1
0

lkcapi_glue.c 98 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144
  1. /* lkcapi_glue.c -- glue logic to register wolfCrypt implementations with
  2. * the Linux Kernel Cryptosystem
  3. *
  4. * Copyright (C) 2006-2024 wolfSSL Inc.
  5. *
  6. * This file is part of wolfSSL.
  7. *
  8. * wolfSSL is free software; you can redistribute it and/or modify
  9. * it under the terms of the GNU General Public License as published by
  10. * the Free Software Foundation; either version 2 of the License, or
  11. * (at your option) any later version.
  12. *
  13. * wolfSSL is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU General Public License for more details.
  17. *
  18. * You should have received a copy of the GNU General Public License
  19. * along with this program; if not, write to the Free Software
  20. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  21. */
  22. /* included by linuxkm/module_hooks.c */
  23. #ifndef LINUXKM_LKCAPI_REGISTER
  24. #error lkcapi_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
  25. #endif
  26. /* kernel crypto self-test includes test setups that have different expected
  27. * results FIPS vs non-FIPS.
  28. */
  29. #if defined(CONFIG_CRYPTO_MANAGER) && \
  30. (defined(CONFIG_CRYPTO_FIPS) != defined(HAVE_FIPS))
  31. #error CONFIG_CRYPTO_MANAGER requires that CONFIG_CRYPTO_FIPS match HAVE_FIPS.
  32. #endif
  33. #ifndef WOLFSSL_LINUXKM_LKCAPI_PRIORITY
  34. /* Larger number means higher priority. The highest in-tree priority is 4001,
  35. * in the Cavium driver.
  36. */
  37. #define WOLFSSL_LINUXKM_LKCAPI_PRIORITY 10000
  38. #endif
  39. #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
  40. static int disable_setkey_warnings = 0;
  41. #else
  42. #define disable_setkey_warnings 0
  43. #endif
  44. #ifndef NO_AES
  45. /* note the FIPS code will be returned on failure even in non-FIPS builds. */
  46. #define LINUXKM_LKCAPI_AES_KAT_MISMATCH_E AES_KAT_FIPS_E
  47. #define LINUXKM_LKCAPI_AESGCM_KAT_MISMATCH_E AESGCM_KAT_FIPS_E
  48. #define WOLFKM_AESCBC_NAME "cbc(aes)"
  49. #define WOLFKM_AESCFB_NAME "cfb(aes)"
  50. #define WOLFKM_AESGCM_NAME "gcm(aes)"
  51. #define WOLFKM_AESXTS_NAME "xts(aes)"
  52. #ifdef WOLFSSL_AESNI
  53. #define WOLFKM_DRIVER_ISA_EXT "-aesni"
  54. #else
  55. #define WOLFKM_DRIVER_ISA_EXT ""
  56. #endif
  57. #ifdef HAVE_FIPS
  58. #ifndef HAVE_FIPS_VERSION
  59. #define WOLFKM_DRIVER_FIPS "-fips-140"
  60. #elif HAVE_FIPS_VERSION >= 5
  61. #define WOLFKM_DRIVER_FIPS "-fips-140-3"
  62. #elif HAVE_FIPS_VERSION == 2
  63. #define WOLFKM_DRIVER_FIPS "-fips-140-2"
  64. #else
  65. #define WOLFKM_DRIVER_FIPS "-fips-140"
  66. #endif
  67. #else
  68. #define WOLFKM_DRIVER_FIPS ""
  69. #endif
  70. #define WOLFKM_DRIVER_SUFFIX \
  71. WOLFKM_DRIVER_ISA_EXT WOLFKM_DRIVER_FIPS "-wolfcrypt"
  72. #define WOLFKM_AESCBC_DRIVER ("cbc-aes" WOLFKM_DRIVER_SUFFIX)
  73. #define WOLFKM_AESCFB_DRIVER ("cfb-aes" WOLFKM_DRIVER_SUFFIX)
  74. #define WOLFKM_AESGCM_DRIVER ("gcm-aes" WOLFKM_DRIVER_SUFFIX)
  75. #define WOLFKM_AESXTS_DRIVER ("xts-aes" WOLFKM_DRIVER_SUFFIX)
  76. #if defined(HAVE_AES_CBC) && \
  77. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  78. defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
  79. #ifndef WOLFSSL_EXPERIMENTAL_SETTINGS
  80. #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS
  81. #endif
  82. static int linuxkm_test_aescbc(void);
  83. #endif
  84. #if defined(WOLFSSL_AES_CFB) && \
  85. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  86. defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
  87. #ifndef WOLFSSL_EXPERIMENTAL_SETTINGS
  88. #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS
  89. #endif
  90. static int linuxkm_test_aescfb(void);
  91. #endif
  92. #if defined(HAVE_AESGCM) && \
  93. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  94. defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
  95. #ifndef WOLFSSL_EXPERIMENTAL_SETTINGS
  96. #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS
  97. #endif
  98. static int linuxkm_test_aesgcm(void);
  99. #endif
  100. #if defined(WOLFSSL_AES_XTS) && \
  101. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  102. defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
  103. static int linuxkm_test_aesxts(void);
  104. #endif
  105. /* km_AesX(): wrappers to wolfcrypt wc_AesX functions and
  106. * structures. */
  107. #include <wolfssl/wolfcrypt/aes.h>
  108. struct km_AesCtx {
  109. Aes *aes_encrypt; /* allocated in km_AesInitCommon() to assure
  110. * alignment, needed for AESNI.
  111. */
  112. Aes *aes_decrypt; /* same. */
  113. };
  114. #if defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  115. defined(LINUXKM_LKCAPI_REGISTER_AESCBC) || \
  116. defined(LINUXKM_LKCAPI_REGISTER_AESCFB) || \
  117. defined(LINUXKM_LKCAPI_REGISTER_AESGCM)
  118. static void km_AesExitCommon(struct km_AesCtx * ctx);
  119. static int km_AesInitCommon(
  120. struct km_AesCtx * ctx,
  121. const char * name,
  122. int need_decryption)
  123. {
  124. int err;
  125. ctx->aes_encrypt = (Aes *)malloc(sizeof(*ctx->aes_encrypt));
  126. if (! ctx->aes_encrypt) {
  127. pr_err("%s: allocation of %zu bytes for encryption key failed.\n",
  128. name, sizeof(*ctx->aes_encrypt));
  129. return MEMORY_E;
  130. }
  131. err = wc_AesInit(ctx->aes_encrypt, NULL, INVALID_DEVID);
  132. if (unlikely(err)) {
  133. pr_err("%s: wc_AesInit failed: %d\n", name, err);
  134. free(ctx->aes_encrypt);
  135. ctx->aes_encrypt = NULL;
  136. return -EINVAL;
  137. }
  138. if (! need_decryption) {
  139. ctx->aes_decrypt = NULL;
  140. return 0;
  141. }
  142. ctx->aes_decrypt = (Aes *)malloc(sizeof(*ctx->aes_decrypt));
  143. if (! ctx->aes_decrypt) {
  144. pr_err("%s: allocation of %zu bytes for decryption key failed.\n",
  145. name, sizeof(*ctx->aes_decrypt));
  146. km_AesExitCommon(ctx);
  147. return MEMORY_E;
  148. }
  149. err = wc_AesInit(ctx->aes_decrypt, NULL, INVALID_DEVID);
  150. if (unlikely(err)) {
  151. pr_err("%s: wc_AesInit failed: %d\n", name, err);
  152. free(ctx->aes_decrypt);
  153. ctx->aes_decrypt = NULL;
  154. km_AesExitCommon(ctx);
  155. return -EINVAL;
  156. }
  157. return 0;
  158. }
  159. static void km_AesExitCommon(struct km_AesCtx * ctx)
  160. {
  161. if (ctx->aes_encrypt) {
  162. wc_AesFree(ctx->aes_encrypt);
  163. free(ctx->aes_encrypt);
  164. ctx->aes_encrypt = NULL;
  165. }
  166. if (ctx->aes_decrypt) {
  167. wc_AesFree(ctx->aes_decrypt);
  168. free(ctx->aes_decrypt);
  169. ctx->aes_decrypt = NULL;
  170. }
  171. }
  172. #if defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  173. defined(LINUXKM_LKCAPI_REGISTER_AESCBC) || \
  174. defined(LINUXKM_LKCAPI_REGISTER_AESCFB)
  175. static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key,
  176. unsigned int key_len, const char * name)
  177. {
  178. int err;
  179. err = wc_AesSetKey(ctx->aes_encrypt, in_key, key_len, NULL, AES_ENCRYPTION);
  180. if (unlikely(err)) {
  181. if (! disable_setkey_warnings)
  182. pr_err("%s: wc_AesSetKey for encryption key failed: %d\n", name, err);
  183. return -ENOKEY;
  184. }
  185. if (ctx->aes_decrypt) {
  186. err = wc_AesSetKey(ctx->aes_decrypt, in_key, key_len, NULL,
  187. AES_DECRYPTION);
  188. if (unlikely(err)) {
  189. if (! disable_setkey_warnings)
  190. pr_err("%s: wc_AesSetKey for decryption key failed: %d\n",
  191. name, err);
  192. return -ENOKEY;
  193. }
  194. }
  195. return 0;
  196. }
  197. static void km_AesExit(struct crypto_skcipher *tfm)
  198. {
  199. struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
  200. km_AesExitCommon(ctx);
  201. }
  202. #endif /* LINUXKM_LKCAPI_REGISTER_ALL ||
  203. * LINUXKM_LKCAPI_REGISTER_AESCBC ||
  204. * LINUXKM_LKCAPI_REGISTER_AESCFB
  205. */
  206. #endif /* LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCBC ||
  207. * LINUXKM_LKCAPI_REGISTER_AESCFB || LINUXKM_LKCAPI_REGISTER_AESGCM
  208. */
  209. #if defined(HAVE_AES_CBC) && \
  210. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  211. defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
  212. static int km_AesCbcInit(struct crypto_skcipher *tfm)
  213. {
  214. struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
  215. return km_AesInitCommon(ctx, WOLFKM_AESCBC_DRIVER, 1);
  216. }
  217. static int km_AesCbcSetKey(struct crypto_skcipher *tfm, const u8 *in_key,
  218. unsigned int key_len)
  219. {
  220. struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
  221. return km_AesSetKeyCommon(ctx, in_key, key_len, WOLFKM_AESCBC_DRIVER);
  222. }
  223. static int km_AesCbcEncrypt(struct skcipher_request *req)
  224. {
  225. struct crypto_skcipher * tfm = NULL;
  226. struct km_AesCtx * ctx = NULL;
  227. struct skcipher_walk walk;
  228. unsigned int nbytes = 0;
  229. int err = 0;
  230. tfm = crypto_skcipher_reqtfm(req);
  231. ctx = crypto_skcipher_ctx(tfm);
  232. err = skcipher_walk_virt(&walk, req, false);
  233. if (unlikely(err)) {
  234. pr_err("%s: skcipher_walk_virt failed: %d\n",
  235. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  236. return err;
  237. }
  238. while ((nbytes = walk.nbytes) != 0) {
  239. err = wc_AesSetIV(ctx->aes_encrypt, walk.iv);
  240. if (unlikely(err)) {
  241. pr_err("%s: wc_AesSetIV failed: %d\n",
  242. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  243. return -EINVAL;
  244. }
  245. err = wc_AesCbcEncrypt(ctx->aes_encrypt, walk.dst.virt.addr,
  246. walk.src.virt.addr, nbytes);
  247. if (unlikely(err)) {
  248. pr_err("%s: wc_AesCbcEncrypt failed: %d\n",
  249. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  250. return -EINVAL;
  251. }
  252. err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
  253. if (unlikely(err)) {
  254. pr_err("%s: skcipher_walk_done failed: %d\n",
  255. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  256. return err;
  257. }
  258. }
  259. return err;
  260. }
  261. static int km_AesCbcDecrypt(struct skcipher_request *req)
  262. {
  263. struct crypto_skcipher * tfm = NULL;
  264. struct km_AesCtx * ctx = NULL;
  265. struct skcipher_walk walk;
  266. unsigned int nbytes = 0;
  267. int err = 0;
  268. tfm = crypto_skcipher_reqtfm(req);
  269. ctx = crypto_skcipher_ctx(tfm);
  270. err = skcipher_walk_virt(&walk, req, false);
  271. if (unlikely(err)) {
  272. pr_err("%s: skcipher_walk_virt failed: %d\n",
  273. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  274. return err;
  275. }
  276. while ((nbytes = walk.nbytes) != 0) {
  277. err = wc_AesSetIV(ctx->aes_decrypt, walk.iv);
  278. if (unlikely(err)) {
  279. if (! disable_setkey_warnings)
  280. pr_err("%s: wc_AesSetKey failed: %d\n",
  281. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  282. return -EINVAL;
  283. }
  284. err = wc_AesCbcDecrypt(ctx->aes_decrypt, walk.dst.virt.addr,
  285. walk.src.virt.addr, nbytes);
  286. if (unlikely(err)) {
  287. pr_err("%s: wc_AesCbcDecrypt failed: %d\n",
  288. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  289. return -EINVAL;
  290. }
  291. err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
  292. if (unlikely(err)) {
  293. pr_err("%s: skcipher_walk_done failed: %d\n",
  294. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  295. return err;
  296. }
  297. }
  298. return err;
  299. }
  300. static struct skcipher_alg cbcAesAlg = {
  301. .base.cra_name = WOLFKM_AESCBC_NAME,
  302. .base.cra_driver_name = WOLFKM_AESCBC_DRIVER,
  303. .base.cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
  304. .base.cra_blocksize = WC_AES_BLOCK_SIZE,
  305. .base.cra_ctxsize = sizeof(struct km_AesCtx),
  306. .base.cra_module = THIS_MODULE,
  307. .init = km_AesCbcInit,
  308. .exit = km_AesExit,
  309. .min_keysize = AES_128_KEY_SIZE,
  310. .max_keysize = AES_256_KEY_SIZE,
  311. .ivsize = WC_AES_BLOCK_SIZE,
  312. .setkey = km_AesCbcSetKey,
  313. .encrypt = km_AesCbcEncrypt,
  314. .decrypt = km_AesCbcDecrypt,
  315. };
  316. static int cbcAesAlg_loaded = 0;
  317. #endif /* HAVE_AES_CBC &&
  318. * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCBC)
  319. */
  320. #if defined(WOLFSSL_AES_CFB) && \
  321. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  322. defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
  323. static int km_AesCfbInit(struct crypto_skcipher *tfm)
  324. {
  325. struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
  326. return km_AesInitCommon(ctx, WOLFKM_AESCFB_DRIVER, 0);
  327. }
  328. static int km_AesCfbSetKey(struct crypto_skcipher *tfm, const u8 *in_key,
  329. unsigned int key_len)
  330. {
  331. struct km_AesCtx * ctx = crypto_skcipher_ctx(tfm);
