testmgr.c 150 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734473547364737473847394740474147424743474447454746474747484749475047514752475347544755475647574758475947604761476247634764476547664767476847694770477147724773477447754776477747784779478047814782478347844785478647874788478947904791479247934794479547964797479847994800480148024803480448054806480748084809481048114812481348144815481648174818481948204821482248234824482548264827482848294830483148324833483448354836483748384839484048414842484348444845484648474848484948504851485248534854485548564857485848594860486148624863486448654866486748684869487048714872487348744875487648774878487948804881488248834884488548864887488848894890489148924893489448954896489748984899490049014902490349044905490649074908490949104911491249134914491549164917491849194920492149224923492449254926492749284929493049314932493349344935493649374938493949404941494249434944494549464947494849494950495149524953495449554956495749584959496049614962496349644965496649674968496949704971497249734974497549764977497849794980498149824983498449854986498749884989499049914992499349944995499649974998499950005001500250035004500550065007500850095010501150125013501450155016501750185019502050215022502350245025502650275028502950305031503250335034503550365037503850395040504150425043504450455046504750485049505050515052505350545055505650575058505950605061506250635064506550665067506850695070507150725073507450755076507750785079508050815082508350845085508650875088508950905091509250935094509550965097509850995100510151025103510451055106510751085109511051115112511351145115511651175118511951205121512251235124512551265127512851295130513151325133513451355136513751385139514051415142514351445145514651475148514951505151515251535154515551565157515851595160516151625163516451655166516751685169517051715172517351745175517651775178517951805181518251835184518551865187518851895190519151925193519451955196519751985199520052015202520352045205520652075208520952105211521252135214521552165217521852195220522152225223522452255226522752285229523052315232523352345235523652375238523952405241524252435244524552465247524852495250525152525253525452555256525752585259526052615262526352645265526652675268526952705271527252735274527552765277527852795280528152825283528452855286528752885289529052915292529352945295529652975298529953005301530253035304530553065307530853095310531153125313531453155316531753185319532053215322532353245325532653275328532953305331533253335334533553365337533853395340534153425343534453455346534753485349535053515352535353545355535653575358535953605361536253635364536553665367536853695370537153725373537453755376537753785379538053815382538353845385538653875388538953905391539253935394539553965397539853995400540154025403540454055406540754085409541054115412541354145415541654175418541954205421542254235424542554265427542854295430543154325433543454355436543754385439544054415442544354445445544654475448544954505451545254535454545554565457545854595460546154625463546454655466546754685469547054715472547354745475547654775478547954805481548254835484548554865487548854895490549154925493549454955496549754985499550055015502550355045505550655075508550955105511551255135514551555165517551855195520552155225523552455255526552755285529553055315532553355345535553655375538553955405541554255435544554555465547554855495550555155525553555455555556555755585559556055615562556355645565556655675568556955705571557255735574557555765577557855795580558155825583558455855586558755885589559055915592559355945595559655975598559956005601560256035604560556065607560856095610561156125613561456155616561756185619562056215622562356245625562656275628562956305631563256335634563556365637563856395640564156425643564456455646564756485649565056515652565356545655565656575658565956605661566256635664566556665667566856695670567156725673567456755676567756785679568056815682568356845685568656875688568956905691569256935694569556965697569856995700570157025703570457055706570757085709571057115712571357145715571657175718571957205721572257235724572557265727572857295730573157325733573457355736573757385739574057415742574357445745574657475748574957505751575257535754575557565757575857595760576157625763576457655766576757685769577057715772577357745775577657775778577957805781578257835784578557865787578857895790579157925793579457955796579757985799580058015802580358045805580658075808
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*
  3. * Algorithm testing framework and tests.
  4. *
  5. * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
  6. * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
  7. * Copyright (c) 2007 Nokia Siemens Networks
  8. * Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
  9. * Copyright (c) 2019 Google LLC
  10. *
  11. * Updated RFC4106 AES-GCM testing.
  12. * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com)
  13. * Adrian Hoban <adrian.hoban@intel.com>
  14. * Gabriele Paoloni <gabriele.paoloni@intel.com>
  15. * Tadeusz Struk (tadeusz.struk@intel.com)
  16. * Copyright (c) 2010, Intel Corporation.
  17. */
  18. #include <crypto/aead.h>
  19. #include <crypto/hash.h>
  20. #include <crypto/skcipher.h>
  21. #include <linux/err.h>
  22. #include <linux/fips.h>
  23. #include <linux/module.h>
  24. #include <linux/once.h>
  25. #include <linux/prandom.h>
  26. #include <linux/scatterlist.h>
  27. #include <linux/slab.h>
  28. #include <linux/string.h>
  29. #include <linux/uio.h>
  30. #include <crypto/rng.h>
  31. #include <crypto/drbg.h>
  32. #include <crypto/akcipher.h>
  33. #include <crypto/kpp.h>
  34. #include <crypto/acompress.h>
  35. #include <crypto/sig.h>
  36. #include <crypto/internal/cipher.h>
  37. #include <crypto/internal/simd.h>
  38. #include "internal.h"
  39. MODULE_IMPORT_NS("CRYPTO_INTERNAL");
  40. static bool notests;
  41. module_param(notests, bool, 0644);
  42. MODULE_PARM_DESC(notests, "disable all crypto self-tests");
  43. #ifdef CONFIG_CRYPTO_SELFTESTS_FULL
  44. static bool noslowtests;
  45. module_param(noslowtests, bool, 0644);
  46. MODULE_PARM_DESC(noslowtests, "disable slow crypto self-tests");
  47. static unsigned int fuzz_iterations = 100;
  48. module_param(fuzz_iterations, uint, 0644);
  49. MODULE_PARM_DESC(fuzz_iterations, "number of fuzz test iterations");
  50. #else
  51. #define noslowtests 1
  52. #define fuzz_iterations 0
  53. #endif
  54. #ifndef CONFIG_CRYPTO_SELFTESTS
  55. /* a perfect nop */
  56. int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
  57. {
  58. return 0;
  59. }
  60. #else
  61. #include "testmgr.h"
  62. /*
  63. * Need slab memory for testing (size in number of pages).
  64. */
  65. #define XBUFSIZE 8
  66. /*
  67. * Used by test_cipher()
  68. */
  69. #define ENCRYPT 1
  70. #define DECRYPT 0
  71. struct aead_test_suite {
  72. const struct aead_testvec *vecs;
  73. unsigned int count;
  74. /*
  75. * Set if trying to decrypt an inauthentic ciphertext with this
  76. * algorithm might result in EINVAL rather than EBADMSG, due to other
  77. * validation the algorithm does on the inputs such as length checks.
  78. */
  79. unsigned int einval_allowed : 1;
  80. /*
  81. * Set if this algorithm requires that the IV be located at the end of
  82. * the AAD buffer, in addition to being given in the normal way. The
  83. * behavior when the two IV copies differ is implementation-defined.
  84. */
  85. unsigned int aad_iv : 1;
  86. };
  87. struct cipher_test_suite {
  88. const struct cipher_testvec *vecs;
  89. unsigned int count;
  90. };
  91. struct comp_test_suite {
  92. struct {
  93. const struct comp_testvec *vecs;
  94. unsigned int count;
  95. } comp, decomp;
  96. };
  97. struct hash_test_suite {
  98. const struct hash_testvec *vecs;
  99. unsigned int count;
  100. };
  101. struct drbg_test_suite {
  102. const struct drbg_testvec *vecs;
  103. unsigned int count;
  104. };
  105. struct akcipher_test_suite {
  106. const struct akcipher_testvec *vecs;
  107. unsigned int count;
  108. };
  109. struct sig_test_suite {
  110. const struct sig_testvec *vecs;
  111. unsigned int count;
  112. };
  113. struct kpp_test_suite {
  114. const struct kpp_testvec *vecs;
  115. unsigned int count;
  116. };
  117. struct alg_test_desc {
  118. const char *alg;
  119. const char *generic_driver;
  120. int (*test)(const struct alg_test_desc *desc, const char *driver,
  121. u32 type, u32 mask);
  122. int fips_allowed; /* set if alg is allowed in fips mode */
  123. union {
  124. struct aead_test_suite aead;
  125. struct cipher_test_suite cipher;
  126. struct comp_test_suite comp;
  127. struct hash_test_suite hash;
  128. struct drbg_test_suite drbg;
  129. struct akcipher_test_suite akcipher;
  130. struct sig_test_suite sig;
  131. struct kpp_test_suite kpp;
  132. } suite;
  133. };
  134. static void hexdump(unsigned char *buf, unsigned int len)
  135. {
  136. print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
  137. 16, 1,
  138. buf, len, false);
  139. }
  140. static int __testmgr_alloc_buf(char *buf[XBUFSIZE], int order)
  141. {
  142. int i;
  143. for (i = 0; i < XBUFSIZE; i++) {
  144. buf[i] = (char *)__get_free_pages(GFP_KERNEL, order);
  145. if (!buf[i])
  146. goto err_free_buf;
  147. }
  148. return 0;
  149. err_free_buf:
  150. while (i-- > 0)
  151. free_pages((unsigned long)buf[i], order);
  152. return -ENOMEM;
  153. }
  154. static int testmgr_alloc_buf(char *buf[XBUFSIZE])
  155. {
  156. return __testmgr_alloc_buf(buf, 0);
  157. }
  158. static void __testmgr_free_buf(char *buf[XBUFSIZE], int order)
  159. {
  160. int i;
  161. for (i = 0; i < XBUFSIZE; i++)
  162. free_pages((unsigned long)buf[i], order);
  163. }
  164. static void testmgr_free_buf(char *buf[XBUFSIZE])
  165. {
  166. __testmgr_free_buf(buf, 0);
  167. }
  168. #define TESTMGR_POISON_BYTE 0xfe
  169. #define TESTMGR_POISON_LEN 16
  170. static inline void testmgr_poison(void *addr, size_t len)
  171. {
  172. memset(addr, TESTMGR_POISON_BYTE, len);
  173. }
  174. /* Is the memory region still fully poisoned? */
  175. static inline bool testmgr_is_poison(const void *addr, size_t len)
  176. {
  177. return memchr_inv(addr, TESTMGR_POISON_BYTE, len) == NULL;
  178. }
  179. /* flush type for hash algorithms */
  180. enum flush_type {
  181. /* merge with update of previous buffer(s) */
  182. FLUSH_TYPE_NONE = 0,
  183. /* update with previous buffer(s) before doing this one */
  184. FLUSH_TYPE_FLUSH,
  185. /* likewise, but also export and re-import the intermediate state */
  186. FLUSH_TYPE_REIMPORT,
  187. };
  188. /* finalization function for hash algorithms */
  189. enum finalization_type {
  190. FINALIZATION_TYPE_FINAL, /* use final() */
  191. FINALIZATION_TYPE_FINUP, /* use finup() */
  192. FINALIZATION_TYPE_DIGEST, /* use digest() */
  193. };
  194. /*
  195. * Whether the crypto operation will occur in-place, and if so whether the
  196. * source and destination scatterlist pointers will coincide (req->src ==
  197. * req->dst), or whether they'll merely point to two separate scatterlists
  198. * (req->src != req->dst) that reference the same underlying memory.
  199. *
  200. * This is only relevant for algorithm types that support in-place operation.
  201. */
  202. enum inplace_mode {
  203. OUT_OF_PLACE,
  204. INPLACE_ONE_SGLIST,
  205. INPLACE_TWO_SGLISTS,
  206. };
  207. #define TEST_SG_TOTAL 10000
  208. /**
  209. * struct test_sg_division - description of a scatterlist entry
  210. *
  211. * This struct describes one entry of a scatterlist being constructed to check a
  212. * crypto test vector.
  213. *
  214. * @proportion_of_total: length of this chunk relative to the total length,
  215. * given as a proportion out of TEST_SG_TOTAL so that it
  216. * scales to fit any test vector
  217. * @offset: byte offset into a 2-page buffer at which this chunk will start
  218. * @offset_relative_to_alignmask: if true, add the algorithm's alignmask to the
  219. * @offset
  220. * @flush_type: for hashes, whether an update() should be done now vs.
  221. * continuing to accumulate data
  222. * @nosimd: if doing the pending update(), do it with SIMD disabled?
  223. */
  224. struct test_sg_division {
  225. unsigned int proportion_of_total;
  226. unsigned int offset;
  227. bool offset_relative_to_alignmask;
  228. enum flush_type flush_type;
  229. bool nosimd;
  230. };
  231. /**
  232. * struct testvec_config - configuration for testing a crypto test vector
  233. *
  234. * This struct describes the data layout and other parameters with which each
  235. * crypto test vector can be tested.
  236. *
  237. * @name: name of this config, logged for debugging purposes if a test fails
  238. * @inplace_mode: whether and how to operate on the data in-place, if applicable
  239. * @req_flags: extra request_flags, e.g. CRYPTO_TFM_REQ_MAY_SLEEP
  240. * @src_divs: description of how to arrange the source scatterlist
  241. * @dst_divs: description of how to arrange the dst scatterlist, if applicable
  242. * for the algorithm type. Defaults to @src_divs if unset.
  243. * @iv_offset: misalignment of the IV in the range [0..MAX_ALGAPI_ALIGNMASK+1],
  244. * where 0 is aligned to a 2*(MAX_ALGAPI_ALIGNMASK+1) byte boundary
  245. * @iv_offset_relative_to_alignmask: if true, add the algorithm's alignmask to
  246. * the @iv_offset
  247. * @key_offset: misalignment of the key, where 0 is default alignment
  248. * @key_offset_relative_to_alignmask: if true, add the algorithm's alignmask to
  249. * the @key_offset
  250. * @finalization_type: what finalization function to use for hashes
  251. * @nosimd: execute with SIMD disabled? Requires !CRYPTO_TFM_REQ_MAY_SLEEP.
  252. * This applies to the parts of the operation that aren't controlled
  253. * individually by @nosimd_setkey or @src_divs[].nosimd.
  254. * @nosimd_setkey: set the key (if applicable) with SIMD disabled? Requires
  255. * !CRYPTO_TFM_REQ_MAY_SLEEP.
  256. */
  257. struct testvec_config {
  258. const char *name;
  259. enum inplace_mode inplace_mode;
  260. u32 req_flags;
  261. struct test_sg_division src_divs[XBUFSIZE];
  262. struct test_sg_division dst_divs[XBUFSIZE];
  263. unsigned int iv_offset;
  264. unsigned int key_offset;
  265. bool iv_offset_relative_to_alignmask;
  266. bool key_offset_relative_to_alignmask;
  267. enum finalization_type finalization_type;
  268. bool nosimd;
  269. bool nosimd_setkey;
  270. };
  271. #define TESTVEC_CONFIG_NAMELEN 192
  272. /*
  273. * The following are the lists of testvec_configs to test for each algorithm
  274. * type when the "fast" crypto self-tests are enabled. They aim to provide good
  275. * test coverage, while keeping the test time much shorter than the "full" tests
  276. * so that the "fast" tests can be enabled in a wider range of circumstances.
  277. */
  278. /* Configs for skciphers and aeads */
  279. static const struct testvec_config default_cipher_testvec_configs[] = {
  280. {
  281. .name = "in-place (one sglist)",
  282. .inplace_mode = INPLACE_ONE_SGLIST,
  283. .src_divs = { { .proportion_of_total = 10000 } },
  284. }, {
  285. .name = "in-place (two sglists)",
  286. .inplace_mode = INPLACE_TWO_SGLISTS,
  287. .src_divs = { { .proportion_of_total = 10000 } },
  288. }, {
  289. .name = "out-of-place",
  290. .inplace_mode = OUT_OF_PLACE,
  291. .src_divs = { { .proportion_of_total = 10000 } },
  292. }, {
  293. .name = "unaligned buffer, offset=1",
  294. .src_divs = { { .proportion_of_total = 10000, .offset = 1 } },
  295. .iv_offset = 1,
  296. .key_offset = 1,
  297. }, {
  298. .name = "buffer aligned only to alignmask",
  299. .src_divs = {
  300. {
  301. .proportion_of_total = 10000,
  302. .offset = 1,
  303. .offset_relative_to_alignmask = true,
  304. },
  305. },
  306. .iv_offset = 1,
  307. .iv_offset_relative_to_alignmask = true,
  308. .key_offset = 1,
  309. .key_offset_relative_to_alignmask = true,
  310. }, {
  311. .name = "two even aligned splits",
  312. .src_divs = {
  313. { .proportion_of_total = 5000 },
  314. { .proportion_of_total = 5000 },
  315. },
  316. }, {
  317. .name = "one src, two even splits dst",
  318. .inplace_mode = OUT_OF_PLACE,
  319. .src_divs = { { .proportion_of_total = 10000 } },
  320. .dst_divs = {
  321. { .proportion_of_total = 5000 },
  322. { .proportion_of_total = 5000 },
  323. },
  324. }, {
  325. .name = "uneven misaligned splits, may sleep",
  326. .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP,
  327. .src_divs = {
  328. { .proportion_of_total = 1900, .offset = 33 },
  329. { .proportion_of_total = 3300, .offset = 7 },
  330. { .proportion_of_total = 4800, .offset = 18 },
  331. },
  332. .iv_offset = 3,
  333. .key_offset = 3,
  334. }, {
  335. .name = "misaligned splits crossing pages, inplace",
  336. .inplace_mode = INPLACE_ONE_SGLIST,
  337. .src_divs = {
  338. {
  339. .proportion_of_total = 7500,
  340. .offset = PAGE_SIZE - 32
  341. }, {
  342. .proportion_of_total = 2500,
  343. .offset = PAGE_SIZE - 7
  344. },
  345. },
  346. }
  347. };
  348. static const struct testvec_config default_hash_testvec_configs[] = {
  349. {
  350. .name = "init+update+final aligned buffer",
  351. .src_divs = { { .proportion_of_total = 10000 } },
  352. .finalization_type = FINALIZATION_TYPE_FINAL,
  353. }, {
  354. .name = "init+finup aligned buffer",
  355. .src_divs = { { .proportion_of_total = 10000 } },
  356. .finalization_type = FINALIZATION_TYPE_FINUP,
  357. }, {
  358. .name = "digest aligned buffer",
  359. .src_divs = { { .proportion_of_total = 10000 } },
  360. .finalization_type = FINALIZATION_TYPE_DIGEST,
  361. }, {
  362. .name = "init+update+final misaligned buffer",
  363. .src_divs = { { .proportion_of_total = 10000, .offset = 1 } },
  364. .finalization_type = FINALIZATION_TYPE_FINAL,
  365. .key_offset = 1,
  366. }, {
  367. .name = "digest misaligned buffer",
  368. .src_divs = {
  369. {
  370. .proportion_of_total = 10000,
  371. .offset = 1,
  372. },
  373. },
  374. .finalization_type = FINALIZATION_TYPE_DIGEST,
  375. .key_offset = 1,
  376. }, {
  377. .name = "init+update+update+final two even splits",
  378. .src_divs = {
  379. { .proportion_of_total = 5000 },
  380. {
  381. .proportion_of_total = 5000,
  382. .flush_type = FLUSH_TYPE_FLUSH,
  383. },
  384. },
  385. .finalization_type = FINALIZATION_TYPE_FINAL,
  386. }, {
  387. .name = "digest uneven misaligned splits, may sleep",
  388. .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP,
  389. .src_divs = {
  390. { .proportion_of_total = 1900, .offset = 33 },
  391. { .proportion_of_total = 3300, .offset = 7 },
  392. { .proportion_of_total = 4800, .offset = 18 },
  393. },
  394. .finalization_type = FINALIZATION_TYPE_DIGEST,
  395. }, {
  396. .name = "digest misaligned splits crossing pages",
  397. .src_divs = {
  398. {
  399. .proportion_of_total = 7500,
  400. .offset = PAGE_SIZE - 32,
  401. }, {
  402. .proportion_of_total = 2500,
  403. .offset = PAGE_SIZE - 7,
  404. },
  405. },
  406. .finalization_type = FINALIZATION_TYPE_DIGEST,
  407. }, {
  408. .name = "import/export",
  409. .src_divs = {
  410. {
  411. .proportion_of_total = 6500,
  412. .flush_type = FLUSH_TYPE_REIMPORT,
  413. }, {
  414. .proportion_of_total = 3500,
  415. .flush_type = FLUSH_TYPE_REIMPORT,
  416. },
  417. },
  418. .finalization_type = FINALIZATION_TYPE_FINAL,
  419. }
  420. };
  421. static unsigned int count_test_sg_divisions(const struct test_sg_division *divs)
  422. {
  423. unsigned int remaining = TEST_SG_TOTAL;
  424. unsigned int ndivs = 0;
  425. do {
  426. remaining -= divs[ndivs++].proportion_of_total;
  427. } while (remaining);
  428. return ndivs;
  429. }
  430. #define SGDIVS_HAVE_FLUSHES BIT(0)
  431. #define SGDIVS_HAVE_NOSIMD BIT(1)
  432. static bool valid_sg_divisions(const struct test_sg_division *divs,
  433. unsigned int count, int *flags_ret)
  434. {
  435. unsigned int total = 0;
  436. unsigned int i;
  437. for (i = 0; i < count && total != TEST_SG_TOTAL; i++) {
  438. if (divs[i].proportion_of_total <= 0 ||
  439. divs[i].proportion_of_total > TEST_SG_TOTAL - total)
  440. return false;
  441. total += divs[i].proportion_of_total;
  442. if (divs[i].flush_type != FLUSH_TYPE_NONE)
  443. *flags_ret |= SGDIVS_HAVE_FLUSHES;
  444. if (divs[i].nosimd)
  445. *flags_ret |= SGDIVS_HAVE_NOSIMD;
  446. }
  447. return total == TEST_SG_TOTAL &&
  448. memchr_inv(&divs[i], 0, (count - i) * sizeof(divs[0])) == NULL;
  449. }
  450. /*
  451. * Check whether the given testvec_config is valid. This isn't strictly needed
  452. * since every testvec_config should be valid, but check anyway so that people
  453. * don't unknowingly add broken configs that don't do what they wanted.
  454. */
  455. static bool valid_testvec_config(const struct testvec_config *cfg)
  456. {
  457. int flags = 0;
  458. if (cfg->name == NULL)
  459. return false;
  460. if (!valid_sg_divisions(cfg->src_divs, ARRAY_SIZE(cfg->src_divs),
  461. &flags))
  462. return false;
  463. if (cfg->dst_divs[0].proportion_of_total) {
  464. if (!valid_sg_divisions(cfg->dst_divs,
  465. ARRAY_SIZE(cfg->dst_divs), &flags))
  466. return false;
  467. } else {
  468. if (memchr_inv(cfg->dst_divs, 0, sizeof(cfg->dst_divs)))
  469. return false;
  470. /* defaults to dst_divs=src_divs */
  471. }
  472. if (cfg->iv_offset +
  473. (cfg->iv_offset_relative_to_alignmask ? MAX_ALGAPI_ALIGNMASK : 0) >
  474. MAX_ALGAPI_ALIGNMASK + 1)
  475. return false;
  476. if ((flags & (SGDIVS_HAVE_FLUSHES | SGDIVS_HAVE_NOSIMD)) &&
  477. cfg->finalization_type == FINALIZATION_TYPE_DIGEST)
  478. return false;
  479. if ((cfg->nosimd || cfg->nosimd_setkey ||
  480. (flags & SGDIVS_HAVE_NOSIMD)) &&
  481. (cfg->req_flags & CRYPTO_TFM_REQ_MAY_SLEEP))
  482. return false;
  483. return true;
  484. }
  485. struct test_sglist {
  486. char *bufs[XBUFSIZE];
  487. struct scatterlist sgl[XBUFSIZE];
  488. struct scatterlist sgl_saved[XBUFSIZE];
  489. struct scatterlist *sgl_ptr;
  490. unsigned int nents;
  491. };
  492. static int init_test_sglist(struct test_sglist *tsgl)
  493. {
  494. return __testmgr_alloc_buf(tsgl->bufs, 1 /* two pages per buffer */);
  495. }
  496. static void destroy_test_sglist(struct test_sglist *tsgl)
  497. {
  498. return __testmgr_free_buf(tsgl->bufs, 1 /* two pages per buffer */);
  499. }
  500. /**
  501. * build_test_sglist() - build a scatterlist for a crypto test
  502. *
  503. * @tsgl: the scatterlist to build. @tsgl->bufs[] contains an array of 2-page
  504. * buffers which the scatterlist @tsgl->sgl[] will be made to point into.
  505. * @divs: the layout specification on which the scatterlist will be based
  506. * @alignmask: the algorithm's alignmask
  507. * @total_len: the total length of the scatterlist to build in bytes
  508. * @data: if non-NULL, the buffers will be filled with this data until it ends.
  509. * Otherwise the buffers will be poisoned. In both cases, some bytes
  510. * past the end of each buffer will be poisoned to help detect overruns.
  511. * @out_divs: if non-NULL, the test_sg_division to which each scatterlist entry
  512. * corresponds will be returned here. This will match @divs except
  513. * that divisions resolving to a length of 0 are omitted as they are
  514. * not included in the scatterlist.
  515. *
  516. * Return: 0 or a -errno value
  517. */
  518. static int build_test_sglist(struct test_sglist *tsgl,
  519. const struct test_sg_division *divs,
  520. const unsigned int alignmask,
  521. const unsigned int total_len,
  522. struct iov_iter *data,
  523. const struct test_sg_division *out_divs[XBUFSIZE])
  524. {
  525. struct {
  526. const struct test_sg_division *div;
  527. size_t length;
  528. } partitions[XBUFSIZE];
  529. const unsigned int ndivs = count_test_sg_divisions(divs);
  530. unsigned int len_remaining = total_len;
  531. unsigned int i;
  532. BUILD_BUG_ON(ARRAY_SIZE(partitions) != ARRAY_SIZE(tsgl->sgl));
  533. if (WARN_ON(ndivs > ARRAY_SIZE(partitions)))
  534. return -EINVAL;
  535. /* Calculate the (div, length) pairs */
  536. tsgl->nents = 0;
  537. for (i = 0; i < ndivs; i++) {
  538. unsigned int len_this_sg =
  539. min(len_remaining,
  540. (total_len * divs[i].proportion_of_total +
  541. TEST_SG_TOTAL / 2) / TEST_SG_TOTAL);
  542. if (len_this_sg != 0) {
  543. partitions[tsgl->nents].div = &divs[i];
  544. partitions[tsgl->nents].length = len_this_sg;
  545. tsgl->nents++;
  546. len_remaining -= len_this_sg;
  547. }
  548. }
  549. if (tsgl->nents == 0) {
  550. partitions[tsgl->nents].div = &divs[0];
  551. partitions[tsgl->nents].length = 0;
  552. tsgl->nents++;
  553. }
  554. partitions[tsgl->nents - 1].length += len_remaining;
  555. /* Set up the sgl entries and fill the data or poison */
  556. sg_init_table(tsgl->sgl, tsgl->nents);
  557. for (i = 0; i < tsgl->nents; i++) {
  558. unsigned int offset = partitions[i].div->offset;
  559. void *addr;
  560. if (partitions[i].div->offset_relative_to_alignmask)
  561. offset += alignmask;
  562. while (offset + partitions[i].length + TESTMGR_POISON_LEN >
  563. 2 * PAGE_SIZE) {
  564. if (WARN_ON(offset <= 0))
  565. return -EINVAL;
  566. offset /= 2;
  567. }
  568. addr = &tsgl->bufs[i][offset];
  569. sg_set_buf(&tsgl->sgl[i], addr, partitions[i].length);
  570. if (out_divs)
  571. out_divs[i] = partitions[i].div;
  572. if (data) {
  573. size_t copy_len, copied;
  574. copy_len = min(partitions[i].length, data->count);
  575. copied = copy_from_iter(addr, copy_len, data);
  576. if (WARN_ON(copied != copy_len))
  577. return -EINVAL;
  578. testmgr_poison(addr + copy_len, partitions[i].length +
  579. TESTMGR_POISON_LEN - copy_len);
  580. } else {
  581. testmgr_poison(addr, partitions[i].length +
  582. TESTMGR_POISON_LEN);
  583. }
  584. }
  585. sg_mark_end(&tsgl->sgl[tsgl->nents - 1]);
  586. tsgl->sgl_ptr = tsgl->sgl;
  587. memcpy(tsgl->sgl_saved, tsgl->sgl, tsgl->nents * sizeof(tsgl->sgl[0]));
  588. return 0;
  589. }
  590. /*
  591. * Verify that a scatterlist crypto operation produced the correct output.
  592. *
  593. * @tsgl: scatterlist containing the actual output
  594. * @expected_output: buffer containing the expected output
  595. * @len_to_check: length of @expected_output in bytes
  596. * @unchecked_prefix_len: number of ignored bytes in @tsgl prior to real result
  597. * @check_poison: verify that the poison bytes after each chunk are intact?
