2 * Algorithm testing framework and tests.
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
6 * Copyright (c) 2007 Nokia Siemens Networks
7 * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
9 * Updated RFC4106 AES-GCM testing.
10 * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com)
11 * Adrian Hoban <adrian.hoban@intel.com>
12 * Gabriele Paoloni <gabriele.paoloni@intel.com>
13 * Tadeusz Struk (tadeusz.struk@intel.com)
14 * Copyright (c) 2010, Intel Corporation.
16 * This program is free software; you can redistribute it and/or modify it
17 * under the terms of the GNU General Public License as published by the Free
18 * Software Foundation; either version 2 of the License, or (at your option)
23 #include <crypto/aead.h>
24 #include <crypto/hash.h>
25 #include <crypto/skcipher.h>
26 #include <linux/err.h>
27 #include <linux/fips.h>
28 #include <linux/module.h>
29 #include <linux/scatterlist.h>
30 #include <linux/slab.h>
31 #include <linux/string.h>
32 #include <crypto/rng.h>
33 #include <crypto/drbg.h>
34 #include <crypto/akcipher.h>
35 #include <crypto/kpp.h>
36 #include <crypto/acompress.h>
41 module_param(notests, bool, 0644);
42 MODULE_PARM_DESC(notests, "disable crypto self-tests");
44 #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
47 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
57 * Need slab memory for testing (size in number of pages).
62 * Indexes into the xbuf to simulate cross-page access.
74 * Used by test_cipher()
79 struct tcrypt_result {
80 struct completion completion;
84 struct aead_test_suite {
86 const struct aead_testvec *vecs;
91 struct cipher_test_suite {
93 const struct cipher_testvec *vecs;
98 struct comp_test_suite {
100 const struct comp_testvec *vecs;
105 struct hash_test_suite {
106 const struct hash_testvec *vecs;
110 struct cprng_test_suite {
111 const struct cprng_testvec *vecs;
115 struct drbg_test_suite {
116 const struct drbg_testvec *vecs;
120 struct akcipher_test_suite {
121 const struct akcipher_testvec *vecs;
125 struct kpp_test_suite {
126 const struct kpp_testvec *vecs;
130 struct alg_test_desc {
132 int (*test)(const struct alg_test_desc *desc, const char *driver,
134 int fips_allowed; /* set if alg is allowed in fips mode */
137 struct aead_test_suite aead;
138 struct cipher_test_suite cipher;
139 struct comp_test_suite comp;
140 struct hash_test_suite hash;
141 struct cprng_test_suite cprng;
142 struct drbg_test_suite drbg;
143 struct akcipher_test_suite akcipher;
144 struct kpp_test_suite kpp;
148 static const unsigned int IDX[8] = {
149 IDX1, IDX2, IDX3, IDX4, IDX5, IDX6, IDX7, IDX8 };
151 static void hexdump(unsigned char *buf, unsigned int len)
153 print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
158 static void tcrypt_complete(struct crypto_async_request *req, int err)
160 struct tcrypt_result *res = req->data;
162 if (err == -EINPROGRESS)
166 complete(&res->completion);
169 static int testmgr_alloc_buf(char *buf[XBUFSIZE])
173 for (i = 0; i < XBUFSIZE; i++) {
174 buf[i] = (void *)__get_free_page(GFP_KERNEL);
183 free_page((unsigned long)buf[i]);
188 static void testmgr_free_buf(char *buf[XBUFSIZE])
192 for (i = 0; i < XBUFSIZE; i++)
193 free_page((unsigned long)buf[i]);
196 static int wait_async_op(struct tcrypt_result *tr, int ret)
198 if (ret == -EINPROGRESS || ret == -EBUSY) {
199 wait_for_completion(&tr->completion);
200 reinit_completion(&tr->completion);
206 static int ahash_partial_update(struct ahash_request **preq,
207 struct crypto_ahash *tfm, const struct hash_testvec *template,
208 void *hash_buff, int k, int temp, struct scatterlist *sg,
209 const char *algo, char *result, struct tcrypt_result *tresult)
212 struct ahash_request *req;
213 int statesize, ret = -EINVAL;
214 const char guard[] = { 0x00, 0xba, 0xad, 0x00 };
217 statesize = crypto_ahash_statesize(
218 crypto_ahash_reqtfm(req));
219 state = kmalloc(statesize + sizeof(guard), GFP_KERNEL);
221 pr_err("alg: hash: Failed to alloc state for %s\n", algo);
224 memcpy(state + statesize, guard, sizeof(guard));
225 ret = crypto_ahash_export(req, state);
226 WARN_ON(memcmp(state + statesize, guard, sizeof(guard)));
228 pr_err("alg: hash: Failed to export() for %s\n", algo);
231 ahash_request_free(req);
232 req = ahash_request_alloc(tfm, GFP_KERNEL);
234 pr_err("alg: hash: Failed to alloc request for %s\n", algo);
237 ahash_request_set_callback(req,
238 CRYPTO_TFM_REQ_MAY_BACKLOG,
239 tcrypt_complete, tresult);
241 memcpy(hash_buff, template->plaintext + temp,
243 sg_init_one(&sg[0], hash_buff, template->tap[k]);
244 ahash_request_set_crypt(req, sg, result, template->tap[k]);
245 ret = crypto_ahash_import(req, state);
247 pr_err("alg: hash: Failed to import() for %s\n", algo);
250 ret = wait_async_op(tresult, crypto_ahash_update(req));
257 ahash_request_free(req);
264 static int __test_hash(struct crypto_ahash *tfm,
265 const struct hash_testvec *template, unsigned int tcount,
266 bool use_digest, const int align_offset)
268 const char *algo = crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
269 size_t digest_size = crypto_ahash_digestsize(tfm);
270 unsigned int i, j, k, temp;
271 struct scatterlist sg[8];
274 struct ahash_request *req;
275 struct tcrypt_result tresult;
277 char *xbuf[XBUFSIZE];
280 result = kmalloc(digest_size, GFP_KERNEL);
283 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
286 if (testmgr_alloc_buf(xbuf))
289 init_completion(&tresult.completion);
291 req = ahash_request_alloc(tfm, GFP_KERNEL);
293 printk(KERN_ERR "alg: hash: Failed to allocate request for "
297 ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
298 tcrypt_complete, &tresult);
301 for (i = 0; i < tcount; i++) {
306 if (WARN_ON(align_offset + template[i].psize > PAGE_SIZE))
310 memset(result, 0, digest_size);
313 hash_buff += align_offset;
315 memcpy(hash_buff, template[i].plaintext, template[i].psize);
316 sg_init_one(&sg[0], hash_buff, template[i].psize);
318 if (template[i].ksize) {
319 crypto_ahash_clear_flags(tfm, ~0);
320 if (template[i].ksize > MAX_KEYLEN) {
321 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
322 j, algo, template[i].ksize, MAX_KEYLEN);
326 memcpy(key, template[i].key, template[i].ksize);
327 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
329 printk(KERN_ERR "alg: hash: setkey failed on "
330 "test %d for %s: ret=%d\n", j, algo,
336 ahash_request_set_crypt(req, sg, result, template[i].psize);
338 ret = wait_async_op(&tresult, crypto_ahash_digest(req));
340 pr_err("alg: hash: digest failed on test %d "
341 "for %s: ret=%d\n", j, algo, -ret);
345 ret = wait_async_op(&tresult, crypto_ahash_init(req));
347 pr_err("alg: hash: init failed on test %d "
348 "for %s: ret=%d\n", j, algo, -ret);
351 ret = wait_async_op(&tresult, crypto_ahash_update(req));
353 pr_err("alg: hash: update failed on test %d "
354 "for %s: ret=%d\n", j, algo, -ret);
357 ret = wait_async_op(&tresult, crypto_ahash_final(req));
359 pr_err("alg: hash: final failed on test %d "
360 "for %s: ret=%d\n", j, algo, -ret);
365 if (memcmp(result, template[i].digest,
366 crypto_ahash_digestsize(tfm))) {
367 printk(KERN_ERR "alg: hash: Test %d failed for %s\n",
369 hexdump(result, crypto_ahash_digestsize(tfm));
376 for (i = 0; i < tcount; i++) {
377 /* alignment tests are only done with continuous buffers */
378 if (align_offset != 0)
385 memset(result, 0, digest_size);
388 sg_init_table(sg, template[i].np);
390 for (k = 0; k < template[i].np; k++) {
391 if (WARN_ON(offset_in_page(IDX[k]) +
392 template[i].tap[k] > PAGE_SIZE))
395 memcpy(xbuf[IDX[k] >> PAGE_SHIFT] +
396 offset_in_page(IDX[k]),
397 template[i].plaintext + temp,
400 temp += template[i].tap[k];
403 if (template[i].ksize) {
404 if (template[i].ksize > MAX_KEYLEN) {
405 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
406 j, algo, template[i].ksize, MAX_KEYLEN);
410 crypto_ahash_clear_flags(tfm, ~0);
411 memcpy(key, template[i].key, template[i].ksize);
412 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
415 printk(KERN_ERR "alg: hash: setkey "
416 "failed on chunking test %d "
417 "for %s: ret=%d\n", j, algo, -ret);
422 ahash_request_set_crypt(req, sg, result, template[i].psize);
423 ret = crypto_ahash_digest(req);
429 wait_for_completion(&tresult.completion);
430 reinit_completion(&tresult.completion);
436 printk(KERN_ERR "alg: hash: digest failed "
437 "on chunking test %d for %s: "
438 "ret=%d\n", j, algo, -ret);
442 if (memcmp(result, template[i].digest,
443 crypto_ahash_digestsize(tfm))) {
444 printk(KERN_ERR "alg: hash: Chunking test %d "
445 "failed for %s\n", j, algo);
446 hexdump(result, crypto_ahash_digestsize(tfm));
452 /* partial update exercise */
454 for (i = 0; i < tcount; i++) {
455 /* alignment tests are only done with continuous buffers */
456 if (align_offset != 0)
