1 /* 2 * Algorithm testing framework and tests. 3 * 4 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> 5 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org> 6 * Copyright (c) 2007 Nokia Siemens Networks 7 * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au> 8 * Copyright (c) 2019 Google LLC 9 * 10 * Updated RFC4106 AES-GCM testing. 11 * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com) 12 * Adrian Hoban <adrian.hoban@intel.com> 13 * Gabriele Paoloni <gabriele.paoloni@intel.com> 14 * Tadeusz Struk (tadeusz.struk@intel.com) 15 * Copyright (c) 2010, Intel Corporation. 16 * 17 * This program is free software; you can redistribute it and/or modify it 18 * under the terms of the GNU General Public License as published by the Free 19 * Software Foundation; either version 2 of the License, or (at your option) 20 * any later version. 21 * 22 */ 23 24 #include <crypto/aead.h> 25 #include <crypto/hash.h> 26 #include <crypto/skcipher.h> 27 #include <linux/err.h> 28 #include <linux/fips.h> 29 #include <linux/module.h> 30 #include <linux/once.h> 31 #include <linux/random.h> 32 #include <linux/scatterlist.h> 33 #include <linux/slab.h> 34 #include <linux/string.h> 35 #include <crypto/rng.h> 36 #include <crypto/drbg.h> 37 #include <crypto/akcipher.h> 38 #include <crypto/kpp.h> 39 #include <crypto/acompress.h> 40 41 #include "internal.h" 42 43 static bool notests; 44 module_param(notests, bool, 0644); 45 MODULE_PARM_DESC(notests, "disable crypto self-tests"); 46 47 #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS 48 static bool noextratests; 49 module_param(noextratests, bool, 0644); 50 MODULE_PARM_DESC(noextratests, "disable expensive crypto self-tests"); 51 52 static unsigned int fuzz_iterations = 100; 53 module_param(fuzz_iterations, uint, 0644); 54 MODULE_PARM_DESC(fuzz_iterations, "number of fuzz test iterations"); 55 #endif 56 57 #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS 58 59 /* a perfect nop */ 60 int alg_test(const char *driver, const char *alg, u32 type, u32 mask) 61 { 62 return 0; 63 } 64 65 #else 66 67 #include "testmgr.h" 68 69 /* 70 * Need slab memory for testing (size in number of pages). 71 */ 72 #define XBUFSIZE 8 73 74 /* 75 * Used by test_cipher() 76 */ 77 #define ENCRYPT 1 78 #define DECRYPT 0 79 80 struct aead_test_suite { 81 const struct aead_testvec *vecs; 82 unsigned int count; 83 }; 84 85 struct cipher_test_suite { 86 const struct cipher_testvec *vecs; 87 unsigned int count; 88 }; 89 90 struct comp_test_suite { 91 struct { 92 const struct comp_testvec *vecs; 93 unsigned int count; 94 } comp, decomp; 95 }; 96 97 struct hash_test_suite { 98 const struct hash_testvec *vecs; 99 unsigned int count; 100 }; 101 102 struct cprng_test_suite { 103 const struct cprng_testvec *vecs; 104 unsigned int count; 105 }; 106 107 struct drbg_test_suite { 108 const struct drbg_testvec *vecs; 109 unsigned int count; 110 }; 111 112 struct akcipher_test_suite { 113 const struct akcipher_testvec *vecs; 114 unsigned int count; 115 }; 116 117 struct kpp_test_suite { 118 const struct kpp_testvec *vecs; 119 unsigned int count; 120 }; 121 122 struct alg_test_desc { 123 const char *alg; 124 int (*test)(const struct alg_test_desc *desc, const char *driver, 125 u32 type, u32 mask); 126 int fips_allowed; /* set if alg is allowed in fips mode */ 127 128 union { 129 struct aead_test_suite aead; 130 struct cipher_test_suite cipher; 131 struct comp_test_suite comp; 132 struct hash_test_suite hash; 133 struct cprng_test_suite cprng; 134 struct drbg_test_suite drbg; 135 struct akcipher_test_suite akcipher; 136 struct kpp_test_suite kpp; 137 } suite; 138 }; 139 140 static void hexdump(unsigned char *buf, unsigned int len) 141 { 142 print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET, 143 16, 1, 144 buf, len, false); 145 } 146 147 static int __testmgr_alloc_buf(char *buf[XBUFSIZE], int order) 148 { 149 int i; 150 151 for (i = 0; i < XBUFSIZE; i++) { 152 buf[i] = (char *)__get_free_pages(GFP_KERNEL, order); 153 if (!buf[i]) 154 goto err_free_buf; 155 } 156 157 return 0; 158 159 err_free_buf: 160 while (i-- > 0) 161 free_pages((unsigned long)buf[i], order); 162 163 return -ENOMEM; 164 } 165 166 static int testmgr_alloc_buf(char *buf[XBUFSIZE]) 167 { 168 return __testmgr_alloc_buf(buf, 0); 169 } 170 171 static void __testmgr_free_buf(char *buf[XBUFSIZE], int order) 172 { 173 int i; 174 175 for (i = 0; i < XBUFSIZE; i++) 176 free_pages((unsigned long)buf[i], order); 177 } 178 179 static void testmgr_free_buf(char *buf[XBUFSIZE]) 180 { 181 __testmgr_free_buf(buf, 0); 182 } 183 184 #define TESTMGR_POISON_BYTE 0xfe 185 #define TESTMGR_POISON_LEN 16 186 187 static inline void testmgr_poison(void *addr, size_t len) 188 { 189 memset(addr, TESTMGR_POISON_BYTE, len); 190 } 191 192 /* Is the memory region still fully poisoned? */ 193 static inline bool testmgr_is_poison(const void *addr, size_t len) 194 { 195 return memchr_inv(addr, TESTMGR_POISON_BYTE, len) == NULL; 196 } 197 198 /* flush type for hash algorithms */ 199 enum flush_type { 200 /* merge with update of previous buffer(s) */ 201 FLUSH_TYPE_NONE = 0, 202 203 /* update with previous buffer(s) before doing this one */ 204 FLUSH_TYPE_FLUSH, 205 206 /* likewise, but also export and re-import the intermediate state */ 207 FLUSH_TYPE_REIMPORT, 208 }; 209 210 /* finalization function for hash algorithms */ 211 enum finalization_type { 212 FINALIZATION_TYPE_FINAL, /* use final() */ 213 FINALIZATION_TYPE_FINUP, /* use finup() */ 214 FINALIZATION_TYPE_DIGEST, /* use digest() */ 215 }; 216 217 #define TEST_SG_TOTAL 10000 218 219 /** 220 * struct test_sg_division - description of a scatterlist entry 221 * 222 * This struct describes one entry of a scatterlist being constructed to check a 223 * crypto test vector. 224 * 225 * @proportion_of_total: length of this chunk relative to the total length, 226 * given as a proportion out of TEST_SG_TOTAL so that it 227 * scales to fit any test vector 228 * @offset: byte offset into a 2-page buffer at which this chunk will start 229 * @offset_relative_to_alignmask: if true, add the algorithm's alignmask to the 230 * @offset 231 * @flush_type: for hashes, whether an update() should be done now vs. 232 * continuing to accumulate data 233 */ 234 struct test_sg_division { 235 unsigned int proportion_of_total; 236 unsigned int offset; 237 bool offset_relative_to_alignmask; 238 enum flush_type flush_type; 239 }; 240 241 /** 242 * struct testvec_config - configuration for testing a crypto test vector 243 * 244 * This struct describes the data layout and other parameters with which each 245 * crypto test vector can be tested. 246 * 247 * @name: name of this config, logged for debugging purposes if a test fails 248 * @inplace: operate on the data in-place, if applicable for the algorithm type? 249 * @req_flags: extra request_flags, e.g. CRYPTO_TFM_REQ_MAY_SLEEP 250 * @src_divs: description of how to arrange the source scatterlist 251 * @dst_divs: description of how to arrange the dst scatterlist, if applicable 252 * for the algorithm type. Defaults to @src_divs if unset. 253 * @iv_offset: misalignment of the IV in the range [0..MAX_ALGAPI_ALIGNMASK+1], 254 * where 0 is aligned to a 2*(MAX_ALGAPI_ALIGNMASK+1) byte boundary 255 * @iv_offset_relative_to_alignmask: if true, add the algorithm's alignmask to 256 * the @iv_offset 257 * @finalization_type: what finalization function to use for hashes 258 */ 259 struct testvec_config { 260 const char *name; 261 bool inplace; 262 u32 req_flags; 263 struct test_sg_division src_divs[XBUFSIZE]; 264 struct test_sg_division dst_divs[XBUFSIZE]; 265 unsigned int iv_offset; 266 bool iv_offset_relative_to_alignmask; 267 enum finalization_type finalization_type; 268 }; 269 270 #define TESTVEC_CONFIG_NAMELEN 192 271 272 /* 273 * The following are the lists of testvec_configs to test for each algorithm 274 * type when the basic crypto self-tests are enabled, i.e. when 275 * CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is unset. They aim to provide good test 276 * coverage, while keeping the test time much shorter than the full fuzz tests 277 * so that the basic tests can be enabled in a wider range of circumstances. 278 */ 279 280 /* Configs for skciphers and aeads */ 281 static const struct testvec_config default_cipher_testvec_configs[] = { 282 { 283 .name = "in-place", 284 .inplace = true, 285 .src_divs = { { .proportion_of_total = 10000 } }, 286 }, { 287 .name = "out-of-place", 288 .src_divs = { { .proportion_of_total = 10000 } }, 289 }, { 290 .name = "unaligned buffer, offset=1", 291 .src_divs = { { .proportion_of_total = 10000, .offset = 1 } }, 292 .iv_offset = 1, 293 }, { 294 .name = "buffer aligned only to alignmask", 295 .src_divs = { 296 { 297 .proportion_of_total = 10000, 298 .offset = 1, 299 .offset_relative_to_alignmask = true, 300 }, 301 }, 302 .iv_offset = 1, 303 .iv_offset_relative_to_alignmask = true, 304 }, { 305 .name = "two even aligned splits", 306 .src_divs = { 307 { .proportion_of_total = 5000 }, 308 { .proportion_of_total = 5000 }, 309 }, 310 }, { 311 .name = "uneven misaligned splits, may sleep", 312 .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP, 313 .src_divs = { 314 { .proportion_of_total = 1900, .offset = 33 }, 315 { .proportion_of_total = 3300, .offset = 7 }, 316 { .proportion_of_total = 4800, .offset = 18 }, 317 }, 318 .iv_offset = 3, 319 }, { 320 .name = "misaligned splits crossing pages, inplace", 321 .inplace = true, 322 .src_divs = { 323 { 324 .proportion_of_total = 7500, 325 .offset = PAGE_SIZE - 32 326 }, { 327 .proportion_of_total = 2500, 328 .offset = PAGE_SIZE - 7 329 }, 330 }, 331 } 332 }; 333 334 static const struct testvec_config default_hash_testvec_configs[] = { 335 { 336 .name = "init+update+final aligned buffer", 337 .src_divs = { { .proportion_of_total = 10000 } }, 338 .finalization_type = FINALIZATION_TYPE_FINAL, 339 }, { 340 .name = "init+finup aligned buffer", 341 .src_divs = { { .proportion_of_total = 10000 } }, 342 .finalization_type = FINALIZATION_TYPE_FINUP, 343 }, { 344 .name = "digest aligned buffer", 345 .src_divs = { { .proportion_of_total = 10000 } }, 346 .finalization_type = FINALIZATION_TYPE_DIGEST, 347 }, { 348 .name = "init+update+final misaligned buffer", 349 .src_divs = { { .proportion_of_total = 10000, .offset = 1 } }, 350 .finalization_type = FINALIZATION_TYPE_FINAL, 351 }, { 352 .name = "digest buffer aligned only to alignmask", 353 .src_divs = { 354 { 355 .proportion_of_total = 10000, 356 .offset = 1, 357 .offset_relative_to_alignmask = true, 358 }, 359 }, 360 .finalization_type = FINALIZATION_TYPE_DIGEST, 361 }, { 362 .name = "init+update+update+final two even splits", 363 .src_divs = { 364 { .proportion_of_total = 5000 }, 365 { 366 .proportion_of_total = 5000, 367 .flush_type = FLUSH_TYPE_FLUSH, 368 }, 369 }, 370 .finalization_type = FINALIZATION_TYPE_FINAL, 371 }, { 372 .name = "digest uneven misaligned splits, may sleep", 373 .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP, 374 .src_divs = { 375 { .proportion_of_total = 1900, .offset = 33 }, 376 { .proportion_of_total = 3300, .offset = 7 }, 377 { .proportion_of_total = 4800, .offset = 18 }, 378 }, 379 .finalization_type = FINALIZATION_TYPE_DIGEST, 380 }, { 381 .name = "digest misaligned splits crossing pages", 382 .src_divs = { 383 { 384 .proportion_of_total = 7500, 385 .offset = PAGE_SIZE - 32, 386 }, { 387 .proportion_of_total = 2500, 388 .offset = PAGE_SIZE - 7, 389 }, 390 }, 391 .finalization_type = FINALIZATION_TYPE_DIGEST, 392 }, { 393 .name = "import/export", 394 .src_divs = { 395 { 396 .proportion_of_total = 6500, 397 .flush_type = FLUSH_TYPE_REIMPORT, 398 }, { 399 .proportion_of_total = 3500, 400 .flush_type = FLUSH_TYPE_REIMPORT, 401 }, 402 }, 403 .finalization_type = FINALIZATION_TYPE_FINAL, 404 } 405 }; 406 407 static unsigned int count_test_sg_divisions(const struct test_sg_division *divs) 408 { 409 unsigned int remaining = TEST_SG_TOTAL; 410 unsigned int ndivs = 0; 411 412 do { 413 remaining -= divs[ndivs++].proportion_of_total; 414 } while (remaining); 415 416 return ndivs; 417 } 418 419 static bool valid_sg_divisions(const struct test_sg_division *divs, 420 unsigned int count, bool *any_flushes_ret) 421 { 422 unsigned int total = 0; 423 unsigned int i; 424 425 for (i = 0; i < count && total != TEST_SG_TOTAL; i++) { 426 if (divs[i].proportion_of_total <= 0 || 427 divs[i].proportion_of_total > TEST_SG_TOTAL - total) 428 return false; 429 total += divs[i].proportion_of_total; 430 if (divs[i].flush_type != FLUSH_TYPE_NONE) 431 *any_flushes_ret = true; 432 } 433 return total == TEST_SG_TOTAL && 434 memchr_inv(&divs[i], 0, (count - i) * sizeof(divs[0])) == NULL; 435 } 436 437 /* 438 * Check whether the given testvec_config is valid. This isn't strictly needed 439 * since every testvec_config should be valid, but check anyway so that people 440 * don't unknowingly add broken configs that don't do what they wanted. 