2 * Algorithm testing framework and tests.
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
6 * Copyright (c) 2007 Nokia Siemens Networks
7 * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
9 * Updated RFC4106 AES-GCM testing.
10 * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com)
11 * Adrian Hoban <adrian.hoban@intel.com>
12 * Gabriele Paoloni <gabriele.paoloni@intel.com>
13 * Tadeusz Struk (tadeusz.struk@intel.com)
14 * Copyright (c) 2010, Intel Corporation.
16 * This program is free software; you can redistribute it and/or modify it
17 * under the terms of the GNU General Public License as published by the Free
18 * Software Foundation; either version 2 of the License, or (at your option)
23 #include <crypto/aead.h>
24 #include <crypto/hash.h>
25 #include <crypto/skcipher.h>
26 #include <linux/err.h>
27 #include <linux/fips.h>
28 #include <linux/module.h>
29 #include <linux/scatterlist.h>
30 #include <linux/slab.h>
31 #include <linux/string.h>
32 #include <crypto/rng.h>
33 #include <crypto/drbg.h>
34 #include <crypto/akcipher.h>
35 #include <crypto/kpp.h>
36 #include <crypto/acompress.h>
41 module_param(notests, bool, 0644);
42 MODULE_PARM_DESC(notests, "disable crypto self-tests");
44 #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
47 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
57 * Need slab memory for testing (size in number of pages).
62 * Indexes into the xbuf to simulate cross-page access.
74 * Used by test_cipher()
79 struct tcrypt_result {
80 struct completion completion;
84 struct aead_test_suite {
86 struct aead_testvec *vecs;
91 struct cipher_test_suite {
93 struct cipher_testvec *vecs;
98 struct comp_test_suite {
100 struct comp_testvec *vecs;
105 struct hash_test_suite {
106 struct hash_testvec *vecs;
110 struct cprng_test_suite {
111 struct cprng_testvec *vecs;
115 struct drbg_test_suite {
116 struct drbg_testvec *vecs;
120 struct akcipher_test_suite {
121 struct akcipher_testvec *vecs;
125 struct kpp_test_suite {
126 struct kpp_testvec *vecs;
130 struct alg_test_desc {
132 int (*test)(const struct alg_test_desc *desc, const char *driver,
134 int fips_allowed; /* set if alg is allowed in fips mode */
137 struct aead_test_suite aead;
138 struct cipher_test_suite cipher;
139 struct comp_test_suite comp;
140 struct hash_test_suite hash;
141 struct cprng_test_suite cprng;
142 struct drbg_test_suite drbg;
143 struct akcipher_test_suite akcipher;
144 struct kpp_test_suite kpp;
148 static unsigned int IDX[8] = { IDX1, IDX2, IDX3, IDX4, IDX5, IDX6, IDX7, IDX8 };
150 static void hexdump(unsigned char *buf, unsigned int len)
152 print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
157 static void tcrypt_complete(struct crypto_async_request *req, int err)
159 struct tcrypt_result *res = req->data;
161 if (err == -EINPROGRESS)
165 complete(&res->completion);
168 static int testmgr_alloc_buf(char *buf[XBUFSIZE])
172 for (i = 0; i < XBUFSIZE; i++) {
173 buf[i] = (void *)__get_free_page(GFP_KERNEL);
182 free_page((unsigned long)buf[i]);
187 static void testmgr_free_buf(char *buf[XBUFSIZE])
191 for (i = 0; i < XBUFSIZE; i++)
192 free_page((unsigned long)buf[i]);
195 static int wait_async_op(struct tcrypt_result *tr, int ret)
197 if (ret == -EINPROGRESS || ret == -EBUSY) {
198 wait_for_completion(&tr->completion);
199 reinit_completion(&tr->completion);
205 static int ahash_partial_update(struct ahash_request **preq,
206 struct crypto_ahash *tfm, struct hash_testvec *template,
207 void *hash_buff, int k, int temp, struct scatterlist *sg,
208 const char *algo, char *result, struct tcrypt_result *tresult)
211 struct ahash_request *req;
212 int statesize, ret = -EINVAL;
213 const char guard[] = { 0x00, 0xba, 0xad, 0x00 };
216 statesize = crypto_ahash_statesize(
217 crypto_ahash_reqtfm(req));
218 state = kmalloc(statesize + sizeof(guard), GFP_KERNEL);
220 pr_err("alt: hash: Failed to alloc state for %s\n", algo);
223 memcpy(state + statesize, guard, sizeof(guard));
224 ret = crypto_ahash_export(req, state);
225 WARN_ON(memcmp(state + statesize, guard, sizeof(guard)));
227 pr_err("alt: hash: Failed to export() for %s\n", algo);
230 ahash_request_free(req);
231 req = ahash_request_alloc(tfm, GFP_KERNEL);
233 pr_err("alg: hash: Failed to alloc request for %s\n", algo);
236 ahash_request_set_callback(req,
237 CRYPTO_TFM_REQ_MAY_BACKLOG,
238 tcrypt_complete, tresult);
240 memcpy(hash_buff, template->plaintext + temp,
242 sg_init_one(&sg[0], hash_buff, template->tap[k]);
243 ahash_request_set_crypt(req, sg, result, template->tap[k]);
244 ret = crypto_ahash_import(req, state);
246 pr_err("alg: hash: Failed to import() for %s\n", algo);
249 ret = wait_async_op(tresult, crypto_ahash_update(req));
256 ahash_request_free(req);
263 static int __test_hash(struct crypto_ahash *tfm, struct hash_testvec *template,
264 unsigned int tcount, bool use_digest,
265 const int align_offset)
267 const char *algo = crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
268 size_t digest_size = crypto_ahash_digestsize(tfm);
269 unsigned int i, j, k, temp;
270 struct scatterlist sg[8];
273 struct ahash_request *req;
274 struct tcrypt_result tresult;
276 char *xbuf[XBUFSIZE];
279 result = kmalloc(digest_size, GFP_KERNEL);
282 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
285 if (testmgr_alloc_buf(xbuf))
288 init_completion(&tresult.completion);
290 req = ahash_request_alloc(tfm, GFP_KERNEL);
292 printk(KERN_ERR "alg: hash: Failed to allocate request for "
296 ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
297 tcrypt_complete, &tresult);
300 for (i = 0; i < tcount; i++) {
305 if (WARN_ON(align_offset + template[i].psize > PAGE_SIZE))
309 memset(result, 0, digest_size);
312 hash_buff += align_offset;
314 memcpy(hash_buff, template[i].plaintext, template[i].psize);
315 sg_init_one(&sg[0], hash_buff, template[i].psize);
317 if (template[i].ksize) {
318 crypto_ahash_clear_flags(tfm, ~0);
319 if (template[i].ksize > MAX_KEYLEN) {
320 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
321 j, algo, template[i].ksize, MAX_KEYLEN);
325 memcpy(key, template[i].key, template[i].ksize);
326 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
328 printk(KERN_ERR "alg: hash: setkey failed on "
329 "test %d for %s: ret=%d\n", j, algo,
335 ahash_request_set_crypt(req, sg, result, template[i].psize);
337 ret = wait_async_op(&tresult, crypto_ahash_digest(req));
339 pr_err("alg: hash: digest failed on test %d "
340 "for %s: ret=%d\n", j, algo, -ret);
344 ret = wait_async_op(&tresult, crypto_ahash_init(req));
346 pr_err("alt: hash: init failed on test %d "
347 "for %s: ret=%d\n", j, algo, -ret);
350 ret = wait_async_op(&tresult, crypto_ahash_update(req));
352 pr_err("alt: hash: update failed on test %d "
353 "for %s: ret=%d\n", j, algo, -ret);
356 ret = wait_async_op(&tresult, crypto_ahash_final(req));
358 pr_err("alt: hash: final failed on test %d "
359 "for %s: ret=%d\n", j, algo, -ret);
364 if (memcmp(result, template[i].digest,
365 crypto_ahash_digestsize(tfm))) {
366 printk(KERN_ERR "alg: hash: Test %d failed for %s\n",
368 hexdump(result, crypto_ahash_digestsize(tfm));
375 for (i = 0; i < tcount; i++) {
376 /* alignment tests are only done with continuous buffers */
377 if (align_offset != 0)
384 memset(result, 0, digest_size);
387 sg_init_table(sg, template[i].np);
389 for (k = 0; k < template[i].np; k++) {
390 if (WARN_ON(offset_in_page(IDX[k]) +
391 template[i].tap[k] > PAGE_SIZE))
394 memcpy(xbuf[IDX[k] >> PAGE_SHIFT] +
395 offset_in_page(IDX[k]),
396 template[i].plaintext + temp,
399 temp += template[i].tap[k];
402 if (template[i].ksize) {
403 if (template[i].ksize > MAX_KEYLEN) {
404 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
405 j, algo, template[i].ksize, MAX_KEYLEN);
409 crypto_ahash_clear_flags(tfm, ~0);
410 memcpy(key, template[i].key, template[i].ksize);
411 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
414 printk(KERN_ERR "alg: hash: setkey "
415 "failed on chunking test %d "
