crypto: rfc4106 - Extending the RC4106 AES-GCM test vectors
[linux-2.6.git] / crypto / tcrypt.c
index ea3b8a8..9aac5e5 100644 (file)
@@ -8,6 +8,13 @@
  * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
  * Copyright (c) 2007 Nokia Siemens Networks
  *
+ * Updated RFC4106 AES-GCM testing.
+ *    Authors: Aidan O'Mahony (aidan.o.mahony@intel.com)
+ *             Adrian Hoban <adrian.hoban@intel.com>
+ *             Gabriele Paoloni <gabriele.paoloni@intel.com>
+ *             Tadeusz Struk (tadeusz.struk@intel.com)
+ *             Copyright (c) 2010, Intel Corporation.
+ *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the Free
  * Software Foundation; either version 2 of the License, or (at your option)
@@ -18,8 +25,8 @@
 #include <crypto/hash.h>
 #include <linux/err.h>
 #include <linux/init.h>
+#include <linux/gfp.h>
 #include <linux/module.h>
-#include <linux/slab.h>
 #include <linux/scatterlist.h>
 #include <linux/string.h>
 #include <linux/moduleparam.h>
@@ -27,6 +34,7 @@
 #include <linux/timex.h>
 #include <linux/interrupt.h>
 #include "tcrypt.h"
+#include "internal.h"
 
 /*
  * Need slab memory for testing (size in number of pages).
@@ -44,6 +52,9 @@
  */
 static unsigned int sec;
 
+static char *alg = NULL;
+static u32 type;
+static u32 mask;
 static int mode;
 static char *tvmem[TVMEMSIZE];
 
@@ -390,6 +401,17 @@ out:
        return 0;
 }
 
+static void test_hash_sg_init(struct scatterlist *sg)
+{
+       int i;
+
+       sg_init_table(sg, TVMEMSIZE);
+       for (i = 0; i < TVMEMSIZE; i++) {
+               sg_set_buf(sg + i, tvmem[i], PAGE_SIZE);
+               memset(tvmem[i], 0xff, PAGE_SIZE);
+       }
+}
+
 static void test_hash_speed(const char *algo, unsigned int sec,
                            struct hash_speed *speed)
 {
@@ -419,12 +441,7 @@ static void test_hash_speed(const char *algo, unsigned int sec,
                goto out;
        }
 
-       sg_init_table(sg, TVMEMSIZE);
-       for (i = 0; i < TVMEMSIZE; i++) {
-               sg_set_buf(sg + i, tvmem[i], PAGE_SIZE);
-               memset(tvmem[i], 0xff, PAGE_SIZE);
-       }
-
+       test_hash_sg_init(sg);
        for (i = 0; speed[i].blen != 0; i++) {
                if (speed[i].blen > TVMEMSIZE * PAGE_SIZE) {
                        printk(KERN_ERR
@@ -433,6 +450,9 @@ static void test_hash_speed(const char *algo, unsigned int sec,
                        goto out;
                }
 
+               if (speed[i].klen)
+                       crypto_hash_setkey(tfm, tvmem[0], speed[i].klen);
+
                printk(KERN_INFO "test%3u "
                       "(%5u byte blocks,%5u bytes per update,%4u updates): ",
                       i, speed[i].blen, speed[i].plen, speed[i].blen / speed[i].plen);
@@ -454,6 +474,250 @@ out:
        crypto_free_hash(tfm);
 }
 
