@@ -77,10 +77,8 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
#define DECRYPT 0
struct aead_test_suite {
- struct {
- const struct aead_testvec *vecs;
- unsigned int count;
- } enc, dec;
+ const struct aead_testvec *vecs;
+ unsigned int count;
};
struct cipher_test_suite {
@@ -616,9 +614,6 @@ static int __test_aead(struct crypto_aead *tfm, int enc,
const char *e, *d;
struct crypto_wait wait;
unsigned int authsize, iv_len;
- void *input;
- void *output;
- void *assoc;
char *iv;
char *xbuf[XBUFSIZE];
char *xoutbuf[XBUFSIZE];
@@ -669,27 +664,41 @@ static int __test_aead(struct crypto_aead *tfm, int enc,
iv_len = crypto_aead_ivsize(tfm);
for (i = 0, j = 0; i < tcount; i++) {
+ const char *input, *expected_output;
+ unsigned int inlen, outlen;
+ char *inbuf, *outbuf, *assocbuf;
+
if (template[i].np)
continue;
- if (enc && template[i].novrfy)
- continue;
+ if (enc) {
+ if (template[i].novrfy)
+ continue;
+ input = template[i].ptext;
+ inlen = template[i].plen;
+ expected_output = template[i].ctext;
+ outlen = template[i].clen;
+ } else {
+ input = template[i].ctext;
+ inlen = template[i].clen;
+ expected_output = template[i].ptext;
+ outlen = template[i].plen;
+ }
j++;
/* some templates have no input data but they will
* touch input
*/
- input = xbuf[0];
- input += align_offset;
- assoc = axbuf[0];
+ inbuf = xbuf[0] + align_offset;
+ assocbuf = axbuf[0];
ret = -EINVAL;
- if (WARN_ON(align_offset + template[i].ilen >
- PAGE_SIZE || template[i].alen > PAGE_SIZE))
+ if (WARN_ON(align_offset + template[i].clen > PAGE_SIZE ||
+ template[i].alen > PAGE_SIZE))
goto out;
- memcpy(input, template[i].input, template[i].ilen);
- memcpy(assoc, template[i].assoc, template[i].alen);
+ memcpy(inbuf, input, inlen);
+ memcpy(assocbuf, template[i].assoc, template[i].alen);
if (template[i].iv)
memcpy(iv, template[i].iv, iv_len);
else
@@ -716,7 +725,7 @@ static int __test_aead(struct crypto_aead *tfm, int enc,
} else if (ret)
continue;
- authsize = abs(template[i].rlen - template[i].ilen);
+ authsize = template[i].clen - template[i].plen;
ret = crypto_aead_setauthsize(tfm, authsize);
if (ret) {
pr_err("alg: aead%s: Failed to set authsize to %u on test %d for %s\n",
@@ -726,23 +735,20 @@ static int __test_aead(struct crypto_aead *tfm, int enc,
k = !!template[i].alen;
sg_init_table(sg, k + 1);
- sg_set_buf(&sg[0], assoc, template[i].alen);
- sg_set_buf(&sg[k], input,
- template[i].ilen + (enc ? authsize : 0));
- output = input;
+ sg_set_buf(&sg[0], assocbuf, template[i].alen);
+ sg_set_buf(&sg[k], inbuf, template[i].clen);
+ outbuf = inbuf;
if (diff_dst) {
sg_init_table(sgout, k + 1);
- sg_set_buf(&sgout[0], assoc, template[i].alen);
+ sg_set_buf(&sgout[0], assocbuf, template[i].alen);
- output = xoutbuf[0];
- output += align_offset;
- sg_set_buf(&sgout[k], output,
- template[i].rlen + (enc ? 0 : authsize));
+ outbuf = xoutbuf[0] + align_offset;
+ sg_set_buf(&sgout[k], outbuf, template[i].clen);
}
- aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
- template[i].ilen, iv);
+ aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, inlen,
+ iv);
aead_request_set_ad(req, template[i].alen);
@@ -771,17 +777,19 @@ static int __test_aead(struct crypto_aead *tfm, int enc,
goto out;
}
- q = output;
- if (memcmp(q, template[i].result, template[i].rlen)) {
+ if (memcmp(outbuf, expected_output, outlen)) {
pr_err("alg: aead%s: Test %d failed on %s for %s\n",
d, j, e, algo);
- hexdump(q, template[i].rlen);
+ hexdump(outbuf, outlen);
ret = -EINVAL;
goto out;
}
}
for (i = 0, j = 0; i < tcount; i++) {
+ const char *input, *expected_output;
+ unsigned int inlen, outlen;
+
/* alignment tests are only done with continuous buffers */
if (align_offset != 0)
break;
@@ -789,8 +797,19 @@ static int __test_aead(struct crypto_aead *tfm, int enc,
if (!template[i].np)
continue;
- if (enc && template[i].novrfy)
- continue;
+ if (enc) {
+ if (template[i].novrfy)
+ continue;
+ input = template[i].ptext;
+ inlen = template[i].plen;
+ expected_output = template[i].ctext;
+ outlen = template[i].clen;
+ } else {
+ input = template[i].ctext;
