2 * Quick & dirty crypto testing module.
4 * This will only exist until we have a better testing mechanism
5 * (e.g. a char device).
7 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
8 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
9 * Copyright (c) 2007 Nokia Siemens Networks
11 * This program is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the Free
13 * Software Foundation; either version 2 of the License, or (at your option)
18 #include <crypto/hash.h>
19 #include <linux/err.h>
20 #include <linux/init.h>
21 #include <linux/module.h>
22 #include <linux/slab.h>
23 #include <linux/scatterlist.h>
24 #include <linux/string.h>
25 #include <linux/moduleparam.h>
26 #include <linux/jiffies.h>
27 #include <linux/timex.h>
28 #include <linux/interrupt.h>
33 * Need slab memory for testing (size in number of pages).
38 * Used by test_cipher_speed()
44 * Used by test_cipher_speed()
46 static unsigned int sec;
48 static char *alg = NULL;
51 static char *tvmem[TVMEMSIZE];
53 static char *check[] = {
54 "des", "md5", "des3_ede", "rot13", "sha1", "sha224", "sha256",
55 "blowfish", "twofish", "serpent", "sha384", "sha512", "md4", "aes",
56 "cast6", "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea",
57 "khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", "fcrypt",
58 "camellia", "seed", "salsa20", "rmd128", "rmd160", "rmd256", "rmd320",
59 "lzo", "cts", "zlib", NULL
62 static int test_cipher_jiffies(struct blkcipher_desc *desc, int enc,
63 struct scatterlist *sg, int blen, int sec)
65 unsigned long start, end;
69 for (start = jiffies, end = start + sec * HZ, bcount = 0;
70 time_before(jiffies, end); bcount++) {
72 ret = crypto_blkcipher_encrypt(desc, sg, sg, blen);
74 ret = crypto_blkcipher_decrypt(desc, sg, sg, blen);
80 printk("%d operations in %d seconds (%ld bytes)\n",
81 bcount, sec, (long)bcount * blen);
85 static int test_cipher_cycles(struct blkcipher_desc *desc, int enc,
86 struct scatterlist *sg, int blen)
88 unsigned long cycles = 0;
96 for (i = 0; i < 4; i++) {
98 ret = crypto_blkcipher_encrypt(desc, sg, sg, blen);
100 ret = crypto_blkcipher_decrypt(desc, sg, sg, blen);
106 /* The real thing. */
107 for (i = 0; i < 8; i++) {
110 start = get_cycles();
112 ret = crypto_blkcipher_encrypt(desc, sg, sg, blen);
114 ret = crypto_blkcipher_decrypt(desc, sg, sg, blen);
120 cycles += end - start;
128 printk("1 operation in %lu cycles (%d bytes)\n",
129 (cycles + 4) / 8, blen);
134 static u32 block_sizes[] = { 16, 64, 256, 1024, 8192, 0 };
136 static void test_cipher_speed(const char *algo, int enc, unsigned int sec,
137 struct cipher_speed_template *template,
138 unsigned int tcount, u8 *keysize)
140 unsigned int ret, i, j, iv_len;
141 const char *key, iv[128];
142 struct crypto_blkcipher *tfm;
143 struct blkcipher_desc desc;
152 printk("\ntesting speed of %s %s\n", algo, e);
154 tfm = crypto_alloc_blkcipher(algo, 0, CRYPTO_ALG_ASYNC);
157 printk("failed to load transform for %s: %ld\n", algo,
167 b_size = block_sizes;
169 struct scatterlist sg[TVMEMSIZE];
171 if ((*keysize + *b_size) > TVMEMSIZE * PAGE_SIZE) {
172 printk("template (%u) too big for "
173 "tvmem (%lu)\n", *keysize + *b_size,
174 TVMEMSIZE * PAGE_SIZE);
178 printk("test %u (%d bit key, %d byte blocks): ", i,
