2 * Algorithm testing framework and tests.
4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
6 * Copyright (c) 2007 Nokia Siemens Networks
7 * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
9 * Updated RFC4106 AES-GCM testing.
10 * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com)
11 * Adrian Hoban <adrian.hoban@intel.com>
12 * Gabriele Paoloni <gabriele.paoloni@intel.com>
13 * Tadeusz Struk (tadeusz.struk@intel.com)
14 * Copyright (c) 2010, Intel Corporation.
16 * This program is free software; you can redistribute it and/or modify it
17 * under the terms of the GNU General Public License as published by the Free
18 * Software Foundation; either version 2 of the License, or (at your option)
23 #include <crypto/aead.h>
24 #include <crypto/hash.h>
25 #include <crypto/skcipher.h>
26 #include <linux/err.h>
27 #include <linux/fips.h>
28 #include <linux/module.h>
29 #include <linux/scatterlist.h>
30 #include <linux/slab.h>
31 #include <linux/string.h>
32 #include <crypto/rng.h>
33 #include <crypto/drbg.h>
34 #include <crypto/akcipher.h>
35 #include <crypto/kpp.h>
36 #include <crypto/acompress.h>
41 module_param(notests, bool, 0644);
42 MODULE_PARM_DESC(notests, "disable crypto self-tests");
44 #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
47 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
57 * Need slab memory for testing (size in number of pages).
62 * Indexes into the xbuf to simulate cross-page access.
74 * Used by test_cipher()
79 struct aead_test_suite {
81 const struct aead_testvec *vecs;
86 struct cipher_test_suite {
87 const struct cipher_testvec *vecs;
91 struct comp_test_suite {
93 const struct comp_testvec *vecs;
98 struct hash_test_suite {
99 const struct hash_testvec *vecs;
103 struct cprng_test_suite {
104 const struct cprng_testvec *vecs;
108 struct drbg_test_suite {
109 const struct drbg_testvec *vecs;
113 struct akcipher_test_suite {
114 const struct akcipher_testvec *vecs;
118 struct kpp_test_suite {
119 const struct kpp_testvec *vecs;
123 struct alg_test_desc {
125 int (*test)(const struct alg_test_desc *desc, const char *driver,
127 int fips_allowed; /* set if alg is allowed in fips mode */
130 struct aead_test_suite aead;
131 struct cipher_test_suite cipher;
132 struct comp_test_suite comp;
133 struct hash_test_suite hash;
134 struct cprng_test_suite cprng;
135 struct drbg_test_suite drbg;
136 struct akcipher_test_suite akcipher;
137 struct kpp_test_suite kpp;
141 static const unsigned int IDX[8] = {
142 IDX1, IDX2, IDX3, IDX4, IDX5, IDX6, IDX7, IDX8 };
144 static void hexdump(unsigned char *buf, unsigned int len)
146 print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
151 static int testmgr_alloc_buf(char *buf[XBUFSIZE])
155 for (i = 0; i < XBUFSIZE; i++) {
156 buf[i] = (void *)__get_free_page(GFP_KERNEL);
165 free_page((unsigned long)buf[i]);
170 static void testmgr_free_buf(char *buf[XBUFSIZE])
174 for (i = 0; i < XBUFSIZE; i++)
175 free_page((unsigned long)buf[i]);
178 static int ahash_guard_result(char *result, char c, int size)
182 for (i = 0; i < size; i++) {
190 static int ahash_partial_update(struct ahash_request **preq,
191 struct crypto_ahash *tfm, const struct hash_testvec *template,
192 void *hash_buff, int k, int temp, struct scatterlist *sg,
193 const char *algo, char *result, struct crypto_wait *wait)
196 struct ahash_request *req;
197 int statesize, ret = -EINVAL;
198 static const unsigned char guard[] = { 0x00, 0xba, 0xad, 0x00 };
199 int digestsize = crypto_ahash_digestsize(tfm);
202 statesize = crypto_ahash_statesize(
203 crypto_ahash_reqtfm(req));
204 state = kmalloc(statesize + sizeof(guard), GFP_KERNEL);
206 pr_err("alg: hash: Failed to alloc state for %s\n", algo);
209 memcpy(state + statesize, guard, sizeof(guard));
210 memset(result, 1, digestsize);
211 ret = crypto_ahash_export(req, state);
212 WARN_ON(memcmp(state + statesize, guard, sizeof(guard)));
214 pr_err("alg: hash: Failed to export() for %s\n", algo);
217 ret = ahash_guard_result(result, 1, digestsize);
219 pr_err("alg: hash: Failed, export used req->result for %s\n",
223 ahash_request_free(req);
224 req = ahash_request_alloc(tfm, GFP_KERNEL);
226 pr_err("alg: hash: Failed to alloc request for %s\n", algo);
229 ahash_request_set_callback(req,
230 CRYPTO_TFM_REQ_MAY_BACKLOG,
231 crypto_req_done, wait);
233 memcpy(hash_buff, template->plaintext + temp,
235 sg_init_one(&sg[0], hash_buff, template->tap[k]);
236 ahash_request_set_crypt(req, sg, result, template->tap[k]);
237 ret = crypto_ahash_import(req, state);
239 pr_err("alg: hash: Failed to import() for %s\n", algo);
242 ret = ahash_guard_result(result, 1, digestsize);
244 pr_err("alg: hash: Failed, import used req->result for %s\n",
248 ret = crypto_wait_req(crypto_ahash_update(req), wait);
255 ahash_request_free(req);
268 static int __test_hash(struct crypto_ahash *tfm,
269 const struct hash_testvec *template, unsigned int tcount,
270 enum hash_test test_type, const int align_offset)
272 const char *algo = crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
273 size_t digest_size = crypto_ahash_digestsize(tfm);
274 unsigned int i, j, k, temp;
275 struct scatterlist sg[8];
278 struct ahash_request *req;
279 struct crypto_wait wait;
281 char *xbuf[XBUFSIZE];
284 result = kmalloc(digest_size, GFP_KERNEL);
287 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
290 if (testmgr_alloc_buf(xbuf))
293 crypto_init_wait(&wait);
295 req = ahash_request_alloc(tfm, GFP_KERNEL);
297 printk(KERN_ERR "alg: hash: Failed to allocate request for "
301 ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
302 crypto_req_done, &wait);
305 for (i = 0; i < tcount; i++) {
310 if (WARN_ON(align_offset + template[i].psize > PAGE_SIZE))
314 memset(result, 0, digest_size);
317 hash_buff += align_offset;
319 memcpy(hash_buff, template[i].plaintext, template[i].psize);
320 sg_init_one(&sg[0], hash_buff, template[i].psize);
322 if (template[i].ksize) {
323 crypto_ahash_clear_flags(tfm, ~0);
324 if (template[i].ksize > MAX_KEYLEN) {
325 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
326 j, algo, template[i].ksize, MAX_KEYLEN);
330 memcpy(key, template[i].key, template[i].ksize);
331 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
333 printk(KERN_ERR "alg: hash: setkey failed on "
334 "test %d for %s: ret=%d\n", j, algo,
340 ahash_request_set_crypt(req, sg, result, template[i].psize);
342 case HASH_TEST_DIGEST:
343 ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
345 pr_err("alg: hash: digest failed on test %d "
346 "for %s: ret=%d\n", j, algo, -ret);
351 case HASH_TEST_FINAL:
352 memset(result, 1, digest_size);
353 ret = crypto_wait_req(crypto_ahash_init(req), &wait);
355 pr_err("alg: hash: init failed on test %d "
356 "for %s: ret=%d\n", j, algo, -ret);
359 ret = ahash_guard_result(result, 1, digest_size);
361 pr_err("alg: hash: init failed on test %d "
362 "for %s: used req->result\n", j, algo);
365 ret = crypto_wait_req(crypto_ahash_update(req), &wait);
367 pr_err("alg: hash: update failed on test %d "
368 "for %s: ret=%d\n", j, algo, -ret);
371 ret = ahash_guard_result(result, 1, digest_size);
373 pr_err("alg: hash: update failed on test %d "
374 "for %s: used req->result\n", j, algo);
377 ret = crypto_wait_req(crypto_ahash_final(req), &wait);
379 pr_err("alg: hash: final failed on test %d "
380 "for %s: ret=%d\n", j, algo, -ret);
385 case HASH_TEST_FINUP:
386 memset(result, 1, digest_size);
387 ret = crypto_wait_req(crypto_ahash_init(req), &wait);
389 pr_err("alg: hash: init failed on test %d "
390 "for %s: ret=%d\n", j, algo, -ret);
393 ret = ahash_guard_result(result, 1, digest_size);
395 pr_err("alg: hash: init failed on test %d "
396 "for %s: used req->result\n", j, algo);
399 ret = crypto_wait_req(crypto_ahash_finup(req), &wait);
401 pr_err("alg: hash: final failed on test %d "
402 "for %s: ret=%d\n", j, algo, -ret);
408 if (memcmp(result, template[i].digest,
409 crypto_ahash_digestsize(tfm))) {
410 printk(KERN_ERR "alg: hash: Test %d failed for %s\n",
412 hexdump(result, crypto_ahash_digestsize(tfm));
422 for (i = 0; i < tcount; i++) {
423 /* alignment tests are only done with continuous buffers */
424 if (align_offset != 0)
431 memset(result, 0, digest_size);
434 sg_init_table(sg, template[i].np);
436 for (k = 0; k < template[i].np; k++) {
437 if (WARN_ON(offset_in_page(IDX[k]) +
438 template[i].tap[k] > PAGE_SIZE))
441 memcpy(xbuf[IDX[k] >> PAGE_SHIFT] +
442 offset_in_page(IDX[k]),
443 template[i].plaintext + temp,
446 temp += template[i].tap[k];
449 if (template[i].ksize) {
450 if (template[i].ksize > MAX_KEYLEN) {
451 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
452 j, algo, template[i].ksize, MAX_KEYLEN);
456 crypto_ahash_clear_flags(tfm, ~0);
457 memcpy(key, template[i].key, template[i].ksize);
458 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
461 printk(KERN_ERR "alg: hash: setkey "
462 "failed on chunking test %d "
463 "for %s: ret=%d\n", j, algo, -ret);
468 ahash_request_set_crypt(req, sg, result, template[i].psize);
469 ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