  332. return km_AesSetKeyCommon(ctx, in_key, key_len, WOLFKM_AESCFB_DRIVER);
  333. }
  334. static int km_AesCfbEncrypt(struct skcipher_request *req)
  335. {
  336. struct crypto_skcipher * tfm = NULL;
  337. struct km_AesCtx * ctx = NULL;
  338. struct skcipher_walk walk;
  339. unsigned int nbytes = 0;
  340. int err = 0;
  341. tfm = crypto_skcipher_reqtfm(req);
  342. ctx = crypto_skcipher_ctx(tfm);
  343. err = skcipher_walk_virt(&walk, req, false);
  344. if (unlikely(err)) {
  345. pr_err("%s: skcipher_walk_virt failed: %d\n",
  346. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  347. return err;
  348. }
  349. while ((nbytes = walk.nbytes) != 0) {
  350. err = wc_AesSetIV(ctx->aes_encrypt, walk.iv);
  351. if (unlikely(err)) {
  352. if (! disable_setkey_warnings)
  353. pr_err("%s: wc_AesSetKey failed: %d\n",
  354. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  355. return -EINVAL;
  356. }
  357. err = wc_AesCfbEncrypt(ctx->aes_encrypt, walk.dst.virt.addr,
  358. walk.src.virt.addr, nbytes);
  359. if (unlikely(err)) {
  360. pr_err("%s: wc_AesCfbEncrypt failed %d\n",
  361. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  362. return -EINVAL;
  363. }
  364. err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
  365. if (unlikely(err)) {
  366. pr_err("%s: skcipher_walk_done failed: %d\n",
  367. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  368. return err;
  369. }
  370. }
  371. return err;
  372. }
  373. static int km_AesCfbDecrypt(struct skcipher_request *req)
  374. {
  375. struct crypto_skcipher * tfm = NULL;
  376. struct km_AesCtx * ctx = NULL;
  377. struct skcipher_walk walk;
  378. unsigned int nbytes = 0;
  379. int err = 0;
  380. tfm = crypto_skcipher_reqtfm(req);
  381. ctx = crypto_skcipher_ctx(tfm);
  382. err = skcipher_walk_virt(&walk, req, false);
  383. if (unlikely(err)) {
  384. pr_err("%s: skcipher_walk_virt failed: %d\n",
  385. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  386. return err;
  387. }
  388. while ((nbytes = walk.nbytes) != 0) {
  389. err = wc_AesSetIV(ctx->aes_encrypt, walk.iv);
  390. if (unlikely(err)) {
  391. if (! disable_setkey_warnings)
  392. pr_err("%s: wc_AesSetKey failed: %d\n",
  393. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  394. return -EINVAL;
  395. }
  396. err = wc_AesCfbDecrypt(ctx->aes_encrypt, walk.dst.virt.addr,
  397. walk.src.virt.addr, nbytes);
  398. if (unlikely(err)) {
  399. pr_err("%s: wc_AesCfbDecrypt failed: %d\n",
  400. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  401. return -EINVAL;
  402. }
  403. err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
  404. if (unlikely(err)) {
  405. pr_err("%s: skcipher_walk_done failed: %d\n",
  406. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  407. return err;
  408. }
  409. }
  410. return err;
  411. }
  412. static struct skcipher_alg cfbAesAlg = {
  413. .base.cra_name = WOLFKM_AESCFB_NAME,
  414. .base.cra_driver_name = WOLFKM_AESCFB_DRIVER,
  415. .base.cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
  416. .base.cra_blocksize = WC_AES_BLOCK_SIZE,
  417. .base.cra_ctxsize = sizeof(struct km_AesCtx),
  418. .base.cra_module = THIS_MODULE,
  419. .init = km_AesCfbInit,
  420. .exit = km_AesExit,
  421. .min_keysize = AES_128_KEY_SIZE,
  422. .max_keysize = AES_256_KEY_SIZE,
  423. .ivsize = WC_AES_BLOCK_SIZE,
  424. .setkey = km_AesCfbSetKey,
  425. .encrypt = km_AesCfbEncrypt,
  426. .decrypt = km_AesCfbDecrypt,
  427. };
  428. static int cfbAesAlg_loaded = 0;
  429. #endif /* WOLFSSL_AES_CFB &&
  430. * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCBC)
  431. */
  432. #if defined(HAVE_AESGCM) && \
  433. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  434. defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
  435. #ifndef WOLFSSL_AESGCM_STREAM
  436. #error LKCAPI registration of AES-GCM requires WOLFSSL_AESGCM_STREAM (--enable-aesgcm-stream).
  437. #endif
  438. static int km_AesGcmInit(struct crypto_aead * tfm)
  439. {
  440. struct km_AesCtx * ctx = crypto_aead_ctx(tfm);
  441. return km_AesInitCommon(ctx, WOLFKM_AESGCM_DRIVER, 0);
  442. }
  443. static void km_AesGcmExit(struct crypto_aead * tfm)
  444. {
  445. struct km_AesCtx * ctx = crypto_aead_ctx(tfm);
  446. km_AesExitCommon(ctx);
  447. }
  448. static int km_AesGcmSetKey(struct crypto_aead *tfm, const u8 *in_key,
  449. unsigned int key_len)
  450. {
  451. int err;
  452. struct km_AesCtx * ctx = crypto_aead_ctx(tfm);
  453. err = wc_AesGcmSetKey(ctx->aes_encrypt, in_key, key_len);
  454. if (unlikely(err)) {
  455. if (! disable_setkey_warnings)
  456. pr_err("%s: wc_AesGcmSetKey failed: %d\n",
  457. crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
  458. return -ENOKEY;
  459. }
  460. return 0;
  461. }
  462. static int km_AesGcmSetAuthsize(struct crypto_aead *tfm, unsigned int authsize)
  463. {
  464. (void)tfm;
  465. if (authsize > WC_AES_BLOCK_SIZE ||
  466. authsize < WOLFSSL_MIN_AUTH_TAG_SZ) {
  467. pr_err("%s: invalid authsize: %d\n",
  468. crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), authsize);
  469. return -EINVAL;
  470. }
  471. return 0;
  472. }
  473. /*
  474. * aead ciphers receive data in scatterlists in following order:
  475. * encrypt
  476. * req->src: aad||plaintext
  477. * req->dst: aad||ciphertext||tag
  478. * decrypt
  479. * req->src: aad||ciphertext||tag
  480. * req->dst: aad||plaintext, return 0 or -EBADMSG
  481. */
  482. static int km_AesGcmEncrypt(struct aead_request *req)
  483. {
  484. struct crypto_aead * tfm = NULL;
  485. struct km_AesCtx * ctx = NULL;
  486. struct skcipher_walk walk;
  487. struct scatter_walk assocSgWalk;
  488. unsigned int nbytes = 0;
  489. u8 authTag[WC_AES_BLOCK_SIZE];
  490. int err = 0;
  491. unsigned int assocLeft = 0;
  492. unsigned int cryptLeft = 0;
  493. u8 * assoc = NULL;
  494. tfm = crypto_aead_reqtfm(req);
  495. ctx = crypto_aead_ctx(tfm);
  496. assocLeft = req->assoclen;
  497. cryptLeft = req->cryptlen;
  498. scatterwalk_start(&assocSgWalk, req->src);
  499. err = skcipher_walk_aead_encrypt(&walk, req, false);
  500. if (unlikely(err)) {
  501. pr_err("%s: skcipher_walk_aead_encrypt failed: %d\n",
  502. crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
  503. return -1;
  504. }
  505. err = wc_AesGcmInit(ctx->aes_encrypt, NULL /*key*/, 0 /*keylen*/, walk.iv,
  506. WC_AES_BLOCK_SIZE);
  507. if (unlikely(err)) {
  508. pr_err("%s: wc_AesGcmInit failed: %d\n",
  509. crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
  510. return -EINVAL;
  511. }
  512. assoc = scatterwalk_map(&assocSgWalk);
  513. if (unlikely(IS_ERR(assoc))) {
  514. pr_err("%s: scatterwalk_map failed: %ld\n",
  515. crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
  516. PTR_ERR(assoc));
  517. return err;
  518. }
  519. err = wc_AesGcmEncryptUpdate(ctx->aes_encrypt, NULL, NULL, 0,
  520. assoc, assocLeft);
  521. assocLeft -= assocLeft;
  522. scatterwalk_unmap(assoc);
  523. assoc = NULL;
  524. if (unlikely(err)) {
  525. pr_err("%s: wc_AesGcmEncryptUpdate failed: %d\n",
  526. crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
  527. return -EINVAL;
  528. }
  529. while ((nbytes = walk.nbytes) != 0) {
  530. int n = nbytes;
  531. if (likely(cryptLeft && nbytes)) {
  532. n = cryptLeft < nbytes ? cryptLeft : nbytes;
  533. err = wc_AesGcmEncryptUpdate(
  534. ctx->aes_encrypt,
  535. walk.dst.virt.addr,
  536. walk.src.virt.addr,
  537. cryptLeft,
  538. NULL, 0);
  539. nbytes -= n;
  540. cryptLeft -= n;
  541. }
  542. if (unlikely(err)) {
  543. pr_err("%s: wc_AesGcmEncryptUpdate failed: %d\n",
  544. crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
  545. return -EINVAL;
  546. }
  547. err = skcipher_walk_done(&walk, nbytes);
  548. if (unlikely(err)) {
  549. pr_err("%s: skcipher_walk_done failed: %d\n",
  550. crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
  551. return err;
  552. }
  553. }
  554. err = wc_AesGcmEncryptFinal(ctx->aes_encrypt, authTag, tfm->authsize);
  555. if (unlikely(err)) {
  556. pr_err("%s: wc_AesGcmEncryptFinal failed with return code %d\n",
  557. crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
  558. return -EINVAL;
  559. }
  560. /* Now copy the auth tag into request scatterlist. */
  561. scatterwalk_map_and_copy(authTag, req->dst,
  562. req->assoclen + req->cryptlen,
  563. tfm->authsize, 1);
  564. return err;
  565. }
  566. static int km_AesGcmDecrypt(struct aead_request *req)
  567. {
  568. struct crypto_aead * tfm = NULL;
  569. struct km_AesCtx * ctx = NULL;
  570. struct skcipher_walk walk;
  571. struct scatter_walk assocSgWalk;
  572. unsigned int nbytes = 0;
  573. u8 origAuthTag[WC_AES_BLOCK_SIZE];
  574. int err = 0;
  575. unsigned int assocLeft = 0;
  576. unsigned int cryptLeft = 0;
  577. u8 * assoc = NULL;
  578. tfm = crypto_aead_reqtfm(req);
  579. ctx = crypto_aead_ctx(tfm);
  580. assocLeft = req->assoclen;
  581. cryptLeft = req->cryptlen - tfm->authsize;
  582. /* Copy out original auth tag from req->src. */
  583. scatterwalk_map_and_copy(origAuthTag, req->src,
  584. req->assoclen + req->cryptlen - tfm->authsize,
  585. tfm->authsize, 0);
  586. scatterwalk_start(&assocSgWalk, req->src);
  587. err = skcipher_walk_aead_decrypt(&walk, req, false);
  588. if (unlikely(err)) {
  589. pr_err("%s: skcipher_walk_aead_decrypt failed: %d\n",
  590. crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
  591. return err;
  592. }
  593. err = wc_AesGcmInit(ctx->aes_encrypt, NULL /*key*/, 0 /*keylen*/, walk.iv,
  594. WC_AES_BLOCK_SIZE);
  595. if (unlikely(err)) {
  596. pr_err("%s: wc_AesGcmInit failed: %d\n",
  597. crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
  598. return -EINVAL;
  599. }
  600. assoc = scatterwalk_map(&assocSgWalk);
  601. if (unlikely(IS_ERR(assoc))) {
  602. pr_err("%s: scatterwalk_map failed: %ld\n",
  603. crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
  604. PTR_ERR(assoc));
  605. return err;
  606. }
  607. err = wc_AesGcmDecryptUpdate(ctx->aes_encrypt, NULL, NULL, 0,
  608. assoc, assocLeft);
  609. assocLeft -= assocLeft;
  610. scatterwalk_unmap(assoc);
  611. assoc = NULL;
  612. if (unlikely(err)) {
  613. pr_err("%s: wc_AesGcmDecryptUpdate failed: %d\n",
  614. crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
  615. return -EINVAL;
  616. }
  617. while ((nbytes = walk.nbytes) != 0) {
  618. int n = nbytes;
  619. if (likely(cryptLeft && nbytes)) {
  620. n = cryptLeft < nbytes ? cryptLeft : nbytes;
  621. err = wc_AesGcmDecryptUpdate(
  622. ctx->aes_encrypt,
  623. walk.dst.virt.addr,
  624. walk.src.virt.addr,
  625. cryptLeft,
  626. NULL, 0);
  627. nbytes -= n;
  628. cryptLeft -= n;
  629. }
  630. if (unlikely(err)) {
  631. pr_err("%s: wc_AesGcmDecryptUpdate failed: %d\n",
  632. crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
  633. return -EINVAL;
  634. }
  635. err = skcipher_walk_done(&walk, nbytes);
  636. if (unlikely(err)) {
  637. pr_err("%s: skcipher_walk_done failed: %d\n",
  638. crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
  639. return err;
  640. }
  641. }
  642. err = wc_AesGcmDecryptFinal(ctx->aes_encrypt, origAuthTag, tfm->authsize);
  643. if (unlikely(err)) {
  644. pr_err("%s: wc_AesGcmDecryptFinal failed with return code %d\n",
  645. crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err);
  646. if (err == WC_NO_ERR_TRACE(AES_GCM_AUTH_E)) {
  647. return -EBADMSG;
  648. }
  649. else {
  650. return -EINVAL;
  651. }
  652. }
  653. return err;
  654. }
  655. static struct aead_alg gcmAesAead = {
  656. .base.cra_name = WOLFKM_AESGCM_NAME,
  657. .base.cra_driver_name = WOLFKM_AESGCM_DRIVER,
  658. .base.cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
  659. .base.cra_blocksize = 1,
  660. .base.cra_ctxsize = sizeof(struct km_AesCtx),
  661. .base.cra_module = THIS_MODULE,
  662. .init = km_AesGcmInit,
  663. .exit = km_AesGcmExit,
  664. .setkey = km_AesGcmSetKey,
  665. .setauthsize = km_AesGcmSetAuthsize,
  666. .encrypt = km_AesGcmEncrypt,
  667. .decrypt = km_AesGcmDecrypt,
  668. .ivsize = WC_AES_BLOCK_SIZE,
  669. .maxauthsize = WC_AES_BLOCK_SIZE,
  670. .chunksize = WC_AES_BLOCK_SIZE,
  671. };
  672. static int gcmAesAead_loaded = 0;
  673. #endif /* HAVE_AESGCM &&
  674. * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESGCM) &&
  675. */
  676. #if defined(WOLFSSL_AES_XTS) && \
  677. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  678. defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
  679. #ifndef WOLFSSL_AESXTS_STREAM
  680. #error LKCAPI registration of AES-XTS requires WOLFSSL_AESXTS_STREAM (--enable-aesxts-stream).
