]> git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/blame - crypto/testmgr.c
projects / mirror_ubuntu-focal-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
crypto: arm64/cbcmac - handle empty messages in same way as template
[mirror_ubuntu-focal-kernel.git] / crypto / testmgr.c
CommitLineData
da7f033d
HX		 1/*
2 * Algorithm testing framework and tests.
3 *
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
6 * Copyright (c) 2007 Nokia Siemens Networks
7 * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
3f47a03d 8 * Copyright (c) 2019 Google LLC
da7f033d 9 *
69435b94
AH		 10 * Updated RFC4106 AES-GCM testing.
11 * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com)
12 * Adrian Hoban <adrian.hoban@intel.com>
13 * Gabriele Paoloni <gabriele.paoloni@intel.com>
14 * Tadeusz Struk (tadeusz.struk@intel.com)
15 * Copyright (c) 2010, Intel Corporation.
16 *
da7f033d
HX		 17 * This program is free software; you can redistribute it and/or modify it
18 * under the terms of the GNU General Public License as published by the Free
19 * Software Foundation; either version 2 of the License, or (at your option)
20 * any later version.
21 *
22 */
23
1ce33115 24#include <crypto/aead.h>
da7f033d 25#include <crypto/hash.h>
12773d93 26#include <crypto/skcipher.h>
da7f033d 27#include <linux/err.h>
1c41b882 28#include <linux/fips.h>
da7f033d 29#include <linux/module.h>
3f47a03d 30#include <linux/once.h>
25f9dddb 31#include <linux/random.h>
da7f033d
HX		 32#include <linux/scatterlist.h>
33#include <linux/slab.h>
34#include <linux/string.h>
7647d6ce 35#include <crypto/rng.h>
64d1cdfb 36#include <crypto/drbg.h>
946cc463 37#include <crypto/akcipher.h>
802c7f1c 38#include <crypto/kpp.h>
d7db7a88 39#include <crypto/acompress.h>
b55e1a39 40#include <crypto/internal/simd.h>
da7f033d
HX		 41
42#include "internal.h"
0b767f96 43
9e5c9fe4
RJ		 44static bool notests;
45module_param(notests, bool, 0644);
46MODULE_PARM_DESC(notests, "disable crypto self-tests");
47
5b2706a4
EB		 48#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
49static bool noextratests;
50module_param(noextratests, bool, 0644);
51MODULE_PARM_DESC(noextratests, "disable expensive crypto self-tests");
52
53static unsigned int fuzz_iterations = 100;
54module_param(fuzz_iterations, uint, 0644);
55MODULE_PARM_DESC(fuzz_iterations, "number of fuzz test iterations");
b55e1a39
EB		 56
57DEFINE_PER_CPU(bool, crypto_simd_disabled_for_test);
58EXPORT_PER_CPU_SYMBOL_GPL(crypto_simd_disabled_for_test);
5b2706a4
EB		 59#endif
60
326a6346 61#ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
0b767f96
AS		 62
63/* a perfect nop */
64int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
65{
66 return 0;
67}
68
69#else
70
da7f033d
HX		 71#include "testmgr.h"
72
73/*
74 * Need slab memory for testing (size in number of pages).
75 */
76#define XBUFSIZE 8
77
da7f033d
HX		 78/*
79* Used by test_cipher()
80*/
81#define ENCRYPT 1
82#define DECRYPT 0
83
da7f033d 84struct aead_test_suite {
a0d608ee
EB		 85 const struct aead_testvec *vecs;
86 unsigned int count;
da7f033d
HX		 87};
88
89struct cipher_test_suite {
92a4c9fe
EB		 90 const struct cipher_testvec *vecs;
91 unsigned int count;
da7f033d
HX		 92};
93
94struct comp_test_suite {
95 struct {
b13b1e0c 96 const struct comp_testvec *vecs;
da7f033d
HX		 97 unsigned int count;
98 } comp, decomp;
99};
100
101struct hash_test_suite {
b13b1e0c 102 const struct hash_testvec *vecs;
da7f033d
HX		 103 unsigned int count;
104};
105
7647d6ce 106struct cprng_test_suite {
b13b1e0c 107 const struct cprng_testvec *vecs;
7647d6ce
JW		 108 unsigned int count;
109};
110
64d1cdfb 111struct drbg_test_suite {
b13b1e0c 112 const struct drbg_testvec *vecs;
64d1cdfb
SM		 113 unsigned int count;
114};
115
946cc463 116struct akcipher_test_suite {
b13b1e0c 117 const struct akcipher_testvec *vecs;
946cc463
TS		 118 unsigned int count;
119};
120
802c7f1c 121struct kpp_test_suite {
b13b1e0c 122 const struct kpp_testvec *vecs;
802c7f1c
SB		 123 unsigned int count;
124};
125
da7f033d
HX		 126struct alg_test_desc {
127 const char *alg;
128 int (*test)(const struct alg_test_desc *desc, const char *driver,
129 u32 type, u32 mask);
a1915d51 130 int fips_allowed; /* set if alg is allowed in fips mode */
da7f033d
HX		 131
132 union {
133 struct aead_test_suite aead;
134 struct cipher_test_suite cipher;
135 struct comp_test_suite comp;
136 struct hash_test_suite hash;
7647d6ce 137 struct cprng_test_suite cprng;
64d1cdfb 138 struct drbg_test_suite drbg;
946cc463 139 struct akcipher_test_suite akcipher;
802c7f1c 140 struct kpp_test_suite kpp;
da7f033d
HX		 141 } suite;
142};
143
da7f033d
HX		 144static void hexdump(unsigned char *buf, unsigned int len)
145{
146 print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
147 16, 1,
148 buf, len, false);
149}
150
3f47a03d 151static int __testmgr_alloc_buf(char *buf[XBUFSIZE], int order)
f8b0d4d0
HX		 152{
153 int i;
154
155 for (i = 0; i < XBUFSIZE; i++) {
3f47a03d 156 buf[i] = (char *)__get_free_pages(GFP_KERNEL, order);
f8b0d4d0
HX		 157 if (!buf[i])
158 goto err_free_buf;
159 }
160
161 return 0;
162
163err_free_buf:
164 while (i-- > 0)
3f47a03d 165 free_pages((unsigned long)buf[i], order);
f8b0d4d0
HX		 166
167 return -ENOMEM;
168}
169
3f47a03d
EB		 170static int testmgr_alloc_buf(char *buf[XBUFSIZE])
171{
172 return __testmgr_alloc_buf(buf, 0);
173}
174
175static void __testmgr_free_buf(char *buf[XBUFSIZE], int order)
f8b0d4d0
HX		 176{
177 int i;
178
179 for (i = 0; i < XBUFSIZE; i++)
3f47a03d
EB		 180 free_pages((unsigned long)buf[i], order);
181}
182
183static void testmgr_free_buf(char *buf[XBUFSIZE])
184{
185 __testmgr_free_buf(buf, 0);
186}
187
188#define TESTMGR_POISON_BYTE 0xfe
189#define TESTMGR_POISON_LEN 16
190
191static inline void testmgr_poison(void *addr, size_t len)
192{
193 memset(addr, TESTMGR_POISON_BYTE, len);
194}
195
196/* Is the memory region still fully poisoned? */
197static inline bool testmgr_is_poison(const void *addr, size_t len)
198{
199 return memchr_inv(addr, TESTMGR_POISON_BYTE, len) == NULL;
200}
201
202/* flush type for hash algorithms */
203enum flush_type {
204 /* merge with update of previous buffer(s) */
205 FLUSH_TYPE_NONE = 0,
206
207 /* update with previous buffer(s) before doing this one */
208 FLUSH_TYPE_FLUSH,
209
210 /* likewise, but also export and re-import the intermediate state */
211 FLUSH_TYPE_REIMPORT,
212};
213
214/* finalization function for hash algorithms */
215enum finalization_type {
216 FINALIZATION_TYPE_FINAL, /* use final() */
217 FINALIZATION_TYPE_FINUP, /* use finup() */
218 FINALIZATION_TYPE_DIGEST, /* use digest() */
219};
220
221#define TEST_SG_TOTAL 10000
222
223/**
224 * struct test_sg_division - description of a scatterlist entry
225 *
226 * This struct describes one entry of a scatterlist being constructed to check a
227 * crypto test vector.
228 *
229 * @proportion_of_total: length of this chunk relative to the total length,
230 * given as a proportion out of TEST_SG_TOTAL so that it
231 * scales to fit any test vector
232 * @offset: byte offset into a 2-page buffer at which this chunk will start
233 * @offset_relative_to_alignmask: if true, add the algorithm's alignmask to the
234 * @offset
235 * @flush_type: for hashes, whether an update() should be done now vs.
236 * continuing to accumulate data
6570737c 237 * @nosimd: if doing the pending update(), do it with SIMD disabled?
3f47a03d
EB		 238 */
239struct test_sg_division {
240 unsigned int proportion_of_total;
241 unsigned int offset;
242 bool offset_relative_to_alignmask;
243 enum flush_type flush_type;
6570737c 244 bool nosimd;
3f47a03d
EB		 245};
246
247/**
248 * struct testvec_config - configuration for testing a crypto test vector
249 *
250 * This struct describes the data layout and other parameters with which each
251 * crypto test vector can be tested.
252 *
253 * @name: name of this config, logged for debugging purposes if a test fails
254 * @inplace: operate on the data in-place, if applicable for the algorithm type?
255 * @req_flags: extra request_flags, e.g. CRYPTO_TFM_REQ_MAY_SLEEP
256 * @src_divs: description of how to arrange the source scatterlist
257 * @dst_divs: description of how to arrange the dst scatterlist, if applicable
258 * for the algorithm type. Defaults to @src_divs if unset.
259 * @iv_offset: misalignment of the IV in the range [0..MAX_ALGAPI_ALIGNMASK+1],
260 * where 0 is aligned to a 2*(MAX_ALGAPI_ALIGNMASK+1) byte boundary
261 * @iv_offset_relative_to_alignmask: if true, add the algorithm's alignmask to
262 * the @iv_offset
263 * @finalization_type: what finalization function to use for hashes
6570737c 264 * @nosimd: execute with SIMD disabled? Requires !CRYPTO_TFM_REQ_MAY_SLEEP.
3f47a03d
EB		 265 */
266struct testvec_config {
267 const char *name;
268 bool inplace;
269 u32 req_flags;
270 struct test_sg_division src_divs[XBUFSIZE];
271 struct test_sg_division dst_divs[XBUFSIZE];
272 unsigned int iv_offset;
273 bool iv_offset_relative_to_alignmask;
274 enum finalization_type finalization_type;
6570737c 275 bool nosimd;
3f47a03d
EB		 276};
277
278#define TESTVEC_CONFIG_NAMELEN 192
279
4e7babba
EB		 280/*
281 * The following are the lists of testvec_configs to test for each algorithm
282 * type when the basic crypto self-tests are enabled, i.e. when
283 * CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is unset. They aim to provide good test
284 * coverage, while keeping the test time much shorter than the full fuzz tests
285 * so that the basic tests can be enabled in a wider range of circumstances.
286 */
287
288/* Configs for skciphers and aeads */
289static const struct testvec_config default_cipher_testvec_configs[] = {
290 {
291 .name = "in-place",
292 .inplace = true,
293 .src_divs = { { .proportion_of_total = 10000 } },
294 }, {
295 .name = "out-of-place",
296 .src_divs = { { .proportion_of_total = 10000 } },
297 }, {
298 .name = "unaligned buffer, offset=1",
299 .src_divs = { { .proportion_of_total = 10000, .offset = 1 } },
300 .iv_offset = 1,
301 }, {
302 .name = "buffer aligned only to alignmask",
303 .src_divs = {
304 {
305 .proportion_of_total = 10000,
306 .offset = 1,
307 .offset_relative_to_alignmask = true,
308 },
309 },
310 .iv_offset = 1,
311 .iv_offset_relative_to_alignmask = true,
312 }, {
313 .name = "two even aligned splits",
314 .src_divs = {
315 { .proportion_of_total = 5000 },
316 { .proportion_of_total = 5000 },
317 },
318 }, {
319 .name = "uneven misaligned splits, may sleep",
320 .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP,
321 .src_divs = {
322 { .proportion_of_total = 1900, .offset = 33 },
323 { .proportion_of_total = 3300, .offset = 7 },
324 { .proportion_of_total = 4800, .offset = 18 },
325 },
326 .iv_offset = 3,
327 }, {
328 .name = "misaligned splits crossing pages, inplace",
329 .inplace = true,
330 .src_divs = {
331 {
332 .proportion_of_total = 7500,
333 .offset = PAGE_SIZE - 32
334 }, {
335 .proportion_of_total = 2500,
336 .offset = PAGE_SIZE - 7
337 },
338 },
339 }
340};
341
4cc2dcf9
EB		 342static const struct testvec_config default_hash_testvec_configs[] = {
343 {
344 .name = "init+update+final aligned buffer",
345 .src_divs = { { .proportion_of_total = 10000 } },
346 .finalization_type = FINALIZATION_TYPE_FINAL,
347 }, {
348 .name = "init+finup aligned buffer",
349 .src_divs = { { .proportion_of_total = 10000 } },
350 .finalization_type = FINALIZATION_TYPE_FINUP,
351 }, {
352 .name = "digest aligned buffer",
353 .src_divs = { { .proportion_of_total = 10000 } },
354 .finalization_type = FINALIZATION_TYPE_DIGEST,
355 }, {
356 .name = "init+update+final misaligned buffer",
357 .src_divs = { { .proportion_of_total = 10000, .offset = 1 } },
358 .finalization_type = FINALIZATION_TYPE_FINAL,
359 }, {
360 .name = "digest buffer aligned only to alignmask",
361 .src_divs = {
362 {
363 .proportion_of_total = 10000,
364 .offset = 1,
365 .offset_relative_to_alignmask = true,
366 },
367 },
368 .finalization_type = FINALIZATION_TYPE_DIGEST,
369 }, {
370 .name = "init+update+update+final two even splits",
371 .src_divs = {
372 { .proportion_of_total = 5000 },
373 {
374 .proportion_of_total = 5000,
375 .flush_type = FLUSH_TYPE_FLUSH,
376 },
377 },
378 .finalization_type = FINALIZATION_TYPE_FINAL,
379 }, {
380 .name = "digest uneven misaligned splits, may sleep",
381 .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP,
382 .src_divs = {
383 { .proportion_of_total = 1900, .offset = 33 },
384 { .proportion_of_total = 3300, .offset = 7 },
385 { .proportion_of_total = 4800, .offset = 18 },
386 },
387 .finalization_type = FINALIZATION_TYPE_DIGEST,
388 }, {
389 .name = "digest misaligned splits crossing pages",
390 .src_divs = {
391 {
392 .proportion_of_total = 7500,
393 .offset = PAGE_SIZE - 32,
394 }, {
395 .proportion_of_total = 2500,
396 .offset = PAGE_SIZE - 7,
397 },
398 },
399 .finalization_type = FINALIZATION_TYPE_DIGEST,
400 }, {
401 .name = "import/export",
402 .src_divs = {
403 {
404 .proportion_of_total = 6500,
405 .flush_type = FLUSH_TYPE_REIMPORT,
406 }, {
407 .proportion_of_total = 3500,
408 .flush_type = FLUSH_TYPE_REIMPORT,
409 },
410 },
411 .finalization_type = FINALIZATION_TYPE_FINAL,
412 }
413};
414
3f47a03d
EB		 415static unsigned int count_test_sg_divisions(const struct test_sg_division *divs)
416{
417 unsigned int remaining = TEST_SG_TOTAL;
418 unsigned int ndivs = 0;
419
420 do {
421 remaining -= divs[ndivs++].proportion_of_total;
422 } while (remaining);
423
424 return ndivs;
425}
426
6570737c
EB		 427#define SGDIVS_HAVE_FLUSHES BIT(0)
428#define SGDIVS_HAVE_NOSIMD BIT(1)
429
3f47a03d 430static bool valid_sg_divisions(const struct test_sg_division *divs,
6570737c 431 unsigned int count, int *flags_ret)
3f47a03d
EB		 432{
433 unsigned int total = 0;
434 unsigned int i;
435
436 for (i = 0; i < count && total != TEST_SG_TOTAL; i++) {
437 if (divs[i].proportion_of_total <= 0 ||
438 divs[i].proportion_of_total > TEST_SG_TOTAL - total)
439 return false;
440 total += divs[i].proportion_of_total;
441 if (divs[i].flush_type != FLUSH_TYPE_NONE)
6570737c
EB		 442 *flags_ret |= SGDIVS_HAVE_FLUSHES;
443 if (divs[i].nosimd)
444 *flags_ret |= SGDIVS_HAVE_NOSIMD;
3f47a03d
EB		 445 }
446 return total == TEST_SG_TOTAL &&
447 memchr_inv(&divs[i], 0, (count - i) * sizeof(divs[0])) == NULL;
448}
449
450/*
451 * Check whether the given testvec_config is valid. This isn't strictly needed
452 * since every testvec_config should be valid, but check anyway so that people
453 * don't unknowingly add broken configs that don't do what they wanted.
454 */
455static bool valid_testvec_config(const struct testvec_config *cfg)
456{
6570737c 457 int flags = 0;
3f47a03d
EB		 458
459 if (cfg->name == NULL)
460 return false;
461
462 if (!valid_sg_divisions(cfg->src_divs, ARRAY_SIZE(cfg->src_divs),
6570737c 463 &flags))
3f47a03d
EB		 464 return false;
465
466 if (cfg->dst_divs[0].proportion_of_total) {
467 if (!valid_sg_divisions(cfg->dst_divs,
6570737c 468 ARRAY_SIZE(cfg->dst_divs), &flags))
3f47a03d
EB		 469 return false;
470 } else {
471 if (memchr_inv(cfg->dst_divs, 0, sizeof(cfg->dst_divs)))
472 return false;
473 /* defaults to dst_divs=src_divs */
474 }
475
476 if (cfg->iv_offset +
477 (cfg->iv_offset_relative_to_alignmask ? MAX_ALGAPI_ALIGNMASK : 0) >
478 MAX_ALGAPI_ALIGNMASK + 1)
479 return false;
480
6570737c
EB		 481 if ((flags & (SGDIVS_HAVE_FLUSHES | SGDIVS_HAVE_NOSIMD)) &&
482 cfg->finalization_type == FINALIZATION_TYPE_DIGEST)
483 return false;
484
485 if ((cfg->nosimd || (flags & SGDIVS_HAVE_NOSIMD)) &&
486 (cfg->req_flags & CRYPTO_TFM_REQ_MAY_SLEEP))
3f47a03d
EB		 487 return false;
488
489 return true;
490}
491
492struct test_sglist {
493 char *bufs[XBUFSIZE];
494 struct scatterlist sgl[XBUFSIZE];
495 struct scatterlist sgl_saved[XBUFSIZE];
496 struct scatterlist *sgl_ptr;
497 unsigned int nents;
498};
499
500static int init_test_sglist(struct test_sglist *tsgl)
501{
502 return __testmgr_alloc_buf(tsgl->bufs, 1 /* two pages per buffer */);
503}
504
505static void destroy_test_sglist(struct test_sglist *tsgl)
506{
507 return __testmgr_free_buf(tsgl->bufs, 1 /* two pages per buffer */);
508}
509
510/**
511 * build_test_sglist() - build a scatterlist for a crypto test
512 *
513 * @tsgl: the scatterlist to build. @tsgl->bufs[] contains an array of 2-page
514 * buffers which the scatterlist @tsgl->sgl[] will be made to point into.
515 * @divs: the layout specification on which the scatterlist will be based
516 * @alignmask: the algorithm's alignmask
517 * @total_len: the total length of the scatterlist to build in bytes
518 * @data: if non-NULL, the buffers will be filled with this data until it ends.
519 * Otherwise the buffers will be poisoned. In both cases, some bytes
520 * past the end of each buffer will be poisoned to help detect overruns.
521 * @out_divs: if non-NULL, the test_sg_division to which each scatterlist entry
522 * corresponds will be returned here. This will match @divs except
523 * that divisions resolving to a length of 0 are omitted as they are
524 * not included in the scatterlist.