179 *keysize * 8, *b_size);
181 memset(tvmem[0], 0xff, PAGE_SIZE);
183 /* set key, plain text and IV */
185 for (j = 0; j < tcount; j++) {
186 if (template[j].klen == *keysize) {
187 key = template[j].key;
192 ret = crypto_blkcipher_setkey(tfm, key, *keysize);
194 printk("setkey() failed flags=%x\n",
195 crypto_blkcipher_get_flags(tfm));
199 sg_init_table(sg, TVMEMSIZE);
200 sg_set_buf(sg, tvmem[0] + *keysize,
201 PAGE_SIZE - *keysize);
202 for (j = 1; j < TVMEMSIZE; j++) {
203 sg_set_buf(sg + j, tvmem[j], PAGE_SIZE);
204 memset (tvmem[j], 0xff, PAGE_SIZE);
207 iv_len = crypto_blkcipher_ivsize(tfm);
209 memset(&iv, 0xff, iv_len);
210 crypto_blkcipher_set_iv(tfm, iv, iv_len);
214 ret = test_cipher_jiffies(&desc, enc, sg,
217 ret = test_cipher_cycles(&desc, enc, sg,
221 printk("%s() failed flags=%x\n", e, desc.flags);
231 crypto_free_blkcipher(tfm);
234 static int test_hash_jiffies_digest(struct hash_desc *desc,
235 struct scatterlist *sg, int blen,
238 unsigned long start, end;
242 for (start = jiffies, end = start + sec * HZ, bcount = 0;
243 time_before(jiffies, end); bcount++) {
244 ret = crypto_hash_digest(desc, sg, blen, out);
249 printk("%6u opers/sec, %9lu bytes/sec\n",
250 bcount / sec, ((long)bcount * blen) / sec);
255 static int test_hash_jiffies(struct hash_desc *desc, struct scatterlist *sg,
256 int blen, int plen, char *out, int sec)
258 unsigned long start, end;
263 return test_hash_jiffies_digest(desc, sg, blen, out, sec);
265 for (start = jiffies, end = start + sec * HZ, bcount = 0;
266 time_before(jiffies, end); bcount++) {
267 ret = crypto_hash_init(desc);
270 for (pcount = 0; pcount < blen; pcount += plen) {
271 ret = crypto_hash_update(desc, sg, plen);
275 /* we assume there is enough space in 'out' for the result */
276 ret = crypto_hash_final(desc, out);
281 printk("%6u opers/sec, %9lu bytes/sec\n",
282 bcount / sec, ((long)bcount * blen) / sec);
287 static int test_hash_cycles_digest(struct hash_desc *desc,
288 struct scatterlist *sg, int blen, char *out)
290 unsigned long cycles = 0;
298 for (i = 0; i < 4; i++) {
299 ret = crypto_hash_digest(desc, sg, blen, out);
304 /* The real thing. */
305 for (i = 0; i < 8; i++) {
308 start = get_cycles();
310 ret = crypto_hash_digest(desc, sg, blen, out);
316 cycles += end - start;
326 printk("%6lu cycles/operation, %4lu cycles/byte\n",
327 cycles / 8, cycles / (8 * blen));
332 static int test_hash_cycles(struct hash_desc *desc, struct scatterlist *sg,
333 int blen, int plen, char *out)
335 unsigned long cycles = 0;
340 return test_hash_cycles_digest(desc, sg, blen, out);
346 for (i = 0; i < 4; i++) {
347 ret = crypto_hash_init(desc);
350 for (pcount = 0; pcount < blen; pcount += plen) {
351 ret = crypto_hash_update(desc, sg, plen);
355 ret = crypto_hash_final(desc, out);
360 /* The real thing. */
361 for (i = 0; i < 8; i++) {
364 start = get_cycles();
366 ret = crypto_hash_init(desc);
369 for (pcount = 0; pcount < blen; pcount += plen) {
370 ret = crypto_hash_update(desc, sg, plen);
374 ret = crypto_hash_final(desc, out);
380 cycles += end - start;
390 printk("%6lu cycles/operation, %4lu cycles/byte\n",
391 cycles / 8, cycles / (8 * blen));
396 static void test_hash_speed(const char *algo, unsigned int sec,
