From 75622f1ece530cab5ee1864c8d1e3d2dec5d6913 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Sun, 27 Jul 2003 17:00:51 +0000 Subject: [PATCH] Unfinished FIPS stuff for review/improvement. --- Configure | 2 + Makefile.org | 15 +- crypto/aes/Makefile.ssl | 3 +- crypto/aes/aes_core.c | 4 + crypto/cryptlib.c | 5 + crypto/des/des.h | 2 +- crypto/des/des_old.c | 2 +- crypto/des/destest.c | 4 +- crypto/des/ecb3_enc.c | 4 +- crypto/dsa/Makefile.ssl | 11 +- crypto/dsa/dsa_ossl.c | 2 + crypto/dsa/dsa_sign.c | 12 + crypto/dsa/dsa_vrf.c | 8 + crypto/engine/engine.h | 4 + crypto/err/err.h | 2 + crypto/err/err_all.c | 4 + crypto/err/openssl.ec | 1 + crypto/evp/Makefile.ssl | 15 +- crypto/evp/c_all.c | 1 + crypto/evp/e_aes.c | 16 +- crypto/evp/e_des3.c | 2 +- crypto/evp/evp.h | 2 + crypto/evp/evp_err.c | 4 +- crypto/md32_common.h | 11 + crypto/md4/Makefile.ssl | 11 +- crypto/md5/Makefile.ssl | 11 +- crypto/rand/Makefile.ssl | 32 +- crypto/rand/md_rand.c | 9 + crypto/rand/rand.h | 2 + crypto/rand/rand_err.c | 4 +- crypto/rand/rand_lib.c | 11 + crypto/ripemd/Makefile.ssl | 9 +- crypto/sha/Makefile.ssl | 22 +- fips/.cvsignore | 1 + fips/Makefile.ssl | 155 ++++ fips/aes/.cvsignore | 4 + fips/aes/Makefile.ssl | 95 +++ fips/aes/fingerprint.sha1 | 2 + fips/aes/fips_aes_core.c | 1260 ++++++++++++++++++++++++++++++ fips/aes/fips_aes_locl.h | 85 ++ fips/aes/fips_aesavs.c | 896 +++++++++++++++++++++ fips/dsa/.cvsignore | 2 + fips/dsa/Makefile.ssl | 95 +++ fips/dsa/fingerprint.sha1 | 1 + fips/dsa/fips_dsa_ossl.c | 366 +++++++++ fips/dsa/fips_dsatest.c | 252 ++++++ fips/fingerprint.sha1 | 3 + fips/fips.c | 74 ++ fips/fips.h | 85 ++ fips/fips_check_sha1 | 7 + fips/fips_err.c | 96 +++ fips/fips_make_sha1 | 21 + fips/lib | 0 fips/rand/.cvsignore | 2 + fips/rand/Makefile.ssl | 94 +++ fips/rand/fingerprint.sha1 | 2 + fips/rand/fips_rand.c | 236 ++++++ fips/rand/fips_rand.h | 55 ++ fips/rand/fips_randtest.c | 348 +++++++++ fips/sha1/.cvsignore | 3 + fips/sha1/Makefile.ssl | 94 +++ fips/sha1/fingerprint.sha1 | 3 + fips/sha1/fips_md32_common.h | 637 +++++++++++++++ fips/sha1/fips_sha1dgst.c | 76 ++ fips/sha1/fips_sha1test.c | 128 +++ fips/sha1/fips_sha_locl.h | 472 +++++++++++ fips/sha1/fips_standalone_sha1.c | 101 +++ fips/sha1/standalone.sha1 | 4 + test/Makefile.ssl | 94 ++- util/mkerr.pl | 3 +- 70 files changed, 6025 insertions(+), 74 deletions(-) create mode 100644 fips/.cvsignore create mode 100644 fips/Makefile.ssl create mode 100644 fips/aes/.cvsignore create mode 100644 fips/aes/Makefile.ssl create mode 100644 fips/aes/fingerprint.sha1 create mode 100644 fips/aes/fips_aes_core.c create mode 100644 fips/aes/fips_aes_locl.h create mode 100644 fips/aes/fips_aesavs.c create mode 100644 fips/dsa/.cvsignore create mode 100644 fips/dsa/Makefile.ssl create mode 100644 fips/dsa/fingerprint.sha1 create mode 100644 fips/dsa/fips_dsa_ossl.c create mode 100644 fips/dsa/fips_dsatest.c create mode 100644 fips/fingerprint.sha1 create mode 100644 fips/fips.c create mode 100644 fips/fips.h create mode 100755 fips/fips_check_sha1 create mode 100644 fips/fips_err.c create mode 100755 fips/fips_make_sha1 create mode 100644 fips/lib create mode 100644 fips/rand/.cvsignore create mode 100644 fips/rand/Makefile.ssl create mode 100644 fips/rand/fingerprint.sha1 create mode 100644 fips/rand/fips_rand.c create mode 100644 fips/rand/fips_rand.h create mode 100644 fips/rand/fips_randtest.c create mode 100644 fips/sha1/.cvsignore create mode 100644 fips/sha1/Makefile.ssl create mode 100644 fips/sha1/fingerprint.sha1 create mode 100644 fips/sha1/fips_md32_common.h create mode 100644 fips/sha1/fips_sha1dgst.c create mode 100644 fips/sha1/fips_sha1test.c create mode 100644 fips/sha1/fips_sha_locl.h create mode 100644 fips/sha1/fips_standalone_sha1.c create mode 100644 fips/sha1/standalone.sha1 diff --git a/Configure b/Configure index 7763dc4138..5251903ba2 100755 --- a/Configure +++ b/Configure @@ -140,6 +140,8 @@ my %table=( "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", +"debug-ben-fips","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DFIPS -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", +"debug-ben-fips-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DFIPS -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", diff --git a/Makefile.org b/Makefile.org index e80b22a32a..61f11f4147 100644 --- a/Makefile.org +++ b/Makefile.org @@ -173,8 +173,8 @@ LIBKRB5= # we might set SHLIB_MARK to '$(SHARED_LIBS)'. SHLIB_MARK= -DIRS= crypto ssl $(SHLIB_MARK) apps test tools -SHLIBDIRS= crypto ssl +DIRS= fips crypto ssl $(SHLIB_MARK) apps test tools +SHLIBDIRS= fips crypto ssl # dirs in crypto to build SDIRS= \ @@ -202,6 +202,7 @@ ONEDIRS=out tmp EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS WDIRS= windows LIBS= libcrypto.a libssl.a +SIGS= libcrypto.a.sha1 libcrypto$(SHLIBEXT).sha1 SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) SHARED_LIBS= @@ -219,7 +220,7 @@ HEADER= e_os.h # When we're prepared to use shared libraries in the programs we link here # we might remove 'clean-shared' from the targets to perform at this stage -all: Makefile.ssl sub_all openssl.pc +all: Makefile.ssl sub_all openssl.pc sigs sub_all: @for i in $(DIRS); \ @@ -831,6 +832,14 @@ install: all install_docs sed -e '1,/^$$/d' doc/openssl-shared.txt; \ fi; \ fi + @for i in $(SIGS) ;\ + do \ + if [ -f "$$i" ]; then \ + ( echo installing $$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ + fi; \ + done; cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig diff --git a/crypto/aes/Makefile.ssl b/crypto/aes/Makefile.ssl index 364d05bbfe..a39bc9065e 100644 --- a/crypto/aes/Makefile.ssl +++ b/crypto/aes/Makefile.ssl @@ -91,7 +91,8 @@ aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h +aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h +aes_core.o: aes_core.c aes_locl.h aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index 2f41a825f8..0b925a8566 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -37,8 +37,11 @@ #include #include +#include #include "aes_locl.h" +#ifndef FIPS + /* Te0[x] = S [x].[02, 01, 01, 03]; Te1[x] = S [x].[03, 02, 01, 01]; @@ -1255,3 +1258,4 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, PUTU32(out + 12, s3); } +#endif /* ndef FIPS */ diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 2924def2bb..8fe063ff5e 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -66,6 +66,11 @@ static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ #endif +#ifdef FIPS +int FIPS_mode; +void *FIPS_rand_check; +#endif /* def FIPS */ + DECLARE_STACK_OF(CRYPTO_dynlock) IMPLEMENT_STACK_OF(CRYPTO_dynlock) diff --git a/crypto/des/des.h b/crypto/des/des.h index daaf239dbe..bb3a0e299d 100644 --- a/crypto/des/des.h +++ b/crypto/des/des.h @@ -128,7 +128,7 @@ OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode); /* defaults to DES_PCBC_MODE */ #define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) const char *DES_options(void); -void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, +void DES_ecb3_encrypt(const unsigned char *input, unsigned char *output, DES_key_schedule *ks1,DES_key_schedule *ks2, DES_key_schedule *ks3, int enc); DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output, diff --git a/crypto/des/des_old.c b/crypto/des/des_old.c index 7e4cd7180d..88e9802aad 100644 --- a/crypto/des/des_old.c +++ b/crypto/des/des_old.c @@ -84,7 +84,7 @@ void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock des_key_schedule ks1,des_key_schedule ks2, des_key_schedule ks3, int enc) { - DES_ecb3_encrypt((const_DES_cblock *)input, output, + DES_ecb3_encrypt((const unsigned char *)input, (unsigned char *)output, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, (DES_key_schedule *)ks3, enc); } diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 3983ac8e5f..e3e9d77f14 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -439,8 +439,8 @@ int main(int argc, char *argv[]) memcpy(in,plain_data[i],8); memset(out,0,8); memset(outin,0,8); - des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT); - des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT); + des_ecb2_encrypt(in,out,ks,ks2,DES_ENCRYPT); + des_ecb2_encrypt(out,outin,ks,ks2,DES_DECRYPT); if (memcmp(out,cipher_ecb2[i],8) != 0) { diff --git a/crypto/des/ecb3_enc.c b/crypto/des/ecb3_enc.c index c3437bc606..fa0c9c4d4f 100644 --- a/crypto/des/ecb3_enc.c +++ b/crypto/des/ecb3_enc.c @@ -58,15 +58,13 @@ #include "des_locl.h" -void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, +void DES_ecb3_encrypt(const unsigned char *in, unsigned char *out, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, int enc) { register DES_LONG l0,l1; DES_LONG ll[2]; - const unsigned char *in = &(*input)[0]; - unsigned char *out = &(*output)[0]; c2l(in,l0); c2l(in,l1); diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl index 014d006347..045d302ce8 100644 --- a/crypto/dsa/Makefile.ssl +++ b/crypto/dsa/Makefile.ssl @@ -153,7 +153,8 @@ dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/fips.h dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h @@ -164,8 +165,10 @@ dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dsa_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h +dsa_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c +dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dsa_vrf.o: ../../include/openssl/ui.h ../cryptlib.h dsa_vrf.c diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index b9e7f3ea5c..f95ffa9fe1 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -65,6 +65,7 @@ #include #include +#ifndef FIPS static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, @@ -346,3 +347,4 @@ static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, { return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); } +#endif diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 89205026f0..03846e539b 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -64,9 +64,17 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#include DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { +#ifdef FIPS + if(FIPS_mode && !FIPS_dsa_check(dsa)) + return NULL; +#endif return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } @@ -87,6 +95,10 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { +#ifdef FIPS + if(FIPS_mode && !FIPS_dsa_check(dsa)) + return 0; +#endif return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); } diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index c4aeddd056..d8728a0ebc 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -65,10 +65,18 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#include int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { +#ifdef FIPS + if(FIPS_mode && !FIPS_dsa_check(dsa)) + return -1; +#endif return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); } diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 8686879e1a..84fb5a2a62 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -630,6 +630,10 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, if(!fn(e,id)) return 0; \ return 1; } +#if defined(__OpenBSD__) || defined(__FreeBSD__) +void ENGINE_setup_bsd_cryptodev(void); +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/crypto/err/err.h b/crypto/err/err.h index 988ef81aa0..1ba9913b64 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -131,6 +131,7 @@ typedef struct err_state_st #define ERR_LIB_OCSP 39 #define ERR_LIB_UI 40 #define ERR_LIB_COMP 41 +#define ERR_LIB_FIPS 42 #define ERR_LIB_USER 128 @@ -159,6 +160,7 @@ typedef struct err_state_st #define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__) #define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) +#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) /* Borland C seems too stupid to be able to shift and do longs in * the pre-processor :-( */ diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index dc505d9d9d..c8e2dafd93 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -87,6 +87,7 @@ #endif #include #include +#include void ERR_load_crypto_strings(void) { @@ -129,5 +130,8 @@ void ERR_load_crypto_strings(void) #endif ERR_load_OCSP_strings(); ERR_load_UI_strings(); +#endif +#ifdef FIPS + ERR_load_FIPS_strings(); #endif } diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 29a69dfdd4..378fbb9242 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -27,6 +27,7 @@ L DSO crypto/dso/dso.h crypto/dso/dso_err.c L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c L UI crypto/ui/ui.h crypto/ui/ui_err.c +L FIPS fips/fips.h fips/fips_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index 3279be5bda..772afd71f5 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -185,13 +185,14 @@ c_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h c_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h c_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -c_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -c_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -c_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -c_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h +c_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +c_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c index 1b31a14e37..879d84ae79 100644 --- a/crypto/evp/c_all.c +++ b/crypto/evp/c_all.c @@ -59,6 +59,7 @@ #include #include "cryptlib.h" #include +#include #if 0 #undef OpenSSL_add_all_algorithms diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index fe8bcda631..581e8f7fa2 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -85,16 +85,24 @@ IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, NULL) static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) { + const unsigned char *iv, int enc) + { + int ret; if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE || enc) - AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); else - AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + + if(ret < 0) + { + EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED); + return 0; + } return 1; -} + } #endif diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 077860e7b6..95a9d68ac7 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -85,7 +85,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { BLOCK_CIPHER_ecb_loop() - DES_ecb3_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), + DES_ecb3_encrypt(in + i,out + i, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt); diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 45a25f968d..daf181ff8f 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -823,6 +823,7 @@ void ERR_load_EVP_strings(void); /* Error codes for the EVP functions. */ /* Function codes. */ +#define EVP_F_AES_INIT_KEY 129 #define EVP_F_D2I_PKEY 100 #define EVP_F_EVP_CIPHERINIT 123 #define EVP_F_EVP_CIPHER_CTX_CTRL 124 @@ -853,6 +854,7 @@ void ERR_load_EVP_strings(void); #define EVP_F_RC5_CTRL 125 /* Reason codes. */ +#define EVP_R_AES_KEY_SETUP_FAILED 140 #define EVP_R_BAD_BLOCK_LENGTH 136 #define EVP_R_BAD_DECRYPT 100 #define EVP_R_BAD_KEY_LENGTH 137 diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 3a23d21c21..be6d442521 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* crypto/evp/evp_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -66,6 +66,7 @@ #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA EVP_str_functs[]= { +{ERR_PACK(0,EVP_F_AES_INIT_KEY,0), "AES_INIT_KEY"}, {ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, {ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"}, {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"}, @@ -99,6 +100,7 @@ static ERR_STRING_DATA EVP_str_functs[]= static ERR_STRING_DATA EVP_str_reasons[]= { +{EVP_R_AES_KEY_SETUP_FAILED ,"aes key setup failed"}, {EVP_R_BAD_BLOCK_LENGTH ,"bad block length"}, {EVP_R_BAD_DECRYPT ,"bad decrypt"}, {EVP_R_BAD_KEY_LENGTH ,"bad key length"}, diff --git a/crypto/md32_common.h b/crypto/md32_common.h index 573850b122..6d65c52fcd 100644 --- a/crypto/md32_common.h +++ b/crypto/md32_common.h @@ -128,6 +128,9 @@ * */ +#include +#include + #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) #error "DATA_ORDER must be defined!" #endif @@ -555,6 +558,14 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) static const unsigned char end[4]={0x80,0x00,0x00,0x00}; const unsigned char *cp=end; +#ifdef FIPS + if(FIPS_mode) + { + FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); + return 0; + } +#endif + /* c->num should definitly have room for at least one more byte. */ p=c->data; i=c->num>>2; diff --git a/crypto/md4/Makefile.ssl b/crypto/md4/Makefile.ssl index 4d2d7369e6..0b81e6fe36 100644 --- a/crypto/md4/Makefile.ssl +++ b/crypto/md4/Makefile.ssl @@ -80,10 +80,13 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h -md4_dgst.o: ../../include/openssl/opensslconf.h -md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c -md4_dgst.o: md4_locl.h +md4_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +md4_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h +md4_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +md4_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +md4_dgst.o: ../md32_common.h md4_dgst.c md4_locl.h md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h diff --git a/crypto/md5/Makefile.ssl b/crypto/md5/Makefile.ssl index 2d4df972ff..55d2cd9b0b 100644 --- a/crypto/md5/Makefile.ssl +++ b/crypto/md5/Makefile.ssl @@ -116,10 +116,13 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h -md5_dgst.o: ../../include/openssl/opensslconf.h -md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c -md5_dgst.o: md5_locl.h +md5_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +md5_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h +md5_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +md5_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +md5_dgst.o: ../md32_common.h md5_dgst.c md5_locl.h md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h diff --git a/crypto/rand/Makefile.ssl b/crypto/rand/Makefile.ssl index b25421e3ab..a89912c3a4 100644 --- a/crypto/rand/Makefile.ssl +++ b/crypto/rand/Makefile.ssl @@ -88,19 +88,19 @@ md_rand.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h md_rand.o: ../../include/openssl/des.h ../../include/openssl/des_old.h md_rand.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -md_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -md_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h -md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -md_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h -md_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -md_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -md_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -md_rand.o: md_rand.c rand_lcl.h +md_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +md_rand.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +md_rand.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +md_rand.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +md_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +md_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +md_rand.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +md_rand.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +md_rand.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +md_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +md_rand.o: ../../include/openssl/ui_compat.h md_rand.c rand_lcl.h rand_egd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h rand_egd.o: rand_egd.c @@ -114,15 +114,17 @@ rand_err.o: rand_err.c rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rand_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rand_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h rand_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -rand_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +rand_lib.o: ../../include/openssl/err.h ../../include/openssl/fips.h +rand_lib.o: ../../include/openssl/fips_rand.h ../../include/openssl/lhash.h rand_lib.o: ../../include/openssl/opensslconf.h rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rand_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -rand_lib.o: ../cryptlib.h rand_lib.c +rand_lib.o: ../../include/openssl/ui_compat.h ../cryptlib.h rand_lib.c rand_os2.o: ../../e_os.h ../../include/openssl/aes.h rand_os2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rand_os2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index eeffc0df4c..4fdb7005d3 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -126,6 +126,7 @@ #include #include +#include #ifdef BN_DEBUG # define PREDICT @@ -332,6 +333,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) #endif int do_stir_pool = 0; +#ifdef FIPS + if(FIPS_mode) + { + FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD); + return 0; + } +#endif + #ifdef PREDICT if (rand_predictable) { diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h index 606382dd21..4b998000c8 100644 --- a/crypto/rand/rand.h +++ b/crypto/rand/rand.h @@ -121,10 +121,12 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ /* Function codes. */ +#define RAND_F_FIPS_RAND_BYTES 102 #define RAND_F_RAND_GET_RAND_METHOD 101 #define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ +#define RAND_R_NON_FIPS_METHOD 101 #define RAND_R_PRNG_NOT_SEEDED 100 #ifdef __cplusplus diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c index b77267e213..774ed4df86 100644 --- a/crypto/rand/rand_err.c +++ b/crypto/rand/rand_err.c @@ -1,6 +1,6 @@ /* crypto/rand/rand_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -66,6 +66,7 @@ #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA RAND_str_functs[]= { +{ERR_PACK(0,RAND_F_FIPS_RAND_BYTES,0), "FIPS_RAND_BYTES"}, {ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0), "RAND_get_rand_method"}, {ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"}, {0,NULL} @@ -73,6 +74,7 @@ static ERR_STRING_DATA RAND_str_functs[]= static ERR_STRING_DATA RAND_str_reasons[]= { +{RAND_R_NON_FIPS_METHOD ,"non fips method"}, {RAND_R_PRNG_NOT_SEEDED ,"PRNG not seeded"}, {0,NULL} }; diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 513e338985..9b6943e07e 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -63,6 +63,8 @@ #ifndef OPENSSL_NO_ENGINE #include #endif +#include +#include #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ @@ -85,6 +87,15 @@ int RAND_set_rand_method(const RAND_METHOD *meth) const RAND_METHOD *RAND_get_rand_method(void) { +#ifdef FIPS + if(FIPS_mode && default_RAND_meth != FIPS_rand_check) + { + RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD); + return 0; + } +#endif + + if (!default_RAND_meth) { #ifndef OPENSSL_NO_ENGINE diff --git a/crypto/ripemd/Makefile.ssl b/crypto/ripemd/Makefile.ssl index 3583dfdcaf..67fd7f8134 100644 --- a/crypto/ripemd/Makefile.ssl +++ b/crypto/ripemd/Makefile.ssl @@ -97,9 +97,14 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +rmd_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +rmd_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +rmd_dgst.o: ../../include/openssl/opensslconf.h rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h -rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h +rmd_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +rmd_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h rmd_dgst.c +rmd_dgst.o: rmd_locl.h rmdconst.h rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h rmd_one.