471 pr_err("alg: hash: digest failed on chunking test %d for %s: ret=%d\n",
476 if (memcmp(result, template[i].digest,
477 crypto_ahash_digestsize(tfm))) {
478 printk(KERN_ERR "alg: hash: Chunking test %d "
479 "failed for %s\n", j, algo);
480 hexdump(result, crypto_ahash_digestsize(tfm));
486 /* partial update exercise */
488 for (i = 0; i < tcount; i++) {
489 /* alignment tests are only done with continuous buffers */
490 if (align_offset != 0)
493 if (template[i].np < 2)
497 memset(result, 0, digest_size);
501 memcpy(hash_buff, template[i].plaintext,
503 sg_init_one(&sg[0], hash_buff, template[i].tap[0]);
505 if (template[i].ksize) {
506 crypto_ahash_clear_flags(tfm, ~0);
507 if (template[i].ksize > MAX_KEYLEN) {
508 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
509 j, algo, template[i].ksize, MAX_KEYLEN);
513 memcpy(key, template[i].key, template[i].ksize);
514 ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
516 pr_err("alg: hash: setkey failed on test %d for %s: ret=%d\n",
522 ahash_request_set_crypt(req, sg, result, template[i].tap[0]);
523 ret = crypto_wait_req(crypto_ahash_init(req), &wait);
525 pr_err("alg: hash: init failed on test %d for %s: ret=%d\n",
529 ret = crypto_wait_req(crypto_ahash_update(req), &wait);
531 pr_err("alg: hash: update failed on test %d for %s: ret=%d\n",
536 temp = template[i].tap[0];
537 for (k = 1; k < template[i].np; k++) {
538 ret = ahash_partial_update(&req, tfm, &template[i],
539 hash_buff, k, temp, &sg[0], algo, result,
542 pr_err("alg: hash: partial update failed on test %d for %s: ret=%d\n",
546 temp += template[i].tap[k];
548 ret = crypto_wait_req(crypto_ahash_final(req), &wait);
550 pr_err("alg: hash: final failed on test %d for %s: ret=%d\n",
554 if (memcmp(result, template[i].digest,
555 crypto_ahash_digestsize(tfm))) {
556 pr_err("alg: hash: Partial Test %d failed for %s\n",
558 hexdump(result, crypto_ahash_digestsize(tfm));
567 ahash_request_free(req);
569 testmgr_free_buf(xbuf);
576 static int test_hash(struct crypto_ahash *tfm,
577 const struct hash_testvec *template,
578 unsigned int tcount, enum hash_test test_type)
580 unsigned int alignmask;
583 ret = __test_hash(tfm, template, tcount, test_type, 0);
587 /* test unaligned buffers, check with one byte offset */
588 ret = __test_hash(tfm, template, tcount, test_type, 1);
592 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
594 /* Check if alignment mask for tfm is correctly set. */
595 ret = __test_hash(tfm, template, tcount, test_type,
604 static int __test_aead(struct crypto_aead *tfm, int enc,
605 const struct aead_testvec *template, unsigned int tcount,
606 const bool diff_dst, const int align_offset)
608 const char *algo = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
609 unsigned int i, j, k, n, temp;
613 struct aead_request *req;
614 struct scatterlist *sg;
615 struct scatterlist *sgout;
617 struct crypto_wait wait;
618 unsigned int authsize, iv_len;
623 char *xbuf[XBUFSIZE];
624 char *xoutbuf[XBUFSIZE];
625 char *axbuf[XBUFSIZE];
627 iv = kzalloc(MAX_IVLEN, GFP_KERNEL);
630 key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
633 if (testmgr_alloc_buf(xbuf))
635 if (testmgr_alloc_buf(axbuf))
637 if (diff_dst && testmgr_alloc_buf(xoutbuf))
640 /* avoid "the frame size is larger than 1024 bytes" compiler warning */
641 sg = kmalloc(array3_size(sizeof(*sg), 8, (diff_dst ? 4 : 2)),
657 crypto_init_wait(&wait);
659 req = aead_request_alloc(tfm, GFP_KERNEL);
661 pr_err("alg: aead%s: Failed to allocate request for %s\n",
666 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
667 crypto_req_done, &wait);
669 iv_len = crypto_aead_ivsize(tfm);
671 for (i = 0, j = 0; i < tcount; i++) {
674 if (enc && template[i].novrfy)
679 /* some templates have no input data but they will
683 input += align_offset;
687 if (WARN_ON(align_offset + template[i].ilen >
688 PAGE_SIZE || template[i].alen > PAGE_SIZE))
691 memcpy(input, template[i].input, template[i].ilen);
692 memcpy(assoc, template[i].assoc, template[i].alen);
694 memcpy(iv, template[i].iv, iv_len);
696 memset(iv, 0, iv_len);
698 crypto_aead_clear_flags(tfm, ~0);
700 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
702 if (template[i].klen > MAX_KEYLEN) {
703 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
704 d, j, algo, template[i].klen,
709 memcpy(key, template[i].key, template[i].klen);
711 ret = crypto_aead_setkey(tfm, key, template[i].klen);
712 if (template[i].fail == !ret) {
713 pr_err("alg: aead%s: setkey failed on test %d for %s: flags=%x\n",
714 d, j, algo, crypto_aead_get_flags(tfm));
719 authsize = abs(template[i].rlen - template[i].ilen);
720 ret = crypto_aead_setauthsize(tfm, authsize);
722 pr_err("alg: aead%s: Failed to set authsize to %u on test %d for %s\n",
723 d, authsize, j, algo);
727 k = !!template[i].alen;
728 sg_init_table(sg, k + 1);
729 sg_set_buf(&sg[0], assoc, template[i].alen);
730 sg_set_buf(&sg[k], input,
731 template[i].ilen + (enc ? authsize : 0));
735 sg_init_table(sgout, k + 1);
736 sg_set_buf(&sgout[0], assoc, template[i].alen);
739 output += align_offset;
740 sg_set_buf(&sgout[k], output,
741 template[i].rlen + (enc ? 0 : authsize));
744 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
745 template[i].ilen, iv);
747 aead_request_set_ad(req, template[i].alen);
749 ret = crypto_wait_req(enc ? crypto_aead_encrypt(req)
750 : crypto_aead_decrypt(req), &wait);
754 if (template[i].novrfy) {
755 /* verification was supposed to fail */
756 pr_err("alg: aead%s: %s failed on test %d for %s: ret was 0, expected -EBADMSG\n",
758 /* so really, we got a bad message */
764 if (template[i].novrfy)
765 /* verification failure was expected */
769 pr_err("alg: aead%s: %s failed on test %d for %s: ret=%d\n",
770 d, e, j, algo, -ret);
775 if (memcmp(q, template[i].result, template[i].rlen)) {
776 pr_err("alg: aead%s: Test %d failed on %s for %s\n",
778 hexdump(q, template[i].rlen);
784 for (i = 0, j = 0; i < tcount; i++) {
785 /* alignment tests are only done with continuous buffers */
786 if (align_offset != 0)
792 if (enc && template[i].novrfy)
798 memcpy(iv, template[i].iv, iv_len);
800 memset(iv, 0, MAX_IVLEN);
802 crypto_aead_clear_flags(tfm, ~0);
804 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
805 if (template[i].klen > MAX_KEYLEN) {
806 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
807 d, j, algo, template[i].klen, MAX_KEYLEN);
811 memcpy(key, template[i].key, template[i].klen);
813 ret = crypto_aead_setkey(tfm, key, template[i].klen);
814 if (template[i].fail == !ret) {
815 pr_err("alg: aead%s: setkey failed on chunk test %d for %s: flags=%x\n",
816 d, j, algo, crypto_aead_get_flags(tfm));
821 authsize = abs(template[i].rlen - template[i].ilen);
824 sg_init_table(sg, template[i].anp + template[i].np);
826 sg_init_table(sgout, template[i].anp + template[i].np);
829 for (k = 0, temp = 0; k < template[i].anp; k++) {
830 if (WARN_ON(offset_in_page(IDX[k]) +
831 template[i].atap[k] > PAGE_SIZE))
834 memcpy(axbuf[IDX[k] >> PAGE_SHIFT] +
835 offset_in_page(IDX[k]),
836 template[i].assoc + temp,
837 template[i].atap[k]),
838 template[i].atap[k]);
840 sg_set_buf(&sgout[k],
841 axbuf[IDX[k] >> PAGE_SHIFT] +
842 offset_in_page(IDX[k]),
843 template[i].atap[k]);
844 temp += template[i].atap[k];
847 for (k = 0, temp = 0; k < template[i].np; k++) {
848 if (WARN_ON(offset_in_page(IDX[k]) +
849 template[i].tap[k] > PAGE_SIZE))
852 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
853 memcpy(q, template[i].input + temp, template[i].tap[k]);
854 sg_set_buf(&sg[template[i].anp + k],
855 q, template[i].tap[k]);
858 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
859 offset_in_page(IDX[k]);
861 memset(q, 0, template[i].tap[k]);
863 sg_set_buf(&sgout[template[i].anp + k],
864 q, template[i].tap[k]);
867 n = template[i].tap[k];
868 if (k == template[i].np - 1 && enc)
870 if (offset_in_page(q) + n < PAGE_SIZE)
873 temp += template[i].tap[k];
876 ret = crypto_aead_setauthsize(tfm, authsize);
878 pr_err("alg: aead%s: Failed to set authsize to %u on chunk test %d for %s\n",
879 d, authsize, j, algo);
884 if (WARN_ON(sg[template[i].anp + k - 1].offset +
885 sg[template[i].anp + k - 1].length +
886 authsize > PAGE_SIZE)) {
892 sgout[template[i].anp + k - 1].length +=
894 sg[template[i].anp + k - 1].length += authsize;
897 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
901 aead_request_set_ad(req, template[i].alen);
903 ret = crypto_wait_req(enc ? crypto_aead_encrypt(req)
904 : crypto_aead_decrypt(req), &wait);
908 if (template[i].novrfy) {
909 /* verification was supposed to fail */
910 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret was 0, expected -EBADMSG\n",
912 /* so really, we got a bad message */
918 if (template[i].novrfy)
919 /* verification failure was expected */
923 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret=%d\n",
924 d, e, j, algo, -ret);
929 for (k = 0, temp = 0; k < template[i].np; k++) {
931 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
932 offset_in_page(IDX[k]);
934 q = xbuf[IDX[k] >> PAGE_SHIFT] +
935 offset_in_page(IDX[k]);
