[PATCH 4/6] compile the DRBG code
Signed-off-by: Stephan Mueller smuel...@chronox.de diff --git a/crypto/Makefile b/crypto/Makefile index b29402a..0d63373 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -92,6 +92,7 @@ obj-$(CONFIG_CRYPTO_842) += 842.o obj-$(CONFIG_CRYPTO_RNG2) += rng.o obj-$(CONFIG_CRYPTO_RNG2) += krng.o obj-$(CONFIG_CRYPTO_ANSI_CPRNG) += ansi_cprng.o +obj-$(CONFIG_CRYTPO_DRBG) += drbg.o obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o obj-$(CONFIG_CRYPTO_GHASH) += ghash-generic.o obj-$(CONFIG_CRYPTO_USER_API) += af_alg.o -- 1.8.5.3 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 0/6] SP800-90A Deterministic Random Bit Generator
Hi, the following set of patches implements the deterministic random bit generator (DRBG) specified by SP800-90A. The DRBG implementation offers the following: * All three DRBG types are implemented with a derivation function. * All DRBG types are available with and without prediction resistance. * All SHA types of SHA-1, SHA-256, SHA-384, SHA-512 are available for the HMAC and Hash DRBGs. * All AES types of AES-128, AES-192 and AES-256 are available for the CTR DRBG. * A self test is implemented with drbg_healthcheck(). * The FIPS 140-2 continuous self test is implemented. * Additional cipher primitives, such as Serpent or Twofish, can be added to the DRBG without changing the implementation. The only change necessary is to the DRBG definition given in the cores[] array. As defined in SP800-131A, the ANSI X9.31 DRNG is to be sunset by the end of this year for official uses, including FIPS 140-2 compliance. Additional tests are available at [1]. [1] http://www.chronox.de/drbg.html Stephan Mueller (6): SP800-90A Deterministic Random Bit Generator header file for DRBG DRBG kernel configuration options compile the DRBG code DRBG testmgr test vectors Add DRBG test code to testmgr crypto/Kconfig| 36 +- crypto/Makefile |1 + crypto/drbg.c | 1941 + crypto/testmgr.c | 269 +++ crypto/testmgr.h | 877 ++ include/crypto/drbg.h | 340 + 6 files changed, 3463 insertions(+), 1 deletion(-) create mode 100644 crypto/drbg.c create mode 100644 include/crypto/drbg.h -- 1.8.5.3 , Ciao Stephan -- | Cui bono? | -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 1/6] SP800-90A Deterministic Random Bit Generator
This is a clean-room implementation of the DRBG defined in SP800-90A. All three viable DRBGs defined in the standard are implemented: * HMAC * Hash * CTR Signed-off-by: Stephan Mueller smuel...@chronox.de create mode 100644 crypto/drbg.c diff --git a/crypto/drbg.c b/crypto/drbg.c new file mode 100644 index 000..5308cce --- /dev/null +++ b/crypto/drbg.c @@ -0,0 +1,1941 @@ +/* + * DRBG: Deterministic Random Bits Generator + * Based on NIST Recommended DRBG from NIST SP800-90A with the following + * properties: + * * CTR DRBG with DF with AES-128, AES-192, AES-256 cores + * * Hash DRBG with DF with SHA-1, SHA-256, SHA-384, SHA-512 cores + * * HMAC DRBG with DF with SHA-1, SHA-256, SHA-384, SHA-512 cores + * * with and without prediction resistance + * + * Copyright Stephan Mueller smuel...@chronox.de, 2014 + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + *notice, and the entire permission notice in its entirety, + *including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + *products derived from this software without specific prior + *written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU General Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF + * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT + * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * DRBG Usage + * == + * The SP 800-90A DRBG allows the user to specify a personalization string + * for initialization as well as an additional information string for each + * random number request. The following code fragments show how a caller + * uses the kernel crypto API to use the full functionality of the DRBG. + * + * Usage without any