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h diff --git a/crypto/sha/Makefile.ssl b/crypto/sha/Makefile.ssl index 864645c8b5..37555715fd 100644 --- a/crypto/sha/Makefile.ssl +++ b/crypto/sha/Makefile.ssl @@ -102,12 +102,22 @@ sha1_one.o: ../../include/openssl/opensslconf.h sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h sha1_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h sha1_one.o: ../../include/openssl/symhacks.h sha1_one.c -sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h -sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h -sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h -sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h +sha1dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +sha1dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +sha1dgst.o: ../../include/openssl/opensslconf.h +sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +sha1dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +sha1dgst.o: ../../include/openssl/symhacks.h ../md32_common.h sha1dgst.c +sha1dgst.o: sha_locl.h +sha_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +sha_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +sha_dgst.o: ../../include/openssl/opensslconf.h +sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h +sha_dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +sha_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h sha_dgst.c +sha_dgst.o: sha_locl.h sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h diff --git a/fips/.cvsignore b/fips/.cvsignore new file mode 100644 index 0000000000..28e1e24d19 --- /dev/null +++ b/fips/.cvsignore @@ -0,0 +1 @@ +Makefile.save diff --git a/fips/Makefile.ssl b/fips/Makefile.ssl new file mode 100644 index 0000000000..c4984c04b4 --- /dev/null +++ b/fips/Makefile.ssl @@ -0,0 +1,155 @@ +# +# SSLeay/fips/Makefile +# + +DIR= fips +TOP= .. +CC= cc +INCLUDE= -I. -I$(TOP) -I../include +INCLUDES= -I.. -I../.. -I../../include +CFLAG= -g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP= /usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile.ssl +RM= rm -f +AR= ar r + +PEX_LIBS= +EX_LIBS= + +CFLAGS= $(INCLUDE) $(CFLAG) + + +LIBS= + +FDIRS=rand sha1 aes dsa + +GENERAL=Makefile README fips-lib.com install.com + +LIB= $(TOP)/libcrypto.a +SHARED_LIB= libcrypto$(SHLIB_EXT) +LIBSRC=fips.c fips_err.c +LIBOBJ=fips.o fips_err.o + +SRC= $(LIBSRC) + +EXHEADER=fips.h +HEADER=$(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + @(cd ..; $(MAKE) DIRS=$(DIR) all) + +all: check lib subdirs shared + +check: + TOP=`pwd`/$(TOP) ./fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER) + +subdirs: + @for i in $(FDIRS) ;\ + do \ + (cd $$i && echo "making all in fips/$$i..." && \ + $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \ + done; + +files: + $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + @for i in $(FDIRS) ;\ + do \ + (cd $$i && echo "making 'files' in fips/$$i..." && \ + $(MAKE) PERL='${PERL}' files ); \ + done; + +links: + @$(TOP)/util/point.sh Makefile.ssl Makefile + @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) + @for i in $(FDIRS); do \ + (cd $$i && echo "making links in fips/$$i..." && \ + $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \ + done; + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +shared: + if [ -n "$(SHARED_LIBS)" ]; then \ + (cd ..; $(MAKE) $(SHARED_LIB)); \ + fi + +libs: + @for i in $(FDIRS) ;\ + do \ + (cd $$i && echo "making libs in fips/$$i..." && \ + $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \ + done; + +tests: + @for i in $(FDIRS) ;\ + do \ + (cd $$i && echo "making tests in fips/$$i..." && \ + $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \ + done; + +install: + @for i in $(EXHEADER) ;\ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + @for i in $(FDIRS) ;\ + do \ + (cd $$i && echo "making install in fips/$$i..." && \ + $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \ + done; + +lint: + @for i in $(FDIRS) ;\ + do \ + (cd $$i && echo "making lint in fips/$$i..." && \ + $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \ + done; + +depend: + if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + if [ ! -s buildinf.h ]; then rm buildinf.h; fi + @for i in $(FDIRS) ;\ + do \ + (cd $$i && echo "making depend in fips/$$i..." && \ + $(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ); \ + done; + +clean: + rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + @for i in $(FDIRS) ;\ + do \ + (cd $$i && echo "making clean in fips/$$i..." && \ + $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \ + done; + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + @for i in $(FDIRS) ;\ + do \ + (cd $$i && echo "making dclean in fips/$$i..." && \ + $(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \ + done; + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +fips.o: ../include/openssl/crypto.h ../include/openssl/des.h +fips.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h +fips.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h +fips.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +fips.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +fips.o: ../include/openssl/safestack.h ../include/openssl/stack.h +fips.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +fips.o: ../include/openssl/ui_compat.h fips.c diff --git a/fips/aes/.cvsignore b/fips/aes/.cvsignore new file mode 100644 index 0000000000..5963d4fb60 --- /dev/null +++ b/fips/aes/.cvsignore @@ -0,0 +1,4 @@ +lib +fips_aesavs +testlist +Makefile.save diff --git a/fips/aes/Makefile.ssl b/fips/aes/Makefile.ssl new file mode 100644 index 0000000000..17be33cbf6 --- /dev/null +++ b/fips/aes/Makefile.ssl @@ -0,0 +1,95 @@ +# +# SSLeay/fips/sha1/Makefile +# + +DIR= aes +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST=fips_aesavs.c fips_aes_data +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=fips_aes_core.c +LIBOBJ=fips_aes_core.o + +SRC= $(LIBSRC) + +EXHEADER= +HEADER= $(EXHEADER) fips_aes_locl.h + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all) + +all: check lib fips_aesavs + +check: + TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER) + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + @$(TOP)/util/point.sh Makefile.ssl Makefile + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +fips_aesavs: fips_aesavs.o + $(CC) $(CFLAGS) -o fips_aesavs fips_aesavs.o ../../libcrypto.a + +fips_test: top + find ../testvectors/aes/req -name '*.req' > testlist + -rm -rf ../testvectors/aes/rsp + mkdir ../testvectors/aes/rsp + ./fips_aesavs -d testlist + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff +# DO NOT DELETE THIS LINE -- make depend depends on it. + +fips_aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h +fips_aes_core.o: ../../include/openssl/opensslconf.h fips_aes_core.c +fips_aes_core.o: fips_aes_locl.h diff --git a/fips/aes/fingerprint.sha1 b/fips/aes/fingerprint.sha1 new file mode 100644 index 0000000000..0d4eeddb0e --- /dev/null +++ b/fips/aes/fingerprint.sha1 @@ -0,0 +1,2 @@ +SHA1(fips_aes_core.c)= 5298df7807877eed470a1ee5f8331fc0876689da +SHA1(fips_aes_locl.h)= a3c01d9a4f9d5211e9e785852f6f1a2febfd73b6 diff --git a/fips/aes/fips_aes_core.c b/fips/aes/fips_aes_core.c new file mode 100644 index 0000000000..1d3481efd4 --- /dev/null +++ b/fips/aes/fips_aes_core.c @@ -0,0 +1,1260 @@ +/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */ +/** + * rijndael-alg-fst.c + * + * @version 3.0 (December 2000) + * + * Optimised ANSI C code for the Rijndael cipher (now AES) + * + * @author Vincent Rijmen + * @author Antoon Bosselaers + * @author Paulo Barreto + * + * This code is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* Note: rewritten a little bit to provide error control and an OpenSSL- + compatible API */ + +#ifndef AES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include + +#include +#include +#include "fips_aes_locl.h" + +#ifdef FIPS + +/* +Te0[x] = S [x].[02, 01, 01, 03]; +Te1[x] = S [x].[03, 02, 01, 01]; +Te2[x] = S [x].[01, 03, 02, 01]; +Te3[x] = S [x].[01, 01, 03, 02]; +Te4[x] = S [x].[01, 01, 01, 01]; + +Td0[x] = Si[x].[0e, 09, 0d, 0b]; +Td1[x] = Si[x].[0b, 0e, 09, 0d]; +Td2[x] = Si[x].[0d, 0b, 0e, 09]; +Td3[x] = Si[x].[09, 0d, 0b, 0e]; +Td4[x] = Si[x].[01, 01, 01, 01]; +*/ + +static const u32 Te0[256] = { + 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, + 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, + 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, + 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, + 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, + 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, + 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, + 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, + 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, + 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, + 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, + 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, + 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, + 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, + 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, + 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, + 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, + 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, + 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, + 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, + 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, + 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, + 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, + 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, + 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, + 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, + 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, + 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, + 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, + 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, + 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, + 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, + 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, + 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, + 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, + 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, + 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, + 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, + 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, + 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, + 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, + 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, + 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, + 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, + 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, + 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, + 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, + 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, + 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, + 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, + 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, + 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, + 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, + 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, + 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, + 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, + 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, + 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, + 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, + 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, + 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, + 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, + 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, + 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, +}; +static const u32 Te1[256] = { + 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, + 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, + 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, + 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, + 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, + 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, + 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, + 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, + 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, + 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, + 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, + 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, + 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, + 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, + 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, + 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, + 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, + 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, + 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, + 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, + 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, + 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, + 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, + 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, + 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, + 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, + 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, + 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, + 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, + 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, + 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, + 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, + 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, + 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, + 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, + 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, + 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, + 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, + 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, + 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, + 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, + 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, + 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, + 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, + 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, + 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, + 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, + 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, + 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, + 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, + 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, + 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, + 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, + 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, + 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, + 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, + 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, + 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, + 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, + 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, + 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, + 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, + 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, + 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, +}; +static const u32 Te2[256] = { + 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, + 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, + 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, + 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, + 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, + 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, + 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, + 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, + 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, + 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, + 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, + 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, + 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, + 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, + 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, + 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, + 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, + 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, + 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, + 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, + 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, + 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, + 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, + 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, + 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, + 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, + 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, + 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, + 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, + 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, + 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, + 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, + 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, + 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, + 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, + 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, + 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, + 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, + 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, + 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, + 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, + 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, + 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, + 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, + 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, + 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, + 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, + 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, + 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, + 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, + 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, + 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, + 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, + 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, + 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, + 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, + 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, + 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, + 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, + 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, + 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, + 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, + 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, + 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, +}; +static const u32 Te3[256] = { + + 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, + 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, + 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, + 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, + 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, + 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, + 