Lines Matching +full:sha3 +full:- +full:224
1 // SPDX-License-Identifier: GPL-2.0-or-later
6 * Copyright (c) 2002 Jean-Francois Dive <[email protected]>
11 * Updated RFC4106 AES-GCM testing.
46 MODULE_PARM_DESC(notests, "disable crypto self-tests");
54 MODULE_PARM_DESC(noextratests, "disable expensive crypto self-tests");
98 * behavior when the two IV copies differ is implementation-defined.
185 while (i-- > 0) in __testmgr_alloc_buf()
188 return -ENOMEM; in __testmgr_alloc_buf()
231 /* likewise, but also export and re-import the intermediate state */
243 * Whether the crypto operation will occur in-place, and if so whether the
244 * source and destination scatterlist pointers will coincide (req->src ==
245 * req->dst), or whether they'll merely point to two separate scatterlists
246 * (req->src != req->dst) that reference the same underlying memory.
248 * This is only relevant for algorithm types that support in-place operation.
259 * struct test_sg_division - description of a scatterlist entry
267 * @offset: byte offset into a 2-page buffer at which this chunk will start
283 * struct testvec_config - configuration for testing a crypto test vector
289 * @inplace_mode: whether and how to operate on the data in-place, if applicable
327 * type when the basic crypto self-tests are enabled, i.e. when
336 .name = "in-place (one sglist)",
340 .name = "in-place (two sglists)",
344 .name = "out-of-place",
395 .offset = PAGE_SIZE - 32
398 .offset = PAGE_SIZE - 7
456 .offset = PAGE_SIZE - 32,
459 .offset = PAGE_SIZE - 7,
484 remaining -= divs[ndivs++].proportion_of_total; in count_test_sg_divisions()
501 divs[i].proportion_of_total > TEST_SG_TOTAL - total) in valid_sg_divisions()
510 memchr_inv(&divs[i], 0, (count - i) * sizeof(divs[0])) == NULL; in valid_sg_divisions()
522 if (cfg->name == NULL) in valid_testvec_config()
525 if (!valid_sg_divisions(cfg->src_divs, ARRAY_SIZE(cfg->src_divs), in valid_testvec_config()
529 if (cfg->dst_divs[0].proportion_of_total) { in valid_testvec_config()
530 if (!valid_sg_divisions(cfg->dst_divs, in valid_testvec_config()
531 ARRAY_SIZE(cfg->dst_divs), &flags)) in valid_testvec_config()
534 if (memchr_inv(cfg->dst_divs, 0, sizeof(cfg->dst_divs))) in valid_testvec_config()
539 if (cfg->iv_offset + in valid_testvec_config()
540 (cfg->iv_offset_relative_to_alignmask ? MAX_ALGAPI_ALIGNMASK : 0) > in valid_testvec_config()
545 cfg->finalization_type == FINALIZATION_TYPE_DIGEST) in valid_testvec_config()
548 if ((cfg->nosimd || cfg->nosimd_setkey || in valid_testvec_config()
550 (cfg->req_flags & CRYPTO_TFM_REQ_MAY_SLEEP)) in valid_testvec_config()
566 return __testmgr_alloc_buf(tsgl->bufs, 1 /* two pages per buffer */); in init_test_sglist()
571 return __testmgr_free_buf(tsgl->bufs, 1 /* two pages per buffer */); in destroy_test_sglist()
575 * build_test_sglist() - build a scatterlist for a crypto test
577 * @tsgl: the scatterlist to build. @tsgl->bufs[] contains an array of 2-page
578 * buffers which the scatterlist @tsgl->sgl[] will be made to point into.
582 * @data: if non-NULL, the buffers will be filled with this data until it ends.
585 * @out_divs: if non-NULL, the test_sg_division to which each scatterlist entry
590 * Return: 0 or a -errno value
607 BUILD_BUG_ON(ARRAY_SIZE(partitions) != ARRAY_SIZE(tsgl->sgl)); in build_test_sglist()
609 return -EINVAL; in build_test_sglist()
612 tsgl->nents = 0; in build_test_sglist()
620 partitions[tsgl->nents].div = &divs[i]; in build_test_sglist()
621 partitions[tsgl->nents].length = len_this_sg; in build_test_sglist()
622 tsgl->nents++; in build_test_sglist()
623 len_remaining -= len_this_sg; in build_test_sglist()
626 if (tsgl->nents == 0) { in build_test_sglist()
627 partitions[tsgl->nents].div = &divs[0]; in build_test_sglist()
628 partitions[tsgl->nents].length = 0; in build_test_sglist()
629 tsgl->nents++; in build_test_sglist()
631 partitions[tsgl->nents - 1].length += len_remaining; in build_test_sglist()
634 sg_init_table(tsgl->sgl, tsgl->nents); in build_test_sglist()
635 for (i = 0; i < tsgl->nents; i++) { in build_test_sglist()
636 unsigned int offset = partitions[i].div->offset; in build_test_sglist()
639 if (partitions[i].div->offset_relative_to_alignmask) in build_test_sglist()
645 return -EINVAL; in build_test_sglist()
649 addr = &tsgl->bufs[i][offset]; in build_test_sglist()
650 sg_set_buf(&tsgl->sgl[i], addr, partitions[i].length); in build_test_sglist()
658 copy_len = min(partitions[i].length, data->count); in build_test_sglist()
661 return -EINVAL; in build_test_sglist()
663 TESTMGR_POISON_LEN - copy_len); in build_test_sglist()
670 sg_mark_end(&tsgl->sgl[tsgl->nents - 1]); in build_test_sglist()
671 tsgl->sgl_ptr = tsgl->sgl; in build_test_sglist()
672 memcpy(tsgl->sgl_saved, tsgl->sgl, tsgl->nents * sizeof(tsgl->sgl[0])); in build_test_sglist()
685 * Return: 0 if correct, -EINVAL if incorrect, -EOVERFLOW if buffer overrun.
695 for (i = 0; i < tsgl->nents; i++) { in verify_correct_output()
696 struct scatterlist *sg = &tsgl->sgl_ptr[i]; in verify_correct_output()
697 unsigned int len = sg->length; in verify_correct_output()
698 unsigned int offset = sg->offset; in verify_correct_output()
703 unchecked_prefix_len -= len; in verify_correct_output()
707 len -= unchecked_prefix_len; in verify_correct_output()
713 return -EINVAL; in verify_correct_output()
716 return -EOVERFLOW; in verify_correct_output()
717 len_to_check -= len; in verify_correct_output()
721 return -EINVAL; in verify_correct_output()
729 for (i = 0; i < tsgl->nents; i++) { in is_test_sglist_corrupted()
730 if (tsgl->sgl[i].page_link != tsgl->sgl_saved[i].page_link) in is_test_sglist_corrupted()
732 if (tsgl->sgl[i].offset != tsgl->sgl_saved[i].offset) in is_test_sglist_corrupted()
734 if (tsgl->sgl[i].length != tsgl->sgl_saved[i].length) in is_test_sglist_corrupted()
753 if (init_test_sglist(&tsgls->src) != 0) in alloc_cipher_test_sglists()
755 if (init_test_sglist(&tsgls->dst) != 0) in alloc_cipher_test_sglists()
761 destroy_test_sglist(&tsgls->src); in alloc_cipher_test_sglists()
770 destroy_test_sglist(&tsgls->src); in free_cipher_test_sglists()
771 destroy_test_sglist(&tsgls->dst); in free_cipher_test_sglists()
789 err = build_test_sglist(&tsgls->src, cfg->src_divs, alignmask, in build_cipher_test_sglists()
790 cfg->inplace_mode != OUT_OF_PLACE ? in build_cipher_test_sglists()
798 * In-place crypto operations can use the same scatterlist for both the in build_cipher_test_sglists()
799 * source and destination (req->src == req->dst), or can use separate in build_cipher_test_sglists()
800 * scatterlists (req->src != req->dst) which point to the same in build_cipher_test_sglists()
803 if (cfg->inplace_mode == INPLACE_ONE_SGLIST) { in build_cipher_test_sglists()
804 tsgls->dst.sgl_ptr = tsgls->src.sgl; in build_cipher_test_sglists()
805 tsgls->dst.nents = tsgls->src.nents; in build_cipher_test_sglists()
808 if (cfg->inplace_mode == INPLACE_TWO_SGLISTS) { in build_cipher_test_sglists()
814 memcpy(tsgls->dst.sgl, tsgls->src.sgl, in build_cipher_test_sglists()
815 tsgls->src.nents * sizeof(tsgls->src.sgl[0])); in build_cipher_test_sglists()
816 memcpy(tsgls->dst.sgl_saved, tsgls->src.sgl, in build_cipher_test_sglists()
817 tsgls->src.nents * sizeof(tsgls->src.sgl[0])); in build_cipher_test_sglists()
818 tsgls->dst.sgl_ptr = tsgls->dst.sgl; in build_cipher_test_sglists()
819 tsgls->dst.nents = tsgls->src.nents; in build_cipher_test_sglists()
823 return build_test_sglist(&tsgls->dst, in build_cipher_test_sglists()
824 cfg->dst_divs[0].proportion_of_total ? in build_cipher_test_sglists()
825 cfg->dst_divs : cfg->src_divs, in build_cipher_test_sglists()
832 * If cfg->key_offset is set, copy the key into a new buffer at that offset,
840 unsigned int key_offset = cfg->key_offset; in prepare_keybuf()
844 if (cfg->key_offset_relative_to_alignmask) in prepare_keybuf()
848 return -ENOMEM; in prepare_keybuf()
859 * In addition, run the setkey function in no-SIMD context if requested.
