1 /* 2 * Algorithm testing framework and tests. 3 * 4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> 5 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org> 6 * Copyright (c) 2007 Nokia Siemens Networks 7 * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au> 8 * 9 * Updated RFC4106 AES-GCM testing. 10 * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com) 11 * Adrian Hoban <adrian.hoban@intel.com> 12 * Gabriele Paoloni <gabriele.paoloni@intel.com> 13 * Tadeusz Struk (tadeusz.struk@intel.com) 14 * Copyright (c) 2010, Intel Corporation. 15 * 16 * This program is free software; you can redistribute it and/or modify it 17 * under the terms of the GNU General Public License as published by the Free 18 * Software Foundation; either version 2 of the License, or (at your option) 19 * any later version. 20 * 21 */ 22 23 #include <crypto/aead.h> 24 #include <crypto/hash.h> 25 #include <crypto/skcipher.h> 26 #include <linux/err.h> 27 #include <linux/fips.h> 28 #include <linux/module.h> 29 #include <linux/scatterlist.h> 30 #include <linux/slab.h> 31 #include <linux/string.h> 32 #include <crypto/rng.h> 33 #include <crypto/drbg.h> 34 #include <crypto/akcipher.h> 35 #include <crypto/kpp.h> 36 #include <crypto/acompress.h> 37 38 #include "internal.h" 39 40 static bool notests; 41 module_param(notests, bool, 0644); 42 MODULE_PARM_DESC(notests, "disable crypto self-tests"); 43 44 #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS 45 46 /* a perfect nop */ 47 int alg_test(const char *driver, const char *alg, u32 type, u32 mask) 48 { 49 return 0; 50 } 51 52 #else 53 54 #include "testmgr.h" 55 56 /* 57 * Need slab memory for testing (size in number of pages). 58 */ 59 #define XBUFSIZE 8 60 61 /* 62 * Indexes into the xbuf to simulate cross-page access. 63 */ 64 #define IDX1 32 65 #define IDX2 32400 66 #define IDX3 1511 67 #define IDX4 8193 68 #define IDX5 22222 69 #define IDX6 17101 70 #define IDX7 27333 71 #define IDX8 3000 72 73 /* 74 * Used by test_cipher() 75 */ 76 #define ENCRYPT 1 77 #define DECRYPT 0 78 79 struct aead_test_suite { 80 struct { 81 const struct aead_testvec *vecs; 82 unsigned int count; 83 } enc, dec; 84 }; 85 86 struct cipher_test_suite { 87 struct { 88 const struct cipher_testvec *vecs; 89 unsigned int count; 90 } enc, dec; 91 }; 92 93 struct comp_test_suite { 94 struct { 95 const struct comp_testvec *vecs; 96 unsigned int count; 97 } comp, decomp; 98 }; 99 100 struct hash_test_suite { 101 const struct hash_testvec *vecs; 102 unsigned int count; 103 }; 104 105 struct cprng_test_suite { 106 const struct cprng_testvec *vecs; 107 unsigned int count; 108 }; 109 110 struct drbg_test_suite { 111 const struct drbg_testvec *vecs; 112 unsigned int count; 113 }; 114 115 struct akcipher_test_suite { 116 const struct akcipher_testvec *vecs; 117 unsigned int count; 118 }; 119 120 struct kpp_test_suite { 121 const struct kpp_testvec *vecs; 122 unsigned int count; 123 }; 124 125 struct alg_test_desc { 126 const char *alg; 127 int (*test)(const struct alg_test_desc *desc, const char *driver, 128 u32 type, u32 mask); 129 int fips_allowed; /* set if alg is allowed in fips mode */ 130 131 union { 132 struct aead_test_suite aead; 133 struct cipher_test_suite cipher; 134 struct comp_test_suite comp; 135 struct hash_test_suite hash; 136 struct cprng_test_suite cprng; 137 struct drbg_test_suite drbg; 138 struct akcipher_test_suite akcipher; 139 struct kpp_test_suite kpp; 140 } suite; 141 }; 142 143 static const unsigned int IDX[8] = { 144 IDX1, IDX2, IDX3, IDX4, IDX5, IDX6, IDX7, IDX8 }; 145 146 static void hexdump(unsigned char *buf, unsigned int len) 147 { 148 print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET, 149 16, 1, 150 buf, len, false); 151 } 152 153 static int testmgr_alloc_buf(char *buf[XBUFSIZE]) 154 { 155 int i; 156 157 for (i = 0; i < XBUFSIZE; i++) { 158 buf[i] = (void *)__get_free_page(GFP_KERNEL); 159 if (!buf[i]) 160 goto err_free_buf; 161 } 162 163 return 0; 164 165 err_free_buf: 166 while (i-- > 0) 167 free_page((unsigned long)buf[i]); 168 169 return -ENOMEM; 170 } 171 172 static void testmgr_free_buf(char *buf[XBUFSIZE]) 173 { 174 int i; 175 176 for (i = 0; i < XBUFSIZE; i++) 177 free_page((unsigned long)buf[i]); 178 } 179 180 static int ahash_guard_result(char *result, char c, int size) 181 { 182 int i; 183 184 for (i = 0; i < size; i++) { 185 if (result[i] != c) 186 return -EINVAL; 187 } 188 189 return 0; 190 } 191 192 static int ahash_partial_update(struct ahash_request **preq, 193 struct crypto_ahash *tfm, const struct hash_testvec *template, 194 void *hash_buff, int k, int temp, struct scatterlist *sg, 195 const char *algo, char *result, struct crypto_wait *wait) 196 { 197 char *state; 198 struct ahash_request *req; 199 int statesize, ret = -EINVAL; 200 static const unsigned char guard[] = { 0x00, 0xba, 0xad, 0x00 }; 201 int digestsize = crypto_ahash_digestsize(tfm); 202 203 req = *preq; 204 statesize = crypto_ahash_statesize( 205 crypto_ahash_reqtfm(req)); 206 state = kmalloc(statesize + sizeof(guard), GFP_KERNEL); 207 if (!state) { 208 pr_err("alg: hash: Failed to alloc state for %s\n", algo); 209 goto out_nostate; 210 } 211 memcpy(state + statesize, guard, sizeof(guard)); 212 memset(result, 1, digestsize); 213 ret = crypto_ahash_export(req, state); 214 WARN_ON(memcmp(state + statesize, guard, sizeof(guard))); 215 if (ret) { 216 pr_err("alg: hash: Failed to export() for %s\n", algo); 217 goto out; 218 } 219 ret = ahash_guard_result(result, 1, digestsize); 220 if (ret) { 221 pr_err("alg: hash: Failed, export used req->result for %s\n", 222 algo); 223 goto out; 224 } 225 ahash_request_free(req); 226 req = ahash_request_alloc(tfm, GFP_KERNEL); 227 if (!req) { 228 pr_err("alg: hash: Failed to alloc request for %s\n", algo); 229 goto out_noreq; 230 } 231 ahash_request_set_callback(req, 232 CRYPTO_TFM_REQ_MAY_BACKLOG, 233 crypto_req_done, wait); 234 235 memcpy(hash_buff, template->plaintext + temp, 236 template->tap[k]); 237 sg_init_one(&sg[0], hash_buff, template->tap[k]); 238 ahash_request_set_crypt(req, sg, result, template->tap[k]); 239 ret = crypto_ahash_import(req, state); 240 if (ret) { 241 pr_err("alg: hash: Failed to import() for %s\n", algo); 242 goto out; 243 } 244 ret = ahash_guard_result(result, 1, digestsize); 245 if (ret) { 246 pr_err("alg: hash: Failed, import used req->result for %s\n", 247 algo); 248 goto out; 249 } 250 ret = crypto_wait_req(crypto_ahash_update(req), wait); 251 if (ret) 252 goto out; 253 *preq = req; 254 ret = 0; 255 goto out_noreq; 256 out: 257 ahash_request_free(req); 258 out_noreq: 259 kfree(state); 260 out_nostate: 261 return ret; 262 } 263 264 static int __test_hash(struct crypto_ahash *tfm, 265 const struct hash_testvec *template, unsigned int tcount, 266 bool use_digest, const int align_offset) 267 { 268 const char *algo = crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm)); 269 size_t digest_size = crypto_ahash_digestsize(tfm); 270 unsigned int i, j, k, temp; 271 struct scatterlist sg[8]; 272 char *result; 273 char *key; 274 struct ahash_request *req; 275 struct crypto_wait wait; 276 void *hash_buff; 277 char *xbuf[XBUFSIZE]; 278 int ret = -ENOMEM; 279 280 result = kmalloc(digest_size, GFP_KERNEL); 281 if (!result) 282 return ret; 283 key = kmalloc(MAX_KEYLEN, GFP_KERNEL); 284 if (!key) 285 goto out_nobuf; 286 if (testmgr_alloc_buf(xbuf)) 287 goto out_nobuf; 288 289 crypto_init_wait(&wait); 290 291 req = ahash_request_alloc(tfm, GFP_KERNEL); 292 if (!req) { 293 printk(KERN_ERR "alg: hash: Failed to allocate request for " 294 "%s\n", algo); 295 goto out_noreq; 296 } 297 ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 298 crypto_req_done, &wait); 299 300 j = 0; 301 for (i = 0; i < tcount; i++) { 302 if (template[i].np) 303 continue; 304 305 ret = -EINVAL; 306 if (WARN_ON(align_offset + template[i].psize > PAGE_SIZE)) 307 goto out; 308 309 j++; 310 memset(result, 0, digest_size); 311 312 hash_buff = xbuf[0]; 313 hash_buff += align_offset; 314 315 memcpy(hash_buff, template[i].plaintext, template[i].psize); 316 sg_init_one(&sg[0], hash_buff, template[i].psize); 317 318 if (template[i].ksize) { 319 crypto_ahash_clear_flags(tfm, ~0); 320 if (template[i].ksize > MAX_KEYLEN) { 321 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n", 322 j, algo, template[i].ksize, MAX_KEYLEN); 323 ret = -EINVAL; 324 goto out; 325 } 326 memcpy(key, template[i].key, template[i].ksize); 327 ret = crypto_ahash_setkey(tfm, key, template[i].ksize); 328 if (ret) { 329 printk(KERN_ERR "alg: hash: setkey failed on " 330 "test %d for %s: ret=%d\n", j, algo, 331 -ret); 332 goto out; 333 } 334 } 335 336 ahash_request_set_crypt(req, sg, result, template[i].psize); 337 if (use_digest) { 338 ret = crypto_wait_req(crypto_ahash_digest(req), &wait); 339 if (ret) { 340 pr_err("alg: hash: digest failed on test %d " 341 "for %s: ret=%d\n", j, algo, -ret); 342 goto out; 343 } 344 } else { 345 memset(result, 1, digest_size); 346 ret = crypto_wait_req(crypto_ahash_init(req), &wait); 347 if (ret) { 348 pr_err("alg: hash: init failed on test %d " 349 "for %s: ret=%d\n", j, algo, -ret); 350 goto out; 351 } 352 ret = ahash_guard_result(result, 1, digest_size); 353 if (ret) { 354 pr_err("alg: hash: init failed on test %d " 355 "for %s: used req->result\n", j, algo); 356 goto out; 357 } 358 ret = crypto_wait_req(crypto_ahash_update(req), &wait); 359 if (ret) { 360 pr_err("alg: hash: update failed on test %d " 361 "for %s: ret=%d\n", j, algo, -ret); 362 goto out; 363 } 364 ret = ahash_guard_result(result, 1, digest_size); 365 if (ret) { 366 pr_err("alg: hash: update failed on test %d " 367 "for %s: used req->result\n", j, algo); 368 goto out; 369 } 370 ret = crypto_wait_req(crypto_ahash_final(req), &wait); 371 if (ret) { 372 pr_err("alg: hash: final failed on test %d " 373 "for %s: ret=%d\n", j, algo, -ret); 374 goto out; 375 } 376 } 377 378 if (memcmp(result, template[i].digest, 379 crypto_ahash_digestsize(tfm))) { 380 printk(KERN_ERR "alg: hash: Test %d failed for %s\n", 381 j, algo); 382 hexdump(result, crypto_ahash_digestsize(tfm)); 383 ret = -EINVAL; 384 goto out; 385 } 386 } 387 388 j = 0; 389 for (i = 0; i < tcount; i++) { 390 /* alignment tests are only done with continuous buffers */ 391 if (align_offset != 0) 392 break; 393 394 if (!template[i].np) 395 continue; 396 397 j++; 398 memset(result, 0, digest_size); 399 400 temp = 0; 401 sg_init_table(sg, template[i].np); 402 ret = -EINVAL; 403 for (k = 0; k < template[i].np; k++) { 404 if (WARN_ON(offset_in_page(IDX[k]) + 405 template[i].tap[k] > PAGE_SIZE)) 406 goto out; 407 sg_set_buf(&sg[k], 408 memcpy(xbuf[IDX[k] >> PAGE_SHIFT] + 409 offset_in_page(IDX[k]), 410 template[i].plaintext + temp, 411 template[i].tap[k]), 412 template[i].tap[k]); 413 temp += template[i].tap[k]; 414 } 415 416 if (template[i].ksize) { 417 if (template[i].ksize > MAX_KEYLEN) { 418 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n", 419 j, algo, template[i].ksize, MAX_KEYLEN); 420 ret = -EINVAL; 421 goto out; 422 } 423 crypto_ahash_clear_flags(tfm, ~0); 424 memcpy(key, template[i].key, template[i].ksize); 425 ret = crypto_ahash_setkey(tfm, key, template[i].ksize); 426 427 if (ret) { 428 printk(KERN_ERR "alg: hash: setkey " 429 "failed on chunking test %d " 430 "for %s: ret=%d\n", j, algo, -ret); 431 goto out; 432 } 433 } 434 435 ahash_request_set_crypt(req, sg, result, template[i].psize); 436 ret = crypto_wait_req(crypto_ahash_digest(req), &wait); 437 if (ret) { 438 pr_err("alg: hash: digest failed on chunking test %d for %s: ret=%d\n", 439 j, algo, -ret); 440 goto out; 441 } 442 443 if (memcmp(result, template[i].digest, 444 crypto_ahash_digestsize(tfm))) { 445 printk(KERN_ERR "alg: hash: Chunking