crypto: drbg - Add DRBG test code to testmgr

The DRBG test code implements the CAVS test approach. As discussed for the test vectors, all DRBG types are covered with testing. However, not every backend cipher is covered with testing. To prevent the testmgr from logging missing testing, the NULL test is registered for all backend ciphers not covered with specific test cases. All currently implemented DRBG types and backend ciphers are defined in SP800-90A. Therefore, the fips_allowed flag is set for all. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Stephan Mueller <smueller@chronox.de> 2014-05-31 11:25:36 -0400
committer: Herbert Xu <herbert@gondor.apana.org.au> 2014-06-20 09:26:10 -0400
commit: 64d1cdfbe20c50877576045145313c9b062c50f7 (patch)
tree: 6aa5ccf5f54dd8bdc69ed2b1a87c49b71a1942b5 /crypto/testmgr.c
parent: 3332ee2a17b1bd69e4602e2d6ba1b07edb0c9a24 (diff)
1 files changed, 247 insertions, 0 deletions
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 498649ac1953..0f90612a00b9 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -27,6 +27,7 @@
 #include <linux/slab.h>
 #include <linux/string.h>
 #include <crypto/rng.h>
+#include <crypto/drbg.h>
 #include "internal.h"
@@ -108,6 +109,11 @@ struct cprng_test_suite {
        unsigned int count;
 };
+struct drbg_test_suite {
+        struct drbg_testvec *vecs;
+        unsigned int count;
+};
 struct alg_test_desc {
        const char *alg;
        int (*test)(const struct alg_test_desc *desc, const char *driver,
@@ -121,6 +127,7 @@ struct alg_test_desc {
                struct pcomp_test_suite pcomp;
                struct hash_test_suite hash;
                struct cprng_test_suite cprng;
+                struct drbg_test_suite drbg;
        } suite;
 };
@@ -1715,6 +1722,100 @@ static int alg_test_cprng(const struct alg_test_desc *desc, const char *driver,
        return err;
 }
+static int drbg_cavs_test(struct drbg_testvec *test, int pr,
+                          const char *driver, u32 type, u32 mask)
+{
+        int ret = -EAGAIN;
+        struct crypto_rng *drng;
+        struct drbg_test_data test_data;
+        struct drbg_string addtl, pers, testentropy;
+        unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL);
+        if (!buf)
+                return -ENOMEM;
+        drng = crypto_alloc_rng(driver, type, mask);
+        if (IS_ERR(drng)) {
+                printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for"
+                       "%s\n", driver);
+                kzfree(buf);
+                return -ENOMEM;
+        }
+        test_data.testentropy = &testentropy;
+        drbg_string_fill(&testentropy, test->entropy, test->entropylen);
+        drbg_string_fill(&pers, test->pers, test->perslen);
+        ret = crypto_drbg_reset_test(drng, &pers, &test_data);
+        if (ret) {
+                printk(KERN_ERR "alg: drbg: Failed to reset rng\n");
+                goto outbuf;
+        }
+        drbg_string_fill(&addtl, test->addtla, test->addtllen);
+        if (pr) {
+                drbg_string_fill(&testentropy, test->entpra, test->entprlen);
+                ret = crypto_drbg_get_bytes_addtl_test(drng,
+                        buf, test->expectedlen, &addtl, &test_data);
+        } else {
+                ret = crypto_drbg_get_bytes_addtl(drng,
+                        buf, test->expectedlen, &addtl);
+        }