  598. *
  599. * Return: 0 if correct, -EINVAL if incorrect, -EOVERFLOW if buffer overrun.
  600. */
  601. static int verify_correct_output(const struct test_sglist *tsgl,
  602. const char *expected_output,
  603. unsigned int len_to_check,
  604. unsigned int unchecked_prefix_len,
  605. bool check_poison)
  606. {
  607. unsigned int i;
  608. for (i = 0; i < tsgl->nents; i++) {
  609. struct scatterlist *sg = &tsgl->sgl_ptr[i];
  610. unsigned int len = sg->length;
  611. unsigned int offset = sg->offset;
  612. const char *actual_output;
  613. if (unchecked_prefix_len) {
  614. if (unchecked_prefix_len >= len) {
  615. unchecked_prefix_len -= len;
  616. continue;
  617. }
  618. offset += unchecked_prefix_len;
  619. len -= unchecked_prefix_len;
  620. unchecked_prefix_len = 0;
  621. }
  622. len = min(len, len_to_check);
  623. actual_output = page_address(sg_page(sg)) + offset;
  624. if (memcmp(expected_output, actual_output, len) != 0)
  625. return -EINVAL;
  626. if (check_poison &&
  627. !testmgr_is_poison(actual_output + len, TESTMGR_POISON_LEN))
  628. return -EOVERFLOW;
  629. len_to_check -= len;
  630. expected_output += len;
  631. }
  632. if (WARN_ON(len_to_check != 0))
  633. return -EINVAL;
  634. return 0;
  635. }
  636. static bool is_test_sglist_corrupted(const struct test_sglist *tsgl)
  637. {
  638. unsigned int i;
  639. for (i = 0; i < tsgl->nents; i++) {
  640. if (tsgl->sgl[i].page_link != tsgl->sgl_saved[i].page_link)
  641. return true;
  642. if (tsgl->sgl[i].offset != tsgl->sgl_saved[i].offset)
  643. return true;
  644. if (tsgl->sgl[i].length != tsgl->sgl_saved[i].length)
  645. return true;
  646. }
  647. return false;
  648. }
  649. struct cipher_test_sglists {
  650. struct test_sglist src;
  651. struct test_sglist dst;
  652. };
  653. static struct cipher_test_sglists *alloc_cipher_test_sglists(void)
  654. {
  655. struct cipher_test_sglists *tsgls;
  656. tsgls = kmalloc_obj(*tsgls);
  657. if (!tsgls)
  658. return NULL;
  659. if (init_test_sglist(&tsgls->src) != 0)
  660. goto fail_kfree;
  661. if (init_test_sglist(&tsgls->dst) != 0)
  662. goto fail_destroy_src;
  663. return tsgls;
  664. fail_destroy_src:
  665. destroy_test_sglist(&tsgls->src);
  666. fail_kfree:
  667. kfree(tsgls);
  668. return NULL;
  669. }
  670. static void free_cipher_test_sglists(struct cipher_test_sglists *tsgls)
  671. {
  672. if (tsgls) {
  673. destroy_test_sglist(&tsgls->src);
  674. destroy_test_sglist(&tsgls->dst);
  675. kfree(tsgls);
  676. }
  677. }
  678. /* Build the src and dst scatterlists for an skcipher or AEAD test */
  679. static int build_cipher_test_sglists(struct cipher_test_sglists *tsgls,
  680. const struct testvec_config *cfg,
  681. unsigned int alignmask,
  682. unsigned int src_total_len,
  683. unsigned int dst_total_len,
  684. const struct kvec *inputs,
  685. unsigned int nr_inputs)
  686. {
  687. struct iov_iter input;
  688. int err;
  689. iov_iter_kvec(&input, ITER_SOURCE, inputs, nr_inputs, src_total_len);
  690. err = build_test_sglist(&tsgls->src, cfg->src_divs, alignmask,
  691. cfg->inplace_mode != OUT_OF_PLACE ?
  692. max(dst_total_len, src_total_len) :
  693. src_total_len,
  694. &input, NULL);
  695. if (err)
  696. return err;
  697. /*
  698. * In-place crypto operations can use the same scatterlist for both the
  699. * source and destination (req->src == req->dst), or can use separate
  700. * scatterlists (req->src != req->dst) which point to the same
  701. * underlying memory. Make sure to test both cases.
  702. */
  703. if (cfg->inplace_mode == INPLACE_ONE_SGLIST) {
  704. tsgls->dst.sgl_ptr = tsgls->src.sgl;
  705. tsgls->dst.nents = tsgls->src.nents;
  706. return 0;
  707. }
  708. if (cfg->inplace_mode == INPLACE_TWO_SGLISTS) {
  709. /*
  710. * For now we keep it simple and only test the case where the
  711. * two scatterlists have identical entries, rather than
  712. * different entries that split up the same memory differently.
  713. */
  714. memcpy(tsgls->dst.sgl, tsgls->src.sgl,
  715. tsgls->src.nents * sizeof(tsgls->src.sgl[0]));
  716. memcpy(tsgls->dst.sgl_saved, tsgls->src.sgl,
  717. tsgls->src.nents * sizeof(tsgls->src.sgl[0]));
  718. tsgls->dst.sgl_ptr = tsgls->dst.sgl;
  719. tsgls->dst.nents = tsgls->src.nents;
  720. return 0;
  721. }
  722. /* Out of place */
  723. return build_test_sglist(&tsgls->dst,
  724. cfg->dst_divs[0].proportion_of_total ?
  725. cfg->dst_divs : cfg->src_divs,
  726. alignmask, dst_total_len, NULL, NULL);
  727. }
  728. /*
  729. * Support for testing passing a misaligned key to setkey():
  730. *
  731. * If cfg->key_offset is set, copy the key into a new buffer at that offset,
  732. * optionally adding alignmask. Else, just use the key directly.
  733. */
  734. static int prepare_keybuf(const u8 *key, unsigned int ksize,
  735. const struct testvec_config *cfg,
  736. unsigned int alignmask,
  737. const u8 **keybuf_ret, const u8 **keyptr_ret)
  738. {
  739. unsigned int key_offset = cfg->key_offset;
  740. u8 *keybuf = NULL, *keyptr = (u8 *)key;
  741. if (key_offset != 0) {
  742. if (cfg->key_offset_relative_to_alignmask)
  743. key_offset += alignmask;
  744. keybuf = kmalloc(key_offset + ksize, GFP_KERNEL);
  745. if (!keybuf)
  746. return -ENOMEM;
  747. keyptr = keybuf + key_offset;
  748. memcpy(keyptr, key, ksize);
  749. }
  750. *keybuf_ret = keybuf;
  751. *keyptr_ret = keyptr;
  752. return 0;
  753. }
  754. /*
  755. * Like setkey_f(tfm, key, ksize), but sometimes misalign the key.
  756. * In addition, run the setkey function in no-SIMD context if requested.
  757. */
  758. #define do_setkey(setkey_f, tfm, key, ksize, cfg, alignmask) \
  759. ({ \
  760. const u8 *keybuf, *keyptr; \
  761. int err; \
  762. \
  763. err = prepare_keybuf((key), (ksize), (cfg), (alignmask), \
  764. &keybuf, &keyptr); \
  765. if (err == 0) { \
  766. if ((cfg)->nosimd_setkey) \
  767. crypto_disable_simd_for_test(); \
  768. err = setkey_f((tfm), keyptr, (ksize)); \
  769. if ((cfg)->nosimd_setkey) \
  770. crypto_reenable_simd_for_test(); \
  771. kfree(keybuf); \
  772. } \
  773. err; \
  774. })
  775. /*
  776. * The fuzz tests use prandom instead of the normal Linux RNG since they don't
  777. * need cryptographically secure random numbers. This greatly improves the
  778. * performance of these tests, especially if they are run before the Linux RNG
  779. * has been initialized or if they are run on a lockdep-enabled kernel.
  780. */
  781. static inline void init_rnd_state(struct rnd_state *rng)
  782. {
  783. prandom_seed_state(rng, get_random_u64());
  784. }
  785. static inline u8 prandom_u8(struct rnd_state *rng)
  786. {
  787. return prandom_u32_state(rng);
  788. }
  789. static inline u32 prandom_u32_below(struct rnd_state *rng, u32 ceil)
  790. {
  791. /*
  792. * This is slightly biased for non-power-of-2 values of 'ceil', but this
  793. * isn't important here.
  794. */
  795. return prandom_u32_state(rng) % ceil;
  796. }
  797. static inline bool prandom_bool(struct rnd_state *rng)
  798. {
  799. return prandom_u32_below(rng, 2);
  800. }
  801. static inline u32 prandom_u32_inclusive(struct rnd_state *rng,
  802. u32 floor, u32 ceil)
  803. {
  804. return floor + prandom_u32_below(rng, ceil - floor + 1);
  805. }
  806. /* Generate a random length in range [0, max_len], but prefer smaller values */
  807. static unsigned int generate_random_length(struct rnd_state *rng,
  808. unsigned int max_len)
  809. {
  810. unsigned int len = prandom_u32_below(rng, max_len + 1);
  811. switch (prandom_u32_below(rng, 4)) {
  812. case 0:
  813. len %= 64;
  814. break;
  815. case 1:
  816. len %= 256;
  817. break;
  818. case 2:
  819. len %= 1024;
  820. break;
  821. default:
  822. break;
  823. }
  824. if (len && prandom_u32_below(rng, 4) == 0)
  825. len = rounddown_pow_of_two(len);
  826. return len;
  827. }
  828. /* Flip a random bit in the given nonempty data buffer */
  829. static void flip_random_bit(struct rnd_state *rng, u8 *buf, size_t size)
  830. {
  831. size_t bitpos;
  832. bitpos = prandom_u32_below(rng, size * 8);
  833. buf[bitpos / 8] ^= 1 << (bitpos % 8);
  834. }
  835. /* Flip a random byte in the given nonempty data buffer */
  836. static void flip_random_byte(struct rnd_state *rng, u8 *buf, size_t size)
  837. {
  838. buf[prandom_u32_below(rng, size)] ^= 0xff;
  839. }
  840. /* Sometimes make some random changes to the given nonempty data buffer */
  841. static void mutate_buffer(struct rnd_state *rng, u8 *buf, size_t size)
  842. {
  843. size_t num_flips;
  844. size_t i;
  845. /* Sometimes flip some bits */
  846. if (prandom_u32_below(rng, 4) == 0) {
  847. num_flips = min_t(size_t, 1 << prandom_u32_below(rng, 8),
  848. size * 8);
  849. for (i = 0; i < num_flips; i++)
  850. flip_random_bit(rng, buf, size);
  851. }
  852. /* Sometimes flip some bytes */
  853. if (prandom_u32_below(rng, 4) == 0) {
  854. num_flips = min_t(size_t, 1 << prandom_u32_below(rng, 8), size);
  855. for (i = 0; i < num_flips; i++)
  856. flip_random_byte(rng, buf, size);
  857. }
  858. }
  859. /* Randomly generate 'count' bytes, but sometimes make them "interesting" */
  860. static void generate_random_bytes(struct rnd_state *rng, u8 *buf, size_t count)
  861. {
  862. u8 b;
  863. u8 increment;
  864. size_t i;
  865. if (count == 0)
  866. return;
  867. switch (prandom_u32_below(rng, 8)) { /* Choose a generation strategy */
  868. case 0:
  869. case 1:
  870. /* All the same byte, plus optional mutations */
  871. switch (prandom_u32_below(rng, 4)) {
  872. case 0:
  873. b = 0x00;
  874. break;
  875. case 1:
  876. b = 0xff;
  877. break;
  878. default:
  879. b = prandom_u8(rng);
  880. break;
  881. }
  882. memset(buf, b, count);
  883. mutate_buffer(rng, buf, count);
  884. break;
  885. case 2:
  886. /* Ascending or descending bytes, plus optional mutations */
  887. increment = prandom_u8(rng);
  888. b = prandom_u8(rng);
  889. for (i = 0; i < count; i++, b += increment)
  890. buf[i] = b;
  891. mutate_buffer(rng, buf, count);
  892. break;
  893. default:
  894. /* Fully random bytes */
  895. prandom_bytes_state(rng, buf, count);
  896. }
  897. }
  898. static char *generate_random_sgl_divisions(struct rnd_state *rng,
  899. struct test_sg_division *divs,
  900. size_t max_divs, char *p, char *end,
  901. bool gen_flushes, u32 req_flags)
  902. {
  903. struct test_sg_division *div = divs;
  904. unsigned int remaining = TEST_SG_TOTAL;
  905. do {
  906. unsigned int this_len;
  907. const char *flushtype_str;
  908. if (div == &divs[max_divs - 1] || prandom_bool(rng))
  909. this_len = remaining;
  910. else if (prandom_u32_below(rng, 4) == 0)
  911. this_len = (remaining + 1) / 2;
  912. else
  913. this_len = prandom_u32_inclusive(rng, 1, remaining);
  914. div->proportion_of_total = this_len;
  915. if (prandom_u32_below(rng, 4) == 0)
  916. div->offset = prandom_u32_inclusive(rng,
  917. PAGE_SIZE - 128,
  918. PAGE_SIZE - 1);
  919. else if (prandom_bool(rng))
  920. div->offset = prandom_u32_below(rng, 32);
  921. else
  922. div->offset = prandom_u32_below(rng, PAGE_SIZE);
  923. if (prandom_u32_below(rng, 8) == 0)
  924. div->offset_relative_to_alignmask = true;
  925. div->flush_type = FLUSH_TYPE_NONE;
  926. if (gen_flushes) {
  927. switch (prandom_u32_below(rng, 4)) {
  928. case 0:
  929. div->flush_type = FLUSH_TYPE_REIMPORT;
  930. break;
  931. case 1:
  932. div->flush_type = FLUSH_TYPE_FLUSH;
  933. break;
  934. }
  935. }
  936. if (div->flush_type != FLUSH_TYPE_NONE &&
  937. !(req_flags & CRYPTO_TFM_REQ_MAY_SLEEP) &&
  938. prandom_bool(rng))
  939. div->nosimd = true;
  940. switch (div->flush_type) {
  941. case FLUSH_TYPE_FLUSH:
  942. if (div->nosimd)
  943. flushtype_str = "<flush,nosimd>";
  944. else
  945. flushtype_str = "<flush>";
  946. break;
  947. case FLUSH_TYPE_REIMPORT:
  948. if (div->nosimd)
  949. flushtype_str = "<reimport,nosimd>";
  950. else
  951. flushtype_str = "<reimport>";
  952. break;
  953. default:
  954. flushtype_str = "";
  955. break;
  956. }
  957. BUILD_BUG_ON(TEST_SG_TOTAL != 10000); /* for "%u.%u%%" */
  958. p += scnprintf(p, end - p, "%s%u.%u%%@%s+%u%s", flushtype_str,
  959. this_len / 100, this_len % 100,
  960. div->offset_relative_to_alignmask ?
  961. "alignmask" : "",
  962. div->offset, this_len == remaining ? "" : ", ");
  963. remaining -= this_len;
  964. div++;
  965. } while (remaining);
  966. return p;
  967. }
  968. /* Generate a random testvec_config for fuzz testing */
  969. static void generate_random_testvec_config(struct rnd_state *rng,
  970. struct testvec_config *cfg,
  971. char *name, size_t max_namelen)
  972. {
  973. char *p = name;
  974. char * const end = name + max_namelen;
  975. memset(cfg, 0, sizeof(*cfg));
  976. cfg->name = name;
  977. p += scnprintf(p, end - p, "random:");
  978. switch (prandom_u32_below(rng, 4)) {
  979. case 0:
  980. case 1:
  981. cfg->inplace_mode = OUT_OF_PLACE;
  982. break;
  983. case 2:
  984. cfg->inplace_mode = INPLACE_ONE_SGLIST;
  985. p += scnprintf(p, end - p, " inplace_one_sglist");
  986. break;
  987. default:
  988. cfg->inplace_mode = INPLACE_TWO_SGLISTS;
  989. p += scnprintf(p, end - p, " inplace_two_sglists");
  990. break;
  991. }
  992. if (prandom_bool(rng)) {
  993. cfg->req_flags |= CRYPTO_TFM_REQ_MAY_SLEEP;
  994. p += scnprintf(p, end - p, " may_sleep");
  995. }
  996. switch (prandom_u32_below(rng, 4)) {
  997. case 0:
  998. cfg->finalization_type = FINALIZATION_TYPE_FINAL;
  999. p += scnprintf(p, end - p, " use_final");
  1000. break;
  1001. case 1:
  1002. cfg->finalization_type = FINALIZATION_TYPE_FINUP;
  1003. p += scnprintf(p, end - p, " use_finup");
  1004. break;
  1005. default:
  1006. cfg->finalization_type = FINALIZATION_TYPE_DIGEST;
  1007. p += scnprintf(p, end - p, " use_digest");
  1008. break;
  1009. }
  1010. if (!(cfg->req_flags & CRYPTO_TFM_REQ_MAY_SLEEP)) {
  1011. if (prandom_bool(rng)) {
  1012. cfg->nosimd = true;
  1013. p += scnprintf(p, end - p, " nosimd");
  1014. }
  1015. if (prandom_bool(rng)) {
  1016. cfg->nosimd_setkey = true;
  1017. p += scnprintf(p, end - p, " nosimd_setkey");
  1018. }
  1019. }
  1020. p += scnprintf(p, end - p, " src_divs=[");
  1021. p = generate_random_sgl_divisions(rng, cfg->src_divs,
  1022. ARRAY_SIZE(cfg->src_divs), p, end,
  1023. (cfg->finalization_type !=
  1024. FINALIZATION_TYPE_DIGEST),
  1025. cfg->req_flags);
  1026. p += scnprintf(p, end - p, "]");
  1027. if (cfg->inplace_mode == OUT_OF_PLACE && prandom_bool(rng)) {
  1028. p += scnprintf(p, end - p, " dst_divs=[");
  1029. p = generate_random_sgl_divisions(rng, cfg->dst_divs,
  1030. ARRAY_SIZE(cfg->dst_divs),
  1031. p, end, false,
  1032. cfg->req_flags);
  1033. p += scnprintf(p, end - p, "]");
  1034. }
  1035. if (prandom_bool(rng)) {
  1036. cfg->iv_offset = prandom_u32_inclusive(rng, 1,
  1037. MAX_ALGAPI_ALIGNMASK);
  1038. p += scnprintf(p, end - p, " iv_offset=%u", cfg->iv_offset);
  1039. }
  1040. if (prandom_bool(rng)) {
  1041. cfg->key_offset = prandom_u32_inclusive(rng, 1,
  1042. MAX_ALGAPI_ALIGNMASK);
  1043. p += scnprintf(p, end - p, " key_offset=%u", cfg->key_offset);
  1044. }
  1045. WARN_ON_ONCE(!valid_testvec_config(cfg));
  1046. }
  1047. static void crypto_disable_simd_for_test(void)
  1048. {
  1049. #ifdef CONFIG_CRYPTO_SELFTESTS_FULL
  1050. migrate_disable();
  1051. __this_cpu_write(crypto_simd_disabled_for_test, true);
  1052. #endif
  1053. }
  1054. static void crypto_reenable_simd_for_test(void)
  1055. {
  1056. #ifdef CONFIG_CRYPTO_SELFTESTS_FULL
  1057. __this_cpu_write(crypto_simd_disabled_for_test, false);
  1058. migrate_enable();
  1059. #endif
  1060. }
  1061. /*
  1062. * Given an algorithm name, build the name of the generic implementation of that
  1063. * algorithm, assuming the usual naming convention. Specifically, this appends
  1064. * "-generic" to every part of the name that is not a template name. Examples:
  1065. *
  1066. * aes => aes-generic
  1067. * cbc(aes) => cbc(aes-generic)
  1068. * cts(cbc(aes)) => cts(cbc(aes-generic))
  1069. * rfc7539(chacha20,poly1305) => rfc7539(chacha20-generic,poly1305-generic)
  1070. *
  1071. * Return: 0 on success, or -ENAMETOOLONG if the generic name would be too long
  1072. */
  1073. static int build_generic_driver_name(const char *algname,
  1074. char driver_name[CRYPTO_MAX_ALG_NAME])
  1075. {
  1076. const char *in = algname;
  1077. char *out = driver_name;
  1078. size_t len = strlen(algname);
  1079. if (len >= CRYPTO_MAX_ALG_NAME)
  1080. goto too_long;
  1081. do {
  1082. const char *in_saved = in;
  1083. while (*in && *in != '(' && *in != ')' && *in != ',')
  1084. *out++ = *in++;
  1085. if (*in != '(' && in > in_saved) {
  1086. len += 8;
  1087. if (len >= CRYPTO_MAX_ALG_NAME)
  1088. goto too_long;
  1089. memcpy(out, "-generic", 8);
  1090. out += 8;
  1091. }
  1092. } while ((*out++ = *in++) != '\0');
  1093. return 0;
  1094. too_long:
  1095. pr_err("alg: generic driver name for \"%s\" would be too long\n",
  1096. algname);
  1097. return -ENAMETOOLONG;
  1098. }
  1099. static int build_hash_sglist(struct test_sglist *tsgl,
  1100. const struct hash_testvec *vec,
  1101. const struct testvec_config *cfg,
  1102. unsigned int alignmask,
  1103. const struct test_sg_division *divs[XBUFSIZE])
  1104. {
  1105. struct kvec kv;
  1106. struct iov_iter input;
  1107. kv.iov_base = (void *)vec->plaintext;
  1108. kv.iov_len = vec->psize;
  1109. iov_iter_kvec(&input, ITER_SOURCE, &kv, 1, vec->psize);
  1110. return build_test_sglist(tsgl, cfg->src_divs, alignmask, vec->psize,
  1111. &input, divs);
  1112. }
  1113. static int check_hash_result(const char *type,
  1114. const u8 *result, unsigned int digestsize,
  1115. const struct hash_testvec *vec,
  1116. const char *vec_name,
  1117. const char *driver,
  1118. const struct testvec_config *cfg)
  1119. {
  1120. if (memcmp(result, vec->digest, digestsize) != 0) {
  1121. pr_err("alg: %s: %s test failed (wrong result) on test vector %s, cfg=\"%s\"\n",
  1122. type, driver, vec_name, cfg->name);
  1123. return -EINVAL;
  1124. }
  1125. if (!testmgr_is_poison(&result[digestsize], TESTMGR_POISON_LEN)) {
  1126. pr_err("alg: %s: %s overran result buffer on test vector %s, cfg=\"%s\"\n",
  1127. type, driver, vec_name, cfg->name);
  1128. return -EOVERFLOW;
  1129. }
  1130. return 0;
  1131. }
  1132. static inline int check_shash_op(const char *op, int err,
  1133. const char *driver, const char *vec_name,
  1134. const struct testvec_config *cfg)
  1135. {
  1136. if (err)
  1137. pr_err("alg: shash: %s %s() failed with err %d on test vector %s, cfg=\"%s\"\n",
  1138. driver, op, err, vec_name, cfg->name);
  1139. return err;
  1140. }
  1141. /* Test one hash test vector in one configuration, using the shash API */
  1142. static int test_shash_vec_cfg(const struct hash_testvec *vec,
  1143. const char *vec_name,
  1144. const struct testvec_config *cfg,
  1145. struct shash_desc *desc,
  1146. struct test_sglist *tsgl,
  1147. u8 *hashstate)
  1148. {
  1149. struct crypto_shash *tfm = desc->tfm;
  1150. const unsigned int digestsize = crypto_shash_digestsize(tfm);
  1151. const unsigned int statesize = crypto_shash_statesize(tfm);
  1152. const char *driver = crypto_shash_driver_name(tfm);
  1153. const struct test_sg_division *divs[XBUFSIZE];
  1154. unsigned int i;
  1155. u8 result[HASH_MAX_DIGESTSIZE + TESTMGR_POISON_LEN];
  1156. int err;
  1157. /* Set the key, if specified */
  1158. if (vec->ksize) {
  1159. err = do_setkey(crypto_shash_setkey, tfm, vec->key, vec->ksize,
  1160. cfg, 0);
  1161. if (err) {
  1162. if (err == vec->setkey_error)
  1163. return 0;
  1164. pr_err("alg: shash: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n",
  1165. driver, vec_name, vec->setkey_error, err,
  1166. crypto_shash_get_flags(tfm));
  1167. return err;
  1168. }
  1169. if (vec->setkey_error) {
  1170. pr_err("alg: shash: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n",
  1171. driver, vec_name, vec->setkey_error);
  1172. return -EINVAL;
  1173. }
  1174. }
  1175. /* Build the scatterlist for the source data */
  1176. err = build_hash_sglist(tsgl, vec, cfg, 0, divs);
  1177. if (err) {
  1178. pr_err("alg: shash: %s: error preparing scatterlist for test vector %s, cfg=\"%s\"\n",
  1179. driver, vec_name, cfg->name);
  1180. return err;
  1181. }
  1182. /* Do the actual hashing */
  1183. testmgr_poison(desc->__ctx, crypto_shash_descsize(tfm));
  1184. testmgr_poison(result, digestsize + TESTMGR_POISON_LEN);
  1185. if (cfg->finalization_type == FINALIZATION_TYPE_DIGEST ||
  1186. vec->digest_error) {
  1187. /* Just using digest() */
  1188. if (tsgl->nents != 1)
  1189. return 0;
  1190. if (cfg->nosimd)
  1191. crypto_disable_simd_for_test();
  1192. err = crypto_shash_digest(desc, sg_virt(&tsgl->sgl[0]),
  1193. tsgl->sgl[0].length, result);
  1194. if (cfg->nosimd)
  1195. crypto_reenable_simd_for_test();
  1196. if (err) {
  1197. if (err == vec->digest_error)
  1198. return 0;
  1199. pr_err("alg: shash: %s digest() failed on test vector %s; expected_error=%d, actual_error=%d, cfg=\"%s\"\n",
  1200. driver, vec_name, vec->digest_error, err,
  1201. cfg->name);
  1202. return err;
  1203. }
  1204. if (vec->digest_error) {
  1205. pr_err("alg: shash: %s digest() unexpectedly succeeded on test vector %s; expected_error=%d, cfg=\"%s\"\n",