869 if ((cfg)->nosimd_setkey) \
872 if ((cfg)->nosimd_setkey) \
885 * has been initialized or if they are run on a lockdep-enabled kernel.
901 * This is slightly biased for non-power-of-2 values of 'ceil', but this in prandom_u32_below()
915 return floor + prandom_u32_below(rng, ceil - floor + 1); in prandom_u32_inclusive()
1033 if (div == &divs[max_divs - 1] || prandom_bool(rng)) in generate_random_sgl_divisions()
1039 div->proportion_of_total = this_len; in generate_random_sgl_divisions()
1042 div->offset = prandom_u32_inclusive(rng, in generate_random_sgl_divisions()
1043 PAGE_SIZE - 128, in generate_random_sgl_divisions()
1044 PAGE_SIZE - 1); in generate_random_sgl_divisions()
1046 div->offset = prandom_u32_below(rng, 32); in generate_random_sgl_divisions()
1048 div->offset = prandom_u32_below(rng, PAGE_SIZE); in generate_random_sgl_divisions()
1050 div->offset_relative_to_alignmask = true; in generate_random_sgl_divisions()
1052 div->flush_type = FLUSH_TYPE_NONE; in generate_random_sgl_divisions()
1056 div->flush_type = FLUSH_TYPE_REIMPORT; in generate_random_sgl_divisions()
1059 div->flush_type = FLUSH_TYPE_FLUSH; in generate_random_sgl_divisions()
1064 if (div->flush_type != FLUSH_TYPE_NONE && in generate_random_sgl_divisions()
1067 div->nosimd = true; in generate_random_sgl_divisions()
1069 switch (div->flush_type) { in generate_random_sgl_divisions()
1071 if (div->nosimd) in generate_random_sgl_divisions()
1077 if (div->nosimd) in generate_random_sgl_divisions()
1088 p += scnprintf(p, end - p, "%s%u.%u%%@%s+%u%s", flushtype_str, in generate_random_sgl_divisions()
1090 div->offset_relative_to_alignmask ? in generate_random_sgl_divisions()
1092 div->offset, this_len == remaining ? "" : ", "); in generate_random_sgl_divisions()
1093 remaining -= this_len; in generate_random_sgl_divisions()
1110 cfg->name = name; in generate_random_testvec_config()
1112 p += scnprintf(p, end - p, "random:"); in generate_random_testvec_config()
1117 cfg->inplace_mode = OUT_OF_PLACE; in generate_random_testvec_config()
1120 cfg->inplace_mode = INPLACE_ONE_SGLIST; in generate_random_testvec_config()
1121 p += scnprintf(p, end - p, " inplace_one_sglist"); in generate_random_testvec_config()
1124 cfg->inplace_mode = INPLACE_TWO_SGLISTS; in generate_random_testvec_config()
1125 p += scnprintf(p, end - p, " inplace_two_sglists"); in generate_random_testvec_config()
1130 cfg->req_flags |= CRYPTO_TFM_REQ_MAY_SLEEP; in generate_random_testvec_config()
1131 p += scnprintf(p, end - p, " may_sleep"); in generate_random_testvec_config()
1136 cfg->finalization_type = FINALIZATION_TYPE_FINAL; in generate_random_testvec_config()
1137 p += scnprintf(p, end - p, " use_final"); in generate_random_testvec_config()
1140 cfg->finalization_type = FINALIZATION_TYPE_FINUP; in generate_random_testvec_config()
1141 p += scnprintf(p, end - p, " use_finup"); in generate_random_testvec_config()
1144 cfg->finalization_type = FINALIZATION_TYPE_DIGEST; in generate_random_testvec_config()
1145 p += scnprintf(p, end - p, " use_digest"); in generate_random_testvec_config()
1149 if (!(cfg->req_flags & CRYPTO_TFM_REQ_MAY_SLEEP)) { in generate_random_testvec_config()
1151 cfg->nosimd = true; in generate_random_testvec_config()
1152 p += scnprintf(p, end - p, " nosimd"); in generate_random_testvec_config()
1155 cfg->nosimd_setkey = true; in generate_random_testvec_config()
1156 p += scnprintf(p, end - p, " nosimd_setkey"); in generate_random_testvec_config()
1160 p += scnprintf(p, end - p, " src_divs=["); in generate_random_testvec_config()
1161 p = generate_random_sgl_divisions(rng, cfg->src_divs, in generate_random_testvec_config()
1162 ARRAY_SIZE(cfg->src_divs), p, end, in generate_random_testvec_config()
1163 (cfg->finalization_type != in generate_random_testvec_config()
1165 cfg->req_flags); in generate_random_testvec_config()
1166 p += scnprintf(p, end - p, "]"); in generate_random_testvec_config()
1168 if (cfg->inplace_mode == OUT_OF_PLACE && prandom_bool(rng)) { in generate_random_testvec_config()
1169 p += scnprintf(p, end - p, " dst_divs=["); in generate_random_testvec_config()
1170 p = generate_random_sgl_divisions(rng, cfg->dst_divs, in generate_random_testvec_config()
1171 ARRAY_SIZE(cfg->dst_divs), in generate_random_testvec_config()
1173 cfg->req_flags); in generate_random_testvec_config()
1174 p += scnprintf(p, end - p, "]"); in generate_random_testvec_config()
1178 cfg->iv_offset = prandom_u32_inclusive(rng, 1, in generate_random_testvec_config()
1180 p += scnprintf(p, end - p, " iv_offset=%u", cfg->iv_offset); in generate_random_testvec_config()
1184 cfg->key_offset = prandom_u32_inclusive(rng, 1, in generate_random_testvec_config()
1186 p += scnprintf(p, end - p, " key_offset=%u", cfg->key_offset); in generate_random_testvec_config()
1207 * "-generic" to every part of the name that is not a template name. Examples:
1209 * aes => aes-generic
1210 * cbc(aes) => cbc(aes-generic)
1211 * cts(cbc(aes)) => cts(cbc(aes-generic))
1212 * rfc7539(chacha20,poly1305) => rfc7539(chacha20-generic,poly1305-generic)
1214 * Return: 0 on success, or -ENAMETOOLONG if the generic name would be too long
1234 memcpy(out, "-generic", 8); in build_generic_driver_name()
1243 return -ENAMETOOLONG; in build_generic_driver_name()
1264 kv.iov_base = (void *)vec->plaintext; in build_hash_sglist()
1265 kv.iov_len = vec->psize; in build_hash_sglist()
1266 iov_iter_kvec(&input, ITER_SOURCE, &kv, 1, vec->psize); in build_hash_sglist()
1267 return build_test_sglist(tsgl, cfg->src_divs, alignmask, vec->psize, in build_hash_sglist()
1278 if (memcmp(result, vec->digest, digestsize) != 0) { in check_hash_result()
1280 type, driver, vec_name, cfg->name); in check_hash_result()
1281 return -EINVAL; in check_hash_result()
1285 type, driver, vec_name, cfg->name); in check_hash_result()
1286 return -EOVERFLOW; in check_hash_result()
1297 driver, op, err, vec_name, cfg->name); in check_shash_op()
1309 struct crypto_shash *tfm = desc->tfm; in test_shash_vec_cfg()
1319 if (vec->ksize) { in test_shash_vec_cfg()
1320 err = do_setkey(crypto_shash_setkey, tfm, vec->key, vec->ksize, in test_shash_vec_cfg()
1323 if (err == vec->setkey_error) in test_shash_vec_cfg()
1326 driver, vec_name, vec->setkey_error, err, in test_shash_vec_cfg()
1330 if (vec->setkey_error) { in test_shash_vec_cfg()
1332 driver, vec_name, vec->setkey_error); in test_shash_vec_cfg()
1333 return -EINVAL; in test_shash_vec_cfg()
1341 driver, vec_name, cfg->name); in test_shash_vec_cfg()
1347 testmgr_poison(desc->__ctx, crypto_shash_descsize(tfm)); in test_shash_vec_cfg()
1350 if (cfg->finalization_type == FINALIZATION_TYPE_DIGEST || in test_shash_vec_cfg()
1351 vec->digest_error) { in test_shash_vec_cfg()
1353 if (tsgl->nents != 1) in test_shash_vec_cfg()
1355 if (cfg->nosimd) in test_shash_vec_cfg()
1357 err = crypto_shash_digest(desc, sg_virt(&tsgl->sgl[0]), in test_shash_vec_cfg()
1358 tsgl->sgl[0].length, result); in test_shash_vec_cfg()
1359 if (cfg->nosimd) in test_shash_vec_cfg()
1362 if (err == vec->digest_error) in test_shash_vec_cfg()
1365 driver, vec_name, vec->digest_error, err, in test_shash_vec_cfg()
1366 cfg->name); in test_shash_vec_cfg()