459 if (template[i].np < 2)
463 memset(result, 0, digest_size);
467 memcpy(hash_buff, template[i].plaintext,
469 sg_init_one(&sg[0], hash_buff, template[i].tap[0]);
471 if (template[i].ksize) {
472 crypto_ahash_clear_flags(tfm, ~0);
473 if (template[i].ksize > MAX_KEYLEN) {
474 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
475 j, algo, template[i].ksize, MAX_KEYLEN);
479 memcpy(key, template[i].key, template[i].ksize);
480 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
482 pr_err("alg: hash: setkey failed on test %d for %s: ret=%d\n",
488 ahash_request_set_crypt(req, sg, result, template[i].tap[0]);
489 ret = wait_async_op(&tresult, crypto_ahash_init(req));
491 pr_err("alg: hash: init failed on test %d for %s: ret=%d\n",
495 ret = wait_async_op(&tresult, crypto_ahash_update(req));
497 pr_err("alg: hash: update failed on test %d for %s: ret=%d\n",
502 temp = template[i].tap[0];
503 for (k = 1; k < template[i].np; k++) {
504 ret = ahash_partial_update(&req, tfm, &template[i],
505 hash_buff, k, temp, &sg[0], algo, result,
508 pr_err("alg: hash: partial update failed on test %d for %s: ret=%d\n",
512 temp += template[i].tap[k];
514 ret = wait_async_op(&tresult, crypto_ahash_final(req));
516 pr_err("alg: hash: final failed on test %d for %s: ret=%d\n",
520 if (memcmp(result, template[i].digest,
521 crypto_ahash_digestsize(tfm))) {
522 pr_err("alg: hash: Partial Test %d failed for %s\n",
524 hexdump(result, crypto_ahash_digestsize(tfm));
533 ahash_request_free(req);
535 testmgr_free_buf(xbuf);
542 static int test_hash(struct crypto_ahash *tfm,
543 const struct hash_testvec *template,
544 unsigned int tcount, bool use_digest)
546 unsigned int alignmask;
549 ret = __test_hash(tfm, template, tcount, use_digest, 0);
553 /* test unaligned buffers, check with one byte offset */
554 ret = __test_hash(tfm, template, tcount, use_digest, 1);
558 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
560 /* Check if alignment mask for tfm is correctly set. */
561 ret = __test_hash(tfm, template, tcount, use_digest,
570 static int __test_aead(struct crypto_aead *tfm, int enc,
571 const struct aead_testvec *template, unsigned int tcount,
572 const bool diff_dst, const int align_offset)
574 const char *algo = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
575 unsigned int i, j, k, n, temp;
579 struct aead_request *req;
580 struct scatterlist *sg;
581 struct scatterlist *sgout;
583 struct tcrypt_result result;
584 unsigned int authsize, iv_len;
589 char *xbuf[XBUFSIZE];
590 char *xoutbuf[XBUFSIZE];
591 char *axbuf[XBUFSIZE];
593 iv = kzalloc(MAX_IVLEN, GFP_KERNEL);
596 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
599 if (testmgr_alloc_buf(xbuf))
601 if (testmgr_alloc_buf(axbuf))
603 if (diff_dst && testmgr_alloc_buf(xoutbuf))
606 /* avoid "the frame size is larger than 1024 bytes" compiler warning */
607 sg = kmalloc(sizeof(*sg) * 8 * (diff_dst ? 4 : 2), GFP_KERNEL);
622 init_completion(&result.completion);
624 req = aead_request_alloc(tfm, GFP_KERNEL);
626 pr_err("alg: aead%s: Failed to allocate request for %s\n",
631 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
632 tcrypt_complete, &result);
634 iv_len = crypto_aead_ivsize(tfm);
636 for (i = 0, j = 0; i < tcount; i++) {
642 /* some templates have no input data but they will
646 input += align_offset;
650 if (WARN_ON(align_offset + template[i].ilen >
651 PAGE_SIZE || template[i].alen > PAGE_SIZE))
654 memcpy(input, template[i].input, template[i].ilen);
655 memcpy(assoc, template[i].assoc, template[i].alen);
657 memcpy(iv, template[i].iv, iv_len);
659 memset(iv, 0, iv_len);
661 crypto_aead_clear_flags(tfm, ~0);
663 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
665 if (template[i].klen > MAX_KEYLEN) {
666 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
667 d, j, algo, template[i].klen,
672 memcpy(key, template[i].key, template[i].klen);
674 ret = crypto_aead_setkey(tfm, key, template[i].klen);
675 if (template[i].fail == !ret) {
676 pr_err("alg: aead%s: setkey failed on test %d for %s: flags=%x\n",
677 d, j, algo, crypto_aead_get_flags(tfm));
682 authsize = abs(template[i].rlen - template[i].ilen);
683 ret = crypto_aead_setauthsize(tfm, authsize);
685 pr_err("alg: aead%s: Failed to set authsize to %u on test %d for %s\n",
686 d, authsize, j, algo);
690 k = !!template[i].alen;
691 sg_init_table(sg, k + 1);
692 sg_set_buf(&sg[0], assoc, template[i].alen);
693 sg_set_buf(&sg[k], input,
694 template[i].ilen + (enc ? authsize : 0));
698 sg_init_table(sgout, k + 1);
699 sg_set_buf(&sgout[0], assoc, template[i].alen);
702 output += align_offset;
703 sg_set_buf(&sgout[k], output,
704 template[i].rlen + (enc ? 0 : authsize));
707 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
708 template[i].ilen, iv);
710 aead_request_set_ad(req, template[i].alen);
712 ret = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);
716 if (template[i].novrfy) {
717 /* verification was supposed to fail */
718 pr_err("alg: aead%s: %s failed on test %d for %s: ret was 0, expected -EBADMSG\n",
720 /* so really, we got a bad message */
727 wait_for_completion(&result.completion);
728 reinit_completion(&result.completion);
733 if (template[i].novrfy)
734 /* verification failure was expected */
738 pr_err("alg: aead%s: %s failed on test %d for %s: ret=%d\n",
739 d, e, j, algo, -ret);
744 if (memcmp(q, template[i].result, template[i].rlen)) {
745 pr_err("alg: aead%s: Test %d failed on %s for %s\n",
747 hexdump(q, template[i].rlen);
753 for (i = 0, j = 0; i < tcount; i++) {
754 /* alignment tests are only done with continuous buffers */
755 if (align_offset != 0)
764 memcpy(iv, template[i].iv, iv_len);
766 memset(iv, 0, MAX_IVLEN);
768 crypto_aead_clear_flags(tfm, ~0);
770 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
771 if (template[i].klen > MAX_KEYLEN) {
772 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
773 d, j, algo, template[i].klen, MAX_KEYLEN);
777 memcpy(key, template[i].key, template[i].klen);
779 ret = crypto_aead_setkey(tfm, key, template[i].klen);
780 if (template[i].fail == !ret) {
781 pr_err("alg: aead%s: setkey failed on chunk test %d for %s: flags=%x\n",
782 d, j, algo, crypto_aead_get_flags(tfm));
787 authsize = abs(template[i].rlen - template[i].ilen);
790 sg_init_table(sg, template[i].anp + template[i].np);
792 sg_init_table(sgout, template[i].anp + template[i].np);
795 for (k = 0, temp = 0; k < template[i].anp; k++) {
796 if (WARN_ON(offset_in_page(IDX[k]) +
797 template[i].atap[k] > PAGE_SIZE))
800 memcpy(axbuf[IDX[k] >> PAGE_SHIFT] +
801 offset_in_page(IDX[k]),
802 template[i].assoc + temp,
803 template[i].atap[k]),
804 template[i].atap[k]);
806 sg_set_buf(&sgout[k],
807 axbuf[IDX[k] >> PAGE_SHIFT] +
808 offset_in_page(IDX[k]),
809 template[i].atap[k]);
810 temp += template[i].atap[k];
813 for (k = 0, temp = 0; k < template[i].np; k++) {
814 if (WARN_ON(offset_in_page(IDX[k]) +
815 template[i].tap[k] > PAGE_SIZE))
818 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
819 memcpy(q, template[i].input + temp, template[i].tap[k]);
820 sg_set_buf(&sg[template[i].anp + k],
821 q, template[i].tap[k]);
824 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
825 offset_in_page(IDX[k]);
827 memset(q, 0, template[i].tap[k]);
829 sg_set_buf(&sgout[template[i].anp + k],
830 q, template[i].tap[k]);
833 n = template[i].tap[k];
834 if (k == template[i].np - 1 && enc)
836 if (offset_in_page(q) + n < PAGE_SIZE)
839 temp += template[i].tap[k];
842 ret = crypto_aead_setauthsize(tfm, authsize);
844 pr_err("alg: aead%s: Failed to set authsize to %u on chunk test %d for %s\n",
845 d, authsize, j, algo);
850 if (WARN_ON(sg[template[i].anp + k - 1].offset +
851 sg[template[i].anp + k - 1].length +
852 authsize > PAGE_SIZE)) {
858 sgout[template[i].anp + k - 1].length +=
860 sg[template[i].anp + k - 1].length += authsize;
863 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
867 aead_request_set_ad(req, template[i].alen);
869 ret = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);
873 if (template[i].novrfy) {
874 /* verification was supposed to fail */
875 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret was 0, expected -EBADMSG\n",
877 /* so really, we got a bad message */
884 wait_for_completion(&result.completion);
885 reinit_completion(&result.completion);
890 if (template[i].novrfy)
891 /* verification failure was expected */
895 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret=%d\n",
896 d, e, j, algo, -ret);
901 for (k = 0, temp = 0; k < template[i].np; k++) {
903 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
904 offset_in_page(IDX[k]);
906 q = xbuf[IDX[k] >> PAGE_SHIFT] +
907 offset_in_page(IDX[k]);
909 n = template[i].tap[k];
910 if (k == template[i].np - 1)
