1 files changed, 245 insertions, 270 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index ca3fd5f0c094..a275c7c2c371 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -284,6 +284,68 @@ struct testvec_config {
 #define TESTVEC_CONFIG_NAMELEN  192
+/*
+ * The following are the lists of testvec_configs to test for each algorithm
+ * type when the basic crypto self-tests are enabled, i.e. when
+ * CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is unset.  They aim to provide good test
+ * coverage, while keeping the test time much shorter than the full fuzz tests
+ * so that the basic tests can be enabled in a wider range of circumstances.
+ */
+/* Configs for skciphers and aeads */
+static const struct testvec_config default_cipher_testvec_configs[] = {
+        {
+                .name = "in-place",
+                .inplace = true,
+                .src_divs = { { .proportion_of_total = 10000 } },
+        }, {
+                .name = "out-of-place",
+                .src_divs = { { .proportion_of_total = 10000 } },
+        }, {
+                .name = "unaligned buffer, offset=1",
+                .src_divs = { { .proportion_of_total = 10000, .offset = 1 } },
+                .iv_offset = 1,
+        }, {
+                .name = "buffer aligned only to alignmask",
+                .src_divs = {
+                        {
+                                .proportion_of_total = 10000,
+                                .offset = 1,
+                                .offset_relative_to_alignmask = true,
+                        },
+                },
+                .iv_offset = 1,
+                .iv_offset_relative_to_alignmask = true,
+        }, {
+                .name = "two even aligned splits",
+                .src_divs = {
+                        { .proportion_of_total = 5000 },
+                        { .proportion_of_total = 5000 },
+                },
+        }, {
+                .name = "uneven misaligned splits, may sleep",
+                .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP,
+                .src_divs = {
+                        { .proportion_of_total = 1900, .offset = 33 },
+                        { .proportion_of_total = 3300, .offset = 7  },
+                        { .proportion_of_total = 4800, .offset = 18 },
+                },
+                .iv_offset = 3,
+        }, {
+                .name = "misaligned splits crossing pages, inplace",
+                .inplace = true,
+                .src_divs = {
+                        {
+                                .proportion_of_total = 7500,
+                                .offset = PAGE_SIZE - 32
+                        }, {
+                                .proportion_of_total = 2500,
+                                .offset = PAGE_SIZE - 7
+                        },
+                },
+        }
+};
 static unsigned int count_test_sg_divisions(const struct test_sg_division *divs)
 {
        unsigned int remaining = TEST_SG_TOTAL;
@@ -1608,8 +1670,6 @@ static int test_cipher(struct crypto_cipher *tfm, int enc,
        j = 0;
        for (i = 0; i < tcount; i++) {
-                if (template[i].np)
-                        continue;
                if (fips_enabled && template[i].fips_skip)
                        continue;
@@ -1667,282 +1727,214 @@ out_nobuf:
        return ret;
 }
-static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
+static int test_skcipher_vec_cfg(const char *driver, int enc,
-                           const struct cipher_testvec *template,
+                                 const struct cipher_testvec *vec,
-                           unsigned int tcount,
+                                 unsigned int vec_num,
-                           const bool diff_dst, const int align_offset)
+                                 const struct testvec_config *cfg,
+                                 struct skcipher_request *req,
+                                 struct cipher_test_sglists *tsgls)
 {
-        const char *algo =
+        struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
-                crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
+        const unsigned int alignmask = crypto_skcipher_alignmask(tfm);
-        unsigned int i, j, k, n, temp;
+        const unsigned int ivsize = crypto_skcipher_ivsize(tfm);
-        char *q;
+        const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags;
-        struct skcipher_request *req;
+        const char *op = enc ? "encryption" : "decryption";
-        struct scatterlist sg[8];
+        DECLARE_CRYPTO_WAIT(wait);
-        struct scatterlist sgout[8];
+        u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN];
-        const char *e, *d;
+        u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) +
-        struct crypto_wait wait;
+                 cfg->iv_offset +
-        const char *input, *result;
+                 (cfg->iv_offset_relative_to_alignmask ? alignmask : 0);
-        void *data;
+        struct kvec input;
-        char iv[MAX_IVLEN];
+        int err;
-        char *xbuf[XBUFSIZE];
-        char *xoutbuf[XBUFSIZE];
-        int ret = -ENOMEM;
-        unsigned int ivsize = crypto_skcipher_ivsize(tfm);
-        if (testmgr_alloc_buf(xbuf))
-                goto out_nobuf;
-        if (diff_dst && testmgr_alloc_buf(xoutbuf))
-                goto out_nooutbuf;
-        if (diff_dst)
-                d = "-ddst";
-        else
-                d = "";
-        if (enc == ENCRYPT)
+        /* Set the key */
-                e = "encryption";
+        if (vec->wk)
+                crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
        else
-                e = "decryption";
+                crypto_skcipher_clear_flags(tfm,
+                                            CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
-        crypto_init_wait(&wait);
+        err = crypto_skcipher_setkey(tfm, vec->key, vec->klen);
+        if (err) {
-        req = skcipher_request_alloc(tfm, GFP_KERNEL);
+                if (vec->fail) /* expectedly failed to set key? */
-        if (!req) {
