2 * Quick & dirty crypto testing module.
4 * This will only exist until we have a better testing mechanism
5 * (e.g. a char device).
7 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
8 * Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
9 * Copyright (c) 2007 Nokia Siemens Networks
11 * This program is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the Free
13 * Software Foundation; either version 2 of the License, or (at your option)
18 #include <crypto/hash.h>
19 #include <linux/err.h>
20 #include <linux/init.h>
21 #include <linux/module.h>
22 #include <linux/slab.h>
23 #include <linux/scatterlist.h>
24 #include <linux/string.h>
25 #include <linux/moduleparam.h>
26 #include <linux/jiffies.h>
27 #include <linux/timex.h>
28 #include <linux/interrupt.h>
33 * Need slab memory for testing (size in number of pages).
38 * Used by test_cipher_speed()
44 * Used by test_cipher_speed()
46 static unsigned int sec;
48 static char *alg = NULL;
52 static char *tvmem[TVMEMSIZE];
54 static char *check[] = {
55 "des", "md5", "des3_ede", "rot13", "sha1", "sha224", "sha256",
56 "blowfish", "twofish", "serpent", "sha384", "sha512", "md4", "aes",
57 "cast6", "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea",
58 "khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", "fcrypt",
59 "camellia", "seed", "salsa20", "rmd128", "rmd160", "rmd256", "rmd320",
60 "lzo", "cts", "zlib", NULL
63 static int test_cipher_jiffies(struct blkcipher_desc *desc, int enc,
64 struct scatterlist *sg, int blen, int sec)
66 unsigned long start, end;
70 for (start = jiffies, end = start + sec * HZ, bcount = 0;
71 time_before(jiffies, end); bcount++) {
73 ret = crypto_blkcipher_encrypt(desc, sg, sg, blen);
75 ret = crypto_blkcipher_decrypt(desc, sg, sg, blen);
81 printk("%d operations in %d seconds (%ld bytes)\n",
82 bcount, sec, (long)bcount * blen);
86 static int test_cipher_cycles(struct blkcipher_desc *desc, int enc,
87 struct scatterlist *sg, int blen)
89 unsigned long cycles = 0;
97 for (i = 0; i < 4; i++) {
99 ret = crypto_blkcipher_encrypt(desc, sg, sg, blen);
101 ret = crypto_blkcipher_decrypt(desc, sg, sg, blen);
107 /* The real thing. */
108 for (i = 0; i < 8; i++) {
111 start = get_cycles();
113 ret = crypto_blkcipher_encrypt(desc, sg, sg, blen);
115 ret = crypto_blkcipher_decrypt(desc, sg, sg, blen);
121 cycles += end - start;
129 printk("1 operation in %lu cycles (%d bytes)\n",
130 (cycles + 4) / 8, blen);
135 static u32 block_sizes[] = { 16, 64, 256, 1024, 8192, 0 };
137 static void test_cipher_speed(const char *algo, int enc, unsigned int sec,
138 struct cipher_speed_template *template,
139 unsigned int tcount, u8 *keysize)
141 unsigned int ret, i, j, iv_len;
142 const char *key, iv[128];
143 struct crypto_blkcipher *tfm;
144 struct blkcipher_desc desc;
153 printk("\ntesting speed of %s %s\n", algo, e);
155 tfm = crypto_alloc_blkcipher(algo, 0, CRYPTO_ALG_ASYNC);
158 printk("failed to load transform for %s: %ld\n", algo,
168 b_size = block_sizes;
170 struct scatterlist sg[TVMEMSIZE];
172 if ((*keysize + *b_size) > TVMEMSIZE * PAGE_SIZE) {
173 printk("template (%u) too big for "
174 "tvmem (%lu)\n", *keysize + *b_size,
175 TVMEMSIZE * PAGE_SIZE);
179 printk("test %u (%d bit key, %d byte blocks): ", i,
