]>
Commit | Line | Data |
---|---|---|
da7f033d HX |
1 | /* |
2 | * Algorithm testing framework and tests. | |
3 | * | |
4 | * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> | |
5 | * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org> | |
6 | * Copyright (c) 2007 Nokia Siemens Networks | |
7 | * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au> | |
3f47a03d | 8 | * Copyright (c) 2019 Google LLC |
da7f033d | 9 | * |
69435b94 AH |
10 | * Updated RFC4106 AES-GCM testing. |
11 | * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com) | |
12 | * Adrian Hoban <adrian.hoban@intel.com> | |
13 | * Gabriele Paoloni <gabriele.paoloni@intel.com> | |
14 | * Tadeusz Struk (tadeusz.struk@intel.com) | |
15 | * Copyright (c) 2010, Intel Corporation. | |
16 | * | |
da7f033d HX |
17 | * This program is free software; you can redistribute it and/or modify it |
18 | * under the terms of the GNU General Public License as published by the Free | |
19 | * Software Foundation; either version 2 of the License, or (at your option) | |
20 | * any later version. | |
21 | * | |
22 | */ | |
23 | ||
1ce33115 | 24 | #include <crypto/aead.h> |
da7f033d | 25 | #include <crypto/hash.h> |
12773d93 | 26 | #include <crypto/skcipher.h> |
da7f033d | 27 | #include <linux/err.h> |
1c41b882 | 28 | #include <linux/fips.h> |
da7f033d | 29 | #include <linux/module.h> |
3f47a03d | 30 | #include <linux/once.h> |
25f9dddb | 31 | #include <linux/random.h> |
da7f033d HX |
32 | #include <linux/scatterlist.h> |
33 | #include <linux/slab.h> | |
34 | #include <linux/string.h> | |
7647d6ce | 35 | #include <crypto/rng.h> |
64d1cdfb | 36 | #include <crypto/drbg.h> |
946cc463 | 37 | #include <crypto/akcipher.h> |
802c7f1c | 38 | #include <crypto/kpp.h> |
d7db7a88 | 39 | #include <crypto/acompress.h> |
b55e1a39 | 40 | #include <crypto/internal/simd.h> |
da7f033d HX |
41 | |
42 | #include "internal.h" | |
0b767f96 | 43 | |
9e5c9fe4 RJ |
44 | static bool notests; |
45 | module_param(notests, bool, 0644); | |
46 | MODULE_PARM_DESC(notests, "disable crypto self-tests"); | |
47 | ||
5b2706a4 EB |
48 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS |
49 | static bool noextratests; | |
50 | module_param(noextratests, bool, 0644); | |
51 | MODULE_PARM_DESC(noextratests, "disable expensive crypto self-tests"); | |
52 | ||
53 | static unsigned int fuzz_iterations = 100; | |
54 | module_param(fuzz_iterations, uint, 0644); | |
55 | MODULE_PARM_DESC(fuzz_iterations, "number of fuzz test iterations"); | |
b55e1a39 EB |
56 | |
57 | DEFINE_PER_CPU(bool, crypto_simd_disabled_for_test); | |
58 | EXPORT_PER_CPU_SYMBOL_GPL(crypto_simd_disabled_for_test); | |
5b2706a4 EB |
59 | #endif |
60 | ||
326a6346 | 61 | #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS |
0b767f96 AS |
62 | |
63 | /* a perfect nop */ | |
64 | int alg_test(const char *driver, const char *alg, u32 type, u32 mask) | |
65 | { | |
66 | return 0; | |
67 | } | |
68 | ||
69 | #else | |
70 | ||
da7f033d HX |
71 | #include "testmgr.h" |
72 | ||
73 | /* | |
74 | * Need slab memory for testing (size in number of pages). | |
75 | */ | |
76 | #define XBUFSIZE 8 | |
77 | ||
da7f033d HX |
78 | /* |
79 | * Used by test_cipher() | |
80 | */ | |
81 | #define ENCRYPT 1 | |
82 | #define DECRYPT 0 | |
83 | ||
da7f033d | 84 | struct aead_test_suite { |
a0d608ee EB |
85 | const struct aead_testvec *vecs; |
86 | unsigned int count; | |
da7f033d HX |
87 | }; |
88 | ||
89 | struct cipher_test_suite { | |
92a4c9fe EB |
90 | const struct cipher_testvec *vecs; |
91 | unsigned int count; | |
da7f033d HX |
92 | }; |
93 | ||
94 | struct comp_test_suite { | |
95 | struct { | |
b13b1e0c | 96 | const struct comp_testvec *vecs; |
da7f033d HX |
97 | unsigned int count; |
98 | } comp, decomp; | |
99 | }; | |
100 | ||
101 | struct hash_test_suite { | |
b13b1e0c | 102 | const struct hash_testvec *vecs; |
da7f033d HX |
103 | unsigned int count; |
104 | }; | |
105 | ||
7647d6ce | 106 | struct cprng_test_suite { |
b13b1e0c | 107 | const struct cprng_testvec *vecs; |
7647d6ce JW |
108 | unsigned int count; |
109 | }; | |
110 | ||
64d1cdfb | 111 | struct drbg_test_suite { |
b13b1e0c | 112 | const struct drbg_testvec *vecs; |
64d1cdfb SM |
113 | unsigned int count; |
114 | }; | |
115 | ||
946cc463 | 116 | struct akcipher_test_suite { |
b13b1e0c | 117 | const struct akcipher_testvec *vecs; |
946cc463 TS |
118 | unsigned int count; |
119 | }; | |
120 | ||
802c7f1c | 121 | struct kpp_test_suite { |
b13b1e0c | 122 | const struct kpp_testvec *vecs; |
802c7f1c SB |
123 | unsigned int count; |
124 | }; | |
125 | ||
da7f033d HX |
126 | struct alg_test_desc { |
127 | const char *alg; | |
128 | int (*test)(const struct alg_test_desc *desc, const char *driver, | |
129 | u32 type, u32 mask); | |
a1915d51 | 130 | int fips_allowed; /* set if alg is allowed in fips mode */ |
da7f033d HX |
131 | |
132 | union { | |
133 | struct aead_test_suite aead; | |
134 | struct cipher_test_suite cipher; | |
135 | struct comp_test_suite comp; | |
136 | struct hash_test_suite hash; | |
7647d6ce | 137 | struct cprng_test_suite cprng; |
64d1cdfb | 138 | struct drbg_test_suite drbg; |
946cc463 | 139 | struct akcipher_test_suite akcipher; |
802c7f1c | 140 | struct kpp_test_suite kpp; |
da7f033d HX |
141 | } suite; |
142 | }; | |
143 | ||
da7f033d HX |
144 | static void hexdump(unsigned char *buf, unsigned int len) |
145 | { | |
146 | print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET, | |
147 | 16, 1, | |
148 | buf, len, false); | |
149 | } | |
150 | ||
3f47a03d | 151 | static int __testmgr_alloc_buf(char *buf[XBUFSIZE], int order) |
f8b0d4d0 HX |
152 | { |
153 | int i; | |
154 | ||
155 | for (i = 0; i < XBUFSIZE; i++) { | |
3f47a03d | 156 | buf[i] = (char *)__get_free_pages(GFP_KERNEL, order); |
f8b0d4d0 HX |
157 | if (!buf[i]) |
158 | goto err_free_buf; | |
159 | } | |
160 | ||
161 | return 0; | |
162 | ||
163 | err_free_buf: | |
164 | while (i-- > 0) | |
3f47a03d | 165 | free_pages((unsigned long)buf[i], order); |
f8b0d4d0 HX |
166 | |
167 | return -ENOMEM; | |
168 | } | |
169 | ||
3f47a03d EB |
170 | static int testmgr_alloc_buf(char *buf[XBUFSIZE]) |
171 | { | |
172 | return __testmgr_alloc_buf(buf, 0); | |
173 | } | |
174 | ||
175 | static void __testmgr_free_buf(char *buf[XBUFSIZE], int order) | |
f8b0d4d0 HX |
176 | { |
177 | int i; | |
178 | ||
179 | for (i = 0; i < XBUFSIZE; i++) | |
3f47a03d EB |
180 | free_pages((unsigned long)buf[i], order); |
181 | } | |
182 | ||
183 | static void testmgr_free_buf(char *buf[XBUFSIZE]) | |
184 | { | |
185 | __testmgr_free_buf(buf, 0); | |
186 | } | |
187 | ||
188 | #define TESTMGR_POISON_BYTE 0xfe | |
189 | #define TESTMGR_POISON_LEN 16 | |
190 | ||
191 | static inline void testmgr_poison(void *addr, size_t len) | |
192 | { | |
193 | memset(addr, TESTMGR_POISON_BYTE, len); | |
194 | } | |
195 | ||
196 | /* Is the memory region still fully poisoned? */ | |
197 | static inline bool testmgr_is_poison(const void *addr, size_t len) | |
198 | { | |
199 | return memchr_inv(addr, TESTMGR_POISON_BYTE, len) == NULL; | |
200 | } | |
201 | ||
202 | /* flush type for hash algorithms */ | |
203 | enum flush_type { | |
204 | /* merge with update of previous buffer(s) */ | |
205 | FLUSH_TYPE_NONE = 0, | |
206 | ||
207 | /* update with previous buffer(s) before doing this one */ | |
208 | FLUSH_TYPE_FLUSH, | |
209 | ||
210 | /* likewise, but also export and re-import the intermediate state */ | |
211 | FLUSH_TYPE_REIMPORT, | |
212 | }; | |
213 | ||
214 | /* finalization function for hash algorithms */ | |
215 | enum finalization_type { | |
216 | FINALIZATION_TYPE_FINAL, /* use final() */ | |
217 | FINALIZATION_TYPE_FINUP, /* use finup() */ | |
218 | FINALIZATION_TYPE_DIGEST, /* use digest() */ | |
219 | }; | |
220 | ||
221 | #define TEST_SG_TOTAL 10000 | |
222 | ||
223 | /** | |
224 | * struct test_sg_division - description of a scatterlist entry | |
225 | * | |
226 | * This struct describes one entry of a scatterlist being constructed to check a | |
227 | * crypto test vector. | |
228 | * | |
229 | * @proportion_of_total: length of this chunk relative to the total length, | |
230 | * given as a proportion out of TEST_SG_TOTAL so that it | |
231 | * scales to fit any test vector | |
232 | * @offset: byte offset into a 2-page buffer at which this chunk will start | |
233 | * @offset_relative_to_alignmask: if true, add the algorithm's alignmask to the | |
234 | * @offset | |
235 | * @flush_type: for hashes, whether an update() should be done now vs. | |
236 | * continuing to accumulate data | |
6570737c | 237 | * @nosimd: if doing the pending update(), do it with SIMD disabled? |
3f47a03d EB |
238 | */ |
239 | struct test_sg_division { | |
240 | unsigned int proportion_of_total; | |
241 | unsigned int offset; | |
242 | bool offset_relative_to_alignmask; | |
243 | enum flush_type flush_type; | |
6570737c | 244 | bool nosimd; |
3f47a03d EB |
245 | }; |
246 | ||
247 | /** | |
248 | * struct testvec_config - configuration for testing a crypto test vector | |
249 | * | |
250 | * This struct describes the data layout and other parameters with which each | |
251 | * crypto test vector can be tested. | |
252 | * | |
253 | * @name: name of this config, logged for debugging purposes if a test fails | |
254 | * @inplace: operate on the data in-place, if applicable for the algorithm type? | |
255 | * @req_flags: extra request_flags, e.g. CRYPTO_TFM_REQ_MAY_SLEEP | |
256 | * @src_divs: description of how to arrange the source scatterlist | |
257 | * @dst_divs: description of how to arrange the dst scatterlist, if applicable | |
258 | * for the algorithm type. Defaults to @src_divs if unset. | |
259 | * @iv_offset: misalignment of the IV in the range [0..MAX_ALGAPI_ALIGNMASK+1], | |
260 | * where 0 is aligned to a 2*(MAX_ALGAPI_ALIGNMASK+1) byte boundary | |
261 | * @iv_offset_relative_to_alignmask: if true, add the algorithm's alignmask to | |
262 | * the @iv_offset | |
263 | * @finalization_type: what finalization function to use for hashes | |
6570737c | 264 | * @nosimd: execute with SIMD disabled? Requires !CRYPTO_TFM_REQ_MAY_SLEEP. |
3f47a03d EB |
265 | */ |
266 | struct testvec_config { | |
267 | const char *name; | |
268 | bool inplace; | |
269 | u32 req_flags; | |
270 | struct test_sg_division src_divs[XBUFSIZE]; | |
271 | struct test_sg_division dst_divs[XBUFSIZE]; | |
272 | unsigned int iv_offset; | |
273 | bool iv_offset_relative_to_alignmask; | |
274 | enum finalization_type finalization_type; | |
6570737c | 275 | bool nosimd; |
3f47a03d EB |
276 | }; |
277 | ||
278 | #define TESTVEC_CONFIG_NAMELEN 192 | |
279 | ||
4e7babba EB |
280 | /* |
281 | * The following are the lists of testvec_configs to test for each algorithm | |
282 | * type when the basic crypto self-tests are enabled, i.e. when | |
283 | * CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is unset. They aim to provide good test | |
284 | * coverage, while keeping the test time much shorter than the full fuzz tests | |
285 | * so that the basic tests can be enabled in a wider range of circumstances. | |
286 | */ | |
287 | ||
288 | /* Configs for skciphers and aeads */ | |
289 | static const struct testvec_config default_cipher_testvec_configs[] = { | |
290 | { | |
291 | .name = "in-place", | |
292 | .inplace = true, | |
293 | .src_divs = { { .proportion_of_total = 10000 } }, | |
294 | }, { | |
295 | .name = "out-of-place", | |
296 | .src_divs = { { .proportion_of_total = 10000 } }, | |
297 | }, { | |
298 | .name = "unaligned buffer, offset=1", | |
299 | .src_divs = { { .proportion_of_total = 10000, .offset = 1 } }, | |
300 | .iv_offset = 1, | |
301 | }, { | |
302 | .name = "buffer aligned only to alignmask", | |
303 | .src_divs = { | |
304 | { | |
305 | .proportion_of_total = 10000, | |
306 | .offset = 1, | |
307 | .offset_relative_to_alignmask = true, | |
308 | }, | |
309 | }, | |
310 | .iv_offset = 1, | |
311 | .iv_offset_relative_to_alignmask = true, | |
312 | }, { | |
313 | .name = "two even aligned splits", | |
314 | .src_divs = { | |
315 | { .proportion_of_total = 5000 }, | |
316 | { .proportion_of_total = 5000 }, | |
317 | }, | |
318 | }, { | |
319 | .name = "uneven misaligned splits, may sleep", | |
320 | .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP, | |
321 | .src_divs = { | |
322 | { .proportion_of_total = 1900, .offset = 33 }, | |
323 | { .proportion_of_total = 3300, .offset = 7 }, | |
324 | { .proportion_of_total = 4800, .offset = 18 }, | |
325 | }, | |
326 | .iv_offset = 3, | |
327 | }, { | |
328 | .name = "misaligned splits crossing pages, inplace", | |
329 | .inplace = true, | |
330 | .src_divs = { | |
331 | { | |
332 | .proportion_of_total = 7500, | |
333 | .offset = PAGE_SIZE - 32 | |
334 | }, { | |
335 | .proportion_of_total = 2500, | |
336 | .offset = PAGE_SIZE - 7 | |
337 | }, | |
338 | }, | |
339 | } | |
340 | }; | |
341 | ||
4cc2dcf9 EB |
342 | static const struct testvec_config default_hash_testvec_configs[] = { |
343 | { | |
344 | .name = "init+update+final aligned buffer", | |
345 | .src_divs = { { .proportion_of_total = 10000 } }, | |
346 | .finalization_type = FINALIZATION_TYPE_FINAL, | |
347 | }, { | |
348 | .name = "init+finup aligned buffer", | |
349 | .src_divs = { { .proportion_of_total = 10000 } }, | |
350 | .finalization_type = FINALIZATION_TYPE_FINUP, | |
351 | }, { | |
352 | .name = "digest aligned buffer", | |
353 | .src_divs = { { .proportion_of_total = 10000 } }, | |
354 | .finalization_type = FINALIZATION_TYPE_DIGEST, | |
355 | }, { | |
356 | .name = "init+update+final misaligned buffer", | |
357 | .src_divs = { { .proportion_of_total = 10000, .offset = 1 } }, | |
358 | .finalization_type = FINALIZATION_TYPE_FINAL, | |
359 | }, { | |
360 | .name = "digest buffer aligned only to alignmask", | |
361 | .src_divs = { | |
362 | { | |
363 | .proportion_of_total = 10000, | |
364 | .offset = 1, | |
365 | .offset_relative_to_alignmask = true, | |
366 | }, | |
367 | }, | |
368 | .finalization_type = FINALIZATION_TYPE_DIGEST, | |
369 | }, { | |
370 | .name = "init+update+update+final two even splits", | |
371 | .src_divs = { | |
372 | { .proportion_of_total = 5000 }, | |
373 | { | |
374 | .proportion_of_total = 5000, | |
375 | .flush_type = FLUSH_TYPE_FLUSH, | |
376 | }, | |
377 | }, | |
378 | .finalization_type = FINALIZATION_TYPE_FINAL, | |
379 | }, { | |
380 | .name = "digest uneven misaligned splits, may sleep", | |
381 | .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP, | |
382 | .src_divs = { | |
383 | { .proportion_of_total = 1900, .offset = 33 }, | |
384 | { .proportion_of_total = 3300, .offset = 7 }, | |
385 | { .proportion_of_total = 4800, .offset = 18 }, | |
386 | }, | |
387 | .finalization_type = FINALIZATION_TYPE_DIGEST, | |
388 | }, { | |
389 | .name = "digest misaligned splits crossing pages", | |
390 | .src_divs = { | |
391 | { | |
392 | .proportion_of_total = 7500, | |
393 | .offset = PAGE_SIZE - 32, | |
394 | }, { | |
395 | .proportion_of_total = 2500, | |
396 | .offset = PAGE_SIZE - 7, | |
397 | }, | |
398 | }, | |
399 | .finalization_type = FINALIZATION_TYPE_DIGEST, | |
400 | }, { | |
401 | .name = "import/export", | |
402 | .src_divs = { | |
403 | { | |
404 | .proportion_of_total = 6500, | |
405 | .flush_type = FLUSH_TYPE_REIMPORT, | |
406 | }, { | |
407 | .proportion_of_total = 3500, | |
408 | .flush_type = FLUSH_TYPE_REIMPORT, | |
409 | }, | |
410 | }, | |
411 | .finalization_type = FINALIZATION_TYPE_FINAL, | |
412 | } | |
413 | }; | |
414 | ||
3f47a03d EB |
415 | static unsigned int count_test_sg_divisions(const struct test_sg_division *divs) |
416 | { | |
417 | unsigned int remaining = TEST_SG_TOTAL; | |
418 | unsigned int ndivs = 0; | |
419 | ||
420 | do { | |
421 | remaining -= divs[ndivs++].proportion_of_total; | |
422 | } while (remaining); | |
423 | ||
424 | return ndivs; | |
425 | } | |
426 | ||
6570737c EB |
427 | #define SGDIVS_HAVE_FLUSHES BIT(0) |
428 | #define SGDIVS_HAVE_NOSIMD BIT(1) | |
429 | ||
3f47a03d | 430 | static bool valid_sg_divisions(const struct test_sg_division *divs, |
6570737c | 431 | unsigned int count, int *flags_ret) |
3f47a03d EB |
432 | { |
433 | unsigned int total = 0; | |
434 | unsigned int i; | |
435 | ||
436 | for (i = 0; i < count && total != TEST_SG_TOTAL; i++) { | |
437 | if (divs[i].proportion_of_total <= 0 || | |
438 | divs[i].proportion_of_total > TEST_SG_TOTAL - total) | |
439 | return false; | |
440 | total += divs[i].proportion_of_total; | |
441 | if (divs[i].flush_type != FLUSH_TYPE_NONE) | |
6570737c EB |
442 | *flags_ret |= SGDIVS_HAVE_FLUSHES; |
443 | if (divs[i].nosimd) | |
444 | *flags_ret |= SGDIVS_HAVE_NOSIMD; | |
3f47a03d EB |
445 | } |
446 | return total == TEST_SG_TOTAL && | |
447 | memchr_inv(&divs[i], 0, (count - i) * sizeof(divs[0])) == NULL; | |
448 | } | |
449 | ||
450 | /* | |
451 | * Check whether the given testvec_config is valid. This isn't strictly needed | |
452 | * since every testvec_config should be valid, but check anyway so that people | |
453 | * don't unknowingly add broken configs that don't do what they wanted. | |
454 | */ | |
455 | static bool valid_testvec_config(const struct testvec_config *cfg) | |
456 | { | |
6570737c | 457 | int flags = 0; |
3f47a03d EB |
458 | |
459 | if (cfg->name == NULL) | |
460 | return false; | |
461 | ||
462 | if (!valid_sg_divisions(cfg->src_divs, ARRAY_SIZE(cfg->src_divs), | |
6570737c | 463 | &flags)) |
3f47a03d EB |
464 | return false; |
465 | ||
466 | if (cfg->dst_divs[0].proportion_of_total) { | |
467 | if (!valid_sg_divisions(cfg->dst_divs, | |
6570737c | 468 | ARRAY_SIZE(cfg->dst_divs), &flags)) |
3f47a03d EB |
469 | return false; |
470 | } else { | |
471 | if (memchr_inv(cfg->dst_divs, 0, sizeof(cfg->dst_divs))) | |
472 | return false; | |
473 | /* defaults to dst_divs=src_divs */ | |
474 | } | |
475 | ||
476 | if (cfg->iv_offset + | |
477 | (cfg->iv_offset_relative_to_alignmask ? MAX_ALGAPI_ALIGNMASK : 0) > | |
478 | MAX_ALGAPI_ALIGNMASK + 1) | |
479 | return false; | |
480 | ||
6570737c EB |
481 | if ((flags & (SGDIVS_HAVE_FLUSHES | SGDIVS_HAVE_NOSIMD)) && |
482 | cfg->finalization_type == FINALIZATION_TYPE_DIGEST) | |
483 | return false; | |
484 | ||
485 | if ((cfg->nosimd || (flags & SGDIVS_HAVE_NOSIMD)) && | |
486 | (cfg->req_flags & CRYPTO_TFM_REQ_MAY_SLEEP)) | |
3f47a03d EB |
487 | return false; |
488 | ||
489 | return true; | |
490 | } | |
491 | ||
492 | struct test_sglist { | |
493 | char *bufs[XBUFSIZE]; | |
494 | struct scatterlist sgl[XBUFSIZE]; | |
495 | struct scatterlist sgl_saved[XBUFSIZE]; | |
496 | struct scatterlist *sgl_ptr; | |
497 | unsigned int nents; | |
498 | }; | |
499 | ||
500 | static int init_test_sglist(struct test_sglist *tsgl) | |
501 | { | |
502 | return __testmgr_alloc_buf(tsgl->bufs, 1 /* two pages per buffer */); | |
503 | } | |
504 | ||
505 | static void destroy_test_sglist(struct test_sglist *tsgl) | |
506 | { | |
507 | return __testmgr_free_buf(tsgl->bufs, 1 /* two pages per buffer */); | |