1369 if (vec->digest_error) { in test_shash_vec_cfg()
1371 driver, vec_name, vec->digest_error, cfg->name); in test_shash_vec_cfg()
1372 return -EINVAL; in test_shash_vec_cfg()
1379 if (cfg->nosimd) in test_shash_vec_cfg()
1382 if (cfg->nosimd) in test_shash_vec_cfg()
1388 for (i = 0; i < tsgl->nents; i++) { in test_shash_vec_cfg()
1389 if (i + 1 == tsgl->nents && in test_shash_vec_cfg()
1390 cfg->finalization_type == FINALIZATION_TYPE_FINUP) { in test_shash_vec_cfg()
1391 if (divs[i]->nosimd) in test_shash_vec_cfg()
1393 err = crypto_shash_finup(desc, sg_virt(&tsgl->sgl[i]), in test_shash_vec_cfg()
1394 tsgl->sgl[i].length, result); in test_shash_vec_cfg()
1395 if (divs[i]->nosimd) in test_shash_vec_cfg()
1403 if (divs[i]->nosimd) in test_shash_vec_cfg()
1405 err = crypto_shash_update(desc, sg_virt(&tsgl->sgl[i]), in test_shash_vec_cfg()
1406 tsgl->sgl[i].length); in test_shash_vec_cfg()
1407 if (divs[i]->nosimd) in test_shash_vec_cfg()
1412 if (divs[i]->flush_type == FLUSH_TYPE_REIMPORT) { in test_shash_vec_cfg()
1413 /* Test ->export() and ->import() */ in test_shash_vec_cfg()
1424 driver, vec_name, cfg->name); in test_shash_vec_cfg()
1425 return -EOVERFLOW; in test_shash_vec_cfg()
1427 testmgr_poison(desc->__ctx, crypto_shash_descsize(tfm)); in test_shash_vec_cfg()
1436 if (cfg->nosimd) in test_shash_vec_cfg()
1439 if (cfg->nosimd) in test_shash_vec_cfg()
1473 driver, op, err, vec_name, cfg->name); in check_nonfinal_ahash_op()
1478 driver, op, vec_name, cfg->name); in check_nonfinal_ahash_op()
1479 return -EINVAL; in check_nonfinal_ahash_op()
1496 const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; in test_ahash_vec_cfg()
1506 if (vec->ksize) { in test_ahash_vec_cfg()
1507 err = do_setkey(crypto_ahash_setkey, tfm, vec->key, vec->ksize, in test_ahash_vec_cfg()
1510 if (err == vec->setkey_error) in test_ahash_vec_cfg()
1513 driver, vec_name, vec->setkey_error, err, in test_ahash_vec_cfg()
1517 if (vec->setkey_error) { in test_ahash_vec_cfg()
1519 driver, vec_name, vec->setkey_error); in test_ahash_vec_cfg()
1520 return -EINVAL; in test_ahash_vec_cfg()
1528 driver, vec_name, cfg->name); in test_ahash_vec_cfg()
1534 testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm)); in test_ahash_vec_cfg()
1537 if (cfg->finalization_type == FINALIZATION_TYPE_DIGEST || in test_ahash_vec_cfg()
1538 vec->digest_error) { in test_ahash_vec_cfg()
1542 ahash_request_set_crypt(req, tsgl->sgl, result, vec->psize); in test_ahash_vec_cfg()
1543 err = do_ahash_op(crypto_ahash_digest, req, &wait, cfg->nosimd); in test_ahash_vec_cfg()
1545 if (err == vec->digest_error) in test_ahash_vec_cfg()
1548 driver, vec_name, vec->digest_error, err, in test_ahash_vec_cfg()
1549 cfg->name); in test_ahash_vec_cfg()
1552 if (vec->digest_error) { in test_ahash_vec_cfg()
1554 driver, vec_name, vec->digest_error, cfg->name); in test_ahash_vec_cfg()
1555 return -EINVAL; in test_ahash_vec_cfg()
1564 err = do_ahash_op(crypto_ahash_init, req, &wait, cfg->nosimd); in test_ahash_vec_cfg()
1572 for (i = 0; i < tsgl->nents; i++) { in test_ahash_vec_cfg()
1573 if (divs[i]->flush_type != FLUSH_TYPE_NONE && in test_ahash_vec_cfg()
1581 divs[i]->nosimd); in test_ahash_vec_cfg()
1590 if (divs[i]->flush_type == FLUSH_TYPE_REIMPORT) { in test_ahash_vec_cfg()
1591 /* Test ->export() and ->import() */ in test_ahash_vec_cfg()
1603 driver, vec_name, cfg->name); in test_ahash_vec_cfg()
1604 return -EOVERFLOW; in test_ahash_vec_cfg()
1607 testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm)); in test_ahash_vec_cfg()
1616 pending_sgl = &tsgl->sgl[i]; in test_ahash_vec_cfg()
1617 pending_len += tsgl->sgl[i].length; in test_ahash_vec_cfg()
1622 if (cfg->finalization_type == FINALIZATION_TYPE_FINAL) { in test_ahash_vec_cfg()
1624 err = do_ahash_op(crypto_ahash_update, req, &wait, cfg->nosimd); in test_ahash_vec_cfg()
1629 err = do_ahash_op(crypto_ahash_final, req, &wait, cfg->nosimd); in test_ahash_vec_cfg()
1632 driver, err, vec_name, cfg->name); in test_ahash_vec_cfg()
1637 err = do_ahash_op(crypto_ahash_finup, req, &wait, cfg->nosimd); in test_ahash_vec_cfg()
1640 driver, err, vec_name, cfg->name); in test_ahash_vec_cfg()
1729 vec->psize = generate_random_length(rng, maxdatasize); in generate_random_hash_testvec()
1730 generate_random_bytes(rng, (u8 *)vec->plaintext, vec->psize); in generate_random_hash_testvec()
1736 vec->setkey_error = 0; in generate_random_hash_testvec()
1737 vec->ksize = 0; in generate_random_hash_testvec()
1739 vec->ksize = maxkeysize; in generate_random_hash_testvec()
1741 vec->ksize = prandom_u32_inclusive(rng, 1, maxkeysize); in generate_random_hash_testvec()
1742 generate_random_bytes(rng, (u8 *)vec->key, vec->ksize); in generate_random_hash_testvec()
1744 vec->setkey_error = crypto_shash_setkey(desc->tfm, vec->key, in generate_random_hash_testvec()
1745 vec->ksize); in generate_random_hash_testvec()
1747 if (vec->setkey_error) in generate_random_hash_testvec()
1752 vec->digest_error = crypto_shash_digest(desc, vec->plaintext, in generate_random_hash_testvec()
1753 vec->psize, (u8 *)vec->digest); in generate_random_hash_testvec()
1756 vec->psize, vec->ksize); in generate_random_hash_testvec()
1773 const unsigned int maxdatasize = (2 * PAGE_SIZE) - TESTMGR_POISON_LEN; in test_hash_vs_generic_impl()
1774 const char *algname = crypto_hash_alg_common(tfm)->base.cra_name; in test_hash_vs_generic_impl()
1805 if (err == -ENOENT) { in test_hash_vs_generic_impl()
1817 err = -ENOMEM; in test_hash_vs_generic_impl()
1824 err = -ENOMEM; in test_hash_vs_generic_impl()
1827 generic_desc->tfm = generic_tfm; in test_hash_vs_generic_impl()
1835 err = -EINVAL; in test_hash_vs_generic_impl()
1842 err = -EINVAL; in test_hash_vs_generic_impl()
1855 err = -ENOMEM; in test_hash_vs_generic_impl()
1903 if (PTR_ERR(tfm) == -ENOENT) { in alloc_shash()
1918 return -ENOMEM; in alloc_shash()
1920 desc->tfm = tfm; in alloc_shash()
1949 if (PTR_ERR(atfm) == -ENOENT) in __alg_test_hash()
1961 err = -ENOMEM; in __alg_test_hash()
1979 err = -ENOMEM; in __alg_test_hash()
1990 err = -ENOMEM; in __alg_test_hash()
2021 const struct hash_testvec *template = desc->suite.hash.vecs; in alg_test_hash()
2022 unsigned int tcount = desc->suite.hash.count; in alg_test_hash()
2040 "unkeyed ones must come first\n", desc->alg); in alg_test_hash()
2041 return -EINVAL; in alg_test_hash()
2050 desc->generic_driver, maxkeysize); in alg_test_hash()
2056 desc->generic_driver, maxkeysize); in alg_test_hash()
2070 const unsigned int authsize = vec->clen - vec->plen; in test_aead_vec_cfg()
2072 const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; in test_aead_vec_cfg()
2077 cfg->iv_offset + in test_aead_vec_cfg()
2078 (cfg->iv_offset_relative_to_alignmask ? alignmask : 0); in test_aead_vec_cfg()
2083 if (vec->wk) in test_aead_vec_cfg()
2088 err = do_setkey(crypto_aead_setkey, tfm, vec->key, vec->klen, in test_aead_vec_cfg()
2090 if (err && err != vec->setkey_error) { in test_aead_vec_cfg()
2092 driver, vec_name, vec->setkey_error, err, in test_aead_vec_cfg()
2096 if (!err && vec->setkey_error) { in test_aead_vec_cfg()
2098 driver, vec_name, vec->setkey_error); in test_aead_vec_cfg()