  1206. driver, vec_name, vec->digest_error, cfg->name);
  1207. return -EINVAL;
  1208. }
  1209. goto result_ready;
  1210. }
  1211. /* Using init(), zero or more update(), then final() or finup() */
  1212. if (cfg->nosimd)
  1213. crypto_disable_simd_for_test();
  1214. err = crypto_shash_init(desc);
  1215. if (cfg->nosimd)
  1216. crypto_reenable_simd_for_test();
  1217. err = check_shash_op("init", err, driver, vec_name, cfg);
  1218. if (err)
  1219. return err;
  1220. for (i = 0; i < tsgl->nents; i++) {
  1221. if (i + 1 == tsgl->nents &&
  1222. cfg->finalization_type == FINALIZATION_TYPE_FINUP) {
  1223. if (divs[i]->nosimd)
  1224. crypto_disable_simd_for_test();
  1225. err = crypto_shash_finup(desc, sg_virt(&tsgl->sgl[i]),
  1226. tsgl->sgl[i].length, result);
  1227. if (divs[i]->nosimd)
  1228. crypto_reenable_simd_for_test();
  1229. err = check_shash_op("finup", err, driver, vec_name,
  1230. cfg);
  1231. if (err)
  1232. return err;
  1233. goto result_ready;
  1234. }
  1235. if (divs[i]->nosimd)
  1236. crypto_disable_simd_for_test();
  1237. err = crypto_shash_update(desc, sg_virt(&tsgl->sgl[i]),
  1238. tsgl->sgl[i].length);
  1239. if (divs[i]->nosimd)
  1240. crypto_reenable_simd_for_test();
  1241. err = check_shash_op("update", err, driver, vec_name, cfg);
  1242. if (err)
  1243. return err;
  1244. if (divs[i]->flush_type == FLUSH_TYPE_REIMPORT) {
  1245. /* Test ->export() and ->import() */
  1246. testmgr_poison(hashstate + statesize,
  1247. TESTMGR_POISON_LEN);
  1248. err = crypto_shash_export(desc, hashstate);
  1249. err = check_shash_op("export", err, driver, vec_name,
  1250. cfg);
  1251. if (err)
  1252. return err;
  1253. if (!testmgr_is_poison(hashstate + statesize,
  1254. TESTMGR_POISON_LEN)) {
  1255. pr_err("alg: shash: %s export() overran state buffer on test vector %s, cfg=\"%s\"\n",
  1256. driver, vec_name, cfg->name);
  1257. return -EOVERFLOW;
  1258. }
  1259. testmgr_poison(desc->__ctx, crypto_shash_descsize(tfm));
  1260. err = crypto_shash_import(desc, hashstate);
  1261. err = check_shash_op("import", err, driver, vec_name,
  1262. cfg);
  1263. if (err)
  1264. return err;
  1265. }
  1266. }
  1267. if (cfg->nosimd)
  1268. crypto_disable_simd_for_test();
  1269. err = crypto_shash_final(desc, result);
  1270. if (cfg->nosimd)
  1271. crypto_reenable_simd_for_test();
  1272. err = check_shash_op("final", err, driver, vec_name, cfg);
  1273. if (err)
  1274. return err;
  1275. result_ready:
  1276. return check_hash_result("shash", result, digestsize, vec, vec_name,
  1277. driver, cfg);
  1278. }
  1279. static int do_ahash_op(int (*op)(struct ahash_request *req),
  1280. struct ahash_request *req,
  1281. struct crypto_wait *wait, bool nosimd)
  1282. {
  1283. int err;
  1284. if (nosimd)
  1285. crypto_disable_simd_for_test();
  1286. err = op(req);
  1287. if (nosimd)
  1288. crypto_reenable_simd_for_test();
  1289. return crypto_wait_req(err, wait);
  1290. }
  1291. static int check_nonfinal_ahash_op(const char *op, int err,
  1292. u8 *result, unsigned int digestsize,
  1293. const char *driver, const char *vec_name,
  1294. const struct testvec_config *cfg)
  1295. {
  1296. if (err) {
  1297. pr_err("alg: ahash: %s %s() failed with err %d on test vector %s, cfg=\"%s\"\n",
  1298. driver, op, err, vec_name, cfg->name);
  1299. return err;
  1300. }
  1301. if (!testmgr_is_poison(result, digestsize)) {
  1302. pr_err("alg: ahash: %s %s() used result buffer on test vector %s, cfg=\"%s\"\n",
  1303. driver, op, vec_name, cfg->name);
  1304. return -EINVAL;
  1305. }
  1306. return 0;
  1307. }
  1308. /* Test one hash test vector in one configuration, using the ahash API */
  1309. static int test_ahash_vec_cfg(const struct hash_testvec *vec,
  1310. const char *vec_name,
  1311. const struct testvec_config *cfg,
  1312. struct ahash_request *req,
  1313. struct test_sglist *tsgl,
  1314. u8 *hashstate)
  1315. {
  1316. struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
  1317. const unsigned int digestsize = crypto_ahash_digestsize(tfm);
  1318. const unsigned int statesize = crypto_ahash_statesize(tfm);
  1319. const char *driver = crypto_ahash_driver_name(tfm);
  1320. const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags;
  1321. const struct test_sg_division *divs[XBUFSIZE];
  1322. DECLARE_CRYPTO_WAIT(wait);
  1323. unsigned int i;
  1324. struct scatterlist *pending_sgl;
  1325. unsigned int pending_len;
  1326. u8 result[HASH_MAX_DIGESTSIZE + TESTMGR_POISON_LEN];
  1327. int err;
  1328. /* Set the key, if specified */
  1329. if (vec->ksize) {
  1330. err = do_setkey(crypto_ahash_setkey, tfm, vec->key, vec->ksize,
  1331. cfg, 0);
  1332. if (err) {
  1333. if (err == vec->setkey_error)
  1334. return 0;
  1335. pr_err("alg: ahash: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n",
  1336. driver, vec_name, vec->setkey_error, err,
  1337. crypto_ahash_get_flags(tfm));
  1338. return err;
  1339. }
  1340. if (vec->setkey_error) {
  1341. pr_err("alg: ahash: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n",
  1342. driver, vec_name, vec->setkey_error);
  1343. return -EINVAL;
  1344. }
  1345. }
  1346. /* Build the scatterlist for the source data */
  1347. err = build_hash_sglist(tsgl, vec, cfg, 0, divs);
  1348. if (err) {
  1349. pr_err("alg: ahash: %s: error preparing scatterlist for test vector %s, cfg=\"%s\"\n",
  1350. driver, vec_name, cfg->name);
  1351. return err;
  1352. }
  1353. /* Do the actual hashing */
  1354. testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm));
  1355. testmgr_poison(result, digestsize + TESTMGR_POISON_LEN);
  1356. if (cfg->finalization_type == FINALIZATION_TYPE_DIGEST ||
  1357. vec->digest_error) {
  1358. /* Just using digest() */
  1359. ahash_request_set_callback(req, req_flags, crypto_req_done,
  1360. &wait);
  1361. ahash_request_set_crypt(req, tsgl->sgl, result, vec->psize);
  1362. err = do_ahash_op(crypto_ahash_digest, req, &wait, cfg->nosimd);
  1363. if (err) {
  1364. if (err == vec->digest_error)
  1365. return 0;
  1366. pr_err("alg: ahash: %s digest() failed on test vector %s; expected_error=%d, actual_error=%d, cfg=\"%s\"\n",
  1367. driver, vec_name, vec->digest_error, err,
  1368. cfg->name);
  1369. return err;
  1370. }
  1371. if (vec->digest_error) {
  1372. pr_err("alg: ahash: %s digest() unexpectedly succeeded on test vector %s; expected_error=%d, cfg=\"%s\"\n",
  1373. driver, vec_name, vec->digest_error, cfg->name);
  1374. return -EINVAL;
  1375. }
  1376. goto result_ready;
  1377. }
  1378. /* Using init(), zero or more update(), then final() or finup() */
  1379. ahash_request_set_callback(req, req_flags, crypto_req_done, &wait);
  1380. ahash_request_set_crypt(req, NULL, result, 0);
  1381. err = do_ahash_op(crypto_ahash_init, req, &wait, cfg->nosimd);
  1382. err = check_nonfinal_ahash_op("init", err, result, digestsize,
  1383. driver, vec_name, cfg);
  1384. if (err)
  1385. return err;
  1386. pending_sgl = NULL;
  1387. pending_len = 0;
  1388. for (i = 0; i < tsgl->nents; i++) {
  1389. if (divs[i]->flush_type != FLUSH_TYPE_NONE &&
  1390. pending_sgl != NULL) {
  1391. /* update() with the pending data */
  1392. ahash_request_set_callback(req, req_flags,
  1393. crypto_req_done, &wait);
  1394. ahash_request_set_crypt(req, pending_sgl, result,
  1395. pending_len);
  1396. err = do_ahash_op(crypto_ahash_update, req, &wait,
  1397. divs[i]->nosimd);
  1398. err = check_nonfinal_ahash_op("update", err,
  1399. result, digestsize,
  1400. driver, vec_name, cfg);
  1401. if (err)
  1402. return err;
  1403. pending_sgl = NULL;
  1404. pending_len = 0;
  1405. }
  1406. if (divs[i]->flush_type == FLUSH_TYPE_REIMPORT) {
  1407. /* Test ->export() and ->import() */
  1408. testmgr_poison(hashstate + statesize,
  1409. TESTMGR_POISON_LEN);
  1410. err = crypto_ahash_export(req, hashstate);
  1411. err = check_nonfinal_ahash_op("export", err,
  1412. result, digestsize,
  1413. driver, vec_name, cfg);
  1414. if (err)
  1415. return err;
  1416. if (!testmgr_is_poison(hashstate + statesize,
  1417. TESTMGR_POISON_LEN)) {
  1418. pr_err("alg: ahash: %s export() overran state buffer on test vector %s, cfg=\"%s\"\n",
  1419. driver, vec_name, cfg->name);
  1420. return -EOVERFLOW;
  1421. }
  1422. testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm));
  1423. err = crypto_ahash_import(req, hashstate);
  1424. err = check_nonfinal_ahash_op("import", err,
  1425. result, digestsize,
  1426. driver, vec_name, cfg);
  1427. if (err)
  1428. return err;
  1429. }
  1430. if (pending_sgl == NULL)
  1431. pending_sgl = &tsgl->sgl[i];
  1432. pending_len += tsgl->sgl[i].length;
  1433. }
  1434. ahash_request_set_callback(req, req_flags, crypto_req_done, &wait);
  1435. ahash_request_set_crypt(req, pending_sgl, result, pending_len);
  1436. if (cfg->finalization_type == FINALIZATION_TYPE_FINAL) {
  1437. /* finish with update() and final() */
  1438. err = do_ahash_op(crypto_ahash_update, req, &wait, cfg->nosimd);
  1439. err = check_nonfinal_ahash_op("update", err, result, digestsize,
  1440. driver, vec_name, cfg);
  1441. if (err)
  1442. return err;
  1443. err = do_ahash_op(crypto_ahash_final, req, &wait, cfg->nosimd);
  1444. if (err) {
  1445. pr_err("alg: ahash: %s final() failed with err %d on test vector %s, cfg=\"%s\"\n",
  1446. driver, err, vec_name, cfg->name);
  1447. return err;
  1448. }
  1449. } else {
  1450. /* finish with finup() */
  1451. err = do_ahash_op(crypto_ahash_finup, req, &wait, cfg->nosimd);
  1452. if (err) {
  1453. pr_err("alg: ahash: %s finup() failed with err %d on test vector %s, cfg=\"%s\"\n",
  1454. driver, err, vec_name, cfg->name);
  1455. return err;
  1456. }
  1457. }
  1458. result_ready:
  1459. return check_hash_result("ahash", result, digestsize, vec, vec_name,
  1460. driver, cfg);
  1461. }
  1462. static int test_hash_vec_cfg(const struct hash_testvec *vec,
  1463. const char *vec_name,
  1464. const struct testvec_config *cfg,
  1465. struct ahash_request *req,
  1466. struct shash_desc *desc,
  1467. struct test_sglist *tsgl,
  1468. u8 *hashstate)
  1469. {
  1470. int err;
  1471. /*
  1472. * For algorithms implemented as "shash", most bugs will be detected by
  1473. * both the shash and ahash tests. Test the shash API first so that the
  1474. * failures involve less indirection, so are easier to debug.
  1475. */
  1476. if (desc) {
  1477. err = test_shash_vec_cfg(vec, vec_name, cfg, desc, tsgl,
  1478. hashstate);
  1479. if (err)
  1480. return err;
  1481. }
  1482. return test_ahash_vec_cfg(vec, vec_name, cfg, req, tsgl, hashstate);
  1483. }
  1484. static int test_hash_vec(const struct hash_testvec *vec, unsigned int vec_num,
  1485. struct ahash_request *req, struct shash_desc *desc,
  1486. struct test_sglist *tsgl, u8 *hashstate)
  1487. {
  1488. char vec_name[16];
  1489. unsigned int i;
  1490. int err;
  1491. sprintf(vec_name, "%u", vec_num);
  1492. for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++) {
  1493. err = test_hash_vec_cfg(vec, vec_name,
  1494. &default_hash_testvec_configs[i],
  1495. req, desc, tsgl, hashstate);
  1496. if (err)
  1497. return err;
  1498. }
  1499. if (!noslowtests) {
  1500. struct rnd_state rng;
  1501. struct testvec_config cfg;
  1502. char cfgname[TESTVEC_CONFIG_NAMELEN];
  1503. init_rnd_state(&rng);
  1504. for (i = 0; i < fuzz_iterations; i++) {
  1505. generate_random_testvec_config(&rng, &cfg, cfgname,
  1506. sizeof(cfgname));
  1507. err = test_hash_vec_cfg(vec, vec_name, &cfg,
  1508. req, desc, tsgl, hashstate);
  1509. if (err)
  1510. return err;
  1511. cond_resched();
  1512. }
  1513. }
  1514. return 0;
  1515. }
  1516. /*
  1517. * Generate a hash test vector from the given implementation.
  1518. * Assumes the buffers in 'vec' were already allocated.
  1519. */
  1520. static void generate_random_hash_testvec(struct rnd_state *rng,
  1521. struct ahash_request *req,
  1522. struct hash_testvec *vec,
  1523. unsigned int maxkeysize,
  1524. unsigned int maxdatasize,
  1525. char *name, size_t max_namelen)
  1526. {
  1527. /* Data */
  1528. vec->psize = generate_random_length(rng, maxdatasize);
  1529. generate_random_bytes(rng, (u8 *)vec->plaintext, vec->psize);
  1530. /*
  1531. * Key: length in range [1, maxkeysize], but usually choose maxkeysize.
  1532. * If algorithm is unkeyed, then maxkeysize == 0 and set ksize = 0.
  1533. */
  1534. vec->setkey_error = 0;
  1535. vec->ksize = 0;
  1536. if (maxkeysize) {
  1537. vec->ksize = maxkeysize;
  1538. if (prandom_u32_below(rng, 4) == 0)
  1539. vec->ksize = prandom_u32_inclusive(rng, 1, maxkeysize);
  1540. generate_random_bytes(rng, (u8 *)vec->key, vec->ksize);
  1541. vec->setkey_error = crypto_ahash_setkey(
  1542. crypto_ahash_reqtfm(req), vec->key, vec->ksize);
  1543. /* If the key couldn't be set, no need to continue to digest. */
  1544. if (vec->setkey_error)
  1545. goto done;
  1546. }
  1547. /* Digest */
  1548. vec->digest_error = crypto_hash_digest(
  1549. crypto_ahash_reqtfm(req), vec->plaintext,
  1550. vec->psize, (u8 *)vec->digest);
  1551. done:
  1552. snprintf(name, max_namelen, "\"random: psize=%u ksize=%u\"",
  1553. vec->psize, vec->ksize);
  1554. }
  1555. /*
  1556. * Test the hash algorithm represented by @req against the corresponding generic
  1557. * implementation, if one is available.
  1558. */
  1559. static int test_hash_vs_generic_impl(const char *generic_driver,
  1560. unsigned int maxkeysize,
  1561. struct ahash_request *req,
  1562. struct shash_desc *desc,
  1563. struct test_sglist *tsgl,
  1564. u8 *hashstate)
  1565. {
  1566. struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
  1567. const unsigned int digestsize = crypto_ahash_digestsize(tfm);
  1568. const unsigned int blocksize = crypto_ahash_blocksize(tfm);
  1569. const unsigned int maxdatasize = (2 * PAGE_SIZE) - TESTMGR_POISON_LEN;
  1570. const char *algname = crypto_hash_alg_common(tfm)->base.cra_name;
  1571. const char *driver = crypto_ahash_driver_name(tfm);
  1572. struct rnd_state rng;
  1573. char _generic_driver[CRYPTO_MAX_ALG_NAME];
  1574. struct ahash_request *generic_req = NULL;
  1575. struct crypto_ahash *generic_tfm = NULL;
  1576. unsigned int i;
  1577. struct hash_testvec vec = { 0 };
  1578. char vec_name[64];
  1579. struct testvec_config *cfg;
  1580. char cfgname[TESTVEC_CONFIG_NAMELEN];
  1581. int err;
  1582. if (noslowtests)
  1583. return 0;
  1584. init_rnd_state(&rng);
  1585. if (!generic_driver) { /* Use default naming convention? */
  1586. err = build_generic_driver_name(algname, _generic_driver);
  1587. if (err)
  1588. return err;
  1589. generic_driver = _generic_driver;
  1590. }
  1591. if (strcmp(generic_driver, driver) == 0) /* Already the generic impl? */
  1592. return 0;
  1593. generic_tfm = crypto_alloc_ahash(generic_driver, 0, 0);
  1594. if (IS_ERR(generic_tfm)) {
  1595. err = PTR_ERR(generic_tfm);
  1596. if (err == -ENOENT) {
  1597. pr_warn("alg: hash: skipping comparison tests for %s because %s is unavailable\n",
  1598. driver, generic_driver);
  1599. return 0;
  1600. }
  1601. pr_err("alg: hash: error allocating %s (generic impl of %s): %d\n",
  1602. generic_driver, algname, err);
  1603. return err;
  1604. }
  1605. cfg = kzalloc_obj(*cfg);
  1606. if (!cfg) {
  1607. err = -ENOMEM;
  1608. goto out;
  1609. }
  1610. generic_req = ahash_request_alloc(generic_tfm, GFP_KERNEL);
  1611. if (!generic_req) {
  1612. err = -ENOMEM;
  1613. goto out;
  1614. }
  1615. /* Check the algorithm properties for consistency. */
  1616. if (digestsize != crypto_ahash_digestsize(generic_tfm)) {
  1617. pr_err("alg: hash: digestsize for %s (%u) doesn't match generic impl (%u)\n",
  1618. driver, digestsize,
  1619. crypto_ahash_digestsize(generic_tfm));
  1620. err = -EINVAL;
  1621. goto out;
  1622. }
  1623. if (blocksize != crypto_ahash_blocksize(generic_tfm)) {
  1624. pr_err("alg: hash: blocksize for %s (%u) doesn't match generic impl (%u)\n",
  1625. driver, blocksize, crypto_ahash_blocksize(generic_tfm));
  1626. err = -EINVAL;
  1627. goto out;
  1628. }
  1629. /*
  1630. * Now generate test vectors using the generic implementation, and test
  1631. * the other implementation against them.
  1632. */
  1633. vec.key = kmalloc(maxkeysize, GFP_KERNEL);
  1634. vec.plaintext = kmalloc(maxdatasize, GFP_KERNEL);
  1635. vec.digest = kmalloc(digestsize, GFP_KERNEL);
  1636. if (!vec.key || !vec.plaintext || !vec.digest) {
  1637. err = -ENOMEM;
  1638. goto out;
  1639. }
  1640. for (i = 0; i < fuzz_iterations * 8; i++) {
  1641. generate_random_hash_testvec(&rng, generic_req, &vec,
  1642. maxkeysize, maxdatasize,
  1643. vec_name, sizeof(vec_name));
  1644. generate_random_testvec_config(&rng, cfg, cfgname,
  1645. sizeof(cfgname));
  1646. err = test_hash_vec_cfg(&vec, vec_name, cfg,
  1647. req, desc, tsgl, hashstate);
  1648. if (err)
  1649. goto out;
  1650. cond_resched();
  1651. }
  1652. err = 0;
  1653. out:
  1654. kfree(cfg);
  1655. kfree(vec.key);
  1656. kfree(vec.plaintext);
  1657. kfree(vec.digest);
  1658. ahash_request_free(generic_req);
  1659. crypto_free_ahash(generic_tfm);
  1660. return err;
  1661. }
  1662. static int alloc_shash(const char *driver, u32 type, u32 mask,
  1663. struct crypto_shash **tfm_ret,
  1664. struct shash_desc **desc_ret)
  1665. {
  1666. struct crypto_shash *tfm;
  1667. struct shash_desc *desc;
  1668. tfm = crypto_alloc_shash(driver, type, mask);
  1669. if (IS_ERR(tfm)) {
  1670. if (PTR_ERR(tfm) == -ENOENT || PTR_ERR(tfm) == -EEXIST) {
  1671. /*
  1672. * This algorithm is only available through the ahash
  1673. * API, not the shash API, so skip the shash tests.
  1674. */
  1675. return 0;
  1676. }
  1677. pr_err("alg: hash: failed to allocate shash transform for %s: %ld\n",
  1678. driver, PTR_ERR(tfm));
  1679. return PTR_ERR(tfm);
  1680. }
  1681. desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(tfm), GFP_KERNEL);
  1682. if (!desc) {
  1683. crypto_free_shash(tfm);
  1684. return -ENOMEM;
  1685. }
  1686. desc->tfm = tfm;
  1687. *tfm_ret = tfm;
  1688. *desc_ret = desc;
  1689. return 0;
  1690. }
  1691. static int __alg_test_hash(const struct hash_testvec *vecs,
  1692. unsigned int num_vecs, const char *driver,
  1693. u32 type, u32 mask,
  1694. const char *generic_driver, unsigned int maxkeysize)
  1695. {
  1696. struct crypto_ahash *atfm = NULL;
  1697. struct ahash_request *req = NULL;
  1698. struct crypto_shash *stfm = NULL;
  1699. struct shash_desc *desc = NULL;
  1700. struct test_sglist *tsgl = NULL;
  1701. u8 *hashstate = NULL;
  1702. unsigned int statesize;
  1703. unsigned int i;
  1704. int err;
  1705. /*
  1706. * Always test the ahash API. This works regardless of whether the
  1707. * algorithm is implemented as ahash or shash.
  1708. */
  1709. atfm = crypto_alloc_ahash(driver, type, mask);
  1710. if (IS_ERR(atfm)) {
  1711. if (PTR_ERR(atfm) == -ENOENT)
  1712. return 0;
  1713. pr_err("alg: hash: failed to allocate transform for %s: %ld\n",
  1714. driver, PTR_ERR(atfm));
  1715. return PTR_ERR(atfm);
  1716. }
  1717. driver = crypto_ahash_driver_name(atfm);
  1718. req = ahash_request_alloc(atfm, GFP_KERNEL);
  1719. if (!req) {
  1720. pr_err("alg: hash: failed to allocate request for %s\n",
  1721. driver);
  1722. err = -ENOMEM;
  1723. goto out;
  1724. }
  1725. /*
  1726. * If available also test the shash API, to cover corner cases that may
  1727. * be missed by testing the ahash API only.
  1728. */
  1729. err = alloc_shash(driver, type, mask, &stfm, &desc);
  1730. if (err)
  1731. goto out;
  1732. tsgl = kmalloc_obj(*tsgl);
  1733. if (!tsgl || init_test_sglist(tsgl) != 0) {
  1734. pr_err("alg: hash: failed to allocate test buffers for %s\n",
  1735. driver);
  1736. kfree(tsgl);
  1737. tsgl = NULL;
  1738. err = -ENOMEM;
  1739. goto out;
  1740. }
  1741. statesize = crypto_ahash_statesize(atfm);
  1742. if (stfm)
  1743. statesize = max(statesize, crypto_shash_statesize(stfm));
  1744. hashstate = kmalloc(statesize + TESTMGR_POISON_LEN, GFP_KERNEL);
  1745. if (!hashstate) {
  1746. pr_err("alg: hash: failed to allocate hash state buffer for %s\n",
  1747. driver);
  1748. err = -ENOMEM;
  1749. goto out;
  1750. }
  1751. for (i = 0; i < num_vecs; i++) {
  1752. if (fips_enabled && vecs[i].fips_skip)
  1753. continue;
  1754. err = test_hash_vec(&vecs[i], i, req, desc, tsgl, hashstate);
  1755. if (err)
  1756. goto out;
  1757. cond_resched();
  1758. }
  1759. err = test_hash_vs_generic_impl(generic_driver, maxkeysize, req,
  1760. desc, tsgl, hashstate);
  1761. out:
  1762. kfree(hashstate);
  1763. if (tsgl) {
  1764. destroy_test_sglist(tsgl);
  1765. kfree(tsgl);
  1766. }
  1767. kfree(desc);
  1768. crypto_free_shash(stfm);
  1769. ahash_request_free(req);
  1770. crypto_free_ahash(atfm);
  1771. return err;
  1772. }
  1773. static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
  1774. u32 type, u32 mask)
  1775. {
  1776. const struct hash_testvec *template = desc->suite.hash.vecs;
  1777. unsigned int tcount = desc->suite.hash.count;
  1778. unsigned int nr_unkeyed, nr_keyed;
  1779. unsigned int maxkeysize = 0;
  1780. int err;
  1781. /*
  1782. * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests
  1783. * first, before setting a key on the tfm. To make this easier, we
  1784. * require that the unkeyed test vectors (if any) are listed first.
