xref: /openbmc/linux/crypto/testmgr.c (revision e6e8c82b)
1 /*
2  * Algorithm testing framework and tests.
3  *
4  * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
5  * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
6  * Copyright (c) 2007 Nokia Siemens Networks
7  * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
8  *
9  * Updated RFC4106 AES-GCM testing.
10  *    Authors: Aidan O'Mahony (aidan.o.mahony@intel.com)
11  *             Adrian Hoban <adrian.hoban@intel.com>
12  *             Gabriele Paoloni <gabriele.paoloni@intel.com>
13  *             Tadeusz Struk (tadeusz.struk@intel.com)
14  *    Copyright (c) 2010, Intel Corporation.
15  *
16  * This program is free software; you can redistribute it and/or modify it
17  * under the terms of the GNU General Public License as published by the Free
18  * Software Foundation; either version 2 of the License, or (at your option)
19  * any later version.
20  *
21  */
22 
23 #include <crypto/aead.h>
24 #include <crypto/hash.h>
25 #include <crypto/skcipher.h>
26 #include <linux/err.h>
27 #include <linux/fips.h>
28 #include <linux/module.h>
29 #include <linux/scatterlist.h>
30 #include <linux/slab.h>
31 #include <linux/string.h>
32 #include <crypto/rng.h>
33 #include <crypto/drbg.h>
34 #include <crypto/akcipher.h>
35 #include <crypto/kpp.h>
36 #include <crypto/acompress.h>
37 
38 #include "internal.h"
39 
40 static bool notests;
41 module_param(notests, bool, 0644);
42 MODULE_PARM_DESC(notests, "disable crypto self-tests");
43 
44 #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
45 
46 /* a perfect nop */
47 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
48 {
49 	return 0;
50 }
51 
52 #else
53 
54 #include "testmgr.h"
55 
56 /*
57  * Need slab memory for testing (size in number of pages).
58  */
59 #define XBUFSIZE	8
60 
61 /*
62  * Indexes into the xbuf to simulate cross-page access.
63  */
64 #define IDX1		32
65 #define IDX2		32400
66 #define IDX3		1511
67 #define IDX4		8193
68 #define IDX5		22222
69 #define IDX6		17101
70 #define IDX7		27333
71 #define IDX8		3000
72 
73 /*
74 * Used by test_cipher()
75 */
76 #define ENCRYPT 1
77 #define DECRYPT 0
78 
79 struct aead_test_suite {
80 	struct {
81 		const struct aead_testvec *vecs;
82 		unsigned int count;
83 	} enc, dec;
84 };
85 
86 struct cipher_test_suite {
87 	const struct cipher_testvec *vecs;
88 	unsigned int count;
89 };
90 
91 struct comp_test_suite {
92 	struct {
93 		const struct comp_testvec *vecs;
94 		unsigned int count;
95 	} comp, decomp;
96 };
97 
98 struct hash_test_suite {
99 	const struct hash_testvec *vecs;
100 	unsigned int count;
101 };
102 
103 struct cprng_test_suite {
104 	const struct cprng_testvec *vecs;
105 	unsigned int count;
106 };
107 
108 struct drbg_test_suite {
109 	const struct drbg_testvec *vecs;
110 	unsigned int count;
111 };
112 
113 struct akcipher_test_suite {
114 	const struct akcipher_testvec *vecs;
115 	unsigned int count;
116 };
117 
118 struct kpp_test_suite {
119 	const struct kpp_testvec *vecs;
120 	unsigned int count;
121 };
122 
123 struct alg_test_desc {
124 	const char *alg;
125 	int (*test)(const struct alg_test_desc *desc, const char *driver,
126 		    u32 type, u32 mask);
127 	int fips_allowed;	/* set if alg is allowed in fips mode */
128 
129 	union {
130 		struct aead_test_suite aead;
131 		struct cipher_test_suite cipher;
132 		struct comp_test_suite comp;
133 		struct hash_test_suite hash;
134 		struct cprng_test_suite cprng;
135 		struct drbg_test_suite drbg;
136 		struct akcipher_test_suite akcipher;
137 		struct kpp_test_suite kpp;
138 	} suite;
139 };
140 
141 static const unsigned int IDX[8] = {
142 	IDX1, IDX2, IDX3, IDX4, IDX5, IDX6, IDX7, IDX8 };
143 
144 static void hexdump(unsigned char *buf, unsigned int len)
145 {
146 	print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
147 			16, 1,
148 			buf, len, false);
149 }
150 
151 static int testmgr_alloc_buf(char *buf[XBUFSIZE])
152 {
153 	int i;
154 
155 	for (i = 0; i < XBUFSIZE; i++) {
156 		buf[i] = (void *)__get_free_page(GFP_KERNEL);
157 		if (!buf[i])
158 			goto err_free_buf;
159 	}
160 
161 	return 0;
162 
163 err_free_buf:
164 	while (i-- > 0)
165 		free_page((unsigned long)buf[i]);
166 
167 	return -ENOMEM;
168 }
169 
170 static void testmgr_free_buf(char *buf[XBUFSIZE])
171 {
172 	int i;
173 
174 	for (i = 0; i < XBUFSIZE; i++)
175 		free_page((unsigned long)buf[i]);
176 }
177 
178 static int ahash_guard_result(char *result, char c, int size)
179 {
180 	int i;
181 
182 	for (i = 0; i < size; i++) {
183 		if (result[i] != c)
184 			return -EINVAL;
185 	}
186 
187 	return 0;
188 }
189 
190 static int ahash_partial_update(struct ahash_request **preq,
191 	struct crypto_ahash *tfm, const struct hash_testvec *template,
192 	void *hash_buff, int k, int temp, struct scatterlist *sg,
193 	const char *algo, char *result, struct crypto_wait *wait)
194 {
195 	char *state;
196 	struct ahash_request *req;
197 	int statesize, ret = -EINVAL;
198 	static const unsigned char guard[] = { 0x00, 0xba, 0xad, 0x00 };
199 	int digestsize = crypto_ahash_digestsize(tfm);
200 
201 	req = *preq;
202 	statesize = crypto_ahash_statesize(
203 			crypto_ahash_reqtfm(req));
204 	state = kmalloc(statesize + sizeof(guard), GFP_KERNEL);
205 	if (!state) {
206 		pr_err("alg: hash: Failed to alloc state for %s\n", algo);
207 		goto out_nostate;
208 	}
209 	memcpy(state + statesize, guard, sizeof(guard));
210 	memset(result, 1, digestsize);
211 	ret = crypto_ahash_export(req, state);
212 	WARN_ON(memcmp(state + statesize, guard, sizeof(guard)));
213 	if (ret) {
214 		pr_err("alg: hash: Failed to export() for %s\n", algo);
215 		goto out;
216 	}
217 	ret = ahash_guard_result(result, 1, digestsize);
218 	if (ret) {
219 		pr_err("alg: hash: Failed, export used req->result for %s\n",
220 		       algo);
221 		goto out;
222 	}
223 	ahash_request_free(req);
224 	req = ahash_request_alloc(tfm, GFP_KERNEL);
225 	if (!req) {
226 		pr_err("alg: hash: Failed to alloc request for %s\n", algo);
227 		goto out_noreq;
228 	}
229 	ahash_request_set_callback(req,
230 		CRYPTO_TFM_REQ_MAY_BACKLOG,
231 		crypto_req_done, wait);
232 
233 	memcpy(hash_buff, template->plaintext + temp,
234 		template->tap[k]);
235 	sg_init_one(&sg[0], hash_buff, template->tap[k]);
236 	ahash_request_set_crypt(req, sg, result, template->tap[k]);
237 	ret = crypto_ahash_import(req, state);
238 	if (ret) {
239 		pr_err("alg: hash: Failed to import() for %s\n", algo);
240 		goto out;
241 	}
242 	ret = ahash_guard_result(result, 1, digestsize);
243 	if (ret) {
244 		pr_err("alg: hash: Failed, import used req->result for %s\n",
245 		       algo);
246 		goto out;
247 	}
248 	ret = crypto_wait_req(crypto_ahash_update(req), wait);
249 	if (ret)
250 		goto out;
251 	*preq = req;
252 	ret = 0;
253 	goto out_noreq;
254 out:
255 	ahash_request_free(req);
256 out_noreq:
257 	kfree(state);
258 out_nostate:
259 	return ret;
260 }
261 
262 enum hash_test {
263 	HASH_TEST_DIGEST,
264 	HASH_TEST_FINAL,
265 	HASH_TEST_FINUP
266 };
267 
268 static int __test_hash(struct crypto_ahash *tfm,
269 		       const struct hash_testvec *template, unsigned int tcount,
270 		       enum hash_test test_type, const int align_offset)
271 {
272 	const char *algo = crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
273 	size_t digest_size = crypto_ahash_digestsize(tfm);
274 	unsigned int i, j, k, temp;
275 	struct scatterlist sg[8];
276 	char *result;
277 	char *key;
278 	struct ahash_request *req;
279 	struct crypto_wait wait;
280 	void *hash_buff;
281 	char *xbuf[XBUFSIZE];
282 	int ret = -ENOMEM;
283 
284 	result = kmalloc(digest_size, GFP_KERNEL);
285 	if (!result)
286 		return ret;
287 	key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
288 	if (!key)
289 		goto out_nobuf;
290 	if (testmgr_alloc_buf(xbuf))
291 		goto out_nobuf;
292 
293 	crypto_init_wait(&wait);
294 
295 	req = ahash_request_alloc(tfm, GFP_KERNEL);
296 	if (!req) {
297 		printk(KERN_ERR "alg: hash: Failed to allocate request for "
298 		       "%s\n", algo);
299 		goto out_noreq;
300 	}
301 	ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
302 				   crypto_req_done, &wait);
303 
304 	j = 0;
305 	for (i = 0; i < tcount; i++) {
306 		if (template[i].np)
307 			continue;
308 
309 		ret = -EINVAL;
310 		if (WARN_ON(align_offset + template[i].psize > PAGE_SIZE))
311 			goto out;
312 
313 		j++;
314 		memset(result, 0, digest_size);
315 
316 		hash_buff = xbuf[0];
317 		hash_buff += align_offset;
318 
319 		memcpy(hash_buff, template[i].plaintext, template[i].psize);
320 		sg_init_one(&sg[0], hash_buff, template[i].psize);
321 
322 		if (template[i].ksize) {
323 			crypto_ahash_clear_flags(tfm, ~0);
324 			if (template[i].ksize > MAX_KEYLEN) {
325 				pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
326 				       j, algo, template[i].ksize, MAX_KEYLEN);
327 				ret = -EINVAL;
328 				goto out;
329 			}
330 			memcpy(key, template[i].key, template[i].ksize);
331 			ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
332 			if (ret) {
333 				printk(KERN_ERR "alg: hash: setkey failed on "
334 				       "test %d for %s: ret=%d\n", j, algo,
335 				       -ret);
336 				goto out;
337 			}
338 		}
339 
340 		ahash_request_set_crypt(req, sg, result, template[i].psize);
341 		switch (test_type) {
342 		case HASH_TEST_DIGEST:
343 			ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
344 			if (ret) {
345 				pr_err("alg: hash: digest failed on test %d "
346 				       "for %s: ret=%d\n", j, algo, -ret);
347 				goto out;
348 			}
349 			break;
350 
351 		case HASH_TEST_FINAL:
352 			memset(result, 1, digest_size);
353 			ret = crypto_wait_req(crypto_ahash_init(req), &wait);
354 			if (ret) {
355 				pr_err("alg: hash: init failed on test %d "
356 				       "for %s: ret=%d\n", j, algo, -ret);
357 				goto out;
358 			}
359 			ret = ahash_guard_result(result, 1, digest_size);
360 			if (ret) {
361 				pr_err("alg: hash: init failed on test %d "
362 				       "for %s: used req->result\n", j, algo);
363 				goto out;
364 			}
365 			ret = crypto_wait_req(crypto_ahash_update(req), &wait);
366 			if (ret) {
367 				pr_err("alg: hash: update failed on test %d "
368 				       "for %s: ret=%d\n", j, algo, -ret);
369 				goto out;
370 			}
371 			ret = ahash_guard_result(result, 1, digest_size);
372 			if (ret) {
373 				pr_err("alg: hash: update failed on test %d "
374 				       "for %s: used req->result\n", j, algo);
375 				goto out;
376 			}
377 			ret = crypto_wait_req(crypto_ahash_final(req), &wait);
378 			if (ret) {
379 				pr_err("alg: hash: final failed on test %d "
380 				       "for %s: ret=%d\n", j, algo, -ret);
381 				goto out;
382 			}
383 			break;
384 
385 		case HASH_TEST_FINUP:
386 			memset(result, 1, digest_size);
387 			ret = crypto_wait_req(crypto_ahash_init(req), &wait);
388 			if (ret) {
389 				pr_err("alg: hash: init failed on test %d "
390 				       "for %s: ret=%d\n", j, algo, -ret);
391 				goto out;
392 			}
393 			ret = ahash_guard_result(result, 1, digest_size);
394 			if (ret) {
395 				pr_err("alg: hash: init failed on test %d "
396 				       "for %s: used req->result\n", j, algo);
397 				goto out;
398 			}
399 			ret = crypto_wait_req(crypto_ahash_finup(req), &wait);
400 			if (ret) {
401 				pr_err("alg: hash: final failed on test %d "
402 				       "for %s: ret=%d\n", j, algo, -ret);
403 				goto out;
404 			}
405 			break;
406 		}
407 
408 		if (memcmp(result, template[i].digest,
409 			   crypto_ahash_digestsize(tfm))) {
410 			printk(KERN_ERR "alg: hash: Test %d failed for %s\n",
411 			       j, algo);
412 			hexdump(result, crypto_ahash_digestsize(tfm));
413 			ret = -EINVAL;
414 			goto out;
415 		}
416 	}
417 
418 	if (test_type)
419 		goto out;
420 
421 	j = 0;
422 	for (i = 0; i < tcount; i++) {
423 		/* alignment tests are only done with continuous buffers */
424 		if (align_offset != 0)
425 			break;
426 
427 		if (!template[i].np)
428 			continue;
429 
430 		j++;
431 		memset(result, 0, digest_size);
432 
433 		temp = 0;
434 		sg_init_table(sg, template[i].np);
435 		ret = -EINVAL;
436 		for (k = 0; k < template[i].np; k++) {
437 			if (WARN_ON(offset_in_page(IDX[k]) +
438 				    template[i].tap[k] > PAGE_SIZE))
439 				goto out;
440 			sg_set_buf(&sg[k],
441 				   memcpy(xbuf[IDX[k] >> PAGE_SHIFT] +
442 					  offset_in_page(IDX[k]),
443 					  template[i].plaintext + temp,
444 					  template[i].tap[k]),
445 				   template[i].tap[k]);
446 			temp += template[i].tap[k];
447 		}
448 
449 		if (template[i].ksize) {
450 			if (template[i].ksize > MAX_KEYLEN) {
451 				pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
452 				       j, algo, template[i].ksize, MAX_KEYLEN);
453 				ret = -EINVAL;
454 				goto out;
455 			}
456 			crypto_ahash_clear_flags(tfm, ~0);
457 			memcpy(key, template[i].key, template[i].ksize);
458 			ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
459 
460 			if (ret) {
461 				printk(KERN_ERR "alg: hash: setkey "
462 				       "failed on chunking test %d "
463 				       "for %s: ret=%d\n", j, algo, -ret);
464 				goto out;
465 			}
466 		}
467 
468 		ahash_request_set_crypt(req, sg, result, template[i].psize);
469 		ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
470 		if (ret) {
471 			pr_err("alg: hash: digest failed on chunking test %d for %s: ret=%d\n",
472 			       j, algo, -ret);
473 			goto out;
474 		}
475 
476 		if (memcmp(result, template[i].digest,