test %d " 446 "failed for %s\n", j, algo); 447 hexdump(result, crypto_ahash_digestsize(tfm)); 448 ret = -EINVAL; 449 goto out; 450 } 451 } 452 453 /* partial update exercise */ 454 j = 0; 455 for (i = 0; i < tcount; i++) { 456 /* alignment tests are only done with continuous buffers */ 457 if (align_offset != 0) 458 break; 459 460 if (template[i].np < 2) 461 continue; 462 463 j++; 464 memset(result, 0, digest_size); 465 466 ret = -EINVAL; 467 hash_buff = xbuf[0]; 468 memcpy(hash_buff, template[i].plaintext, 469 template[i].tap[0]); 470 sg_init_one(&sg[0], hash_buff, template[i].tap[0]); 471 472 if (template[i].ksize) { 473 crypto_ahash_clear_flags(tfm, ~0); 474 if (template[i].ksize > MAX_KEYLEN) { 475 pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n", 476 j, algo, template[i].ksize, MAX_KEYLEN); 477 ret = -EINVAL; 478 goto out; 479 } 480 memcpy(key, template[i].key, template[i].ksize); 481 ret = crypto_ahash_setkey(tfm, key, template[i].ksize); 482 if (ret) { 483 pr_err("alg: hash: setkey failed on test %d for %s: ret=%d\n", 484 j, algo, -ret); 485 goto out; 486 } 487 } 488 489 ahash_request_set_crypt(req, sg, result, template[i].tap[0]); 490 ret = crypto_wait_req(crypto_ahash_init(req), &wait); 491 if (ret) { 492 pr_err("alg: hash: init failed on test %d for %s: ret=%d\n", 493 j, algo, -ret); 494 goto out; 495 } 496 ret = crypto_wait_req(crypto_ahash_update(req), &wait); 497 if (ret) { 498 pr_err("alg: hash: update failed on test %d for %s: ret=%d\n", 499 j, algo, -ret); 500 goto out; 501 } 502 503 temp = template[i].tap[0]; 504 for (k = 1; k < template[i].np; k++) { 505 ret = ahash_partial_update(&req, tfm, &template[i], 506 hash_buff, k, temp, &sg[0], algo, result, 507 &wait); 508 if (ret) { 509 pr_err("alg: hash: partial update failed on test %d for %s: ret=%d\n", 510 j, algo, -ret); 511 goto out_noreq; 512 } 513 temp += template[i].tap[k]; 514 } 515 ret = crypto_wait_req(crypto_ahash_final(req), &wait); 516 if (ret) { 517 pr_err("alg: hash: final failed on test %d for %s: ret=%d\n", 518 j, algo, -ret); 519 goto out; 520 } 521 if (memcmp(result, template[i].digest, 522 crypto_ahash_digestsize(tfm))) { 523 pr_err("alg: hash: Partial Test %d failed for %s\n", 524 j, algo); 525 hexdump(result, crypto_ahash_digestsize(tfm)); 526 ret = -EINVAL; 527 goto out; 528 } 529 } 530 531 ret = 0; 532 533 out: 534 ahash_request_free(req); 535 out_noreq: 536 testmgr_free_buf(xbuf); 537 out_nobuf: 538 kfree(key); 539 kfree(result); 540 return ret; 541 } 542 543 static int test_hash(struct crypto_ahash *tfm, 544 const struct hash_testvec *template, 545 unsigned int tcount, bool use_digest) 546 { 547 unsigned int alignmask; 548 int ret; 549 550 ret = __test_hash(tfm, template, tcount, use_digest, 0); 551 if (ret) 552 return ret; 553 554 /* test unaligned buffers, check with one byte offset */ 555 ret = __test_hash(tfm, template, tcount, use_digest, 1); 556 if (ret) 557 return ret; 558 559 alignmask = crypto_tfm_alg_alignmask(&tfm->base); 560 if (alignmask) { 561 /* Check if alignment mask for tfm is correctly set. */ 562 ret = __test_hash(tfm, template, tcount, use_digest, 563 alignmask + 1); 564 if (ret) 565 return ret; 566 } 567 568 return 0; 569 } 570 571 static int __test_aead(struct crypto_aead *tfm, int enc, 572 const struct aead_testvec *template, unsigned int tcount, 573 const bool diff_dst, const int align_offset) 574 { 575 const char *algo = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)); 576 unsigned int i, j, k, n, temp; 577 int ret = -ENOMEM; 578 char *q; 579 char *key; 580 struct aead_request *req; 581 struct scatterlist *sg; 582 struct scatterlist *sgout; 583 const char *e, *d; 584 struct crypto_wait wait; 585 unsigned int authsize, iv_len; 586 void *input; 587 void *output; 588 void *assoc; 589 char *iv; 590 char *xbuf[XBUFSIZE]; 591 char *xoutbuf[XBUFSIZE]; 592 char *axbuf[XBUFSIZE]; 593 594 iv = kzalloc(MAX_IVLEN, GFP_KERNEL); 595 if (!iv) 596 return ret; 597 key = kmalloc(MAX_KEYLEN, GFP_KERNEL); 598 if (!key) 599 goto out_noxbuf; 600 if (testmgr_alloc_buf(xbuf)) 601 goto out_noxbuf; 602 if (testmgr_alloc_buf(axbuf)) 603 goto out_noaxbuf; 604 if (diff_dst && testmgr_alloc_buf(xoutbuf)) 605 goto out_nooutbuf; 606 607 /* avoid "the frame size is larger than 1024 bytes" compiler warning */ 608 sg = kmalloc(sizeof(*sg) * 8 * (diff_dst ? 4 : 2), GFP_KERNEL); 609 if (!sg) 610 goto out_nosg; 611 sgout = &sg[16]; 612 613 if (diff_dst) 614 d = "-ddst"; 615 else 616 d = ""; 617 618 if (enc == ENCRYPT) 619 e = "encryption"; 620 else 621 e = "decryption"; 622 623 crypto_init_wait(&wait); 624 625 req = aead_request_alloc(tfm, GFP_KERNEL); 626 if (!req) { 627 pr_err("alg: aead%s: Failed to allocate request for %s\n", 628 d, algo); 629 goto out; 630 } 631 632 aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 633 crypto_req_done, &wait); 634 635 iv_len = crypto_aead_ivsize(tfm); 636 637 for (i = 0, j = 0; i < tcount; i++) { 638 if (template[i].np) 639 continue; 640 641 j++; 642 643 /* some templates have no input data but they will 644 * touch input 645 */ 646 input = xbuf[0]; 647 input += align_offset; 648 assoc = axbuf[0]; 649 650 ret = -EINVAL; 651 if (WARN_ON(align_offset + template[i].ilen > 652 PAGE_SIZE || template[i].alen > PAGE_SIZE)) 653 goto out; 654 655 memcpy(input, template[i].input, template[i].ilen); 656 memcpy(assoc, template[i].assoc, template[i].alen); 657 if (template[i].iv) 658 memcpy(iv, template[i].iv, iv_len); 659 else 660 memset(iv, 0, iv_len); 661 662 crypto_aead_clear_flags(tfm, ~0); 663 if (template[i].wk) 664 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY); 665 666 if (template[i].klen > MAX_KEYLEN) { 667 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n", 668 d, j, algo, template[i].klen, 669 MAX_KEYLEN); 670 ret = -EINVAL; 671 goto out; 672 } 673 memcpy(key, template[i].key, template[i].klen); 674 675 ret = crypto_aead_setkey(tfm, key, template[i].klen); 676 if (template[i].fail == !ret) { 677 pr_err("alg: aead%s: setkey failed on test %d for %s: flags=%x\n", 678 d, j, algo, crypto_aead_get_flags(tfm)); 679 goto out; 680 } else if (ret) 681 continue; 682 683 authsize = abs(template[i].rlen - template[i].ilen); 684 ret = crypto_aead_setauthsize(tfm, authsize); 685 if (ret) { 686 pr_err("alg: aead%s: Failed to set authsize to %u on test %d for %s\n", 687 d, authsize, j, algo); 688 goto out; 689 } 690 691 k = !!template[i].alen; 692 sg_init_table(sg, k + 1); 693 sg_set_buf(&sg[0], assoc, template[i].alen); 694 sg_set_buf(&sg[k], input, 695 template[i].ilen + (enc ? authsize : 0)); 696 output = input; 697 698 if (diff_dst) { 699 sg_init_table(sgout, k + 1); 700 sg_set_buf(&sgout[0], assoc, template[i].alen); 701 702 output = xoutbuf[0]; 703 output += align_offset; 704 sg_set_buf(&sgout[k], output, 705 template[i].rlen + (enc ? 0 : authsize)); 706 } 707 708 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, 709 template[i].ilen, iv); 710 711 aead_request_set_ad(req, template[i].alen); 712 713 ret = crypto_wait_req(enc ? crypto_aead_encrypt(req) 714 : crypto_aead_decrypt(req), &wait); 715 716 switch (ret) { 717 case 0: 718 if (template[i].novrfy) { 719 /* verification was supposed to fail */ 720 pr_err("alg: aead%s: %s failed on test %d for %s: ret was 0, expected -EBADMSG\n", 721 d, e, j, algo); 722 /* so really, we got a bad message */ 723 ret = -EBADMSG; 724 goto out; 725 } 726 break; 727 case -EBADMSG: 728 if (template[i].novrfy) 729 /* verification failure was expected */ 730 continue; 731 /* fall through */ 732 default: 733 pr_err("alg: aead%s: %s failed on test %d for %s: ret=%d\n", 734 d, e, j, algo, -ret); 735 goto out; 736 } 737 738 q = output; 739 if (memcmp(q, template[i].result, template[i].rlen)) { 740 pr_err("alg: aead%s: Test %d failed on %s for %s\n", 741 d, j, e, algo); 742 hexdump(q, template[i].rlen); 743 ret = -EINVAL; 744 goto out; 745 } 746 } 747 748 for (i = 0, j = 0; i < tcount; i++) { 749 /* alignment tests are only done with continuous buffers */ 750 if (align_offset != 0) 751 break; 752 753 if (!template[i].np) 754 continue; 755 756 j++; 757 758 if (template[i].iv) 759 memcpy(iv, template[i].iv, iv_len); 760 else 761 memset(iv, 0, MAX_IVLEN); 762 763 crypto_aead_clear_flags(tfm, ~0); 764 if (template[i].wk) 765 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY); 766 if (template[i].klen > MAX_KEYLEN) { 767 pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n", 768 d, j, algo, template[i].klen, MAX_KEYLEN); 769 ret = -EINVAL; 770 goto out; 771 } 772 memcpy(key, template[i].key, template[i].klen); 773 774 ret = crypto_aead_setkey(tfm, key, template[i].klen); 775 if (template[i].fail == !ret) { 776 pr_err("alg: aead%s: setkey failed on chunk test %d for %s: flags=%x\n", 777 d, j, algo, crypto_aead_get_flags(tfm)); 778 goto out; 779 } else if (ret) 780 continue; 781 782 authsize = abs(template[i].rlen - template[i].ilen); 783 784 ret = -EINVAL; 785 sg_init_table(sg, template[i].anp + template[i].np); 786 if (diff_dst) 787 sg_init_table(sgout, template[i].anp + template[i].np); 788 789 ret = -EINVAL; 790 for (k = 0, temp = 0; k < template[i].anp; k++) { 791 if (WARN_ON(offset_in_page(IDX[k]) + 792 template[i].atap[k] > PAGE_SIZE)) 793 goto out; 794 sg_set_buf(&sg[k], 795 memcpy(axbuf[IDX[k] >> PAGE_SHIFT] + 796 offset_in_page(IDX[k]), 797 template[i].assoc + temp, 798 template[i].atap[k]), 799 template[i].atap[k]); 800 if (diff_dst) 801 sg_set_buf(&sgout[k], 802 axbuf[IDX[k] >> PAGE_SHIFT] + 803 offset_in_page(IDX[k]), 804 template[i].atap[k]); 805 temp += template[i].atap[k]; 806 } 807 808 for (k = 0, temp = 0; k < template[i].np; k++) { 809 if (WARN_ON(offset_in_page(IDX[k]) + 810 template[i].tap[k] > PAGE_SIZE)) 811 goto out; 812 813 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]); 814 memcpy(q, template[i].input + temp, template[i].tap[k]); 815 sg_set_buf(&sg[template[i].anp + k], 816 q, template[i].tap[k]); 817 818 if (diff_dst) { 819 q = xoutbuf[IDX[k] >> PAGE_SHIFT] + 820 offset_in_page(IDX[k]); 821 822 memset(q, 0, template[i].tap[k]); 823 824 sg_set_buf(&sgout[template[i].anp + k], 825 q, template[i].tap[k]); 826 } 827 828 n = template[i].tap[k]; 829 if (k == template[i].np - 1 && enc) 830 n += authsize; 831 if (offset_in_page(q) + n < PAGE_SIZE) 832 q[n] = 0; 833 834 temp += template[i].tap[k]; 835 } 836 837 ret = crypto_aead_setauthsize(tfm, authsize); 838 if (ret) { 839 pr_err("alg: aead%s: Failed to set authsize to %u on chunk test %d for %s\n", 840 d, authsize, j, algo); 841 goto out; 842 } 843 844 if (enc) { 845 if (WARN_ON(sg[template[i].anp + k - 1].offset + 846 sg[template[i].anp + k - 1].length + 847 authsize > PAGE_SIZE)) { 848 ret = -EINVAL; 849 goto out; 850 } 851 852 if (diff_dst) 853 sgout[template[i].anp + k - 1].length += 854 authsize; 855 sg[template[i].anp + k - 1].length += authsize; 856 } 857 858 aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, 859 template[i].ilen, 860 iv); 861 862 aead_request_set_ad(req, template[i].alen); 863 864 ret = crypto_wait_req(enc ? crypto_aead_encrypt(req) 865 : crypto_aead_decrypt(req), &wait); 866 867 switch (ret) { 868 case 0: 869 if (template[i].novrfy) { 870 /* verification was supposed to fail */ 871 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret was 0, expected -EBADMSG\n", 872 d, e, j, algo); 873 /* so really, we got a bad message */ 874 ret = -EBADMSG; 875 goto out; 876 } 877 break; 878 case -EBADMSG: 879 if (template[i].novrfy) 880 /* verification failure was expected */ 881 continue; 882 /* fall through */ 883 default: 884 pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret=%d\n", 885 d, e, j, algo, -ret); 886 goto out; 887 } 888 889 ret = -EINVAL; 890 for (k = 0, temp = 0; k < template[i].np; k++) { 