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, + 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, + 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, + 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, + 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, + 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, + 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, + 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, + 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, + 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, + 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, + 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, + 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, + 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, + 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, + 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, + 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, + 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, + 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, + 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, + 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, + 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, + 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, + 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, + 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, + 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, + 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, + 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, + 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, + 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, + 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, + 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, + 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, + 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, + 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, + 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, + 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, + 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, + 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, + 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, + 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, + 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, + 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, + 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, + 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, + 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, + 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, + 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, + 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, + 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, + 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, + 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, + 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, + 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, + 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, + 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, + 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, + 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, +}; +static const u32 Te4[256] = { + 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, + 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, + 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, + 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, + 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, + 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, + 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, + 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, + 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, + 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, + 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, + 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, + 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, + 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, + 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, + 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, + 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, + 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, + 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, + 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, + 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, + 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, + 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, + 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, + 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, + 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, + 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, + 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, + 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, + 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, + 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, + 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, + 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, + 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, + 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, + 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, + 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, + 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, + 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, + 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, + 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, + 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, + 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, + 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, + 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, + 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, + 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, + 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, + 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, + 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, + 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, + 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, + 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, + 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, + 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, + 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, + 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, + 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, + 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, + 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, + 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, + 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, + 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, + 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, +}; +static const u32 Td0[256] = { + 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, + 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, + 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, + 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, + 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, + 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, + 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, + 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, + 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, + 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, + 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, + 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, + 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, + 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, + 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, + 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, + 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, + 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, + 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, + 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, + 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, + 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, + 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, + 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, + 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, + 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, + 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, + 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, + 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, + 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, + 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, + 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, + 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, + 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, + 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, + 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, + 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, + 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, + 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, + 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, + 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, + 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, + 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, + 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, + 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, + 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, + 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, + 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, + 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, + 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, + 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, + 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, + 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, + 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, + 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, + 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, + 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, + 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, + 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, + 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, + 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, + 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, + 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, + 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, +}; +static const u32 Td1[256] = { + 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, + 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, + 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, + 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, + 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, + 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, + 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, + 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, + 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, + 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, + 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, + 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, + 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, + 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, + 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, + 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, + 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, + 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, + 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, + 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, + 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, + 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, + 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, + 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, + 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, + 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, + 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, + 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, + 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, + 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, + 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, + 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, + 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, + 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, + 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, + 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, + 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, + 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, + 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, + 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, + 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, + 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, + 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, + 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, + 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, + 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, + 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, + 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, + 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, + 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, + 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, + 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, + 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, + 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, + 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, + 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, + 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, + 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, + 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, + 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, + 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, + 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, + 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, + 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, +}; +static const u32 Td2[256] = { + 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, + 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, + 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, + 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, + 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, + 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, + 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, + 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, + 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, + 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, + 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, + 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, + 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, + 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, + 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, + 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, + 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, + 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, + 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, + 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, + + 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, + 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, + 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, + 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, + 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, + 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, + 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, + 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, + 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, + 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, + 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, + 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, + 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, + 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, + 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, + 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, + 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, + 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, + 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, + 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, + 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, + 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, + 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, + 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, + 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, + 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, + 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, + 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, + 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, + 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, + 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, + 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, + 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, + 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, + 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, + 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, + 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, + 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, + 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, + 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, + 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, + 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, + 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, + 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, +}; +static const u32 Td3[256] = { + 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, + 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, + 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, + 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, + 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, + 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, + 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, + 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, + 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, + 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, + 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, + 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, + 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, + 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, + 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, + 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, + 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, + 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, + 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, + 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, + 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, + 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, + 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, + 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, + 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, + 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, + 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, + 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, + 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, + 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, + 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, + 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, + 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, + 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, + 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, + 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, + 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, + 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, + 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, + 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, + 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, + 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, + 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, + 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, + 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, + 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, + 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, + 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, + 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, + 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, + 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, + 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, + 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, + 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, + 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, + 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, + 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, + 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, + 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, + 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, + 