2099 return -EINVAL; in test_aead_vec_cfg()
2104 if (err && err != vec->setauthsize_error) { in test_aead_vec_cfg()
2106 driver, vec_name, vec->setauthsize_error, err); in test_aead_vec_cfg()
2109 if (!err && vec->setauthsize_error) { in test_aead_vec_cfg()
2111 driver, vec_name, vec->setauthsize_error); in test_aead_vec_cfg()
2112 return -EINVAL; in test_aead_vec_cfg()
2115 if (vec->setkey_error || vec->setauthsize_error) in test_aead_vec_cfg()
2120 return -EINVAL; in test_aead_vec_cfg()
2121 if (vec->iv) in test_aead_vec_cfg()
2122 memcpy(iv, vec->iv, ivsize); in test_aead_vec_cfg()
2127 input[0].iov_base = (void *)vec->assoc; in test_aead_vec_cfg()
2128 input[0].iov_len = vec->alen; in test_aead_vec_cfg()
2129 input[1].iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext; in test_aead_vec_cfg()
2130 input[1].iov_len = enc ? vec->plen : vec->clen; in test_aead_vec_cfg()
2132 vec->alen + (enc ? vec->plen : in test_aead_vec_cfg()
2133 vec->clen), in test_aead_vec_cfg()
2134 vec->alen + (enc ? vec->clen : in test_aead_vec_cfg()
2135 vec->plen), in test_aead_vec_cfg()
2139 driver, op, vec_name, cfg->name); in test_aead_vec_cfg()
2144 testmgr_poison(req->__ctx, crypto_aead_reqsize(tfm)); in test_aead_vec_cfg()
2146 aead_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr, in test_aead_vec_cfg()
2147 enc ? vec->plen : vec->clen, iv); in test_aead_vec_cfg()
2148 aead_request_set_ad(req, vec->alen); in test_aead_vec_cfg()
2149 if (cfg->nosimd) in test_aead_vec_cfg()
2152 if (cfg->nosimd) in test_aead_vec_cfg()
2157 if (req->cryptlen != (enc ? vec->plen : vec->clen) || in test_aead_vec_cfg()
2158 req->assoclen != vec->alen || in test_aead_vec_cfg()
2159 req->iv != iv || in test_aead_vec_cfg()
2160 req->src != tsgls->src.sgl_ptr || in test_aead_vec_cfg()
2161 req->dst != tsgls->dst.sgl_ptr || in test_aead_vec_cfg()
2163 req->base.complete != crypto_req_done || in test_aead_vec_cfg()
2164 req->base.flags != req_flags || in test_aead_vec_cfg()
2165 req->base.data != &wait) { in test_aead_vec_cfg()
2167 driver, op, vec_name, cfg->name); in test_aead_vec_cfg()
2168 if (req->cryptlen != (enc ? vec->plen : vec->clen)) in test_aead_vec_cfg()
2169 pr_err("alg: aead: changed 'req->cryptlen'\n"); in test_aead_vec_cfg()
2170 if (req->assoclen != vec->alen) in test_aead_vec_cfg()
2171 pr_err("alg: aead: changed 'req->assoclen'\n"); in test_aead_vec_cfg()
2172 if (req->iv != iv) in test_aead_vec_cfg()
2173 pr_err("alg: aead: changed 'req->iv'\n"); in test_aead_vec_cfg()
2174 if (req->src != tsgls->src.sgl_ptr) in test_aead_vec_cfg()
2175 pr_err("alg: aead: changed 'req->src'\n"); in test_aead_vec_cfg()
2176 if (req->dst != tsgls->dst.sgl_ptr) in test_aead_vec_cfg()
2177 pr_err("alg: aead: changed 'req->dst'\n"); in test_aead_vec_cfg()
2179 pr_err("alg: aead: changed 'req->base.tfm'\n"); in test_aead_vec_cfg()
2180 if (req->base.complete != crypto_req_done) in test_aead_vec_cfg()
2181 pr_err("alg: aead: changed 'req->base.complete'\n"); in test_aead_vec_cfg()
2182 if (req->base.flags != req_flags) in test_aead_vec_cfg()
2183 pr_err("alg: aead: changed 'req->base.flags'\n"); in test_aead_vec_cfg()
2184 if (req->base.data != &wait) in test_aead_vec_cfg()
2185 pr_err("alg: aead: changed 'req->base.data'\n"); in test_aead_vec_cfg()
2186 return -EINVAL; in test_aead_vec_cfg()
2188 if (is_test_sglist_corrupted(&tsgls->src)) { in test_aead_vec_cfg()
2190 driver, op, vec_name, cfg->name); in test_aead_vec_cfg()
2191 return -EINVAL; in test_aead_vec_cfg()
2193 if (tsgls->dst.sgl_ptr != tsgls->src.sgl && in test_aead_vec_cfg()
2194 is_test_sglist_corrupted(&tsgls->dst)) { in test_aead_vec_cfg()
2196 driver, op, vec_name, cfg->name); in test_aead_vec_cfg()
2197 return -EINVAL; in test_aead_vec_cfg()
2201 if ((err == 0 && vec->novrfy) || in test_aead_vec_cfg()
2202 (err != vec->crypt_error && !(err == -EBADMSG && vec->novrfy))) { in test_aead_vec_cfg()
2205 if (vec->novrfy && in test_aead_vec_cfg()
2206 vec->crypt_error != 0 && vec->crypt_error != -EBADMSG) in test_aead_vec_cfg()
2207 sprintf(expected_error, "-EBADMSG or %d", in test_aead_vec_cfg()
2208 vec->crypt_error); in test_aead_vec_cfg()
2209 else if (vec->novrfy) in test_aead_vec_cfg()
2210 sprintf(expected_error, "-EBADMSG"); in test_aead_vec_cfg()
2212 sprintf(expected_error, "%d", vec->crypt_error); in test_aead_vec_cfg()
2216 cfg->name); in test_aead_vec_cfg()
2220 driver, op, vec_name, expected_error, cfg->name); in test_aead_vec_cfg()
2221 return -EINVAL; in test_aead_vec_cfg()
2227 err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, in test_aead_vec_cfg()
2228 enc ? vec->clen : vec->plen, in test_aead_vec_cfg()
2229 vec->alen, in test_aead_vec_cfg()
2230 enc || cfg->inplace_mode == OUT_OF_PLACE); in test_aead_vec_cfg()
2231 if (err == -EOVERFLOW) { in test_aead_vec_cfg()
2233 driver, op, vec_name, cfg->name); in test_aead_vec_cfg()
2238 driver, op, vec_name, cfg->name); in test_aead_vec_cfg()
2253 if (enc && vec->novrfy) in test_aead_vec()
2315 const unsigned int authsize = vec->clen - vec->plen; in mutate_aead_message()
2317 if (prandom_bool(rng) && vec->alen > aad_tail_size) { in mutate_aead_message()
2319 flip_random_bit(rng, (u8 *)vec->assoc, in mutate_aead_message()
2320 vec->alen - aad_tail_size); in mutate_aead_message()
2326 flip_random_bit(rng, (u8 *)vec->ctext + vec->plen, authsize); in mutate_aead_message()
2329 flip_random_bit(rng, (u8 *)vec->ctext, vec->clen); in mutate_aead_message()
2348 const unsigned int authsize = vec->clen - vec->plen; in generate_aead_message()
2354 generate_random_bytes(rng, (u8 *)vec->assoc, vec->alen); in generate_aead_message()
2355 if (suite->aad_iv && vec->alen >= ivsize) in generate_aead_message()
2356 /* Avoid implementation-defined behavior. */ in generate_aead_message()
2357 memcpy((u8 *)vec->assoc + vec->alen - ivsize, vec->iv, ivsize); in generate_aead_message()
2361 generate_random_bytes(rng, (u8 *)vec->ctext, vec->clen); in generate_aead_message()
2370 if (vec->alen) in generate_aead_message()
2371 sg_set_buf(&src[i++], vec->assoc, vec->alen); in generate_aead_message()
2372 if (vec->plen) { in generate_aead_message()
2373 generate_random_bytes(rng, (u8 *)vec->ptext, vec->plen); in generate_aead_message()
2374 sg_set_buf(&src[i++], vec->ptext, vec->plen); in generate_aead_message()
2376 sg_init_one(&dst, vec->ctext, vec->alen + vec->clen); in generate_aead_message()
2377 memcpy(iv, vec->iv, ivsize); in generate_aead_message()
2379 aead_request_set_crypt(req, src, &dst, vec->plen, iv); in generate_aead_message()
2380 aead_request_set_ad(req, vec->alen); in generate_aead_message()
2381 vec->crypt_error = crypto_wait_req(crypto_aead_encrypt(req), in generate_aead_message()
2384 if (vec->crypt_error != 0) in generate_aead_message()
2386 memmove((u8 *)vec->ctext, vec->ctext + vec->alen, vec->clen); in generate_aead_message()
2393 mutate_aead_message(rng, vec, suite->aad_iv, ivsize); in generate_aead_message()
2395 vec->novrfy = 1; in generate_aead_message()
2396 if (suite->einval_allowed) in generate_aead_message()
2397 vec->crypt_error = -EINVAL; in generate_aead_message()
2405 * test vectors (i.e. vectors with 'vec->novrfy=1') more often.