508 | } | |
509 | ||
510 | /** | |
511 | * build_test_sglist() - build a scatterlist for a crypto test | |
512 | * | |
513 | * @tsgl: the scatterlist to build. @tsgl->bufs[] contains an array of 2-page | |
514 | * buffers which the scatterlist @tsgl->sgl[] will be made to point into. | |
515 | * @divs: the layout specification on which the scatterlist will be based | |
516 | * @alignmask: the algorithm's alignmask | |
517 | * @total_len: the total length of the scatterlist to build in bytes | |
518 | * @data: if non-NULL, the buffers will be filled with this data until it ends. | |
519 | * Otherwise the buffers will be poisoned. In both cases, some bytes | |
520 | * past the end of each buffer will be poisoned to help detect overruns. | |
521 | * @out_divs: if non-NULL, the test_sg_division to which each scatterlist entry | |
522 | * corresponds will be returned here. This will match @divs except | |
523 | * that divisions resolving to a length of 0 are omitted as they are | |
524 | * not included in the scatterlist. | |
525 | * | |
526 | * Return: 0 or a -errno value | |
527 | */ | |
528 | static int build_test_sglist(struct test_sglist *tsgl, | |
529 | const struct test_sg_division *divs, | |
530 | const unsigned int alignmask, | |
531 | const unsigned int total_len, | |
532 | struct iov_iter *data, | |
533 | const struct test_sg_division *out_divs[XBUFSIZE]) | |
534 | { | |
535 | struct { | |
536 | const struct test_sg_division *div; | |
537 | size_t length; | |
538 | } partitions[XBUFSIZE]; | |
539 | const unsigned int ndivs = count_test_sg_divisions(divs); | |
540 | unsigned int len_remaining = total_len; | |
541 | unsigned int i; | |
542 | ||
543 | BUILD_BUG_ON(ARRAY_SIZE(partitions) != ARRAY_SIZE(tsgl->sgl)); | |
544 | if (WARN_ON(ndivs > ARRAY_SIZE(partitions))) | |
545 | return -EINVAL; | |
546 | ||
547 | /* Calculate the (div, length) pairs */ | |
548 | tsgl->nents = 0; | |
549 | for (i = 0; i < ndivs; i++) { | |
550 | unsigned int len_this_sg = | |
551 | min(len_remaining, | |
552 | (total_len * divs[i].proportion_of_total + | |
553 | TEST_SG_TOTAL / 2) / TEST_SG_TOTAL); | |
554 | ||
555 | if (len_this_sg != 0) { | |
556 | partitions[tsgl->nents].div = &divs[i]; | |
557 | partitions[tsgl->nents].length = len_this_sg; | |
558 | tsgl->nents++; | |
559 | len_remaining -= len_this_sg; | |
560 | } | |
561 | } | |
562 | if (tsgl->nents == 0) { | |
563 | partitions[tsgl->nents].div = &divs[0]; | |
564 | partitions[tsgl->nents].length = 0; | |
565 | tsgl->nents++; | |
566 | } | |
567 | partitions[tsgl->nents - 1].length += len_remaining; | |
568 | ||
569 | /* Set up the sgl entries and fill the data or poison */ | |
570 | sg_init_table(tsgl->sgl, tsgl->nents); | |
571 | for (i = 0; i < tsgl->nents; i++) { | |
572 | unsigned int offset = partitions[i].div->offset; | |
573 | void *addr; | |
574 | ||
575 | if (partitions[i].div->offset_relative_to_alignmask) | |
576 | offset += alignmask; | |
577 | ||
578 | while (offset + partitions[i].length + TESTMGR_POISON_LEN > | |
579 | 2 * PAGE_SIZE) { | |
580 | if (WARN_ON(offset <= 0)) | |
581 | return -EINVAL; | |
582 | offset /= 2; | |
583 | } | |
584 | ||
585 | addr = &tsgl->bufs[i][offset]; | |
586 | sg_set_buf(&tsgl->sgl[i], addr, partitions[i].length); | |
587 | ||
588 | if (out_divs) | |
589 | out_divs[i] = partitions[i].div; | |
590 | ||
591 | if (data) { | |
592 | size_t copy_len, copied; | |
593 | ||
594 | copy_len = min(partitions[i].length, data->count); | |
595 | copied = copy_from_iter(addr, copy_len, data); | |
596 | if (WARN_ON(copied != copy_len)) | |
597 | return -EINVAL; | |
598 | testmgr_poison(addr + copy_len, partitions[i].length + | |
599 | TESTMGR_POISON_LEN - copy_len); | |
600 | } else { | |
601 | testmgr_poison(addr, partitions[i].length + | |
602 | TESTMGR_POISON_LEN); | |
603 | } | |
604 | } | |
605 | ||
606 | sg_mark_end(&tsgl->sgl[tsgl->nents - 1]); | |
607 | tsgl->sgl_ptr = tsgl->sgl; | |
608 | memcpy(tsgl->sgl_saved, tsgl->sgl, tsgl->nents * sizeof(tsgl->sgl[0])); | |
609 | return 0; | |
610 | } | |
611 | ||
612 | /* | |
613 | * Verify that a scatterlist crypto operation produced the correct output. | |
614 | * | |
615 | * @tsgl: scatterlist containing the actual output | |
616 | * @expected_output: buffer containing the expected output | |
617 | * @len_to_check: length of @expected_output in bytes | |
618 | * @unchecked_prefix_len: number of ignored bytes in @tsgl prior to real result | |
619 | * @check_poison: verify that the poison bytes after each chunk are intact? | |
620 | * | |
621 | * Return: 0 if correct, -EINVAL if incorrect, -EOVERFLOW if buffer overrun. | |
622 | */ | |
623 | static int verify_correct_output(const struct test_sglist *tsgl, | |
624 | const char *expected_output, | |
625 | unsigned int len_to_check, | |
626 | unsigned int unchecked_prefix_len, | |
627 | bool check_poison) | |
628 | { | |
629 | unsigned int i; | |
630 | ||
631 | for (i = 0; i < tsgl->nents; i++) { | |
632 | struct scatterlist *sg = &tsgl->sgl_ptr[i]; | |
633 | unsigned int len = sg->length; | |
634 | unsigned int offset = sg->offset; | |
635 | const char *actual_output; | |
636 | ||
637 | if (unchecked_prefix_len) { | |
638 | if (unchecked_prefix_len >= len) { | |
639 | unchecked_prefix_len -= len; | |
640 | continue; | |
641 | } | |
642 | offset += unchecked_prefix_len; | |
643 | len -= unchecked_prefix_len; | |
644 | unchecked_prefix_len = 0; | |
645 | } | |
646 | len = min(len, len_to_check); | |
647 | actual_output = page_address(sg_page(sg)) + offset; | |
648 | if (memcmp(expected_output, actual_output, len) != 0) | |
649 | return -EINVAL; | |
650 | if (check_poison && | |
651 | !testmgr_is_poison(actual_output + len, TESTMGR_POISON_LEN)) | |
652 | return -EOVERFLOW; | |
653 | len_to_check -= len; | |
654 | expected_output += len; | |
655 | } | |
656 | if (WARN_ON(len_to_check != 0)) | |
657 | return -EINVAL; | |
658 | return 0; | |
659 | } | |
660 | ||
661 | static bool is_test_sglist_corrupted(const struct test_sglist *tsgl) | |
662 | { | |
663 | unsigned int i; | |
664 | ||
665 | for (i = 0; i < tsgl->nents; i++) { | |
666 | if (tsgl->sgl[i].page_link != tsgl->sgl_saved[i].page_link) | |
667 | return true; | |
668 | if (tsgl->sgl[i].offset != tsgl->sgl_saved[i].offset) | |
669 | return true; | |
670 | if (tsgl->sgl[i].length != tsgl->sgl_saved[i].length) | |
671 | return true; | |
672 | } | |
673 | return false; | |
674 | } | |
675 | ||
676 | struct cipher_test_sglists { | |
677 | struct test_sglist src; | |
678 | struct test_sglist dst; | |
679 | }; | |
680 | ||
681 | static struct cipher_test_sglists *alloc_cipher_test_sglists(void) | |
682 | { | |
683 | struct cipher_test_sglists *tsgls; | |
684 | ||
685 | tsgls = kmalloc(sizeof(*tsgls), GFP_KERNEL); | |
686 | if (!tsgls) | |
687 | return NULL; | |
688 | ||
689 | if (init_test_sglist(&tsgls->src) != 0) | |
690 | goto fail_kfree; | |
691 | if (init_test_sglist(&tsgls->dst) != 0) | |
692 | goto fail_destroy_src; | |
693 | ||
694 | return tsgls; | |
695 | ||
696 | fail_destroy_src: | |
697 | destroy_test_sglist(&tsgls->src); | |
698 | fail_kfree: | |
699 | kfree(tsgls); | |
700 | return NULL; | |
701 | } | |
702 | ||
703 | static void free_cipher_test_sglists(struct cipher_test_sglists *tsgls) | |
704 | { | |
705 | if (tsgls) { | |
706 | destroy_test_sglist(&tsgls->src); | |
707 | destroy_test_sglist(&tsgls->dst); | |
708 | kfree(tsgls); | |
709 | } | |
710 | } | |
711 | ||
712 | /* Build the src and dst scatterlists for an skcipher or AEAD test */ | |
713 | static int build_cipher_test_sglists(struct cipher_test_sglists *tsgls, | |
714 | const struct testvec_config *cfg, | |
715 | unsigned int alignmask, | |
716 | unsigned int src_total_len, | |
717 | unsigned int dst_total_len, | |
718 | const struct kvec *inputs, | |
719 | unsigned int nr_inputs) | |
720 | { | |
721 | struct iov_iter input; | |
722 | int err; | |
723 | ||
724 | iov_iter_kvec(&input, WRITE, inputs, nr_inputs, src_total_len); | |
725 | err = build_test_sglist(&tsgls->src, cfg->src_divs, alignmask, | |
726 | cfg->inplace ? | |
727 | max(dst_total_len, src_total_len) : | |
728 | src_total_len, | |
729 | &input, NULL); | |
730 | if (err) | |
731 | return err; | |
732 | ||
733 | if (cfg->inplace) { | |
734 | tsgls->dst.sgl_ptr = tsgls->src.sgl; | |
735 | tsgls->dst.nents = tsgls->src.nents; | |
736 | return 0; | |
737 | } | |
738 | return build_test_sglist(&tsgls->dst, | |
739 | cfg->dst_divs[0].proportion_of_total ? | |
740 | cfg->dst_divs : cfg->src_divs, | |
741 | alignmask, dst_total_len, NULL, NULL); | |
f8b0d4d0 HX |
742 | } |
743 | ||
25f9dddb EB |
744 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS |
745 | static char *generate_random_sgl_divisions(struct test_sg_division *divs, | |
746 | size_t max_divs, char *p, char *end, | |
6570737c | 747 | bool gen_flushes, u32 req_flags) |
25f9dddb EB |
748 | { |
749 | struct test_sg_division *div = divs; | |
750 | unsigned int remaining = TEST_SG_TOTAL; | |
751 | ||
752 | do { | |
753 | unsigned int this_len; | |
6570737c | 754 | const char *flushtype_str; |
25f9dddb EB |
755 | |
756 | if (div == &divs[max_divs - 1] || prandom_u32() % 2 == 0) | |
757 | this_len = remaining; | |
758 | else | |
759 | this_len = 1 + (prandom_u32() % remaining); | |
760 | div->proportion_of_total = this_len; | |
761 | ||
762 | if (prandom_u32() % 4 == 0) | |
763 | div->offset = (PAGE_SIZE - 128) + (prandom_u32() % 128); | |
764 | else if (prandom_u32() % 2 == 0) | |
765 | div->offset = prandom_u32() % 32; | |
766 | else | |
767 | div->offset = prandom_u32() % PAGE_SIZE; | |
768 | if (prandom_u32() % 8 == 0) | |
769 | div->offset_relative_to_alignmask = true; | |
770 | ||
771 | div->flush_type = FLUSH_TYPE_NONE; | |
772 | if (gen_flushes) { | |
773 | switch (prandom_u32() % 4) { | |
774 | case 0: | |
775 | div->flush_type = FLUSH_TYPE_REIMPORT; | |
776 | break; | |
777 | case 1: | |
778 | div->flush_type = FLUSH_TYPE_FLUSH; | |
779 | break; | |
780 | } | |
781 | } | |
782 | ||
6570737c EB |
783 | if (div->flush_type != FLUSH_TYPE_NONE && |
784 | !(req_flags & CRYPTO_TFM_REQ_MAY_SLEEP) && | |
785 | prandom_u32() % 2 == 0) | |
786 | div->nosimd = true; | |
787 | ||
788 | switch (div->flush_type) { | |
789 | case FLUSH_TYPE_FLUSH: | |
790 | if (div->nosimd) | |
791 | flushtype_str = "<flush,nosimd>"; | |
792 | else | |
793 | flushtype_str = "<flush>"; | |
794 | break; | |
795 | case FLUSH_TYPE_REIMPORT: | |
796 | if (div->nosimd) | |
797 | flushtype_str = "<reimport,nosimd>"; | |
798 | else | |
799 | flushtype_str = "<reimport>"; | |
800 | break; | |
801 | default: | |
802 | flushtype_str = ""; | |
803 | break; | |
804 | } | |
805 | ||
25f9dddb | 806 | BUILD_BUG_ON(TEST_SG_TOTAL != 10000); /* for "%u.%u%%" */ |
6570737c | 807 | p += scnprintf(p, end - p, "%s%u.%u%%@%s+%u%s", flushtype_str, |
25f9dddb EB |
808 | this_len / 100, this_len % 100, |
809 | div->offset_relative_to_alignmask ? | |
810 | "alignmask" : "", | |
811 | div->offset, this_len == remaining ? "" : ", "); | |
812 | remaining -= this_len; | |
813 | div++; | |
814 | } while (remaining); | |
815 | ||
816 | return p; | |
817 | } | |
818 | ||
819 | /* Generate a random testvec_config for fuzz testing */ | |
820 | static void generate_random_testvec_config(struct testvec_config *cfg, | |
821 | char *name, size_t max_namelen) | |
822 | { | |
823 | char *p = name; | |
824 | char * const end = name + max_namelen; | |
825 | ||
826 | memset(cfg, 0, sizeof(*cfg)); | |
827 | ||
828 | cfg->name = name; | |
829 | ||
830 | p += scnprintf(p, end - p, "random:"); | |
831 | ||
832 | if (prandom_u32() % 2 == 0) { | |
833 | cfg->inplace = true; | |
834 | p += scnprintf(p, end - p, " inplace"); | |
835 | } | |
836 | ||
837 | if (prandom_u32() % 2 == 0) { | |
838 | cfg->req_flags |= CRYPTO_TFM_REQ_MAY_SLEEP; | |
839 | p += scnprintf(p, end - p, " may_sleep"); | |
840 | } | |
841 | ||
842 | switch (prandom_u32() % 4) { | |
843 | case 0: | |
844 | cfg->finalization_type = FINALIZATION_TYPE_FINAL; | |
845 | p += scnprintf(p, end - p, " use_final"); | |
846 | break; | |
847 | case 1: | |
848 | cfg->finalization_type = FINALIZATION_TYPE_FINUP; | |
849 | p += scnprintf(p, end - p, " use_finup"); | |
850 | break; | |
851 | default: | |
852 | cfg->finalization_type = FINALIZATION_TYPE_DIGEST; | |
853 | p += scnprintf(p, end - p, " use_digest"); | |
854 | break; | |
855 | } | |
856 | ||
6570737c EB |
857 | if (!(cfg->req_flags & CRYPTO_TFM_REQ_MAY_SLEEP) && |
858 | prandom_u32() % 2 == 0) { | |
859 | cfg->nosimd = true; | |
860 | p += scnprintf(p, end - p, " nosimd"); | |
861 | } | |
862 | ||
25f9dddb EB |
863 | p += scnprintf(p, end - p, " src_divs=["); |
864 | p = generate_random_sgl_divisions(cfg->src_divs, | |
865 | ARRAY_SIZE(cfg->src_divs), p, end, | |
866 | (cfg->finalization_type != | |
6570737c EB |
867 | FINALIZATION_TYPE_DIGEST), |
868 | cfg->req_flags); | |
25f9dddb EB |
869 | p += scnprintf(p, end - p, "]"); |
870 | ||
871 | if (!cfg->inplace && prandom_u32() % 2 == 0) { | |
872 | p += scnprintf(p, end - p, " dst_divs=["); | |
873 | p = generate_random_sgl_divisions(cfg->dst_divs, | |
874 | ARRAY_SIZE(cfg->dst_divs), | |
6570737c EB |
875 | p, end, false, |
876 | cfg->req_flags); | |
25f9dddb EB |
877 | p += scnprintf(p, end - p, "]"); |
878 | } | |
879 | ||
880 | if (prandom_u32() % 2 == 0) { | |
881 | cfg->iv_offset = 1 + (prandom_u32() % MAX_ALGAPI_ALIGNMASK); | |
882 | p += scnprintf(p, end - p, " iv_offset=%u", cfg->iv_offset); | |
883 | } | |
884 | ||
885 | WARN_ON_ONCE(!valid_testvec_config(cfg)); | |
886 | } | |
b55e1a39 EB |
887 | |
888 | static void crypto_disable_simd_for_test(void) | |
889 | { | |
890 | preempt_disable(); | |
891 | __this_cpu_write(crypto_simd_disabled_for_test, true); | |
892 | } | |
893 | ||
894 | static void crypto_reenable_simd_for_test(void) | |
895 | { | |
896 | __this_cpu_write(crypto_simd_disabled_for_test, false); | |
897 | preempt_enable(); | |
898 | } | |
899 | #else /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */ | |
900 | static void crypto_disable_simd_for_test(void) | |
901 | { | |
902 | } | |
903 | ||
904 | static void crypto_reenable_simd_for_test(void) | |
905 | { | |
906 | } | |
907 | #endif /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */ | |
25f9dddb | 908 | |
6570737c EB |
909 | static int do_ahash_op(int (*op)(struct ahash_request *req), |
910 | struct ahash_request *req, | |
911 | struct crypto_wait *wait, bool nosimd) | |
912 | { | |
913 | int err; | |
914 | ||
915 | if (nosimd) | |
916 | crypto_disable_simd_for_test(); | |
917 | ||
918 | err = op(req); | |
919 | ||
920 | if (nosimd) | |
921 | crypto_reenable_simd_for_test(); | |
922 | ||
923 | return crypto_wait_req(err, wait); | |
924 | } | |
925 | ||
4cc2dcf9 EB |
926 | static int check_nonfinal_hash_op(const char *op, int err, |
927 | u8 *result, unsigned int digestsize, | |
928 | const char *driver, unsigned int vec_num, | |
929 | const struct testvec_config *cfg) | |
466d7b9f | 930 | { |
4cc2dcf9 EB |
931 | if (err) { |
932 | pr_err("alg: hash: %s %s() failed with err %d on test vector %u, cfg=\"%s\"\n", | |
933 | driver, op, err, vec_num, cfg->name); | |
934 | return err; | |
018ba95c | 935 | } |
4cc2dcf9 EB |
936 | if (!testmgr_is_poison(result, digestsize)) { |
937 | pr_err("alg: hash: %s %s() used result buffer on test vector %u, cfg=\"%s\"\n", | |
938 | driver, op, vec_num, cfg->name); | |
939 | return -EINVAL; | |
466d7b9f | 940 | } |
4cc2dcf9 | 941 | return 0; |
018ba95c WR |
942 | } |
943 | ||
4cc2dcf9 EB |
944 | static int test_hash_vec_cfg(const char *driver, |
945 | const struct hash_testvec *vec, | |
946 | unsigned int vec_num, | |
947 | const struct testvec_config *cfg, | |
948 | struct ahash_request *req, | |
949 | struct test_sglist *tsgl, | |
950 | u8 *hashstate) | |
da7f033d | 951 | { |
4cc2dcf9 EB |
952 | struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); |
953 | const unsigned int alignmask = crypto_ahash_alignmask(tfm); | |
954 | const unsigned int digestsize = crypto_ahash_digestsize(tfm); | |
955 | const unsigned int statesize = crypto_ahash_statesize(tfm); | |
956 | const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; | |
957 | const struct test_sg_division *divs[XBUFSIZE]; | |
958 | DECLARE_CRYPTO_WAIT(wait); | |
959 | struct kvec _input; | |
960 | struct iov_iter input; | |
961 | unsigned int i; | |
962 | struct scatterlist *pending_sgl; | |
963 | unsigned int pending_len; | |
964 | u8 result[HASH_MAX_DIGESTSIZE + TESTMGR_POISON_LEN]; | |
965 | int err; | |
da7f033d | 966 | |
4cc2dcf9 EB |
967 | /* Set the key, if specified */ |
968 | if (vec->ksize) { | |
969 | err = crypto_ahash_setkey(tfm, vec->key, vec->ksize); | |
970 | if (err) { | |
971 | pr_err("alg: hash: %s setkey failed with err %d on test vector %u; flags=%#x\n", | |
972 | driver, err, vec_num, | |
973 | crypto_ahash_get_flags(tfm)); | |
974 | return err; | |
975 | } | |
976 | } | |
da7f033d | 977 | |
4cc2dcf9 EB |
978 | /* Build the scatterlist for the source data */ |
979 | _input.iov_base = (void *)vec->plaintext; | |
980 | _input.iov_len = vec->psize; | |
981 | iov_iter_kvec(&input, WRITE, &_input, 1, vec->psize); | |
982 | err = build_test_sglist(tsgl, cfg->src_divs, alignmask, vec->psize, | |
983 | &input, divs); | |
984 | if (err) { | |
985 | pr_err("alg: hash: %s: error preparing scatterlist for test vector %u, cfg=\"%s\"\n", | |
986 | driver, vec_num, cfg->name); | |
987 | return err; | |
da7f033d | 988 | } |
da7f033d | 989 | |
4cc2dcf9 | 990 | /* Do the actual hashing */ |
a0cfae59 | 991 | |
4cc2dcf9 EB |
992 | testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm)); |
993 | testmgr_poison(result, digestsize + TESTMGR_POISON_LEN); | |
da5ffe11 | 994 | |
4cc2dcf9 EB |
995 | if (cfg->finalization_type == FINALIZATION_TYPE_DIGEST) { |
996 | /* Just using digest() */ | |
997 | ahash_request_set_callback(req, req_flags, crypto_req_done, | |
998 | &wait); | |
999 | ahash_request_set_crypt(req, tsgl->sgl, result, vec->psize); | |
6570737c | 1000 | err = do_ahash_op(crypto_ahash_digest, req, &wait, cfg->nosimd); |
4cc2dcf9 EB |
1001 | if (err) { |
1002 | pr_err("alg: hash: %s digest() failed with err %d on test vector %u, cfg=\"%s\"\n", | |
1003 | driver, err, vec_num, cfg->name); | |
1004 | return err; | |
1005 | } | |
1006 | goto result_ready; | |
1007 | } | |
da7f033d | 1008 | |
4cc2dcf9 | 1009 | /* Using init(), zero or more update(), then final() or finup() */ |
da7f033d | 1010 | |
4cc2dcf9 EB |
1011 | ahash_request_set_callback(req, req_flags, crypto_req_done, &wait); |
1012 | ahash_request_set_crypt(req, NULL, result, 0); | |
6570737c | 1013 | err = do_ahash_op(crypto_ahash_init, req, &wait, cfg->nosimd); |
4cc2dcf9 EB |
1014 | err = check_nonfinal_hash_op("init", err, result, digestsize, |
1015 | driver, vec_num, cfg); | |
1016 | if (err) | |
1017 | return err; | |
da7f033d | 1018 | |
4cc2dcf9 EB |
