summaryrefslogtreecommitdiff
path: root/crypto/testmgr.c
AgeCommit message (Collapse)AuthorFilesLines
2014-10-14crypto: LLVMLinux: Remove VLAIS usage from crypto/testmgr.cJan-Simon Möller1-8/+6
Replaced the use of a Variable Length Array In Struct (VLAIS) with a C99 compliant equivalent. This patch allocates the appropriate amount of memory using a char array using the SHASH_DESC_ON_STACK macro. The new code can be compiled with both gcc and clang. Signed-off-by: Jan-Simon Möller <dl9pf@gmx.de> Signed-off-by: Behan Webster <behanw@converseincode.com> Reviewed-by: Mark Charlebois <charlebm@gmail.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Cc: pageexec@freemail.hu
2014-08-29crypto: testmgr - add test for lz4 and lz4hcKOVACS Krisztian1-0/+32
This patch adds a simple test vector for the lz4 and lz4hc compression algorithms. Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-08-25crypto: testmgr - remove unused function argumentCristian Stoica1-11/+5
The argument "req" of do_one_async_hash_op is not used by the function. This patch removes this argument and renames the function to match more closely its purpose. Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-08-25crypto: testmgr - delay execution of set-up codeCristian Stoica1-8/+6
Prepare IV array only if the dependent code is executed. Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-08-25crypto: testmgr - white space removal on __test_skcipherCristian Stoica1-149/+138
This patch inverts two if conditions to remove code blocks indentation. Several white space clean-ups follow. Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-08-25crypto: testmgr - white space removal on __test_hashCristian Stoica1-63/+60
This patch inverts one if condition to remove code block indentation. Several white space clean-ups follow. Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-08-25crypto: testmgr - white space fix-ups on test_aeadCristian Stoica1-256/+242
This patch inverts two if conditions and allows removal of one tab-stop in their code-blocks. Only white-space clean-up follows. Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-08-01crypto: testmgr - add missing spaces to drbg error stringsJarod Wilson1-3/+3
There are a few missing spaces in the error text strings for drbg_cavs_test, trivial fix. CC: "David S. Miller" <davem@davemloft.net> CC: linux-crypto@vger.kernel.org Signed-off-by: Jarod Wilson <jarod@redhat.com> Acked-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-07-23crypto: testmgr - avoid DMA mapping from text, rodata, stackHoria Geanta1-8/+49
With DMA_API_DEBUG set, following warnings are emitted (tested on CAAM accelerator): DMA-API: device driver maps memory from kernel text or rodata DMA-API: device driver maps memory from stack and the culprits are: -key in __test_aead and __test_hash -result in __test_hash MAX_KEYLEN is changed to accommodate maximum key length from existing test vectors in crypto/testmgr.h (131 bytes) and rounded. Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Acked-by: Kim Phillips <kim.phillips@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-06-20crypto: drbg - Add DRBG test code to testmgrStephan Mueller1-0/+247
The DRBG test code implements the CAVS test approach. As discussed for the test vectors, all DRBG types are covered with testing. However, not every backend cipher is covered with testing. To prevent the testmgr from logging missing testing, the NULL test is registered for all backend ciphers not covered with specific test cases. All currently implemented DRBG types and backend ciphers are defined in SP800-90A. Therefore, the fips_allowed flag is set for all. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-05-22crypto: testmgr - add aead cbc des, des3_ede testsNitesh Lal1-12/+162
