From: Holger Dengler <dengler@linux.ibm.com>
To: Eric Biggers <ebiggers@kernel.org>
Cc: Ard Biesheuvel <ardb@kernel.org>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Harald Freudenberger <freude@linux.ibm.com>,
linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
Holger Dengler <dengler@linux.ibm.com>
Subject: [RFC PATCH 1/1] lib/crypto: tests: Add KUnit tests for AES
Date: Wed, 14 Jan 2026 16:31:38 +0100 [thread overview]
Message-ID: <20260114153138.4896-2-dengler@linux.ibm.com> (raw)
In-Reply-To: <20260114153138.4896-1-dengler@linux.ibm.com>
Add a KUnit test suite for AES library functions, including KAT and
benchmarks.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
---
lib/crypto/tests/Kconfig | 12 ++++
lib/crypto/tests/Makefile | 1 +
lib/crypto/tests/aes-testvecs.h | 78 ++++++++++++++++++++++
lib/crypto/tests/aes_kunit.c | 115 ++++++++++++++++++++++++++++++++
4 files changed, 206 insertions(+)
create mode 100644 lib/crypto/tests/aes-testvecs.h
create mode 100644 lib/crypto/tests/aes_kunit.c
diff --git a/lib/crypto/tests/Kconfig b/lib/crypto/tests/Kconfig
index 4970463ea0aa..f34e79093275 100644
--- a/lib/crypto/tests/Kconfig
+++ b/lib/crypto/tests/Kconfig
@@ -118,6 +118,18 @@ config CRYPTO_LIB_SHA3_KUNIT_TEST
including SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128 and
SHAKE256.
+config CRYPTO_LIB_AES_KUNIT_TEST
+ tristate "KUnit tests for AES" if !KUNIT_ALL_TESTS
+ depends on KUNIT
+ default KUNIT_ALL_TESTS || CRYPTO_SELFTESTS
+ select CRYPTO_LIB_BENCHMARK_VISIBLE
+ select CRYPTO_LIB_AES
+ help
+ KUnit tests for the AES library functions, including known answer
+ tests and benchmarks for encrypt/decrypt with all key sizes. The
+ test suite does not contain any key generation test, nor any error
+ cases.
+
config CRYPTO_LIB_BENCHMARK_VISIBLE
bool
diff --git a/lib/crypto/tests/Makefile b/lib/crypto/tests/Makefile
index f4262379f56c..72234e965cdc 100644
--- a/lib/crypto/tests/Makefile
+++ b/lib/crypto/tests/Makefile
@@ -12,3 +12,4 @@ obj-$(CONFIG_CRYPTO_LIB_SHA1_KUNIT_TEST) += sha1_kunit.o
obj-$(CONFIG_CRYPTO_LIB_SHA256_KUNIT_TEST) += sha224_kunit.o sha256_kunit.o
obj-$(CONFIG_CRYPTO_LIB_SHA512_KUNIT_TEST) += sha384_kunit.o sha512_kunit.o
obj-$(CONFIG_CRYPTO_LIB_SHA3_KUNIT_TEST) += sha3_kunit.o
+obj-$(CONFIG_CRYPTO_LIB_AES_KUNIT_TEST) += aes_kunit.o
diff --git a/lib/crypto/tests/aes-testvecs.h b/lib/crypto/tests/aes-testvecs.h
new file mode 100644
index 000000000000..2bfa646ff2e5
--- /dev/null
+++ b/lib/crypto/tests/aes-testvecs.h
@@ -0,0 +1,78 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _AES_TESTVECS_H
+#define _AES_TESTVECS_H
+
+#include <crypto/aes.h>
+
+struct buf {
+ size_t blen;
+ u8 b[];
+};
+
+struct kat {
+ u8 plain[AES_BLOCK_SIZE];
+ u8 cipher[AES_BLOCK_SIZE];
+ struct {
+ size_t len;
+ u8 b[32];
+ } key;
+};
+
+static const struct kat AES128_KAT = {
+ .plain = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ },
+ .cipher = {
+ 0x3a, 0xd7, 0x7b, 0xb4, 0x0d, 0x7a, 0x36, 0x60,
+ 0xa8, 0x9e, 0xca, 0xf3, 0x24, 0x66, 0xef, 0x97,
+ },
+ .key = {
+ .len = 16,
+ .b = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+ },
+ },
+};
+
+static const struct kat AES192_KAT = {
+ .plain = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ },
+ .cipher = {
+ 0xbd, 0x33, 0x4f, 0x1d, 0x6e, 0x45, 0xf2, 0x5f,
+ 0xf7, 0x12, 0xa2, 0x14, 0x57, 0x1f, 0xa5, 0xcc,
+ },
+ .key = {
+ .len = 24,
+ .b = {
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
+ 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
+ 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
+ },
+ },
+};
+
+static const struct kat AES256_KAT = {
+ .plain = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ },
+ .cipher = {
+ 0xf3, 0xee, 0xd1, 0xbd, 0xb5, 0xd2, 0xa0, 0x3c,