441 */ 442 static bool valid_testvec_config(const struct testvec_config *cfg) 443 { 444 bool any_flushes = false; 445 446 if (cfg->name == NULL) 447 return false; 448 449 if (!valid_sg_divisions(cfg->src_divs, ARRAY_SIZE(cfg->src_divs), 450 &any_flushes)) 451 return false; 452 453 if (cfg->dst_divs[0].proportion_of_total) { 454 if (!valid_sg_divisions(cfg->dst_divs, 455 ARRAY_SIZE(cfg->dst_divs), 456 &any_flushes)) 457 return false; 458 } else { 459 if (memchr_inv(cfg->dst_divs, 0, sizeof(cfg->dst_divs))) 460 return false; 461 /* defaults to dst_divs=src_divs */ 462 } 463 464 if (cfg->iv_offset + 465 (cfg->iv_offset_relative_to_alignmask ? MAX_ALGAPI_ALIGNMASK : 0) > 466 MAX_ALGAPI_ALIGNMASK + 1) 467 return false; 468 469 if (any_flushes && cfg->finalization_type == FINALIZATION_TYPE_DIGEST) 470 return false; 471 472 return true; 473 } 474 475 struct test_sglist { 476 char *bufs[XBUFSIZE]; 477 struct scatterlist sgl[XBUFSIZE]; 478 struct scatterlist sgl_saved[XBUFSIZE]; 479 struct scatterlist *sgl_ptr; 480 unsigned int nents; 481 }; 482 483 static int init_test_sglist(struct test_sglist *tsgl) 484 { 485 return __testmgr_alloc_buf(tsgl->bufs, 1 /* two pages per buffer */); 486 } 487 488 static void destroy_test_sglist(struct test_sglist *tsgl) 489 { 490 return __testmgr_free_buf(tsgl->bufs, 1 /* two pages per buffer */); 491 } 492 493 /** 494 * build_test_sglist() - build a scatterlist for a crypto test 495 * 496 * @tsgl: the scatterlist to build. @tsgl->bufs[] contains an array of 2-page 497 * buffers which the scatterlist @tsgl->sgl[] will be made to point into. 498 * @divs: the layout specification on which the scatterlist will be based 499 * @alignmask: the algorithm's alignmask 500 * @total_len: the total length of the scatterlist to build in bytes 501 * @data: if non-NULL, the buffers will be filled with this data until it ends. 502 * Otherwise the buffers will be poisoned. In both cases, some bytes 503 * past the end of each buffer will be poisoned to help detect overruns. 504 * @out_divs: if non-NULL, the test_sg_division to which each scatterlist entry 505 * corresponds will be returned here. This will match @divs except 506 * that divisions resolving to a length of 0 are omitted as they are 507 * not included in the scatterlist. 508 * 509 * Return: 0 or a -errno value 510 */ 511 static int build_test_sglist(struct test_sglist *tsgl, 512 const struct test_sg_division *divs, 513 const unsigned int alignmask, 514 const unsigned int total_len, 515 struct iov_iter *data, 516 const struct test_sg_division *out_divs[XBUFSIZE]) 517 { 518 struct { 519 const struct test_sg_division *div; 520 size_t length; 521 } partitions[XBUFSIZE]; 522 const unsigned int ndivs = count_test_sg_divisions(divs); 523 unsigned int len_remaining = total_len; 524 unsigned int i; 525 526 BUILD_BUG_ON(ARRAY_SIZE(partitions) != ARRAY_SIZE(tsgl->sgl)); 527 if (WARN_ON(ndivs > ARRAY_SIZE(partitions))) 528 return -EINVAL; 529 530 /* Calculate the (div, length) pairs */ 531 tsgl->nents = 0; 532 for (i = 0; i < ndivs; i++) { 533 unsigned int len_this_sg = 534 min(len_remaining, 535 (total_len * divs[i].proportion_of_total + 536 TEST_SG_TOTAL / 2) / TEST_SG_TOTAL); 537 538 if (len_this_sg != 0) { 539 partitions[tsgl->nents].div = &divs[i]; 540 partitions[tsgl->nents].length = len_this_sg; 541 tsgl->nents++; 542 len_remaining -= len_this_sg; 543 } 544 } 545 if (tsgl->nents == 0) { 546 partitions[tsgl->nents].div = &divs[0]; 547 partitions[tsgl->nents].length = 0; 548 tsgl->nents++; 549 } 550 partitions[tsgl->nents - 1].length += len_remaining; 551 552 /* Set up the sgl entries and fill the data or poison */ 553 sg_init_table(tsgl->sgl, tsgl->nents); 554 for (i = 0; i < tsgl->nents; i++) { 555 unsigned int offset = partitions[i].div->offset; 556 void *addr; 557 558 if (partitions[i].div->offset_relative_to_alignmask) 559 offset += alignmask; 560 561 while (offset + partitions[i].length + TESTMGR_POISON_LEN > 562 2 * PAGE_SIZE) { 563 if (WARN_ON(offset <= 0)) 564 return -EINVAL; 565 offset /= 2; 566 } 567 568 addr = &tsgl->bufs[i][offset]; 569 sg_set_buf(&tsgl->sgl[i], addr, partitions[i].length); 570 571 if (out_divs) 572 out_divs[i] = partitions[i].div; 573 574 if (data) { 575 size_t copy_len, copied; 576 577 copy_len = min(partitions[i].length, data->count); 578 copied = copy_from_iter(addr, copy_len, data); 579 if (WARN_ON(copied != copy_len)) 580 return -EINVAL; 581 testmgr_poison(addr + copy_len, partitions[i].length + 582 TESTMGR_POISON_LEN - copy_len); 583 } else { 584 testmgr_poison(addr, partitions[i].length + 585 TESTMGR_POISON_LEN); 586 } 587 } 588 589 sg_mark_end(&tsgl->sgl[tsgl->nents - 1]); 590 tsgl->sgl_ptr = tsgl->sgl; 591 memcpy(tsgl->sgl_saved, tsgl->sgl, tsgl->nents * sizeof(tsgl->sgl[0])); 592 return 0; 593 } 594 595 /* 596 * Verify that a scatterlist crypto operation produced the correct output. 597 * 598 * @tsgl: scatterlist containing the actual output 599 * @expected_output: buffer containing the expected output 600 * @len_to_check: length of @expected_output in bytes 601 * @unchecked_prefix_len: number of ignored bytes in @tsgl prior to real result 602 * @check_poison: verify that the poison bytes after each chunk are intact? 603 * 604 * Return: 0 if correct, -EINVAL if incorrect, -EOVERFLOW if buffer overrun. 605 */ 606 static int verify_correct_output(const struct test_sglist *tsgl, 607 const char *expected_output, 608 unsigned int len_to_check, 609 unsigned int unchecked_prefix_len, 610 bool check_poison) 611 { 612 unsigned int i; 613 614 for (i = 0; i < tsgl->nents; i++) { 615 struct scatterlist *sg = &tsgl->sgl_ptr[i]; 616 unsigned int len = sg->length; 617 unsigned int offset = sg->offset; 618 const char *actual_output; 619 620 if (unchecked_prefix_len) { 621 if (unchecked_prefix_len >= len) { 622 unchecked_prefix_len -= len; 623 continue; 624 } 625 offset += unchecked_prefix_len; 626 len -= unchecked_prefix_len; 627 unchecked_prefix_len = 0; 628 } 629 len = min(len, len_to_check); 630 actual_output = page_address(sg_page(sg)) + offset; 631 if (memcmp(expected_output, actual_output, len) != 0) 632 return -EINVAL; 633 if (check_poison && 634 !testmgr_is_poison(actual_output + len, TESTMGR_POISON_LEN)) 635 return -EOVERFLOW; 636 len_to_check -= len; 637 expected_output += len; 638 } 639 if (WARN_ON(len_to_check != 0)) 640 return -EINVAL; 641 return 0; 642 } 643 644 static bool is_test_sglist_corrupted(const struct test_sglist *tsgl) 645 { 646 unsigned int i; 647 648 for (i = 0; i < tsgl->nents; i++) { 649 if (tsgl->sgl[i].page_link != tsgl->sgl_saved[i].page_link) 650 return true; 651 if (tsgl->sgl[i].offset != tsgl->sgl_saved[i].offset) 652 return true; 653 if (tsgl->sgl[i].length != tsgl->sgl_saved[i].length) 654 return true; 655 } 656 return false; 657 } 658 659 struct cipher_test_sglists { 660 struct test_sglist src; 661 struct test_sglist dst; 662 }; 663 664 static struct cipher_test_sglists *alloc_cipher_test_sglists(void) 665 { 666 struct cipher_test_sglists *tsgls; 667 668 tsgls = kmalloc(sizeof(*tsgls), GFP_KERNEL); 669 if (!tsgls) 670 return NULL; 671 672 if (init_test_sglist(&tsgls->src) != 0) 673 goto fail_kfree; 674 if (init_test_sglist(&tsgls->dst) != 0) 675 goto fail_destroy_src; 676 677 return tsgls; 678 679 fail_destroy_src: 680 destroy_test_sglist(&tsgls->src); 681 fail_kfree: 682 kfree(tsgls); 683 return NULL; 684 } 685 686 static void free_cipher_test_sglists(struct cipher_test_sglists *tsgls) 687 { 688 if (tsgls) { 689 destroy_test_sglist(&tsgls->src); 690 destroy_test_sglist(&tsgls->dst); 691 kfree(tsgls); 692 } 693 } 694 695 /* Build the src and dst scatterlists for an skcipher or AEAD test */ 696 static int build_cipher_test_sglists(struct cipher_test_sglists *tsgls, 697 const struct testvec_config *cfg, 698 unsigned int alignmask, 699 unsigned int src_total_len, 700 unsigned int dst_total_len, 701 const struct kvec *inputs, 702 unsigned int nr_inputs) 703 { 704 struct iov_iter input; 705 int err; 706 707 iov_iter_kvec(&input, WRITE, inputs, nr_inputs, src_total_len); 708 err = build_test_sglist(&tsgls->src, cfg->src_divs, alignmask, 709 cfg->inplace ? 710 max(dst_total_len, src_total_len) : 711 src_total_len, 712 &input, NULL); 713 if (err) 714 return err; 715 716 if (cfg->inplace) { 717 tsgls->dst.sgl_ptr = tsgls->src.sgl; 718 tsgls->dst.nents = tsgls->src.nents; 719 return 0; 720 } 721 return build_test_sglist(&tsgls->dst, 722 cfg->dst_divs[0].proportion_of_total ? 723 cfg->dst_divs : cfg->src_divs, 724 alignmask, dst_total_len, NULL, NULL); 725 } 726 727 #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS 728 static char *generate_random_sgl_divisions(struct test_sg_division *divs, 729 size_t max_divs, char *p, char *end, 730 bool gen_flushes) 731 { 732 struct test_sg_division *div = divs; 733 unsigned int remaining = TEST_SG_TOTAL; 734 735 do { 736 unsigned int this_len; 737 738 if (div == &divs[max_divs - 1] || prandom_u32() % 2 == 0) 739 this_len = remaining; 740 else 741 this_len = 1 + (prandom_u32() % remaining); 742 div->proportion_of_total = this_len; 743 744 if (prandom_u32() % 4 == 0) 745 div->offset = (PAGE_SIZE - 128) + (prandom_u32() % 128); 746 else if (prandom_u32() % 2 == 0) 747 div->offset = prandom_u32() % 32; 748 else 749 div->offset = prandom_u32() % PAGE_SIZE; 750 if (prandom_u32() % 8 == 0) 751 div->offset_relative_to_alignmask = true; 752 753 div->flush_type = FLUSH_TYPE_NONE; 754 if (gen_flushes) { 755 switch (prandom_u32() % 4) { 756 case 0: 757 div->flush_type = FLUSH_TYPE_REIMPORT; 758 break; 759 case 1: 760 div->flush_type = FLUSH_TYPE_FLUSH; 761 break; 762 } 763 } 764 765 BUILD_BUG_ON(TEST_SG_TOTAL != 10000); /* for "%u.%u%%" */ 766 p += scnprintf(p, end - p, "%s%u.%u%%@%s+%u%s", 767 div->flush_type == FLUSH_TYPE_NONE ? "" : 768 div->flush_type == FLUSH_TYPE_FLUSH ? 769 "<flush> " : "<reimport> ", 770 this_len / 100, this_len % 100, 771 div->offset_relative_to_alignmask ? 772 "alignmask" : "", 773 div->offset, this_len == remaining ? "" : ", "); 774 remaining -= this_len; 775 div++; 776 } while (remaining); 777 778 return p; 779 } 780 781 /* Generate a random testvec_config for fuzz testing */ 782 static void generate_random_testvec_config(struct testvec_config *cfg, 783 char *name, size_t max_namelen) 784 { 785 char *p = name; 786 char * const end = name + max_namelen; 787 788 memset(cfg, 0, sizeof(*cfg)); 789 790 cfg->name = name; 791 792 p += scnprintf(p, end - p, "random:"); 793 794 if (prandom_u32() % 2 == 0) { 795 cfg->inplace = true; 796 p += scnprintf(p, end - p, " inplace"); 797 } 798 799 if (prandom_u32() % 2 == 0) { 800 cfg->req_flags |= CRYPTO_TFM_REQ_MAY_SLEEP; 801 p += scnprintf(p, end - p, " may_sleep"); 802 } 803 804 switch (prandom_u32() % 4) { 805 case 0: 806 cfg->finalization_type = FINALIZATION_TYPE_FINAL; 807 p += scnprintf(p, end - p, " use_final"); 808 break; 809 case 1: 810 cfg->finalization_type = FINALIZATION_TYPE_FINUP; 811 p += scnprintf(p, end - p, " use_finup"); 812 break; 813 default: 814 cfg->finalization_type = FINALIZATION_TYPE_DIGEST; 815 p += scnprintf(p, end - p, " use_digest"); 816 break; 817 } 818 819 p += scnprintf(p, end - p, " src_divs=["); 820 p = generate_random_sgl_divisions(cfg->src_divs, 821 ARRAY_SIZE(cfg->src_divs), p, end, 822 (cfg->finalization_type != 823 FINALIZATION_TYPE_DIGEST)); 824 p += scnprintf(p, end - p, "]"); 825 826 if (!cfg->inplace && prandom_u32() % 2 == 0) { 827 p += scnprintf(p, end - p, " dst_divs=["); 828 p = generate_random_sgl_divisions(cfg->dst_divs, 829 ARRAY_SIZE(cfg->dst_divs), 830 p, end, false); 831 p += scnprintf(p, end - p, "]"); 832 } 833 834 if (prandom_u32() % 2 == 0) { 835 cfg->iv_offset = 1 + (prandom_u32() % MAX_ALGAPI_ALIGNMASK); 836 p += scnprintf(p, end - p, " iv_offset=%u", cfg->iv_offset); 837 } 838 839 WARN_ON_ONCE(!valid_testvec_config(cfg)); 840 } 841 #endif /* CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */ 842 843 static int check_nonfinal_hash_op(const char *op, int err, 844 u8 *result, unsigned int digestsize, 845 const char *driver, unsigned int vec_num, 846 const struct testvec_config *cfg) 847 { 848 if (err) { 849 pr_err("alg: hash: %s %s() failed with err %d on test vector %u, cfg=\"%s\"\n", 850 driver, op, err, vec_num, cfg->name); 851 return err; 852 } 853 if (!testmgr_is_poison(result, digestsize)) { 854 pr_err("alg: hash: %s %s() used result buffer on test vector %u, cfg=\"%s\"\n", 855 driver, op, vec_num, cfg->name); 856 return -EINVAL; 857 } 858 return 0; 859 } 860 861 static int test_hash_vec_cfg(const char *driver, 862 const struct hash_testvec *vec, 863 unsigned int vec_num, 864 const struct testvec_config *cfg, 865 struct ahash_request *req, 866 struct test_sglist *tsgl, 867 u8 *hashstate) 868 { 869 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); 870 const unsigned int alignmask = crypto_ahash_alignmask(tfm); 871 const unsigned int digestsize = crypto_ahash_digestsize(tfm); 872 const unsigned int statesize = crypto_ahash_statesize(tfm); 873 const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; 874 const struct test_sg_division *divs[XBUFSIZE]; 875 DECLARE_CRYPTO_WAIT(wait); 876 struct kvec _input; 877 struct iov_iter input; 878 unsigned int i; 879 struct scatterlist *pending_sgl; 880 unsigned int pending_len; 881 u8 result[HASH_MAX_DIGESTSIZE + TESTMGR_POISON_LEN]; 882 int err; 883 884 /* Set the key, if specified */ 885 if (vec->ksize) { 886 err = crypto_ahash_setkey(tfm, vec->key, vec->ksize); 887 if (err) { 888 pr_err("alg: hash: %s setkey failed with err %d on test vector %u; flags=%#x\n", 889 driver, err, vec_num, 890 crypto_ahash_get_flags(tfm)); 891 return err; 892 } 893 } 894 895 /* Build the scatterlist for the source data */ 896 _input.iov_base = (void *)vec->plaintext; 897 _input.iov_len = vec->psize; 898 iov_iter_kvec(&input, WRITE, &_input, 1, vec->psize); 899 err = build_test_sglist(tsgl, cfg->src_divs, alignmask, vec->psize, 900 &input, divs); 901 if (err) { 902 pr_err("alg: hash: %s: error preparing scatterlist for test vector %u, cfg=\"%s\"\n", 903 driver, vec_num, cfg->name); 904 return err; 905 } 906 907 /* Do the actual hashing */ 908 909 testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm)); 910 testmgr_poison(result, digestsize + TESTMGR_POISON_LEN); 911 912 if (cfg->finalization_type == FINALIZATION_TYPE_DIGEST) { 913 /* Just using digest() */ 914 ahash_request_set_callback(req, req_flags, crypto_req_done, 915 &wait); 916 