1019 | pending_sgl = NULL; |
1020 | pending_len = 0; | |
1021 | for (i = 0; i < tsgl->nents; i++) { | |
1022 | if (divs[i]->flush_type != FLUSH_TYPE_NONE && | |
1023 | pending_sgl != NULL) { | |
1024 | /* update() with the pending data */ | |
1025 | ahash_request_set_callback(req, req_flags, | |
1026 | crypto_req_done, &wait); | |
1027 | ahash_request_set_crypt(req, pending_sgl, result, | |
1028 | pending_len); | |
6570737c EB |
1029 | err = do_ahash_op(crypto_ahash_update, req, &wait, |
1030 | divs[i]->nosimd); | |
4cc2dcf9 EB |
1031 | err = check_nonfinal_hash_op("update", err, |
1032 | result, digestsize, | |
1033 | driver, vec_num, cfg); | |
1034 | if (err) | |
1035 | return err; | |
1036 | pending_sgl = NULL; | |
1037 | pending_len = 0; | |
da7f033d | 1038 | } |
4cc2dcf9 EB |
1039 | if (divs[i]->flush_type == FLUSH_TYPE_REIMPORT) { |
1040 | /* Test ->export() and ->import() */ | |
1041 | testmgr_poison(hashstate + statesize, | |
1042 | TESTMGR_POISON_LEN); | |
1043 | err = crypto_ahash_export(req, hashstate); | |
1044 | err = check_nonfinal_hash_op("export", err, | |
1045 | result, digestsize, | |
1046 | driver, vec_num, cfg); | |
1047 | if (err) | |
1048 | return err; | |
1049 | if (!testmgr_is_poison(hashstate + statesize, | |
1050 | TESTMGR_POISON_LEN)) { | |
1051 | pr_err("alg: hash: %s export() overran state buffer on test vector %u, cfg=\"%s\"\n", | |
1052 | driver, vec_num, cfg->name); | |
1053 | return -EOVERFLOW; | |
da7f033d | 1054 | } |
76715095 | 1055 | |
4cc2dcf9 EB |
1056 | testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm)); |
1057 | err = crypto_ahash_import(req, hashstate); | |
1058 | err = check_nonfinal_hash_op("import", err, | |
1059 | result, digestsize, | |
1060 | driver, vec_num, cfg); | |
1061 | if (err) | |
1062 | return err; | |
da7f033d | 1063 | } |
4cc2dcf9 EB |
1064 | if (pending_sgl == NULL) |
1065 | pending_sgl = &tsgl->sgl[i]; | |
1066 | pending_len += tsgl->sgl[i].length; | |
1067 | } | |
da7f033d | 1068 | |
4cc2dcf9 EB |
1069 | ahash_request_set_callback(req, req_flags, crypto_req_done, &wait); |
1070 | ahash_request_set_crypt(req, pending_sgl, result, pending_len); | |
1071 | if (cfg->finalization_type == FINALIZATION_TYPE_FINAL) { | |
1072 | /* finish with update() and final() */ | |
6570737c | 1073 | err = do_ahash_op(crypto_ahash_update, req, &wait, cfg->nosimd); |
4cc2dcf9 EB |
1074 | err = check_nonfinal_hash_op("update", err, result, digestsize, |
1075 | driver, vec_num, cfg); | |
1076 | if (err) | |
1077 | return err; | |
6570737c | 1078 | err = do_ahash_op(crypto_ahash_final, req, &wait, cfg->nosimd); |
4cc2dcf9 EB |
1079 | if (err) { |
1080 | pr_err("alg: hash: %s final() failed with err %d on test vector %u, cfg=\"%s\"\n", | |
1081 | driver, err, vec_num, cfg->name); | |
1082 | return err; | |
1083 | } | |
1084 | } else { | |
1085 | /* finish with finup() */ | |
6570737c | 1086 | err = do_ahash_op(crypto_ahash_finup, req, &wait, cfg->nosimd); |
4cc2dcf9 EB |
1087 | if (err) { |
1088 | pr_err("alg: hash: %s finup() failed with err %d on test vector %u, cfg=\"%s\"\n", | |
1089 | driver, err, vec_num, cfg->name); | |
1090 | return err; | |
da7f033d HX |
1091 | } |
1092 | } | |
1093 | ||
4cc2dcf9 EB |
1094 | result_ready: |
1095 | /* Check that the algorithm produced the correct digest */ | |
1096 | if (memcmp(result, vec->digest, digestsize) != 0) { | |
1097 | pr_err("alg: hash: %s test failed (wrong result) on test vector %u, cfg=\"%s\"\n", | |
1098 | driver, vec_num, cfg->name); | |
1099 | return -EINVAL; | |
1100 | } | |
1101 | if (!testmgr_is_poison(&result[digestsize], TESTMGR_POISON_LEN)) { | |
1102 | pr_err("alg: hash: %s overran result buffer on test vector %u, cfg=\"%s\"\n", | |
1103 | driver, vec_num, cfg->name); | |
1104 | return -EOVERFLOW; | |
1105 | } | |
da5ffe11 | 1106 | |
4cc2dcf9 EB |
1107 | return 0; |
1108 | } | |
da7f033d | 1109 | |
4cc2dcf9 EB |
1110 | static int test_hash_vec(const char *driver, const struct hash_testvec *vec, |
1111 | unsigned int vec_num, struct ahash_request *req, | |
1112 | struct test_sglist *tsgl, u8 *hashstate) | |
1113 | { | |
1114 | unsigned int i; | |
1115 | int err; | |
da7f033d | 1116 | |
4cc2dcf9 EB |
1117 | for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++) { |
1118 | err = test_hash_vec_cfg(driver, vec, vec_num, | |
1119 | &default_hash_testvec_configs[i], | |
1120 | req, tsgl, hashstate); | |
1121 | if (err) | |
1122 | return err; | |
1123 | } | |
5f2b424e | 1124 | |
4cc2dcf9 EB |
1125 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS |
1126 | if (!noextratests) { | |
1127 | struct testvec_config cfg; | |
1128 | char cfgname[TESTVEC_CONFIG_NAMELEN]; | |
5f2b424e | 1129 | |
4cc2dcf9 EB |
1130 | for (i = 0; i < fuzz_iterations; i++) { |
1131 | generate_random_testvec_config(&cfg, cfgname, | |
1132 | sizeof(cfgname)); | |
1133 | err = test_hash_vec_cfg(driver, vec, vec_num, &cfg, | |
1134 | req, tsgl, hashstate); | |
1135 | if (err) | |
1136 | return err; | |
018ba95c WR |
1137 | } |
1138 | } | |
4cc2dcf9 EB |
1139 | #endif |
1140 | return 0; | |
1141 | } | |
018ba95c | 1142 | |
4cc2dcf9 EB |
1143 | static int __alg_test_hash(const struct hash_testvec *vecs, |
1144 | unsigned int num_vecs, const char *driver, | |
1145 | u32 type, u32 mask) | |
1146 | { | |
1147 | struct crypto_ahash *tfm; | |
1148 | struct ahash_request *req = NULL; | |
1149 | struct test_sglist *tsgl = NULL; | |
1150 | u8 *hashstate = NULL; | |
1151 | unsigned int i; | |
1152 | int err; | |
018ba95c | 1153 | |
4cc2dcf9 EB |
1154 | tfm = crypto_alloc_ahash(driver, type, mask); |
1155 | if (IS_ERR(tfm)) { | |
1156 | pr_err("alg: hash: failed to allocate transform for %s: %ld\n", | |
1157 | driver, PTR_ERR(tfm)); | |
1158 | return PTR_ERR(tfm); | |
1159 | } | |
018ba95c | 1160 | |
4cc2dcf9 EB |
1161 | req = ahash_request_alloc(tfm, GFP_KERNEL); |
1162 | if (!req) { | |
1163 | pr_err("alg: hash: failed to allocate request for %s\n", | |
1164 | driver); | |
1165 | err = -ENOMEM; | |
1166 | goto out; | |
1167 | } | |
018ba95c | 1168 | |
4cc2dcf9 EB |
1169 | tsgl = kmalloc(sizeof(*tsgl), GFP_KERNEL); |
1170 | if (!tsgl || init_test_sglist(tsgl) != 0) { | |
1171 | pr_err("alg: hash: failed to allocate test buffers for %s\n", | |
1172 | driver); | |
1173 | kfree(tsgl); | |
1174 | tsgl = NULL; | |
1175 | err = -ENOMEM; | |
1176 | goto out; | |
1177 | } | |
018ba95c | 1178 | |
4cc2dcf9 EB |
1179 | hashstate = kmalloc(crypto_ahash_statesize(tfm) + TESTMGR_POISON_LEN, |
1180 | GFP_KERNEL); | |
1181 | if (!hashstate) { | |
1182 | pr_err("alg: hash: failed to allocate hash state buffer for %s\n", | |
1183 | driver); | |
1184 | err = -ENOMEM; | |
1185 | goto out; | |
1186 | } | |
018ba95c | 1187 | |
4cc2dcf9 EB |
1188 | for (i = 0; i < num_vecs; i++) { |
1189 | err = test_hash_vec(driver, &vecs[i], i, req, tsgl, hashstate); | |
1190 | if (err) | |
5f2b424e | 1191 | goto out; |
da7f033d | 1192 | } |
4cc2dcf9 | 1193 | err = 0; |
da7f033d | 1194 | out: |
4cc2dcf9 EB |
1195 | kfree(hashstate); |
1196 | if (tsgl) { | |
1197 | destroy_test_sglist(tsgl); | |
1198 | kfree(tsgl); | |
1199 | } | |
da7f033d | 1200 | ahash_request_free(req); |
4cc2dcf9 EB |
1201 | crypto_free_ahash(tfm); |
1202 | return err; | |
da7f033d HX |
1203 | } |
1204 | ||
4cc2dcf9 EB |
1205 | static int alg_test_hash(const struct alg_test_desc *desc, const char *driver, |
1206 | u32 type, u32 mask) | |
da5ffe11 | 1207 | { |
4cc2dcf9 EB |
1208 | const struct hash_testvec *template = desc->suite.hash.vecs; |
1209 | unsigned int tcount = desc->suite.hash.count; | |
1210 | unsigned int nr_unkeyed, nr_keyed; | |
1211 | int err; | |
da5ffe11 | 1212 | |
4cc2dcf9 EB |
1213 | /* |
1214 | * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests | |
1215 | * first, before setting a key on the tfm. To make this easier, we | |
1216 | * require that the unkeyed test vectors (if any) are listed first. | |
1217 | */ | |
da5ffe11 | 1218 | |
4cc2dcf9 EB |
1219 | for (nr_unkeyed = 0; nr_unkeyed < tcount; nr_unkeyed++) { |
1220 | if (template[nr_unkeyed].ksize) | |
1221 | break; | |
1222 | } | |
1223 | for (nr_keyed = 0; nr_unkeyed + nr_keyed < tcount; nr_keyed++) { | |
1224 | if (!template[nr_unkeyed + nr_keyed].ksize) { | |
1225 | pr_err("alg: hash: test vectors for %s out of order, " | |
1226 | "unkeyed ones must come first\n", desc->alg); | |
1227 | return -EINVAL; | |
1228 | } | |
1229 | } | |
da5ffe11 | 1230 | |
4cc2dcf9 EB |
1231 | err = 0; |
1232 | if (nr_unkeyed) { | |
1233 | err = __alg_test_hash(template, nr_unkeyed, driver, type, mask); | |
1234 | template += nr_unkeyed; | |
da5ffe11 JK |
1235 | } |
1236 | ||
4cc2dcf9 EB |
1237 | if (!err && nr_keyed) |
1238 | err = __alg_test_hash(template, nr_keyed, driver, type, mask); | |
1239 | ||
1240 | return err; | |
da5ffe11 JK |
1241 | } |
1242 | ||
ed96804f EB |
1243 | static int test_aead_vec_cfg(const char *driver, int enc, |
1244 | const struct aead_testvec *vec, | |
1245 | unsigned int vec_num, | |
1246 | const struct testvec_config *cfg, | |
1247 | struct aead_request *req, | |
1248 | struct cipher_test_sglists *tsgls) | |
da7f033d | 1249 | { |
ed96804f EB |
1250 | struct crypto_aead *tfm = crypto_aead_reqtfm(req); |
1251 | const unsigned int alignmask = crypto_aead_alignmask(tfm); | |
1252 | const unsigned int ivsize = crypto_aead_ivsize(tfm); | |
1253 | const unsigned int authsize = vec->clen - vec->plen; | |
1254 | const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; | |
1255 | const char *op = enc ? "encryption" : "decryption"; | |
1256 | DECLARE_CRYPTO_WAIT(wait); | |
1257 | u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN]; | |
1258 | u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) + | |
1259 | cfg->iv_offset + | |
1260 | (cfg->iv_offset_relative_to_alignmask ? alignmask : 0); | |
1261 | struct kvec input[2]; | |
1262 | int err; | |
d8a32ac2 | 1263 | |
ed96804f EB |
1264 | /* Set the key */ |
1265 | if (vec->wk) | |
1266 | crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); | |
da7f033d | 1267 | else |
ed96804f EB |
1268 | crypto_aead_clear_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); |
1269 | err = crypto_aead_setkey(tfm, vec->key, vec->klen); | |
1270 | if (err) { | |
1271 | if (vec->fail) /* expectedly failed to set key? */ | |
1272 | return 0; | |
1273 | pr_err("alg: aead: %s setkey failed with err %d on test vector %u; flags=%#x\n", | |
1274 | driver, err, vec_num, crypto_aead_get_flags(tfm)); | |
1275 | return err; | |
da7f033d | 1276 | } |
ed96804f EB |
1277 | if (vec->fail) { |
1278 | pr_err("alg: aead: %s setkey unexpectedly succeeded on test vector %u\n", | |
1279 | driver, vec_num); | |
1280 | return -EINVAL; | |
da7f033d HX |
1281 | } |
1282 | ||
ed96804f EB |
1283 | /* Set the authentication tag size */ |
1284 | err = crypto_aead_setauthsize(tfm, authsize); | |
1285 | if (err) { | |
1286 | pr_err("alg: aead: %s setauthsize failed with err %d on test vector %u\n", | |
1287 | driver, err, vec_num); | |
1288 | return err; | |
1289 | } | |
8ec25c51 | 1290 | |
ed96804f EB |
1291 | /* The IV must be copied to a buffer, as the algorithm may modify it */ |
1292 | if (WARN_ON(ivsize > MAX_IVLEN)) | |
1293 | return -EINVAL; | |
1294 | if (vec->iv) | |
1295 | memcpy(iv, vec->iv, ivsize); | |
1296 | else | |
1297 | memset(iv, 0, ivsize); | |
da7f033d | 1298 | |
ed96804f EB |
1299 | /* Build the src/dst scatterlists */ |
1300 | input[0].iov_base = (void *)vec->assoc; | |
1301 | input[0].iov_len = vec->alen; | |
1302 | input[1].iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext; | |
1303 | input[1].iov_len = enc ? vec->plen : vec->clen; | |
1304 | err = build_cipher_test_sglists(tsgls, cfg, alignmask, | |
1305 | vec->alen + (enc ? vec->plen : | |
1306 | vec->clen), | |
1307 | vec->alen + (enc ? vec->clen : | |
1308 | vec->plen), | |
1309 | input, 2); | |
1310 | if (err) { | |
1311 | pr_err("alg: aead: %s %s: error preparing scatterlists for test vector %u, cfg=\"%s\"\n", | |
1312 | driver, op, vec_num, cfg->name); | |
1313 | return err; | |
1314 | } | |
da7f033d | 1315 | |
ed96804f EB |
1316 | /* Do the actual encryption or decryption */ |
1317 | testmgr_poison(req->__ctx, crypto_aead_reqsize(tfm)); | |
1318 | aead_request_set_callback(req, req_flags, crypto_req_done, &wait); | |
1319 | aead_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr, | |
1320 | enc ? vec->plen : vec->clen, iv); | |
1321 | aead_request_set_ad(req, vec->alen); | |
6570737c EB |
1322 | if (cfg->nosimd) |
1323 | crypto_disable_simd_for_test(); | |
1324 | err = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req); | |
1325 | if (cfg->nosimd) | |
1326 | crypto_reenable_simd_for_test(); | |
1327 | err = crypto_wait_req(err, &wait); | |
ed96804f EB |
1328 | if (err) { |
1329 | if (err == -EBADMSG && vec->novrfy) | |
1330 | return 0; | |
1331 | pr_err("alg: aead: %s %s failed with err %d on test vector %u, cfg=\"%s\"\n", | |
1332 | driver, op, err, vec_num, cfg->name); | |
1333 | return err; | |
1334 | } | |
1335 | if (vec->novrfy) { | |
1336 | pr_err("alg: aead: %s %s unexpectedly succeeded on test vector %u, cfg=\"%s\"\n", | |
1337 | driver, op, vec_num, cfg->name); | |
1338 | return -EINVAL; | |
a6e5ef9b EB |
1339 | } |
1340 | ||
1341 | /* Check that the algorithm didn't overwrite things it shouldn't have */ | |
1342 | if (req->cryptlen != (enc ? vec->plen : vec->clen) || | |
1343 | req->assoclen != vec->alen || | |
1344 | req->iv != iv || | |
1345 | req->src != tsgls->src.sgl_ptr || | |
1346 | req->dst != tsgls->dst.sgl_ptr || | |
1347 | crypto_aead_reqtfm(req) != tfm || | |
1348 | req->base.complete != crypto_req_done || | |
1349 | req->base.flags != req_flags || | |
1350 | req->base.data != &wait) { | |
1351 | pr_err("alg: aead: %s %s corrupted request struct on test vector %u, cfg=\"%s\"\n", | |
1352 | driver, op, vec_num, cfg->name); | |
1353 | if (req->cryptlen != (enc ? vec->plen : vec->clen)) | |
1354 | pr_err("alg: aead: changed 'req->cryptlen'\n"); | |
1355 | if (req->assoclen != vec->alen) | |
1356 | pr_err("alg: aead: changed 'req->assoclen'\n"); | |
1357 | if (req->iv != iv) | |
1358 | pr_err("alg: aead: changed 'req->iv'\n"); | |
1359 | if (req->src != tsgls->src.sgl_ptr) | |
1360 | pr_err("alg: aead: changed 'req->src'\n"); | |
1361 | if (req->dst != tsgls->dst.sgl_ptr) | |
1362 | pr_err("alg: aead: changed 'req->dst'\n"); | |
1363 | if (crypto_aead_reqtfm(req) != tfm) | |
1364 | pr_err("alg: aead: changed 'req->base.tfm'\n"); | |
1365 | if (req->base.complete != crypto_req_done) | |
1366 | pr_err("alg: aead: changed 'req->base.complete'\n"); | |
1367 | if (req->base.flags != req_flags) | |
1368 | pr_err("alg: aead: changed 'req->base.flags'\n"); | |
1369 | if (req->base.data != &wait) | |
1370 | pr_err("alg: aead: changed 'req->base.data'\n"); | |
1371 | return -EINVAL; | |
1372 | } | |
1373 | if (is_test_sglist_corrupted(&tsgls->src)) { | |
1374 | pr_err("alg: aead: %s %s corrupted src sgl on test vector %u, cfg=\"%s\"\n", | |
1375 | driver, op, vec_num, cfg->name); | |
1376 | return -EINVAL; | |
1377 | } | |
1378 | if (tsgls->dst.sgl_ptr != tsgls->src.sgl && | |
1379 | is_test_sglist_corrupted(&tsgls->dst)) { | |
1380 | pr_err("alg: aead: %s %s corrupted dst sgl on test vector %u, cfg=\"%s\"\n", | |
1381 | driver, op, vec_num, cfg->name); | |
1382 | return -EINVAL; | |
ed96804f | 1383 | } |
da7f033d | 1384 | |
ed96804f EB |
1385 | /* Check for the correct output (ciphertext or plaintext) */ |
1386 | err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, | |
1387 | enc ? vec->clen : vec->plen, | |
1388 | vec->alen, enc || !cfg->inplace); | |
1389 | if (err == -EOVERFLOW) { | |
1390 | pr_err("alg: aead: %s %s overran dst buffer on test vector %u, cfg=\"%s\"\n", | |
1391 | driver, op, vec_num, cfg->name); | |
1392 | return err; | |
1393 | } | |
1394 | if (err) { | |
1395 | pr_err("alg: aead: %s %s test failed (wrong result) on test vector %u, cfg=\"%s\"\n", | |
1396 | driver, op, vec_num, cfg->name); | |
1397 | return err; | |
1398 | } | |
da7f033d | 1399 | |
ed96804f EB |
1400 | return 0; |
1401 | } | |
da7f033d | 1402 | |
ed96804f EB |
1403 | static int test_aead_vec(const char *driver, int enc, |
1404 | const struct aead_testvec *vec, unsigned int vec_num, | |
1405 | struct aead_request *req, | |
1406 | struct cipher_test_sglists *tsgls) | |
1407 | { | |
1408 | unsigned int i; | |
1409 | int err; | |
da7f033d | 1410 | |
ed96804f EB |
1411 | if (enc && vec->novrfy) |
1412 | return 0; | |
da7f033d | 1413 | |
ed96804f EB |
1414 | for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) { |
1415 | err = test_aead_vec_cfg(driver, enc, vec, vec_num, | |
1416 | &default_cipher_testvec_configs[i], | |
1417 | req, tsgls); | |
1418 | if (err) | |
1419 | return err; | |
1420 | } | |
da7f033d | 1421 | |
ed96804f EB |
1422 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS |
1423 | if (!noextratests) { | |
1424 | struct testvec_config cfg; | |
1425 | char cfgname[TESTVEC_CONFIG_NAMELEN]; | |
05b1d338 | 1426 | |
ed96804f EB |
1427 | for (i = 0; i < fuzz_iterations; i++) { |
1428 | generate_random_testvec_config(&cfg, cfgname, | |
1429 | sizeof(cfgname)); | |
1430 | err = test_aead_vec_cfg(driver, enc, vec, vec_num, | |
1431 | &cfg, req, tsgls); | |
1432 | if (err) | |
1433 | return err; | |
da7f033d HX |
1434 | } |
1435 | } | |
ed96804f EB |
1436 | #endif |
1437 | return 0; | |
1438 | } | |
da7f033d | 1439 | |
ed96804f EB |
1440 | static int test_aead(const char *driver, int enc, |
1441 | const struct aead_test_suite *suite, | |
1442 | struct aead_request *req, | |
1443 | struct cipher_test_sglists *tsgls) | |
1444 | { | |
1445 | unsigned int i; | |
1446 | int err; | |
da7f033d | 1447 | |
ed96804f EB |
1448 | for (i = 0; i < suite->count; i++) { |
1449 | err = test_aead_vec(driver, enc, &suite->vecs[i], i, req, | |
1450 | tsgls); | |
1451 | if (err) | |
1452 | return err; | |
1453 | } | |
1454 | return 0; | |
da7f033d HX |
1455 | } |
1456 | ||
ed96804f EB |
1457 | static int alg_test_aead(const struct alg_test_desc *desc, const char *driver, |
1458 | u32 type, u32 mask) | |
d8a32ac2 | 1459 | { |
ed96804f EB |
1460 | const struct aead_test_suite *suite = &desc->suite.aead; |
1461 | struct crypto_aead *tfm; | |
1462 | struct aead_request *req = NULL; | |
1463 | struct cipher_test_sglists *tsgls = NULL; | |
1464 | int err; | |
d8a32ac2 | 1465 | |
ed96804f EB |
1466 | if (suite->count <= 0) { |
1467 | pr_err("alg: aead: empty test suite for %s\n", driver); | |
1468 | return -EINVAL; | |
1469 | } | |
d8a32ac2 | 1470 | |
ed96804f EB |
1471 | tfm = crypto_alloc_aead(driver, type, mask); |
1472 | if (IS_ERR(tfm)) { | |
1473 | pr_err("alg: aead: failed to allocate transform for %s: %ld\n", | |
1474 | driver, PTR_ERR(tfm)); | |
1475 | return PTR_ERR(tfm); | |
1476 | } | |
58dcf548 | 1477 | |
ed96804f EB |
1478 | req = aead_request_alloc(tfm, GFP_KERNEL); |
1479 | if (!req) { | |
1480 | pr_err("alg: aead: failed to allocate request for %s\n", | |