937 n = template[i].tap[k];
938 if (k == template[i].np - 1)
939 n += enc ? authsize : -authsize;
941 if (memcmp(q, template[i].result + temp, n)) {
942 pr_err("alg: aead%s: Chunk test %d failed on %s at page %u for %s\n",
949 if (k == template[i].np - 1 && !enc) {
951 memcmp(q, template[i].input +
957 for (n = 0; offset_in_page(q + n) && q[n]; n++)
961 pr_err("alg: aead%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
962 d, j, e, k, algo, n);
967 temp += template[i].tap[k];
974 aead_request_free(req);
978 testmgr_free_buf(xoutbuf);
980 testmgr_free_buf(axbuf);
982 testmgr_free_buf(xbuf);
989 static int test_aead(struct crypto_aead *tfm, int enc,
990 const struct aead_testvec *template, unsigned int tcount)
992 unsigned int alignmask;
995 /* test 'dst == src' case */
996 ret = __test_aead(tfm, enc, template, tcount, false, 0);
1000 /* test 'dst != src' case */
1001 ret = __test_aead(tfm, enc, template, tcount, true, 0);
1005 /* test unaligned buffers, check with one byte offset */
1006 ret = __test_aead(tfm, enc, template, tcount, true, 1);
1010 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
1012 /* Check if alignment mask for tfm is correctly set. */
1013 ret = __test_aead(tfm, enc, template, tcount, true,
1022 static int test_cipher(struct crypto_cipher *tfm, int enc,
1023 const struct cipher_testvec *template,
1024 unsigned int tcount)
1026 const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm));
1027 unsigned int i, j, k;
1030 const char *input, *result;
1032 char *xbuf[XBUFSIZE];
1035 if (testmgr_alloc_buf(xbuf))
1044 for (i = 0; i < tcount; i++) {
1048 if (fips_enabled && template[i].fips_skip)
1051 input = enc ? template[i].ptext : template[i].ctext;
1052 result = enc ? template[i].ctext : template[i].ptext;
1056 if (WARN_ON(template[i].len > PAGE_SIZE))
1060 memcpy(data, input, template[i].len);
1062 crypto_cipher_clear_flags(tfm, ~0);
1064 crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
1066 ret = crypto_cipher_setkey(tfm, template[i].key,
1068 if (template[i].fail == !ret) {
1069 printk(KERN_ERR "alg: cipher: setkey failed "
1070 "on test %d for %s: flags=%x\n", j,
1071 algo, crypto_cipher_get_flags(tfm));
1076 for (k = 0; k < template[i].len;
1077 k += crypto_cipher_blocksize(tfm)) {
1079 crypto_cipher_encrypt_one(tfm, data + k,
1082 crypto_cipher_decrypt_one(tfm, data + k,
1087 if (memcmp(q, result, template[i].len)) {
1088 printk(KERN_ERR "alg: cipher: Test %d failed "
1089 "on %s for %s\n", j, e, algo);
1090 hexdump(q, template[i].len);
1099 testmgr_free_buf(xbuf);
1104 static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
1105 const struct cipher_testvec *template,
1106 unsigned int tcount,
1107 const bool diff_dst, const int align_offset)
1110 crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
1111 unsigned int i, j, k, n, temp;
1113 struct skcipher_request *req;
1114 struct scatterlist sg[8];
1115 struct scatterlist sgout[8];
1117 struct crypto_wait wait;
1118 const char *input, *result;
1121 char *xbuf[XBUFSIZE];
1122 char *xoutbuf[XBUFSIZE];
1124 unsigned int ivsize = crypto_skcipher_ivsize(tfm);
1126 if (testmgr_alloc_buf(xbuf))
1129 if (diff_dst && testmgr_alloc_buf(xoutbuf))
1142 crypto_init_wait(&wait);
1144 req = skcipher_request_alloc(tfm, GFP_KERNEL);
1146 pr_err("alg: skcipher%s: Failed to allocate request for %s\n",
1151 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1152 crypto_req_done, &wait);
1155 for (i = 0; i < tcount; i++) {
1156 if (template[i].np && !template[i].also_non_np)
1159 if (fips_enabled && template[i].fips_skip)
1162 if (template[i].iv && !(template[i].generates_iv && enc))
1163 memcpy(iv, template[i].iv, ivsize);
1165 memset(iv, 0, MAX_IVLEN);
1167 input = enc ? template[i].ptext : template[i].ctext;
1168 result = enc ? template[i].ctext : template[i].ptext;
1171 if (WARN_ON(align_offset + template[i].len > PAGE_SIZE))
1175 data += align_offset;
1176 memcpy(data, input, template[i].len);
1178 crypto_skcipher_clear_flags(tfm, ~0);
1180 crypto_skcipher_set_flags(tfm,
1181 CRYPTO_TFM_REQ_WEAK_KEY);
1183 ret = crypto_skcipher_setkey(tfm, template[i].key,
1185 if (template[i].fail == !ret) {
1186 pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n",
1187 d, j, algo, crypto_skcipher_get_flags(tfm));
1192 sg_init_one(&sg[0], data, template[i].len);
1195 data += align_offset;
1196 sg_init_one(&sgout[0], data, template[i].len);
1199 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1200 template[i].len, iv);
1201 ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
1202 crypto_skcipher_decrypt(req), &wait);
1205 pr_err("alg: skcipher%s: %s failed on test %d for %s: ret=%d\n",
1206 d, e, j, algo, -ret);
1211 if (memcmp(q, result, template[i].len)) {
1212 pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n",
1214 hexdump(q, template[i].len);
1219 if (template[i].generates_iv && enc &&
1220 memcmp(iv, template[i].iv, crypto_skcipher_ivsize(tfm))) {
1221 pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n",
1223 hexdump(iv, crypto_skcipher_ivsize(tfm));
1230 for (i = 0; i < tcount; i++) {
1231 /* alignment tests are only done with continuous buffers */
1232 if (align_offset != 0)
1235 if (!template[i].np)
1238 if (fips_enabled && template[i].fips_skip)
1241 if (template[i].iv && !(template[i].generates_iv && enc))
1242 memcpy(iv, template[i].iv, ivsize);
1244 memset(iv, 0, MAX_IVLEN);
1246 input = enc ? template[i].ptext : template[i].ctext;
1247 result = enc ? template[i].ctext : template[i].ptext;
1249 crypto_skcipher_clear_flags(tfm, ~0);
1251 crypto_skcipher_set_flags(tfm,
1252 CRYPTO_TFM_REQ_WEAK_KEY);
1254 ret = crypto_skcipher_setkey(tfm, template[i].key,
1256 if (template[i].fail == !ret) {
1257 pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n",
1258 d, j, algo, crypto_skcipher_get_flags(tfm));
1265 sg_init_table(sg, template[i].np);
1267 sg_init_table(sgout, template[i].np);
1268 for (k = 0; k < template[i].np; k++) {
1269 if (WARN_ON(offset_in_page(IDX[k]) +
1270 template[i].tap[k] > PAGE_SIZE))
1273 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
1275 memcpy(q, input + temp, template[i].tap[k]);
1277 if (offset_in_page(q) + template[i].tap[k] < PAGE_SIZE)
1278 q[template[i].tap[k]] = 0;
1280 sg_set_buf(&sg[k], q, template[i].tap[k]);
1282 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1283 offset_in_page(IDX[k]);
1285 sg_set_buf(&sgout[k], q, template[i].tap[k]);
1287 memset(q, 0, template[i].tap[k]);
1288 if (offset_in_page(q) +
1289 template[i].tap[k] < PAGE_SIZE)
1290 q[template[i].tap[k]] = 0;
1293 temp += template[i].tap[k];
1296 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1297 template[i].len, iv);
1299 ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
1300 crypto_skcipher_decrypt(req), &wait);
1303 pr_err("alg: skcipher%s: %s failed on chunk test %d for %s: ret=%d\n",
1304 d, e, j, algo, -ret);
1310 for (k = 0; k < template[i].np; k++) {
1312 q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1313 offset_in_page(IDX[k]);
1315 q = xbuf[IDX[k] >> PAGE_SHIFT] +
1316 offset_in_page(IDX[k]);
1318 if (memcmp(q, result + temp, template[i].tap[k])) {
1319 pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n",
1321 hexdump(q, template[i].tap[k]);
1325 q += template[i].tap[k];
1326 for (n = 0; offset_in_page(q + n) && q[n]; n++)
1329 pr_err("alg: skcipher%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
1330 d, j, e, k, algo, n);
1334 temp += template[i].tap[k];
1341 skcipher_request_free(req);
1343 testmgr_free_buf(xoutbuf);
1345 testmgr_free_buf(xbuf);
1350 static int test_skcipher(struct crypto_skcipher *tfm, int enc,
1351 const struct cipher_testvec *template,
1352 unsigned int tcount)
1354 unsigned int alignmask;
1357 /* test 'dst == src' case */
1358 ret = __test_skcipher(tfm, enc, template, tcount, false, 0);
1362 /* test 'dst != src' case */
1363 ret = __test_skcipher(tfm, enc, template, tcount, true, 0);
1367 /* test unaligned buffers, check with one byte offset */
1368 ret = __test_skcipher(tfm, enc, template, tcount, true, 1);
1372 alignmask = crypto_tfm_alg_alignmask(&tfm->base);
1374 /* Check if alignment mask for tfm is correctly set. */
1375 ret = __test_skcipher(tfm, enc, template, tcount, true,
1384 static int test_comp(struct crypto_comp *tfm,
1385 const struct comp_testvec *ctemplate,
1386 const struct comp_testvec *dtemplate,
1387 int ctcount, int dtcount)
1389 const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm));
1390 char *output, *decomp_output;
1394 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1398 decomp_output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1399 if (!decomp_output) {
1404 for (i = 0; i < ctcount; i++) {
1406 unsigned int dlen = COMP_BUF_SIZE;
1408 memset(output, 0, COMP_BUF_SIZE);
1409 memset(decomp_output, 0, COMP_BUF_SIZE);
1411 ilen = ctemplate[i].inlen;
1412 ret = crypto_comp_compress(tfm, ctemplate[i].input,
1413 ilen, output, &dlen);
1415 printk(KERN_ERR "alg: comp: compression failed "
1416 "on test %d for %s: ret=%d\n", i + 1, algo,
1422 dlen = COMP_BUF_SIZE;