477 			   crypto_ahash_digestsize(tfm))) {
478 			printk(KERN_ERR "alg: hash: Chunking test %d "
479 			       "failed for %s\n", j, algo);
480 			hexdump(result, crypto_ahash_digestsize(tfm));
481 			ret = -EINVAL;
482 			goto out;
483 		}
484 	}
485 
486 	/* partial update exercise */
487 	j = 0;
488 	for (i = 0; i < tcount; i++) {
489 		/* alignment tests are only done with continuous buffers */
490 		if (align_offset != 0)
491 			break;
492 
493 		if (template[i].np < 2)
494 			continue;
495 
496 		j++;
497 		memset(result, 0, digest_size);
498 
499 		ret = -EINVAL;
500 		hash_buff = xbuf[0];
501 		memcpy(hash_buff, template[i].plaintext,
502 			template[i].tap[0]);
503 		sg_init_one(&sg[0], hash_buff, template[i].tap[0]);
504 
505 		if (template[i].ksize) {
506 			crypto_ahash_clear_flags(tfm, ~0);
507 			if (template[i].ksize > MAX_KEYLEN) {
508 				pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
509 					j, algo, template[i].ksize, MAX_KEYLEN);
510 				ret = -EINVAL;
511 				goto out;
512 			}
513 			memcpy(key, template[i].key, template[i].ksize);
514 			ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
515 			if (ret) {
516 				pr_err("alg: hash: setkey failed on test %d for %s: ret=%d\n",
517 					j, algo, -ret);
518 				goto out;
519 			}
520 		}
521 
522 		ahash_request_set_crypt(req, sg, result, template[i].tap[0]);
523 		ret = crypto_wait_req(crypto_ahash_init(req), &wait);
524 		if (ret) {
525 			pr_err("alg: hash: init failed on test %d for %s: ret=%d\n",
526 				j, algo, -ret);
527 			goto out;
528 		}
529 		ret = crypto_wait_req(crypto_ahash_update(req), &wait);
530 		if (ret) {
531 			pr_err("alg: hash: update failed on test %d for %s: ret=%d\n",
532 				j, algo, -ret);
533 			goto out;
534 		}
535 
536 		temp = template[i].tap[0];
537 		for (k = 1; k < template[i].np; k++) {
538 			ret = ahash_partial_update(&req, tfm, &template[i],
539 				hash_buff, k, temp, &sg[0], algo, result,
540 				&wait);
541 			if (ret) {
542 				pr_err("alg: hash: partial update failed on test %d for %s: ret=%d\n",
543 					j, algo, -ret);
544 				goto out_noreq;
545 			}
546 			temp += template[i].tap[k];
547 		}
548 		ret = crypto_wait_req(crypto_ahash_final(req), &wait);
549 		if (ret) {
550 			pr_err("alg: hash: final failed on test %d for %s: ret=%d\n",
551 				j, algo, -ret);
552 			goto out;
553 		}
554 		if (memcmp(result, template[i].digest,
555 			   crypto_ahash_digestsize(tfm))) {
556 			pr_err("alg: hash: Partial Test %d failed for %s\n",
557 			       j, algo);
558 			hexdump(result, crypto_ahash_digestsize(tfm));
559 			ret = -EINVAL;
560 			goto out;
561 		}
562 	}
563 
564 	ret = 0;
565 
566 out:
567 	ahash_request_free(req);
568 out_noreq:
569 	testmgr_free_buf(xbuf);
570 out_nobuf:
571 	kfree(key);
572 	kfree(result);
573 	return ret;
574 }
575 
576 static int test_hash(struct crypto_ahash *tfm,
577 		     const struct hash_testvec *template,
578 		     unsigned int tcount, enum hash_test test_type)
579 {
580 	unsigned int alignmask;
581 	int ret;
582 
583 	ret = __test_hash(tfm, template, tcount, test_type, 0);
584 	if (ret)
585 		return ret;
586 
587 	/* test unaligned buffers, check with one byte offset */
588 	ret = __test_hash(tfm, template, tcount, test_type, 1);
589 	if (ret)
590 		return ret;
591 
592 	alignmask = crypto_tfm_alg_alignmask(&tfm->base);
593 	if (alignmask) {
594 		/* Check if alignment mask for tfm is correctly set. */
595 		ret = __test_hash(tfm, template, tcount, test_type,
596 				  alignmask + 1);
597 		if (ret)
598 			return ret;
599 	}
600 
601 	return 0;
602 }
603 
604 static int __test_aead(struct crypto_aead *tfm, int enc,
605 		       const struct aead_testvec *template, unsigned int tcount,
606 		       const bool diff_dst, const int align_offset)
607 {
608 	const char *algo = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
609 	unsigned int i, j, k, n, temp;
610 	int ret = -ENOMEM;
611 	char *q;
612 	char *key;
613 	struct aead_request *req;
614 	struct scatterlist *sg;
615 	struct scatterlist *sgout;
616 	const char *e, *d;
617 	struct crypto_wait wait;
618 	unsigned int authsize, iv_len;
619 	void *input;
620 	void *output;
621 	void *assoc;
622 	char *iv;
623 	char *xbuf[XBUFSIZE];
624 	char *xoutbuf[XBUFSIZE];
625 	char *axbuf[XBUFSIZE];
626 
627 	iv = kzalloc(MAX_IVLEN, GFP_KERNEL);
628 	if (!iv)
629 		return ret;
630 	key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
631 	if (!key)
632 		goto out_noxbuf;
633 	if (testmgr_alloc_buf(xbuf))
634 		goto out_noxbuf;
635 	if (testmgr_alloc_buf(axbuf))
636 		goto out_noaxbuf;
637 	if (diff_dst && testmgr_alloc_buf(xoutbuf))
638 		goto out_nooutbuf;
639 
640 	/* avoid "the frame size is larger than 1024 bytes" compiler warning */
641 	sg = kmalloc(array3_size(sizeof(*sg), 8, (diff_dst ? 4 : 2)),
642 		     GFP_KERNEL);
643 	if (!sg)
644 		goto out_nosg;
645 	sgout = &sg[16];
646 
647 	if (diff_dst)
648 		d = "-ddst";
649 	else
650 		d = "";
651 
652 	if (enc == ENCRYPT)
653 		e = "encryption";
654 	else
655 		e = "decryption";
656 
657 	crypto_init_wait(&wait);
658 
659 	req = aead_request_alloc(tfm, GFP_KERNEL);
660 	if (!req) {
661 		pr_err("alg: aead%s: Failed to allocate request for %s\n",
662 		       d, algo);
663 		goto out;
664 	}
665 
666 	aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
667 				  crypto_req_done, &wait);
668 
669 	iv_len = crypto_aead_ivsize(tfm);
670 
671 	for (i = 0, j = 0; i < tcount; i++) {
672 		if (template[i].np)
673 			continue;
674 
675 		j++;
676 
677 		/* some templates have no input data but they will
678 		 * touch input
679 		 */
680 		input = xbuf[0];
681 		input += align_offset;
682 		assoc = axbuf[0];
683 
684 		ret = -EINVAL;
685 		if (WARN_ON(align_offset + template[i].ilen >
686 			    PAGE_SIZE || template[i].alen > PAGE_SIZE))
687 			goto out;
688 
689 		memcpy(input, template[i].input, template[i].ilen);
690 		memcpy(assoc, template[i].assoc, template[i].alen);
691 		if (template[i].iv)
692 			memcpy(iv, template[i].iv, iv_len);
693 		else
694 			memset(iv, 0, iv_len);
695 
696 		crypto_aead_clear_flags(tfm, ~0);
697 		if (template[i].wk)
698 			crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
699 
700 		if (template[i].klen > MAX_KEYLEN) {
701 			pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
702 			       d, j, algo, template[i].klen,
703 			       MAX_KEYLEN);
704 			ret = -EINVAL;
705 			goto out;
706 		}
707 		memcpy(key, template[i].key, template[i].klen);
708 
709 		ret = crypto_aead_setkey(tfm, key, template[i].klen);
710 		if (template[i].fail == !ret) {
711 			pr_err("alg: aead%s: setkey failed on test %d for %s: flags=%x\n",
712 			       d, j, algo, crypto_aead_get_flags(tfm));
713 			goto out;
714 		} else if (ret)
715 			continue;
716 
717 		authsize = abs(template[i].rlen - template[i].ilen);
718 		ret = crypto_aead_setauthsize(tfm, authsize);
719 		if (ret) {
720 			pr_err("alg: aead%s: Failed to set authsize to %u on test %d for %s\n",
721 			       d, authsize, j, algo);
722 			goto out;
723 		}
724 
725 		k = !!template[i].alen;
726 		sg_init_table(sg, k + 1);
727 		sg_set_buf(&sg[0], assoc, template[i].alen);
728 		sg_set_buf(&sg[k], input,
729 			   template[i].ilen + (enc ? authsize : 0));
730 		output = input;
731 
732 		if (diff_dst) {
733 			sg_init_table(sgout, k + 1);
734 			sg_set_buf(&sgout[0], assoc, template[i].alen);
735 
736 			output = xoutbuf[0];
737 			output += align_offset;
738 			sg_set_buf(&sgout[k], output,
739 				   template[i].rlen + (enc ? 0 : authsize));
740 		}
741 
742 		aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
743 				       template[i].ilen, iv);
744 
745 		aead_request_set_ad(req, template[i].alen);
746 
747 		ret = crypto_wait_req(enc ? crypto_aead_encrypt(req)
748 				      : crypto_aead_decrypt(req), &wait);
749 
750 		switch (ret) {
751 		case 0:
752 			if (template[i].novrfy) {
753 				/* verification was supposed to fail */
754 				pr_err("alg: aead%s: %s failed on test %d for %s: ret was 0, expected -EBADMSG\n",
755 				       d, e, j, algo);
756 				/* so really, we got a bad message */
757 				ret = -EBADMSG;
758 				goto out;
759 			}
760 			break;
761 		case -EBADMSG:
762 			if (template[i].novrfy)
763 				/* verification failure was expected */
764 				continue;
765 			/* fall through */
766 		default:
767 			pr_err("alg: aead%s: %s failed on test %d for %s: ret=%d\n",
768 			       d, e, j, algo, -ret);
769 			goto out;
770 		}
771 
772 		q = output;
773 		if (memcmp(q, template[i].result, template[i].rlen)) {
774 			pr_err("alg: aead%s: Test %d failed on %s for %s\n",
775 			       d, j, e, algo);
776 			hexdump(q, template[i].rlen);
777 			ret = -EINVAL;
778 			goto out;
779 		}
780 	}
781 
782 	for (i = 0, j = 0; i < tcount; i++) {
783 		/* alignment tests are only done with continuous buffers */
784 		if (align_offset != 0)
785 			break;
786 
787 		if (!template[i].np)
788 			continue;
789 
790 		j++;
791 
792 		if (template[i].iv)
793 			memcpy(iv, template[i].iv, iv_len);
794 		else
795 			memset(iv, 0, MAX_IVLEN);
796 
797 		crypto_aead_clear_flags(tfm, ~0);
798 		if (template[i].wk)
799 			crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
800 		if (template[i].klen > MAX_KEYLEN) {
801 			pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
802 			       d, j, algo, template[i].klen, MAX_KEYLEN);
803 			ret = -EINVAL;
804 			goto out;
805 		}
806 		memcpy(key, template[i].key, template[i].klen);
807 
808 		ret = crypto_aead_setkey(tfm, key, template[i].klen);
809 		if (template[i].fail == !ret) {
810 			pr_err("alg: aead%s: setkey failed on chunk test %d for %s: flags=%x\n",
811 			       d, j, algo, crypto_aead_get_flags(tfm));
812 			goto out;
813 		} else if (ret)
814 			continue;
815 
816 		authsize = abs(template[i].rlen - template[i].ilen);
817 
818 		ret = -EINVAL;
819 		sg_init_table(sg, template[i].anp + template[i].np);
820 		if (diff_dst)
821 			sg_init_table(sgout, template[i].anp + template[i].np);
822 
823 		ret = -EINVAL;
824 		for (k = 0, temp = 0; k < template[i].anp; k++) {
825 			if (WARN_ON(offset_in_page(IDX[k]) +
826 				    template[i].atap[k] > PAGE_SIZE))
827 				goto out;
828 			sg_set_buf(&sg[k],
829 				   memcpy(axbuf[IDX[k] >> PAGE_SHIFT] +
830 					  offset_in_page(IDX[k]),
831 					  template[i].assoc + temp,
832 					  template[i].atap[k]),
833 				   template[i].atap[k]);
834 			if (diff_dst)
835 				sg_set_buf(&sgout[k],
836 					   axbuf[IDX[k] >> PAGE_SHIFT] +
837 					   offset_in_page(IDX[k]),
838 					   template[i].atap[k]);
839 			temp += template[i].atap[k];
840 		}
841 
842 		for (k = 0, temp = 0; k < template[i].np; k++) {
843 			if (WARN_ON(offset_in_page(IDX[k]) +
844 				    template[i].tap[k] > PAGE_SIZE))
845 				goto out;
846 
847 			q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
848 			memcpy(q, template[i].input + temp, template[i].tap[k]);
849 			sg_set_buf(&sg[template[i].anp + k],
850 				   q, template[i].tap[k]);
851 
852 			if (diff_dst) {
853 				q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
854 				    offset_in_page(IDX[k]);
855 
856 				memset(q, 0, template[i].tap[k]);
857 
858 				sg_set_buf(&sgout[template[i].anp + k],
859 					   q, template[i].tap[k]);
860 			}
861 
862 			n = template[i].tap[k];
863 			if (k == template[i].np - 1 && enc)
864 				n += authsize;
865 			if (offset_in_page(q) + n < PAGE_SIZE)
866 				q[n] = 0;
867 
868 			temp += template[i].tap[k];
869 		}
870 
871 		ret = crypto_aead_setauthsize(tfm, authsize);
872 		if (ret) {
873 			pr_err("alg: aead%s: Failed to set authsize to %u on chunk test %d for %s\n",
874 			       d, authsize, j, algo);
875 			goto out;
876 		}
877 
878 		if (enc) {
879 			if (WARN_ON(sg[template[i].anp + k - 1].offset +
880 				    sg[template[i].anp + k - 1].length +
881 				    authsize > PAGE_SIZE)) {
882 				ret = -EINVAL;
883 				goto out;
884 			}
885 
886 			if (diff_dst)
887 				sgout[template[i].anp + k - 1].length +=
888 					authsize;
889 			sg[template[i].anp + k - 1].length += authsize;
890 		}
891 
892 		aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
893 				       template[i].ilen,
894 				       iv);
895 
896 		aead_request_set_ad(req, template[i].alen);
897 
898 		ret = crypto_wait_req(enc ? crypto_aead_encrypt(req)
899 				      : crypto_aead_decrypt(req), &wait);
900 
901 		switch (ret) {
902 		case 0:
903 			if (template[i].novrfy) {
904 				/* verification was supposed to fail */
905 				pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret was 0, expected -EBADMSG\n",
906 				       d, e, j, algo);
907 				/* so really, we got a bad message */
908 				ret = -EBADMSG;
909 				goto out;
910 			}
911 			break;
912 		case -EBADMSG:
913 			if (template[i].novrfy)
914 				/* verification failure was expected */
915 				continue;
916 			/* fall through */
917 		default:
918 			pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret=%d\n",
919 			       d, e, j, algo, -ret);
920 			goto out;
921 		}
922 
923 		ret = -EINVAL;
924 		for (k = 0, temp = 0; k < template[i].np; k++) {
925 			if (diff_dst)
926 				q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
927 				    offset_in_page(IDX[k]);
928 			else
929 				q = xbuf[IDX[k] >> PAGE_SHIFT] +
930 				    offset_in_page(IDX[k]);
931 
932 			n = template[i].tap[k];
933 			if (k == template[i].np - 1)
934 				n += enc ? authsize : -authsize;
935 
936 			if (memcmp(q, template[i].result + temp, n)) {