  681. #endif
  682. struct km_AesXtsCtx {
  683. XtsAes *aesXts; /* allocated in km_AesXtsInitCommon() to assure alignment
  684. * for AESNI.
  685. */
  686. };
  687. static int km_AesXtsInitCommon(struct km_AesXtsCtx * ctx, const char * name)
  688. {
  689. int err;
  690. ctx->aesXts = (XtsAes *)malloc(sizeof(*ctx->aesXts));
  691. if (! ctx->aesXts)
  692. return -MEMORY_E;
  693. err = wc_AesXtsInit(ctx->aesXts, NULL, INVALID_DEVID);
  694. if (unlikely(err)) {
  695. pr_err("%s: km_AesXtsInitCommon failed: %d\n", name, err);
  696. return -EINVAL;
  697. }
  698. return 0;
  699. }
  700. static int km_AesXtsInit(struct crypto_skcipher *tfm)
  701. {
  702. struct km_AesXtsCtx * ctx = crypto_skcipher_ctx(tfm);
  703. return km_AesXtsInitCommon(ctx, WOLFKM_AESXTS_DRIVER);
  704. }
  705. static void km_AesXtsExit(struct crypto_skcipher *tfm)
  706. {
  707. struct km_AesXtsCtx * ctx = crypto_skcipher_ctx(tfm);
  708. wc_AesXtsFree(ctx->aesXts);
  709. free(ctx->aesXts);
  710. ctx->aesXts = NULL;
  711. }
  712. static int km_AesXtsSetKey(struct crypto_skcipher *tfm, const u8 *in_key,
  713. unsigned int key_len)
  714. {
  715. int err;
  716. struct km_AesXtsCtx * ctx = crypto_skcipher_ctx(tfm);
  717. err = wc_AesXtsSetKeyNoInit(ctx->aesXts, in_key, key_len,
  718. AES_ENCRYPTION_AND_DECRYPTION);
  719. if (unlikely(err)) {
  720. if (! disable_setkey_warnings)
  721. pr_err("%s: wc_AesXtsSetKeyNoInit failed: %d\n",
  722. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  723. return -EINVAL;
  724. }
  725. return 0;
  726. }
  727. /* see /usr/src/linux/drivers/md/dm-crypt.c */
  728. static int km_AesXtsEncrypt(struct skcipher_request *req)
  729. {
  730. int err = 0;
  731. struct crypto_skcipher * tfm = NULL;
  732. struct km_AesXtsCtx * ctx = NULL;
  733. struct skcipher_walk walk;
  734. unsigned int nbytes = 0;
  735. tfm = crypto_skcipher_reqtfm(req);
  736. ctx = crypto_skcipher_ctx(tfm);
  737. if (req->cryptlen < WC_AES_BLOCK_SIZE)
  738. return -EINVAL;
  739. err = skcipher_walk_virt(&walk, req, false);
  740. if (unlikely(err)) {
  741. pr_err("%s: skcipher_walk_virt failed: %d\n",
  742. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  743. return err;
  744. }
  745. if (walk.nbytes == walk.total) {
  746. err = wc_AesXtsEncrypt(ctx->aesXts, walk.dst.virt.addr,
  747. walk.src.virt.addr, walk.nbytes, walk.iv, walk.ivsize);
  748. if (unlikely(err)) {
  749. pr_err("%s: wc_AesXtsEncrypt failed: %d\n",
  750. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  751. return -EINVAL;
  752. }
  753. err = skcipher_walk_done(&walk, 0);
  754. } else {
  755. int tail = req->cryptlen % WC_AES_BLOCK_SIZE;
  756. struct skcipher_request subreq;
  757. struct XtsAesStreamData stream;
  758. if (tail > 0) {
  759. int blocks = DIV_ROUND_UP(req->cryptlen, WC_AES_BLOCK_SIZE) - 2;
  760. skcipher_walk_abort(&walk);
  761. skcipher_request_set_tfm(&subreq, tfm);
  762. skcipher_request_set_callback(&subreq,
  763. skcipher_request_flags(req),
  764. NULL, NULL);
  765. skcipher_request_set_crypt(&subreq, req->src, req->dst,
  766. blocks * WC_AES_BLOCK_SIZE, req->iv);
  767. req = &subreq;
  768. err = skcipher_walk_virt(&walk, req, false);
  769. if (!walk.nbytes)
  770. return err ? : -EINVAL;
  771. } else {
  772. tail = 0;
  773. }
  774. err = wc_AesXtsEncryptInit(ctx->aesXts, walk.iv, walk.ivsize, &stream);
  775. if (unlikely(err)) {
  776. pr_err("%s: wc_AesXtsEncryptInit failed: %d\n",
  777. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  778. return -EINVAL;
  779. }
  780. while ((nbytes = walk.nbytes) != 0) {
  781. /* if this isn't the final call, pass block-aligned data to prevent
  782. * end-of-message ciphertext stealing.
  783. */
  784. if (nbytes < walk.total)
  785. nbytes &= ~(WC_AES_BLOCK_SIZE - 1);
  786. if (nbytes & ((unsigned int)WC_AES_BLOCK_SIZE - 1U))
  787. err = wc_AesXtsEncryptFinal(ctx->aesXts, walk.dst.virt.addr,
  788. walk.src.virt.addr, nbytes,
  789. &stream);
  790. else
  791. err = wc_AesXtsEncryptUpdate(ctx->aesXts, walk.dst.virt.addr,
  792. walk.src.virt.addr, nbytes,
  793. &stream);
  794. if (unlikely(err)) {
  795. pr_err("%s: wc_AesXtsEncryptUpdate failed: %d\n",
  796. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  797. return -EINVAL;
  798. }
  799. err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
  800. if (unlikely(err)) {
  801. pr_err("%s: skcipher_walk_done failed: %d\n",
  802. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  803. return err;
  804. }
  805. }
  806. if (unlikely(tail > 0)) {
  807. struct scatterlist sg_src[2], sg_dst[2];
  808. struct scatterlist *src, *dst;
  809. dst = src = scatterwalk_ffwd(sg_src, req->src, req->cryptlen);
  810. if (req->dst != req->src)
  811. dst = scatterwalk_ffwd(sg_dst, req->dst, req->cryptlen);
  812. skcipher_request_set_crypt(req, src, dst, WC_AES_BLOCK_SIZE + tail,
  813. req->iv);
  814. err = skcipher_walk_virt(&walk, &subreq, false);
  815. if (err)
  816. return err;
  817. err = wc_AesXtsEncryptFinal(ctx->aesXts, walk.dst.virt.addr,
  818. walk.src.virt.addr, walk.nbytes,
  819. &stream);
  820. if (unlikely(err)) {
  821. pr_err("%s: wc_AesXtsEncryptFinal failed: %d\n",
  822. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  823. return -EINVAL;
  824. }
  825. err = skcipher_walk_done(&walk, 0);
  826. } else if (! (stream.bytes_crypted_with_this_tweak & ((word32)WC_AES_BLOCK_SIZE - 1U))) {
  827. err = wc_AesXtsEncryptFinal(ctx->aesXts, NULL, NULL, 0, &stream);
  828. }
  829. }
  830. return err;
  831. }
  832. static int km_AesXtsDecrypt(struct skcipher_request *req)
  833. {
  834. int err = 0;
  835. struct crypto_skcipher * tfm = NULL;
  836. struct km_AesXtsCtx * ctx = NULL;
  837. struct skcipher_walk walk;
  838. unsigned int nbytes = 0;
  839. tfm = crypto_skcipher_reqtfm(req);
  840. ctx = crypto_skcipher_ctx(tfm);
  841. if (req->cryptlen < WC_AES_BLOCK_SIZE)
  842. return -EINVAL;
  843. err = skcipher_walk_virt(&walk, req, false);
  844. if (unlikely(err)) {
  845. pr_err("%s: skcipher_walk_virt failed: %d\n",
  846. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  847. return err;
  848. }
  849. if (walk.nbytes == walk.total) {
  850. err = wc_AesXtsDecrypt(ctx->aesXts,
  851. walk.dst.virt.addr, walk.src.virt.addr,
  852. walk.nbytes, walk.iv, walk.ivsize);
  853. if (unlikely(err)) {
  854. pr_err("%s: wc_AesXtsDecrypt failed: %d\n",
  855. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  856. return -EINVAL;
  857. }
  858. err = skcipher_walk_done(&walk, 0);
  859. } else {
  860. int tail = req->cryptlen % WC_AES_BLOCK_SIZE;
  861. struct skcipher_request subreq;
  862. struct XtsAesStreamData stream;
  863. if (unlikely(tail > 0)) {
  864. int blocks = DIV_ROUND_UP(req->cryptlen, WC_AES_BLOCK_SIZE) - 2;
  865. skcipher_walk_abort(&walk);
  866. skcipher_request_set_tfm(&subreq, tfm);
  867. skcipher_request_set_callback(&subreq,
  868. skcipher_request_flags(req),
  869. NULL, NULL);
  870. skcipher_request_set_crypt(&subreq, req->src, req->dst,
  871. blocks * WC_AES_BLOCK_SIZE, req->iv);
  872. req = &subreq;
  873. err = skcipher_walk_virt(&walk, req, false);
  874. if (!walk.nbytes)
  875. return err ? : -EINVAL;
  876. } else {
  877. tail = 0;
  878. }
  879. err = wc_AesXtsDecryptInit(ctx->aesXts, walk.iv, walk.ivsize, &stream);
  880. if (unlikely(err)) {
  881. pr_err("%s: wc_AesXtsDecryptInit failed: %d\n",
  882. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  883. return -EINVAL;
  884. }
  885. while ((nbytes = walk.nbytes) != 0) {
  886. /* if this isn't the final call, pass block-aligned data to prevent
  887. * end-of-message ciphertext stealing.