+        if (ret <= 0) {
+                printk(KERN_ERR "alg: drbg: could not obtain random data for"
+                       "driver %s\n", driver);
+                goto outbuf;
+        }
+        drbg_string_fill(&addtl, test->addtlb, test->addtllen);
+        if (pr) {
+                drbg_string_fill(&testentropy, test->entprb, test->entprlen);
+                ret = crypto_drbg_get_bytes_addtl_test(drng,
+                        buf, test->expectedlen, &addtl, &test_data);
+        } else {
+                ret = crypto_drbg_get_bytes_addtl(drng,
+                        buf, test->expectedlen, &addtl);
+        }
+        if (ret <= 0) {
+                printk(KERN_ERR "alg: drbg: could not obtain random data for"
+                       "driver %s\n", driver);
+                goto outbuf;
+        }
+        ret = memcmp(test->expected, buf, test->expectedlen);
+outbuf:
+        crypto_free_rng(drng);
+        kzfree(buf);
+        return ret;
+}
+static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver,
+                         u32 type, u32 mask)
+{
+        int err = 0;
+        int pr = 0;
+        int i = 0;
+        struct drbg_testvec *template = desc->suite.drbg.vecs;
+        unsigned int tcount = desc->suite.drbg.count;
+        if (0 == memcmp(driver, "drbg_pr_", 8))
+                pr = 1;
+        for (i = 0; i < tcount; i++) {
+                err = drbg_cavs_test(&template[i], pr, driver, type, mask);
+                if (err) {
+                        printk(KERN_ERR "alg: drbg: Test %d failed for %s\n",
+                               i, driver);
+                        err = -EINVAL;
+                        break;
+                }
+        }
+        return err;
+}
 static int alg_test_null(const struct alg_test_desc *desc,
                             const char *driver, u32 type, u32 mask)
 {
@@ -2458,6 +2559,152 @@ static const struct alg_test_desc alg_test_descs[] = {
                .alg = "digest_null",
                .test = alg_test_null,
        }, {
+                .alg = "drbg_nopr_ctr_aes128",
+                .test = alg_test_drbg,
+                .fips_allowed = 1,
+                .suite = {
+                        .drbg = {
+                                .vecs = drbg_nopr_ctr_aes128_tv_template,
+                                .count = ARRAY_SIZE(drbg_nopr_ctr_aes128_tv_template)
+                        }
+                }
+        }, {
+                .alg = "drbg_nopr_ctr_aes192",
+                .test = alg_test_drbg,
+                .fips_allowed = 1,
+                .suite = {
+                        .drbg = {
+                                .vecs = drbg_nopr_ctr_aes192_tv_template,
+                                .count = ARRAY_SIZE(drbg_nopr_ctr_aes192_tv_template)
+                        }
+                }
+        }, {
+                .alg = "drbg_nopr_ctr_aes256",
+                .test = alg_test_drbg,
+                .fips_allowed = 1,
+                .suite = {
+                        .drbg = {
+                                .vecs = drbg_nopr_ctr_aes256_tv_template,
+                                .count = ARRAY_SIZE(drbg_nopr_ctr_aes256_tv_template)
+                        }
+                }
+        }, {
+                /*
+                 * There is no need to specifically test the DRBG with every