+                        return 0;
-                pr_err("alg: skcipher%s: Failed to allocate request for %s\n",
+                pr_err("alg: skcipher: %s setkey failed with err %d on test vector %u; flags=%#x\n",
-                       d, algo);
+                       driver, err, vec_num, crypto_skcipher_get_flags(tfm));
-                goto out;
+                return err;
+        }
+        if (vec->fail) {
+                pr_err("alg: skcipher: %s setkey unexpectedly succeeded on test vector %u\n",
+                       driver, vec_num);
+                return -EINVAL;
        }
-        skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
+        /* The IV must be copied to a buffer, as the algorithm may modify it */
-                                      crypto_req_done, &wait);
+        if (ivsize) {
+                if (WARN_ON(ivsize > MAX_IVLEN))
-        j = 0;
+                        return -EINVAL;
-        for (i = 0; i < tcount; i++) {
+                if (vec->iv && !(vec->generates_iv && enc))
-                if (template[i].np && !template[i].also_non_np)
+                        memcpy(iv, vec->iv, ivsize);
-                        continue;
-                if (fips_enabled && template[i].fips_skip)
-                        continue;
-                if (template[i].iv && !(template[i].generates_iv && enc))
-                        memcpy(iv, template[i].iv, ivsize);
                else
-                        memset(iv, 0, MAX_IVLEN);
+                        memset(iv, 0, ivsize);
+        } else {
-                input  = enc ? template[i].ptext : template[i].ctext;
+                if (vec->generates_iv) {
-                result = enc ? template[i].ctext : template[i].ptext;
+                        pr_err("alg: skcipher: %s has ivsize=0 but test vector %u generates IV!\n",
-                j++;
+                               driver, vec_num);
-                ret = -EINVAL;
+                        return -EINVAL;
-                if (WARN_ON(align_offset + template[i].len > PAGE_SIZE))
-                        goto out;
-                data = xbuf[0];
-                data += align_offset;
-                memcpy(data, input, template[i].len);
-                crypto_skcipher_clear_flags(tfm, ~0);
-                if (template[i].wk)
-                        crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
-                ret = crypto_skcipher_setkey(tfm, template[i].key,
-                                             template[i].klen);
-                if (template[i].fail == !ret) {
-                        pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n",
-                               d, j, algo, crypto_skcipher_get_flags(tfm));
-                        goto out;
-                } else if (ret)
-                        continue;
-                sg_init_one(&sg[0], data, template[i].len);
-                if (diff_dst) {
-                        data = xoutbuf[0];
-                        data += align_offset;
-                        sg_init_one(&sgout[0], data, template[i].len);
-                }
-                skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
-                                           template[i].len, iv);
-                ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
-                                      crypto_skcipher_decrypt(req), &wait);
-                if (ret) {
-                        pr_err("alg: skcipher%s: %s failed on test %d for %s: ret=%d\n",
-                               d, e, j, algo, -ret);
-                        goto out;
-                }
-                q = data;
-                if (memcmp(q, result, template[i].len)) {
-                        pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n",
-                               d, j, e, algo);
-                        hexdump(q, template[i].len);
-                        ret = -EINVAL;
-                        goto out;
-                }
-                if (template[i].generates_iv && enc &&
-                    memcmp(iv, template[i].iv, crypto_skcipher_ivsize(tfm))) {
-                        pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n",
-                               d, j, e, algo);
-                        hexdump(iv, crypto_skcipher_ivsize(tfm));
-                        ret = -EINVAL;
-                        goto out;
                }
+                iv = NULL;
        }
-        j = 0;
+        /* Build the src/dst scatterlists */
-        for (i = 0; i < tcount; i++) {
+        input.iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext;
-                /* alignment tests are only done with continuous buffers */
+        input.iov_len = vec->len;
-                if (align_offset != 0)
+        err = build_cipher_test_sglists(tsgls, cfg, alignmask,
-                        break;
+                                        vec->len, vec->len, &input, 1);
+        if (err) {
-                if (!template[i].np)
+                pr_err("alg: skcipher: %s %s: error preparing scatterlists for test vector %u, cfg=\"%s\"\n",
-                        continue;
+                       driver, op, vec_num, cfg->name);
+                return err;
-                if (fips_enabled && template[i].fips_skip)
+        }
-                        continue;
-                if (template[i].iv && !(template[i].generates_iv && enc))
-                        memcpy(iv, template[i].iv, ivsize);
-                else
-                        memset(iv, 0, MAX_IVLEN);
-                input  = enc ? template[i].ptext : template[i].ctext;
-                result = enc ? template[i].ctext : template[i].ptext;
-                j++;
-                crypto_skcipher_clear_flags(tfm, ~0);
-                if (template[i].wk)
-                        crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
-                ret = crypto_skcipher_setkey(tfm, template[i].key,
-                                             template[i].klen);
-                if (template[i].fail == !ret) {
-                        pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n",