2423 vec->klen = maxkeysize; in generate_random_aead_testvec()
2425 vec->klen = prandom_u32_below(rng, maxkeysize + 1); in generate_random_aead_testvec()
2426 generate_random_bytes(rng, (u8 *)vec->key, vec->klen); in generate_random_aead_testvec()
2427 vec->setkey_error = crypto_aead_setkey(tfm, vec->key, vec->klen); in generate_random_aead_testvec()
2430 generate_random_bytes(rng, (u8 *)vec->iv, ivsize); in generate_random_aead_testvec()
2440 maxdatasize -= authsize; in generate_random_aead_testvec()
2441 vec->setauthsize_error = crypto_aead_setauthsize(tfm, authsize); in generate_random_aead_testvec()
2446 vec->alen = 0; in generate_random_aead_testvec()
2448 vec->alen = generate_random_length(rng, total_len); in generate_random_aead_testvec()
2449 vec->plen = total_len - vec->alen; in generate_random_aead_testvec()
2450 vec->clen = vec->plen + authsize; in generate_random_aead_testvec()
2456 vec->novrfy = 0; in generate_random_aead_testvec()
2457 vec->crypt_error = 0; in generate_random_aead_testvec()
2458 if (vec->setkey_error == 0 && vec->setauthsize_error == 0) in generate_random_aead_testvec()
2462 vec->alen, vec->plen, authsize, vec->klen, vec->novrfy); in generate_random_aead_testvec()
2471 generate_random_aead_testvec(&ctx->rng, ctx->req, &ctx->vec, in try_to_generate_inauthentic_testvec()
2472 &ctx->test_desc->suite.aead, in try_to_generate_inauthentic_testvec()
2473 ctx->maxkeysize, ctx->maxdatasize, in try_to_generate_inauthentic_testvec()
2474 ctx->vec_name, in try_to_generate_inauthentic_testvec()
2475 sizeof(ctx->vec_name), true); in try_to_generate_inauthentic_testvec()
2476 if (ctx->vec.novrfy) in try_to_generate_inauthentic_testvec()
2501 if (ctx->vec.novrfy) { in test_aead_inauthentic_inputs()
2502 generate_random_testvec_config(&ctx->rng, &ctx->cfg, in test_aead_inauthentic_inputs()
2503 ctx->cfgname, in test_aead_inauthentic_inputs()
2504 sizeof(ctx->cfgname)); in test_aead_inauthentic_inputs()
2505 err = test_aead_vec_cfg(DECRYPT, &ctx->vec, in test_aead_inauthentic_inputs()
2506 ctx->vec_name, &ctx->cfg, in test_aead_inauthentic_inputs()
2507 ctx->req, ctx->tsgls); in test_aead_inauthentic_inputs()
2522 struct crypto_aead *tfm = ctx->tfm; in test_aead_vs_generic_impl()
2523 const char *algname = crypto_aead_alg(tfm)->base.cra_name; in test_aead_vs_generic_impl()
2525 const char *generic_driver = ctx->test_desc->generic_driver; in test_aead_vs_generic_impl()
2545 if (err == -ENOENT) { in test_aead_vs_generic_impl()
2557 err = -ENOMEM; in test_aead_vs_generic_impl()
2568 err = -EINVAL; in test_aead_vs_generic_impl()
2576 err = -EINVAL; in test_aead_vs_generic_impl()
2584 err = -EINVAL; in test_aead_vs_generic_impl()
2593 generate_random_aead_testvec(&ctx->rng, generic_req, &ctx->vec, in test_aead_vs_generic_impl()
2594 &ctx->test_desc->suite.aead, in test_aead_vs_generic_impl()
2595 ctx->maxkeysize, ctx->maxdatasize, in test_aead_vs_generic_impl()
2596 ctx->vec_name, in test_aead_vs_generic_impl()
2597 sizeof(ctx->vec_name), false); in test_aead_vs_generic_impl()
2598 generate_random_testvec_config(&ctx->rng, &ctx->cfg, in test_aead_vs_generic_impl()
2599 ctx->cfgname, in test_aead_vs_generic_impl()
2600 sizeof(ctx->cfgname)); in test_aead_vs_generic_impl()
2601 if (!ctx->vec.novrfy) { in test_aead_vs_generic_impl()
2602 err = test_aead_vec_cfg(ENCRYPT, &ctx->vec, in test_aead_vs_generic_impl()
2603 ctx->vec_name, &ctx->cfg, in test_aead_vs_generic_impl()
2604 ctx->req, ctx->tsgls); in test_aead_vs_generic_impl()
2608 if (ctx->vec.crypt_error == 0 || ctx->vec.novrfy) { in test_aead_vs_generic_impl()
2609 err = test_aead_vec_cfg(DECRYPT, &ctx->vec, in test_aead_vs_generic_impl()
2610 ctx->vec_name, &ctx->cfg, in test_aead_vs_generic_impl()
2611 ctx->req, ctx->tsgls); in test_aead_vs_generic_impl()
2637 return -ENOMEM; in test_aead_extra()
2638 init_rnd_state(&ctx->rng); in test_aead_extra()
2639 ctx->req = req; in test_aead_extra()
2640 ctx->tfm = crypto_aead_reqtfm(req); in test_aead_extra()
2641 ctx->test_desc = test_desc; in test_aead_extra()
2642 ctx->tsgls = tsgls; in test_aead_extra()
2643 ctx->maxdatasize = (2 * PAGE_SIZE) - TESTMGR_POISON_LEN; in test_aead_extra()
2644 ctx->maxkeysize = 0; in test_aead_extra()
2645 for (i = 0; i < test_desc->suite.aead.count; i++) in test_aead_extra()
2646 ctx->maxkeysize = max_t(unsigned int, ctx->maxkeysize, in test_aead_extra()
2647 test_desc->suite.aead.vecs[i].klen); in test_aead_extra()
2649 ctx->vec.key = kmalloc(ctx->maxkeysize, GFP_KERNEL); in test_aead_extra()
2650 ctx->vec.iv = kmalloc(crypto_aead_ivsize(ctx->tfm), GFP_KERNEL); in test_aead_extra()
2651 ctx->vec.assoc = kmalloc(ctx->maxdatasize, GFP_KERNEL); in test_aead_extra()
2652 ctx->vec.ptext = kmalloc(ctx->maxdatasize, GFP_KERNEL); in test_aead_extra()
2653 ctx->vec.ctext = kmalloc(ctx->maxdatasize, GFP_KERNEL); in test_aead_extra()
2654 if (!ctx->vec.key || !ctx->vec.iv || !ctx->vec.assoc || in test_aead_extra()
2655 !ctx->vec.ptext || !ctx->vec.ctext) { in test_aead_extra()
2656 err = -ENOMEM; in test_aead_extra()
2666 kfree(ctx->vec.key); in test_aead_extra()
2667 kfree(ctx->vec.iv); in test_aead_extra()
2668 kfree(ctx->vec.assoc); in test_aead_extra()
2669 kfree(ctx->vec.ptext); in test_aead_extra()
2670 kfree(ctx->vec.ctext); in test_aead_extra()
2690 for (i = 0; i < suite->count; i++) { in test_aead()
2691 err = test_aead_vec(enc, &suite->vecs[i], i, req, tsgls); in test_aead()
2702 const struct aead_test_suite *suite = &desc->suite.aead; in alg_test_aead()
2708 if (suite->count <= 0) { in alg_test_aead()
2710 return -EINVAL; in alg_test_aead()
2715 if (PTR_ERR(tfm) == -ENOENT) in alg_test_aead()
2727 err = -ENOMEM; in alg_test_aead()
2735 err = -ENOMEM; in alg_test_aead()
2766 int ret = -ENOMEM; in test_cipher()
2786 ret = -EINVAL; in test_cipher()
2810 ret = -EINVAL; in test_cipher()
2829 ret = -EINVAL; in test_cipher()
2852 const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; in test_skcipher_vec_cfg()
2857 cfg->iv_offset + in test_skcipher_vec_cfg()
2858 (cfg->iv_offset_relative_to_alignmask ? alignmask : 0); in test_skcipher_vec_cfg()
2863 if (vec->wk) in test_skcipher_vec_cfg()
2868 err = do_setkey(crypto_skcipher_setkey, tfm, vec->key, vec->klen, in test_skcipher_vec_cfg()
2871 if (err == vec->setkey_error) in test_skcipher_vec_cfg()