891 if (diff_dst) 892 q = xoutbuf[IDX[k] >> PAGE_SHIFT] + 893 offset_in_page(IDX[k]); 894 else 895 q = xbuf[IDX[k] >> PAGE_SHIFT] + 896 offset_in_page(IDX[k]); 897 898 n = template[i].tap[k]; 899 if (k == template[i].np - 1) 900 n += enc ? authsize : -authsize; 901 902 if (memcmp(q, template[i].result + temp, n)) { 903 pr_err("alg: aead%s: Chunk test %d failed on %s at page %u for %s\n", 904 d, j, e, k, algo); 905 hexdump(q, n); 906 goto out; 907 } 908 909 q += n; 910 if (k == template[i].np - 1 && !enc) { 911 if (!diff_dst && 912 memcmp(q, template[i].input + 913 temp + n, authsize)) 914 n = authsize; 915 else 916 n = 0; 917 } else { 918 for (n = 0; offset_in_page(q + n) && q[n]; n++) 919 ; 920 } 921 if (n) { 922 pr_err("alg: aead%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n", 923 d, j, e, k, algo, n); 924 hexdump(q, n); 925 goto out; 926 } 927 928 temp += template[i].tap[k]; 929 } 930 } 931 932 ret = 0; 933 934 out: 935 aead_request_free(req); 936 kfree(sg); 937 out_nosg: 938 if (diff_dst) 939 testmgr_free_buf(xoutbuf); 940 out_nooutbuf: 941 testmgr_free_buf(axbuf); 942 out_noaxbuf: 943 testmgr_free_buf(xbuf); 944 out_noxbuf: 945 kfree(key); 946 kfree(iv); 947 return ret; 948 } 949 950 static int test_aead(struct crypto_aead *tfm, int enc, 951 const struct aead_testvec *template, unsigned int tcount) 952 { 953 unsigned int alignmask; 954 int ret; 955 956 /* test 'dst == src' case */ 957 ret = __test_aead(tfm, enc, template, tcount, false, 0); 958 if (ret) 959 return ret; 960 961 /* test 'dst != src' case */ 962 ret = __test_aead(tfm, enc, template, tcount, true, 0); 963 if (ret) 964 return ret; 965 966 /* test unaligned buffers, check with one byte offset */ 967 ret = __test_aead(tfm, enc, template, tcount, true, 1); 968 if (ret) 969 return ret; 970 971 alignmask = crypto_tfm_alg_alignmask(&tfm->base); 972 if (alignmask) { 973 /* Check if alignment mask for tfm is correctly set. */ 974 ret = __test_aead(tfm, enc, template, tcount, true, 975 alignmask + 1); 976 if (ret) 977 return ret; 978 } 979 980 return 0; 981 } 982 983 static int test_cipher(struct crypto_cipher *tfm, int enc, 984 const struct cipher_testvec *template, 985 unsigned int tcount) 986 { 987 const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm)); 988 unsigned int i, j, k; 989 char *q; 990 const char *e; 991 void *data; 992 char *xbuf[XBUFSIZE]; 993 int ret = -ENOMEM; 994 995 if (testmgr_alloc_buf(xbuf)) 996 goto out_nobuf; 997 998 if (enc == ENCRYPT) 999 e = "encryption"; 1000 else 1001 e = "decryption"; 1002 1003 j = 0; 1004 for (i = 0; i < tcount; i++) { 1005 if (template[i].np) 1006 continue; 1007 1008 if (fips_enabled && template[i].fips_skip) 1009 continue; 1010 1011 j++; 1012 1013 ret = -EINVAL; 1014 if (WARN_ON(template[i].ilen > PAGE_SIZE)) 1015 goto out; 1016 1017 data = xbuf[0]; 1018 memcpy(data, template[i].input, template[i].ilen); 1019 1020 crypto_cipher_clear_flags(tfm, ~0); 1021 if (template[i].wk) 1022 crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY); 1023 1024 ret = crypto_cipher_setkey(tfm, template[i].key, 1025 template[i].klen); 1026 if (template[i].fail == !ret) { 1027 printk(KERN_ERR "alg: cipher: setkey failed " 1028 "on test %d for %s: flags=%x\n", j, 1029 algo, crypto_cipher_get_flags(tfm)); 1030 goto out; 1031 } else if (ret) 1032 continue; 1033 1034 for (k = 0; k < template[i].ilen; 1035 k += crypto_cipher_blocksize(tfm)) { 1036 if (enc) 1037 crypto_cipher_encrypt_one(tfm, data + k, 1038 data + k); 1039 else 1040 crypto_cipher_decrypt_one(tfm, data + k, 1041 data + k); 1042 } 1043 1044 q = data; 1045 if (memcmp(q, template[i].result, template[i].rlen)) { 1046 printk(KERN_ERR "alg: cipher: Test %d failed " 1047 "on %s for %s\n", j, e, algo); 1048 hexdump(q, template[i].rlen); 1049 ret = -EINVAL; 1050 goto out; 1051 } 1052 } 1053 1054 ret = 0; 1055 1056 out: 1057 testmgr_free_buf(xbuf); 1058 out_nobuf: 1059 return ret; 1060 } 1061 1062 static int __test_skcipher(struct crypto_skcipher *tfm, int enc, 1063 const struct cipher_testvec *template, 1064 unsigned int tcount, 1065 const bool diff_dst, const int align_offset) 1066 { 1067 const char *algo = 1068 crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)); 1069 unsigned int i, j, k, n, temp; 1070 char *q; 1071 struct skcipher_request *req; 1072 struct scatterlist sg[8]; 1073 struct scatterlist sgout[8]; 1074 const char *e, *d; 1075 struct crypto_wait wait; 1076 void *data; 1077 char iv[MAX_IVLEN]; 1078 char *xbuf[XBUFSIZE]; 1079 char *xoutbuf[XBUFSIZE]; 1080 int ret = -ENOMEM; 1081 unsigned int ivsize = crypto_skcipher_ivsize(tfm); 1082 1083 if (testmgr_alloc_buf(xbuf)) 1084 goto out_nobuf; 1085 1086 if (diff_dst && testmgr_alloc_buf(xoutbuf)) 1087 goto out_nooutbuf; 1088 1089 if (diff_dst) 1090 d = "-ddst"; 1091 else 1092 d = ""; 1093 1094 if (enc == ENCRYPT) 1095 e = "encryption"; 1096 else 1097 e = "decryption"; 1098 1099 crypto_init_wait(&wait); 1100 1101 req = skcipher_request_alloc(tfm, GFP_KERNEL); 1102 if (!req) { 1103 pr_err("alg: skcipher%s: Failed to allocate request for %s\n", 1104 d, algo); 1105 goto out; 1106 } 1107 1108 skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 1109 crypto_req_done, &wait); 1110 1111 j = 0; 1112 for (i = 0; i < tcount; i++) { 1113 if (template[i].np && !template[i].also_non_np) 1114 continue; 1115 1116 if (fips_enabled && template[i].fips_skip) 1117 continue; 1118 1119 if (template[i].iv) 1120 memcpy(iv, template[i].iv, ivsize); 1121 else 1122 memset(iv, 0, MAX_IVLEN); 1123 1124 j++; 1125 ret = -EINVAL; 1126 if (WARN_ON(align_offset + template[i].ilen > PAGE_SIZE)) 1127 goto out; 1128 1129 data = xbuf[0]; 1130 data += align_offset; 1131 memcpy(data, template[i].input, template[i].ilen); 1132 1133 crypto_skcipher_clear_flags(tfm, ~0); 1134 if (template[i].wk) 1135 crypto_skcipher_set_flags(tfm, 1136 CRYPTO_TFM_REQ_WEAK_KEY); 1137 1138 ret = crypto_skcipher_setkey(tfm, template[i].key, 1139 template[i].klen); 1140 if (template[i].fail == !ret) { 1141 pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n", 1142 d, j, algo, crypto_skcipher_get_flags(tfm)); 1143 goto out; 1144 } else if (ret) 1145 continue; 1146 1147 sg_init_one(&sg[0], data, template[i].ilen); 1148 if (diff_dst) { 1149 data = xoutbuf[0]; 1150 data += align_offset; 1151 sg_init_one(&sgout[0], data, template[i].ilen); 1152 } 1153 1154 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, 1155 template[i].ilen, iv); 1156 ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) : 1157 crypto_skcipher_decrypt(req), &wait); 1158 1159 if (ret) { 1160 pr_err("alg: skcipher%s: %s failed on test %d for %s: ret=%d\n", 1161 d, e, j, algo, -ret); 1162 goto out; 1163 } 1164 1165 q = data; 1166 if (memcmp(q, template[i].result, template[i].rlen)) { 1167 pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n", 1168 d, j, e, algo); 1169 hexdump(q, template[i].rlen); 1170 ret = -EINVAL; 1171 goto out; 1172 } 1173 1174 if (template[i].iv_out && 1175 memcmp(iv, template[i].iv_out, 1176 crypto_skcipher_ivsize(tfm))) { 1177 pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n", 1178 d, j, e, algo); 1179 hexdump(iv, crypto_skcipher_ivsize(tfm)); 1180 ret = -EINVAL; 1181 goto out; 1182 } 1183 } 1184 1185 j = 0; 1186 for (i = 0; i < tcount; i++) { 1187 /* alignment tests are only done with continuous buffers */ 1188 if (align_offset != 0) 1189 break; 1190 1191 if (!template[i].np) 1192 continue; 1193 1194 if (fips_enabled && template[i].fips_skip) 1195 continue; 1196 1197 if (template[i].iv) 1198 memcpy(iv, template[i].iv, ivsize); 1199 else 1200 memset(iv, 0, MAX_IVLEN); 1201 1202 j++; 1203 crypto_skcipher_clear_flags(tfm, ~0); 1204 if (template[i].wk) 1205 crypto_skcipher_set_flags(tfm, 1206 CRYPTO_TFM_REQ_WEAK_KEY); 1207 1208 ret = crypto_skcipher_setkey(tfm, template[i].key, 1209 template[i].klen); 1210 if (template[i].fail == !ret) { 1211 pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n", 1212 d, j, algo, crypto_skcipher_get_flags(tfm)); 1213 goto out; 1214 } else if (ret) 1215 continue; 1216 1217 temp = 0; 1218 ret = -EINVAL; 1219 sg_init_table(sg, template[i].np); 1220 if (diff_dst) 1221 sg_init_table(sgout, template[i].np); 1222 for (k = 0; k < template[i].np; k++) { 1223 if (WARN_ON(offset_in_page(IDX[k]) + 1224 template[i].tap[k] > PAGE_SIZE)) 1225 goto out; 1226 1227 q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]); 1228 1229 memcpy(q, template[i].input + temp, template[i].tap[k]); 1230 1231 if (offset_in_page(q) + template[i].tap[k] < PAGE_SIZE) 1232 q[template[i].tap[k]] = 0; 1233 1234 sg_set_buf(&sg[k], q, template[i].tap[k]); 1235 if (diff_dst) { 1236 q = xoutbuf[IDX[k] >> PAGE_SHIFT] + 1237 offset_in_page(IDX[k]); 1238 1239 sg_set_buf(&sgout[k], q, template[i].tap[k]); 1240 1241 memset(q, 0, template[i].tap[k]); 1242 if (offset_in_page(q) + 1243 template[i].tap[k] < PAGE_SIZE) 1244 q[template[i].tap[k]] = 0; 1245 } 1246 1247 temp += template[i].tap[k]; 1248 } 1249 1250 skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, 1251 template[i].ilen, iv); 1252 1253 ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) : 1254 crypto_skcipher_decrypt(req), &wait); 1255 1256 if (ret) { 1257 pr_err("alg: skcipher%s: %s failed on chunk test %d for %s: ret=%d\n", 1258 d, e, j, algo, -ret); 1259 goto out; 1260 } 1261 1262 temp = 0; 1263 ret = -EINVAL; 1264 for (k = 0; k < template[i].np; k++) { 1265 if (diff_dst) 1266 q = xoutbuf[IDX[k] >> PAGE_SHIFT] + 1267 offset_in_page(IDX[k]); 1268 else 1269 q = xbuf[IDX[k] >> PAGE_SHIFT] + 1270 offset_in_page(IDX[k]); 1271 1272 if (memcmp(q, template[i].result + temp, 1273 template[i].tap[k])) { 1274 pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n", 1275 d, j, e, k, algo); 1276 hexdump(q, template[i].tap[k]); 1277 goto out; 1278 } 1279 1280 q += template[i].tap[k]; 1281 for (n = 0; offset_in_page(q + n) && q[n]; n++) 1282 ; 1283 if (n) { 1284 pr_err("alg: skcipher%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n", 1285 d, j, e, k, algo, n); 1286 hexdump(q, n); 1287 goto out; 1288 } 1289 temp += template[i].tap[k]; 1290 } 1291 } 1292 1293 ret = 0; 1294 1295 out: 1296 skcipher_request_free(req); 1297 if (diff_dst) 1298 testmgr_free_buf(xoutbuf); 1299 out_nooutbuf: 1300 testmgr_free_buf(xbuf); 1301 out_nobuf: 1302 return ret; 1303 } 1304 1305 static int test_skcipher(struct crypto_skcipher *tfm, int enc, 1306 const struct cipher_testvec *template, 1307 unsigned int tcount) 1308 { 1309 unsigned int alignmask; 1310 int ret; 1311 1312 /* test 'dst == src' case */ 1313 ret = __test_skcipher(tfm, enc, template, tcount, false, 0); 1314 if (ret) 1315 return ret; 1316 1317 /* test 'dst != src' case */ 1318 ret = __test_skcipher(tfm, enc, template, tcount, true, 0); 1319 if (ret) 1320 return ret; 1321 1322 /* test unaligned buffers, check with one byte offset */ 1323 ret = __test_skcipher(tfm, enc, template, tcount, true, 1); 1324 if (ret) 1325 return ret; 1326 1327 alignmask = crypto_tfm_alg_alignmask(&tfm->base); 1328 if (alignmask) { 1329 /* Check if alignment mask for tfm is correctly set. */ 1330 ret = __test_skcipher(tfm, enc, template, tcount, true, 1331 alignmask + 1); 1332 if (ret) 1333 return ret; 1334 } 1335 1336 return 0; 1337 } 1338 1339 static int test_comp(struct crypto_comp *tfm, 1340 const struct comp_testvec *ctemplate, 1341 const struct comp_testvec *dtemplate, 1342 int ctcount, int dtcount) 1343 { 1344 const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm)); 1345 unsigned int i; 1346 char result[COMP_BUF_SIZE]; 1347 int ret; 1348 1349 for (i = 0; i < ctcount; i++) { 1350 int ilen; 1351 unsigned int dlen = COMP_BUF_SIZE; 1352 1353 memset(result, 0, sizeof (result)); 1354 1355 ilen = ctemplate[i].inlen; 1356 ret = crypto_comp_compress(tfm, ctemplate[i].input, 1357 ilen, result, &dlen); 1358 if (ret) { 1359 printk(KERN_ERR "alg: comp: compression failed " 1360 "on test %d for %s: ret=%d\n", i + 1, algo, 1361 -ret); 1362 goto out; 1363 } 1364 1365 if (dlen != ctemplate[i].outlen) { 1366 printk(KERN_ERR "alg: comp: Compression test %d " 1367 "failed for %s: output len = %d\n", i + 1, algo, 1368 dlen); 1369 ret = -EINVAL; 1370 goto out; 1371 } 1372 1373 if (memcmp(result, ctemplate[i].output, dlen)) { 1374 printk(KERN_ERR "alg: comp: Compression test %d " 1375 "failed for %s\n", i + 1, algo); 1376 hexdump(result, dlen); 1377 ret = -EINVAL; 1378 goto out; 1379 } 1380 } 1381 1382 for (i = 0; i < dtcount; i++) { 1383 int ilen; 1384 unsigned int dlen = COMP_BUF_SIZE; 1385 1386 memset(result, 0, sizeof (result)); 1387 1388 ilen = dtemplate[i].inlen; 1389 ret = crypto_comp_decompress(tfm, dtemplate[i].input, 1390 ilen, result, &dlen); 1391 if (ret) { 1392 printk(KERN_ERR "alg: comp: decompression failed " 1393 "on test %d for %s: ret=%d\n", i + 1, algo, 1394 -ret); 1395 goto out; 1396 } 1397 1398 if (dlen != dtemplate[i].outlen) { 1399 printk(KERN_ERR "alg: comp: Decompression test %d " 1400 "failed for %s: output len = %d\n", i + 1, algo, 1401 dlen); 1402 ret = -EINVAL; 1403 goto out; 1404 } 1405 1406 if (memcmp(result, dtemplate[i].output, dlen)) { 1407 printk(KERN_ERR "alg: comp: Decompression test %d " 1408 "failed for %s\n", i + 1, algo); 1409 hexdump(result, dlen); 1410 ret = -EINVAL; 1411 goto out; 1412 } 1413 } 1414 1415 ret = 0; 1416 1417 out: 1418 return ret; 1419 } 1420 1421 static int test_acomp(struct crypto_acomp *tfm, 1422 const struct comp_testvec *ctemplate, 1423 const struct comp_testvec *dtemplate, 1424 int ctcount, int dtcount) 1425 { 1426 const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm)); 1427 unsigned int i; 1428 char *output, *decomp_out; 1429 int ret; 1430 struct scatterlist src, dst; 1431 struct acomp_req *req; 1432 struct crypto_wait wait; 1433 1434 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); 1435 if (!output) 1436 return -ENOMEM; 1437 1438 decomp_out = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); 1439 if (!decomp_out) { 1440 kfree(output); 1441 return -ENOMEM; 1442 } 1443 1444 for (i = 0; i < ctcount; i++) { 1445 unsigned int dlen = COMP_BUF_SIZE; 1446 int ilen = ctemplate[i].inlen; 1447 void *input_vec; 1448 1449 input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL); 1450 if (!input_vec) { 1451 ret = -ENOMEM; 1452 goto out; 1453 } 1454 1455 memset(output, 0, dlen); 1456 crypto_init_wait(&wait); 1457 sg_init_one(&src, input_vec, ilen); 1458 sg_init_one(&dst, output, dlen); 1459 1460 req = acomp_request_alloc(tfm); 1461 if (!req) { 1462 pr_err("alg: acomp: request alloc failed for %s\n", 1463 algo); 1464 kfree(input_vec); 1465 ret = -ENOMEM; 1466 goto out; 1467 } 1468 1469 acomp_request_set_params(req, &src, &dst, ilen, dlen); 1470 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 1471 crypto_req_done, &wait); 1472 1473 ret = crypto_wait_req(crypto_acomp_compress(req), &wait); 1474 if (ret) { 1475 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n", 1476 i + 1, algo, -ret); 1477 kfree(input_vec); 1478 acomp_request_free(req); 1479 goto out; 1480 } 1481 1482 ilen = req->dlen; 1483 dlen = COMP_BUF_SIZE; 1484 sg_init_one(&src, output, ilen); 1485 sg_init_one(&dst, decomp_out, dlen); 1486 crypto_init_wait(&wait); 1487 acomp_request_set_params(req, &src, &dst, ilen, dlen); 1488 1489 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait); 1490 if (ret) { 1491 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n", 1492 i + 1, algo, -ret); 1493 kfree(input_vec); 1494 acomp_request_free(req); 1495 goto out; 1496 } 1497 1498 if (req->dlen != ctemplate[i].inlen) { 1499 pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n", 1500 i + 1, algo, req->dlen); 1501 ret = -EINVAL; 1502 kfree(input_vec); 1503 acomp_request_free(req); 1504 goto out; 1505 } 1506 1507 if (memcmp(input_vec, decomp_out, req->dlen)) { 1508 pr_err("alg: acomp: Compression test %d failed for %s\n", 1509 i + 1, algo); 1510 hexdump(output, req->dlen); 1511 ret = -EINVAL; 1512 kfree(input_vec); 1513 acomp_request_free(req); 1514 goto out; 1515 } 1516 1517 kfree(input_vec); 1518 acomp_request_free(req); 1519 } 1520 1521 for (i = 0; i < dtcount; i++) { 1522 unsigned int dlen = COMP_BUF_SIZE; 1523 int ilen = dtemplate[i].inlen; 1524 void *input_vec; 1525 1526 input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL); 1527 if (!input_vec) { 1528 ret = -ENOMEM; 1529 goto out; 1530 } 1531 1532 memset(output, 0, dlen); 1533 crypto_init_wait(&wait); 1534 sg_init_one(&src, input_vec, ilen); 1535 sg_init_one(&dst, output, dlen); 1536 1537 req = acomp_request_alloc(tfm); 1538 if (!req) { 1539 pr_err("alg: acomp: request alloc failed for %s\n", 1540 algo); 1541 kfree(input_vec); 1542 ret = -ENOMEM; 1543 goto out; 1544 } 1545 1546 acomp_request_set_params(req, &src, &dst, ilen, dlen); 1547 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 1548 crypto_req_done, &wait); 1549 1550 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait); 1551 if (ret) { 1552 pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n", 1553 i + 1, algo, -ret); 1554 kfree(input_vec); 1555 acomp_request_free(req); 1556 goto out; 1557 } 1558 1559 if (req->dlen != dtemplate[i].outlen) { 1560 pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n", 1561 i + 1, algo, req->dlen); 1562 ret = -EINVAL; 1563 kfree(input_vec); 1564 acomp_request_free(req); 1565 goto out; 1566 } 1567 1568 if (memcmp(output, dtemplate[i].output, req->dlen)) { 1569 pr_err("alg: acomp: Decompression test %d failed for %s\n", 1570 i + 1, algo); 1571 hexdump(output, req->dlen); 1572 ret = -EINVAL; 1573 kfree(input_vec); 1574 acomp_request_free(req); 1575 goto out; 1576 } 1577 1578 kfree(input_vec); 1579 acomp_request_free(req); 1580 } 1581 1582 ret = 0; 1583 1584 out: 1585 kfree(decomp_out); 1586 kfree(output); 1587 return ret; 1588 } 1589 1590 static int test_cprng(struct crypto_rng *tfm, 1591 const struct cprng_testvec *template, 1592 unsigned int tcount) 1593 { 1594 const char *algo = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm)); 1595 int err = 0, i, j, seedsize; 1596 u8 *seed; 1597 char result[32]; 1598 1599 seedsize = crypto_rng_seedsize(tfm); 1600 1601 seed = kmalloc(seedsize, GFP_KERNEL); 1602 if (!seed) { 1603 printk(KERN_ERR "alg: cprng: Failed to allocate seed space " 1604 "for %s\n", algo); 1605 return -ENOMEM; 1606 } 1607 1608 for (i = 0; i < tcount; i++) { 1609 memset(result, 0, 32); 1610 1611 memcpy(seed, template[i].v, template[i].vlen); 1612 memcpy(seed + template[i].vlen, template[i].key, 1613 template[i].klen); 1614 memcpy(seed + template[i].vlen + template[i].klen, 1615 template[i].dt, template[i].dtlen); 1616 1617 err = crypto_rng_reset(tfm, seed, seedsize); 1618 if (err) { 1619 printk(KERN_ERR "alg: cprng: Failed to reset rng " 1620 "for %s\n", algo); 1621 goto out; 1622 } 1623 1624 for (j = 0; j < template[i].loops; j++) { 1625 err = crypto_rng_get_bytes(tfm, result, 1626 template[i].rlen); 1627 if (err < 0) { 1628 printk(KERN_ERR "alg: cprng: Failed to obtain " 1629 "the correct amount of random data for " 1630 "%s (requested %d)\n", algo, 1631 template[i].rlen); 1632 goto out; 1633 } 1634 } 1635 1636 err = memcmp(result, template[i].result, 1637 template[i].rlen); 1638 if (err) { 1639 printk(KERN_ERR "alg: cprng: Test %d failed for %s\n", 1640 i, algo); 1641 hexdump(result, template[i].rlen); 1642 err = -EINVAL; 1643 goto out; 1644 } 1645 } 1646 1647 out: 1648 kfree(seed); 1649 return err; 1650 } 1651 1652 static int alg_test_aead(const struct alg_test_desc *desc, const char *driver, 1653 u32 type, u32 mask) 1654 { 1655 struct crypto_aead *tfm; 1656 int err = 0; 1657 1658 tfm = crypto_alloc_aead(driver, type, mask); 1659 if (IS_ERR(tfm)) { 1660 printk(KERN_ERR "alg: aead: Failed to load transform for %s: " 1661 "%ld\n", driver, PTR_ERR(tfm)); 1662 return PTR_ERR(tfm); 1663 } 1664 1665 if (desc->suite.aead.enc.vecs) { 1666 err = test_aead(tfm, ENCRYPT, desc->suite.aead.enc.vecs, 1667 desc->suite.aead.enc.count); 1668 if (err) 1669 goto out; 1670 } 1671 1672 if (!err && desc->suite.aead.dec.vecs) 1673 err = test_aead(tfm, DECRYPT, desc->suite.aead.dec.vecs, 1674 desc->suite.aead.dec.count); 1675 1676 out: 1677 crypto_free_aead(tfm); 1678 return err; 1679 } 1680 1681 static int alg_test_cipher(const struct alg_test_desc *desc, 1682 const char *driver, u32 type, u32 mask) 1683 { 1684 struct crypto_cipher *tfm; 1685 int err = 0; 1686 1687 tfm = crypto_alloc_cipher(driver, type, mask); 1688 if (IS_ERR(tfm)) { 1689 printk(KERN_ERR "alg: cipher: Failed to load transform for " 1690 "%s: %ld\n", driver, PTR_ERR(tfm)); 1691 return PTR_ERR(tfm); 1692 } 1693 1694 if (desc->suite.cipher.enc.vecs) { 1695 err = test_cipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs, 1696 desc->suite.cipher.enc.count); 1697 if (err) 1698 goto out; 1699 } 1700 1701 if (desc->suite.cipher.dec.vecs) 1702 err = test_cipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs, 1703 desc->suite.cipher.dec.count); 1704 1705 out: 1706 crypto_free_cipher(tfm); 1707 return err; 1708 } 1709 1710 static int alg_test_skcipher(const struct alg_test_desc *desc, 1711 const char *driver, u32 type, u32 mask) 1712 { 1713 struct crypto_skcipher *tfm; 1714 int err = 0; 1715 1716 tfm = crypto_alloc_skcipher(driver, type, mask); 1717 if (IS_ERR(tfm)) { 1718 printk(KERN_ERR "alg: skcipher: Failed to load transform for " 1719 "%s: %ld\n", driver, PTR_ERR(tfm)); 1720 return PTR_ERR(tfm); 1721 } 1722 1723 if (desc->suite.cipher.enc.vecs) { 1724 err = test_skcipher(tfm, ENCRYPT, desc->suite.cipher.enc.vecs, 1725 desc->suite.cipher.enc.count); 1726 if (err) 1727 goto out; 1728 } 1729 1730 if (desc->suite.cipher.dec.vecs) 1731 err = test_skcipher(tfm, DECRYPT, desc->suite.cipher.dec.vecs, 1732 desc->suite.cipher.dec.count); 1733 1734 out: 1735 crypto_free_skcipher(tfm); 1736 return err; 1737 } 1738 1739 static int alg_test_comp(const struct alg_test_desc *desc, const char *driver, 1740 u32 type, u32 mask) 1741 { 1742 struct crypto_comp *comp; 1743 struct crypto_acomp *acomp; 1744 int err; 1745 u32 algo_type = type & CRYPTO_ALG_TYPE_ACOMPRESS_MASK; 1746 1747 if (algo_type == CRYPTO_ALG_TYPE_ACOMPRESS) { 1748 acomp = crypto_alloc_acomp(driver, type, mask); 1749 if (IS_ERR(acomp)) { 1750 pr_err("alg: acomp: Failed to load transform for %s: %ld\n", 1751 driver, PTR_ERR(acomp)); 1752 return PTR_ERR(acomp); 1753 } 1754 err = test_acomp(acomp, desc->suite.comp.comp.vecs, 1755 desc->suite.comp.decomp.vecs, 1756 desc->suite.comp.comp.count, 1757 desc->suite.comp.decomp.count); 1758 crypto_free_acomp(acomp); 1759 } else { 1760 comp = crypto_alloc_comp(driver, type, mask); 1761 if (IS_ERR(comp)) { 1762 pr_err("alg: comp: Failed to load transform for %s: %ld\n", 1763 driver, PTR_ERR(comp)); 1764 return PTR_ERR(comp); 1765 } 1766 1767 err = test_comp(comp, desc->suite.comp.comp.vecs, 1768 desc->suite.comp.decomp.vecs, 1769 desc->suite.comp.comp.count, 1770 desc->suite.comp.decomp.count); 1771 1772 crypto_free_comp(comp); 1773 } 1774 return err; 1775 } 1776 1777 static int alg_test_hash(const struct alg_test_desc *desc, const char *driver, 1778 u32 type, u32 mask) 1779 { 1780 struct crypto_ahash *tfm; 1781 int err; 1782 1783 tfm = crypto_alloc_ahash(driver, type, mask); 1784 if (IS_ERR(tfm)) { 1785 printk(KERN_ERR "alg: hash: Failed to load transform for %s: " 1786 "%ld\n", driver, PTR_ERR(tfm)); 1787 return PTR_ERR(tfm); 1788 } 1789 1790 err = test_hash(tfm, desc->suite.hash.vecs, 1791 desc->suite.hash.count, true); 1792 if (!err) 1793 err = test_hash(tfm, desc->suite.hash.vecs, 1794 desc->suite.hash.count, false); 1795 1796 crypto_free_ahash(tfm); 1797 return err; 1798 } 1799 1800 static int alg_test_crc32c(const struct alg_test_desc *desc, 1801 const char *driver, u32 type, u32 mask) 1802 { 1803 struct crypto_shash *tfm; 1804 u32 val; 1805 int err; 1806 1807 err = alg_test_hash(desc, driver, type, mask); 1808 if (err) 1809 goto out; 1810 1811 tfm = crypto_alloc_shash(driver, type, mask); 1812 if (IS_ERR(tfm)) { 1813 printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: " 1814 "%ld\n", driver, PTR_ERR(tfm)); 1815 err = PTR_ERR(tfm); 1816 goto out; 1817 } 1818 1819 do { 1820 SHASH_DESC_ON_STACK(shash, tfm); 1821 u32 *ctx = (u32 *)shash_desc_ctx(shash); 1822 1823 shash->tfm = tfm; 1824 shash->flags = 0; 1825 1826 *ctx = le32_to_cpu(420553207); 1827 err = crypto_shash_final(shash, (u8 *)&val); 1828 if (err) { 1829 printk(KERN_ERR "alg: crc32c: Operation failed for " 1830 "%s: %d\n", driver, err); 1831 break; 1832 } 1833 1834 if (val != ~420553207) { 1835 printk(KERN_ERR "alg: crc32c: Test failed for %s: " 1836 "%d\n", driver, val); 1837 err = -EINVAL; 1838 } 1839 } while (0); 1840 1841 crypto_free_shash(tfm); 1842 1843 out: 1844 return err; 1845 } 1846 1847 static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver, 1848 u32 type, u32 mask) 1849 { 1850 struct crypto_rng *rng; 1851 int err; 1852 1853 rng = crypto_alloc_rng(driver, type, mask); 1854 if (IS_ERR(rng)) { 1855 printk(KERN_ERR "alg: cprng: Failed to load transform for %s: " 1856 "%ld\n", driver, PTR_ERR(rng)); 1857 return PTR_ERR(rng); 1858 } 1859 1860 err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count); 1861 1862 crypto_free_rng(rng); 1863 1864 return err; 1865 } 1866 1867 1868 static int drbg_cavs_test(const struct drbg_testvec *test, int pr, 1869 const char *driver, u32 type, u32 mask) 1870 { 1871 int ret = -EAGAIN; 1872 struct crypto_rng *drng; 1873 struct drbg_test_data test_data; 1874 struct drbg_string addtl, pers, testentropy; 1875 unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL); 1876 1877 if (!buf) 1878 return -ENOMEM; 1879 1880 drng = crypto_alloc_rng(driver, type, mask); 1881 if (IS_ERR(drng)) { 1882 printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for " 1883 "%s\n", driver); 1884 kzfree(buf); 1885 return -ENOMEM; 1886 } 1887 1888 test_data.testentropy = &testentropy; 1889 drbg_string_fill(&testentropy, test->entropy, test->entropylen); 1890 drbg_string_fill(&pers, test->pers, test->perslen); 1891 ret = crypto_drbg_reset_test(drng, &pers, &test_data); 1892 if (ret) { 1893 printk(KERN_ERR "alg: drbg: Failed to reset rng\n"); 1894 goto outbuf; 1895 } 1896 1897 drbg_string_fill(&addtl, test->addtla, test->addtllen); 1898 if (pr) { 1899 drbg_string_fill(&testentropy, test->entpra, test->entprlen); 1900 ret = crypto_drbg_get_bytes_addtl_test(drng, 1901 buf, test->expectedlen, &addtl, &test_data); 1902 } else { 1903 ret = crypto_drbg_get_bytes_addtl(drng, 1904 buf, test->expectedlen, &addtl); 1905 } 1906 if (ret < 0) { 1907 printk(KERN_ERR "alg: drbg: could not obtain random data for " 1908 "driver %s\n", driver); 1909 goto outbuf; 1910 } 1911 1912 drbg_string_fill(&addtl, test->addtlb, test->addtllen); 1913 if (pr) { 1914 drbg_string_fill(&testentropy, test->entprb, test->entprlen); 1915 ret = crypto_drbg_get_bytes_addtl_test(drng, 1916 buf, test->expectedlen, &addtl, &test_data); 1917 } else { 1918 ret = crypto_drbg_get_bytes_addtl(drng, 1919 buf, test->expectedlen, &addtl); 1920 } 1921 if (ret < 0) { 1922 printk(KERN_ERR "alg: drbg: could not obtain random data for " 1923 "driver %s\n", driver); 1924 goto outbuf; 1925 } 1926 1927 ret = memcmp(test->expected, buf, test->expectedlen); 1928 1929 outbuf: 1930 crypto_free_rng(drng); 1931 kzfree(buf); 1932 return ret; 1933 } 1934 1935 1936 static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver, 1937 u32 type, u32 mask) 1938 { 1939 int err = 0; 1940 int pr = 0; 1941 int i = 0; 1942 const struct drbg_testvec *template = desc->suite.drbg.vecs; 1943 unsigned int tcount = desc->suite.drbg.count; 1944 1945 if (0 == memcmp(driver, "drbg_pr_", 8)) 1946 pr = 1; 1947 1948 for (i = 0; i < tcount; i++) { 1949 err = drbg_cavs_test(&template[i], pr, driver, type, mask); 1950 if (err) { 1951 printk(KERN_ERR "alg: drbg: Test %d failed for %s\n", 1952 i, driver); 1953 err = -EINVAL; 1954 break; 1955 } 1956 } 1957 return err; 1958 1959 } 1960 1961 static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec, 1962 const char *alg) 1963 { 1964 struct kpp_request *req; 1965 void *input_buf = NULL; 1966 void *output_buf = NULL; 1967 void *a_public = NULL; 1968 void *a_ss = NULL; 1969 void *shared_secret = NULL; 1970 struct crypto_wait wait; 1971 unsigned int out_len_max; 1972 int err = -ENOMEM; 1973 struct scatterlist src, dst; 1974 1975 req = kpp_request_alloc(tfm, GFP_KERNEL); 1976 if (!req) 1977 return err; 1978 1979 crypto_init_wait(&wait); 1980 1981 err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size); 1982 if (err < 0) 1983 goto free_req; 1984 1985 out_len_max = crypto_kpp_maxsize(tfm); 1986 output_buf = kzalloc(out_len_max, GFP_KERNEL); 1987 if (!output_buf) { 1988 err = -ENOMEM; 1989 goto free_req; 1990 } 1991 1992 /* Use appropriate parameter as base */ 1993 kpp_request_set_input(req, NULL, 0); 1994 sg_init_one(&dst, output_buf, out_len_max); 1995 kpp_request_set_output(req, &dst, out_len_max); 1996 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 1997 crypto_req_done, &wait); 1998 1999 /* Compute party A's public key */ 2000 err = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait); 2001 if (err) { 2002 pr_err("alg: %s: Party A: generate public key test failed. err %d\n", 2003 alg, err); 2004 goto free_output; 2005 } 2006 2007 if (vec->genkey) { 2008 /* Save party A's public key */ 2009 a_public = kzalloc(out_len_max, GFP_KERNEL); 2010 if (!a_public) { 2011 err = -ENOMEM; 2012 goto free_output; 2013 } 2014 memcpy(a_public, sg_virt(req->dst), out_len_max); 2015 } else { 2016 /* Verify calculated public key */ 2017 if (memcmp(vec->expected_a_public, sg_virt(req->dst), 2018 vec->expected_a_public_size)) { 2019 pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n", 2020 alg); 2021 err = -EINVAL; 2022 goto free_output; 2023 } 2024 } 2025 2026 /* Calculate shared secret key by using counter part (b) public key. */ 2027 input_buf = kzalloc(vec->b_public_size, GFP_KERNEL); 2028 if (!input_buf) { 2029 err = -ENOMEM; 2030 goto free_output; 2031 } 2032 2033 memcpy(input_buf, vec->b_public, vec->b_public_size); 2034 sg_init_one(&src, input_buf, vec->b_public_size); 2035 sg_init_one(&dst, output_buf, out_len_max); 2036 kpp_request_set_input(req, &src, vec->b_public_size); 2037 kpp_request_set_output(req, &dst, out_len_max); 2038 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 2039 crypto_req_done, &wait); 2040 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait); 2041 if (err) { 2042 pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n", 2043 alg, err); 2044 goto free_all; 2045 } 2046 2047 if (vec->genkey) { 2048 /* Save the shared secret obtained by party A */ 2049 a_ss = kzalloc(vec->expected_ss_size, GFP_KERNEL); 2050 if (!a_ss) { 2051 err = -ENOMEM; 2052 goto free_all; 2053 } 2054 memcpy(a_ss, sg_virt(req->dst), vec->expected_ss_size); 2055 2056 /* 2057 * Calculate party B's shared secret by using party A's 2058 * public key. 2059 */ 2060 err = crypto_kpp_set_secret(tfm, vec->b_secret, 2061 vec->b_secret_size); 2062 if (err < 0) 2063 goto free_all; 2064 2065 sg_init_one(&src, a_public, vec->expected_a_public_size); 2066 sg_init_one(&dst, output_buf, out_len_max); 2067 kpp_request_set_input(req, &src, vec->expected_a_public_size); 2068 kpp_request_set_output(req, &dst, out_len_max); 2069 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 2070 crypto_req_done, &wait); 2071 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), 2072 &wait); 2073 if (err) { 2074 pr_err("alg: %s: Party B: compute shared secret failed. err %d\n", 2075 alg, err); 2076 goto free_all; 2077 } 2078 2079 shared_secret = a_ss; 2080 } else { 2081 shared_secret = (void *)vec->expected_ss; 2082 } 2083 2084 /* 2085 * verify shared secret from which the user will derive 2086 * secret key by executing whatever hash it has chosen 2087 */ 2088 if (memcmp(shared_secret, sg_virt(req->dst), 2089 vec->expected_ss_size)) { 2090 pr_err("alg: %s: compute shared secret test failed. Invalid output\n", 2091 alg); 2092 err = -EINVAL; 2093 } 2094 2095 free_all: 2096 kfree(a_ss); 2097 kfree(input_buf); 2098 free_output: 2099 kfree(a_public); 2100 kfree(output_buf); 2101 free_req: 2102 kpp_request_free(req); 2103 return err; 2104 } 2105 2106 static int test_kpp(struct crypto_kpp *tfm, const char *alg, 2107 const struct kpp_testvec *vecs, unsigned int tcount) 2108 { 2109 int ret, i; 2110 2111 for (i = 0; i < tcount; i++) { 2112 ret = do_test_kpp(tfm, vecs++, alg); 2113 if (ret) { 2114 pr_err("alg: %s: test failed on vector %d, err=%d\n", 2115 alg, i + 1, ret); 2116 return ret; 2117 } 2118 } 2119 return 0; 2120 } 2121 2122 static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver, 2123 u32 type, u32 mask) 2124 { 2125 struct crypto_kpp *tfm; 2126 int err = 0; 2127 2128 tfm = crypto_alloc_kpp(driver, type, mask); 2129 if (IS_ERR(tfm)) { 2130 pr_err("alg: kpp: Failed to load tfm for %s: %ld\n", 2131 driver, PTR_ERR(tfm)); 2132 return PTR_ERR(tfm); 2133 } 2134 if (desc->suite.kpp.vecs) 2135 err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs, 2136 desc->suite.kpp.count); 2137 2138 crypto_free_kpp(tfm); 2139 return err; 2140 } 2141 2142 static int test_akcipher_one(struct crypto_akcipher *tfm, 2143 const struct akcipher_testvec *vecs) 2144 { 2145 char *xbuf[XBUFSIZE]; 2146 struct akcipher_request *req; 2147 void *outbuf_enc = NULL; 2148 void *outbuf_dec = NULL; 2149 struct crypto_wait wait; 2150 unsigned int out_len_max, out_len = 0; 2151 int err = -ENOMEM; 2152 struct scatterlist src, dst, src_tab[2]; 2153 2154 if (testmgr_alloc_buf(xbuf)) 2155 return err; 2156 2157 req = akcipher_request_alloc(tfm, GFP_KERNEL); 2158 if (!req) 2159 goto free_xbuf; 2160 2161 crypto_init_wait(&wait); 2162 2163 if (vecs->public_key_vec) 2164 err = crypto_akcipher_set_pub_key(tfm, vecs->key, 2165 vecs->key_len); 2166 else 2167 err = crypto_akcipher_set_priv_key(tfm, vecs->key, 2168 vecs->key_len); 2169 if (err) 2170 goto free_req; 2171 2172 err = -ENOMEM; 2173 out_len_max = crypto_akcipher_maxsize(tfm); 2174 outbuf_enc = kzalloc(out_len_max, GFP_KERNEL); 2175 if (!outbuf_enc) 2176 goto free_req; 2177 2178 if (WARN_ON(vecs->m_size > PAGE_SIZE)) 2179 goto free_all; 2180 2181 memcpy(xbuf[0], vecs->m, vecs->m_size); 2182 2183 sg_init_table(src_tab, 2); 2184 sg_set_buf(&src_tab[0], xbuf[0], 8); 2185 sg_set_buf(&src_tab[1], xbuf[0] + 8, vecs->m_size - 8); 2186 sg_init_one(&dst, outbuf_enc, out_len_max); 2187 akcipher_request_set_crypt(req, src_tab, &dst, vecs->m_size, 2188 out_len_max); 2189 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 2190 crypto_req_done, &wait); 2191 2192 err = crypto_wait_req(vecs->siggen_sigver_test ? 