfm, enc, template, tcount, false, 0);
922 /* test 'dst != src' case */
923 ret = __test_aead(tfm, enc, template, tcount, true, 0);
927 /* test unaligned buffers, check with one byte offset */
928 ret = __test_aead(tfm, enc, template, tcount, true, 1);
932 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
934 /* Check if alignment mask for tfm is correctly set. */
935 ret = __test_aead(tfm, enc, template, tcount, true,
944 static int test_cipher(struct crypto_cipher *tfm, int enc,
945 const struct cipher_testvec *template,
948 const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm));
949 unsigned int i, j, k;
953 char *xbuf[XBUFSIZE];
956 if (testmgr_alloc_buf(xbuf))
965 for (i = 0; i < tcount; i++) {
969 if (fips_enabled && template[i].fips_skip)
975 if (WARN_ON(template[i].ilen > PAGE_SIZE))
979 memcpy(data, template[i].input, template[i].ilen);
981 crypto_cipher_clear_flags(tfm, ~0);
983 crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
985 ret = crypto_cipher_setkey(tfm, template[i].key,
987 if (template[i].fail == !ret) {
988 printk(KERN_ERR "alg: cipher: setkey failed "
989 "on test %d for %s: flags=%x\n", j,
990 algo, crypto_cipher_get_flags(tfm));
995 for (k = 0; k < template[i].ilen;
996 k += crypto_cipher_blocksize(tfm)) {
998 crypto_cipher_encrypt_one(tfm, data + k,
1001 crypto_cipher_decrypt_one(tfm, data + k,
1006 if (memcmp(q, template[i].result, template[i].rlen)) {
1007 printk(KERN_ERR "alg: cipher: Test %d failed "
1008 "on %s for %s\n", j, e, algo);
1009 hexdump(q, template[i].rlen);
1018 testmgr_free_buf(xbuf);
1023 static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
1024 const struct cipher_testvec *template,
1025 unsigned int tcount,
1026 const bool diff_dst, const int align_offset)
1029 crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
1030 unsigned int i, j, k, n, temp;
1032 struct skcipher_request *req;
1033 struct scatterlist sg[8];
1034 struct scatterlist sgout[8];
1036 struct crypto_wait wait;
1039 char *xbuf[XBUFSIZE];
1040 char *xoutbuf[XBUFSIZE];
1042 unsigned int ivsize = crypto_skcipher_ivsize(tfm);
1044 if (testmgr_alloc_buf(xbuf))
1047 if (diff_dst && testmgr_alloc_buf(xoutbuf))
1060 crypto_init_wait(&wait);
1062 req = skcipher_request_alloc(tfm, GFP_KERNEL);
1064 pr_err("alg: skcipher%s: Failed to allocate request for %s\n",
1069 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1070 crypto_req_done, &wait);
1073 for (i = 0; i < tcount; i++) {
1074 if (template[i].np && !template[i].also_non_np)
1077 if (fips_enabled && template[i].fips_skip)
1081 memcpy(iv, template[i].iv, ivsize);
1083 memset(iv, 0, MAX_IVLEN);
1087 if (WARN_ON(align_offset + template[i].ilen > PAGE_SIZE))
1091 data += align_offset;
1092 memcpy(data, template[i].input, template[i].ilen);
1094 crypto_skcipher_clear_flags(tfm, ~0);
1096 crypto_skcipher_set_flags(tfm,
1097 CRYPTO_TFM_REQ_WEAK_KEY);
1099 ret = crypto_skcipher_setkey(tfm, template[i].key,
1101 if (template[i].fail == !ret) {
1102 pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n",
1103 d, j, algo, crypto_skcipher_get_flags(tfm));
1108 sg_init_one(&sg[0], data, template[i].ilen);
1111 data += align_offset;
1112 sg_init_one(&sgout[0], data, template[i].ilen);
1115 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1116 template[i].ilen, iv);
1117 ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
1118 crypto_skcipher_decrypt(req), &wait);
1121 pr_err("alg: skcipher%s: %s failed on test %d for %s: ret=%d\n",
1122 d, e, j, algo, -ret);
1127 if (memcmp(q, template[i].result, template[i].rlen)) {
1128 pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n",
1130 hexdump(q, template[i].rlen);
1135 if (template[i].iv_out &&
1136 memcmp(iv, template[i].iv_out,
1137 crypto_skcipher_ivsize(tfm))) {
1138 pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n",
1140 hexdump(iv, crypto_skcipher_ivsize(tfm));
1147 for (i = 0; i < tcount; i++) {
1148 /* alignment tests are only done with continuous buffers */
1149 if (align_offset != 0)
1152 if (!template[i].np)
1155 if (fips_enabled && template[i].fips_skip)
1159 memcpy(iv, template[i].iv, ivsize);
1161 memset(iv, 0, MAX_IVLEN);
1164 crypto_skcipher_clear_flags(tfm, ~0);
1166 crypto_skcipher_set_flags(tfm,
1167 CRYPTO_TFM_REQ_WEAK_KEY);
1169 ret = crypto_skcipher_setkey(tfm, template[i].key,
1171 if (template[i].fail == !ret) {
1172 pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n",
1173 d, j, algo, crypto_skcipher_get_flags(tfm));
1180 sg_init_table(sg, template[i].np);
1182 sg_init_table(sgout, template[i].np);
1183 for (k = 0; k < template[i].np; k++) {
1184 if (WARN_ON(offset_in_page(IDX[k]) +
1185 template[i].tap[k] > PAGE_SIZE))
1188 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
1190 memcpy(q, template[i].input + temp, template[i].tap[k]);
1192 if (offset_in_page(q) + template[i].tap[k] < PAGE_SIZE)
1193 q[template[i].tap[k]] = 0;
1195 sg_set_buf(&sg[k], q, template[i].tap[k]);
1197 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1198 offset_in_page(IDX[k]);
1200 sg_set_buf(&sgout[k], q, template[i].tap[k]);
1202 memset(q, 0, template[i].tap[k]);
1203 if (offset_in_page(q) +
1204 template[i].tap[k] < PAGE_SIZE)
1205 q[template[i].tap[k]] = 0;
1208 temp += template[i].tap[k];
1211 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1212 template[i].ilen, iv);
1214 ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
1215 crypto_skcipher_decrypt(req), &wait);
1218 pr_err("alg: skcipher%s: %s failed on chunk test %d for %s: ret=%d\n",
1219 d, e, j, algo, -ret);
1225 for (k = 0; k < template[i].np; k++) {
1227 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1228 offset_in_page(IDX[k]);
1230 q = xbuf[IDX[k] >> PAGE_SHIFT] +
1231 offset_in_page(IDX[k]);
1233 if (memcmp(q, template[i].result + temp,
1234 template[i].tap[k])) {
1235 pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n",
1237 hexdump(q, template[i].tap[k]);
1241 q += template[i].tap[k];
1242 for (n = 0; offset_in_page(q + n) && q[n]; n++)
1245 pr_err("alg: skcipher%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
1246 d, j, e, k, algo, n);
1250 temp += template[i].tap[k];
1257 skcipher_request_free(req);
1259 testmgr_free_buf(xoutbuf);
1261 testmgr_free_buf(xbuf);
1266 static int test_skcipher(struct crypto_skcipher *tfm, int enc,