-                               d, j, algo, crypto_skcipher_get_flags(tfm));
-                        goto out;
-                } else if (ret)
-                        continue;
-                temp = 0;
-                ret = -EINVAL;
-                sg_init_table(sg, template[i].np);
-                if (diff_dst)
-                        sg_init_table(sgout, template[i].np);
-                for (k = 0; k < template[i].np; k++) {
-                        if (WARN_ON(offset_in_page(IDX[k]) +
-                                    template[i].tap[k] > PAGE_SIZE))
-                                goto out;
-                        q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
-                        memcpy(q, input + temp, template[i].tap[k]);
-                        if (offset_in_page(q) + template[i].tap[k] < PAGE_SIZE)
-                                q[template[i].tap[k]] = 0;
-                        sg_set_buf(&sg[k], q, template[i].tap[k]);
-                        if (diff_dst) {
-                                q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
-                                    offset_in_page(IDX[k]);
-                                sg_set_buf(&sgout[k], q, template[i].tap[k]);
-                                memset(q, 0, template[i].tap[k]);
+        /* Do the actual encryption or decryption */
-                                if (offset_in_page(q) +
+        testmgr_poison(req->__ctx, crypto_skcipher_reqsize(tfm));
-                                    template[i].tap[k] < PAGE_SIZE)
+        skcipher_request_set_callback(req, req_flags, crypto_req_done, &wait);
-                                        q[template[i].tap[k]] = 0;
+        skcipher_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr,
-                        }
+                                   vec->len, iv);
+        err = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
+                              crypto_skcipher_decrypt(req), &wait);
+        if (err) {
+                pr_err("alg: skcipher: %s %s failed with err %d on test vector %u, cfg=\"%s\"\n",
+                       driver, op, err, vec_num, cfg->name);
+                return err;
+        }
-                        temp += template[i].tap[k];
+        /* Check for the correct output (ciphertext or plaintext) */
-                }
+        err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext,
+                                    vec->len, 0, true);
+        if (err == -EOVERFLOW) {
+                pr_err("alg: skcipher: %s %s overran dst buffer on test vector %u, cfg=\"%s\"\n",
+                       driver, op, vec_num, cfg->name);
+                return err;
+        }
+        if (err) {
+                pr_err("alg: skcipher: %s %s test failed (wrong result) on test vector %u, cfg=\"%s\"\n",
+                       driver, op, vec_num, cfg->name);
+                return err;
+        }
-                skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
+        /* If applicable, check that the algorithm generated the correct IV */
-                                           template[i].len, iv);
+        if (vec->generates_iv && enc && memcmp(iv, vec->iv, ivsize) != 0) {
+                pr_err("alg: skcipher: %s %s test failed (wrong output IV) on test vector %u, cfg=\"%s\"\n",
+                       driver, op, vec_num, cfg->name);
+                hexdump(iv, ivsize);
+                return -EINVAL;
+        }
-                ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
+        return 0;
-                                      crypto_skcipher_decrypt(req), &wait);
+}
-                if (ret) {
+static int test_skcipher_vec(const char *driver, int enc,
-                        pr_err("alg: skcipher%s: %s failed on chunk test %d for %s: ret=%d\n",
+                             const struct cipher_testvec *vec,
-                               d, e, j, algo, -ret);
+                             unsigned int vec_num,
-                        goto out;
+                             struct skcipher_request *req,
-                }
+                             struct cipher_test_sglists *tsgls)
+{
+        unsigned int i;
+        int err;
-                temp = 0;
+        if (fips_enabled && vec->fips_skip)
-                ret = -EINVAL;
+                return 0;
-                for (k = 0; k < template[i].np; k++) {
-                        if (diff_dst)
-                                q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
-                                    offset_in_page(IDX[k]);
-                        else
-                                q = xbuf[IDX[k] >> PAGE_SHIFT] +
-                                    offset_in_page(IDX[k]);
-                        if (memcmp(q, result + temp, template[i].tap[k])) {
+        for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) {
-                                pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n",
+                err = test_skcipher_vec_cfg(driver, enc, vec, vec_num,
-                                       d, j, e, k, algo);
+                                            &default_cipher_testvec_configs[i],
-                                hexdump(q, template[i].tap[k]);
+                                            req, tsgls);
-                                goto out;
+                if (err)
-                        }
+                        return err;
+        }
-                        q += template[i].tap[k];
+#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
-                        for (n = 0; offset_in_page(q + n) && q[n]; n++)
+        if (!noextratests) {
-                                ;
+                struct testvec_config cfg;
-                        if (n) {
+                char cfgname[TESTVEC_CONFIG_NAMELEN];
-                                pr_err("alg: skcipher%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
-                                       d, j, e, k, algo, n);
+                for (i = 0; i < fuzz_iterations; i++) {
-                                hexdump(q, n);