ahash_request_set_crypt(req, tsgl->sgl, result, vec->psize); 917 err = crypto_wait_req(crypto_ahash_digest(req), &wait); 918 if (err) { 919 pr_err("alg: hash: %s digest() failed with err %d on test vector %u, cfg=\"%s\"\n", 920 driver, err, vec_num, cfg->name); 921 return err; 922 } 923 goto result_ready; 924 } 925 926 /* Using init(), zero or more update(), then final() or finup() */ 927 928 ahash_request_set_callback(req, req_flags, crypto_req_done, &wait); 929 ahash_request_set_crypt(req, NULL, result, 0); 930 err = crypto_wait_req(crypto_ahash_init(req), &wait); 931 err = check_nonfinal_hash_op("init", err, result, digestsize, 932 driver, vec_num, cfg); 933 if (err) 934 return err; 935 936 pending_sgl = NULL; 937 pending_len = 0; 938 for (i = 0; i < tsgl->nents; i++) { 939 if (divs[i]->flush_type != FLUSH_TYPE_NONE && 940 pending_sgl != NULL) { 941 /* update() with the pending data */ 942 ahash_request_set_callback(req, req_flags, 943 crypto_req_done, &wait); 944 ahash_request_set_crypt(req, pending_sgl, result, 945 pending_len); 946 err = crypto_wait_req(crypto_ahash_update(req), &wait); 947 err = check_nonfinal_hash_op("update", err, 948 result, digestsize, 949 driver, vec_num, cfg); 950 if (err) 951 return err; 952 pending_sgl = NULL; 953 pending_len = 0; 954 } 955 if (divs[i]->flush_type == FLUSH_TYPE_REIMPORT) { 956 /* Test ->export() and ->import() */ 957 testmgr_poison(hashstate + statesize, 958 TESTMGR_POISON_LEN); 959 err = crypto_ahash_export(req, hashstate); 960 err = check_nonfinal_hash_op("export", err, 961 result, digestsize, 962 driver, vec_num, cfg); 963 if (err) 964 return err; 965 if (!testmgr_is_poison(hashstate + statesize, 966 TESTMGR_POISON_LEN)) { 967 pr_err("alg: hash: %s export() overran state buffer on test vector %u, cfg=\"%s\"\n", 968 driver, vec_num, cfg->name); 969 return -EOVERFLOW; 970 } 971 972 testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm)); 973 err = crypto_ahash_import(req, hashstate); 974 err = check_nonfinal_hash_op("import", err, 975 result, digestsize, 976 driver, vec_num, cfg); 977 if (err) 978 return err; 979 } 980 if (pending_sgl == NULL) 981 pending_sgl = &tsgl->sgl[i]; 982 pending_len += tsgl->sgl[i].length; 983 } 984 985 ahash_request_set_callback(req, req_flags, crypto_req_done, &wait); 986 ahash_request_set_crypt(req, pending_sgl, result, pending_len); 987 if (cfg->finalization_type == FINALIZATION_TYPE_FINAL) { 988 /* finish with update() and final() */ 989 err = crypto_wait_req(crypto_ahash_update(req), &wait); 990 err = check_nonfinal_hash_op("update", err, result, digestsize, 991 driver, vec_num, cfg); 992 if (err) 993 return err; 994 err = crypto_wait_req(crypto_ahash_final(req), &wait); 995 if (err) { 996 pr_err("alg: hash: %s final() failed with err %d on test vector %u, cfg=\"%s\"\n", 997 driver, err, vec_num, cfg->name); 998 return err; 999 } 1000 } else { 1001 /* finish with finup() */ 1002 err = crypto_wait_req(crypto_ahash_finup(req), &wait); 1003 if (err) { 1004 pr_err("alg: hash: %s finup() failed with err %d on test vector %u, cfg=\"%s\"\n", 1005 driver, err, vec_num, cfg->name); 1006 return err; 1007 } 1008 } 1009 1010 result_ready: 1011 /* Check that the algorithm produced the correct digest */ 1012 if (memcmp(result, vec->digest, digestsize) != 0) { 1013 pr_err("alg: hash: %s test failed (wrong result) on test vector %u, cfg=\"%s\"\n", 1014 driver, vec_num, cfg->name); 1015 return -EINVAL; 1016 } 1017 if (!testmgr_is_poison(&result[digestsize], TESTMGR_POISON_LEN)) { 1018 pr_err("alg: hash: %s overran result buffer on test vector %u, cfg=\"%s\"\n", 1019 driver, vec_num, cfg->name); 1020 return -EOVERFLOW; 1021 } 1022 1023 return 0; 1024 } 1025 1026 static int test_hash_vec(const char *driver, const struct hash_testvec *vec, 1027 unsigned int vec_num, struct ahash_request *req, 1028 struct test_sglist *tsgl, u8 *hashstate) 1029 { 1030 unsigned int i; 1031 int err; 1032 1033 for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++) { 1034 err = test_hash_vec_cfg(driver, vec, vec_num, 1035 &default_hash_testvec_configs[i], 1036 req, tsgl, hashstate); 1037 if (err) 1038 return err; 1039 } 1040 1041 #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS 1042 if (!noextratests) { 1043 struct testvec_config cfg; 1044 char cfgname[TESTVEC_CONFIG_NAMELEN]; 1045 1046 for (i = 0; i < fuzz_iterations; i++) { 1047 generate_random_testvec_config(&cfg, cfgname, 1048 sizeof(cfgname)); 1049 err = test_hash_vec_cfg(driver, vec, vec_num, &cfg, 1050 req, tsgl, hashstate); 1051 if (err) 1052 return err; 1053 } 1054 } 1055 #endif 1056 return 0; 1057 } 1058 1059 static int __alg_test_hash(const struct hash_testvec *vecs, 1060 unsigned int num_vecs, const char *driver, 1061 u32 type, u32 mask) 1062 { 1063 struct crypto_ahash *tfm; 1064 struct ahash_request *req = NULL; 1065 struct test_sglist *tsgl = NULL; 1066 u8 *hashstate = NULL; 1067 unsigned int i; 1068 int err; 1069 1070 tfm = crypto_alloc_ahash(driver, type, mask); 1071 if (IS_ERR(tfm)) { 1072 pr_err("alg: hash: failed to allocate transform for %s: %ld\n", 1073 driver, PTR_ERR(tfm)); 1074 return PTR_ERR(tfm); 1075 } 1076 1077 req = ahash_request_alloc(tfm, GFP_KERNEL); 1078 if (!req) { 1079 pr_err("alg: hash: failed to allocate request for %s\n", 1080 driver); 1081 err = -ENOMEM; 1082 goto out; 1083 } 1084 1085 tsgl = kmalloc(sizeof(*tsgl), GFP_KERNEL); 1086 if (!tsgl || init_test_sglist(tsgl) != 0) { 1087 pr_err("alg: hash: failed to allocate test buffers for %s\n", 1088 driver); 1089 kfree(tsgl); 1090 tsgl = NULL; 1091 err = -ENOMEM; 1092 goto out; 1093 } 1094 1095 hashstate = kmalloc(crypto_ahash_statesize(tfm) + TESTMGR_POISON_LEN, 1096 GFP_KERNEL); 1097 if (!hashstate) { 1098 pr_err("alg: hash: failed to allocate hash state buffer for %s\n", 1099 driver); 1100 err = -ENOMEM; 1101 goto out; 1102 } 1103 1104 for (i = 0; i < num_vecs; i++) { 1105 err = test_hash_vec(driver, &vecs[i], i, req, tsgl, hashstate); 1106 if (err) 1107 goto out; 1108 } 1109 err = 0; 1110 out: 1111 kfree(hashstate); 1112 if (tsgl) { 1113 destroy_test_sglist(tsgl); 1114 kfree(tsgl); 1115 } 1116 ahash_request_free(req); 1117 crypto_free_ahash(tfm); 1118 return err; 1119 } 1120 1121 static int alg_test_hash(const struct alg_test_desc *desc, const char *driver, 1122 u32 type, u32 mask) 1123 { 1124 const struct hash_testvec *template = desc->suite.hash.vecs; 1125 unsigned int tcount = desc->suite.hash.count; 1126 unsigned int nr_unkeyed, nr_keyed; 1127 int err; 1128 1129 /* 1130 * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests 1131 * first, before setting a key on the tfm. To make this easier, we 1132 * require that the unkeyed test vectors (if any) are listed first. 1133 */ 1134 1135 for (nr_unkeyed = 0; nr_unkeyed < tcount; nr_unkeyed++) { 1136 if (template[nr_unkeyed].ksize) 1137 break; 1138 } 1139 for (nr_keyed = 0; nr_unkeyed + nr_keyed < tcount; nr_keyed++) { 1140 if (!template[nr_unkeyed + nr_keyed].ksize) { 1141 pr_err("alg: hash: test vectors for %s out of order, " 1142 "unkeyed ones must come first\n", desc->alg); 1143 return -EINVAL; 1144 } 1145 } 1146 1147 err = 0; 1148 if (nr_unkeyed) { 1149 err = __alg_test_hash(template, nr_unkeyed, driver, type, mask); 1150 template += nr_unkeyed; 1151 } 1152 1153 if (!err && nr_keyed) 1154 err = __alg_test_hash(template, nr_keyed, driver, type, mask); 1155 1156 return err; 1157 } 1158 1159 static int test_aead_vec_cfg(const char *driver, int enc, 1160 const struct aead_testvec *vec, 1161 unsigned int vec_num, 1162 const struct testvec_config *cfg, 1163 struct aead_request *req, 1164 struct cipher_test_sglists *tsgls) 1165 { 1166 struct crypto_aead *tfm = crypto_aead_reqtfm(req); 1167 const unsigned int alignmask = crypto_aead_alignmask(tfm); 1168 const unsigned int ivsize = crypto_aead_ivsize(tfm); 1169 const unsigned int authsize = vec->clen - vec->plen; 1170 const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; 1171 const char *op = enc ? "encryption" : "decryption"; 1172 DECLARE_CRYPTO_WAIT(wait); 1173 u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN]; 1174 u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) + 1175 cfg->iv_offset + 1176 (cfg->iv_offset_relative_to_alignmask ? alignmask : 0); 1177 struct kvec input[2]; 1178 int err; 1179 1180 /* Set the key */ 1181 if (vec->wk) 1182 crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); 1183 else 1184 crypto_aead_clear_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); 1185 err = crypto_aead_setkey(tfm, vec->key, vec->klen); 1186 if (err) { 1187 if (vec->fail) /* expectedly failed to set key? */ 1188 return 0; 1189 pr_err("alg: aead: %s setkey failed with err %d on test vector %u; flags=%#x\n", 1190 driver, err, vec_num, crypto_aead_get_flags(tfm)); 1191 return err; 1192 } 1193 if (vec->fail) { 1194 pr_err("alg: aead: %s setkey unexpectedly succeeded on test vector %u\n", 1195 driver, vec_num); 1196 return -EINVAL; 1197 } 1198 1199 /* Set the authentication tag size */ 1200 err = crypto_aead_setauthsize(tfm, authsize); 1201 if (err) { 1202 pr_err("alg: aead: %s setauthsize failed with err %d on test vector %u\n", 1203 driver, err, vec_num); 1204 return err; 1205 } 1206 1207 /* The IV must be copied to a buffer, as the algorithm may modify it */ 1208 if (WARN_ON(ivsize > MAX_IVLEN)) 1209 return -EINVAL; 1210 if (vec->iv) 1211 memcpy(iv, vec->iv, ivsize); 1212 else 1213 memset(iv, 0, ivsize); 1214 1215 /* Build the src/dst scatterlists */ 1216 input[0].iov_base = (void *)vec->assoc; 1217 input[0].iov_len = vec->alen; 1218 input[1].iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext; 1219 input[1].iov_len = enc ? vec->plen : vec->clen; 1220 err = build_cipher_test_sglists(tsgls, cfg, alignmask, 1221 vec->alen + (enc ? vec->plen : 1222 vec->clen), 1223 vec->alen + (enc ? vec->clen : 1224 vec->plen), 1225 input, 2); 1226 if (err) { 1227 pr_err("alg: aead: %s %s: error preparing scatterlists for test vector %u, cfg=\"%s\"\n", 1228 driver, op, vec_num, cfg->name); 1229 return err; 1230 } 1231 1232 /* Do the actual encryption or decryption */ 1233 testmgr_poison(req->__ctx, crypto_aead_reqsize(tfm)); 1234 aead_request_set_callback(req, req_flags, crypto_req_done, &wait); 1235 aead_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr, 1236 enc ? vec->plen : vec->clen, iv); 1237 aead_request_set_ad(req, vec->alen); 1238 err = crypto_wait_req(enc ? crypto_aead_encrypt(req) : 1239 crypto_aead_decrypt(req), &wait); 1240 1241 aead_request_set_tfm(req, tfm); /* TODO: get rid of this */ 1242 1243 if (err) { 1244 if (err == -EBADMSG && vec->novrfy) 1245 return 0; 1246 pr_err("alg: aead: %s %s failed with err %d on test vector %u, cfg=\"%s\"\n", 1247 driver, op, err, vec_num, cfg->name); 1248 return err; 1249 } 1250 if (vec->novrfy) { 1251 pr_err("alg: aead: %s %s unexpectedly succeeded on test vector %u, cfg=\"%s\"\n", 1252 driver, op, vec_num, cfg->name); 1253 return -EINVAL; 1254 } 1255 1256 /* Check for the correct output (ciphertext or plaintext) */ 1257 err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, 1258 enc ? vec->clen : vec->plen, 1259 vec->alen, enc || !cfg->inplace); 1260 if (err == -EOVERFLOW) { 1261 pr_err("alg: aead: %s %s overran dst buffer on test vector %u, cfg=\"%s\"\n", 1262 driver, op, vec_num, cfg->name); 1263 return err; 1264 } 1265 if (err) { 1266 pr_err("alg: aead: %s %s test failed (wrong result) on test vector %u, cfg=\"%s\"\n", 1267 driver, op, vec_num, cfg->name); 1268 return err; 1269 } 1270 1271 return 0; 1272 } 1273 1274 static int test_aead_vec(const char *driver, int enc, 1275 const struct aead_testvec *vec, unsigned int vec_num, 1276 struct aead_request *req, 1277 struct cipher_test_sglists *tsgls) 1278 { 1279 unsigned int i; 1280 int err; 1281 1282 if (enc && vec->novrfy) 1283 return 0; 1284 1285 for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) { 1286 err = test_aead_vec_cfg(driver, enc, vec, vec_num, 1287 &default_cipher_testvec_configs[i], 1288 req, tsgls); 1289 if (err) 1290 return err; 1291 } 1292 1293 #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS 1294 if (!noextratests) { 1295 struct testvec_config cfg; 1296 char cfgname[TESTVEC_CONFIG_NAMELEN]; 1297 1298 for (i = 0; i < fuzz_iterations; i++) { 1299 generate_random_testvec_config(&cfg, cfgname, 1300 sizeof(cfgname)); 1301 err = test_aead_vec_cfg(driver, enc, vec, vec_num, 1302 &cfg, req, tsgls); 1303 if (err) 1304 return err; 1305 } 1306 } 1307 #endif 1308 return 0; 1309 } 1310 1311 static int test_aead(const char *driver, int enc, 1312 const struct aead_test_suite *suite, 1313 struct aead_request *req, 1314 struct cipher_test_sglists *tsgls) 1315 { 1316 unsigned int i; 1317 int err; 1318 1319 for (i = 0; i < suite->count; i++) { 1320 err = test_aead_vec(driver, enc, &suite->vecs[i], i, req, 1321 tsgls); 1322 if (err) 1323 return err; 1324 } 1325 return 0; 1326 } 1327 1328 static int alg_test_aead(const struct alg_test_desc *desc, const char *driver, 1329 u32 type, u32 mask) 1330 { 1331 const struct aead_test_suite *suite = &desc->suite.aead; 1332 struct crypto_aead *tfm; 1333 struct aead_request *req = NULL; 1334 struct cipher_test_sglists *tsgls = NULL; 1335 int err; 1336 1337 if (suite->count <= 0) { 1338 pr_err("alg: aead: empty test suite for %s\n", driver); 1339 return -EINVAL; 1340 } 1341 1342 tfm = crypto_alloc_aead(driver, type, mask); 1343 if (IS_ERR(tfm)) { 1344 pr_err("alg: aead: failed to allocate transform for %s: %ld\n", 1345 driver, PTR_ERR(tfm)); 1346 return PTR_ERR(tfm); 1347 } 1348 1349 req = aead_request_alloc(tfm, GFP_KERNEL); 1350 if (!req) { 1351 pr_err("alg: aead: failed to allocate request for %s\n", 1352 driver); 1353 err = -ENOMEM; 1354 goto out; 1355 } 1356 1357 tsgls = alloc_cipher_test_sglists(); 1358 if (!tsgls) { 1359 pr_err("alg: aead: failed to allocate test buffers for %s\n", 1360 driver); 1361 err = -ENOMEM; 1362 goto out; 1363 } 1364 1365 err = test_aead(driver, ENCRYPT, suite, req, tsgls); 1366 if (err) 1367 goto out; 1368 1369 err = test_aead(driver, DECRYPT, suite, req, tsgls); 1370 out: 1371 free_cipher_test_sglists(tsgls); 1372 aead_request_free(req); 1373 crypto_free_aead(tfm); 1374 return err; 1375 } 1376 1377 static int test_cipher(struct crypto_cipher *tfm, int enc, 1378 const struct cipher_testvec *template, 1379 unsigned int tcount) 1380 { 1381 const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm)); 1382 unsigned int i, j, k; 1383 char *q; 1384 const char *e; 1385 const char *input, *result; 1386 void *data; 1387 char *xbuf[XBUFSIZE]; 1388 int ret = -ENOMEM; 1389 1390 if (testmgr_alloc_buf(xbuf)) 1391 goto out_nobuf; 1392 1393 if (enc == ENCRYPT) 1394 e = "encryption"; 1395 else 1396 e = "decryption"; 1397 1398 j = 0; 1399 for (i = 0; i < tcount; i++) { 1400 1401 if (fips_enabled && template[i].fips_skip) 1402 continue; 1403 1404 input = enc ? template[i].ptext : template[i].ctext; 1405 result = enc ? template[i].ctext : template[i].ptext; 1406 j++; 1407 1408 ret = -EINVAL; 1409 if (WARN_ON(template[i].len > PAGE_SIZE)) 1410 goto out; 1411 1412 data = xbuf[0]; 1413 memcpy(data, input, template[i].len); 1414 1415 crypto_cipher_clear_flags(tfm, ~0); 1416 if (template[i].wk) 1417 crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); 1418 1419 ret = crypto_cipher_setkey(tfm, template[i].key, 1420 template[i].klen); 1421 if (template[i].fail == !ret) { 1422 printk(KERN_ERR "alg: cipher: setkey failed " 1423 "on test %d for %s: flags=%x\n", j, 1424 algo, crypto_cipher_get_flags(tfm)); 1425 goto out; 1426 } else if (ret) 1427 continue; 1428 1429 for (k = 0; k < template[i].len; 1430 k += crypto_cipher_blocksize(tfm)) { 1431 if (enc) 1432 crypto_cipher_encrypt_one(tfm, data + k, 1433 data + k); 1434 else 1435 crypto_cipher_decrypt_one(tfm, data + k, 1436 data + k); 1437 } 1438 1439 q = data; 1440 if (memcmp(q, result, template[i].len)) { 1441 printk(KERN_ERR "alg: cipher: Test %d failed " 1442 "on %s for %s\n", j, e, algo); 1443 hexdump(q, template[i].len); 1444 ret = -EINVAL; 1445 goto out; 1446 } 1447 } 1448 1449 ret = 0; 1450 1451 out: 1452 testmgr_free_buf(xbuf); 1453 out_nobuf: 1454 return ret; 1455 } 1456 1457 static int test_skcipher_vec_cfg(const char *driver, int enc, 1458 const struct cipher_testvec *vec, 1459 unsigned int vec_num, 1460 const struct testvec_config *cfg, 1461 struct skcipher_request *req, 1462 struct cipher_test_sglists *tsgls) 1463 { 1464 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 1465 const unsigned int alignmask = crypto_skcipher_alignmask(tfm); 1466 const unsigned int ivsize = crypto_skcipher_ivsize(tfm); 1467 const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; 1468 const char *op = enc ? "encryption" : "decryption"; 1469 DECLARE_CRYPTO_WAIT(wait); 1470 u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN]; 1471 u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) + 1472 cfg->iv_offset + 1473 (cfg->iv_offset_relative_to_alignmask ? alignmask : 0); 1474 struct kvec input; 1475 int err; 1476 1477 /* Set the key */ 1478 if (vec->wk) 1479 crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); 1480 else 1481 crypto_skcipher_clear_flags(tfm, 1482 CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); 1483 err = crypto_skcipher_setkey(tfm, vec->key, vec->klen); 1484 if (err) { 1485 if (vec->fail) /* expectedly failed to set key? */ 1486 return 0; 1487 pr_err("alg: skcipher: %s setkey failed with err %d on test vector %u; flags=%#x\n", 1488 driver, err, vec_num, crypto_skcipher_get_flags(tfm)); 1489 return err; 1490 } 1491 if (vec->fail) { 1492 pr_err("alg: skcipher: %s setkey unexpectedly succeeded on test vector %u\n", 1493 driver, vec_num); 1494 return -EINVAL; 1495 } 1496 1497 /* The IV must be copied to a buffer, as the algorithm may modify it */ 1498 if (ivsize) { 1499 if (WARN_ON(ivsize > MAX_IVLEN)) 1500 return -EINVAL; 1501 if (vec->iv && !(vec->generates_iv && enc)) 1502 memcpy(iv, vec->iv, ivsize); 1503 else 1504 memset(iv, 0, ivsize); 1505 } else { 1506 if (vec->generates_iv) { 1507 pr_err("alg: skcipher: %s has ivsize=0 but test vector %u generates IV!\n", 1508 driver, vec_num); 1509 return -EINVAL; 1510 } 1511 iv = NULL; 1512 } 1513 1514 /* Build the src/dst scatterlists */ 1515 input.iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext; 1516 input.iov_len = vec->len; 1517 err = build_cipher_test_sglists(tsgls, cfg, alignmask, 1518 vec->len, vec->len, &input, 1); 1519 if (err) { 1520 pr_err("alg: skcipher: %s %s: error preparing scatterlists for test vector %u, cfg=\"%s\"\n", 1521 driver, op, vec_num, cfg->name); 1522 return err; 1523 } 1524 1525 /* Do the actual encryption or decryption */ 1526 testmgr_poison(req->__ctx, crypto_skcipher_reqsize(tfm)); 1527 skcipher_request_set_callback(req, req_flags, crypto_req_done, &wait); 1528 skcipher_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr, 1529 vec->len, iv); 1530 err = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) : 1531 crypto_skcipher_decrypt(req), &wait); 1532 if (err) { 1533 pr_err("alg: skcipher: %s %s failed with err %d on test vector %u, cfg=\"%s\"\n", 1534 driver, op, err, vec_num, cfg->name); 1535 return err; 1536 } 1537 1538 /* Check that the algorithm didn't overwrite things it shouldn't have */ 1539 if (req->cryptlen != vec->len || 1540 req->iv != iv || 1541 req->src != tsgls->src.sgl_ptr || 1542 req->dst != tsgls->dst.sgl_ptr || 1543 crypto_skcipher_reqtfm(req) != tfm || 1544 req->base.complete != crypto_req_done || 1545 req->base.flags != req_flags || 1546 req->base.data != &wait) { 1547 pr_err("alg: skcipher: %s %s corrupted request struct on test vector %u, cfg=\"%s\"\n", 1548 driver, op, vec_num, cfg->name); 1549 if (req->cryptlen != vec->len) 1550 pr_err("alg: skcipher: changed 'req->cryptlen'\n"); 1551 if (req->iv != iv) 1552 pr_err("alg: skcipher: changed 'req->iv'\n"); 1553 if (req->src != tsgls->src.sgl_ptr) 1554 pr_err("alg: skcipher: changed 'req->src'\n"); 1555 if (req->dst != tsgls->dst.sgl_ptr) 1556 pr_err("alg: skcipher: changed 'req->dst'\n"); 1557 if (crypto_skcipher_reqtfm(req) != tfm) 1558 pr_err("alg: skcipher: changed 'req->base.tfm'\n"); 1559 if (req->base.complete != crypto_req_done) 1560 pr_err("alg: skcipher: changed 'req->base.complete'\n"); 1561 if (req->base.flags != req_flags) 1562 pr_err("alg: skcipher: changed 'req->base.flags'\n"); 1563 if (req->base.data != &wait) 1564 pr_err("alg: skcipher: changed 'req->base.data'\n"); 1565 return -EINVAL; 1566 } 1567 if (is_test_sglist_corrupted(&tsgls->src)) { 1568 pr_err("alg: skcipher: %s %s corrupted src sgl on test vector %u, cfg=\"%s\"\n", 1569 driver, op, vec_num, cfg->name); 1570 return -EINVAL; 1571 } 1572 if (tsgls->dst.sgl_ptr != tsgls->src.sgl && 1573 is_test_sglist_corrupted(&tsgls->dst)) { 1574 pr_err("alg: skcipher: %s %s corrupted dst sgl on test vector %u, cfg=\"%s\"\n", 1575 driver, op, vec_num, cfg->name); 1576 return -EINVAL; 1577 } 1578 1579 /* Check for the correct output (ciphertext or plaintext) */ 1580 err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, 1581 vec->len, 0, true); 1582 if (err == -EOVERFLOW) { 1583 pr_err("alg: skcipher: %s %s overran dst buffer on test vector %u, cfg=\"%s\"\n", 1584 driver, op, vec_num, cfg->name); 1585 return err; 1586 } 1587 if (err) { 1588 pr_err("alg: skcipher: %s %s test failed (wrong result) on test vector %u, cfg=\"%s\"\n", 1589 driver, op, vec_num, cfg->name); 1590 return err; 1591 } 1592 1593 /* If applicable, check that the algorithm generated the correct IV */ 1594 if (vec->generates_iv && enc && memcmp(iv, vec->iv, ivsize) != 0) { 1595 pr_err("alg: skcipher: %s %s test failed (wrong output IV) on test vector %u, cfg=\"%s\"\n", 1596 driver, op, vec_num, cfg->name); 1597 hexdump(iv, ivsize); 1598 return -EINVAL; 1599 } 1600 1601 return 0; 1602 } 1603 1604 static int test_skcipher_vec(const char *driver, int enc, 1605 const struct cipher_testvec *vec, 1606 unsigned int vec_num, 1607 struct skcipher_request *req, 1608 struct cipher_test_sglists *tsgls) 1609 { 1610 unsigned int i; 1611 int err; 1612 1613 if (fips_enabled && vec->fips_skip) 1614 return 0; 1615 1616 for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) { 1617 err = test_skcipher_vec_cfg(driver, enc, vec, vec_num, 1618 &default_cipher_testvec_configs[i], 1619 req, tsgls); 1620 if (err) 1621 return err; 1622 } 1623 1624 #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS 1625 if (!noextratests) { 1626 struct testvec_config cfg; 1627 char cfgname[TESTVEC_CONFIG_NAMELEN]; 1628 1629 for (i = 0; i < fuzz_iterations; i++) { 1630 generate_random_testvec_config(&cfg, cfgname, 1631 sizeof(cfgname)); 1632 err = test_skcipher_vec_cfg(driver, enc, vec, vec_num, 1633 &cfg, req, tsgls); 1634 if (err) 1635 return err; 1636 } 1637 } 1638 #endif 1639 return 0; 1640 } 1641 1642 static int test_skcipher(const char *driver, int enc, 1643 const struct cipher_test_suite *suite, 1644 struct skcipher_request *req, 1645 struct cipher_test_sglists *tsgls) 1646 { 1647 unsigned int i; 1648 int err; 1649 1650 for (i = 0; i < suite->count; i++) { 1651 err = test_skcipher_vec(driver, enc, &suite->vecs[i], i, req, 1652 tsgls); 1653 if (err) 1654 return err; 1655 } 1656 return 0; 1657 } 1658 1659 static int alg_test_skcipher(const struct alg_test_desc *desc, 1660 const char *driver, u32 type, u32 mask) 1661 { 1662 const struct cipher_test_suite *suite = &desc->suite.cipher; 1663 struct crypto_skcipher *tfm; 1664 struct skcipher_request *req = NULL; 1665 struct cipher_test_sglists *tsgls = NULL; 1666 int err; 1667 1668 if (suite->count <= 0) { 1669 pr_err("alg: skcipher: empty test suite for %s\n", driver); 1670 return -EINVAL; 1671 } 1672 1673 tfm = crypto_alloc_skcipher(driver, type, mask); 1674 if (IS_ERR(tfm)) { 1675 pr_err("alg: skcipher: failed to allocate transform for %s: %ld\n", 1676 driver, PTR_ERR(tfm)); 1677 return PTR_ERR(tfm); 1678 } 1679 1680 req = skcipher_request_alloc(tfm, GFP_KERNEL); 1681 if (!req) { 1682 pr_err("alg: skcipher: failed to allocate request for %s\n", 1683 driver); 1684 err = -ENOMEM; 1685 goto out; 1686 } 1687 1688 tsgls = alloc_cipher_test_sglists(); 1689 if (!tsgls) { 1690 pr_err("alg: skcipher: failed to allocate test buffers for %s\n", 1691 driver); 1692 err = -ENOMEM; 1693 goto out; 1694 } 1695 1696 err = test_skcipher(driver, ENCRYPT, suite, req, tsgls); 1697 if (err) 1698 goto out; 1699 1700 err = test_skcipher(driver, DECRYPT, suite, req, tsgls); 1701 out: 1702 free_cipher_test_sglists(tsgls); 1703 skcipher_request_free(req); 1704 crypto_free_skcipher(tfm); 1705 return err; 1706 } 1707 1708 static int test_comp(struct crypto_comp *tfm, 1709 const struct comp_testvec *ctemplate, 1710 const struct comp_testvec *dtemplate, 1711 int ctcount, int dtcount) 1712 { 1713 const char *algo = crypto_tfm_alg_driver_name(crypto_comp_tfm(tfm)); 1714 char *output, *decomp_output; 1715 unsigned int i; 1716 int ret; 1717 1718 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); 1719 if (!output) 1720 return -ENOMEM; 1721 1722 decomp_output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); 1723 if (!decomp_output) { 1724 kfree(output); 1725 return -ENOMEM; 1726 } 1727 1728 for (i = 0; i < ctcount; i++) { 1729 int ilen; 1730 unsigned int dlen = COMP_BUF_SIZE; 1731 1732 memset(output, 0, COMP_BUF_SIZE); 1733 memset(decomp_output, 0, COMP_BUF_SIZE); 1734 1735 ilen = ctemplate[i].inlen; 1736 ret = crypto_comp_compress(tfm, ctemplate[i].input, 1737 ilen, output, &dlen); 1738 if (ret) { 1739 printk(KERN_ERR "alg: comp: compression failed " 1740 "on test %d for %s: ret=%d\n", i + 1, algo, 1741 -ret); 1742 goto out; 1743 } 1744 1745 ilen = dlen; 1746 dlen = COMP_BUF_SIZE; 1747 ret = crypto_comp_decompress(tfm, output, 1748 ilen, decomp_output, &dlen); 1749 if (ret) { 1750 pr_err("alg: comp: compression failed: decompress: on test %d for %s failed: ret=%d\n", 1751 i + 1, algo, -ret); 1752 goto out; 1753 } 1754 1755 if (dlen != ctemplate[i].inlen) { 1756 printk(KERN_ERR "alg: comp: Compression test %d " 1757 "failed for %s: output len = %d\n", i + 1, algo, 1758 dlen); 1759 ret = -EINVAL; 1760 goto out; 1761 } 1762 1763 if (memcmp(decomp_output, ctemplate[i].input, 1764 ctemplate[i].inlen)) { 1765 pr_err("alg: comp: compression failed: output differs: on test %d for %s\n", 1766 i + 1, algo); 1767 hexdump(decomp_output, dlen); 1768 ret = -EINVAL; 1769 goto out; 1770 } 1771 } 1772 1773 for (i = 0; i < dtcount; i++) { 1774 int ilen; 1775 unsigned int dlen = COMP_BUF_SIZE; 1776 1777 memset(decomp_output, 0, COMP_BUF_SIZE); 1778 1779 ilen = dtemplate[i].inlen; 1780 ret = crypto_comp_decompress(tfm, dtemplate[i].input, 1781 ilen, decomp_output, &dlen); 1782 if (ret) { 1783 printk(KERN_ERR "alg: comp: decompression failed " 1784 "on test %d for %s: ret=%d\n", i + 1, algo, 1785 -ret); 1786 goto out; 1787 } 1788 1789 if (dlen != dtemplate[i].outlen) { 1790 printk(KERN_ERR "alg: comp: Decompression test %d " 1791 "failed for %s: output len = %d\n", i + 1, algo, 1792 dlen); 1793 ret = -EINVAL; 1794 goto out; 1795 } 1796 1797 if (memcmp(decomp_output, dtemplate[i].output, dlen)) { 1798 printk(KERN_ERR "alg: comp: Decompression test %d " 1799 "failed for %s\n", i + 1, algo); 1800 hexdump(decomp_output, dlen); 1801 ret = -EINVAL; 1802 goto out; 1803 } 1804 } 1805 1806 ret = 0; 1807 1808 out: 1809 kfree(decomp_output); 1810 kfree(output); 1811 return ret; 1812 } 1813 1814 static int test_acomp(struct crypto_acomp *tfm, 1815 const struct