1267 const struct cipher_testvec *template,
1268 unsigned int tcount)
1270 unsigned int alignmask;
1273 /* test 'dst == src' case */
1274 ret = __test_skcipher(tfm, enc, template, tcount, false, 0);
1278 /* test 'dst != src' case */
1279 ret = __test_skcipher(tfm, enc, template, tcount, true, 0);
1283 /* test unaligned buffers, check with one byte offset */
1284 ret = __test_skcipher(tfm, enc, template, tcount, true, 1);
1288 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
1290 /* Check if alignment mask for tfm is correctly set. */
1291 ret = __test_skcipher(tfm, enc, template, tcount, true,
1300 static int test_comp(struct crypto_comp *tfm,
1301 const struct comp_testvec *ctemplate,
1302 const struct comp_testvec *dtemplate,
1303 int ctcount, int dtcount)
1305 const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm));
1307 char result[COMP_BUF_SIZE];
1310 for (i = 0; i < ctcount; i++) {
1312 unsigned int dlen = COMP_BUF_SIZE;
1314 memset(result, 0, sizeof (result));
1316 ilen = ctemplate[i].inlen;
1317 ret = crypto_comp_compress(tfm, ctemplate[i].input,
1318 ilen, result, &dlen);
1320 printk(KERN_ERR "alg: comp: compression failed "
1321 "on test %d for %s: ret=%d\n", i + 1, algo,
1326 if (dlen != ctemplate[i].outlen) {
1327 printk(KERN_ERR "alg: comp: Compression test %d "
1328 "failed for %s: output len = %d\n", i + 1, algo,
1334 if (memcmp(result, ctemplate[i].output, dlen)) {
1335 printk(KERN_ERR "alg: comp: Compression test %d "
1336 "failed for %s\n", i + 1, algo);
1337 hexdump(result, dlen);
1343 for (i = 0; i < dtcount; i++) {
1345 unsigned int dlen = COMP_BUF_SIZE;
1347 memset(result, 0, sizeof (result));
1349 ilen = dtemplate[i].inlen;
1350 ret = crypto_comp_decompress(tfm, dtemplate[i].input,
1351 ilen, result, &dlen);
1353 printk(KERN_ERR "alg: comp: decompression failed "
1354 "on test %d for %s: ret=%d\n", i + 1, algo,
1359 if (dlen != dtemplate[i].outlen) {
1360 printk(KERN_ERR "alg: comp: Decompression test %d "
1361 "failed for %s: output len = %d\n", i + 1, algo,
1367 if (memcmp(result, dtemplate[i].output, dlen)) {
1368 printk(KERN_ERR "alg: comp: Decompression test %d "
1369 "failed for %s\n", i + 1, algo);
1370 hexdump(result, dlen);
1382 static int test_acomp(struct crypto_acomp *tfm,
1383 const struct comp_testvec *ctemplate,
1384 const struct comp_testvec *dtemplate,
1385 int ctcount, int dtcount)
1387 const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm));
1389 char *output, *decomp_out;
1391 struct scatterlist src, dst;
1392 struct acomp_req *req;
1393 struct crypto_wait wait;
1395 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1399 decomp_out = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1405 for (i = 0; i < ctcount; i++) {
1406 unsigned int dlen = COMP_BUF_SIZE;
1407 int ilen = ctemplate[i].inlen;
1410 input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL);
1416 memset(output, 0, dlen);
1417 crypto_init_wait(&wait);
1418 sg_init_one(&src, input_vec, ilen);
1419 sg_init_one(&dst, output, dlen);
1421 req = acomp_request_alloc(tfm);
1423 pr_err("alg: acomp: request alloc failed for %s\n",
1430 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1431 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1432 crypto_req_done, &wait);
1434 ret = crypto_wait_req(crypto_acomp_compress(req), &wait);
1436 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1439 acomp_request_free(req);
1444 dlen = COMP_BUF_SIZE;
1445 sg_init_one(&src, output, ilen);
1446 sg_init_one(&dst, decomp_out, dlen);
1447 crypto_init_wait(&wait);
1448 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1450 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait);
1452 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1455 acomp_request_free(req);
1459 if (req->dlen != ctemplate[i].inlen) {
1460 pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n",
1461 i + 1, algo, req->dlen);
1464 acomp_request_free(req);
1468 if (memcmp(input_vec, decomp_out, req->dlen)) {
1469 pr_err("alg: acomp: Compression test %d failed for %s\n",
1471 hexdump(output, req->dlen);
1474 acomp_request_free(req);
1479 acomp_request_free(req);
1482 for (i = 0; i < dtcount; i++) {
1483 unsigned int dlen = COMP_BUF_SIZE;
1484 int ilen = dtemplate[i].inlen;
1487 input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL);
1493 memset(output, 0, dlen);
1494 crypto_init_wait(&wait);
1495 sg_init_one(&src, input_vec, ilen);
1496 sg_init_one(&dst, output, dlen);
1498 req = acomp_request_alloc(tfm);
1500 pr_err("alg: acomp: request alloc failed for %s\n",
1507 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1508 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1509 crypto_req_done, &wait);
1511 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait);
1513 pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n",
1516 acomp_request_free(req);
1520 if (req->dlen != dtemplate[i].outlen) {
1521 pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n",
1522 i + 1, algo, req->dlen);
1525 acomp_request_free(req);
1529 if (memcmp(output, dtemplate[i].output, req->dlen)) {
1530 pr_err("alg: acomp: Decompression test %d failed for %s\n",
1532 hexdump(output, req->dlen);
1535 acomp_request_free(req);
1540 acomp_request_free(req);
1551 static int test_cprng(struct crypto_rng *tfm,
1552 const struct cprng_testvec *template,
1553 unsigned int tcount)
1555 const char *algo = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm));
1556 int err = 0, i, j, seedsize;
1560 seedsize = crypto_rng_seedsize(tfm);
1562 seed = kmalloc(seedsize, GFP_KERNEL);
1564 printk(KERN_ERR "alg: cprng: Failed to allocate seed space "
1569 for (i = 0; i < tcount; i++) {
1570 memset(result, 0, 32);
1572 memcpy(seed, template[i].v, template[i].vlen);
1573 memcpy(seed + template[i].vlen, template[i].key,
1575 memcpy(seed + template[i].vlen + template[i].klen,
1576 template[i].dt, template[i].dtlen);
1578 err = crypto_rng_reset(tfm, seed, seedsize);
1580 printk(KERN_ERR "alg: cprng: Failed to reset rng "
1585 for (j = 0; j < template[i].loops; j++) {
1586 err = crypto_rng_get_bytes(tfm, result,
1589 printk(KERN_ERR "alg: cprng: Failed to obtain "
1590 "the correct amount of random data for "
1591 "%s (requested %d)\n", algo,
1597 err = memcmp(result, template[i].result,
1600 printk(KERN_ERR "alg: cprng: Test %d failed for %s\n",