416 "for %s: ret=%d\n", j, algo, -ret);
421 ahash_request_set_crypt(req, sg, result, template[i].psize);
422 ret = crypto_ahash_digest(req);
428 wait_for_completion(&tresult.completion);
429 reinit_completion(&tresult.completion);
435 printk(KERN_ERR "alg: hash: digest failed "
436 "on chunking test %d for %s: "
437 "ret=%d\n", j, algo, -ret);
441 if (memcmp(result, template[i].digest,
442 crypto_ahash_digestsize(tfm))) {
443 printk(KERN_ERR "alg: hash: Chunking test %d "
444 "failed for %s\n", j, algo);
445 hexdump(result, crypto_ahash_digestsize(tfm));
451 /* partial update exercise */
453 for (i = 0; i < tcount; i++) {
454 /* alignment tests are only done with continuous buffers */
455 if (align_offset != 0)
458 if (template[i].np < 2)
462 memset(result, 0, digest_size);
466 memcpy(hash_buff, template[i].plaintext,
468 sg_init_one(&sg[0], hash_buff, template[i].tap[0]);
470 if (template[i].ksize) {
471 crypto_ahash_clear_flags(tfm, ~0);
472 if (template[i].ksize > MAX_KEYLEN) {
473 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
474 j, algo, template[i].ksize, MAX_KEYLEN);
478 memcpy(key, template[i].key, template[i].ksize);
479 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
481 pr_err("alg: hash: setkey failed on test %d for %s: ret=%d\n",
487 ahash_request_set_crypt(req, sg, result, template[i].tap[0]);
488 ret = wait_async_op(&tresult, crypto_ahash_init(req));
490 pr_err("alt: hash: init failed on test %d for %s: ret=%d\n",
494 ret = wait_async_op(&tresult, crypto_ahash_update(req));
496 pr_err("alt: hash: update failed on test %d for %s: ret=%d\n",
501 temp = template[i].tap[0];
502 for (k = 1; k < template[i].np; k++) {
503 ret = ahash_partial_update(&req, tfm, &template[i],
504 hash_buff, k, temp, &sg[0], algo, result,
507 pr_err("hash: partial update failed on test %d for %s: ret=%d\n",
511 temp += template[i].tap[k];
513 ret = wait_async_op(&tresult, crypto_ahash_final(req));
515 pr_err("alt: hash: final failed on test %d for %s: ret=%d\n",
519 if (memcmp(result, template[i].digest,
520 crypto_ahash_digestsize(tfm))) {
521 pr_err("alg: hash: Partial Test %d failed for %s\n",
523 hexdump(result, crypto_ahash_digestsize(tfm));
532 ahash_request_free(req);
534 testmgr_free_buf(xbuf);
541 static int test_hash(struct crypto_ahash *tfm, struct hash_testvec *template,
542 unsigned int tcount, bool use_digest)
544 unsigned int alignmask;
547 ret = __test_hash(tfm, template, tcount, use_digest, 0);
551 /* test unaligned buffers, check with one byte offset */
552 ret = __test_hash(tfm, template, tcount, use_digest, 1);
556 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
558 /* Check if alignment mask for tfm is correctly set. */
559 ret = __test_hash(tfm, template, tcount, use_digest,
568 static int __test_aead(struct crypto_aead *tfm, int enc,
569 struct aead_testvec *template, unsigned int tcount,
570 const bool diff_dst, const int align_offset)
572 const char *algo = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
573 unsigned int i, j, k, n, temp;
577 struct aead_request *req;
578 struct scatterlist *sg;
579 struct scatterlist *sgout;
581 struct tcrypt_result result;
582 unsigned int authsize, iv_len;
587 char *xbuf[XBUFSIZE];
588 char *xoutbuf[XBUFSIZE];
589 char *axbuf[XBUFSIZE];
591 iv = kzalloc(MAX_IVLEN, GFP_KERNEL);
594 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
597 if (testmgr_alloc_buf(xbuf))
599 if (testmgr_alloc_buf(axbuf))
601 if (diff_dst && testmgr_alloc_buf(xoutbuf))
604 /* avoid "the frame size is larger than 1024 bytes" compiler warning */
605 sg = kmalloc(sizeof(*sg) * 8 * (diff_dst ? 4 : 2), GFP_KERNEL);
620 init_completion(&result.completion);
622 req = aead_request_alloc(tfm, GFP_KERNEL);
624 pr_err("alg: aead%s: Failed to allocate request for %s\n",
629 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
630 tcrypt_complete, &result);
632 iv_len = crypto_aead_ivsize(tfm);
634 for (i = 0, j = 0; i < tcount; i++) {
640 /* some templates have no input data but they will
644 input += align_offset;
648 if (WARN_ON(align_offset + template[i].ilen >
649 PAGE_SIZE || template[i].alen > PAGE_SIZE))
652 memcpy(input, template[i].input, template[i].ilen);
653 memcpy(assoc, template[i].assoc, template[i].alen);
655 memcpy(iv, template[i].iv, iv_len);
657 memset(iv, 0, iv_len);
659 crypto_aead_clear_flags(tfm, ~0);
661 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
663 if (template[i].klen > MAX_KEYLEN) {
664 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
665 d, j, algo, template[i].klen,
670 memcpy(key, template[i].key, template[i].klen);
672 ret = crypto_aead_setkey(tfm, key, template[i].klen);
673 if (template[i].fail == !ret) {
674 pr_err("alg: aead%s: setkey failed on test %d for %s: flags=%x\n",
675 d, j, algo, crypto_aead_get_flags(tfm));
680 authsize = abs(template[i].rlen - template[i].ilen);
681 ret = crypto_aead_setauthsize(tfm, authsize);
683 pr_err("alg: aead%s: Failed to set authsize to %u on test %d for %s\n",
684 d, authsize, j, algo);
688 k = !!template[i].alen;
689 sg_init_table(sg, k + 1);
690 sg_set_buf(&sg[0], assoc, template[i].alen);
691 sg_set_buf(&sg[k], input,
692 template[i].ilen + (enc ? authsize : 0));
696 sg_init_table(sgout, k + 1);
697 sg_set_buf(&sgout[0], assoc, template[i].alen);
700 output += align_offset;
701 sg_set_buf(&sgout[k], output,
702 template[i].rlen + (enc ? 0 : authsize));
705 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
706 template[i].ilen, iv);
708 aead_request_set_ad(req, template[i].alen);
710 ret = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);
714 if (template[i].novrfy) {
715 /* verification was supposed to fail */
716 pr_err("alg: aead%s: %s failed on test %d for %s: ret was 0, expected -EBADMSG\n",
718 /* so really, we got a bad message */
725 wait_for_completion(&result.completion);
726 reinit_completion(&result.completion);
731 if (template[i].novrfy)
732 /* verification failure was expected */
736 pr_err("alg: aead%s: %s failed on test %d for %s: ret=%d\n",
737 d, e, j, algo, -ret);
742 if (memcmp(q, template[i].result, template[i].rlen)) {
743 pr_err("alg: aead%s: Test %d failed on %s for %s\n",
745 hexdump(q, template[i].rlen);
751 for (i = 0, j = 0; i < tcount; i++) {
752 /* alignment tests are only done with continuous buffers */
753 if (align_offset != 0)
762 memcpy(iv, template[i].iv, iv_len);
764 memset(iv, 0, MAX_IVLEN);
766 crypto_aead_clear_flags(tfm, ~0);
768 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
769 if (template[i].klen > MAX_KEYLEN) {
770 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
771 d, j, algo, template[i].klen, MAX_KEYLEN);
775 memcpy(key, template[i].key, template[i].klen);
777 ret = crypto_aead_setkey(tfm, key, template[i].klen);
778 if (template[i].fail == !ret) {
779 pr_err("alg: aead%s: setkey failed on chunk test %d for %s: flags=%x\n",
780 d, j, algo, crypto_aead_get_flags(tfm));
785 authsize = abs(template[i].rlen - template[i].ilen);
788 sg_init_table(sg, template[i].anp + template[i].np);
790 sg_init_table(sgout, template[i].anp + template[i].np);
793 for (k = 0, temp = 0; k < template[i].anp; k++) {
794 if (WARN_ON(offset_in_page(IDX[k]) +
795 template[i].atap[k] > PAGE_SIZE))
798 memcpy(axbuf[IDX[k] >> PAGE_SHIFT] +
799 offset_in_page(IDX[k]),
800 template[i].assoc + temp,
801 template[i].atap[k]),
802 template[i].atap[k]);
804 sg_set_buf(&sgout[k],
805 axbuf[IDX[k] >> PAGE_SHIFT] +
806 offset_in_page(IDX[k]),
807 template[i].atap[k]);
808 temp += template[i].atap[k];
811 for (k = 0, temp = 0; k < template[i].np; k++) {
812 if (WARN_ON(offset_in_page(IDX[k]) +
813 template[i].tap[k] > PAGE_SIZE))
816 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
817 memcpy(q, template[i].input + temp, template[i].tap[k]);
818 sg_set_buf(&sg[template[i].anp + k],
819 q, template[i].tap[k]);
822 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
823 offset_in_page(IDX[k]);
825 memset(q, 0, template[i].tap[k]);
827 sg_set_buf(&sgout[template[i].anp + k],
828 q, template[i].tap[k]);