additional data + * - + * struct crypto_rng *drng; + * int err; + * char data[DATALEN]; + * + * drng = crypto_alloc_rng(drng_name, 0, 0); + * err = crypto_rng_get_bytes(drng, data, DATALEN); + * crypto_free_rng(drng); + * + * + * Usage with personalization string during initialization + * --- + * struct crypto_rng *drng; + * int err; + * char data[DATALEN]; + * char personalization = some-string; + * + * drng = crypto_alloc_rng(drng_name, 0, 0); + * // The reset completely re-initializes the DRBG with the provided + * // personalization string + * err = crypto_rng_reset(drng, personalization, strlen(personalization)); + * err = crypto_rng_get_bytes(drng, data, DATALEN); + * crypto_free_rng(drng); + * + * + * Usage with additional information string during random number request + * - + * struct crypto_rng *drng; + * int err; + * char data[DATALEN]; + * char addtl = some-string; + * + * drng = crypto_alloc_rng(drng_name, 0, 0); + * // The following call is a wrapper to crypto_rng_get_bytes() and returns + * // the same error codes. + * err = crypto_drbg_get_bytes_addtl(drng, + * data, DATALEN, + * addtl, strlen(addtl)); + * crypto_free_rng(drng); + * + * + * Usage with personalization and additional information strings + * - + * Just mix both scenarios above. + */ + +#include crypto/drbg.h + +#if !defined(CONFIG_CRYPTO_DRBG_HASH) \ + !defined(CONFIG_CRYPTO_DRBG_HMAC) \ + !defined(CONFIG_CRYPTO_DRBG_CTR) +#warning The DRBG code is useless without compiling at least one DRBG type +#endif + +/*** + *
[PATCH 3/6] DRBG kernel configuration options
The different DRBG types of CTR, Hash, HMAC can be enabled or disabled at compile time. At least one DRBG type shall be selected. The default is the HMAC DRBG as its code base is smallest. Signed-off-by: Stephan Mueller smuel...@chronox.de diff --git a/crypto/Kconfig b/crypto/Kconfig index 7bcb70d..2cdf9c6 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -23,7 +23,7 @@ comment Crypto core or helper config CRYPTO_FIPS bool FIPS 200 compliance - depends on CRYPTO_ANSI_CPRNG !CRYPTO_MANAGER_DISABLE_TESTS + depends on (CRYPTO_ANSI_CPRNG || CRYTPO_DRBG) !CRYPTO_MANAGER_DISABLE_TESTS help This options enables the fips boot option which is required if you want to system to operate in a FIPS 200 @@ -1380,6 +1380,40 @@ config CRYPTO_ANSI_CPRNG ANSI X9.31 A.2.4. Note that this option must be enabled if CRYPTO_FIPS is selected +menuconfig CRYTPO_DRBG + tristate NIST SP800-90A DRBG + depends on CRYPTO + select CRYPTO_RNG + help + NIST SP800-90A compliant DRBG. In the following submenu, one or + more of the DRBG types must be selected. + +if CRYTPO_DRBG + +config CRYPTO_DRBG_HMAC + bool Enable HMAC DRBG + default y + depends on CRYTPO_DRBG + select CRYPTO_HMAC + help + Enable the HMAC DRBG variant as defined in NIST SP800-90A. + +config CRYPTO_DRBG_HASH + bool Enable Hash DRBG + depends on CRYTPO_DRBG + select CRYPTO_HASH + help + Enable the Hash DRBG variant as defined in NIST SP800-90A. + +config CRYPTO_DRBG_CTR + bool Enable CTR DRBG + depends on CRYTPO_DRBG + select CRYPTO_AES + help + Enable the CTR DRBG variant as defined in NIST SP800-90A. + +endif #CRYTPO_DRBG + config CRYPTO_USER_API tristate -- 1.8.5.3 -- To unsubscribe from this list: send the line unsubscribe linux-crypto in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH 5/6] DRBG testmgr test vectors
All types of the DRBG (CTR, HMAC, Hash) are covered with test vectors.
In addition, all permutations of use cases of the DRBG are covered:
* with and without predition resistance
* with and without additional information string
* with and without personalization string
As the DRBG implementation is agnositc of the specific backend cipher,
only test vectors for one specific backend cipher is used. For example:
the Hash DRBG uses the same code paths irrespectively of using SHA-256
or SHA-512. Thus, the test vectors for SHA-256 cover the testing of all
DRBG code paths of SHA-512.