1602 hexdump(result, template[i].rlen);
1613 static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
1616 struct crypto_aead *tfm;
1619 tfm = crypto_alloc_aead(driver, type, mask);
1621 printk(KERN_ERR "alg: aead: Failed to load transform for %s: "
1622 "%ld\n", driver, PTR_ERR(tfm));
1623 return PTR_ERR(tfm);
1626 if (desc->suite.aead.enc.vecs) {
1627 err = test_aead(tfm, ENCRYPT, desc->suite.aead.enc.vecs,
1628 desc->suite.aead.enc.count);
1633 if (!err && desc->suite.aead.dec.vecs)
1634 err = test_aead(tfm, DECRYPT, desc->suite.aead.dec.vecs,
1635 desc->suite.aead.dec.count);
1638 crypto_free_aead(tfm);
1642 static int alg_test_cipher(const struct alg_test_desc *desc,
1643 const char *driver, u32 type, u32 mask)
1645 struct crypto_cipher *tfm;
1648 tfm = crypto_alloc_cipher(driver, type, mask);
1650 printk(KERN_ERR "alg: cipher: Failed to load transform for "
1651 "%s: %ld\n", driver, PTR_ERR(tfm));
1652 return PTR_ERR(tfm);
1655 if (desc->suite.cipher.enc.vecs) {
1656 err = test_cipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs,
1657 desc->suite.cipher.enc.count);
1662 if (desc->suite.cipher.dec.vecs)
1663 err = test_cipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs,
1664 desc->suite.cipher.dec.count);
1667 crypto_free_cipher(tfm);
1671 static int alg_test_skcipher(const struct alg_test_desc *desc,
1672 const char *driver, u32 type, u32 mask)
1674 struct crypto_skcipher *tfm;
1677 tfm = crypto_alloc_skcipher(driver, type, mask);
1679 printk(KERN_ERR "alg: skcipher: Failed to load transform for "
1680 "%s: %ld\n", driver, PTR_ERR(tfm));
1681 return PTR_ERR(tfm);
1684 if (desc->suite.cipher.enc.vecs) {
1685 err = test_skcipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs,
1686 desc->suite.cipher.enc.count);
1691 if (desc->suite.cipher.dec.vecs)
1692 err = test_skcipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs,
1693 desc->suite.cipher.dec.count);
1696 crypto_free_skcipher(tfm);
1700 static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
1703 struct crypto_comp *comp;
1704 struct crypto_acomp *acomp;
1706 u32 algo_type = type & CRYPTO_ALG_TYPE_ACOMPRESS_MASK;
1708 if (algo_type == CRYPTO_ALG_TYPE_ACOMPRESS) {
1709 acomp = crypto_alloc_acomp(driver, type, mask);
1710 if (IS_ERR(acomp)) {
1711 pr_err("alg: acomp: Failed to load transform for %s: %ld\n",
1712 driver, PTR_ERR(acomp));
1713 return PTR_ERR(acomp);
1715 err = test_acomp(acomp, desc->suite.comp.comp.vecs,
1716 desc->suite.comp.decomp.vecs,
1717 desc->suite.comp.comp.count,
1718 desc->suite.comp.decomp.count);
1719 crypto_free_acomp(acomp);
1721 comp = crypto_alloc_comp(driver, type, mask);
1723 pr_err("alg: comp: Failed to load transform for %s: %ld\n",
1724 driver, PTR_ERR(comp));
1725 return PTR_ERR(comp);
1728 err = test_comp(comp, desc->suite.comp.comp.vecs,
1729 desc->suite.comp.decomp.vecs,
1730 desc->suite.comp.comp.count,
1731 desc->suite.comp.decomp.count);
1733 crypto_free_comp(comp);
1738 static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
1741 struct crypto_ahash *tfm;
1744 tfm = crypto_alloc_ahash(driver, type, mask);
1746 printk(KERN_ERR "alg: hash: Failed to load transform for %s: "
1747 "%ld\n", driver, PTR_ERR(tfm));
1748 return PTR_ERR(tfm);
1751 err = test_hash(tfm, desc->suite.hash.vecs,
1752 desc->suite.hash.count, true);
1754 err = test_hash(tfm, desc->suite.hash.vecs,
1755 desc->suite.hash.count, false);
1757 crypto_free_ahash(tfm);
1761 static int alg_test_crc32c(const struct alg_test_desc *desc,
1762 const char *driver, u32 type, u32 mask)
1764 struct crypto_shash *tfm;
1768 err = alg_test_hash(desc, driver, type, mask);
1772 tfm = crypto_alloc_shash(driver, type, mask);
1774 printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: "
1775 "%ld\n", driver, PTR_ERR(tfm));
1781 SHASH_DESC_ON_STACK(shash, tfm);
1782 u32 *ctx = (u32 *)shash_desc_ctx(shash);
1787 *ctx = le32_to_cpu(420553207);
1788 err = crypto_shash_final(shash, (u8 *)&val);
1790 printk(KERN_ERR "alg: crc32c: Operation failed for "
1791 "%s: %d\n", driver, err);
1795 if (val != ~420553207) {
1796 printk(KERN_ERR "alg: crc32c: Test failed for %s: "
1797 "%d\n", driver, val);
1802 crypto_free_shash(tfm);
1808 static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver,
1811 struct crypto_rng *rng;
1814 rng = crypto_alloc_rng(driver, type, mask);
1816 printk(KERN_ERR "alg: cprng: Failed to load transform for %s: "
1817 "%ld\n", driver, PTR_ERR(rng));
1818 return PTR_ERR(rng);
1821 err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count);
1823 crypto_free_rng(rng);
1829 static int drbg_cavs_test(const struct drbg_testvec *test, int pr,
1830 const char *driver, u32 type, u32 mask)
1833 struct crypto_rng *drng;
1834 struct drbg_test_data test_data;
1835 struct drbg_string addtl, pers, testentropy;
1836 unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL);
1841 drng = crypto_alloc_rng(driver, type, mask);
1843 printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for "
1849 test_data.testentropy = &testentropy;
1850 drbg_string_fill(&testentropy, test->entropy, test->entropylen);
1851 drbg_string_fill(&pers, test->pers, test->perslen);
1852 ret = crypto_drbg_reset_test(drng, &pers, &test_data);
1854 printk(KERN_ERR "alg: drbg: Failed to reset rng\n");
1858 drbg_string_fill(&addtl, test->addtla, test->addtllen);
1860 drbg_string_fill(&testentropy, test->entpra, test->entprlen);
1861 ret = crypto_drbg_get_bytes_addtl_test(drng,
1862 buf, test->expectedlen, &addtl, &test_data);
1864 ret = crypto_drbg_get_bytes_addtl(drng,
1865 buf, test->expectedlen, &addtl);
1868 printk(KERN_ERR "alg: drbg: could not obtain random data for "
1869 "driver %s\n", driver);
1873 drbg_string_fill(&addtl, test->addtlb, test->addtllen);
1875 drbg_string_fill(&testentropy, test->entprb, test->entprlen);
1876 ret = crypto_drbg_get_bytes_addtl_test(drng,
1877 buf, test->expectedlen, &addtl, &test_data);
1879 ret = crypto_drbg_get_bytes_addtl(drng,
1880 buf, test->expectedlen, &addtl);
1883 printk(KERN_ERR "alg: drbg: could not obtain random data for "
1884 "driver %s\n", driver);
1888 ret = memcmp(test->expected, buf, test->expectedlen);
1891 crypto_free_rng(drng);
1897 static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver,
1903 const struct drbg_testvec *template = desc->suite.drbg.vecs;