+                 * backend cipher -- covered by drbg_nopr_hmac_sha256 test
+                 */
+                .alg = "drbg_nopr_hmac_sha1",
+                .fips_allowed = 1,
+                .test = alg_test_null,
+        }, {
+                .alg = "drbg_nopr_hmac_sha256",
+                .test = alg_test_drbg,
+                .fips_allowed = 1,
+                .suite = {
+                        .drbg = {
+                                .vecs = drbg_nopr_hmac_sha256_tv_template,
+                                .count =
+                                ARRAY_SIZE(drbg_nopr_hmac_sha256_tv_template)
+                        }
+                }
+        }, {
+                /* covered by drbg_nopr_hmac_sha256 test */
+                .alg = "drbg_nopr_hmac_sha384",
+                .fips_allowed = 1,
+                .test = alg_test_null,
+        }, {
+                .alg = "drbg_nopr_hmac_sha512",
+                .test = alg_test_null,
+                .fips_allowed = 1,
+        }, {
+                .alg = "drbg_nopr_sha1",
+                .fips_allowed = 1,
+                .test = alg_test_null,
+        }, {
+                .alg = "drbg_nopr_sha256",
+                .test = alg_test_drbg,
+                .fips_allowed = 1,
+                .suite = {
+                        .drbg = {
+                                .vecs = drbg_nopr_sha256_tv_template,
+                                .count = ARRAY_SIZE(drbg_nopr_sha256_tv_template)
+                        }
+                }
+        }, {
+                /* covered by drbg_nopr_sha256 test */
+                .alg = "drbg_nopr_sha384",
+                .fips_allowed = 1,
+                .test = alg_test_null,
+        }, {
+                .alg = "drbg_nopr_sha512",
+                .fips_allowed = 1,
+                .test = alg_test_null,
+        }, {
+                .alg = "drbg_pr_ctr_aes128",
+                .test = alg_test_drbg,
+                .fips_allowed = 1,
+                .suite = {
+                        .drbg = {
+                                .vecs = drbg_pr_ctr_aes128_tv_template,
+                                .count = ARRAY_SIZE(drbg_pr_ctr_aes128_tv_template)
+                        }
+                }
+        }, {
+                /* covered by drbg_pr_ctr_aes128 test */
+                .alg = "drbg_pr_ctr_aes192",
+                .fips_allowed = 1,
+                .test = alg_test_null,
+        }, {
+                .alg = "drbg_pr_ctr_aes256",
+                .fips_allowed = 1,
+                .test = alg_test_null,
+        }, {
+                .alg = "drbg_pr_hmac_sha1",
+                .fips_allowed = 1,
+                .test = alg_test_null,
+        }, {
+                .alg = "drbg_pr_hmac_sha256",
+                .test = alg_test_drbg,
+                .fips_allowed = 1,
+                .suite = {
+                        .drbg = {
+                                .vecs = drbg_pr_hmac_sha256_tv_template,
+                                .count = ARRAY_SIZE(drbg_pr_hmac_sha256_tv_template)
+                        }
+                }
+        }, {
+                /* covered by drbg_pr_hmac_sha256 test */
+                .alg = "drbg_pr_hmac_sha384",
+                .fips_allowed = 1,
+                .test = alg_test_null,
+        }, {
+                .alg = "drbg_pr_hmac_sha512",
+                .test = alg_test_null,
