diff options
authorDimitri John Ledkov <>2016-02-05 04:51:42 +0000
committerDimitri John Ledkov <>2016-02-05 04:51:42 +0000
commit41e999418821f524301f552890088bd274f7316c (patch)
Initial release to Debian. Closes: #813765.debian/2.5.0-1
* Initial release to Debian. Closes: #813765. * Git format patches * Add debian/watch file * Include soname in the libica2 install globs * Initial release
114 files changed, 28864 insertions, 0 deletions
diff --git a/AUTHORS b/AUTHORS
new file mode 100644
index 0000000..508b48e
--- /dev/null
@@ -0,0 +1,5 @@
+Holger Dengler <>
+Rainer Wolafka <>
+Ruben Straus <>
+Felix Beck <>
+Christian Maaser <>
diff --git a/COPYING b/COPYING
new file mode 100644
index 0000000..c49429d
--- /dev/null
@@ -0,0 +1,242 @@
+ Common Public License - V1.0
+ "Contribution" means:
+ 1. in the case of the initial Contributor, the initial code and
+ documentation distributed under this Agreement, and
+ 2. in the case of each subsequent Contributor:
+ 1. changes to the Program, and
+ 2. additions to the Program;
+ where such changes and/or additions to the Program originate
+ from and are distributed by that particular Contributor. A
+ Contribution 'originates' from a Contributor if it was added to
+ the Program by such Contributor itself or anyone acting on such
+ Contributor's behalf. Contributions do not include additions to
+ the Program which: (i) are separate modules of software
+ distributed in conjunction with the Program under their own
+ license agreement, and (ii) are not derivative works of the
+ Program.
+ "Contributor" means any person or entity that distributes the Program.
+ "Licensed Patents " mean patent claims licensable by a Contributor
+ which are necessarily infringed by the use or sale of its Contribution
+ alone or when combined with the Program.
+ "Program" means the Contributions distributed in accordance with this
+ Agreement.
+ "Recipient" means anyone who receives the Program under this Agreement,
+ including all Contributors.
+ 1. Subject to the terms of this Agreement, each Contributor
+ hereby grants Recipient a non-exclusive, worldwide,
+ royalty-free copyright license to reproduce, prepare derivative
+ works of, publicly display, publicly perform, distribute and
+ sublicense the Contribution of such Contributor, if any, and
+ such derivative works, in source code and object code form.
+ 2. Subject to the terms of this Agreement, each Contributor
+ hereby grants Recipient a non-exclusive, worldwide,
+ royalty-free patent license under Licensed Patents to make,
+ use, sell, offer to sell, import and otherwise transfer the
+ Contribution of such Contributor, if any, in source code and
+ object code form. This patent license shall apply to the
+ combination of the Contribution and the Program if, at the time
+ the Contribution is added by the Contributor, such addition of
+ the Contribution causes such combination to be covered by the
+ Licensed Patents. The patent license shall not apply to any
+ other combinations which include the Contribution. No hardware
+ per se is licensed hereunder.
+ 3. Recipient understands that although each Contributor grants
+ the licenses to its Contributions set forth herein, no
+ assurances are provided by any Contributor that the Program
+ does not infringe the patent or other intellectual property
+ rights of any other entity. Each Contributor disclaims any
+ liability to Recipient for claims brought by any other entity
+ based on infringement of intellectual property rights or
+ otherwise. As a condition to exercising the rights and licenses
+ granted hereunder, each Recipient hereby assumes sole
+ responsibility to secure any other intellectual property rights
+ needed, if any. For example, if a third party patent license is
+ required to allow Recipient to distribute the Program, it is
+ Recipient's responsibility to acquire that license before
+ distributing the Program.
+ 4. Each Contributor represents that to its knowledge it has
+ sufficient copyright rights in its Contribution, if any, to
+ grant the copyright license set forth in this Agreement.
+ A Contributor may choose to distribute the Program in object code form
+ under its own license agreement, provided that:
+ 1. it complies with the terms and conditions of this Agreement;
+ and
+ 2. its license agreement:
+ 1. effectively disclaims on behalf of all Contributors
+ all warranties and conditions, express and implied,
+ including warranties or conditions of title and
+ non-infringement, and implied warranties or conditions
+ of merchantability and fitness for a particular purpose;
+ 2. effectively excludes on behalf of all Contributors
+ all liability for damages, including direct, indirect,
+ special, incidental and consequential damages, such as
+ lost profits;
+ 3. states that any provisions which differ from this
+ Agreement are offered by that Contributor alone and not
+ by any other party; and
+ 4. states that source code for the Program is available
+ from such Contributor, and informs licensees how to
+ obtain it in a reasonable manner on or through a medium
+ customarily used for software exchange.
+ When the Program is made available in source code form:
+ 1. it must be made available under this Agreement; and
+ 2. a copy of this Agreement must be included with each
+ copy of the Program.
+ Contributors may not remove or alter any copyright notices
+ contained within the Program.
+ Each Contributor must identify itself as the originator of its
+ Contribution, if any, in a manner that reasonably allows
+ subsequent Recipients to identify the originator of the
+ Contribution.
+ Commercial distributors of software may accept certain responsibilities
+ with respect to end users, business partners and the like. While this
+ license is intended to facilitate the commercial use of the Program,
+ the Contributor who includes the Program in a commercial product
+ offering should do so in a manner which does not create potential
+ liability for other Contributors. Therefore, if a Contributor includes
+ the Program in a commercial product offering, such Contributor
+ ("Commercial Contributor") hereby agrees to defend and indemnify every
+ other Contributor ("Indemnified Contributor") against any losses,
+ damages and costs (collectively "Losses") arising from claims, lawsuits
+ and other legal actions brought by a third party against the
+ Indemnified Contributor to the extent caused by the acts or omissions
+ of such Commercial Contributor in connection with its distribution of
+ the Program in a commercial product offering. The obligations in this
+ section do not apply to any claims or Losses relating to any actual or
+ alleged intellectual property infringement. In order to qualify, an
+ Indemnified Contributor must: a) promptly notify the Commercial
+ Contributor in writing of such claim, and b) allow the Commercial
+ Contributor to control, and cooperate with the Commercial Contributor
+ in, the defense and any related settlement negotiations. The
+ Indemnified Contributor may participate in any such claim at its own
+ expense.
+ For example, a Contributor might include the Program in a commercial
+ product offering, Product X. That Contributor is then a Commercial
+ Contributor. If that Commercial Contributor then makes performance
+ claims, or offers warranties related to Product X, those performance
+ claims and warranties are such Commercial Contributor's responsibility
+ alone. Under this section, the Commercial Contributor would have to
+ defend claims against the other Contributors related to those
+ performance claims and warranties, and if a court requires any other
+ Contributor to pay any damages as a result, the Commercial Contributor
+ must pay those damages.
+ FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely responsible
+ for determining the appropriateness of using and distributing the
+ Program and assumes all risks associated with its exercise of rights
+ under this Agreement, including but not limited to the risks and costs
+ of program errors, compliance with applicable laws, damage to or loss
+ of data, programs or equipment, and unavailability or interruption of
+ operations.
+ If any provision of this Agreement is invalid or unenforceable under
+ applicable law, it shall not affect the validity or enforceability of
+ the remainder of the terms of this Agreement, and without further
+ action by the parties hereto, such provision shall be reformed to the
+ minimum extent necessary to make such provision valid and enforceable.
+ If Recipient institutes patent litigation against a Contributor with
+ respect to a patent applicable to software (including a cross-claim or
+ counterclaim in a lawsuit), then any patent licenses granted by that
+ Contributor to such Recipient under this Agreement shall terminate as
+ of the date such litigation is filed. In addition, if Recipient
+ institutes patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Program
+ itself (excluding combinations of the Program with other software or
+ hardware) infringes such Recipient's patent(s), then such Recipient's
+ rights granted under Section 2(b) shall terminate as of the date such
+ litigation is filed.
+ All Recipient's rights under this Agreement shall terminate if it fails
+ to comply with any of the material terms or conditions of this
+ Agreement and does not cure such failure in a reasonable period of time
+ after becoming aware of such noncompliance. If all Recipient's rights
+ under this Agreement terminate, Recipient agrees to cease use and
+ distribution of the Program as soon as reasonably practicable. However,
+ Recipient's obligations under this Agreement and any licenses granted
+ by Recipient relating to the Program shall continue and survive.
+ Everyone is permitted to copy and distribute copies of this Agreement,
+ but in order to avoid inconsistency the Agreement is copyrighted and
+ may only be modified in the following manner. The Agreement Steward
+ reserves the right to publish new versions (including revisions) of
+ this Agreement from time to time. No one other than the Agreement
+ Steward has the right to modify this Agreement. IBM is the initial
+ Agreement Steward. IBM may assign the responsibility to serve as the
+ Agreement Steward to a suitable separate entity. Each new version of
+ the Agreement will be given a distinguishing version number. The
+ Program (including Contributions) may always be distributed subject to
+ the version of the Agreement under which it was received. In addition,
+ after a new version of the Agreement is published, Contributor may
+ elect to distribute the Program (including its Contributions) under the
+ new version. Except as expressly stated in Sections 2(a) and 2(b)
+ above, Recipient receives no rights or licenses to the intellectual
+ property of any Contributor under this Agreement, whether expressly, by
+ implication, estoppel or otherwise. All rights in the Program not
+ expressly granted under this Agreement are reserved.
+ This Agreement is governed by the laws of the State of New York and the
+ intellectual property laws of the United States of America. No party to
+ this Agreement will bring a legal action under this Agreement more than
+ one year after the cause of action arose. Each party waives its rights
+ to a jury trial in any resulting litigation.
diff --git a/ChangeLog b/ChangeLog
new file mode 100644
index 0000000..dbe8357
--- /dev/null
+++ b/ChangeLog
@@ -0,0 +1,60 @@
+ - [FEATURE] Added streaming support for Galois Counter Mode (AES-GCM)
+ - [FEATURE] Allow RSA Key generation for any granularity (57..4096 bits)
+ - [FEATURE] New RSA CRT Key check API (Convertion of non-compliant keys)
+ - [PATCH] Replaced deprecated RSA_key_generate function
+ - [PATCH] Fixed accounting for GCM, CCM and CMAC. Added accounting for GHASH
+ - [PATCH] Improved configure script to automatically build test cases
+ - [UPDATE] Added SHA test cases. Improved and extended test suite
+ v2.4.0
+ Reworked the statistic measurement facility (icastats)
+ - Statistics are now collected independent from the process context
+ - Statistic data gathered per user
+ - User based statistic management (reset/delete/summerize)
+ Changes since Version 2.2.0:
+ - Introduced new API to recieve list of supported algorithms
+ Introduce support for more MSA4 extensions.
+ New symetric encryption modes:
+ - CBC-CS (DES, TDES, AES-[128|192|256])
+ - CMAC (DES, TDES, AES-[128|192|256])
+ - CCM (AES-[128|192|256])
+ - GCM (AES-[128|256])
+ Changes since Version 2.1.0:
+ - [PATCH] synchronize shared memory ref counting
+ - [PATCH] Fix result/error handling in testcase for ica_get_version()
+ - [PATCH] Fix temporary buffer allocation in ica_get_version()
+ - [UPDATE] Interface (API) description
+ - [PATCH] Fix commandline argument checking in RSA testcase
+ - [PATCH] Remove duplicate entry from target list
+- Introduce support for MSA4 extensions. New symmetric encryption modes:
+- New API calls:
+ - ica_get_version(...)
+Fix for tracker item 3202845.
+ Improve online help for icastats.
+Fix for performance improvement
+ Remove signal handler wrapping of crypto instructions.
+Fix for STCK buffer length
+ Correctly adjust the STCK buffer length in the PRNG based on whether
+ we are running in 31 or 64 bit.
+minor wording fix in icastats tool:
+ changed output wording from SHAxxx to SHA-xxx
+Bugfix for:
+ libica abends with illegal instuction when CPACF is disabled.
+Bug fixes in asm, stcke for 31 bit, and fixes in programming samples
+Add locking for shared memory segment, which is needed when icastats
+is linked dynamically against libica.
+Substitute software fallbacks with lowlevel OpenSSL function calls.
+Rewrite most of libica.
+Only Linux on System z code.
diff --git a/INSTALL b/INSTALL
new file mode 100644
index 0000000..bafe81b
--- /dev/null
@@ -0,0 +1,182 @@
+Basic Installation
+ The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation. It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions. Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, a file
+`config.cache' that saves the results of its tests to speed up
+reconfiguring, and a file `config.log' containing compiler output
+(useful mainly for debugging `configure').
+ If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release. If at some point `config.cache'
+contains results you don't want to keep, you may remove or edit it.
+ The file `' is used to create `configure' by a program
+called `autoconf'. You only need `' if you want to change
+it or regenerate `configure' using a newer version of `autoconf'.
+The simplest way to compile this package is:
+ 1. `cd' to the directory containing the package's source code and type
+ ./ This will prepare the initial environment like
+ the 'configure' script.
+ 2. Run `./configure' to configure the package for your system. If you're
+ using `csh' on an old version of System V, you might need to type
+ `sh ./configure' instead to prevent `csh' from trying to execute
+ `configure' itself.
+ Optionally, if you want to build the included test cases automatically
+ you can call the configure script with the '--enable-testcases' option.
+ `./configure --enable-testcases`. At compile time all test cases will
+ be build automatically.
+ Running `configure' takes awhile. While running, it prints some
+ messages telling which features it is checking for.
+ 3. Type `make' to compile the package.
+ 4. Type `make install' to install the programs and any data files and
+ documentation.
+ 5. Optionally, if you want to execute the integrated test suite located
+ in ./src/tests that come with the package, type `./`.
+ For silent mode (increased performance) use the 'silent' parameter.
+ (e.g. `./ silent`)
+ 6. You can remove the program binaries and object files from the
+ source code directory by typing `make clean'. To also remove the
+ files that `configure' created (so you can compile the package for
+ a different kind of computer), type `make distclean'. There is
+ also a `make maintainer-clean' target, but that is intended mainly
+ for the package's developers. If you use it, you may have to get
+ all sorts of other programs in order to regenerate files that came
+ with the distribution.
+NOTE: If you wish to build a 31-bit library on S390X, you will need to
+ pass the following to the ./configure in step 1:
+ --build=s390-unknown-linux-gnu
+Compilers and Options
+ Some systems require unusual options for compilation or linking that
+the `configure' script does not know about. You can give `configure'
+initial values for variables by setting them in the environment. Using
+a Bourne-compatible shell, you can do that on the command line like
+ CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
+Or on systems that have the `env' program, you can do it like this:
+ env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
+Compiling For Multiple Architectures
+ You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory. To do this, you must use a version of `make' that
+supports the `VPATH' variable, such as GNU `make'. `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script. `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+ If you have to use a `make' that does not supports the `VPATH'
+variable, you have to compile the package for one architecture at a time
+in the source code directory. After you have installed the package for
+one architecture, use `make distclean' before reconfiguring for another
+Installation Names
+ By default, `make install' will install in '/usr/lib/'
+and ica_api.h in '/usr/include/ica_api.h', except on 64-bit platforms where will be installed in '/usr/lib64/'
+ If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+Optional Features
+ Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System). The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+ For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+Specifying the System Type
+ There may be some features `configure' can not figure out
+automatically, but needs to determine by the type of host the package
+will run on. Usually `configure' can figure that out, but if it prints
+a message saying it can not guess the host type, give it the
+`--host=TYPE' option. TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name with three fields:
+See the file `config.sub' for the possible values of each field. If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the host type.
+ If you are building compiler tools for cross-compiling, you can also
+use the `--target=TYPE' option to select the type of system they will
+produce code for and the `--build=TYPE' option to select the type of
+system on which you are compiling the package.
+Sharing Defaults
+ If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/' if it exists, then
+`PREFIX/etc/' if it exists. Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+Operation Controls
+ `configure' recognizes the following options to control how it
+ Use and save the results of the tests in FILE instead of
+ `./config.cache'. Set FILE to `/dev/null' to disable caching, for
+ debugging `configure'.
+ Print a summary of the options to `configure', and exit.
+ Do not print messages saying which checks are being made. To
+ suppress all normal output, redirect it to `/dev/null' (any error
+ messages will still be shown).
+ Look for the package's source code in directory DIR. Usually
+ `configure' can determine that directory automatically.
+ Print the version of Autoconf used to generate the `configure'
+ script, and exit.
+`configure' also accepts some other, not widely useful, options.
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..c49429d
--- /dev/null
@@ -0,0 +1,242 @@
+ Common Public License - V1.0
+ "Contribution" means:
+ 1. in the case of the initial Contributor, the initial code and
+ documentation distributed under this Agreement, and
+ 2. in the case of each subsequent Contributor:
+ 1. changes to the Program, and
+ 2. additions to the Program;
+ where such changes and/or additions to the Program originate
+ from and are distributed by that particular Contributor. A
+ Contribution 'originates' from a Contributor if it was added to
+ the Program by such Contributor itself or anyone acting on such
+ Contributor's behalf. Contributions do not include additions to
+ the Program which: (i) are separate modules of software
+ distributed in conjunction with the Program under their own
+ license agreement, and (ii) are not derivative works of the
+ Program.
+ "Contributor" means any person or entity that distributes the Program.
+ "Licensed Patents " mean patent claims licensable by a Contributor
+ which are necessarily infringed by the use or sale of its Contribution
+ alone or when combined with the Program.
+ "Program" means the Contributions distributed in accordance with this
+ Agreement.
+ "Recipient" means anyone who receives the Program under this Agreement,
+ including all Contributors.
+ 1. Subject to the terms of this Agreement, each Contributor
+ hereby grants Recipient a non-exclusive, worldwide,
+ royalty-free copyright license to reproduce, prepare derivative
+ works of, publicly display, publicly perform, distribute and
+ sublicense the Contribution of such Contributor, if any, and
+ such derivative works, in source code and object code form.
+ 2. Subject to the terms of this Agreement, each Contributor
+ hereby grants Recipient a non-exclusive, worldwide,
+ royalty-free patent license under Licensed Patents to make,
+ use, sell, offer to sell, import and otherwise transfer the
+ Contribution of such Contributor, if any, in source code and
+ object code form. This patent license shall apply to the
+ combination of the Contribution and the Program if, at the time
+ the Contribution is added by the Contributor, such addition of
+ the Contribution causes such combination to be covered by the
+ Licensed Patents. The patent license shall not apply to any
+ other combinations which include the Contribution. No hardware
+ per se is licensed hereunder.
+ 3. Recipient understands that although each Contributor grants
+ the licenses to its Contributions set forth herein, no
+ assurances are provided by any Contributor that the Program
+ does not infringe the patent or other intellectual property
+ rights of any other entity. Each Contributor disclaims any
+ liability to Recipient for claims brought by any other entity
+ based on infringement of intellectual property rights or
+ otherwise. As a condition to exercising the rights and licenses
+ granted hereunder, each Recipient hereby assumes sole
+ responsibility to secure any other intellectual property rights
+ needed, if any. For example, if a third party patent license is
+ required to allow Recipient to distribute the Program, it is
+ Recipient's responsibility to acquire that license before
+ distributing the Program.
+ 4. Each Contributor represents that to its knowledge it has
+ sufficient copyright rights in its Contribution, if any, to
+ grant the copyright license set forth in this Agreement.
+ A Contributor may choose to distribute the Program in object code form
+ under its own license agreement, provided that:
+ 1. it complies with the terms and conditions of this Agreement;
+ and
+ 2. its license agreement:
+ 1. effectively disclaims on behalf of all Contributors
+ all warranties and conditions, express and implied,
+ including warranties or conditions of title and
+ non-infringement, and implied warranties or conditions
+ of merchantability and fitness for a particular purpose;
+ 2. effectively excludes on behalf of all Contributors
+ all liability for damages, including direct, indirect,
+ special, incidental and consequential damages, such as
+ lost profits;
+ 3. states that any provisions which differ from this
+ Agreement are offered by that Contributor alone and not
+ by any other party; and
+ 4. states that source code for the Program is available
+ from such Contributor, and informs licensees how to
+ obtain it in a reasonable manner on or through a medium
+ customarily used for software exchange.
+ When the Program is made available in source code form:
+ 1. it must be made available under this Agreement; and
+ 2. a copy of this Agreement must be included with each
+ copy of the Program.
+ Contributors may not remove or alter any copyright notices
+ contained within the Program.
+ Each Contributor must identify itself as the originator of its
+ Contribution, if any, in a manner that reasonably allows
+ subsequent Recipients to identify the originator of the
+ Contribution.
+ Commercial distributors of software may accept certain responsibilities
+ with respect to end users, business partners and the like. While this
+ license is intended to facilitate the commercial use of the Program,
+ the Contributor who includes the Program in a commercial product
+ offering should do so in a manner which does not create potential
+ liability for other Contributors. Therefore, if a Contributor includes
+ the Program in a commercial product offering, such Contributor
+ ("Commercial Contributor") hereby agrees to defend and indemnify every
+ other Contributor ("Indemnified Contributor") against any losses,
+ damages and costs (collectively "Losses") arising from claims, lawsuits
+ and other legal actions brought by a third party against the
+ Indemnified Contributor to the extent caused by the acts or omissions
+ of such Commercial Contributor in connection with its distribution of
+ the Program in a commercial product offering. The obligations in this
+ section do not apply to any claims or Losses relating to any actual or
+ alleged intellectual property infringement. In order to qualify, an
+ Indemnified Contributor must: a) promptly notify the Commercial
+ Contributor in writing of such claim, and b) allow the Commercial
+ Contributor to control, and cooperate with the Commercial Contributor
+ in, the defense and any related settlement negotiations. The
+ Indemnified Contributor may participate in any such claim at its own
+ expense.
+ For example, a Contributor might include the Program in a commercial
+ product offering, Product X. That Contributor is then a Commercial
+ Contributor. If that Commercial Contributor then makes performance
+ claims, or offers warranties related to Product X, those performance
+ claims and warranties are such Commercial Contributor's responsibility
+ alone. Under this section, the Commercial Contributor would have to
+ defend claims against the other Contributors related to those
+ performance claims and warranties, and if a court requires any other
+ Contributor to pay any damages as a result, the Commercial Contributor
+ must pay those damages.
+ FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely responsible
+ for determining the appropriateness of using and distributing the
+ Program and assumes all risks associated with its exercise of rights
+ under this Agreement, including but not limited to the risks and costs
+ of program errors, compliance with applicable laws, damage to or loss
+ of data, programs or equipment, and unavailability or interruption of
+ operations.
+ If any provision of this Agreement is invalid or unenforceable under
+ applicable law, it shall not affect the validity or enforceability of
+ the remainder of the terms of this Agreement, and without further
+ action by the parties hereto, such provision shall be reformed to the
+ minimum extent necessary to make such provision valid and enforceable.
+ If Recipient institutes patent litigation against a Contributor with
+ respect to a patent applicable to software (including a cross-claim or
+ counterclaim in a lawsuit), then any patent licenses granted by that
+ Contributor to such Recipient under this Agreement shall terminate as
+ of the date such litigation is filed. In addition, if Recipient
+ institutes patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Program
+ itself (excluding combinations of the Program with other software or
+ hardware) infringes such Recipient's patent(s), then such Recipient's
+ rights granted under Section 2(b) shall terminate as of the date such
+ litigation is filed.
+ All Recipient's rights under this Agreement shall terminate if it fails
+ to comply with any of the material terms or conditions of this
+ Agreement and does not cure such failure in a reasonable period of time
+ after becoming aware of such noncompliance. If all Recipient's rights
+ under this Agreement terminate, Recipient agrees to cease use and
+ distribution of the Program as soon as reasonably practicable. However,
+ Recipient's obligations under this Agreement and any licenses granted
+ by Recipient relating to the Program shall continue and survive.
+ Everyone is permitted to copy and distribute copies of this Agreement,
+ but in order to avoid inconsistency the Agreement is copyrighted and
+ may only be modified in the following manner. The Agreement Steward
+ reserves the right to publish new versions (including revisions) of
+ this Agreement from time to time. No one other than the Agreement
+ Steward has the right to modify this Agreement. IBM is the initial
+ Agreement Steward. IBM may assign the responsibility to serve as the
+ Agreement Steward to a suitable separate entity. Each new version of
+ the Agreement will be given a distinguishing version number. The
+ Program (including Contributions) may always be distributed subject to
+ the version of the Agreement under which it was received. In addition,
+ after a new version of the Agreement is published, Contributor may
+ elect to distribute the Program (including its Contributions) under the
+ new version. Except as expressly stated in Sections 2(a) and 2(b)
+ above, Recipient receives no rights or licenses to the intellectual
+ property of any Contributor under this Agreement, whether expressly, by
+ implication, estoppel or otherwise. All rights in the Program not
+ expressly granted under this Agreement are reserved.
+ This Agreement is governed by the laws of the State of New York and the
+ intellectual property laws of the United States of America. No party to
+ this Agreement will bring a legal action under this Agreement more than
+ one year after the cause of action arose. Each party waives its rights
+ to a jury trial in any resulting litigation.
diff --git a/ b/
new file mode 100644
index 0000000..c70efce
--- /dev/null
+++ b/
@@ -0,0 +1,5 @@
+SUBDIRS = src include doc $(MAYBE_OPT)
+DIST_SUBDIRS = src include doc src/tests src/tests/libica_sha_test/
+ ./
diff --git a/NEWS b/NEWS
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/NEWS
diff --git a/README b/README
new file mode 100644
index 0000000..8ca6bd2
--- /dev/null
+++ b/README
@@ -0,0 +1 @@
+refer to INSTALL
diff --git a/ b/
new file mode 100755
index 0000000..6906f68
--- /dev/null
+++ b/
@@ -0,0 +1,6 @@
+set -x
+libtoolize --force -c
+automake --add-missing -c --foreign
diff --git a/ b/
new file mode 100755
index 0000000..6314e2c
--- /dev/null
+++ b/
@@ -0,0 +1,21 @@
+#! /bin/sh
+set -x
+if [ -f Makefile ] ; then
+ make -k clean
+rm mkinstalldirs
+rm aclocal.m4
+rm -rf autom4te.cache
+rm compile
+rm config.*
+rm configure
+rm depcomp
+rm install-sh
+rm missing
+rm libtool
+find . -name Makefile -exec rm {} \;
+find . -name -exec rm {} \;
+find . -depth -name .deps -exec rm -rf {} \;
diff --git a/ b/
new file mode 100644
index 0000000..2feb1c0
--- /dev/null
+++ b/
@@ -0,0 +1,99 @@
+# -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
+AC_INIT(libica, 2.5.0,
+# Compute $target
+# Checks for programs.
+# Checks for libraries.
+# Checks for header files.
+AC_CHECK_HEADERS([fcntl.h memory.h stdlib.h string.h strings.h sys/ioctl.h unistd.h \
+ errno.h stdio.h semaphore.h linux/types.h sys/ioctl.h])
+case "$target" in
+ *s390*)
+ AC_CHECK_HEADERS([openssl/bn.h openssl/rsa.h openssl/rand.h \
+ openssl/sha.h openssl/aes.h openssl/des.h],,
+ AC_MSG_ERROR(openssl-devel package required))
+ ;;
+ *)
+ AC_CHECK_HEADER(linux/icaioctl.h, ,
+ AC_MSG_ERROR([*** Unable to find linux/icaioctl.h]))
+ ;;
+# Checks for typedefs, structures, and compiler characteristics.
+# Checks for library functions.
+AC_CHECK_FUNCS([bzero memset])
+case $target in
+ *s390x*)
+ ;;
+ *s390*)
+ CFLAGS="$CFLAGS -D_LINUX_S390_ -m31 -Wall"
+ ;;
+ [--enable-debug turn on debugging flags],
+ [enable_debug="yes"],[enable_debug="no"])
+if test "x$enable_debug" = xyes; then
+ AC_MSG_RESULT([*** Enabling debugging at user request ***])
+dnl --- enable_testcases
+ AS_HELP_STRING([--enable-testcases],[build the test cases @<:@default=no@:>@]),
+ [enable_testcases=yes],
+ [enable_testcases=no])
+if test "$enable_testcases" = yes; then
+ MAYBE_OPT="src/tests src/tests/libica_sha_test/"
+AC_CONFIG_FILES([src/tests/Makefile src/tests/libica_sha_test/Makefile])
+AC_OUTPUT([Makefile src/Makefile include/Makefile doc/Makefile])
+echo "Enabled features:"
+echo " Debug build: $enable_debug"
+echo " Testcases: $enable_testcases"
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..b520e91
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,19 @@
+libica (2.5.0-1) unstable; urgency=medium
+ * Initial release to Debian. Closes: #813765.
+ -- Dimitri John Ledkov <> Fri, 05 Feb 2016 04:45:59 +0000
+libica (2.5.0-0ubuntu2) xenial; urgency=high
+ * Git format patches
+ * Add debian/watch file
+ * Include soname in the libica2 install globs
+ -- Dimitri John Ledkov <> Wed, 27 Jan 2016 22:15:16 +0000
+libica (2.5.0-0ubuntu1) xenial; urgency=low
+ * Initial release
+ -- Dimitri John Ledkov <> Thu, 07 Jan 2016 22:39:27 +0000
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..9a940b6
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,35 @@
+Source: libica
+Priority: optional
+Maintainer: Dimitri John Ledkov <>
+Build-Depends: debhelper (>= 9), dh-autoreconf, libssl-dev, autoconf-archive
+Standards-Version: 3.9.6
+Section: libs
+Package: libica-dev
+Section: libdevel
+Architecture: s390 s390x
+Multi-Arch: same
+Depends: libica2 (= ${binary:Version}), ${misc:Depends}
+Description: hardware cryptography support for IBM System z hardware (dev package)
+ libica library provides hardware acceleration for cryptographic
+ functions and is part of the openCryptoki project.
+ .
+ This package contains development headers and library.
+Package: libica2
+Architecture: s390 s390x
+Multi-Arch: same
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: hardware cryptography support for IBM System z hardware
+ libica library provides hardware acceleration for cryptographic
+ functions and is part of the openCryptoki project.
+Package: libica-utils
+Architecture: s390 s390x
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: hardware cryptography support for Linux on z Systems (utils)
+ libica library provides hardware acceleration for cryptographic
+ functions and is part of the openCryptoki project.
+ .
+ This package contains icastats and and icainfo utilities.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..42c19b0
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,271 @@
+Upstream-Name: libica
+Files: *
+Copyright: 2001-2015 IBM Corp.
+License: CPL
+ .
+ Common Public License - V1.0
+ .
+ .
+ .
+ "Contribution" means:
+ 1. in the case of the initial Contributor, the initial code and
+ documentation distributed under this Agreement, and
+ .
+ 2. in the case of each subsequent Contributor:
+ 1. changes to the Program, and
+ 2. additions to the Program;
+ .
+ where such changes and/or additions to the Program originate
+ from and are distributed by that particular Contributor. A
+ Contribution 'originates' from a Contributor if it was added to
+ the Program by such Contributor itself or anyone acting on such
+ Contributor's behalf. Contributions do not include additions to
+ the Program which: (i) are separate modules of software
+ distributed in conjunction with the Program under their own
+ license agreement, and (ii) are not derivative works of the
+ Program.
+ .
+ "Contributor" means any person or entity that distributes the Program.
+ .
+ "Licensed Patents " mean patent claims licensable by a Contributor
+ which are necessarily infringed by the use or sale of its Contribution
+ alone or when combined with the Program.
+ .
+ "Program" means the Contributions distributed in accordance with this
+ Agreement.
+ .
+ "Recipient" means anyone who receives the Program under this Agreement,
+ including all Contributors.
+ .
+ .
+ .
+ 1. Subject to the terms of this Agreement, each Contributor
+ hereby grants Recipient a non-exclusive, worldwide,
+ royalty-free copyright license to reproduce, prepare derivative
+ works of, publicly display, publicly perform, distribute and
+ sublicense the Contribution of such Contributor, if any, and
+ such derivative works, in source code and object code form.
+ .
+ 2. Subject to the terms of this Agreement, each Contributor
+ hereby grants Recipient a non-exclusive, worldwide,
+ royalty-free patent license under Licensed Patents to make,
+ use, sell, offer to sell, import and otherwise transfer the
+ Contribution of such Contributor, if any, in source code and
+ object code form. This patent license shall apply to the
+ combination of the Contribution and the Program if, at the time
+ the Contribution is added by the Contributor, such addition of
+ the Contribution causes such combination to be covered by the
+ Licensed Patents. The patent license shall not apply to any
+ other combinations which include the Contribution. No hardware
+ per se is licensed hereunder.
+ .
+ 3. Recipient understands that although each Contributor grants
+ the licenses to its Contributions set forth herein, no
+ assurances are provided by any Contributor that the Program
+ does not infringe the patent or other intellectual property
+ rights of any other entity. Each Contributor disclaims any
+ liability to Recipient for claims brought by any other entity
+ based on infringement of intellectual property rights or
+ otherwise. As a condition to exercising the rights and licenses
+ granted hereunder, each Recipient hereby assumes sole
+ responsibility to secure any other intellectual property rights
+ needed, if any. For example, if a third party patent license is
+ required to allow Recipient to distribute the Program, it is
+ Recipient's responsibility to acquire that license before
+ distributing the Program.
+ .
+ 4. Each Contributor represents that to its knowledge it has
+ sufficient copyright rights in its Contribution, if any, to
+ grant the copyright license set forth in this Agreement.
+ .
+ .
+ .
+ A Contributor may choose to distribute the Program in object code form
+ under its own license agreement, provided that:
+ .
+ 1. it complies with the terms and conditions of this Agreement;
+ and
+ .
+ 2. its license agreement:
+ 1. effectively disclaims on behalf of all Contributors
+ all warranties and conditions, express and implied,
+ including warranties or conditions of title and
+ non-infringement, and implied warranties or conditions
+ of merchantability and fitness for a particular purpose;
+ .
+ 2. effectively excludes on behalf of all Contributors
+ all liability for damages, including direct, indirect,
+ special, incidental and consequential damages, such as
+ lost profits;
+ .
+ 3. states that any provisions which differ from this
+ Agreement are offered by that Contributor alone and not
+ by any other party; and
+ .
+ 4. states that source code for the Program is available
+ from such Contributor, and informs licensees how to
+ obtain it in a reasonable manner on or through a medium
+ customarily used for software exchange.
+ .
+ When the Program is made available in source code form:
+ 1. it must be made available under this Agreement; and
+ 2. a copy of this Agreement must be included with each
+ copy of the Program.
+ .
+ Contributors may not remove or alter any copyright notices
+ contained within the Program.
+ .
+ Each Contributor must identify itself as the originator of its
+ Contribution, if any, in a manner that reasonably allows
+ subsequent Recipients to identify the originator of the
+ Contribution.
+ .
+ .
+ .
+ Commercial distributors of software may accept certain responsibilities
+ with respect to end users, business partners and the like. While this
+ license is intended to facilitate the commercial use of the Program,
+ the Contributor who includes the Program in a commercial product
+ offering should do so in a manner which does not create potential
+ liability for other Contributors. Therefore, if a Contributor includes
+ the Program in a commercial product offering, such Contributor
+ ("Commercial Contributor") hereby agrees to defend and indemnify every
+ other Contributor ("Indemnified Contributor") against any losses,
+ damages and costs (collectively "Losses") arising from claims, lawsuits
+ and other legal actions brought by a third party against the
+ Indemnified Contributor to the extent caused by the acts or omissions
+ of such Commercial Contributor in connection with its distribution of
+ the Program in a commercial product offering. The obligations in this
+ section do not apply to any claims or Losses relating to any actual or
+ alleged intellectual property infringement. In order to qualify, an
+ Indemnified Contributor must: a) promptly notify the Commercial
+ Contributor in writing of such claim, and b) allow the Commercial
+ Contributor to control, and cooperate with the Commercial Contributor
+ in, the defense and any related settlement negotiations. The
+ Indemnified Contributor may participate in any such claim at its own
+ expense.
+ .
+ For example, a Contributor might include the Program in a commercial
+ product offering, Product X. That Contributor is then a Commercial
+ Contributor. If that Commercial Contributor then makes performance
+ claims, or offers warranties related to Product X, those performance
+ claims and warranties are such Commercial Contributor's responsibility
+ alone. Under this section, the Commercial Contributor would have to
+ defend claims against the other Contributors related to those
+ performance claims and warranties, and if a court requires any other
+ Contributor to pay any damages as a result, the Commercial Contributor
+ must pay those damages.
+ .
+ .
+ .
+ FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely responsible
+ for determining the appropriateness of using and distributing the
+ Program and assumes all risks associated with its exercise of rights
+ under this Agreement, including but not limited to the risks and costs
+ of program errors, compliance with applicable laws, damage to or loss
+ of data, programs or equipment, and unavailability or interruption of
+ operations.
+ .
+ .
+ .
+ .
+ .
+ .
+ If any provision of this Agreement is invalid or unenforceable under
+ applicable law, it shall not affect the validity or enforceability of
+ the remainder of the terms of this Agreement, and without further
+ action by the parties hereto, such provision shall be reformed to the
+ minimum extent necessary to make such provision valid and enforceable.
+ .
+ If Recipient institutes patent litigation against a Contributor with
+ respect to a patent applicable to software (including a cross-claim or
+ counterclaim in a lawsuit), then any patent licenses granted by that
+ Contributor to such Recipient under this Agreement shall terminate as
+ of the date such litigation is filed. In addition, if Recipient
+ institutes patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Program
+ itself (excluding combinations of the Program with other software or
+ hardware) infringes such Recipient's patent(s), then such Recipient's
+ rights granted under Section 2(b) shall terminate as of the date such
+ litigation is filed.
+ .
+ All Recipient's rights under this Agreement shall terminate if it fails
+ to comply with any of the material terms or conditions of this
+ Agreement and does not cure such failure in a reasonable period of time
+ after becoming aware of such noncompliance. If all Recipient's rights
+ under this Agreement terminate, Recipient agrees to cease use and
+ distribution of the Program as soon as reasonably practicable. However,
+ Recipient's obligations under this Agreement and any licenses granted
+ by Recipient relating to the Program shall continue and survive.
+ .
+ Everyone is permitted to copy and distribute copies of this Agreement,
+ but in order to avoid inconsistency the Agreement is copyrighted and
+ may only be modified in the following manner. The Agreement Steward
+ reserves the right to publish new versions (including revisions) of
+ this Agreement from time to time. No one other than the Agreement
+ Steward has the right to modify this Agreement. IBM is the initial
+ Agreement Steward. IBM may assign the responsibility to serve as the
+ Agreement Steward to a suitable separate entity. Each new version of
+ the Agreement will be given a distinguishing version number. The
+ Program (including Contributions) may always be distributed subject to
+ the version of the Agreement under which it was received. In addition,
+ after a new version of the Agreement is published, Contributor may
+ elect to distribute the Program (including its Contributions) under the
+ new version. Except as expressly stated in Sections 2(a) and 2(b)
+ above, Recipient receives no rights or licenses to the intellectual
+ property of any Contributor under this Agreement, whether expressly, by
+ implication, estoppel or otherwise. All rights in the Program not
+ expressly granted under this Agreement are reserved.
+ .
+ This Agreement is governed by the laws of the State of New York and the
+ intellectual property laws of the United States of America. No party to
+ this Agreement will bring a legal action under this Agreement more than
+ one year after the cause of action arose. Each party waives its rights
+ to a jury trial in any resulting litigation.
+Files: debian/*
+Copyright: 2016 Canonical LTD
+License: BSD-2-clause
+ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+ .
+ 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+ .
+ 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+ .
+ POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file
diff --git a/debian/libica-dev.install b/debian/libica-dev.install
new file mode 100644
index 0000000..f3800aa
--- /dev/null
+++ b/debian/libica-dev.install
@@ -0,0 +1,2 @@
diff --git a/debian/libica-utils.install b/debian/libica-utils.install
new file mode 100644
index 0000000..6cc411d
--- /dev/null
+++ b/debian/libica-utils.install
@@ -0,0 +1,2 @@
+usr/share/man* \ No newline at end of file
diff --git a/debian/libica2.install b/debian/libica2.install
new file mode 100644
index 0000000..d591b5c
--- /dev/null
+++ b/debian/libica2.install
@@ -0,0 +1,2 @@
diff --git a/debian/patches/0001-Fix-buffer-overflow-in-icastats_test.c.patch b/debian/patches/0001-Fix-buffer-overflow-in-icastats_test.c.patch
new file mode 100644
index 0000000..9dda4ee
--- /dev/null
+++ b/debian/patches/0001-Fix-buffer-overflow-in-icastats_test.c.patch
@@ -0,0 +1,25 @@
+From 61e51e580f107c43f7136e94eae0783612cfc003 Mon Sep 17 00:00:00 2001
+From: Dimitri John Ledkov <>
+Date: Wed, 27 Jan 2016 22:07:47 +0000
+Subject: [PATCH 1/5] Fix buffer overflow in icastats_test.c
+ src/tests/icastats_test.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/tests/icastats_test.c b/src/tests/icastats_test.c
+index c207408..a2110c4 100644
+--- a/src/tests/icastats_test.c
++++ b/src/tests/icastats_test.c
+@@ -222,7 +222,7 @@ int check_hw(int algo_id)
+ **/
+ void check_icastats(int algo_id, char *stat)
+ {
+- char awk[80];
++ char awk[255];
+ FILE *fp;
+ int i, hw, enc, dec;
diff --git a/debian/patches/0002-Correctly-link-with-pthread-on-linux.patch b/debian/patches/0002-Correctly-link-with-pthread-on-linux.patch
new file mode 100644
index 0000000..57efec8
--- /dev/null
+++ b/debian/patches/0002-Correctly-link-with-pthread-on-linux.patch
@@ -0,0 +1,34 @@
+From 88b9a007844978100d39063fbd4ac6d8654f4ef5 Mon Sep 17 00:00:00 2001
+From: Dimitri John Ledkov <>
+Date: Wed, 27 Jan 2016 22:08:43 +0000
+Subject: [PATCH 2/5] Correctly link with pthread on linux.
+ | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+diff --git a/ b/
+index 38f1ea6..2feb1c0 100644
+--- a/
++++ b/
+@@ -23,7 +23,7 @@ AC_PROG_LIBTOOL
+ # Checks for header files.
+ AC_CHECK_HEADERS([fcntl.h memory.h stdlib.h string.h strings.h sys/ioctl.h unistd.h \
+- errno.h stdio.h pthread.h semaphore.h linux/types.h sys/ioctl.h])
++ errno.h stdio.h semaphore.h linux/types.h sys/ioctl.h])
+ case "$target" in
+ *s390*)
+ AC_CHECK_HEADERS([openssl/bn.h openssl/rsa.h openssl/rand.h \
+@@ -52,6 +52,8 @@ AC_FUNC_STAT
+ AC_CHECK_FUNCS([bzero memset])
+ CFLAGS="$cmdline_CFLAGS"
+ case $target in
+ *s390x*)
diff --git a/debian/patches/0003-Fix-linking-order-in-the-tests.patch b/debian/patches/0003-Fix-linking-order-in-the-tests.patch
new file mode 100644
index 0000000..bdd2d7e
--- /dev/null
+++ b/debian/patches/0003-Fix-linking-order-in-the-tests.patch
@@ -0,0 +1,39 @@
+From 9073d46565d13345718738a6eda3357e11ef45e9 Mon Sep 17 00:00:00 2001
+From: Dimitri John Ledkov <>
+Date: Wed, 27 Jan 2016 22:11:22 +0000
+Subject: [PATCH 3/5] Fix linking order in the tests.
+ src/tests/ | 2 +-
+ src/tests/libica_sha_test/ | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+diff --git a/src/tests/ b/src/tests/
+index 0f510c1..f941c49 100644
+--- a/src/tests/
++++ b/src/tests/
+@@ -29,7 +29,7 @@ all: $(TARGETS)
+ # Every target is created from a single .c file.
+ %: %.c
+- gcc $(OPTS) $(LIBS) $(INCLUDE) -lica -lcrypto -o $@ $^
++ gcc $(OPTS) -o $@ $^ $(LIBS) $(INCLUDE) -lica -lcrypto
+ clean:
+ rm -f $(TARGETS)
+diff --git a/src/tests/libica_sha_test/ b/src/tests/libica_sha_test/
+index 34bdf91..b6b4fc4 100644
+--- a/src/tests/libica_sha_test/
++++ b/src/tests/libica_sha_test/
+@@ -16,7 +16,7 @@ FILES = libica_sha_test.c~ \
+ include/critical_error.h~
+ all:
+- $(CC) $(OPTS) $(LIBS) $(INCLUDE) -lica -lcrypto -o libica_sha_test $(SOURCES)
++ $(CC) $(OPTS) -o libica_sha_test $(SOURCES) $(LIBS) $(INCLUDE) -lica -lcrypto
+ clean:
+ rm -f libica_sha_test
diff --git a/debian/patches/0004-Make-test-suite-bail-out-upon-errors.patch b/debian/patches/0004-Make-test-suite-bail-out-upon-errors.patch
new file mode 100644
index 0000000..fb37a79
--- /dev/null
+++ b/debian/patches/0004-Make-test-suite-bail-out-upon-errors.patch
@@ -0,0 +1,22 @@
+From ba05f6cff1de5ad8420d1364bb4c1d9187819cf8 Mon Sep 17 00:00:00 2001
+From: Dimitri John Ledkov <>
+Date: Wed, 27 Jan 2016 22:12:51 +0000
+Subject: [PATCH 4/5] Make test suite bail out upon errors.
+ src/tests/ | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/src/tests/ b/src/tests/
+index 339e347..c53ac31 100755
+--- a/src/tests/
++++ b/src/tests/
+@@ -1,4 +1,5 @@
+ #!/bin/bash
++set -e
+ # Libica test suite
+ #
diff --git a/debian/patches/0005-ubuntu-skip-generating-suite.out-report-to-stdout.patch b/debian/patches/0005-ubuntu-skip-generating-suite.out-report-to-stdout.patch
new file mode 100644
index 0000000..8ba001e
--- /dev/null
+++ b/debian/patches/0005-ubuntu-skip-generating-suite.out-report-to-stdout.patch
@@ -0,0 +1,101 @@
+From 86f83dd8c34a9dac3c6638bfa2180cd95ca41fd5 Mon Sep 17 00:00:00 2001
+From: Dimitri John Ledkov <>
+Date: Wed, 27 Jan 2016 22:13:28 +0000
+Subject: [PATCH 5/5] ubuntu: skip generating suite.out, report to stdout.