2193 /* Run asymmetric signature generation */ 2194 crypto_akcipher_sign(req) : 2195 /* Run asymmetric encrypt */ 2196 crypto_akcipher_encrypt(req), &wait); 2197 if (err) { 2198 pr_err("alg: akcipher: encrypt test failed. err %d\n", err); 2199 goto free_all; 2200 } 2201 if (req->dst_len != vecs->c_size) { 2202 pr_err("alg: akcipher: encrypt test failed. Invalid output len\n"); 2203 err = -EINVAL; 2204 goto free_all; 2205 } 2206 /* verify that encrypted message is equal to expected */ 2207 if (memcmp(vecs->c, outbuf_enc, vecs->c_size)) { 2208 pr_err("alg: akcipher: encrypt test failed. Invalid output\n"); 2209 hexdump(outbuf_enc, vecs->c_size); 2210 err = -EINVAL; 2211 goto free_all; 2212 } 2213 /* Don't invoke decrypt for vectors with public key */ 2214 if (vecs->public_key_vec) { 2215 err = 0; 2216 goto free_all; 2217 } 2218 outbuf_dec = kzalloc(out_len_max, GFP_KERNEL); 2219 if (!outbuf_dec) { 2220 err = -ENOMEM; 2221 goto free_all; 2222 } 2223 2224 if (WARN_ON(vecs->c_size > PAGE_SIZE)) 2225 goto free_all; 2226 2227 memcpy(xbuf[0], vecs->c, vecs->c_size); 2228 2229 sg_init_one(&src, xbuf[0], vecs->c_size); 2230 sg_init_one(&dst, outbuf_dec, out_len_max); 2231 crypto_init_wait(&wait); 2232 akcipher_request_set_crypt(req, &src, &dst, vecs->c_size, out_len_max); 2233 2234 err = crypto_wait_req(vecs->siggen_sigver_test ? 2235 /* Run asymmetric signature verification */ 2236 crypto_akcipher_verify(req) : 2237 /* Run asymmetric decrypt */ 2238 crypto_akcipher_decrypt(req), &wait); 2239 if (err) { 2240 pr_err("alg: akcipher: decrypt test failed. err %d\n", err); 2241 goto free_all; 2242 } 2243 out_len = req->dst_len; 2244 if (out_len < vecs->m_size) { 2245 pr_err("alg: akcipher: decrypt test failed. " 2246 "Invalid output len %u\n", out_len); 2247 err = -EINVAL; 2248 goto free_all; 2249 } 2250 /* verify that decrypted message is equal to the original msg */ 2251 if (memchr_inv(outbuf_dec, 0, out_len - vecs->m_size) || 2252 memcmp(vecs->m, outbuf_dec + out_len - vecs->m_size, 2253 vecs->m_size)) { 2254 pr_err("alg: akcipher: decrypt test failed. Invalid output\n"); 2255 hexdump(outbuf_dec, out_len); 2256 err = -EINVAL; 2257 } 2258 free_all: 2259 kfree(outbuf_dec); 2260 kfree(outbuf_enc); 2261 free_req: 2262 akcipher_request_free(req); 2263 free_xbuf: 2264 testmgr_free_buf(xbuf); 2265 return err; 2266 } 2267 2268 static int test_akcipher(struct crypto_akcipher *tfm, const char *alg, 2269 const struct akcipher_testvec *vecs, 2270 unsigned int tcount) 2271 { 2272 const char *algo = 2273 crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm)); 2274 int ret, i; 2275 2276 for (i = 0; i < tcount; i++) { 2277 ret = test_akcipher_one(tfm, vecs++); 2278 if (!ret) 2279 continue; 2280 2281 pr_err("alg: akcipher: test %d failed for %s, err=%d\n", 2282 i + 1, algo, ret); 2283 return ret; 2284 } 2285 return 0; 2286 } 2287 2288 static int alg_test_akcipher(const struct alg_test_desc *desc, 2289 const char *driver, u32 type, u32 mask) 2290 { 2291 struct crypto_akcipher *tfm; 2292 int err = 0; 2293 2294 tfm = crypto_alloc_akcipher(driver, type, mask); 2295 if (IS_ERR(tfm)) { 2296 pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n", 2297 driver, PTR_ERR(tfm)); 2298 return PTR_ERR(tfm); 2299 } 2300 if (desc->suite.akcipher.vecs) 2301 err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs, 2302 desc->suite.akcipher.count); 2303 2304 crypto_free_akcipher(tfm); 2305 return err; 2306 } 2307 2308 static int alg_test_null(const struct alg_test_desc *desc, 2309 const char *driver, u32 type, u32 mask) 2310 { 2311 return 0; 2312 } 2313 2314 #define __VECS(tv) { .vecs = tv, .count = ARRAY_SIZE(tv) } 2315 2316 /* Please keep this list sorted by algorithm name. */ 2317 static const struct alg_test_desc alg_test_descs[] = { 2318 { 2319 .alg = "ansi_cprng", 2320 .test = alg_test_cprng, 2321 .suite = { 2322 .cprng = __VECS(ansi_cprng_aes_tv_template) 2323 } 2324 }, { 2325 .alg = "authenc(hmac(md5),ecb(cipher_null))", 2326 .test = alg_test_aead, 2327 .suite = { 2328 .aead = { 2329 .enc = __VECS(hmac_md5_ecb_cipher_null_enc_tv_template), 2330 .dec = __VECS(hmac_md5_ecb_cipher_null_dec_tv_template) 2331 } 2332 } 2333 }, { 2334 .alg = "authenc(hmac(sha1),cbc(aes))", 2335 .test = alg_test_aead, 2336 .fips_allowed = 1, 2337 .suite = { 2338 .aead = { 2339 .enc = __VECS(hmac_sha1_aes_cbc_enc_tv_temp) 2340 } 2341 } 2342 }, { 2343 .alg = "authenc(hmac(sha1),cbc(des))", 2344 .test = alg_test_aead, 2345 .suite = { 2346 .aead = { 2347 .enc = __VECS(hmac_sha1_des_cbc_enc_tv_temp) 2348 } 2349 } 2350 }, { 2351 .alg = "authenc(hmac(sha1),cbc(des3_ede))", 2352 .test = alg_test_aead, 2353 .fips_allowed = 1, 2354 .suite = { 2355 .aead = { 2356 .enc = __VECS(hmac_sha1_des3_ede_cbc_enc_tv_temp) 2357 } 2358 } 2359 }, { 2360 .alg = "authenc(hmac(sha1),ctr(aes))", 2361 .test = alg_test_null, 2362 .fips_allowed = 1, 2363 }, { 2364 .alg = "authenc(hmac(sha1),ecb(cipher_null))", 2365 .test = alg_test_aead, 2366 .suite = { 2367 .aead = { 2368 .enc = __VECS(hmac_sha1_ecb_cipher_null_enc_tv_temp), 2369 .dec = __VECS(hmac_sha1_ecb_cipher_null_dec_tv_temp) 2370 } 2371 } 2372 }, { 2373 .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))", 2374 .test = alg_test_null, 2375 .fips_allowed = 1, 2376 }, { 2377 .alg = "authenc(hmac(sha224),cbc(des))", 2378 .test = alg_test_aead, 2379 .suite = { 2380 .aead = { 2381 .enc = __VECS(hmac_sha224_des_cbc_enc_tv_temp) 2382 } 2383 } 2384 }, { 2385 .alg = "authenc(hmac(sha224),cbc(des3_ede))", 2386 .test = alg_test_aead, 2387 .fips_allowed = 1, 2388 .suite = { 2389 .aead = { 2390 .enc = __VECS(hmac_sha224_des3_ede_cbc_enc_tv_temp) 2391 } 2392 } 2393 }, { 2394 .alg = "authenc(hmac(sha256),cbc(aes))", 2395 .test = alg_test_aead, 2396 .fips_allowed = 1, 2397 .suite = { 2398 .aead = { 2399 .enc = __VECS(hmac_sha256_aes_cbc_enc_tv_temp) 2400 } 2401 } 2402 }, { 2403 .alg = "authenc(hmac(sha256),cbc(des))", 2404 .test = alg_test_aead, 2405 .suite = { 2406 .aead = { 2407 .enc = __VECS(hmac_sha256_des_cbc_enc_tv_temp) 2408 } 2409 } 2410 }, { 2411 .alg = "authenc(hmac(sha256),cbc(des3_ede))", 2412 .test = alg_test_aead, 2413 .fips_allowed = 1, 2414 .suite = { 2415 .aead = { 2416 .enc = __VECS(hmac_sha256_des3_ede_cbc_enc_tv_temp) 2417 } 2418 } 2419 }, { 2420 .alg = "authenc(hmac(sha256),ctr(aes))", 2421 .test = alg_test_null, 2422 .fips_allowed = 1, 2423 }, { 2424 .alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))", 2425 .test = alg_test_null, 2426 .fips_allowed = 1, 2427 }, { 2428 .alg = "authenc(hmac(sha384),cbc(des))", 2429 .test = alg_test_aead, 2430 .suite = { 2431 .aead = { 2432 .enc = __VECS(hmac_sha384_des_cbc_enc_tv_temp) 2433 } 2434 } 2435 }, { 2436 .alg = "authenc(hmac(sha384),cbc(des3_ede))", 2437 .test = alg_test_aead, 2438 .fips_allowed = 1, 2439 .suite = { 2440 .aead = { 2441 .enc = __VECS(hmac_sha384_des3_ede_cbc_enc_tv_temp) 2442 } 2443 } 2444 }, { 2445 .alg = "authenc(hmac(sha384),ctr(aes))", 2446 .test = alg_test_null, 2447 .fips_allowed = 1, 2448 }, { 2449 .alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))", 2450 .test = alg_test_null, 2451 .fips_allowed = 1, 2452 }, { 2453 .alg = "authenc(hmac(sha512),cbc(aes))", 2454 .fips_allowed = 1, 2455 .test = alg_test_aead, 2456 .suite = { 2457 .aead = { 2458 .enc = __VECS(hmac_sha512_aes_cbc_enc_tv_temp) 2459 } 2460 } 2461 }, { 2462 .alg = "authenc(hmac(sha512),cbc(des))", 2463 .test = alg_test_aead, 2464 .suite = { 2465 .aead = { 2466 .enc = __VECS(hmac_sha512_des_cbc_enc_tv_temp) 2467 } 2468 } 2469 }, { 2470 .alg = "authenc(hmac(sha512),cbc(des3_ede))", 2471 .test = alg_test_aead, 2472 .fips_allowed = 1, 2473 .suite = { 2474 .aead = { 2475 .enc = __VECS(hmac_sha512_des3_ede_cbc_enc_tv_temp) 2476 } 2477 } 2478 }, { 2479 .alg = "authenc(hmac(sha512),ctr(aes))", 2480 .test = alg_test_null, 2481 .fips_allowed = 1, 2482 }, { 2483 .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))", 2484 .test = alg_test_null, 2485 .fips_allowed = 1, 2486 }, { 2487 .alg = "cbc(aes)", 2488 .test = alg_test_skcipher, 2489 .fips_allowed = 1, 2490 .suite = { 2491 .cipher = { 2492 .enc = __VECS(aes_cbc_enc_tv_template), 2493 .dec = __VECS(aes_cbc_dec_tv_template) 2494 } 2495 } 2496 }, { 2497 .alg = "cbc(anubis)", 2498 .test = alg_test_skcipher, 2499 .suite = { 2500 .cipher = { 2501 .enc = __VECS(anubis_cbc_enc_tv_template), 2502 .dec = __VECS(anubis_cbc_dec_tv_template) 2503 } 2504 } 2505 }, { 2506 .alg = "cbc(blowfish)", 2507 .test = alg_test_skcipher, 2508 .suite = { 2509 .cipher = { 2510 .enc = __VECS(bf_cbc_enc_tv_template), 2511 .dec = __VECS(bf_cbc_dec_tv_template) 2512 } 2513 } 2514 }, { 2515 .alg = "cbc(camellia)", 2516 .test = alg_test_skcipher, 2517 .suite = { 2518 .cipher = { 2519 .enc = __VECS(camellia_cbc_enc_tv_template), 2520 .dec = __VECS(camellia_cbc_dec_tv_template) 2521 } 2522 } 2523 }, { 2524 .alg = "cbc(cast5)", 2525 .test = alg_test_skcipher, 2526 .suite = { 2527 .cipher = { 2528 .enc = __VECS(cast5_cbc_enc_tv_template), 2529 .dec = __VECS(cast5_cbc_dec_tv_template) 2530 } 2531 } 2532 }, { 2533 .alg = "cbc(cast6)", 2534 .test = alg_test_skcipher, 2535 .suite = { 2536 .cipher = { 2537 .enc = __VECS(cast6_cbc_enc_tv_template), 2538 .dec = __VECS(cast6_cbc_dec_tv_template) 2539 } 2540 } 2541 }, { 2542 .alg = "cbc(des)", 2543 .test = alg_test_skcipher, 2544 .suite = { 2545 .cipher = { 2546 .enc = __VECS(des_cbc_enc_tv_template), 2547 .dec = __VECS(des_cbc_dec_tv_template) 2548 } 2549 } 2550 }, { 2551 .alg = "cbc(des3_ede)", 2552 .test = alg_test_skcipher, 2553 .fips_allowed = 1, 2554 .suite = { 2555 .cipher = { 2556 .enc = __VECS(des3_ede_cbc_enc_tv_template), 2557 .dec = __VECS(des3_ede_cbc_dec_tv_template) 2558 } 2559 } 2560 }, { 2561 .alg = "cbc(serpent)", 2562 .test = alg_test_skcipher, 2563 .suite = { 2564 .cipher = { 2565 .enc = __VECS(serpent_cbc_enc_tv_template), 2566 .dec = __VECS(serpent_cbc_dec_tv_template) 2567 } 2568 } 2569 }, { 2570 .alg = "cbc(twofish)", 2571 .test = alg_test_skcipher, 2572 .suite = { 2573 .cipher = { 2574 .enc = __VECS(tf_cbc_enc_tv_template), 2575 .dec = __VECS(tf_cbc_dec_tv_template) 2576 } 2577 } 2578 }, { 2579 .alg = "cbcmac(aes)", 2580 .fips_allowed = 1, 2581 .test = alg_test_hash, 2582 .suite = { 2583 .hash = __VECS(aes_cbcmac_tv_template) 2584 } 2585 }, { 2586 .alg = "ccm(aes)", 2587 .test = alg_test_aead, 2588 .fips_allowed = 1, 2589 .suite = { 2590 .aead = { 2591 .enc = __VECS(aes_ccm_enc_tv_template), 2592 .dec = __VECS(aes_ccm_dec_tv_template) 2593 } 2594 } 2595 }, { 2596 .alg = "chacha20", 2597 .test = alg_test_skcipher, 2598 .suite = { 2599 .cipher = { 2600 .enc = __VECS(chacha20_enc_tv_template), 2601 .dec = __VECS(chacha20_enc_tv_template), 2602 } 2603 } 2604 }, { 2605 .alg = "cmac(aes)", 2606 .fips_allowed = 1, 2607 .test = alg_test_hash, 2608 .suite = { 2609 .hash = __VECS(aes_cmac128_tv_template) 2610 } 2611 }, { 2612 .alg = "cmac(des3_ede)", 2613 .fips_allowed = 1, 2614 .test = alg_test_hash, 2615 .suite = { 2616 .hash = __VECS(des3_ede_cmac64_tv_template) 2617 } 2618 }, { 2619 .alg = "compress_null", 2620 .test = alg_test_null, 2621 }, { 2622 .alg = "crc32", 2623 .test = alg_test_hash, 2624 .suite = { 2625 .hash = __VECS(crc32_tv_template) 2626 } 2627 }, { 2628 .alg = "crc32c", 2629 .test = alg_test_crc32c, 2630 .fips_allowed = 1, 2631 .suite = { 2632 .hash = __VECS(crc32c_tv_template) 2633 } 2634 }, { 2635 .alg = "crct10dif", 2636 .test = alg_test_hash, 2637 .fips_allowed = 1, 2638 .suite = { 2639 .hash = __VECS(crct10dif_tv_template) 2640 } 2641 }, { 2642 .alg = "ctr(aes)", 2643 .test = alg_test_skcipher, 2644 .fips_allowed = 1, 2645 .suite = { 2646 .cipher = { 2647 .enc = __VECS(aes_ctr_enc_tv_template), 2648 .dec = __VECS(aes_ctr_dec_tv_template) 2649 } 2650 } 2651 }, { 2652 .alg = "ctr(blowfish)", 2653 .test = alg_test_skcipher, 2654 .suite = { 2655 .cipher = { 2656 .enc = __VECS(bf_ctr_enc_tv_template), 2657 .dec = __VECS(bf_ctr_dec_tv_template) 2658 } 2659 } 2660 }, { 2661 .alg = "ctr(camellia)", 2662 .test = alg_test_skcipher, 2663 .suite = { 2664 .cipher = { 2665 .enc = __VECS(camellia_ctr_enc_tv_template), 2666 .dec = __VECS(camellia_ctr_dec_tv_template) 2667 } 2668 } 2669 }, { 2670 .alg = "ctr(cast5)", 2671 .test = alg_test_skcipher, 2672 .suite = { 2673 .cipher = { 2674 .enc = __VECS(cast5_ctr_enc_tv_template), 2675 .dec = __VECS(cast5_ctr_dec_tv_template) 2676 } 2677 } 2678 }, { 2679 .alg = "ctr(cast6)", 2680 .test = alg_test_skcipher, 2681 .suite = { 2682 .cipher = { 2683 .enc = __VECS(cast6_ctr_enc_tv_template), 2684 .dec = __VECS(cast6_ctr_dec_tv_template) 2685 } 2686 } 2687 }, { 2688 .alg = "ctr(des)", 2689 .test = alg_test_skcipher, 2690 .suite = { 2691 .cipher = { 2692 .enc = __VECS(des_ctr_enc_tv_template), 2693 .dec = __VECS(des_ctr_dec_tv_template) 2694 } 2695 } 2696 }, { 2697 .alg = "ctr(des3_ede)", 2698 .test = alg_test_skcipher, 2699 .fips_allowed = 1, 2700 .suite = { 2701 .cipher = { 2702 .enc = __VECS(des3_ede_ctr_enc_tv_template), 2703 .dec = __VECS(des3_ede_ctr_dec_tv_template) 2704 } 2705 } 2706 }, { 2707 .alg = "ctr(serpent)", 2708 .test = alg_test_skcipher, 2709 .suite = { 2710 .cipher = { 2711 .enc = __VECS(serpent_ctr_enc_tv_template), 2712 .dec = __VECS(serpent_ctr_dec_tv_template) 2713 } 2714 } 2715 }, { 2716 .alg = "ctr(twofish)", 2717 .test = alg_test_skcipher, 2718 .suite = { 2719 .cipher = { 2720 .enc = __VECS(tf_ctr_enc_tv_template), 2721 .dec = __VECS(tf_ctr_dec_tv_template) 2722 } 2723 } 2724 }, { 2725 .alg = "cts(cbc(aes))", 2726 .test = alg_test_skcipher, 2727 .suite = { 2728 .cipher = { 2729 .enc = __VECS(cts_mode_enc_tv_template), 2730 .dec = __VECS(cts_mode_dec_tv_template) 2731 } 2732 } 2733 }, { 2734 .alg = "deflate", 2735 .test = alg_test_comp, 2736 .fips_allowed = 1, 2737 .suite = { 2738 .comp = { 2739 .comp = __VECS(deflate_comp_tv_template), 2740 .decomp = __VECS(deflate_decomp_tv_template) 2741 } 2742 } 2743 }, { 2744 .alg = "dh", 2745 .test = alg_test_kpp, 2746 .fips_allowed = 1, 2747 .suite = { 2748 .kpp = __VECS(dh_tv_template) 2749 } 2750 }, { 2751 .alg = "digest_null", 2752 .test = alg_test_null, 2753 }, { 2754 .alg = "drbg_nopr_ctr_aes128", 2755 .test = alg_test_drbg, 2756 .fips_allowed = 1, 2757 .suite = { 2758 .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template) 2759 } 2760 }, { 2761 .alg = "drbg_nopr_ctr_aes192", 2762 .test = alg_test_drbg, 2763 .fips_allowed = 1, 2764 .suite = { 2765 .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template) 2766 } 2767 }, { 2768 .alg = "drbg_nopr_ctr_aes256", 2769 .test = alg_test_drbg, 2770 .fips_allowed = 1, 2771 .suite = { 2772 .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template) 2773 } 2774 }, { 2775 /* 2776 * There is no need to specifically test the DRBG with every 2777 * backend cipher -- covered by drbg_nopr_hmac_sha256 test 2778 */ 2779 .alg = "drbg_nopr_hmac_sha1", 2780 .fips_allowed = 1, 2781 .test = alg_test_null, 2782 }, { 2783 .alg = "drbg_nopr_hmac_sha256", 2784 .test = alg_test_drbg, 2785 .fips_allowed = 1, 2786 .suite = { 2787 .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template) 2788 } 2789 }, { 2790 /* covered by drbg_nopr_hmac_sha256 test */ 2791 .alg = "drbg_nopr_hmac_sha384", 2792 .fips_allowed = 1, 2793 .test = alg_test_null, 2794 }, { 2795 .alg = "drbg_nopr_hmac_sha512", 2796 .test = alg_test_null, 2797 .fips_allowed = 1, 2798 }, { 2799 .alg = "drbg_nopr_sha1", 2800 .fips_allowed = 1, 2801 .test = alg_test_null, 2802 }, { 2803 .alg = "drbg_nopr_sha256", 2804 .test = alg_test_drbg, 2805 .fips_allowed = 1, 2806 .suite = { 2807 .drbg = __VECS(drbg_nopr_sha256_tv_template) 2808 } 2809 }, { 2810 /* covered by drbg_nopr_sha256 test */ 2811 .alg = "drbg_nopr_sha384", 2812 .fips_allowed = 1, 2813 .test = alg_test_null, 2814 }, { 2815 .alg = "drbg_nopr_sha512", 2816 .fips_allowed = 1, 2817 .test = alg_test_null, 2818 }, { 2819 .alg = "drbg_pr_ctr_aes128", 2820 .test = alg_test_drbg, 2821 .fips_allowed = 1, 2822 .suite = { 2823 .drbg = __VECS(drbg_pr_ctr_aes128_tv_template) 2824 } 2825 }, { 2826 /* covered by drbg_pr_ctr_aes128 test */ 2827 .alg = "drbg_pr_ctr_aes192", 2828 .fips_allowed = 1, 2829 .test = alg_test_null, 2830 }, { 2831 .alg = "drbg_pr_ctr_aes256", 2832 .fips_allowed = 1, 2833 .test = alg_test_null, 2834 }, { 2835 .alg = "drbg_pr_hmac_sha1", 2836 .fips_allowed = 1, 2837 .test = alg_test_null, 2838 }, { 2839 .alg = "drbg_pr_hmac_sha256", 2840 .test = alg_test_drbg, 2841 .fips_allowed = 1, 2842 .suite = { 2843 .drbg = __VECS(drbg_pr_hmac_sha256_tv_template) 2844 } 2845 }, { 2846 /* covered by drbg_pr_hmac_sha256 test */ 2847 .alg = "drbg_pr_hmac_sha384", 2848 .fips_allowed = 1, 2849 .test = alg_test_null, 2850 }, { 2851 .alg = "drbg_pr_hmac_sha512", 2852 .test = alg_test_null, 2853 .fips_allowed = 1, 2854 }, { 2855 .alg = "drbg_pr_sha1", 2856 .fips_allowed = 1, 2857 .test = alg_test_null, 2858 }, { 2859 .alg = "drbg_pr_sha256", 2860 .test = alg_test_drbg, 2861 .fips_allowed = 1, 2862 .suite = { 2863 .drbg = __VECS(drbg_pr_sha256_tv_template) 2864 } 2865 }, { 2866 /* covered by drbg_pr_sha256 test */ 2867 .alg = "drbg_pr_sha384", 2868 .fips_allowed = 1, 2869 .test = alg_test_null, 2870 }, { 2871 .alg = "drbg_pr_sha512", 2872 .fips_allowed = 1, 2873 .test = alg_test_null, 2874 }, { 2875 .alg = "ecb(aes)", 2876 .test = alg_test_skcipher, 2877 .fips_allowed = 1, 2878 .suite = { 2879 .cipher = { 2880 .enc = __VECS(aes_enc_tv_template), 2881 .dec = __VECS(aes_dec_tv_template) 2882 } 2883 } 2884 }, { 2885 .alg = "ecb(anubis)", 2886 .test = alg_test_skcipher, 2887 .suite = { 2888 .cipher = { 2889 .enc = __VECS(anubis_enc_tv_template), 2890 .dec = __VECS(anubis_dec_tv_template) 2891 } 2892 } 2893 }, { 2894 .alg = "ecb(arc4)", 2895 .test = alg_test_skcipher, 2896 .suite = { 2897 .cipher = { 2898 .enc = __VECS(arc4_enc_tv_template), 2899 .dec = __VECS(arc4_dec_tv_template) 2900 } 2901 } 2902 }, { 2903 .alg = "ecb(blowfish)", 2904 .test = alg_test_skcipher, 2905 .suite = { 2906 .cipher = { 2907 .enc = __VECS(bf_enc_tv_template), 2908 .dec = __VECS(bf_dec_tv_template) 2909 } 2910 } 2911 }, { 2912 .alg = "ecb(camellia)", 2913 .test = alg_test_skcipher, 2914 .suite = { 2915 .cipher = { 2916 .enc = __VECS(camellia_enc_tv_template), 2917 .dec = __VECS(camellia_dec_tv_template) 2918 } 2919 } 2920 }, { 2921 .alg = "ecb(cast5)", 2922 .test = alg_test_skcipher, 2923 .suite = { 2924 .cipher = { 2925 .enc = __VECS(cast5_enc_tv_template), 2926 .dec = __VECS(cast5_dec_tv_template) 2927 } 2928 } 2929 }, { 2930 .alg = "ecb(cast6)", 2931 .test = alg_test_skcipher, 2932 .suite = { 2933 .cipher = { 2934 .enc = __VECS(cast6_enc_tv_template), 2935 .dec = __VECS(cast6_dec_tv_template) 2936 } 2937 } 2938 }, { 2939 .alg = "ecb(cipher_null)", 2940 .test = alg_test_null, 2941 .fips_allowed = 1, 2942 }, { 2943 .alg = "ecb(des)", 2944 .test = alg_test_skcipher, 2945 .suite = { 2946 .cipher = { 2947 .enc = __VECS(des_enc_tv_template), 2948 .dec = __VECS(des_dec_tv_template) 2949 } 2950 } 2951 }, { 2952 .alg = "ecb(des3_ede)", 2953 .test = alg_test_skcipher, 2954 .fips_allowed = 1, 2955 .suite = { 2956 .cipher = { 2957 .enc = __VECS(des3_ede_enc_tv_template), 2958 .dec = __VECS(des3_ede_dec_tv_template) 2959 } 2960 } 2961 }, { 2962 .alg = "ecb(fcrypt)", 2963 .test = alg_test_skcipher, 2964 .suite = { 2965 .cipher = { 2966 .enc = { 2967 .vecs = fcrypt_pcbc_enc_tv_template, 2968 .count = 1 2969 }, 2970 .dec = { 2971 .vecs = fcrypt_pcbc_dec_tv_template, 2972 .count = 1 2973 } 2974 } 2975 } 2976 }, { 2977 .alg = "ecb(khazad)", 2978 .test = alg_test_skcipher, 2979 .suite = { 2980 .cipher = { 2981 .enc = __VECS(khazad_enc_tv_template), 2982 .dec = __VECS(khazad_dec_tv_template) 2983 } 2984 } 2985 }, { 2986 .alg = "ecb(seed)", 2987 .test = alg_test_skcipher, 2988 .suite = { 2989 .cipher = { 2990 .enc = __VECS(seed_enc_tv_template), 2991 .dec = __VECS(seed_dec_tv_template) 2992 } 2993 } 2994 }, { 2995 .alg = "ecb(serpent)", 2996 .test = alg_test_skcipher, 2997 .suite = { 2998 .cipher = { 2999 .enc = __VECS(serpent_enc_tv_template), 3000 .dec = __VECS(serpent_dec_tv_template) 3001 } 3002 } 3003 }, { 3004 .alg = "ecb(tea)", 3005 .test = alg_test_skcipher, 3006 .suite = { 3007 .cipher = { 3008 .enc = __VECS(tea_enc_tv_template), 3009 .dec = __VECS(tea_dec_tv_template) 3010 } 3011 } 3012 }, { 3013 .alg = "ecb(tnepres)", 3014 .test = alg_test_skcipher, 3015 .suite = { 3016 .cipher = { 3017 .enc = __VECS(tnepres_enc_tv_template), 3018 .dec = __VECS(tnepres_dec_tv_template) 3019 } 3020 } 3021 }, { 3022 .alg = "ecb(twofish)", 3023 .test = alg_test_skcipher, 3024 .suite = { 3025 .cipher = { 3026 .enc = __VECS(tf_enc_tv_template), 3027 .dec = __VECS(tf_dec_tv_template) 3028 } 3029 } 3030 }, { 3031 .alg = "ecb(xeta)", 3032 .test = alg_test_skcipher, 3033 .suite = { 3034 .cipher = { 3035 .enc = __VECS(xeta_enc_tv_template), 3036 .dec = __VECS(xeta_dec_tv_template) 3037 } 3038 } 3039 }, { 3040 .alg = "ecb(xtea)", 3041 .test = alg_test_skcipher, 3042 .suite = { 3043 .cipher = { 3044 .enc = __VECS(xtea_enc_tv_template), 3045 .dec = __VECS(xtea_dec_tv_template) 3046 } 3047 } 3048 }, { 3049 .alg = "ecdh", 3050 .test = alg_test_kpp, 3051 .fips_allowed = 1, 3052 .suite = { 3053 .kpp = __VECS(ecdh_tv_template) 3054 } 3055 }, { 3056 .alg = "gcm(aes)", 3057 .test = alg_test_aead, 3058 .fips_allowed = 1, 3059 .suite = { 3060 .aead = { 3061 .enc = __VECS(aes_gcm_enc_tv_template), 3062 .dec = __VECS(aes_gcm_dec_tv_template) 3063 } 3064 } 3065 }, { 3066 .alg = "ghash", 3067 .test = alg_test_hash, 3068 .fips_allowed = 1, 3069 .suite = { 3070 .hash = __VECS(ghash_tv_template) 3071 } 3072 }, { 3073 .alg = "hmac(crc32)", 3074 .test = alg_test_hash, 3075 .suite = { 3076 .hash = __VECS(bfin_crc_tv_template) 3077 } 3078 }, { 3079 .alg = "hmac(md5)", 3080 .test = alg_test_hash, 3081 .suite = { 3082 .hash = __VECS(hmac_md5_tv_template) 3083 } 3084 }, { 3085 .alg = "hmac(rmd128)", 3086 .test = alg_test_hash, 3087 .suite = { 3088 .hash = __VECS(hmac_rmd128_tv_template) 3089 } 3090 }, { 3091 .alg = "hmac(rmd160)", 3092 .test = alg_test_hash, 3093 .suite = { 3094 .hash = __VECS(hmac_rmd160_tv_template) 3095 } 3096 }, { 3097 .alg = "hmac(sha1)", 3098 .test = alg_test_hash, 3099 .fips_allowed = 1, 3100 .suite = { 3101 .hash = __VECS(hmac_sha1_tv_template) 3102 } 3103 }, { 3104 .alg = "hmac(sha224)", 3105 .test = alg_test_hash, 3106 .fips_allowed = 1, 3107 .suite = { 3108 .hash = __VECS(hmac_sha224_tv_template) 3109 } 3110 }, { 3111 .alg = "hmac(sha256)", 3112 .test = alg_test_hash, 3113 .fips_allowed = 1, 3114 .suite = { 3115 .hash = __VECS(hmac_sha256_tv_template) 3116 } 3117 }, { 3118 .alg = "hmac(sha3-224)", 3119 .test = alg_test_hash, 3120 .fips_allowed = 1, 3121 .suite = { 3122 .hash = __VECS(hmac_sha3_224_tv_template) 3123 } 3124 }, { 3125 .alg = "hmac(sha3-256)", 3126 .test = alg_test_hash, 3127 .fips_allowed = 1, 3128 .suite = { 3129 .hash = __VECS(hmac_sha3_256_tv_template) 3130 } 3131 }, { 3132 .alg = "hmac(sha3-384)", 3133 .test = alg_test_hash, 3134 .fips_allowed = 1, 3135 .suite = { 3136 .hash = __VECS(hmac_sha3_384_tv_template) 3137 } 3138 }, { 3139 .alg = "hmac(sha3-512)", 3140 .test = alg_test_hash, 3141 .fips_allowed = 1, 3142 .suite = { 3143 .hash = __VECS(hmac_sha3_512_tv_template) 3144 } 3145 }, { 3146 .alg = "hmac(sha384)", 3147 .test = alg_test_hash, 3148 .fips_allowed = 1, 3149 .suite = { 3150 .hash = __VECS(hmac_sha384_tv_template) 3151 } 3152 }, { 3153 .alg = "hmac(sha512)", 3154 .test = alg_test_hash, 3155 .fips_allowed = 1, 3156 .suite = { 3157 .hash = __VECS(hmac_sha512_tv_template) 3158 } 3159 }, { 3160 .alg = "jitterentropy_rng", 3161 .fips_allowed = 1, 3162 .test = alg_test_null, 3163 }, { 3164 .alg = "kw(aes)", 3165 .test = alg_test_skcipher, 3166 .fips_allowed = 1, 3167 .suite = { 3168 .cipher = { 3169 .enc = __VECS(aes_kw_enc_tv_template), 3170 .dec = __VECS(aes_kw_dec_tv_template) 3171 } 3172 } 3173 }, { 3174 .alg = "lrw(aes)", 3175 .test = alg_test_skcipher, 3176 .suite = { 3177 .cipher = { 3178 .enc = __VECS(aes_lrw_enc_tv_template), 3179 .dec = __VECS(aes_lrw_dec_tv_template) 3180 } 3181 } 3182 }, { 3183 .alg = "lrw(camellia)", 3184 .test = alg_test_skcipher, 3185 .suite = { 3186 .cipher = { 3187 .enc = __VECS(camellia_lrw_enc_tv_template), 3188 .dec = __VECS(camellia_lrw_dec_tv_template) 3189 } 3190 } 3191 }, { 3192 .alg = "lrw(cast6)", 3193 .test = alg_test_skcipher, 3194 .suite = { 3195 .cipher = { 3196 .enc = __VECS(cast6_lrw_enc_tv_template), 3197 .dec = __VECS(cast6_lrw_dec_tv_template) 3198 } 3199 } 3200 }, { 3201 .alg = "lrw(serpent)", 3202 .test = alg_test_skcipher, 3203 .suite = { 3204 .cipher = { 3205 .enc = __VECS(serpent_lrw_enc_tv_template), 3206 .dec = __VECS(serpent_lrw_dec_tv_template) 3207 } 3208 } 3209 }, { 3210 .alg = "lrw(twofish)", 3211 .test = alg_test_skcipher, 3212 .suite = { 3213 .cipher = { 3214 .enc = __VECS(tf_lrw_enc_tv_template), 3215 .dec = __VECS(tf_lrw_dec_tv_template) 3216 } 3217 } 3218 }, { 3219 .alg = "lz4", 3220 .test = alg_test_comp, 3221 .fips_allowed = 1, 3222 .suite = { 3223 .comp = { 3224 .comp = __VECS(lz4_comp_tv_template), 3225 .decomp = __VECS(lz4_decomp_tv_template) 3226 } 3227 } 3228 }, { 3229 .alg = "lz4hc", 3230 .test = alg_test_comp, 3231 .fips_allowed = 1, 3232 .suite = { 3233 .comp = { 3234 .comp = __VECS(lz4hc_comp_tv_template), 3235 .decomp = __VECS(lz4hc_decomp_tv_template) 3236 } 3237 } 3238 }, { 3239 .alg = "lzo", 3240 .test = alg_test_comp, 3241 .fips_allowed = 1, 3242 .suite = { 3243 .comp = { 3244 .comp = __VECS(lzo_comp_tv_template), 3245 .decomp = __VECS(lzo_decomp_tv_template) 3246 } 3247 } 3248 }, { 3249 .alg = "md4", 3250 .test = alg_test_hash, 3251 .suite = { 3252 .hash = __VECS(md4_tv_template) 3253 } 3254 }, { 3255 .alg = "md5", 3256 .test = alg_test_hash, 3257 .suite = { 3258 .hash = __VECS(md5_tv_template) 3259 } 3260 }, { 3261 .alg = "michael_mic", 3262 .test = alg_test_hash, 3263 .suite = { 3264 .hash = __VECS(michael_mic_tv_template) 3265 } 3266 }, { 3267 .alg = "ofb(aes)", 3268 .test = alg_test_skcipher, 3269 .fips_allowed = 1, 3270 .suite = { 3271 .cipher = { 3272 .enc = __VECS(aes_ofb_enc_tv_template), 3273 .dec = __VECS(aes_ofb_dec_tv_template) 3274 } 3275 } 3276 }, { 3277 .alg = "pcbc(fcrypt)", 3278 .test = alg_test_skcipher, 3279 .suite = { 3280 .cipher = { 3281 .enc = __VECS(fcrypt_pcbc_enc_tv_template), 3282 .dec = __VECS(fcrypt_pcbc_dec_tv_template) 3283 } 3284 } 3285 }, { 3286 .alg = "pkcs1pad(rsa,sha224)", 3287 .test = alg_test_null, 3288 .fips_allowed = 1, 3289 }, { 3290 .alg = "pkcs1pad(rsa,sha256)", 3291 .test = alg_test_akcipher, 3292 .fips_allowed = 1, 3293 .suite = { 3294 .akcipher = __VECS(pkcs1pad_rsa_tv_template) 3295 } 3296 }, { 3297 .alg = "pkcs1pad(rsa,sha384)", 3298 .test = alg_test_null, 3299 .fips_allowed = 1, 3300 }, { 3301 .alg = "pkcs1pad(rsa,sha512)", 3302 .test = alg_test_null, 3303 .fips_allowed = 1, 3304 }, { 3305 .alg = "poly1305", 3306 .test = alg_test_hash, 3307 .suite = { 3308 .hash = __VECS(poly1305_tv_template) 3309 } 3310 }, { 3311 .alg = "rfc3686(ctr(aes))", 3312 .test = alg_test_skcipher, 3313 .fips_allowed = 1, 3314 .suite = { 3315 .cipher = { 3316 .enc = __VECS(aes_ctr_rfc3686_enc_tv_template), 3317 .dec = __VECS(aes_ctr_rfc3686_dec_tv_template) 3318 } 3319 } 3320 }, { 3321 .alg = "rfc4106(gcm(aes))", 3322 .test = alg_test_aead, 3323 .fips_allowed = 1, 3324 .suite = { 3325 .aead = { 3326 .enc = __VECS(aes_gcm_rfc4106_enc_tv_template), 3327 .dec = __VECS(aes_gcm_rfc4106_dec_tv_template) 3328 } 3329 } 3330 }, { 3331 .alg = "rfc4309(ccm(aes))", 3332 .test = alg_test_aead, 3333 .fips_allowed = 1, 3334 .suite = { 3335 .aead = { 3336 .enc = __VECS(aes_ccm_rfc4309_enc_tv_template), 3337 .dec = __VECS(aes_ccm_rfc4309_dec_tv_template) 3338 } 3339 } 3340 }, { 3341 .alg = "rfc4543(gcm(aes))", 3342 .test = alg_test_aead, 3343 .suite = { 3344 .aead = { 3345 .enc = __VECS(aes_gcm_rfc4543_enc_tv_template), 3346 .dec = __VECS(aes_gcm_rfc4543_dec_tv_template), 3347 } 3348 } 3349 }, { 3350 .alg = "rfc7539(chacha20,poly1305)", 3351 .test = alg_test_aead, 3352 .suite = { 3353 .aead = { 3354 .enc = __VECS(rfc7539_enc_tv_template), 3355 .dec = __VECS(rfc7539_dec_tv_template), 3356 } 3357 } 3358 }, { 3359 .alg = "rfc7539esp(chacha20,poly1305)", 3360 .test = alg_test_aead, 3361 .suite = { 3362 .aead = { 3363 .enc = __VECS(rfc7539esp_enc_tv_template), 3364 .dec = __VECS(rfc7539esp_dec_tv_template), 3365 } 3366 } 3367 }, { 3368 .alg = "rmd128", 3369 .test = alg_test_hash, 3370 .suite = { 3371 .hash = __VECS(rmd128_tv_template) 3372 } 3373 }, { 3374 .alg = "rmd160", 3375 .test = alg_test_hash, 3376 .suite = { 3377 .hash = __VECS(rmd160_tv_template) 3378 } 3379 }, { 3380 .alg = "rmd256", 3381 .test = alg_test_hash, 3382 .suite = { 3383 .hash = __VECS(rmd256_tv_template) 3384 } 3385 }, { 3386 .alg = "rmd320", 3387 .test = alg_test_hash, 3388 .suite = { 3389 .hash = __VECS(rmd320_tv_template) 3390 } 3391 }, { 3392 .alg = "rsa", 3393 .test = alg_test_akcipher, 3394 .fips_allowed = 1, 3395 .suite = { 3396 .akcipher = __VECS(rsa_tv_template) 3397 } 3398 }, { 3399 .alg = "salsa20", 3400 .test = alg_test_skcipher, 3401 .suite = { 3402 .cipher = { 3403 .enc = __VECS(salsa20_stream_enc_tv_template) 3404 } 3405 } 3406 }, { 3407 .alg = "sha1", 3408 .test = alg_test_hash, 3409 .fips_allowed = 1, 3410 .suite = { 3411 .hash = __VECS(sha1_tv_template) 3412 } 3413 }, { 3414 .alg = "sha224", 3415 .test = alg_test_hash, 3416 .fips_allowed = 1, 3417 .suite = { 3418 .hash = __VECS(sha224_tv_template) 3419 } 3420 }, { 3421 .alg = "sha256", 3422 .test = alg_test_hash, 3423 .fips_allowed = 1, 3424 .suite = { 3425 .hash = __VECS(sha256_tv_template) 3426 } 3427 }, { 3428 .alg = "sha3-224", 3429 .test = alg_test_hash, 3430 .fips_allowed = 1, 3431 .suite = { 3432 .hash = __VECS(sha3_224_tv_template) 3433 } 3434 }, { 3435 .alg = "sha3-256", 3436 .test = alg_test_hash, 3437 .fips_allowed = 1, 3438 .suite = { 3439 .hash = __VECS(sha3_256_tv_template) 3440 } 3441 }, { 3442 .alg = "sha3-384", 3443 .test = alg_test_hash, 3444 .fips_allowed = 1, 3445 .suite = { 3446 .hash = __VECS(sha3_384_tv_template) 3447 } 3448 }, { 3449 .alg = "sha3-512", 3450 .test = alg_test_hash, 3451 .fips_allowed = 1, 3452 .suite = { 3453 .hash = __VECS(sha3_512_tv_template) 3454 } 3455 }, { 3456 .alg = "sha384", 3457 .test = alg_test_hash, 3458 .fips_allowed = 1, 3459 .suite = { 3460 .hash = __VECS(sha384_tv_template) 3461 } 3462 }, { 3463 .alg = "sha512", 3464 .test = alg_test_hash, 3465 .fips_allowed = 1, 3466 .suite = { 3467 .hash = __VECS(sha512_tv_template) 3468 } 3469 }, { 3470 .alg = "sm3", 3471 .test = alg_test_hash, 3472 .suite = { 3473 .hash = __VECS(sm3_tv_template) 3474 } 3475 }, { 3476 .alg = "tgr128", 3477 .test = alg_test_hash, 3478 .suite = { 3479 .hash = __VECS(tgr128_tv_template) 3480 } 3481 }, { 3482 .alg = "tgr160", 3483 .test = alg_test_hash, 3484 .suite = { 3485 .hash = __VECS(tgr160_tv_template) 3486 } 3487 }, { 3488 .alg = "tgr192", 3489 .test = alg_test_hash, 3490 .suite = { 3491 .hash = __VECS(tgr192_tv_template) 3492 } 3493 }, { 3494 .alg = "vmac(aes)", 3495 .test = alg_test_hash, 3496 .suite = { 3497 .hash = __VECS(aes_vmac128_tv_template) 3498 } 3499 }, { 3500 .alg = "wp256", 3501 .test = alg_test_hash, 3502 .suite = { 3503 .hash = __VECS(wp256_tv_template) 3504 } 3505 }, { 3506 .alg = "wp384", 3507 .test = alg_test_hash, 3508 .suite = { 3509 .hash = __VECS(wp384_tv_template) 3510 } 3511 }, { 3512 .alg = "wp512", 3513 .test = alg_test_hash, 3514 .suite = { 3515 .hash = __VECS(wp512_tv_template) 3516 } 3517 }, { 3518 .alg = "xcbc(aes)", 3519 .test = alg_test_hash, 3520 .suite = { 3521 .hash = __VECS(aes_xcbc128_tv_template) 3522 } 3523 }, { 3524 .alg = "xts(aes)", 3525 .test = alg_test_skcipher, 3526 .fips_allowed = 1, 3527 .suite = { 3528 .cipher = { 3529 .enc = __VECS(aes_xts_enc_tv_template), 3530 .dec = __VECS(aes_xts_dec_tv_template) 3531 } 3532 } 3533 }, { 3534 .alg = "xts(camellia)", 3535 .test = alg_test_skcipher, 3536 .suite = { 3537 .cipher = { 3538 .enc = __VECS(camellia_xts_enc_tv_template), 3539 .dec = __VECS(camellia_xts_dec_tv_template) 3540 } 3541 } 3542 }, { 3543 .alg = "xts(cast6)", 3544 .test = alg_test_skcipher, 3545 .suite = { 3546 .cipher = { 3547 .enc = __VECS(cast6_xts_enc_tv_template), 3548 .dec = __VECS(cast6_xts_dec_tv_template) 3549 } 3550 } 3551 }, { 3552 .alg = "xts(serpent)", 3553 .test = alg_test_skcipher, 3554 .suite = { 3555 .cipher = { 3556 .enc = __VECS(serpent_xts_enc_tv_template), 3557 .dec = __VECS(serpent_xts_dec_tv_template) 3558 } 3559 } 3560 }, { 3561 .alg = "xts(twofish)", 3562 .test = alg_test_skcipher, 3563 .suite = { 3564 .cipher = { 3565 .enc = __VECS(tf_xts_enc_tv_template), 3566 .dec = __VECS(tf_xts_dec_tv_template) 3567 } 3568 } 3569 }, { 3570 .alg = "zlib-deflate", 3571 .test = alg_test_comp, 3572 .fips_allowed = 1, 3573 .suite = { 3574 .comp = { 3575 .comp = __VECS(zlib_deflate_comp_tv_template), 3576 .decomp = __VECS(zlib_deflate_decomp_tv_template) 3577 } 3578 } 3579 } 3580 }; 3581 3582 static bool alg_test_descs_checked; 3583 3584 static void alg_test_descs_check_order(void) 3585 { 3586 int i; 3587 3588 /* only check once */ 3589 if (alg_test_descs_checked) 3590 return; 3591 3592 alg_test_descs_checked = true; 3593 3594 for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) { 3595 int diff = strcmp(alg_test_descs[i - 1].alg, 3596 alg_test_descs[i].alg); 3597 3598 if (WARN_ON(diff > 0)) { 3599 pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n", 3600 alg_test_descs[i - 1].alg, 3601 alg_test_descs[i].alg); 3602 } 3603 3604 if (WARN_ON(diff == 0)) { 3605 pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n", 3606 alg_test_descs[i].alg); 3607 } 3608 } 3609 } 3610 3611 static int alg_find_test(const char *alg) 3612 { 3613 int start = 0; 3614 int end = ARRAY_SIZE(alg_test_descs); 3615 3616 while (start < end) { 3617 int i = (start + end) / 2; 3618 int diff = strcmp(alg_test_descs[i].alg, alg); 3619 3620 if (diff > 0) { 3621 end = i; 3622 continue; 3623 } 3624 3625 if (diff < 0) { 3626 start = i + 1; 3627 continue; 3628 } 3629 3630 return i; 3631 } 3632 3633 return -1; 3634 } 3635 3636 int alg_test(const char *driver, const char *alg, u32 type, u32 mask) 3637 { 3638 int i; 3639 int j; 3640 int rc; 3641 3642 if (!fips_enabled && notests) { 3643 printk_once(KERN_INFO "alg: self-tests disabled\n"); 3644 return 0; 3645 } 3646 3647 alg_test_descs_check_order(); 3648 3649 if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) { 3650 char nalg[CRYPTO_MAX_ALG_NAME]; 3651 3652 if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >= 3653 sizeof(nalg)) 3654 return -ENAMETOOLONG; 3655 3656 i = alg_find_test(nalg); 3657 if (i < 0) 3658 goto notest; 3659 3660 if (fips_enabled && !alg_test_descs[i].fips_allowed) 3661 goto non_fips_alg; 3662 3663 rc = alg_test_cipher(alg_test_descs + i, driver, type, mask); 3664 goto test_done; 3665 } 3666 3667 i = alg_find_test(alg); 3668 j = alg_find_test(driver); 3669 if (i < 0 && j < 0) 3670 goto notest; 3671 3672 if (fips_enabled && ((i >= 0 && !alg_test_descs[i].fips_allowed) || 3673 (j >= 0 && !alg_test_descs[j].fips_allowed))) 3674 goto non_fips_alg; 3675 3676 rc = 0; 3677 if (i >= 0) 3678 rc |= alg_test_descs[i].test(alg_test_descs + i, driver, 3679 type, mask); 3680 if (j >= 0 && j != i) 3681 rc |= alg_test_descs[j].test(alg_test_descs + j, driver, 3682 type, mask); 3683 3684 test_done: 3685 if (fips_enabled && rc) 3686 panic("%s: %s alg self test failed in fips mode!\n", driver, alg); 3687 3688 if (fips_enabled && !rc) 3689 pr_info("alg: self-tests for %s (%s) passed\n", driver, alg); 3690 3691 return rc; 3692 3693 notest: 3694 printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver); 3695 return 0; 3696 non_fips_alg: 3697 return -EINVAL; 3698 } 3699 3700 #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */ 3701 3702 EXPORT_SYMBOL_GPL(alg_test); 3703