Signed-off-by: Stephan Mueller smuel...@chronox.de
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 7d44aa3..2ee3bba 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -92,6 +92,29 @@ struct cprng_testvec {
unsigned short loops;
};
+struct drbg_testvec {
+ unsigned char *entropy; /* entropy string for initialization -- this
+* string is a concatenation of the entropy
+* and nonce variable from CAVS */
+ size_t entropylen; /* length of entropy and nonce variable */
+ unsigned char *entpra; /* for prediction resistance: entropy for
+* first reseeding */
+ unsigned char *entprb; /* for prediction resistance: entropy for
+* second reseeding */
+ size_t entprlen;/* length of prediction resistance entropy */
+ unsigned char *addtla; /* additional input string for first random
+* value */
+ unsigned char *addtlb; /* additional input string for second random
+* value */
+ size_t addtllen;/* length of additional input string */
+ unsigned char *pers;/* personalization string */
+ size_t perslen; /* personalization string length */
+ unsigned char *expected; /* expected random value -- for CAVS test,
+ this value does not apply and the memcmp
+ in drbg_cavs_test does not apply either*/
+ size_t expectedlen; /* length of expected random value */
+};
+
static char zeroed_string[48];
/*
@@ -19162,6 +19185,860 @@ static struct cprng_testvec
ansi_cprng_aes_tv_template[] = {
},
};
+/*
+ * SP800-90A DRBG Test vectors from
+ * http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgtestvectors.zip
+ *
+ * Test vectors for DRBG with prediction resistance. All types of DRBGs
+ * (Hash, HMAC, CTR) are tested with all permutations of use cases (w/ and
+ * w/o personalization string, w/ and w/o additional input string).
+ */
+struct drbg_testvec drbg_pr_sha256_tv_template[] =
+{
+ {
+ .entropy = (unsigned char *)
+ \x72\x88\x4c\xcd\x6c\x85\x57\x70\xf7\x0b\x8b\x86
+ \xc1\xeb\xd2\x4e\x36\x14\xab\x18\xc4\x9c\xc9\xcf
+ \x1a\xe8\xf7\x7b\x02\x49\x73\xd7\xf1\x42\x7d\xc6
+ \x3f\x29\x2d\xec\xd3\x66\x51\x3f\x1d\x8d\x5b\x4e,
+ .entropylen = 48,
+ .entpra = (unsigned char *)
+ \x38\x9c\x91\xfa\xc2\xa3\x46\x89\x56\x08\x3f\x62
+ \x73\xd5\x22\xa9\x29\x63\x3a\x1d\xe5\x5d\x5e\x4f
+ \x67\xb0\x67\x7a\x5e\x9e\x0c\x62,
+ .entprb = (unsigned char *)
+ \xb2\x8f\x36\xb2\xf6\x8d\x39\x13\xfa\x6c\x66\xcf
+ \x62\x8a\x7e\x8c\x12\x33\x71\x9c\x69\xe4\xa5\xf0
+ \x8c\xee\xeb\x9c\xf5\x31\x98\x31,
+ .entprlen = 32,
+ .expected = (unsigned char *)
+ \x52\x7b\xa3\xad\x71\x77\xa4\x49\x42\x04\x61\xc7
+ \xf0\xaf\xa5\xfd\xd3\xb3\x0d\x6a\x61\xba\x35\x49
+ \xbb\xaa\xaf\xe4\x25\x7d\xb5\x48\xaf\x5c\x18\x3d
+ \x33\x8d\x9d\x45\xdf\x98\xd5\x94\xa8\xda\x92\xfe
+ \xc4\x3c\x94\x2a\xcf\x7f\x7b\xf2\xeb\x28\xa9\xf1
+ \xe0\x86\x30\xa8\xfe\xf2\x48\x90\x91\x0c\x75\xb5
+ \x3c\x00\xf0\x4d\x09\x4f\x40\xa7\xa2\x8c\x52\xdf
+ \x52\xef\x17\xbf\x3d\xd1\xa2\x31\xb4\xb8\xdc\xe6
+ \x5b\x0d\x1f\x78\x36\xb4\xe6\x4b\xa7\x11\x25\xd5
+ \x94\xc6\x97\x36\xab\xf0\xe5\x31\x28\x6a\xbb\xce
+ \x30\x81\xa6\x8f\x27\x14\xf8\x1c,
+ .expectedlen = 128,
+ .addtla = NULL,
+ .addtlb = NULL,
+ .addtllen = 0,
+ .pers = NULL,
+ .perslen = 0,
+ },
+ {
+ .entropy = (unsigned char *)
+ \x5d\xf2\x14\xbc\xf6\xb5\x4e\x0b\xf0\x0d\x6f\x2d
+ \xe2\x01\x66\x7b\xd0\xa4\x73\xa4\x21\xdd\xb0\xc0
+
[PATCH 2/6] header file for DRBG
The header file includes the definition of:
* DRBG data structures with
- struct drbg_state as main structure
- struct drbg_core referencing the backend ciphers
- struct drbg_state_ops callbach handlers for specific code