1481 | driver); | |
1482 | err = -ENOMEM; | |
1483 | goto out; | |
1484 | } | |
58dcf548 | 1485 | |
ed96804f EB |
1486 | tsgls = alloc_cipher_test_sglists(); |
1487 | if (!tsgls) { | |
1488 | pr_err("alg: aead: failed to allocate test buffers for %s\n", | |
1489 | driver); | |
1490 | err = -ENOMEM; | |
1491 | goto out; | |
58dcf548 JK |
1492 | } |
1493 | ||
ed96804f EB |
1494 | err = test_aead(driver, ENCRYPT, suite, req, tsgls); |
1495 | if (err) | |
1496 | goto out; | |
1497 | ||
1498 | err = test_aead(driver, DECRYPT, suite, req, tsgls); | |
1499 | out: | |
1500 | free_cipher_test_sglists(tsgls); | |
1501 | aead_request_free(req); | |
1502 | crypto_free_aead(tfm); | |
1503 | return err; | |
d8a32ac2 JK |
1504 | } |
1505 | ||
1aa4ecd9 | 1506 | static int test_cipher(struct crypto_cipher *tfm, int enc, |
b13b1e0c EB |
1507 | const struct cipher_testvec *template, |
1508 | unsigned int tcount) | |
1aa4ecd9 HX |
1509 | { |
1510 | const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm)); | |
1511 | unsigned int i, j, k; | |
1aa4ecd9 HX |
1512 | char *q; |
1513 | const char *e; | |
92a4c9fe | 1514 | const char *input, *result; |
1aa4ecd9 | 1515 | void *data; |
f8b0d4d0 HX |
1516 | char *xbuf[XBUFSIZE]; |
1517 | int ret = -ENOMEM; | |
1518 | ||
1519 | if (testmgr_alloc_buf(xbuf)) | |
1520 | goto out_nobuf; | |
1aa4ecd9 HX |
1521 | |
1522 | if (enc == ENCRYPT) | |
1523 | e = "encryption"; | |
1524 | else | |
1525 | e = "decryption"; | |
1526 | ||
1527 | j = 0; | |
1528 | for (i = 0; i < tcount; i++) { | |
1aa4ecd9 | 1529 | |
10faa8c0 SM |
1530 | if (fips_enabled && template[i].fips_skip) |
1531 | continue; | |
1532 | ||
92a4c9fe EB |
1533 | input = enc ? template[i].ptext : template[i].ctext; |
1534 | result = enc ? template[i].ctext : template[i].ptext; | |
1aa4ecd9 HX |
1535 | j++; |
1536 | ||
fd57f22a | 1537 | ret = -EINVAL; |
92a4c9fe | 1538 | if (WARN_ON(template[i].len > PAGE_SIZE)) |
fd57f22a HX |
1539 | goto out; |
1540 | ||
1aa4ecd9 | 1541 | data = xbuf[0]; |
92a4c9fe | 1542 | memcpy(data, input, template[i].len); |
1aa4ecd9 HX |
1543 | |
1544 | crypto_cipher_clear_flags(tfm, ~0); | |
1545 | if (template[i].wk) | |
231baecd | 1546 | crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); |
1aa4ecd9 HX |
1547 | |
1548 | ret = crypto_cipher_setkey(tfm, template[i].key, | |
1549 | template[i].klen); | |
0fae0c1e | 1550 | if (template[i].fail == !ret) { |
1aa4ecd9 HX |
1551 | printk(KERN_ERR "alg: cipher: setkey failed " |
1552 | "on test %d for %s: flags=%x\n", j, | |
1553 | algo, crypto_cipher_get_flags(tfm)); | |
1554 | goto out; | |
1555 | } else if (ret) | |
1556 | continue; | |
1557 | ||
92a4c9fe | 1558 | for (k = 0; k < template[i].len; |
1aa4ecd9 HX |
1559 | k += crypto_cipher_blocksize(tfm)) { |
1560 | if (enc) | |
1561 | crypto_cipher_encrypt_one(tfm, data + k, | |
1562 | data + k); | |
1563 | else | |
1564 | crypto_cipher_decrypt_one(tfm, data + k, | |
1565 | data + k); | |
1566 | } | |
1567 | ||
1568 | q = data; | |
92a4c9fe | 1569 | if (memcmp(q, result, template[i].len)) { |
1aa4ecd9 HX |
1570 | printk(KERN_ERR "alg: cipher: Test %d failed " |
1571 | "on %s for %s\n", j, e, algo); | |
92a4c9fe | 1572 | hexdump(q, template[i].len); |
1aa4ecd9 HX |
1573 | ret = -EINVAL; |
1574 | goto out; | |
1575 | } | |
1576 | } | |
1577 | ||
1578 | ret = 0; | |
1579 | ||
1580 | out: | |
f8b0d4d0 HX |
1581 | testmgr_free_buf(xbuf); |
1582 | out_nobuf: | |
1aa4ecd9 HX |
1583 | return ret; |
1584 | } | |
1585 | ||
4e7babba EB |
1586 | static int test_skcipher_vec_cfg(const char *driver, int enc, |
1587 | const struct cipher_testvec *vec, | |
1588 | unsigned int vec_num, | |
1589 | const struct testvec_config *cfg, | |
1590 | struct skcipher_request *req, | |
1591 | struct cipher_test_sglists *tsgls) | |
da7f033d | 1592 | { |
4e7babba EB |
1593 | struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); |
1594 | const unsigned int alignmask = crypto_skcipher_alignmask(tfm); | |
1595 | const unsigned int ivsize = crypto_skcipher_ivsize(tfm); | |
1596 | const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; | |
1597 | const char *op = enc ? "encryption" : "decryption"; | |
1598 | DECLARE_CRYPTO_WAIT(wait); | |
1599 | u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN]; | |
1600 | u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) + | |
1601 | cfg->iv_offset + | |
1602 | (cfg->iv_offset_relative_to_alignmask ? alignmask : 0); | |
1603 | struct kvec input; | |
1604 | int err; | |
08d6af8c | 1605 | |
4e7babba EB |
1606 | /* Set the key */ |
1607 | if (vec->wk) | |
1608 | crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); | |
da7f033d | 1609 | else |
4e7babba EB |
1610 | crypto_skcipher_clear_flags(tfm, |
1611 | CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); | |
1612 | err = crypto_skcipher_setkey(tfm, vec->key, vec->klen); | |
1613 | if (err) { | |
1614 | if (vec->fail) /* expectedly failed to set key? */ | |
1615 | return 0; | |
1616 | pr_err("alg: skcipher: %s setkey failed with err %d on test vector %u; flags=%#x\n", | |
1617 | driver, err, vec_num, crypto_skcipher_get_flags(tfm)); | |
1618 | return err; | |
1619 | } | |
1620 | if (vec->fail) { | |
1621 | pr_err("alg: skcipher: %s setkey unexpectedly succeeded on test vector %u\n", | |
1622 | driver, vec_num); | |
1623 | return -EINVAL; | |
da7f033d HX |
1624 | } |
1625 | ||
4e7babba EB |
1626 | /* The IV must be copied to a buffer, as the algorithm may modify it */ |
1627 | if (ivsize) { | |
1628 | if (WARN_ON(ivsize > MAX_IVLEN)) | |
1629 | return -EINVAL; | |
8efd972e EB |
1630 | if (vec->generates_iv && !enc) |
1631 | memcpy(iv, vec->iv_out, ivsize); | |
1632 | else if (vec->iv) | |
4e7babba | 1633 | memcpy(iv, vec->iv, ivsize); |
da7f033d | 1634 | else |
4e7babba EB |
1635 | memset(iv, 0, ivsize); |
1636 | } else { | |
1637 | if (vec->generates_iv) { | |
1638 | pr_err("alg: skcipher: %s has ivsize=0 but test vector %u generates IV!\n", | |
1639 | driver, vec_num); | |
1640 | return -EINVAL; | |
8a826a34 | 1641 | } |
4e7babba | 1642 | iv = NULL; |
da7f033d HX |
1643 | } |
1644 | ||
4e7babba EB |
1645 | /* Build the src/dst scatterlists */ |
1646 | input.iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext; | |
1647 | input.iov_len = vec->len; | |
1648 | err = build_cipher_test_sglists(tsgls, cfg, alignmask, | |
1649 | vec->len, vec->len, &input, 1); | |
1650 | if (err) { | |
1651 | pr_err("alg: skcipher: %s %s: error preparing scatterlists for test vector %u, cfg=\"%s\"\n", | |
1652 | driver, op, vec_num, cfg->name); | |
1653 | return err; | |
1654 | } | |
da7f033d | 1655 | |
4e7babba EB |
1656 | /* Do the actual encryption or decryption */ |
1657 | testmgr_poison(req->__ctx, crypto_skcipher_reqsize(tfm)); | |
1658 | skcipher_request_set_callback(req, req_flags, crypto_req_done, &wait); | |
1659 | skcipher_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr, | |
1660 | vec->len, iv); | |
6570737c EB |
1661 | if (cfg->nosimd) |
1662 | crypto_disable_simd_for_test(); | |
1663 | err = enc ? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req); | |
1664 | if (cfg->nosimd) | |
1665 | crypto_reenable_simd_for_test(); | |
1666 | err = crypto_wait_req(err, &wait); | |
4e7babba EB |
1667 | if (err) { |
1668 | pr_err("alg: skcipher: %s %s failed with err %d on test vector %u, cfg=\"%s\"\n", | |
1669 | driver, op, err, vec_num, cfg->name); | |
1670 | return err; | |
1671 | } | |
da7f033d | 1672 | |
fa353c99 EB |
1673 | /* Check that the algorithm didn't overwrite things it shouldn't have */ |
1674 | if (req->cryptlen != vec->len || | |
1675 | req->iv != iv || | |
1676 | req->src != tsgls->src.sgl_ptr || | |
1677 | req->dst != tsgls->dst.sgl_ptr || | |
1678 | crypto_skcipher_reqtfm(req) != tfm || | |
1679 | req->base.complete != crypto_req_done || | |
1680 | req->base.flags != req_flags || | |
1681 | req->base.data != &wait) { | |
1682 | pr_err("alg: skcipher: %s %s corrupted request struct on test vector %u, cfg=\"%s\"\n", | |
1683 | driver, op, vec_num, cfg->name); | |
1684 | if (req->cryptlen != vec->len) | |
1685 | pr_err("alg: skcipher: changed 'req->cryptlen'\n"); | |
1686 | if (req->iv != iv) | |
1687 | pr_err("alg: skcipher: changed 'req->iv'\n"); | |
1688 | if (req->src != tsgls->src.sgl_ptr) | |
1689 | pr_err("alg: skcipher: changed 'req->src'\n"); | |
1690 | if (req->dst != tsgls->dst.sgl_ptr) | |
1691 | pr_err("alg: skcipher: changed 'req->dst'\n"); | |
1692 | if (crypto_skcipher_reqtfm(req) != tfm) | |
1693 | pr_err("alg: skcipher: changed 'req->base.tfm'\n"); | |
1694 | if (req->base.complete != crypto_req_done) | |
1695 | pr_err("alg: skcipher: changed 'req->base.complete'\n"); | |
1696 | if (req->base.flags != req_flags) | |
1697 | pr_err("alg: skcipher: changed 'req->base.flags'\n"); | |
1698 | if (req->base.data != &wait) | |
1699 | pr_err("alg: skcipher: changed 'req->base.data'\n"); | |
1700 | return -EINVAL; | |
1701 | } | |
1702 | if (is_test_sglist_corrupted(&tsgls->src)) { | |
1703 | pr_err("alg: skcipher: %s %s corrupted src sgl on test vector %u, cfg=\"%s\"\n", | |
1704 | driver, op, vec_num, cfg->name); | |
1705 | return -EINVAL; | |
1706 | } | |
1707 | if (tsgls->dst.sgl_ptr != tsgls->src.sgl && | |
1708 | is_test_sglist_corrupted(&tsgls->dst)) { | |
1709 | pr_err("alg: skcipher: %s %s corrupted dst sgl on test vector %u, cfg=\"%s\"\n", | |
1710 | driver, op, vec_num, cfg->name); | |
1711 | return -EINVAL; | |
1712 | } | |
1713 | ||
4e7babba EB |
1714 | /* Check for the correct output (ciphertext or plaintext) */ |
1715 | err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, | |
1716 | vec->len, 0, true); | |
1717 | if (err == -EOVERFLOW) { | |
1718 | pr_err("alg: skcipher: %s %s overran dst buffer on test vector %u, cfg=\"%s\"\n", | |
1719 | driver, op, vec_num, cfg->name); | |
1720 | return err; | |
1721 | } | |
1722 | if (err) { | |
1723 | pr_err("alg: skcipher: %s %s test failed (wrong result) on test vector %u, cfg=\"%s\"\n", | |
1724 | driver, op, vec_num, cfg->name); | |
1725 | return err; | |
1726 | } | |
08d6af8c | 1727 | |
4e7babba | 1728 | /* If applicable, check that the algorithm generated the correct IV */ |
8efd972e | 1729 | if (vec->iv_out && memcmp(iv, vec->iv_out, ivsize) != 0) { |
4e7babba EB |
1730 | pr_err("alg: skcipher: %s %s test failed (wrong output IV) on test vector %u, cfg=\"%s\"\n", |
1731 | driver, op, vec_num, cfg->name); | |
1732 | hexdump(iv, ivsize); | |
1733 | return -EINVAL; | |
1734 | } | |
08d6af8c | 1735 | |
4e7babba EB |
1736 | return 0; |
1737 | } | |
da7f033d | 1738 | |
4e7babba EB |
1739 | static int test_skcipher_vec(const char *driver, int enc, |
1740 | const struct cipher_testvec *vec, | |
1741 | unsigned int vec_num, | |
1742 | struct skcipher_request *req, | |
1743 | struct cipher_test_sglists *tsgls) | |
1744 | { | |
1745 | unsigned int i; | |
1746 | int err; | |
da7f033d | 1747 | |
4e7babba EB |
1748 | if (fips_enabled && vec->fips_skip) |
1749 | return 0; | |
da7f033d | 1750 | |
4e7babba EB |
1751 | for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) { |
1752 | err = test_skcipher_vec_cfg(driver, enc, vec, vec_num, | |
1753 | &default_cipher_testvec_configs[i], | |
1754 | req, tsgls); | |
1755 | if (err) | |
1756 | return err; | |
1757 | } | |
da7f033d | 1758 | |
4e7babba EB |
1759 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS |
1760 | if (!noextratests) { | |
1761 | struct testvec_config cfg; | |
1762 | char cfgname[TESTVEC_CONFIG_NAMELEN]; | |
1763 | ||
1764 | for (i = 0; i < fuzz_iterations; i++) { | |
1765 | generate_random_testvec_config(&cfg, cfgname, | |
1766 | sizeof(cfgname)); | |
1767 | err = test_skcipher_vec_cfg(driver, enc, vec, vec_num, | |
1768 | &cfg, req, tsgls); | |
1769 | if (err) | |
1770 | return err; | |
da7f033d HX |
1771 | } |
1772 | } | |
4e7babba EB |
1773 | #endif |
1774 | return 0; | |
1775 | } | |
da7f033d | 1776 | |
4e7babba EB |
1777 | static int test_skcipher(const char *driver, int enc, |
1778 | const struct cipher_test_suite *suite, | |
1779 | struct skcipher_request *req, | |
1780 | struct cipher_test_sglists *tsgls) | |
1781 | { | |
1782 | unsigned int i; | |
1783 | int err; | |
da7f033d | 1784 | |
4e7babba EB |
1785 | for (i = 0; i < suite->count; i++) { |
1786 | err = test_skcipher_vec(driver, enc, &suite->vecs[i], i, req, | |
1787 | tsgls); | |
1788 | if (err) | |
1789 | return err; | |
1790 | } | |
1791 | return 0; | |
da7f033d HX |
1792 | } |
1793 | ||
4e7babba EB |
1794 | static int alg_test_skcipher(const struct alg_test_desc *desc, |
1795 | const char *driver, u32 type, u32 mask) | |
08d6af8c | 1796 | { |
4e7babba EB |
1797 | const struct cipher_test_suite *suite = &desc->suite.cipher; |
1798 | struct crypto_skcipher *tfm; | |
1799 | struct skcipher_request *req = NULL; | |
1800 | struct cipher_test_sglists *tsgls = NULL; | |
1801 | int err; | |
08d6af8c | 1802 | |
4e7babba EB |
1803 | if (suite->count <= 0) { |
1804 | pr_err("alg: skcipher: empty test suite for %s\n", driver); | |
1805 | return -EINVAL; | |
1806 | } | |
08d6af8c | 1807 | |
4e7babba EB |
1808 | tfm = crypto_alloc_skcipher(driver, type, mask); |
1809 | if (IS_ERR(tfm)) { | |
1810 | pr_err("alg: skcipher: failed to allocate transform for %s: %ld\n", | |
1811 | driver, PTR_ERR(tfm)); | |
1812 | return PTR_ERR(tfm); | |
1813 | } | |
3a338f20 | 1814 | |
4e7babba EB |
1815 | req = skcipher_request_alloc(tfm, GFP_KERNEL); |
1816 | if (!req) { | |
1817 | pr_err("alg: skcipher: failed to allocate request for %s\n", | |
1818 | driver); | |
1819 | err = -ENOMEM; | |
1820 | goto out; | |
1821 | } | |
3a338f20 | 1822 | |
4e7babba EB |
1823 | tsgls = alloc_cipher_test_sglists(); |
1824 | if (!tsgls) { | |
1825 | pr_err("alg: skcipher: failed to allocate test buffers for %s\n", | |
1826 | driver); | |
1827 | err = -ENOMEM; | |
1828 | goto out; | |
3a338f20 JK |
1829 | } |
1830 | ||
4e7babba EB |
1831 | err = test_skcipher(driver, ENCRYPT, suite, req, tsgls); |
1832 | if (err) | |
1833 | goto out; | |
1834 | ||
1835 | err = test_skcipher(driver, DECRYPT, suite, req, tsgls); | |
1836 | out: | |
1837 | free_cipher_test_sglists(tsgls); | |
1838 | skcipher_request_free(req); | |
1839 | crypto_free_skcipher(tfm); | |
1840 | return err; | |
08d6af8c JK |
1841 | } |
1842 | ||
b13b1e0c EB |
1843 | static int test_comp(struct crypto_comp *tfm, |
1844 | const struct comp_testvec *ctemplate, | |
1845 | const struct comp_testvec *dtemplate, | |
1846 | int ctcount, int dtcount) | |
da7f033d HX |
1847 | { |
1848 | const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm)); | |
33607384 | 1849 | char *output, *decomp_output; |
da7f033d | 1850 | unsigned int i; |
da7f033d HX |
1851 | int ret; |
1852 | ||
33607384 MC |
1853 | output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); |
1854 | if (!output) | |
1855 | return -ENOMEM; | |
1856 | ||
1857 | decomp_output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); | |
1858 | if (!decomp_output) { | |
1859 | kfree(output); | |
1860 | return -ENOMEM; | |
1861 | } | |
1862 | ||
da7f033d | 1863 | for (i = 0; i < ctcount; i++) { |
c79cf910 GU |
1864 | int ilen; |
1865 | unsigned int dlen = COMP_BUF_SIZE; | |
da7f033d | 1866 | |
22a8118d MS |
1867 | memset(output, 0, COMP_BUF_SIZE); |
1868 | memset(decomp_output, 0, COMP_BUF_SIZE); | |
da7f033d HX |
1869 | |
1870 | ilen = ctemplate[i].inlen; | |
1871 | ret = crypto_comp_compress(tfm, ctemplate[i].input, | |
33607384 | 1872 | ilen, output, &dlen); |
da7f033d HX |
1873 | if (ret) { |
1874 | printk(KERN_ERR "alg: comp: compression failed " | |
1875 | "on test %d for %s: ret=%d\n", i + 1, algo, | |
1876 | -ret); | |
1877 | goto out; | |
1878 | } | |
1879 | ||
33607384 MC |
1880 | ilen = dlen; |
1881 | dlen = COMP_BUF_SIZE; | |
1882 | ret = crypto_comp_decompress(tfm, output, | |
1883 | ilen, decomp_output, &dlen); | |
1884 | if (ret) { | |
1885 | pr_err("alg: comp: compression failed: decompress: on test %d for %s failed: ret=%d\n", | |
1886 | i + 1, algo, -ret); | |
1887 | goto out; | |
1888 | } | |
1889 | ||
1890 | if (dlen != ctemplate[i].inlen) { | |
b812eb00 GU |
1891 | printk(KERN_ERR "alg: comp: Compression test %d " |
1892 | "failed for %s: output len = %d\n", i + 1, algo, | |
1893 | dlen); | |
1894 | ret = -EINVAL; | |
1895 | goto out; | |
1896 | } | |
1897 | ||
33607384 MC |
1898 | if (memcmp(decomp_output, ctemplate[i].input, |
1899 | ctemplate[i].inlen)) { | |
1900 | pr_err("alg: comp: compression failed: output differs: on test %d for %s\n", | |
1901 | i + 1, algo); | |
1902 | hexdump(decomp_output, dlen); | |
da7f033d HX |
1903 | ret = -EINVAL; |
1904 | goto out; | |
1905 | } | |
1906 | } | |
1907 | ||
1908 | for (i = 0; i < dtcount; i++) { | |
c79cf910 GU |
1909 | int ilen; |
1910 | unsigned int dlen = COMP_BUF_SIZE; | |
da7f033d | 1911 | |
22a8118d | 1912 | memset(decomp_output, 0, COMP_BUF_SIZE); |
da7f033d HX |
1913 | |
1914 | ilen = dtemplate[i].inlen; | |
1915 | ret = crypto_comp_decompress(tfm, dtemplate[i].input, | |
33607384 | 1916 | ilen, decomp_output, &dlen); |
da7f033d HX |
1917 | if (ret) { |
1918 | printk(KERN_ERR "alg: comp: decompression failed " | |
1919 | "on test %d for %s: ret=%d\n", i + 1, algo, | |
1920 | -ret); | |
1921 | goto out; | |
1922 | } | |
1923 | ||
b812eb00 GU |
1924 | if (dlen != dtemplate[i].outlen) { |
1925 | printk(KERN_ERR "alg: comp: Decompression test %d " | |
1926 | "failed for %s: output len = %d\n", i + 1, algo, | |
1927 | dlen); | |
1928 | ret = -EINVAL; | |
1929 | goto out; | |
1930 | } | |
1931 | ||
33607384 | 1932 | if (memcmp(decomp_output, dtemplate[i].output, dlen)) { |
da7f033d HX |
1933 | printk(KERN_ERR "alg: comp: Decompression test %d " |
1934 | "failed for %s\n", i + 1, algo); | |
33607384 | 1935 | hexdump(decomp_output, dlen); |
da7f033d HX |
1936 | ret = -EINVAL; |
1937 | goto out; | |
1938 | } | |
1939 | } | |
1940 | ||
1941 | ret = 0; | |
1942 | ||
1943 | out: | |
33607384 MC |
1944 | kfree(decomp_output); |
1945 | kfree(output); | |
da7f033d HX |
1946 | return ret; |
1947 | } | |
1948 | ||
b13b1e0c | 1949 | static int test_acomp(struct crypto_acomp *tfm, |
33607384 | 1950 | const struct comp_testvec *ctemplate, |
b13b1e0c EB |
1951 | const struct comp_testvec *dtemplate, |
1952 | int ctcount, int dtcount) | |
d7db7a88 GC |
1953 | { |
1954 | const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm)); | |
1955 | unsigned int i; | |
a9943a0a | 1956 | char *output, *decomp_out; |
d7db7a88 GC |
1957 | int ret; |
1958 | struct scatterlist src, dst; | |
1959 | struct acomp_req *req; | |
7f397136 | 1960 | struct crypto_wait wait; |
d7db7a88 | 1961 | |
eb095593 EB |
1962 | output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); |
1963 | if (!output) | |
1964 | return -ENOMEM; | |
1965 | ||
a9943a0a GC |
1966 | decomp_out = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); |
1967 | if (!decomp_out) { | |
1968 | kfree(output); | |
1969 | return -ENOMEM; | |
1970 | } | |
1971 | ||
d7db7a88 GC |