comp_testvec *ctemplate, 1816 const struct comp_testvec *dtemplate, 1817 int ctcount, int dtcount) 1818 { 1819 const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm)); 1820 unsigned int i; 1821 char *output, *decomp_out; 1822 int ret; 1823 struct scatterlist src, dst; 1824 struct acomp_req *req; 1825 struct crypto_wait wait; 1826 1827 output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); 1828 if (!output) 1829 return -ENOMEM; 1830 1831 decomp_out = kmalloc(COMP_BUF_SIZE, GFP_KERNEL); 1832 if (!decomp_out) { 1833 kfree(output); 1834 return -ENOMEM; 1835 } 1836 1837 for (i = 0; i < ctcount; i++) { 1838 unsigned int dlen = COMP_BUF_SIZE; 1839 int ilen = ctemplate[i].inlen; 1840 void *input_vec; 1841 1842 input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL); 1843 if (!input_vec) { 1844 ret = -ENOMEM; 1845 goto out; 1846 } 1847 1848 memset(output, 0, dlen); 1849 crypto_init_wait(&wait); 1850 sg_init_one(&src, input_vec, ilen); 1851 sg_init_one(&dst, output, dlen); 1852 1853 req = acomp_request_alloc(tfm); 1854 if (!req) { 1855 pr_err("alg: acomp: request alloc failed for %s\n", 1856 algo); 1857 kfree(input_vec); 1858 ret = -ENOMEM; 1859 goto out; 1860 } 1861 1862 acomp_request_set_params(req, &src, &dst, ilen, dlen); 1863 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 1864 crypto_req_done, &wait); 1865 1866 ret = crypto_wait_req(crypto_acomp_compress(req), &wait); 1867 if (ret) { 1868 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n", 1869 i + 1, algo, -ret); 1870 kfree(input_vec); 1871 acomp_request_free(req); 1872 goto out; 1873 } 1874 1875 ilen = req->dlen; 1876 dlen = COMP_BUF_SIZE; 1877 sg_init_one(&src, output, ilen); 1878 sg_init_one(&dst, decomp_out, dlen); 1879 crypto_init_wait(&wait); 1880 acomp_request_set_params(req, &src, &dst, ilen, dlen); 1881 1882 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait); 1883 if (ret) { 1884 pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n", 1885 i + 1, algo, -ret); 1886 kfree(input_vec); 1887 acomp_request_free(req); 1888 goto out; 1889 } 1890 1891 if (req->dlen != ctemplate[i].inlen) { 1892 pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n", 1893 i + 1, algo, req->dlen); 1894 ret = -EINVAL; 1895 kfree(input_vec); 1896 acomp_request_free(req); 1897 goto out; 1898 } 1899 1900 if (memcmp(input_vec, decomp_out, req->dlen)) { 1901 pr_err("alg: acomp: Compression test %d failed for %s\n", 1902 i + 1, algo); 1903 hexdump(output, req->dlen); 1904 ret = -EINVAL; 1905 kfree(input_vec); 1906 acomp_request_free(req); 1907 goto out; 1908 } 1909 1910 kfree(input_vec); 1911 acomp_request_free(req); 1912 } 1913 1914 for (i = 0; i < dtcount; i++) { 1915 unsigned int dlen = COMP_BUF_SIZE; 1916 int ilen = dtemplate[i].inlen; 1917 void *input_vec; 1918 1919 input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL); 1920 if (!input_vec) { 1921 ret = -ENOMEM; 1922 goto out; 1923 } 1924 1925 memset(output, 0, dlen); 1926 crypto_init_wait(&wait); 1927 sg_init_one(&src, input_vec, ilen); 1928 sg_init_one(&dst, output, dlen); 1929 1930 req = acomp_request_alloc(tfm); 1931 if (!req) { 1932 pr_err("alg: acomp: request alloc failed for %s\n", 1933 algo); 1934 kfree(input_vec); 1935 ret = -ENOMEM; 1936 goto out; 1937 } 1938 1939 acomp_request_set_params(req, &src, &dst, ilen, dlen); 1940 acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 1941 crypto_req_done, &wait); 1942 1943 ret = crypto_wait_req(crypto_acomp_decompress(req), &wait); 1944 if (ret) { 1945 pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n", 1946 i + 1, algo, -ret); 1947 kfree(input_vec); 1948 acomp_request_free(req); 1949 goto out; 1950 } 1951 1952 if (req->dlen != dtemplate[i].outlen) { 1953 pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n", 1954 i + 1, algo, req->dlen); 1955 ret = -EINVAL; 1956 kfree(input_vec); 1957 acomp_request_free(req); 1958 goto out; 1959 } 1960 1961 if (memcmp(output, dtemplate[i].output, req->dlen)) { 1962 pr_err("alg: acomp: Decompression test %d failed for %s\n", 1963 i + 1, algo); 1964 hexdump(output, req->dlen); 1965 ret = -EINVAL; 1966 kfree(input_vec); 1967 acomp_request_free(req); 1968 goto out; 1969 } 1970 1971 kfree(input_vec); 1972 acomp_request_free(req); 1973 } 1974 1975 ret = 0; 1976 1977 out: 1978 kfree(decomp_out); 1979 kfree(output); 1980 return ret; 1981 } 1982 1983 static int test_cprng(struct crypto_rng *tfm, 1984 const struct cprng_testvec *template, 1985 unsigned int tcount) 1986 { 1987 const char *algo = crypto_tfm_alg_driver_name(crypto_rng_tfm(tfm)); 1988 int err = 0, i, j, seedsize; 1989 u8 *seed; 1990 char result[32]; 1991 1992 seedsize = crypto_rng_seedsize(tfm); 1993 1994 seed = kmalloc(seedsize, GFP_KERNEL); 1995 if (!seed) { 1996 printk(KERN_ERR "alg: cprng: Failed to allocate seed space " 1997 "for %s\n", algo); 1998 return -ENOMEM; 1999 } 2000 2001 for (i = 0; i < tcount; i++) { 2002 memset(result, 0, 32); 2003 2004 memcpy(seed, template[i].v, template[i].vlen); 2005 memcpy(seed + template[i].vlen, template[i].key, 2006 template[i].klen); 2007 memcpy(seed + template[i].vlen + template[i].klen, 2008 template[i].dt, template[i].dtlen); 2009 2010 err = crypto_rng_reset(tfm, seed, seedsize); 2011 if (err) { 2012 printk(KERN_ERR "alg: cprng: Failed to reset rng " 2013 "for %s\n", algo); 2014 goto out; 2015 } 2016 2017 for (j = 0; j < template[i].loops; j++) { 2018 err = crypto_rng_get_bytes(tfm, result, 2019 template[i].rlen); 2020 if (err < 0) { 2021 printk(KERN_ERR "alg: cprng: Failed to obtain " 2022 "the correct amount of random data for " 2023 "%s (requested %d)\n", algo, 2024 template[i].rlen); 2025 goto out; 2026 } 2027 } 2028 2029 err = memcmp(result, template[i].result, 2030 template[i].rlen); 2031 if (err) { 2032 printk(KERN_ERR "alg: cprng: Test %d failed for %s\n", 2033 i, algo); 2034 hexdump(result, template[i].rlen); 2035 err = -EINVAL; 2036 goto out; 2037 } 2038 } 2039 2040 out: 2041 kfree(seed); 2042 return err; 2043 } 2044 2045 static int alg_test_cipher(const struct alg_test_desc *desc, 2046 const char *driver, u32 type, u32 mask) 2047 { 2048 const struct cipher_test_suite *suite = &desc->suite.cipher; 2049 struct crypto_cipher *tfm; 2050 int err; 2051 2052 tfm = crypto_alloc_cipher(driver, type, mask); 2053 if (IS_ERR(tfm)) { 2054 printk(KERN_ERR "alg: cipher: Failed to load transform for " 2055 "%s: %ld\n", driver, PTR_ERR(tfm)); 2056 return PTR_ERR(tfm); 2057 } 2058 2059 err = test_cipher(tfm, ENCRYPT, suite->vecs, suite->count); 2060 if (!err) 2061 err = test_cipher(tfm, DECRYPT, suite->vecs, suite->count); 2062 2063 crypto_free_cipher(tfm); 2064 return err; 2065 } 2066 2067 static int alg_test_comp(const struct alg_test_desc *desc, const char *driver, 2068 u32 type, u32 mask) 2069 { 2070 struct crypto_comp *comp; 2071 struct crypto_acomp *acomp; 2072 int err; 2073 u32 algo_type = type & CRYPTO_ALG_TYPE_ACOMPRESS_MASK; 2074 2075 if (algo_type == CRYPTO_ALG_TYPE_ACOMPRESS) { 2076 acomp = crypto_alloc_acomp(driver, type, mask); 2077 if (IS_ERR(acomp)) { 2078 pr_err("alg: acomp: Failed to load transform for %s: %ld\n", 2079 driver, PTR_ERR(acomp)); 2080 return PTR_ERR(acomp); 2081 } 2082 err = test_acomp(acomp, desc->suite.comp.comp.vecs, 2083 desc->suite.comp.decomp.vecs, 2084 desc->suite.comp.comp.count, 2085 desc->suite.comp.decomp.count); 2086 crypto_free_acomp(acomp); 2087 } else { 2088 comp = crypto_alloc_comp(driver, type, mask); 2089 if (IS_ERR(comp)) { 2090 pr_err("alg: comp: Failed to load transform for %s: %ld\n", 2091 driver, PTR_ERR(comp)); 2092 return PTR_ERR(comp); 2093 } 2094 2095 err = test_comp(comp, desc->suite.comp.comp.vecs, 2096 desc->suite.comp.decomp.vecs, 2097 desc->suite.comp.comp.count, 2098 desc->suite.comp.decomp.count); 2099 2100 crypto_free_comp(comp); 2101 } 2102 return err; 2103 } 2104 2105 static int alg_test_crc32c(const struct alg_test_desc *desc, 2106 const char *driver, u32 type, u32 mask) 2107 { 2108 struct crypto_shash *tfm; 2109 __le32 val; 2110 int err; 2111 2112 err = alg_test_hash(desc, driver, type, mask); 2113 if (err) 2114 return err; 2115 2116 tfm = crypto_alloc_shash(driver, type, mask); 2117 if (IS_ERR(tfm)) { 2118 if (PTR_ERR(tfm) == -ENOENT) { 2119 /* 2120 * This crc32c implementation is only available through 2121 * ahash API, not the shash API, so the remaining part 2122 * of the test is not applicable to it. 2123 */ 2124 return 0; 2125 } 2126 printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: " 2127 "%ld\n", driver, PTR_ERR(tfm)); 2128 return PTR_ERR(tfm); 2129 } 2130 2131 do { 2132 SHASH_DESC_ON_STACK(shash, tfm); 2133 u32 *ctx = (u32 *)shash_desc_ctx(shash); 2134 2135 shash->tfm = tfm; 2136 shash->flags = 0; 2137 2138 *ctx = 420553207; 2139 err = crypto_shash_final(shash, (u8 *)&val); 2140 if (err) { 2141 printk(KERN_ERR "alg: crc32c: Operation failed for " 2142 "%s: %d\n", driver, err); 2143 break; 2144 } 2145 2146 if (val != cpu_to_le32(~420553207)) { 2147 pr_err("alg: crc32c: Test failed for %s: %u\n", 2148 driver, le32_to_cpu(val)); 2149 err = -EINVAL; 2150 } 2151 } while (0); 2152 2153 crypto_free_shash(tfm); 2154 2155 return err; 2156 } 2157 2158 static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver, 2159 u32 type, u32 mask) 2160 { 2161 struct crypto_rng *rng; 2162 int err; 2163 2164 rng = crypto_alloc_rng(driver, type, mask); 2165 if (IS_ERR(rng)) { 2166 printk(KERN_ERR "alg: cprng: Failed to load transform for %s: " 2167 "%ld\n", driver, PTR_ERR(rng)); 2168 return PTR_ERR(rng); 2169 } 2170 2171 err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count); 2172 2173 crypto_free_rng(rng); 2174 2175 return err; 2176 } 2177 2178 2179 static int drbg_cavs_test(const struct drbg_testvec *test, int pr, 2180 const char *driver, u32 type, u32 mask) 2181 { 2182 int ret = -EAGAIN; 2183 struct crypto_rng *drng; 2184 struct drbg_test_data test_data; 2185 struct drbg_string addtl, pers, testentropy; 2186 unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL); 2187 2188 if (!buf) 2189 return -ENOMEM; 2190 2191 drng = crypto_alloc_rng(driver, type, mask); 2192 if (IS_ERR(drng)) { 2193 printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for " 2194 "%s\n", driver); 2195 kzfree(buf); 2196 return -ENOMEM; 2197 } 2198 2199 test_data.testentropy = &testentropy; 2200 drbg_string_fill(&testentropy, test->entropy, test->entropylen); 2201 drbg_string_fill(&pers, test->pers, test->perslen); 2202 ret = crypto_drbg_reset_test(drng, &pers, &test_data); 2203 if (ret) { 2204 printk(KERN_ERR "alg: drbg: Failed to reset rng\n"); 2205 goto outbuf; 2206 } 2207 2208 drbg_string_fill(&addtl, test->addtla, test->addtllen); 2209 if (pr) { 2210 drbg_string_fill(&testentropy, test->entpra, test->entprlen); 2211 ret = crypto_drbg_get_bytes_addtl_test(drng, 2212 buf, test->expectedlen, &addtl, &test_data); 2213 } else { 2214 ret = crypto_drbg_get_bytes_addtl(drng, 2215 buf, test->expectedlen, &addtl); 2216 } 2217 if (ret < 0) { 2218 printk(KERN_ERR "alg: drbg: could not obtain random data for " 2219 "driver %s\n", driver); 2220 goto outbuf; 2221 } 2222 2223 drbg_string_fill(&addtl, test->addtlb, test->addtllen); 2224 if (pr) { 2225 drbg_string_fill(&testentropy, test->entprb, test->entprlen); 2226 ret = crypto_drbg_get_bytes_addtl_test(drng, 2227 buf, test->expectedlen, &addtl, &test_data); 2228 } else { 2229 ret = crypto_drbg_get_bytes_addtl(drng, 2230 buf, test->expectedlen, &addtl); 2231 } 2232 if (ret < 0) { 2233 printk(KERN_ERR "alg: drbg: could not obtain random data for " 2234 "driver %s\n", driver); 2235 goto outbuf; 2236 } 2237 2238 ret = memcmp(test->expected, buf, test->expectedlen); 2239 2240 outbuf: 2241 crypto_free_rng(drng); 2242 kzfree(buf); 2243 return ret; 2244 } 2245 2246 2247 static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver, 2248 u32 type, u32 mask) 2249 { 2250 int err = 0; 2251 int pr = 0; 2252 int i = 0; 2253 const struct drbg_testvec *template = desc->suite.drbg.vecs; 2254 unsigned int tcount = desc->suite.drbg.count; 2255 2256 if (0 == memcmp(driver, "drbg_pr_", 8)) 2257 pr = 1; 2258 2259 for (i = 0; i < tcount; i++) { 2260 err = drbg_cavs_test(&template[i], pr, driver, type, mask); 2261 if (err) { 2262 printk(KERN_ERR "alg: drbg: Test %d failed for %s\n", 2263 i, driver); 2264 err = -EINVAL; 2265 break; 2266 } 2267 } 2268 return err; 2269 2270 } 2271 2272 static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec, 2273 const char *alg) 2274 { 2275 struct kpp_request *req; 2276 void *input_buf = NULL; 2277 void *output_buf = NULL; 2278 void *a_public = NULL; 2279 void *a_ss = NULL; 2280 void *shared_secret = NULL; 2281 struct crypto_wait wait; 2282 unsigned int out_len_max; 2283 int err = -ENOMEM; 2284 struct scatterlist src, dst; 2285 2286 req = kpp_request_alloc(tfm, GFP_KERNEL); 2287 if (!req) 2288 return err; 2289 2290 crypto_init_wait(&wait); 2291 2292 err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size); 2293 if (err < 0) 2294 goto free_req; 2295 2296 out_len_max = crypto_kpp_maxsize(tfm); 2297 output_buf = kzalloc(out_len_max, GFP_KERNEL); 2298 if (!output_buf) { 2299 err = -ENOMEM; 2300 goto free_req; 2301 } 2302 2303 /* Use appropriate parameter as base */ 2304 kpp_request_set_input(req, NULL, 0); 2305 sg_init_one(&dst, output_buf, out_len_max); 2306 kpp_request_set_output(req, &dst, out_len_max); 2307 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 2308 crypto_req_done, &wait); 2309 2310 /* Compute party A's public key */ 2311 err = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait); 2312 if (err) { 2313 pr_err("alg: %s: Party A: generate public key test failed. err %d\n", 2314 alg, err); 2315 goto free_output; 2316 } 2317 2318 if (vec->genkey) { 2319 /* Save party A's public key */ 2320 a_public = kmemdup(sg_virt(req->dst), out_len_max, GFP_KERNEL); 2321 if (!a_public) { 2322 err = -ENOMEM; 2323 goto free_output; 2324 } 2325 } else { 2326 /* Verify calculated public key */ 2327 if (memcmp(vec->expected_a_public, sg_virt(req->dst), 2328 vec->expected_a_public_size)) { 2329 pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n", 2330 alg); 2331 err = -EINVAL; 2332 goto free_output; 2333 } 2334 } 2335 2336 /* Calculate shared secret key by using counter part (b) public key. */ 2337 input_buf = kmemdup(vec->b_public, vec->b_public_size, GFP_KERNEL); 2338 if (!input_buf) { 2339 err = -ENOMEM; 2340 goto free_output; 2341 } 2342 2343 sg_init_one(&src, input_buf, vec->b_public_size); 2344 sg_init_one(&dst, output_buf, out_len_max); 2345 kpp_request_set_input(req, &src, vec->b_public_size); 2346 kpp_request_set_output(req, &dst, out_len_max); 2347 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 2348 crypto_req_done, &wait); 2349 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait); 2350 if (err) { 2351 pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n", 2352 alg, err); 2353 goto free_all; 2354 } 2355 2356 if (vec->genkey) { 2357 /* Save the shared secret obtained by party A */ 2358 a_ss = kmemdup(sg_virt(req->dst), vec->expected_ss_size, GFP_KERNEL); 2359 if (!a_ss) { 2360 err = -ENOMEM; 2361 goto free_all; 2362 } 2363 2364 /* 2365 * Calculate party B's shared secret by using party A's 2366 * public key. 2367 */ 2368 err = crypto_kpp_set_secret(tfm, vec->b_secret, 2369 vec->b_secret_size); 2370 if (err < 0) 2371 goto free_all; 2372 2373 sg_init_one(&src, a_public, vec->expected_a_public_size); 2374 sg_init_one(&dst, output_buf, out_len_max); 2375 kpp_request_set_input(req, &src, vec->expected_a_public_size); 2376 kpp_request_set_output(req, &dst, out_len_max); 2377 kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 2378 crypto_req_done, &wait); 2379 err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), 2380 &wait); 2381 if (err) { 2382 pr_err("alg: %s: Party B: compute shared secret failed. err %d\n", 2383 alg, err); 2384 goto free_all; 2385 } 2386 2387 shared_secret = a_ss; 2388 } else { 2389 shared_secret = (void *)vec->expected_ss; 2390 } 2391 2392 /* 2393 * verify shared secret from which the user will derive 2394 * secret key by executing whatever hash it has chosen 2395 */ 2396 if (memcmp(shared_secret, sg_virt(req->dst), 2397 vec->expected_ss_size)) { 2398 pr_err("alg: %s: compute shared secret test failed. Invalid output\n", 2399 alg); 2400 err = -EINVAL; 2401 } 2402 2403 free_all: 2404 kfree(a_ss); 2405 kfree(input_buf); 2406 free_output: 2407 kfree(a_public); 2408 kfree(output_buf); 2409 free_req: 2410 kpp_request_free(req); 2411 return err; 2412 } 2413 2414 static int test_kpp(struct crypto_kpp *tfm, const char *alg, 2415 const struct kpp_testvec *vecs, unsigned int tcount) 2416 { 2417 int ret, i; 2418 2419 for (i = 0; i < tcount; i++) { 2420 ret = do_test_kpp(tfm, vecs++, alg); 2421 if (ret) { 2422 pr_err("alg: %s: test failed on vector %d, err=%d\n", 2423 alg, i + 1, ret); 2424 return ret; 2425 } 2426 } 2427 return 0; 2428 } 2429 2430 static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver, 2431 u32 type, u32 mask) 2432 { 2433 struct crypto_kpp *tfm; 2434 int err = 0; 2435 2436 tfm = crypto_alloc_kpp(driver, type, mask); 2437 if (IS_ERR(tfm)) { 2438 pr_err("alg: kpp: Failed to load tfm for %s: %ld\n", 2439 driver, PTR_ERR(tfm)); 2440 return PTR_ERR(tfm); 2441 } 2442 if (desc->suite.kpp.vecs) 2443 err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs, 2444 desc->suite.kpp.count); 2445 2446 crypto_free_kpp(tfm); 2447 return err; 2448 } 2449 2450 static int test_akcipher_one(struct crypto_akcipher *tfm, 2451 const struct akcipher_testvec *vecs) 2452 { 2453 char *xbuf[XBUFSIZE]; 2454 struct akcipher_request *req; 2455 void *outbuf_enc = NULL; 2456 void *outbuf_dec = NULL; 2457 struct crypto_wait wait; 2458 unsigned int out_len_max, out_len = 0; 2459 int err = -ENOMEM; 2460 struct scatterlist src, dst, src_tab[2]; 2461 const char *m, *c; 2462 unsigned int m_size, c_size; 2463 const char *op; 2464 2465 if (testmgr_alloc_buf(xbuf)) 2466 return err; 2467 2468 req = akcipher_request_alloc(tfm, GFP_KERNEL); 2469 if (!req) 2470 goto free_xbuf; 2471 2472 crypto_init_wait(&wait); 2473 2474 if (vecs->public_key_vec) 2475 err = crypto_akcipher_set_pub_key(tfm, vecs->key, 2476 vecs->key_len); 2477 else 2478 err = crypto_akcipher_set_priv_key(tfm, vecs->key, 2479 vecs->key_len); 2480 if (err) 2481 goto free_req; 2482 2483 err = -ENOMEM; 2484 out_len_max = crypto_akcipher_maxsize(tfm); 2485 2486 /* 2487 * First run test which do not require a private key, such as 2488 * encrypt or verify. 2489 */ 2490 outbuf_enc = kzalloc(out_len_max, GFP_KERNEL); 2491 if (!outbuf_enc) 2492 goto free_req; 2493 2494 if (!vecs->siggen_sigver_test) { 2495 m = vecs->m; 2496 m_size = vecs->m_size; 2497 c = vecs->c; 2498 c_size = vecs->c_size; 2499 op = "encrypt"; 2500 } else { 2501 /* Swap args so we could keep plaintext (digest) 2502 * in vecs->m, and cooked signature in vecs->c. 2503 */ 2504 m = vecs->c; /* signature */ 2505 m_size = vecs->c_size; 2506 c = vecs->m; /* digest */ 2507 c_size = vecs->m_size; 2508 op = "verify"; 2509 } 2510 2511 if (WARN_ON(m_size > PAGE_SIZE)) 2512 goto free_all; 2513 memcpy(xbuf[0], m, m_size); 2514 2515 sg_init_table(src_tab, 2); 2516 sg_set_buf(&src_tab[0], xbuf[0], 8); 2517 sg_set_buf(&src_tab[1], xbuf[0] + 8, m_size - 8); 2518 sg_init_one(&dst, outbuf_enc, out_len_max); 2519 akcipher_request_set_crypt(req, src_tab, &dst, m_size, 2520 out_len_max); 2521 akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, 2522 crypto_req_done, &wait); 2523 2524 err = crypto_wait_req(vecs->siggen_sigver_test ? 2525 /* Run asymmetric signature verification */ 2526 crypto_akcipher_verify(req) : 2527 /* Run asymmetric encrypt */ 2528 crypto_akcipher_encrypt(req), &wait); 2529 if (err) { 2530 pr_err("alg: akcipher: %s test failed. err %d\n", op, err); 2531 goto free_all; 2532 } 2533 if (req->dst_len != c_size) { 2534 pr_err("alg: akcipher: %s test failed. Invalid output len\n", 2535 op); 2536 err = -EINVAL; 2537 goto free_all; 2538 } 2539 /* verify that encrypted message is equal to expected */ 2540 if (memcmp(c, outbuf_enc, c_size)) { 2541 pr_err("alg: akcipher: %s test failed. Invalid output\n", op); 2542 hexdump(outbuf_enc, c_size); 2543 err = -EINVAL; 2544 goto free_all; 2545 } 2546 2547 /* 2548 * Don't invoke (decrypt or sign) test which require a private key 2549 * for vectors with only a public key. 2550 */ 2551 if (vecs->public_key_vec) { 2552 err = 0; 2553 goto free_all; 2554 } 2555 outbuf_dec = kzalloc(out_len_max, GFP_KERNEL); 2556 if (!outbuf_dec) { 2557 err = -ENOMEM; 2558 goto free_all; 2559 } 2560 2561 op = vecs->siggen_sigver_test ? "sign" : "decrypt"; 2562 if (WARN_ON(c_size > PAGE_SIZE)) 2563 goto free_all; 2564 memcpy(xbuf[0], c, c_size); 2565 2566 sg_init_one(&src, xbuf[0], c_size); 2567 sg_init_one(&dst, outbuf_dec, out_len_max); 2568 crypto_init_wait(&wait); 2569 akcipher_request_set_crypt(req, &src, &dst, c_size, out_len_max); 2570 2571 err = crypto_wait_req(vecs->siggen_sigver_test ? 2572 /* Run asymmetric signature generation */ 2573 crypto_akcipher_sign(req) : 2574 /* Run asymmetric decrypt */ 2575 crypto_akcipher_decrypt(req), &wait); 2576 if (err) { 2577 pr_err("alg: akcipher: %s test failed. err %d\n", op, err); 2578 goto free_all; 2579 } 2580 out_len = req->dst_len; 2581 if (out_len < m_size) { 2582 pr_err("alg: akcipher: %s test failed. Invalid output len %u\n", 2583 op, out_len); 2584 err = -EINVAL; 2585 goto free_all; 2586 } 2587 /* verify that decrypted message is equal to the original msg */ 2588 if (memchr_inv(outbuf_dec, 0, out_len - m_size) || 2589 memcmp(m, outbuf_dec + out_len - m_size, m_size)) { 2590 pr_err("alg: akcipher: %s test failed. Invalid output\n", op); 2591 hexdump(outbuf_dec, out_len); 2592 err = -EINVAL; 2593 } 2594 free_all: 2595 kfree(outbuf_dec); 2596 kfree(outbuf_enc); 2597 free_req: 2598 akcipher_request_free(req); 2599 free_xbuf: 2600 testmgr_free_buf(xbuf); 2601 return err; 2602 } 2603 2604 static int test_akcipher(struct crypto_akcipher *tfm, const char *alg, 2605 const struct akcipher_testvec *vecs, 2606 unsigned int tcount) 2607 { 2608 const char *algo = 2609 crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm)); 2610 int ret, i; 2611 2612 for (i = 0; i < tcount; i++) { 2613 ret = test_akcipher_one(tfm, vecs++); 2614 if (!ret) 2615 continue; 2616 2617 pr_err("alg: akcipher: test %d failed for %s, err=%d\n", 2618 i + 1, algo, ret); 2619 return ret; 2620 } 2621 return 0; 2622 } 2623 2624 static int alg_test_akcipher(const struct alg_test_desc *desc, 2625 const char *driver, u32 type, u32 mask) 2626 { 2627 struct crypto_akcipher *tfm; 2628 int err = 0; 2629 2630 tfm = crypto_alloc_akcipher(driver, type, mask); 2631 if (IS_ERR(tfm)) { 2632 pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n", 2633 driver, PTR_ERR(tfm)); 2634 return PTR_ERR(tfm); 2635 } 2636 if (desc->suite.akcipher.vecs) 2637 err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs, 2638 desc->suite.akcipher.count); 2639 2640 crypto_free_akcipher(tfm); 2641 return err; 2642 } 2643 2644 static int alg_test_null(const struct alg_test_desc *desc, 2645 const char *driver, u32 type, u32 mask) 2646 { 2647 return 0; 2648 } 2649 2650 #define __VECS(tv) { .vecs = tv, .count = ARRAY_SIZE(tv) } 2651 2652 /* Please keep this list sorted by algorithm name. */ 2653 static const struct alg_test_desc alg_test_descs[] = { 2654 { 2655 .alg = "adiantum(xchacha12,aes)", 2656 .test = alg_test_skcipher, 2657 .suite = { 2658 .cipher = __VECS(adiantum_xchacha12_aes_tv_template) 2659 }, 2660 }, { 2661 .alg = "adiantum(xchacha20,aes)", 2662 .test = alg_test_skcipher, 2663 .suite = { 2664 .cipher = __VECS(adiantum_xchacha20_aes_tv_template) 2665 }, 2666 }, { 2667 .alg = "aegis128", 2668 .test = alg_test_aead, 2669 .suite = { 2670 .aead = __VECS(aegis128_tv_template) 2671 } 2672 }, { 2673 .alg = "aegis128l", 2674 .test = alg_test_aead, 2675 .suite = { 2676 .aead = __VECS(aegis128l_tv_template) 2677 } 2678 }, { 2679 .alg = "aegis256", 2680 .test = alg_test_aead, 2681 .suite = { 2682 .aead = __VECS(aegis256_tv_template) 2683 } 2684 }, { 2685 .alg = "ansi_cprng", 2686 .test = alg_test_cprng, 2687 .suite = { 2688 .cprng = __VECS(ansi_cprng_aes_tv_template) 2689 } 2690 }, { 2691 .alg = "authenc(hmac(md5),ecb(cipher_null))", 2692 .test = alg_test_aead, 2693 .suite = { 2694 .aead = __VECS(hmac_md5_ecb_cipher_null_tv_template) 2695 } 2696 }, { 2697 .alg = "authenc(hmac(sha1),cbc(aes))", 2698 .test = alg_test_aead, 2699 .fips_allowed = 1, 2700 .suite = { 2701 .aead = __VECS(hmac_sha1_aes_cbc_tv_temp) 2702 } 2703 }, { 2704 .alg = "authenc(hmac(sha1),cbc(des))", 2705 .test = alg_test_aead, 2706 .suite = { 2707 .aead = __VECS(hmac_sha1_des_cbc_tv_temp) 2708 } 2709 }, { 2710 .alg = "authenc(hmac(sha1),cbc(des3_ede))", 2711 .test = alg_test_aead, 2712 .fips_allowed = 1, 2713 .suite = { 2714 .aead = __VECS(hmac_sha1_des3_ede_cbc_tv_temp) 2715 } 2716 }, { 2717 .alg = "authenc(hmac(sha1),ctr(aes))", 2718 .test = alg_test_null, 2719 .fips_allowed = 1, 2720 }, { 2721 .alg = "authenc(hmac(sha1),ecb(cipher_null))", 2722 .test = alg_test_aead, 2723 .suite = { 2724 .aead = __VECS(hmac_sha1_ecb_cipher_null_tv_temp) 2725 } 2726 }, { 2727 .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))", 2728 .test = alg_test_null, 2729 .fips_allowed = 1, 2730 }, { 2731 .alg = "authenc(hmac(sha224),cbc(des))", 2732 .test = alg_test_aead, 2733 .suite = { 2734 .aead = __VECS(hmac_sha224_des_cbc_tv_temp) 2735 } 2736 }, { 2737 .alg = "authenc(hmac(sha224),cbc(des3_ede))", 2738 .test = alg_test_aead, 2739 .fips_allowed = 1, 2740 .suite = { 2741 .aead = __VECS(hmac_sha224_des3_ede_cbc_tv_temp) 2742 } 2743 }, { 2744 .alg = "authenc(hmac(sha256),cbc(aes))", 2745 .test = alg_test_aead, 2746 .fips_allowed = 1, 2747 .suite = { 2748 .aead = __VECS(hmac_sha256_aes_cbc_tv_temp) 2749 } 2750 }, { 2751 .alg = "authenc(hmac(sha256),cbc(des))", 2752 .test = alg_test_aead, 2753 .suite = { 2754 .aead = __VECS(hmac_sha256_des_cbc_tv_temp) 2755 } 2756 }, { 2757 .alg = "authenc(hmac(sha256),cbc(des3_ede))", 2758 .test = alg_test_aead, 2759 .fips_allowed = 1, 2760 .suite = { 2761 .aead = __VECS(hmac_sha256_des3_ede_cbc_tv_temp) 2762 } 2763 }, { 2764 .alg = "authenc(hmac(sha256),ctr(aes))", 2765 .test = alg_test_null, 2766 .fips_allowed = 1, 2767 }, { 2768 .alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))", 2769 .test = alg_test_null, 2770 .fips_allowed = 1, 2771 }, { 2772 .alg = "authenc(hmac(sha384),cbc(des))", 2773 .test = alg_test_aead, 2774 .suite = { 2775 .aead = __VECS(hmac_sha384_des_cbc_tv_temp) 2776 } 2777 }, { 2778 .alg = "authenc(hmac(sha384),cbc(des3_ede))", 2779 .test = alg_test_aead, 2780 .fips_allowed = 1, 2781 .suite = { 2782 .aead = __VECS(hmac_sha384_des3_ede_cbc_tv_temp) 2783 } 2784 }, { 2785 .alg = "authenc(hmac(sha384),ctr(aes))", 2786 .test = alg_test_null, 2787 .fips_allowed = 1, 2788 }, { 2789 .alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))", 2790 .test = alg_test_null, 2791 .fips_allowed = 1, 2792 }, { 2793 .alg = "authenc(hmac(sha512),cbc(aes))", 2794 .fips_allowed = 1, 2795 .test = alg_test_aead, 2796 .suite = { 2797 .aead = __VECS(hmac_sha512_aes_cbc_tv_temp) 2798 } 2799 }, { 2800 .alg = "authenc(hmac(sha512),cbc(des))", 2801 .test = alg_test_aead, 2802 .suite = { 2803 .aead = __VECS(hmac_sha512_des_cbc_tv_temp) 2804 } 2805 }, { 2806 .alg = "authenc(hmac(sha512),cbc(des3_ede))", 2807 .test = alg_test_aead, 2808 .fips_allowed = 1, 2809 .suite = { 2810 .aead = __VECS(hmac_sha512_des3_ede_cbc_tv_temp) 2811 } 2812 }, { 2813 .alg = "authenc(hmac(sha512),ctr(aes))", 2814 .test = alg_test_null, 2815 .fips_allowed = 1, 2816 }, { 2817 .