911 n += enc ? authsize : -authsize;
913 if (memcmp(q, template[i].result + temp, n)) {
914 pr_err("alg: aead%s: Chunk test %d failed on %s at page %u for %s\n",
921 if (k == template[i].np - 1 && !enc) {
923 memcmp(q, template[i].input +
929 for (n = 0; offset_in_page(q + n) && q[n]; n++)
933 pr_err("alg: aead%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
934 d, j, e, k, algo, n);
939 temp += template[i].tap[k];
946 aead_request_free(req);
950 testmgr_free_buf(xoutbuf);
952 testmgr_free_buf(axbuf);
954 testmgr_free_buf(xbuf);
961 static int test_aead(struct crypto_aead *tfm, int enc,
962 const struct aead_testvec *template, unsigned int tcount)
964 unsigned int alignmask;
967 /* test 'dst == src' case */
968 ret = __test_aead(tfm, enc, template, tcount, false, 0);
972 /* test 'dst != src' case */
973 ret = __test_aead(tfm, enc, template, tcount, true, 0);
977 /* test unaligned buffers, check with one byte offset */
978 ret = __test_aead(tfm, enc, template, tcount, true, 1);
982 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
984 /* Check if alignment mask for tfm is correctly set. */
985 ret = __test_aead(tfm, enc, template, tcount, true,
994 static int test_cipher(struct crypto_cipher *tfm, int enc,
995 const struct cipher_testvec *template,
998 const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm));
999 unsigned int i, j, k;
1003 char *xbuf[XBUFSIZE];
1006 if (testmgr_alloc_buf(xbuf))
1015 for (i = 0; i < tcount; i++) {
1019 if (fips_enabled && template[i].fips_skip)
1025 if (WARN_ON(template[i].ilen > PAGE_SIZE))
1029 memcpy(data, template[i].input, template[i].ilen);
1031 crypto_cipher_clear_flags(tfm, ~0);
1033 crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
1035 ret = crypto_cipher_setkey(tfm, template[i].key,
1037 if (template[i].fail == !ret) {
1038 printk(KERN_ERR "alg: cipher: setkey failed "
1039 "on test %d for %s: flags=%x\n", j,
1040 algo, crypto_cipher_get_flags(tfm));
1045 for (k = 0; k < template[i].ilen;
1046 k += crypto_cipher_blocksize(tfm)) {
1048 crypto_cipher_encrypt_one(tfm, data + k,
1051 crypto_cipher_decrypt_one(tfm, data + k,
1056 if (memcmp(q, template[i].result, template[i].rlen)) {
1057 printk(KERN_ERR "alg: cipher: Test %d failed "
1058 "on %s for %s\n", j, e, algo);
1059 hexdump(q, template[i].rlen);
1068 testmgr_free_buf(xbuf);
1073 static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
1074 const struct cipher_testvec *template,
1075 unsigned int tcount,
1076 const bool diff_dst, const int align_offset)
1079 crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
1080 unsigned int i, j, k, n, temp;
1082 struct skcipher_request *req;
1083 struct scatterlist sg[8];
1084 struct scatterlist sgout[8];
1086 struct tcrypt_result result;
1089 char *xbuf[XBUFSIZE];
1090 char *xoutbuf[XBUFSIZE];
1092 unsigned int ivsize = crypto_skcipher_ivsize(tfm);
1094 if (testmgr_alloc_buf(xbuf))
1097 if (diff_dst && testmgr_alloc_buf(xoutbuf))
1110 init_completion(&result.completion);
1112 req = skcipher_request_alloc(tfm, GFP_KERNEL);
1114 pr_err("alg: skcipher%s: Failed to allocate request for %s\n",
1119 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1120 tcrypt_complete, &result);
1123 for (i = 0; i < tcount; i++) {
1124 if (template[i].np && !template[i].also_non_np)
1127 if (fips_enabled && template[i].fips_skip)
1131 memcpy(iv, template[i].iv, ivsize);
1133 memset(iv, 0, MAX_IVLEN);
1137 if (WARN_ON(align_offset + template[i].ilen > PAGE_SIZE))
1141 data += align_offset;
1142 memcpy(data, template[i].input, template[i].ilen);
1144 crypto_skcipher_clear_flags(tfm, ~0);
1146 crypto_skcipher_set_flags(tfm,
1147 CRYPTO_TFM_REQ_WEAK_KEY);
1149 ret = crypto_skcipher_setkey(tfm, template[i].key,
1151 if (template[i].fail == !ret) {
1152 pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n",
1153 d, j, algo, crypto_skcipher_get_flags(tfm));
1158 sg_init_one(&sg[0], data, template[i].ilen);
1161 data += align_offset;
1162 sg_init_one(&sgout[0], data, template[i].ilen);
1165 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1166 template[i].ilen, iv);
1167 ret = enc ? crypto_skcipher_encrypt(req) :
1168 crypto_skcipher_decrypt(req);
1175 wait_for_completion(&result.completion);
1176 reinit_completion(&result.completion);
1182 pr_err("alg: skcipher%s: %s failed on test %d for %s: ret=%d\n",
1183 d, e, j, algo, -ret);
1188 if (memcmp(q, template[i].result, template[i].rlen)) {
1189 pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n",
1191 hexdump(q, template[i].rlen);
1196 if (template[i].iv_out &&
1197 memcmp(iv, template[i].iv_out,
1198 crypto_skcipher_ivsize(tfm))) {
1199 pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n",
1201 hexdump(iv, crypto_skcipher_ivsize(tfm));
1208 for (i = 0; i < tcount; i++) {
1209 /* alignment tests are only done with continuous buffers */
1210 if (align_offset != 0)
1213 if (!template[i].np)
1216 if (fips_enabled && template[i].fips_skip)
1220 memcpy(iv, template[i].iv, ivsize);
1222 memset(iv, 0, MAX_IVLEN);
1225 crypto_skcipher_clear_flags(tfm, ~0);
1227 crypto_skcipher_set_flags(tfm,
1228 CRYPTO_TFM_REQ_WEAK_KEY);
1230 ret = crypto_skcipher_setkey(tfm, template[i].key,
1232 if (template[i].fail == !ret) {
1233 pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n",
1234 d, j, algo, crypto_skcipher_get_flags(tfm));
1241 sg_init_table(sg, template[i].np);
1243 sg_init_table(sgout, template[i].np);
1244 for (k = 0; k < template[i].np; k++) {
1245 if (WARN_ON(offset_in_page(IDX[k]) +
1246 template[i].tap[k] > PAGE_SIZE))
1249 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
1251 memcpy(q, template[i].input + temp, template[i].tap[k]);
1253 if (offset_in_page(q) + template[i].tap[k] < PAGE_SIZE)
1254 q[template[i].tap[k]] = 0;
1256 sg_set_buf(&sg[k], q, template[i].tap[k]);
1258 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1259 offset_in_page(IDX[k]);
1261 sg_set_buf(&sgout[k], q, template[i].tap[k]);
1263 memset(q, 0, template[i].tap[k]);
1264 if (offset_in_page(q) +
1265 template[i].tap[k] < PAGE_SIZE)
1266 q[template[i].tap[k]] = 0;
1269 temp += template[i].tap[k];
1272 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1273 template[i].ilen, iv);
1275 ret = enc ? crypto_skcipher_encrypt(req) :
1276 crypto_skcipher_decrypt(req);
1283 wait_for_completion(&result.completion);
1284 reinit_completion(&result.completion);
1290 pr_err("alg: skcipher%s: %s failed on chunk test %d for %s: ret=%d\n",
1291 d, e, j, algo, -ret);
1297 for (k = 0; k < template[i].np; k++) {
1299 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1300 offset_in_page(IDX[k]);
1302 q = xbuf[IDX[k] >> PAGE_SHIFT] +
1303 offset_in_page(IDX[k]);
1305 if (memcmp(q, template[i].result + temp,
1306 template[i].tap[k])) {
1307 pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n",
1309 hexdump(q, template[i].tap[k]);
1313 q += template[i].tap[k];
1314 for (n = 0; offset_in_page(q + n) && q[n]; n++)
1317 pr_err("alg: skcipher%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
1318 d, j, e, k, algo, n);
1322 temp += template[i].tap[k];
1329 skcipher_request_free(req);
1331 testmgr_free_buf(xoutbuf);
1333 testmgr_free_buf(xbuf);
1338 static int test_skcipher(struct crypto_skcipher *tfm, int enc,
1339 const struct cipher_testvec *template,
1340 unsigned int tcount)
1342 unsigned int alignmask;
1345 /* test 'dst == src' case */
1346 ret = __test_skcipher(tfm, enc, template, tcount, false, 0);
1350 /* test 'dst != src' case */
1351 ret = __test_skcipher(tfm, enc, template, tcount, true, 0);
1355 /* test unaligned buffers, check with one byte offset */
1356 ret = __test_skcipher(tfm, enc, template, tcount, true, 1);
1360 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
1362 /* Check if alignment mask for tfm is correctly set. */
1363 ret = __test_skcipher(tfm, enc, template, tcount, true,
1372 static int test_comp(struct crypto_comp *tfm,
1373 const struct comp_testvec *ctemplate,
1374 const struct comp_testvec *dtemplate,
1375 int ctcount, int dtcount)
1377 const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm));
1379 char result[COMP_BUF_SIZE];
1382 for (i = 0; i < ctcount; i++) {
1384 unsigned int dlen = COMP_BUF_SIZE;
1386 memset(result, 0, sizeof (result));
1388 ilen = ctemplate[i].inlen;
1389 ret = crypto_comp_compress(tfm, ctemplate[i].input,
1390 ilen, result, &dlen);
1392 printk(KERN_ERR "alg: comp: compression failed "
1393 "on test %d for %s: ret=%d\n", i + 1, algo,
1398 if (dlen != ctemplate[i].outlen) {
1399 printk(KERN_ERR "alg: comp: Compression test %d "
1400 "failed for %s: output len = %d\n", i + 1, algo,
1406 if (memcmp(result, ctemplate[i].output, dlen)) {
1407 printk(KERN_ERR "alg: comp: Compression test %d "
1408 "failed for %s\n", i + 1, algo);
1409 hexdump(result, dlen);
