2 * Algorithm testing framework and tests.
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
6 * Copyright (c) 2007 Nokia Siemens Networks
7 * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
9 * Updated RFC4106 AES-GCM testing.
10 * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com)
11 * Adrian Hoban <adrian.hoban@intel.com>
12 * Gabriele Paoloni <gabriele.paoloni@intel.com>
13 * Tadeusz Struk (tadeusz.struk@intel.com)
14 * Copyright (c) 2010, Intel Corporation.
16 * This program is free software; you can redistribute it and/or modify it
17 * under the terms of the GNU General Public License as published by the Free
18 * Software Foundation; either version 2 of the License, or (at your option)
23 #include <crypto/aead.h>
24 #include <crypto/hash.h>
25 #include <crypto/skcipher.h>
26 #include <linux/err.h>
27 #include <linux/fips.h>
28 #include <linux/module.h>
29 #include <linux/scatterlist.h>
30 #include <linux/slab.h>
31 #include <linux/string.h>
32 #include <crypto/rng.h>
33 #include <crypto/drbg.h>
34 #include <crypto/akcipher.h>
35 #include <crypto/kpp.h>
36 #include <crypto/acompress.h>
41 module_param(notests, bool, 0644);
42 MODULE_PARM_DESC(notests, "disable crypto self-tests");
44 #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
47 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
57 * Need slab memory for testing (size in number of pages).
62 * Indexes into the xbuf to simulate cross-page access.
74 * Used by test_cipher()
79 struct tcrypt_result {
80 struct completion completion;
84 struct aead_test_suite {
86 const struct aead_testvec *vecs;
91 struct cipher_test_suite {
93 const struct cipher_testvec *vecs;
98 struct comp_test_suite {
100 const struct comp_testvec *vecs;
105 struct hash_test_suite {
106 const struct hash_testvec *vecs;
110 struct cprng_test_suite {
111 const struct cprng_testvec *vecs;
115 struct drbg_test_suite {
116 const struct drbg_testvec *vecs;
120 struct akcipher_test_suite {
121 const struct akcipher_testvec *vecs;
125 struct kpp_test_suite {
126 const struct kpp_testvec *vecs;
130 struct alg_test_desc {
132 int (*test)(const struct alg_test_desc *desc, const char *driver,
134 int fips_allowed; /* set if alg is allowed in fips mode */
137 struct aead_test_suite aead;
138 struct cipher_test_suite cipher;
139 struct comp_test_suite comp;
140 struct hash_test_suite hash;
141 struct cprng_test_suite cprng;
142 struct drbg_test_suite drbg;
143 struct akcipher_test_suite akcipher;
144 struct kpp_test_suite kpp;
148 static const unsigned int IDX[8] = {
149 IDX1, IDX2, IDX3, IDX4, IDX5, IDX6, IDX7, IDX8 };
151 static void hexdump(unsigned char *buf, unsigned int len)
153 print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
158 static void tcrypt_complete(struct crypto_async_request *req, int err)
160 struct tcrypt_result *res = req->data;
162 if (err == -EINPROGRESS)
166 complete(&res->completion);
169 static int testmgr_alloc_buf(char *buf[XBUFSIZE])
173 for (i = 0; i < XBUFSIZE; i++) {
174 buf[i] = (void *)__get_free_page(GFP_KERNEL);
183 free_page((unsigned long)buf[i]);
188 static void testmgr_free_buf(char *buf[XBUFSIZE])
192 for (i = 0; i < XBUFSIZE; i++)
193 free_page((unsigned long)buf[i]);
196 static int wait_async_op(struct tcrypt_result *tr, int ret)
198 if (ret == -EINPROGRESS || ret == -EBUSY) {
199 wait_for_completion(&tr->completion);
200 reinit_completion(&tr->completion);
206 static int ahash_partial_update(struct ahash_request **preq,
207 struct crypto_ahash *tfm, const struct hash_testvec *template,
208 void *hash_buff, int k, int temp, struct scatterlist *sg,
209 const char *algo, char *result, struct tcrypt_result *tresult)
212 struct ahash_request *req;
213 int statesize, ret = -EINVAL;
214 const char guard[] = { 0x00, 0xba, 0xad, 0x00 };
217 statesize = crypto_ahash_statesize(
218 crypto_ahash_reqtfm(req));
219 state = kmalloc(statesize + sizeof(guard), GFP_KERNEL);
221 pr_err("alt: hash: Failed to alloc state for %s\n", algo);
224 memcpy(state + statesize, guard, sizeof(guard));
225 ret = crypto_ahash_export(req, state);
226 WARN_ON(memcmp(state + statesize, guard, sizeof(guard)));
228 pr_err("alt: hash: Failed to export() for %s\n", algo);
231 ahash_request_free(req);
232 req = ahash_request_alloc(tfm, GFP_KERNEL);
234 pr_err("alg: hash: Failed to alloc request for %s\n", algo);
237 ahash_request_set_callback(req,
238 CRYPTO_TFM_REQ_MAY_BACKLOG,
239 tcrypt_complete, tresult);
241 memcpy(hash_buff, template->plaintext + temp,
243 sg_init_one(&sg[0], hash_buff, template->tap[k]);
244 ahash_request_set_crypt(req, sg, result, template->tap[k]);
245 ret = crypto_ahash_import(req, state);
247 pr_err("alg: hash: Failed to import() for %s\n", algo);
250 ret = wait_async_op(tresult, crypto_ahash_update(req));
257 ahash_request_free(req);
264 static int __test_hash(struct crypto_ahash *tfm,
265 const struct hash_testvec *template, unsigned int tcount,
266 bool use_digest, const int align_offset)
268 const char *algo = crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
269 size_t digest_size = crypto_ahash_digestsize(tfm);
270 unsigned int i, j, k, temp;
271 struct scatterlist sg[8];
274 struct ahash_request *req;
275 struct tcrypt_result tresult;
277 char *xbuf[XBUFSIZE];
280 result = kmalloc(digest_size, GFP_KERNEL);
283 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
286 if (testmgr_alloc_buf(xbuf))
289 init_completion(&tresult.completion);
291 req = ahash_request_alloc(tfm, GFP_KERNEL);
293 printk(KERN_ERR "alg: hash: Failed to allocate request for "
297 ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
298 tcrypt_complete, &tresult);
301 for (i = 0; i < tcount; i++) {
306 if (WARN_ON(align_offset + template[i].psize > PAGE_SIZE))
310 memset(result, 0, digest_size);
313 hash_buff += align_offset;
315 memcpy(hash_buff, template[i].plaintext, template[i].psize);
316 sg_init_one(&sg[0], hash_buff, template[i].psize);
318 if (template[i].ksize) {
319 crypto_ahash_clear_flags(tfm, ~0);
320 if (template[i].ksize > MAX_KEYLEN) {
321 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
322 j, algo, template[i].ksize, MAX_KEYLEN);
326 memcpy(key, template[i].key, template[i].ksize);
327 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
329 printk(KERN_ERR "alg: hash: setkey failed on "
330 "test %d for %s: ret=%d\n", j, algo,
336 ahash_request_set_crypt(req, sg, result, template[i].psize);
338 ret = wait_async_op(&tresult, crypto_ahash_digest(req));
340 pr_err("alg: hash: digest failed on test %d "
341 "for %s: ret=%d\n", j, algo, -ret);
345 ret = wait_async_op(&tresult, crypto_ahash_init(req));
347 pr_err("alt: hash: init failed on test %d "
348 "for %s: ret=%d\n", j, algo, -ret);
351 ret = wait_async_op(&tresult, crypto_ahash_update(req));
353 pr_err("alt: hash: update failed on test %d "
354 "for %s: ret=%d\n", j, algo, -ret);
357 ret = wait_async_op(&tresult, crypto_ahash_final(req));
359 pr_err("alt: hash: final failed on test %d "
360 "for %s: ret=%d\n", j, algo, -ret);
365 if (memcmp(result, template[i].digest,
366 crypto_ahash_digestsize(tfm))) {
367 printk(KERN_ERR "alg: hash: Test %d failed for %s\n",
369 hexdump(result, crypto_ahash_digestsize(tfm));
376 for (i = 0; i < tcount; i++) {
377 /* alignment tests are only done with continuous buffers */
378 if (align_offset != 0)
385 memset(result, 0, digest_size);
388 sg_init_table(sg, template[i].np);
390 for (k = 0; k < template[i].np; k++) {
391 if (WARN_ON(offset_in_page(IDX[k]) +
392 template[i].tap[k] > PAGE_SIZE))
395 memcpy(xbuf[IDX[k] >> PAGE_SHIFT] +
396 offset_in_page(IDX[k]),
397 template[i].plaintext + temp,
400 temp += template[i].tap[k];
403 if (template[i].ksize) {
404 if (template[i].ksize > MAX_KEYLEN) {
405 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
406 j, algo, template[i].ksize, MAX_KEYLEN);
410 crypto_ahash_clear_flags(tfm, ~0);
411 memcpy(key, template[i].key, template[i].ksize);
412 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
415 printk(KERN_ERR "alg: hash: setkey "
416 "failed on chunking test %d "
417 "for %s: ret=%d\n", j, algo, -ret);