180 *keysize * 8, *b_size);
182 memset(tvmem[0], 0xff, PAGE_SIZE);
184 /* set key, plain text and IV */
186 for (j = 0; j < tcount; j++) {
187 if (template[j].klen == *keysize) {
188 key = template[j].key;
193 ret = crypto_blkcipher_setkey(tfm, key, *keysize);
195 printk("setkey() failed flags=%x\n",
196 crypto_blkcipher_get_flags(tfm));
200 sg_init_table(sg, TVMEMSIZE);
201 sg_set_buf(sg, tvmem[0] + *keysize,
202 PAGE_SIZE - *keysize);
203 for (j = 1; j < TVMEMSIZE; j++) {
204 sg_set_buf(sg + j, tvmem[j], PAGE_SIZE);
205 memset (tvmem[j], 0xff, PAGE_SIZE);
208 iv_len = crypto_blkcipher_ivsize(tfm);
210 memset(&iv, 0xff, iv_len);
211 crypto_blkcipher_set_iv(tfm, iv, iv_len);
215 ret = test_cipher_jiffies(&desc, enc, sg,
218 ret = test_cipher_cycles(&desc, enc, sg,
222 printk("%s() failed flags=%x\n", e, desc.flags);
232 crypto_free_blkcipher(tfm);
235 static int test_hash_jiffies_digest(struct hash_desc *desc,
236 struct scatterlist *sg, int blen,
239 unsigned long start, end;
243 for (start = jiffies, end = start + sec * HZ, bcount = 0;
244 time_before(jiffies, end); bcount++) {
245 ret = crypto_hash_digest(desc, sg, blen, out);
250 printk("%6u opers/sec, %9lu bytes/sec\n",
251 bcount / sec, ((long)bcount * blen) / sec);
256 static int test_hash_jiffies(struct hash_desc *desc, struct scatterlist *sg,
257 int blen, int plen, char *out, int sec)
259 unsigned long start, end;
264 return test_hash_jiffies_digest(desc, sg, blen, out, sec);
266 for (start = jiffies, end = start + sec * HZ, bcount = 0;
267 time_before(jiffies, end); bcount++) {
268 ret = crypto_hash_init(desc);
271 for (pcount = 0; pcount < blen; pcount += plen) {
272 ret = crypto_hash_update(desc, sg, plen);
276 /* we assume there is enough space in 'out' for the result */
277 ret = crypto_hash_final(desc, out);
282 printk("%6u opers/sec, %9lu bytes/sec\n",
283 bcount / sec, ((long)bcount * blen) / sec);
288 static int test_hash_cycles_digest(struct hash_desc *desc,
289 struct scatterlist *sg, int blen, char *out)
291 unsigned long cycles = 0;
299 for (i = 0; i < 4; i++) {
300 ret = crypto_hash_digest(desc, sg, blen, out);
305 /* The real thing. */
306 for (i = 0; i < 8; i++) {
309 start = get_cycles();
311 ret = crypto_hash_digest(desc, sg, blen, out);
317 cycles += end - start;
327 printk("%6lu cycles/operation, %4lu cycles/byte\n",
328 cycles / 8, cycles / (8 * blen));
333 static int test_hash_cycles(struct hash_desc *desc, struct scatterlist *sg,
334 int blen, int plen, char *out)
336 unsigned long cycles = 0;
341 return test_hash_cycles_digest(desc, sg, blen, out);
347 for (i = 0; i < 4; i++) {
348 ret = crypto_hash_init(desc);
351 for (pcount = 0; pcount < blen; pcount += plen) {
352 ret = crypto_hash_update(desc, sg, plen);
356 ret = crypto_hash_final(desc, out);
361 /* The real thing. */
362 for (i = 0; i < 8; i++) {
365 start = get_cycles();
367 ret = crypto_hash_init(desc);
370 for (pcount = 0; pcount < blen; pcount += plen) {
371 ret = crypto_hash_update(desc, sg, plen);
375 ret = crypto_hash_final(desc, out);
381 cycles += end - start;
391 printk("%6lu cycles/operation, %4lu cycles/byte\n",
392 cycles / 8, cycles / (8 * blen));
397 static void test_hash_speed(const char *algo, unsigned int sec,
398 struct hash_speed *speed)