1972 | for (i = 0; i < ctcount; i++) { |
1973 | unsigned int dlen = COMP_BUF_SIZE; | |
1974 | int ilen = ctemplate[i].inlen; | |
02608e02 | 1975 | void *input_vec; |
d7db7a88 | 1976 | |
d2110224 | 1977 | input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL); |
02608e02 LA |
1978 | if (!input_vec) { |
1979 | ret = -ENOMEM; | |
1980 | goto out; | |
1981 | } | |
1982 | ||
eb095593 | 1983 | memset(output, 0, dlen); |
7f397136 | 1984 | crypto_init_wait(&wait); |
02608e02 | 1985 | sg_init_one(&src, input_vec, ilen); |
d7db7a88 GC |
1986 | sg_init_one(&dst, output, dlen); |
1987 | ||
1988 | req = acomp_request_alloc(tfm); | |
1989 | if (!req) { | |
1990 | pr_err("alg: acomp: request alloc failed for %s\n", | |
1991 | algo); | |
02608e02 | 1992 | kfree(input_vec); |
d7db7a88 GC |
1993 | ret = -ENOMEM; |
1994 | goto out; | |
1995 | } | |
1996 | ||
1997 | acomp_request_set_params(req, &src, &dst, ilen, dlen); | |
1998 | acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
7f397136 | 1999 | crypto_req_done, &wait); |
d7db7a88 | 2000 | |
7f397136 | 2001 | ret = crypto_wait_req(crypto_acomp_compress(req), &wait); |
d7db7a88 GC |
2002 | if (ret) { |
2003 | pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n", | |
2004 | i + 1, algo, -ret); | |
02608e02 | 2005 | kfree(input_vec); |
d7db7a88 GC |
2006 | acomp_request_free(req); |
2007 | goto out; | |
2008 | } | |
2009 | ||
a9943a0a GC |
2010 | ilen = req->dlen; |
2011 | dlen = COMP_BUF_SIZE; | |
2012 | sg_init_one(&src, output, ilen); | |
2013 | sg_init_one(&dst, decomp_out, dlen); | |
7f397136 | 2014 | crypto_init_wait(&wait); |
a9943a0a GC |
2015 | acomp_request_set_params(req, &src, &dst, ilen, dlen); |
2016 | ||
7f397136 | 2017 | ret = crypto_wait_req(crypto_acomp_decompress(req), &wait); |
a9943a0a GC |
2018 | if (ret) { |
2019 | pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n", | |
2020 | i + 1, algo, -ret); | |
2021 | kfree(input_vec); | |
2022 | acomp_request_free(req); | |
2023 | goto out; | |
2024 | } | |
2025 | ||
2026 | if (req->dlen != ctemplate[i].inlen) { | |
d7db7a88 GC |
2027 | pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n", |
2028 | i + 1, algo, req->dlen); | |
2029 | ret = -EINVAL; | |
02608e02 | 2030 | kfree(input_vec); |
d7db7a88 GC |
2031 | acomp_request_free(req); |
2032 | goto out; | |
2033 | } | |
2034 | ||
a9943a0a | 2035 | if (memcmp(input_vec, decomp_out, req->dlen)) { |
d7db7a88 GC |
2036 | pr_err("alg: acomp: Compression test %d failed for %s\n", |
2037 | i + 1, algo); | |
2038 | hexdump(output, req->dlen); | |
2039 | ret = -EINVAL; | |
02608e02 | 2040 | kfree(input_vec); |
d7db7a88 GC |
2041 | acomp_request_free(req); |
2042 | goto out; | |
2043 | } | |
2044 | ||
02608e02 | 2045 | kfree(input_vec); |
d7db7a88 GC |
2046 | acomp_request_free(req); |
2047 | } | |
2048 | ||
2049 | for (i = 0; i < dtcount; i++) { | |
2050 | unsigned int dlen = COMP_BUF_SIZE; | |
2051 | int ilen = dtemplate[i].inlen; | |
02608e02 LA |
2052 | void *input_vec; |
2053 | ||
d2110224 | 2054 | input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL); |
02608e02 LA |
2055 | if (!input_vec) { |
2056 | ret = -ENOMEM; | |
2057 | goto out; | |
2058 | } | |
d7db7a88 | 2059 | |
eb095593 | 2060 | memset(output, 0, dlen); |
7f397136 | 2061 | crypto_init_wait(&wait); |
02608e02 | 2062 | sg_init_one(&src, input_vec, ilen); |
d7db7a88 GC |
2063 | sg_init_one(&dst, output, dlen); |
2064 | ||
2065 | req = acomp_request_alloc(tfm); | |
2066 | if (!req) { | |
2067 | pr_err("alg: acomp: request alloc failed for %s\n", | |
2068 | algo); | |
02608e02 | 2069 | kfree(input_vec); |
d7db7a88 GC |
2070 | ret = -ENOMEM; |
2071 | goto out; | |
2072 | } | |
2073 | ||
2074 | acomp_request_set_params(req, &src, &dst, ilen, dlen); | |
2075 | acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
7f397136 | 2076 | crypto_req_done, &wait); |
d7db7a88 | 2077 | |
7f397136 | 2078 | ret = crypto_wait_req(crypto_acomp_decompress(req), &wait); |
d7db7a88 GC |
2079 | if (ret) { |
2080 | pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n", | |
2081 | i + 1, algo, -ret); | |
02608e02 | 2082 | kfree(input_vec); |
d7db7a88 GC |
2083 | acomp_request_free(req); |
2084 | goto out; | |
2085 | } | |
2086 | ||
2087 | if (req->dlen != dtemplate[i].outlen) { | |
2088 | pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n", | |
2089 | i + 1, algo, req->dlen); | |
2090 | ret = -EINVAL; | |
02608e02 | 2091 | kfree(input_vec); |
d7db7a88 GC |
2092 | acomp_request_free(req); |
2093 | goto out; | |
2094 | } | |
2095 | ||
2096 | if (memcmp(output, dtemplate[i].output, req->dlen)) { | |
2097 | pr_err("alg: acomp: Decompression test %d failed for %s\n", | |
2098 | i + 1, algo); | |
2099 | hexdump(output, req->dlen); | |
2100 | ret = -EINVAL; | |
02608e02 | 2101 | kfree(input_vec); |
d7db7a88 GC |
2102 | acomp_request_free(req); |
2103 | goto out; | |
2104 | } | |
2105 | ||
02608e02 | 2106 | kfree(input_vec); |
d7db7a88 GC |
2107 | acomp_request_free(req); |
2108 | } | |
2109 | ||
2110 | ret = 0; | |
2111 | ||
2112 | out: | |
a9943a0a | 2113 | kfree(decomp_out); |
eb095593 | 2114 | kfree(output); |
d7db7a88 GC |
2115 | return ret; |
2116 | } | |
2117 | ||
b13b1e0c EB |
2118 | static int test_cprng(struct crypto_rng *tfm, |
2119 | const struct cprng_testvec *template, | |
7647d6ce JW |
2120 | unsigned int tcount) |
2121 | { | |
2122 | const char *algo = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm)); | |
fa4ef8a6 | 2123 | int err = 0, i, j, seedsize; |
7647d6ce JW |
2124 | u8 *seed; |
2125 | char result[32]; | |
2126 | ||
2127 | seedsize = crypto_rng_seedsize(tfm); | |
2128 | ||
2129 | seed = kmalloc(seedsize, GFP_KERNEL); | |
2130 | if (!seed) { | |
2131 | printk(KERN_ERR "alg: cprng: Failed to allocate seed space " | |
2132 | "for %s\n", algo); | |
2133 | return -ENOMEM; | |
2134 | } | |
2135 | ||
2136 | for (i = 0; i < tcount; i++) { | |
2137 | memset(result, 0, 32); | |
2138 | ||
2139 | memcpy(seed, template[i].v, template[i].vlen); | |
2140 | memcpy(seed + template[i].vlen, template[i].key, | |
2141 | template[i].klen); | |
2142 | memcpy(seed + template[i].vlen + template[i].klen, | |
2143 | template[i].dt, template[i].dtlen); | |
2144 | ||
2145 | err = crypto_rng_reset(tfm, seed, seedsize); | |
2146 | if (err) { | |
2147 | printk(KERN_ERR "alg: cprng: Failed to reset rng " | |
2148 | "for %s\n", algo); | |
2149 | goto out; | |
2150 | } | |
2151 | ||
2152 | for (j = 0; j < template[i].loops; j++) { | |
2153 | err = crypto_rng_get_bytes(tfm, result, | |
2154 | template[i].rlen); | |
19e60e13 | 2155 | if (err < 0) { |
7647d6ce JW |
2156 | printk(KERN_ERR "alg: cprng: Failed to obtain " |
2157 | "the correct amount of random data for " | |
19e60e13 SM |
2158 | "%s (requested %d)\n", algo, |
2159 | template[i].rlen); | |
7647d6ce JW |
2160 | goto out; |
2161 | } | |
2162 | } | |
2163 | ||
2164 | err = memcmp(result, template[i].result, | |
2165 | template[i].rlen); | |
2166 | if (err) { | |
2167 | printk(KERN_ERR "alg: cprng: Test %d failed for %s\n", | |
2168 | i, algo); | |
2169 | hexdump(result, template[i].rlen); | |
2170 | err = -EINVAL; | |
2171 | goto out; | |
2172 | } | |
2173 | } | |
2174 | ||
2175 | out: | |
2176 | kfree(seed); | |
2177 | return err; | |
2178 | } | |
2179 | ||
da7f033d HX |
2180 | static int alg_test_cipher(const struct alg_test_desc *desc, |
2181 | const char *driver, u32 type, u32 mask) | |
2182 | { | |
92a4c9fe | 2183 | const struct cipher_test_suite *suite = &desc->suite.cipher; |
1aa4ecd9 | 2184 | struct crypto_cipher *tfm; |
92a4c9fe | 2185 | int err; |
da7f033d | 2186 | |
eed93e0c | 2187 | tfm = crypto_alloc_cipher(driver, type, mask); |
da7f033d HX |
2188 | if (IS_ERR(tfm)) { |
2189 | printk(KERN_ERR "alg: cipher: Failed to load transform for " | |
2190 | "%s: %ld\n", driver, PTR_ERR(tfm)); | |
2191 | return PTR_ERR(tfm); | |
2192 | } | |
2193 | ||
92a4c9fe EB |
2194 | err = test_cipher(tfm, ENCRYPT, suite->vecs, suite->count); |
2195 | if (!err) | |
2196 | err = test_cipher(tfm, DECRYPT, suite->vecs, suite->count); | |
da7f033d | 2197 | |
1aa4ecd9 HX |
2198 | crypto_free_cipher(tfm); |
2199 | return err; | |
2200 | } | |
2201 | ||
da7f033d HX |
2202 | static int alg_test_comp(const struct alg_test_desc *desc, const char *driver, |
2203 | u32 type, u32 mask) | |
2204 | { | |
d7db7a88 GC |
2205 | struct crypto_comp *comp; |
2206 | struct crypto_acomp *acomp; | |
da7f033d | 2207 | int err; |
d7db7a88 GC |
2208 | u32 algo_type = type & CRYPTO_ALG_TYPE_ACOMPRESS_MASK; |
2209 | ||
2210 | if (algo_type == CRYPTO_ALG_TYPE_ACOMPRESS) { | |
2211 | acomp = crypto_alloc_acomp(driver, type, mask); | |
2212 | if (IS_ERR(acomp)) { | |
2213 | pr_err("alg: acomp: Failed to load transform for %s: %ld\n", | |
2214 | driver, PTR_ERR(acomp)); | |
2215 | return PTR_ERR(acomp); | |
2216 | } | |
2217 | err = test_acomp(acomp, desc->suite.comp.comp.vecs, | |
2218 | desc->suite.comp.decomp.vecs, | |
2219 | desc->suite.comp.comp.count, | |
2220 | desc->suite.comp.decomp.count); | |
2221 | crypto_free_acomp(acomp); | |
2222 | } else { | |
2223 | comp = crypto_alloc_comp(driver, type, mask); | |
2224 | if (IS_ERR(comp)) { | |
2225 | pr_err("alg: comp: Failed to load transform for %s: %ld\n", | |
2226 | driver, PTR_ERR(comp)); | |
2227 | return PTR_ERR(comp); | |
2228 | } | |
da7f033d | 2229 | |
d7db7a88 GC |
2230 | err = test_comp(comp, desc->suite.comp.comp.vecs, |
2231 | desc->suite.comp.decomp.vecs, | |
2232 | desc->suite.comp.comp.count, | |
2233 | desc->suite.comp.decomp.count); | |
da7f033d | 2234 | |
d7db7a88 GC |
2235 | crypto_free_comp(comp); |
2236 | } | |
da7f033d HX |
2237 | return err; |
2238 | } | |
2239 | ||
8e3ee85e HX |
2240 | static int alg_test_crc32c(const struct alg_test_desc *desc, |
2241 | const char *driver, u32 type, u32 mask) | |
2242 | { | |
2243 | struct crypto_shash *tfm; | |
cb9dde88 | 2244 | __le32 val; |
8e3ee85e HX |
2245 | int err; |
2246 | ||
2247 | err = alg_test_hash(desc, driver, type, mask); | |
2248 | if (err) | |
eb5e6730 | 2249 | return err; |
8e3ee85e | 2250 | |
eed93e0c | 2251 | tfm = crypto_alloc_shash(driver, type, mask); |
8e3ee85e | 2252 | if (IS_ERR(tfm)) { |
eb5e6730 EB |
2253 | if (PTR_ERR(tfm) == -ENOENT) { |
2254 | /* | |
2255 | * This crc32c implementation is only available through | |
2256 | * ahash API, not the shash API, so the remaining part | |
2257 | * of the test is not applicable to it. | |
2258 | */ | |
2259 | return 0; | |
2260 | } | |
8e3ee85e HX |
2261 | printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: " |
2262 | "%ld\n", driver, PTR_ERR(tfm)); | |
eb5e6730 | 2263 | return PTR_ERR(tfm); |
8e3ee85e HX |
2264 | } |
2265 | ||
2266 | do { | |
4c5c3024 JSM |
2267 | SHASH_DESC_ON_STACK(shash, tfm); |
2268 | u32 *ctx = (u32 *)shash_desc_ctx(shash); | |
8e3ee85e | 2269 | |
4c5c3024 JSM |
2270 | shash->tfm = tfm; |
2271 | shash->flags = 0; | |
8e3ee85e | 2272 | |
cb9dde88 | 2273 | *ctx = 420553207; |
4c5c3024 | 2274 | err = crypto_shash_final(shash, (u8 *)&val); |
8e3ee85e HX |
2275 | if (err) { |
2276 | printk(KERN_ERR "alg: crc32c: Operation failed for " | |
2277 | "%s: %d\n", driver, err); | |
2278 | break; | |
2279 | } | |
2280 | ||
cb9dde88 EB |
2281 | if (val != cpu_to_le32(~420553207)) { |
2282 | pr_err("alg: crc32c: Test failed for %s: %u\n", | |
2283 | driver, le32_to_cpu(val)); | |
8e3ee85e HX |
2284 | err = -EINVAL; |
2285 | } | |
2286 | } while (0); | |
2287 | ||
2288 | crypto_free_shash(tfm); | |
2289 | ||
8e3ee85e HX |
2290 | return err; |
2291 | } | |
2292 | ||
7647d6ce JW |
2293 | static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver, |
2294 | u32 type, u32 mask) | |
2295 | { | |
2296 | struct crypto_rng *rng; | |
2297 | int err; | |
2298 | ||
eed93e0c | 2299 | rng = crypto_alloc_rng(driver, type, mask); |
7647d6ce JW |
2300 | if (IS_ERR(rng)) { |
2301 | printk(KERN_ERR "alg: cprng: Failed to load transform for %s: " | |
2302 | "%ld\n", driver, PTR_ERR(rng)); | |
2303 | return PTR_ERR(rng); | |
2304 | } | |
2305 | ||
2306 | err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count); | |
2307 | ||
2308 | crypto_free_rng(rng); | |
2309 | ||
2310 | return err; | |
2311 | } | |
2312 | ||
64d1cdfb | 2313 | |
b13b1e0c | 2314 | static int drbg_cavs_test(const struct drbg_testvec *test, int pr, |
64d1cdfb SM |
2315 | const char *driver, u32 type, u32 mask) |
2316 | { | |
2317 | int ret = -EAGAIN; | |
2318 | struct crypto_rng *drng; | |
2319 | struct drbg_test_data test_data; | |
2320 | struct drbg_string addtl, pers, testentropy; | |
2321 | unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL); | |
2322 | ||
2323 | if (!buf) | |
2324 | return -ENOMEM; | |
2325 | ||
eed93e0c | 2326 | drng = crypto_alloc_rng(driver, type, mask); |
64d1cdfb | 2327 | if (IS_ERR(drng)) { |
2fc0d258 | 2328 | printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for " |
64d1cdfb SM |
2329 | "%s\n", driver); |
2330 | kzfree(buf); | |
2331 | return -ENOMEM; | |
2332 | } | |
2333 | ||
2334 | test_data.testentropy = &testentropy; | |
2335 | drbg_string_fill(&testentropy, test->entropy, test->entropylen); | |
2336 | drbg_string_fill(&pers, test->pers, test->perslen); | |
2337 | ret = crypto_drbg_reset_test(drng, &pers, &test_data); | |
2338 | if (ret) { | |
2339 | printk(KERN_ERR "alg: drbg: Failed to reset rng\n"); | |
2340 | goto outbuf; | |
2341 | } | |
2342 | ||
2343 | drbg_string_fill(&addtl, test->addtla, test->addtllen); | |
2344 | if (pr) { | |
2345 | drbg_string_fill(&testentropy, test->entpra, test->entprlen); | |
2346 | ret = crypto_drbg_get_bytes_addtl_test(drng, | |
2347 | buf, test->expectedlen, &addtl, &test_data); | |
2348 | } else { | |
2349 | ret = crypto_drbg_get_bytes_addtl(drng, | |
2350 | buf, test->expectedlen, &addtl); | |
2351 | } | |
19e60e13 | 2352 | if (ret < 0) { |
2fc0d258 | 2353 | printk(KERN_ERR "alg: drbg: could not obtain random data for " |
64d1cdfb SM |
2354 | "driver %s\n", driver); |
2355 | goto outbuf; | |
2356 | } | |
2357 | ||
2358 | drbg_string_fill(&addtl, test->addtlb, test->addtllen); | |
2359 | if (pr) { | |
2360 | drbg_string_fill(&testentropy, test->entprb, test->entprlen); | |
2361 | ret = crypto_drbg_get_bytes_addtl_test(drng, | |
2362 | buf, test->expectedlen, &addtl, &test_data); | |
2363 | } else { | |
2364 | ret = crypto_drbg_get_bytes_addtl(drng, | |
2365 | buf, test->expectedlen, &addtl); | |
2366 | } | |
19e60e13 | 2367 | if (ret < 0) { |
2fc0d258 | 2368 | printk(KERN_ERR "alg: drbg: could not obtain random data for " |
64d1cdfb SM |
2369 | "driver %s\n", driver); |
2370 | goto outbuf; | |
2371 | } | |
2372 | ||
2373 | ret = memcmp(test->expected, buf, test->expectedlen); | |
2374 | ||
2375 | outbuf: | |
2376 | crypto_free_rng(drng); | |
2377 | kzfree(buf); | |
2378 | return ret; | |
2379 | } | |
2380 | ||
2381 | ||
2382 | static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver, | |
2383 | u32 type, u32 mask) | |
2384 | { | |
2385 | int err = 0; | |
2386 | int pr = 0; | |
2387 | int i = 0; | |
b13b1e0c | 2388 | const struct drbg_testvec *template = desc->suite.drbg.vecs; |
64d1cdfb SM |
2389 | unsigned int tcount = desc->suite.drbg.count; |
2390 | ||
2391 | if (0 == memcmp(driver, "drbg_pr_", 8)) | |
2392 | pr = 1; | |
2393 | ||
2394 | for (i = 0; i < tcount; i++) { | |
2395 | err = drbg_cavs_test(&template[i], pr, driver, type, mask); | |
2396 | if (err) { | |
2397 | printk(KERN_ERR "alg: drbg: Test %d failed for %s\n", | |
2398 | i, driver); | |
2399 | err = -EINVAL; | |
2400 | break; | |
2401 | } | |
2402 | } | |
2403 | return err; | |
2404 | ||
2405 | } | |
2406 | ||
b13b1e0c | 2407 | static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec, |
802c7f1c SB |
2408 | const char *alg) |
2409 | { | |
2410 | struct kpp_request *req; | |
2411 | void *input_buf = NULL; | |
2412 | void *output_buf = NULL; | |
47d3fd39 TDA |
2413 | void *a_public = NULL; |
2414 | void *a_ss = NULL; | |
2415 | void *shared_secret = NULL; | |
7f397136 | 2416 | struct crypto_wait wait; |
802c7f1c SB |
2417 | unsigned int out_len_max; |
2418 | int err = -ENOMEM; | |
2419 | struct scatterlist src, dst; | |
2420 | ||
2421 | req = kpp_request_alloc(tfm, GFP_KERNEL); | |
2422 | if (!req) | |
2423 | return err; | |
2424 | ||
7f397136 | 2425 | crypto_init_wait(&wait); |
802c7f1c SB |
2426 | |
2427 | err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size); | |
2428 | if (err < 0) | |
2429 | goto free_req; | |
2430 | ||
2431 | out_len_max = crypto_kpp_maxsize(tfm); | |
2432 | output_buf = kzalloc(out_len_max, GFP_KERNEL); | |
2433 | if (!output_buf) { | |
2434 | err = -ENOMEM; | |
2435 | goto free_req; | |
2436 | } | |
2437 | ||
2438 | /* Use appropriate parameter as base */ | |
2439 | kpp_request_set_input(req, NULL, 0); | |
2440 | sg_init_one(&dst, output_buf, out_len_max); | |
2441 | kpp_request_set_output(req, &dst, out_len_max); | |
2442 | kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
7f397136 | 2443 | crypto_req_done, &wait); |
802c7f1c | 2444 | |
47d3fd39 | 2445 | /* Compute party A's public key */ |
7f397136 | 2446 | err = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait); |
802c7f1c | 2447 | if (err) { |
47d3fd39 | 2448 | pr_err("alg: %s: Party A: generate public key test failed. err %d\n", |
802c7f1c SB |
2449 | alg, err); |
2450 | goto free_output; | |
2451 | } | |
47d3fd39 TDA |
2452 | |
2453 | if (vec->genkey) { | |
2454 | /* Save party A's public key */ | |
e3d90e52 | 2455 | a_public = kmemdup(sg_virt(req->dst), out_len_max, GFP_KERNEL); |
47d3fd39 TDA |
2456 | if (!a_public) { |
2457 | err = -ENOMEM; | |
2458 | goto free_output; | |
2459 | } | |
47d3fd39 TDA |
2460 | } else { |
2461 | /* Verify calculated public key */ | |
2462 | if (memcmp(vec->expected_a_public, sg_virt(req->dst), | |
2463 | vec->expected_a_public_size)) { | |
2464 | pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n", | |
2465 | alg); | |
2466 | err = -EINVAL; | |
2467 | goto free_output; | |
2468 | } | |
802c7f1c SB |
2469 | } |
2470 | ||
2471 | /* Calculate shared secret key by using counter part (b) public key. */ | |
e3d90e52 | 2472 | input_buf = kmemdup(vec->b_public, vec->b_public_size, GFP_KERNEL); |
802c7f1c SB |
2473 | if (!input_buf) { |
2474 | err = -ENOMEM; | |
2475 | goto free_output; | |
2476 | } | |
2477 | ||
802c7f1c SB |
2478 | sg_init_one(&src, input_buf, vec->b_public_size); |
2479 | sg_init_one(&dst, output_buf, out_len_max); | |
2480 | kpp_request_set_input(req, &src, vec->b_public_size); | |
2481 | kpp_request_set_output(req, &dst, out_len_max); | |
2482 | kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
7f397136 GBY |
2483 | crypto_req_done, &wait); |
2484 | err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait); | |
802c7f1c | 2485 | if (err) { |
47d3fd39 | 2486 | pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n", |
802c7f1c SB |
2487 | alg, err); |
2488 | goto free_all; | |
2489 | } | |
47d3fd39 TDA |
2490 | |
2491 | if (vec->genkey) { | |