+                        generate_random_testvec_config(&cfg, cfgname,
-                                goto out;
+                                                       sizeof(cfgname));
-                        }
+                        err = test_skcipher_vec_cfg(driver, enc, vec, vec_num,
-                        temp += template[i].tap[k];
+                                                    &cfg, req, tsgls);
+                        if (err)
+                                return err;
                }
        }
+#endif
+        return 0;
+}
-        ret = 0;
+static int test_skcipher(const char *driver, int enc,
+                         const struct cipher_test_suite *suite,
+                         struct skcipher_request *req,
+                         struct cipher_test_sglists *tsgls)
+{
+        unsigned int i;
+        int err;
-out:
+        for (i = 0; i < suite->count; i++) {
-        skcipher_request_free(req);
+                err = test_skcipher_vec(driver, enc, &suite->vecs[i], i, req,
-        if (diff_dst)
+                                        tsgls);
-                testmgr_free_buf(xoutbuf);
+                if (err)
-out_nooutbuf:
+                        return err;
-        testmgr_free_buf(xbuf);
+        }
-out_nobuf:
+        return 0;
-        return ret;
 }
-static int test_skcipher(struct crypto_skcipher *tfm, int enc,
+static int alg_test_skcipher(const struct alg_test_desc *desc,
-                         const struct cipher_testvec *template,
+                             const char *driver, u32 type, u32 mask)
-                         unsigned int tcount)
 {
-        unsigned int alignmask;
+        const struct cipher_test_suite *suite = &desc->suite.cipher;
-        int ret;
+        struct crypto_skcipher *tfm;
+        struct skcipher_request *req = NULL;
+        struct cipher_test_sglists *tsgls = NULL;
+        int err;
-        /* test 'dst == src' case */
+        if (suite->count <= 0) {
-        ret = __test_skcipher(tfm, enc, template, tcount, false, 0);
+                pr_err("alg: skcipher: empty test suite for %s\n", driver);
-        if (ret)
+                return -EINVAL;
-                return ret;
+        }
-        /* test 'dst != src' case */
+        tfm = crypto_alloc_skcipher(driver, type, mask);
-        ret = __test_skcipher(tfm, enc, template, tcount, true, 0);
+        if (IS_ERR(tfm)) {
-        if (ret)
+                pr_err("alg: skcipher: failed to allocate transform for %s: %ld\n",
-                return ret;
+                       driver, PTR_ERR(tfm));
+                return PTR_ERR(tfm);
+        }
-        /* test unaligned buffers, check with one byte offset */
+        req = skcipher_request_alloc(tfm, GFP_KERNEL);
-        ret = __test_skcipher(tfm, enc, template, tcount, true, 1);
+        if (!req) {
-        if (ret)
+                pr_err("alg: skcipher: failed to allocate request for %s\n",
-                return ret;
+                       driver);
+                err = -ENOMEM;
+                goto out;
+        }
-        alignmask = crypto_tfm_alg_alignmask(&tfm->base);
+        tsgls = alloc_cipher_test_sglists();
-        if (alignmask) {
+        if (!tsgls) {
-                /* Check if alignment mask for tfm is correctly set. */
+                pr_err("alg: skcipher: failed to allocate test buffers for %s\n",
-                ret = __test_skcipher(tfm, enc, template, tcount, true,
+                       driver);
-                                      alignmask + 1);
+                err = -ENOMEM;
-                if (ret)
+                goto out;
-                        return ret;
        }
-        return 0;
+        err = test_skcipher(driver, ENCRYPT, suite, req, tsgls);
+        if (err)
+                goto out;
+        err = test_skcipher(driver, DECRYPT, suite, req, tsgls);
+out:
+        free_cipher_test_sglists(tsgls);
+        skcipher_request_free(req);
+        crypto_free_skcipher(tfm);
+        return err;
 }
 static int test_comp(struct crypto_comp *tfm,
@@ -2326,28 +2318,6 @@ static int alg_test_cipher(const struct alg_test_desc *desc,
        return err;
 }
-static int alg_test_skcipher(const struct alg_test_desc *desc,
-                             const char *driver, u32 type, u32 mask)
-{
-        const struct cipher_test_suite *suite = &desc->suite.cipher;
-        struct crypto_skcipher *tfm;
-        int err;
-        tfm = crypto_alloc_skcipher(driver, type, mask);
-        if (IS_ERR(tfm)) {
-                printk(KERN_ERR "alg: skcipher: Failed to load transform for "
-                       "%s: %ld\n", driver, PTR_ERR(tfm));
-                return PTR_ERR(tfm);
-        }
-        err = test_skcipher(tfm, ENCRYPT, suite->vecs, suite->count);
-        if (!err)
-                err = test_skcipher(tfm, DECRYPT, suite->vecs, suite->count);
-        crypto_free_skcipher(tfm);
-        return err;
-}
 static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
                         u32 type, u32 mask)
 {
@@ -4224,6 +4194,11 @@ static void alg_check_test_descs_order(void)
 static void alg_check_testvec_configs(void)
 {
+        int i;
+        for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++)
+                WARN_ON(!valid_testvec_config(
+                                &default_cipher_testvec_configs[i]));
 }
 static void testmgr_onetime_init(void)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c index ca3fd5f0c094..a275c7c2c371 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c
@@ -284,6 +284,68 @@ struct testvec_config {
284		284
285	#define TESTVEC_CONFIG_NAMELEN 192	285	#define TESTVEC_CONFIG_NAMELEN 192
286		286
		287	/*
		288	* The following are the lists of testvec_configs to test for each algorithm
		289	* type when the basic crypto self-tests are enabled, i.e. when
		290	* CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is unset. They aim to provide good test
		291	* coverage, while keeping the test time much shorter than the full fuzz tests
		292	* so that the basic tests can be enabled in a wider range of circumstances.