397 struct hash_speed *speed)
399 struct scatterlist sg[TVMEMSIZE];
400 struct crypto_hash *tfm;
401 struct hash_desc desc;
402 static char output[1024];
406 printk(KERN_INFO "\ntesting speed of %s\n", algo);
408 tfm = crypto_alloc_hash(algo, 0, CRYPTO_ALG_ASYNC);
411 printk(KERN_ERR "failed to load transform for %s: %ld\n", algo,
419 if (crypto_hash_digestsize(tfm) > sizeof(output)) {
420 printk(KERN_ERR "digestsize(%u) > outputbuffer(%zu)\n",
421 crypto_hash_digestsize(tfm), sizeof(output));
425 sg_init_table(sg, TVMEMSIZE);
426 for (i = 0; i < TVMEMSIZE; i++) {
427 sg_set_buf(sg + i, tvmem[i], PAGE_SIZE);
428 memset(tvmem[i], 0xff, PAGE_SIZE);
431 for (i = 0; speed[i].blen != 0; i++) {
432 if (speed[i].blen > TVMEMSIZE * PAGE_SIZE) {
434 "template (%u) too big for tvmem (%lu)\n",
435 speed[i].blen, TVMEMSIZE * PAGE_SIZE);
439 printk(KERN_INFO "test%3u "
440 "(%5u byte blocks,%5u bytes per update,%4u updates): ",
441 i, speed[i].blen, speed[i].plen, speed[i].blen / speed[i].plen);
444 ret = test_hash_jiffies(&desc, sg, speed[i].blen,
445 speed[i].plen, output, sec);
447 ret = test_hash_cycles(&desc, sg, speed[i].blen,
448 speed[i].plen, output);
451 printk(KERN_ERR "hashing failed ret=%d\n", ret);
457 crypto_free_hash(tfm);
460 static void test_available(void)
465 printk("alg %s ", *name);
466 printk(crypto_has_alg(*name, 0, 0) ?
467 "found\n" : "not found\n");
472 static inline int tcrypt_test(const char *alg)
476 ret = alg_test(alg, alg, 0, 0);
477 /* non-fips algs return -EINVAL in fips mode */
478 if (fips_enabled && ret == -EINVAL)
483 static int do_test(int m)
490 for (i = 1; i < 200; i++)
495 ret += tcrypt_test("md5");
499 ret += tcrypt_test("sha1");
503 ret += tcrypt_test("ecb(des)");
504 ret += tcrypt_test("cbc(des)");
508 ret += tcrypt_test("ecb(des3_ede)");
509 ret += tcrypt_test("cbc(des3_ede)");
513 ret += tcrypt_test("md4");
517 ret += tcrypt_test("sha256");
521 ret += tcrypt_test("ecb(blowfish)");
522 ret += tcrypt_test("cbc(blowfish)");
526 ret += tcrypt_test("ecb(twofish)");
527 ret += tcrypt_test("cbc(twofish)");
531 ret += tcrypt_test("ecb(serpent)");
535 ret += tcrypt_test("ecb(aes)");
536 ret += tcrypt_test("cbc(aes)");
537 ret += tcrypt_test("lrw(aes)");
538 ret += tcrypt_test("xts(aes)");
539 ret += tcrypt_test("ctr(aes)");
540 ret += tcrypt_test("rfc3686(ctr(aes))");
544 ret += tcrypt_test("sha384");
548 ret += tcrypt_test("sha512");
552 ret += tcrypt_test("deflate");
556 ret += tcrypt_test("ecb(cast5)");
560 ret += tcrypt_test("ecb(cast6)");
564 ret += tcrypt_test("ecb(arc4)");
568 ret += tcrypt_test("michael_mic");
572 ret += tcrypt_test("crc32c");
576 ret += tcrypt_test("ecb(tea)");
580 ret += tcrypt_test("ecb(xtea)");
584 ret += tcrypt_test("ecb(khazad)");
588 ret += tcrypt_test("wp512");
592 ret += tcrypt_test("wp384");
596 ret += tcrypt_test("wp256");
600 ret += tcrypt_test("ecb(tnepres)");
604 ret += tcrypt_test("ecb(anubis)");
605 ret += tcrypt_test("cbc(anubis)");
609 ret += tcrypt_test("tgr192");
614 ret += tcrypt_test("tgr160");
618 ret += tcrypt_test("tgr128");
622 ret += tcrypt_test("ecb(xeta)");
626 ret += tcrypt_test("pcbc(fcrypt)");
630 ret += tcrypt_test("ecb(camellia)");
631 ret += tcrypt_test("cbc(camellia)");
634 ret += tcrypt_test("sha224");
638 ret += tcrypt_test("salsa20");
642 ret += tcrypt_test("gcm(aes)");
646 ret += tcrypt_test("lzo");
650 ret += tcrypt_test("ccm(aes)");
654 ret += tcrypt_test("cts(cbc(aes))");
658 ret += tcrypt_test("rmd128");
662 ret += tcrypt_test("rmd160");
666 ret += tcrypt_test("rmd256");
670 ret += tcrypt_test("rmd320");
674 ret += tcrypt_test("ecb(seed)");
678 ret += tcrypt_test("zlib");
682 ret += tcrypt_test("rfc4309(ccm(aes))");
686 ret += tcrypt_test("hmac(md5)");
690 ret += tcrypt_test("hmac(sha1)");
694 ret += tcrypt_test("hmac(sha256)");
698 ret += tcrypt_test("hmac(sha384)");
702 ret += tcrypt_test("hmac(sha512)");
706 ret += tcrypt_test("hmac(sha224)");
710 ret += tcrypt_test("xcbc(aes)");
714 ret += tcrypt_test("hmac(rmd128)");
718 ret += tcrypt_test("hmac(rmd160)");
722 ret += tcrypt_test("ansi_cprng");
726 test_cipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0,
727 speed_template_16_24_32);
728 test_cipher_speed("ecb(aes)", DECRYPT, sec, NULL, 0,
729 speed_template_16_24_32);
730 test_cipher_speed("cbc(aes)", ENCRYPT, sec, NULL, 0,
731 speed_template_16_24_32);
732 test_cipher_speed("cbc(aes)", DECRYPT, sec, NULL, 0,
733 speed_template_16_24_32);
734 test_cipher_speed("lrw(aes)", ENCRYPT, sec, NULL, 0,
735 speed_template_32_40_48);
736 test_cipher_speed("lrw(aes)", DECRYPT, sec, NULL, 0,
737 speed_template_32_40_48);
738 test_cipher_speed("xts(aes)", ENCRYPT, sec, NULL, 0,
739 speed_template_32_48_64);
740 test_cipher_speed("xts(aes)", DECRYPT, sec, NULL, 0,
741 speed_template_32_48_64);
745 test_cipher_speed("ecb(des3_ede)", ENCRYPT, sec,
746 des3_speed_template, DES3_SPEED_VECTORS,
748 test_cipher_speed("ecb(des3_ede)", DECRYPT, sec,
749 des3_speed_template, DES3_SPEED_VECTORS,
751 test_cipher_speed("cbc(des3_ede)", ENCRYPT, sec,
752 des3_speed_template, DES3_SPEED_VECTORS,
754 test_cipher_speed("cbc(des3_ede)", DECRYPT, sec,
755 des3_speed_template, DES3_SPEED_VECTORS,
760 test_cipher_speed("ecb(twofish)", ENCRYPT, sec, NULL, 0,
761 speed_template_16_24_32);
762 test_cipher_speed("ecb(twofish)", DECRYPT, sec, NULL, 0,
763 speed_template_16_24_32);
764 test_cipher_speed("cbc(twofish)", ENCRYPT, sec, NULL, 0,
765 speed_template_16_24_32);
766 test_cipher_speed("cbc(twofish)", DECRYPT, sec, NULL, 0,
767 speed_template_16_24_32);
771 test_cipher_speed("ecb(blowfish)", ENCRYPT, sec, NULL, 0,
772 speed_template_8_32);
773 test_cipher_speed("ecb(blowfish)", DECRYPT, sec, NULL, 0,
774 speed_template_8_32);
775 test_cipher_speed("cbc(blowfish)", ENCRYPT, sec, NULL, 0,
776 speed_template_8_32);
777 test_cipher_speed("cbc(blowfish)", DECRYPT, sec, NULL, 0,
778 speed_template_8_32);
782 test_cipher_speed("ecb(des)", ENCRYPT, sec, NULL, 0,
784 test_cipher_speed("ecb(des)", DECRYPT, sec, NULL, 0,
786 test_cipher_speed("cbc(des)", ENCRYPT, sec, NULL, 0,
788 test_cipher_speed("cbc(des)", DECRYPT, sec, NULL, 0,
793 test_cipher_speed("ecb(camellia)", ENCRYPT, sec, NULL, 0,
794 speed_template_16_24_32);
795 test_cipher_speed("ecb(camellia)", DECRYPT, sec, NULL, 0,
796 speed_template_16_24_32);
797 test_cipher_speed("cbc(camellia)", ENCRYPT, sec, NULL, 0,
798 speed_template_16_24_32);
799 test_cipher_speed("cbc(camellia)", DECRYPT, sec, NULL, 0,
800 speed_template_16_24_32);