1904 unsigned int tcount = desc->suite.drbg.count;
1906 if (0 == memcmp(driver, "drbg_pr_", 8))
1909 for (i = 0; i < tcount; i++) {
1910 err = drbg_cavs_test(&template[i], pr, driver, type, mask);
1912 printk(KERN_ERR "alg: drbg: Test %d failed for %s\n",
1922 static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,
1925 struct kpp_request *req;
1926 void *input_buf = NULL;
1927 void *output_buf = NULL;
1928 void *a_public = NULL;
1930 void *shared_secret = NULL;
1931 struct crypto_wait wait;
1932 unsigned int out_len_max;
1934 struct scatterlist src, dst;
1936 req = kpp_request_alloc(tfm, GFP_KERNEL);
1940 crypto_init_wait(&wait);
1942 err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size);
1946 out_len_max = crypto_kpp_maxsize(tfm);
1947 output_buf = kzalloc(out_len_max, GFP_KERNEL);
1953 /* Use appropriate parameter as base */
1954 kpp_request_set_input(req, NULL, 0);
1955 sg_init_one(&dst, output_buf, out_len_max);
1956 kpp_request_set_output(req, &dst, out_len_max);
1957 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1958 crypto_req_done, &wait);
1960 /* Compute party A's public key */
1961 err = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait);
1963 pr_err("alg: %s: Party A: generate public key test failed. err %d\n",
1969 /* Save party A's public key */
1970 a_public = kzalloc(out_len_max, GFP_KERNEL);
1975 memcpy(a_public, sg_virt(req->dst), out_len_max);
1977 /* Verify calculated public key */
1978 if (memcmp(vec->expected_a_public, sg_virt(req->dst),
1979 vec->expected_a_public_size)) {
1980 pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n",
1987 /* Calculate shared secret key by using counter part (b) public key. */
1988 input_buf = kzalloc(vec->b_public_size, GFP_KERNEL);
1994 memcpy(input_buf, vec->b_public, vec->b_public_size);
1995 sg_init_one(&src, input_buf, vec->b_public_size);
1996 sg_init_one(&dst, output_buf, out_len_max);
1997 kpp_request_set_input(req, &src, vec->b_public_size);
1998 kpp_request_set_output(req, &dst, out_len_max);
1999 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2000 crypto_req_done, &wait);
2001 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait);
2003 pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n",
2009 /* Save the shared secret obtained by party A */
2010 a_ss = kzalloc(vec->expected_ss_size, GFP_KERNEL);
2015 memcpy(a_ss, sg_virt(req->dst), vec->expected_ss_size);
2018 * Calculate party B's shared secret by using party A's
2021 err = crypto_kpp_set_secret(tfm, vec->b_secret,
2022 vec->b_secret_size);
2026 sg_init_one(&src, a_public, vec->expected_a_public_size);
2027 sg_init_one(&dst, output_buf, out_len_max);
2028 kpp_request_set_input(req, &src, vec->expected_a_public_size);
2029 kpp_request_set_output(req, &dst, out_len_max);
2030 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2031 crypto_req_done, &wait);
2032 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req),
2035 pr_err("alg: %s: Party B: compute shared secret failed. err %d\n",
2040 shared_secret = a_ss;
2042 shared_secret = (void *)vec->expected_ss;
2046 * verify shared secret from which the user will derive
2047 * secret key by executing whatever hash it has chosen
2049 if (memcmp(shared_secret, sg_virt(req->dst),
2050 vec->expected_ss_size)) {
2051 pr_err("alg: %s: compute shared secret test failed. Invalid output\n",
2063 kpp_request_free(req);
2067 static int test_kpp(struct crypto_kpp *tfm, const char *alg,
2068 const struct kpp_testvec *vecs, unsigned int tcount)
2072 for (i = 0; i < tcount; i++) {
2073 ret = do_test_kpp(tfm, vecs++, alg);
2075 pr_err("alg: %s: test failed on vector %d, err=%d\n",
2083 static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,
2086 struct crypto_kpp *tfm;
2089 tfm = crypto_alloc_kpp(driver, type, mask);
2091 pr_err("alg: kpp: Failed to load tfm for %s: %ld\n",
2092 driver, PTR_ERR(tfm));
2093 return PTR_ERR(tfm);
2095 if (desc->suite.kpp.vecs)
2096 err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs,
2097 desc->suite.kpp.count);
2099 crypto_free_kpp(tfm);
2103 static int test_akcipher_one(struct crypto_akcipher *tfm,
2104 const struct akcipher_testvec *vecs)
2106 char *xbuf[XBUFSIZE];
2107 struct akcipher_request *req;
2108 void *outbuf_enc = NULL;
2109 void *outbuf_dec = NULL;
2110 struct crypto_wait wait;
2111 unsigned int out_len_max, out_len = 0;
2113 struct scatterlist src, dst, src_tab[2];
2115 if (testmgr_alloc_buf(xbuf))
2118 req = akcipher_request_alloc(tfm, GFP_KERNEL);
2122 crypto_init_wait(&wait);
2124 if (vecs->public_key_vec)
2125 err = crypto_akcipher_set_pub_key(tfm, vecs->key,
2128 err = crypto_akcipher_set_priv_key(tfm, vecs->key,
2134 out_len_max = crypto_akcipher_maxsize(tfm);
2135 outbuf_enc = kzalloc(out_len_max, GFP_KERNEL);
2139 if (WARN_ON(vecs->m_size > PAGE_SIZE))
2142 memcpy(xbuf[0], vecs->m, vecs->m_size);
2144 sg_init_table(src_tab, 2);
2145 sg_set_buf(&src_tab[0], xbuf[0], 8);
2146 sg_set_buf(&src_tab[1], xbuf[0] + 8, vecs->m_size - 8);
2147 sg_init_one(&dst, outbuf_enc, out_len_max);
2148 akcipher_request_set_crypt(req, src_tab, &dst, vecs->m_size,
2150 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2151 crypto_req_done, &wait);
2153 err = crypto_wait_req(vecs->siggen_sigver_test ?
2154 /* Run asymmetric signature generation */
2155 crypto_akcipher_sign(req) :
2156 /* Run asymmetric encrypt */
2157 crypto_akcipher_encrypt(req), &wait);
2159 pr_err("alg: akcipher: encrypt test failed. err %d\n", err);
2162 if (req->dst_len != vecs->c_size) {
2163 pr_err("alg: akcipher: encrypt test failed. Invalid output len\n");
2167 /* verify that encrypted message is equal to expected */
2168 if (memcmp(vecs->c, outbuf_enc, vecs->c_size)) {
2169 pr_err("alg: akcipher: encrypt test failed. Invalid output\n");
2170 hexdump(outbuf_enc, vecs->c_size);
2174 /* Don't invoke decrypt for vectors with public key */
2175 if (vecs->public_key_vec) {
2179 outbuf_dec = kzalloc(out_len_max, GFP_KERNEL);
2185 if (WARN_ON(vecs->c_size > PAGE_SIZE))
2188 memcpy(xbuf[0], vecs->c, vecs->c_size);
2190 sg_init_one(&src, xbuf[0], vecs->c_size);
2191 sg_init_one(&dst, outbuf_dec, out_len_max);
2192 crypto_init_wait(&wait);
2193 akcipher_request_set_crypt(req, &src, &dst, vecs->c_size, out_len_max);
2195 err = crypto_wait_req(vecs->siggen_sigver_test ?