Test vectors were taken from existing test for CBC(DES3_EDE). Associated data has been added to test vectors. HMAC computed with Crypto++ has been used. Following algos have been covered. (a) "authenc(hmac(sha1),cbc(des))" (b) "authenc(hmac(sha1),cbc(des3_ede))" (c) "authenc(hmac(sha224),cbc(des))" (d) "authenc(hmac(sha224),cbc(des3_ede))" (e) "authenc(hmac(sha256),cbc(des))" (f) "authenc(hmac(sha256),cbc(des3_ede))" (g) "authenc(hmac(sha384),cbc(des))" (h) "authenc(hmac(sha384),cbc(des3_ede))" (i) "authenc(hmac(sha512),cbc(des))" (j) "authenc(hmac(sha512),cbc(des3_ede))" Signed-off-by: Vakul Garg <vakul@freescale.com> [NiteshNarayanLal@freescale.com: added hooks for the missing algorithms test and tested the patch] Signed-off-by: Nitesh Lal <NiteshNarayanLal@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-05-22crypto: testmgr - Fix DMA-API warningTadeusz Struk1-2/+5
With DMA-API debug enabled testmgr triggers a "DMA-API: device driver maps memory from stack" warning, when tested on a crypto HW accelerator. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2014-03-21crypto: testmgr - add aead null encryption test vectorsHoria Geanta1-0/+32
Add test vectors for aead with null encryption and md5, respectively sha1 authentication. Input data is taken from test vectors listed in RFC2410. Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-11-28crypto: testmgr - fix sglen in test_aead for case 'dst != src'Horia Geanta1-14/+12
Commit d8a32ac25698cd60b02bed2100379803c7f964e3 (crypto: testmgr - make test_aead also test 'dst != src' code paths) added support for different source and destination buffers in test_aead. This patch modifies the source and destination buffer lengths accordingly: the lengths are not equal since encryption / decryption adds / removes the ICV. Cc: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-11-15tree-wide: use reinit_completion instead of INIT_COMPLETIONWolfram Sang1-6/+6
Use this new function to make code more comprehensible, since we are reinitialzing the completion, not initializing. [akpm@linux-foundation.org: linux-next resyncs] Signed-off-by: Wolfram Sang <wsa@the-dreams.de> Acked-by: Linus Walleij <linus.walleij@linaro.org> (personally at LCE13) Cc: Ingo Molnar <mingo@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-09-07Reinstate "crypto: crct10dif - Wrap crc_t10dif function all to use crypto ↵Herbert Xu1-0/+10
transform framework" This patch reinstates commits 67822649d7305caf3dd50ed46c27b99c94eff996 39761214eefc6b070f29402aa1165f24d789b3f7 0b95a7f85718adcbba36407ef88bba0a7379ed03 31d939625a9a20b1badd2d4e6bf6fd39fa523405 2d31e518a42828df7877bca23a958627d60408bc Now that module softdeps are in the kernel we can use that to resolve the boot issue which cause the revert. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-09-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linuxHerbert Xu1-10/+0
Merge upstream tree in order to reinstate crct10dif.
2013-08-01crypto: testmgr - remove double execution of the same test suiteCristian Stoica1-1/+1
This patch removes redundant execution of the same test suite in cases where alg and driver variables are the same (e.g. when alg_test is called from tcrypt_test) Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> Reviewed-by: Horia Geanta <horia.geanta@freescale.com> Reviewed-by: Ruchika Gupta <ruchika.gupta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-07-24Revert "crypto: crct10dif - Wrap crc_t10dif function all to use crypto ↵Herbert Xu1-10/+0
