2 * Algorithm testing framework and tests.
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
6 * Copyright (c) 2007 Nokia Siemens Networks
7 * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
9 * Updated RFC4106 AES-GCM testing.
10 * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com)
11 * Adrian Hoban <adrian.hoban@intel.com>
12 * Gabriele Paoloni <gabriele.paoloni@intel.com>
13 * Tadeusz Struk (tadeusz.struk@intel.com)
14 * Copyright (c) 2010, Intel Corporation.
16 * This program is free software; you can redistribute it and/or modify it
17 * under the terms of the GNU General Public License as published by the Free
18 * Software Foundation; either version 2 of the License, or (at your option)
23 #include <crypto/aead.h>
24 #include <crypto/hash.h>
25 #include <crypto/skcipher.h>
26 #include <linux/err.h>
27 #include <linux/fips.h>
28 #include <linux/module.h>
29 #include <linux/scatterlist.h>
30 #include <linux/slab.h>
31 #include <linux/string.h>
32 #include <crypto/rng.h>
33 #include <crypto/drbg.h>
34 #include <crypto/akcipher.h>
35 #include <crypto/kpp.h>
36 #include <crypto/acompress.h>
41 module_param(notests
, bool, 0644);
42 MODULE_PARM_DESC(notests
, "disable crypto self-tests");
44 #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
47 int alg_test(const char *driver
, const char *alg
, u32 type
, u32 mask
)
57 * Need slab memory for testing (size in number of pages).
62 * Indexes into the xbuf to simulate cross-page access.
74 * Used by test_cipher()
79 struct aead_test_suite
{
81 const struct aead_testvec
*vecs
;
86 struct cipher_test_suite
{
87 const struct cipher_testvec
*vecs
;
91 struct comp_test_suite
{
93 const struct comp_testvec
*vecs
;
98 struct hash_test_suite
{
99 const struct hash_testvec
*vecs
;
103 struct cprng_test_suite
{
104 const struct cprng_testvec
*vecs
;
108 struct drbg_test_suite
{
109 const struct drbg_testvec
*vecs
;
113 struct akcipher_test_suite
{
114 const struct akcipher_testvec
*vecs
;
118 struct kpp_test_suite
{
119 const struct kpp_testvec
*vecs
;
123 struct alg_test_desc
{
125 int (*test
)(const struct alg_test_desc
*desc
, const char *driver
,
127 int fips_allowed
; /* set if alg is allowed in fips mode */
130 struct aead_test_suite aead
;
131 struct cipher_test_suite cipher
;
132 struct comp_test_suite comp
;
133 struct hash_test_suite hash
;
134 struct cprng_test_suite cprng
;
135 struct drbg_test_suite drbg
;
136 struct akcipher_test_suite akcipher
;
137 struct kpp_test_suite kpp
;
141 static const unsigned int IDX
[8] = {
142 IDX1
, IDX2
, IDX3
, IDX4
, IDX5
, IDX6
, IDX7
, IDX8
};
144 static void hexdump(unsigned char *buf
, unsigned int len
)
146 print_hex_dump(KERN_CONT
, "", DUMP_PREFIX_OFFSET
,
151 static int testmgr_alloc_buf(char *buf
[XBUFSIZE
])
155 for (i
= 0; i
< XBUFSIZE
; i
++) {
156 buf
[i
] = (void *)__get_free_page(GFP_KERNEL
);
165 free_page((unsigned long)buf
[i
]);
170 static void testmgr_free_buf(char *buf
[XBUFSIZE
])
174 for (i
= 0; i
< XBUFSIZE
; i
++)
175 free_page((unsigned long)buf
[i
]);
178 static int ahash_guard_result(char *result
, char c
, int size
)
182 for (i
= 0; i
< size
; i
++) {
190 static int ahash_partial_update(struct ahash_request
**preq
,
191 struct crypto_ahash
*tfm
, const struct hash_testvec
*template,
192 void *hash_buff
, int k
, int temp
, struct scatterlist
*sg
,
193 const char *algo
, char *result
, struct crypto_wait
*wait
)
196 struct ahash_request
*req
;
197 int statesize
, ret
= -EINVAL
;
198 static const unsigned char guard
[] = { 0x00, 0xba, 0xad, 0x00 };
199 int digestsize
= crypto_ahash_digestsize(tfm
);
202 statesize
= crypto_ahash_statesize(
203 crypto_ahash_reqtfm(req
));
204 state
= kmalloc(statesize
+ sizeof(guard
), GFP_KERNEL
);
206 pr_err("alg: hash: Failed to alloc state for %s\n", algo
);
209 memcpy(state
+ statesize
, guard
, sizeof(guard
));
210 memset(result
, 1, digestsize
);
211 ret
= crypto_ahash_export(req
, state
);
212 WARN_ON(memcmp(state
+ statesize
, guard
, sizeof(guard
)));
214 pr_err("alg: hash: Failed to export() for %s\n", algo
);
217 ret
= ahash_guard_result(result
, 1, digestsize
);
219 pr_err("alg: hash: Failed, export used req->result for %s\n",
223 ahash_request_free(req
);
224 req
= ahash_request_alloc(tfm
, GFP_KERNEL
);
226 pr_err("alg: hash: Failed to alloc request for %s\n", algo
);
229 ahash_request_set_callback(req
,
230 CRYPTO_TFM_REQ_MAY_BACKLOG
,
231 crypto_req_done
, wait
);
233 memcpy(hash_buff
, template->plaintext
+ temp
,
235 sg_init_one(&sg
[0], hash_buff
, template->tap
[k
]);
236 ahash_request_set_crypt(req
, sg
, result
, template->tap
[k
]);
237 ret
= crypto_ahash_import(req
, state
);
239 pr_err("alg: hash: Failed to import() for %s\n", algo
);
242 ret
= ahash_guard_result(result
, 1, digestsize
);
244 pr_err("alg: hash: Failed, import used req->result for %s\n",
248 ret
= crypto_wait_req(crypto_ahash_update(req
), wait
);
255 ahash_request_free(req
);
262 static int __test_hash(struct crypto_ahash
*tfm
,
263 const struct hash_testvec
*template, unsigned int tcount
,
264 bool use_digest
, const int align_offset
)
266 const char *algo
= crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm
));
267 size_t digest_size
= crypto_ahash_digestsize(tfm
);
268 unsigned int i
, j
, k
, temp
;
269 struct scatterlist sg
[8];
272 struct ahash_request
*req
;
273 struct crypto_wait wait
;
275 char *xbuf
[XBUFSIZE
];
278 result
= kmalloc(digest_size
, GFP_KERNEL
);
281 key
= kmalloc(MAX_KEYLEN
, GFP_KERNEL
);
284 if (testmgr_alloc_buf(xbuf
))
287 crypto_init_wait(&wait
);
289 req
= ahash_request_alloc(tfm
, GFP_KERNEL
);
291 printk(KERN_ERR
"alg: hash: Failed to allocate request for "
295 ahash_request_set_callback(req
, CRYPTO_TFM_REQ_MAY_BACKLOG
,
296 crypto_req_done
, &wait
);
299 for (i
= 0; i
< tcount
; i
++) {
304 if (WARN_ON(align_offset
+ template[i
].psize
> PAGE_SIZE
))
308 memset(result
, 0, digest_size
);
311 hash_buff
+= align_offset
;
313 memcpy(hash_buff
, template[i
].plaintext
, template[i
].psize
);
314 sg_init_one(&sg
[0], hash_buff
, template[i
].psize
);
316 if (template[i
].ksize
) {
317 crypto_ahash_clear_flags(tfm
, ~0);
318 if (template[i
].ksize
> MAX_KEYLEN
) {
319 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
320 j
, algo
, template[i
].ksize
, MAX_KEYLEN
);
324 memcpy(key
, template[i
].key
, template[i
].ksize
);
325 ret
= crypto_ahash_setkey(tfm
, key
, template[i
].ksize
);
327 printk(KERN_ERR
"alg: hash: setkey failed on "
328 "test %d for %s: ret=%d\n", j
, algo
,
334 ahash_request_set_crypt(req
, sg
, result
, template[i
].psize
);
336 ret
= crypto_wait_req(crypto_ahash_digest(req
), &wait
);
338 pr_err("alg: hash: digest failed on test %d "
339 "for %s: ret=%d\n", j
, algo
, -ret
);
343 memset(result
, 1, digest_size
);
344 ret
= crypto_wait_req(crypto_ahash_init(req
), &wait
);
346 pr_err("alg: hash: init failed on test %d "
347 "for %s: ret=%d\n", j
, algo
, -ret
);
350 ret
= ahash_guard_result(result
, 1, digest_size
);
352 pr_err("alg: hash: init failed on test %d "
353 "for %s: used req->result\n", j
, algo
);
356 ret
= crypto_wait_req(crypto_ahash_update(req
), &wait
);
358 pr_err("alg: hash: update failed on test %d "
359 "for %s: ret=%d\n", j
, algo
, -ret
);
362 ret
= ahash_guard_result(result
, 1, digest_size
);
364 pr_err("alg: hash: update failed on test %d "
365 "for %s: used req->result\n", j
, algo
);
368 ret
= crypto_wait_req(crypto_ahash_final(req
), &wait
);
370 pr_err("alg: hash: final failed on test %d "
371 "for %s: ret=%d\n", j
, algo
, -ret
);
376 if (memcmp(result
, template[i
].digest
,
377 crypto_ahash_digestsize(tfm
))) {
378 printk(KERN_ERR
"alg: hash: Test %d failed for %s\n",
380 hexdump(result
, crypto_ahash_digestsize(tfm
));
387 for (i
= 0; i
< tcount
; i
++) {
388 /* alignment tests are only done with continuous buffers */
389 if (align_offset
!= 0)
396 memset(result
, 0, digest_size
);
399 sg_init_table(sg
, template[i
].np
);
401 for (k
= 0; k
< template[i
].np
; k
++) {
402 if (WARN_ON(offset_in_page(IDX
[k
]) +
403 template[i
].tap
[k
] > PAGE_SIZE
))
406 memcpy(xbuf
[IDX
[k
] >> PAGE_SHIFT
] +
407 offset_in_page(IDX
[k
]),
408 template[i
].plaintext
+ temp
,
411 temp
+= template[i
].tap
[k
];
414 if (template[i
].ksize
) {
415 if (template[i
].ksize
> MAX_KEYLEN
) {
416 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
417 j
, algo
, template[i
].ksize
, MAX_KEYLEN
);
421 crypto_ahash_clear_flags(tfm
, ~0);
422 memcpy(key
, template[i
].key
, template[i
].ksize
);
423 ret
= crypto_ahash_setkey(tfm
, key
, template[i
].ksize
);
426 printk(KERN_ERR
"alg: hash: setkey "
427 "failed on chunking test %d "
428 "for %s: ret=%d\n", j
, algo
, -ret
);
433 ahash_request_set_crypt(req
, sg
, result
, template[i
].psize
);
434 ret
= crypto_wait_req(crypto_ahash_digest(req
), &wait
);
436 pr_err("alg: hash: digest failed on chunking test %d for %s: ret=%d\n",
441 if (memcmp(result
, template[i
].digest
,
442 crypto_ahash_digestsize(tfm
))) {
443 printk(KERN_ERR
"alg: hash: Chunking test %d "
444 "failed for %s\n", j
, algo
);
445 hexdump(result
, crypto_ahash_digestsize(tfm
));
451 /* partial update exercise */
453 for (i
= 0; i
< tcount
; i
++) {
454 /* alignment tests are only done with continuous buffers */
455 if (align_offset
!= 0)
458 if (template[i
].np
< 2)
462 memset(result
, 0, digest_size
);
466 memcpy(hash_buff
, template[i
].plaintext
,
468 sg_init_one(&sg
[0], hash_buff
, template[i
].tap
[0]);
470 if (template[i
].ksize
) {
471 crypto_ahash_clear_flags(tfm
, ~0);
472 if (template[i
].ksize
> MAX_KEYLEN
) {
473 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
474 j
, algo
, template[i
].ksize
, MAX_KEYLEN
);
478 memcpy(key
, template[i
].key
, template[i
].ksize
);
479 ret
= crypto_ahash_setkey(tfm
, key
, template[i
].ksize
);
481 pr_err("alg: hash: setkey failed on test %d for %s: ret=%d\n",
487 ahash_request_set_crypt(req
, sg
, result
, template[i
].tap
[0]);
488 ret
= crypto_wait_req(crypto_ahash_init(req
), &wait
);
490 pr_err("alg: hash: init failed on test %d for %s: ret=%d\n",
494 ret
= crypto_wait_req(crypto_ahash_update(req
), &wait
);
496 pr_err("alg: hash: update failed on test %d for %s: ret=%d\n",
501 temp
= template[i
].tap
[0];
502 for (k
= 1; k
< template[i
].np
; k
++) {
503 ret
= ahash_partial_update(&req
, tfm
, &template[i
],
504 hash_buff
, k
, temp
, &sg
[0], algo
, result
,
507 pr_err("alg: hash: partial update failed on test %d for %s: ret=%d\n",
511 temp
+= template[i
].tap
[k
];
513 ret
= crypto_wait_req(crypto_ahash_final(req
), &wait
);
515 pr_err("alg: hash: final failed on test %d for %s: ret=%d\n",
519 if (memcmp(result
, template[i
].digest
,
520 crypto_ahash_digestsize(tfm
))) {
521 pr_err("alg: hash: Partial Test %d failed for %s\n",
523 hexdump(result
, crypto_ahash_digestsize(tfm
));
532 ahash_request_free(req
);
534 testmgr_free_buf(xbuf
);
541 static int test_hash(struct crypto_ahash
*tfm
,
542 const struct hash_testvec
*template,
543 unsigned int tcount
, bool use_digest
)
545 unsigned int alignmask
;
548 ret
= __test_hash(tfm
, template, tcount
, use_digest
, 0);
552 /* test unaligned buffers, check with one byte offset */
553 ret
= __test_hash(tfm
, template, tcount
, use_digest
, 1);
557 alignmask
= crypto_tfm_alg_alignmask(&tfm
->base
);
559 /* Check if alignment mask for tfm is correctly set. */
560 ret
= __test_hash(tfm
, template, tcount
, use_digest
,
569 static int __test_aead(struct crypto_aead
*tfm
, int enc
,
570 const struct aead_testvec
*template, unsigned int tcount
,
571 const bool diff_dst
, const int align_offset
)
573 const char *algo
= crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm
));
574 unsigned int i
, j
, k
, n
, temp
;
578 struct aead_request
*req
;
579 struct scatterlist
*sg
;
580 struct scatterlist
*sgout
;
582 struct crypto_wait wait
;
583 unsigned int authsize
, iv_len
;
588 char *xbuf
[XBUFSIZE
];
589 char *xoutbuf
[XBUFSIZE
];
590 char *axbuf
[XBUFSIZE
];
592 iv
= kzalloc(MAX_IVLEN
, GFP_KERNEL
);
595 key
= kmalloc(MAX_KEYLEN
, GFP_KERNEL
);
598 if (testmgr_alloc_buf(xbuf
))
600 if (testmgr_alloc_buf(axbuf
))
602 if (diff_dst
&& testmgr_alloc_buf(xoutbuf
))
605 /* avoid "the frame size is larger than 1024 bytes" compiler warning */
606 sg
= kmalloc(sizeof(*sg
) * 8 * (diff_dst
? 4 : 2), GFP_KERNEL
);
621 crypto_init_wait(&wait
);
623 req
= aead_request_alloc(tfm
, GFP_KERNEL
);
625 pr_err("alg: aead%s: Failed to allocate request for %s\n",
630 aead_request_set_callback(req
, CRYPTO_TFM_REQ_MAY_BACKLOG
,
631 crypto_req_done
, &wait
);
633 iv_len
= crypto_aead_ivsize(tfm
);
635 for (i
= 0, j
= 0; i
< tcount
; i
++) {
641 /* some templates have no input data but they will
645 input
+= align_offset
;
649 if (WARN_ON(align_offset
+ template[i
].ilen
>
650 PAGE_SIZE
|| template[i
].alen
> PAGE_SIZE
))
653 memcpy(input
, template[i
].input
, template[i
].ilen
);
654 memcpy(assoc
, template[i
].assoc
, template[i
].alen
);
656 memcpy(iv
, template[i
].iv
, iv_len
);
658 memset(iv
, 0, iv_len
);
660 crypto_aead_clear_flags(tfm
, ~0);
662 crypto_aead_set_flags(tfm
, CRYPTO_TFM_REQ_WEAK_KEY
);
664 if (template[i
].klen
> MAX_KEYLEN
) {
665 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
666 d
, j
, algo
, template[i
].klen
,
671 memcpy(key
, template[i
].key
, template[i
].klen
);
673 ret
= crypto_aead_setkey(tfm
, key
, template[i
].klen
);
674 if (template[i
].fail
== !ret
) {
675 pr_err("alg: aead%s: setkey failed on test %d for %s: flags=%x\n",
676 d
, j
, algo
, crypto_aead_get_flags(tfm
));
681 authsize
= abs(template[i
].rlen
- template[i
].ilen
);
682 ret
= crypto_aead_setauthsize(tfm
, authsize
);
684 pr_err("alg: aead%s: Failed to set authsize to %u on test %d for %s\n",
685 d
, authsize
, j
, algo
);
689 k
= !!template[i
].alen
;
690 sg_init_table(sg
, k
+ 1);
691 sg_set_buf(&sg
[0], assoc
, template[i
].alen
);
692 sg_set_buf(&sg
[k
], input
,
693 template[i
].ilen
+ (enc
? authsize
: 0));
697 sg_init_table(sgout
, k
+ 1);
698 sg_set_buf(&sgout
[0], assoc
, template[i
].alen
);
701 output
+= align_offset
;
702 sg_set_buf(&sgout
[k
], output
,
703 template[i
].rlen
+ (enc
? 0 : authsize
));
706 aead_request_set_crypt(req
, sg
, (diff_dst
) ? sgout
: sg
,
707 template[i
].ilen
, iv
);
709 aead_request_set_ad(req
, template[i
].alen
);
711 ret
= crypto_wait_req(enc
? crypto_aead_encrypt(req
)
712 : crypto_aead_decrypt(req
), &wait
);
716 if (template[i
].novrfy
) {
717 /* verification was supposed to fail */
718 pr_err("alg: aead%s: %s failed on test %d for %s: ret was 0, expected -EBADMSG\n",
720 /* so really, we got a bad message */
726 if (template[i
].novrfy
)
727 /* verification failure was expected */
731 pr_err("alg: aead%s: %s failed on test %d for %s: ret=%d\n",
732 d
, e
, j
, algo
, -ret
);
737 if (memcmp(q
, template[i
].result
, template[i
].rlen
)) {
738 pr_err("alg: aead%s: Test %d failed on %s for %s\n",
740 hexdump(q
, template[i
].rlen
);
746 for (i
= 0, j
= 0; i
< tcount
; i
++) {
747 /* alignment tests are only done with continuous buffers */
748 if (align_offset
!= 0)
757 memcpy(iv
, template[i
].iv
, iv_len
);
759 memset(iv
, 0, MAX_IVLEN
);
761 crypto_aead_clear_flags(tfm
, ~0);
763 crypto_aead_set_flags(tfm
, CRYPTO_TFM_REQ_WEAK_KEY
);
764 if (template[i
].klen
> MAX_KEYLEN
) {
765 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
766 d
, j
, algo
, template[i
].klen
, MAX_KEYLEN
);
770 memcpy(key
, template[i
].key
, template[i
].klen
);
772 ret
= crypto_aead_setkey(tfm
, key
, template[i
].klen
);
773 if (template[i
].fail
== !ret
) {
774 pr_err("alg: aead%s: setkey failed on chunk test %d for %s: flags=%x\n",
775 d
, j
, algo
, crypto_aead_get_flags(tfm
));
780 authsize
= abs(template[i
].rlen
- template[i
].ilen
);
783 sg_init_table(sg
, template[i
].anp
+ template[i
].np
);
785 sg_init_table(sgout
, template[i
].anp
+ template[i
].np
);
788 for (k
= 0, temp
= 0; k
< template[i
].anp
; k
++) {
789 if (WARN_ON(offset_in_page(IDX
[k
]) +
790 template[i
].atap
[k
] > PAGE_SIZE
))
793 memcpy(axbuf
[IDX
[k
] >> PAGE_SHIFT
] +
794 offset_in_page(IDX
[k
]),
795 template[i
].assoc
+ temp
,
796 template[i
].atap
[k
]),
797 template[i
].atap
[k
]);
799 sg_set_buf(&sgout
[k
],
800 axbuf
[IDX
[k
] >> PAGE_SHIFT
] +
801 offset_in_page(IDX
[k
]),
802 template[i
].atap
[k
]);
803 temp
+= template[i
].atap
[k
];
806 for (k
= 0, temp
= 0; k
< template[i
].np
; k
++) {
807 if (WARN_ON(offset_in_page(IDX
[k
]) +
808 template[i
].tap
[k
] > PAGE_SIZE
))
811 q
= xbuf
[IDX
[k
] >> PAGE_SHIFT
] + offset_in_page(IDX
[k
]);
812 memcpy(q
, template[i
].input
+ temp
, template[i
].tap
[k
]);
813 sg_set_buf(&sg
[template[i
].anp
+ k
],
814 q
, template[i
].tap
[k
]);
817 q
= xoutbuf
[IDX
[k
] >> PAGE_SHIFT
] +
818 offset_in_page(IDX
[k
]);
820 memset(q
, 0, template[i
].tap
[k
]);
822 sg_set_buf(&sgout
[template[i
].anp
+ k
],
823 q
, template[i
].tap
[k
]);
826 n
= template[i
].tap
[k
];
827 if (k
== template[i
].np
- 1 && enc
)
829 if (offset_in_page(q
) + n
< PAGE_SIZE
)
832 temp
+= template[i
].tap
[k
];
835 ret
= crypto_aead_setauthsize(tfm
, authsize
);
837 pr_err("alg: aead%s: Failed to set authsize to %u on chunk test %d for %s\n",
838 d
, authsize
, j
, algo
);
843 if (WARN_ON(sg
[template[i
].anp
+ k
- 1].offset
+
844 sg
[template[i
].anp
+ k
- 1].length
+
845 authsize
> PAGE_SIZE
)) {
851 sgout
[template[i
].anp
+ k
- 1].length
+=
853 sg
[template[i
].anp
+ k
- 1].length
+= authsize
;
856 aead_request_set_crypt(req
, sg
, (diff_dst
) ? sgout
: sg
,
860 aead_request_set_ad(req
, template[i
].alen
);
862 ret
= crypto_wait_req(enc
? crypto_aead_encrypt(req
)
863 : crypto_aead_decrypt(req
), &wait
);
867 if (template[i
].novrfy
) {
868 /* verification was supposed to fail */
869 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret was 0, expected -EBADMSG\n",
871 /* so really, we got a bad message */
877 if (template[i
].novrfy
)
878 /* verification failure was expected */
882 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret=%d\n",
883 d
, e
, j
, algo
, -ret
);
888 for (k
= 0, temp
= 0; k
< template[i
].np
; k
++) {
890 q
= xoutbuf
[IDX
[k
] >> PAGE_SHIFT
] +
891 offset_in_page(IDX
[k
]);
893 q
= xbuf
[IDX
[k
] >> PAGE_SHIFT
] +
894 offset_in_page(IDX
[k
]);
896 n
= template[i
].tap
[k
];
897 if (k
== template[i
].np
- 1)
898 n
+= enc
? authsize
: -authsize
;
900 if (memcmp(q
, template[i
].result
+ temp
, n
)) {
901 pr_err("alg: aead%s: Chunk test %d failed on %s at page %u for %s\n",
908 if (k
== template[i
].np
- 1 && !enc
) {
910 memcmp(q
, template[i
].input
+
916 for (n
= 0; offset_in_page(q
+ n
) && q
[n
]; n
++)