831 n = template[i].tap[k];
832 if (k == template[i].np - 1 && enc)
834 if (offset_in_page(q) + n < PAGE_SIZE)
837 temp += template[i].tap[k];
840 ret = crypto_aead_setauthsize(tfm, authsize);
842 pr_err("alg: aead%s: Failed to set authsize to %u on chunk test %d for %s\n",
843 d, authsize, j, algo);
848 if (WARN_ON(sg[template[i].anp + k - 1].offset +
849 sg[template[i].anp + k - 1].length +
850 authsize > PAGE_SIZE)) {
856 sgout[template[i].anp + k - 1].length +=
858 sg[template[i].anp + k - 1].length += authsize;
861 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
865 aead_request_set_ad(req, template[i].alen);
867 ret = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);
871 if (template[i].novrfy) {
872 /* verification was supposed to fail */
873 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret was 0, expected -EBADMSG\n",
875 /* so really, we got a bad message */
882 wait_for_completion(&result.completion);
883 reinit_completion(&result.completion);
888 if (template[i].novrfy)
889 /* verification failure was expected */
893 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret=%d\n",
894 d, e, j, algo, -ret);
899 for (k = 0, temp = 0; k < template[i].np; k++) {
901 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
902 offset_in_page(IDX[k]);
904 q = xbuf[IDX[k] >> PAGE_SHIFT] +
905 offset_in_page(IDX[k]);
907 n = template[i].tap[k];
908 if (k == template[i].np - 1)
909 n += enc ? authsize : -authsize;
911 if (memcmp(q, template[i].result + temp, n)) {
912 pr_err("alg: aead%s: Chunk test %d failed on %s at page %u for %s\n",
919 if (k == template[i].np - 1 && !enc) {
921 memcmp(q, template[i].input +
927 for (n = 0; offset_in_page(q + n) && q[n]; n++)
931 pr_err("alg: aead%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
932 d, j, e, k, algo, n);
937 temp += template[i].tap[k];
944 aead_request_free(req);
948 testmgr_free_buf(xoutbuf);
950 testmgr_free_buf(axbuf);
952 testmgr_free_buf(xbuf);
959 static int test_aead(struct crypto_aead *tfm, int enc,
960 struct aead_testvec *template, unsigned int tcount)
962 unsigned int alignmask;
965 /* test 'dst == src' case */
966 ret = __test_aead(tfm, enc, template, tcount, false, 0);
970 /* test 'dst != src' case */
971 ret = __test_aead(tfm, enc, template, tcount, true, 0);
975 /* test unaligned buffers, check with one byte offset */
976 ret = __test_aead(tfm, enc, template, tcount, true, 1);
980 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
982 /* Check if alignment mask for tfm is correctly set. */
983 ret = __test_aead(tfm, enc, template, tcount, true,
992 static int test_cipher(struct crypto_cipher *tfm, int enc,
993 struct cipher_testvec *template, unsigned int tcount)
995 const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm));
996 unsigned int i, j, k;
1000 char *xbuf[XBUFSIZE];
1003 if (testmgr_alloc_buf(xbuf))
1012 for (i = 0; i < tcount; i++) {
1016 if (fips_enabled && template[i].fips_skip)
1022 if (WARN_ON(template[i].ilen > PAGE_SIZE))
1026 memcpy(data, template[i].input, template[i].ilen);
1028 crypto_cipher_clear_flags(tfm, ~0);
1030 crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
1032 ret = crypto_cipher_setkey(tfm, template[i].key,
1034 if (template[i].fail == !ret) {
1035 printk(KERN_ERR "alg: cipher: setkey failed "
1036 "on test %d for %s: flags=%x\n", j,
1037 algo, crypto_cipher_get_flags(tfm));
1042 for (k = 0; k < template[i].ilen;
1043 k += crypto_cipher_blocksize(tfm)) {
1045 crypto_cipher_encrypt_one(tfm, data + k,
1048 crypto_cipher_decrypt_one(tfm, data + k,
1053 if (memcmp(q, template[i].result, template[i].rlen)) {
1054 printk(KERN_ERR "alg: cipher: Test %d failed "
1055 "on %s for %s\n", j, e, algo);
1056 hexdump(q, template[i].rlen);
1065 testmgr_free_buf(xbuf);
1070 static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
1071 struct cipher_testvec *template, unsigned int tcount,
1072 const bool diff_dst, const int align_offset)
1075 crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
1076 unsigned int i, j, k, n, temp;
1078 struct skcipher_request *req;
1079 struct scatterlist sg[8];
1080 struct scatterlist sgout[8];
1082 struct tcrypt_result result;
1085 char *xbuf[XBUFSIZE];
1086 char *xoutbuf[XBUFSIZE];
1088 unsigned int ivsize = crypto_skcipher_ivsize(tfm);
1090 if (testmgr_alloc_buf(xbuf))
1093 if (diff_dst && testmgr_alloc_buf(xoutbuf))
1106 init_completion(&result.completion);
1108 req = skcipher_request_alloc(tfm, GFP_KERNEL);
1110 pr_err("alg: skcipher%s: Failed to allocate request for %s\n",
1115 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1116 tcrypt_complete, &result);
1119 for (i = 0; i < tcount; i++) {
1120 if (template[i].np && !template[i].also_non_np)
1123 if (fips_enabled && template[i].fips_skip)
1127 memcpy(iv, template[i].iv, ivsize);
1129 memset(iv, 0, MAX_IVLEN);
1133 if (WARN_ON(align_offset + template[i].ilen > PAGE_SIZE))
1137 data += align_offset;
1138 memcpy(data, template[i].input, template[i].ilen);
1140 crypto_skcipher_clear_flags(tfm, ~0);
1142 crypto_skcipher_set_flags(tfm,
1143 CRYPTO_TFM_REQ_WEAK_KEY);
1145 ret = crypto_skcipher_setkey(tfm, template[i].key,
1147 if (template[i].fail == !ret) {
1148 pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n",
1149 d, j, algo, crypto_skcipher_get_flags(tfm));
1154 sg_init_one(&sg[0], data, template[i].ilen);
1157 data += align_offset;
1158 sg_init_one(&sgout[0], data, template[i].ilen);
1161 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1162 template[i].ilen, iv);
1163 ret = enc ? crypto_skcipher_encrypt(req) :
1164 crypto_skcipher_decrypt(req);
1171 wait_for_completion(&result.completion);
1172 reinit_completion(&result.completion);
1178 pr_err("alg: skcipher%s: %s failed on test %d for %s: ret=%d\n",
1179 d, e, j, algo, -ret);
1184 if (memcmp(q, template[i].result, template[i].rlen)) {
1185 pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n",
1187 hexdump(q, template[i].rlen);
1192 if (template[i].iv_out &&
1193 memcmp(iv, template[i].iv_out,
1194 crypto_skcipher_ivsize(tfm))) {
1195 pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n",
1197 hexdump(iv, crypto_skcipher_ivsize(tfm));
1204 for (i = 0; i < tcount; i++) {
1205 /* alignment tests are only done with continuous buffers */
1206 if (align_offset != 0)
1209 if (!template[i].np)
1212 if (fips_enabled && template[i].fips_skip)
1216 memcpy(iv, template[i].iv, ivsize);
1218 memset(iv, 0, MAX_IVLEN);
1221 crypto_skcipher_clear_flags(tfm, ~0);
1223 crypto_skcipher_set_flags(tfm,
1224 CRYPTO_TFM_REQ_WEAK_KEY);
1226 ret = crypto_skcipher_setkey(tfm, template[i].key,
1228 if (template[i].fail == !ret) {
1229 pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n",
1230 d, j, algo, crypto_skcipher_get_flags(tfm));
1237 sg_init_table(sg, template[i].np);
1239 sg_init_table(sgout, template[i].np);
1240 for (k = 0; k < template[i].np; k++) {
1241 if (WARN_ON(offset_in_page(IDX[k]) +
1242 template[i].tap[k] > PAGE_SIZE))
1245 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
1247 memcpy(q, template[i].input + temp, template[i].tap[k]);
1249 if (offset_in_page(q) + template[i].tap[k] < PAGE_SIZE)
1250 q[template[i].tap[k]] = 0;
1252 sg_set_buf(&sg[k], q, template[i].tap[k]);
1254 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1255 offset_in_page(IDX[k]);
1257 sg_set_buf(&sgout[k], q, template[i].tap[k]);
1259 memset(q, 0, template[i].tap[k]);
1260 if (offset_in_page(q) +
1261 template[i].tap[k] < PAGE_SIZE)
1262 q[template[i].tap[k]] = 0;
1265 temp += template[i].tap[k];
1268 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1269 template[i].ilen, iv);
1271 ret = enc ? crypto_skcipher_encrypt(req) :
1272 crypto_skcipher_decrypt(req);
1279 wait_for_completion(&result.completion);
1280 reinit_completion(&result.completion);
1286 pr_err("alg: skcipher%s: %s failed on chunk test %d for %s: ret=%d\n",
1287 d, e, j, algo, -ret);
1293 for (k = 0; k < template[i].np; k++) {
1295 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1296 offset_in_page(IDX[k]);