2196 /* Run asymmetric signature verification */
2197 crypto_akcipher_verify(req) :
2198 /* Run asymmetric decrypt */
2199 crypto_akcipher_decrypt(req), &wait);
2201 pr_err("alg: akcipher: decrypt test failed. err %d\n", err);
2204 out_len = req->dst_len;
2205 if (out_len < vecs->m_size) {
2206 pr_err("alg: akcipher: decrypt test failed. "
2207 "Invalid output len %u\n", out_len);
2211 /* verify that decrypted message is equal to the original msg */
2212 if (memchr_inv(outbuf_dec, 0, out_len - vecs->m_size) ||
2213 memcmp(vecs->m, outbuf_dec + out_len - vecs->m_size,
2215 pr_err("alg: akcipher: decrypt test failed. Invalid output\n");
2216 hexdump(outbuf_dec, out_len);
2223 akcipher_request_free(req);
2225 testmgr_free_buf(xbuf);
2229 static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,
2230 const struct akcipher_testvec *vecs,
2231 unsigned int tcount)
2234 crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm));
2237 for (i = 0; i < tcount; i++) {
2238 ret = test_akcipher_one(tfm, vecs++);
2242 pr_err("alg: akcipher: test %d failed for %s, err=%d\n",
2249 static int alg_test_akcipher(const struct alg_test_desc *desc,
2250 const char *driver, u32 type, u32 mask)
2252 struct crypto_akcipher *tfm;
2255 tfm = crypto_alloc_akcipher(driver, type, mask);
2257 pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n",
2258 driver, PTR_ERR(tfm));
2259 return PTR_ERR(tfm);
2261 if (desc->suite.akcipher.vecs)
2262 err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs,
2263 desc->suite.akcipher.count);
2265 crypto_free_akcipher(tfm);
2269 static int alg_test_null(const struct alg_test_desc *desc,
2270 const char *driver, u32 type, u32 mask)
2275 #define __VECS(tv) { .vecs = tv, .count = ARRAY_SIZE(tv) }
2277 /* Please keep this list sorted by algorithm name. */
2278 static const struct alg_test_desc alg_test_descs[] = {
2280 .alg = "ansi_cprng",
2281 .test = alg_test_cprng,
2283 .cprng = __VECS(ansi_cprng_aes_tv_template)
2286 .alg = "authenc(hmac(md5),ecb(cipher_null))",
2287 .test = alg_test_aead,
2290 .enc = __VECS(hmac_md5_ecb_cipher_null_enc_tv_template),
2291 .dec = __VECS(hmac_md5_ecb_cipher_null_dec_tv_template)
2295 .alg = "authenc(hmac(sha1),cbc(aes))",
2296 .test = alg_test_aead,
2300 .enc = __VECS(hmac_sha1_aes_cbc_enc_tv_temp)
2304 .alg = "authenc(hmac(sha1),cbc(des))",
2305 .test = alg_test_aead,
2308 .enc = __VECS(hmac_sha1_des_cbc_enc_tv_temp)
2312 .alg = "authenc(hmac(sha1),cbc(des3_ede))",
2313 .test = alg_test_aead,
2317 .enc = __VECS(hmac_sha1_des3_ede_cbc_enc_tv_temp)
2321 .alg = "authenc(hmac(sha1),ctr(aes))",
2322 .test = alg_test_null,
2325 .alg = "authenc(hmac(sha1),ecb(cipher_null))",
2326 .test = alg_test_aead,
2329 .enc = __VECS(hmac_sha1_ecb_cipher_null_enc_tv_temp),
2330 .dec = __VECS(hmac_sha1_ecb_cipher_null_dec_tv_temp)
2334 .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
2335 .test = alg_test_null,
2338 .alg = "authenc(hmac(sha224),cbc(des))",
2339 .test = alg_test_aead,
2342 .enc = __VECS(hmac_sha224_des_cbc_enc_tv_temp)
2346 .alg = "authenc(hmac(sha224),cbc(des3_ede))",
2347 .test = alg_test_aead,
2351 .enc = __VECS(hmac_sha224_des3_ede_cbc_enc_tv_temp)
2355 .alg = "authenc(hmac(sha256),cbc(aes))",
2356 .test = alg_test_aead,
2360 .enc = __VECS(hmac_sha256_aes_cbc_enc_tv_temp)
2364 .alg = "authenc(hmac(sha256),cbc(des))",
2365 .test = alg_test_aead,
2368 .enc = __VECS(hmac_sha256_des_cbc_enc_tv_temp)
2372 .alg = "authenc(hmac(sha256),cbc(des3_ede))",
2373 .test = alg_test_aead,
2377 .enc = __VECS(hmac_sha256_des3_ede_cbc_enc_tv_temp)
2381 .alg = "authenc(hmac(sha256),ctr(aes))",
2382 .test = alg_test_null,
2385 .alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
2386 .test = alg_test_null,
2389 .alg = "authenc(hmac(sha384),cbc(des))",
2390 .test = alg_test_aead,
2393 .enc = __VECS(hmac_sha384_des_cbc_enc_tv_temp)
2397 .alg = "authenc(hmac(sha384),cbc(des3_ede))",
2398 .test = alg_test_aead,
2402 .enc = __VECS(hmac_sha384_des3_ede_cbc_enc_tv_temp)
2406 .alg = "authenc(hmac(sha384),ctr(aes))",
2407 .test = alg_test_null,
2410 .alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
2411 .test = alg_test_null,
2414 .alg = "authenc(hmac(sha512),cbc(aes))",
2416 .test = alg_test_aead,
2419 .enc = __VECS(hmac_sha512_aes_cbc_enc_tv_temp)
2423 .alg = "authenc(hmac(sha512),cbc(des))",
2424 .test = alg_test_aead,
2427 .enc = __VECS(hmac_sha512_des_cbc_enc_tv_temp)
2431 .alg = "authenc(hmac(sha512),cbc(des3_ede))",
2432 .test = alg_test_aead,
2436 .enc = __VECS(hmac_sha512_des3_ede_cbc_enc_tv_temp)
2440 .alg = "authenc(hmac(sha512),ctr(aes))",
2441 .test = alg_test_null,
2444 .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
2445 .test = alg_test_null,
2449 .test = alg_test_skcipher,
2453 .enc = __VECS(aes_cbc_enc_tv_template),
2454 .dec = __VECS(aes_cbc_dec_tv_template)
2458 .alg = "cbc(anubis)",
2459 .test = alg_test_skcipher,
2462 .enc = __VECS(anubis_cbc_enc_tv_template),
2463 .dec = __VECS(anubis_cbc_dec_tv_template)
2467 .alg = "cbc(blowfish)",
2468 .test = alg_test_skcipher,
2471 .enc = __VECS(bf_cbc_enc_tv_template),
2472 .dec = __VECS(bf_cbc_dec_tv_template)
2476 .alg = "cbc(camellia)",
2477 .test = alg_test_skcipher,
2480 .enc = __VECS(camellia_cbc_enc_tv_template),
2481 .dec = __VECS(camellia_cbc_dec_tv_template)
2485 .alg = "cbc(cast5)",
2486 .test = alg_test_skcipher,
2489 .enc = __VECS(cast5_cbc_enc_tv_template),
2490 .dec = __VECS(cast5_cbc_dec_tv_template)
2494 .alg = "cbc(cast6)",
2495 .test = alg_test_skcipher,
2498 .enc = __VECS(cast6_cbc_enc_tv_template),
2499 .dec = __VECS(cast6_cbc_dec_tv_template)
2504 .test = alg_test_skcipher,
2507 .enc = __VECS(des_cbc_enc_tv_template),