1415 for (i = 0; i < dtcount; i++) {
1417 unsigned int dlen = COMP_BUF_SIZE;
1419 memset(result, 0, sizeof (result));
1421 ilen = dtemplate[i].inlen;
1422 ret = crypto_comp_decompress(tfm, dtemplate[i].input,
1423 ilen, result, &dlen);
1425 printk(KERN_ERR "alg: comp: decompression failed "
1426 "on test %d for %s: ret=%d\n", i + 1, algo,
1431 if (dlen != dtemplate[i].outlen) {
1432 printk(KERN_ERR "alg: comp: Decompression test %d "
1433 "failed for %s: output len = %d\n", i + 1, algo,
1439 if (memcmp(result, dtemplate[i].output, dlen)) {
1440 printk(KERN_ERR "alg: comp: Decompression test %d "
1441 "failed for %s\n", i + 1, algo);
1442 hexdump(result, dlen);
1454 static int test_acomp(struct crypto_acomp *tfm,
1455 const struct comp_testvec *ctemplate,
1456 const struct comp_testvec *dtemplate,
1457 int ctcount, int dtcount)
1459 const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm));
1461 char *output, *decomp_out;
1463 struct scatterlist src, dst;
1464 struct acomp_req *req;
1465 struct tcrypt_result result;
1467 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1471 decomp_out = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1477 for (i = 0; i < ctcount; i++) {
1478 unsigned int dlen = COMP_BUF_SIZE;
1479 int ilen = ctemplate[i].inlen;
1482 input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL);
1488 memset(output, 0, dlen);
1489 init_completion(&result.completion);
1490 sg_init_one(&src, input_vec, ilen);
1491 sg_init_one(&dst, output, dlen);
1493 req = acomp_request_alloc(tfm);
1495 pr_err("alg: acomp: request alloc failed for %s\n",
1502 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1503 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1504 tcrypt_complete, &result);
1506 ret = wait_async_op(&result, crypto_acomp_compress(req));
1508 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1511 acomp_request_free(req);
1516 dlen = COMP_BUF_SIZE;
1517 sg_init_one(&src, output, ilen);
1518 sg_init_one(&dst, decomp_out, dlen);
1519 init_completion(&result.completion);
1520 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1522 ret = wait_async_op(&result, crypto_acomp_decompress(req));
1524 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1527 acomp_request_free(req);
1531 if (req->dlen != ctemplate[i].inlen) {
1532 pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n",
1533 i + 1, algo, req->dlen);
1536 acomp_request_free(req);
1540 if (memcmp(input_vec, decomp_out, req->dlen)) {
1541 pr_err("alg: acomp: Compression test %d failed for %s\n",
1543 hexdump(output, req->dlen);
1546 acomp_request_free(req);
1551 acomp_request_free(req);
1554 for (i = 0; i < dtcount; i++) {
1555 unsigned int dlen = COMP_BUF_SIZE;
1556 int ilen = dtemplate[i].inlen;
1559 input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL);
1565 memset(output, 0, dlen);
1566 init_completion(&result.completion);
1567 sg_init_one(&src, input_vec, ilen);
1568 sg_init_one(&dst, output, dlen);
1570 req = acomp_request_alloc(tfm);
1572 pr_err("alg: acomp: request alloc failed for %s\n",
1579 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1580 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1581 tcrypt_complete, &result);
1583 ret = wait_async_op(&result, crypto_acomp_decompress(req));
1585 pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n",
1588 acomp_request_free(req);
1592 if (req->dlen != dtemplate[i].outlen) {
1593 pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n",
1594 i + 1, algo, req->dlen);
1597 acomp_request_free(req);
1601 if (memcmp(output, dtemplate[i].output, req->dlen)) {
1602 pr_err("alg: acomp: Decompression test %d failed for %s\n",
1604 hexdump(output, req->dlen);
1607 acomp_request_free(req);
1612 acomp_request_free(req);
1623 static int test_cprng(struct crypto_rng *tfm,
1624 const struct cprng_testvec *template,
1625 unsigned int tcount)
1627 const char *algo = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm));
1628 int err = 0, i, j, seedsize;
1632 seedsize = crypto_rng_seedsize(tfm);
1634 seed = kmalloc(seedsize, GFP_KERNEL);
1636 printk(KERN_ERR "alg: cprng: Failed to allocate seed space "
1641 for (i = 0; i < tcount; i++) {
1642 memset(result, 0, 32);
1644 memcpy(seed, template[i].v, template[i].vlen);
1645 memcpy(seed + template[i].vlen, template[i].key,
1647 memcpy(seed + template[i].vlen + template[i].klen,
1648 template[i].dt, template[i].dtlen);
1650 err = crypto_rng_reset(tfm, seed, seedsize);
1652 printk(KERN_ERR "alg: cprng: Failed to reset rng "
1657 for (j = 0; j < template[i].loops; j++) {
1658 err = crypto_rng_get_bytes(tfm, result,
1661 printk(KERN_ERR "alg: cprng: Failed to obtain "
1662 "the correct amount of random data for "
1663 "%s (requested %d)\n", algo,
1669 err = memcmp(result, template[i].result,
1672 printk(KERN_ERR "alg: cprng: Test %d failed for %s\n",
1674 hexdump(result, template[i].rlen);
1685 static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
1688 struct crypto_aead *tfm;
1691 tfm = crypto_alloc_aead(driver, type, mask);
1693 printk(KERN_ERR "alg: aead: Failed to load transform for %s: "
1694 "%ld\n", driver, PTR_ERR(tfm));
1695 return PTR_ERR(tfm);
1698 if (desc->suite.aead.enc.vecs) {
1699 err = test_aead(tfm, ENCRYPT, desc->suite.aead.enc.vecs,
1700 desc->suite.aead.enc.count);
1705 if (!err && desc->suite.aead.dec.vecs)
1706 err = test_aead(tfm, DECRYPT, desc->suite.aead.dec.vecs,
1707 desc->suite.aead.dec.count);
1710 crypto_free_aead(tfm);
1714 static int alg_test_cipher(const struct alg_test_desc *desc,
1715 const char *driver, u32 type, u32 mask)
1717 struct crypto_cipher *tfm;
1720 tfm = crypto_alloc_cipher(driver, type, mask);
1722 printk(KERN_ERR "alg: cipher: Failed to load transform for "
1723 "%s: %ld\n", driver, PTR_ERR(tfm));
1724 return PTR_ERR(tfm);
1727 if (desc->suite.cipher.enc.vecs) {
1728 err = test_cipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs,
1729 desc->suite.cipher.enc.count);
1734 if (desc->suite.cipher.dec.vecs)
1735 err = test_cipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs,
1736 desc->suite.cipher.dec.count);
1739 crypto_free_cipher(tfm);
1743 static int alg_test_skcipher(const struct alg_test_desc *desc,
1744 const char *driver, u32 type, u32 mask)
1746 struct crypto_skcipher *tfm;
1749 tfm = crypto_alloc_skcipher(driver, type, mask);
1751 printk(KERN_ERR "alg: skcipher: Failed to load transform for "
1752 "%s: %ld\n", driver, PTR_ERR(tfm));
1753 return PTR_ERR(tfm);
1756 if (desc->suite.cipher.enc.vecs) {
1757 err = test_skcipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs,
1758 desc->suite.cipher.enc.count);
1763 if (desc->suite.cipher.dec.vecs)
1764 err = test_skcipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs,
1765 desc->suite.cipher.dec.count);
1768 crypto_free_skcipher(tfm);
1772 static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
1775 struct crypto_comp *comp;
1776 struct crypto_acomp *acomp;
1778 u32 algo_type = type & CRYPTO_ALG_TYPE_ACOMPRESS_MASK;
1780 if (algo_type == CRYPTO_ALG_TYPE_ACOMPRESS) {
1781 acomp = crypto_alloc_acomp(driver, type, mask);
1782 if (IS_ERR(acomp)) {
1783 pr_err("alg: acomp: Failed to load transform for %s: %ld\n",
1784 driver, PTR_ERR(acomp));
1785 return PTR_ERR(acomp);
1787 err = test_acomp(acomp, desc->suite.comp.comp.vecs,
1788 desc->suite.comp.decomp.vecs,
1789 desc->suite.comp.comp.count,
1790 desc->suite.comp.decomp.count);
1791 crypto_free_acomp(acomp);
1793 comp = crypto_alloc_comp(driver, type, mask);
1795 pr_err("alg: comp: Failed to load transform for %s: %ld\n",
1796 driver, PTR_ERR(comp));
1797 return PTR_ERR(comp);
1800 err = test_comp(comp, desc->suite.comp.comp.vecs,
1801 desc->suite.comp.decomp.vecs,
1802 desc->suite.comp.comp.count,
1803 desc->suite.comp.decomp.count);
1805 crypto_free_comp(comp);
1810 static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
1813 struct crypto_ahash *tfm;
1816 tfm = crypto_alloc_ahash(driver, type, mask);
1818 printk(KERN_ERR "alg: hash: Failed to load transform for %s: "
1819 "%ld\n", driver, PTR_ERR(tfm));
1820 return PTR_ERR(tfm);
1823 err = test_hash(tfm, desc->suite.hash.vecs,
1824 desc->suite.hash.count, true);
1826 err = test_hash(tfm, desc->suite.hash.vecs,
1827 desc->suite.hash.count, false);
1829 crypto_free_ahash(tfm);
1833 static int alg_test_crc32c(const struct alg_test_desc *desc,
1834 const char *driver, u32 type, u32 mask)
1836 struct crypto_shash *tfm;
1840 err = alg_test_hash(desc, driver, type, mask);
1844 tfm = crypto_alloc_shash(driver, type, mask);
1846 printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: "
1847 "%ld\n", driver, PTR_ERR(tfm));
1853 SHASH_DESC_ON_STACK(shash, tfm);
1854 u32 *ctx = (u32 *)shash_desc_ctx(shash);
1859 *ctx = le32_to_cpu(420553207);
1860 err = crypto_shash_final(shash, (u8 *)&val);