+ inlen = template[i].clen;
+ expected_output = template[i].ptext;
+ outlen = template[i].plen;
+ }
j++;
@@ -818,7 +837,7 @@ static int __test_aead(struct crypto_aead *tfm, int enc,
} else if (ret)
continue;
- authsize = abs(template[i].rlen - template[i].ilen);
+ authsize = template[i].clen - template[i].plen;
ret = -EINVAL;
sg_init_table(sg, template[i].anp + template[i].np);
@@ -845,32 +864,32 @@ static int __test_aead(struct crypto_aead *tfm, int enc,
}
for (k = 0, temp = 0; k < template[i].np; k++) {
- if (WARN_ON(offset_in_page(IDX[k]) +
- template[i].tap[k] > PAGE_SIZE))
+ n = template[i].tap[k];
+ if (k == template[i].np - 1 && !enc)
+ n += authsize;
+
+ if (WARN_ON(offset_in_page(IDX[k]) + n > PAGE_SIZE))
goto out;
q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
- memcpy(q, template[i].input + temp, template[i].tap[k]);
- sg_set_buf(&sg[template[i].anp + k],
- q, template[i].tap[k]);
+ memcpy(q, input + temp, n);
+ sg_set_buf(&sg[template[i].anp + k], q, n);
if (diff_dst) {
q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
offset_in_page(IDX[k]);
- memset(q, 0, template[i].tap[k]);
+ memset(q, 0, n);
- sg_set_buf(&sgout[template[i].anp + k],
- q, template[i].tap[k]);
+ sg_set_buf(&sgout[template[i].anp + k], q, n);
}
- n = template[i].tap[k];
if (k == template[i].np - 1 && enc)
n += authsize;
if (offset_in_page(q) + n < PAGE_SIZE)
q[n] = 0;
- temp += template[i].tap[k];
+ temp += n;
}
ret = crypto_aead_setauthsize(tfm, authsize);
@@ -895,8 +914,7 @@ static int __test_aead(struct crypto_aead *tfm, int enc,
}
aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
- template[i].ilen,
- iv);
+ inlen, iv);
aead_request_set_ad(req, template[i].alen);
@@ -935,10 +953,10 @@ static int __test_aead(struct crypto_aead *tfm, int enc,
offset_in_page(IDX[k]);
n = template[i].tap[k];
- if (k == template[i].np - 1)
- n += enc ? authsize : -authsize;
+ if (k == template[i].np - 1 && enc)
+ n += authsize;
- if (memcmp(q, template[i].result + temp, n)) {
+ if (memcmp(q, expected_output + temp, n)) {
pr_err("alg: aead%s: Chunk test %d failed on %s at page %u for %s\n",
d, j, e, k, algo);
hexdump(q, n);
@@ -947,9 +965,8 @@ static int __test_aead(struct crypto_aead *tfm, int enc,
q += n;
if (k == template[i].np - 1 && !enc) {
- if (!diff_dst &&
- memcmp(q, template[i].input +
- temp + n, authsize))
+ if (!diff_dst && memcmp(q, input + temp + n,
+ authsize))
n = authsize;
else
n = 0;
@@ -1721,8 +1738,9 @@ static int test_cprng(struct crypto_rng *tfm,
static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
u32 type, u32 mask)
{
+ const struct aead_test_suite *suite = &desc->suite.aead;
struct crypto_aead *tfm;
- int err = 0;
+ int err;
tfm = crypto_alloc_aead(driver, type, mask);
if (IS_ERR(tfm)) {
@@ -1731,18 +1749,10 @@ static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
return PTR_ERR(tfm);
}
- if (desc->suite.aead.enc.vecs) {
- err = test_aead(tfm, ENCRYPT, desc->suite.aead.enc.vecs,
- desc->suite.aead.enc.count);
- if (err)
- goto out;
- }
-
- if (!err && desc->suite.aead.dec.vecs)
- err = test_aead(tfm, DECRYPT, desc->suite.aead.dec.vecs,
- desc->suite.aead.dec.count);
+ err = test_aead(tfm, ENCRYPT, suite->vecs, suite->count);
+ if (!err)
+ err = test_aead(tfm, DECRYPT, suite->vecs, suite->count);
-out:
crypto_free_aead(tfm);
return err;
}
@@ -2424,28 +2434,19 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "aegis128",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(aegis128_enc_tv_template),
- .dec = __VECS(aegis128_dec_tv_template),
- }
+ .aead = __VECS(aegis128_tv_template)
}
}, {
.alg = "aegis128l",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(aegis128l_enc_tv_template),
- .dec = __VECS(aegis128l_dec_tv_template),
- }
+ .aead = __VECS(aegis128l_tv_template)
}
}, {
.alg = "aegis256",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(aegis256_enc_tv_template),
- .dec = __VECS(aegis256_dec_tv_template),
- }
+ .aead = __VECS(aegis256_tv_template)
}
}, {
.alg = "ansi_cprng",