920 pr_err("alg: aead%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
921 d
, j
, e
, k
, algo
, n
);
926 temp
+= template[i
].tap
[k
];
933 aead_request_free(req
);
937 testmgr_free_buf(xoutbuf
);
939 testmgr_free_buf(axbuf
);
941 testmgr_free_buf(xbuf
);
948 static int test_aead(struct crypto_aead
*tfm
, int enc
,
949 const struct aead_testvec
*template, unsigned int tcount
)
951 unsigned int alignmask
;
954 /* test 'dst == src' case */
955 ret
= __test_aead(tfm
, enc
, template, tcount
, false, 0);
959 /* test 'dst != src' case */
960 ret
= __test_aead(tfm
, enc
, template, tcount
, true, 0);
964 /* test unaligned buffers, check with one byte offset */
965 ret
= __test_aead(tfm
, enc
, template, tcount
, true, 1);
969 alignmask
= crypto_tfm_alg_alignmask(&tfm
->base
);
971 /* Check if alignment mask for tfm is correctly set. */
972 ret
= __test_aead(tfm
, enc
, template, tcount
, true,
981 static int test_cipher(struct crypto_cipher
*tfm
, int enc
,
982 const struct cipher_testvec
*template,
985 const char *algo
= crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm
));
986 unsigned int i
, j
, k
;
989 const char *input
, *result
;
991 char *xbuf
[XBUFSIZE
];
994 if (testmgr_alloc_buf(xbuf
))
1003 for (i
= 0; i
< tcount
; i
++) {
1007 if (fips_enabled
&& template[i
].fips_skip
)
1010 input
= enc
? template[i
].ptext
: template[i
].ctext
;
1011 result
= enc
? template[i
].ctext
: template[i
].ptext
;
1015 if (WARN_ON(template[i
].len
> PAGE_SIZE
))
1019 memcpy(data
, input
, template[i
].len
);
1021 crypto_cipher_clear_flags(tfm
, ~0);
1023 crypto_cipher_set_flags(tfm
, CRYPTO_TFM_REQ_WEAK_KEY
);
1025 ret
= crypto_cipher_setkey(tfm
, template[i
].key
,
1027 if (template[i
].fail
== !ret
) {
1028 printk(KERN_ERR
"alg: cipher: setkey failed "
1029 "on test %d for %s: flags=%x\n", j
,
1030 algo
, crypto_cipher_get_flags(tfm
));
1035 for (k
= 0; k
< template[i
].len
;
1036 k
+= crypto_cipher_blocksize(tfm
)) {
1038 crypto_cipher_encrypt_one(tfm
, data
+ k
,
1041 crypto_cipher_decrypt_one(tfm
, data
+ k
,
1046 if (memcmp(q
, result
, template[i
].len
)) {
1047 printk(KERN_ERR
"alg: cipher: Test %d failed "
1048 "on %s for %s\n", j
, e
, algo
);
1049 hexdump(q
, template[i
].len
);
1058 testmgr_free_buf(xbuf
);
1063 static int __test_skcipher(struct crypto_skcipher
*tfm
, int enc
,
1064 const struct cipher_testvec
*template,
1065 unsigned int tcount
,
1066 const bool diff_dst
, const int align_offset
)
1069 crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm
));
1070 unsigned int i
, j
, k
, n
, temp
;
1072 struct skcipher_request
*req
;
1073 struct scatterlist sg
[8];
1074 struct scatterlist sgout
[8];
1076 struct crypto_wait wait
;
1077 const char *input
, *result
;
1080 char *xbuf
[XBUFSIZE
];
1081 char *xoutbuf
[XBUFSIZE
];
1083 unsigned int ivsize
= crypto_skcipher_ivsize(tfm
);
1085 if (testmgr_alloc_buf(xbuf
))
1088 if (diff_dst
&& testmgr_alloc_buf(xoutbuf
))
1101 crypto_init_wait(&wait
);
1103 req
= skcipher_request_alloc(tfm
, GFP_KERNEL
);
1105 pr_err("alg: skcipher%s: Failed to allocate request for %s\n",
1110 skcipher_request_set_callback(req
, CRYPTO_TFM_REQ_MAY_BACKLOG
,
1111 crypto_req_done
, &wait
);
1114 for (i
= 0; i
< tcount
; i
++) {
1115 if (template[i
].np
&& !template[i
].also_non_np
)
1118 if (fips_enabled
&& template[i
].fips_skip
)
1121 if (template[i
].iv
&& !(template[i
].generates_iv
&& enc
))
1122 memcpy(iv
, template[i
].iv
, ivsize
);
1124 memset(iv
, 0, MAX_IVLEN
);
1126 input
= enc
? template[i
].ptext
: template[i
].ctext
;
1127 result
= enc
? template[i
].ctext
: template[i
].ptext
;
1130 if (WARN_ON(align_offset
+ template[i
].len
> PAGE_SIZE
))
1134 data
+= align_offset
;
1135 memcpy(data
, input
, template[i
].len
);
1137 crypto_skcipher_clear_flags(tfm
, ~0);
1139 crypto_skcipher_set_flags(tfm
,
1140 CRYPTO_TFM_REQ_WEAK_KEY
);
1142 ret
= crypto_skcipher_setkey(tfm
, template[i
].key
,
1144 if (template[i
].fail
== !ret
) {
1145 pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n",
1146 d
, j
, algo
, crypto_skcipher_get_flags(tfm
));
1151 sg_init_one(&sg
[0], data
, template[i
].len
);
1154 data
+= align_offset
;
1155 sg_init_one(&sgout
[0], data
, template[i
].len
);
1158 skcipher_request_set_crypt(req
, sg
, (diff_dst
) ? sgout
: sg
,
1159 template[i
].len
, iv
);
1160 ret
= crypto_wait_req(enc
? crypto_skcipher_encrypt(req
) :
1161 crypto_skcipher_decrypt(req
), &wait
);
1164 pr_err("alg: skcipher%s: %s failed on test %d for %s: ret=%d\n",
1165 d
, e
, j
, algo
, -ret
);
1170 if (memcmp(q
, result
, template[i
].len
)) {
1171 pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n",
1173 hexdump(q
, template[i
].len
);
1178 if (template[i
].generates_iv
&& enc
&&
1179 memcmp(iv
, template[i
].iv
, crypto_skcipher_ivsize(tfm
))) {
1180 pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n",
1182 hexdump(iv
, crypto_skcipher_ivsize(tfm
));
1189 for (i
= 0; i
< tcount
; i
++) {
1190 /* alignment tests are only done with continuous buffers */
1191 if (align_offset
!= 0)
1194 if (!template[i
].np
)
1197 if (fips_enabled
&& template[i
].fips_skip
)
1200 if (template[i
].iv
&& !(template[i
].generates_iv
&& enc
))
1201 memcpy(iv
, template[i
].iv
, ivsize
);
1203 memset(iv
, 0, MAX_IVLEN
);
1205 input
= enc
? template[i
].ptext
: template[i
].ctext
;
1206 result
= enc
? template[i
].ctext
: template[i
].ptext
;
1208 crypto_skcipher_clear_flags(tfm
, ~0);
1210 crypto_skcipher_set_flags(tfm
,
1211 CRYPTO_TFM_REQ_WEAK_KEY
);
1213 ret
= crypto_skcipher_setkey(tfm
, template[i
].key
,
1215 if (template[i
].fail
== !ret
) {
1216 pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n",
1217 d
, j
, algo
, crypto_skcipher_get_flags(tfm
));
1224 sg_init_table(sg
, template[i
].np
);
1226 sg_init_table(sgout
, template[i
].np
);
1227 for (k
= 0; k
< template[i
].np
; k
++) {
1228 if (WARN_ON(offset_in_page(IDX
[k
]) +
1229 template[i
].tap
[k
] > PAGE_SIZE
))
1232 q
= xbuf
[IDX
[k
] >> PAGE_SHIFT
] + offset_in_page(IDX
[k
]);
1234 memcpy(q
, input
+ temp
, template[i
].tap
[k
]);
1236 if (offset_in_page(q
) + template[i
].tap
[k
] < PAGE_SIZE
)
1237 q
[template[i
].tap
[k
]] = 0;
1239 sg_set_buf(&sg
[k
], q
, template[i
].tap
[k
]);
1241 q
= xoutbuf
[IDX
[k
] >> PAGE_SHIFT
] +
1242 offset_in_page(IDX
[k
]);
1244 sg_set_buf(&sgout
[k
], q
, template[i
].tap
[k
]);
1246 memset(q
, 0, template[i
].tap
[k
]);
1247 if (offset_in_page(q
) +
1248 template[i
].tap
[k
] < PAGE_SIZE
)
1249 q
[template[i
].tap
[k
]] = 0;
1252 temp
+= template[i
].tap
[k
];
1255 skcipher_request_set_crypt(req
, sg
, (diff_dst
) ? sgout
: sg
,
1256 template[i
].len
, iv
);
1258 ret
= crypto_wait_req(enc
? crypto_skcipher_encrypt(req
) :
1259 crypto_skcipher_decrypt(req
), &wait
);
1262 pr_err("alg: skcipher%s: %s failed on chunk test %d for %s: ret=%d\n",
1263 d
, e
, j
, algo
, -ret
);
1269 for (k
= 0; k
< template[i
].np
; k
++) {
1271 q
= xoutbuf
[IDX
[k
] >> PAGE_SHIFT
] +
1272 offset_in_page(IDX
[k
]);
1274 q
= xbuf
[IDX
[k
] >> PAGE_SHIFT
] +
1275 offset_in_page(IDX
[k
]);
1277 if (memcmp(q
, result
+ temp
, template[i
].tap
[k
])) {
1278 pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n",
1280 hexdump(q
, template[i
].tap
[k
]);
1284 q
+= template[i
].tap
[k
];
1285 for (n
= 0; offset_in_page(q
+ n
) && q
[n
]; n
++)
1288 pr_err("alg: skcipher%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
1289 d
, j
, e
, k
, algo
, n
);
1293 temp
+= template[i
].tap
[k
];
1300 skcipher_request_free(req
);
1302 testmgr_free_buf(xoutbuf
);
1304 testmgr_free_buf(xbuf
);
1309 static int test_skcipher(struct crypto_skcipher
*tfm
, int enc
,
1310 const struct cipher_testvec
*template,
1311 unsigned int tcount
)
1313 unsigned int alignmask
;
1316 /* test 'dst == src' case */
1317 ret
= __test_skcipher(tfm
, enc
, template, tcount
, false, 0);
1321 /* test 'dst != src' case */
1322 ret
= __test_skcipher(tfm
, enc
, template, tcount
, true, 0);
1326 /* test unaligned buffers, check with one byte offset */
1327 ret
= __test_skcipher(tfm
, enc
, template, tcount
, true, 1);
1331 alignmask
= crypto_tfm_alg_alignmask(&tfm
->base
);
1333 /* Check if alignment mask for tfm is correctly set. */
1334 ret
= __test_skcipher(tfm
, enc
, template, tcount
, true,
1343 static int test_comp(struct crypto_comp
*tfm
,
1344 const struct comp_testvec
*ctemplate
,
1345 const struct comp_testvec
*dtemplate
,
1346 int ctcount
, int dtcount
)
1348 const char *algo
= crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm
));
1349 char *output
, *decomp_output
;
1353 output
= kmalloc(COMP_BUF_SIZE
, GFP_KERNEL
);
1357 decomp_output
= kmalloc(COMP_BUF_SIZE
, GFP_KERNEL
);
1358 if (!decomp_output
) {
1363 for (i
= 0; i
< ctcount
; i
++) {
1365 unsigned int dlen
= COMP_BUF_SIZE
;
1367 memset(output
, 0, sizeof(COMP_BUF_SIZE
));
1368 memset(decomp_output
, 0, sizeof(COMP_BUF_SIZE
));
1370 ilen
= ctemplate
[i
].inlen
;
1371 ret
= crypto_comp_compress(tfm
, ctemplate
[i
].input
,
1372 ilen
, output
, &dlen
);
1374 printk(KERN_ERR
"alg: comp: compression failed "
1375 "on test %d for %s: ret=%d\n", i
+ 1, algo
,
1381 dlen
= COMP_BUF_SIZE
;
1382 ret
= crypto_comp_decompress(tfm
, output
,
1383 ilen
, decomp_output
, &dlen
);
1385 pr_err("alg: comp: compression failed: decompress: on test %d for %s failed: ret=%d\n",
1390 if (dlen