1423 ret = crypto_comp_decompress(tfm, output,
1424 ilen, decomp_output, &dlen);
1426 pr_err("alg: comp: compression failed: decompress: on test %d for %s failed: ret=%d\n",
1431 if (dlen != ctemplate[i].inlen) {
1432 printk(KERN_ERR "alg: comp: Compression test %d "
1433 "failed for %s: output len = %d\n", i + 1, algo,
1439 if (memcmp(decomp_output, ctemplate[i].input,
1440 ctemplate[i].inlen)) {
1441 pr_err("alg: comp: compression failed: output differs: on test %d for %s\n",
1443 hexdump(decomp_output, dlen);
1449 for (i = 0; i < dtcount; i++) {
1451 unsigned int dlen = COMP_BUF_SIZE;
1453 memset(decomp_output, 0, COMP_BUF_SIZE);
1455 ilen = dtemplate[i].inlen;
1456 ret = crypto_comp_decompress(tfm, dtemplate[i].input,
1457 ilen, decomp_output, &dlen);
1459 printk(KERN_ERR "alg: comp: decompression failed "
1460 "on test %d for %s: ret=%d\n", i + 1, algo,
1465 if (dlen != dtemplate[i].outlen) {
1466 printk(KERN_ERR "alg: comp: Decompression test %d "
1467 "failed for %s: output len = %d\n", i + 1, algo,
1473 if (memcmp(decomp_output, dtemplate[i].output, dlen)) {
1474 printk(KERN_ERR "alg: comp: Decompression test %d "
1475 "failed for %s\n", i + 1, algo);
1476 hexdump(decomp_output, dlen);
1485 kfree(decomp_output);
1490 static int test_acomp(struct crypto_acomp *tfm,
1491 const struct comp_testvec *ctemplate,
1492 const struct comp_testvec *dtemplate,
1493 int ctcount, int dtcount)
1495 const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm));
1497 char *output, *decomp_out;
1499 struct scatterlist src, dst;
1500 struct acomp_req *req;
1501 struct crypto_wait wait;
1503 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1507 decomp_out = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1513 for (i = 0; i < ctcount; i++) {
1514 unsigned int dlen = COMP_BUF_SIZE;
1515 int ilen = ctemplate[i].inlen;
1518 input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL);
1524 memset(output, 0, dlen);
1525 crypto_init_wait(&wait);
1526 sg_init_one(&src, input_vec, ilen);
1527 sg_init_one(&dst, output, dlen);
1529 req = acomp_request_alloc(tfm);
1531 pr_err("alg: acomp: request alloc failed for %s\n",
1538 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1539 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1540 crypto_req_done, &wait);
1542 ret = crypto_wait_req(crypto_acomp_compress(req), &wait);
1544 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1547 acomp_request_free(req);
1552 dlen = COMP_BUF_SIZE;
1553 sg_init_one(&src, output, ilen);
1554 sg_init_one(&dst, decomp_out, dlen);
1555 crypto_init_wait(&wait);
1556 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1558 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait);
1560 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1563 acomp_request_free(req);
1567 if (req->dlen != ctemplate[i].inlen) {
1568 pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n",
1569 i + 1, algo, req->dlen);
1572 acomp_request_free(req);
1576 if (memcmp(input_vec, decomp_out, req->dlen)) {
1577 pr_err("alg: acomp: Compression test %d failed for %s\n",
1579 hexdump(output, req->dlen);
1582 acomp_request_free(req);
1587 acomp_request_free(req);
1590 for (i = 0; i < dtcount; i++) {
1591 unsigned int dlen = COMP_BUF_SIZE;
1592 int ilen = dtemplate[i].inlen;
1595 input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL);
1601 memset(output, 0, dlen);
1602 crypto_init_wait(&wait);
1603 sg_init_one(&src, input_vec, ilen);
1604 sg_init_one(&dst, output, dlen);
1606 req = acomp_request_alloc(tfm);
1608 pr_err("alg: acomp: request alloc failed for %s\n",
1615 acomp_request_set_params(req, &src, &dst, ilen, dlen);
1616 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1617 crypto_req_done, &wait);
1619 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait);
1621 pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n",
1624 acomp_request_free(req);
1628 if (req->dlen != dtemplate[i].outlen) {
1629 pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n",
1630 i + 1, algo, req->dlen);
1633 acomp_request_free(req);
1637 if (memcmp(output, dtemplate[i].output, req->dlen)) {
1638 pr_err("alg: acomp: Decompression test %d failed for %s\n",
1640 hexdump(output, req->dlen);
1643 acomp_request_free(req);
1648 acomp_request_free(req);
1659 static int test_cprng(struct crypto_rng *tfm,
1660 const struct cprng_testvec *template,
1661 unsigned int tcount)
1663 const char *algo = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm));
1664 int err = 0, i, j, seedsize;
1668 seedsize = crypto_rng_seedsize(tfm);
1670 seed = kmalloc(seedsize, GFP_KERNEL);
1672 printk(KERN_ERR "alg: cprng: Failed to allocate seed space "
1677 for (i = 0; i < tcount; i++) {
1678 memset(result, 0, 32);
1680 memcpy(seed, template[i].v, template[i].vlen);
1681 memcpy(seed + template[i].vlen, template[i].key,
1683 memcpy(seed + template[i].vlen + template[i].klen,
1684 template[i].dt, template[i].dtlen);
1686 err = crypto_rng_reset(tfm, seed, seedsize);
1688 printk(KERN_ERR "alg: cprng: Failed to reset rng "
1693 for (j = 0; j < template[i].loops; j++) {
1694 err = crypto_rng_get_bytes(tfm, result,
1697 printk(KERN_ERR "alg: cprng: Failed to obtain "
1698 "the correct amount of random data for "
1699 "%s (requested %d)\n", algo,
1705 err = memcmp(result, template[i].result,
1708 printk(KERN_ERR "alg: cprng: Test %d failed for %s\n",
1710 hexdump(result, template[i].rlen);
1721 static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
1724 struct crypto_aead *tfm;
1727 tfm = crypto_alloc_aead(driver, type, mask);
1729 printk(KERN_ERR "alg: aead: Failed to load transform for %s: "
1730 "%ld\n", driver, PTR_ERR(tfm));
1731 return PTR_ERR(tfm);
1734 if (desc->suite.aead.enc.vecs) {
1735 err = test_aead(tfm, ENCRYPT, desc->suite.aead.enc.vecs,
1736 desc->suite.aead.enc.count);
1741 if (!err && desc->suite.aead.dec.vecs)
1742 err = test_aead(tfm, DECRYPT, desc->suite.aead.dec.vecs,
1743 desc->suite.aead.dec.count);
1746 crypto_free_aead(tfm);
1750 static int alg_test_cipher(const struct alg_test_desc *desc,
1751 const char *driver, u32 type, u32 mask)
1753 const struct cipher_test_suite *suite = &desc->suite.cipher;
1754 struct crypto_cipher *tfm;
1757 tfm = crypto_alloc_cipher(driver, type, mask);
1759 printk(KERN_ERR "alg: cipher: Failed to load transform for "
1760 "%s: %ld\n", driver, PTR_ERR(tfm));
1761 return PTR_ERR(tfm);
1764 err = test_cipher(tfm, ENCRYPT, suite->vecs, suite->count);
1766 err = test_cipher(tfm, DECRYPT, suite->vecs, suite->count);
1768 crypto_free_cipher(tfm);
1772 static int alg_test_skcipher(const struct alg_test_desc *desc,
1773 const char *driver, u32 type, u32 mask)
1775 const struct cipher_test_suite *suite = &desc->suite.cipher;
1776 struct crypto_skcipher *tfm;
1779 tfm = crypto_alloc_skcipher(driver, type, mask);
1781 printk(KERN_ERR "alg: skcipher: Failed to load transform for "
1782 "%s: %ld\n", driver, PTR_ERR(tfm));
1783 return PTR_ERR(tfm);
1786 err = test_skcipher(tfm, ENCRYPT, suite->vecs, suite->count);
1788 err = test_skcipher(tfm, DECRYPT, suite->vecs, suite->count);
1790 crypto_free_skcipher(tfm);
1794 static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
1797 struct crypto_comp *comp;
1798 struct crypto_acomp *acomp;
1800 u32 algo_type = type & CRYPTO_ALG_TYPE_ACOMPRESS_MASK;
1802 if (algo_type == CRYPTO_ALG_TYPE_ACOMPRESS) {
1803 acomp = crypto_alloc_acomp(driver, type, mask);
1804 if (IS_ERR(acomp)) {
1805 pr_err("alg: acomp: Failed to load transform for %s: %ld\n",
1806 driver, PTR_ERR(acomp));
1807 return PTR_ERR(acomp);
1809 err = test_acomp(acomp, desc->suite.comp.comp.vecs,
1810 desc->suite.comp.decomp.vecs,
1811 desc->suite.comp.comp.count,
1812 desc->suite.comp.decomp.count);
1813 crypto_free_acomp(acomp);
1815 comp = crypto_alloc_comp(driver, type, mask);
1817 pr_err("alg: comp: Failed to load transform for %s: %ld\n",
1818 driver, PTR_ERR(comp));
1819 return PTR_ERR(comp);
1822 err = test_comp(comp, desc->suite.comp.comp.vecs,
1823 desc->suite.comp.decomp.vecs,
1824 desc->suite.comp.comp.count,
1825 desc->suite.comp.decomp.count);
1827 crypto_free_comp(comp);
1832 static int __alg_test_hash(const struct hash_testvec *template,
1833 unsigned int tcount, const char *driver,
1836 struct crypto_ahash *tfm;
1839 tfm = crypto_alloc_ahash(driver, type, mask);
1841 printk(KERN_ERR "alg: hash: Failed to load transform for %s: "
1842 "%ld\n", driver, PTR_ERR(tfm));
1843 return PTR_ERR(tfm);
1846 err = test_hash(tfm, template, tcount, HASH_TEST_DIGEST);
1848 err = test_hash(tfm, template, tcount, HASH_TEST_FINAL);
1850 err = test_hash(tfm, template, tcount, HASH_TEST_FINUP);
1851 crypto_free_ahash(tfm);
1855 static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
1858 const struct hash_testvec *template = desc->suite.hash.vecs;
1859 unsigned int tcount = desc->suite.hash.count;
1860 unsigned int nr_unkeyed, nr_keyed;
1864 * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests
1865 * first, before setting a key on the tfm. To make this easier, we
1866 * require that the unkeyed test vectors (if any) are listed first.