+                .fips_allowed = 1,
+        }, {
+                .alg = "drbg_pr_sha1",
+                .fips_allowed = 1,
+                .test = alg_test_null,
+        }, {
+                .alg = "drbg_pr_sha256",
+                .test = alg_test_drbg,
+                .fips_allowed = 1,
+                .suite = {
+                        .drbg = {
+                                .vecs = drbg_pr_sha256_tv_template,
+                                .count = ARRAY_SIZE(drbg_pr_sha256_tv_template)
+                        }
+                }
+        }, {
+                /* covered by drbg_pr_sha256 test */
+                .alg = "drbg_pr_sha384",
+                .fips_allowed = 1,
+                .test = alg_test_null,
+        }, {
+                .alg = "drbg_pr_sha512",
+                .fips_allowed = 1,
+                .test = alg_test_null,
+        }, {
                .alg = "ecb(__aes-aesni)",
                .test = alg_test_null,
                .fips_allowed = 1,
author	Stephan Mueller <smueller@chronox.de>	2014-05-31 11:25:36 -0400
committer	Herbert Xu <herbert@gondor.apana.org.au>	2014-06-20 09:26:10 -0400
commit	64d1cdfbe20c50877576045145313c9b062c50f7 (patch)
tree	6aa5ccf5f54dd8bdc69ed2b1a87c49b71a1942b5 /crypto/testmgr.c
parent	3332ee2a17b1bd69e4602e2d6ba1b07edb0c9a24 (diff)

diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 498649ac1953..0f90612a00b9 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c
@@ -27,6 +27,7 @@
27	#include <linux/slab.h>	27	#include <linux/slab.h>
28	#include <linux/string.h>	28	#include <linux/string.h>
29	#include <crypto/rng.h>	29	#include <crypto/rng.h>
		30	#include <crypto/drbg.h>
30		31
31	#include "internal.h"	32	#include "internal.h"
32		33
@@ -108,6 +109,11 @@ struct cprng_test_suite {
108	unsigned int count;	109	unsigned int count;
109	};	110	};
110		111
		112	struct drbg_test_suite {
		113	struct drbg_testvec *vecs;
		114	unsigned int count;
		115	};
		116
111	struct alg_test_desc {	117	struct alg_test_desc {
112	const char *alg;	118	const char *alg;
113	int (test)(const struct alg_test_desc desc, const char *driver,	119	int (test)(const struct alg_test_desc desc, const char *driver,
@@ -121,6 +127,7 @@ struct alg_test_desc {
121	struct pcomp_test_suite pcomp;	127	struct pcomp_test_suite pcomp;
122	struct hash_test_suite hash;	128	struct hash_test_suite hash;
123	struct cprng_test_suite cprng;	129	struct cprng_test_suite cprng;
		130	struct drbg_test_suite drbg;
124	} suite;	131	} suite;
125	};	132	};
126		133
@@ -1715,6 +1722,100 @@ static int alg_test_cprng(const struct alg_test_desc desc, const char driver,
1715	return err;	1722	return err;
1716	}	1723	}
1717		1724
		1725
		1726	static int drbg_cavs_test(struct drbg_testvec *test, int pr,
		1727	const char *driver, u32 type, u32 mask)
		1728	{
		1729	int ret = -EAGAIN;
		1730	struct crypto_rng *drng;
		1731	struct drbg_test_data test_data;
		1732	struct drbg_string addtl, pers, testentropy;
		1733	unsigned char *buf = kzalloc(test->expectedlen, GFP_KERNEL);
		1734
		1735	if (!buf)
		1736	return -ENOMEM;
		1737
		1738	drng = crypto_alloc_rng(driver, type, mask);
		1739	if (IS_ERR(drng)) {
		1740	printk(KERN_ERR "alg: drbg: could not allocate DRNG handle for"
		1741	"%s\n", driver);
		1742	kzfree(buf);
		1743	return -ENOMEM;
		1744	}
		1745
		1746	test_data.testentropy = &testentropy;