2508 .dec = __VECS(des_cbc_dec_tv_template)
2512 .alg = "cbc(des3_ede)",
2513 .test = alg_test_skcipher,
2517 .enc = __VECS(des3_ede_cbc_enc_tv_template),
2518 .dec = __VECS(des3_ede_cbc_dec_tv_template)
2522 .alg = "cbc(serpent)",
2523 .test = alg_test_skcipher,
2526 .enc = __VECS(serpent_cbc_enc_tv_template),
2527 .dec = __VECS(serpent_cbc_dec_tv_template)
2531 .alg = "cbc(twofish)",
2532 .test = alg_test_skcipher,
2535 .enc = __VECS(tf_cbc_enc_tv_template),
2536 .dec = __VECS(tf_cbc_dec_tv_template)
2540 .alg = "cbcmac(aes)",
2542 .test = alg_test_hash,
2544 .hash = __VECS(aes_cbcmac_tv_template)
2548 .test = alg_test_aead,
2552 .enc = __VECS(aes_ccm_enc_tv_template),
2553 .dec = __VECS(aes_ccm_dec_tv_template)
2558 .test = alg_test_skcipher,
2561 .enc = __VECS(chacha20_enc_tv_template),
2562 .dec = __VECS(chacha20_enc_tv_template),
2568 .test = alg_test_hash,
2570 .hash = __VECS(aes_cmac128_tv_template)
2573 .alg = "cmac(des3_ede)",
2575 .test = alg_test_hash,
2577 .hash = __VECS(des3_ede_cmac64_tv_template)
2580 .alg = "compress_null",
2581 .test = alg_test_null,
2584 .test = alg_test_hash,
2586 .hash = __VECS(crc32_tv_template)
2590 .test = alg_test_crc32c,
2593 .hash = __VECS(crc32c_tv_template)
2597 .test = alg_test_hash,
2600 .hash = __VECS(crct10dif_tv_template)
2604 .test = alg_test_skcipher,
2608 .enc = __VECS(aes_ctr_enc_tv_template),
2609 .dec = __VECS(aes_ctr_dec_tv_template)
2613 .alg = "ctr(blowfish)",
2614 .test = alg_test_skcipher,
2617 .enc = __VECS(bf_ctr_enc_tv_template),
2618 .dec = __VECS(bf_ctr_dec_tv_template)
2622 .alg = "ctr(camellia)",
2623 .test = alg_test_skcipher,
2626 .enc = __VECS(camellia_ctr_enc_tv_template),
2627 .dec = __VECS(camellia_ctr_dec_tv_template)
2631 .alg = "ctr(cast5)",
2632 .test = alg_test_skcipher,
2635 .enc = __VECS(cast5_ctr_enc_tv_template),
2636 .dec = __VECS(cast5_ctr_dec_tv_template)
2640 .alg = "ctr(cast6)",
2641 .test = alg_test_skcipher,
2644 .enc = __VECS(cast6_ctr_enc_tv_template),
2645 .dec = __VECS(cast6_ctr_dec_tv_template)
2650 .test = alg_test_skcipher,
2653 .enc = __VECS(des_ctr_enc_tv_template),
2654 .dec = __VECS(des_ctr_dec_tv_template)
2658 .alg = "ctr(des3_ede)",
2659 .test = alg_test_skcipher,
2663 .enc = __VECS(des3_ede_ctr_enc_tv_template),
2664 .dec = __VECS(des3_ede_ctr_dec_tv_template)
2668 .alg = "ctr(serpent)",
2669 .test = alg_test_skcipher,
2672 .enc = __VECS(serpent_ctr_enc_tv_template),
2673 .dec = __VECS(serpent_ctr_dec_tv_template)
2677 .alg = "ctr(twofish)",
2678 .test = alg_test_skcipher,
2681 .enc = __VECS(tf_ctr_enc_tv_template),
2682 .dec = __VECS(tf_ctr_dec_tv_template)
2686 .alg = "cts(cbc(aes))",
2687 .test = alg_test_skcipher,
2690 .enc = __VECS(cts_mode_enc_tv_template),
2691 .dec = __VECS(cts_mode_dec_tv_template)
2696 .test = alg_test_comp,
2700 .comp = __VECS(deflate_comp_tv_template),
2701 .decomp = __VECS(deflate_decomp_tv_template)
2706 .test = alg_test_kpp,
2709 .kpp = __VECS(dh_tv_template)
2712 .alg = "digest_null",
2713 .test = alg_test_null,
2715 .alg = "drbg_nopr_ctr_aes128",
2716 .test = alg_test_drbg,
2719 .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template)
2722 .alg = "drbg_nopr_ctr_aes192",
2723 .test = alg_test_drbg,
2726 .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template)
2729 .alg = "drbg_nopr_ctr_aes256",
2730 .test = alg_test_drbg,
2733 .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template)
2737 * There is no need to specifically test the DRBG with every
2738 * backend cipher -- covered by drbg_nopr_hmac_sha256 test
2740 .alg = "drbg_nopr_hmac_sha1",
2742 .test = alg_test_null,
2744 .alg = "drbg_nopr_hmac_sha256",
2745 .test = alg_test_drbg,
2748 .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template)
2751 /* covered by drbg_nopr_hmac_sha256 test */
2752 .alg = "drbg_nopr_hmac_sha384",
2754 .test = alg_test_null,
2756 .alg = "drbg_nopr_hmac_sha512",
2757 .test = alg_test_null,
2760 .alg = "drbg_nopr_sha1",
2762 .test = alg_test_null,
2764 .alg = "drbg_nopr_sha256",
2765 .test = alg_test_drbg,
2768 .drbg = __VECS(drbg_nopr_sha256_tv_template)
2771 /* covered by drbg_nopr_sha256 test */
2772 .alg = "drbg_nopr_sha384",
2774 .test = alg_test_null,
2776 .alg = "drbg_nopr_sha512",
2778 .test = alg_test_null,
2780 .alg = "drbg_pr_ctr_aes128",
2781 .test = alg_test_drbg,
2784 .drbg = __VECS(drbg_pr_ctr_aes128_tv_template)
2787 /* covered by drbg_pr_ctr_aes128 test */
2788 .alg = "drbg_pr_ctr_aes192",
2790 .test = alg_test_null,
2792 .alg = "drbg_pr_ctr_aes256",
2794 .test = alg_test_null,
2796 .alg = "drbg_pr_hmac_sha1",
2798 .test = alg_test_null,
2800 .alg = "drbg_pr_hmac_sha256",
2801 .test = alg_test_drbg,
2804 .drbg = __VECS(drbg_pr_hmac_sha256_tv_template)
2807 /* covered by drbg_pr_hmac_sha256 test */
2808 .alg = "drbg_pr_hmac_sha384",
2810 .test = alg_test_null,
2812 .alg = "drbg_pr_hmac_sha512",
2813 .test = alg_test_null,
2816 .alg = "drbg_pr_sha1",
2818 .test = alg_test_null,
2820 .alg = "drbg_pr_sha256",
2821 .test = alg_test_drbg,
2824 .drbg = __VECS(drbg_pr_sha256_tv_template)
2827 /* covered by drbg_pr_sha256 test */
2828 .alg = "drbg_pr_sha384",
2830 .test = alg_test_null,
2832 .alg = "drbg_pr_sha512",
2834 .test = alg_test_null,
2837 .test = alg_test_skcipher,
2841 .enc = __VECS(aes_enc_tv_template),
2842 .dec = __VECS(aes_dec_tv_template)
2846 .alg = "ecb(anubis)",
2847 .test = alg_test_skcipher,
2850 .enc = __VECS(anubis_enc_tv_template),
2851 .dec = __VECS(anubis_dec_tv_template)
2856 .test = alg_test_skcipher,
2859 .enc = __VECS(arc4_enc_tv_template),
2860 .dec = __VECS(arc4_dec_tv_template)
2864 .alg = "ecb(blowfish)",
2865 .test = alg_test_skcipher,
2868 .enc = __VECS(bf_enc_tv_template),