supporting the Hash, HMAC, CTR DRBG implementations
- struct drbg_conc defining a linked list for input data
- struct drbg_test_data holding the test entropy data for CAVS
testing and testmgr.c
- struct drbg_gen allowing test data, additional information
string and personalization string data to be funneled through
the kernel crypto API -- the DRBG requires additional
parameters when invoking the reset and random number
generation requests than intended by the kernel crypto API
* wrapper function to the kernel crypto API functions using struct
drbg_gen to pass through all data needed for DRBG
* wrapper functions to kernel crypto API functions usable for testing
code to inject test_data into the DRBG as needed by CAVS testing and
testmgr.c.
* DRBG flags required for the operation of the DRBG and for selecting
the particular DRBG type and backend cipher
* getter functions for data from struct drbg_core
Signed-off-by: Stephan Mueller smuel...@chronox.de
create mode 100644 include/crypto/drbg.h
diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h
new file mode 100644
index 000..16515f9
--- /dev/null
+++ b/include/crypto/drbg.h
@@ -0,0 +1,340 @@
+/*
+ * DRBG based on NIST SP800-90A
+ *
+ * Copyright Stephan Mueller smuel...@chronox.de, 2014
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, and the entire permission notice in its entirety,
+ *including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *products derived from this software without specific prior
+ *written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU General Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
+ * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ */
+
+#ifndef _DRBG_H
+#define _DRBG_H
+
+
+#include linux/random.h
+#include linux/scatterlist.h
+#include crypto/hash.h
+#include linux/module.h
+#include linux/crypto.h
+#include linux/slab.h /* needed for kzalloc */
+#include crypto/internal/rng.h
+#include crypto/rng.h
+#include linux/fips.h
+#include linux/spinlock.h
+
+/*
+ * Concatenation Helper
+ *
+ * SP800-90A requires the concatenation of different data. To avoid copying
+ * buffers around or allocate additional memory, the following data structure
+ * is used to point to the original memory with its size. In addition, it
+ * is used to build a linked list. The linked list defines the concatenation
+ * of individual buffers. The order of memory block referenced in that
+ * linked list determines the order of concatenation.
+ */
+
+struct drbg_conc
+{
+ unsigned char *in;
+ size_t len;
+ struct drbg_conc *next;
+};
+
+#define DRBG_CLEAR_CONC(x) \
+ x.in = NULL;\
+ x.len = 0; \
+ x.next = NULL;
+
+struct drbg_state;
+typedef uint32_t drbg_flag_t;
+
+struct drbg_core
+{
+ drbg_flag_t flags; /* flags for the cipher */
+ __u8 statelen; /* maximum state length */
+ __u8 max_addtllen; /* maximum length of personalization string or
+ additional input string -- exponent for base
+ 2 */
+ __u8 max_bits; /* maximum bits per RNG request -- exponent for
+
[PATCH 6/6] Add DRBG test code to testmgr
The DRBG test code implements the CAVS test approach.
As discussed for the test vectors, all DRBG types are covered with
testing. However, not every backend cipher is covered with testing. To
prevent the testmgr from logging missing testing, the NULL test is
registered for all backend ciphers not covered with specific test cases.
All currently implemented DRBG types and backend ciphers are definined
in SP800-90A. Therefore, the fips_allowed flag is set for all.