937 				pr_err("alg: aead%s: Chunk test %d failed on %s at page %u for %s\n",
938 				       d, j, e, k, algo);
939 				hexdump(q, n);
940 				goto out;
941 			}
942 
943 			q += n;
944 			if (k == template[i].np - 1 && !enc) {
945 				if (!diff_dst &&
946 					memcmp(q, template[i].input +
947 					      temp + n, authsize))
948 					n = authsize;
949 				else
950 					n = 0;
951 			} else {
952 				for (n = 0; offset_in_page(q + n) && q[n]; n++)
953 					;
954 			}
955 			if (n) {
956 				pr_err("alg: aead%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
957 				       d, j, e, k, algo, n);
958 				hexdump(q, n);
959 				goto out;
960 			}
961 
962 			temp += template[i].tap[k];
963 		}
964 	}
965 
966 	ret = 0;
967 
968 out:
969 	aead_request_free(req);
970 	kfree(sg);
971 out_nosg:
972 	if (diff_dst)
973 		testmgr_free_buf(xoutbuf);
974 out_nooutbuf:
975 	testmgr_free_buf(axbuf);
976 out_noaxbuf:
977 	testmgr_free_buf(xbuf);
978 out_noxbuf:
979 	kfree(key);
980 	kfree(iv);
981 	return ret;
982 }
983 
984 static int test_aead(struct crypto_aead *tfm, int enc,
985 		     const struct aead_testvec *template, unsigned int tcount)
986 {
987 	unsigned int alignmask;
988 	int ret;
989 
990 	/* test 'dst == src' case */
991 	ret = __test_aead(tfm, enc, template, tcount, false, 0);
992 	if (ret)
993 		return ret;
994 
995 	/* test 'dst != src' case */
996 	ret = __test_aead(tfm, enc, template, tcount, true, 0);
997 	if (ret)
998 		return ret;
999 
1000 	/* test unaligned buffers, check with one byte offset */
1001 	ret = __test_aead(tfm, enc, template, tcount, true, 1);
1002 	if (ret)
1003 		return ret;
1004 
1005 	alignmask = crypto_tfm_alg_alignmask(&tfm->base);
1006 	if (alignmask) {
1007 		/* Check if alignment mask for tfm is correctly set. */
1008 		ret = __test_aead(tfm, enc, template, tcount, true,
1009 				  alignmask + 1);
1010 		if (ret)
1011 			return ret;
1012 	}
1013 
1014 	return 0;
1015 }
1016 
1017 static int test_cipher(struct crypto_cipher *tfm, int enc,
1018 		       const struct cipher_testvec *template,
1019 		       unsigned int tcount)
1020 {
1021 	const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm));
1022 	unsigned int i, j, k;
1023 	char *q;
1024 	const char *e;
1025 	const char *input, *result;
1026 	void *data;
1027 	char *xbuf[XBUFSIZE];
1028 	int ret = -ENOMEM;
1029 
1030 	if (testmgr_alloc_buf(xbuf))
1031 		goto out_nobuf;
1032 
1033 	if (enc == ENCRYPT)
1034 	        e = "encryption";
1035 	else
1036 		e = "decryption";
1037 
1038 	j = 0;
1039 	for (i = 0; i < tcount; i++) {
1040 		if (template[i].np)
1041 			continue;
1042 
1043 		if (fips_enabled && template[i].fips_skip)
1044 			continue;
1045 
1046 		input  = enc ? template[i].ptext : template[i].ctext;
1047 		result = enc ? template[i].ctext : template[i].ptext;
1048 		j++;
1049 
1050 		ret = -EINVAL;
1051 		if (WARN_ON(template[i].len > PAGE_SIZE))
1052 			goto out;
1053 
1054 		data = xbuf[0];
1055 		memcpy(data, input, template[i].len);
1056 
1057 		crypto_cipher_clear_flags(tfm, ~0);
1058 		if (template[i].wk)
1059 			crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
1060 
1061 		ret = crypto_cipher_setkey(tfm, template[i].key,
1062 					   template[i].klen);
1063 		if (template[i].fail == !ret) {
1064 			printk(KERN_ERR "alg: cipher: setkey failed "
1065 			       "on test %d for %s: flags=%x\n", j,
1066 			       algo, crypto_cipher_get_flags(tfm));
1067 			goto out;
1068 		} else if (ret)
1069 			continue;
1070 
1071 		for (k = 0; k < template[i].len;
1072 		     k += crypto_cipher_blocksize(tfm)) {
1073 			if (enc)
1074 				crypto_cipher_encrypt_one(tfm, data + k,
1075 							  data + k);
1076 			else
1077 				crypto_cipher_decrypt_one(tfm, data + k,
1078 							  data + k);
1079 		}
1080 
1081 		q = data;
1082 		if (memcmp(q, result, template[i].len)) {
1083 			printk(KERN_ERR "alg: cipher: Test %d failed "
1084 			       "on %s for %s\n", j, e, algo);
1085 			hexdump(q, template[i].len);
1086 			ret = -EINVAL;
1087 			goto out;
1088 		}
1089 	}
1090 
1091 	ret = 0;
1092 
1093 out:
1094 	testmgr_free_buf(xbuf);
1095 out_nobuf:
1096 	return ret;
1097 }
1098 
1099 static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
1100 			   const struct cipher_testvec *template,
1101 			   unsigned int tcount,
1102 			   const bool diff_dst, const int align_offset)
1103 {
1104 	const char *algo =
1105 		crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
1106 	unsigned int i, j, k, n, temp;
1107 	char *q;
1108 	struct skcipher_request *req;
1109 	struct scatterlist sg[8];
1110 	struct scatterlist sgout[8];
1111 	const char *e, *d;
1112 	struct crypto_wait wait;
1113 	const char *input, *result;
1114 	void *data;
1115 	char iv[MAX_IVLEN];
1116 	char *xbuf[XBUFSIZE];
1117 	char *xoutbuf[XBUFSIZE];
1118 	int ret = -ENOMEM;
1119 	unsigned int ivsize = crypto_skcipher_ivsize(tfm);
1120 
1121 	if (testmgr_alloc_buf(xbuf))
1122 		goto out_nobuf;
1123 
1124 	if (diff_dst && testmgr_alloc_buf(xoutbuf))
1125 		goto out_nooutbuf;
1126 
1127 	if (diff_dst)
1128 		d = "-ddst";
1129 	else
1130 		d = "";
1131 
1132 	if (enc == ENCRYPT)
1133 	        e = "encryption";
1134 	else
1135 		e = "decryption";
1136 
1137 	crypto_init_wait(&wait);
1138 
1139 	req = skcipher_request_alloc(tfm, GFP_KERNEL);
1140 	if (!req) {
1141 		pr_err("alg: skcipher%s: Failed to allocate request for %s\n",
1142 		       d, algo);
1143 		goto out;
1144 	}
1145 
1146 	skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1147 				      crypto_req_done, &wait);
1148 
1149 	j = 0;
1150 	for (i = 0; i < tcount; i++) {
1151 		if (template[i].np && !template[i].also_non_np)
1152 			continue;
1153 
1154 		if (fips_enabled && template[i].fips_skip)
1155 			continue;
1156 
1157 		if (template[i].iv && !(template[i].generates_iv && enc))
1158 			memcpy(iv, template[i].iv, ivsize);
1159 		else
1160 			memset(iv, 0, MAX_IVLEN);
1161 
1162 		input  = enc ? template[i].ptext : template[i].ctext;
1163 		result = enc ? template[i].ctext : template[i].ptext;
1164 		j++;
1165 		ret = -EINVAL;
1166 		if (WARN_ON(align_offset + template[i].len > PAGE_SIZE))
1167 			goto out;
1168 
1169 		data = xbuf[0];
1170 		data += align_offset;
1171 		memcpy(data, input, template[i].len);
1172 
1173 		crypto_skcipher_clear_flags(tfm, ~0);
1174 		if (template[i].wk)
1175 			crypto_skcipher_set_flags(tfm,
1176 						  CRYPTO_TFM_REQ_WEAK_KEY);
1177 
1178 		ret = crypto_skcipher_setkey(tfm, template[i].key,
1179 					     template[i].klen);
1180 		if (template[i].fail == !ret) {
1181 			pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n",
1182 			       d, j, algo, crypto_skcipher_get_flags(tfm));
1183 			goto out;
1184 		} else if (ret)
1185 			continue;
1186 
1187 		sg_init_one(&sg[0], data, template[i].len);
1188 		if (diff_dst) {
1189 			data = xoutbuf[0];
1190 			data += align_offset;
1191 			sg_init_one(&sgout[0], data, template[i].len);
1192 		}
1193 
1194 		skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1195 					   template[i].len, iv);
1196 		ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
1197 				      crypto_skcipher_decrypt(req), &wait);
1198 
1199 		if (ret) {
1200 			pr_err("alg: skcipher%s: %s failed on test %d for %s: ret=%d\n",
1201 			       d, e, j, algo, -ret);
1202 			goto out;
1203 		}
1204 
1205 		q = data;
1206 		if (memcmp(q, result, template[i].len)) {
1207 			pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n",
1208 			       d, j, e, algo);
1209 			hexdump(q, template[i].len);
1210 			ret = -EINVAL;
1211 			goto out;
1212 		}
1213 
1214 		if (template[i].generates_iv && enc &&
1215 		    memcmp(iv, template[i].iv, crypto_skcipher_ivsize(tfm))) {
1216 			pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n",
1217 			       d, j, e, algo);
1218 			hexdump(iv, crypto_skcipher_ivsize(tfm));
1219 			ret = -EINVAL;
1220 			goto out;
1221 		}
1222 	}
1223 
1224 	j = 0;
1225 	for (i = 0; i < tcount; i++) {
1226 		/* alignment tests are only done with continuous buffers */
1227 		if (align_offset != 0)
1228 			break;
1229 
1230 		if (!template[i].np)
1231 			continue;
1232 
1233 		if (fips_enabled && template[i].fips_skip)
1234 			continue;
1235 
1236 		if (template[i].iv && !(template[i].generates_iv && enc))
1237 			memcpy(iv, template[i].iv, ivsize);
1238 		else
1239 			memset(iv, 0, MAX_IVLEN);
1240 
1241 		input  = enc ? template[i].ptext : template[i].ctext;
1242 		result = enc ? template[i].ctext : template[i].ptext;
1243 		j++;
1244 		crypto_skcipher_clear_flags(tfm, ~0);
1245 		if (template[i].wk)
1246 			crypto_skcipher_set_flags(tfm,
1247 						  CRYPTO_TFM_REQ_WEAK_KEY);
1248 
1249 		ret = crypto_skcipher_setkey(tfm, template[i].key,
1250 					     template[i].klen);
1251 		if (template[i].fail == !ret) {
1252 			pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n",
1253 			       d, j, algo, crypto_skcipher_get_flags(tfm));
1254 			goto out;
1255 		} else if (ret)
1256 			continue;
1257 
1258 		temp = 0;
1259 		ret = -EINVAL;
1260 		sg_init_table(sg, template[i].np);
1261 		if (diff_dst)
1262 			sg_init_table(sgout, template[i].np);
1263 		for (k = 0; k < template[i].np; k++) {
1264 			if (WARN_ON(offset_in_page(IDX[k]) +
1265 				    template[i].tap[k] > PAGE_SIZE))
1266 				goto out;
1267 
1268 			q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
1269 
1270 			memcpy(q, input + temp, template[i].tap[k]);
1271 
1272 			if (offset_in_page(q) + template[i].tap[k] < PAGE_SIZE)
1273 				q[template[i].tap[k]] = 0;
1274 
1275 			sg_set_buf(&sg[k], q, template[i].tap[k]);
1276 			if (diff_dst) {
1277 				q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1278 				    offset_in_page(IDX[k]);
1279 
1280 				sg_set_buf(&sgout[k], q, template[i].tap[k]);
1281 
1282 				memset(q, 0, template[i].tap[k]);
1283 				if (offset_in_page(q) +
1284 				    template[i].tap[k] < PAGE_SIZE)
1285 					q[template[i].tap[k]] = 0;
1286 			}
1287 
1288 			temp += template[i].tap[k];
1289 		}
1290 
1291 		skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1292 					   template[i].len, iv);
1293 
1294 		ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
1295 				      crypto_skcipher_decrypt(req), &wait);
1296 
1297 		if (ret) {
1298 			pr_err("alg: skcipher%s: %s failed on chunk test %d for %s: ret=%d\n",
1299 			       d, e, j, algo, -ret);
1300 			goto out;
1301 		}
1302 
1303 		temp = 0;
1304 		ret = -EINVAL;
1305 		for (k = 0; k < template[i].np; k++) {
1306 			if (diff_dst)
1307 				q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1308 				    offset_in_page(IDX[k]);
1309 			else
1310 				q = xbuf[IDX[k] >> PAGE_SHIFT] +
1311 				    offset_in_page(IDX[k]);
1312 
1313 			if (memcmp(q, result + temp, template[i].tap[k])) {
1314 				pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n",
1315 				       d, j, e, k, algo);
1316 				hexdump(q, template[i].tap[k]);
1317 				goto out;
1318 			}
1319 
1320 			q += template[i].tap[k];
1321 			for (n = 0; offset_in_page(q + n) && q[n]; n++)
1322 				;
1323 			if (n) {
1324 				pr_err("alg: skcipher%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
1325 				       d, j, e, k, algo, n);
1326 				hexdump(q, n);
1327 				goto out;
1328 			}
1329 			temp += template[i].tap[k];
1330 		}
1331 	}
1332 
1333 	ret = 0;
1334 
1335 out:
1336 	skcipher_request_free(req);
1337 	if (diff_dst)
1338 		testmgr_free_buf(xoutbuf);
1339 out_nooutbuf:
1340 	testmgr_free_buf(xbuf);
1341 out_nobuf:
1342 	return ret;
1343 }
1344 
1345 static int test_skcipher(struct crypto_skcipher *tfm, int enc,
1346 			 const struct cipher_testvec *template,
1347 			 unsigned int tcount)
1348 {
1349 	unsigned int alignmask;
1350 	int ret;
1351 
1352 	/* test 'dst == src' case */
1353 	ret = __test_skcipher(tfm, enc, template, tcount, false, 0);
1354 	if (ret)
1355 		return ret;
1356 
1357 	/* test 'dst != src' case */
1358 	ret = __test_skcipher(tfm, enc, template, tcount, true, 0);
1359 	if (ret)
1360 		return ret;
1361 
1362 	/* test unaligned buffers, check with one byte offset */
1363 	ret = __test_skcipher(tfm, enc, template, tcount, true, 1);
1364 	if (ret)
1365 		return ret;
1366 
1367 	alignmask = crypto_tfm_alg_alignmask(&tfm->base);
1368 	if (alignmask) {
1369 		/* Check if alignment mask for tfm is correctly set. */
1370 		ret = __test_skcipher(tfm, enc, template, tcount, true,
1371 				      alignmask + 1);
1372 		if (ret)
1373 			return ret;
1374 	}
1375 
1376 	return 0;
1377 }
1378 
1379 static int test_comp(struct crypto_comp *tfm,
1380 		     const struct comp_testvec *ctemplate,
1381 		     const struct comp_testvec *dtemplate,
1382 		     int ctcount, int dtcount)
1383 {
1384 	const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm));
1385 	char *output, *decomp_output;
1386 	unsigned int i;
1387 	int ret;
1388 
1389 	output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1390 	if (!output)
1391 		return -ENOMEM;
1392 
1393 	decomp_output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1394 	if (!decomp_output) {
1395 		kfree(output);
1396 		return -ENOMEM;
1397 	}
1398 
1399 	for (i = 0; i < ctcount; i++) {
1400 		int ilen;
1401 		unsigned int dlen = COMP_BUF_SIZE;
1402 
1403 		memset(output, 0, COMP_BUF_SIZE);
1404 		memset(decomp_output, 0, COMP_BUF_SIZE);
1405 
1406 		ilen = ctemplate[i].inlen;
1407 		ret = crypto_comp_compress(tfm, ctemplate[i].input,
1408 					   ilen, output, &dlen);
1409 		if (ret) {
1410 			printk(KERN_ERR "alg: comp: compression failed "