422 ahash_request_set_crypt(req, sg, result, template[i].psize);
423 ret = crypto_ahash_digest(req);
429 wait_for_completion(&tresult.completion);
430 reinit_completion(&tresult.completion);
436 printk(KERN_ERR "alg: hash: digest failed "
437 "on chunking test %d for %s: "
438 "ret=%d\n", j, algo, -ret);
442 if (memcmp(result, template[i].digest,
443 crypto_ahash_digestsize(tfm))) {
444 printk(KERN_ERR "alg: hash: Chunking test %d "
445 "failed for %s\n", j, algo);
446 hexdump(result, crypto_ahash_digestsize(tfm));
452 /* partial update exercise */
454 for (i = 0; i < tcount; i++) {
455 /* alignment tests are only done with continuous buffers */
456 if (align_offset != 0)
459 if (template[i].np < 2)
463 memset(result, 0, digest_size);
467 memcpy(hash_buff, template[i].plaintext,
469 sg_init_one(&sg[0], hash_buff, template[i].tap[0]);
471 if (template[i].ksize) {
472 crypto_ahash_clear_flags(tfm, ~0);
473 if (template[i].ksize > MAX_KEYLEN) {
474 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
475 j, algo, template[i].ksize, MAX_KEYLEN);
479 memcpy(key, template[i].key, template[i].ksize);
480 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
482 pr_err("alg: hash: setkey failed on test %d for %s: ret=%d\n",
488 ahash_request_set_crypt(req, sg, result, template[i].tap[0]);
489 ret = wait_async_op(&tresult, crypto_ahash_init(req));
491 pr_err("alt: hash: init failed on test %d for %s: ret=%d\n",
495 ret = wait_async_op(&tresult, crypto_ahash_update(req));
497 pr_err("alt: hash: update failed on test %d for %s: ret=%d\n",
502 temp = template[i].tap[0];
503 for (k = 1; k < template[i].np; k++) {
504 ret = ahash_partial_update(&req, tfm, &template[i],
505 hash_buff, k, temp, &sg[0], algo, result,
508 pr_err("hash: partial update failed on test %d for %s: ret=%d\n",
512 temp += template[i].tap[k];
514 ret = wait_async_op(&tresult, crypto_ahash_final(req));
516 pr_err("alt: hash: final failed on test %d for %s: ret=%d\n",
520 if (memcmp(result, template[i].digest,
521 crypto_ahash_digestsize(tfm))) {
522 pr_err("alg: hash: Partial Test %d failed for %s\n",
524 hexdump(result, crypto_ahash_digestsize(tfm));
533 ahash_request_free(req);
535 testmgr_free_buf(xbuf);
542 static int test_hash(struct crypto_ahash *tfm,
543 const struct hash_testvec *template,
544 unsigned int tcount, bool use_digest)
546 unsigned int alignmask;
549 ret = __test_hash(tfm, template, tcount, use_digest, 0);
553 /* test unaligned buffers, check with one byte offset */
554 ret = __test_hash(tfm, template, tcount, use_digest, 1);
558 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
560 /* Check if alignment mask for tfm is correctly set. */
561 ret = __test_hash(tfm, template, tcount, use_digest,
570 static int __test_aead(struct crypto_aead *tfm, int enc,
571 const struct aead_testvec *template, unsigned int tcount,
572 const bool diff_dst, const int align_offset)
574 const char *algo = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
575 unsigned int i, j, k, n, temp;
579 struct aead_request *req;
580 struct scatterlist *sg;
581 struct scatterlist *sgout;
583 struct tcrypt_result result;
584 unsigned int authsize, iv_len;
589 char *xbuf[XBUFSIZE];
590 char *xoutbuf[XBUFSIZE];
591 char *axbuf[XBUFSIZE];
593 iv = kzalloc(MAX_IVLEN, GFP_KERNEL);
596 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
599 if (testmgr_alloc_buf(xbuf))
601 if (testmgr_alloc_buf(axbuf))
603 if (diff_dst && testmgr_alloc_buf(xoutbuf))
606 /* avoid "the frame size is larger than 1024 bytes" compiler warning */
607 sg = kmalloc(sizeof(*sg) * 8 * (diff_dst ? 4 : 2), GFP_KERNEL);
622 init_completion(&result.completion);
624 req = aead_request_alloc(tfm, GFP_KERNEL);
626 pr_err("alg: aead%s: Failed to allocate request for %s\n",
631 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
632 tcrypt_complete, &result);
634 iv_len = crypto_aead_ivsize(tfm);
636 for (i = 0, j = 0; i < tcount; i++) {
642 /* some templates have no input data but they will
646 input += align_offset;
650 if (WARN_ON(align_offset + template[i].ilen >
651 PAGE_SIZE || template[i].alen > PAGE_SIZE))
654 memcpy(input, template[i].input, template[i].ilen);
655 memcpy(assoc, template[i].assoc, template[i].alen);
657 memcpy(iv, template[i].iv, iv_len);
659 memset(iv, 0, iv_len);
661 crypto_aead_clear_flags(tfm, ~0);
663 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
665 if (template[i].klen > MAX_KEYLEN) {
666 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
667 d, j, algo, template[i].klen,
672 memcpy(key, template[i].key, template[i].klen);
674 ret = crypto_aead_setkey(tfm, key, template[i].klen);
675 if (template[i].fail == !ret) {
676 pr_err("alg: aead%s: setkey failed on test %d for %s: flags=%x\n",
677 d, j, algo, crypto_aead_get_flags(tfm));
682 authsize = abs(template[i].rlen - template[i].ilen);
683 ret = crypto_aead_setauthsize(tfm, authsize);
685 pr_err("alg: aead%s: Failed to set authsize to %u on test %d for %s\n",
686 d, authsize, j, algo);
690 k = !!template[i].alen;
691 sg_init_table(sg, k + 1);
692 sg_set_buf(&sg[0], assoc, template[i].alen);
693 sg_set_buf(&sg[k], input,
694 template[i].ilen + (enc ? authsize : 0));
698 sg_init_table(sgout, k + 1);
699 sg_set_buf(&sgout[0], assoc, template[i].alen);
702 output += align_offset;
703 sg_set_buf(&sgout[k], output,
704 template[i].rlen + (enc ? 0 : authsize));
707 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
708 template[i].ilen, iv);
710 aead_request_set_ad(req, template[i].alen);
712 ret = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);
716 if (template[i].novrfy) {
717 /* verification was supposed to fail */
718 pr_err("alg: aead%s: %s failed on test %d for %s: ret was 0, expected -EBADMSG\n",
720 /* so really, we got a bad message */
727 wait_for_completion(&result.completion);
728 reinit_completion(&result.completion);
733 if (template[i].novrfy)
734 /* verification failure was expected */
738 pr_err("alg: aead%s: %s failed on test %d for %s: ret=%d\n",
739 d, e, j, algo, -ret);
744 if (memcmp(q, template[i].result, template[i].rlen)) {
745 pr_err("alg: aead%s: Test %d failed on %s for %s\n",
747 hexdump(q, template[i].rlen);
753 for (i = 0, j = 0; i < tcount; i++) {
754 /* alignment tests are only done with continuous buffers */
755 if (align_offset != 0)
764 memcpy(iv, template[i].iv, iv_len);
766 memset(iv, 0, MAX_IVLEN);
768 crypto_aead_clear_flags(tfm, ~0);
770 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
771 if (template[i].klen > MAX_KEYLEN) {
772 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
773 d, j, algo, template[i].klen, MAX_KEYLEN);
777 memcpy(key, template[i].key, template[i].klen);
779 ret = crypto_aead_setkey(tfm, key, template[i].klen);
780 if (template[i].fail == !ret) {
781 pr_err("alg: aead%s: setkey failed on chunk test %d for %s: flags=%x\n",
782 d, j, algo, crypto_aead_get_flags(tfm));
787 authsize = abs(template[i].rlen - template[i].ilen);
790 sg_init_table(sg, template[i].anp + template[i].np);
792 sg_init_table(sgout, template[i].anp + template[i].np);
795 for (k = 0, temp = 0; k < template[i].anp; k++) {
796 if (WARN_ON(offset_in_page(IDX[k]) +
797 template[i].atap[k] > PAGE_SIZE))
800 memcpy(axbuf[IDX[k] >> PAGE_SHIFT] +
801 offset_in_page(IDX[k]),
802 template[i].assoc + temp,
803 template[i].atap[k]),
804 template[i].atap[k]);
806 sg_set_buf(&sgout[k],
807 axbuf[IDX[k] >> PAGE_SHIFT] +
808 offset_in_page(IDX[k]),
809 template[i].atap[k]);
810 temp += template[i].atap[k];
813 for (k = 0, temp = 0; k < template[i].np; k++) {
814 if (WARN_ON(offset_in_page(IDX[k]) +
815 template[i].tap[k] > PAGE_SIZE))
818 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
819 memcpy(q, template[i].input + temp, template[i].tap[k]);
820 sg_set_buf(&sg[template[i].anp + k],
821 q, template[i].tap[k]);
824 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
825 offset_in_page(IDX[k]);
827 memset(q, 0, template[i].tap[k]);
829 sg_set_buf(&sgout[template[i].anp + k],
830 q, template[i].tap[k]);
833 n = template[i].tap[k];
834 if (k == template[i].np - 1 && enc)
836 if (offset_in_page(q) + n < PAGE_SIZE)