  1785. */
  1786. for (nr_unkeyed = 0; nr_unkeyed < tcount; nr_unkeyed++) {
  1787. if (template[nr_unkeyed].ksize)
  1788. break;
  1789. }
  1790. for (nr_keyed = 0; nr_unkeyed + nr_keyed < tcount; nr_keyed++) {
  1791. if (!template[nr_unkeyed + nr_keyed].ksize) {
  1792. pr_err("alg: hash: test vectors for %s out of order, "
  1793. "unkeyed ones must come first\n", desc->alg);
  1794. return -EINVAL;
  1795. }
  1796. maxkeysize = max_t(unsigned int, maxkeysize,
  1797. template[nr_unkeyed + nr_keyed].ksize);
  1798. }
  1799. err = 0;
  1800. if (nr_unkeyed) {
  1801. err = __alg_test_hash(template, nr_unkeyed, driver, type, mask,
  1802. desc->generic_driver, maxkeysize);
  1803. template += nr_unkeyed;
  1804. }
  1805. if (!err && nr_keyed)
  1806. err = __alg_test_hash(template, nr_keyed, driver, type, mask,
  1807. desc->generic_driver, maxkeysize);
  1808. return err;
  1809. }
  1810. static int test_aead_vec_cfg(int enc, const struct aead_testvec *vec,
  1811. const char *vec_name,
  1812. const struct testvec_config *cfg,
  1813. struct aead_request *req,
  1814. struct cipher_test_sglists *tsgls)
  1815. {
  1816. struct crypto_aead *tfm = crypto_aead_reqtfm(req);
  1817. const unsigned int alignmask = crypto_aead_alignmask(tfm);
  1818. const unsigned int ivsize = crypto_aead_ivsize(tfm);
  1819. const unsigned int authsize = vec->clen - vec->plen;
  1820. const char *driver = crypto_aead_driver_name(tfm);
  1821. const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags;
  1822. const char *op = enc ? "encryption" : "decryption";
  1823. DECLARE_CRYPTO_WAIT(wait);
  1824. u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN];
  1825. u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) +
  1826. cfg->iv_offset +
  1827. (cfg->iv_offset_relative_to_alignmask ? alignmask : 0);
  1828. struct kvec input[2];
  1829. int err;
  1830. /* Set the key */
  1831. if (vec->wk)
  1832. crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
  1833. else
  1834. crypto_aead_clear_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
  1835. err = do_setkey(crypto_aead_setkey, tfm, vec->key, vec->klen,
  1836. cfg, alignmask);
  1837. if (err && err != vec->setkey_error) {
  1838. pr_err("alg: aead: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n",
  1839. driver, vec_name, vec->setkey_error, err,
  1840. crypto_aead_get_flags(tfm));
  1841. return err;
  1842. }
  1843. if (!err && vec->setkey_error) {
  1844. pr_err("alg: aead: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n",
  1845. driver, vec_name, vec->setkey_error);
  1846. return -EINVAL;
  1847. }
  1848. /* Set the authentication tag size */
  1849. err = crypto_aead_setauthsize(tfm, authsize);
  1850. if (err && err != vec->setauthsize_error) {
  1851. pr_err("alg: aead: %s setauthsize failed on test vector %s; expected_error=%d, actual_error=%d\n",
  1852. driver, vec_name, vec->setauthsize_error, err);
  1853. return err;
  1854. }
  1855. if (!err && vec->setauthsize_error) {
  1856. pr_err("alg: aead: %s setauthsize unexpectedly succeeded on test vector %s; expected_error=%d\n",
  1857. driver, vec_name, vec->setauthsize_error);
  1858. return -EINVAL;
  1859. }
  1860. if (vec->setkey_error || vec->setauthsize_error)
  1861. return 0;
  1862. /* The IV must be copied to a buffer, as the algorithm may modify it */
  1863. if (WARN_ON(ivsize > MAX_IVLEN))
  1864. return -EINVAL;
  1865. if (vec->iv)
  1866. memcpy(iv, vec->iv, ivsize);
  1867. else
  1868. memset(iv, 0, ivsize);
  1869. /* Build the src/dst scatterlists */
  1870. input[0].iov_base = (void *)vec->assoc;
  1871. input[0].iov_len = vec->alen;
  1872. input[1].iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext;
  1873. input[1].iov_len = enc ? vec->plen : vec->clen;
  1874. err = build_cipher_test_sglists(tsgls, cfg, alignmask,
  1875. vec->alen + (enc ? vec->plen :
  1876. vec->clen),
  1877. vec->alen + (enc ? vec->clen :
  1878. vec->plen),
  1879. input, 2);
  1880. if (err) {
  1881. pr_err("alg: aead: %s %s: error preparing scatterlists for test vector %s, cfg=\"%s\"\n",
  1882. driver, op, vec_name, cfg->name);
  1883. return err;
  1884. }
  1885. /* Do the actual encryption or decryption */
  1886. testmgr_poison(req->__ctx, crypto_aead_reqsize(tfm));
  1887. aead_request_set_callback(req, req_flags, crypto_req_done, &wait);
  1888. aead_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr,
  1889. enc ? vec->plen : vec->clen, iv);
  1890. aead_request_set_ad(req, vec->alen);
  1891. if (cfg->nosimd)
  1892. crypto_disable_simd_for_test();
  1893. err = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);
  1894. if (cfg->nosimd)
  1895. crypto_reenable_simd_for_test();
  1896. err = crypto_wait_req(err, &wait);
  1897. /* Check that the algorithm didn't overwrite things it shouldn't have */
  1898. if (req->cryptlen != (enc ? vec->plen : vec->clen) ||
  1899. req->assoclen != vec->alen ||
  1900. req->iv != iv ||
  1901. req->src != tsgls->src.sgl_ptr ||
  1902. req->dst != tsgls->dst.sgl_ptr ||
  1903. crypto_aead_reqtfm(req) != tfm ||
  1904. req->base.complete != crypto_req_done ||
  1905. req->base.flags != req_flags ||
  1906. req->base.data != &wait) {
  1907. pr_err("alg: aead: %s %s corrupted request struct on test vector %s, cfg=\"%s\"\n",
  1908. driver, op, vec_name, cfg->name);
  1909. if (req->cryptlen != (enc ? vec->plen : vec->clen))
  1910. pr_err("alg: aead: changed 'req->cryptlen'\n");
  1911. if (req->assoclen != vec->alen)
  1912. pr_err("alg: aead: changed 'req->assoclen'\n");
  1913. if (req->iv != iv)
  1914. pr_err("alg: aead: changed 'req->iv'\n");
  1915. if (req->src != tsgls->src.sgl_ptr)
  1916. pr_err("alg: aead: changed 'req->src'\n");
  1917. if (req->dst != tsgls->dst.sgl_ptr)
  1918. pr_err("alg: aead: changed 'req->dst'\n");
  1919. if (crypto_aead_reqtfm(req) != tfm)
  1920. pr_err("alg: aead: changed 'req->base.tfm'\n");
  1921. if (req->base.complete != crypto_req_done)
  1922. pr_err("alg: aead: changed 'req->base.complete'\n");
  1923. if (req->base.flags != req_flags)
  1924. pr_err("alg: aead: changed 'req->base.flags'\n");
  1925. if (req->base.data != &wait)
  1926. pr_err("alg: aead: changed 'req->base.data'\n");
  1927. return -EINVAL;
  1928. }
  1929. if (is_test_sglist_corrupted(&tsgls->src)) {
  1930. pr_err("alg: aead: %s %s corrupted src sgl on test vector %s, cfg=\"%s\"\n",
  1931. driver, op, vec_name, cfg->name);
  1932. return -EINVAL;
  1933. }
  1934. if (tsgls->dst.sgl_ptr != tsgls->src.sgl &&
  1935. is_test_sglist_corrupted(&tsgls->dst)) {
  1936. pr_err("alg: aead: %s %s corrupted dst sgl on test vector %s, cfg=\"%s\"\n",
  1937. driver, op, vec_name, cfg->name);
  1938. return -EINVAL;
  1939. }
  1940. /* Check for unexpected success or failure, or wrong error code */
  1941. if ((err == 0 && vec->novrfy) ||
  1942. (err != vec->crypt_error && !(err == -EBADMSG && vec->novrfy))) {
  1943. char expected_error[32];
  1944. if (vec->novrfy &&
  1945. vec->crypt_error != 0 && vec->crypt_error != -EBADMSG)
  1946. sprintf(expected_error, "-EBADMSG or %d",
  1947. vec->crypt_error);
  1948. else if (vec->novrfy)
  1949. sprintf(expected_error, "-EBADMSG");
  1950. else
  1951. sprintf(expected_error, "%d", vec->crypt_error);
  1952. if (err) {
  1953. pr_err("alg: aead: %s %s failed on test vector %s; expected_error=%s, actual_error=%d, cfg=\"%s\"\n",
  1954. driver, op, vec_name, expected_error, err,
  1955. cfg->name);
  1956. return err;
  1957. }
  1958. pr_err("alg: aead: %s %s unexpectedly succeeded on test vector %s; expected_error=%s, cfg=\"%s\"\n",
  1959. driver, op, vec_name, expected_error, cfg->name);
  1960. return -EINVAL;
  1961. }
  1962. if (err) /* Expectedly failed. */
  1963. return 0;
  1964. /* Check for the correct output (ciphertext or plaintext) */
  1965. err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext,
  1966. enc ? vec->clen : vec->plen,
  1967. vec->alen,
  1968. enc || cfg->inplace_mode == OUT_OF_PLACE);
  1969. if (err == -EOVERFLOW) {
  1970. pr_err("alg: aead: %s %s overran dst buffer on test vector %s, cfg=\"%s\"\n",
  1971. driver, op, vec_name, cfg->name);
  1972. return err;
  1973. }
  1974. if (err) {
  1975. pr_err("alg: aead: %s %s test failed (wrong result) on test vector %s, cfg=\"%s\"\n",
  1976. driver, op, vec_name, cfg->name);
  1977. return err;
  1978. }
  1979. return 0;
  1980. }
  1981. static int test_aead_vec(int enc, const struct aead_testvec *vec,
  1982. unsigned int vec_num, struct aead_request *req,
  1983. struct cipher_test_sglists *tsgls)
  1984. {
  1985. char vec_name[16];
  1986. unsigned int i;
  1987. int err;
  1988. if (enc && vec->novrfy)
  1989. return 0;
  1990. sprintf(vec_name, "%u", vec_num);
  1991. for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) {
  1992. err = test_aead_vec_cfg(enc, vec, vec_name,
  1993. &default_cipher_testvec_configs[i],
  1994. req, tsgls);
  1995. if (err)
  1996. return err;
  1997. }
  1998. if (!noslowtests) {
  1999. struct rnd_state rng;
  2000. struct testvec_config cfg;
  2001. char cfgname[TESTVEC_CONFIG_NAMELEN];
  2002. init_rnd_state(&rng);
  2003. for (i = 0; i < fuzz_iterations; i++) {
  2004. generate_random_testvec_config(&rng, &cfg, cfgname,
  2005. sizeof(cfgname));
  2006. err = test_aead_vec_cfg(enc, vec, vec_name,
  2007. &cfg, req, tsgls);
  2008. if (err)
  2009. return err;
  2010. cond_resched();
  2011. }
  2012. }
  2013. return 0;
  2014. }
  2015. struct aead_slow_tests_ctx {
  2016. struct rnd_state rng;
  2017. struct aead_request *req;
  2018. struct crypto_aead *tfm;
  2019. const struct alg_test_desc *test_desc;
  2020. struct cipher_test_sglists *tsgls;
  2021. unsigned int maxdatasize;
  2022. unsigned int maxkeysize;
  2023. struct aead_testvec vec;
  2024. char vec_name[64];
  2025. char cfgname[TESTVEC_CONFIG_NAMELEN];
  2026. struct testvec_config cfg;
  2027. };
  2028. /*
  2029. * Make at least one random change to a (ciphertext, AAD) pair. "Ciphertext"
  2030. * here means the full ciphertext including the authentication tag. The
  2031. * authentication tag (and hence also the ciphertext) is assumed to be nonempty.
  2032. */
  2033. static void mutate_aead_message(struct rnd_state *rng,
  2034. struct aead_testvec *vec, bool aad_iv,
  2035. unsigned int ivsize)
  2036. {
  2037. const unsigned int aad_tail_size = aad_iv ? ivsize : 0;
  2038. const unsigned int authsize = vec->clen - vec->plen;
  2039. if (prandom_bool(rng) && vec->alen > aad_tail_size) {
  2040. /* Mutate the AAD */
  2041. flip_random_bit(rng, (u8 *)vec->assoc,
  2042. vec->alen - aad_tail_size);
  2043. if (prandom_bool(rng))
  2044. return;
  2045. }
  2046. if (prandom_bool(rng)) {
  2047. /* Mutate auth tag (assuming it's at the end of ciphertext) */
  2048. flip_random_bit(rng, (u8 *)vec->ctext + vec->plen, authsize);
  2049. } else {
  2050. /* Mutate any part of the ciphertext */
  2051. flip_random_bit(rng, (u8 *)vec->ctext, vec->clen);
  2052. }
  2053. }
  2054. /*
  2055. * Minimum authentication tag size in bytes at which we assume that we can
  2056. * reliably generate inauthentic messages, i.e. not generate an authentic
  2057. * message by chance.
  2058. */
  2059. #define MIN_COLLISION_FREE_AUTHSIZE 8
  2060. static void generate_aead_message(struct rnd_state *rng,
  2061. struct aead_request *req,
  2062. const struct aead_test_suite *suite,
  2063. struct aead_testvec *vec,
  2064. bool prefer_inauthentic)
  2065. {
  2066. struct crypto_aead *tfm = crypto_aead_reqtfm(req);
  2067. const unsigned int ivsize = crypto_aead_ivsize(tfm);
  2068. const unsigned int authsize = vec->clen - vec->plen;
  2069. const bool inauthentic = (authsize >= MIN_COLLISION_FREE_AUTHSIZE) &&
  2070. (prefer_inauthentic ||
  2071. prandom_u32_below(rng, 4) == 0);
  2072. /* Generate the AAD. */
  2073. generate_random_bytes(rng, (u8 *)vec->assoc, vec->alen);
  2074. if (suite->aad_iv && vec->alen >= ivsize)
  2075. /* Avoid implementation-defined behavior. */
  2076. memcpy((u8 *)vec->assoc + vec->alen - ivsize, vec->iv, ivsize);
  2077. if (inauthentic && prandom_bool(rng)) {
  2078. /* Generate a random ciphertext. */
  2079. generate_random_bytes(rng, (u8 *)vec->ctext, vec->clen);
  2080. } else {
  2081. int i = 0;
  2082. struct scatterlist src[2], dst;
  2083. u8 iv[MAX_IVLEN];
  2084. DECLARE_CRYPTO_WAIT(wait);
  2085. /* Generate a random plaintext and encrypt it. */
  2086. sg_init_table(src, 2);
  2087. if (vec->alen)
  2088. sg_set_buf(&src[i++], vec->assoc, vec->alen);
  2089. if (vec->plen) {
  2090. generate_random_bytes(rng, (u8 *)vec->ptext, vec->plen);
  2091. sg_set_buf(&src[i++], vec->ptext, vec->plen);
  2092. }
  2093. sg_init_one(&dst, vec->ctext, vec->alen + vec->clen);
  2094. memcpy(iv, vec->iv, ivsize);
  2095. aead_request_set_callback(req, 0, crypto_req_done, &wait);
  2096. aead_request_set_crypt(req, src, &dst, vec->plen, iv);
  2097. aead_request_set_ad(req, vec->alen);
  2098. vec->crypt_error = crypto_wait_req(crypto_aead_encrypt(req),
  2099. &wait);
  2100. /* If encryption failed, we're done. */
  2101. if (vec->crypt_error != 0)
  2102. return;
  2103. memmove((u8 *)vec->ctext, vec->ctext + vec->alen, vec->clen);
  2104. if (!inauthentic)
  2105. return;
  2106. /*
  2107. * Mutate the authentic (ciphertext, AAD) pair to get an
  2108. * inauthentic one.
  2109. */
  2110. mutate_aead_message(rng, vec, suite->aad_iv, ivsize);
  2111. }
  2112. vec->novrfy = 1;
  2113. if (suite->einval_allowed)
  2114. vec->crypt_error = -EINVAL;
  2115. }
  2116. /*
  2117. * Generate an AEAD test vector 'vec' using the implementation specified by
  2118. * 'req'. The buffers in 'vec' must already be allocated.
  2119. *
  2120. * If 'prefer_inauthentic' is true, then this function will generate inauthentic
  2121. * test vectors (i.e. vectors with 'vec->novrfy=1') more often.
  2122. */
  2123. static void generate_random_aead_testvec(struct rnd_state *rng,
  2124. struct aead_request *req,
  2125. struct aead_testvec *vec,
  2126. const struct aead_test_suite *suite,
  2127. unsigned int maxkeysize,
  2128. unsigned int maxdatasize,
  2129. char *name, size_t max_namelen,
  2130. bool prefer_inauthentic)
  2131. {
  2132. struct crypto_aead *tfm = crypto_aead_reqtfm(req);
  2133. const unsigned int ivsize = crypto_aead_ivsize(tfm);
  2134. const unsigned int maxauthsize = crypto_aead_maxauthsize(tfm);
  2135. unsigned int authsize;
  2136. unsigned int total_len;
  2137. /* Key: length in [0, maxkeysize], but usually choose maxkeysize */
  2138. vec->klen = maxkeysize;
  2139. if (prandom_u32_below(rng, 4) == 0)
  2140. vec->klen = prandom_u32_below(rng, maxkeysize + 1);
  2141. generate_random_bytes(rng, (u8 *)vec->key, vec->klen);
  2142. vec->setkey_error = crypto_aead_setkey(tfm, vec->key, vec->klen);
  2143. /* IV */
  2144. generate_random_bytes(rng, (u8 *)vec->iv, ivsize);
  2145. /* Tag length: in [0, maxauthsize], but usually choose maxauthsize */
  2146. authsize = maxauthsize;
  2147. if (prandom_u32_below(rng, 4) == 0)
  2148. authsize = prandom_u32_below(rng, maxauthsize + 1);
  2149. if (prefer_inauthentic && authsize < MIN_COLLISION_FREE_AUTHSIZE)
  2150. authsize = MIN_COLLISION_FREE_AUTHSIZE;
  2151. if (WARN_ON(authsize > maxdatasize))
  2152. authsize = maxdatasize;
  2153. maxdatasize -= authsize;
  2154. vec->setauthsize_error = crypto_aead_setauthsize(tfm, authsize);
  2155. /* AAD, plaintext, and ciphertext lengths */
  2156. total_len = generate_random_length(rng, maxdatasize);
  2157. if (prandom_u32_below(rng, 4) == 0)
  2158. vec->alen = 0;
  2159. else
  2160. vec->alen = generate_random_length(rng, total_len);
  2161. vec->plen = total_len - vec->alen;
  2162. vec->clen = vec->plen + authsize;
  2163. /*
  2164. * Generate the AAD, plaintext, and ciphertext. Not applicable if the
  2165. * key or the authentication tag size couldn't be set.
  2166. */
  2167. vec->novrfy = 0;
  2168. vec->crypt_error = 0;
  2169. if (vec->setkey_error == 0 && vec->setauthsize_error == 0)
  2170. generate_aead_message(rng, req, suite, vec, prefer_inauthentic);
  2171. snprintf(name, max_namelen,
  2172. "\"random: alen=%u plen=%u authsize=%u klen=%u novrfy=%d\"",
  2173. vec->alen, vec->plen, authsize, vec->klen, vec->novrfy);
  2174. }
  2175. static void try_to_generate_inauthentic_testvec(struct aead_slow_tests_ctx *ctx)
  2176. {
  2177. int i;
  2178. for (i = 0; i < 10; i++) {
  2179. generate_random_aead_testvec(&ctx->rng, ctx->req, &ctx->vec,
  2180. &ctx->test_desc->suite.aead,
  2181. ctx->maxkeysize, ctx->maxdatasize,
  2182. ctx->vec_name,
  2183. sizeof(ctx->vec_name), true);
  2184. if (ctx->vec.novrfy)
  2185. return;
  2186. }
  2187. }
  2188. /*
  2189. * Generate inauthentic test vectors (i.e. ciphertext, AAD pairs that aren't the
  2190. * result of an encryption with the key) and verify that decryption fails.
  2191. */
  2192. static int test_aead_inauthentic_inputs(struct aead_slow_tests_ctx *ctx)
  2193. {
  2194. unsigned int i;
  2195. int err;
  2196. for (i = 0; i < fuzz_iterations * 8; i++) {
  2197. /*
  2198. * Since this part of the tests isn't comparing the
  2199. * implementation to another, there's no point in testing any
  2200. * test vectors other than inauthentic ones (vec.novrfy=1) here.
  2201. *
  2202. * If we're having trouble generating such a test vector, e.g.
  2203. * if the algorithm keeps rejecting the generated keys, don't
  2204. * retry forever; just continue on.
  2205. */
  2206. try_to_generate_inauthentic_testvec(ctx);
  2207. if (ctx->vec.novrfy) {
  2208. generate_random_testvec_config(&ctx->rng, &ctx->cfg,
  2209. ctx->cfgname,
  2210. sizeof(ctx->cfgname));
  2211. err = test_aead_vec_cfg(DECRYPT, &ctx->vec,
  2212. ctx->vec_name, &ctx->cfg,
  2213. ctx->req, ctx->tsgls);
  2214. if (err)
  2215. return err;
  2216. }
  2217. cond_resched();
  2218. }
  2219. return 0;
  2220. }
  2221. /*
  2222. * Test the AEAD algorithm against the corresponding generic implementation, if
  2223. * one is available.
  2224. */
  2225. static int test_aead_vs_generic_impl(struct aead_slow_tests_ctx *ctx)
  2226. {
  2227. struct crypto_aead *tfm = ctx->tfm;
  2228. const char *algname = crypto_aead_alg(tfm)->base.cra_name;
  2229. const char *driver = crypto_aead_driver_name(tfm);
  2230. const char *generic_driver = ctx->test_desc->generic_driver;
  2231. char _generic_driver[CRYPTO_MAX_ALG_NAME];
  2232. struct crypto_aead *generic_tfm = NULL;
  2233. struct aead_request *generic_req = NULL;
  2234. unsigned int i;
  2235. int err;
  2236. if (!generic_driver) { /* Use default naming convention? */
  2237. err = build_generic_driver_name(algname, _generic_driver);
  2238. if (err)
  2239. return err;
  2240. generic_driver = _generic_driver;
  2241. }
  2242. if (strcmp(generic_driver, driver) == 0) /* Already the generic impl? */
  2243. return 0;
  2244. generic_tfm = crypto_alloc_aead(generic_driver, 0, 0);
  2245. if (IS_ERR(generic_tfm)) {
  2246. err = PTR_ERR(generic_tfm);
  2247. if (err == -ENOENT) {
  2248. pr_warn("alg: aead: skipping comparison tests for %s because %s is unavailable\n",
  2249. driver, generic_driver);
  2250. return 0;
  2251. }
  2252. pr_err("alg: aead: error allocating %s (generic impl of %s): %d\n",
  2253. generic_driver, algname, err);
  2254. return err;
  2255. }
  2256. generic_req = aead_request_alloc(generic_tfm, GFP_KERNEL);
  2257. if (!generic_req) {
  2258. err = -ENOMEM;
  2259. goto out;
  2260. }
  2261. /* Check the algorithm properties for consistency. */
  2262. if (crypto_aead_maxauthsize(tfm) !=
  2263. crypto_aead_maxauthsize(generic_tfm)) {
  2264. pr_err("alg: aead: maxauthsize for %s (%u) doesn't match generic impl (%u)\n",
  2265. driver, crypto_aead_maxauthsize(tfm),
  2266. crypto_aead_maxauthsize(generic_tfm));
  2267. err = -EINVAL;
  2268. goto out;
  2269. }
  2270. if (crypto_aead_ivsize(tfm) != crypto_aead_ivsize(generic_tfm)) {
  2271. pr_err("alg: aead: ivsize for %s (%u) doesn't match generic impl (%u)\n",
  2272. driver, crypto_aead_ivsize(tfm),
  2273. crypto_aead_ivsize(generic_tfm));
  2274. err = -EINVAL;
  2275. goto out;
  2276. }
  2277. if (crypto_aead_blocksize(tfm) != crypto_aead_blocksize(generic_tfm)) {
  2278. pr_err("alg: aead: blocksize for %s (%u) doesn't match generic impl (%u)\n",
  2279. driver, crypto_aead_blocksize(tfm),
  2280. crypto_aead_blocksize(generic_tfm));
  2281. err = -EINVAL;
  2282. goto out;
  2283. }
  2284. /*
  2285. * Now generate test vectors using the generic implementation, and test
  2286. * the other implementation against them.
  2287. */
  2288. for (i = 0; i < fuzz_iterations * 8; i++) {
  2289. generate_random_aead_testvec(&ctx->rng, generic_req, &ctx->vec,
  2290. &ctx->test_desc->suite.aead,
  2291. ctx->maxkeysize, ctx->maxdatasize,
  2292. ctx->vec_name,
  2293. sizeof(ctx->vec_name), false);
  2294. generate_random_testvec_config(&ctx->rng, &ctx->cfg,
  2295. ctx->cfgname,
  2296. sizeof(ctx->cfgname));
  2297. if (!ctx->vec.novrfy) {
  2298. err = test_aead_vec_cfg(ENCRYPT, &ctx->vec,
  2299. ctx->vec_name, &ctx->cfg,
  2300. ctx->req, ctx->tsgls);
  2301. if (err)
  2302. goto out;
  2303. }
  2304. if (ctx->vec.crypt_error == 0 || ctx->vec.novrfy) {
  2305. err = test_aead_vec_cfg(DECRYPT, &ctx->vec,
  2306. ctx->vec_name, &ctx->cfg,
  2307. ctx->req, ctx->tsgls);
  2308. if (err)
  2309. goto out;
  2310. }
  2311. cond_resched();
  2312. }
  2313. err = 0;
  2314. out:
  2315. crypto_free_aead(generic_tfm);
  2316. aead_request_free(generic_req);
  2317. return err;
  2318. }
  2319. static int test_aead_slow(const struct alg_test_desc *test_desc,
  2320. struct aead_request *req,
  2321. struct cipher_test_sglists *tsgls)
  2322. {
  2323. struct aead_slow_tests_ctx *ctx;
  2324. unsigned int i;
  2325. int err;
  2326. if (noslowtests)
  2327. return 0;
  2328. ctx = kzalloc_obj(*ctx);
  2329. if (!ctx)
  2330. return -ENOMEM;
  2331. init_rnd_state(&ctx->rng);
  2332. ctx->req = req;
  2333. ctx->tfm = crypto_aead_reqtfm(req);
  2334. ctx->test_desc = test_desc;
  2335. ctx->tsgls = tsgls;
  2336. ctx->maxdatasize = (2 * PAGE_SIZE) - TESTMGR_POISON_LEN;
  2337. ctx->maxkeysize = 0;
  2338. for (i = 0; i < test_desc->suite.aead.count; i++)
  2339. ctx->maxkeysize = max_t(unsigned int, ctx->maxkeysize,
  2340. test_desc->suite.aead.vecs[i].klen);
  2341. ctx->vec.key = kmalloc(ctx->maxkeysize, GFP_KERNEL);
  2342. ctx->vec.iv = kmalloc(crypto_aead_ivsize(ctx->tfm), GFP_KERNEL);
  2343. ctx->vec.assoc = kmalloc(ctx->maxdatasize, GFP_KERNEL);
  2344. ctx->vec.ptext = kmalloc(ctx->maxdatasize, GFP_KERNEL);
  2345. ctx->vec.ctext = kmalloc(ctx->maxdatasize, GFP_KERNEL);
  2346. if (!ctx->vec.key || !ctx->vec.iv || !ctx->vec.assoc ||
  2347. !ctx->vec.ptext || !ctx->vec.ctext) {
  2348. err = -ENOMEM;
  2349. goto out;
  2350. }
  2351. err = test_aead_vs_generic_impl(ctx);
  2352. if (err)
  2353. goto out;
  2354. err = test_aead_inauthentic_inputs(ctx);
  2355. out:
  2356. kfree(ctx->vec.key);
  2357. kfree(ctx->vec.iv);
  2358. kfree(ctx->vec.assoc);
  2359. kfree(ctx->vec.ptext);
  2360. kfree(ctx->vec.ctext);
  2361. kfree(ctx);
  2362. return err;
  2363. }
  2364. static int test_aead(int enc, const struct aead_test_suite *suite,
  2365. struct aead_request *req,
  2366. struct cipher_test_sglists *tsgls)
  2367. {
  2368. unsigned int i;
  2369. int err;
  2370. for (i = 0; i < suite->count; i++) {
  2371. err = test_aead_vec(enc, &suite->vecs[i], i, req, tsgls);
  2372. if (err)
  2373. return err;
  2374. cond_resched();
  2375. }
  2376. return 0;
  2377. }
  2378. static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
  2379. u32 type, u32 mask)
  2380. {
  2381. const struct aead_test_suite *suite = &desc->suite.aead;
  2382. struct crypto_aead *tfm;
  2383. struct aead_request *req = NULL;
  2384. struct cipher_test_sglists *tsgls = NULL;
  2385. int err;
  2386. if (suite->count <= 0) {
  2387. pr_err("alg: aead: empty test suite for %s\n", driver);
  2388. return -EINVAL;
  2389. }
  2390. tfm = crypto_alloc_aead(driver, type, mask);
  2391. if (IS_ERR(tfm)) {
  2392. if (PTR_ERR(tfm) == -ENOENT)
  2393. return 0;
  2394. pr_err("alg: aead: failed to allocate transform for %s: %ld\n",
  2395. driver, PTR_ERR(tfm));
  2396. return PTR_ERR(tfm);
  2397. }
  2398. driver = crypto_aead_driver_name(tfm);
  2399. req = aead_request_alloc(tfm, GFP_KERNEL);
  2400. if (!req) {
  2401. pr_err("alg: aead: failed to allocate request for %s\n",
  2402. driver);
  2403. err = -ENOMEM;
  2404. goto out;
  2405. }
  2406. tsgls = alloc_cipher_test_sglists();
  2407. if (!tsgls) {
  2408. pr_err("alg: aead: failed to allocate test buffers for %s\n",
  2409. driver);
  2410. err = -ENOMEM;
  2411. goto out;
  2412. }
  2413. err = test_aead(ENCRYPT, suite, req, tsgls);
  2414. if (err)
  2415. goto out;
  2416. err = test_aead(DECRYPT, suite, req, tsgls);
  2417. if (err)
  2418. goto out;
  2419. err = test_aead_slow(desc, req, tsgls);
  2420. out:
  2421. free_cipher_test_sglists(tsgls);
  2422. aead_request_free(req);
  2423. crypto_free_aead(tfm);
  2424. return err;
  2425. }
  2426. static int test_cipher(struct crypto_cipher *tfm, int enc,
  2427. const struct cipher_testvec *template,
  2428. unsigned int tcount)
  2429. {
  2430. const char *algo = crypto_tfm_alg_driver_name(crypto_cipher_tfm(tfm));
  2431. unsigned int i, j, k;
  2432. char *q;
  2433. const char *e;
  2434. const char *input, *result;
  2435. void *data;
  2436. char *xbuf[XBUFSIZE];
  2437. int ret = -ENOMEM;
  2438. if (testmgr_alloc_buf(xbuf))
  2439. goto out_nobuf;
  2440. if (enc == ENCRYPT)
  2441. e = "encryption";
  2442. else
  2443. e = "decryption";
  2444. j = 0;
  2445. for (i = 0; i < tcount; i++) {
  2446. if (fips_enabled && template[i].fips_skip)
  2447. continue;
  2448. input = enc ? template[i].ptext : template[i].ctext;
  2449. result = enc ? template[i].ctext : template[i].ptext;
  2450. j++;
  2451. ret = -EINVAL;
  2452. if (WARN_ON(template[i].len > PAGE_SIZE))
  2453. goto out;
  2454. data = xbuf[0];
  2455. memcpy(data, input, template[i].len);
  2456. crypto_cipher_clear_flags(tfm, ~0);
  2457. if (template[i].wk)
  2458. crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
  2459. ret = crypto_cipher_setkey(tfm, template[i].key,
  2460. template[i].klen);
  2461. if (ret) {
  2462. if (ret == template[i].setkey_error)
  2463. continue;
  2464. pr_err("alg: cipher: %s setkey failed on test vector %u; expected_error=%d, actual_error=%d, flags=%#x\n",
  2465. algo, j, template[i].setkey_error, ret,
  2466. crypto_cipher_get_flags(tfm));
  2467. goto out;
  2468. }
  2469. if (template[i].setkey_error) {
  2470. pr_err("alg: cipher: %s setkey unexpectedly succeeded on test vector %u; expected_error=%d\n",
  2471. algo, j, template[i].setkey_error);
  2472. ret = -EINVAL;
  2473. goto out;
  2474. }
  2475. for (k = 0; k < template[i].len;
  2476. k += crypto_cipher_blocksize(tfm)) {
  2477. if (enc)
  2478. crypto_cipher_encrypt_one(tfm, data + k,
  2479. data + k);
  2480. else
  2481. crypto_cipher_decrypt_one(tfm, data + k,
  2482. data + k);
  2483. }
  2484. q = data;
  2485. if (memcmp(q, result, template[i].len)) {
  2486. printk(KERN_ERR "alg: cipher: Test %d failed "
  2487. "on %s for %s\n", j, e, algo);
  2488. hexdump(q, template[i].len);
  2489. ret = -EINVAL;
  2490. goto out;
  2491. }
  2492. }
  2493. ret = 0;
  2494. out:
  2495. testmgr_free_buf(xbuf);
  2496. out_nobuf:
  2497. return ret;
  2498. }
  2499. static int test_skcipher_vec_cfg(int enc, const struct cipher_testvec *vec,
  2500. const char *vec_name,
  2501. const struct testvec_config *cfg,
  2502. struct skcipher_request *req,
  2503. struct cipher_test_sglists *tsgls)
  2504. {
  2505. struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
  2506. const unsigned int alignmask = crypto_skcipher_alignmask(tfm);
  2507. const unsigned int ivsize = crypto_skcipher_ivsize(tfm);
  2508. const char *driver = crypto_skcipher_driver_name(tfm);
  2509. const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags;
  2510. const char *op = enc ? "encryption" : "decryption";
  2511. DECLARE_CRYPTO_WAIT(wait);
  2512. u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN];
  2513. u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) +
  2514. cfg->iv_offset +
  2515. (cfg->iv_offset_relative_to_alignmask ? alignmask : 0);
  2516. struct kvec input;
  2517. int err;
  2518. /* Set the key */
  2519. if (vec->wk)
  2520. crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
  2521. else
  2522. crypto_skcipher_clear_flags(tfm,
  2523. CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
  2524. err = do_setkey(crypto_skcipher_setkey, tfm, vec->key, vec->klen,
  2525. cfg, alignmask);
  2526. if (err) {
  2527. if (err == vec->setkey_error)
  2528. return 0;
  2529. pr_err("alg: skcipher: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n",
  2530. driver, vec_name, vec->setkey_error, err,
  2531. crypto_skcipher_get_flags(tfm));
  2532. return err;
  2533. }
  2534. if (vec->setkey_error) {
  2535. pr_err("alg: skcipher: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n",
  2536. driver, vec_name, vec->setkey_error);
  2537. return -EINVAL;
  2538. }
  2539. /* The IV must be copied to a buffer, as the algorithm may modify it */
  2540. if (ivsize) {
  2541. if (WARN_ON(ivsize > MAX_IVLEN))
  2542. return -EINVAL;
  2543. if (vec->iv)
  2544. memcpy(iv, vec->iv, ivsize);
  2545. else
  2546. memset(iv, 0, ivsize);
  2547. } else {
  2548. iv = NULL;
  2549. }
  2550. /* Build the src/dst scatterlists */
  2551. input.iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext;
  2552. input.iov_len = vec->len;
  2553. err = build_cipher_test_sglists(tsgls, cfg, alignmask,
  2554. vec->len, vec->len, &input, 1);
  2555. if (err) {
  2556. pr_err("alg: skcipher: %s %s: error preparing scatterlists for test vector %s, cfg=\"%s\"\n",
  2557. driver, op, vec_name, cfg->name);
  2558. return err;
  2559. }
  2560. /* Do the actual encryption or decryption */
  2561. testmgr_poison(req->__ctx, crypto_skcipher_reqsize(tfm));
  2562. skcipher_request_set_callback(req, req_flags, crypto_req_done, &wait);
  2563. skcipher_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr,
  2564. vec->len, iv);
  2565. if (cfg->nosimd)
  2566. crypto_disable_simd_for_test();
  2567. err = enc ? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req);
  2568. if (cfg->nosimd)
  2569. crypto_reenable_simd_for_test();
  2570. err = crypto_wait_req(err, &wait);
  2571. /* Check that the algorithm didn't overwrite things it shouldn't have */
  2572. if (req->cryptlen != vec->len ||
  2573. req->iv != iv ||
  2574. req->src != tsgls->src.sgl_ptr ||
  2575. req->dst != tsgls->dst.sgl_ptr ||
  2576. crypto_skcipher_reqtfm(req) != tfm ||
  2577. req->base.complete != crypto_req_done ||
  2578. req->base.flags != req_flags ||
  2579. req->base.data != &wait) {
  2580. pr_err("alg: skcipher: %s %s corrupted request struct on test vector %s, cfg=\"%s\"\n",
  2581. driver, op, vec_name, cfg->name);
  2582. if (req->cryptlen != vec->len)
  2583. pr_err("alg: skcipher: changed 'req->cryptlen'\n");
  2584. if (req->iv != iv)
  2585. pr_err("alg: skcipher: changed 'req->iv'\n");
  2586. if (req->src != tsgls->src.sgl_ptr)
  2587. pr_err("alg: skcipher: changed 'req->src'\n");
  2588. if (req->dst != tsgls->dst.sgl_ptr)
  2589. pr_err("alg: skcipher: changed 'req->dst'\n");
  2590. if (crypto_skcipher_reqtfm(req) != tfm)
  2591. pr_err("alg: skcipher: changed 'req->base.tfm'\n");
  2592. if (req->base.complete != crypto_req_done)
  2593. pr_err("alg: skcipher: changed 'req->base.complete'\n");
  2594. if (req->base.flags != req_flags)
  2595. pr_err("alg: skcipher: changed 'req->base.flags'\n");
  2596. if (req->base.data != &wait)
  2597. pr_err("alg: skcipher: changed 'req->base.data'\n");
  2598. return -EINVAL;
  2599. }
  2600. if (is_test_sglist_corrupted(&tsgls->src)) {
  2601. pr_err("alg: skcipher: %s %s corrupted src sgl on test vector %s, cfg=\"%s\"\n",
  2602. driver, op, vec_name, cfg->name);
  2603. return -EINVAL;
  2604. }
  2605. if (tsgls->dst.sgl_ptr != tsgls->src.sgl &&
  2606. is_test_sglist_corrupted(&tsgls->dst)) {
  2607. pr_err("alg: skcipher: %s %s corrupted dst sgl on test vector %s, cfg=\"%s\"\n",
  2608. driver, op, vec_name, cfg->name);
  2609. return -EINVAL;
  2610. }
  2611. /* Check for success or failure */
  2612. if (err) {
  2613. if (err == vec->crypt_error)
  2614. return 0;
  2615. pr_err("alg: skcipher: %s %s failed on test vector %s; expected_error=%d, actual_error=%d, cfg=\"%s\"\n",
  2616. driver, op, vec_name, vec->crypt_error, err, cfg->name);
  2617. return err;
  2618. }
  2619. if (vec->crypt_error) {
  2620. pr_err("alg: skcipher: %s %s unexpectedly succeeded on test vector %s; expected_error=%d, cfg=\"%s\"\n",
  2621. driver, op, vec_name, vec->crypt_error, cfg->name);
  2622. return -EINVAL;
  2623. }
  2624. /* Check for the correct output (ciphertext or plaintext) */
  2625. err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext,
  2626. vec->len, 0, true);
  2627. if (err == -EOVERFLOW) {
  2628. pr_err("alg: skcipher: %s %s overran dst buffer on test vector %s, cfg=\"%s\"\n",
  2629. driver, op, vec_name, cfg->name);
  2630. return err;
  2631. }
  2632. if (err) {
  2633. pr_err("alg: skcipher: %s %s test failed (wrong result) on test vector %s, cfg=\"%s\"\n",
  2634. driver, op, vec_name, cfg->name);
  2635. return err;
  2636. }
  2637. /* If applicable, check that the algorithm generated the correct IV */
  2638. if (vec->iv_out && memcmp(iv, vec->iv_out, ivsize) != 0) {
  2639. pr_err("alg: skcipher: %s %s test failed (wrong output IV) on test vector %s, cfg=\"%s\"\n",
  2640. driver, op, vec_name, cfg->name);
  2641. hexdump(iv, ivsize);
  2642. return -EINVAL;
  2643. }
  2644. return 0;
  2645. }
  2646. static int test_skcipher_vec(int enc, const struct cipher_testvec *vec,
  2647. unsigned int vec_num,
  2648. struct skcipher_request *req,
  2649. struct cipher_test_sglists *tsgls)
  2650. {
  2651. char vec_name[16];
  2652. unsigned int i;
  2653. int err;
  2654. if (fips_enabled && vec->fips_skip)
  2655. return 0;
  2656. sprintf(vec_name, "%u", vec_num);
  2657. for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) {
  2658. err = test_skcipher_vec_cfg(enc, vec, vec_name,
  2659. &default_cipher_testvec_configs[i],
  2660. req, tsgls);
  2661. if (err)
  2662. return err;
  2663. }
  2664. if (!noslowtests) {
  2665. struct rnd_state rng;
  2666. struct testvec_config cfg;
  2667. char cfgname[TESTVEC_CONFIG_NAMELEN];
  2668. init_rnd_state(&rng);
  2669. for (i = 0; i < fuzz_iterations; i++) {
  2670. generate_random_testvec_config(&rng, &cfg, cfgname,
  2671. sizeof(cfgname));
  2672. err = test_skcipher_vec_cfg(enc, vec, vec_name,
  2673. &cfg, req, tsgls);
  2674. if (err)
  2675. return err;
  2676. cond_resched();
  2677. }
  2678. }
  2679. return 0;
  2680. }
  2681. /*
  2682. * Generate a symmetric cipher test vector from the given implementation.