  888. */
  889. if (nbytes < walk.total)
  890. nbytes &= ~(WC_AES_BLOCK_SIZE - 1);
  891. if (nbytes & ((unsigned int)WC_AES_BLOCK_SIZE - 1U))
  892. err = wc_AesXtsDecryptFinal(ctx->aesXts, walk.dst.virt.addr,
  893. walk.src.virt.addr, nbytes,
  894. &stream);
  895. else
  896. err = wc_AesXtsDecryptUpdate(ctx->aesXts, walk.dst.virt.addr,
  897. walk.src.virt.addr, nbytes,
  898. &stream);
  899. if (unlikely(err)) {
  900. pr_err("%s: wc_AesXtsDecryptUpdate failed: %d\n",
  901. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  902. return -EINVAL;
  903. }
  904. err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
  905. if (unlikely(err)) {
  906. pr_err("%s: skcipher_walk_done failed: %d\n",
  907. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  908. return err;
  909. }
  910. }
  911. if (unlikely(tail > 0)) {
  912. struct scatterlist sg_src[2], sg_dst[2];
  913. struct scatterlist *src, *dst;
  914. dst = src = scatterwalk_ffwd(sg_src, req->src, req->cryptlen);
  915. if (req->dst != req->src)
  916. dst = scatterwalk_ffwd(sg_dst, req->dst, req->cryptlen);
  917. skcipher_request_set_crypt(req, src, dst, WC_AES_BLOCK_SIZE + tail,
  918. req->iv);
  919. err = skcipher_walk_virt(&walk, &subreq, false);
  920. if (err)
  921. return err;
  922. err = wc_AesXtsDecryptFinal(ctx->aesXts, walk.dst.virt.addr,
  923. walk.src.virt.addr, walk.nbytes,
  924. &stream);
  925. if (unlikely(err)) {
  926. pr_err("%s: wc_AesXtsDecryptFinal failed: %d\n",
  927. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
  928. return -EINVAL;
  929. }
  930. err = skcipher_walk_done(&walk, 0);
  931. } else if (! (stream.bytes_crypted_with_this_tweak & ((word32)WC_AES_BLOCK_SIZE - 1U))) {
  932. err = wc_AesXtsDecryptFinal(ctx->aesXts, NULL, NULL, 0, &stream);
  933. }
  934. }
  935. return err;
  936. }
  937. static struct skcipher_alg xtsAesAlg = {
  938. .base.cra_name = WOLFKM_AESXTS_NAME,
  939. .base.cra_driver_name = WOLFKM_AESXTS_DRIVER,
  940. .base.cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY,
  941. .base.cra_blocksize = WC_AES_BLOCK_SIZE,
  942. .base.cra_ctxsize = sizeof(struct km_AesXtsCtx),
  943. .base.cra_module = THIS_MODULE,
  944. .min_keysize = 2 * AES_128_KEY_SIZE,
  945. .max_keysize = 2 * AES_256_KEY_SIZE,
  946. .ivsize = WC_AES_BLOCK_SIZE,
  947. .walksize = 2 * WC_AES_BLOCK_SIZE,
  948. .init = km_AesXtsInit,
  949. .exit = km_AesXtsExit,
  950. .setkey = km_AesXtsSetKey,
  951. .encrypt = km_AesXtsEncrypt,
  952. .decrypt = km_AesXtsDecrypt
  953. };
  954. static int xtsAesAlg_loaded = 0;
  955. #endif /* WOLFSSL_AES_XTS &&
  956. * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESXTS)
  957. */
  958. /* cipher tests, cribbed from test.c, with supplementary LKCAPI tests: */
  959. #if defined(HAVE_AES_CBC) && \
  960. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  961. defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
  962. static int linuxkm_test_aescbc(void)
  963. {
  964. int ret = 0;
  965. struct crypto_skcipher * tfm = NULL;
  966. struct skcipher_request * req = NULL;
  967. struct scatterlist src, dst;
  968. Aes *aes;
  969. int aes_inited = 0;
  970. static const byte key32[] =
  971. {
  972. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  973. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  974. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  975. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  976. };
  977. static const byte p_vector[] =
  978. /* Now is the time for all good men w/o trailing 0 */
  979. {
  980. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  981. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  982. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20,
  983. 0x67,0x6f,0x6f,0x64,0x20,0x6d,0x65,0x6e
  984. };
  985. static const byte iv[] = "1234567890abcdef";
  986. static const byte c_vector[] =
  987. {
  988. 0xd7,0xd6,0x04,0x5b,0x4d,0xc4,0x90,0xdf,
  989. 0x4a,0x82,0xed,0x61,0x26,0x4e,0x23,0xb3,
  990. 0xe4,0xb5,0x85,0x30,0x29,0x4c,0x9d,0xcf,
  991. 0x73,0xc9,0x46,0xd1,0xaa,0xc8,0xcb,0x62
  992. };
  993. byte iv_copy[sizeof(iv)];
  994. byte enc[sizeof(p_vector)];
  995. byte dec[sizeof(p_vector)];
  996. u8 * enc2 = NULL;
  997. u8 * dec2 = NULL;
  998. aes = (Aes *)malloc(sizeof(*aes));
  999. if (aes == NULL)
  1000. return -ENOMEM;
  1001. XMEMSET(enc, 0, sizeof(enc));
  1002. XMEMSET(dec, 0, sizeof(enc));
  1003. ret = wc_AesInit(aes, NULL, INVALID_DEVID);
  1004. if (ret) {
  1005. pr_err("wolfcrypt wc_AesInit failed with return code %d.\n", ret);
  1006. goto test_cbc_end;
  1007. }
  1008. aes_inited = 1;
  1009. ret = wc_AesSetKey(aes, key32, WC_AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
  1010. if (ret) {
  1011. pr_err("wolfcrypt wc_AesSetKey failed with return code %d\n", ret);
  1012. goto test_cbc_end;
  1013. }
  1014. ret = wc_AesCbcEncrypt(aes, enc, p_vector, sizeof(p_vector));
  1015. if (ret) {
  1016. pr_err("wolfcrypt wc_AesCbcEncrypt failed with return code %d\n", ret);
  1017. goto test_cbc_end;
  1018. }
  1019. if (XMEMCMP(enc, c_vector, sizeof(c_vector)) != 0) {
  1020. pr_err("wolfcrypt wc_AesCbcEncrypt KAT mismatch\n");
  1021. return LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1022. }
  1023. /* Re init for decrypt and set flag. */
  1024. wc_AesFree(aes);
  1025. aes_inited = 0;
  1026. ret = wc_AesInit(aes, NULL, INVALID_DEVID);
  1027. if (ret) {
  1028. pr_err("wolfcrypt wc_AesInit failed with return code %d.\n", ret);
  1029. goto test_cbc_end;
  1030. }
  1031. aes_inited = 1;
  1032. ret = wc_AesSetKey(aes, key32, WC_AES_BLOCK_SIZE * 2, iv, AES_DECRYPTION);
  1033. if (ret) {
  1034. pr_err("wolfcrypt wc_AesSetKey failed with return code %d.\n", ret);
  1035. goto test_cbc_end;
  1036. }
  1037. ret = wc_AesCbcDecrypt(aes, dec, enc, sizeof(p_vector));
  1038. if (ret) {
  1039. pr_err("wolfcrypt wc_AesCbcDecrypt failed with return code %d\n", ret);
  1040. goto test_cbc_end;
  1041. }
  1042. ret = XMEMCMP(p_vector, dec, sizeof(p_vector));
  1043. if (ret) {
  1044. pr_err("error: p_vector and dec do not match: %d\n", ret);
  1045. goto test_cbc_end;
  1046. }
  1047. /* now the kernel crypto part */
  1048. enc2 = malloc(sizeof(p_vector));
  1049. if (!enc2) {
  1050. pr_err("error: malloc failed\n");
  1051. goto test_cbc_end;
  1052. }
  1053. dec2 = malloc(sizeof(p_vector));
  1054. if (!dec2) {
  1055. pr_err("error: malloc failed\n");
  1056. goto test_cbc_end;
  1057. }
  1058. memcpy(dec2, p_vector, sizeof(p_vector));
  1059. tfm = crypto_alloc_skcipher(WOLFKM_AESCBC_NAME, 0, 0);
  1060. if (IS_ERR(tfm)) {
  1061. pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n",
  1062. WOLFKM_AESCBC_DRIVER, PTR_ERR(tfm));
  1063. goto test_cbc_end;
  1064. }
  1065. #ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
  1066. {
  1067. const char *driver_name =
  1068. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
  1069. if (strcmp(driver_name, WOLFKM_AESCBC_DRIVER)) {
  1070. pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
  1071. WOLFKM_AESCBC_NAME, driver_name, WOLFKM_AESCBC_DRIVER);
  1072. ret = -ENOENT;
  1073. goto test_cbc_end;
  1074. }
  1075. }
  1076. #endif
  1077. ret = crypto_skcipher_setkey(tfm, key32, WC_AES_BLOCK_SIZE * 2);
  1078. if (ret) {
  1079. pr_err("error: crypto_skcipher_setkey returned: %d\n", ret);
  1080. goto test_cbc_end;
  1081. }
  1082. req = skcipher_request_alloc(tfm, GFP_KERNEL);
  1083. if (IS_ERR(req)) {
  1084. pr_err("error: allocating AES skcipher request %s failed\n",
  1085. WOLFKM_AESCBC_DRIVER);
  1086. goto test_cbc_end;
  1087. }
  1088. sg_init_one(&src, dec2, sizeof(p_vector));
  1089. sg_init_one(&dst, enc2, sizeof(p_vector));
  1090. XMEMCPY(iv_copy, iv, sizeof(iv));
  1091. skcipher_request_set_crypt(req, &src, &dst, sizeof(p_vector), iv_copy);
  1092. ret = crypto_skcipher_encrypt(req);
  1093. if (ret) {
  1094. pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
  1095. goto test_cbc_end;
  1096. }
  1097. ret = XMEMCMP(enc, enc2, sizeof(p_vector));
  1098. if (ret) {
  1099. pr_err("error: enc and enc2 do not match: %d\n", ret);
  1100. goto test_cbc_end;
  1101. }
  1102. memset(dec2, 0, sizeof(p_vector));
  1103. sg_init_one(&src, enc2, sizeof(p_vector));
  1104. sg_init_one(&dst, dec2, sizeof(p_vector));
  1105. XMEMCPY(iv_copy, iv, sizeof(iv));
  1106. skcipher_request_set_crypt(req, &src, &dst, sizeof(p_vector), iv_copy);
  1107. ret = crypto_skcipher_decrypt(req);
  1108. if (ret) {
  1109. pr_err("ERROR: crypto_skcipher_decrypt returned %d\n", ret);
  1110. goto test_cbc_end;
  1111. }
  1112. ret = XMEMCMP(dec, dec2, sizeof(p_vector));
  1113. if (ret) {
  1114. pr_err("error: dec and dec2 do not match: %d\n", ret);
  1115. goto test_cbc_end;
  1116. }
  1117. test_cbc_end:
  1118. if (enc2) { free(enc2); }
  1119. if (dec2) { free(dec2); }
  1120. if (req) { skcipher_request_free(req); }
  1121. if (tfm) { crypto_free_skcipher(tfm); }
  1122. if (aes_inited)
  1123. wc_AesFree(aes);
  1124. free(aes);
  1125. return ret;
  1126. }
  1127. #endif /* HAVE_AES_CBC &&
  1128. * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCBC)
  1129. */
  1130. #if defined(WOLFSSL_AES_CFB) && \
  1131. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  1132. defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
  1133. static int linuxkm_test_aescfb(void)
  1134. {
  1135. int ret = 0;
  1136. struct crypto_skcipher * tfm = NULL;
  1137. struct skcipher_request * req = NULL;
  1138. struct scatterlist src, dst;
  1139. Aes *aes;
  1140. int aes_inited = 0;
  1141. static const byte key32[] =
  1142. {
  1143. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  1144. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  1145. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  1146. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  1147. };
  1148. static const byte p_vector[] =
  1149. /* Now is the time for all good men w/o trailing 0 */
  1150. {
  1151. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  1152. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  1153. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20,
  1154. 0x67,0x6f,0x6f,0x64,0x20,0x6d,0x65,0x6e
  1155. };
  1156. static const byte iv[] = "1234567890abcdef";
  1157. static const byte c_vector[] =
  1158. {
  1159. 0x56,0x35,0x3f,0xdd,0xde,0xa6,0x15,0x87,
  1160. 0x57,0xdc,0x34,0x62,0x9a,0x68,0x96,0x51,
  1161. 0xc7,0x09,0xb9,0x4e,0x47,0x6b,0x24,0x72,
  1162. 0x19,0x5a,0xdf,0x7e,0xba,0xa8,0x01,0xb6
  1163. };
  1164. byte iv_copy[sizeof(iv)];
  1165. byte enc[sizeof(p_vector)];
  1166. byte dec[sizeof(p_vector)];
  1167. u8 * enc2 = NULL;
  1168. u8 * dec2 = NULL;
  1169. aes = (Aes *)malloc(sizeof(*aes));
  1170. if (aes == NULL)
  1171. return -ENOMEM;
  1172. XMEMSET(enc, 0, sizeof(enc));
  1173. XMEMSET(dec, 0, sizeof(enc));
  1174. ret = wc_AesInit(aes, NULL, INVALID_DEVID);
  1175. if (ret) {
  1176. pr_err("wolfcrypt wc_AesInit failed with return code %d.\n", ret);
  1177. goto test_cfb_end;
  1178. }
  1179. aes_inited = 1;
  1180. ret = wc_AesSetKey(aes, key32, WC_AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
  1181. if (ret) {
  1182. pr_err("wolfcrypt wc_AesSetKey failed with return code %d\n", ret);
  1183. goto test_cfb_end;
  1184. }
  1185. ret = wc_AesCfbEncrypt(aes, enc, p_vector, sizeof(p_vector));
  1186. if (ret) {
  1187. pr_err("wolfcrypt wc_AesCfbEncrypt failed with return code %d\n", ret);
  1188. goto test_cfb_end;
  1189. }
  1190. if (XMEMCMP(enc, c_vector, sizeof(c_vector)) != 0) {
  1191. pr_err("wolfcrypt wc_AesCfbEncrypt KAT mismatch\n");
  1192. return LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1193. }
  1194. /* Re init for decrypt and set flag. */
  1195. wc_AesFree(aes);
  1196. aes_inited = 0;
  1197. ret = wc_AesInit(aes, NULL, INVALID_DEVID);
  1198. if (ret) {
  1199. pr_err("wolfcrypt wc_AesInit failed with return code %d.\n", ret);
  1200. goto test_cfb_end;
  1201. }
  1202. aes_inited = 1;
  1203. ret = wc_AesSetKey(aes, key32, WC_AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
  1204. if (ret) {
  1205. pr_err("wolfcrypt wc_AesSetKey failed with return code %d.\n", ret);
  1206. goto test_cfb_end;
  1207. }
  1208. ret = wc_AesCfbDecrypt(aes, dec, enc, sizeof(p_vector));
  1209. if (ret) {
  1210. pr_err("wolfcrypt wc_AesCfbDecrypt failed with return code %d\n", ret);
  1211. goto test_cfb_end;
  1212. }
  1213. ret = XMEMCMP(p_vector, dec, sizeof(p_vector));
  1214. if (ret) {
  1215. pr_err("error: p_vector and dec do not match: %d\n", ret);
  1216. goto test_cfb_end;
  1217. }
  1218. /* now the kernel crypto part */
  1219. enc2 = malloc(sizeof(p_vector));
  1220. if (!enc2) {
  1221. pr_err("error: malloc failed\n");
  1222. goto test_cfb_end;
  1223. }
  1224. dec2 = malloc(sizeof(p_vector));
  1225. if (!dec2) {
  1226. pr_err("error: malloc failed\n");
  1227. goto test_cfb_end;
  1228. }
  1229. memcpy(dec2, p_vector, sizeof(p_vector));
  1230. tfm = crypto_alloc_skcipher(WOLFKM_AESCFB_NAME, 0, 0);
  1231. if (IS_ERR(tfm)) {
  1232. pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n",
  1233. WOLFKM_AESCFB_DRIVER, PTR_ERR(tfm));
  1234. goto test_cfb_end;
  1235. }
  1236. #ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