+struct tcrypt_result {
+       struct completion completion;
+       int err;
+};
+
+static void tcrypt_complete(struct crypto_async_request *req, int err)
+{
+       struct tcrypt_result *res = req->data;
+
+       if (err == -EINPROGRESS)
+               return;
+
+       res->err = err;
+       complete(&res->completion);
+}
+
+static inline int do_one_ahash_op(struct ahash_request *req, int ret)
+{
+       if (ret == -EINPROGRESS || ret == -EBUSY) {
+               struct tcrypt_result *tr = req->base.data;
+
+               ret = wait_for_completion_interruptible(&tr->completion);
+               if (!ret)
+                       ret = tr->err;
+               INIT_COMPLETION(tr->completion);
+       }
+       return ret;
+}
+
+static int test_ahash_jiffies_digest(struct ahash_request *req, int blen,
+                                    char *out, int sec)
+{
+       unsigned long start, end;
+       int bcount;
+       int ret;
+
+       for (start = jiffies, end = start + sec * HZ, bcount = 0;
+            time_before(jiffies, end); bcount++) {
+               ret = do_one_ahash_op(req, crypto_ahash_digest(req));
+               if (ret)
+                       return ret;
+       }
+
+       printk("%6u opers/sec, %9lu bytes/sec\n",
+              bcount / sec, ((long)bcount * blen) / sec);
+
+       return 0;
+}
+
+static int test_ahash_jiffies(struct ahash_request *req, int blen,
+                             int plen, char *out, int sec)
+{
+       unsigned long start, end;
+       int bcount, pcount;
+       int ret;
+
+       if (plen == blen)
+               return test_ahash_jiffies_digest(req, blen, out, sec);
+
+       for (start = jiffies, end = start + sec * HZ, bcount = 0;
+            time_before(jiffies, end); bcount++) {
+               ret = crypto_ahash_init(req);
+               if (ret)
+                       return ret;
+               for (pcount = 0; pcount < blen; pcount += plen) {
+                       ret = do_one_ahash_op(req, crypto_ahash_update(req));
+                       if (ret)
+                               return ret;
+               }
+               /* we assume there is enough space in 'out' for the result */
+               ret = do_one_ahash_op(req, crypto_ahash_final(req));
+               if (ret)
+                       return ret;
+       }
+
+       pr_cont("%6u opers/sec, %9lu bytes/sec\n",
+               bcount / sec, ((long)bcount * blen) / sec);
+
+       return 0;
+}
+
+static int test_ahash_cycles_digest(struct ahash_request *req, int blen,
+                                   char *out)
+{
+       unsigned long cycles = 0;
+       int ret, i;
+
+       /* Warm-up run. */
+       for (i = 0; i < 4; i++) {
+               ret = do_one_ahash_op(req, crypto_ahash_digest(req));
+               if (ret)
+                       goto out;
+       }
+
+       /* The real thing. */
+       for (i = 0; i < 8; i++) {
+               cycles_t start, end;
+
+               start = get_cycles();
+
+               ret = do_one_ahash_op(req, crypto_ahash_digest(req));
+               if (ret)
+                       goto out;
+
+               end = get_cycles();
+
+               cycles += end - start;
+       }
+
+out:
+       if (ret)
+               return ret;
+
+       pr_cont("%6lu cycles/operation, %4lu cycles/byte\n",
+               cycles / 8, cycles / (8 * blen));
+
+       return 0;
+}
+
+static int test_ahash_cycles(struct ahash_request *req, int blen,
+                            int plen, char *out)
+{
+       unsigned long cycles = 0;
+       int i, pcount, ret;
+
+       if (plen == blen)
+               return test_ahash_cycles_digest(req, blen, out);
+
+       /* Warm-up run. */
+       for (i = 0; i < 4; i++) {
+               ret = crypto_ahash_init(req);
+               if (ret)