+ src/tests/ | 70 ++++++++++++++++++++++++++---------------------------
+ 1 file changed, 35 insertions(+), 35 deletions(-)
+diff --git a/src/tests/ b/src/tests/
+index c53ac31..e45d966 100755
+--- a/src/tests/
++++ b/src/tests/
+@@ -9,49 +9,49 @@ silent=${1}
+ echo -ne 'Starting libica test suite ...\n'
+ echo -ne '-------------------------------------------------- (0%)\r'
+-./icastats_test $silent > ./suite.out
++./icastats_test $silent
+ echo -ne '#------------------------------------------------- (2%)\r'
+-./libica_3des_cbc_test $silent >> ./suite.out
+-./libica_3des_cfb_test $silent >> ./suite.out
+-./libica_3des_ctr_test $silent >> ./suite.out
+-./libica_3des_ecb_test $silent >> ./suite.out
+-./libica_3des_ofb_test $silent >> ./suite.out
++./libica_3des_cbc_test $silent
++./libica_3des_cfb_test $silent
++./libica_3des_ctr_test $silent
++./libica_3des_ecb_test $silent
++./libica_3des_ofb_test $silent
+ echo -ne '#######------------------------------------------ (15%)\r'
+-./libica_aes128_test $silent >> ./suite.out
+-./libica_aes192_test $silent >> ./suite.out
+-./libica_aes256_test $silent >> ./suite.out
+-./libica_aes_cbc_test $silent >> ./suite.out
+-./libica_aes_cfb_test $silent >> ./suite.out
+-./libica_aes_ctr_test $silent >> ./suite.out
+-./libica_aes_ecb_test $silent >> ./suite.out
+-./libica_aes_gcm_test $silent >> ./suite.out
+-./libica_aes_ofb_test $silent >> ./suite.out
+-./libica_aes_xts_test $silent >> ./suite.out
++./libica_aes128_test $silent
++./libica_aes192_test $silent
++./libica_aes256_test $silent
++./libica_aes_cbc_test $silent
++./libica_aes_cfb_test $silent
++./libica_aes_ctr_test $silent
++./libica_aes_ecb_test $silent
++./libica_aes_gcm_test $silent
++./libica_aes_ofb_test $silent
++./libica_aes_xts_test $silent
+ echo -ne '###############---------------------------------- (30%)\r'
+-./libica_cbccs_test $silent >> ./suite.out
+-./libica_ccm_test $silent >> ./suite.out
+-./libica_cmac_test $silent >> ./suite.out
++./libica_cbccs_test $silent
++./libica_ccm_test $silent
++./libica_cmac_test $silent
+ echo -ne '######################--------------------------- (45%)\r'
+-./libica_des_cbc_test $silent >> ./suite.out
+-./libica_des_cfb_test $silent >> ./suite.out
+-./libica_des_ctr_test $silent >> ./suite.out
+-./libica_des_ecb_test $silent >> ./suite.out
+-./libica_des_ofb_test $silent >> ./suite.out
++./libica_des_cbc_test $silent
++./libica_des_cfb_test $silent
++./libica_des_ctr_test $silent
++./libica_des_ecb_test $silent
++./libica_des_ofb_test $silent
+ echo -ne '#############################-------------------- (60%)\r'
+-./libica_get_functionlist $silent >> ./suite.out
+-./libica_get_version $silent >> ./suite.out
+-./libica_keygen_test 512 r $silent >> ./suite.out
+-./libica_keygen_test 1024 r $silent >> ./suite.out
+-./libica_keygen_test 2048 r $silent >> ./suite.out
+-./libica_keygen_test 4096 r $silent >> ./suite.out
+-./libica_keygen_test 1234 r $silent >> ./suite.out
+-./libica_rng_test $silent >> ./suite.out
++./libica_get_functionlist $silent
++./libica_get_version $silent
++./libica_keygen_test 512 r $silent
++./libica_keygen_test 1024 r $silent
++./libica_keygen_test 2048 r $silent
++./libica_keygen_test 4096 r $silent
++./libica_keygen_test 1234 r $silent
++./libica_rng_test $silent
+ echo -ne '#####################################------------ (70%)\r'
+-./libica_rsa_test $silent >> ./suite.out
+-./libica_rsa_key_check_test $silent >> ./suite.out
++./libica_rsa_test $silent
++./libica_rsa_key_check_test $silent
+ echo -ne '############################################----- (80%)\r'
+ PARMS="libica_sha_test/sha_test_vectors/*"
+-./libica_sha_test/libica_sha_test $silent $PARMS >> ./suite.out
++./libica_sha_test/libica_sha_test $silent $PARMS
+ #./libica_sha_test/libica_sha_test 'libica_sha_test/sha_test_vectors/*'
+ echo -ne '################################################# (100%) Done\r'
+ echo -ne '\n'
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..f9b43df
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,5 @@
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..8db849b
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,16 @@
+#!/usr/bin/make -f
+ dh $@ --with autoreconf
+ dh_auto_configure -- --enable-testcases
+ rm debian/tmp/usr/lib/*/libica.a
+ rm debian/tmp/usr/lib/*/
+ dh_install --list-missing
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+ cd src/tests && LD_LIBRARY_PATH=$(CURDIR)/src/.libs PATH=$(CURDIR)/src/.libs:$$PATH ./ silent
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..a93a4bc
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,2 @@
diff --git a/doc/ b/doc/
new file mode 100644
index 0000000..2f7df8a
--- /dev/null
+++ b/doc/
@@ -0,0 +1 @@
+man_MANS = icastats.1 icainfo.1
diff --git a/doc/icainfo.1 b/doc/icainfo.1
new file mode 100644
index 0000000..96bba4c
--- /dev/null
+++ b/doc/icainfo.1
@@ -0,0 +1,64 @@
+.\" icainfo man page source
+.\" use
+.\" groff -man -Tutf8 icainfo.1
+.\" or
+.\" nroff -man icainfo.1
+.\" to process this source
+.TH ICAINFO 1 2013-12-06 IBM "icainfo user manual"
+icainfo \- show information about cryptographic functions supported by libica
+.B icainfo
+[-v | --version] [-h | --help]
+.B icainfo
+displays all the cryptographic algorithms and modes of operation supported by
+libica together with implementation details about software and hardware support.
+ function | # hardware | # software
+ SHA-1 | yes | yes
+ SHA-224 | yes | yes
+ SHA-256 | yes | yes
+ SHA-384 | yes | yes
+ SHA-512 | yes | yes
+ GHASH | yes | no
+ PRNG | yes | yes
+ RSA ME | yes | yes
+ RSA CRT | yes | yes
+ DES ECB | yes | yes
+ DES CBC | yes | yes
+ DES OFB | yes | no
+ DES CFB | yes | no
+ DES CTR | yes | no
+ DES CMAC | yes | no
+ 3DES ECB | yes | yes
+ 3DES CBC | yes | yes
+ 3DES OFB | yes | no
+ 3DES CFB | yes | no
+ 3DES CTR | yes | no
+ 3DES CMAC | yes | no
+ AES ECB | yes | yes
+ AES CBC | yes | yes
+ AES OFB | yes | no
+ AES CFB | yes | no
+ AES CTR | yes | no
+ AES CMAC | yes | no
+ AES XTS | yes | no
+.IP "-v or --version"
+show libica version and copyright
+.IP "-h or --help"
+display this help and exit
+.IP 1
+unknown or invalid argument on invocation
+.IP 0
+successful program execution
+.BR icastats (1)
diff --git a/doc/icastats.1 b/doc/icastats.1
new file mode 100644
index 0000000..ca773d7
--- /dev/null
+++ b/doc/icastats.1
@@ -0,0 +1,121 @@
+.\" icastats man page source
+.\" use
+.\" groff -man -Tutf8 icastats.1
+.\" or
+.\" nroff -man icastats.1
+.\" to process this source
+.TH ICASTATS 1 2013-12-06 IBM "icaststats user manual"
+icastats \- display statistic data for the libica cryptographic functions
+.B icastats
+[-v | --version] [-h | --help] [--reset-all | -R] [--reset | -r]
+[--delete-all |-D] [--delete | -d] [--all | -A] [--summary | -S] [[-U |
+--user] <username>]
+.B icastats
+displays statistic data about the usage of cryptographic functions provided by
+Libica is a cryptographic library supporting SHA, RSA, DES and AES in
+different modes of operations. The invocation of each call to all the
+cryptographic functions is tracked with individual counters which can be
+displayed and maintained with icastats.
+Here is a sample output:
+ function | # hardware | # software
+ SHA-1 | 0 | 0
+ SHA-224 | 0 | 0
+ SHA-256 | 0 | 0
+ SHA-384 | 0 | 0
+ SHA-512 | 0 | 0
+ GHASH | 0 | 0
+ P_RNG | 0 | 0
+ RSA-ME | 0 | 0
+ RSA-CRT | 0 | 0
+ DES ECB | 0 0 | 0 0
+ DES CBC | 0 0 | 0 0
+ DES OFB | 0 0 | 0 0
+ DES CFB | 0 0 | 0 0
+ DES CTR | 0 0 | 0 0
+ DES CMAC | 0 0 | 0 0
+ 3DES ECB | 0 0 | 0 0
+ 3DES CBC | 0 0 | 0 0
+ 3DES OFB | 0 0 | 0 0
+ 3DES CFB | 0 0 | 0 0
+ 3DES CTR | 0 0 | 0 0
+ 3DES CMAC | 0 0 | 0 0
+ AES ECB | 0 0 | 0 0
+ AES CBC | 0 0 | 0 0
+ AES OFB | 0 0 | 0 0
+ AES CFB | 0 0 | 0 0
+ AES CTR | 0 0 | 0 0
+ AES CMAC | 0 0 | 0 0
+ AES XTS | 0 0 | 0 0
+For each cryptographic function the table shows the number of invocations
+where hardware support was involved or the libica fall back implementation
+in software was used. For the ciphering methods the invocation counter is
+further divided into encrypt and decrypt operation counter values.
+All the counter values are stored and maintained in one shared memory page
+for each user. This memory area is created automatically with the first run
+of icastats and persists until it is explicitly removed (see the -d option)
+or system shut down. This also means that the statistical data shown with
+icastats is on a per user base and only the root user is able to see and
+maintain the collection of statistic data from libica at system scope.
+Newer operating systems might remove these shared memory segments
+after the user has logged out from the system (systemd cleanup action).
+In this case all collected statistic data are gone.
+To prevent the statistic data from being removed you can configure the
+systemd to keep all shared memory segments after session exit by
+enabling the "RemoveIPC=no" paramater in "/etc/systemd/logind.conf".
+Alternatively you can setup the systemd user manager to enable user
+lingering by typing "loginctl enable-linger <user>".
+.IP "-v or --version"
+show libica version and copyright
+.IP "-h or --help"
+display this help and exit
+.IP "-R or --reset-all"
+reset the statistic data for each user that has a shared memory segment to
+zero (only root user)
+.IP "-r or --reset"
+reset the statistic data for the current user to zero
+.IP "-D or --delete-all"
+delete all shared memory segments from all users who have an icastats shared
+memory segment (only root user)
+.IP "-d or --delete"
+delete the libica shared memory area for the current user
+.IP "-A or --all"
+show libica statistic data for each user in the system where a shared
+memory area exists in multiple tables (only root user)
+.IP "-S or --summary"
+show libica statistic data for each user in the system where a shared
+memory area exists in one table accumulating all the per user counter
+values (only root user)
+.IP "-U <username> or --user <username>"
+show statistic values from the given user (only root user)
+.IP 1
+unsupported or unknown argument, argument which requires root privileges
+given but not root user, failures at creating or attaching to the shared
+memory area ...
+.IP 0
+normal and sucessful program execution
+icainfo (1)
diff --git a/include/ b/include/
new file mode 100644
index 0000000..c0c1275
--- /dev/null
+++ b/include/
@@ -0,0 +1,2 @@
+nobase_include_HEADERS = ica_api.h
diff --git a/include/ica_api.h b/include/ica_api.h
new file mode 100644
index 0000000..fc3df4c
--- /dev/null
+++ b/include/ica_api.h
@@ -0,0 +1,3598 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors(s): Ralph Wuerthner <>
+ * Holger Dengler <>
+ * Ingo Tuchscherer <>
+ *
+ * Copyright IBM Corp. 2001, 2005, 2009, 2010, 2011, 2013
+ */
+#ifndef __ICA_API_H__
+#define __ICA_API_H__
+*** ***
+*** ***
+*** All Rights Reserved ***
+*** ***
+*** U.S. Government Users Restricted Rights - Use, ***
+*** duplication or disclosure restricted by GSA ADP ***
+*** Schedule Contract with IBM Corp. ***
+*** ***
+*** ***
+*** ORIGINS: IBM Charlotte, Department VM9A ***
+*** ***
+#include <stdint.h>
+#define ica_adapter_handle_t int
+typedef ica_adapter_handle_t ICA_ADAPTER_HANDLE;
+ * Definitions to determine the direction of the symmetric
+ * encryption/decryption functions.
+ */
+#define ICA_ENCRYPT 1
+#define ICA_DECRYPT 0
+ * @deprecated.
+ * RSA key generation options - public exponent types
+ * These are used to tell deprecated functions:
+ * - icaRsaKeyGenerateModExpo
+ * - icaRsaKeyGenerateCrt
+ * which public exponent to take. They are not used within the new API functions.
+ */
+#define RSA_PUBLIC_3 1
+#define RSA_PUBLIC_65537 2
+ * @deprecated exponent types. These have been used internally only. They are
+ * not used at all, now.
+ */
+#define RSA_EXPONENT_3 2
+#define RSA_EXPONENT_65537 3
+#define RSA_EXPONENT_2 4
+ * @deprecated RSA key token types
+ */
+ * Symetric encryption/decryption modes
+ */
+#define MODE_ECB 1
+#define MODE_CBC 2
+#define MODE_CFB 3
+#define MODE_OFB 4
+#define MODE_CTR 5
+#define MODE_XTS 6
+#define MODE_GCM 7
+#define MODE_CBCCS 8
+#define MODE_CCM 9
+ * CBC Ciphertext Stealing variants
+ */
+ * @deprecated
+ * Use MODE_ECB, MODE_CBC instead.
+ */
+#define ICA_FLAG_SHW 4 /* static hardware support (symmetric ops - CPACF) */
+#define ICA_FLAG_DHW 2 /* dynamic hardware support (asymmetric ops - CEX) */
+#define ICA_FLAG_SW 1 /* software implementation (fallback / backup) */
+#define SHA1 1
+#define SHA224 2
+#define SHA256 3
+#define SHA384 4
+#define SHA512 5
+#define G_HASH 10
+#define DES_ECB 20
+#define DES_CBC 21
+#define DES_CBC_CS 22
+#define DES_OFB 23
+#define DES_CFB 24
+#define DES_CTR 25
+#define DES_CTRLST 26
+#define DES_CBC_MAC 27
+#define DES_CMAC 28
+#define DES3_ECB 41
+#define DES3_CBC 42
+#define DES3_CBC_CS 43
+#define DES3_OFB 44
+#define DES3_CFB 45
+#define DES3_CTR 46
+#define DES3_CTRLST 47
+#define DES3_CBC_MAC 48
+#define DES3_CMAC 49
+#define AES_ECB 60
+#define AES_CBC 61
+#define AES_CBC_CS 62
+#define AES_OFB 63
+#define AES_CFB 64
+#define AES_CTR 65
+#define AES_CTRLST 66
+#define AES_CBC_MAC 67
+#define AES_CMAC 68
+#define AES_CCM 69
+#define AES_GCM 70
+#define AES_XTS 71
+#define P_RNG 80
+#define RSA_ME 90
+#define RSA_CRT 91
+#define RSA_KEY_GEN_ME 92
+#define RSA_KEY_GEN_CRT 93
+ * Key length for DES/3DES encryption/decryption
+ */
+#define DES_KEY_LENGTH (56/8)
+#define DES3_KEY_LENGTH (168/8)
+ * Key length for AES encryption/decryption
+ */
+#define AES_KEY_LEN128 (128/8)
+#define AES_KEY_LEN192 (192/8)
+#define AES_KEY_LEN256 (256/8)
+ * SHA Message parts
+ */
+#define SHA_MSG_PART_ONLY 0
+ * SHA hash lengths
+ */
+#define SHA_HASH_LENGTH 20
+#define SHA224_HASH_LENGTH 28
+#define SHA256_HASH_LENGTH 32
+#define SHA384_HASH_LENGTH 48
+#define SHA512_HASH_LENGTH 64
+ * @deprecated
+ *
+ */
+ * @deprecated
+ * ICA_CALL is unneccessary. Do not use it anymore.
+ */
+#define ICA_CALL
+ * Context for SHA1 operations
+ */
+typedef struct {
+ uint64_t runningLength;
+ unsigned char shaHash[LENGTH_SHA_HASH];
+} sha_context_t;
+ * @deprecated
+ */
+typedef sha_context_t SHA_CONTEXT;
+#define LENGTH_SHA_CONTEXT sizeof(sha_context_t)
+ * Context for SHA256 and SHA128 operations
+ */
+typedef struct {
+ uint64_t runningLength;
+ unsigned char sha256Hash[LENGTH_SHA256_HASH];
+} sha256_context_t;
+ * @deprecated
+ */
+typedef sha256_context_t SHA256_CONTEXT;
+#define LENGTH_SHA256_CONTEXT sizeof(sha256_context_t)
+ * Context for SHA512 and SHA384 operations
+ */
+typedef struct {
+ uint64_t runningLengthHigh;
+ uint64_t runningLengthLow;
+ unsigned char sha512Hash[LENGTH_SHA512_HASH];
+} sha512_context_t;
+ * @deprecated
+ */
+typedef sha512_context_t SHA512_CONTEXT;
+#define LENGTH_SHA512_CONTEXT sizeof(sha512_context_t)
+ * @deprecated
+ * are no longer needed. These values will be deleted with the next update.
+ *
+ * All data elements of the RSA key are in big-endian format
+ * Modulus-Exponent form of key
+ */
+#define MAX_EXP_SIZE 256
+#define MAX_MODULUS_SIZE 256
+ /**
+ *
+ * _ ___________ <-base address + MAX_EXP_SIZE
+ * |
+ * |
+ * |
+ * |
+ * | Modulus
+ * | ---------- <-base address + sizeof(exponent)
+ * |
+ * | Exponent
+ * _ ___________ <-base address of key
+ *
+ * The Exponent and Modulus lengths are multiples of 32 bytes.
+ *
+ */
+ * @deprecated
+ */
+typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE];
+ * and will be deleted with the next update.
+ *
+ * All data elements of the RSA key are in big-endian format
+ * Chinese Remainder Theorem(CRT) form of key
+ * Used only for Decrypt, the encrypt form is typically Modulus-Exponent
+ */
+#define MAX_BP_SIZE 136
+#define MAX_BQ_SIZE 128
+#define MAX_NP_SIZE 136
+#define MAX_NQ_SIZE 128
+#define MAX_QINV_SIZE 136
+#define RSA_GEN_OPERAND_MAX 256 /* bytes */
+ /**
+ *
+ * _ ___________ <-base address + MAX_RSACRT_SIZE
+ * |
+ * | QINV(U)
+ * | ---------- <-base address + sizeof(Bp)+sizeof(Bq)+sizeof(Np)+sizeof(Nq)
+ * | Nq
+ * | ---------- <-base address + sizeof(Bp)+sizeof(Bq)+sizeof(Np)
+ * | Np
+ * | ---------- <-base address + sizeof(Bp)+sizeof(Bq)
+ * | Bq
+ * | ---------- <-base address + sizeofBp)
+ * | Bp
+ * _ ___________ <-base address of key
+ *
+ *
+ */
+typedef enum {
+/* XTS belongs to the KM family */
+/* PRNG only for KMC */
+} kmc_functions_t;
+ * @deprecated
+ */
+typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
+ * @deprecated
+ */
+ */
+typedef struct _ICA_KEY_RSA_MODEXPO {
+ unsigned int keyType; /* RSA key type. */
+ unsigned int keyLength; /* Total length of the token. */
+ unsigned int modulusBitLength; /* Modulus n bit length. */
+ /* -- Start of the data length. */
+ unsigned int nLength; /* Modulus n = p * q */
+ unsigned int expLength; /* exponent (public or private) */
+ /* e = 1/d * mod(p-1)(q-1) */
+ /* -- Start of the data offsets */
+ unsigned int nOffset; /* Modulus n . */
+ unsigned int expOffset; /* exponent (public or private) */
+ unsigned char reserved[112]; /* reserved area */
+ /* -- Start of the variable -- */
+ /* -- length token data. -- */
+#define SZ_HEADER_MODEXPO (7 * sizeof(unsigned int) + 112);
+ * @deprecated
+ */
+ * struct ICA_KEY_RSA_CRT:
+ */
+typedef struct _ICA_KEY_RSA_CRT {
+ unsigned int keyType; /* RSA key type. */
+ unsigned int keyLength; /* Total length of the token. */
+ unsigned int modulusBitLength; /* Modulus n bit length. */
+ unsigned int pLength; /* Prime number p . */
+ unsigned int qLength; /* Prime number q . */
+ unsigned int dpLength; /* dp = d * mod(p-1) . */
+ unsigned int dqLength; /* dq = d * mod(q-1) . */
+ unsigned int qInvLength; /* PKCS: qInv = Ap/q */
+ /* -- Start of the data offsets */
+ unsigned int pOffset; /* Prime number p . */
+ unsigned int qOffset; /* Prime number q . */
+ unsigned int dpOffset; /* dp . */
+ unsigned int dqOffset; /* dq . */
+ unsigned int qInvOffset; /* qInv for PKCS */
+ unsigned char reserved[88]; /* reserved area */
+ /* -- Start of the variable -- */
+ /* -- length token data. -- */
+ ICA_KEY_RSA_CRT_REC keyRecord;
+#define SZ_HEADER_CRT (13 * sizeof(unsigned int) + 88)
+typedef struct {
+ unsigned int key_length;
+ unsigned char* modulus;
+ unsigned char* exponent;
+} ica_rsa_key_mod_expo_t;
+typedef struct {
+ unsigned int key_length;
+ unsigned char* p;
+ unsigned char* q;
+ unsigned char* dp;
+ unsigned char* dq;
+ unsigned char* qInverse;
+} ica_rsa_key_crt_t;
+ * DES and AES defines and typedefs
+ */
+typedef unsigned char ica_des_vector_t[8];
+typedef unsigned char ica_des_key_single_t[8];
+typedef struct {
+ ica_des_key_single_t key1;
+ ica_des_key_single_t key2;
+ ica_des_key_single_t key3;
+} ica_des_key_triple_t;
+typedef unsigned char ica_key_t[8];
+ * AES defines and typedefs
+ */
+typedef unsigned char ica_aes_vector_t[16];
+typedef unsigned char ica_aes_key_single_t[8];
+typedef unsigned char ica_aes_key_len_128_t[16];
+typedef unsigned char ica_aes_key_len_192_t[24];
+typedef unsigned char ica_aes_key_len_256_t[32];
+#define ica_aes_key_t ica_key_t
+ * Libica version information
+ */
+typedef struct {
+ unsigned int major_version;
+ unsigned int minor_version;
+ unsigned int fixpack_version;
+} libica_version_info;
+ * Definition of a mechanism type
+ **/
+typedef unsigned int libica_mechanism_type;
+ * Information for a particular crypto mechanism supported by libica.