1298 q = xbuf[IDX[k] >> PAGE_SHIFT] +
1299 offset_in_page(IDX[k]);
1301 if (memcmp(q, template[i].result + temp,
1302 template[i].tap[k])) {
1303 pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n",
1305 hexdump(q, template[i].tap[k]);
1309 q += template[i].tap[k];
1310 for (n = 0; offset_in_page(q + n) && q[n]; n++)
1313 pr_err("alg: skcipher%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
1314 d, j, e, k, algo, n);
1318 temp += template[i].tap[k];
1325 skcipher_request_free(req);
1327 testmgr_free_buf(xoutbuf);
1329 testmgr_free_buf(xbuf);
1334 static int test_skcipher(struct crypto_skcipher *tfm, int enc,
1335 struct cipher_testvec *template, unsigned int tcount)
1337 unsigned int alignmask;
1340 /* test 'dst == src' case */
1341 ret = __test_skcipher(tfm, enc, template, tcount, false, 0);
1345 /* test 'dst != src' case */
1346 ret = __test_skcipher(tfm, enc, template, tcount, true, 0);
1350 /* test unaligned buffers, check with one byte offset */
1351 ret = __test_skcipher(tfm, enc, template, tcount, true, 1);
1355 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
1357 /* Check if alignment mask for tfm is correctly set. */
1358 ret = __test_skcipher(tfm, enc, template, tcount, true,
1367 static int test_comp(struct crypto_comp *tfm, struct comp_testvec *ctemplate,
1368 struct comp_testvec *dtemplate, int ctcount, int dtcount)
1370 const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm));
1372 char result[COMP_BUF_SIZE];
1375 for (i = 0; i < ctcount; i++) {
1377 unsigned int dlen = COMP_BUF_SIZE;
1379 memset(result, 0, sizeof (result));
1381 ilen = ctemplate[i].inlen;
1382 ret = crypto_comp_compress(tfm, ctemplate[i].input,
1383 ilen, result, &dlen);
1385 printk(KERN_ERR "alg: comp: compression failed "
1386 "on test %d for %s: ret=%d\n", i + 1, algo,
1391 if (dlen != ctemplate[i].outlen) {
1392 printk(KERN_ERR "alg: comp: Compression test %d "
1393 "failed for %s: output len = %d\n", i + 1, algo,
1399 if (memcmp(result, ctemplate[i].output, dlen)) {
1400 printk(KERN_ERR "alg: comp: Compression test %d "
1401 "failed for %s\n", i + 1, algo);
1402 hexdump(result, dlen);
1408 for (i = 0; i < dtcount; i++) {
1410 unsigned int dlen = COMP_BUF_SIZE;
1412 memset(result, 0, sizeof (result));
1414 ilen = dtemplate[i].inlen;
1415 ret = crypto_comp_decompress(tfm, dtemplate[i].input,
1416 ilen, result, &dlen);
1418 printk(KERN_ERR "alg: comp: decompression failed "
1419 "on test %d for %s: ret=%d\n", i + 1, algo,
1424 if (dlen != dtemplate[i].outlen) {
1425 printk(KERN_ERR "alg: comp: Decompression test %d "
1426 "failed for %s: output len = %d\n", i + 1, algo,
1432 if (memcmp(result, dtemplate[i].output, dlen)) {
1433 printk(KERN_ERR "alg: comp: Decompression test %d "
1434 "failed for %s\n", i + 1, algo);
1435 hexdump(result, dlen);
1447 static int test_acomp(struct crypto_acomp *tfm, struct comp_testvec *ctemplate,
1448 struct comp_testvec *dtemplate, int ctcount, int dtcount)
1450 const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm));
1454 struct scatterlist src, dst;
1455 struct acomp_req *req;
1456 struct tcrypt_result result;
1458 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1462 for (i = 0; i < ctcount; i++) {
1463 unsigned int dlen = COMP_BUF_SIZE;
1464 int ilen = ctemplate[i].inlen;
1467 input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL);
1473 memset(output, 0, dlen);
1474 init_completion(&result.completion);
1475 sg_init_one(&src, input_vec, ilen);
1476 sg_init_one(&dst, output, dlen);
1478 req = acomp_request_alloc(tfm);
1480 pr_err("alg: acomp: request alloc failed for %s\n",
1487 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1488 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1489 tcrypt_complete, &result);
1491 ret = wait_async_op(&result, crypto_acomp_compress(req));
1493 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1496 acomp_request_free(req);
1500 if (req->dlen != ctemplate[i].outlen) {
1501 pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n",
1502 i + 1, algo, req->dlen);
1505 acomp_request_free(req);
1509 if (memcmp(output, ctemplate[i].output, req->dlen)) {
1510 pr_err("alg: acomp: Compression test %d failed for %s\n",
1512 hexdump(output, req->dlen);
1515 acomp_request_free(req);
1520 acomp_request_free(req);
1523 for (i = 0; i < dtcount; i++) {
1524 unsigned int dlen = COMP_BUF_SIZE;
1525 int ilen = dtemplate[i].inlen;
1528 input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL);
1534 memset(output, 0, dlen);
1535 init_completion(&result.completion);
1536 sg_init_one(&src, input_vec, ilen);
1537 sg_init_one(&dst, output, dlen);
1539 req = acomp_request_alloc(tfm);
1541 pr_err("alg: acomp: request alloc failed for %s\n",
1548 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1549 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1550 tcrypt_complete, &result);
1552 ret = wait_async_op(&result, crypto_acomp_decompress(req));
1554 pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n",
1557 acomp_request_free(req);
1561 if (req->dlen != dtemplate[i].outlen) {
1562 pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n",
1563 i + 1, algo, req->dlen);
1566 acomp_request_free(req);
1570 if (memcmp(output, dtemplate[i].output, req->dlen)) {
1571 pr_err("alg: acomp: Decompression test %d failed for %s\n",
1573 hexdump(output, req->dlen);
1576 acomp_request_free(req);
1581 acomp_request_free(req);
1591 static int test_cprng(struct crypto_rng *tfm, struct cprng_testvec *template,
1592 unsigned int tcount)
1594 const char *algo = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm));
1595 int err = 0, i, j, seedsize;
1599 seedsize = crypto_rng_seedsize(tfm);
1601 seed = kmalloc(seedsize, GFP_KERNEL);
1603 printk(KERN_ERR "alg: cprng: Failed to allocate seed space "
1608 for (i = 0; i < tcount; i++) {
1609 memset(result, 0, 32);
1611 memcpy(seed, template[i].v, template[i].vlen);
1612 memcpy(seed + template[i].vlen, template[i].key,
1614 memcpy(seed + template[i].vlen + template[i].klen,
1615 template[i].dt, template[i].dtlen);
1617 err = crypto_rng_reset(tfm, seed, seedsize);
1619 printk(KERN_ERR "alg: cprng: Failed to reset rng "
1624 for (j = 0; j < template[i].loops; j++) {
1625 err = crypto_rng_get_bytes(tfm, result,
1628 printk(KERN_ERR "alg: cprng: Failed to obtain "
1629 "the correct amount of random data for "
1630 "%s (requested %d)\n", algo,
1636 err = memcmp(result, template[i].result,
1639 printk(KERN_ERR "alg: cprng: Test %d failed for %s\n",
1641 hexdump(result, template[i].rlen);
1652 static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
1655 struct crypto_aead *tfm;
1658 tfm = crypto_alloc_aead(driver, type, mask);
1660 printk(KERN_ERR "alg: aead: Failed to load transform for %s: "
1661 "%ld\n", driver, PTR_ERR(tfm));
1662 return PTR_ERR(tfm);
1665 if (desc->suite.aead.enc.vecs) {
1666 err = test_aead(tfm, ENCRYPT, desc->suite.aead.enc.vecs,
1667 desc->suite.aead.enc.count);
1672 if (!err && desc->suite.aead.dec.vecs)
1673 err = test_aead(tfm, DECRYPT, desc->suite.aead.dec.vecs,
1674 desc->suite.aead.dec.count);
1677 crypto_free_aead(tfm);
1681 static int alg_test_cipher(const struct alg_test_desc *desc,
1682 const char *driver, u32 type, u32 mask)
1684 struct crypto_cipher *tfm;
1687 tfm = crypto_alloc_cipher(driver, type, mask);
1689 printk(KERN_ERR "alg: cipher: Failed to load transform for "
1690 "%s: %ld\n", driver, PTR_ERR(tfm));
1691 return PTR_ERR(tfm);
1694 if (desc->suite.cipher.enc.vecs) {
1695 err = test_cipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs,
1696 desc->suite.cipher.enc.count);
1701 if (desc->suite.cipher.dec.vecs)
1702 err = test_cipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs,
1703 desc->suite.cipher.dec.count);
1706 crypto_free_cipher(tfm);
1710 static int alg_test_skcipher(const struct alg_test_desc *desc,
1711 const char *driver, u32 type, u32 mask)
1713 struct crypto_skcipher *tfm;
1716 tfm = crypto_alloc_skcipher(driver, type, mask);