  2683. * Assumes the buffers in 'vec' were already allocated.
  2684. */
  2685. static void generate_random_cipher_testvec(struct rnd_state *rng,
  2686. struct skcipher_request *req,
  2687. struct cipher_testvec *vec,
  2688. unsigned int maxdatasize,
  2689. char *name, size_t max_namelen)
  2690. {
  2691. struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
  2692. const unsigned int maxkeysize = crypto_skcipher_max_keysize(tfm);
  2693. const unsigned int ivsize = crypto_skcipher_ivsize(tfm);
  2694. struct scatterlist src, dst;
  2695. u8 iv[MAX_IVLEN];
  2696. DECLARE_CRYPTO_WAIT(wait);
  2697. /* Key: length in [0, maxkeysize], but usually choose maxkeysize */
  2698. vec->klen = maxkeysize;
  2699. if (prandom_u32_below(rng, 4) == 0)
  2700. vec->klen = prandom_u32_below(rng, maxkeysize + 1);
  2701. generate_random_bytes(rng, (u8 *)vec->key, vec->klen);
  2702. vec->setkey_error = crypto_skcipher_setkey(tfm, vec->key, vec->klen);
  2703. /* IV */
  2704. generate_random_bytes(rng, (u8 *)vec->iv, ivsize);
  2705. /* Plaintext */
  2706. vec->len = generate_random_length(rng, maxdatasize);
  2707. generate_random_bytes(rng, (u8 *)vec->ptext, vec->len);
  2708. /* If the key couldn't be set, no need to continue to encrypt. */
  2709. if (vec->setkey_error)
  2710. goto done;
  2711. /* Ciphertext */
  2712. sg_init_one(&src, vec->ptext, vec->len);
  2713. sg_init_one(&dst, vec->ctext, vec->len);
  2714. memcpy(iv, vec->iv, ivsize);
  2715. skcipher_request_set_callback(req, 0, crypto_req_done, &wait);
  2716. skcipher_request_set_crypt(req, &src, &dst, vec->len, iv);
  2717. vec->crypt_error = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
  2718. if (vec->crypt_error != 0) {
  2719. /*
  2720. * The only acceptable error here is for an invalid length, so
  2721. * skcipher decryption should fail with the same error too.
  2722. * We'll test for this. But to keep the API usage well-defined,
  2723. * explicitly initialize the ciphertext buffer too.
  2724. */
  2725. memset((u8 *)vec->ctext, 0, vec->len);
  2726. }
  2727. done:
  2728. snprintf(name, max_namelen, "\"random: len=%u klen=%u\"",
  2729. vec->len, vec->klen);
  2730. }
  2731. /*
  2732. * Test the skcipher algorithm represented by @req against the corresponding
  2733. * generic implementation, if one is available.
  2734. */
  2735. static int test_skcipher_vs_generic_impl(const char *generic_driver,
  2736. struct skcipher_request *req,
  2737. struct cipher_test_sglists *tsgls)
  2738. {
  2739. struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
  2740. const unsigned int maxkeysize = crypto_skcipher_max_keysize(tfm);
  2741. const unsigned int ivsize = crypto_skcipher_ivsize(tfm);
  2742. const unsigned int blocksize = crypto_skcipher_blocksize(tfm);
  2743. const unsigned int maxdatasize = (2 * PAGE_SIZE) - TESTMGR_POISON_LEN;
  2744. const char *algname = crypto_skcipher_alg(tfm)->base.cra_name;
  2745. const char *driver = crypto_skcipher_driver_name(tfm);
  2746. struct rnd_state rng;
  2747. char _generic_driver[CRYPTO_MAX_ALG_NAME];
  2748. struct crypto_skcipher *generic_tfm = NULL;
  2749. struct skcipher_request *generic_req = NULL;
  2750. unsigned int i;
  2751. struct cipher_testvec vec = { 0 };
  2752. char vec_name[64];
  2753. struct testvec_config *cfg;
  2754. char cfgname[TESTVEC_CONFIG_NAMELEN];
  2755. int err;
  2756. if (noslowtests)
  2757. return 0;
  2758. init_rnd_state(&rng);
  2759. if (!generic_driver) { /* Use default naming convention? */
  2760. err = build_generic_driver_name(algname, _generic_driver);
  2761. if (err)
  2762. return err;
  2763. generic_driver = _generic_driver;
  2764. }
  2765. if (strcmp(generic_driver, driver) == 0) /* Already the generic impl? */
  2766. return 0;
  2767. generic_tfm = crypto_alloc_skcipher(generic_driver, 0, 0);
  2768. if (IS_ERR(generic_tfm)) {
  2769. err = PTR_ERR(generic_tfm);
  2770. if (err == -ENOENT) {
  2771. pr_warn("alg: skcipher: skipping comparison tests for %s because %s is unavailable\n",
  2772. driver, generic_driver);
  2773. return 0;
  2774. }
  2775. pr_err("alg: skcipher: error allocating %s (generic impl of %s): %d\n",
  2776. generic_driver, algname, err);
  2777. return err;
  2778. }
  2779. cfg = kzalloc_obj(*cfg);
  2780. if (!cfg) {
  2781. err = -ENOMEM;
  2782. goto out;
  2783. }
  2784. generic_req = skcipher_request_alloc(generic_tfm, GFP_KERNEL);
  2785. if (!generic_req) {
  2786. err = -ENOMEM;
  2787. goto out;
  2788. }
  2789. /* Check the algorithm properties for consistency. */
  2790. if (crypto_skcipher_min_keysize(tfm) !=
  2791. crypto_skcipher_min_keysize(generic_tfm)) {
  2792. pr_err("alg: skcipher: min keysize for %s (%u) doesn't match generic impl (%u)\n",
  2793. driver, crypto_skcipher_min_keysize(tfm),
  2794. crypto_skcipher_min_keysize(generic_tfm));
  2795. err = -EINVAL;
  2796. goto out;
  2797. }
  2798. if (maxkeysize != crypto_skcipher_max_keysize(generic_tfm)) {
  2799. pr_err("alg: skcipher: max keysize for %s (%u) doesn't match generic impl (%u)\n",
  2800. driver, maxkeysize,
  2801. crypto_skcipher_max_keysize(generic_tfm));
  2802. err = -EINVAL;
  2803. goto out;
  2804. }
  2805. if (ivsize != crypto_skcipher_ivsize(generic_tfm)) {
  2806. pr_err("alg: skcipher: ivsize for %s (%u) doesn't match generic impl (%u)\n",
  2807. driver, ivsize, crypto_skcipher_ivsize(generic_tfm));
  2808. err = -EINVAL;
  2809. goto out;
  2810. }
  2811. if (blocksize != crypto_skcipher_blocksize(generic_tfm)) {
  2812. pr_err("alg: skcipher: blocksize for %s (%u) doesn't match generic impl (%u)\n",
  2813. driver, blocksize,
  2814. crypto_skcipher_blocksize(generic_tfm));
  2815. err = -EINVAL;
  2816. goto out;
  2817. }
  2818. /*
  2819. * Now generate test vectors using the generic implementation, and test
  2820. * the other implementation against them.
  2821. */
  2822. vec.key = kmalloc(maxkeysize, GFP_KERNEL);
  2823. vec.iv = kmalloc(ivsize, GFP_KERNEL);
  2824. vec.ptext = kmalloc(maxdatasize, GFP_KERNEL);
  2825. vec.ctext = kmalloc(maxdatasize, GFP_KERNEL);
  2826. if (!vec.key || !vec.iv || !vec.ptext || !vec.ctext) {
  2827. err = -ENOMEM;
  2828. goto out;
  2829. }
  2830. for (i = 0; i < fuzz_iterations * 8; i++) {
  2831. generate_random_cipher_testvec(&rng, generic_req, &vec,
  2832. maxdatasize,
  2833. vec_name, sizeof(vec_name));
  2834. generate_random_testvec_config(&rng, cfg, cfgname,
  2835. sizeof(cfgname));
  2836. err = test_skcipher_vec_cfg(ENCRYPT, &vec, vec_name,
  2837. cfg, req, tsgls);
  2838. if (err)
  2839. goto out;
  2840. err = test_skcipher_vec_cfg(DECRYPT, &vec, vec_name,
  2841. cfg, req, tsgls);
  2842. if (err)
  2843. goto out;
  2844. cond_resched();
  2845. }
  2846. err = 0;
  2847. out:
  2848. kfree(cfg);
  2849. kfree(vec.key);
  2850. kfree(vec.iv);
  2851. kfree(vec.ptext);
  2852. kfree(vec.ctext);
  2853. crypto_free_skcipher(generic_tfm);
  2854. skcipher_request_free(generic_req);
  2855. return err;
  2856. }
  2857. static int test_skcipher(int enc, const struct cipher_test_suite *suite,
  2858. struct skcipher_request *req,
  2859. struct cipher_test_sglists *tsgls)
  2860. {
  2861. unsigned int i;
  2862. int err;
  2863. for (i = 0; i < suite->count; i++) {
  2864. err = test_skcipher_vec(enc, &suite->vecs[i], i, req, tsgls);
  2865. if (err)
  2866. return err;
  2867. cond_resched();
  2868. }
  2869. return 0;
  2870. }
  2871. static int alg_test_skcipher(const struct alg_test_desc *desc,
  2872. const char *driver, u32 type, u32 mask)
  2873. {
  2874. const struct cipher_test_suite *suite = &desc->suite.cipher;
  2875. struct crypto_skcipher *tfm;
  2876. struct skcipher_request *req = NULL;
  2877. struct cipher_test_sglists *tsgls = NULL;
  2878. int err;
  2879. if (suite->count <= 0) {
  2880. pr_err("alg: skcipher: empty test suite for %s\n", driver);
  2881. return -EINVAL;
  2882. }
  2883. tfm = crypto_alloc_skcipher(driver, type, mask);
  2884. if (IS_ERR(tfm)) {
  2885. if (PTR_ERR(tfm) == -ENOENT)
  2886. return 0;
  2887. pr_err("alg: skcipher: failed to allocate transform for %s: %ld\n",
  2888. driver, PTR_ERR(tfm));
  2889. return PTR_ERR(tfm);
  2890. }
  2891. driver = crypto_skcipher_driver_name(tfm);
  2892. req = skcipher_request_alloc(tfm, GFP_KERNEL);
  2893. if (!req) {
  2894. pr_err("alg: skcipher: failed to allocate request for %s\n",
  2895. driver);
  2896. err = -ENOMEM;
  2897. goto out;
  2898. }
  2899. tsgls = alloc_cipher_test_sglists();
  2900. if (!tsgls) {
  2901. pr_err("alg: skcipher: failed to allocate test buffers for %s\n",
  2902. driver);
  2903. err = -ENOMEM;
  2904. goto out;
  2905. }
  2906. err = test_skcipher(ENCRYPT, suite, req, tsgls);
  2907. if (err)
  2908. goto out;
  2909. err = test_skcipher(DECRYPT, suite, req, tsgls);
  2910. if (err)
  2911. goto out;
  2912. err = test_skcipher_vs_generic_impl(desc->generic_driver, req, tsgls);
  2913. out:
  2914. free_cipher_test_sglists(tsgls);
  2915. skcipher_request_free(req);
  2916. crypto_free_skcipher(tfm);
  2917. return err;
  2918. }
  2919. static int test_acomp(struct crypto_acomp *tfm,
  2920. const struct comp_testvec *ctemplate,
  2921. const struct comp_testvec *dtemplate,
  2922. int ctcount, int dtcount)
  2923. {
  2924. const char *algo = crypto_tfm_alg_driver_name(crypto_acomp_tfm(tfm));
  2925. unsigned int i;
  2926. char *output, *decomp_out;
  2927. int ret;
  2928. struct scatterlist src, dst;
  2929. struct acomp_req *req;
  2930. struct crypto_wait wait;
  2931. output = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
  2932. if (!output)
  2933. return -ENOMEM;
  2934. decomp_out = kmalloc(COMP_BUF_SIZE, GFP_KERNEL);
  2935. if (!decomp_out) {
  2936. kfree(output);
  2937. return -ENOMEM;
  2938. }
  2939. for (i = 0; i < ctcount; i++) {
  2940. unsigned int dlen = COMP_BUF_SIZE;
  2941. int ilen = ctemplate[i].inlen;
  2942. void *input_vec;
  2943. input_vec = kmemdup(ctemplate[i].input, ilen, GFP_KERNEL);
  2944. if (!input_vec) {
  2945. ret = -ENOMEM;
  2946. goto out;
  2947. }
  2948. memset(output, 0, dlen);
  2949. crypto_init_wait(&wait);
  2950. sg_init_one(&src, input_vec, ilen);
  2951. sg_init_one(&dst, output, dlen);
  2952. req = acomp_request_alloc(tfm);
  2953. if (!req) {
  2954. pr_err("alg: acomp: request alloc failed for %s\n",
  2955. algo);
  2956. kfree(input_vec);
  2957. ret = -ENOMEM;
  2958. goto out;
  2959. }
  2960. acomp_request_set_params(req, &src, &dst, ilen, dlen);
  2961. acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
  2962. crypto_req_done, &wait);
  2963. ret = crypto_wait_req(crypto_acomp_compress(req), &wait);
  2964. if (ret) {
  2965. pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
  2966. i + 1, algo, -ret);
  2967. kfree(input_vec);
  2968. acomp_request_free(req);
  2969. goto out;
  2970. }
  2971. ilen = req->dlen;
  2972. dlen = COMP_BUF_SIZE;
  2973. sg_init_one(&src, output, ilen);
  2974. sg_init_one(&dst, decomp_out, dlen);
  2975. crypto_init_wait(&wait);
  2976. acomp_request_set_params(req, &src, &dst, ilen, dlen);
  2977. ret = crypto_wait_req(crypto_acomp_decompress(req), &wait);
  2978. if (ret) {
  2979. pr_err("alg: acomp: compression failed on test %d for %s: ret=%d\n",
  2980. i + 1, algo, -ret);
  2981. kfree(input_vec);
  2982. acomp_request_free(req);
  2983. goto out;
  2984. }
  2985. if (req->dlen != ctemplate[i].inlen) {
  2986. pr_err("alg: acomp: Compression test %d failed for %s: output len = %d\n",
  2987. i + 1, algo, req->dlen);
  2988. ret = -EINVAL;
  2989. kfree(input_vec);
  2990. acomp_request_free(req);
  2991. goto out;
  2992. }
  2993. if (memcmp(input_vec, decomp_out, req->dlen)) {
  2994. pr_err("alg: acomp: Compression test %d failed for %s\n",
  2995. i + 1, algo);
  2996. hexdump(output, req->dlen);
  2997. ret = -EINVAL;
  2998. kfree(input_vec);
  2999. acomp_request_free(req);
  3000. goto out;
  3001. }
  3002. kfree(input_vec);
  3003. acomp_request_free(req);
  3004. }
  3005. for (i = 0; i < dtcount; i++) {
  3006. unsigned int dlen = COMP_BUF_SIZE;
  3007. int ilen = dtemplate[i].inlen;
  3008. void *input_vec;
  3009. input_vec = kmemdup(dtemplate[i].input, ilen, GFP_KERNEL);
  3010. if (!input_vec) {
  3011. ret = -ENOMEM;
  3012. goto out;
  3013. }
  3014. memset(output, 0, dlen);
  3015. crypto_init_wait(&wait);
  3016. sg_init_one(&src, input_vec, ilen);
  3017. sg_init_one(&dst, output, dlen);
  3018. req = acomp_request_alloc(tfm);
  3019. if (!req) {
  3020. pr_err("alg: acomp: request alloc failed for %s\n",
  3021. algo);
  3022. kfree(input_vec);
  3023. ret = -ENOMEM;
  3024. goto out;
  3025. }
  3026. acomp_request_set_params(req, &src, &dst, ilen, dlen);
  3027. acomp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
  3028. crypto_req_done, &wait);
  3029. ret = crypto_wait_req(crypto_acomp_decompress(req), &wait);
  3030. if (ret) {
  3031. pr_err("alg: acomp: decompression failed on test %d for %s: ret=%d\n",
  3032. i + 1, algo, -ret);
  3033. kfree(input_vec);
  3034. acomp_request_free(req);
  3035. goto out;
  3036. }
  3037. if (req->dlen != dtemplate[i].outlen) {
  3038. pr_err("alg: acomp: Decompression test %d failed for %s: output len = %d\n",
  3039. i + 1, algo, req->dlen);
  3040. ret = -EINVAL;
  3041. kfree(input_vec);
  3042. acomp_request_free(req);
  3043. goto out;
  3044. }
  3045. if (memcmp(output, dtemplate[i].output, req->dlen)) {
  3046. pr_err("alg: acomp: Decompression test %d failed for %s\n",
  3047. i + 1, algo);
  3048. hexdump(output, req->dlen);
  3049. ret = -EINVAL;
  3050. kfree(input_vec);
  3051. acomp_request_free(req);
  3052. goto out;
  3053. }
  3054. kfree(input_vec);
  3055. acomp_request_free(req);
  3056. }
  3057. ret = 0;
  3058. out:
  3059. kfree(decomp_out);
  3060. kfree(output);
  3061. return ret;
  3062. }
  3063. static int alg_test_cipher(const struct alg_test_desc *desc,
  3064. const char *driver, u32 type, u32 mask)
  3065. {
  3066. const struct cipher_test_suite *suite = &desc->suite.cipher;
  3067. struct crypto_cipher *tfm;
  3068. int err;
  3069. tfm = crypto_alloc_cipher(driver, type, mask);
  3070. if (IS_ERR(tfm)) {
  3071. if (PTR_ERR(tfm) == -ENOENT)
  3072. return 0;
  3073. printk(KERN_ERR "alg: cipher: Failed to load transform for "
  3074. "%s: %ld\n", driver, PTR_ERR(tfm));
  3075. return PTR_ERR(tfm);
  3076. }
  3077. err = test_cipher(tfm, ENCRYPT, suite->vecs, suite->count);
  3078. if (!err)
  3079. err = test_cipher(tfm, DECRYPT, suite->vecs, suite->count);
  3080. crypto_free_cipher(tfm);
  3081. return err;
  3082. }
  3083. static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
  3084. u32 type, u32 mask)
  3085. {
  3086. struct crypto_acomp *acomp;
  3087. int err;
  3088. acomp = crypto_alloc_acomp(driver, type, mask);
  3089. if (IS_ERR(acomp)) {
  3090. if (PTR_ERR(acomp) == -ENOENT)
  3091. return 0;
  3092. pr_err("alg: acomp: Failed to load transform for %s: %ld\n",
  3093. driver, PTR_ERR(acomp));
  3094. return PTR_ERR(acomp);
  3095. }
  3096. err = test_acomp(acomp, desc->suite.comp.comp.vecs,
  3097. desc->suite.comp.decomp.vecs,
  3098. desc->suite.comp.comp.count,
  3099. desc->suite.comp.decomp.count);
  3100. crypto_free_acomp(acomp);
  3101. return err;
  3102. }
  3103. static int drbg_cavs_test(const struct drbg_testvec *test, int pr,
  3104. const char *driver, u32 type, u32 mask)
  3105. {
  3106. int ret = -EAGAIN;
  3107. struct crypto_rng *drng;
  3108. struct drbg_test_data test_data;
  3109. struct drbg_string addtl, pers, testentropy;
  3110. unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL);
  3111. if (!buf)
  3112. return -ENOMEM;
  3113. drng = crypto_alloc_rng(driver, type, mask);
  3114. if (IS_ERR(drng)) {
  3115. kfree_sensitive(buf);
  3116. if (PTR_ERR(drng) == -ENOENT)
  3117. return 0;
  3118. printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for "
  3119. "%s\n", driver);
  3120. return PTR_ERR(drng);
  3121. }
  3122. test_data.testentropy = &testentropy;
  3123. drbg_string_fill(&testentropy, test->entropy, test->entropylen);
  3124. drbg_string_fill(&pers, test->pers, test->perslen);
  3125. ret = crypto_drbg_reset_test(drng, &pers, &test_data);
  3126. if (ret) {
  3127. printk(KERN_ERR "alg: drbg: Failed to reset rng\n");
  3128. goto outbuf;
  3129. }
  3130. drbg_string_fill(&addtl, test->addtla, test->addtllen);
  3131. if (pr) {
  3132. drbg_string_fill(&testentropy, test->entpra, test->entprlen);
  3133. ret = crypto_drbg_get_bytes_addtl_test(drng,
  3134. buf, test->expectedlen, &addtl, &test_data);
  3135. } else {
  3136. ret = crypto_drbg_get_bytes_addtl(drng,
  3137. buf, test->expectedlen, &addtl);
  3138. }
  3139. if (ret < 0) {
  3140. printk(KERN_ERR "alg: drbg: could not obtain random data for "
  3141. "driver %s\n", driver);
  3142. goto outbuf;
  3143. }
  3144. drbg_string_fill(&addtl, test->addtlb, test->addtllen);
  3145. if (pr) {
  3146. drbg_string_fill(&testentropy, test->entprb, test->entprlen);
  3147. ret = crypto_drbg_get_bytes_addtl_test(drng,
  3148. buf, test->expectedlen, &addtl, &test_data);
  3149. } else {
  3150. ret = crypto_drbg_get_bytes_addtl(drng,
  3151. buf, test->expectedlen, &addtl);
  3152. }
  3153. if (ret < 0) {
  3154. printk(KERN_ERR "alg: drbg: could not obtain random data for "
  3155. "driver %s\n", driver);
  3156. goto outbuf;
  3157. }
  3158. ret = memcmp(test->expected, buf, test->expectedlen);
  3159. outbuf:
  3160. crypto_free_rng(drng);
  3161. kfree_sensitive(buf);
  3162. return ret;
  3163. }
  3164. static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver,
  3165. u32 type, u32 mask)
  3166. {
  3167. int err = 0;
  3168. int pr = 0;
  3169. int i = 0;
  3170. const struct drbg_testvec *template = desc->suite.drbg.vecs;
  3171. unsigned int tcount = desc->suite.drbg.count;
  3172. if (0 == memcmp(driver, "drbg_pr_", 8))
  3173. pr = 1;
  3174. for (i = 0; i < tcount; i++) {
  3175. err = drbg_cavs_test(&template[i], pr, driver, type, mask);
  3176. if (err) {
  3177. printk(KERN_ERR "alg: drbg: Test %d failed for %s\n",
  3178. i, driver);
  3179. err = -EINVAL;
  3180. break;
  3181. }
  3182. }
  3183. return err;
  3184. }
  3185. static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec,
  3186. const char *alg)
  3187. {
  3188. struct kpp_request *req;
  3189. void *input_buf = NULL;
  3190. void *output_buf = NULL;
  3191. void *a_public = NULL;
  3192. void *a_ss = NULL;
  3193. void *shared_secret = NULL;
  3194. struct crypto_wait wait;
  3195. unsigned int out_len_max;
  3196. int err = -ENOMEM;
  3197. struct scatterlist src, dst;
  3198. req = kpp_request_alloc(tfm, GFP_KERNEL);
  3199. if (!req)
  3200. return err;
  3201. crypto_init_wait(&wait);
  3202. err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size);
  3203. if (err < 0)
  3204. goto free_req;
  3205. out_len_max = crypto_kpp_maxsize(tfm);
  3206. output_buf = kzalloc(out_len_max, GFP_KERNEL);
  3207. if (!output_buf) {
  3208. err = -ENOMEM;
  3209. goto free_req;
  3210. }
  3211. /* Use appropriate parameter as base */
  3212. kpp_request_set_input(req, NULL, 0);
  3213. sg_init_one(&dst, output_buf, out_len_max);
  3214. kpp_request_set_output(req, &dst, out_len_max);
  3215. kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
  3216. crypto_req_done, &wait);
  3217. /* Compute party A's public key */
  3218. err = crypto_wait_req(crypto_kpp_generate_public_key(req), &wait);
  3219. if (err) {
  3220. pr_err("alg: %s: Party A: generate public key test failed. err %d\n",
  3221. alg, err);
  3222. goto free_output;
  3223. }
  3224. if (vec->genkey) {
  3225. /* Save party A's public key */
  3226. a_public = kmemdup(sg_virt(req->dst), out_len_max, GFP_KERNEL);
  3227. if (!a_public) {
  3228. err = -ENOMEM;
  3229. goto free_output;
  3230. }
  3231. } else {
  3232. /* Verify calculated public key */
  3233. if (memcmp(vec->expected_a_public, sg_virt(req->dst),
  3234. vec->expected_a_public_size)) {
  3235. pr_err("alg: %s: Party A: generate public key test failed. Invalid output\n",
  3236. alg);
  3237. err = -EINVAL;
  3238. goto free_output;
  3239. }
  3240. }
  3241. /* Calculate shared secret key by using counter part (b) public key. */
  3242. input_buf = kmemdup(vec->b_public, vec->b_public_size, GFP_KERNEL);
  3243. if (!input_buf) {
  3244. err = -ENOMEM;
  3245. goto free_output;
  3246. }
  3247. sg_init_one(&src, input_buf, vec->b_public_size);
  3248. sg_init_one(&dst, output_buf, out_len_max);
  3249. kpp_request_set_input(req, &src, vec->b_public_size);
  3250. kpp_request_set_output(req, &dst, out_len_max);
  3251. kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
  3252. crypto_req_done, &wait);
  3253. err = crypto_wait_req(crypto_kpp_compute_shared_secret(req), &wait);
  3254. if (err) {
  3255. pr_err("alg: %s: Party A: compute shared secret test failed. err %d\n",
  3256. alg, err);
  3257. goto free_all;
  3258. }
  3259. if (vec->genkey) {
  3260. /* Save the shared secret obtained by party A */
  3261. a_ss = kmemdup(sg_virt(req->dst), vec->expected_ss_size, GFP_KERNEL);
  3262. if (!a_ss) {
  3263. err = -ENOMEM;
  3264. goto free_all;
  3265. }
  3266. /*
  3267. * Calculate party B's shared secret by using party A's
  3268. * public key.