transform framework" This reverts commits 67822649d7305caf3dd50ed46c27b99c94eff996 39761214eefc6b070f29402aa1165f24d789b3f7 0b95a7f85718adcbba36407ef88bba0a7379ed03 31d939625a9a20b1badd2d4e6bf6fd39fa523405 2d31e518a42828df7877bca23a958627d60408bc Unfortunately this change broke boot on some systems that used an initrd which does not include the newly created crct10dif modules. As these modules are required by sd_mod under certain configurations this is a serious problem. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-06-21crypto: testmgr - test hash implementations with unaligned buffersJussi Kivilinna1-2/+39
This patch adds unaligned buffer tests for hashes. The first new test is with one byte offset and the second test checks if cra_alignmask for driver is big enough; for example, for testing a case where cra_alignmask is set to 7, but driver really needs buffers to be aligned to 16 bytes. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-06-21crypto: testmgr - test AEADs with unaligned buffersJussi Kivilinna1-6/+31
This patch adds unaligned buffer tests for AEADs. The first new test is with one byte offset and the second test checks if cra_alignmask for driver is big enough; for example, for testing a case where cra_alignmask is set to 7, but driver really needs buffers to be aligned to 16 bytes. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-06-21crypto: testmgr - test skciphers with unaligned buffersJussi Kivilinna1-4/+29
This patch adds unaligned buffer tests for blkciphers. The first new test is with one byte offset and the second test checks if cra_alignmask for driver is big enough; for example, for testing a case where cra_alignmask is set to 7, but driver really needs buffers to be aligned to 16 bytes. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-06-21crypto: testmgr - check that entries in alg_test_descs are in correct orderJussi Kivilinna1-0/+31
Patch adds check for alg_test_descs list order, so that accidentically misplaced entries are found quicker. Duplicate entries are also checked for. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-06-21Revert "crypto: twofish - add AVX2/x86_64 assembler implementation of ↵Jussi Kivilinna1-12/+0
twofish cipher" This reverts commit cf1521a1a5e21fd1e79a458605c4282fbfbbeee2. Instruction (vpgatherdd) that this implementation relied on turned out to be slow performer on real hardware (i5-4570). The previous 8-way twofish/AVX implementation is therefore faster and this implementation should be removed. Converting this implementation to use the same method as in twofish/AVX for table look-ups would give additional ~3% speed up vs twofish/AVX, but would hardly be worth of the added code and binary size. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-06-21Revert "crypto: blowfish - add AVX2/x86_64 implementation of blowfish cipher"Jussi Kivilinna1-12/+0
This reverts commit 604880107010a1e5794552d184cd5471ea31b973. Instruction (vpgatherdd) that this implementation relied on turned out to be slow performer on real hardware (i5-4570). The previous 4-way blowfish implementation is therefore faster and this implementation should be removed. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-05-24crypto: crct10dif - Simple correctness and speed test for CRCT10DIF hashTim Chen1-0/+10
These are simple tests to do sanity check of CRC T10 DIF hash. The correctness of the transform can be checked with the command modprobe tcrypt mode=47 The speed of the transform can be evaluated with the command modprobe tcrypt mode=320 Set the cpu frequency to constant and turn turbo off when running the speed test so the frequency governor will not tweak the frequency and affects the measurements. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-04-25crypto: camellia - add AVX2/AES-NI/x86_64 assembler implementation of ↵Jussi Kivilinna1-0/+12
