summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMisaki Miyashita <Misaki.Miyashita@Oracle.COM>2010-07-28 07:22:57 -0700
committerMisaki Miyashita <Misaki.Miyashita@Oracle.COM>2010-07-28 07:22:57 -0700
commit32e0ab73531b6e6e8957e9ecdbbd42603865f2d0 (patch)
tree13bead85f694ef21f8d6900ede8b663cae461ab8
parenta1a4c722cd91922d6b5a06ca3629f5795961fc6a (diff)
downloadillumos-gate-32e0ab73531b6e6e8957e9ecdbbd42603865f2d0.tar.gz
6959099 T2 Crypto Drivers (ncp, n2cp, n2rng) need to implement self tests for FIPS 140-2 compliance
-rw-r--r--usr/src/cmd/cmd-crypto/cryptoadm/Makefile4
-rw-r--r--usr/src/cmd/cmd-crypto/cryptoadm/adm_fips_hw.c328
-rw-r--r--usr/src/cmd/cmd-crypto/cryptoadm/adm_kef_ioctl.c68
-rw-r--r--usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.c70
-rw-r--r--usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.h10
-rw-r--r--usr/src/common/bignum/bignum.h6
-rw-r--r--usr/src/common/crypto/fips/fips_addchecksum.c256
-rw-r--r--usr/src/common/crypto/fips/fips_aes_util.c408
-rw-r--r--usr/src/common/crypto/fips/fips_checksum.c346
-rw-r--r--usr/src/common/crypto/fips/fips_checksum.h70
-rw-r--r--usr/src/common/crypto/fips/fips_sha1_util.c58
-rw-r--r--usr/src/common/crypto/fips/fips_test_vectors.c1594
-rw-r--r--usr/src/common/crypto/fips/fips_test_vectors.h246
-rw-r--r--usr/src/lib/pkcs11/pkcs11_softtoken/Makefile.com3
-rw-r--r--usr/src/tools/Makefile3
-rw-r--r--usr/src/tools/fips_addchecksum/Makefile65
-rw-r--r--usr/src/uts/Makefile.uts6
-rw-r--r--usr/src/uts/common/Makefile.files3
-rw-r--r--usr/src/uts/common/bignum/bignum_mod.c18
-rw-r--r--usr/src/uts/intel/bignum/Makefile10
-rw-r--r--usr/src/uts/sparc/bignum/Makefile17
-rw-r--r--usr/src/uts/sun4u/bignum/Makefile11
-rw-r--r--usr/src/uts/sun4v/Makefile.files5
-rw-r--r--usr/src/uts/sun4v/io/n2rng/n2rng.c30
-rw-r--r--usr/src/uts/sun4v/io/n2rng/n2rng_post.c74
-rw-r--r--usr/src/uts/sun4v/io/n2rng/n2rng_provider.c37
-rw-r--r--usr/src/uts/sun4v/n2rng/Makefile8
-rw-r--r--usr/src/uts/sun4v/sys/n2rng.h15
28 files changed, 3240 insertions, 529 deletions
diff --git a/usr/src/cmd/cmd-crypto/cryptoadm/Makefile b/usr/src/cmd/cmd-crypto/cryptoadm/Makefile
index 4f9d7ed977..96626326eb 100644
--- a/usr/src/cmd/cmd-crypto/cryptoadm/Makefile
+++ b/usr/src/cmd/cmd-crypto/cryptoadm/Makefile
@@ -18,8 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
#
PROG = cryptoadm
@@ -29,6 +28,7 @@ OBJS = cryptoadm.o \
adm_kef.o \
adm_kef_ioctl.o \
adm_kef_util.o \
+ adm_fips_hw.o \
adm_util.o \
start_stop.o \
adm_metaslot.o
diff --git a/usr/src/cmd/cmd-crypto/cryptoadm/adm_fips_hw.c b/usr/src/cmd/cmd-crypto/cryptoadm/adm_fips_hw.c
new file mode 100644
index 0000000000..58daa5303c
--- /dev/null
+++ b/usr/src/cmd/cmd-crypto/cryptoadm/adm_fips_hw.c
@@ -0,0 +1,328 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+/*
+ * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ */
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <strings.h>
+#include <unistd.h>
+#include <locale.h>
+#include <libgen.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <zone.h>
+#include <sys/crypto/ioctladmin.h>
+#include "cryptoadm.h"
+
+#define HW_CONF_DIR "/platform/sun4v/kernel/drv"
+
+
+/* Get FIPS-140 status from .conf */
+int
+fips_hw_status(char *filename, char *property, int *hw_fips_mode)
+{
+ FILE *pfile;
+ char buffer[BUFSIZ];
+ char *str = NULL;
+ char *cursor = NULL;
+
+ /* Open the .conf file */
+ if ((pfile = fopen(filename, "r")) == NULL) {
+ cryptodebug("failed to open %s for write.", filename);
+ return (FAILURE);
+ }
+
+ while (fgets(buffer, BUFSIZ, pfile) != NULL) {
+ if (buffer[0] == '#') {
+ /* skip comments */
+ continue;
+ }
+
+ /* find the property string */
+ if ((str = strstr(buffer, property)) == NULL) {
+ /* didn't find the property string in this line */
+ continue;
+ }
+
+ cursor = strtok(str, "= ;");
+ cursor = strtok(NULL, "= ;");
+ if (cursor == NULL) {
+ cryptoerror(LOG_STDERR, gettext(
+ "Invalid config file contents: %s."), filename);
+ (void) fclose(pfile);
+ return (FAILURE);
+ }
+ *hw_fips_mode = atoi(cursor);
+ (void) fclose(pfile);
+ return (SUCCESS);
+ }
+
+ /*
+ * If the fips property is not found in the config file,
+ * FIPS mode is false by default.
+ */
+ *hw_fips_mode = CRYPTO_FIPS_MODE_DISABLED;
+ (void) fclose(pfile);
+
+ return (SUCCESS);
+}
+
+/*
+ * Update the HW .conf file with the updated entry.
+ */
+int
+fips_update_hw_conf(char *filename, char *property, int action)
+{
+ FILE *pfile;
+ FILE *pfile_tmp;
+ char buffer[BUFSIZ];
+ char buffer2[BUFSIZ];
+ char *tmpfile_name = NULL;
+ char *str = NULL;
+ char *cursor = NULL;
+ int rc = SUCCESS;
+ boolean_t found = B_FALSE;
+
+ /* Open the .conf file */
+ if ((pfile = fopen(filename, "r+")) == NULL) {
+ cryptoerror(LOG_STDERR,
+ gettext("failed to update the configuration - %s"),
+ strerror(errno));
+ cryptodebug("failed to open %s for write.", filename);
+ return (FAILURE);
+ }
+
+ /* Lock the .conf file */
+ if (lockf(fileno(pfile), F_TLOCK, 0) == -1) {
+ cryptoerror(LOG_STDERR,
+ gettext("failed to update the configuration - %s"),
+ strerror(errno));
+ cryptodebug(gettext("failed to lock %s"), filename);
+ (void) fclose(pfile);
+ return (FAILURE);
+ }
+
+ /*
+ * Create a temporary file to save updated configuration file first.
+ */
+ tmpfile_name = tempnam(HW_CONF_DIR, NULL);
+ if ((pfile_tmp = fopen(tmpfile_name, "w")) == NULL) {
+ cryptoerror(LOG_STDERR, gettext("failed to open %s - %s"),
+ tmpfile_name, strerror(errno));
+ free(tmpfile_name);
+ (void) fclose(pfile);
+ return (FAILURE);
+ }
+
+
+ /*
+ * Loop thru entire .conf file, update the entry to be
+ * updated and save the updated file to the temporary file first.
+ */
+ while (fgets(buffer, BUFSIZ, pfile) != NULL) {
+ if (buffer[0] == '#') {
+ /* comments: write to the file without modification */
+ goto write_to_tmp;
+ }
+
+ (void) strlcpy(buffer2, buffer, BUFSIZ);
+
+ /* find the property string */
+ if ((str = strstr(buffer2, property)) == NULL) {
+ /*
+ * Didn't find the property string in this line.
+ * Write to the file without modification.
+ */
+ goto write_to_tmp;
+ }
+
+ found = B_TRUE;
+
+ cursor = strtok(str, "= ;");
+ cursor = strtok(NULL, "= ;");
+ if (cursor == NULL) {
+ cryptoerror(LOG_STDERR, gettext(
+ "Invalid config file contents %s: %s."),
+ filename, strerror(errno));
+ goto errorexit;
+ }
+
+ cursor = buffer + (cursor - buffer2);
+ *cursor = (action == FIPS140_ENABLE) ? '1' : '0';
+
+write_to_tmp:
+
+ if (fputs(buffer, pfile_tmp) == EOF) {
+ cryptoerror(LOG_STDERR, gettext(
+ "failed to write to a temp file: %s."),
+ strerror(errno));
+ goto errorexit;
+ }
+ }
+
+ /* if the fips mode property is not specified, FALSE by default */
+ if (found == B_FALSE) {
+ (void) snprintf(buffer, BUFSIZ, "%s=%c;\n",
+ property, (action == FIPS140_ENABLE) ? '1' : '0');
+ if (fputs(buffer, pfile_tmp) == EOF) {
+ cryptoerror(LOG_STDERR, gettext(
+ "failed to write to a tmp file: %s."),
+ strerror(errno));
+ goto errorexit;
+ }
+ }
+
+ (void) fclose(pfile);
+ if (fclose(pfile_tmp) != 0) {
+ cryptoerror(LOG_STDERR,
+ gettext("failed to close %s: %s"), tmpfile_name,
+ strerror(errno));
+ free(tmpfile_name);
+ return (FAILURE);
+ }
+
+ /* Copy the temporary file to the .conf file */
+ if (rename(tmpfile_name, filename) == -1) {
+ cryptoerror(LOG_STDERR,
+ gettext("failed to update the configuration - %s"),
+ strerror(errno));
+ cryptodebug("failed to rename %s to %s: %s", tmpfile_name,
+ filename, strerror(errno));
+ rc = FAILURE;
+ } else if (chmod(filename,
+ S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) {
+ cryptoerror(LOG_STDERR,
+ gettext("failed to update the configuration - %s"),
+ strerror(errno));
+ cryptodebug("failed to chmod to %s: %s", filename,
+ strerror(errno));
+ rc = FAILURE;
+ } else {
+ rc = SUCCESS;
+ }
+
+ if ((rc == FAILURE) && (unlink(tmpfile_name) != 0)) {
+ cryptoerror(LOG_STDERR, gettext(
+ "(Warning) failed to remove %s: %s"),
+ tmpfile_name, strerror(errno));
+ }
+
+ free(tmpfile_name);
+ return (rc);
+
+errorexit:
+ (void) fclose(pfile);
+ (void) fclose(pfile_tmp);
+ free(tmpfile_name);
+
+ return (FAILURE);
+}
+
+
+/*
+ * Perform the FIPS related actions
+ */
+int
+do_fips_hw_actions(int action, int provider)
+{
+ int rc = SUCCESS;
+ int fips_mode = 0;
+ char *filename;
+ char *propname;
+ char *provname;
+
+ switch (provider) {
+ case HW_PROVIDER_NCP:
+ filename = "/platform/sun4v/kernel/drv/ncp.conf";
+ propname = "ncp-fips-140";
+ provname = "ncp";
+ break;
+ case HW_PROVIDER_N2CP:
+ filename = "/platform/sun4v/kernel/drv/n2cp.conf";
+ propname = "n2cp-fips-140";
+ provname = "n2cp";
+ break;
+ case HW_PROVIDER_N2RNG:
+ filename = "/platform/sun4v/kernel/drv/n2rng.conf";
+ propname = "n2rng-fips-140";
+ provname = "n2rng";
+ break;
+ default:
+ (void) printf(gettext("Internal Error: Invalid HW "
+ "provider [%d] specified.\n"));
+ return (FAILURE);
+ }
+
+ /* Get FIPS-140 status from .conf */
+ if (fips_hw_status(filename, propname, &fips_mode) != SUCCESS) {
+ return (FAILURE);
+ }
+
+ if (action == FIPS140_STATUS) {
+ if (fips_mode == CRYPTO_FIPS_MODE_ENABLED)
+ (void) printf(gettext(
+ "%s: FIPS-140 mode is enabled.\n"), provname);
+ else
+ (void) printf(gettext(
+ "%s: FIPS-140 mode is disabled.\n"), provname);
+ return (SUCCESS);
+ }
+
+ /* Is it a duplicate operation? */
+ if ((action == FIPS140_ENABLE) &&
+ (fips_mode == CRYPTO_FIPS_MODE_ENABLED)) {
+ (void) printf(
+ gettext("%s: FIPS-140 mode has already been enabled.\n"),
+ provname);
+ return (FAILURE);
+ }
+
+ if ((action == FIPS140_DISABLE) &&
+ (fips_mode == CRYPTO_FIPS_MODE_DISABLED)) {
+ (void) printf(
+ gettext("%s: FIPS-140 mode has already been disabled.\n"),
+ provname);
+ return (FAILURE);
+ }
+
+ if ((action == FIPS140_ENABLE) || (action == FIPS140_DISABLE)) {
+ /* Update .conf */
+ if ((rc = fips_update_hw_conf(filename, propname, action))
+ != SUCCESS)
+ return (rc);
+ }
+
+ /* No need to inform kernel */
+ if (action == FIPS140_ENABLE) {
+ (void) printf(gettext(
+ "%s: FIPS-140 mode was enabled successfully.\n"),
+ provname);
+ } else {
+ (void) printf(gettext(
+ "%s: FIPS-140 mode was disabled successfully.\n"),
+ provname);
+ }
+
+ return (SUCCESS);
+}
diff --git a/usr/src/cmd/cmd-crypto/cryptoadm/adm_kef_ioctl.c b/usr/src/cmd/cmd-crypto/cryptoadm/adm_kef_ioctl.c
index f9130423a6..13f03f4d61 100644
--- a/usr/src/cmd/cmd-crypto/cryptoadm/adm_kef_ioctl.c
+++ b/usr/src/cmd/cmd-crypto/cryptoadm/adm_kef_ioctl.c
@@ -19,8 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#include <fcntl.h>
@@ -31,6 +30,7 @@
#include <locale.h>
#include <libgen.h>
#include <sys/types.h>
+#include <sys/varargs.h>
#include <zone.h>
#include <sys/crypto/ioctladmin.h>
#include "cryptoadm.h"
@@ -38,8 +38,44 @@
#define DEFAULT_DEV_NUM 5
#define DEFAULT_SOFT_NUM 10
+#define NUM_FIPS_SW_PROV \
+ (sizeof (fips_sw_providers) / sizeof (char *))
+
+static char *fips_sw_providers[] = {
+ "des",
+ "aes",
+ "ecc",
+ "sha1",
+ "sha2",
+ "rsa",
+ "swrand"
+};
+
static crypto_get_soft_info_t *setup_get_soft_info(char *, int);
+static void
+fips_sw_printf(const char *format, ...)
+{
+ va_list ap;
+ char message[1024];
+ int i;
+
+ va_start(ap, format);
+ (void) snprintf(message, sizeof (message), format, ap);
+ va_end(ap);
+
+ (void) printf(gettext("\nUser-level providers:\n"));
+ (void) printf(gettext("=====================\n"));
+ (void) printf(gettext("/usr/lib/security/$ISA/pkcs11_softtoken: %s\n"),
+ message);
+ (void) printf(gettext("\nKernel software providers:\n"));
+ (void) printf(gettext("==========================\n"));
+ for (i = 0; i < NUM_FIPS_SW_PROV; i++) {
+ (void) printf(gettext("%s: %s\n"),
+ fips_sw_providers[i], message);
+ }
+}
+
/*
* Prepare the argument for the LOAD_SOFT_CONFIG ioctl call for the
* provider pointed by pent. Return NULL if out of memory.
@@ -623,11 +659,9 @@ do_fips_actions(int action, int caller)
if (action == FIPS140_STATUS) {
if (pkcs11_fips_mode == CRYPTO_FIPS_MODE_ENABLED)
- (void) printf(gettext(
- "\tFIPS-140 mode is enabled.\n"));
+ fips_sw_printf(gettext("FIPS-140 mode is enabled."));
else
- (void) printf(gettext(
- "\tFIPS-140 mode is disabled.\n"));
+ fips_sw_printf(gettext("FIPS-140 mode is disabled."));
return (SUCCESS);
}
@@ -635,17 +669,15 @@ do_fips_actions(int action, int caller)
/* Is it a duplicate operation? */
if ((action == FIPS140_ENABLE) &&
(pkcs11_fips_mode == CRYPTO_FIPS_MODE_ENABLED)) {
- cryptoerror(LOG_STDERR,
- gettext("FIPS-140 mode has already "
- "been enabled.\n"));
+ fips_sw_printf(gettext("FIPS-140 mode has already "
+ "been enabled."));
return (FAILURE);
}
if ((action == FIPS140_DISABLE) &&
(pkcs11_fips_mode == CRYPTO_FIPS_MODE_DISABLED)) {
- cryptoerror(LOG_STDERR,
- gettext("FIPS-140 mode has already "
- "been disabled.\n"));
+ fips_sw_printf(gettext("FIPS-140 mode has already "
+ "been disabled."));
return (FAILURE);
}
@@ -657,17 +689,13 @@ do_fips_actions(int action, int caller)
/* No need to inform kernel */
if (action == FIPS140_ENABLE) {
- (void) printf(gettext(
- "FIPS-140 mode was enabled successfully.\n"));
+ fips_sw_printf(gettext("FIPS-140 mode was enabled "
+ "successfully."));
} else {
- (void) printf(gettext(
- "FIPS-140 mode was disabled successfully.\n"));
+ fips_sw_printf(gettext("FIPS-140 mode was disabled "
+ "successfully."));
}
- (void) printf(gettext(
- "The FIPS-140 mode has changed.\n"));
- (void) printf(gettext(
- "The system will require a reboot.\n\n"));
return (SUCCESS);
}
diff --git a/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.c b/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.c
index 1dd7ed669e..7c1a5778e2 100644
--- a/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.c
+++ b/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.c
@@ -19,8 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
*/
@@ -550,11 +549,26 @@ do_list(int argc, char **argv)
if ((argc == 3) && (strncmp(argv[2], FIPS_KEYWORD,
strlen(FIPS_KEYWORD))) == 0) {
+ int success_count = 0;
/*
* cryptoadm list fips-140
*/
rc = do_fips_actions(FIPS140_STATUS, NOT_REFRESH);
- return (rc);
+ if (rc == SUCCESS)
+ success_count++;
+ (void) printf(gettext("\nKernel hardware providers:\n"));
+ (void) printf(gettext("=========================:\n"));
+ rc = do_fips_hw_actions(FIPS140_STATUS, HW_PROVIDER_NCP);
+ if (rc == SUCCESS)
+ success_count++;
+ rc = do_fips_hw_actions(FIPS140_STATUS, HW_PROVIDER_N2CP);
+ if (rc == SUCCESS)
+ success_count++;
+ rc = do_fips_hw_actions(FIPS140_STATUS, HW_PROVIDER_N2RNG);
+ if (rc == SUCCESS)
+ success_count++;
+ /* succeed to get status from config file? */
+ return ((success_count > 0) ? SUCCESS: FAILURE);
}
argc -= 1;
@@ -741,11 +755,34 @@ do_disable(int argc, char **argv)
if ((argc == 3) && (strncmp(argv[2], FIPS_KEYWORD,
strlen(FIPS_KEYWORD))) == 0) {
+ int success_count = 0;
/*
* cryptoadm disable fips-140
*/
rc = do_fips_actions(FIPS140_DISABLE, NOT_REFRESH);
- return (rc);
+ if (rc == SUCCESS)
+ success_count++;
+ (void) printf(gettext("\nKernel hardware providers:\n"));
+ (void) printf(gettext("=========================:\n"));
+ rc = do_fips_hw_actions(FIPS140_DISABLE, HW_PROVIDER_NCP);
+ if (rc == SUCCESS)
+ success_count++;
+ rc = do_fips_hw_actions(FIPS140_DISABLE, HW_PROVIDER_N2CP);
+ if (rc == SUCCESS)
+ success_count++;
+ rc = do_fips_hw_actions(FIPS140_DISABLE, HW_PROVIDER_N2RNG);
+ if (rc == SUCCESS)
+ success_count++;
+
+ if (success_count > 0) {
+ (void) printf(gettext(
+ "\nThe FIPS-140 mode has changed.\n"));
+ (void) printf(gettext(
+ "The system will require a reboot.\n"));
+ return (SUCCESS);
+ } else {
+ return (FAILURE);
+ }
}
if ((argc < 3) || (argc > 5)) {
@@ -869,11 +906,34 @@ do_enable(int argc, char **argv)
if ((argc == 3) && (strncmp(argv[2], FIPS_KEYWORD,
strlen(FIPS_KEYWORD))) == 0) {
+ int success_count = 0;
/*
* cryptoadm enable fips-140
*/
rc = do_fips_actions(FIPS140_ENABLE, NOT_REFRESH);
- return (rc);
+ if (rc == SUCCESS)
+ success_count++;
+ (void) printf(gettext("\nKernel hardware providers:\n"));
+ (void) printf(gettext("=========================:\n"));
+ rc = do_fips_hw_actions(FIPS140_ENABLE, HW_PROVIDER_NCP);
+ if (rc == SUCCESS)
+ success_count++;
+ rc = do_fips_hw_actions(FIPS140_ENABLE, HW_PROVIDER_N2CP);
+ if (rc == SUCCESS)
+ success_count++;
+ rc = do_fips_hw_actions(FIPS140_ENABLE, HW_PROVIDER_N2RNG);
+ if (rc == SUCCESS)
+ success_count++;
+
+ if (success_count > 0) {
+ (void) printf(gettext(
+ "\nThe FIPS-140 mode has changed.\n"));
+ (void) printf(gettext(
+ "The system will require a reboot.\n"));
+ return (SUCCESS);
+ } else {
+ return (FAILURE);
+ }
}
if ((argc < 3) || (argc > 6)) {
diff --git a/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.h b/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.h
index 6b197d9e3d..d01f21275e 100644
--- a/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.h
+++ b/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.h
@@ -19,8 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#ifndef _CRYPTOADM_H
@@ -40,6 +39,10 @@ extern "C" {
#define ERROR_USAGE 2
+#define HW_PROVIDER_NCP 1
+#define HW_PROVIDER_N2CP 2
+#define HW_PROVIDER_N2RNG 3
+
/*
* Common keywords and delimiters for pkcs11.conf and kcf.conf files are
* defined in usr/lib/libcryptoutil/common/cryptoutil.h. The following is
@@ -178,6 +181,9 @@ extern int disable_metaslot(mechlist_t *, boolean_t, boolean_t);
extern int enable_metaslot(char *, char *, boolean_t, mechlist_t *, boolean_t,
boolean_t);
+/* adm_hw */
+extern int do_fips_hw_actions(int, int);
+
#ifdef __cplusplus
}
#endif
diff --git a/usr/src/common/bignum/bignum.h b/usr/src/common/bignum/bignum.h
index bec0a40ff8..fa659e244c 100644
--- a/usr/src/common/bignum/bignum.h
+++ b/usr/src/common/bignum/bignum.h
@@ -130,7 +130,6 @@ void mont_mulf_noconv(uint32_t *result, double *dm1, double *dm2, double *dt,
extern BIGNUM big_One;
extern BIGNUM big_Two;
-
void printbignum(char *aname, BIGNUM *a);
BIG_ERR_CODE big_init(BIGNUM *number, int size);
@@ -174,6 +173,11 @@ int big_is_zero(BIGNUM *n);
BIG_CHUNK_TYPE big_n0(BIG_CHUNK_TYPE n);
+/*
+ * Kernel bignum module: module integrity test
+ */
+extern int bignum_fips_check(void);
+
#if defined(HWCAP)
#if (BIG_CHUNK_SIZE != 32)
diff --git a/usr/src/common/crypto/fips/fips_addchecksum.c b/usr/src/common/crypto/fips/fips_addchecksum.c
new file mode 100644
index 0000000000..76045ff4b7
--- /dev/null
+++ b/usr/src/common/crypto/fips/fips_addchecksum.c
@@ -0,0 +1,256 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ */
+
+#include <ctype.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <libelf.h>
+#include <gelf.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sha1.h>
+#include <sys/elf_SPARC.h>
+#include <fips/fips_checksum.h>
+
+
+#define FAIL_EXIT \
+ (void) fprintf(stderr, "failure at line %d\n", __LINE__); \
+ return (-1)
+
+static const char fips_section_name[] = ".SUNW_fips";
+
+static int
+add_fips_section(int fd)
+{
+ Elf64_Ehdr *ehdrp;
+ Elf64_Shdr *section;
+ Elf *elf;
+ Elf_Scn *scn, *shstrtab_scn, *fips_scn = NULL;
+ Elf_Data *shstrtab_data;
+ Elf_Data *sdata;
+ unsigned int cnt, old_size, new_size;
+ char *sname, *newbuf;
+
+ /* Obtain the ELF descriptor */
+ (void) elf_version(EV_CURRENT);
+ if ((elf = elf_begin(fd, ELF_C_RDWR, NULL)) == NULL) {
+ FAIL_EXIT;
+ }
+
+ if ((ehdrp = elf64_getehdr(elf)) == NULL) {
+ FAIL_EXIT;
+ } else if ((shstrtab_scn = elf_getscn(elf, ehdrp->e_shstrndx)) ==
+ NULL) {
+ FAIL_EXIT;
+ } else if ((shstrtab_data = elf_getdata(shstrtab_scn, NULL)) == NULL) {
+ FAIL_EXIT;
+ }
+
+ /* Traverse input file to see if the fips section already exists */
+ for (cnt = 1, scn = NULL; scn = elf_nextscn(elf, scn); cnt++) {
+ if ((section = elf64_getshdr(scn)) == NULL) {
+ FAIL_EXIT;
+ }
+ sname = (char *)shstrtab_data->d_buf + section->sh_name;
+ if (strcmp(sname, fips_section_name) == 0) {
+ /*
+ * If the fips section already exists, make sure that
+ * the section is large enough.
+ */
+ fips_scn = scn;
+ if ((sdata = elf_getdata(scn, NULL)) == NULL) {
+ FAIL_EXIT;
+ }
+ if (sdata->d_size < SHA1_DIGEST_LENGTH) {
+ newbuf = malloc(SHA1_DIGEST_LENGTH);
+ sdata->d_size = SHA1_DIGEST_LENGTH;
+ sdata->d_buf = newbuf;
+ }
+ (void) elf_flagdata(sdata, ELF_C_SET, ELF_F_DIRTY);
+ (void) elf_flagscn(scn, ELF_C_SET, ELF_F_DIRTY);
+ (void) elf_flagelf(elf, ELF_C_SET, ELF_F_DIRTY);
+ }
+ }
+
+ /* If the fips section does not exist, allocate the section. */
+ if (fips_scn == NULL) {
+ Elf64_Shdr *shdr;
+
+ /* add the section name at the end of the .shstrtab section */
+ old_size = shstrtab_data->d_size;
+ new_size = old_size + strlen(fips_section_name) + 1;
+ if ((newbuf = malloc(new_size)) == NULL) {
+ FAIL_EXIT;
+ }
+
+ (void) memcpy(newbuf, shstrtab_data->d_buf, old_size);
+ (void) strlcpy(newbuf + old_size, fips_section_name,
+ new_size - old_size);
+ shstrtab_data->d_buf = newbuf;
+ shstrtab_data->d_size = new_size;
+ shstrtab_data->d_align = 1;
+ if ((fips_scn = elf_newscn(elf)) == 0) {
+ FAIL_EXIT;
+ }
+
+ /* Initialize the fips section */
+ if ((shdr = elf64_getshdr(fips_scn)) == NULL) {
+ FAIL_EXIT;
+ }
+ /*
+ * sh_name is the starting position of the name
+ * within the shstrtab_data->d_buf buffer
+ */
+ shdr->sh_name = old_size;
+ shdr->sh_type = SHT_SUNW_SIGNATURE;
+ shdr->sh_flags = SHF_EXCLUDE;
+ shdr->sh_addr = 0;
+ shdr->sh_link = 0;
+ shdr->sh_info = 0;
+ shdr->sh_size = 0;
+ shdr->sh_offset = 0;
+ shdr->sh_addralign = 1;
+
+ if ((sdata = elf_newdata(fips_scn)) == NULL) {
+ FAIL_EXIT;
+ }
+ if (sdata->d_size < SHA1_DIGEST_LENGTH) {
+ newbuf = malloc(SHA1_DIGEST_LENGTH);
+ sdata->d_size = SHA1_DIGEST_LENGTH;
+ sdata->d_buf = newbuf;
+ }
+ (void) elf_flagdata(sdata, ELF_C_SET, ELF_F_DIRTY);
+ (void) elf_flagscn(fips_scn, ELF_C_SET, ELF_F_DIRTY);
+ (void) elf_flagelf(elf, ELF_C_SET, ELF_F_DIRTY);
+ }
+ (void) elf_update(elf, ELF_C_WRITE);
+ (void) elf_end(elf);
+ (void) close(fd);
+
+ return (0);
+}
+
+int
+main(int argc, char **argv)
+{
+ Elf64_Ehdr ehdr;
+ Elf64_Ehdr *ehdrp;
+ Elf64_Shdr *section;
+ Elf *elf;
+ Elf_Scn *scn, *shstrtab_scn;
+ Elf_Data *shstrtab_data, *sdata;
+ int fd;
+ unsigned int size, i, cnt;
+ char sha1buf[SHA1_DIGEST_LENGTH];
+ char *sname, *newbuf;
+
+ if (argc != 2) {
+ (void) fprintf(stderr, "Usage: %s [filename]\n", argv[0]);
+ return (-1);
+ }
+
+ /* Open the driver file */
+ if ((fd = open(argv[1], O_RDWR)) == -1) {
+ goto errorexit;
+ }
+
+ /* Read the ELF header */
+ size = sizeof (ehdr);
+ if (fips_read_file(fd, (char *)(&ehdr), size, 0) < 0) {
+ goto errorexit;
+ }
+
+ /* check if it is an ELF file */
+ for (i = 0; i < SELFMAG; i++) {
+ if (ehdr.e_ident[i] != ELFMAG[i]) {
+ (void) fprintf(stderr, "%s not an elf file\n", argv[1]);
+ goto errorexit;
+ }
+ }
+
+ if (add_fips_section(fd) < 0) { /* closes fd on success */
+ goto errorexit;
+ }
+
+ if ((fd = open(argv[1], O_RDWR)) == -1) {
+ FAIL_EXIT;
+ }
+ if (fips_read_file(fd, (char *)(&ehdr), size, 0) < 0) {
+ goto errorexit;
+ }
+
+ /* calculate the file checksum */
+ if (fips_calc_checksum(fd, &ehdr, sha1buf) < 0) {
+ goto errorexit;
+ }
+
+ (void) elf_version(EV_CURRENT);
+ if ((elf = elf_begin(fd, ELF_C_RDWR, NULL)) == NULL) {
+ goto errorexit;
+ }
+
+ if ((ehdrp = elf64_getehdr(elf)) == NULL) {
+ goto errorexit;
+ } else if ((shstrtab_scn = elf_getscn(elf, ehdrp->e_shstrndx)) ==
+ NULL) {
+ goto errorexit;
+ } else if ((shstrtab_data = elf_getdata(shstrtab_scn, NULL)) == NULL) {
+ goto errorexit;
+ }
+
+ /* Add the checksum to the fips section */
+ for (cnt = 1, scn = NULL; scn = elf_nextscn(elf, scn); cnt++) {
+ if ((section = elf64_getshdr(scn)) == NULL) {
+ goto errorexit;
+ }
+
+ sname = (char *)shstrtab_data->d_buf + section->sh_name;
+ if (strcmp(sname, fips_section_name) == 0) {
+ if ((sdata = elf_getdata(scn, NULL)) == NULL) {
+ goto errorexit;
+ }
+
+ newbuf = sdata->d_buf;
+ (void) memcpy(newbuf, sha1buf, SHA1_DIGEST_LENGTH);
+ (void) elf_flagdata(sdata, ELF_C_SET, ELF_F_DIRTY);
+ (void) elf_flagscn(scn, ELF_C_SET, ELF_F_DIRTY);
+ (void) elf_flagelf(elf, ELF_C_SET, ELF_F_DIRTY);
+ }
+ }
+ (void) elf_update(elf, ELF_C_WRITE);
+ (void) elf_end(elf);
+ (void) close(fd);
+
+ return (0);
+
+
+errorexit:
+
+ (void) close(fd);
+
+ FAIL_EXIT;
+}
diff --git a/usr/src/common/crypto/fips/fips_aes_util.c b/usr/src/common/crypto/fips/fips_aes_util.c
index 9e53da9d9c..7b6248dba2 100644
--- a/usr/src/common/crypto/fips/fips_aes_util.c
+++ b/usr/src/common/crypto/fips/fips_aes_util.c
@@ -19,8 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#include <sys/types.h>
@@ -32,6 +31,7 @@
#include <sys/crypto/common.h>
#include <modes/modes.h>
#define _AES_FIPS_POST
+#include <fips/fips_test_vectors.h>
#ifndef _KERNEL
#include <stdlib.h>
#include <string.h>
@@ -869,51 +869,6 @@ decrypt_failed:
int
fips_aes_post(int aes_key_size)
{
- /* AES Known Key (up to 256-bits). */
- static uint8_t aes_known_key[] = {
- "AES-128 RIJNDAELLEADNJIR 821-SEA"
- };
-
- /* AES-CBC Known Initialization Vector (128-bits). */
- static uint8_t aes_cbc_known_initialization_vector[] =
- { "SecurityytiruceS" };
-
- /* AES Known Plaintext (128-bits). (blocksize is 128-bits) */
- static uint8_t aes_known_plaintext[] = { "Sun Open Solaris" };
-
- /* AES Known Ciphertext (128-bit key). */
- static uint8_t aes_ecb128_known_ciphertext[] = {
- 0xcc, 0xd1, 0xd0, 0xf3, 0xfd, 0x44, 0xb1, 0x4d,
- 0xfe, 0x33, 0x20, 0x72, 0x3c, 0xf3, 0x4d, 0x27
- };
-
- static uint8_t aes_cbc128_known_ciphertext[] = {
- 0x59, 0x34, 0x55, 0xd1, 0x89, 0x9b, 0xf4, 0xa5,
- 0x16, 0x2c, 0x4c, 0x14, 0xd3, 0xe2, 0xe5, 0xed
- };
-
- /* AES Known Ciphertext (192-bit key). */
- static uint8_t aes_ecb192_known_ciphertext[] = {
- 0xa3, 0x78, 0x10, 0x44, 0xd8, 0xee, 0x8a, 0x98,
- 0x41, 0xa4, 0xeb, 0x96, 0x57, 0xd8, 0xa0, 0xc5
- };
-
- static uint8_t aes_cbc192_known_ciphertext[] = {
- 0x22, 0x9c, 0x68, 0xc6, 0x86, 0x68, 0xcc, 0x6a,
- 0x56, 0x2c, 0xb8, 0xe0, 0x16, 0x4e, 0x8b, 0x78
- };
-
- /* AES Known Ciphertext (256-bit key). */
- static uint8_t aes_ecb256_known_ciphertext[] = {
- 0xe4, 0x65, 0x92, 0x7f, 0xd0, 0xdd, 0x59, 0x49,
- 0x79, 0xc3, 0xac, 0x96, 0x30, 0xad, 0x32, 0x52
- };
-
- static uint8_t aes_cbc256_known_ciphertext[] = {
- 0xd9, 0x44, 0x43, 0xe8, 0xdb, 0x60, 0x6b, 0xde,
- 0xc2, 0x84, 0xbf, 0xb9, 0xaf, 0x43, 0x3f, 0x51
- };
-
uint8_t *aes_ecb_known_ciphertext =
(aes_key_size == FIPS_AES_128_KEY_SIZE) ?
aes_ecb128_known_ciphertext :
@@ -928,55 +883,6 @@ fips_aes_post(int aes_key_size)
aes_cbc192_known_ciphertext :
aes_cbc256_known_ciphertext;
- /* AES-CTR Known Key (128-bits). */
- static uint8_t aes_ctr128_known_key[] = {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
- 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
- };
-
- /* AES-CTR Known Key (192-bits). */
- static uint8_t aes_ctr192_known_key[] = {
- 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
- 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
- 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
- };
-
- /* AES-CTR Known Key (256-bits). */
- static uint8_t aes_ctr256_known_key[] = {
- 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
- 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
- 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
- 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
- };
-
- /* AES-CTR Known Initialization Counter (128-bits). */
- static uint8_t aes_ctr_known_counter[] = {
- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
- 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
- };
-
- /* AES-CTR Known Plaintext (128-bits). */
- static uint8_t aes_ctr_known_plaintext[] = {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
- };
-
- /* AES-CTR Known Ciphertext. */
- static uint8_t aes_ctr128_known_ciphertext[] = {
- 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26,
- 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce
- };
-
- static uint8_t aes_ctr192_known_ciphertext[] = {
- 0x1a, 0xbc, 0x93, 0x24, 0x17, 0x52, 0x1c, 0xa2,
- 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b
- };
-
- static uint8_t aes_ctr256_known_ciphertext[] = {
- 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5,
- 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28
- };
-
uint8_t *aes_ctr_known_ciphertext =
(aes_key_size == FIPS_AES_128_KEY_SIZE) ?
aes_ctr128_known_ciphertext :
@@ -992,129 +898,6 @@ fips_aes_post(int aes_key_size)
aes_ctr256_known_key;
#ifdef _KERNEL
- /* AES-CCM Known Key (128-bits). */
- static uint8_t aes_ccm128_known_key[] = {
- 0x06, 0xfd, 0xf0, 0x83, 0xb5, 0xcb, 0x3b, 0xc7,
- 0xc0, 0x6d, 0x4d, 0xe5, 0xa6, 0x34, 0xc6, 0x50
- };
-
- /* AES-CCM Known Key (192-bits). */
- static uint8_t aes_ccm192_known_key[] = {
- 0xde, 0x91, 0x08, 0x63, 0xbe, 0x59, 0xb8, 0x7a,
- 0x45, 0x9b, 0xa6, 0xce, 0x2d, 0x7e, 0x71, 0x56,
- 0x1c, 0x5c, 0x15, 0xea, 0x1b, 0x6b, 0x05, 0x06
- };
-
- /* AES-CCM Known Key (256-bits). */
- static uint8_t aes_ccm256_known_key[] = {
- 0x84, 0x9c, 0x1d, 0xeb, 0x80, 0xf8, 0x5b, 0x7d,
- 0x25, 0x33, 0x64, 0x75, 0x4b, 0xdc, 0x5d, 0xf0,
- 0xe8, 0x1c, 0x98, 0x8a, 0x78, 0x8f, 0x15, 0xd1,
- 0xa2, 0x52, 0x49, 0xfa, 0x18, 0x5e, 0x1f, 0xd3
- };
-
- /* AES-CCM Known Nonce Nlen = 7 bytes (for 128-bits key). */
- static uint8_t aes_ccm128_known_nonce[] = {
- 0xfd, 0xe2, 0xd5, 0x4c, 0x65, 0x4e, 0xe4
- };
-
- /* AES-CCM Known Nonce Nlen = 7 bytes (192-bits). */
- static uint8_t aes_ccm192_known_nonce[] = {
- 0xcf, 0xb3, 0x48, 0xfa, 0x04, 0x36, 0xa2
- };
-
- /* AES-CCM Known Nonce Nlen = 7 bytes (256-bits). */
- static uint8_t aes_ccm256_known_nonce[] = {
- 0x75, 0xa5, 0x5b, 0x58, 0x33, 0x9d, 0x1c
- };
-
- /* AES-CCM Known Adata Alen = 30 bytes (128-bits). */
- static uint8_t aes_ccm128_known_adata[] = {
- 0xe0, 0xdf, 0xfc, 0x4c, 0x92, 0x90, 0xd8, 0x28,
- 0xef, 0xe7, 0xc6, 0xbe, 0x4a, 0xbc, 0xd1, 0x3e,
- 0x23, 0x61, 0x92, 0x2f, 0xfa, 0x27, 0xa4, 0x0e,
- 0x61, 0x24, 0x58, 0x38, 0x55, 0x33
- };
-
- /* AES-CCM Known Adata Alen = 30 bytes (192-bits). */
- static uint8_t aes_ccm192_known_adata[] = {
- 0x4c, 0x5b, 0x4f, 0xfe, 0x80, 0xba, 0x7a, 0xe5,
- 0xd3, 0xe8, 0xbc, 0xf6, 0x55, 0x83, 0xcf, 0x58,
- 0xa2, 0x82, 0x59, 0x65, 0xba, 0xbd, 0x63, 0x53,
- 0x0c, 0xb0, 0x0c, 0x14, 0xd4, 0x7b
- };
-
- /* AES-CCM Known Adata Alen = 30 bytes (256-bits). */
- static uint8_t aes_ccm256_known_adata[] = {
- 0x27, 0xb7, 0xec, 0x91, 0x08, 0xe1, 0x4d, 0x12,
- 0xd3, 0xd3, 0xb8, 0x49, 0x09, 0xde, 0xd0, 0x9a,
- 0x8f, 0x23, 0xbf, 0xd6, 0x02, 0x9b, 0x2a, 0x5e,
- 0x4a, 0x5a, 0x63, 0x8c, 0x72, 0x14
- };
-
- /* AES-CCM Known Payload Plen = 32 bytes (128-bits). */
- static uint8_t aes_ccm128_known_plaintext[] = {
- 0x77, 0xca, 0xdf, 0xa5, 0xb1, 0x23, 0xfe, 0x07,
- 0x8d, 0xca, 0x94, 0xe2, 0x66, 0x3f, 0x73, 0xd0,
- 0x3f, 0x0b, 0x4d, 0xc8, 0x05, 0xf6, 0x1c, 0xef,
- 0x13, 0x79, 0xc0, 0xb1, 0xfc, 0x76, 0xea, 0x11
- };
-
- /* AES-CCM Known Payload Plen = 32 bytes (192-bits). */
- static uint8_t aes_ccm192_known_plaintext[] = {
- 0xf9, 0x8a, 0x58, 0x59, 0x44, 0x2d, 0x2a, 0xf9,
- 0x65, 0x03, 0x36, 0x6d, 0x8a, 0x58, 0x29, 0xf9,
- 0xef, 0x47, 0x44, 0x30, 0xf4, 0x7e, 0x0d, 0xcd,
- 0x73, 0x41, 0x45, 0xdf, 0x50, 0xb2, 0x1b, 0x29
- };
-
- /* AES-CCM Known Payload Plen = 32 bytes (256-bits). */
- static uint8_t aes_ccm256_known_plaintext[] = {
- 0x25, 0x28, 0x3f, 0x05, 0x41, 0xd6, 0x66, 0x3b,
- 0xdb, 0x8f, 0xe9, 0xe7, 0x7b, 0x06, 0xc0, 0xee,
- 0xfe, 0xf6, 0xc9, 0x8b, 0x45, 0x08, 0x18, 0x4e,
- 0x2e, 0xf7, 0x8e, 0x64, 0xc3, 0xf2, 0xad, 0x18
- };
-
- /*
- * AES-CCM Known Ciphertext
- * Clen = 32 bytes + Tlen = 16 bytes (128-bits).
- */
- static uint8_t aes_ccm128_known_ciphertext[] = {
- 0x33, 0x50, 0x58, 0xbb, 0x5f, 0x13, 0x8d, 0xc9,
- 0x5b, 0x2c, 0xa4, 0x50, 0x1d, 0x7f, 0xd4, 0xa5,
- 0xb9, 0xb8, 0x71, 0x83, 0x8f, 0x82, 0x27, 0x5f,
- 0x75, 0x3e, 0x30, 0xf9, 0x9d, 0xad, 0xc2, 0xe9,
- 0x66, 0x93, 0x56, 0x98, 0x01, 0x1e, 0x3c, 0x11,
- 0x74, 0xdb, 0x9b, 0xca, 0xce, 0x0f, 0xc3, 0x35
- };
-
- /*
- * AES-CCM Known Ciphertext
- * Clen = 32 bytes + Tlen = 16 bytes (192-bits).
- */
- static uint8_t aes_ccm192_known_ciphertext[] = {
- 0xa7, 0x40, 0xd0, 0x25, 0xbd, 0x3e, 0x8f, 0xd5,
- 0x28, 0x3e, 0xee, 0xaa, 0xf9, 0xa7, 0xfc, 0xf2,
- 0x33, 0xf6, 0x69, 0xb8, 0xdc, 0x9c, 0x74, 0xb1,
- 0x46, 0xf4, 0xd6, 0xcc, 0x0a, 0x16, 0x12, 0x0c,
- 0x7c, 0x3c, 0x43, 0x76, 0x94, 0xf6, 0x9a, 0x14,
- 0xa0, 0xfb, 0xab, 0x9c, 0x2c, 0xd3, 0x5c, 0x09
- };
-
- /*
- * AES-CCM Known Ciphertext
- * Clen = 32 bytes + Tlen = 16 bytes (256-bits).
- */
- static uint8_t aes_ccm256_known_ciphertext[] = {
- 0xf6, 0x4d, 0x24, 0x69, 0x0e, 0xde, 0xc9, 0xc0,
- 0x1e, 0x42, 0xc0, 0x78, 0x29, 0xcf, 0xdb, 0xfe,
- 0xab, 0x52, 0x9a, 0xb1, 0x07, 0xe4, 0xac, 0xdf,
- 0x48, 0x46, 0x46, 0xc1, 0xe2, 0xb2, 0x0f, 0x36,
- 0x5f, 0xeb, 0x44, 0xcf, 0xa8, 0x80, 0x80, 0x23,
- 0xc9, 0xee, 0xc7, 0x56, 0x24, 0x63, 0x6e, 0x7e
- };
-
uint8_t *aes_ccm_known_plaintext =
(aes_key_size == FIPS_AES_128_KEY_SIZE) ?
aes_ccm128_known_plaintext :
@@ -1150,104 +933,6 @@ fips_aes_post(int aes_key_size)
aes_ccm192_known_nonce :
aes_ccm256_known_nonce;
- /* AES-GCM Known Key (128-bits). */
- static uint8_t aes_gcm128_known_key[] = {
- 0x7d, 0xf9, 0x9c, 0xdf, 0x7d, 0x00, 0xd9, 0xea,
- 0xd3, 0x85, 0x17, 0x1b, 0x29, 0xae, 0xcf, 0xbc
- };
-
- /* AES-GCM Known Key (192-bits). */
- static uint8_t aes_gcm192_known_key[] = {
- 0x85, 0xf4, 0x34, 0x7a, 0xf5, 0x98, 0x1e, 0xd9,
- 0x89, 0x85, 0x98, 0x1a, 0x53, 0xfc, 0xc5, 0xbf,
- 0x53, 0x6c, 0x91, 0x4b, 0x18, 0x3c, 0xe8, 0x12
- };
-
- /* AES-GCM Known Key (256-bits). */
- static uint8_t aes_gcm256_known_key[] = {
- 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92,
- 0x1c, 0x04, 0x65, 0x66, 0x5f, 0x8a, 0xe6, 0xd1,
- 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
- 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f
- };
-
- /* AES-GCM Known Initialization Vector (128-bits). */
- static uint8_t aes_gcm128_known_iv[] = {
- 0x27, 0x4c, 0x4e, 0xae, 0xfe, 0xef, 0xae, 0x26,
- 0x80, 0xb0, 0xef, 0xd5
- };
-
- /* AES-GCM Known Initialization Vector (192-bits). */
- static uint8_t aes_gcm192_known_iv[] = {
- 0xd4, 0xfb, 0x33, 0xc6, 0x51, 0xc8, 0x86, 0xff,
- 0x28, 0x80, 0xef, 0x96
- };
-
- /* AES-GCM Known Initialization Vector (256-bits). */
- static uint8_t aes_gcm256_known_iv[] = {
- 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0,
- 0xee, 0xd0, 0x66, 0x84
- };
-
- /* AES-GCM Known AAD Alen = 16 bytes (128-bits). */
- static uint8_t aes_gcm128_known_adata[] = {
- 0x60, 0xe8, 0xb0, 0x37, 0xec, 0xdf, 0x4d, 0x82,
- 0x8c, 0x83, 0x0d, 0xcf, 0xc5, 0xce, 0xd4, 0x9c
- };
-
- /* AES-GCM Known AAD Alen = 16 bytes (192-bits). */
- static uint8_t aes_gcm192_known_adata[] = {
- 0x44, 0x3a, 0xdf, 0xad, 0xbb, 0x29, 0xd6, 0x8c,
- 0x55, 0xe2, 0x02, 0x2d, 0xca, 0x62, 0x9b, 0x51
- };
-
- /* AES-GCM Known AAD Alen = 16 bytes (256-bits). */
- static uint8_t aes_gcm256_known_adata[] = {
- 0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b,
- 0xdb, 0x37, 0x0c, 0x43, 0x7f, 0xec, 0x78, 0xde
- };
-
- /* AES-GCM Known Payload Plen = 16 bytes (128-bits). */
- static uint8_t aes_gcm128_known_plaintext[] = {
- 0x99, 0x66, 0x7d, 0xc9, 0x62, 0xb3, 0x9f, 0x14,
- 0x8c, 0xdd, 0xfe, 0x68, 0xf9, 0x0a, 0x43, 0xf9
- };
-
- /* AES-GCM Known Payload Plen = 16 bytes (192-bits). */
- static uint8_t aes_gcm192_known_plaintext[] = {
- 0x7f, 0x9c, 0x08, 0x1d, 0x6a, 0xcc, 0xa8, 0xab,
- 0x71, 0x75, 0xcb, 0xd0, 0x49, 0x42, 0xba, 0xad
- };
- /* AES-GCM Known Payload Plen = 16 bytes (256-bits). */
- static uint8_t aes_gcm256_known_plaintext[] = {
- 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e,
- 0xeb, 0x31, 0xb2, 0xea, 0xcc, 0x2b, 0xf2, 0xa5
- };
-
- /* AES-GCM Known Ciphertext Clen = 16 bytes (128-bits) + tag */
- static uint8_t aes_gcm128_known_ciphertext[] = {
- 0x2b, 0x5f, 0x57, 0xf2, 0x62, 0x27, 0xe0, 0x94,
- 0xe7, 0xf8, 0x01, 0x23, 0xf9, 0xed, 0xbd, 0xe8,
- 0x16, 0xee, 0x08, 0xb4, 0xd8, 0x07, 0xe5, 0xdb,
- 0xd5, 0x70, 0x3c, 0xb3, 0xcf, 0x53, 0x8c, 0x14
- };
-
- /* AES-GCM Known Ciphertext Clen = 16 bytes (192-bits) + tag */
- static uint8_t aes_gcm192_known_ciphertext[] = {
- 0xdd, 0x7e, 0x7e, 0x45, 0x5b, 0x21, 0xd8, 0x84,
- 0x3d, 0x7b, 0xc3, 0x1f, 0x21, 0x07, 0xf9, 0x55,
- 0x9f, 0x0e, 0x8d, 0xe2, 0x6d, 0xb4, 0x95, 0xf5,
- 0x91, 0x1f, 0xb6, 0x0c, 0xf5, 0xf2, 0x3a, 0xf9
- };
-
- /* AES-GCM Known Ciphertext Clen = 16 bytes (256-bits)+ tag */
- static uint8_t aes_gcm256_known_ciphertext[] = {
- 0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c,
- 0xd5, 0x36, 0x86, 0x7e, 0xb9, 0xf2, 0x17, 0x36,
- 0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87,
- 0xd7, 0x37, 0xee, 0x62, 0x98, 0xf7, 0x7e, 0x0c
- };
-
uint8_t *aes_gcm_known_key =
(aes_key_size == FIPS_AES_128_KEY_SIZE) ?
aes_gcm128_known_key :
@@ -1283,95 +968,6 @@ fips_aes_post(int aes_key_size)
aes_gcm192_known_adata :
aes_gcm256_known_adata;
- /*
- * Source: NIST gcmEncryptExtIV128.txt
- * Count = 0, [Keylen = 128], [IVlen = 96], [PTlen = 0],
- * [AADlen = 128], [Taglen = 128]
- *
- * Source: NIST gcmEncryptExtIV192.txt
- * Count = 0, [Keylen = 192], [IVlen = 96], [PTlen = 0],
- * [AADlen = 128], [Taglen = 128]
- *
- * Source: NIST gcmEncryptExtIV256.txt
- * Count = 0, [Keylen = 256], [IVlen = 96], [PTlen = 0],
- * [AADlen = 128], [Taglen = 128]
- */
-
- /* AES-GMAC Known Key (128-bits). */
- static uint8_t aes_gmac128_known_key[] = {
- 0x7d, 0x70, 0xd2, 0x32, 0x48, 0xc4, 0x7e, 0xb3,
- 0xd2, 0x73, 0xdf, 0x81, 0xed, 0x30, 0x24, 0xbd
- };
-
- /* AES-GMAC Known Key (192-bits). */
- static uint8_t aes_gmac192_known_key[] = {
- 0x03, 0x60, 0x22, 0xfe, 0x26, 0x9a, 0xdc, 0xad,
- 0xb5, 0x73, 0x11, 0xa4, 0xa0, 0xed, 0x2a, 0x84,
- 0x18, 0x34, 0xb8, 0xb6, 0xd8, 0xa0, 0x7f, 0x41
- };
-
- /* AES-GMAC Known Key (256-bits). */
- static uint8_t aes_gmac256_known_key[] = {
- 0xbb, 0x10, 0x10, 0x06, 0x4f, 0xb8, 0x35, 0x23,
- 0xea, 0x9d, 0xf3, 0x2b, 0xad, 0x9f, 0x1f, 0x2a,
- 0x4f, 0xce, 0xfc, 0x0f, 0x21, 0x07, 0xc0, 0xaa,
- 0xba, 0xd9, 0xb7, 0x56, 0xd8, 0x09, 0x21, 0x9d
- };
-
- /* AES-GMAC Known Initialization Vector (128-bits). */
- static uint8_t aes_gmac128_known_iv[] = {
- 0xab, 0x53, 0x23, 0x33, 0xd6, 0x76, 0x51, 0x20,
- 0x8b, 0x8c, 0x34, 0x85
- };
-
- /* AES-GMAC Known Initialization Vector (192-bits). */
- static uint8_t aes_gmac192_known_iv[] = {
- 0x85, 0x65, 0xb2, 0x15, 0x3a, 0x3f, 0x34, 0x9a,
- 0x07, 0x31, 0x06, 0x79
- };
-
- /* AES-GMAC Known Initialization Vector (256-bits). */
- static uint8_t aes_gmac256_known_iv[] = {
- 0x2f, 0x9a, 0xd0, 0x12, 0xad, 0xfc, 0x12, 0x73,
- 0x43, 0xfb, 0xe0, 0x56
- };
-
- /* AES-GMAC Known Tag (128-bits). */
- static uint8_t aes_gmac128_known_tag[] = {
- 0xcf, 0x89, 0x50, 0xa3, 0x10, 0xf5, 0xab, 0x8b,
- 0x69, 0xd5, 0x00, 0x11, 0x1a, 0x44, 0xb0, 0x96
- };
-
- /* AES-GMAC Known Tag (192-bits). */
- static uint8_t aes_gmac192_known_tag[] = {
- 0x90, 0x21, 0xaf, 0x4c, 0xa0, 0x8d, 0x01, 0xef,
- 0x82, 0x5a, 0x42, 0xf9, 0xbe, 0x3a, 0xb3, 0xe9
- };
-
- /* AES-GMAC Known Tag (256-bits). */
- static uint8_t aes_gmac256_known_tag[] = {
- 0xef, 0x06, 0xd5, 0x4d, 0xfd, 0x00, 0x02, 0x1d,
- 0x75, 0x27, 0xdf, 0xf2, 0x6f, 0xc9, 0xd4, 0x84
- };
-
- /* AES-GMAC Known AAD Alen = 16 bytes (128-bits). */
- static uint8_t aes_gmac128_known_adata[] = {
- 0x7d, 0x1d, 0x42, 0xe8, 0x94, 0x60, 0xe9, 0x44,
- 0xbf, 0xa4, 0x83, 0xdb, 0xe6, 0x92, 0xf0, 0x8d
- };
-
- /* AES-GMAC Known AAD Alen = 16 bytes (192-bits). */
- static uint8_t aes_gmac192_known_adata[] = {
- 0xad, 0xcf, 0x4f, 0xbb, 0xa0, 0xe0, 0x6a, 0x63,
- 0x70, 0x71, 0x1a, 0x57, 0xf8, 0xdc, 0xd0, 0xc9
- };
-
- /* AES-GMAC Known AAD Alen = 16 bytes (256-bits). */
- static uint8_t aes_gmac256_known_adata[] = {
- 0xdb, 0x98, 0xd9, 0x0d, 0x1b, 0x69, 0x5c, 0xdb,
- 0x74, 0x7a, 0x34, 0x3f, 0xbb, 0xc9, 0xf1, 0x41
- };
-
uint8_t *aes_gmac_known_key =
(aes_key_size == FIPS_AES_128_KEY_SIZE) ?
aes_gmac128_known_key :
diff --git a/usr/src/common/crypto/fips/fips_checksum.c b/usr/src/common/crypto/fips/fips_checksum.c
new file mode 100644
index 0000000000..0072b2a8b7
--- /dev/null
+++ b/usr/src/common/crypto/fips/fips_checksum.c
@@ -0,0 +1,346 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+/*
+ * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ */
+
+
+#include <fips/fips_checksum.h>
+
+
+#ifdef _KERNEL
+#define FIPS_ALLOC(size) kmem_alloc(size, KM_SLEEP)
+#define FIPS_FREE(buf, size) kmem_free(buf, size)
+#define FIPS_READ_FILE kobj_read_file
+#define ERRLOG0(str) cmn_err(CE_NOTE, str)
+#define ERRLOG1(fmt, arg) cmn_err(CE_NOTE, fmt, arg)
+#include <sys/sunddi.h>
+
+struct _buf *kobj_open_file(char *name);
+int kobj_read_file(struct _buf *file, char *buf, uint_t size, uint_t off);
+#else
+
+#define FIPS_ALLOC(size) malloc(size)
+#define FIPS_FREE(buf, size) free(buf)
+#define FIPS_READ_FILE fips_read_file
+#define ERRLOG0(str) (void) printf(str)
+#define ERRLOG1(fmt, arg) (void) printf(fmt, arg)
+#endif
+
+#define NUM_SECTIONS (sizeof (checked_sec_names) / sizeof (char *))
+
+static char *checked_sec_names[] = {
+ ".strtab",
+ ".dynamic",
+ ".compcom",
+ ".comment",
+ ".dynstr",
+ ".shstrtab",
+ ".rela.text",
+ ".rela.data",
+ ".text",
+ ".rodata",
+ ".rodata1",
+ ".data",
+ ".symtab",
+ ".SUNW_ctf",
+ ".bss"
+};
+
+
+static int
+#ifdef _KERNEL
+process_section(SHA1_CTX *shactx, Elf64_Shdr *section, struct _buf *file,
+ char *shstrtab)
+#else
+process_section(SHA1_CTX *shactx, Elf64_Shdr *section, int file,
+ char *shstrtab)
+#endif
+{
+ size_t size, offs;
+ char *name;
+ int doit = 0;
+ char *buf;
+ int i;
+
+ size = section->sh_size;
+ offs = section->sh_offset;
+ name = shstrtab + section->sh_name;
+ for (i = 0; i < NUM_SECTIONS; i++) {
+ if (strncmp(name, checked_sec_names[i],
+ strlen(checked_sec_names[i]) + 1) == 0) {
+ doit++;
+ break;
+ }
+ }
+
+ if (!doit) {
+ return (0);
+ }
+
+ /* hash the size of .bss section */
+ if (strcmp(name, ".bss") == 0) {
+ char szstr[32];
+ (void) snprintf(szstr, sizeof (szstr), "%ld", size);
+ SHA1Update(shactx, szstr, strlen(szstr));
+ return (0);
+ }
+
+
+ /* hash the contents of the section */
+ if ((buf = FIPS_ALLOC(size)) == NULL) {
+ ERRLOG1("Not enough memory for section %s\n", name);
+ return (-1);
+ }
+
+ if (FIPS_READ_FILE(file, buf, size, offs) < 0) {
+ FIPS_FREE(buf, size);
+ return (-2);
+ }
+
+ SHA1Update(shactx, buf, size);
+
+ FIPS_FREE(buf, size);
+
+ return (0);
+}
+
+int
+#ifdef _KERNEL
+fips_calc_checksum(struct _buf *file, Elf64_Ehdr *ehdr, char *sha1buf)
+#else
+fips_calc_checksum(int file, Elf64_Ehdr *ehdr, char *sha1buf)
+#endif
+{
+ unsigned int size, numsec;
+ Elf64_Shdr *shdrs;
+ Elf64_Shdr *section;
+ SHA1_CTX sha1ctx;
+ char *shstrtab;
+ int i;
+
+ numsec = ehdr->e_shnum;
+ size = ehdr->e_shentsize * numsec;
+ if ((shdrs = (Elf64_Shdr *)FIPS_ALLOC(size)) == NULL) {
+ ERRLOG0("Not enough memory for shdrs\n");
+ return (FAILURE);
+ }
+ if (FIPS_READ_FILE(file, (char *)shdrs, size, ehdr->e_shoff) < 0) {
+ return (FAILURE);
+ }
+
+ /* Obtain the .shstrtab data buffer */
+ section = &(shdrs[ehdr->e_shstrndx]);
+ size = section->sh_size;
+ if ((shstrtab = (char *)FIPS_ALLOC(size)) == NULL) {
+ ERRLOG0("Not enough memory for shstrtab\n");
+ return (FAILURE);
+ }
+ if (FIPS_READ_FILE(file, shstrtab, size, section->sh_offset) < 0) {
+ return (FAILURE);
+ }
+
+ SHA1Init(&sha1ctx);
+ for (i = 0; i < numsec; i++) {
+ if (process_section(&sha1ctx, &(shdrs[i]),
+ file, shstrtab) < 0) {
+ return (FAILURE);
+ }
+ }
+ SHA1Final(sha1buf, &sha1ctx);
+
+ return (0);
+}
+
+
+#ifndef _KERNEL
+
+int
+fips_read_file(int fd, char *buf, int size, int offs)
+{
+ int i;
+
+ if (lseek(fd, offs, SEEK_SET) == (off_t)(-1)) {
+ (void) fprintf(stderr,
+ "lseek returned an error for file %d\n", fd);
+ return (-1);
+ }
+ while ((i = read(fd, buf, size)) >= 0) {
+ if (size == i) {
+ break;
+ } else {
+ size -= i;
+ buf += i;
+ }
+ }
+ if (i < 0) {
+ (void) fprintf(stderr, "read failed for file %d\n", fd);
+ return (-2);
+ }
+
+ return (0);
+}
+
+#else
+
+static int
+get_fips_section(Elf64_Ehdr *ehdr, struct _buf *file, char *expected_checksum)
+{
+ unsigned int shdrssz, shstrtabsz, numsec;
+ Elf64_Shdr *shdrs = NULL;
+ Elf64_Shdr *section;
+ char *shstrtab = NULL;
+ char *name;
+ int rv = FAILURE;
+ int i;
+
+ numsec = ehdr->e_shnum;
+ shdrssz = ehdr->e_shentsize * numsec;
+ if ((shdrs = (Elf64_Shdr *)FIPS_ALLOC(shdrssz)) == NULL) {
+ ERRLOG0("Not enough memory for shdrs\n");
+ return (FAILURE);
+ }
+ if (FIPS_READ_FILE(file, (char *)shdrs, shdrssz, ehdr->e_shoff) < 0) {
+ goto exit;
+ }
+
+ /* Obtain the .shstrtab data buffer */
+ section = &(shdrs[ehdr->e_shstrndx]);
+ shstrtabsz = section->sh_size;
+ if ((shstrtab = (char *)FIPS_ALLOC(shstrtabsz)) == NULL) {
+ ERRLOG0("Not enough memory for shstrtab\n");
+ goto exit;
+ }
+ if (FIPS_READ_FILE(file, shstrtab, shstrtabsz,
+ section->sh_offset) < 0) {
+ goto exit;
+ }
+
+ for (i = 0; i < numsec; i++) {
+ section = &shdrs[i];
+ name = shstrtab + section->sh_name;
+ /* Get the checksum stored in the .SUNW_fips section */
+ if (strcmp(name, ".SUNW_fips") == 0) {
+ if (section->sh_size != SHA1_DIGEST_LENGTH) {
+ goto exit;
+ }
+ if (FIPS_READ_FILE(file, expected_checksum,
+ section->sh_size, section->sh_offset) < 0) {
+ goto exit;
+ }
+ rv = 0;
+ goto exit;
+ }
+ }
+
+
+exit:
+ if (shdrs != NULL) {
+ FIPS_FREE(shdrs, shdrssz);
+ }
+ if (shstrtab != NULL) {
+ FIPS_FREE(shstrtab, shstrtabsz);
+ }
+
+ return (rv);
+}
+
+
+int
+fips_check_module(char *modname, void *_initaddr)
+{
+ struct modctl *modctlp = NULL;
+ struct module *mp = NULL;
+ struct _buf *file;
+ char *filename;
+ Elf64_Ehdr ehdr;
+ unsigned int size, i;
+ char sha1buf[SHA1_DIGEST_LENGTH];
+ char expected_checksum[SHA1_DIGEST_LENGTH];
+
+ modctlp = mod_find_by_filename(NULL, modname);
+ if (modctlp == NULL) {
+ ERRLOG1("module with modname %s not found\n", modname);
+ return (FAILURE);
+ }
+ mp = (struct module *)modctlp->mod_mp;
+ if (mp != NULL && mp->filename != NULL) {
+ filename = mp->filename;
+ } else {
+ /* filename does not exist */
+ return (FAILURE);
+ }
+ if ((mp->text > (char *)_initaddr) ||
+ (mp->text + mp->text_size < (char *)_initaddr)) {
+ ERRLOG1("_init() is not in module %s\n", modname);
+ return (FAILURE);
+ }
+
+ if ((file = kobj_open_file(filename)) == (struct _buf *)-1) {
+ ERRLOG1("Cannot open %s\n", filename);
+ return (FAILURE);
+ }
+ /* Read the ELF header */
+ size = sizeof (ehdr);
+ if (kobj_read_file(file, (char *)(&ehdr), size, 0) < 0) {
+ goto fail_exit;
+ }
+
+ /* check if it is an ELF file */
+ for (i = 0; i < SELFMAG; i++) {
+ if (ehdr.e_ident[i] != ELFMAG[i]) {
+ ERRLOG1("%s not an elf file\n", filename);
+ goto fail_exit;
+ }
+ }
+
+ /* check if it is relocatable */
+ if (ehdr.e_type != ET_REL) {
+ ERRLOG1("%s isn't a relocatable (ET_REL) "
+ "module\n", filename);
+ goto fail_exit;
+ }
+
+ if (fips_calc_checksum(file, &ehdr, sha1buf) < 0) {
+ goto fail_exit;
+ }
+
+ if (get_fips_section(&ehdr, file, expected_checksum) < 0) {
+ goto fail_exit;
+ }
+
+ if (memcmp(sha1buf, expected_checksum, SHA1_DIGEST_LENGTH) != 0) {
+ goto fail_exit;
+ }
+
+ kobj_close_file(file);
+
+ return (SUCCESS);
+
+fail_exit:
+
+ kobj_close_file(file);
+
+ return (FAILURE);
+
+}
+
+#endif
diff --git a/usr/src/common/crypto/fips/fips_checksum.h b/usr/src/common/crypto/fips/fips_checksum.h
new file mode 100644
index 0000000000..4288634673
--- /dev/null
+++ b/usr/src/common/crypto/fips/fips_checksum.h
@@ -0,0 +1,70 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+/*
+ * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ */
+
+#ifndef _SYS_CRYPTO_FIPS_H
+#define _SYS_CRYPTO_FIPS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef _KERNEL
+#include <sys/elf.h>
+#include <sys/modctl.h>
+#include <sys/kobj.h>
+#include <sys/kmem.h>
+#include <sys/sha1.h>
+#include <sys/ddi.h>
+#else
+#include <ctype.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <libelf.h>
+#include <gelf.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sha1.h>
+#include <sys/elf_SPARC.h>
+#endif
+
+
+#define FAILURE -1
+#define SUCCESS 0
+
+#ifdef _KERNEL
+extern int fips_calc_checksum(struct _buf *, Elf64_Ehdr *, char *);
+extern int fips_check_module(char *modname, void *_initaddr);
+#else
+extern int fips_read_file(int, char *, int, int);
+extern int fips_calc_checksum(int, Elf64_Ehdr *, char *);
+#endif
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _SYS_CRYPTO_FIPS_H */
diff --git a/usr/src/common/crypto/fips/fips_sha1_util.c b/usr/src/common/crypto/fips/fips_sha1_util.c
index 53a58f3b1c..1671ce904b 100644
--- a/usr/src/common/crypto/fips/fips_sha1_util.c
+++ b/usr/src/common/crypto/fips/fips_sha1_util.c
@@ -19,8 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#include <sys/types.h>
@@ -41,6 +40,8 @@
#include "softMAC.h"
#endif
#include <sha1/sha1_impl.h>
+#define _SHA1_FIPS_POST
+#include <fips/fips_test_vectors.h>
/*
* fips_sha1_build_context()
@@ -266,62 +267,9 @@ fips_hmac_sha1_hash(sha1_hmac_ctx_t *sha1_hmac_ctx,
int
fips_sha1_post(void)
{
-
- /*
- * SHA-1 Known Hash Message
- * Source from NIST SHA1ShortMsg (L = 512-bits).
- */
- static uint8_t sha1_known_hash_message[] = {
- 0x7e, 0x3a, 0x4c, 0x32, 0x5c, 0xb9, 0xc5, 0x2b,
- 0x88, 0x38, 0x7f, 0x93, 0xd0, 0x1a, 0xe8, 0x6d,
- 0x42, 0x09, 0x8f, 0x5e, 0xfa, 0x7f, 0x94, 0x57,
- 0x38, 0x8b, 0x5e, 0x74, 0xb6, 0xd2, 0x8b, 0x24,
- 0x38, 0xd4, 0x2d, 0x8b, 0x64, 0x70, 0x33, 0x24,
- 0xd4, 0xaa, 0x25, 0xab, 0x6a, 0xad, 0x15, 0x3a,
- 0xe3, 0x0c, 0xd2, 0xb2, 0xaf, 0x4d, 0x5e, 0x5c,
- 0x00, 0xa8, 0xa2, 0xd0, 0x22, 0x0c, 0x61, 0x16
- };
-
- /* SHA-1 Known Digest Message (160-bits). */
- static uint8_t sha1_known_digest[] = {
- 0xa3, 0x05, 0x44, 0x27, 0xcd, 0xb1, 0x3f, 0x16,
- 0x4a, 0x61, 0x0b, 0x34, 0x87, 0x02, 0x72, 0x4c,
- 0x80, 0x8a, 0x0d, 0xcc
- };
-
- /* Source from NIST HMAC.txt Count = 0 */
- static uint8_t HMAC_known_secret_key[] = {
- 0x7b, 0x10, 0xf4, 0x12, 0x4b, 0x15, 0xc8, 0x2e
- };
-
static uint8_t HMAC_known_secret_key_length
= sizeof (HMAC_known_secret_key);
- /* known SHA1 hmac - truncated (10 bytes) */
- static uint8_t known_SHA1_hmac[] = {
- 0x4e, 0xad, 0x12, 0xc2, 0xfe, 0x3d, 0x6e, 0xa4,
- 0x3a, 0xcb
- };
-
- static uint8_t hmac_sha1_known_hash_message[] = {
- 0x27, 0xdc, 0xb5, 0xb1, 0xda, 0xf6, 0x0c, 0xfd,
- 0x3e, 0x2f, 0x73, 0xd4, 0xd6, 0x4c, 0xa9, 0xc6,
- 0x84, 0xf8, 0xbf, 0x71, 0xfc, 0x68, 0x2a, 0x46,
- 0x79, 0x3b, 0x17, 0x90, 0xaf, 0xa4, 0xfe, 0xb1,
- 0x00, 0xca, 0x7a, 0xaf, 0xf2, 0x6f, 0x58, 0xf0,
- 0xe1, 0xd0, 0xed, 0x42, 0xf1, 0xcd, 0xad, 0x1f,
- 0x47, 0x4a, 0xfa, 0x2e, 0x79, 0xd5, 0x3a, 0x0c,
- 0x42, 0x89, 0x2c, 0x4d, 0x7b, 0x32, 0x7c, 0xbe,
- 0x46, 0xb2, 0x95, 0xed, 0x8d, 0xa3, 0xb6, 0xec,
- 0xab, 0x3d, 0x48, 0x51, 0x68, 0x7a, 0x6f, 0x81,
- 0x2b, 0x79, 0xdf, 0x2f, 0x6b, 0x20, 0xf1, 0x1f,
- 0x67, 0x06, 0xf5, 0x30, 0x17, 0x90, 0xca, 0x99,
- 0x62, 0x5a, 0xad, 0x73, 0x91, 0xd8, 0x4f, 0x78,
- 0x04, 0x3d, 0x2a, 0x0a, 0x23, 0x9b, 0x14, 0x77,
- 0x98, 0x4c, 0x15, 0x7b, 0xbc, 0x92, 0x76, 0x06,
- 0x4e, 0x7a, 0x1a, 0x40, 0x6b, 0x06, 0x12, 0xca
- };
-
/* SHA-1 variables. */
uint8_t sha1_computed_digest[SHA1_DIGEST_LENGTH];
uint8_t hmac_computed[SHA1_HMAC_BLOCK_SIZE];
diff --git a/usr/src/common/crypto/fips/fips_test_vectors.c b/usr/src/common/crypto/fips/fips_test_vectors.c
new file mode 100644
index 0000000000..ef833cb392
--- /dev/null
+++ b/usr/src/common/crypto/fips/fips_test_vectors.c
@@ -0,0 +1,1594 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ */
+
+#include <sys/types.h>
+
+/*
+ * AES ECB/CBC test vectors
+ */
+
+/* AES Known Key (up to 256-bits). */
+uint8_t aes_known_key[] = {
+ 'A', 'E', 'S', '-', '1', '2', '8', ' ',
+ 'R', 'I', 'J', 'N', 'D', 'A', 'E', 'L',
+ 'L', 'E', 'A', 'D', 'N', 'J', 'I', 'R',
+ ' ', '8', '2', '1', '-', 'S', 'E', 'A'
+};
+
+/* AES-CBC Known Initialization Vector (128-bits). */
+uint8_t aes_cbc_known_initialization_vector[] = {
+ 'S', 'e', 'c', 'u', 'r', 'i', 't', 'y',
+ 'y', 't', 'i', 'r', 'u', 'c', 'e', 'S'
+};
+
+/* AES Known Plaintext (128-bits). (blocksize is 128-bits) */
+uint8_t aes_known_plaintext[] = {
+ 'S', 'u', 'n', ' ', 'O', 'p', 'e', 'n',
+ ' ', 'S', 'o', 'l', 'a', 'r', 'i', 's'
+};
+
+/* AES Known Ciphertext (128-bit key). */
+uint8_t aes_ecb128_known_ciphertext[] = {
+ 0xcc, 0xd1, 0xd0, 0xf3, 0xfd, 0x44, 0xb1, 0x4d,
+ 0xfe, 0x33, 0x20, 0x72, 0x3c, 0xf3, 0x4d, 0x27
+};
+
+uint8_t aes_cbc128_known_ciphertext[] = {
+ 0x59, 0x34, 0x55, 0xd1, 0x89, 0x9b, 0xf4, 0xa5,
+ 0x16, 0x2c, 0x4c, 0x14, 0xd3, 0xe2, 0xe5, 0xed
+};
+
+/* AES Known Ciphertext (192-bit key). */
+uint8_t aes_ecb192_known_ciphertext[] = {
+ 0xa3, 0x78, 0x10, 0x44, 0xd8, 0xee, 0x8a, 0x98,
+ 0x41, 0xa4, 0xeb, 0x96, 0x57, 0xd8, 0xa0, 0xc5
+};
+
+uint8_t aes_cbc192_known_ciphertext[] = {
+ 0x22, 0x9c, 0x68, 0xc6, 0x86, 0x68, 0xcc, 0x6a,
+ 0x56, 0x2c, 0xb8, 0xe0, 0x16, 0x4e, 0x8b, 0x78
+};
+
+/* AES Known Ciphertext (256-bit key). */
+uint8_t aes_ecb256_known_ciphertext[] = {
+ 0xe4, 0x65, 0x92, 0x7f, 0xd0, 0xdd, 0x59, 0x49,
+ 0x79, 0xc3, 0xac, 0x96, 0x30, 0xad, 0x32, 0x52
+};
+
+uint8_t aes_cbc256_known_ciphertext[] = {
+ 0xd9, 0x44, 0x43, 0xe8, 0xdb, 0x60, 0x6b, 0xde,
+ 0xc2, 0x84, 0xbf, 0xb9, 0xaf, 0x43, 0x3f, 0x51
+};
+
+/* AES-CTR Known Key (128-bits). */
+uint8_t aes_ctr128_known_key[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
+};
+
+/* AES-CTR Known Key (192-bits). */
+uint8_t aes_ctr192_known_key[] = {
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
+ 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
+ 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
+};
+
+/* AES-CTR Known Key (256-bits). */
+uint8_t aes_ctr256_known_key[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
+};
+
+/* AES-CTR Known Initialization Counter (128-bits). */
+uint8_t aes_ctr_known_counter[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+};
+
+/* AES-CTR Known Plaintext (128-bits). */
+uint8_t aes_ctr_known_plaintext[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
+};
+
+/* AES-CTR Known Ciphertext. */
+uint8_t aes_ctr128_known_ciphertext[] = {
+ 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26,
+ 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce
+};
+
+uint8_t aes_ctr192_known_ciphertext[] = {
+ 0x1a, 0xbc, 0x93, 0x24, 0x17, 0x52, 0x1c, 0xa2,
+ 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b
+};
+
+uint8_t aes_ctr256_known_ciphertext[] = {
+ 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5,
+ 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28
+};
+
+/* AES-CCM Known Key (128-bits). */
+uint8_t aes_ccm128_known_key[] = {
+ 0x06, 0xfd, 0xf0, 0x83, 0xb5, 0xcb, 0x3b, 0xc7,
+ 0xc0, 0x6d, 0x4d, 0xe5, 0xa6, 0x34, 0xc6, 0x50
+};
+
+/* AES-CCM Known Key (192-bits). */
+uint8_t aes_ccm192_known_key[] = {
+ 0xde, 0x91, 0x08, 0x63, 0xbe, 0x59, 0xb8, 0x7a,
+ 0x45, 0x9b, 0xa6, 0xce, 0x2d, 0x7e, 0x71, 0x56,
+ 0x1c, 0x5c, 0x15, 0xea, 0x1b, 0x6b, 0x05, 0x06
+};
+
+/* AES-CCM Known Key (256-bits). */
+uint8_t aes_ccm256_known_key[] = {
+ 0x84, 0x9c, 0x1d, 0xeb, 0x80, 0xf8, 0x5b, 0x7d,
+ 0x25, 0x33, 0x64, 0x75, 0x4b, 0xdc, 0x5d, 0xf0,
+ 0xe8, 0x1c, 0x98, 0x8a, 0x78, 0x8f, 0x15, 0xd1,
+ 0xa2, 0x52, 0x49, 0xfa, 0x18, 0x5e, 0x1f, 0xd3
+};
+
+/* AES-CCM Known Nonce Nlen = 7 bytes (for 128-bits key). */
+uint8_t aes_ccm128_known_nonce[] = {
+ 0xfd, 0xe2, 0xd5, 0x4c, 0x65, 0x4e, 0xe4
+};
+
+/* AES-CCM Known Nonce Nlen = 7 bytes (192-bits). */
+uint8_t aes_ccm192_known_nonce[] = {
+ 0xcf, 0xb3, 0x48, 0xfa, 0x04, 0x36, 0xa2
+};
+
+/* AES-CCM Known Nonce Nlen = 7 bytes (256-bits). */
+uint8_t aes_ccm256_known_nonce[] = {
+ 0x75, 0xa5, 0x5b, 0x58, 0x33, 0x9d, 0x1c
+};
+
+/* AES-CCM Known Adata Alen = 30 bytes (128-bits). */
+uint8_t aes_ccm128_known_adata[] = {
+ 0xe0, 0xdf, 0xfc, 0x4c, 0x92, 0x90, 0xd8, 0x28,
+ 0xef, 0xe7, 0xc6, 0xbe, 0x4a, 0xbc, 0xd1, 0x3e,
+ 0x23, 0x61, 0x92, 0x2f, 0xfa, 0x27, 0xa4, 0x0e,
+ 0x61, 0x24, 0x58, 0x38, 0x55, 0x33
+};
+
+/* AES-CCM Known Adata Alen = 30 bytes (192-bits). */
+uint8_t aes_ccm192_known_adata[] = {
+ 0x4c, 0x5b, 0x4f, 0xfe, 0x80, 0xba, 0x7a, 0xe5,
+ 0xd3, 0xe8, 0xbc, 0xf6, 0x55, 0x83, 0xcf, 0x58,
+ 0xa2, 0x82, 0x59, 0x65, 0xba, 0xbd, 0x63, 0x53,
+ 0x0c, 0xb0, 0x0c, 0x14, 0xd4, 0x7b
+};
+
+/* AES-CCM Known Adata Alen = 30 bytes (256-bits). */
+uint8_t aes_ccm256_known_adata[] = {
+ 0x27, 0xb7, 0xec, 0x91, 0x08, 0xe1, 0x4d, 0x12,
+ 0xd3, 0xd3, 0xb8, 0x49, 0x09, 0xde, 0xd0, 0x9a,
+ 0x8f, 0x23, 0xbf, 0xd6, 0x02, 0x9b, 0x2a, 0x5e,
+ 0x4a, 0x5a, 0x63, 0x8c, 0x72, 0x14
+};
+/* AES-CCM Known Payload Plen = 32 bytes (128-bits). */
+uint8_t aes_ccm128_known_plaintext[] = {
+ 0x77, 0xca, 0xdf, 0xa5, 0xb1, 0x23, 0xfe, 0x07,
+ 0x8d, 0xca, 0x94, 0xe2, 0x66, 0x3f, 0x73, 0xd0,
+ 0x3f, 0x0b, 0x4d, 0xc8, 0x05, 0xf6, 0x1c, 0xef,
+ 0x13, 0x79, 0xc0, 0xb1, 0xfc, 0x76, 0xea, 0x11
+};
+
+/* AES-CCM Known Payload Plen = 32 bytes (192-bits). */
+uint8_t aes_ccm192_known_plaintext[] = {
+ 0xf9, 0x8a, 0x58, 0x59, 0x44, 0x2d, 0x2a, 0xf9,
+ 0x65, 0x03, 0x36, 0x6d, 0x8a, 0x58, 0x29, 0xf9,
+ 0xef, 0x47, 0x44, 0x30, 0xf4, 0x7e, 0x0d, 0xcd,
+ 0x73, 0x41, 0x45, 0xdf, 0x50, 0xb2, 0x1b, 0x29
+};
+
+/* AES-CCM Known Payload Plen = 32 bytes (256-bits). */
+uint8_t aes_ccm256_known_plaintext[] = {
+ 0x25, 0x28, 0x3f, 0x05, 0x41, 0xd6, 0x66, 0x3b,
+ 0xdb, 0x8f, 0xe9, 0xe7, 0x7b, 0x06, 0xc0, 0xee,
+ 0xfe, 0xf6, 0xc9, 0x8b, 0x45, 0x08, 0x18, 0x4e,
+ 0x2e, 0xf7, 0x8e, 0x64, 0xc3, 0xf2, 0xad, 0x18
+};
+
+/*
+ * AES-CCM Known Ciphertext
+ * Clen = 32 bytes + Tlen = 16 bytes (128-bits).
+ */
+uint8_t aes_ccm128_known_ciphertext[] = {
+ 0x33, 0x50, 0x58, 0xbb, 0x5f, 0x13, 0x8d, 0xc9,
+ 0x5b, 0x2c, 0xa4, 0x50, 0x1d, 0x7f, 0xd4, 0xa5,
+ 0xb9, 0xb8, 0x71, 0x83, 0x8f, 0x82, 0x27, 0x5f,
+ 0x75, 0x3e, 0x30, 0xf9, 0x9d, 0xad, 0xc2, 0xe9,
+ 0x66, 0x93, 0x56, 0x98, 0x01, 0x1e, 0x3c, 0x11,
+ 0x74, 0xdb, 0x9b, 0xca, 0xce, 0x0f, 0xc3, 0x35
+};
+
+/*
+ * AES-CCM Known Ciphertext
+ * Clen = 32 bytes + Tlen = 16 bytes (192-bits).
+ */
+uint8_t aes_ccm192_known_ciphertext[] = {
+ 0xa7, 0x40, 0xd0, 0x25, 0xbd, 0x3e, 0x8f, 0xd5,
+ 0x28, 0x3e, 0xee, 0xaa, 0xf9, 0xa7, 0xfc, 0xf2,
+ 0x33, 0xf6, 0x69, 0xb8, 0xdc, 0x9c, 0x74, 0xb1,
+ 0x46, 0xf4, 0xd6, 0xcc, 0x0a, 0x16, 0x12, 0x0c,
+ 0x7c, 0x3c, 0x43, 0x76, 0x94, 0xf6, 0x9a, 0x14,
+ 0xa0, 0xfb, 0xab, 0x9c, 0x2c, 0xd3, 0x5c, 0x09
+};
+
+/*
+ * AES-CCM Known Ciphertext
+ * Clen = 32 bytes + Tlen = 16 bytes (256-bits).
+ */
+uint8_t aes_ccm256_known_ciphertext[] = {
+ 0xf6, 0x4d, 0x24, 0x69, 0x0e, 0xde, 0xc9, 0xc0,
+ 0x1e, 0x42, 0xc0, 0x78, 0x29, 0xcf, 0xdb, 0xfe,
+ 0xab, 0x52, 0x9a, 0xb1, 0x07, 0xe4, 0xac, 0xdf,
+ 0x48, 0x46, 0x46, 0xc1, 0xe2, 0xb2, 0x0f, 0x36,
+ 0x5f, 0xeb, 0x44, 0xcf, 0xa8, 0x80, 0x80, 0x23,
+ 0xc9, 0xee, 0xc7, 0x56, 0x24, 0x63, 0x6e, 0x7e
+};
+
+/* AES-GCM Known Key (128-bits). */
+uint8_t aes_gcm128_known_key[] = {
+ 0x7d, 0xf9, 0x9c, 0xdf, 0x7d, 0x00, 0xd9, 0xea,
+ 0xd3, 0x85, 0x17, 0x1b, 0x29, 0xae, 0xcf, 0xbc
+};
+
+/* AES-GCM Known Key (192-bits). */
+uint8_t aes_gcm192_known_key[] = {
+ 0x85, 0xf4, 0x34, 0x7a, 0xf5, 0x98, 0x1e, 0xd9,
+ 0x89, 0x85, 0x98, 0x1a, 0x53, 0xfc, 0xc5, 0xbf,
+ 0x53, 0x6c, 0x91, 0x4b, 0x18, 0x3c, 0xe8, 0x12
+};
+
+/* AES-GCM Known Key (256-bits). */
+uint8_t aes_gcm256_known_key[] = {
+ 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92,
+ 0x1c, 0x04, 0x65, 0x66, 0x5f, 0x8a, 0xe6, 0xd1,
+ 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
+ 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f
+};
+
+/* AES-GCM Known Initialization Vector (128-bits). */
+uint8_t aes_gcm128_known_iv[] = {
+ 0x27, 0x4c, 0x4e, 0xae, 0xfe, 0xef, 0xae, 0x26,
+ 0x80, 0xb0, 0xef, 0xd5
+};
+
+/* AES-GCM Known Initialization Vector (192-bits). */
+uint8_t aes_gcm192_known_iv[] = {
+ 0xd4, 0xfb, 0x33, 0xc6, 0x51, 0xc8, 0x86, 0xff,
+ 0x28, 0x80, 0xef, 0x96
+};
+
+/* AES-GCM Known Initialization Vector (256-bits). */
+uint8_t aes_gcm256_known_iv[] = {
+ 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0,
+ 0xee, 0xd0, 0x66, 0x84
+};
+
+/* AES-GCM Known AAD Alen = 16 bytes (128-bits). */
+uint8_t aes_gcm128_known_adata[] = {
+ 0x60, 0xe8, 0xb0, 0x37, 0xec, 0xdf, 0x4d, 0x82,
+ 0x8c, 0x83, 0x0d, 0xcf, 0xc5, 0xce, 0xd4, 0x9c
+};
+
+/* AES-GCM Known AAD Alen = 16 bytes (192-bits). */
+uint8_t aes_gcm192_known_adata[] = {
+ 0x44, 0x3a, 0xdf, 0xad, 0xbb, 0x29, 0xd6, 0x8c,
+ 0x55, 0xe2, 0x02, 0x2d, 0xca, 0x62, 0x9b, 0x51
+};
+
+/* AES-GCM Known AAD Alen = 16 bytes (256-bits). */
+uint8_t aes_gcm256_known_adata[] = {
+ 0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b,
+ 0xdb, 0x37, 0x0c, 0x43, 0x7f, 0xec, 0x78, 0xde
+};
+
+/* AES-GCM Known Payload Plen = 16 bytes (128-bits). */
+uint8_t aes_gcm128_known_plaintext[] = {
+ 0x99, 0x66, 0x7d, 0xc9, 0x62, 0xb3, 0x9f, 0x14,
+ 0x8c, 0xdd, 0xfe, 0x68, 0xf9, 0x0a, 0x43, 0xf9
+};
+/* AES-GCM Known Payload Plen = 16 bytes (192-bits). */
+uint8_t aes_gcm192_known_plaintext[] = {
+ 0x7f, 0x9c, 0x08, 0x1d, 0x6a, 0xcc, 0xa8, 0xab,
+ 0x71, 0x75, 0xcb, 0xd0, 0x49, 0x42, 0xba, 0xad
+};
+/* AES-GCM Known Payload Plen = 16 bytes (256-bits). */
+uint8_t aes_gcm256_known_plaintext[] = {
+ 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e,
+ 0xeb, 0x31, 0xb2, 0xea, 0xcc, 0x2b, 0xf2, 0xa5
+};
+
+/* AES-GCM Known Ciphertext Clen = 16 bytes (128-bits) + tag */
+uint8_t aes_gcm128_known_ciphertext[] = {
+ 0x2b, 0x5f, 0x57, 0xf2, 0x62, 0x27, 0xe0, 0x94,
+ 0xe7, 0xf8, 0x01, 0x23, 0xf9, 0xed, 0xbd, 0xe8,
+ 0x16, 0xee, 0x08, 0xb4, 0xd8, 0x07, 0xe5, 0xdb,
+ 0xd5, 0x70, 0x3c, 0xb3, 0xcf, 0x53, 0x8c, 0x14
+};
+
+/* AES-GCM Known Ciphertext Clen = 16 bytes (192-bits) + tag */
+uint8_t aes_gcm192_known_ciphertext[] = {
+ 0xdd, 0x7e, 0x7e, 0x45, 0x5b, 0x21, 0xd8, 0x84,
+ 0x3d, 0x7b, 0xc3, 0x1f, 0x21, 0x07, 0xf9, 0x55,
+ 0x9f, 0x0e, 0x8d, 0xe2, 0x6d, 0xb4, 0x95, 0xf5,
+ 0x91, 0x1f, 0xb6, 0x0c, 0xf5, 0xf2, 0x3a, 0xf9
+};
+
+/* AES-GCM Known Ciphertext Clen = 16 bytes (256-bits)+ tag */
+uint8_t aes_gcm256_known_ciphertext[] = {
+ 0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c,
+ 0xd5, 0x36, 0x86, 0x7e, 0xb9, 0xf2, 0x17, 0x36,
+ 0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87,
+ 0xd7, 0x37, 0xee, 0x62, 0x98, 0xf7, 0x7e, 0x0c
+};
+
+/*
+ * Source: NIST gcmEncryptExtIV128.txt
+ * Count = 0, [Keylen = 128], [IVlen = 96], [PTlen = 0],
+ * [AADlen = 128], [Taglen = 128]
+ *
+ * Source: NIST gcmEncryptExtIV192.txt
+ * Count = 0, [Keylen = 192], [IVlen = 96], [PTlen = 0],
+ * [AADlen = 128], [Taglen = 128]
+ *
+ * Source: NIST gcmEncryptExtIV256.txt
+ * Count = 0, [Keylen = 256], [IVlen = 96], [PTlen = 0],
+ * [AADlen = 128], [Taglen = 128]
+ */
+
+/* AES-GMAC Known Key (128-bits). */
+uint8_t aes_gmac128_known_key[] = {
+ 0x7d, 0x70, 0xd2, 0x32, 0x48, 0xc4, 0x7e, 0xb3,
+ 0xd2, 0x73, 0xdf, 0x81, 0xed, 0x30, 0x24, 0xbd
+};
+
+/* AES-GMAC Known Key (192-bits). */
+uint8_t aes_gmac192_known_key[] = {
+ 0x03, 0x60, 0x22, 0xfe, 0x26, 0x9a, 0xdc, 0xad,
+ 0xb5, 0x73, 0x11, 0xa4, 0xa0, 0xed, 0x2a, 0x84,
+ 0x18, 0x34, 0xb8, 0xb6, 0xd8, 0xa0, 0x7f, 0x41
+};
+
+/* AES-GMAC Known Key (256-bits). */
+uint8_t aes_gmac256_known_key[] = {
+ 0xbb, 0x10, 0x10, 0x06, 0x4f, 0xb8, 0x35, 0x23,
+ 0xea, 0x9d, 0xf3, 0x2b, 0xad, 0x9f, 0x1f, 0x2a,
+ 0x4f, 0xce, 0xfc, 0x0f, 0x21, 0x07, 0xc0, 0xaa,
+ 0xba, 0xd9, 0xb7, 0x56, 0xd8, 0x09, 0x21, 0x9d
+};
+
+/* AES-GMAC Known Initialization Vector (128-bits). */
+uint8_t aes_gmac128_known_iv[] = {
+ 0xab, 0x53, 0x23, 0x33, 0xd6, 0x76, 0x51, 0x20,
+ 0x8b, 0x8c, 0x34, 0x85
+};
+
+/* AES-GMAC Known Initialization Vector (192-bits). */
+uint8_t aes_gmac192_known_iv[] = {
+ 0x85, 0x65, 0xb2, 0x15, 0x3a, 0x3f, 0x34, 0x9a,
+ 0x07, 0x31, 0x06, 0x79
+};
+
+/* AES-GMAC Known Initialization Vector (256-bits). */
+uint8_t aes_gmac256_known_iv[] = {
+ 0x2f, 0x9a, 0xd0, 0x12, 0xad, 0xfc, 0x12, 0x73,
+ 0x43, 0xfb, 0xe0, 0x56
+};
+
+/* AES-GMAC Known Tag (128-bits). */
+uint8_t aes_gmac128_known_tag[] = {
+ 0xcf, 0x89, 0x50, 0xa3, 0x10, 0xf5, 0xab, 0x8b,
+ 0x69, 0xd5, 0x00, 0x11, 0x1a, 0x44, 0xb0, 0x96
+};
+
+/* AES-GMAC Known Tag (192-bits). */
+uint8_t aes_gmac192_known_tag[] = {
+ 0x90, 0x21, 0xaf, 0x4c, 0xa0, 0x8d, 0x01, 0xef,
+ 0x82, 0x5a, 0x42, 0xf9, 0xbe, 0x3a, 0xb3, 0xe9
+};
+
+/* AES-GMAC Known Tag (256-bits). */
+uint8_t aes_gmac256_known_tag[] = {
+ 0xef, 0x06, 0xd5, 0x4d, 0xfd, 0x00, 0x02, 0x1d,
+ 0x75, 0x27, 0xdf, 0xf2, 0x6f, 0xc9, 0xd4, 0x84
+};
+
+/* AES-GMAC Known AAD Alen = 16 bytes (128-bits). */
+uint8_t aes_gmac128_known_adata[] = {
+ 0x7d, 0x1d, 0x42, 0xe8, 0x94, 0x60, 0xe9, 0x44,
+ 0xbf, 0xa4, 0x83, 0xdb, 0xe6, 0x92, 0xf0, 0x8d
+};
+
+/* AES-GMAC Known AAD Alen = 16 bytes (192-bits). */
+uint8_t aes_gmac192_known_adata[] = {
+ 0xad, 0xcf, 0x4f, 0xbb, 0xa0, 0xe0, 0x6a, 0x63,
+ 0x70, 0x71, 0x1a, 0x57, 0xf8, 0xdc, 0xd0, 0xc9
+};
+
+/* AES-GMAC Known AAD Alen = 16 bytes (256-bits). */
+uint8_t aes_gmac256_known_adata[] = {
+ 0xdb, 0x98, 0xd9, 0x0d, 0x1b, 0x69, 0x5c, 0xdb,
+ 0x74, 0x7a, 0x34, 0x3f, 0xbb, 0xc9, 0xf1, 0x41
+};
+
+/* DES3 Known Key. */
+uint8_t des3_known_key[] = {
+ 'A', 'N', 'S', 'I', ' ', 'T', 'r', 'i',
+ 'p', 'l', 'e', '-', 'D', 'E', 'S', ' ',
+ 'K', 'e', 'y', ' ', 'D', 'a', 't', 'a'
+};
+
+/* DES3-CBC Known Initialization Vector (64-bits). */
+uint8_t des3_cbc_known_iv[] = {
+ 'S', 'e', 'c', 'u', 'r', 'i', 't', 'y'
+};
+
+/* DES3 Known Plaintext (64-bits). */
+uint8_t des3_ecb_known_plaintext[] = {
+ 'S', 'o', 'l', 'a', 'r', 'i', 's', '!'
+};
+uint8_t des3_cbc_known_plaintext[] = {
+ 'S', 'o', 'l', 'a', 'r', 'i', 's', '!'
+};
+
+/* DES3 Known Ciphertext (64-bits). */
+uint8_t des3_ecb_known_ciphertext[] = {
+ 0x17, 0x0d, 0x1f, 0x13, 0xd3, 0xa0, 0x3a, 0x63
+};
+
+uint8_t des3_cbc_known_ciphertext[] = {
+ 0x7f, 0x62, 0x44, 0xb3, 0xf8, 0x77, 0xf8, 0xf8
+};
+
+
+
+/*
+ * SHA-1 Known Hash Message
+ * Source from NIST SHA1ShortMsg (L = 512-bits).
+ */
+uint8_t sha1_known_hash_message[] = {
+ 0x7e, 0x3a, 0x4c, 0x32, 0x5c, 0xb9, 0xc5, 0x2b,
+ 0x88, 0x38, 0x7f, 0x93, 0xd0, 0x1a, 0xe8, 0x6d,
+ 0x42, 0x09, 0x8f, 0x5e, 0xfa, 0x7f, 0x94, 0x57,
+ 0x38, 0x8b, 0x5e, 0x74, 0xb6, 0xd2, 0x8b, 0x24,
+ 0x38, 0xd4, 0x2d, 0x8b, 0x64, 0x70, 0x33, 0x24,
+ 0xd4, 0xaa, 0x25, 0xab, 0x6a, 0xad, 0x15, 0x3a,
+ 0xe3, 0x0c, 0xd2, 0xb2, 0xaf, 0x4d, 0x5e, 0x5c,
+ 0x00, 0xa8, 0xa2, 0xd0, 0x22, 0x0c, 0x61, 0x16
+};
+
+/* SHA-1 Known Digest Message (160-bits). */
+uint8_t sha1_known_digest[] = {
+ 0xa3, 0x05, 0x44, 0x27, 0xcd, 0xb1, 0x3f, 0x16,
+ 0x4a, 0x61, 0x0b, 0x34, 0x87, 0x02, 0x72, 0x4c,
+ 0x80, 0x8a, 0x0d, 0xcc
+};
+
+/* Source from NIST HMAC.txt Count = 0 */
+uint8_t HMAC_known_secret_key[] = {
+ 0x7b, 0x10, 0xf4, 0x12, 0x4b, 0x15, 0xc8, 0x2e
+};
+
+/* known SHA1 hmac - truncated (10 bytes) */
+uint8_t known_SHA1_hmac[] = {
+ 0x4e, 0xad, 0x12, 0xc2, 0xfe, 0x3d, 0x6e, 0xa4,
+ 0x3a, 0xcb
+};
+
+uint8_t hmac_sha1_known_hash_message[] = {
+ 0x27, 0xdc, 0xb5, 0xb1, 0xda, 0xf6, 0x0c, 0xfd,
+ 0x3e, 0x2f, 0x73, 0xd4, 0xd6, 0x4c, 0xa9, 0xc6,
+ 0x84, 0xf8, 0xbf, 0x71, 0xfc, 0x68, 0x2a, 0x46,
+ 0x79, 0x3b, 0x17, 0x90, 0xaf, 0xa4, 0xfe, 0xb1,
+ 0x00, 0xca, 0x7a, 0xaf, 0xf2, 0x6f, 0x58, 0xf0,
+ 0xe1, 0xd0, 0xed, 0x42, 0xf1, 0xcd, 0xad, 0x1f,
+ 0x47, 0x4a, 0xfa, 0x2e, 0x79, 0xd5, 0x3a, 0x0c,
+ 0x42, 0x89, 0x2c, 0x4d, 0x7b, 0x32, 0x7c, 0xbe,
+ 0x46, 0xb2, 0x95, 0xed, 0x8d, 0xa3, 0xb6, 0xec,
+ 0xab, 0x3d, 0x48, 0x51, 0x68, 0x7a, 0x6f, 0x81,
+ 0x2b, 0x79, 0xdf, 0x2f, 0x6b, 0x20, 0xf1, 0x1f,
+ 0x67, 0x06, 0xf5, 0x30, 0x17, 0x90, 0xca, 0x99,
+ 0x62, 0x5a, 0xad, 0x73, 0x91, 0xd8, 0x4f, 0x78,
+ 0x04, 0x3d, 0x2a, 0x0a, 0x23, 0x9b, 0x14, 0x77,
+ 0x98, 0x4c, 0x15, 0x7b, 0xbc, 0x92, 0x76, 0x06,
+ 0x4e, 0x7a, 0x1a, 0x40, 0x6b, 0x06, 0x12, 0xca
+};
+
+/*
+ * SHA-1 HMAC Known MAC (Case 2)
+ * Source from FIPS PUB 198 (A.2)
+ */
+uint8_t sha1_hmac_known_secret_key_2[] = {
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+ 0x40, 0x41, 0x42, 0x43
+};
+
+uint8_t sha1_hmac_known_hash_message_2[] = {
+ 'S', 'a', 'm', 'p', 'l', 'e', ' ', '#', '2'
+};
+
+uint8_t sha1_known_hmac_2[] = {
+ 0x09, 0x22, 0xd3, 0x40, 0x5f, 0xaa, 0x3d, 0x19,
+ 0x4f, 0x82, 0xa4, 0x58, 0x30, 0x73, 0x7d, 0x5c,
+ 0xc6, 0xc7, 0x5d, 0x24
+};
+
+/*
+ * SHA-256 Known Hash Message (512-bits).
+ * Source from NIST SHA256ShortMsg (Len = 512)
+ */
+uint8_t sha256_known_hash_message[] = {
+ 0x35, 0x92, 0xec, 0xfd, 0x1e, 0xac, 0x61, 0x8f,
+ 0xd3, 0x90, 0xe7, 0xa9, 0xc2, 0x4b, 0x65, 0x65,
+ 0x32, 0x50, 0x93, 0x67, 0xc2, 0x1a, 0x0e, 0xac,
+ 0x12, 0x12, 0xac, 0x83, 0xc0, 0xb2, 0x0c, 0xd8,
+ 0x96, 0xeb, 0x72, 0xb8, 0x01, 0xc4, 0xd2, 0x12,
+ 0xc5, 0x45, 0x2b, 0xbb, 0xf0, 0x93, 0x17, 0xb5,
+ 0x0c, 0x5c, 0x9f, 0xb1, 0x99, 0x75, 0x53, 0xd2,
+ 0xbb, 0xc2, 0x9b, 0xb4, 0x2f, 0x57, 0x48, 0xad
+};
+
+/* known SHA256 Digest Message (32 bytes) */
+uint8_t known_sha256_digest[] = {
+ 0x10, 0x5a, 0x60, 0x86, 0x58, 0x30, 0xac, 0x3a,
+ 0x37, 0x1d, 0x38, 0x43, 0x32, 0x4d, 0x4b, 0xb5,
+ 0xfa, 0x8e, 0xc0, 0xe0, 0x2d, 0xda, 0xa3, 0x89,
+ 0xad, 0x8d, 0xa4, 0xf1, 0x02, 0x15, 0xc4, 0x54
+};
+
+/*
+ * SHA-384 Known Hash Message (512-bits).
+ * Source from NIST SHA384ShortMsg (Len = 512)
+ */
+uint8_t sha384_known_hash_message[] = {
+ 0x58, 0xbe, 0xab, 0xf9, 0x79, 0xab, 0x35, 0xab,
+ 0xba, 0x29, 0x37, 0x6d, 0x5d, 0xc2, 0x27, 0xab,
+ 0xb3, 0xd2, 0xff, 0x4d, 0x90, 0x30, 0x49, 0x82,
+ 0xfc, 0x10, 0x79, 0xbc, 0x2b, 0x28, 0x80, 0xfc,
+ 0xb0, 0x12, 0x9e, 0x4f, 0xed, 0xf2, 0x78, 0x98,
+ 0xce, 0x58, 0x6a, 0x91, 0xb7, 0x68, 0x1e, 0x0d,
+ 0xba, 0x38, 0x5e, 0x80, 0x0e, 0x79, 0x26, 0xc0,
+ 0xbc, 0x5a, 0xfe, 0x0d, 0x9c, 0xa9, 0x86, 0x50
+};
+
+/* known SHA384 Digest Message (48 bytes) */
+uint8_t known_sha384_digest[] = {
+ 0xa0, 0x88, 0x8e, 0x1c, 0x4d, 0x7e, 0x80, 0xcb,
+ 0xaa, 0xaf, 0xa8, 0xbb, 0x1c, 0xa1, 0xca, 0x91,
+ 0x2a, 0x93, 0x21, 0x75, 0xc2, 0xef, 0x98, 0x2c,
+ 0xe1, 0xf1, 0x23, 0xa8, 0xc1, 0xae, 0xe9, 0x63,
+ 0x5a, 0xd7, 0x5b, 0xe5, 0x25, 0x90, 0xa9, 0x24,
+ 0xbe, 0xd3, 0xf5, 0xec, 0x36, 0xc3, 0x56, 0x90
+};
+
+/*
+ * SHA-512 Known Hash Message (512-bits).
+ * Source from NIST SHA512ShortMsg (Len = 512)
+ */
+uint8_t sha512_known_hash_message[] = {
+ 0x09, 0x5c, 0x7f, 0x30, 0x82, 0x4f, 0xc9, 0x28,
+ 0x58, 0xcc, 0x93, 0x47, 0xc0, 0x85, 0xd5, 0x78,
+ 0x88, 0x5f, 0xf3, 0x61, 0x4d, 0xd3, 0x8e, 0xe7,
+ 0xee, 0x94, 0xa0, 0xf4, 0x40, 0x72, 0xc8, 0x77,
+ 0x04, 0x7e, 0xe2, 0xad, 0x16, 0x6f, 0xdb, 0xa0,
+ 0xe7, 0x44, 0xc3, 0xed, 0x2c, 0x2b, 0x24, 0xc9,
+ 0xd8, 0xa2, 0x93, 0x46, 0x48, 0xdc, 0x84, 0xd3,
+ 0xbe, 0x66, 0x63, 0x02, 0x11, 0x0a, 0xe0, 0x8f
+};
+
+/* known SHA512 Digest Message (64 bytes) */
+uint8_t known_sha512_digest[] = {
+ 0xd5, 0xcd, 0xaf, 0x83, 0xbb, 0x4a, 0x27, 0xea,
+ 0xad, 0x8d, 0x8f, 0x18, 0xe4, 0xbe, 0xe9, 0xc2,
+ 0x5b, 0xe9, 0x49, 0xa7, 0x61, 0xa0, 0xfd, 0x0f,
+ 0xb2, 0x28, 0x4c, 0xab, 0x14, 0x3c, 0xad, 0x60,
+ 0xbe, 0xb5, 0x68, 0x87, 0x34, 0xb2, 0xf8, 0x1e,
+ 0x9e, 0x2d, 0x64, 0x0b, 0x42, 0x5f, 0xd3, 0x2c,
+ 0xcb, 0x3d, 0x20, 0xd0, 0x2d, 0x63, 0xc2, 0xc9,
+ 0x4c, 0x03, 0xab, 0x3d, 0x9e, 0x7d, 0x9b, 0x4a
+};
+
+/* SHA-2 HMAC Test Vectors */
+
+/*
+ * SHA-256 HMAC Known Hash Message (512-bits).
+ * (Not used by HW provider because of the key size limitation
+ */
+uint8_t sha256_hmac_known_hash_message[] = {
+ 0x54, 0x68, 0x65, 0x20, 0x74, 0x65, 0x73, 0x74,
+ 0x20, 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
+ 0x20, 0x66, 0x6F, 0x72, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x4D, 0x44, 0x32, 0x2C, 0x20, 0x4D, 0x44,
+ 0x35, 0x2C, 0x20, 0x61, 0x6E, 0x64, 0x20, 0x53,
+ 0x48, 0x41, 0x2D, 0x31, 0x20, 0x68, 0x61, 0x73,
+ 0x68, 0x69, 0x6E, 0x67, 0x20, 0x61, 0x6C, 0x67,
+ 0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x73, 0x2E
+};
+
+uint8_t sha256_hmac_known_secret_key[] = {
+ 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+ 0x74, 0x68, 0x65, 0x20, 0x53, 0x48, 0x41, 0x2D,
+ 0x32, 0x35, 0x36, 0x20, 0x48, 0x4D, 0x41, 0x43,
+ 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x20,
+ 0x6B, 0x65, 0x79, 0x21
+};
+
+/* known SHA256 hmac (32 bytes) */
+uint8_t known_sha256_hmac[] = {
+ 0x02, 0x87, 0x21, 0x93, 0x84, 0x8a, 0x35, 0xae,
+ 0xdb, 0xb6, 0x79, 0x26, 0x96, 0xf0, 0x50, 0xeb,
+ 0x33, 0x49, 0x57, 0xf1, 0xb2, 0x32, 0xd3, 0x63,
+ 0x03, 0x65, 0x57, 0xa2, 0xba, 0xa2, 0x5f, 0x35
+};
+
+/*
+ * SHA-256 HMAC Known Hash Message from RFC 4231
+ * Test Case 2 and 4
+ */
+uint8_t sha256_hmac_known_hash_message_1[] = {
+ 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20,
+ 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20,
+ 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68,
+ 0x69, 0x6e, 0x67, 0x3f
+};
+uint8_t sha256_hmac_known_secret_key_1[] = {
+ 0x4a, 0x65, 0x66, 0x65
+};
+uint8_t sha256_known_hmac_1[] = {
+ 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
+ 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
+ 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
+ 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43
+};
+
+uint8_t sha256_hmac_known_hash_message_2[] = {
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+ 0xcd, 0xcd
+};
+uint8_t sha256_hmac_known_secret_key_2[] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+ 0x19
+};
+uint8_t sha256_known_hmac_2[] = {
+ 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e,
+ 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a,
+ 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07,
+ 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b
+};
+
+/*
+ * SHA-384 HMAC Known Hash Message (512-bits).
+ * Source from NIST HMAC.txt (Count = 15, Klen = 16, Tlen = 48)
+ */
+uint8_t sha384_hmac_known_secret_key[] = {
+ 0x01, 0xac, 0x59, 0xf4, 0x2f, 0x8b, 0xb9, 0x1d,
+ 0x1b, 0xd1, 0x0f, 0xe6, 0x99, 0x0d, 0x7a, 0x87
+};
+
+uint8_t sha384_hmac_known_hash_message[] = {
+ 0x3c, 0xaf, 0x18, 0xc4, 0x76, 0xed, 0xd5, 0x61,
+ 0x5f, 0x34, 0x3a, 0xc7, 0xb7, 0xd3, 0xa9, 0xda,
+ 0x9e, 0xfa, 0xde, 0x75, 0x56, 0x72, 0xd5, 0xba,
+ 0x4b, 0x8a, 0xe8, 0xa7, 0x50, 0x55, 0x39, 0xea,
+ 0x2c, 0x12, 0x4f, 0xf7, 0x55, 0xec, 0x04, 0x57,
+ 0xfb, 0xe4, 0x9e, 0x43, 0x48, 0x0b, 0x3c, 0x71,
+ 0xe7, 0xf4, 0x74, 0x2e, 0xc3, 0x69, 0x3a, 0xad,
+ 0x11, 0x5d, 0x03, 0x9f, 0x90, 0x22, 0x2b, 0x03,
+ 0x0f, 0xdc, 0x94, 0x40, 0x31, 0x36, 0x91, 0x71,
+ 0x6d, 0x53, 0x02, 0x00, 0x58, 0x08, 0xc0, 0x76,
+ 0x27, 0x48, 0x3b, 0x91, 0x6f, 0xdf, 0x61, 0x98,
+ 0x30, 0x63, 0xc2, 0xeb, 0x12, 0x68, 0xf2, 0xde,
+ 0xee, 0xf4, 0x2f, 0xc7, 0x90, 0x33, 0x44, 0x56,
+ 0xbc, 0x6b, 0xad, 0x25, 0x6e, 0x31, 0xfc, 0x90,
+ 0x66, 0xde, 0x7c, 0xc7, 0xe4, 0x3d, 0x13, 0x21,
+ 0xb1, 0x86, 0x6d, 0xb4, 0x5e, 0x90, 0x56, 0x22
+};
+
+/* known SHA384 hmac (48 bytes) */
+uint8_t known_sha384_hmac[] = {
+ 0x19, 0x85, 0xfa, 0x21, 0x63, 0xa5, 0x94, 0x3f,
+ 0xc5, 0xd9, 0x2f, 0x1f, 0xe8, 0x83, 0x12, 0x15,
+ 0xe7, 0xe9, 0x1f, 0x0b, 0xff, 0x53, 0x32, 0xbc,
+ 0x71, 0x3a, 0x07, 0x2b, 0xdb, 0x3a, 0x8f, 0x9e,
+ 0x5c, 0x51, 0x57, 0x46, 0x3a, 0x3b, 0xfe, 0xb3,
+ 0x62, 0x31, 0x41, 0x6e, 0x65, 0x97, 0x3e, 0x64
+};
+
+/*
+ * SHA-512 HMAC Known Hash Message (512-bits).
+ * Source from NIST HMAC.txt (Count = 30, Klen = 20, Tlen = 64)
+ */
+uint8_t sha512_hmac_known_secret_key[] = {
+ 0xa7, 0x36, 0xf2, 0x74, 0xfd, 0xa6, 0x8e, 0x1b,
+ 0xd5, 0xf9, 0x47, 0x1e, 0x85, 0xfd, 0x41, 0x5d,
+ 0x7f, 0x2b, 0xa1, 0xbc
+};
+
+uint8_t sha512_hmac_known_hash_message[] = {
+ 0xa6, 0xcc, 0xc3, 0x55, 0x2c, 0x33, 0xe9, 0x17,
+ 0x8b, 0x6b, 0x82, 0xc6, 0x53, 0xd6, 0x3d, 0xe2,
+ 0x54, 0x0f, 0x17, 0x08, 0x07, 0xc3, 0xd9, 0x6a,
+ 0x2a, 0xc2, 0xe2, 0x7d, 0xab, 0x55, 0x26, 0xf1,
+ 0xc7, 0xd3, 0x77, 0xe6, 0x73, 0x6f, 0x04, 0x5d,
+ 0xfb, 0x54, 0x1f, 0xec, 0xe9, 0xf4, 0x43, 0xb7,
+ 0x28, 0x9c, 0x55, 0x9b, 0x69, 0x4c, 0x2a, 0xac,
+ 0xc6, 0xc7, 0x4a, 0xe2, 0xa5, 0xe6, 0xf3, 0x0f,
+ 0xe0, 0x31, 0x61, 0x14, 0x23, 0xb0, 0x4d, 0x55,
+ 0x95, 0xff, 0xb4, 0x6a, 0xba, 0xa1, 0xd9, 0x18,
+ 0x98, 0x96, 0x8d, 0x7f, 0x18, 0x30, 0xae, 0x94,
+ 0xb0, 0x22, 0xee, 0xd2, 0x3f, 0xda, 0xd5, 0x2d,
+ 0x38, 0x11, 0x0a, 0x48, 0x03, 0xa0, 0xce, 0xe7,
+ 0xa0, 0x95, 0xc9, 0xa7, 0x8e, 0x86, 0x09, 0xed,
+ 0xeb, 0x25, 0x48, 0x1c, 0xdc, 0x15, 0x6d, 0x0b,
+ 0x2f, 0xfc, 0x56, 0xb6, 0x3f, 0xda, 0xd5, 0x33
+};
+
+/* known SHA512 hmac (64 bytes) */
+uint8_t known_sha512_hmac[] = {
+ 0xf7, 0x18, 0x03, 0x43, 0x1e, 0x07, 0xa5, 0xa6,
+ 0xe5, 0xfd, 0x4a, 0xe4, 0xcf, 0xc2, 0x75, 0x3b,
+ 0xc8, 0x0d, 0x26, 0xe1, 0x67, 0x23, 0xd9, 0xe8,
+ 0x8b, 0x40, 0x5a, 0x02, 0x34, 0x8e, 0xf4, 0xb9,
+ 0x67, 0x92, 0xc9, 0x9c, 0xed, 0x64, 0xdc, 0x70,
+ 0xea, 0x47, 0x53, 0x78, 0xb7, 0x46, 0x6a, 0xc2,
+ 0xca, 0xf4, 0xa4, 0x20, 0xb0, 0x1f, 0xf6, 0x1e,
+ 0x72, 0xc5, 0xb5, 0xee, 0x8e, 0xaa, 0xd4, 0xd4
+};
+
+/*
+ * RSA: 1024-bit RSA known key
+ */
+uint8_t rsa_modulus_1024[] = {
+ 0x94, 0x32, 0xb9, 0x12, 0x1d, 0x68, 0x2c, 0xda,
+ 0x2b, 0xe0, 0xe4, 0x97, 0x1b, 0x4d, 0xdc, 0x43,
+ 0xdf, 0x38, 0x6e, 0x7b, 0x9f, 0x07, 0x58, 0xae,
+ 0x9d, 0x82, 0x1e, 0xc7, 0xbc, 0x92, 0xbf, 0xd3,
+ 0xce, 0x00, 0xbb, 0x91, 0xc9, 0x79, 0x06, 0x03,
+ 0x1f, 0xbc, 0x9f, 0x94, 0x75, 0x29, 0x5f, 0xd7,
+ 0xc5, 0xf3, 0x73, 0x8a, 0xa4, 0x35, 0x43, 0x7a,
+ 0x00, 0x32, 0x97, 0x3e, 0x86, 0xef, 0x70, 0x6f,
+ 0x18, 0x56, 0x15, 0xaa, 0x6a, 0x87, 0xe7, 0x8d,
+ 0x7d, 0xdd, 0x1f, 0xa4, 0xe4, 0x31, 0xd4, 0x7a,
+ 0x8c, 0x0e, 0x20, 0xd2, 0x23, 0xf5, 0x57, 0x3c,
+ 0x1b, 0xa8, 0x44, 0xa4, 0x57, 0x8f, 0x33, 0x52,
+ 0xad, 0x83, 0xae, 0x4a, 0x97, 0xa6, 0x1e, 0xa6,
+ 0x2b, 0xfa, 0xea, 0xeb, 0x6e, 0x71, 0xb8, 0xb6,
+ 0x0a, 0x36, 0xed, 0x83, 0xce, 0xb0, 0xdf, 0xc1,
+ 0xd4, 0x3a, 0xe9, 0x99, 0x6f, 0xf3, 0x96, 0xb7
+};
+uint8_t rsa_public_exponent_1024[] = {0x01, 0x00, 0x01};
+uint8_t rsa_private_exponent_1024[] = {
+ 0x8e, 0xc9, 0x70, 0x57, 0x6b, 0xcd, 0xfb, 0xa9,
+ 0x19, 0xad, 0xcd, 0x91, 0x69, 0xd5, 0x52, 0xec,
+ 0x72, 0x1e, 0x45, 0x15, 0x06, 0xdc, 0x65, 0x2d,
+ 0x98, 0xc4, 0xce, 0x33, 0x54, 0x15, 0x70, 0x8d,
+ 0xfa, 0x65, 0xea, 0x53, 0x44, 0xf3, 0x3e, 0x3f,
+ 0xb4, 0x4c, 0x60, 0xd5, 0x01, 0x2d, 0xa4, 0x12,
+ 0x99, 0xbf, 0x3f, 0x0b, 0xcd, 0xbb, 0x24, 0x10,
+ 0x60, 0x30, 0x5e, 0x58, 0xf8, 0x59, 0xaa, 0xd1,
+ 0x63, 0x3b, 0xbc, 0xcb, 0x94, 0x58, 0x38, 0x24,
+ 0xfc, 0x65, 0x25, 0xc5, 0xa6, 0x51, 0xa2, 0x2e,
+ 0xf1, 0x5e, 0xf5, 0xc1, 0xf5, 0x46, 0xf7, 0xbd,
+ 0xc7, 0x62, 0xa8, 0xe2, 0x27, 0xd6, 0x94, 0x5b,
+ 0xd3, 0xa2, 0xb5, 0x76, 0x42, 0x67, 0x6b, 0x86,
+ 0x91, 0x97, 0x4d, 0x07, 0x92, 0x00, 0x4a, 0xdf,
+ 0x0b, 0x65, 0x64, 0x05, 0x03, 0x48, 0x27, 0xeb,
+ 0xce, 0x9a, 0x49, 0x7f, 0x3e, 0x10, 0xe0, 0x01
+};
+uint8_t rsa_prime1_1024[] = {
+ 0xe4, 0xe7, 0x50, 0x8c, 0x48, 0x2b, 0x0a, 0xda,
+ 0xb1, 0xf0, 0xd5, 0x1e, 0x0b, 0xf3, 0xdc, 0xfc,
+ 0xa9, 0x60, 0x20, 0x73, 0xa0, 0x89, 0x20, 0xa8,
+ 0x2e, 0x1a, 0x50, 0x95, 0xdc, 0x45, 0xef, 0x29,
+ 0x21, 0x69, 0x22, 0xca, 0x3f, 0x2c, 0xfe, 0x6e,
+ 0xb3, 0xc9, 0xee, 0x2d, 0xb1, 0xb9, 0xbd, 0x6c,
+ 0xdd, 0x89, 0xbb, 0x0a, 0x9a, 0x0e, 0x14, 0xa1,
+ 0x88, 0x4a, 0x56, 0x5d, 0xb5, 0x0f, 0xd2, 0x01
+};
+uint8_t rsa_prime2_1024[] = {
+ 0xa5, 0xbd, 0xb6, 0xb8, 0x49, 0x97, 0x9d, 0x2c,
+ 0x04, 0x06, 0x5b, 0xee, 0xae, 0x5f, 0x78, 0x06,
+ 0x49, 0xa2, 0x11, 0xbf, 0xff, 0x40, 0x4f, 0x56,
+ 0x88, 0xc7, 0xe9, 0x55, 0x79, 0xeb, 0xc6, 0x68,
+ 0x1c, 0xb3, 0x13, 0x9f, 0x41, 0x6c, 0x10, 0x3c,
+ 0x26, 0xd2, 0xd6, 0x68, 0xb3, 0x1e, 0x6b, 0x93,
+ 0x08, 0x86, 0xfe, 0x15, 0x47, 0xa7, 0x52, 0x3a,
+ 0xb4, 0x28, 0x43, 0x78, 0xef, 0x34, 0x78, 0xb7
+};
+uint8_t rsa_exponent1_1024[] = {
+ 0x58, 0x83, 0x51, 0xd4, 0x4c, 0xfb, 0xc7, 0xe0,
+ 0xb5, 0x3a, 0x09, 0x4e, 0xeb, 0x14, 0x4b, 0x79,
+ 0xb0, 0x0d, 0x29, 0xbf, 0x4c, 0x6e, 0x7a, 0x20,
+ 0x4e, 0x63, 0x82, 0x91, 0xd0, 0x71, 0x82, 0x7f,
+ 0x87, 0x19, 0xde, 0x88, 0x12, 0x51, 0xd5, 0xb8,
+ 0xfc, 0xf0, 0xb2, 0x97, 0x1c, 0xc8, 0x54, 0x05,
+ 0x4a, 0xcd, 0x3d, 0x74, 0x66, 0x09, 0xd7, 0xd4,
+ 0x76, 0x9d, 0x38, 0x34, 0x58, 0x15, 0x5c, 0x01
+};
+uint8_t rsa_exponent2_1024[] = {
+ 0x4a, 0xc6, 0x27, 0x6c, 0x47, 0x0f, 0x56, 0xc2,
+ 0x67, 0xe2, 0x72, 0x91, 0x61, 0x2c, 0x03, 0x1b,
+ 0x5b, 0x16, 0xfa, 0x49, 0x13, 0xa0, 0x70, 0xea,
+ 0xca, 0x74, 0xde, 0x89, 0x48, 0xa3, 0x1d, 0x75,
+ 0x15, 0x15, 0x99, 0x91, 0xac, 0xd3, 0x53, 0x13,
+ 0xc0, 0x34, 0x38, 0xb5, 0x2d, 0xb2, 0x58, 0xb8,
+ 0x12, 0x0d, 0xcd, 0x0d, 0xce, 0xb0, 0xe7, 0x41,
+ 0x42, 0xcc, 0x33, 0x7c, 0x98, 0xf6, 0xa4, 0x4b
+};
+uint8_t rsa_coefficient_1024[] = {
+ 0x60, 0x6a, 0x6c, 0x5a, 0xf1, 0x55, 0xe9, 0xe4,
+ 0x67, 0x72, 0x2f, 0x99, 0x03, 0x6a, 0x56, 0xa1,
+ 0xed, 0xf2, 0x59, 0xfa, 0xec, 0x88, 0xc5, 0xb7,
+ 0xa8, 0x71, 0x4a, 0x5f, 0xab, 0x86, 0xb0, 0x50,
+ 0x93, 0x3c, 0xe3, 0x70, 0xf9, 0xf2, 0x72, 0xe6,
+ 0xd2, 0xb5, 0x30, 0x3e, 0x60, 0x29, 0x70, 0xd4,
+ 0xf0, 0x31, 0x15, 0x36, 0x3a, 0x27, 0xb6, 0xdf,
+ 0x18, 0xb0, 0xf0, 0x32, 0xef, 0xa3, 0x84, 0xcb
+};
+
+
+/*
+ * RSA: 2048-bit RSA known key
+ */
+uint8_t rsa_modulus_2048[] = {
+ 0x7f, 0xf1, 0xed, 0x5a, 0xa0, 0xe2, 0x97, 0x05,
+ 0x03, 0xc0, 0xf3, 0xcf, 0x86, 0x4a, 0x01, 0x15,
+ 0xc3, 0x4f, 0x32, 0xf4, 0xf7, 0xbe, 0x57, 0x4a,
+ 0xe1, 0x87, 0xf2, 0x1c, 0xd3, 0xa5, 0x96, 0xc1,
+ 0x54, 0xe5, 0x97, 0x19, 0x7d, 0xf1, 0x13, 0xc3,
+ 0x4d, 0xcf, 0x5a, 0x08, 0x76, 0xfc, 0x6c, 0x93,
+ 0x87, 0x71, 0x20, 0x66, 0xb7, 0xbf, 0x37, 0xbb,
+ 0xc9, 0xf5, 0x16, 0xf4, 0x9c, 0x5c, 0x64, 0x58,
+ 0xc4, 0x9e, 0x17, 0x0e, 0x99, 0x6d, 0x3f, 0x7d,
+ 0x4f, 0xf1, 0x01, 0xde, 0x76, 0x55, 0xa9, 0xfe,
+ 0xa0, 0xa4, 0x95, 0xd1, 0x4e, 0xc6, 0x8b, 0x0a,
+ 0x86, 0x5b, 0x60, 0x40, 0xf1, 0x74, 0x91, 0x26,
+ 0xcf, 0xc4, 0xf7, 0x7a, 0x86, 0xd7, 0x72, 0x47,
+ 0x25, 0x9e, 0x3e, 0x5a, 0xbd, 0x7f, 0x11, 0x9a,
+ 0x28, 0x9e, 0x00, 0x8d, 0xfb, 0x9d, 0x93, 0x8e,
+ 0xb4, 0xcc, 0x7f, 0x22, 0x00, 0x8a, 0x3b, 0xbb,
+ 0xca, 0x45, 0x8e, 0x93, 0xd3, 0xe4, 0x89, 0x96,
+ 0xe1, 0xb8, 0x5f, 0xdf, 0x75, 0x94, 0x89, 0xa5,
+ 0xad, 0x39, 0x76, 0x43, 0xa7, 0xdf, 0xe4, 0x62,
+ 0x39, 0x01, 0x56, 0x31, 0x46, 0x2b, 0xf4, 0x05,
+ 0xa9, 0xa9, 0x33, 0x96, 0x16, 0x75, 0x3f, 0xf2,
+ 0xcd, 0x6b, 0x0d, 0xa9, 0xf2, 0x9b, 0x30, 0x6d,
+ 0x17, 0xec, 0x1a, 0x5a, 0x14, 0x5a, 0x8e, 0xaa,
+ 0x52, 0x35, 0x83, 0x0a, 0x59, 0xbc, 0x56, 0x96,
+ 0x18, 0x08, 0xbf, 0x91, 0xf7, 0x69, 0x81, 0x66,
+ 0xda, 0x13, 0xb6, 0x77, 0xb9, 0x6a, 0x4a, 0x71,
+ 0xd9, 0xae, 0x43, 0x0d, 0xad, 0xb4, 0x5f, 0x11,
+ 0x87, 0x91, 0x84, 0xc6, 0x59, 0xfe, 0xb0, 0x05,
+ 0x83, 0x21, 0x66, 0x7a, 0x70, 0xeb, 0x15, 0xbb,
+ 0xc3, 0x40, 0x37, 0xce, 0xbc, 0xe7, 0x4f, 0x95,
+ 0xf1, 0x83, 0xcf, 0x89, 0xdd, 0xdc, 0xea, 0x01,
+ 0xe1, 0x42, 0xe9, 0x52, 0x8b, 0x1f, 0x91, 0x25};
+uint8_t rsa_public_exponent_2048[] = { 0x3 };
+uint8_t rsa_private_exponent_2048[] = {
+ 0x55, 0x4b, 0xf3, 0x91, 0xc0, 0x97, 0x0f, 0x58,
+ 0xad, 0x2b, 0x4d, 0x35, 0x04, 0x31, 0x56, 0x0e,
+ 0x82, 0x34, 0xcc, 0xa3, 0x4f, 0xd4, 0x3a, 0x31,
+ 0xeb, 0xaf, 0xf6, 0xbd, 0xe2, 0x6e, 0x64, 0x80,
+ 0xe3, 0x43, 0xba, 0x10, 0xfe, 0xa0, 0xb7, 0xd7,
+ 0x89, 0x34, 0xe6, 0xb0, 0x4f, 0x52, 0xf3, 0x0d,
+ 0x04, 0xf6, 0x15, 0x99, 0xcf, 0xd4, 0xcf, 0xd2,
+ 0x86, 0xa3, 0x64, 0xa3, 0x12, 0xe8, 0x42, 0xe5,
+ 0xd8, 0x69, 0x64, 0xb4, 0x66, 0x48, 0xd4, 0xfe,
+ 0x35, 0x4b, 0x56, 0x94, 0x4e, 0xe3, 0xc6, 0xa9,
+ 0xc0, 0x6d, 0xb9, 0x36, 0x34, 0x84, 0x5c, 0xb1,
+ 0xae, 0xe7, 0x95, 0x80, 0xa0, 0xf8, 0x60, 0xc4,
+ 0x8a, 0x83, 0x4f, 0xa7, 0x04, 0x8f, 0xa1, 0x84,
+ 0xc3, 0xbe, 0xd4, 0x3c, 0x7e, 0x54, 0xb6, 0x66,
+ 0xc5, 0xbe, 0xab, 0x09, 0x52, 0x69, 0x0d, 0x09,
+ 0xcd, 0xdd, 0xaa, 0x16, 0xab, 0x06, 0xd2, 0x7c,
+ 0x3c, 0x58, 0x7d, 0x53, 0x4b, 0x14, 0x41, 0x35,
+ 0x9a, 0x78, 0x74, 0xf5, 0x8e, 0x67, 0x50, 0x52,
+ 0xc5, 0x17, 0xcd, 0xfd, 0x7a, 0xe4, 0x9b, 0xbb,
+ 0xaf, 0x4b, 0x17, 0xa7, 0x3c, 0x09, 0x1d, 0xd6,
+ 0xa1, 0x11, 0x06, 0x36, 0x68, 0x83, 0x66, 0xd6,
+ 0x49, 0x44, 0x9f, 0x0b, 0xe3, 0x17, 0x1a, 0xc5,
+ 0xd7, 0x9a, 0x65, 0x5d, 0x15, 0x81, 0x6a, 0x5d,
+ 0xdd, 0xd7, 0xf4, 0x54, 0xa3, 0x6f, 0x1e, 0x60,
+ 0x87, 0x2a, 0x59, 0xaa, 0x73, 0xf0, 0xdd, 0xdb,
+ 0x66, 0xa8, 0x19, 0x31, 0xfd, 0x00, 0x09, 0x8f,
+ 0xce, 0x9a, 0xec, 0xff, 0x88, 0x5c, 0x4e, 0x67,
+ 0x55, 0xa0, 0x14, 0xdf, 0x28, 0x61, 0x5f, 0x47,
+ 0x8d, 0x49, 0xb3, 0xee, 0x5e, 0xfc, 0xc8, 0x41,
+ 0x75, 0x59, 0x93, 0xa4, 0x24, 0x69, 0xc0, 0x1a,
+ 0x18, 0x04, 0xda, 0x38, 0x0e, 0xf3, 0xa5, 0x04,
+ 0xbf, 0xe3, 0xf9, 0xf3, 0x7c, 0xe5, 0x82, 0xeb};
+uint8_t rsa_prime1_2048[] = {
+ 0x97, 0x5e, 0xb8, 0x7b, 0x74, 0xe6, 0xe3, 0x7b,
+ 0x4b, 0xdf, 0x5b, 0xb8, 0x0f, 0xe6, 0xa1, 0xcc,
+ 0x1c, 0x84, 0xc9, 0x60, 0x5d, 0x80, 0x17, 0x6d,
+ 0x61, 0xc2, 0x4d, 0x14, 0x0c, 0x71, 0xda, 0x02,
+ 0x74, 0x6f, 0x1f, 0x85, 0x4f, 0xb9, 0x69, 0xb9,
+ 0x3c, 0x23, 0x74, 0x60, 0x14, 0xc2, 0xb2, 0x44,
+ 0x0c, 0x18, 0xde, 0xfa, 0x12, 0x2c, 0xb8, 0x68,
+ 0x71, 0x62, 0x07, 0x8c, 0x02, 0xe3, 0x08, 0xf9,
+ 0x49, 0xc1, 0x15, 0x13, 0x0f, 0x76, 0x50, 0xd6,
+ 0x6e, 0xd3, 0x7b, 0xfa, 0x68, 0x0e, 0x75, 0x07,
+ 0x0b, 0xee, 0x2c, 0xd7, 0x34, 0xc9, 0x98, 0x33,
+ 0x16, 0xca, 0x60, 0x54, 0x36, 0x12, 0x65, 0xc4,
+ 0x1c, 0xf1, 0xe5, 0x7c, 0x6a, 0x6a, 0x0f, 0x11,
+ 0x45, 0xbb, 0x60, 0xa0, 0x35, 0x97, 0xaa, 0x25,
+ 0x58, 0x29, 0x1b, 0xf8, 0x4d, 0xb5, 0x86, 0x58,
+ 0x68, 0x19, 0x30, 0x6d, 0x07, 0x78, 0x1d, 0x9d};
+uint8_t rsa_prime2_2048[] = {
+ 0xd8, 0x62, 0x1a, 0x1b, 0x6e, 0x5f, 0x44, 0x4b,
+ 0x2e, 0x24, 0x54, 0xb7, 0x10, 0x12, 0xef, 0x5d,
+ 0x69, 0x10, 0xf7, 0xe7, 0x12, 0x08, 0xe3, 0x5b,
+ 0x50, 0x4e, 0x65, 0xa2, 0x5f, 0xac, 0x6d, 0x41,
+ 0x43, 0xa0, 0x8a, 0xbf, 0x29, 0xf6, 0xbb, 0xf8,
+ 0x23, 0x60, 0xaa, 0xb8, 0x09, 0x35, 0xd6, 0x00,
+ 0x48, 0x6b, 0xa3, 0x54, 0x61, 0xeb, 0xb6, 0xb5,
+ 0x14, 0x0f, 0x8c, 0xff, 0x61, 0xb2, 0xa0, 0x0c,
+ 0x03, 0x88, 0x23, 0xff, 0x3a, 0x09, 0xe3, 0xc7,
+ 0x51, 0x44, 0x14, 0xb2, 0x55, 0xdb, 0xc7, 0x13,
+ 0x17, 0xd7, 0xb2, 0xb7, 0x2c, 0x60, 0x51, 0x43,
+ 0x70, 0x57, 0x05, 0x23, 0x67, 0x5a, 0x3b, 0x56,
+ 0x12, 0x40, 0xf3, 0x18, 0x78, 0x05, 0xda, 0x48,
+ 0x4d, 0x7e, 0x79, 0xb8, 0x50, 0xb1, 0x05, 0x49,
+ 0x75, 0x53, 0x6c, 0x3d, 0x79, 0xb9, 0xec, 0x22,
+ 0x59, 0x53, 0xc1, 0xf8, 0x48, 0x4f, 0x2f, 0x29};
+uint8_t rsa_exponent1_2048[] = {
+ 0x64, 0xe9, 0xd0, 0x52, 0x4d, 0xef, 0x42, 0x52,
+ 0x32, 0x94, 0xe7, 0xd0, 0x0a, 0x99, 0xc1, 0x32,
+ 0xbd, 0xad, 0xdb, 0x95, 0x93, 0xaa, 0xba, 0x48,
+ 0xeb, 0xd6, 0xde, 0x0d, 0x5d, 0xa1, 0x3c, 0x01,
+ 0xa2, 0xf4, 0xbf, 0xae, 0x35, 0x26, 0x46, 0x7b,
+ 0x7d, 0x6c, 0xf8, 0x40, 0x0d, 0xd7, 0x21, 0x82,
+ 0xb2, 0xbb, 0x3f, 0x51, 0x61, 0x73, 0x25, 0x9a,
+ 0xf6, 0x41, 0x5a, 0x5d, 0x57, 0x42, 0x05, 0xfb,
+ 0x86, 0x80, 0xb8, 0xb7, 0x5f, 0xa4, 0x35, 0xe4,
+ 0x49, 0xe2, 0x52, 0xa6, 0xf0, 0x09, 0xa3, 0x5a,
+ 0x07, 0xf4, 0x1d, 0xe4, 0xcd, 0xdb, 0xba, 0xcc,
+ 0xb9, 0xdc, 0x40, 0x38, 0x24, 0x0c, 0x43, 0xd8,
+ 0x13, 0x4b, 0xee, 0x52, 0xf1, 0x9c, 0x0a, 0x0b,
+ 0x83, 0xd2, 0x40, 0x6a, 0xce, 0x65, 0x1c, 0x18,
+ 0xe5, 0x70, 0xbd, 0x50, 0x33, 0xce, 0x59, 0x90,
+ 0x45, 0x66, 0x20, 0x48, 0xaf, 0xa5, 0x69, 0x13};
+uint8_t rsa_exponent2_2048[] = {
+ 0x90, 0x41, 0x66, 0xbc, 0xf4, 0x3f, 0x82, 0xdc,
+ 0xc9, 0x6d, 0x8d, 0xcf, 0x60, 0x0c, 0x9f, 0x93,
+ 0x9b, 0x60, 0xa5, 0x44, 0xb6, 0xb0, 0x97, 0x92,
+ 0x35, 0x89, 0x99, 0x16, 0xea, 0x72, 0xf3, 0x80,
+ 0xd7, 0xc0, 0x5c, 0x7f, 0x71, 0x4f, 0x27, 0xfa,
+ 0xc2, 0x40, 0x71, 0xd0, 0x06, 0x23, 0xe4, 0x00,
+ 0x30, 0x47, 0xc2, 0x38, 0x41, 0x47, 0xcf, 0x23,
+ 0x62, 0xb5, 0x08, 0xaa, 0x41, 0x21, 0xc0, 0x08,
+ 0x02, 0x5a, 0xc2, 0xaa, 0x26, 0xb1, 0x42, 0x84,
+ 0xe0, 0xd8, 0x0d, 0xcc, 0x39, 0x3d, 0x2f, 0x62,
+ 0x0f, 0xe5, 0x21, 0xcf, 0x72, 0xea, 0xe0, 0xd7,
+ 0xa0, 0x3a, 0x03, 0x6c, 0xef, 0x91, 0x7c, 0xe4,
+ 0x0c, 0x2b, 0x4c, 0xba, 0xfa, 0xae, 0x91, 0x85,
+ 0x88, 0xfe, 0xfb, 0xd0, 0x35, 0xcb, 0x58, 0xdb,
+ 0xa3, 0x8c, 0xf2, 0xd3, 0xa6, 0x7b, 0xf2, 0xc1,
+ 0x90, 0xe2, 0x81, 0x50, 0x30, 0x34, 0xca, 0x1b};
+uint8_t rsa_coefficient_2048[] = {
+ 0x86, 0xfd, 0x64, 0x2c, 0x28, 0x72, 0x4e, 0x59,
+ 0x2a, 0x29, 0xcd, 0xe2, 0xd1, 0xf6, 0x19, 0xc8,
+ 0xf8, 0xf0, 0x69, 0x77, 0x94, 0x03, 0x70, 0x0d,
+ 0x87, 0x27, 0x37, 0x4d, 0xe8, 0xed, 0x56, 0x9f,
+ 0x15, 0x99, 0x14, 0x3f, 0xf8, 0x35, 0x2f, 0x7c,
+ 0x01, 0x11, 0x82, 0x99, 0x90, 0x5f, 0x6d, 0xf8,
+ 0x2c, 0x81, 0x74, 0x22, 0xa1, 0x5c, 0x87, 0x93,
+ 0xc4, 0xa4, 0x0a, 0xd2, 0xf2, 0xe6, 0x51, 0x4d,
+ 0x3a, 0x24, 0x16, 0x7a, 0x8a, 0x36, 0xca, 0x03,
+ 0x58, 0xd7, 0xce, 0x5b, 0x16, 0x3f, 0x65, 0xf7,
+ 0xe8, 0xdc, 0x91, 0xee, 0x0b, 0x80, 0x20, 0x5d,
+ 0x12, 0x75, 0x0d, 0xe1, 0xe2, 0x78, 0x13, 0xcc,
+ 0x3d, 0xe6, 0x84, 0x56, 0x66, 0xa4, 0x69, 0x20,
+ 0x9f, 0x55, 0xf3, 0xcd, 0x48, 0x84, 0x93, 0xc0,
+ 0x4d, 0xf9, 0xa7, 0xb3, 0xfa, 0xf3, 0x31, 0x27,
+ 0x23, 0x70, 0x19, 0x6a, 0xf3, 0x02, 0x7f, 0x9d};
+
+/*
+ * RSA: 1024-bit and 2048-bit known plaintext and signatures
+ */
+/* Plaintext message: 1024-bit including NULL termination */
+uint8_t rsa_known_plaintext_msg[] = {
+ 0x42, 0xad, 0xcb, 0xba, 0x92, 0x41, 0x72, 0xf3,
+ 0x3e, 0x7c, 0xc0, 0xf7, 0x2b, 0xbe, 0x30, 0xdf,
+ 0x97, 0xa2, 0x11, 0xd1, 0xa6, 0x43, 0x33, 0x22,
+ 0xc9, 0x14, 0xec, 0x07, 0x69, 0x4c, 0xa8, 0xbc,
+ 0xb9, 0x87, 0x54, 0xe1, 0x26, 0x2a, 0x9e, 0xfd,
+ 0xf7, 0xa2, 0x3b, 0xee, 0x77, 0x93, 0xff, 0xa8,
+ 0x34, 0xf5, 0x89, 0xef, 0xa4, 0xb9, 0x00, 0x86,
+ 0x46, 0x63, 0x07, 0x5a, 0x8f, 0x87, 0xb4, 0x6e,
+ 0x0d, 0xd6, 0xb2, 0x32, 0x21, 0x50, 0xab, 0x18,
+ 0xc0, 0x9c, 0x1e, 0xa1, 0x8a, 0x4e, 0xf3, 0x1f,
+ 0xe1, 0x4e, 0xf0, 0xe3, 0x9b, 0x9d, 0x33, 0x84,
+ 0x6d, 0x4b, 0x6f, 0x52, 0x65, 0x2c, 0xc1, 0x41,
+ 0x6a, 0x13, 0x10, 0xc2, 0xf6, 0x2f, 0xc6, 0xaf,
+ 0x35, 0xb4, 0xf2, 0xbf, 0x21, 0x16, 0x2b, 0x45,
+ 0x61, 0x97, 0xcf, 0x4f, 0xa0, 0x1d, 0x99, 0x9d,
+ 0xa0, 0x92, 0x11, 0x6d, 0x34, 0x63, 0x19, 0x73
+};
+
+uint8_t rsa_x509_known_signature_1024[] = {
+ 0x43, 0xA3, 0x73, 0x60, 0xD7, 0x6F, 0xAB, 0x76,
+ 0x8C, 0xF7, 0x7C, 0xDD, 0x26, 0x59, 0x75, 0x91,
+ 0x0F, 0x06, 0x95, 0x4A, 0x3A, 0x02, 0x9A, 0x19,
+ 0x33, 0xF0, 0x98, 0x4E, 0x9A, 0x97, 0xEA, 0xFE,
+ 0x45, 0xB5, 0x94, 0xE0, 0x42, 0x46, 0xC7, 0x74,
+ 0x65, 0xE6, 0x0F, 0x81, 0xD0, 0x95, 0x17, 0x8F,
+ 0x82, 0xF6, 0x36, 0x02, 0x59, 0xE9, 0x20, 0x08,
+ 0x38, 0x70, 0x68, 0x67, 0xFE, 0x9B, 0xEA, 0xF8,
+ 0xBA, 0xD0, 0x00, 0x3F, 0x75, 0x2A, 0x2F, 0x7A,
+ 0xC7, 0xE9, 0x44, 0xA4, 0x39, 0xB6, 0x94, 0x85,
+ 0xA7, 0x8A, 0x3A, 0x97, 0x83, 0x93, 0x18, 0x93,
+ 0x99, 0xAC, 0xF7, 0x21, 0xD5, 0x76, 0x30, 0xA5,
+ 0xA1, 0xE5, 0x3B, 0x50, 0x2D, 0x10, 0xBE, 0xD1,
+ 0x96, 0x41, 0x9D, 0xD9, 0xCD, 0x68, 0xD4, 0x49,
+ 0x96, 0x78, 0xBB, 0x62, 0x7D, 0xEC, 0x0D, 0x09,
+ 0xA4, 0x84, 0x6B, 0x6F, 0xA8, 0x41, 0x03, 0x37
+};
+
+uint8_t rsa_pkcs_known_signature_1024[] = {
+ 0x7B, 0x9C, 0x75, 0x6D, 0x45, 0xC3, 0xED, 0x9F,
+ 0xFA, 0xE9, 0x9C, 0xFA, 0x8B, 0x1A, 0xAF, 0x86,
+ 0x25, 0x45, 0x52, 0x21, 0x81, 0x94, 0x2C, 0x87,
+ 0x51, 0x65, 0x77, 0x2F, 0x25, 0xA8, 0x6C, 0x85,
+ 0x06, 0xA8, 0xA3, 0xF6, 0x3B, 0xA6, 0xC8, 0x44,
+ 0xF5, 0xBF, 0xE8, 0xE0, 0xF8, 0x20, 0xB5, 0x84,
+ 0xF3, 0xAE, 0x1B, 0x24, 0xA6, 0x19, 0xC5, 0x63,
+ 0xFD, 0x54, 0xFA, 0x88, 0xA2, 0x2D, 0x2C, 0x39,
+ 0x38, 0x4B, 0x68, 0x70, 0xF7, 0xD3, 0x8D, 0xE1,
+ 0x90, 0xE7, 0x41, 0x8D, 0x03, 0x75, 0x39, 0x38,
+ 0x3B, 0x96, 0x47, 0xFF, 0xA7, 0x9B, 0x72, 0x08,
+ 0x76, 0x7D, 0x00, 0x61, 0xD4, 0x07, 0x47, 0xED,
+ 0xB3, 0x62, 0x4D, 0xFD, 0x79, 0x44, 0xD5, 0xF5,
+ 0xDA, 0xDE, 0xE5, 0x89, 0xFB, 0x57, 0xA8, 0x0A,
+ 0x92, 0x41, 0x92, 0x3A, 0x47, 0x85, 0x1D, 0x72,
+ 0xAF, 0x58, 0x85, 0x9D, 0x46, 0x4A, 0xD2, 0x7D
+};
+
+uint8_t rsa_x509_known_signature_2048[] = {
+ 0x74, 0xEB, 0x2F, 0x01, 0x93, 0xF0, 0xB9, 0x64,
+ 0x12, 0xD6, 0xD6, 0x75, 0xF0, 0x6C, 0xDC, 0x44,
+ 0x5F, 0x09, 0xAC, 0x98, 0x6C, 0xF9, 0x23, 0x7E,
+ 0xBB, 0x44, 0xCB, 0x9A, 0x3C, 0xE9, 0x76, 0x7B,
+ 0x81, 0xAA, 0x69, 0xA6, 0x77, 0x34, 0x85, 0x8E,
+ 0xDB, 0x13, 0x9A, 0xE3, 0xD0, 0xBF, 0x2A, 0x3C,
+ 0x8B, 0x50, 0x3E, 0x8A, 0x95, 0xF7, 0x09, 0x39,
+ 0xED, 0x3F, 0x5A, 0x52, 0x68, 0xA1, 0xF3, 0x42,
+ 0xA8, 0x09, 0x13, 0xAE, 0xFD, 0x9F, 0x40, 0x0C,
+ 0x3D, 0x84, 0x68, 0x07, 0xFF, 0x30, 0x0F, 0x6B,
+ 0x6F, 0xB7, 0x1F, 0x09, 0x11, 0x8E, 0x7B, 0x3F,
+ 0x88, 0xF5, 0x41, 0x07, 0xE1, 0x5C, 0x71, 0x28,
+ 0xAE, 0x71, 0x51, 0xAE, 0xC3, 0xC9, 0xCB, 0xED,
+ 0xAC, 0x87, 0x32, 0xAB, 0xD0, 0x2F, 0x65, 0xA3,
+ 0x7D, 0x90, 0xDC, 0xFF, 0x7A, 0x9D, 0xCE, 0xBC,
+ 0xCA, 0x00, 0x6E, 0x65, 0x3C, 0x99, 0x2F, 0x00,
+ 0x8A, 0x5A, 0xD9, 0x5A, 0x01, 0x83, 0x99, 0x1D,
+ 0x8D, 0xD7, 0x10, 0x3B, 0xE2, 0x9C, 0x9C, 0x49,
+ 0xCA, 0x9C, 0xF6, 0x42, 0x0E, 0x4D, 0xCD, 0x11,
+ 0x70, 0x0C, 0xCC, 0x2C, 0x8F, 0xAA, 0xA5, 0x7C,
+ 0xA8, 0x1D, 0xBD, 0x99, 0x63, 0x6E, 0x44, 0x9D,
+ 0xE6, 0xC0, 0x55, 0x2F, 0x0F, 0x27, 0x43, 0xA3,
+ 0x3C, 0x46, 0xC4, 0x52, 0x59, 0x4F, 0xD4, 0x07,
+ 0xAD, 0xE2, 0xBA, 0x19, 0x23, 0x23, 0xB6, 0x78,
+ 0xFE, 0x65, 0x6D, 0x0D, 0x62, 0x0E, 0xAB, 0xE5,
+ 0x5A, 0x58, 0x28, 0x17, 0xE9, 0x1D, 0x2F, 0x3E,
+ 0x04, 0xED, 0x01, 0x56, 0x0B, 0xB9, 0x4E, 0x2D,
+ 0xF8, 0xC9, 0x7D, 0x12, 0xFE, 0x8A, 0x00, 0x3E,
+ 0x72, 0x9F, 0x28, 0x77, 0x92, 0x58, 0x6E, 0x11,
+ 0x75, 0xF1, 0x31, 0x5B, 0x43, 0xF4, 0x95, 0xD3,
+ 0x59, 0x31, 0xA7, 0xD1, 0x8B, 0x91, 0xED, 0xDE,
+ 0xD9, 0xC0, 0x04, 0xBA, 0x1F, 0x4E, 0x1D, 0xB6
+};
+
+uint8_t rsa_pkcs_known_signature_2048[] = {
+ 0x77, 0x5A, 0x7C, 0x5B, 0x95, 0xB8, 0x02, 0xB5,
+ 0xF7, 0xDF, 0x8A, 0x3F, 0x90, 0x7D, 0x32, 0x6E,
+ 0x3B, 0x79, 0x0F, 0x74, 0xAD, 0x4D, 0xE1, 0x61,
+ 0xCD, 0x5D, 0x32, 0x4C, 0x4A, 0x94, 0x90, 0xB2,
+ 0xDB, 0xB0, 0xCE, 0x0E, 0xC8, 0xC2, 0x2D, 0x8B,
+ 0x26, 0x49, 0xE8, 0x0F, 0x37, 0x85, 0x64, 0xF0,
+ 0x2B, 0x94, 0xA5, 0x05, 0xC7, 0x32, 0x4C, 0xFD,
+ 0xE8, 0x1F, 0x5B, 0x3C, 0x74, 0x08, 0x16, 0x02,
+ 0xAE, 0xB6, 0xB8, 0xF1, 0x4A, 0x2F, 0x3F, 0x92,
+ 0xCD, 0x8B, 0x82, 0xCA, 0xCC, 0xB4, 0x8E, 0x68,
+ 0xD6, 0x2F, 0x21, 0x8C, 0x4C, 0x63, 0xA4, 0xEA,
+ 0xDE, 0xE5, 0xF2, 0x8A, 0x3F, 0x9B, 0x81, 0x50,
+ 0x12, 0x30, 0x05, 0xF2, 0x63, 0x64, 0xB2, 0x41,
+ 0x8A, 0x77, 0xAF, 0x07, 0xC1, 0x91, 0x6E, 0x32,
+ 0x43, 0xEC, 0x3B, 0xB2, 0xE5, 0xAE, 0x95, 0x81,
+ 0xEE, 0x34, 0x4C, 0xAF, 0x26, 0x8C, 0x14, 0x7D,
+ 0xB3, 0x0D, 0x47, 0x95, 0x46, 0xFF, 0x5E, 0x12,
+ 0xCC, 0x02, 0x68, 0x52, 0x58, 0x90, 0xE8, 0x38,
+ 0xC5, 0x7F, 0x6F, 0x6A, 0xA6, 0x1C, 0x92, 0xDB,
+ 0x43, 0x82, 0x13, 0x2A, 0x33, 0x0F, 0xEB, 0xEC,
+ 0xF3, 0x52, 0x47, 0x06, 0x0B, 0xB0, 0x38, 0x52,
+ 0xB7, 0x60, 0xB5, 0x4D, 0xC3, 0xF8, 0x26, 0x60,
+ 0x99, 0x67, 0xFA, 0x5C, 0x40, 0x3A, 0x71, 0x8F,
+ 0x30, 0x04, 0xEF, 0xD2, 0xBD, 0x31, 0xA3, 0x1F,
+ 0x9A, 0x5D, 0xAA, 0x0C, 0x8E, 0xA1, 0x87, 0x78,
+ 0x62, 0xFD, 0x15, 0x8C, 0xB4, 0xF5, 0xAF, 0x84,
+ 0xFB, 0x26, 0xC9, 0xDA, 0x58, 0x67, 0x55, 0x27,
+ 0x1C, 0x20, 0xEA, 0xDD, 0x5E, 0xC0, 0xBE, 0x88,
+ 0x46, 0x9C, 0xEF, 0x70, 0x75, 0x91, 0x31, 0x44,
+ 0x40, 0xCD, 0x61, 0x3F, 0xB6, 0x9C, 0x18, 0x6D,
+ 0xCD, 0x16, 0x07, 0x89, 0x7D, 0x73, 0x03, 0xE3,
+ 0x54, 0x22, 0x11, 0x76, 0xF5, 0xE6, 0x4F, 0xF0
+};
+
+
+uchar_t dsa_base_1024[] = {
+ 0x34, 0x32, 0xEF, 0xA6, 0x81, 0x0E, 0xF7, 0xA2,
+ 0x6F, 0x0C, 0x05, 0xB8, 0x6F, 0xE4, 0x0B, 0xD7,
+ 0xB4, 0x5B, 0x77, 0x3E, 0x0D, 0x6D, 0xA9, 0x37,
+ 0x39, 0x69, 0xEC, 0x26, 0x58, 0xDD, 0xE5, 0xF7,
+ 0x26, 0x2A, 0x8C, 0xBD, 0x47, 0x7B, 0x53, 0x12,
+ 0x65, 0xD5, 0x86, 0x7C, 0xAA, 0x47, 0x8D, 0x2C,
+ 0xBD, 0x8A, 0x82, 0x5B, 0x5E, 0xEB, 0x94, 0xAE,
+ 0x79, 0x1D, 0x76, 0x64, 0x9E, 0x3E, 0x33, 0x5A,
+ 0xFC, 0xB6, 0x86, 0x83, 0x6A, 0xAF, 0x7D, 0xC4,
+ 0x50, 0x56, 0x60, 0xEF, 0x57, 0x86, 0x6C, 0xD9,
+ 0x44, 0x72, 0xF2, 0x19, 0xB0, 0x46, 0x52, 0x04,
+ 0xC3, 0x92, 0xF4, 0xF1, 0x36, 0xEF, 0xFA, 0xAF,
+ 0xFA, 0x86, 0xBB, 0x2B, 0x07, 0x04, 0x9F, 0xF5,
+ 0xD4, 0xEC, 0xB5, 0x60, 0x81, 0x8A, 0x6E, 0x5F,
+ 0x96, 0x4C, 0x84, 0x9E, 0xD0, 0x9E, 0xA9, 0x28,
+ 0x95, 0xF9, 0x17, 0x5E, 0x95, 0x4F, 0xA8, 0x45
+};
+uchar_t dsa_prime_1024[] = {
+ 0xB6, 0x6F, 0x0C, 0xED, 0xAF, 0x2C, 0x79, 0x76,
+ 0x03, 0xC1, 0xB6, 0x4A, 0x60, 0x24, 0x89, 0x6D,
+ 0xFC, 0x8A, 0x8C, 0x4F, 0x0A, 0x61, 0x4B, 0x55,
+ 0xB2, 0x4E, 0xDC, 0x2E, 0xB7, 0xFA, 0xFF, 0x9A,
+ 0xF7, 0xA4, 0x86, 0x71, 0x0E, 0xBF, 0x2A, 0xBB,
+ 0x60, 0x64, 0x49, 0xFB, 0xB8, 0x8C, 0x86, 0xA1,
+ 0x92, 0xBC, 0x0A, 0xF8, 0xF3, 0x62, 0x5E, 0x0D,
+ 0x40, 0xA7, 0x61, 0xCB, 0x45, 0x21, 0x90, 0xF0,
+ 0x3F, 0xC9, 0x25, 0x79, 0x5B, 0x3A, 0xDE, 0x4E,
+ 0xAE, 0xFA, 0x21, 0x74, 0x6F, 0x9A, 0x09, 0xED,
+ 0xA6, 0x7D, 0x6C, 0x89, 0x5A, 0x3E, 0x28, 0xE8,
+ 0x5D, 0x31, 0x20, 0xD9, 0xAF, 0xE8, 0x9F, 0xA4,
+ 0xA6, 0xD7, 0xFE, 0x2F, 0x26, 0x4E, 0x85, 0x61,
+ 0x9B, 0xE6, 0x5E, 0x67, 0x90, 0xF5, 0xDA, 0x8F,
+ 0xE2, 0xD1, 0x26, 0xB1, 0x66, 0xC6, 0xB0, 0xCA,
+ 0x7C, 0xE8, 0x08, 0x85, 0x57, 0xE5, 0xAD, 0x01
+};
+uchar_t dsa_subprime_1024[] = {
+ 0x80, 0xBD, 0xBC, 0x1F, 0x32, 0x59, 0x51, 0xC6,
+ 0xE0, 0x36, 0xC7, 0x74, 0x47, 0x16, 0xCF, 0x06,
+ 0xDC, 0x8A, 0xA9, 0x07
+};
+uchar_t dsa_privalue_1024[] = {
+ 0x3F, 0x02, 0xC5, 0xA7, 0x0C, 0x35, 0xAE, 0xF9,
+ 0x9B, 0xED, 0xF4, 0x93, 0xB4, 0x10, 0x09, 0x68,
+ 0x83, 0x2F, 0xCB, 0x9C
+};
+uchar_t dsa_pubvalue_1024[] = {
+ 0x10, 0xEF, 0xCB, 0x38, 0x16, 0xCC, 0xCA, 0x91,
+ 0x13, 0x6C, 0x56, 0x54, 0x67, 0xBF, 0x14, 0x98,
+ 0xB7, 0x9B, 0x67, 0x91, 0xC9, 0x43, 0x6E, 0x04,
+ 0x79, 0x85, 0x0D, 0x74, 0x4C, 0x8B, 0x0E, 0x33,
+ 0x8E, 0x2C, 0xF4, 0x47, 0x4D, 0x2C, 0x3D, 0xE3,
+ 0x50, 0x28, 0x0B, 0x19, 0x8E, 0x7F, 0x25, 0x85,
+ 0xD9, 0xF8, 0x75, 0xE3, 0xE8, 0xE7, 0xDF, 0xAE,
+ 0x6D, 0xC5, 0x63, 0x25, 0x1E, 0x4E, 0x69, 0xBF,
+ 0xCE, 0xA1, 0x9A, 0xEA, 0xDB, 0xC5, 0x73, 0x20,
+ 0x41, 0x9C, 0x1D, 0xCE, 0x28, 0x1D, 0xFE, 0x87,
+ 0x0C, 0x6A, 0x1D, 0x44, 0xF0, 0x56, 0x01, 0x0D,
+ 0xF7, 0x1D, 0x82, 0xFD, 0x8D, 0x20, 0xF2, 0xA3,
+ 0x83, 0x28, 0xD3, 0xED, 0x40, 0x36, 0x0A, 0x4C,
+ 0xAB, 0x2A, 0xB4, 0x9F, 0xA7, 0x9C, 0x53, 0x69,
+ 0xBB, 0xC6, 0xB8, 0x78, 0x5E, 0xAF, 0x8F, 0x4E,
+ 0xFF, 0xCB, 0x2C, 0xB7, 0xD3, 0x53, 0x6D, 0x0A
+};
+
+uchar_t dsa_known_data[] = {
+ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
+ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J'
+};
+
+/*
+ * NIST-Approved Curves
+ */
+
+/* P-192 */
+uchar_t ec_param_oid_secp192r1[] = /* prime192v1/P192 */
+ {0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x3, 0x1, 0x1};
+uchar_t ec_point_p192r1[] = {
+ 0x04, 0xa8, 0x57, 0x22, 0x30, 0x43, 0x82, 0xa4,
+ 0x80, 0x2c, 0x46, 0x79, 0x23, 0x8b, 0xe5, 0x08,
+ 0x02, 0xf7, 0xc6, 0x86, 0xda, 0xe8, 0x9b, 0x7b,
+ 0x8c, 0x79, 0xa5, 0x6e, 0x0c, 0x1c, 0x37, 0x47,
+ 0x1d, 0x51, 0x67, 0xe3, 0xdd, 0x2a, 0xc3, 0x1a,
+ 0x29, 0xec, 0xd3, 0xbc, 0xf6, 0x95, 0xeb, 0x22,
+ 0xe0
+};
+uchar_t ec_value_p192r1[] = {
+ 0x52, 0x9b, 0x30, 0x58, 0x69, 0x72, 0x1b, 0x57,
+ 0x9c, 0xe5, 0x29, 0xa1, 0x52, 0x70, 0xb9, 0xbe,
+ 0xf4, 0x3a, 0x63, 0xdd, 0x89, 0xc0, 0xd0, 0xa8
+};
+
+/* P-224 */
+uchar_t ec_param_oid_secp224r1[] =
+ {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x21};
+uchar_t ec_point_p224r1[] = {
+ 0x04,
+ 0x2B, 0xFF, 0xAF, 0xA1, 0xAA, 0x9A, 0x05, 0x44,
+ 0xBC, 0xC8, 0xD4, 0xAF, 0xC8, 0x53, 0x92, 0xD8,
+ 0xC5, 0x01, 0x70, 0xF2, 0x97, 0x5B, 0x7A, 0x23,
+ 0x7D, 0x39, 0x6A, 0xCD, 0x32, 0xF3, 0x3C, 0x69,
+ 0x8F, 0x42, 0x00, 0xD6, 0x38, 0x0A, 0xF4, 0xCE,
+ 0x6D, 0x43, 0x98, 0xDF, 0x2E, 0x62, 0x90, 0x6E,
+ 0xAD, 0xF7, 0x4E, 0x6C, 0x67, 0x83, 0xC5, 0x69
+ };
+uchar_t ec_value_p224r1[] = {
+ 0x91, 0xE9, 0x9A, 0xA5, 0x6F, 0xA7, 0x9D, 0x90,
+ 0xED, 0x41, 0x25, 0x42, 0xA8, 0x31, 0x4E, 0xE2,
+ 0xEB, 0x95, 0x14, 0x89, 0x6D, 0x78, 0xA0, 0x14,
+ 0x45, 0x8B, 0x85, 0x0E
+};
+
+
+/* P-256 */
+uchar_t ec_param_oid_secp256r1[] =
+ {0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x3, 0x1, 0x7};
+uchar_t ec_point_p256r1[] = {
+ 0x04, 0xa0, 0x90, 0x62, 0x74, 0x7d, 0x00, 0x6a,
+ 0x84, 0x01, 0xcd, 0x7b, 0x29, 0xf6, 0x53, 0xe3,
+ 0xd3, 0x2b, 0xb7, 0x1f, 0x51, 0x8a, 0x0c, 0xba,
+ 0xe9, 0x3e, 0xd6, 0xa4, 0x90, 0xd3, 0x3a, 0x70,
+ 0x29, 0x11, 0x70, 0xac, 0x03, 0x8b, 0xb0, 0x11,
+ 0xd7, 0x05, 0xd5, 0xce, 0x17, 0x4d, 0x1e, 0x50,
+ 0xdc, 0xea, 0x3b, 0x42, 0x0b, 0x94, 0xcb, 0xda,
+ 0x4a, 0x07, 0xc9, 0xe6, 0x8e, 0x1d, 0x59, 0xd2, 0x77
+};
+uchar_t ec_value_p256r1[] = {
+ 0xf3, 0x58, 0xee, 0xc7, 0xec, 0x32, 0x1c, 0x1a,
+ 0xc6, 0x10, 0xb2, 0x97, 0x15, 0x4e, 0x84, 0x5b,
+ 0xed, 0x36, 0x94, 0xc1, 0xa0, 0xaa, 0x8b, 0x91,
+ 0xba, 0x26, 0x73, 0xeb, 0x6b, 0x2d, 0x4c, 0xde
+};
+
+/* P-384 */
+uchar_t ec_param_oid_secp384r1[] =
+ {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22};
+uchar_t ec_point_p384r1[] = {
+ 0x04, 0x2a, 0x87, 0x73, 0x17, 0x2f, 0x61, 0xf6,
+ 0xbc, 0xd1, 0x8b, 0x31, 0x3d, 0xa1, 0x37, 0x4b,
+ 0x39, 0xa6, 0x1e, 0xe1, 0x8a, 0x88, 0x17, 0x2b,
+ 0x86, 0x1a, 0x36, 0xd1, 0x1c, 0x0f, 0x53, 0xd9,
+ 0xc7, 0x48, 0x31, 0x64, 0xcd, 0x20, 0x38, 0x14,
+ 0xdd, 0x16, 0xde, 0x8d, 0xf7, 0xf6, 0x89, 0x43,
+ 0xa0, 0x34, 0x15, 0x5f, 0x70, 0x99, 0x96, 0x55,
+ 0x03, 0x26, 0x7c, 0x34, 0x9f, 0xe4, 0xfe, 0xaa,
+ 0xcc, 0xbb, 0xa1, 0x91, 0x2c, 0xbd, 0xe8, 0xc6,
+ 0x7b, 0xef, 0x17, 0x87, 0x2d, 0x9f, 0xe3, 0x2b,
+ 0x99, 0x17, 0x6d, 0x96, 0xed, 0x44, 0x55, 0x28,
+ 0x53, 0xce, 0xcd, 0x31, 0x8c, 0x3d, 0x90, 0x2f, 0xcf
+};
+uchar_t ec_value_p384r1[] = {
+ 0xfc, 0xcb, 0x14, 0xdd, 0x5f, 0x86, 0x31, 0x74,
+ 0x27, 0xef, 0x19, 0x18, 0x6c, 0x02, 0x2b, 0x94,
+ 0xbf, 0x56, 0x9f, 0x36, 0x5e, 0x38, 0x6b, 0x82,
+ 0x91, 0x70, 0xc4, 0x0f, 0xd6, 0xbe, 0x32, 0x5c,
+ 0x4d, 0xe3, 0x75, 0x98, 0x05, 0x8c, 0x61, 0xe8,
+ 0x70, 0x32, 0x6f, 0xbc, 0xc9, 0x85, 0x0a, 0x34
+};
+
+/* P-521 */
+uchar_t ec_param_oid_secp521r1[] =
+ {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23};
+uchar_t ec_point_p521r1[] = {
+ 0x04, 0x01, 0x41, 0x65, 0x78, 0xe4, 0xbd, 0x99,
+ 0x50, 0xc8, 0x2e, 0x4a, 0x82, 0xac, 0x6c, 0x20,
+ 0xcf, 0xf8, 0x2e, 0x72, 0x40, 0x1d, 0x5f, 0x51,
+ 0x5f, 0xcc, 0xb3, 0xa8, 0x52, 0x8c, 0xa6, 0x41,
+ 0x43, 0xd6, 0xd8, 0x13, 0xfd, 0xd8, 0xbb, 0xd9,
+ 0x7c, 0xa7, 0xbf, 0xa8, 0xa8, 0x65, 0x0f, 0xc8,
+ 0xb9, 0x60, 0x13, 0xbc, 0xd3, 0x16, 0x6a, 0x5f,
+ 0xf0, 0x52, 0x49, 0xce, 0x61, 0x8f, 0x1a, 0xf3,
+ 0x6d, 0xe6, 0xce, 0x01, 0x15, 0x98, 0xb0, 0x2f,
+ 0xa0, 0x28, 0x4b, 0x2b, 0xf1, 0xf4, 0xd0, 0x9e,
+ 0xbd, 0xa2, 0xf5, 0xad, 0x04, 0x23, 0xf6, 0x55,
+ 0xdb, 0x08, 0x45, 0x7b, 0xde, 0x6e, 0x7b, 0xce,
+ 0x1d, 0x26, 0x08, 0xc3, 0x01, 0xfd, 0xb1, 0xe1,
+ 0x56, 0xd3, 0xcc, 0x38, 0x38, 0x93, 0x4d, 0x6e,
+ 0xb1, 0x95, 0xd1, 0x9c, 0x91, 0x65, 0x4c, 0x85,
+ 0xe7, 0x64, 0x4f, 0xe5, 0x27, 0x48, 0x81, 0x02,
+ 0x2f, 0x58, 0x29, 0x17, 0x6b
+};
+uchar_t ec_value_p521r1[] = {
+ 0x01, 0x74, 0x8a, 0x92, 0xca, 0x6f, 0x31, 0x1f,
+ 0x45, 0x22, 0x84, 0x9f, 0x33, 0x20, 0x56, 0xb0,
+ 0x5a, 0xdd, 0xda, 0x73, 0x89, 0xb3, 0x21, 0xab,
+ 0xe5, 0xe0, 0xac, 0xe1, 0x6c, 0xa5, 0x59, 0x1b,
+ 0x54, 0x56, 0xd6, 0x45, 0xcb, 0xcf, 0x9f, 0xbd,
+ 0xec, 0x26, 0x43, 0xe8, 0xc4, 0x84, 0xec, 0xa6,
+ 0xdf, 0x09, 0xfc, 0xe3, 0xe3, 0xcb, 0x89, 0x01,
+ 0xce, 0x19, 0x12, 0x3d, 0x61, 0x10, 0x1d, 0x6a,
+ 0xca, 0x39
+};
+
+
+/* K-163 */
+uchar_t ec_param_oid_sect163k1[] =
+ {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01};
+uchar_t ec_point_t163k1[] = {
+ 0x04, 0x05, 0x95, 0xe3, 0x64, 0xed, 0x0b, 0xf5,
+ 0x0b, 0x28, 0x20, 0x31, 0xb5, 0x25, 0x35, 0x0d,
+ 0xc0, 0x5b, 0x16, 0x64, 0x18, 0x7d, 0x01, 0xe4,
+ 0x11, 0xda, 0xa4, 0x1e, 0x79, 0x7b, 0xcd, 0x5a,
+ 0x29, 0xed, 0xdf, 0xec, 0xa0, 0xc2, 0xb5, 0xf7,
+ 0xf3, 0xf6, 0x5a
+};
+uchar_t ec_value_t163k1[] = {
+ 0x03, 0x0d, 0x02, 0xa7, 0xb7, 0x7b, 0x86, 0xe1,
+ 0x6a, 0x4e, 0xea, 0xd5, 0xa5, 0x01, 0x5c, 0x7c,
+ 0x73, 0x60, 0x5b, 0x44, 0x80
+};
+
+/* K-233 */
+uchar_t ec_param_oid_sect233k1[] =
+ {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x1a};
+uchar_t ec_point_t233k1[] = {
+ 0x04, 0x00, 0xf1, 0x3e, 0x3d, 0xd9, 0xbf, 0x5c,
+ 0x68, 0x9d, 0xb3, 0x2a, 0x4f, 0x0e, 0xb0, 0xfa,
+ 0x97, 0x1a, 0x50, 0xbc, 0xbb, 0x5f, 0x86, 0x05,
+ 0xe3, 0x60, 0x04, 0x81, 0x4b, 0xce, 0x62, 0x01,
+ 0xe7, 0x57, 0xeb, 0xe2, 0x52, 0xc8, 0x4b, 0x84,
+ 0x46, 0xd4, 0xca, 0xce, 0x1d, 0xf8, 0x07, 0x0c,
+ 0x5b, 0x8c, 0x56, 0xce, 0x08, 0xdb, 0x4e, 0x1b,
+ 0xf7, 0xed, 0x56, 0x19, 0x13
+};
+uchar_t ec_value_t233k1[] = {
+ 0x00, 0x61, 0xba, 0xcf, 0x3f, 0x7c, 0x0c, 0x16,
+ 0x81, 0x84, 0x7a, 0x2b, 0x07, 0x88, 0x86, 0x83,
+ 0xc7, 0xdb, 0xc0, 0xc6, 0xc7, 0xb9, 0x55, 0x80,
+ 0x7d, 0x9b, 0x89, 0x0f, 0x6f, 0x9d
+};
+
+
+/* K-283 */
+uchar_t ec_param_oid_sect283k1[] =
+ {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x10};
+uchar_t ec_point_t283k1[] = {
+ 0x04, 0x03, 0x63, 0x96, 0xa4, 0xdd, 0x64, 0xf6,
+ 0x9a, 0x76, 0x4e, 0x46, 0x64, 0x39, 0x3f, 0x6d,
+ 0xb6, 0xcc, 0xf8, 0xa8, 0x85, 0xea, 0xd4, 0x59,
+ 0x38, 0xf5, 0xce, 0xb4, 0x57, 0xf3, 0x68, 0xd9,
+ 0x3a, 0x11, 0xd6, 0x88, 0x2f, 0x03, 0x7f, 0x23,
+ 0x70, 0x4a, 0x11, 0x3f, 0x4d, 0x04, 0x57, 0x48,
+ 0xa0, 0x31, 0xd7, 0x0f, 0xec, 0x35, 0x57, 0x4c,
+ 0x01, 0x11, 0xe5, 0xf0, 0x71, 0xa9, 0x69, 0x44,
+ 0xc9, 0xf1, 0xc1, 0xf9, 0xe8, 0xb3, 0x90, 0xae, 0x7f
+};
+uchar_t ec_value_t283k1[] = {
+ 0x01, 0x4d, 0x29, 0x14, 0xf0, 0xed, 0xd5, 0x7d,
+ 0x44, 0x23, 0xc8, 0xa0, 0xc3, 0x4c, 0x90, 0x54,
+ 0x52, 0xaa, 0x30, 0x90, 0xd9, 0x85, 0xc1, 0x45,
+ 0xbf, 0x1d, 0xd6, 0x2b, 0x91, 0x47, 0x87, 0x40,
+ 0xcf, 0x76, 0xa7, 0xa4
+};
+
+/* K-409 */
+uchar_t ec_param_oid_sect409k1[] =
+ {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x24};
+uchar_t ec_point_t409k1[] = {
+ 0x04, 0x00, 0xed, 0xe7, 0xa4, 0xe0, 0xe6, 0x06,
+ 0xd5, 0xc7, 0x39, 0x08, 0xf3, 0x35, 0xe4, 0x20,
+ 0xd3, 0xb8, 0xbb, 0x24, 0x41, 0x6a, 0x7a, 0xa6,
+ 0x47, 0x72, 0x29, 0xc8, 0x57, 0x59, 0x3d, 0xc3,
+ 0x53, 0xac, 0x0e, 0xeb, 0x00, 0x48, 0xe4, 0x9b,
+ 0xa3, 0xc6, 0x05, 0x01, 0x7f, 0xa7, 0x81, 0xff,
+ 0x18, 0x48, 0xf6, 0x3b, 0x2a, 0x01, 0xb8, 0xef,
+ 0x75, 0x39, 0x2b, 0xb5, 0x3d, 0x80, 0x54, 0xef,
+ 0xee, 0x37, 0xc8, 0x59, 0xdb, 0xad, 0xff, 0xad,
+ 0x52, 0x42, 0x40, 0x2b, 0xcc, 0xdd, 0xa1, 0xd7,
+ 0x83, 0xd0, 0x7d, 0x21, 0xab, 0xc7, 0xbf, 0xb2,
+ 0x1a, 0x4e, 0xb4, 0xe6, 0xb4, 0x1c, 0xe5, 0x9b,
+ 0xbb, 0xb9, 0xef, 0x68, 0x5c, 0xbf, 0x0d, 0xfd, 0x42
+};
+uchar_t ec_value_t409k1[] = {
+ 0x00, 0x74, 0xa9, 0xea, 0x4e, 0xeb, 0x48, 0x7d,
+ 0xc4, 0x7c, 0xd6, 0x09, 0xf9, 0x1d, 0x06, 0x0c,
+ 0xbf, 0x61, 0xa8, 0x8a, 0x70, 0x11, 0x2c, 0xca,
+ 0x2d, 0xb8, 0x0b, 0x3a, 0x83, 0x22, 0x9b, 0x69,
+ 0x22, 0x25, 0x13, 0xe3, 0x4c, 0xe1, 0xed, 0x4e,
+ 0xdd, 0xe4, 0x27, 0x38, 0xc0, 0x75, 0x91, 0xb7,
+ 0xfd, 0x6a, 0x73, 0x1c
+};
+
+
+/* K-571 */
+uchar_t ec_param_oid_sect571k1[] =
+ {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x26};
+uchar_t ec_point_t571k1[] = {
+ 0x04, 0x02, 0x90, 0x9c, 0xfe, 0x4f, 0x09, 0x18,
+ 0x38, 0x71, 0xdc, 0x84, 0xda, 0x80, 0x1d, 0xa5,
+ 0xba, 0xad, 0x52, 0xce, 0x72, 0x19, 0x42, 0xb8,
+ 0x6f, 0xa4, 0x31, 0x68, 0xb6, 0xb2, 0x59, 0x4e,
+ 0x49, 0x73, 0x6e, 0xb6, 0xf7, 0x04, 0x19, 0x6d,
+ 0x78, 0x5b, 0x28, 0x5a, 0xf6, 0x9b, 0x33, 0x6b,
+ 0xac, 0x58, 0x1a, 0xcb, 0x52, 0xab, 0xb8, 0x51,
+ 0xe1, 0x27, 0x6e, 0x55, 0x2b, 0xaa, 0x78, 0xd8,
+ 0x27, 0x19, 0x2f, 0x3b, 0xfd, 0x5d, 0x4d, 0xa7,
+ 0x17, 0x05, 0x8a, 0x27, 0xfa, 0x9f, 0xd5, 0xf0,
+ 0xfe, 0xf7, 0x01, 0x7b, 0x2d, 0x53, 0xc5, 0x4a,
+ 0x82, 0xc9, 0xae, 0xb3, 0xde, 0xf8, 0x93, 0xc7,
+ 0x10, 0x2a, 0x95, 0x43, 0x3f, 0x1f, 0xdd, 0xcb,
+ 0x59, 0xf8, 0xc8, 0x2d, 0xa3, 0xce, 0x7e, 0x65,
+ 0x39, 0x85, 0x61, 0x01, 0xb3, 0x25, 0x11, 0xc8,
+ 0x7a, 0xed, 0x15, 0xc4, 0x9d, 0x60, 0x8e, 0xc7,
+ 0x34, 0x6e, 0x15, 0xa1, 0x0f, 0x9c, 0x86, 0x3d,
+ 0x8d, 0x2f, 0xdc, 0x9e, 0xb3, 0xfd, 0xb7, 0x1c, 0x98
+};
+uchar_t ec_value_t571k1[] = {
+ 0x00, 0x18, 0xf8, 0xad, 0x6b, 0x49, 0xa4, 0x31,
+ 0x97, 0x4b, 0xcf, 0x23, 0xa0, 0x7f, 0xf4, 0x66,
+ 0x81, 0x7d, 0xa2, 0x72, 0x11, 0x7d, 0x5b, 0xe1,
+ 0xab, 0x9f, 0xf1, 0xb7, 0xee, 0xea, 0x88, 0xee,
+ 0xd6, 0x20, 0x18, 0xfd, 0x51, 0xb2, 0xa4, 0x06,
+ 0xdc, 0x35, 0x13, 0x32, 0x93, 0x56, 0xbe, 0x55,
+ 0x01, 0xf3, 0xd3, 0x8c, 0xba, 0x8c, 0xcd, 0xd0,
+ 0xa2, 0x49, 0x9c, 0x7d, 0xac, 0x50, 0x4a, 0x17,
+ 0xca, 0xbc, 0x52, 0x39, 0x97, 0xf5, 0xfe, 0xc8
+};
+
+/* B-163 */
+uchar_t ec_param_oid_sect163r2[] =
+ {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x0f};
+uchar_t ec_point_t163r2[] = {
+ 0x04, 0x05, 0xe7, 0xb8, 0x3c, 0xd5, 0x6b, 0xc1,
+ 0xeb, 0x43, 0x0b, 0xbc, 0xc1, 0xd7, 0xc2, 0xf9,
+ 0xa2, 0xc5, 0x88, 0x4d, 0x48, 0x46, 0x04, 0xd2,
+ 0x80, 0x2f, 0x35, 0x35, 0x38, 0xda, 0x85, 0xab,
+ 0x23, 0xce, 0x85, 0xe5, 0x89, 0xcf, 0x00, 0x5d,
+ 0xf5, 0x39, 0xfc
+};
+uchar_t ec_value_t163r2[] = {
+ 0x01, 0x4d, 0xbd, 0x26, 0x63, 0xc4, 0x6a, 0xec,
+ 0x6d, 0xa5, 0x46, 0x8d, 0xa2, 0x65, 0x64, 0x20,
+ 0xb5, 0x05, 0x8a, 0x94, 0x24
+};
+
+
+/* B-233 */
+uchar_t ec_param_oid_sect233r1[] =
+ {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x1b};
+uchar_t ec_point_t233r1[] = {
+ 0x04, 0x01, 0x68, 0x1d, 0x09, 0x0b, 0x67, 0xe4,
+ 0x9c, 0xc1, 0xd9, 0xac, 0x98, 0xec, 0x26, 0x91,
+ 0x0a, 0x08, 0x3b, 0xeb, 0x48, 0xc1, 0xea, 0x79,
+ 0x37, 0xff, 0xc5, 0x3d, 0xad, 0xe9, 0xea, 0x01,
+ 0xab, 0x06, 0x22, 0x4f, 0xb3, 0xfa, 0x23, 0xe3,
+ 0x15, 0xf3, 0x7d, 0xa0, 0x5a, 0xff, 0x1d, 0x00,
+ 0xe0, 0xa2, 0x70, 0xbc, 0x31, 0xef, 0xa0, 0xc9,
+ 0xd4, 0xba, 0xa5, 0x16, 0x62
+};
+uchar_t ec_value_t233r1[] = {
+ 0x00, 0x88, 0x3e, 0x26, 0x83, 0x08, 0x9c, 0xd9,
+ 0x7a, 0x46, 0xae, 0xf8, 0x6d, 0xd3, 0x9c, 0xee,
+ 0xd8, 0xae, 0xf9, 0xd0, 0x5d, 0x96, 0x7e, 0xf9,
+ 0xb0, 0x1c, 0x21, 0x26, 0x9d, 0x64
+};
+
+
+/* B-283 */
+uchar_t ec_param_oid_sect283r1[] =
+ {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x11};
+uchar_t ec_point_t283r1[] = {
+ 0x04, 0x03, 0x78, 0x8d, 0x40, 0xd6, 0x34, 0xb6,
+ 0xa0, 0x54, 0x66, 0x23, 0x9d, 0xc0, 0x60, 0x65,
+ 0x7f, 0xeb, 0x6d, 0xe1, 0x9e, 0xee, 0xc3, 0x7a,
+ 0xce, 0x50, 0x4f, 0x66, 0x45, 0x49, 0xcd, 0xbf,
+ 0x5a, 0x8c, 0x84, 0xa7, 0x30, 0x07, 0xc6, 0xbf,
+ 0x90, 0x6b, 0x6d, 0x9b, 0x50, 0x24, 0x66, 0x7b,
+ 0xd2, 0xc9, 0xfe, 0x27, 0xdd, 0xd3, 0xef, 0x15,
+ 0x2e, 0xca, 0x09, 0x93, 0x38, 0x4d, 0x90, 0x9c,
+ 0x0e, 0x6b, 0xad, 0x5b, 0x79, 0xef, 0x45, 0xb0, 0xef
+};
+uchar_t ec_value_t283r1[] = {
+ 0x00, 0xa1, 0xbb, 0x28, 0x7a, 0xc8, 0x63, 0x2a,
+ 0xd4, 0x5e, 0xe1, 0xe2, 0x29, 0x33, 0x74, 0x0f,
+ 0xbb, 0x26, 0x06, 0x36, 0x4f, 0xab, 0x14, 0x35,
+ 0x87, 0x40, 0xb3, 0x99, 0x67, 0xe2, 0x83, 0xcd,
+ 0x44, 0xdf, 0xac, 0xff
+};
+
+/* B-409 */
+uchar_t ec_param_oid_sect409r1[] =
+ {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x25};
+uchar_t ec_point_t409r1[] = {
+ 0x04, 0x01, 0x28, 0x3c, 0x30, 0xa0, 0x5f, 0x13,
+ 0x3e, 0x72, 0xf5, 0x5f, 0xf6, 0xe9, 0x78, 0x20,
+ 0xb2, 0x8e, 0x81, 0xdd, 0x62, 0xa6, 0x8a, 0x57,
+ 0xaf, 0x94, 0xab, 0x0a, 0x7e, 0xef, 0xb5, 0xda,
+ 0xfe, 0xcf, 0x6f, 0x7f, 0xa7, 0x6d, 0x2c, 0xa6,
+ 0xe4, 0xca, 0x32, 0x7e, 0x7f, 0x45, 0xaa, 0xc8,
+ 0x88, 0x7a, 0x67, 0x36, 0x07, 0x00, 0xdc, 0x7d,
+ 0x11, 0xc7, 0x6e, 0x49, 0xc5, 0x57, 0x80, 0xf2,
+ 0x49, 0xf5, 0xce, 0x62, 0x7b, 0xad, 0xb8, 0xae,
+ 0x24, 0x8d, 0x1d, 0x77, 0xbf, 0x83, 0xd6, 0xc3,
+ 0xf3, 0xa9, 0xb9, 0xe3, 0xa6, 0x47, 0x1a, 0x4a,
+ 0x91, 0x11, 0xd1, 0x4a, 0x48, 0x21, 0x10, 0x16,
+ 0x85, 0x49, 0xb4, 0x45, 0x7f, 0xdf, 0x0f, 0x34, 0x8a
+};
+uchar_t ec_value_t409r1[] = {
+ 0x00, 0xef, 0x9d, 0x02, 0xa8, 0xef, 0xe4, 0xa2,
+ 0xe7, 0x5b, 0x6e, 0x3f, 0x15, 0x2f, 0x64, 0x5b,
+ 0x55, 0xc8, 0xbf, 0xec, 0xca, 0x3a, 0xeb, 0x1c,
+ 0xdd, 0x97, 0x4f, 0x3f, 0xb0, 0x08, 0xfb, 0x4e,
+ 0x1d, 0xd3, 0x40, 0x83, 0x75, 0x82, 0x56, 0x27,
+ 0x6b, 0xfd, 0x83, 0xa8, 0xb7, 0xb6, 0x27, 0xc2,
+ 0x85, 0x22, 0x4f, 0x34
+};
+
+/* B-571 */
+uchar_t ec_param_oid_sect571r1[] =
+ {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x27};
+uchar_t ec_point_t571r1[] = {
+ 0x04, 0x04, 0x30, 0x6c, 0xfe, 0x2b, 0xff, 0x12,
+ 0x23, 0x8a, 0x3b, 0xe0, 0x07, 0x19, 0x8b, 0xd1,
+ 0xf9, 0x8c, 0x14, 0x3e, 0xea, 0x5f, 0x85, 0x7f,
+ 0x03, 0x20, 0x89, 0x9f, 0x9f, 0x6d, 0xde, 0xcd,
+ 0x35, 0x24, 0xa1, 0x83, 0xf7, 0xb9, 0xd1, 0x4b,
+ 0x4f, 0x20, 0xa8, 0x91, 0x36, 0xa4, 0x75, 0x5e,
+ 0xee, 0x5a, 0x0e, 0x47, 0xf0, 0xa9, 0xff, 0xb6,
+ 0x62, 0x65, 0x2b, 0x85, 0x01, 0x49, 0x59, 0x5f,
+ 0x1d, 0x37, 0x54, 0xf5, 0xdc, 0x61, 0x37, 0x48,
+ 0xbd, 0x02, 0xf2, 0xa2, 0x7d, 0x73, 0x00, 0xfb,
+ 0x15, 0x6c, 0x4e, 0x16, 0x22, 0x82, 0xdb, 0x9d,
+ 0xed, 0x6e, 0xa6, 0x5d, 0x97, 0x19, 0xbb, 0x30,
+ 0x13, 0x22, 0x71, 0x04, 0xc7, 0xd3, 0x83, 0xc2,
+ 0x2c, 0xcf, 0x2f, 0xf9, 0x90, 0xe2, 0x9a, 0xca,
+ 0x97, 0x6b, 0x3c, 0x1d, 0x22, 0xf1, 0x38, 0x6c,
+ 0x14, 0x4e, 0xa9, 0x8d, 0x37, 0xf5, 0x51, 0xbc,
+ 0x2b, 0xc8, 0x03, 0x47, 0x25, 0xd5, 0x30, 0x9b,
+ 0x64, 0xfc, 0x7e, 0x80, 0x70, 0x63, 0xc1, 0x34, 0x86
+};
+uchar_t ec_value_t571r1[] = {
+ 0x03, 0xa0, 0xb6, 0xf6, 0x40, 0x71, 0x56, 0xd8,
+ 0x88, 0xf4, 0x08, 0x13, 0xa1, 0x20, 0x8b, 0x03,
+ 0x04, 0xae, 0x67, 0xc0, 0x7d, 0x1f, 0x19, 0x4b,
+ 0x40, 0xab, 0x75, 0x65, 0x5f, 0x61, 0x0b, 0x0b,
+ 0x72, 0x1d, 0xc3, 0xdf, 0x5c, 0xd2, 0x41, 0xf7,
+ 0x74, 0xe2, 0x26, 0x4d, 0xba, 0xab, 0xcb, 0x6e,
+ 0xcd, 0x86, 0x57, 0x48, 0x7f, 0x3f, 0x2b, 0x91,
+ 0xab, 0x50, 0x61, 0xd0, 0x01, 0xd9, 0x1a, 0xec,
+ 0x7b, 0xb8, 0xcb, 0x3c, 0x72, 0xa7, 0xd5, 0x39
+};
diff --git a/usr/src/common/crypto/fips/fips_test_vectors.h b/usr/src/common/crypto/fips/fips_test_vectors.h
new file mode 100644
index 0000000000..451ae64bb9
--- /dev/null
+++ b/usr/src/common/crypto/fips/fips_test_vectors.h
@@ -0,0 +1,246 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ */
+
+#ifndef _FIPS_TEST_VECTORS_H
+#define _FIPS_TEST_VECTORS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define DES3_KEY_SZ 24
+#define DES_IV_LEN 8
+#define DES_BLOCK_SZ 8
+
+#define AES_BLOCK_SZ 16
+#define AES_MAX_KEY_SZ 32
+
+#define AES_CCM_TLEN 16
+#define AES_CCM_NONCE_SZ 7
+#define AES_CCM_AUTHDATA_SZ 30
+#define AES_CCM_DATA_SZ 32 /* Payload size */
+#define AES_CCM_CIPHER_SZ (AES_CCM_DATA_SZ + AES_CCM_TLEN)
+
+#define AES_GCM_IV_LEN 12
+#define AES_GCM_AAD_LEN 16
+#define AES_GCM_DATA_SZ 16
+#define AES_GCM_CIPHER_SZ ((AES_GCM_DATA_SZ) + ((AES_GMAC_TAG_BITS) / 8))
+
+#define AES_GMAC_IV_LEN 12
+#define AES_GMAC_AAD_LEN 16
+#define AES_GMAC_TAG_BITS 128
+#define AES_GMAC_TAG_SZ ((AES_GMAC_TAG_BITS) / 8)
+#define AES_GMAC_CIPHER_SZ (AES_GMAC_TAG_SZ)
+
+#define SHA1_HASH_SZ 20
+#define SHA256_HASH_SZ 32
+#define SHA384_HASH_SZ 48
+#define SHA512_HASH_SZ 64
+
+
+extern uint8_t des3_known_key[DES3_KEY_SZ];
+extern uint8_t des3_cbc_known_iv[DES_IV_LEN];
+extern uint8_t des3_ecb_known_plaintext[DES_BLOCK_SZ];
+extern uint8_t des3_cbc_known_plaintext[DES_BLOCK_SZ];
+extern uint8_t des3_ecb_known_ciphertext[DES_BLOCK_SZ];
+extern uint8_t des3_cbc_known_ciphertext[DES_BLOCK_SZ];
+
+extern uint8_t aes_known_key[AES_MAX_KEY_SZ];
+extern uint8_t aes_cbc_known_initialization_vector[AES_BLOCK_SZ];
+extern uint8_t aes_known_plaintext[AES_BLOCK_SZ];
+extern uint8_t aes_ecb128_known_ciphertext[AES_BLOCK_SZ];
+extern uint8_t aes_cbc128_known_ciphertext[AES_BLOCK_SZ];
+extern uint8_t aes_ecb192_known_ciphertext[AES_BLOCK_SZ];
+extern uint8_t aes_cbc192_known_ciphertext[AES_BLOCK_SZ];
+extern uint8_t aes_ecb256_known_ciphertext[AES_BLOCK_SZ];
+extern uint8_t aes_cbc256_known_ciphertext[AES_BLOCK_SZ];
+
+extern uint8_t aes_ctr128_known_key[16];
+extern uint8_t aes_ctr192_known_key[24];
+extern uint8_t aes_ctr256_known_key[32];
+extern uint8_t aes_ctr_known_counter[AES_BLOCK_SZ];
+extern uint8_t aes_ctr_known_plaintext[AES_BLOCK_SZ];
+extern uint8_t aes_ctr128_known_ciphertext[AES_BLOCK_SZ];
+extern uint8_t aes_ctr192_known_ciphertext[AES_BLOCK_SZ];
+extern uint8_t aes_ctr256_known_ciphertext[AES_BLOCK_SZ];
+
+extern uint8_t aes_ccm128_known_key[16];
+extern uint8_t aes_ccm192_known_key[24];
+extern uint8_t aes_ccm256_known_key[32];
+extern uint8_t aes_ccm128_known_nonce[AES_CCM_NONCE_SZ];
+extern uint8_t aes_ccm192_known_nonce[AES_CCM_NONCE_SZ];
+extern uint8_t aes_ccm256_known_nonce[AES_CCM_NONCE_SZ];
+extern uint8_t aes_ccm128_known_adata[AES_CCM_AUTHDATA_SZ];
+extern uint8_t aes_ccm192_known_adata[AES_CCM_AUTHDATA_SZ];
+extern uint8_t aes_ccm256_known_adata[AES_CCM_AUTHDATA_SZ];
+extern uint8_t aes_ccm128_known_plaintext[AES_CCM_DATA_SZ];
+extern uint8_t aes_ccm192_known_plaintext[AES_CCM_DATA_SZ];
+extern uint8_t aes_ccm256_known_plaintext[AES_CCM_DATA_SZ];
+extern uint8_t aes_ccm128_known_ciphertext[AES_CCM_CIPHER_SZ];
+extern uint8_t aes_ccm192_known_ciphertext[AES_CCM_CIPHER_SZ];
+extern uint8_t aes_ccm256_known_ciphertext[AES_CCM_CIPHER_SZ];
+
+extern uint8_t aes_gcm128_known_key[16];
+extern uint8_t aes_gcm192_known_key[24];
+extern uint8_t aes_gcm256_known_key[32];
+extern uint8_t aes_gcm128_known_iv[AES_GCM_IV_LEN];
+extern uint8_t aes_gcm192_known_iv[AES_GCM_IV_LEN];
+extern uint8_t aes_gcm256_known_iv[AES_GCM_IV_LEN];
+extern uint8_t aes_gcm128_known_adata[AES_GCM_AAD_LEN];
+extern uint8_t aes_gcm192_known_adata[AES_GCM_AAD_LEN];
+extern uint8_t aes_gcm256_known_adata[AES_GCM_AAD_LEN];
+extern uint8_t aes_gcm128_known_plaintext[AES_BLOCK_SZ];
+extern uint8_t aes_gcm192_known_plaintext[AES_BLOCK_SZ];
+extern uint8_t aes_gcm256_known_plaintext[AES_BLOCK_SZ];
+extern uint8_t aes_gcm128_known_ciphertext[32];
+extern uint8_t aes_gcm192_known_ciphertext[32];
+extern uint8_t aes_gcm256_known_ciphertext[32];
+
+extern uint8_t aes_gmac128_known_key[16];
+extern uint8_t aes_gmac192_known_key[24];
+extern uint8_t aes_gmac256_known_key[32];
+extern uint8_t aes_gmac128_known_iv[AES_GMAC_IV_LEN];
+extern uint8_t aes_gmac192_known_iv[AES_GMAC_IV_LEN];
+extern uint8_t aes_gmac256_known_iv[AES_GMAC_IV_LEN];
+extern uint8_t aes_gmac128_known_tag[AES_GMAC_TAG_SZ];
+extern uint8_t aes_gmac192_known_tag[AES_GMAC_TAG_SZ];
+extern uint8_t aes_gmac256_known_tag[AES_GMAC_TAG_SZ];
+extern uint8_t aes_gmac128_known_adata[AES_GMAC_AAD_LEN];
+extern uint8_t aes_gmac192_known_adata[AES_GMAC_AAD_LEN];
+extern uint8_t aes_gmac256_known_adata[AES_GMAC_AAD_LEN];
+
+
+extern uint8_t sha1_known_hash_message[64];
+extern uint8_t sha1_known_digest[SHA1_HASH_SZ];
+extern uint8_t HMAC_known_secret_key[8];
+extern uint8_t known_SHA1_hmac[10];
+extern uint8_t hmac_sha1_known_hash_message[128];
+extern uint8_t sha1_hmac_known_secret_key_2[SHA1_HASH_SZ];
+extern uint8_t sha1_hmac_known_hash_message_2[9];
+extern uint8_t sha1_known_hmac_2[SHA1_HASH_SZ];
+
+extern uint8_t sha256_known_hash_message[64];
+extern uint8_t known_sha256_digest[SHA256_HASH_SZ];
+extern uint8_t sha384_known_hash_message[64];
+extern uint8_t known_sha384_digest[SHA384_HASH_SZ];
+extern uint8_t sha512_known_hash_message[64];
+extern uint8_t known_sha512_digest[SHA512_HASH_SZ];
+extern uint8_t sha256_hmac_known_hash_message[64];
+extern uint8_t sha256_hmac_known_secret_key[36];
+extern uint8_t known_sha256_hmac[SHA256_HASH_SZ];
+extern uint8_t sha256_hmac_known_hash_message_1[28];
+extern uint8_t sha256_hmac_known_secret_key_1[4];
+extern uint8_t sha256_known_hmac_1[SHA256_HASH_SZ];
+extern uint8_t sha256_hmac_known_hash_message_2[50];
+extern uint8_t sha256_hmac_known_secret_key_2[25];
+extern uint8_t sha256_known_hmac_2[SHA256_HASH_SZ];
+extern uint8_t sha384_hmac_known_secret_key[16];
+extern uint8_t sha384_hmac_known_hash_message[128];
+extern uint8_t known_sha384_hmac[SHA384_HASH_SZ];
+extern uint8_t sha512_hmac_known_secret_key[20];
+extern uint8_t sha512_hmac_known_hash_message[128];
+extern uint8_t known_sha512_hmac[SHA512_HASH_SZ];
+
+
+extern uint8_t rsa_modulus_1024[128];
+extern uint8_t rsa_public_exponent_1024[3];
+extern uint8_t rsa_private_exponent_1024[128];
+extern uint8_t rsa_prime1_1024[64];
+extern uint8_t rsa_prime2_1024[64];
+extern uint8_t rsa_exponent1_1024[64];
+extern uint8_t rsa_exponent2_1024[64];
+extern uint8_t rsa_coefficient_1024[64];
+extern uint8_t rsa_modulus_2048[256];
+extern uint8_t rsa_public_exponent_2048[1];
+extern uint8_t rsa_private_exponent_2048[256];
+extern uint8_t rsa_prime1_2048[128];
+extern uint8_t rsa_prime2_2048[128];
+extern uint8_t rsa_exponent1_2048[128];
+extern uint8_t rsa_exponent2_2048[128];
+extern uint8_t rsa_coefficient_2048[128];
+extern uint8_t rsa_known_plaintext_msg[128];
+extern uint8_t rsa_x509_known_signature_1024[128];
+extern uint8_t rsa_pkcs_known_signature_1024[128];
+extern uint8_t rsa_x509_known_signature_2048[256];
+extern uint8_t rsa_pkcs_known_signature_2048[256];
+
+extern uint8_t dsa_base_1024[128];
+extern uint8_t dsa_prime_1024[128];
+extern uint8_t dsa_subprime_1024[20];
+extern uint8_t dsa_privalue_1024[20];
+extern uint8_t dsa_pubvalue_1024[128];
+extern uint8_t dsa_known_data[20];
+
+extern uint8_t ec_param_oid_secp192r1[10];
+extern uint8_t ec_point_p192r1[49];
+extern uint8_t ec_value_p192r1[24];
+extern uint8_t ec_param_oid_secp224r1[7];
+extern uint8_t ec_point_p224r1[57];
+extern uint8_t ec_value_p224r1[28];
+extern uint8_t ec_param_oid_secp256r1[10];
+extern uint8_t ec_point_p256r1[65];
+extern uint8_t ec_value_p256r1[32];
+extern uint8_t ec_param_oid_secp384r1[7];
+extern uint8_t ec_point_p384r1[97];
+extern uint8_t ec_value_p384r1[48];
+extern uint8_t ec_param_oid_secp521r1[7];
+extern uint8_t ec_point_p521r1[133];
+extern uint8_t ec_value_p521r1[66];
+extern uint8_t ec_param_oid_sect163k1[7];
+extern uint8_t ec_point_t163k1[43];
+extern uint8_t ec_value_t163k1[21];
+extern uint8_t ec_param_oid_sect233k1[7];
+extern uint8_t ec_point_t233k1[61];
+extern uint8_t ec_value_t233k1[30];
+extern uint8_t ec_param_oid_sect283k1[7];
+extern uint8_t ec_point_t283k1[73];
+extern uint8_t ec_value_t283k1[36];
+extern uint8_t ec_param_oid_sect409k1[7];
+extern uint8_t ec_point_t409k1[105];
+extern uint8_t ec_value_t409k1[52];
+extern uint8_t ec_param_oid_sect571k1[7];
+extern uint8_t ec_point_t571k1[145];
+extern uint8_t ec_value_t571k1[72];
+extern uint8_t ec_param_oid_sect163r2[7];
+extern uint8_t ec_point_t163r2[43];
+extern uint8_t ec_value_t163r2[21];
+extern uint8_t ec_param_oid_sect233r1[7];
+extern uint8_t ec_point_t233r1[61];
+extern uint8_t ec_value_t233r1[30];
+extern uint8_t ec_param_oid_sect283r1[7];
+extern uint8_t ec_point_t283r1[73];
+extern uint8_t ec_value_t283r1[36];
+extern uint8_t ec_param_oid_sect409r1[7];
+extern uint8_t ec_point_t409r1[105];
+extern uint8_t ec_value_t409r1[52];
+extern uint8_t ec_param_oid_sect571r1[7];
+extern uint8_t ec_point_t571r1[145];
+extern uint8_t ec_value_t571r1[72];
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _FIPS_TEST_VECTORS_H */
diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/Makefile.com b/usr/src/lib/pkcs11/pkcs11_softtoken/Makefile.com
index 76218533ae..eeba64cf59 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/Makefile.com
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/Makefile.com
@@ -79,7 +79,8 @@ RNG_COBJECTS = fips_random.o
FIPS_COBJECTS = fips_aes_util.o fips_des_util.o \
fips_sha1_util.o fips_sha2_util.o \
fips_dsa_util.o fips_rsa_util.o \
- fips_ecc_util.o fips_random_util.o
+ fips_ecc_util.o fips_random_util.o \
+ fips_test_vectors.o
ECC_OBJECTS = $(ECC_COBJECTS) $(ECC_PSR_OBJECTS)
MPI_OBJECTS = $(MPI_COBJECTS) $(MPI_PSR_OBJECTS)
diff --git a/usr/src/tools/Makefile b/usr/src/tools/Makefile
index 028ae314e0..e0ed863986 100644
--- a/usr/src/tools/Makefile
+++ b/usr/src/tools/Makefile
@@ -53,7 +53,8 @@ COMMON_SUBDIRS= \
# special versions of commands for use only in build
#
UNSHIPPED_SUBDIRS = \
- elfsign
+ elfsign \
+ fips_addchecksum
sparc_SUBDIRS= \
chk4ubin \
diff --git a/usr/src/tools/fips_addchecksum/Makefile b/usr/src/tools/fips_addchecksum/Makefile
new file mode 100644
index 0000000000..1140379e38
--- /dev/null
+++ b/usr/src/tools/fips_addchecksum/Makefile
@@ -0,0 +1,65 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+#
+# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+#
+#
+
+CRYPTODIR = $(SRC)/common/crypto
+
+PROG = fips_addchecksum
+OBJS = fips_addchecksum.o fips_checksum.o
+SRCS = $(OBJS:.o=.c)
+LINTFILES = $(OBJS:.o=.ln)
+
+include ../Makefile.tools
+
+INCS += -I $(CRYPTODIR)
+
+CFLAGS += $(CCVERBOSE) $(INCS)
+LINTFLAGS += $(INCS)
+
+LDLIBS += -lmd -lelf
+
+.KEEP_STATE:
+
+all: $(PROG)
+
+$(PROG): $(OBJS)
+ $(LINK.c) $(OBJS) -o $@ $(LDLIBS) $(DYNFLAGS)
+ $(POST_PROCESS)
+
+%.o: $(CRYPTODIR)/fips/%.c
+ $(COMPILE.c) $(CFLAGS) -o $@ -c $<
+
+
+install: all $(ROOTPROG)
+
+clean:
+ $(RM) -f $(OBJS) $(PROG) $(LINTFILES)
+
+%.ln: $(CRYPTODIR)/fips/%.c
+ $(LINT.c) -c $<
+
+lint: $(LINTFILES)
+ $(LINT) $(LINTFLAGS) $(LINTFILES) $(LDLIBS)
+
+include $(SRC)/cmd/Makefile.targ
diff --git a/usr/src/uts/Makefile.uts b/usr/src/uts/Makefile.uts
index bc90d534a2..ce2148c475 100644
--- a/usr/src/uts/Makefile.uts
+++ b/usr/src/uts/Makefile.uts
@@ -674,3 +674,9 @@ PRIVS_DEF = $(SRC)/uts/common/os/priv_defs
#
USBDEVS_AWK = $(SRC)/uts/common/io/usb/usbdevs2h.awk
USBDEVS_DATA = $(SRC)/uts/common/io/usb/usbdevs
+
+#
+# FIPS140 Self Integrity Check Command for HW Crypto modules
+#
+FIPS140_CMDDIR = $(SRC)/tools/fips_addchecksum
+FIPS140_CHECK = $(FIPS140_CMDDIR)/fips_addchecksum $(BINARY)
diff --git a/usr/src/uts/common/Makefile.files b/usr/src/uts/common/Makefile.files
index 0cf13ebeee..7a4e3ab1d8 100644
--- a/usr/src/uts/common/Makefile.files
+++ b/usr/src/uts/common/Makefile.files
@@ -1517,7 +1517,8 @@ KCF_OBJS += kcf.o kcf_callprov.o kcf_cbufcall.o kcf_cipher.o kcf_crypto.o \
kcf_keys.o kcf_mac.o kcf_mech_tabs.o kcf_miscapi.o \
kcf_object.o kcf_policy.o kcf_prov_lib.o kcf_prov_tabs.o \
kcf_sched.o kcf_session.o kcf_sign.o kcf_spi.o kcf_verify.o \
- kcf_random.o modes.o ecb.o cbc.o ctr.o ccm.o gcm.o fips_random.o
+ kcf_random.o modes.o ecb.o cbc.o ctr.o ccm.o gcm.o \
+ fips_random.o fips_checksum.o fips_test_vectors.o
CRYPTOADM_OBJS += cryptoadm.o
diff --git a/usr/src/uts/common/bignum/bignum_mod.c b/usr/src/uts/common/bignum/bignum_mod.c
index 7ef8113537..938eb50d48 100644
--- a/usr/src/uts/common/bignum/bignum_mod.c
+++ b/usr/src/uts/common/bignum/bignum_mod.c
@@ -19,19 +19,16 @@
* CDDL HEADER END
*/
/*
- * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
*/
-#pragma ident "%Z%%M% %I% %E% SMI"
-
#include <sys/types.h>
#include <sys/systm.h>
#include <sys/modctl.h>
#include <sys/cmn_err.h>
#include <sys/ddi.h>
-
+#include <fips/fips_checksum.h>
extern struct mod_ops mod_cryptoops;
@@ -64,3 +61,14 @@ _info(struct modinfo *modinfop)
{
return (mod_info(&modlinkage, modinfop));
}
+
+int
+bignum_fips_check()
+{
+ if (fips_check_module("misc/bignum", (void *)_init) != 0) {
+ cmn_err(CE_WARN, "bignum: FIPS-140 Software Integrity Test "
+ "failed");
+ return (EINVAL);
+ }
+ return (0);
+}
diff --git a/usr/src/uts/intel/bignum/Makefile b/usr/src/uts/intel/bignum/Makefile
index 71a396f2fe..a7d2760596 100644
--- a/usr/src/uts/intel/bignum/Makefile
+++ b/usr/src/uts/intel/bignum/Makefile
@@ -19,10 +19,7 @@
# CDDL HEADER END
#
#
-# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
-#
-#ident "%Z%%M% %I% %E% SMI"
+# Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
#
# This makefile drives the production of the RSA KEF provider.
#
@@ -34,6 +31,7 @@
#
UTSBASE = ../..
BIGNUMDIR = $(COMMONBASE)/bignum
+CRYPTODIR = $(COMMONBASE)/crypto
#
# Define the module and object file sets.
@@ -62,9 +60,9 @@ INSTALL_TARGET = $(BINARY) $(ROOTMODULE)
#
# Linkage dependencies
#
-LDFLAGS += -dy
+LDFLAGS += -dy -Nmisc/kcf
-CPPFLAGS += -I$(BIGNUMDIR)
+CPPFLAGS += -I$(BIGNUMDIR) -I$(CRYPTODIR)
#
# Default build targets.
diff --git a/usr/src/uts/sparc/bignum/Makefile b/usr/src/uts/sparc/bignum/Makefile
index e71ef2d772..76892e18be 100644
--- a/usr/src/uts/sparc/bignum/Makefile
+++ b/usr/src/uts/sparc/bignum/Makefile
@@ -19,10 +19,8 @@
# CDDL HEADER END
#
#
-# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
#
-#ident "%Z%%M% %I% %E% SMI"
#
# This makefile drives the production of the misx/bignum module.
#
@@ -33,6 +31,7 @@
# Path to the base of the uts directory tree (usually /usr/src/uts).
#
UTSBASE = ../..
+CRYPTODIR = $(COMMONBASE)/crypto
COM1_DIR = $(COMMONBASE)/bignum
#
@@ -49,6 +48,12 @@ ROOTMODULE = $(ROOT_MISC_DIR)/$(MODULE)
include $(UTSBASE)/sparc/Makefile.sparc
#
+# FIPS-140 Self Integrity Test
+#
+POST_PROCESS += ; $(FIPS140_CHECK)
+
+
+#
# Define targets
#
ALL_TARGET = $(BINARY)
@@ -58,14 +63,14 @@ INSTALL_TARGET = $(BINARY) $(ROOTMODULE)
#
# Linkage dependencies
#
-LDFLAGS += -dy
+LDFLAGS += -dy -Nmisc/kcf
#
# lint pass one enforcement
#
-CFLAGS += $(CCVERBOSE) -I$(COM1_DIR)
+CFLAGS += $(CCVERBOSE) -I$(CRYPTODIR) -I$(COM1_DIR)
CFLAGS += -DUMUL64
-LINTFLAGS += -I$(COM1_DIR)
+LINTFLAGS += -I$(CRYPTODIR) -I$(COM1_DIR)
#
diff --git a/usr/src/uts/sun4u/bignum/Makefile b/usr/src/uts/sun4u/bignum/Makefile
index e1bd7658da..68bec2efe5 100644
--- a/usr/src/uts/sun4u/bignum/Makefile
+++ b/usr/src/uts/sun4u/bignum/Makefile
@@ -18,9 +18,7 @@
#
# CDDL HEADER END
#
-#
-# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
#
# This makefile drives the production of the misc/bignum module.
#
@@ -31,6 +29,7 @@
# Path to the base of the uts directory tree (usually /usr/src/uts).
#
UTSBASE = ../..
+CRYPTODIR = $(COMMONBASE)/crypto
COM1_DIR = $(COMMONBASE)/bignum
#
@@ -56,14 +55,14 @@ INSTALL_TARGET = $(BINARY) $(ROOTMODULE)
#
# Linkage dependencies
#
-LDFLAGS += -dy
+LDFLAGS += -dy -Nmisc/kcf
#
# lint pass one enforcement
#
-CFLAGS += $(CCVERBOSE) -I$(COM1_DIR)
+CFLAGS += $(CCVERBOSE) -I$(CRYPTODIR) -I$(COM1_DIR)
CFLAGS += -DUMUL64 -DUSE_FLOATING_POINT
-LINTFLAGS += -I$(COM1_DIR)
+LINTFLAGS += -I$(CRYPTODIR) -I$(COM1_DIR)
#
# Default build targets.
diff --git a/usr/src/uts/sun4v/Makefile.files b/usr/src/uts/sun4v/Makefile.files
index d8b201668f..c5632bf5fc 100644
--- a/usr/src/uts/sun4v/Makefile.files
+++ b/usr/src/uts/sun4v/Makefile.files
@@ -20,8 +20,7 @@
#
#
-# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
#
# This Makefile defines all file modules for the directory uts/sun4v
# and it's children. These are the source files which are sun4v
@@ -126,7 +125,7 @@ TRAPSTAT_OBJS += trapstat.o
NIUMX_OBJS += niumx.o niumx_tools.o
N2RNG_OBJS += n2rng.o n2rng_debug.o n2rng_hcall.o n2rng_kcf.o \
n2rng_entp_algs.o n2rng_entp_setup.o n2rng_kstat.o \
- n2rng_provider.o
+ n2rng_provider.o n2rng_post.o
#
# CPU/Memory Error Injector (memtest) sun4v driver
diff --git a/usr/src/uts/sun4v/io/n2rng/n2rng.c b/usr/src/uts/sun4v/io/n2rng/n2rng.c
index f214a106a5..90b64d1359 100644
--- a/usr/src/uts/sun4v/io/n2rng/n2rng.c
+++ b/usr/src/uts/sun4v/io/n2rng/n2rng.c
@@ -19,8 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
*/
@@ -48,6 +47,7 @@
#include <sys/machsystm.h>
#include <sys/hypervisor_api.h>
#include <sys/n2rng.h>
+#include <fips/fips_checksum.h>
static int n2rng_attach(dev_info_t *, ddi_attach_cmd_t);
static int n2rng_detach(dev_info_t *, ddi_detach_cmd_t);
@@ -300,6 +300,17 @@ n2rng_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
goto errorexit;
}
+ if (n2rng->n_is_fips == B_TRUE) {
+ /*
+ * FIPs Post test: Feed the known seed and make sure it
+ * produces the known random number.
+ */
+ if (n2rng_fips_rng_post() != CRYPTO_SUCCESS) {
+ n2rng_diperror(dip, "n2rng: FIPs POST test failed\n");
+ goto errorexit;
+ }
+ }
+
return (DDI_SUCCESS);
errorexit:
@@ -1065,6 +1076,11 @@ n2rng_init_ctl(n2rng_t *n2rng)
DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS, "hc_seconds",
RNG_DEFAULT_HC_SECS);
+ /* get fips configuration : FALSE by default */
+ n2rng->n_is_fips = ddi_getprop(DDI_DEV_T_ANY, n2rng->n_dip,
+ DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS,
+ N2RNG_FIPS_STRING, B_FALSE);
+
/* API versions prior to 2.0 do not support health checks */
if ((n2rng->n_hvapi_major_version < 2) &&
(n2rng->n_ctl_data->n_hc_secs > 0)) {
@@ -1075,6 +1091,16 @@ n2rng_init_ctl(n2rng_t *n2rng)
n2rng->n_ctl_data->n_hc_secs = 0;
}
+
+ if (n2rng->n_is_fips == B_TRUE) {
+ /* When in FIPs mode, run the module integrity test */
+ if (fips_check_module("drv/n2rng", (void *)_init) != 0) {
+ cmn_err(CE_WARN, "n2rng: FIPs Software Integrity Test "
+ "failed\n");
+ return (DDI_FAILURE);
+ }
+ }
+
/* Calculate watchdog timeout value */
if (n2rng->n_ctl_data->n_hc_secs <= 0) {
n2rng->n_ctl_data->n_watchdog_cycles = 0;
diff --git a/usr/src/uts/sun4v/io/n2rng/n2rng_post.c b/usr/src/uts/sun4v/io/n2rng/n2rng_post.c
new file mode 100644
index 0000000000..ae3780b50a
--- /dev/null
+++ b/usr/src/uts/sun4v/io/n2rng/n2rng_post.c
@@ -0,0 +1,74 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/errno.h>
+#include <sys/kmem.h>
+#include <sys/systm.h>
+#include <sys/sha1.h>
+#include <sys/crypto/common.h>
+#include <sys/cmn_err.h>
+#include <rng/fips_random.h>
+
+
+int
+n2rng_fips_rng_post(void)
+{
+ static uint8_t XKeyValue[] = {
+ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00
+ };
+
+ static uint8_t XSeed[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00
+ };
+
+ static uint8_t rng_known_GENX[] = {
+ 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d,
+ 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90,
+ 0xaf, 0xd8, 0x07, 0x09
+ };
+
+ uint8_t GENX[SHA1_HASH_SIZE];
+ uint8_t XKey[SHA1_HASH_SIZE];
+
+ (void) memcpy(XKey, XKeyValue, SHA1_HASH_SIZE);
+
+ /* Generate X with a known seed. */
+ fips_random_inner(
+ (uint32_t *)(void *)XKey,
+ (uint32_t *)(void *)GENX,
+ (uint32_t *)(void *)XSeed);
+
+ /* Verify GENX to perform the RNG integrity check */
+ if ((memcmp(GENX, rng_known_GENX, (SHA1_HASH_SIZE)) != 0))
+ return (CRYPTO_DEVICE_ERROR);
+ else
+ return (CRYPTO_SUCCESS);
+}
diff --git a/usr/src/uts/sun4v/io/n2rng/n2rng_provider.c b/usr/src/uts/sun4v/io/n2rng/n2rng_provider.c
index 3a596d5e63..6c50d14923 100644
--- a/usr/src/uts/sun4v/io/n2rng/n2rng_provider.c
+++ b/usr/src/uts/sun4v/io/n2rng/n2rng_provider.c
@@ -19,8 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#include <sys/types.h>
@@ -141,7 +140,35 @@ fips_random(n2rng_t *n2rng, uint8_t *out, size_t nbytes)
/* nbytes - i is bytes to go */
fips_random_inner(frsp->XKEY, tempout, entropy.as32);
- bcopy(tempout, &out[i], min(nbytes - i, SHA1BYTES));
+
+ /*
+ * Compare last round with the results of this round, fail
+ * if identical. Save for next round.
+ */
+ if (n2rng->n_is_fips == B_TRUE) {
+ uint32_t differ = 0;
+ int j;
+
+ for (j = 0; j < 5; j++) {
+ differ |= tempout[j] ^ frsp->x_jminus1[j];
+ frsp->x_jminus1[j] = tempout[j];
+ }
+ if (differ == 0) {
+ /*
+ * If differ == 0, the RNG produced the same
+ * answer twice. By FIPS 140-2 Section 4.9 we
+ * must enter an error state.
+ */
+ mutex_exit(&frsp->mtx);
+ n2rng_failure(n2rng);
+ cmn_err(CE_WARN,
+ "n2rng: Continuous random number generator"
+ " test of FIPS-140 RNG failed.");
+ return (EIO);
+ }
+ }
+
+ bcopy(tempout, &out[i], min(nbytes - i, SHA1BYTES));
mutex_exit(&frsp->mtx);
}
@@ -171,6 +198,7 @@ n2rng_fips_random_init(n2rng_t *n2rng, fipsrandomstruct_t *frsp)
*/
int rv;
+ static uint32_t FIPS_RNG_NO_USER_INPUT[] = {0, 0, 0, 0, 0};
rv = n2rng_getentropy(n2rng, (void *)frsp->XKEY, ROUNDUP(SHA1BYTES, 8));
if (rv) {
@@ -179,6 +207,9 @@ n2rng_fips_random_init(n2rng_t *n2rng, fipsrandomstruct_t *frsp)
frsp->entropyhunger = 0;
mutex_init(&frsp->mtx, NULL, MUTEX_DRIVER, NULL);
+ /* compute the first (compare only) random value */
+ fips_random_inner(frsp->XKEY, frsp->x_jminus1, FIPS_RNG_NO_USER_INPUT);
+
return (0);
}
diff --git a/usr/src/uts/sun4v/n2rng/Makefile b/usr/src/uts/sun4v/n2rng/Makefile
index 7f448c0e20..5ef3bcc564 100644
--- a/usr/src/uts/sun4v/n2rng/Makefile
+++ b/usr/src/uts/sun4v/n2rng/Makefile
@@ -20,8 +20,7 @@
#
# uts/sun4v/n2rng/Makefile
#
-# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
#
#
#
@@ -51,6 +50,11 @@ CONF_SRCDIR = $(UTSBASE)/sun4v/io/n2rng
include $(UTSBASE)/sun4v/Makefile.sun4v
#
+# FIPS-140 Self Integrity Test
+#
+POST_PROCESS += ; $(FIPS140_CHECK)
+
+#
# Override defaults to build a unique, local modstubs.o.
#
MODSTUBS_DIR = $(OBJS_DIR)
diff --git a/usr/src/uts/sun4v/sys/n2rng.h b/usr/src/uts/sun4v/sys/n2rng.h
index 2ed06355d7..6545cccc13 100644
--- a/usr/src/uts/sun4v/sys/n2rng.h
+++ b/usr/src/uts/sun4v/sys/n2rng.h
@@ -19,8 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#ifndef _SYS_N2RNG_H
@@ -121,6 +120,11 @@ typedef struct {
#define N2RNG_NOANALOGOUT 0x2
/*
+ * n2rng: config variable in the n2rng.conf file
+ */
+#define N2RNG_FIPS_STRING "n2rng-fips-140"
+
+/*
* There can only be N2_RNG_FIPS_INSTANCES concurrent RNG requsts from
* the framework. Making this value large helps benchmarks. It
* should probably come from a conf file, but for now it is hard
@@ -134,6 +138,7 @@ struct fipsrandomstruct {
kmutex_t mtx;
uint64_t entropyhunger; /* RNGs generated with no entropy */
uint32_t XKEY[6]; /* one extra word for getentropy */
+ uint32_t x_jminus1[5]; /* store the last output */
};
typedef struct {
@@ -234,6 +239,7 @@ typedef struct n2rng {
md_t *n_mdp;
uint64_t n_sticks_per_usec;
ddi_taskq_t *n_taskq;
+ boolean_t n_is_fips;
} n2rng_t;
typedef kstat_named_t n2rng_kstat_bias_t[N2RNG_MAX_RNGS][N2RNG_NOSC];
@@ -366,6 +372,11 @@ uint64_t hv_rng_data_read_diag_v2(uint64_t data_pa,
size_t datalen, uint64_t rngid, uint64_t *tdelta);
uint64_t hv_rng_data_read(uint64_t data_pa, uint64_t *tdelta);
+/*
+ * n2rng_post.c
+ */
+int n2rng_fips_rng_post(void);
+
#endif /* _KERNEL */
#endif /* !_ASM */