  1237. {
  1238. const char *driver_name =
  1239. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
  1240. if (strcmp(driver_name, WOLFKM_AESCFB_DRIVER)) {
  1241. pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
  1242. WOLFKM_AESCFB_NAME, driver_name, WOLFKM_AESCFB_DRIVER);
  1243. ret = -ENOENT;
  1244. goto test_cfb_end;
  1245. }
  1246. }
  1247. #endif
  1248. ret = crypto_skcipher_setkey(tfm, key32, WC_AES_BLOCK_SIZE * 2);
  1249. if (ret) {
  1250. pr_err("error: crypto_skcipher_setkey returned: %d\n", ret);
  1251. goto test_cfb_end;
  1252. }
  1253. req = skcipher_request_alloc(tfm, GFP_KERNEL);
  1254. if (IS_ERR(req)) {
  1255. pr_err("error: allocating AES skcipher request %s failed\n",
  1256. WOLFKM_AESCFB_DRIVER);
  1257. goto test_cfb_end;
  1258. }
  1259. sg_init_one(&src, dec2, sizeof(p_vector));
  1260. sg_init_one(&dst, enc2, sizeof(p_vector));
  1261. XMEMCPY(iv_copy, iv, sizeof(iv));
  1262. skcipher_request_set_crypt(req, &src, &dst, sizeof(p_vector), iv_copy);
  1263. ret = crypto_skcipher_encrypt(req);
  1264. if (ret) {
  1265. pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
  1266. goto test_cfb_end;
  1267. }
  1268. ret = XMEMCMP(enc, enc2, sizeof(p_vector));
  1269. if (ret) {
  1270. pr_err("error: enc and enc2 do not match: %d\n", ret);
  1271. goto test_cfb_end;
  1272. }
  1273. memset(dec2, 0, sizeof(p_vector));
  1274. sg_init_one(&src, enc2, sizeof(p_vector));
  1275. sg_init_one(&dst, dec2, sizeof(p_vector));
  1276. XMEMCPY(iv_copy, iv, sizeof(iv));
  1277. skcipher_request_set_crypt(req, &src, &dst, sizeof(p_vector), iv_copy);
  1278. ret = crypto_skcipher_decrypt(req);
  1279. if (ret) {
  1280. pr_err("error: crypto_skcipher_decrypt returned: %d\n", ret);
  1281. goto test_cfb_end;
  1282. }
  1283. ret = XMEMCMP(dec, dec2, sizeof(p_vector));
  1284. if (ret) {
  1285. pr_err("error: dec and dec2 do not match: %d\n", ret);
  1286. goto test_cfb_end;
  1287. }
  1288. test_cfb_end:
  1289. if (enc2) { free(enc2); }
  1290. if (dec2) { free(dec2); }
  1291. if (req) { skcipher_request_free(req); }
  1292. if (tfm) { crypto_free_skcipher(tfm); }
  1293. if (aes_inited)
  1294. wc_AesFree(aes);
  1295. free(aes);
  1296. return ret;
  1297. }
  1298. #endif /* WOLFSSL_AES_CFB &&
  1299. * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESCFB)
  1300. */
  1301. #if defined(HAVE_AESGCM) && \
  1302. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  1303. defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
  1304. static int linuxkm_test_aesgcm(void)
  1305. {
  1306. int ret = 0;
  1307. struct crypto_aead * tfm = NULL;
  1308. struct aead_request * req = NULL;
  1309. struct scatterlist * src = NULL;
  1310. struct scatterlist * dst = NULL;
  1311. Aes *aes;
  1312. int aes_inited = 0;
  1313. static const byte key32[] =
  1314. {
  1315. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  1316. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  1317. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  1318. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  1319. };
  1320. static const byte p_vector[] =
  1321. /* Now is the time for all w/o trailing 0 */
  1322. {
  1323. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  1324. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  1325. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  1326. };
  1327. static const byte assoc[] =
  1328. {
  1329. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  1330. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  1331. 0xab, 0xad, 0xda, 0xd2
  1332. };
  1333. static const byte ivstr[] = "1234567890abcdef";
  1334. static const byte c_vector[] =
  1335. {
  1336. 0x0c,0x97,0x05,0x3c,0xef,0x5c,0x63,0x6b,
  1337. 0x15,0xe4,0x00,0x63,0xf8,0x8c,0xd0,0x95,
  1338. 0x27,0x81,0x90,0x9c,0x9f,0xe6,0x98,0xe9
  1339. };
  1340. static const byte KAT_authTag[] =
  1341. {
  1342. 0xc9,0xd5,0x7a,0x77,0xac,0x28,0xc2,0xe7,
  1343. 0xe4,0x28,0x90,0xaa,0x09,0xab,0xf9,0x7c
  1344. };
  1345. byte enc[sizeof(p_vector)];
  1346. byte authTag[WC_AES_BLOCK_SIZE];
  1347. byte dec[sizeof(p_vector)];
  1348. u8 * assoc2 = NULL;
  1349. u8 * enc2 = NULL;
  1350. u8 * dec2 = NULL;
  1351. u8 * iv = NULL;
  1352. size_t encryptLen = sizeof(p_vector);
  1353. size_t decryptLen = sizeof(p_vector) + sizeof(authTag);
  1354. /* Init stack variables. */
  1355. XMEMSET(enc, 0, sizeof(p_vector));
  1356. XMEMSET(dec, 0, sizeof(p_vector));
  1357. XMEMSET(authTag, 0, WC_AES_BLOCK_SIZE);
  1358. aes = (Aes *)malloc(sizeof(*aes));
  1359. if (aes == NULL)
  1360. return -ENOMEM;
  1361. ret = wc_AesInit(aes, NULL, INVALID_DEVID);
  1362. if (ret) {
  1363. pr_err("error: wc_AesInit failed with return code %d.\n", ret);
  1364. goto test_gcm_end;
  1365. }
  1366. aes_inited = 1;
  1367. ret = wc_AesGcmInit(aes, key32, sizeof(key32)/sizeof(byte), ivstr,
  1368. WC_AES_BLOCK_SIZE);
  1369. if (ret) {
  1370. pr_err("error: wc_AesGcmInit failed with return code %d.\n", ret);
  1371. goto test_gcm_end;
  1372. }
  1373. ret = wc_AesGcmEncryptUpdate(aes, NULL, NULL, 0, assoc, sizeof(assoc));
  1374. if (ret) {
  1375. pr_err("error: wc_AesGcmEncryptUpdate failed with return code %d\n",
  1376. ret);
  1377. goto test_gcm_end;
  1378. }
  1379. ret = wc_AesGcmEncryptUpdate(aes, enc, p_vector, sizeof(p_vector), NULL, 0);
  1380. if (ret) {
  1381. pr_err("error: wc_AesGcmEncryptUpdate failed with return code %d\n",
  1382. ret);
  1383. goto test_gcm_end;
  1384. }
  1385. if (XMEMCMP(enc, c_vector, sizeof(c_vector)) != 0) {
  1386. pr_err("wolfcrypt AES-GCM KAT mismatch on ciphertext\n");
  1387. ret = LINUXKM_LKCAPI_AESGCM_KAT_MISMATCH_E;
  1388. goto test_gcm_end;
  1389. }
  1390. ret = wc_AesGcmEncryptFinal(aes, authTag, WC_AES_BLOCK_SIZE);
  1391. if (ret) {
  1392. pr_err("error: wc_AesGcmEncryptFinal failed with return code %d\n",
  1393. ret);
  1394. goto test_gcm_end;
  1395. }
  1396. if (XMEMCMP(authTag, KAT_authTag, sizeof(KAT_authTag)) != 0) {
  1397. pr_err("wolfcrypt AES-GCM KAT mismatch on authTag\n");
  1398. ret = LINUXKM_LKCAPI_AESGCM_KAT_MISMATCH_E;
  1399. goto test_gcm_end;
  1400. }
  1401. ret = wc_AesGcmInit(aes, key32, sizeof(key32)/sizeof(byte), ivstr,
  1402. WC_AES_BLOCK_SIZE);
  1403. if (ret) {
  1404. pr_err("error: wc_AesGcmInit failed with return code %d.\n", ret);
  1405. goto test_gcm_end;
  1406. }
  1407. ret = wc_AesGcmDecryptUpdate(aes, dec, enc, sizeof(p_vector),
  1408. assoc, sizeof(assoc));
  1409. if (ret) {
  1410. pr_err("error: wc_AesGcmDecryptUpdate failed with return code %d\n",
  1411. ret);
  1412. goto test_gcm_end;
  1413. }
  1414. ret = wc_AesGcmDecryptFinal(aes, authTag, WC_AES_BLOCK_SIZE);
  1415. if (ret) {
  1416. pr_err("error: wc_AesGcmEncryptFinal failed with return code %d\n",
  1417. ret);
  1418. goto test_gcm_end;
  1419. }
  1420. ret = XMEMCMP(p_vector, dec, sizeof(p_vector));
  1421. if (ret) {
  1422. pr_err("error: gcm: p_vector and dec do not match: %d\n", ret);
  1423. goto test_gcm_end;
  1424. }
  1425. /* now the kernel crypto part */
  1426. assoc2 = malloc(sizeof(assoc));
  1427. if (IS_ERR(assoc2)) {
  1428. pr_err("error: malloc failed\n");
  1429. goto test_gcm_end;
  1430. }
  1431. memset(assoc2, 0, sizeof(assoc));
  1432. memcpy(assoc2, assoc, sizeof(assoc));
  1433. iv = malloc(WC_AES_BLOCK_SIZE);
  1434. if (IS_ERR(iv)) {
  1435. pr_err("error: malloc failed\n");
  1436. goto test_gcm_end;
  1437. }
  1438. memset(iv, 0, WC_AES_BLOCK_SIZE);
  1439. memcpy(iv, ivstr, WC_AES_BLOCK_SIZE);
  1440. enc2 = malloc(decryptLen);
  1441. if (IS_ERR(enc2)) {
  1442. pr_err("error: malloc failed\n");
  1443. goto test_gcm_end;
  1444. }
  1445. dec2 = malloc(decryptLen);
  1446. if (IS_ERR(dec2)) {
  1447. pr_err("error: malloc failed\n");
  1448. goto test_gcm_end;
  1449. }
  1450. memset(enc2, 0, decryptLen);
  1451. memset(dec2, 0, decryptLen);
  1452. memcpy(dec2, p_vector, sizeof(p_vector));
  1453. tfm = crypto_alloc_aead(WOLFKM_AESGCM_NAME, 0, 0);
  1454. if (IS_ERR(tfm)) {
  1455. pr_err("error: allocating AES skcipher algorithm %s failed: %ld\n",
  1456. WOLFKM_AESGCM_DRIVER, PTR_ERR(tfm));
  1457. goto test_gcm_end;
  1458. }
  1459. #ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
  1460. {
  1461. const char *driver_name = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
  1462. if (strcmp(driver_name, WOLFKM_AESGCM_DRIVER)) {
  1463. pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
  1464. WOLFKM_AESGCM_NAME, driver_name, WOLFKM_AESGCM_DRIVER);
  1465. ret = -ENOENT;
  1466. goto test_gcm_end;
  1467. }
  1468. }
  1469. #endif
  1470. ret = crypto_aead_setkey(tfm, key32, WC_AES_BLOCK_SIZE * 2);
  1471. if (ret) {
  1472. pr_err("error: crypto_aead_setkey returned: %d\n", ret);
  1473. goto test_gcm_end;
  1474. }
  1475. ret = crypto_aead_setauthsize(tfm, sizeof(authTag));
  1476. if (ret) {
  1477. pr_err("error: crypto_aead_setauthsize returned: %d\n", ret);
  1478. goto test_gcm_end;
  1479. }
  1480. req = aead_request_alloc(tfm, GFP_KERNEL);
  1481. if (IS_ERR(req)) {
  1482. pr_err("error: allocating AES aead request %s failed: %ld\n",
  1483. WOLFKM_AESCBC_DRIVER, PTR_ERR(req));
  1484. goto test_gcm_end;
  1485. }
  1486. src = malloc(sizeof(struct scatterlist) * 2);
  1487. dst = malloc(sizeof(struct scatterlist) * 2);
  1488. if (IS_ERR(src) || IS_ERR(dst)) {
  1489. pr_err("error: malloc src or dst failed: %ld, %ld\n",
  1490. PTR_ERR(src), PTR_ERR(dst));
  1491. goto test_gcm_end;
  1492. }
  1493. sg_init_table(src, 2);
  1494. sg_set_buf(src, assoc2, sizeof(assoc));
  1495. sg_set_buf(&src[1], dec2, sizeof(p_vector));
  1496. sg_init_table(dst, 2);
  1497. sg_set_buf(dst, assoc2, sizeof(assoc));
  1498. sg_set_buf(&dst[1], enc2, decryptLen);
  1499. aead_request_set_callback(req, 0, NULL, NULL);
  1500. aead_request_set_ad(req, sizeof(assoc));
  1501. aead_request_set_crypt(req, src, dst, sizeof(p_vector), iv);
  1502. ret = crypto_aead_encrypt(req);
  1503. if (ret) {
  1504. pr_err("error: crypto_aead_encrypt returned: %d\n", ret);
  1505. goto test_gcm_end;
  1506. }
  1507. ret = XMEMCMP(enc, enc2, sizeof(p_vector));
  1508. if (ret) {
  1509. pr_err("error: enc and enc2 do not match: %d\n", ret);
  1510. goto test_gcm_end;
  1511. }
  1512. ret = XMEMCMP(authTag, enc2 + encryptLen, sizeof(authTag));
  1513. if (ret) {
  1514. pr_err("error: authTags do not match: %d\n", ret);
  1515. goto test_gcm_end;
  1516. }
  1517. /* Now decrypt crypto request. Reverse src and dst. */
  1518. memset(dec2, 0, decryptLen);
  1519. aead_request_set_ad(req, sizeof(assoc));
  1520. aead_request_set_crypt(req, dst, src, decryptLen, iv);
  1521. ret = crypto_aead_decrypt(req);
  1522. if (ret) {
  1523. pr_err("error: crypto_aead_decrypt returned: %d\n", ret);
  1524. goto test_gcm_end;
  1525. }
  1526. ret = XMEMCMP(dec, dec2, sizeof(p_vector));
  1527. if (ret) {
  1528. pr_err("error: dec and dec2 do not match: %d\n", ret);
  1529. goto test_gcm_end;
  1530. }
  1531. test_gcm_end:
  1532. if (req) { aead_request_free(req); req = NULL; }
  1533. if (tfm) { crypto_free_aead(tfm); tfm = NULL; }
  1534. if (src) { free(src); src = NULL; }
  1535. if (dst) { free(dst); dst = NULL; }
  1536. if (dec2) { free(dec2); dec2 = NULL; }
  1537. if (enc2) { free(enc2); enc2 = NULL; }
  1538. if (assoc2) { free(assoc2); assoc2 = NULL; }
  1539. if (iv) { free(iv); iv = NULL; }
  1540. if (aes_inited)
  1541. wc_AesFree(aes);
  1542. free(aes);
  1543. return ret;
  1544. }
  1545. #endif /* HAVE_AESGCM &&
  1546. * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESGCM) &&
  1547. */
  1548. #if defined(WOLFSSL_AES_XTS) && \
  1549. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  1550. defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
  1551. /* test vectors from
  1552. * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html
  1553. */
  1554. #ifdef WOLFSSL_AES_128
  1555. static int aes_xts_128_test(void)
  1556. {
  1557. XtsAes *aes = NULL;
  1558. int aes_inited = 0;
  1559. int ret = 0;
  1560. #define AES_XTS_128_TEST_BUF_SIZ (WC_AES_BLOCK_SIZE * 2 + 8)
  1561. unsigned char *buf = NULL;
  1562. unsigned char *cipher = NULL;
  1563. u8 * enc2 = NULL;
  1564. u8 * dec2 = NULL;
  1565. struct scatterlist * src = NULL;
  1566. struct scatterlist * dst = NULL;
  1567. struct crypto_skcipher *tfm = NULL;
  1568. struct skcipher_request *req = NULL;
  1569. struct XtsAesStreamData stream;
  1570. byte* large_input = NULL;
  1571. /* 128 key tests */
  1572. static const unsigned char k1[] = {
  1573. 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
  1574. 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
  1575. 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
  1576. 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
  1577. };
  1578. static const unsigned char i1[] = {
  1579. 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
  1580. 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
  1581. };
  1582. static const unsigned char p1[] = {
  1583. 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
  1584. 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
  1585. };
  1586. /* plain text test of partial block is not from NIST test vector list */