camellia cipher Patch adds AVX2/AES-NI/x86-64 implementation of Camellia cipher, requiring 32 parallel blocks for input (512 bytes). Compared to AVX implementation, this version is extended to use the 256-bit wide YMM registers. For AES-NI instructions data is split to two 128-bit registers and merged afterwards. Even with this additional handling, performance should be higher compared to the AES-NI/AVX implementation. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-04-25crypto: serpent - add AVX2/x86_64 assembler implementation of serpent cipherJussi Kivilinna1-0/+15
Patch adds AVX2/x86-64 implementation of Serpent cipher, requiring 16 parallel blocks for input (256 bytes). Implementation is based on the AVX implementation and extends to use the 256-bit wide YMM registers. Since serpent does not use table look-ups, this implementation should be close to two times faster than the AVX implementation. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-04-25crypto: twofish - add AVX2/x86_64 assembler implementation of twofish cipherJussi Kivilinna1-0/+12
Patch adds AVX2/x86-64 implementation of Twofish cipher, requiring 16 parallel blocks for input (256 bytes). Table look-ups are performed using vpgatherdd instruction directly from vector registers and thus should be faster than earlier implementations. Implementation also uses 256-bit wide YMM registers, which should give additional speed up compared to the AVX implementation. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-04-25crypto: blowfish - add AVX2/x86_64 implementation of blowfish cipherJussi Kivilinna1-0/+12
Patch adds AVX2/x86-64 implementation of Blowfish cipher, requiring 32 parallel blocks for input (256 bytes). Table look-ups are performed using vpgatherdd instruction directly from vector registers and thus should be faster than earlier implementations. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-04-25crypto: add CMAC support to CryptoAPIJussi Kivilinna1-0/+18
Patch adds support for NIST recommended block cipher mode CMAC to CryptoAPI. This work is based on Tom St Denis' earlier patch, http://marc.info/?l=linux-crypto-vger&m=135877306305466&w=2 Cc: Tom St Denis <tstdenis@elliptictech.com> Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-04-25crypto: testmgr - add empty test vectors for null ciphersJussi Kivilinna1-0/+9
Without these, kernel log shows: [ 5.984881] alg: No test for cipher_null (cipher_null-generic) [ 5.985096] alg: No test for ecb(cipher_null) (ecb-cipher_null) [ 5.985170] alg: No test for compress_null (compress_null-generic) [ 5.985297] alg: No test for digest_null (digest_null-generic) Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-04-25crypto: testmgr - add AES GMAC test vectorsJussi Kivilinna1-2/+15
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2013-01-20crypto: testmgr - add test vector for fcryptJussi Kivilinna1-0/+15
fcrypt is used only as pcbc(fcrypt), but testmgr does not know this. Use the zero key, zero plaintext pcbc(fcrypt) test vector for testing plain 'fcrypt' to hide "no test for fcrypt" warnings. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-12-06crypto: testmgr - allow compression algs in fips modeMilan Broz1-0/+3