!= ctemplate
[i
].inlen
) {
1391 printk(KERN_ERR
"alg: comp: Compression test %d "
1392 "failed for %s: output len = %d\n", i
+ 1, algo
,
1398 if (memcmp(decomp_output
, ctemplate
[i
].input
,
1399 ctemplate
[i
].inlen
)) {
1400 pr_err("alg: comp: compression failed: output differs: on test %d for %s\n",
1402 hexdump(decomp_output
, dlen
);
1408 for (i
= 0; i
< dtcount
; i
++) {
1410 unsigned int dlen
= COMP_BUF_SIZE
;
1412 memset(decomp_output
, 0, sizeof(COMP_BUF_SIZE
));
1414 ilen
= dtemplate
[i
].inlen
;
1415 ret
= crypto_comp_decompress(tfm
, dtemplate
[i
].input
,
1416 ilen
, decomp_output
, &dlen
);
1418 printk(KERN_ERR
"alg: comp: decompression failed "
1419 "on test %d for %s: ret=%d\n", i
+ 1, algo
,
1424 if (dlen
!= dtemplate
[i
].outlen
) {
1425 printk(KERN_ERR
"alg: comp: Decompression test %d "
1426 "failed for %s: output len = %d\n", i
+ 1, algo
,
1432 if (memcmp(decomp_output
, dtemplate
[i
].output
, dlen
)) {
1433 printk(KERN_ERR
"alg: comp: Decompression test %d "
1434 "failed for %s\n", i
+ 1, algo
);
1435 hexdump(decomp_output
, dlen
);
1444 kfree(decomp_output
);
1449 static int test_acomp(struct crypto_acomp
*tfm
,
1450 const struct comp_testvec
*ctemplate
,
1451 const struct comp_testvec
*dtemplate
,
1452 int ctcount
, int dtcount
)
1454 const char *algo
= crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm
));
1456 char *output
, *decomp_out
;
1458 struct scatterlist src
, dst
;
1459 struct acomp_req
*req
;
1460 struct crypto_wait wait
;
1462 output
= kmalloc(COMP_BUF_SIZE
, GFP_KERNEL
);
1466 decomp_out
= kmalloc(COMP_BUF_SIZE
, GFP_KERNEL
);
1472 for (i
= 0; i
< ctcount
; i
++) {
1473 unsigned int dlen
= COMP_BUF_SIZE
;
1474 int ilen
= ctemplate
[i
].inlen
;
1477 input_vec
= kmemdup(ctemplate
[i
].input
, ilen
, GFP_KERNEL
);
1483 memset(output
, 0, dlen
);
1484 crypto_init_wait(&wait
);
1485 sg_init_one(&src
, input_vec
, ilen
);
1486 sg_init_one(&dst
, output
, dlen
);
1488 req
= acomp_request_alloc(tfm
);
1490 pr_err("alg: acomp: request alloc failed for %s\n",
1497 acomp_request_set_params(req
, &src
, &dst
, ilen
, dlen
);
1498 acomp_request_set_callback(req
, CRYPTO_TFM_REQ_MAY_BACKLOG
,
1499 crypto_req_done
, &wait
);
1501 ret
= crypto_wait_req(crypto_acomp_compress(req
), &wait
);
1503 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1506 acomp_request_free(req
);
1511 dlen
= COMP_BUF_SIZE
;
1512 sg_init_one(&src
, output
, ilen
);
1513 sg_init_one(&dst
, decomp_out
, dlen
);
1514 crypto_init_wait(&wait
);
1515 acomp_request_set_params(req
, &src
, &dst
, ilen
, dlen
);
1517 ret
= crypto_wait_req(crypto_acomp_decompress(req
), &wait
);
1519 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1522 acomp_request_free(req
);
1526 if (req
->dlen
!= ctemplate
[i
].inlen
) {
1527 pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n",
1528 i
+ 1, algo
, req
->dlen
);
1531 acomp_request_free(req
);
1535 if (memcmp(input_vec
, decomp_out
, req
->dlen
)) {
1536 pr_err("alg: acomp: Compression test %d failed for %s\n",
1538 hexdump(output
, req
->dlen
);
1541 acomp_request_free(req
);
1546 acomp_request_free(req
);
1549 for (i
= 0; i
< dtcount
; i
++) {
1550 unsigned int dlen
= COMP_BUF_SIZE
;
1551 int ilen
= dtemplate
[i
].inlen
;
1554 input_vec
= kmemdup(dtemplate
[i
].input
, ilen
, GFP_KERNEL
);
1560 memset(output
, 0, dlen
);
1561 crypto_init_wait(&wait
);
1562 sg_init_one(&src
, input_vec
, ilen
);
1563 sg_init_one(&dst
, output
, dlen
);
1565 req
= acomp_request_alloc(tfm
);
1567 pr_err("alg: acomp: request alloc failed for %s\n",
1574 acomp_request_set_params(req
, &src
, &dst
, ilen
, dlen
);
1575 acomp_request_set_callback(req
, CRYPTO_TFM_REQ_MAY_BACKLOG
,
1576 crypto_req_done
, &wait
);
1578 ret
= crypto_wait_req(crypto_acomp_decompress(req
), &wait
);
1580 pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n",
1583 acomp_request_free(req
);
1587 if (req
->dlen
!= dtemplate
[i
].outlen
) {
1588 pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n",
1589 i
+ 1, algo
, req
->dlen
);
1592 acomp_request_free(req
);
1596 if (memcmp(output
, dtemplate
[i
].output
, req
->dlen
)) {
1597 pr_err("alg: acomp: Decompression test %d failed for %s\n",
1599 hexdump(output
, req
->dlen
);
1602 acomp_request_free(req
);
1607 acomp_request_free(req
);
1618 static int test_cprng(struct crypto_rng
*tfm
,
1619 const struct cprng_testvec
*template,
1620 unsigned int tcount
)
1622 const char *algo
= crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm
));
1623 int err
= 0, i
, j
, seedsize
;
1627 seedsize
= crypto_rng_seedsize(tfm
);
1629 seed
= kmalloc(seedsize
, GFP_KERNEL
);
1631 printk(KERN_ERR
"alg: cprng: Failed to allocate seed space "
1636 for (i
= 0; i
< tcount
; i
++) {
1637 memset(result
, 0, 32);
1639 memcpy(seed
, template[i
].v
, template[i
].vlen
);
1640 memcpy(seed
+ template[i
].vlen
, template[i
].key
,
1642 memcpy(seed
+ template[i
].vlen
+ template[i
].klen
,
1643 template[i
].dt
, template[i
].dtlen
);
1645 err
= crypto_rng_reset(tfm
, seed
, seedsize
);
1647 printk(KERN_ERR
"alg: cprng: Failed to reset rng "
1652 for (j
= 0; j
< template[i
].loops
; j
++) {
1653 err
= crypto_rng_get_bytes(tfm
, result
,
1656 printk(KERN_ERR
"alg: cprng: Failed to obtain "
1657 "the correct amount of random data for "
1658 "%s (requested %d)\n", algo
,
1664 err
= memcmp(result
, template[i
].result
,
1667 printk(KERN_ERR
"alg: cprng: Test %d failed for %s\n",
1669 hexdump(result
, template[i
].rlen
);
1680 static int alg_test_aead(const struct alg_test_desc
*desc
, const char *driver
,
1683 struct crypto_aead
*tfm
;
1686 tfm
= crypto_alloc_aead(driver
, type
, mask
);
1688 printk(KERN_ERR
"alg: aead: Failed to load transform for %s: "
1689 "%ld\n", driver
, PTR_ERR(tfm
));
1690 return PTR_ERR(tfm
);
1693 if (desc
->suite
.aead
.enc
.vecs
) {
1694 err
= test_aead(tfm
, ENCRYPT
, desc
->suite
.aead
.enc
.vecs
,
1695 desc
->suite
.aead
.enc
.count
);
1700 if (!err
&& desc
->suite
.aead
.dec
.vecs
)
1701 err
= test_aead(tfm
, DECRYPT
, desc
->suite
.aead
.dec
.vecs
,
1702 desc
->suite
.aead
.dec
.count
);
1705 crypto_free_aead(tfm
);
1709 static int alg_test_cipher(const struct alg_test_desc
*desc
,
1710 const char *driver
, u32 type
, u32 mask
)
1712 const struct cipher_test_suite
*suite
= &desc
->suite
.cipher
;
1713 struct crypto_cipher
*tfm
;
1716 tfm
= crypto_alloc_cipher(driver
, type
, mask
);
1718 printk(KERN_ERR
"alg: cipher: Failed to load transform for "
1719 "%s: %ld\n", driver
, PTR_ERR(tfm
));
1720 return PTR_ERR(tfm
);
1723 err
= test_cipher(tfm
, ENCRYPT
, suite
->vecs
, suite
->count
);
1725 err
= test_cipher(tfm
, DECRYPT
, suite
->vecs
, suite
->count
);
1727 crypto_free_cipher(tfm
);
1731 static int alg_test_skcipher(const struct alg_test_desc
*desc
,
1732 const char *driver
, u32 type
, u32 mask
)
1734 const struct cipher_test_suite
*suite
= &desc
->suite
.cipher
;
1735 struct crypto_skcipher
*tfm
;
1738 tfm
= crypto_alloc_skcipher(driver
, type
, mask
);
1740 printk(KERN_ERR
"alg: skcipher: Failed to load transform for "
1741 "%s: %ld\n", driver
, PTR_ERR(tfm
));
1742 return PTR_ERR(tfm
);
1745 err
= test_skcipher(tfm
, ENCRYPT
, suite
->vecs
, suite
->count
);
1747 err
= test_skcipher(tfm
, DECRYPT
, suite
->vecs
, suite
->count
);
1749 crypto_free_skcipher(tfm
);
1753 static int alg_test_comp(const struct alg_test_desc
*desc
, const char *driver
,
1756 struct crypto_comp
*comp
;
1757 struct crypto_acomp
*acomp
;
1759 u32 algo_type
= type
& CRYPTO_ALG_TYPE_ACOMPRESS_MASK
;
1761 if (algo_type
== CRYPTO_ALG_TYPE_ACOMPRESS
) {
1762 acomp
= crypto_alloc_acomp(driver
, type
, mask
);
1763 if (IS_ERR(acomp
)) {
1764 pr_err("alg: acomp: Failed to load transform for %s: %ld\n",
1765 driver
, PTR_ERR(acomp
));
1766 return PTR_ERR(acomp
);
1768 err
= test_acomp(acomp
, desc
->suite
.comp
.comp
.vecs
,
1769 desc
->suite
.comp
.decomp
.vecs
,
1770 desc
->suite
.comp
.comp
.count
,
1771 desc
->suite
.comp
.decomp
.count
);
1772 crypto_free_acomp(acomp
);
1774 comp
= crypto_alloc_comp(driver
, type
, mask
);
1776 pr_err("alg: comp: Failed to load transform for %s: %ld\n",
1777 driver
, PTR_ERR(comp
));
1778 return PTR_ERR(comp
);
1781 err
= test_comp(comp
, desc
->suite
.comp
.comp
.vecs
,
1782 desc
->suite
.comp
.decomp
.vecs
,
1783 desc
->suite
.comp
.comp
.count
,
1784 desc
->suite
.comp
.decomp
.count
);
1786 crypto_free_comp(comp
);
1791 static int __alg_test_hash(const struct hash_testvec
*template,
1792 unsigned int tcount
, const char *driver
,
1795 struct crypto_ahash
*tfm
;
1798 tfm
= crypto_alloc_ahash(driver
, type
, mask
);
1800 printk(KERN_ERR
"alg: hash: Failed to load transform for %s: "
1801 "%ld\n", driver
, PTR_ERR(tfm
));
1802 return PTR_ERR(tfm
);
1805 err
= test_hash(tfm
, template, tcount
, true);
1807 err
= test_hash(tfm
, template, tcount
, false);
1808 crypto_free_ahash(tfm
);
1812 static int alg_test_hash(const struct alg_test_desc
*desc
, const char *driver
,
1815 const struct hash_testvec
*template = desc
->suite
.hash
.vecs
;
1816 unsigned int tcount
= desc
->suite
.hash
.count
;
1817 unsigned int nr_unkeyed
, nr_keyed
;
1821 * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests
1822 * first, before setting a key on the tfm. To make this easier, we
1823 * require that the unkeyed test vectors (if any) are listed first.