525 *
526 * Return: 0 or a -errno value
527 */
528static int build_test_sglist(struct test_sglist *tsgl,
529 const struct test_sg_division *divs,
530 const unsigned int alignmask,
531 const unsigned int total_len,
532 struct iov_iter *data,
533 const struct test_sg_division *out_divs[XBUFSIZE])
534{
535 struct {
536 const struct test_sg_division *div;
537 size_t length;
538 } partitions[XBUFSIZE];
539 const unsigned int ndivs = count_test_sg_divisions(divs);
540 unsigned int len_remaining = total_len;
541 unsigned int i;
542
543 BUILD_BUG_ON(ARRAY_SIZE(partitions) != ARRAY_SIZE(tsgl->sgl));
544 if (WARN_ON(ndivs > ARRAY_SIZE(partitions)))
545 return -EINVAL;
546
547 /* Calculate the (div, length) pairs */
548 tsgl->nents = 0;
549 for (i = 0; i < ndivs; i++) {
550 unsigned int len_this_sg =
551 min(len_remaining,
552 (total_len * divs[i].proportion_of_total +
553 TEST_SG_TOTAL / 2) / TEST_SG_TOTAL);
554
555 if (len_this_sg != 0) {
556 partitions[tsgl->nents].div = &divs[i];
557 partitions[tsgl->nents].length = len_this_sg;
558 tsgl->nents++;
559 len_remaining -= len_this_sg;
560 }
561 }
562 if (tsgl->nents == 0) {
563 partitions[tsgl->nents].div = &divs[0];
564 partitions[tsgl->nents].length = 0;
565 tsgl->nents++;
566 }
567 partitions[tsgl->nents - 1].length += len_remaining;
568
569 /* Set up the sgl entries and fill the data or poison */
570 sg_init_table(tsgl->sgl, tsgl->nents);
571 for (i = 0; i < tsgl->nents; i++) {
572 unsigned int offset = partitions[i].div->offset;
573 void *addr;
574
575 if (partitions[i].div->offset_relative_to_alignmask)
576 offset += alignmask;
577
578 while (offset + partitions[i].length + TESTMGR_POISON_LEN >
579 2 * PAGE_SIZE) {
580 if (WARN_ON(offset <= 0))
581 return -EINVAL;
582 offset /= 2;
583 }
584
585 addr = &tsgl->bufs[i][offset];
586 sg_set_buf(&tsgl->sgl[i], addr, partitions[i].length);
587
588 if (out_divs)
589 out_divs[i] = partitions[i].div;
590
591 if (data) {
592 size_t copy_len, copied;
593
594 copy_len = min(partitions[i].length, data->count);
595 copied = copy_from_iter(addr, copy_len, data);
596 if (WARN_ON(copied != copy_len))
597 return -EINVAL;
598 testmgr_poison(addr + copy_len, partitions[i].length +
599 TESTMGR_POISON_LEN - copy_len);
600 } else {
601 testmgr_poison(addr, partitions[i].length +
602 TESTMGR_POISON_LEN);
603 }
604 }
605
606 sg_mark_end(&tsgl->sgl[tsgl->nents - 1]);
607 tsgl->sgl_ptr = tsgl->sgl;
608 memcpy(tsgl->sgl_saved, tsgl->sgl, tsgl->nents * sizeof(tsgl->sgl[0]));
609 return 0;
610}
611
612/*
613 * Verify that a scatterlist crypto operation produced the correct output.
614 *
615 * @tsgl: scatterlist containing the actual output
616 * @expected_output: buffer containing the expected output
617 * @len_to_check: length of @expected_output in bytes
618 * @unchecked_prefix_len: number of ignored bytes in @tsgl prior to real result
619 * @check_poison: verify that the poison bytes after each chunk are intact?
620 *
621 * Return: 0 if correct, -EINVAL if incorrect, -EOVERFLOW if buffer overrun.
622 */
623static int verify_correct_output(const struct test_sglist *tsgl,
624 const char *expected_output,
625 unsigned int len_to_check,
626 unsigned int unchecked_prefix_len,
627 bool check_poison)
628{
629 unsigned int i;
630
631 for (i = 0; i < tsgl->nents; i++) {
632 struct scatterlist *sg = &tsgl->sgl_ptr[i];
633 unsigned int len = sg->length;
634 unsigned int offset = sg->offset;
635 const char *actual_output;
636
637 if (unchecked_prefix_len) {
638 if (unchecked_prefix_len >= len) {
639 unchecked_prefix_len -= len;
640 continue;
641 }
642 offset += unchecked_prefix_len;
643 len -= unchecked_prefix_len;
644 unchecked_prefix_len = 0;
645 }
646 len = min(len, len_to_check);
647 actual_output = page_address(sg_page(sg)) + offset;
648 if (memcmp(expected_output, actual_output, len) != 0)
649 return -EINVAL;
650 if (check_poison &&
651 !testmgr_is_poison(actual_output + len, TESTMGR_POISON_LEN))
652 return -EOVERFLOW;
653 len_to_check -= len;
654 expected_output += len;
655 }
656 if (WARN_ON(len_to_check != 0))
657 return -EINVAL;
658 return 0;
659}
660
661static bool is_test_sglist_corrupted(const struct test_sglist *tsgl)
662{
663 unsigned int i;
664
665 for (i = 0; i < tsgl->nents; i++) {
666 if (tsgl->sgl[i].page_link != tsgl->sgl_saved[i].page_link)
667 return true;
668 if (tsgl->sgl[i].offset != tsgl->sgl_saved[i].offset)
669 return true;
670 if (tsgl->sgl[i].length != tsgl->sgl_saved[i].length)
671 return true;
672 }
673 return false;
674}
675
676struct cipher_test_sglists {
677 struct test_sglist src;
678 struct test_sglist dst;
679};
680
681static struct cipher_test_sglists *alloc_cipher_test_sglists(void)
682{
683 struct cipher_test_sglists *tsgls;
684
685 tsgls = kmalloc(sizeof(*tsgls), GFP_KERNEL);
686 if (!tsgls)
687 return NULL;
688
689 if (init_test_sglist(&tsgls->src) != 0)
690 goto fail_kfree;
691 if (init_test_sglist(&tsgls->dst) != 0)
692 goto fail_destroy_src;
693
694 return tsgls;
695
696fail_destroy_src:
697 destroy_test_sglist(&tsgls->src);
698fail_kfree:
699 kfree(tsgls);
700 return NULL;
701}
702
703static void free_cipher_test_sglists(struct cipher_test_sglists *tsgls)
704{
705 if (tsgls) {
706 destroy_test_sglist(&tsgls->src);
707 destroy_test_sglist(&tsgls->dst);
708 kfree(tsgls);
709 }
710}
711
712/* Build the src and dst scatterlists for an skcipher or AEAD test */
713static int build_cipher_test_sglists(struct cipher_test_sglists *tsgls,
714 const struct testvec_config *cfg,
715 unsigned int alignmask,
716 unsigned int src_total_len,
717 unsigned int dst_total_len,
718 const struct kvec *inputs,
719 unsigned int nr_inputs)
720{
721 struct iov_iter input;
722 int err;
723
724 iov_iter_kvec(&input, WRITE, inputs, nr_inputs, src_total_len);
725 err = build_test_sglist(&tsgls->src, cfg->src_divs, alignmask,
726 cfg->inplace ?
727 max(dst_total_len, src_total_len) :
728 src_total_len,
729 &input, NULL);
730 if (err)
731 return err;
732
733 if (cfg->inplace) {
734 tsgls->dst.sgl_ptr = tsgls->src.sgl;
735 tsgls->dst.nents = tsgls->src.nents;
736 return 0;
737 }
738 return build_test_sglist(&tsgls->dst,
739 cfg->dst_divs[0].proportion_of_total ?
740 cfg->dst_divs : cfg->src_divs,
741 alignmask, dst_total_len, NULL, NULL);
f8b0d4d0
HX		 742}
743
25f9dddb
EB		 744#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
745static char *generate_random_sgl_divisions(struct test_sg_division *divs,
746 size_t max_divs, char *p, char *end,
6570737c 747 bool gen_flushes, u32 req_flags)
25f9dddb
EB		 748{
749 struct test_sg_division *div = divs;
750 unsigned int remaining = TEST_SG_TOTAL;
751
752 do {
753 unsigned int this_len;
6570737c 754 const char *flushtype_str;
25f9dddb
EB		 755
756 if (div == &divs[max_divs - 1] || prandom_u32() % 2 == 0)
757 this_len = remaining;
758 else
759 this_len = 1 + (prandom_u32() % remaining);
760 div->proportion_of_total = this_len;
761
762 if (prandom_u32() % 4 == 0)
763 div->offset = (PAGE_SIZE - 128) + (prandom_u32() % 128);
764 else if (prandom_u32() % 2 == 0)
765 div->offset = prandom_u32() % 32;
766 else
767 div->offset = prandom_u32() % PAGE_SIZE;
768 if (prandom_u32() % 8 == 0)
769 div->offset_relative_to_alignmask = true;
770
771 div->flush_type = FLUSH_TYPE_NONE;
772 if (gen_flushes) {
773 switch (prandom_u32() % 4) {
774 case 0:
775 div->flush_type = FLUSH_TYPE_REIMPORT;
776 break;
777 case 1:
778 div->flush_type = FLUSH_TYPE_FLUSH;
779 break;
780 }
781 }
782
6570737c
EB		 783 if (div->flush_type != FLUSH_TYPE_NONE &&
784 !(req_flags & CRYPTO_TFM_REQ_MAY_SLEEP) &&
785 prandom_u32() % 2 == 0)
786 div->nosimd = true;
787
788 switch (div->flush_type) {
789 case FLUSH_TYPE_FLUSH:
790 if (div->nosimd)
791 flushtype_str = "<flush,nosimd>";
792 else
793 flushtype_str = "<flush>";
794 break;
795 case FLUSH_TYPE_REIMPORT:
796 if (div->nosimd)
797 flushtype_str = "<reimport,nosimd>";
798 else
799 flushtype_str = "<reimport>";
800 break;
801 default:
802 flushtype_str = "";
803 break;
804 }
805
25f9dddb 806 BUILD_BUG_ON(TEST_SG_TOTAL != 10000); /* for "%u.%u%%" */
6570737c 807 p += scnprintf(p, end - p, "%s%u.%u%%@%s+%u%s", flushtype_str,
25f9dddb
EB		 808 this_len / 100, this_len % 100,
809 div->offset_relative_to_alignmask ?
810 "alignmask" : "",
811 div->offset, this_len == remaining ? "" : ", ");
812 remaining -= this_len;
813 div++;
814 } while (remaining);
815
816 return p;
817}
818
819/* Generate a random testvec_config for fuzz testing */
820static void generate_random_testvec_config(struct testvec_config *cfg,
821 char *name, size_t max_namelen)
822{
823 char *p = name;
824 char * const end = name + max_namelen;
825
826 memset(cfg, 0, sizeof(*cfg));
827
828 cfg->name = name;
829
830 p += scnprintf(p, end - p, "random:");
831
832 if (prandom_u32() % 2 == 0) {
833 cfg->inplace = true;
834 p += scnprintf(p, end - p, " inplace");
835 }
836
837 if (prandom_u32() % 2 == 0) {
838 cfg->req_flags |= CRYPTO_TFM_REQ_MAY_SLEEP;
839 p += scnprintf(p, end - p, " may_sleep");
840 }
841
842 switch (prandom_u32() % 4) {
843 case 0:
844 cfg->finalization_type = FINALIZATION_TYPE_FINAL;
845 p += scnprintf(p, end - p, " use_final");
846 break;
847 case 1:
848 cfg->finalization_type = FINALIZATION_TYPE_FINUP;
849 p += scnprintf(p, end - p, " use_finup");
850 break;
851 default:
852 cfg->finalization_type = FINALIZATION_TYPE_DIGEST;
853 p += scnprintf(p, end - p, " use_digest");
854 break;
855 }
856
6570737c
EB		 857 if (!(cfg->req_flags & CRYPTO_TFM_REQ_MAY_SLEEP) &&
858 prandom_u32() % 2 == 0) {
859 cfg->nosimd = true;
860 p += scnprintf(p, end - p, " nosimd");
861 }
862
25f9dddb
EB		 863 p += scnprintf(p, end - p, " src_divs=[");
864 p = generate_random_sgl_divisions(cfg->src_divs,
865 ARRAY_SIZE(cfg->src_divs), p, end,
866 (cfg->finalization_type !=
6570737c
EB		 867 FINALIZATION_TYPE_DIGEST),
868 cfg->req_flags);
25f9dddb
EB		 869 p += scnprintf(p, end - p, "]");
870
871 if (!cfg->inplace && prandom_u32() % 2 == 0) {
872 p += scnprintf(p, end - p, " dst_divs=[");
873 p = generate_random_sgl_divisions(cfg->dst_divs,
874 ARRAY_SIZE(cfg->dst_divs),
6570737c
EB		 875 p, end, false,
876 cfg->req_flags);
25f9dddb
EB		 877 p += scnprintf(p, end - p, "]");
878 }
879
880 if (prandom_u32() % 2 == 0) {
881 cfg->iv_offset = 1 + (prandom_u32() % MAX_ALGAPI_ALIGNMASK);
882 p += scnprintf(p, end - p, " iv_offset=%u", cfg->iv_offset);
883 }
884
885 WARN_ON_ONCE(!valid_testvec_config(cfg));
886}
b55e1a39
EB		 887
888static void crypto_disable_simd_for_test(void)
889{
890 preempt_disable();
891 __this_cpu_write(crypto_simd_disabled_for_test, true);
892}
893
894static void crypto_reenable_simd_for_test(void)
895{
896 __this_cpu_write(crypto_simd_disabled_for_test, false);
897 preempt_enable();
898}
899#else /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */
900static void crypto_disable_simd_for_test(void)
901{
902}
903
904static void crypto_reenable_simd_for_test(void)
905{
906}
907#endif /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */
25f9dddb 908
6570737c
EB		 909static int do_ahash_op(int (*op)(struct ahash_request *req),
910 struct ahash_request *req,
911 struct crypto_wait *wait, bool nosimd)
912{
913 int err;
914
915 if (nosimd)
916 crypto_disable_simd_for_test();
917
918 err = op(req);
919
920 if (nosimd)
921 crypto_reenable_simd_for_test();
922
923 return crypto_wait_req(err, wait);
924}
925
4cc2dcf9
EB		 926static int check_nonfinal_hash_op(const char *op, int err,
927 u8 *result, unsigned int digestsize,
928 const char *driver, unsigned int vec_num,
929 const struct testvec_config *cfg)
466d7b9f 930{
4cc2dcf9
EB		 931 if (err) {
932 pr_err("alg: hash: %s %s() failed with err %d on test vector %u, cfg=\"%s\"\n",
933 driver, op, err, vec_num, cfg->name);
934 return err;
018ba95c 935 }
4cc2dcf9
EB		 936 if (!testmgr_is_poison(result, digestsize)) {
937 pr_err("alg: hash: %s %s() used result buffer on test vector %u, cfg=\"%s\"\n",
938 driver, op, vec_num, cfg->name);
939 return -EINVAL;
466d7b9f 940 }
4cc2dcf9 941 return 0;
018ba95c
WR		 942}
943
4cc2dcf9
EB		 944static int test_hash_vec_cfg(const char *driver,
945 const struct hash_testvec *vec,
946 unsigned int vec_num,
947 const struct testvec_config *cfg,
948 struct ahash_request *req,
949 struct test_sglist *tsgl,
950 u8 *hashstate)
da7f033d 951{
4cc2dcf9
EB		 952 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
953 const unsigned int alignmask = crypto_ahash_alignmask(tfm);
954 const unsigned int digestsize = crypto_ahash_digestsize(tfm);
955 const unsigned int statesize = crypto_ahash_statesize(tfm);
956 const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags;
957 const struct test_sg_division *divs[XBUFSIZE];
958 DECLARE_CRYPTO_WAIT(wait);
959 struct kvec _input;
960 struct iov_iter input;
961 unsigned int i;
962 struct scatterlist *pending_sgl;
963 unsigned int pending_len;
964 u8 result[HASH_MAX_DIGESTSIZE + TESTMGR_POISON_LEN];
965 int err;
da7f033d 966
4cc2dcf9
EB		 967 /* Set the key, if specified */
968 if (vec->ksize) {
969 err = crypto_ahash_setkey(tfm, vec->key, vec->ksize);
970 if (err) {
971 pr_err("alg: hash: %s setkey failed with err %d on test vector %u; flags=%#x\n",
972 driver, err, vec_num,
973 crypto_ahash_get_flags(tfm));
974 return err;
975 }
976 }
da7f033d 977
4cc2dcf9
EB		 978 /* Build the scatterlist for the source data */
979 _input.iov_base = (void *)vec->plaintext;
980 _input.iov_len = vec->psize;
981 iov_iter_kvec(&input, WRITE, &_input, 1, vec->psize);
982 err = build_test_sglist(tsgl, cfg->src_divs, alignmask, vec->psize,
983 &input, divs);
984 if (err) {
985 pr_err("alg: hash: %s: error preparing scatterlist for test vector %u, cfg=\"%s\"\n",
986 driver, vec_num, cfg->name);
987 return err;
da7f033d 988 }
da7f033d 989
4cc2dcf9 990 /* Do the actual hashing */
a0cfae59 991
4cc2dcf9
EB		 992 testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm));
993 testmgr_poison(result, digestsize + TESTMGR_POISON_LEN);
da5ffe11 994
4cc2dcf9
EB		 995 if (cfg->finalization_type == FINALIZATION_TYPE_DIGEST) {
996 /* Just using digest() */
997 ahash_request_set_callback(req, req_flags, crypto_req_done,
998 &wait);
999 ahash_request_set_crypt(req, tsgl->sgl, result, vec->psize);
6570737c 1000 err = do_ahash_op(crypto_ahash_digest, req, &wait, cfg->nosimd);
4cc2dcf9
EB		 1001 if (err) {
1002 pr_err("alg: hash: %s digest() failed with err %d on test vector %u, cfg=\"%s\"\n",
1003 driver, err, vec_num, cfg->name);
1004 return err;
1005 }
1006 goto result_ready;
1007 }
da7f033d 1008
4cc2dcf9 1009 /* Using init(), zero or more update(), then final() or finup() */
da7f033d 1010
4cc2dcf9
EB		 1011 ahash_request_set_callback(req, req_flags, crypto_req_done, &wait);
1012 ahash_request_set_crypt(req, NULL, result, 0);
6570737c 1013 err = do_ahash_op(crypto_ahash_init, req, &wait, cfg->nosimd);
4cc2dcf9
EB		 1014 err = check_nonfinal_hash_op("init", err, result, digestsize,
1015 driver, vec_num, cfg);
1016 if (err)
1017 return err;
da7f033d 1018
4cc2dcf9
EB		 1019 pending_sgl = NULL;
1020 pending_len = 0;
1021 for (i = 0; i < tsgl->nents; i++) {
1022 if (divs[i]->flush_type != FLUSH_TYPE_NONE &&
1023 pending_sgl != NULL) {
1024 /* update() with the pending data */
1025 ahash_request_set_callback(req, req_flags,
1026 crypto_req_done, &wait);
1027 ahash_request_set_crypt(req, pending_sgl, result,
1028 pending_len);
6570737c
EB		 1029 err = do_ahash_op(crypto_ahash_update, req, &wait,
1030 divs[i]->nosimd);
4cc2dcf9
EB		 1031 err = check_nonfinal_hash_op("update", err,
1032 result, digestsize,
1033 driver, vec_num, cfg);
1034 if (err)
1035 return err;
1036 pending_sgl = NULL;
1037 pending_len = 0;
da7f033d 1038 }
4cc2dcf9
EB		 1039 if (divs[i]->flush_type == FLUSH_TYPE_REIMPORT) {
1040 /* Test ->export() and ->import() */
1041 testmgr_poison(hashstate + statesize,
1042 TESTMGR_POISON_LEN);
1043 err = crypto_ahash_export(req, hashstate);
1044 err = check_nonfinal_hash_op("export", err,
1045 result, digestsize,
1046 driver, vec_num, cfg);
1047 if (err)
1048 return err;
1049 if (!testmgr_is_poison(hashstate + statesize,
1050 TESTMGR_POISON_LEN)) {
1051 pr_err("alg: hash: %s export() overran state buffer on test vector %u, cfg=\"%s\"\n",
1052 driver, vec_num, cfg->name);
1053 return -EOVERFLOW;
da7f033d 1054 }
76715095 1055
4cc2dcf9
EB		 1056 testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm));
1057 err = crypto_ahash_import(req, hashstate);
1058 err = check_nonfinal_hash_op("import", err,
1059 result, digestsize,
1060 driver, vec_num, cfg);
1061 if (err)
1062 return err;
da7f033d 1063 }
4cc2dcf9
EB		 1064 if (pending_sgl == NULL)
1065 pending_sgl = &tsgl->sgl[i];
1066 pending_len += tsgl->sgl[i].length;
1067 }
da7f033d 1068
4cc2dcf9
EB		 1069 ahash_request_set_callback(req, req_flags, crypto_req_done, &wait);
1070 ahash_request_set_crypt(req, pending_sgl, result, pending_len);
1071 if (cfg->finalization_type == FINALIZATION_TYPE_FINAL) {
1072 /* finish with update() and final() */
6570737c 1073 err = do_ahash_op(crypto_ahash_update, req, &wait, cfg->nosimd);
4cc2dcf9
EB		 1074 err = check_nonfinal_hash_op("update", err, result, digestsize,
1075 driver, vec_num, cfg);
1076 if (err)
1077 return err;
6570737c 1078 err = do_ahash_op(crypto_ahash_final, req, &wait, cfg->nosimd);
4cc2dcf9
EB		 1079 if (err) {
1080 pr_err("alg: hash: %s final() failed with err %d on test vector %u, cfg=\"%s\"\n",
1081 driver, err, vec_num, cfg->name);
1082 return err;
1083 }
1084 } else {
1085 /* finish with finup() */
6570737c 1086 err = do_ahash_op(crypto_ahash_finup, req, &wait, cfg->nosimd);
4cc2dcf9
EB		 1087 if (err) {
1088 pr_err("alg: hash: %s finup() failed with err %d on test vector %u, cfg=\"%s\"\n",
1089 driver, err, vec_num, cfg->name);
1090 return err;
da7f033d
HX		 1091 }
1092 }
1093
4cc2dcf9
EB		 1094result_ready:
1095 /* Check that the algorithm produced the correct digest */
1096 if (memcmp(result, vec->digest, digestsize) != 0) {
1097 pr_err("alg: hash: %s test failed (wrong result) on test vector %u, cfg=\"%s\"\n",
1098 driver, vec_num, cfg->name);
1099 return -EINVAL;
1100 }
1101 if (!testmgr_is_poison(&result[digestsize], TESTMGR_POISON_LEN)) {
1102 pr_err("alg: hash: %s overran result buffer on test vector %u, cfg=\"%s\"\n",
1103 driver, vec_num, cfg->name);
1104 return -EOVERFLOW;
1105 }
da5ffe11 1106
4cc2dcf9
EB		 1107 return 0;
1108}
da7f033d 1109
4cc2dcf9
EB		 1110static int test_hash_vec(const char *driver, const struct hash_testvec *vec,
1111 unsigned int vec_num, struct ahash_request *req,
1112 struct test_sglist *tsgl, u8 *hashstate)
1113{
1114 unsigned int i;
1115 int err;
da7f033d 1116
4cc2dcf9
EB		 1117 for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++) {
1118 err = test_hash_vec_cfg(driver, vec, vec_num,
1119 &default_hash_testvec_configs[i],
1120 req, tsgl, hashstate);
1121 if (err)
1122 return err;
1123 }
5f2b424e 1124
4cc2dcf9
EB		 1125#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
1126 if (!noextratests) {
1127 struct testvec_config cfg;
1128 char cfgname[TESTVEC_CONFIG_NAMELEN];
5f2b424e 1129
4cc2dcf9
EB		 1130 for (i = 0; i < fuzz_iterations; i++) {
1131 generate_random_testvec_config(&cfg, cfgname,
1132 sizeof(cfgname));
1133 err = test_hash_vec_cfg(driver, vec, vec_num, &cfg,
1134 req, tsgl, hashstate);
1135 if (err)
1136 return err;
018ba95c
WR		 1137 }
1138 }
4cc2dcf9
EB		 1139#endif
1140 return 0;
1141}
018ba95c 1142
4cc2dcf9
EB		 1143static int __alg_test_hash(const struct hash_testvec *vecs,
1144 unsigned int num_vecs, const char *driver,
1145 u32 type, u32 mask)
1146{
1147 struct crypto_ahash *tfm;
1148 struct ahash_request *req = NULL;
1149 struct test_sglist *tsgl = NULL;
1150 u8 *hashstate = NULL;
1151 unsigned int i;
1152 int err;
018ba95c 1153
4cc2dcf9
EB		 1154 tfm = crypto_alloc_ahash(driver, type, mask);
1155 if (IS_ERR(tfm)) {
1156 pr_err("alg: hash: failed to allocate transform for %s: %ld\n",
1157 driver, PTR_ERR(tfm));
1158 return PTR_ERR(tfm);
1159 }
018ba95c 1160
4cc2dcf9
EB		 1161 req = ahash_request_alloc(tfm, GFP_KERNEL);
1162 if (!req) {
1163 pr_err("alg: hash: failed to allocate request for %s\n",
1164 driver);
1165 err = -ENOMEM;
1166 goto out;
1167 }
018ba95c 1168
4cc2dcf9
EB		 1169 tsgl = kmalloc(sizeof(*tsgl), GFP_KERNEL);
1170 if (!tsgl || init_test_sglist(tsgl) != 0) {
1171 pr_err("alg: hash: failed to allocate test buffers for %s\n",
1172 driver);
1173 kfree(tsgl);
1174 tsgl = NULL;
1175 err = -ENOMEM;
1176 goto out;
1177 }
018ba95c 1178
4cc2dcf9
EB		 1179 hashstate = kmalloc(crypto_ahash_statesize(tfm) + TESTMGR_POISON_LEN,
1180 GFP_KERNEL);
1181 if (!hashstate) {
1182 pr_err("alg: hash: failed to allocate hash state buffer for %s\n",
1183 driver);
1184 err = -ENOMEM;
1185 goto out;
1186 }
018ba95c 1187
4cc2dcf9
EB		 1188 for (i = 0; i < num_vecs; i++) {
1189 err = test_hash_vec(driver, &vecs[i], i, req, tsgl, hashstate);
1190 if (err)
5f2b424e 1191 goto out;
da7f033d 1192 }
4cc2dcf9 1193 err = 0;
da7f033d 1194out:
4cc2dcf9
EB		 1195 kfree(hashstate);
1196 if (tsgl) {
1197 destroy_test_sglist(tsgl);
1198 kfree(tsgl);
1199 }
da7f033d 1200 ahash_request_free(req);
4cc2dcf9
EB		 1201 crypto_free_ahash(tfm);
1202 return err;
da7f033d
HX		 1203}
1204
4cc2dcf9
EB		 1205static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
1206 u32 type, u32 mask)
da5ffe11 1207{
4cc2dcf9
EB		 1208 const struct hash_testvec *template = desc->suite.hash.vecs;
1209 unsigned int tcount = desc->suite.hash.count;
1210 unsigned int nr_unkeyed, nr_keyed;
1211 int err;
da5ffe11 1212
4cc2dcf9
EB		 1213 /*
1214 * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests
1215 * first, before setting a key on the tfm. To make this easier, we
1216 * require that the unkeyed test vectors (if any) are listed first.