When in fips mode, compression algoritms fails to initialize, e.g. modprobe ubifs returns UBIFS error: compr_init: cannot initialize compressor lzo, error -2 FIPS mode should not care about compression algoritms at all. Patch just set fips_enabled flag to 1 to all compression algorithms managed by testmgr. Signed-off-by: Milan Broz <mbroz@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-12-06crypto: testmgr - clean alg_test_null entries in alg_test_descs[]Jussi Kivilinna1-372/+0
Currently alg_test_null entries set .suite values to zero, which is unneeded. So perform clean-up of null test entries. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-12-06crypto: testmgr - remove fips_allowed flag from camellia-aesni null-testsJussi Kivilinna1-2/+0
Remove incorrect fips_allowed from camellia null-test entries. Caused by incorrect copy-paste of aes-aesni null-tests into camellia-aesni null-tests. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-11-09crypto: camellia - add AES-NI/AVX/x86_64 assembler implementation of ↵Jussi Kivilinna1-0/+62
camellia cipher This patch adds AES-NI/AVX/x86_64 assembler implementation of Camellia block cipher. Implementation process data in sixteen block chunks, which are byte-sliced and AES SubBytes is reused for Camellia s-box with help of pre- and post-filtering. Patch has been tested with tcrypt and automated filesystem tests. tcrypt test results: Intel Core i5-2450M: camellia-aesni-avx vs camellia-asm-x86_64-2way: 128bit key: (lrw:256bit) (xts:256bit) size ecb-enc ecb-dec cbc-enc cbc-dec ctr-enc ctr-dec lrw-enc lrw-dec xts-enc xts-dec 16B 0.98x 0.96x 0.99x 0.96x 0.96x 0.95x 0.95x 0.94x 0.97x 0.98x 64B 0.99x 0.98x 1.00x 0.98x 0.98x 0.99x 0.98x 0.93x 0.99x 0.98x 256B 2.28x 2.28x 1.01x 2.29x 2.25x 2.24x 1.96x 1.97x 1.91x 1.90x 1024B 2.57x 2.56x 1.00x 2.57x 2.51x 2.53x 2.19x 2.17x 2.19x 2.22x 8192B 2.49x 2.49x 1.00x 2.53x 2.48x 2.49x 2.17x 2.17x 2.22x 2.22x 256bit key: (lrw:384bit) (xts:512bit) size ecb-enc ecb-dec cbc-enc cbc-dec ctr-enc ctr-dec lrw-enc lrw-dec xts-enc xts-dec 16B 0.97x 0.98x 0.99x 0.97x 0.97x 0.96x 0.97x 0.98x 0.98x 0.99x 64B 1.00x 1.00x 1.01x 0.99x 0.98x 0.99x 0.99x 0.99x 0.99x 0.99x 256B 2.37x 2.37x 1.01x 2.39x 2.35x 2.33x 2.10x 2.11x 1.99x 2.02x 1024B 2.58x 2.60x 1.00x 2.58x 2.56x 2.56x 2.28x 2.29x 2.28x 2.29x 8192B 2.50x 2.52x 1.00x 2.56x 2.51x 2.51x 2.24x 2.25x 2.26x 2.29x Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-10-24crypto: testmgr - add new larger DES3_EDE testvectorsJussi Kivilinna1-0/+15
Most DES3_EDE testvectors are short and do not test parallelised codepaths well. Add larger testvectors to test large crypto operations and to test multi-page crypto with DES3_EDE. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-10-24crypto: testmgr - add new larger DES testvectorsJussi Kivilinna1-0/+15
Most DES testvectors are short and do not test parallelised codepaths well. Add larger testvectors to test large crypto operations and to test multi-page crypto with DES. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-09-27crypto: testmgr - make test_aead also test 'dst != src' code pathsJussi Kivilinna1-48/+105
Currrently test_aead uses same buffer for destination and source. However in any places, 'dst != src' take different path than 'dst == src' case. Therefore make test_aead also run tests with destination buffer being different than source buffer. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-09-27crypto: testmgr - make test_skcipher also test 'dst != src' code pathsJussi Kivilinna1-31/+76
Currrently test_skcipher uses same buffer for destination and source. However in any places, 'dst != src' take different path than 'dst == src' case. Therefore make test_skcipher also run tests with destination buffer being different than source buffer. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-09-27crypto: testmgr - allow non-multi page and multi page skcipher tests from ↵Jussi Kivilinna1-1/+1