  3269. */
  3270. err = crypto_kpp_set_secret(tfm, vec->b_secret,
  3271. vec->b_secret_size);
  3272. if (err < 0)
  3273. goto free_all;
  3274. sg_init_one(&src, a_public, vec->expected_a_public_size);
  3275. sg_init_one(&dst, output_buf, out_len_max);
  3276. kpp_request_set_input(req, &src, vec->expected_a_public_size);
  3277. kpp_request_set_output(req, &dst, out_len_max);
  3278. kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
  3279. crypto_req_done, &wait);
  3280. err = crypto_wait_req(crypto_kpp_compute_shared_secret(req),
  3281. &wait);
  3282. if (err) {
  3283. pr_err("alg: %s: Party B: compute shared secret failed. err %d\n",
  3284. alg, err);
  3285. goto free_all;
  3286. }
  3287. shared_secret = a_ss;
  3288. } else {
  3289. shared_secret = (void *)vec->expected_ss;
  3290. }
  3291. /*
  3292. * verify shared secret from which the user will derive
  3293. * secret key by executing whatever hash it has chosen
  3294. */
  3295. if (memcmp(shared_secret, sg_virt(req->dst),
  3296. vec->expected_ss_size)) {
  3297. pr_err("alg: %s: compute shared secret test failed. Invalid output\n",
  3298. alg);
  3299. err = -EINVAL;
  3300. }
  3301. free_all:
  3302. kfree(a_ss);
  3303. kfree(input_buf);
  3304. free_output:
  3305. kfree(a_public);
  3306. kfree(output_buf);
  3307. free_req:
  3308. kpp_request_free(req);
  3309. return err;
  3310. }
  3311. static int test_kpp(struct crypto_kpp *tfm, const char *alg,
  3312. const struct kpp_testvec *vecs, unsigned int tcount)
  3313. {
  3314. int ret, i;
  3315. for (i = 0; i < tcount; i++) {
  3316. ret = do_test_kpp(tfm, vecs++, alg);
  3317. if (ret) {
  3318. pr_err("alg: %s: test failed on vector %d, err=%d\n",
  3319. alg, i + 1, ret);
  3320. return ret;
  3321. }
  3322. }
  3323. return 0;
  3324. }
  3325. static int alg_test_kpp(const struct alg_test_desc *desc, const char *driver,
  3326. u32 type, u32 mask)
  3327. {
  3328. struct crypto_kpp *tfm;
  3329. int err = 0;
  3330. tfm = crypto_alloc_kpp(driver, type, mask);
  3331. if (IS_ERR(tfm)) {
  3332. if (PTR_ERR(tfm) == -ENOENT)
  3333. return 0;
  3334. pr_err("alg: kpp: Failed to load tfm for %s: %ld\n",
  3335. driver, PTR_ERR(tfm));
  3336. return PTR_ERR(tfm);
  3337. }
  3338. if (desc->suite.kpp.vecs)
  3339. err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs,
  3340. desc->suite.kpp.count);
  3341. crypto_free_kpp(tfm);
  3342. return err;
  3343. }
  3344. static u8 *test_pack_u32(u8 *dst, u32 val)
  3345. {
  3346. memcpy(dst, &val, sizeof(val));
  3347. return dst + sizeof(val);
  3348. }
  3349. static int test_akcipher_one(struct crypto_akcipher *tfm,
  3350. const struct akcipher_testvec *vecs)
  3351. {
  3352. char *xbuf[XBUFSIZE];
  3353. struct akcipher_request *req;
  3354. void *outbuf_enc = NULL;
  3355. void *outbuf_dec = NULL;
  3356. struct crypto_wait wait;
  3357. unsigned int out_len_max, out_len = 0;
  3358. int err = -ENOMEM;
  3359. struct scatterlist src, dst, src_tab[2];
  3360. const char *c;
  3361. unsigned int c_size;
  3362. if (testmgr_alloc_buf(xbuf))
  3363. return err;
  3364. req = akcipher_request_alloc(tfm, GFP_KERNEL);
  3365. if (!req)
  3366. goto free_xbuf;
  3367. crypto_init_wait(&wait);
  3368. if (vecs->public_key_vec)
  3369. err = crypto_akcipher_set_pub_key(tfm, vecs->key,
  3370. vecs->key_len);
  3371. else
  3372. err = crypto_akcipher_set_priv_key(tfm, vecs->key,
  3373. vecs->key_len);
  3374. if (err)
  3375. goto free_req;
  3376. /* First run encrypt test which does not require a private key */
  3377. err = -ENOMEM;
  3378. out_len_max = crypto_akcipher_maxsize(tfm);
  3379. outbuf_enc = kzalloc(out_len_max, GFP_KERNEL);
  3380. if (!outbuf_enc)
  3381. goto free_req;
  3382. c = vecs->c;
  3383. c_size = vecs->c_size;
  3384. err = -E2BIG;
  3385. if (WARN_ON(vecs->m_size > PAGE_SIZE))
  3386. goto free_all;
  3387. memcpy(xbuf[0], vecs->m, vecs->m_size);
  3388. sg_init_table(src_tab, 2);
  3389. sg_set_buf(&src_tab[0], xbuf[0], 8);
  3390. sg_set_buf(&src_tab[1], xbuf[0] + 8, vecs->m_size - 8);
  3391. sg_init_one(&dst, outbuf_enc, out_len_max);
  3392. akcipher_request_set_crypt(req, src_tab, &dst, vecs->m_size,
  3393. out_len_max);
  3394. akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
  3395. crypto_req_done, &wait);
  3396. err = crypto_wait_req(crypto_akcipher_encrypt(req), &wait);
  3397. if (err) {
  3398. pr_err("alg: akcipher: encrypt test failed. err %d\n", err);
  3399. goto free_all;
  3400. }
  3401. if (c) {
  3402. if (req->dst_len != c_size) {
  3403. pr_err("alg: akcipher: encrypt test failed. Invalid output len\n");
  3404. err = -EINVAL;
  3405. goto free_all;
  3406. }
  3407. /* verify that encrypted message is equal to expected */
  3408. if (memcmp(c, outbuf_enc, c_size) != 0) {
  3409. pr_err("alg: akcipher: encrypt test failed. Invalid output\n");
  3410. hexdump(outbuf_enc, c_size);
  3411. err = -EINVAL;
  3412. goto free_all;
  3413. }
  3414. }
  3415. /*
  3416. * Don't invoke decrypt test which requires a private key
  3417. * for vectors with only a public key.
  3418. */
  3419. if (vecs->public_key_vec) {
  3420. err = 0;
  3421. goto free_all;
  3422. }
  3423. outbuf_dec = kzalloc(out_len_max, GFP_KERNEL);
  3424. if (!outbuf_dec) {
  3425. err = -ENOMEM;
  3426. goto free_all;
  3427. }
  3428. if (!c) {
  3429. c = outbuf_enc;
  3430. c_size = req->dst_len;
  3431. }
  3432. err = -E2BIG;
  3433. if (WARN_ON(c_size > PAGE_SIZE))
  3434. goto free_all;
  3435. memcpy(xbuf[0], c, c_size);
  3436. sg_init_one(&src, xbuf[0], c_size);
  3437. sg_init_one(&dst, outbuf_dec, out_len_max);
  3438. crypto_init_wait(&wait);
  3439. akcipher_request_set_crypt(req, &src, &dst, c_size, out_len_max);
  3440. err = crypto_wait_req(crypto_akcipher_decrypt(req), &wait);
  3441. if (err) {
  3442. pr_err("alg: akcipher: decrypt test failed. err %d\n", err);
  3443. goto free_all;
  3444. }
  3445. out_len = req->dst_len;
  3446. if (out_len < vecs->m_size) {
  3447. pr_err("alg: akcipher: decrypt test failed. Invalid output len %u\n",
  3448. out_len);
  3449. err = -EINVAL;
  3450. goto free_all;
  3451. }
  3452. /* verify that decrypted message is equal to the original msg */
  3453. if (memchr_inv(outbuf_dec, 0, out_len - vecs->m_size) ||
  3454. memcmp(vecs->m, outbuf_dec + out_len - vecs->m_size,
  3455. vecs->m_size)) {
  3456. pr_err("alg: akcipher: decrypt test failed. Invalid output\n");
  3457. hexdump(outbuf_dec, out_len);
  3458. err = -EINVAL;
  3459. }
  3460. free_all:
  3461. kfree(outbuf_dec);
  3462. kfree(outbuf_enc);
  3463. free_req:
  3464. akcipher_request_free(req);
  3465. free_xbuf:
  3466. testmgr_free_buf(xbuf);
  3467. return err;
  3468. }
  3469. static int test_akcipher(struct crypto_akcipher *tfm, const char *alg,
  3470. const struct akcipher_testvec *vecs,
  3471. unsigned int tcount)
  3472. {
  3473. const char *algo =
  3474. crypto_tfm_alg_driver_name(crypto_akcipher_tfm(tfm));
  3475. int ret, i;
  3476. for (i = 0; i < tcount; i++) {
  3477. ret = test_akcipher_one(tfm, vecs++);
  3478. if (!ret)
  3479. continue;
  3480. pr_err("alg: akcipher: test %d failed for %s, err=%d\n",
  3481. i + 1, algo, ret);
  3482. return ret;
  3483. }
  3484. return 0;
  3485. }
  3486. static int alg_test_akcipher(const struct alg_test_desc *desc,
  3487. const char *driver, u32 type, u32 mask)
  3488. {
  3489. struct crypto_akcipher *tfm;
  3490. int err = 0;
  3491. tfm = crypto_alloc_akcipher(driver, type, mask);
  3492. if (IS_ERR(tfm)) {
  3493. if (PTR_ERR(tfm) == -ENOENT)
  3494. return 0;
  3495. pr_err("alg: akcipher: Failed to load tfm for %s: %ld\n",
  3496. driver, PTR_ERR(tfm));
  3497. return PTR_ERR(tfm);
  3498. }
  3499. if (desc->suite.akcipher.vecs)
  3500. err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs,
  3501. desc->suite.akcipher.count);
  3502. crypto_free_akcipher(tfm);
  3503. return err;
  3504. }
  3505. static int test_sig_one(struct crypto_sig *tfm, const struct sig_testvec *vecs)
  3506. {
  3507. u8 *ptr, *key __free(kfree);
  3508. int err, sig_size;
  3509. key = kmalloc(vecs->key_len + 2 * sizeof(u32) + vecs->param_len,
  3510. GFP_KERNEL);
  3511. if (!key)
  3512. return -ENOMEM;
  3513. /* ecrdsa expects additional parameters appended to the key */
  3514. memcpy(key, vecs->key, vecs->key_len);
  3515. ptr = key + vecs->key_len;
  3516. ptr = test_pack_u32(ptr, vecs->algo);
  3517. ptr = test_pack_u32(ptr, vecs->param_len);
  3518. memcpy(ptr, vecs->params, vecs->param_len);
  3519. if (vecs->public_key_vec)
  3520. err = crypto_sig_set_pubkey(tfm, key, vecs->key_len);
  3521. else
  3522. err = crypto_sig_set_privkey(tfm, key, vecs->key_len);
  3523. if (err)
  3524. return err;
  3525. /*
  3526. * Run asymmetric signature verification first
  3527. * (which does not require a private key)
  3528. */
  3529. err = crypto_sig_verify(tfm, vecs->c, vecs->c_size,
  3530. vecs->m, vecs->m_size);
  3531. if (err) {
  3532. pr_err("alg: sig: verify test failed: err %d\n", err);
  3533. return err;
  3534. }
  3535. /*
  3536. * Don't invoke sign test (which requires a private key)
  3537. * for vectors with only a public key.
  3538. */
  3539. if (vecs->public_key_vec)
  3540. return 0;
  3541. sig_size = crypto_sig_maxsize(tfm);
  3542. if (sig_size < vecs->c_size) {
  3543. pr_err("alg: sig: invalid maxsize %u\n", sig_size);
  3544. return -EINVAL;
  3545. }
  3546. u8 *sig __free(kfree) = kzalloc(sig_size, GFP_KERNEL);
  3547. if (!sig)
  3548. return -ENOMEM;
  3549. /* Run asymmetric signature generation */
  3550. err = crypto_sig_sign(tfm, vecs->m, vecs->m_size, sig, sig_size);
  3551. if (err < 0) {
  3552. pr_err("alg: sig: sign test failed: err %d\n", err);
  3553. return err;
  3554. }
  3555. /* Verify that generated signature equals cooked signature */
  3556. if (err != vecs->c_size ||
  3557. memcmp(sig, vecs->c, vecs->c_size) ||
  3558. memchr_inv(sig + vecs->c_size, 0, sig_size - vecs->c_size)) {
  3559. pr_err("alg: sig: sign test failed: invalid output\n");
  3560. hexdump(sig, sig_size);
  3561. return -EINVAL;
  3562. }
  3563. return 0;
  3564. }
  3565. static int test_sig(struct crypto_sig *tfm, const char *alg,
  3566. const struct sig_testvec *vecs, unsigned int tcount)
  3567. {
  3568. const char *algo = crypto_tfm_alg_driver_name(crypto_sig_tfm(tfm));
  3569. int ret, i;
  3570. for (i = 0; i < tcount; i++) {
  3571. ret = test_sig_one(tfm, vecs++);
  3572. if (ret) {
  3573. pr_err("alg: sig: test %d failed for %s: err %d\n",
  3574. i + 1, algo, ret);
  3575. return ret;
  3576. }
  3577. }
  3578. return 0;
  3579. }
  3580. static int alg_test_sig(const struct alg_test_desc *desc, const char *driver,
  3581. u32 type, u32 mask)
  3582. {
  3583. struct crypto_sig *tfm;
  3584. int err = 0;
  3585. tfm = crypto_alloc_sig(driver, type, mask);
  3586. if (IS_ERR(tfm)) {
  3587. pr_err("alg: sig: Failed to load tfm for %s: %ld\n",
  3588. driver, PTR_ERR(tfm));
  3589. return PTR_ERR(tfm);
  3590. }
  3591. if (desc->suite.sig.vecs)
  3592. err = test_sig(tfm, desc->alg, desc->suite.sig.vecs,
  3593. desc->suite.sig.count);
  3594. crypto_free_sig(tfm);
  3595. return err;
  3596. }
  3597. static int alg_test_null(const struct alg_test_desc *desc,
  3598. const char *driver, u32 type, u32 mask)
  3599. {
  3600. return 0;
  3601. }
  3602. #define ____VECS(tv) .vecs = tv, .count = ARRAY_SIZE(tv)
  3603. #define __VECS(tv) { ____VECS(tv) }
  3604. /* Please keep this list sorted by algorithm name. */
  3605. static const struct alg_test_desc alg_test_descs[] = {
  3606. {
  3607. .alg = "adiantum(xchacha12,aes)",
  3608. .generic_driver = "adiantum(xchacha12-lib,aes-lib)",
  3609. .test = alg_test_skcipher,
  3610. .suite = {
  3611. .cipher = __VECS(adiantum_xchacha12_aes_tv_template)
  3612. },
  3613. }, {
  3614. .alg = "adiantum(xchacha20,aes)",
  3615. .generic_driver = "adiantum(xchacha20-lib,aes-lib)",
  3616. .test = alg_test_skcipher,
  3617. .suite = {
  3618. .cipher = __VECS(adiantum_xchacha20_aes_tv_template)
  3619. },
  3620. }, {
  3621. .alg = "aegis128",
  3622. .test = alg_test_aead,
  3623. .suite = {
  3624. .aead = __VECS(aegis128_tv_template)
  3625. }
  3626. }, {
  3627. .alg = "authenc(hmac(md5),cbc(des3_ede))",
  3628. .generic_driver = "authenc(hmac-md5-lib,cbc(des3_ede-generic))",
  3629. .test = alg_test_aead,
  3630. .suite = {
  3631. .aead = __VECS(hmac_md5_des3_ede_cbc_tv_temp)
  3632. }
  3633. }, {
  3634. .alg = "authenc(hmac(md5),ecb(cipher_null))",
  3635. .generic_driver = "authenc(hmac-md5-lib,ecb-cipher_null)",
  3636. .test = alg_test_aead,
  3637. .suite = {
  3638. .aead = __VECS(hmac_md5_ecb_cipher_null_tv_template)
  3639. }
  3640. }, {
  3641. .alg = "authenc(hmac(sha1),cbc(aes))",
  3642. .generic_driver = "authenc(hmac-sha1-lib,cbc(aes-lib))",
  3643. .test = alg_test_aead,
  3644. .fips_allowed = 1,
  3645. .suite = {
  3646. .aead = __VECS(hmac_sha1_aes_cbc_tv_temp)
  3647. }
  3648. }, {
  3649. .alg = "authenc(hmac(sha1),cbc(des))",
  3650. .generic_driver = "authenc(hmac-sha1-lib,cbc(des-generic))",
  3651. .test = alg_test_aead,
  3652. .suite = {
  3653. .aead = __VECS(hmac_sha1_des_cbc_tv_temp)
  3654. }
  3655. }, {
  3656. .alg = "authenc(hmac(sha1),cbc(des3_ede))",
  3657. .generic_driver = "authenc(hmac-sha1-lib,cbc(des3_ede-generic))",
  3658. .test = alg_test_aead,
  3659. .suite = {
  3660. .aead = __VECS(hmac_sha1_des3_ede_cbc_tv_temp)
  3661. }
  3662. }, {
  3663. .alg = "authenc(hmac(sha1),ctr(aes))",
  3664. .test = alg_test_null,
  3665. .fips_allowed = 1,
  3666. }, {
  3667. .alg = "authenc(hmac(sha1),ecb(cipher_null))",
  3668. .generic_driver = "authenc(hmac-sha1-lib,ecb-cipher_null)",
  3669. .test = alg_test_aead,
  3670. .suite = {
  3671. .aead = __VECS(hmac_sha1_ecb_cipher_null_tv_temp)
  3672. }
  3673. }, {
  3674. .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
  3675. .test = alg_test_null,
  3676. .fips_allowed = 1,
  3677. }, {
  3678. .alg = "authenc(hmac(sha224),cbc(aes))",
  3679. .generic_driver = "authenc(hmac-sha224-lib,cbc(aes-lib))",
  3680. .test = alg_test_aead,
  3681. .suite = {
  3682. .aead = __VECS(hmac_sha224_aes_cbc_tv_temp)
  3683. }
  3684. }, {
  3685. .alg = "authenc(hmac(sha224),cbc(des))",
  3686. .generic_driver = "authenc(hmac-sha224-lib,cbc(des-generic))",
  3687. .test = alg_test_aead,
  3688. .suite = {
  3689. .aead = __VECS(hmac_sha224_des_cbc_tv_temp)
  3690. }
  3691. }, {
  3692. .alg = "authenc(hmac(sha224),cbc(des3_ede))",
  3693. .generic_driver = "authenc(hmac-sha224-lib,cbc(des3_ede-generic))",
  3694. .test = alg_test_aead,
  3695. .suite = {
  3696. .aead = __VECS(hmac_sha224_des3_ede_cbc_tv_temp)
  3697. }
  3698. }, {
  3699. .alg = "authenc(hmac(sha224),rfc3686(ctr(aes)))",
  3700. .test = alg_test_null,
  3701. .fips_allowed = 1,
  3702. }, {
  3703. .alg = "authenc(hmac(sha256),cbc(aes))",
  3704. .generic_driver = "authenc(hmac-sha256-lib,cbc(aes-lib))",
  3705. .test = alg_test_aead,
  3706. .fips_allowed = 1,
  3707. .suite = {
  3708. .aead = __VECS(hmac_sha256_aes_cbc_tv_temp)
  3709. }
  3710. }, {
  3711. .alg = "authenc(hmac(sha256),cbc(des))",
  3712. .generic_driver = "authenc(hmac-sha256-lib,cbc(des-generic))",
  3713. .test = alg_test_aead,
  3714. .suite = {
  3715. .aead = __VECS(hmac_sha256_des_cbc_tv_temp)
  3716. }
  3717. }, {
  3718. .alg = "authenc(hmac(sha256),cbc(des3_ede))",
  3719. .generic_driver = "authenc(hmac-sha256-lib,cbc(des3_ede-generic))",
  3720. .test = alg_test_aead,
  3721. .suite = {
  3722. .aead = __VECS(hmac_sha256_des3_ede_cbc_tv_temp)
  3723. }
  3724. }, {
  3725. .alg = "authenc(hmac(sha256),ctr(aes))",
  3726. .test = alg_test_null,
  3727. .fips_allowed = 1,
  3728. }, {
  3729. .alg = "authenc(hmac(sha256),cts(cbc(aes)))",
  3730. .generic_driver = "authenc(hmac-sha256-lib,cts(cbc(aes-lib)))",
  3731. .test = alg_test_aead,
  3732. .suite = {
  3733. .aead = __VECS(krb5_test_aes128_cts_hmac_sha256_128)
  3734. }
  3735. }, {
  3736. .alg = "authenc(hmac(sha256),rfc3686(ctr(aes)))",
  3737. .test = alg_test_null,
  3738. .fips_allowed = 1,
  3739. }, {
  3740. .alg = "authenc(hmac(sha384),cbc(aes))",
  3741. .generic_driver = "authenc(hmac-sha384-lib,cbc(aes-lib))",
  3742. .test = alg_test_aead,
  3743. .suite = {
  3744. .aead = __VECS(hmac_sha384_aes_cbc_tv_temp)
  3745. }
  3746. }, {
  3747. .alg = "authenc(hmac(sha384),cbc(des))",
  3748. .generic_driver = "authenc(hmac-sha384-lib,cbc(des-generic))",
  3749. .test = alg_test_aead,
  3750. .suite = {
  3751. .aead = __VECS(hmac_sha384_des_cbc_tv_temp)
  3752. }
  3753. }, {
  3754. .alg = "authenc(hmac(sha384),cbc(des3_ede))",
  3755. .generic_driver = "authenc(hmac-sha384-lib,cbc(des3_ede-generic))",
  3756. .test = alg_test_aead,
  3757. .suite = {
  3758. .aead = __VECS(hmac_sha384_des3_ede_cbc_tv_temp)
  3759. }
  3760. }, {
  3761. .alg = "authenc(hmac(sha384),ctr(aes))",
  3762. .test = alg_test_null,
  3763. .fips_allowed = 1,
  3764. }, {
  3765. .alg = "authenc(hmac(sha384),cts(cbc(aes)))",
  3766. .generic_driver = "authenc(hmac-sha384-lib,cts(cbc(aes-lib)))",
  3767. .test = alg_test_aead,
  3768. .suite = {
  3769. .aead = __VECS(krb5_test_aes256_cts_hmac_sha384_192)
  3770. }
  3771. }, {
  3772. .alg = "authenc(hmac(sha384),rfc3686(ctr(aes)))",
  3773. .test = alg_test_null,
  3774. .fips_allowed = 1,
  3775. }, {
  3776. .alg = "authenc(hmac(sha512),cbc(aes))",
  3777. .generic_driver = "authenc(hmac-sha512-lib,cbc(aes-lib))",
  3778. .fips_allowed = 1,
  3779. .test = alg_test_aead,
  3780. .suite = {
  3781. .aead = __VECS(hmac_sha512_aes_cbc_tv_temp)
  3782. }
  3783. }, {
  3784. .alg = "authenc(hmac(sha512),cbc(des))",
  3785. .generic_driver = "authenc(hmac-sha512-lib,cbc(des-generic))",
  3786. .test = alg_test_aead,
  3787. .suite = {
  3788. .aead = __VECS(hmac_sha512_des_cbc_tv_temp)
  3789. }
  3790. }, {
  3791. .alg = "authenc(hmac(sha512),cbc(des3_ede))",
  3792. .generic_driver = "authenc(hmac-sha512-lib,cbc(des3_ede-generic))",
  3793. .test = alg_test_aead,
  3794. .suite = {
  3795. .aead = __VECS(hmac_sha512_des3_ede_cbc_tv_temp)
  3796. }
  3797. }, {
  3798. .alg = "authenc(hmac(sha512),ctr(aes))",
  3799. .test = alg_test_null,
  3800. .fips_allowed = 1,
  3801. }, {
  3802. .alg = "authenc(hmac(sha512),rfc3686(ctr(aes)))",
  3803. .test = alg_test_null,
  3804. .fips_allowed = 1,
  3805. }, {
  3806. .alg = "blake2b-160",
  3807. .generic_driver = "blake2b-160-lib",
  3808. .test = alg_test_hash,
  3809. .fips_allowed = 0,
  3810. .suite = {
  3811. .hash = __VECS(blake2b_160_tv_template)
  3812. }
  3813. }, {
  3814. .alg = "blake2b-256",
  3815. .generic_driver = "blake2b-256-lib",
  3816. .test = alg_test_hash,
  3817. .fips_allowed = 0,
  3818. .suite = {
  3819. .hash = __VECS(blake2b_256_tv_template)
  3820. }
  3821. }, {
  3822. .alg = "blake2b-384",
  3823. .generic_driver = "blake2b-384-lib",
  3824. .test = alg_test_hash,
  3825. .fips_allowed = 0,
  3826. .suite = {
  3827. .hash = __VECS(blake2b_384_tv_template)
  3828. }
  3829. }, {
  3830. .alg = "blake2b-512",
  3831. .generic_driver = "blake2b-512-lib",
  3832. .test = alg_test_hash,
  3833. .fips_allowed = 0,
  3834. .suite = {
  3835. .hash = __VECS(blake2b_512_tv_template)
  3836. }
  3837. }, {
  3838. .alg = "cbc(aes)",
  3839. .generic_driver = "cbc(aes-lib)",
  3840. .test = alg_test_skcipher,
  3841. .fips_allowed = 1,
  3842. .suite = {
  3843. .cipher = __VECS(aes_cbc_tv_template)
  3844. },
  3845. }, {
  3846. .alg = "cbc(anubis)",
  3847. .test = alg_test_skcipher,
  3848. .suite = {
  3849. .cipher = __VECS(anubis_cbc_tv_template)
  3850. },
  3851. }, {
  3852. .alg = "cbc(aria)",
  3853. .test = alg_test_skcipher,
  3854. .suite = {
  3855. .cipher = __VECS(aria_cbc_tv_template)
  3856. },
  3857. }, {
  3858. .alg = "cbc(blowfish)",
  3859. .test = alg_test_skcipher,
  3860. .suite = {
  3861. .cipher = __VECS(bf_cbc_tv_template)
  3862. },
  3863. }, {