2869 .dec = __VECS(bf_dec_tv_template)
2873 .alg = "ecb(camellia)",
2874 .test = alg_test_skcipher,
2877 .enc = __VECS(camellia_enc_tv_template),
2878 .dec = __VECS(camellia_dec_tv_template)
2882 .alg = "ecb(cast5)",
2883 .test = alg_test_skcipher,
2886 .enc = __VECS(cast5_enc_tv_template),
2887 .dec = __VECS(cast5_dec_tv_template)
2891 .alg = "ecb(cast6)",
2892 .test = alg_test_skcipher,
2895 .enc = __VECS(cast6_enc_tv_template),
2896 .dec = __VECS(cast6_dec_tv_template)
2900 .alg = "ecb(cipher_null)",
2901 .test = alg_test_null,
2905 .test = alg_test_skcipher,
2908 .enc = __VECS(des_enc_tv_template),
2909 .dec = __VECS(des_dec_tv_template)
2913 .alg = "ecb(des3_ede)",
2914 .test = alg_test_skcipher,
2918 .enc = __VECS(des3_ede_enc_tv_template),
2919 .dec = __VECS(des3_ede_dec_tv_template)
2923 .alg = "ecb(fcrypt)",
2924 .test = alg_test_skcipher,
2928 .vecs = fcrypt_pcbc_enc_tv_template,
2932 .vecs = fcrypt_pcbc_dec_tv_template,
2938 .alg = "ecb(khazad)",
2939 .test = alg_test_skcipher,
2942 .enc = __VECS(khazad_enc_tv_template),
2943 .dec = __VECS(khazad_dec_tv_template)
2948 .test = alg_test_skcipher,
2951 .enc = __VECS(seed_enc_tv_template),
2952 .dec = __VECS(seed_dec_tv_template)
2956 .alg = "ecb(serpent)",
2957 .test = alg_test_skcipher,
2960 .enc = __VECS(serpent_enc_tv_template),
2961 .dec = __VECS(serpent_dec_tv_template)
2966 .test = alg_test_skcipher,
2969 .enc = __VECS(tea_enc_tv_template),
2970 .dec = __VECS(tea_dec_tv_template)
2974 .alg = "ecb(tnepres)",
2975 .test = alg_test_skcipher,
2978 .enc = __VECS(tnepres_enc_tv_template),
2979 .dec = __VECS(tnepres_dec_tv_template)
2983 .alg = "ecb(twofish)",
2984 .test = alg_test_skcipher,
2987 .enc = __VECS(tf_enc_tv_template),
2988 .dec = __VECS(tf_dec_tv_template)
2993 .test = alg_test_skcipher,
2996 .enc = __VECS(xeta_enc_tv_template),
2997 .dec = __VECS(xeta_dec_tv_template)
3002 .test = alg_test_skcipher,
3005 .enc = __VECS(xtea_enc_tv_template),
3006 .dec = __VECS(xtea_dec_tv_template)
3011 .test = alg_test_kpp,
3014 .kpp = __VECS(ecdh_tv_template)
3018 .test = alg_test_aead,
3022 .enc = __VECS(aes_gcm_enc_tv_template),
3023 .dec = __VECS(aes_gcm_dec_tv_template)
3028 .test = alg_test_hash,
3031 .hash = __VECS(ghash_tv_template)
3034 .alg = "hmac(crc32)",
3035 .test = alg_test_hash,
3037 .hash = __VECS(bfin_crc_tv_template)
3041 .test = alg_test_hash,
3043 .hash = __VECS(hmac_md5_tv_template)
3046 .alg = "hmac(rmd128)",
3047 .test = alg_test_hash,
3049 .hash = __VECS(hmac_rmd128_tv_template)
3052 .alg = "hmac(rmd160)",
3053 .test = alg_test_hash,
3055 .hash = __VECS(hmac_rmd160_tv_template)
3058 .alg = "hmac(sha1)",
3059 .test = alg_test_hash,
3062 .hash = __VECS(hmac_sha1_tv_template)
3065 .alg = "hmac(sha224)",
3066 .test = alg_test_hash,
3069 .hash = __VECS(hmac_sha224_tv_template)
3072 .alg = "hmac(sha256)",
3073 .test = alg_test_hash,
3076 .hash = __VECS(hmac_sha256_tv_template)
3079 .alg = "hmac(sha3-224)",
3080 .test = alg_test_hash,
3083 .hash = __VECS(hmac_sha3_224_tv_template)
3086 .alg = "hmac(sha3-256)",
3087 .test = alg_test_hash,
3090 .hash = __VECS(hmac_sha3_256_tv_template)
3093 .alg = "hmac(sha3-384)",
3094 .test = alg_test_hash,
3097 .hash = __VECS(hmac_sha3_384_tv_template)
3100 .alg = "hmac(sha3-512)",
3101 .test = alg_test_hash,
3104 .hash = __VECS(hmac_sha3_512_tv_template)
3107 .alg = "hmac(sha384)",
3108 .test = alg_test_hash,
3111 .hash = __VECS(hmac_sha384_tv_template)
3114 .alg = "hmac(sha512)",
3115 .test = alg_test_hash,
3118 .hash = __VECS(hmac_sha512_tv_template)
3121 .alg = "jitterentropy_rng",
3123 .test = alg_test_null,
3126 .test = alg_test_skcipher,
3130 .enc = __VECS(aes_kw_enc_tv_template),
3131 .dec = __VECS(aes_kw_dec_tv_template)
3136 .test = alg_test_skcipher,
3139 .enc = __VECS(aes_lrw_enc_tv_template),
3140 .dec = __VECS(aes_lrw_dec_tv_template)
3144 .alg = "lrw(camellia)",
3145 .test = alg_test_skcipher,
3148 .enc = __VECS(camellia_lrw_enc_tv_template),
3149 .dec = __VECS(camellia_lrw_dec_tv_template)
3153 .alg = "lrw(cast6)",
3154 .test = alg_test_skcipher,
3157 .enc = __VECS(cast6_lrw_enc_tv_template),
3158 .dec = __VECS(cast6_lrw_dec_tv_template)
3162 .alg = "lrw(serpent)",
3163 .test = alg_test_skcipher,
3166 .enc = __VECS(serpent_lrw_enc_tv_template),
3167 .dec = __VECS(serpent_lrw_dec_tv_template)
3171 .alg = "lrw(twofish)",
3172 .test = alg_test_skcipher,
3175 .enc = __VECS(tf_lrw_enc_tv_template),
3176 .dec = __VECS(tf_lrw_dec_tv_template)
3181 .test = alg_test_comp,
3185 .comp = __VECS(lz4_comp_tv_template),
3186 .decomp = __VECS(lz4_decomp_tv_template)
3191 .test = alg_test_comp,
3195 .comp = __VECS(lz4hc_comp_tv_template),
3196 .decomp = __VECS(lz4hc_decomp_tv_template)
3201 .test = alg_test_comp,
3205 .comp = __VECS(lzo_comp_tv_template),
3206 .decomp = __VECS(lzo_decomp_tv_template)
3211 .test = alg_test_hash,
3213 .hash = __VECS(md4_tv_template)
3217 .test = alg_test_hash,
3219 .hash = __VECS(md5_tv_template)
3222 .alg = "michael_mic",
3223 .test = alg_test_hash,
3225 .hash = __VECS(michael_mic_tv_template)
3229 .test = alg_test_skcipher,
3233 .enc = __VECS(aes_ofb_enc_tv_template),
3234 .dec = __VECS(aes_ofb_dec_tv_template)
3238 .alg = "pcbc(fcrypt)",
3239 .test = alg_test_skcipher,
3242 .enc = __VECS(fcrypt_pcbc_enc_tv_template),
3243 .dec = __VECS(fcrypt_pcbc_dec_tv_template)
3247 .alg = "pkcs1pad(rsa,sha224)",
3248 .test = alg_test_null,
3251 .alg = "pkcs1pad(rsa,sha256)",
3252 .test = alg_test_akcipher,
3255 .akcipher = __VECS(pkcs1pad_rsa_tv_template)
3258 .alg = "pkcs1pad(rsa,sha384)",
3259 .test = alg_test_null,
3262 .alg = "pkcs1pad(rsa,sha512)",
3263 .test = alg_test_null,
3267 .test = alg_test_hash,