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, + 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, + 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, + 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, +}; +static const u32 Td4[256] = { + 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, + 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, + 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, + 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, + 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, + 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, + 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, + 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, + 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, + 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, + 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, + 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, + 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, + 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, + 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, + 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, + 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, + 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, + 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, + 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, + 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, + 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, + 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, + 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, + 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, + 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, + 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, + 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, + 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, + 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, + 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, + 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, + 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, + 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, + 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, + 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, + 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, + 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, + 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, + 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, + 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, + 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, + 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, + 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, + 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, + 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, + 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, + 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, + 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, + 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, + 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, + 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, + 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, + 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, + 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, + 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, + 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, + 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, + 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, + 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, + 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, + 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, + 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, + 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU, +}; +static const u32 rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000, + 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ +}; + +/** + * Expand the cipher key into the encryption key schedule. + */ +int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key) { + + u32 *rk; + int i = 0; + u32 temp; + + if (!userKey || !key) + return -1; + if (bits != 128 && bits != 192 && bits != 256) + return -2; + + rk = key->rd_key; + + if (bits==128) + key->rounds = 10; + else if (bits==192) + key->rounds = 12; + else + key->rounds = 14; + + rk[0] = GETU32(userKey ); + rk[1] = GETU32(userKey + 4); + rk[2] = GETU32(userKey + 8); + rk[3] = GETU32(userKey + 12); + if (bits == 128) { + while (1) { + temp = rk[3]; + rk[4] = rk[0] ^ + (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te4[(temp ) & 0xff] & 0x0000ff00) ^ + (Te4[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + if (++i == 10) { + return 0; + } + rk += 4; + } + } + rk[4] = GETU32(userKey + 16); + rk[5] = GETU32(userKey + 20); + if (bits == 192) { + while (1) { + temp = rk[ 5]; + rk[ 6] = rk[ 0] ^ + (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te4[(temp ) & 0xff] & 0x0000ff00) ^ + (Te4[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[ 7] = rk[ 1] ^ rk[ 6]; + rk[ 8] = rk[ 2] ^ rk[ 7]; + rk[ 9] = rk[ 3] ^ rk[ 8]; + if (++i == 8) { + return 0; + } + rk[10] = rk[ 4] ^ rk[ 9]; + rk[11] = rk[ 5] ^ rk[10]; + rk += 6; + } + } + rk[6] = GETU32(userKey + 24); + rk[7] = GETU32(userKey + 28); + if (bits == 256) { + while (1) { + temp = rk[ 7]; + rk[ 8] = rk[ 0] ^ + (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te4[(temp ) & 0xff] & 0x0000ff00) ^ + (Te4[(temp >> 24) ] & 0x000000ff) ^ + rcon[i]; + rk[ 9] = rk[ 1] ^ rk[ 8]; + rk[10] = rk[ 2] ^ rk[ 9]; + rk[11] = rk[ 3] ^ rk[10]; + if (++i == 7) { + return 0; + } + temp = rk[11]; + rk[12] = rk[ 4] ^ + (Te4[(temp >> 24) ] & 0xff000000) ^ + (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(temp ) & 0xff] & 0x000000ff); + rk[13] = rk[ 5] ^ rk[12]; + rk[14] = rk[ 6] ^ rk[13]; + rk[15] = rk[ 7] ^ rk[14]; + + rk += 8; + } + } + return 0; +} + +/** + * Expand the cipher key into the decryption key schedule. + */ +int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key) { + + u32 *rk; + int i, j, status; + u32 temp; + + /* first, start with an encryption schedule */ + status = AES_set_encrypt_key(userKey, bits, key); + if (status < 0) + return status; + + rk = key->rd_key; + + /* invert the order of the round keys: */ + for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { + temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; + temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; + temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; + temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; + } + /* apply the inverse MixColumn transform to all round keys but the first and the last: */ + for (i = 1; i < (key->rounds); i++) { + rk += 4; + rk[0] = + Td0[Te4[(rk[0] >> 24) ] & 0xff] ^ + Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[0] ) & 0xff] & 0xff]; + rk[1] = + Td0[Te4[(rk[1] >> 24) ] & 0xff] ^ + Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[1] ) & 0xff] & 0xff]; + rk[2] = + Td0[Te4[(rk[2] >> 24) ] & 0xff] ^ + Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[2] ) & 0xff] & 0xff]; + rk[3] = + Td0[Te4[(rk[3] >> 24) ] & 0xff] ^ + Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ + Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ + Td3[Te4[(rk[3] ) & 0xff] & 0xff]; + } + return 0; +} + +/* + * Encrypt a single block + * in and out can overlap + */ +void AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key) { + + const u32 *rk; + u32 s0, s1, s2, s3, t0, t1, t2, t3; +#ifndef FULL_UNROLL + int r; +#endif /* ?FULL_UNROLL */ + + assert(in && out && key); + rk = key->rd_key; + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(in ) ^ rk[0]; + s1 = GETU32(in + 4) ^ rk[1]; + s2 = GETU32(in + 8) ^ rk[2]; + s3 = GETU32(in + 12) ^ rk[3]; +#ifdef FULL_UNROLL + /* round 1: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; + /* round 2: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; + /* round 3: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; + /* round 4: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; + /* round 5: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; + /* round 6: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; + /* round 7: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; + /* round 8: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; + /* round 9: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; + if (key->rounds > 10) { + /* round 10: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43]; + /* round 11: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47]; + if (key->rounds > 12) { + /* round 12: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51]; + /* round 13: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55]; + } + } + rk += key->rounds << 2; +#else /* !FULL_UNROLL */ + /* + * Nr - 1 full rounds: + */ + r = key->rounds >> 1; + for (;;) { + t0 = + Te0[(s0 >> 24) ] ^ + Te1[(s1 >> 16) & 0xff] ^ + Te2[(s2 >> 8) & 0xff] ^ + Te3[(s3 ) & 0xff] ^ + rk[4]; + t1 = + Te0[(s1 >> 24) ] ^ + Te1[(s2 >> 16) & 0xff] ^ + Te2[(s3 >> 8) & 0xff] ^ + Te3[(s0 ) & 0xff] ^ + rk[5]; + t2 = + Te0[(s2 >> 24) ] ^ + Te1[(s3 >> 16) & 0xff] ^ + Te2[(s0 >> 8) & 0xff] ^ + Te3[(s1 ) & 0xff] ^ + rk[6]; + t3 = + Te0[(s3 >> 24) ] ^ + Te1[(s0 >> 16) & 0xff] ^ + Te2[(s1 >> 8) & 0xff] ^ + Te3[(s2 ) & 0xff] ^ + rk[7]; + + rk += 8; + if (--r == 0) { + break; + } + + s0 = + Te0[(t0 >> 24) ] ^ + Te1[(t1 >> 16) & 0xff] ^ + Te2[(t2 >> 8) & 0xff] ^ + Te3[(t3 ) & 0xff] ^ + rk[0]; + s1 = + Te0[(t1 >> 24) ] ^ + Te1[(t2 >> 16) & 0xff] ^ + Te2[(t3 >> 8) & 0xff] ^ + Te3[(t0 ) & 0xff] ^ + rk[1]; + s2 = + Te0[(t2 >> 24) ] ^ + Te1[(t3 >> 16) & 0xff] ^ + Te2[(t0 >> 8) & 0xff] ^ + Te3[(t1 ) & 0xff] ^ + rk[2]; + s3 = + Te0[(t3 >> 24) ] ^ + Te1[(t0 >> 16) & 0xff] ^ + Te2[(t1 >> 8) & 0xff] ^ + Te3[(t2 ) & 0xff] ^ + rk[3]; + } +#endif /* ?FULL_UNROLL */ + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = + (Te4[(t0 >> 24) ] & 0xff000000) ^ + (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t3 ) & 0xff] & 0x000000ff) ^ + rk[0]; + PUTU32(out , s0); + s1 = + (Te4[(t1 >> 24) ] & 0xff000000) ^ + (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t0 ) & 0xff] & 0x000000ff) ^ + rk[1]; + PUTU32(out + 4, s1); + s2 = + (Te4[(t2 >> 24) ] & 0xff000000) ^ + (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t1 ) & 0xff] & 0x000000ff) ^ + rk[2]; + PUTU32(out + 8, s2); + s3 = + (Te4[(t3 >> 24) ] & 0xff000000) ^ + (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Te4[(t2 ) & 0xff] & 0x000000ff) ^ + rk[3]; + PUTU32(out + 12, s3); +} + +/* + * Decrypt a single block + * in and out can overlap + */ +void AES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key) { + + const u32 *rk; + u32 s0, s1, s2, s3, t0, t1, t2, t3; +#ifndef FULL_UNROLL + int r; +#endif /* ?FULL_UNROLL */ + + assert(in && out && key); + rk = key->rd_key; + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(in ) ^ rk[0]; + s1 = GETU32(in + 4) ^ rk[1]; + s2 = GETU32(in + 8) ^ rk[2]; + s3 = GETU32(in + 12) ^ rk[3]; +#ifdef FULL_UNROLL + /* round 1: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7]; + /* round 2: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11]; + /* round 3: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15]; + /* round 4: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19]; + /* round 5: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23]; + /* round 6: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27]; + /* round 7: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31]; + /* round 8: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35]; + /* round 9: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39]; + if (key->rounds > 10) { + /* round 10: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43]; + /* round 11: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47]; + if (key->rounds > 12) { + /* round 12: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51]; + /* round 13: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; + } + } + rk += key->rounds << 2; +#else /* !FULL_UNROLL */ + /* + * Nr - 1 full rounds: + */ + r = key->rounds >> 1; + for (;;) { + t0 = + Td0[(s0 >> 24) ] ^ + Td1[(s3 >> 16) & 0xff] ^ + Td2[(s2 >> 8) & 0xff] ^ + Td3[(s1 ) & 0xff] ^ + rk[4]; + t1 = + Td0[(s1 >> 24) ] ^ + Td1[(s0 >> 16) & 0xff] ^ + Td2[(s3 >> 8) & 0xff] ^ + Td3[(s2 ) & 0xff] ^ + rk[5]; + t2 = + Td0[(s2 >> 24) ] ^ + Td1[(s1 >> 16) & 0xff] ^ + Td2[(s0 >> 8) & 0xff] ^ + Td3[(s3 ) & 0xff] ^ + rk[6]; + t3 = + Td0[(s3 >> 24) ] ^ + Td1[(s2 >> 16) & 0xff] ^ + Td2[(s1 >> 8) & 0xff] ^ + Td3[(s0 ) & 0xff] ^ + rk[7]; + + rk += 8; + if (--r == 0) { + break; + } + + s0 = + Td0[(t0 >> 24) ] ^ + Td1[(t3 >> 16) & 0xff] ^ + Td2[(t2 >> 8) & 0xff] ^ + Td3[(t1 ) & 0xff] ^ + rk[0]; + s1 = + Td0[(t1 >> 24) ] ^ + Td1[(t0 >> 16) & 0xff] ^ + Td2[(t3 >> 8) & 0xff] ^ + Td3[(t2 ) & 0xff] ^ + rk[1]; + s2 = + Td0[(t2 >> 24) ] ^ + Td1[(t1 >> 16) & 0xff] ^ + Td2[(t0 >> 8) & 0xff] ^ + Td3[(t3 ) & 0xff] ^ + rk[2]; + s3 = + Td0[(t3 >> 24) ] ^ + Td1[(t2 >> 16) & 0xff] ^ + Td2[(t1 >> 8) & 0xff] ^ + Td3[(t0 ) & 0xff] ^ + rk[3]; + } +#endif /* ?FULL_UNROLL */ + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = + (Td4[(t0 >> 24) ] & 0xff000000) ^ + (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t1 ) & 0xff] & 0x000000ff) ^ + rk[0]; + PUTU32(out , s0); + s1 = + (Td4[(t1 >> 24) ] & 0xff000000) ^ + (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t2 ) & 0xff] & 0x000000ff) ^ + rk[1]; + PUTU32(out + 4, s1); + s2 = + (Td4[(t2 >> 24) ] & 0xff000000) ^ + (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t3 ) & 0xff] & 0x000000ff) ^ + rk[2]; + PUTU32(out + 8, s2); + s3 = + (Td4[(t3 >> 24) ] & 0xff000000) ^ + (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t0 ) & 0xff] & 0x000000ff) ^ + rk[3]; + PUTU32(out + 12, s3); +} + +#endif /* def FIPS */ diff --git a/fips/aes/fips_aes_locl.h b/fips/aes/fips_aes_locl.h new file mode 100644 index 0000000000..f290946058 --- /dev/null +++ b/fips/aes/fips_aes_locl.h @@ -0,0 +1,85 @@ +/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#ifndef HEADER_AES_LOCL_H +#define HEADER_AES_LOCL_H + +#include + +#ifdef OPENSSL_NO_AES +#error AES is disabled. +#endif + +#include +#include +#include + +#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE) +# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) +# define GETU32(p) SWAP(*((u32 *)(p))) +# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } +#else +# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) +# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } +#endif + +typedef unsigned long u32; +typedef unsigned short u16; +typedef unsigned char u8; + +#define MAXKC (256/32) +#define MAXKB (256/8) +#define MAXNR 14 + +/* This controls loop-unrolling in aes_core.c */ +#undef FULL_UNROLL + +#endif /* !HEADER_AES_LOCL_H */ diff --git a/fips/aes/fips_aesavs.c b/fips/aes/fips_aesavs.c new file mode 100644 index 0000000000..5ea8731247 --- /dev/null +++ b/fips/aes/fips_aesavs.c @@ -0,0 +1,896 @@ +/*--------------------------------------------- + NIST AES Algorithm Validation Suite + Test Program + + Copyright + V-ONE Corporation + 20250 Century Blvd, Suite 300 + Germantown, MD 20874 + U.S.A. + ----------------------------------------------*/ + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#define AES_BLOCK_SIZE 16 + +#define VERBOSE 0 + +/*-----------------------------------------------*/ + +int AESTest(EVP_CIPHER_CTX *ctx, + char *amode, int akeysz, unsigned char *aKey, + unsigned char *iVec, + int dir, /* 0 = decrypt, 1 = encrypt */ + char *plaintext, unsigned char *ciphertext, int len) + { + const EVP_CIPHER *cipher = NULL; + int ret = 1; + int kt = 0; + + if (ctx) + memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); + + if (strcasecmp(amode, "CBC") == 0) + kt = 1000; + else if (strcasecmp(amode, "ECB") == 0) + kt = 2000; + else if (strncasecmp(amode, "CFB", 3) == 0) + kt = 3000; + else if (strncasecmp(amode, "OFB", 3) == 0) + kt = 4000; + else + { + printf("Unknown mode: %s\n", amode); + ret = 0; + } + if (ret) + { + if ((akeysz != 128) && (akeysz != 192) && (akeysz != 256)) + { + printf("Invalid key size: %d\n", akeysz); + ret = 0; + } + else + { + kt += akeysz; + switch (kt) + { + case 1128: /* CBC 128 */ + cipher = EVP_aes_128_cbc(); + break; + case 1192: /* CBC 192 */ + cipher = EVP_aes_192_cbc(); + break; + case 1256: /* CBC 256 */ + cipher = EVP_aes_256_cbc(); + break; + case 2128: /* ECB 128 */ + cipher = EVP_aes_128_ecb(); + break; + case 2192: /* ECB 192 */ + cipher = EVP_aes_192_ecb(); + break; + case 2256: /* ECB 256 */ + cipher = EVP_aes_256_ecb(); + break; + case 3128: /* CFB 128 */ + cipher = EVP_aes_128_cfb(); + break; + case 3192: /* CFB 192 */ + cipher = EVP_aes_192_cfb(); + break; + case 3256: /* CFB 256 */ + cipher = EVP_aes_256_cfb(); + break; + case 4128: /* OFB 128 */ + cipher = EVP_aes_128_ofb(); + break; + case 4192: /* OFB 192 */ + cipher = EVP_aes_192_ofb(); + break; + case 4256: /* OFB 256 */ + cipher = EVP_aes_256_ofb(); + break; + } + if (dir) + { /* encrypt */ + if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_ENCRYPT)) + { + ERR_print_errors_fp(stderr); + exit(1); + } + + EVP_Cipher(ctx, ciphertext, (unsigned char*)plaintext, len); + } + else + { /* decrypt */ + if(!EVP_CipherInit(ctx, cipher, aKey, iVec, AES_DECRYPT)) + { + ERR_print_errors_fp(stderr); + exit(1); + } + EVP_Cipher(ctx, (unsigned char*)plaintext, ciphertext, len); + } + } + } + return ret; + } + +/*-----------------------------------------------*/ + +int hex2bin(char *in, int len, unsigned char *out) +{ + int n1, n2; + unsigned char ch; + + for (n1 = 0, n2 = 0; n1 < len; ) + { /* first byte */ + if ((in[n1] >= '0') && (in[n1] <= '9')) + ch = in[n1++] - '0'; + else if ((in[n1] >= 'A') && (in[n1] <= 'F')) + ch = in[n1++] - 'A' + 10; + else if ((in[n1] >= 'a') && (in[n1] <= 'f')) + ch = in[n1++] - 'a' + 10; + else + return -1; + if(len == 1) + { + out[n2++]=ch; + break; + } + out[n2] = ch << 4; + /* second byte */ + if ((in[n1] >= '0') && (in[n1] <= '9')) + ch = in[n1++] - '0'; + else if ((in[n1] >= 'A') && (in[n1] <= 'F')) + ch = in[n1++] - 'A' + 10; + else if ((in[n1] >= 'a') && (in[n1] <= 'f')) + ch = in[n1++] - 'a' + 10; + else + return -1; + out[n2++] |= ch; + } + return n2; +} + +/*-----------------------------------------------*/ + +int bin2hex(unsigned char *in, int len, char *out) +{ + int n1, n2; + unsigned char ch; + + for (n1 = 0, n2 = 0; n1 < len; ++n1) + { + /* first nibble */ + ch = in[n1] >> 4; + if (ch <= 0x09) + out[n2++] = ch + '0'; + else + out[n2++] = ch - 10 + 'a'; + /* second nibble */ + ch = in[n1] & 0x0f; + if (ch <= 0x09) + out[n2++] = ch + '0'; + else + out[n2++] = ch - 10 + 'a'; + } + return n2; +} + +/*-----------------------------------------------*/ + +void PrintValue(char *tag, unsigned char *val, int len) +{ +#if VERBOSE + char obuf[2048]; + int olen; + olen = bin2hex(val, len, obuf); + printf("%s = %.*s\n", tag, olen, obuf); +#endif +} + +void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp) +{ + char obuf[2048]; + int olen; + olen = bin2hex(val, len, obuf); + fprintf(rfp, "%s = %.*s\n", tag, olen, obuf); +#if VERBOSE + printf("%s = %.