1826 for (nr_unkeyed
= 0; nr_unkeyed
< tcount
; nr_unkeyed
++) {
1827 if (template[nr_unkeyed
].ksize
)
1830 for (nr_keyed
= 0; nr_unkeyed
+ nr_keyed
< tcount
; nr_keyed
++) {
1831 if (!template[nr_unkeyed
+ nr_keyed
].ksize
) {
1832 pr_err("alg: hash: test vectors for %s out of order, "
1833 "unkeyed ones must come first\n", desc
->alg
);
1840 err
= __alg_test_hash(template, nr_unkeyed
, driver
, type
, mask
);
1841 template += nr_unkeyed
;
1844 if (!err
&& nr_keyed
)
1845 err
= __alg_test_hash(template, nr_keyed
, driver
, type
, mask
);
1850 static int alg_test_crc32c(const struct alg_test_desc
*desc
,
1851 const char *driver
, u32 type
, u32 mask
)
1853 struct crypto_shash
*tfm
;
1857 err
= alg_test_hash(desc
, driver
, type
, mask
);
1861 tfm
= crypto_alloc_shash(driver
, type
, mask
);
1863 printk(KERN_ERR
"alg: crc32c: Failed to load transform for %s: "
1864 "%ld\n", driver
, PTR_ERR(tfm
));
1870 SHASH_DESC_ON_STACK(shash
, tfm
);
1871 u32
*ctx
= (u32
*)shash_desc_ctx(shash
);
1876 *ctx
= le32_to_cpu(420553207);
1877 err
= crypto_shash_final(shash
, (u8
*)&val
);
1879 printk(KERN_ERR
"alg: crc32c: Operation failed for "
1880 "%s: %d\n", driver
, err
);
1884 if (val
!= ~420553207) {
1885 printk(KERN_ERR
"alg: crc32c: Test failed for %s: "
1886 "%d\n", driver
, val
);
1891 crypto_free_shash(tfm
);
1897 static int alg_test_cprng(const struct alg_test_desc
*desc
, const char *driver
,
1900 struct crypto_rng
*rng
;
1903 rng
= crypto_alloc_rng(driver
, type
, mask
);
1905 printk(KERN_ERR
"alg: cprng: Failed to load transform for %s: "
1906 "%ld\n", driver
, PTR_ERR(rng
));
1907 return PTR_ERR(rng
);
1910 err
= test_cprng(rng
, desc
->suite
.cprng
.vecs
, desc
->suite
.cprng
.count
);
1912 crypto_free_rng(rng
);
1918 static int drbg_cavs_test(const struct drbg_testvec
*test
, int pr
,
1919 const char *driver
, u32 type
, u32 mask
)
1922 struct crypto_rng
*drng
;
1923 struct drbg_test_data test_data
;
1924 struct drbg_string addtl
, pers
, testentropy
;
1925 unsigned char *buf
= kzalloc(test
->expectedlen
, GFP_KERNEL
);
1930 drng
= crypto_alloc_rng(driver
, type
, mask
);
1932 printk(KERN_ERR
"alg: drbg: could not allocate DRNG handle for "
1938 test_data
.testentropy
= &testentropy
;
1939 drbg_string_fill(&testentropy
, test
->entropy
, test
->entropylen
);
1940 drbg_string_fill(&pers
, test
->pers
, test
->perslen
);
1941 ret
= crypto_drbg_reset_test(drng
, &pers
, &test_data
);
1943 printk(KERN_ERR
"alg: drbg: Failed to reset rng\n");
1947 drbg_string_fill(&addtl
, test
->addtla
, test
->addtllen
);
1949 drbg_string_fill(&testentropy
, test
->entpra
, test
->entprlen
);
1950 ret
= crypto_drbg_get_bytes_addtl_test(drng
,
1951 buf
, test
->expectedlen
, &addtl
, &test_data
);
1953 ret
= crypto_drbg_get_bytes_addtl(drng
,
1954 buf
, test
->expectedlen
, &addtl
);
1957 printk(KERN_ERR
"alg: drbg: could not obtain random data for "
1958 "driver %s\n", driver
);
1962 drbg_string_fill(&addtl
, test
->addtlb
, test
->addtllen
);
1964 drbg_string_fill(&testentropy
, test
->entprb
, test
->entprlen
);
1965 ret
= crypto_drbg_get_bytes_addtl_test(drng
,
1966 buf
, test
->expectedlen
, &addtl
, &test_data
);
1968 ret
= crypto_drbg_get_bytes_addtl(drng
,
1969 buf
, test
->expectedlen
, &addtl
);
1972 printk(KERN_ERR
"alg: drbg: could not obtain random data for "
1973 "driver %s\n", driver
);
1977 ret
= memcmp(test
->expected
, buf
, test
->expectedlen
);
1980 crypto_free_rng(drng
);
1986 static int alg_test_drbg(const struct alg_test_desc
*desc
, const char *driver
,
1992 const struct drbg_testvec
*template = desc
->suite
.drbg
.vecs
;
1993 unsigned int tcount
= desc
->suite
.drbg
.count
;
1995 if (0 == memcmp(driver
, "drbg_pr_", 8))
1998 for (i
= 0; i
< tcount
; i
++) {
1999 err
= drbg_cavs_test(&template[i
], pr
, driver
, type
, mask
);
2001 printk(KERN_ERR
"alg: drbg: Test %d failed for %s\n",
2011 static int do_test_kpp(struct crypto_kpp
*tfm
, const struct kpp_testvec
*vec
,
2014 struct kpp_request
*req
;
2015 void *input_buf
= NULL
;
2016 void *output_buf
= NULL
;
2017 void *a_public
= NULL
;
2019 void *shared_secret
= NULL
;
2020 struct crypto_wait wait
;
2021 unsigned int out_len_max
;
2023 struct scatterlist src
, dst
;
2025 req
= kpp_request_alloc(tfm
, GFP_KERNEL
);
2029 crypto_init_wait(&wait
);
2031 err
= crypto_kpp_set_secret(tfm
, vec
->secret
, vec
->secret_size
);
2035 out_len_max
= crypto_kpp_maxsize(tfm
);
2036 output_buf
= kzalloc(out_len_max
, GFP_KERNEL
);
2042 /* Use appropriate parameter as base */
2043 kpp_request_set_input(req
, NULL
, 0);
2044 sg_init_one(&dst
, output_buf
, out_len_max
);
2045 kpp_request_set_output(req
, &dst
, out_len_max
);
2046 kpp_request_set_callback(req
, CRYPTO_TFM_REQ_MAY_BACKLOG
,
2047 crypto_req_done
, &wait
);
2049 /* Compute party A's public key */
2050 err
= crypto_wait_req(crypto_kpp_generate_public_key(req
), &wait
);
2052 pr_err("alg: %s: Party A: generate public key test failed. err %d\n",
2058 /* Save party A's public key */
2059 a_public
= kzalloc(out_len_max
, GFP_KERNEL
);
2064 memcpy(a_public
, sg_virt(req
->dst
), out_len_max
);
2066 /* Verify calculated public key */
2067 if (memcmp(vec
->expected_a_public
, sg_virt(req
->dst
),
2068 vec
->expected_a_public_size
)) {
2069 pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n",
2076 /* Calculate shared secret key by using counter part (b) public key. */
2077 input_buf
= kzalloc(vec
->b_public_size
, GFP_KERNEL
);
2083 memcpy(input_buf
, vec
->b_public
, vec
->b_public_size
);
2084 sg_init_one(&src
, input_buf
, vec
->b_public_size
);
2085 sg_init_one(&dst
, output_buf
, out_len_max
);
2086 kpp_request_set_input(req
, &src
, vec
->b_public_size
);
2087 kpp_request_set_output(req
, &dst
, out_len_max
);
2088 kpp_request_set_callback(req
, CRYPTO_TFM_REQ_MAY_BACKLOG
,
2089 crypto_req_done
, &wait
);
2090 err
= crypto_wait_req(crypto_kpp_compute_shared_secret(req
), &wait
);
2092 pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n",
2098 /* Save the shared secret obtained by party A */
2099 a_ss
= kzalloc(vec
->expected_ss_size
, GFP_KERNEL
);
2104 memcpy(a_ss
, sg_virt(req
->dst
), vec
->expected_ss_size
);
2107 * Calculate party B's shared secret by using party A's
2110 err
= crypto_kpp_set_secret(tfm
, vec
->b_secret
,
2111 vec
->b_secret_size
);
2115 sg_init_one(&src
, a_public
, vec
->expected_a_public_size
);
2116 sg_init_one(&dst
, output_buf
, out_len_max
);
2117 kpp_request_set_input(req
, &src
, vec
->expected_a_public_size
);
2118 kpp_request_set_output(req
, &dst
, out_len_max
);
2119 kpp_request_set_callback(req
, CRYPTO_TFM_REQ_MAY_BACKLOG
,
2120 crypto_req_done
, &wait
);
2121 err
= crypto_wait_req(crypto_kpp_compute_shared_secret(req
),
2124 pr_err("alg: %s: Party B: compute shared secret failed. err %d\n",
2129 shared_secret
= a_ss
;
2131 shared_secret
= (void *)vec
->expected_ss
;
2135 * verify shared secret from which the user will derive
2136 * secret key by executing whatever hash it has chosen
2138 if (memcmp(shared_secret
, sg_virt(req
->dst
),
2139 vec
->expected_ss_size
)) {
2140 pr_err("alg: %s: compute shared secret test failed. Invalid output\n",
2152 kpp_request_free(req
);
2156 static int test_kpp(struct crypto_kpp
*tfm
, const char *alg
,
2157 const struct kpp_testvec
*vecs
, unsigned int tcount
)
2161 for (i
= 0; i
< tcount
; i
++) {
2162 ret
= do_test_kpp(tfm
, vecs
++, alg
);
2164 pr_err("alg: %s: test failed on vector %d, err=%d\n",
2172 static int alg_test_kpp(const struct alg_test_desc
*desc
, const char *driver
,
2175 struct crypto_kpp
*tfm
;
2178 tfm
= crypto_alloc_kpp(driver
, type
, mask
);
2180 pr_err("alg: kpp: Failed to load tfm for %s: %ld\n",
2181 driver
, PTR_ERR(tfm
));
2182 return PTR_ERR(tfm
);
2184 if (desc
->suite
.kpp
.vecs
)
2185 err
= test_kpp(tfm
, desc
->alg
, desc
->suite
.kpp
.vecs
,
2186 desc
->suite
.kpp
.count
);
2188 crypto_free_kpp(tfm
);
2192 static int test_akcipher_one(struct crypto_akcipher
*tfm
,
2193 const struct akcipher_testvec
*vecs
)
2195 char *xbuf
[XBUFSIZE
];
2196 struct akcipher_request
*req
;
2197 void *outbuf_enc
= NULL
;
2198 void *outbuf_dec
= NULL
;
2199 struct crypto_wait wait
;
2200 unsigned int out_len_max
, out_len
= 0;
2202 struct scatterlist src
, dst
, src_tab
[2];
2204 if (testmgr_alloc_buf(xbuf
))
2207 req
= akcipher_request_alloc(tfm
, GFP_KERNEL
);
2211 crypto_init_wait(&wait
);
2213 if (vecs
->public_key_vec
)
2214 err
= crypto_akcipher_set_pub_key(tfm
, vecs
->key
,
2217 err
= crypto_akcipher_set_priv_key(tfm
, vecs
->key
,
2223 out_len_max
= crypto_akcipher_maxsize(tfm
);
2224 outbuf_enc
= kzalloc(out_len_max
, GFP_KERNEL
);
2228 if (WARN_ON(vecs
->m_size
> PAGE_SIZE
))
2231 memcpy(xbuf
[0], vecs
->m
, vecs
->m_size
);
2233 sg_init_table(src_tab
, 2);
2234 sg_set_buf(&src_tab
[0], xbuf
[0], 8);
2235 sg_set_buf(&src_tab
[1], xbuf
[0] + 8, vecs
->m_size
- 8);
2236 sg_init_one(&dst
, outbuf_enc
, out_len_max
);
2237 akcipher_request_set_crypt(req
, src_tab
, &dst
, vecs
->m_size
,
2239 akcipher_request_set_callback(req
, CRYPTO_TFM_REQ_MAY_BACKLOG
,
2240 crypto_req_done
, &wait
);
2242 err
= crypto_wait_req(vecs
->siggen_sigver_test
?