+ * Key sizes are specified in bytes and do not apply to all supported
+ * mechanisms.
+ **/
+typedef struct {
+ unsigned int min_key_size;
+ unsigned int max_key_size;
+ unsigned int flags;
+} libica_mechanism_info;
+ * Definition for a particular crypto mechanism supported by libica.
+ **/
+typedef struct {
+ libica_mechanism_type mech_type;
+ libica_mechanism_info mech_info;
+} libica_mechanism_list_element;
+ * internal specification for a specific crypto mechanism supported by libica
+ **/
+typedef struct {
+ unsigned int mech_mode_id;
+ unsigned int type;
+ unsigned int id;
+ unsigned int flags;
+ unsigned int property;
+} libica_func_list_element_int;
+ * external specification for a specific crypto mechanism supported by libica
+ **/
+typedef struct {
+ unsigned int mech_mode_id;
+ unsigned int flags;
+ unsigned int property;
+} libica_func_list_element;
+ * @deprecated
+ * Deprecated typedefs: Use the new ones instead.
+ * They will be deleted with the next update.
+ */
+typedef ica_des_vector_t ICA_DES_VECTOR;
+typedef ica_des_key_single_t ICA_KEY_DES_SINGLE;
+typedef ica_des_key_triple_t ICA_KEY_DES_TRIPLE;
+typedef ica_aes_vector_t ICA_AES_VECTOR;
+typedef ica_aes_key_single_t ICA_KEY_AES_SINGLE;
+typedef ica_aes_key_len_128_t ICA_KEY_AES_LEN128;
+typedef ica_aes_key_len_192_t ICA_KEY_AES_LEN192;
+typedef ica_aes_key_len_256_t ICA_KEY_AES_LEN256;
+ *
+ * Do not use them anylonger! Use the new functions instead!
+ * Deprecated function prototypes will be removed with the next version.
+ *
+ */
+ * @deprecated Opens the specified adapter. Use ica_open_adapter() instead.
+ * @param adapter_id
+ * The adapter number. Can be anything. Is not needed anymore.
+ * @param adapter_handle
+ * Pointer to the file descriptor
+ *
+ * @see ica_open_adapter()
+ * @return 0 as long as a valid parameter is given,
+ * EINVAL for invalid parameter.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaOpenAdapter(unsigned int adapter_id,
+ ica_adapter_handle_t *adapter_handle);
+ * @deprecated Closes a device handle. Usa ica_close_adapter() instead.
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ *
+ * @see ica_close_adapter()
+ * @return 0 if successful.
+ * errno of close() if unsuccessful
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaCloseAdapter(ica_adapter_handle_t adapter_handle);
+ * @deprecated Use ica_rsa_mod_expo() instead.
+ * @see ica_rsa_mod_expo()
+ * @brief Perform a RSA encryption/decryption operation using a key in
+ * modulus/exponent form.
+ *
+ * Make sure your message is padded before using this function. Otherwise you
+ * will risk security!
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param input_length
+ * The byte length of the input data and must be 1 to 256 inclusive.
+ * @param input_data
+ * Pointer to input data to be encrypted/decrypted and is in big endian format.
+ * Make sure input data is not longer than bit length of the key! Byte length
+ * has to be the same. Thus right justify input data inside the data block.
+ * @param rsa_key Pointer to the key to be used, in modulus/exponent format.
+ * @param output_length
+ * On input it contains the byte length of output_data and must be as large as
+ * the modulus byte length. On output it contains the actual byte length of
+ * output_data.
+ * @param output_data
+ * Pointer to where the output results are to be placed.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * ENOMEM if memory allocation fails.
+ * EIO if the operation fails. This should never happen.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaRsaModExpo(ica_adapter_handle_t adapter_handle,
+ unsigned int input_length,
+ unsigned char *input_data,
+ unsigned int *output_length,
+ unsigned char *output_data);
+ * @deprecated Use ica_rsa_crt() instead
+ * @see ica_rsa_crt()
+ * @brief Perform a RSA encryption/decryption operation using a key in CRT
+ * form.
+ *
+ * Make sure your message is padded before using this function. Otherwise you
+ * will risk security!
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param input_length
+ * The byte length of the input data and must be 1 to 256 inclusive.
+ * @param input_data
+ * Pointer to input data to be encrypted/decrypted and is in big endian format.
+ * Make sure input data is not longer than bit length of the key! Byte length
+ * has to be the same. Thus right justify input data inside the data block.
+ * @param rsa_key
+ * Pointer to the key to be used, in CRT format.
+ * @param output_length
+ * On input it contains the byte length of output_data and must be as large as
+ * the modulus byte length. On output it contains the actual byte length of
+ * output_data.
+ * @param output_data
+ * Pointer to where the output results are to be placed.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * ENOMEM if memory allocation fails.
+ * EIO if the operation fails. This should never happen.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaRsaCrt(ica_adapter_handle_t adapter_handle,
+ unsigned int input_length,
+ unsigned char *input_data,
+ ICA_KEY_RSA_CRT *rsa_key,
+ unsigned int *output_length,
+ unsigned char *output_data);
+ * @deprecated Use ica_rsa_key_gnerate_mod_expo() instead.
+ * @see ica_rsa_key_gnerate_mod_expo()
+ * Generate RSA keys in modulus/exponent format.
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param modulus_bit_length
+ * Specifies the bit length of the modulus.
+ * @param public_exponent_type
+ * Specifies the type of the public exponent and should be one of the
+ * following:
+ * 0 - Full random public exponent
+ * 1 - Fixed value 3 public exponent
+ * 2 - Fixed value 65537 public exponent
+ * @param public_key_length
+ * On input is the length of the public_key buffer. On output contains the
+ * actual length of the generated public key.
+ * @param public_key
+ * Pointer to where the generated public key is to be placed.
+ * @param private_key_length
+ * On input it contains the byte length of private_key. On output it contains
+ * the actual length of the generated private key.
+ * @param private_key
+ * Pointer to where the generated private key is to be placed.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * errno of OpenSSL key generation if it should fail.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaRsaKeyGenerateModExpo(ica_adapter_handle_t adapter_handle,
+ unsigned int modulus_bit_length,
+ unsigned int public_exponent_type,
+ unsigned int *public_key_length,
+ ICA_KEY_RSA_MODEXPO *public_key,
+ unsigned int *private_key_length,
+ ICA_KEY_RSA_MODEXPO *private_key);
+ * @deprecated Use ica_rsa_key_generate_crt() instead
+ * Generate RSA keys in CRT format.
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param modulus_bit_length
+ * Specifies the bit length of the modulus.
+ * @param public_exponent_type
+ * Specifies the type of the public exponent and should be one of the
+ * following:
+ * 0 - Full random public exponent
+ * 1 - Fixed value 3 public exponent
+ * 2 - Fixed value 65537 public exponent
+ * @param public_key_length
+ * On input is the length of the public_key buffer. On output contains the
+ * actual length of the generated public key.
+ * @param public_key
+ * Pointer to where the generated public key is to be placed.
+ * @param private_key_length
+ * On input it contains the byte length of private_key. On output it contains
+ * the actual length of the generated private key.
+ * @param private_key
+ * Pointer to where the generated private key is to be placed.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * errno of OpenSSL key generation if it should fail.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaRsaKeyGenerateCrt(ica_adapter_handle_t adapter_handle,
+ unsigned int modulus_bit_length,
+ unsigned int public_exponent_type,
+ unsigned int *public_key_length,
+ ICA_KEY_RSA_MODEXPO *public_key,
+ unsigned int *private_key_length,
+ ICA_KEY_RSA_CRT *private_key);
+ * @deprecated use ica_des_encrypt() instead.
+ * @see ica_des_encrypt()
+ * Encrypt data using a single length DES key.
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param mode
+ * Specifies the operational mode and must be:
+ * MODE_ECB - Use Electronic Code Book mode
+ * MODE_CBC - Use Cipher Block Chaining mode
+ * @param data_length
+ * Specifies the byte length of the input data. Must be a mutiple of the cipher
+ * block.
+ * @param input_data
+ * Pointer to the input data data to be encrypted.
+ * @param iv
+ * Pointer to a valid 8 byte initialization vector.
+ * @param des_key
+ * Pointer to a single length DES key.
+ * @param output_length
+ * On input specifies the length of the output_data buffer and must be as large
+ * as data_length. On output it contains the actual byte length of the data
+ * returned in output_data.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting encrypted data.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails. This should never happen.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaDesEncrypt(ica_adapter_handle_t adapter_handle,
+ unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_des_vector_t *iv,
+ ica_des_key_single_t *des_key,
+ unsigned int *output_length,
+ unsigned char *output_data);
+ * @deprecated Use ica_des_decrypt() instead.
+ * @see ica_des_decrypt()
+ * Decrypt data using a single length DES key.
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param mode
+ * Specifies the operational mode and must be:
+ * MODE_ECB - Use Electronic Code Book mode
+ * MODE_CBC - Use Cipher Block Chaining mode
+ * @param data_length
+ * Specifies the byte length of the input data. Must be a mutiple of the cipher
+ * block.
+ * @param input_data
+ * Pointer to the input data data to be decrypted.
+ * @param iv
+ * Pointer to a valid 8 byte initialization vector.
+ * @param des_key
+ * Pointer to a single length DES key.
+ * @param output_length
+ * On input specifies the length of the output_data buffer and must be as large
+ * as data_length. On output it contains the actual byte length of the data
+ * returned in output_data.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting decrypted data.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails. This should never happen.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaDesDecrypt(ica_adapter_handle_t adapter_handle,
+ unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_des_vector_t *iv,
+ ica_des_key_single_t *des_key,
+ unsigned int *output_length,
+ unsigned char *output_data);
+ * @deprecated Use ica_3des_encrypt() instead
+ * @see ica_3des_encrypt()
+ * Encrypt data using a triple length DES key.
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param mode
+ * Specifies the operational mode and must be:
+ * MODE_ECB - Use Electronic Code Book mode
+ * MODE_CBC - Use Cipher Block Chaining mode
+ * @param data_length
+ * Specifies the byte length of the input data. Must be a mutiple of the cipher
+ * block.
+ * @param input_data
+ * Pointer to the input data data to be encrypted.
+ * @param iv
+ * Pointer to a valid 8 byte initialization vector.
+ * @param des_key
+ * Pointer to a triple length DES key.
+ * @param output_length
+ * On input specifies the length of the output_data buffer and must be as large
+ * as data_length. On output it contains the actual byte length of the data
+ * returned in output_data.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting encrypted data.
+ *
+ * Returns 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails. This should never happen.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaTDesEncrypt(ica_adapter_handle_t adapter_handle,
+ unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_des_vector_t *iv,
+ ica_des_key_triple_t *des_key,
+ unsigned int *output_length,
+ unsigned char *output_data);
+ * @deprecated Use ica_3des_decrypt() instead.
+ * @see ica_3des_decrypt()
+ * Decrypt data using a triple length DES key.
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param mode
+ * Specifies the operational mode and must be:
+ * MODE_ECB - Use Electronic Code Book mode
+ * MODE_CBC - Use Cipher Block Chaining mode
+ * @param data_length
+ * Specifies the byte length of the input data. Must be a mutiple of the cipher
+ * block.
+ * @param input_data
+ * Pointer to the input data data to be decrypted.
+ * @param iv
+ * Pointer to a valid 8 byte initialization vector.
+ * @param des_key
+ * Pointer to a triple length DES key.
+ * @param output_length
+ * On input specifies the length of the output_data buffer and must be as large
+ * as data_length. On output it contains the actual byte length of the data
+ * returned in output_data.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting decrypted data.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails. This should never happen.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaTDesDecrypt(ica_adapter_handle_t adapter_handle,
+ unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_des_vector_t *iv,
+ ica_des_key_triple_t *des_key,
+ unsigned int *output_length,
+ unsigned char *output_data);
+ * @deprecated Use ica_aes_encrypt() instead
+ * @see ica_aes_encrypt()
+ * Encrypt data using AES (key_length is 16, 24, or 32)
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param mode
+ * Specifies the operational mode and must be:
+ * MODE_ECB - Use Electronic Code Book mode
+ * MODE_CBC - Use Cipher Block Chaining mode
+ * @param data_length
+ * Specifies the byte length of the input data. Must be a mutiple of the cipher
+ * block.
+ * @param input_data
+ * Pointer to the input data data to be encrypted.
+ * @param iv
+ * Pointer to a valid 16 byte initialization vector.
+ * @param key_length
+ * Length of the AES key being used.
+ * @param aes_key
+ * Pointer to the AES key.
+ * @param output_length
+ * On input specifies the length of the output_data buffer and must be as large
+ * as data_length. On output it contains the actual byte length of the data
+ * returned in output_data.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting encrypted data.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails. This should never happen.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaAesEncrypt(ica_adapter_handle_t adapter_handle,
+ unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_aes_vector_t *iv,
+ unsigned int key_length,
+ unsigned char *aes_key,
+ unsigned int *output_length,
+ unsigned char *output_data);
+ * @deprecated Use ica_aes_decrypt() instead.
+ * @see ica_aes_decrypt()
+ * Decrypt data using AES (key_length is 16, 24, or 32)
+ * @adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param mode
+ * Specifies the operational mode and must be:
+ * MODE_ECB - Use Electronic Code Book mode
+ * MODE_CBC - Use Cipher Block Chaining mode
+ * @param data_length
+ * Specifies the byte length of the input data. Must be a mutiple of the cipher
+ * block.
+ * @param input_data
+ * Pointer to the input data data to be decrypted.
+ * @param iv
+ * Pointer to a valid 16 byte initialization vector.
+ * @param key_length
+ * Length of the AES key being used.
+ * @param aes_key
+ * Pointer to the AES key.
+ * @param output_length
+ * On input specifies the length of the output_data buffer and must be as large
+ * as data_length. On output it contains the actual byte length of the data
+ * returned in output_data.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting decrypted data.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails. This should never happen.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaAesDecrypt(ica_adapter_handle_t adapter_handle,
+ unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_aes_vector_t *iv,
+ unsigned int key_length,
+ unsigned char *aes_key,
+ unsigned int *output_length,
+ unsigned char *output_data);
+ * @deprecated icaDesMac(): This is no longer supported. Only a protoype.
+ * Will be deleted with the next update.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaDesMac(ICA_ADAPTER_HANDLE hAdapterHandle,
+ unsigned int dataLength,
+ unsigned char *pInputData,
+ ica_des_vector_t *pIcv,
+ ica_des_key_single_t *pKeyDes,
+ unsigned int *pOutputDataLength,
+ unsigned char *pOutputData);
+ * @deprecated icaTDesMac(): This is no longer supported. Only a prototype.
+ * Will be deleted with the next updated.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaTDesMac(ICA_ADAPTER_HANDLE hAdapterHandle,
+ unsigned int inputDataLength,
+ unsigned char *pInputData,
+ ica_des_vector_t *pIcv,
+ ica_des_key_triple_t *pKeyDes,
+ unsigned int *pOutputDataLength,
+ unsigned char *pOutputData);
+ * @deprecated Use ica_sha1() instead.
+ * @see ica_sha1()
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param message_part
+ * The message chaining state. Must be one of the following:
+ * SHA_MSG_PART_ONLY - A single hash operation
+ * SHA_MSG_PART_FIRST - The first part
+ * SHA_MSG_PART_MIDDLE - The middle part
+ * SHA_MSG_PART_FINAL - The last part
+ * @param input_length
+ * The byte length of the input data to be SHA-1 hashed and must be greater
+ * than zero.
+ * @param input_data
+ * Pointer to the input data data.
+ * @param context_length
+ * Specifies the length of the SHA message context structure.
+ * @param sha_context
+ * Pointer to the SHA-1 context structure used to store the intermediate values
+ * when chaining is used. The application must not modify the contents of this
+ * structure when chaining is used.
+ * @param output_length
+ * On input specifies the length of the output_data buffer and must be greater
+ * than 20. On output it contains the actual byte length of the hash returned
+ * in output_data.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting hash data.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given
+ * EIO if the operation fails. This should never happen.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaSha1(ica_adapter_handle_t adapter_handle,
+ unsigned int message_part,
+ unsigned int input_length,
+ unsigned char *input_data,
+ unsigned int context_length,
+ sha_context_t *sha_context,
+ unsigned int *output_length,
+ unsigned char *output_data);
+ * @deprecated Use ica_sha224() instead.
+ * @see ica_sha224()
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param message_part
+ * The message chaining state. Must be one of the following:
+ * SHA_MSG_PART_ONLY - A single hash operation
+ * SHA_MSG_PART_FIRST - The first part
+ * SHA_MSG_PART_MIDDLE - The middle part
+ * SHA_MSG_PART_FINAL - The last part
+ * @param input_length
+ * The byte length of the input data to be SHA-224 hashed and must be greater
+ * than zero.
+ * @param input_data
+ * Pointer to the input data data.
+ * @param context_length
+ * Specifies the length of the SHA-256 message context structure.
+ * @param sha256_context
+ * Pointer to the SHA-256 context structure used to store the intermediate
+ * values when chaining is used. The application must not modify the contents
+ * of this structure when chaining is used.
+ * Note: Due to the algorithm used by SHA-224 a SHA-256 context must be used.
+ * @param output_length
+ * On input specifies the length of the output_data buffer and must be greater
+ * than LENGTH_SHA256_HASH. On output itcontains the actual byte length of the
+ * hash returned in output_data.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting hash data.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given
+ * EIO if the operation fails. This should never happen.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaSha224(ica_adapter_handle_t adapter_handle,
+ unsigned int message_part,
+ unsigned int input_length,
+ unsigned char *input_data,
+ unsigned int context_length,
+ sha256_context_t *sha256_context,
+ unsigned int *output_length,
+ unsigned char *output_data);
+ * @deprecated Use ica_sha256() instead.
+ * @see ica_sha256()
+ * Perform secure hash on input data using the SHA-256 algorithm.
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param message_part
+ * The message chaining state. Must be one of the following:
+ * SHA_MSG_PART_ONLY - A single hash operation
+ * SHA_MSG_PART_FIRST - The first part
+ * SHA_MSG_PART_MIDDLE - The middle part
+ * SHA_MSG_PART_FINAL - The last part
+ * @param input_length
+ * The byte length of the input data to be SHA-256 hashed and must be greater
+ * than zero.
+ * @param input_data
+ * Pointer to the input data data.
+ * @param context_length
+ * Specifies the length of the SHA-256 message context structure.
+ * @param sha256_context
+ * Pointer to the SHA-256 context structure used to store the intermediate
+ * values when chaining is used. The application must not modify the contents
+ * of this structure when chaining is used.
+ * @param output_length
+ * On input specifies the length of the output_data buffer and must be greater
+ * than LENGTH_SHA256_HASH. On output it contains the actual byte length of the
+ * hash returned in output_data.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting hash data.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given
+ * EIO if the operation fails. This should never happen.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaSha256(ica_adapter_handle_t adapter_handle,
+ unsigned int message_part,
+ unsigned int input_length,
+ unsigned char *input_data,
+ unsigned int context_length,
+ sha256_context_t *sha256_context,
+ unsigned int *output_length,
+ unsigned char *output_data);
+ * @deprecated Use ica_sha384() instead.
+ * @see ica_sha384()
+ * Perform secure hash on input data using the SHA-384 algorithm.
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param message_part
+ * The message chaining state. Must be one of the following:
+ * SHA_MSG_PART_ONLY - A single hash operation
+ * SHA_MSG_PART_FIRST - The first part
+ * SHA_MSG_PART_MIDDLE - The middle part
+ * SHA_MSG_PART_FINAL - The last part
+ * @param input_length
+ * The byte length of the input data to be SHA-384 hashed and must be greater
+ * than zero.
+ * @param input_data
+ * Pointer to the input data data.
+ * @param context_length
+ * Specifies the length of the SHA-384 message context structure.
+ * @param sha512_context
+ * Pointer to the SHA-512 context structure used to store the intermediate
+ * values when chaining is used. The application must not modify the contents
+ * of this structure when chaining is used.
+ * Note: Due to the algorithm used by SHA-384 a SHA-512 context must be used.
+ * @param output_length
+ * On input specifies the length of the output_data buffer and must be greater
+ * than LENGTH_SHA384_HASH. On output it contains the actual byte length of the
+ * hash returned in output_data.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting hash data.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given
+ * EIO if the operation fails. This should never happen.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaSha384(ica_adapter_handle_t adapter_handle,
+ unsigned int message_part,
+ unsigned int input_length,
+ unsigned char *input_data,
+ unsigned int context_length,
+ sha512_context_t *sha512_context,
+ unsigned int *output_length,
+ unsigned char *output_data);
+ * @deprecated Use ica_sha512() instead
+ * Perform secure hash on input data using the SHA-512 algorithm.
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param message_part
+ * The message chaining state. Must be one of the following:
+ * SHA_MSG_PART_ONLY - A single hash operation
+ * SHA_MSG_PART_FIRST - The first part
+ * SHA_MSG_PART_MIDDLE - The middle part
+ * SHA_MSG_PART_FINAL - The last part
+ * @param input_length
+ * The byte length of the input data to be SHA-512 hashed and must be
+ * greater than zero.
+ * @param input_data
+ * Pointer to the input data data.
+ * @param context_length
+ * Specifies the length of the SHA-512 message context structure.
+ * @param sha512_context
+ * Pointer to the SHA-512 context structure used to store the intermediate
+ * values when chaining is used. The application must not modify the contents
+ * of this structure when chaining is used.
+ * @param output_length
+ * On input specifies the length of the output_data buffer and must be greater
+ * than LENGTH_SHA512_HASH. On output it contains the actual byte length of
+ * the hash returned in output_data.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting hash data.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given
+ * EIO if the operation fails. This should never happen.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaSha512(ica_adapter_handle_t adapter_handle,
+ unsigned int message_part,
+ unsigned int input_length,
+ unsigned char *input_data,
+ unsigned int context_length,
+ sha512_context_t *sha512_context,
+ unsigned int *output_length,
+ unsigned char *output_data);
+ * @deprecated Use ica_random_number_generate() instead.
+ * @see ica_random_number_generate()
+ * Generate a random number.
+ * @param adapter_handle
+ * Dummy value.
+ * @param output_length
+ * Specifies the byte length of the output_data buffer and the desired length
+ * of the random number.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting random number.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given
+ * ENODEV if neither /dev/hwrng nor /dev/urandom are available.
+ * EIO if the operation fails. This should never happen.