		1747	drbg_string_fill(&testentropy, test->entropy, test->entropylen);
		1748	drbg_string_fill(&pers, test->pers, test->perslen);
		1749	ret = crypto_drbg_reset_test(drng, &pers, &test_data);
		1750	if (ret) {
		1751	printk(KERN_ERR "alg: drbg: Failed to reset rng\n");
		1752	goto outbuf;
		1753	}
		1754
		1755	drbg_string_fill(&addtl, test->addtla, test->addtllen);
		1756	if (pr) {
		1757	drbg_string_fill(&testentropy, test->entpra, test->entprlen);
		1758	ret = crypto_drbg_get_bytes_addtl_test(drng,
		1759	buf, test->expectedlen, &addtl, &test_data);
		1760	} else {
		1761	ret = crypto_drbg_get_bytes_addtl(drng,
		1762	buf, test->expectedlen, &addtl);
		1763	}
		1764	if (ret <= 0) {
		1765	printk(KERN_ERR "alg: drbg: could not obtain random data for"
		1766	"driver %s\n", driver);
		1767	goto outbuf;
		1768	}
		1769
		1770	drbg_string_fill(&addtl, test->addtlb, test->addtllen);
		1771	if (pr) {
		1772	drbg_string_fill(&testentropy, test->entprb, test->entprlen);
		1773	ret = crypto_drbg_get_bytes_addtl_test(drng,
		1774	buf, test->expectedlen, &addtl, &test_data);
		1775	} else {
		1776	ret = crypto_drbg_get_bytes_addtl(drng,
		1777	buf, test->expectedlen, &addtl);
		1778	}
		1779	if (ret <= 0) {
		1780	printk(KERN_ERR "alg: drbg: could not obtain random data for"
		1781	"driver %s\n", driver);
		1782	goto outbuf;
		1783	}
		1784
		1785	ret = memcmp(test->expected, buf, test->expectedlen);
		1786
		1787	outbuf:
		1788	crypto_free_rng(drng);
		1789	kzfree(buf);
		1790	return ret;
		1791	}
		1792
		1793
		1794	static int alg_test_drbg(const struct alg_test_desc desc, const char driver,
		1795	u32 type, u32 mask)
		1796	{
		1797	int err = 0;
		1798	int pr = 0;
		1799	int i = 0;
		1800	struct drbg_testvec *template = desc->suite.drbg.vecs;
		1801	unsigned int tcount = desc->suite.drbg.count;
		1802
		1803	if (0 == memcmp(driver, "drbg_pr_", 8))
		1804	pr = 1;
		1805
		1806	for (i = 0; i < tcount; i++) {
		1807	err = drbg_cavs_test(&template[i], pr, driver, type, mask);
		1808	if (err) {
		1809	printk(KERN_ERR "alg: drbg: Test %d failed for %s\n",
		1810	i, driver);
		1811	err = -EINVAL;
		1812	break;
		1813	}
		1814	}
		1815	return err;
		1816
		1817	}
		1818
1718	static int alg_test_null(const struct alg_test_desc *desc,	1819	static int alg_test_null(const struct alg_test_desc *desc,
1719	const char *driver, u32 type, u32 mask)	1820	const char *driver, u32 type, u32 mask)
1720	{	1821	{
@@ -2458,6 +2559,152 @@ static const struct alg_test_desc alg_test_descs[] = {
2458	.alg = "digest_null",	2559	.alg = "digest_null",
2459	.test = alg_test_null,	2560	.test = alg_test_null,
2460	}, {	2561	}, {
		2562	.alg = "drbg_nopr_ctr_aes128",
		2563	.test = alg_test_drbg,
		2564	.fips_allowed = 1,
		2565	.suite = {
		2566	.drbg = {
		2567	.vecs = drbg_nopr_ctr_aes128_tv_template,
		2568	.count = ARRAY_SIZE(drbg_nopr_ctr_aes128_tv_template)
		2569	}
		2570	}
		2571	}, {
		2572	.alg = "drbg_nopr_ctr_aes192",
		2573	.test = alg_test_drbg,
		2574	.fips_allowed = 1,
		2575	.suite = {
		2576	.drbg = {
		2577	.vecs = drbg_nopr_ctr_aes192_tv_template,
		2578	.count = ARRAY_SIZE(drbg_nopr_ctr_aes192_tv_template)
		2579	}
		2580	}
		2581	}, {
		2582	.alg = "drbg_nopr_ctr_aes256",
		2583	.test = alg_test_drbg,
		2584	.fips_allowed = 1,
		2585	.suite = {
		2586	.drbg = {
		2587	.vecs = drbg_nopr_ctr_aes256_tv_template,