1869 for (nr_unkeyed = 0; nr_unkeyed < tcount; nr_unkeyed++) {
1870 if (template[nr_unkeyed].ksize)
1873 for (nr_keyed = 0; nr_unkeyed + nr_keyed < tcount; nr_keyed++) {
1874 if (!template[nr_unkeyed + nr_keyed].ksize) {
1875 pr_err("alg: hash: test vectors for %s out of order, "
1876 "unkeyed ones must come first\n", desc->alg);
1883 err = __alg_test_hash(template, nr_unkeyed, driver, type, mask);
1884 template += nr_unkeyed;
1887 if (!err && nr_keyed)
1888 err = __alg_test_hash(template, nr_keyed, driver, type, mask);
1893 static int alg_test_crc32c(const struct alg_test_desc *desc,
1894 const char *driver, u32 type, u32 mask)
1896 struct crypto_shash *tfm;
1900 err = alg_test_hash(desc, driver, type, mask);
1904 tfm = crypto_alloc_shash(driver, type, mask);
1906 printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: "
1907 "%ld\n", driver, PTR_ERR(tfm));
1913 SHASH_DESC_ON_STACK(shash, tfm);
1914 u32 *ctx = (u32 *)shash_desc_ctx(shash);
1920 err = crypto_shash_final(shash, (u8 *)&val);
1922 printk(KERN_ERR "alg: crc32c: Operation failed for "
1923 "%s: %d\n", driver, err);
1927 if (val != cpu_to_le32(~420553207)) {
1928 pr_err("alg: crc32c: Test failed for %s: %u\n",
1929 driver, le32_to_cpu(val));
1934 crypto_free_shash(tfm);
1940 static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver,
1943 struct crypto_rng *rng;
1946 rng = crypto_alloc_rng(driver, type, mask);
1948 printk(KERN_ERR "alg: cprng: Failed to load transform for %s: "
1949 "%ld\n", driver, PTR_ERR(rng));
1950 return PTR_ERR(rng);
1953 err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count);
1955 crypto_free_rng(rng);
1961 static int drbg_cavs_test(const struct drbg_testvec *test, int pr,
1962 const char *driver, u32 type, u32 mask)
1965 struct crypto_rng *drng;
1966 struct drbg_test_data test_data;
1967 struct drbg_string addtl, pers, testentropy;
1968 unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL);
1973 drng = crypto_alloc_rng(driver, type, mask);
1975 printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for "
1981 test_data.testentropy = &testentropy;
1982 drbg_string_fill(&testentropy, test->entropy, test->entropylen);
1983 drbg_string_fill(&pers, test->pers, test->perslen);
1984 ret = crypto_drbg_reset_test(drng, &pers, &test_data);
1986 printk(KERN_ERR "alg: drbg: Failed to reset rng\n");
1990 drbg_string_fill(&addtl, test->addtla, test->addtllen);
1992 drbg_string_fill(&testentropy, test->entpra, test->entprlen);
1993 ret = crypto_drbg_get_bytes_addtl_test(drng,
1994 buf, test->expectedlen, &addtl, &test_data);
1996 ret = crypto_drbg_get_bytes_addtl(drng,
1997 buf, test->expectedlen, &addtl);
2000 printk(KERN_ERR "alg: drbg: could not obtain random data for "
2001 "driver %s\n", driver);
2005 drbg_string_fill(&addtl, test->addtlb, test->addtllen);
2007 drbg_string_fill(&testentropy, test->entprb, test->entprlen);
2008 ret = crypto_drbg_get_bytes_addtl_test(drng,
2009 buf, test->expectedlen, &addtl, &test_data);
2011 ret = crypto_drbg_get_bytes_addtl(drng,
2012 buf, test->expectedlen, &addtl);
2015 printk(KERN_ERR "alg: drbg: could not obtain random data for "
2016 "driver %s\n", driver);
2020 ret = memcmp(test->expected, buf, test->expectedlen);
2023 crypto_free_rng(drng);
2029 static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver,
2035 const struct drbg_testvec *template = desc->suite.drbg.vecs;
2036 unsigned int tcount = desc->suite.drbg.count;
2038 if (0 == memcmp(driver, "drbg_pr_", 8))
2041 for (i = 0; i < tcount; i++) {
2042 err = drbg_cavs_test(&template[i], pr, driver, type, mask);
2044 printk(KERN_ERR "alg: drbg: Test %d failed for %s\n",
2054 static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,
2057 struct kpp_request *req;
2058 void *input_buf = NULL;
2059 void *output_buf = NULL;
2060 void *a_public = NULL;
2062 void *shared_secret = NULL;
2063 struct crypto_wait wait;
2064 unsigned int out_len_max;
2066 struct scatterlist src, dst;
2068 req = kpp_request_alloc(tfm, GFP_KERNEL);
2072 crypto_init_wait(&wait);
2074 err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size);
2078 out_len_max = crypto_kpp_maxsize(tfm);
2079 output_buf = kzalloc(out_len_max, GFP_KERNEL);
2085 /* Use appropriate parameter as base */
2086 kpp_request_set_input(req, NULL, 0);
2087 sg_init_one(&dst, output_buf, out_len_max);
2088 kpp_request_set_output(req, &dst, out_len_max);
2089 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2090 crypto_req_done, &wait);
2092 /* Compute party A's public key */
2093 err = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait);
2095 pr_err("alg: %s: Party A: generate public key test failed. err %d\n",
2101 /* Save party A's public key */
2102 a_public = kzalloc(out_len_max, GFP_KERNEL);
2107 memcpy(a_public, sg_virt(req->dst), out_len_max);
2109 /* Verify calculated public key */
2110 if (memcmp(vec->expected_a_public, sg_virt(req->dst),
2111 vec->expected_a_public_size)) {
2112 pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n",
2119 /* Calculate shared secret key by using counter part (b) public key. */
2120 input_buf = kzalloc(vec->b_public_size, GFP_KERNEL);
2126 memcpy(input_buf, vec->b_public, vec->b_public_size);
2127 sg_init_one(&src, input_buf, vec->b_public_size);
2128 sg_init_one(&dst, output_buf, out_len_max);
2129 kpp_request_set_input(req, &src, vec->b_public_size);
2130 kpp_request_set_output(req, &dst, out_len_max);
2131 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2132 crypto_req_done, &wait);
2133 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait);
2135 pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n",
2141 /* Save the shared secret obtained by party A */
2142 a_ss = kzalloc(vec->expected_ss_size, GFP_KERNEL);
2147 memcpy(a_ss, sg_virt(req->dst), vec->expected_ss_size);
2150 * Calculate party B's shared secret by using party A's
2153 err = crypto_kpp_set_secret(tfm, vec->b_secret,
2154 vec->b_secret_size);
2158 sg_init_one(&src, a_public, vec->expected_a_public_size);
2159 sg_init_one(&dst, output_buf, out_len_max);
2160 kpp_request_set_input(req, &src, vec->expected_a_public_size);
2161 kpp_request_set_output(req, &dst, out_len_max);
2162 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2163 crypto_req_done, &wait);
2164 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req),
2167 pr_err("alg: %s: Party B: compute shared secret failed. err %d\n",
2172 shared_secret = a_ss;
2174 shared_secret = (void *)vec->expected_ss;
2178 * verify shared secret from which the user will derive
2179 * secret key by executing whatever hash it has chosen
2181 if (memcmp(shared_secret, sg_virt(req->dst),
2182 vec->expected_ss_size)) {
2183 pr_err("alg: %s: compute shared secret test failed. Invalid output\n",
2195 kpp_request_free(req);
2199 static int test_kpp(struct crypto_kpp *tfm, const char *alg,
2200 const struct kpp_testvec *vecs, unsigned int tcount)
2204 for (i = 0; i < tcount; i++) {
2205 ret = do_test_kpp(tfm, vecs++, alg);
2207 pr_err("alg: %s: test failed on vector %d, err=%d\n",
2215 static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,
2218 struct crypto_kpp *tfm;
2221 tfm = crypto_alloc_kpp(driver, type, mask);
2223 pr_err("alg: kpp: Failed to load tfm for %s: %ld\n",
2224 driver, PTR_ERR(tfm));
2225 return PTR_ERR(tfm);
2227 if (desc->suite.kpp.vecs)
2228 err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs,
2229 desc->suite.kpp.count);
2231 crypto_free_kpp(tfm);
2235 static int test_akcipher_one(struct crypto_akcipher *tfm,
2236 const struct akcipher_testvec *vecs)
2238 char *xbuf[XBUFSIZE];
2239 struct akcipher_request *req;
2240 void *outbuf_enc = NULL;
2241 void *outbuf_dec = NULL;
2242 struct crypto_wait wait;
2243 unsigned int out_len_max, out_len = 0;
2245 struct scatterlist src, dst, src_tab[2];
2247 unsigned int m_size, c_size;
2250 if (testmgr_alloc_buf(xbuf))
2253 req = akcipher_request_alloc(tfm, GFP_KERNEL);
2257 crypto_init_wait(&wait);
2259 if (vecs->public_key_vec)
2260 err = crypto_akcipher_set_pub_key(tfm, vecs->key,
2263 err = crypto_akcipher_set_priv_key(tfm, vecs->key,
2269 out_len_max = crypto_akcipher_maxsize(tfm);
2272 * First run test which do not require a private key, such as
2273 * encrypt or verify.
2275 outbuf_enc = kzalloc(out_len_max, GFP_KERNEL);
2279 if (!vecs->siggen_sigver_test) {
2281 m_size = vecs->m_size;
2283 c_size = vecs->c_size;
2286 /* Swap args so we could keep plaintext (digest)
2287 * in vecs->m, and cooked signature in vecs->c.
2289 m = vecs->c; /* signature */
2290 m_size = vecs->c_size;
2291 c = vecs->m; /* digest */
2292 c_size = vecs->m_size;
2296 if (WARN_ON(m_size > PAGE_SIZE))
2298 memcpy(xbuf[0], m, m_size);
2300 sg_init_table(src_tab, 2);
2301 sg_set_buf(&src_tab[0], xbuf[0], 8);
2302 sg_set_buf(&src_tab[1], xbuf[0] + 8, m_size - 8);
2303 sg_init_one(&dst, outbuf_enc, out_len_max);
2304 akcipher_request_set_crypt(req, src_tab, &dst, m_size,
2306 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2307 crypto_req_done, &wait);
2309 err = crypto_wait_req(vecs->siggen_sigver_test ?
2310 /* Run asymmetric signature verification */
2311 crypto_akcipher_verify(req) :
2312 /* Run asymmetric encrypt */
2313 crypto_akcipher_encrypt(req), &wait);
2315 pr_err("alg: akcipher: %s test failed. err %d\n", op, err);
2318 if (req->dst_len != c_size) {
2319 pr_err("alg: akcipher: %s test failed. Invalid output len\n",
2324 /* verify that encrypted message is equal to expected */
2325 if (memcmp(c, outbuf_enc, c_size)) {
2326 pr_err("alg: akcipher: %s test failed. Invalid output\n", op);
2327 hexdump(outbuf_enc, c_size);
2333 * Don't invoke (decrypt or sign) test which require a private key
2334 * for vectors with only a public key.