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))", 2818 .test = alg_test_null, 2819 .fips_allowed = 1, 2820 }, { 2821 .alg = "cbc(aes)", 2822 .test = alg_test_skcipher, 2823 .fips_allowed = 1, 2824 .suite = { 2825 .cipher = __VECS(aes_cbc_tv_template) 2826 }, 2827 }, { 2828 .alg = "cbc(anubis)", 2829 .test = alg_test_skcipher, 2830 .suite = { 2831 .cipher = __VECS(anubis_cbc_tv_template) 2832 }, 2833 }, { 2834 .alg = "cbc(blowfish)", 2835 .test = alg_test_skcipher, 2836 .suite = { 2837 .cipher = __VECS(bf_cbc_tv_template) 2838 }, 2839 }, { 2840 .alg = "cbc(camellia)", 2841 .test = alg_test_skcipher, 2842 .suite = { 2843 .cipher = __VECS(camellia_cbc_tv_template) 2844 }, 2845 }, { 2846 .alg = "cbc(cast5)", 2847 .test = alg_test_skcipher, 2848 .suite = { 2849 .cipher = __VECS(cast5_cbc_tv_template) 2850 }, 2851 }, { 2852 .alg = "cbc(cast6)", 2853 .test = alg_test_skcipher, 2854 .suite = { 2855 .cipher = __VECS(cast6_cbc_tv_template) 2856 }, 2857 }, { 2858 .alg = "cbc(des)", 2859 .test = alg_test_skcipher, 2860 .suite = { 2861 .cipher = __VECS(des_cbc_tv_template) 2862 }, 2863 }, { 2864 .alg = "cbc(des3_ede)", 2865 .test = alg_test_skcipher, 2866 .fips_allowed = 1, 2867 .suite = { 2868 .cipher = __VECS(des3_ede_cbc_tv_template) 2869 }, 2870 }, { 2871 /* Same as cbc(aes) except the key is stored in 2872 * hardware secure memory which we reference by index 2873 */ 2874 .alg = "cbc(paes)", 2875 .test = alg_test_null, 2876 .fips_allowed = 1, 2877 }, { 2878 .alg = "cbc(serpent)", 2879 .test = alg_test_skcipher, 2880 .suite = { 2881 .cipher = __VECS(serpent_cbc_tv_template) 2882 }, 2883 }, { 2884 .alg = "cbc(sm4)", 2885 .test = alg_test_skcipher, 2886 .suite = { 2887 .cipher = __VECS(sm4_cbc_tv_template) 2888 } 2889 }, { 2890 .alg = "cbc(twofish)", 2891 .test = alg_test_skcipher, 2892 .suite = { 2893 .cipher = __VECS(tf_cbc_tv_template) 2894 }, 2895 }, { 2896 .alg = "cbcmac(aes)", 2897 .fips_allowed = 1, 2898 .test = alg_test_hash, 2899 .suite = { 2900 .hash = __VECS(aes_cbcmac_tv_template) 2901 } 2902 }, { 2903 .alg = "ccm(aes)", 2904 .test = alg_test_aead, 2905 .fips_allowed = 1, 2906 .suite = { 2907 .aead = __VECS(aes_ccm_tv_template) 2908 } 2909 }, { 2910 .alg = "cfb(aes)", 2911 .test = alg_test_skcipher, 2912 .fips_allowed = 1, 2913 .suite = { 2914 .cipher = __VECS(aes_cfb_tv_template) 2915 }, 2916 }, { 2917 .alg = "chacha20", 2918 .test = alg_test_skcipher, 2919 .suite = { 2920 .cipher = __VECS(chacha20_tv_template) 2921 }, 2922 }, { 2923 .alg = "cmac(aes)", 2924 .fips_allowed = 1, 2925 .test = alg_test_hash, 2926 .suite = { 2927 .hash = __VECS(aes_cmac128_tv_template) 2928 } 2929 }, { 2930 .alg = "cmac(des3_ede)", 2931 .fips_allowed = 1, 2932 .test = alg_test_hash, 2933 .suite = { 2934 .hash = __VECS(des3_ede_cmac64_tv_template) 2935 } 2936 }, { 2937 .alg = "compress_null", 2938 .test = alg_test_null, 2939 }, { 2940 .alg = "crc32", 2941 .test = alg_test_hash, 2942 .fips_allowed = 1, 2943 .suite = { 2944 .hash = __VECS(crc32_tv_template) 2945 } 2946 }, { 2947 .alg = "crc32c", 2948 .test = alg_test_crc32c, 2949 .fips_allowed = 1, 2950 .suite = { 2951 .hash = __VECS(crc32c_tv_template) 2952 } 2953 }, { 2954 .alg = "crct10dif", 2955 .test = alg_test_hash, 2956 .fips_allowed = 1, 2957 .suite = { 2958 .hash = __VECS(crct10dif_tv_template) 2959 } 2960 }, { 2961 .alg = "ctr(aes)", 2962 .test = alg_test_skcipher, 2963 .fips_allowed = 1, 2964 .suite = { 2965 .cipher = __VECS(aes_ctr_tv_template) 2966 } 2967 }, { 2968 .alg = "ctr(blowfish)", 2969 .test = alg_test_skcipher, 2970 .suite = { 2971 .cipher = __VECS(bf_ctr_tv_template) 2972 } 2973 }, { 2974 .alg = "ctr(camellia)", 2975 .test = alg_test_skcipher, 2976 .suite = { 2977 .cipher = __VECS(camellia_ctr_tv_template) 2978 } 2979 }, { 2980 .alg = "ctr(cast5)", 2981 .test = alg_test_skcipher, 2982 .suite = { 2983 .cipher = __VECS(cast5_ctr_tv_template) 2984 } 2985 }, { 2986 .alg = "ctr(cast6)", 2987 .test = alg_test_skcipher, 2988 .suite = { 2989 .cipher = __VECS(cast6_ctr_tv_template) 2990 } 2991 }, { 2992 .alg = "ctr(des)", 2993 .test = alg_test_skcipher, 2994 .suite = { 2995 .cipher = __VECS(des_ctr_tv_template) 2996 } 2997 }, { 2998 .alg = "ctr(des3_ede)", 2999 .test = alg_test_skcipher, 3000 .fips_allowed = 1, 3001 .suite = { 3002 .cipher = __VECS(des3_ede_ctr_tv_template) 3003 } 3004 }, { 3005 /* Same as ctr(aes) except the key is stored in 3006 * hardware secure memory which we reference by index 3007 */ 3008 .alg = "ctr(paes)", 3009 .test = alg_test_null, 3010 .fips_allowed = 1, 3011 }, { 3012 .alg = "ctr(serpent)", 3013 .test = alg_test_skcipher, 3014 .suite = { 3015 .cipher = __VECS(serpent_ctr_tv_template) 3016 } 3017 }, { 3018 .alg = "ctr(sm4)", 3019 .test = alg_test_skcipher, 3020 .suite = { 3021 .cipher = __VECS(sm4_ctr_tv_template) 3022 } 3023 }, { 3024 .alg = "ctr(twofish)", 3025 .test = alg_test_skcipher, 3026 .suite = { 3027 .cipher = __VECS(tf_ctr_tv_template) 3028 } 3029 }, { 3030 .alg = "cts(cbc(aes))", 3031 .test = alg_test_skcipher, 3032 .fips_allowed = 1, 3033 .suite = { 3034 .cipher = __VECS(cts_mode_tv_template) 3035 } 3036 }, { 3037 .alg = "deflate", 3038 .test = alg_test_comp, 3039 .fips_allowed = 1, 3040 .suite = { 3041 .comp = { 3042 .comp = __VECS(deflate_comp_tv_template), 3043 .decomp = __VECS(deflate_decomp_tv_template) 3044 } 3045 } 3046 }, { 3047 .alg = "dh", 3048 .test = alg_test_kpp, 3049 .fips_allowed = 1, 3050 .suite = { 3051 .kpp = __VECS(dh_tv_template) 3052 } 3053 }, { 3054 .alg = "digest_null", 3055 .test = alg_test_null, 3056 }, { 3057 .alg = "drbg_nopr_ctr_aes128", 3058 .test = alg_test_drbg, 3059 .fips_allowed = 1, 3060 .suite = { 3061 .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template) 3062 } 3063 }, { 3064 .alg = "drbg_nopr_ctr_aes192", 3065 .test = alg_test_drbg, 3066 .fips_allowed = 1, 3067 .suite = { 3068 .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template) 3069 } 3070 }, { 3071 .alg = "drbg_nopr_ctr_aes256", 3072 .test = alg_test_drbg, 3073 .fips_allowed = 1, 3074 .suite = { 3075 .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template) 3076 } 3077 }, { 3078 /* 3079 * There is no need to specifically test the DRBG with every 3080 * backend cipher -- covered by drbg_nopr_hmac_sha256 test 3081 */ 3082 .alg = "drbg_nopr_hmac_sha1", 3083 .fips_allowed = 1, 3084 .test = alg_test_null, 3085 }, { 3086 .alg = "drbg_nopr_hmac_sha256", 3087 .test = alg_test_drbg, 3088 .fips_allowed = 1, 3089 .suite = { 3090 .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template) 3091 } 3092 }, { 3093 /* covered by drbg_nopr_hmac_sha256 test */ 3094 .alg = "drbg_nopr_hmac_sha384", 3095 .fips_allowed = 1, 3096 .test = alg_test_null, 3097 }, { 3098 .alg = "drbg_nopr_hmac_sha512", 3099 .test = alg_test_null, 3100 .fips_allowed = 1, 3101 }, { 3102 .alg = "drbg_nopr_sha1", 3103 .fips_allowed = 1, 3104 .test = alg_test_null, 3105 }, { 3106 .alg = "drbg_nopr_sha256", 3107 .test = alg_test_drbg, 3108 .fips_allowed = 1, 3109 .suite = { 3110 .drbg = __VECS(drbg_nopr_sha256_tv_template) 3111 } 3112 }, { 3113 /* covered by drbg_nopr_sha256 test */ 3114 .alg = "drbg_nopr_sha384", 3115 .fips_allowed = 1, 3116 .test = alg_test_null, 3117 }, { 3118 .alg = "drbg_nopr_sha512", 3119 .fips_allowed = 1, 3120 .test = alg_test_null, 3121 }, { 3122 .alg = "drbg_pr_ctr_aes128", 3123 .test = alg_test_drbg, 3124 .fips_allowed = 1, 3125 .suite = { 3126 .drbg = __VECS(drbg_pr_ctr_aes128_tv_template) 3127 } 3128 }, { 3129 /* covered by drbg_pr_ctr_aes128 test */ 3130 .alg = "drbg_pr_ctr_aes192", 3131 .fips_allowed = 1, 3132 .test = alg_test_null, 3133 }, { 3134 .alg = "drbg_pr_ctr_aes256", 3135 .fips_allowed = 1, 3136 .test = alg_test_null, 3137 }, { 3138 .alg = "drbg_pr_hmac_sha1", 3139 .fips_allowed = 1, 3140 .test = alg_test_null, 3141 }, { 3142 .alg = "drbg_pr_hmac_sha256", 3143 .test = alg_test_drbg, 3144 .fips_allowed = 1, 3145 .suite = { 3146 .drbg = __VECS(drbg_pr_hmac_sha256_tv_template) 3147 } 3148 }, { 3149 /* covered by drbg_pr_hmac_sha256 test */ 3150 .alg = "drbg_pr_hmac_sha384", 3151 .fips_allowed = 1, 3152 .test = alg_test_null, 3153 }, { 3154 .alg = "drbg_pr_hmac_sha512", 3155 .test = alg_test_null, 3156 .fips_allowed = 1, 3157 }, { 3158 .alg = "drbg_pr_sha1", 3159 .fips_allowed = 1, 3160 .test = alg_test_null, 3161 }, { 3162 .alg = "drbg_pr_sha256", 3163 .test = alg_test_drbg, 3164 .fips_allowed = 1, 3165 .suite = { 3166 .drbg = __VECS(drbg_pr_sha256_tv_template) 3167 } 3168 }, { 3169 /* covered by drbg_pr_sha256 test */ 3170 .alg = "drbg_pr_sha384", 3171 .fips_allowed = 1, 3172 .test = alg_test_null, 3173 }, { 3174 .alg = "drbg_pr_sha512", 3175 .fips_allowed = 1, 3176 .test = alg_test_null, 3177 }, { 3178 .alg = "ecb(aes)", 3179 .test = alg_test_skcipher, 3180 .fips_allowed = 1, 3181 .suite = { 3182 .cipher = __VECS(aes_tv_template) 3183 } 3184 }, { 3185 .alg = "ecb(anubis)", 3186 .test = alg_test_skcipher, 3187 .suite = { 3188 .cipher = __VECS(anubis_tv_template) 3189 } 3190 }, { 3191 .alg = "ecb(arc4)", 3192 .test = alg_test_skcipher, 3193 .suite = { 3194 .cipher = __VECS(arc4_tv_template) 3195 } 3196 }, { 3197 .alg = "ecb(blowfish)", 3198 .test = alg_test_skcipher, 3199 .suite = { 3200 .cipher = __VECS(bf_tv_template) 3201 } 3202 }, { 3203 .alg = "ecb(camellia)", 3204 .test = alg_test_skcipher, 3205 .suite = { 3206 .cipher = __VECS(camellia_tv_template) 3207 } 3208 }, { 3209 .alg = "ecb(cast5)", 3210 .test = alg_test_skcipher, 3211 .suite = { 3212 .cipher = __VECS(cast5_tv_template) 3213 } 3214 }, { 3215 .alg = "ecb(cast6)", 3216 .test = alg_test_skcipher, 3217 .suite = { 3218 .cipher = __VECS(cast6_tv_template) 3219 } 3220 }, { 3221 .alg = "ecb(cipher_null)", 3222 .test = alg_test_null, 3223 .fips_allowed = 1, 3224 }, { 3225 .alg = "ecb(des)", 3226 .test = alg_test_skcipher, 3227 .suite = { 3228 .cipher = __VECS(des_tv_template) 3229 } 3230 }, { 3231 .alg = "ecb(des3_ede)", 3232 .test = alg_test_skcipher, 3233 .fips_allowed = 1, 3234 .suite = { 3235 .cipher = __VECS(des3_ede_tv_template) 3236 } 3237 }, { 3238 .alg = "ecb(fcrypt)", 3239 .test = alg_test_skcipher, 3240 .suite = { 3241 .cipher = { 3242 .vecs = fcrypt_pcbc_tv_template, 3243 .count = 1 3244 } 3245 } 3246 }, { 3247 .alg = "ecb(khazad)", 3248 .test = alg_test_skcipher, 3249 .suite = { 3250 .cipher = __VECS(khazad_tv_template) 3251 } 3252 }, { 3253 /* Same as ecb(aes) except the key is stored in 3254 * hardware secure memory which we reference by index 3255 */ 3256 .alg = "ecb(paes)", 3257 .test = alg_test_null, 3258 .fips_allowed = 1, 3259 }, { 3260 .alg = "ecb(seed)", 3261 .test = alg_test_skcipher, 3262 .suite = { 3263 .cipher = __VECS(seed_tv_template) 3264 } 3265 }, { 3266 .alg = "ecb(serpent)", 3267 .test = alg_test_skcipher, 3268 .suite = { 3269 .cipher = __VECS(serpent_tv_template) 3270 } 3271 }, { 3272 .alg = "ecb(sm4)", 3273 .test = alg_test_skcipher, 3274 .suite = { 3275 .cipher = __VECS(sm4_tv_template) 3276 } 3277 }, { 3278 .alg = "ecb(tea)", 3279 .test = alg_test_skcipher, 3280 .suite = { 3281 .cipher = __VECS(tea_tv_template) 3282 } 3283 }, { 3284 .alg = "ecb(tnepres)", 3285 .test = alg_test_skcipher, 3286 .suite = { 3287 .cipher = __VECS(tnepres_tv_template) 3288 } 3289 }, { 3290 .alg = "ecb(twofish)", 3291 .test = alg_test_skcipher, 3292 .suite = { 3293 .cipher = __VECS(tf_tv_template) 3294 } 3295 }, { 3296 .alg = "ecb(xeta)", 3297 .test = alg_test_skcipher, 3298 .suite = { 3299 .cipher = __VECS(xeta_tv_template) 3300 } 3301 }, { 3302 .alg = "ecb(xtea)", 3303 .test = alg_test_skcipher, 3304 .suite = { 3305 .cipher = __VECS(xtea_tv_template) 3306 } 3307 }, { 3308 .alg = "ecdh", 3309 .test = alg_test_kpp, 3310 .fips_allowed = 1, 3311 .suite = { 3312 .kpp = __VECS(ecdh_tv_template) 3313 } 3314 }, { 3315 .alg = "gcm(aes)", 3316 .test = alg_test_aead, 3317 .fips_allowed = 1, 3318 .suite = { 3319 .aead = __VECS(aes_gcm_tv_template) 3320 } 3321 }, { 3322 .alg = "ghash", 3323 .test = alg_test_hash, 3324 .fips_allowed = 1, 3325 .suite = { 3326 .hash = __VECS(ghash_tv_template) 3327 } 3328 }, { 3329 .alg = "hmac(md5)", 3330 .test = alg_test_hash, 3331 .suite = { 3332 .hash = __VECS(hmac_md5_tv_template) 3333 } 3334 }, { 3335 .alg = "hmac(rmd128)", 3336 .test = alg_test_hash, 3337 .suite = { 3338 .hash = __VECS(hmac_rmd128_tv_template) 3339 } 3340 }, { 3341 .alg = "hmac(rmd160)", 3342 .test = alg_test_hash, 3343 .suite = { 3344 .hash = __VECS(hmac_rmd160_tv_template) 3345 } 3346 }, { 3347 .alg = "hmac(sha1)", 3348 .test = alg_test_hash, 3349 .fips_allowed = 1, 3350 .suite = { 3351 .hash = __VECS(hmac_sha1_tv_template) 3352 } 3353 }, { 3354 .alg = "hmac(sha224)", 3355 .test = alg_test_hash, 3356 .fips_allowed = 1, 3357 .suite = { 3358 .hash = __VECS(hmac_sha224_tv_template) 3359 } 3360 }, { 3361 .alg = "hmac(sha256)", 3362 .test = alg_test_hash, 3363 .fips_allowed = 1, 3364 .suite = { 3365 .hash = __VECS(hmac_sha256_tv_template) 3366 } 3367 }, { 3368 .alg = "hmac(sha3-224)", 3369 .test = alg_test_hash, 3370 .fips_allowed = 1, 3371 .suite = { 3372 .hash = __VECS(hmac_sha3_224_tv_template) 3373 } 3374 }, { 3375 .alg = "hmac(sha3-256)", 3376 .test = alg_test_hash, 3377 .fips_allowed = 1, 3378 .suite = { 3379 .hash = __VECS(hmac_sha3_256_tv_template) 3380 } 3381 }, { 3382 .alg = "hmac(sha3-384)", 3383 .test = alg_test_hash, 3384 .fips_allowed = 1, 3385 .suite = { 3386 .hash = __VECS(hmac_sha3_384_tv_template) 3387 } 3388 }, { 3389 .alg = "hmac(sha3-512)", 3390 .test = alg_test_hash, 3391 .fips_allowed = 1, 3392 .suite = { 3393 .hash = __VECS(hmac_sha3_512_tv_template) 3394 } 3395 }, { 3396 .alg = "hmac(sha384)", 