1862 printk(KERN_ERR "alg: crc32c: Operation failed for "
1863 "%s: %d\n", driver, err);
1867 if (val != ~420553207) {
1868 printk(KERN_ERR "alg: crc32c: Test failed for %s: "
1869 "%d\n", driver, val);
1874 crypto_free_shash(tfm);
1880 static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver,
1883 struct crypto_rng *rng;
1886 rng = crypto_alloc_rng(driver, type, mask);
1888 printk(KERN_ERR "alg: cprng: Failed to load transform for %s: "
1889 "%ld\n", driver, PTR_ERR(rng));
1890 return PTR_ERR(rng);
1893 err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count);
1895 crypto_free_rng(rng);
1901 static int drbg_cavs_test(const struct drbg_testvec *test, int pr,
1902 const char *driver, u32 type, u32 mask)
1905 struct crypto_rng *drng;
1906 struct drbg_test_data test_data;
1907 struct drbg_string addtl, pers, testentropy;
1908 unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL);
1913 drng = crypto_alloc_rng(driver, type, mask);
1915 printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for "
1921 test_data.testentropy = &testentropy;
1922 drbg_string_fill(&testentropy, test->entropy, test->entropylen);
1923 drbg_string_fill(&pers, test->pers, test->perslen);
1924 ret = crypto_drbg_reset_test(drng, &pers, &test_data);
1926 printk(KERN_ERR "alg: drbg: Failed to reset rng\n");
1930 drbg_string_fill(&addtl, test->addtla, test->addtllen);
1932 drbg_string_fill(&testentropy, test->entpra, test->entprlen);
1933 ret = crypto_drbg_get_bytes_addtl_test(drng,
1934 buf, test->expectedlen, &addtl, &test_data);
1936 ret = crypto_drbg_get_bytes_addtl(drng,
1937 buf, test->expectedlen, &addtl);
1940 printk(KERN_ERR "alg: drbg: could not obtain random data for "
1941 "driver %s\n", driver);
1945 drbg_string_fill(&addtl, test->addtlb, test->addtllen);
1947 drbg_string_fill(&testentropy, test->entprb, test->entprlen);
1948 ret = crypto_drbg_get_bytes_addtl_test(drng,
1949 buf, test->expectedlen, &addtl, &test_data);
1951 ret = crypto_drbg_get_bytes_addtl(drng,
1952 buf, test->expectedlen, &addtl);
1955 printk(KERN_ERR "alg: drbg: could not obtain random data for "
1956 "driver %s\n", driver);
1960 ret = memcmp(test->expected, buf, test->expectedlen);
1963 crypto_free_rng(drng);
1969 static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver,
1975 const struct drbg_testvec *template = desc->suite.drbg.vecs;
1976 unsigned int tcount = desc->suite.drbg.count;
1978 if (0 == memcmp(driver, "drbg_pr_", 8))
1981 for (i = 0; i < tcount; i++) {
1982 err = drbg_cavs_test(&template[i], pr, driver, type, mask);
1984 printk(KERN_ERR "alg: drbg: Test %d failed for %s\n",
1994 static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,
1997 struct kpp_request *req;
1998 void *input_buf = NULL;
1999 void *output_buf = NULL;
2000 void *a_public = NULL;
2002 void *shared_secret = NULL;
2003 struct tcrypt_result result;
2004 unsigned int out_len_max;
2006 struct scatterlist src, dst;
2008 req = kpp_request_alloc(tfm, GFP_KERNEL);
2012 init_completion(&result.completion);
2014 err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size);
2018 out_len_max = crypto_kpp_maxsize(tfm);
2019 output_buf = kzalloc(out_len_max, GFP_KERNEL);
2025 /* Use appropriate parameter as base */
2026 kpp_request_set_input(req, NULL, 0);
2027 sg_init_one(&dst, output_buf, out_len_max);
2028 kpp_request_set_output(req, &dst, out_len_max);
2029 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2030 tcrypt_complete, &result);
2032 /* Compute party A's public key */
2033 err = wait_async_op(&result, crypto_kpp_generate_public_key(req));
2035 pr_err("alg: %s: Party A: generate public key test failed. err %d\n",
2041 /* Save party A's public key */
2042 a_public = kzalloc(out_len_max, GFP_KERNEL);
2047 memcpy(a_public, sg_virt(req->dst), out_len_max);
2049 /* Verify calculated public key */
2050 if (memcmp(vec->expected_a_public, sg_virt(req->dst),
2051 vec->expected_a_public_size)) {
2052 pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n",
2059 /* Calculate shared secret key by using counter part (b) public key. */
2060 input_buf = kzalloc(vec->b_public_size, GFP_KERNEL);
2066 memcpy(input_buf, vec->b_public, vec->b_public_size);
2067 sg_init_one(&src, input_buf, vec->b_public_size);
2068 sg_init_one(&dst, output_buf, out_len_max);
2069 kpp_request_set_input(req, &src, vec->b_public_size);
2070 kpp_request_set_output(req, &dst, out_len_max);
2071 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2072 tcrypt_complete, &result);
2073 err = wait_async_op(&result, crypto_kpp_compute_shared_secret(req));
2075 pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n",
2081 /* Save the shared secret obtained by party A */
2082 a_ss = kzalloc(vec->expected_ss_size, GFP_KERNEL);
2087 memcpy(a_ss, sg_virt(req->dst), vec->expected_ss_size);
2090 * Calculate party B's shared secret by using party A's
2093 err = crypto_kpp_set_secret(tfm, vec->b_secret,
2094 vec->b_secret_size);
2098 sg_init_one(&src, a_public, vec->expected_a_public_size);
2099 sg_init_one(&dst, output_buf, out_len_max);
2100 kpp_request_set_input(req, &src, vec->expected_a_public_size);
2101 kpp_request_set_output(req, &dst, out_len_max);
2102 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2103 tcrypt_complete, &result);
2104 err = wait_async_op(&result,
2105 crypto_kpp_compute_shared_secret(req));
2107 pr_err("alg: %s: Party B: compute shared secret failed. err %d\n",
2112 shared_secret = a_ss;
2114 shared_secret = (void *)vec->expected_ss;
2118 * verify shared secret from which the user will derive
2119 * secret key by executing whatever hash it has chosen
2121 if (memcmp(shared_secret, sg_virt(req->dst),
2122 vec->expected_ss_size)) {
2123 pr_err("alg: %s: compute shared secret test failed. Invalid output\n",
2135 kpp_request_free(req);
2139 static int test_kpp(struct crypto_kpp *tfm, const char *alg,
2140 const struct kpp_testvec *vecs, unsigned int tcount)
2144 for (i = 0; i < tcount; i++) {
2145 ret = do_test_kpp(tfm, vecs++, alg);
2147 pr_err("alg: %s: test failed on vector %d, err=%d\n",
2155 static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,
2158 struct crypto_kpp *tfm;
2161 tfm = crypto_alloc_kpp(driver, type, mask);
2163 pr_err("alg: kpp: Failed to load tfm for %s: %ld\n",
2164 driver, PTR_ERR(tfm));
2165 return PTR_ERR(tfm);
2167 if (desc->suite.kpp.vecs)
2168 err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs,
2169 desc->suite.kpp.count);
2171 crypto_free_kpp(tfm);
2175 static int test_akcipher_one(struct crypto_akcipher *tfm,
2176 const struct akcipher_testvec *vecs)
2178 char *xbuf[XBUFSIZE];
2179 struct akcipher_request *req;
2180 void *outbuf_enc = NULL;
2181 void *outbuf_dec = NULL;
2182 struct tcrypt_result result;
2183 unsigned int out_len_max, out_len = 0;
2185 struct scatterlist src, dst, src_tab[2];
2187 if (testmgr_alloc_buf(xbuf))
2190 req = akcipher_request_alloc(tfm, GFP_KERNEL);
2194 init_completion(&result.completion);
2196 if (vecs->public_key_vec)
2197 err = crypto_akcipher_set_pub_key(tfm, vecs->key,
2200 err = crypto_akcipher_set_priv_key(tfm, vecs->key,
2206 out_len_max = crypto_akcipher_maxsize(tfm);
2207 outbuf_enc = kzalloc(out_len_max, GFP_KERNEL);
2211 if (WARN_ON(vecs->m_size > PAGE_SIZE))
2214 memcpy(xbuf[0], vecs->m, vecs->m_size);
2216 sg_init_table(src_tab, 2);
2217 sg_set_buf(&src_tab[0], xbuf[0], 8);
2218 sg_set_buf(&src_tab[1], xbuf[0] + 8, vecs->m_size - 8);
2219 sg_init_one(&dst, outbuf_enc, out_len_max);
2220 akcipher_request_set_crypt(req, src_tab, &dst, vecs->m_size,
2222 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2223 tcrypt_complete, &result);
2225 err = wait_async_op(&result, vecs->siggen_sigver_test ?
2226 /* Run asymmetric signature generation */
2227 crypto_akcipher_sign(req) :
2228 /* Run asymmetric encrypt */
2229 crypto_akcipher_encrypt(req));
2231 pr_err("alg: akcipher: encrypt test failed. err %d\n", err);
2234 if (req->dst_len != vecs->c_size) {
2235 pr_err("alg: akcipher: encrypt test failed. Invalid output len\n");
2239 /* verify that encrypted message is equal to expected */
2240 if (memcmp(vecs->c, outbuf_enc, vecs->c_size)) {
2241 pr_err("alg: akcipher: encrypt test failed. Invalid output\n");
2242 hexdump(outbuf_enc, vecs->c_size);
2246 /* Don't invoke decrypt for vectors with public key */
2247 if (vecs->public_key_vec) {
2251 outbuf_dec = kzalloc(out_len_max, GFP_KERNEL);
2257 if (WARN_ON(vecs->c_size > PAGE_SIZE))
2260 memcpy(xbuf[0], vecs->c, vecs->c_size);
2262 sg_init_one(&src, xbuf[0], vecs->c_size);
2263 sg_init_one(&dst, outbuf_dec, out_len_max);
2264 init_completion(&result.completion);
2265 akcipher_request_set_crypt(req, &src, &dst, vecs->c_size, out_len_max);
2267 err = wait_async_op(&result, vecs->siggen_sigver_test ?