3269 .hash = __VECS(poly1305_tv_template)
3272 .alg = "rfc3686(ctr(aes))",
3273 .test = alg_test_skcipher,
3277 .enc = __VECS(aes_ctr_rfc3686_enc_tv_template),
3278 .dec = __VECS(aes_ctr_rfc3686_dec_tv_template)
3282 .alg = "rfc4106(gcm(aes))",
3283 .test = alg_test_aead,
3287 .enc = __VECS(aes_gcm_rfc4106_enc_tv_template),
3288 .dec = __VECS(aes_gcm_rfc4106_dec_tv_template)
3292 .alg = "rfc4309(ccm(aes))",
3293 .test = alg_test_aead,
3297 .enc = __VECS(aes_ccm_rfc4309_enc_tv_template),
3298 .dec = __VECS(aes_ccm_rfc4309_dec_tv_template)
3302 .alg = "rfc4543(gcm(aes))",
3303 .test = alg_test_aead,
3306 .enc = __VECS(aes_gcm_rfc4543_enc_tv_template),
3307 .dec = __VECS(aes_gcm_rfc4543_dec_tv_template),
3311 .alg = "rfc7539(chacha20,poly1305)",
3312 .test = alg_test_aead,
3315 .enc = __VECS(rfc7539_enc_tv_template),
3316 .dec = __VECS(rfc7539_dec_tv_template),
3320 .alg = "rfc7539esp(chacha20,poly1305)",
3321 .test = alg_test_aead,
3324 .enc = __VECS(rfc7539esp_enc_tv_template),
3325 .dec = __VECS(rfc7539esp_dec_tv_template),
3330 .test = alg_test_hash,
3332 .hash = __VECS(rmd128_tv_template)
3336 .test = alg_test_hash,
3338 .hash = __VECS(rmd160_tv_template)
3342 .test = alg_test_hash,
3344 .hash = __VECS(rmd256_tv_template)
3348 .test = alg_test_hash,
3350 .hash = __VECS(rmd320_tv_template)
3354 .test = alg_test_akcipher,
3357 .akcipher = __VECS(rsa_tv_template)
3361 .test = alg_test_skcipher,
3364 .enc = __VECS(salsa20_stream_enc_tv_template)
3369 .test = alg_test_hash,
3372 .hash = __VECS(sha1_tv_template)
3376 .test = alg_test_hash,
3379 .hash = __VECS(sha224_tv_template)
3383 .test = alg_test_hash,
3386 .hash = __VECS(sha256_tv_template)
3390 .test = alg_test_hash,
3393 .hash = __VECS(sha3_224_tv_template)
3397 .test = alg_test_hash,
3400 .hash = __VECS(sha3_256_tv_template)
3404 .test = alg_test_hash,
3407 .hash = __VECS(sha3_384_tv_template)
3411 .test = alg_test_hash,
3414 .hash = __VECS(sha3_512_tv_template)
3418 .test = alg_test_hash,
3421 .hash = __VECS(sha384_tv_template)
3425 .test = alg_test_hash,
3428 .hash = __VECS(sha512_tv_template)
3432 .test = alg_test_hash,
3434 .hash = __VECS(sm3_tv_template)
3438 .test = alg_test_hash,
3440 .hash = __VECS(tgr128_tv_template)
3444 .test = alg_test_hash,
3446 .hash = __VECS(tgr160_tv_template)
3450 .test = alg_test_hash,
3452 .hash = __VECS(tgr192_tv_template)
3456 .test = alg_test_hash,
3458 .hash = __VECS(aes_vmac128_tv_template)
3462 .test = alg_test_hash,
3464 .hash = __VECS(wp256_tv_template)
3468 .test = alg_test_hash,
3470 .hash = __VECS(wp384_tv_template)
3474 .test = alg_test_hash,
3476 .hash = __VECS(wp512_tv_template)
3480 .test = alg_test_hash,
3482 .hash = __VECS(aes_xcbc128_tv_template)
3486 .test = alg_test_skcipher,
3490 .enc = __VECS(aes_xts_enc_tv_template),
3491 .dec = __VECS(aes_xts_dec_tv_template)
3495 .alg = "xts(camellia)",
3496 .test = alg_test_skcipher,
3499 .enc = __VECS(camellia_xts_enc_tv_template),
3500 .dec = __VECS(camellia_xts_dec_tv_template)
3504 .alg = "xts(cast6)",
3505 .test = alg_test_skcipher,
3508 .enc = __VECS(cast6_xts_enc_tv_template),
3509 .dec = __VECS(cast6_xts_dec_tv_template)
3513 .alg = "xts(serpent)",
3514 .test = alg_test_skcipher,
3517 .enc = __VECS(serpent_xts_enc_tv_template),
3518 .dec = __VECS(serpent_xts_dec_tv_template)
3522 .alg = "xts(twofish)",
3523 .test = alg_test_skcipher,
3526 .enc = __VECS(tf_xts_enc_tv_template),
3527 .dec = __VECS(tf_xts_dec_tv_template)
3531 .alg = "zlib-deflate",
3532 .test = alg_test_comp,
3536 .comp = __VECS(zlib_deflate_comp_tv_template),
3537 .decomp = __VECS(zlib_deflate_decomp_tv_template)
3543 static bool alg_test_descs_checked;
3545 static void alg_test_descs_check_order(void)
3549 /* only check once */
3550 if (alg_test_descs_checked)
3553 alg_test_descs_checked = true;
3555 for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) {
3556 int diff = strcmp(alg_test_descs[i - 1].alg,
3557 alg_test_descs[i].alg);
3559 if (WARN_ON(diff > 0)) {
3560 pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n",
3561 alg_test_descs[i - 1].alg,
3562 alg_test_descs[i].alg);
3565 if (WARN_ON(diff == 0)) {
3566 pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n",
3567 alg_test_descs[i].alg);
3572 static int alg_find_test(const char *alg)
3575 int end = ARRAY_SIZE(alg_test_descs);
3577 while (start < end) {
3578 int i = (start + end) / 2;
3579 int diff = strcmp(alg_test_descs[i].alg, alg);
3597 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
3603 if (!fips_enabled && notests) {
3604 printk_once(KERN_INFO "alg: self-tests disabled\n");
3608 alg_test_descs_check_order();
3610 if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
3611 char nalg[CRYPTO_MAX_ALG_NAME];
3613 if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >=
3615 return -ENAMETOOLONG;
3617 i = alg_find_test(nalg);
3621 if (fips_enabled && !alg_test_descs[i].fips_allowed)
3624 rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
3628 i = alg_find_test(alg);
3629 j = alg_find_test(driver);
3633 if (fips_enabled && ((i >= 0 && !alg_test_descs[i].fips_allowed) ||
3634 (j >= 0 && !alg_test_descs[j].fips_allowed)))
3639 rc |= alg_test_descs[i].test(alg_test_descs + i, driver,
3641 if (j >= 0 && j != i)
3642 rc |= alg_test_descs[j].test(alg_test_descs + j, driver,
3646 if (fips_enabled && rc)
3647 panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
3649 if (fips_enabled && !rc)
3650 pr_info("alg: self-tests for %s (%s) passed\n", driver, alg);
3655 printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
3661 #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */
3663 EXPORT_SYMBOL_GPL(alg_test);
git.samba.org / sfrench / cifs-2.6.git / blob