1411 			       "on test %d for %s: ret=%d\n", i + 1, algo,
1412 			       -ret);
1413 			goto out;
1414 		}
1415 
1416 		ilen = dlen;
1417 		dlen = COMP_BUF_SIZE;
1418 		ret = crypto_comp_decompress(tfm, output,
1419 					     ilen, decomp_output, &dlen);
1420 		if (ret) {
1421 			pr_err("alg: comp: compression failed: decompress: on test %d for %s failed: ret=%d\n",
1422 			       i + 1, algo, -ret);
1423 			goto out;
1424 		}
1425 
1426 		if (dlen != ctemplate[i].inlen) {
1427 			printk(KERN_ERR "alg: comp: Compression test %d "
1428 			       "failed for %s: output len = %d\n", i + 1, algo,
1429 			       dlen);
1430 			ret = -EINVAL;
1431 			goto out;
1432 		}
1433 
1434 		if (memcmp(decomp_output, ctemplate[i].input,
1435 			   ctemplate[i].inlen)) {
1436 			pr_err("alg: comp: compression failed: output differs: on test %d for %s\n",
1437 			       i + 1, algo);
1438 			hexdump(decomp_output, dlen);
1439 			ret = -EINVAL;
1440 			goto out;
1441 		}
1442 	}
1443 
1444 	for (i = 0; i < dtcount; i++) {
1445 		int ilen;
1446 		unsigned int dlen = COMP_BUF_SIZE;
1447 
1448 		memset(decomp_output, 0, COMP_BUF_SIZE);
1449 
1450 		ilen = dtemplate[i].inlen;
1451 		ret = crypto_comp_decompress(tfm, dtemplate[i].input,
1452 					     ilen, decomp_output, &dlen);
1453 		if (ret) {
1454 			printk(KERN_ERR "alg: comp: decompression failed "
1455 			       "on test %d for %s: ret=%d\n", i + 1, algo,
1456 			       -ret);
1457 			goto out;
1458 		}
1459 
1460 		if (dlen != dtemplate[i].outlen) {
1461 			printk(KERN_ERR "alg: comp: Decompression test %d "
1462 			       "failed for %s: output len = %d\n", i + 1, algo,
1463 			       dlen);
1464 			ret = -EINVAL;
1465 			goto out;
1466 		}
1467 
1468 		if (memcmp(decomp_output, dtemplate[i].output, dlen)) {
1469 			printk(KERN_ERR "alg: comp: Decompression test %d "
1470 			       "failed for %s\n", i + 1, algo);
1471 			hexdump(decomp_output, dlen);
1472 			ret = -EINVAL;
1473 			goto out;
1474 		}
1475 	}
1476 
1477 	ret = 0;
1478 
1479 out:
1480 	kfree(decomp_output);
1481 	kfree(output);
1482 	return ret;
1483 }
1484 
1485 static int test_acomp(struct crypto_acomp *tfm,
1486 			      const struct comp_testvec *ctemplate,
1487 		      const struct comp_testvec *dtemplate,
1488 		      int ctcount, int dtcount)
1489 {
1490 	const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm));
1491 	unsigned int i;
1492 	char *output, *decomp_out;
1493 	int ret;
1494 	struct scatterlist src, dst;
1495 	struct acomp_req *req;
1496 	struct crypto_wait wait;
1497 
1498 	output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1499 	if (!output)
1500 		return -ENOMEM;
1501 
1502 	decomp_out = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
1503 	if (!decomp_out) {
1504 		kfree(output);
1505 		return -ENOMEM;
1506 	}
1507 
1508 	for (i = 0; i < ctcount; i++) {
1509 		unsigned int dlen = COMP_BUF_SIZE;
1510 		int ilen = ctemplate[i].inlen;
1511 		void *input_vec;
1512 
1513 		input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL);
1514 		if (!input_vec) {
1515 			ret = -ENOMEM;
1516 			goto out;
1517 		}
1518 
1519 		memset(output, 0, dlen);
1520 		crypto_init_wait(&wait);
1521 		sg_init_one(&src, input_vec, ilen);
1522 		sg_init_one(&dst, output, dlen);
1523 
1524 		req = acomp_request_alloc(tfm);
1525 		if (!req) {
1526 			pr_err("alg: acomp: request alloc failed for %s\n",
1527 			       algo);
1528 			kfree(input_vec);
1529 			ret = -ENOMEM;
1530 			goto out;
1531 		}
1532 
1533 		acomp_request_set_params(req, &src, &dst, ilen, dlen);
1534 		acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1535 					   crypto_req_done, &wait);
1536 
1537 		ret = crypto_wait_req(crypto_acomp_compress(req), &wait);
1538 		if (ret) {
1539 			pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1540 			       i + 1, algo, -ret);
1541 			kfree(input_vec);
1542 			acomp_request_free(req);
1543 			goto out;
1544 		}
1545 
1546 		ilen = req->dlen;
1547 		dlen = COMP_BUF_SIZE;
1548 		sg_init_one(&src, output, ilen);
1549 		sg_init_one(&dst, decomp_out, dlen);
1550 		crypto_init_wait(&wait);
1551 		acomp_request_set_params(req, &src, &dst, ilen, dlen);
1552 
1553 		ret = crypto_wait_req(crypto_acomp_decompress(req), &wait);
1554 		if (ret) {
1555 			pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
1556 			       i + 1, algo, -ret);
1557 			kfree(input_vec);
1558 			acomp_request_free(req);
1559 			goto out;
1560 		}
1561 
1562 		if (req->dlen != ctemplate[i].inlen) {
1563 			pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n",
1564 			       i + 1, algo, req->dlen);
1565 			ret = -EINVAL;
1566 			kfree(input_vec);
1567 			acomp_request_free(req);
1568 			goto out;
1569 		}
1570 
1571 		if (memcmp(input_vec, decomp_out, req->dlen)) {
1572 			pr_err("alg: acomp: Compression test %d failed for %s\n",
1573 			       i + 1, algo);
1574 			hexdump(output, req->dlen);
1575 			ret = -EINVAL;
1576 			kfree(input_vec);
1577 			acomp_request_free(req);
1578 			goto out;
1579 		}
1580 
1581 		kfree(input_vec);
1582 		acomp_request_free(req);
1583 	}
1584 
1585 	for (i = 0; i < dtcount; i++) {
1586 		unsigned int dlen = COMP_BUF_SIZE;
1587 		int ilen = dtemplate[i].inlen;
1588 		void *input_vec;
1589 
1590 		input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL);
1591 		if (!input_vec) {
1592 			ret = -ENOMEM;
1593 			goto out;
1594 		}
1595 
1596 		memset(output, 0, dlen);
1597 		crypto_init_wait(&wait);
1598 		sg_init_one(&src, input_vec, ilen);
1599 		sg_init_one(&dst, output, dlen);
1600 
1601 		req = acomp_request_alloc(tfm);
1602 		if (!req) {
1603 			pr_err("alg: acomp: request alloc failed for %s\n",
1604 			       algo);
1605 			kfree(input_vec);
1606 			ret = -ENOMEM;
1607 			goto out;
1608 		}
1609 
1610 		acomp_request_set_params(req, &src, &dst, ilen, dlen);
1611 		acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
1612 					   crypto_req_done, &wait);
1613 
1614 		ret = crypto_wait_req(crypto_acomp_decompress(req), &wait);
1615 		if (ret) {
1616 			pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n",
1617 			       i + 1, algo, -ret);
1618 			kfree(input_vec);
1619 			acomp_request_free(req);
1620 			goto out;
1621 		}
1622 
1623 		if (req->dlen != dtemplate[i].outlen) {
1624 			pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n",
1625 			       i + 1, algo, req->dlen);
1626 			ret = -EINVAL;
1627 			kfree(input_vec);
1628 			acomp_request_free(req);
1629 			goto out;
1630 		}
1631 
1632 		if (memcmp(output, dtemplate[i].output, req->dlen)) {
1633 			pr_err("alg: acomp: Decompression test %d failed for %s\n",
1634 			       i + 1, algo);
1635 			hexdump(output, req->dlen);
1636 			ret = -EINVAL;
1637 			kfree(input_vec);
1638 			acomp_request_free(req);
1639 			goto out;
1640 		}
1641 
1642 		kfree(input_vec);
1643 		acomp_request_free(req);
1644 	}
1645 
1646 	ret = 0;
1647 
1648 out:
1649 	kfree(decomp_out);
1650 	kfree(output);
1651 	return ret;
1652 }
1653 
1654 static int test_cprng(struct crypto_rng *tfm,
1655 		      const struct cprng_testvec *template,
1656 		      unsigned int tcount)
1657 {
1658 	const char *algo = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm));
1659 	int err = 0, i, j, seedsize;
1660 	u8 *seed;
1661 	char result[32];
1662 
1663 	seedsize = crypto_rng_seedsize(tfm);
1664 
1665 	seed = kmalloc(seedsize, GFP_KERNEL);
1666 	if (!seed) {
1667 		printk(KERN_ERR "alg: cprng: Failed to allocate seed space "
1668 		       "for %s\n", algo);
1669 		return -ENOMEM;
1670 	}
1671 
1672 	for (i = 0; i < tcount; i++) {
1673 		memset(result, 0, 32);
1674 
1675 		memcpy(seed, template[i].v, template[i].vlen);
1676 		memcpy(seed + template[i].vlen, template[i].key,
1677 		       template[i].klen);
1678 		memcpy(seed + template[i].vlen + template[i].klen,
1679 		       template[i].dt, template[i].dtlen);
1680 
1681 		err = crypto_rng_reset(tfm, seed, seedsize);
1682 		if (err) {
1683 			printk(KERN_ERR "alg: cprng: Failed to reset rng "
1684 			       "for %s\n", algo);
1685 			goto out;
1686 		}
1687 
1688 		for (j = 0; j < template[i].loops; j++) {
1689 			err = crypto_rng_get_bytes(tfm, result,
1690 						   template[i].rlen);
1691 			if (err < 0) {
1692 				printk(KERN_ERR "alg: cprng: Failed to obtain "
1693 				       "the correct amount of random data for "
1694 				       "%s (requested %d)\n", algo,
1695 				       template[i].rlen);
1696 				goto out;
1697 			}
1698 		}
1699 
1700 		err = memcmp(result, template[i].result,
1701 			     template[i].rlen);
1702 		if (err) {
1703 			printk(KERN_ERR "alg: cprng: Test %d failed for %s\n",
1704 			       i, algo);
1705 			hexdump(result, template[i].rlen);
1706 			err = -EINVAL;
1707 			goto out;
1708 		}
1709 	}
1710 
1711 out:
1712 	kfree(seed);
1713 	return err;
1714 }
1715 
1716 static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
1717 			 u32 type, u32 mask)
1718 {
1719 	struct crypto_aead *tfm;
1720 	int err = 0;
1721 
1722 	tfm = crypto_alloc_aead(driver, type, mask);
1723 	if (IS_ERR(tfm)) {
1724 		printk(KERN_ERR "alg: aead: Failed to load transform for %s: "
1725 		       "%ld\n", driver, PTR_ERR(tfm));
1726 		return PTR_ERR(tfm);
1727 	}
1728 
1729 	if (desc->suite.aead.enc.vecs) {
1730 		err = test_aead(tfm, ENCRYPT, desc->suite.aead.enc.vecs,
1731 				desc->suite.aead.enc.count);
1732 		if (err)
1733 			goto out;
1734 	}
1735 
1736 	if (!err && desc->suite.aead.dec.vecs)
1737 		err = test_aead(tfm, DECRYPT, desc->suite.aead.dec.vecs,
1738 				desc->suite.aead.dec.count);
1739 
1740 out:
1741 	crypto_free_aead(tfm);
1742 	return err;
1743 }
1744 
1745 static int alg_test_cipher(const struct alg_test_desc *desc,
1746 			   const char *driver, u32 type, u32 mask)
1747 {
1748 	const struct cipher_test_suite *suite = &desc->suite.cipher;
1749 	struct crypto_cipher *tfm;
1750 	int err;
1751 
1752 	tfm = crypto_alloc_cipher(driver, type, mask);
1753 	if (IS_ERR(tfm)) {
1754 		printk(KERN_ERR "alg: cipher: Failed to load transform for "
1755 		       "%s: %ld\n", driver, PTR_ERR(tfm));
1756 		return PTR_ERR(tfm);
1757 	}
1758 
1759 	err = test_cipher(tfm, ENCRYPT, suite->vecs, suite->count);
1760 	if (!err)
1761 		err = test_cipher(tfm, DECRYPT, suite->vecs, suite->count);
1762 
1763 	crypto_free_cipher(tfm);
1764 	return err;
1765 }
1766 
1767 static int alg_test_skcipher(const struct alg_test_desc *desc,
1768 			     const char *driver, u32 type, u32 mask)
1769 {
1770 	const struct cipher_test_suite *suite = &desc->suite.cipher;
1771 	struct crypto_skcipher *tfm;
1772 	int err;
1773 
1774 	tfm = crypto_alloc_skcipher(driver, type, mask);
1775 	if (IS_ERR(tfm)) {
1776 		printk(KERN_ERR "alg: skcipher: Failed to load transform for "
1777 		       "%s: %ld\n", driver, PTR_ERR(tfm));
1778 		return PTR_ERR(tfm);
1779 	}
1780 
1781 	err = test_skcipher(tfm, ENCRYPT, suite->vecs, suite->count);
1782 	if (!err)
1783 		err = test_skcipher(tfm, DECRYPT, suite->vecs, suite->count);
1784 
1785 	crypto_free_skcipher(tfm);
1786 	return err;
1787 }
1788 
1789 static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
1790 			 u32 type, u32 mask)
1791 {
1792 	struct crypto_comp *comp;
1793 	struct crypto_acomp *acomp;
1794 	int err;
1795 	u32 algo_type = type & CRYPTO_ALG_TYPE_ACOMPRESS_MASK;
1796 
1797 	if (algo_type == CRYPTO_ALG_TYPE_ACOMPRESS) {
1798 		acomp = crypto_alloc_acomp(driver, type, mask);
1799 		if (IS_ERR(acomp)) {
1800 			pr_err("alg: acomp: Failed to load transform for %s: %ld\n",
1801 			       driver, PTR_ERR(acomp));
1802 			return PTR_ERR(acomp);
1803 		}
1804 		err = test_acomp(acomp, desc->suite.comp.comp.vecs,
1805 				 desc->suite.comp.decomp.vecs,
1806 				 desc->suite.comp.comp.count,
1807 				 desc->suite.comp.decomp.count);
1808 		crypto_free_acomp(acomp);
1809 	} else {
1810 		comp = crypto_alloc_comp(driver, type, mask);
1811 		if (IS_ERR(comp)) {
1812 			pr_err("alg: comp: Failed to load transform for %s: %ld\n",
1813 			       driver, PTR_ERR(comp));
1814 			return PTR_ERR(comp);
1815 		}
1816 
1817 		err = test_comp(comp, desc->suite.comp.comp.vecs,
1818 				desc->suite.comp.decomp.vecs,
1819 				desc->suite.comp.comp.count,
1820 				desc->suite.comp.decomp.count);
1821 
1822 		crypto_free_comp(comp);
1823 	}
1824 	return err;
1825 }
1826 
1827 static int __alg_test_hash(const struct hash_testvec *template,
1828 			   unsigned int tcount, const char *driver,
1829 			   u32 type, u32 mask)
1830 {
1831 	struct crypto_ahash *tfm;
1832 	int err;
1833 
1834 	tfm = crypto_alloc_ahash(driver, type, mask);
1835 	if (IS_ERR(tfm)) {
1836 		printk(KERN_ERR "alg: hash: Failed to load transform for %s: "
1837 		       "%ld\n", driver, PTR_ERR(tfm));
1838 		return PTR_ERR(tfm);
1839 	}
1840 
1841 	err = test_hash(tfm, template, tcount, HASH_TEST_DIGEST);
1842 	if (!err)
1843 		err = test_hash(tfm, template, tcount, HASH_TEST_FINAL);
1844 	if (!err)
1845 		err = test_hash(tfm, template, tcount, HASH_TEST_FINUP);
1846 	crypto_free_ahash(tfm);
1847 	return err;
1848 }
1849 
1850 static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
1851 			 u32 type, u32 mask)
1852 {
1853 	const struct hash_testvec *template = desc->suite.hash.vecs;
1854 	unsigned int tcount = desc->suite.hash.count;
1855 	unsigned int nr_unkeyed, nr_keyed;
1856 	int err;
1857 
1858 	/*
1859 	 * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests
1860 	 * first, before setting a key on the tfm.  To make this easier, we
1861 	 * require that the unkeyed test vectors (if any) are listed first.