2268 /* Run asymmetric signature verification */
2269 crypto_akcipher_verify(req) :
2270 /* Run asymmetric decrypt */
2271 crypto_akcipher_decrypt(req));
2273 pr_err("alg: akcipher: decrypt test failed. err %d\n", err);
2276 out_len = req->dst_len;
2277 if (out_len < vecs->m_size) {
2278 pr_err("alg: akcipher: decrypt test failed. "
2279 "Invalid output len %u\n", out_len);
2283 /* verify that decrypted message is equal to the original msg */
2284 if (memchr_inv(outbuf_dec, 0, out_len - vecs->m_size) ||
2285 memcmp(vecs->m, outbuf_dec + out_len - vecs->m_size,
2287 pr_err("alg: akcipher: decrypt test failed. Invalid output\n");
2288 hexdump(outbuf_dec, out_len);
2295 akcipher_request_free(req);
2297 testmgr_free_buf(xbuf);
2301 static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,
2302 const struct akcipher_testvec *vecs,
2303 unsigned int tcount)
2306 crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm));
2309 for (i = 0; i < tcount; i++) {
2310 ret = test_akcipher_one(tfm, vecs++);
2314 pr_err("alg: akcipher: test %d failed for %s, err=%d\n",
2321 static int alg_test_akcipher(const struct alg_test_desc *desc,
2322 const char *driver, u32 type, u32 mask)
2324 struct crypto_akcipher *tfm;
2327 tfm = crypto_alloc_akcipher(driver, type, mask);
2329 pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n",
2330 driver, PTR_ERR(tfm));
2331 return PTR_ERR(tfm);
2333 if (desc->suite.akcipher.vecs)
2334 err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs,
2335 desc->suite.akcipher.count);
2337 crypto_free_akcipher(tfm);
2341 static int alg_test_null(const struct alg_test_desc *desc,
2342 const char *driver, u32 type, u32 mask)
2347 #define __VECS(tv) { .vecs = tv, .count = ARRAY_SIZE(tv) }
2349 /* Please keep this list sorted by algorithm name. */
2350 static const struct alg_test_desc alg_test_descs[] = {
2352 .alg = "ansi_cprng",
2353 .test = alg_test_cprng,
2355 .cprng = __VECS(ansi_cprng_aes_tv_template)
2358 .alg = "authenc(hmac(md5),ecb(cipher_null))",
2359 .test = alg_test_aead,
2362 .enc = __VECS(hmac_md5_ecb_cipher_null_enc_tv_template),
2363 .dec = __VECS(hmac_md5_ecb_cipher_null_dec_tv_template)
2367 .alg = "authenc(hmac(sha1),cbc(aes))",
2368 .test = alg_test_aead,
2372 .enc = __VECS(hmac_sha1_aes_cbc_enc_tv_temp)
2376 .alg = "authenc(hmac(sha1),cbc(des))",
2377 .test = alg_test_aead,
2380 .enc = __VECS(hmac_sha1_des_cbc_enc_tv_temp)
2384 .alg = "authenc(hmac(sha1),cbc(des3_ede))",
2385 .test = alg_test_aead,
2389 .enc = __VECS(hmac_sha1_des3_ede_cbc_enc_tv_temp)
2393 .alg = "authenc(hmac(sha1),ctr(aes))",
2394 .test = alg_test_null,
2397 .alg = "authenc(hmac(sha1),ecb(cipher_null))",
2398 .test = alg_test_aead,
2401 .enc = __VECS(hmac_sha1_ecb_cipher_null_enc_tv_temp),
2402 .dec = __VECS(hmac_sha1_ecb_cipher_null_dec_tv_temp)
2406 .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
2407 .test = alg_test_null,
2410 .alg = "authenc(hmac(sha224),cbc(des))",
2411 .test = alg_test_aead,
2414 .enc = __VECS(hmac_sha224_des_cbc_enc_tv_temp)
2418 .alg = "authenc(hmac(sha224),cbc(des3_ede))",
2419 .test = alg_test_aead,
2423 .enc = __VECS(hmac_sha224_des3_ede_cbc_enc_tv_temp)
2427 .alg = "authenc(hmac(sha256),cbc(aes))",
2428 .test = alg_test_aead,
2432 .enc = __VECS(hmac_sha256_aes_cbc_enc_tv_temp)
2436 .alg = "authenc(hmac(sha256),cbc(des))",
2437 .test = alg_test_aead,
2440 .enc = __VECS(hmac_sha256_des_cbc_enc_tv_temp)
2444 .alg = "authenc(hmac(sha256),cbc(des3_ede))",
2445 .test = alg_test_aead,
2449 .enc = __VECS(hmac_sha256_des3_ede_cbc_enc_tv_temp)
2453 .alg = "authenc(hmac(sha256),ctr(aes))",
2454 .test = alg_test_null,
2457 .alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
2458 .test = alg_test_null,
2461 .alg = "authenc(hmac(sha384),cbc(des))",
2462 .test = alg_test_aead,
2465 .enc = __VECS(hmac_sha384_des_cbc_enc_tv_temp)
2469 .alg = "authenc(hmac(sha384),cbc(des3_ede))",
2470 .test = alg_test_aead,
2474 .enc = __VECS(hmac_sha384_des3_ede_cbc_enc_tv_temp)
2478 .alg = "authenc(hmac(sha384),ctr(aes))",
2479 .test = alg_test_null,
2482 .alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
2483 .test = alg_test_null,
2486 .alg = "authenc(hmac(sha512),cbc(aes))",
2488 .test = alg_test_aead,
2491 .enc = __VECS(hmac_sha512_aes_cbc_enc_tv_temp)
2495 .alg = "authenc(hmac(sha512),cbc(des))",
2496 .test = alg_test_aead,
2499 .enc = __VECS(hmac_sha512_des_cbc_enc_tv_temp)
2503 .alg = "authenc(hmac(sha512),cbc(des3_ede))",
2504 .test = alg_test_aead,
2508 .enc = __VECS(hmac_sha512_des3_ede_cbc_enc_tv_temp)
2512 .alg = "authenc(hmac(sha512),ctr(aes))",
2513 .test = alg_test_null,
2516 .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
2517 .test = alg_test_null,
2521 .test = alg_test_skcipher,
2525 .enc = __VECS(aes_cbc_enc_tv_template),
2526 .dec = __VECS(aes_cbc_dec_tv_template)
2530 .alg = "cbc(anubis)",
2531 .test = alg_test_skcipher,
2534 .enc = __VECS(anubis_cbc_enc_tv_template),
2535 .dec = __VECS(anubis_cbc_dec_tv_template)
2539 .alg = "cbc(blowfish)",
2540 .test = alg_test_skcipher,
2543 .enc = __VECS(bf_cbc_enc_tv_template),
2544 .dec = __VECS(bf_cbc_dec_tv_template)
2548 .alg = "cbc(camellia)",
2549 .test = alg_test_skcipher,
2552 .enc = __VECS(camellia_cbc_enc_tv_template),
2553 .dec = __VECS(camellia_cbc_dec_tv_template)
2557 .alg = "cbc(cast5)",
2558 .test = alg_test_skcipher,
2561 .enc = __VECS(cast5_cbc_enc_tv_template),
2562 .dec = __VECS(cast5_cbc_dec_tv_template)
2566 .alg = "cbc(cast6)",
2567 .test = alg_test_skcipher,
2570 .enc = __VECS(cast6_cbc_enc_tv_template),
2571 .dec = __VECS(cast6_cbc_dec_tv_template)
2576 .test = alg_test_skcipher,
2579 .enc = __VECS(des_cbc_enc_tv_template),
2580 .dec = __VECS(des_cbc_dec_tv_template)
2584 .alg = "cbc(des3_ede)",
2585 .test = alg_test_skcipher,
2589 .enc = __VECS(des3_ede_cbc_enc_tv_template),
2590 .dec = __VECS(des3_ede_cbc_dec_tv_template)
2594 .alg = "cbc(serpent)",
2595 .test = alg_test_skcipher,
2598 .enc = __VECS(serpent_cbc_enc_tv_template),
2599 .dec = __VECS(serpent_cbc_dec_tv_template)
2603 .alg = "cbc(twofish)",
2604 .test = alg_test_skcipher,
2607 .enc = __VECS(tf_cbc_enc_tv_template),
2608 .dec = __VECS(tf_cbc_dec_tv_template)
2612 .alg = "cbcmac(aes)",
2614 .test = alg_test_hash,
2616 .hash = __VECS(aes_cbcmac_tv_template)
2620 .test = alg_test_aead,
2624 .enc = __VECS(aes_ccm_enc_tv_template),
2625 .dec = __VECS(aes_ccm_dec_tv_template)
2630 .test = alg_test_skcipher,
2633 .enc = __VECS(chacha20_enc_tv_template),
2634 .dec = __VECS(chacha20_enc_tv_template),
2640 .test = alg_test_hash,
2642 .hash = __VECS(aes_cmac128_tv_template)
2645 .alg = "cmac(des3_ede)",
2647 .test = alg_test_hash,
2649 .hash = __VECS(des3_ede_cmac64_tv_template)
2652 .alg = "compress_null",
2653 .test = alg_test_null,
2656 .test = alg_test_hash,
2658 .hash = __VECS(crc32_tv_template)
2662 .test = alg_test_crc32c,
2665 .hash = __VECS(crc32c_tv_template)
2669 .test = alg_test_hash,
2672 .hash = __VECS(crct10dif_tv_template)
2676 .test = alg_test_skcipher,
2680 .enc = __VECS(aes_ctr_enc_tv_template),
2681 .dec = __VECS(aes_ctr_dec_tv_template)
2685 .alg = "ctr(blowfish)",
2686 .test = alg_test_skcipher,
2689 .enc = __VECS(bf_ctr_enc_tv_template),
2690 .dec = __VECS(bf_ctr_dec_tv_template)
2694 .alg = "ctr(camellia)",
2695 .test = alg_test_skcipher,
2698 .enc = __VECS(camellia_ctr_enc_tv_template),
2699 .dec = __VECS(camellia_ctr_dec_tv_template)
2703 .alg = "ctr(cast5)",
2704 .test = alg_test_skcipher,
2707 .enc = __VECS(cast5_ctr_enc_tv_template),
2708 .dec = __VECS(cast5_ctr_dec_tv_template)