2336 if (vecs->public_key_vec) {
2340 outbuf_dec = kzalloc(out_len_max, GFP_KERNEL);
2346 op = vecs->siggen_sigver_test ? "sign" : "decrypt";
2347 if (WARN_ON(c_size > PAGE_SIZE))
2349 memcpy(xbuf[0], c, c_size);
2351 sg_init_one(&src, xbuf[0], c_size);
2352 sg_init_one(&dst, outbuf_dec, out_len_max);
2353 crypto_init_wait(&wait);
2354 akcipher_request_set_crypt(req, &src, &dst, c_size, out_len_max);
2356 err = crypto_wait_req(vecs->siggen_sigver_test ?
2357 /* Run asymmetric signature generation */
2358 crypto_akcipher_sign(req) :
2359 /* Run asymmetric decrypt */
2360 crypto_akcipher_decrypt(req), &wait);
2362 pr_err("alg: akcipher: %s test failed. err %d\n", op, err);
2365 out_len = req->dst_len;
2366 if (out_len < m_size) {
2367 pr_err("alg: akcipher: %s test failed. Invalid output len %u\n",
2372 /* verify that decrypted message is equal to the original msg */
2373 if (memchr_inv(outbuf_dec, 0, out_len - m_size) ||
2374 memcmp(m, outbuf_dec + out_len - m_size, m_size)) {
2375 pr_err("alg: akcipher: %s test failed. Invalid output\n", op);
2376 hexdump(outbuf_dec, out_len);
2383 akcipher_request_free(req);
2385 testmgr_free_buf(xbuf);
2389 static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,
2390 const struct akcipher_testvec *vecs,
2391 unsigned int tcount)
2394 crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm));
2397 for (i = 0; i < tcount; i++) {
2398 ret = test_akcipher_one(tfm, vecs++);
2402 pr_err("alg: akcipher: test %d failed for %s, err=%d\n",
2409 static int alg_test_akcipher(const struct alg_test_desc *desc,
2410 const char *driver, u32 type, u32 mask)
2412 struct crypto_akcipher *tfm;
2415 tfm = crypto_alloc_akcipher(driver, type, mask);
2417 pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n",
2418 driver, PTR_ERR(tfm));
2419 return PTR_ERR(tfm);
2421 if (desc->suite.akcipher.vecs)
2422 err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs,
2423 desc->suite.akcipher.count);
2425 crypto_free_akcipher(tfm);
2429 static int alg_test_null(const struct alg_test_desc *desc,
2430 const char *driver, u32 type, u32 mask)
2435 #define __VECS(tv) { .vecs = tv, .count = ARRAY_SIZE(tv) }
2437 /* Please keep this list sorted by algorithm name. */
2438 static const struct alg_test_desc alg_test_descs[] = {
2440 .alg = "adiantum(xchacha12,aes)",
2441 .test = alg_test_skcipher,
2443 .cipher = __VECS(adiantum_xchacha12_aes_tv_template)
2446 .alg = "adiantum(xchacha20,aes)",
2447 .test = alg_test_skcipher,
2449 .cipher = __VECS(adiantum_xchacha20_aes_tv_template)
2453 .test = alg_test_aead,
2456 .enc = __VECS(aegis128_enc_tv_template),
2457 .dec = __VECS(aegis128_dec_tv_template),
2462 .test = alg_test_aead,
2465 .enc = __VECS(aegis128l_enc_tv_template),
2466 .dec = __VECS(aegis128l_dec_tv_template),
2471 .test = alg_test_aead,
2474 .enc = __VECS(aegis256_enc_tv_template),
2475 .dec = __VECS(aegis256_dec_tv_template),
2479 .alg = "ansi_cprng",
2480 .test = alg_test_cprng,
2482 .cprng = __VECS(ansi_cprng_aes_tv_template)
2485 .alg = "authenc(hmac(md5),ecb(cipher_null))",
2486 .test = alg_test_aead,
2489 .enc = __VECS(hmac_md5_ecb_cipher_null_enc_tv_template),
2490 .dec = __VECS(hmac_md5_ecb_cipher_null_dec_tv_template)
2494 .alg = "authenc(hmac(sha1),cbc(aes))",
2495 .test = alg_test_aead,
2499 .enc = __VECS(hmac_sha1_aes_cbc_enc_tv_temp)
2503 .alg = "authenc(hmac(sha1),cbc(des))",
2504 .test = alg_test_aead,
2507 .enc = __VECS(hmac_sha1_des_cbc_enc_tv_temp)
2511 .alg = "authenc(hmac(sha1),cbc(des3_ede))",
2512 .test = alg_test_aead,
2516 .enc = __VECS(hmac_sha1_des3_ede_cbc_enc_tv_temp)
2520 .alg = "authenc(hmac(sha1),ctr(aes))",
2521 .test = alg_test_null,
2524 .alg = "authenc(hmac(sha1),ecb(cipher_null))",
2525 .test = alg_test_aead,
2528 .enc = __VECS(hmac_sha1_ecb_cipher_null_enc_tv_temp),
2529 .dec = __VECS(hmac_sha1_ecb_cipher_null_dec_tv_temp)
2533 .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
2534 .test = alg_test_null,
2537 .alg = "authenc(hmac(sha224),cbc(des))",
2538 .test = alg_test_aead,
2541 .enc = __VECS(hmac_sha224_des_cbc_enc_tv_temp)
2545 .alg = "authenc(hmac(sha224),cbc(des3_ede))",
2546 .test = alg_test_aead,
2550 .enc = __VECS(hmac_sha224_des3_ede_cbc_enc_tv_temp)
2554 .alg = "authenc(hmac(sha256),cbc(aes))",
2555 .test = alg_test_aead,
2559 .enc = __VECS(hmac_sha256_aes_cbc_enc_tv_temp)
2563 .alg = "authenc(hmac(sha256),cbc(des))",
2564 .test = alg_test_aead,
2567 .enc = __VECS(hmac_sha256_des_cbc_enc_tv_temp)
2571 .alg = "authenc(hmac(sha256),cbc(des3_ede))",
2572 .test = alg_test_aead,
2576 .enc = __VECS(hmac_sha256_des3_ede_cbc_enc_tv_temp)
2580 .alg = "authenc(hmac(sha256),ctr(aes))",
2581 .test = alg_test_null,
2584 .alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
2585 .test = alg_test_null,
2588 .alg = "authenc(hmac(sha384),cbc(des))",
2589 .test = alg_test_aead,
2592 .enc = __VECS(hmac_sha384_des_cbc_enc_tv_temp)
2596 .alg = "authenc(hmac(sha384),cbc(des3_ede))",
2597 .test = alg_test_aead,
2601 .enc = __VECS(hmac_sha384_des3_ede_cbc_enc_tv_temp)
2605 .alg = "authenc(hmac(sha384),ctr(aes))",
2606 .test = alg_test_null,
2609 .alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
2610 .test = alg_test_null,
2613 .alg = "authenc(hmac(sha512),cbc(aes))",
2615 .test = alg_test_aead,
2618 .enc = __VECS(hmac_sha512_aes_cbc_enc_tv_temp)
2622 .alg = "authenc(hmac(sha512),cbc(des))",
2623 .test = alg_test_aead,
2626 .enc = __VECS(hmac_sha512_des_cbc_enc_tv_temp)
2630 .alg = "authenc(hmac(sha512),cbc(des3_ede))",
2631 .test = alg_test_aead,
2635 .enc = __VECS(hmac_sha512_des3_ede_cbc_enc_tv_temp)
2639 .alg = "authenc(hmac(sha512),ctr(aes))",
2640 .test = alg_test_null,
2643 .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
2644 .test = alg_test_null,
2648 .test = alg_test_skcipher,
2651 .cipher = __VECS(aes_cbc_tv_template)
2654 .alg = "cbc(anubis)",
2655 .test = alg_test_skcipher,
2657 .cipher = __VECS(anubis_cbc_tv_template)
2660 .alg = "cbc(blowfish)",
2661 .test = alg_test_skcipher,
2663 .cipher = __VECS(bf_cbc_tv_template)
2666 .alg = "cbc(camellia)",
2667 .test = alg_test_skcipher,
2669 .cipher = __VECS(camellia_cbc_tv_template)
2672 .alg = "cbc(cast5)",
2673 .test = alg_test_skcipher,
2675 .cipher = __VECS(cast5_cbc_tv_template)
2678 .alg = "cbc(cast6)",
2679 .test = alg_test_skcipher,
2681 .cipher = __VECS(cast6_cbc_tv_template)
2685 .test = alg_test_skcipher,
2687 .cipher = __VECS(des_cbc_tv_template)
2690 .alg = "cbc(des3_ede)",
2691 .test = alg_test_skcipher,
2694 .cipher = __VECS(des3_ede_cbc_tv_template)
2697 /* Same as cbc(aes) except the key is stored in
2698 * hardware secure memory which we reference by index
2701 .test = alg_test_null,
2704 .alg = "cbc(serpent)",
2705 .test = alg_test_skcipher,
2707 .cipher = __VECS(serpent_cbc_tv_template)
2711 .test = alg_test_skcipher,
2713 .cipher = __VECS(sm4_cbc_tv_template)
2716 .alg = "cbc(twofish)",
2717 .test = alg_test_skcipher,
2719 .cipher = __VECS(tf_cbc_tv_template)
2722 .alg = "cbcmac(aes)",
2724 .test = alg_test_hash,
2726 .hash = __VECS(aes_cbcmac_tv_template)
2730 .test = alg_test_aead,
2734 .enc = __VECS(aes_ccm_enc_tv_template),
2735 .dec = __VECS(aes_ccm_dec_tv_template)
2740 .test = alg_test_skcipher,
2743 .cipher = __VECS(aes_cfb_tv_template)
2747 .test = alg_test_skcipher,
2749 .cipher = __VECS(chacha20_tv_template)
2754 .test = alg_test_hash,
2756 .hash = __VECS(aes_cmac128_tv_template)
2759 .alg = "cmac(des3_ede)",
2761 .test = alg_test_hash,
2763 .hash = __VECS(des3_ede_cmac64_tv_template)
2766 .alg = "compress_null",
2767 .test = alg_test_null,
2770 .test = alg_test_hash,
2772 .hash = __VECS(crc32_tv_template)
2776 .test = alg_test_crc32c,
2779 .hash = __VECS(crc32c_tv_template)
2783 .test = alg_test_hash,
2786 .hash = __VECS(crct10dif_tv_template)