1718 printk(KERN_ERR "alg: skcipher: Failed to load transform for "
1719 "%s: %ld\n", driver, PTR_ERR(tfm));
1720 return PTR_ERR(tfm);
1723 if (desc->suite.cipher.enc.vecs) {
1724 err = test_skcipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs,
1725 desc->suite.cipher.enc.count);
1730 if (desc->suite.cipher.dec.vecs)
1731 err = test_skcipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs,
1732 desc->suite.cipher.dec.count);
1735 crypto_free_skcipher(tfm);
1739 static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
1742 struct crypto_comp *comp;
1743 struct crypto_acomp *acomp;
1745 u32 algo_type = type & CRYPTO_ALG_TYPE_ACOMPRESS_MASK;
1747 if (algo_type == CRYPTO_ALG_TYPE_ACOMPRESS) {
1748 acomp = crypto_alloc_acomp(driver, type, mask);
1749 if (IS_ERR(acomp)) {
1750 pr_err("alg: acomp: Failed to load transform for %s: %ld\n",
1751 driver, PTR_ERR(acomp));
1752 return PTR_ERR(acomp);
1754 err = test_acomp(acomp, desc->suite.comp.comp.vecs,
1755 desc->suite.comp.decomp.vecs,
1756 desc->suite.comp.comp.count,
1757 desc->suite.comp.decomp.count);
1758 crypto_free_acomp(acomp);
1760 comp = crypto_alloc_comp(driver, type, mask);
1762 pr_err("alg: comp: Failed to load transform for %s: %ld\n",
1763 driver, PTR_ERR(comp));
1764 return PTR_ERR(comp);
1767 err = test_comp(comp, desc->suite.comp.comp.vecs,
1768 desc->suite.comp.decomp.vecs,
1769 desc->suite.comp.comp.count,
1770 desc->suite.comp.decomp.count);
1772 crypto_free_comp(comp);
1777 static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
1780 struct crypto_ahash *tfm;
1783 tfm = crypto_alloc_ahash(driver, type, mask);
1785 printk(KERN_ERR "alg: hash: Failed to load transform for %s: "
1786 "%ld\n", driver, PTR_ERR(tfm));
1787 return PTR_ERR(tfm);
1790 err = test_hash(tfm, desc->suite.hash.vecs,
1791 desc->suite.hash.count, true);
1793 err = test_hash(tfm, desc->suite.hash.vecs,
1794 desc->suite.hash.count, false);
1796 crypto_free_ahash(tfm);
1800 static int alg_test_crc32c(const struct alg_test_desc *desc,
1801 const char *driver, u32 type, u32 mask)
1803 struct crypto_shash *tfm;
1807 err = alg_test_hash(desc, driver, type, mask);
1811 tfm = crypto_alloc_shash(driver, type, mask);
1813 printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: "
1814 "%ld\n", driver, PTR_ERR(tfm));
1820 SHASH_DESC_ON_STACK(shash, tfm);
1821 u32 *ctx = (u32 *)shash_desc_ctx(shash);
1826 *ctx = le32_to_cpu(420553207);
1827 err = crypto_shash_final(shash, (u8 *)&val);
1829 printk(KERN_ERR "alg: crc32c: Operation failed for "
1830 "%s: %d\n", driver, err);
1834 if (val != ~420553207) {
1835 printk(KERN_ERR "alg: crc32c: Test failed for %s: "
1836 "%d\n", driver, val);
1841 crypto_free_shash(tfm);
1847 static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver,
1850 struct crypto_rng *rng;
1853 rng = crypto_alloc_rng(driver, type, mask);
1855 printk(KERN_ERR "alg: cprng: Failed to load transform for %s: "
1856 "%ld\n", driver, PTR_ERR(rng));
1857 return PTR_ERR(rng);
1860 err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count);
1862 crypto_free_rng(rng);
1868 static int drbg_cavs_test(struct drbg_testvec *test, int pr,
1869 const char *driver, u32 type, u32 mask)
1872 struct crypto_rng *drng;
1873 struct drbg_test_data test_data;
1874 struct drbg_string addtl, pers, testentropy;
1875 unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL);
1880 drng = crypto_alloc_rng(driver, type, mask);
1882 printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for "
1888 test_data.testentropy = &testentropy;
1889 drbg_string_fill(&testentropy, test->entropy, test->entropylen);
1890 drbg_string_fill(&pers, test->pers, test->perslen);
1891 ret = crypto_drbg_reset_test(drng, &pers, &test_data);
1893 printk(KERN_ERR "alg: drbg: Failed to reset rng\n");
1897 drbg_string_fill(&addtl, test->addtla, test->addtllen);
1899 drbg_string_fill(&testentropy, test->entpra, test->entprlen);
1900 ret = crypto_drbg_get_bytes_addtl_test(drng,
1901 buf, test->expectedlen, &addtl, &test_data);
1903 ret = crypto_drbg_get_bytes_addtl(drng,
1904 buf, test->expectedlen, &addtl);
1907 printk(KERN_ERR "alg: drbg: could not obtain random data for "
1908 "driver %s\n", driver);
1912 drbg_string_fill(&addtl, test->addtlb, test->addtllen);
1914 drbg_string_fill(&testentropy, test->entprb, test->entprlen);
1915 ret = crypto_drbg_get_bytes_addtl_test(drng,
1916 buf, test->expectedlen, &addtl, &test_data);
1918 ret = crypto_drbg_get_bytes_addtl(drng,
1919 buf, test->expectedlen, &addtl);
1922 printk(KERN_ERR "alg: drbg: could not obtain random data for "
1923 "driver %s\n", driver);
1927 ret = memcmp(test->expected, buf, test->expectedlen);
1930 crypto_free_rng(drng);
1936 static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver,
1942 struct drbg_testvec *template = desc->suite.drbg.vecs;
1943 unsigned int tcount = desc->suite.drbg.count;
1945 if (0 == memcmp(driver, "drbg_pr_", 8))
1948 for (i = 0; i < tcount; i++) {
1949 err = drbg_cavs_test(&template[i], pr, driver, type, mask);
1951 printk(KERN_ERR "alg: drbg: Test %d failed for %s\n",
1961 static int do_test_kpp(struct crypto_kpp *tfm, struct kpp_testvec *vec,
1964 struct kpp_request *req;
1965 void *input_buf = NULL;
1966 void *output_buf = NULL;
1967 struct tcrypt_result result;
1968 unsigned int out_len_max;
1970 struct scatterlist src, dst;
1972 req = kpp_request_alloc(tfm, GFP_KERNEL);
1976 init_completion(&result.completion);
1978 err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size);
1982 out_len_max = crypto_kpp_maxsize(tfm);
1983 output_buf = kzalloc(out_len_max, GFP_KERNEL);
1989 /* Use appropriate parameter as base */
1990 kpp_request_set_input(req, NULL, 0);
1991 sg_init_one(&dst, output_buf, out_len_max);
1992 kpp_request_set_output(req, &dst, out_len_max);
1993 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1994 tcrypt_complete, &result);
1996 /* Compute public key */
1997 err = wait_async_op(&result, crypto_kpp_generate_public_key(req));
1999 pr_err("alg: %s: generate public key test failed. err %d\n",
2003 /* Verify calculated public key */
2004 if (memcmp(vec->expected_a_public, sg_virt(req->dst),
2005 vec->expected_a_public_size)) {
2006 pr_err("alg: %s: generate public key test failed. Invalid output\n",
2012 /* Calculate shared secret key by using counter part (b) public key. */
2013 input_buf = kzalloc(vec->b_public_size, GFP_KERNEL);
2019 memcpy(input_buf, vec->b_public, vec->b_public_size);
2020 sg_init_one(&src, input_buf, vec->b_public_size);
2021 sg_init_one(&dst, output_buf, out_len_max);
2022 kpp_request_set_input(req, &src, vec->b_public_size);
2023 kpp_request_set_output(req, &dst, out_len_max);
2024 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2025 tcrypt_complete, &result);
2026 err = wait_async_op(&result, crypto_kpp_compute_shared_secret(req));
2028 pr_err("alg: %s: compute shard secret test failed. err %d\n",
2033 * verify shared secret from which the user will derive
2034 * secret key by executing whatever hash it has chosen
2036 if (memcmp(vec->expected_ss, sg_virt(req->dst),
2037 vec->expected_ss_size)) {
2038 pr_err("alg: %s: compute shared secret test failed. Invalid output\n",
2048 kpp_request_free(req);
2052 static int test_kpp(struct crypto_kpp *tfm, const char *alg,
2053 struct kpp_testvec *vecs, unsigned int tcount)
2057 for (i = 0; i < tcount; i++) {
2058 ret = do_test_kpp(tfm, vecs++, alg);
2060 pr_err("alg: %s: test failed on vector %d, err=%d\n",
2068 static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,
2071 struct crypto_kpp *tfm;
2074 tfm = crypto_alloc_kpp(driver, type, mask);
2076 pr_err("alg: kpp: Failed to load tfm for %s: %ld\n",
2077 driver, PTR_ERR(tfm));
2078 return PTR_ERR(tfm);
2080 if (desc->suite.kpp.vecs)
2081 err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs,
2082 desc->suite.kpp.count);
2084 crypto_free_kpp(tfm);
2088 static int test_akcipher_one(struct crypto_akcipher *tfm,
2089 struct akcipher_testvec *vecs)
2091 char *xbuf[XBUFSIZE];
2092 struct akcipher_request *req;