		2588	.count = ARRAY_SIZE(drbg_nopr_ctr_aes256_tv_template)
		2589	}
		2590	}
		2591	}, {
		2592	/*
		2593	* There is no need to specifically test the DRBG with every
		2594	* backend cipher -- covered by drbg_nopr_hmac_sha256 test
		2595	*/
		2596	.alg = "drbg_nopr_hmac_sha1",
		2597	.fips_allowed = 1,
		2598	.test = alg_test_null,
		2599	}, {
		2600	.alg = "drbg_nopr_hmac_sha256",
		2601	.test = alg_test_drbg,
		2602	.fips_allowed = 1,
		2603	.suite = {
		2604	.drbg = {
		2605	.vecs = drbg_nopr_hmac_sha256_tv_template,
		2606	.count =
		2607	ARRAY_SIZE(drbg_nopr_hmac_sha256_tv_template)
		2608	}
		2609	}
		2610	}, {
		2611	/* covered by drbg_nopr_hmac_sha256 test */
		2612	.alg = "drbg_nopr_hmac_sha384",
		2613	.fips_allowed = 1,
		2614	.test = alg_test_null,
		2615	}, {
		2616	.alg = "drbg_nopr_hmac_sha512",
		2617	.test = alg_test_null,
		2618	.fips_allowed = 1,
		2619	}, {
		2620	.alg = "drbg_nopr_sha1",
		2621	.fips_allowed = 1,
		2622	.test = alg_test_null,
		2623	}, {
		2624	.alg = "drbg_nopr_sha256",
		2625	.test = alg_test_drbg,
		2626	.fips_allowed = 1,
		2627	.suite = {
		2628	.drbg = {
		2629	.vecs = drbg_nopr_sha256_tv_template,
		2630	.count = ARRAY_SIZE(drbg_nopr_sha256_tv_template)
		2631	}
		2632	}
		2633	}, {
		2634	/* covered by drbg_nopr_sha256 test */
		2635	.alg = "drbg_nopr_sha384",
		2636	.fips_allowed = 1,
		2637	.test = alg_test_null,
		2638	}, {
		2639	.alg = "drbg_nopr_sha512",
		2640	.fips_allowed = 1,
		2641	.test = alg_test_null,
		2642	}, {
		2643	.alg = "drbg_pr_ctr_aes128",
		2644	.test = alg_test_drbg,
		2645	.fips_allowed = 1,
		2646	.suite = {
		2647	.drbg = {
		2648	.vecs = drbg_pr_ctr_aes128_tv_template,
		2649	.count = ARRAY_SIZE(drbg_pr_ctr_aes128_tv_template)
		2650	}
		2651	}
		2652	}, {
		2653	/* covered by drbg_pr_ctr_aes128 test */
		2654	.alg = "drbg_pr_ctr_aes192",
		2655	.fips_allowed = 1,
		2656	.test = alg_test_null,
		2657	}, {
		2658	.alg = "drbg_pr_ctr_aes256",
		2659	.fips_allowed = 1,
		2660	.test = alg_test_null,
		2661	}, {
		2662	.alg = "drbg_pr_hmac_sha1",
		2663	.fips_allowed = 1,
		2664	.test = alg_test_null,
		2665	}, {
		2666	.alg = "drbg_pr_hmac_sha256",
		2667	.test = alg_test_drbg,
		2668	.fips_allowed = 1,
		2669	.suite = {
		2670	.drbg = {
		2671	.vecs = drbg_pr_hmac_sha256_tv_template,
		2672	.count = ARRAY_SIZE(drbg_pr_hmac_sha256_tv_template)
		2673	}
		2674	}
		2675	}, {
		2676	/* covered by drbg_pr_hmac_sha256 test */
		2677	.alg = "drbg_pr_hmac_sha384",
		2678	.fips_allowed = 1,
		2679	.test = alg_test_null,
		2680	}, {
		2681	.alg = "drbg_pr_hmac_sha512",
		2682	.test = alg_test_null,
		2683	.fips_allowed = 1,
		2684	}, {
		2685	.alg = "drbg_pr_sha1",
		2686	.fips_allowed = 1,
		2687	.test = alg_test_null,
		2688	}, {
		2689	.alg = "drbg_pr_sha256",
		2690	.test = alg_test_drbg,
		2691	.fips_allowed = 1,
		2692	.suite = {
		2693	.drbg = {
		2694	.vecs = drbg_pr_sha256_tv_template,
		2695	.count = ARRAY_SIZE(drbg_pr_sha256_tv_template)
		2696	}
		2697	}
		2698	}, {
		2699	/* covered by drbg_pr_sha256 test */
		2700	.alg = "drbg_pr_sha384",
		2701	.fips_allowed = 1,
		2702	.test = alg_test_null,
		2703	}, {
		2704	.alg = "drbg_pr_sha512",
		2705	.fips_allowed = 1,
		2706	.test = alg_test_null,
		2707	}, {
2461	.alg = "ecb(__aes-aesni)",	2708	.alg = "ecb(__aes-aesni)",
2462	.test = alg_test_null,	2709	.test = alg_test_null,
2463	.fips_allowed = 1,	2710	.fips_allowed = 1,