		293	*/
		294
		295	/* Configs for skciphers and aeads */
		296	static const struct testvec_config default_cipher_testvec_configs[] = {
		297	{
		298	.name = "in-place",
		299	.inplace = true,
		300	.src_divs = { { .proportion_of_total = 10000 } },
		301	}, {
		302	.name = "out-of-place",
		303	.src_divs = { { .proportion_of_total = 10000 } },
		304	}, {
		305	.name = "unaligned buffer, offset=1",
		306	.src_divs = { { .proportion_of_total = 10000, .offset = 1 } },
		307	.iv_offset = 1,
		308	}, {
		309	.name = "buffer aligned only to alignmask",
		310	.src_divs = {
		311	{
		312	.proportion_of_total = 10000,
		313	.offset = 1,
		314	.offset_relative_to_alignmask = true,
		315	},
		316	},
		317	.iv_offset = 1,
		318	.iv_offset_relative_to_alignmask = true,
		319	}, {
		320	.name = "two even aligned splits",
		321	.src_divs = {
		322	{ .proportion_of_total = 5000 },
		323	{ .proportion_of_total = 5000 },
		324	},
		325	}, {
		326	.name = "uneven misaligned splits, may sleep",
		327	.req_flags = CRYPTO_TFM_REQ_MAY_SLEEP,
		328	.src_divs = {
		329	{ .proportion_of_total = 1900, .offset = 33 },
		330	{ .proportion_of_total = 3300, .offset = 7 },
		331	{ .proportion_of_total = 4800, .offset = 18 },
		332	},
		333	.iv_offset = 3,
		334	}, {
		335	.name = "misaligned splits crossing pages, inplace",
		336	.inplace = true,
		337	.src_divs = {
		338	{
		339	.proportion_of_total = 7500,
		340	.offset = PAGE_SIZE - 32
		341	}, {
		342	.proportion_of_total = 2500,
		343	.offset = PAGE_SIZE - 7
		344	},
		345	},
		346	}
		347	};
		348
287	static unsigned int count_test_sg_divisions(const struct test_sg_division *divs)	349	static unsigned int count_test_sg_divisions(const struct test_sg_division *divs)
288	{	350	{
289	unsigned int remaining = TEST_SG_TOTAL;	351	unsigned int remaining = TEST_SG_TOTAL;
@@ -1608,8 +1670,6 @@ static int test_cipher(struct crypto_cipher *tfm, int enc,
1608		1670
1609	j = 0;	1671	j = 0;
1610	for (i = 0; i < tcount; i++) {	1672	for (i = 0; i < tcount; i++) {
1611	if (template[i].np)
1612	continue;
1613		1673
1614	if (fips_enabled && template[i].fips_skip)	1674	if (fips_enabled && template[i].fips_skip)
1615	continue;	1675	continue;
@@ -1667,282 +1727,214 @@ out_nobuf:
1667	return ret;	1727	return ret;
1668	}	1728	}
1669		1729
1670	static int __test_skcipher(struct crypto_skcipher *tfm, int enc,	1730	static int test_skcipher_vec_cfg(const char *driver, int enc,
1671	const struct cipher_testvec *template,	1731	const struct cipher_testvec *vec,
1672	unsigned int tcount,	1732	unsigned int vec_num,
1673	const bool diff_dst, const int align_offset)	1733	const struct testvec_config *cfg,
		1734	struct skcipher_request *req,
		1735	struct cipher_test_sglists *tsgls)
1674	{	1736	{
1675	const char *algo =	1737	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
1676	crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));	1738	const unsigned int alignmask = crypto_skcipher_alignmask(tfm);
1677	unsigned int i, j, k, n, temp;	1739	const unsigned int ivsize = crypto_skcipher_ivsize(tfm);
1678	char *q;	1740	const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG \| cfg->req_flags;
1679	struct skcipher_request *req;	1741	const char *op = enc ? "encryption" : "decryption";
1680	struct scatterlist sg[8];	1742	DECLARE_CRYPTO_WAIT(wait);
1681	struct scatterlist sgout[8];	1743	u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN];
1682	const char e, d;	1744	u8 iv = PTR_ALIGN(&_iv[0], 2 (MAX_ALGAPI_ALIGNMASK + 1)) +
1683	struct crypto_wait wait;	1745	cfg->iv_offset +
1684	const char input, result;	1746	(cfg->iv_offset_relative_to_alignmask ? alignmask : 0);
1685	void *data;	1747	struct kvec input;
1686	char iv[MAX_IVLEN];	1748	int err;
1687	char *xbuf[XBUFSIZE];
1688	char *xoutbuf[XBUFSIZE];
1689	int ret = -ENOMEM;
1690	unsigned int ivsize = crypto_skcipher_ivsize(tfm);
1691
1692	if (testmgr_alloc_buf(xbuf))
1693	goto out_nobuf;
1694
1695	if (diff_dst && testmgr_alloc_buf(xoutbuf))
1696	goto out_nooutbuf;
1697
1698	if (diff_dst)
1699	d = "-ddst";
1700	else
1701	d = "";
1702		1749
1703	if (enc == ENCRYPT)	1750	/* Set the key */
1704	e = "encryption";	1751	if (vec->wk)
		1752	crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
1705	else	1753	else
1706	e = "decryption";	1754	crypto_skcipher_clear_flags(tfm,
1707		1755	CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
1708	crypto_init_wait(&wait);	1756	err = crypto_skcipher_setkey(tfm, vec->key, vec->klen);
1709		1757	if (err) {
1710	req = skcipher_request_alloc(tfm, GFP_KERNEL);	1758	if (vec->fail) /* expectedly failed to set key? */