+ 0x06, 0x4b, 0x5a, 0x7e, 0x3d, 0xb1, 0x81, 0xf8,
+ },
+ .key = {
+ .len = 32,
+ .b = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+ },
+ },
+};
+
+#endif /* _AES_TESTVECS_H */
diff --git a/lib/crypto/tests/aes_kunit.c b/lib/crypto/tests/aes_kunit.c
new file mode 100644
index 000000000000..057ddc3a1b1f
--- /dev/null
+++ b/lib/crypto/tests/aes_kunit.c
@@ -0,0 +1,115 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <kunit/test.h>
+
+#include "aes-testvecs.h"
+
+#define AES_KAT(bits, func, from, to) \
+static void aes##bits##_kat_##func(struct kunit *test) \
+{ \
+ const u8 *in = AES##bits##_KAT.from; \
+ u8 out[AES_BLOCK_SIZE]; \
+ struct aes_key aes_key; \
+ \
+ if (aes_preparekey(&aes_key, AES##bits##_KAT.key.b, \
+ AES##bits##_KAT.key.len)) \
+ kunit_skip(test, "no key"); \
+ \
+ aes_##func(&aes_key, out, in); \
+ KUNIT_ASSERT_MEMEQ(test, out, AES##bits##_KAT.to, \
+ sizeof(out)); \
+}
+
+#define KB (1024)
+#define MB (KB * KB)
+#define NS_PER_SEC (1000000000ULL)
+
+#define AES_BENCHMARK(bits) \
+static void aes##bits##_benchmark(struct kunit *test) \
+{ \
+ const size_t num_iters = 10000000; \
+ const u8 *cipher = AES##bits##_KAT.cipher; \
+ const u8 *plain = AES##bits##_KAT.plain; \
+ u8 out[AES_BLOCK_SIZE]; \
+ struct aes_key aes_key; \
+ u64 t_enc, t_dec; \
+ \
+ if (!IS_ENABLED(CONFIG_CRYPTO_LIB_BENCHMARK)) \
+ kunit_skip(test, "not enabled"); \
+ \
+ if (aes_preparekey(&aes_key, AES##bits##_KAT.key.b, \
+ AES##bits##_KAT.key.len)) \
+ kunit_skip(test, "no key"); \
+ \
+ /* warm-up enc */ \
+ for (size_t i = 0; i < 1000; i++) \
+ aes_encrypt(&aes_key, out, plain); \
+ \
+ preempt_disable(); \
+ t_enc = ktime_get_ns(); \
+ \
+ for (size_t i = 0; i < num_iters; i++) \
+ aes_encrypt(&aes_key, out, plain); \
+ \
+ t_enc = ktime_get_ns() - t_enc; \
+ preempt_enable(); \
+ \
+ /* warm-up dec */ \
+ for (size_t i = 0; i < 1000; i++) \
+ aes_decrypt(&aes_key, out, cipher); \
+ \
+ preempt_disable(); \
+ t_dec = ktime_get_ns(); \
+ \
+ for (size_t i = 0; i < num_iters; i++) \
+ aes_decrypt(&aes_key, out, cipher); \
+ \
+ t_dec = ktime_get_ns() - t_dec; \
+ preempt_enable(); \
+ \
+ kunit_info(test, "enc (iter. %zu, duration %lluns)", \
+ num_iters, t_enc); \
+ kunit_info(test, "enc (len=%zu): %llu MB/s", \
+ (size_t)AES_BLOCK_SIZE, \
+ div64_u64((u64)AES_BLOCK_SIZE * num_iters * NS_PER_SEC, \
+ (t_enc ?: 1) * MB)); \
+ \
+ kunit_info(test, "dec (iter. %zu, duration %lluns)", \
+ num_iters, t_dec); \
+ kunit_info(test, "dec (len=%zu): %llu MB/s", \
+ (size_t)AES_BLOCK_SIZE, \
+ div64_u64((u64)AES_BLOCK_SIZE * num_iters * NS_PER_SEC, \
+ (t_dec ?: 1) * MB)); \
+}
+
+AES_KAT(128, encrypt, plain, cipher);
+AES_KAT(192, encrypt, plain, cipher);
+AES_KAT(256, encrypt, plain, cipher);
+AES_KAT(128, decrypt, cipher, plain);
+AES_KAT(192, decrypt, cipher, plain);
+AES_KAT(256, decrypt, cipher, plain);
+AES_BENCHMARK(128);
+AES_BENCHMARK(192);
+AES_BENCHMARK(256);
+
+static struct kunit_case aes_test_cases[] = {
+ KUNIT_CASE(aes128_kat_encrypt),
+ KUNIT_CASE(aes128_kat_decrypt),
+ KUNIT_CASE(aes192_kat_encrypt),
+ KUNIT_CASE(aes192_kat_decrypt),
+ KUNIT_CASE(aes256_kat_encrypt),
+ KUNIT_CASE(aes256_kat_decrypt),
+ KUNIT_CASE(aes128_benchmark),
+ KUNIT_CASE(aes192_benchmark),
+ KUNIT_CASE(aes256_benchmark),
+ {},
+};
+
+static struct kunit_suite aes_test_suite = {
+ .name = "aes",
+ .test_cases = aes_test_cases,
+};
+
+kunit_test_suite(aes_test_suite);
+
+MODULE_DESCRIPTION("KUnit tests and benchmark aes library");
+MODULE_LICENSE("GPL");
--
2.51.0
next prev parent reply other threads:[~2026-01-14 15:31 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-12 19:19 [PATCH v2 00/35] AES library improvements Eric Biggers
2026-01-12 19:19 ` [PATCH v2 01/35] crypto: powerpc/aes - Rename struct aes_key Eric Biggers