1862 	 */
1863 
1864 	for (nr_unkeyed = 0; nr_unkeyed < tcount; nr_unkeyed++) {
1865 		if (template[nr_unkeyed].ksize)
1866 			break;
1867 	}
1868 	for (nr_keyed = 0; nr_unkeyed + nr_keyed < tcount; nr_keyed++) {
1869 		if (!template[nr_unkeyed + nr_keyed].ksize) {
1870 			pr_err("alg: hash: test vectors for %s out of order, "
1871 			       "unkeyed ones must come first\n", desc->alg);
1872 			return -EINVAL;
1873 		}
1874 	}
1875 
1876 	err = 0;
1877 	if (nr_unkeyed) {
1878 		err = __alg_test_hash(template, nr_unkeyed, driver, type, mask);
1879 		template += nr_unkeyed;
1880 	}
1881 
1882 	if (!err && nr_keyed)
1883 		err = __alg_test_hash(template, nr_keyed, driver, type, mask);
1884 
1885 	return err;
1886 }
1887 
1888 static int alg_test_crc32c(const struct alg_test_desc *desc,
1889 			   const char *driver, u32 type, u32 mask)
1890 {
1891 	struct crypto_shash *tfm;
1892 	u32 val;
1893 	int err;
1894 
1895 	err = alg_test_hash(desc, driver, type, mask);
1896 	if (err)
1897 		goto out;
1898 
1899 	tfm = crypto_alloc_shash(driver, type, mask);
1900 	if (IS_ERR(tfm)) {
1901 		printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: "
1902 		       "%ld\n", driver, PTR_ERR(tfm));
1903 		err = PTR_ERR(tfm);
1904 		goto out;
1905 	}
1906 
1907 	do {
1908 		SHASH_DESC_ON_STACK(shash, tfm);
1909 		u32 *ctx = (u32 *)shash_desc_ctx(shash);
1910 
1911 		shash->tfm = tfm;
1912 		shash->flags = 0;
1913 
1914 		*ctx = le32_to_cpu(420553207);
1915 		err = crypto_shash_final(shash, (u8 *)&val);
1916 		if (err) {
1917 			printk(KERN_ERR "alg: crc32c: Operation failed for "
1918 			       "%s: %d\n", driver, err);
1919 			break;
1920 		}
1921 
1922 		if (val != ~420553207) {
1923 			printk(KERN_ERR "alg: crc32c: Test failed for %s: "
1924 			       "%d\n", driver, val);
1925 			err = -EINVAL;
1926 		}
1927 	} while (0);
1928 
1929 	crypto_free_shash(tfm);
1930 
1931 out:
1932 	return err;
1933 }
1934 
1935 static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver,
1936 			  u32 type, u32 mask)
1937 {
1938 	struct crypto_rng *rng;
1939 	int err;
1940 
1941 	rng = crypto_alloc_rng(driver, type, mask);
1942 	if (IS_ERR(rng)) {
1943 		printk(KERN_ERR "alg: cprng: Failed to load transform for %s: "
1944 		       "%ld\n", driver, PTR_ERR(rng));
1945 		return PTR_ERR(rng);
1946 	}
1947 
1948 	err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count);
1949 
1950 	crypto_free_rng(rng);
1951 
1952 	return err;
1953 }
1954 
1955 
1956 static int drbg_cavs_test(const struct drbg_testvec *test, int pr,
1957 			  const char *driver, u32 type, u32 mask)
1958 {
1959 	int ret = -EAGAIN;
1960 	struct crypto_rng *drng;
1961 	struct drbg_test_data test_data;
1962 	struct drbg_string addtl, pers, testentropy;
1963 	unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL);
1964 
1965 	if (!buf)
1966 		return -ENOMEM;
1967 
1968 	drng = crypto_alloc_rng(driver, type, mask);
1969 	if (IS_ERR(drng)) {
1970 		printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for "
1971 		       "%s\n", driver);
1972 		kzfree(buf);
1973 		return -ENOMEM;
1974 	}
1975 
1976 	test_data.testentropy = &testentropy;
1977 	drbg_string_fill(&testentropy, test->entropy, test->entropylen);
1978 	drbg_string_fill(&pers, test->pers, test->perslen);
1979 	ret = crypto_drbg_reset_test(drng, &pers, &test_data);
1980 	if (ret) {
1981 		printk(KERN_ERR "alg: drbg: Failed to reset rng\n");
1982 		goto outbuf;
1983 	}
1984 
1985 	drbg_string_fill(&addtl, test->addtla, test->addtllen);
1986 	if (pr) {
1987 		drbg_string_fill(&testentropy, test->entpra, test->entprlen);
1988 		ret = crypto_drbg_get_bytes_addtl_test(drng,
1989 			buf, test->expectedlen, &addtl,	&test_data);
1990 	} else {
1991 		ret = crypto_drbg_get_bytes_addtl(drng,
1992 			buf, test->expectedlen, &addtl);
1993 	}
1994 	if (ret < 0) {
1995 		printk(KERN_ERR "alg: drbg: could not obtain random data for "
1996 		       "driver %s\n", driver);
1997 		goto outbuf;
1998 	}
1999 
2000 	drbg_string_fill(&addtl, test->addtlb, test->addtllen);
2001 	if (pr) {
2002 		drbg_string_fill(&testentropy, test->entprb, test->entprlen);
2003 		ret = crypto_drbg_get_bytes_addtl_test(drng,
2004 			buf, test->expectedlen, &addtl, &test_data);
2005 	} else {
2006 		ret = crypto_drbg_get_bytes_addtl(drng,
2007 			buf, test->expectedlen, &addtl);
2008 	}
2009 	if (ret < 0) {
2010 		printk(KERN_ERR "alg: drbg: could not obtain random data for "
2011 		       "driver %s\n", driver);
2012 		goto outbuf;
2013 	}
2014 
2015 	ret = memcmp(test->expected, buf, test->expectedlen);
2016 
2017 outbuf:
2018 	crypto_free_rng(drng);
2019 	kzfree(buf);
2020 	return ret;
2021 }
2022 
2023 
2024 static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver,
2025 			 u32 type, u32 mask)
2026 {
2027 	int err = 0;
2028 	int pr = 0;
2029 	int i = 0;
2030 	const struct drbg_testvec *template = desc->suite.drbg.vecs;
2031 	unsigned int tcount = desc->suite.drbg.count;
2032 
2033 	if (0 == memcmp(driver, "drbg_pr_", 8))
2034 		pr = 1;
2035 
2036 	for (i = 0; i < tcount; i++) {
2037 		err = drbg_cavs_test(&template[i], pr, driver, type, mask);
2038 		if (err) {
2039 			printk(KERN_ERR "alg: drbg: Test %d failed for %s\n",
2040 			       i, driver);
2041 			err = -EINVAL;
2042 			break;
2043 		}
2044 	}
2045 	return err;
2046 
2047 }
2048 
2049 static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,
2050 		       const char *alg)
2051 {
2052 	struct kpp_request *req;
2053 	void *input_buf = NULL;
2054 	void *output_buf = NULL;
2055 	void *a_public = NULL;
2056 	void *a_ss = NULL;
2057 	void *shared_secret = NULL;
2058 	struct crypto_wait wait;
2059 	unsigned int out_len_max;
2060 	int err = -ENOMEM;
2061 	struct scatterlist src, dst;
2062 
2063 	req = kpp_request_alloc(tfm, GFP_KERNEL);
2064 	if (!req)
2065 		return err;
2066 
2067 	crypto_init_wait(&wait);
2068 
2069 	err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size);
2070 	if (err < 0)
2071 		goto free_req;
2072 
2073 	out_len_max = crypto_kpp_maxsize(tfm);
2074 	output_buf = kzalloc(out_len_max, GFP_KERNEL);
2075 	if (!output_buf) {
2076 		err = -ENOMEM;
2077 		goto free_req;
2078 	}
2079 
2080 	/* Use appropriate parameter as base */
2081 	kpp_request_set_input(req, NULL, 0);
2082 	sg_init_one(&dst, output_buf, out_len_max);
2083 	kpp_request_set_output(req, &dst, out_len_max);
2084 	kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2085 				 crypto_req_done, &wait);
2086 
2087 	/* Compute party A's public key */
2088 	err = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait);
2089 	if (err) {
2090 		pr_err("alg: %s: Party A: generate public key test failed. err %d\n",
2091 		       alg, err);
2092 		goto free_output;
2093 	}
2094 
2095 	if (vec->genkey) {
2096 		/* Save party A's public key */
2097 		a_public = kzalloc(out_len_max, GFP_KERNEL);
2098 		if (!a_public) {
2099 			err = -ENOMEM;
2100 			goto free_output;
2101 		}
2102 		memcpy(a_public, sg_virt(req->dst), out_len_max);
2103 	} else {
2104 		/* Verify calculated public key */
2105 		if (memcmp(vec->expected_a_public, sg_virt(req->dst),
2106 			   vec->expected_a_public_size)) {
2107 			pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n",
2108 			       alg);
2109 			err = -EINVAL;
2110 			goto free_output;
2111 		}
2112 	}
2113 
2114 	/* Calculate shared secret key by using counter part (b) public key. */
2115 	input_buf = kzalloc(vec->b_public_size, GFP_KERNEL);
2116 	if (!input_buf) {
2117 		err = -ENOMEM;
2118 		goto free_output;
2119 	}
2120 
2121 	memcpy(input_buf, vec->b_public, vec->b_public_size);
2122 	sg_init_one(&src, input_buf, vec->b_public_size);
2123 	sg_init_one(&dst, output_buf, out_len_max);
2124 	kpp_request_set_input(req, &src, vec->b_public_size);
2125 	kpp_request_set_output(req, &dst, out_len_max);
2126 	kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2127 				 crypto_req_done, &wait);
2128 	err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait);
2129 	if (err) {
2130 		pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n",
2131 		       alg, err);
2132 		goto free_all;
2133 	}
2134 
2135 	if (vec->genkey) {
2136 		/* Save the shared secret obtained by party A */
2137 		a_ss = kzalloc(vec->expected_ss_size, GFP_KERNEL);
2138 		if (!a_ss) {
2139 			err = -ENOMEM;
2140 			goto free_all;
2141 		}
2142 		memcpy(a_ss, sg_virt(req->dst), vec->expected_ss_size);
2143 
2144 		/*
2145 		 * Calculate party B's shared secret by using party A's
2146 		 * public key.
2147 		 */
2148 		err = crypto_kpp_set_secret(tfm, vec->b_secret,
2149 					    vec->b_secret_size);
2150 		if (err < 0)
2151 			goto free_all;
2152 
2153 		sg_init_one(&src, a_public, vec->expected_a_public_size);
2154 		sg_init_one(&dst, output_buf, out_len_max);
2155 		kpp_request_set_input(req, &src, vec->expected_a_public_size);
2156 		kpp_request_set_output(req, &dst, out_len_max);
2157 		kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2158 					 crypto_req_done, &wait);
2159 		err = crypto_wait_req(crypto_kpp_compute_shared_secret(req),
2160 				      &wait);
2161 		if (err) {
2162 			pr_err("alg: %s: Party B: compute shared secret failed. err %d\n",
2163 			       alg, err);
2164 			goto free_all;
2165 		}
2166 
2167 		shared_secret = a_ss;
2168 	} else {
2169 		shared_secret = (void *)vec->expected_ss;
2170 	}
2171 
2172 	/*
2173 	 * verify shared secret from which the user will derive
2174 	 * secret key by executing whatever hash it has chosen
2175 	 */
2176 	if (memcmp(shared_secret, sg_virt(req->dst),
2177 		   vec->expected_ss_size)) {
2178 		pr_err("alg: %s: compute shared secret test failed. Invalid output\n",
2179 		       alg);
2180 		err = -EINVAL;
2181 	}
2182 
2183 free_all:
2184 	kfree(a_ss);
2185 	kfree(input_buf);
2186 free_output:
2187 	kfree(a_public);
2188 	kfree(output_buf);
2189 free_req:
2190 	kpp_request_free(req);
2191 	return err;
2192 }
2193 
2194 static int test_kpp(struct crypto_kpp *tfm, const char *alg,
2195 		    const struct kpp_testvec *vecs, unsigned int tcount)
2196 {
2197 	int ret, i;
2198 
2199 	for (i = 0; i < tcount; i++) {
2200 		ret = do_test_kpp(tfm, vecs++, alg);
2201 		if (ret) {
2202 			pr_err("alg: %s: test failed on vector %d, err=%d\n",
2203 			       alg, i + 1, ret);
2204 			return ret;
2205 		}
2206 	}
2207 	return 0;
2208 }
2209 
2210 static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,
2211 			u32 type, u32 mask)
2212 {
2213 	struct crypto_kpp *tfm;
2214 	int err = 0;
2215 
2216 	tfm = crypto_alloc_kpp(driver, type, mask);
2217 	if (IS_ERR(tfm)) {
2218 		pr_err("alg: kpp: Failed to load tfm for %s: %ld\n",
2219 		       driver, PTR_ERR(tfm));
2220 		return PTR_ERR(tfm);
2221 	}
2222 	if (desc->suite.kpp.vecs)
2223 		err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs,
2224 			       desc->suite.kpp.count);
2225 
2226 	crypto_free_kpp(tfm);
2227 	return err;
2228 }
2229 
2230 static int test_akcipher_one(struct crypto_akcipher *tfm,
2231 			     const struct akcipher_testvec *vecs)
2232 {
2233 	char *xbuf[XBUFSIZE];
2234 	struct akcipher_request *req;
2235 	void *outbuf_enc = NULL;
2236 	void *outbuf_dec = NULL;
2237 	struct crypto_wait wait;
2238 	unsigned int out_len_max, out_len = 0;
2239 	int err = -ENOMEM;
2240 	struct scatterlist src, dst, src_tab[2];
2241 
2242 	if (testmgr_alloc_buf(xbuf))
2243 		return err;
2244 
2245 	req = akcipher_request_alloc(tfm, GFP_KERNEL);
2246 	if (!req)
2247 		goto free_xbuf;
2248 
2249 	crypto_init_wait(&wait);
2250 
2251 	if (vecs->public_key_vec)
2252 		err = crypto_akcipher_set_pub_key(tfm, vecs->key,
2253 						  vecs->key_len);
2254 	else
2255 		err = crypto_akcipher_set_priv_key(tfm, vecs->key,
2256 						   vecs->key_len);
2257 	if (err)
2258 		goto free_req;
2259 
2260 	err = -ENOMEM;
2261 	out_len_max = crypto_akcipher_maxsize(tfm);
2262 	outbuf_enc = kzalloc(out_len_max, GFP_KERNEL);
2263 	if (!outbuf_enc)
2264 		goto free_req;
2265 
2266 	if (WARN_ON(vecs->m_size > PAGE_SIZE))
2267 		goto free_all;
2268 
2269 	memcpy(xbuf[0], vecs->m, vecs->m_size);
2270 
2271 	sg_init_table(src_tab, 2);
2272 	sg_set_buf(&src_tab[0], xbuf[0], 8);
2273 	sg_set_buf(&src_tab[1], xbuf[0] + 8, vecs->m_size - 8);
2274 	sg_init_one(&dst, outbuf_enc, out_len_max);
2275 	akcipher_request_set_crypt(req, src_tab, &dst, vecs->m_size,
2276 				   out_len_max);
2277 	akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
2278 				      crypto_req_done, &wait);
2279 
2280 	err = crypto_wait_req(vecs->siggen_sigver_test ?
2281 			      /* Run asymmetric signature generation */
2282 			      crypto_akcipher_sign(req) :
2283 			      /* Run asymmetric encrypt */
2284 			      crypto_akcipher_encrypt(req), &wait);
2285 	if (err) {
2286 		pr_err("alg: akcipher: encrypt test failed. err %d\n", err);
2287 		goto free_all;
2288 	}
2289 	if (req->dst_len != vecs->c_size) {
2290 		pr_err("alg: akcipher: encrypt test failed. Invalid output len\n");
2291 		err = -EINVAL;
2292 		goto free_all;
2293 	}
2294 	/* verify that encrypted message is equal to expected */
2295 	if (memcmp(vecs->c, outbuf_enc, vecs->c_size)) {
2296 		pr_err("alg: akcipher: encrypt test failed. Invalid output\n");
2297 		hexdump(outbuf_enc, vecs->c_size);
2298 		err = -EINVAL;
2299 		goto free_all;
2300 	}
2301 	/* Don't invoke decrypt for vectors with public key */
2302 	if (vecs->public_key_vec) {
2303 		err = 0;
2304 		goto free_all;
2305 	}
2306 	outbuf_dec = kzalloc(out_len_max, GFP_KERNEL);
2307 	if (!outbuf_dec) {
2308 		err = -ENOMEM;
2309 		goto free_all;
2310 	}
2311 
2312 	if (WARN_ON(vecs->c_size > PAGE_SIZE))
2313 		goto free_all;
2314 
2315 	memcpy(xbuf[0], vecs->c, vecs->c_size);
2316 
2317 	sg_init_one(&src, xbuf[0], vecs->c_size);
2318 	sg_init_one(&dst, outbuf_dec, out_len_max);
2319 	crypto_init_wait(&wait);
2320 	akcipher_request_set_crypt(req, &src, &dst, vecs->c_size, out_len_max);
2321 
2322 	err = crypto_wait_req(vecs->siggen_sigver_test ?