2874 driver, vec_name, vec->setkey_error, err, in test_skcipher_vec_cfg()
2878 if (vec->setkey_error) { in test_skcipher_vec_cfg()
2880 driver, vec_name, vec->setkey_error); in test_skcipher_vec_cfg()
2881 return -EINVAL; in test_skcipher_vec_cfg()
2887 return -EINVAL; in test_skcipher_vec_cfg()
2888 if (vec->iv) in test_skcipher_vec_cfg()
2889 memcpy(iv, vec->iv, ivsize); in test_skcipher_vec_cfg()
2897 input.iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext; in test_skcipher_vec_cfg()
2898 input.iov_len = vec->len; in test_skcipher_vec_cfg()
2900 vec->len, vec->len, &input, 1); in test_skcipher_vec_cfg()
2903 driver, op, vec_name, cfg->name); in test_skcipher_vec_cfg()
2908 testmgr_poison(req->__ctx, crypto_skcipher_reqsize(tfm)); in test_skcipher_vec_cfg()
2910 skcipher_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr, in test_skcipher_vec_cfg()
2911 vec->len, iv); in test_skcipher_vec_cfg()
2912 if (cfg->nosimd) in test_skcipher_vec_cfg()
2915 if (cfg->nosimd) in test_skcipher_vec_cfg()
2920 if (req->cryptlen != vec->len || in test_skcipher_vec_cfg()
2921 req->iv != iv || in test_skcipher_vec_cfg()
2922 req->src != tsgls->src.sgl_ptr || in test_skcipher_vec_cfg()
2923 req->dst != tsgls->dst.sgl_ptr || in test_skcipher_vec_cfg()
2925 req->base.complete != crypto_req_done || in test_skcipher_vec_cfg()
2926 req->base.flags != req_flags || in test_skcipher_vec_cfg()
2927 req->base.data != &wait) { in test_skcipher_vec_cfg()
2929 driver, op, vec_name, cfg->name); in test_skcipher_vec_cfg()
2930 if (req->cryptlen != vec->len) in test_skcipher_vec_cfg()
2931 pr_err("alg: skcipher: changed 'req->cryptlen'\n"); in test_skcipher_vec_cfg()
2932 if (req->iv != iv) in test_skcipher_vec_cfg()
2933 pr_err("alg: skcipher: changed 'req->iv'\n"); in test_skcipher_vec_cfg()
2934 if (req->src != tsgls->src.sgl_ptr) in test_skcipher_vec_cfg()
2935 pr_err("alg: skcipher: changed 'req->src'\n"); in test_skcipher_vec_cfg()
2936 if (req->dst != tsgls->dst.sgl_ptr) in test_skcipher_vec_cfg()
2937 pr_err("alg: skcipher: changed 'req->dst'\n"); in test_skcipher_vec_cfg()
2939 pr_err("alg: skcipher: changed 'req->base.tfm'\n"); in test_skcipher_vec_cfg()
2940 if (req->base.complete != crypto_req_done) in test_skcipher_vec_cfg()
2941 pr_err("alg: skcipher: changed 'req->base.complete'\n"); in test_skcipher_vec_cfg()
2942 if (req->base.flags != req_flags) in test_skcipher_vec_cfg()
2943 pr_err("alg: skcipher: changed 'req->base.flags'\n"); in test_skcipher_vec_cfg()
2944 if (req->base.data != &wait) in test_skcipher_vec_cfg()
2945 pr_err("alg: skcipher: changed 'req->base.data'\n"); in test_skcipher_vec_cfg()
2946 return -EINVAL; in test_skcipher_vec_cfg()
2948 if (is_test_sglist_corrupted(&tsgls->src)) { in test_skcipher_vec_cfg()
2950 driver, op, vec_name, cfg->name); in test_skcipher_vec_cfg()
2951 return -EINVAL; in test_skcipher_vec_cfg()
2953 if (tsgls->dst.sgl_ptr != tsgls->src.sgl && in test_skcipher_vec_cfg()
2954 is_test_sglist_corrupted(&tsgls->dst)) { in test_skcipher_vec_cfg()
2956 driver, op, vec_name, cfg->name); in test_skcipher_vec_cfg()
2957 return -EINVAL; in test_skcipher_vec_cfg()
2962 if (err == vec->crypt_error) in test_skcipher_vec_cfg()
2965 driver, op, vec_name, vec->crypt_error, err, cfg->name); in test_skcipher_vec_cfg()
2968 if (vec->crypt_error) { in test_skcipher_vec_cfg()
2970 driver, op, vec_name, vec->crypt_error, cfg->name); in test_skcipher_vec_cfg()
2971 return -EINVAL; in test_skcipher_vec_cfg()
2975 err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, in test_skcipher_vec_cfg()
2976 vec->len, 0, true); in test_skcipher_vec_cfg()
2977 if (err == -EOVERFLOW) { in test_skcipher_vec_cfg()
2979 driver, op, vec_name, cfg->name); in test_skcipher_vec_cfg()
2984 driver, op, vec_name, cfg->name); in test_skcipher_vec_cfg()
2989 if (vec->iv_out && memcmp(iv, vec->iv_out, ivsize) != 0) { in test_skcipher_vec_cfg()
2991 driver, op, vec_name, cfg->name); in test_skcipher_vec_cfg()
2993 return -EINVAL; in test_skcipher_vec_cfg()
3008 if (fips_enabled && vec->fips_skip) in test_skcipher_vec()
3062 vec->klen = maxkeysize; in generate_random_cipher_testvec()
3064 vec->klen = prandom_u32_below(rng, maxkeysize + 1); in generate_random_cipher_testvec()
3065 generate_random_bytes(rng, (u8 *)vec->key, vec->klen); in generate_random_cipher_testvec()
3066 vec->setkey_error = crypto_skcipher_setkey(tfm, vec->key, vec->klen); in generate_random_cipher_testvec()
3069 generate_random_bytes(rng, (u8 *)vec->iv, ivsize); in generate_random_cipher_testvec()
3072 vec->len = generate_random_length(rng, maxdatasize); in generate_random_cipher_testvec()
3073 generate_random_bytes(rng, (u8 *)vec->ptext, vec->len); in generate_random_cipher_testvec()
3076 if (vec->setkey_error) in generate_random_cipher_testvec()
3080 sg_init_one(&src, vec->ptext, vec->len); in generate_random_cipher_testvec()
3081 sg_init_one(&dst, vec->ctext, vec->len); in generate_random_cipher_testvec()
3082 memcpy(iv, vec->iv, ivsize); in generate_random_cipher_testvec()
3084 skcipher_request_set_crypt(req, &src, &dst, vec->len, iv); in generate_random_cipher_testvec()
3085 vec->crypt_error = crypto_wait_req(crypto_skcipher_encrypt(req), &wait); in generate_random_cipher_testvec()
3086 if (vec->crypt_error != 0) { in generate_random_cipher_testvec()
3090 * We'll test for this. But to keep the API usage well-defined, in generate_random_cipher_testvec()
3093 memset((u8 *)vec->ctext, 0, vec->len); in generate_random_cipher_testvec()
3097 vec->len, vec->klen); in generate_random_cipher_testvec()
3112 const unsigned int maxdatasize = (2 * PAGE_SIZE) - TESTMGR_POISON_LEN; in test_skcipher_vs_generic_impl()
3113 const char *algname = crypto_skcipher_alg(tfm)->base.cra_name; in test_skcipher_vs_generic_impl()
3144 if (err == -ENOENT) { in test_skcipher_vs_generic_impl()
3156 err = -ENOMEM; in test_skcipher_vs_generic_impl()
3162 err = -ENOMEM; in test_skcipher_vs_generic_impl()
3173 err = -EINVAL; in test_skcipher_vs_generic_impl()
3181 err = -EINVAL; in test_skcipher_vs_generic_impl()
3188 err = -EINVAL; in test_skcipher_vs_generic_impl()
3196 err = -EINVAL; in test_skcipher_vs_generic_impl()
3210 err = -ENOMEM; in test_skcipher_vs_generic_impl()
3258 for (i = 0; i < suite->count; i++) { in test_skcipher()