2093 void *outbuf_enc = NULL;
2094 void *outbuf_dec = NULL;
2095 struct tcrypt_result result;
2096 unsigned int out_len_max, out_len = 0;
2098 struct scatterlist src, dst, src_tab[2];
2100 if (testmgr_alloc_buf(xbuf))
2103 req = akcipher_request_alloc(tfm, GFP_KERNEL);
2107 init_completion(&result.completion);
2109 if (vecs->public_key_vec)
2110 err = crypto_akcipher_set_pub_key(tfm, vecs->key,
2113 err = crypto_akcipher_set_priv_key(tfm, vecs->key,
2119 out_len_max = crypto_akcipher_maxsize(tfm);
2120 outbuf_enc = kzalloc(out_len_max, GFP_KERNEL);
2124 if (WARN_ON(vecs->m_size > PAGE_SIZE))
2127 memcpy(xbuf[0], vecs->m, vecs->m_size);
2129 sg_init_table(src_tab, 2);
2130 sg_set_buf(&src_tab[0], xbuf[0], 8);
2131 sg_set_buf(&src_tab[1], xbuf[0] + 8, vecs->m_size - 8);
2132 sg_init_one(&dst, outbuf_enc, out_len_max);
2133 akcipher_request_set_crypt(req, src_tab, &dst, vecs->m_size,
2135 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2136 tcrypt_complete, &result);
2138 /* Run RSA encrypt - c = m^e mod n;*/
2139 err = wait_async_op(&result, crypto_akcipher_encrypt(req));
2141 pr_err("alg: akcipher: encrypt test failed. err %d\n", err);
2144 if (req->dst_len != vecs->c_size) {
2145 pr_err("alg: akcipher: encrypt test failed. Invalid output len\n");
2149 /* verify that encrypted message is equal to expected */
2150 if (memcmp(vecs->c, outbuf_enc, vecs->c_size)) {
2151 pr_err("alg: akcipher: encrypt test failed. Invalid output\n");
2152 hexdump(outbuf_enc, vecs->c_size);
2156 /* Don't invoke decrypt for vectors with public key */
2157 if (vecs->public_key_vec) {
2161 outbuf_dec = kzalloc(out_len_max, GFP_KERNEL);
2167 if (WARN_ON(vecs->c_size > PAGE_SIZE))
2170 memcpy(xbuf[0], vecs->c, vecs->c_size);
2172 sg_init_one(&src, xbuf[0], vecs->c_size);
2173 sg_init_one(&dst, outbuf_dec, out_len_max);
2174 init_completion(&result.completion);
2175 akcipher_request_set_crypt(req, &src, &dst, vecs->c_size, out_len_max);
2177 /* Run RSA decrypt - m = c^d mod n;*/
2178 err = wait_async_op(&result, crypto_akcipher_decrypt(req));
2180 pr_err("alg: akcipher: decrypt test failed. err %d\n", err);
2183 out_len = req->dst_len;
2184 if (out_len < vecs->m_size) {
2185 pr_err("alg: akcipher: decrypt test failed. "
2186 "Invalid output len %u\n", out_len);
2190 /* verify that decrypted message is equal to the original msg */
2191 if (memchr_inv(outbuf_dec, 0, out_len - vecs->m_size) ||
2192 memcmp(vecs->m, outbuf_dec + out_len - vecs->m_size,
2194 pr_err("alg: akcipher: decrypt test failed. Invalid output\n");
2195 hexdump(outbuf_dec, out_len);
2202 akcipher_request_free(req);
2204 testmgr_free_buf(xbuf);
2208 static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,
2209 struct akcipher_testvec *vecs, unsigned int tcount)
2212 crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm));
2215 for (i = 0; i < tcount; i++) {
2216 ret = test_akcipher_one(tfm, vecs++);
2220 pr_err("alg: akcipher: test %d failed for %s, err=%d\n",
2227 static int alg_test_akcipher(const struct alg_test_desc *desc,
2228 const char *driver, u32 type, u32 mask)
2230 struct crypto_akcipher *tfm;
2233 tfm = crypto_alloc_akcipher(driver, type, mask);
2235 pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n",
2236 driver, PTR_ERR(tfm));
2237 return PTR_ERR(tfm);
2239 if (desc->suite.akcipher.vecs)
2240 err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs,
2241 desc->suite.akcipher.count);
2243 crypto_free_akcipher(tfm);
2247 static int alg_test_null(const struct alg_test_desc *desc,
2248 const char *driver, u32 type, u32 mask)
2253 #define __VECS(tv) { .vecs = tv, .count = ARRAY_SIZE(tv) }
2255 /* Please keep this list sorted by algorithm name. */
2256 static const struct alg_test_desc alg_test_descs[] = {
2258 .alg = "ansi_cprng",
2259 .test = alg_test_cprng,
2261 .cprng = __VECS(ansi_cprng_aes_tv_template)
2264 .alg = "authenc(hmac(md5),ecb(cipher_null))",
2265 .test = alg_test_aead,
2268 .enc = __VECS(hmac_md5_ecb_cipher_null_enc_tv_template),
2269 .dec = __VECS(hmac_md5_ecb_cipher_null_dec_tv_template)
2273 .alg = "authenc(hmac(sha1),cbc(aes))",
2274 .test = alg_test_aead,
2277 .enc = __VECS(hmac_sha1_aes_cbc_enc_tv_temp)
2281 .alg = "authenc(hmac(sha1),cbc(des))",
2282 .test = alg_test_aead,
2285 .enc = __VECS(hmac_sha1_des_cbc_enc_tv_temp)
2289 .alg = "authenc(hmac(sha1),cbc(des3_ede))",
2290 .test = alg_test_aead,
2294 .enc = __VECS(hmac_sha1_des3_ede_cbc_enc_tv_temp)
2298 .alg = "authenc(hmac(sha1),ctr(aes))",
2299 .test = alg_test_null,
2302 .alg = "authenc(hmac(sha1),ecb(cipher_null))",
2303 .test = alg_test_aead,
2306 .enc = __VECS(hmac_sha1_ecb_cipher_null_enc_tv_temp),
2307 .dec = __VECS(hmac_sha1_ecb_cipher_null_dec_tv_temp)
2311 .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
2312 .test = alg_test_null,
2315 .alg = "authenc(hmac(sha224),cbc(des))",
2316 .test = alg_test_aead,
2319 .enc = __VECS(hmac_sha224_des_cbc_enc_tv_temp)
2323 .alg = "authenc(hmac(sha224),cbc(des3_ede))",
2324 .test = alg_test_aead,
2328 .enc = __VECS(hmac_sha224_des3_ede_cbc_enc_tv_temp)
2332 .alg = "authenc(hmac(sha256),cbc(aes))",
2333 .test = alg_test_aead,
2337 .enc = __VECS(hmac_sha256_aes_cbc_enc_tv_temp)
2341 .alg = "authenc(hmac(sha256),cbc(des))",
2342 .test = alg_test_aead,
2345 .enc = __VECS(hmac_sha256_des_cbc_enc_tv_temp)
2349 .alg = "authenc(hmac(sha256),cbc(des3_ede))",
2350 .test = alg_test_aead,
2354 .enc = __VECS(hmac_sha256_des3_ede_cbc_enc_tv_temp)
2358 .alg = "authenc(hmac(sha256),ctr(aes))",
2359 .test = alg_test_null,
2362 .alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
2363 .test = alg_test_null,
2366 .alg = "authenc(hmac(sha384),cbc(des))",
2367 .test = alg_test_aead,
2370 .enc = __VECS(hmac_sha384_des_cbc_enc_tv_temp)
2374 .alg = "authenc(hmac(sha384),cbc(des3_ede))",
2375 .test = alg_test_aead,
2379 .enc = __VECS(hmac_sha384_des3_ede_cbc_enc_tv_temp)
2383 .alg = "authenc(hmac(sha384),ctr(aes))",
2384 .test = alg_test_null,
2387 .alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
2388 .test = alg_test_null,
2391 .alg = "authenc(hmac(sha512),cbc(aes))",
2393 .test = alg_test_aead,
2396 .enc = __VECS(hmac_sha512_aes_cbc_enc_tv_temp)
2400 .alg = "authenc(hmac(sha512),cbc(des))",
2401 .test = alg_test_aead,
2404 .enc = __VECS(hmac_sha512_des_cbc_enc_tv_temp)
2408 .alg = "authenc(hmac(sha512),cbc(des3_ede))",
2409 .test = alg_test_aead,
2413 .enc = __VECS(hmac_sha512_des3_ede_cbc_enc_tv_temp)
2417 .alg = "authenc(hmac(sha512),ctr(aes))",
2418 .test = alg_test_null,
2421 .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
2422 .test = alg_test_null,
2426 .test = alg_test_skcipher,
2430 .enc = __VECS(aes_cbc_enc_tv_template),
2431 .dec = __VECS(aes_cbc_dec_tv_template)
2435 .alg = "cbc(anubis)",
2436 .test = alg_test_skcipher,
2439 .enc = __VECS(anubis_cbc_enc_tv_template),
2440 .dec = __VECS(anubis_cbc_dec_tv_template)
2444 .alg = "cbc(blowfish)",
2445 .test = alg_test_skcipher,
2448 .enc = __VECS(bf_cbc_enc_tv_template),
2449 .dec = __VECS(bf_cbc_dec_tv_template)
2453 .alg = "cbc(camellia)",
2454 .test = alg_test_skcipher,
2457 .enc = __VECS(camellia_cbc_enc_tv_template),
2458 .dec = __VECS(camellia_cbc_dec_tv_template)
2462 .alg = "cbc(cast5)",
2463 .test = alg_test_skcipher,
2466 .enc = __VECS(cast5_cbc_enc_tv_template),
2467 .dec = __VECS(cast5_cbc_dec_tv_template)
2471 .alg = "cbc(cast6)",
2472 .test = alg_test_skcipher,
2475 .enc = __VECS(cast6_cbc_enc_tv_template),
2476 .dec = __VECS(cast6_cbc_dec_tv_template)
2481 .test = alg_test_skcipher,
2484 .enc = __VECS(des_cbc_enc_tv_template),
2485 .dec = __VECS(des_cbc_dec_tv_template)
2489 .alg = "cbc(des3_ede)",
2490 .test = alg_test_skcipher,
2494 .enc = __VECS(des3_ede_cbc_enc_tv_template),
2495 .dec = __VECS(des3_ede_cbc_dec_tv_template)
2499 .alg = "cbc(serpent)",
2500 .test = alg_test_skcipher,
2503 .enc = __VECS(serpent_cbc_enc_tv_template),
2504 .dec = __VECS(serpent_cbc_dec_tv_template)
2508 .alg = "cbc(twofish)",
2509 .test = alg_test_skcipher,
2512 .enc = __VECS(tf_cbc_enc_tv_template),
