1 /* 2 * Algorithm testing framework and tests. 3 * 4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> 5 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org> 6 * Copyright (c) 2007 Nokia Siemens Networks 7 * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au> 8 * Copyright (c) 2019 Google LLC 9 * 10 * Updated RFC4106 AES-GCM testing. 11 * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com) 12 * Adrian Hoban <adrian.hoban@intel.com> 13 * Gabriele Paoloni <gabriele.paoloni@intel.com> 14 * Tadeusz Struk (tadeusz.struk@intel.com) 15 * Copyright (c) 2010, Intel Corporation. 16 * 17 * This program is free software; you can redistribute it and/or modify it 18 * under the terms of the GNU General Public License as published by the Free 19 * Software Foundation; either version 2 of the License, or (at your option) 20 * any later version. 21 * 22 */ 23 24 #include <crypto/aead.h> 25 #include <crypto/hash.h> 26 #include <crypto/skcipher.h> 27 #include <linux/err.h> 28 #include <linux/fips.h> 29 #include <linux/module.h> 30 #include <linux/once.h> 31 #include <linux/random.h> 32 #include <linux/scatterlist.h> 33 #include <linux/slab.h> 34 #include <linux/string.h> 35 #include <crypto/rng.h> 36 #include <crypto/drbg.h> 37 #include <crypto/akcipher.h> 38 #include <crypto/kpp.h> 39 #include <crypto/acompress.h> 40 #include <crypto/internal/simd.h> 41 42 #include "internal.h" 43 44 static bool notests; 45 module_param(notests, bool, 0644); 46 MODULE_PARM_DESC(notests, "disable crypto self-tests"); 47 48 static bool panic_on_fail; 49 module_param(panic_on_fail, bool, 0444); 50 51 #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS 52 static bool noextratests; 53 module_param(noextratests, bool, 0644); 54 MODULE_PARM_DESC(noextratests, "disable expensive crypto self-tests"); 55 56 static unsigned int fuzz_iterations = 100; 57 module_param(fuzz_iterations, uint, 0644); 58 MODULE_PARM_DESC(fuzz_iterations, "number of fuzz test iterations"); 59 60 DEFINE_PER_CPU(bool, crypto_simd_disabled_for_test); 61 EXPORT_PER_CPU_SYMBOL_GPL(crypto_simd_disabled_for_test); 62 #endif 63 64 #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS 65 66 /* a perfect nop */ 67 int alg_test(const char *driver, const char *alg, u32 type, u32 mask) 68 { 69 return 0; 70 } 71 72 #else 73 74 #include "testmgr.h" 75 76 /* 77 * Need slab memory for testing (size in number of pages). 78 */ 79 #define XBUFSIZE 8 80 81 /* 82 * Used by test_cipher() 83 */ 84 #define ENCRYPT 1 85 #define DECRYPT 0 86 87 struct aead_test_suite { 88 const struct aead_testvec *vecs; 89 unsigned int count; 90 }; 91 92 struct cipher_test_suite { 93 const struct cipher_testvec *vecs; 94 unsigned int count; 95 }; 96 97 struct comp_test_suite { 98 struct { 99 const struct comp_testvec *vecs; 100 unsigned int count; 101 } comp, decomp; 102 }; 103 104 struct hash_test_suite { 105 const struct hash_testvec *vecs; 106 unsigned int count; 107 }; 108 109 struct cprng_test_suite { 110 const struct cprng_testvec *vecs; 111 unsigned int count; 112 }; 113 114 struct drbg_test_suite { 115 const struct drbg_testvec *vecs; 116 unsigned int count; 117 }; 118 119 struct akcipher_test_suite { 120 const struct akcipher_testvec *vecs; 121 unsigned int count; 122 }; 123 124 struct kpp_test_suite { 125 const struct kpp_testvec *vecs; 126 unsigned int count; 127 }; 128 129 struct alg_test_desc { 130 const char *alg; 131 int (*test)(const struct alg_test_desc *desc, const char *driver, 132 u32 type, u32 mask); 133 int fips_allowed; /* set if alg is allowed in fips mode */ 134 135 union { 136 struct aead_test_suite aead; 137 struct cipher_test_suite cipher; 138 struct comp_test_suite comp; 139 struct hash_test_suite hash; 140 struct cprng_test_suite cprng; 141 struct drbg_test_suite drbg; 142 struct akcipher_test_suite akcipher; 143 struct kpp_test_suite kpp; 144 } suite; 145 }; 146 147 static void hexdump(unsigned char *buf, unsigned int len) 148 { 149 print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET, 150 16, 1, 151 buf, len, false); 152 } 153 154 static int __testmgr_alloc_buf(char *buf[XBUFSIZE], int order) 155 { 156 int i; 157 158 for (i = 0; i < XBUFSIZE; i++) { 159 buf[i] = (char *)__get_free_pages(GFP_KERNEL, order); 160 if (!buf[i]) 161 goto err_free_buf; 162 } 163 164 return 0; 165 166 err_free_buf: 167 while (i-- > 0) 168 free_pages((unsigned long)buf[i], order); 169 170 return -ENOMEM; 171 } 172 173 static int testmgr_alloc_buf(char *buf[XBUFSIZE]) 174 { 175 return __testmgr_alloc_buf(buf, 0); 176 } 177 178 static void __testmgr_free_buf(char *buf[XBUFSIZE], int order) 179 { 180 int i; 181 182 for (i = 0; i < XBUFSIZE; i++) 183 free_pages((unsigned long)buf[i], order); 184 } 185 186 static void testmgr_free_buf(char *buf[XBUFSIZE]) 187 { 188 __testmgr_free_buf(buf, 0); 189 } 190 191 #define TESTMGR_POISON_BYTE 0xfe 192 #define TESTMGR_POISON_LEN 16 193 194 static inline void testmgr_poison(void *addr, size_t len) 195 { 196 memset(addr, TESTMGR_POISON_BYTE, len); 197 } 198 199 /* Is the memory region still fully poisoned? */ 200 static inline bool testmgr_is_poison(const void *addr, size_t len) 201 { 202 return memchr_inv(addr, TESTMGR_POISON_BYTE, len) == NULL; 203 } 204 205 /* flush type for hash algorithms */ 206 enum flush_type { 207 /* merge with update of previous buffer(s) */ 208 FLUSH_TYPE_NONE = 0, 209 210 /* update with previous buffer(s) before doing this one */ 211 FLUSH_TYPE_FLUSH, 212 213 /* likewise, but also export and re-import the intermediate state */ 214 FLUSH_TYPE_REIMPORT, 215 }; 216 217 /* finalization function for hash algorithms */ 218 enum finalization_type { 219 FINALIZATION_TYPE_FINAL, /* use final() */ 220 FINALIZATION_TYPE_FINUP, /* use finup() */ 221 FINALIZATION_TYPE_DIGEST, /* use digest() */ 222 }; 223 224 #define TEST_SG_TOTAL 10000 225 226 /** 227 * struct test_sg_division - description of a scatterlist entry 228 * 229 * This struct describes one entry of a scatterlist being constructed to check a 230 * crypto test vector. 231 * 232 * @proportion_of_total: length of this chunk relative to the total length, 233 * given as a proportion out of TEST_SG_TOTAL so that it 234 * scales to fit any test vector 235 * @offset: byte offset into a 2-page buffer at which this chunk will start 236 * @offset_relative_to_alignmask: if true, add the algorithm's alignmask to the 237 * @offset 238 * @flush_type: for hashes, whether an update() should be done now vs. 239 * continuing to accumulate data 240 * @nosimd: if doing the pending update(), do it with SIMD disabled? 241 */ 242 struct test_sg_division { 243 unsigned int proportion_of_total; 244 unsigned int offset; 245 bool offset_relative_to_alignmask; 246 enum flush_type flush_type; 247 bool nosimd; 248 }; 249 250 /** 251 * struct testvec_config - configuration for testing a crypto test vector 252 * 253 * This struct describes the data layout and other parameters with which each 254 * crypto test vector can be tested. 255 * 256 * @name: name of this config, logged for debugging purposes if a test fails 257 * @inplace: operate on the data in-place, if applicable for the algorithm type? 258 * @req_flags: extra request_flags, e.g. CRYPTO_TFM_REQ_MAY_SLEEP 259 * @src_divs: description of how to arrange the source scatterlist 260 * @dst_divs: description of how to arrange the dst scatterlist, if applicable 261 * for the algorithm type. Defaults to @src_divs if unset. 262 * @iv_offset: misalignment of the IV in the range [0..MAX_ALGAPI_ALIGNMASK+1], 263 * where 0 is aligned to a 2*(MAX_ALGAPI_ALIGNMASK+1) byte boundary 264 * @iv_offset_relative_to_alignmask: if true, add the algorithm's alignmask to 265 * the @iv_offset 266 * @finalization_type: what finalization function to use for hashes 267 * @nosimd: execute with SIMD disabled? Requires !CRYPTO_TFM_REQ_MAY_SLEEP. 268 */ 269 struct testvec_config { 270 const char *name; 271 bool inplace; 272 u32 req_flags; 273 struct test_sg_division src_divs[XBUFSIZE]; 274 struct test_sg_division dst_divs[XBUFSIZE]; 275 unsigned int iv_offset; 276 bool iv_offset_relative_to_alignmask; 277 enum finalization_type finalization_type; 278 bool nosimd; 279 }; 280 281 #define TESTVEC_CONFIG_NAMELEN 192 282 283 /* 284 * The following are the lists of testvec_configs to test for each algorithm 285 * type when the basic crypto self-tests are enabled, i.e. when 286 * CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is unset. They aim to provide good test 287 * coverage, while keeping the test time much shorter than the full fuzz tests 288 * so that the basic tests can be enabled in a wider range of circumstances. 289 */ 290 291 /* Configs for skciphers and aeads */ 292 static const struct testvec_config default_cipher_testvec_configs[] = { 293 { 294 .name = "in-place", 295 .inplace = true, 296 .src_divs = { { .proportion_of_total = 10000 } }, 297 }, { 298 .name = "out-of-place", 299 .src_divs = { { .proportion_of_total = 10000 } }, 300 }, { 301 .name = "unaligned buffer, offset=1", 302 .src_divs = { { .proportion_of_total = 10000, .offset = 1 } }, 303 .iv_offset = 1, 304 }, { 305 .name = "buffer aligned only to alignmask", 306 .src_divs = { 307 { 308 .proportion_of_total = 10000, 309 .offset = 1, 310 .offset_relative_to_alignmask = true, 311 }, 312 }, 313 .iv_offset = 1, 314 .iv_offset_relative_to_alignmask = true, 315 }, { 316 .name = "two even aligned splits", 317 .src_divs = { 318 { .proportion_of_total = 5000 }, 319 { .proportion_of_total = 5000 }, 320 }, 321 }, { 322 .name = "uneven misaligned splits, may sleep", 323 .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP, 324 .src_divs = { 325 { .proportion_of_total = 1900, .offset = 33 }, 326 { .proportion_of_total = 3300, .offset = 7 }, 327 { .proportion_of_total = 4800, .offset = 18 }, 328 }, 329 .iv_offset = 3, 330 }, { 331 .name = "misaligned splits crossing pages, inplace", 332 .inplace = true, 333 .src_divs = { 334 { 335 .proportion_of_total = 7500, 336 .offset = PAGE_SIZE - 32 337 }, { 338 .proportion_of_total = 2500, 339 .offset = PAGE_SIZE - 7 340 }, 341 }, 342 } 343 }; 344 345 static const struct testvec_config default_hash_testvec_configs[] = { 346 { 347 .name = "init+update+final aligned buffer", 348 .src_divs = { { .proportion_of_total = 10000 } }, 349 .finalization_type = FINALIZATION_TYPE_FINAL, 350 }, { 351 .name = "init+finup aligned buffer", 352 .src_divs = { { .proportion_of_total = 10000 } }, 353 .finalization_type = FINALIZATION_TYPE_FINUP, 354 }, { 355 .name = "digest aligned buffer", 356 .src_divs = { { .proportion_of_total = 10000 } }, 357 .finalization_type = FINALIZATION_TYPE_DIGEST, 358 }, { 359 .name = "init+update+final misaligned buffer", 360 .src_divs = { { .proportion_of_total = 10000, .offset = 1 } }, 361 .finalization_type = FINALIZATION_TYPE_FINAL, 362 }, { 363 .name = "digest buffer aligned only to alignmask", 364 .src_divs = { 365 { 366 .proportion_of_total = 10000, 367 .offset = 1, 368 .offset_relative_to_alignmask = true, 369 }, 370 }, 371 .finalization_type = FINALIZATION_TYPE_DIGEST, 372 }, { 373 .name = "init+update+update+final two even splits", 374 .src_divs = { 375 { .proportion_of_total = 5000 }, 376 { 377 .proportion_of_total = 5000, 378 .flush_type = FLUSH_TYPE_FLUSH, 379 }, 380 }, 381 .finalization_type = FINALIZATION_TYPE_FINAL, 382 }, { 383 .name = "digest uneven misaligned splits, may sleep", 384 .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP, 385 .src_divs = { 386 { .proportion_of_total = 1900, .offset = 33 }, 387 { .proportion_of_total = 3300, .offset = 7 }, 388 { .proportion_of_total = 4800, .offset = 18 }, 389 }, 390 .finalization_type = FINALIZATION_TYPE_DIGEST, 391 }, { 392 .name = "digest misaligned splits crossing pages", 393 .src_divs = { 394 { 395 .proportion_of_total = 7500, 396 .offset = PAGE_SIZE - 32, 397 }, { 398 .proportion_of_total = 2500, 399 .offset = PAGE_SIZE - 7, 400 }, 401 }, 402 .finalization_type = FINALIZATION_TYPE_DIGEST, 403 }, { 404 .name = "import/export", 405 .src_divs = { 406 { 407 .proportion_of_total = 6500, 408 .flush_type = FLUSH_TYPE_REIMPORT, 409 }, { 410 .proportion_of_total = 3500, 411 .flush_type = FLUSH_TYPE_REIMPORT, 412 }, 413 }, 414 .finalization_type = FINALIZATION_TYPE_FINAL, 415 } 416 }; 417 418 static unsigned int count_test_sg_divisions(const struct test_sg_division *divs) 419 { 420 unsigned int remaining = TEST_SG_TOTAL; 421 unsigned int ndivs = 0; 422 423 do { 424 remaining -= divs[ndivs++].proportion_of_total; 425 } while (remaining); 426 427 return ndivs; 428 } 429 430 #define SGDIVS_HAVE_FLUSHES BIT(0) 431 #define SGDIVS_HAVE_NOSIMD BIT(1) 432 433 static bool valid_sg_divisions(const struct test_sg_division *divs, 434 unsigned int count, int *flags_ret) 435 { 436 unsigned int total = 0; 437 unsigned int i; 438 439 for (i = 0; i < count && total != TEST_SG_TOTAL; i++) { 440 if (divs[i].proportion_of_total <= 0 || 441 divs[i].proportion_of_total > TEST_SG_TOTAL - total) 442 return false; 443 total += divs[i].proportion_of_total; 444 if (divs[i].flush_type != FLUSH_TYPE_NONE) 445 *flags_ret |= SGDIVS_HAVE_FLUSHES; 446 if (divs[i].nosimd) 447 *flags_ret |= SGDIVS_HAVE_NOSIMD; 448 } 449 return total == TEST_SG_TOTAL && 450 memchr_inv(&divs[i], 0, (count - i) * sizeof(divs[0])) == NULL; 451 } 452 453 /* 454 * Check whether the given testvec_config is valid. This isn't strictly needed 455 * since every testvec_config should be valid, but check anyway so that people 456 * don't unknowingly add broken configs that don't do what they wanted. 457 */ 458 static bool valid_testvec_config(const struct testvec_config *cfg) 459 { 460 int flags = 0; 461 462 if (cfg->name == NULL) 463 return false; 464 465 if (!valid_sg_divisions(cfg->src_divs, ARRAY_SIZE(cfg->src_divs), 466 &flags)) 467 return false; 468 469 if (cfg->dst_divs[0].proportion_of_total) { 470 if (!valid_sg_divisions(cfg->dst_divs, 471 ARRAY_SIZE(cfg->dst_divs), &flags)) 472 return false; 473 } else { 474 if (memchr_inv(cfg->dst_divs, 0, sizeof(cfg->dst_divs))) 475 return false; 476 /* defaults to dst_divs=src_divs */ 477 } 478 479 if (cfg->iv_offset + 480 (cfg->iv_offset_relative_to_alignmask ? MAX_ALGAPI_ALIGNMASK : 0) > 481 MAX_ALGAPI_ALIGNMASK + 1) 482 return false; 483 484 if ((flags & (SGDIVS_HAVE_FLUSHES | SGDIVS_HAVE_NOSIMD)) && 485 cfg->finalization_type == FINALIZATION_TYPE_DIGEST) 486 return false; 487 488 if ((cfg->nosimd || (flags & SGDIVS_HAVE_NOSIMD)) && 489 (cfg->req_flags & CRYPTO_TFM_REQ_MAY_SLEEP)) 490 return false; 491 492 return true; 493 } 494 495 struct test_sglist { 496 char *bufs[XBUFSIZE]; 497 struct scatterlist sgl[XBUFSIZE]; 498 struct scatterlist sgl_saved[XBUFSIZE]; 499 struct scatterlist *sgl_ptr; 500 unsigned int nents; 501 }; 502 503 static int init_test_sglist(struct test_sglist *tsgl) 504 { 505 return __testmgr_alloc_buf(tsgl->bufs, 1 /* two pages per buffer */); 506 } 507 508 static void destroy_test_sglist(struct test_sglist *tsgl) 509 { 510 return __testmgr_free_buf(tsgl->bufs, 1 /* two pages per buffer */); 511 } 512 513 /** 514 * build_test_sglist() - build a scatterlist for a crypto test 515 * 516 * @tsgl: the scatterlist to build. @tsgl->bufs[] contains an array of 2-page 517 * buffers which the scatterlist @tsgl->sgl[] will be made to point into. 518 * @divs: the layout specification on which the scatterlist will be based 519 * @alignmask: the algorithm's alignmask 520 * @total_len: the total length of the scatterlist to build in bytes 521 * @data: if non-NULL, the buffers will be filled with this data until it ends. 522 * Otherwise the buffers will be poisoned. In both cases, some bytes 523 * past the end of each buffer will be poisoned to help detect overruns. 