2492 | /* Save the shared secret obtained by party A */ | |
e3d90e52 | 2493 | a_ss = kmemdup(sg_virt(req->dst), vec->expected_ss_size, GFP_KERNEL); |
47d3fd39 TDA |
2494 | if (!a_ss) { |
2495 | err = -ENOMEM; | |
2496 | goto free_all; | |
2497 | } | |
47d3fd39 TDA |
2498 | |
2499 | /* | |
2500 | * Calculate party B's shared secret by using party A's | |
2501 | * public key. | |
2502 | */ | |
2503 | err = crypto_kpp_set_secret(tfm, vec->b_secret, | |
2504 | vec->b_secret_size); | |
2505 | if (err < 0) | |
2506 | goto free_all; | |
2507 | ||
2508 | sg_init_one(&src, a_public, vec->expected_a_public_size); | |
2509 | sg_init_one(&dst, output_buf, out_len_max); | |
2510 | kpp_request_set_input(req, &src, vec->expected_a_public_size); | |
2511 | kpp_request_set_output(req, &dst, out_len_max); | |
2512 | kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
7f397136 GBY |
2513 | crypto_req_done, &wait); |
2514 | err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), | |
2515 | &wait); | |
47d3fd39 TDA |
2516 | if (err) { |
2517 | pr_err("alg: %s: Party B: compute shared secret failed. err %d\n", | |
2518 | alg, err); | |
2519 | goto free_all; | |
2520 | } | |
2521 | ||
2522 | shared_secret = a_ss; | |
2523 | } else { | |
2524 | shared_secret = (void *)vec->expected_ss; | |
2525 | } | |
2526 | ||
802c7f1c SB |
2527 | /* |
2528 | * verify shared secret from which the user will derive | |
2529 | * secret key by executing whatever hash it has chosen | |
2530 | */ | |
47d3fd39 | 2531 | if (memcmp(shared_secret, sg_virt(req->dst), |
802c7f1c SB |
2532 | vec->expected_ss_size)) { |
2533 | pr_err("alg: %s: compute shared secret test failed. Invalid output\n", | |
2534 | alg); | |
2535 | err = -EINVAL; | |
2536 | } | |
2537 | ||
2538 | free_all: | |
47d3fd39 | 2539 | kfree(a_ss); |
802c7f1c SB |
2540 | kfree(input_buf); |
2541 | free_output: | |
47d3fd39 | 2542 | kfree(a_public); |
802c7f1c SB |
2543 | kfree(output_buf); |
2544 | free_req: | |
2545 | kpp_request_free(req); | |
2546 | return err; | |
2547 | } | |
2548 | ||
2549 | static int test_kpp(struct crypto_kpp *tfm, const char *alg, | |
b13b1e0c | 2550 | const struct kpp_testvec *vecs, unsigned int tcount) |
802c7f1c SB |
2551 | { |
2552 | int ret, i; | |
2553 | ||
2554 | for (i = 0; i < tcount; i++) { | |
2555 | ret = do_test_kpp(tfm, vecs++, alg); | |
2556 | if (ret) { | |
2557 | pr_err("alg: %s: test failed on vector %d, err=%d\n", | |
2558 | alg, i + 1, ret); | |
2559 | return ret; | |
2560 | } | |
2561 | } | |
2562 | return 0; | |
2563 | } | |
2564 | ||
2565 | static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver, | |
2566 | u32 type, u32 mask) | |
2567 | { | |
2568 | struct crypto_kpp *tfm; | |
2569 | int err = 0; | |
2570 | ||
eed93e0c | 2571 | tfm = crypto_alloc_kpp(driver, type, mask); |
802c7f1c SB |
2572 | if (IS_ERR(tfm)) { |
2573 | pr_err("alg: kpp: Failed to load tfm for %s: %ld\n", | |
2574 | driver, PTR_ERR(tfm)); | |
2575 | return PTR_ERR(tfm); | |
2576 | } | |
2577 | if (desc->suite.kpp.vecs) | |
2578 | err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs, | |
2579 | desc->suite.kpp.count); | |
2580 | ||
2581 | crypto_free_kpp(tfm); | |
2582 | return err; | |
2583 | } | |
2584 | ||
50d2b643 | 2585 | static int test_akcipher_one(struct crypto_akcipher *tfm, |
b13b1e0c | 2586 | const struct akcipher_testvec *vecs) |
946cc463 | 2587 | { |
df27b26f | 2588 | char *xbuf[XBUFSIZE]; |
946cc463 TS |
2589 | struct akcipher_request *req; |
2590 | void *outbuf_enc = NULL; | |
2591 | void *outbuf_dec = NULL; | |
7f397136 | 2592 | struct crypto_wait wait; |
946cc463 TS |
2593 | unsigned int out_len_max, out_len = 0; |
2594 | int err = -ENOMEM; | |
22287b0b | 2595 | struct scatterlist src, dst, src_tab[2]; |
0507de94 VC |
2596 | const char *m, *c; |
2597 | unsigned int m_size, c_size; | |
2598 | const char *op; | |
946cc463 | 2599 | |
df27b26f HX |
2600 | if (testmgr_alloc_buf(xbuf)) |
2601 | return err; | |
2602 | ||
946cc463 TS |
2603 | req = akcipher_request_alloc(tfm, GFP_KERNEL); |
2604 | if (!req) | |
df27b26f | 2605 | goto free_xbuf; |
946cc463 | 2606 | |
7f397136 | 2607 | crypto_init_wait(&wait); |
946cc463 | 2608 | |
22287b0b TS |
2609 | if (vecs->public_key_vec) |
2610 | err = crypto_akcipher_set_pub_key(tfm, vecs->key, | |
2611 | vecs->key_len); | |
2612 | else | |
2613 | err = crypto_akcipher_set_priv_key(tfm, vecs->key, | |
2614 | vecs->key_len); | |
2615 | if (err) | |
946cc463 | 2616 | goto free_req; |
946cc463 | 2617 | |
57763f5e | 2618 | err = -ENOMEM; |
22287b0b | 2619 | out_len_max = crypto_akcipher_maxsize(tfm); |
0507de94 VC |
2620 | |
2621 | /* | |
2622 | * First run test which do not require a private key, such as | |
2623 | * encrypt or verify. | |
2624 | */ | |
946cc463 TS |
2625 | outbuf_enc = kzalloc(out_len_max, GFP_KERNEL); |
2626 | if (!outbuf_enc) | |
2627 | goto free_req; | |
2628 | ||
0507de94 VC |
2629 | if (!vecs->siggen_sigver_test) { |
2630 | m = vecs->m; | |
2631 | m_size = vecs->m_size; | |
2632 | c = vecs->c; | |
2633 | c_size = vecs->c_size; | |
2634 | op = "encrypt"; | |
2635 | } else { | |
2636 | /* Swap args so we could keep plaintext (digest) | |
2637 | * in vecs->m, and cooked signature in vecs->c. | |
2638 | */ | |
2639 | m = vecs->c; /* signature */ | |
2640 | m_size = vecs->c_size; | |
2641 | c = vecs->m; /* digest */ | |
2642 | c_size = vecs->m_size; | |
2643 | op = "verify"; | |
2644 | } | |
df27b26f | 2645 | |
0507de94 VC |
2646 | if (WARN_ON(m_size > PAGE_SIZE)) |
2647 | goto free_all; | |
2648 | memcpy(xbuf[0], m, m_size); | |
df27b26f | 2649 | |
22287b0b | 2650 | sg_init_table(src_tab, 2); |
df27b26f | 2651 | sg_set_buf(&src_tab[0], xbuf[0], 8); |
0507de94 | 2652 | sg_set_buf(&src_tab[1], xbuf[0] + 8, m_size - 8); |
22287b0b | 2653 | sg_init_one(&dst, outbuf_enc, out_len_max); |
0507de94 | 2654 | akcipher_request_set_crypt(req, src_tab, &dst, m_size, |
22287b0b | 2655 | out_len_max); |
946cc463 | 2656 | akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, |
7f397136 | 2657 | crypto_req_done, &wait); |
946cc463 | 2658 | |
7f397136 | 2659 | err = crypto_wait_req(vecs->siggen_sigver_test ? |
0507de94 VC |
2660 | /* Run asymmetric signature verification */ |
2661 | crypto_akcipher_verify(req) : | |
7f397136 GBY |
2662 | /* Run asymmetric encrypt */ |
2663 | crypto_akcipher_encrypt(req), &wait); | |
946cc463 | 2664 | if (err) { |
0507de94 | 2665 | pr_err("alg: akcipher: %s test failed. err %d\n", op, err); |
946cc463 TS |
2666 | goto free_all; |
2667 | } | |
0507de94 VC |
2668 | if (req->dst_len != c_size) { |
2669 | pr_err("alg: akcipher: %s test failed. Invalid output len\n", | |
2670 | op); | |
946cc463 TS |
2671 | err = -EINVAL; |
2672 | goto free_all; | |
2673 | } | |
2674 | /* verify that encrypted message is equal to expected */ | |
0507de94 VC |
2675 | if (memcmp(c, outbuf_enc, c_size)) { |
2676 | pr_err("alg: akcipher: %s test failed. Invalid output\n", op); | |
2677 | hexdump(outbuf_enc, c_size); | |
946cc463 TS |
2678 | err = -EINVAL; |
2679 | goto free_all; | |
2680 | } | |
0507de94 VC |
2681 | |
2682 | /* | |
2683 | * Don't invoke (decrypt or sign) test which require a private key | |
2684 | * for vectors with only a public key. | |
2685 | */ | |
946cc463 TS |
2686 | if (vecs->public_key_vec) { |
2687 | err = 0; | |
2688 | goto free_all; | |
2689 | } | |
2690 | outbuf_dec = kzalloc(out_len_max, GFP_KERNEL); | |
2691 | if (!outbuf_dec) { | |
2692 | err = -ENOMEM; | |
2693 | goto free_all; | |
2694 | } | |
df27b26f | 2695 | |
0507de94 VC |
2696 | op = vecs->siggen_sigver_test ? "sign" : "decrypt"; |
2697 | if (WARN_ON(c_size > PAGE_SIZE)) | |
df27b26f | 2698 | goto free_all; |
0507de94 | 2699 | memcpy(xbuf[0], c, c_size); |
df27b26f | 2700 | |
0507de94 | 2701 | sg_init_one(&src, xbuf[0], c_size); |
22287b0b | 2702 | sg_init_one(&dst, outbuf_dec, out_len_max); |
7f397136 | 2703 | crypto_init_wait(&wait); |
0507de94 | 2704 | akcipher_request_set_crypt(req, &src, &dst, c_size, out_len_max); |
946cc463 | 2705 | |
7f397136 | 2706 | err = crypto_wait_req(vecs->siggen_sigver_test ? |
0507de94 VC |
2707 | /* Run asymmetric signature generation */ |
2708 | crypto_akcipher_sign(req) : | |
7f397136 GBY |
2709 | /* Run asymmetric decrypt */ |
2710 | crypto_akcipher_decrypt(req), &wait); | |
946cc463 | 2711 | if (err) { |
0507de94 | 2712 | pr_err("alg: akcipher: %s test failed. err %d\n", op, err); |
946cc463 TS |
2713 | goto free_all; |
2714 | } | |
2715 | out_len = req->dst_len; | |
0507de94 VC |
2716 | if (out_len < m_size) { |
2717 | pr_err("alg: akcipher: %s test failed. Invalid output len %u\n", | |
2718 | op, out_len); | |
946cc463 TS |
2719 | err = -EINVAL; |
2720 | goto free_all; | |
2721 | } | |
2722 | /* verify that decrypted message is equal to the original msg */ | |
0507de94 VC |
2723 | if (memchr_inv(outbuf_dec, 0, out_len - m_size) || |
2724 | memcmp(m, outbuf_dec + out_len - m_size, m_size)) { | |
2725 | pr_err("alg: akcipher: %s test failed. Invalid output\n", op); | |
50d2b643 | 2726 | hexdump(outbuf_dec, out_len); |
946cc463 TS |
2727 | err = -EINVAL; |
2728 | } | |
2729 | free_all: | |
2730 | kfree(outbuf_dec); | |
2731 | kfree(outbuf_enc); | |
2732 | free_req: | |
2733 | akcipher_request_free(req); | |
df27b26f HX |
2734 | free_xbuf: |
2735 | testmgr_free_buf(xbuf); | |
946cc463 TS |
2736 | return err; |
2737 | } | |
2738 | ||
50d2b643 | 2739 | static int test_akcipher(struct crypto_akcipher *tfm, const char *alg, |
b13b1e0c EB |
2740 | const struct akcipher_testvec *vecs, |
2741 | unsigned int tcount) | |
946cc463 | 2742 | { |
15226e48 HX |
2743 | const char *algo = |
2744 | crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm)); | |
946cc463 TS |
2745 | int ret, i; |
2746 | ||
2747 | for (i = 0; i < tcount; i++) { | |
50d2b643 HX |
2748 | ret = test_akcipher_one(tfm, vecs++); |
2749 | if (!ret) | |
2750 | continue; | |
946cc463 | 2751 | |
15226e48 HX |
2752 | pr_err("alg: akcipher: test %d failed for %s, err=%d\n", |
2753 | i + 1, algo, ret); | |
50d2b643 HX |
2754 | return ret; |
2755 | } | |
946cc463 TS |
2756 | return 0; |
2757 | } | |
2758 | ||
2759 | static int alg_test_akcipher(const struct alg_test_desc *desc, | |
2760 | const char *driver, u32 type, u32 mask) | |
2761 | { | |
2762 | struct crypto_akcipher *tfm; | |
2763 | int err = 0; | |
2764 | ||
eed93e0c | 2765 | tfm = crypto_alloc_akcipher(driver, type, mask); |
946cc463 TS |
2766 | if (IS_ERR(tfm)) { |
2767 | pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n", | |
2768 | driver, PTR_ERR(tfm)); | |
2769 | return PTR_ERR(tfm); | |
2770 | } | |
2771 | if (desc->suite.akcipher.vecs) | |
2772 | err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs, | |
2773 | desc->suite.akcipher.count); | |
2774 | ||
2775 | crypto_free_akcipher(tfm); | |
2776 | return err; | |
2777 | } | |
2778 | ||
863b557a YS |
2779 | static int alg_test_null(const struct alg_test_desc *desc, |
2780 | const char *driver, u32 type, u32 mask) | |
2781 | { | |
2782 | return 0; | |
2783 | } | |
2784 | ||
21c8e720 AB |
2785 | #define __VECS(tv) { .vecs = tv, .count = ARRAY_SIZE(tv) } |
2786 | ||
da7f033d HX |
2787 | /* Please keep this list sorted by algorithm name. */ |
2788 | static const struct alg_test_desc alg_test_descs[] = { | |
2789 | { | |
059c2a4d EB |
2790 | .alg = "adiantum(xchacha12,aes)", |
2791 | .test = alg_test_skcipher, | |
2792 | .suite = { | |
2793 | .cipher = __VECS(adiantum_xchacha12_aes_tv_template) | |
2794 | }, | |
2795 | }, { | |
2796 | .alg = "adiantum(xchacha20,aes)", | |
2797 | .test = alg_test_skcipher, | |
2798 | .suite = { | |
2799 | .cipher = __VECS(adiantum_xchacha20_aes_tv_template) | |
2800 | }, | |
2801 | }, { | |
b87dc203 OM |
2802 | .alg = "aegis128", |
2803 | .test = alg_test_aead, | |
2804 | .suite = { | |
a0d608ee | 2805 | .aead = __VECS(aegis128_tv_template) |
b87dc203 OM |
2806 | } |
2807 | }, { | |
2808 | .alg = "aegis128l", | |
2809 | .test = alg_test_aead, | |
2810 | .suite = { | |
a0d608ee | 2811 | .aead = __VECS(aegis128l_tv_template) |
b87dc203 OM |
2812 | } |
2813 | }, { | |
2814 | .alg = "aegis256", | |
2815 | .test = alg_test_aead, | |
2816 | .suite = { | |
a0d608ee | 2817 | .aead = __VECS(aegis256_tv_template) |
b87dc203 OM |
2818 | } |
2819 | }, { | |
e08ca2da JW |
2820 | .alg = "ansi_cprng", |
2821 | .test = alg_test_cprng, | |
2822 | .suite = { | |
21c8e720 | 2823 | .cprng = __VECS(ansi_cprng_aes_tv_template) |
e08ca2da | 2824 | } |
bca4feb0 HG |
2825 | }, { |
2826 | .alg = "authenc(hmac(md5),ecb(cipher_null))", | |
2827 | .test = alg_test_aead, | |
bca4feb0 | 2828 | .suite = { |
a0d608ee | 2829 | .aead = __VECS(hmac_md5_ecb_cipher_null_tv_template) |
bca4feb0 | 2830 | } |
e46e9a46 | 2831 | }, { |
a4198fd4 | 2832 | .alg = "authenc(hmac(sha1),cbc(aes))", |
e46e9a46 | 2833 | .test = alg_test_aead, |
bcf741cb | 2834 | .fips_allowed = 1, |
e46e9a46 | 2835 | .suite = { |
a0d608ee | 2836 | .aead = __VECS(hmac_sha1_aes_cbc_tv_temp) |
5208ed2c NL |
2837 | } |
2838 | }, { | |
a4198fd4 | 2839 | .alg = "authenc(hmac(sha1),cbc(des))", |
5208ed2c | 2840 | .test = alg_test_aead, |
5208ed2c | 2841 | .suite = { |
a0d608ee | 2842 | .aead = __VECS(hmac_sha1_des_cbc_tv_temp) |
5208ed2c NL |
2843 | } |
2844 | }, { | |
a4198fd4 | 2845 | .alg = "authenc(hmac(sha1),cbc(des3_ede))", |
5208ed2c | 2846 | .test = alg_test_aead, |
ed1afac9 | 2847 | .fips_allowed = 1, |
5208ed2c | 2848 | .suite = { |
a0d608ee | 2849 | .aead = __VECS(hmac_sha1_des3_ede_cbc_tv_temp) |
e46e9a46 | 2850 | } |
fb16abc2 MM |
2851 | }, { |
2852 | .alg = "authenc(hmac(sha1),ctr(aes))", | |
2853 | .test = alg_test_null, | |
2854 | .fips_allowed = 1, | |
bca4feb0 HG |
2855 | }, { |
2856 | .alg = "authenc(hmac(sha1),ecb(cipher_null))", | |
2857 | .test = alg_test_aead, | |
bca4feb0 | 2858 | .suite = { |
a0d608ee | 2859 | .aead = __VECS(hmac_sha1_ecb_cipher_null_tv_temp) |
5208ed2c | 2860 | } |
8888690e MM |
2861 | }, { |
2862 | .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))", | |
2863 | .test = alg_test_null, | |
2864 | .fips_allowed = 1, | |
5208ed2c | 2865 | }, { |
a4198fd4 | 2866 | .alg = "authenc(hmac(sha224),cbc(des))", |
5208ed2c | 2867 | .test = alg_test_aead, |
5208ed2c | 2868 | .suite = { |
a0d608ee | 2869 | .aead = __VECS(hmac_sha224_des_cbc_tv_temp) |
5208ed2c NL |
2870 | } |
2871 | }, { | |
a4198fd4 | 2872 | .alg = "authenc(hmac(sha224),cbc(des3_ede))", |
5208ed2c | 2873 | .test = alg_test_aead, |
ed1afac9 | 2874 | .fips_allowed = 1, |
5208ed2c | 2875 | .suite = { |
a0d608ee | 2876 | .aead = __VECS(hmac_sha224_des3_ede_cbc_tv_temp) |
bca4feb0 | 2877 | } |
e46e9a46 | 2878 | }, { |
a4198fd4 | 2879 | .alg = "authenc(hmac(sha256),cbc(aes))", |
e46e9a46 | 2880 | .test = alg_test_aead, |
ed1afac9 | 2881 | .fips_allowed = 1, |
e46e9a46 | 2882 | .suite = { |
a0d608ee | 2883 | .aead = __VECS(hmac_sha256_aes_cbc_tv_temp) |
5208ed2c NL |
2884 | } |
2885 | }, { | |
a4198fd4 | 2886 | .alg = "authenc(hmac(sha256),cbc(des))", |
5208ed2c | 2887 | .test = alg_test_aead, |
5208ed2c | 2888 | .suite = { |
a0d608ee | 2889 | .aead = __VECS(hmac_sha256_des_cbc_tv_temp) |
5208ed2c NL |
2890 | } |
2891 | }, { | |
a4198fd4 | 2892 | .alg = "authenc(hmac(sha256),cbc(des3_ede))", |
5208ed2c | 2893 | .test = alg_test_aead, |
ed1afac9 | 2894 | .fips_allowed = 1, |
5208ed2c | 2895 | .suite = { |
a0d608ee | 2896 | .aead = __VECS(hmac_sha256_des3_ede_cbc_tv_temp) |
5208ed2c | 2897 | } |
fb16abc2 MM |
2898 | }, { |
2899 | .alg = "authenc(hmac(sha256),ctr(aes))", | |
2900 | .test = alg_test_null, | |
2901 | .fips_allowed = 1, | |
8888690e MM |
2902 | }, { |
2903 | .alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))", | |
2904 | .test = alg_test_null, | |
2905 | .fips_allowed = 1, | |
5208ed2c | 2906 | }, { |
a4198fd4 | 2907 | .alg = "authenc(hmac(sha384),cbc(des))", |
5208ed2c | 2908 | .test = alg_test_aead, |
5208ed2c | 2909 | .suite = { |
a0d608ee | 2910 | .aead = __VECS(hmac_sha384_des_cbc_tv_temp) |
5208ed2c NL |
2911 | } |
2912 | }, { | |
a4198fd4 | 2913 | .alg = "authenc(hmac(sha384),cbc(des3_ede))", |
5208ed2c | 2914 | .test = alg_test_aead, |
ed1afac9 | 2915 | .fips_allowed = 1, |
5208ed2c | 2916 | .suite = { |
a0d608ee | 2917 | .aead = __VECS(hmac_sha384_des3_ede_cbc_tv_temp) |
e46e9a46 | 2918 | } |
fb16abc2 MM |
2919 | }, { |
2920 | .alg = "authenc(hmac(sha384),ctr(aes))", | |
2921 | .test = alg_test_null, | |
2922 | .fips_allowed = 1, | |
8888690e MM |
2923 | }, { |
2924 | .alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))", | |
2925 | .test = alg_test_null, | |
2926 | .fips_allowed = 1, | |
e46e9a46 | 2927 | }, { |
a4198fd4 | 2928 | .alg = "authenc(hmac(sha512),cbc(aes))", |
ed1afac9 | 2929 | .fips_allowed = 1, |
e46e9a46 | 2930 | .test = alg_test_aead, |
e46e9a46 | 2931 | .suite = { |
a0d608ee | 2932 | .aead = __VECS(hmac_sha512_aes_cbc_tv_temp) |
5208ed2c NL |
2933 | } |
2934 | }, { | |
a4198fd4 | 2935 | .alg = "authenc(hmac(sha512),cbc(des))", |
5208ed2c | 2936 | .test = alg_test_aead, |
5208ed2c | 2937 | .suite = { |
a0d608ee | 2938 | .aead = __VECS(hmac_sha512_des_cbc_tv_temp) |
5208ed2c NL |
2939 | } |
2940 | }, { | |
a4198fd4 | 2941 | .alg = "authenc(hmac(sha512),cbc(des3_ede))", |
5208ed2c | 2942 | .test = alg_test_aead, |
ed1afac9 | 2943 | .fips_allowed = 1, |
5208ed2c | 2944 | .suite = { |
a0d608ee | 2945 | .aead = __VECS(hmac_sha512_des3_ede_cbc_tv_temp) |
e46e9a46 | 2946 | } |
fb16abc2 MM |
2947 | }, { |
2948 | .alg = "authenc(hmac(sha512),ctr(aes))", | |
2949 | .test = alg_test_null, | |
2950 | .fips_allowed = 1, | |
8888690e MM |
2951 | }, { |
2952 | .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))", | |
2953 | .test = alg_test_null, | |
2954 | .fips_allowed = 1, | |
e08ca2da | 2955 | }, { |
da7f033d | 2956 | .alg = "cbc(aes)", |
1aa4ecd9 | 2957 | .test = alg_test_skcipher, |
a1915d51 | 2958 | .fips_allowed = 1, |
da7f033d | 2959 | .suite = { |
92a4c9fe EB |
2960 | .cipher = __VECS(aes_cbc_tv_template) |
2961 | }, | |
da7f033d HX |
2962 | }, { |
2963 | .alg = "cbc(anubis)", | |
1aa4ecd9 | 2964 | .test = alg_test_skcipher, |
da7f033d | 2965 | .suite = { |
92a4c9fe EB |
2966 | .cipher = __VECS(anubis_cbc_tv_template) |
2967 | }, | |
da7f033d HX |
2968 | }, { |
2969 | .alg = "cbc(blowfish)", | |
1aa4ecd9 | 2970 | .test = alg_test_skcipher, |
da7f033d | 2971 | .suite = { |
92a4c9fe EB |
2972 | .cipher = __VECS(bf_cbc_tv_template) |
2973 | }, | |
da7f033d HX |
2974 | }, { |
2975 | .alg = "cbc(camellia)", | |
1aa4ecd9 | 2976 | .test = alg_test_skcipher, |
da7f033d | 2977 | .suite = { |
92a4c9fe EB |
2978 | .cipher = __VECS(camellia_cbc_tv_template) |
2979 | }, | |
a2c58260 JG |
2980 | }, { |
2981 | .alg = "cbc(cast5)", | |
2982 | .test = alg_test_skcipher, | |
2983 | .suite = { | |
92a4c9fe EB |
2984 | .cipher = __VECS(cast5_cbc_tv_template) |
2985 | }, | |
9b8b0405 JG |
2986 | }, { |
2987 | .alg = "cbc(cast6)", | |
2988 | .test = alg_test_skcipher, | |
2989 | .suite = { | |
92a4c9fe EB |
2990 | .cipher = __VECS(cast6_cbc_tv_template) |
2991 | }, | |