*s\n", tag, olen, obuf); +#endif +} + +/*-----------------------------------------------*/ +char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"}; +char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"}; +enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128}; +enum XCrypt {XDECRYPT, XENCRYPT}; + +/*=============================*/ +/* Monte Carlo Tests */ +/*-----------------------------*/ + +//#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1) +//#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8))) + +#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1) +#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8))) + +int do_mct(char *amode, + int akeysz, unsigned char *aKey,unsigned char *iVec, + int dir, unsigned char *text, int len, + FILE *rfp) + { + int ret = 0; + unsigned char key[101][32]; + unsigned char iv[101][AES_BLOCK_SIZE]; + unsigned char ptext[1001][32]; + unsigned char ctext[1001][32]; + unsigned char ciphertext[64+4]; + int i, j, n, n1, n2; + int imode = 0, nkeysz = akeysz/8; + EVP_CIPHER_CTX ctx; + + if (len > 32) + { + printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n", + amode, akeysz); + return -1; + } + for (imode = 0; imode < 6; ++imode) + if (strcmp(amode, t_mode[imode]) == 0) + break; + if (imode == 6) + { + printf("Unrecognized mode: %s\n", amode); + return -1; + } + + memcpy(key[0], aKey, nkeysz); + if (iVec) + memcpy(iv[0], iVec, AES_BLOCK_SIZE); + if (dir == XENCRYPT) + memcpy(ptext[0], text, len); + else + memcpy(ctext[0], text, len); + for (i = 0; i < 100; ++i) + { + /* printf("Iteration %d\n", i); */ + if (i > 0) + { + OutputValue("KEY", key[i], nkeysz, rfp); + if (imode != ECB) /* ECB */ + OutputValue("IV", iv[i], AES_BLOCK_SIZE, rfp); + /* Output Ciphertext | Plaintext */ + OutputValue(t_tag[dir^1], (dir)? ptext[0]: ctext[0], len, rfp); + } + for (j = 0; j < 1000; ++j) + { + switch (imode) + { + case ECB: + if (j == 0) + { /* set up encryption */ + ret = AESTest(&ctx, amode, akeysz, key[i], NULL, + dir, /* 0 = decrypt, 1 = encrypt */ + (char*)ptext[j], ctext[j], len); + if (dir == XENCRYPT) + memcpy(ptext[j+1], ctext[j], len); + else + memcpy(ctext[j+1], ptext[j], len); + } + else + { + if (dir == XENCRYPT) + { + EVP_Cipher(&ctx, ctext[j], ptext[j], len); + memcpy(ptext[j+1], ctext[j], len); + } + else + { + EVP_Cipher(&ctx, ptext[j], ctext[j], len); + memcpy(ctext[j+1], ptext[j], len); + } + } + break; + + case CBC: + case OFB: + case CFB128: + if (j == 0) + { + ret = AESTest(&ctx, amode, akeysz, key[i], iv[i], + dir, /* 0 = decrypt, 1 = encrypt */ + (char*)ptext[j], ctext[j], len); + if (dir == XENCRYPT) + memcpy(ptext[j+1], iv[i], len); + else + memcpy(ctext[j+1], iv[i], len); + } + else + { + if (dir == XENCRYPT) + { + EVP_Cipher(&ctx, ctext[j], ptext[j], len); + memcpy(ptext[j+1], ctext[j-1], len); + } + else + { + EVP_Cipher(&ctx, ptext[j], ctext[j], len); + memcpy(ctext[j+1], ptext[j-1], len); + } + } + break; + + case CFB8: + if (j == 0) + { + ret = AESTest(&ctx, amode, akeysz, key[i], iv[i], + dir, /* 0 = decrypt, 1 = encrypt */ + (char*)ptext[j], ctext[j], len); + } + else + { + if (dir == XENCRYPT) + EVP_Cipher(&ctx, ctext[j], ptext[j], len); + else + EVP_Cipher(&ctx, ptext[j], ctext[j], len); + } + if (dir == XENCRYPT) + { + if (j < 16) + memcpy(ptext[j+1], &iv[i][j], len); + else + memcpy(ptext[j+1], ctext[j-16], len); + } + else + { + if (j < 16) + memcpy(ctext[j+1], &iv[i][j], len); + else + memcpy(ctext[j+1], ptext[j-16], len); + } + break; + + case CFB1: + if(j == 0) + { + ret=AESTest(&ctx,amode,akeysz,key[i],iv[i],dir, + (char*)ptext[j], ctext[j], len); + } + else + { + if (dir == XENCRYPT) + EVP_Cipher(&ctx, ctext[j], ptext[j], len); + else + EVP_Cipher(&ctx, ptext[j], ctext[j], len); + + } + if(dir == XENCRYPT) + { + if(j < 128) + sb(ptext[j+1],0,gb(iv[i],j)); + else + sb(ptext[j+1],0,gb(ctext[j-128],0)); + } + else + { + if(j < 128) + sb(ctext[j+1],0,gb(iv[i],j)); + else + sb(ctext[j+1],0,gb(ptext[j-128],0)); + } + break; + } + } + --j; /* reset to last of range */ + /* Output Ciphertext | Plaintext */ + if(imode == CFB1) + fprintf(rfp,"%s = %d\n",t_tag[dir],(dir?ctext[j]:ptext[j])[0]&1); + else + OutputValue(t_tag[dir], (dir)?ctext[j]:ptext[j], len, rfp); + fprintf(rfp, "\n"); /* add separator */ + + /* Compute next KEY */ + if (dir == XENCRYPT) + { + if (imode == CFB8) + { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */ + for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2) + ciphertext[n1] = ctext[j-n2][0]; + } + else if(imode == CFB1) + { + for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2) + sb(ciphertext,n1,gb(ctext[j-n2],0)); + } + else + switch (akeysz) + { + case 128: + memcpy(ciphertext, ctext[j], 16); + break; + case 192: + memcpy(ciphertext, ctext[j-1]+8, 8); + memcpy(ciphertext+8, ctext[j], 16); + break; + case 256: + memcpy(ciphertext, ctext[j-1], 16); + memcpy(ciphertext+16, ctext[j], 16); + break; + } + } + else + { + if (imode == CFB8) + { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */ + for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2) + ciphertext[n1] = ptext[j-n2][0]; + } + else if(imode == CFB1) + { + for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2) + sb(ciphertext,n1,gb(ptext[j-n2],0)); + } + else + switch (akeysz) + { + case 128: + memcpy(ciphertext, ptext[j], 16); + break; + case 192: + memcpy(ciphertext, ptext[j-1]+8, 8); + memcpy(ciphertext+8, ptext[j], 16); + break; + case 256: + memcpy(ciphertext, ptext[j-1], 16); + memcpy(ciphertext+16, ptext[j], 16); + break; + } + } + /* Compute next key: Key[i+1] = Key[i] xor ct */ + for (n = 0; n < nkeysz; ++n) + key[i+1][n] = key[i][n] ^ ciphertext[n]; + + /* Compute next IV and text */ + if (dir == XENCRYPT) + { + switch (imode) + { + case ECB: + memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE); + break; + case CBC: + case OFB: + case CFB128: + memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE); + memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE); + break; + case CFB8: + /* IV[i+1] = ct */ + for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2) + iv[i+1][n1] = ctext[j-n2][0]; + ptext[0][0] = ctext[j-16][0]; + break; + case CFB1: + for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2) + sb(iv[i+1],n1,gb(ctext[j-n2],0)); + ptext[0][0]=ctext[j-128][0]&1; + break; + } + } + else + { + switch (imode) + { + case ECB: + memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE); + break; + case CBC: + case OFB: + case CFB128: + memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE); + memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE); + break; + case CFB8: + for (n1 = 0, n2 = 15; n < 16; ++n1, --n2) + iv[i+1][n1] = ptext[j-n2][0]; + ctext[0][0] = ptext[j-16][0]; + break; + case CFB1: + for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2) + sb(iv[i+1],n1,gb(ptext[j-n2],0)); + ctext[0][0]=ptext[j-128][0]&1; + break; + } + } + } + + return ret; + } + +/*================================================*/ +/*---------------------------- + # Config info for v-one + # AESVS MMT test data for ECB + # State : Encrypt and Decrypt + # Key Length : 256 + # Fri Aug 30 04:07:22 PM + ----------------------------*/ + +int proc_file(char *rqfile) +{ + char afn[256], rfn[256]; + FILE *afp = NULL, *rfp = NULL; + char ibuf[2048]; + int ilen, len, ret = 0; + char algo[8] = ""; + char amode[8] = ""; + char atest[8] = ""; + int akeysz = 0; + unsigned char iVec[20], aKey[40]; + int dir = -1, err = 0, step = 0; + char plaintext[2048]; + unsigned char ciphertext[2048]; + char *rp; + EVP_CIPHER_CTX ctx; + + if (!rqfile || !(*rqfile)) + { + printf("No req file\n"); + return -1; + } + strcpy(afn, rqfile); + + if ((afp = fopen(afn, "r")) == NULL) + { + printf("Cannot open file: %s, %s\n", + afn, strerror(errno)); + return -1; + } + strcpy(rfn,afn); + rp=strstr(rfn,"req/"); + assert(rp); + memcpy(rp,"rsp",3); + rp = strstr(rfn, ".req"); + memcpy(rp, ".rsp", 4); + if ((rfp = fopen(rfn, "w")) == NULL) + { + printf("Cannot open file: %s, %s\n", + rfn, strerror(errno)); + fclose(afp); + afp = NULL; + return -1; + } + while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL) + { + ilen = strlen(ibuf); + // printf("step=%d ibuf=%s",step,ibuf); + switch (step) + { + case 0: /* read preamble */ + if (ibuf[0] == '\n') + { /* end of preamble */ + if ((*algo == '\0') || + (*amode == '\0') || + (akeysz == 0)) + { + printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n", + algo,amode,akeysz); + err = 1; + } + else + { + fputs(ibuf, rfp); + ++ step; + } + } + else if (ibuf[0] != '#') + { + printf("Invalid preamble item: %s\n", ibuf); + err = 1; + } + else + { /* process preamble */ + char *xp, *pp = ibuf+2; + int n; + if (akeysz) + { /* insert current time & date */ + time_t rtim = time(0); + fprintf(rfp, "# %s", ctime(&rtim)); + } + else + { + fputs(ibuf, rfp); + if (strncmp(pp, "AESVS ", 6) == 0) + { + strcpy(algo, "AES"); + /* get test type */ + pp += 6; + xp = strchr(pp, ' '); + n = xp-pp; + strncpy(atest, pp, n); + atest[n] = '\0'; + /* get mode */ + xp = strrchr(pp, ' '); /* get mode" */ + n = strlen(xp+1)-1; + strncpy(amode, xp+1, n); + amode[n] = '\0'; + /* amode[3] = '\0'; */ + printf("Test = %s, Mode = %s\n", atest, amode); + } + else if (strncasecmp(pp, "Key Length : ", 13) == 0) + { + akeysz = atoi(pp+13); + printf("Key size = %d\n", akeysz); + } + } + } + break; + + case 1: /* [ENCRYPT] | [DECRYPT] */ + if (ibuf[0] == '[') + { + fputs(ibuf, rfp); + ++step; + if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0) + dir = 1; + else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0) + dir = 0; + else + { + printf("Invalid keyword: %s\n", ibuf); + err = 1; + } + break; + } + else if (dir == -1) + { + err = 1; + printf("Missing ENCRYPT/DECRYPT keyword\n"); + break; + } + else + step = 2; + + case 2: /* KEY = xxxx */ + fputs(ibuf, rfp); + if(*ibuf == '\n') + break; + if(!strncasecmp(ibuf,"COUNT = ",8)) + break; + + if (strncasecmp(ibuf, "KEY = ", 6) != 0) + { + printf("Missing KEY\n"); + err = 1; + } + else + { + len = hex2bin((char*)ibuf+6, strlen(ibuf+6)-1, aKey); + if (len < 0) + { + printf("Invalid KEY\n"); + err =1; + break; + } + PrintValue("KEY", aKey, len); + if (strcmp(amode, "ECB") == 0) + { + memset(iVec, 0, sizeof(iVec)); + step = (dir)? 4: 5; /* no ivec for ECB */ + } + else + ++step; + } + break; + + case 3: /* IV = xxxx */ + fputs(ibuf, rfp); + if (strncasecmp(ibuf, "IV = ", 5) != 0) + { + printf("Missing IV\n"); + err = 1; + } + else + { + len = hex2bin((char*)ibuf+5, strlen(ibuf+5)-1, iVec); + if (len < 0) + { + printf("Invalid IV\n"); + err =1; + break; + } + PrintValue("IV", iVec, len); + step = (dir)? 4: 5; + } + break; + + case 4: /* PLAINTEXT = xxxx */ + fputs(ibuf, rfp); + if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0) + { + printf("Missing PLAINTEXT\n"); + err = 1; + } + else + { + int nn = strlen(ibuf+12); + len = hex2bin((char*)ibuf+12, nn-1, + (unsigned char*)plaintext); + if (len < 0) + { + printf("Invalid PLAINTEXT: %s", ibuf+12); + err =1; + break; + } + if (len >= sizeof(plaintext)) + { + printf("Buffer overflow\n"); + } + PrintValue("PLAINTEXT", (unsigned char*)plaintext, len); + if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */ + { + if(do_mct(amode, akeysz, aKey, iVec, + dir, (unsigned char*)plaintext, len, + rfp) < 0) + exit(1); + } + else + { + ret = AESTest(&ctx, amode, akeysz, aKey, iVec, + dir, /* 0 = decrypt, 1 = encrypt */ + plaintext, ciphertext, len); + OutputValue("CIPHERTEXT", ciphertext, len, rfp); + } + step = 6; + } + break; + + case 5: /* CIPHERTEXT = xxxx */ + fputs(ibuf, rfp); + if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0) + { + printf("Missing KEY\n"); + err = 1; + } + else + { + len = hex2bin((char*)ibuf+13, strlen(ibuf+13)-1, ciphertext); + if (len < 0) + { + printf("Invalid CIPHERTEXT\n"); + err =1; + break; + } + + PrintValue("CIPHERTEXT", ciphertext, len); + if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */ + { + do_mct(amode, akeysz, aKey, iVec, + dir, ciphertext, len, rfp); + } + else + { + ret = AESTest(&ctx, amode, akeysz, aKey, iVec, + dir, /* 0 = decrypt, 1 = encrypt */ + plaintext, ciphertext, len); + OutputValue("PLAINTEXT", (unsigned char*)plaintext, len, rfp); + } + step = 6; + } + break; + + case 6: + if (ibuf[0] != '\n') + { + err = 1; + printf("Missing terminator\n"); + } + else if (strcmp(atest, "MCT") != 0) + { /* MCT already added terminating nl */ + fputs(ibuf, rfp); + } + step = 1; + break; + } + } + if (rfp) + fclose(rfp); + if (afp) + fclose(afp); + return err; +} + +/*-------------------------------------------------- + Processes either a single file or + a set of files whose names are passed in a file. + A single file is specified as: + aes_test -f xxx.req + A set of files is specified as: + aes_test -d xxxxx.xxx + The default is: -d req.txt +--------------------------------------------------*/ +int main(int argc, char **argv) +{ + char *rqlist = "req.txt"; + FILE *fp = NULL; + char fn[250] = "", rfn[256] = ""; + int f_opt = 0, d_opt = 1; + /* + unsigned char x[1]; + + sb(x,1,1); + sb(x,3,1); + printf("%02x %d %d %d\n",x[0],gb(x,0),gb(x,1),gb(x,2)); + exit(0); + */ + + FIPS_mode_set(1); + ERR_load_crypto_strings(); + if (argc > 1) + { + if (strcasecmp(argv[1], "-d") == 0) + { + d_opt = 1; + } + else if (strcasecmp(argv[1], "-f") == 0) + { + f_opt = 1; + d_opt = 0; + } + else + { + printf("Invalid parameter: %s\n", argv[1]); + return 0; + } + if (argc < 3) + { + printf("Missing parameter\n"); + return 0; + } + if (d_opt) + rqlist = argv[2]; + else + strcpy(fn, argv[2]); + } + if (d_opt) + { /* list of files (directory) */ + if (!(fp = fopen(rqlist, "r"))) + { + printf("Cannot open req list file\n"); + return -1; + } + while (fgets(fn, sizeof(fn), fp)) + { + strtok(fn, "\r\n"); + strcpy(rfn, fn); + printf("Processing: %s\n", rfn); + if (proc_file(rfn)) + { + printf(">>> Processing failed for: %s <<<\n", rfn); + exit(1); + } + } + fclose(fp); + } + else /* single file */ + { + printf("Processing: %s\n", fn); + if (proc_file(fn)) + { + printf(">>> Processing failed for: %s <<<\n", fn); + } + } + return 0; +} diff --git a/fips/dsa/.cvsignore b/fips/dsa/.cvsignore new file mode 100644 index 0000000000..695fdd0059 --- /dev/null +++ b/fips/dsa/.cvsignore @@ -0,0 +1,2 @@ +Makefile.save +lib diff --git a/fips/dsa/Makefile.ssl b/fips/dsa/Makefile.ssl new file mode 100644 index 0000000000..1b58c6cf8b --- /dev/null +++ b/fips/dsa/Makefile.ssl @@ -0,0 +1,95 @@ +# +# SSLeay/fips/sha1/Makefile +# + +DIR= dsa +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST=fips_dsatest.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=fips_dsa_ossl.c +LIBOBJ=fips_dsa_ossl.o + +SRC= $(LIBSRC) + +EXHEADER= +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=fips FDIRS=$(DIR) sub_all) + +all: check lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +check: + TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER) + +files: + $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + @$(TOP)/util/point.sh Makefile.ssl Makefile + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff +# DO NOT DELETE THIS LINE -- make depend depends on it. + +fips_dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +fips_dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +fips_dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +fips_dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h +fips_dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/fips.h +fips_dsa_ossl.o: ../../include/openssl/lhash.h +fips_dsa_ossl.o: ../../include/openssl/opensslconf.h +fips_dsa_ossl.o: ../../include/openssl/opensslv.h +fips_dsa_ossl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +fips_dsa_ossl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +fips_dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_dsa_ossl.o: ../../include/openssl/ui.h fips_dsa_ossl.c diff --git a/fips/dsa/fingerprint.sha1 b/fips/dsa/fingerprint.sha1 new file mode 100644 index 0000000000..add19170fa --- /dev/null +++ b/fips/dsa/fingerprint.sha1 @@ -0,0 +1 @@ +SHA1(fips_dsa_ossl.c)= dcd634b40df8d46b396dc920559563e9575e9e6d diff --git a/fips/dsa/fips_dsa_ossl.c b/fips/dsa/fips_dsa_ossl.c new file mode 100644 index 0000000000..f5253ac39c --- /dev/null +++ b/fips/dsa/fips_dsa_ossl.c @@ -0,0 +1,366 @@ +/* crypto/dsa/dsa_ossl.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* Original version from Steven Schoch */ + +#include +#include +#include +#include +#include +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#include + +static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); +static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, + DSA *dsa); +static int dsa_init(DSA *dsa); +static int dsa_finish(DSA *dsa); +static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, + BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); +static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); + +static DSA_METHOD openssl_dsa_meth = { +"OpenSSL FIPS DSA method", +dsa_do_sign, +dsa_sign_setup, +dsa_do_verify, +dsa_mod_exp, +dsa_bn_mod_exp, +dsa_init, +dsa_finish, +0, +NULL +}; + +int FIPS_dsa_check(struct dsa_st *dsa) + { + if(dsa->meth != &openssl_dsa_meth || dsa->meth->dsa_do_sign != dsa_do_sign + || dsa->meth->dsa_sign_setup != dsa_sign_setup + || dsa->meth->dsa_mod_exp != dsa_mod_exp + || dsa->meth->bn_mod_exp != dsa_bn_mod_exp + || dsa->meth->init != dsa_init + || dsa->meth->finish != dsa_finish) + { + FIPSerr(FIPS_F_FIPS_DSA_CHECK,FIPS_R_NON_FIPS_METHOD); + return 0; + } + return 1; + } + +const DSA_METHOD *DSA_OpenSSL(void) +{ + return &openssl_dsa_meth; +} + +static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) + { + BIGNUM *kinv=NULL,*r=NULL,*s=NULL; + BIGNUM m; + BIGNUM xr; + BN_CTX *ctx=NULL; + int i,reason=ERR_R_BN_LIB; + DSA_SIG *ret=NULL; + + BN_init(&m); + BN_init(&xr); + + if (!dsa->p || !dsa->q || !dsa->g) + { + reason=DSA_R_MISSING_PARAMETERS; + goto err; + } + + s=BN_new(); + if (s == NULL) goto err; + + i=BN_num_bytes(dsa->q); /* should be 20 */ + if ((dlen > i) || (dlen > 50)) + { + reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; + goto err; + } + + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + + if ((dsa->kinv == NULL) || (dsa->r == NULL)) + { + if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; + } + else + { + kinv=dsa->kinv; + dsa->kinv=NULL; + r=dsa->r; + dsa->r=NULL; + } + + if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err; + + /* Compute s = inv(k) (m + xr) mod q */ + if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ + if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ + if (BN_cmp(s,dsa->q) > 0) + BN_sub(s,s,dsa->q); + if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; + + ret=DSA_SIG_new(); + if (ret == NULL) goto err; + ret->r = r; + ret->s = s; + +err: + if (!ret) + { + DSAerr(DSA_F_DSA_DO_SIGN,reason); + BN_free(r); + BN_free(s); + } + if (ctx != NULL) BN_CTX_free(ctx); + BN_clear_free(&m); + BN_clear_free(&xr); + if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ + BN_clear_free(kinv); + return(ret); + } + +static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) + { + BN_CTX *ctx; + BIGNUM k,*kinv=NULL,*r=NULL; + int ret=0; + + if (!dsa->p || !dsa->q || !dsa->g) + { + DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); + return 0; + } + + BN_init(&k); + + if (ctx_in == NULL) + { + if ((ctx=BN_CTX_new()) == NULL) goto err; + } + else + ctx=ctx_in; + + if ((r=BN_new()) == NULL) goto err; + kinv=NULL; + + /* Get random k */ + do + if (!BN_rand_range(&k, dsa->q)) goto err; + while (BN_is_zero(&k)); + + if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) + { + if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, + dsa->p,ctx)) goto err; + } + + /* Compute r = (g^k mod p) mod q */ + if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, + (BN_MONT_CTX *)dsa->method_mont_p)) goto err; + if (!BN_mod(r,r,dsa->q,ctx)) goto err; + + /* Compute part of 's = inv(k) (m + xr) mod q' */ + if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err; + + if (*kinvp != NULL) BN_clear_free(*kinvp); + *kinvp=kinv; + kinv=NULL; + if (*rp != NULL) BN_clear_free(*rp); + *rp=r; + ret=1; +err: + if (!ret) + { + DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); + if (kinv != NULL) BN_clear_free(kinv); + if (r != NULL) BN_clear_free(r); + } + if (ctx_in == NULL) BN_CTX_free(ctx); + if (kinv != NULL) BN_clear_free(kinv); + BN_clear_free(&k); + return(ret); + } + +static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, + DSA *dsa) + { + BN_CTX *ctx; + BIGNUM u1,u2,t1; + BN_MONT_CTX *mont=NULL; + int ret = -1; + if (!dsa->p || !dsa->q || !dsa->g) + { + DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); + return -1; + } + + BN_init(&u1); + BN_init(&u2); + BN_init(&t1); + + if ((ctx=BN_CTX_new()) == NULL) goto err; + + if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) + { + ret = 0; + goto err; + } + if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) + { + ret = 0; + goto err; + } + + /* Calculate W = inv(S) mod Q + * save W in u2 */ + if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; + + /* save M in u1 */ + if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; + + /* u1 = M * w mod q */ + if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err; + + /* u2 = r * w mod q */ + if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; + + if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) + { + if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, + dsa->p,ctx)) goto err; + } + mont=(BN_MONT_CTX *)dsa->method_mont_p; + +#if 0 + { + BIGNUM t2; + + BN_init(&t2); + /* v = ( g^u1 * y^u2 mod p ) mod q */ + /* let t1 = g ^ u1 mod p */ + if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err; + /* let t2 = y ^ u2 mod p */ + if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err; + /* let u1 = t1 * t2 mod p */ + if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn; + BN_free(&t2); + } + /* let u1 = u1 mod q */ + if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err; +#else + { + if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2, + dsa->p,ctx,mont)) goto err; + /* BN_copy(&u1,&t1); */ + /* let u1 = u1 mod q */ + if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; + } +#endif + /* V is now in u1. If the signature is correct, it will be + * equal to R. */ + ret=(BN_ucmp(&u1, sig->r) == 0); + + err: + if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); + if (ctx != NULL) BN_CTX_free(ctx); + BN_free(&u1); + BN_free(&u2); + BN_free(&t1); + return(ret); + } + +static int dsa_init(DSA *dsa) +{ + dsa->flags|=DSA_FLAG_CACHE_MONT_P; + return(1); +} + +static int dsa_finish(DSA *dsa) +{ + if(dsa->method_mont_p) + BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p); + return(1); +} + +static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, + BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont) +{ + return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont); +} + +static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx) +{ + return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); +} diff --git a/fips/dsa/fips_dsatest.c b/fips/dsa/fips_dsatest.c new file mode 100644 index 0000000000..9c8bd8420c --- /dev/null +++ b/fips/dsa/fips_dsatest.c @@ -0,0 +1,252 @@ +/* crypto/dsa/dsatest.