  3864. .alg = "cbc(camellia)",
  3865. .test = alg_test_skcipher,
  3866. .suite = {
  3867. .cipher = __VECS(camellia_cbc_tv_template)
  3868. },
  3869. }, {
  3870. .alg = "cbc(cast5)",
  3871. .test = alg_test_skcipher,
  3872. .suite = {
  3873. .cipher = __VECS(cast5_cbc_tv_template)
  3874. },
  3875. }, {
  3876. .alg = "cbc(cast6)",
  3877. .test = alg_test_skcipher,
  3878. .suite = {
  3879. .cipher = __VECS(cast6_cbc_tv_template)
  3880. },
  3881. }, {
  3882. .alg = "cbc(des)",
  3883. .test = alg_test_skcipher,
  3884. .suite = {
  3885. .cipher = __VECS(des_cbc_tv_template)
  3886. },
  3887. }, {
  3888. .alg = "cbc(des3_ede)",
  3889. .test = alg_test_skcipher,
  3890. .suite = {
  3891. .cipher = __VECS(des3_ede_cbc_tv_template)
  3892. },
  3893. }, {
  3894. /* Same as cbc(aes) except the key is stored in
  3895. * hardware secure memory which we reference by index
  3896. */
  3897. .alg = "cbc(paes)",
  3898. .test = alg_test_null,
  3899. .fips_allowed = 1,
  3900. }, {
  3901. /* Same as cbc(sm4) except the key is stored in
  3902. * hardware secure memory which we reference by index
  3903. */
  3904. .alg = "cbc(psm4)",
  3905. .test = alg_test_null,
  3906. }, {
  3907. .alg = "cbc(serpent)",
  3908. .test = alg_test_skcipher,
  3909. .suite = {
  3910. .cipher = __VECS(serpent_cbc_tv_template)
  3911. },
  3912. }, {
  3913. .alg = "cbc(sm4)",
  3914. .test = alg_test_skcipher,
  3915. .suite = {
  3916. .cipher = __VECS(sm4_cbc_tv_template)
  3917. }
  3918. }, {
  3919. .alg = "cbc(twofish)",
  3920. .test = alg_test_skcipher,
  3921. .suite = {
  3922. .cipher = __VECS(tf_cbc_tv_template)
  3923. },
  3924. }, {
  3925. #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
  3926. .alg = "cbc-paes-s390",
  3927. .fips_allowed = 1,
  3928. .test = alg_test_skcipher,
  3929. .suite = {
  3930. .cipher = __VECS(aes_cbc_tv_template)
  3931. }
  3932. }, {
  3933. #endif
  3934. .alg = "cbcmac(aes)",
  3935. .generic_driver = "cbcmac(aes-lib)",
  3936. .test = alg_test_hash,
  3937. .suite = {
  3938. .hash = __VECS(aes_cbcmac_tv_template)
  3939. }
  3940. }, {
  3941. .alg = "cbcmac(sm4)",
  3942. .test = alg_test_hash,
  3943. .suite = {
  3944. .hash = __VECS(sm4_cbcmac_tv_template)
  3945. }
  3946. }, {
  3947. .alg = "ccm(aes)",
  3948. .generic_driver = "ccm_base(ctr(aes-lib),cbcmac(aes-lib))",
  3949. .test = alg_test_aead,
  3950. .fips_allowed = 1,
  3951. .suite = {
  3952. .aead = {
  3953. ____VECS(aes_ccm_tv_template),
  3954. .einval_allowed = 1,
  3955. }
  3956. }
  3957. }, {
  3958. .alg = "ccm(sm4)",
  3959. .generic_driver = "ccm_base(ctr(sm4-generic),cbcmac(sm4-generic))",
  3960. .test = alg_test_aead,
  3961. .suite = {
  3962. .aead = {
  3963. ____VECS(sm4_ccm_tv_template),
  3964. .einval_allowed = 1,
  3965. }
  3966. }
  3967. }, {
  3968. .alg = "chacha20",
  3969. .generic_driver = "chacha20-lib",
  3970. .test = alg_test_skcipher,
  3971. .suite = {
  3972. .cipher = __VECS(chacha20_tv_template)
  3973. },
  3974. }, {
  3975. .alg = "cmac(aes)",
  3976. .generic_driver = "cmac(aes-lib)",
  3977. .fips_allowed = 1,
  3978. .test = alg_test_hash,
  3979. .suite = {
  3980. .hash = __VECS(aes_cmac128_tv_template)
  3981. }
  3982. }, {
  3983. .alg = "cmac(camellia)",
  3984. .test = alg_test_hash,
  3985. .suite = {
  3986. .hash = __VECS(camellia_cmac128_tv_template)
  3987. }
  3988. }, {
  3989. .alg = "cmac(des3_ede)",
  3990. .test = alg_test_hash,
  3991. .suite = {
  3992. .hash = __VECS(des3_ede_cmac64_tv_template)
  3993. }
  3994. }, {
  3995. .alg = "cmac(sm4)",
  3996. .test = alg_test_hash,
  3997. .suite = {
  3998. .hash = __VECS(sm4_cmac128_tv_template)
  3999. }
  4000. }, {
  4001. .alg = "crc32",
  4002. .generic_driver = "crc32-lib",
  4003. .test = alg_test_hash,
  4004. .fips_allowed = 1,
  4005. .suite = {
  4006. .hash = __VECS(crc32_tv_template)
  4007. }
  4008. }, {
  4009. .alg = "crc32c",
  4010. .generic_driver = "crc32c-lib",
  4011. .test = alg_test_hash,
  4012. .fips_allowed = 1,
  4013. .suite = {
  4014. .hash = __VECS(crc32c_tv_template)
  4015. }
  4016. }, {
  4017. .alg = "ctr(aes)",
  4018. .generic_driver = "ctr(aes-lib)",
  4019. .test = alg_test_skcipher,
  4020. .fips_allowed = 1,
  4021. .suite = {
  4022. .cipher = __VECS(aes_ctr_tv_template)
  4023. }
  4024. }, {
  4025. .alg = "ctr(aria)",
  4026. .test = alg_test_skcipher,
  4027. .suite = {
  4028. .cipher = __VECS(aria_ctr_tv_template)
  4029. }
  4030. }, {
  4031. .alg = "ctr(blowfish)",
  4032. .test = alg_test_skcipher,
  4033. .suite = {
  4034. .cipher = __VECS(bf_ctr_tv_template)
  4035. }
  4036. }, {
  4037. .alg = "ctr(camellia)",
  4038. .test = alg_test_skcipher,
  4039. .suite = {
  4040. .cipher = __VECS(camellia_ctr_tv_template)
  4041. }
  4042. }, {
  4043. .alg = "ctr(cast5)",
  4044. .test = alg_test_skcipher,
  4045. .suite = {
  4046. .cipher = __VECS(cast5_ctr_tv_template)
  4047. }
  4048. }, {
  4049. .alg = "ctr(cast6)",
  4050. .test = alg_test_skcipher,
  4051. .suite = {
  4052. .cipher = __VECS(cast6_ctr_tv_template)
  4053. }
  4054. }, {
  4055. .alg = "ctr(des)",
  4056. .test = alg_test_skcipher,
  4057. .suite = {
  4058. .cipher = __VECS(des_ctr_tv_template)
  4059. }
  4060. }, {
  4061. .alg = "ctr(des3_ede)",
  4062. .test = alg_test_skcipher,
  4063. .suite = {
  4064. .cipher = __VECS(des3_ede_ctr_tv_template)
  4065. }
  4066. }, {
  4067. /* Same as ctr(aes) except the key is stored in
  4068. * hardware secure memory which we reference by index
  4069. */
  4070. .alg = "ctr(paes)",
  4071. .test = alg_test_null,
  4072. .fips_allowed = 1,
  4073. }, {
  4074. /* Same as ctr(sm4) except the key is stored in
  4075. * hardware secure memory which we reference by index
  4076. */
  4077. .alg = "ctr(psm4)",
  4078. .test = alg_test_null,
  4079. }, {
  4080. .alg = "ctr(serpent)",
  4081. .test = alg_test_skcipher,
  4082. .suite = {
  4083. .cipher = __VECS(serpent_ctr_tv_template)
  4084. }
  4085. }, {
  4086. .alg = "ctr(sm4)",
  4087. .test = alg_test_skcipher,
  4088. .suite = {
  4089. .cipher = __VECS(sm4_ctr_tv_template)
  4090. }
  4091. }, {
  4092. .alg = "ctr(twofish)",
  4093. .test = alg_test_skcipher,
  4094. .suite = {
  4095. .cipher = __VECS(tf_ctr_tv_template)
  4096. }
  4097. }, {
  4098. #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
  4099. .alg = "ctr-paes-s390",
  4100. .fips_allowed = 1,
  4101. .test = alg_test_skcipher,
  4102. .suite = {
  4103. .cipher = __VECS(aes_ctr_tv_template)
  4104. }
  4105. }, {
  4106. #endif
  4107. .alg = "cts(cbc(aes))",
  4108. .generic_driver = "cts(cbc(aes-lib))",
  4109. .test = alg_test_skcipher,
  4110. .fips_allowed = 1,
  4111. .suite = {
  4112. .cipher = __VECS(cts_mode_tv_template)
  4113. }
  4114. }, {
  4115. /* Same as cts(cbc((aes)) except the key is stored in
  4116. * hardware secure memory which we reference by index
  4117. */
  4118. .alg = "cts(cbc(paes))",
  4119. .test = alg_test_null,
  4120. .fips_allowed = 1,
  4121. }, {
  4122. .alg = "cts(cbc(sm4))",
  4123. .test = alg_test_skcipher,
  4124. .suite = {
  4125. .cipher = __VECS(sm4_cts_tv_template)
  4126. }
  4127. }, {
  4128. .alg = "deflate",
  4129. .test = alg_test_comp,
  4130. .fips_allowed = 1,
  4131. .suite = {
  4132. .comp = {
  4133. .comp = __VECS(deflate_comp_tv_template),
  4134. .decomp = __VECS(deflate_decomp_tv_template)
  4135. }
  4136. }
  4137. }, {
  4138. .alg = "deflate-iaa",
  4139. .test = alg_test_comp,
  4140. .fips_allowed = 1,
  4141. .suite = {
  4142. .comp = {
  4143. .comp = __VECS(deflate_comp_tv_template),
  4144. .decomp = __VECS(deflate_decomp_tv_template)
  4145. }
  4146. }
  4147. }, {
  4148. .alg = "dh",
  4149. .test = alg_test_kpp,
  4150. .suite = {
  4151. .kpp = __VECS(dh_tv_template)
  4152. }
  4153. }, {
  4154. .alg = "digest_null",
  4155. .test = alg_test_null,
  4156. }, {
  4157. .alg = "drbg_nopr_ctr_aes128",
  4158. .test = alg_test_drbg,
  4159. .fips_allowed = 1,
  4160. .suite = {
  4161. .drbg = __VECS(drbg_nopr_ctr_aes128_tv_template)
  4162. }
  4163. }, {
  4164. .alg = "drbg_nopr_ctr_aes192",
  4165. .test = alg_test_drbg,
  4166. .fips_allowed = 1,
  4167. .suite = {
  4168. .drbg = __VECS(drbg_nopr_ctr_aes192_tv_template)
  4169. }
  4170. }, {
  4171. .alg = "drbg_nopr_ctr_aes256",
  4172. .test = alg_test_drbg,
  4173. .fips_allowed = 1,
  4174. .suite = {
  4175. .drbg = __VECS(drbg_nopr_ctr_aes256_tv_template)
  4176. }
  4177. }, {
  4178. .alg = "drbg_nopr_hmac_sha256",
  4179. .test = alg_test_drbg,
  4180. .fips_allowed = 1,
  4181. .suite = {
  4182. .drbg = __VECS(drbg_nopr_hmac_sha256_tv_template)
  4183. }
  4184. }, {
  4185. /*
  4186. * There is no need to specifically test the DRBG with every
  4187. * backend cipher -- covered by drbg_nopr_hmac_sha512 test
  4188. */
  4189. .alg = "drbg_nopr_hmac_sha384",
  4190. .test = alg_test_null,
  4191. .fips_allowed = 1
  4192. }, {
  4193. .alg = "drbg_nopr_hmac_sha512",
  4194. .test = alg_test_drbg,
  4195. .fips_allowed = 1,
  4196. .suite = {
  4197. .drbg = __VECS(drbg_nopr_hmac_sha512_tv_template)
  4198. }
  4199. }, {
  4200. .alg = "drbg_nopr_sha256",
  4201. .test = alg_test_drbg,
  4202. .fips_allowed = 1,
  4203. .suite = {
  4204. .drbg = __VECS(drbg_nopr_sha256_tv_template)
  4205. }
  4206. }, {
  4207. /* covered by drbg_nopr_sha256 test */
  4208. .alg = "drbg_nopr_sha384",
  4209. .test = alg_test_null,
  4210. .fips_allowed = 1
  4211. }, {
  4212. .alg = "drbg_nopr_sha512",
  4213. .fips_allowed = 1,
  4214. .test = alg_test_null,
  4215. }, {
  4216. .alg = "drbg_pr_ctr_aes128",
  4217. .test = alg_test_drbg,
  4218. .fips_allowed = 1,
  4219. .suite = {
  4220. .drbg = __VECS(drbg_pr_ctr_aes128_tv_template)
  4221. }
  4222. }, {
  4223. /* covered by drbg_pr_ctr_aes128 test */
  4224. .alg = "drbg_pr_ctr_aes192",
  4225. .fips_allowed = 1,
  4226. .test = alg_test_null,
  4227. }, {
  4228. .alg = "drbg_pr_ctr_aes256",
  4229. .fips_allowed = 1,
  4230. .test = alg_test_null,
  4231. }, {
  4232. .alg = "drbg_pr_hmac_sha256",
  4233. .test = alg_test_drbg,
  4234. .fips_allowed = 1,
  4235. .suite = {
  4236. .drbg = __VECS(drbg_pr_hmac_sha256_tv_template)
  4237. }
  4238. }, {
  4239. /* covered by drbg_pr_hmac_sha256 test */
  4240. .alg = "drbg_pr_hmac_sha384",
  4241. .test = alg_test_null,
  4242. .fips_allowed = 1
  4243. }, {
  4244. .alg = "drbg_pr_hmac_sha512",
  4245. .test = alg_test_null,
  4246. .fips_allowed = 1,
  4247. }, {
  4248. .alg = "drbg_pr_sha256",
  4249. .test = alg_test_drbg,
  4250. .fips_allowed = 1,
  4251. .suite = {
  4252. .drbg = __VECS(drbg_pr_sha256_tv_template)
  4253. }
  4254. }, {
  4255. /* covered by drbg_pr_sha256 test */
  4256. .alg = "drbg_pr_sha384",
  4257. .test = alg_test_null,
  4258. .fips_allowed = 1
  4259. }, {
  4260. .alg = "drbg_pr_sha512",
  4261. .fips_allowed = 1,
  4262. .test = alg_test_null,
  4263. }, {
  4264. .alg = "ecb(aes)",
  4265. .generic_driver = "ecb(aes-lib)",
  4266. .test = alg_test_skcipher,
  4267. .fips_allowed = 1,
  4268. .suite = {
  4269. .cipher = __VECS(aes_tv_template)
  4270. }
  4271. }, {
  4272. .alg = "ecb(anubis)",
  4273. .test = alg_test_skcipher,
  4274. .suite = {
  4275. .cipher = __VECS(anubis_tv_template)
  4276. }
  4277. }, {
  4278. .alg = "ecb(arc4)",
  4279. .generic_driver = "arc4-generic",
  4280. .test = alg_test_skcipher,
  4281. .suite = {
  4282. .cipher = __VECS(arc4_tv_template)
  4283. }
  4284. }, {
  4285. .alg = "ecb(aria)",
  4286. .test = alg_test_skcipher,
  4287. .suite = {
  4288. .cipher = __VECS(aria_tv_template)
  4289. }
  4290. }, {
  4291. .alg = "ecb(blowfish)",
  4292. .test = alg_test_skcipher,
  4293. .suite = {
  4294. .cipher = __VECS(bf_tv_template)
  4295. }
  4296. }, {
  4297. .alg = "ecb(camellia)",
  4298. .test = alg_test_skcipher,
  4299. .suite = {
  4300. .cipher = __VECS(camellia_tv_template)
  4301. }
  4302. }, {
  4303. .alg = "ecb(cast5)",
  4304. .test = alg_test_skcipher,
  4305. .suite = {
  4306. .cipher = __VECS(cast5_tv_template)
  4307. }
  4308. }, {
  4309. .alg = "ecb(cast6)",
  4310. .test = alg_test_skcipher,
  4311. .suite = {
  4312. .cipher = __VECS(cast6_tv_template)
  4313. }
  4314. }, {
  4315. .alg = "ecb(cipher_null)",
  4316. .test = alg_test_null,
  4317. .fips_allowed = 1,
  4318. }, {
  4319. .alg = "ecb(des)",
  4320. .test = alg_test_skcipher,
  4321. .suite = {
  4322. .cipher = __VECS(des_tv_template)
  4323. }
  4324. }, {
  4325. .alg = "ecb(des3_ede)",
  4326. .test = alg_test_skcipher,
  4327. .suite = {
  4328. .cipher = __VECS(des3_ede_tv_template)
  4329. }
  4330. }, {
  4331. .alg = "ecb(fcrypt)",
  4332. .test = alg_test_skcipher,
  4333. .suite = {
  4334. .cipher = {
  4335. .vecs = fcrypt_pcbc_tv_template,
  4336. .count = 1
  4337. }
  4338. }
  4339. }, {
  4340. .alg = "ecb(khazad)",
  4341. .test = alg_test_skcipher,
  4342. .suite = {
  4343. .cipher = __VECS(khazad_tv_template)
  4344. }
  4345. }, {
  4346. /* Same as ecb(aes) except the key is stored in
  4347. * hardware secure memory which we reference by index
  4348. */
  4349. .alg = "ecb(paes)",
  4350. .test = alg_test_null,
  4351. .fips_allowed = 1,
  4352. }, {
  4353. .alg = "ecb(seed)",
  4354. .test = alg_test_skcipher,
  4355. .suite = {
  4356. .cipher = __VECS(seed_tv_template)
  4357. }
  4358. }, {
  4359. .alg = "ecb(serpent)",
  4360. .test = alg_test_skcipher,
  4361. .suite = {
  4362. .cipher = __VECS(serpent_tv_template)
  4363. }
  4364. }, {
  4365. .alg = "ecb(sm4)",
  4366. .test = alg_test_skcipher,
  4367. .suite = {
  4368. .cipher = __VECS(sm4_tv_template)
  4369. }
  4370. }, {
  4371. .alg = "ecb(tea)",
  4372. .test = alg_test_skcipher,
  4373. .suite = {
  4374. .cipher = __VECS(tea_tv_template)
  4375. }
  4376. }, {
  4377. .alg = "ecb(twofish)",
  4378. .test = alg_test_skcipher,
  4379. .suite = {
  4380. .cipher = __VECS(tf_tv_template)
  4381. }
  4382. }, {
  4383. .alg = "ecb(xeta)",
  4384. .test = alg_test_skcipher,
  4385. .suite = {
  4386. .cipher = __VECS(xeta_tv_template)
  4387. }
  4388. }, {
  4389. .alg = "ecb(xtea)",
  4390. .test = alg_test_skcipher,
  4391. .suite = {
  4392. .cipher = __VECS(xtea_tv_template)
  4393. }
  4394. }, {
  4395. #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
  4396. .alg = "ecb-paes-s390",
  4397. .fips_allowed = 1,
  4398. .test = alg_test_skcipher,
  4399. .suite = {
  4400. .cipher = __VECS(aes_tv_template)
  4401. }
  4402. }, {
  4403. #endif
  4404. .alg = "ecdh-nist-p192",
  4405. .test = alg_test_kpp,
  4406. .suite = {
  4407. .kpp = __VECS(ecdh_p192_tv_template)
  4408. }
  4409. }, {
  4410. .alg = "ecdh-nist-p256",
  4411. .test = alg_test_kpp,
  4412. .fips_allowed = 1,
  4413. .suite = {
  4414. .kpp = __VECS(ecdh_p256_tv_template)
  4415. }
  4416. }, {
  4417. .alg = "ecdh-nist-p384",
  4418. .test = alg_test_kpp,
  4419. .fips_allowed = 1,
  4420. .suite = {
  4421. .kpp = __VECS(ecdh_p384_tv_template)
  4422. }
  4423. }, {
  4424. .alg = "ecdsa-nist-p192",
  4425. .test = alg_test_sig,
  4426. .suite = {
  4427. .sig = __VECS(ecdsa_nist_p192_tv_template)
  4428. }
  4429. }, {
  4430. .alg = "ecdsa-nist-p256",
  4431. .test = alg_test_sig,
  4432. .fips_allowed = 1,
  4433. .suite = {
  4434. .sig = __VECS(ecdsa_nist_p256_tv_template)
  4435. }
  4436. }, {
  4437. .alg = "ecdsa-nist-p384",
  4438. .test = alg_test_sig,
  4439. .fips_allowed = 1,
  4440. .suite = {
  4441. .sig = __VECS(ecdsa_nist_p384_tv_template)
  4442. }
  4443. }, {
  4444. .alg = "ecdsa-nist-p521",
  4445. .test = alg_test_sig,
  4446. .fips_allowed = 1,
  4447. .suite = {
  4448. .sig = __VECS(ecdsa_nist_p521_tv_template)
  4449. }
  4450. }, {
  4451. .alg = "ecrdsa",
  4452. .test = alg_test_sig,
  4453. .suite = {
  4454. .sig = __VECS(ecrdsa_tv_template)
  4455. }
  4456. }, {
  4457. .alg = "essiv(authenc(hmac(sha256),cbc(aes)),sha256)",
  4458. .generic_driver = "essiv(authenc(hmac-sha256-lib,cbc(aes-lib)),sha256-lib)",
  4459. .test = alg_test_aead,
  4460. .fips_allowed = 1,
  4461. .suite = {
  4462. .aead = __VECS(essiv_hmac_sha256_aes_cbc_tv_temp)
  4463. }
  4464. }, {
  4465. .alg = "essiv(cbc(aes),sha256)",
  4466. .generic_driver = "essiv(cbc(aes-lib),sha256-lib)",
  4467. .test = alg_test_skcipher,
  4468. .fips_allowed = 1,
  4469. .suite = {
  4470. .cipher = __VECS(essiv_aes_cbc_tv_template)
  4471. }
  4472. }, {
  4473. #if IS_ENABLED(CONFIG_CRYPTO_DH_RFC7919_GROUPS)
  4474. .alg = "ffdhe2048(dh)",
  4475. .test = alg_test_kpp,
  4476. .fips_allowed = 1,
  4477. .suite = {
  4478. .kpp = __VECS(ffdhe2048_dh_tv_template)
  4479. }
  4480. }, {
  4481. .alg = "ffdhe3072(dh)",
  4482. .test = alg_test_kpp,
  4483. .fips_allowed = 1,
  4484. .suite = {
  4485. .kpp = __VECS(ffdhe3072_dh_tv_template)
  4486. }
  4487. }, {
  4488. .alg = "ffdhe4096(dh)",
  4489. .test = alg_test_kpp,
  4490. .fips_allowed = 1,
  4491. .suite = {
  4492. .kpp = __VECS(ffdhe4096_dh_tv_template)
  4493. }
  4494. }, {
  4495. .alg = "ffdhe6144(dh)",
  4496. .test = alg_test_kpp,
  4497. .fips_allowed = 1,
  4498. .suite = {
  4499. .kpp = __VECS(ffdhe6144_dh_tv_template)
  4500. }
  4501. }, {
  4502. .alg = "ffdhe8192(dh)",
  4503. .test = alg_test_kpp,
  4504. .fips_allowed = 1,
  4505. .suite = {
  4506. .kpp = __VECS(ffdhe8192_dh_tv_template)
  4507. }
  4508. }, {
  4509. #endif /* CONFIG_CRYPTO_DH_RFC7919_GROUPS */
  4510. .alg = "gcm(aes)",
  4511. .generic_driver = "gcm_base(ctr(aes-lib),ghash-generic)",
  4512. .test = alg_test_aead,
  4513. .fips_allowed = 1,
  4514. .suite = {
  4515. .aead = __VECS(aes_gcm_tv_template)
  4516. }
  4517. }, {
  4518. .alg = "gcm(aria)",
  4519. .generic_driver = "gcm_base(ctr(aria-generic),ghash-generic)",
  4520. .test = alg_test_aead,
  4521. .suite = {
  4522. .aead = __VECS(aria_gcm_tv_template)
  4523. }
  4524. }, {
  4525. .alg = "gcm(sm4)",
  4526. .generic_driver = "gcm_base(ctr(sm4-generic),ghash-generic)",
  4527. .test = alg_test_aead,
  4528. .suite = {
  4529. .aead = __VECS(sm4_gcm_tv_template)
  4530. }
  4531. }, {
  4532. .alg = "ghash",
  4533. .test = alg_test_hash,
  4534. .suite = {
  4535. .hash = __VECS(ghash_tv_template)
  4536. }
  4537. }, {
  4538. .alg = "hctr2(aes)",
  4539. .generic_driver = "hctr2_base(xctr(aes-lib),polyval-lib)",
  4540. .test = alg_test_skcipher,
  4541. .suite = {
  4542. .cipher = __VECS(aes_hctr2_tv_template)
  4543. }
  4544. }, {
  4545. .alg = "hmac(md5)",
  4546. .generic_driver = "hmac-md5-lib",
  4547. .test = alg_test_hash,
  4548. .suite = {
  4549. .hash = __VECS(hmac_md5_tv_template)
  4550. }
  4551. }, {
  4552. .alg = "hmac(rmd160)",
  4553. .test = alg_test_hash,
  4554. .suite = {
  4555. .hash = __VECS(hmac_rmd160_tv_template)
  4556. }
  4557. }, {
  4558. .alg = "hmac(sha1)",
  4559. .generic_driver = "hmac-sha1-lib",
  4560. .test = alg_test_hash,
  4561. .fips_allowed = 1,
  4562. .suite = {
  4563. .hash = __VECS(hmac_sha1_tv_template)
  4564. }
  4565. }, {
  4566. .alg = "hmac(sha224)",
  4567. .generic_driver = "hmac-sha224-lib",
  4568. .test = alg_test_hash,
  4569. .fips_allowed = 1,
  4570. .suite = {
  4571. .hash = __VECS(hmac_sha224_tv_template)
  4572. }
  4573. }, {
  4574. .alg = "hmac(sha256)",
  4575. .generic_driver = "hmac-sha256-lib",
  4576. .test = alg_test_hash,
  4577. .fips_allowed = 1,
  4578. .suite = {
  4579. .hash = __VECS(hmac_sha256_tv_template)
  4580. }
  4581. }, {
  4582. .alg = "hmac(sha3-224)",
  4583. .generic_driver = "hmac(sha3-224-lib)",
  4584. .test = alg_test_hash,
  4585. .fips_allowed = 1,
  4586. .suite = {
  4587. .hash = __VECS(hmac_sha3_224_tv_template)
  4588. }
  4589. }, {
  4590. .alg = "hmac(sha3-256)",
  4591. .generic_driver = "hmac(sha3-256-lib)",
  4592. .test = alg_test_hash,
  4593. .fips_allowed = 1,
  4594. .suite = {
  4595. .hash = __VECS(hmac_sha3_256_tv_template)
  4596. }
  4597. }, {
  4598. .alg = "hmac(sha3-384)",
  4599. .generic_driver = "hmac(sha3-384-lib)",