2323 			      /* Run asymmetric signature verification */
2324 			      crypto_akcipher_verify(req) :
2325 			      /* Run asymmetric decrypt */
2326 			      crypto_akcipher_decrypt(req), &wait);
2327 	if (err) {
2328 		pr_err("alg: akcipher: decrypt test failed. err %d\n", err);
2329 		goto free_all;
2330 	}
2331 	out_len = req->dst_len;
2332 	if (out_len < vecs->m_size) {
2333 		pr_err("alg: akcipher: decrypt test failed. "
2334 		       "Invalid output len %u\n", out_len);
2335 		err = -EINVAL;
2336 		goto free_all;
2337 	}
2338 	/* verify that decrypted message is equal to the original msg */
2339 	if (memchr_inv(outbuf_dec, 0, out_len - vecs->m_size) ||
2340 	    memcmp(vecs->m, outbuf_dec + out_len - vecs->m_size,
2341 		   vecs->m_size)) {
2342 		pr_err("alg: akcipher: decrypt test failed. Invalid output\n");
2343 		hexdump(outbuf_dec, out_len);
2344 		err = -EINVAL;
2345 	}
2346 free_all:
2347 	kfree(outbuf_dec);
2348 	kfree(outbuf_enc);
2349 free_req:
2350 	akcipher_request_free(req);
2351 free_xbuf:
2352 	testmgr_free_buf(xbuf);
2353 	return err;
2354 }
2355 
2356 static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,
2357 			 const struct akcipher_testvec *vecs,
2358 			 unsigned int tcount)
2359 {
2360 	const char *algo =
2361 		crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm));
2362 	int ret, i;
2363 
2364 	for (i = 0; i < tcount; i++) {
2365 		ret = test_akcipher_one(tfm, vecs++);
2366 		if (!ret)
2367 			continue;
2368 
2369 		pr_err("alg: akcipher: test %d failed for %s, err=%d\n",
2370 		       i + 1, algo, ret);
2371 		return ret;
2372 	}
2373 	return 0;
2374 }
2375 
2376 static int alg_test_akcipher(const struct alg_test_desc *desc,
2377 			     const char *driver, u32 type, u32 mask)
2378 {
2379 	struct crypto_akcipher *tfm;
2380 	int err = 0;
2381 
2382 	tfm = crypto_alloc_akcipher(driver, type, mask);
2383 	if (IS_ERR(tfm)) {
2384 		pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n",
2385 		       driver, PTR_ERR(tfm));
2386 		return PTR_ERR(tfm);
2387 	}
2388 	if (desc->suite.akcipher.vecs)
2389 		err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs,
2390 				    desc->suite.akcipher.count);
2391 
2392 	crypto_free_akcipher(tfm);
2393 	return err;
2394 }
2395 
2396 static int alg_test_null(const struct alg_test_desc *desc,
2397 			     const char *driver, u32 type, u32 mask)
2398 {
2399 	return 0;
2400 }
2401 
2402 #define __VECS(tv)	{ .vecs = tv, .count = ARRAY_SIZE(tv) }
2403 
2404 /* Please keep this list sorted by algorithm name. */
2405 static const struct alg_test_desc alg_test_descs[] = {
2406 	{
2407 		.alg = "adiantum(xchacha12,aes)",
2408 		.test = alg_test_skcipher,
2409 		.suite = {
2410 			.cipher = __VECS(adiantum_xchacha12_aes_tv_template)
2411 		},
2412 	}, {
2413 		.alg = "adiantum(xchacha20,aes)",
2414 		.test = alg_test_skcipher,
2415 		.suite = {
2416 			.cipher = __VECS(adiantum_xchacha20_aes_tv_template)
2417 		},
2418 	}, {
2419 		.alg = "aegis128",
2420 		.test = alg_test_aead,
2421 		.suite = {
2422 			.aead = {
2423 				.enc = __VECS(aegis128_enc_tv_template),
2424 				.dec = __VECS(aegis128_dec_tv_template),
2425 			}
2426 		}
2427 	}, {
2428 		.alg = "aegis128l",
2429 		.test = alg_test_aead,
2430 		.suite = {
2431 			.aead = {
2432 				.enc = __VECS(aegis128l_enc_tv_template),
2433 				.dec = __VECS(aegis128l_dec_tv_template),
2434 			}
2435 		}
2436 	}, {
2437 		.alg = "aegis256",
2438 		.test = alg_test_aead,
2439 		.suite = {
2440 			.aead = {
2441 				.enc = __VECS(aegis256_enc_tv_template),
2442 				.dec = __VECS(aegis256_dec_tv_template),
2443 			}
2444 		}
2445 	}, {
2446 		.alg = "ansi_cprng",
2447 		.test = alg_test_cprng,
2448 		.suite = {
2449 			.cprng = __VECS(ansi_cprng_aes_tv_template)
2450 		}
2451 	}, {
2452 		.alg = "authenc(hmac(md5),ecb(cipher_null))",
2453 		.test = alg_test_aead,
2454 		.suite = {
2455 			.aead = {
2456 				.enc = __VECS(hmac_md5_ecb_cipher_null_enc_tv_template),
2457 				.dec = __VECS(hmac_md5_ecb_cipher_null_dec_tv_template)
2458 			}
2459 		}
2460 	}, {
2461 		.alg = "authenc(hmac(sha1),cbc(aes))",
2462 		.test = alg_test_aead,
2463 		.fips_allowed = 1,
2464 		.suite = {
2465 			.aead = {
2466 				.enc = __VECS(hmac_sha1_aes_cbc_enc_tv_temp)
2467 			}
2468 		}
2469 	}, {
2470 		.alg = "authenc(hmac(sha1),cbc(des))",
2471 		.test = alg_test_aead,
2472 		.suite = {
2473 			.aead = {
2474 				.enc = __VECS(hmac_sha1_des_cbc_enc_tv_temp)
2475 			}
2476 		}
2477 	}, {
2478 		.alg = "authenc(hmac(sha1),cbc(des3_ede))",
2479 		.test = alg_test_aead,
2480 		.fips_allowed = 1,
2481 		.suite = {
2482 			.aead = {
2483 				.enc = __VECS(hmac_sha1_des3_ede_cbc_enc_tv_temp)
2484 			}
2485 		}
2486 	}, {
2487 		.alg = "authenc(hmac(sha1),ctr(aes))",
2488 		.test = alg_test_null,
2489 		.fips_allowed = 1,
2490 	}, {
2491 		.alg = "authenc(hmac(sha1),ecb(cipher_null))",
2492 		.test = alg_test_aead,
2493 		.suite = {
2494 			.aead = {
2495 				.enc = __VECS(hmac_sha1_ecb_cipher_null_enc_tv_temp),
2496 				.dec = __VECS(hmac_sha1_ecb_cipher_null_dec_tv_temp)
2497 			}
2498 		}
2499 	}, {
2500 		.alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
2501 		.test = alg_test_null,
2502 		.fips_allowed = 1,
2503 	}, {
2504 		.alg = "authenc(hmac(sha224),cbc(des))",
2505 		.test = alg_test_aead,
2506 		.suite = {
2507 			.aead = {
2508 				.enc = __VECS(hmac_sha224_des_cbc_enc_tv_temp)
2509 			}
2510 		}
2511 	}, {
2512 		.alg = "authenc(hmac(sha224),cbc(des3_ede))",
2513 		.test = alg_test_aead,
2514 		.fips_allowed = 1,
2515 		.suite = {
2516 			.aead = {
2517 				.enc = __VECS(hmac_sha224_des3_ede_cbc_enc_tv_temp)
2518 			}
2519 		}
2520 	}, {
2521 		.alg = "authenc(hmac(sha256),cbc(aes))",
2522 		.test = alg_test_aead,
2523 		.fips_allowed = 1,
2524 		.suite = {
2525 			.aead = {
2526 				.enc = __VECS(hmac_sha256_aes_cbc_enc_tv_temp)
2527 			}
2528 		}
2529 	}, {
2530 		.alg = "authenc(hmac(sha256),cbc(des))",
2531 		.test = alg_test_aead,
2532 		.suite = {
2533 			.aead = {
2534 				.enc = __VECS(hmac_sha256_des_cbc_enc_tv_temp)
2535 			}
2536 		}
2537 	}, {
2538 		.alg = "authenc(hmac(sha256),cbc(des3_ede))",
2539 		.test = alg_test_aead,
2540 		.fips_allowed = 1,
2541 		.suite = {
2542 			.aead = {
2543 				.enc = __VECS(hmac_sha256_des3_ede_cbc_enc_tv_temp)
2544 			}
2545 		}
2546 	}, {
2547 		.alg = "authenc(hmac(sha256),ctr(aes))",
2548 		.test = alg_test_null,
2549 		.fips_allowed = 1,
2550 	}, {
2551 		.alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
2552 		.test = alg_test_null,
2553 		.fips_allowed = 1,
2554 	}, {
2555 		.alg = "authenc(hmac(sha384),cbc(des))",
2556 		.test = alg_test_aead,
2557 		.suite = {
2558 			.aead = {
2559 				.enc = __VECS(hmac_sha384_des_cbc_enc_tv_temp)
2560 			}
2561 		}
2562 	}, {
2563 		.alg = "authenc(hmac(sha384),cbc(des3_ede))",
2564 		.test = alg_test_aead,
2565 		.fips_allowed = 1,
2566 		.suite = {
2567 			.aead = {
2568 				.enc = __VECS(hmac_sha384_des3_ede_cbc_enc_tv_temp)
2569 			}
2570 		}
2571 	}, {
2572 		.alg = "authenc(hmac(sha384),ctr(aes))",
2573 		.test = alg_test_null,
2574 		.fips_allowed = 1,
2575 	}, {
2576 		.alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
2577 		.test = alg_test_null,
2578 		.fips_allowed = 1,
2579 	}, {
2580 		.alg = "authenc(hmac(sha512),cbc(aes))",
2581 		.fips_allowed = 1,
2582 		.test = alg_test_aead,
2583 		.suite = {
2584 			.aead = {
2585 				.enc = __VECS(hmac_sha512_aes_cbc_enc_tv_temp)
2586 			}
2587 		}
2588 	}, {
2589 		.alg = "authenc(hmac(sha512),cbc(des))",
2590 		.test = alg_test_aead,
2591 		.suite = {
2592 			.aead = {
2593 				.enc = __VECS(hmac_sha512_des_cbc_enc_tv_temp)
2594 			}
2595 		}
2596 	}, {
2597 		.alg = "authenc(hmac(sha512),cbc(des3_ede))",
2598 		.test = alg_test_aead,
2599 		.fips_allowed = 1,
2600 		.suite = {
2601 			.aead = {
2602 				.enc = __VECS(hmac_sha512_des3_ede_cbc_enc_tv_temp)
2603 			}
2604 		}
2605 	}, {
2606 		.alg = "authenc(hmac(sha512),ctr(aes))",
2607 		.test = alg_test_null,
2608 		.fips_allowed = 1,
2609 	}, {
2610 		.alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
2611 		.test = alg_test_null,
2612 		.fips_allowed = 1,
2613 	}, {
2614 		.alg = "cbc(aes)",
2615 		.test = alg_test_skcipher,
2616 		.fips_allowed = 1,
2617 		.suite = {
2618 			.cipher = __VECS(aes_cbc_tv_template)
2619 		},
2620 	}, {
2621 		.alg = "cbc(anubis)",
2622 		.test = alg_test_skcipher,
2623 		.suite = {
2624 			.cipher = __VECS(anubis_cbc_tv_template)
2625 		},
2626 	}, {
2627 		.alg = "cbc(blowfish)",
2628 		.test = alg_test_skcipher,
2629 		.suite = {
2630 			.cipher = __VECS(bf_cbc_tv_template)
2631 		},
2632 	}, {
2633 		.alg = "cbc(camellia)",
2634 		.test = alg_test_skcipher,
2635 		.suite = {
2636 			.cipher = __VECS(camellia_cbc_tv_template)
2637 		},
2638 	}, {
2639 		.alg = "cbc(cast5)",
2640 		.test = alg_test_skcipher,
2641 		.suite = {
2642 			.cipher = __VECS(cast5_cbc_tv_template)
2643 		},
2644 	}, {
2645 		.alg = "cbc(cast6)",
2646 		.test = alg_test_skcipher,
2647 		.suite = {
2648 			.cipher = __VECS(cast6_cbc_tv_template)
2649 		},
2650 	}, {
2651 		.alg = "cbc(des)",
2652 		.test = alg_test_skcipher,
2653 		.suite = {
2654 			.cipher = __VECS(des_cbc_tv_template)
2655 		},
2656 	}, {
2657 		.alg = "cbc(des3_ede)",
2658 		.test = alg_test_skcipher,
2659 		.fips_allowed = 1,
2660 		.suite = {
2661 			.cipher = __VECS(des3_ede_cbc_tv_template)
2662 		},
2663 	}, {
2664 		/* Same as cbc(aes) except the key is stored in
2665 		 * hardware secure memory which we reference by index
2666 		 */
2667 		.alg = "cbc(paes)",
2668 		.test = alg_test_null,
2669 		.fips_allowed = 1,
2670 	}, {
2671 		.alg = "cbc(serpent)",
2672 		.test = alg_test_skcipher,
2673 		.suite = {
2674 			.cipher = __VECS(serpent_cbc_tv_template)
2675 		},
2676 	}, {
2677 		.alg = "cbc(sm4)",
2678 		.test = alg_test_skcipher,
2679 		.suite = {
2680 			.cipher = __VECS(sm4_cbc_tv_template)
2681 		}
2682 	}, {
2683 		.alg = "cbc(twofish)",
2684 		.test = alg_test_skcipher,
2685 		.suite = {
2686 			.cipher = __VECS(tf_cbc_tv_template)
2687 		},
2688 	}, {
2689 		.alg = "cbcmac(aes)",
2690 		.fips_allowed = 1,
2691 		.test = alg_test_hash,
2692 		.suite = {
2693 			.hash = __VECS(aes_cbcmac_tv_template)
2694 		}
2695 	}, {
2696 		.alg = "ccm(aes)",
2697 		.test = alg_test_aead,
2698 		.fips_allowed = 1,
2699 		.suite = {
2700 			.aead = {
2701 				.enc = __VECS(aes_ccm_enc_tv_template),
2702 				.dec = __VECS(aes_ccm_dec_tv_template)
2703 			}
2704 		}
2705 	}, {
2706 		.alg = "cfb(aes)",
2707 		.test = alg_test_skcipher,
2708 		.fips_allowed = 1,
2709 		.suite = {
2710 			.cipher = __VECS(aes_cfb_tv_template)
2711 		},
2712 	}, {
2713 		.alg = "chacha20",
2714 		.test = alg_test_skcipher,
2715 		.suite = {
2716 			.cipher = __VECS(chacha20_tv_template)
2717 		},
2718 	}, {
2719 		.alg = "cmac(aes)",
2720 		.fips_allowed = 1,
2721 		.test = alg_test_hash,
2722 		.suite = {
2723 			.hash = __VECS(aes_cmac128_tv_template)
2724 		}
2725 	}, {
2726 		.alg = "cmac(des3_ede)",
2727 		.fips_allowed = 1,
2728 		.test = alg_test_hash,
2729 		.suite = {
2730 			.hash = __VECS(des3_ede_cmac64_tv_template)
2731 		}
2732 	}, {
2733 		.alg = "compress_null",
2734 		.test = alg_test_null,
2735 	}, {
2736 		.alg = "crc32",
2737 		.test = alg_test_hash,
2738 		.suite = {
2739 			.hash = __VECS(crc32_tv_template)
2740 		}
2741 	}, {
2742 		.alg = "crc32c",
2743 		.test = alg_test_crc32c,
2744 		.fips_allowed = 1,
2745 		.suite = {
2746 			.hash = __VECS(crc32c_tv_template)
2747 		}
2748 	}, {
2749 		.alg = "crct10dif",
2750 		.test = alg_test_hash,
2751 		.fips_allowed = 1,
2752 		.suite = {
2753 			.hash = __VECS(crct10dif_tv_template)
2754 		}
2755 	}, {
2756 		.alg = "ctr(aes)",
2757 		.test = alg_test_skcipher,
2758 		.fips_allowed = 1,
2759 		.suite = {
2760 			.cipher = __VECS(aes_ctr_tv_template)
2761 		}
2762 	}, {
2763 		.alg = "ctr(blowfish)",
2764 		.test = alg_test_skcipher,
2765 		.suite = {
2766 			.cipher = __VECS(bf_ctr_tv_template)
2767 		}
2768 	}, {
2769 		.alg = "ctr(camellia)",
2770 		.test = alg_test_skcipher,
2771 		.suite = {
2772 			.cipher = __VECS(camellia_ctr_tv_template)
2773 		}
2774 	}, {
2775 		.alg = "ctr(cast5)",
2776 		.test = alg_test_skcipher,
2777 		.suite = {
2778 			.cipher = __VECS(cast5_ctr_tv_template)
2779 		}
2780 	}, {
2781 		.alg = "ctr(cast6)",
2782 		.test = alg_test_skcipher,
2783 		.suite = {
2784 			.cipher = __VECS(cast6_ctr_tv_template)
2785 		}
2786 	}, {
2787 		.alg = "ctr(des)",
2788 		.test = alg_test_skcipher,
2789 		.suite = {
2790 			.cipher = __VECS(des_ctr_tv_template)