  1587. static const unsigned char pp[] = {
  1588. 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
  1589. 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
  1590. 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
  1591. };
  1592. static const unsigned char c1[] = {
  1593. 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
  1594. 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
  1595. };
  1596. /* plain text test of partial block is not from NIST test vector list */
  1597. static const unsigned char cp[] = {
  1598. 0x2b, 0xf7, 0x2c, 0xf3, 0xeb, 0x85, 0xef, 0x7b,
  1599. 0x0b, 0x76, 0xa0, 0xaa, 0xf3, 0x3f, 0x25, 0x8b,
  1600. 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a
  1601. };
  1602. static const unsigned char k2[] = {
  1603. 0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
  1604. 0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
  1605. 0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
  1606. 0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
  1607. };
  1608. static const unsigned char i2[] = {
  1609. 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
  1610. 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
  1611. };
  1612. static const unsigned char p2[] = {
  1613. 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
  1614. 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
  1615. 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
  1616. 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
  1617. };
  1618. static const unsigned char c2[] = {
  1619. 0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
  1620. 0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
  1621. 0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
  1622. 0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
  1623. };
  1624. #ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */
  1625. static const unsigned char k3[] = {
  1626. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  1627. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  1628. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  1629. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  1630. };
  1631. static const unsigned char i3[] = {
  1632. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  1633. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  1634. };
  1635. static const unsigned char p3[] = {
  1636. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  1637. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  1638. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  1639. 0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  1640. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
  1641. };
  1642. static const unsigned char c3[] = {
  1643. 0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23,
  1644. 0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12,
  1645. 0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36,
  1646. 0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
  1647. 0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
  1648. };
  1649. #endif /* HAVE_FIPS */
  1650. if ((aes = (XtsAes *)XMALLOC(sizeof(*aes), NULL, DYNAMIC_TYPE_AES))
  1651. == NULL)
  1652. {
  1653. ret = MEMORY_E;
  1654. goto out;
  1655. }
  1656. if ((buf = (unsigned char *)XMALLOC(AES_XTS_128_TEST_BUF_SIZ, NULL,
  1657. DYNAMIC_TYPE_AES)) == NULL)
  1658. {
  1659. ret = MEMORY_E;
  1660. goto out;
  1661. }
  1662. if ((cipher = (unsigned char *)XMALLOC(AES_XTS_128_TEST_BUF_SIZ, NULL,
  1663. DYNAMIC_TYPE_AES)) == NULL)
  1664. {
  1665. ret = MEMORY_E;
  1666. goto out;
  1667. }
  1668. XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
  1669. ret = wc_AesXtsInit(aes, NULL, INVALID_DEVID);
  1670. if (ret != 0)
  1671. goto out;
  1672. else
  1673. aes_inited = 1;
  1674. ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
  1675. if (ret != 0)
  1676. goto out;
  1677. ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
  1678. if (ret != 0)
  1679. goto out;
  1680. if (XMEMCMP(c2, buf, sizeof(c2))) {
  1681. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1682. goto out;
  1683. }
  1684. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
  1685. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
  1686. ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
  1687. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  1688. if (ret != 0)
  1689. goto out;
  1690. if (XMEMCMP(c2, buf, sizeof(c2))) {
  1691. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1692. goto out;
  1693. }
  1694. #endif
  1695. XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
  1696. ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
  1697. if (ret != 0)
  1698. goto out;
  1699. ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream);
  1700. if (ret != 0)
  1701. goto out;
  1702. ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE,
  1703. p2 + WC_AES_BLOCK_SIZE,
  1704. sizeof(p2) - WC_AES_BLOCK_SIZE, &stream);
  1705. if (ret != 0)
  1706. goto out;
  1707. if (XMEMCMP(c2, buf, sizeof(c2))) {
  1708. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1709. goto out;
  1710. }
  1711. XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
  1712. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
  1713. if (ret != 0)
  1714. goto out;
  1715. ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
  1716. if (ret != 0)
  1717. goto out;
  1718. if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE)) {
  1719. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1720. goto out;
  1721. }
  1722. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
  1723. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
  1724. ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
  1725. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  1726. if (ret != 0)
  1727. goto out;
  1728. if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE)) {
  1729. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1730. goto out;
  1731. }
  1732. #endif
  1733. /* partial block encryption test */
  1734. XMEMSET(cipher, 0, AES_XTS_128_TEST_BUF_SIZ);
  1735. ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
  1736. if (ret != 0)
  1737. goto out;
  1738. if (XMEMCMP(cp, cipher, sizeof(cp))) {
  1739. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1740. goto out;
  1741. }
  1742. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
  1743. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
  1744. XMEMSET(cipher, 0, AES_XTS_128_TEST_BUF_SIZ);
  1745. ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
  1746. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  1747. if (ret != 0)
  1748. goto out;
  1749. if (XMEMCMP(cp, cipher, sizeof(cp))) {
  1750. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1751. goto out;
  1752. }
  1753. #endif
  1754. /* partial block decrypt test */
  1755. XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
  1756. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
  1757. if (ret != 0)
  1758. goto out;
  1759. ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
  1760. if (ret != 0)
  1761. goto out;
  1762. if (XMEMCMP(pp, buf, sizeof(pp))) {
  1763. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1764. goto out;
  1765. }
  1766. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
  1767. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
  1768. XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
  1769. ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
  1770. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  1771. if (ret != 0)
  1772. goto out;
  1773. if (XMEMCMP(pp, buf, sizeof(pp))) {
  1774. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1775. goto out;
  1776. }
  1777. #endif
  1778. /* NIST decrypt test vector */
  1779. XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
  1780. ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
  1781. if (ret != 0)
  1782. goto out;
  1783. if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE)) {
  1784. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1785. goto out;
  1786. }
  1787. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK)
  1788. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E));
  1789. XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
  1790. ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
  1791. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  1792. if (ret != 0)
  1793. goto out;
  1794. if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE)) {
  1795. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1796. goto out;
  1797. }
  1798. #endif
  1799. /* fail case with decrypting using wrong key */
  1800. XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
  1801. ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
  1802. if (ret != 0)
  1803. goto out;
  1804. if (XMEMCMP(p2, buf, sizeof(p2)) == 0) { /* fail case with wrong key */
  1805. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1806. goto out;
  1807. }
  1808. /* set correct key and retest */
  1809. XMEMSET(buf, 0, AES_XTS_128_TEST_BUF_SIZ);
  1810. ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
  1811. if (ret != 0)
  1812. goto out;
  1813. ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
  1814. if (ret != 0)
  1815. goto out;
  1816. if (XMEMCMP(p2, buf, sizeof(p2))) {
  1817. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1818. goto out;
  1819. }
  1820. #ifndef HAVE_FIPS
  1821. /* Test ciphertext stealing in-place. */
  1822. XMEMCPY(buf, p3, sizeof(p3));
  1823. ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
  1824. if (ret != 0)
  1825. goto out;
  1826. ret = wc_AesXtsEncrypt(aes, buf, buf, sizeof(p3), i3, sizeof(i3));
  1827. if (ret != 0)
  1828. goto out;
  1829. if (XMEMCMP(c3, buf, sizeof(c3))) {
  1830. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1831. goto out;
  1832. }
  1833. ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION);
  1834. if (ret != 0)
  1835. goto out;
  1836. ret = wc_AesXtsDecrypt(aes, buf, buf, sizeof(c3), i3, sizeof(i3));
  1837. if (ret != 0)
  1838. goto out;
  1839. if (XMEMCMP(p3, buf, sizeof(p3))) {
  1840. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1841. goto out;
  1842. }
  1843. #endif /* HAVE_FIPS */
  1844. {
  1845. #define LARGE_XTS_SZ 1024
  1846. int i;
  1847. int j;
  1848. int k;
  1849. large_input = (byte *)XMALLOC(LARGE_XTS_SZ, NULL,
  1850. DYNAMIC_TYPE_TMP_BUFFER);
  1851. if (large_input == NULL) {
  1852. ret = MEMORY_E;
  1853. goto out;
  1854. }
  1855. for (i = 0; i < (int)LARGE_XTS_SZ; i++)
  1856. large_input[i] = (byte)i;
  1857. /* first, encrypt block by block then decrypt with a one-shot call. */
  1858. for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
  1859. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
  1860. if (ret != 0)
  1861. goto out;
  1862. ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
  1863. if (ret != 0)
  1864. goto out;
  1865. for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
  1866. if ((j - k) < WC_AES_BLOCK_SIZE*2)
  1867. ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
  1868. else
  1869. ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream);
  1870. if (ret != 0)
  1871. goto out;
  1872. if ((j - k) < WC_AES_BLOCK_SIZE*2)
  1873. break;
  1874. }
  1875. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
  1876. if (ret != 0)
  1877. goto out;
  1878. ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1,
  1879. sizeof(i1));
  1880. if (ret != 0)
  1881. goto out;
  1882. for (i = 0; i < j; i++) {
  1883. if (large_input[i] != (byte)i) {
  1884. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1885. goto out;
  1886. }
  1887. }
  1888. }
  1889. /* second, encrypt with a one-shot call then decrypt block by block. */
  1890. for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
  1891. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
  1892. if (ret != 0)
  1893. goto out;
  1894. ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1,
  1895. sizeof(i1));
  1896. if (ret != 0)
  1897. goto out;
  1898. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
  1899. if (ret != 0)
  1900. goto out;
  1901. ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
  1902. if (ret != 0)
  1903. goto out;
  1904. for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
  1905. if ((j - k) < WC_AES_BLOCK_SIZE*2)
  1906. ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
  1907. else
  1908. ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream);
  1909. if (ret != 0)
  1910. goto out;
  1911. if ((j - k) < WC_AES_BLOCK_SIZE*2)
  1912. break;
  1913. }
  1914. for (i = 0; i < j; i++) {
  1915. if (large_input[i] != (byte)i) {
  1916. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  1917. goto out;
  1918. }
  1919. }
  1920. }
  1921. }
  1922. /* now the kernel crypto part */
  1923. enc2 = XMALLOC(sizeof(pp), NULL, DYNAMIC_TYPE_AES);
  1924. if (!enc2) {
  1925. pr_err("error: malloc failed\n");
  1926. ret = -ENOMEM;
  1927. goto test_xts_end;
  1928. }
  1929. dec2 = XMALLOC(sizeof(pp), NULL, DYNAMIC_TYPE_AES);
  1930. if (!dec2) {
  1931. pr_err("error: malloc failed\n");
  1932. ret = -ENOMEM;