  4600. .test = alg_test_hash,
  4601. .fips_allowed = 1,
  4602. .suite = {
  4603. .hash = __VECS(hmac_sha3_384_tv_template)
  4604. }
  4605. }, {
  4606. .alg = "hmac(sha3-512)",
  4607. .generic_driver = "hmac(sha3-512-lib)",
  4608. .test = alg_test_hash,
  4609. .fips_allowed = 1,
  4610. .suite = {
  4611. .hash = __VECS(hmac_sha3_512_tv_template)
  4612. }
  4613. }, {
  4614. .alg = "hmac(sha384)",
  4615. .generic_driver = "hmac-sha384-lib",
  4616. .test = alg_test_hash,
  4617. .fips_allowed = 1,
  4618. .suite = {
  4619. .hash = __VECS(hmac_sha384_tv_template)
  4620. }
  4621. }, {
  4622. .alg = "hmac(sha512)",
  4623. .generic_driver = "hmac-sha512-lib",
  4624. .test = alg_test_hash,
  4625. .fips_allowed = 1,
  4626. .suite = {
  4627. .hash = __VECS(hmac_sha512_tv_template)
  4628. }
  4629. }, {
  4630. .alg = "hmac(sm3)",
  4631. .test = alg_test_hash,
  4632. .suite = {
  4633. .hash = __VECS(hmac_sm3_tv_template)
  4634. }
  4635. }, {
  4636. .alg = "hmac(streebog256)",
  4637. .test = alg_test_hash,
  4638. .suite = {
  4639. .hash = __VECS(hmac_streebog256_tv_template)
  4640. }
  4641. }, {
  4642. .alg = "hmac(streebog512)",
  4643. .test = alg_test_hash,
  4644. .suite = {
  4645. .hash = __VECS(hmac_streebog512_tv_template)
  4646. }
  4647. }, {
  4648. .alg = "jitterentropy_rng",
  4649. .fips_allowed = 1,
  4650. .test = alg_test_null,
  4651. }, {
  4652. .alg = "krb5enc(cmac(camellia),cts(cbc(camellia)))",
  4653. .test = alg_test_aead,
  4654. .suite.aead = __VECS(krb5_test_camellia_cts_cmac)
  4655. }, {
  4656. .alg = "lrw(aes)",
  4657. .generic_driver = "lrw(ecb(aes-lib))",
  4658. .test = alg_test_skcipher,
  4659. .suite = {
  4660. .cipher = __VECS(aes_lrw_tv_template)
  4661. }
  4662. }, {
  4663. .alg = "lrw(camellia)",
  4664. .generic_driver = "lrw(ecb(camellia-generic))",
  4665. .test = alg_test_skcipher,
  4666. .suite = {
  4667. .cipher = __VECS(camellia_lrw_tv_template)
  4668. }
  4669. }, {
  4670. .alg = "lrw(cast6)",
  4671. .generic_driver = "lrw(ecb(cast6-generic))",
  4672. .test = alg_test_skcipher,
  4673. .suite = {
  4674. .cipher = __VECS(cast6_lrw_tv_template)
  4675. }
  4676. }, {
  4677. .alg = "lrw(serpent)",
  4678. .generic_driver = "lrw(ecb(serpent-generic))",
  4679. .test = alg_test_skcipher,
  4680. .suite = {
  4681. .cipher = __VECS(serpent_lrw_tv_template)
  4682. }
  4683. }, {
  4684. .alg = "lrw(twofish)",
  4685. .generic_driver = "lrw(ecb(twofish-generic))",
  4686. .test = alg_test_skcipher,
  4687. .suite = {
  4688. .cipher = __VECS(tf_lrw_tv_template)
  4689. }
  4690. }, {
  4691. .alg = "lz4",
  4692. .test = alg_test_comp,
  4693. .fips_allowed = 1,
  4694. .suite = {
  4695. .comp = {
  4696. .comp = __VECS(lz4_comp_tv_template),
  4697. .decomp = __VECS(lz4_decomp_tv_template)
  4698. }
  4699. }
  4700. }, {
  4701. .alg = "lz4hc",
  4702. .test = alg_test_comp,
  4703. .fips_allowed = 1,
  4704. .suite = {
  4705. .comp = {
  4706. .comp = __VECS(lz4hc_comp_tv_template),
  4707. .decomp = __VECS(lz4hc_decomp_tv_template)
  4708. }
  4709. }
  4710. }, {
  4711. .alg = "lzo",
  4712. .test = alg_test_comp,
  4713. .fips_allowed = 1,
  4714. .suite = {
  4715. .comp = {
  4716. .comp = __VECS(lzo_comp_tv_template),
  4717. .decomp = __VECS(lzo_decomp_tv_template)
  4718. }
  4719. }
  4720. }, {
  4721. .alg = "lzo-rle",
  4722. .test = alg_test_comp,
  4723. .fips_allowed = 1,
  4724. .suite = {
  4725. .comp = {
  4726. .comp = __VECS(lzorle_comp_tv_template),
  4727. .decomp = __VECS(lzorle_decomp_tv_template)
  4728. }
  4729. }
  4730. }, {
  4731. .alg = "md4",
  4732. .test = alg_test_hash,
  4733. .suite = {
  4734. .hash = __VECS(md4_tv_template)
  4735. }
  4736. }, {
  4737. .alg = "md5",
  4738. .generic_driver = "md5-lib",
  4739. .test = alg_test_hash,
  4740. .suite = {
  4741. .hash = __VECS(md5_tv_template)
  4742. }
  4743. }, {
  4744. .alg = "michael_mic",
  4745. .test = alg_test_hash,
  4746. .suite = {
  4747. .hash = __VECS(michael_mic_tv_template)
  4748. }
  4749. }, {
  4750. .alg = "p1363(ecdsa-nist-p192)",
  4751. .test = alg_test_null,
  4752. }, {
  4753. .alg = "p1363(ecdsa-nist-p256)",
  4754. .test = alg_test_sig,
  4755. .fips_allowed = 1,
  4756. .suite = {
  4757. .sig = __VECS(p1363_ecdsa_nist_p256_tv_template)
  4758. }
  4759. }, {
  4760. .alg = "p1363(ecdsa-nist-p384)",
  4761. .test = alg_test_null,
  4762. .fips_allowed = 1,
  4763. }, {
  4764. .alg = "p1363(ecdsa-nist-p521)",
  4765. .test = alg_test_null,
  4766. .fips_allowed = 1,
  4767. }, {
  4768. .alg = "pcbc(fcrypt)",
  4769. .test = alg_test_skcipher,
  4770. .suite = {
  4771. .cipher = __VECS(fcrypt_pcbc_tv_template)
  4772. }
  4773. }, {
  4774. #if IS_ENABLED(CONFIG_CRYPTO_PHMAC_S390)
  4775. .alg = "phmac(sha224)",
  4776. .test = alg_test_hash,
  4777. .fips_allowed = 1,
  4778. .suite = {
  4779. .hash = __VECS(hmac_sha224_tv_template)
  4780. }
  4781. }, {
  4782. .alg = "phmac(sha256)",
  4783. .test = alg_test_hash,
  4784. .fips_allowed = 1,
  4785. .suite = {
  4786. .hash = __VECS(hmac_sha256_tv_template)
  4787. }
  4788. }, {
  4789. .alg = "phmac(sha384)",
  4790. .test = alg_test_hash,
  4791. .fips_allowed = 1,
  4792. .suite = {
  4793. .hash = __VECS(hmac_sha384_tv_template)
  4794. }
  4795. }, {
  4796. .alg = "phmac(sha512)",
  4797. .test = alg_test_hash,
  4798. .fips_allowed = 1,
  4799. .suite = {
  4800. .hash = __VECS(hmac_sha512_tv_template)
  4801. }
  4802. }, {
  4803. #endif
  4804. .alg = "pkcs1(rsa,none)",
  4805. .test = alg_test_sig,
  4806. .suite = {
  4807. .sig = __VECS(pkcs1_rsa_none_tv_template)
  4808. }
  4809. }, {
  4810. .alg = "pkcs1(rsa,sha224)",
  4811. .test = alg_test_null,
  4812. .fips_allowed = 1,
  4813. }, {
  4814. .alg = "pkcs1(rsa,sha256)",
  4815. .test = alg_test_sig,
  4816. .fips_allowed = 1,
  4817. .suite = {
  4818. .sig = __VECS(pkcs1_rsa_tv_template)
  4819. }
  4820. }, {
  4821. .alg = "pkcs1(rsa,sha3-256)",
  4822. .test = alg_test_null,
  4823. .fips_allowed = 1,
  4824. }, {
  4825. .alg = "pkcs1(rsa,sha3-384)",
  4826. .test = alg_test_null,
  4827. .fips_allowed = 1,
  4828. }, {
  4829. .alg = "pkcs1(rsa,sha3-512)",
  4830. .test = alg_test_null,
  4831. .fips_allowed = 1,
  4832. }, {
  4833. .alg = "pkcs1(rsa,sha384)",
  4834. .test = alg_test_null,
  4835. .fips_allowed = 1,
  4836. }, {
  4837. .alg = "pkcs1(rsa,sha512)",
  4838. .test = alg_test_null,
  4839. .fips_allowed = 1,
  4840. }, {
  4841. .alg = "pkcs1pad(rsa)",
  4842. .test = alg_test_null,
  4843. .fips_allowed = 1,
  4844. }, {
  4845. .alg = "rfc3686(ctr(aes))",
  4846. .generic_driver = "rfc3686(ctr(aes-lib))",
  4847. .test = alg_test_skcipher,
  4848. .fips_allowed = 1,
  4849. .suite = {
  4850. .cipher = __VECS(aes_ctr_rfc3686_tv_template)
  4851. }
  4852. }, {
  4853. .alg = "rfc3686(ctr(sm4))",
  4854. .test = alg_test_skcipher,
  4855. .suite = {
  4856. .cipher = __VECS(sm4_ctr_rfc3686_tv_template)
  4857. }
  4858. }, {
  4859. .alg = "rfc4106(gcm(aes))",
  4860. .generic_driver = "rfc4106(gcm_base(ctr(aes-lib),ghash-generic))",
  4861. .test = alg_test_aead,
  4862. .fips_allowed = 1,
  4863. .suite = {
  4864. .aead = {
  4865. ____VECS(aes_gcm_rfc4106_tv_template),
  4866. .einval_allowed = 1,
  4867. .aad_iv = 1,
  4868. }
  4869. }
  4870. }, {
  4871. .alg = "rfc4309(ccm(aes))",
  4872. .generic_driver = "rfc4309(ccm_base(ctr(aes-lib),cbcmac(aes-lib)))",
  4873. .test = alg_test_aead,
  4874. .fips_allowed = 1,
  4875. .suite = {
  4876. .aead = {
  4877. ____VECS(aes_ccm_rfc4309_tv_template),
  4878. .einval_allowed = 1,
  4879. .aad_iv = 1,
  4880. }
  4881. }
  4882. }, {
  4883. .alg = "rfc4543(gcm(aes))",
  4884. .generic_driver = "rfc4543(gcm_base(ctr(aes-lib),ghash-generic))",
  4885. .test = alg_test_aead,
  4886. .suite = {
  4887. .aead = {
  4888. ____VECS(aes_gcm_rfc4543_tv_template),
  4889. .einval_allowed = 1,
  4890. .aad_iv = 1,
  4891. }
  4892. }
  4893. }, {
  4894. .alg = "rfc7539(chacha20,poly1305)",
  4895. .generic_driver = "rfc7539(chacha20-lib,poly1305-generic)",
  4896. .test = alg_test_aead,
  4897. .suite = {
  4898. .aead = __VECS(rfc7539_tv_template)
  4899. }
  4900. }, {
  4901. .alg = "rfc7539esp(chacha20,poly1305)",
  4902. .generic_driver = "rfc7539esp(chacha20-lib,poly1305-generic)",
  4903. .test = alg_test_aead,
  4904. .suite = {
  4905. .aead = {
  4906. ____VECS(rfc7539esp_tv_template),
  4907. .einval_allowed = 1,
  4908. .aad_iv = 1,
  4909. }
  4910. }
  4911. }, {
  4912. .alg = "rmd160",
  4913. .test = alg_test_hash,
  4914. .suite = {
  4915. .hash = __VECS(rmd160_tv_template)
  4916. }
  4917. }, {
  4918. .alg = "rsa",
  4919. .test = alg_test_akcipher,
  4920. .fips_allowed = 1,
  4921. .suite = {
  4922. .akcipher = __VECS(rsa_tv_template)
  4923. }
  4924. }, {
  4925. .alg = "sha1",
  4926. .generic_driver = "sha1-lib",
  4927. .test = alg_test_hash,
  4928. .fips_allowed = 1,
  4929. .suite = {
  4930. .hash = __VECS(sha1_tv_template)
  4931. }
  4932. }, {
  4933. .alg = "sha224",
  4934. .generic_driver = "sha224-lib",
  4935. .test = alg_test_hash,
  4936. .fips_allowed = 1,
  4937. .suite = {
  4938. .hash = __VECS(sha224_tv_template)
  4939. }
  4940. }, {
  4941. .alg = "sha256",
  4942. .generic_driver = "sha256-lib",
  4943. .test = alg_test_hash,
  4944. .fips_allowed = 1,
  4945. .suite = {
  4946. .hash = __VECS(sha256_tv_template)
  4947. }
  4948. }, {
  4949. .alg = "sha3-224",
  4950. .generic_driver = "sha3-224-lib",
  4951. .test = alg_test_hash,
  4952. .fips_allowed = 1,
  4953. .suite = {
  4954. .hash = __VECS(sha3_224_tv_template)
  4955. }
  4956. }, {
  4957. .alg = "sha3-256",
  4958. .generic_driver = "sha3-256-lib",
  4959. .test = alg_test_hash,
  4960. .fips_allowed = 1,
  4961. .suite = {
  4962. .hash = __VECS(sha3_256_tv_template)
  4963. }
  4964. }, {
  4965. .alg = "sha3-384",
  4966. .generic_driver = "sha3-384-lib",
  4967. .test = alg_test_hash,
  4968. .fips_allowed = 1,
  4969. .suite = {
  4970. .hash = __VECS(sha3_384_tv_template)
  4971. }
  4972. }, {
  4973. .alg = "sha3-512",
  4974. .generic_driver = "sha3-512-lib",
  4975. .test = alg_test_hash,
  4976. .fips_allowed = 1,
  4977. .suite = {
  4978. .hash = __VECS(sha3_512_tv_template)
  4979. }
  4980. }, {
  4981. .alg = "sha384",
  4982. .generic_driver = "sha384-lib",
  4983. .test = alg_test_hash,
  4984. .fips_allowed = 1,
  4985. .suite = {
  4986. .hash = __VECS(sha384_tv_template)
  4987. }
  4988. }, {
  4989. .alg = "sha512",
  4990. .generic_driver = "sha512-lib",
  4991. .test = alg_test_hash,
  4992. .fips_allowed = 1,
  4993. .suite = {
  4994. .hash = __VECS(sha512_tv_template)
  4995. }
  4996. }, {
  4997. .alg = "sm3",
  4998. .test = alg_test_hash,
  4999. .suite = {
  5000. .hash = __VECS(sm3_tv_template)
  5001. }
  5002. }, {
  5003. .alg = "streebog256",
  5004. .test = alg_test_hash,
  5005. .suite = {
  5006. .hash = __VECS(streebog256_tv_template)
  5007. }
  5008. }, {
  5009. .alg = "streebog512",
  5010. .test = alg_test_hash,
  5011. .suite = {
  5012. .hash = __VECS(streebog512_tv_template)
  5013. }
  5014. }, {
  5015. .alg = "wp256",
  5016. .test = alg_test_hash,
  5017. .suite = {
  5018. .hash = __VECS(wp256_tv_template)
  5019. }
  5020. }, {
  5021. .alg = "wp384",
  5022. .test = alg_test_hash,
  5023. .suite = {
  5024. .hash = __VECS(wp384_tv_template)
  5025. }
  5026. }, {
  5027. .alg = "wp512",
  5028. .test = alg_test_hash,
  5029. .suite = {
  5030. .hash = __VECS(wp512_tv_template)
  5031. }
  5032. }, {
  5033. .alg = "x962(ecdsa-nist-p192)",
  5034. .test = alg_test_sig,
  5035. .suite = {
  5036. .sig = __VECS(x962_ecdsa_nist_p192_tv_template)
  5037. }
  5038. }, {
  5039. .alg = "x962(ecdsa-nist-p256)",
  5040. .test = alg_test_sig,
  5041. .fips_allowed = 1,
  5042. .suite = {
  5043. .sig = __VECS(x962_ecdsa_nist_p256_tv_template)
  5044. }
  5045. }, {
  5046. .alg = "x962(ecdsa-nist-p384)",
  5047. .test = alg_test_sig,
  5048. .fips_allowed = 1,
  5049. .suite = {
  5050. .sig = __VECS(x962_ecdsa_nist_p384_tv_template)
  5051. }
  5052. }, {
  5053. .alg = "x962(ecdsa-nist-p521)",
  5054. .test = alg_test_sig,
  5055. .fips_allowed = 1,
  5056. .suite = {
  5057. .sig = __VECS(x962_ecdsa_nist_p521_tv_template)
  5058. }
  5059. }, {
  5060. .alg = "xcbc(aes)",
  5061. .generic_driver = "xcbc(aes-lib)",
  5062. .test = alg_test_hash,
  5063. .suite = {
  5064. .hash = __VECS(aes_xcbc128_tv_template)
  5065. }
  5066. }, {
  5067. .alg = "xcbc(sm4)",
  5068. .test = alg_test_hash,
  5069. .suite = {
  5070. .hash = __VECS(sm4_xcbc128_tv_template)
  5071. }
  5072. }, {
  5073. .alg = "xchacha12",
  5074. .generic_driver = "xchacha12-lib",
  5075. .test = alg_test_skcipher,
  5076. .suite = {
  5077. .cipher = __VECS(xchacha12_tv_template)
  5078. },
  5079. }, {
  5080. .alg = "xchacha20",
  5081. .generic_driver = "xchacha20-lib",
  5082. .test = alg_test_skcipher,
  5083. .suite = {
  5084. .cipher = __VECS(xchacha20_tv_template)
  5085. },
  5086. }, {
  5087. .alg = "xctr(aes)",
  5088. .generic_driver = "xctr(aes-lib)",
  5089. .test = alg_test_skcipher,
  5090. .suite = {
  5091. .cipher = __VECS(aes_xctr_tv_template)
  5092. }
  5093. }, {
  5094. .alg = "xts(aes)",
  5095. .generic_driver = "xts(ecb(aes-lib))",
  5096. .test = alg_test_skcipher,
  5097. .fips_allowed = 1,
  5098. .suite = {
  5099. .cipher = __VECS(aes_xts_tv_template)
  5100. }
  5101. }, {
  5102. .alg = "xts(camellia)",
  5103. .generic_driver = "xts(ecb(camellia-generic))",
  5104. .test = alg_test_skcipher,
  5105. .suite = {
  5106. .cipher = __VECS(camellia_xts_tv_template)
  5107. }
  5108. }, {
  5109. .alg = "xts(cast6)",
  5110. .generic_driver = "xts(ecb(cast6-generic))",
  5111. .test = alg_test_skcipher,
  5112. .suite = {
  5113. .cipher = __VECS(cast6_xts_tv_template)
  5114. }
  5115. }, {
  5116. /* Same as xts(aes) except the key is stored in
  5117. * hardware secure memory which we reference by index
  5118. */
  5119. .alg = "xts(paes)",
  5120. .test = alg_test_null,
  5121. .fips_allowed = 1,
  5122. }, {
  5123. .alg = "xts(serpent)",
  5124. .generic_driver = "xts(ecb(serpent-generic))",
  5125. .test = alg_test_skcipher,
  5126. .suite = {
  5127. .cipher = __VECS(serpent_xts_tv_template)
  5128. }
  5129. }, {
  5130. .alg = "xts(sm4)",
  5131. .generic_driver = "xts(ecb(sm4-generic))",
  5132. .test = alg_test_skcipher,
  5133. .suite = {
  5134. .cipher = __VECS(sm4_xts_tv_template)
  5135. }
  5136. }, {
  5137. .alg = "xts(twofish)",
  5138. .generic_driver = "xts(ecb(twofish-generic))",
  5139. .test = alg_test_skcipher,
  5140. .suite = {
  5141. .cipher = __VECS(tf_xts_tv_template)
  5142. }
  5143. }, {
  5144. #if IS_ENABLED(CONFIG_CRYPTO_PAES_S390)
  5145. .alg = "xts-paes-s390",
  5146. .fips_allowed = 1,
  5147. .test = alg_test_skcipher,
  5148. .suite = {
  5149. .cipher = __VECS(aes_xts_tv_template)
  5150. }
  5151. }, {
  5152. #endif
  5153. .alg = "xxhash64",
  5154. .test = alg_test_hash,
  5155. .fips_allowed = 1,
  5156. .suite = {
  5157. .hash = __VECS(xxhash64_tv_template)
  5158. }
  5159. }, {
  5160. .alg = "zstd",
  5161. .test = alg_test_comp,
  5162. .fips_allowed = 1,
  5163. .suite = {
  5164. .comp = {
  5165. .comp = __VECS(zstd_comp_tv_template),
  5166. .decomp = __VECS(zstd_decomp_tv_template)
  5167. }
  5168. }
  5169. }
  5170. };
  5171. static void alg_check_test_descs_order(void)
  5172. {
  5173. int i;
  5174. for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) {
  5175. int diff = strcmp(alg_test_descs[i - 1].alg,
  5176. alg_test_descs[i].alg);
  5177. if (WARN_ON(diff > 0)) {
  5178. pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n",
  5179. alg_test_descs[i - 1].alg,
  5180. alg_test_descs[i].alg);
  5181. }
  5182. if (WARN_ON(diff == 0)) {
  5183. pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n",
  5184. alg_test_descs[i].alg);
  5185. }
  5186. }
  5187. }
  5188. static void alg_check_testvec_configs(void)
  5189. {
  5190. int i;
  5191. for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++)
  5192. WARN_ON(!valid_testvec_config(
  5193. &default_cipher_testvec_configs[i]));
  5194. for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++)
  5195. WARN_ON(!valid_testvec_config(
  5196. &default_hash_testvec_configs[i]));
  5197. }
  5198. static void testmgr_onetime_init(void)
  5199. {
  5200. alg_check_test_descs_order();
  5201. alg_check_testvec_configs();
  5202. if (!noslowtests)
  5203. pr_warn("alg: full crypto tests enabled. This is intended for developer use only.\n");
  5204. }
  5205. static int alg_find_test(const char *alg)
  5206. {
  5207. int start = 0;
  5208. int end = ARRAY_SIZE(alg_test_descs);
  5209. while (start < end) {
  5210. int i = (start + end) / 2;
  5211. int diff = strcmp(alg_test_descs[i].alg, alg);
  5212. if (diff > 0) {
  5213. end = i;
  5214. continue;
  5215. }
  5216. if (diff < 0) {
  5217. start = i + 1;
  5218. continue;
  5219. }
  5220. return i;
  5221. }
  5222. return -1;
  5223. }
  5224. static int alg_fips_disabled(const char *driver, const char *alg)
  5225. {
  5226. pr_info("alg: %s (%s) is disabled due to FIPS\n", alg, driver);
  5227. return -ECANCELED;
  5228. }
  5229. int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
  5230. {
  5231. int i;
  5232. int j;
  5233. int rc;
  5234. if (!fips_enabled && notests) {
  5235. printk_once(KERN_INFO "alg: self-tests disabled\n");
  5236. return 0;
  5237. }
  5238. DO_ONCE(testmgr_onetime_init);
  5239. if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
  5240. char nalg[CRYPTO_MAX_ALG_NAME];
  5241. if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >=
  5242. sizeof(nalg))
  5243. return -ENAMETOOLONG;
  5244. i = alg_find_test(nalg);
  5245. if (i < 0)
  5246. goto notest;
  5247. if (fips_enabled && !alg_test_descs[i].fips_allowed)
  5248. goto non_fips_alg;
  5249. rc = alg_test_cipher(alg_test_descs + i, driver, type, mask);
  5250. goto test_done;
  5251. }
  5252. i = alg_find_test(alg);
  5253. j = alg_find_test(driver);
  5254. if (i < 0 && j < 0)
  5255. goto notest;
  5256. if (fips_enabled) {
  5257. if (j >= 0 && !alg_test_descs[j].fips_allowed)
  5258. return -EINVAL;
  5259. if (i >= 0 && !alg_test_descs[i].fips_allowed)
  5260. goto non_fips_alg;
  5261. }
  5262. rc = 0;
  5263. if (i >= 0)
  5264. rc |= alg_test_descs[i].test(alg_test_descs + i, driver,
  5265. type, mask);
  5266. if (j >= 0 && j != i)
  5267. rc |= alg_test_descs[j].test(alg_test_descs + j, driver,
  5268. type, mask);
  5269. test_done:
  5270. if (rc) {
  5271. if (fips_enabled) {
  5272. fips_fail_notify();
  5273. panic("alg: self-tests for %s (%s) failed in fips mode!\n",
  5274. driver, alg);
  5275. }
  5276. pr_warn("alg: self-tests for %s using %s failed (rc=%d)",
  5277. alg, driver, rc);
  5278. WARN(rc != -ENOENT,
  5279. "alg: self-tests for %s using %s failed (rc=%d)",
  5280. alg, driver, rc);
  5281. } else {
  5282. if (fips_enabled)
  5283. pr_info("alg: self-tests for %s (%s) passed\n",
  5284. driver, alg);
  5285. }
  5286. return rc;
  5287. notest:
  5288. if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_LSKCIPHER) {
  5289. char nalg[CRYPTO_MAX_ALG_NAME];
  5290. if (snprintf(nalg, sizeof(nalg), "ecb(%s)", alg) >=
  5291. sizeof(nalg))
  5292. goto notest2;
  5293. i = alg_find_test(nalg);
  5294. if (i < 0)
  5295. goto notest2;
  5296. if (fips_enabled && !alg_test_descs[i].fips_allowed)
  5297. goto non_fips_alg;
  5298. rc = alg_test_skcipher(alg_test_descs + i, driver, type, mask);
  5299. goto test_done;
  5300. }
  5301. notest2:
  5302. printk(KERN_INFO "alg: No test for %s (%s)\n", alg, driver);
  5303. if (type & CRYPTO_ALG_FIPS_INTERNAL)
  5304. return alg_fips_disabled(driver, alg);
  5305. return 0;
  5306. non_fips_alg:
  5307. return alg_fips_disabled(driver, alg);
  5308. }
  5309. #endif /* CONFIG_CRYPTO_SELFTESTS */
  5310. EXPORT_SYMBOL_GPL(alg_test);