+ */
+__attribute__ ((__deprecated__))
+unsigned int icaRandomNumberGenerate(ica_adapter_handle_t adapter_handle,
+ unsigned int output_length,
+ unsigned char *output_data);
+struct mech_list_item;
+void generate_pkcs11_mech_list(struct mech_list_item *head);
+ */
+ * Opens the specified adapter
+ * @param adapter_handle Pointer to the file descriptor for the adapter or
+ * to DRIVER_NOT_LOADED if opening the crypto adapter failed.
+ *
+ * @return 0 as long as a valid parameter is given.
+ * EINVAL for invalid parameter.
+ */
+unsigned int ica_open_adapter(ica_adapter_handle_t *adapter_handle);
+ * Closes a device handle.
+ * @param adapter_handle Pointer to a previously opened device handle.
+ *
+ * @return 0 if successful.
+ * errno of close() if unsuccessful
+ */
+unsigned int ica_close_adapter(ica_adapter_handle_t adapter_handle);
+ * Generate a random number.
+ *
+ * Required HW Support
+ *
+ * @param output_length
+ * Specifies the byte length of the output_data buffer and the desired length
+ * of the random number.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting random number.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given
+ * ENODEV if neither /dev/hwrng nor /dev/urandom are available.
+ * EIO if the operation fails. This should never happen.
+ */
+unsigned int ica_random_number_generate(unsigned int output_length,
+ unsigned char *output_data);
+ * Perform secure hash on input data using the SHA-1 algorithm.
+ *
+ * Required HW Support
+ * KIMD-SHA-1, or KLMD-SHA-1
+ *
+ * @param message_part
+ * The message chaining state. Must be one of the following:
+ * SHA_MSG_PART_ONLY - A single hash operation
+ * SHA_MSG_PART_FIRST - The first part
+ * SHA_MSG_PART_MIDDLE - The middle part
+ * SHA_MSG_PART_FINAL - The last part
+ * @param input_length
+ * The byte length of the input data to be SHA-1 hashed and must be greater
+ * than zero.
+ * @param input_data
+ * Pointer to the input data data.
+ * @param sha_context
+ * Pointer to the SHA-1 context structure used to store intermediate values
+ * needed when chaining is used. The contents are ignored for message part
+ * SHA_MSG_PART_ONLY and SHA_MSG_PART_FIRST. This structure must
+ * contain the returned value of the preceding call to ica_sha1 for message
+ * part SHA_MSG_PART_MIDDLE and SHA_MSG_PART_FINAL. For message part
+ * SHA_MSG_PART_FIRST and SHA_MSG_PART_FINAL, the returned value can
+ * be used for a chained call of ica_sha1. Therefore, the application must
+ * not modify the contents of this structure in between chained calls.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting hash data. The resulting
+ * output data will have a length of SHA_HASH_LENGTH. Make sure buffer has
+ * at least this size.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given
+ * EIO if the operation fails. This should never happen.
+ */
+unsigned int ica_sha1(unsigned int message_part,
+ unsigned int input_length,
+ unsigned char *input_data,
+ sha_context_t *sha_context,
+ unsigned char *output_data);
+ * Perform secure hash on input data using the SHA-224 algorithm.
+ *
+ * Required HW Support
+ * KIMD-SHA-256, or KLMD-SHA-256
+ *
+ * @param message_part
+ * The message chaining state. Must be one of the following:
+ * SHA_MSG_PART_ONLY - A single hash operation
+ * SHA_MSG_PART_FIRST - The first part
+ * SHA_MSG_PART_MIDDLE - The middle part
+ * SHA_MSG_PART_FINAL - The last part
+ * @param input_length
+ * The byte length of the input data to be SHA-224 hashed and must be greater
+ * than zero.
+ * @param input_data
+ * Pointer to the input data.
+ * @param sha256_context
+ * Pointer to the SHA-256 context structure used to store intermediate values
+ * needed when chaining is used. The contents are ignored for message part
+ * SHA_MSG_PART_ONLY and SHA_MSG_PART_FIRST. This structure must
+ * contain the returned value of the preceding call to ica_sha224 for message
+ * part SHA_MSG_PART_MIDDLE and SHA_MSG_PART_FINAL. For message part
+ * SHA_MSG_PART_FIRST and SHA_MSG_PART_FINAL, the returned value can
+ * be used for a chained call of ica_sha224. Therefore, the application must
+ * not modify the contents of this structure in between chained calls.
+ * Note: Due to the algorithm used by SHA-224, a SHA-256 context must be
+ * used.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting hash data. The resulting
+ * output data will have a length of SHA224_HASH_LENGTH. Make sure buffer has
+ * at least this size.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given
+ * EIO if the operation fails. This should never happen.
+ */
+unsigned int ica_sha224(unsigned int message_part,
+ unsigned int input_length,
+ unsigned char *input_data,
+ sha256_context_t *sha256_context,
+ unsigned char *output_data);
+ * Perform secure hash on input data using the SHA-256 algorithm.
+ *
+ * Required HW Support
+ * KIMD-SHA-256, or KLMD-SHA-256
+ *
+ * @param message_part
+ * The message chaining state. Must be one of the following:
+ * SHA_MSG_PART_ONLY - A single hash operation
+ * SHA_MSG_PART_FIRST - The first part
+ * SHA_MSG_PART_MIDDLE - The middle part
+ * SHA_MSG_PART_FINAL - The last part
+ * @param input_length
+ * The byte length of the input data to be SHA-256 hashed and must be greater
+ * than zero.
+ * @param input_data
+ * Pointer to the input data.
+ * @param sha256_context
+ * Pointer to the SHA-256 context structure used to store intermediate values
+ * needed when chaining is used. The contents are ignored for message part
+ * SHA_MSG_PART_ONLY and SHA_MSG_PART_FIRST. This structure must
+ * contain the returned value of the preceding call to ica_sha256 for message part
+ * SHA_MSG_PART_MIDDLE and SHA_MSG_PART_FINAL. For message part
+ * SHA_MSG_PART_FIRST and SHA_MSG_PART_FINAL, the returned value can
+ * be used for a chained call of ica_sha256. Therefore, the application must not
+ * modify the contents of this structure in between chained calls.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting hash data. The resulting output
+ * data will have a length of SHA256_HASH_LENGTH. Make sure that the buffer
+ * has is at least this size.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given
+ * EIO if the operation fails. This should never happen.
+ */
+unsigned int ica_sha256(unsigned int message_part,
+ unsigned int input_length,
+ unsigned char *input_data,
+ sha256_context_t *sha256_context,
+ unsigned char *output_data);
+ * Perform secure hash on input data using the SHA-384 algorithm.
+ *
+ * Required HW Support
+ * KIMD-SHA-512, or KLMD-SHA-512
+ *
+ * @param message_part
+ * The message chaining state. Must be one of the following:
+ * SHA_MSG_PART_ONLY - A single hash operation
+ * SHA_MSG_PART_FIRST - The first part
+ * SHA_MSG_PART_MIDDLE - The middle part
+ * SHA_MSG_PART_FINAL - The last part
+ * @param input_length
+ * The byte length of the input data to be SHA-384 hashed and must be greater
+ * than zero.
+ * @param input_data
+ * Pointer to the input data.
+ * @param sha512_context
+ * Pointer to the SHA-512 context structure used to store intermediate values
+ * needed when chaining is used. The contents are ignored for message part
+ * SHA_MSG_PART_ONLY and SHA_MSG_PART_FIRST. This structure must
+ * contain the returned value of the preceding call to ica_sha384 for message
+ * part SHA_MSG_PART_MIDDLE and SHA_MSG_PART_FINAL. For message part
+ * SHA_MSG_PART_FIRST and SHA_MSG_PART_FINAL, the returned value can
+ * be used for a chained call of ica_sha384. Therefore, the application must
+ * not modify the contents of this structure in between chained calls.
+ * Note: Due to the algorithm used by SHA-384, a SHA-512 context must be
+ * used.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting hash data. The resulting
+ * output data will have a length of SHA384_HASH_LENGTH. Make sure buffer has
+ * at least this size.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given
+ * EIO if the operation fails. This should never happen.
+ */
+unsigned int ica_sha384(unsigned int message_part,
+ uint64_t input_length,
+ unsigned char *input_data,
+ sha512_context_t *sha512_context,
+ unsigned char *output_data);
+ * Perform secure hash on input data using the SHA-512 algorithm.
+ *
+ * Required HW Support
+ * KIMD-SHA-512, or KLMD-SHA-512
+ *
+ * @param message_part
+ * The message chaining state. Must be one of the following:
+ * SHA_MSG_PART_ONLY - A single hash operation
+ * SHA_MSG_PART_FIRST - The first part
+ * SHA_MSG_PART_MIDDLE - The middle part
+ * SHA_MSG_PART_FINAL - The last part
+ * @param input_length
+ * The byte length of the input data to be SHA-512 hashed and must be greater
+ * than zero.
+ * @param input_data
+ * Pointer to the input data.
+ * @param sha512_context
+ * Pointer to the SHA-512 context structure used to store intermediate values
+ * needed when chaining is used. The contents are ignored for message part
+ * SHA_MSG_PART_ONLY and SHA_MSG_PART_FIRST. This structuremust
+ * contain the returned value of the preceding call to ica_sha512 for message
+ * part SHA_MSG_PART_MIDDLE and SHA_MSG_PART_FINAL. For message part
+ * SHA_MSG_PART_FIRST and SHA_MSG_PART_FINAL, the returned value can
+ * be used for a chained call of ica_sha512. Therefore, the application must
+ * not modify the contents of this structure in between chained calls.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting hash data. The resulting
+ * output data will have a length of SHA512_HASH_LENGTH. Make sure buffer has
+ * at least this size.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given
+ * EIO if the operation fails. This should never happen.
+ */
+unsigned int ica_sha512(unsigned int message_part,
+ uint64_t input_length,
+ unsigned char *input_data,
+ sha512_context_t *sha512_context,
+ unsigned char *output_data);
+ * Generate RSA keys in modulus/exponent format.
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param modulus_bit_length
+ * Specifies the bit length of the modulus. This value should comply with
+ * length of the keys.
+ * @param public_key
+ * Pointer to where the generated public key is to be placed. If the exponent
+ * element in the public key is not set, it will be randomly generated. A not
+ * well chosen exponent may result in the program loooping endlessly. Common
+ * public exponents are 3 and 65537.
+ * @param private_key
+ * Pointer to where the generated private key in modulus/exponent format is to
+ * be placed. Length of both private and public key should be set in bytes.
+ * This value should comply with modulus bit length. Make sure that buffers in
+ * the keys fit to this length.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * errno of OpenSSL key generation if it should fail.
+ */
+unsigned int ica_rsa_key_generate_mod_expo(ica_adapter_handle_t adapter_handle,
+ unsigned int modulus_bit_length,
+ ica_rsa_key_mod_expo_t *public_key,
+ ica_rsa_key_mod_expo_t *private_key);
+ * Generate RSA keys in CRT format.
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param modulus_bit_length
+ * Specifies the bit length of the modulus. This value should comply with
+ * length of the keys.
+ * @param public_key
+ * Pointer to where the generated public key is to be placed. If the exponent
+ * element in the public key is not set, it will be randomly generated. A not
+ * well chosen exponent may result in the program loooping endlessly. Common
+ * public exponents are 3 and 65537.
+ * @param private_key
+ * Pointer to where the generated private key in CRT format is to be placed.
+ * Length of both private and public key should be set in bytes. This value
+ * should comply with modulus bit length. Make sure that buffers in the keys
+ * fit to this length.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * errno of OpenSSL key generation if it should fail.
+ */
+unsigned int ica_rsa_key_generate_crt(ica_adapter_handle_t adapter_handle,
+ unsigned int modulus_bit_length,
+ ica_rsa_key_mod_expo_t *public_key,
+ ica_rsa_key_crt_t *private_key);
+ * @brief Perform a RSA encryption/decryption operation using a key in
+ * modulus/exponent form.
+ *
+ * Make sure your message is padded before using this function. Otherwise you
+ * will risk security!
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param input_data
+ * Pointer to input data to be encrypted/decrypted and is in big endian format.
+ * Make sure input data is not longer than bit length of the key! Byte length
+ * has to be the same. Thus right justify input data inside the data block.
+ * @param rsa_key
+ * Pointer to the key to be used, in modulus/exponent format.
+ * @param output_data
+ * Pointer to where the output results are to be placed.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * ENOMEM if memory allocation fails.
+ * EIO if the operation fails. This should never happen.
+ */
+unsigned int ica_rsa_mod_expo(ica_adapter_handle_t adapter_handle,
+ unsigned char *input_data,
+ ica_rsa_key_mod_expo_t *rsa_key,
+ unsigned char *output_data);
+ * @brief Perform a RSA encryption/decryption operation using a key in CRT
+ * form.
+ *
+ * Make sure your message is padded before using this function. Otherwise you
+ * will risk security!
+ * @param adapter_handle
+ * Pointer to a previously opened device handle.
+ * @param input_data
+ * Pointer to input data to be encrypted/decrypted and is in big endian format.
+ * Make sure input data is not longer than bit length of the key! Byte length
+ * has to be the same. Thus right justify input data inside the data block.
+ * @param rsa_key
+ * Pointer to the key to be used, in CRT format.
+ * @param output_data
+ * Pointer to where the output results are to be placed. Buffer has to be as
+ * large as the input_data and length of the modulus specified in rsa_key.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * ENOMEM if memory allocation fails.
+ * EIO if the operation fails. This should never happen.
+ */
+unsigned int ica_rsa_crt(ica_adapter_handle_t adapter_handle,
+ unsigned char *input_data,
+ ica_rsa_key_crt_t *rsa_key,
+ unsigned char *output_data);
+ * Check if RSA key credentials in CRT format are presented in
+ * privileged form, respectively prime 'p' > prime 'q'.
+ *
+ * In case of 'p' < 'q', key credentials 'p' and 'q' as well as 'dp'
+ * and 'dq' will be swapped and qInverse will be recalculated.
+ *
+ * @return
+ * 0 if all key credentials are in the correct format.
+ * 1 if the key credentials were re-calculated.
+ * ENOMEM if memory allocation fails.
+ */
+unsigned int ica_rsa_crt_key_check(ica_rsa_key_crt_t *rsa_key);
+ * @deprecated, use ica_des_ecb() or ica_des_cbc() instead.
+ *
+ * Encrypt data using a single length DES key.
+ * @param mode Specifies the operational mode and must be:
+ * MODE_ECB - Use Electronic Code Book mode
+ * MODE_CBC - Use Cipher Block Chaining mode
+ * @param data_length
+ * Specifies the byte length of the input data. It has to be a multiple of the
+ * cipher block which has a size of 8 byte.
+ * @param input_data
+ * Pointer to the input data data to be encrypted. Must be a multiple of the
+ * cipher to use hw acceleration.
+ * @param iv
+ * Pointer to a valid 8 byte initialization vector when using CBC mode.
+ * @param des_key
+ * Pointer to a single length DES key.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting encrypted data. Must be a
+ * multiple of the cipher block and at least as big as the buffer for
+ * input_data.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails. This should never happen.
+ */
+unsigned int ica_des_encrypt(unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_des_vector_t *iv,
+ ica_des_key_single_t *des_key,
+ unsigned char *output_data);
+ * @deprecated, use ica_des_ecb() or ica_des_cbc() instead.
+ *
+ * Decrypt data using a single length DES key.
+ * @param mode
+ * Specifies the operational mode and must be:
+ * MODE_ECB - Use Electronic Code Book mode
+ * MODE_CBC - Use Cipher Block Chaining mode
+ * @param data_length
+ * Specifies the byte length of the input data. It has to be a multiple of the
+ * cipher block which has a size of 8 byte.
+ * @param input_data
+ * Pointer to the input data data to be decrypted. Must be a multiple of the
+ * cipher to use hw acceleration.
+ * @param iv
+ * Pointer to a valid 8 byte initialization vector when using CBC mode.
+ * @param des_key
+ * Pointer to a single length DES key.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting decrypted data. Must be a
+ * multiple of the cipher block and at least as big as the buffer for
+ * input_data.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails. This should never happen.
+ */
+unsigned int ica_des_decrypt(unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_des_vector_t *iv,
+ ica_des_key_single_t *des_key,
+ unsigned char *output_data);
+ * @deprecated, use ica_3des_ecb() or ica_3des_cbc() instead.
+ *
+ * Encrypt data using a triple length DES key.
+ * @param mode
+ * Specifies the operational mode and must be:
+ * MODE_ECB - Use Electronic Code Book mode
+ * MODE_CBC - Use Cipher Block Chaining mode
+ * @param data_length
+ * Specifies the byte length of the input data. It has to be a multiple of the
+ * cipher block which has a size of 8 byte.
+ * @param input_data
+ * Pointer to the input data data to be encrypted. Must be a multiple of the
+ * cipher block to use hw acceleration.
+ * @param iv
+ * Pointer to a valid 8 byte initialization vector when using CBC mode.
+ * @param des_key
+ * Pointer to a triple length DES key.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting encrypted data. Must be a
+ * multiple of the cipher block and at least as big as the buffer for
+ * input_data.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails. This should never happen.
+ */
+unsigned int ica_3des_encrypt(unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_des_vector_t *iv,
+ ica_des_key_triple_t *des_key,
+ unsigned char *output_data);
+ * @deprecated, use ica_3des_ecb() or ica_3des_cbc() instead.
+ *
+ * Decrypt data using a triple length DES key.
+ * @param mode
+ * Specifies the operational mode and must be:
+ * MODE_ECB - Use Electronic Code Book mode
+ * MODE_CBC - Use Cipher Block Chaining mode
+ * @param data_length
+ * Specifies the byte length of the input data. It has to be a multiple of the
+ * cipher block which has a size of 8 byte.
+ * @param input_data
+ * Pointer to the input data data to be decrypted. Must be a multiple of the
+ * cipher block to use hw acceleration.
+ * @param iv
+ * Pointer to a valid 8 byte initialization vector when using CBC mode.
+ * @param des_key
+ * Pointer to a triple length DES key.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting decrypted data. Must be a
+ * multiple of the cipher block and at least as big as the buffer for
+ * input_data.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails. This should never happen.
+ */
+unsigned int ica_3des_decrypt(unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_des_vector_t *iv,
+ ica_des_key_triple_t *des_key,
+ unsigned char *output_data);
+ * @deprecated, use ica_aes_ecb() or ica_aes_cbc() instead.
+ *
+ * Encrypt data using AES (key_length is 16, 24, or 32)
+ * @param mode
+ * Specifies the operational mode and must be:
+ * MODE_ECB - Use Electronic Code Book mode
+ * MODE_CBC - Use Cipher Block Chaining mode
+ * @param data_length
+ * Specifies the byte length of the input data. Input data length has to be
+ * a multiple of the AES block length, which is 16 bytes.
+ * @param input_data
+ * Pointer to the input data data to be encrypted. Must be a multiple of the
+ * cipher block to use hw acceleration.
+ * @param iv
+ * Pointer to a valid 16 byte initialization vector when using CBC mode.
+ * @param key_length
+ * Length of the AES key being used.
+ * @param aes_key
+ * Pointer to an AES key.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting encrypted data. Must be a
+ * multiple of the cipher block and at least as big as the buffer for
+ * input_data.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails. This should never happen.
+ */
+unsigned int ica_aes_encrypt(unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_aes_vector_t *iv,
+ unsigned int key_length,
+ unsigned char *aes_key,
+ unsigned char *output_data);
+ * @deprecated, use ica_aes_ecb() or ica_aes_cbc() instead.
+ *
+ * Decrypt data using AES (key_length is 16, 24, or 32)
+ * @param mode
+ * Specifies the operational mode and must be:
+ * MODE_ECB - Use Electronic Code Book mode
+ * MODE_CBC - Use Cipher Block Chaining mode
+ * @param data_length
+ * Specifies the byte length of the input data. Input data length has to be
+ * a multiple of the AES block length, which is 16 bytes.
+ * @param input_data
+ * Pointer to the input data to be decrypted. Must be a multiple of the
+ * cipher block to use hw acceleration.
+ * @param iv
+ * Pointer to a valid 16 byte initialization vector when using CBC mode.
+ * @param key_length
+ * Length of the AES key being used.
+ * @param aes_key
+ * Pointer to an AES key.
+ * @param output_data
+ * Pointer to the buffer to contain the resulting decrypted data. Must be a
+ * multiple of the cipher block and at least as big as the buffer for
+ * input_data.
+ *
+ * @return 0 if successful.
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails. This should never happen.
+ */
+unsigned int ica_aes_decrypt(unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_aes_vector_t *iv,
+ unsigned int key_length,
+ unsigned char *aes_key,
+ unsigned char *output_data);
+ * Encrypt or decrypt data with an DES key using Electronic Cook Book (ECB)
+ * mode as described in NIST Special Publication 800-38A Chapter 6.1.
+ *
+ * Required HW Support
+ * KM-DEA-192
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writeable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data. data_length must be a multiple of the cipher block
+ * size (i.e. a multiple of 8 for DES).
+ * @param key
+ * Pointer to a valid DES key of 8 bytes length.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails.
+ */
+unsigned int ica_des_ecb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned int direction);
+ * Encrypt or decrypt data with an DES key using Cipher Block Chaining (CBC)
+ * mode as described in NIST Special Publication 800-38A Chapter 6.2.
+ *
+ * Required HW Support
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data. data_length must be a multiple of the cipher block
+ * size (i.e. a multiple of 8 for DES).
+ * @param key
+ * Pointer to a valid DES key of 8 bytes length.
+ * @param iv
+ * Pointer to a valid initialization vector of cipher block size bytes. This
+ * vector will be overwritten during the function. The result value in iv may
+ * be used as initialization vector for a chained ica_des_cbc call with the
+ * same key.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails.
+ */
+unsigned int ica_des_cbc(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned char *iv,
+ unsigned int direction);
+ * Encrypt or decrypt data with an DES key using Cipher Block Chaining with
+ * Ciphertext Stealing (CBC-CS) mode as described in NIST Special Publication
+ * 800-38A Chapter 6.2 and the Addendum to NIST Special Publication 800-38A on
+ * Recommendation for Block Cipher Modes of Operation: Three Variants of
+ * Ciphertext Stealing for CBC Moder:
+ * ica_des_cbc_cs may be used to encrypt or decrypt the last chunk of a
+ * message consisting of multiple chunks where all but the last chunk are
+ * encrypted or decrypted by chained calls to ica_des_cbc and the resulting
+ * iv of the last call to ica_des_cbc is fed into the iv of the ica_des_cbc_cs
+ * call provided the chunk is greater than cipher block size (greater than
+ * 8 bytes for DES).
+ *
+ * Required HW Support
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer
+ * in bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data. data_length must be greater than or equal to the
+ * cipher block size (i.e. a multiple of 8 bytes for DES).
+ * @param key
+ * Pointer to a valid DES key of 8 bytes length.
+ * @param iv
+ * Pointer to a valid initialization vector of cipher block size bytes.
+ * This vector will be overwritten during the function. For variant equals 1
+ * or variant equals 2 the result value in iv may be used as initialization
+ * vector for a chained ica_des_cbc call with the same key if data_length is
+ * a multiple of the cipher block size.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ * @param variant
+ * 1 Use variant CBC-CS1 of the Addendum to NIST Special Publication 800-38A
+ * to encrypt or decrypt the message: keep last two blocks in order.