2513 .dec = __VECS(tf_cbc_dec_tv_template)
2517 .alg = "cbcmac(aes)",
2519 .test = alg_test_hash,
2521 .hash = __VECS(aes_cbcmac_tv_template)
2525 .test = alg_test_aead,
2529 .enc = __VECS(aes_ccm_enc_tv_template),
2530 .dec = __VECS(aes_ccm_dec_tv_template)
2535 .test = alg_test_skcipher,
2538 .enc = __VECS(chacha20_enc_tv_template),
2539 .dec = __VECS(chacha20_enc_tv_template),
2545 .test = alg_test_hash,
2547 .hash = __VECS(aes_cmac128_tv_template)
2550 .alg = "cmac(des3_ede)",
2552 .test = alg_test_hash,
2554 .hash = __VECS(des3_ede_cmac64_tv_template)
2557 .alg = "compress_null",
2558 .test = alg_test_null,
2561 .test = alg_test_hash,
2563 .hash = __VECS(crc32_tv_template)
2567 .test = alg_test_crc32c,
2570 .hash = __VECS(crc32c_tv_template)
2574 .test = alg_test_hash,
2577 .hash = __VECS(crct10dif_tv_template)
2581 .test = alg_test_skcipher,
2585 .enc = __VECS(aes_ctr_enc_tv_template),
2586 .dec = __VECS(aes_ctr_dec_tv_template)
2590 .alg = "ctr(blowfish)",
2591 .test = alg_test_skcipher,
2594 .enc = __VECS(bf_ctr_enc_tv_template),
2595 .dec = __VECS(bf_ctr_dec_tv_template)
2599 .alg = "ctr(camellia)",
2600 .test = alg_test_skcipher,
2603 .enc = __VECS(camellia_ctr_enc_tv_template),
2604 .dec = __VECS(camellia_ctr_dec_tv_template)
2608 .alg = "ctr(cast5)",
2609 .test = alg_test_skcipher,
2612 .enc = __VECS(cast5_ctr_enc_tv_template),
2613 .dec = __VECS(cast5_ctr_dec_tv_template)
2617 .alg = "ctr(cast6)",
2618 .test = alg_test_skcipher,
2621 .enc = __VECS(cast6_ctr_enc_tv_template),
2622 .dec = __VECS(cast6_ctr_dec_tv_template)
2627 .test = alg_test_skcipher,
2630 .enc = __VECS(des_ctr_enc_tv_template),
2631 .dec = __VECS(des_ctr_dec_tv_template)
2635 .alg = "ctr(des3_ede)",
2636 .test = alg_test_skcipher,
2639 .enc = __VECS(des3_ede_ctr_enc_tv_template),
2640 .dec = __VECS(des3_ede_ctr_dec_tv_template)
2644 .alg = "ctr(serpent)",
2645 .test = alg_test_skcipher,
2648 .enc = __VECS(serpent_ctr_enc_tv_template),
2649 .dec = __VECS(serpent_ctr_dec_tv_template)
2653 .alg = "ctr(twofish)",
2654 .test = alg_test_skcipher,
2657 .enc = __VECS(tf_ctr_enc_tv_template),
2658 .dec = __VECS(tf_ctr_dec_tv_template)
2662 .alg = "cts(cbc(aes))",
2663 .test = alg_test_skcipher,
2666 .enc = __VECS(cts_mode_enc_tv_template),
2667 .dec = __VECS(cts_mode_dec_tv_template)
2672 .test = alg_test_comp,
2676 .comp = __VECS(deflate_comp_tv_template),
2677 .decomp = __VECS(deflate_decomp_tv_template)
2682 .test = alg_test_kpp,
2685 .kpp = __VECS(dh_tv_template)
2688 .alg = "digest_null",
2689 .test = alg_test_null,
2691 .alg = "drbg_nopr_ctr_aes128",
2692 .test = alg_test_drbg,
2695 .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template)
2698 .alg = "drbg_nopr_ctr_aes192",
2699 .test = alg_test_drbg,
2702 .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template)
2705 .alg = "drbg_nopr_ctr_aes256",
2706 .test = alg_test_drbg,
2709 .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template)
2713 * There is no need to specifically test the DRBG with every
2714 * backend cipher -- covered by drbg_nopr_hmac_sha256 test
2716 .alg = "drbg_nopr_hmac_sha1",
2718 .test = alg_test_null,
2720 .alg = "drbg_nopr_hmac_sha256",
2721 .test = alg_test_drbg,
2724 .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template)
2727 /* covered by drbg_nopr_hmac_sha256 test */
2728 .alg = "drbg_nopr_hmac_sha384",
2730 .test = alg_test_null,
2732 .alg = "drbg_nopr_hmac_sha512",
2733 .test = alg_test_null,
2736 .alg = "drbg_nopr_sha1",
2738 .test = alg_test_null,
2740 .alg = "drbg_nopr_sha256",
2741 .test = alg_test_drbg,
2744 .drbg = __VECS(drbg_nopr_sha256_tv_template)
2747 /* covered by drbg_nopr_sha256 test */
2748 .alg = "drbg_nopr_sha384",
2750 .test = alg_test_null,
2752 .alg = "drbg_nopr_sha512",
2754 .test = alg_test_null,
2756 .alg = "drbg_pr_ctr_aes128",
2757 .test = alg_test_drbg,
2760 .drbg = __VECS(drbg_pr_ctr_aes128_tv_template)
2763 /* covered by drbg_pr_ctr_aes128 test */
2764 .alg = "drbg_pr_ctr_aes192",
2766 .test = alg_test_null,
2768 .alg = "drbg_pr_ctr_aes256",
2770 .test = alg_test_null,
2772 .alg = "drbg_pr_hmac_sha1",
2774 .test = alg_test_null,
2776 .alg = "drbg_pr_hmac_sha256",
2777 .test = alg_test_drbg,
2780 .drbg = __VECS(drbg_pr_hmac_sha256_tv_template)
2783 /* covered by drbg_pr_hmac_sha256 test */
2784 .alg = "drbg_pr_hmac_sha384",
2786 .test = alg_test_null,
2788 .alg = "drbg_pr_hmac_sha512",
2789 .test = alg_test_null,
2792 .alg = "drbg_pr_sha1",
2794 .test = alg_test_null,
2796 .alg = "drbg_pr_sha256",
2797 .test = alg_test_drbg,
2800 .drbg = __VECS(drbg_pr_sha256_tv_template)
2803 /* covered by drbg_pr_sha256 test */
2804 .alg = "drbg_pr_sha384",
2806 .test = alg_test_null,
2808 .alg = "drbg_pr_sha512",
2810 .test = alg_test_null,
2813 .test = alg_test_skcipher,
2817 .enc = __VECS(aes_enc_tv_template),
2818 .dec = __VECS(aes_dec_tv_template)
2822 .alg = "ecb(anubis)",
2823 .test = alg_test_skcipher,
2826 .enc = __VECS(anubis_enc_tv_template),
2827 .dec = __VECS(anubis_dec_tv_template)
2832 .test = alg_test_skcipher,
2835 .enc = __VECS(arc4_enc_tv_template),
2836 .dec = __VECS(arc4_dec_tv_template)
2840 .alg = "ecb(blowfish)",
2841 .test = alg_test_skcipher,
2844 .enc = __VECS(bf_enc_tv_template),
2845 .dec = __VECS(bf_dec_tv_template)
2849 .alg = "ecb(camellia)",
2850 .test = alg_test_skcipher,
2853 .enc = __VECS(camellia_enc_tv_template),
2854 .dec = __VECS(camellia_dec_tv_template)
2858 .alg = "ecb(cast5)",
2859 .test = alg_test_skcipher,
2862 .enc = __VECS(cast5_enc_tv_template),
2863 .dec = __VECS(cast5_dec_tv_template)
2867 .alg = "ecb(cast6)",
2868 .test = alg_test_skcipher,
2871 .enc = __VECS(cast6_enc_tv_template),
2872 .dec = __VECS(cast6_dec_tv_template)
2876 .alg = "ecb(cipher_null)",
2877 .test = alg_test_null,
2880 .test = alg_test_skcipher,
2883 .enc = __VECS(des_enc_tv_template),
2884 .dec = __VECS(des_dec_tv_template)
2888 .alg = "ecb(des3_ede)",
2889 .test = alg_test_skcipher,
2893 .enc = __VECS(des3_ede_enc_tv_template),
2894 .dec = __VECS(des3_ede_dec_tv_template)
2898 .alg = "ecb(fcrypt)",
2899 .test = alg_test_skcipher,
2903 .vecs = fcrypt_pcbc_enc_tv_template,
2907 .vecs = fcrypt_pcbc_dec_tv_template,
2913 .alg = "ecb(khazad)",
2914 .test = alg_test_skcipher,
2917 .enc = __VECS(khazad_enc_tv_template),
2918 .dec = __VECS(khazad_dec_tv_template)
2923 .test = alg_test_skcipher,
2926 .enc = __VECS(seed_enc_tv_template),
2927 .dec = __VECS(seed_dec_tv_template)
2931 .alg = "ecb(serpent)",
2932 .test = alg_test_skcipher,
2935 .enc = __VECS(serpent_enc_tv_template),
2936 .dec = __VECS(serpent_dec_tv_template)
2941 .test = alg_test_skcipher,
2944 .enc = __VECS(tea_enc_tv_template),
2945 .dec = __VECS(tea_dec_tv_template)
2949 .alg = "ecb(tnepres)",
2950 .test = alg_test_skcipher,
2953 .enc = __VECS(tnepres_enc_tv_template),
2954 .dec = __VECS(tnepres_dec_tv_template)
2958 .alg = "ecb(twofish)",
2959 .test = alg_test_skcipher,
2962 .enc = __VECS(tf_enc_tv_template),
2963 .dec = __VECS(tf_dec_tv_template)
2968 .test = alg_test_skcipher,
2971 .enc = __VECS(xeta_enc_tv_template),
2972 .dec = __VECS(xeta_dec_tv_template)
2977 .test = alg_test_skcipher,
2980 .enc = __VECS(xtea_enc_tv_template),
2981 .dec = __VECS(xtea_dec_tv_template)
2986 .test = alg_test_kpp,
2989 .kpp = __VECS(ecdh_tv_template)
2993 .test = alg_test_aead,
2997 .enc = __VECS(aes_gcm_enc_tv_template),
2998 .dec = __VECS(aes_gcm_dec_tv_template)
3003 .test = alg_test_hash,
3006 .hash = __VECS(ghash_tv_template)
3009 .alg = "hmac(crc32)",
3010 .test = alg_test_hash,
3012 .hash = __VECS(bfin_crc_tv_template)
3016 .test = alg_test_hash,
3018 .hash = __VECS(hmac_md5_tv_template)
3021 .alg = "hmac(rmd128)",
3022 .test = alg_test_hash,
3024 .hash = __VECS(hmac_rmd128_tv_template)
3027 .alg = "hmac(rmd160)",
3028 .test = alg_test_hash,
3030 .hash = __VECS(hmac_rmd160_tv_template)
3033 .alg = "hmac(sha1)",
3034 .test = alg_test_hash,
3037 .hash = __VECS(hmac_sha1_tv_template)
3040 .alg = "hmac(sha224)",
3041 .test = alg_test_hash,