804 test_cipher_speed("salsa20", ENCRYPT, sec, NULL, 0,
805 speed_template_16_32);
812 test_hash_speed("md4", sec, generic_hash_speed_template);
813 if (mode > 300 && mode < 400) break;
816 test_hash_speed("md5", sec, generic_hash_speed_template);
817 if (mode > 300 && mode < 400) break;
820 test_hash_speed("sha1", sec, generic_hash_speed_template);
821 if (mode > 300 && mode < 400) break;
824 test_hash_speed("sha256", sec, generic_hash_speed_template);
825 if (mode > 300 && mode < 400) break;
828 test_hash_speed("sha384", sec, generic_hash_speed_template);
829 if (mode > 300 && mode < 400) break;
832 test_hash_speed("sha512", sec, generic_hash_speed_template);
833 if (mode > 300 && mode < 400) break;
836 test_hash_speed("wp256", sec, generic_hash_speed_template);
837 if (mode > 300 && mode < 400) break;
840 test_hash_speed("wp384", sec, generic_hash_speed_template);
841 if (mode > 300 && mode < 400) break;
844 test_hash_speed("wp512", sec, generic_hash_speed_template);
845 if (mode > 300 && mode < 400) break;
848 test_hash_speed("tgr128", sec, generic_hash_speed_template);
849 if (mode > 300 && mode < 400) break;
852 test_hash_speed("tgr160", sec, generic_hash_speed_template);
853 if (mode > 300 && mode < 400) break;
856 test_hash_speed("tgr192", sec, generic_hash_speed_template);
857 if (mode > 300 && mode < 400) break;
860 test_hash_speed("sha224", sec, generic_hash_speed_template);
861 if (mode > 300 && mode < 400) break;
864 test_hash_speed("rmd128", sec, generic_hash_speed_template);
865 if (mode > 300 && mode < 400) break;
868 test_hash_speed("rmd160", sec, generic_hash_speed_template);
869 if (mode > 300 && mode < 400) break;
872 test_hash_speed("rmd256", sec, generic_hash_speed_template);
873 if (mode > 300 && mode < 400) break;
876 test_hash_speed("rmd320", sec, generic_hash_speed_template);
877 if (mode > 300 && mode < 400) break;
890 static int do_alg_test(const char *alg, u32 type)
892 return crypto_has_alg(alg, type, CRYPTO_ALG_TYPE_MASK) ? 0 : -ENOENT;
895 static int __init tcrypt_mod_init(void)
900 for (i = 0; i < TVMEMSIZE; i++) {
901 tvmem[i] = (void *)__get_free_page(GFP_KERNEL);
907 err = do_alg_test(alg, type);
912 printk(KERN_ERR "tcrypt: one or more tests failed!\n");
916 /* We intentionaly return -EAGAIN to prevent keeping the module,
917 * unless we're running in fips mode. It does all its work from
918 * init() and doesn't offer any runtime functionality, but in
919 * the fips case, checking for a successful load is helpful.
920 * => we don't need it in the memory, do we?
927 for (i = 0; i < TVMEMSIZE && tvmem[i]; i++)
928 free_page((unsigned long)tvmem[i]);
934 * If an init function is provided, an exit function must also be provided
935 * to allow module unload.
937 static void __exit tcrypt_mod_fini(void) { }
939 module_init(tcrypt_mod_init);
940 module_exit(tcrypt_mod_fini);
942 module_param(alg, charp, 0);
943 module_param(type, uint, 0);
944 module_param(mode, int, 0);
945 module_param(sec, uint, 0);
946 MODULE_PARM_DESC(sec, "Length in seconds of speed tests "
947 "(defaults to zero which uses CPU cycles instead)");
949 MODULE_LICENSE("GPL");
950 MODULE_DESCRIPTION("Quick & dirty crypto testing module");
951 MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>");