2243 /* Run asymmetric signature generation */
2244 crypto_akcipher_sign(req
) :
2245 /* Run asymmetric encrypt */
2246 crypto_akcipher_encrypt(req
), &wait
);
2248 pr_err("alg: akcipher: encrypt test failed. err %d\n", err
);
2251 if (req
->dst_len
!= vecs
->c_size
) {
2252 pr_err("alg: akcipher: encrypt test failed. Invalid output len\n");
2256 /* verify that encrypted message is equal to expected */
2257 if (memcmp(vecs
->c
, outbuf_enc
, vecs
->c_size
)) {
2258 pr_err("alg: akcipher: encrypt test failed. Invalid output\n");
2259 hexdump(outbuf_enc
, vecs
->c_size
);
2263 /* Don't invoke decrypt for vectors with public key */
2264 if (vecs
->public_key_vec
) {
2268 outbuf_dec
= kzalloc(out_len_max
, GFP_KERNEL
);
2274 if (WARN_ON(vecs
->c_size
> PAGE_SIZE
))
2277 memcpy(xbuf
[0], vecs
->c
, vecs
->c_size
);
2279 sg_init_one(&src
, xbuf
[0], vecs
->c_size
);
2280 sg_init_one(&dst
, outbuf_dec
, out_len_max
);
2281 crypto_init_wait(&wait
);
2282 akcipher_request_set_crypt(req
, &src
, &dst
, vecs
->c_size
, out_len_max
);
2284 err
= crypto_wait_req(vecs
->siggen_sigver_test
?
2285 /* Run asymmetric signature verification */
2286 crypto_akcipher_verify(req
) :
2287 /* Run asymmetric decrypt */
2288 crypto_akcipher_decrypt(req
), &wait
);
2290 pr_err("alg: akcipher: decrypt test failed. err %d\n", err
);
2293 out_len
= req
->dst_len
;
2294 if (out_len
< vecs
->m_size
) {
2295 pr_err("alg: akcipher: decrypt test failed. "
2296 "Invalid output len %u\n", out_len
);
2300 /* verify that decrypted message is equal to the original msg */
2301 if (memchr_inv(outbuf_dec
, 0, out_len
- vecs
->m_size
) ||
2302 memcmp(vecs
->m
, outbuf_dec
+ out_len
- vecs
->m_size
,
2304 pr_err("alg: akcipher: decrypt test failed. Invalid output\n");
2305 hexdump(outbuf_dec
, out_len
);
2312 akcipher_request_free(req
);
2314 testmgr_free_buf(xbuf
);
2318 static int test_akcipher(struct crypto_akcipher
*tfm
, const char *alg
,
2319 const struct akcipher_testvec
*vecs
,
2320 unsigned int tcount
)
2323 crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm
));
2326 for (i
= 0; i
< tcount
; i
++) {
2327 ret
= test_akcipher_one(tfm
, vecs
++);
2331 pr_err("alg: akcipher: test %d failed for %s, err=%d\n",
2338 static int alg_test_akcipher(const struct alg_test_desc
*desc
,
2339 const char *driver
, u32 type
, u32 mask
)
2341 struct crypto_akcipher
*tfm
;
2344 tfm
= crypto_alloc_akcipher(driver
, type
, mask
);
2346 pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n",
2347 driver
, PTR_ERR(tfm
));
2348 return PTR_ERR(tfm
);
2350 if (desc
->suite
.akcipher
.vecs
)
2351 err
= test_akcipher(tfm
, desc
->alg
, desc
->suite
.akcipher
.vecs
,
2352 desc
->suite
.akcipher
.count
);
2354 crypto_free_akcipher(tfm
);
2358 static int alg_test_null(const struct alg_test_desc
*desc
,
2359 const char *driver
, u32 type
, u32 mask
)
2364 #define __VECS(tv) { .vecs = tv, .count = ARRAY_SIZE(tv) }
2366 /* Please keep this list sorted by algorithm name. */
2367 static const struct alg_test_desc alg_test_descs
[] = {
2370 .test
= alg_test_aead
,
2373 .enc
= __VECS(aegis128_enc_tv_template
),
2374 .dec
= __VECS(aegis128_dec_tv_template
),
2379 .test
= alg_test_aead
,
2382 .enc
= __VECS(aegis128l_enc_tv_template
),
2383 .dec
= __VECS(aegis128l_dec_tv_template
),
2388 .test
= alg_test_aead
,
2391 .enc
= __VECS(aegis256_enc_tv_template
),
2392 .dec
= __VECS(aegis256_dec_tv_template
),
2396 .alg
= "ansi_cprng",
2397 .test
= alg_test_cprng
,
2399 .cprng
= __VECS(ansi_cprng_aes_tv_template
)
2402 .alg
= "authenc(hmac(md5),ecb(cipher_null))",
2403 .test
= alg_test_aead
,
2406 .enc
= __VECS(hmac_md5_ecb_cipher_null_enc_tv_template
),
2407 .dec
= __VECS(hmac_md5_ecb_cipher_null_dec_tv_template
)
2411 .alg
= "authenc(hmac(sha1),cbc(aes))",
2412 .test
= alg_test_aead
,
2416 .enc
= __VECS(hmac_sha1_aes_cbc_enc_tv_temp
)
2420 .alg
= "authenc(hmac(sha1),cbc(des))",
2421 .test
= alg_test_aead
,
2424 .enc
= __VECS(hmac_sha1_des_cbc_enc_tv_temp
)
2428 .alg
= "authenc(hmac(sha1),cbc(des3_ede))",
2429 .test
= alg_test_aead
,
2433 .enc
= __VECS(hmac_sha1_des3_ede_cbc_enc_tv_temp
)
2437 .alg
= "authenc(hmac(sha1),ctr(aes))",
2438 .test
= alg_test_null
,
2441 .alg
= "authenc(hmac(sha1),ecb(cipher_null))",
2442 .test
= alg_test_aead
,
2445 .enc
= __VECS(hmac_sha1_ecb_cipher_null_enc_tv_temp
),
2446 .dec
= __VECS(hmac_sha1_ecb_cipher_null_dec_tv_temp
)
2450 .alg
= "authenc(hmac(sha1),rfc3686(ctr(aes)))",
2451 .test
= alg_test_null
,
2454 .alg
= "authenc(hmac(sha224),cbc(des))",
2455 .test
= alg_test_aead
,
2458 .enc
= __VECS(hmac_sha224_des_cbc_enc_tv_temp
)
2462 .alg
= "authenc(hmac(sha224),cbc(des3_ede))",
2463 .test
= alg_test_aead
,
2467 .enc
= __VECS(hmac_sha224_des3_ede_cbc_enc_tv_temp
)
2471 .alg
= "authenc(hmac(sha256),cbc(aes))",
2472 .test
= alg_test_aead
,
2476 .enc
= __VECS(hmac_sha256_aes_cbc_enc_tv_temp
)
2480 .alg
= "authenc(hmac(sha256),cbc(des))",
2481 .test
= alg_test_aead
,
2484 .enc
= __VECS(hmac_sha256_des_cbc_enc_tv_temp
)
2488 .alg
= "authenc(hmac(sha256),cbc(des3_ede))",
2489 .test
= alg_test_aead
,
2493 .enc
= __VECS(hmac_sha256_des3_ede_cbc_enc_tv_temp
)
2497 .alg
= "authenc(hmac(sha256),ctr(aes))",
2498 .test
= alg_test_null
,
2501 .alg
= "authenc(hmac(sha256),rfc3686(ctr(aes)))",
2502 .test
= alg_test_null
,
2505 .alg
= "authenc(hmac(sha384),cbc(des))",
2506 .test
= alg_test_aead
,
2509 .enc
= __VECS(hmac_sha384_des_cbc_enc_tv_temp
)
2513 .alg
= "authenc(hmac(sha384),cbc(des3_ede))",
2514 .test
= alg_test_aead
,
2518 .enc
= __VECS(hmac_sha384_des3_ede_cbc_enc_tv_temp
)
2522 .alg
= "authenc(hmac(sha384),ctr(aes))",
2523 .test
= alg_test_null
,
2526 .alg
= "authenc(hmac(sha384),rfc3686(ctr(aes)))",
2527 .test
= alg_test_null
,
2530 .alg
= "authenc(hmac(sha512),cbc(aes))",
2532 .test
= alg_test_aead
,
2535 .enc
= __VECS(hmac_sha512_aes_cbc_enc_tv_temp
)
2539 .alg
= "authenc(hmac(sha512),cbc(des))",
2540 .test
= alg_test_aead
,
2543 .enc
= __VECS(hmac_sha512_des_cbc_enc_tv_temp
)
2547 .alg
= "authenc(hmac(sha512),cbc(des3_ede))",
2548 .test
= alg_test_aead
,
2552 .enc
= __VECS(hmac_sha512_des3_ede_cbc_enc_tv_temp
)
2556 .alg
= "authenc(hmac(sha512),ctr(aes))",
2557 .test
= alg_test_null
,
2560 .alg
= "authenc(hmac(sha512),rfc3686(ctr(aes)))",
2561 .test
= alg_test_null
,
2565 .test
= alg_test_skcipher
,
2568 .cipher
= __VECS(aes_cbc_tv_template
)
2571 .alg
= "cbc(anubis)",
2572 .test
= alg_test_skcipher
,
2574 .cipher
= __VECS(anubis_cbc_tv_template
)
2577 .alg
= "cbc(blowfish)",
2578 .test
= alg_test_skcipher
,
2580 .cipher
= __VECS(bf_cbc_tv_template
)
2583 .alg
= "cbc(camellia)",
2584 .test
= alg_test_skcipher
,
2586 .cipher
= __VECS(camellia_cbc_tv_template
)
2589 .alg
= "cbc(cast5)",
2590 .test
= alg_test_skcipher
,
2592 .cipher
= __VECS(cast5_cbc_tv_template
)
2595 .alg
= "cbc(cast6)",
2596 .test
= alg_test_skcipher
,
2598 .cipher
= __VECS(cast6_cbc_tv_template
)
2602 .test
= alg_test_skcipher
,
2604 .cipher
= __VECS(des_cbc_tv_template
)
2607 .alg
= "cbc(des3_ede)",
2608 .test
= alg_test_skcipher
,
2611 .cipher
= __VECS(des3_ede_cbc_tv_template
)
2614 /* Same as cbc(aes) except the key is stored in
2615 * hardware secure memory which we reference by index
2618 .test
= alg_test_null
,
2621 .alg
= "cbc(serpent)",
2622 .test
= alg_test_skcipher
,
2624 .cipher
= __VECS(serpent_cbc_tv_template
)
2627 .alg
= "cbc(twofish)",
2628 .test
= alg_test_skcipher
,
2630 .cipher
= __VECS(tf_cbc_tv_template
)
2633 .alg
= "cbcmac(aes)",
2635 .test
= alg_test_hash
,
2637 .hash
= __VECS(aes_cbcmac_tv_template
)
2641 .test
= alg_test_aead
,
2645 .enc
= __VECS(aes_ccm_enc_tv_template
),
2646 .dec
= __VECS(aes_ccm_dec_tv_template
)
2651 .test
= alg_test_skcipher
,
2653 .cipher
= __VECS(chacha20_tv_template
)
2658 .test
= alg_test_hash
,
2660 .hash
= __VECS(aes_cmac128_tv_template
)
2663 .alg
= "cmac(des3_ede)",
2665 .test
= alg_test_hash
,
2667 .hash
= __VECS(des3_ede_cmac64_tv_template