2790 .test = alg_test_skcipher,
2793 .cipher = __VECS(aes_ctr_tv_template)
2796 .alg = "ctr(blowfish)",
2797 .test = alg_test_skcipher,
2799 .cipher = __VECS(bf_ctr_tv_template)
2802 .alg = "ctr(camellia)",
2803 .test = alg_test_skcipher,
2805 .cipher = __VECS(camellia_ctr_tv_template)
2808 .alg = "ctr(cast5)",
2809 .test = alg_test_skcipher,
2811 .cipher = __VECS(cast5_ctr_tv_template)
2814 .alg = "ctr(cast6)",
2815 .test = alg_test_skcipher,
2817 .cipher = __VECS(cast6_ctr_tv_template)
2821 .test = alg_test_skcipher,
2823 .cipher = __VECS(des_ctr_tv_template)
2826 .alg = "ctr(des3_ede)",
2827 .test = alg_test_skcipher,
2830 .cipher = __VECS(des3_ede_ctr_tv_template)
2833 /* Same as ctr(aes) except the key is stored in
2834 * hardware secure memory which we reference by index
2837 .test = alg_test_null,
2840 .alg = "ctr(serpent)",
2841 .test = alg_test_skcipher,
2843 .cipher = __VECS(serpent_ctr_tv_template)
2847 .test = alg_test_skcipher,
2849 .cipher = __VECS(sm4_ctr_tv_template)
2852 .alg = "ctr(twofish)",
2853 .test = alg_test_skcipher,
2855 .cipher = __VECS(tf_ctr_tv_template)
2858 .alg = "cts(cbc(aes))",
2859 .test = alg_test_skcipher,
2862 .cipher = __VECS(cts_mode_tv_template)
2866 .test = alg_test_comp,
2870 .comp = __VECS(deflate_comp_tv_template),
2871 .decomp = __VECS(deflate_decomp_tv_template)
2876 .test = alg_test_kpp,
2879 .kpp = __VECS(dh_tv_template)
2882 .alg = "digest_null",
2883 .test = alg_test_null,
2885 .alg = "drbg_nopr_ctr_aes128",
2886 .test = alg_test_drbg,
2889 .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template)
2892 .alg = "drbg_nopr_ctr_aes192",
2893 .test = alg_test_drbg,
2896 .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template)
2899 .alg = "drbg_nopr_ctr_aes256",
2900 .test = alg_test_drbg,
2903 .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template)
2907 * There is no need to specifically test the DRBG with every
2908 * backend cipher -- covered by drbg_nopr_hmac_sha256 test
2910 .alg = "drbg_nopr_hmac_sha1",
2912 .test = alg_test_null,
2914 .alg = "drbg_nopr_hmac_sha256",
2915 .test = alg_test_drbg,
2918 .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template)
2921 /* covered by drbg_nopr_hmac_sha256 test */
2922 .alg = "drbg_nopr_hmac_sha384",
2924 .test = alg_test_null,
2926 .alg = "drbg_nopr_hmac_sha512",
2927 .test = alg_test_null,
2930 .alg = "drbg_nopr_sha1",
2932 .test = alg_test_null,
2934 .alg = "drbg_nopr_sha256",
2935 .test = alg_test_drbg,
2938 .drbg = __VECS(drbg_nopr_sha256_tv_template)
2941 /* covered by drbg_nopr_sha256 test */
2942 .alg = "drbg_nopr_sha384",
2944 .test = alg_test_null,
2946 .alg = "drbg_nopr_sha512",
2948 .test = alg_test_null,
2950 .alg = "drbg_pr_ctr_aes128",
2951 .test = alg_test_drbg,
2954 .drbg = __VECS(drbg_pr_ctr_aes128_tv_template)
2957 /* covered by drbg_pr_ctr_aes128 test */
2958 .alg = "drbg_pr_ctr_aes192",
2960 .test = alg_test_null,
2962 .alg = "drbg_pr_ctr_aes256",
2964 .test = alg_test_null,
2966 .alg = "drbg_pr_hmac_sha1",
2968 .test = alg_test_null,
2970 .alg = "drbg_pr_hmac_sha256",
2971 .test = alg_test_drbg,
2974 .drbg = __VECS(drbg_pr_hmac_sha256_tv_template)
2977 /* covered by drbg_pr_hmac_sha256 test */
2978 .alg = "drbg_pr_hmac_sha384",
2980 .test = alg_test_null,
2982 .alg = "drbg_pr_hmac_sha512",
2983 .test = alg_test_null,
2986 .alg = "drbg_pr_sha1",
2988 .test = alg_test_null,
2990 .alg = "drbg_pr_sha256",
2991 .test = alg_test_drbg,
2994 .drbg = __VECS(drbg_pr_sha256_tv_template)
2997 /* covered by drbg_pr_sha256 test */
2998 .alg = "drbg_pr_sha384",
3000 .test = alg_test_null,
3002 .alg = "drbg_pr_sha512",
3004 .test = alg_test_null,
3007 .test = alg_test_skcipher,
3010 .cipher = __VECS(aes_tv_template)
3013 .alg = "ecb(anubis)",
3014 .test = alg_test_skcipher,
3016 .cipher = __VECS(anubis_tv_template)
3020 .test = alg_test_skcipher,
3022 .cipher = __VECS(arc4_tv_template)
3025 .alg = "ecb(blowfish)",
3026 .test = alg_test_skcipher,
3028 .cipher = __VECS(bf_tv_template)
3031 .alg = "ecb(camellia)",
3032 .test = alg_test_skcipher,
3034 .cipher = __VECS(camellia_tv_template)
3037 .alg = "ecb(cast5)",
3038 .test = alg_test_skcipher,
3040 .cipher = __VECS(cast5_tv_template)
3043 .alg = "ecb(cast6)",
3044 .test = alg_test_skcipher,
3046 .cipher = __VECS(cast6_tv_template)
3049 .alg = "ecb(cipher_null)",
3050 .test = alg_test_null,
3054 .test = alg_test_skcipher,
3056 .cipher = __VECS(des_tv_template)
3059 .alg = "ecb(des3_ede)",
3060 .test = alg_test_skcipher,
3063 .cipher = __VECS(des3_ede_tv_template)
3066 .alg = "ecb(fcrypt)",
3067 .test = alg_test_skcipher,
3070 .vecs = fcrypt_pcbc_tv_template,
3075 .alg = "ecb(khazad)",
3076 .test = alg_test_skcipher,
3078 .cipher = __VECS(khazad_tv_template)
3081 /* Same as ecb(aes) except the key is stored in
3082 * hardware secure memory which we reference by index
3085 .test = alg_test_null,
3089 .test = alg_test_skcipher,
3091 .cipher = __VECS(seed_tv_template)
3094 .alg = "ecb(serpent)",
3095 .test = alg_test_skcipher,
3097 .cipher = __VECS(serpent_tv_template)
3101 .test = alg_test_skcipher,
3103 .cipher = __VECS(sm4_tv_template)
3107 .test = alg_test_skcipher,
3109 .cipher = __VECS(tea_tv_template)
3112 .alg = "ecb(tnepres)",
3113 .test = alg_test_skcipher,
3115 .cipher = __VECS(tnepres_tv_template)
3118 .alg = "ecb(twofish)",
3119 .test = alg_test_skcipher,
3121 .cipher = __VECS(tf_tv_template)
3125 .test = alg_test_skcipher,
3127 .cipher = __VECS(xeta_tv_template)
3131 .test = alg_test_skcipher,
3133 .cipher = __VECS(xtea_tv_template)
3137 .test = alg_test_kpp,
3140 .kpp = __VECS(ecdh_tv_template)
3144 .test = alg_test_aead,
3148 .enc = __VECS(aes_gcm_enc_tv_template),
3149 .dec = __VECS(aes_gcm_dec_tv_template)
3154 .test = alg_test_hash,
3157 .hash = __VECS(ghash_tv_template)
3161 .test = alg_test_hash,
3163 .hash = __VECS(hmac_md5_tv_template)
3166 .alg = "hmac(rmd128)",
3167 .test = alg_test_hash,
3169 .hash = __VECS(hmac_rmd128_tv_template)
3172 .alg = "hmac(rmd160)",
3173 .test = alg_test_hash,
3175 .hash = __VECS(hmac_rmd160_tv_template)
3178 .alg = "hmac(sha1)",
3179 .test = alg_test_hash,
3182 .hash = __VECS(hmac_sha1_tv_template)
3185 .alg = "hmac(sha224)",
3186 .test = alg_test_hash,
3189 .hash = __VECS(hmac_sha224_tv_template)
3192 .alg = "hmac(sha256)",
3193 .test = alg_test_hash,
3196 .hash = __VECS(hmac_sha256_tv_template)
3199 .alg = "hmac(sha3-224)",
3200 .test = alg_test_hash,
3203 .hash = __VECS(hmac_sha3_224_tv_template)
3206 .alg = "hmac(sha3-256)",
3207 .test = alg_test_hash,
3210 .hash = __VECS(hmac_sha3_256_tv_template)
3213 .alg = "hmac(sha3-384)",
3214 .test = alg_test_hash,
3217 .hash = __VECS(hmac_sha3_384_tv_template)
3220 .alg = "hmac(sha3-512)",
3221 .test = alg_test_hash,
3224 .hash = __VECS(hmac_sha3_512_tv_template)
3227 .alg = "hmac(sha384)",
3228 .test = alg_test_hash,
3231 .hash = __VECS(hmac_sha384_tv_template)
3234 .alg = "hmac(sha512)",
3235 .test = alg_test_hash,
3238 .hash = __VECS(hmac_sha512_tv_template)
3241 .alg = "hmac(streebog256)",
3242 .test = alg_test_hash,
3244 .hash = __VECS(hmac_streebog256_tv_template)
3247 .alg = "hmac(streebog512)",
3248 .test = alg_test_hash,
3250 .hash = __VECS(hmac_streebog512_tv_template)
3253 .alg = "jitterentropy_rng",
3255 .test = alg_test_null,
3258 .test = alg_test_skcipher,
3261 .cipher = __VECS(aes_kw_tv_template)
3265 .test = alg_test_skcipher,
3267 .cipher = __VECS(aes_lrw_tv_template)
3270 .alg = "lrw(camellia)",
3271 .test = alg_test_skcipher,
3273 .cipher = __VECS(camellia_lrw_tv_template)
3276 .alg = "lrw(cast6)",
3277 .test = alg_test_skcipher,
3279 .cipher = __VECS(cast6_lrw_tv_template)
3282 .alg = "lrw(serpent)",
3283 .test = alg_test_skcipher,
3285 .cipher = __VECS(serpent_lrw_tv_template)
3288 .alg = "lrw(twofish)",