da7f033d HX |
2992 | }, { |
2993 | .alg = "cbc(des)", | |
1aa4ecd9 | 2994 | .test = alg_test_skcipher, |
da7f033d | 2995 | .suite = { |
92a4c9fe EB |
2996 | .cipher = __VECS(des_cbc_tv_template) |
2997 | }, | |
da7f033d HX |
2998 | }, { |
2999 | .alg = "cbc(des3_ede)", | |
1aa4ecd9 | 3000 | .test = alg_test_skcipher, |
a1915d51 | 3001 | .fips_allowed = 1, |
da7f033d | 3002 | .suite = { |
92a4c9fe EB |
3003 | .cipher = __VECS(des3_ede_cbc_tv_template) |
3004 | }, | |
a794d8d8 GBY |
3005 | }, { |
3006 | /* Same as cbc(aes) except the key is stored in | |
3007 | * hardware secure memory which we reference by index | |
3008 | */ | |
3009 | .alg = "cbc(paes)", | |
3010 | .test = alg_test_null, | |
3011 | .fips_allowed = 1, | |
9d25917d JK |
3012 | }, { |
3013 | .alg = "cbc(serpent)", | |
3014 | .test = alg_test_skcipher, | |
3015 | .suite = { | |
92a4c9fe EB |
3016 | .cipher = __VECS(serpent_cbc_tv_template) |
3017 | }, | |
95ba5973 GBY |
3018 | }, { |
3019 | .alg = "cbc(sm4)", | |
3020 | .test = alg_test_skcipher, | |
3021 | .suite = { | |
3022 | .cipher = __VECS(sm4_cbc_tv_template) | |
3023 | } | |
da7f033d HX |
3024 | }, { |
3025 | .alg = "cbc(twofish)", | |
1aa4ecd9 | 3026 | .test = alg_test_skcipher, |
da7f033d | 3027 | .suite = { |
92a4c9fe EB |
3028 | .cipher = __VECS(tf_cbc_tv_template) |
3029 | }, | |
092acf06 AB |
3030 | }, { |
3031 | .alg = "cbcmac(aes)", | |
3032 | .fips_allowed = 1, | |
3033 | .test = alg_test_hash, | |
3034 | .suite = { | |
3035 | .hash = __VECS(aes_cbcmac_tv_template) | |
3036 | } | |
da7f033d HX |
3037 | }, { |
3038 | .alg = "ccm(aes)", | |
3039 | .test = alg_test_aead, | |
a1915d51 | 3040 | .fips_allowed = 1, |
da7f033d | 3041 | .suite = { |
a0d608ee | 3042 | .aead = __VECS(aes_ccm_tv_template) |
da7f033d | 3043 | } |
7da66670 DES |
3044 | }, { |
3045 | .alg = "cfb(aes)", | |
3046 | .test = alg_test_skcipher, | |
3047 | .fips_allowed = 1, | |
3048 | .suite = { | |
3049 | .cipher = __VECS(aes_cfb_tv_template) | |
3050 | }, | |
3590ebf2 MW |
3051 | }, { |
3052 | .alg = "chacha20", | |
3053 | .test = alg_test_skcipher, | |
3054 | .suite = { | |
92a4c9fe EB |
3055 | .cipher = __VECS(chacha20_tv_template) |
3056 | }, | |
93b5e86a JK |
3057 | }, { |
3058 | .alg = "cmac(aes)", | |
8f183751 | 3059 | .fips_allowed = 1, |
93b5e86a JK |
3060 | .test = alg_test_hash, |
3061 | .suite = { | |
21c8e720 | 3062 | .hash = __VECS(aes_cmac128_tv_template) |
93b5e86a JK |
3063 | } |
3064 | }, { | |
3065 | .alg = "cmac(des3_ede)", | |
8f183751 | 3066 | .fips_allowed = 1, |
93b5e86a JK |
3067 | .test = alg_test_hash, |
3068 | .suite = { | |
21c8e720 | 3069 | .hash = __VECS(des3_ede_cmac64_tv_template) |
93b5e86a | 3070 | } |
e448370d JK |
3071 | }, { |
3072 | .alg = "compress_null", | |
3073 | .test = alg_test_null, | |
ebb3472f AB |
3074 | }, { |
3075 | .alg = "crc32", | |
3076 | .test = alg_test_hash, | |
a8a34416 | 3077 | .fips_allowed = 1, |
ebb3472f | 3078 | .suite = { |
21c8e720 | 3079 | .hash = __VECS(crc32_tv_template) |
ebb3472f | 3080 | } |
da7f033d HX |
3081 | }, { |
3082 | .alg = "crc32c", | |
8e3ee85e | 3083 | .test = alg_test_crc32c, |
a1915d51 | 3084 | .fips_allowed = 1, |
da7f033d | 3085 | .suite = { |
21c8e720 | 3086 | .hash = __VECS(crc32c_tv_template) |
da7f033d | 3087 | } |
68411521 HX |
3088 | }, { |
3089 | .alg = "crct10dif", | |
3090 | .test = alg_test_hash, | |
3091 | .fips_allowed = 1, | |
3092 | .suite = { | |
21c8e720 | 3093 | .hash = __VECS(crct10dif_tv_template) |
68411521 | 3094 | } |
f7cb80f2 JW |
3095 | }, { |
3096 | .alg = "ctr(aes)", | |
3097 | .test = alg_test_skcipher, | |
a1915d51 | 3098 | .fips_allowed = 1, |
f7cb80f2 | 3099 | .suite = { |
92a4c9fe | 3100 | .cipher = __VECS(aes_ctr_tv_template) |
f7cb80f2 | 3101 | } |
85b63e34 JK |
3102 | }, { |
3103 | .alg = "ctr(blowfish)", | |
3104 | .test = alg_test_skcipher, | |
3105 | .suite = { | |
92a4c9fe | 3106 | .cipher = __VECS(bf_ctr_tv_template) |
85b63e34 | 3107 | } |
0840605e JK |
3108 | }, { |
3109 | .alg = "ctr(camellia)", | |
3110 | .test = alg_test_skcipher, | |
3111 | .suite = { | |
92a4c9fe | 3112 | .cipher = __VECS(camellia_ctr_tv_template) |
0840605e | 3113 | } |
a2c58260 JG |
3114 | }, { |
3115 | .alg = "ctr(cast5)", | |
3116 | .test = alg_test_skcipher, | |
3117 | .suite = { | |
92a4c9fe | 3118 | .cipher = __VECS(cast5_ctr_tv_template) |
a2c58260 | 3119 | } |
9b8b0405 JG |
3120 | }, { |
3121 | .alg = "ctr(cast6)", | |
3122 | .test = alg_test_skcipher, | |
3123 | .suite = { | |
92a4c9fe | 3124 | .cipher = __VECS(cast6_ctr_tv_template) |
9b8b0405 | 3125 | } |
8163fc30 JK |
3126 | }, { |
3127 | .alg = "ctr(des)", | |
3128 | .test = alg_test_skcipher, | |
3129 | .suite = { | |
92a4c9fe | 3130 | .cipher = __VECS(des_ctr_tv_template) |
8163fc30 | 3131 | } |
e080b17a JK |
3132 | }, { |
3133 | .alg = "ctr(des3_ede)", | |
3134 | .test = alg_test_skcipher, | |
0d8da104 | 3135 | .fips_allowed = 1, |
e080b17a | 3136 | .suite = { |
92a4c9fe | 3137 | .cipher = __VECS(des3_ede_ctr_tv_template) |
e080b17a | 3138 | } |
a794d8d8 GBY |
3139 | }, { |
3140 | /* Same as ctr(aes) except the key is stored in | |
3141 | * hardware secure memory which we reference by index | |
3142 | */ | |
3143 | .alg = "ctr(paes)", | |
3144 | .test = alg_test_null, | |
3145 | .fips_allowed = 1, | |
9d25917d JK |
3146 | }, { |
3147 | .alg = "ctr(serpent)", | |
3148 | .test = alg_test_skcipher, | |
3149 | .suite = { | |
92a4c9fe | 3150 | .cipher = __VECS(serpent_ctr_tv_template) |
9d25917d | 3151 | } |
95ba5973 GBY |
3152 | }, { |
3153 | .alg = "ctr(sm4)", | |
3154 | .test = alg_test_skcipher, | |
3155 | .suite = { | |
3156 | .cipher = __VECS(sm4_ctr_tv_template) | |
3157 | } | |
573da620 JK |
3158 | }, { |
3159 | .alg = "ctr(twofish)", | |
3160 | .test = alg_test_skcipher, | |
3161 | .suite = { | |
92a4c9fe | 3162 | .cipher = __VECS(tf_ctr_tv_template) |
573da620 | 3163 | } |
da7f033d HX |
3164 | }, { |
3165 | .alg = "cts(cbc(aes))", | |
1aa4ecd9 | 3166 | .test = alg_test_skcipher, |
196ad604 | 3167 | .fips_allowed = 1, |
da7f033d | 3168 | .suite = { |
92a4c9fe | 3169 | .cipher = __VECS(cts_mode_tv_template) |
da7f033d HX |
3170 | } |
3171 | }, { | |
3172 | .alg = "deflate", | |
3173 | .test = alg_test_comp, | |
0818904d | 3174 | .fips_allowed = 1, |
da7f033d HX |
3175 | .suite = { |
3176 | .comp = { | |
21c8e720 AB |
3177 | .comp = __VECS(deflate_comp_tv_template), |
3178 | .decomp = __VECS(deflate_decomp_tv_template) | |
da7f033d HX |
3179 | } |
3180 | } | |
802c7f1c SB |
3181 | }, { |
3182 | .alg = "dh", | |
3183 | .test = alg_test_kpp, | |
3184 | .fips_allowed = 1, | |
3185 | .suite = { | |
21c8e720 | 3186 | .kpp = __VECS(dh_tv_template) |
802c7f1c | 3187 | } |
e448370d JK |
3188 | }, { |
3189 | .alg = "digest_null", | |
3190 | .test = alg_test_null, | |
64d1cdfb SM |
3191 | }, { |
3192 | .alg = "drbg_nopr_ctr_aes128", | |
3193 | .test = alg_test_drbg, | |
3194 | .fips_allowed = 1, | |
3195 | .suite = { | |
21c8e720 | 3196 | .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template) |
64d1cdfb SM |
3197 | } |
3198 | }, { | |
3199 | .alg = "drbg_nopr_ctr_aes192", | |
3200 | .test = alg_test_drbg, | |
3201 | .fips_allowed = 1, | |
3202 | .suite = { | |
21c8e720 | 3203 | .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template) |
64d1cdfb SM |
3204 | } |
3205 | }, { | |
3206 | .alg = "drbg_nopr_ctr_aes256", | |
3207 | .test = alg_test_drbg, | |
3208 | .fips_allowed = 1, | |
3209 | .suite = { | |
21c8e720 | 3210 | .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template) |
64d1cdfb SM |
3211 | } |
3212 | }, { | |
3213 | /* | |
3214 | * There is no need to specifically test the DRBG with every | |
3215 | * backend cipher -- covered by drbg_nopr_hmac_sha256 test | |
3216 | */ | |
3217 | .alg = "drbg_nopr_hmac_sha1", | |
3218 | .fips_allowed = 1, | |
3219 | .test = alg_test_null, | |
3220 | }, { | |
3221 | .alg = "drbg_nopr_hmac_sha256", | |
3222 | .test = alg_test_drbg, | |
3223 | .fips_allowed = 1, | |
3224 | .suite = { | |
21c8e720 | 3225 | .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template) |
64d1cdfb SM |
3226 | } |
3227 | }, { | |
3228 | /* covered by drbg_nopr_hmac_sha256 test */ | |
3229 | .alg = "drbg_nopr_hmac_sha384", | |
3230 | .fips_allowed = 1, | |
3231 | .test = alg_test_null, | |
3232 | }, { | |
3233 | .alg = "drbg_nopr_hmac_sha512", | |
3234 | .test = alg_test_null, | |
3235 | .fips_allowed = 1, | |
3236 | }, { | |
3237 | .alg = "drbg_nopr_sha1", | |
3238 | .fips_allowed = 1, | |
3239 | .test = alg_test_null, | |
3240 | }, { | |
3241 | .alg = "drbg_nopr_sha256", | |
3242 | .test = alg_test_drbg, | |
3243 | .fips_allowed = 1, | |
3244 | .suite = { | |
21c8e720 | 3245 | .drbg = __VECS(drbg_nopr_sha256_tv_template) |
64d1cdfb SM |
3246 | } |
3247 | }, { | |
3248 | /* covered by drbg_nopr_sha256 test */ | |
3249 | .alg = "drbg_nopr_sha384", | |
3250 | .fips_allowed = 1, | |
3251 | .test = alg_test_null, | |
3252 | }, { | |
3253 | .alg = "drbg_nopr_sha512", | |
3254 | .fips_allowed = 1, | |
3255 | .test = alg_test_null, | |
3256 | }, { | |
3257 | .alg = "drbg_pr_ctr_aes128", | |
3258 | .test = alg_test_drbg, | |
3259 | .fips_allowed = 1, | |
3260 | .suite = { | |
21c8e720 | 3261 | .drbg = __VECS(drbg_pr_ctr_aes128_tv_template) |
64d1cdfb SM |
3262 | } |
3263 | }, { | |
3264 | /* covered by drbg_pr_ctr_aes128 test */ | |
3265 | .alg = "drbg_pr_ctr_aes192", | |
3266 | .fips_allowed = 1, | |
3267 | .test = alg_test_null, | |
3268 | }, { | |
3269 | .alg = "drbg_pr_ctr_aes256", | |
3270 | .fips_allowed = 1, | |
3271 | .test = alg_test_null, | |
3272 | }, { | |
3273 | .alg = "drbg_pr_hmac_sha1", | |
3274 | .fips_allowed = 1, | |
3275 | .test = alg_test_null, | |
3276 | }, { | |
3277 | .alg = "drbg_pr_hmac_sha256", | |
3278 | .test = alg_test_drbg, | |
3279 | .fips_allowed = 1, | |
3280 | .suite = { | |
21c8e720 | 3281 | .drbg = __VECS(drbg_pr_hmac_sha256_tv_template) |
64d1cdfb SM |
3282 | } |
3283 | }, { | |
3284 | /* covered by drbg_pr_hmac_sha256 test */ | |
3285 | .alg = "drbg_pr_hmac_sha384", | |
3286 | .fips_allowed = 1, | |
3287 | .test = alg_test_null, | |
3288 | }, { | |
3289 | .alg = "drbg_pr_hmac_sha512", | |
3290 | .test = alg_test_null, | |
3291 | .fips_allowed = 1, | |
3292 | }, { | |
3293 | .alg = "drbg_pr_sha1", | |
3294 | .fips_allowed = 1, | |
3295 | .test = alg_test_null, | |
3296 | }, { | |
3297 | .alg = "drbg_pr_sha256", | |
3298 | .test = alg_test_drbg, | |
3299 | .fips_allowed = 1, | |
3300 | .suite = { | |
21c8e720 | 3301 | .drbg = __VECS(drbg_pr_sha256_tv_template) |
64d1cdfb SM |
3302 | } |
3303 | }, { | |
3304 | /* covered by drbg_pr_sha256 test */ | |
3305 | .alg = "drbg_pr_sha384", | |
3306 | .fips_allowed = 1, | |
3307 | .test = alg_test_null, | |
3308 | }, { | |
3309 | .alg = "drbg_pr_sha512", | |
3310 | .fips_allowed = 1, | |
3311 | .test = alg_test_null, | |
da7f033d HX |
3312 | }, { |
3313 | .alg = "ecb(aes)", | |
1aa4ecd9 | 3314 | .test = alg_test_skcipher, |
a1915d51 | 3315 | .fips_allowed = 1, |
da7f033d | 3316 | .suite = { |
92a4c9fe | 3317 | .cipher = __VECS(aes_tv_template) |
da7f033d HX |
3318 | } |
3319 | }, { | |
3320 | .alg = "ecb(anubis)", | |
1aa4ecd9 | 3321 | .test = alg_test_skcipher, |
da7f033d | 3322 | .suite = { |
92a4c9fe | 3323 | .cipher = __VECS(anubis_tv_template) |
da7f033d HX |
3324 | } |
3325 | }, { | |
3326 | .alg = "ecb(arc4)", | |
1aa4ecd9 | 3327 | .test = alg_test_skcipher, |
da7f033d | 3328 | .suite = { |
92a4c9fe | 3329 | .cipher = __VECS(arc4_tv_template) |
da7f033d HX |
3330 | } |
3331 | }, { | |
3332 | .alg = "ecb(blowfish)", | |
1aa4ecd9 | 3333 | .test = alg_test_skcipher, |
da7f033d | 3334 | .suite = { |
92a4c9fe | 3335 | .cipher = __VECS(bf_tv_template) |
da7f033d HX |
3336 | } |
3337 | }, { | |
3338 | .alg = "ecb(camellia)", | |
1aa4ecd9 | 3339 | .test = alg_test_skcipher, |
da7f033d | 3340 | .suite = { |
92a4c9fe | 3341 | .cipher = __VECS(camellia_tv_template) |
da7f033d HX |
3342 | } |
3343 | }, { | |
3344 | .alg = "ecb(cast5)", | |
1aa4ecd9 | 3345 | .test = alg_test_skcipher, |
da7f033d | 3346 | .suite = { |
92a4c9fe | 3347 | .cipher = __VECS(cast5_tv_template) |
da7f033d HX |
3348 | } |
3349 | }, { | |
3350 | .alg = "ecb(cast6)", | |
1aa4ecd9 | 3351 | .test = alg_test_skcipher, |
da7f033d | 3352 | .suite = { |
92a4c9fe | 3353 | .cipher = __VECS(cast6_tv_template) |
da7f033d | 3354 | } |
e448370d JK |
3355 | }, { |
3356 | .alg = "ecb(cipher_null)", | |
3357 | .test = alg_test_null, | |
6175ca2b | 3358 | .fips_allowed = 1, |
da7f033d HX |
3359 | }, { |
3360 | .alg = "ecb(des)", | |
1aa4ecd9 | 3361 | .test = alg_test_skcipher, |
da7f033d | 3362 | .suite = { |
92a4c9fe | 3363 | .cipher = __VECS(des_tv_template) |
da7f033d HX |
3364 | } |
3365 | }, { | |
3366 | .alg = "ecb(des3_ede)", | |
1aa4ecd9 | 3367 | .test = alg_test_skcipher, |
a1915d51 | 3368 | .fips_allowed = 1, |
da7f033d | 3369 | .suite = { |
92a4c9fe | 3370 | .cipher = __VECS(des3_ede_tv_template) |
da7f033d | 3371 | } |
66e5bd00 JK |
3372 | }, { |
3373 | .alg = "ecb(fcrypt)", | |
3374 | .test = alg_test_skcipher, | |
3375 | .suite = { | |
3376 | .cipher = { | |
92a4c9fe EB |
3377 | .vecs = fcrypt_pcbc_tv_template, |
3378 | .count = 1 | |
66e5bd00 JK |
3379 | } |
3380 | } | |
da7f033d HX |
3381 | }, { |
3382 | .alg = "ecb(khazad)", | |
1aa4ecd9 | 3383 | .test = alg_test_skcipher, |
da7f033d | 3384 | .suite = { |
92a4c9fe | 3385 | .cipher = __VECS(khazad_tv_template) |
da7f033d | 3386 | } |
15f47ce5 GBY |
3387 | }, { |
3388 | /* Same as ecb(aes) except the key is stored in | |
3389 | * hardware secure memory which we reference by index | |
3390 | */ | |
3391 | .alg = "ecb(paes)", | |
3392 | .test = alg_test_null, | |
3393 | .fips_allowed = 1, | |
da7f033d HX |
3394 | }, { |
3395 | .alg = "ecb(seed)", | |
1aa4ecd9 | 3396 | .test = alg_test_skcipher, |
da7f033d | 3397 | .suite = { |
92a4c9fe | 3398 | .cipher = __VECS(seed_tv_template) |
da7f033d HX |
3399 | } |
3400 | }, { | |
3401 | .alg = "ecb(serpent)", | |
1aa4ecd9 | 3402 | .test = alg_test_skcipher, |
da7f033d | 3403 | .suite = { |
92a4c9fe | 3404 | .cipher = __VECS(serpent_tv_template) |
da7f033d | 3405 | } |
cd83a8a7 GBY |
3406 | }, { |
3407 | .alg = "ecb(sm4)", | |
3408 | .test = alg_test_skcipher, | |
3409 | .suite = { | |
92a4c9fe | 3410 | .cipher = __VECS(sm4_tv_template) |
cd83a8a7 | 3411 | } |
da7f033d HX |
3412 | }, { |
3413 | .alg = "ecb(tea)", | |
1aa4ecd9 | 3414 | .test = alg_test_skcipher, |
da7f033d | 3415 | .suite = { |
92a4c9fe | 3416 | .cipher = __VECS(tea_tv_template) |
da7f033d HX |
3417 | } |
3418 | }, { | |
3419 | .alg = "ecb(tnepres)", | |
1aa4ecd9 | 3420 | .test = alg_test_skcipher, |
da7f033d | 3421 | .suite = { |
92a4c9fe | 3422 | .cipher = __VECS(tnepres_tv_template) |
da7f033d HX |
3423 | } |
3424 | }, { | |
3425 | .alg = "ecb(twofish)", | |
1aa4ecd9 | 3426 | .test = alg_test_skcipher, |
da7f033d | 3427 | .suite = { |
92a4c9fe | 3428 | .cipher = __VECS(tf_tv_template) |
da7f033d HX |
3429 | } |
3430 | }, { | |
3431 | .alg = "ecb(xeta)", | |
1aa4ecd9 | 3432 | .test = alg_test_skcipher, |
da7f033d | 3433 | .suite = { |
92a4c9fe | 3434 | .cipher = __VECS(xeta_tv_template) |
da7f033d HX |
3435 | } |
3436 | }, { | |
3437 | .alg = "ecb(xtea)", | |
1aa4ecd9 | 3438 | .test = alg_test_skcipher, |
da7f033d | 3439 | .suite = { |
92a4c9fe | 3440 | .cipher = __VECS(xtea_tv_template) |
da7f033d | 3441 | } |
3c4b2390 SB |
3442 | }, { |
3443 | .alg = "ecdh", | |
3444 | .test = alg_test_kpp, | |
3445 | .fips_allowed = 1, | |
3446 | .suite = { | |
21c8e720 | 3447 | .kpp = __VECS(ecdh_tv_template) |
3c4b2390 | 3448 | } |
da7f033d HX |
3449 | }, { |
3450 | .alg = "gcm(aes)", | |
3451 | .test = alg_test_aead, | |
a1915d51 | 3452 | .fips_allowed = 1, |
da7f033d | 3453 | .suite = { |
a0d608ee | 3454 | .aead = __VECS(aes_gcm_tv_template) |
da7f033d | 3455 | } |
507069c9 YS |
3456 | }, { |
3457 | .alg = "ghash", | |
3458 | .test = alg_test_hash, | |
18c0ebd2 | 3459 | .fips_allowed = 1, |
507069c9 | 3460 | .suite = { |
21c8e720 | 3461 | .hash = __VECS(ghash_tv_template) |
507069c9 | 3462 | } |
da7f033d HX |
3463 | }, { |
3464 | .alg = "hmac(md5)", | |
3465 | .test = alg_test_hash, | |
3466 | .suite = { | |
21c8e720 | 3467 | .hash = __VECS(hmac_md5_tv_template) |
da7f033d HX |
3468 | } |
3469 | }, { | |
3470 | .alg = "hmac(rmd128)", | |
3471 | .test = alg_test_hash, | |
3472 | .suite = { | |
21c8e720 | 3473 | .hash = __VECS(hmac_rmd128_tv_template) |
da7f033d HX |
3474 | } |
3475 | }, { | |
3476 | .alg = "hmac(rmd160)", | |
3477 | .test = alg_test_hash, | |
3478 | .suite = { | |
21c8e720 | 3479 | .hash = __VECS(hmac_rmd160_tv_template) |
da7f033d HX |
3480 | } |
3481 | }, { | |
3482 | .alg = "hmac(sha1)", | |
3483 | .test = alg_test_hash, | |
a1915d51 | 3484 | .fips_allowed = 1, |
da7f033d | 3485 | .suite = { |
21c8e720 | 3486 | .hash = __VECS(hmac_sha1_tv_template) |
da7f033d HX |
3487 | } |
3488 | }, { | |
3489 | .alg = "hmac(sha224)", | |
3490 | .test = alg_test_hash, | |
a1915d51 | 3491 | .fips_allowed = 1, |
da7f033d | 3492 | .suite = { |
21c8e720 | 3493 | .hash = __VECS(hmac_sha224_tv_template) |
da7f033d HX |
3494 | } |
3495 | }, { | |
3496 | .alg = "hmac(sha256)", | |
3497 | .test = alg_test_hash, | |
a1915d51 | 3498 | .fips_allowed = 1, |
da7f033d | 3499 | .suite = { |
21c8e720 | 3500 | .hash = __VECS(hmac_sha256_tv_template) |
da7f033d | 3501 | } |
98eca72f | 3502 | }, { |
3503 | .alg = "hmac(sha3-224)", | |
3504 | .test = alg_test_hash, | |
3505 | .fips_allowed = 1, | |
3506 | .suite = { | |
21c8e720 | 3507 | .hash = __VECS(hmac_sha3_224_tv_template) |
98eca72f | 3508 | } |
3509 | }, { | |
3510 | .alg = "hmac(sha3-256)", | |
3511 | .test = alg_test_hash, | |
3512 | .fips_allowed = 1, | |
3513 | .suite = { | |
21c8e720 | 3514 | .hash = __VECS(hmac_sha3_256_tv_template) |
98eca72f | 3515 | } |
3516 | }, { | |
3517 | .alg = "hmac(sha3-384)", | |
3518 | .test = alg_test_hash, | |
3519 | .fips_allowed = 1, | |
3520 | .suite = { | |
21c8e720 | 3521 | .hash = __VECS(hmac_sha3_384_tv_template) |
98eca72f | 3522 | } |
3523 | }, { | |
3524 | .alg = "hmac(sha3-512)", | |
3525 | .test = alg_test_hash, | |
3526 | .fips_allowed = 1, | |
3527 | .suite = { | |
21c8e720 | 3528 | .hash = __VECS(hmac_sha3_512_tv_template) |
98eca72f | 3529 | } |
da7f033d HX |
3530 | }, { |
3531 | .alg = "hmac(sha384)", | |
3532 | .test = alg_test_hash, | |
a1915d51 | 3533 | .fips_allowed = 1, |
da7f033d | 3534 | .suite = { |
21c8e720 | 3535 | .hash = __VECS(hmac_sha384_tv_template) |
da7f033d HX |
3536 | } |
3537 | }, { | |
3538 | .alg = "hmac(sha512)", | |
3539 | .test = alg_test_hash, | |
a1915d51 | 3540 | .fips_allowed = 1, |
da7f033d | 3541 | .suite = { |
21c8e720 | 3542 | .hash = __VECS(hmac_sha512_tv_template) |
da7f033d | 3543 | } |
25a0b9d4 VC |
3544 | }, { |
3545 | .alg = "hmac(streebog256)", | |
3546 | .test = alg_test_hash, | |
3547 | .suite = { | |
3548 | .hash = __VECS(hmac_streebog256_tv_template) | |
3549 | } | |
3550 | }, { | |
3551 | .alg = "hmac(streebog512)", | |