+                       goto out;
+               for (pcount = 0; pcount < blen; pcount += plen) {
+                       ret = do_one_ahash_op(req, crypto_ahash_update(req));
+                       if (ret)
+                               goto out;
+               }
+               ret = do_one_ahash_op(req, crypto_ahash_final(req));
+               if (ret)
+                       goto out;
+       }
+
+       /* The real thing. */
+       for (i = 0; i < 8; i++) {
+               cycles_t start, end;
+
+               start = get_cycles();
+
+               ret = crypto_ahash_init(req);
+               if (ret)
+                       goto out;
+               for (pcount = 0; pcount < blen; pcount += plen) {
+                       ret = do_one_ahash_op(req, crypto_ahash_update(req));
+                       if (ret)
+                               goto out;
+               }
+               ret = do_one_ahash_op(req, crypto_ahash_final(req));
+               if (ret)
+                       goto out;
+
+               end = get_cycles();
+
+               cycles += end - start;
+       }
+
+out:
+       if (ret)
+               return ret;
+
+       pr_cont("%6lu cycles/operation, %4lu cycles/byte\n",
+               cycles / 8, cycles / (8 * blen));
+
+       return 0;
+}
+
+static void test_ahash_speed(const char *algo, unsigned int sec,
+                            struct hash_speed *speed)
+{
+       struct scatterlist sg[TVMEMSIZE];
+       struct tcrypt_result tresult;
+       struct ahash_request *req;
+       struct crypto_ahash *tfm;
+       static char output[1024];
+       int i, ret;
+
+       printk(KERN_INFO "\ntesting speed of async %s\n", algo);
+
+       tfm = crypto_alloc_ahash(algo, 0, 0);
+       if (IS_ERR(tfm)) {
+               pr_err("failed to load transform for %s: %ld\n",
+                      algo, PTR_ERR(tfm));
+               return;
+       }
+
+       if (crypto_ahash_digestsize(tfm) > sizeof(output)) {
+               pr_err("digestsize(%u) > outputbuffer(%zu)\n",
+                      crypto_ahash_digestsize(tfm), sizeof(output));
+               goto out;
+       }
+
+       test_hash_sg_init(sg);
+       req = ahash_request_alloc(tfm, GFP_KERNEL);
+       if (!req) {
+               pr_err("ahash request allocation failure\n");
+               goto out;
+       }
+
+       init_completion(&tresult.completion);
+       ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
+                                  tcrypt_complete, &tresult);
+
+       for (i = 0; speed[i].blen != 0; i++) {
+               if (speed[i].blen > TVMEMSIZE * PAGE_SIZE) {
+                       pr_err("template (%u) too big for tvmem (%lu)\n",
+                              speed[i].blen, TVMEMSIZE * PAGE_SIZE);
+                       break;
+               }
+
+               pr_info("test%3u "
+                       "(%5u byte blocks,%5u bytes per update,%4u updates): ",
+                       i, speed[i].blen, speed[i].plen, speed[i].blen / speed[i].plen);
+
+               ahash_request_set_crypt(req, sg, output, speed[i].plen);
+
+               if (sec)
+                       ret = test_ahash_jiffies(req, speed[i].blen,
+                                                speed[i].plen, output, sec);
+               else
+                       ret = test_ahash_cycles(req, speed[i].blen,
+                                               speed[i].plen, output);
+
+               if (ret) {
+                       pr_err("hashing failed ret=%d\n", ret);
+                       break;
+               }
+       }
+
+       ahash_request_free(req);
+
+out:
+       crypto_free_ahash(tfm);
+}
+
 static void test_available(void)
 {
        char **name = check;
@@ -468,247 +732,263 @@ static void test_available(void)
 