2791 		}
2792 	}, {
2793 		.alg = "ctr(des3_ede)",
2794 		.test = alg_test_skcipher,
2795 		.fips_allowed = 1,
2796 		.suite = {
2797 			.cipher = __VECS(des3_ede_ctr_tv_template)
2798 		}
2799 	}, {
2800 		/* Same as ctr(aes) except the key is stored in
2801 		 * hardware secure memory which we reference by index
2802 		 */
2803 		.alg = "ctr(paes)",
2804 		.test = alg_test_null,
2805 		.fips_allowed = 1,
2806 	}, {
2807 		.alg = "ctr(serpent)",
2808 		.test = alg_test_skcipher,
2809 		.suite = {
2810 			.cipher = __VECS(serpent_ctr_tv_template)
2811 		}
2812 	}, {
2813 		.alg = "ctr(sm4)",
2814 		.test = alg_test_skcipher,
2815 		.suite = {
2816 			.cipher = __VECS(sm4_ctr_tv_template)
2817 		}
2818 	}, {
2819 		.alg = "ctr(twofish)",
2820 		.test = alg_test_skcipher,
2821 		.suite = {
2822 			.cipher = __VECS(tf_ctr_tv_template)
2823 		}
2824 	}, {
2825 		.alg = "cts(cbc(aes))",
2826 		.test = alg_test_skcipher,
2827 		.fips_allowed = 1,
2828 		.suite = {
2829 			.cipher = __VECS(cts_mode_tv_template)
2830 		}
2831 	}, {
2832 		.alg = "deflate",
2833 		.test = alg_test_comp,
2834 		.fips_allowed = 1,
2835 		.suite = {
2836 			.comp = {
2837 				.comp = __VECS(deflate_comp_tv_template),
2838 				.decomp = __VECS(deflate_decomp_tv_template)
2839 			}
2840 		}
2841 	}, {
2842 		.alg = "dh",
2843 		.test = alg_test_kpp,
2844 		.fips_allowed = 1,
2845 		.suite = {
2846 			.kpp = __VECS(dh_tv_template)
2847 		}
2848 	}, {
2849 		.alg = "digest_null",
2850 		.test = alg_test_null,
2851 	}, {
2852 		.alg = "drbg_nopr_ctr_aes128",
2853 		.test = alg_test_drbg,
2854 		.fips_allowed = 1,
2855 		.suite = {
2856 			.drbg = __VECS(drbg_nopr_ctr_aes128_tv_template)
2857 		}
2858 	}, {
2859 		.alg = "drbg_nopr_ctr_aes192",
2860 		.test = alg_test_drbg,
2861 		.fips_allowed = 1,
2862 		.suite = {
2863 			.drbg = __VECS(drbg_nopr_ctr_aes192_tv_template)
2864 		}
2865 	}, {
2866 		.alg = "drbg_nopr_ctr_aes256",
2867 		.test = alg_test_drbg,
2868 		.fips_allowed = 1,
2869 		.suite = {
2870 			.drbg = __VECS(drbg_nopr_ctr_aes256_tv_template)
2871 		}
2872 	}, {
2873 		/*
2874 		 * There is no need to specifically test the DRBG with every
2875 		 * backend cipher -- covered by drbg_nopr_hmac_sha256 test
2876 		 */
2877 		.alg = "drbg_nopr_hmac_sha1",
2878 		.fips_allowed = 1,
2879 		.test = alg_test_null,
2880 	}, {
2881 		.alg = "drbg_nopr_hmac_sha256",
2882 		.test = alg_test_drbg,
2883 		.fips_allowed = 1,
2884 		.suite = {
2885 			.drbg = __VECS(drbg_nopr_hmac_sha256_tv_template)
2886 		}
2887 	}, {
2888 		/* covered by drbg_nopr_hmac_sha256 test */
2889 		.alg = "drbg_nopr_hmac_sha384",
2890 		.fips_allowed = 1,
2891 		.test = alg_test_null,
2892 	}, {
2893 		.alg = "drbg_nopr_hmac_sha512",
2894 		.test = alg_test_null,
2895 		.fips_allowed = 1,
2896 	}, {
2897 		.alg = "drbg_nopr_sha1",
2898 		.fips_allowed = 1,
2899 		.test = alg_test_null,
2900 	}, {
2901 		.alg = "drbg_nopr_sha256",
2902 		.test = alg_test_drbg,
2903 		.fips_allowed = 1,
2904 		.suite = {
2905 			.drbg = __VECS(drbg_nopr_sha256_tv_template)
2906 		}
2907 	}, {
2908 		/* covered by drbg_nopr_sha256 test */
2909 		.alg = "drbg_nopr_sha384",
2910 		.fips_allowed = 1,
2911 		.test = alg_test_null,
2912 	}, {
2913 		.alg = "drbg_nopr_sha512",
2914 		.fips_allowed = 1,
2915 		.test = alg_test_null,
2916 	}, {
2917 		.alg = "drbg_pr_ctr_aes128",
2918 		.test = alg_test_drbg,
2919 		.fips_allowed = 1,
2920 		.suite = {
2921 			.drbg = __VECS(drbg_pr_ctr_aes128_tv_template)
2922 		}
2923 	}, {
2924 		/* covered by drbg_pr_ctr_aes128 test */
2925 		.alg = "drbg_pr_ctr_aes192",
2926 		.fips_allowed = 1,
2927 		.test = alg_test_null,
2928 	}, {
2929 		.alg = "drbg_pr_ctr_aes256",
2930 		.fips_allowed = 1,
2931 		.test = alg_test_null,
2932 	}, {
2933 		.alg = "drbg_pr_hmac_sha1",
2934 		.fips_allowed = 1,
2935 		.test = alg_test_null,
2936 	}, {
2937 		.alg = "drbg_pr_hmac_sha256",
2938 		.test = alg_test_drbg,
2939 		.fips_allowed = 1,
2940 		.suite = {
2941 			.drbg = __VECS(drbg_pr_hmac_sha256_tv_template)
2942 		}
2943 	}, {
2944 		/* covered by drbg_pr_hmac_sha256 test */
2945 		.alg = "drbg_pr_hmac_sha384",
2946 		.fips_allowed = 1,
2947 		.test = alg_test_null,
2948 	}, {
2949 		.alg = "drbg_pr_hmac_sha512",
2950 		.test = alg_test_null,
2951 		.fips_allowed = 1,
2952 	}, {
2953 		.alg = "drbg_pr_sha1",
2954 		.fips_allowed = 1,
2955 		.test = alg_test_null,
2956 	}, {
2957 		.alg = "drbg_pr_sha256",
2958 		.test = alg_test_drbg,
2959 		.fips_allowed = 1,
2960 		.suite = {
2961 			.drbg = __VECS(drbg_pr_sha256_tv_template)
2962 		}
2963 	}, {
2964 		/* covered by drbg_pr_sha256 test */
2965 		.alg = "drbg_pr_sha384",
2966 		.fips_allowed = 1,
2967 		.test = alg_test_null,
2968 	}, {
2969 		.alg = "drbg_pr_sha512",
2970 		.fips_allowed = 1,
2971 		.test = alg_test_null,
2972 	}, {
2973 		.alg = "ecb(aes)",
2974 		.test = alg_test_skcipher,
2975 		.fips_allowed = 1,
2976 		.suite = {
2977 			.cipher = __VECS(aes_tv_template)
2978 		}
2979 	}, {
2980 		.alg = "ecb(anubis)",
2981 		.test = alg_test_skcipher,
2982 		.suite = {
2983 			.cipher = __VECS(anubis_tv_template)
2984 		}
2985 	}, {
2986 		.alg = "ecb(arc4)",
2987 		.test = alg_test_skcipher,
2988 		.suite = {
2989 			.cipher = __VECS(arc4_tv_template)
2990 		}
2991 	}, {
2992 		.alg = "ecb(blowfish)",
2993 		.test = alg_test_skcipher,
2994 		.suite = {
2995 			.cipher = __VECS(bf_tv_template)
2996 		}
2997 	}, {
2998 		.alg = "ecb(camellia)",
2999 		.test = alg_test_skcipher,
3000 		.suite = {
3001 			.cipher = __VECS(camellia_tv_template)
3002 		}
3003 	}, {
3004 		.alg = "ecb(cast5)",
3005 		.test = alg_test_skcipher,
3006 		.suite = {
3007 			.cipher = __VECS(cast5_tv_template)
3008 		}
3009 	}, {
3010 		.alg = "ecb(cast6)",
3011 		.test = alg_test_skcipher,
3012 		.suite = {
3013 			.cipher = __VECS(cast6_tv_template)
3014 		}
3015 	}, {
3016 		.alg = "ecb(cipher_null)",
3017 		.test = alg_test_null,
3018 		.fips_allowed = 1,
3019 	}, {
3020 		.alg = "ecb(des)",
3021 		.test = alg_test_skcipher,
3022 		.suite = {
3023 			.cipher = __VECS(des_tv_template)
3024 		}
3025 	}, {
3026 		.alg = "ecb(des3_ede)",
3027 		.test = alg_test_skcipher,
3028 		.fips_allowed = 1,
3029 		.suite = {
3030 			.cipher = __VECS(des3_ede_tv_template)
3031 		}
3032 	}, {
3033 		.alg = "ecb(fcrypt)",
3034 		.test = alg_test_skcipher,
3035 		.suite = {
3036 			.cipher = {
3037 				.vecs = fcrypt_pcbc_tv_template,
3038 				.count = 1
3039 			}
3040 		}
3041 	}, {
3042 		.alg = "ecb(khazad)",
3043 		.test = alg_test_skcipher,
3044 		.suite = {
3045 			.cipher = __VECS(khazad_tv_template)
3046 		}
3047 	}, {
3048 		/* Same as ecb(aes) except the key is stored in
3049 		 * hardware secure memory which we reference by index
3050 		 */
3051 		.alg = "ecb(paes)",
3052 		.test = alg_test_null,
3053 		.fips_allowed = 1,
3054 	}, {
3055 		.alg = "ecb(seed)",
3056 		.test = alg_test_skcipher,
3057 		.suite = {
3058 			.cipher = __VECS(seed_tv_template)
3059 		}
3060 	}, {
3061 		.alg = "ecb(serpent)",
3062 		.test = alg_test_skcipher,
3063 		.suite = {
3064 			.cipher = __VECS(serpent_tv_template)
3065 		}
3066 	}, {
3067 		.alg = "ecb(sm4)",
3068 		.test = alg_test_skcipher,
3069 		.suite = {
3070 			.cipher = __VECS(sm4_tv_template)
3071 		}
3072 	}, {
3073 		.alg = "ecb(tea)",
3074 		.test = alg_test_skcipher,
3075 		.suite = {
3076 			.cipher = __VECS(tea_tv_template)
3077 		}
3078 	}, {
3079 		.alg = "ecb(tnepres)",
3080 		.test = alg_test_skcipher,
3081 		.suite = {
3082 			.cipher = __VECS(tnepres_tv_template)
3083 		}
3084 	}, {
3085 		.alg = "ecb(twofish)",
3086 		.test = alg_test_skcipher,
3087 		.suite = {
3088 			.cipher = __VECS(tf_tv_template)
3089 		}
3090 	}, {
3091 		.alg = "ecb(xeta)",
3092 		.test = alg_test_skcipher,
3093 		.suite = {
3094 			.cipher = __VECS(xeta_tv_template)
3095 		}
3096 	}, {
3097 		.alg = "ecb(xtea)",
3098 		.test = alg_test_skcipher,
3099 		.suite = {
3100 			.cipher = __VECS(xtea_tv_template)
3101 		}
3102 	}, {
3103 		.alg = "ecdh",
3104 		.test = alg_test_kpp,
3105 		.fips_allowed = 1,
3106 		.suite = {
3107 			.kpp = __VECS(ecdh_tv_template)
3108 		}
3109 	}, {
3110 		.alg = "gcm(aes)",
3111 		.test = alg_test_aead,
3112 		.fips_allowed = 1,
3113 		.suite = {
3114 			.aead = {
3115 				.enc = __VECS(aes_gcm_enc_tv_template),
3116 				.dec = __VECS(aes_gcm_dec_tv_template)
3117 			}
3118 		}
3119 	}, {
3120 		.alg = "ghash",
3121 		.test = alg_test_hash,
3122 		.fips_allowed = 1,
3123 		.suite = {
3124 			.hash = __VECS(ghash_tv_template)
3125 		}
3126 	}, {
3127 		.alg = "hmac(md5)",
3128 		.test = alg_test_hash,
3129 		.suite = {
3130 			.hash = __VECS(hmac_md5_tv_template)
3131 		}
3132 	}, {
3133 		.alg = "hmac(rmd128)",
3134 		.test = alg_test_hash,
3135 		.suite = {
3136 			.hash = __VECS(hmac_rmd128_tv_template)
3137 		}
3138 	}, {
3139 		.alg = "hmac(rmd160)",
3140 		.test = alg_test_hash,
3141 		.suite = {
3142 			.hash = __VECS(hmac_rmd160_tv_template)
3143 		}
3144 	}, {
3145 		.alg = "hmac(sha1)",
3146 		.test = alg_test_hash,
3147 		.fips_allowed = 1,
3148 		.suite = {
3149 			.hash = __VECS(hmac_sha1_tv_template)
3150 		}
3151 	}, {
3152 		.alg = "hmac(sha224)",
3153 		.test = alg_test_hash,
3154 		.fips_allowed = 1,
3155 		.suite = {
3156 			.hash = __VECS(hmac_sha224_tv_template)
3157 		}
3158 	}, {
3159 		.alg = "hmac(sha256)",
3160 		.test = alg_test_hash,
3161 		.fips_allowed = 1,
3162 		.suite = {
3163 			.hash = __VECS(hmac_sha256_tv_template)
3164 		}
3165 	}, {
3166 		.alg = "hmac(sha3-224)",
3167 		.test = alg_test_hash,
3168 		.fips_allowed = 1,
3169 		.suite = {
3170 			.hash = __VECS(hmac_sha3_224_tv_template)
3171 		}
3172 	}, {
3173 		.alg = "hmac(sha3-256)",
3174 		.test = alg_test_hash,
3175 		.fips_allowed = 1,
3176 		.suite = {
3177 			.hash = __VECS(hmac_sha3_256_tv_template)
3178 		}
3179 	}, {
3180 		.alg = "hmac(sha3-384)",
3181 		.test = alg_test_hash,
3182 		.fips_allowed = 1,
3183 		.suite = {
3184 			.hash = __VECS(hmac_sha3_384_tv_template)
3185 		}
3186 	}, {
3187 		.alg = "hmac(sha3-512)",
3188 		.test = alg_test_hash,
3189 		.fips_allowed = 1,
3190 		.suite = {
3191 			.hash = __VECS(hmac_sha3_512_tv_template)
3192 		}
3193 	}, {
3194 		.alg = "hmac(sha384)",
3195 		.test = alg_test_hash,
3196 		.fips_allowed = 1,
3197 		.suite = {
3198 			.hash = __VECS(hmac_sha384_tv_template)
3199 		}
3200 	}, {
3201 		.alg = "hmac(sha512)",
3202 		.test = alg_test_hash,
3203 		.fips_allowed = 1,
3204 		.suite = {
3205 			.hash = __VECS(hmac_sha512_tv_template)
3206 		}
3207 	}, {
3208 		.alg = "hmac(streebog256)",
3209 		.test = alg_test_hash,
3210 		.suite = {
3211 			.hash = __VECS(hmac_streebog256_tv_template)
3212 		}
3213 	}, {
3214 		.alg = "hmac(streebog512)",
3215 		.test = alg_test_hash,
3216 		.suite = {
3217 			.hash = __VECS(hmac_streebog512_tv_template)
3218 		}
3219 	}, {
3220 		.alg = "jitterentropy_rng",
3221 		.fips_allowed = 1,
3222 		.test = alg_test_null,
3223 	}, {
3224 		.alg = "kw(aes)",
3225 		.test = alg_test_skcipher,
3226 		.fips_allowed = 1,
3227 		.suite = {
3228 			.cipher = __VECS(aes_kw_tv_template)
3229 		}
3230 	}, {
3231 		.alg = "lrw(aes)",
3232 		.test = alg_test_skcipher,
3233 		.suite = {
3234 			.cipher = __VECS(aes_lrw_tv_template)
3235 		}
3236 	}, {
3237 		.alg = "lrw(camellia)",
3238 		.test = alg_test_skcipher,
3239 		.suite = {
3240 			.cipher = __VECS(camellia_lrw_tv_template)
3241 		}
3242 	}, {
3243 		.alg = "lrw(cast6)",
3244 		.test = alg_test_skcipher,
3245 		.suite = {
3246 			.cipher = __VECS(cast6_lrw_tv_template)
3247 		}
3248 	}, {
3249 		.alg = "lrw(serpent)",
3250 		.test = alg_test_skcipher,
3251 		.suite = {
3252 			.cipher = __VECS(serpent_lrw_tv_template)
3253 		}
3254 	}, {
3255 		.alg = "lrw(twofish)",
3256 		.test = alg_test_skcipher,
3257 		.suite = {
3258 			.cipher = __VECS(tf_lrw_tv_template)
3259 		}
3260 	}, {
3261 		.alg = "lz4",
3262 		.test = alg_test_comp,
3263 		.fips_allowed = 1,
3264 		.suite = {
3265 			.comp = {
3266 				.comp = __VECS(lz4_comp_tv_template),
3267 				.decomp = __VECS(lz4_decomp_tv_template)
3268 			}
3269 		}
3270 	}, {
3271 		.alg = "lz4hc",
3272 		.test = alg_test_comp,
3273 		.fips_allowed = 1,
3274 		.suite = {
3275 			.comp = {
3276 				.comp = __VECS(lz4hc_comp_tv_template),
3277 				.decomp = __VECS(lz4hc_decomp_tv_template)
3278 			}
3279 		}
3280 	}, {
3281 		.alg = "lzo",
3282 		.test = alg_test_comp,
3283 		.fips_allowed = 1,
3284 		.suite = {
3285 			.comp = {
3286 				.comp = __VECS(lzo_comp_tv_template),