3552 | .test = alg_test_hash, | |
3553 | .suite = { | |
3554 | .hash = __VECS(hmac_streebog512_tv_template) | |
3555 | } | |
bb5530e4 SM |
3556 | }, { |
3557 | .alg = "jitterentropy_rng", | |
3558 | .fips_allowed = 1, | |
3559 | .test = alg_test_null, | |
35351988 SM |
3560 | }, { |
3561 | .alg = "kw(aes)", | |
3562 | .test = alg_test_skcipher, | |
3563 | .fips_allowed = 1, | |
3564 | .suite = { | |
92a4c9fe | 3565 | .cipher = __VECS(aes_kw_tv_template) |
35351988 | 3566 | } |
da7f033d HX |
3567 | }, { |
3568 | .alg = "lrw(aes)", | |
1aa4ecd9 | 3569 | .test = alg_test_skcipher, |
da7f033d | 3570 | .suite = { |
92a4c9fe | 3571 | .cipher = __VECS(aes_lrw_tv_template) |
da7f033d | 3572 | } |
0840605e JK |
3573 | }, { |
3574 | .alg = "lrw(camellia)", | |
3575 | .test = alg_test_skcipher, | |
3576 | .suite = { | |
92a4c9fe | 3577 | .cipher = __VECS(camellia_lrw_tv_template) |
0840605e | 3578 | } |
9b8b0405 JG |
3579 | }, { |
3580 | .alg = "lrw(cast6)", | |
3581 | .test = alg_test_skcipher, | |
3582 | .suite = { | |
92a4c9fe | 3583 | .cipher = __VECS(cast6_lrw_tv_template) |
9b8b0405 | 3584 | } |
d7bfc0fa JK |
3585 | }, { |
3586 | .alg = "lrw(serpent)", | |
3587 | .test = alg_test_skcipher, | |
3588 | .suite = { | |
92a4c9fe | 3589 | .cipher = __VECS(serpent_lrw_tv_template) |
d7bfc0fa | 3590 | } |
0b2a1551 JK |
3591 | }, { |
3592 | .alg = "lrw(twofish)", | |
3593 | .test = alg_test_skcipher, | |
3594 | .suite = { | |
92a4c9fe | 3595 | .cipher = __VECS(tf_lrw_tv_template) |
0b2a1551 | 3596 | } |
1443cc9b KK |
3597 | }, { |
3598 | .alg = "lz4", | |
3599 | .test = alg_test_comp, | |
3600 | .fips_allowed = 1, | |
3601 | .suite = { | |
3602 | .comp = { | |
21c8e720 AB |
3603 | .comp = __VECS(lz4_comp_tv_template), |
3604 | .decomp = __VECS(lz4_decomp_tv_template) | |
1443cc9b KK |
3605 | } |
3606 | } | |
3607 | }, { | |
3608 | .alg = "lz4hc", | |
3609 | .test = alg_test_comp, | |
3610 | .fips_allowed = 1, | |
3611 | .suite = { | |
3612 | .comp = { | |
21c8e720 AB |
3613 | .comp = __VECS(lz4hc_comp_tv_template), |
3614 | .decomp = __VECS(lz4hc_decomp_tv_template) | |
1443cc9b KK |
3615 | } |
3616 | } | |
da7f033d HX |
3617 | }, { |
3618 | .alg = "lzo", | |
3619 | .test = alg_test_comp, | |
0818904d | 3620 | .fips_allowed = 1, |
da7f033d HX |
3621 | .suite = { |
3622 | .comp = { | |
21c8e720 AB |
3623 | .comp = __VECS(lzo_comp_tv_template), |
3624 | .decomp = __VECS(lzo_decomp_tv_template) | |
da7f033d HX |
3625 | } |
3626 | } | |
3627 | }, { | |
3628 | .alg = "md4", | |
3629 | .test = alg_test_hash, | |
3630 | .suite = { | |
21c8e720 | 3631 | .hash = __VECS(md4_tv_template) |
da7f033d HX |
3632 | } |
3633 | }, { | |
3634 | .alg = "md5", | |
3635 | .test = alg_test_hash, | |
3636 | .suite = { | |
21c8e720 | 3637 | .hash = __VECS(md5_tv_template) |
da7f033d HX |
3638 | } |
3639 | }, { | |
3640 | .alg = "michael_mic", | |
3641 | .test = alg_test_hash, | |
3642 | .suite = { | |
21c8e720 | 3643 | .hash = __VECS(michael_mic_tv_template) |
da7f033d | 3644 | } |
4feb4c59 OM |
3645 | }, { |
3646 | .alg = "morus1280", | |
3647 | .test = alg_test_aead, | |
3648 | .suite = { | |
a0d608ee | 3649 | .aead = __VECS(morus1280_tv_template) |
4feb4c59 OM |
3650 | } |
3651 | }, { | |
3652 | .alg = "morus640", | |
3653 | .test = alg_test_aead, | |
3654 | .suite = { | |
a0d608ee | 3655 | .aead = __VECS(morus640_tv_template) |
4feb4c59 | 3656 | } |
26609a21 EB |
3657 | }, { |
3658 | .alg = "nhpoly1305", | |
3659 | .test = alg_test_hash, | |
3660 | .suite = { | |
3661 | .hash = __VECS(nhpoly1305_tv_template) | |
3662 | } | |
ba0e14ac PS |
3663 | }, { |
3664 | .alg = "ofb(aes)", | |
3665 | .test = alg_test_skcipher, | |
3666 | .fips_allowed = 1, | |
3667 | .suite = { | |
92a4c9fe | 3668 | .cipher = __VECS(aes_ofb_tv_template) |
ba0e14ac | 3669 | } |
a794d8d8 GBY |
3670 | }, { |
3671 | /* Same as ofb(aes) except the key is stored in | |
3672 | * hardware secure memory which we reference by index | |
3673 | */ | |
3674 | .alg = "ofb(paes)", | |
3675 | .test = alg_test_null, | |
3676 | .fips_allowed = 1, | |
da7f033d HX |
3677 | }, { |
3678 | .alg = "pcbc(fcrypt)", | |
1aa4ecd9 | 3679 | .test = alg_test_skcipher, |
da7f033d | 3680 | .suite = { |
92a4c9fe | 3681 | .cipher = __VECS(fcrypt_pcbc_tv_template) |
da7f033d | 3682 | } |
1207107c SM |
3683 | }, { |
3684 | .alg = "pkcs1pad(rsa,sha224)", | |
3685 | .test = alg_test_null, | |
3686 | .fips_allowed = 1, | |
3687 | }, { | |
3688 | .alg = "pkcs1pad(rsa,sha256)", | |
3689 | .test = alg_test_akcipher, | |
3690 | .fips_allowed = 1, | |
3691 | .suite = { | |
3692 | .akcipher = __VECS(pkcs1pad_rsa_tv_template) | |
3693 | } | |
3694 | }, { | |
3695 | .alg = "pkcs1pad(rsa,sha384)", | |
3696 | .test = alg_test_null, | |
3697 | .fips_allowed = 1, | |
3698 | }, { | |
3699 | .alg = "pkcs1pad(rsa,sha512)", | |
3700 | .test = alg_test_null, | |
3701 | .fips_allowed = 1, | |
eee9dc61 MW |
3702 | }, { |
3703 | .alg = "poly1305", | |
3704 | .test = alg_test_hash, | |
3705 | .suite = { | |
21c8e720 | 3706 | .hash = __VECS(poly1305_tv_template) |
eee9dc61 | 3707 | } |
da7f033d HX |
3708 | }, { |
3709 | .alg = "rfc3686(ctr(aes))", | |
1aa4ecd9 | 3710 | .test = alg_test_skcipher, |
a1915d51 | 3711 | .fips_allowed = 1, |
da7f033d | 3712 | .suite = { |
92a4c9fe | 3713 | .cipher = __VECS(aes_ctr_rfc3686_tv_template) |
da7f033d | 3714 | } |
5d667322 | 3715 | }, { |
3f31a740 | 3716 | .alg = "rfc4106(gcm(aes))", |
69435b94 | 3717 | .test = alg_test_aead, |
db71f29a | 3718 | .fips_allowed = 1, |
69435b94 | 3719 | .suite = { |
a0d608ee | 3720 | .aead = __VECS(aes_gcm_rfc4106_tv_template) |
69435b94 AH |
3721 | } |
3722 | }, { | |
544c436a | 3723 | .alg = "rfc4309(ccm(aes))", |
5d667322 | 3724 | .test = alg_test_aead, |
a1915d51 | 3725 | .fips_allowed = 1, |
5d667322 | 3726 | .suite = { |
a0d608ee | 3727 | .aead = __VECS(aes_ccm_rfc4309_tv_template) |
5d667322 | 3728 | } |
e9b7441a | 3729 | }, { |
bb68745e | 3730 | .alg = "rfc4543(gcm(aes))", |
e9b7441a JK |
3731 | .test = alg_test_aead, |
3732 | .suite = { | |
a0d608ee | 3733 | .aead = __VECS(aes_gcm_rfc4543_tv_template) |
e9b7441a | 3734 | } |
af2b76b5 MW |
3735 | }, { |
3736 | .alg = "rfc7539(chacha20,poly1305)", | |
3737 | .test = alg_test_aead, | |
3738 | .suite = { | |
a0d608ee | 3739 | .aead = __VECS(rfc7539_tv_template) |
af2b76b5 | 3740 | } |
5900758d MW |
3741 | }, { |
3742 | .alg = "rfc7539esp(chacha20,poly1305)", | |
3743 | .test = alg_test_aead, | |
3744 | .suite = { | |
a0d608ee | 3745 | .aead = __VECS(rfc7539esp_tv_template) |
5900758d | 3746 | } |
da7f033d HX |
3747 | }, { |
3748 | .alg = "rmd128", | |
3749 | .test = alg_test_hash, | |
3750 | .suite = { | |
21c8e720 | 3751 | .hash = __VECS(rmd128_tv_template) |
da7f033d HX |
3752 | } |
3753 | }, { | |
3754 | .alg = "rmd160", | |
3755 | .test = alg_test_hash, | |
3756 | .suite = { | |
21c8e720 | 3757 | .hash = __VECS(rmd160_tv_template) |
da7f033d HX |
3758 | } |
3759 | }, { | |
3760 | .alg = "rmd256", | |
3761 | .test = alg_test_hash, | |
3762 | .suite = { | |
21c8e720 | 3763 | .hash = __VECS(rmd256_tv_template) |
da7f033d HX |
3764 | } |
3765 | }, { | |
3766 | .alg = "rmd320", | |
3767 | .test = alg_test_hash, | |
3768 | .suite = { | |
21c8e720 | 3769 | .hash = __VECS(rmd320_tv_template) |
da7f033d | 3770 | } |
946cc463 TS |
3771 | }, { |
3772 | .alg = "rsa", | |
3773 | .test = alg_test_akcipher, | |
3774 | .fips_allowed = 1, | |
3775 | .suite = { | |
21c8e720 | 3776 | .akcipher = __VECS(rsa_tv_template) |
946cc463 | 3777 | } |
da7f033d HX |
3778 | }, { |
3779 | .alg = "salsa20", | |
1aa4ecd9 | 3780 | .test = alg_test_skcipher, |
da7f033d | 3781 | .suite = { |
92a4c9fe | 3782 | .cipher = __VECS(salsa20_stream_tv_template) |
da7f033d HX |
3783 | } |
3784 | }, { | |
3785 | .alg = "sha1", | |
3786 | .test = alg_test_hash, | |
a1915d51 | 3787 | .fips_allowed = 1, |
da7f033d | 3788 | .suite = { |
21c8e720 | 3789 | .hash = __VECS(sha1_tv_template) |
da7f033d HX |
3790 | } |
3791 | }, { | |
3792 | .alg = "sha224", | |
3793 | .test = alg_test_hash, | |
a1915d51 | 3794 | .fips_allowed = 1, |
da7f033d | 3795 | .suite = { |
21c8e720 | 3796 | .hash = __VECS(sha224_tv_template) |
da7f033d HX |
3797 | } |
3798 | }, { | |
3799 | .alg = "sha256", | |
3800 | .test = alg_test_hash, | |
a1915d51 | 3801 | .fips_allowed = 1, |
da7f033d | 3802 | .suite = { |
21c8e720 | 3803 | .hash = __VECS(sha256_tv_template) |
da7f033d | 3804 | } |
79cc6ab8 | 3805 | }, { |
3806 | .alg = "sha3-224", | |
3807 | .test = alg_test_hash, | |
3808 | .fips_allowed = 1, | |
3809 | .suite = { | |
21c8e720 | 3810 | .hash = __VECS(sha3_224_tv_template) |
79cc6ab8 | 3811 | } |
3812 | }, { | |
3813 | .alg = "sha3-256", | |
3814 | .test = alg_test_hash, | |
3815 | .fips_allowed = 1, | |
3816 | .suite = { | |
21c8e720 | 3817 | .hash = __VECS(sha3_256_tv_template) |
79cc6ab8 | 3818 | } |
3819 | }, { | |
3820 | .alg = "sha3-384", | |
3821 | .test = alg_test_hash, | |
3822 | .fips_allowed = 1, | |
3823 | .suite = { | |
21c8e720 | 3824 | .hash = __VECS(sha3_384_tv_template) |
79cc6ab8 | 3825 | } |
3826 | }, { | |
3827 | .alg = "sha3-512", | |
3828 | .test = alg_test_hash, | |
3829 | .fips_allowed = 1, | |
3830 | .suite = { | |
21c8e720 | 3831 | .hash = __VECS(sha3_512_tv_template) |
79cc6ab8 | 3832 | } |
da7f033d HX |
3833 | }, { |
3834 | .alg = "sha384", | |
3835 | .test = alg_test_hash, | |
a1915d51 | 3836 | .fips_allowed = 1, |
da7f033d | 3837 | .suite = { |
21c8e720 | 3838 | .hash = __VECS(sha384_tv_template) |
da7f033d HX |
3839 | } |
3840 | }, { | |
3841 | .alg = "sha512", | |
3842 | .test = alg_test_hash, | |
a1915d51 | 3843 | .fips_allowed = 1, |
da7f033d | 3844 | .suite = { |
21c8e720 | 3845 | .hash = __VECS(sha512_tv_template) |
da7f033d | 3846 | } |
b7e27530 GBY |
3847 | }, { |
3848 | .alg = "sm3", | |
3849 | .test = alg_test_hash, | |
3850 | .suite = { | |
3851 | .hash = __VECS(sm3_tv_template) | |
3852 | } | |
25a0b9d4 VC |
3853 | }, { |
3854 | .alg = "streebog256", | |
3855 | .test = alg_test_hash, | |
3856 | .suite = { | |
3857 | .hash = __VECS(streebog256_tv_template) | |
3858 | } | |
3859 | }, { | |
3860 | .alg = "streebog512", | |
3861 | .test = alg_test_hash, | |
3862 | .suite = { | |
3863 | .hash = __VECS(streebog512_tv_template) | |
3864 | } | |
da7f033d HX |
3865 | }, { |
3866 | .alg = "tgr128", | |
3867 | .test = alg_test_hash, | |
3868 | .suite = { | |
21c8e720 | 3869 | .hash = __VECS(tgr128_tv_template) |
da7f033d HX |
3870 | } |
3871 | }, { | |
3872 | .alg = "tgr160", | |
3873 | .test = alg_test_hash, | |
3874 | .suite = { | |
21c8e720 | 3875 | .hash = __VECS(tgr160_tv_template) |
da7f033d HX |
3876 | } |
3877 | }, { | |
3878 | .alg = "tgr192", | |
3879 | .test = alg_test_hash, | |
3880 | .suite = { | |
21c8e720 | 3881 | .hash = __VECS(tgr192_tv_template) |
da7f033d | 3882 | } |
ed331ada EB |
3883 | }, { |
3884 | .alg = "vmac64(aes)", | |
3885 | .test = alg_test_hash, | |
3886 | .suite = { | |
3887 | .hash = __VECS(vmac64_aes_tv_template) | |
3888 | } | |
da7f033d HX |
3889 | }, { |
3890 | .alg = "wp256", | |
3891 | .test = alg_test_hash, | |
3892 | .suite = { | |
21c8e720 | 3893 | .hash = __VECS(wp256_tv_template) |
da7f033d HX |
3894 | } |
3895 | }, { | |
3896 | .alg = "wp384", | |
3897 | .test = alg_test_hash, | |
3898 | .suite = { | |
21c8e720 | 3899 | .hash = __VECS(wp384_tv_template) |
da7f033d HX |
3900 | } |
3901 | }, { | |
3902 | .alg = "wp512", | |
3903 | .test = alg_test_hash, | |
3904 | .suite = { | |
21c8e720 | 3905 | .hash = __VECS(wp512_tv_template) |
da7f033d HX |
3906 | } |
3907 | }, { | |
3908 | .alg = "xcbc(aes)", | |
3909 | .test = alg_test_hash, | |
3910 | .suite = { | |
21c8e720 | 3911 | .hash = __VECS(aes_xcbc128_tv_template) |
da7f033d | 3912 | } |
aa762409 EB |
3913 | }, { |
3914 | .alg = "xchacha12", | |
3915 | .test = alg_test_skcipher, | |
3916 | .suite = { | |
3917 | .cipher = __VECS(xchacha12_tv_template) | |
3918 | }, | |
de61d7ae EB |
3919 | }, { |
3920 | .alg = "xchacha20", | |
3921 | .test = alg_test_skcipher, | |
3922 | .suite = { | |
3923 | .cipher = __VECS(xchacha20_tv_template) | |
3924 | }, | |
da7f033d HX |
3925 | }, { |
3926 | .alg = "xts(aes)", | |
1aa4ecd9 | 3927 | .test = alg_test_skcipher, |
2918aa8d | 3928 | .fips_allowed = 1, |
da7f033d | 3929 | .suite = { |
92a4c9fe | 3930 | .cipher = __VECS(aes_xts_tv_template) |
da7f033d | 3931 | } |
0840605e JK |
3932 | }, { |
3933 | .alg = "xts(camellia)", | |
3934 | .test = alg_test_skcipher, | |
3935 | .suite = { | |
92a4c9fe | 3936 | .cipher = __VECS(camellia_xts_tv_template) |
0840605e | 3937 | } |
9b8b0405 JG |
3938 | }, { |
3939 | .alg = "xts(cast6)", | |
3940 | .test = alg_test_skcipher, | |
3941 | .suite = { | |
92a4c9fe | 3942 | .cipher = __VECS(cast6_xts_tv_template) |
9b8b0405 | 3943 | } |
15f47ce5 GBY |
3944 | }, { |
3945 | /* Same as xts(aes) except the key is stored in | |
3946 | * hardware secure memory which we reference by index | |
3947 | */ | |
3948 | .alg = "xts(paes)", | |
3949 | .test = alg_test_null, | |
3950 | .fips_allowed = 1, | |
18be20b9 JK |
3951 | }, { |
3952 | .alg = "xts(serpent)", | |
3953 | .test = alg_test_skcipher, | |
3954 | .suite = { | |
92a4c9fe | 3955 | .cipher = __VECS(serpent_xts_tv_template) |
18be20b9 | 3956 | } |
aed265b9 JK |
3957 | }, { |
3958 | .alg = "xts(twofish)", | |
3959 | .test = alg_test_skcipher, | |
3960 | .suite = { | |
92a4c9fe | 3961 | .cipher = __VECS(tf_xts_tv_template) |
aed265b9 | 3962 | } |
15f47ce5 GBY |
3963 | }, { |
3964 | .alg = "xts4096(paes)", | |
3965 | .test = alg_test_null, | |
3966 | .fips_allowed = 1, | |
3967 | }, { | |
3968 | .alg = "xts512(paes)", | |
3969 | .test = alg_test_null, | |
3970 | .fips_allowed = 1, | |
a368f43d GC |
3971 | }, { |
3972 | .alg = "zlib-deflate", | |
3973 | .test = alg_test_comp, | |
3974 | .fips_allowed = 1, | |
3975 | .suite = { | |
3976 | .comp = { | |
3977 | .comp = __VECS(zlib_deflate_comp_tv_template), | |
3978 | .decomp = __VECS(zlib_deflate_decomp_tv_template) | |
3979 | } | |
3980 | } | |
d28fc3db NT |
3981 | }, { |
3982 | .alg = "zstd", | |
3983 | .test = alg_test_comp, | |
3984 | .fips_allowed = 1, | |
3985 | .suite = { | |
3986 | .comp = { | |
3987 | .comp = __VECS(zstd_comp_tv_template), | |
3988 | .decomp = __VECS(zstd_decomp_tv_template) | |
3989 | } | |
3990 | } | |
da7f033d HX |
3991 | } |
3992 | }; | |
3993 | ||
3f47a03d | 3994 | static void alg_check_test_descs_order(void) |
5714758b JK |
3995 | { |
3996 | int i; | |
3997 | ||
5714758b JK |
3998 | for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) { |
3999 | int diff = strcmp(alg_test_descs[i - 1].alg, | |
4000 | alg_test_descs[i].alg); | |
4001 | ||
4002 | if (WARN_ON(diff > 0)) { | |
4003 | pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n", | |
4004 | alg_test_descs[i - 1].alg, | |
4005 | alg_test_descs[i].alg); | |
4006 | } | |
4007 | ||
4008 | if (WARN_ON(diff == 0)) { | |
4009 | pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n", | |
4010 | alg_test_descs[i].alg); | |
4011 | } | |
4012 | } | |
4013 | } | |
4014 | ||
3f47a03d EB |
4015 | static void alg_check_testvec_configs(void) |
4016 | { | |
4e7babba EB |
4017 | int i; |
4018 | ||
4019 | for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) | |
4020 | WARN_ON(!valid_testvec_config( | |
4021 | &default_cipher_testvec_configs[i])); | |
4cc2dcf9 EB |
4022 | |
4023 | for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++) | |
4024 | WARN_ON(!valid_testvec_config( | |
4025 | &default_hash_testvec_configs[i])); | |
3f47a03d EB |
4026 | } |
4027 | ||
4028 | static void testmgr_onetime_init(void) | |
4029 | { | |
4030 | alg_check_test_descs_order(); | |
4031 | alg_check_testvec_configs(); | |
5b2706a4 EB |
4032 | |
4033 | #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS | |
4034 | pr_warn("alg: extra crypto tests enabled. This is intended for developer use only.\n"); | |
4035 | #endif | |
3f47a03d EB |
4036 | } |
4037 | ||
1aa4ecd9 | 4038 | static int alg_find_test(const char *alg) |
da7f033d HX |
4039 | { |
4040 | int start = 0; | |
4041 | int end = ARRAY_SIZE(alg_test_descs); | |
4042 | ||
4043 | while (start < end) { | |
4044 | int i = (start + end) / 2; | |
4045 | int diff = strcmp(alg_test_descs[i].alg, alg); | |
4046 | ||
4047 | if (diff > 0) { | |
4048 | end = i; | |
4049 | continue; | |
4050 | } | |
4051 | ||
4052 | if (diff < 0) { | |
4053 | start = i + 1; | |
4054 | continue; | |
4055 | } | |
4056 | ||
1aa4ecd9 HX |
4057 | return i; |
4058 | } | |
4059 | ||
4060 | return -1; | |
4061 | } | |
4062 | ||
4063 | int alg_test(const char *driver, const char *alg, u32 type, u32 mask) | |
4064 | { | |
4065 | int i; | |
a68f6610 | 4066 | int j; |
d12d6b6d | 4067 | int rc; |
1aa4ecd9 | 4068 | |
9e5c9fe4 RJ |
4069 | if (!fips_enabled && notests) { |
4070 | printk_once(KERN_INFO "alg: self-tests disabled\n"); | |
4071 | return 0; | |
4072 | } | |
4073 | ||
3f47a03d | 4074 | DO_ONCE(testmgr_onetime_init); |
5714758b | 4075 | |
1aa4ecd9 HX |
4076 | if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) { |
4077 | char nalg[CRYPTO_MAX_ALG_NAME]; | |
4078 | ||
4079 | if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >= | |
4080 | sizeof(nalg)) | |
4081 | return -ENAMETOOLONG; | |
4082 | ||
4083 | i = alg_find_test(nalg); | |
4084 | if (i < 0) | |
4085 | goto notest; | |
4086 | ||
a3bef3a3 JW |
4087 | if (fips_enabled && !alg_test_descs[i].fips_allowed) |
4088 | goto non_fips_alg; | |
4089 | ||
941fb328 JW |
4090 | rc = alg_test_cipher(alg_test_descs + i, driver, type, mask); |
4091 | goto test_done; | |
da7f033d HX |
4092 | } |
4093 | ||
1aa4ecd9 | 4094 | i = alg_find_test(alg); |
a68f6610 HX |
4095 | j = alg_find_test(driver); |
4096 | if (i < 0 && j < 0) | |
1aa4ecd9 HX |
4097 | goto notest; |
4098 | ||
a68f6610 HX |
4099 | if (fips_enabled && ((i >= 0 && !alg_test_descs[i].fips_allowed) || |
4100 | (j >= 0 && !alg_test_descs[j].fips_allowed))) | |
a3bef3a3 JW |
4101 | goto non_fips_alg; |
4102 | ||
a68f6610 HX |
4103 | rc = 0; |
4104 | if (i >= 0) | |
4105 | rc |= alg_test_descs[i].test(alg_test_descs + i, driver, | |
4106 | type, mask); | |
032c8cac | 4107 | if (j >= 0 && j != i) |
a68f6610 HX |
4108 | rc |= alg_test_descs[j].test(alg_test_descs + j, driver, |
4109 | type, mask); | |
4110 | ||
941fb328 | 4111 | test_done: |
d12d6b6d NH |
4112 | if (fips_enabled && rc) |
4113 | panic("%s: %s alg self test failed in fips mode!\n", driver, alg); | |
4114 | ||
29ecd4ab | 4115 | if (fips_enabled && !rc) |
3e8cffd4 | 4116 | pr_info("alg: self-tests for %s (%s) passed\n", driver, alg); |
29ecd4ab | 4117 | |
d12d6b6d | 4118 | return rc; |
1aa4ecd9 HX |
4119 | |
4120 | notest: | |
da7f033d HX |
4121 | printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver); |
4122 | return 0; | |
a3bef3a3 JW |
4123 | non_fips_alg: |
4124 | return -EINVAL; | |
da7f033d | 4125 | } |
0b767f96 | 4126 | |
326a6346 | 4127 | #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */ |
0b767f96 | 4128 | |
da7f033d | 4129 | EXPORT_SYMBOL_GPL(alg_test); |