524 * @out_divs: if non-NULL, the test_sg_division to which each scatterlist entry 525 * corresponds will be returned here. This will match @divs except 526 * that divisions resolving to a length of 0 are omitted as they are 527 * not included in the scatterlist. 528 * 529 * Return: 0 or a -errno value 530 */ 531 static int build_test_sglist(struct test_sglist *tsgl, 532 const struct test_sg_division *divs, 533 const unsigned int alignmask, 534 const unsigned int total_len, 535 struct iov_iter *data, 536 const struct test_sg_division *out_divs[XBUFSIZE]) 537 { 538 struct { 539 const struct test_sg_division *div; 540 size_t length; 541 } partitions[XBUFSIZE]; 542 const unsigned int ndivs = count_test_sg_divisions(divs); 543 unsigned int len_remaining = total_len; 544 unsigned int i; 545 546 BUILD_BUG_ON(ARRAY_SIZE(partitions) != ARRAY_SIZE(tsgl->sgl)); 547 if (WARN_ON(ndivs > ARRAY_SIZE(partitions))) 548 return -EINVAL; 549 550 /* Calculate the (div, length) pairs */ 551 tsgl->nents = 0; 552 for (i = 0; i < ndivs; i++) { 553 unsigned int len_this_sg = 554 min(len_remaining, 555 (total_len * divs[i].proportion_of_total + 556 TEST_SG_TOTAL / 2) / TEST_SG_TOTAL); 557 558 if (len_this_sg != 0) { 559 partitions[tsgl->nents].div = &divs[i]; 560 partitions[tsgl->nents].length = len_this_sg; 561 tsgl->nents++; 562 len_remaining -= len_this_sg; 563 } 564 } 565 if (tsgl->nents == 0) { 566 partitions[tsgl->nents].div = &divs[0]; 567 partitions[tsgl->nents].length = 0; 568 tsgl->nents++; 569 } 570 partitions[tsgl->nents - 1].length += len_remaining; 571 572 /* Set up the sgl entries and fill the data or poison */ 573 sg_init_table(tsgl->sgl, tsgl->nents); 574 for (i = 0; i < tsgl->nents; i++) { 575 unsigned int offset = partitions[i].div->offset; 576 void *addr; 577 578 if (partitions[i].div->offset_relative_to_alignmask) 579 offset += alignmask; 580 581 while (offset + partitions[i].length + TESTMGR_POISON_LEN > 582 2 * PAGE_SIZE) { 583 if (WARN_ON(offset <= 0)) 584 return -EINVAL; 585 offset /= 2; 586 } 587 588 addr = &tsgl->bufs[i][offset]; 589 sg_set_buf(&tsgl->sgl[i], addr, partitions[i].length); 590 591 if (out_divs) 592 out_divs[i] = partitions[i].div; 593 594 if (data) { 595 size_t copy_len, copied; 596 597 copy_len = min(partitions[i].length, data->count); 598 copied = copy_from_iter(addr, copy_len, data); 599 if (WARN_ON(copied != copy_len)) 600 return -EINVAL; 601 testmgr_poison(addr + copy_len, partitions[i].length + 602 TESTMGR_POISON_LEN - copy_len); 603 } else { 604 testmgr_poison(addr, partitions[i].length + 605 TESTMGR_POISON_LEN); 606 } 607 } 608 609 sg_mark_end(&tsgl->sgl[tsgl->nents - 1]); 610 tsgl->sgl_ptr = tsgl->sgl; 611 memcpy(tsgl->sgl_saved, tsgl->sgl, tsgl->nents * sizeof(tsgl->sgl[0])); 612 return 0; 613 } 614 615 /* 616 * Verify that a scatterlist crypto operation produced the correct output. 617 * 618 * @tsgl: scatterlist containing the actual output 619 * @expected_output: buffer containing the expected output 620 * @len_to_check: length of @expected_output in bytes 621 * @unchecked_prefix_len: number of ignored bytes in @tsgl prior to real result 622 * @check_poison: verify that the poison bytes after each chunk are intact? 623 * 624 * Return: 0 if correct, -EINVAL if incorrect, -EOVERFLOW if buffer overrun. 625 */ 626 static int verify_correct_output(const struct test_sglist *tsgl, 627 const char *expected_output, 628 unsigned int len_to_check, 629 unsigned int unchecked_prefix_len, 630 bool check_poison) 631 { 632 unsigned int i; 633 634 for (i = 0; i < tsgl->nents; i++) { 635 struct scatterlist *sg = &tsgl->sgl_ptr[i]; 636 unsigned int len = sg->length; 637 unsigned int offset = sg->offset; 638 const char *actual_output; 639 640 if (unchecked_prefix_len) { 641 if (unchecked_prefix_len >= len) { 642 unchecked_prefix_len -= len; 643 continue; 644 } 645 offset += unchecked_prefix_len; 646 len -= unchecked_prefix_len; 647 unchecked_prefix_len = 0; 648 } 649 len = min(len, len_to_check); 650 actual_output = page_address(sg_page(sg)) + offset; 651 if (memcmp(expected_output, actual_output, len) != 0) 652 return -EINVAL; 653 if (check_poison && 654 !testmgr_is_poison(actual_output + len, TESTMGR_POISON_LEN)) 655 return -EOVERFLOW; 656 len_to_check -= len; 657 expected_output += len; 658 } 659 if (WARN_ON(len_to_check != 0)) 660 return -EINVAL; 661 return 0; 662 } 663 664 static bool is_test_sglist_corrupted(const struct test_sglist *tsgl) 665 { 666 unsigned int i; 667 668 for (i = 0; i < tsgl->nents; i++) { 669 if (tsgl->sgl[i].page_link != tsgl->sgl_saved[i].page_link) 670 return true; 671 if (tsgl->sgl[i].offset != tsgl->sgl_saved[i].offset) 672 return true; 673 if (tsgl->sgl[i].length != tsgl->sgl_saved[i].length) 674 return true; 675 } 676 return false; 677 } 678 679 struct cipher_test_sglists { 680 struct test_sglist src; 681 struct test_sglist dst; 682 }; 683 684 static struct cipher_test_sglists *alloc_cipher_test_sglists(void) 685 { 686 struct cipher_test_sglists *tsgls; 687 688 tsgls = kmalloc(sizeof(*tsgls), GFP_KERNEL); 689 if (!tsgls) 690 return NULL; 691 692 if (init_test_sglist(&tsgls->src) != 0) 693 goto fail_kfree; 694 if (init_test_sglist(&tsgls->dst) != 0) 695 goto fail_destroy_src; 696 697 return tsgls; 698 699 fail_destroy_src: 700 destroy_test_sglist(&tsgls->src); 701 fail_kfree: 702 kfree(tsgls); 703 return NULL; 704 } 705 706 static void free_cipher_test_sglists(struct cipher_test_sglists *tsgls) 707 { 708 if (tsgls) { 709 destroy_test_sglist(&tsgls->src); 710 destroy_test_sglist(&tsgls->dst); 711 kfree(tsgls); 712 } 713 } 714 715 /* Build the src and dst scatterlists for an skcipher or AEAD test */ 716 static int build_cipher_test_sglists(struct cipher_test_sglists *tsgls, 717 const struct testvec_config *cfg, 718 unsigned int alignmask, 719 unsigned int src_total_len, 720 unsigned int dst_total_len, 721 const struct kvec *inputs, 722 unsigned int nr_inputs) 723 { 724 struct iov_iter input; 725 int err; 726 727 iov_iter_kvec(&input, WRITE, inputs, nr_inputs, src_total_len); 728 err = build_test_sglist(&tsgls->src, cfg->src_divs, alignmask, 729 cfg->inplace ? 730 max(dst_total_len, src_total_len) : 731 src_total_len, 732 &input, NULL); 733 if (err) 734 return err; 735 736 if (cfg->inplace) { 737 tsgls->dst.sgl_ptr = tsgls->src.sgl; 738 tsgls->dst.nents = tsgls->src.nents; 739 return 0; 740 } 741 return build_test_sglist(&tsgls->dst, 742 cfg->dst_divs[0].proportion_of_total ? 743 cfg->dst_divs : cfg->src_divs, 744 alignmask, dst_total_len, NULL, NULL); 745 } 746 747 #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS 748 static char *generate_random_sgl_divisions(struct test_sg_division *divs, 749 size_t max_divs, char *p, char *end, 750 bool gen_flushes, u32 req_flags) 751 { 752 struct test_sg_division *div = divs; 753 unsigned int remaining = TEST_SG_TOTAL; 754 755 do { 756 unsigned int this_len; 757 const char *flushtype_str; 758 759 if (div == &divs[max_divs - 1] || prandom_u32() % 2 == 0) 760 this_len = remaining; 761 else 762 this_len = 1 + (prandom_u32() % remaining); 763 div->proportion_of_total = this_len; 764 765 if (prandom_u32() % 4 == 0) 766 div->offset = (PAGE_SIZE - 128) + (prandom_u32() % 128); 767 else if (prandom_u32() % 2 == 0) 768 div->offset = prandom_u32() % 32; 769 else 770 div->offset = prandom_u32() % PAGE_SIZE; 771 if (prandom_u32() % 8 == 0) 772 div->offset_relative_to_alignmask = true; 773 774 div->flush_type = FLUSH_TYPE_NONE; 775 if (gen_flushes) { 776 switch (prandom_u32() % 4) { 777 case 0: 778 div->flush_type = FLUSH_TYPE_REIMPORT; 779 break; 780 case 1: 781 div->flush_type = FLUSH_TYPE_FLUSH; 782 break; 783 } 784 } 785 786 if (div->flush_type != FLUSH_TYPE_NONE && 787 !(req_flags & CRYPTO_TFM_REQ_MAY_SLEEP) && 788 prandom_u32() % 2 == 0) 789 div->nosimd = true; 790 791 switch (div->flush_type) { 792 case FLUSH_TYPE_FLUSH: 793 if (div->nosimd) 794 flushtype_str = "<flush,nosimd>"; 795 else 796 flushtype_str = "<flush>"; 797 break; 798 case FLUSH_TYPE_REIMPORT: 799 if (div->nosimd) 800 flushtype_str = "<reimport,nosimd>"; 801 else 802 flushtype_str = "<reimport>"; 803 break; 804 default: 805 flushtype_str = ""; 806 break; 807 } 808 809 BUILD_BUG_ON(TEST_SG_TOTAL != 10000); /* for "%u.%u%%" */ 810 p += scnprintf(p, end - p, "%s%u.%u%%@%s+%u%s", flushtype_str, 811 this_len / 100, this_len % 100, 812 div->offset_relative_to_alignmask ? 813 "alignmask" : "", 814 div->offset, this_len == remaining ? "" : ", "); 815 remaining -= this_len; 816 div++; 817 } while (remaining); 818 819 return p; 820 } 821 822 /* Generate a random testvec_config for fuzz testing */ 823 static void generate_random_testvec_config(struct testvec_config *cfg, 824 char *name, size_t max_namelen) 825 { 826 char *p = name; 827 char * const end = name + max_namelen; 828 829 memset(cfg, 0, sizeof(*cfg)); 830 831 cfg->name = name; 832 833 p += scnprintf(p, end - p, "random:"); 834 835 if (prandom_u32() % 2 == 0) { 836 cfg->inplace = true; 837 p += scnprintf(p, end - p, " inplace"); 838 } 839 840 if (prandom_u32() % 2 == 0) { 841 cfg->req_flags |= CRYPTO_TFM_REQ_MAY_SLEEP; 842 p += scnprintf(p, end - p, " may_sleep"); 843 } 844 845 switch (prandom_u32() % 4) { 846 case 0: 847 cfg->finalization_type = FINALIZATION_TYPE_FINAL; 848 p += scnprintf(p, end - p, " use_final"); 849 break; 850 case 1: 851 cfg->finalization_type = FINALIZATION_TYPE_FINUP; 852 p += scnprintf(p, end - p, " use_finup"); 853 break; 854 default: 855 cfg->finalization_type = FINALIZATION_TYPE_DIGEST; 856 p += scnprintf(p, end - p, " use_digest"); 857 break; 858 } 859 860 if (!(cfg->req_flags & CRYPTO_TFM_REQ_MAY_SLEEP) && 861 prandom_u32() % 2 == 0) { 862 cfg->nosimd = true; 863 p += scnprintf(p, end - p, " nosimd"); 864 } 865 866 p += scnprintf(p, end - p, " src_divs=["); 867 p = generate_random_sgl_divisions(cfg->src_divs, 868 ARRAY_SIZE(cfg->src_divs), p, end, 869 (cfg->finalization_type != 870 FINALIZATION_TYPE_DIGEST), 871 cfg->req_flags); 872 p += scnprintf(p, end - p, "]"); 873 874 if (!cfg->inplace && prandom_u32() % 2 == 0) { 875 p += scnprintf(p, end - p, " dst_divs=["); 876 p = generate_random_sgl_divisions(cfg->dst_divs, 877 ARRAY_SIZE(cfg->dst_divs), 878 p, end, false, 879 cfg->req_flags); 880 p += scnprintf(p, end - p, "]"); 881 } 882 883 if (prandom_u32() % 2 == 0) { 884 cfg->iv_offset = 1 + (prandom_u32() % MAX_ALGAPI_ALIGNMASK); 885 p += scnprintf(p, end - p, " iv_offset=%u", cfg->iv_offset); 886 } 887 888 WARN_ON_ONCE(!valid_testvec_config(cfg)); 889 } 890 891 static void crypto_disable_simd_for_test(void) 892 { 893 preempt_disable(); 894 __this_cpu_write(crypto_simd_disabled_for_test, true); 895 } 896 897 static void crypto_reenable_simd_for_test(void) 898 { 899 __this_cpu_write(crypto_simd_disabled_for_test, false); 900 preempt_enable(); 901 } 902 #else /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */ 903 static void crypto_disable_simd_for_test(void) 904 { 905 } 906 907 static void crypto_reenable_simd_for_test(void) 908 { 909 } 910 #endif /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */ 911 912 static int do_ahash_op(int (*op)(struct ahash_request *req), 913 struct ahash_request *req, 914 struct crypto_wait *wait, bool nosimd) 915 { 916 int err; 917 918 if (nosimd) 919 crypto_disable_simd_for_test(); 920 921 err = op(req); 922 923 if (nosimd) 924 crypto_reenable_simd_for_test(); 925 926 return crypto_wait_req(err, wait); 927 } 928 929 static int check_nonfinal_hash_op(const char *op, int err, 930 u8 *result, unsigned int digestsize, 931 const char *driver, const char *vec_name, 932 const struct testvec_config *cfg) 933 { 934 if (err) { 935 pr_err("alg: hash: %s %s() failed with err %d on test vector %s, cfg=\"%s\"\n", 936 driver, op, err, vec_name, cfg->name); 937 return err; 938 } 939 if (!testmgr_is_poison(result, digestsize)) { 940 pr_err("alg: hash: %s %s() used result buffer on test vector %s, cfg=\"%s\"\n", 941 driver, op, vec_name, cfg->name); 942 return -EINVAL; 943 } 944 return 0; 945 } 946 947 static int test_hash_vec_cfg(const char *driver, 948 const struct hash_testvec *vec, 949 const char *vec_name, 950 const struct testvec_config *cfg, 951 struct ahash_request *req, 952 struct test_sglist *tsgl, 953 u8 *hashstate) 954 { 955 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 956 const unsigned int alignmask = crypto_ahash_alignmask(tfm); 957 const unsigned int digestsize = crypto_ahash_digestsize(tfm); 958 const unsigned int statesize = crypto_ahash_statesize(tfm); 959 const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; 960 const struct test_sg_division *divs[XBUFSIZE]; 961 DECLARE_CRYPTO_WAIT(wait); 962 struct kvec _input; 963 struct iov_iter input; 964 unsigned int i; 965 struct scatterlist *pending_sgl; 966 unsigned int pending_len; 967 u8 result[HASH_MAX_DIGESTSIZE + TESTMGR_POISON_LEN]; 968 int err; 969 970 /* Set the key, if specified */ 971 if (vec->ksize) { 972 err = crypto_ahash_setkey(tfm, vec->key, vec->ksize); 973 if (err) { 974 if (err == vec->setkey_error) 975 return 0; 976 pr_err("alg: hash: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n", 977 driver, vec_name, vec->setkey_error, err, 978 crypto_ahash_get_flags(tfm)); 979 return err; 980 } 981 if (vec->setkey_error) { 982 pr_err("alg: hash: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n", 983 driver, vec_name, vec->setkey_error); 984 return -EINVAL; 985 } 986 } 987 988 /* Build the scatterlist for the source data */ 989 _input.iov_base = (void *)vec->plaintext; 990 _input.iov_len = vec->psize; 991 iov_iter_kvec(&input, WRITE, &_input, 1, vec->psize); 992 err = build_test_sglist(tsgl, cfg->src_divs, alignmask, vec->psize, 993 &input, divs); 994 if (err) { 995 pr_err("alg: hash: %s: error preparing scatterlist for test vector %s, cfg=\"%s\"\n", 996 driver, vec_name, cfg->name); 997 return err; 998 } 999 1000 /* Do the actual hashing */ 1001 1002 testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm)); 1003 testmgr_poison(result, digestsize + TESTMGR_POISON_LEN); 1004 1005 if (cfg->finalization_type == FINALIZATION_TYPE_DIGEST || 1006 vec->digest_error) { 1007 /* Just using digest() */ 1008 ahash_request_set_callback(req, req_flags, crypto_req_done, 1009 &wait); 1010 ahash_request_set_crypt(req, tsgl->sgl, result, vec->psize); 1011 err = do_ahash_op(crypto_ahash_digest, req, &wait, cfg->nosimd); 1012 if (err) { 1013 if (err == vec->digest_error) 1014 return 0; 1015 pr_err("alg: hash: %s digest() failed on test vector %s; expected_error=%d, actual_error=%d, cfg=\"%s\"\n", 1016 driver, vec_name, vec->digest_error, err, 1017 cfg->name); 1018 return err; 1019 } 1020 if (vec->digest_error) { 1021 pr_err("alg: hash: %s digest() unexpectedly succeeded on test vector %s; expected_error=%d, cfg=\"%s\"\n", 1022 driver, vec_name, vec->digest_error, cfg->name); 1023 return -EINVAL; 1024 } 1025 goto result_ready; 1026 } 1027 1028 /* Using init(), zero or more update(), then final() or finup() */ 1029 1030 ahash_request_set_callback(req, req_flags, crypto_req_done, &wait); 1031 ahash_request_set_crypt(req, NULL, result, 0); 1032 err = do_ahash_op(crypto_ahash_init, req, &wait, cfg->nosimd); 1033 err = check_nonfinal_hash_op("init", err, result, digestsize, 1034 driver, vec_name, cfg); 1035 if (err) 1036 return err; 1037 1038 pending_sgl = NULL; 1039 pending_len = 0; 1040 for (i = 0; i < tsgl->nents; i++) { 1041 if (divs[i]->flush_type != FLUSH_TYPE_NONE && 1042 pending_sgl != NULL) { 1043 /* update() with the pending data */ 1044 ahash_request_set_callback(req, req_flags, 1045 crypto_req_done, &wait); 1046 ahash_request_set_crypt(req, pending_sgl, result, 1047 pending_len); 1048 err = do_ahash_op(crypto_ahash_update, req, &wait, 1049 divs[i]->nosimd); 1050 err = check_nonfinal_hash_op("update", err, 1051 result, digestsize, 1052 driver, vec_name, cfg); 1053 if (err) 1054 return err; 1055 pending_sgl = NULL; 1056 pending_len = 0; 1057 } 1058 if (divs[i]->flush_type == FLUSH_TYPE_REIMPORT) { 1059 /* Test ->export() and ->import() */ 1060 testmgr_poison(hashstate + statesize, 1061 TESTMGR_POISON_LEN); 1062 err = crypto_ahash_export(req, hashstate); 1063 err = check_nonfinal_hash_op("export", err, 1064 result, digestsize, 1065 driver, vec_name, cfg); 1066 if (err) 1067 return err; 1068 if (!testmgr_is_poison(hashstate + statesize, 1069 TESTMGR_POISON_LEN)) { 1070 pr_err("alg: hash: %s export() overran state buffer on test vector %s, cfg=\"%s\"\n", 1071 driver, vec_name, cfg->name); 1072 return -EOVERFLOW; 1073 } 1074 1075 testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm)); 1076 err = crypto_ahash_import(req, hashstate); 1077 err = check_nonfinal_hash_op("import", err, 1078 result, digestsize, 1079 driver, vec_name, cfg); 1080 if (err) 1081 return err; 1082 } 1083 if (pending_sgl == NULL) 1084 pending_sgl = &tsgl->sgl[i]; 1085 pending_len += tsgl->sgl[i].length; 1086 } 1087 1088 ahash_request_set_callback(req, req_flags, crypto_req_done, &wait); 1089 ahash_request_set_crypt(req, pending_sgl, result, pending_len); 1090 if (cfg->finalization_type == FINALIZATION_TYPE_FINAL) { 1091 /* finish with update() and final() */ 1092 err = do_ahash_op(crypto_ahash_update, req, &wait, cfg->nosimd); 1093 err = check_nonfinal_hash_op("update", err, result, digestsize, 1094 driver, vec_name, cfg); 1095 if (err) 1096 return err; 1097 err = do_ahash_op(crypto_ahash_final, req, &wait, cfg->nosimd); 1098 if (err) { 1099 pr_err("alg: hash: %s final() failed with err %d on test vector %s, cfg=\"%s\"\n", 1100 driver, err, vec_name, cfg->name); 1101 return err; 1102 } 1103 } else { 1104 /* finish with finup() */ 1105 err = do_ahash_op(crypto_ahash_finup, req, &wait, cfg->nosimd); 1106 if (err) { 1107 pr_err("alg: hash: %s finup() failed with err %d on test vector %s, cfg=\"%s\"\n", 1108 driver, err, vec_name, cfg->name); 1109 return err; 1110 } 1111 } 1112 1113 result_ready: 1114 /* Check that the algorithm produced the correct digest */ 1115 if (memcmp(result, vec->digest, digestsize) != 0) { 1116 pr_err("alg: hash: %s test failed (wrong result) on test vector %s, cfg=\"%s\"\n", 1117 driver, vec_name, cfg->name); 1118 return -EINVAL; 1119 } 1120 if (!testmgr_is_poison(&result[digestsize], TESTMGR_POISON_LEN)) { 1121 pr_err("alg: hash: %s overran result buffer on test vector %s, cfg=\"%s\"\n", 1122 driver, vec_name, cfg->name); 1123 return -EOVERFLOW; 1124 } 1125 1126 return 0; 1127 } 1128 1129 static int test_hash_vec(const char *driver, const struct hash_testvec *vec, 1130 unsigned int vec_num, struct ahash_request *req, 1131 struct test_sglist *tsgl, u8 *hashstate) 1132 { 1133 char vec_name[16]; 1134 unsigned int i; 1135 int err; 1136 1137 sprintf(vec_name, "%u", vec_num); 1138 1139 for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++) { 1140 err = test_hash_vec_cfg(driver, vec, vec_name, 1141 &default_hash_testvec_configs[i], 1142 req, tsgl, hashstate); 1143 if (err) 1144 return err; 1145 } 1146 1147 #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS 1148 if (!noextratests) { 1149 struct testvec_config cfg; 1150 char cfgname[TESTVEC_CONFIG_NAMELEN]; 1151 1152 for (i = 0; i < fuzz_iterations; i++) { 1153 generate_random_testvec_config(&cfg, cfgname, 1154 sizeof(cfgname)); 1155 err = test_hash_vec_cfg(driver, vec, vec_name, &cfg, 1156 req, tsgl, hashstate); 1157 if (err) 1158 return err; 1159 } 1160 } 1161 #endif 1162 return 0; 1163 } 1164 1165 static int __alg_test_hash(const struct hash_testvec *vecs, 1166 unsigned int num_vecs, const char *driver, 1167 u32 type, u32 mask) 1168 { 1169 struct crypto_ahash *tfm; 1170 struct ahash_request *req = NULL; 1171 struct test_sglist *tsgl = NULL; 1172 u8 *hashstate = NULL; 1173 unsigned int i; 1174 int err; 1175 1176 tfm = crypto_alloc_ahash(driver, type, mask); 1177 if (IS_ERR(tfm)) { 1178 pr_err("alg: hash: failed to allocate transform for %s: %ld\n", 1179 driver, PTR_ERR(tfm)); 1180 return PTR_ERR(tfm); 1181 } 1182 1183 req = ahash_request_alloc(tfm, GFP_KERNEL); 1184 if (!req) { 1185 pr_err("alg: hash: failed to allocate request for %s\n", 1186 driver); 1187 err = -ENOMEM; 1188 goto out; 1189 } 1190 1191 tsgl = kmalloc(sizeof(*tsgl), GFP_KERNEL); 1192 if (!tsgl || init_test_sglist(tsgl) != 0) { 1193 pr_err("alg: hash: failed to allocate test buffers for %s\n", 1194 driver); 1195 kfree(tsgl); 1196 tsgl = NULL; 1197 err = -ENOMEM; 1198 goto out; 1199 } 1200 1201 hashstate = kmalloc(crypto_ahash_statesize(tfm) + TESTMGR_POISON_LEN, 1202 GFP_KERNEL); 1203 if (!hashstate) { 1204 pr_err("alg: hash: failed to allocate hash state buffer for %s\n", 1205 driver); 1206 err = -ENOMEM; 1207 goto out; 1208 } 1209 1210 for (i = 0; i < num_vecs; i++) { 1211 err = test_hash_vec(driver, &vecs[i], i, req, tsgl, hashstate); 1212 if (err) 1213 goto out; 1214 } 1215 err = 0; 1216 out: 1217 kfree(hashstate); 1218 if (tsgl) { 1219 destroy_test_sglist(tsgl); 1220 kfree(tsgl); 1221 } 1222 ahash_request_free(req); 1223 crypto_free_ahash(tfm); 1224 return err; 1225 } 1226 1227 static int alg_test_hash(const struct alg_test_desc *desc, const char *driver, 1228 u32 type, u32 mask) 1229 { 1230 const struct hash_testvec *template = desc->suite.hash.vecs; 1231 unsigned int tcount = desc->suite.hash.count; 1232 unsigned int nr_unkeyed, nr_keyed; 1233 int err; 1234 1235 /* 1236 * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests 1237 * first, before setting a key on the tfm. To make this easier, we 1238 * require that the unkeyed test vectors (if any) are listed first. 1239 */ 1240 1241 for (nr_unkeyed = 0; nr_unkeyed < tcount; nr_unkeyed++) { 1242 if (template[nr_unkeyed].ksize) 1243 break; 1244 } 1245 for (nr_keyed = 0; nr_unkeyed + nr_keyed < tcount; nr_keyed++) { 1246 if (!template[nr_unkeyed + nr_keyed].ksize) { 1247 pr_err("alg: hash: test vectors for %s out of order, " 1248 "unkeyed ones must come first\n", desc->alg); 1249 return -EINVAL; 1250 } 1251 } 1252 1253 err = 0; 1254 if (nr_unkeyed) { 1255 err = __alg_test_hash(template, nr_unkeyed, driver, type, mask); 1256 template += nr_unkeyed; 1257 } 1258 1259 if (!err && nr_keyed) 1260 err = __alg_test_hash(template, nr_keyed, driver, type, mask); 1261 1262 return err; 1263 } 1264 1265 static int test_aead_vec_cfg(const char *driver, int enc, 1266 const struct aead_testvec *vec, 1267 const char *vec_name, 1268 const struct testvec_config *cfg, 1269 struct aead_request *req, 1270 struct cipher_test_sglists *tsgls) 1271 { 1272 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1273 const unsigned int alignmask = crypto_aead_alignmask(tfm); 1274 const unsigned int ivsize = crypto_aead_ivsize(tfm); 1275 const unsigned int authsize = vec->clen - vec->plen; 1276 const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; 1277 const char *op = enc ? "encryption" : "decryption"; 1278 DECLARE_CRYPTO_WAIT(wait); 1279 u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN]; 1280 u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) + 1281 cfg->iv_offset + 1282 (cfg->iv_offset_relative_to_alignmask ? alignmask : 0); 1283 struct kvec input[2]; 1284 int expected_error; 1285 int err; 1286 1287 /* Set the key */ 1288 if (vec->wk) 1289 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); 1290 else 1291 crypto_aead_clear_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); 1292 err = crypto_aead_setkey(tfm, vec->key, vec->klen); 1293 if (err && err != vec->setkey_error) { 1294 pr_err("alg: aead: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n", 1295 driver, vec_name, vec->setkey_error, err, 1296 crypto_aead_get_flags(tfm)); 1297 return err; 1298 } 1299 if (!err && vec->setkey_error) { 1300 pr_err("alg: aead: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n", 1301 driver, vec_name, vec->setkey_error); 1302 return -EINVAL; 1303 } 1304 1305 /* Set the authentication tag size */ 1306 err = crypto_aead_setauthsize(tfm, authsize); 1307 if (err && err != vec->setauthsize_error) { 1308 pr_err("alg: aead: %s setauthsize failed on test vector %s; expected_error=%d, actual_error=%d\n", 1309 driver, vec_name, vec->setauthsize_error, err); 1310 return err; 1311 } 1312 if (!err && vec->setauthsize_error) { 1313 pr_err("alg: aead: %s setauthsize unexpectedly succeeded on test vector %s; expected_error=%d\n", 1314 driver, vec_name, vec->setauthsize_error); 1315 return -EINVAL; 1316 } 1317 1318 if (vec->setkey_error || vec->setauthsize_error) 1319 return 0; 1320 1321 /* The IV must be copied to a buffer, as the algorithm may modify it */ 1322 if (WARN_ON(ivsize > MAX_IVLEN)) 1323 return -EINVAL; 1324 if (vec->iv) 1325 memcpy(iv, vec->iv, ivsize); 1326 else 1327 memset(iv, 0, ivsize); 1328 1329 /* Build the src/dst scatterlists */ 1330 input[0].iov_base = (void *)vec->assoc; 1331 input[0].iov_len = vec->alen; 1332 input[1].iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext; 1333 input[1].iov_len = enc ? vec->plen : vec->clen; 1334 err = build_cipher_test_sglists(tsgls, cfg, alignmask, 1335 vec->alen + (enc ? vec->plen : 1336 vec->clen), 1337 vec->alen + (enc ? vec->clen : 1338 vec->plen), 1339 input, 2); 1340 if (err) { 1341 pr_err("alg: aead: %s %s: error preparing scatterlists for test vector %s, cfg=\"%s\"\n", 1342 driver, op, vec_name, cfg->name); 1343 return err; 1344 } 1345 1346 /* Do the actual encryption or decryption */ 1347 testmgr_poison(req->__ctx, crypto_aead_reqsize(tfm)); 1348 aead_request_set_callback(req, req_flags, crypto_req_done, &wait); 1349 aead_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr, 1350 enc ? vec->plen : vec->clen, iv); 1351 aead_request_set_ad(req, vec->alen); 1352 if (cfg->nosimd) 1353 crypto_disable_simd_for_test(); 1354 err = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req); 1355 if (cfg->nosimd) 1356 crypto_reenable_simd_for_test(); 1357 err = crypto_wait_req(err, &wait); 1358 1359 /* Check that the algorithm didn't overwrite things it shouldn't have */ 1360 if (req->cryptlen != (enc ? vec->plen : vec->clen) || 1361 req->assoclen != vec->alen || 1362 req->iv != iv || 1363 req->src != tsgls->src.sgl_ptr || 1364 req->dst != tsgls->dst.sgl_ptr || 1365 crypto_aead_reqtfm(req) != tfm || 1366 req->base.complete != crypto_req_done || 1367 req->base.flags != req_flags || 1368 req->base.data != &wait) { 1369 pr_err("alg: aead: %s %s corrupted request struct on test vector %s, cfg=\"%s\"\n", 1370 driver, op, vec_name, cfg->name); 1371 if (req->cryptlen != (enc ? vec->plen : vec->clen)) 1372 pr_err("alg: aead: changed 'req->cryptlen'\n"); 1373 if (req->assoclen != vec->alen) 1374 pr_err("alg: aead: changed 'req->assoclen'\n"); 1375 if (req->iv != iv) 1376 pr_err("alg: aead: changed 'req->iv'\n"); 1377 if (req->src != tsgls->src.sgl_ptr) 1378 pr_err("alg: aead: changed 'req->src'\n"); 1379 if (req->dst != tsgls->dst.sgl_ptr) 1380 pr_err("alg: aead: changed 'req->dst'\n"); 1381 if (crypto_aead_reqtfm(req) != tfm) 1382 pr_err("alg: aead: changed 'req->base.tfm'\n"); 1383 if (req->base.complete != crypto_req_done) 1384 pr_err("alg: aead: changed 'req->base.complete'\n"); 1385 if (req->base.flags != req_flags) 1386 pr_err("alg: aead: changed 'req->base.flags'\n"); 1387 if (req->base.data != &wait) 1388 pr_err("alg: aead: changed 'req->base.data'\n"); 1389 return -EINVAL; 1390 } 1391 if (is_test_sglist_corrupted(&tsgls->src)) { 1392 pr_err("alg: aead: %s %s corrupted src sgl on test vector %s, cfg=\"%s\"\n", 1393 driver, op, vec_name, cfg->name); 1394 return -EINVAL; 1395 } 1396 if (tsgls->dst.sgl_ptr != tsgls->src.sgl && 1397 is_test_sglist_corrupted(&tsgls->dst)) { 1398 pr_err("alg: aead: %s %s corrupted dst sgl on test vector %s, cfg=\"%s\"\n", 1399 driver, op, vec_name, cfg->name); 1400 return -EINVAL; 1401 } 1402 1403 /* Check for success or failure */ 1404 expected_error = vec->novrfy ? -EBADMSG : vec->crypt_error; 1405 if (err) { 1406 if (err == expected_error) 1407 return 0; 1408 pr_err("alg: aead: %s %s failed on test vector %s; expected_error=%d, actual_error=%d, cfg=\"%s\"\n", 1409 driver, op, vec_name, expected_error, err, cfg->name); 1410 return err; 1411 } 1412 if (expected_error) { 1413 pr_err("alg: aead: %s %s unexpectedly succeeded on test vector %s; expected_error=%d, cfg=\"%s\"\n", 1414 driver, op, vec_name, expected_error, cfg->name); 1415 return -EINVAL; 1416 } 1417 1418 /* Check for the correct output (ciphertext or