@@ -2457,36 +2458,27 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "authenc(hmac(md5),ecb(cipher_null))",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(hmac_md5_ecb_cipher_null_enc_tv_template),
- .dec = __VECS(hmac_md5_ecb_cipher_null_dec_tv_template)
- }
+ .aead = __VECS(hmac_md5_ecb_cipher_null_tv_template)
}
}, {
.alg = "authenc(hmac(sha1),cbc(aes))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha1_aes_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha1_aes_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha1),cbc(des))",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha1_des_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha1_des_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha1),cbc(des3_ede))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha1_des3_ede_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha1_des3_ede_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha1),ctr(aes))",
@@ -2496,10 +2488,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "authenc(hmac(sha1),ecb(cipher_null))",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha1_ecb_cipher_null_enc_tv_temp),
- .dec = __VECS(hmac_sha1_ecb_cipher_null_dec_tv_temp)
- }
+ .aead = __VECS(hmac_sha1_ecb_cipher_null_tv_temp)
}
}, {
.alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
@@ -2509,44 +2498,34 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "authenc(hmac(sha224),cbc(des))",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha224_des_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha224_des_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha224),cbc(des3_ede))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha224_des3_ede_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha224_des3_ede_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha256),cbc(aes))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha256_aes_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha256_aes_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha256),cbc(des))",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha256_des_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha256_des_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha256),cbc(des3_ede))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha256_des3_ede_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha256_des3_ede_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha256),ctr(aes))",
@@ -2560,18 +2539,14 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "authenc(hmac(sha384),cbc(des))",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha384_des_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha384_des_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha384),cbc(des3_ede))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha384_des3_ede_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha384_des3_ede_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha384),ctr(aes))",
@@ -2586,26 +2561,20 @@ static const struct alg_test_desc alg_test_descs[] = {
.fips_allowed = 1,
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha512_aes_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha512_aes_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha512),cbc(des))",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha512_des_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha512_des_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha512),cbc(des3_ede))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha512_des3_ede_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha512_des3_ede_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha512),ctr(aes))",
@@ -2702,10 +2671,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(aes_ccm_enc_tv_template),
- .dec = __VECS(aes_ccm_dec_tv_template)
- }
+ .aead = __VECS(aes_ccm_tv_template)
}
}, {
.alg = "cfb(aes)",
@@ -3116,10 +3082,7 @@ static const struct alg_test_desc alg_test_descs[] = {
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(aes_gcm_enc_tv_template),
- .dec = __VECS(aes_gcm_dec_tv_template)
- }
+ .aead = __VECS(aes_gcm_tv_template)
}
}, {
.alg = "ghash",