1217 */
da5ffe11 1218
4cc2dcf9
EB		 1219 for (nr_unkeyed = 0; nr_unkeyed < tcount; nr_unkeyed++) {
1220 if (template[nr_unkeyed].ksize)
1221 break;
1222 }
1223 for (nr_keyed = 0; nr_unkeyed + nr_keyed < tcount; nr_keyed++) {
1224 if (!template[nr_unkeyed + nr_keyed].ksize) {
1225 pr_err("alg: hash: test vectors for %s out of order, "
1226 "unkeyed ones must come first\n", desc->alg);
1227 return -EINVAL;
1228 }
1229 }
da5ffe11 1230
4cc2dcf9
EB		 1231 err = 0;
1232 if (nr_unkeyed) {
1233 err = __alg_test_hash(template, nr_unkeyed, driver, type, mask);
1234 template += nr_unkeyed;
da5ffe11
JK		 1235 }
1236
4cc2dcf9
EB		 1237 if (!err && nr_keyed)
1238 err = __alg_test_hash(template, nr_keyed, driver, type, mask);
1239
1240 return err;
da5ffe11
JK		 1241}
1242
ed96804f
EB		 1243static int test_aead_vec_cfg(const char *driver, int enc,
1244 const struct aead_testvec *vec,
1245 unsigned int vec_num,
1246 const struct testvec_config *cfg,
1247 struct aead_request *req,
1248 struct cipher_test_sglists *tsgls)
da7f033d 1249{
ed96804f
EB		 1250 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1251 const unsigned int alignmask = crypto_aead_alignmask(tfm);
1252 const unsigned int ivsize = crypto_aead_ivsize(tfm);
1253 const unsigned int authsize = vec->clen - vec->plen;
1254 const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags;
1255 const char *op = enc ? "encryption" : "decryption";
1256 DECLARE_CRYPTO_WAIT(wait);
1257 u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN];
1258 u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) +
1259 cfg->iv_offset +
1260 (cfg->iv_offset_relative_to_alignmask ? alignmask : 0);
1261 struct kvec input[2];
1262 int err;
d8a32ac2 1263
ed96804f
EB		 1264 /* Set the key */
1265 if (vec->wk)
1266 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
da7f033d 1267 else
ed96804f
EB		 1268 crypto_aead_clear_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
1269 err = crypto_aead_setkey(tfm, vec->key, vec->klen);
1270 if (err) {
1271 if (vec->fail) /* expectedly failed to set key? */
1272 return 0;
1273 pr_err("alg: aead: %s setkey failed with err %d on test vector %u; flags=%#x\n",
1274 driver, err, vec_num, crypto_aead_get_flags(tfm));
1275 return err;
da7f033d 1276 }
ed96804f
EB		 1277 if (vec->fail) {
1278 pr_err("alg: aead: %s setkey unexpectedly succeeded on test vector %u\n",
1279 driver, vec_num);
1280 return -EINVAL;
da7f033d
HX		 1281 }
1282
ed96804f
EB		 1283 /* Set the authentication tag size */
1284 err = crypto_aead_setauthsize(tfm, authsize);
1285 if (err) {
1286 pr_err("alg: aead: %s setauthsize failed with err %d on test vector %u\n",
1287 driver, err, vec_num);
1288 return err;
1289 }
8ec25c51 1290
ed96804f
EB		 1291 /* The IV must be copied to a buffer, as the algorithm may modify it */
1292 if (WARN_ON(ivsize > MAX_IVLEN))
1293 return -EINVAL;
1294 if (vec->iv)
1295 memcpy(iv, vec->iv, ivsize);
1296 else
1297 memset(iv, 0, ivsize);
da7f033d 1298
ed96804f
EB		 1299 /* Build the src/dst scatterlists */
1300 input[0].iov_base = (void *)vec->assoc;
1301 input[0].iov_len = vec->alen;
1302 input[1].iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext;
1303 input[1].iov_len = enc ? vec->plen : vec->clen;
1304 err = build_cipher_test_sglists(tsgls, cfg, alignmask,
1305 vec->alen + (enc ? vec->plen :
1306 vec->clen),
1307 vec->alen + (enc ? vec->clen :
1308 vec->plen),
1309 input, 2);
1310 if (err) {
1311 pr_err("alg: aead: %s %s: error preparing scatterlists for test vector %u, cfg=\"%s\"\n",
1312 driver, op, vec_num, cfg->name);
1313 return err;
1314 }
da7f033d 1315
ed96804f
EB		 1316 /* Do the actual encryption or decryption */
1317 testmgr_poison(req->__ctx, crypto_aead_reqsize(tfm));
1318 aead_request_set_callback(req, req_flags, crypto_req_done, &wait);
1319 aead_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr,
1320 enc ? vec->plen : vec->clen, iv);
1321 aead_request_set_ad(req, vec->alen);
6570737c
EB		 1322 if (cfg->nosimd)
1323 crypto_disable_simd_for_test();
1324 err = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);
1325 if (cfg->nosimd)
1326 crypto_reenable_simd_for_test();
1327 err = crypto_wait_req(err, &wait);
ed96804f
EB		 1328 if (err) {
1329 if (err == -EBADMSG && vec->novrfy)
1330 return 0;
1331 pr_err("alg: aead: %s %s failed with err %d on test vector %u, cfg=\"%s\"\n",
1332 driver, op, err, vec_num, cfg->name);
1333 return err;
1334 }
1335 if (vec->novrfy) {
1336 pr_err("alg: aead: %s %s unexpectedly succeeded on test vector %u, cfg=\"%s\"\n",
1337 driver, op, vec_num, cfg->name);
1338 return -EINVAL;
a6e5ef9b
EB		 1339 }
1340
1341 /* Check that the algorithm didn't overwrite things it shouldn't have */
1342 if (req->cryptlen != (enc ? vec->plen : vec->clen) ||
1343 req->assoclen != vec->alen ||
1344 req->iv != iv ||
1345 req->src != tsgls->src.sgl_ptr ||
1346 req->dst != tsgls->dst.sgl_ptr ||
1347 crypto_aead_reqtfm(req) != tfm ||
1348 req->base.complete != crypto_req_done ||
1349 req->base.flags != req_flags ||
1350 req->base.data != &wait) {
1351 pr_err("alg: aead: %s %s corrupted request struct on test vector %u, cfg=\"%s\"\n",
1352 driver, op, vec_num, cfg->name);
1353 if (req->cryptlen != (enc ? vec->plen : vec->clen))
1354 pr_err("alg: aead: changed 'req->cryptlen'\n");
1355 if (req->assoclen != vec->alen)
1356 pr_err("alg: aead: changed 'req->assoclen'\n");
1357 if (req->iv != iv)
1358 pr_err("alg: aead: changed 'req->iv'\n");
1359 if (req->src != tsgls->src.sgl_ptr)
1360 pr_err("alg: aead: changed 'req->src'\n");
1361 if (req->dst != tsgls->dst.sgl_ptr)
1362 pr_err("alg: aead: changed 'req->dst'\n");
1363 if (crypto_aead_reqtfm(req) != tfm)
1364 pr_err("alg: aead: changed 'req->base.tfm'\n");
1365 if (req->base.complete != crypto_req_done)
1366 pr_err("alg: aead: changed 'req->base.complete'\n");
1367 if (req->base.flags != req_flags)
1368 pr_err("alg: aead: changed 'req->base.flags'\n");
1369 if (req->base.data != &wait)
1370 pr_err("alg: aead: changed 'req->base.data'\n");
1371 return -EINVAL;
1372 }
1373 if (is_test_sglist_corrupted(&tsgls->src)) {
1374 pr_err("alg: aead: %s %s corrupted src sgl on test vector %u, cfg=\"%s\"\n",
1375 driver, op, vec_num, cfg->name);
1376 return -EINVAL;
1377 }
1378 if (tsgls->dst.sgl_ptr != tsgls->src.sgl &&
1379 is_test_sglist_corrupted(&tsgls->dst)) {
1380 pr_err("alg: aead: %s %s corrupted dst sgl on test vector %u, cfg=\"%s\"\n",
1381 driver, op, vec_num, cfg->name);
1382 return -EINVAL;
ed96804f 1383 }
da7f033d 1384
ed96804f
EB		 1385 /* Check for the correct output (ciphertext or plaintext) */
1386 err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext,
1387 enc ? vec->clen : vec->plen,
1388 vec->alen, enc || !cfg->inplace);
1389 if (err == -EOVERFLOW) {
1390 pr_err("alg: aead: %s %s overran dst buffer on test vector %u, cfg=\"%s\"\n",
1391 driver, op, vec_num, cfg->name);
1392 return err;
1393 }
1394 if (err) {
1395 pr_err("alg: aead: %s %s test failed (wrong result) on test vector %u, cfg=\"%s\"\n",
1396 driver, op, vec_num, cfg->name);
1397 return err;
1398 }
da7f033d 1399
ed96804f
EB		 1400 return 0;
1401}
da7f033d 1402
ed96804f
EB		 1403static int test_aead_vec(const char *driver, int enc,
1404 const struct aead_testvec *vec, unsigned int vec_num,
1405 struct aead_request *req,
1406 struct cipher_test_sglists *tsgls)
1407{
1408 unsigned int i;
1409 int err;
da7f033d 1410
ed96804f
EB		 1411 if (enc && vec->novrfy)
1412 return 0;
da7f033d 1413
ed96804f
EB		 1414 for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) {
1415 err = test_aead_vec_cfg(driver, enc, vec, vec_num,
1416 &default_cipher_testvec_configs[i],
1417 req, tsgls);
1418 if (err)
1419 return err;
1420 }
da7f033d 1421
ed96804f
EB		 1422#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
1423 if (!noextratests) {
1424 struct testvec_config cfg;
1425 char cfgname[TESTVEC_CONFIG_NAMELEN];
05b1d338 1426
ed96804f
EB		 1427 for (i = 0; i < fuzz_iterations; i++) {
1428 generate_random_testvec_config(&cfg, cfgname,
1429 sizeof(cfgname));
1430 err = test_aead_vec_cfg(driver, enc, vec, vec_num,
1431 &cfg, req, tsgls);
1432 if (err)
1433 return err;
da7f033d
HX		 1434 }
1435 }
ed96804f
EB		 1436#endif
1437 return 0;
1438}
da7f033d 1439
ed96804f
EB		 1440static int test_aead(const char *driver, int enc,
1441 const struct aead_test_suite *suite,
1442 struct aead_request *req,
1443 struct cipher_test_sglists *tsgls)
1444{
1445 unsigned int i;
1446 int err;
da7f033d 1447
ed96804f
EB		 1448 for (i = 0; i < suite->count; i++) {
1449 err = test_aead_vec(driver, enc, &suite->vecs[i], i, req,
1450 tsgls);
1451 if (err)
1452 return err;
1453 }
1454 return 0;
da7f033d
HX		 1455}
1456
ed96804f
EB		 1457static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
1458 u32 type, u32 mask)
d8a32ac2 1459{
ed96804f
EB		 1460 const struct aead_test_suite *suite = &desc->suite.aead;
1461 struct crypto_aead *tfm;
1462 struct aead_request *req = NULL;
1463 struct cipher_test_sglists *tsgls = NULL;
1464 int err;
d8a32ac2 1465
ed96804f
EB		 1466 if (suite->count <= 0) {
1467 pr_err("alg: aead: empty test suite for %s\n", driver);
1468 return -EINVAL;
1469 }
d8a32ac2 1470
ed96804f
EB		 1471 tfm = crypto_alloc_aead(driver, type, mask);
1472 if (IS_ERR(tfm)) {
1473 pr_err("alg: aead: failed to allocate transform for %s: %ld\n",
1474 driver, PTR_ERR(tfm));
1475 return PTR_ERR(tfm);
1476 }
58dcf548 1477
ed96804f
EB		 1478 req = aead_request_alloc(tfm, GFP_KERNEL);
1479 if (!req) {
1480 pr_err("alg: aead: failed to allocate request for %s\n",
1481 driver);
1482 err = -ENOMEM;
1483 goto out;
1484 }
58dcf548 1485
ed96804f
EB		 1486 tsgls = alloc_cipher_test_sglists();
1487 if (!tsgls) {
1488 pr_err("alg: aead: failed to allocate test buffers for %s\n",
1489 driver);
1490 err = -ENOMEM;
1491 goto out;
58dcf548
JK		 1492 }
1493
ed96804f
EB		 1494 err = test_aead(driver, ENCRYPT, suite, req, tsgls);
1495 if (err)
1496 goto out;
1497
1498 err = test_aead(driver, DECRYPT, suite, req, tsgls);
1499out:
1500 free_cipher_test_sglists(tsgls);
1501 aead_request_free(req);
1502 crypto_free_aead(tfm);
1503 return err;
d8a32ac2
JK		 1504}
1505
1aa4ecd9 1506static int test_cipher(struct crypto_cipher *tfm, int enc,
b13b1e0c
EB		 1507 const struct cipher_testvec *template,
1508 unsigned int tcount)
1aa4ecd9
HX		 1509{
1510 const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm));
1511 unsigned int i, j, k;
1aa4ecd9
HX		 1512 char *q;
1513 const char *e;
92a4c9fe 1514 const char *input, *result;
1aa4ecd9 1515 void *data;
f8b0d4d0
HX		 1516 char *xbuf[XBUFSIZE];
1517 int ret = -ENOMEM;
1518
1519 if (testmgr_alloc_buf(xbuf))
1520 goto out_nobuf;
1aa4ecd9
HX		 1521
1522 if (enc == ENCRYPT)
1523 e = "encryption";
1524 else
1525 e = "decryption";
1526
1527 j = 0;
1528 for (i = 0; i < tcount; i++) {
1aa4ecd9 1529
10faa8c0
SM		 1530 if (fips_enabled && template[i].fips_skip)
1531 continue;
1532
92a4c9fe
EB		 1533 input = enc ? template[i].ptext : template[i].ctext;
1534 result = enc ? template[i].ctext : template[i].ptext;
1aa4ecd9
HX		 1535 j++;
1536
fd57f22a 1537 ret = -EINVAL;
92a4c9fe 1538 if (WARN_ON(template[i].len > PAGE_SIZE))
fd57f22a
HX		 1539 goto out;
1540
1aa4ecd9 1541 data = xbuf[0];
92a4c9fe 1542 memcpy(data, input, template[i].len);
1aa4ecd9
HX		 1543
1544 crypto_cipher_clear_flags(tfm, ~0);
1545 if (template[i].wk)
231baecd 1546 crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
1aa4ecd9
HX		 1547
1548 ret = crypto_cipher_setkey(tfm, template[i].key,
1549 template[i].klen);
0fae0c1e 1550 if (template[i].fail == !ret) {
1aa4ecd9
HX		 1551 printk(KERN_ERR "alg: cipher: setkey failed "
1552 "on test %d for %s: flags=%x\n", j,
1553 algo, crypto_cipher_get_flags(tfm));
1554 goto out;
1555 } else if (ret)
1556 continue;
1557
92a4c9fe 1558 for (k = 0; k < template[i].len;
1aa4ecd9
HX		 1559 k += crypto_cipher_blocksize(tfm)) {
1560 if (enc)
1561 crypto_cipher_encrypt_one(tfm, data + k,
1562 data + k);
1563 else
1564 crypto_cipher_decrypt_one(tfm, data + k,
1565 data + k);
1566 }
1567
1568 q = data;
92a4c9fe 1569 if (memcmp(q, result, template[i].len)) {
1aa4ecd9
HX		 1570 printk(KERN_ERR "alg: cipher: Test %d failed "
1571 "on %s for %s\n", j, e, algo);
92a4c9fe 1572 hexdump(q, template[i].len);
1aa4ecd9
HX		 1573 ret = -EINVAL;
1574 goto out;
1575 }
1576 }
1577
1578 ret = 0;
1579
1580out:
f8b0d4d0
HX		 1581 testmgr_free_buf(xbuf);
1582out_nobuf:
1aa4ecd9
HX		 1583 return ret;
1584}
1585
4e7babba
EB		 1586static int test_skcipher_vec_cfg(const char *driver, int enc,
1587 const struct cipher_testvec *vec,
1588 unsigned int vec_num,
1589 const struct testvec_config *cfg,
1590 struct skcipher_request *req,
1591 struct cipher_test_sglists *tsgls)
da7f033d 1592{
4e7babba
EB		 1593 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
1594 const unsigned int alignmask = crypto_skcipher_alignmask(tfm);
1595 const unsigned int ivsize = crypto_skcipher_ivsize(tfm);
1596 const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags;
1597 const char *op = enc ? "encryption" : "decryption";
1598 DECLARE_CRYPTO_WAIT(wait);
1599 u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN];
1600 u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) +
1601 cfg->iv_offset +
1602 (cfg->iv_offset_relative_to_alignmask ? alignmask : 0);
1603 struct kvec input;
1604 int err;
08d6af8c 1605
4e7babba
EB		 1606 /* Set the key */
1607 if (vec->wk)
1608 crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
da7f033d 1609 else
4e7babba
EB		 1610 crypto_skcipher_clear_flags(tfm,
1611 CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
1612 err = crypto_skcipher_setkey(tfm, vec->key, vec->klen);
1613 if (err) {
1614 if (vec->fail) /* expectedly failed to set key? */
1615 return 0;
1616 pr_err("alg: skcipher: %s setkey failed with err %d on test vector %u; flags=%#x\n",
1617 driver, err, vec_num, crypto_skcipher_get_flags(tfm));
1618 return err;
1619 }
1620 if (vec->fail) {
1621 pr_err("alg: skcipher: %s setkey unexpectedly succeeded on test vector %u\n",
1622 driver, vec_num);
1623 return -EINVAL;
da7f033d
HX		 1624 }
1625
4e7babba
EB		 1626 /* The IV must be copied to a buffer, as the algorithm may modify it */
1627 if (ivsize) {
1628 if (WARN_ON(ivsize > MAX_IVLEN))
1629 return -EINVAL;
8efd972e
EB		 1630 if (vec->generates_iv && !enc)
1631 memcpy(iv, vec->iv_out, ivsize);
1632 else if (vec->iv)
4e7babba 1633 memcpy(iv, vec->iv, ivsize);
da7f033d 1634 else
4e7babba
EB		 1635 memset(iv, 0, ivsize);
1636 } else {
1637 if (vec->generates_iv) {
1638 pr_err("alg: skcipher: %s has ivsize=0 but test vector %u generates IV!\n",
1639 driver, vec_num);
1640 return -EINVAL;
8a826a34 1641 }
4e7babba 1642 iv = NULL;
da7f033d
HX		 1643 }
1644
4e7babba
EB		 1645 /* Build the src/dst scatterlists */
1646 input.iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext;
1647 input.iov_len = vec->len;
1648 err = build_cipher_test_sglists(tsgls, cfg, alignmask,
1649 vec->len, vec->len, &input, 1);
1650 if (err) {
1651 pr_err("alg: skcipher: %s %s: error preparing scatterlists for test vector %u, cfg=\"%s\"\n",
1652 driver, op, vec_num, cfg->name);
1653 return err;
1654 }
da7f033d 1655
4e7babba
EB		 1656 /* Do the actual encryption or decryption */