400 struct scatterlist sg[TVMEMSIZE];
401 struct crypto_hash *tfm;
402 struct hash_desc desc;
403 static char output[1024];
407 printk(KERN_INFO "\ntesting speed of %s\n", algo);
409 tfm = crypto_alloc_hash(algo, 0, CRYPTO_ALG_ASYNC);
412 printk(KERN_ERR "failed to load transform for %s: %ld\n", algo,
420 if (crypto_hash_digestsize(tfm) > sizeof(output)) {
421 printk(KERN_ERR "digestsize(%u) > outputbuffer(%zu)\n",
422 crypto_hash_digestsize(tfm), sizeof(output));
426 sg_init_table(sg, TVMEMSIZE);
427 for (i = 0; i < TVMEMSIZE; i++) {
428 sg_set_buf(sg + i, tvmem[i], PAGE_SIZE);
429 memset(tvmem[i], 0xff, PAGE_SIZE);
432 for (i = 0; speed[i].blen != 0; i++) {
433 if (speed[i].blen > TVMEMSIZE * PAGE_SIZE) {
435 "template (%u) too big for tvmem (%lu)\n",
436 speed[i].blen, TVMEMSIZE * PAGE_SIZE);
440 printk(KERN_INFO "test%3u "
441 "(%5u byte blocks,%5u bytes per update,%4u updates): ",
442 i, speed[i].blen, speed[i].plen, speed[i].blen / speed[i].plen);
445 ret = test_hash_jiffies(&desc, sg, speed[i].blen,
446 speed[i].plen, output, sec);
448 ret = test_hash_cycles(&desc, sg, speed[i].blen,
449 speed[i].plen, output);
452 printk(KERN_ERR "hashing failed ret=%d\n", ret);
458 crypto_free_hash(tfm);
461 static void test_available(void)
466 printk("alg %s ", *name);
467 printk(crypto_has_alg(*name, 0, 0) ?
468 "found\n" : "not found\n");
473 static inline int tcrypt_test(const char *alg)
477 ret = alg_test(alg, alg, 0, 0);
478 /* non-fips algs return -EINVAL in fips mode */
479 if (fips_enabled && ret == -EINVAL)
484 static int do_test(int m)
491 for (i = 1; i < 200; i++)
496 ret += tcrypt_test("md5");
500 ret += tcrypt_test("sha1");
504 ret += tcrypt_test("ecb(des)");
505 ret += tcrypt_test("cbc(des)");
509 ret += tcrypt_test("ecb(des3_ede)");
510 ret += tcrypt_test("cbc(des3_ede)");
514 ret += tcrypt_test("md4");
518 ret += tcrypt_test("sha256");
522 ret += tcrypt_test("ecb(blowfish)");
523 ret += tcrypt_test("cbc(blowfish)");
527 ret += tcrypt_test("ecb(twofish)");
528 ret += tcrypt_test("cbc(twofish)");
532 ret += tcrypt_test("ecb(serpent)");
536 ret += tcrypt_test("ecb(aes)");
537 ret += tcrypt_test("cbc(aes)");
538 ret += tcrypt_test("lrw(aes)");
539 ret += tcrypt_test("xts(aes)");
540 ret += tcrypt_test("ctr(aes)");
541 ret += tcrypt_test("rfc3686(ctr(aes))");
545 ret += tcrypt_test("sha384");
549 ret += tcrypt_test("sha512");
553 ret += tcrypt_test("deflate");
557 ret += tcrypt_test("ecb(cast5)");
561 ret += tcrypt_test("ecb(cast6)");
565 ret += tcrypt_test("ecb(arc4)");
569 ret += tcrypt_test("michael_mic");
573 ret += tcrypt_test("crc32c");
577 ret += tcrypt_test("ecb(tea)");
581 ret += tcrypt_test("ecb(xtea)");
585 ret += tcrypt_test("ecb(khazad)");
589 ret += tcrypt_test("wp512");
593 ret += tcrypt_test("wp384");
597 ret += tcrypt_test("wp256");
601 ret += tcrypt_test("ecb(tnepres)");
605 ret += tcrypt_test("ecb(anubis)");
606 ret += tcrypt_test("cbc(anubis)");
610 ret += tcrypt_test("tgr192");
615 ret += tcrypt_test("tgr160");
619 ret += tcrypt_test("tgr128");
623 ret += tcrypt_test("ecb(xeta)");
627 ret += tcrypt_test("pcbc(fcrypt)");
631 ret += tcrypt_test("ecb(camellia)");
632 ret += tcrypt_test("cbc(camellia)");
635 ret += tcrypt_test("sha224");
639 ret += tcrypt_test("salsa20");