same test template Allow non-multi page and multi page skcipher tests to be run on same test template, to avoid duplicating data. Signed-off-by: Jussi Kivilinna <jussi.kivilinna@mbnet.fi> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-08-01crypto: cast6 - add x86_64/avx assembler implementationJohannes Goetzfried1-0/+60
This patch adds a x86_64/avx assembler implementation of the Cast6 block cipher. The implementation processes eight blocks in parallel (two 4 block chunk AVX operations). The table-lookups are done in general-purpose registers. For small blocksizes the functions from the generic module are called. A good performance increase is provided for blocksizes greater or equal to 128B. Patch has been tested with tcrypt and automated filesystem tests. Tcrypt benchmark results: Intel Core i5-2500 CPU (fam:6, model:42, step:7) cast6-avx-x86_64 vs. cast6-generic 128bit key: (lrw:256bit) (xts:256bit) size ecb-enc ecb-dec cbc-enc cbc-dec ctr-enc ctr-dec lrw-enc lrw-dec xts-enc xts-dec 16B 0.97x 1.00x 1.01x 1.01x 0.99x 0.97x 0.98x 1.01x 0.96x 0.98x 64B 0.98x 0.99x 1.02x 1.01x 0.99x 1.00x 1.01x 0.99x 1.00x 0.99x 256B 1.77x 1.84x 0.99x 1.85x 1.77x 1.77x 1.70x 1.74x 1.69x 1.72x 1024B 1.93x 1.95x 0.99x 1.96x 1.93x 1.93x 1.84x 1.85x 1.89x 1.87x 8192B 1.91x 1.95x 0.99x 1.97x 1.95x 1.91x 1.86x 1.87x 1.93x 1.90x 256bit key: (lrw:384bit) (xts:512bit) size ecb-enc ecb-dec cbc-enc cbc-dec ctr-enc ctr-dec lrw-enc lrw-dec xts-enc xts-dec 16B 0.97x 0.99x 1.02x 1.01x 0.98x 0.99x 1.00x 1.00x 0.98x 0.98x 64B 0.98x 0.99x 1.01x 1.00x 1.00x 1.00x 1.01x 1.01x 0.97x 1.00x 256B 1.77x 1.83x 1.00x 1.86x 1.79x 1.78x 1.70x 1.76x 1.71x 1.69x 1024B 1.92x 1.95x 0.99x 1.96x 1.93x 1.93x 1.83x 1.86x 1.89x 1.87x 8192B 1.94x 1.95x 0.99x 1.97x 1.95x 1.95x 1.87x 1.87x 1.93x 1.91x Signed-off-by: Johannes Goetzfried <Johannes.Goetzfried@informatik.stud.uni-erlangen.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-08-01crypto: testmgr - add larger cast6 testvectorsJohannes Goetzfried1-0/+60
New ECB, CBC, CTR, LRW and XTS testvectors for cast6. We need larger testvectors to check parallel code paths in the optimized implementation. Tests have also been added to the tcrypt module. Signed-off-by: Johannes Goetzfried <Johannes.Goetzfried@informatik.stud.uni-erlangen.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-08-01crypto: cast5 - add x86_64/avx assembler implementationJohannes Goetzfried1-0/+60
This patch adds a x86_64/avx assembler implementation of the Cast5 block cipher. The implementation processes sixteen blocks in parallel (four 4 block chunk AVX operations). The table-lookups are done in general-purpose registers. For small blocksizes the functions from the generic module are called. A good performance increase is provided for blocksizes greater or equal to 128B. Patch has been tested with tcrypt and automated filesystem tests. Tcrypt benchmark results: Intel Core i5-2500 CPU (fam:6, model:42, step:7) cast5-avx-x86_64 vs. cast5-generic 64bit key: size ecb-enc ecb-dec cbc-enc cbc-dec ctr-enc ctr-dec 16B 0.99x 0.99x 1.00x 1.00x 1.02x 1.01x 64B 1.00x 1.00x 0.98x 1.00x 1.01x 1.02x 256B 2.03x 2.01x 0.95x 2.11x 2.12x 2.13x 1024B 2.30x 2.24x 0.95x 2.29x 2.35x 2.35x 8192B 2.31x 2.27x 0.95x 2.31x 2.39x 2.39x 128bit key: size ecb-enc ecb-dec cbc-enc cbc-dec ctr-enc ctr-dec 16B 0.99x 0.99x 1.00x 1.00x 1.01x 1.01x 64B 1.00x 1.00x 0.98x 1.01x 1.02x 1.01x 256B 2.17x 2.13x 0.96x 2.19x 2.19x 2.19x 1024B 2.29x 2.32x 0.95x 2.34x 2.37x 2.38x 8192B 2.35x 2.32x 0.95x 2.35x 2.39x 2.39x Signed-off-by: Johannes Goetzfried <Johannes.Goetzfried@informatik.stud.uni-erlangen.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-08-01crypto: testmgr - add larger cast5 testvectorsJohannes Goetzfried1-0/+30