 static inline int tcrypt_test(const char *alg)
 {
-       return alg_test(alg, alg, 0, 0);
+       int ret;
+
+       ret = alg_test(alg, alg, 0, 0);
+       /* non-fips algs return -EINVAL in fips mode */
+       if (fips_enabled && ret == -EINVAL)
+               ret = 0;
+       return ret;
 }
 
-static void do_test(int m)
+static int do_test(int m)
 {
        int i;
+       int ret = 0;
 
        switch (m) {
        case 0:
                for (i = 1; i < 200; i++)
-                       do_test(i);
+                       ret += do_test(i);
                break;
 
        case 1:
-               tcrypt_test("md5");
+               ret += tcrypt_test("md5");
                break;
 
        case 2:
-               tcrypt_test("sha1");
+               ret += tcrypt_test("sha1");
                break;
 
        case 3:
-               tcrypt_test("ecb(des)");
-               tcrypt_test("cbc(des)");
+               ret += tcrypt_test("ecb(des)");
+               ret += tcrypt_test("cbc(des)");
                break;
 
        case 4:
-               tcrypt_test("ecb(des3_ede)");
-               tcrypt_test("cbc(des3_ede)");
+               ret += tcrypt_test("ecb(des3_ede)");
+               ret += tcrypt_test("cbc(des3_ede)");
                break;
 
        case 5:
-               tcrypt_test("md4");
+               ret += tcrypt_test("md4");
                break;
 
        case 6:
-               tcrypt_test("sha256");
+               ret += tcrypt_test("sha256");
                break;
 
        case 7:
-               tcrypt_test("ecb(blowfish)");
-               tcrypt_test("cbc(blowfish)");
+               ret += tcrypt_test("ecb(blowfish)");
+               ret += tcrypt_test("cbc(blowfish)");
                break;
 
        case 8:
-               tcrypt_test("ecb(twofish)");
-               tcrypt_test("cbc(twofish)");
+               ret += tcrypt_test("ecb(twofish)");
+               ret += tcrypt_test("cbc(twofish)");
                break;
 
        case 9:
-               tcrypt_test("ecb(serpent)");
+               ret += tcrypt_test("ecb(serpent)");
                break;
 
        case 10:
-               tcrypt_test("ecb(aes)");
-               tcrypt_test("cbc(aes)");
-               tcrypt_test("lrw(aes)");
-               tcrypt_test("xts(aes)");
-               tcrypt_test("rfc3686(ctr(aes))");
+               ret += tcrypt_test("ecb(aes)");
+               ret += tcrypt_test("cbc(aes)");
+               ret += tcrypt_test("lrw(aes)");
+               ret += tcrypt_test("xts(aes)");
+               ret += tcrypt_test("ctr(aes)");
+               ret += tcrypt_test("rfc3686(ctr(aes))");
                break;
 
        case 11:
-               tcrypt_test("sha384");
+               ret += tcrypt_test("sha384");
                break;
 
        case 12:
-               tcrypt_test("sha512");
+               ret += tcrypt_test("sha512");
                break;
 
        case 13:
-               tcrypt_test("deflate");
+               ret += tcrypt_test("deflate");
                break;
 
        case 14:
-               tcrypt_test("ecb(cast5)");
+               ret += tcrypt_test("ecb(cast5)");
                break;
 
        case 15:
-               tcrypt_test("ecb(cast6)");
+               ret += tcrypt_test("ecb(cast6)");
                break;
 
        case 16:
-               tcrypt_test("ecb(arc4)");
+               ret += tcrypt_test("ecb(arc4)");
                break;
 
        case 17:
-               tcrypt_test("michael_mic");
+               ret += tcrypt_test("michael_mic");
                break;
 
        case 18:
-               tcrypt_test("crc32c");
+               ret += tcrypt_test("crc32c");
                break;
 
        case 19:
-               tcrypt_test("ecb(tea)");
+               ret += tcrypt_test("ecb(tea)");
                break;
 
        case 20:
-               tcrypt_test("ecb(xtea)");
+               ret += tcrypt_test("ecb(xtea)");
                break;
 
        case 21:
-               tcrypt_test("ecb(khazad)");
+               ret += tcrypt_test("ecb(khazad)");
                break;
 
        case 22:
-               tcrypt_test("wp512");
+               ret += tcrypt_test("wp512");
                break;
 
        case 23:
-               tcrypt_test("wp384");
+               ret += tcrypt_test("wp384");
                break;
 
        case 24:
-               tcrypt_test("wp256");
+               ret += tcrypt_test("wp256");
                break;
 
        case 25:
-               tcrypt_test("ecb(tnepres)");
+               ret += tcrypt_test("ecb(tnepres)");
                break;
 
        case 26:
-               tcrypt_test("ecb(anubis)");
-               tcrypt_test("cbc(anubis)");
+               ret += tcrypt_test("ecb(anubis)");
+               ret += tcrypt_test("cbc(anubis)");
                break;
 
        case 27:
-               tcrypt_test("tgr192");
+               ret += tcrypt_test("tgr192");
                break;
 
        case 28:
 
-               tcrypt_test("tgr160");
+               ret += tcrypt_test("tgr160");
                break;
 
        case 29:
-               tcrypt_test("tgr128");
+               ret += tcrypt_test("tgr128");
                break;
 
        case 30:
-               tcrypt_test("ecb(xeta)");
+               ret += tcrypt_test("ecb(xeta)");
                break;
 
        case 31:
-               tcrypt_test("pcbc(fcrypt)");
+               ret += tcrypt_test("pcbc(fcrypt)");
                break;
 
        case 32:
-               tcrypt_test("ecb(camellia)");
-               tcrypt_test("cbc(camellia)");
+               ret += tcrypt_test("ecb(camellia)");
+               ret += tcrypt_test("cbc(camellia)");
                break;
        case 33:
-               tcrypt_test("sha224");
+               ret += tcrypt_test("sha224");
                break;
 
        case 34:
-               tcrypt_test("salsa20");
+               ret += tcrypt_test("salsa20");
                break;
 
        case 35:
-               tcrypt_test("gcm(aes)");
+               ret += tcrypt_test("gcm(aes)");
                break;
 
        case 36:
-               tcrypt_test("lzo");
+               ret += tcrypt_test("lzo");
                break;
 
        case 37:
-               tcrypt_test("ccm(aes)");
+               ret += tcrypt_test("ccm(aes)");
                break;
 
        case 38:
-               tcrypt_test("cts(cbc(aes))");
+               ret += tcrypt_test("cts(cbc(aes))");
                break;
 
         case 39:
-               tcrypt_test("rmd128");
+               ret += tcrypt_test("rmd128");
                break;
 
         case 40:
-               tcrypt_test("rmd160");
+               ret += tcrypt_test("rmd160");
                break;
 
        case 41:
-               tcrypt_test("rmd256");
+               ret += tcrypt_test("rmd256");
                break;
 
        case 42:
-               tcrypt_test("rmd320");
+               ret += tcrypt_test("rmd320");
                break;
 
        case 43:
-               tcrypt_test("ecb(seed)");
+               ret += tcrypt_test("ecb(seed)");
                break;
 
        case 44:
-               tcrypt_test("zlib");
+               ret += tcrypt_test("zlib");
                break;
 
        case 45:
-               tcrypt_test("rfc4309(ccm(aes))");
+               ret += tcrypt_test("rfc4309(ccm(aes))");
                break;
 
        case 100:
-               tcrypt_test("hmac(md5)");
+               ret += tcrypt_test("hmac(md5)");
                break;
 
        case 101:
-               tcrypt_test("hmac(sha1)");
+               ret += tcrypt_test("hmac(sha1)");
                break;
 
        case 102:
-               tcrypt_test("hmac(sha256)");
+               ret += tcrypt_test("hmac(sha256)");
                break;
 
        case 103:
-               tcrypt_test("hmac(sha384)");
+               ret += tcrypt_test("hmac(sha384)");
                break;
 
        case 104:
-               tcrypt_test("hmac(sha512)");
+               ret += tcrypt_test("hmac(sha512)");
                break;
 
        case 105:
-               tcrypt_test("hmac(sha224)");
+               ret += tcrypt_test("hmac(sha224)");
                break;
 
        case 106:
-               tcrypt_test("xcbc(aes)");
+               ret += tcrypt_test("xcbc(aes)");
                break;
 