3397 .test = alg_test_hash, 3398 .fips_allowed = 1, 3399 .suite = { 3400 .hash = __VECS(hmac_sha384_tv_template) 3401 } 3402 }, { 3403 .alg = "hmac(sha512)", 3404 .test = alg_test_hash, 3405 .fips_allowed = 1, 3406 .suite = { 3407 .hash = __VECS(hmac_sha512_tv_template) 3408 } 3409 }, { 3410 .alg = "hmac(streebog256)", 3411 .test = alg_test_hash, 3412 .suite = { 3413 .hash = __VECS(hmac_streebog256_tv_template) 3414 } 3415 }, { 3416 .alg = "hmac(streebog512)", 3417 .test = alg_test_hash, 3418 .suite = { 3419 .hash = __VECS(hmac_streebog512_tv_template) 3420 } 3421 }, { 3422 .alg = "jitterentropy_rng", 3423 .fips_allowed = 1, 3424 .test = alg_test_null, 3425 }, { 3426 .alg = "kw(aes)", 3427 .test = alg_test_skcipher, 3428 .fips_allowed = 1, 3429 .suite = { 3430 .cipher = __VECS(aes_kw_tv_template) 3431 } 3432 }, { 3433 .alg = "lrw(aes)", 3434 .test = alg_test_skcipher, 3435 .suite = { 3436 .cipher = __VECS(aes_lrw_tv_template) 3437 } 3438 }, { 3439 .alg = "lrw(camellia)", 3440 .test = alg_test_skcipher, 3441 .suite = { 3442 .cipher = __VECS(camellia_lrw_tv_template) 3443 } 3444 }, { 3445 .alg = "lrw(cast6)", 3446 .test = alg_test_skcipher, 3447 .suite = { 3448 .cipher = __VECS(cast6_lrw_tv_template) 3449 } 3450 }, { 3451 .alg = "lrw(serpent)", 3452 .test = alg_test_skcipher, 3453 .suite = { 3454 .cipher = __VECS(serpent_lrw_tv_template) 3455 } 3456 }, { 3457 .alg = "lrw(twofish)", 3458 .test = alg_test_skcipher, 3459 .suite = { 3460 .cipher = __VECS(tf_lrw_tv_template) 3461 } 3462 }, { 3463 .alg = "lz4", 3464 .test = alg_test_comp, 3465 .fips_allowed = 1, 3466 .suite = { 3467 .comp = { 3468 .comp = __VECS(lz4_comp_tv_template), 3469 .decomp = __VECS(lz4_decomp_tv_template) 3470 } 3471 } 3472 }, { 3473 .alg = "lz4hc", 3474 .test = alg_test_comp, 3475 .fips_allowed = 1, 3476 .suite = { 3477 .comp = { 3478 .comp = __VECS(lz4hc_comp_tv_template), 3479 .decomp = __VECS(lz4hc_decomp_tv_template) 3480 } 3481 } 3482 }, { 3483 .alg = "lzo", 3484 .test = alg_test_comp, 3485 .fips_allowed = 1, 3486 .suite = { 3487 .comp = { 3488 .comp = __VECS(lzo_comp_tv_template), 3489 .decomp = __VECS(lzo_decomp_tv_template) 3490 } 3491 } 3492 }, { 3493 .alg = "md4", 3494 .test = alg_test_hash, 3495 .suite = { 3496 .hash = __VECS(md4_tv_template) 3497 } 3498 }, { 3499 .alg = "md5", 3500 .test = alg_test_hash, 3501 .suite = { 3502 .hash = __VECS(md5_tv_template) 3503 } 3504 }, { 3505 .alg = "michael_mic", 3506 .test = alg_test_hash, 3507 .suite = { 3508 .hash = __VECS(michael_mic_tv_template) 3509 } 3510 }, { 3511 .alg = "morus1280", 3512 .test = alg_test_aead, 3513 .suite = { 3514 .aead = __VECS(morus1280_tv_template) 3515 } 3516 }, { 3517 .alg = "morus640", 3518 .test = alg_test_aead, 3519 .suite = { 3520 .aead = __VECS(morus640_tv_template) 3521 } 3522 }, { 3523 .alg = "nhpoly1305", 3524 .test = alg_test_hash, 3525 .suite = { 3526 .hash = __VECS(nhpoly1305_tv_template) 3527 } 3528 }, { 3529 .alg = "ofb(aes)", 3530 .test = alg_test_skcipher, 3531 .fips_allowed = 1, 3532 .suite = { 3533 .cipher = __VECS(aes_ofb_tv_template) 3534 } 3535 }, { 3536 /* Same as ofb(aes) except the key is stored in 3537 * hardware secure memory which we reference by index 3538 */ 3539 .alg = "ofb(paes)", 3540 .test = alg_test_null, 3541 .fips_allowed = 1, 3542 }, { 3543 .alg = "pcbc(fcrypt)", 3544 .test = alg_test_skcipher, 3545 .suite = { 3546 .cipher = __VECS(fcrypt_pcbc_tv_template) 3547 } 3548 }, { 3549 .alg = "pkcs1pad(rsa,sha224)", 3550 .test = alg_test_null, 3551 .fips_allowed = 1, 3552 }, { 3553 .alg = "pkcs1pad(rsa,sha256)", 3554 .test = alg_test_akcipher, 3555 .fips_allowed = 1, 3556 .suite = { 3557 .akcipher = __VECS(pkcs1pad_rsa_tv_template) 3558 } 3559 }, { 3560 .alg = "pkcs1pad(rsa,sha384)", 3561 .test = alg_test_null, 3562 .fips_allowed = 1, 3563 }, { 3564 .alg = "pkcs1pad(rsa,sha512)", 3565 .test = alg_test_null, 3566 .fips_allowed = 1, 3567 }, { 3568 .alg = "poly1305", 3569 .test = alg_test_hash, 3570 .suite = { 3571 .hash = __VECS(poly1305_tv_template) 3572 } 3573 }, { 3574 .alg = "rfc3686(ctr(aes))", 3575 .test = alg_test_skcipher, 3576 .fips_allowed = 1, 3577 .suite = { 3578 .cipher = __VECS(aes_ctr_rfc3686_tv_template) 3579 } 3580 }, { 3581 .alg = "rfc4106(gcm(aes))", 3582 .test = alg_test_aead, 3583 .fips_allowed = 1, 3584 .suite = { 3585 .aead = __VECS(aes_gcm_rfc4106_tv_template) 3586 } 3587 }, { 3588 .alg = "rfc4309(ccm(aes))", 3589 .test = alg_test_aead, 3590 .fips_allowed = 1, 3591 .suite = { 3592 .aead = __VECS(aes_ccm_rfc4309_tv_template) 3593 } 3594 }, { 3595 .alg = "rfc4543(gcm(aes))", 3596 .test = alg_test_aead, 3597 .suite = { 3598 .aead = __VECS(aes_gcm_rfc4543_tv_template) 3599 } 3600 }, { 3601 .alg = "rfc7539(chacha20,poly1305)", 3602 .test = alg_test_aead, 3603 .suite = { 3604 .aead = __VECS(rfc7539_tv_template) 3605 } 3606 }, { 3607 .alg = "rfc7539esp(chacha20,poly1305)", 3608 .test = alg_test_aead, 3609 .suite = { 3610 .aead = __VECS(rfc7539esp_tv_template) 3611 } 3612 }, { 3613 .alg = "rmd128", 3614 .test = alg_test_hash, 3615 .suite = { 3616 .hash = __VECS(rmd128_tv_template) 3617 } 3618 }, { 3619 .alg = "rmd160", 3620 .test = alg_test_hash, 3621 .suite = { 3622 .hash = __VECS(rmd160_tv_template) 3623 } 3624 }, { 3625 .alg = "rmd256", 3626 .test = alg_test_hash, 3627 .suite = { 3628 .hash = __VECS(rmd256_tv_template) 3629 } 3630 }, { 3631 .alg = "rmd320", 3632 .test = alg_test_hash, 3633 .suite = { 3634 .hash = __VECS(rmd320_tv_template) 3635 } 3636 }, { 3637 .alg = "rsa", 3638 .test = alg_test_akcipher, 3639 .fips_allowed = 1, 3640 .suite = { 3641 .akcipher = __VECS(rsa_tv_template) 3642 } 3643 }, { 3644 .alg = "salsa20", 3645 .test = alg_test_skcipher, 3646 .suite = { 3647 .cipher = __VECS(salsa20_stream_tv_template) 3648 } 3649 }, { 3650 .alg = "sha1", 3651 .test = alg_test_hash, 3652 .fips_allowed = 1, 3653 .suite = { 3654 .hash = __VECS(sha1_tv_template) 3655 } 3656 }, { 3657 .alg = "sha224", 3658 .test = alg_test_hash, 3659 .fips_allowed = 1, 3660 .suite = { 3661 .hash = __VECS(sha224_tv_template) 3662 } 3663 }, { 3664 .alg = "sha256", 3665 .test = alg_test_hash, 3666 .fips_allowed = 1, 3667 .suite = { 3668 .hash = __VECS(sha256_tv_template) 3669 } 3670 }, { 3671 .alg = "sha3-224", 3672 .test = alg_test_hash, 3673 .fips_allowed = 1, 3674 .suite = { 3675 .hash = __VECS(sha3_224_tv_template) 3676 } 3677 }, { 3678 .alg = "sha3-256", 3679 .test = alg_test_hash, 3680 .fips_allowed = 1, 3681 .suite = { 3682 .hash = __VECS(sha3_256_tv_template) 3683 } 3684 }, { 3685 .alg = "sha3-384", 3686 .test = alg_test_hash, 3687 .fips_allowed = 1, 3688 .suite = { 3689 .hash = __VECS(sha3_384_tv_template) 3690 } 3691 }, { 3692 .alg = "sha3-512", 3693 .test = alg_test_hash, 3694 .fips_allowed = 1, 3695 .suite = { 3696 .hash = __VECS(sha3_512_tv_template) 3697 } 3698 }, { 3699 .alg = "sha384", 3700 .test = alg_test_hash, 3701 .fips_allowed = 1, 3702 .suite = { 3703 .hash = __VECS(sha384_tv_template) 3704 } 3705 }, { 3706 .alg = "sha512", 3707 .test = alg_test_hash, 3708 .fips_allowed = 1, 3709 .suite = { 3710 .hash = __VECS(sha512_tv_template) 3711 } 3712 }, { 3713 .alg = "sm3", 3714 .test = alg_test_hash, 3715 .suite = { 3716 .hash = __VECS(sm3_tv_template) 3717 } 3718 }, { 3719 .alg = "streebog256", 3720 .test = alg_test_hash, 3721 .suite = { 3722 .hash = __VECS(streebog256_tv_template) 3723 } 3724 }, { 3725 .alg = "streebog512", 3726 .test = alg_test_hash, 3727 .suite = { 3728 .hash = __VECS(streebog512_tv_template) 3729 } 3730 }, { 3731 .alg = "tgr128", 3732 .test = alg_test_hash, 3733 .suite = { 3734 .hash = __VECS(tgr128_tv_template) 3735 } 3736 }, { 3737 .alg = "tgr160", 3738 .test = alg_test_hash, 3739 .suite = { 3740 .hash = __VECS(tgr160_tv_template) 3741 } 3742 }, { 3743 .alg = "tgr192", 3744 .test = alg_test_hash, 3745 .suite = { 3746 .hash = __VECS(tgr192_tv_template) 3747 } 3748 }, { 3749 .alg = "vmac64(aes)", 3750 .test = alg_test_hash, 3751 .suite = { 3752 .hash = __VECS(vmac64_aes_tv_template) 3753 } 3754 }, { 3755 .alg = "wp256", 3756 .test = alg_test_hash, 3757 .suite = { 3758 .hash = __VECS(wp256_tv_template) 3759 } 3760 }, { 3761 .alg = "wp384", 3762 .test = alg_test_hash, 3763 .suite = { 3764 .hash = __VECS(wp384_tv_template) 3765 } 3766 }, { 3767 .alg = "wp512", 3768 .test = alg_test_hash, 3769 .suite = { 3770 .hash = __VECS(wp512_tv_template) 3771 } 3772 }, { 3773 .alg = "xcbc(aes)", 3774 .test = alg_test_hash, 3775 .suite = { 3776 .hash = __VECS(aes_xcbc128_tv_template) 3777 } 3778 }, { 3779 .alg = "xchacha12", 3780 .test = alg_test_skcipher, 3781 .suite = { 3782 .cipher = __VECS(xchacha12_tv_template) 3783 }, 3784 }, { 3785 .alg = "xchacha20", 3786 .test = alg_test_skcipher, 3787 .suite = { 3788 .cipher = __VECS(xchacha20_tv_template) 3789 }, 3790 }, { 3791 .alg = "xts(aes)", 3792 .test = alg_test_skcipher, 3793 .fips_allowed = 1, 3794 .suite = { 3795 .cipher = __VECS(aes_xts_tv_template) 3796 } 3797 }, { 3798 .alg = "xts(camellia)", 3799 .test = alg_test_skcipher, 3800 .suite = { 3801 .cipher = __VECS(camellia_xts_tv_template) 3802 } 3803 }, { 3804 .alg = "xts(cast6)", 3805 .test = alg_test_skcipher, 3806 .suite = { 3807 .cipher = __VECS(cast6_xts_tv_template) 3808 } 3809 }, { 3810 /* Same as xts(aes) except the key is stored in 3811 * hardware secure memory which we reference by index 3812 */ 3813 .alg = "xts(paes)", 3814 .test = alg_test_null, 3815 .fips_allowed = 1, 3816 }, { 3817 .alg = "xts(serpent)", 3818 .test = alg_test_skcipher, 3819 .suite = { 3820 .cipher = __VECS(serpent_xts_tv_template) 3821 } 3822 }, { 3823 .alg = "xts(twofish)", 3824 .test = alg_test_skcipher, 3825 .suite = { 3826 .cipher = __VECS(tf_xts_tv_template) 3827 } 3828 }, { 3829 .alg = "xts4096(paes)", 3830 .test = alg_test_null, 3831 .fips_allowed = 1, 3832 }, { 3833 .alg = "xts512(paes)", 3834 .test = alg_test_null, 3835 .fips_allowed = 1, 3836 }, { 3837 .alg = "zlib-deflate", 3838 .test = alg_test_comp, 3839 .fips_allowed = 1, 3840 .suite = { 3841 .comp = { 3842 .comp = __VECS(zlib_deflate_comp_tv_template), 3843 .decomp = __VECS(zlib_deflate_decomp_tv_template) 3844 } 3845 } 3846 }, { 3847 .alg = "zstd", 3848 .test = alg_test_comp, 3849 .fips_allowed = 1, 3850 .suite = { 3851 .comp = { 3852 .comp = __VECS(zstd_comp_tv_template), 3853 .decomp = __VECS(zstd_decomp_tv_template) 3854 } 3855 } 3856 } 3857 }; 3858 3859 static void alg_check_test_descs_order(void) 3860 { 3861 int i; 3862 3863 for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) { 3864 int diff = strcmp(alg_test_descs[i - 1].alg, 3865 alg_test_descs[i].alg); 3866 3867 if (WARN_ON(diff > 0)) { 3868 pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n", 3869 alg_test_descs[i - 1].alg, 3870 alg_test_descs[i].alg); 3871 } 3872 3873 if (WARN_ON(diff == 0)) { 3874 pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n", 3875 alg_test_descs[i].alg); 3876 } 3877 } 3878 } 3879 3880 static void alg_check_testvec_configs(void) 3881 { 3882 int i; 3883 3884 for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) 3885 WARN_ON(!valid_testvec_config( 3886 &default_cipher_testvec_configs[i])); 3887 3888 for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++) 3889 WARN_ON(!valid_testvec_config( 3890 &default_hash_testvec_configs[i])); 3891 } 3892 3893 static void testmgr_onetime_init(void) 3894 { 3895 alg_check_test_descs_order(); 3896 alg_check_testvec_configs(); 3897 3898 #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS 3899 pr_warn("alg: extra crypto tests enabled. This is intended for developer use only.\n"); 3900 #endif 3901 } 3902 3903 static int alg_find_test(const char *alg) 3904 { 3905 int start = 0; 3906 int end = ARRAY_SIZE(alg_test_descs); 3907 3908 while (start < end) { 3909 int i = (start + end) / 2; 3910 int diff = strcmp(alg_test_descs[i].alg, alg); 3911 3912 if (diff > 0) { 3913 end = i; 3914 continue; 3915 } 3916 3917 if (diff < 0) { 3918 start = i + 1; 3919 continue; 3920 } 3921 3922 return i; 3923 } 3924 3925 return -1; 3926 } 3927 3928 int alg_test(const char *driver, const char *alg, u32 type, u32 mask) 3929 { 3930 int i; 3931 int j; 3932 int rc; 3933 3934 if (!fips_enabled && notests) { 3935 printk_once(KERN_INFO "alg: self-tests disabled\n"); 3936 return 0; 3937 } 3938 3939 DO_ONCE(testmgr_onetime_init); 3940 3941 if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) { 3942 char nalg[CRYPTO_MAX_ALG_NAME]; 3943 3944 if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >= 3945 sizeof(nalg)) 3946 return -ENAMETOOLONG; 3947 3948 i = alg_find_test(nalg); 3949 if (i < 0) 3950 goto notest; 3951 3952 if (fips_enabled && !alg_test_descs[i].fips_allowed) 3953 goto non_fips_alg; 3954 3955 rc = alg_test_cipher(alg_test_descs + i, driver, type, mask); 3956 goto test_done; 3957 } 3958 3959 i = alg_find_test(alg); 3960 j = alg_find_test(driver); 3961 if (i < 0 && j < 0) 3962 goto notest; 3963 3964 if (fips_enabled && ((i >= 0 && !alg_test_descs[i].fips_allowed) || 3965 (j >= 0 && !alg_test_descs[j].fips_allowed))) 3966 goto non_fips_alg; 3967 3968 rc = 0; 3969 if (i >= 0) 3970 rc |= alg_test_descs[i].test(alg_test_descs + i, driver, 3971 type, mask); 3972 if (j >= 0 && j != i) 3973 rc |= alg_test_descs[j].test(alg_test_descs + j, driver, 3974 type, mask); 3975 3976 test_done: 3977 if (fips_enabled && rc) 3978 panic("%s: %s alg self test failed in fips mode!\n", driver, alg); 3979 3980 if (fips_enabled && !rc) 3981 pr_info("alg: self-tests for %s (%s) passed\n", driver, alg); 3982 3983 return rc; 3984 3985 notest: 3986 printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver); 3987 return 0; 3988 non_fips_alg: 3989 return -EINVAL; 3990 } 3991 3992 #endif /* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS */ 3993 3994 EXPORT_SYMBOL_GPL(alg_test); 3995