3259 err = test_skcipher_vec(enc, &suite->vecs[i], i, req, tsgls); in test_skcipher()
3270 const struct cipher_test_suite *suite = &desc->suite.cipher; in alg_test_skcipher()
3276 if (suite->count <= 0) { in alg_test_skcipher()
3278 return -EINVAL; in alg_test_skcipher()
3283 if (PTR_ERR(tfm) == -ENOENT) in alg_test_skcipher()
3295 err = -ENOMEM; in alg_test_skcipher()
3303 err = -ENOMEM; in alg_test_skcipher()
3315 err = test_skcipher_vs_generic_impl(desc->generic_driver, req, tsgls); in alg_test_skcipher()
3335 return -ENOMEM; in test_comp()
3340 return -ENOMEM; in test_comp()
3356 -ret); in test_comp()
3366 i + 1, algo, -ret); in test_comp()
3374 ret = -EINVAL; in test_comp()
3383 ret = -EINVAL; in test_comp()
3400 -ret); in test_comp()
3408 ret = -EINVAL; in test_comp()
3416 ret = -EINVAL; in test_comp()
3444 return -ENOMEM; in test_acomp()
3449 return -ENOMEM; in test_acomp()
3459 ret = -ENOMEM; in test_acomp()
3473 ret = -ENOMEM; in test_acomp()
3484 i + 1, algo, -ret); in test_acomp()
3490 ilen = req->dlen; in test_acomp()
3500 i + 1, algo, -ret); in test_acomp()
3506 if (req->dlen != ctemplate[i].inlen) { in test_acomp()
3508 i + 1, algo, req->dlen); in test_acomp()
3509 ret = -EINVAL; in test_acomp()
3515 if (memcmp(input_vec, decomp_out, req->dlen)) { in test_acomp()
3518 hexdump(output, req->dlen); in test_acomp()
3519 ret = -EINVAL; in test_acomp()
3533 i + 1, algo, -ret); in test_acomp()
3551 ret = -ENOMEM; in test_acomp()
3565 ret = -ENOMEM; in test_acomp()
3576 i + 1, algo, -ret); in test_acomp()
3582 if (req->dlen != dtemplate[i].outlen) { in test_acomp()
3584 i + 1, algo, req->dlen); in test_acomp()
3585 ret = -EINVAL; in test_acomp()
3591 if (memcmp(output, dtemplate[i].output, req->dlen)) { in test_acomp()
3594 hexdump(output, req->dlen); in test_acomp()
3595 ret = -EINVAL; in test_acomp()
3608 i + 1, algo, -ret); in test_acomp()
3642 return -ENOMEM; in test_cprng()
3679 err = -EINVAL; in test_cprng()
3692 const struct cipher_test_suite *suite = &desc->suite.cipher; in alg_test_cipher()
3698 if (PTR_ERR(tfm) == -ENOENT) in alg_test_cipher()
3705 err = test_cipher(tfm, ENCRYPT, suite->vecs, suite->count); in alg_test_cipher()
3707 err = test_cipher(tfm, DECRYPT, suite->vecs, suite->count); in alg_test_cipher()
3724 if (PTR_ERR(acomp) == -ENOENT) in alg_test_comp()
3730 err = test_acomp(acomp, desc->suite.comp.comp.vecs, in alg_test_comp()
3731 desc->suite.comp.decomp.vecs, in alg_test_comp()
3732 desc->suite.comp.comp.count, in alg_test_comp()
3733 desc->suite.comp.decomp.count); in alg_test_comp()
3738 if (PTR_ERR(comp) == -ENOENT) in alg_test_comp()
3745 err = test_comp(comp, desc->suite.comp.comp.vecs, in alg_test_comp()
3746 desc->suite.comp.decomp.vecs, in alg_test_comp()
3747 desc->suite.comp.comp.count, in alg_test_comp()
3748 desc->suite.comp.decomp.count); in alg_test_comp()
3768 if (PTR_ERR(tfm) == -ENOENT) { in alg_test_crc32c()
3786 shash->tfm = tfm; in alg_test_crc32c()
3799 err = -EINVAL; in alg_test_crc32c()
3816 if (PTR_ERR(rng) == -ENOENT) in alg_test_cprng()
3823 err = test_cprng(rng, desc->suite.cprng.vecs, desc->suite.cprng.count); in alg_test_cprng()
3834 int ret = -EAGAIN; in drbg_cavs_test()
3838 unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL); in drbg_cavs_test()
3841 return -ENOMEM; in drbg_cavs_test()
3846 if (PTR_ERR(drng) == -ENOENT) in drbg_cavs_test()
3854 drbg_string_fill(&testentropy, test->entropy, test->entropylen); in drbg_cavs_test()
3855 drbg_string_fill(&pers, test->pers, test->perslen); in drbg_cavs_test()
3862 drbg_string_fill(&addtl, test->addtla, test->addtllen); in drbg_cavs_test()
3864 drbg_string_fill(&testentropy, test->entpra, test->entprlen); in drbg_cavs_test()
3866 buf, test->expectedlen, &addtl, &test_data); in drbg_cavs_test()
3869 buf, test->expectedlen, &addtl); in drbg_cavs_test()
3877 drbg_string_fill(&addtl, test->addtlb, test->addtllen); in drbg_cavs_test()
3879 drbg_string_fill(&testentropy, test->entprb, test->entprlen); in drbg_cavs_test()
3881 buf, test->expectedlen, &addtl, &test_data); in drbg_cavs_test()
3884 buf, test->expectedlen, &addtl); in drbg_cavs_test()
3892 ret = memcmp(test->expected, buf, test->expectedlen); in drbg_cavs_test()
3907 const struct drbg_testvec *template = desc->suite.drbg.vecs; in alg_test_drbg()
3908 unsigned int tcount = desc->suite.drbg.count; in alg_test_drbg()
3918 err = -EINVAL; in alg_test_drbg()
3937 int err = -ENOMEM; in do_test_kpp()
3946 err = crypto_kpp_set_secret(tfm, vec->secret, vec->secret_size); in do_test_kpp()
3953 err = -ENOMEM; in do_test_kpp()
3972 if (vec->genkey) { in do_test_kpp()
3974 a_public = kmemdup(sg_virt(req->dst), out_len_max, GFP_KERNEL); in do_test_kpp()
3976 err = -ENOMEM; in do_test_kpp()
3981 if (memcmp(vec->expected_a_public, sg_virt(req->dst), in do_test_kpp()
3982 vec->expected_a_public_size)) { in do_test_kpp()
3985 err = -EINVAL; in do_test_kpp()
3991 input_buf = kmemdup(vec->b_public, vec->b_public_size, GFP_KERNEL); in do_test_kpp()
3993 err = -ENOMEM; in do_test_kpp()
3997 sg_init_one(&src, input_buf, vec->b_public_size); in do_test_kpp()
3999 kpp_request_set_input(req, &src, vec->b_public_size); in do_test_kpp()
4010 if (vec->genkey) { in do_test_kpp()
4012 a_ss = kmemdup(sg_virt(req->dst), vec->expected_ss_size, GFP_KERNEL); in do_test_kpp()
4014 err = -ENOMEM; in do_test_kpp()
4022 err = crypto_kpp_set_secret(tfm, vec->b_secret, in do_test_kpp()
4023 vec->b_secret_size); in do_test_kpp()
4027 sg_init_one(&src, a_public, vec->expected_a_public_size); in do_test_kpp()
4029 kpp_request_set_input(req, &src, vec->expected_a_public_size); in do_test_kpp()
4043 shared_secret = (void *)vec->expected_ss; in do_test_kpp()
4050 if (memcmp(shared_secret, sg_virt(req->dst), in do_test_kpp()
4051 vec->expected_ss_size)) { in do_test_kpp()
4054 err = -EINVAL; in do_test_kpp()
4092 if (PTR_ERR(tfm) == -ENOENT) in alg_test_kpp()
4098 if (desc->suite.kpp.vecs) in alg_test_kpp()
4099 err = test_kpp(tfm, desc->alg, desc->suite.kpp.vecs, in alg_test_kpp()
4100 desc->suite.kpp.count); in alg_test_kpp()
4121 int err = -ENOMEM; in test_akcipher_one()
4135 if (vecs->public_key_vec) in test_akcipher_one()
4136 err = crypto_akcipher_set_pub_key(tfm, vecs->key, in test_akcipher_one()
4137 vecs->key_len); in test_akcipher_one()