1657 testmgr_poison(req->__ctx, crypto_skcipher_reqsize(tfm));
1658 skcipher_request_set_callback(req, req_flags, crypto_req_done, &wait);
1659 skcipher_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr,
1660 vec->len, iv);
6570737c
EB		 1661 if (cfg->nosimd)
1662 crypto_disable_simd_for_test();
1663 err = enc ? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req);
1664 if (cfg->nosimd)
1665 crypto_reenable_simd_for_test();
1666 err = crypto_wait_req(err, &wait);
4e7babba
EB		 1667 if (err) {
1668 pr_err("alg: skcipher: %s %s failed with err %d on test vector %u, cfg=\"%s\"\n",
1669 driver, op, err, vec_num, cfg->name);
1670 return err;
1671 }
da7f033d 1672
fa353c99
EB		 1673 /* Check that the algorithm didn't overwrite things it shouldn't have */
1674 if (req->cryptlen != vec->len ||
1675 req->iv != iv ||
1676 req->src != tsgls->src.sgl_ptr ||
1677 req->dst != tsgls->dst.sgl_ptr ||
1678 crypto_skcipher_reqtfm(req) != tfm ||
1679 req->base.complete != crypto_req_done ||
1680 req->base.flags != req_flags ||
1681 req->base.data != &wait) {
1682 pr_err("alg: skcipher: %s %s corrupted request struct on test vector %u, cfg=\"%s\"\n",
1683 driver, op, vec_num, cfg->name);
1684 if (req->cryptlen != vec->len)
1685 pr_err("alg: skcipher: changed 'req->cryptlen'\n");
1686 if (req->iv != iv)
1687 pr_err("alg: skcipher: changed 'req->iv'\n");
1688 if (req->src != tsgls->src.sgl_ptr)
1689 pr_err("alg: skcipher: changed 'req->src'\n");
1690 if (req->dst != tsgls->dst.sgl_ptr)
1691 pr_err("alg: skcipher: changed 'req->dst'\n");
1692 if (crypto_skcipher_reqtfm(req) != tfm)
1693 pr_err("alg: skcipher: changed 'req->base.tfm'\n");
1694 if (req->base.complete != crypto_req_done)
1695 pr_err("alg: skcipher: changed 'req->base.complete'\n");
1696 if (req->base.flags != req_flags)
1697 pr_err("alg: skcipher: changed 'req->base.flags'\n");
1698 if (req->base.data != &wait)
1699 pr_err("alg: skcipher: changed 'req->base.data'\n");
1700 return -EINVAL;
1701 }
1702 if (is_test_sglist_corrupted(&tsgls->src)) {
1703 pr_err("alg: skcipher: %s %s corrupted src sgl on test vector %u, cfg=\"%s\"\n",
1704 driver, op, vec_num, cfg->name);
1705 return -EINVAL;
1706 }
1707 if (tsgls->dst.sgl_ptr != tsgls->src.sgl &&
1708 is_test_sglist_corrupted(&tsgls->dst)) {
1709 pr_err("alg: skcipher: %s %s corrupted dst sgl on test vector %u, cfg=\"%s\"\n",
1710 driver, op, vec_num, cfg->name);
1711 return -EINVAL;
1712 }
1713
4e7babba
EB		 1714 /* Check for the correct output (ciphertext or plaintext) */
1715 err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext,
1716 vec->len, 0, true);
1717 if (err == -EOVERFLOW) {
1718 pr_err("alg: skcipher: %s %s overran dst buffer on test vector %u, cfg=\"%s\"\n",
1719 driver, op, vec_num, cfg->name);
1720 return err;
1721 }
1722 if (err) {
1723 pr_err("alg: skcipher: %s %s test failed (wrong result) on test vector %u, cfg=\"%s\"\n",
1724 driver, op, vec_num, cfg->name);
1725 return err;
1726 }
08d6af8c 1727
4e7babba 1728 /* If applicable, check that the algorithm generated the correct IV */
8efd972e 1729 if (vec->iv_out && memcmp(iv, vec->iv_out, ivsize) != 0) {
4e7babba
EB		 1730 pr_err("alg: skcipher: %s %s test failed (wrong output IV) on test vector %u, cfg=\"%s\"\n",
1731 driver, op, vec_num, cfg->name);
1732 hexdump(iv, ivsize);
1733 return -EINVAL;
1734 }
08d6af8c 1735
4e7babba
EB		 1736 return 0;
1737}
da7f033d 1738
4e7babba
EB		 1739static int test_skcipher_vec(const char *driver, int enc,
1740 const struct cipher_testvec *vec,
1741 unsigned int vec_num,
1742 struct skcipher_request *req,
1743 struct cipher_test_sglists *tsgls)
1744{
1745 unsigned int i;
1746 int err;
da7f033d 1747
4e7babba
EB		 1748 if (fips_enabled && vec->fips_skip)
1749 return 0;
da7f033d 1750
4e7babba
EB		 1751 for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) {
1752 err = test_skcipher_vec_cfg(driver, enc, vec, vec_num,
1753 &default_cipher_testvec_configs[i],
1754 req, tsgls);
1755 if (err)
1756 return err;
1757 }
da7f033d 1758
4e7babba
EB		 1759#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
1760 if (!noextratests) {
1761 struct testvec_config cfg;
1762 char cfgname[TESTVEC_CONFIG_NAMELEN];
1763
1764 for (i = 0; i < fuzz_iterations; i++) {
1765 generate_random_testvec_config(&cfg, cfgname,
1766 sizeof(cfgname));
1767 err = test_skcipher_vec_cfg(driver, enc, vec, vec_num,
1768 &cfg, req, tsgls);
1769 if (err)
1770 return err;
da7f033d
HX		 1771 }
1772 }
4e7babba
EB		 1773#endif
1774 return 0;
1775}
da7f033d 1776
4e7babba
EB		 1777static int test_skcipher(const char *driver, int enc,
1778 const struct cipher_test_suite *suite,
1779 struct skcipher_request *req,
1780 struct cipher_test_sglists *tsgls)
1781{
1782 unsigned int i;
1783 int err;
da7f033d 1784
4e7babba
EB		 1785 for (i = 0; i < suite->count; i++) {
1786 err = test_skcipher_vec(driver, enc, &suite->vecs[i], i, req,
1787 tsgls);
1788 if (err)
1789 return err;
1790 }
1791 return 0;
da7f033d
HX		 1792}
1793
4e7babba
EB		 1794static int alg_test_skcipher(const struct alg_test_desc *desc,
1795 const char *driver, u32 type, u32 mask)
08d6af8c 1796{
4e7babba
EB		 1797 const struct cipher_test_suite *suite = &desc->suite.cipher;
1798 struct crypto_skcipher *tfm;
1799 struct skcipher_request *req = NULL;
1800 struct cipher_test_sglists *tsgls = NULL;
1801 int err;
08d6af8c 1802
4e7babba
EB		 1803 if (suite->count <= 0) {
1804 pr_err("alg: skcipher: empty test suite for %s\n", driver);
1805 return -EINVAL;
1806 }
08d6af8c 1807
4e7babba
EB		 1808 tfm = crypto_alloc_skcipher(driver, type, mask);
1809 if (IS_ERR(tfm)) {
1810 pr_err("alg: skcipher: failed to allocate transform for %s: %ld\n",
1811 driver, PTR_ERR(tfm));
1812 return PTR_ERR(tfm);
1813 }
3a338f20 1814
4e7babba
EB		 1815 req = skcipher_request_alloc(tfm, GFP_KERNEL);
1816 if (!req) {
1817 pr_err("alg: skcipher: failed to allocate request for %s\n",
1818 driver);
1819 err = -ENOMEM;
1820 goto out;
1821 }
3a338f20 1822
4e7babba
EB		 1823 tsgls = alloc_cipher_test_sglists();
1824 if (!tsgls) {
1825 pr_err("alg: skcipher: failed to allocate test buffers for %s\n",
1826 driver);
1827 err = -ENOMEM;
1828 goto out;
3a338f20
JK		 1829 }
1830
4e7babba
EB		 1831 err = test_skcipher(driver, ENCRYPT, suite, req, tsgls);
1832 if (err)
1833 goto out;
1834
1835 err = test_skcipher(driver, DECRYPT, suite, req, tsgls);
1836out:
1837 free_cipher_test_sglists(tsgls);
1838 skcipher_request_free(req);
1839 crypto_free_skcipher(tfm);
1840 return err;
08d6af8c
JK		 1841}
1842
b13b1e0c
EB		 1843static int test_comp(struct crypto_comp *tfm,
1844 const struct comp_testvec *ctemplate,
1845 const struct comp_testvec *dtemplate,
1846 int ctcount, int dtcount)
da7f033d
HX		 1847{
1848 const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm));
33607384 1849 char *output, *decomp_output;
da7f033d 1850 unsigned int i;
da7f033d
HX		 1851 int ret;
1852
33607384
MC		 1853 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1854 if (!output)
1855 return -ENOMEM;
1856
1857 decomp_output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1858 if (!decomp_output) {
1859 kfree(output);
1860 return -ENOMEM;
1861 }
1862
da7f033d 1863 for (i = 0; i < ctcount; i++) {
c79cf910
GU		 1864 int ilen;
1865 unsigned int dlen = COMP_BUF_SIZE;
da7f033d 1866
22a8118d
MS		 1867 memset(output, 0, COMP_BUF_SIZE);
1868 memset(decomp_output, 0, COMP_BUF_SIZE);
da7f033d
HX		 1869
1870 ilen = ctemplate[i].inlen;
1871 ret = crypto_comp_compress(tfm, ctemplate[i].input,
33607384 1872 ilen, output, &dlen);
da7f033d
HX		 1873 if (ret) {
1874 printk(KERN_ERR "alg: comp: compression failed "
1875 "on test %d for %s: ret=%d\n", i + 1, algo,
1876 -ret);
1877 goto out;
1878 }
1879
33607384
MC		 1880 ilen = dlen;
1881 dlen = COMP_BUF_SIZE;
1882 ret = crypto_comp_decompress(tfm, output,
1883 ilen, decomp_output, &dlen);
1884 if (ret) {
1885 pr_err("alg: comp: compression failed: decompress: on test %d for %s failed: ret=%d\n",
1886 i + 1, algo, -ret);
1887 goto out;
1888 }
1889
1890 if (dlen != ctemplate[i].inlen) {
b812eb00
GU		 1891 printk(KERN_ERR "alg: comp: Compression test %d "
1892 "failed for %s: output len = %d\n", i + 1, algo,
1893 dlen);
1894 ret = -EINVAL;
1895 goto out;
1896 }
1897
33607384
MC		 1898 if (memcmp(decomp_output, ctemplate[i].input,
1899 ctemplate[i].inlen)) {
1900 pr_err("alg: comp: compression failed: output differs: on test %d for %s\n",
1901 i + 1, algo);
1902 hexdump(decomp_output, dlen);
da7f033d
HX		 1903 ret = -EINVAL;
1904 goto out;
1905 }
1906 }
1907
1908 for (i = 0; i < dtcount; i++) {
c79cf910
GU		 1909 int ilen;
1910 unsigned int dlen = COMP_BUF_SIZE;
da7f033d 1911
22a8118d 1912 memset(decomp_output, 0, COMP_BUF_SIZE);
da7f033d
HX		 1913
1914 ilen = dtemplate[i].inlen;
1915 ret = crypto_comp_decompress(tfm, dtemplate[i].input,
33607384 1916 ilen, decomp_output, &dlen);
da7f033d
HX		 1917 if (ret) {
1918 printk(KERN_ERR "alg: comp: decompression failed "
1919 "on test %d for %s: ret=%d\n", i + 1, algo,
1920 -ret);
1921 goto out;
1922 }
1923
b812eb00
GU		 1924 if (dlen != dtemplate[i].outlen) {
1925 printk(KERN_ERR "alg: comp: Decompression test %d "
1926 "failed for %s: output len = %d\n", i + 1, algo,
1927 dlen);
1928 ret = -EINVAL;
1929 goto out;
1930 }
1931
33607384 1932 if (memcmp(decomp_output, dtemplate[i].output, dlen)) {
da7f033d
HX		 1933 printk(KERN_ERR "alg: comp: Decompression test %d "
1934 "failed for %s\n", i + 1, algo);
33607384 1935 hexdump(decomp_output, dlen);
da7f033d
HX		 1936 ret = -EINVAL;
1937 goto out;
1938 }
1939 }
1940
1941 ret = 0;
1942
1943out:
33607384
MC		 1944 kfree(decomp_output);
1945 kfree(output);
da7f033d
HX		 1946 return ret;
1947}
1948
b13b1e0c 1949static int test_acomp(struct crypto_acomp *tfm,
33607384 1950 const struct comp_testvec *ctemplate,
b13b1e0c
EB		 1951 const struct comp_testvec *dtemplate,
1952 int ctcount, int dtcount)
d7db7a88
GC		 1953{
1954 const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm));
1955 unsigned int i;
a9943a0a 1956 char *output, *decomp_out;
d7db7a88
GC		 1957 int ret;
1958 struct scatterlist src, dst;
1959 struct acomp_req *req;
7f397136 1960 struct crypto_wait wait;
d7db7a88 1961
eb095593
EB		 1962 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1963 if (!output)
1964 return -ENOMEM;
1965
a9943a0a
GC		 1966 decomp_out = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1967 if (!decomp_out) {
1968 kfree(output);
1969 return -ENOMEM;
1970 }
1971
d7db7a88
GC		 1972 for (i = 0; i < ctcount; i++) {
1973 unsigned int dlen = COMP_BUF_SIZE;
1974 int ilen = ctemplate[i].inlen;
02608e02 1975 void *input_vec;
d7db7a88 1976
d2110224 1977 input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL);
02608e02
LA		 1978 if (!input_vec) {
1979 ret = -ENOMEM;
1980 goto out;
1981 }
1982
eb095593 1983 memset(output, 0, dlen);
7f397136 1984 crypto_init_wait(&wait);
02608e02 1985 sg_init_one(&src, input_vec, ilen);
d7db7a88
GC		 1986 sg_init_one(&dst, output, dlen);
1987
1988 req = acomp_request_alloc(tfm);
1989 if (!req) {
1990 pr_err("alg: acomp: request alloc failed for %s\n",
1991 algo);
02608e02 1992 kfree(input_vec);
d7db7a88
GC		 1993 ret = -ENOMEM;
1994 goto out;
1995 }
1996
1997 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1998 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
7f397136 1999 crypto_req_done, &wait);
d7db7a88 2000
7f397136 2001 ret = crypto_wait_req(crypto_acomp_compress(req), &wait);
d7db7a88
GC		 2002 if (ret) {
2003 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
2004 i + 1, algo, -ret);
02608e02 2005 kfree(input_vec);
d7db7a88
GC		 2006 acomp_request_free(req);
2007 goto out;
2008 }
2009
a9943a0a
GC		 2010 ilen = req->dlen;
2011 dlen = COMP_BUF_SIZE;
2012 sg_init_one(&src, output, ilen);
2013 sg_init_one(&dst, decomp_out, dlen);
7f397136 2014 crypto_init_wait(&wait);
a9943a0a
GC		 2015 acomp_request_set_params(req, &src, &dst, ilen, dlen);
2016
7f397136 2017 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait);
a9943a0a
GC		 2018 if (ret) {
2019 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
2020 i + 1, algo, -ret);
2021 kfree(input_vec);
2022 acomp_request_free(req);
2023 goto out;
2024 }
2025
2026 if (req->dlen != ctemplate[i].inlen) {
d7db7a88
GC		 2027 pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n",
2028 i + 1, algo, req->dlen);
2029 ret = -EINVAL;
02608e02 2030 kfree(input_vec);
d7db7a88
GC		 2031 acomp_request_free(req);
2032 goto out;
2033 }
2034
a9943a0a 2035 if (memcmp(input_vec, decomp_out, req->dlen)) {
d7db7a88
GC		 2036 pr_err("alg: acomp: Compression test %d failed for %s\n",
2037 i + 1, algo);
2038 hexdump(output, req->dlen);
2039 ret = -EINVAL;
02608e02 2040 kfree(input_vec);
d7db7a88
GC		 2041 acomp_request_free(req);
2042 goto out;
2043 }
2044
02608e02 2045 kfree(input_vec);
d7db7a88
GC		 2046 acomp_request_free(req);
2047 }
2048
2049 for (i = 0; i < dtcount; i++) {
2050 unsigned int dlen = COMP_BUF_SIZE;
2051 int ilen = dtemplate[i].inlen;
02608e02
LA		 2052 void *input_vec;
2053
d2110224 2054 input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL);
02608e02
LA		 2055 if (!input_vec) {
2056 ret = -ENOMEM;
2057 goto out;
2058 }
d7db7a88 2059
eb095593 2060 memset(output, 0, dlen);
7f397136 2061 crypto_init_wait(&wait);
02608e02 2062 sg_init_one(&src, input_vec, ilen);
d7db7a88
GC		 2063 sg_init_one(&dst, output, dlen);
2064
2065 req = acomp_request_alloc(tfm);
2066 if (!req) {
2067 pr_err("alg: acomp: request alloc failed for %s\n",
2068 algo);
02608e02 2069 kfree(input_vec);
d7db7a88
GC		 2070 ret = -ENOMEM;
2071 goto out;
2072 }
2073
2074 acomp_request_set_params(req, &src, &dst, ilen, dlen);
2075 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
7f397136 2076 crypto_req_done, &wait);
d7db7a88 2077
7f397136 2078 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait);
d7db7a88
GC		 2079 if (ret) {
2080 pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n",
2081 i + 1, algo, -ret);
02608e02 2082 kfree(input_vec);
d7db7a88
GC		 2083 acomp_request_free(req);
2084 goto out;
2085 }
2086
2087 if (req->dlen != dtemplate[i].outlen) {
2088 pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n",
2089 i + 1, algo, req->dlen);
2090 ret = -EINVAL;
02608e02 2091 kfree(input_vec);
d7db7a88
GC		 2092 acomp_request_free(req);
2093 goto out;
2094 }
2095
2096 if (memcmp(output, dtemplate[i].output, req->dlen)) {
2097 pr_err("alg: acomp: Decompression test %d failed for %s\n",
2098 i + 1, algo);
2099 hexdump(output, req->dlen);
2100 ret = -EINVAL;
02608e02 2101 kfree(input_vec);
d7db7a88
GC		 2102 acomp_request_free(req);
2103 goto out;
2104 }
2105
02608e02 2106 kfree(input_vec);
d7db7a88
GC		 2107 acomp_request_free(req);
2108 }
2109
2110 ret = 0;
2111
2112out:
a9943a0a 2113 kfree(decomp_out);
eb095593 2114 kfree(output);
d7db7a88
GC		 2115 return ret;
2116}
2117
b13b1e0c
EB		 2118static int test_cprng(struct crypto_rng *tfm,
2119 const struct cprng_testvec *template,
7647d6ce
JW		 2120 unsigned int tcount)
2121{
2122 const char *algo = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm));
fa4ef8a6 2123 int err = 0, i, j, seedsize;
7647d6ce
JW		 2124 u8 *seed;
2125 char result[32];
2126
2127 seedsize = crypto_rng_seedsize(tfm);