plaintext) */ 1419 err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, 1420 enc ? vec->clen : vec->plen, 1421 vec->alen, enc || !cfg->inplace); 1422 if (err == -EOVERFLOW) { 1423 pr_err("alg: aead: %s %s overran dst buffer on test vector %s, cfg=\"%s\"\n", 1424 driver, op, vec_name, cfg->name); 1425 return err; 1426 } 1427 if (err) { 1428 pr_err("alg: aead: %s %s test failed (wrong result) on test vector %s, cfg=\"%s\"\n", 1429 driver, op, vec_name, cfg->name); 1430 return err; 1431 } 1432 1433 return 0; 1434 } 1435 1436 static int test_aead_vec(const char *driver, int enc, 1437 const struct aead_testvec *vec, unsigned int vec_num, 1438 struct aead_request *req, 1439 struct cipher_test_sglists *tsgls) 1440 { 1441 char vec_name[16]; 1442 unsigned int i; 1443 int err; 1444 1445 if (enc && vec->novrfy) 1446 return 0; 1447 1448 sprintf(vec_name, "%u", vec_num); 1449 1450 for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) { 1451 err = test_aead_vec_cfg(driver, enc, vec, vec_name, 1452 &default_cipher_testvec_configs[i], 1453 req, tsgls); 1454 if (err) 1455 return err; 1456 } 1457 1458 #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS 1459 if (!noextratests) { 1460 struct testvec_config cfg; 1461 char cfgname[TESTVEC_CONFIG_NAMELEN]; 1462 1463 for (i = 0; i < fuzz_iterations; i++) { 1464 generate_random_testvec_config(&cfg, cfgname, 1465 sizeof(cfgname)); 1466 err = test_aead_vec_cfg(driver, enc, vec, vec_name, 1467 &cfg, req, tsgls); 1468 if (err) 1469 return err; 1470 } 1471 } 1472 #endif 1473 return 0; 1474 } 1475 1476 static int test_aead(const char *driver, int enc, 1477 const struct aead_test_suite *suite, 1478 struct aead_request *req, 1479 struct cipher_test_sglists *tsgls) 1480 { 1481 unsigned int i; 1482 int err; 1483 1484 for (i = 0; i < suite->count; i++) { 1485 err = test_aead_vec(driver, enc, &suite->vecs[i], i, req, 1486 tsgls); 1487 if (err) 1488 return err; 1489 } 1490 return 0; 1491 } 1492 1493 static int alg_test_aead(const struct alg_test_desc *desc, const char *driver, 1494 u32 type, u32 mask) 1495 { 1496 const struct aead_test_suite *suite = &desc->suite.aead; 1497 struct crypto_aead *tfm; 1498 struct aead_request *req = NULL; 1499 struct cipher_test_sglists *tsgls = NULL; 1500 int err; 1501 1502 if (suite->count <= 0) { 1503 pr_err("alg: aead: empty test suite for %s\n", driver); 1504 return -EINVAL; 1505 } 1506 1507 tfm = crypto_alloc_aead(driver, type, mask); 1508 if (IS_ERR(tfm)) { 1509 pr_err("alg: aead: failed to allocate transform for %s: %ld\n", 1510 driver, PTR_ERR(tfm)); 1511 return PTR_ERR(tfm); 1512 } 1513 1514 req = aead_request_alloc(tfm, GFP_KERNEL); 1515 if (!req) { 1516 pr_err("alg: aead: failed to allocate request for %s\n", 1517 driver); 1518 err = -ENOMEM; 1519 goto out; 1520 } 1521 1522 tsgls = alloc_cipher_test_sglists(); 1523 if (!tsgls) { 1524 pr_err("alg: aead: failed to allocate test buffers for %s\n", 1525 driver); 1526 err = -ENOMEM; 1527 goto out; 1528 } 1529 1530 err = test_aead(driver, ENCRYPT, suite, req, tsgls); 1531 if (err) 1532 goto out; 1533 1534 err = test_aead(driver, DECRYPT, suite, req, tsgls); 1535 out: 1536 free_cipher_test_sglists(tsgls); 1537 aead_request_free(req); 1538 crypto_free_aead(tfm); 1539 return err; 1540 } 1541 1542 static int test_cipher(struct crypto_cipher *tfm, int enc, 1543 const struct cipher_testvec *template, 1544 unsigned int tcount) 1545 { 1546 const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm)); 1547 unsigned int i, j, k; 1548 char *q; 1549 const char *e; 1550 const char *input, *result; 1551 void *data; 1552 char *xbuf[XBUFSIZE]; 1553 int ret = -ENOMEM; 1554 1555 if (testmgr_alloc_buf(xbuf)) 1556 goto out_nobuf; 1557 1558 if (enc == ENCRYPT) 1559 e = "encryption"; 1560 else 1561 e = "decryption"; 1562 1563 j = 0; 1564 for (i = 0; i < tcount; i++) { 1565 1566 if (fips_enabled && template[i].fips_skip) 1567 continue; 1568 1569 input = enc ? template[i].ptext : template[i].ctext; 1570 result = enc ? template[i].ctext : template[i].ptext; 1571 j++; 1572 1573 ret = -EINVAL; 1574 if (WARN_ON(template[i].len > PAGE_SIZE)) 1575 goto out; 1576 1577 data = xbuf[0]; 1578 memcpy(data, input, template[i].len); 1579 1580 crypto_cipher_clear_flags(tfm, ~0); 1581 if (template[i].wk) 1582 crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); 1583 1584 ret = crypto_cipher_setkey(tfm, template[i].key, 1585 template[i].klen); 1586 if (ret) { 1587 if (ret == template[i].setkey_error) 1588 continue; 1589 pr_err("alg: cipher: %s setkey failed on test vector %u; expected_error=%d, actual_error=%d, flags=%#x\n", 1590 algo, j, template[i].setkey_error, ret, 1591 crypto_cipher_get_flags(tfm)); 1592 goto out; 1593 } 1594 if (template[i].setkey_error) { 1595 pr_err("alg: cipher: %s setkey unexpectedly succeeded on test vector %u; expected_error=%d\n", 1596 algo, j, template[i].setkey_error); 1597 ret = -EINVAL; 1598 goto out; 1599 } 1600 1601 for (k = 0; k < template[i].len; 1602 k += crypto_cipher_blocksize(tfm)) { 1603 if (enc) 1604 crypto_cipher_encrypt_one(tfm, data + k, 1605 data + k); 1606 else 1607 crypto_cipher_decrypt_one(tfm, data + k, 1608 data + k); 1609 } 1610 1611 q = data; 1612 if (memcmp(q, result, template[i].len)) { 1613 printk(KERN_ERR "alg: cipher: Test %d failed " 1614 "on %s for %s\n", j, e, algo); 1615 hexdump(q, template[i].len); 1616 ret = -EINVAL; 1617 goto out; 1618 } 1619 } 1620 1621 ret = 0; 1622 1623 out: 1624 testmgr_free_buf(xbuf); 1625 out_nobuf: 1626 return ret; 1627 } 1628 1629 static int test_skcipher_vec_cfg(const char *driver, int enc, 1630 const struct cipher_testvec *vec, 1631 const char *vec_name, 1632 const struct testvec_config *cfg, 1633 struct skcipher_request *req, 1634 struct cipher_test_sglists *tsgls) 1635 { 1636 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 1637 const unsigned int alignmask = crypto_skcipher_alignmask(tfm); 1638 const unsigned int ivsize = crypto_skcipher_ivsize(tfm); 1639 const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; 1640 const char *op = enc ? "encryption" : "decryption"; 1641 DECLARE_CRYPTO_WAIT(wait); 1642 u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN]; 1643 u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) + 1644 cfg->iv_offset + 1645 (cfg->iv_offset_relative_to_alignmask ? alignmask : 0); 1646 struct kvec input; 1647 int err; 1648 1649 /* Set the key */ 1650 if (vec->wk) 1651 crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); 1652 else 1653 crypto_skcipher_clear_flags(tfm, 1654 CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); 1655 err = crypto_skcipher_setkey(tfm, vec->key, vec->klen); 1656 if (err) { 1657 if (err == vec->setkey_error) 1658 return 0; 1659 pr_err("alg: skcipher: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n", 1660 driver, vec_name, vec->setkey_error, err, 1661 crypto_skcipher_get_flags(tfm)); 1662 return err; 1663 } 1664 if (vec->setkey_error) { 1665 pr_err("alg: skcipher: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n", 1666 driver, vec_name, vec->setkey_error); 1667 return -EINVAL; 1668 } 1669 1670 /* The IV must be copied to a buffer, as the algorithm may modify it */ 1671 if (ivsize) { 1672 if (WARN_ON(ivsize > MAX_IVLEN)) 1673 return -EINVAL; 1674 if (vec->generates_iv && !enc) 1675 memcpy(iv, vec->iv_out, ivsize); 1676 else if (vec->iv) 1677 memcpy(iv, vec->iv, ivsize); 1678 else 1679 memset(iv, 0, ivsize); 1680 } else { 1681 if (vec->generates_iv) { 1682 pr_err("alg: skcipher: %s has ivsize=0 but test vector %s generates IV!\n", 1683 driver, vec_name); 1684 return -EINVAL; 1685 } 1686 iv = NULL; 1687 } 1688 1689 /* Build the src/dst scatterlists */ 1690 input.iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext; 1691 input.iov_len = vec->len; 1692 err = build_cipher_test_sglists(tsgls, cfg, alignmask, 1693 vec->len, vec->len, &input, 1); 1694 if (err) { 1695 pr_err("alg: skcipher: %s %s: error preparing scatterlists for test vector %s, cfg=\"%s\"\n", 1696 driver, op, vec_name, cfg->name); 1697 return err; 1698 } 1699 1700 /* Do the actual encryption or decryption */ 1701 testmgr_poison(req->__ctx, crypto_skcipher_reqsize(tfm)); 1702 skcipher_request_set_callback(req, req_flags, crypto_req_done, &wait); 1703 skcipher_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr, 1704 vec->len, iv); 1705 if (cfg->nosimd) 1706 crypto_disable_simd_for_test(); 1707 err = enc ? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req); 1708 if (cfg->nosimd) 1709 crypto_reenable_simd_for_test(); 1710 err = crypto_wait_req(err, &wait); 1711 1712 /* Check that the algorithm didn't overwrite things it shouldn't have */ 1713 if (req->cryptlen != vec->len || 1714 req->iv != iv || 1715 req->src != tsgls->src.sgl_ptr || 1716 req->dst != tsgls->dst.sgl_ptr || 1717 crypto_skcipher_reqtfm(req) != tfm || 1718 req->base.complete != crypto_req_done || 1719 req->base.flags != req_flags || 1720 req->base.data != &wait) { 1721 pr_err("alg: skcipher: %s %s corrupted request struct on test vector %s, cfg=\"%s\"\n", 1722 driver, op, vec_name, cfg->name); 1723 if (req->cryptlen != vec->len) 1724 pr_err("alg: skcipher: changed 'req->cryptlen'\n"); 1725 if (req->iv != iv) 1726 pr_err("alg: skcipher: changed 'req->iv'\n"); 1727 if (req->src != tsgls->src.sgl_ptr) 1728 pr_err("alg: skcipher: changed 'req->src'\n"); 1729 if (req->dst != tsgls->dst.sgl_ptr) 1730 pr_err("alg: skcipher: changed 'req->dst'\n"); 1731 if (crypto_skcipher_reqtfm(req) != tfm) 1732 pr_err("alg: skcipher: changed 'req->base.tfm'\n"); 1733 if (req->base.complete != crypto_req_done) 1734 pr_err("alg: skcipher: changed 'req->base.complete'\n"); 1735 if (req->base.flags != req_flags) 1736 pr_err("alg: skcipher: changed 'req->base.flags'\n"); 1737 if (req->base.data != &wait) 1738 pr_err("alg: skcipher: changed 'req->base.data'\n"); 1739 return -EINVAL; 1740 } 1741 if (is_test_sglist_corrupted(&tsgls->src)) { 1742 pr_err("alg: skcipher: %s %s corrupted src sgl on test vector %s, cfg=\"%s\"\n", 1743 driver, op, vec_name, cfg->name); 1744 return -EINVAL; 1745 } 1746 if (tsgls->dst.sgl_ptr != tsgls->src.sgl && 1747 is_test_sglist_corrupted(&tsgls->dst)) { 1748 pr_err("alg: skcipher: %s %s corrupted dst sgl on test vector %s, cfg=\"%s\"\n", 1749 driver, op, vec_name, cfg->name); 1750 return -EINVAL; 1751 } 1752 1753 /* Check for success or failure */ 1754 if (err) { 1755 if (err == vec->crypt_error) 1756 return 0; 1757 pr_err("alg: skcipher: %s %s failed on test vector %s; expected_error=%d, actual_error=%d, cfg=\"%s\"\n", 1758 driver, op, vec_name, vec->crypt_error, err, cfg->name); 1759 return err; 1760 } 1761 if (vec->crypt_error) { 1762 pr_err("alg: skcipher: %s %s unexpectedly succeeded on test vector %s; expected_error=%d, cfg=\"%s\"\n", 1763 driver, op, vec_name, vec->crypt_error, cfg->name); 1764 return -EINVAL; 1765 } 1766 1767 /* Check for the correct output (ciphertext or plaintext) */ 1768 err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, 1769 vec->len, 0, true); 1770 if (err == -EOVERFLOW) { 1771 pr_err("alg: skcipher: %s %s overran dst buffer on test vector %s, cfg=\"%s\"\n", 1772 driver, op, vec_name, cfg->name); 1773 return err; 1774 } 1775 if (err) { 1776 pr_err("alg: skcipher: %s %s test failed (wrong result) on test vector %s, cfg=\"%s\"\n", 1777 driver, op, vec_name, cfg->name); 1778 return err; 1779 } 1780 1781 /* If applicable, check that the algorithm generated the correct IV */ 1782 if (vec->iv_out && memcmp(iv, vec->iv_out, ivsize) != 0) { 1783 pr_err("alg: skcipher: %s %s test failed (wrong output IV) on test vector %s, cfg=\"%s\"\n", 1784 driver, op, vec_name, cfg->name); 1785 hexdump(iv, ivsize); 1786 return -EINVAL; 1787 } 1788 1789 return 0; 1790 } 1791 1792 static int test_skcipher_vec(const char *driver, int enc, 1793 const struct cipher_testvec *vec, 1794 unsigned int vec_num, 1795 struct skcipher_request *req, 1796 struct cipher_test_sglists *tsgls) 1797 { 1798 char vec_name[16]; 1799 unsigned int i; 1800 int err; 1801 1802 if (fips_enabled && vec->fips_skip) 1803 return 0; 1804 1805 sprintf(vec_name, "%u", vec_num); 1806 1807 for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) { 1808 err = test_skcipher_vec_cfg(driver, enc, vec, vec_name, 1809 &default_cipher_testvec_configs[i], 1810 req, tsgls); 1811 if (err) 1812 return err; 1813 } 1814 1815 #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS 1816 if (!noextratests) { 1817 struct testvec_config cfg; 1818 char cfgname[TESTVEC_CONFIG_NAMELEN]; 1819 1820 for (i = 0; i < fuzz_iterations; i++) { 1821 generate_random_testvec_config(&cfg, cfgname, 1822 sizeof(cfgname)); 1823 err = test_skcipher_vec_cfg(driver, enc, vec, vec_name, 1824 &cfg, req, tsgls); 1825 if (err) 1826 return err; 1827 } 1828 } 1829 #endif 1830 return 0; 1831 } 1832 1833 static int test_skcipher(const char *driver, int enc, 1834 const struct cipher_test_suite *suite, 1835 struct skcipher_request *req, 1836 struct cipher_test_sglists *tsgls) 1837 { 1838 unsigned int i; 1839 int err; 1840 1841 for (i = 0; i < suite->count; i++) { 1842 err = test_skcipher_vec(driver, enc, &suite->vecs[i], i, req, 1843 tsgls); 1844 if (err) 1845 return err; 1846 } 1847 return 0; 1848 } 1849 1850 static int alg_test_skcipher(const struct alg_test_desc *desc, 1851 const char *driver, u32 type, u32 mask) 1852 { 1853 const struct cipher_test_suite *suite = &desc->suite.cipher; 1854 struct crypto_skcipher *tfm; 1855 struct skcipher_request *req = NULL; 1856 struct cipher_test_sglists *tsgls = NULL; 1857 int err; 1858 1859 if (suite->count <= 0) { 1860 pr_err("alg: skcipher: empty test suite for %s\n", driver); 1861 return -EINVAL; 1862 } 1863 1864 tfm = crypto_alloc_skcipher(driver, type, mask); 1865 if (IS_ERR(tfm)) { 1866 pr_err("alg: skcipher: failed to allocate transform for %s: %ld\n", 1867 driver, PTR_ERR(tfm)); 1868 return PTR_ERR(tfm); 1869 } 1870 1871 req = skcipher_request_alloc(tfm, GFP_KERNEL); 1872 if (!req) { 1873 pr_err("alg: skcipher: failed to allocate request for %s\n", 1874 driver); 1875 err = -ENOMEM; 1876 goto out; 1877 } 1878 1879 tsgls = alloc_cipher_test_sglists(); 1880 if (!tsgls) { 1881 pr_err("alg: skcipher: failed to allocate test buffers for %s\n", 1882 driver); 1883 err = -ENOMEM; 1884 goto out; 1885 } 1886 1887 err = test_skcipher(driver, ENCRYPT, suite, req, tsgls); 1888 if (err) 1889 goto out; 1890 1891 err = test_skcipher(driver, DECRYPT, suite, req, tsgls); 1892 out: 1893 free_cipher_test_sglists(tsgls); 1894 skcipher_request_free(req); 1895 crypto_free_skcipher(tfm); 1896 return err; 1897 } 1898 1899 static int test_comp(struct crypto_comp *tfm, 1900 const struct comp_testvec *ctemplate, 1901 const struct comp_testvec *dtemplate, 1902 int ctcount, int dtcount) 1903 { 1904 const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm)); 1905 char *output, *decomp_output; 1906 unsigned int i; 1907 int ret; 1908 1909 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); 1910 if (!output) 1911 return -ENOMEM; 1912 1913 decomp_output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); 1914 if (!decomp_output) { 1915 kfree(output); 1916 return -ENOMEM; 1917 } 1918 1919 for (i = 0; i < ctcount; i++) { 1920 int ilen; 1921 unsigned int dlen = COMP_BUF_SIZE; 1922 1923 memset(output, 0, COMP_BUF_SIZE); 1924 memset(decomp_output, 0, COMP_BUF_SIZE); 1925 1926 ilen = ctemplate[i].inlen; 1927 ret = crypto_comp_compress(tfm, ctemplate[i].input, 1928 ilen, output, &dlen); 1929 if (ret) { 1930 printk(KERN_ERR "alg: comp: compression failed " 1931 "on test %d for %s: ret=%d\n", i + 1, algo, 1932 -ret); 1933 goto out; 1934 } 1935 1936 ilen = dlen; 1937 dlen = COMP_BUF_SIZE; 1938 ret = crypto_comp_decompress(tfm, output, 1939 ilen, decomp_output, &dlen); 1940 if (ret) { 1941 pr_err("alg: comp: compression failed: decompress: on test %d for %s failed: ret=%d\n", 1942 i + 1, algo, -ret); 1943 goto out; 1944 } 1945 1946 if (dlen != ctemplate[i].inlen) { 1947 printk(KERN_ERR "alg: comp: Compression test %d " 1948 "failed for %s: output len = %d\n", i + 1, algo, 1949 dlen); 1950 ret = -EINVAL; 1951 goto out; 1952 } 1953 1954 if (memcmp(decomp_output, ctemplate[i].input, 1955 ctemplate[i].inlen)) { 1956 pr_err("alg: comp: compression failed: output differs: on test %d for %s\n", 1957 i + 1, algo); 1958 hexdump(decomp_output, dlen); 1959 ret = -EINVAL; 1960 goto out; 1961 } 1962 } 1963 1964 for (i = 0; i < dtcount; i++) { 1965 int ilen; 1966 unsigned int dlen = COMP_BUF_SIZE; 1967 1968 memset(decomp_output, 0, COMP_BUF_SIZE); 1969 1970 ilen = dtemplate[i].inlen; 1971 ret = crypto_comp_decompress(tfm, dtemplate[i].input, 1972 ilen, decomp_output, &dlen); 1973 if (ret) { 1974 printk(KERN_ERR "alg: comp: decompression failed " 1975 "on test %d for %s: ret=%d\n", i + 1, algo, 1976 -ret); 1977 goto out; 1978 } 1979 1980 if (dlen != dtemplate[i].outlen) { 1981 printk(KERN_ERR "alg: comp: Decompression test %d " 1982 "failed for %s: output len = %d\n", i + 1, algo, 1983 dlen); 1984 ret = -EINVAL; 1985 goto out; 1986 } 1987 1988 if (memcmp(decomp_output, dtemplate[i].output, dlen)) { 1989 printk(KERN_ERR "alg: comp: Decompression test %d " 1990 "failed for %s\n", i + 1, algo); 1991 hexdump(decomp_output, dlen); 1992 ret = -EINVAL; 1993 goto out; 1994 } 1995 } 1996 1997 ret = 0; 1998 1999 out: 2000 kfree(decomp_output); 2001 kfree(output); 2002 return ret; 2003 } 2004 2005 static int test_acomp(struct crypto_acomp *tfm, 2006 const struct comp_testvec *ctemplate, 2007 const struct comp_testvec *dtemplate, 2008 int ctcount, int dtcount) 2009 { 2010 const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm)); 2011 unsigned int i; 2012 char *output, *decomp_out; 2013 int ret; 2014 struct scatterlist src, dst; 2015 struct acomp_req *req; 2016 struct crypto_wait wait; 2017 2018 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); 2019 if (!output) 2020 return -ENOMEM; 2021 2022 decomp_out = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); 2023 if (!decomp_out) { 2024 kfree(output); 2025 return -ENOMEM; 2026 } 2027 2028 for (i = 0; i < ctcount; i++) { 2029 unsigned int dlen = COMP_BUF_SIZE; 2030 int ilen = ctemplate[i].inlen; 2031 void *input_vec; 2032 2033 input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL); 2034 if (!input_vec) { 2035 ret = -ENOMEM; 2036 goto out; 2037 } 2038 2039 memset(output, 0, dlen); 2040 crypto_init_wait(&wait); 2041 sg_init_one(&src, input_vec, ilen); 2042 sg_init_one(&dst, output, dlen); 2043 2044 req = acomp_request_alloc(tfm); 2045 if (!req) { 2046 pr_err("alg: acomp: request alloc failed for %s\n", 2047 algo); 2048 kfree(input_vec); 2049 ret = -ENOMEM; 2050 goto out; 2051 } 2052 2053 acomp_request_set_params(req, &src, &dst, ilen, dlen); 2054 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 2055 crypto_req_done, &wait); 2056 2057 ret = crypto_wait_req(crypto_acomp_compress(req), &wait); 2058 if (ret) { 2059 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n", 2060 i + 1, algo, -ret); 2061 kfree(input_vec); 2062 acomp_request_free(req); 2063 goto out; 2064 } 2065 2066 ilen = req->dlen; 2067 dlen = COMP_BUF_SIZE; 2068 sg_init_one(&src, output, ilen); 2069 sg_init_one(&dst, decomp_out, dlen); 2070 crypto_init_wait(&wait); 2071 acomp_request_set_params(req, &src, &dst, ilen, dlen); 2072 2073 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait); 2074 if (ret) { 2075 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n", 2076 i + 1, algo, -ret); 2077 kfree(input_vec); 2078 acomp_request_free(req); 2079 goto out; 2080 } 2081 2082 if (req->dlen != ctemplate[i].inlen) { 2083 pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n", 2084 i + 1, algo, req->dlen); 2085 ret = -EINVAL; 2086 kfree(input_vec); 2087 acomp_request_free(req); 2088 goto out; 2089 } 2090 2091 if (memcmp(input_vec, decomp_out, req->dlen)) { 2092 pr_err("alg: acomp: Compression test %d failed for %s\n", 2093 i + 1, algo); 2094 hexdump(output, req->dlen); 2095 ret = -EINVAL; 2096 kfree(input_vec); 2097 acomp_request_free(req); 2098 goto out; 2099 } 2100 2101 kfree(input_vec); 2102 acomp_request_free(req); 2103 } 2104 2105 for (i = 0; i < dtcount; i++) { 2106 unsigned int dlen = COMP_BUF_SIZE; 2107 int ilen = dtemplate[i].inlen; 2108 void *input_vec; 2109 2110 input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL); 2111 if (!input_vec) { 2112 ret = -ENOMEM; 2113 goto out; 2114 } 2115 2116 memset(output, 0, dlen); 2117 crypto_init_wait(&wait); 2118 sg_init_one(&src, input_vec, ilen); 2119 sg_init_one(&dst, output, dlen); 2120 2121 req = acomp_request_alloc(tfm); 2122 if (!req) { 2123 pr_err("alg: acomp: request alloc failed for %s\n", 2124 algo); 2125 kfree(input_vec); 2126 ret = -ENOMEM; 2127 goto out; 2128 } 2129 2130 acomp_request_set_params(req, &src, &dst, ilen, dlen); 2131 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 2132 crypto_req_done, &wait); 2133 2134 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait); 2135 if (ret) { 2136 pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n", 2137 i + 1, algo, -ret); 2138 kfree(input_vec); 2139 acomp_request_free(req); 2140 goto out; 2141 } 2142 2143 if (req->dlen != dtemplate[i].outlen) { 2144 pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n", 2145 i + 1, algo, req->dlen); 2146 ret = -EINVAL; 2147 kfree(input_vec); 2148 acomp_request_free(req); 2149 goto out; 2150 } 2151 2152 if (memcmp(output, dtemplate[i].output, req->dlen)) { 2153 pr_err("alg: acomp: Decompression test %d failed for %s\n", 2154 i + 1, algo); 2155 hexdump(output, req->dlen); 2156 ret = -EINVAL; 2157 kfree(input_vec); 2158 acomp_request_free(req); 2159 goto out; 2160 } 2161 2162 kfree(input_vec); 2163 acomp_request_free(req); 2164 } 2165 2166 ret = 0; 2167 2168 out: 2169 kfree(decomp_out); 2170 kfree(output); 2171 return ret; 2172 } 2173 2174 static int test_cprng(struct crypto_rng *tfm, 2175 const struct cprng_testvec *template, 2176 unsigned int tcount) 2177 { 2178 const char *algo = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm)); 2179 int err = 0, i, j, seedsize; 2180 u8 *seed; 2181 char result[32]; 2182 2183 seedsize = crypto_rng_seedsize(tfm); 2184 2185 seed = kmalloc(seedsize, GFP_KERNEL); 2186 if (!seed) { 2187 printk(KERN_ERR "alg: cprng: Failed to allocate seed space " 2188 "for %s\n", algo); 2189 return -ENOMEM; 2190 } 2191 2192 for (i = 0; i < tcount; i++) { 2193 memset(result, 0, 32); 2194 2195 memcpy(seed, template[i].v, template[i].vlen); 2196 memcpy(seed + template[i].vlen, template[i].key, 2197 template[i].klen); 2198 memcpy(seed + template[i].vlen + template[i].klen, 2199 template[i].dt, template[i].dtlen); 2200 2201 err = crypto_rng_reset(tfm, seed, seedsize); 2202 if (err) { 2203 printk(KERN_ERR "alg: cprng: Failed to reset rng " 2204 "for %s\n", algo); 2205 goto out; 2206 } 2207 2208 for (j = 0; j < template[i].loops; j++) { 2209 err = crypto_rng_get_bytes(tfm, result, 2210 template[i].rlen); 2211 if (err < 0) { 2212 printk(KERN_ERR "alg: cprng: Failed to obtain " 2213 "the correct amount of random data for " 2214 "%s (requested %d)\n", algo, 2215 template[i].rlen); 2216 goto out; 2217 } 2218 } 2219 2220 err = memcmp(result, template[i].result, 2221 template[i].rlen); 2222 if (err) { 2223 printk(KERN_ERR "alg: cprng: Test %d failed for %s\n", 2224 i, algo); 2225 hexdump(result, template[i].rlen); 2226 err = -EINVAL; 2227 goto out; 2228 } 2229 } 2230 2231 out: 2232 kfree(seed); 2233 return err; 2234 } 2235 2236 static int alg_test_cipher(const struct alg_test_desc *desc, 2237 const char *driver, u32 type, u32 mask) 2238 { 2239 const struct cipher_test_suite *suite = &desc->suite.cipher; 2240 struct crypto_cipher *tfm; 2241 int err; 2242 2243 tfm = crypto_alloc_cipher(driver, type, mask); 2244 if (IS_ERR(tfm)) { 2245 printk(KERN_ERR "alg: cipher: Failed to load transform for " 2246 "%s: %ld\n", driver, PTR_ERR(tfm)); 2247 return PTR_ERR(tfm); 2248 } 2249 2250 err = test_cipher(tfm, ENCRYPT, suite->vecs, suite->count); 2251 if (!err) 2252 err = test_cipher(tfm, DECRYPT, suite->vecs, suite->count); 2253 2254 crypto_free_cipher(tfm); 2255 return err; 2256 } 2257 2258 static int alg_test_comp(const struct alg_test_desc *desc, const char *driver, 2259 u32 type, u32 mask) 2260 { 2261 struct crypto_comp *comp; 2262 struct crypto_acomp *acomp; 2263 int err; 2264 u32 algo_type = type & CRYPTO_ALG_TYPE_ACOMPRESS_MASK; 2265 2266 if (algo_type == CRYPTO_ALG_TYPE_ACOMPRESS) { 2267 acomp = crypto_alloc_acomp(driver, type, mask); 2268 if (IS_ERR(acomp)) { 2269 pr_err("alg: acomp: Failed to load transform for %s: %ld\n", 2270 driver, PTR_ERR(acomp)); 2271 return PTR_ERR(acomp); 2272 } 2273 err = test_acomp(acomp, desc->suite.comp.comp.vecs, 2274 desc->suite.comp.decomp.vecs, 2275 desc->suite.comp.comp.count, 2276 desc->suite.comp.decomp.count); 2277 crypto_free_acomp(acomp); 2278 } else { 2279 comp = crypto_alloc_comp(driver, type, mask); 2280 if (IS_ERR(comp)) { 2281 pr_err("alg: comp: Failed to load transform for %s: %ld\n", 2282 driver, PTR_ERR(comp)); 2283 return PTR_ERR(comp); 2284 } 2285 2286 err = test_comp(comp, desc->suite.comp.comp.vecs, 2287 desc->suite.comp.decomp.vecs, 2288 desc->suite.comp.comp.count, 2289 desc->suite.comp.decomp.count); 2290 2291 crypto_free_comp(comp); 2292 } 2293 return err; 2294 } 2295 2296 static int alg_test_crc32c(const struct alg_test_desc *desc, 2297 const char *driver, u32 type, u32 mask) 2298 { 2299 struct crypto_shash *tfm; 2300 __le32 val; 2301 int err; 2302 2303 err = alg_test_hash(desc, driver, type, mask); 2304 if (err) 2305 return err; 2306 2307 tfm = crypto_alloc_shash(driver, type, mask); 2308 if (IS_ERR(tfm)) { 2309 if (PTR_ERR(tfm) == -ENOENT) { 2310 /* 2311 * This crc32c implementation is only available through 2312 * ahash API, not the shash API, so the remaining part 2313 * of the test is not applicable to it. 2314 */ 2315 return 0; 2316 } 2317 printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: " 2318 "%ld\n", driver, PTR_ERR(tfm)); 2319 return PTR_ERR(tfm); 2320 } 2321 2322 do { 2323 SHASH_DESC_ON_STACK(shash, tfm); 2324 u32 *ctx = (u32 *)shash_desc_ctx(shash); 2325 2326 shash->tfm = tfm; 2327 shash->flags = 0; 2328 2329 *ctx = 420553207; 2330 err = crypto_shash_final(shash, (u8 *)&val); 2331 if (err) { 2332 printk(KERN_ERR "alg: crc32c: Operation failed for " 2333 "%s: %d\n", driver, err); 2334 break; 2335 } 2336 2337 if (val != cpu_to_le32(~420553207)) { 2338 pr_err("alg: crc32c: Test failed for %s: %u\n", 2339 driver, le32_to_cpu(val)); 2340 err = -EINVAL; 2341 } 2342 } while (0); 2343 2344 crypto_free_shash(tfm); 2345 2346 return err; 2347 } 2348 2349 static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver, 2350 u32 type, u32 mask) 2351 { 2352 struct crypto_rng *rng; 2353 int err; 2354 2355 rng = crypto_alloc_rng(driver, type, mask); 2356 if (IS_ERR(rng)) { 2357 printk(KERN_ERR "alg: cprng: Failed to load transform for %s: " 2358 "%ld\n", driver, PTR_ERR(rng)); 2359 return PTR_ERR(rng); 2360 } 2361 2362 err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count); 2363 2364 crypto_free_rng(rng); 2365 2366 return err; 2367 } 2368 2369 2370 static int drbg_cavs_test(const struct drbg_testvec *test, int pr, 2371 const char *driver, u32 type, u32 mask) 2372 { 2373 int ret = -EAGAIN; 2374 struct crypto_rng *drng; 2375 struct drbg_test_data test_data; 2376 struct drbg_string addtl, pers, testentropy; 2377 unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL); 2378 2379 if (!buf) 2380 return -ENOMEM; 2381 2382 drng = crypto_alloc_rng(driver, type, mask); 2383 if (IS_ERR(drng)) { 2384 printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for " 2385 "%s\n", driver); 2386 kzfree(buf); 2387 return -ENOMEM; 2388 } 2389 2390 test_data.testentropy = &testentropy; 2391 drbg_string_fill(&testentropy, test->entropy, test->entropylen); 2392 drbg_string_fill(&pers, test->pers, test->perslen); 2393 ret = crypto_drbg_reset_test(drng, &pers, &test_data); 2394 if (ret) { 2395 printk(KERN_ERR "alg: drbg: Failed to reset rng\n"); 2396 goto outbuf; 2397 } 2398 2399 drbg_string_fill(&addtl, test->addtla, test->addtllen); 2400 if (pr) { 2401 drbg_string_fill(&testentropy, test->entpra, test->entprlen); 2402 ret = crypto_drbg_get_bytes_addtl_test(drng, 2403 buf, test->expectedlen, &addtl, &test_data); 2404 } else { 2405 ret = crypto_drbg_get_bytes_addtl(drng, 2406 buf, test->expectedlen, &addtl); 2407 } 2408 if (ret < 0) { 2409 printk(KERN_ERR "alg: drbg: could not obtain random data for " 2410 "driver %s\n", driver); 2411 goto outbuf; 2412 } 2413 2414 drbg_string_fill(&addtl, test->addtlb, test->addtllen); 2415 if (pr) { 2416 drbg_string_fill(&testentropy, test->entprb, test->entprlen); 2417 ret = crypto_drbg_get_bytes_addtl_test(drng, 2418 buf, test->expectedlen, &addtl, &test_data); 2419 } else { 2420 ret = crypto_drbg_get_bytes_addtl(drng, 2421 buf, test->expectedlen, &addtl); 2422 } 2423 if (ret < 0) { 2424 printk(KERN_ERR "alg: drbg: could not obtain random data for " 2425 "driver %s\n", driver); 2426 goto outbuf; 2427 } 2428 2429 ret = memcmp(test->expected, buf, test->expectedlen); 2430 2431 outbuf: 2432 crypto_free_rng(drng); 2433 kzfree(buf); 2434 return ret; 2435 } 2436 2437 2438 static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver, 2439 u32 type, u32 mask) 2440 { 2441 int err = 0; 2442 int pr = 0; 2443 int i = 0; 2444 const