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include + +#include "../e_os.h" + +#include +#include +#include +#include +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#include +#include + +#ifdef OPENSSL_NO_DSA +int main(int argc, char *argv[]) +{ + printf("No DSA support\n"); + return(0); +} +#else +#include + +#ifdef OPENSSL_SYS_WIN16 +#define MS_CALLBACK _far _loadds +#else +#define MS_CALLBACK +#endif + +static void MS_CALLBACK dsa_cb(int p, int n, void *arg); + +/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to + * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ +static unsigned char seed[20]={ + 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40, + 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3, + }; + +static unsigned char out_p[]={ + 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa, + 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb, + 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7, + 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5, + 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf, + 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac, + 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2, + 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91, + }; + +static unsigned char out_q[]={ + 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee, + 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e, + 0xda,0xce,0x91,0x5f, + }; + +static unsigned char out_g[]={ + 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13, + 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00, + 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb, + 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e, + 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf, + 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c, + 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c, + 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02, + }; + +static const unsigned char str1[]="12345678901234567890"; + +static const char rnd_seed[] = "string to make the random number generator think it has entropy"; +static const unsigned char rnd_key1[]="12345678"; +static const unsigned char rnd_key2[]="abcdefgh"; + +static BIO *bio_err=NULL; + +int main(int argc, char **argv) + { + DSA *dsa=NULL; + int counter,ret=0,i,j; + unsigned char buf[256]; + unsigned long h; + unsigned char sig[256]; + unsigned int siglen; + + FIPS_mode_set(1); + + if (bio_err == NULL) + bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); + + CRYPTO_malloc_debug_init(); + CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + FIPS_set_prng_key(rnd_key1,rnd_key2); + RAND_seed(rnd_seed, sizeof rnd_seed); + + BIO_printf(bio_err,"test generation of DSA parameters\n"); + + dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err); + + BIO_printf(bio_err,"seed\n"); + for (i=0; i<20; i+=4) + { + BIO_printf(bio_err,"%02X%02X%02X%02X ", + seed[i],seed[i+1],seed[i+2],seed[i+3]); + } + BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h); + + if (dsa == NULL) goto end; + DSA_print(bio_err,dsa,0); + if (counter != 105) + { + BIO_printf(bio_err,"counter should be 105\n"); + goto end; + } + if (h != 2) + { + BIO_printf(bio_err,"h should be 2\n"); + goto end; + } + + i=BN_bn2bin(dsa->q,buf); + j=sizeof(out_q); + if ((i != j) || (memcmp(buf,out_q,i) != 0)) + { + BIO_printf(bio_err,"q value is wrong\n"); + goto end; + } + + i=BN_bn2bin(dsa->p,buf); + j=sizeof(out_p); + if ((i != j) || (memcmp(buf,out_p,i) != 0)) + { + BIO_printf(bio_err,"p value is wrong\n"); + goto end; + } + + i=BN_bn2bin(dsa->g,buf); + j=sizeof(out_g); + if ((i != j) || (memcmp(buf,out_g,i) != 0)) + { + BIO_printf(bio_err,"g value is wrong\n"); + goto end; + } + DSA_generate_key(dsa); + DSA_sign(0, str1, 20, sig, &siglen, dsa); + if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) + ret=1; +end: + if (!ret) + ERR_print_errors(bio_err); + if (dsa != NULL) DSA_free(dsa); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_state(0); + ERR_free_strings(); + CRYPTO_mem_leaks(bio_err); + if (bio_err != NULL) + { + BIO_free(bio_err); + bio_err = NULL; + } + EXIT(!ret); + return(0); + } + +static int cb_exit(int ec) + { + EXIT(ec); + return(0); /* To keep some compilers quiet */ + } + +static void MS_CALLBACK dsa_cb(int p, int n, void *arg) + { + char c='*'; + static int ok=0,num=0; + + if (p == 0) { c='.'; num++; }; + if (p == 1) c='+'; + if (p == 2) { c='*'; ok++; } + if (p == 3) c='\n'; + BIO_write(arg,&c,1); + (void)BIO_flush(arg); + + if (!ok && (p == 0) && (num > 1)) + { + BIO_printf((BIO *)arg,"error in dsatest\n"); + cb_exit(1); + } + } +#endif diff --git a/fips/fingerprint.sha1 b/fips/fingerprint.sha1 new file mode 100644 index 0000000000..174ff5ae16 --- /dev/null +++ b/fips/fingerprint.sha1 @@ -0,0 +1,3 @@ +SHA1(fips.c)= 39f2919005cb5c8d3b806b52d81a9247804dbe64 +SHA1(fips_err.c)= 197ccc595c33079de87ae02da868808a9ca60648 +SHA1(fips.h)= 53ce62539f2b69141693d427af9a4c4abc822cd0 diff --git a/fips/fips.c b/fips/fips.c new file mode 100644 index 0000000000..440258425c --- /dev/null +++ b/fips/fips.c @@ -0,0 +1,74 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include +#include +#include + +#ifdef FIPS + +void FIPS_mode_set(int onoff) + { + FIPS_mode=onoff; + if(onoff) + { + FIPS_rand_check=&rand_fips_meth; + RAND_set_rand_method(&rand_fips_meth); + } + } + +#if 0 +/* here just to cause error codes to exist */ +static void dummy() + { + FIPSerr(FIPS_F_HASH_FINAL,FIPS_F_NON_FIPS_METHOD); + } +#endif + +#endif diff --git a/fips/fips.h b/fips/fips.h new file mode 100644 index 0000000000..020c45b726 --- /dev/null +++ b/fips/fips.h @@ -0,0 +1,85 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifdef FIPS +/* Note that these are defined in crypto/cryptlib.c so they're + * available even without -lfips. + */ +extern int FIPS_mode; +extern void *FIPS_rand_check; +struct dsa_st; + +void FIPS_mode_set(int onoff); +int FIPS_dsa_check(struct dsa_st *dsa); + +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_FIPS_strings(void); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_FIPS_strings(void); + +/* Error codes for the FIPS functions. */ + +/* Function codes. */ +#define FIPS_F_FIPS_DSA_CHECK 102 +#define FIPS_F_HASH_FINAL 100 +#define FIPS_F_SSLEAY_RAND_BYTES 101 + +/* Reason codes. */ +#define FIPS_R_NON_FIPS_METHOD 100 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/fips/fips_check_sha1 b/fips/fips_check_sha1 new file mode 100755 index 0000000000..c7d3ee14ae --- /dev/null +++ b/fips/fips_check_sha1 @@ -0,0 +1,7 @@ +#!/bin/sh + +FP=$1 +shift + +$TOP/fips/sha1/fips_standalone_sha1 $@ | diff $FP - + diff --git a/fips/fips_err.c b/fips/fips_err.c new file mode 100644 index 0000000000..6f67161668 --- /dev/null +++ b/fips/fips_err.c @@ -0,0 +1,96 @@ +/* fips/fips_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR +static ERR_STRING_DATA FIPS_str_functs[]= + { +{ERR_PACK(0,FIPS_F_FIPS_DSA_CHECK,0), "FIPS_dsa_check"}, +{ERR_PACK(0,FIPS_F_HASH_FINAL,0), "HASH_FINAL"}, +{ERR_PACK(0,FIPS_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"}, +{0,NULL} + }; + +static ERR_STRING_DATA FIPS_str_reasons[]= + { +{FIPS_R_NON_FIPS_METHOD ,"non fips method"}, +{0,NULL} + }; + +#endif + +void ERR_load_FIPS_strings(void) + { + static int init=1; + + if (init) + { + init=0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(ERR_LIB_FIPS,FIPS_str_functs); + ERR_load_strings(ERR_LIB_FIPS,FIPS_str_reasons); +#endif + + } + } diff --git a/fips/fips_make_sha1 b/fips/fips_make_sha1 new file mode 100755 index 0000000000..47d65f9227 --- /dev/null +++ b/fips/fips_make_sha1 @@ -0,0 +1,21 @@ +#!/bin/sh + +S=`pwd`/fips/sha1/fips_standalone_sha1 + +cd fips/sha1 +$S fips_standalone_sha1.c fips_sha1dgst.c fips_sha_locl.h fips_md32_common.h > standalone.sha1 + +cd .. +$S fips.c fips_err.c fips.h > fingerprint.sha1 + +cd rand +$S fips_rand.c fips_rand.h > fingerprint.sha1 + +cd ../sha1 +$S fips_sha1dgst.c fips_sha_locl.h fips_md32_common.h > fingerprint.sha1 + +cd ../aes +$S fips_aes_core.c fips_aes_locl.h > fingerprint.sha1 + +cd ../dsa +$S fips_dsa_ossl.c > fingerprint.sha1 diff --git a/fips/lib b/fips/lib new file mode 100644 index 0000000000..e69de29bb2 diff --git a/fips/rand/.cvsignore b/fips/rand/.cvsignore new file mode 100644 index 0000000000..695fdd0059 --- /dev/null +++ b/fips/rand/.cvsignore @@ -0,0 +1,2 @@ +Makefile.save +lib diff --git a/fips/rand/Makefile.ssl b/fips/rand/Makefile.ssl new file mode 100644 index 0000000000..4a570cb489 --- /dev/null +++ b/fips/rand/Makefile.ssl @@ -0,0 +1,94 @@ +# +# SSLeay/fips/rand/Makefile +# + +DIR= rand +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= fips_randtest.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=fips_rand.c +LIBOBJ=fips_rand.o + +SRC= $(LIBSRC) + +EXHEADER= fips_rand.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=fips SDIRS=$(DIR) sub_all) + +all: check lib + +check: + TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER) + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + @$(TOP)/util/point.sh Makefile.ssl Makefile + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +fips_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +fips_rand.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +fips_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +fips_rand.o: ../../include/openssl/fips_rand.h ../../include/openssl/lhash.h +fips_rand.o: ../../include/openssl/opensslconf.h +fips_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +fips_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +fips_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +fips_rand.o: fips_rand.c diff --git a/fips/rand/fingerprint.sha1 b/fips/rand/fingerprint.sha1 new file mode 100644 index 0000000000..a7d86340a8 --- /dev/null +++ b/fips/rand/fingerprint.sha1 @@ -0,0 +1,2 @@ +SHA1(fips_rand.c)= 3ba9ead2bec03b9a31527761472616ee26d005dc +SHA1(fips_rand.h)= c25efc81b5fade7d0cc406be5c9a083f20671b7d diff --git a/fips/rand/fips_rand.c b/fips/rand/fips_rand.c new file mode 100644 index 0000000000..7b333b79e1 --- /dev/null +++ b/fips/rand/fips_rand.c @@ -0,0 +1,236 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/* + * This is a FIPS approved PRNG, ANSI X9.17, as specified in HAC, + * Menezes et al., p.173 + */ + +#include +#include +#include +#include +#include +#include +#include + +#define SEED_SIZE 8 + +static unsigned char seed[SEED_SIZE]; +static int n_seed; +static int o_seed; +static DES_cblock key1; +static DES_cblock key2; +static DES_key_schedule ks1,ks2; +static int key_set; +static int test_mode; +static unsigned char test_faketime[8]; + +static void fips_rand_cleanup(void); +static void fips_rand_seed(const void *buf, int num); +static void fips_rand_add(const void *buf, int num, double add_entropy); +static int fips_rand_bytes(unsigned char *buf, int num); +static int fips_rand_status(void); + +RAND_METHOD rand_fips_meth= + { + fips_rand_seed, + fips_rand_bytes, + fips_rand_cleanup, + fips_rand_add, + fips_rand_bytes, + fips_rand_status + }; + +void FIPS_set_prng_key(const unsigned char k1[8],const unsigned char k2[8]) + { + memcpy(&key1,k1,sizeof key1); + memcpy(&key2,k2,sizeof key2); + key_set=1; + } + +void FIPS_test_mode(int test,const unsigned char faketime[8]) + { + test_mode=test; + if(!test_mode) + return; + memcpy(test_faketime,faketime,sizeof test_faketime); + } + +static void fips_gettime(unsigned char buf[8]) + { + struct timeval tv; +#ifndef GETPID_IS_MEANINGLESS + long pid; +#endif + + if(test_mode) + { + fprintf(stderr,"WARNING!!! PRNG IN TEST MODE!!!\n"); + memcpy(buf,test_faketime,sizeof test_faketime); + return; + } + gettimeofday(&tv,NULL); + assert(sizeof(long) == 4); + *(long *)&buf[0]=tv.tv_sec; + *(long *)&buf[4]=tv.tv_usec; + +#ifndef GETPID_IS_MEANINGLESS + /* we mix in the PID to ensure that after a fork the children don't give + * the same results as each other + */ + pid=getpid(); + /* make sure we shift the pid to the MSB */ + if((pid&0xffff0000) == 0) + pid<<=16; + *(long *)&buf[0]^=pid; +#endif + } + +static void fips_rand_encrypt(unsigned char *out,const unsigned char *in) + { + DES_ecb2_encrypt(in,out,&ks1,&ks2,1); + } + +static void fips_rand_cleanup(void) + { + OPENSSL_cleanse(seed,sizeof seed); + n_seed=0; + } + +static void fips_rand_seed(const void *buf_, int num) + { + const char *buf=buf_; + int n; + static int init; + + /* If the key hasn't been set, we can't seed! */ + if(!key_set) + return; + + CRYPTO_w_lock(CRYPTO_LOCK_RAND); + if(!init) + { + init=1; + DES_set_key(&key1,&ks1); + DES_set_key(&key2,&ks2); + } + + /* + * This algorithm only uses 64 bits of seed, so ensure that we use + * the most recent 64 bits. + */ + for(n=0 ; n < num ; ) + { + int t=num-n; + + if(o_seed+t > sizeof seed) + t=sizeof seed-o_seed; + memcpy(seed+o_seed,buf+n,t); + n+=t; + o_seed+=t; + if(o_seed == sizeof seed) + o_seed=0; + if(n_seed < sizeof seed) + n_seed+=t; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + } + +static void fips_rand_add(const void *buf, int num, double add_entropy) + { + fips_rand_seed(buf,num); + } + +static int fips_rand_bytes(unsigned char *buf,int num) + { + int n; + unsigned char timeseed[8]; + unsigned char intermediate[SEED_SIZE]; + unsigned char output[SEED_SIZE]; + + if(n_seed < sizeof seed) + { + RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED); + return 0; + } + + fips_gettime(timeseed); + fips_rand_encrypt(intermediate,timeseed); + + CRYPTO_w_lock(CRYPTO_LOCK_RAND); + + for(n=0 ; n < num ; ) + { + unsigned char t[SEED_SIZE]; + int l; + + /* now generate a full 64 bits of "randomness" */ + for(l=0 ; l < sizeof t ; ++l) + t[l]=intermediate[l]^seed[l]; + fips_rand_encrypt(output,t); + for(l=0 ; l < sizeof t ; ++l) + t[l]=output[l]^seed[l]; + fips_rand_encrypt(seed,t); + + l=SEED_SIZE < num-n ? SEED_SIZE : num-n; + memcpy(buf+n,output,l); + n+=l; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + + return num; + } + +static int fips_rand_status(void) + { + return n_seed == sizeof seed; + } diff --git a/fips/rand/fips_rand.h b/fips/rand/fips_rand.h new file mode 100644 index 0000000000..d5558ca73b --- /dev/null +++ b/fips/rand/fips_rand.h @@ -0,0 +1,55 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "des.h" + +void FIPS_set_prng_key(const unsigned char k1[8],const unsigned char k2[8]); +void FIPS_test_mode(int test,const unsigned char faketime[8]); + +extern RAND_METHOD rand_fips_meth; diff --git a/fips/rand/fips_randtest.c b/fips/rand/fips_randtest.c new file mode 100644 index 0000000000..c84653eb1d --- /dev/null +++ b/fips/rand/fips_randtest.c @@ -0,0 +1,348 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include +#include +#include +#include + +#include "../e_os.h" + +/* some FIPS 140-1 random number test */ +/* some simple tests */ + +static DES_cblock prng_key1={0x21,0x58,0x47,0xb7,0xc2,0x97,0x5a,0x8e}; +static DES_cblock prng_key2={0x61,0x23,0x05,0x96,0x18,0x91,0x86,0xac}; +static unsigned char prng_seed[8]={0x6b,0xa3,0x4f,0x07,0xe4,0x2a,0xb0,0xc}; + +typedef struct + { + DES_cblock keys[2]; + const unsigned char time[8]; + const unsigned char seed[8]; + const unsigned char block1[8]; + const unsigned char block100[8]; + } PRNGtest; + +/* FIXME: these test vectors are made up! */ +static PRNGtest t1= + { + { { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, + }, + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, + { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }, + { 0x8c,0xa6,0x4d,0xe9,0xc1,0xb1,0x23,0xa7 } + }; +static PRNGtest t2= + { + { { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff }, + { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff } }, + { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff }, + { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff }, + { 0xcd,0x57,0xcb,0xfa,0x08,0xd8,0xdb,0x3a }, + { 0x05,0xad,0x17,0xbd,0xd8,0x32,0x96,0x79 } + }; + +static void dump(const unsigned char *b,int n) + { + while(n-- > 0) + { + printf(" %02x",*b++); + } + } + +static void compare(const unsigned char *result,const unsigned char *expected, + int n) + { + int i; + + for(i=0 ; i < n ; ++i) + if(result[i] != expected[i]) + { + puts("Random test failed, got:"); + dump(result,8); + puts("\n expected:"); + dump(expected,8); + putchar('\n'); + exit(1); + } + } + +static void run_test(const PRNGtest *t) + { + unsigned char buf[8]; + int n; + + FIPS_set_prng_key(t->keys[0],t->keys[1]); + FIPS_test_mode(1,t->time); + RAND_seed(t->seed,sizeof t->seed); + + RAND_bytes(buf,8); + compare(buf,t->block1,8); + for(n=0 ; n < 99 ; ++n) + RAND_bytes(buf,8); + compare(buf,t->block100,8); + FIPS_test_mode(0,NULL); + } + +int main() + { + unsigned char buf[2500]; + int i,j,k,s,sign,nsign,err=0; + unsigned long n1; + unsigned long n2[16]; + unsigned long runs[2][34]; + /*double d; */ + long d; + + RAND_set_rand_method(&rand_fips_meth); + + run_test(&t1); + run_test(&t2); + + FIPS_set_prng_key(prng_key1,prng_key2); + RAND_seed(prng_seed,sizeof prng_seed); + + i = RAND_pseudo_bytes(buf,2500); + if (i <= 0) + { + printf ("init failed, the rand method is not properly installed\n"); + err++; + goto err; + } + + n1=0; + for (i=0; i<16; i++) n2[i]=0; + for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0; + + /* test 1 and 2 */ + sign=0; + nsign=0; + for (i=0; i<2500; i++) + { + j=buf[i]; + + n2[j&0x0f]++; + n2[(j>>4)&0x0f]++; + + for (k=0; k<8; k++) + { + s=(j&0x01); + if (s == sign) + nsign++; + else + { + if (nsign > 34) nsign=34; + if (nsign != 0) + { + runs[sign][nsign-1]++; + if (nsign > 6) + runs[sign][5]++; + } + sign=s; + nsign=1; + } + + if (s) n1++; + j>>=1; + } + } + if (nsign > 34) nsign=34; + if (nsign != 0) runs[sign][nsign-1]++; + + /* test 1 */ + if (!((9654 < n1) && (n1 < 10346))) + { + printf("test 1 failed, X=%lu\n",n1); + err++; + } + printf("test 1 done\n"); + + /* test 2 */ +#ifdef undef + d=0; + for (i=0; i<16; i++) + d+=n2[i]*n2[i]; + d=d*16.0/5000.0-5000.0; + if (!((1.03 < d) && (d < 57.4))) + { + printf("test 2 failed, X=%.2f\n",d); + err++; + } +#endif + d=0; + for (i=0; i<16; i++) + d+=n2[i]*n2[i]; + d=(d*8)/25-500000; + if (!((103 < d) && (d < 5740))) + { + printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L); + err++; + } + printf("test 2 done\n"); + + /* test 3 */ + for (i=0; i<2; i++) + { + if (!((2267 < runs[i][0]) && (runs[i][0] < 2733))) + { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i,1,runs[i][0]); + err++; + } + if (!((1079 < runs[i][1]) && (runs[i][1] < 1421))) + { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i,2,runs[i][1]); + err++; + } + if (!(( 502 < runs[i][2]) && (runs[i][2] < 748))) + { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i,3,runs[i][2]); + err++; + } + if (!(( 223 < runs[i][3]) && (runs[i][3] < 402))) + { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i,4,runs[i][3]); + err++; + } + if (!(( 90 < runs[i][4]) && (runs[i][4] < 223))) + { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i,5,runs[i][4]); + err++; + } + if (!