643 ret += tcrypt_test("gcm(aes)");
647 ret += tcrypt_test("lzo");
651 ret += tcrypt_test("ccm(aes)");
655 ret += tcrypt_test("cts(cbc(aes))");
659 ret += tcrypt_test("rmd128");
663 ret += tcrypt_test("rmd160");
667 ret += tcrypt_test("rmd256");
671 ret += tcrypt_test("rmd320");
675 ret += tcrypt_test("ecb(seed)");
679 ret += tcrypt_test("zlib");
683 ret += tcrypt_test("rfc4309(ccm(aes))");
687 ret += tcrypt_test("hmac(md5)");
691 ret += tcrypt_test("hmac(sha1)");
695 ret += tcrypt_test("hmac(sha256)");
699 ret += tcrypt_test("hmac(sha384)");
703 ret += tcrypt_test("hmac(sha512)");
707 ret += tcrypt_test("hmac(sha224)");
711 ret += tcrypt_test("xcbc(aes)");
715 ret += tcrypt_test("hmac(rmd128)");
719 ret += tcrypt_test("hmac(rmd160)");
723 ret += tcrypt_test("vmac(aes)");
727 ret += tcrypt_test("ansi_cprng");
731 test_cipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0,
732 speed_template_16_24_32);
733 test_cipher_speed("ecb(aes)", DECRYPT, sec, NULL, 0,
734 speed_template_16_24_32);
735 test_cipher_speed("cbc(aes)", ENCRYPT, sec, NULL, 0,
736 speed_template_16_24_32);
737 test_cipher_speed("cbc(aes)", DECRYPT, sec, NULL, 0,
738 speed_template_16_24_32);
739 test_cipher_speed("lrw(aes)", ENCRYPT, sec, NULL, 0,
740 speed_template_32_40_48);
741 test_cipher_speed("lrw(aes)", DECRYPT, sec, NULL, 0,
742 speed_template_32_40_48);
743 test_cipher_speed("xts(aes)", ENCRYPT, sec, NULL, 0,
744 speed_template_32_48_64);
745 test_cipher_speed("xts(aes)", DECRYPT, sec, NULL, 0,
746 speed_template_32_48_64);
750 test_cipher_speed("ecb(des3_ede)", ENCRYPT, sec,
751 des3_speed_template, DES3_SPEED_VECTORS,
753 test_cipher_speed("ecb(des3_ede)", DECRYPT, sec,
754 des3_speed_template, DES3_SPEED_VECTORS,
756 test_cipher_speed("cbc(des3_ede)", ENCRYPT, sec,
757 des3_speed_template, DES3_SPEED_VECTORS,
759 test_cipher_speed("cbc(des3_ede)", DECRYPT, sec,
760 des3_speed_template, DES3_SPEED_VECTORS,
765 test_cipher_speed("ecb(twofish)", ENCRYPT, sec, NULL, 0,
766 speed_template_16_24_32);
767 test_cipher_speed("ecb(twofish)", DECRYPT, sec, NULL, 0,
768 speed_template_16_24_32);
769 test_cipher_speed("cbc(twofish)", ENCRYPT, sec, NULL, 0,
770 speed_template_16_24_32);
771 test_cipher_speed("cbc(twofish)", DECRYPT, sec, NULL, 0,
772 speed_template_16_24_32);
776 test_cipher_speed("ecb(blowfish)", ENCRYPT, sec, NULL, 0,
777 speed_template_8_32);
778 test_cipher_speed("ecb(blowfish)", DECRYPT, sec, NULL, 0,
779 speed_template_8_32);
780 test_cipher_speed("cbc(blowfish)", ENCRYPT, sec, NULL, 0,
781 speed_template_8_32);
782 test_cipher_speed("cbc(blowfish)", DECRYPT, sec, NULL, 0,
783 speed_template_8_32);
787 test_cipher_speed("ecb(des)", ENCRYPT, sec, NULL, 0,
789 test_cipher_speed("ecb(des)", DECRYPT, sec, NULL, 0,
791 test_cipher_speed("cbc(des)", ENCRYPT, sec, NULL, 0,
793 test_cipher_speed("cbc(des)", DECRYPT, sec, NULL, 0,
798 test_cipher_speed("ecb(camellia)", ENCRYPT, sec, NULL, 0,
799 speed_template_16_24_32);
800 test_cipher_speed("ecb(camellia)", DECRYPT, sec, NULL, 0,
801 speed_template_16_24_32);
802 test_cipher_speed("cbc(camellia)", ENCRYPT, sec, NULL, 0,
803 speed_template_16_24_32);
804 test_cipher_speed("cbc(camellia)", DECRYPT, sec, NULL, 0,
805 speed_template_16_24_32);
809 test_cipher_speed("salsa20", ENCRYPT, sec, NULL, 0,