New ECB, CBC and CTR testvectors for cast5. We need larger testvectors to check parallel code paths in the optimized implementation. Tests have also been added to the tcrypt module. Signed-off-by: Johannes Goetzfried <Johannes.Goetzfried@informatik.stud.uni-erlangen.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-07-11crypto: testmgr - add aead cbc aes hmac sha1,256,512 test vectorsHoria Geanta1-0/+36
Test vectors were generated starting from existing CBC(AES) test vectors (RFC3602, NIST SP800-38A) and adding HMAC(SHA*) computed with Crypto++ and double-checked with HashCalc. Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-07-11crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips modeMilan Broz1-0/+38
Patch 863b557a88f8c033f7419fabafef4712a5055f85 added NULL entries for intel accelerated drivers but did not marked these fips allowed. This cause panic if running tests with fips=1. For ghash, fips_allowed flag was added in patch 18c0ebd2d8194cce4b3f67e2903fa01bea892cbc. Without patch, "modprobe tcrypt" fails with alg: skcipher: Failed to load transform for cbc-aes-aesni: -2 cbc-aes-aesni: cbc(aes) alg self test failed in fips mode! (panic) Also add missing cryptd(__driver-cbc-aes-aesni) and cryptd(__driver-gcm-aes-aesni) test to complement null tests above, otherwise system complains with alg: No test for __cbc-aes-aesni (cryptd(__driver-cbc-aes-aesni)) alg: No test for __gcm-aes-aesni (cryptd(__driver-gcm-aes-aesni)) Signed-off-by: Milan Broz <mbroz@redhat.com> Signed-off-by: Paul Wouters <pwouters@redhat.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2012-06-12crypto: serpent - add x86_64/avx assembler implementationJohannes Goetzfried1-0/+60
This patch adds a x86_64/avx assembler implementation of the Serpent block cipher. The implementation is very similar to the sse2 implementation and processes eight blocks in parallel. Because of the new non-destructive three operand syntax all move-instructions can be removed and therefore a little performance increase is provided. Patch has been tested with tcrypt and automated filesystem tests. Tcrypt benchmark results: Intel Core i5-2500 CPU (fam:6, model:42, step:7) serpent-avx-x86_64 vs. serpent-sse2-x86_64 128bit key: (lrw:256bit) (xts:256bit) size ecb-enc ecb-dec cbc-enc cbc-dec ctr-enc ctr-dec lrw-enc lrw-dec xts-enc xts-dec 16B 1.03x 1.01x 1.01x 1.01x 1.00x 1.00x 1.00x 1.00x 1.00x 1.01x 64B 1.00x 1.00x 1.00x 1.00x 1.00x 0.99x 1.00x 1.01x 1.00x 1.00x 256B 1.05x 1.03x 1.00x 1.02x 1.05x 1.06x 1.05x 1.02x 1.05x 1.02x 1024B 1.05x 1.02x 1.00x 1.02x 1.05x 1.06x 1.05x 1.03x 1.05x 1.02x 8192B 1.05x 1.02x 1.00x 1.02x 1.06x 1.06x 1.04x 1.03x 1.04x 1.02x 256bit key: (lrw:384bit) (xts:512bit) size ecb-enc ecb-dec cbc-enc cbc-dec ctr-enc ctr-dec lrw-enc lrw-dec xts-enc xts-dec 16B 1.01x 1.00x 1.01x 1.01x 1.00x 1.00x 0.99x 1.03x 1.01x 1.01x 64B 1.00x 1.00x 1.00x 1.00x 1.00x 1.00x 1.00x 1.01x 1.00x 1.02x 256B 1.05x 1.02x 1.00x 1.02x 1.05x 1.02x 1.04x 1.05x 1.05x 1.02x 1024B 1.06x 1.02x 1.00x 1.02x 1.07x 1.06x 1.05x 1.04x 1.05x 1.02x 8192B 1.05x 1.02x 1.00x 1.02x 1.06x 1.06x 1.04x 1.05x 1.05x 1.02x serpent-avx-x86_64 vs aes-asm (8kB block): 128bit 256bit ecb-enc 1.26x 1.73x ecb-dec 1.20x 1.64x cbc-enc 0.33x 0.45x cbc-dec 1.24x 1.67x ctr-enc 1.32x 1.76x ctr-dec 1.32x 1.76x lrw-enc 1.20x 1.60x lrw-dec 1.15x 1.54x xts-enc 1.22x 1.64x xts-dec 1.17x 1.57x Signed-off-by: Johannes Goetzfried <Johannes.Goetzfried@informatik.stud.uni-erlangen.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>