(( 90 < runs[i][5]) && (runs[i][5] < 223))) + { + printf("test 3 failed, bit=%d run=%d num=%lu\n", + i,6,runs[i][5]); + err++; + } + } + printf("test 3 done\n"); + + /* test 4 */ + if (runs[0][33] != 0) + { + printf("test 4 failed, bit=%d run=%d num=%lu\n", + 0,34,runs[0][33]); + err++; + } + if (runs[1][33] != 0) + { + printf("test 4 failed, bit=%d run=%d num=%lu\n", + 1,34,runs[1][33]); + err++; + } + printf("test 4 done\n"); + err: + err=((err)?1:0); + EXIT(err); + return(err); + } diff --git a/fips/sha1/.cvsignore b/fips/sha1/.cvsignore new file mode 100644 index 0000000000..3c65d3f9db --- /dev/null +++ b/fips/sha1/.cvsignore @@ -0,0 +1,3 @@ +Makefile.save +lib +fips_standalone_sha1 diff --git a/fips/sha1/Makefile.ssl b/fips/sha1/Makefile.ssl new file mode 100644 index 0000000000..dbbf5ee4ba --- /dev/null +++ b/fips/sha1/Makefile.ssl @@ -0,0 +1,94 @@ +# +# SSLeay/fips/sha1/Makefile +# + +DIR= sha1 +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= fips_sha1test.c sha1vectors.txt sha1hashes.txt +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC=fips_sha1dgst.c +LIBOBJ=fips_sha1dgst.o + +SRC= $(LIBSRC) + +EXHEADER= +HEADER= $(EXHEADER) fips_sha_locl.h fips_md32_common.h + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=fips SDIRS=$(DIR) sub_all) + +all: check lib fips_standalone_sha1 + +check: + TOP=`pwd`/$(TOP) ../fips_check_sha1 fingerprint.sha1 $(SRC) $(HEADER) + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +fips_standalone_sha1: fips_standalone_sha1.o fips_sha1dgst.o + $(CC) -o fips_standalone_sha1 $(CFLAGS) fips_standalone_sha1.o \ + fips_sha1dgst.o + TOP=`pwd`/$(TOP) ../fips_check_sha1 standalone.sha1 \ + fips_standalone_sha1.c fips_sha1dgst.c fips_sha_locl.h \ + fips_md32_common.h + +files: + $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + @$(TOP)/util/point.sh Makefile.ssl Makefile + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff +# DO NOT DELETE THIS LINE -- make depend depends on it. + +fips_sha1dgst.o: ../../include/openssl/e_os2.h +fips_sha1dgst.o: ../../include/openssl/opensslconf.h +fips_sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h +fips_sha1dgst.o: fips_md32_common.h fips_sha1dgst.c fips_sha_locl.h diff --git a/fips/sha1/fingerprint.sha1 b/fips/sha1/fingerprint.sha1 new file mode 100644 index 0000000000..b78f2d756b --- /dev/null +++ b/fips/sha1/fingerprint.sha1 @@ -0,0 +1,3 @@ +SHA1(fips_sha1dgst.c)= 5b541eae6c5dc9caad9ad4fb90cb840ff48b5904 +SHA1(fips_sha_locl.h)= 677427c495b571991f013939ea7e5dea87828f8c +SHA1(fips_md32_common.h)= 4f41bcde24750b3b8c99a06bcba2fe06ff8db4d0 diff --git a/fips/sha1/fips_md32_common.h b/fips/sha1/fips_md32_common.h new file mode 100644 index 0000000000..573850b122 --- /dev/null +++ b/fips/sha1/fips_md32_common.h @@ -0,0 +1,637 @@ +/* crypto/md32_common.h */ +/* ==================================================================== + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* + * This is a generic 32 bit "collector" for message digest algorithms. + * Whenever needed it collects input character stream into chunks of + * 32 bit values and invokes a block function that performs actual hash + * calculations. + * + * Porting guide. + * + * Obligatory macros: + * + * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN + * this macro defines byte order of input stream. + * HASH_CBLOCK + * size of a unit chunk HASH_BLOCK operates on. + * HASH_LONG + * has to be at lest 32 bit wide, if it's wider, then + * HASH_LONG_LOG2 *has to* be defined along + * HASH_CTX + * context structure that at least contains following + * members: + * typedef struct { + * ... + * HASH_LONG Nl,Nh; + * HASH_LONG data[HASH_LBLOCK]; + * int num; + * ... + * } HASH_CTX; + * HASH_UPDATE + * name of "Update" function, implemented here. + * HASH_TRANSFORM + * name of "Transform" function, implemented here. + * HASH_FINAL + * name of "Final" function, implemented here. + * HASH_BLOCK_HOST_ORDER + * name of "block" function treating *aligned* input message + * in host byte order, implemented externally. + * HASH_BLOCK_DATA_ORDER + * name of "block" function treating *unaligned* input message + * in original (data) byte order, implemented externally (it + * actually is optional if data and host are of the same + * "endianess"). + * HASH_MAKE_STRING + * macro convering context variables to an ASCII hash string. + * + * Optional macros: + * + * B_ENDIAN or L_ENDIAN + * defines host byte-order. + * HASH_LONG_LOG2 + * defaults to 2 if not states otherwise. + * HASH_LBLOCK + * assumed to be HASH_CBLOCK/4 if not stated otherwise. + * HASH_BLOCK_DATA_ORDER_ALIGNED + * alternative "block" function capable of treating + * aligned input message in original (data) order, + * implemented externally. + * + * MD5 example: + * + * #define DATA_ORDER_IS_LITTLE_ENDIAN + * + * #define HASH_LONG MD5_LONG + * #define HASH_LONG_LOG2 MD5_LONG_LOG2 + * #define HASH_CTX MD5_CTX + * #define HASH_CBLOCK MD5_CBLOCK + * #define HASH_LBLOCK MD5_LBLOCK + * #define HASH_UPDATE MD5_Update + * #define HASH_TRANSFORM MD5_Transform + * #define HASH_FINAL MD5_Final + * #define HASH_BLOCK_HOST_ORDER md5_block_host_order + * #define HASH_BLOCK_DATA_ORDER md5_block_data_order + * + * + */ + +#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) +#error "DATA_ORDER must be defined!" +#endif + +#ifndef HASH_CBLOCK +#error "HASH_CBLOCK must be defined!" +#endif +#ifndef HASH_LONG +#error "HASH_LONG must be defined!" +#endif +#ifndef HASH_CTX +#error "HASH_CTX must be defined!" +#endif + +#ifndef HASH_UPDATE +#error "HASH_UPDATE must be defined!" +#endif +#ifndef HASH_TRANSFORM +#error "HASH_TRANSFORM must be defined!" +#endif +#ifndef HASH_FINAL +#error "HASH_FINAL must be defined!" +#endif + +#ifndef HASH_BLOCK_HOST_ORDER +#error "HASH_BLOCK_HOST_ORDER must be defined!" +#endif + +#if 0 +/* + * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED + * isn't defined. + */ +#ifndef HASH_BLOCK_DATA_ORDER +#error "HASH_BLOCK_DATA_ORDER must be defined!" +#endif +#endif + +#ifndef HASH_LBLOCK +#define HASH_LBLOCK (HASH_CBLOCK/4) +#endif + +#ifndef HASH_LONG_LOG2 +#define HASH_LONG_LOG2 2 +#endif + +/* + * Engage compiler specific rotate intrinsic function if available. + */ +#undef ROTATE +#ifndef PEDANTIC +# if 0 /* defined(_MSC_VER) */ +# define ROTATE(a,n) _lrotl(a,n) +# elif defined(__MWERKS__) +# if defined(__POWERPC__) +# define ROTATE(a,n) __rlwinm(a,n,0,31) +# elif defined(__MC68K__) + /* Motorola specific tweak. */ +# define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) ) +# else +# define ROTATE(a,n) __rol(a,n) +# endif +# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) + /* + * Some GNU C inline assembler templates. Note that these are + * rotates by *constant* number of bits! But that's exactly + * what we need here... + * + * + */ +# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +# define ROTATE(a,n) ({ register unsigned int ret; \ + asm ( \ + "roll %1,%0" \ + : "=r"(ret) \ + : "I"(n), "0"(a) \ + : "cc"); \ + ret; \ + }) +# elif defined(__powerpc) || defined(__ppc) +# define ROTATE(a,n) ({ register unsigned int ret; \ + asm ( \ + "rlwinm %0,%1,%2,0,31" \ + : "=r"(ret) \ + : "r"(a), "I"(n)); \ + ret; \ + }) +# endif +# endif + +/* + * Engage compiler specific "fetch in reverse byte order" + * intrinsic function if available. + */ +# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) + /* some GNU C inline assembler templates by */ +# if (defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)) && !defined(I386_ONLY) +# define BE_FETCH32(a) ({ register unsigned int l=(a);\ + asm ( \ + "bswapl %0" \ + : "=r"(l) : "0"(l)); \ + l; \ + }) +# elif defined(__powerpc) +# define LE_FETCH32(a) ({ register unsigned int l; \ + asm ( \ + "lwbrx %0,0,%1" \ + : "=r"(l) \ + : "r"(a)); \ + l; \ + }) + +# elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC) +# define LE_FETCH32(a) ({ register unsigned int l; \ + asm ( \ + "lda [%1]#ASI_PRIMARY_LITTLE,%0"\ + : "=r"(l) \ + : "r"(a)); \ + l; \ + }) +# endif +# endif +#endif /* PEDANTIC */ + +#if HASH_LONG_LOG2==2 /* Engage only if sizeof(HASH_LONG)== 4 */ +/* A nice byte order reversal from Wei Dai */ +#ifdef ROTATE +/* 5 instructions with rotate instruction, else 9 */ +#define REVERSE_FETCH32(a,l) ( \ + l=*(const HASH_LONG *)(a), \ + ((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24))) \ + ) +#else +/* 6 instructions with rotate instruction, else 8 */ +#define REVERSE_FETCH32(a,l) ( \ + l=*(const HASH_LONG *)(a), \ + l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)), \ + ROTATE(l,16) \ + ) +/* + * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|... + * It's rewritten as above for two reasons: + * - RISCs aren't good at long constants and have to explicitely + * compose 'em with several (well, usually 2) instructions in a + * register before performing the actual operation and (as you + * already realized:-) having same constant should inspire the + * compiler to permanently allocate the only register for it; + * - most modern CPUs have two ALUs, but usually only one has + * circuitry for shifts:-( this minor tweak inspires compiler + * to schedule shift instructions in a better way... + * + * + */ +#endif +#endif + +#ifndef ROTATE +#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) +#endif + +/* + * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED + * and HASH_BLOCK_HOST_ORDER ought to be the same if input data + * and host are of the same "endianess". It's possible to mask + * this with blank #define HASH_BLOCK_DATA_ORDER though... + * + * + */ +#if defined(B_ENDIAN) +# if defined(DATA_ORDER_IS_BIG_ENDIAN) +# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2 +# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER +# endif +# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) +# ifndef HOST_FETCH32 +# ifdef LE_FETCH32 +# define HOST_FETCH32(p,l) LE_FETCH32(p) +# elif defined(REVERSE_FETCH32) +# define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l) +# endif +# endif +# endif +#elif defined(L_ENDIAN) +# if defined(DATA_ORDER_IS_LITTLE_ENDIAN) +# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2 +# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER +# endif +# elif defined(DATA_ORDER_IS_BIG_ENDIAN) +# ifndef HOST_FETCH32 +# ifdef BE_FETCH32 +# define HOST_FETCH32(p,l) BE_FETCH32(p) +# elif defined(REVERSE_FETCH32) +# define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l) +# endif +# endif +# endif +#endif + +#if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) +#ifndef HASH_BLOCK_DATA_ORDER +#error "HASH_BLOCK_DATA_ORDER must be defined!" +#endif +#endif + +#if defined(DATA_ORDER_IS_BIG_ENDIAN) + +#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ + l|=(((unsigned long)(*((c)++)))<<16), \ + l|=(((unsigned long)(*((c)++)))<< 8), \ + l|=(((unsigned long)(*((c)++))) ), \ + l) +#define HOST_p_c2l(c,l,n) { \ + switch (n) { \ + case 0: l =((unsigned long)(*((c)++)))<<24; \ + case 1: l|=((unsigned long)(*((c)++)))<<16; \ + case 2: l|=((unsigned long)(*((c)++)))<< 8; \ + case 3: l|=((unsigned long)(*((c)++))); \ + } } +#define HOST_p_c2l_p(c,l,sc,len) { \ + switch (sc) { \ + case 0: l =((unsigned long)(*((c)++)))<<24; \ + if (--len == 0) break; \ + case 1: l|=((unsigned long)(*((c)++)))<<16; \ + if (--len == 0) break; \ + case 2: l|=((unsigned long)(*((c)++)))<< 8; \ + } } +/* NOTE the pointer is not incremented at the end of this */ +#define HOST_c2l_p(c,l,n) { \ + l=0; (c)+=n; \ + switch (n) { \ + case 3: l =((unsigned long)(*(--(c))))<< 8; \ + case 2: l|=((unsigned long)(*(--(c))))<<16; \ + case 1: l|=((unsigned long)(*(--(c))))<<24; \ + } } +#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff), \ + l) + +#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) + +#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ + l|=(((unsigned long)(*((c)++)))<< 8), \ + l|=(((unsigned long)(*((c)++)))<<16), \ + l|=(((unsigned long)(*((c)++)))<<24), \ + l) +#define HOST_p_c2l(c,l,n) { \ + switch (n) { \ + case 0: l =((unsigned long)(*((c)++))); \ + case 1: l|=((unsigned long)(*((c)++)))<< 8; \ + case 2: l|=((unsigned long)(*((c)++)))<<16; \ + case 3: l|=((unsigned long)(*((c)++)))<<24; \ + } } +#define HOST_p_c2l_p(c,l,sc,len) { \ + switch (sc) { \ + case 0: l =((unsigned long)(*((c)++))); \ + if (--len == 0) break; \ + case 1: l|=((unsigned long)(*((c)++)))<< 8; \ + if (--len == 0) break; \ + case 2: l|=((unsigned long)(*((c)++)))<<16; \ + } } +/* NOTE the pointer is not incremented at the end of this */ +#define HOST_c2l_p(c,l,n) { \ + l=0; (c)+=n; \ + switch (n) { \ + case 3: l =((unsigned long)(*(--(c))))<<16; \ + case 2: l|=((unsigned long)(*(--(c))))<< 8; \ + case 1: l|=((unsigned long)(*(--(c)))); \ + } } +#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff), \ + l) + +#endif + +/* + * Time for some action:-) + */ + +int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len) + { + const unsigned char *data=data_; + register HASH_LONG * p; + register unsigned long l; + int sw,sc,ew,ec; + + if (len==0) return 1; + + l=(c->Nl+(len<<3))&0xffffffffL; + /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to + * Wei Dai for pointing it out. */ + if (l < c->Nl) /* overflow */ + c->Nh++; + c->Nh+=(len>>29); + c->Nl=l; + + if (c->num != 0) + { + p=c->data; + sw=c->num>>2; + sc=c->num&0x03; + + if ((c->num+len) >= HASH_CBLOCK) + { + l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l; + for (; swnum); + c->num=0; + /* drop through and do the rest */ + } + else + { + c->num+=len; + if ((sc+len) < 4) /* ugly, add char's to a word */ + { + l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l; + } + else + { + ew=(c->num>>2); + ec=(c->num&0x03); + if (sc) + l=p[sw]; + HOST_p_c2l(data,l,sc); + p[sw++]=l; + for (; sw < ew; sw++) + { + HOST_c2l(data,l); p[sw]=l; + } + if (ec) + { + HOST_c2l_p(data,l,ec); p[sw]=l; + } + } + return 1; + } + } + + sw=len/HASH_CBLOCK; + if (sw > 0) + { +#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) + /* + * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined + * only if sizeof(HASH_LONG)==4. + */ + if ((((unsigned long)data)%4) == 0) + { + /* data is properly aligned so that we can cast it: */ + HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw); + sw*=HASH_CBLOCK; + data+=sw; + len-=sw; + } + else +#if !defined(HASH_BLOCK_DATA_ORDER) + while (sw--) + { + memcpy (p=c->data,data,HASH_CBLOCK); + HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1); + data+=HASH_CBLOCK; + len-=HASH_CBLOCK; + } +#endif +#endif +#if defined(HASH_BLOCK_DATA_ORDER) + { + HASH_BLOCK_DATA_ORDER(c,data,sw); + sw*=HASH_CBLOCK; + data+=sw; + len-=sw; + } +#endif + } + + if (len!=0) + { + p = c->data; + c->num = len; + ew=len>>2; /* words to copy */ + ec=len&0x03; + for (; ew; ew--,p++) + { + HOST_c2l(data,l); *p=l; + } + HOST_c2l_p(data,l,ec); + *p=l; + } + return 1; + } + + +void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data) + { +#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) + if ((((unsigned long)data)%4) == 0) + /* data is properly aligned so that we can cast it: */ + HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1); + else +#if !defined(HASH_BLOCK_DATA_ORDER) + { + memcpy (c->data,data,HASH_CBLOCK); + HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1); + } +#endif +#endif +#if defined(HASH_BLOCK_DATA_ORDER) + HASH_BLOCK_DATA_ORDER (c,data,1); +#endif + } + + +int HASH_FINAL (unsigned char *md, HASH_CTX *c) + { + register HASH_LONG *p; + register unsigned long l; + register int i,j; + static const unsigned char end[4]={0x80,0x00,0x00,0x00}; + const unsigned char *cp=end; + + /* c->num should definitly have room for at least one more byte. */ + p=c->data; + i=c->num>>2; + j=c->num&0x03; + +#if 0 + /* purify often complains about the following line as an + * Uninitialized Memory Read. While this can be true, the + * following p_c2l macro will reset l when that case is true. + * This is because j&0x03 contains the number of 'valid' bytes + * already in p[i]. If and only if j&0x03 == 0, the UMR will + * occur but this is also the only time p_c2l will do + * l= *(cp++) instead of l|= *(cp++) + * Many thanks to Alex Tang for pickup this + * 'potential bug' */ +#ifdef PURIFY + if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */ +#endif + l=p[i]; +#else + l = (j==0) ? 0 : p[i]; +#endif + HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */ + + if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */ + { + if (iNh; + p[HASH_LBLOCK-1]=c->Nl; +#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) + p[HASH_LBLOCK-2]=c->Nl; + p[HASH_LBLOCK-1]=c->Nh; +#endif + HASH_BLOCK_HOST_ORDER (c,p,1); + +#ifndef HASH_MAKE_STRING +#error "HASH_MAKE_STRING must be defined!" +#else + HASH_MAKE_STRING(c,md); +#endif + + c->num=0; + /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack + * but I'm not worried :-) + OPENSSL_cleanse((void *)c,sizeof(HASH_CTX)); + */ + return 1; + } + +#ifndef MD32_REG_T +#define MD32_REG_T long +/* + * This comment was originaly written for MD5, which is why it + * discusses A-D. But it basically applies to all 32-bit digests, + * which is why it was moved to common header file. + * + * In case you wonder why A-D are declared as long and not + * as MD5_LONG. Doing so results in slight performance + * boost on LP64 architectures. The catch is we don't + * really care if 32 MSBs of a 64-bit register get polluted + * with eventual overflows as we *save* only 32 LSBs in + * *either* case. Now declaring 'em long excuses the compiler + * from keeping 32 MSBs zeroed resulting in 13% performance + * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. + * Well, to be honest it should say that this *prevents* + * performance degradation. + * + * Apparently there're LP64 compilers that generate better + * code if A-D are declared int. Most notably GCC-x86_64 + * generates better code. + * + */ +#endif diff --git a/fips/sha1/fips_sha1dgst.c b/fips/sha1/fips_sha1dgst.c new file mode 100644 index 0000000000..86543bdc32 --- /dev/null +++ b/fips/sha1/fips_sha1dgst.c @@ -0,0 +1,76 @@ +/* crypto/sha/sha1dgst.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) + +#undef SHA_0 +#define SHA_1 + +#include + +#ifdef FIPS +const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT; + +/* The implementation is in fips_md32_common.h */ + +#include "fips_sha_locl.h" + +#endif /* def FIPS */ + +#endif + diff --git a/fips/sha1/fips_sha1test.c b/fips/sha1/fips_sha1test.c new file mode 100644 index 0000000000..80977cfc23 --- /dev/null +++ b/fips/sha1/fips_sha1test.c @@ -0,0 +1,128 @@ +#include +#include +#include +#include +#include +#include + +#define MAX_TEST_BITS 103432 + +static void dump(const unsigned char *b,int n) + { + while(n-- > 0) + printf("%02X",*b++); + } + +static void bitfill(unsigned char *buf,int bit,int b,int n) + { + for( ; n > 0 ; --n,++bit) + { + assert(bit < MAX_TEST_BITS); + buf[bit/8]|=b << (7-bit%8); + } + } + +void montecarlo(unsigned char *seed,int n) + { + int i,j; + unsigned char m[10240]; + + memcpy(m,seed,n); + for(j=0 ; j < 100 ; ++j) + { + for(i=1 ; i <= 50000 ; ++i) + { + memset(m+n,'\0',j/4+3); + n+=j/4+3; + m[n++]=i >> 24; + m[n++]=i >> 16; + m[n++]=i >> 8; + m[n++]=i; +/* putchar(' '); */ +/* dump(m,bit/8); */ +/* putchar('\n'); */ + SHA1(m,n,m); + n=20; + } + dump(m,20); + puts(" ^"); + } + } + +int main(int argc,char **argv) + { + FILE *fp; + int phase; + + if(argc != 2) + { + fprintf(stderr,"%s \n",argv[0]); + exit(1); + } + + fp=fopen(argv[1],"r"); + if(!fp) + { + perror(argv[1]); + exit(2); + } + + for(phase=0 ; ; ) + { + unsigned char buf[MAX_TEST_BITS/8]; + unsigned char md[20]; + char line[10240]; + int n,t,b,bit; + char *p; + + fgets(line,1024,fp); + if(feof(fp)) + break; + n=strlen(line); + line[n-1]='\0'; + if(!strcmp(line,"D>")) + ++phase; + + if(!isdigit(line[0])) + { + puts(line); + continue; + } + for( ; ; ) + { + assert(n > 1); + if(line[n-2] == '^') + break; + fgets(line+n-1,sizeof(line)-n+1,fp); + n=strlen(line); + // printf("line=%s\n",line); + assert(!feof(fp)); + } + + p=strtok(line," "); + t=atoi(p); + p=strtok(NULL," "); + b=atoi(p); + memset(buf,'\0',sizeof buf); + for(bit=0,p=strtok(NULL," ") ; p && *p != '^' ; p=strtok(NULL," ")) + { + assert(t-- > 0); + bitfill(buf,bit,b,atoi(p)); + bit+=atoi(p); + b=1-b; + } + assert(t == 0); + assert((bit%8) == 0); + // dump(buf,bit/8); + // putchar('\n'); + if(phase < 3) + { + SHA1(buf,bit/8,md); + dump(md,20); + puts(" ^"); + } + else + montecarlo(buf,bit/8); + } + return 0; + } diff --git a/fips/sha1/fips_sha_locl.h b/fips/sha1/fips_sha_locl.h new file mode 100644 index 0000000000..72bb8f9638 --- /dev/null +++ b/fips/sha1/fips_sha_locl.h @@ -0,0 +1,472 @@ +/* crypto/sha/sha_locl.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include + +#include +#include + +#ifndef SHA_LONG_LOG2 +#define SHA_LONG_LOG2 2 /* default to 32 bits */ +#endif + +#define DATA_ORDER_IS_BIG_ENDIAN + +#define HASH_LONG SHA_LONG +#define HASH_LONG_LOG2 SHA_LONG_LOG2 +#define HASH_CTX SHA_CTX +#define HASH_CBLOCK SHA_CBLOCK +#define HASH_LBLOCK SHA_LBLOCK +#define HASH_MAKE_STRING(c,s) do { \ + unsigned long ll; \ + ll=(c)->h0; HOST_l2c(ll,(s)); \ + ll=(c)->h1; HOST_l2c(ll,(s)); \ + ll=(c)->h2; HOST_l2c(ll,(s)); \ + ll=(c)->h3; HOST_l2c(ll,(s)); \ + ll=(c)->h4; HOST_l2c(ll,(s)); \ + } while (0) + +#if defined(SHA_0) + +# define HASH_UPDATE SHA_Update +# define HASH_TRANSFORM SHA_Transform +# define HASH_FINAL SHA_Final +# define HASH_INIT SHA_Init +# define HASH_BLOCK_HOST_ORDER sha_block_host_order +# define HASH_BLOCK_DATA_ORDER sha_block_data_order +# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) + + void sha_block_host_order (SHA_CTX *c, const void *p,int num); + void sha_block_data_order (SHA_CTX *c, const void *p,int num); + +#elif defined(SHA_1) + +# define HASH_UPDATE SHA1_Update +# define HASH_TRANSFORM SHA1_Transform +# define HASH_FINAL SHA1_Final +# define HASH_INIT SHA1_Init +# define HASH_BLOCK_HOST_ORDER sha1_block_host_order +# define HASH_BLOCK_DATA_ORDER sha1_block_data_order +# if defined(__MWERKS__) && defined(__MC68K__) + /* Metrowerks for Motorola fails otherwise:-( */ +# define Xupdate(a,ix,ia,ib,ic,id) do { (a)=(ia^ib^ic^id); \ + ix=(a)=ROTATE((a),1); \ + } while (0) +# else +# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ + ix=(a)=ROTATE((a),1) \ + ) +# endif + +# ifdef SHA1_ASM +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) +# define sha1_block_host_order sha1_block_asm_host_order +# define DONT_IMPLEMENT_BLOCK_HOST_ORDER +# define sha1_block_data_order sha1_block_asm_data_order +# define DONT_IMPLEMENT_BLOCK_DATA_ORDER +# define HASH_BLOCK_DATA_ORDER_ALIGNED sha1_block_asm_data_order +# endif +# endif + void sha1_block_host_order (SHA_CTX *c, const void *p,int num); + void sha1_block_data_order (SHA_CTX *c, const void *p,int num); + +#else +# error "Either SHA_0 or SHA_1 must be defined." +#endif + +#include "fips_md32_common.h" + +#define INIT_DATA_h0 0x67452301UL +#define INIT_DATA_h1 0xefcdab89UL +#define INIT_DATA_h2 0x98badcfeUL +#define INIT_DATA_h3 0x10325476UL +#define INIT_DATA_h4 0xc3d2e1f0UL + +int HASH_INIT (SHA_CTX *c) + { + c->h0=INIT_DATA_h0; + c->h1=INIT_DATA_h1; + c->h2=INIT_DATA_h2; + c->h3=INIT_DATA_h3; + c->h4=INIT_DATA_h4; + c->Nl=0; + c->Nh=0; + c->num=0; + return 1; + } + +#define K_00_19 0x5a827999UL +#define K_20_39 0x6ed9eba1UL +#define K_40_59 0x8f1bbcdcUL +#define K_60_79 0xca62c1d6UL + +/* As pointed out by Wei Dai , F() below can be + * simplified to the code in F_00_19. Wei attributes these optimisations + * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. + * #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) + * I've just become aware of another tweak to be made, again from Wei Dai, + * in F_40_59, (x&a)|(y&a) -> (x|y)&a + */ +#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) +#define F_20_39(b,c,d) ((b) ^ (c) ^ (d)) +#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) +#define F_60_79(b,c,d) F_20_39(b,c,d) + +#define BODY_00_15(i,a,b,c,d,e,f,xi) \ + (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ + (b)=ROTATE((b),30); + +#define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ + Xupdate(f,xi,xa,xb,xc,xd); \ + (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ + (b)=ROTATE((b),30); + +#define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ + Xupdate(f,xi,xa,xb,xc,xd); \ + (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ + (b)=ROTATE((b),30); + +#define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \ + Xupdate(f,xa,xa,xb,xc,xd); \ + (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ + (b)=ROTATE((b),30); + +#define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \ + Xupdate(f,xa,xa,xb,xc,xd); \ + (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \ + (b)=ROTATE((b),30); + +#define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \ + Xupdate(f,xa,xa,xb,xc,xd); \ + (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \ + (b)=ROTATE((b),30); + +#ifdef X +#undef X +#endif +#ifndef MD32_XARRAY + /* + * Originally X was an array. As it's automatic it's natural + * to expect RISC compiler to accomodate at least part of it in + * the register bank, isn't it? Unfortunately not all compilers + * "find" this expectation reasonable:-( On order to make such + * compilers generate better code I replace X[] with a bunch of + * X0, X1, etc. See the function body below... + * + */ +# define X(i) XX##i +#else + /* + * However! Some compilers (most notably HP C) get overwhelmed by + * that many local variables so that we have to have the way to + * fall down to the original behavior. + */ +# define X(i) XX[i] +#endif + +#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER +void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num) + { + const SHA_LONG *W=d; + register unsigned MD32_REG_T A,B,C,D,E,T; +#ifndef MD32_XARRAY + unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, + XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; +#else + SHA_LONG XX[16]; +#endif + + A=c->h0; + B=c->h1; + C=c->h2; + D=c->h3; + E=c->h4; + + for (;;) + { + BODY_00_15( 0,A,B,C,D,E,T,W[ 0]); + BODY_00_15( 1,T,A,B,C,D,E,W[ 1]); + BODY_00_15( 2,E,T,A,B,C,D,W[ 2]); + BODY_00_15( 3,D,E,T,A,B,C,W[ 3]); + BODY_00_15( 4,C,D,E,T,A,B,W[ 4]); + BODY_00_15( 5,B,C,D,E,T,A,W[ 5]); + BODY_00_15( 6,A,B,C,D,E,T,W[ 6]); + BODY_00_15( 7,T,A,B,C,D,E,W[ 7]); + BODY_00_15( 8,E,T,A,B,C,D,W[ 8]); + BODY_00_15( 9,D,E,T,A,B,C,W[ 9]); + BODY_00_15(10,C,D,E,T,A,B,W[10]); + BODY_00_15(11,B,C,D,E,T,A,W[11]); + BODY_00_15(12,A,B,C,D,E,T,W[12]); + BODY_00_15(13,T,A,B,C,D,E,W[13]); + BODY_00_15(14,E,T,A,B,C,D,W[14]); + BODY_00_15(15,D,E,T,A,B,C,W[15]); + + BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]); + BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]); + BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]); + BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0)); + + BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1)); + BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2)); + BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3)); + BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4)); + BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5)); + BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6)); + BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7)); + BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8)); + BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9)); + BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10)); + BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11)); + BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12)); + + BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13)); + BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14)); + BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15)); + BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0)); + BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1)); + BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2)); + BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3)); + BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4)); + + BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5)); + BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6)); + BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7)); + BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8)); + BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9)); + BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10)); + BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11)); + BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12)); + BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13)); + BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14)); + BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15)); + BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0)); + BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1)); + BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2)); + BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3)); + BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4)); + BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5)); + BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6)); + BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7)); + BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8)); + + BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9)); + BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10)); + BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11)); + BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12)); + BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13)); + BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14)); + BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15)); + BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0)); + BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1)); + BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2)); + BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3)); + BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4)); + BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5)); + BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6)); + BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7)); + BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8)); + BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9)); + BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10)); + BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11)); + BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12)); + + c->h0=(c->h0+E)&0xffffffffL; + c->h1=(c->h1+T)&0xffffffffL; + c->h2=(c->h2+A)&0xffffffffL; + c->h3=(c->h3+B)&0xffffffffL; + c->h4=(c->h4+C)&0xffffffffL; + + if (--num <= 0) break; + + A=c->h0; + B=c->h1; + C=c->h2; + D=c->h3; + E=c->h4; + + W+=SHA_LBLOCK; + } + } +#endif + +#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER +void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num) + { + const unsigned char *data=p; + register unsigned MD32_REG_T A,B,C,D,E,T,l; +#ifndef MD32_XARRAY + unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, + XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; +#else + SHA_LONG XX[16]; +#endif + + A=c->h0; + B=c->h1; + C=c->h2; + D=c->h3; + E=c->h4; + + for (;;) + { + + HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; + BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l; + BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l; + BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l; + BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l; + BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l; + BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l; + BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l; + BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l; + BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l; + BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l; + BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l; + BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l; + BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l; + BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l; + BODY_00_15(14,E,T,A,B,C,D,X(14)); + BODY_00_15(15,D,E,T,A,B,C,X(15)); + + BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13)); + BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14)); + BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15)); + BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0)); + + BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1)); + BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2)); + BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3)); + BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4)); + BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5)); + BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6)); + BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7)); + BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8)); + BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9)); + BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10)); + BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11)); + BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12)); + + BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13)); + BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14)); + BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15)); + BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0)); + BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1)); + BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2)); + BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3)); + BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4)); + + BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5)); + BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6)); + BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7)); + BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8)); + BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9)); + BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10)); + BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11)); + BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12)); + BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13)); + BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14)); + BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15)); + BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0)); + BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1)); + BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2)); + BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3)); + BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4)); + BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5)); + BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6)); + BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7)); + BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8)); + + BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9)); + BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10)); + BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11)); + BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12)); + BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13)); + BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14)); + BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15)); + BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0)); + BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1)); + BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2)); + BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3)); + BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4)); + BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5)); + BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6)); + BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7)); + BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8)); + BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9)); + BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10)); + BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11)); + BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12)); + + c->h0=(c->h0+E)&0xffffffffL; + c->h1=(c->h1+T)&0xffffffffL; + c->h2=(c->h2+A)&0xffffffffL; + c->h3=(c->h3+B)&0xffffffffL; + c->h4=(c->h4+C)&0xffffffffL; + + if (--num <= 0) break; + + A=c->h0; + B=c->h1; + C=c->h2; + D=c->h3; + E=c->h4; + + } + } +#endif diff --git a/fips/sha1/fips_standalone_sha1.c b/fips/sha1/fips_standalone_sha1.c new file mode 100644 index 0000000000..81a5d02431 --- /dev/null +++ b/fips/sha1/fips_standalone_sha1.c @@ -0,0 +1,101 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include +#include + +int main(int argc,char **argv) + { + int n; + + if(argc < 2) + { + fprintf(stderr,"%s []+\n",argv[0]); + exit(1); + } + + for(n=1 ; n < argc ; ++n) + { + FILE *f=fopen(argv[n],"rb"); + SHA_CTX sha; + unsigned char md[20]; + int i; + + if(!f) + { + perror(argv[n]); + exit(2); + } + + SHA1_Init(&sha); + for( ; ; ) + { + char buf[1024]; + int l=fread(buf,1,sizeof buf,f); + + if(l == 0) + { + if(ferror(f)) + { + perror(argv[n]); + exit(3); + } + else + break; + } + SHA1_Update(&sha,buf,l); + } + SHA1_Final(md,&sha); + printf("SHA1(%s)= ",argv[n]); + for(i=0 ; i < 20 ; ++i) + printf("%02x",md[i]); + printf("\n"); + } + return 0; + } diff --git a/fips/sha1/standalone.sha1 b/fips/sha1/standalone.sha1 new file mode 100644 index 0000000000..47e6eea9d0 --- /dev/null +++ b/fips/sha1/standalone.sha1 @@ -0,0 +1,4 @@ +SHA1(fips_standalone_sha1.c)= b6c1f9f1ea9a231c0520460ee1e009f721fbc121 +SHA1(fips_sha1dgst.c)= 5b541eae6c5dc9caad9ad4fb90cb840ff48b5904 +SHA1(fips_sha_locl.h)= 677427c495b571991f013939ea7e5dea87828f8c +SHA1(fips_md32_common.h)= 4f41bcde24750b3b8c99a06bcba2fe06ff8db4d0 diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 5a497a5e65..41e8acde9c 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -40,6 +40,7 @@ EXPTEST= exptest IDEATEST= ideatest SHATEST= shatest SHA1TEST= sha1test +FIPS_SHA1TEST= fips_sha1test MDC2TEST= mdc2test RMDTEST= rmdtest MD2TEST= md2test @@ -53,39 +54,42 @@ BFTEST= bftest CASTTEST= casttest DESTEST= destest RANDTEST= randtest +FIPS_RANDTEST= fips_randtest DHTEST= dhtest DSATEST= dsatest +FIPS_DSATEST= fips_dsatest METHTEST= methtest SSLTEST= ssltest RSATEST= rsa_test ENGINETEST= enginetest EVPTEST= evp_test +FIPS_AESTEST= fips_aesavs TESTS= alltests EXE= $(BNTEST) $(ECTEST) $(IDEATEST) $(MD2TEST) $(MD4TEST) $(MD5TEST) $(HMACTEST) \ $(RC2TEST) $(RC4TEST) $(RC5TEST) \ - $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \ - $(RANDTEST) $(DHTEST) $(ENGINETEST) \ - $(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(RSATEST) \ - $(EVPTEST) + $(DESTEST) $(SHATEST) $(SHA1TEST) $(FIPS_SHA1TEST) $(MDC2TEST) $(RMDTEST) \ + $(RANDTEST) $(FIPS_RANDTEST) $(DHTEST) $(ENGINETEST) \ + $(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(FIPS_DSATEST) $(RSATEST) \ + $(EVPTEST) $(FIPS_AESTEST) # $(METHTEST) OBJ= $(BNTEST).o $(ECTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \ $(HMACTEST).o \ $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \ - $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \ - $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ - $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ - $(EVPTEST).o + $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(FIPS_SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \ + $(RANDTEST).o $(FIPS_RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ + $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(FIPS_DSATEST).o $(EXPTEST).o $(RSATEST).o \ + $(EVPTEST).o $(FIPS_AESTEST).o SRC= $(BNTEST).c $(ECTEST).c $(IDEATEST).c $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ $(HMACTEST).c \ $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \ - $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ - $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ - $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ - $(EVPTEST).c + $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(FIPS_SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ + $(RANDTEST).c $(FIPS_RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ + $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(FIPS_DSATEST).c $(EXPTEST).c $(RSATEST).c \ + $(EVPTEST).c $(FIPS_AESTEST).c EXHEADER= HEADER= $(EXHEADER) @@ -135,7 +139,12 @@ alltests: \ test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \ test_rand test_bn test_ec test_enc test_x509 test_rsa test_crl test_sid \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ - test_ss test_ca test_engine test_evp test_ssl + test_ss test_ca test_engine test_evp test_ssl fips_test_aes + +fips_test_aes: + -mkdir rsp + -mkdir rsp/fips_aes_data + $(SET_SO_PATHS); ./$(FIPS_AESTEST) -d fips_aes_data/list test_evp: $(SET_SO_PATHS); ./$(EVPTEST) evptests.txt @@ -149,6 +158,7 @@ test_idea: test_sha: $(SET_SO_PATHS); ./$(SHATEST) $(SET_SO_PATHS); ./$(SHA1TEST) + $(SET_SO_PATHS); ./$(FIPS_SHA1TEST) sha1vectors.txt | sed s/Strings/Hashes/ | cmp sha1hashes.txt - test_mdc2: $(SET_SO_PATHS); ./$(MDC2TEST) @@ -185,6 +195,7 @@ test_rc5: test_rand: $(SET_SO_PATHS); ./$(RANDTEST) + $(SET_SO_PATHS); ./$(FIPS_RANDTEST) test_enc: @$(SET_SO_PATHS); sh ./testenc @@ -241,6 +252,8 @@ test_dsa: @echo "Generate a set of DSA parameters" $(SET_SO_PATHS); ./$(DSATEST) $(SET_SO_PATHS); ./$(DSATEST) -app2_1 + $(SET_SO_PATHS); ./$(FIPS_DSATEST) + $(SET_SO_PATHS); ./$(FIPS_DSATEST) -app2_1 test_gen: @echo "Generate and verify a certificate request" @@ -289,6 +302,13 @@ $(DLIBSSL): $(DLIBCRYPTO): (cd ..; $(MAKE) DIRS=crypto all) +$(FIPS_AESTEST): $(FIPS_AESTEST).o $(DLIBCRYPTO) + if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + $(CC) -o $(FIPS_AESTEST) $(CFLAGS) $(FIPS_AESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + else \ + $(CC) -o $(FIPS_AESTEST) $(CFLAGS) $(FIPS_AESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ + fi + $(RSATEST): $(RSATEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ @@ -353,6 +373,13 @@ $(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO) $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ fi +$(FIPS_SHA1TEST): $(FIPS_SHA1TEST).o $(DLIBCRYPTO) + if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + $(CC) -o $(FIPS_SHA1TEST) $(CFLAGS) $(FIPS_SHA1TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + else \ + $(CC) -o $(FIPS_SHA1TEST) $(CFLAGS) $(FIPS_SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ + fi + $(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ @@ -449,6 +476,13 @@ $(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO) $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ fi +$(FIPS_RANDTEST): $(FIPS_RANDTEST).o $(DLIBCRYPTO) + if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + $(CC) -o $(FIPS_RANDTEST) $(CFLAGS) $(FIPS_RANDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + else \ + $(CC) -o $(FIPS_RANDTEST) $(CFLAGS) $(FIPS_RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ + fi + $(DHTEST): $(DHTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ @@ -465,6 +499,13 @@ $(DSATEST): $(DSATEST).o $(DLIBCRYPTO) $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ fi +$(FIPS_DSATEST): $(FIPS_DSATEST).o $(DLIBCRYPTO) + if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ + $(CC) -o $(FIPS_DSATEST) $(CFLAGS) $(FIPS_DSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ + else \ + $(CC) -o $(FIPS_DSATEST) $(CFLAGS) $(FIPS_DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ + fi + $(METHTEST): $(METHTEST).o $(DLIBCRYPTO) if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ @@ -603,6 +644,33 @@ exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h exptest.o: ../include/openssl/symhacks.h exptest.c +fips_aesavs.o: ../include/openssl/aes.h ../include/openssl/asn1.h +fips_aesavs.o: ../include/openssl/bio.h ../include/openssl/blowfish.h +fips_aesavs.o: ../include/openssl/bn.h ../include/openssl/cast.h +fips_aesavs.o: ../include/openssl/crypto.h ../include/openssl/des.h +fips_aesavs.o: ../include/openssl/des_old.h ../include/openssl/dh.h +fips_aesavs.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +fips_aesavs.o: ../include/openssl/err.h ../include/openssl/evp.h +fips_aesavs.o: ../include/openssl/fips.h ../include/openssl/idea.h +fips_aesavs.o: ../include/openssl/lhash.h ../include/openssl/md2.h +fips_aesavs.o: ../include/openssl/md4.h ../include/openssl/md5.h +fips_aesavs.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h +fips_aesavs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +fips_aesavs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +fips_aesavs.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +fips_aesavs.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h +fips_aesavs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +fips_aesavs.o: ../include/openssl/sha.h ../include/openssl/stack.h +fips_aesavs.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +fips_aesavs.o: ../include/openssl/ui_compat.h fips_aesavs.c +fips_randtest.o: ../e_os.h ../include/openssl/crypto.h ../include/openssl/des.h +fips_randtest.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h +fips_randtest.o: ../include/openssl/fips_rand.h +fips_randtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +fips_randtest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +fips_randtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h +fips_randtest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +fips_randtest.o: ../include/openssl/ui_compat.h fips_randtest.c hmactest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h hmactest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h hmactest.o: ../include/openssl/bn.h ../include/openssl/cast.h diff --git a/util/mkerr.pl b/util/mkerr.pl index 1b2915c767..e3215e27a3 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -41,7 +41,8 @@ while (@ARGV) { } if($recurse) { - @source = (, , ); + @source = (, , , , + ); } else { @source = @ARGV; } -- 2.25.1