  1933. goto test_xts_end;
  1934. }
  1935. src = XMALLOC(sizeof(*src) * 2, NULL, DYNAMIC_TYPE_AES);
  1936. if (! src) {
  1937. pr_err("error: malloc failed\n");
  1938. ret = -ENOMEM;
  1939. goto test_xts_end;
  1940. }
  1941. dst = XMALLOC(sizeof(*dst) * 2, NULL, DYNAMIC_TYPE_AES);
  1942. if (! dst) {
  1943. pr_err("error: malloc failed\n");
  1944. ret = -ENOMEM;
  1945. goto test_xts_end;
  1946. }
  1947. tfm = crypto_alloc_skcipher(WOLFKM_AESXTS_NAME, 0, 0);
  1948. if (IS_ERR(tfm)) {
  1949. ret = PTR_ERR(tfm);
  1950. pr_err("error: allocating AES skcipher algorithm %s failed: %d\n",
  1951. WOLFKM_AESXTS_DRIVER, ret);
  1952. goto test_xts_end;
  1953. }
  1954. #ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
  1955. {
  1956. const char *driver_name =
  1957. crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
  1958. if (strcmp(driver_name, WOLFKM_AESXTS_DRIVER)) {
  1959. pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
  1960. WOLFKM_AESXTS_NAME, driver_name, WOLFKM_AESXTS_DRIVER);
  1961. ret = -ENOENT;
  1962. goto test_xts_end;
  1963. }
  1964. }
  1965. #endif
  1966. ret = crypto_skcipher_ivsize(tfm);
  1967. if (ret != sizeof(stream.tweak_block)) {
  1968. pr_err("error: AES skcipher algorithm %s crypto_skcipher_ivsize()"
  1969. " returned %d but expected %d\n",
  1970. WOLFKM_AESXTS_DRIVER, ret, (int)sizeof(stream.tweak_block));
  1971. ret = -EINVAL;
  1972. goto test_xts_end;
  1973. }
  1974. ret = crypto_skcipher_setkey(tfm, k1, sizeof(k1));
  1975. if (ret) {
  1976. pr_err("error: crypto_skcipher_setkey for %s returned: %d\n",
  1977. WOLFKM_AESXTS_NAME, ret);
  1978. goto test_xts_end;
  1979. }
  1980. req = skcipher_request_alloc(tfm, GFP_KERNEL);
  1981. if (IS_ERR(req)) {
  1982. ret = PTR_ERR(req);
  1983. pr_err("error: allocating AES skcipher request %s failed: %d\n",
  1984. WOLFKM_AESXTS_DRIVER, ret);
  1985. goto test_xts_end;
  1986. }
  1987. memcpy(dec2, p1, sizeof(p1));
  1988. memset(enc2, 0, sizeof(p1));
  1989. sg_init_one(src, dec2, sizeof(p1));
  1990. sg_init_one(dst, enc2, sizeof(p1));
  1991. memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block));
  1992. skcipher_request_set_crypt(req, src, dst, sizeof(p1), stream.tweak_block);
  1993. ret = crypto_skcipher_encrypt(req);
  1994. if (ret) {
  1995. pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
  1996. goto test_xts_end;
  1997. }
  1998. ret = XMEMCMP(c1, enc2, sizeof(c1));
  1999. if (ret) {
  2000. pr_err("error: c1 and enc2 do not match: %d\n", ret);
  2001. ret = -EINVAL;
  2002. goto test_xts_end;
  2003. }
  2004. memset(dec2, 0, sizeof(p1));
  2005. sg_init_one(src, enc2, sizeof(p1));
  2006. sg_init_one(dst, dec2, sizeof(p1));
  2007. memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block));
  2008. skcipher_request_set_crypt(req, src, dst, sizeof(p1), stream.tweak_block);
  2009. ret = crypto_skcipher_decrypt(req);
  2010. if (ret) {
  2011. pr_err("ERROR: crypto_skcipher_decrypt returned %d\n", ret);
  2012. goto test_xts_end;
  2013. }
  2014. ret = XMEMCMP(p1, dec2, sizeof(p1));
  2015. if (ret) {
  2016. pr_err("error: p1 and dec2 do not match: %d\n", ret);
  2017. ret = -EINVAL;
  2018. goto test_xts_end;
  2019. }
  2020. memcpy(dec2, pp, sizeof(pp));
  2021. memset(enc2, 0, sizeof(pp));
  2022. sg_init_one(src, dec2, sizeof(pp));
  2023. sg_init_one(dst, enc2, sizeof(pp));
  2024. memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block));
  2025. skcipher_request_set_crypt(req, src, dst, sizeof(pp), stream.tweak_block);
  2026. ret = crypto_skcipher_encrypt(req);
  2027. if (ret) {
  2028. pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
  2029. goto test_xts_end;
  2030. }
  2031. ret = XMEMCMP(cp, enc2, sizeof(cp));
  2032. if (ret) {
  2033. pr_err("error: cp and enc2 do not match: %d\n", ret);
  2034. ret = -EINVAL;
  2035. goto test_xts_end;
  2036. }
  2037. memset(dec2, 0, sizeof(pp));
  2038. sg_init_one(src, enc2, sizeof(pp));
  2039. sg_init_one(dst, dec2, sizeof(pp));
  2040. memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block));
  2041. skcipher_request_set_crypt(req, src, dst, sizeof(pp), stream.tweak_block);
  2042. ret = crypto_skcipher_decrypt(req);
  2043. if (ret) {
  2044. pr_err("ERROR: crypto_skcipher_decrypt returned %d\n", ret);
  2045. goto test_xts_end;
  2046. }
  2047. ret = XMEMCMP(pp, dec2, sizeof(pp));
  2048. if (ret) {
  2049. pr_err("error: pp and dec2 do not match: %d\n", ret);
  2050. ret = -EINVAL;
  2051. goto test_xts_end;
  2052. }
  2053. test_xts_end:
  2054. XFREE(enc2, NULL, DYNAMIC_TYPE_AES);
  2055. XFREE(dec2, NULL, DYNAMIC_TYPE_AES);
  2056. XFREE(src, NULL, DYNAMIC_TYPE_AES);
  2057. XFREE(dst, NULL, DYNAMIC_TYPE_AES);
  2058. if (req)
  2059. skcipher_request_free(req);
  2060. if (tfm)
  2061. crypto_free_skcipher(tfm);
  2062. out:
  2063. XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  2064. if (aes_inited)
  2065. wc_AesXtsFree(aes);
  2066. XFREE(buf, NULL, DYNAMIC_TYPE_AES);
  2067. XFREE(cipher, NULL, DYNAMIC_TYPE_AES);
  2068. XFREE(aes, NULL, DYNAMIC_TYPE_AES);
  2069. #undef AES_XTS_128_TEST_BUF_SIZ
  2070. return ret;
  2071. }
  2072. #endif /* WOLFSSL_AES_128 */
  2073. #ifdef WOLFSSL_AES_256
  2074. static int aes_xts_256_test(void)
  2075. {
  2076. XtsAes *aes = NULL;
  2077. int aes_inited = 0;
  2078. int ret = 0;
  2079. #define AES_XTS_256_TEST_BUF_SIZ (WC_AES_BLOCK_SIZE * 3)
  2080. unsigned char *buf = NULL;
  2081. unsigned char *cipher = NULL;
  2082. u8 * enc2 = NULL;
  2083. u8 * dec2 = NULL;
  2084. struct scatterlist * src = NULL;
  2085. struct scatterlist * dst = NULL;
  2086. struct crypto_skcipher *tfm = NULL;
  2087. struct skcipher_request *req = NULL;
  2088. struct XtsAesStreamData stream;
  2089. byte* large_input = NULL;
  2090. /* 256 key tests */
  2091. static const unsigned char k1[] = {
  2092. 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
  2093. 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
  2094. 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
  2095. 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
  2096. 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
  2097. 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
  2098. 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
  2099. 0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08
  2100. };
  2101. static const unsigned char i1[] = {
  2102. 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
  2103. 0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64
  2104. };
  2105. static const unsigned char p1[] = {
  2106. 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
  2107. 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
  2108. 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
  2109. 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e
  2110. };
  2111. static const unsigned char c1[] = {
  2112. 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
  2113. 0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
  2114. 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
  2115. 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb
  2116. };
  2117. /* plain text test of partial block is not from NIST test vector list */
  2118. static const unsigned char pp[] = {
  2119. 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
  2120. 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
  2121. 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
  2122. };
  2123. static const unsigned char cp[] = {
  2124. 0x65, 0x5e, 0x1d, 0x37, 0x4a, 0x91, 0xe7, 0x6c,
  2125. 0x4f, 0x83, 0x92, 0xbc, 0x5a, 0x10, 0x55, 0x27,
  2126. 0x61, 0x0e, 0x5a, 0xde, 0xca, 0xc5, 0x12, 0xd8
  2127. };
  2128. static const unsigned char k2[] = {
  2129. 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
  2130. 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
  2131. 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
  2132. 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
  2133. 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
  2134. 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a,
  2135. 0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12,
  2136. 0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4
  2137. };
  2138. static const unsigned char i2[] = {
  2139. 0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0,
  2140. 0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f
  2141. };
  2142. static const unsigned char p2[] = {
  2143. 0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00,
  2144. 0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53,
  2145. 0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89,
  2146. 0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd,
  2147. 0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61,
  2148. 0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc
  2149. };
  2150. static const unsigned char c2[] = {
  2151. 0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10,
  2152. 0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1,
  2153. 0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61,
  2154. 0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89,
  2155. 0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b,
  2156. 0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92
  2157. };
  2158. if ((aes = (XtsAes *)XMALLOC(sizeof(*aes), NULL, DYNAMIC_TYPE_AES))
  2159. == NULL)
  2160. {
  2161. ret = MEMORY_E;
  2162. goto out;
  2163. }
  2164. if ((buf = (unsigned char *)XMALLOC(AES_XTS_256_TEST_BUF_SIZ, NULL,
  2165. DYNAMIC_TYPE_AES)) == NULL)
  2166. {
  2167. ret = MEMORY_E;
  2168. goto out;
  2169. }
  2170. if ((cipher = (unsigned char *)XMALLOC(AES_XTS_256_TEST_BUF_SIZ, NULL,
  2171. DYNAMIC_TYPE_AES)) == NULL)
  2172. {
  2173. ret = MEMORY_E;
  2174. goto out;
  2175. }
  2176. ret = wc_AesXtsInit(aes, NULL, INVALID_DEVID);
  2177. if (ret != 0)
  2178. goto out;
  2179. else
  2180. aes_inited = 1;
  2181. XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
  2182. ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
  2183. if (ret != 0)
  2184. goto out;
  2185. ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
  2186. if (ret != 0)
  2187. goto out;
  2188. if (XMEMCMP(c2, buf, sizeof(c2))) {
  2189. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  2190. goto out;
  2191. }
  2192. XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
  2193. ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream);
  2194. if (ret != 0)
  2195. goto out;
  2196. ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream);
  2197. if (ret != 0)
  2198. goto out;
  2199. ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE,
  2200. p2 + WC_AES_BLOCK_SIZE,
  2201. sizeof(p2) - WC_AES_BLOCK_SIZE, &stream);
  2202. if (ret != 0)
  2203. goto out;
  2204. if (XMEMCMP(c2, buf, sizeof(c2))) {
  2205. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  2206. goto out;
  2207. }
  2208. XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
  2209. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
  2210. if (ret != 0)
  2211. goto out;
  2212. ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
  2213. if (ret != 0)
  2214. goto out;
  2215. if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE)) {
  2216. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  2217. goto out;
  2218. }
  2219. /* partial block encryption test */
  2220. XMEMSET(cipher, 0, AES_XTS_256_TEST_BUF_SIZ);
  2221. ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
  2222. if (ret != 0)
  2223. goto out;
  2224. /* partial block decrypt test */
  2225. XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
  2226. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
  2227. if (ret != 0)
  2228. goto out;
  2229. ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
  2230. if (ret != 0)
  2231. goto out;
  2232. if (XMEMCMP(pp, buf, sizeof(pp))) {
  2233. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  2234. goto out;
  2235. }
  2236. /* NIST decrypt test vector */
  2237. XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
  2238. ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
  2239. if (ret != 0)
  2240. goto out;
  2241. if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE)) {
  2242. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  2243. goto out;
  2244. }
  2245. XMEMSET(buf, 0, AES_XTS_256_TEST_BUF_SIZ);
  2246. ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
  2247. if (ret != 0)
  2248. goto out;
  2249. ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
  2250. if (ret != 0)
  2251. goto out;
  2252. if (XMEMCMP(p2, buf, sizeof(p2))) {
  2253. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  2254. goto out;
  2255. }
  2256. {
  2257. #define LARGE_XTS_SZ 1024
  2258. int i;
  2259. int j;
  2260. int k;
  2261. large_input = (byte *)XMALLOC(LARGE_XTS_SZ, NULL,
  2262. DYNAMIC_TYPE_TMP_BUFFER);
  2263. if (large_input == NULL) {
  2264. ret = MEMORY_E;
  2265. goto out;
  2266. }
  2267. for (i = 0; i < (int)LARGE_XTS_SZ; i++)
  2268. large_input[i] = (byte)i;
  2269. /* first, encrypt block by block then decrypt with a one-shot call. */
  2270. for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