4139 err = crypto_akcipher_set_priv_key(tfm, vecs->key, in test_akcipher_one()
4140 vecs->key_len); in test_akcipher_one()
4145 err = -ENOMEM; in test_akcipher_one()
4151 c = vecs->c; in test_akcipher_one()
4152 c_size = vecs->c_size; in test_akcipher_one()
4154 err = -E2BIG; in test_akcipher_one()
4155 if (WARN_ON(vecs->m_size > PAGE_SIZE)) in test_akcipher_one()
4157 memcpy(xbuf[0], vecs->m, vecs->m_size); in test_akcipher_one()
4161 sg_set_buf(&src_tab[1], xbuf[0] + 8, vecs->m_size - 8); in test_akcipher_one()
4163 akcipher_request_set_crypt(req, src_tab, &dst, vecs->m_size, in test_akcipher_one()
4174 if (req->dst_len != c_size) { in test_akcipher_one()
4176 err = -EINVAL; in test_akcipher_one()
4183 err = -EINVAL; in test_akcipher_one()
4192 if (vecs->public_key_vec) { in test_akcipher_one()
4198 err = -ENOMEM; in test_akcipher_one()
4204 c_size = req->dst_len; in test_akcipher_one()
4207 err = -E2BIG; in test_akcipher_one()
4222 out_len = req->dst_len; in test_akcipher_one()
4223 if (out_len < vecs->m_size) { in test_akcipher_one()
4226 err = -EINVAL; in test_akcipher_one()
4230 if (memchr_inv(outbuf_dec, 0, out_len - vecs->m_size) || in test_akcipher_one()
4231 memcmp(vecs->m, outbuf_dec + out_len - vecs->m_size, in test_akcipher_one()
4232 vecs->m_size)) { in test_akcipher_one()
4235 err = -EINVAL; in test_akcipher_one()
4275 if (PTR_ERR(tfm) == -ENOENT) in alg_test_akcipher()
4281 if (desc->suite.akcipher.vecs) in alg_test_akcipher()
4282 err = test_akcipher(tfm, desc->alg, desc->suite.akcipher.vecs, in alg_test_akcipher()
4283 desc->suite.akcipher.count); in alg_test_akcipher()
4294 key = kmalloc(vecs->key_len + 2 * sizeof(u32) + vecs->param_len, in test_sig_one()
4297 return -ENOMEM; in test_sig_one()
4300 memcpy(key, vecs->key, vecs->key_len); in test_sig_one()
4301 ptr = key + vecs->key_len; in test_sig_one()
4302 ptr = test_pack_u32(ptr, vecs->algo); in test_sig_one()
4303 ptr = test_pack_u32(ptr, vecs->param_len); in test_sig_one()
4304 memcpy(ptr, vecs->params, vecs->param_len); in test_sig_one()
4306 if (vecs->public_key_vec) in test_sig_one()
4307 err = crypto_sig_set_pubkey(tfm, key, vecs->key_len); in test_sig_one()
4309 err = crypto_sig_set_privkey(tfm, key, vecs->key_len); in test_sig_one()
4317 err = crypto_sig_verify(tfm, vecs->c, vecs->c_size, in test_sig_one()
4318 vecs->m, vecs->m_size); in test_sig_one()
4328 if (vecs->public_key_vec) in test_sig_one()
4332 if (sig_size < vecs->c_size) { in test_sig_one()
4334 return -EINVAL; in test_sig_one()
4339 return -ENOMEM; in test_sig_one()
4342 err = crypto_sig_sign(tfm, vecs->m, vecs->m_size, sig, sig_size); in test_sig_one()
4349 if (memcmp(sig, vecs->c, vecs->c_size) || in test_sig_one()
4350 memchr_inv(sig + vecs->c_size, 0, sig_size - vecs->c_size)) { in test_sig_one()
4353 return -EINVAL; in test_sig_one()
4388 if (desc->suite.sig.vecs) in alg_test_sig()
4389 err = test_sig(tfm, desc->alg, desc->suite.sig.vecs, in alg_test_sig()
4390 desc->suite.sig.count); in alg_test_sig()
4409 .generic_driver = "adiantum(xchacha12-generic,aes-generic,nhpoly1305-generic)",
4416 .generic_driver = "adiantum(xchacha20-generic,aes-generic,nhpoly1305-generic)",
4559 .alg = "blake2b-160",
4566 .alg = "blake2b-256",
4573 .alg = "blake2b-384",
4580 .alg = "blake2b-512",
4674 .alg = "cbc-paes-s390",
4695 .generic_driver = "ccm_base(ctr(aes-generic),cbcmac(aes-generic))",
4706 .generic_driver = "ccm_base(ctr(sm4-generic),cbcmac(sm4-generic))",
4763 .alg = "crc64-rocksoft",
4859 .alg = "ctr-paes-s390",
4903 .alg = "deflate-iaa",
4952 * backend cipher -- covered by drbg_nopr_hmac_sha512 test
5039 .generic_driver = "arc4-generic",
5156 .alg = "ecb-paes-s390",
5164 .alg = "ecdh-nist-p192",
5170 .alg = "ecdh-nist-p256",
5177 .alg = "ecdh-nist-p384",
5184 .alg = "ecdsa-nist-p192",
5190 .alg = "ecdsa-nist-p256",
5197 .alg = "ecdsa-nist-p384",
5204 .alg = "ecdsa-nist-p521",
5269 .generic_driver = "gcm_base(ctr(aes-generic),ghash-generic)",
5277 .generic_driver = "gcm_base(ctr(aria-generic),ghash-generic)",
5284 .generic_driver = "gcm_base(ctr(sm4-generic),ghash-generic)",
5298 "hctr2_base(xctr(aes-generic),polyval-generic)",
5337 .alg = "hmac(sha3-224)",
5344 .alg = "hmac(sha3-256)",
5351 .alg = "hmac(sha3-384)",
5358 .alg = "hmac(sha3-512)",
5402 .generic_driver = "lrw(ecb(aes-generic))",
5409 .generic_driver = "lrw(ecb(camellia-generic))",
5416 .generic_driver = "lrw(ecb(cast6-generic))",
5423 .generic_driver = "lrw(ecb(serpent-generic))",
5430 .generic_driver = "lrw(ecb(twofish-generic))",
5466 .alg = "lzo-rle",
5500 .alg = "p1363(ecdsa-nist-p192)",
5503 .alg = "p1363(ecdsa-nist-p256)",
5510 .alg = "p1363(ecdsa-nist-p384)",
5514 .alg = "p1363(ecdsa-nist-p521)",
5541 .alg = "pkcs1(rsa,sha3-256)",
5545 .alg = "pkcs1(rsa,sha3-384)",
5549 .alg = "pkcs1(rsa,sha3-512)",
5591 .generic_driver = "rfc4106(gcm_base(ctr(aes-generic),ghash-generic))",
5603 .generic_driver = "rfc4309(ccm_base(ctr(aes-generic),cbcmac(aes-generic)))",
5615 .generic_driver = "rfc4543(gcm_base(ctr(aes-generic),ghash-generic))",
5675 .alg = "sha3-224",
5682 .alg = "sha3-256",
5689 .alg = "sha3-384",
5696 .alg = "sha3-512",
5753 .alg = "x962(ecdsa-nist-p192)",
5759 .alg = "x962(ecdsa-nist-p256)",
5766 .alg = "x962(ecdsa-nist-p384)",
5773 .alg = "x962(ecdsa-nist-p521)",
5811 .generic_driver = "xts(ecb(aes-generic))",
5819 .generic_driver = "xts(ecb(camellia-generic))",
5826 .generic_driver = "xts(ecb(cast6-generic))",
5840 .generic_driver = "xts(ecb(serpent-generic))",
5847 .generic_driver = "xts(ecb(sm4-generic))",
5854 .generic_driver = "xts(ecb(twofish-generic))",
5861 .alg = "xts-paes-s390",
5893 int diff = strcmp(alg_test_descs[i - 1].alg, in alg_check_test_descs_order()
5898 alg_test_descs[i - 1].alg, in alg_check_test_descs_order()
5954 return -1; in alg_find_test()
5961 return -ECANCELED; in alg_fips_disabled()
5971 printk_once(KERN_INFO "alg: self-tests disabled\n"); in alg_test()
5982 return -ENAMETOOLONG; in alg_test()
6002 return -EINVAL; in alg_test()
6020 panic("alg: self-tests for %s (%s) failed in %s mode!\n", in alg_test()
6024 pr_warn("alg: self-tests for %s using %s failed (rc=%d)", in alg_test()
6026 WARN(rc != -ENOENT, in alg_test()
6027 "alg: self-tests for %s using %s failed (rc=%d)", in alg_test()
6031 pr_info("alg: self-tests for %s (%s) passed\n", in alg_test()