@@ -3314,19 +3277,13 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = "morus1280",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(morus1280_enc_tv_template),
- .dec = __VECS(morus1280_dec_tv_template),
- }
+ .aead = __VECS(morus1280_tv_template)
}
}, {
.alg = "morus640",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(morus640_enc_tv_template),
- .dec = __VECS(morus640_dec_tv_template),
- }
+ .aead = __VECS(morus640_tv_template)
}
}, {
.alg = "nhpoly1305",
@@ -3391,47 +3348,32 @@ static const struct alg_test_desc alg_test_descs[] = {
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(aes_gcm_rfc4106_enc_tv_template),
- .dec = __VECS(aes_gcm_rfc4106_dec_tv_template)
- }
+ .aead = __VECS(aes_gcm_rfc4106_tv_template)
}
}, {
.alg = "rfc4309(ccm(aes))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(aes_ccm_rfc4309_enc_tv_template),
- .dec = __VECS(aes_ccm_rfc4309_dec_tv_template)
- }
+ .aead = __VECS(aes_ccm_rfc4309_tv_template)
}
}, {
.alg = "rfc4543(gcm(aes))",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(aes_gcm_rfc4543_enc_tv_template),
- .dec = __VECS(aes_gcm_rfc4543_dec_tv_template),
- }
+ .aead = __VECS(aes_gcm_rfc4543_tv_template)
}
}, {
.alg = "rfc7539(chacha20,poly1305)",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(rfc7539_enc_tv_template),
- .dec = __VECS(rfc7539_dec_tv_template),
- }
+ .aead = __VECS(rfc7539_tv_template)
}
}, {
.alg = "rfc7539esp(chacha20,poly1305)",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(rfc7539esp_enc_tv_template),
- .dec = __VECS(rfc7539esp_dec_tv_template),
- }
+ .aead = __VECS(rfc7539esp_tv_template)
}
}, {
.alg = "rmd128",
@@ -76,23 +76,45 @@ struct cipher_testvec {
bool generates_iv;
};
+/*
+ * aead_testvec: structure to describe an AEAD test
+ * @key: Pointer to key
+ * @iv: Pointer to IV. If NULL, an all-zeroes IV is used.
+ * @ptext: Pointer to plaintext
+ * @assoc: Pointer to associated data
+ * @ctext: Pointer to the full authenticated ciphertext. For AEADs that
+ * produce a separate "ciphertext" and "authentication tag", these
+ * two parts are concatenated: ciphertext || tag.
+ * @tap: How to distribute ptext data in @np SGs
+ * @atap: How to distribute assoc data in @anp SGs
+ * @np: Numbers of SG to distribute ptext data in
+ * @anp: Numbers of SG to distribute assoc data in
+ * @fail: setkey() failure expected?
+ * @novrfy: Decryption verification failure expected?
+ * @wk: Does the test need CRYPTO_TFM_REQ_WEAK_KEY?
+ * (e.g. setkey() needs to fail due to a weak key)
+ * @klen: Length of @key in bytes
+ * @plen: Length of @ptext in bytes
+ * @alen: Length of @assoc in bytes
+ * @clen: Length of @ctext in bytes
+ */
struct aead_testvec {
const char *key;
const char *iv;
- const char *input;
+ const char *ptext;
const char *assoc;
- const char *result;
+ const char *ctext;
unsigned char tap[MAX_TAP];
unsigned char atap[MAX_TAP];
int np;
int anp;
bool fail;
- unsigned char novrfy; /* ccm dec verification failure expected */
- unsigned char wk; /* weak key flag */
+ unsigned char novrfy;
+ unsigned char wk;
unsigned char klen;
- unsigned short ilen;
+ unsigned short plen;
+ unsigned short clen;
unsigned short alen;
- unsigned short rlen;
};
struct cprng_testvec {
@@ -18907,6 +18929,13 @@ static const struct aead_testvec rfc7539esp_tv_template[] = {
},
};
+/*
+ * AEGIS-128 test vectors - generated via reference implementation from
+ * SUPERCOP (https://bench.cr.yp.to/supercop.html):
+ *
+ * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
+ * (see crypto_aead/aegis128/)
+ */
static const struct aead_testvec aegis128_tv_template[] = {
{
.key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
@@ -19344,13 +19373,6 @@ static const struct aead_testvec aegis128_tv_template[] = {
},
};
-/*
- * AEGIS-128 test vectors - generated via reference implementation from
- * SUPERCOP (https://bench.cr.yp.to/supercop.html):
- *
- * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
- * (see crypto_aead/aegis128/)
- */
/*
* AEGIS-128L test vectors - generated via reference implementation from
* SUPERCOP (https://bench.cr.yp.to/supercop.html):