+ * 2 Use variant CBC-CS2 of the Addendum to NIST Special Publication 800-38A
+ * to encrypt or decrypt the message: switch order of the last two blocks
+ * if data_length is not a multiple of the cipher block size (i.e. a
+ * multiple of 8 for DES).
+ * 3 Use variant CBC-CS3 of the Addendum to NIST Special Publication 800-38A
+ * to encrypt or decrypt the message: always switch order of the last two
+ * blocks.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_des_cbc_cs(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned char *iv,
+ unsigned int direction,
+ unsigned int variant);
+ * Encrypt or decrypt data with an DES key using Cipher Feedback (CFB) mode as
+ * described in NIST Special Publication 800-38A Chapter 6.3.
+ *
+ * Required HW Support
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data.
+ * @param key
+ * Pointer to a valid DES key of 8 bytes length.
+ * @param iv
+ * Pointer to a valid initialization vector of cipher block size bytes (8 bytes
+ * for DES). This vector will be overwritten during the function. The result
+ * value in iv may be used as initialization vector for a chained ica_des_cfb
+ * call with the same key if data_length in the preceding call is a multiple of
+ * lcfb.
+ * @param lcfb
+ * Length in bytes of the cipher feedback which is a value greater than or
+ * equal to 1 and less than or equal to the cipher block size (i.e. 8 for DES).
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_des_cfb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned char *iv, unsigned int lcfb,
+ unsigned int direction);
+ * Encrypt or decrypt data with an DES key using Counter (CTR) mode as
+ * described in NIST Special Publication 800-38A Chapter 6.5. With the counter
+ * mode each message block of size cipher block size (i.e. 8 bytes for DES) is
+ * combined with a counter value of the same size during encryption and
+ * decryption. Starting with an initial counter value to be combined with the
+ * first message block subsequent counter values to be combined with subsequent
+ * message blocks will be derived from preceding counter values by an increment
+ * function. The increment function used in ica_des_ctr is s an arithmetic
+ * increment without carry on the U least significant bytes in the counter
+ * where M is a parameter to ica_des_ctr.
+ *
+ * Required HW Support
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data.
+ * @param key
+ * Pointer to a valid DES key of 8 bytes length.
+ * @param ctr
+ * Pointer to a readable and writable buffer of size cipher block size bytes.
+ * ctr contains an initialization value for a counter function and it will be
+ * replaced by a new value. That new value can be used as an initialization
+ * value for a counter function in a chained ica_des_ctr call with the same key
+ * if data_length used in the preceding call is a multiple of the cipher block
+ * size.
+ * @param ctr_width
+ * A number U between 1 and cipher block size. The value is used by the counter
+ * increment function which increments a counter value by incrementing without
+ * carry the least significant U bytes of the counter value.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_des_ctr(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key,
+ unsigned char *ctr, unsigned int ctr_width,
+ unsigned int direction);
+ * Encrypt or decrypt data with an DES key using Counter (CTR) mode as
+ * described in NIST Special Publication 800-38A, Chapter 6.5. With the counter
+ * mode each message block of size cipher block size is combined with a counter
+ * value of the same size during encryption and decryption. The ica_des_ctrlist
+ * function assumes that a list n of precomputed counter values is provided
+ * where n is the smallest integer that is less or equal to the message size
+ * divided by the cipher block size. This function allows to optimally exploit
+ * System z HW support for non-standard counter functions.
+ *
+ * Required HW Support
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data. If data_length is a multiple of the cipher block size
+ * then calls of ica_des_ctrlist with the same key can be chained if ctrlist
+ * argument of the chained call contains a list of counters that follows the
+ * counters used in the first call and data_length used in the preceding call
+ * is a multiple of the cipher block size.
+ * @param key
+ * Pointer to a valid DES key of 8 bytes length.
+ * @param ctrlist
+ * Pointer to a readable buffer of that is both of size greater than or equal
+ * to data_length and a multiple of the cipher block size (i.e. 8 bytes for
+ * DES). ctrlist should contain a list of precomputed counter values of size
+ * cipher block size each.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_des_ctrlist(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key,
+ const unsigned char *ctrlist,
+ unsigned int direction);
+ * Encrypt or decrypt data with an DES key using Output Feedback (OFB) mode as
+ * described in NIST Special Publication 800-38A Chapter 6.4.
+ *
+ * Required HW Support
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that contains the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data.
+ * @param key
+ * Pointer to a valid DES key of 8 bytes length.
+ * @param iv
+ * Pointer to a valid initialization vector of cipher block size bytes (8 bytes
+ * for DES). This vector will be overwritten during the function. If
+ * data_length is a multiple of the cipher block size (i.e. a multiple of 8 for
+ * DES) the result value in iv may be used as initialization vector for a
+ * chained ica_des_ofb call with the same key.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_des_ofb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned char *iv, unsigned int direction);
+ * Authenticate data or verify the authenticity of data with an DES key using
+ * the Block Cipher Based Message Authetication Code (CMAC) mode as described
+ * in NIST Special Publication 800-38B. ica_des_cmac can be used to
+ * authenticate or verify the authenticity of a complete message.
+ *
+ * Required HW Support
+ * PCC-Compute-Last_block-CMAC-Using-DEA
+ *
+ * @param message
+ * Pointer to a readable buffer of size greater than or equal to message_length
+ * bytes. It contains a message to be authenticated or of which the
+ * authenticity shall be verified.
+ * @param message_length
+ * Length in bytes of the message to be authenticated or verified.
+ * @param mac
+ * Pointer to a buffer of size greater than or equal to mac_length bytes. If
+ * direction is 1 the buffer must be writable and a message authentication code
+ * for the message in message of size mac_length bytes will be written to the
+ * buffer. If direction is 0 the buffer must be readable and contain a message
+ * authentication code that will be verified against the message in message.
+ * @param mac_length
+ * Length in bytes of the message authentication code mac in bytes that is less
+ * than or equal to the cipher block size (i.e. 8 bytes for DES). It is
+ * recommended to use values greater than or equal to 8.
+ * @param key
+ * Pointer to a valid DES key of 8 bytes length.
+ * @param direction
+ * 0 or 1:
+ * 0 Verify message authentication code
+ * 1 Compute message authentication code for the message
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ * EFAULT if direction is 0 and the verification of the message authentication
+ * code fails.
+ */
+unsigned int ica_des_cmac(const unsigned char *message, unsigned long message_length,
+ unsigned char *mac, unsigned int mac_length,
+ unsigned char *key,
+ unsigned int direction);
+ * Authenticate data or verify the authenticity of data with an DES key using
+ * the Block Cipher Based Message Authentication Code (CMAC) mode as described
+ * in NIST Special Publication 800-38B.
+ * ica_des_cmc_intermediate and ica_des_cmac_last can be used when the message
+ * to be authenticated or to be verfied using CMAC is supplied in multiple
+ * chunks. ica_des_cmac_intermediate is used to process all but the last
+ * chunk. All message chunks to preprocessed by ica_des_cmac_intermediate
+ * must have a size that is a multiple of the cipher block size (i.e a
+ * multiple of 8 bytes for DES).
+ * Note: ica_des_cmac_intermediate has no direction argument it can be used
+ * during an authentication and during authenticity verification.
+ *
+ * Required HW Support
+ *
+ * @param message
+ * Pointer to a readable buffer of size greater than or equal to
+ * message_length bytes. It contains a non final part of a message which
+ * shall be authenticated or of which the authenticity shall be verified.
+ * @param message_length
+ * Length in bytes of the message part in message. It must be a multiple
+ * of the cipher block size.
+ * @param key
+ * Pointer to a valid DES key of 8 bytes length.
+ * @param iv
+ * Pointer to a valid initialization vector of size cipher block size (i.e.
+ * 8 bytes for DES). For the first message part it must be set to a string
+ * of zeros. For processing the n-th message part it must be the resulting iv
+ * value of the ica_des_cmac_intermediate applied to the (n-1)-th message
+ * part. This vector will be overwritten during the function. The result value
+ * in iv may be used as initialization vector for a chained call to
+ * ica_des_cmac_initermediate or to ica_des_cmac_last with the same key.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_des_cmac_intermediate(const unsigned char *message,
+ unsigned long message_length,
+ unsigned char *key,
+ unsigned char *iv);
+ * Authenticate data or verify the authenticity of data with an DES key using
+ * the Block Cipher Based Message Authentication Code (CMAC) mode as described
+ * in NIST Special Publication 800-38B.
+ * ica_des_cmac_last can be used to authenticate or verify the authenticity of
+ * a complete message or of the final part of a message for which all
+ * preceding parts were preprocessed with ica_des_cmac_intermediate.
+ *
+ * Required HW Support
+ * PCC-Compute-Last_block-CMAC-Using-DEA
+ *
+ * @param message
+ * Pointer to a readable buffer of size greater than or equal to message_length
+ * bytes. It contains a message or the final part of a message to be
+ * authenticated or of which the authenticity shall be verified.
+ * @param message_length
+ * Length in bytes of the message to be authenticated or verified.
+ * @param mac
+ * Pointer to a buffer of size greater than or equal to mac_length bytes.
+ * If direction is 1 the buffer must be writable and a message authentication
+ * code for the message in message of size mac_length bytes will be written to
+ * the buffer.
+ * If direction is 0 the buffer must be readable and contain a message
+ * authentication code that will be verified against the message in message.
+ * @param mac_length
+ * Length in bytes of the message authentication code mac in bytes that is less
+ * than or equal to the cipher block size (i.e. 8 bytes for DES). It is
+ * recommended to use values greater than or equal to 8.
+ * @param key
+ * Pointer to a valid DES key of 8 bytes length.
+ * @param iv
+ * Pointer to a valid initialization vector of size cipher block size. If iv is
+ * NULL message is assumed to be the complete message to be processed.
+ * Otherwise message is the final part of a composite message to be processed
+ * and iv contains the output vector resulting from processing all previous
+ * parts with chained calls to ica_aes_cmac_intermediate, i.e. the value
+ * returned in iv of the ica_des_cmac_intermediate call applied to the
+ * penultimate message part.
+ * @param direction
+ * 0 or 1:
+ * 0 Verify message authentication code
+ * 1 Compute message authentication code for the message
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ * EFAULT if direction is 0 and the verification of the message authentication
+ * code fails.
+ */
+unsigned int ica_des_cmac_last(const unsigned char *message, unsigned long message_length,
+ unsigned char *mac, unsigned int mac_length,
+ unsigned char *key,
+ unsigned char *iv,
+ unsigned int direction);
+ * Encrypt or decrypt data with an 3DES key using Electronic Cook Book (ECB)
+ * mode as described in NIST Special Publication 800-38A Chapter 6.1.
+ *
+ * Required HW Support
+ * KM-DEA-192
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writeable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data. data_length must be a multiple of the cipher block
+ * size (i.e. a multiple of 8 for 3DES).
+ * @param key
+ * Pointer to a valid 3DES key of 24 bytes length.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails.
+ */
+unsigned int ica_3des_ecb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned int direction);
+ * Encrypt or decrypt data with an 3DES key using Cipher Block Chaining (CBC)
+ * mode as described in NIST Special Publication 800-38A Chapter 6.2.
+ *
+ * Required HW Support
+ * KMC-TDEA-192
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data. data_length must be a multiple of the cipher block
+ * size (i.e. a multiple of 8 for 3DES).
+ * @param key
+ * Pointer to a valid 3DES key of 24 bytes length.
+ * @param iv
+ * Pointer to a valid initialization vector of cipher block size bytes. This
+ * vector will be overwritten during the function. The result value in iv may
+ * be used as initialization vector for a chained ica_3des_cbc call with the
+ * same key.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails.
+ */
+unsigned int ica_3des_cbc(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned char *iv,
+ unsigned int direction);
+ * Encrypt or decrypt data with an 3DES key using Cipher Block Chaining with
+ * Ciphertext Stealing (CBC-CS) mode as described in NIST Special Publication
+ * 800-38A Chapter 6.2 and the Addendum to NIST Special Publication 800-38A on
+ * "Recommendation for Block Cipher Modes of Operation: Three Variants of
+ * Ciphertext Stealing for CBC Mode":
+ * ica_3des_cbc_cs may be used to encrypt o decrypt the last chunk of a
+ * message consisting of multiple chunks where all but the last chunk are
+ * encrypted or decrypted by chained calls to ica_3des_cbc and the resulting
+ * iv of the last call to ica_3des_cbc is fed into the iv of the
+ * ica_3des_cbc_cs call provided the chunc is greater than cipher block size
+ * (greater than 8 bytes for 3DES).
+ *
+ * Required HW Support
+ * KMC-TDEA-192
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer
+ * in bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data. data_length must be greater than or equal to the
+ * cipher block size (i.e. a multiple of 8 bytes for 3DES).
+ * @param key
+ * Pointer to a valid 3DES key of 24 bytes length.
+ * @param iv
+ * Pointer to a valid initialization vector of cipher block size bytes. This
+ * vector will be overwritten during the function. For variant equals 1 or
+ * variant equals 2 the result value in iv may be used as initialization vector
+ * for a chained ica_3des_cbc call with the same key if data_length is a
+ * multiple of the cipher block size.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ * @param variant
+ * 1 Use variant CBC-CS1 of the Addendum to NIST Special Publication 800-38A
+ * to encrypt or decrypt the message: keep last two blocks in order.
+ * 2 Use variant CBC-CS2 of the Addendum to NIST Special Publication 800-38A
+ * to encrypt or decrypt the message: switch order of the last two blocks
+ * if data_length is not a multiple of the cipher block size (i.e. a
+ * multiple of 8 for DES).
+ * 3 Use variant CBC-CS3 of the Addendum to NIST Special Publication 800-38A
+ * to encrypt or decrypt the message: always switch order of the last two
+ * blocks.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_3des_cbc_cs(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key,
+ unsigned char *iv,
+ unsigned int direction, unsigned int variant);
+ * Encrypt or decrypt data with an 3DES key using Cipher Feedback (CFB) mode as
+ * described in NIST Special Publication 800-38A Chapter 6.3.
+ *
+ * Required HW Support
+ * KMF-TDEA-192
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data.
+ * @param key
+ * Pointer to a valid 3DES key of 24 bytes length.
+ * @param iv
+ * Pointer to a valid initialization vector of cipher block size bytes (8 bytes
+ * for 3DES). This vector will be overwritten during the function. The result
+ * value in iv may be used as initialization vector for a chained ica_3des_cfb
+ * call with the same key if data_length in the preceding call is a multiple of
+ * lcfb.
+ * @param lcfb
+ * Length in bytes of the cipher feedback which is a value greater than or
+ * equal to 1 and less than or equal to the cipher block size (i.e. 8 for
+ * 3DES).
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_3des_cfb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned char *iv, unsigned int lcfb,
+ unsigned int direction);
+ * Encrypt or decrypt data with an 3DES key using Counter (CTR) mode as
+ * described in NIST Special Publication 800-38A Chapter 6.5. With the counter
+ * mode each message block of size cipher block size (i.e. 8 bytes for 3DES) is
+ * combined with a counter value of the same size during encryption and
+ * decryption. Starting with an initial counter value to be combined with the
+ * first message block subsequent counter values to be combined with subsequent
+ * message blocks will be derived from preceding counter values by an increment
+ * function. The increment function used in ica_3des_ctr is s an arithmetic
+ * increment without carry on the U least significant bytes in the counter
+ * where M is a parameter to ica_3des_ctr.
+ *
+ * Required HW Support
+ * KMCTR-TDEA-192
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data.
+ * @param key
+ * Pointer to a valid 3DES key of 24 bytes length.
+ * @param ctr
+ * Pointer to a readable and writable buffer of size cipher block size bytes.
+ * ctr contains an initialization value for a counter function and it will be
+ * replaced by a new value. That new value can be used as an initialization
+ * value for a counter function in a chained ica_3des_ctr call with the same
+ * key if data_length used in the preceding call is a multiple of the cipher
+ * block size.
+ * @param ctr_width
+ * A number U between 1 and cipher block size. The value is used by the counter
+ * increment function which increments a counter value by incrementing without
+ * carry the least significant U bytes of the counter value.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_3des_ctr(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key,
+ unsigned char *ctr, unsigned int ctr_width,
+ unsigned int direction);
+ * Encrypt or decrypt data with an 3DES key using Counter (CTR) mode as
+ * described in NIST Special Publication 800-38A ,Chapter 6.5. With the counter
+ * mode each message block of size cipher block size is combined with a counter
+ * value of the same size during encryption and decryption. The
+ * ica_3des_ctrlist function assumes that a list n of precomputed counter
+ * values is provided where n is the smallest integer that is less or equal to
+ * the message size divided by the cipher block size. This function allows to
+ * optimally exploit System z HW support for non-standard counter functions.
+ *
+ * Required HW Support
+ * KMCTR-TDEA-192
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data. If data_length is a multiple of the cipher block size
+ * then calls of ica_3des_ctrlist with the same key can be chained if ctrlist
+ * argument of the chained call contains a list of counters that follows the
+ * counters used in the first call and data_length used in the preceding call
+ * is a multiple of the cipher block size.
+ * @param key
+ * Pointer to an 3DES key of 24 bytes length.
+ * @param ctrlist
+ * Pointer to a readable buffer of that is both of size greater than or equal
+ * to data_length and a multiple of the cipher block size (i.e. 8 bytes for
+ * 3DES). ctrlist should contain a list of precomputed counter values of size
+ * cipher block size each.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_3des_ctrlist(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key,
+ const unsigned char *ctrlist,
+ unsigned int direction);
+ * Encrypt or decrypt data with an 3DES key using Output Feedback (OFB) mode as
+ * described in NIST Special Publication 800-38A Chapter 6.4.
+ *
+ * Required HW Support
+ * KMO-TDEA-192
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that contains the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data.
+ * @param key
+ * Pointer to a valid 3DES key of 24 bytes length.
+ * @param iv
+ * Pointer to a valid initialization vector of cipher block size bytes (8 bytes
+ * for DES). This vector will be overwritten during the function. If
+ * data_length is a multiple of the cipher block size (i.e. a multiple of 8 for
+ * 3DES) the result value in iv may be used as initialization vector for a
+ * chained ica_3DES_ofb call with the same key.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_3des_ofb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned char *iv, unsigned int direction);
+ * Authenticate data or verify the authenticity of data with an 3DES key
+ * using the Block Cipher Based Message Authetication Code (CMAC) mode as
+ * described in NIST Special Publication 800-38B.
+ * ica_3des_cmac can be used to authenticate or verify the authenticity of a
+ * complete message.
+ *
+ * Required HW Support
+ * KMAC-TDEA-192
+ * PCC-Compute-Last_block-CMAC-Using-TDEA-192
+ *
+ * @param message
+ * Pointer to a readable buffer of size greater than or equal to
+ * message_length bytes. It contains a message to be authenticated or of
+ * which the authenticity shall be verified.
+ * @param message_length
+ * Length in bytes of the message to be authenticated or verified.
+ * @param mac
+ * Pointer to a buffer of size greater than or equal to mac_length bytes.
+ * If direction is 1 the buffer must be writable and a message authentication
+ * code for the message in message of size mac_length bytes will be written to
+ * the buffer.
+ * If direction is 0 the buffer must be readable and contain a message
+ * authentication code that will be verified against the message in message.
+ * @param mac_length
+ * Length in bytes of the message authentication code mac in bytes that is less
+ * than or equal to the cipher block size (i.e. 8 bytes for TDES). It is
+ * recommended to use values greater than or equal to 8.
+ * @param key
+ * Pointer to a valid 3DES key of 24 bytes length.
+ * @param direction
+ * 0 or 1:
+ * 0 Verify message authentication code
+ * 1 Compute message authentication code for the message
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ * EFAULT if direction is 0 and the verification of the message authentication
+ * code fails.
+ */
+unsigned int ica_3des_cmac(const unsigned char *message, unsigned long message_length,
+ unsigned char *mac, unsigned int mac_length,
+ unsigned char *key,
+ unsigned int direction);
+ * Authenticate data or verify the authenticity of data with an 3DES key using
+ * the Block Cipher Based Message Authentication Code (CMAC) mode as described
+ * in NIST Special Publication 800-38B.
+ * ica_3des_cmc_intermediate and ica_3des_cmac_last can be used when the
+ * message to be authenticated or to be verfied using CMAC is supplied in
+ * multiple chunks. ica_3des_cmac_intermediate is used to process all but the
+ * last chunk. All message chunks to preprocessed by
+ * ica_3des_cmac_intermediate must have a size that is a multiple of the
+ * cipher block size (i.e a multiple of 8 bytes for 3DES).
+ * Note: ica_3des_cmac_intermediate has no direction argument it can be used
+ * during an authentication and during authenticity verification.
+ *
+ * Required HW Support
+ * KMAC-TDEA-192,
+ *
+ * @param message
+ * Pointer to a readable buffer of size greater than or equal to message_length
+ * bytes. It contains a non final part of a message which shall be
+ * authenticated or of which the authenticity shall be verified.
+ * @param message_length
+ * Length in bytes of the message part in message. It must be a multiple of the
+ * cipher block size.
+ * @param key
+ * Pointer to a valid 3DES key of 24 bytes length.
+ * @param iv
+ * Pointer to a valid initialization vector of size cipher block size
+ * (i.e. 8 bytes for 3DES). For the first message part it must be set to a
+ * string of zeros. For processing the n-th message part it must be the
+ * resulting iv value of the ica_3des_cmac_intermediate applied to the
+ * (n-1)-th message part. This vector will be overwritten during the function.
+ * The result value in iv may be used as initialization vector for a chained
+ * call to ica_3des_cmac_initermediate or to ica_3des_cmac_last with the same key.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_3des_cmac_intermediate(const unsigned char *message, unsigned long message_length,
+ unsigned char *key,
+ unsigned char *iv);
+ * Authenticate data or verify the authenticity of data with an 3DES key using
+ * the Block Cipher Based Message Authentication Code (CMAC) mode as described
+ * in NIST Special Publication 800-38B.
+ * ica_3des_cmac_last can be used to authenticate or verify the authenticity
+ * of a complete message or of the final part of a message for which all
+ * preceding parts were preprocessed with ica_3des_cmac_intermediate.
+ *
+ * Required HW Support
+ * KMAC-TDEA-192,
+ * PCC-Compute-Last_block-CMAC-Using-TDEA-192
+ *
+ * @param message
+ * Pointer to a readable buffer of size greater than or equal to message_length
+ * bytes. It contains a message or the final part of a message to be
+ * authenticated or of which the authenticity shall be verified.
+ * @param message_length
+ * Length in bytes of the message to be authenticated or verified.
+ * @param mac
+ * Pointer to a buffer of size greater than or equal to mac_length bytes.
+ * If direction is 1 the buffer must be writable and a message authentication
+ * code for the message in message of size mac_length bytes will be written to
+ * the buffer.
+ * If direction is 0 the buffer must be readable and contain a message
+ * authentication code that will be verified against the message in message.
+ * @param mac_length
+ * Length in bytes of the message authentication code mac in bytes that is
+ * less than or equal to the cipher block size (I.e. 8 bytes for DES). It is
+ * recommended to use values greater than or equal to 8.