2712 .alg = "ctr(cast6)",
2713 .test = alg_test_skcipher,
2716 .enc = __VECS(cast6_ctr_enc_tv_template),
2717 .dec = __VECS(cast6_ctr_dec_tv_template)
2722 .test = alg_test_skcipher,
2725 .enc = __VECS(des_ctr_enc_tv_template),
2726 .dec = __VECS(des_ctr_dec_tv_template)
2730 .alg = "ctr(des3_ede)",
2731 .test = alg_test_skcipher,
2735 .enc = __VECS(des3_ede_ctr_enc_tv_template),
2736 .dec = __VECS(des3_ede_ctr_dec_tv_template)
2740 .alg = "ctr(serpent)",
2741 .test = alg_test_skcipher,
2744 .enc = __VECS(serpent_ctr_enc_tv_template),
2745 .dec = __VECS(serpent_ctr_dec_tv_template)
2749 .alg = "ctr(twofish)",
2750 .test = alg_test_skcipher,
2753 .enc = __VECS(tf_ctr_enc_tv_template),
2754 .dec = __VECS(tf_ctr_dec_tv_template)
2758 .alg = "cts(cbc(aes))",
2759 .test = alg_test_skcipher,
2762 .enc = __VECS(cts_mode_enc_tv_template),
2763 .dec = __VECS(cts_mode_dec_tv_template)
2768 .test = alg_test_comp,
2772 .comp = __VECS(deflate_comp_tv_template),
2773 .decomp = __VECS(deflate_decomp_tv_template)
2778 .test = alg_test_kpp,
2781 .kpp = __VECS(dh_tv_template)
2784 .alg = "digest_null",
2785 .test = alg_test_null,
2787 .alg = "drbg_nopr_ctr_aes128",
2788 .test = alg_test_drbg,
2791 .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template)
2794 .alg = "drbg_nopr_ctr_aes192",
2795 .test = alg_test_drbg,
2798 .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template)
2801 .alg = "drbg_nopr_ctr_aes256",
2802 .test = alg_test_drbg,
2805 .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template)
2809 * There is no need to specifically test the DRBG with every
2810 * backend cipher -- covered by drbg_nopr_hmac_sha256 test
2812 .alg = "drbg_nopr_hmac_sha1",
2814 .test = alg_test_null,
2816 .alg = "drbg_nopr_hmac_sha256",
2817 .test = alg_test_drbg,
2820 .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template)
2823 /* covered by drbg_nopr_hmac_sha256 test */
2824 .alg = "drbg_nopr_hmac_sha384",
2826 .test = alg_test_null,
2828 .alg = "drbg_nopr_hmac_sha512",
2829 .test = alg_test_null,
2832 .alg = "drbg_nopr_sha1",
2834 .test = alg_test_null,
2836 .alg = "drbg_nopr_sha256",
2837 .test = alg_test_drbg,
2840 .drbg = __VECS(drbg_nopr_sha256_tv_template)
2843 /* covered by drbg_nopr_sha256 test */
2844 .alg = "drbg_nopr_sha384",
2846 .test = alg_test_null,
2848 .alg = "drbg_nopr_sha512",
2850 .test = alg_test_null,
2852 .alg = "drbg_pr_ctr_aes128",
2853 .test = alg_test_drbg,
2856 .drbg = __VECS(drbg_pr_ctr_aes128_tv_template)
2859 /* covered by drbg_pr_ctr_aes128 test */
2860 .alg = "drbg_pr_ctr_aes192",
2862 .test = alg_test_null,
2864 .alg = "drbg_pr_ctr_aes256",
2866 .test = alg_test_null,
2868 .alg = "drbg_pr_hmac_sha1",
2870 .test = alg_test_null,
2872 .alg = "drbg_pr_hmac_sha256",
2873 .test = alg_test_drbg,
2876 .drbg = __VECS(drbg_pr_hmac_sha256_tv_template)
2879 /* covered by drbg_pr_hmac_sha256 test */
2880 .alg = "drbg_pr_hmac_sha384",
2882 .test = alg_test_null,
2884 .alg = "drbg_pr_hmac_sha512",
2885 .test = alg_test_null,
2888 .alg = "drbg_pr_sha1",
2890 .test = alg_test_null,
2892 .alg = "drbg_pr_sha256",
2893 .test = alg_test_drbg,
2896 .drbg = __VECS(drbg_pr_sha256_tv_template)
2899 /* covered by drbg_pr_sha256 test */
2900 .alg = "drbg_pr_sha384",
2902 .test = alg_test_null,
2904 .alg = "drbg_pr_sha512",
2906 .test = alg_test_null,
2909 .test = alg_test_skcipher,
2913 .enc = __VECS(aes_enc_tv_template),
2914 .dec = __VECS(aes_dec_tv_template)
2918 .alg = "ecb(anubis)",
2919 .test = alg_test_skcipher,
2922 .enc = __VECS(anubis_enc_tv_template),
2923 .dec = __VECS(anubis_dec_tv_template)
2928 .test = alg_test_skcipher,
2931 .enc = __VECS(arc4_enc_tv_template),
2932 .dec = __VECS(arc4_dec_tv_template)
2936 .alg = "ecb(blowfish)",
2937 .test = alg_test_skcipher,
2940 .enc = __VECS(bf_enc_tv_template),
2941 .dec = __VECS(bf_dec_tv_template)
2945 .alg = "ecb(camellia)",
2946 .test = alg_test_skcipher,
2949 .enc = __VECS(camellia_enc_tv_template),
2950 .dec = __VECS(camellia_dec_tv_template)
2954 .alg = "ecb(cast5)",
2955 .test = alg_test_skcipher,
2958 .enc = __VECS(cast5_enc_tv_template),
2959 .dec = __VECS(cast5_dec_tv_template)
2963 .alg = "ecb(cast6)",
2964 .test = alg_test_skcipher,
2967 .enc = __VECS(cast6_enc_tv_template),
2968 .dec = __VECS(cast6_dec_tv_template)
2972 .alg = "ecb(cipher_null)",
2973 .test = alg_test_null,
2977 .test = alg_test_skcipher,
2980 .enc = __VECS(des_enc_tv_template),
2981 .dec = __VECS(des_dec_tv_template)
2985 .alg = "ecb(des3_ede)",
2986 .test = alg_test_skcipher,
2990 .enc = __VECS(des3_ede_enc_tv_template),
2991 .dec = __VECS(des3_ede_dec_tv_template)
2995 .alg = "ecb(fcrypt)",
2996 .test = alg_test_skcipher,
3000 .vecs = fcrypt_pcbc_enc_tv_template,
3004 .vecs = fcrypt_pcbc_dec_tv_template,
3010 .alg = "ecb(khazad)",
3011 .test = alg_test_skcipher,
3014 .enc = __VECS(khazad_enc_tv_template),
3015 .dec = __VECS(khazad_dec_tv_template)
3020 .test = alg_test_skcipher,
3023 .enc = __VECS(seed_enc_tv_template),
3024 .dec = __VECS(seed_dec_tv_template)
3028 .alg = "ecb(serpent)",
3029 .test = alg_test_skcipher,
3032 .enc = __VECS(serpent_enc_tv_template),
3033 .dec = __VECS(serpent_dec_tv_template)
3038 .test = alg_test_skcipher,
3041 .enc = __VECS(tea_enc_tv_template),
3042 .dec = __VECS(tea_dec_tv_template)
3046 .alg = "ecb(tnepres)",
3047 .test = alg_test_skcipher,
3050 .enc = __VECS(tnepres_enc_tv_template),
3051 .dec = __VECS(tnepres_dec_tv_template)
3055 .alg = "ecb(twofish)",
3056 .test = alg_test_skcipher,
3059 .enc = __VECS(tf_enc_tv_template),
3060 .dec = __VECS(tf_dec_tv_template)
3065 .test = alg_test_skcipher,
3068 .enc = __VECS(xeta_enc_tv_template),
3069 .dec = __VECS(xeta_dec_tv_template)
3074 .test = alg_test_skcipher,
3077 .enc = __VECS(xtea_enc_tv_template),
3078 .dec = __VECS(xtea_dec_tv_template)
3083 .test = alg_test_kpp,
3086 .kpp = __VECS(ecdh_tv_template)
3090 .test = alg_test_aead,
3094 .enc = __VECS(aes_gcm_enc_tv_template),
3095 .dec = __VECS(aes_gcm_dec_tv_template)
3100 .test = alg_test_hash,
3103 .hash = __VECS(ghash_tv_template)
3106 .alg = "hmac(crc32)",
3107 .test = alg_test_hash,
3109 .hash = __VECS(bfin_crc_tv_template)
3113 .test = alg_test_hash,
3115 .hash = __VECS(hmac_md5_tv_template)
3118 .alg = "hmac(rmd128)",
3119 .test = alg_test_hash,
3121 .hash = __VECS(hmac_rmd128_tv_template)
3124 .alg = "hmac(rmd160)",
3125 .test = alg_test_hash,
3127 .hash = __VECS(hmac_rmd160_tv_template)
3130 .alg = "hmac(sha1)",
3131 .test = alg_test_hash,
3134 .hash = __VECS(hmac_sha1_tv_template)
3137 .alg = "hmac(sha224)",
3138 .test = alg_test_hash,
3141 .hash = __VECS(hmac_sha224_tv_template)
3144 .alg = "hmac(sha256)",
3145 .test = alg_test_hash,
3148 .hash = __VECS(hmac_sha256_tv_template)
3151 .alg = "hmac(sha3-224)",
3152 .test = alg_test_hash,
3155 .hash = __VECS(hmac_sha3_224_tv_template)
3158 .alg = "hmac(sha3-256)",
3159 .test = alg_test_hash,
3162 .hash = __VECS(hmac_sha3_256_tv_template)
3165 .alg = "hmac(sha3-384)",
3166 .test = alg_test_hash,
3169 .hash = __VECS(hmac_sha3_384_tv_template)
3172 .alg = "hmac(sha3-512)",
3173 .test = alg_test_hash,
3176 .hash = __VECS(hmac_sha3_512_tv_template)
3179 .alg = "hmac(sha384)",
3180 .test = alg_test_hash,
3183 .hash = __VECS(hmac_sha384_tv_template)
3186 .alg = "hmac(sha512)",
3187 .test = alg_test_hash,
3190 .hash = __VECS(hmac_sha512_tv_template)
3193 .alg = "jitterentropy_rng",
3195 .test = alg_test_null,
3198 .test = alg_test_skcipher,
3202 .enc = __VECS(aes_kw_enc_tv_template),
3203 .dec = __VECS(aes_kw_dec_tv_template)