3044 .hash = __VECS(hmac_sha224_tv_template)
3047 .alg = "hmac(sha256)",
3048 .test = alg_test_hash,
3051 .hash = __VECS(hmac_sha256_tv_template)
3054 .alg = "hmac(sha3-224)",
3055 .test = alg_test_hash,
3058 .hash = __VECS(hmac_sha3_224_tv_template)
3061 .alg = "hmac(sha3-256)",
3062 .test = alg_test_hash,
3065 .hash = __VECS(hmac_sha3_256_tv_template)
3068 .alg = "hmac(sha3-384)",
3069 .test = alg_test_hash,
3072 .hash = __VECS(hmac_sha3_384_tv_template)
3075 .alg = "hmac(sha3-512)",
3076 .test = alg_test_hash,
3079 .hash = __VECS(hmac_sha3_512_tv_template)
3082 .alg = "hmac(sha384)",
3083 .test = alg_test_hash,
3086 .hash = __VECS(hmac_sha384_tv_template)
3089 .alg = "hmac(sha512)",
3090 .test = alg_test_hash,
3093 .hash = __VECS(hmac_sha512_tv_template)
3096 .alg = "jitterentropy_rng",
3098 .test = alg_test_null,
3101 .test = alg_test_skcipher,
3105 .enc = __VECS(aes_kw_enc_tv_template),
3106 .dec = __VECS(aes_kw_dec_tv_template)
3111 .test = alg_test_skcipher,
3114 .enc = __VECS(aes_lrw_enc_tv_template),
3115 .dec = __VECS(aes_lrw_dec_tv_template)
3119 .alg = "lrw(camellia)",
3120 .test = alg_test_skcipher,
3123 .enc = __VECS(camellia_lrw_enc_tv_template),
3124 .dec = __VECS(camellia_lrw_dec_tv_template)
3128 .alg = "lrw(cast6)",
3129 .test = alg_test_skcipher,
3132 .enc = __VECS(cast6_lrw_enc_tv_template),
3133 .dec = __VECS(cast6_lrw_dec_tv_template)
3137 .alg = "lrw(serpent)",
3138 .test = alg_test_skcipher,
3141 .enc = __VECS(serpent_lrw_enc_tv_template),
3142 .dec = __VECS(serpent_lrw_dec_tv_template)
3146 .alg = "lrw(twofish)",
3147 .test = alg_test_skcipher,
3150 .enc = __VECS(tf_lrw_enc_tv_template),
3151 .dec = __VECS(tf_lrw_dec_tv_template)
3156 .test = alg_test_comp,
3160 .comp = __VECS(lz4_comp_tv_template),
3161 .decomp = __VECS(lz4_decomp_tv_template)
3166 .test = alg_test_comp,
3170 .comp = __VECS(lz4hc_comp_tv_template),
3171 .decomp = __VECS(lz4hc_decomp_tv_template)
3176 .test = alg_test_comp,
3180 .comp = __VECS(lzo_comp_tv_template),
3181 .decomp = __VECS(lzo_decomp_tv_template)
3186 .test = alg_test_hash,
3188 .hash = __VECS(md4_tv_template)
3192 .test = alg_test_hash,
3194 .hash = __VECS(md5_tv_template)
3197 .alg = "michael_mic",
3198 .test = alg_test_hash,
3200 .hash = __VECS(michael_mic_tv_template)
3204 .test = alg_test_skcipher,
3208 .enc = __VECS(aes_ofb_enc_tv_template),
3209 .dec = __VECS(aes_ofb_dec_tv_template)
3213 .alg = "pcbc(fcrypt)",
3214 .test = alg_test_skcipher,
3217 .enc = __VECS(fcrypt_pcbc_enc_tv_template),
3218 .dec = __VECS(fcrypt_pcbc_dec_tv_template)
3223 .test = alg_test_hash,
3225 .hash = __VECS(poly1305_tv_template)
3228 .alg = "rfc3686(ctr(aes))",
3229 .test = alg_test_skcipher,
3233 .enc = __VECS(aes_ctr_rfc3686_enc_tv_template),
3234 .dec = __VECS(aes_ctr_rfc3686_dec_tv_template)
3238 .alg = "rfc4106(gcm(aes))",
3239 .test = alg_test_aead,
3243 .enc = __VECS(aes_gcm_rfc4106_enc_tv_template),
3244 .dec = __VECS(aes_gcm_rfc4106_dec_tv_template)
3248 .alg = "rfc4309(ccm(aes))",
3249 .test = alg_test_aead,
3253 .enc = __VECS(aes_ccm_rfc4309_enc_tv_template),
3254 .dec = __VECS(aes_ccm_rfc4309_dec_tv_template)
3258 .alg = "rfc4543(gcm(aes))",
3259 .test = alg_test_aead,
3262 .enc = __VECS(aes_gcm_rfc4543_enc_tv_template),
3263 .dec = __VECS(aes_gcm_rfc4543_dec_tv_template),
3267 .alg = "rfc7539(chacha20,poly1305)",
3268 .test = alg_test_aead,
3271 .enc = __VECS(rfc7539_enc_tv_template),
3272 .dec = __VECS(rfc7539_dec_tv_template),
3276 .alg = "rfc7539esp(chacha20,poly1305)",
3277 .test = alg_test_aead,
3280 .enc = __VECS(rfc7539esp_enc_tv_template),
3281 .dec = __VECS(rfc7539esp_dec_tv_template),
3286 .test = alg_test_hash,
3288 .hash = __VECS(rmd128_tv_template)
3292 .test = alg_test_hash,
3294 .hash = __VECS(rmd160_tv_template)
3298 .test = alg_test_hash,
3300 .hash = __VECS(rmd256_tv_template)
3304 .test = alg_test_hash,
3306 .hash = __VECS(rmd320_tv_template)
3310 .test = alg_test_akcipher,
3313 .akcipher = __VECS(rsa_tv_template)
3317 .test = alg_test_skcipher,
3320 .enc = __VECS(salsa20_stream_enc_tv_template)
3325 .test = alg_test_hash,
3328 .hash = __VECS(sha1_tv_template)
3332 .test = alg_test_hash,
3335 .hash = __VECS(sha224_tv_template)
3339 .test = alg_test_hash,
3342 .hash = __VECS(sha256_tv_template)
3346 .test = alg_test_hash,
3349 .hash = __VECS(sha3_224_tv_template)
3353 .test = alg_test_hash,
3356 .hash = __VECS(sha3_256_tv_template)
3360 .test = alg_test_hash,
3363 .hash = __VECS(sha3_384_tv_template)
3367 .test = alg_test_hash,
3370 .hash = __VECS(sha3_512_tv_template)
3374 .test = alg_test_hash,
3377 .hash = __VECS(sha384_tv_template)
3381 .test = alg_test_hash,
3384 .hash = __VECS(sha512_tv_template)
3388 .test = alg_test_hash,
3390 .hash = __VECS(tgr128_tv_template)
3394 .test = alg_test_hash,
3396 .hash = __VECS(tgr160_tv_template)
3400 .test = alg_test_hash,
3402 .hash = __VECS(tgr192_tv_template)
3406 .test = alg_test_hash,
3408 .hash = __VECS(aes_vmac128_tv_template)
3412 .test = alg_test_hash,
3414 .hash = __VECS(wp256_tv_template)
3418 .test = alg_test_hash,
3420 .hash = __VECS(wp384_tv_template)
3424 .test = alg_test_hash,
3426 .hash = __VECS(wp512_tv_template)
3430 .test = alg_test_hash,
3432 .hash = __VECS(aes_xcbc128_tv_template)
3436 .test = alg_test_skcipher,
3440 .enc = __VECS(aes_xts_enc_tv_template),
3441 .dec = __VECS(aes_xts_dec_tv_template)
3445 .alg = "xts(camellia)",
3446 .test = alg_test_skcipher,
3449 .enc = __VECS(camellia_xts_enc_tv_template),
3450 .dec = __VECS(camellia_xts_dec_tv_template)
3454 .alg = "xts(cast6)",
3455 .test = alg_test_skcipher,
3458 .enc = __VECS(cast6_xts_enc_tv_template),
3459 .dec = __VECS(cast6_xts_dec_tv_template)
3463 .alg = "xts(serpent)",
3464 .test = alg_test_skcipher,
3467 .enc = __VECS(serpent_xts_enc_tv_template),
3468 .dec = __VECS(serpent_xts_dec_tv_template)
3472 .alg = "xts(twofish)",
3473 .test = alg_test_skcipher,
3476 .enc = __VECS(tf_xts_enc_tv_template),
3477 .dec = __VECS(tf_xts_dec_tv_template)
3483 static bool alg_test_descs_checked;
3485 static void alg_test_descs_check_order(void)
3489 /* only check once */
3490 if (alg_test_descs_checked)
3493 alg_test_descs_checked = true;
3495 for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) {
3496 int diff = strcmp(alg_test_descs[i - 1].alg,
3497 alg_test_descs[i].alg);
3499 if (WARN_ON(diff > 0)) {
3500 pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n",
3501 alg_test_descs[i - 1].alg,
3502 alg_test_descs[i].alg);
3505 if (WARN_ON(diff == 0)) {
3506 pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n",
3507 alg_test_descs[i].alg);
3512 static int alg_find_test(const char *alg)
3515 int end = ARRAY_SIZE(alg_test_descs);
3517 while (start < end) {
3518 int i = (start + end) / 2;
3519 int diff = strcmp(alg_test_descs[i].alg, alg);
3537 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
3543 if (!fips_enabled && notests) {
3544 printk_once(KERN_INFO "alg: self-tests disabled\n");
3548 alg_test_descs_check_order();
3550 if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
3551 char nalg[CRYPTO_MAX_ALG_NAME];
3553 if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >=
3555 return -ENAMETOOLONG;
3557 i = alg_find_test(nalg);
3561 if (fips_enabled && !alg_test_descs[i].fips_allowed)
3564 rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
3568 i = alg_find_test(alg);
3569 j = alg_find_test(driver);
3573 if (fips_enabled && ((i >= 0 && !alg_test_descs[i].fips_allowed) ||
3574 (j >= 0 && !alg_test_descs[j].fips_allowed)))
3579 rc |= alg_test_descs[i].test(alg_test_descs + i, driver,
3581 if (j >= 0 && j != i)
3582 rc |= alg_test_descs[j].test(alg_test_descs + j, driver,
3586 if (fips_enabled && rc)
3587 panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
3589 if (fips_enabled && !rc)
3590 pr_info("alg: self-tests for %s (%s) passed\n", driver, alg);
3595 printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
3601 #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */
3603 EXPORT_SYMBOL_GPL(alg_test);
git.samba.org / sfrench / cifs-2.6.git / blob