839 temp += template[i].tap[k];
842 ret = crypto_aead_setauthsize(tfm, authsize);
844 pr_err("alg: aead%s: Failed to set authsize to %u on chunk test %d for %s\n",
845 d, authsize, j, algo);
850 if (WARN_ON(sg[template[i].anp + k - 1].offset +
851 sg[template[i].anp + k - 1].length +
852 authsize > PAGE_SIZE)) {
858 sgout[template[i].anp + k - 1].length +=
860 sg[template[i].anp + k - 1].length += authsize;
863 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
867 aead_request_set_ad(req, template[i].alen);
869 ret = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);
873 if (template[i].novrfy) {
874 /* verification was supposed to fail */
875 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret was 0, expected -EBADMSG\n",
877 /* so really, we got a bad message */
884 wait_for_completion(&result.completion);
885 reinit_completion(&result.completion);
890 if (template[i].novrfy)
891 /* verification failure was expected */
895 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret=%d\n",
896 d, e, j, algo, -ret);
901 for (k = 0, temp = 0; k < template[i].np; k++) {
903 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
904 offset_in_page(IDX[k]);
906 q = xbuf[IDX[k] >> PAGE_SHIFT] +
907 offset_in_page(IDX[k]);
909 n = template[i].tap[k];
910 if (k == template[i].np - 1)
911 n += enc ? authsize : -authsize;
913 if (memcmp(q, template[i].result + temp, n)) {
914 pr_err("alg: aead%s: Chunk test %d failed on %s at page %u for %s\n",
921 if (k == template[i].np - 1 && !enc) {
923 memcmp(q, template[i].input +
929 for (n = 0; offset_in_page(q + n) && q[n]; n++)
933 pr_err("alg: aead%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
934 d, j, e, k, algo, n);
939 temp += template[i].tap[k];
946 aead_request_free(req);
950 testmgr_free_buf(xoutbuf);
952 testmgr_free_buf(axbuf);
954 testmgr_free_buf(xbuf);
961 static int test_aead(struct crypto_aead *tfm, int enc,
962 const struct aead_testvec *template, unsigned int tcount)
964 unsigned int alignmask;
967 /* test 'dst == src' case */
968 ret = __test_aead(tfm, enc, template, tcount, false, 0);
972 /* test 'dst != src' case */
973 ret = __test_aead(tfm, enc, template, tcount, true, 0);
977 /* test unaligned buffers, check with one byte offset */
978 ret = __test_aead(tfm, enc, template, tcount, true, 1);
982 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
984 /* Check if alignment mask for tfm is correctly set. */
985 ret = __test_aead(tfm, enc, template, tcount, true,
994 static int test_cipher(struct crypto_cipher *tfm, int enc,
995 const struct cipher_testvec *template,
998 const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm));
999 unsigned int i, j, k;
1003 char *xbuf[XBUFSIZE];
1006 if (testmgr_alloc_buf(xbuf))
1015 for (i = 0; i < tcount; i++) {
1019 if (fips_enabled && template[i].fips_skip)
1025 if (WARN_ON(template[i].ilen > PAGE_SIZE))
1029 memcpy(data, template[i].input, template[i].ilen);
1031 crypto_cipher_clear_flags(tfm, ~0);
1033 crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
1035 ret = crypto_cipher_setkey(tfm, template[i].key,
1037 if (template[i].fail == !ret) {
1038 printk(KERN_ERR "alg: cipher: setkey failed "
1039 "on test %d for %s: flags=%x\n", j,
1040 algo, crypto_cipher_get_flags(tfm));
1045 for (k = 0; k < template[i].ilen;
1046 k += crypto_cipher_blocksize(tfm)) {
1048 crypto_cipher_encrypt_one(tfm, data + k,
1051 crypto_cipher_decrypt_one(tfm, data + k,
1056 if (memcmp(q, template[i].result, template[i].rlen)) {
1057 printk(KERN_ERR "alg: cipher: Test %d failed "
1058 "on %s for %s\n", j, e, algo);
1059 hexdump(q, template[i].rlen);
1068 testmgr_free_buf(xbuf);
1073 static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
1074 const struct cipher_testvec *template,
1075 unsigned int tcount,
1076 const bool diff_dst, const int align_offset)
1079 crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
1080 unsigned int i, j, k, n, temp;
1082 struct skcipher_request *req;
1083 struct scatterlist sg[8];
1084 struct scatterlist sgout[8];
1086 struct tcrypt_result result;
1089 char *xbuf[XBUFSIZE];
1090 char *xoutbuf[XBUFSIZE];
1092 unsigned int ivsize = crypto_skcipher_ivsize(tfm);
1094 if (testmgr_alloc_buf(xbuf))
1097 if (diff_dst && testmgr_alloc_buf(xoutbuf))
1110 init_completion(&result.completion);
1112 req = skcipher_request_alloc(tfm, GFP_KERNEL);
1114 pr_err("alg: skcipher%s: Failed to allocate request for %s\n",
1119 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1120 tcrypt_complete, &result);
1123 for (i = 0; i < tcount; i++) {
1124 if (template[i].np && !template[i].also_non_np)
1127 if (fips_enabled && template[i].fips_skip)
1131 memcpy(iv, template[i].iv, ivsize);
1133 memset(iv, 0, MAX_IVLEN);
1137 if (WARN_ON(align_offset + template[i].ilen > PAGE_SIZE))
1141 data += align_offset;
1142 memcpy(data, template[i].input, template[i].ilen);
1144 crypto_skcipher_clear_flags(tfm, ~0);
1146 crypto_skcipher_set_flags(tfm,
1147 CRYPTO_TFM_REQ_WEAK_KEY);
1149 ret = crypto_skcipher_setkey(tfm, template[i].key,
1151 if (template[i].fail == !ret) {
1152 pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n",
1153 d, j, algo, crypto_skcipher_get_flags(tfm));
1158 sg_init_one(&sg[0], data, template[i].ilen);
1161 data += align_offset;
1162 sg_init_one(&sgout[0], data, template[i].ilen);
1165 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1166 template[i].ilen, iv);
1167 ret = enc ? crypto_skcipher_encrypt(req) :
1168 crypto_skcipher_decrypt(req);
1175 wait_for_completion(&result.completion);
1176 reinit_completion(&result.completion);
1182 pr_err("alg: skcipher%s: %s failed on test %d for %s: ret=%d\n",
1183 d, e, j, algo, -ret);
1188 if (memcmp(q, template[i].result, template[i].rlen)) {
1189 pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n",
1191 hexdump(q, template[i].rlen);
1196 if (template[i].iv_out &&
1197 memcmp(iv, template[i].iv_out,
1198 crypto_skcipher_ivsize(tfm))) {
1199 pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n",
1201 hexdump(iv, crypto_skcipher_ivsize(tfm));
1208 for (i = 0; i < tcount; i++) {
1209 /* alignment tests are only done with continuous buffers */
1210 if (align_offset != 0)
1213 if (!template[i].np)
1216 if (fips_enabled && template[i].fips_skip)
1220 memcpy(iv, template[i].iv, ivsize);
1222 memset(iv, 0, MAX_IVLEN);
1225 crypto_skcipher_clear_flags(tfm, ~0);
1227 crypto_skcipher_set_flags(tfm,
1228 CRYPTO_TFM_REQ_WEAK_KEY);
1230 ret = crypto_skcipher_setkey(tfm, template[i].key,
1232 if (template[i].fail == !ret) {
1233 pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n",
1234 d, j, algo, crypto_skcipher_get_flags(tfm));
1241 sg_init_table(sg, template[i].np);
1243 sg_init_table(sgout, template[i].np);
1244 for (k = 0; k < template[i].np; k++) {
1245 if (WARN_ON(offset_in_page(IDX[k]) +
1246 template[i].tap[k] > PAGE_SIZE))
1249 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
1251 memcpy(q, template[i].input + temp, template[i].tap[k]);
1253 if (offset_in_page(q) + template[i].tap[k] < PAGE_SIZE)
1254 q[template[i].tap[k]] = 0;
1256 sg_set_buf(&sg[k], q, template[i].tap[k]);
1258 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1259 offset_in_page(IDX[k]);
1261 sg_set_buf(&sgout[k], q, template[i].tap[k]);
1263 memset(q, 0, template[i].tap[k]);
1264 if (offset_in_page(q) +
1265 template[i].tap[k] < PAGE_SIZE)
1266 q[template[i].tap[k]] = 0;
1269 temp += template[i].tap[k];
1272 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1273 template[i].ilen, iv);
1275 ret = enc ? crypto_skcipher_encrypt(req) :
1276 crypto_skcipher_decrypt(req);
1283 wait_for_completion(&result.completion);
1284 reinit_completion(&result.completion);
1290 pr_err("alg: skcipher%s: %s failed on chunk test %d for %s: ret=%d\n",
1291 d, e, j, algo, -ret);
1297 for (k = 0; k < template[i].np; k++) {
1299 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1300 offset_in_page(IDX[k]);
1302 q = xbuf[IDX[k] >> PAGE_SHIFT] +
1303 offset_in_page(IDX[k]);
1305 if (memcmp(q, template[i].result + temp,
1306 template[i].tap[k])) {
1307 pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n",