struct drbg_testvec *template = desc->suite.drbg.vecs; 2445 unsigned int tcount = desc->suite.drbg.count; 2446 2447 if (0 == memcmp(driver, "drbg_pr_", 8)) 2448 pr = 1; 2449 2450 for (i = 0; i < tcount; i++) { 2451 err = drbg_cavs_test(&template[i], pr, driver, type, mask); 2452 if (err) { 2453 printk(KERN_ERR "alg: drbg: Test %d failed for %s\n", 2454 i, driver); 2455 err = -EINVAL; 2456 break; 2457 } 2458 } 2459 return err; 2460 2461 } 2462 2463 static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec, 2464 const char *alg) 2465 { 2466 struct kpp_request *req; 2467 void *input_buf = NULL; 2468 void *output_buf = NULL; 2469 void *a_public = NULL; 2470 void *a_ss = NULL; 2471 void *shared_secret = NULL; 2472 struct crypto_wait wait; 2473 unsigned int out_len_max; 2474 int err = -ENOMEM; 2475 struct scatterlist src, dst; 2476 2477 req = kpp_request_alloc(tfm, GFP_KERNEL); 2478 if (!req) 2479 return err; 2480 2481 crypto_init_wait(&wait); 2482 2483 err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size); 2484 if (err < 0) 2485 goto free_req; 2486 2487 out_len_max = crypto_kpp_maxsize(tfm); 2488 output_buf = kzalloc(out_len_max, GFP_KERNEL); 2489 if (!output_buf) { 2490 err = -ENOMEM; 2491 goto free_req; 2492 } 2493 2494 /* Use appropriate parameter as base */ 2495 kpp_request_set_input(req, NULL, 0); 2496 sg_init_one(&dst, output_buf, out_len_max); 2497 kpp_request_set_output(req, &dst, out_len_max); 2498 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 2499 crypto_req_done, &wait); 2500 2501 /* Compute party A's public key */ 2502 err = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait); 2503 if (err) { 2504 pr_err("alg: %s: Party A: generate public key test failed. err %d\n", 2505 alg, err); 2506 goto free_output; 2507 } 2508 2509 if (vec->genkey) { 2510 /* Save party A's public key */ 2511 a_public = kmemdup(sg_virt(req->dst), out_len_max, GFP_KERNEL); 2512 if (!a_public) { 2513 err = -ENOMEM; 2514 goto free_output; 2515 } 2516 } else { 2517 /* Verify calculated public key */ 2518 if (memcmp(vec->expected_a_public, sg_virt(req->dst), 2519 vec->expected_a_public_size)) { 2520 pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n", 2521 alg); 2522 err = -EINVAL; 2523 goto free_output; 2524 } 2525 } 2526 2527 /* Calculate shared secret key by using counter part (b) public key. */ 2528 input_buf = kmemdup(vec->b_public, vec->b_public_size, GFP_KERNEL); 2529 if (!input_buf) { 2530 err = -ENOMEM; 2531 goto free_output; 2532 } 2533 2534 sg_init_one(&src, input_buf, vec->b_public_size); 2535 sg_init_one(&dst, output_buf, out_len_max); 2536 kpp_request_set_input(req, &src, vec->b_public_size); 2537 kpp_request_set_output(req, &dst, out_len_max); 2538 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 2539 crypto_req_done, &wait); 2540 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait); 2541 if (err) { 2542 pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n", 2543 alg, err); 2544 goto free_all; 2545 } 2546 2547 if (vec->genkey) { 2548 /* Save the shared secret obtained by party A */ 2549 a_ss = kmemdup(sg_virt(req->dst), vec->expected_ss_size, GFP_KERNEL); 2550 if (!a_ss) { 2551 err = -ENOMEM; 2552 goto free_all; 2553 } 2554 2555 /* 2556 * Calculate party B's shared secret by using party A's 2557 * public key. 2558 */ 2559 err = crypto_kpp_set_secret(tfm, vec->b_secret, 2560 vec->b_secret_size); 2561 if (err < 0) 2562 goto free_all; 2563 2564 sg_init_one(&src, a_public, vec->expected_a_public_size); 2565 sg_init_one(&dst, output_buf, out_len_max); 2566 kpp_request_set_input(req, &src, vec->expected_a_public_size); 2567 kpp_request_set_output(req, &dst, out_len_max); 2568 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 2569 crypto_req_done, &wait); 2570 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), 2571 &wait); 2572 if (err) { 2573 pr_err("alg: %s: Party B: compute shared secret failed. err %d\n", 2574 alg, err); 2575 goto free_all; 2576 } 2577 2578 shared_secret = a_ss; 2579 } else { 2580 shared_secret = (void *)vec->expected_ss; 2581 } 2582 2583 /* 2584 * verify shared secret from which the user will derive 2585 * secret key by executing whatever hash it has chosen 2586 */ 2587 if (memcmp(shared_secret, sg_virt(req->dst), 2588 vec->expected_ss_size)) { 2589 pr_err("alg: %s: compute shared secret test failed. Invalid output\n", 2590 alg); 2591 err = -EINVAL; 2592 } 2593 2594 free_all: 2595 kfree(a_ss); 2596 kfree(input_buf); 2597 free_output: 2598 kfree(a_public); 2599 kfree(output_buf); 2600 free_req: 2601 kpp_request_free(req); 2602 return err; 2603 } 2604 2605 static int test_kpp(struct crypto_kpp *tfm, const char *alg, 2606 const struct kpp_testvec *vecs, unsigned int tcount) 2607 { 2608 int ret, i; 2609 2610 for (i = 0; i < tcount; i++) { 2611 ret = do_test_kpp(tfm, vecs++, alg); 2612 if (ret) { 2613 pr_err("alg: %s: test failed on vector %d, err=%d\n", 2614 alg, i + 1, ret); 2615 return ret; 2616 } 2617 } 2618 return 0; 2619 } 2620 2621 static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver, 2622 u32 type, u32 mask) 2623 { 2624 struct crypto_kpp *tfm; 2625 int err = 0; 2626 2627 tfm = crypto_alloc_kpp(driver, type, mask); 2628 if (IS_ERR(tfm)) { 2629 pr_err("alg: kpp: Failed to load tfm for %s: %ld\n", 2630 driver, PTR_ERR(tfm)); 2631 return PTR_ERR(tfm); 2632 } 2633 if (desc->suite.kpp.vecs) 2634 err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs, 2635 desc->suite.kpp.count); 2636 2637 crypto_free_kpp(tfm); 2638 return err; 2639 } 2640 2641 static u8 *test_pack_u32(u8 *dst, u32 val) 2642 { 2643 memcpy(dst, &val, sizeof(val)); 2644 return dst + sizeof(val); 2645 } 2646 2647 static int test_akcipher_one(struct crypto_akcipher *tfm, 2648 const struct akcipher_testvec *vecs) 2649 { 2650 char *xbuf[XBUFSIZE]; 2651 struct akcipher_request *req; 2652 void *outbuf_enc = NULL; 2653 void *outbuf_dec = NULL; 2654 struct crypto_wait wait; 2655 unsigned int out_len_max, out_len = 0; 2656 int err = -ENOMEM; 2657 struct scatterlist src, dst, src_tab[3]; 2658 const char *m, *c; 2659 unsigned int m_size, c_size; 2660 const char *op; 2661 u8 *key, *ptr; 2662 2663 if (testmgr_alloc_buf(xbuf)) 2664 return err; 2665 2666 req = akcipher_request_alloc(tfm, GFP_KERNEL); 2667 if (!req) 2668 goto free_xbuf; 2669 2670 crypto_init_wait(&wait); 2671 2672 key = kmalloc(vecs->key_len + sizeof(u32) * 2 + vecs->param_len, 2673 GFP_KERNEL); 2674 if (!key) 2675 goto free_xbuf; 2676 memcpy(key, vecs->key, vecs->key_len); 2677 ptr = key + vecs->key_len; 2678 ptr = test_pack_u32(ptr, vecs->algo); 2679 ptr = test_pack_u32(ptr, vecs->param_len); 2680 memcpy(ptr, vecs->params, vecs->param_len); 2681 2682 if (vecs->public_key_vec) 2683 err = crypto_akcipher_set_pub_key(tfm, key, vecs->key_len); 2684 else 2685 err = crypto_akcipher_set_priv_key(tfm, key, vecs->key_len); 2686 if (err) 2687 goto free_req; 2688 2689 /* 2690 * First run test which do not require a private key, such as 2691 * encrypt or verify. 2692 */ 2693 err = -ENOMEM; 2694 out_len_max = crypto_akcipher_maxsize(tfm); 2695 outbuf_enc = kzalloc(out_len_max, GFP_KERNEL); 2696 if (!outbuf_enc) 2697 goto free_req; 2698 2699 if (!vecs->siggen_sigver_test) { 2700 m = vecs->m; 2701 m_size = vecs->m_size; 2702 c = vecs->c; 2703 c_size = vecs->c_size; 2704 op = "encrypt"; 2705 } else { 2706 /* Swap args so we could keep plaintext (digest) 2707 * in vecs->m, and cooked signature in vecs->c. 2708 */ 2709 m = vecs->c; /* signature */ 2710 m_size = vecs->c_size; 2711 c = vecs->m; /* digest */ 2712 c_size = vecs->m_size; 2713 op = "verify"; 2714 } 2715 2716 if (WARN_ON(m_size > PAGE_SIZE)) 2717 goto free_all; 2718 memcpy(xbuf[0], m, m_size); 2719 2720 sg_init_table(src_tab, 3); 2721 sg_set_buf(&src_tab[0], xbuf[0], 8); 2722 sg_set_buf(&src_tab[1], xbuf[0] + 8, m_size - 8); 2723 if (vecs->siggen_sigver_test) { 2724 if (WARN_ON(c_size > PAGE_SIZE)) 2725 goto free_all; 2726 memcpy(xbuf[1], c, c_size); 2727 sg_set_buf(&src_tab[2], xbuf[1], c_size); 2728 akcipher_request_set_crypt(req, src_tab, NULL, m_size, c_size); 2729 } else { 2730 sg_init_one(&dst, outbuf_enc, out_len_max); 2731 akcipher_request_set_crypt(req, src_tab, &dst, m_size, 2732 out_len_max); 2733 } 2734 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 2735 crypto_req_done, &wait); 2736 2737 err = crypto_wait_req(vecs->siggen_sigver_test ? 2738 /* Run asymmetric signature verification */ 2739 crypto_akcipher_verify(req) : 2740 /* Run asymmetric encrypt */ 2741 crypto_akcipher_encrypt(req), &wait); 2742 if (err) { 2743 pr_err("alg: akcipher: %s test failed. err %d\n", op, err); 2744 goto free_all; 2745 } 2746 if (!vecs->siggen_sigver_test) { 2747 if (req->dst_len != c_size) { 2748 pr_err("alg: akcipher: %s test failed. Invalid output len\n", 2749 op); 2750 err = -EINVAL; 2751 goto free_all; 2752 } 2753 /* verify that encrypted message is equal to expected */ 2754 if (memcmp(c, outbuf_enc, c_size) != 0) { 2755 pr_err("alg: akcipher: %s test failed. Invalid output\n", 2756 op); 2757 hexdump(outbuf_enc, c_size); 2758 err = -EINVAL; 2759 goto free_all; 2760 } 2761 } 2762 2763 /* 2764 * Don't invoke (decrypt or sign) test which require a private key 2765 * for vectors with only a public key. 2766 */ 2767 if (vecs->public_key_vec) { 2768 err = 0; 2769 goto free_all; 2770 } 2771 outbuf_dec = kzalloc(out_len_max, GFP_KERNEL); 2772 if (!outbuf_dec) { 2773 err = -ENOMEM; 2774 goto free_all; 2775 } 2776 2777 op = vecs->siggen_sigver_test ? "sign" : "decrypt"; 2778 if (WARN_ON(c_size > PAGE_SIZE)) 2779 goto free_all; 2780 memcpy(xbuf[0], c, c_size); 2781 2782 sg_init_one(&src, xbuf[0], c_size); 2783 sg_init_one(&dst, outbuf_dec, out_len_max); 2784 crypto_init_wait(&wait); 2785 akcipher_request_set_crypt(req, &src, &dst, c_size, out_len_max); 2786 2787 err = crypto_wait_req(vecs->siggen_sigver_test ? 2788 /* Run asymmetric signature generation */ 2789 crypto_akcipher_sign(req) : 2790 /* Run asymmetric decrypt */ 2791 crypto_akcipher_decrypt(req), &wait); 2792 if (err) { 2793 pr_err("alg: akcipher: %s test failed. err %d\n", op, err); 2794 goto free_all; 2795 } 2796 out_len = req->dst_len; 2797 if (out_len < m_size) { 2798 pr_err("alg: akcipher: %s test failed. Invalid output len %u\n", 2799 op, out_len); 2800 err = -EINVAL; 2801 goto free_all; 2802 } 2803 /* verify that decrypted message is equal to the original msg */ 2804 if (memchr_inv(outbuf_dec, 0, out_len - m_size) || 2805 memcmp(m, outbuf_dec + out_len - m_size, m_size)) { 2806 pr_err("alg: akcipher: %s test failed. Invalid output\n", op); 2807 hexdump(outbuf_dec, out_len); 2808 err = -EINVAL; 2809 } 2810 free_all: 2811 kfree(outbuf_dec); 2812 kfree(outbuf_enc); 2813 free_req: 2814 akcipher_request_free(req); 2815 kfree(key); 2816 free_xbuf: 2817 testmgr_free_buf(xbuf); 2818 return err; 2819 } 2820 2821 static int test_akcipher(struct crypto_akcipher *tfm, const char *alg, 2822 const struct akcipher_testvec *vecs, 2823 unsigned int tcount) 2824 { 2825 const char *algo = 2826 crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm)); 2827 int ret, i; 2828 2829 for (i = 0; i < tcount; i++) { 2830 ret = test_akcipher_one(tfm, vecs++); 2831 if (!ret) 2832 continue; 2833 2834 pr_err("alg: akcipher: test %d failed for %s, err=%d\n", 2835 i + 1, algo, ret); 2836 return ret; 2837 } 2838 return 0; 2839 } 2840 2841 static int alg_test_akcipher(const struct alg_test_desc *desc, 2842 const char *driver, u32 type, u32 mask) 2843 { 2844 struct crypto_akcipher *tfm; 2845 int err = 0; 2846 2847 tfm = crypto_alloc_akcipher(driver, type, mask); 2848 if (IS_ERR(tfm)) { 2849 pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n", 2850 driver, PTR_ERR(tfm)); 2851 return PTR_ERR(tfm); 2852 } 2853 if (desc->suite.akcipher.vecs) 2854 err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs, 2855 desc->suite.akcipher.count); 2856 2857 crypto_free_akcipher(tfm); 2858 return err; 2859 } 2860 2861 static int alg_test_null(const struct alg_test_desc *desc, 2862 const char *driver, u32 type, u32 mask) 2863 { 2864 return 0; 2865 } 2866 2867 #define __VECS(tv) { .vecs = tv, .count = ARRAY_SIZE(tv) } 2868 2869 /* Please keep this list sorted by algorithm name. */ 2870 static const struct alg_test_desc alg_test_descs[] = { 2871 { 2872 .alg = "adiantum(xchacha12,aes)", 2873 .test = alg_test_skcipher, 2874 .suite = { 2875 .cipher = __VECS(adiantum_xchacha12_aes_tv_template) 2876 }, 2877 }, { 2878 .alg = "adiantum(xchacha20,aes)", 2879 .test = alg_test_skcipher, 2880 .suite = { 2881 .cipher = __VECS(adiantum_xchacha20_aes_tv_template) 2882 }, 2883 }, { 2884 .alg = "aegis128", 2885 .test = alg_test_aead, 2886 .suite = { 2887 .aead = __VECS(aegis128_tv_template) 2888 } 2889 }, { 2890 .alg = "aegis128l", 2891 .test = alg_test_aead, 2892 .suite = { 2893 .aead = __VECS(aegis128l_tv_template) 2894 } 2895 }, { 2896 .alg = "aegis256", 2897 .test = alg_test_aead, 2898 .suite = { 2899 .aead = __VECS(aegis256_tv_template) 2900 } 2901 }, { 2902 .alg = "ansi_cprng", 2903 .test = alg_test_cprng, 2904 .suite = { 2905 .cprng = __VECS(ansi_cprng_aes_tv_template) 2906 } 2907 }, { 2908 .alg = "authenc(hmac(md5),ecb(cipher_null))", 2909 .test = alg_test_aead, 2910 .suite = { 2911 .aead = __VECS(hmac_md5_ecb_cipher_null_tv_template) 2912 } 2913 }, { 2914 .alg = "authenc(hmac(sha1),cbc(aes))", 2915 .test = alg_test_aead, 2916 .fips_allowed = 1, 2917 .suite = { 2918 .aead = __VECS(hmac_sha1_aes_cbc_tv_temp) 2919 } 2920 }, { 2921 .alg = "authenc(hmac(sha1),cbc(des))", 2922 .test = alg_test_aead, 2923 .suite = { 2924 .aead = __VECS(hmac_sha1_des_cbc_tv_temp) 2925 } 2926 }, { 2927 .alg = "authenc(hmac(sha1),cbc(des3_ede))", 2928 .test = alg_test_aead, 2929 .fips_allowed = 1, 2930 .suite = { 2931 .aead = __VECS(hmac_sha1_des3_ede_cbc_tv_temp) 2932 } 2933 }, { 2934 .alg = "authenc(hmac(sha1),ctr(aes))", 2935 .test = alg_test_null, 2936 .fips_allowed = 1, 2937 }, { 2938 .alg = "authenc(hmac(sha1),ecb(cipher_null))", 2939 .test = alg_test_aead, 2940 .suite = { 2941 .aead = __VECS(hmac_sha1_ecb_cipher_null_tv_temp) 2942 } 2943 }, { 2944 .