        case 107:
-               tcrypt_test("hmac(rmd128)");
+               ret += tcrypt_test("hmac(rmd128)");
                break;
 
        case 108:
-               tcrypt_test("hmac(rmd160)");
+               ret += tcrypt_test("hmac(rmd160)");
+               break;
+
+       case 109:
+               ret += tcrypt_test("vmac(aes)");
                break;
 
        case 150:
-               tcrypt_test("ansi_cprng");
+               ret += tcrypt_test("ansi_cprng");
+               break;
+
+       case 151:
+               ret += tcrypt_test("rfc4106(gcm(aes))");
                break;
 
        case 200:
@@ -865,13 +1145,99 @@ static void do_test(int m)
                test_hash_speed("rmd320", sec, generic_hash_speed_template);
                if (mode > 300 && mode < 400) break;
 
+       case 318:
+               test_hash_speed("ghash-generic", sec, hash_speed_template_16);
+               if (mode > 300 && mode < 400) break;
+
        case 399:
                break;
 
+       case 400:
+               /* fall through */
+
+       case 401:
+               test_ahash_speed("md4", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 402:
+               test_ahash_speed("md5", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 403:
+               test_ahash_speed("sha1", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 404:
+               test_ahash_speed("sha256", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 405:
+               test_ahash_speed("sha384", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 406:
+               test_ahash_speed("sha512", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 407:
+               test_ahash_speed("wp256", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 408:
+               test_ahash_speed("wp384", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 409:
+               test_ahash_speed("wp512", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 410:
+               test_ahash_speed("tgr128", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 411:
+               test_ahash_speed("tgr160", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 412:
+               test_ahash_speed("tgr192", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 413:
+               test_ahash_speed("sha224", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 414:
+               test_ahash_speed("rmd128", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 415:
+               test_ahash_speed("rmd160", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 416:
+               test_ahash_speed("rmd256", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 417:
+               test_ahash_speed("rmd320", sec, generic_hash_speed_template);
+               if (mode > 400 && mode < 500) break;
+
+       case 499:
+               break;
+
        case 1000:
                test_available();
                break;
        }
+
+       return ret;
+}
+
+static int do_alg_test(const char *alg, u32 type, u32 mask)
+{
+       return crypto_has_alg(alg, type, mask ?: CRYPTO_ALG_TYPE_MASK) ?
+              0 : -ENOENT;
 }
 
 static int __init tcrypt_mod_init(void)
@@ -885,15 +1251,25 @@ static int __init tcrypt_mod_init(void)
                        goto err_free_tv;
        }
 
-       do_test(mode);
+       if (alg)
+               err = do_alg_test(alg, type, mask);
+       else
+               err = do_test(mode);
+
+       if (err) {
+               printk(KERN_ERR "tcrypt: one or more tests failed!\n");
+               goto err_free_tv;
+       }
 
-       /* We intentionaly return -EAGAIN to prevent keeping
-        * the module. It does all its work from init()
-        * and doesn't offer any runtime functionality 
+       /* We intentionaly return -EAGAIN to prevent keeping the module,
+        * unless we're running in fips mode. It does all its work from
+        * init() and doesn't offer any runtime functionality, but in
+        * the fips case, checking for a successful load is helpful.
         * => we don't need it in the memory, do we?
         *                                        -- mludvig
         */
-       err = -EAGAIN;
+       if (!fips_enabled)
+               err = -EAGAIN;
 
 err_free_tv:
        for (i = 0; i < TVMEMSIZE && tvmem[i]; i++)
@@ -911,6 +1287,9 @@ static void __exit tcrypt_mod_fini(void) { }
 module_init(tcrypt_mod_init);
 module_exit(tcrypt_mod_fini);
 
+module_param(alg, charp, 0);
+module_param(type, uint, 0);
+module_param(mask, uint, 0);
 module_param(mode, int, 0);
 module_param(sec, uint, 0);
 MODULE_PARM_DESC(sec, "Length in seconds of speed tests "