1309 hexdump(q, template[i].tap[k]);
1313 q += template[i].tap[k];
1314 for (n = 0; offset_in_page(q + n) && q[n]; n++)
1317 pr_err("alg: skcipher%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
1318 d, j, e, k, algo, n);
1322 temp += template[i].tap[k];
1329 skcipher_request_free(req);
1331 testmgr_free_buf(xoutbuf);
1333 testmgr_free_buf(xbuf);
1338 static int test_skcipher(struct crypto_skcipher *tfm, int enc,
1339 const struct cipher_testvec *template,
1340 unsigned int tcount)
1342 unsigned int alignmask;
1345 /* test 'dst == src' case */
1346 ret = __test_skcipher(tfm, enc, template, tcount, false, 0);
1350 /* test 'dst != src' case */
1351 ret = __test_skcipher(tfm, enc, template, tcount, true, 0);
1355 /* test unaligned buffers, check with one byte offset */
1356 ret = __test_skcipher(tfm, enc, template, tcount, true, 1);
1360 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
1362 /* Check if alignment mask for tfm is correctly set. */
1363 ret = __test_skcipher(tfm, enc, template, tcount, true,
1372 static int test_comp(struct crypto_comp *tfm,
1373 const struct comp_testvec *ctemplate,
1374 const struct comp_testvec *dtemplate,
1375 int ctcount, int dtcount)
1377 const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm));
1379 char result[COMP_BUF_SIZE];
1382 for (i = 0; i < ctcount; i++) {
1384 unsigned int dlen = COMP_BUF_SIZE;
1386 memset(result, 0, sizeof (result));
1388 ilen = ctemplate[i].inlen;
1389 ret = crypto_comp_compress(tfm, ctemplate[i].input,
1390 ilen, result, &dlen);
1392 printk(KERN_ERR "alg: comp: compression failed "
1393 "on test %d for %s: ret=%d\n", i + 1, algo,
1398 if (dlen != ctemplate[i].outlen) {
1399 printk(KERN_ERR "alg: comp: Compression test %d "
1400 "failed for %s: output len = %d\n", i + 1, algo,
1406 if (memcmp(result, ctemplate[i].output, dlen)) {
1407 printk(KERN_ERR "alg: comp: Compression test %d "
1408 "failed for %s\n", i + 1, algo);
1409 hexdump(result, dlen);
1415 for (i = 0; i < dtcount; i++) {
1417 unsigned int dlen = COMP_BUF_SIZE;
1419 memset(result, 0, sizeof (result));
1421 ilen = dtemplate[i].inlen;
1422 ret = crypto_comp_decompress(tfm, dtemplate[i].input,
1423 ilen, result, &dlen);
1425 printk(KERN_ERR "alg: comp: decompression failed "
1426 "on test %d for %s: ret=%d\n", i + 1, algo,
1431 if (dlen != dtemplate[i].outlen) {
1432 printk(KERN_ERR "alg: comp: Decompression test %d "
1433 "failed for %s: output len = %d\n", i + 1, algo,
1439 if (memcmp(result, dtemplate[i].output, dlen)) {
1440 printk(KERN_ERR "alg: comp: Decompression test %d "
1441 "failed for %s\n", i + 1, algo);
1442 hexdump(result, dlen);
1454 static int test_acomp(struct crypto_acomp *tfm,
1455 const struct comp_testvec *ctemplate,
1456 const struct comp_testvec *dtemplate,
1457 int ctcount, int dtcount)
1459 const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm));
1461 char *output, *decomp_out;
1463 struct scatterlist src, dst;
1464 struct acomp_req *req;
1465 struct tcrypt_result result;
1467 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1471 decomp_out = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1477 for (i = 0; i < ctcount; i++) {
1478 unsigned int dlen = COMP_BUF_SIZE;
1479 int ilen = ctemplate[i].inlen;
1482 input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL);
1488 memset(output, 0, dlen);
1489 init_completion(&result.completion);
1490 sg_init_one(&src, input_vec, ilen);
1491 sg_init_one(&dst, output, dlen);
1493 req = acomp_request_alloc(tfm);
1495 pr_err("alg: acomp: request alloc failed for %s\n",
1502 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1503 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1504 tcrypt_complete, &result);
1506 ret = wait_async_op(&result, crypto_acomp_compress(req));
1508 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1511 acomp_request_free(req);
1516 dlen = COMP_BUF_SIZE;
1517 sg_init_one(&src, output, ilen);
1518 sg_init_one(&dst, decomp_out, dlen);
1519 init_completion(&result.completion);
1520 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1522 ret = wait_async_op(&result, crypto_acomp_decompress(req));
1524 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1527 acomp_request_free(req);
1531 if (req->dlen != ctemplate[i].inlen) {
1532 pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n",
1533 i + 1, algo, req->dlen);
1536 acomp_request_free(req);
1540 if (memcmp(input_vec, decomp_out, req->dlen)) {
1541 pr_err("alg: acomp: Compression test %d failed for %s\n",
1543 hexdump(output, req->dlen);
1546 acomp_request_free(req);
1551 acomp_request_free(req);
1554 for (i = 0; i < dtcount; i++) {
1555 unsigned int dlen = COMP_BUF_SIZE;
1556 int ilen = dtemplate[i].inlen;
1559 input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL);
1565 memset(output, 0, dlen);
1566 init_completion(&result.completion);
1567 sg_init_one(&src, input_vec, ilen);
1568 sg_init_one(&dst, output, dlen);
1570 req = acomp_request_alloc(tfm);
1572 pr_err("alg: acomp: request alloc failed for %s\n",
1579 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1580 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1581 tcrypt_complete, &result);
1583 ret = wait_async_op(&result, crypto_acomp_decompress(req));
1585 pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n",
1588 acomp_request_free(req);
1592 if (req->dlen != dtemplate[i].outlen) {
1593 pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n",
1594 i + 1, algo, req->dlen);
1597 acomp_request_free(req);
1601 if (memcmp(output, dtemplate[i].output, req->dlen)) {
1602 pr_err("alg: acomp: Decompression test %d failed for %s\n",
1604 hexdump(output, req->dlen);
1607 acomp_request_free(req);
1612 acomp_request_free(req);
1623 static int test_cprng(struct crypto_rng *tfm,
1624 const struct cprng_testvec *template,
1625 unsigned int tcount)
1627 const char *algo = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm));
1628 int err = 0, i, j, seedsize;
1632 seedsize = crypto_rng_seedsize(tfm);
1634 seed = kmalloc(seedsize, GFP_KERNEL);
1636 printk(KERN_ERR "alg: cprng: Failed to allocate seed space "
1641 for (i = 0; i < tcount; i++) {
1642 memset(result, 0, 32);
1644 memcpy(seed, template[i].v, template[i].vlen);
1645 memcpy(seed + template[i].vlen, template[i].key,
1647 memcpy(seed + template[i].vlen + template[i].klen,
1648 template[i].dt, template[i].dtlen);
1650 err = crypto_rng_reset(tfm, seed, seedsize);
1652 printk(KERN_ERR "alg: cprng: Failed to reset rng "
1657 for (j = 0; j < template[i].loops; j++) {
1658 err = crypto_rng_get_bytes(tfm, result,
1661 printk(KERN_ERR "alg: cprng: Failed to obtain "
1662 "the correct amount of random data for "
1663 "%s (requested %d)\n", algo,
1669 err = memcmp(result, template[i].result,
1672 printk(KERN_ERR "alg: cprng: Test %d failed for %s\n",
1674 hexdump(result, template[i].rlen);
1685 static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
1688 struct crypto_aead *tfm;
1691 tfm = crypto_alloc_aead(driver, type, mask);
1693 printk(KERN_ERR "alg: aead: Failed to load transform for %s: "
1694 "%ld\n", driver, PTR_ERR(tfm));
1695 return PTR_ERR(tfm);
1698 if (desc->suite.aead.enc.vecs) {
1699 err = test_aead(tfm, ENCRYPT, desc->suite.aead.enc.vecs,
1700 desc->suite.aead.enc.count);
1705 if (!err && desc->suite.aead.dec.vecs)
1706 err = test_aead(tfm, DECRYPT, desc->suite.aead.dec.vecs,
1707 desc->suite.aead.dec.count);
1710 crypto_free_aead(tfm);
1714 static int alg_test_cipher(const struct alg_test_desc *desc,
1715 const char *driver, u32 type, u32 mask)
1717 struct crypto_cipher *tfm;
1720 tfm = crypto_alloc_cipher(driver, type, mask);
1722 printk(KERN_ERR "alg: cipher: Failed to load transform for "
1723 "%s: %ld\n", driver, PTR_ERR(tfm));
1724 return PTR_ERR(tfm);
1727 if (desc->suite.cipher.enc.vecs) {
1728 err = test_cipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs,
1729 desc->suite.cipher.enc.count);
1734 if (desc->suite.cipher.dec.vecs)
1735 err = test_cipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs,
1736 desc->suite.cipher.dec.count);
1739 crypto_free_cipher(tfm);