1711	if (!req) {	1759	return 0;
1712	pr_err("alg: skcipher%s: Failed to allocate request for %s\n",	1760	pr_err("alg: skcipher: %s setkey failed with err %d on test vector %u; flags=%#x\n",
1713	d, algo);	1761	driver, err, vec_num, crypto_skcipher_get_flags(tfm));
1714	goto out;	1762	return err;
		1763	}
		1764	if (vec->fail) {
		1765	pr_err("alg: skcipher: %s setkey unexpectedly succeeded on test vector %u\n",
		1766	driver, vec_num);
		1767	return -EINVAL;
1715	}	1768	}
1716		1769
1717	skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,	1770	/* The IV must be copied to a buffer, as the algorithm may modify it */
1718	crypto_req_done, &wait);	1771	if (ivsize) {
1719		1772	if (WARN_ON(ivsize > MAX_IVLEN))
1720	j = 0;	1773	return -EINVAL;
1721	for (i = 0; i < tcount; i++) {	1774	if (vec->iv && !(vec->generates_iv && enc))
1722	if (template[i].np && !template[i].also_non_np)	1775	memcpy(iv, vec->iv, ivsize);
1723	continue;
1724
1725	if (fips_enabled && template[i].fips_skip)
1726	continue;
1727
1728	if (template[i].iv && !(template[i].generates_iv && enc))
1729	memcpy(iv, template[i].iv, ivsize);
1730	else	1776	else
1731	memset(iv, 0, MAX_IVLEN);	1777	memset(iv, 0, ivsize);
1732		1778	} else {
1733	input = enc ? template[i].ptext : template[i].ctext;	1779	if (vec->generates_iv) {
1734	result = enc ? template[i].ctext : template[i].ptext;	1780	pr_err("alg: skcipher: %s has ivsize=0 but test vector %u generates IV!\n",
1735	j++;	1781	driver, vec_num);
1736	ret = -EINVAL;	1782	return -EINVAL;
1737	if (WARN_ON(align_offset + template[i].len > PAGE_SIZE))
1738	goto out;
1739
1740	data = xbuf[0];
1741	data += align_offset;
1742	memcpy(data, input, template[i].len);
1743
1744	crypto_skcipher_clear_flags(tfm, ~0);
1745	if (template[i].wk)
1746	crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
1747
1748	ret = crypto_skcipher_setkey(tfm, template[i].key,
1749	template[i].klen);
1750	if (template[i].fail == !ret) {
1751	pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n",
1752	d, j, algo, crypto_skcipher_get_flags(tfm));
1753	goto out;
1754	} else if (ret)
1755	continue;
1756
1757	sg_init_one(&sg[0], data, template[i].len);
1758	if (diff_dst) {
1759	data = xoutbuf[0];
1760	data += align_offset;
1761	sg_init_one(&sgout[0], data, template[i].len);
1762	}
1763
1764	skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
1765	template[i].len, iv);
1766	ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
1767	crypto_skcipher_decrypt(req), &wait);
1768
1769	if (ret) {
1770	pr_err("alg: skcipher%s: %s failed on test %d for %s: ret=%d\n",
1771	d, e, j, algo, -ret);
1772	goto out;
1773	}
1774
1775	q = data;
1776	if (memcmp(q, result, template[i].len)) {
1777	pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n",
1778	d, j, e, algo);
1779	hexdump(q, template[i].len);
1780	ret = -EINVAL;
1781	goto out;
1782	}
1783
1784	if (template[i].generates_iv && enc &&
1785	memcmp(iv, template[i].iv, crypto_skcipher_ivsize(tfm))) {
1786	pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n",
1787	d, j, e, algo);
1788	hexdump(iv, crypto_skcipher_ivsize(tfm));
1789	ret = -EINVAL;
1790	goto out;
1791	}	1783	}
		1784	iv = NULL;
1792	}	1785	}
1793		1786
1794	j = 0;	1787	/* Build the src/dst scatterlists */
1795	for (i = 0; i < tcount; i++) {	1788	input.iov_base = enc ? (void )vec->ptext : (void )vec->ctext;
1796	/* alignment tests are only done with continuous buffers */	1789	input.iov_len = vec->len;
1797	if (align_offset != 0)	1790	err = build_cipher_test_sglists(tsgls, cfg, alignmask,
1798	break;	1791	vec->len, vec->len, &input, 1);
1799		1792	if (err) {
1800	if (!template[i].np)	1793	pr_err("alg: skcipher: %s %s: error preparing scatterlists for test vector %u, cfg=\"%s\"\n",
1801	continue;	1794	driver, op, vec_num, cfg->name);
1802		1795	return err;
1803	if (fips_enabled && template[i].fips_skip)	1796	}
1804	continue;
1805
1806	if (template[i].iv && !(template[i].generates_iv && enc))
1807	memcpy(iv, template[i].iv, ivsize);
1808	else
1809	memset(iv, 0, MAX_IVLEN);
1810
1811	input = enc ? template[i].ptext : template[i].ctext;
1812	result = enc ? template[i].ctext : template[i].ptext;
1813	j++;
1814	crypto_skcipher_clear_flags(tfm, ~0);
1815	if (template[i].wk)
1816	crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
1817
1818	ret = crypto_skcipher_setkey(tfm, template[i].key,
1819	template[i].klen);
1820	if (template[i].fail == !ret) {
1821	pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n",
1822	d, j, algo, crypto_skcipher_get_flags(tfm));
1823	goto out;
1824	} else if (ret)
1825	continue;