+ * @param key
+ * Pointer to a valid 3DES key of 24 bytes length.
+ * @param iv
+ * Pointer to a valid initialization vector of size cipher block size. If iv
+ * is NULL message is assumed to be the complete message to be processed.
+ * Otherwise message is the final part of a composite message to be processed
+ * and iv contains the output vector resulting from processing all previous
+ * parts with chained calls to ica_3des_cmac_intermediate, i.e. the value
+ * returned in iv of the ica_3des_cmac_intermediate call applied to the
+ * penultimate message part.
+ * @param direction
+ * 0 or 1:
+ * 0 Verify message authentication code
+ * 1 Compute message authentication code for the message
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ * EFAULT if direction is 0 and the verification of the message authentication
+ * code fails.
+ */
+unsigned int ica_3des_cmac_last(const unsigned char *message, unsigned long message_length,
+ unsigned char *mac, unsigned int mac_length,
+ unsigned char *key, unsigned char *iv,
+ unsigned int direction);
+ * Encrypt or decrypt data with an AES key using Electronic Cook Book (ECB)
+ * mode as described in NIST Special Publication 800-38A Chapter 6.1.
+ *
+ * Required HW Support
+ * KM-AES-128, KM-AES-192 or KM-AES-256
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data. data_length must be a multiple of the cipher block
+ * size (i.e. a multiple of 16 for AES).
+ * @param key
+ * Pointer to a valid AES key.
+ * @param key_length
+ * Length in bytes of the AES key. Supported sizes are 16, 24, and 32 for
+ * AES-128, AES-192 and AES-256 respectively. Therefore, you can use the
+ * macros: AES_KEY_LEN128, AES_KEY_LEN192, and AES_KEY_LEN256.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails.
+ */
+unsigned int ica_aes_ecb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned int key_length,
+ unsigned int direction);
+ * Encrypt or decrypt data with an AES key using Cipher Block Chaining (CBC)
+ * mode as described in NIST Special Publication 800-38A Chapter 6.2.
+ *
+ * Required HW Support
+ * KMC-AES-128, KMC-AES-192 or KMC-AES-256
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data. data_length must be a multiple of the cipher block
+ * size (i.e. a multiple of 16 for AES).
+ * @param key
+ * Pointer to a valid AES key.
+ * @param key_length
+ * Length in bytes of the AES key. Supported sizes are 16, 24, and 32 for
+ * AES-128, AES-192 and AES-256 respectively. Therefore, you can use the
+ * macros: AES_KEY_LEN128, AES_KEY_LEN192, and AES_KEY_LEN256.
+ * @param iv
+ * Pointer to a valid initialization vector of size chipher block size. This
+ * vector will be overwritten during the function. The result value in iv may
+ * be used as initialization vector for a chained ica_aes_cbc call with the
+ * same key.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EIO if the operation fails.
+ */
+unsigned int ica_aes_cbc(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned int key_length, unsigned char *iv,
+ unsigned int direction);
+ * Encrypt or decrypt data with an AES key using Cipher Block Chaining with
+ * Ciphertext Stealing (CBC-CS) mode as described in NIST Special Publication
+ * 800-38A Chapter 6.2 and the Addendum to NIST Special Publication 800-38A on
+ * "Recommendation for Block Cipher Modes of Operation: Three Variants of
+ * Ciphertext Stealing for CBC Mode":
+ * ica_aes_cbc_cs may be used to encrypt or decrypt the last chunk of a
+ * message consisting of multiple chunks where all but the last chunk are
+ * encrypted or decrypted by chained calls to ica_aes_cbc and the resulting
+ * iv of the last call to ica_aes_cbc is fed into the iv of the
+ * ica_aes_cbc_cs call provided the chunk is greater than cipher block size
+ * (greater than 16 bytes for AES).
+ *
+ * Required HW Support
+ * KMC-AES-128, KMC-AES-192 or KMC-AES-256
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer
+ * in bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data. data_length must be greater than or equal to the
+ * cipher block size (i.e. a multiple of 16 bytes for AES).
+ * @param key
+ * Pointer to a valid AES key.
+ * @param key_length
+ * Length in bytes of the AES key. Supported sizes are 16, 24, and 32 for
+ * AES-128, AES-192 and AES-256 respectively. Therefore, you can use the
+ * macros:
+ * AES_KEY_LEN128, AES_KEY_LEN192, and AES_KEY_LEN256.
+ * @param iv
+ * Pointer to a valid initialization vector of cipher block size bytes. This
+ * vector will be overwritten during the function. For variant equals 1 or
+ * variant equals 2 the result value in iv may be used as initialization vector
+ * for a chained ica_aes_cbc call with the same key if data_length is a
+ * multiple of the cipher block size.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ * @param variant
+ * 1 Use variant CBC-CS1 of the Addendum to NIST Special Publication 800-38A
+ * to encrypt or decrypt the message: keep last two blocks in order.
+ * 2 Use variant CBC-CS2 of the Addendum to NIST Special Publication 800-38A
+ * to encrypt or decrypt the message: switch order of the last two blocks
+ * if data_length is not a multiple of the cipher block size (i.e. a
+ * multiple of 8 for DES).
+ * 3 Use variant CBC-CS3 of the Addendum to NIST Special Publication 800-38A
+ * to encrypt or decrypt the message: always switch order of the last two
+ * blocks.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_aes_cbc_cs(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *iv,
+ unsigned int direction, unsigned int variant);
+ * Encrypt or decrypt data with an AES key using Cipher Feedback (CFB) mode as
+ * described in NIST Special Publication 800-38A Chapter 6.3.
+ *
+ * Required HW Support
+ * KMF-AES-128, KMF-AES-192 or KMF-AES-256
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data.
+ * @param key
+ * Pointer to a valid AES key.
+ * @param key_length
+ * Length in bytes of the AES key. Supported sizes are 16, 24, and 32 for
+ * AES-128, AES-192 and AES-256 respectively. Therefore, you can use the
+ * macros: AES_KEY_LEN128, AES_KEY_LEN192, and AES_KEY_LEN256.
+ * @param iv
+ * Pointer to a valid initialization vector of cipher block size bytes (16
+ * bytes for AES). This vector will be overwritten during the function. The
+ * result value in iv may be used as initialization vector for a chained
+ * ica_aes_cfb call with the same key if data_length in the preceding call is a
+ * multiple of lcfb.
+ * @param lcfb
+ * Length in bytes of the cipher feedback which is a value greater than or
+ * equal to 1 and less than or equal to the cipher block size (i.e. 16 for
+ * AES).
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_aes_cfb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned int key_length, unsigned char *iv, unsigned int lcfb,
+ unsigned int direction);
+ * Encrypt or decrypt data with an AES key using Counter (CTR) mode as
+ * described in NIST Special Publication 800-38A Chapter 6.5. With the counter
+ * mode each message block of size cipher block size (i.e. 16 bytes for AES) is
+ * combined with a counter value of the same size during encryption and
+ * decryption. Starting with an initial counter value to be combined with the
+ * first message block subsequent counter values to be combined with subsequent
+ * message blocks will be derived from preceding counter values by an increment
+ * function. The increment function used in ica_aes_ctr is s an arithmetic
+ * increment without carry on the U least significant bytes in the counter
+ * where M is a parameter to ica_aes_ctr.
+ *
+ * Required HW Support
+ * KMCTR-AES-128, KMCTR-AES-192 or KMCTR-AES-256
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data.
+ * @param key
+ * Pointer to a valid AES key.
+ * @param key_length
+ * Length in bytes of the AES key. Supported sizes are 16, 24, and 32 for
+ * AES-128, AES-192 and AES-256 respectively. Therefore, you can use the
+ * macros: AES_KEY_LEN128, AES_KEY_LEN192, and AES_KEY_LEN256.
+ * @param ctr
+ * Pointer to a readable and writable buffer of size cipher block size bytes.
+ * ctr contains an initialization value for a counter function and it will be
+ * replaced by a new value. That new value can be used as an initialization
+ * value for a counter function in a chained ica_aes_ctr call with the same key
+ * if data_length used in the preceding call is a multiple of the cipher block
+ * size.
+ * @param ctr_width
+ * A number U between 1 and cipher block size. The value is used by the counter
+ * increment function which increments a counter value by incrementing without
+ * carry the least significant U bytes of the counter value.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_aes_ctr(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *ctr, unsigned int ctr_width,
+ unsigned int direction);
+ * Encrypt or decrypt data with an AES key using Counter (CTR) mode as
+ * described in NIST Special Publication 800-38A ,Chapter 6.5. With the counter
+ * mode each message block of size cipher block size is combined with a counter
+ * value of the same size during encryption and decryption. The ica_aes_ctrlist
+ * function assumes that a list n of precomputed counter values is provided
+ * where n is the smallest integer that is less or equal to the message size
+ * divided by the cipher block size. This function allows to optimally exploit
+ * System z HW support for non-standard counter functions.
+ *
+ * Required HW Support
+ * KMCTR-AES-128, KMCTR-AES-192 or KMCTR-AES-256
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data. If data_length is a multiple of the cipher block size
+ * then calls of ica_aes_ctrlist with the same key can be chained if ctrlist
+ * argument of the chained call contains a list of counters that follows the
+ * counters used in the first call and data_length used in the preceding call
+ * is a multiple of the cipher block size.
+ * @param key
+ * Pointer to a valid AES key.
+ * @param key_length
+ * Length in bytes of the AES key. Supported sizes are 16, 24, and 32 for
+ * AES-128, AES-192 and AES-256 respectively. Therefore, you can use the
+ * macros: AES_KEY_LEN128, AES_KEY_LEN192, and AES_KEY_LEN256.
+ * @param ctrlist
+ * Pointer to a readable buffer of that is both of size greater than or equal
+ * to data_length and a multiple of the cipher block size (i.e. 16 bytes for
+ * AES). ctrlist should contain a list of precomputed counter values of size
+ * cipher block size each.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_aes_ctrlist(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key, unsigned int key_length,
+ const unsigned char *ctrlist,
+ unsigned int direction);
+ * Encrypt or decrypt data with an AES key using Output Feedback (OFB) mode as
+ * described in NIST Special Publication 800-38A Chapter 6.4.
+ *
+ * Required HW Support
+ * KMO-AES-128, KMO-AES-192 or KMO-AES-256
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that contains the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data.
+ * @param key
+ * Pointer to a valid AES key.
+ * @param key_length
+ * Length in bytes of the AES key. Supported sizes are 16, 24, and 32 for
+ * AES-128, AES-192 and AES-256 respectively. Therefore, you can use the
+ * macros: AES_KEY_LEN128, AES_KEY_LEN192, and AES_KEY_LEN256.
+ * @param iv
+ * Pointer to a valid 16 byte initialization vector. This vector will be
+ * overwritten during the function. If data_length is a multiple of the cipher
+ * block size (i.e. a multiple of 16 for AES) the result value in iv may be
+ * used as initialization vector for a chained ica_aes_ofb call with the same
+ * key.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_aes_ofb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned int key_length, unsigned char *iv,
+ unsigned int direction);
+ * Authenticate data or verify the authenticity of data with an AES key using
+ * the Block Cipher Based Message Authentication Code (CMAC) mode as described
+ * in NIST Special Publication 800-38B. ica_aes_cmac can be used to
+ * authenticate or verify the authenticity of a complete message.
+ *
+ * Required HW Support
+ * KMAC-AES-128, KMAC-AES-192 or KMAC-AES-256
+ * PCC-Compute-Last_block-CMAC-Using-AES-128,
+ * PCC-Compute-Last_block-CMAC-Using-AES-192 or
+ * PCC-Compute-Last_block-CMAC-Using-AES-256
+ *
+ * @param message
+ * Pointer to a readable buffer of size greater than or equal to message_length
+ * bytes. It contains a message to be authenticated or of which the
+ * authenticity shall be verified.
+ * @param message_length
+ * Length in bytes of the message to be authenticated or verified.
+ * @param mac
+ * Pointer to a buffer of size greater than or equal to mac_length bytes. If
+ * direction is 1 the buffer must be writable and a message authentication code
+ * for the message in message of size mac_length bytes will be written to the
+ * buffer. If direction is 0 the buffer must be readable and contain a message
+ * authentication code that will be verified against the message in message
+ * @param mac_length
+ * Length in bytes of the message authentication code mac in bytes that is less
+ * than or equal to the cipher block size (I.e. 16 bytes for AES). It is
+ * recommended to use values greater than or equal to 8.
+ * @param key
+ * Pointer to a valid AES key.
+ * @param key_length
+ * Length in bytes of the AES key. Supported sizes are 16, 24, and 32 for
+ * AES-128, AES-192 and AES-256 respectively. Therefore, you can use the
+ * macros: AES_KEY_LEN128, AES_KEY_LEN192, and AES_KEY_LEN256.
+ * @param direction
+ * 0 or 1:
+ * 0 Verify message authentication code
+ * 1 Compute message authentication code for the message
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ * EFAULT if direction is 0 and the verification of the message authentication code fails.
+ */
+unsigned int ica_aes_cmac(const unsigned char *message, unsigned long message_length,
+ unsigned char *mac, unsigned int mac_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned int direction);
+ * Authenticate data or verify the authenticity of data with an AES key using
+ * the Block Cipher Based Message Authentication Code (CMAC) mode as described
+ * in NIST Special Publication 800-38B.
+ * ica_aes_cmc_intermediate and ica_aes_cmac_last can be used when the message
+ * to be authenticated or to be verfied using CMAC is supplied in multiple
+ * chunks. ica_aes_cmac_intermediate is used to process all but the last
+ * chunk. All message chunks to preprocessed by ica_aes_cmac_intermediate
+ * must have a size that is a multiple of the cipher block size (i.e. a
+ * multiple of 16 bytes for AES).
+ * Note: ica_aes_cmac_intermediate has no direction argument it can be used
+ * during an authentication and during authenticity verification.
+ *
+ * Required HW Support
+ * KMAC-AES-128, KMAC-AES-192 or KMAC-AES-256
+ *
+ * @param message
+ * Pointer to a readable buffer of size greater than or equal to message_length
+ * bytes. It contains a non final part of a message which shall be
+ * authenticated or of which the authenticity shall be verified.
+ * @param message_length
+ * Length in bytes of the message part in message. It must be a multiple of
+ * the cipher block size.
+ * @param key
+ * Pointer to a valid AES key.
+ * @param key_length
+ * Length in bytes of the AES key. Supported sizes are 16, 24, and 32 for
+ * AES-128, AES-192 and AES-256 respectively. Therefore, you can use the
+ * macros: AES_KEY_LEN128, AES_KEY_LEN192, and AES_KEY_LEN256.
+ * @param iv
+ * Pointer to a valid initialization vector of size cipher block size (i.e.
+ * 16 bytes for AES). For the first message part it must be set to a string
+ * of zeros. For processing the n-th message part it must be the resulting iv
+ * value of the ica_aes_cmac_intermediate applied to the (n-1)-th message
+ * part. This vector will be overwritten during the function.
+ * The result value in iv may be used as initialization vector for a chained
+ * call to ica_aes_cmac_initermediate or to ica_aes_cmac_last with the
+ * same key.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_aes_cmac_intermediate(const unsigned char *message,
+ unsigned long message_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *iv);
+ * Authenticate data or verify the authenticity of data with an AES key using
+ * the Block Cipher Based Message Authentication Code (CMAC) mode as
+ * described in NIST Special Publication 800-38B.
+ * ica_aes_cmac_last can be used to authenticate or verify the authenticity of
+ * a complete message or of the final part of a message for which all
+ * preceding parts were preprocessed with ica_aes_cmac_intermediate.
+ *
+ * Required HW Support
+ * KMAC-AES-128, KMAC-AES-192 or KMAC-AES-256
+ * PCC-Compute-Last_block-CMAC-Using-AES-128,
+ * PCC-Compute-Last_block-CMAC-Using-AES-192 or
+ * PCC-Compute-Last_block-CMAC-Using-AES-256.
+ *
+ * @param message
+ * Pointer to a readable buffer of size greater than or equal to message_length
+ * bytes. It contains a message or the final part of a message to be
+ * authenticated or of which the authenticity shall be verified.
+ * @param message_length
+ * Length in bytes of the message to be authenticated or verified.
+ * @param mac
+ * Pointer to a buffer of size greater than or equal to mac_length bytes.
+ * If direction is 1 the buffer must be writable and a message authentication
+ * code for the message in message of size mac_length bytes will be written to
+ * the buffer.
+ * If direction is 0 the buffer must be readable and contain a message
+ * authentication code that will be verified against the message in message.
+ * @param mac_length
+ * Length in bytes of the message authentication code mac in bytes that is less
+ * than or equal to the cipher block size (I.e. 16 bytes for AES). It is
+ * recommended to use values greater than or equal to 8.
+ * @param key
+ * Pointer to a valid AES key.
+ * @param key_length
+ * Length in bytes of the AES key. Supported sizes are 16, 24, and 32 for
+ * AES-128, AES-192 and AES-256 respectively. Therefore, you can use the
+ * macros: AES_KEY_LEN128, AES_KEY_LEN192, and AES_KEY_LEN256.
+ * @param iv
+ * Pointer to a valid initialization vector of size cipher block size. If iv
+ * is NULL message is assumed to be the complete message to be processed.
+ * Otherwise message is the final part of a composite message to be processed
+ * and iv contains the output vector resulting from processing all previous
+ * parts with chained calls to ica_aes_cmac_intermediate, i.e. the value
+ * returned in iv of the ica_aes_cmac_intermediate call applied to the
+ * penultimate message part.
+ * @param direction
+ * 0 or 1:
+ * 0 Verify message authentication code
+ * 1 Compute message authentication code for the message
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ * EFAULT if direction is 0 and the verification of the message authentication
+ * code fails.
+ */
+unsigned int ica_aes_cmac_last(const unsigned char *message, unsigned long message_length,
+ unsigned char *mac, unsigned int mac_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *iv,
+ unsigned int direction);
+ * Encrypt or decrypt data with an AES key using the XEX Tweakable Bloc Cipher
+ * with Ciphertext Stealing (XTS) mode as described in NIST Special Publication
+ * 800-38E and IEEE standard 1619-2007.
+ *
+ * Required HW Support
+ * KM-XTS-AES-128 or KM-XTS-AES-256
+ * PCC-Compute-XTS-Parameter-Using-AES-128 or
+ * PCC-Compute-XTS-Parameter-Using-AES-256
+ *
+ * @param in_data
+ * Pointer to a readable buffer, that contains the message to be en/decrypted.
+ * The size of the message in bytes is data_length. The size of this buffer in
+ * bytes must be at least as big as data_length.
+ * @param out_data
+ * Pointer to a writable buffer, that will contain the resulting en/decrypted
+ * message. The size of this buffer in bytes must be at least as big as
+ * data_length.
+ * @param data_length
+ * Length in bytes of the message to be en/decrypted, which resides at the
+ * beginning of in_data. The minimal value of data_length is cipher block size
+ * (i.e. a multiple of 16 for AES).
+ * @param key1
+ * Pointer to a buffer containing a valid AES key. key1 is used for the actual
+ * encryption of the message buffer combined some vector computed from the
+ * tweek value (Key1 in IEEE Std 1619-2007).
+ * @param key2
+ * Pointer to a buffer containing a valid AES key key2 is used to encrypt the
+ * tweak (Key2 in IEEE Std 1619-2007).
+ * @param key_length
+ * The length in bytes of the AES key. For XTS supported AES key sizes are 16
+ * and 32 for AES-128 and AES-256 respectively.
+ * @param tweak
+ * Pointer to a valid 16 byte tweak value (as in IEEE Std 1619-2007). This
+ * tweak will be overwritten during the function. If data_length is a multiple
+ * of the cipher block size the result value in tweak may be used as tweak
+ * value for a chained ica_aes_xts call with the same key pair.
+ * @param direction
+ * 0 or 1:
+ * 0 Use the decrypt function.
+ * 1 Use the encrypt function.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ */
+unsigned int ica_aes_xts(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key1, unsigned char *key2,
+ unsigned int key_length, unsigned char *tweak,
+ unsigned int direction);
+ * Encrypt and authenticate or decrypt data and check authenticity of data with
+ * an AES key using Counter with Cipher Block Chaining Message Authentication
+ * Code (CCM) mode as described in NIST Special Publication 800-38C.
+ * Formatting and counter functions are implemented according to
+ * NIST 800-38C Appendix A.
+ *
+ * Required HW Support
+ * KMCTR-AES-128, KMCTR-AES-192 or KMCTR-AES-256
+ * KMAC-AES-128, KMAC-AES-192 or KMAC-AES-256
+ *
+ * @param payload
+ * Pointer to a buffer of size greater than or equal to payload_length bytes.
+ * If direction equals 1 the payload buffer must be readable and contain a
+ * payload message of size payload_length that will be encrypted.
+ * If direction equals 0 the payload buffer must be writable. If the
+ * authentication verification succeeds the decrypted message in the most
+ * significant payload_length bytes of ciphertext_n_mac will be written to
+ * the buffer otherwise the contents of the buffer will be undefined.
+ * @param payload_length
+ * Length in bytes of the message to be en/decrypted, it may be 0 unless
+ * assoc_data_length is 0.
+ * @param ciphertext_n_mac
+ * Pointer to a buffer of size greater than or equal to payload_length plus
+ * mac_length bytes.
+ * If direction equals 1 then the buffer must be writable and the encrypted
+ * message from payload followed by the message authentication code for the
+ * nonce, the payload and associated data will be written to that buffer.
+ * If direction equals 0 then the buffer is readable and contains an encrypted
+ * message of length payload_length followed by a message authentication code
+ * of length mac_length.
+ * @param mac_length
+ * Length in bytes of the message authentication code in bytes.
+ * Valid values are 4, 6, 8, 10, 12, 16.
+ * @param assoc_data
+ * Pointer to a readable buffer of size greater than or equal to
+ * assoc_data_length bytes. The associated data in the most significant
+ * assoc_data_lenght bytes is subject to the authentication code computation
+ * but will not be encrypted.
+ * @param assoc_data_length
+ * Length of the associated data in assoc_data. It may be 0 unless
+ * payload_length is 0.
+ * @param nonce
+ * Pointer to readable buffer of size greater than or equal to nonce_length
+ * bytes that contains a nonce of size nonce_length bytes.
+ * @param nonce_length
+ * Length of the nonce in nonce in bytes. Valid values a greater than 6 and
+ * less than 14.
+ * @param key
+ * Pointer to a valid AES key.
+ * @param key_length
+ * Length in bytes of the AES key. Supported sizes are 16, 24, and 32 for
+ * AES-128, AES-192 and AES-256 respectively. Therefore, you can use the
+ * macros: AES_KEY_LEN128, AES_KEY_LEN192, and AES_KEY_LEN256.
+ * @param direction
+ * 0 or 1:
+ * 0 Verify message authentication code and decrypt encrypted payload.
+ * 1 Encrypt payload and compute message authentication code for the nonce,
+ * the associated data and the payload.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ * EFAULT if direction is 0 and the verification of the message authentication
+ * code fails.