3289 .test = alg_test_skcipher,
3291 .cipher = __VECS(tf_lrw_tv_template)
3295 .test = alg_test_comp,
3299 .comp = __VECS(lz4_comp_tv_template),
3300 .decomp = __VECS(lz4_decomp_tv_template)
3305 .test = alg_test_comp,
3309 .comp = __VECS(lz4hc_comp_tv_template),
3310 .decomp = __VECS(lz4hc_decomp_tv_template)
3315 .test = alg_test_comp,
3319 .comp = __VECS(lzo_comp_tv_template),
3320 .decomp = __VECS(lzo_decomp_tv_template)
3325 .test = alg_test_hash,
3327 .hash = __VECS(md4_tv_template)
3331 .test = alg_test_hash,
3333 .hash = __VECS(md5_tv_template)
3336 .alg = "michael_mic",
3337 .test = alg_test_hash,
3339 .hash = __VECS(michael_mic_tv_template)
3343 .test = alg_test_aead,
3346 .enc = __VECS(morus1280_enc_tv_template),
3347 .dec = __VECS(morus1280_dec_tv_template),
3352 .test = alg_test_aead,
3355 .enc = __VECS(morus640_enc_tv_template),
3356 .dec = __VECS(morus640_dec_tv_template),
3360 .alg = "nhpoly1305",
3361 .test = alg_test_hash,
3363 .hash = __VECS(nhpoly1305_tv_template)
3367 .test = alg_test_skcipher,
3370 .cipher = __VECS(aes_ofb_tv_template)
3373 /* Same as ofb(aes) except the key is stored in
3374 * hardware secure memory which we reference by index
3377 .test = alg_test_null,
3380 .alg = "pcbc(fcrypt)",
3381 .test = alg_test_skcipher,
3383 .cipher = __VECS(fcrypt_pcbc_tv_template)
3386 .alg = "pkcs1pad(rsa,sha224)",
3387 .test = alg_test_null,
3390 .alg = "pkcs1pad(rsa,sha256)",
3391 .test = alg_test_akcipher,
3394 .akcipher = __VECS(pkcs1pad_rsa_tv_template)
3397 .alg = "pkcs1pad(rsa,sha384)",
3398 .test = alg_test_null,
3401 .alg = "pkcs1pad(rsa,sha512)",
3402 .test = alg_test_null,
3406 .test = alg_test_hash,
3408 .hash = __VECS(poly1305_tv_template)
3411 .alg = "rfc3686(ctr(aes))",
3412 .test = alg_test_skcipher,
3415 .cipher = __VECS(aes_ctr_rfc3686_tv_template)
3418 .alg = "rfc4106(gcm(aes))",
3419 .test = alg_test_aead,
3423 .enc = __VECS(aes_gcm_rfc4106_enc_tv_template),
3424 .dec = __VECS(aes_gcm_rfc4106_dec_tv_template)
3428 .alg = "rfc4309(ccm(aes))",
3429 .test = alg_test_aead,
3433 .enc = __VECS(aes_ccm_rfc4309_enc_tv_template),
3434 .dec = __VECS(aes_ccm_rfc4309_dec_tv_template)
3438 .alg = "rfc4543(gcm(aes))",
3439 .test = alg_test_aead,
3442 .enc = __VECS(aes_gcm_rfc4543_enc_tv_template),
3443 .dec = __VECS(aes_gcm_rfc4543_dec_tv_template),
3447 .alg = "rfc7539(chacha20,poly1305)",
3448 .test = alg_test_aead,
3451 .enc = __VECS(rfc7539_enc_tv_template),
3452 .dec = __VECS(rfc7539_dec_tv_template),
3456 .alg = "rfc7539esp(chacha20,poly1305)",
3457 .test = alg_test_aead,
3460 .enc = __VECS(rfc7539esp_enc_tv_template),
3461 .dec = __VECS(rfc7539esp_dec_tv_template),
3466 .test = alg_test_hash,
3468 .hash = __VECS(rmd128_tv_template)
3472 .test = alg_test_hash,
3474 .hash = __VECS(rmd160_tv_template)
3478 .test = alg_test_hash,
3480 .hash = __VECS(rmd256_tv_template)
3484 .test = alg_test_hash,
3486 .hash = __VECS(rmd320_tv_template)
3490 .test = alg_test_akcipher,
3493 .akcipher = __VECS(rsa_tv_template)
3497 .test = alg_test_skcipher,
3499 .cipher = __VECS(salsa20_stream_tv_template)
3503 .test = alg_test_hash,
3506 .hash = __VECS(sha1_tv_template)
3510 .test = alg_test_hash,
3513 .hash = __VECS(sha224_tv_template)
3517 .test = alg_test_hash,
3520 .hash = __VECS(sha256_tv_template)
3524 .test = alg_test_hash,
3527 .hash = __VECS(sha3_224_tv_template)
3531 .test = alg_test_hash,
3534 .hash = __VECS(sha3_256_tv_template)
3538 .test = alg_test_hash,
3541 .hash = __VECS(sha3_384_tv_template)
3545 .test = alg_test_hash,
3548 .hash = __VECS(sha3_512_tv_template)
3552 .test = alg_test_hash,
3555 .hash = __VECS(sha384_tv_template)
3559 .test = alg_test_hash,
3562 .hash = __VECS(sha512_tv_template)
3566 .test = alg_test_hash,
3568 .hash = __VECS(sm3_tv_template)
3571 .alg = "streebog256",
3572 .test = alg_test_hash,
3574 .hash = __VECS(streebog256_tv_template)
3577 .alg = "streebog512",
3578 .test = alg_test_hash,
3580 .hash = __VECS(streebog512_tv_template)
3584 .test = alg_test_hash,
3586 .hash = __VECS(tgr128_tv_template)
3590 .test = alg_test_hash,
3592 .hash = __VECS(tgr160_tv_template)
3596 .test = alg_test_hash,
3598 .hash = __VECS(tgr192_tv_template)
3601 .alg = "vmac64(aes)",
3602 .test = alg_test_hash,
3604 .hash = __VECS(vmac64_aes_tv_template)
3608 .test = alg_test_hash,
3610 .hash = __VECS(wp256_tv_template)
3614 .test = alg_test_hash,
3616 .hash = __VECS(wp384_tv_template)
3620 .test = alg_test_hash,
3622 .hash = __VECS(wp512_tv_template)
3626 .test = alg_test_hash,
3628 .hash = __VECS(aes_xcbc128_tv_template)
3632 .test = alg_test_skcipher,
3634 .cipher = __VECS(xchacha12_tv_template)
3638 .test = alg_test_skcipher,
3640 .cipher = __VECS(xchacha20_tv_template)
3644 .test = alg_test_skcipher,
3647 .cipher = __VECS(aes_xts_tv_template)
3650 .alg = "xts(camellia)",
3651 .test = alg_test_skcipher,
3653 .cipher = __VECS(camellia_xts_tv_template)
3656 .alg = "xts(cast6)",
3657 .test = alg_test_skcipher,
3659 .cipher = __VECS(cast6_xts_tv_template)
3662 /* Same as xts(aes) except the key is stored in
3663 * hardware secure memory which we reference by index
3666 .test = alg_test_null,
3669 .alg = "xts(serpent)",
3670 .test = alg_test_skcipher,
3672 .cipher = __VECS(serpent_xts_tv_template)
3675 .alg = "xts(twofish)",
3676 .test = alg_test_skcipher,
3678 .cipher = __VECS(tf_xts_tv_template)
3681 .alg = "xts4096(paes)",
3682 .test = alg_test_null,
3685 .alg = "xts512(paes)",
3686 .test = alg_test_null,
3689 .alg = "zlib-deflate",
3690 .test = alg_test_comp,
3694 .comp = __VECS(zlib_deflate_comp_tv_template),
3695 .decomp = __VECS(zlib_deflate_decomp_tv_template)
3700 .test = alg_test_comp,
3704 .comp = __VECS(zstd_comp_tv_template),
3705 .decomp = __VECS(zstd_decomp_tv_template)
3711 static bool alg_test_descs_checked;
3713 static void alg_test_descs_check_order(void)
3717 /* only check once */
3718 if (alg_test_descs_checked)
3721 alg_test_descs_checked = true;
3723 for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) {
3724 int diff = strcmp(alg_test_descs[i - 1].alg,
3725 alg_test_descs[i].alg);
3727 if (WARN_ON(diff > 0)) {
3728 pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n",
3729 alg_test_descs[i - 1].alg,
3730 alg_test_descs[i].alg);
3733 if (WARN_ON(diff == 0)) {
3734 pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n",
3735 alg_test_descs[i].alg);
3740 static int alg_find_test(const char *alg)
3743 int end = ARRAY_SIZE(alg_test_descs);
3745 while (start < end) {
3746 int i = (start + end) / 2;
3747 int diff = strcmp(alg_test_descs[i].alg, alg);
3765 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
3771 if (!fips_enabled && notests) {
3772 printk_once(KERN_INFO "alg: self-tests disabled\n");
3776 alg_test_descs_check_order();
3778 if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
3779 char nalg[CRYPTO_MAX_ALG_NAME];
3781 if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >=
3783 return -ENAMETOOLONG;
3785 i = alg_find_test(nalg);
3789 if (fips_enabled && !alg_test_descs[i].fips_allowed)
3792 rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
3796 i = alg_find_test(alg);
3797 j = alg_find_test(driver);
3801 if (fips_enabled && ((i >= 0 && !alg_test_descs[i].fips_allowed) ||
3802 (j >= 0 && !alg_test_descs[j].fips_allowed)))
3807 rc |= alg_test_descs[i].test(alg_test_descs + i, driver,
3809 if (j >= 0 && j != i)
3810 rc |= alg_test_descs[j].test(alg_test_descs + j, driver,
3814 if (fips_enabled && rc)
3815 panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
3817 if (fips_enabled && !rc)
3818 pr_info("alg: self-tests for %s (%s) passed\n", driver, alg);
3823 printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
3829 #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */
3831 EXPORT_SYMBOL_GPL(alg_test);