1826
1827	temp = 0;
1828	ret = -EINVAL;
1829	sg_init_table(sg, template[i].np);
1830	if (diff_dst)
1831	sg_init_table(sgout, template[i].np);
1832	for (k = 0; k < template[i].np; k++) {
1833	if (WARN_ON(offset_in_page(IDX[k]) +
1834	template[i].tap[k] > PAGE_SIZE))
1835	goto out;
1836
1837	q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
1838
1839	memcpy(q, input + temp, template[i].tap[k]);
1840
1841	if (offset_in_page(q) + template[i].tap[k] < PAGE_SIZE)
1842	q[template[i].tap[k]] = 0;
1843
1844	sg_set_buf(&sg[k], q, template[i].tap[k]);
1845	if (diff_dst) {
1846	q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1847	offset_in_page(IDX[k]);
1848
1849	sg_set_buf(&sgout[k], q, template[i].tap[k]);
1850		1797
1851	memset(q, 0, template[i].tap[k]);	1798	/* Do the actual encryption or decryption */
1852	if (offset_in_page(q) +	1799	testmgr_poison(req->__ctx, crypto_skcipher_reqsize(tfm));
1853	template[i].tap[k] < PAGE_SIZE)	1800	skcipher_request_set_callback(req, req_flags, crypto_req_done, &wait);
1854	q[template[i].tap[k]] = 0;	1801	skcipher_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr,
1855	}	1802	vec->len, iv);
		1803	err = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
		1804	crypto_skcipher_decrypt(req), &wait);
		1805	if (err) {
		1806	pr_err("alg: skcipher: %s %s failed with err %d on test vector %u, cfg=\"%s\"\n",
		1807	driver, op, err, vec_num, cfg->name);
		1808	return err;
		1809	}
1856		1810
1857	temp += template[i].tap[k];	1811	/* Check for the correct output (ciphertext or plaintext) */
1858	}	1812	err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext,
		1813	vec->len, 0, true);
		1814	if (err == -EOVERFLOW) {
		1815	pr_err("alg: skcipher: %s %s overran dst buffer on test vector %u, cfg=\"%s\"\n",
		1816	driver, op, vec_num, cfg->name);
		1817	return err;
		1818	}
		1819	if (err) {
		1820	pr_err("alg: skcipher: %s %s test failed (wrong result) on test vector %u, cfg=\"%s\"\n",
		1821	driver, op, vec_num, cfg->name);
		1822	return err;
		1823	}
1859		1824
1860	skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,	1825	/* If applicable, check that the algorithm generated the correct IV */
1861	template[i].len, iv);	1826	if (vec->generates_iv && enc && memcmp(iv, vec->iv, ivsize) != 0) {
		1827	pr_err("alg: skcipher: %s %s test failed (wrong output IV) on test vector %u, cfg=\"%s\"\n",
		1828	driver, op, vec_num, cfg->name);
		1829	hexdump(iv, ivsize);
		1830	return -EINVAL;
		1831	}
1862		1832
1863	ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :	1833	return 0;
1864	crypto_skcipher_decrypt(req), &wait);	1834	}
1865		1835
1866	if (ret) {	1836	static int test_skcipher_vec(const char *driver, int enc,
1867	pr_err("alg: skcipher%s: %s failed on chunk test %d for %s: ret=%d\n",	1837	const struct cipher_testvec *vec,
1868	d, e, j, algo, -ret);	1838	unsigned int vec_num,
1869	goto out;	1839	struct skcipher_request *req,
1870	}	1840	struct cipher_test_sglists *tsgls)
		1841	{
		1842	unsigned int i;
		1843	int err;
1871		1844
1872	temp = 0;	1845	if (fips_enabled && vec->fips_skip)
1873	ret = -EINVAL;	1846	return 0;
1874	for (k = 0; k < template[i].np; k++) {
1875	if (diff_dst)
1876	q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
1877	offset_in_page(IDX[k]);
1878	else
1879	q = xbuf[IDX[k] >> PAGE_SHIFT] +
1880	offset_in_page(IDX[k]);
1881		1847
1882	if (memcmp(q, result + temp, template[i].tap[k])) {	1848	for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) {
1883	pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n",	1849	err = test_skcipher_vec_cfg(driver, enc, vec, vec_num,
1884	d, j, e, k, algo);	1850	&default_cipher_testvec_configs[i],
1885	hexdump(q, template[i].tap[k]);	1851	req, tsgls);
1886	goto out;	1852	if (err)
1887	}	1853	return err;
		1854	}
1888		1855
1889	q += template[i].tap[k];	1856	#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
1890	for (n = 0; offset_in_page(q + n) && q[n]; n++)	1857	if (!noextratests) {
1891	;	1858	struct testvec_config cfg;
1892	if (n) {	1859	char cfgname[TESTVEC_CONFIG_NAMELEN];
1893	pr_err("alg: skcipher%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",	1860
1894	d, j, e, k, algo, n);	1861	for (i = 0; i < fuzz_iterations; i++) {
1895	hexdump(q, n);	1862	generate_random_testvec_config(&cfg, cfgname,
1896	goto out;	1863	sizeof(cfgname));
1897	}	1864	err = test_skcipher_vec_cfg(driver, enc, vec, vec_num,
1898	temp += template[i].tap[k];	1865	&cfg, req, tsgls);
		1866	if (err)
		1867	return err;
1899	}	1868	}
1900	}	1869	}
		1870	#endif
		1871	return 0;
		1872	}
1901		1873
1902	ret = 0;	1874	static int test_skcipher(const char *driver, int enc,
		1875	const struct cipher_test_suite *suite,
		1876	struct skcipher_request *req,
		1877	struct cipher_test_sglists *tsgls)
		1878	{
		1879	unsigned int i;
		1880	int err;
1903		1881
1904	out:	1882	for (i = 0; i < suite->count; i++) {
1905	skcipher_request_free(req);	1883	err = test_skcipher_vec(driver, enc, &suite->vecs[i], i, req,
1906	if (diff_dst)	1884	tsgls);
1907	testmgr_free_buf(xoutbuf);	1885	if (err)
1908	out_nooutbuf:	1886	return err;
1909	testmgr_free_buf(xbuf);	1887	}
1910	out_nobuf:	1888	return 0;
1911	return ret;
1912	}	1889	}
1913		1890
1914	static int test_skcipher(struct crypto_skcipher *tfm, int enc,	1891	static int alg_test_skcipher(const struct alg_test_desc *desc,
1915	const struct cipher_testvec *template,	1892	const char *driver, u32 type, u32 mask)
1916	unsigned int tcount)
1917	{	1893	{
1918	unsigned int alignmask;	1894	const struct cipher_test_suite *suite = &desc->suite.cipher;
1919	int ret;	1895	struct crypto_skcipher *tfm;
		1896	struct skcipher_request *req = NULL;
		1897	struct cipher_test_sglists *tsgls = NULL;
		1898	int err;
1920		1899
1921	/* test 'dst == src' case */	1900	if (suite->count <= 0) {
1922	ret = __test_skcipher(tfm, enc, template, tcount, false, 0);	1901	pr_err("alg: skcipher: empty test suite for %s\n", driver);
1923	if (ret)	1902	return -EINVAL;
1924	return ret;	1903	}
1925		1904
1926	/* test 'dst != src' case */	1905	tfm = crypto_alloc_skcipher(driver, type, mask);
1927	ret = __test_skcipher(tfm, enc, template, tcount, true, 0);	1906	if (IS_ERR(tfm)) {
1928	if (ret)	1907	pr_err("alg: skcipher: failed to allocate transform for %s: %ld\n",
1929	return ret;	1908	driver, PTR_ERR(tfm));
		1909	return PTR_ERR(tfm);
		1910	}
1930		1911
1931	/* test unaligned buffers, check with one byte offset */	1912	req = skcipher_request_alloc(tfm, GFP_KERNEL);
1932	ret = __test_skcipher(tfm, enc, template, tcount, true, 1);	1913	if (!req) {
1933	if (ret)	1914	pr_err("alg: skcipher: failed to allocate request for %s\n",
1934	return ret;	1915	driver);
		1916	err = -ENOMEM;
		1917	goto out;
		1918	}
1935		1919
1936	alignmask = crypto_tfm_alg_alignmask(&tfm->base);	1920	tsgls = alloc_cipher_test_sglists();
1937	if (alignmask) {	1921	if (!tsgls) {
1938	/* Check if alignment mask for tfm is correctly set. */	1922	pr_err("alg: skcipher: failed to allocate test buffers for %s\n",
1939	ret = __test_skcipher(tfm, enc, template, tcount, true,	1923	driver);
1940	alignmask + 1);	1924	err = -ENOMEM;
1941	if (ret)	1925	goto out;
1942	return ret;
1943	}	1926	}
1944		1927
1945	return 0;	1928	err = test_skcipher(driver, ENCRYPT, suite, req, tsgls);
		1929	if (err)
		1930	goto out;
		1931
		1932	err = test_skcipher(driver, DECRYPT, suite, req, tsgls);
		1933	out:
		1934	free_cipher_test_sglists(tsgls);
		1935	skcipher_request_free(req);
		1936	crypto_free_skcipher(tfm);
		1937	return err;
1946	}	1938	}
1947		1939
1948	static int test_comp(struct crypto_comp *tfm,	1940	static int test_comp(struct crypto_comp *tfm,
@@ -2326,28 +2318,6 @@ static int alg_test_cipher(const struct alg_test_desc *desc,
2326	return err;	2318	return err;
2327	}	2319	}
2328		2320
2329	static int alg_test_skcipher(const struct alg_test_desc *desc,
2330	const char *driver, u32 type, u32 mask)
2331	{
2332	const struct cipher_test_suite *suite = &desc->suite.cipher;
2333	struct crypto_skcipher *tfm;
2334	int err;
2335
2336	tfm = crypto_alloc_skcipher(driver, type, mask);
2337	if (IS_ERR(tfm)) {
2338	printk(KERN_ERR "alg: skcipher: Failed to load transform for "
2339	"%s: %ld\n", driver, PTR_ERR(tfm));
2340	return PTR_ERR(tfm);
2341	}
2342
2343	err = test_skcipher(tfm, ENCRYPT, suite->vecs, suite->count);
2344	if (!err)
2345	err = test_skcipher(tfm, DECRYPT, suite->vecs, suite->count);
2346
2347	crypto_free_skcipher(tfm);
2348	return err;
2349	}
2350
2351	static int alg_test_comp(const struct alg_test_desc desc, const char driver,	2321	static int alg_test_comp(const struct alg_test_desc desc, const char driver,
2352	u32 type, u32 mask)	2322	u32 type, u32 mask)
2353	{	2323	{
@@ -4224,6 +4194,11 @@ static void alg_check_test_descs_order(void)
4224		4194
4225	static void alg_check_testvec_configs(void)	4195	static void alg_check_testvec_configs(void)
4226	{	4196	{
		4197	int i;
		4198
		4199	for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++)
		4200	WARN_ON(!valid_testvec_config(
		4201	&default_cipher_testvec_configs[i]));
4227	}	4202	}
4228		4203
4229	static void testmgr_onetime_init(void)	4204	static void testmgr_onetime_init(void)