3287 				.decomp = __VECS(lzo_decomp_tv_template)
3288 			}
3289 		}
3290 	}, {
3291 		.alg = "md4",
3292 		.test = alg_test_hash,
3293 		.suite = {
3294 			.hash = __VECS(md4_tv_template)
3295 		}
3296 	}, {
3297 		.alg = "md5",
3298 		.test = alg_test_hash,
3299 		.suite = {
3300 			.hash = __VECS(md5_tv_template)
3301 		}
3302 	}, {
3303 		.alg = "michael_mic",
3304 		.test = alg_test_hash,
3305 		.suite = {
3306 			.hash = __VECS(michael_mic_tv_template)
3307 		}
3308 	}, {
3309 		.alg = "morus1280",
3310 		.test = alg_test_aead,
3311 		.suite = {
3312 			.aead = {
3313 				.enc = __VECS(morus1280_enc_tv_template),
3314 				.dec = __VECS(morus1280_dec_tv_template),
3315 			}
3316 		}
3317 	}, {
3318 		.alg = "morus640",
3319 		.test = alg_test_aead,
3320 		.suite = {
3321 			.aead = {
3322 				.enc = __VECS(morus640_enc_tv_template),
3323 				.dec = __VECS(morus640_dec_tv_template),
3324 			}
3325 		}
3326 	}, {
3327 		.alg = "nhpoly1305",
3328 		.test = alg_test_hash,
3329 		.suite = {
3330 			.hash = __VECS(nhpoly1305_tv_template)
3331 		}
3332 	}, {
3333 		.alg = "ofb(aes)",
3334 		.test = alg_test_skcipher,
3335 		.fips_allowed = 1,
3336 		.suite = {
3337 			.cipher = __VECS(aes_ofb_tv_template)
3338 		}
3339 	}, {
3340 		/* Same as ofb(aes) except the key is stored in
3341 		 * hardware secure memory which we reference by index
3342 		 */
3343 		.alg = "ofb(paes)",
3344 		.test = alg_test_null,
3345 		.fips_allowed = 1,
3346 	}, {
3347 		.alg = "pcbc(fcrypt)",
3348 		.test = alg_test_skcipher,
3349 		.suite = {
3350 			.cipher = __VECS(fcrypt_pcbc_tv_template)
3351 		}
3352 	}, {
3353 		.alg = "pkcs1pad(rsa,sha224)",
3354 		.test = alg_test_null,
3355 		.fips_allowed = 1,
3356 	}, {
3357 		.alg = "pkcs1pad(rsa,sha256)",
3358 		.test = alg_test_akcipher,
3359 		.fips_allowed = 1,
3360 		.suite = {
3361 			.akcipher = __VECS(pkcs1pad_rsa_tv_template)
3362 		}
3363 	}, {
3364 		.alg = "pkcs1pad(rsa,sha384)",
3365 		.test = alg_test_null,
3366 		.fips_allowed = 1,
3367 	}, {
3368 		.alg = "pkcs1pad(rsa,sha512)",
3369 		.test = alg_test_null,
3370 		.fips_allowed = 1,
3371 	}, {
3372 		.alg = "poly1305",
3373 		.test = alg_test_hash,
3374 		.suite = {
3375 			.hash = __VECS(poly1305_tv_template)
3376 		}
3377 	}, {
3378 		.alg = "rfc3686(ctr(aes))",
3379 		.test = alg_test_skcipher,
3380 		.fips_allowed = 1,
3381 		.suite = {
3382 			.cipher = __VECS(aes_ctr_rfc3686_tv_template)
3383 		}
3384 	}, {
3385 		.alg = "rfc4106(gcm(aes))",
3386 		.test = alg_test_aead,
3387 		.fips_allowed = 1,
3388 		.suite = {
3389 			.aead = {
3390 				.enc = __VECS(aes_gcm_rfc4106_enc_tv_template),
3391 				.dec = __VECS(aes_gcm_rfc4106_dec_tv_template)
3392 			}
3393 		}
3394 	}, {
3395 		.alg = "rfc4309(ccm(aes))",
3396 		.test = alg_test_aead,
3397 		.fips_allowed = 1,
3398 		.suite = {
3399 			.aead = {
3400 				.enc = __VECS(aes_ccm_rfc4309_enc_tv_template),
3401 				.dec = __VECS(aes_ccm_rfc4309_dec_tv_template)
3402 			}
3403 		}
3404 	}, {
3405 		.alg = "rfc4543(gcm(aes))",
3406 		.test = alg_test_aead,
3407 		.suite = {
3408 			.aead = {
3409 				.enc = __VECS(aes_gcm_rfc4543_enc_tv_template),
3410 				.dec = __VECS(aes_gcm_rfc4543_dec_tv_template),
3411 			}
3412 		}
3413 	}, {
3414 		.alg = "rfc7539(chacha20,poly1305)",
3415 		.test = alg_test_aead,
3416 		.suite = {
3417 			.aead = {
3418 				.enc = __VECS(rfc7539_enc_tv_template),
3419 				.dec = __VECS(rfc7539_dec_tv_template),
3420 			}
3421 		}
3422 	}, {
3423 		.alg = "rfc7539esp(chacha20,poly1305)",
3424 		.test = alg_test_aead,
3425 		.suite = {
3426 			.aead = {
3427 				.enc = __VECS(rfc7539esp_enc_tv_template),
3428 				.dec = __VECS(rfc7539esp_dec_tv_template),
3429 			}
3430 		}
3431 	}, {
3432 		.alg = "rmd128",
3433 		.test = alg_test_hash,
3434 		.suite = {
3435 			.hash = __VECS(rmd128_tv_template)
3436 		}
3437 	}, {
3438 		.alg = "rmd160",
3439 		.test = alg_test_hash,
3440 		.suite = {
3441 			.hash = __VECS(rmd160_tv_template)
3442 		}
3443 	}, {
3444 		.alg = "rmd256",
3445 		.test = alg_test_hash,
3446 		.suite = {
3447 			.hash = __VECS(rmd256_tv_template)
3448 		}
3449 	}, {
3450 		.alg = "rmd320",
3451 		.test = alg_test_hash,
3452 		.suite = {
3453 			.hash = __VECS(rmd320_tv_template)
3454 		}
3455 	}, {
3456 		.alg = "rsa",
3457 		.test = alg_test_akcipher,
3458 		.fips_allowed = 1,
3459 		.suite = {
3460 			.akcipher = __VECS(rsa_tv_template)
3461 		}
3462 	}, {
3463 		.alg = "salsa20",
3464 		.test = alg_test_skcipher,
3465 		.suite = {
3466 			.cipher = __VECS(salsa20_stream_tv_template)
3467 		}
3468 	}, {
3469 		.alg = "sha1",
3470 		.test = alg_test_hash,
3471 		.fips_allowed = 1,
3472 		.suite = {
3473 			.hash = __VECS(sha1_tv_template)
3474 		}
3475 	}, {
3476 		.alg = "sha224",
3477 		.test = alg_test_hash,
3478 		.fips_allowed = 1,
3479 		.suite = {
3480 			.hash = __VECS(sha224_tv_template)
3481 		}
3482 	}, {
3483 		.alg = "sha256",
3484 		.test = alg_test_hash,
3485 		.fips_allowed = 1,
3486 		.suite = {
3487 			.hash = __VECS(sha256_tv_template)
3488 		}
3489 	}, {
3490 		.alg = "sha3-224",
3491 		.test = alg_test_hash,
3492 		.fips_allowed = 1,
3493 		.suite = {
3494 			.hash = __VECS(sha3_224_tv_template)
3495 		}
3496 	}, {
3497 		.alg = "sha3-256",
3498 		.test = alg_test_hash,
3499 		.fips_allowed = 1,
3500 		.suite = {
3501 			.hash = __VECS(sha3_256_tv_template)
3502 		}
3503 	}, {
3504 		.alg = "sha3-384",
3505 		.test = alg_test_hash,
3506 		.fips_allowed = 1,
3507 		.suite = {
3508 			.hash = __VECS(sha3_384_tv_template)
3509 		}
3510 	}, {
3511 		.alg = "sha3-512",
3512 		.test = alg_test_hash,
3513 		.fips_allowed = 1,
3514 		.suite = {
3515 			.hash = __VECS(sha3_512_tv_template)
3516 		}
3517 	}, {
3518 		.alg = "sha384",
3519 		.test = alg_test_hash,
3520 		.fips_allowed = 1,
3521 		.suite = {
3522 			.hash = __VECS(sha384_tv_template)
3523 		}
3524 	}, {
3525 		.alg = "sha512",
3526 		.test = alg_test_hash,
3527 		.fips_allowed = 1,
3528 		.suite = {
3529 			.hash = __VECS(sha512_tv_template)
3530 		}
3531 	}, {
3532 		.alg = "sm3",
3533 		.test = alg_test_hash,
3534 		.suite = {
3535 			.hash = __VECS(sm3_tv_template)
3536 		}
3537 	}, {
3538 		.alg = "streebog256",
3539 		.test = alg_test_hash,
3540 		.suite = {
3541 			.hash = __VECS(streebog256_tv_template)
3542 		}
3543 	}, {
3544 		.alg = "streebog512",
3545 		.test = alg_test_hash,
3546 		.suite = {
3547 			.hash = __VECS(streebog512_tv_template)
3548 		}
3549 	}, {
3550 		.alg = "tgr128",
3551 		.test = alg_test_hash,
3552 		.suite = {
3553 			.hash = __VECS(tgr128_tv_template)
3554 		}
3555 	}, {
3556 		.alg = "tgr160",
3557 		.test = alg_test_hash,
3558 		.suite = {
3559 			.hash = __VECS(tgr160_tv_template)
3560 		}
3561 	}, {
3562 		.alg = "tgr192",
3563 		.test = alg_test_hash,
3564 		.suite = {
3565 			.hash = __VECS(tgr192_tv_template)
3566 		}
3567 	}, {
3568 		.alg = "vmac64(aes)",
3569 		.test = alg_test_hash,
3570 		.suite = {
3571 			.hash = __VECS(vmac64_aes_tv_template)
3572 		}
3573 	}, {
3574 		.alg = "wp256",
3575 		.test = alg_test_hash,
3576 		.suite = {
3577 			.hash = __VECS(wp256_tv_template)
3578 		}
3579 	}, {
3580 		.alg = "wp384",
3581 		.test = alg_test_hash,
3582 		.suite = {
3583 			.hash = __VECS(wp384_tv_template)
3584 		}
3585 	}, {
3586 		.alg = "wp512",
3587 		.test = alg_test_hash,
3588 		.suite = {
3589 			.hash = __VECS(wp512_tv_template)
3590 		}
3591 	}, {
3592 		.alg = "xcbc(aes)",
3593 		.test = alg_test_hash,
3594 		.suite = {
3595 			.hash = __VECS(aes_xcbc128_tv_template)
3596 		}
3597 	}, {
3598 		.alg = "xchacha12",
3599 		.test = alg_test_skcipher,
3600 		.suite = {
3601 			.cipher = __VECS(xchacha12_tv_template)
3602 		},
3603 	}, {
3604 		.alg = "xchacha20",
3605 		.test = alg_test_skcipher,
3606 		.suite = {
3607 			.cipher = __VECS(xchacha20_tv_template)
3608 		},
3609 	}, {
3610 		.alg = "xts(aes)",
3611 		.test = alg_test_skcipher,
3612 		.fips_allowed = 1,
3613 		.suite = {
3614 			.cipher = __VECS(aes_xts_tv_template)
3615 		}
3616 	}, {
3617 		.alg = "xts(camellia)",
3618 		.test = alg_test_skcipher,
3619 		.suite = {
3620 			.cipher = __VECS(camellia_xts_tv_template)
3621 		}
3622 	}, {
3623 		.alg = "xts(cast6)",
3624 		.test = alg_test_skcipher,
3625 		.suite = {
3626 			.cipher = __VECS(cast6_xts_tv_template)
3627 		}
3628 	}, {
3629 		/* Same as xts(aes) except the key is stored in
3630 		 * hardware secure memory which we reference by index
3631 		 */
3632 		.alg = "xts(paes)",
3633 		.test = alg_test_null,
3634 		.fips_allowed = 1,
3635 	}, {
3636 		.alg = "xts(serpent)",
3637 		.test = alg_test_skcipher,
3638 		.suite = {
3639 			.cipher = __VECS(serpent_xts_tv_template)
3640 		}
3641 	}, {
3642 		.alg = "xts(twofish)",
3643 		.test = alg_test_skcipher,
3644 		.suite = {
3645 			.cipher = __VECS(tf_xts_tv_template)
3646 		}
3647 	}, {
3648 		.alg = "xts4096(paes)",
3649 		.test = alg_test_null,
3650 		.fips_allowed = 1,
3651 	}, {
3652 		.alg = "xts512(paes)",
3653 		.test = alg_test_null,
3654 		.fips_allowed = 1,
3655 	}, {
3656 		.alg = "zlib-deflate",
3657 		.test = alg_test_comp,
3658 		.fips_allowed = 1,
3659 		.suite = {
3660 			.comp = {
3661 				.comp = __VECS(zlib_deflate_comp_tv_template),
3662 				.decomp = __VECS(zlib_deflate_decomp_tv_template)
3663 			}
3664 		}
3665 	}, {
3666 		.alg = "zstd",
3667 		.test = alg_test_comp,
3668 		.fips_allowed = 1,
3669 		.suite = {
3670 			.comp = {
3671 				.comp = __VECS(zstd_comp_tv_template),
3672 				.decomp = __VECS(zstd_decomp_tv_template)
3673 			}
3674 		}
3675 	}
3676 };
3677 
3678 static bool alg_test_descs_checked;
3679 
3680 static void alg_test_descs_check_order(void)
3681 {
3682 	int i;
3683 
3684 	/* only check once */
3685 	if (alg_test_descs_checked)
3686 		return;
3687 
3688 	alg_test_descs_checked = true;
3689 
3690 	for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) {
3691 		int diff = strcmp(alg_test_descs[i - 1].alg,
3692 				  alg_test_descs[i].alg);
3693 
3694 		if (WARN_ON(diff > 0)) {
3695 			pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n",
3696 				alg_test_descs[i - 1].alg,
3697 				alg_test_descs[i].alg);
3698 		}
3699 
3700 		if (WARN_ON(diff == 0)) {
3701 			pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n",
3702 				alg_test_descs[i].alg);
3703 		}
3704 	}
3705 }
3706 
3707 static int alg_find_test(const char *alg)
3708 {
3709 	int start = 0;
3710 	int end = ARRAY_SIZE(alg_test_descs);
3711 
3712 	while (start < end) {
3713 		int i = (start + end) / 2;
3714 		int diff = strcmp(alg_test_descs[i].alg, alg);
3715 
3716 		if (diff > 0) {
3717 			end = i;
3718 			continue;
3719 		}
3720 
3721 		if (diff < 0) {
3722 			start = i + 1;
3723 			continue;
3724 		}
3725 
3726 		return i;
3727 	}
3728 
3729 	return -1;
3730 }
3731 
3732 int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
3733 {
3734 	int i;
3735 	int j;
3736 	int rc;
3737 
3738 	if (!fips_enabled && notests) {
3739 		printk_once(KERN_INFO "alg: self-tests disabled\n");
3740 		return 0;
3741 	}
3742 
3743 	alg_test_descs_check_order();
3744 
3745 	if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
3746 		char nalg[CRYPTO_MAX_ALG_NAME];
3747 
3748 		if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >=
3749 		    sizeof(nalg))
3750 			return -ENAMETOOLONG;
3751 
3752 		i = alg_find_test(nalg);
3753 		if (i < 0)
3754 			goto notest;
3755 
3756 		if (fips_enabled && !alg_test_descs[i].fips_allowed)
3757 			goto non_fips_alg;
3758 
3759 		rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
3760 		goto test_done;
3761 	}
3762 
3763 	i = alg_find_test(alg);
3764 	j = alg_find_test(driver);
3765 	if (i < 0 && j < 0)
3766 		goto notest;
3767 
3768 	if (fips_enabled && ((i >= 0 && !alg_test_descs[i].fips_allowed) ||
3769 			     (j >= 0 && !alg_test_descs[j].fips_allowed)))
3770 		goto non_fips_alg;
3771 
3772 	rc = 0;
3773 	if (i >= 0)
3774 		rc |= alg_test_descs[i].test(alg_test_descs + i, driver,
3775 					     type, mask);
3776 	if (j >= 0 && j != i)
3777 		rc |= alg_test_descs[j].test(alg_test_descs + j, driver,
3778 					     type, mask);
3779 
3780 test_done:
3781 	if (fips_enabled && rc)
3782 		panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
3783 
3784 	if (fips_enabled && !rc)
3785 		pr_info("alg: self-tests for %s (%s) passed\n", driver, alg);
3786 
3787 	return rc;
3788 
3789 notest:
3790 	printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
3791 	return 0;
3792 non_fips_alg:
3793 	return -EINVAL;
3794 }
3795 
3796 #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */
3797 
3798 EXPORT_SYMBOL_GPL(alg_test);
3799