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))", 2945 .test = alg_test_null, 2946 .fips_allowed = 1, 2947 }, { 2948 .alg = "authenc(hmac(sha224),cbc(des))", 2949 .test = alg_test_aead, 2950 .suite = { 2951 .aead = __VECS(hmac_sha224_des_cbc_tv_temp) 2952 } 2953 }, { 2954 .alg = "authenc(hmac(sha224),cbc(des3_ede))", 2955 .test = alg_test_aead, 2956 .fips_allowed = 1, 2957 .suite = { 2958 .aead = __VECS(hmac_sha224_des3_ede_cbc_tv_temp) 2959 } 2960 }, { 2961 .alg = "authenc(hmac(sha256),cbc(aes))", 2962 .test = alg_test_aead, 2963 .fips_allowed = 1, 2964 .suite = { 2965 .aead = __VECS(hmac_sha256_aes_cbc_tv_temp) 2966 } 2967 }, { 2968 .alg = "authenc(hmac(sha256),cbc(des))", 2969 .test = alg_test_aead, 2970 .suite = { 2971 .aead = __VECS(hmac_sha256_des_cbc_tv_temp) 2972 } 2973 }, { 2974 .alg = "authenc(hmac(sha256),cbc(des3_ede))", 2975 .test = alg_test_aead, 2976 .fips_allowed = 1, 2977 .suite = { 2978 .aead = __VECS(hmac_sha256_des3_ede_cbc_tv_temp) 2979 } 2980 }, { 2981 .alg = "authenc(hmac(sha256),ctr(aes))", 2982 .test = alg_test_null, 2983 .fips_allowed = 1, 2984 }, { 2985 .alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))", 2986 .test = alg_test_null, 2987 .fips_allowed = 1, 2988 }, { 2989 .alg = "authenc(hmac(sha384),cbc(des))", 2990 .test = alg_test_aead, 2991 .suite = { 2992 .aead = __VECS(hmac_sha384_des_cbc_tv_temp) 2993 } 2994 }, { 2995 .alg = "authenc(hmac(sha384),cbc(des3_ede))", 2996 .test = alg_test_aead, 2997 .fips_allowed = 1, 2998 .suite = { 2999 .aead = __VECS(hmac_sha384_des3_ede_cbc_tv_temp) 3000 } 3001 }, { 3002 .alg = "authenc(hmac(sha384),ctr(aes))", 3003 .test = alg_test_null, 3004 .fips_allowed = 1, 3005 }, { 3006 .alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))", 3007 .test = alg_test_null, 3008 .fips_allowed = 1, 3009 }, { 3010 .alg = "authenc(hmac(sha512),cbc(aes))", 3011 .fips_allowed = 1, 3012 .test = alg_test_aead, 3013 .suite = { 3014 .aead = __VECS(hmac_sha512_aes_cbc_tv_temp) 3015 } 3016 }, { 3017 .alg = "authenc(hmac(sha512),cbc(des))", 3018 .test = alg_test_aead, 3019 .suite = { 3020 .aead = __VECS(hmac_sha512_des_cbc_tv_temp) 3021 } 3022 }, { 3023 .alg = "authenc(hmac(sha512),cbc(des3_ede))", 3024 .test = alg_test_aead, 3025 .fips_allowed = 1, 3026 .suite = { 3027 .aead = __VECS(hmac_sha512_des3_ede_cbc_tv_temp) 3028 } 3029 }, { 3030 .alg = "authenc(hmac(sha512),ctr(aes))", 3031 .test = alg_test_null, 3032 .fips_allowed = 1, 3033 }, { 3034 .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))", 3035 .test = alg_test_null, 3036 .fips_allowed = 1, 3037 }, { 3038 .alg = "cbc(aes)", 3039 .test = alg_test_skcipher, 3040 .fips_allowed = 1, 3041 .suite = { 3042 .cipher = __VECS(aes_cbc_tv_template) 3043 }, 3044 }, { 3045 .alg = "cbc(anubis)", 3046 .test = alg_test_skcipher, 3047 .suite = { 3048 .cipher = __VECS(anubis_cbc_tv_template) 3049 }, 3050 }, { 3051 .alg = "cbc(blowfish)", 3052 .test = alg_test_skcipher, 3053 .suite = { 3054 .cipher = __VECS(bf_cbc_tv_template) 3055 }, 3056 }, { 3057 .alg = "cbc(camellia)", 3058 .test = alg_test_skcipher, 3059 .suite = { 3060 .cipher = __VECS(camellia_cbc_tv_template) 3061 }, 3062 }, { 3063 .alg = "cbc(cast5)", 3064 .test = alg_test_skcipher, 3065 .suite = { 3066 .cipher = __VECS(cast5_cbc_tv_template) 3067 }, 3068 }, { 3069 .alg = "cbc(cast6)", 3070 .test = alg_test_skcipher, 3071 .suite = { 3072 .cipher = __VECS(cast6_cbc_tv_template) 3073 }, 3074 }, { 3075 .alg = "cbc(des)", 3076 .test = alg_test_skcipher, 3077 .suite = { 3078 .cipher = __VECS(des_cbc_tv_template) 3079 }, 3080 }, { 3081 .alg = "cbc(des3_ede)", 3082 .test = alg_test_skcipher, 3083 .fips_allowed = 1, 3084 .suite = { 3085 .cipher = __VECS(des3_ede_cbc_tv_template) 3086 }, 3087 }, { 3088 /* Same as cbc(aes) except the key is stored in 3089 * hardware secure memory which we reference by index 3090 */ 3091 .alg = "cbc(paes)", 3092 .test = alg_test_null, 3093 .fips_allowed = 1, 3094 }, { 3095 .alg = "cbc(serpent)", 3096 .test = alg_test_skcipher, 3097 .suite = { 3098 .cipher = __VECS(serpent_cbc_tv_template) 3099 }, 3100 }, { 3101 .alg = "cbc(sm4)", 3102 .test = alg_test_skcipher, 3103 .suite = { 3104 .cipher = __VECS(sm4_cbc_tv_template) 3105 } 3106 }, { 3107 .alg = "cbc(twofish)", 3108 .test = alg_test_skcipher, 3109 .suite = { 3110 .cipher = __VECS(tf_cbc_tv_template) 3111 }, 3112 }, { 3113 .alg = "cbcmac(aes)", 3114 .fips_allowed = 1, 3115 .test = alg_test_hash, 3116 .suite = { 3117 .hash = __VECS(aes_cbcmac_tv_template) 3118 } 3119 }, { 3120 .alg = "ccm(aes)", 3121 .test = alg_test_aead, 3122 .fips_allowed = 1, 3123 .suite = { 3124 .aead = __VECS(aes_ccm_tv_template) 3125 } 3126 }, { 3127 .alg = "cfb(aes)", 3128 .test = alg_test_skcipher, 3129 .fips_allowed = 1, 3130 .suite = { 3131 .cipher = __VECS(aes_cfb_tv_template) 3132 }, 3133 }, { 3134 .alg = "chacha20", 3135 .test = alg_test_skcipher, 3136 .suite = { 3137 .cipher = __VECS(chacha20_tv_template) 3138 }, 3139 }, { 3140 .alg = "cmac(aes)", 3141 .fips_allowed = 1, 3142 .test = alg_test_hash, 3143 .suite = { 3144 .hash = __VECS(aes_cmac128_tv_template) 3145 } 3146 }, { 3147 .alg = "cmac(des3_ede)", 3148 .fips_allowed = 1, 3149 .test = alg_test_hash, 3150 .suite = { 3151 .hash = __VECS(des3_ede_cmac64_tv_template) 3152 } 3153 }, { 3154 .alg = "compress_null", 3155 .test = alg_test_null, 3156 }, { 3157 .alg = "crc32", 3158 .test = alg_test_hash, 3159 .fips_allowed = 1, 3160 .suite = { 3161 .hash = __VECS(crc32_tv_template) 3162 } 3163 }, { 3164 .alg = "crc32c", 3165 .test = alg_test_crc32c, 3166 .fips_allowed = 1, 3167 .suite = { 3168 .hash = __VECS(crc32c_tv_template) 3169 } 3170 }, { 3171 .alg = "crct10dif", 3172 .test = alg_test_hash, 3173 .fips_allowed = 1, 3174 .suite = { 3175 .hash = __VECS(crct10dif_tv_template) 3176 } 3177 }, { 3178 .alg = "ctr(aes)", 3179 .test = alg_test_skcipher, 3180 .fips_allowed = 1, 3181 .suite = { 3182 .cipher = __VECS(aes_ctr_tv_template) 3183 } 3184 }, { 3185 .alg = "ctr(blowfish)", 3186 .test = alg_test_skcipher, 3187 .suite = { 3188 .cipher = __VECS(bf_ctr_tv_template) 3189 } 3190 }, { 3191 .alg = "ctr(camellia)", 3192 .test = alg_test_skcipher, 3193 .suite = { 3194 .cipher = __VECS(camellia_ctr_tv_template) 3195 } 3196 }, { 3197 .alg = "ctr(cast5)", 3198 .test = alg_test_skcipher, 3199 .suite = { 3200 .cipher = __VECS(cast5_ctr_tv_template) 3201 } 3202 }, { 3203 .alg = "ctr(cast6)", 3204 .test = alg_test_skcipher, 3205 .suite = { 3206 .cipher = __VECS(cast6_ctr_tv_template) 3207 } 3208 }, { 3209 .alg = "ctr(des)", 3210 .test = alg_test_skcipher, 3211 .suite = { 3212 .cipher = __VECS(des_ctr_tv_template) 3213 } 3214 }, { 3215 .alg = "ctr(des3_ede)", 3216 .test = alg_test_skcipher, 3217 .fips_allowed = 1, 3218 .suite = { 3219 .cipher = __VECS(des3_ede_ctr_tv_template) 3220 } 3221 }, { 3222 /* Same as ctr(aes) except the key is stored in 3223 * hardware secure memory which we reference by index 3224 */ 3225 .alg = "ctr(paes)", 3226 .test = alg_test_null, 3227 .fips_allowed = 1, 3228 }, { 3229 .alg = "ctr(serpent)", 3230 .test = alg_test_skcipher, 3231 .suite = { 3232 .cipher = __VECS(serpent_ctr_tv_template) 3233 } 3234 }, { 3235 .alg = "ctr(sm4)", 3236 .test = alg_test_skcipher, 3237 .suite = { 3238 .cipher = __VECS(sm4_ctr_tv_template) 3239 } 3240 }, { 3241 .alg = "ctr(twofish)", 3242 .test = alg_test_skcipher, 3243 .suite = { 3244 .cipher = __VECS(tf_ctr_tv_template) 3245 } 3246 }, { 3247 .alg = "cts(cbc(aes))", 3248 .test = alg_test_skcipher, 3249 .fips_allowed = 1, 3250 .suite = { 3251 .cipher = __VECS(cts_mode_tv_template) 3252 } 3253 }, { 3254 .alg = "deflate", 3255 .test = alg_test_comp, 3256 .fips_allowed = 1, 3257 .suite = { 3258 .comp = { 3259 .comp = __VECS(deflate_comp_tv_template), 3260 .decomp = __VECS(deflate_decomp_tv_template) 3261 } 3262 } 3263 }, { 3264 .alg = "dh", 3265 .test = alg_test_kpp, 3266 .fips_allowed = 1, 3267 .suite = { 3268 .kpp = __VECS(dh_tv_template) 3269 } 3270 }, { 3271 .alg = "digest_null", 3272 .test = alg_test_null, 3273 }, { 3274 .alg = "drbg_nopr_ctr_aes128", 3275 .test = alg_test_drbg, 3276 .fips_allowed = 1, 3277 .suite = { 3278 .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template) 3279 } 3280 }, { 3281 .alg = "drbg_nopr_ctr_aes192", 3282 .test = alg_test_drbg, 3283 .fips_allowed = 1, 3284 .suite = { 3285 .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template) 3286 } 3287 }, { 3288 .alg = "drbg_nopr_ctr_aes256", 3289 .test = alg_test_drbg, 3290 .fips_allowed = 1, 3291 .suite = { 3292 .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template) 3293 } 3294 }, { 3295 /* 3296 * There is no need to specifically test the DRBG with every 3297 * backend cipher -- covered by drbg_nopr_hmac_sha256 test 3298 */ 3299 .alg = "drbg_nopr_hmac_sha1", 3300 .fips_allowed = 1, 3301 .test = alg_test_null, 3302 }, { 3303 .alg = "drbg_nopr_hmac_sha256", 3304 .test = alg_test_drbg, 3305 .fips_allowed = 1, 3306 .suite = { 3307 .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template) 3308 } 3309 }, { 3310 /* covered by drbg_nopr_hmac_sha256 test */ 3311 .alg = "drbg_nopr_hmac_sha384", 3312 .fips_allowed = 1, 3313 .test = alg_test_null, 3314 }, { 3315 .alg = "drbg_nopr_hmac_sha512", 3316 .test = alg_test_null, 3317 .fips_allowed = 1, 3318 }, { 3319 .alg = "drbg_nopr_sha1", 3320 .fips_allowed = 1, 3321 .test = alg_test_null, 3322 }, { 3323 .alg = "drbg_nopr_sha256", 3324 .test = alg_test_drbg, 3325 .fips_allowed = 1, 3326 .suite = { 3327 .drbg = __VECS(drbg_nopr_sha256_tv_template) 3328 } 3329 }, { 3330 /* covered by drbg_nopr_sha256 test */ 3331 .alg = "drbg_nopr_sha384", 3332 .fips_allowed = 1, 3333 .test = alg_test_null, 3334 }, { 3335 .alg = "drbg_nopr_sha512", 3336 .fips_allowed = 1, 3337 .test = alg_test_null, 3338 }, { 3339 .alg = "drbg_pr_ctr_aes128", 3340 .test = alg_test_drbg, 3341 .fips_allowed = 1, 3342 .suite = { 3343 .drbg = __VECS(drbg_pr_ctr_aes128_tv_template) 3344 } 3345 }, { 3346 /* covered by drbg_pr_ctr_aes128 test */ 3347 .alg = "drbg_pr_ctr_aes192", 3348 .fips_allowed = 1, 3349 .test = alg_test_null, 3350 }, { 3351 .alg = "drbg_pr_ctr_aes256", 3352 .fips_allowed = 1, 3353 .test = alg_test_null, 3354 }, { 3355 .alg = "drbg_pr_hmac_sha1", 3356 .fips_allowed = 1, 3357 .test = alg_test_null, 3358 }, { 3359 .alg = "drbg_pr_hmac_sha256", 3360 .test = alg_test_drbg, 3361 .fips_allowed = 1, 3362 .suite = { 3363 .drbg = __VECS(drbg_pr_hmac_sha256_tv_template) 3364 } 3365 }, { 3366 /* covered by drbg_pr_hmac_sha256 test */ 3367 .alg = "drbg_pr_hmac_sha384", 3368 .fips_allowed = 1, 3369 .test = alg_test_null, 3370 }, { 3371 .alg = "drbg_pr_hmac_sha512", 3372 .test = alg_test_null, 3373 .fips_allowed = 1, 3374 }, { 3375 .alg = "drbg_pr_sha1", 3376 .fips_allowed = 1, 3377 .test = alg_test_null, 3378 }, { 3379 .alg = "drbg_pr_sha256", 3380 .test = alg_test_drbg, 3381 .fips_allowed = 1, 3382 .suite = { 3383 .drbg = __VECS(drbg_pr_sha256_tv_template) 3384 } 3385 }, { 3386 /* covered by drbg_pr_sha256 test */ 3387 .alg = "drbg_pr_sha384", 3388 .fips_allowed = 1, 3389 .test = alg_test_null, 3390 }, { 3391 .alg = "drbg_pr_sha512", 3392 .fips_allowed = 1, 3393 .test = alg_test_null, 3394 }, { 3395 .alg = "ecb(aes)", 3396 .test = alg_test_skcipher, 3397 .fips_allowed = 1, 3398 .suite = { 3399 .cipher = __VECS(aes_tv_template) 3400 } 3401 }, { 3402 .alg = "ecb(anubis)", 3403 .test = alg_test_skcipher, 3404 .suite = { 3405 .cipher = __VECS(anubis_tv_template) 3406 } 3407 }, { 3408 .alg = "ecb(arc4)", 3409 .test = alg_test_skcipher, 3410 .suite = { 3411 .cipher = __VECS(arc4_tv_template) 3412 } 3413 }, { 3414 .alg = "ecb(blowfish)", 3415 .test = alg_test_skcipher, 3416 .suite = { 3417 .cipher = __VECS(bf_tv_template) 3418 } 3419 }, { 3420 .alg = "ecb(camellia)", 3421 .test = alg_test_skcipher, 3422 .suite = { 3423 .cipher = __VECS(camellia_tv_template) 3424 } 3425 }, { 3426 .alg = "ecb(cast5)", 3427 .test = alg_test_skcipher, 3428 .suite = { 3429 .cipher = __VECS(cast5_tv_template) 3430 } 3431 }, { 3432 .alg = "ecb(cast6)", 3433 .test = alg_test_skcipher, 3434 .suite = { 3435 .cipher = __VECS(cast6_tv_template) 3436 } 3437 }, { 3438 .alg = "ecb(cipher_null)", 3439 .test = alg_test_null, 3440 .fips_allowed = 1, 3441 }, { 3442 .alg = "ecb(des)", 3443 .test = alg_test_skcipher, 3444 .suite = { 3445 .cipher = __VECS(des_tv_template) 3446 } 3447 }, { 3448 .alg = "ecb(des3_ede)", 3449 .test = alg_test_skcipher, 3450 .fips_allowed = 1, 3451 .suite = { 3452 .cipher = __VECS(des3_ede_tv_template) 3453 } 3454 }, { 3455 .alg = "ecb(fcrypt)", 3456 .test = alg_test_skcipher, 3457 .suite = { 3458 .cipher = { 3459 .vecs = fcrypt_pcbc_tv_template, 3460 .count = 1 3461 } 3462 } 3463 }, { 3464 .alg = "ecb(khazad)", 3465 .test = alg_test_skcipher, 3466 .suite = { 3467 .cipher = __VECS(khazad_tv_template) 3468 } 3469 }, { 3470 /* Same as ecb(aes) except the key is stored in 3471 * hardware secure memory which we reference by index 3472 */ 3473 .alg = "ecb(paes)", 3474 .test = alg_test_null, 3475 .fips_allowed = 1, 3476 }, { 3477 .alg = "ecb(seed)", 3478 .test = alg_test_skcipher, 3479 .suite = { 3480 .cipher = __VECS(seed_tv_template) 3481 } 3482 }, { 3483 .alg = "ecb(serpent)", 3484 .test = alg_test_skcipher, 3485 .suite = { 3486 .cipher = __VECS(serpent_tv_template) 3487 } 3488 }, { 3489 .alg = "ecb(sm4)", 3490 .test = alg_test_skcipher, 3491 .suite = { 3492 .cipher = __VECS(sm4_tv_template) 3493 } 3494 }, { 3495 .alg = "ecb(tea)", 3496 .test = alg_test_skcipher, 3497 .suite = { 3498 .cipher = __VECS(tea_tv_template) 3499 } 3500 }, { 3501 .alg = "ecb(tnepres)", 3502 .test = alg_test_skcipher, 3503 .suite = { 3504 .cipher = __VECS(tnepres_tv_template) 3505 } 3506 }, { 3507 .alg = "ecb(twofish)", 3508 .test = alg_test_skcipher, 3509 .suite = { 3510 .cipher = __VECS(tf_tv_template) 3511 } 3512 }, { 3513 .alg = "ecb(xeta)", 3514 .test = alg_test_skcipher, 3515 .suite = { 3516 .cipher = __VECS(xeta_tv_template) 3517 } 3518 }, { 3519 .alg = "ecb(xtea)", 3520 .test = alg_test_skcipher, 3521 .suite = { 3522 .cipher = __VECS(xtea_tv_template) 3523 } 3524 }, { 3525 .alg = "ecdh", 3526 .test = alg_test_kpp, 3527 .fips_allowed = 1, 3528 .suite = { 3529 .kpp = __VECS(ecdh_tv_template) 3530 } 3531 }, { 3532 .alg = "ecrdsa", 3533 .test = alg_test_akcipher, 3534 .suite = { 3535 .akcipher = __VECS(ecrdsa_tv_template) 3536 } 3537 }, { 3538 .alg = "gcm(aes)", 3539 .test = alg_test_aead, 3540 .fips_allowed = 1, 3541 .suite = { 3542 .aead = __VECS(aes_gcm_tv_template) 3543 } 3544 }, { 3545 .alg = "ghash", 3546 .test = alg_test_hash, 3547 .fips_allowed = 1, 3548 .suite = { 3549 .hash = __VECS(ghash_tv_template) 3550 } 3551 }, { 3552 .alg = "hmac(md5)", 3553 .test = alg_test_hash, 3554 .suite = { 3555 .hash = __VECS(hmac_md5_tv_template) 3556 } 3557 }, { 3558 .alg = "hmac(rmd128)", 3559 .test = alg_test_hash, 3560 .suite = { 3561 .hash = __VECS(hmac_rmd128_tv_template) 3562 } 3563 }, { 3564 .alg = "hmac(rmd160)", 3565 .test = alg_test_hash, 3566 .suite = { 3567 .hash = __VECS(hmac_rmd160_tv_template) 3568 } 3569 }, { 3570 .alg = "hmac(sha1)", 3571 .test = alg_test_hash, 3572 .fips_allowed = 1, 3573 .suite = { 3574 .hash = __VECS(hmac_sha1_tv_template) 3575 } 3576 }, { 3577 .alg = "hmac(sha224)", 3578 .test = alg_test_hash, 3579 .fips_allowed = 1, 3580 .suite = { 3581 .hash = __VECS(hmac_sha224_tv_template) 3582 } 3583 }, { 3584 .alg = "hmac(sha256)", 3585 .test = alg_test_hash, 3586 .fips_allowed = 1, 3587 .suite = { 3588 .hash = __VECS(hmac_sha256_tv_template) 3589 } 3590 }, { 3591 .alg = "hmac(sha3-224)", 3592 .test = alg_test_hash, 3593 .fips_allowed = 1, 3594 .suite = { 3595 .hash = __VECS(hmac_sha3_224_tv_template) 3596 } 3597 }, { 3598 .alg = "hmac(sha3-256)", 3599 .test = alg_test_hash, 3600 .fips_allowed = 1, 3601 .suite = { 3602 .hash = __VECS(hmac_sha3_256_tv_template) 3603 } 3604 }, { 3605 .alg = "hmac(sha3-384)", 3606 .test = alg_test_hash, 3607 .fips_allowed = 1, 3608 .suite = { 3609 .hash = __VECS(hmac_sha3_384_tv_template) 3610 } 3611 }, { 3612 .alg = "hmac(sha3-512)", 3613 .test = alg_test_hash, 3614 .fips_allowed = 1, 3615 .suite = { 3616 .hash = __VECS(hmac_sha3_512_tv_template) 3617 } 3618 }, { 3619 .alg = "hmac(sha384)", 3620 .test = alg_test_hash, 3621 .fips_allowed = 1, 3622 .suite = { 3623 .hash = __VECS(hmac_sha384_tv_template) 3624 } 3625 }, { 3626 .alg = "hmac(sha512)", 3627 .test = alg_test_hash, 3628 .fips_allowed = 1, 3629 .suite = { 3630 .hash = __VECS(hmac_sha512_tv_template) 3631 } 3632 }, { 3633 .alg = "hmac(streebog256)", 3634 .test = alg_test_hash, 3635 .suite = { 3636 .hash = __VECS(hmac_streebog256_tv_template) 3637 } 3638 }, { 3639 .alg = "hmac(streebog512)", 3640 .test = alg_test_hash, 3641 .suite = { 3642 .hash = __VECS(hmac_streebog512_tv_template) 3643 } 3644 }, { 3645 .alg = "jitterentropy_rng", 3646 .fips_allowed = 1, 3647 .test = alg_test_null, 3648 }, { 3649 .alg = "kw(aes)", 3650 .test = alg_test_skcipher, 3651 .fips_allowed = 1, 3652 .suite = { 3653 .cipher = __VECS(aes_kw_tv_template) 3654 } 3655 }, { 3656 .alg = "lrw(aes)", 3657 .test = alg_test_skcipher, 3658 .suite = { 3659 .cipher = __VECS(aes_lrw_tv_template) 3660 } 3661 }, { 3662 .alg = "lrw(camellia)", 3663 .test = alg_test_skcipher, 3664 .suite = { 3665 .cipher = __VECS(camellia_lrw_tv_template) 3666 } 3667 }, { 3668 .alg = "lrw(cast6)", 3669 .test = alg_test_skcipher, 3670 .suite = { 3671 .cipher = __VECS(cast6_lrw_tv_template) 3672 } 3673 }, { 3674 .alg = "lrw(serpent)", 3675 .test = alg_test_skcipher, 3676 .suite = { 3677 .cipher = __VECS(serpent_lrw_tv_template) 3678 } 3679 }, { 3680 .alg = "lrw(twofish)", 3681 .test = alg_test_skcipher, 3682 .suite = { 3683 .cipher = __VECS(tf_lrw_tv_template) 3684 } 3685 }, { 3686 .alg = "lz4", 3687 .test = alg_test_comp, 3688 .fips_allowed = 1, 3689 .suite = { 3690 .comp = { 3691 .comp = __VECS(lz4_comp_tv_template), 3692 .decomp = __VECS(lz4_decomp_tv_template) 3693 } 3694 } 3695 }, { 3696 .alg = "lz4hc", 3697 .test = alg_test_comp, 3698 .fips_allowed = 1, 3699 .suite = { 3700 .comp = { 3701 .comp = __VECS(lz4hc_comp_tv_template), 3702 .decomp = __VECS(lz4hc_decomp_tv_template) 3703 } 3704 } 3705 }, { 3706 .alg = "lzo", 3707 .test = alg_test_comp, 3708 .fips_allowed = 1, 3709 .suite = { 3710 .comp = { 3711 .comp = __VECS(lzo_comp_tv_template), 3712 .decomp = __VECS(lzo_decomp_tv_template) 3713 } 3714 } 3715 }, { 3716 .alg = "md4", 3717 .test = alg_test_hash, 3718 .suite = { 3719 .hash = __VECS(md4_tv_template) 3720 } 3721 }, { 3722 .alg = "md5", 3723 .test = alg_test_hash, 3724 .suite = { 3725 .hash = __VECS(md5_tv_template) 3726 } 3727 }, { 3728 .alg = "michael_mic", 3729 .test = alg_test_hash, 3730 .suite = { 3731 .hash = __VECS(michael_mic_tv_template) 3732 } 3733 }, { 3734 .alg = "morus1280", 3735 .test = alg_test_aead, 3736 .suite = { 3737 .aead = __VECS(morus1280_tv_template) 3738 } 3739 }, { 3740 .alg = "morus640", 3741 .test = alg_test_aead, 3742 .suite = { 3743 .aead = __VECS(morus640_tv_template) 3744 } 3745 }, { 3746 .alg = "nhpoly1305", 3747 .test = alg_test_hash, 3748 .suite = { 3749 .hash = __VECS(nhpoly1305_tv_template) 3750 } 3751 }, { 3752 .alg = "ofb(aes)", 3753 .test = alg_test_skcipher, 3754 .fips_allowed = 1, 3755 .suite = { 3756 .cipher = __VECS(aes_ofb_tv_template) 3757 } 3758 }, { 3759 /* Same as ofb(aes) except the key is stored in 3760 * hardware secure memory which we reference by index 3761 */ 3762 .alg = "ofb(paes)", 3763 .test = alg_test_null, 3764 .fips_allowed = 1, 3765 }, { 3766 .alg = "pcbc(fcrypt)", 3767 .test = alg_test_skcipher, 3768 .suite = { 3769 .cipher = __VECS(fcrypt_pcbc_tv_template) 3770 } 3771 }, { 3772 .alg = "pkcs1pad(rsa,sha224)", 3773 .test = alg_test_null, 3774 .fips_allowed = 1, 3775 }, { 3776 .alg = "pkcs1pad(rsa,sha256)", 3777 .test = alg_test_akcipher, 3778 .fips_allowed = 1, 3779 .suite = { 3780 .akcipher = __VECS(pkcs1pad_rsa_tv_template) 3781 } 3782 }, { 3783 .alg = "pkcs1pad(rsa,sha384)", 3784 .test = alg_test_null, 3785 .fips_allowed = 1, 3786 }, { 3787 .alg = "pkcs1pad(rsa,sha512)", 3788 .test = alg_test_null, 3789 .fips_allowed = 1, 3790 }, { 3791 .alg = "poly1305", 3792 .test = alg_test_hash, 3793 .suite = { 3794 .hash = __VECS(poly1305_tv_template) 3795 } 3796 }, { 3797 .alg = "rfc3686(ctr(aes))", 3798 .test = alg_test_skcipher, 3799 .fips_allowed = 1, 3800 .suite = { 3801 .cipher = __VECS(aes_ctr_rfc3686_tv_template) 3802 } 3803 }, { 3804 .alg = "rfc4106(gcm(aes))", 3805 .test = alg_test_aead, 3806 .fips_allowed = 1, 3807 .suite = { 3808 .aead = __VECS(aes_gcm_rfc4106_tv_template) 3809 } 3810 }, { 3811 .alg = "rfc4309(ccm(aes))", 3812 .test = alg_test_aead, 3813 .fips_allowed = 1, 3814 .suite = { 3815 .aead = __VECS(aes_ccm_rfc4309_tv_template) 3816 } 3817 }, { 3818 .alg = "rfc4543(gcm(aes))", 3819 .test = alg_test_aead, 3820 .suite = { 3821 .aead = __VECS(aes_gcm_rfc4543_tv_template) 3822 } 3823 }, { 3824 .alg = "rfc7539(chacha20,poly1305)", 3825 .test = alg_test_aead, 3826 .suite = { 3827 .aead = __VECS(rfc7539_tv_template) 3828 } 3829 }, { 3830 .alg = "rfc7539esp(chacha20,poly1305)", 3831 .test = alg_test_aead, 3832 .suite = { 3833 .aead = __VECS(rfc7539esp_tv_template) 3834 } 3835 }, { 3836 .alg = "rmd128", 3837 .test = alg_test_hash, 3838 .suite = { 3839 .hash = __VECS(rmd128_tv_template) 3840 } 3841 }, { 3842 .alg = "rmd160", 3843 .test = alg_test_hash, 3844 .suite = { 3845 .hash = __VECS(rmd160_tv_template) 3846 } 3847 }, { 3848 .alg = "rmd256", 3849 .test = alg_test_hash, 3850 .suite = { 3851 .hash = __VECS(rmd256_tv_template) 3852 } 3853 }, { 3854 .alg = "rmd320", 3855 .test = alg_test_hash, 3856 .suite = { 3857 .hash = __VECS(rmd320_tv_template) 3858 } 3859 }, { 3860 .alg = "rsa", 3861 .test = alg_test_akcipher, 3862 .fips_allowed = 1, 3863 .suite = { 3864 .akcipher = __VECS(rsa_tv_template) 3865 } 3866 }, { 3867 .alg = "salsa20", 3868 .test = alg_test_skcipher, 3869 .suite = { 3870 .cipher = __VECS(salsa20_stream_tv_template) 3871 } 3872 }, { 3873 .alg = "sha1", 3874 .test = alg_test_hash, 3875 .fips_allowed = 1, 3876 .suite = { 3877 .hash = __VECS(sha1_tv_template) 3878 } 3879 }, { 3880 .alg = "sha224", 3881 .test = alg_test_hash, 3882 .fips_allowed = 1, 3883 .suite = { 3884 .hash = __VECS(sha224_tv_template) 3885 } 3886 }, { 3887 .alg = "sha256", 3888 .test = alg_test_hash, 3889 .fips_allowed = 1, 3890 .suite = { 3891 .hash = __VECS(sha256_tv_template) 3892 } 3893 }, { 3894 .alg = "sha3-224", 3895 .test = alg_test_hash, 3896 .fips_allowed = 1, 3897 .suite = { 3898 .hash = __VECS(sha3_224_tv_template) 3899 } 3900 }, { 3901 .alg = "sha3-256", 3902 .test = alg_test_hash, 3903 .fips_allowed = 1, 3904 .suite = { 3905 .hash = __VECS(sha3_256_tv_template) 3906 } 3907 }, { 3908 .alg = "sha3-384", 3909 .test = alg_test_hash, 3910 .fips_allowed = 1, 3911 .suite = { 3912 .hash = __VECS(sha3_384_tv_template) 3913 } 3914 }, { 3915 .alg = "sha3-512", 3916 .test = alg_test_hash, 3917 .fips_allowed = 1, 3918 .suite = { 3919 .hash = __VECS(sha3_512_tv_template) 3920 } 3921 }, { 3922 .alg = "sha384", 3923 .test = alg_test_hash, 3924 .fips_allowed = 1, 3925 .suite = { 3926 .hash = __VECS(sha384_tv_template) 3927 } 3928 }, { 3929 .alg = "sha512", 3930 .test = alg_test_hash, 3931 .fips_allowed = 1, 3932 .suite = { 3933 .hash = __VECS(sha512_tv_template) 3934 } 3935 }, { 3936 .alg = "sm3", 3937 .test = alg_test_hash, 3938 .suite = { 3939 .hash = __VECS(sm3_tv_template) 3940 } 3941 }, { 3942 .alg = "streebog256", 3943 .test = alg_test_hash, 3944 .suite = { 3945 .hash = __VECS(streebog256_tv_template) 3946 } 3947 }, { 3948 .alg = "streebog512", 3949 .test = alg_test_hash, 3950 .suite = { 3951 .hash = __VECS(streebog512_tv_template) 3952 } 3953 }, { 3954 .alg = "tgr128", 3955 .test = alg_test_hash, 3956 .suite = { 3957 .hash = __VECS(tgr128_tv_template) 3958 } 3959 }, { 3960 .alg = "tgr160", 3961 .test = alg_test_hash, 3962 .suite = { 3963 .hash = __VECS(tgr160_tv_template) 3964 } 3965 }, { 3966 .alg = "tgr192", 3967 .test = alg_test_hash, 3968 .suite = { 3969 .hash = __VECS(tgr192_tv_template) 3970 } 3971 }, { 3972 .alg = "vmac64(aes)", 3973 .test = alg_test_hash, 3974 .suite = { 3975 .hash = __VECS(vmac64_aes_tv_template) 3976 } 3977 }, { 3978 .alg = "wp256", 3979 .test = alg_test_hash, 3980 .suite = { 3981 .hash = __VECS(wp256_tv_template) 3982 } 3983 }, { 3984 .alg = "wp384", 3985 .test = alg_test_hash, 3986 .suite = { 3987 .hash = __VECS(wp384_tv_template) 3988 } 3989 }, { 3990 .alg = "wp512", 3991 .test = alg_test_hash, 3992 .suite = { 3993 .hash = __VECS(wp512_tv_template) 3994 } 3995 }, { 3996 .alg = "xcbc(aes)", 3997 .test = alg_test_hash, 3998 .suite = { 3999 .hash = __VECS(aes_xcbc128_tv_template) 4000 } 4001 }, { 4002 .alg = "xchacha12", 4003 .test = alg_test_skcipher, 4004 .suite = { 4005 .cipher = __VECS(xchacha12_tv_template) 4006 }, 4007 }, { 4008 .alg = "xchacha20", 4009 .test = alg_test_skcipher, 4010 .suite = { 4011 .cipher = __VECS(xchacha20_tv_template) 4012 }, 4013 }, { 4014 .alg = "xts(aes)", 4015 .test = alg_test_skcipher, 4016 .fips_allowed = 1, 4017 .suite = { 4018 .cipher = __VECS(aes_xts_tv_template) 4019 } 4020 }, { 4021 .alg = "xts(camellia)", 4022 .test = alg_test_skcipher, 4023 .suite = { 4024 .cipher = __VECS(camellia_xts_tv_template) 4025 } 4026 }, { 4027 .alg = "xts(cast6)", 4028 .test = alg_test_skcipher, 4029 .suite = { 4030 .cipher = __VECS(cast6_xts_tv_template) 4031 } 4032 }, { 4033 /* Same as xts(aes) except the key is stored in 4034 * hardware secure memory which we reference by index 4035 */ 4036 .alg = "xts(paes)", 4037 .test = alg_test_null, 4038 .fips_allowed = 1, 4039 }, { 4040 .alg = "xts(serpent)", 4041 .test = alg_test_skcipher, 4042 .suite = { 4043 .cipher = __VECS(serpent_xts_tv_template) 4044 } 4045 }, { 4046 .alg = "xts(twofish)", 4047 .test = alg_test_skcipher, 4048 .suite = { 4049 .cipher = __VECS(tf_xts_tv_template) 4050 } 4051 }, { 4052 .alg = "xts4096(paes)", 4053 .test = alg_test_null, 4054 .fips_allowed = 1, 4055 }, { 4056 .alg = "xts512(paes)", 4057 .test = alg_test_null, 4058 .fips_allowed = 1, 4059 }, { 4060 .alg = "zlib-deflate", 4061 .test = alg_test_comp, 4062 .fips_allowed = 1, 4063 .suite = { 4064 .comp = { 4065 .comp = __VECS(zlib_deflate_comp_tv_template), 4066 .decomp = __VECS(zlib_deflate_decomp_tv_template) 4067 } 4068 } 4069 }, { 4070 .alg = "zstd", 4071 .test = alg_test_comp, 4072 .fips_allowed = 1, 4073 .suite = { 4074 .comp = { 4075 .comp = __VECS(zstd_comp_tv_template), 4076 .decomp = __VECS(zstd_decomp_tv_template) 4077 } 4078 } 4079 } 4080 }; 4081 4082 static void alg_check_test_descs_order(void) 4083 { 4084 int i; 4085 4086 for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) { 4087 int diff = strcmp(alg_test_descs[i - 1].alg, 4088 alg_test_descs[i].alg); 4089 4090 if (WARN_ON(diff > 0)) { 4091 pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n", 4092 alg_test_descs[i - 1].alg, 4093 alg_test_descs[i].alg); 4094 } 4095 4096 if (WARN_ON(diff == 0)) { 4097 pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n", 4098 alg_test_descs[i].alg); 4099 } 4100 } 4101 } 4102 4103 static void alg_check_testvec_configs(void) 4104 { 4105 int i; 4106 4107 for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) 4108 WARN_ON(!valid_testvec_config( 4109 &default_cipher_testvec_configs[i])); 4110 4111 for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++) 4112 WARN_ON(!valid_testvec_config( 4113 &default_hash_testvec_configs[i])); 4114 } 4115 4116 static void testmgr_onetime_init(void) 4117 { 4118 alg_check_test_descs_order(); 4119 alg_check_testvec_configs(); 4120 4121 #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS 4122 pr_warn("alg: extra crypto tests enabled. This is intended for developer use only.\n"); 4123 #endif 4124 } 4125 4126 static int alg_find_test(const char *alg) 4127 { 4128 int start = 0; 4129 int end = ARRAY_SIZE(alg_test_descs); 4130 4131 while (start < end) { 4132 int i = (start + end) / 2; 4133 int diff = strcmp(alg_test_descs[i].alg, alg); 4134 4135 if (diff > 0) { 4136 end = i; 4137 continue; 4138 } 4139 4140 if (diff < 0) { 4141 start = i + 1; 4142 continue; 4143 } 4144 4145 return i; 4146 } 4147 4148 return -1; 4149 } 4150 4151 int alg_test(const char *driver, const char *alg, u32 type, u32 mask) 4152 { 4153 int i; 4154 int j; 4155 int rc; 4156 4157 if (!fips_enabled && notests) { 4158 printk_once(KERN_INFO "alg: self-tests disabled\n"); 4159 return 0; 4160 } 4161 4162 DO_ONCE(testmgr_onetime_init); 4163 4164 if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) { 4165 char nalg[CRYPTO_MAX_ALG_NAME]; 4166 4167 if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >= 4168 sizeof(nalg)) 4169 return -ENAMETOOLONG; 4170 4171 i = alg_find_test(nalg); 4172 if (i < 0) 4173 goto notest; 4174 4175 if (fips_enabled && !alg_test_descs[i].fips_allowed) 4176 goto non_fips_alg; 4177 4178 rc = alg_test_cipher(alg_test_descs + i, driver, type, mask); 4179 goto test_done; 4180 } 4181 4182 i = alg_find_test(alg); 4183 j = alg_find_test(driver); 4184 if (i < 0 && j < 0) 4185 goto notest; 4186 4187 if (fips_enabled && ((i >= 0 && !alg_test_descs[i].fips_allowed) || 4188 (j >= 0 && !alg_test_descs[j].fips_allowed))) 4189 goto non_fips_alg; 4190 4191 rc = 0; 4192 if (i >= 0) 4193 rc |= alg_test_descs[i].test(alg_test_descs + i, driver, 4194 type, mask); 4195 if (j >= 0 && j != i) 4196 rc |= alg_test_descs[j].test(alg_test_descs + j, driver, 4197 type, mask); 4198 4199 test_done: 4200 if (rc && (fips_enabled || panic_on_fail)) 4201 panic("alg: self-tests for %s (%s) failed in %s mode!\n", 4202 driver, alg, fips_enabled ? "fips" : "panic_on_fail"); 4203 4204 if (fips_enabled && !rc) 4205 pr_info("alg: self-tests for %s (%s) passed\n", driver, alg); 4206 4207 return rc; 4208 4209 notest: 4210 printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver); 4211 return 0; 4212 non_fips_alg: 4213 return -EINVAL; 4214 } 4215 4216 #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */ 4217 4218 EXPORT_SYMBOL_GPL(alg_test); 4219