1743 static int alg_test_skcipher(const struct alg_test_desc *desc,
1744 const char *driver, u32 type, u32 mask)
1746 struct crypto_skcipher *tfm;
1749 tfm = crypto_alloc_skcipher(driver, type, mask);
1751 printk(KERN_ERR "alg: skcipher: Failed to load transform for "
1752 "%s: %ld\n", driver, PTR_ERR(tfm));
1753 return PTR_ERR(tfm);
1756 if (desc->suite.cipher.enc.vecs) {
1757 err = test_skcipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs,
1758 desc->suite.cipher.enc.count);
1763 if (desc->suite.cipher.dec.vecs)
1764 err = test_skcipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs,
1765 desc->suite.cipher.dec.count);
1768 crypto_free_skcipher(tfm);
1772 static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
1775 struct crypto_comp *comp;
1776 struct crypto_acomp *acomp;
1778 u32 algo_type = type & CRYPTO_ALG_TYPE_ACOMPRESS_MASK;
1780 if (algo_type == CRYPTO_ALG_TYPE_ACOMPRESS) {
1781 acomp = crypto_alloc_acomp(driver, type, mask);
1782 if (IS_ERR(acomp)) {
1783 pr_err("alg: acomp: Failed to load transform for %s: %ld\n",
1784 driver, PTR_ERR(acomp));
1785 return PTR_ERR(acomp);
1787 err = test_acomp(acomp, desc->suite.comp.comp.vecs,
1788 desc->suite.comp.decomp.vecs,
1789 desc->suite.comp.comp.count,
1790 desc->suite.comp.decomp.count);
1791 crypto_free_acomp(acomp);
1793 comp = crypto_alloc_comp(driver, type, mask);
1795 pr_err("alg: comp: Failed to load transform for %s: %ld\n",
1796 driver, PTR_ERR(comp));
1797 return PTR_ERR(comp);
1800 err = test_comp(comp, desc->suite.comp.comp.vecs,
1801 desc->suite.comp.decomp.vecs,
1802 desc->suite.comp.comp.count,
1803 desc->suite.comp.decomp.count);
1805 crypto_free_comp(comp);
1810 static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
1813 struct crypto_ahash *tfm;
1816 tfm = crypto_alloc_ahash(driver, type, mask);
1818 printk(KERN_ERR "alg: hash: Failed to load transform for %s: "
1819 "%ld\n", driver, PTR_ERR(tfm));
1820 return PTR_ERR(tfm);
1823 err = test_hash(tfm, desc->suite.hash.vecs,
1824 desc->suite.hash.count, true);
1826 err = test_hash(tfm, desc->suite.hash.vecs,
1827 desc->suite.hash.count, false);
1829 crypto_free_ahash(tfm);
1833 static int alg_test_crc32c(const struct alg_test_desc *desc,
1834 const char *driver, u32 type, u32 mask)
1836 struct crypto_shash *tfm;
1840 err = alg_test_hash(desc, driver, type, mask);
1844 tfm = crypto_alloc_shash(driver, type, mask);
1846 printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: "
1847 "%ld\n", driver, PTR_ERR(tfm));
1853 SHASH_DESC_ON_STACK(shash, tfm);
1854 u32 *ctx = (u32 *)shash_desc_ctx(shash);
1859 *ctx = le32_to_cpu(420553207);
1860 err = crypto_shash_final(shash, (u8 *)&val);
1862 printk(KERN_ERR "alg: crc32c: Operation failed for "
1863 "%s: %d\n", driver, err);
1867 if (val != ~420553207) {
1868 printk(KERN_ERR "alg: crc32c: Test failed for %s: "
1869 "%d\n", driver, val);
1874 crypto_free_shash(tfm);
1880 static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver,
1883 struct crypto_rng *rng;
1886 rng = crypto_alloc_rng(driver, type, mask);
1888 printk(KERN_ERR "alg: cprng: Failed to load transform for %s: "
1889 "%ld\n", driver, PTR_ERR(rng));
1890 return PTR_ERR(rng);
1893 err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count);
1895 crypto_free_rng(rng);
1901 static int drbg_cavs_test(const struct drbg_testvec *test, int pr,
1902 const char *driver, u32 type, u32 mask)
1905 struct crypto_rng *drng;
1906 struct drbg_test_data test_data;
1907 struct drbg_string addtl, pers, testentropy;
1908 unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL);
1913 drng = crypto_alloc_rng(driver, type, mask);
1915 printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for "
1921 test_data.testentropy = &testentropy;
1922 drbg_string_fill(&testentropy, test->entropy, test->entropylen);
1923 drbg_string_fill(&pers, test->pers, test->perslen);
1924 ret = crypto_drbg_reset_test(drng, &pers, &test_data);
1926 printk(KERN_ERR "alg: drbg: Failed to reset rng\n");
1930 drbg_string_fill(&addtl, test->addtla, test->addtllen);
1932 drbg_string_fill(&testentropy, test->entpra, test->entprlen);
1933 ret = crypto_drbg_get_bytes_addtl_test(drng,
1934 buf, test->expectedlen, &addtl, &test_data);
1936 ret = crypto_drbg_get_bytes_addtl(drng,
1937 buf, test->expectedlen, &addtl);
1940 printk(KERN_ERR "alg: drbg: could not obtain random data for "
1941 "driver %s\n", driver);
1945 drbg_string_fill(&addtl, test->addtlb, test->addtllen);
1947 drbg_string_fill(&testentropy, test->entprb, test->entprlen);
1948 ret = crypto_drbg_get_bytes_addtl_test(drng,
1949 buf, test->expectedlen, &addtl, &test_data);
1951 ret = crypto_drbg_get_bytes_addtl(drng,
1952 buf, test->expectedlen, &addtl);
1955 printk(KERN_ERR "alg: drbg: could not obtain random data for "
1956 "driver %s\n", driver);
1960 ret = memcmp(test->expected, buf, test->expectedlen);
1963 crypto_free_rng(drng);
1969 static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver,
1975 const struct drbg_testvec *template = desc->suite.drbg.vecs;
1976 unsigned int tcount = desc->suite.drbg.count;
1978 if (0 == memcmp(driver, "drbg_pr_", 8))
1981 for (i = 0; i < tcount; i++) {
1982 err = drbg_cavs_test(&template[i], pr, driver, type, mask);
1984 printk(KERN_ERR "alg: drbg: Test %d failed for %s\n",
1994 static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,
1997 struct kpp_request *req;
1998 void *input_buf = NULL;
1999 void *output_buf = NULL;
2000 struct tcrypt_result result;
2001 unsigned int out_len_max;
2003 struct scatterlist src, dst;
2005 req = kpp_request_alloc(tfm, GFP_KERNEL);
2009 init_completion(&result.completion);
2011 err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size);
2015 out_len_max = crypto_kpp_maxsize(tfm);
2016 output_buf = kzalloc(out_len_max, GFP_KERNEL);
2022 /* Use appropriate parameter as base */
2023 kpp_request_set_input(req, NULL, 0);
2024 sg_init_one(&dst, output_buf, out_len_max);
2025 kpp_request_set_output(req, &dst, out_len_max);
2026 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2027 tcrypt_complete, &result);
2029 /* Compute public key */
2030 err = wait_async_op(&result, crypto_kpp_generate_public_key(req));
2032 pr_err("alg: %s: generate public key test failed. err %d\n",
2036 /* Verify calculated public key */
2037 if (memcmp(vec->expected_a_public, sg_virt(req->dst),
2038 vec->expected_a_public_size)) {
2039 pr_err("alg: %s: generate public key test failed. Invalid output\n",
2045 /* Calculate shared secret key by using counter part (b) public key. */
2046 input_buf = kzalloc(vec->b_public_size, GFP_KERNEL);
2052 memcpy(input_buf, vec->b_public, vec->b_public_size);
2053 sg_init_one(&src, input_buf, vec->b_public_size);
2054 sg_init_one(&dst, output_buf, out_len_max);
2055 kpp_request_set_input(req, &src, vec->b_public_size);
2056 kpp_request_set_output(req, &dst, out_len_max);
2057 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2058 tcrypt_complete, &result);
2059 err = wait_async_op(&result, crypto_kpp_compute_shared_secret(req));
2061 pr_err("alg: %s: compute shard secret test failed. err %d\n",
2066 * verify shared secret from which the user will derive
2067 * secret key by executing whatever hash it has chosen
2069 if (memcmp(vec->expected_ss, sg_virt(req->dst),
2070 vec->expected_ss_size)) {
2071 pr_err("alg: %s: compute shared secret test failed. Invalid output\n",
2081 kpp_request_free(req);
2085 static int test_kpp(struct crypto_kpp *tfm, const char *alg,
2086 const struct kpp_testvec *vecs, unsigned int tcount)
2090 for (i = 0; i < tcount; i++) {
2091 ret = do_test_kpp(tfm, vecs++, alg);
2093 pr_err("alg: %s: test failed on vector %d, err=%d\n",
2101 static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,
2104 struct crypto_kpp *tfm;
2107 tfm = crypto_alloc_kpp(driver, type, mask);
2109 pr_err("alg: kpp: Failed to load tfm for %s: %ld\n",
2110 driver, PTR_ERR(tfm));
2111 return PTR_ERR(tfm);
2113 if (desc->suite.kpp.vecs)
2114 err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs,
2115 desc->suite.kpp.count);
2117 crypto_free_kpp(tfm);
2121 static int test_akcipher_one(struct crypto_akcipher *tfm,
2122 const struct akcipher_testvec *vecs)
2124 char *xbuf[XBUFSIZE];
2125 struct akcipher_request *req;
2126 void *outbuf_enc = NULL;
2127 void *outbuf_dec = NULL;
2128 struct tcrypt_result result;
2129 unsigned int out_len_max, out_len = 0;
2131 struct scatterlist src, dst, src_tab[2];
2133 if (testmgr_alloc_buf(xbuf))
2136 req = akcipher_request_alloc(tfm, GFP_KERNEL);
2140 init_completion(&result.completion);
2142 if (vecs->public_key_vec)
2143 err = crypto_akcipher_set_pub_key(tfm, vecs->key,
2146 err = crypto_akcipher_set_priv_key(tfm, vecs->key,
2152 out_len_max = crypto_akcipher_maxsize(tfm);
2153 outbuf_enc = kzalloc(out_len_max, GFP_KERNEL);
2157 if (WARN_ON(vecs->m_size > PAGE_SIZE))
2160 memcpy(xbuf[0], vecs->m, vecs->m_size);
2162 sg_init_table(src_tab, 2);
2163 sg_set_buf(&src_tab[0], xbuf[0], 8);
2164 sg_set_buf(&src_tab[1], xbuf[0] + 8, vecs->m_size - 8);
2165 sg_init_one(&dst, outbuf_enc, out_len_max);
2166 akcipher_request_set_crypt(req, src_tab, &dst, vecs->m_size,
2168 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2169 tcrypt_complete, &result);
2171 /* Run RSA encrypt - c = m^e mod n;*/
2172 err = wait_async_op(&result, crypto_akcipher_encrypt(req));
2174 pr_err("alg: akcipher: encrypt test failed. err %d\n", err);
2177 if (req->dst_len != vecs->c_size) {
2178 pr_err("alg: akcipher: encrypt test failed. Invalid output len\n");
2182 /* verify that encrypted message is equal to expected */
2183 if (memcmp(vecs->c, outbuf_enc, vecs->c_size)) {
2184 pr_err("alg: akcipher: encrypt test failed. Invalid output\n");
2185 hexdump(outbuf_enc, vecs->c_size);
2189 /* Don't invoke decrypt for vectors with public key */
2190 if (vecs->public_key_vec) {
2194 outbuf_dec = kzalloc(out_len_max, GFP_KERNEL);
2200 if (WARN_ON(vecs->c_size > PAGE_SIZE))
2203 memcpy(xbuf[0], vecs->c, vecs->c_size);
2205 sg_init_one(&src, xbuf[0], vecs->c_size);
2206 sg_init_one(&dst, outbuf_dec, out_len_max);
2207 init_completion(&result.completion);
2208 akcipher_request_set_crypt(req, &src, &dst, vecs->c_size, out_len_max);
2210 /* Run RSA decrypt - m = c^d mod n;*/
2211 err = wait_async_op(&result, crypto_akcipher_decrypt(req));
2213 pr_err("alg: akcipher: decrypt test failed. err %d\n", err);
2216 out_len = req->dst_len;
2217 if (out_len < vecs->m_size) {
2218 pr_err("alg: akcipher: decrypt test failed. "
2219 "Invalid output len %u\n", out_len);
2223 /* verify that decrypted message is equal to the original msg */
2224 if (memchr_inv(outbuf_dec, 0, out_len - vecs->m_size) ||
2225 memcmp(vecs->m, outbuf_dec + out_len - vecs->m_size,
2227 pr_err("alg: akcipher: decrypt test failed. Invalid output\n");
2228 hexdump(outbuf_dec, out_len);
2235 akcipher_request_free(req);
2237 testmgr_free_buf(xbuf);
2241 static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,
2242 const struct akcipher_testvec *vecs,
2243 unsigned int tcount)
2246 crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm));
2249 for (i = 0; i < tcount; i++) {
2250 ret = test_akcipher_one(tfm, vecs++);
2254 pr_err("alg: akcipher: test %d failed for %s, err=%d\n",
2261 static int alg_test_akcipher(const struct alg_test_desc *desc,
2262 const char *driver, u32 type, u32 mask)
2264 struct crypto_akcipher *tfm;
2267 tfm = crypto_alloc_akcipher(driver, type, mask);
2269 pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n",
2270 driver, PTR_ERR(tfm));
2271 return PTR_ERR(tfm);
2273 if (desc->suite.akcipher.vecs)
2274 err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs,
2275 desc->suite.akcipher.count);
2277 crypto_free_akcipher(tfm);
2281 static int alg_test_null(const struct alg_test_desc *desc,
2282 const char *driver, u32 type, u32 mask)
2287 #define __VECS(tv) { .vecs = tv, .count = ARRAY_SIZE(tv) }
2289 /* Please keep this list sorted by algorithm name. */
2290 static const struct alg_test_desc alg_test_descs[] = {
2292 .alg = "ansi_cprng",
2293 .test = alg_test_cprng,
2295 .cprng = __VECS(ansi_cprng_aes_tv_template)
2298 .alg = "authenc(hmac(md5),ecb(cipher_null))",
2299 .test = alg_test_aead,
2302 .enc = __VECS(hmac_md5_ecb_cipher_null_enc_tv_template),
2303 .dec = __VECS(hmac_md5_ecb_cipher_null_dec_tv_template)
2307 .alg = "authenc(hmac(sha1),cbc(aes))",
2308 .test = alg_test_aead,
2311 .enc = __VECS(hmac_sha1_aes_cbc_enc_tv_temp)
2315 .alg = "authenc(hmac(sha1),cbc(des))",
2316 .test = alg_test_aead,
2319 .enc = __VECS(hmac_sha1_des_cbc_enc_tv_temp)
2323 .alg = "authenc(hmac(sha1),cbc(des3_ede))",
2324 .test = alg_test_aead,
2328 .enc = __VECS(hmac_sha1_des3_ede_cbc_enc_tv_temp)
2332 .alg = "authenc(hmac(sha1),ctr(aes))",
2333 .test = alg_test_null,
2336 .alg = "authenc(hmac(sha1),ecb(cipher_null))",
2337 .test = alg_test_aead,
2340 .enc = __VECS(hmac_sha1_ecb_cipher_null_enc_tv_temp),
2341 .dec = __VECS(hmac_sha1_ecb_cipher_null_dec_tv_temp)
2345 .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
2346 .test = alg_test_null,
2349 .alg = "authenc(hmac(sha224),cbc(des))",
2350 .test = alg_test_aead,
2353 .enc = __VECS(hmac_sha224_des_cbc_enc_tv_temp)
2357 .alg = "authenc(hmac(sha224),cbc(des3_ede))",
2358 .test = alg_test_aead,
2362 .enc = __VECS(hmac_sha224_des3_ede_cbc_enc_tv_temp)
2366 .alg = "authenc(hmac(sha256),cbc(aes))",
2367 .test = alg_test_aead,
2371 .enc = __VECS(hmac_sha256_aes_cbc_enc_tv_temp)
2375 .alg = "authenc(hmac(sha256),cbc(des))",
2376 .test = alg_test_aead,
2379 .enc = __VECS(hmac_sha256_des_cbc_enc_tv_temp)
2383 .alg = "authenc(hmac(sha256),cbc(des3_ede))",
2384 .test = alg_test_aead,
2388 .enc = __VECS(hmac_sha256_des3_ede_cbc_enc_tv_temp)
2392 .alg = "authenc(hmac(sha256),ctr(aes))",
2393 .test = alg_test_null,
2396 .alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
2397 .test = alg_test_null,
2400 .alg = "authenc(hmac(sha384),cbc(des))",
2401 .test = alg_test_aead,
2404 .enc = __VECS(hmac_sha384_des_cbc_enc_tv_temp)
2408 .alg = "authenc(hmac(sha384),cbc(des3_ede))",
2409 .test = alg_test_aead,
2413 .enc = __VECS(hmac_sha384_des3_ede_cbc_enc_tv_temp)
2417 .alg = "authenc(hmac(sha384),ctr(aes))",
2418 .test = alg_test_null,
2421 .alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
2422 .test = alg_test_null,
2425 .alg = "authenc(hmac(sha512),cbc(aes))",
2427 .test = alg_test_aead,
2430 .enc = __VECS(hmac_sha512_aes_cbc_enc_tv_temp)
2434 .alg = "authenc(hmac(sha512),cbc(des))",
2435 .test = alg_test_aead,
2438 .enc = __VECS(hmac_sha512_des_cbc_enc_tv_temp)
2442 .alg = "authenc(hmac(sha512),cbc(des3_ede))",
2443 .test = alg_test_aead,
2447 .enc = __VECS(hmac_sha512_des3_ede_cbc_enc_tv_temp)
2451 .alg = "authenc(hmac(sha512),ctr(aes))",
2452 .test = alg_test_null,
2455 .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
2456 .test = alg_test_null,
2460 .test = alg_test_skcipher,
2464 .enc = __VECS(aes_cbc_enc_tv_template),
2465 .dec = __VECS(aes_cbc_dec_tv_template)
2469 .alg = "cbc(anubis)",
2470 .test = alg_test_skcipher,
2473 .enc = __VECS(anubis_cbc_enc_tv_template),
2474 .dec = __VECS(anubis_cbc_dec_tv_template)
2478 .alg = "cbc(blowfish)",
2479 .test = alg_test_skcipher,
2482 .enc = __VECS(bf_cbc_enc_tv_template),
2483 .dec = __VECS(bf_cbc_dec_tv_template)
2487 .alg = "cbc(camellia)",
2488 .test = alg_test_skcipher,
2491 .enc = __VECS(camellia_cbc_enc_tv_template),
2492 .dec = __VECS(camellia_cbc_dec_tv_template)
2496 .alg = "cbc(cast5)",
2497 .test = alg_test_skcipher,
2500 .enc = __VECS(cast5_cbc_enc_tv_template),
2501 .dec = __VECS(cast5_cbc_dec_tv_template)
2505 .alg = "cbc(cast6)",
2506 .test = alg_test_skcipher,
2509 .enc = __VECS(cast6_cbc_enc_tv_template),
2510 .dec = __VECS(cast6_cbc_dec_tv_template)
2515 .test = alg_test_skcipher,
2518 .enc = __VECS(des_cbc_enc_tv_template),
2519 .dec = __VECS(des_cbc_dec_tv_template)
2523 .alg = "cbc(des3_ede)",
2524 .test = alg_test_skcipher,
2528 .enc = __VECS(des3_ede_cbc_enc_tv_template),
2529 .dec = __VECS(des3_ede_cbc_dec_tv_template)
2533 .alg = "cbc(serpent)",
2534 .test = alg_test_skcipher,
2537 .enc = __VECS(serpent_cbc_enc_tv_template),
2538 .dec = __VECS(serpent_cbc_dec_tv_template)
2542 .alg = "cbc(twofish)",
2543 .test = alg_test_skcipher,
2546 .enc = __VECS(tf_cbc_enc_tv_template),
2547 .dec = __VECS(tf_cbc_dec_tv_template)
2551 .alg = "cbcmac(aes)",
2553 .test = alg_test_hash,
2555 .hash = __VECS(aes_cbcmac_tv_template)
2559 .test = alg_test_aead,
2563 .enc = __VECS(aes_ccm_enc_tv_template),
2564 .dec = __VECS(aes_ccm_dec_tv_template)
2569 .test = alg_test_skcipher,
2572 .enc = __VECS(chacha20_enc_tv_template),
2573 .dec = __VECS(chacha20_enc_tv_template),
2579 .test = alg_test_hash,
2581 .hash = __VECS(aes_cmac128_tv_template)
2584 .alg = "cmac(des3_ede)",
2586 .test = alg_test_hash,
2588 .hash = __VECS(des3_ede_cmac64_tv_template)
2591 .alg = "compress_null",
2592 .test = alg_test_null,
2595 .test = alg_test_hash,
2597 .hash = __VECS(crc32_tv_template)
2601 .test = alg_test_crc32c,
2604 .hash = __VECS(crc32c_tv_template)
2608 .test = alg_test_hash,
2611 .hash = __VECS(crct10dif_tv_template)
2615 .test = alg_test_skcipher,
2619 .enc = __VECS(aes_ctr_enc_tv_template),
2620 .dec = __VECS(aes_ctr_dec_tv_template)
2624 .alg = "ctr(blowfish)",
2625 .test = alg_test_skcipher,
2628 .enc = __VECS(bf_ctr_enc_tv_template),
2629 .dec = __VECS(bf_ctr_dec_tv_template)
2633 .alg = "ctr(camellia)",
2634 .test = alg_test_skcipher,
2637 .enc = __VECS(camellia_ctr_enc_tv_template),
2638 .dec = __VECS(camellia_ctr_dec_tv_template)
2642 .alg = "ctr(cast5)",
2643 .test = alg_test_skcipher,
2646 .enc = __VECS(cast5_ctr_enc_tv_template),
2647 .dec = __VECS(cast5_ctr_dec_tv_template)
2651 .alg = "ctr(cast6)",
2652 .test = alg_test_skcipher,
2655 .enc = __VECS(cast6_ctr_enc_tv_template),
2656 .dec = __VECS(cast6_ctr_dec_tv_template)
2661 .test = alg_test_skcipher,
2664 .enc = __VECS(des_ctr_enc_tv_template),
2665 .dec = __VECS(des_ctr_dec_tv_template)
2669 .alg = "ctr(des3_ede)",
2670 .test = alg_test_skcipher,
2674 .enc = __VECS(des3_ede_ctr_enc_tv_template),
2675 .dec = __VECS(des3_ede_ctr_dec_tv_template)
2679 .alg = "ctr(serpent)",
2680 .test = alg_test_skcipher,
2683 .enc = __VECS(serpent_ctr_enc_tv_template),
2684 .dec = __VECS(serpent_ctr_dec_tv_template)
2688 .alg = "ctr(twofish)",
2689 .test = alg_test_skcipher,
2692 .enc = __VECS(tf_ctr_enc_tv_template),
2693 .dec = __VECS(tf_ctr_dec_tv_template)
2697 .alg = "cts(cbc(aes))",
2698 .test = alg_test_skcipher,
2701 .enc = __VECS(cts_mode_enc_tv_template),
2702 .dec = __VECS(cts_mode_dec_tv_template)
2707 .test = alg_test_comp,
2711 .comp = __VECS(deflate_comp_tv_template),
2712 .decomp = __VECS(deflate_decomp_tv_template)
2717 .test = alg_test_kpp,
2720 .kpp = __VECS(dh_tv_template)
2723 .alg = "digest_null",
2724 .test = alg_test_null,
2726 .alg = "drbg_nopr_ctr_aes128",
2727 .test = alg_test_drbg,
2730 .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template)
2733 .alg = "drbg_nopr_ctr_aes192",
2734 .test = alg_test_drbg,
2737 .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template)
2740 .alg = "drbg_nopr_ctr_aes256",
2741 .test = alg_test_drbg,
2744 .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template)
2748 * There is no need to specifically test the DRBG with every
2749 * backend cipher -- covered by drbg_nopr_hmac_sha256 test
2751 .alg = "drbg_nopr_hmac_sha1",
2753 .test = alg_test_null,
2755 .alg = "drbg_nopr_hmac_sha256",
2756 .test = alg_test_drbg,
2759 .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template)
2762 /* covered by drbg_nopr_hmac_sha256 test */
2763 .alg = "drbg_nopr_hmac_sha384",
2765 .test = alg_test_null,
2767 .alg = "drbg_nopr_hmac_sha512",
2768 .test = alg_test_null,
2771 .alg = "drbg_nopr_sha1",
2773 .test = alg_test_null,
2775 .alg = "drbg_nopr_sha256",
2776 .test = alg_test_drbg,
2779 .drbg = __VECS(drbg_nopr_sha256_tv_template)
2782 /* covered by drbg_nopr_sha256 test */
2783 .alg = "drbg_nopr_sha384",
2785 .test = alg_test_null,
2787 .alg = "drbg_nopr_sha512",
2789 .test = alg_test_null,
2791 .alg = "drbg_pr_ctr_aes128",
2792 .test = alg_test_drbg,
2795 .drbg = __VECS(drbg_pr_ctr_aes128_tv_template)
2798 /* covered by drbg_pr_ctr_aes128 test */
2799 .alg = "drbg_pr_ctr_aes192",
2801 .test = alg_test_null,
2803 .alg = "drbg_pr_ctr_aes256",
2805 .test = alg_test_null,
2807 .alg = "drbg_pr_hmac_sha1",
2809 .test = alg_test_null,
2811 .alg = "drbg_pr_hmac_sha256",
2812 .test = alg_test_drbg,
2815 .drbg = __VECS(drbg_pr_hmac_sha256_tv_template)
2818 /* covered by drbg_pr_hmac_sha256 test */
2819 .alg = "drbg_pr_hmac_sha384",
2821 .test = alg_test_null,
2823 .alg = "drbg_pr_hmac_sha512",
2824 .test = alg_test_null,
2827 .alg = "drbg_pr_sha1",
2829 .test = alg_test_null,
2831 .alg = "drbg_pr_sha256",
2832 .test = alg_test_drbg,
2835 .drbg = __VECS(drbg_pr_sha256_tv_template)
2838 /* covered by drbg_pr_sha256 test */
2839 .alg = "drbg_pr_sha384",
2841 .test = alg_test_null,
2843 .alg = "drbg_pr_sha512",
2845 .test = alg_test_null,
2848 .test = alg_test_skcipher,
2852 .enc = __VECS(aes_enc_tv_template),
2853 .dec = __VECS(aes_dec_tv_template)
2857 .alg = "ecb(anubis)",
2858 .test = alg_test_skcipher,
2861 .enc = __VECS(anubis_enc_tv_template),
2862 .dec = __VECS(anubis_dec_tv_template)
2867 .test = alg_test_skcipher,
2870 .enc = __VECS(arc4_enc_tv_template),
2871 .dec = __VECS(arc4_dec_tv_template)
2875 .alg = "ecb(blowfish)",
2876 .test = alg_test_skcipher,
2879 .enc = __VECS(bf_enc_tv_template),
2880 .dec = __VECS(bf_dec_tv_template)
2884 .alg = "ecb(camellia)",
2885 .test = alg_test_skcipher,
2888 .enc = __VECS(camellia_enc_tv_template),
2889 .dec = __VECS(camellia_dec_tv_template)
2893 .alg = "ecb(cast5)",
2894 .test = alg_test_skcipher,
2897 .enc = __VECS(cast5_enc_tv_template),
2898 .dec = __VECS(cast5_dec_tv_template)
2902 .alg = "ecb(cast6)",
2903 .test = alg_test_skcipher,
2906 .enc = __VECS(cast6_enc_tv_template),
2907 .dec = __VECS(cast6_dec_tv_template)
2911 .alg = "ecb(cipher_null)",
2912 .test = alg_test_null,
2916 .test = alg_test_skcipher,
2919 .enc = __VECS(des_enc_tv_template),
2920 .dec = __VECS(des_dec_tv_template)
2924 .alg = "ecb(des3_ede)",
2925 .test = alg_test_skcipher,
2929 .enc = __VECS(des3_ede_enc_tv_template),
2930 .dec = __VECS(des3_ede_dec_tv_template)
2934 .alg = "ecb(fcrypt)",
2935 .test = alg_test_skcipher,
2939 .vecs = fcrypt_pcbc_enc_tv_template,
2943 .vecs = fcrypt_pcbc_dec_tv_template,
2949 .alg = "ecb(khazad)",
2950 .test = alg_test_skcipher,
2953 .enc = __VECS(khazad_enc_tv_template),
2954 .dec = __VECS(khazad_dec_tv_template)
2959 .test = alg_test_skcipher,
2962 .enc = __VECS(seed_enc_tv_template),
2963 .dec = __VECS(seed_dec_tv_template)
2967 .alg = "ecb(serpent)",
2968 .test = alg_test_skcipher,
2971 .enc = __VECS(serpent_enc_tv_template),
2972 .dec = __VECS(serpent_dec_tv_template)
2977 .test = alg_test_skcipher,
2980 .enc = __VECS(tea_enc_tv_template),
2981 .dec = __VECS(tea_dec_tv_template)
2985 .alg = "ecb(tnepres)",
2986 .test = alg_test_skcipher,
2989 .enc = __VECS(tnepres_enc_tv_template),
2990 .dec = __VECS(tnepres_dec_tv_template)
2994 .alg = "ecb(twofish)",
2995 .test = alg_test_skcipher,
2998 .enc = __VECS(tf_enc_tv_template),
2999 .dec = __VECS(tf_dec_tv_template)
3004 .test = alg_test_skcipher,
3007 .enc = __VECS(xeta_enc_tv_template),
3008 .dec = __VECS(xeta_dec_tv_template)
3013 .test = alg_test_skcipher,
3016 .enc = __VECS(xtea_enc_tv_template),
3017 .dec = __VECS(xtea_dec_tv_template)
3022 .test = alg_test_kpp,
3025 .kpp = __VECS(ecdh_tv_template)
3029 .test = alg_test_aead,
3033 .enc = __VECS(aes_gcm_enc_tv_template),
3034 .dec = __VECS(aes_gcm_dec_tv_template)
3039 .test = alg_test_hash,
3042 .hash = __VECS(ghash_tv_template)
3045 .alg = "hmac(crc32)",
3046 .test = alg_test_hash,
3048 .hash = __VECS(bfin_crc_tv_template)
3052 .test = alg_test_hash,
3054 .hash = __VECS(hmac_md5_tv_template)
3057 .alg = "hmac(rmd128)",
3058 .test = alg_test_hash,
3060 .hash = __VECS(hmac_rmd128_tv_template)
3063 .alg = "hmac(rmd160)",
3064 .test = alg_test_hash,
3066 .hash = __VECS(hmac_rmd160_tv_template)
3069 .alg = "hmac(sha1)",
3070 .test = alg_test_hash,
3073 .hash = __VECS(hmac_sha1_tv_template)
3076 .alg = "hmac(sha224)",
3077 .test = alg_test_hash,
3080 .hash = __VECS(hmac_sha224_tv_template)
3083 .alg = "hmac(sha256)",
3084 .test = alg_test_hash,
3087 .hash = __VECS(hmac_sha256_tv_template)
3090 .alg = "hmac(sha3-224)",
3091 .test = alg_test_hash,
3094 .hash = __VECS(hmac_sha3_224_tv_template)
3097 .alg = "hmac(sha3-256)",
3098 .test = alg_test_hash,
3101 .hash = __VECS(hmac_sha3_256_tv_template)
3104 .alg = "hmac(sha3-384)",
3105 .test = alg_test_hash,
3108 .hash = __VECS(hmac_sha3_384_tv_template)
3111 .alg = "hmac(sha3-512)",
3112 .test = alg_test_hash,
3115 .hash = __VECS(hmac_sha3_512_tv_template)
3118 .alg = "hmac(sha384)",
3119 .test = alg_test_hash,
3122 .hash = __VECS(hmac_sha384_tv_template)
3125 .alg = "hmac(sha512)",
3126 .test = alg_test_hash,
3129 .hash = __VECS(hmac_sha512_tv_template)
3132 .alg = "jitterentropy_rng",
3134 .test = alg_test_null,
3137 .test = alg_test_skcipher,
3141 .enc = __VECS(aes_kw_enc_tv_template),
3142 .dec = __VECS(aes_kw_dec_tv_template)
3147 .test = alg_test_skcipher,
3150 .enc = __VECS(aes_lrw_enc_tv_template),
3151 .dec = __VECS(aes_lrw_dec_tv_template)
3155 .alg = "lrw(camellia)",
3156 .test = alg_test_skcipher,
3159 .enc = __VECS(camellia_lrw_enc_tv_template),
3160 .dec = __VECS(camellia_lrw_dec_tv_template)
3164 .alg = "lrw(cast6)",
3165 .test = alg_test_skcipher,
3168 .enc = __VECS(cast6_lrw_enc_tv_template),
3169 .dec = __VECS(cast6_lrw_dec_tv_template)
3173 .alg = "lrw(serpent)",
3174 .test = alg_test_skcipher,
3177 .enc = __VECS(serpent_lrw_enc_tv_template),
3178 .dec = __VECS(serpent_lrw_dec_tv_template)
3182 .alg = "lrw(twofish)",
3183 .test = alg_test_skcipher,
3186 .enc = __VECS(tf_lrw_enc_tv_template),
3187 .dec = __VECS(tf_lrw_dec_tv_template)
3192 .test = alg_test_comp,
3196 .comp = __VECS(lz4_comp_tv_template),
3197 .decomp = __VECS(lz4_decomp_tv_template)
3202 .test = alg_test_comp,
3206 .comp = __VECS(lz4hc_comp_tv_template),
3207 .decomp = __VECS(lz4hc_decomp_tv_template)
3212 .test = alg_test_comp,
3216 .comp = __VECS(lzo_comp_tv_template),
3217 .decomp = __VECS(lzo_decomp_tv_template)
3222 .test = alg_test_hash,
3224 .hash = __VECS(md4_tv_template)
3228 .test = alg_test_hash,
3230 .hash = __VECS(md5_tv_template)
3233 .alg = "michael_mic",
3234 .test = alg_test_hash,
3236 .hash = __VECS(michael_mic_tv_template)
3240 .test = alg_test_skcipher,
3244 .enc = __VECS(aes_ofb_enc_tv_template),
3245 .dec = __VECS(aes_ofb_dec_tv_template)
3249 .alg = "pcbc(fcrypt)",
3250 .test = alg_test_skcipher,
3253 .enc = __VECS(fcrypt_pcbc_enc_tv_template),
3254 .dec = __VECS(fcrypt_pcbc_dec_tv_template)
3259 .test = alg_test_hash,
3261 .hash = __VECS(poly1305_tv_template)
3264 .alg = "rfc3686(ctr(aes))",
3265 .test = alg_test_skcipher,
3269 .enc = __VECS(aes_ctr_rfc3686_enc_tv_template),
3270 .dec = __VECS(aes_ctr_rfc3686_dec_tv_template)
3274 .alg = "rfc4106(gcm(aes))",
3275 .test = alg_test_aead,
3279 .enc = __VECS(aes_gcm_rfc4106_enc_tv_template),
3280 .dec = __VECS(aes_gcm_rfc4106_dec_tv_template)
3284 .alg = "rfc4309(ccm(aes))",
3285 .test = alg_test_aead,
3289 .enc = __VECS(aes_ccm_rfc4309_enc_tv_template),
3290 .dec = __VECS(aes_ccm_rfc4309_dec_tv_template)
3294 .alg = "rfc4543(gcm(aes))",
3295 .test = alg_test_aead,
3298 .enc = __VECS(aes_gcm_rfc4543_enc_tv_template),
3299 .dec = __VECS(aes_gcm_rfc4543_dec_tv_template),
3303 .alg = "rfc7539(chacha20,poly1305)",
3304 .test = alg_test_aead,
3307 .enc = __VECS(rfc7539_enc_tv_template),
3308 .dec = __VECS(rfc7539_dec_tv_template),
3312 .alg = "rfc7539esp(chacha20,poly1305)",
3313 .test = alg_test_aead,
3316 .enc = __VECS(rfc7539esp_enc_tv_template),
3317 .dec = __VECS(rfc7539esp_dec_tv_template),
3322 .test = alg_test_hash,
3324 .hash = __VECS(rmd128_tv_template)
3328 .test = alg_test_hash,
3330 .hash = __VECS(rmd160_tv_template)
3334 .test = alg_test_hash,
3336 .hash = __VECS(rmd256_tv_template)
3340 .test = alg_test_hash,
3342 .hash = __VECS(rmd320_tv_template)
3346 .test = alg_test_akcipher,
3349 .akcipher = __VECS(rsa_tv_template)
3353 .test = alg_test_skcipher,
3356 .enc = __VECS(salsa20_stream_enc_tv_template)
3361 .test = alg_test_hash,
3364 .hash = __VECS(sha1_tv_template)
3368 .test = alg_test_hash,
3371 .hash = __VECS(sha224_tv_template)
3375 .test = alg_test_hash,
3378 .hash = __VECS(sha256_tv_template)
3382 .test = alg_test_hash,
3385 .hash = __VECS(sha3_224_tv_template)
3389 .test = alg_test_hash,
3392 .hash = __VECS(sha3_256_tv_template)
3396 .test = alg_test_hash,
3399 .hash = __VECS(sha3_384_tv_template)
3403 .test = alg_test_hash,
3406 .hash = __VECS(sha3_512_tv_template)
3410 .test = alg_test_hash,
3413 .hash = __VECS(sha384_tv_template)
3417 .test = alg_test_hash,
3420 .hash = __VECS(sha512_tv_template)
3424 .test = alg_test_hash,
3426 .hash = __VECS(tgr128_tv_template)
3430 .test = alg_test_hash,
3432 .hash = __VECS(tgr160_tv_template)
3436 .test = alg_test_hash,
3438 .hash = __VECS(tgr192_tv_template)
3442 .test = alg_test_hash,
3444 .hash = __VECS(aes_vmac128_tv_template)
3448 .test = alg_test_hash,
3450 .hash = __VECS(wp256_tv_template)
3454 .test = alg_test_hash,
3456 .hash = __VECS(wp384_tv_template)
3460 .test = alg_test_hash,
3462 .hash = __VECS(wp512_tv_template)
3466 .test = alg_test_hash,
3468 .hash = __VECS(aes_xcbc128_tv_template)
3472 .test = alg_test_skcipher,
3476 .enc = __VECS(aes_xts_enc_tv_template),
3477 .dec = __VECS(aes_xts_dec_tv_template)
3481 .alg = "xts(camellia)",
3482 .test = alg_test_skcipher,
3485 .enc = __VECS(camellia_xts_enc_tv_template),
3486 .dec = __VECS(camellia_xts_dec_tv_template)
3490 .alg = "xts(cast6)",
3491 .test = alg_test_skcipher,
3494 .enc = __VECS(cast6_xts_enc_tv_template),
3495 .dec = __VECS(cast6_xts_dec_tv_template)
3499 .alg = "xts(serpent)",
3500 .test = alg_test_skcipher,
3503 .enc = __VECS(serpent_xts_enc_tv_template),
3504 .dec = __VECS(serpent_xts_dec_tv_template)
3508 .alg = "xts(twofish)",
3509 .test = alg_test_skcipher,
3512 .enc = __VECS(tf_xts_enc_tv_template),
3513 .dec = __VECS(tf_xts_dec_tv_template)
3517 .alg = "zlib-deflate",
3518 .test = alg_test_comp,
3522 .comp = __VECS(zlib_deflate_comp_tv_template),
3523 .decomp = __VECS(zlib_deflate_decomp_tv_template)
3529 static bool alg_test_descs_checked;
3531 static void alg_test_descs_check_order(void)
3535 /* only check once */
3536 if (alg_test_descs_checked)
3539 alg_test_descs_checked = true;
3541 for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) {
3542 int diff = strcmp(alg_test_descs[i - 1].alg,
3543 alg_test_descs[i].alg);
3545 if (WARN_ON(diff > 0)) {
3546 pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n",
3547 alg_test_descs[i - 1].alg,
3548 alg_test_descs[i].alg);
3551 if (WARN_ON(diff == 0)) {
3552 pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n",
3553 alg_test_descs[i].alg);
3558 static int alg_find_test(const char *alg)
3561 int end = ARRAY_SIZE(alg_test_descs);
3563 while (start < end) {
3564 int i = (start + end) / 2;
3565 int diff = strcmp(alg_test_descs[i].alg, alg);
3583 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
3589 if (!fips_enabled && notests) {
3590 printk_once(KERN_INFO "alg: self-tests disabled\n");
3594 alg_test_descs_check_order();
3596 if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
3597 char nalg[CRYPTO_MAX_ALG_NAME];
3599 if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >=
3601 return -ENAMETOOLONG;
3603 i = alg_find_test(nalg);
3607 if (fips_enabled && !alg_test_descs[i].fips_allowed)
3610 rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
3614 i = alg_find_test(alg);
3615 j = alg_find_test(driver);
3619 if (fips_enabled && ((i >= 0 && !alg_test_descs[i].fips_allowed) ||
3620 (j >= 0 && !alg_test_descs[j].fips_allowed)))
3625 rc |= alg_test_descs[i].test(alg_test_descs + i, driver,
3627 if (j >= 0 && j != i)
3628 rc |= alg_test_descs[j].test(alg_test_descs + j, driver,
3632 if (fips_enabled && rc)
3633 panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
3635 if (fips_enabled && !rc)
3636 pr_info("alg: self-tests for %s (%s) passed\n", driver, alg);
3641 printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
3647 #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */
3649 EXPORT_SYMBOL_GPL(alg_test);
projects / karo-tx-linux.git / blob