810 speed_template_16_32);
817 test_hash_speed("md4", sec, generic_hash_speed_template);
818 if (mode > 300 && mode < 400) break;
821 test_hash_speed("md5", sec, generic_hash_speed_template);
822 if (mode > 300 && mode < 400) break;
825 test_hash_speed("sha1", sec, generic_hash_speed_template);
826 if (mode > 300 && mode < 400) break;
829 test_hash_speed("sha256", sec, generic_hash_speed_template);
830 if (mode > 300 && mode < 400) break;
833 test_hash_speed("sha384", sec, generic_hash_speed_template);
834 if (mode > 300 && mode < 400) break;
837 test_hash_speed("sha512", sec, generic_hash_speed_template);
838 if (mode > 300 && mode < 400) break;
841 test_hash_speed("wp256", sec, generic_hash_speed_template);
842 if (mode > 300 && mode < 400) break;
845 test_hash_speed("wp384", sec, generic_hash_speed_template);
846 if (mode > 300 && mode < 400) break;
849 test_hash_speed("wp512", sec, generic_hash_speed_template);
850 if (mode > 300 && mode < 400) break;
853 test_hash_speed("tgr128", sec, generic_hash_speed_template);
854 if (mode > 300 && mode < 400) break;
857 test_hash_speed("tgr160", sec, generic_hash_speed_template);
858 if (mode > 300 && mode < 400) break;
861 test_hash_speed("tgr192", sec, generic_hash_speed_template);
862 if (mode > 300 && mode < 400) break;
865 test_hash_speed("sha224", sec, generic_hash_speed_template);
866 if (mode > 300 && mode < 400) break;
869 test_hash_speed("rmd128", sec, generic_hash_speed_template);
870 if (mode > 300 && mode < 400) break;
873 test_hash_speed("rmd160", sec, generic_hash_speed_template);
874 if (mode > 300 && mode < 400) break;
877 test_hash_speed("rmd256", sec, generic_hash_speed_template);
878 if (mode > 300 && mode < 400) break;
881 test_hash_speed("rmd320", sec, generic_hash_speed_template);
882 if (mode > 300 && mode < 400) break;
895 static int do_alg_test(const char *alg, u32 type, u32 mask)
897 return crypto_has_alg(alg, type, mask ?: CRYPTO_ALG_TYPE_MASK) ?
901 static int __init tcrypt_mod_init(void)
906 for (i = 0; i < TVMEMSIZE; i++) {
907 tvmem[i] = (void *)__get_free_page(GFP_KERNEL);
913 err = do_alg_test(alg, type, mask);
918 printk(KERN_ERR "tcrypt: one or more tests failed!\n");
922 /* We intentionaly return -EAGAIN to prevent keeping the module,
923 * unless we're running in fips mode. It does all its work from
924 * init() and doesn't offer any runtime functionality, but in
925 * the fips case, checking for a successful load is helpful.
926 * => we don't need it in the memory, do we?
933 for (i = 0; i < TVMEMSIZE && tvmem[i]; i++)
934 free_page((unsigned long)tvmem[i]);
940 * If an init function is provided, an exit function must also be provided
941 * to allow module unload.
943 static void __exit tcrypt_mod_fini(void) { }
945 module_init(tcrypt_mod_init);
946 module_exit(tcrypt_mod_fini);
948 module_param(alg, charp, 0);
949 module_param(type, uint, 0);
950 module_param(mask, uint, 0);
951 module_param(mode, int, 0);
952 module_param(sec, uint, 0);
953 MODULE_PARM_DESC(sec, "Length in seconds of speed tests "
954 "(defaults to zero which uses CPU cycles instead)");
956 MODULE_LICENSE("GPL");
957 MODULE_DESCRIPTION("Quick & dirty crypto testing module");
958 MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>");