Signed-off-by: Stephan Mueller smuel...@chronox.de
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 7795550..e8cd57c 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -27,6 +27,7 @@
#include linux/slab.h
#include linux/string.h
#include crypto/rng.h
+#include crypto/drbg.h
#include internal.h
@@ -108,6 +109,11 @@ struct cprng_test_suite {
unsigned int count;
};
+struct drbg_test_suite {
+ struct drbg_testvec *vecs;
+ unsigned int count;
+};
+
struct alg_test_desc {
const char *alg;
int (*test)(const struct alg_test_desc *desc, const char *driver,
@@ -121,6 +127,7 @@ struct alg_test_desc {
struct pcomp_test_suite pcomp;
struct hash_test_suite hash;
struct cprng_test_suite cprng;
+ struct drbg_test_suite drbg;
} suite;
};
@@ -1712,6 +1719,104 @@ static int alg_test_cprng(const struct alg_test_desc
*desc, const char *driver,
return err;
}
+
+static int drbg_cavs_test(struct drbg_testvec *test, int pr,
+ const char *driver, u32 type, u32 mask)
+{
+ int ret = -EAGAIN;
+ struct crypto_rng *drng;
+ struct drbg_state *drbg;
+ struct drbg_test_data test_data;
+ unsigned char *buf = kzalloc(test-expectedlen, GFP_KERNEL);
+ if(!buf)
+ return -ENOMEM;
+
+ drng = crypto_alloc_rng(driver, type, mask);
+ if(IS_ERR(drng)) {
+ printk(KERN_ERR alg: drbg: could not allocate DRNG handle for
%s\n, driver);
+ return -ENOMEM;
+ }
+
+ drbg = crypto_tfm_ctx(crypto_rng_tfm(drng));
+ test_data.testentropy = test-entropy;
+ test_data.testentropylen = test-entropylen;
+ ret = crypto_drbg_reset_test(drng, test-pers, test-perslen,
+test_data);
+ if (ret) {
+ printk(KERN_ERR alg: drbg: Failed to reset rng\n);
+ goto outbuf;
+ }
+
+ if(pr) {
+ test_data.testentropy = test-entpra;
+ test_data.testentropylen = test-entprlen;
+ ret = crypto_drbg_get_bytes_addtl_test(drng,
+ buf, test-expectedlen,
+ test-addtla, test-addtllen,
+ test_data);
+ } else {
+ ret = crypto_drbg_get_bytes_addtl(drng,
+ buf, test-expectedlen,
+ test-addtla, test-addtllen);
+ }
+ if(ret = 0) {
+ printk(KERN_ERR alg: drbg: could not obtain random data\n);
+ goto outbuf;
+ }
+
+ if(pr) {
+ test_data.testentropy = test-entprb;
+ test_data.testentropylen = test-entprlen;
+ ret = crypto_drbg_get_bytes_addtl_test(drng,
+ buf, test-expectedlen,
+ test-addtlb, test-addtllen,
+ test_data);
+ } else {
+ ret = crypto_drbg_get_bytes_addtl(drng,
+ buf, test-expectedlen,
+ test-addtlb, test-addtllen);
+ }
+ if(ret = 0) {
+ printk(KERN_ERR alg: drbg: could not obtain random data\n);
+ goto outbuf;
+ }
+
+ ret = memcmp(test-expected, buf, test-expectedlen);
+
+outbuf:
+ crypto_free_rng(drng);
+ kzfree(buf);
+ return ret;
+}
+
+
+static int alg_test_drbg(const struct alg_test_desc *desc, const char *driver,
+u32 type, u32 mask)
+{
+ int err = 0;
+ int pr = 0;
+ int i = 0;
+ struct drbg_testvec *template = desc-suite.drbg.vecs;
+ unsigned int tcount = desc-suite.drbg.count;
+
+ if((0 == memcmp(driver, drbg(pr(, 8)) ||
+ (0 == memcmp(driver, drbg_pr_, 8)))
+ pr = 1;
+
+ for (i = 0; i tcount; i++)
+ {
+ err = drbg_cavs_test(template[i], pr, driver, type, mask);
+ if (err) {
+ printk(KERN_ERR alg: drbg: Test %d failed for %s\n,
+ i, driver);
+ err = -EINVAL;
+ break;
+ }
+ }
+ return err;
+
+}
+
static int alg_test_null(const struct alg_test_desc *desc,
const char *driver, u32 type, u32 mask)
{
@@ -2273,6 +2378,170 @@ static const struct alg_test_desc alg_test_descs[] = {
.alg = digest_null,
.test =