3208 .test = alg_test_skcipher,
3211 .enc = __VECS(aes_lrw_enc_tv_template),
3212 .dec = __VECS(aes_lrw_dec_tv_template)
3216 .alg = "lrw(camellia)",
3217 .test = alg_test_skcipher,
3220 .enc = __VECS(camellia_lrw_enc_tv_template),
3221 .dec = __VECS(camellia_lrw_dec_tv_template)
3225 .alg = "lrw(cast6)",
3226 .test = alg_test_skcipher,
3229 .enc = __VECS(cast6_lrw_enc_tv_template),
3230 .dec = __VECS(cast6_lrw_dec_tv_template)
3234 .alg = "lrw(serpent)",
3235 .test = alg_test_skcipher,
3238 .enc = __VECS(serpent_lrw_enc_tv_template),
3239 .dec = __VECS(serpent_lrw_dec_tv_template)
3243 .alg = "lrw(twofish)",
3244 .test = alg_test_skcipher,
3247 .enc = __VECS(tf_lrw_enc_tv_template),
3248 .dec = __VECS(tf_lrw_dec_tv_template)
3253 .test = alg_test_comp,
3257 .comp = __VECS(lz4_comp_tv_template),
3258 .decomp = __VECS(lz4_decomp_tv_template)
3263 .test = alg_test_comp,
3267 .comp = __VECS(lz4hc_comp_tv_template),
3268 .decomp = __VECS(lz4hc_decomp_tv_template)
3273 .test = alg_test_comp,
3277 .comp = __VECS(lzo_comp_tv_template),
3278 .decomp = __VECS(lzo_decomp_tv_template)
3283 .test = alg_test_hash,
3285 .hash = __VECS(md4_tv_template)
3289 .test = alg_test_hash,
3291 .hash = __VECS(md5_tv_template)
3294 .alg = "michael_mic",
3295 .test = alg_test_hash,
3297 .hash = __VECS(michael_mic_tv_template)
3301 .test = alg_test_skcipher,
3305 .enc = __VECS(aes_ofb_enc_tv_template),
3306 .dec = __VECS(aes_ofb_dec_tv_template)
3310 .alg = "pcbc(fcrypt)",
3311 .test = alg_test_skcipher,
3314 .enc = __VECS(fcrypt_pcbc_enc_tv_template),
3315 .dec = __VECS(fcrypt_pcbc_dec_tv_template)
3319 .alg = "pkcs1pad(rsa,sha224)",
3320 .test = alg_test_null,
3323 .alg = "pkcs1pad(rsa,sha256)",
3324 .test = alg_test_akcipher,
3327 .akcipher = __VECS(pkcs1pad_rsa_tv_template)
3330 .alg = "pkcs1pad(rsa,sha384)",
3331 .test = alg_test_null,
3334 .alg = "pkcs1pad(rsa,sha512)",
3335 .test = alg_test_null,
3339 .test = alg_test_hash,
3341 .hash = __VECS(poly1305_tv_template)
3344 .alg = "rfc3686(ctr(aes))",
3345 .test = alg_test_skcipher,
3349 .enc = __VECS(aes_ctr_rfc3686_enc_tv_template),
3350 .dec = __VECS(aes_ctr_rfc3686_dec_tv_template)
3354 .alg = "rfc4106(gcm(aes))",
3355 .test = alg_test_aead,
3359 .enc = __VECS(aes_gcm_rfc4106_enc_tv_template),
3360 .dec = __VECS(aes_gcm_rfc4106_dec_tv_template)
3364 .alg = "rfc4309(ccm(aes))",
3365 .test = alg_test_aead,
3369 .enc = __VECS(aes_ccm_rfc4309_enc_tv_template),
3370 .dec = __VECS(aes_ccm_rfc4309_dec_tv_template)
3374 .alg = "rfc4543(gcm(aes))",
3375 .test = alg_test_aead,
3378 .enc = __VECS(aes_gcm_rfc4543_enc_tv_template),
3379 .dec = __VECS(aes_gcm_rfc4543_dec_tv_template),
3383 .alg = "rfc7539(chacha20,poly1305)",
3384 .test = alg_test_aead,
3387 .enc = __VECS(rfc7539_enc_tv_template),
3388 .dec = __VECS(rfc7539_dec_tv_template),
3392 .alg = "rfc7539esp(chacha20,poly1305)",
3393 .test = alg_test_aead,
3396 .enc = __VECS(rfc7539esp_enc_tv_template),
3397 .dec = __VECS(rfc7539esp_dec_tv_template),
3402 .test = alg_test_hash,
3404 .hash = __VECS(rmd128_tv_template)
3408 .test = alg_test_hash,
3410 .hash = __VECS(rmd160_tv_template)
3414 .test = alg_test_hash,
3416 .hash = __VECS(rmd256_tv_template)
3420 .test = alg_test_hash,
3422 .hash = __VECS(rmd320_tv_template)
3426 .test = alg_test_akcipher,
3429 .akcipher = __VECS(rsa_tv_template)
3433 .test = alg_test_skcipher,
3436 .enc = __VECS(salsa20_stream_enc_tv_template)
3441 .test = alg_test_hash,
3444 .hash = __VECS(sha1_tv_template)
3448 .test = alg_test_hash,
3451 .hash = __VECS(sha224_tv_template)
3455 .test = alg_test_hash,
3458 .hash = __VECS(sha256_tv_template)
3462 .test = alg_test_hash,
3465 .hash = __VECS(sha3_224_tv_template)
3469 .test = alg_test_hash,
3472 .hash = __VECS(sha3_256_tv_template)
3476 .test = alg_test_hash,
3479 .hash = __VECS(sha3_384_tv_template)
3483 .test = alg_test_hash,
3486 .hash = __VECS(sha3_512_tv_template)
3490 .test = alg_test_hash,
3493 .hash = __VECS(sha384_tv_template)
3497 .test = alg_test_hash,
3500 .hash = __VECS(sha512_tv_template)
3504 .test = alg_test_hash,
3506 .hash = __VECS(tgr128_tv_template)
3510 .test = alg_test_hash,
3512 .hash = __VECS(tgr160_tv_template)
3516 .test = alg_test_hash,
3518 .hash = __VECS(tgr192_tv_template)
3522 .test = alg_test_hash,
3524 .hash = __VECS(aes_vmac128_tv_template)
3528 .test = alg_test_hash,
3530 .hash = __VECS(wp256_tv_template)
3534 .test = alg_test_hash,
3536 .hash = __VECS(wp384_tv_template)
3540 .test = alg_test_hash,
3542 .hash = __VECS(wp512_tv_template)
3546 .test = alg_test_hash,
3548 .hash = __VECS(aes_xcbc128_tv_template)
3552 .test = alg_test_skcipher,
3556 .enc = __VECS(aes_xts_enc_tv_template),
3557 .dec = __VECS(aes_xts_dec_tv_template)
3561 .alg = "xts(camellia)",
3562 .test = alg_test_skcipher,
3565 .enc = __VECS(camellia_xts_enc_tv_template),
3566 .dec = __VECS(camellia_xts_dec_tv_template)
3570 .alg = "xts(cast6)",
3571 .test = alg_test_skcipher,
3574 .enc = __VECS(cast6_xts_enc_tv_template),
3575 .dec = __VECS(cast6_xts_dec_tv_template)
3579 .alg = "xts(serpent)",
3580 .test = alg_test_skcipher,
3583 .enc = __VECS(serpent_xts_enc_tv_template),
3584 .dec = __VECS(serpent_xts_dec_tv_template)
3588 .alg = "xts(twofish)",
3589 .test = alg_test_skcipher,
3592 .enc = __VECS(tf_xts_enc_tv_template),
3593 .dec = __VECS(tf_xts_dec_tv_template)
3597 .alg = "zlib-deflate",
3598 .test = alg_test_comp,
3602 .comp = __VECS(zlib_deflate_comp_tv_template),
3603 .decomp = __VECS(zlib_deflate_decomp_tv_template)
3609 static bool alg_test_descs_checked;
3611 static void alg_test_descs_check_order(void)
3615 /* only check once */
3616 if (alg_test_descs_checked)
3619 alg_test_descs_checked = true;
3621 for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) {
3622 int diff = strcmp(alg_test_descs[i - 1].alg,
3623 alg_test_descs[i].alg);
3625 if (WARN_ON(diff > 0)) {
3626 pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n",
3627 alg_test_descs[i - 1].alg,
3628 alg_test_descs[i].alg);
3631 if (WARN_ON(diff == 0)) {
3632 pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n",
3633 alg_test_descs[i].alg);
3638 static int alg_find_test(const char *alg)
3641 int end = ARRAY_SIZE(alg_test_descs);
3643 while (start < end) {
3644 int i = (start + end) / 2;
3645 int diff = strcmp(alg_test_descs[i].alg, alg);
3663 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
3669 if (!fips_enabled && notests) {
3670 printk_once(KERN_INFO "alg: self-tests disabled\n");
3674 alg_test_descs_check_order();
3676 if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
3677 char nalg[CRYPTO_MAX_ALG_NAME];
3679 if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >=
3681 return -ENAMETOOLONG;
3683 i = alg_find_test(nalg);
3687 if (fips_enabled && !alg_test_descs[i].fips_allowed)
3690 rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
3694 i = alg_find_test(alg);
3695 j = alg_find_test(driver);
3699 if (fips_enabled && ((i >= 0 && !alg_test_descs[i].fips_allowed) ||
3700 (j >= 0 && !alg_test_descs[j].fips_allowed)))
3705 rc |= alg_test_descs[i].test(alg_test_descs + i, driver,
3707 if (j >= 0 && j != i)
3708 rc |= alg_test_descs[j].test(alg_test_descs + j, driver,
3712 if (fips_enabled && rc)
3713 panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
3715 if (fips_enabled && !rc)
3716 pr_info("alg: self-tests for %s (%s) passed\n", driver, alg);
3721 printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
3727 #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */
3729 EXPORT_SYMBOL_GPL(alg_test);
projects / karo-tx-linux.git / blob