2128
2129 seed = kmalloc(seedsize, GFP_KERNEL);
2130 if (!seed) {
2131 printk(KERN_ERR "alg: cprng: Failed to allocate seed space "
2132 "for %s\n", algo);
2133 return -ENOMEM;
2134 }
2135
2136 for (i = 0; i < tcount; i++) {
2137 memset(result, 0, 32);
2138
2139 memcpy(seed, template[i].v, template[i].vlen);
2140 memcpy(seed + template[i].vlen, template[i].key,
2141 template[i].klen);
2142 memcpy(seed + template[i].vlen + template[i].klen,
2143 template[i].dt, template[i].dtlen);
2144
2145 err = crypto_rng_reset(tfm, seed, seedsize);
2146 if (err) {
2147 printk(KERN_ERR "alg: cprng: Failed to reset rng "
2148 "for %s\n", algo);
2149 goto out;
2150 }
2151
2152 for (j = 0; j < template[i].loops; j++) {
2153 err = crypto_rng_get_bytes(tfm, result,
2154 template[i].rlen);
19e60e13 2155 if (err < 0) {
7647d6ce
JW		 2156 printk(KERN_ERR "alg: cprng: Failed to obtain "
2157 "the correct amount of random data for "
19e60e13
SM		 2158 "%s (requested %d)\n", algo,
2159 template[i].rlen);
7647d6ce
JW		 2160 goto out;
2161 }
2162 }
2163
2164 err = memcmp(result, template[i].result,
2165 template[i].rlen);
2166 if (err) {
2167 printk(KERN_ERR "alg: cprng: Test %d failed for %s\n",
2168 i, algo);
2169 hexdump(result, template[i].rlen);
2170 err = -EINVAL;
2171 goto out;
2172 }
2173 }
2174
2175out:
2176 kfree(seed);
2177 return err;
2178}
2179
da7f033d
HX		 2180static int alg_test_cipher(const struct alg_test_desc *desc,
2181 const char *driver, u32 type, u32 mask)
2182{
92a4c9fe 2183 const struct cipher_test_suite *suite = &desc->suite.cipher;
1aa4ecd9 2184 struct crypto_cipher *tfm;
92a4c9fe 2185 int err;
da7f033d 2186
eed93e0c 2187 tfm = crypto_alloc_cipher(driver, type, mask);
da7f033d
HX		 2188 if (IS_ERR(tfm)) {
2189 printk(KERN_ERR "alg: cipher: Failed to load transform for "
2190 "%s: %ld\n", driver, PTR_ERR(tfm));
2191 return PTR_ERR(tfm);
2192 }
2193
92a4c9fe
EB		 2194 err = test_cipher(tfm, ENCRYPT, suite->vecs, suite->count);
2195 if (!err)
2196 err = test_cipher(tfm, DECRYPT, suite->vecs, suite->count);
da7f033d 2197
1aa4ecd9
HX		 2198 crypto_free_cipher(tfm);
2199 return err;
2200}
2201
da7f033d
HX		 2202static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
2203 u32 type, u32 mask)
2204{
d7db7a88
GC		 2205 struct crypto_comp *comp;
2206 struct crypto_acomp *acomp;
da7f033d 2207 int err;
d7db7a88
GC		 2208 u32 algo_type = type & CRYPTO_ALG_TYPE_ACOMPRESS_MASK;
2209
2210 if (algo_type == CRYPTO_ALG_TYPE_ACOMPRESS) {
2211 acomp = crypto_alloc_acomp(driver, type, mask);
2212 if (IS_ERR(acomp)) {
2213 pr_err("alg: acomp: Failed to load transform for %s: %ld\n",
2214 driver, PTR_ERR(acomp));
2215 return PTR_ERR(acomp);
2216 }
2217 err = test_acomp(acomp, desc->suite.comp.comp.vecs,
2218 desc->suite.comp.decomp.vecs,
2219 desc->suite.comp.comp.count,
2220 desc->suite.comp.decomp.count);
2221 crypto_free_acomp(acomp);
2222 } else {
2223 comp = crypto_alloc_comp(driver, type, mask);
2224 if (IS_ERR(comp)) {
2225 pr_err("alg: comp: Failed to load transform for %s: %ld\n",
2226 driver, PTR_ERR(comp));
2227 return PTR_ERR(comp);
2228 }
da7f033d 2229
d7db7a88
GC		 2230 err = test_comp(comp, desc->suite.comp.comp.vecs,
2231 desc->suite.comp.decomp.vecs,
2232 desc->suite.comp.comp.count,
2233 desc->suite.comp.decomp.count);
da7f033d 2234
d7db7a88
GC		 2235 crypto_free_comp(comp);
2236 }
da7f033d
HX		 2237 return err;
2238}
2239
8e3ee85e
HX		 2240static int alg_test_crc32c(const struct alg_test_desc *desc,
2241 const char *driver, u32 type, u32 mask)
2242{
2243 struct crypto_shash *tfm;
cb9dde88 2244 __le32 val;
8e3ee85e
HX		 2245 int err;
2246
2247 err = alg_test_hash(desc, driver, type, mask);
2248 if (err)
eb5e6730 2249 return err;
8e3ee85e 2250
eed93e0c 2251 tfm = crypto_alloc_shash(driver, type, mask);
8e3ee85e 2252 if (IS_ERR(tfm)) {
eb5e6730
EB		 2253 if (PTR_ERR(tfm) == -ENOENT) {
2254 /*
2255 * This crc32c implementation is only available through
2256 * ahash API, not the shash API, so the remaining part
2257 * of the test is not applicable to it.
2258 */
2259 return 0;
2260 }
8e3ee85e
HX		 2261 printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: "
2262 "%ld\n", driver, PTR_ERR(tfm));
eb5e6730 2263 return PTR_ERR(tfm);
8e3ee85e
HX		 2264 }
2265
2266 do {
4c5c3024
JSM		 2267 SHASH_DESC_ON_STACK(shash, tfm);
2268 u32 *ctx = (u32 *)shash_desc_ctx(shash);
8e3ee85e 2269
4c5c3024
JSM		 2270 shash->tfm = tfm;
2271 shash->flags = 0;
8e3ee85e 2272
cb9dde88 2273 *ctx = 420553207;
4c5c3024 2274 err = crypto_shash_final(shash, (u8 *)&val);
8e3ee85e
HX		 2275 if (err) {
2276 printk(KERN_ERR "alg: crc32c: Operation failed for "
2277 "%s: %d\n", driver, err);
2278 break;
2279 }
2280
cb9dde88
EB		 2281 if (val != cpu_to_le32(~420553207)) {
2282 pr_err("alg: crc32c: Test failed for %s: %u\n",
2283 driver, le32_to_cpu(val));
8e3ee85e
HX		 2284 err = -EINVAL;
2285 }
2286 } while (0);
2287
2288 crypto_free_shash(tfm);
2289
8e3ee85e
HX		 2290 return err;
2291}
2292
7647d6ce
JW		 2293static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver,
2294 u32 type, u32 mask)
2295{
2296 struct crypto_rng *rng;
2297 int err;
2298
eed93e0c 2299 rng = crypto_alloc_rng(driver, type, mask);
7647d6ce
JW		 2300 if (IS_ERR(rng)) {
2301 printk(KERN_ERR "alg: cprng: Failed to load transform for %s: "
2302 "%ld\n", driver, PTR_ERR(rng));
2303 return PTR_ERR(rng);
2304 }
2305
2306 err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count);
2307
2308 crypto_free_rng(rng);
2309
2310 return err;
2311}
2312
64d1cdfb 2313
b13b1e0c 2314static int drbg_cavs_test(const struct drbg_testvec *test, int pr,
64d1cdfb
SM		 2315 const char *driver, u32 type, u32 mask)
2316{
2317 int ret = -EAGAIN;
2318 struct crypto_rng *drng;
2319 struct drbg_test_data test_data;
2320 struct drbg_string addtl, pers, testentropy;
2321 unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL);
2322
2323 if (!buf)
2324 return -ENOMEM;
2325
eed93e0c 2326 drng = crypto_alloc_rng(driver, type, mask);
64d1cdfb 2327 if (IS_ERR(drng)) {
2fc0d258 2328 printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for "
64d1cdfb
SM		 2329 "%s\n", driver);
2330 kzfree(buf);
2331 return -ENOMEM;
2332 }
2333
2334 test_data.testentropy = &testentropy;
2335 drbg_string_fill(&testentropy, test->entropy, test->entropylen);
2336 drbg_string_fill(&pers, test->pers, test->perslen);
2337 ret = crypto_drbg_reset_test(drng, &pers, &test_data);
2338 if (ret) {
2339 printk(KERN_ERR "alg: drbg: Failed to reset rng\n");
2340 goto outbuf;
2341 }
2342
2343 drbg_string_fill(&addtl, test->addtla, test->addtllen);
2344 if (pr) {
2345 drbg_string_fill(&testentropy, test->entpra, test->entprlen);
2346 ret = crypto_drbg_get_bytes_addtl_test(drng,
2347 buf, test->expectedlen, &addtl, &test_data);
2348 } else {
2349 ret = crypto_drbg_get_bytes_addtl(drng,
2350 buf, test->expectedlen, &addtl);
2351 }
19e60e13 2352 if (ret < 0) {
2fc0d258 2353 printk(KERN_ERR "alg: drbg: could not obtain random data for "
64d1cdfb
SM		 2354 "driver %s\n", driver);
2355 goto outbuf;
2356 }
2357
2358 drbg_string_fill(&addtl, test->addtlb, test->addtllen);
2359 if (pr) {
2360 drbg_string_fill(&testentropy, test->entprb, test->entprlen);
2361 ret = crypto_drbg_get_bytes_addtl_test(drng,
2362 buf, test->expectedlen, &addtl, &test_data);
2363 } else {
2364 ret = crypto_drbg_get_bytes_addtl(drng,
2365 buf, test->expectedlen, &addtl);
2366 }
19e60e13 2367 if (ret < 0) {
2fc0d258 2368 printk(KERN_ERR "alg: drbg: could not obtain random data for "
64d1cdfb
SM		 2369 "driver %s\n", driver);
2370 goto outbuf;
2371 }
2372
2373 ret = memcmp(test->expected, buf, test->expectedlen);
2374
2375outbuf:
2376 crypto_free_rng(drng);
2377 kzfree(buf);
2378 return ret;
2379}
2380
2381
2382static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver,
2383 u32 type, u32 mask)
2384{
2385 int err = 0;
2386 int pr = 0;
2387 int i = 0;
b13b1e0c 2388 const struct drbg_testvec *template = desc->suite.drbg.vecs;
64d1cdfb
SM		 2389 unsigned int tcount = desc->suite.drbg.count;
2390
2391 if (0 == memcmp(driver, "drbg_pr_", 8))
2392 pr = 1;
2393
2394 for (i = 0; i < tcount; i++) {
2395 err = drbg_cavs_test(&template[i], pr, driver, type, mask);
2396 if (err) {
2397 printk(KERN_ERR "alg: drbg: Test %d failed for %s\n",
2398 i, driver);
2399 err = -EINVAL;
2400 break;
2401 }
2402 }
2403 return err;
2404
2405}
2406
b13b1e0c 2407static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,
802c7f1c
SB		 2408 const char *alg)
2409{
2410 struct kpp_request *req;
2411 void *input_buf = NULL;
2412 void *output_buf = NULL;
47d3fd39
TDA		 2413 void *a_public = NULL;
2414 void *a_ss = NULL;
2415 void *shared_secret = NULL;
7f397136 2416 struct crypto_wait wait;
802c7f1c
SB		 2417 unsigned int out_len_max;
2418 int err = -ENOMEM;
2419 struct scatterlist src, dst;
2420
2421 req = kpp_request_alloc(tfm, GFP_KERNEL);
2422 if (!req)
2423 return err;
2424
7f397136 2425 crypto_init_wait(&wait);
802c7f1c
SB		 2426
2427 err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size);
2428 if (err < 0)
2429 goto free_req;
2430
2431 out_len_max = crypto_kpp_maxsize(tfm);
2432 output_buf = kzalloc(out_len_max, GFP_KERNEL);
2433 if (!output_buf) {
2434 err = -ENOMEM;
2435 goto free_req;
2436 }
2437
2438 /* Use appropriate parameter as base */
2439 kpp_request_set_input(req, NULL, 0);
2440 sg_init_one(&dst, output_buf, out_len_max);
2441 kpp_request_set_output(req, &dst, out_len_max);
2442 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
7f397136 2443 crypto_req_done, &wait);
802c7f1c 2444
47d3fd39 2445 /* Compute party A's public key */
7f397136 2446 err = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait);
802c7f1c 2447 if (err) {
47d3fd39 2448 pr_err("alg: %s: Party A: generate public key test failed. err %d\n",
802c7f1c
SB		 2449 alg, err);
2450 goto free_output;
2451 }
47d3fd39
TDA		 2452
2453 if (vec->genkey) {
2454 /* Save party A's public key */
e3d90e52 2455 a_public = kmemdup(sg_virt(req->dst), out_len_max, GFP_KERNEL);
47d3fd39
TDA		 2456 if (!a_public) {
2457 err = -ENOMEM;
2458 goto free_output;
2459 }
47d3fd39
TDA		 2460 } else {
2461 /* Verify calculated public key */
2462 if (memcmp(vec->expected_a_public, sg_virt(req->dst),
2463 vec->expected_a_public_size)) {
2464 pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n",
2465 alg);
2466 err = -EINVAL;
2467 goto free_output;
2468 }
802c7f1c
SB		 2469 }
2470
2471 /* Calculate shared secret key by using counter part (b) public key. */
e3d90e52 2472 input_buf = kmemdup(vec->b_public, vec->b_public_size, GFP_KERNEL);
802c7f1c
SB		 2473 if (!input_buf) {
2474 err = -ENOMEM;
2475 goto free_output;
2476 }
2477
802c7f1c
SB		 2478 sg_init_one(&src, input_buf, vec->b_public_size);
2479 sg_init_one(&dst, output_buf, out_len_max);
2480 kpp_request_set_input(req, &src, vec->b_public_size);
2481 kpp_request_set_output(req, &dst, out_len_max);
2482 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
7f397136
GBY		 2483 crypto_req_done, &wait);
2484 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait);
802c7f1c 2485 if (err) {
47d3fd39 2486 pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n",
802c7f1c
SB		 2487 alg, err);
2488 goto free_all;
2489 }
47d3fd39
TDA		 2490
2491 if (vec->genkey) {
2492 /* Save the shared secret obtained by party A */
e3d90e52 2493 a_ss = kmemdup(sg_virt(req->dst), vec->expected_ss_size, GFP_KERNEL);
47d3fd39
TDA		 2494 if (!a_ss) {
2495 err = -ENOMEM;
2496 goto free_all;
2497 }
47d3fd39
TDA		 2498
2499 /*
2500 * Calculate party B's shared secret by using party A's
2501 * public key.
2502 */
2503 err = crypto_kpp_set_secret(tfm, vec->b_secret,
2504 vec->b_secret_size);
2505 if (err < 0)
2506 goto free_all;
2507
2508 sg_init_one(&src, a_public, vec->expected_a_public_size);
2509 sg_init_one(&dst, output_buf, out_len_max);
2510 kpp_request_set_input(req, &src, vec->expected_a_public_size);
2511 kpp_request_set_output(req, &dst, out_len_max);
2512 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
7f397136
GBY		 2513 crypto_req_done, &wait);
2514 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req),
2515 &wait);
47d3fd39
TDA		 2516 if (err) {
2517 pr_err("alg: %s: Party B: compute shared secret failed. err %d\n",
2518 alg, err);
2519 goto free_all;
2520 }
2521
2522 shared_secret = a_ss;
2523 } else {
2524 shared_secret = (void *)vec->expected_ss;
2525 }
2526
802c7f1c
SB		 2527 /*
2528 * verify shared secret from which the user will derive
2529 * secret key by executing whatever hash it has chosen
2530 */
47d3fd39 2531 if (memcmp(shared_secret, sg_virt(req->dst),
802c7f1c
SB		 2532 vec->expected_ss_size)) {
2533 pr_err("alg: %s: compute shared secret test failed. Invalid output\n",
2534 alg);
2535 err = -EINVAL;
2536 }
2537
2538free_all:
47d3fd39 2539 kfree(a_ss);
802c7f1c
SB		 2540 kfree(input_buf);
2541free_output:
47d3fd39 2542 kfree(a_public);
802c7f1c
SB		 2543 kfree(output_buf);
2544free_req:
2545 kpp_request_free(req);
2546 return err;
2547}
2548
2549static int test_kpp(struct crypto_kpp *tfm, const char *alg,
b13b1e0c 2550 const struct kpp_testvec *vecs, unsigned int tcount)
802c7f1c
SB		 2551{
2552 int ret, i;
2553
2554 for (i = 0; i < tcount; i++) {
2555 ret = do_test_kpp(tfm, vecs++, alg);
2556 if (ret) {
2557 pr_err("alg: %s: test failed on vector %d, err=%d\n",
2558 alg, i + 1, ret);
2559 return ret;
2560 }
2561 }
2562 return 0;
2563}
2564
2565static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,
2566 u32 type, u32 mask)
2567{
2568 struct crypto_kpp *tfm;
2569 int err = 0;
2570
eed93e0c 2571 tfm = crypto_alloc_kpp(driver, type, mask);
802c7f1c
SB		 2572 if (IS_ERR(tfm)) {
2573 pr_err("alg: kpp: Failed to load tfm for %s: %ld\n",
2574 driver, PTR_ERR(tfm));
2575 return PTR_ERR(tfm);
2576 }
2577 if (desc->suite.kpp.vecs)
2578 err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs,
2579 desc->suite.kpp.count);
2580
2581 crypto_free_kpp(tfm);
2582 return err;
2583}
2584
50d2b643 2585static int test_akcipher_one(struct crypto_akcipher *tfm,
b13b1e0c 2586 const struct akcipher_testvec *vecs)
946cc463 2587{
df27b26f 2588 char *xbuf[XBUFSIZE];
946cc463
TS		 2589 struct akcipher_request *req;
2590 void *outbuf_enc = NULL;
2591 void *outbuf_dec = NULL;
7f397136 2592 struct crypto_wait wait;
946cc463
TS		 2593 unsigned int out_len_max, out_len = 0;
2594 int err = -ENOMEM;
22287b0b 2595 struct scatterlist src, dst, src_tab[2];
0507de94
VC		 2596 const char *m, *c;
2597 unsigned int m_size, c_size;
2598 const char *op;
946cc463 2599
df27b26f
HX		 2600 if (testmgr_alloc_buf(xbuf))
2601 return err;
2602
946cc463
TS		 2603 req = akcipher_request_alloc(tfm, GFP_KERNEL);
2604 if (!req)
df27b26f 2605 goto free_xbuf;
946cc463 2606
7f397136 2607 crypto_init_wait(&wait);
946cc463 2608
22287b0b
TS		 2609 if (vecs->public_key_vec)
2610 err = crypto_akcipher_set_pub_key(tfm, vecs->key,
2611 vecs->key_len);
2612 else
2613 err = crypto_akcipher_set_priv_key(tfm, vecs->key,
2614 vecs->key_len);
2615 if (err)
946cc463 2616 goto free_req;
946cc463 2617
57763f5e 2618 err = -ENOMEM;
22287b0b 2619 out_len_max = crypto_akcipher_maxsize(tfm);
0507de94
VC		 2620
2621 /*
2622 * First run test which do not require a private key, such as
2623 * encrypt or verify.
2624 */
946cc463
TS		 2625 outbuf_enc = kzalloc(out_len_max, GFP_KERNEL);
2626 if (!outbuf_enc)
2627 goto free_req;
2628
0507de94
VC		 2629 if (!vecs->siggen_sigver_test) {
2630 m = vecs->m;
2631 m_size = vecs->m_size;
2632 c = vecs->c;
2633 c_size = vecs->c_size;
2634 op = "encrypt";
2635 } else {
2636 /* Swap args so we could keep plaintext (digest)
2637 * in vecs->m, and cooked signature in vecs->c.
2638 */
2639 m = vecs->c; /* signature */
2640 m_size = vecs->c_size;
2641 c = vecs->m; /* digest */
2642 c_size = vecs->m_size;
2643 op = "verify";
2644 }
df27b26f 2645
0507de94
VC		 2646 if (WARN_ON(m_size > PAGE_SIZE))
2647 goto free_all;
2648 memcpy(xbuf[0], m, m_size);
df27b26f 2649
22287b0b 2650 sg_init_table(src_tab, 2);
df27b26f 2651 sg_set_buf(&src_tab[0], xbuf[0], 8);
0507de94 2652 sg_set_buf(&src_tab[1], xbuf[0] + 8, m_size - 8);
22287b0b 2653 sg_init_one(&dst, outbuf_enc, out_len_max);
0507de94 2654 akcipher_request_set_crypt(req, src_tab, &dst, m_size,
22287b0b 2655 out_len_max);
946cc463 2656 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
7f397136 2657 crypto_req_done, &wait);
946cc463 2658
7f397136 2659 err = crypto_wait_req(vecs->siggen_sigver_test ?
0507de94
VC		 2660 /* Run asymmetric signature verification */
2661 crypto_akcipher_verify(req) :
7f397136
GBY		 2662 /* Run asymmetric encrypt */
2663 crypto_akcipher_encrypt(req), &wait);
946cc463 2664 if (err) {
0507de94 2665 pr_err("alg: akcipher: %s test failed. err %d\n", op, err);
946cc463
TS		 2666 goto free_all;
2667 }
0507de94
VC		 2668 if (req->dst_len != c_size) {
2669 pr_err("alg: akcipher: %s test failed. Invalid output len\n",
2670 op);
946cc463
TS		 2671 err = -EINVAL;
2672 goto free_all;
2673 }
2674 /* verify that encrypted message is equal to expected */
0507de94
VC		 2675 if (memcmp(c, outbuf_enc, c_size)) {
2676 pr_err("alg: akcipher: %s test failed. Invalid output\n", op);
2677 hexdump(outbuf_enc, c_size);
946cc463
TS		 2678 err = -EINVAL;
2679 goto free_all;
2680 }
0507de94
VC		 2681
2682 /*
2683 * Don't invoke (decrypt or sign) test which require a private key
2684 * for vectors with only a public key.
2685 */
946cc463
TS		 2686 if (vecs->public_key_vec) {
2687 err = 0;
2688 goto free_all;
2689 }
2690 outbuf_dec = kzalloc(out_len_max, GFP_KERNEL);
2691 if (!outbuf_dec) {
2692 err = -ENOMEM;
2693 goto free_all;
2694 }
df27b26f 2695
0507de94
VC		 2696 op = vecs->siggen_sigver_test ? "sign" : "decrypt";
2697 if (WARN_ON(c_size > PAGE_SIZE))
df27b26f 2698 goto free_all;
0507de94 2699 memcpy(xbuf[0], c, c_size);
df27b26f 2700
0507de94 2701 sg_init_one(&src, xbuf[0], c_size);
22287b0b 2702 sg_init_one(&dst, outbuf_dec, out_len_max);
7f397136 2703 crypto_init_wait(&wait);
0507de94 2704 akcipher_request_set_crypt(req, &src, &dst, c_size, out_len_max);
946cc463 2705
7f397136 2706 err = crypto_wait_req(vecs->siggen_sigver_test ?
0507de94
VC		 2707 /* Run asymmetric signature generation */
2708 crypto_akcipher_sign(req) :
7f397136
GBY		 2709 /* Run asymmetric decrypt */
2710 crypto_akcipher_decrypt(req), &wait);
946cc463 2711 if (err) {
0507de94 2712 pr_err("alg: akcipher: %s test failed. err %d\n", op, err);
946cc463
TS		 2713 goto free_all;
2714 }
2715 out_len = req->dst_len;
0507de94
VC		 2716 if (out_len < m_size) {
2717 pr_err("alg: akcipher: %s test failed. Invalid output len %u\n",
2718 op, out_len);
946cc463
TS		 2719 err = -EINVAL;
2720 goto free_all;
2721 }
2722 /* verify that decrypted message is equal to the original msg */
0507de94
VC		 2723 if (memchr_inv(outbuf_dec, 0, out_len - m_size) ||
2724 memcmp(m, outbuf_dec + out_len - m_size, m_size)) {
2725 pr_err("alg: akcipher: %s test failed. Invalid output\n", op);
50d2b643 2726 hexdump(outbuf_dec, out_len);
946cc463
TS		 2727 err = -EINVAL;
2728 }
2729free_all:
2730 kfree(outbuf_dec);
2731 kfree(outbuf_enc);
2732free_req:
2733 akcipher_request_free(req);
df27b26f
HX		 2734free_xbuf:
2735 testmgr_free_buf(xbuf);
946cc463
TS		 2736 return err;
2737}
2738
50d2b643 2739static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,
b13b1e0c
EB		 2740 const struct akcipher_testvec *vecs,
2741 unsigned int tcount)
946cc463 2742{
15226e48
HX		 2743 const char *algo =
2744 crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm));
946cc463
TS		 2745 int ret, i;
2746
2747 for (i = 0; i < tcount; i++) {
50d2b643
HX		 2748 ret = test_akcipher_one(tfm, vecs++);
2749 if (!ret)
2750 continue;
946cc463 2751
15226e48
HX		 2752 pr_err("alg: akcipher: test %d failed for %s, err=%d\n",
2753 i + 1, algo, ret);
50d2b643
HX		 2754 return ret;
2755 }
946cc463
TS		 2756 return 0;
2757}
2758
2759static int alg_test_akcipher(const struct alg_test_desc *desc,
2760 const char *driver, u32 type, u32 mask)
2761{
2762 struct crypto_akcipher *tfm;
2763 int err = 0;
2764
eed93e0c 2765 tfm = crypto_alloc_akcipher(driver, type, mask);
946cc463
TS		 2766 if (IS_ERR(tfm)) {
2767 pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n",
2768 driver, PTR_ERR(tfm));
2769 return PTR_ERR(tfm);
2770 }
2771 if (desc->suite.akcipher.vecs)
2772 err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs,
2773 desc->suite.akcipher.count);
2774
2775 crypto_free_akcipher(tfm);
2776 return err;
2777}
2778
863b557a
YS		 2779static int alg_test_null(const struct alg_test_desc *desc,
2780 const char *driver, u32 type, u32 mask)
2781{
2782 return 0;
2783}
2784
21c8e720
AB		 2785#define __VECS(tv) { .vecs = tv, .count = ARRAY_SIZE(tv) }
2786
da7f033d
HX		 2787/* Please keep this list sorted by algorithm name. */
2788static const struct alg_test_desc alg_test_descs[] = {
2789 {
059c2a4d
EB		 2790 .alg = "adiantum(xchacha12,aes)",
2791 .test = alg_test_skcipher,
2792 .suite = {
2793 .cipher = __VECS(adiantum_xchacha12_aes_tv_template)
2794 },
2795 }, {
2796 .alg = "adiantum(xchacha20,aes)",
2797 .test = alg_test_skcipher,
2798 .suite = {
2799 .cipher = __VECS(adiantum_xchacha20_aes_tv_template)
2800 },
2801 }, {
b87dc203
OM		 2802 .alg = "aegis128",
2803 .test = alg_test_aead,
2804 .suite = {
a0d608ee 2805 .aead = __VECS(aegis128_tv_template)
b87dc203
OM		 2806 }
2807 }, {
2808 .alg = "aegis128l",
2809 .test = alg_test_aead,
2810 .suite = {
a0d608ee 2811 .aead = __VECS(aegis128l_tv_template)
b87dc203
OM		 2812 }
2813 }, {
2814 .alg = "aegis256",
2815 .test = alg_test_aead,
2816 .suite = {
a0d608ee 2817 .aead = __VECS(aegis256_tv_template)
b87dc203
OM		 2818 }
2819 }, {
e08ca2da
JW		 2820 .alg = "ansi_cprng",
2821 .test = alg_test_cprng,
2822 .suite = {
21c8e720 2823 .cprng = __VECS(ansi_cprng_aes_tv_template)
e08ca2da 2824 }
bca4feb0
HG		 2825 }, {
2826 .alg = "authenc(hmac(md5),ecb(cipher_null))",
2827 .test = alg_test_aead,
bca4feb0 2828 .suite = {
a0d608ee 2829 .aead = __VECS(hmac_md5_ecb_cipher_null_tv_template)
bca4feb0 2830 }
e46e9a46 2831 }, {
a4198fd4 2832 .alg = "authenc(hmac(sha1),cbc(aes))",
e46e9a46 2833 .test = alg_test_aead,
bcf741cb 2834 .fips_allowed = 1,
e46e9a46 2835 .suite = {
a0d608ee 2836 .aead = __VECS(hmac_sha1_aes_cbc_tv_temp)
5208ed2c
NL		 2837 }
2838 }, {
a4198fd4 2839 .alg = "authenc(hmac(sha1),cbc(des))",
5208ed2c 2840 .test = alg_test_aead,
5208ed2c 2841 .suite = {
a0d608ee 2842 .aead = __VECS(hmac_sha1_des_cbc_tv_temp)
5208ed2c
NL		 2843 }
2844 }, {
a4198fd4 2845 .alg = "authenc(hmac(sha1),cbc(des3_ede))",
5208ed2c 2846 .test = alg_test_aead,
ed1afac9 2847 .fips_allowed = 1,
5208ed2c 2848 .suite = {
a0d608ee 2849 .aead = __VECS(hmac_sha1_des3_ede_cbc_tv_temp)
e46e9a46 2850 }
fb16abc2
MM		 2851 }, {
2852 .alg = "authenc(hmac(sha1),ctr(aes))",
2853 .test = alg_test_null,
2854 .fips_allowed = 1,
bca4feb0
HG		 2855 }, {
2856 .alg = "authenc(hmac(sha1),ecb(cipher_null))",
2857 .test = alg_test_aead,
bca4feb0 2858 .suite = {
a0d608ee 2859 .aead = __VECS(hmac_sha1_ecb_cipher_null_tv_temp)
5208ed2c 2860 }
8888690e
MM		 2861 }, {
2862 .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
2863 .test = alg_test_null,
2864 .fips_allowed = 1,
5208ed2c 2865 }, {
a4198fd4 2866 .alg = "authenc(hmac(sha224),cbc(des))",
5208ed2c 2867 .test = alg_test_aead,
5208ed2c 2868 .suite = {
a0d608ee 2869 .aead = __VECS(hmac_sha224_des_cbc_tv_temp)
5208ed2c
NL		 2870 }
2871 }, {
a4198fd4 2872 .alg = "authenc(hmac(sha224),cbc(des3_ede))",
5208ed2c 2873 .test = alg_test_aead,
ed1afac9 2874 .fips_allowed = 1,
5208ed2c 2875 .suite = {
a0d608ee 2876 .aead = __VECS(hmac_sha224_des3_ede_cbc_tv_temp)
bca4feb0 2877 }
e46e9a46 2878 }, {
a4198fd4 2879 .alg = "authenc(hmac(sha256),cbc(aes))",
e46e9a46 2880 .test = alg_test_aead,
ed1afac9 2881 .fips_allowed = 1,
e46e9a46 2882 .suite = {
a0d608ee 2883 .aead = __VECS(hmac_sha256_aes_cbc_tv_temp)
5208ed2c
NL		 2884 }
2885 }, {
a4198fd4 2886 .alg = "authenc(hmac(sha256),cbc(des))",
5208ed2c 2887 .test = alg_test_aead,
5208ed2c 2888 .suite = {
a0d608ee 2889 .aead = __VECS(hmac_sha256_des_cbc_tv_temp)
5208ed2c
NL		 2890 }
2891 }, {
a4198fd4 2892 .alg = "authenc(hmac(sha256),cbc(des3_ede))",
5208ed2c 2893 .test = alg_test_aead,
ed1afac9 2894 .fips_allowed = 1,
5208ed2c 2895 .suite = {
a0d608ee 2896 .aead = __VECS(hmac_sha256_des3_ede_cbc_tv_temp)
5208ed2c 2897 }
fb16abc2
MM		 2898 }, {
2899 .alg = "authenc(hmac(sha256),ctr(aes))",
2900 .test = alg_test_null,
2901 .fips_allowed = 1,
8888690e
MM		 2902 }, {
2903 .alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
2904 .test = alg_test_null,
2905 .fips_allowed = 1,
5208ed2c 2906 }, {
a4198fd4 2907 .alg = "authenc(hmac(sha384),cbc(des))",
5208ed2c 2908 .test = alg_test_aead,
5208ed2c 2909 .suite = {
a0d608ee 2910 .aead = __VECS(hmac_sha384_des_cbc_tv_temp)
5208ed2c
NL		 2911 }
2912 }, {
a4198fd4 2913 .alg = "authenc(hmac(sha384),cbc(des3_ede))",
5208ed2c 2914 .test = alg_test_aead,
ed1afac9 2915 .fips_allowed = 1,
5208ed2c 2916 .suite = {
a0d608ee 2917 .aead = __VECS(hmac_sha384_des3_ede_cbc_tv_temp)
e46e9a46 2918 }
fb16abc2
MM		 2919 }, {
2920 .alg = "authenc(hmac(sha384),ctr(aes))",
2921 .test = alg_test_null,
2922 .fips_allowed = 1,
8888690e
MM		 2923 }, {
2924 .alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
2925 .test = alg_test_null,
2926 .fips_allowed = 1,
e46e9a46 2927 }, {
a4198fd4 2928 .alg = "authenc(hmac(sha512),cbc(aes))",
ed1afac9 2929 .fips_allowed = 1,
e46e9a46 2930 .test = alg_test_aead,
e46e9a46 2931 .suite = {
a0d608ee 2932 .aead = __VECS(hmac_sha512_aes_cbc_tv_temp)
5208ed2c
NL		 2933 }
2934 }, {
a4198fd4 2935 .alg = "authenc(hmac(sha512),cbc(des))",
5208ed2c 2936 .test = alg_test_aead,
5208ed2c 2937 .suite = {
a0d608ee 2938 .aead = __VECS(hmac_sha512_des_cbc_tv_temp)
5208ed2c
NL		 2939 }
2940 }, {
a4198fd4 2941 .alg = "authenc(hmac(sha512),cbc(des3_ede))",
5208ed2c 2942 .test = alg_test_aead,
ed1afac9 2943 .fips_allowed = 1,
5208ed2c 2944 .suite = {
a0d608ee 2945 .aead = __VECS(hmac_sha512_des3_ede_cbc_tv_temp)
e46e9a46 2946 }
fb16abc2
MM		 2947 }, {
2948 .alg = "authenc(hmac(sha512),ctr(aes))",
2949 .test = alg_test_null,
2950 .fips_allowed = 1,
8888690e
MM		 2951 }, {
2952 .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
2953 .test = alg_test_null,
2954 .fips_allowed = 1,
e08ca2da 2955 }, {
da7f033d 2956 .alg = "cbc(aes)",
1aa4ecd9 2957 .test = alg_test_skcipher,
a1915d51 2958 .fips_allowed = 1,
da7f033d 2959 .suite = {
92a4c9fe
EB		 2960 .cipher = __VECS(aes_cbc_tv_template)
2961 },
da7f033d
HX		 2962 }, {
2963 .alg = "cbc(anubis)",
1aa4ecd9 2964 .test = alg_test_skcipher,
da7f033d 2965 .suite = {
92a4c9fe
EB		 2966 .cipher = __VECS(anubis_cbc_tv_template)
2967 },
da7f033d
HX		 2968 }, {
2969 .alg = "cbc(blowfish)",
1aa4ecd9 2970 .test = alg_test_skcipher,
da7f033d 2971 .suite = {
92a4c9fe
EB		 2972 .cipher = __VECS(bf_cbc_tv_template)
2973 },
da7f033d
HX		 2974 }, {
2975 .alg = "cbc(camellia)",
1aa4ecd9 2976 .test = alg_test_skcipher,
da7f033d 2977 .suite = {
92a4c9fe
EB		 2978 .cipher = __VECS(camellia_cbc_tv_template)
2979 },
a2c58260
JG		 2980 }, {
2981 .alg = "cbc(cast5)",
2982 .test = alg_test_skcipher,
2983 .suite = {
92a4c9fe
EB		 2984 .cipher = __VECS(cast5_cbc_tv_template)
2985 },
9b8b0405
JG		 2986 }, {
2987 .alg = "cbc(cast6)",
2988 .test = alg_test_skcipher,
2989 .suite = {
92a4c9fe
EB		 2990 .cipher = __VECS(cast6_cbc_tv_template)
2991 },
da7f033d
HX		 2992 }, {
2993 .alg = "cbc(des)",
1aa4ecd9 2994 .test = alg_test_skcipher,
da7f033d 2995 .suite = {
92a4c9fe
EB		 2996 .cipher = __VECS(des_cbc_tv_template)
2997 },
da7f033d
HX		 2998 }, {
2999 .alg = "cbc(des3_ede)",
1aa4ecd9 3000 .test = alg_test_skcipher,
a1915d51 3001 .fips_allowed = 1,
da7f033d 3002 .suite = {
92a4c9fe
EB		 3003 .cipher = __VECS(des3_ede_cbc_tv_template)
3004 },
a794d8d8
GBY		 3005 }, {
3006 /* Same as cbc(aes) except the key is stored in
3007 * hardware secure memory which we reference by index
3008 */
3009 .alg = "cbc(paes)",
3010 .test = alg_test_null,
3011 .fips_allowed = 1,
9d25917d
JK		 3012 }, {
3013 .alg = "cbc(serpent)",
3014 .test = alg_test_skcipher,
3015 .suite = {
92a4c9fe
EB		 3016 .cipher = __VECS(serpent_cbc_tv_template)
3017 },
95ba5973
GBY		 3018 }, {
3019 .alg = "cbc(sm4)",
3020 .test = alg_test_skcipher,
3021 .suite = {
3022 .cipher = __VECS(sm4_cbc_tv_template)
3023 }
da7f033d
HX		 3024 }, {
3025 .alg = "cbc(twofish)",
1aa4ecd9 3026 .test = alg_test_skcipher,
da7f033d 3027 .suite = {
92a4c9fe
EB		 3028 .cipher = __VECS(tf_cbc_tv_template)
3029 },
092acf06
AB		 3030 }, {
3031 .alg = "cbcmac(aes)",
3032 .fips_allowed = 1,
3033 .test = alg_test_hash,
3034 .suite = {
3035 .hash = __VECS(aes_cbcmac_tv_template)
3036 }
da7f033d
HX		 3037 }, {
3038 .alg = "ccm(aes)",
3039 .test = alg_test_aead,
a1915d51 3040 .fips_allowed = 1,
da7f033d 3041 .suite = {
a0d608ee 3042 .aead = __VECS(aes_ccm_tv_template)
da7f033d 3043 }
7da66670
DES		 3044 }, {
3045 .alg = "cfb(aes)",
3046 .test = alg_test_skcipher,
3047 .fips_allowed = 1,
3048 .suite = {
3049 .cipher = __VECS(aes_cfb_tv_template)
3050 },
3590ebf2
MW		 3051 }, {
3052 .alg = "chacha20",
3053 .test = alg_test_skcipher,
3054 .suite = {
92a4c9fe
EB		 3055 .cipher = __VECS(chacha20_tv_template)
3056 },
93b5e86a
JK		 3057 }, {
3058 .alg = "cmac(aes)",
8f183751 3059 .fips_allowed = 1,
93b5e86a
JK		 3060 .test = alg_test_hash,
3061 .suite = {
21c8e720 3062 .hash = __VECS(aes_cmac128_tv_template)
93b5e86a
JK		 3063 }
3064 }, {
3065 .alg = "cmac(des3_ede)",
8f183751 3066 .fips_allowed = 1,
93b5e86a
JK		 3067 .test = alg_test_hash,
3068 .suite = {
21c8e720 3069 .hash = __VECS(des3_ede_cmac64_tv_template)
93b5e86a 3070 }
e448370d
JK		 3071 }, {
3072 .alg = "compress_null",
3073 .test = alg_test_null,
ebb3472f
AB		 3074 }, {
3075 .alg = "crc32",
3076 .test = alg_test_hash,
a8a34416 3077 .fips_allowed = 1,
ebb3472f 3078 .suite = {
21c8e720 3079 .hash = __VECS(crc32_tv_template)
ebb3472f 3080 }
da7f033d
HX		 3081 }, {
3082 .alg = "crc32c",
8e3ee85e 3083 .test = alg_test_crc32c,
a1915d51 3084 .fips_allowed = 1,
da7f033d 3085 .suite = {
21c8e720 3086 .hash = __VECS(crc32c_tv_template)
da7f033d 3087 }
68411521
HX		 3088 }, {
3089 .alg = "crct10dif",
3090 .test = alg_test_hash,
3091 .fips_allowed = 1,
3092 .suite = {
21c8e720 3093 .hash = __VECS(crct10dif_tv_template)
68411521 3094 }
f7cb80f2
JW		 3095 }, {
3096 .alg = "ctr(aes)",
3097 .test = alg_test_skcipher,
a1915d51 3098 .fips_allowed = 1,
f7cb80f2 3099 .suite = {
92a4c9fe 3100 .cipher = __VECS(aes_ctr_tv_template)
f7cb80f2 3101 }
85b63e34
JK		 3102 }, {
3103 .alg = "ctr(blowfish)",
3104 .test = alg_test_skcipher,
3105 .suite = {
92a4c9fe 3106 .cipher = __VECS(bf_ctr_tv_template)
85b63e34 3107 }
0840605e
JK		 3108 }, {
3109 .alg = "ctr(camellia)",
3110 .test = alg_test_skcipher,
3111 .suite = {
92a4c9fe 3112 .cipher = __VECS(camellia_ctr_tv_template)
0840605e 3113 }
a2c58260
JG		 3114 }, {
3115 .alg = "ctr(cast5)",
3116 .test = alg_test_skcipher,
3117 .suite = {
92a4c9fe 3118 .cipher = __VECS(cast5_ctr_tv_template)
a2c58260 3119 }
9b8b0405
JG		 3120 }, {
3121 .alg = "ctr(cast6)",
3122 .test = alg_test_skcipher,
3123 .suite = {
92a4c9fe 3124 .cipher = __VECS(cast6_ctr_tv_template)
9b8b0405 3125 }
8163fc30
JK		 3126 }, {
3127 .alg = "ctr(des)",
3128 .test = alg_test_skcipher,
3129 .suite = {
92a4c9fe 3130 .cipher = __VECS(des_ctr_tv_template)
8163fc30 3131 }
e080b17a
JK		 3132 }, {
3133 .alg = "ctr(des3_ede)",
3134 .test = alg_test_skcipher,
0d8da104 3135 .fips_allowed = 1,
e080b17a 3136 .suite = {
92a4c9fe 3137 .cipher = __VECS(des3_ede_ctr_tv_template)
e080b17a 3138 }
a794d8d8
GBY		 3139 }, {
3140 /* Same as ctr(aes) except the key is stored in
3141 * hardware secure memory which we reference by index
3142 */
3143 .alg = "ctr(paes)",
3144 .test = alg_test_null,
3145 .fips_allowed = 1,
9d25917d
JK		 3146 }, {
3147 .alg = "ctr(serpent)",
3148 .test = alg_test_skcipher,
3149 .suite = {
92a4c9fe 3150 .cipher = __VECS(serpent_ctr_tv_template)
9d25917d 3151 }
95ba5973
GBY		 3152 }, {
3153 .alg = "ctr(sm4)",
3154 .test = alg_test_skcipher,
3155 .suite = {
3156 .cipher = __VECS(sm4_ctr_tv_template)
3157 }
573da620
JK		 3158 }, {
3159 .alg = "ctr(twofish)",
3160 .test = alg_test_skcipher,
3161 .suite = {
92a4c9fe 3162 .cipher = __VECS(tf_ctr_tv_template)
573da620 3163 }
da7f033d
HX		 3164 }, {
3165 .alg = "cts(cbc(aes))",
1aa4ecd9 3166 .test = alg_test_skcipher,
196ad604 3167 .fips_allowed = 1,
da7f033d 3168 .suite = {
92a4c9fe 3169 .cipher = __VECS(cts_mode_tv_template)
da7f033d
HX		 3170 }
3171 }, {
3172 .alg = "deflate",
3173 .test = alg_test_comp,
0818904d 3174 .fips_allowed = 1,
da7f033d
HX		 3175 .suite = {
3176 .comp = {
21c8e720
AB		 3177 .comp = __VECS(deflate_comp_tv_template),
3178 .decomp = __VECS(deflate_decomp_tv_template)
da7f033d
HX		 3179 }
3180 }
802c7f1c
SB		 3181 }, {
3182 .alg = "dh",
3183 .test = alg_test_kpp,
3184 .fips_allowed = 1,
3185 .suite = {
21c8e720 3186 .kpp = __VECS(dh_tv_template)
802c7f1c 3187 }
e448370d
JK		 3188 }, {
3189 .alg = "digest_null",
3190 .test = alg_test_null,
64d1cdfb
SM		 3191 }, {
3192 .alg = "drbg_nopr_ctr_aes128",
3193 .test = alg_test_drbg,
3194 .fips_allowed = 1,
3195 .suite = {
21c8e720 3196 .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template)
64d1cdfb
SM		 3197 }
3198 }, {
3199 .alg = "drbg_nopr_ctr_aes192",
3200 .test = alg_test_drbg,
3201 .fips_allowed = 1,
3202 .suite = {
21c8e720 3203 .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template)
64d1cdfb
SM		 3204 }
3205 }, {
3206 .alg = "drbg_nopr_ctr_aes256",
3207 .test = alg_test_drbg,
3208 .fips_allowed = 1,
3209 .suite = {
21c8e720 3210 .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template)
64d1cdfb
SM		 3211 }
3212 }, {
3213 /*
3214 * There is no need to specifically test the DRBG with every
3215 * backend cipher -- covered by drbg_nopr_hmac_sha256 test
3216 */
3217 .alg = "drbg_nopr_hmac_sha1",
3218 .fips_allowed = 1,
3219 .test = alg_test_null,
3220 }, {
3221 .alg = "drbg_nopr_hmac_sha256",
3222 .test = alg_test_drbg,
3223 .fips_allowed = 1,
3224 .suite = {
21c8e720 3225 .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template)
64d1cdfb
SM		 3226 }
3227 }, {
3228 /* covered by drbg_nopr_hmac_sha256 test */
3229 .alg = "drbg_nopr_hmac_sha384",
3230 .fips_allowed = 1,
3231 .test = alg_test_null,
3232 }, {
3233 .alg = "drbg_nopr_hmac_sha512",
3234 .test = alg_test_null,
3235 .fips_allowed = 1,
3236 }, {
3237 .alg = "drbg_nopr_sha1",
3238 .fips_allowed = 1,
3239 .test = alg_test_null,
3240 }, {
3241 .alg = "drbg_nopr_sha256",
3242 .test = alg_test_drbg,
3243 .fips_allowed = 1,
3244 .suite = {
21c8e720 3245 .drbg = __VECS(drbg_nopr_sha256_tv_template)
64d1cdfb
SM		 3246 }
3247 }, {
3248 /* covered by drbg_nopr_sha256 test */
3249 .alg = "drbg_nopr_sha384",
3250 .fips_allowed = 1,
3251 .test = alg_test_null,
3252 }, {
3253 .alg = "drbg_nopr_sha512",
3254 .fips_allowed = 1,
3255 .test = alg_test_null,
3256 }, {
3257 .alg = "drbg_pr_ctr_aes128",
3258 .test = alg_test_drbg,
3259 .fips_allowed = 1,
3260 .suite = {
21c8e720 3261 .drbg = __VECS(drbg_pr_ctr_aes128_tv_template)
64d1cdfb
SM		 3262 }
3263 }, {
3264 /* covered by drbg_pr_ctr_aes128 test */
3265 .alg = "drbg_pr_ctr_aes192",
3266 .fips_allowed = 1,
3267 .test = alg_test_null,
3268 }, {
3269 .alg = "drbg_pr_ctr_aes256",
3270 .fips_allowed = 1,
3271 .test = alg_test_null,
3272 }, {
3273 .alg = "drbg_pr_hmac_sha1",
3274 .fips_allowed = 1,
3275 .test = alg_test_null,
3276 }, {
3277 .alg = "drbg_pr_hmac_sha256",
3278 .test = alg_test_drbg,
3279 .fips_allowed = 1,
3280 .suite = {
21c8e720 3281 .drbg = __VECS(drbg_pr_hmac_sha256_tv_template)
64d1cdfb
SM		 3282 }
3283 }, {
3284 /* covered by drbg_pr_hmac_sha256 test */
3285 .alg = "drbg_pr_hmac_sha384",
3286 .fips_allowed = 1,
3287 .test = alg_test_null,
3288 }, {
3289 .alg = "drbg_pr_hmac_sha512",
3290 .test = alg_test_null,
3291 .fips_allowed = 1,
3292 }, {
3293 .alg = "drbg_pr_sha1",
3294 .fips_allowed = 1,
3295 .test = alg_test_null,
3296 }, {
3297 .alg = "drbg_pr_sha256",
3298 .test = alg_test_drbg,
3299 .fips_allowed = 1,
3300 .suite = {
21c8e720 3301 .drbg = __VECS(drbg_pr_sha256_tv_template)
64d1cdfb
SM		 3302 }
3303 }, {
3304 /* covered by drbg_pr_sha256 test */
3305 .alg = "drbg_pr_sha384",
3306 .fips_allowed = 1,
3307 .test = alg_test_null,
3308 }, {
3309 .alg = "drbg_pr_sha512",
3310 .fips_allowed = 1,
3311 .test = alg_test_null,
da7f033d
HX		 3312 }, {
3313 .alg = "ecb(aes)",
1aa4ecd9 3314 .test = alg_test_skcipher,
a1915d51 3315 .fips_allowed = 1,
da7f033d 3316 .suite = {
92a4c9fe 3317 .cipher = __VECS(aes_tv_template)
da7f033d
HX		 3318 }
3319 }, {
3320 .alg = "ecb(anubis)",
1aa4ecd9 3321 .test = alg_test_skcipher,
da7f033d 3322 .suite = {
92a4c9fe 3323 .cipher = __VECS(anubis_tv_template)
da7f033d
HX		 3324 }
3325 }, {
3326 .alg = "ecb(arc4)",
1aa4ecd9 3327 .test = alg_test_skcipher,
da7f033d 3328 .suite = {
92a4c9fe 3329 .cipher = __VECS(arc4_tv_template)
da7f033d
HX		 3330 }
3331 }, {
3332 .alg = "ecb(blowfish)",
1aa4ecd9 3333 .test = alg_test_skcipher,
da7f033d 3334 .suite = {
92a4c9fe 3335 .cipher = __VECS(bf_tv_template)
da7f033d
HX		 3336 }
3337 }, {
3338 .alg = "ecb(camellia)",
1aa4ecd9 3339 .test = alg_test_skcipher,
da7f033d 3340 .suite = {
92a4c9fe 3341 .cipher = __VECS(camellia_tv_template)
da7f033d
HX		 3342 }
3343 }, {
3344 .alg = "ecb(cast5)",
1aa4ecd9 3345 .test = alg_test_skcipher,
da7f033d 3346 .suite = {
92a4c9fe 3347 .cipher = __VECS(cast5_tv_template)
da7f033d
HX		 3348 }
3349 }, {
3350 .alg = "ecb(cast6)",
1aa4ecd9 3351 .test = alg_test_skcipher,
da7f033d 3352 .suite = {
92a4c9fe 3353 .cipher = __VECS(cast6_tv_template)
da7f033d 3354 }
e448370d
JK		 3355 }, {
3356 .alg = "ecb(cipher_null)",
3357 .test = alg_test_null,
6175ca2b 3358 .fips_allowed = 1,
da7f033d
HX		 3359 }, {
3360 .alg = "ecb(des)",
1aa4ecd9 3361 .test = alg_test_skcipher,
da7f033d 3362 .suite = {
92a4c9fe 3363 .cipher = __VECS(des_tv_template)
da7f033d
HX		 3364 }
3365 }, {
3366 .alg = "ecb(des3_ede)",
1aa4ecd9 3367 .test = alg_test_skcipher,
a1915d51 3368 .fips_allowed = 1,
da7f033d 3369 .suite = {
92a4c9fe 3370 .cipher = __VECS(des3_ede_tv_template)
da7f033d 3371 }
66e5bd00
JK		 3372 }, {
3373 .alg = "ecb(fcrypt)",
3374 .test = alg_test_skcipher,
3375 .suite = {
3376 .cipher = {
92a4c9fe
EB		 3377 .vecs = fcrypt_pcbc_tv_template,
3378 .count = 1
66e5bd00
JK		 3379 }
3380 }
da7f033d
HX		 3381 }, {
3382 .alg = "ecb(khazad)",
1aa4ecd9 3383 .test = alg_test_skcipher,
da7f033d 3384 .suite = {
92a4c9fe 3385 .cipher = __VECS(khazad_tv_template)
da7f033d 3386 }
15f47ce5
GBY		 3387 }, {
3388 /* Same as ecb(aes) except the key is stored in
3389 * hardware secure memory which we reference by index
3390 */
3391 .alg = "ecb(paes)",
3392 .test = alg_test_null,
3393 .fips_allowed = 1,
da7f033d
HX		 3394 }, {
3395 .alg = "ecb(seed)",
1aa4ecd9 3396 .test = alg_test_skcipher,
da7f033d 3397 .suite = {
92a4c9fe 3398 .cipher = __VECS(seed_tv_template)
da7f033d
HX		 3399 }
3400 }, {
3401 .alg = "ecb(serpent)",
1aa4ecd9 3402 .test = alg_test_skcipher,
da7f033d 3403 .suite = {
92a4c9fe 3404 .cipher = __VECS(serpent_tv_template)
da7f033d 3405 }
cd83a8a7
GBY		 3406 }, {
3407 .alg = "ecb(sm4)",
3408 .test = alg_test_skcipher,
3409 .suite = {
92a4c9fe 3410 .cipher = __VECS(sm4_tv_template)
cd83a8a7 3411 }
da7f033d
HX		 3412 }, {
3413 .alg = "ecb(tea)",
1aa4ecd9 3414 .test = alg_test_skcipher,
da7f033d 3415 .suite = {
92a4c9fe 3416 .cipher = __VECS(tea_tv_template)
da7f033d
HX		 3417 }
3418 }, {
3419 .alg = "ecb(tnepres)",
1aa4ecd9 3420 .test = alg_test_skcipher,
da7f033d 3421 .suite = {
92a4c9fe 3422 .cipher = __VECS(tnepres_tv_template)
da7f033d
HX		 3423 }
3424 }, {
3425 .alg = "ecb(twofish)",
1aa4ecd9 3426 .test = alg_test_skcipher,
da7f033d 3427 .suite = {
92a4c9fe 3428 .cipher = __VECS(tf_tv_template)
da7f033d
HX		 3429 }
3430 }, {
3431 .alg = "ecb(xeta)",
1aa4ecd9 3432 .test = alg_test_skcipher,
da7f033d 3433 .suite = {
92a4c9fe 3434 .cipher = __VECS(xeta_tv_template)
da7f033d
HX		 3435 }
3436 }, {
3437 .alg = "ecb(xtea)",
1aa4ecd9 3438 .test = alg_test_skcipher,
da7f033d 3439 .suite = {
92a4c9fe 3440 .cipher = __VECS(xtea_tv_template)
da7f033d 3441 }
3c4b2390
SB		 3442 }, {
3443 .alg = "ecdh",
3444 .test = alg_test_kpp,
3445 .fips_allowed = 1,
3446 .suite = {
21c8e720 3447 .kpp = __VECS(ecdh_tv_template)
3c4b2390 3448 }
da7f033d
HX		 3449 }, {
3450 .alg = "gcm(aes)",
3451 .test = alg_test_aead,
a1915d51 3452 .fips_allowed = 1,
da7f033d 3453 .suite = {
a0d608ee 3454 .aead = __VECS(aes_gcm_tv_template)
da7f033d 3455 }
507069c9
YS		 3456 }, {
3457 .alg = "ghash",
3458 .test = alg_test_hash,
18c0ebd2 3459 .fips_allowed = 1,
507069c9 3460 .suite = {
21c8e720 3461 .hash = __VECS(ghash_tv_template)
507069c9 3462 }
da7f033d
HX		 3463 }, {
3464 .alg = "hmac(md5)",
3465 .test = alg_test_hash,
3466 .suite = {
21c8e720 3467 .hash = __VECS(hmac_md5_tv_template)
da7f033d
HX		 3468 }
3469 }, {
3470 .alg = "hmac(rmd128)",
3471 .test = alg_test_hash,
3472 .suite = {
21c8e720 3473 .hash = __VECS(hmac_rmd128_tv_template)
da7f033d
HX		 3474 }
3475 }, {
3476 .alg = "hmac(rmd160)",
3477 .test = alg_test_hash,
3478 .suite = {
21c8e720 3479 .hash = __VECS(hmac_rmd160_tv_template)
da7f033d
HX		 3480 }
3481 }, {
3482 .alg = "hmac(sha1)",
3483 .test = alg_test_hash,
a1915d51 3484 .fips_allowed = 1,
da7f033d 3485 .suite = {
21c8e720 3486 .hash = __VECS(hmac_sha1_tv_template)
da7f033d
HX		 3487 }
3488 }, {
3489 .alg = "hmac(sha224)",
3490 .test = alg_test_hash,
a1915d51 3491 .fips_allowed = 1,
da7f033d 3492 .suite = {
21c8e720 3493 .hash = __VECS(hmac_sha224_tv_template)
da7f033d
HX		 3494 }
3495 }, {
3496 .alg = "hmac(sha256)",
3497 .test = alg_test_hash,
a1915d51 3498 .fips_allowed = 1,
da7f033d 3499 .suite = {
21c8e720 3500 .hash = __VECS(hmac_sha256_tv_template)
da7f033d 3501 }
98eca72f 3502 }, {
3503 .alg = "hmac(sha3-224)",
3504 .test = alg_test_hash,
3505 .fips_allowed = 1,
3506 .suite = {
21c8e720 3507 .hash = __VECS(hmac_sha3_224_tv_template)
98eca72f 3508 }
3509 }, {
3510 .alg = "hmac(sha3-256)",
3511 .test = alg_test_hash,
3512 .fips_allowed = 1,
3513 .suite = {
21c8e720 3514 .hash = __VECS(hmac_sha3_256_tv_template)
98eca72f 3515 }
3516 }, {
3517 .alg = "hmac(sha3-384)",
3518 .test = alg_test_hash,
3519 .fips_allowed = 1,
3520 .suite = {
21c8e720 3521 .hash = __VECS(hmac_sha3_384_tv_template)
98eca72f 3522 }
3523 }, {
3524 .alg = "hmac(sha3-512)",
3525 .test = alg_test_hash,
3526 .fips_allowed = 1,
3527 .suite = {
21c8e720 3528 .hash = __VECS(hmac_sha3_512_tv_template)
98eca72f 3529 }
da7f033d
HX		 3530 }, {
3531 .alg = "hmac(sha384)",
3532 .test = alg_test_hash,
a1915d51 3533 .fips_allowed = 1,
da7f033d 3534 .suite = {
21c8e720 3535 .hash = __VECS(hmac_sha384_tv_template)
da7f033d
HX		 3536 }
3537 }, {
3538 .alg = "hmac(sha512)",
3539 .test = alg_test_hash,
a1915d51 3540 .fips_allowed = 1,
da7f033d 3541 .suite = {
21c8e720 3542 .hash = __VECS(hmac_sha512_tv_template)
da7f033d 3543 }
25a0b9d4
VC		 3544 }, {
3545 .alg = "hmac(streebog256)",
3546 .test = alg_test_hash,
3547 .suite = {
3548 .hash = __VECS(hmac_streebog256_tv_template)
3549 }
3550 }, {
3551 .alg = "hmac(streebog512)",
3552 .test = alg_test_hash,
3553 .suite = {
3554 .hash = __VECS(hmac_streebog512_tv_template)
3555 }
bb5530e4
SM		 3556 }, {
3557 .alg = "jitterentropy_rng",
3558 .fips_allowed = 1,
3559 .test = alg_test_null,
35351988
SM		 3560 }, {
3561 .alg = "kw(aes)",
3562 .test = alg_test_skcipher,
3563 .fips_allowed = 1,
3564 .suite = {
92a4c9fe 3565 .cipher = __VECS(aes_kw_tv_template)
35351988 3566 }
da7f033d
HX		 3567 }, {
3568 .alg = "lrw(aes)",
1aa4ecd9 3569 .test = alg_test_skcipher,
da7f033d 3570 .suite = {
92a4c9fe 3571 .cipher = __VECS(aes_lrw_tv_template)
da7f033d 3572 }
0840605e
JK		 3573 }, {
3574 .alg = "lrw(camellia)",
3575 .test = alg_test_skcipher,
3576 .suite = {
92a4c9fe 3577 .cipher = __VECS(camellia_lrw_tv_template)
0840605e 3578 }
9b8b0405
JG		 3579 }, {
3580 .alg = "lrw(cast6)",
3581 .test = alg_test_skcipher,
3582 .suite = {
92a4c9fe 3583 .cipher = __VECS(cast6_lrw_tv_template)
9b8b0405 3584 }
d7bfc0fa
JK		 3585 }, {
3586 .alg = "lrw(serpent)",
3587 .test = alg_test_skcipher,
3588 .suite = {
92a4c9fe 3589 .cipher = __VECS(serpent_lrw_tv_template)
d7bfc0fa 3590 }
0b2a1551
JK		 3591 }, {
3592 .alg = "lrw(twofish)",