2026-01-12 19:20 ` [PATCH v2 02/35] lib/crypto: aes: Introduce improved AES library Eric Biggers
2026-01-12 19:20 ` [PATCH v2 03/35] crypto: arm/aes-neonbs - Use AES library for single blocks Eric Biggers
2026-01-12 19:20 ` [PATCH v2 04/35] crypto: arm/aes - Switch to aes_enc_tab[] and aes_dec_tab[] Eric Biggers
2026-01-12 19:20 ` [PATCH v2 05/35] crypto: arm64/aes " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 06/35] crypto: arm64/aes - Select CRYPTO_LIB_SHA256 from correct places Eric Biggers
2026-01-12 19:20 ` [PATCH v2 07/35] crypto: aegis - Switch from crypto_ft_tab[] to aes_enc_tab[] Eric Biggers
2026-01-12 19:20 ` [PATCH v2 08/35] crypto: aes - Remove aes-fixed-time / CONFIG_CRYPTO_AES_TI Eric Biggers
2026-01-12 19:20 ` [PATCH v2 09/35] crypto: aes - Replace aes-generic with wrapper around lib Eric Biggers
2026-01-12 19:20 ` [PATCH v2 10/35] lib/crypto: arm/aes: Migrate optimized code into library Eric Biggers
2026-01-12 19:20 ` [PATCH v2 11/35] lib/crypto: arm64/aes: " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 12/35] lib/crypto: powerpc/aes: Migrate SPE " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 13/35] lib/crypto: powerpc/aes: Migrate POWER8 " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 14/35] lib/crypto: riscv/aes: Migrate " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 15/35] lib/crypto: s390/aes: " Eric Biggers
2026-01-15 22:00 ` Holger Dengler
2026-01-12 19:20 ` [PATCH v2 16/35] lib/crypto: sparc/aes: " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 17/35] lib/crypto: x86/aes: Add AES-NI optimization Eric Biggers
2026-01-12 19:20 ` [PATCH v2 18/35] crypto: x86/aes - Remove the superseded AES-NI crypto_cipher Eric Biggers
2026-01-12 19:20 ` [PATCH v2 19/35] Bluetooth: SMP: Use new AES library API Eric Biggers
2026-01-12 19:20 ` [PATCH v2 20/35] chelsio: " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 21/35] net: phy: mscc: macsec: " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 22/35] staging: rtl8723bs: core: " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 23/35] crypto: arm/ghash - " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 24/35] crypto: arm64/ghash " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 25/35] crypto: x86/aes-gcm " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 26/35] crypto: ccp " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 27/35] crypto: chelsio " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 28/35] crypto: crypto4xx " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 29/35] crypto: drbg " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 30/35] crypto: inside-secure " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 31/35] crypto: omap " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 32/35] lib/crypto: aescfb: " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 33/35] lib/crypto: aesgcm: " Eric Biggers
2026-01-12 19:20 ` [PATCH v2 34/35] lib/crypto: aes: Remove old AES en/decryption functions Eric Biggers
2026-01-14 15:31 ` [RFC PATCH 0/1] lib/crypto: tests: KUnit test-suite for AES Holger Dengler
2026-01-14 15:31 ` Holger Dengler [this message]
2026-01-14 23:04 ` [RFC PATCH 1/1] lib/crypto: tests: Add KUnit tests " Eric Biggers
2026-01-15 18:13 ` Holger Dengler
2026-01-12 19:20 ` [PATCH v2 35/35] lib/crypto: aes: Drop 'volatile' from aes_sbox and aes_inv_sbox Eric Biggers
2026-01-15 20:45 ` [PATCH v2 00/35] AES library improvements Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260114153138.4896-2-dengler@linux.ibm.com \
--to=dengler@linux.ibm.com \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=ebiggers@kernel.org \
--cc=freude@linux.ibm.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox