diff options
author | Misaki Miyashita <Misaki.Miyashita@Oracle.COM> | 2010-07-28 07:22:57 -0700 |
---|---|---|
committer | Misaki Miyashita <Misaki.Miyashita@Oracle.COM> | 2010-07-28 07:22:57 -0700 |
commit | 32e0ab73531b6e6e8957e9ecdbbd42603865f2d0 (patch) | |
tree | 13bead85f694ef21f8d6900ede8b663cae461ab8 | |
parent | a1a4c722cd91922d6b5a06ca3629f5795961fc6a (diff) | |
download | illumos-gate-32e0ab73531b6e6e8957e9ecdbbd42603865f2d0.tar.gz |
6959099 T2 Crypto Drivers (ncp, n2cp, n2rng) need to implement self tests for FIPS 140-2 compliance
28 files changed, 3240 insertions, 529 deletions
diff --git a/usr/src/cmd/cmd-crypto/cryptoadm/Makefile b/usr/src/cmd/cmd-crypto/cryptoadm/Makefile index 4f9d7ed977..96626326eb 100644 --- a/usr/src/cmd/cmd-crypto/cryptoadm/Makefile +++ b/usr/src/cmd/cmd-crypto/cryptoadm/Makefile @@ -18,8 +18,7 @@ # # CDDL HEADER END # -# Copyright 2008 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. # PROG = cryptoadm @@ -29,6 +28,7 @@ OBJS = cryptoadm.o \ adm_kef.o \ adm_kef_ioctl.o \ adm_kef_util.o \ + adm_fips_hw.o \ adm_util.o \ start_stop.o \ adm_metaslot.o diff --git a/usr/src/cmd/cmd-crypto/cryptoadm/adm_fips_hw.c b/usr/src/cmd/cmd-crypto/cryptoadm/adm_fips_hw.c new file mode 100644 index 0000000000..58daa5303c --- /dev/null +++ b/usr/src/cmd/cmd-crypto/cryptoadm/adm_fips_hw.c @@ -0,0 +1,328 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ +/* + * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + */ + +#include <fcntl.h> +#include <stdio.h> +#include <stdlib.h> +#include <strings.h> +#include <unistd.h> +#include <locale.h> +#include <libgen.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <zone.h> +#include <sys/crypto/ioctladmin.h> +#include "cryptoadm.h" + +#define HW_CONF_DIR "/platform/sun4v/kernel/drv" + + +/* Get FIPS-140 status from .conf */ +int +fips_hw_status(char *filename, char *property, int *hw_fips_mode) +{ + FILE *pfile; + char buffer[BUFSIZ]; + char *str = NULL; + char *cursor = NULL; + + /* Open the .conf file */ + if ((pfile = fopen(filename, "r")) == NULL) { + cryptodebug("failed to open %s for write.", filename); + return (FAILURE); + } + + while (fgets(buffer, BUFSIZ, pfile) != NULL) { + if (buffer[0] == '#') { + /* skip comments */ + continue; + } + + /* find the property string */ + if ((str = strstr(buffer, property)) == NULL) { + /* didn't find the property string in this line */ + continue; + } + + cursor = strtok(str, "= ;"); + cursor = strtok(NULL, "= ;"); + if (cursor == NULL) { + cryptoerror(LOG_STDERR, gettext( + "Invalid config file contents: %s."), filename); + (void) fclose(pfile); + return (FAILURE); + } + *hw_fips_mode = atoi(cursor); + (void) fclose(pfile); + return (SUCCESS); + } + + /* + * If the fips property is not found in the config file, + * FIPS mode is false by default. + */ + *hw_fips_mode = CRYPTO_FIPS_MODE_DISABLED; + (void) fclose(pfile); + + return (SUCCESS); +} + +/* + * Update the HW .conf file with the updated entry. + */ +int +fips_update_hw_conf(char *filename, char *property, int action) +{ + FILE *pfile; + FILE *pfile_tmp; + char buffer[BUFSIZ]; + char buffer2[BUFSIZ]; + char *tmpfile_name = NULL; + char *str = NULL; + char *cursor = NULL; + int rc = SUCCESS; + boolean_t found = B_FALSE; + + /* Open the .conf file */ + if ((pfile = fopen(filename, "r+")) == NULL) { + cryptoerror(LOG_STDERR, + gettext("failed to update the configuration - %s"), + strerror(errno)); + cryptodebug("failed to open %s for write.", filename); + return (FAILURE); + } + + /* Lock the .conf file */ + if (lockf(fileno(pfile), F_TLOCK, 0) == -1) { + cryptoerror(LOG_STDERR, + gettext("failed to update the configuration - %s"), + strerror(errno)); + cryptodebug(gettext("failed to lock %s"), filename); + (void) fclose(pfile); + return (FAILURE); + } + + /* + * Create a temporary file to save updated configuration file first. + */ + tmpfile_name = tempnam(HW_CONF_DIR, NULL); + if ((pfile_tmp = fopen(tmpfile_name, "w")) == NULL) { + cryptoerror(LOG_STDERR, gettext("failed to open %s - %s"), + tmpfile_name, strerror(errno)); + free(tmpfile_name); + (void) fclose(pfile); + return (FAILURE); + } + + + /* + * Loop thru entire .conf file, update the entry to be + * updated and save the updated file to the temporary file first. + */ + while (fgets(buffer, BUFSIZ, pfile) != NULL) { + if (buffer[0] == '#') { + /* comments: write to the file without modification */ + goto write_to_tmp; + } + + (void) strlcpy(buffer2, buffer, BUFSIZ); + + /* find the property string */ + if ((str = strstr(buffer2, property)) == NULL) { + /* + * Didn't find the property string in this line. + * Write to the file without modification. + */ + goto write_to_tmp; + } + + found = B_TRUE; + + cursor = strtok(str, "= ;"); + cursor = strtok(NULL, "= ;"); + if (cursor == NULL) { + cryptoerror(LOG_STDERR, gettext( + "Invalid config file contents %s: %s."), + filename, strerror(errno)); + goto errorexit; + } + + cursor = buffer + (cursor - buffer2); + *cursor = (action == FIPS140_ENABLE) ? '1' : '0'; + +write_to_tmp: + + if (fputs(buffer, pfile_tmp) == EOF) { + cryptoerror(LOG_STDERR, gettext( + "failed to write to a temp file: %s."), + strerror(errno)); + goto errorexit; + } + } + + /* if the fips mode property is not specified, FALSE by default */ + if (found == B_FALSE) { + (void) snprintf(buffer, BUFSIZ, "%s=%c;\n", + property, (action == FIPS140_ENABLE) ? '1' : '0'); + if (fputs(buffer, pfile_tmp) == EOF) { + cryptoerror(LOG_STDERR, gettext( + "failed to write to a tmp file: %s."), + strerror(errno)); + goto errorexit; + } + } + + (void) fclose(pfile); + if (fclose(pfile_tmp) != 0) { + cryptoerror(LOG_STDERR, + gettext("failed to close %s: %s"), tmpfile_name, + strerror(errno)); + free(tmpfile_name); + return (FAILURE); + } + + /* Copy the temporary file to the .conf file */ + if (rename(tmpfile_name, filename) == -1) { + cryptoerror(LOG_STDERR, + gettext("failed to update the configuration - %s"), + strerror(errno)); + cryptodebug("failed to rename %s to %s: %s", tmpfile_name, + filename, strerror(errno)); + rc = FAILURE; + } else if (chmod(filename, + S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) { + cryptoerror(LOG_STDERR, + gettext("failed to update the configuration - %s"), + strerror(errno)); + cryptodebug("failed to chmod to %s: %s", filename, + strerror(errno)); + rc = FAILURE; + } else { + rc = SUCCESS; + } + + if ((rc == FAILURE) && (unlink(tmpfile_name) != 0)) { + cryptoerror(LOG_STDERR, gettext( + "(Warning) failed to remove %s: %s"), + tmpfile_name, strerror(errno)); + } + + free(tmpfile_name); + return (rc); + +errorexit: + (void) fclose(pfile); + (void) fclose(pfile_tmp); + free(tmpfile_name); + + return (FAILURE); +} + + +/* + * Perform the FIPS related actions + */ +int +do_fips_hw_actions(int action, int provider) +{ + int rc = SUCCESS; + int fips_mode = 0; + char *filename; + char *propname; + char *provname; + + switch (provider) { + case HW_PROVIDER_NCP: + filename = "/platform/sun4v/kernel/drv/ncp.conf"; + propname = "ncp-fips-140"; + provname = "ncp"; + break; + case HW_PROVIDER_N2CP: + filename = "/platform/sun4v/kernel/drv/n2cp.conf"; + propname = "n2cp-fips-140"; + provname = "n2cp"; + break; + case HW_PROVIDER_N2RNG: + filename = "/platform/sun4v/kernel/drv/n2rng.conf"; + propname = "n2rng-fips-140"; + provname = "n2rng"; + break; + default: + (void) printf(gettext("Internal Error: Invalid HW " + "provider [%d] specified.\n")); + return (FAILURE); + } + + /* Get FIPS-140 status from .conf */ + if (fips_hw_status(filename, propname, &fips_mode) != SUCCESS) { + return (FAILURE); + } + + if (action == FIPS140_STATUS) { + if (fips_mode == CRYPTO_FIPS_MODE_ENABLED) + (void) printf(gettext( + "%s: FIPS-140 mode is enabled.\n"), provname); + else + (void) printf(gettext( + "%s: FIPS-140 mode is disabled.\n"), provname); + return (SUCCESS); + } + + /* Is it a duplicate operation? */ + if ((action == FIPS140_ENABLE) && + (fips_mode == CRYPTO_FIPS_MODE_ENABLED)) { + (void) printf( + gettext("%s: FIPS-140 mode has already been enabled.\n"), + provname); + return (FAILURE); + } + + if ((action == FIPS140_DISABLE) && + (fips_mode == CRYPTO_FIPS_MODE_DISABLED)) { + (void) printf( + gettext("%s: FIPS-140 mode has already been disabled.\n"), + provname); + return (FAILURE); + } + + if ((action == FIPS140_ENABLE) || (action == FIPS140_DISABLE)) { + /* Update .conf */ + if ((rc = fips_update_hw_conf(filename, propname, action)) + != SUCCESS) + return (rc); + } + + /* No need to inform kernel */ + if (action == FIPS140_ENABLE) { + (void) printf(gettext( + "%s: FIPS-140 mode was enabled successfully.\n"), + provname); + } else { + (void) printf(gettext( + "%s: FIPS-140 mode was disabled successfully.\n"), + provname); + } + + return (SUCCESS); +} diff --git a/usr/src/cmd/cmd-crypto/cryptoadm/adm_kef_ioctl.c b/usr/src/cmd/cmd-crypto/cryptoadm/adm_kef_ioctl.c index f9130423a6..13f03f4d61 100644 --- a/usr/src/cmd/cmd-crypto/cryptoadm/adm_kef_ioctl.c +++ b/usr/src/cmd/cmd-crypto/cryptoadm/adm_kef_ioctl.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <fcntl.h> @@ -31,6 +30,7 @@ #include <locale.h> #include <libgen.h> #include <sys/types.h> +#include <sys/varargs.h> #include <zone.h> #include <sys/crypto/ioctladmin.h> #include "cryptoadm.h" @@ -38,8 +38,44 @@ #define DEFAULT_DEV_NUM 5 #define DEFAULT_SOFT_NUM 10 +#define NUM_FIPS_SW_PROV \ + (sizeof (fips_sw_providers) / sizeof (char *)) + +static char *fips_sw_providers[] = { + "des", + "aes", + "ecc", + "sha1", + "sha2", + "rsa", + "swrand" +}; + static crypto_get_soft_info_t *setup_get_soft_info(char *, int); +static void +fips_sw_printf(const char *format, ...) +{ + va_list ap; + char message[1024]; + int i; + + va_start(ap, format); + (void) snprintf(message, sizeof (message), format, ap); + va_end(ap); + + (void) printf(gettext("\nUser-level providers:\n")); + (void) printf(gettext("=====================\n")); + (void) printf(gettext("/usr/lib/security/$ISA/pkcs11_softtoken: %s\n"), + message); + (void) printf(gettext("\nKernel software providers:\n")); + (void) printf(gettext("==========================\n")); + for (i = 0; i < NUM_FIPS_SW_PROV; i++) { + (void) printf(gettext("%s: %s\n"), + fips_sw_providers[i], message); + } +} + /* * Prepare the argument for the LOAD_SOFT_CONFIG ioctl call for the * provider pointed by pent. Return NULL if out of memory. @@ -623,11 +659,9 @@ do_fips_actions(int action, int caller) if (action == FIPS140_STATUS) { if (pkcs11_fips_mode == CRYPTO_FIPS_MODE_ENABLED) - (void) printf(gettext( - "\tFIPS-140 mode is enabled.\n")); + fips_sw_printf(gettext("FIPS-140 mode is enabled.")); else - (void) printf(gettext( - "\tFIPS-140 mode is disabled.\n")); + fips_sw_printf(gettext("FIPS-140 mode is disabled.")); return (SUCCESS); } @@ -635,17 +669,15 @@ do_fips_actions(int action, int caller) /* Is it a duplicate operation? */ if ((action == FIPS140_ENABLE) && (pkcs11_fips_mode == CRYPTO_FIPS_MODE_ENABLED)) { - cryptoerror(LOG_STDERR, - gettext("FIPS-140 mode has already " - "been enabled.\n")); + fips_sw_printf(gettext("FIPS-140 mode has already " + "been enabled.")); return (FAILURE); } if ((action == FIPS140_DISABLE) && (pkcs11_fips_mode == CRYPTO_FIPS_MODE_DISABLED)) { - cryptoerror(LOG_STDERR, - gettext("FIPS-140 mode has already " - "been disabled.\n")); + fips_sw_printf(gettext("FIPS-140 mode has already " + "been disabled.")); return (FAILURE); } @@ -657,17 +689,13 @@ do_fips_actions(int action, int caller) /* No need to inform kernel */ if (action == FIPS140_ENABLE) { - (void) printf(gettext( - "FIPS-140 mode was enabled successfully.\n")); + fips_sw_printf(gettext("FIPS-140 mode was enabled " + "successfully.")); } else { - (void) printf(gettext( - "FIPS-140 mode was disabled successfully.\n")); + fips_sw_printf(gettext("FIPS-140 mode was disabled " + "successfully.")); } - (void) printf(gettext( - "The FIPS-140 mode has changed.\n")); - (void) printf(gettext( - "The system will require a reboot.\n\n")); return (SUCCESS); } diff --git a/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.c b/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.c index 1dd7ed669e..7c1a5778e2 100644 --- a/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.c +++ b/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ @@ -550,11 +549,26 @@ do_list(int argc, char **argv) if ((argc == 3) && (strncmp(argv[2], FIPS_KEYWORD, strlen(FIPS_KEYWORD))) == 0) { + int success_count = 0; /* * cryptoadm list fips-140 */ rc = do_fips_actions(FIPS140_STATUS, NOT_REFRESH); - return (rc); + if (rc == SUCCESS) + success_count++; + (void) printf(gettext("\nKernel hardware providers:\n")); + (void) printf(gettext("=========================:\n")); + rc = do_fips_hw_actions(FIPS140_STATUS, HW_PROVIDER_NCP); + if (rc == SUCCESS) + success_count++; + rc = do_fips_hw_actions(FIPS140_STATUS, HW_PROVIDER_N2CP); + if (rc == SUCCESS) + success_count++; + rc = do_fips_hw_actions(FIPS140_STATUS, HW_PROVIDER_N2RNG); + if (rc == SUCCESS) + success_count++; + /* succeed to get status from config file? */ + return ((success_count > 0) ? SUCCESS: FAILURE); } argc -= 1; @@ -741,11 +755,34 @@ do_disable(int argc, char **argv) if ((argc == 3) && (strncmp(argv[2], FIPS_KEYWORD, strlen(FIPS_KEYWORD))) == 0) { + int success_count = 0; /* * cryptoadm disable fips-140 */ rc = do_fips_actions(FIPS140_DISABLE, NOT_REFRESH); - return (rc); + if (rc == SUCCESS) + success_count++; + (void) printf(gettext("\nKernel hardware providers:\n")); + (void) printf(gettext("=========================:\n")); + rc = do_fips_hw_actions(FIPS140_DISABLE, HW_PROVIDER_NCP); + if (rc == SUCCESS) + success_count++; + rc = do_fips_hw_actions(FIPS140_DISABLE, HW_PROVIDER_N2CP); + if (rc == SUCCESS) + success_count++; + rc = do_fips_hw_actions(FIPS140_DISABLE, HW_PROVIDER_N2RNG); + if (rc == SUCCESS) + success_count++; + + if (success_count > 0) { + (void) printf(gettext( + "\nThe FIPS-140 mode has changed.\n")); + (void) printf(gettext( + "The system will require a reboot.\n")); + return (SUCCESS); + } else { + return (FAILURE); + } } if ((argc < 3) || (argc > 5)) { @@ -869,11 +906,34 @@ do_enable(int argc, char **argv) if ((argc == 3) && (strncmp(argv[2], FIPS_KEYWORD, strlen(FIPS_KEYWORD))) == 0) { + int success_count = 0; /* * cryptoadm enable fips-140 */ rc = do_fips_actions(FIPS140_ENABLE, NOT_REFRESH); - return (rc); + if (rc == SUCCESS) + success_count++; + (void) printf(gettext("\nKernel hardware providers:\n")); + (void) printf(gettext("=========================:\n")); + rc = do_fips_hw_actions(FIPS140_ENABLE, HW_PROVIDER_NCP); + if (rc == SUCCESS) + success_count++; + rc = do_fips_hw_actions(FIPS140_ENABLE, HW_PROVIDER_N2CP); + if (rc == SUCCESS) + success_count++; + rc = do_fips_hw_actions(FIPS140_ENABLE, HW_PROVIDER_N2RNG); + if (rc == SUCCESS) + success_count++; + + if (success_count > 0) { + (void) printf(gettext( + "\nThe FIPS-140 mode has changed.\n")); + (void) printf(gettext( + "The system will require a reboot.\n")); + return (SUCCESS); + } else { + return (FAILURE); + } } if ((argc < 3) || (argc > 6)) { diff --git a/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.h b/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.h index 6b197d9e3d..d01f21275e 100644 --- a/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.h +++ b/usr/src/cmd/cmd-crypto/cryptoadm/cryptoadm.h @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ #ifndef _CRYPTOADM_H @@ -40,6 +39,10 @@ extern "C" { #define ERROR_USAGE 2 +#define HW_PROVIDER_NCP 1 +#define HW_PROVIDER_N2CP 2 +#define HW_PROVIDER_N2RNG 3 + /* * Common keywords and delimiters for pkcs11.conf and kcf.conf files are * defined in usr/lib/libcryptoutil/common/cryptoutil.h. The following is @@ -178,6 +181,9 @@ extern int disable_metaslot(mechlist_t *, boolean_t, boolean_t); extern int enable_metaslot(char *, char *, boolean_t, mechlist_t *, boolean_t, boolean_t); +/* adm_hw */ +extern int do_fips_hw_actions(int, int); + #ifdef __cplusplus } #endif diff --git a/usr/src/common/bignum/bignum.h b/usr/src/common/bignum/bignum.h index bec0a40ff8..fa659e244c 100644 --- a/usr/src/common/bignum/bignum.h +++ b/usr/src/common/bignum/bignum.h @@ -130,7 +130,6 @@ void mont_mulf_noconv(uint32_t *result, double *dm1, double *dm2, double *dt, extern BIGNUM big_One; extern BIGNUM big_Two; - void printbignum(char *aname, BIGNUM *a); BIG_ERR_CODE big_init(BIGNUM *number, int size); @@ -174,6 +173,11 @@ int big_is_zero(BIGNUM *n); BIG_CHUNK_TYPE big_n0(BIG_CHUNK_TYPE n); +/* + * Kernel bignum module: module integrity test + */ +extern int bignum_fips_check(void); + #if defined(HWCAP) #if (BIG_CHUNK_SIZE != 32) diff --git a/usr/src/common/crypto/fips/fips_addchecksum.c b/usr/src/common/crypto/fips/fips_addchecksum.c new file mode 100644 index 0000000000..76045ff4b7 --- /dev/null +++ b/usr/src/common/crypto/fips/fips_addchecksum.c @@ -0,0 +1,256 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + */ + +#include <ctype.h> +#include <unistd.h> +#include <sys/types.h> +#include <fcntl.h> +#include <stdio.h> +#include <libelf.h> +#include <gelf.h> +#include <stdlib.h> +#include <string.h> +#include <sha1.h> +#include <sys/elf_SPARC.h> +#include <fips/fips_checksum.h> + + +#define FAIL_EXIT \ + (void) fprintf(stderr, "failure at line %d\n", __LINE__); \ + return (-1) + +static const char fips_section_name[] = ".SUNW_fips"; + +static int +add_fips_section(int fd) +{ + Elf64_Ehdr *ehdrp; + Elf64_Shdr *section; + Elf *elf; + Elf_Scn *scn, *shstrtab_scn, *fips_scn = NULL; + Elf_Data *shstrtab_data; + Elf_Data *sdata; + unsigned int cnt, old_size, new_size; + char *sname, *newbuf; + + /* Obtain the ELF descriptor */ + (void) elf_version(EV_CURRENT); + if ((elf = elf_begin(fd, ELF_C_RDWR, NULL)) == NULL) { + FAIL_EXIT; + } + + if ((ehdrp = elf64_getehdr(elf)) == NULL) { + FAIL_EXIT; + } else if ((shstrtab_scn = elf_getscn(elf, ehdrp->e_shstrndx)) == + NULL) { + FAIL_EXIT; + } else if ((shstrtab_data = elf_getdata(shstrtab_scn, NULL)) == NULL) { + FAIL_EXIT; + } + + /* Traverse input file to see if the fips section already exists */ + for (cnt = 1, scn = NULL; scn = elf_nextscn(elf, scn); cnt++) { + if ((section = elf64_getshdr(scn)) == NULL) { + FAIL_EXIT; + } + sname = (char *)shstrtab_data->d_buf + section->sh_name; + if (strcmp(sname, fips_section_name) == 0) { + /* + * If the fips section already exists, make sure that + * the section is large enough. + */ + fips_scn = scn; + if ((sdata = elf_getdata(scn, NULL)) == NULL) { + FAIL_EXIT; + } + if (sdata->d_size < SHA1_DIGEST_LENGTH) { + newbuf = malloc(SHA1_DIGEST_LENGTH); + sdata->d_size = SHA1_DIGEST_LENGTH; + sdata->d_buf = newbuf; + } + (void) elf_flagdata(sdata, ELF_C_SET, ELF_F_DIRTY); + (void) elf_flagscn(scn, ELF_C_SET, ELF_F_DIRTY); + (void) elf_flagelf(elf, ELF_C_SET, ELF_F_DIRTY); + } + } + + /* If the fips section does not exist, allocate the section. */ + if (fips_scn == NULL) { + Elf64_Shdr *shdr; + + /* add the section name at the end of the .shstrtab section */ + old_size = shstrtab_data->d_size; + new_size = old_size + strlen(fips_section_name) + 1; + if ((newbuf = malloc(new_size)) == NULL) { + FAIL_EXIT; + } + + (void) memcpy(newbuf, shstrtab_data->d_buf, old_size); + (void) strlcpy(newbuf + old_size, fips_section_name, + new_size - old_size); + shstrtab_data->d_buf = newbuf; + shstrtab_data->d_size = new_size; + shstrtab_data->d_align = 1; + if ((fips_scn = elf_newscn(elf)) == 0) { + FAIL_EXIT; + } + + /* Initialize the fips section */ + if ((shdr = elf64_getshdr(fips_scn)) == NULL) { + FAIL_EXIT; + } + /* + * sh_name is the starting position of the name + * within the shstrtab_data->d_buf buffer + */ + shdr->sh_name = old_size; + shdr->sh_type = SHT_SUNW_SIGNATURE; + shdr->sh_flags = SHF_EXCLUDE; + shdr->sh_addr = 0; + shdr->sh_link = 0; + shdr->sh_info = 0; + shdr->sh_size = 0; + shdr->sh_offset = 0; + shdr->sh_addralign = 1; + + if ((sdata = elf_newdata(fips_scn)) == NULL) { + FAIL_EXIT; + } + if (sdata->d_size < SHA1_DIGEST_LENGTH) { + newbuf = malloc(SHA1_DIGEST_LENGTH); + sdata->d_size = SHA1_DIGEST_LENGTH; + sdata->d_buf = newbuf; + } + (void) elf_flagdata(sdata, ELF_C_SET, ELF_F_DIRTY); + (void) elf_flagscn(fips_scn, ELF_C_SET, ELF_F_DIRTY); + (void) elf_flagelf(elf, ELF_C_SET, ELF_F_DIRTY); + } + (void) elf_update(elf, ELF_C_WRITE); + (void) elf_end(elf); + (void) close(fd); + + return (0); +} + +int +main(int argc, char **argv) +{ + Elf64_Ehdr ehdr; + Elf64_Ehdr *ehdrp; + Elf64_Shdr *section; + Elf *elf; + Elf_Scn *scn, *shstrtab_scn; + Elf_Data *shstrtab_data, *sdata; + int fd; + unsigned int size, i, cnt; + char sha1buf[SHA1_DIGEST_LENGTH]; + char *sname, *newbuf; + + if (argc != 2) { + (void) fprintf(stderr, "Usage: %s [filename]\n", argv[0]); + return (-1); + } + + /* Open the driver file */ + if ((fd = open(argv[1], O_RDWR)) == -1) { + goto errorexit; + } + + /* Read the ELF header */ + size = sizeof (ehdr); + if (fips_read_file(fd, (char *)(&ehdr), size, 0) < 0) { + goto errorexit; + } + + /* check if it is an ELF file */ + for (i = 0; i < SELFMAG; i++) { + if (ehdr.e_ident[i] != ELFMAG[i]) { + (void) fprintf(stderr, "%s not an elf file\n", argv[1]); + goto errorexit; + } + } + + if (add_fips_section(fd) < 0) { /* closes fd on success */ + goto errorexit; + } + + if ((fd = open(argv[1], O_RDWR)) == -1) { + FAIL_EXIT; + } + if (fips_read_file(fd, (char *)(&ehdr), size, 0) < 0) { + goto errorexit; + } + + /* calculate the file checksum */ + if (fips_calc_checksum(fd, &ehdr, sha1buf) < 0) { + goto errorexit; + } + + (void) elf_version(EV_CURRENT); + if ((elf = elf_begin(fd, ELF_C_RDWR, NULL)) == NULL) { + goto errorexit; + } + + if ((ehdrp = elf64_getehdr(elf)) == NULL) { + goto errorexit; + } else if ((shstrtab_scn = elf_getscn(elf, ehdrp->e_shstrndx)) == + NULL) { + goto errorexit; + } else if ((shstrtab_data = elf_getdata(shstrtab_scn, NULL)) == NULL) { + goto errorexit; + } + + /* Add the checksum to the fips section */ + for (cnt = 1, scn = NULL; scn = elf_nextscn(elf, scn); cnt++) { + if ((section = elf64_getshdr(scn)) == NULL) { + goto errorexit; + } + + sname = (char *)shstrtab_data->d_buf + section->sh_name; + if (strcmp(sname, fips_section_name) == 0) { + if ((sdata = elf_getdata(scn, NULL)) == NULL) { + goto errorexit; + } + + newbuf = sdata->d_buf; + (void) memcpy(newbuf, sha1buf, SHA1_DIGEST_LENGTH); + (void) elf_flagdata(sdata, ELF_C_SET, ELF_F_DIRTY); + (void) elf_flagscn(scn, ELF_C_SET, ELF_F_DIRTY); + (void) elf_flagelf(elf, ELF_C_SET, ELF_F_DIRTY); + } + } + (void) elf_update(elf, ELF_C_WRITE); + (void) elf_end(elf); + (void) close(fd); + + return (0); + + +errorexit: + + (void) close(fd); + + FAIL_EXIT; +} diff --git a/usr/src/common/crypto/fips/fips_aes_util.c b/usr/src/common/crypto/fips/fips_aes_util.c index 9e53da9d9c..7b6248dba2 100644 --- a/usr/src/common/crypto/fips/fips_aes_util.c +++ b/usr/src/common/crypto/fips/fips_aes_util.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <sys/types.h> @@ -32,6 +31,7 @@ #include <sys/crypto/common.h> #include <modes/modes.h> #define _AES_FIPS_POST +#include <fips/fips_test_vectors.h> #ifndef _KERNEL #include <stdlib.h> #include <string.h> @@ -869,51 +869,6 @@ decrypt_failed: int fips_aes_post(int aes_key_size) { - /* AES Known Key (up to 256-bits). */ - static uint8_t aes_known_key[] = { - "AES-128 RIJNDAELLEADNJIR 821-SEA" - }; - - /* AES-CBC Known Initialization Vector (128-bits). */ - static uint8_t aes_cbc_known_initialization_vector[] = - { "SecurityytiruceS" }; - - /* AES Known Plaintext (128-bits). (blocksize is 128-bits) */ - static uint8_t aes_known_plaintext[] = { "Sun Open Solaris" }; - - /* AES Known Ciphertext (128-bit key). */ - static uint8_t aes_ecb128_known_ciphertext[] = { - 0xcc, 0xd1, 0xd0, 0xf3, 0xfd, 0x44, 0xb1, 0x4d, - 0xfe, 0x33, 0x20, 0x72, 0x3c, 0xf3, 0x4d, 0x27 - }; - - static uint8_t aes_cbc128_known_ciphertext[] = { - 0x59, 0x34, 0x55, 0xd1, 0x89, 0x9b, 0xf4, 0xa5, - 0x16, 0x2c, 0x4c, 0x14, 0xd3, 0xe2, 0xe5, 0xed - }; - - /* AES Known Ciphertext (192-bit key). */ - static uint8_t aes_ecb192_known_ciphertext[] = { - 0xa3, 0x78, 0x10, 0x44, 0xd8, 0xee, 0x8a, 0x98, - 0x41, 0xa4, 0xeb, 0x96, 0x57, 0xd8, 0xa0, 0xc5 - }; - - static uint8_t aes_cbc192_known_ciphertext[] = { - 0x22, 0x9c, 0x68, 0xc6, 0x86, 0x68, 0xcc, 0x6a, - 0x56, 0x2c, 0xb8, 0xe0, 0x16, 0x4e, 0x8b, 0x78 - }; - - /* AES Known Ciphertext (256-bit key). */ - static uint8_t aes_ecb256_known_ciphertext[] = { - 0xe4, 0x65, 0x92, 0x7f, 0xd0, 0xdd, 0x59, 0x49, - 0x79, 0xc3, 0xac, 0x96, 0x30, 0xad, 0x32, 0x52 - }; - - static uint8_t aes_cbc256_known_ciphertext[] = { - 0xd9, 0x44, 0x43, 0xe8, 0xdb, 0x60, 0x6b, 0xde, - 0xc2, 0x84, 0xbf, 0xb9, 0xaf, 0x43, 0x3f, 0x51 - }; - uint8_t *aes_ecb_known_ciphertext = (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext : @@ -928,55 +883,6 @@ fips_aes_post(int aes_key_size) aes_cbc192_known_ciphertext : aes_cbc256_known_ciphertext; - /* AES-CTR Known Key (128-bits). */ - static uint8_t aes_ctr128_known_key[] = { - 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c - }; - - /* AES-CTR Known Key (192-bits). */ - static uint8_t aes_ctr192_known_key[] = { - 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, - 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, - 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b - }; - - /* AES-CTR Known Key (256-bits). */ - static uint8_t aes_ctr256_known_key[] = { - 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, - 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, - 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, - 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 - }; - - /* AES-CTR Known Initialization Counter (128-bits). */ - static uint8_t aes_ctr_known_counter[] = { - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff - }; - - /* AES-CTR Known Plaintext (128-bits). */ - static uint8_t aes_ctr_known_plaintext[] = { - 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a - }; - - /* AES-CTR Known Ciphertext. */ - static uint8_t aes_ctr128_known_ciphertext[] = { - 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, - 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce - }; - - static uint8_t aes_ctr192_known_ciphertext[] = { - 0x1a, 0xbc, 0x93, 0x24, 0x17, 0x52, 0x1c, 0xa2, - 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b - }; - - static uint8_t aes_ctr256_known_ciphertext[] = { - 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5, - 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28 - }; - uint8_t *aes_ctr_known_ciphertext = (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ctr128_known_ciphertext : @@ -992,129 +898,6 @@ fips_aes_post(int aes_key_size) aes_ctr256_known_key; #ifdef _KERNEL - /* AES-CCM Known Key (128-bits). */ - static uint8_t aes_ccm128_known_key[] = { - 0x06, 0xfd, 0xf0, 0x83, 0xb5, 0xcb, 0x3b, 0xc7, - 0xc0, 0x6d, 0x4d, 0xe5, 0xa6, 0x34, 0xc6, 0x50 - }; - - /* AES-CCM Known Key (192-bits). */ - static uint8_t aes_ccm192_known_key[] = { - 0xde, 0x91, 0x08, 0x63, 0xbe, 0x59, 0xb8, 0x7a, - 0x45, 0x9b, 0xa6, 0xce, 0x2d, 0x7e, 0x71, 0x56, - 0x1c, 0x5c, 0x15, 0xea, 0x1b, 0x6b, 0x05, 0x06 - }; - - /* AES-CCM Known Key (256-bits). */ - static uint8_t aes_ccm256_known_key[] = { - 0x84, 0x9c, 0x1d, 0xeb, 0x80, 0xf8, 0x5b, 0x7d, - 0x25, 0x33, 0x64, 0x75, 0x4b, 0xdc, 0x5d, 0xf0, - 0xe8, 0x1c, 0x98, 0x8a, 0x78, 0x8f, 0x15, 0xd1, - 0xa2, 0x52, 0x49, 0xfa, 0x18, 0x5e, 0x1f, 0xd3 - }; - - /* AES-CCM Known Nonce Nlen = 7 bytes (for 128-bits key). */ - static uint8_t aes_ccm128_known_nonce[] = { - 0xfd, 0xe2, 0xd5, 0x4c, 0x65, 0x4e, 0xe4 - }; - - /* AES-CCM Known Nonce Nlen = 7 bytes (192-bits). */ - static uint8_t aes_ccm192_known_nonce[] = { - 0xcf, 0xb3, 0x48, 0xfa, 0x04, 0x36, 0xa2 - }; - - /* AES-CCM Known Nonce Nlen = 7 bytes (256-bits). */ - static uint8_t aes_ccm256_known_nonce[] = { - 0x75, 0xa5, 0x5b, 0x58, 0x33, 0x9d, 0x1c - }; - - /* AES-CCM Known Adata Alen = 30 bytes (128-bits). */ - static uint8_t aes_ccm128_known_adata[] = { - 0xe0, 0xdf, 0xfc, 0x4c, 0x92, 0x90, 0xd8, 0x28, - 0xef, 0xe7, 0xc6, 0xbe, 0x4a, 0xbc, 0xd1, 0x3e, - 0x23, 0x61, 0x92, 0x2f, 0xfa, 0x27, 0xa4, 0x0e, - 0x61, 0x24, 0x58, 0x38, 0x55, 0x33 - }; - - /* AES-CCM Known Adata Alen = 30 bytes (192-bits). */ - static uint8_t aes_ccm192_known_adata[] = { - 0x4c, 0x5b, 0x4f, 0xfe, 0x80, 0xba, 0x7a, 0xe5, - 0xd3, 0xe8, 0xbc, 0xf6, 0x55, 0x83, 0xcf, 0x58, - 0xa2, 0x82, 0x59, 0x65, 0xba, 0xbd, 0x63, 0x53, - 0x0c, 0xb0, 0x0c, 0x14, 0xd4, 0x7b - }; - - /* AES-CCM Known Adata Alen = 30 bytes (256-bits). */ - static uint8_t aes_ccm256_known_adata[] = { - 0x27, 0xb7, 0xec, 0x91, 0x08, 0xe1, 0x4d, 0x12, - 0xd3, 0xd3, 0xb8, 0x49, 0x09, 0xde, 0xd0, 0x9a, - 0x8f, 0x23, 0xbf, 0xd6, 0x02, 0x9b, 0x2a, 0x5e, - 0x4a, 0x5a, 0x63, 0x8c, 0x72, 0x14 - }; - - /* AES-CCM Known Payload Plen = 32 bytes (128-bits). */ - static uint8_t aes_ccm128_known_plaintext[] = { - 0x77, 0xca, 0xdf, 0xa5, 0xb1, 0x23, 0xfe, 0x07, - 0x8d, 0xca, 0x94, 0xe2, 0x66, 0x3f, 0x73, 0xd0, - 0x3f, 0x0b, 0x4d, 0xc8, 0x05, 0xf6, 0x1c, 0xef, - 0x13, 0x79, 0xc0, 0xb1, 0xfc, 0x76, 0xea, 0x11 - }; - - /* AES-CCM Known Payload Plen = 32 bytes (192-bits). */ - static uint8_t aes_ccm192_known_plaintext[] = { - 0xf9, 0x8a, 0x58, 0x59, 0x44, 0x2d, 0x2a, 0xf9, - 0x65, 0x03, 0x36, 0x6d, 0x8a, 0x58, 0x29, 0xf9, - 0xef, 0x47, 0x44, 0x30, 0xf4, 0x7e, 0x0d, 0xcd, - 0x73, 0x41, 0x45, 0xdf, 0x50, 0xb2, 0x1b, 0x29 - }; - - /* AES-CCM Known Payload Plen = 32 bytes (256-bits). */ - static uint8_t aes_ccm256_known_plaintext[] = { - 0x25, 0x28, 0x3f, 0x05, 0x41, 0xd6, 0x66, 0x3b, - 0xdb, 0x8f, 0xe9, 0xe7, 0x7b, 0x06, 0xc0, 0xee, - 0xfe, 0xf6, 0xc9, 0x8b, 0x45, 0x08, 0x18, 0x4e, - 0x2e, 0xf7, 0x8e, 0x64, 0xc3, 0xf2, 0xad, 0x18 - }; - - /* - * AES-CCM Known Ciphertext - * Clen = 32 bytes + Tlen = 16 bytes (128-bits). - */ - static uint8_t aes_ccm128_known_ciphertext[] = { - 0x33, 0x50, 0x58, 0xbb, 0x5f, 0x13, 0x8d, 0xc9, - 0x5b, 0x2c, 0xa4, 0x50, 0x1d, 0x7f, 0xd4, 0xa5, - 0xb9, 0xb8, 0x71, 0x83, 0x8f, 0x82, 0x27, 0x5f, - 0x75, 0x3e, 0x30, 0xf9, 0x9d, 0xad, 0xc2, 0xe9, - 0x66, 0x93, 0x56, 0x98, 0x01, 0x1e, 0x3c, 0x11, - 0x74, 0xdb, 0x9b, 0xca, 0xce, 0x0f, 0xc3, 0x35 - }; - - /* - * AES-CCM Known Ciphertext - * Clen = 32 bytes + Tlen = 16 bytes (192-bits). - */ - static uint8_t aes_ccm192_known_ciphertext[] = { - 0xa7, 0x40, 0xd0, 0x25, 0xbd, 0x3e, 0x8f, 0xd5, - 0x28, 0x3e, 0xee, 0xaa, 0xf9, 0xa7, 0xfc, 0xf2, - 0x33, 0xf6, 0x69, 0xb8, 0xdc, 0x9c, 0x74, 0xb1, - 0x46, 0xf4, 0xd6, 0xcc, 0x0a, 0x16, 0x12, 0x0c, - 0x7c, 0x3c, 0x43, 0x76, 0x94, 0xf6, 0x9a, 0x14, - 0xa0, 0xfb, 0xab, 0x9c, 0x2c, 0xd3, 0x5c, 0x09 - }; - - /* - * AES-CCM Known Ciphertext - * Clen = 32 bytes + Tlen = 16 bytes (256-bits). - */ - static uint8_t aes_ccm256_known_ciphertext[] = { - 0xf6, 0x4d, 0x24, 0x69, 0x0e, 0xde, 0xc9, 0xc0, - 0x1e, 0x42, 0xc0, 0x78, 0x29, 0xcf, 0xdb, 0xfe, - 0xab, 0x52, 0x9a, 0xb1, 0x07, 0xe4, 0xac, 0xdf, - 0x48, 0x46, 0x46, 0xc1, 0xe2, 0xb2, 0x0f, 0x36, - 0x5f, 0xeb, 0x44, 0xcf, 0xa8, 0x80, 0x80, 0x23, - 0xc9, 0xee, 0xc7, 0x56, 0x24, 0x63, 0x6e, 0x7e - }; - uint8_t *aes_ccm_known_plaintext = (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ccm128_known_plaintext : @@ -1150,104 +933,6 @@ fips_aes_post(int aes_key_size) aes_ccm192_known_nonce : aes_ccm256_known_nonce; - /* AES-GCM Known Key (128-bits). */ - static uint8_t aes_gcm128_known_key[] = { - 0x7d, 0xf9, 0x9c, 0xdf, 0x7d, 0x00, 0xd9, 0xea, - 0xd3, 0x85, 0x17, 0x1b, 0x29, 0xae, 0xcf, 0xbc - }; - - /* AES-GCM Known Key (192-bits). */ - static uint8_t aes_gcm192_known_key[] = { - 0x85, 0xf4, 0x34, 0x7a, 0xf5, 0x98, 0x1e, 0xd9, - 0x89, 0x85, 0x98, 0x1a, 0x53, 0xfc, 0xc5, 0xbf, - 0x53, 0x6c, 0x91, 0x4b, 0x18, 0x3c, 0xe8, 0x12 - }; - - /* AES-GCM Known Key (256-bits). */ - static uint8_t aes_gcm256_known_key[] = { - 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, - 0x1c, 0x04, 0x65, 0x66, 0x5f, 0x8a, 0xe6, 0xd1, - 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69, - 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f - }; - - /* AES-GCM Known Initialization Vector (128-bits). */ - static uint8_t aes_gcm128_known_iv[] = { - 0x27, 0x4c, 0x4e, 0xae, 0xfe, 0xef, 0xae, 0x26, - 0x80, 0xb0, 0xef, 0xd5 - }; - - /* AES-GCM Known Initialization Vector (192-bits). */ - static uint8_t aes_gcm192_known_iv[] = { - 0xd4, 0xfb, 0x33, 0xc6, 0x51, 0xc8, 0x86, 0xff, - 0x28, 0x80, 0xef, 0x96 - }; - - /* AES-GCM Known Initialization Vector (256-bits). */ - static uint8_t aes_gcm256_known_iv[] = { - 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, - 0xee, 0xd0, 0x66, 0x84 - }; - - /* AES-GCM Known AAD Alen = 16 bytes (128-bits). */ - static uint8_t aes_gcm128_known_adata[] = { - 0x60, 0xe8, 0xb0, 0x37, 0xec, 0xdf, 0x4d, 0x82, - 0x8c, 0x83, 0x0d, 0xcf, 0xc5, 0xce, 0xd4, 0x9c - }; - - /* AES-GCM Known AAD Alen = 16 bytes (192-bits). */ - static uint8_t aes_gcm192_known_adata[] = { - 0x44, 0x3a, 0xdf, 0xad, 0xbb, 0x29, 0xd6, 0x8c, - 0x55, 0xe2, 0x02, 0x2d, 0xca, 0x62, 0x9b, 0x51 - }; - - /* AES-GCM Known AAD Alen = 16 bytes (256-bits). */ - static uint8_t aes_gcm256_known_adata[] = { - 0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, - 0xdb, 0x37, 0x0c, 0x43, 0x7f, 0xec, 0x78, 0xde - }; - - /* AES-GCM Known Payload Plen = 16 bytes (128-bits). */ - static uint8_t aes_gcm128_known_plaintext[] = { - 0x99, 0x66, 0x7d, 0xc9, 0x62, 0xb3, 0x9f, 0x14, - 0x8c, 0xdd, 0xfe, 0x68, 0xf9, 0x0a, 0x43, 0xf9 - }; - - /* AES-GCM Known Payload Plen = 16 bytes (192-bits). */ - static uint8_t aes_gcm192_known_plaintext[] = { - 0x7f, 0x9c, 0x08, 0x1d, 0x6a, 0xcc, 0xa8, 0xab, - 0x71, 0x75, 0xcb, 0xd0, 0x49, 0x42, 0xba, 0xad - }; - /* AES-GCM Known Payload Plen = 16 bytes (256-bits). */ - static uint8_t aes_gcm256_known_plaintext[] = { - 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, - 0xeb, 0x31, 0xb2, 0xea, 0xcc, 0x2b, 0xf2, 0xa5 - }; - - /* AES-GCM Known Ciphertext Clen = 16 bytes (128-bits) + tag */ - static uint8_t aes_gcm128_known_ciphertext[] = { - 0x2b, 0x5f, 0x57, 0xf2, 0x62, 0x27, 0xe0, 0x94, - 0xe7, 0xf8, 0x01, 0x23, 0xf9, 0xed, 0xbd, 0xe8, - 0x16, 0xee, 0x08, 0xb4, 0xd8, 0x07, 0xe5, 0xdb, - 0xd5, 0x70, 0x3c, 0xb3, 0xcf, 0x53, 0x8c, 0x14 - }; - - /* AES-GCM Known Ciphertext Clen = 16 bytes (192-bits) + tag */ - static uint8_t aes_gcm192_known_ciphertext[] = { - 0xdd, 0x7e, 0x7e, 0x45, 0x5b, 0x21, 0xd8, 0x84, - 0x3d, 0x7b, 0xc3, 0x1f, 0x21, 0x07, 0xf9, 0x55, - 0x9f, 0x0e, 0x8d, 0xe2, 0x6d, 0xb4, 0x95, 0xf5, - 0x91, 0x1f, 0xb6, 0x0c, 0xf5, 0xf2, 0x3a, 0xf9 - }; - - /* AES-GCM Known Ciphertext Clen = 16 bytes (256-bits)+ tag */ - static uint8_t aes_gcm256_known_ciphertext[] = { - 0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, - 0xd5, 0x36, 0x86, 0x7e, 0xb9, 0xf2, 0x17, 0x36, - 0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, - 0xd7, 0x37, 0xee, 0x62, 0x98, 0xf7, 0x7e, 0x0c - }; - uint8_t *aes_gcm_known_key = (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_gcm128_known_key : @@ -1283,95 +968,6 @@ fips_aes_post(int aes_key_size) aes_gcm192_known_adata : aes_gcm256_known_adata; - /* - * Source: NIST gcmEncryptExtIV128.txt - * Count = 0, [Keylen = 128], [IVlen = 96], [PTlen = 0], - * [AADlen = 128], [Taglen = 128] - * - * Source: NIST gcmEncryptExtIV192.txt - * Count = 0, [Keylen = 192], [IVlen = 96], [PTlen = 0], - * [AADlen = 128], [Taglen = 128] - * - * Source: NIST gcmEncryptExtIV256.txt - * Count = 0, [Keylen = 256], [IVlen = 96], [PTlen = 0], - * [AADlen = 128], [Taglen = 128] - */ - - /* AES-GMAC Known Key (128-bits). */ - static uint8_t aes_gmac128_known_key[] = { - 0x7d, 0x70, 0xd2, 0x32, 0x48, 0xc4, 0x7e, 0xb3, - 0xd2, 0x73, 0xdf, 0x81, 0xed, 0x30, 0x24, 0xbd - }; - - /* AES-GMAC Known Key (192-bits). */ - static uint8_t aes_gmac192_known_key[] = { - 0x03, 0x60, 0x22, 0xfe, 0x26, 0x9a, 0xdc, 0xad, - 0xb5, 0x73, 0x11, 0xa4, 0xa0, 0xed, 0x2a, 0x84, - 0x18, 0x34, 0xb8, 0xb6, 0xd8, 0xa0, 0x7f, 0x41 - }; - - /* AES-GMAC Known Key (256-bits). */ - static uint8_t aes_gmac256_known_key[] = { - 0xbb, 0x10, 0x10, 0x06, 0x4f, 0xb8, 0x35, 0x23, - 0xea, 0x9d, 0xf3, 0x2b, 0xad, 0x9f, 0x1f, 0x2a, - 0x4f, 0xce, 0xfc, 0x0f, 0x21, 0x07, 0xc0, 0xaa, - 0xba, 0xd9, 0xb7, 0x56, 0xd8, 0x09, 0x21, 0x9d - }; - - /* AES-GMAC Known Initialization Vector (128-bits). */ - static uint8_t aes_gmac128_known_iv[] = { - 0xab, 0x53, 0x23, 0x33, 0xd6, 0x76, 0x51, 0x20, - 0x8b, 0x8c, 0x34, 0x85 - }; - - /* AES-GMAC Known Initialization Vector (192-bits). */ - static uint8_t aes_gmac192_known_iv[] = { - 0x85, 0x65, 0xb2, 0x15, 0x3a, 0x3f, 0x34, 0x9a, - 0x07, 0x31, 0x06, 0x79 - }; - - /* AES-GMAC Known Initialization Vector (256-bits). */ - static uint8_t aes_gmac256_known_iv[] = { - 0x2f, 0x9a, 0xd0, 0x12, 0xad, 0xfc, 0x12, 0x73, - 0x43, 0xfb, 0xe0, 0x56 - }; - - /* AES-GMAC Known Tag (128-bits). */ - static uint8_t aes_gmac128_known_tag[] = { - 0xcf, 0x89, 0x50, 0xa3, 0x10, 0xf5, 0xab, 0x8b, - 0x69, 0xd5, 0x00, 0x11, 0x1a, 0x44, 0xb0, 0x96 - }; - - /* AES-GMAC Known Tag (192-bits). */ - static uint8_t aes_gmac192_known_tag[] = { - 0x90, 0x21, 0xaf, 0x4c, 0xa0, 0x8d, 0x01, 0xef, - 0x82, 0x5a, 0x42, 0xf9, 0xbe, 0x3a, 0xb3, 0xe9 - }; - - /* AES-GMAC Known Tag (256-bits). */ - static uint8_t aes_gmac256_known_tag[] = { - 0xef, 0x06, 0xd5, 0x4d, 0xfd, 0x00, 0x02, 0x1d, - 0x75, 0x27, 0xdf, 0xf2, 0x6f, 0xc9, 0xd4, 0x84 - }; - - /* AES-GMAC Known AAD Alen = 16 bytes (128-bits). */ - static uint8_t aes_gmac128_known_adata[] = { - 0x7d, 0x1d, 0x42, 0xe8, 0x94, 0x60, 0xe9, 0x44, - 0xbf, 0xa4, 0x83, 0xdb, 0xe6, 0x92, 0xf0, 0x8d - }; - - /* AES-GMAC Known AAD Alen = 16 bytes (192-bits). */ - static uint8_t aes_gmac192_known_adata[] = { - 0xad, 0xcf, 0x4f, 0xbb, 0xa0, 0xe0, 0x6a, 0x63, - 0x70, 0x71, 0x1a, 0x57, 0xf8, 0xdc, 0xd0, 0xc9 - }; - - /* AES-GMAC Known AAD Alen = 16 bytes (256-bits). */ - static uint8_t aes_gmac256_known_adata[] = { - 0xdb, 0x98, 0xd9, 0x0d, 0x1b, 0x69, 0x5c, 0xdb, - 0x74, 0x7a, 0x34, 0x3f, 0xbb, 0xc9, 0xf1, 0x41 - }; - uint8_t *aes_gmac_known_key = (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_gmac128_known_key : diff --git a/usr/src/common/crypto/fips/fips_checksum.c b/usr/src/common/crypto/fips/fips_checksum.c new file mode 100644 index 0000000000..0072b2a8b7 --- /dev/null +++ b/usr/src/common/crypto/fips/fips_checksum.c @@ -0,0 +1,346 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ +/* + * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + */ + + +#include <fips/fips_checksum.h> + + +#ifdef _KERNEL +#define FIPS_ALLOC(size) kmem_alloc(size, KM_SLEEP) +#define FIPS_FREE(buf, size) kmem_free(buf, size) +#define FIPS_READ_FILE kobj_read_file +#define ERRLOG0(str) cmn_err(CE_NOTE, str) +#define ERRLOG1(fmt, arg) cmn_err(CE_NOTE, fmt, arg) +#include <sys/sunddi.h> + +struct _buf *kobj_open_file(char *name); +int kobj_read_file(struct _buf *file, char *buf, uint_t size, uint_t off); +#else + +#define FIPS_ALLOC(size) malloc(size) +#define FIPS_FREE(buf, size) free(buf) +#define FIPS_READ_FILE fips_read_file +#define ERRLOG0(str) (void) printf(str) +#define ERRLOG1(fmt, arg) (void) printf(fmt, arg) +#endif + +#define NUM_SECTIONS (sizeof (checked_sec_names) / sizeof (char *)) + +static char *checked_sec_names[] = { + ".strtab", + ".dynamic", + ".compcom", + ".comment", + ".dynstr", + ".shstrtab", + ".rela.text", + ".rela.data", + ".text", + ".rodata", + ".rodata1", + ".data", + ".symtab", + ".SUNW_ctf", + ".bss" +}; + + +static int +#ifdef _KERNEL +process_section(SHA1_CTX *shactx, Elf64_Shdr *section, struct _buf *file, + char *shstrtab) +#else +process_section(SHA1_CTX *shactx, Elf64_Shdr *section, int file, + char *shstrtab) +#endif +{ + size_t size, offs; + char *name; + int doit = 0; + char *buf; + int i; + + size = section->sh_size; + offs = section->sh_offset; + name = shstrtab + section->sh_name; + for (i = 0; i < NUM_SECTIONS; i++) { + if (strncmp(name, checked_sec_names[i], + strlen(checked_sec_names[i]) + 1) == 0) { + doit++; + break; + } + } + + if (!doit) { + return (0); + } + + /* hash the size of .bss section */ + if (strcmp(name, ".bss") == 0) { + char szstr[32]; + (void) snprintf(szstr, sizeof (szstr), "%ld", size); + SHA1Update(shactx, szstr, strlen(szstr)); + return (0); + } + + + /* hash the contents of the section */ + if ((buf = FIPS_ALLOC(size)) == NULL) { + ERRLOG1("Not enough memory for section %s\n", name); + return (-1); + } + + if (FIPS_READ_FILE(file, buf, size, offs) < 0) { + FIPS_FREE(buf, size); + return (-2); + } + + SHA1Update(shactx, buf, size); + + FIPS_FREE(buf, size); + + return (0); +} + +int +#ifdef _KERNEL +fips_calc_checksum(struct _buf *file, Elf64_Ehdr *ehdr, char *sha1buf) +#else +fips_calc_checksum(int file, Elf64_Ehdr *ehdr, char *sha1buf) +#endif +{ + unsigned int size, numsec; + Elf64_Shdr *shdrs; + Elf64_Shdr *section; + SHA1_CTX sha1ctx; + char *shstrtab; + int i; + + numsec = ehdr->e_shnum; + size = ehdr->e_shentsize * numsec; + if ((shdrs = (Elf64_Shdr *)FIPS_ALLOC(size)) == NULL) { + ERRLOG0("Not enough memory for shdrs\n"); + return (FAILURE); + } + if (FIPS_READ_FILE(file, (char *)shdrs, size, ehdr->e_shoff) < 0) { + return (FAILURE); + } + + /* Obtain the .shstrtab data buffer */ + section = &(shdrs[ehdr->e_shstrndx]); + size = section->sh_size; + if ((shstrtab = (char *)FIPS_ALLOC(size)) == NULL) { + ERRLOG0("Not enough memory for shstrtab\n"); + return (FAILURE); + } + if (FIPS_READ_FILE(file, shstrtab, size, section->sh_offset) < 0) { + return (FAILURE); + } + + SHA1Init(&sha1ctx); + for (i = 0; i < numsec; i++) { + if (process_section(&sha1ctx, &(shdrs[i]), + file, shstrtab) < 0) { + return (FAILURE); + } + } + SHA1Final(sha1buf, &sha1ctx); + + return (0); +} + + +#ifndef _KERNEL + +int +fips_read_file(int fd, char *buf, int size, int offs) +{ + int i; + + if (lseek(fd, offs, SEEK_SET) == (off_t)(-1)) { + (void) fprintf(stderr, + "lseek returned an error for file %d\n", fd); + return (-1); + } + while ((i = read(fd, buf, size)) >= 0) { + if (size == i) { + break; + } else { + size -= i; + buf += i; + } + } + if (i < 0) { + (void) fprintf(stderr, "read failed for file %d\n", fd); + return (-2); + } + + return (0); +} + +#else + +static int +get_fips_section(Elf64_Ehdr *ehdr, struct _buf *file, char *expected_checksum) +{ + unsigned int shdrssz, shstrtabsz, numsec; + Elf64_Shdr *shdrs = NULL; + Elf64_Shdr *section; + char *shstrtab = NULL; + char *name; + int rv = FAILURE; + int i; + + numsec = ehdr->e_shnum; + shdrssz = ehdr->e_shentsize * numsec; + if ((shdrs = (Elf64_Shdr *)FIPS_ALLOC(shdrssz)) == NULL) { + ERRLOG0("Not enough memory for shdrs\n"); + return (FAILURE); + } + if (FIPS_READ_FILE(file, (char *)shdrs, shdrssz, ehdr->e_shoff) < 0) { + goto exit; + } + + /* Obtain the .shstrtab data buffer */ + section = &(shdrs[ehdr->e_shstrndx]); + shstrtabsz = section->sh_size; + if ((shstrtab = (char *)FIPS_ALLOC(shstrtabsz)) == NULL) { + ERRLOG0("Not enough memory for shstrtab\n"); + goto exit; + } + if (FIPS_READ_FILE(file, shstrtab, shstrtabsz, + section->sh_offset) < 0) { + goto exit; + } + + for (i = 0; i < numsec; i++) { + section = &shdrs[i]; + name = shstrtab + section->sh_name; + /* Get the checksum stored in the .SUNW_fips section */ + if (strcmp(name, ".SUNW_fips") == 0) { + if (section->sh_size != SHA1_DIGEST_LENGTH) { + goto exit; + } + if (FIPS_READ_FILE(file, expected_checksum, + section->sh_size, section->sh_offset) < 0) { + goto exit; + } + rv = 0; + goto exit; + } + } + + +exit: + if (shdrs != NULL) { + FIPS_FREE(shdrs, shdrssz); + } + if (shstrtab != NULL) { + FIPS_FREE(shstrtab, shstrtabsz); + } + + return (rv); +} + + +int +fips_check_module(char *modname, void *_initaddr) +{ + struct modctl *modctlp = NULL; + struct module *mp = NULL; + struct _buf *file; + char *filename; + Elf64_Ehdr ehdr; + unsigned int size, i; + char sha1buf[SHA1_DIGEST_LENGTH]; + char expected_checksum[SHA1_DIGEST_LENGTH]; + + modctlp = mod_find_by_filename(NULL, modname); + if (modctlp == NULL) { + ERRLOG1("module with modname %s not found\n", modname); + return (FAILURE); + } + mp = (struct module *)modctlp->mod_mp; + if (mp != NULL && mp->filename != NULL) { + filename = mp->filename; + } else { + /* filename does not exist */ + return (FAILURE); + } + if ((mp->text > (char *)_initaddr) || + (mp->text + mp->text_size < (char *)_initaddr)) { + ERRLOG1("_init() is not in module %s\n", modname); + return (FAILURE); + } + + if ((file = kobj_open_file(filename)) == (struct _buf *)-1) { + ERRLOG1("Cannot open %s\n", filename); + return (FAILURE); + } + /* Read the ELF header */ + size = sizeof (ehdr); + if (kobj_read_file(file, (char *)(&ehdr), size, 0) < 0) { + goto fail_exit; + } + + /* check if it is an ELF file */ + for (i = 0; i < SELFMAG; i++) { + if (ehdr.e_ident[i] != ELFMAG[i]) { + ERRLOG1("%s not an elf file\n", filename); + goto fail_exit; + } + } + + /* check if it is relocatable */ + if (ehdr.e_type != ET_REL) { + ERRLOG1("%s isn't a relocatable (ET_REL) " + "module\n", filename); + goto fail_exit; + } + + if (fips_calc_checksum(file, &ehdr, sha1buf) < 0) { + goto fail_exit; + } + + if (get_fips_section(&ehdr, file, expected_checksum) < 0) { + goto fail_exit; + } + + if (memcmp(sha1buf, expected_checksum, SHA1_DIGEST_LENGTH) != 0) { + goto fail_exit; + } + + kobj_close_file(file); + + return (SUCCESS); + +fail_exit: + + kobj_close_file(file); + + return (FAILURE); + +} + +#endif diff --git a/usr/src/common/crypto/fips/fips_checksum.h b/usr/src/common/crypto/fips/fips_checksum.h new file mode 100644 index 0000000000..4288634673 --- /dev/null +++ b/usr/src/common/crypto/fips/fips_checksum.h @@ -0,0 +1,70 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ +/* + * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + */ + +#ifndef _SYS_CRYPTO_FIPS_H +#define _SYS_CRYPTO_FIPS_H + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef _KERNEL +#include <sys/elf.h> +#include <sys/modctl.h> +#include <sys/kobj.h> +#include <sys/kmem.h> +#include <sys/sha1.h> +#include <sys/ddi.h> +#else +#include <ctype.h> +#include <unistd.h> +#include <sys/types.h> +#include <fcntl.h> +#include <stdio.h> +#include <libelf.h> +#include <gelf.h> +#include <stdlib.h> +#include <string.h> +#include <sha1.h> +#include <sys/elf_SPARC.h> +#endif + + +#define FAILURE -1 +#define SUCCESS 0 + +#ifdef _KERNEL +extern int fips_calc_checksum(struct _buf *, Elf64_Ehdr *, char *); +extern int fips_check_module(char *modname, void *_initaddr); +#else +extern int fips_read_file(int, char *, int, int); +extern int fips_calc_checksum(int, Elf64_Ehdr *, char *); +#endif + + +#ifdef __cplusplus +} +#endif + +#endif /* _SYS_CRYPTO_FIPS_H */ diff --git a/usr/src/common/crypto/fips/fips_sha1_util.c b/usr/src/common/crypto/fips/fips_sha1_util.c index 53a58f3b1c..1671ce904b 100644 --- a/usr/src/common/crypto/fips/fips_sha1_util.c +++ b/usr/src/common/crypto/fips/fips_sha1_util.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <sys/types.h> @@ -41,6 +40,8 @@ #include "softMAC.h" #endif #include <sha1/sha1_impl.h> +#define _SHA1_FIPS_POST +#include <fips/fips_test_vectors.h> /* * fips_sha1_build_context() @@ -266,62 +267,9 @@ fips_hmac_sha1_hash(sha1_hmac_ctx_t *sha1_hmac_ctx, int fips_sha1_post(void) { - - /* - * SHA-1 Known Hash Message - * Source from NIST SHA1ShortMsg (L = 512-bits). - */ - static uint8_t sha1_known_hash_message[] = { - 0x7e, 0x3a, 0x4c, 0x32, 0x5c, 0xb9, 0xc5, 0x2b, - 0x88, 0x38, 0x7f, 0x93, 0xd0, 0x1a, 0xe8, 0x6d, - 0x42, 0x09, 0x8f, 0x5e, 0xfa, 0x7f, 0x94, 0x57, - 0x38, 0x8b, 0x5e, 0x74, 0xb6, 0xd2, 0x8b, 0x24, - 0x38, 0xd4, 0x2d, 0x8b, 0x64, 0x70, 0x33, 0x24, - 0xd4, 0xaa, 0x25, 0xab, 0x6a, 0xad, 0x15, 0x3a, - 0xe3, 0x0c, 0xd2, 0xb2, 0xaf, 0x4d, 0x5e, 0x5c, - 0x00, 0xa8, 0xa2, 0xd0, 0x22, 0x0c, 0x61, 0x16 - }; - - /* SHA-1 Known Digest Message (160-bits). */ - static uint8_t sha1_known_digest[] = { - 0xa3, 0x05, 0x44, 0x27, 0xcd, 0xb1, 0x3f, 0x16, - 0x4a, 0x61, 0x0b, 0x34, 0x87, 0x02, 0x72, 0x4c, - 0x80, 0x8a, 0x0d, 0xcc - }; - - /* Source from NIST HMAC.txt Count = 0 */ - static uint8_t HMAC_known_secret_key[] = { - 0x7b, 0x10, 0xf4, 0x12, 0x4b, 0x15, 0xc8, 0x2e - }; - static uint8_t HMAC_known_secret_key_length = sizeof (HMAC_known_secret_key); - /* known SHA1 hmac - truncated (10 bytes) */ - static uint8_t known_SHA1_hmac[] = { - 0x4e, 0xad, 0x12, 0xc2, 0xfe, 0x3d, 0x6e, 0xa4, - 0x3a, 0xcb - }; - - static uint8_t hmac_sha1_known_hash_message[] = { - 0x27, 0xdc, 0xb5, 0xb1, 0xda, 0xf6, 0x0c, 0xfd, - 0x3e, 0x2f, 0x73, 0xd4, 0xd6, 0x4c, 0xa9, 0xc6, - 0x84, 0xf8, 0xbf, 0x71, 0xfc, 0x68, 0x2a, 0x46, - 0x79, 0x3b, 0x17, 0x90, 0xaf, 0xa4, 0xfe, 0xb1, - 0x00, 0xca, 0x7a, 0xaf, 0xf2, 0x6f, 0x58, 0xf0, - 0xe1, 0xd0, 0xed, 0x42, 0xf1, 0xcd, 0xad, 0x1f, - 0x47, 0x4a, 0xfa, 0x2e, 0x79, 0xd5, 0x3a, 0x0c, - 0x42, 0x89, 0x2c, 0x4d, 0x7b, 0x32, 0x7c, 0xbe, - 0x46, 0xb2, 0x95, 0xed, 0x8d, 0xa3, 0xb6, 0xec, - 0xab, 0x3d, 0x48, 0x51, 0x68, 0x7a, 0x6f, 0x81, - 0x2b, 0x79, 0xdf, 0x2f, 0x6b, 0x20, 0xf1, 0x1f, - 0x67, 0x06, 0xf5, 0x30, 0x17, 0x90, 0xca, 0x99, - 0x62, 0x5a, 0xad, 0x73, 0x91, 0xd8, 0x4f, 0x78, - 0x04, 0x3d, 0x2a, 0x0a, 0x23, 0x9b, 0x14, 0x77, - 0x98, 0x4c, 0x15, 0x7b, 0xbc, 0x92, 0x76, 0x06, - 0x4e, 0x7a, 0x1a, 0x40, 0x6b, 0x06, 0x12, 0xca - }; - /* SHA-1 variables. */ uint8_t sha1_computed_digest[SHA1_DIGEST_LENGTH]; uint8_t hmac_computed[SHA1_HMAC_BLOCK_SIZE]; diff --git a/usr/src/common/crypto/fips/fips_test_vectors.c b/usr/src/common/crypto/fips/fips_test_vectors.c new file mode 100644 index 0000000000..ef833cb392 --- /dev/null +++ b/usr/src/common/crypto/fips/fips_test_vectors.c @@ -0,0 +1,1594 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + */ + +#include <sys/types.h> + +/* + * AES ECB/CBC test vectors + */ + +/* AES Known Key (up to 256-bits). */ +uint8_t aes_known_key[] = { + 'A', 'E', 'S', '-', '1', '2', '8', ' ', + 'R', 'I', 'J', 'N', 'D', 'A', 'E', 'L', + 'L', 'E', 'A', 'D', 'N', 'J', 'I', 'R', + ' ', '8', '2', '1', '-', 'S', 'E', 'A' +}; + +/* AES-CBC Known Initialization Vector (128-bits). */ +uint8_t aes_cbc_known_initialization_vector[] = { + 'S', 'e', 'c', 'u', 'r', 'i', 't', 'y', + 'y', 't', 'i', 'r', 'u', 'c', 'e', 'S' +}; + +/* AES Known Plaintext (128-bits). (blocksize is 128-bits) */ +uint8_t aes_known_plaintext[] = { + 'S', 'u', 'n', ' ', 'O', 'p', 'e', 'n', + ' ', 'S', 'o', 'l', 'a', 'r', 'i', 's' +}; + +/* AES Known Ciphertext (128-bit key). */ +uint8_t aes_ecb128_known_ciphertext[] = { + 0xcc, 0xd1, 0xd0, 0xf3, 0xfd, 0x44, 0xb1, 0x4d, + 0xfe, 0x33, 0x20, 0x72, 0x3c, 0xf3, 0x4d, 0x27 +}; + +uint8_t aes_cbc128_known_ciphertext[] = { + 0x59, 0x34, 0x55, 0xd1, 0x89, 0x9b, 0xf4, 0xa5, + 0x16, 0x2c, 0x4c, 0x14, 0xd3, 0xe2, 0xe5, 0xed +}; + +/* AES Known Ciphertext (192-bit key). */ +uint8_t aes_ecb192_known_ciphertext[] = { + 0xa3, 0x78, 0x10, 0x44, 0xd8, 0xee, 0x8a, 0x98, + 0x41, 0xa4, 0xeb, 0x96, 0x57, 0xd8, 0xa0, 0xc5 +}; + +uint8_t aes_cbc192_known_ciphertext[] = { + 0x22, 0x9c, 0x68, 0xc6, 0x86, 0x68, 0xcc, 0x6a, + 0x56, 0x2c, 0xb8, 0xe0, 0x16, 0x4e, 0x8b, 0x78 +}; + +/* AES Known Ciphertext (256-bit key). */ +uint8_t aes_ecb256_known_ciphertext[] = { + 0xe4, 0x65, 0x92, 0x7f, 0xd0, 0xdd, 0x59, 0x49, + 0x79, 0xc3, 0xac, 0x96, 0x30, 0xad, 0x32, 0x52 +}; + +uint8_t aes_cbc256_known_ciphertext[] = { + 0xd9, 0x44, 0x43, 0xe8, 0xdb, 0x60, 0x6b, 0xde, + 0xc2, 0x84, 0xbf, 0xb9, 0xaf, 0x43, 0x3f, 0x51 +}; + +/* AES-CTR Known Key (128-bits). */ +uint8_t aes_ctr128_known_key[] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c +}; + +/* AES-CTR Known Key (192-bits). */ +uint8_t aes_ctr192_known_key[] = { + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b +}; + +/* AES-CTR Known Key (256-bits). */ +uint8_t aes_ctr256_known_key[] = { + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 +}; + +/* AES-CTR Known Initialization Counter (128-bits). */ +uint8_t aes_ctr_known_counter[] = { + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff +}; + +/* AES-CTR Known Plaintext (128-bits). */ +uint8_t aes_ctr_known_plaintext[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a +}; + +/* AES-CTR Known Ciphertext. */ +uint8_t aes_ctr128_known_ciphertext[] = { + 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, + 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce +}; + +uint8_t aes_ctr192_known_ciphertext[] = { + 0x1a, 0xbc, 0x93, 0x24, 0x17, 0x52, 0x1c, 0xa2, + 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b +}; + +uint8_t aes_ctr256_known_ciphertext[] = { + 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5, + 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28 +}; + +/* AES-CCM Known Key (128-bits). */ +uint8_t aes_ccm128_known_key[] = { + 0x06, 0xfd, 0xf0, 0x83, 0xb5, 0xcb, 0x3b, 0xc7, + 0xc0, 0x6d, 0x4d, 0xe5, 0xa6, 0x34, 0xc6, 0x50 +}; + +/* AES-CCM Known Key (192-bits). */ +uint8_t aes_ccm192_known_key[] = { + 0xde, 0x91, 0x08, 0x63, 0xbe, 0x59, 0xb8, 0x7a, + 0x45, 0x9b, 0xa6, 0xce, 0x2d, 0x7e, 0x71, 0x56, + 0x1c, 0x5c, 0x15, 0xea, 0x1b, 0x6b, 0x05, 0x06 +}; + +/* AES-CCM Known Key (256-bits). */ +uint8_t aes_ccm256_known_key[] = { + 0x84, 0x9c, 0x1d, 0xeb, 0x80, 0xf8, 0x5b, 0x7d, + 0x25, 0x33, 0x64, 0x75, 0x4b, 0xdc, 0x5d, 0xf0, + 0xe8, 0x1c, 0x98, 0x8a, 0x78, 0x8f, 0x15, 0xd1, + 0xa2, 0x52, 0x49, 0xfa, 0x18, 0x5e, 0x1f, 0xd3 +}; + +/* AES-CCM Known Nonce Nlen = 7 bytes (for 128-bits key). */ +uint8_t aes_ccm128_known_nonce[] = { + 0xfd, 0xe2, 0xd5, 0x4c, 0x65, 0x4e, 0xe4 +}; + +/* AES-CCM Known Nonce Nlen = 7 bytes (192-bits). */ +uint8_t aes_ccm192_known_nonce[] = { + 0xcf, 0xb3, 0x48, 0xfa, 0x04, 0x36, 0xa2 +}; + +/* AES-CCM Known Nonce Nlen = 7 bytes (256-bits). */ +uint8_t aes_ccm256_known_nonce[] = { + 0x75, 0xa5, 0x5b, 0x58, 0x33, 0x9d, 0x1c +}; + +/* AES-CCM Known Adata Alen = 30 bytes (128-bits). */ +uint8_t aes_ccm128_known_adata[] = { + 0xe0, 0xdf, 0xfc, 0x4c, 0x92, 0x90, 0xd8, 0x28, + 0xef, 0xe7, 0xc6, 0xbe, 0x4a, 0xbc, 0xd1, 0x3e, + 0x23, 0x61, 0x92, 0x2f, 0xfa, 0x27, 0xa4, 0x0e, + 0x61, 0x24, 0x58, 0x38, 0x55, 0x33 +}; + +/* AES-CCM Known Adata Alen = 30 bytes (192-bits). */ +uint8_t aes_ccm192_known_adata[] = { + 0x4c, 0x5b, 0x4f, 0xfe, 0x80, 0xba, 0x7a, 0xe5, + 0xd3, 0xe8, 0xbc, 0xf6, 0x55, 0x83, 0xcf, 0x58, + 0xa2, 0x82, 0x59, 0x65, 0xba, 0xbd, 0x63, 0x53, + 0x0c, 0xb0, 0x0c, 0x14, 0xd4, 0x7b +}; + +/* AES-CCM Known Adata Alen = 30 bytes (256-bits). */ +uint8_t aes_ccm256_known_adata[] = { + 0x27, 0xb7, 0xec, 0x91, 0x08, 0xe1, 0x4d, 0x12, + 0xd3, 0xd3, 0xb8, 0x49, 0x09, 0xde, 0xd0, 0x9a, + 0x8f, 0x23, 0xbf, 0xd6, 0x02, 0x9b, 0x2a, 0x5e, + 0x4a, 0x5a, 0x63, 0x8c, 0x72, 0x14 +}; +/* AES-CCM Known Payload Plen = 32 bytes (128-bits). */ +uint8_t aes_ccm128_known_plaintext[] = { + 0x77, 0xca, 0xdf, 0xa5, 0xb1, 0x23, 0xfe, 0x07, + 0x8d, 0xca, 0x94, 0xe2, 0x66, 0x3f, 0x73, 0xd0, + 0x3f, 0x0b, 0x4d, 0xc8, 0x05, 0xf6, 0x1c, 0xef, + 0x13, 0x79, 0xc0, 0xb1, 0xfc, 0x76, 0xea, 0x11 +}; + +/* AES-CCM Known Payload Plen = 32 bytes (192-bits). */ +uint8_t aes_ccm192_known_plaintext[] = { + 0xf9, 0x8a, 0x58, 0x59, 0x44, 0x2d, 0x2a, 0xf9, + 0x65, 0x03, 0x36, 0x6d, 0x8a, 0x58, 0x29, 0xf9, + 0xef, 0x47, 0x44, 0x30, 0xf4, 0x7e, 0x0d, 0xcd, + 0x73, 0x41, 0x45, 0xdf, 0x50, 0xb2, 0x1b, 0x29 +}; + +/* AES-CCM Known Payload Plen = 32 bytes (256-bits). */ +uint8_t aes_ccm256_known_plaintext[] = { + 0x25, 0x28, 0x3f, 0x05, 0x41, 0xd6, 0x66, 0x3b, + 0xdb, 0x8f, 0xe9, 0xe7, 0x7b, 0x06, 0xc0, 0xee, + 0xfe, 0xf6, 0xc9, 0x8b, 0x45, 0x08, 0x18, 0x4e, + 0x2e, 0xf7, 0x8e, 0x64, 0xc3, 0xf2, 0xad, 0x18 +}; + +/* + * AES-CCM Known Ciphertext + * Clen = 32 bytes + Tlen = 16 bytes (128-bits). + */ +uint8_t aes_ccm128_known_ciphertext[] = { + 0x33, 0x50, 0x58, 0xbb, 0x5f, 0x13, 0x8d, 0xc9, + 0x5b, 0x2c, 0xa4, 0x50, 0x1d, 0x7f, 0xd4, 0xa5, + 0xb9, 0xb8, 0x71, 0x83, 0x8f, 0x82, 0x27, 0x5f, + 0x75, 0x3e, 0x30, 0xf9, 0x9d, 0xad, 0xc2, 0xe9, + 0x66, 0x93, 0x56, 0x98, 0x01, 0x1e, 0x3c, 0x11, + 0x74, 0xdb, 0x9b, 0xca, 0xce, 0x0f, 0xc3, 0x35 +}; + +/* + * AES-CCM Known Ciphertext + * Clen = 32 bytes + Tlen = 16 bytes (192-bits). + */ +uint8_t aes_ccm192_known_ciphertext[] = { + 0xa7, 0x40, 0xd0, 0x25, 0xbd, 0x3e, 0x8f, 0xd5, + 0x28, 0x3e, 0xee, 0xaa, 0xf9, 0xa7, 0xfc, 0xf2, + 0x33, 0xf6, 0x69, 0xb8, 0xdc, 0x9c, 0x74, 0xb1, + 0x46, 0xf4, 0xd6, 0xcc, 0x0a, 0x16, 0x12, 0x0c, + 0x7c, 0x3c, 0x43, 0x76, 0x94, 0xf6, 0x9a, 0x14, + 0xa0, 0xfb, 0xab, 0x9c, 0x2c, 0xd3, 0x5c, 0x09 +}; + +/* + * AES-CCM Known Ciphertext + * Clen = 32 bytes + Tlen = 16 bytes (256-bits). + */ +uint8_t aes_ccm256_known_ciphertext[] = { + 0xf6, 0x4d, 0x24, 0x69, 0x0e, 0xde, 0xc9, 0xc0, + 0x1e, 0x42, 0xc0, 0x78, 0x29, 0xcf, 0xdb, 0xfe, + 0xab, 0x52, 0x9a, 0xb1, 0x07, 0xe4, 0xac, 0xdf, + 0x48, 0x46, 0x46, 0xc1, 0xe2, 0xb2, 0x0f, 0x36, + 0x5f, 0xeb, 0x44, 0xcf, 0xa8, 0x80, 0x80, 0x23, + 0xc9, 0xee, 0xc7, 0x56, 0x24, 0x63, 0x6e, 0x7e +}; + +/* AES-GCM Known Key (128-bits). */ +uint8_t aes_gcm128_known_key[] = { + 0x7d, 0xf9, 0x9c, 0xdf, 0x7d, 0x00, 0xd9, 0xea, + 0xd3, 0x85, 0x17, 0x1b, 0x29, 0xae, 0xcf, 0xbc +}; + +/* AES-GCM Known Key (192-bits). */ +uint8_t aes_gcm192_known_key[] = { + 0x85, 0xf4, 0x34, 0x7a, 0xf5, 0x98, 0x1e, 0xd9, + 0x89, 0x85, 0x98, 0x1a, 0x53, 0xfc, 0xc5, 0xbf, + 0x53, 0x6c, 0x91, 0x4b, 0x18, 0x3c, 0xe8, 0x12 +}; + +/* AES-GCM Known Key (256-bits). */ +uint8_t aes_gcm256_known_key[] = { + 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, + 0x1c, 0x04, 0x65, 0x66, 0x5f, 0x8a, 0xe6, 0xd1, + 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69, + 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f +}; + +/* AES-GCM Known Initialization Vector (128-bits). */ +uint8_t aes_gcm128_known_iv[] = { + 0x27, 0x4c, 0x4e, 0xae, 0xfe, 0xef, 0xae, 0x26, + 0x80, 0xb0, 0xef, 0xd5 +}; + +/* AES-GCM Known Initialization Vector (192-bits). */ +uint8_t aes_gcm192_known_iv[] = { + 0xd4, 0xfb, 0x33, 0xc6, 0x51, 0xc8, 0x86, 0xff, + 0x28, 0x80, 0xef, 0x96 +}; + +/* AES-GCM Known Initialization Vector (256-bits). */ +uint8_t aes_gcm256_known_iv[] = { + 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, + 0xee, 0xd0, 0x66, 0x84 +}; + +/* AES-GCM Known AAD Alen = 16 bytes (128-bits). */ +uint8_t aes_gcm128_known_adata[] = { + 0x60, 0xe8, 0xb0, 0x37, 0xec, 0xdf, 0x4d, 0x82, + 0x8c, 0x83, 0x0d, 0xcf, 0xc5, 0xce, 0xd4, 0x9c +}; + +/* AES-GCM Known AAD Alen = 16 bytes (192-bits). */ +uint8_t aes_gcm192_known_adata[] = { + 0x44, 0x3a, 0xdf, 0xad, 0xbb, 0x29, 0xd6, 0x8c, + 0x55, 0xe2, 0x02, 0x2d, 0xca, 0x62, 0x9b, 0x51 +}; + +/* AES-GCM Known AAD Alen = 16 bytes (256-bits). */ +uint8_t aes_gcm256_known_adata[] = { + 0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, + 0xdb, 0x37, 0x0c, 0x43, 0x7f, 0xec, 0x78, 0xde +}; + +/* AES-GCM Known Payload Plen = 16 bytes (128-bits). */ +uint8_t aes_gcm128_known_plaintext[] = { + 0x99, 0x66, 0x7d, 0xc9, 0x62, 0xb3, 0x9f, 0x14, + 0x8c, 0xdd, 0xfe, 0x68, 0xf9, 0x0a, 0x43, 0xf9 +}; +/* AES-GCM Known Payload Plen = 16 bytes (192-bits). */ +uint8_t aes_gcm192_known_plaintext[] = { + 0x7f, 0x9c, 0x08, 0x1d, 0x6a, 0xcc, 0xa8, 0xab, + 0x71, 0x75, 0xcb, 0xd0, 0x49, 0x42, 0xba, 0xad +}; +/* AES-GCM Known Payload Plen = 16 bytes (256-bits). */ +uint8_t aes_gcm256_known_plaintext[] = { + 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, + 0xeb, 0x31, 0xb2, 0xea, 0xcc, 0x2b, 0xf2, 0xa5 +}; + +/* AES-GCM Known Ciphertext Clen = 16 bytes (128-bits) + tag */ +uint8_t aes_gcm128_known_ciphertext[] = { + 0x2b, 0x5f, 0x57, 0xf2, 0x62, 0x27, 0xe0, 0x94, + 0xe7, 0xf8, 0x01, 0x23, 0xf9, 0xed, 0xbd, 0xe8, + 0x16, 0xee, 0x08, 0xb4, 0xd8, 0x07, 0xe5, 0xdb, + 0xd5, 0x70, 0x3c, 0xb3, 0xcf, 0x53, 0x8c, 0x14 +}; + +/* AES-GCM Known Ciphertext Clen = 16 bytes (192-bits) + tag */ +uint8_t aes_gcm192_known_ciphertext[] = { + 0xdd, 0x7e, 0x7e, 0x45, 0x5b, 0x21, 0xd8, 0x84, + 0x3d, 0x7b, 0xc3, 0x1f, 0x21, 0x07, 0xf9, 0x55, + 0x9f, 0x0e, 0x8d, 0xe2, 0x6d, 0xb4, 0x95, 0xf5, + 0x91, 0x1f, 0xb6, 0x0c, 0xf5, 0xf2, 0x3a, 0xf9 +}; + +/* AES-GCM Known Ciphertext Clen = 16 bytes (256-bits)+ tag */ +uint8_t aes_gcm256_known_ciphertext[] = { + 0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, + 0xd5, 0x36, 0x86, 0x7e, 0xb9, 0xf2, 0x17, 0x36, + 0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, + 0xd7, 0x37, 0xee, 0x62, 0x98, 0xf7, 0x7e, 0x0c +}; + +/* + * Source: NIST gcmEncryptExtIV128.txt + * Count = 0, [Keylen = 128], [IVlen = 96], [PTlen = 0], + * [AADlen = 128], [Taglen = 128] + * + * Source: NIST gcmEncryptExtIV192.txt + * Count = 0, [Keylen = 192], [IVlen = 96], [PTlen = 0], + * [AADlen = 128], [Taglen = 128] + * + * Source: NIST gcmEncryptExtIV256.txt + * Count = 0, [Keylen = 256], [IVlen = 96], [PTlen = 0], + * [AADlen = 128], [Taglen = 128] + */ + +/* AES-GMAC Known Key (128-bits). */ +uint8_t aes_gmac128_known_key[] = { + 0x7d, 0x70, 0xd2, 0x32, 0x48, 0xc4, 0x7e, 0xb3, + 0xd2, 0x73, 0xdf, 0x81, 0xed, 0x30, 0x24, 0xbd +}; + +/* AES-GMAC Known Key (192-bits). */ +uint8_t aes_gmac192_known_key[] = { + 0x03, 0x60, 0x22, 0xfe, 0x26, 0x9a, 0xdc, 0xad, + 0xb5, 0x73, 0x11, 0xa4, 0xa0, 0xed, 0x2a, 0x84, + 0x18, 0x34, 0xb8, 0xb6, 0xd8, 0xa0, 0x7f, 0x41 +}; + +/* AES-GMAC Known Key (256-bits). */ +uint8_t aes_gmac256_known_key[] = { + 0xbb, 0x10, 0x10, 0x06, 0x4f, 0xb8, 0x35, 0x23, + 0xea, 0x9d, 0xf3, 0x2b, 0xad, 0x9f, 0x1f, 0x2a, + 0x4f, 0xce, 0xfc, 0x0f, 0x21, 0x07, 0xc0, 0xaa, + 0xba, 0xd9, 0xb7, 0x56, 0xd8, 0x09, 0x21, 0x9d +}; + +/* AES-GMAC Known Initialization Vector (128-bits). */ +uint8_t aes_gmac128_known_iv[] = { + 0xab, 0x53, 0x23, 0x33, 0xd6, 0x76, 0x51, 0x20, + 0x8b, 0x8c, 0x34, 0x85 +}; + +/* AES-GMAC Known Initialization Vector (192-bits). */ +uint8_t aes_gmac192_known_iv[] = { + 0x85, 0x65, 0xb2, 0x15, 0x3a, 0x3f, 0x34, 0x9a, + 0x07, 0x31, 0x06, 0x79 +}; + +/* AES-GMAC Known Initialization Vector (256-bits). */ +uint8_t aes_gmac256_known_iv[] = { + 0x2f, 0x9a, 0xd0, 0x12, 0xad, 0xfc, 0x12, 0x73, + 0x43, 0xfb, 0xe0, 0x56 +}; + +/* AES-GMAC Known Tag (128-bits). */ +uint8_t aes_gmac128_known_tag[] = { + 0xcf, 0x89, 0x50, 0xa3, 0x10, 0xf5, 0xab, 0x8b, + 0x69, 0xd5, 0x00, 0x11, 0x1a, 0x44, 0xb0, 0x96 +}; + +/* AES-GMAC Known Tag (192-bits). */ +uint8_t aes_gmac192_known_tag[] = { + 0x90, 0x21, 0xaf, 0x4c, 0xa0, 0x8d, 0x01, 0xef, + 0x82, 0x5a, 0x42, 0xf9, 0xbe, 0x3a, 0xb3, 0xe9 +}; + +/* AES-GMAC Known Tag (256-bits). */ +uint8_t aes_gmac256_known_tag[] = { + 0xef, 0x06, 0xd5, 0x4d, 0xfd, 0x00, 0x02, 0x1d, + 0x75, 0x27, 0xdf, 0xf2, 0x6f, 0xc9, 0xd4, 0x84 +}; + +/* AES-GMAC Known AAD Alen = 16 bytes (128-bits). */ +uint8_t aes_gmac128_known_adata[] = { + 0x7d, 0x1d, 0x42, 0xe8, 0x94, 0x60, 0xe9, 0x44, + 0xbf, 0xa4, 0x83, 0xdb, 0xe6, 0x92, 0xf0, 0x8d +}; + +/* AES-GMAC Known AAD Alen = 16 bytes (192-bits). */ +uint8_t aes_gmac192_known_adata[] = { + 0xad, 0xcf, 0x4f, 0xbb, 0xa0, 0xe0, 0x6a, 0x63, + 0x70, 0x71, 0x1a, 0x57, 0xf8, 0xdc, 0xd0, 0xc9 +}; + +/* AES-GMAC Known AAD Alen = 16 bytes (256-bits). */ +uint8_t aes_gmac256_known_adata[] = { + 0xdb, 0x98, 0xd9, 0x0d, 0x1b, 0x69, 0x5c, 0xdb, + 0x74, 0x7a, 0x34, 0x3f, 0xbb, 0xc9, 0xf1, 0x41 +}; + +/* DES3 Known Key. */ +uint8_t des3_known_key[] = { + 'A', 'N', 'S', 'I', ' ', 'T', 'r', 'i', + 'p', 'l', 'e', '-', 'D', 'E', 'S', ' ', + 'K', 'e', 'y', ' ', 'D', 'a', 't', 'a' +}; + +/* DES3-CBC Known Initialization Vector (64-bits). */ +uint8_t des3_cbc_known_iv[] = { + 'S', 'e', 'c', 'u', 'r', 'i', 't', 'y' +}; + +/* DES3 Known Plaintext (64-bits). */ +uint8_t des3_ecb_known_plaintext[] = { + 'S', 'o', 'l', 'a', 'r', 'i', 's', '!' +}; +uint8_t des3_cbc_known_plaintext[] = { + 'S', 'o', 'l', 'a', 'r', 'i', 's', '!' +}; + +/* DES3 Known Ciphertext (64-bits). */ +uint8_t des3_ecb_known_ciphertext[] = { + 0x17, 0x0d, 0x1f, 0x13, 0xd3, 0xa0, 0x3a, 0x63 +}; + +uint8_t des3_cbc_known_ciphertext[] = { + 0x7f, 0x62, 0x44, 0xb3, 0xf8, 0x77, 0xf8, 0xf8 +}; + + + +/* + * SHA-1 Known Hash Message + * Source from NIST SHA1ShortMsg (L = 512-bits). + */ +uint8_t sha1_known_hash_message[] = { + 0x7e, 0x3a, 0x4c, 0x32, 0x5c, 0xb9, 0xc5, 0x2b, + 0x88, 0x38, 0x7f, 0x93, 0xd0, 0x1a, 0xe8, 0x6d, + 0x42, 0x09, 0x8f, 0x5e, 0xfa, 0x7f, 0x94, 0x57, + 0x38, 0x8b, 0x5e, 0x74, 0xb6, 0xd2, 0x8b, 0x24, + 0x38, 0xd4, 0x2d, 0x8b, 0x64, 0x70, 0x33, 0x24, + 0xd4, 0xaa, 0x25, 0xab, 0x6a, 0xad, 0x15, 0x3a, + 0xe3, 0x0c, 0xd2, 0xb2, 0xaf, 0x4d, 0x5e, 0x5c, + 0x00, 0xa8, 0xa2, 0xd0, 0x22, 0x0c, 0x61, 0x16 +}; + +/* SHA-1 Known Digest Message (160-bits). */ +uint8_t sha1_known_digest[] = { + 0xa3, 0x05, 0x44, 0x27, 0xcd, 0xb1, 0x3f, 0x16, + 0x4a, 0x61, 0x0b, 0x34, 0x87, 0x02, 0x72, 0x4c, + 0x80, 0x8a, 0x0d, 0xcc +}; + +/* Source from NIST HMAC.txt Count = 0 */ +uint8_t HMAC_known_secret_key[] = { + 0x7b, 0x10, 0xf4, 0x12, 0x4b, 0x15, 0xc8, 0x2e +}; + +/* known SHA1 hmac - truncated (10 bytes) */ +uint8_t known_SHA1_hmac[] = { + 0x4e, 0xad, 0x12, 0xc2, 0xfe, 0x3d, 0x6e, 0xa4, + 0x3a, 0xcb +}; + +uint8_t hmac_sha1_known_hash_message[] = { + 0x27, 0xdc, 0xb5, 0xb1, 0xda, 0xf6, 0x0c, 0xfd, + 0x3e, 0x2f, 0x73, 0xd4, 0xd6, 0x4c, 0xa9, 0xc6, + 0x84, 0xf8, 0xbf, 0x71, 0xfc, 0x68, 0x2a, 0x46, + 0x79, 0x3b, 0x17, 0x90, 0xaf, 0xa4, 0xfe, 0xb1, + 0x00, 0xca, 0x7a, 0xaf, 0xf2, 0x6f, 0x58, 0xf0, + 0xe1, 0xd0, 0xed, 0x42, 0xf1, 0xcd, 0xad, 0x1f, + 0x47, 0x4a, 0xfa, 0x2e, 0x79, 0xd5, 0x3a, 0x0c, + 0x42, 0x89, 0x2c, 0x4d, 0x7b, 0x32, 0x7c, 0xbe, + 0x46, 0xb2, 0x95, 0xed, 0x8d, 0xa3, 0xb6, 0xec, + 0xab, 0x3d, 0x48, 0x51, 0x68, 0x7a, 0x6f, 0x81, + 0x2b, 0x79, 0xdf, 0x2f, 0x6b, 0x20, 0xf1, 0x1f, + 0x67, 0x06, 0xf5, 0x30, 0x17, 0x90, 0xca, 0x99, + 0x62, 0x5a, 0xad, 0x73, 0x91, 0xd8, 0x4f, 0x78, + 0x04, 0x3d, 0x2a, 0x0a, 0x23, 0x9b, 0x14, 0x77, + 0x98, 0x4c, 0x15, 0x7b, 0xbc, 0x92, 0x76, 0x06, + 0x4e, 0x7a, 0x1a, 0x40, 0x6b, 0x06, 0x12, 0xca +}; + +/* + * SHA-1 HMAC Known MAC (Case 2) + * Source from FIPS PUB 198 (A.2) + */ +uint8_t sha1_hmac_known_secret_key_2[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43 +}; + +uint8_t sha1_hmac_known_hash_message_2[] = { + 'S', 'a', 'm', 'p', 'l', 'e', ' ', '#', '2' +}; + +uint8_t sha1_known_hmac_2[] = { + 0x09, 0x22, 0xd3, 0x40, 0x5f, 0xaa, 0x3d, 0x19, + 0x4f, 0x82, 0xa4, 0x58, 0x30, 0x73, 0x7d, 0x5c, + 0xc6, 0xc7, 0x5d, 0x24 +}; + +/* + * SHA-256 Known Hash Message (512-bits). + * Source from NIST SHA256ShortMsg (Len = 512) + */ +uint8_t sha256_known_hash_message[] = { + 0x35, 0x92, 0xec, 0xfd, 0x1e, 0xac, 0x61, 0x8f, + 0xd3, 0x90, 0xe7, 0xa9, 0xc2, 0x4b, 0x65, 0x65, + 0x32, 0x50, 0x93, 0x67, 0xc2, 0x1a, 0x0e, 0xac, + 0x12, 0x12, 0xac, 0x83, 0xc0, 0xb2, 0x0c, 0xd8, + 0x96, 0xeb, 0x72, 0xb8, 0x01, 0xc4, 0xd2, 0x12, + 0xc5, 0x45, 0x2b, 0xbb, 0xf0, 0x93, 0x17, 0xb5, + 0x0c, 0x5c, 0x9f, 0xb1, 0x99, 0x75, 0x53, 0xd2, + 0xbb, 0xc2, 0x9b, 0xb4, 0x2f, 0x57, 0x48, 0xad +}; + +/* known SHA256 Digest Message (32 bytes) */ +uint8_t known_sha256_digest[] = { + 0x10, 0x5a, 0x60, 0x86, 0x58, 0x30, 0xac, 0x3a, + 0x37, 0x1d, 0x38, 0x43, 0x32, 0x4d, 0x4b, 0xb5, + 0xfa, 0x8e, 0xc0, 0xe0, 0x2d, 0xda, 0xa3, 0x89, + 0xad, 0x8d, 0xa4, 0xf1, 0x02, 0x15, 0xc4, 0x54 +}; + +/* + * SHA-384 Known Hash Message (512-bits). + * Source from NIST SHA384ShortMsg (Len = 512) + */ +uint8_t sha384_known_hash_message[] = { + 0x58, 0xbe, 0xab, 0xf9, 0x79, 0xab, 0x35, 0xab, + 0xba, 0x29, 0x37, 0x6d, 0x5d, 0xc2, 0x27, 0xab, + 0xb3, 0xd2, 0xff, 0x4d, 0x90, 0x30, 0x49, 0x82, + 0xfc, 0x10, 0x79, 0xbc, 0x2b, 0x28, 0x80, 0xfc, + 0xb0, 0x12, 0x9e, 0x4f, 0xed, 0xf2, 0x78, 0x98, + 0xce, 0x58, 0x6a, 0x91, 0xb7, 0x68, 0x1e, 0x0d, + 0xba, 0x38, 0x5e, 0x80, 0x0e, 0x79, 0x26, 0xc0, + 0xbc, 0x5a, 0xfe, 0x0d, 0x9c, 0xa9, 0x86, 0x50 +}; + +/* known SHA384 Digest Message (48 bytes) */ +uint8_t known_sha384_digest[] = { + 0xa0, 0x88, 0x8e, 0x1c, 0x4d, 0x7e, 0x80, 0xcb, + 0xaa, 0xaf, 0xa8, 0xbb, 0x1c, 0xa1, 0xca, 0x91, + 0x2a, 0x93, 0x21, 0x75, 0xc2, 0xef, 0x98, 0x2c, + 0xe1, 0xf1, 0x23, 0xa8, 0xc1, 0xae, 0xe9, 0x63, + 0x5a, 0xd7, 0x5b, 0xe5, 0x25, 0x90, 0xa9, 0x24, + 0xbe, 0xd3, 0xf5, 0xec, 0x36, 0xc3, 0x56, 0x90 +}; + +/* + * SHA-512 Known Hash Message (512-bits). + * Source from NIST SHA512ShortMsg (Len = 512) + */ +uint8_t sha512_known_hash_message[] = { + 0x09, 0x5c, 0x7f, 0x30, 0x82, 0x4f, 0xc9, 0x28, + 0x58, 0xcc, 0x93, 0x47, 0xc0, 0x85, 0xd5, 0x78, + 0x88, 0x5f, 0xf3, 0x61, 0x4d, 0xd3, 0x8e, 0xe7, + 0xee, 0x94, 0xa0, 0xf4, 0x40, 0x72, 0xc8, 0x77, + 0x04, 0x7e, 0xe2, 0xad, 0x16, 0x6f, 0xdb, 0xa0, + 0xe7, 0x44, 0xc3, 0xed, 0x2c, 0x2b, 0x24, 0xc9, + 0xd8, 0xa2, 0x93, 0x46, 0x48, 0xdc, 0x84, 0xd3, + 0xbe, 0x66, 0x63, 0x02, 0x11, 0x0a, 0xe0, 0x8f +}; + +/* known SHA512 Digest Message (64 bytes) */ +uint8_t known_sha512_digest[] = { + 0xd5, 0xcd, 0xaf, 0x83, 0xbb, 0x4a, 0x27, 0xea, + 0xad, 0x8d, 0x8f, 0x18, 0xe4, 0xbe, 0xe9, 0xc2, + 0x5b, 0xe9, 0x49, 0xa7, 0x61, 0xa0, 0xfd, 0x0f, + 0xb2, 0x28, 0x4c, 0xab, 0x14, 0x3c, 0xad, 0x60, + 0xbe, 0xb5, 0x68, 0x87, 0x34, 0xb2, 0xf8, 0x1e, + 0x9e, 0x2d, 0x64, 0x0b, 0x42, 0x5f, 0xd3, 0x2c, + 0xcb, 0x3d, 0x20, 0xd0, 0x2d, 0x63, 0xc2, 0xc9, + 0x4c, 0x03, 0xab, 0x3d, 0x9e, 0x7d, 0x9b, 0x4a +}; + +/* SHA-2 HMAC Test Vectors */ + +/* + * SHA-256 HMAC Known Hash Message (512-bits). + * (Not used by HW provider because of the key size limitation + */ +uint8_t sha256_hmac_known_hash_message[] = { + 0x54, 0x68, 0x65, 0x20, 0x74, 0x65, 0x73, 0x74, + 0x20, 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, + 0x20, 0x66, 0x6F, 0x72, 0x20, 0x74, 0x68, 0x65, + 0x20, 0x4D, 0x44, 0x32, 0x2C, 0x20, 0x4D, 0x44, + 0x35, 0x2C, 0x20, 0x61, 0x6E, 0x64, 0x20, 0x53, + 0x48, 0x41, 0x2D, 0x31, 0x20, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x6E, 0x67, 0x20, 0x61, 0x6C, 0x67, + 0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x73, 0x2E +}; + +uint8_t sha256_hmac_known_secret_key[] = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x53, 0x48, 0x41, 0x2D, + 0x32, 0x35, 0x36, 0x20, 0x48, 0x4D, 0x41, 0x43, + 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x20, + 0x6B, 0x65, 0x79, 0x21 +}; + +/* known SHA256 hmac (32 bytes) */ +uint8_t known_sha256_hmac[] = { + 0x02, 0x87, 0x21, 0x93, 0x84, 0x8a, 0x35, 0xae, + 0xdb, 0xb6, 0x79, 0x26, 0x96, 0xf0, 0x50, 0xeb, + 0x33, 0x49, 0x57, 0xf1, 0xb2, 0x32, 0xd3, 0x63, + 0x03, 0x65, 0x57, 0xa2, 0xba, 0xa2, 0x5f, 0x35 +}; + +/* + * SHA-256 HMAC Known Hash Message from RFC 4231 + * Test Case 2 and 4 + */ +uint8_t sha256_hmac_known_hash_message_1[] = { + 0x77, 0x68, 0x61, 0x74, 0x20, 0x64, 0x6f, 0x20, + 0x79, 0x61, 0x20, 0x77, 0x61, 0x6e, 0x74, 0x20, + 0x66, 0x6f, 0x72, 0x20, 0x6e, 0x6f, 0x74, 0x68, + 0x69, 0x6e, 0x67, 0x3f +}; +uint8_t sha256_hmac_known_secret_key_1[] = { + 0x4a, 0x65, 0x66, 0x65 +}; +uint8_t sha256_known_hmac_1[] = { + 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e, + 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7, + 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83, + 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 +}; + +uint8_t sha256_hmac_known_hash_message_2[] = { + 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, + 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, + 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, + 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, + 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, + 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, + 0xcd, 0xcd +}; +uint8_t sha256_hmac_known_secret_key_2[] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x19 +}; +uint8_t sha256_known_hmac_2[] = { + 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e, + 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a, + 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07, + 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b +}; + +/* + * SHA-384 HMAC Known Hash Message (512-bits). + * Source from NIST HMAC.txt (Count = 15, Klen = 16, Tlen = 48) + */ +uint8_t sha384_hmac_known_secret_key[] = { + 0x01, 0xac, 0x59, 0xf4, 0x2f, 0x8b, 0xb9, 0x1d, + 0x1b, 0xd1, 0x0f, 0xe6, 0x99, 0x0d, 0x7a, 0x87 +}; + +uint8_t sha384_hmac_known_hash_message[] = { + 0x3c, 0xaf, 0x18, 0xc4, 0x76, 0xed, 0xd5, 0x61, + 0x5f, 0x34, 0x3a, 0xc7, 0xb7, 0xd3, 0xa9, 0xda, + 0x9e, 0xfa, 0xde, 0x75, 0x56, 0x72, 0xd5, 0xba, + 0x4b, 0x8a, 0xe8, 0xa7, 0x50, 0x55, 0x39, 0xea, + 0x2c, 0x12, 0x4f, 0xf7, 0x55, 0xec, 0x04, 0x57, + 0xfb, 0xe4, 0x9e, 0x43, 0x48, 0x0b, 0x3c, 0x71, + 0xe7, 0xf4, 0x74, 0x2e, 0xc3, 0x69, 0x3a, 0xad, + 0x11, 0x5d, 0x03, 0x9f, 0x90, 0x22, 0x2b, 0x03, + 0x0f, 0xdc, 0x94, 0x40, 0x31, 0x36, 0x91, 0x71, + 0x6d, 0x53, 0x02, 0x00, 0x58, 0x08, 0xc0, 0x76, + 0x27, 0x48, 0x3b, 0x91, 0x6f, 0xdf, 0x61, 0x98, + 0x30, 0x63, 0xc2, 0xeb, 0x12, 0x68, 0xf2, 0xde, + 0xee, 0xf4, 0x2f, 0xc7, 0x90, 0x33, 0x44, 0x56, + 0xbc, 0x6b, 0xad, 0x25, 0x6e, 0x31, 0xfc, 0x90, + 0x66, 0xde, 0x7c, 0xc7, 0xe4, 0x3d, 0x13, 0x21, + 0xb1, 0x86, 0x6d, 0xb4, 0x5e, 0x90, 0x56, 0x22 +}; + +/* known SHA384 hmac (48 bytes) */ +uint8_t known_sha384_hmac[] = { + 0x19, 0x85, 0xfa, 0x21, 0x63, 0xa5, 0x94, 0x3f, + 0xc5, 0xd9, 0x2f, 0x1f, 0xe8, 0x83, 0x12, 0x15, + 0xe7, 0xe9, 0x1f, 0x0b, 0xff, 0x53, 0x32, 0xbc, + 0x71, 0x3a, 0x07, 0x2b, 0xdb, 0x3a, 0x8f, 0x9e, + 0x5c, 0x51, 0x57, 0x46, 0x3a, 0x3b, 0xfe, 0xb3, + 0x62, 0x31, 0x41, 0x6e, 0x65, 0x97, 0x3e, 0x64 +}; + +/* + * SHA-512 HMAC Known Hash Message (512-bits). + * Source from NIST HMAC.txt (Count = 30, Klen = 20, Tlen = 64) + */ +uint8_t sha512_hmac_known_secret_key[] = { + 0xa7, 0x36, 0xf2, 0x74, 0xfd, 0xa6, 0x8e, 0x1b, + 0xd5, 0xf9, 0x47, 0x1e, 0x85, 0xfd, 0x41, 0x5d, + 0x7f, 0x2b, 0xa1, 0xbc +}; + +uint8_t sha512_hmac_known_hash_message[] = { + 0xa6, 0xcc, 0xc3, 0x55, 0x2c, 0x33, 0xe9, 0x17, + 0x8b, 0x6b, 0x82, 0xc6, 0x53, 0xd6, 0x3d, 0xe2, + 0x54, 0x0f, 0x17, 0x08, 0x07, 0xc3, 0xd9, 0x6a, + 0x2a, 0xc2, 0xe2, 0x7d, 0xab, 0x55, 0x26, 0xf1, + 0xc7, 0xd3, 0x77, 0xe6, 0x73, 0x6f, 0x04, 0x5d, + 0xfb, 0x54, 0x1f, 0xec, 0xe9, 0xf4, 0x43, 0xb7, + 0x28, 0x9c, 0x55, 0x9b, 0x69, 0x4c, 0x2a, 0xac, + 0xc6, 0xc7, 0x4a, 0xe2, 0xa5, 0xe6, 0xf3, 0x0f, + 0xe0, 0x31, 0x61, 0x14, 0x23, 0xb0, 0x4d, 0x55, + 0x95, 0xff, 0xb4, 0x6a, 0xba, 0xa1, 0xd9, 0x18, + 0x98, 0x96, 0x8d, 0x7f, 0x18, 0x30, 0xae, 0x94, + 0xb0, 0x22, 0xee, 0xd2, 0x3f, 0xda, 0xd5, 0x2d, + 0x38, 0x11, 0x0a, 0x48, 0x03, 0xa0, 0xce, 0xe7, + 0xa0, 0x95, 0xc9, 0xa7, 0x8e, 0x86, 0x09, 0xed, + 0xeb, 0x25, 0x48, 0x1c, 0xdc, 0x15, 0x6d, 0x0b, + 0x2f, 0xfc, 0x56, 0xb6, 0x3f, 0xda, 0xd5, 0x33 +}; + +/* known SHA512 hmac (64 bytes) */ +uint8_t known_sha512_hmac[] = { + 0xf7, 0x18, 0x03, 0x43, 0x1e, 0x07, 0xa5, 0xa6, + 0xe5, 0xfd, 0x4a, 0xe4, 0xcf, 0xc2, 0x75, 0x3b, + 0xc8, 0x0d, 0x26, 0xe1, 0x67, 0x23, 0xd9, 0xe8, + 0x8b, 0x40, 0x5a, 0x02, 0x34, 0x8e, 0xf4, 0xb9, + 0x67, 0x92, 0xc9, 0x9c, 0xed, 0x64, 0xdc, 0x70, + 0xea, 0x47, 0x53, 0x78, 0xb7, 0x46, 0x6a, 0xc2, + 0xca, 0xf4, 0xa4, 0x20, 0xb0, 0x1f, 0xf6, 0x1e, + 0x72, 0xc5, 0xb5, 0xee, 0x8e, 0xaa, 0xd4, 0xd4 +}; + +/* + * RSA: 1024-bit RSA known key + */ +uint8_t rsa_modulus_1024[] = { + 0x94, 0x32, 0xb9, 0x12, 0x1d, 0x68, 0x2c, 0xda, + 0x2b, 0xe0, 0xe4, 0x97, 0x1b, 0x4d, 0xdc, 0x43, + 0xdf, 0x38, 0x6e, 0x7b, 0x9f, 0x07, 0x58, 0xae, + 0x9d, 0x82, 0x1e, 0xc7, 0xbc, 0x92, 0xbf, 0xd3, + 0xce, 0x00, 0xbb, 0x91, 0xc9, 0x79, 0x06, 0x03, + 0x1f, 0xbc, 0x9f, 0x94, 0x75, 0x29, 0x5f, 0xd7, + 0xc5, 0xf3, 0x73, 0x8a, 0xa4, 0x35, 0x43, 0x7a, + 0x00, 0x32, 0x97, 0x3e, 0x86, 0xef, 0x70, 0x6f, + 0x18, 0x56, 0x15, 0xaa, 0x6a, 0x87, 0xe7, 0x8d, + 0x7d, 0xdd, 0x1f, 0xa4, 0xe4, 0x31, 0xd4, 0x7a, + 0x8c, 0x0e, 0x20, 0xd2, 0x23, 0xf5, 0x57, 0x3c, + 0x1b, 0xa8, 0x44, 0xa4, 0x57, 0x8f, 0x33, 0x52, + 0xad, 0x83, 0xae, 0x4a, 0x97, 0xa6, 0x1e, 0xa6, + 0x2b, 0xfa, 0xea, 0xeb, 0x6e, 0x71, 0xb8, 0xb6, + 0x0a, 0x36, 0xed, 0x83, 0xce, 0xb0, 0xdf, 0xc1, + 0xd4, 0x3a, 0xe9, 0x99, 0x6f, 0xf3, 0x96, 0xb7 +}; +uint8_t rsa_public_exponent_1024[] = {0x01, 0x00, 0x01}; +uint8_t rsa_private_exponent_1024[] = { + 0x8e, 0xc9, 0x70, 0x57, 0x6b, 0xcd, 0xfb, 0xa9, + 0x19, 0xad, 0xcd, 0x91, 0x69, 0xd5, 0x52, 0xec, + 0x72, 0x1e, 0x45, 0x15, 0x06, 0xdc, 0x65, 0x2d, + 0x98, 0xc4, 0xce, 0x33, 0x54, 0x15, 0x70, 0x8d, + 0xfa, 0x65, 0xea, 0x53, 0x44, 0xf3, 0x3e, 0x3f, + 0xb4, 0x4c, 0x60, 0xd5, 0x01, 0x2d, 0xa4, 0x12, + 0x99, 0xbf, 0x3f, 0x0b, 0xcd, 0xbb, 0x24, 0x10, + 0x60, 0x30, 0x5e, 0x58, 0xf8, 0x59, 0xaa, 0xd1, + 0x63, 0x3b, 0xbc, 0xcb, 0x94, 0x58, 0x38, 0x24, + 0xfc, 0x65, 0x25, 0xc5, 0xa6, 0x51, 0xa2, 0x2e, + 0xf1, 0x5e, 0xf5, 0xc1, 0xf5, 0x46, 0xf7, 0xbd, + 0xc7, 0x62, 0xa8, 0xe2, 0x27, 0xd6, 0x94, 0x5b, + 0xd3, 0xa2, 0xb5, 0x76, 0x42, 0x67, 0x6b, 0x86, + 0x91, 0x97, 0x4d, 0x07, 0x92, 0x00, 0x4a, 0xdf, + 0x0b, 0x65, 0x64, 0x05, 0x03, 0x48, 0x27, 0xeb, + 0xce, 0x9a, 0x49, 0x7f, 0x3e, 0x10, 0xe0, 0x01 +}; +uint8_t rsa_prime1_1024[] = { + 0xe4, 0xe7, 0x50, 0x8c, 0x48, 0x2b, 0x0a, 0xda, + 0xb1, 0xf0, 0xd5, 0x1e, 0x0b, 0xf3, 0xdc, 0xfc, + 0xa9, 0x60, 0x20, 0x73, 0xa0, 0x89, 0x20, 0xa8, + 0x2e, 0x1a, 0x50, 0x95, 0xdc, 0x45, 0xef, 0x29, + 0x21, 0x69, 0x22, 0xca, 0x3f, 0x2c, 0xfe, 0x6e, + 0xb3, 0xc9, 0xee, 0x2d, 0xb1, 0xb9, 0xbd, 0x6c, + 0xdd, 0x89, 0xbb, 0x0a, 0x9a, 0x0e, 0x14, 0xa1, + 0x88, 0x4a, 0x56, 0x5d, 0xb5, 0x0f, 0xd2, 0x01 +}; +uint8_t rsa_prime2_1024[] = { + 0xa5, 0xbd, 0xb6, 0xb8, 0x49, 0x97, 0x9d, 0x2c, + 0x04, 0x06, 0x5b, 0xee, 0xae, 0x5f, 0x78, 0x06, + 0x49, 0xa2, 0x11, 0xbf, 0xff, 0x40, 0x4f, 0x56, + 0x88, 0xc7, 0xe9, 0x55, 0x79, 0xeb, 0xc6, 0x68, + 0x1c, 0xb3, 0x13, 0x9f, 0x41, 0x6c, 0x10, 0x3c, + 0x26, 0xd2, 0xd6, 0x68, 0xb3, 0x1e, 0x6b, 0x93, + 0x08, 0x86, 0xfe, 0x15, 0x47, 0xa7, 0x52, 0x3a, + 0xb4, 0x28, 0x43, 0x78, 0xef, 0x34, 0x78, 0xb7 +}; +uint8_t rsa_exponent1_1024[] = { + 0x58, 0x83, 0x51, 0xd4, 0x4c, 0xfb, 0xc7, 0xe0, + 0xb5, 0x3a, 0x09, 0x4e, 0xeb, 0x14, 0x4b, 0x79, + 0xb0, 0x0d, 0x29, 0xbf, 0x4c, 0x6e, 0x7a, 0x20, + 0x4e, 0x63, 0x82, 0x91, 0xd0, 0x71, 0x82, 0x7f, + 0x87, 0x19, 0xde, 0x88, 0x12, 0x51, 0xd5, 0xb8, + 0xfc, 0xf0, 0xb2, 0x97, 0x1c, 0xc8, 0x54, 0x05, + 0x4a, 0xcd, 0x3d, 0x74, 0x66, 0x09, 0xd7, 0xd4, + 0x76, 0x9d, 0x38, 0x34, 0x58, 0x15, 0x5c, 0x01 +}; +uint8_t rsa_exponent2_1024[] = { + 0x4a, 0xc6, 0x27, 0x6c, 0x47, 0x0f, 0x56, 0xc2, + 0x67, 0xe2, 0x72, 0x91, 0x61, 0x2c, 0x03, 0x1b, + 0x5b, 0x16, 0xfa, 0x49, 0x13, 0xa0, 0x70, 0xea, + 0xca, 0x74, 0xde, 0x89, 0x48, 0xa3, 0x1d, 0x75, + 0x15, 0x15, 0x99, 0x91, 0xac, 0xd3, 0x53, 0x13, + 0xc0, 0x34, 0x38, 0xb5, 0x2d, 0xb2, 0x58, 0xb8, + 0x12, 0x0d, 0xcd, 0x0d, 0xce, 0xb0, 0xe7, 0x41, + 0x42, 0xcc, 0x33, 0x7c, 0x98, 0xf6, 0xa4, 0x4b +}; +uint8_t rsa_coefficient_1024[] = { + 0x60, 0x6a, 0x6c, 0x5a, 0xf1, 0x55, 0xe9, 0xe4, + 0x67, 0x72, 0x2f, 0x99, 0x03, 0x6a, 0x56, 0xa1, + 0xed, 0xf2, 0x59, 0xfa, 0xec, 0x88, 0xc5, 0xb7, + 0xa8, 0x71, 0x4a, 0x5f, 0xab, 0x86, 0xb0, 0x50, + 0x93, 0x3c, 0xe3, 0x70, 0xf9, 0xf2, 0x72, 0xe6, + 0xd2, 0xb5, 0x30, 0x3e, 0x60, 0x29, 0x70, 0xd4, + 0xf0, 0x31, 0x15, 0x36, 0x3a, 0x27, 0xb6, 0xdf, + 0x18, 0xb0, 0xf0, 0x32, 0xef, 0xa3, 0x84, 0xcb +}; + + +/* + * RSA: 2048-bit RSA known key + */ +uint8_t rsa_modulus_2048[] = { + 0x7f, 0xf1, 0xed, 0x5a, 0xa0, 0xe2, 0x97, 0x05, + 0x03, 0xc0, 0xf3, 0xcf, 0x86, 0x4a, 0x01, 0x15, + 0xc3, 0x4f, 0x32, 0xf4, 0xf7, 0xbe, 0x57, 0x4a, + 0xe1, 0x87, 0xf2, 0x1c, 0xd3, 0xa5, 0x96, 0xc1, + 0x54, 0xe5, 0x97, 0x19, 0x7d, 0xf1, 0x13, 0xc3, + 0x4d, 0xcf, 0x5a, 0x08, 0x76, 0xfc, 0x6c, 0x93, + 0x87, 0x71, 0x20, 0x66, 0xb7, 0xbf, 0x37, 0xbb, + 0xc9, 0xf5, 0x16, 0xf4, 0x9c, 0x5c, 0x64, 0x58, + 0xc4, 0x9e, 0x17, 0x0e, 0x99, 0x6d, 0x3f, 0x7d, + 0x4f, 0xf1, 0x01, 0xde, 0x76, 0x55, 0xa9, 0xfe, + 0xa0, 0xa4, 0x95, 0xd1, 0x4e, 0xc6, 0x8b, 0x0a, + 0x86, 0x5b, 0x60, 0x40, 0xf1, 0x74, 0x91, 0x26, + 0xcf, 0xc4, 0xf7, 0x7a, 0x86, 0xd7, 0x72, 0x47, + 0x25, 0x9e, 0x3e, 0x5a, 0xbd, 0x7f, 0x11, 0x9a, + 0x28, 0x9e, 0x00, 0x8d, 0xfb, 0x9d, 0x93, 0x8e, + 0xb4, 0xcc, 0x7f, 0x22, 0x00, 0x8a, 0x3b, 0xbb, + 0xca, 0x45, 0x8e, 0x93, 0xd3, 0xe4, 0x89, 0x96, + 0xe1, 0xb8, 0x5f, 0xdf, 0x75, 0x94, 0x89, 0xa5, + 0xad, 0x39, 0x76, 0x43, 0xa7, 0xdf, 0xe4, 0x62, + 0x39, 0x01, 0x56, 0x31, 0x46, 0x2b, 0xf4, 0x05, + 0xa9, 0xa9, 0x33, 0x96, 0x16, 0x75, 0x3f, 0xf2, + 0xcd, 0x6b, 0x0d, 0xa9, 0xf2, 0x9b, 0x30, 0x6d, + 0x17, 0xec, 0x1a, 0x5a, 0x14, 0x5a, 0x8e, 0xaa, + 0x52, 0x35, 0x83, 0x0a, 0x59, 0xbc, 0x56, 0x96, + 0x18, 0x08, 0xbf, 0x91, 0xf7, 0x69, 0x81, 0x66, + 0xda, 0x13, 0xb6, 0x77, 0xb9, 0x6a, 0x4a, 0x71, + 0xd9, 0xae, 0x43, 0x0d, 0xad, 0xb4, 0x5f, 0x11, + 0x87, 0x91, 0x84, 0xc6, 0x59, 0xfe, 0xb0, 0x05, + 0x83, 0x21, 0x66, 0x7a, 0x70, 0xeb, 0x15, 0xbb, + 0xc3, 0x40, 0x37, 0xce, 0xbc, 0xe7, 0x4f, 0x95, + 0xf1, 0x83, 0xcf, 0x89, 0xdd, 0xdc, 0xea, 0x01, + 0xe1, 0x42, 0xe9, 0x52, 0x8b, 0x1f, 0x91, 0x25}; +uint8_t rsa_public_exponent_2048[] = { 0x3 }; +uint8_t rsa_private_exponent_2048[] = { + 0x55, 0x4b, 0xf3, 0x91, 0xc0, 0x97, 0x0f, 0x58, + 0xad, 0x2b, 0x4d, 0x35, 0x04, 0x31, 0x56, 0x0e, + 0x82, 0x34, 0xcc, 0xa3, 0x4f, 0xd4, 0x3a, 0x31, + 0xeb, 0xaf, 0xf6, 0xbd, 0xe2, 0x6e, 0x64, 0x80, + 0xe3, 0x43, 0xba, 0x10, 0xfe, 0xa0, 0xb7, 0xd7, + 0x89, 0x34, 0xe6, 0xb0, 0x4f, 0x52, 0xf3, 0x0d, + 0x04, 0xf6, 0x15, 0x99, 0xcf, 0xd4, 0xcf, 0xd2, + 0x86, 0xa3, 0x64, 0xa3, 0x12, 0xe8, 0x42, 0xe5, + 0xd8, 0x69, 0x64, 0xb4, 0x66, 0x48, 0xd4, 0xfe, + 0x35, 0x4b, 0x56, 0x94, 0x4e, 0xe3, 0xc6, 0xa9, + 0xc0, 0x6d, 0xb9, 0x36, 0x34, 0x84, 0x5c, 0xb1, + 0xae, 0xe7, 0x95, 0x80, 0xa0, 0xf8, 0x60, 0xc4, + 0x8a, 0x83, 0x4f, 0xa7, 0x04, 0x8f, 0xa1, 0x84, + 0xc3, 0xbe, 0xd4, 0x3c, 0x7e, 0x54, 0xb6, 0x66, + 0xc5, 0xbe, 0xab, 0x09, 0x52, 0x69, 0x0d, 0x09, + 0xcd, 0xdd, 0xaa, 0x16, 0xab, 0x06, 0xd2, 0x7c, + 0x3c, 0x58, 0x7d, 0x53, 0x4b, 0x14, 0x41, 0x35, + 0x9a, 0x78, 0x74, 0xf5, 0x8e, 0x67, 0x50, 0x52, + 0xc5, 0x17, 0xcd, 0xfd, 0x7a, 0xe4, 0x9b, 0xbb, + 0xaf, 0x4b, 0x17, 0xa7, 0x3c, 0x09, 0x1d, 0xd6, + 0xa1, 0x11, 0x06, 0x36, 0x68, 0x83, 0x66, 0xd6, + 0x49, 0x44, 0x9f, 0x0b, 0xe3, 0x17, 0x1a, 0xc5, + 0xd7, 0x9a, 0x65, 0x5d, 0x15, 0x81, 0x6a, 0x5d, + 0xdd, 0xd7, 0xf4, 0x54, 0xa3, 0x6f, 0x1e, 0x60, + 0x87, 0x2a, 0x59, 0xaa, 0x73, 0xf0, 0xdd, 0xdb, + 0x66, 0xa8, 0x19, 0x31, 0xfd, 0x00, 0x09, 0x8f, + 0xce, 0x9a, 0xec, 0xff, 0x88, 0x5c, 0x4e, 0x67, + 0x55, 0xa0, 0x14, 0xdf, 0x28, 0x61, 0x5f, 0x47, + 0x8d, 0x49, 0xb3, 0xee, 0x5e, 0xfc, 0xc8, 0x41, + 0x75, 0x59, 0x93, 0xa4, 0x24, 0x69, 0xc0, 0x1a, + 0x18, 0x04, 0xda, 0x38, 0x0e, 0xf3, 0xa5, 0x04, + 0xbf, 0xe3, 0xf9, 0xf3, 0x7c, 0xe5, 0x82, 0xeb}; +uint8_t rsa_prime1_2048[] = { + 0x97, 0x5e, 0xb8, 0x7b, 0x74, 0xe6, 0xe3, 0x7b, + 0x4b, 0xdf, 0x5b, 0xb8, 0x0f, 0xe6, 0xa1, 0xcc, + 0x1c, 0x84, 0xc9, 0x60, 0x5d, 0x80, 0x17, 0x6d, + 0x61, 0xc2, 0x4d, 0x14, 0x0c, 0x71, 0xda, 0x02, + 0x74, 0x6f, 0x1f, 0x85, 0x4f, 0xb9, 0x69, 0xb9, + 0x3c, 0x23, 0x74, 0x60, 0x14, 0xc2, 0xb2, 0x44, + 0x0c, 0x18, 0xde, 0xfa, 0x12, 0x2c, 0xb8, 0x68, + 0x71, 0x62, 0x07, 0x8c, 0x02, 0xe3, 0x08, 0xf9, + 0x49, 0xc1, 0x15, 0x13, 0x0f, 0x76, 0x50, 0xd6, + 0x6e, 0xd3, 0x7b, 0xfa, 0x68, 0x0e, 0x75, 0x07, + 0x0b, 0xee, 0x2c, 0xd7, 0x34, 0xc9, 0x98, 0x33, + 0x16, 0xca, 0x60, 0x54, 0x36, 0x12, 0x65, 0xc4, + 0x1c, 0xf1, 0xe5, 0x7c, 0x6a, 0x6a, 0x0f, 0x11, + 0x45, 0xbb, 0x60, 0xa0, 0x35, 0x97, 0xaa, 0x25, + 0x58, 0x29, 0x1b, 0xf8, 0x4d, 0xb5, 0x86, 0x58, + 0x68, 0x19, 0x30, 0x6d, 0x07, 0x78, 0x1d, 0x9d}; +uint8_t rsa_prime2_2048[] = { + 0xd8, 0x62, 0x1a, 0x1b, 0x6e, 0x5f, 0x44, 0x4b, + 0x2e, 0x24, 0x54, 0xb7, 0x10, 0x12, 0xef, 0x5d, + 0x69, 0x10, 0xf7, 0xe7, 0x12, 0x08, 0xe3, 0x5b, + 0x50, 0x4e, 0x65, 0xa2, 0x5f, 0xac, 0x6d, 0x41, + 0x43, 0xa0, 0x8a, 0xbf, 0x29, 0xf6, 0xbb, 0xf8, + 0x23, 0x60, 0xaa, 0xb8, 0x09, 0x35, 0xd6, 0x00, + 0x48, 0x6b, 0xa3, 0x54, 0x61, 0xeb, 0xb6, 0xb5, + 0x14, 0x0f, 0x8c, 0xff, 0x61, 0xb2, 0xa0, 0x0c, + 0x03, 0x88, 0x23, 0xff, 0x3a, 0x09, 0xe3, 0xc7, + 0x51, 0x44, 0x14, 0xb2, 0x55, 0xdb, 0xc7, 0x13, + 0x17, 0xd7, 0xb2, 0xb7, 0x2c, 0x60, 0x51, 0x43, + 0x70, 0x57, 0x05, 0x23, 0x67, 0x5a, 0x3b, 0x56, + 0x12, 0x40, 0xf3, 0x18, 0x78, 0x05, 0xda, 0x48, + 0x4d, 0x7e, 0x79, 0xb8, 0x50, 0xb1, 0x05, 0x49, + 0x75, 0x53, 0x6c, 0x3d, 0x79, 0xb9, 0xec, 0x22, + 0x59, 0x53, 0xc1, 0xf8, 0x48, 0x4f, 0x2f, 0x29}; +uint8_t rsa_exponent1_2048[] = { + 0x64, 0xe9, 0xd0, 0x52, 0x4d, 0xef, 0x42, 0x52, + 0x32, 0x94, 0xe7, 0xd0, 0x0a, 0x99, 0xc1, 0x32, + 0xbd, 0xad, 0xdb, 0x95, 0x93, 0xaa, 0xba, 0x48, + 0xeb, 0xd6, 0xde, 0x0d, 0x5d, 0xa1, 0x3c, 0x01, + 0xa2, 0xf4, 0xbf, 0xae, 0x35, 0x26, 0x46, 0x7b, + 0x7d, 0x6c, 0xf8, 0x40, 0x0d, 0xd7, 0x21, 0x82, + 0xb2, 0xbb, 0x3f, 0x51, 0x61, 0x73, 0x25, 0x9a, + 0xf6, 0x41, 0x5a, 0x5d, 0x57, 0x42, 0x05, 0xfb, + 0x86, 0x80, 0xb8, 0xb7, 0x5f, 0xa4, 0x35, 0xe4, + 0x49, 0xe2, 0x52, 0xa6, 0xf0, 0x09, 0xa3, 0x5a, + 0x07, 0xf4, 0x1d, 0xe4, 0xcd, 0xdb, 0xba, 0xcc, + 0xb9, 0xdc, 0x40, 0x38, 0x24, 0x0c, 0x43, 0xd8, + 0x13, 0x4b, 0xee, 0x52, 0xf1, 0x9c, 0x0a, 0x0b, + 0x83, 0xd2, 0x40, 0x6a, 0xce, 0x65, 0x1c, 0x18, + 0xe5, 0x70, 0xbd, 0x50, 0x33, 0xce, 0x59, 0x90, + 0x45, 0x66, 0x20, 0x48, 0xaf, 0xa5, 0x69, 0x13}; +uint8_t rsa_exponent2_2048[] = { + 0x90, 0x41, 0x66, 0xbc, 0xf4, 0x3f, 0x82, 0xdc, + 0xc9, 0x6d, 0x8d, 0xcf, 0x60, 0x0c, 0x9f, 0x93, + 0x9b, 0x60, 0xa5, 0x44, 0xb6, 0xb0, 0x97, 0x92, + 0x35, 0x89, 0x99, 0x16, 0xea, 0x72, 0xf3, 0x80, + 0xd7, 0xc0, 0x5c, 0x7f, 0x71, 0x4f, 0x27, 0xfa, + 0xc2, 0x40, 0x71, 0xd0, 0x06, 0x23, 0xe4, 0x00, + 0x30, 0x47, 0xc2, 0x38, 0x41, 0x47, 0xcf, 0x23, + 0x62, 0xb5, 0x08, 0xaa, 0x41, 0x21, 0xc0, 0x08, + 0x02, 0x5a, 0xc2, 0xaa, 0x26, 0xb1, 0x42, 0x84, + 0xe0, 0xd8, 0x0d, 0xcc, 0x39, 0x3d, 0x2f, 0x62, + 0x0f, 0xe5, 0x21, 0xcf, 0x72, 0xea, 0xe0, 0xd7, + 0xa0, 0x3a, 0x03, 0x6c, 0xef, 0x91, 0x7c, 0xe4, + 0x0c, 0x2b, 0x4c, 0xba, 0xfa, 0xae, 0x91, 0x85, + 0x88, 0xfe, 0xfb, 0xd0, 0x35, 0xcb, 0x58, 0xdb, + 0xa3, 0x8c, 0xf2, 0xd3, 0xa6, 0x7b, 0xf2, 0xc1, + 0x90, 0xe2, 0x81, 0x50, 0x30, 0x34, 0xca, 0x1b}; +uint8_t rsa_coefficient_2048[] = { + 0x86, 0xfd, 0x64, 0x2c, 0x28, 0x72, 0x4e, 0x59, + 0x2a, 0x29, 0xcd, 0xe2, 0xd1, 0xf6, 0x19, 0xc8, + 0xf8, 0xf0, 0x69, 0x77, 0x94, 0x03, 0x70, 0x0d, + 0x87, 0x27, 0x37, 0x4d, 0xe8, 0xed, 0x56, 0x9f, + 0x15, 0x99, 0x14, 0x3f, 0xf8, 0x35, 0x2f, 0x7c, + 0x01, 0x11, 0x82, 0x99, 0x90, 0x5f, 0x6d, 0xf8, + 0x2c, 0x81, 0x74, 0x22, 0xa1, 0x5c, 0x87, 0x93, + 0xc4, 0xa4, 0x0a, 0xd2, 0xf2, 0xe6, 0x51, 0x4d, + 0x3a, 0x24, 0x16, 0x7a, 0x8a, 0x36, 0xca, 0x03, + 0x58, 0xd7, 0xce, 0x5b, 0x16, 0x3f, 0x65, 0xf7, + 0xe8, 0xdc, 0x91, 0xee, 0x0b, 0x80, 0x20, 0x5d, + 0x12, 0x75, 0x0d, 0xe1, 0xe2, 0x78, 0x13, 0xcc, + 0x3d, 0xe6, 0x84, 0x56, 0x66, 0xa4, 0x69, 0x20, + 0x9f, 0x55, 0xf3, 0xcd, 0x48, 0x84, 0x93, 0xc0, + 0x4d, 0xf9, 0xa7, 0xb3, 0xfa, 0xf3, 0x31, 0x27, + 0x23, 0x70, 0x19, 0x6a, 0xf3, 0x02, 0x7f, 0x9d}; + +/* + * RSA: 1024-bit and 2048-bit known plaintext and signatures + */ +/* Plaintext message: 1024-bit including NULL termination */ +uint8_t rsa_known_plaintext_msg[] = { + 0x42, 0xad, 0xcb, 0xba, 0x92, 0x41, 0x72, 0xf3, + 0x3e, 0x7c, 0xc0, 0xf7, 0x2b, 0xbe, 0x30, 0xdf, + 0x97, 0xa2, 0x11, 0xd1, 0xa6, 0x43, 0x33, 0x22, + 0xc9, 0x14, 0xec, 0x07, 0x69, 0x4c, 0xa8, 0xbc, + 0xb9, 0x87, 0x54, 0xe1, 0x26, 0x2a, 0x9e, 0xfd, + 0xf7, 0xa2, 0x3b, 0xee, 0x77, 0x93, 0xff, 0xa8, + 0x34, 0xf5, 0x89, 0xef, 0xa4, 0xb9, 0x00, 0x86, + 0x46, 0x63, 0x07, 0x5a, 0x8f, 0x87, 0xb4, 0x6e, + 0x0d, 0xd6, 0xb2, 0x32, 0x21, 0x50, 0xab, 0x18, + 0xc0, 0x9c, 0x1e, 0xa1, 0x8a, 0x4e, 0xf3, 0x1f, + 0xe1, 0x4e, 0xf0, 0xe3, 0x9b, 0x9d, 0x33, 0x84, + 0x6d, 0x4b, 0x6f, 0x52, 0x65, 0x2c, 0xc1, 0x41, + 0x6a, 0x13, 0x10, 0xc2, 0xf6, 0x2f, 0xc6, 0xaf, + 0x35, 0xb4, 0xf2, 0xbf, 0x21, 0x16, 0x2b, 0x45, + 0x61, 0x97, 0xcf, 0x4f, 0xa0, 0x1d, 0x99, 0x9d, + 0xa0, 0x92, 0x11, 0x6d, 0x34, 0x63, 0x19, 0x73 +}; + +uint8_t rsa_x509_known_signature_1024[] = { + 0x43, 0xA3, 0x73, 0x60, 0xD7, 0x6F, 0xAB, 0x76, + 0x8C, 0xF7, 0x7C, 0xDD, 0x26, 0x59, 0x75, 0x91, + 0x0F, 0x06, 0x95, 0x4A, 0x3A, 0x02, 0x9A, 0x19, + 0x33, 0xF0, 0x98, 0x4E, 0x9A, 0x97, 0xEA, 0xFE, + 0x45, 0xB5, 0x94, 0xE0, 0x42, 0x46, 0xC7, 0x74, + 0x65, 0xE6, 0x0F, 0x81, 0xD0, 0x95, 0x17, 0x8F, + 0x82, 0xF6, 0x36, 0x02, 0x59, 0xE9, 0x20, 0x08, + 0x38, 0x70, 0x68, 0x67, 0xFE, 0x9B, 0xEA, 0xF8, + 0xBA, 0xD0, 0x00, 0x3F, 0x75, 0x2A, 0x2F, 0x7A, + 0xC7, 0xE9, 0x44, 0xA4, 0x39, 0xB6, 0x94, 0x85, + 0xA7, 0x8A, 0x3A, 0x97, 0x83, 0x93, 0x18, 0x93, + 0x99, 0xAC, 0xF7, 0x21, 0xD5, 0x76, 0x30, 0xA5, + 0xA1, 0xE5, 0x3B, 0x50, 0x2D, 0x10, 0xBE, 0xD1, + 0x96, 0x41, 0x9D, 0xD9, 0xCD, 0x68, 0xD4, 0x49, + 0x96, 0x78, 0xBB, 0x62, 0x7D, 0xEC, 0x0D, 0x09, + 0xA4, 0x84, 0x6B, 0x6F, 0xA8, 0x41, 0x03, 0x37 +}; + +uint8_t rsa_pkcs_known_signature_1024[] = { + 0x7B, 0x9C, 0x75, 0x6D, 0x45, 0xC3, 0xED, 0x9F, + 0xFA, 0xE9, 0x9C, 0xFA, 0x8B, 0x1A, 0xAF, 0x86, + 0x25, 0x45, 0x52, 0x21, 0x81, 0x94, 0x2C, 0x87, + 0x51, 0x65, 0x77, 0x2F, 0x25, 0xA8, 0x6C, 0x85, + 0x06, 0xA8, 0xA3, 0xF6, 0x3B, 0xA6, 0xC8, 0x44, + 0xF5, 0xBF, 0xE8, 0xE0, 0xF8, 0x20, 0xB5, 0x84, + 0xF3, 0xAE, 0x1B, 0x24, 0xA6, 0x19, 0xC5, 0x63, + 0xFD, 0x54, 0xFA, 0x88, 0xA2, 0x2D, 0x2C, 0x39, + 0x38, 0x4B, 0x68, 0x70, 0xF7, 0xD3, 0x8D, 0xE1, + 0x90, 0xE7, 0x41, 0x8D, 0x03, 0x75, 0x39, 0x38, + 0x3B, 0x96, 0x47, 0xFF, 0xA7, 0x9B, 0x72, 0x08, + 0x76, 0x7D, 0x00, 0x61, 0xD4, 0x07, 0x47, 0xED, + 0xB3, 0x62, 0x4D, 0xFD, 0x79, 0x44, 0xD5, 0xF5, + 0xDA, 0xDE, 0xE5, 0x89, 0xFB, 0x57, 0xA8, 0x0A, + 0x92, 0x41, 0x92, 0x3A, 0x47, 0x85, 0x1D, 0x72, + 0xAF, 0x58, 0x85, 0x9D, 0x46, 0x4A, 0xD2, 0x7D +}; + +uint8_t rsa_x509_known_signature_2048[] = { + 0x74, 0xEB, 0x2F, 0x01, 0x93, 0xF0, 0xB9, 0x64, + 0x12, 0xD6, 0xD6, 0x75, 0xF0, 0x6C, 0xDC, 0x44, + 0x5F, 0x09, 0xAC, 0x98, 0x6C, 0xF9, 0x23, 0x7E, + 0xBB, 0x44, 0xCB, 0x9A, 0x3C, 0xE9, 0x76, 0x7B, + 0x81, 0xAA, 0x69, 0xA6, 0x77, 0x34, 0x85, 0x8E, + 0xDB, 0x13, 0x9A, 0xE3, 0xD0, 0xBF, 0x2A, 0x3C, + 0x8B, 0x50, 0x3E, 0x8A, 0x95, 0xF7, 0x09, 0x39, + 0xED, 0x3F, 0x5A, 0x52, 0x68, 0xA1, 0xF3, 0x42, + 0xA8, 0x09, 0x13, 0xAE, 0xFD, 0x9F, 0x40, 0x0C, + 0x3D, 0x84, 0x68, 0x07, 0xFF, 0x30, 0x0F, 0x6B, + 0x6F, 0xB7, 0x1F, 0x09, 0x11, 0x8E, 0x7B, 0x3F, + 0x88, 0xF5, 0x41, 0x07, 0xE1, 0x5C, 0x71, 0x28, + 0xAE, 0x71, 0x51, 0xAE, 0xC3, 0xC9, 0xCB, 0xED, + 0xAC, 0x87, 0x32, 0xAB, 0xD0, 0x2F, 0x65, 0xA3, + 0x7D, 0x90, 0xDC, 0xFF, 0x7A, 0x9D, 0xCE, 0xBC, + 0xCA, 0x00, 0x6E, 0x65, 0x3C, 0x99, 0x2F, 0x00, + 0x8A, 0x5A, 0xD9, 0x5A, 0x01, 0x83, 0x99, 0x1D, + 0x8D, 0xD7, 0x10, 0x3B, 0xE2, 0x9C, 0x9C, 0x49, + 0xCA, 0x9C, 0xF6, 0x42, 0x0E, 0x4D, 0xCD, 0x11, + 0x70, 0x0C, 0xCC, 0x2C, 0x8F, 0xAA, 0xA5, 0x7C, + 0xA8, 0x1D, 0xBD, 0x99, 0x63, 0x6E, 0x44, 0x9D, + 0xE6, 0xC0, 0x55, 0x2F, 0x0F, 0x27, 0x43, 0xA3, + 0x3C, 0x46, 0xC4, 0x52, 0x59, 0x4F, 0xD4, 0x07, + 0xAD, 0xE2, 0xBA, 0x19, 0x23, 0x23, 0xB6, 0x78, + 0xFE, 0x65, 0x6D, 0x0D, 0x62, 0x0E, 0xAB, 0xE5, + 0x5A, 0x58, 0x28, 0x17, 0xE9, 0x1D, 0x2F, 0x3E, + 0x04, 0xED, 0x01, 0x56, 0x0B, 0xB9, 0x4E, 0x2D, + 0xF8, 0xC9, 0x7D, 0x12, 0xFE, 0x8A, 0x00, 0x3E, + 0x72, 0x9F, 0x28, 0x77, 0x92, 0x58, 0x6E, 0x11, + 0x75, 0xF1, 0x31, 0x5B, 0x43, 0xF4, 0x95, 0xD3, + 0x59, 0x31, 0xA7, 0xD1, 0x8B, 0x91, 0xED, 0xDE, + 0xD9, 0xC0, 0x04, 0xBA, 0x1F, 0x4E, 0x1D, 0xB6 +}; + +uint8_t rsa_pkcs_known_signature_2048[] = { + 0x77, 0x5A, 0x7C, 0x5B, 0x95, 0xB8, 0x02, 0xB5, + 0xF7, 0xDF, 0x8A, 0x3F, 0x90, 0x7D, 0x32, 0x6E, + 0x3B, 0x79, 0x0F, 0x74, 0xAD, 0x4D, 0xE1, 0x61, + 0xCD, 0x5D, 0x32, 0x4C, 0x4A, 0x94, 0x90, 0xB2, + 0xDB, 0xB0, 0xCE, 0x0E, 0xC8, 0xC2, 0x2D, 0x8B, + 0x26, 0x49, 0xE8, 0x0F, 0x37, 0x85, 0x64, 0xF0, + 0x2B, 0x94, 0xA5, 0x05, 0xC7, 0x32, 0x4C, 0xFD, + 0xE8, 0x1F, 0x5B, 0x3C, 0x74, 0x08, 0x16, 0x02, + 0xAE, 0xB6, 0xB8, 0xF1, 0x4A, 0x2F, 0x3F, 0x92, + 0xCD, 0x8B, 0x82, 0xCA, 0xCC, 0xB4, 0x8E, 0x68, + 0xD6, 0x2F, 0x21, 0x8C, 0x4C, 0x63, 0xA4, 0xEA, + 0xDE, 0xE5, 0xF2, 0x8A, 0x3F, 0x9B, 0x81, 0x50, + 0x12, 0x30, 0x05, 0xF2, 0x63, 0x64, 0xB2, 0x41, + 0x8A, 0x77, 0xAF, 0x07, 0xC1, 0x91, 0x6E, 0x32, + 0x43, 0xEC, 0x3B, 0xB2, 0xE5, 0xAE, 0x95, 0x81, + 0xEE, 0x34, 0x4C, 0xAF, 0x26, 0x8C, 0x14, 0x7D, + 0xB3, 0x0D, 0x47, 0x95, 0x46, 0xFF, 0x5E, 0x12, + 0xCC, 0x02, 0x68, 0x52, 0x58, 0x90, 0xE8, 0x38, + 0xC5, 0x7F, 0x6F, 0x6A, 0xA6, 0x1C, 0x92, 0xDB, + 0x43, 0x82, 0x13, 0x2A, 0x33, 0x0F, 0xEB, 0xEC, + 0xF3, 0x52, 0x47, 0x06, 0x0B, 0xB0, 0x38, 0x52, + 0xB7, 0x60, 0xB5, 0x4D, 0xC3, 0xF8, 0x26, 0x60, + 0x99, 0x67, 0xFA, 0x5C, 0x40, 0x3A, 0x71, 0x8F, + 0x30, 0x04, 0xEF, 0xD2, 0xBD, 0x31, 0xA3, 0x1F, + 0x9A, 0x5D, 0xAA, 0x0C, 0x8E, 0xA1, 0x87, 0x78, + 0x62, 0xFD, 0x15, 0x8C, 0xB4, 0xF5, 0xAF, 0x84, + 0xFB, 0x26, 0xC9, 0xDA, 0x58, 0x67, 0x55, 0x27, + 0x1C, 0x20, 0xEA, 0xDD, 0x5E, 0xC0, 0xBE, 0x88, + 0x46, 0x9C, 0xEF, 0x70, 0x75, 0x91, 0x31, 0x44, + 0x40, 0xCD, 0x61, 0x3F, 0xB6, 0x9C, 0x18, 0x6D, + 0xCD, 0x16, 0x07, 0x89, 0x7D, 0x73, 0x03, 0xE3, + 0x54, 0x22, 0x11, 0x76, 0xF5, 0xE6, 0x4F, 0xF0 +}; + + +uchar_t dsa_base_1024[] = { + 0x34, 0x32, 0xEF, 0xA6, 0x81, 0x0E, 0xF7, 0xA2, + 0x6F, 0x0C, 0x05, 0xB8, 0x6F, 0xE4, 0x0B, 0xD7, + 0xB4, 0x5B, 0x77, 0x3E, 0x0D, 0x6D, 0xA9, 0x37, + 0x39, 0x69, 0xEC, 0x26, 0x58, 0xDD, 0xE5, 0xF7, + 0x26, 0x2A, 0x8C, 0xBD, 0x47, 0x7B, 0x53, 0x12, + 0x65, 0xD5, 0x86, 0x7C, 0xAA, 0x47, 0x8D, 0x2C, + 0xBD, 0x8A, 0x82, 0x5B, 0x5E, 0xEB, 0x94, 0xAE, + 0x79, 0x1D, 0x76, 0x64, 0x9E, 0x3E, 0x33, 0x5A, + 0xFC, 0xB6, 0x86, 0x83, 0x6A, 0xAF, 0x7D, 0xC4, + 0x50, 0x56, 0x60, 0xEF, 0x57, 0x86, 0x6C, 0xD9, + 0x44, 0x72, 0xF2, 0x19, 0xB0, 0x46, 0x52, 0x04, + 0xC3, 0x92, 0xF4, 0xF1, 0x36, 0xEF, 0xFA, 0xAF, + 0xFA, 0x86, 0xBB, 0x2B, 0x07, 0x04, 0x9F, 0xF5, + 0xD4, 0xEC, 0xB5, 0x60, 0x81, 0x8A, 0x6E, 0x5F, + 0x96, 0x4C, 0x84, 0x9E, 0xD0, 0x9E, 0xA9, 0x28, + 0x95, 0xF9, 0x17, 0x5E, 0x95, 0x4F, 0xA8, 0x45 +}; +uchar_t dsa_prime_1024[] = { + 0xB6, 0x6F, 0x0C, 0xED, 0xAF, 0x2C, 0x79, 0x76, + 0x03, 0xC1, 0xB6, 0x4A, 0x60, 0x24, 0x89, 0x6D, + 0xFC, 0x8A, 0x8C, 0x4F, 0x0A, 0x61, 0x4B, 0x55, + 0xB2, 0x4E, 0xDC, 0x2E, 0xB7, 0xFA, 0xFF, 0x9A, + 0xF7, 0xA4, 0x86, 0x71, 0x0E, 0xBF, 0x2A, 0xBB, + 0x60, 0x64, 0x49, 0xFB, 0xB8, 0x8C, 0x86, 0xA1, + 0x92, 0xBC, 0x0A, 0xF8, 0xF3, 0x62, 0x5E, 0x0D, + 0x40, 0xA7, 0x61, 0xCB, 0x45, 0x21, 0x90, 0xF0, + 0x3F, 0xC9, 0x25, 0x79, 0x5B, 0x3A, 0xDE, 0x4E, + 0xAE, 0xFA, 0x21, 0x74, 0x6F, 0x9A, 0x09, 0xED, + 0xA6, 0x7D, 0x6C, 0x89, 0x5A, 0x3E, 0x28, 0xE8, + 0x5D, 0x31, 0x20, 0xD9, 0xAF, 0xE8, 0x9F, 0xA4, + 0xA6, 0xD7, 0xFE, 0x2F, 0x26, 0x4E, 0x85, 0x61, + 0x9B, 0xE6, 0x5E, 0x67, 0x90, 0xF5, 0xDA, 0x8F, + 0xE2, 0xD1, 0x26, 0xB1, 0x66, 0xC6, 0xB0, 0xCA, + 0x7C, 0xE8, 0x08, 0x85, 0x57, 0xE5, 0xAD, 0x01 +}; +uchar_t dsa_subprime_1024[] = { + 0x80, 0xBD, 0xBC, 0x1F, 0x32, 0x59, 0x51, 0xC6, + 0xE0, 0x36, 0xC7, 0x74, 0x47, 0x16, 0xCF, 0x06, + 0xDC, 0x8A, 0xA9, 0x07 +}; +uchar_t dsa_privalue_1024[] = { + 0x3F, 0x02, 0xC5, 0xA7, 0x0C, 0x35, 0xAE, 0xF9, + 0x9B, 0xED, 0xF4, 0x93, 0xB4, 0x10, 0x09, 0x68, + 0x83, 0x2F, 0xCB, 0x9C +}; +uchar_t dsa_pubvalue_1024[] = { + 0x10, 0xEF, 0xCB, 0x38, 0x16, 0xCC, 0xCA, 0x91, + 0x13, 0x6C, 0x56, 0x54, 0x67, 0xBF, 0x14, 0x98, + 0xB7, 0x9B, 0x67, 0x91, 0xC9, 0x43, 0x6E, 0x04, + 0x79, 0x85, 0x0D, 0x74, 0x4C, 0x8B, 0x0E, 0x33, + 0x8E, 0x2C, 0xF4, 0x47, 0x4D, 0x2C, 0x3D, 0xE3, + 0x50, 0x28, 0x0B, 0x19, 0x8E, 0x7F, 0x25, 0x85, + 0xD9, 0xF8, 0x75, 0xE3, 0xE8, 0xE7, 0xDF, 0xAE, + 0x6D, 0xC5, 0x63, 0x25, 0x1E, 0x4E, 0x69, 0xBF, + 0xCE, 0xA1, 0x9A, 0xEA, 0xDB, 0xC5, 0x73, 0x20, + 0x41, 0x9C, 0x1D, 0xCE, 0x28, 0x1D, 0xFE, 0x87, + 0x0C, 0x6A, 0x1D, 0x44, 0xF0, 0x56, 0x01, 0x0D, + 0xF7, 0x1D, 0x82, 0xFD, 0x8D, 0x20, 0xF2, 0xA3, + 0x83, 0x28, 0xD3, 0xED, 0x40, 0x36, 0x0A, 0x4C, + 0xAB, 0x2A, 0xB4, 0x9F, 0xA7, 0x9C, 0x53, 0x69, + 0xBB, 0xC6, 0xB8, 0x78, 0x5E, 0xAF, 0x8F, 0x4E, + 0xFF, 0xCB, 0x2C, 0xB7, 0xD3, 0x53, 0x6D, 0x0A +}; + +uchar_t dsa_known_data[] = { + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', + 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J' +}; + +/* + * NIST-Approved Curves + */ + +/* P-192 */ +uchar_t ec_param_oid_secp192r1[] = /* prime192v1/P192 */ + {0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x3, 0x1, 0x1}; +uchar_t ec_point_p192r1[] = { + 0x04, 0xa8, 0x57, 0x22, 0x30, 0x43, 0x82, 0xa4, + 0x80, 0x2c, 0x46, 0x79, 0x23, 0x8b, 0xe5, 0x08, + 0x02, 0xf7, 0xc6, 0x86, 0xda, 0xe8, 0x9b, 0x7b, + 0x8c, 0x79, 0xa5, 0x6e, 0x0c, 0x1c, 0x37, 0x47, + 0x1d, 0x51, 0x67, 0xe3, 0xdd, 0x2a, 0xc3, 0x1a, + 0x29, 0xec, 0xd3, 0xbc, 0xf6, 0x95, 0xeb, 0x22, + 0xe0 +}; +uchar_t ec_value_p192r1[] = { + 0x52, 0x9b, 0x30, 0x58, 0x69, 0x72, 0x1b, 0x57, + 0x9c, 0xe5, 0x29, 0xa1, 0x52, 0x70, 0xb9, 0xbe, + 0xf4, 0x3a, 0x63, 0xdd, 0x89, 0xc0, 0xd0, 0xa8 +}; + +/* P-224 */ +uchar_t ec_param_oid_secp224r1[] = + {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x21}; +uchar_t ec_point_p224r1[] = { + 0x04, + 0x2B, 0xFF, 0xAF, 0xA1, 0xAA, 0x9A, 0x05, 0x44, + 0xBC, 0xC8, 0xD4, 0xAF, 0xC8, 0x53, 0x92, 0xD8, + 0xC5, 0x01, 0x70, 0xF2, 0x97, 0x5B, 0x7A, 0x23, + 0x7D, 0x39, 0x6A, 0xCD, 0x32, 0xF3, 0x3C, 0x69, + 0x8F, 0x42, 0x00, 0xD6, 0x38, 0x0A, 0xF4, 0xCE, + 0x6D, 0x43, 0x98, 0xDF, 0x2E, 0x62, 0x90, 0x6E, + 0xAD, 0xF7, 0x4E, 0x6C, 0x67, 0x83, 0xC5, 0x69 + }; +uchar_t ec_value_p224r1[] = { + 0x91, 0xE9, 0x9A, 0xA5, 0x6F, 0xA7, 0x9D, 0x90, + 0xED, 0x41, 0x25, 0x42, 0xA8, 0x31, 0x4E, 0xE2, + 0xEB, 0x95, 0x14, 0x89, 0x6D, 0x78, 0xA0, 0x14, + 0x45, 0x8B, 0x85, 0x0E +}; + + +/* P-256 */ +uchar_t ec_param_oid_secp256r1[] = + {0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x3, 0x1, 0x7}; +uchar_t ec_point_p256r1[] = { + 0x04, 0xa0, 0x90, 0x62, 0x74, 0x7d, 0x00, 0x6a, + 0x84, 0x01, 0xcd, 0x7b, 0x29, 0xf6, 0x53, 0xe3, + 0xd3, 0x2b, 0xb7, 0x1f, 0x51, 0x8a, 0x0c, 0xba, + 0xe9, 0x3e, 0xd6, 0xa4, 0x90, 0xd3, 0x3a, 0x70, + 0x29, 0x11, 0x70, 0xac, 0x03, 0x8b, 0xb0, 0x11, + 0xd7, 0x05, 0xd5, 0xce, 0x17, 0x4d, 0x1e, 0x50, + 0xdc, 0xea, 0x3b, 0x42, 0x0b, 0x94, 0xcb, 0xda, + 0x4a, 0x07, 0xc9, 0xe6, 0x8e, 0x1d, 0x59, 0xd2, 0x77 +}; +uchar_t ec_value_p256r1[] = { + 0xf3, 0x58, 0xee, 0xc7, 0xec, 0x32, 0x1c, 0x1a, + 0xc6, 0x10, 0xb2, 0x97, 0x15, 0x4e, 0x84, 0x5b, + 0xed, 0x36, 0x94, 0xc1, 0xa0, 0xaa, 0x8b, 0x91, + 0xba, 0x26, 0x73, 0xeb, 0x6b, 0x2d, 0x4c, 0xde +}; + +/* P-384 */ +uchar_t ec_param_oid_secp384r1[] = + {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22}; +uchar_t ec_point_p384r1[] = { + 0x04, 0x2a, 0x87, 0x73, 0x17, 0x2f, 0x61, 0xf6, + 0xbc, 0xd1, 0x8b, 0x31, 0x3d, 0xa1, 0x37, 0x4b, + 0x39, 0xa6, 0x1e, 0xe1, 0x8a, 0x88, 0x17, 0x2b, + 0x86, 0x1a, 0x36, 0xd1, 0x1c, 0x0f, 0x53, 0xd9, + 0xc7, 0x48, 0x31, 0x64, 0xcd, 0x20, 0x38, 0x14, + 0xdd, 0x16, 0xde, 0x8d, 0xf7, 0xf6, 0x89, 0x43, + 0xa0, 0x34, 0x15, 0x5f, 0x70, 0x99, 0x96, 0x55, + 0x03, 0x26, 0x7c, 0x34, 0x9f, 0xe4, 0xfe, 0xaa, + 0xcc, 0xbb, 0xa1, 0x91, 0x2c, 0xbd, 0xe8, 0xc6, + 0x7b, 0xef, 0x17, 0x87, 0x2d, 0x9f, 0xe3, 0x2b, + 0x99, 0x17, 0x6d, 0x96, 0xed, 0x44, 0x55, 0x28, + 0x53, 0xce, 0xcd, 0x31, 0x8c, 0x3d, 0x90, 0x2f, 0xcf +}; +uchar_t ec_value_p384r1[] = { + 0xfc, 0xcb, 0x14, 0xdd, 0x5f, 0x86, 0x31, 0x74, + 0x27, 0xef, 0x19, 0x18, 0x6c, 0x02, 0x2b, 0x94, + 0xbf, 0x56, 0x9f, 0x36, 0x5e, 0x38, 0x6b, 0x82, + 0x91, 0x70, 0xc4, 0x0f, 0xd6, 0xbe, 0x32, 0x5c, + 0x4d, 0xe3, 0x75, 0x98, 0x05, 0x8c, 0x61, 0xe8, + 0x70, 0x32, 0x6f, 0xbc, 0xc9, 0x85, 0x0a, 0x34 +}; + +/* P-521 */ +uchar_t ec_param_oid_secp521r1[] = + {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23}; +uchar_t ec_point_p521r1[] = { + 0x04, 0x01, 0x41, 0x65, 0x78, 0xe4, 0xbd, 0x99, + 0x50, 0xc8, 0x2e, 0x4a, 0x82, 0xac, 0x6c, 0x20, + 0xcf, 0xf8, 0x2e, 0x72, 0x40, 0x1d, 0x5f, 0x51, + 0x5f, 0xcc, 0xb3, 0xa8, 0x52, 0x8c, 0xa6, 0x41, + 0x43, 0xd6, 0xd8, 0x13, 0xfd, 0xd8, 0xbb, 0xd9, + 0x7c, 0xa7, 0xbf, 0xa8, 0xa8, 0x65, 0x0f, 0xc8, + 0xb9, 0x60, 0x13, 0xbc, 0xd3, 0x16, 0x6a, 0x5f, + 0xf0, 0x52, 0x49, 0xce, 0x61, 0x8f, 0x1a, 0xf3, + 0x6d, 0xe6, 0xce, 0x01, 0x15, 0x98, 0xb0, 0x2f, + 0xa0, 0x28, 0x4b, 0x2b, 0xf1, 0xf4, 0xd0, 0x9e, + 0xbd, 0xa2, 0xf5, 0xad, 0x04, 0x23, 0xf6, 0x55, + 0xdb, 0x08, 0x45, 0x7b, 0xde, 0x6e, 0x7b, 0xce, + 0x1d, 0x26, 0x08, 0xc3, 0x01, 0xfd, 0xb1, 0xe1, + 0x56, 0xd3, 0xcc, 0x38, 0x38, 0x93, 0x4d, 0x6e, + 0xb1, 0x95, 0xd1, 0x9c, 0x91, 0x65, 0x4c, 0x85, + 0xe7, 0x64, 0x4f, 0xe5, 0x27, 0x48, 0x81, 0x02, + 0x2f, 0x58, 0x29, 0x17, 0x6b +}; +uchar_t ec_value_p521r1[] = { + 0x01, 0x74, 0x8a, 0x92, 0xca, 0x6f, 0x31, 0x1f, + 0x45, 0x22, 0x84, 0x9f, 0x33, 0x20, 0x56, 0xb0, + 0x5a, 0xdd, 0xda, 0x73, 0x89, 0xb3, 0x21, 0xab, + 0xe5, 0xe0, 0xac, 0xe1, 0x6c, 0xa5, 0x59, 0x1b, + 0x54, 0x56, 0xd6, 0x45, 0xcb, 0xcf, 0x9f, 0xbd, + 0xec, 0x26, 0x43, 0xe8, 0xc4, 0x84, 0xec, 0xa6, + 0xdf, 0x09, 0xfc, 0xe3, 0xe3, 0xcb, 0x89, 0x01, + 0xce, 0x19, 0x12, 0x3d, 0x61, 0x10, 0x1d, 0x6a, + 0xca, 0x39 +}; + + +/* K-163 */ +uchar_t ec_param_oid_sect163k1[] = + {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01}; +uchar_t ec_point_t163k1[] = { + 0x04, 0x05, 0x95, 0xe3, 0x64, 0xed, 0x0b, 0xf5, + 0x0b, 0x28, 0x20, 0x31, 0xb5, 0x25, 0x35, 0x0d, + 0xc0, 0x5b, 0x16, 0x64, 0x18, 0x7d, 0x01, 0xe4, + 0x11, 0xda, 0xa4, 0x1e, 0x79, 0x7b, 0xcd, 0x5a, + 0x29, 0xed, 0xdf, 0xec, 0xa0, 0xc2, 0xb5, 0xf7, + 0xf3, 0xf6, 0x5a +}; +uchar_t ec_value_t163k1[] = { + 0x03, 0x0d, 0x02, 0xa7, 0xb7, 0x7b, 0x86, 0xe1, + 0x6a, 0x4e, 0xea, 0xd5, 0xa5, 0x01, 0x5c, 0x7c, + 0x73, 0x60, 0x5b, 0x44, 0x80 +}; + +/* K-233 */ +uchar_t ec_param_oid_sect233k1[] = + {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x1a}; +uchar_t ec_point_t233k1[] = { + 0x04, 0x00, 0xf1, 0x3e, 0x3d, 0xd9, 0xbf, 0x5c, + 0x68, 0x9d, 0xb3, 0x2a, 0x4f, 0x0e, 0xb0, 0xfa, + 0x97, 0x1a, 0x50, 0xbc, 0xbb, 0x5f, 0x86, 0x05, + 0xe3, 0x60, 0x04, 0x81, 0x4b, 0xce, 0x62, 0x01, + 0xe7, 0x57, 0xeb, 0xe2, 0x52, 0xc8, 0x4b, 0x84, + 0x46, 0xd4, 0xca, 0xce, 0x1d, 0xf8, 0x07, 0x0c, + 0x5b, 0x8c, 0x56, 0xce, 0x08, 0xdb, 0x4e, 0x1b, + 0xf7, 0xed, 0x56, 0x19, 0x13 +}; +uchar_t ec_value_t233k1[] = { + 0x00, 0x61, 0xba, 0xcf, 0x3f, 0x7c, 0x0c, 0x16, + 0x81, 0x84, 0x7a, 0x2b, 0x07, 0x88, 0x86, 0x83, + 0xc7, 0xdb, 0xc0, 0xc6, 0xc7, 0xb9, 0x55, 0x80, + 0x7d, 0x9b, 0x89, 0x0f, 0x6f, 0x9d +}; + + +/* K-283 */ +uchar_t ec_param_oid_sect283k1[] = + {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x10}; +uchar_t ec_point_t283k1[] = { + 0x04, 0x03, 0x63, 0x96, 0xa4, 0xdd, 0x64, 0xf6, + 0x9a, 0x76, 0x4e, 0x46, 0x64, 0x39, 0x3f, 0x6d, + 0xb6, 0xcc, 0xf8, 0xa8, 0x85, 0xea, 0xd4, 0x59, + 0x38, 0xf5, 0xce, 0xb4, 0x57, 0xf3, 0x68, 0xd9, + 0x3a, 0x11, 0xd6, 0x88, 0x2f, 0x03, 0x7f, 0x23, + 0x70, 0x4a, 0x11, 0x3f, 0x4d, 0x04, 0x57, 0x48, + 0xa0, 0x31, 0xd7, 0x0f, 0xec, 0x35, 0x57, 0x4c, + 0x01, 0x11, 0xe5, 0xf0, 0x71, 0xa9, 0x69, 0x44, + 0xc9, 0xf1, 0xc1, 0xf9, 0xe8, 0xb3, 0x90, 0xae, 0x7f +}; +uchar_t ec_value_t283k1[] = { + 0x01, 0x4d, 0x29, 0x14, 0xf0, 0xed, 0xd5, 0x7d, + 0x44, 0x23, 0xc8, 0xa0, 0xc3, 0x4c, 0x90, 0x54, + 0x52, 0xaa, 0x30, 0x90, 0xd9, 0x85, 0xc1, 0x45, + 0xbf, 0x1d, 0xd6, 0x2b, 0x91, 0x47, 0x87, 0x40, + 0xcf, 0x76, 0xa7, 0xa4 +}; + +/* K-409 */ +uchar_t ec_param_oid_sect409k1[] = + {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x24}; +uchar_t ec_point_t409k1[] = { + 0x04, 0x00, 0xed, 0xe7, 0xa4, 0xe0, 0xe6, 0x06, + 0xd5, 0xc7, 0x39, 0x08, 0xf3, 0x35, 0xe4, 0x20, + 0xd3, 0xb8, 0xbb, 0x24, 0x41, 0x6a, 0x7a, 0xa6, + 0x47, 0x72, 0x29, 0xc8, 0x57, 0x59, 0x3d, 0xc3, + 0x53, 0xac, 0x0e, 0xeb, 0x00, 0x48, 0xe4, 0x9b, + 0xa3, 0xc6, 0x05, 0x01, 0x7f, 0xa7, 0x81, 0xff, + 0x18, 0x48, 0xf6, 0x3b, 0x2a, 0x01, 0xb8, 0xef, + 0x75, 0x39, 0x2b, 0xb5, 0x3d, 0x80, 0x54, 0xef, + 0xee, 0x37, 0xc8, 0x59, 0xdb, 0xad, 0xff, 0xad, + 0x52, 0x42, 0x40, 0x2b, 0xcc, 0xdd, 0xa1, 0xd7, + 0x83, 0xd0, 0x7d, 0x21, 0xab, 0xc7, 0xbf, 0xb2, + 0x1a, 0x4e, 0xb4, 0xe6, 0xb4, 0x1c, 0xe5, 0x9b, + 0xbb, 0xb9, 0xef, 0x68, 0x5c, 0xbf, 0x0d, 0xfd, 0x42 +}; +uchar_t ec_value_t409k1[] = { + 0x00, 0x74, 0xa9, 0xea, 0x4e, 0xeb, 0x48, 0x7d, + 0xc4, 0x7c, 0xd6, 0x09, 0xf9, 0x1d, 0x06, 0x0c, + 0xbf, 0x61, 0xa8, 0x8a, 0x70, 0x11, 0x2c, 0xca, + 0x2d, 0xb8, 0x0b, 0x3a, 0x83, 0x22, 0x9b, 0x69, + 0x22, 0x25, 0x13, 0xe3, 0x4c, 0xe1, 0xed, 0x4e, + 0xdd, 0xe4, 0x27, 0x38, 0xc0, 0x75, 0x91, 0xb7, + 0xfd, 0x6a, 0x73, 0x1c +}; + + +/* K-571 */ +uchar_t ec_param_oid_sect571k1[] = + {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x26}; +uchar_t ec_point_t571k1[] = { + 0x04, 0x02, 0x90, 0x9c, 0xfe, 0x4f, 0x09, 0x18, + 0x38, 0x71, 0xdc, 0x84, 0xda, 0x80, 0x1d, 0xa5, + 0xba, 0xad, 0x52, 0xce, 0x72, 0x19, 0x42, 0xb8, + 0x6f, 0xa4, 0x31, 0x68, 0xb6, 0xb2, 0x59, 0x4e, + 0x49, 0x73, 0x6e, 0xb6, 0xf7, 0x04, 0x19, 0x6d, + 0x78, 0x5b, 0x28, 0x5a, 0xf6, 0x9b, 0x33, 0x6b, + 0xac, 0x58, 0x1a, 0xcb, 0x52, 0xab, 0xb8, 0x51, + 0xe1, 0x27, 0x6e, 0x55, 0x2b, 0xaa, 0x78, 0xd8, + 0x27, 0x19, 0x2f, 0x3b, 0xfd, 0x5d, 0x4d, 0xa7, + 0x17, 0x05, 0x8a, 0x27, 0xfa, 0x9f, 0xd5, 0xf0, + 0xfe, 0xf7, 0x01, 0x7b, 0x2d, 0x53, 0xc5, 0x4a, + 0x82, 0xc9, 0xae, 0xb3, 0xde, 0xf8, 0x93, 0xc7, + 0x10, 0x2a, 0x95, 0x43, 0x3f, 0x1f, 0xdd, 0xcb, + 0x59, 0xf8, 0xc8, 0x2d, 0xa3, 0xce, 0x7e, 0x65, + 0x39, 0x85, 0x61, 0x01, 0xb3, 0x25, 0x11, 0xc8, + 0x7a, 0xed, 0x15, 0xc4, 0x9d, 0x60, 0x8e, 0xc7, + 0x34, 0x6e, 0x15, 0xa1, 0x0f, 0x9c, 0x86, 0x3d, + 0x8d, 0x2f, 0xdc, 0x9e, 0xb3, 0xfd, 0xb7, 0x1c, 0x98 +}; +uchar_t ec_value_t571k1[] = { + 0x00, 0x18, 0xf8, 0xad, 0x6b, 0x49, 0xa4, 0x31, + 0x97, 0x4b, 0xcf, 0x23, 0xa0, 0x7f, 0xf4, 0x66, + 0x81, 0x7d, 0xa2, 0x72, 0x11, 0x7d, 0x5b, 0xe1, + 0xab, 0x9f, 0xf1, 0xb7, 0xee, 0xea, 0x88, 0xee, + 0xd6, 0x20, 0x18, 0xfd, 0x51, 0xb2, 0xa4, 0x06, + 0xdc, 0x35, 0x13, 0x32, 0x93, 0x56, 0xbe, 0x55, + 0x01, 0xf3, 0xd3, 0x8c, 0xba, 0x8c, 0xcd, 0xd0, + 0xa2, 0x49, 0x9c, 0x7d, 0xac, 0x50, 0x4a, 0x17, + 0xca, 0xbc, 0x52, 0x39, 0x97, 0xf5, 0xfe, 0xc8 +}; + +/* B-163 */ +uchar_t ec_param_oid_sect163r2[] = + {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x0f}; +uchar_t ec_point_t163r2[] = { + 0x04, 0x05, 0xe7, 0xb8, 0x3c, 0xd5, 0x6b, 0xc1, + 0xeb, 0x43, 0x0b, 0xbc, 0xc1, 0xd7, 0xc2, 0xf9, + 0xa2, 0xc5, 0x88, 0x4d, 0x48, 0x46, 0x04, 0xd2, + 0x80, 0x2f, 0x35, 0x35, 0x38, 0xda, 0x85, 0xab, + 0x23, 0xce, 0x85, 0xe5, 0x89, 0xcf, 0x00, 0x5d, + 0xf5, 0x39, 0xfc +}; +uchar_t ec_value_t163r2[] = { + 0x01, 0x4d, 0xbd, 0x26, 0x63, 0xc4, 0x6a, 0xec, + 0x6d, 0xa5, 0x46, 0x8d, 0xa2, 0x65, 0x64, 0x20, + 0xb5, 0x05, 0x8a, 0x94, 0x24 +}; + + +/* B-233 */ +uchar_t ec_param_oid_sect233r1[] = + {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x1b}; +uchar_t ec_point_t233r1[] = { + 0x04, 0x01, 0x68, 0x1d, 0x09, 0x0b, 0x67, 0xe4, + 0x9c, 0xc1, 0xd9, 0xac, 0x98, 0xec, 0x26, 0x91, + 0x0a, 0x08, 0x3b, 0xeb, 0x48, 0xc1, 0xea, 0x79, + 0x37, 0xff, 0xc5, 0x3d, 0xad, 0xe9, 0xea, 0x01, + 0xab, 0x06, 0x22, 0x4f, 0xb3, 0xfa, 0x23, 0xe3, + 0x15, 0xf3, 0x7d, 0xa0, 0x5a, 0xff, 0x1d, 0x00, + 0xe0, 0xa2, 0x70, 0xbc, 0x31, 0xef, 0xa0, 0xc9, + 0xd4, 0xba, 0xa5, 0x16, 0x62 +}; +uchar_t ec_value_t233r1[] = { + 0x00, 0x88, 0x3e, 0x26, 0x83, 0x08, 0x9c, 0xd9, + 0x7a, 0x46, 0xae, 0xf8, 0x6d, 0xd3, 0x9c, 0xee, + 0xd8, 0xae, 0xf9, 0xd0, 0x5d, 0x96, 0x7e, 0xf9, + 0xb0, 0x1c, 0x21, 0x26, 0x9d, 0x64 +}; + + +/* B-283 */ +uchar_t ec_param_oid_sect283r1[] = + {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x11}; +uchar_t ec_point_t283r1[] = { + 0x04, 0x03, 0x78, 0x8d, 0x40, 0xd6, 0x34, 0xb6, + 0xa0, 0x54, 0x66, 0x23, 0x9d, 0xc0, 0x60, 0x65, + 0x7f, 0xeb, 0x6d, 0xe1, 0x9e, 0xee, 0xc3, 0x7a, + 0xce, 0x50, 0x4f, 0x66, 0x45, 0x49, 0xcd, 0xbf, + 0x5a, 0x8c, 0x84, 0xa7, 0x30, 0x07, 0xc6, 0xbf, + 0x90, 0x6b, 0x6d, 0x9b, 0x50, 0x24, 0x66, 0x7b, + 0xd2, 0xc9, 0xfe, 0x27, 0xdd, 0xd3, 0xef, 0x15, + 0x2e, 0xca, 0x09, 0x93, 0x38, 0x4d, 0x90, 0x9c, + 0x0e, 0x6b, 0xad, 0x5b, 0x79, 0xef, 0x45, 0xb0, 0xef +}; +uchar_t ec_value_t283r1[] = { + 0x00, 0xa1, 0xbb, 0x28, 0x7a, 0xc8, 0x63, 0x2a, + 0xd4, 0x5e, 0xe1, 0xe2, 0x29, 0x33, 0x74, 0x0f, + 0xbb, 0x26, 0x06, 0x36, 0x4f, 0xab, 0x14, 0x35, + 0x87, 0x40, 0xb3, 0x99, 0x67, 0xe2, 0x83, 0xcd, + 0x44, 0xdf, 0xac, 0xff +}; + +/* B-409 */ +uchar_t ec_param_oid_sect409r1[] = + {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x25}; +uchar_t ec_point_t409r1[] = { + 0x04, 0x01, 0x28, 0x3c, 0x30, 0xa0, 0x5f, 0x13, + 0x3e, 0x72, 0xf5, 0x5f, 0xf6, 0xe9, 0x78, 0x20, + 0xb2, 0x8e, 0x81, 0xdd, 0x62, 0xa6, 0x8a, 0x57, + 0xaf, 0x94, 0xab, 0x0a, 0x7e, 0xef, 0xb5, 0xda, + 0xfe, 0xcf, 0x6f, 0x7f, 0xa7, 0x6d, 0x2c, 0xa6, + 0xe4, 0xca, 0x32, 0x7e, 0x7f, 0x45, 0xaa, 0xc8, + 0x88, 0x7a, 0x67, 0x36, 0x07, 0x00, 0xdc, 0x7d, + 0x11, 0xc7, 0x6e, 0x49, 0xc5, 0x57, 0x80, 0xf2, + 0x49, 0xf5, 0xce, 0x62, 0x7b, 0xad, 0xb8, 0xae, + 0x24, 0x8d, 0x1d, 0x77, 0xbf, 0x83, 0xd6, 0xc3, + 0xf3, 0xa9, 0xb9, 0xe3, 0xa6, 0x47, 0x1a, 0x4a, + 0x91, 0x11, 0xd1, 0x4a, 0x48, 0x21, 0x10, 0x16, + 0x85, 0x49, 0xb4, 0x45, 0x7f, 0xdf, 0x0f, 0x34, 0x8a +}; +uchar_t ec_value_t409r1[] = { + 0x00, 0xef, 0x9d, 0x02, 0xa8, 0xef, 0xe4, 0xa2, + 0xe7, 0x5b, 0x6e, 0x3f, 0x15, 0x2f, 0x64, 0x5b, + 0x55, 0xc8, 0xbf, 0xec, 0xca, 0x3a, 0xeb, 0x1c, + 0xdd, 0x97, 0x4f, 0x3f, 0xb0, 0x08, 0xfb, 0x4e, + 0x1d, 0xd3, 0x40, 0x83, 0x75, 0x82, 0x56, 0x27, + 0x6b, 0xfd, 0x83, 0xa8, 0xb7, 0xb6, 0x27, 0xc2, + 0x85, 0x22, 0x4f, 0x34 +}; + +/* B-571 */ +uchar_t ec_param_oid_sect571r1[] = + {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x27}; +uchar_t ec_point_t571r1[] = { + 0x04, 0x04, 0x30, 0x6c, 0xfe, 0x2b, 0xff, 0x12, + 0x23, 0x8a, 0x3b, 0xe0, 0x07, 0x19, 0x8b, 0xd1, + 0xf9, 0x8c, 0x14, 0x3e, 0xea, 0x5f, 0x85, 0x7f, + 0x03, 0x20, 0x89, 0x9f, 0x9f, 0x6d, 0xde, 0xcd, + 0x35, 0x24, 0xa1, 0x83, 0xf7, 0xb9, 0xd1, 0x4b, + 0x4f, 0x20, 0xa8, 0x91, 0x36, 0xa4, 0x75, 0x5e, + 0xee, 0x5a, 0x0e, 0x47, 0xf0, 0xa9, 0xff, 0xb6, + 0x62, 0x65, 0x2b, 0x85, 0x01, 0x49, 0x59, 0x5f, + 0x1d, 0x37, 0x54, 0xf5, 0xdc, 0x61, 0x37, 0x48, + 0xbd, 0x02, 0xf2, 0xa2, 0x7d, 0x73, 0x00, 0xfb, + 0x15, 0x6c, 0x4e, 0x16, 0x22, 0x82, 0xdb, 0x9d, + 0xed, 0x6e, 0xa6, 0x5d, 0x97, 0x19, 0xbb, 0x30, + 0x13, 0x22, 0x71, 0x04, 0xc7, 0xd3, 0x83, 0xc2, + 0x2c, 0xcf, 0x2f, 0xf9, 0x90, 0xe2, 0x9a, 0xca, + 0x97, 0x6b, 0x3c, 0x1d, 0x22, 0xf1, 0x38, 0x6c, + 0x14, 0x4e, 0xa9, 0x8d, 0x37, 0xf5, 0x51, 0xbc, + 0x2b, 0xc8, 0x03, 0x47, 0x25, 0xd5, 0x30, 0x9b, + 0x64, 0xfc, 0x7e, 0x80, 0x70, 0x63, 0xc1, 0x34, 0x86 +}; +uchar_t ec_value_t571r1[] = { + 0x03, 0xa0, 0xb6, 0xf6, 0x40, 0x71, 0x56, 0xd8, + 0x88, 0xf4, 0x08, 0x13, 0xa1, 0x20, 0x8b, 0x03, + 0x04, 0xae, 0x67, 0xc0, 0x7d, 0x1f, 0x19, 0x4b, + 0x40, 0xab, 0x75, 0x65, 0x5f, 0x61, 0x0b, 0x0b, + 0x72, 0x1d, 0xc3, 0xdf, 0x5c, 0xd2, 0x41, 0xf7, + 0x74, 0xe2, 0x26, 0x4d, 0xba, 0xab, 0xcb, 0x6e, + 0xcd, 0x86, 0x57, 0x48, 0x7f, 0x3f, 0x2b, 0x91, + 0xab, 0x50, 0x61, 0xd0, 0x01, 0xd9, 0x1a, 0xec, + 0x7b, 0xb8, 0xcb, 0x3c, 0x72, 0xa7, 0xd5, 0x39 +}; diff --git a/usr/src/common/crypto/fips/fips_test_vectors.h b/usr/src/common/crypto/fips/fips_test_vectors.h new file mode 100644 index 0000000000..451ae64bb9 --- /dev/null +++ b/usr/src/common/crypto/fips/fips_test_vectors.h @@ -0,0 +1,246 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + */ + +#ifndef _FIPS_TEST_VECTORS_H +#define _FIPS_TEST_VECTORS_H + +#ifdef __cplusplus +extern "C" { +#endif + +#define DES3_KEY_SZ 24 +#define DES_IV_LEN 8 +#define DES_BLOCK_SZ 8 + +#define AES_BLOCK_SZ 16 +#define AES_MAX_KEY_SZ 32 + +#define AES_CCM_TLEN 16 +#define AES_CCM_NONCE_SZ 7 +#define AES_CCM_AUTHDATA_SZ 30 +#define AES_CCM_DATA_SZ 32 /* Payload size */ +#define AES_CCM_CIPHER_SZ (AES_CCM_DATA_SZ + AES_CCM_TLEN) + +#define AES_GCM_IV_LEN 12 +#define AES_GCM_AAD_LEN 16 +#define AES_GCM_DATA_SZ 16 +#define AES_GCM_CIPHER_SZ ((AES_GCM_DATA_SZ) + ((AES_GMAC_TAG_BITS) / 8)) + +#define AES_GMAC_IV_LEN 12 +#define AES_GMAC_AAD_LEN 16 +#define AES_GMAC_TAG_BITS 128 +#define AES_GMAC_TAG_SZ ((AES_GMAC_TAG_BITS) / 8) +#define AES_GMAC_CIPHER_SZ (AES_GMAC_TAG_SZ) + +#define SHA1_HASH_SZ 20 +#define SHA256_HASH_SZ 32 +#define SHA384_HASH_SZ 48 +#define SHA512_HASH_SZ 64 + + +extern uint8_t des3_known_key[DES3_KEY_SZ]; +extern uint8_t des3_cbc_known_iv[DES_IV_LEN]; +extern uint8_t des3_ecb_known_plaintext[DES_BLOCK_SZ]; +extern uint8_t des3_cbc_known_plaintext[DES_BLOCK_SZ]; +extern uint8_t des3_ecb_known_ciphertext[DES_BLOCK_SZ]; +extern uint8_t des3_cbc_known_ciphertext[DES_BLOCK_SZ]; + +extern uint8_t aes_known_key[AES_MAX_KEY_SZ]; +extern uint8_t aes_cbc_known_initialization_vector[AES_BLOCK_SZ]; +extern uint8_t aes_known_plaintext[AES_BLOCK_SZ]; +extern uint8_t aes_ecb128_known_ciphertext[AES_BLOCK_SZ]; +extern uint8_t aes_cbc128_known_ciphertext[AES_BLOCK_SZ]; +extern uint8_t aes_ecb192_known_ciphertext[AES_BLOCK_SZ]; +extern uint8_t aes_cbc192_known_ciphertext[AES_BLOCK_SZ]; +extern uint8_t aes_ecb256_known_ciphertext[AES_BLOCK_SZ]; +extern uint8_t aes_cbc256_known_ciphertext[AES_BLOCK_SZ]; + +extern uint8_t aes_ctr128_known_key[16]; +extern uint8_t aes_ctr192_known_key[24]; +extern uint8_t aes_ctr256_known_key[32]; +extern uint8_t aes_ctr_known_counter[AES_BLOCK_SZ]; +extern uint8_t aes_ctr_known_plaintext[AES_BLOCK_SZ]; +extern uint8_t aes_ctr128_known_ciphertext[AES_BLOCK_SZ]; +extern uint8_t aes_ctr192_known_ciphertext[AES_BLOCK_SZ]; +extern uint8_t aes_ctr256_known_ciphertext[AES_BLOCK_SZ]; + +extern uint8_t aes_ccm128_known_key[16]; +extern uint8_t aes_ccm192_known_key[24]; +extern uint8_t aes_ccm256_known_key[32]; +extern uint8_t aes_ccm128_known_nonce[AES_CCM_NONCE_SZ]; +extern uint8_t aes_ccm192_known_nonce[AES_CCM_NONCE_SZ]; +extern uint8_t aes_ccm256_known_nonce[AES_CCM_NONCE_SZ]; +extern uint8_t aes_ccm128_known_adata[AES_CCM_AUTHDATA_SZ]; +extern uint8_t aes_ccm192_known_adata[AES_CCM_AUTHDATA_SZ]; +extern uint8_t aes_ccm256_known_adata[AES_CCM_AUTHDATA_SZ]; +extern uint8_t aes_ccm128_known_plaintext[AES_CCM_DATA_SZ]; +extern uint8_t aes_ccm192_known_plaintext[AES_CCM_DATA_SZ]; +extern uint8_t aes_ccm256_known_plaintext[AES_CCM_DATA_SZ]; +extern uint8_t aes_ccm128_known_ciphertext[AES_CCM_CIPHER_SZ]; +extern uint8_t aes_ccm192_known_ciphertext[AES_CCM_CIPHER_SZ]; +extern uint8_t aes_ccm256_known_ciphertext[AES_CCM_CIPHER_SZ]; + +extern uint8_t aes_gcm128_known_key[16]; +extern uint8_t aes_gcm192_known_key[24]; +extern uint8_t aes_gcm256_known_key[32]; +extern uint8_t aes_gcm128_known_iv[AES_GCM_IV_LEN]; +extern uint8_t aes_gcm192_known_iv[AES_GCM_IV_LEN]; +extern uint8_t aes_gcm256_known_iv[AES_GCM_IV_LEN]; +extern uint8_t aes_gcm128_known_adata[AES_GCM_AAD_LEN]; +extern uint8_t aes_gcm192_known_adata[AES_GCM_AAD_LEN]; +extern uint8_t aes_gcm256_known_adata[AES_GCM_AAD_LEN]; +extern uint8_t aes_gcm128_known_plaintext[AES_BLOCK_SZ]; +extern uint8_t aes_gcm192_known_plaintext[AES_BLOCK_SZ]; +extern uint8_t aes_gcm256_known_plaintext[AES_BLOCK_SZ]; +extern uint8_t aes_gcm128_known_ciphertext[32]; +extern uint8_t aes_gcm192_known_ciphertext[32]; +extern uint8_t aes_gcm256_known_ciphertext[32]; + +extern uint8_t aes_gmac128_known_key[16]; +extern uint8_t aes_gmac192_known_key[24]; +extern uint8_t aes_gmac256_known_key[32]; +extern uint8_t aes_gmac128_known_iv[AES_GMAC_IV_LEN]; +extern uint8_t aes_gmac192_known_iv[AES_GMAC_IV_LEN]; +extern uint8_t aes_gmac256_known_iv[AES_GMAC_IV_LEN]; +extern uint8_t aes_gmac128_known_tag[AES_GMAC_TAG_SZ]; +extern uint8_t aes_gmac192_known_tag[AES_GMAC_TAG_SZ]; +extern uint8_t aes_gmac256_known_tag[AES_GMAC_TAG_SZ]; +extern uint8_t aes_gmac128_known_adata[AES_GMAC_AAD_LEN]; +extern uint8_t aes_gmac192_known_adata[AES_GMAC_AAD_LEN]; +extern uint8_t aes_gmac256_known_adata[AES_GMAC_AAD_LEN]; + + +extern uint8_t sha1_known_hash_message[64]; +extern uint8_t sha1_known_digest[SHA1_HASH_SZ]; +extern uint8_t HMAC_known_secret_key[8]; +extern uint8_t known_SHA1_hmac[10]; +extern uint8_t hmac_sha1_known_hash_message[128]; +extern uint8_t sha1_hmac_known_secret_key_2[SHA1_HASH_SZ]; +extern uint8_t sha1_hmac_known_hash_message_2[9]; +extern uint8_t sha1_known_hmac_2[SHA1_HASH_SZ]; + +extern uint8_t sha256_known_hash_message[64]; +extern uint8_t known_sha256_digest[SHA256_HASH_SZ]; +extern uint8_t sha384_known_hash_message[64]; +extern uint8_t known_sha384_digest[SHA384_HASH_SZ]; +extern uint8_t sha512_known_hash_message[64]; +extern uint8_t known_sha512_digest[SHA512_HASH_SZ]; +extern uint8_t sha256_hmac_known_hash_message[64]; +extern uint8_t sha256_hmac_known_secret_key[36]; +extern uint8_t known_sha256_hmac[SHA256_HASH_SZ]; +extern uint8_t sha256_hmac_known_hash_message_1[28]; +extern uint8_t sha256_hmac_known_secret_key_1[4]; +extern uint8_t sha256_known_hmac_1[SHA256_HASH_SZ]; +extern uint8_t sha256_hmac_known_hash_message_2[50]; +extern uint8_t sha256_hmac_known_secret_key_2[25]; +extern uint8_t sha256_known_hmac_2[SHA256_HASH_SZ]; +extern uint8_t sha384_hmac_known_secret_key[16]; +extern uint8_t sha384_hmac_known_hash_message[128]; +extern uint8_t known_sha384_hmac[SHA384_HASH_SZ]; +extern uint8_t sha512_hmac_known_secret_key[20]; +extern uint8_t sha512_hmac_known_hash_message[128]; +extern uint8_t known_sha512_hmac[SHA512_HASH_SZ]; + + +extern uint8_t rsa_modulus_1024[128]; +extern uint8_t rsa_public_exponent_1024[3]; +extern uint8_t rsa_private_exponent_1024[128]; +extern uint8_t rsa_prime1_1024[64]; +extern uint8_t rsa_prime2_1024[64]; +extern uint8_t rsa_exponent1_1024[64]; +extern uint8_t rsa_exponent2_1024[64]; +extern uint8_t rsa_coefficient_1024[64]; +extern uint8_t rsa_modulus_2048[256]; +extern uint8_t rsa_public_exponent_2048[1]; +extern uint8_t rsa_private_exponent_2048[256]; +extern uint8_t rsa_prime1_2048[128]; +extern uint8_t rsa_prime2_2048[128]; +extern uint8_t rsa_exponent1_2048[128]; +extern uint8_t rsa_exponent2_2048[128]; +extern uint8_t rsa_coefficient_2048[128]; +extern uint8_t rsa_known_plaintext_msg[128]; +extern uint8_t rsa_x509_known_signature_1024[128]; +extern uint8_t rsa_pkcs_known_signature_1024[128]; +extern uint8_t rsa_x509_known_signature_2048[256]; +extern uint8_t rsa_pkcs_known_signature_2048[256]; + +extern uint8_t dsa_base_1024[128]; +extern uint8_t dsa_prime_1024[128]; +extern uint8_t dsa_subprime_1024[20]; +extern uint8_t dsa_privalue_1024[20]; +extern uint8_t dsa_pubvalue_1024[128]; +extern uint8_t dsa_known_data[20]; + +extern uint8_t ec_param_oid_secp192r1[10]; +extern uint8_t ec_point_p192r1[49]; +extern uint8_t ec_value_p192r1[24]; +extern uint8_t ec_param_oid_secp224r1[7]; +extern uint8_t ec_point_p224r1[57]; +extern uint8_t ec_value_p224r1[28]; +extern uint8_t ec_param_oid_secp256r1[10]; +extern uint8_t ec_point_p256r1[65]; +extern uint8_t ec_value_p256r1[32]; +extern uint8_t ec_param_oid_secp384r1[7]; +extern uint8_t ec_point_p384r1[97]; +extern uint8_t ec_value_p384r1[48]; +extern uint8_t ec_param_oid_secp521r1[7]; +extern uint8_t ec_point_p521r1[133]; +extern uint8_t ec_value_p521r1[66]; +extern uint8_t ec_param_oid_sect163k1[7]; +extern uint8_t ec_point_t163k1[43]; +extern uint8_t ec_value_t163k1[21]; +extern uint8_t ec_param_oid_sect233k1[7]; +extern uint8_t ec_point_t233k1[61]; +extern uint8_t ec_value_t233k1[30]; +extern uint8_t ec_param_oid_sect283k1[7]; +extern uint8_t ec_point_t283k1[73]; +extern uint8_t ec_value_t283k1[36]; +extern uint8_t ec_param_oid_sect409k1[7]; +extern uint8_t ec_point_t409k1[105]; +extern uint8_t ec_value_t409k1[52]; +extern uint8_t ec_param_oid_sect571k1[7]; +extern uint8_t ec_point_t571k1[145]; +extern uint8_t ec_value_t571k1[72]; +extern uint8_t ec_param_oid_sect163r2[7]; +extern uint8_t ec_point_t163r2[43]; +extern uint8_t ec_value_t163r2[21]; +extern uint8_t ec_param_oid_sect233r1[7]; +extern uint8_t ec_point_t233r1[61]; +extern uint8_t ec_value_t233r1[30]; +extern uint8_t ec_param_oid_sect283r1[7]; +extern uint8_t ec_point_t283r1[73]; +extern uint8_t ec_value_t283r1[36]; +extern uint8_t ec_param_oid_sect409r1[7]; +extern uint8_t ec_point_t409r1[105]; +extern uint8_t ec_value_t409r1[52]; +extern uint8_t ec_param_oid_sect571r1[7]; +extern uint8_t ec_point_t571r1[145]; +extern uint8_t ec_value_t571r1[72]; + +#ifdef __cplusplus +} +#endif + +#endif /* _FIPS_TEST_VECTORS_H */ diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/Makefile.com b/usr/src/lib/pkcs11/pkcs11_softtoken/Makefile.com index 76218533ae..eeba64cf59 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/Makefile.com +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/Makefile.com @@ -79,7 +79,8 @@ RNG_COBJECTS = fips_random.o FIPS_COBJECTS = fips_aes_util.o fips_des_util.o \ fips_sha1_util.o fips_sha2_util.o \ fips_dsa_util.o fips_rsa_util.o \ - fips_ecc_util.o fips_random_util.o + fips_ecc_util.o fips_random_util.o \ + fips_test_vectors.o ECC_OBJECTS = $(ECC_COBJECTS) $(ECC_PSR_OBJECTS) MPI_OBJECTS = $(MPI_COBJECTS) $(MPI_PSR_OBJECTS) diff --git a/usr/src/tools/Makefile b/usr/src/tools/Makefile index 028ae314e0..e0ed863986 100644 --- a/usr/src/tools/Makefile +++ b/usr/src/tools/Makefile @@ -53,7 +53,8 @@ COMMON_SUBDIRS= \ # special versions of commands for use only in build # UNSHIPPED_SUBDIRS = \ - elfsign + elfsign \ + fips_addchecksum sparc_SUBDIRS= \ chk4ubin \ diff --git a/usr/src/tools/fips_addchecksum/Makefile b/usr/src/tools/fips_addchecksum/Makefile new file mode 100644 index 0000000000..1140379e38 --- /dev/null +++ b/usr/src/tools/fips_addchecksum/Makefile @@ -0,0 +1,65 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# +# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. +# +# + +CRYPTODIR = $(SRC)/common/crypto + +PROG = fips_addchecksum +OBJS = fips_addchecksum.o fips_checksum.o +SRCS = $(OBJS:.o=.c) +LINTFILES = $(OBJS:.o=.ln) + +include ../Makefile.tools + +INCS += -I $(CRYPTODIR) + +CFLAGS += $(CCVERBOSE) $(INCS) +LINTFLAGS += $(INCS) + +LDLIBS += -lmd -lelf + +.KEEP_STATE: + +all: $(PROG) + +$(PROG): $(OBJS) + $(LINK.c) $(OBJS) -o $@ $(LDLIBS) $(DYNFLAGS) + $(POST_PROCESS) + +%.o: $(CRYPTODIR)/fips/%.c + $(COMPILE.c) $(CFLAGS) -o $@ -c $< + + +install: all $(ROOTPROG) + +clean: + $(RM) -f $(OBJS) $(PROG) $(LINTFILES) + +%.ln: $(CRYPTODIR)/fips/%.c + $(LINT.c) -c $< + +lint: $(LINTFILES) + $(LINT) $(LINTFLAGS) $(LINTFILES) $(LDLIBS) + +include $(SRC)/cmd/Makefile.targ diff --git a/usr/src/uts/Makefile.uts b/usr/src/uts/Makefile.uts index bc90d534a2..ce2148c475 100644 --- a/usr/src/uts/Makefile.uts +++ b/usr/src/uts/Makefile.uts @@ -674,3 +674,9 @@ PRIVS_DEF = $(SRC)/uts/common/os/priv_defs # USBDEVS_AWK = $(SRC)/uts/common/io/usb/usbdevs2h.awk USBDEVS_DATA = $(SRC)/uts/common/io/usb/usbdevs + +# +# FIPS140 Self Integrity Check Command for HW Crypto modules +# +FIPS140_CMDDIR = $(SRC)/tools/fips_addchecksum +FIPS140_CHECK = $(FIPS140_CMDDIR)/fips_addchecksum $(BINARY) diff --git a/usr/src/uts/common/Makefile.files b/usr/src/uts/common/Makefile.files index 0cf13ebeee..7a4e3ab1d8 100644 --- a/usr/src/uts/common/Makefile.files +++ b/usr/src/uts/common/Makefile.files @@ -1517,7 +1517,8 @@ KCF_OBJS += kcf.o kcf_callprov.o kcf_cbufcall.o kcf_cipher.o kcf_crypto.o \ kcf_keys.o kcf_mac.o kcf_mech_tabs.o kcf_miscapi.o \ kcf_object.o kcf_policy.o kcf_prov_lib.o kcf_prov_tabs.o \ kcf_sched.o kcf_session.o kcf_sign.o kcf_spi.o kcf_verify.o \ - kcf_random.o modes.o ecb.o cbc.o ctr.o ccm.o gcm.o fips_random.o + kcf_random.o modes.o ecb.o cbc.o ctr.o ccm.o gcm.o \ + fips_random.o fips_checksum.o fips_test_vectors.o CRYPTOADM_OBJS += cryptoadm.o diff --git a/usr/src/uts/common/bignum/bignum_mod.c b/usr/src/uts/common/bignum/bignum_mod.c index 7ef8113537..938eb50d48 100644 --- a/usr/src/uts/common/bignum/bignum_mod.c +++ b/usr/src/uts/common/bignum/bignum_mod.c @@ -19,19 +19,16 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <sys/types.h> #include <sys/systm.h> #include <sys/modctl.h> #include <sys/cmn_err.h> #include <sys/ddi.h> - +#include <fips/fips_checksum.h> extern struct mod_ops mod_cryptoops; @@ -64,3 +61,14 @@ _info(struct modinfo *modinfop) { return (mod_info(&modlinkage, modinfop)); } + +int +bignum_fips_check() +{ + if (fips_check_module("misc/bignum", (void *)_init) != 0) { + cmn_err(CE_WARN, "bignum: FIPS-140 Software Integrity Test " + "failed"); + return (EINVAL); + } + return (0); +} diff --git a/usr/src/uts/intel/bignum/Makefile b/usr/src/uts/intel/bignum/Makefile index 71a396f2fe..a7d2760596 100644 --- a/usr/src/uts/intel/bignum/Makefile +++ b/usr/src/uts/intel/bignum/Makefile @@ -19,10 +19,7 @@ # CDDL HEADER END # # -# Copyright 2008 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -#ident "%Z%%M% %I% %E% SMI" +# Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. # # This makefile drives the production of the RSA KEF provider. # @@ -34,6 +31,7 @@ # UTSBASE = ../.. BIGNUMDIR = $(COMMONBASE)/bignum +CRYPTODIR = $(COMMONBASE)/crypto # # Define the module and object file sets. @@ -62,9 +60,9 @@ INSTALL_TARGET = $(BINARY) $(ROOTMODULE) # # Linkage dependencies # -LDFLAGS += -dy +LDFLAGS += -dy -Nmisc/kcf -CPPFLAGS += -I$(BIGNUMDIR) +CPPFLAGS += -I$(BIGNUMDIR) -I$(CRYPTODIR) # # Default build targets. diff --git a/usr/src/uts/sparc/bignum/Makefile b/usr/src/uts/sparc/bignum/Makefile index e71ef2d772..76892e18be 100644 --- a/usr/src/uts/sparc/bignum/Makefile +++ b/usr/src/uts/sparc/bignum/Makefile @@ -19,10 +19,8 @@ # CDDL HEADER END # # -# Copyright 2008 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. # -#ident "%Z%%M% %I% %E% SMI" # # This makefile drives the production of the misx/bignum module. # @@ -33,6 +31,7 @@ # Path to the base of the uts directory tree (usually /usr/src/uts). # UTSBASE = ../.. +CRYPTODIR = $(COMMONBASE)/crypto COM1_DIR = $(COMMONBASE)/bignum # @@ -49,6 +48,12 @@ ROOTMODULE = $(ROOT_MISC_DIR)/$(MODULE) include $(UTSBASE)/sparc/Makefile.sparc # +# FIPS-140 Self Integrity Test +# +POST_PROCESS += ; $(FIPS140_CHECK) + + +# # Define targets # ALL_TARGET = $(BINARY) @@ -58,14 +63,14 @@ INSTALL_TARGET = $(BINARY) $(ROOTMODULE) # # Linkage dependencies # -LDFLAGS += -dy +LDFLAGS += -dy -Nmisc/kcf # # lint pass one enforcement # -CFLAGS += $(CCVERBOSE) -I$(COM1_DIR) +CFLAGS += $(CCVERBOSE) -I$(CRYPTODIR) -I$(COM1_DIR) CFLAGS += -DUMUL64 -LINTFLAGS += -I$(COM1_DIR) +LINTFLAGS += -I$(CRYPTODIR) -I$(COM1_DIR) # diff --git a/usr/src/uts/sun4u/bignum/Makefile b/usr/src/uts/sun4u/bignum/Makefile index e1bd7658da..68bec2efe5 100644 --- a/usr/src/uts/sun4u/bignum/Makefile +++ b/usr/src/uts/sun4u/bignum/Makefile @@ -18,9 +18,7 @@ # # CDDL HEADER END # -# -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. # # This makefile drives the production of the misc/bignum module. # @@ -31,6 +29,7 @@ # Path to the base of the uts directory tree (usually /usr/src/uts). # UTSBASE = ../.. +CRYPTODIR = $(COMMONBASE)/crypto COM1_DIR = $(COMMONBASE)/bignum # @@ -56,14 +55,14 @@ INSTALL_TARGET = $(BINARY) $(ROOTMODULE) # # Linkage dependencies # -LDFLAGS += -dy +LDFLAGS += -dy -Nmisc/kcf # # lint pass one enforcement # -CFLAGS += $(CCVERBOSE) -I$(COM1_DIR) +CFLAGS += $(CCVERBOSE) -I$(CRYPTODIR) -I$(COM1_DIR) CFLAGS += -DUMUL64 -DUSE_FLOATING_POINT -LINTFLAGS += -I$(COM1_DIR) +LINTFLAGS += -I$(CRYPTODIR) -I$(COM1_DIR) # # Default build targets. diff --git a/usr/src/uts/sun4v/Makefile.files b/usr/src/uts/sun4v/Makefile.files index d8b201668f..c5632bf5fc 100644 --- a/usr/src/uts/sun4v/Makefile.files +++ b/usr/src/uts/sun4v/Makefile.files @@ -20,8 +20,7 @@ # # -# Copyright 2010 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. # # This Makefile defines all file modules for the directory uts/sun4v # and it's children. These are the source files which are sun4v @@ -126,7 +125,7 @@ TRAPSTAT_OBJS += trapstat.o NIUMX_OBJS += niumx.o niumx_tools.o N2RNG_OBJS += n2rng.o n2rng_debug.o n2rng_hcall.o n2rng_kcf.o \ n2rng_entp_algs.o n2rng_entp_setup.o n2rng_kstat.o \ - n2rng_provider.o + n2rng_provider.o n2rng_post.o # # CPU/Memory Error Injector (memtest) sun4v driver diff --git a/usr/src/uts/sun4v/io/n2rng/n2rng.c b/usr/src/uts/sun4v/io/n2rng/n2rng.c index f214a106a5..90b64d1359 100644 --- a/usr/src/uts/sun4v/io/n2rng/n2rng.c +++ b/usr/src/uts/sun4v/io/n2rng/n2rng.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. */ @@ -48,6 +47,7 @@ #include <sys/machsystm.h> #include <sys/hypervisor_api.h> #include <sys/n2rng.h> +#include <fips/fips_checksum.h> static int n2rng_attach(dev_info_t *, ddi_attach_cmd_t); static int n2rng_detach(dev_info_t *, ddi_detach_cmd_t); @@ -300,6 +300,17 @@ n2rng_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) goto errorexit; } + if (n2rng->n_is_fips == B_TRUE) { + /* + * FIPs Post test: Feed the known seed and make sure it + * produces the known random number. + */ + if (n2rng_fips_rng_post() != CRYPTO_SUCCESS) { + n2rng_diperror(dip, "n2rng: FIPs POST test failed\n"); + goto errorexit; + } + } + return (DDI_SUCCESS); errorexit: @@ -1065,6 +1076,11 @@ n2rng_init_ctl(n2rng_t *n2rng) DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS, "hc_seconds", RNG_DEFAULT_HC_SECS); + /* get fips configuration : FALSE by default */ + n2rng->n_is_fips = ddi_getprop(DDI_DEV_T_ANY, n2rng->n_dip, + DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS, + N2RNG_FIPS_STRING, B_FALSE); + /* API versions prior to 2.0 do not support health checks */ if ((n2rng->n_hvapi_major_version < 2) && (n2rng->n_ctl_data->n_hc_secs > 0)) { @@ -1075,6 +1091,16 @@ n2rng_init_ctl(n2rng_t *n2rng) n2rng->n_ctl_data->n_hc_secs = 0; } + + if (n2rng->n_is_fips == B_TRUE) { + /* When in FIPs mode, run the module integrity test */ + if (fips_check_module("drv/n2rng", (void *)_init) != 0) { + cmn_err(CE_WARN, "n2rng: FIPs Software Integrity Test " + "failed\n"); + return (DDI_FAILURE); + } + } + /* Calculate watchdog timeout value */ if (n2rng->n_ctl_data->n_hc_secs <= 0) { n2rng->n_ctl_data->n_watchdog_cycles = 0; diff --git a/usr/src/uts/sun4v/io/n2rng/n2rng_post.c b/usr/src/uts/sun4v/io/n2rng/n2rng_post.c new file mode 100644 index 0000000000..ae3780b50a --- /dev/null +++ b/usr/src/uts/sun4v/io/n2rng/n2rng_post.c @@ -0,0 +1,74 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + */ + +#include <sys/types.h> +#include <sys/param.h> +#include <sys/errno.h> +#include <sys/kmem.h> +#include <sys/systm.h> +#include <sys/sha1.h> +#include <sys/crypto/common.h> +#include <sys/cmn_err.h> +#include <rng/fips_random.h> + + +int +n2rng_fips_rng_post(void) +{ + static uint8_t XKeyValue[] = { + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 + }; + + static uint8_t XSeed[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 + }; + + static uint8_t rng_known_GENX[] = { + 0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, + 0x32, 0x55, 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, + 0xaf, 0xd8, 0x07, 0x09 + }; + + uint8_t GENX[SHA1_HASH_SIZE]; + uint8_t XKey[SHA1_HASH_SIZE]; + + (void) memcpy(XKey, XKeyValue, SHA1_HASH_SIZE); + + /* Generate X with a known seed. */ + fips_random_inner( + (uint32_t *)(void *)XKey, + (uint32_t *)(void *)GENX, + (uint32_t *)(void *)XSeed); + + /* Verify GENX to perform the RNG integrity check */ + if ((memcmp(GENX, rng_known_GENX, (SHA1_HASH_SIZE)) != 0)) + return (CRYPTO_DEVICE_ERROR); + else + return (CRYPTO_SUCCESS); +} diff --git a/usr/src/uts/sun4v/io/n2rng/n2rng_provider.c b/usr/src/uts/sun4v/io/n2rng/n2rng_provider.c index 3a596d5e63..6c50d14923 100644 --- a/usr/src/uts/sun4v/io/n2rng/n2rng_provider.c +++ b/usr/src/uts/sun4v/io/n2rng/n2rng_provider.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <sys/types.h> @@ -141,7 +140,35 @@ fips_random(n2rng_t *n2rng, uint8_t *out, size_t nbytes) /* nbytes - i is bytes to go */ fips_random_inner(frsp->XKEY, tempout, entropy.as32); - bcopy(tempout, &out[i], min(nbytes - i, SHA1BYTES)); + + /* + * Compare last round with the results of this round, fail + * if identical. Save for next round. + */ + if (n2rng->n_is_fips == B_TRUE) { + uint32_t differ = 0; + int j; + + for (j = 0; j < 5; j++) { + differ |= tempout[j] ^ frsp->x_jminus1[j]; + frsp->x_jminus1[j] = tempout[j]; + } + if (differ == 0) { + /* + * If differ == 0, the RNG produced the same + * answer twice. By FIPS 140-2 Section 4.9 we + * must enter an error state. + */ + mutex_exit(&frsp->mtx); + n2rng_failure(n2rng); + cmn_err(CE_WARN, + "n2rng: Continuous random number generator" + " test of FIPS-140 RNG failed."); + return (EIO); + } + } + + bcopy(tempout, &out[i], min(nbytes - i, SHA1BYTES)); mutex_exit(&frsp->mtx); } @@ -171,6 +198,7 @@ n2rng_fips_random_init(n2rng_t *n2rng, fipsrandomstruct_t *frsp) */ int rv; + static uint32_t FIPS_RNG_NO_USER_INPUT[] = {0, 0, 0, 0, 0}; rv = n2rng_getentropy(n2rng, (void *)frsp->XKEY, ROUNDUP(SHA1BYTES, 8)); if (rv) { @@ -179,6 +207,9 @@ n2rng_fips_random_init(n2rng_t *n2rng, fipsrandomstruct_t *frsp) frsp->entropyhunger = 0; mutex_init(&frsp->mtx, NULL, MUTEX_DRIVER, NULL); + /* compute the first (compare only) random value */ + fips_random_inner(frsp->XKEY, frsp->x_jminus1, FIPS_RNG_NO_USER_INPUT); + return (0); } diff --git a/usr/src/uts/sun4v/n2rng/Makefile b/usr/src/uts/sun4v/n2rng/Makefile index 7f448c0e20..5ef3bcc564 100644 --- a/usr/src/uts/sun4v/n2rng/Makefile +++ b/usr/src/uts/sun4v/n2rng/Makefile @@ -20,8 +20,7 @@ # # uts/sun4v/n2rng/Makefile # -# Copyright 2008 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. # # # @@ -51,6 +50,11 @@ CONF_SRCDIR = $(UTSBASE)/sun4v/io/n2rng include $(UTSBASE)/sun4v/Makefile.sun4v # +# FIPS-140 Self Integrity Test +# +POST_PROCESS += ; $(FIPS140_CHECK) + +# # Override defaults to build a unique, local modstubs.o. # MODSTUBS_DIR = $(OBJS_DIR) diff --git a/usr/src/uts/sun4v/sys/n2rng.h b/usr/src/uts/sun4v/sys/n2rng.h index 2ed06355d7..6545cccc13 100644 --- a/usr/src/uts/sun4v/sys/n2rng.h +++ b/usr/src/uts/sun4v/sys/n2rng.h @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. */ #ifndef _SYS_N2RNG_H @@ -121,6 +120,11 @@ typedef struct { #define N2RNG_NOANALOGOUT 0x2 /* + * n2rng: config variable in the n2rng.conf file + */ +#define N2RNG_FIPS_STRING "n2rng-fips-140" + +/* * There can only be N2_RNG_FIPS_INSTANCES concurrent RNG requsts from * the framework. Making this value large helps benchmarks. It * should probably come from a conf file, but for now it is hard @@ -134,6 +138,7 @@ struct fipsrandomstruct { kmutex_t mtx; uint64_t entropyhunger; /* RNGs generated with no entropy */ uint32_t XKEY[6]; /* one extra word for getentropy */ + uint32_t x_jminus1[5]; /* store the last output */ }; typedef struct { @@ -234,6 +239,7 @@ typedef struct n2rng { md_t *n_mdp; uint64_t n_sticks_per_usec; ddi_taskq_t *n_taskq; + boolean_t n_is_fips; } n2rng_t; typedef kstat_named_t n2rng_kstat_bias_t[N2RNG_MAX_RNGS][N2RNG_NOSC]; @@ -366,6 +372,11 @@ uint64_t hv_rng_data_read_diag_v2(uint64_t data_pa, size_t datalen, uint64_t rngid, uint64_t *tdelta); uint64_t hv_rng_data_read(uint64_t data_pa, uint64_t *tdelta); +/* + * n2rng_post.c + */ +int n2rng_fips_rng_post(void); + #endif /* _KERNEL */ #endif /* !_ASM */ |