)
2670 .alg
= "compress_null",
2671 .test
= alg_test_null
,
2674 .test
= alg_test_hash
,
2676 .hash
= __VECS(crc32_tv_template
)
2680 .test
= alg_test_crc32c
,
2683 .hash
= __VECS(crc32c_tv_template
)
2687 .test
= alg_test_hash
,
2690 .hash
= __VECS(crct10dif_tv_template
)
2694 .test
= alg_test_skcipher
,
2697 .cipher
= __VECS(aes_ctr_tv_template
)
2700 .alg
= "ctr(blowfish)",
2701 .test
= alg_test_skcipher
,
2703 .cipher
= __VECS(bf_ctr_tv_template
)
2706 .alg
= "ctr(camellia)",
2707 .test
= alg_test_skcipher
,
2709 .cipher
= __VECS(camellia_ctr_tv_template
)
2712 .alg
= "ctr(cast5)",
2713 .test
= alg_test_skcipher
,
2715 .cipher
= __VECS(cast5_ctr_tv_template
)
2718 .alg
= "ctr(cast6)",
2719 .test
= alg_test_skcipher
,
2721 .cipher
= __VECS(cast6_ctr_tv_template
)
2725 .test
= alg_test_skcipher
,
2727 .cipher
= __VECS(des_ctr_tv_template
)
2730 .alg
= "ctr(des3_ede)",
2731 .test
= alg_test_skcipher
,
2734 .cipher
= __VECS(des3_ede_ctr_tv_template
)
2737 /* Same as ctr(aes) except the key is stored in
2738 * hardware secure memory which we reference by index
2741 .test
= alg_test_null
,
2744 .alg
= "ctr(serpent)",
2745 .test
= alg_test_skcipher
,
2747 .cipher
= __VECS(serpent_ctr_tv_template
)
2750 .alg
= "ctr(twofish)",
2751 .test
= alg_test_skcipher
,
2753 .cipher
= __VECS(tf_ctr_tv_template
)
2756 .alg
= "cts(cbc(aes))",
2757 .test
= alg_test_skcipher
,
2759 .cipher
= __VECS(cts_mode_tv_template
)
2763 .test
= alg_test_comp
,
2767 .comp
= __VECS(deflate_comp_tv_template
),
2768 .decomp
= __VECS(deflate_decomp_tv_template
)
2773 .test
= alg_test_kpp
,
2776 .kpp
= __VECS(dh_tv_template
)
2779 .alg
= "digest_null",
2780 .test
= alg_test_null
,
2782 .alg
= "drbg_nopr_ctr_aes128",
2783 .test
= alg_test_drbg
,
2786 .drbg
= __VECS(drbg_nopr_ctr_aes128_tv_template
)
2789 .alg
= "drbg_nopr_ctr_aes192",
2790 .test
= alg_test_drbg
,
2793 .drbg
= __VECS(drbg_nopr_ctr_aes192_tv_template
)
2796 .alg
= "drbg_nopr_ctr_aes256",
2797 .test
= alg_test_drbg
,
2800 .drbg
= __VECS(drbg_nopr_ctr_aes256_tv_template
)
2804 * There is no need to specifically test the DRBG with every
2805 * backend cipher -- covered by drbg_nopr_hmac_sha256 test
2807 .alg
= "drbg_nopr_hmac_sha1",
2809 .test
= alg_test_null
,
2811 .alg
= "drbg_nopr_hmac_sha256",
2812 .test
= alg_test_drbg
,
2815 .drbg
= __VECS(drbg_nopr_hmac_sha256_tv_template
)
2818 /* covered by drbg_nopr_hmac_sha256 test */
2819 .alg
= "drbg_nopr_hmac_sha384",
2821 .test
= alg_test_null
,
2823 .alg
= "drbg_nopr_hmac_sha512",
2824 .test
= alg_test_null
,
2827 .alg
= "drbg_nopr_sha1",
2829 .test
= alg_test_null
,
2831 .alg
= "drbg_nopr_sha256",
2832 .test
= alg_test_drbg
,
2835 .drbg
= __VECS(drbg_nopr_sha256_tv_template
)
2838 /* covered by drbg_nopr_sha256 test */
2839 .alg
= "drbg_nopr_sha384",
2841 .test
= alg_test_null
,
2843 .alg
= "drbg_nopr_sha512",
2845 .test
= alg_test_null
,
2847 .alg
= "drbg_pr_ctr_aes128",
2848 .test
= alg_test_drbg
,
2851 .drbg
= __VECS(drbg_pr_ctr_aes128_tv_template
)
2854 /* covered by drbg_pr_ctr_aes128 test */
2855 .alg
= "drbg_pr_ctr_aes192",
2857 .test
= alg_test_null
,
2859 .alg
= "drbg_pr_ctr_aes256",
2861 .test
= alg_test_null
,
2863 .alg
= "drbg_pr_hmac_sha1",
2865 .test
= alg_test_null
,
2867 .alg
= "drbg_pr_hmac_sha256",
2868 .test
= alg_test_drbg
,
2871 .drbg
= __VECS(drbg_pr_hmac_sha256_tv_template
)
2874 /* covered by drbg_pr_hmac_sha256 test */
2875 .alg
= "drbg_pr_hmac_sha384",
2877 .test
= alg_test_null
,
2879 .alg
= "drbg_pr_hmac_sha512",
2880 .test
= alg_test_null
,
2883 .alg
= "drbg_pr_sha1",
2885 .test
= alg_test_null
,
2887 .alg
= "drbg_pr_sha256",
2888 .test
= alg_test_drbg
,
2891 .drbg
= __VECS(drbg_pr_sha256_tv_template
)
2894 /* covered by drbg_pr_sha256 test */
2895 .alg
= "drbg_pr_sha384",
2897 .test
= alg_test_null
,
2899 .alg
= "drbg_pr_sha512",
2901 .test
= alg_test_null
,
2904 .test
= alg_test_skcipher
,
2907 .cipher
= __VECS(aes_tv_template
)
2910 .alg
= "ecb(anubis)",
2911 .test
= alg_test_skcipher
,
2913 .cipher
= __VECS(anubis_tv_template
)
2917 .test
= alg_test_skcipher
,
2919 .cipher
= __VECS(arc4_tv_template
)
2922 .alg
= "ecb(blowfish)",
2923 .test
= alg_test_skcipher
,
2925 .cipher
= __VECS(bf_tv_template
)
2928 .alg
= "ecb(camellia)",
2929 .test
= alg_test_skcipher
,
2931 .cipher
= __VECS(camellia_tv_template
)
2934 .alg
= "ecb(cast5)",
2935 .test
= alg_test_skcipher
,
2937 .cipher
= __VECS(cast5_tv_template
)
2940 .alg
= "ecb(cast6)",
2941 .test
= alg_test_skcipher
,
2943 .cipher
= __VECS(cast6_tv_template
)
2946 .alg
= "ecb(cipher_null)",
2947 .test
= alg_test_null
,
2951 .test
= alg_test_skcipher
,
2953 .cipher
= __VECS(des_tv_template
)
2956 .alg
= "ecb(des3_ede)",
2957 .test
= alg_test_skcipher
,
2960 .cipher
= __VECS(des3_ede_tv_template
)
2963 .alg
= "ecb(fcrypt)",
2964 .test
= alg_test_skcipher
,
2967 .vecs
= fcrypt_pcbc_tv_template
,
2972 .alg
= "ecb(khazad)",
2973 .test
= alg_test_skcipher
,
2975 .cipher
= __VECS(khazad_tv_template
)
2978 /* Same as ecb(aes) except the key is stored in
2979 * hardware secure memory which we reference by index
2982 .test
= alg_test_null
,
2986 .test
= alg_test_skcipher
,
2988 .cipher
= __VECS(seed_tv_template
)
2991 .alg
= "ecb(serpent)",
2992 .test
= alg_test_skcipher
,
2994 .cipher
= __VECS(serpent_tv_template
)
2998 .test
= alg_test_skcipher
,
3000 .cipher
= __VECS(sm4_tv_template
)
3003 .alg
= "ecb(speck128)",
3004 .test
= alg_test_skcipher
,
3006 .cipher
= __VECS(speck128_tv_template
)
3009 .alg
= "ecb(speck64)",
3010 .test
= alg_test_skcipher
,
3012 .cipher
= __VECS(speck64_tv_template
)
3016 .test
= alg_test_skcipher
,
3018 .cipher
= __VECS(tea_tv_template
)
3021 .alg
= "ecb(tnepres)",
3022 .test
= alg_test_skcipher
,
3024 .cipher
= __VECS(tnepres_tv_template
)
3027 .alg
= "ecb(twofish)",
3028 .test
= alg_test_skcipher
,
3030 .cipher
= __VECS(tf_tv_template
)
3034 .test
= alg_test_skcipher
,
3036 .cipher
= __VECS(xeta_tv_template
)
3040 .test
= alg_test_skcipher
,
3042 .cipher
= __VECS(xtea_tv_template
)
3046 .test
= alg_test_kpp
,
3049 .kpp
= __VECS(ecdh_tv_template
)
3053 .test
= alg_test_aead
,
3057 .enc
= __VECS(aes_gcm_enc_tv_template
),
3058 .dec
= __VECS(aes_gcm_dec_tv_template
)
3063 .test
= alg_test_hash
,
3066 .hash
= __VECS(ghash_tv_template
)
3070 .test
= alg_test_hash
,
3072 .hash
= __VECS(hmac_md5_tv_template
)
3075 .alg
= "hmac(rmd128)",
3076 .test
= alg_test_hash
,
3078 .hash
= __VECS(hmac_rmd128_tv_template
)
3081 .alg
= "hmac(rmd160)",
3082 .test
= alg_test_hash
,
3084 .hash
= __VECS(hmac_rmd160_tv_template
)
3087 .alg
= "hmac(sha1)",
3088 .test
= alg_test_hash
,
3091 .hash
= __VECS(hmac_sha1_tv_template
)
3094 .alg
= "hmac(sha224)",
3095 .test
= alg_test_hash
,
3098 .hash
= __VECS(hmac_sha224_tv_template
)
3101 .alg
= "hmac(sha256)",
3102 .test
= alg_test_hash
,
3105 .hash
= __VECS(hmac_sha256_tv_template
)
3108 .alg
= "hmac(sha3-224)",
3109 .test
= alg_test_hash
,
3112 .hash
= __VECS(hmac_sha3_224_tv_template
)
3115 .alg
= "hmac(sha3-256)",
3116 .test
= alg_test_hash
,
3119 .hash
= __VECS(hmac_sha3_256_tv_template
)
3122 .alg
= "hmac(sha3-384)",
3123 .test
= alg_test_hash
,
3126 .hash
= __VECS(hmac_sha3_384_tv_template
)
3129 .alg
= "hmac(sha3-512)",
3130 .test
= alg_test_hash
,
3133 .hash
= __VECS(hmac_sha3_512_tv_template
)
3136 .alg
= "hmac(sha384)",
3137 .test
= alg_test_hash
,
3140 .hash
= __VECS(hmac_sha384_tv_template
)
3143 .alg
= "hmac(sha512)",
3144 .test
= alg_test_hash
,
3147 .hash
= __VECS(hmac_sha512_tv_template
)
3150 .alg
= "jitterentropy_rng",
3152 .test
= alg_test_null
,
3155 .test
= alg_test_skcipher
,
3158 .cipher
= __VECS(aes_kw_tv_template
)
3162 .test
= alg_test_skcipher
,
3164 .cipher
= __VECS(aes_lrw_tv_template
)
3167 .alg
= "lrw(camellia)",
3168 .test
= alg_test_skcipher
,
3170 .cipher
= __VECS(camellia_lrw_tv_template
)
3173 .alg
= "lrw(cast6)",
3174 .test
= alg_test_skcipher
,
3176 .cipher
= __VECS(cast6_lrw_tv_template
)
3179 .alg
= "lrw(serpent)",
3180 .test
= alg_test_skcipher
,
3182 .cipher
= __VECS(serpent_lrw_tv_template
)
3185 .alg
= "lrw(twofish)",
3186 .test
= alg_test_skcipher
,
3188 .cipher
= __VECS(tf_lrw_tv_template
)
3192 .test
= alg_test_comp
,
3196 .comp
= __VECS(lz4_comp_tv_template
),
3197 .decomp
= __VECS(lz4_decomp_tv_template
)
3202 .test
= alg_test_comp
,
3206 .comp
= __VECS(lz4hc_comp_tv_template
),
3207 .decomp
= __VECS(lz4hc_decomp_tv_template
)
3212 .test
= alg_test_comp
,
3216 .comp
= __VECS(lzo_comp_tv_template
),
3217 .decomp
= __VECS(lzo_decomp_tv_template
)
3222 .test
= alg_test_hash
,
3224 .hash
= __VECS(md4_tv_template
)
3228 .test
= alg_test_hash
,
3230 .hash
= __VECS(md5_tv_template
)
3233 .alg
= "michael_mic",
3234 .test
= alg_test_hash
,
3236 .hash
= __VECS(michael_mic_tv_template
)
3240 .test
= alg_test_aead
,
3243 .enc
= __VECS(morus1280_enc_tv_template
),
3244 .dec
= __VECS(morus1280_dec_tv_template
),
3249 .test
= alg_test_aead
,
3252 .enc
= __VECS(morus640_enc_tv_template
),
3253 .dec
= __VECS(morus640_dec_tv_template
),
3258 .test
= alg_test_skcipher
,
3261 .cipher
= __VECS(aes_ofb_tv_template
)
3264 /* Same as ofb(aes) except the key is stored in
3265 * hardware secure memory which we reference by index
3268 .test
= alg_test_null
,
3271 .alg
= "pcbc(fcrypt)",
3272 .test
= alg_test_skcipher
,
3274 .cipher
= __VECS(fcrypt_pcbc_tv_template
)
3277 .alg
= "pkcs1pad(rsa,sha224)",
3278 .test
= alg_test_null
,
3281 .alg
= "pkcs1pad(rsa,sha256)",
3282 .test
= alg_test_akcipher
,
3285 .akcipher
= __VECS(pkcs1pad_rsa_tv_template
)
3288 .alg
= "pkcs1pad(rsa,sha384)",
3289 .test
= alg_test_null
,
3292 .alg
= "pkcs1pad(rsa,sha512)",
3293 .test
= alg_test_null
,
3297 .test
= alg_test_hash
,
3299 .hash
= __VECS(poly1305_tv_template
)
3302 .alg
= "rfc3686(ctr(aes))",
3303 .test
= alg_test_skcipher
,
3306 .cipher
= __VECS(aes_ctr_rfc3686_tv_template
)
3309 .alg
= "rfc4106(gcm(aes))",
3310 .test
= alg_test_aead
,
3314 .enc
= __VECS(aes_gcm_rfc4106_enc_tv_template
),
3315 .dec
= __VECS(aes_gcm_rfc4106_dec_tv_template
)
3319 .alg
= "rfc4309(ccm(aes))",
3320 .test
= alg_test_aead
,
3324 .enc
= __VECS(aes_ccm_rfc4309_enc_tv_template
),
3325 .dec
= __VECS(aes_ccm_rfc4309_dec_tv_template
)
3329 .alg
= "rfc4543(gcm(aes))",
3330 .test
= alg_test_aead
,
3333 .enc
= __VECS(aes_gcm_rfc4543_enc_tv_template
),
3334 .dec
= __VECS(aes_gcm_rfc4543_dec_tv_template
),
3338 .alg
= "rfc7539(chacha20,poly1305)",
3339 .test
= alg_test_aead
,
3342 .enc
= __VECS(rfc7539_enc_tv_template
),
3343 .dec
= __VECS(rfc7539_dec_tv_template
),
3347 .alg
= "rfc7539esp(chacha20,poly1305)",
3348 .test
= alg_test_aead
,
3351 .enc
= __VECS(rfc7539esp_enc_tv_template
),
3352 .dec
= __VECS(rfc7539esp_dec_tv_template
),
3357 .test
= alg_test_hash
,
3359 .hash
= __VECS(rmd128_tv_template
)
3363 .test
= alg_test_hash
,
3365 .hash
= __VECS(rmd160_tv_template
)
3369 .test
= alg_test_hash
,
3371 .hash
= __VECS(rmd256_tv_template
)
3375 .test
= alg_test_hash
,
3377 .hash
= __VECS(rmd320_tv_template
)
3381 .test
= alg_test_akcipher
,
3384 .akcipher
= __VECS(rsa_tv_template
)
3388 .test
= alg_test_skcipher
,
3390 .cipher
= __VECS(salsa20_stream_tv_template
)
3394 .test
= alg_test_hash
,
3397 .hash
= __VECS(sha1_tv_template
)
3401 .test
= alg_test_hash
,
3404 .hash
= __VECS(sha224_tv_template
)
3408 .test
= alg_test_hash
,
3411 .hash
= __VECS(sha256_tv_template
)
3415 .test
= alg_test_hash
,
3418 .hash
= __VECS(sha3_224_tv_template
)
3422 .test
= alg_test_hash
,
3425 .hash
= __VECS(sha3_256_tv_template
)
3429 .test
= alg_test_hash
,
3432 .hash
= __VECS(sha3_384_tv_template
)
3436 .test
= alg_test_hash
,
3439 .hash
= __VECS(sha3_512_tv_template
)
3443 .test
= alg_test_hash
,
3446 .hash
= __VECS(sha384_tv_template
)
3450 .test
= alg_test_hash
,
3453 .hash
= __VECS(sha512_tv_template
)
3457 .test
= alg_test_hash
,
3459 .hash
= __VECS(sm3_tv_template
)
3463 .test
= alg_test_hash
,
3465 .hash
= __VECS(tgr128_tv_template
)
3469 .test
= alg_test_hash
,
3471 .hash
= __VECS(tgr160_tv_template
)
3475 .test
= alg_test_hash
,
3477 .hash
= __VECS(tgr192_tv_template
)
3481 .test
= alg_test_hash
,
3483 .hash
= __VECS(aes_vmac128_tv_template
)
3487 .test
= alg_test_hash
,
3489 .hash
= __VECS(wp256_tv_template
)
3493 .test
= alg_test_hash
,
3495 .hash
= __VECS(wp384_tv_template
)
3499 .test
= alg_test_hash
,
3501 .hash
= __VECS(wp512_tv_template
)
3505 .test
= alg_test_hash
,
3507 .hash
= __VECS(aes_xcbc128_tv_template
)
3511 .test
= alg_test_skcipher
,
3514 .cipher
= __VECS(aes_xts_tv_template
)
3517 .alg
= "xts(camellia)",
3518 .test
= alg_test_skcipher
,
3520 .cipher
= __VECS(camellia_xts_tv_template
)
3523 .alg
= "xts(cast6)",
3524 .test
= alg_test_skcipher
,
3526 .cipher
= __VECS(cast6_xts_tv_template
)
3529 /* Same as xts(aes) except the key is stored in
3530 * hardware secure memory which we reference by index
3533 .test
= alg_test_null
,
3536 .alg
= "xts(serpent)",
3537 .test
= alg_test_skcipher
,
3539 .cipher
= __VECS(serpent_xts_tv_template
)
3542 .alg
= "xts(speck128)",
3543 .test
= alg_test_skcipher
,
3545 .cipher
= __VECS(speck128_xts_tv_template
)
3548 .alg
= "xts(speck64)",
3549 .test
= alg_test_skcipher
,
3551 .cipher
= __VECS(speck64_xts_tv_template
)
3554 .alg
= "xts(twofish)",
3555 .test
= alg_test_skcipher
,
3557 .cipher
= __VECS(tf_xts_tv_template
)
3560 .alg
= "xts4096(paes)",
3561 .test
= alg_test_null
,
3564 .alg
= "xts512(paes)",
3565 .test
= alg_test_null
,
3568 .alg
= "zlib-deflate",
3569 .test
= alg_test_comp
,
3573 .comp
= __VECS(zlib_deflate_comp_tv_template
),
3574 .decomp
= __VECS(zlib_deflate_decomp_tv_template
)
3579 .test
= alg_test_comp
,
3583 .comp
= __VECS(zstd_comp_tv_template
),
3584 .decomp
= __VECS(zstd_decomp_tv_template
)
3590 static bool alg_test_descs_checked
;
3592 static void alg_test_descs_check_order(void)
3596 /* only check once */
3597 if (alg_test_descs_checked
)
3600 alg_test_descs_checked
= true;
3602 for (i
= 1; i
< ARRAY_SIZE(alg_test_descs
); i
++) {
3603 int diff
= strcmp(alg_test_descs
[i
- 1].alg
,
3604 alg_test_descs
[i
].alg
);
3606 if (WARN_ON(diff
> 0)) {
3607 pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n",
3608 alg_test_descs
[i
- 1].alg
,
3609 alg_test_descs
[i
].alg
);
3612 if (WARN_ON(diff
== 0)) {
3613 pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n",
3614 alg_test_descs
[i
].alg
);
3619 static int alg_find_test(const char *alg
)
3622 int end
= ARRAY_SIZE(alg_test_descs
);
3624 while (start
< end
) {
3625 int i
= (start
+ end
) / 2;
3626 int diff
= strcmp(alg_test_descs
[i
].alg
, alg
);
3644 int alg_test(const char *driver
, const char *alg
, u32 type
, u32 mask
)
3650 if (!fips_enabled
&& notests
) {
3651 printk_once(KERN_INFO
"alg: self-tests disabled\n");
3655 alg_test_descs_check_order();
3657 if ((type
& CRYPTO_ALG_TYPE_MASK
) == CRYPTO_ALG_TYPE_CIPHER
) {
3658 char nalg
[CRYPTO_MAX_ALG_NAME
];
3660 if (snprintf(nalg
, sizeof(nalg
), "ecb(%s)", alg
) >=
3662 return -ENAMETOOLONG
;
3664 i
= alg_find_test(nalg
);
3668 if (fips_enabled
&& !alg_test_descs
[i
].fips_allowed
)
3671 rc
= alg_test_cipher(alg_test_descs
+ i
, driver
, type
, mask
);
3675 i
= alg_find_test(alg
);
3676 j
= alg_find_test(driver
);
3680 if (fips_enabled
&& ((i
>= 0 && !alg_test_descs
[i
].fips_allowed
) ||
3681 (j
>= 0 && !alg_test_descs
[j
].fips_allowed
)))
3686 rc
|= alg_test_descs
[i
].test(alg_test_descs
+ i
, driver
,
3688 if (j
>= 0 && j
!= i
)
3689 rc
|= alg_test_descs
[j
].test(alg_test_descs
+ j
, driver
,
3693 if (fips_enabled
&& rc
)
3694 panic("%s: %s alg self test failed in fips mode!\n", driver
, alg
);
3696 if (fips_enabled
&& !rc
)
3697 pr_info("alg: self-tests for %s (%s) passed\n", driver
, alg
);
3702 printk(KERN_INFO
"alg: No test for %s (%s)\n", alg
, driver
);
3708 #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */
3710 EXPORT_SYMBOL_GPL(alg_test
);