  2271. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
  2272. if (ret != 0)
  2273. goto out;
  2274. ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream);
  2275. if (ret != 0)
  2276. goto out;
  2277. for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
  2278. if ((j - k) < WC_AES_BLOCK_SIZE*2)
  2279. ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
  2280. else
  2281. ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream);
  2282. if (ret != 0)
  2283. goto out;
  2284. if ((j - k) < WC_AES_BLOCK_SIZE*2)
  2285. break;
  2286. }
  2287. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
  2288. if (ret != 0)
  2289. goto out;
  2290. ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1,
  2291. sizeof(i1));
  2292. if (ret != 0)
  2293. goto out;
  2294. for (i = 0; i < j; i++) {
  2295. if (large_input[i] != (byte)i) {
  2296. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  2297. goto out;
  2298. }
  2299. }
  2300. }
  2301. /* second, encrypt with a one-shot call then decrypt block by block. */
  2302. for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
  2303. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
  2304. if (ret != 0)
  2305. goto out;
  2306. ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1,
  2307. sizeof(i1));
  2308. if (ret != 0)
  2309. goto out;
  2310. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
  2311. if (ret != 0)
  2312. goto out;
  2313. ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream);
  2314. if (ret != 0)
  2315. goto out;
  2316. for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) {
  2317. if ((j - k) < WC_AES_BLOCK_SIZE*2)
  2318. ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream);
  2319. else
  2320. ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream);
  2321. if (ret != 0)
  2322. goto out;
  2323. if ((j - k) < WC_AES_BLOCK_SIZE*2)
  2324. break;
  2325. }
  2326. for (i = 0; i < j; i++) {
  2327. if (large_input[i] != (byte)i) {
  2328. ret = LINUXKM_LKCAPI_AES_KAT_MISMATCH_E;
  2329. goto out;
  2330. }
  2331. }
  2332. }
  2333. }
  2334. /* now the kernel crypto part */
  2335. enc2 = XMALLOC(sizeof(p1), NULL, DYNAMIC_TYPE_AES);
  2336. if (!enc2) {
  2337. pr_err("error: malloc failed\n");
  2338. ret = -ENOMEM;
  2339. goto test_xts_end;
  2340. }
  2341. dec2 = XMALLOC(sizeof(p1), NULL, DYNAMIC_TYPE_AES);
  2342. if (!dec2) {
  2343. pr_err("error: malloc failed\n");
  2344. ret = -ENOMEM;
  2345. goto test_xts_end;
  2346. }
  2347. src = XMALLOC(sizeof(*src) * 2, NULL, DYNAMIC_TYPE_AES);
  2348. if (! src) {
  2349. pr_err("error: malloc failed\n");
  2350. ret = -ENOMEM;
  2351. goto test_xts_end;
  2352. }
  2353. dst = XMALLOC(sizeof(*dst) * 2, NULL, DYNAMIC_TYPE_AES);
  2354. if (! dst) {
  2355. pr_err("error: malloc failed\n");
  2356. ret = -ENOMEM;
  2357. goto test_xts_end;
  2358. }
  2359. tfm = crypto_alloc_skcipher(WOLFKM_AESXTS_NAME, 0, 0);
  2360. if (IS_ERR(tfm)) {
  2361. ret = PTR_ERR(tfm);
  2362. pr_err("error: allocating AES skcipher algorithm %s failed: %d\n",
  2363. WOLFKM_AESXTS_DRIVER, ret);
  2364. goto test_xts_end;
  2365. }
  2366. #ifndef LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
  2367. {
  2368. const char *driver_name = crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
  2369. if (strcmp(driver_name, WOLFKM_AESXTS_DRIVER)) {
  2370. pr_err("error: unexpected implementation for %s: %s (expected %s)\n",
  2371. WOLFKM_AESXTS_NAME, driver_name, WOLFKM_AESXTS_DRIVER);
  2372. ret = -ENOENT;
  2373. goto test_xts_end;
  2374. }
  2375. }
  2376. #endif
  2377. ret = crypto_skcipher_ivsize(tfm);
  2378. if (ret != sizeof(stream.tweak_block)) {
  2379. pr_err("error: AES skcipher algorithm %s crypto_skcipher_ivsize()"
  2380. " returned %d but expected %d\n",
  2381. WOLFKM_AESXTS_DRIVER, ret, (int)sizeof(stream.tweak_block));
  2382. ret = -EINVAL;
  2383. goto test_xts_end;
  2384. }
  2385. ret = crypto_skcipher_setkey(tfm, k1, sizeof(k1));
  2386. if (ret) {
  2387. pr_err("error: crypto_skcipher_setkey for %s returned: %d\n",
  2388. WOLFKM_AESXTS_NAME, ret);
  2389. goto test_xts_end;
  2390. }
  2391. req = skcipher_request_alloc(tfm, GFP_KERNEL);
  2392. if (IS_ERR(req)) {
  2393. ret = PTR_ERR(req);
  2394. pr_err("error: allocating AES skcipher request %s failed: %d\n",
  2395. WOLFKM_AESXTS_DRIVER, ret);
  2396. goto test_xts_end;
  2397. }
  2398. memcpy(dec2, p1, sizeof(p1));
  2399. memset(enc2, 0, sizeof(p1));
  2400. sg_init_one(src, dec2, sizeof(p1));
  2401. sg_init_one(dst, enc2, sizeof(p1));
  2402. memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block));
  2403. skcipher_request_set_crypt(req, src, dst, sizeof(p1), stream.tweak_block);
  2404. ret = crypto_skcipher_encrypt(req);
  2405. if (ret) {
  2406. pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
  2407. goto test_xts_end;
  2408. }
  2409. ret = XMEMCMP(c1, enc2, sizeof(c1));
  2410. if (ret) {
  2411. pr_err("error: c1 and enc2 do not match: %d\n", ret);
  2412. ret = -EINVAL;
  2413. goto test_xts_end;
  2414. }
  2415. memset(dec2, 0, sizeof(p1));
  2416. sg_init_one(src, enc2, sizeof(p1));
  2417. sg_init_one(dst, dec2, sizeof(p1));
  2418. memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block));
  2419. skcipher_request_set_crypt(req, src, dst, sizeof(p1), stream.tweak_block);
  2420. ret = crypto_skcipher_decrypt(req);
  2421. if (ret) {
  2422. pr_err("ERROR: crypto_skcipher_decrypt returned %d\n", ret);
  2423. goto test_xts_end;
  2424. }
  2425. ret = XMEMCMP(p1, dec2, sizeof(p1));
  2426. if (ret) {
  2427. pr_err("error: p1 and dec2 do not match: %d\n", ret);
  2428. ret = -EINVAL;
  2429. goto test_xts_end;
  2430. }
  2431. memcpy(dec2, pp, sizeof(pp));
  2432. memset(enc2, 0, sizeof(pp));
  2433. sg_init_one(src, dec2, sizeof(pp));
  2434. sg_init_one(dst, enc2, sizeof(pp));
  2435. memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block));
  2436. skcipher_request_set_crypt(req, src, dst, sizeof(pp), stream.tweak_block);
  2437. ret = crypto_skcipher_encrypt(req);
  2438. if (ret) {
  2439. pr_err("error: crypto_skcipher_encrypt returned: %d\n", ret);
  2440. goto test_xts_end;
  2441. }
  2442. ret = XMEMCMP(cp, enc2, sizeof(cp));
  2443. if (ret) {
  2444. pr_err("error: cp and enc2 do not match: %d\n", ret);
  2445. ret = -EINVAL;
  2446. goto test_xts_end;
  2447. }
  2448. memset(dec2, 0, sizeof(pp));
  2449. sg_init_one(src, enc2, sizeof(pp));
  2450. sg_init_one(dst, dec2, sizeof(pp));
  2451. memcpy(stream.tweak_block, i1, sizeof(stream.tweak_block));
  2452. skcipher_request_set_crypt(req, src, dst, sizeof(pp), stream.tweak_block);
  2453. ret = crypto_skcipher_decrypt(req);
  2454. if (ret) {
  2455. pr_err("ERROR: crypto_skcipher_decrypt returned %d\n", ret);
  2456. goto test_xts_end;
  2457. }
  2458. ret = XMEMCMP(pp, dec2, sizeof(pp));
  2459. if (ret) {
  2460. pr_err("error: pp and dec2 do not match: %d\n", ret);
  2461. ret = -EINVAL;
  2462. goto test_xts_end;
  2463. }
  2464. test_xts_end:
  2465. XFREE(enc2, NULL, DYNAMIC_TYPE_AES);
  2466. XFREE(dec2, NULL, DYNAMIC_TYPE_AES);
  2467. XFREE(src, NULL, DYNAMIC_TYPE_AES);
  2468. XFREE(dst, NULL, DYNAMIC_TYPE_AES);
  2469. if (req)
  2470. skcipher_request_free(req);
  2471. if (tfm)
  2472. crypto_free_skcipher(tfm);
  2473. out:
  2474. XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  2475. if (aes_inited)
  2476. wc_AesXtsFree(aes);
  2477. XFREE(buf, NULL, DYNAMIC_TYPE_AES);
  2478. XFREE(cipher, NULL, DYNAMIC_TYPE_AES);
  2479. XFREE(aes, NULL, DYNAMIC_TYPE_AES);
  2480. #undef AES_XTS_256_TEST_BUF_SIZ
  2481. return ret;
  2482. }
  2483. #endif /* WOLFSSL_AES_256 */
  2484. static int linuxkm_test_aesxts(void) {
  2485. int ret;
  2486. #ifdef WOLFSSL_AES_128
  2487. ret = aes_xts_128_test();
  2488. if (ret != 0) {
  2489. pr_err("aes_xts_128_test() failed with retval %d.\n", ret);
  2490. goto out;
  2491. }
  2492. #endif
  2493. #ifdef WOLFSSL_AES_256
  2494. ret = aes_xts_256_test();
  2495. if (ret != 0) {
  2496. pr_err("aes_xts_256_test() failed with retval %d.\n", ret);
  2497. goto out;
  2498. }
  2499. #endif
  2500. out:
  2501. return ret;
  2502. }
  2503. #endif /* WOLFSSL_AES_XTS &&
  2504. * (LINUXKM_LKCAPI_REGISTER_ALL || LINUXKM_LKCAPI_REGISTER_AESXTS)
  2505. */
  2506. #endif /* !NO_AES */
  2507. #if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \
  2508. !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
  2509. #ifdef CONFIG_CRYPTO_FIPS
  2510. #include <linux/fips.h>
  2511. #else
  2512. #error wolfCrypt FIPS with LINUXKM_LKCAPI_REGISTER and CONFIG_CRYPTO_MANAGER requires CONFIG_CRYPTO_FIPS
  2513. #endif
  2514. #endif
  2515. static int linuxkm_lkcapi_register(void)
  2516. {
  2517. int ret = 0;
  2518. #if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \
  2519. !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
  2520. int enabled_fips = 0;
  2521. #endif
  2522. #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
  2523. /* temporarily disable warnings around setkey failures, which are expected
  2524. * from the crypto fuzzer in FIPS configs, and potentially in others.
  2525. * unexpected setkey failures are fatal errors returned by the fuzzer.
  2526. */
  2527. disable_setkey_warnings = 1;
  2528. #endif
  2529. #if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \
  2530. !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
  2531. if (! fips_enabled) {
  2532. /* temporarily assert system-wide FIPS status, to disable FIPS-forbidden
  2533. * test vectors and fuzzing from the CRYPTO_MANAGER.
  2534. */
  2535. enabled_fips = fips_enabled = 1;
  2536. }
  2537. #endif
  2538. #define REGISTER_ALG(alg, installer, tester) do { \
  2539. if (alg ## _loaded) { \
  2540. pr_err("ERROR: %s is already registered.\n", \
  2541. (alg).base.cra_driver_name); \
  2542. ret = -EEXIST; \
  2543. goto out; \
  2544. } \
  2545. \
  2546. ret = (installer)(&(alg)); \
  2547. \
  2548. if (ret) { \
  2549. pr_err("ERROR: " #installer " for %s failed " \
  2550. "with return code %d.\n", \
  2551. (alg).base.cra_driver_name, ret); \
  2552. goto out; \
  2553. } \
  2554. \
  2555. alg ## _loaded = 1; \
  2556. \
  2557. ret = (tester()); \
  2558. \
  2559. if (ret) { \
  2560. pr_err("ERROR: self-test for %s failed " \
  2561. "with return code %d.\n", \
  2562. (alg).base.cra_driver_name, ret); \
  2563. goto out; \
  2564. } \
  2565. pr_info("%s self-test OK -- " \
  2566. "registered for %s with priority %d.\n", \
  2567. (alg).base.cra_driver_name, \
  2568. (alg).base.cra_name, \
  2569. (alg).base.cra_priority); \
  2570. } while (0)
  2571. #if defined(HAVE_AES_CBC) && \
  2572. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  2573. defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
  2574. REGISTER_ALG(cbcAesAlg, crypto_register_skcipher, linuxkm_test_aescbc);
  2575. #endif
  2576. #if defined(WOLFSSL_AES_CFB) && \
  2577. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  2578. defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
  2579. REGISTER_ALG(cfbAesAlg, crypto_register_skcipher, linuxkm_test_aescfb);
  2580. #endif
  2581. #if defined(HAVE_AESGCM) && \
  2582. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  2583. defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
  2584. REGISTER_ALG(gcmAesAead, crypto_register_aead, linuxkm_test_aesgcm);
  2585. #endif
  2586. #if defined(WOLFSSL_AES_XTS) && \
  2587. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  2588. defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
  2589. REGISTER_ALG(xtsAesAlg, crypto_register_skcipher, linuxkm_test_aesxts);
  2590. #endif
  2591. #undef REGISTER_ALG
  2592. out:
  2593. #if defined(HAVE_FIPS) && defined(CONFIG_CRYPTO_MANAGER) && \
  2594. !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS)
  2595. if (enabled_fips)
  2596. fips_enabled = 0;
  2597. #endif
  2598. #ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
  2599. disable_setkey_warnings = 0;
  2600. #endif
  2601. return ret;
  2602. }
  2603. static void linuxkm_lkcapi_unregister(void)
  2604. {
  2605. #define UNREGISTER_ALG(alg, uninstaller) do { \
  2606. if (alg ## _loaded) { \
  2607. (uninstaller)(&(alg)); \
  2608. alg ## _loaded = 0; \
  2609. } \
  2610. } while (0)
  2611. #if defined(HAVE_AES_CBC) && \
  2612. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  2613. defined(LINUXKM_LKCAPI_REGISTER_AESCBC))
  2614. UNREGISTER_ALG(cbcAesAlg, crypto_unregister_skcipher);
  2615. #endif
  2616. #if defined(WOLFSSL_AES_CFB) && \
  2617. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  2618. defined(LINUXKM_LKCAPI_REGISTER_AESCFB))
  2619. UNREGISTER_ALG(cfbAesAlg, crypto_unregister_skcipher);
  2620. #endif
  2621. #if defined(HAVE_AESGCM) && \
  2622. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  2623. defined(LINUXKM_LKCAPI_REGISTER_AESGCM))
  2624. UNREGISTER_ALG(gcmAesAead, crypto_unregister_aead);
  2625. #endif
  2626. #if defined(WOLFSSL_AES_XTS) && \
  2627. (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
  2628. defined(LINUXKM_LKCAPI_REGISTER_AESXTS))
  2629. UNREGISTER_ALG(xtsAesAlg, crypto_unregister_skcipher);
  2630. #endif
  2631. #undef UNREGISTER_ALG
  2632. }