3593 .test = alg_test_skcipher,
3594 .suite = {
92a4c9fe 3595 .cipher = __VECS(tf_lrw_tv_template)
0b2a1551 3596 }
1443cc9b
KK		 3597 }, {
3598 .alg = "lz4",
3599 .test = alg_test_comp,
3600 .fips_allowed = 1,
3601 .suite = {
3602 .comp = {
21c8e720
AB		 3603 .comp = __VECS(lz4_comp_tv_template),
3604 .decomp = __VECS(lz4_decomp_tv_template)
1443cc9b
KK		 3605 }
3606 }
3607 }, {
3608 .alg = "lz4hc",
3609 .test = alg_test_comp,
3610 .fips_allowed = 1,
3611 .suite = {
3612 .comp = {
21c8e720
AB		 3613 .comp = __VECS(lz4hc_comp_tv_template),
3614 .decomp = __VECS(lz4hc_decomp_tv_template)
1443cc9b
KK		 3615 }
3616 }
da7f033d
HX		 3617 }, {
3618 .alg = "lzo",
3619 .test = alg_test_comp,
0818904d 3620 .fips_allowed = 1,
da7f033d
HX		 3621 .suite = {
3622 .comp = {
21c8e720
AB		 3623 .comp = __VECS(lzo_comp_tv_template),
3624 .decomp = __VECS(lzo_decomp_tv_template)
da7f033d
HX		 3625 }
3626 }
3627 }, {
3628 .alg = "md4",
3629 .test = alg_test_hash,
3630 .suite = {
21c8e720 3631 .hash = __VECS(md4_tv_template)
da7f033d
HX		 3632 }
3633 }, {
3634 .alg = "md5",
3635 .test = alg_test_hash,
3636 .suite = {
21c8e720 3637 .hash = __VECS(md5_tv_template)
da7f033d
HX		 3638 }
3639 }, {
3640 .alg = "michael_mic",
3641 .test = alg_test_hash,
3642 .suite = {
21c8e720 3643 .hash = __VECS(michael_mic_tv_template)
da7f033d 3644 }
4feb4c59
OM		 3645 }, {
3646 .alg = "morus1280",
3647 .test = alg_test_aead,
3648 .suite = {
a0d608ee 3649 .aead = __VECS(morus1280_tv_template)
4feb4c59
OM		 3650 }
3651 }, {
3652 .alg = "morus640",
3653 .test = alg_test_aead,
3654 .suite = {
a0d608ee 3655 .aead = __VECS(morus640_tv_template)
4feb4c59 3656 }
26609a21
EB		 3657 }, {
3658 .alg = "nhpoly1305",
3659 .test = alg_test_hash,
3660 .suite = {
3661 .hash = __VECS(nhpoly1305_tv_template)
3662 }
ba0e14ac
PS		 3663 }, {
3664 .alg = "ofb(aes)",
3665 .test = alg_test_skcipher,
3666 .fips_allowed = 1,
3667 .suite = {
92a4c9fe 3668 .cipher = __VECS(aes_ofb_tv_template)
ba0e14ac 3669 }
a794d8d8
GBY		 3670 }, {
3671 /* Same as ofb(aes) except the key is stored in
3672 * hardware secure memory which we reference by index
3673 */
3674 .alg = "ofb(paes)",
3675 .test = alg_test_null,
3676 .fips_allowed = 1,
da7f033d
HX		 3677 }, {
3678 .alg = "pcbc(fcrypt)",
1aa4ecd9 3679 .test = alg_test_skcipher,
da7f033d 3680 .suite = {
92a4c9fe 3681 .cipher = __VECS(fcrypt_pcbc_tv_template)
da7f033d 3682 }
1207107c
SM		 3683 }, {
3684 .alg = "pkcs1pad(rsa,sha224)",
3685 .test = alg_test_null,
3686 .fips_allowed = 1,
3687 }, {
3688 .alg = "pkcs1pad(rsa,sha256)",
3689 .test = alg_test_akcipher,
3690 .fips_allowed = 1,
3691 .suite = {
3692 .akcipher = __VECS(pkcs1pad_rsa_tv_template)
3693 }
3694 }, {
3695 .alg = "pkcs1pad(rsa,sha384)",
3696 .test = alg_test_null,
3697 .fips_allowed = 1,
3698 }, {
3699 .alg = "pkcs1pad(rsa,sha512)",
3700 .test = alg_test_null,
3701 .fips_allowed = 1,
eee9dc61
MW		 3702 }, {
3703 .alg = "poly1305",
3704 .test = alg_test_hash,
3705 .suite = {
21c8e720 3706 .hash = __VECS(poly1305_tv_template)
eee9dc61 3707 }
da7f033d
HX		 3708 }, {
3709 .alg = "rfc3686(ctr(aes))",
1aa4ecd9 3710 .test = alg_test_skcipher,
a1915d51 3711 .fips_allowed = 1,
da7f033d 3712 .suite = {
92a4c9fe 3713 .cipher = __VECS(aes_ctr_rfc3686_tv_template)
da7f033d 3714 }
5d667322 3715 }, {
3f31a740 3716 .alg = "rfc4106(gcm(aes))",
69435b94 3717 .test = alg_test_aead,
db71f29a 3718 .fips_allowed = 1,
69435b94 3719 .suite = {
a0d608ee 3720 .aead = __VECS(aes_gcm_rfc4106_tv_template)
69435b94
AH		 3721 }
3722 }, {
544c436a 3723 .alg = "rfc4309(ccm(aes))",
5d667322 3724 .test = alg_test_aead,
a1915d51 3725 .fips_allowed = 1,
5d667322 3726 .suite = {
a0d608ee 3727 .aead = __VECS(aes_ccm_rfc4309_tv_template)
5d667322 3728 }
e9b7441a 3729 }, {
bb68745e 3730 .alg = "rfc4543(gcm(aes))",
e9b7441a
JK		 3731 .test = alg_test_aead,
3732 .suite = {
a0d608ee 3733 .aead = __VECS(aes_gcm_rfc4543_tv_template)
e9b7441a 3734 }
af2b76b5
MW		 3735 }, {
3736 .alg = "rfc7539(chacha20,poly1305)",
3737 .test = alg_test_aead,
3738 .suite = {
a0d608ee 3739 .aead = __VECS(rfc7539_tv_template)
af2b76b5 3740 }
5900758d
MW		 3741 }, {
3742 .alg = "rfc7539esp(chacha20,poly1305)",
3743 .test = alg_test_aead,
3744 .suite = {
a0d608ee 3745 .aead = __VECS(rfc7539esp_tv_template)
5900758d 3746 }
da7f033d
HX		 3747 }, {
3748 .alg = "rmd128",
3749 .test = alg_test_hash,
3750 .suite = {
21c8e720 3751 .hash = __VECS(rmd128_tv_template)
da7f033d
HX		 3752 }
3753 }, {
3754 .alg = "rmd160",
3755 .test = alg_test_hash,
3756 .suite = {
21c8e720 3757 .hash = __VECS(rmd160_tv_template)
da7f033d
HX		 3758 }
3759 }, {
3760 .alg = "rmd256",
3761 .test = alg_test_hash,
3762 .suite = {
21c8e720 3763 .hash = __VECS(rmd256_tv_template)
da7f033d
HX		 3764 }
3765 }, {
3766 .alg = "rmd320",
3767 .test = alg_test_hash,
3768 .suite = {
21c8e720 3769 .hash = __VECS(rmd320_tv_template)
da7f033d 3770 }
946cc463
TS		 3771 }, {
3772 .alg = "rsa",
3773 .test = alg_test_akcipher,
3774 .fips_allowed = 1,
3775 .suite = {
21c8e720 3776 .akcipher = __VECS(rsa_tv_template)
946cc463 3777 }
da7f033d
HX		 3778 }, {
3779 .alg = "salsa20",
1aa4ecd9 3780 .test = alg_test_skcipher,
da7f033d 3781 .suite = {
92a4c9fe 3782 .cipher = __VECS(salsa20_stream_tv_template)
da7f033d
HX		 3783 }
3784 }, {
3785 .alg = "sha1",
3786 .test = alg_test_hash,
a1915d51 3787 .fips_allowed = 1,
da7f033d 3788 .suite = {
21c8e720 3789 .hash = __VECS(sha1_tv_template)
da7f033d
HX		 3790 }
3791 }, {
3792 .alg = "sha224",
3793 .test = alg_test_hash,
a1915d51 3794 .fips_allowed = 1,
da7f033d 3795 .suite = {
21c8e720 3796 .hash = __VECS(sha224_tv_template)
da7f033d
HX		 3797 }
3798 }, {
3799 .alg = "sha256",
3800 .test = alg_test_hash,
a1915d51 3801 .fips_allowed = 1,
da7f033d 3802 .suite = {
21c8e720 3803 .hash = __VECS(sha256_tv_template)
da7f033d 3804 }
79cc6ab8 3805 }, {
3806 .alg = "sha3-224",
3807 .test = alg_test_hash,
3808 .fips_allowed = 1,
3809 .suite = {
21c8e720 3810 .hash = __VECS(sha3_224_tv_template)
79cc6ab8 3811 }
3812 }, {
3813 .alg = "sha3-256",
3814 .test = alg_test_hash,
3815 .fips_allowed = 1,
3816 .suite = {
21c8e720 3817 .hash = __VECS(sha3_256_tv_template)
79cc6ab8 3818 }
3819 }, {
3820 .alg = "sha3-384",
3821 .test = alg_test_hash,
3822 .fips_allowed = 1,
3823 .suite = {
21c8e720 3824 .hash = __VECS(sha3_384_tv_template)
79cc6ab8 3825 }
3826 }, {
3827 .alg = "sha3-512",
3828 .test = alg_test_hash,
3829 .fips_allowed = 1,
3830 .suite = {
21c8e720 3831 .hash = __VECS(sha3_512_tv_template)
79cc6ab8 3832 }
da7f033d
HX		 3833 }, {
3834 .alg = "sha384",
3835 .test = alg_test_hash,
a1915d51 3836 .fips_allowed = 1,
da7f033d 3837 .suite = {
21c8e720 3838 .hash = __VECS(sha384_tv_template)
da7f033d
HX		 3839 }
3840 }, {
3841 .alg = "sha512",
3842 .test = alg_test_hash,
a1915d51 3843 .fips_allowed = 1,
da7f033d 3844 .suite = {
21c8e720 3845 .hash = __VECS(sha512_tv_template)
da7f033d 3846 }
b7e27530
GBY		 3847 }, {
3848 .alg = "sm3",
3849 .test = alg_test_hash,
3850 .suite = {
3851 .hash = __VECS(sm3_tv_template)
3852 }
25a0b9d4
VC		 3853 }, {
3854 .alg = "streebog256",
3855 .test = alg_test_hash,
3856 .suite = {
3857 .hash = __VECS(streebog256_tv_template)
3858 }
3859 }, {
3860 .alg = "streebog512",
3861 .test = alg_test_hash,
3862 .suite = {
3863 .hash = __VECS(streebog512_tv_template)
3864 }
da7f033d
HX		 3865 }, {
3866 .alg = "tgr128",
3867 .test = alg_test_hash,
3868 .suite = {
21c8e720 3869 .hash = __VECS(tgr128_tv_template)
da7f033d
HX		 3870 }
3871 }, {
3872 .alg = "tgr160",
3873 .test = alg_test_hash,
3874 .suite = {
21c8e720 3875 .hash = __VECS(tgr160_tv_template)
da7f033d
HX		 3876 }
3877 }, {
3878 .alg = "tgr192",
3879 .test = alg_test_hash,
3880 .suite = {
21c8e720 3881 .hash = __VECS(tgr192_tv_template)
da7f033d 3882 }
ed331ada
EB		 3883 }, {
3884 .alg = "vmac64(aes)",
3885 .test = alg_test_hash,
3886 .suite = {
3887 .hash = __VECS(vmac64_aes_tv_template)
3888 }
da7f033d
HX		 3889 }, {
3890 .alg = "wp256",
3891 .test = alg_test_hash,
3892 .suite = {
21c8e720 3893 .hash = __VECS(wp256_tv_template)
da7f033d
HX		 3894 }
3895 }, {
3896 .alg = "wp384",
3897 .test = alg_test_hash,
3898 .suite = {
21c8e720 3899 .hash = __VECS(wp384_tv_template)
da7f033d
HX		 3900 }
3901 }, {
3902 .alg = "wp512",
3903 .test = alg_test_hash,
3904 .suite = {
21c8e720 3905 .hash = __VECS(wp512_tv_template)
da7f033d
HX		 3906 }
3907 }, {
3908 .alg = "xcbc(aes)",
3909 .test = alg_test_hash,
3910 .suite = {
21c8e720 3911 .hash = __VECS(aes_xcbc128_tv_template)
da7f033d 3912 }
aa762409
EB		 3913 }, {
3914 .alg = "xchacha12",
3915 .test = alg_test_skcipher,
3916 .suite = {
3917 .cipher = __VECS(xchacha12_tv_template)
3918 },
de61d7ae
EB		 3919 }, {
3920 .alg = "xchacha20",
3921 .test = alg_test_skcipher,
3922 .suite = {
3923 .cipher = __VECS(xchacha20_tv_template)
3924 },
da7f033d
HX		 3925 }, {
3926 .alg = "xts(aes)",
1aa4ecd9 3927 .test = alg_test_skcipher,
2918aa8d 3928 .fips_allowed = 1,
da7f033d 3929 .suite = {
92a4c9fe 3930 .cipher = __VECS(aes_xts_tv_template)
da7f033d 3931 }
0840605e
JK		 3932 }, {
3933 .alg = "xts(camellia)",
3934 .test = alg_test_skcipher,
3935 .suite = {
92a4c9fe 3936 .cipher = __VECS(camellia_xts_tv_template)
0840605e 3937 }
9b8b0405
JG		 3938 }, {
3939 .alg = "xts(cast6)",
3940 .test = alg_test_skcipher,
3941 .suite = {
92a4c9fe 3942 .cipher = __VECS(cast6_xts_tv_template)
9b8b0405 3943 }
15f47ce5
GBY		 3944 }, {
3945 /* Same as xts(aes) except the key is stored in
3946 * hardware secure memory which we reference by index
3947 */
3948 .alg = "xts(paes)",
3949 .test = alg_test_null,
3950 .fips_allowed = 1,
18be20b9
JK		 3951 }, {
3952 .alg = "xts(serpent)",
3953 .test = alg_test_skcipher,
3954 .suite = {
92a4c9fe 3955 .cipher = __VECS(serpent_xts_tv_template)
18be20b9 3956 }
aed265b9
JK		 3957 }, {
3958 .alg = "xts(twofish)",
3959 .test = alg_test_skcipher,
3960 .suite = {
92a4c9fe 3961 .cipher = __VECS(tf_xts_tv_template)
aed265b9 3962 }
15f47ce5
GBY		 3963 }, {
3964 .alg = "xts4096(paes)",
3965 .test = alg_test_null,
3966 .fips_allowed = 1,
3967 }, {
3968 .alg = "xts512(paes)",
3969 .test = alg_test_null,
3970 .fips_allowed = 1,
a368f43d
GC		 3971 }, {
3972 .alg = "zlib-deflate",
3973 .test = alg_test_comp,
3974 .fips_allowed = 1,
3975 .suite = {
3976 .comp = {
3977 .comp = __VECS(zlib_deflate_comp_tv_template),
3978 .decomp = __VECS(zlib_deflate_decomp_tv_template)
3979 }
3980 }
d28fc3db
NT		 3981 }, {
3982 .alg = "zstd",
3983 .test = alg_test_comp,
3984 .fips_allowed = 1,
3985 .suite = {
3986 .comp = {
3987 .comp = __VECS(zstd_comp_tv_template),
3988 .decomp = __VECS(zstd_decomp_tv_template)
3989 }
3990 }
da7f033d
HX		 3991 }
3992};
3993
3f47a03d 3994static void alg_check_test_descs_order(void)
5714758b
JK		 3995{
3996 int i;
3997
5714758b
JK		 3998 for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) {
3999 int diff = strcmp(alg_test_descs[i - 1].alg,
4000 alg_test_descs[i].alg);
4001
4002 if (WARN_ON(diff > 0)) {
4003 pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n",
4004 alg_test_descs[i - 1].alg,
4005 alg_test_descs[i].alg);
4006 }
4007
4008 if (WARN_ON(diff == 0)) {
4009 pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n",
4010 alg_test_descs[i].alg);
4011 }
4012 }
4013}
4014
3f47a03d
EB		 4015static void alg_check_testvec_configs(void)
4016{
4e7babba
EB		 4017 int i;
4018
4019 for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++)
4020 WARN_ON(!valid_testvec_config(
4021 &default_cipher_testvec_configs[i]));
4cc2dcf9
EB		 4022
4023 for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++)
4024 WARN_ON(!valid_testvec_config(
4025 &default_hash_testvec_configs[i]));
3f47a03d
EB		 4026}
4027
4028static void testmgr_onetime_init(void)
4029{
4030 alg_check_test_descs_order();
4031 alg_check_testvec_configs();
5b2706a4
EB		 4032
4033#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
4034 pr_warn("alg: extra crypto tests enabled. This is intended for developer use only.\n");
4035#endif
3f47a03d
EB		 4036}
4037
1aa4ecd9 4038static int alg_find_test(const char *alg)
da7f033d
HX		 4039{
4040 int start = 0;
4041 int end = ARRAY_SIZE(alg_test_descs);
4042
4043 while (start < end) {
4044 int i = (start + end) / 2;
4045 int diff = strcmp(alg_test_descs[i].alg, alg);
4046
4047 if (diff > 0) {
4048 end = i;
4049 continue;
4050 }
4051
4052 if (diff < 0) {
4053 start = i + 1;
4054 continue;
4055 }
4056
1aa4ecd9
HX		 4057 return i;
4058 }
4059
4060 return -1;
4061}
4062
4063int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
4064{
4065 int i;
a68f6610 4066 int j;
d12d6b6d 4067 int rc;
1aa4ecd9 4068
9e5c9fe4
RJ		 4069 if (!fips_enabled && notests) {
4070 printk_once(KERN_INFO "alg: self-tests disabled\n");
4071 return 0;
4072 }
4073
3f47a03d 4074 DO_ONCE(testmgr_onetime_init);
5714758b 4075
1aa4ecd9
HX		 4076 if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
4077 char nalg[CRYPTO_MAX_ALG_NAME];
4078
4079 if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >=
4080 sizeof(nalg))
4081 return -ENAMETOOLONG;
4082
4083 i = alg_find_test(nalg);
4084 if (i < 0)
4085 goto notest;
4086
a3bef3a3
JW		 4087 if (fips_enabled && !alg_test_descs[i].fips_allowed)
4088 goto non_fips_alg;
4089
941fb328
JW		 4090 rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
4091 goto test_done;
da7f033d
HX		 4092 }
4093
1aa4ecd9 4094 i = alg_find_test(alg);
a68f6610
HX		 4095 j = alg_find_test(driver);
4096 if (i < 0 && j < 0)
1aa4ecd9
HX		 4097 goto notest;
4098
a68f6610
HX		 4099 if (fips_enabled && ((i >= 0 && !alg_test_descs[i].fips_allowed) ||
4100 (j >= 0 && !alg_test_descs[j].fips_allowed)))
a3bef3a3
JW		 4101 goto non_fips_alg;
4102
a68f6610
HX		 4103 rc = 0;
4104 if (i >= 0)
4105 rc |= alg_test_descs[i].test(alg_test_descs + i, driver,
4106 type, mask);
032c8cac 4107 if (j >= 0 && j != i)
a68f6610
HX		 4108 rc |= alg_test_descs[j].test(alg_test_descs + j, driver,
4109 type, mask);
4110
941fb328 4111test_done:
d12d6b6d
NH		 4112 if (fips_enabled && rc)
4113 panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
4114
29ecd4ab 4115 if (fips_enabled && !rc)
3e8cffd4 4116 pr_info("alg: self-tests for %s (%s) passed\n", driver, alg);
29ecd4ab 4117
d12d6b6d 4118 return rc;
1aa4ecd9
HX		 4119
4120notest:
da7f033d
HX		 4121 printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
4122 return 0;
a3bef3a3
JW		 4123non_fips_alg:
4124 return -EINVAL;
da7f033d 4125}
0b767f96 4126
326a6346 4127#endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */
0b767f96 4128
da7f033d 4129EXPORT_SYMBOL_GPL(alg_test);
Ubuntu Focal Linux kernel mirror