+ */
+unsigned int ica_aes_ccm(unsigned char *payload, unsigned long payload_length,
+ unsigned char *ciphertext_n_mac, unsigned int mac_length,
+ const unsigned char *assoc_data, unsigned long assoc_data_length,
+ const unsigned char *nonce, unsigned int nonce_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned int direction);
+ * This parameter description applies to:
+ * ica_aes_gcm(), ica_aes_gcm_initialize(),
+ * ica_aes_gcm_intermediate() and ica_aes_gcm_last()
+ *
+ * Encrypt and authenticate or decrypt data and check authenticity data with
+ * an AES key using the Galois/Counter (GCM) mode as described in NIST Special
+ * Publication 800-38D.
+ * If no message needs to be encrypted or decrypted and only authentication or
+ * authentication checks are requested then this method implements the GMAC
+ * mode.
+ *
+ * Required HW Support
+ * KM-AES-128, KM-AES-192 or KM-AES-256
+ * KMCTR-AES-128, KMCTR_AES-192 or KMCTR-AES-256
+ *
+ * @param plaintext
+ * Pointer to a buffer of size greater than or equal to plaintext_length bytes.
+ * If direction equals 1 the plaintext buffer must be readable and contain a
+ * payload message of size plaintext_length that will be encrypted.
+ * If direction equals 0 the plaintext buffer must be writable. If the
+ * authentication verification succeeds the decrypted message in the most
+ * significant plaintext_length bytes of ciphertext will be written to the
+ * buffer otherwise the contents of the buffer will be undefined.
+ * @param plaintext_length
+ * Length in bytes of the message to be en/decrypted. It must be equal or
+ * greater than 0 and less than (2^36)-32.
+ * In case of intermediate operations the length must not be multiple of
+ * blocksize. Padding will be done automatically. Be aware that this is only
+ * useful when this is the last block.
+ * @param ciphertext
+ * Pointer to a buffer of size greater than or equal to plaintext_length
+ * bytes.
+ * If direction equals 1 then the buffer must be writable and the encrypted
+ * message from plaintext will be written to that buffer.
+ * If direction equals 0 then the buffer is readable and contains an encrypted
+ * message of length plaintext_length.
+ * @param iv
+ * Pointer to a readable buffer of size greater than or equal to iv_length
+ * bytes, that contains an initialization vector of size iv_length.
+ * @param iv_length
+ * Length in bytes of the initialization vector in iv. It must be greater
+ * than 0 and less than 2^61. A length of 12 is recommended.
+ * @param aad
+ * Pointer to a readable buffer of size greater than or equal to aad_length
+ * bytes. The additional authenticated data in the most significant aad_length
+ * bytes is subject to the authentication code computation but will not be
+ * encrypted.
+ * @param aad_length
+ * Length in bytes of the additional authenticated data in aad. It must be
+ * equal or greater than 0 and less than 2^61.
+ * In case of ica_aes_gcm_last(), 'aad_length' contains the overall
+ * length of authentication data, cumulated over all intermediate operations.
+ * @param tag
+ * Pointer to a buffer of size greater than or equal to tag_length bytes.
+ * If direction is 1 the buffer must be writable and a message authentication
+ * code for the additional authenticated data in aad and the plain text in
+ * plaintext of size tag_length bytes will be written to the buffer.
+ * If direction is 0 the buffer must be readable and contain a message
+ * authentication code that will be verified against the additional
+ * authenticated data in aad and decrypted cipher text from ciphertext.
+ * In case of intermediate operations, ica_aes_gcm_intermediate() or
+ * ica_aes_gcm_last(), 'tag' contains the temporary hash/tag value.
+ * @param tag_length
+ * Length in bytes of the message authentication code tag in bytes.
+ * Valid values are 4, 8, 12, 13, 14, 15, 16.
+ * @param key
+ * Pointer to a valid AES key.
+ * @param key_length
+ * Length in bytes of the AES key. Supported sizes are 16, 24, and 32 for
+ * AES-128, AES-192 and AES-256 respectively. Therefore, you can use the
+ * macros: AES_KEY_LEN128, AES_KEY_LEN192, and AES_KEY_LEN256.
+ * @param icb
+ * initial counter block - Pointer to a writable buffer that will be created
+ * during ica_aes_gcm_initialize() and will be used in ica_aes_gcm_last() for
+ * the final tag computation.
+ * The length of this counter block is AES_BLOCK_SIZE (16 bytes).
+ * @param ucb
+ * usage counter block - Pointer to a writable buffer that will be created
+ * during ica_aes_gcm_initialize() and will be updated (increased) during the
+ * intermediate update operations.
+ * The length of this counter block is AES_BLOCK_SIZE (16 bytes).
+ * @param subkey
+ * Pointer to a writable buffer, generated in ica_aes_gcm_initialize() and used in
+ * ica_aes_gcm_intermediate() and ica_aes_gcm_last().
+ * The length of this buffer is AES_BLOCK_SIZE (16 bytes).
+ * @param ciph_length
+ * Length in bytes of the overall ciphertext, cumulated over all intermediate
+ * operations.
+ * @param final_tag
+ * Pointer to a readable buffer of size greater than or equal to
+ * final_tag_length bytes. If direction is 1 the buffer is not used.
+ * If direction is 0 this message authentication code (tag) will be verified
+ * with the computed message authentication code computed over the intermediate
+ * update operations.
+ * @param final_tag_length
+ * Length in bytes of the final message authentication code (tag).
+ * @param direction
+ * 0 or 1:
+ * 0 Verify message authentication code and decrypt encrypted payload.
+ * 1 Encrypt payload and compute message authentication code for the additional
+ * authenticated data and the payload.
+ *
+ * @return 0 on success
+ * EINVAL if at least one invalid parameter is given.
+ * EPERM if required hardware support is not available.
+ * EIO if the operation fails.
+ * EFAULT if direction is 0 and the verification of the message authentication
+ * code fails.
+ */
+unsigned int ica_aes_gcm(unsigned char *plaintext, unsigned long plaintext_length,
+ unsigned char *ciphertext,
+ const unsigned char *iv, unsigned int iv_length,
+ const unsigned char *aad, unsigned long aad_length,
+ unsigned char *tag, unsigned int tag_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned int direction);
+unsigned int ica_aes_gcm_initialize(const unsigned char *iv,
+ unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *icb, unsigned char *ucb,
+ unsigned char *subkey, unsigned int direction);
+unsigned int ica_aes_gcm_intermediate(unsigned char *plaintext,
+ unsigned long plaintext_length, unsigned char *ciphertext,
+ unsigned char *ucb,
+ unsigned char *aad, unsigned long aad_length,
+ unsigned char *tag, unsigned int tag_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *subkey, unsigned int direction);
+unsigned int ica_aes_gcm_last(unsigned char *icb, unsigned long aad_length,
+ unsigned long ciph_length, unsigned char *tag,
+ unsigned char *final_tag, unsigned int final_tag_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *subkey, unsigned int direction);
+ * Return libica version information.
+ * @param version_info
+ * Pointer to a libica_version_info structure. The structure will be
+ * filled with the current libica version information.
+ *
+ * @return 0 if version could be determined successfully
+ * EIO if version could not be determined
+ * EINVAL if parameter version_info is NULL
+ */
+unsigned int ica_get_version(libica_version_info *version_info);
+int s390_initialize_functionlist(void);
+int s390_get_functionlist(libica_func_list_element *pmech_list,
+ unsigned int *pmech_list_len);
+ * Function that returns a list of crypto mechanisms supported by libica.
+ * @param pmech_list
+ * Pointer to an array of libica_func_list_element
+ * If NULL, the API will return the number of elements to allocate
+ * in the @mech_list_len parameter.
+ * If not NULL, libica will assume @mech_list is an array that has
+ * @num elements.
+ * On success, @mech_list will be filled out with the supported libica
+ * crypto mechanisms.
+ * @param pmech_list_len
+ * number of list entries
+ * On input, pointer to the number of elements allocated in the
+ * @mech_list array.
+ * On output, @mech_list_len will contain the number of items copied to
+ * the @mech_list array, or the number of items libica would have returned
+ * in case the @mech_list parameter is set to NULL.
+ * @return
+ * 0 on success
+ * EINVAL if at least one invalid parameter is given
+ *
+ * A typical usage scenario would be that an exploiter makes a first call to
+ * ica_get_functionlist() with @mech_list set to NULL in order to determine
+ * the number of elements to allocate. This is followed by a second call to
+ * ica_get_functionlist() with a valid pointer @list to an array of
+ * libica_func_list_element structures with @mech_list_len elements.
+ */
+unsigned int ica_get_functionlist(libica_func_list_element *pmech_list,
+ unsigned int *pmech_list_len);
+static inline unsigned int des_directed_fc(int direction)
+ if (direction)
+ return DEA_ENCRYPT;
+ return DEA_DECRYPT;
+static inline unsigned int tdes_directed_fc(int direction)
+ if (direction)
+ return TDEA_192_ENCRYPT;
+ return TDEA_192_DECRYPT;
+static inline unsigned int aes_directed_fc(unsigned int key_length, int direction)
+ switch (key_length) {
+ case AES_KEY_LEN128:
+ return (direction == ICA_DECRYPT) ?
+ case AES_KEY_LEN192:
+ return (direction == ICA_DECRYPT) ?
+ case AES_KEY_LEN256:
+ return (direction == ICA_DECRYPT) ?
+ }
+ return 0;
+#endif /* __ICA_API_H__ */
diff --git a/include/mech_types.h b/include/mech_types.h
new file mode 100644
index 0000000..76e04a7
--- /dev/null
+++ b/include/mech_types.h
@@ -0,0 +1,352 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * These defines are copied over from the pkcs11types.h file found in
+ * the openCryptoki package.
+ *
+ * Copyright IBM Corp. 2005, 2009
+ */
+/* An unsigned value, at least 32 bits long */
+typedef unsigned long int CK_ULONG;
+/* A signed value, the same size as a CK_ULONG */
+/* CK_LONG is new for v2.0 */
+typedef long int CK_LONG;
+/* At least 32 bits; each bit is a Boolean flag */
+/* CK_MECHANISM_TYPE is a value that identifies a mechanism
+ * type */
+/* The following mechanism types are defined: */
+#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
+#define CKM_RSA_PKCS 0x00000001
+#define CKM_RSA_9796 0x00000002
+#define CKM_RSA_X_509 0x00000003
+ * are new for v2.0. They are mechanisms which hash and sign */
+#define CKM_MD2_RSA_PKCS 0x00000004
+#define CKM_MD5_RSA_PKCS 0x00000005
+#define CKM_SHA1_RSA_PKCS 0x00000006
+/* The following are new for v2.11: */
+#define CKM_RIPEMD128_RSA_PKCS 0x00000007
+#define CKM_RIPEMD160_RSA_PKCS 0x00000008
+#define CKM_RSA_PKCS_OAEP 0x00000009
+#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A
+#define CKM_RSA_X9_31 0x0000000B
+#define CKM_SHA1_RSA_X9_31 0x0000000C
+#define CKM_RSA_PKCS_PSS 0x0000000D
+#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
+#define CKM_DSA_KEY_PAIR_GEN 0x00000010
+#define CKM_DSA 0x00000011
+#define CKM_DSA_SHA1 0x00000012
+#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
+#define CKM_DH_PKCS_DERIVE 0x00000021
+/* The following are new for v2.11 */
+#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030
+#define CKM_X9_42_DH_DERIVE 0x00000031
+#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032
+#define CKM_X9_42_MQV_DERIVE 0x00000033
+#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
+#define CKM_RC2_KEY_GEN 0x00000100
+#define CKM_RC2_ECB 0x00000101
+#define CKM_RC2_CBC 0x00000102
+#define CKM_RC2_MAC 0x00000103
+/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
+#define CKM_RC2_MAC_GENERAL 0x00000104
+#define CKM_RC2_CBC_PAD 0x00000105
+#define CKM_RC4_KEY_GEN 0x00000110
+#define CKM_RC4 0x00000111
+#define CKM_DES_KEY_GEN 0x00000120
+#define CKM_DES_ECB 0x00000121
+#define CKM_DES_CBC 0x00000122
+#define CKM_DES_MAC 0x00000123
+/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
+#define CKM_DES_MAC_GENERAL 0x00000124
+#define CKM_DES_CBC_PAD 0x00000125
+#define CKM_DES2_KEY_GEN 0x00000130
+#define CKM_DES3_KEY_GEN 0x00000131
+#define CKM_DES3_ECB 0x00000132
+#define CKM_DES3_CBC 0x00000133
+#define CKM_DES3_MAC 0x00000134
+ * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
+#define CKM_DES3_MAC_GENERAL 0x00000135
+#define CKM_DES3_CBC_PAD 0x00000136
+#define CKM_CDMF_KEY_GEN 0x00000140
+#define CKM_CDMF_ECB 0x00000141
+#define CKM_CDMF_CBC 0x00000142
+#define CKM_CDMF_MAC 0x00000143
+#define CKM_CDMF_MAC_GENERAL 0x00000144
+#define CKM_CDMF_CBC_PAD 0x00000145
+#define CKM_MD2 0x00000200
+/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
+#define CKM_MD2_HMAC 0x00000201
+#define CKM_MD2_HMAC_GENERAL 0x00000202
+#define CKM_MD5 0x00000210
+/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
+#define CKM_MD5_HMAC 0x00000211
+#define CKM_MD5_HMAC_GENERAL 0x00000212
+#define CKM_SHA_1 0x00000220
+/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
+#define CKM_SHA_1_HMAC 0x00000221
+#define CKM_SHA_1_HMAC_GENERAL 0x00000222
+/* The following are new for v2.11 */
+#define CKM_RIPEMD128 0x00000230
+#define CKM_RIPEMD128_HMAC 0x00000231
+#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232
+#define CKM_RIPEMD160 0x00000240
+#define CKM_RIPEMD160_HMAC 0x00000241
+#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242
+#define CKM_SHA256 0x00000250
+#define CKM_SHA256_HMAC 0x00000251
+#define CKM_SHA256_HMAC_GENERAL 0x00000252
+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
+#define CKM_SHA224 0x00000255
+#define CKM_SHA224_HMAC 0x00000256
+#define CKM_SHA224_HMAC_GENERAL 0x00000257
+#define CKM_SHA384 0x00000260
+#define CKM_SHA384_HMAC 0x00000261
+#define CKM_SHA384_HMAC_GENERAL 0x00000262
+#define CKM_SHA512 0x00000270
+#define CKM_SHA512_HMAC 0x00000271
+#define CKM_SHA512_HMAC_GENERAL 0x00000272
+/* All of the following mechanisms are new for v2.0 */
+/* Note that CAST128 and CAST5 are the same algorithm */
+#define CKM_CAST_KEY_GEN 0x00000300
+#define CKM_CAST_ECB 0x00000301
+#define CKM_CAST_CBC 0x00000302
+#define CKM_CAST_MAC 0x00000303
+#define CKM_CAST_MAC_GENERAL 0x00000304
+#define CKM_CAST_CBC_PAD 0x00000305
+#define CKM_CAST3_KEY_GEN 0x00000310
+#define CKM_CAST3_ECB 0x00000311
+#define CKM_CAST3_CBC 0x00000312
+#define CKM_CAST3_MAC 0x00000313
+#define CKM_CAST3_MAC_GENERAL 0x00000314
+#define CKM_CAST3_CBC_PAD 0x00000315
+#define CKM_CAST5_KEY_GEN 0x00000320
+#define CKM_CAST128_KEY_GEN 0x00000320
+#define CKM_CAST5_ECB 0x00000321
+#define CKM_CAST128_ECB 0x00000321
+#define CKM_CAST5_CBC 0x00000322
+#define CKM_CAST128_CBC 0x00000322
+#define CKM_CAST5_MAC 0x00000323
+#define CKM_CAST128_MAC 0x00000323
+#define CKM_CAST5_MAC_GENERAL 0x00000324
+#define CKM_CAST128_MAC_GENERAL 0x00000324
+#define CKM_CAST5_CBC_PAD 0x00000325
+#define CKM_CAST128_CBC_PAD 0x00000325
+#define CKM_RC5_KEY_GEN 0x00000330
+#define CKM_RC5_ECB 0x00000331
+#define CKM_RC5_CBC 0x00000332
+#define CKM_RC5_MAC 0x00000333
+#define CKM_RC5_MAC_GENERAL 0x00000334
+#define CKM_RC5_CBC_PAD 0x00000335
+#define CKM_IDEA_KEY_GEN 0x00000340
+#define CKM_IDEA_ECB 0x00000341
+#define CKM_IDEA_CBC 0x00000342
+#define CKM_IDEA_MAC 0x00000343
+#define CKM_IDEA_MAC_GENERAL 0x00000344
+#define CKM_IDEA_CBC_PAD 0x00000345
+#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
+#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
+#define CKM_XOR_BASE_AND_DATA 0x00000364
+#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
+#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
+#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
+#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
+/* The following are new for v2.11 */
+#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
+#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374
+#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375
+#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376
+#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
+#define CKM_SSL3_MD5_MAC 0x00000380
+#define CKM_SSL3_SHA1_MAC 0x00000381
+#define CKM_MD5_KEY_DERIVATION 0x00000390
+#define CKM_MD2_KEY_DERIVATION 0x00000391
+#define CKM_SHA1_KEY_DERIVATION 0x00000392
+#define CKM_SHA256_KEY_DERIVATION 0x00000393
+#define CKM_PBE_MD2_DES_CBC 0x000003A0
+#define CKM_PBE_MD5_DES_CBC 0x000003A1
+#define CKM_PBE_MD5_CAST_CBC 0x000003A2
+#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
+#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
+#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
+#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
+#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
+#define CKM_PBE_SHA1_RC4_128 0x000003A6
+#define CKM_PBE_SHA1_RC4_40 0x000003A7
+#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
+#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
+#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
+#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
+/* CKM_PKCS5_PBKD2 is new for v2.11 */
+#define CKM_PKCS5_PBKD2 0x000003B0
+#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
+#define CKM_KEY_WRAP_LYNKS 0x00000400
+#define CKM_KEY_WRAP_SET_OAEP 0x00000401
+/* Fortezza mechanisms */
+#define CKM_SKIPJACK_KEY_GEN 0x00001000
+#define CKM_SKIPJACK_ECB64 0x00001001
+#define CKM_SKIPJACK_CBC64 0x00001002
+#define CKM_SKIPJACK_OFB64 0x00001003
+#define CKM_SKIPJACK_CFB64 0x00001004
+#define CKM_SKIPJACK_CFB32 0x00001005
+#define CKM_SKIPJACK_CFB16 0x00001006
+#define CKM_SKIPJACK_CFB8 0x00001007
+#define CKM_SKIPJACK_WRAP 0x00001008
+#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
+#define CKM_SKIPJACK_RELAYX 0x0000100a
+#define CKM_KEA_KEY_PAIR_GEN 0x00001010
+#define CKM_KEA_KEY_DERIVE 0x00001011
+#define CKM_FORTEZZA_TIMESTAMP 0x00001020
+#define CKM_BATON_KEY_GEN 0x00001030
+#define CKM_BATON_ECB128 0x00001031
+#define CKM_BATON_ECB96 0x00001032
+#define CKM_BATON_CBC128 0x00001033
+#define CKM_BATON_COUNTER 0x00001034
+#define CKM_BATON_SHUFFLE 0x00001035
+#define CKM_BATON_WRAP 0x00001036
+/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
+ * CKM_EC_KEY_PAIR_GEN is preferred. */
+#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
+#define CKM_EC_KEY_PAIR_GEN 0x00001040
+#define CKM_ECDSA 0x00001041
+#define CKM_ECDSA_SHA1 0x00001042
+/* The following are new for v2.11 */
+#define CKM_ECDH1_DERIVE 0x00001050
+#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
+#define CKM_ECMQV_DERIVE 0x00001052
+#define CKM_JUNIPER_KEY_GEN 0x00001060
+#define CKM_JUNIPER_ECB128 0x00001061
+#define CKM_JUNIPER_CBC128 0x00001062
+#define CKM_JUNIPER_COUNTER 0x00001063
+#define CKM_JUNIPER_SHUFFLE 0x00001064
+#define CKM_JUNIPER_WRAP 0x00001065
+#define CKM_FASTHASH 0x00001070
+/* The following are new for v2.11 */
+#define CKM_AES_KEY_GEN 0x00001080
+#define CKM_AES_ECB 0x00001081
+#define CKM_AES_CBC 0x00001082
+#define CKM_AES_MAC 0x00001083
+#define CKM_AES_MAC_GENERAL 0x00001084
+#define CKM_AES_CBC_PAD 0x00001085
+#define CKM_DSA_PARAMETER_GEN 0x00002000
+#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
+#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
+#define CKM_VENDOR_DEFINED 0x80000000
+#define CK_PTR *
+typedef void CK_PTR CK_VOID_PTR;
+/* CK_MECHANISM is a structure that specifies a particular
+ * mechanism */
+typedef struct CK_MECHANISM {
+ CK_MECHANISM_TYPE mechanism;
+ CK_VOID_PTR pParameter;
+ CK_ULONG ulParameterLen; /* in bytes */
+/* CK_MECHANISM_INFO provides information about a particular
+ * mechanism */
+typedef struct CK_MECHANISM_INFO {
+ CK_ULONG ulMinKeySize;
+ CK_ULONG ulMaxKeySize;
+ CK_FLAGS flags;
+/* The flags are defined as follows:
+ * Bit Flag Mask Meaning */
+#define CKF_HW 0x00000001 /* performed by HW */
+ * and CKF_DERIVE are new for v2.0. They specify whether or not
+ * a mechanism can be used for a particular task */
+#define CKF_ENCRYPT 0x00000100
+#define CKF_DECRYPT 0x00000200
+#define CKF_DIGEST 0x00000400
+#define CKF_SIGN 0x00000800
+#define CKF_SIGN_RECOVER 0x00001000
+#define CKF_VERIFY 0x00002000
+#define CKF_VERIFY_RECOVER 0x00004000
+#define CKF_GENERATE 0x00008000
+#define CKF_GENERATE_KEY_PAIR 0x00010000
+#define CKF_WRAP 0x00020000
+#define CKF_UNWRAP 0x00040000
+#define CKF_DERIVE 0x00080000
+/* The following are new for v2.11 */
+#define CKF_EC_F_P 0x00100000
+#define CKF_EC_F_2M 0x00200000
+#define CKF_EC_ECPARAMETERS 0x00400000
+#define CKF_EC_NAMEDCURVE 0x00800000
+#define CKF_EC_UNCOMPRESS 0x01000000
+#define CKF_EC_COMPRESS 0x02000000
+#define CKF_EXTENSION 0x80000000 /* FALSE for 2.01 */
+#define CKR_MECHANISM_INVALID 0x00000070
+/* From common/c_defs.h in openCryptoki */
+typedef struct _MECH_LIST_ELEMENT {
+ CK_MECHANISM_TYPE mech_type;
+ CK_MECHANISM_INFO mech_info;
+struct mech_list_item;
+struct mech_list_item {
+ struct mech_list_item *next;
+extern void generate_pkcs11_mech_list(struct mech_list_item *head);
diff --git a/libica.spec b/libica.spec
new file mode 100644
index 0000000..927888e
--- /dev/null
+++ b/libica.spec
@@ -0,0 +1,90 @@
+Name: libica
+Version: 2.5.0
+Release: 1%{?dist}
+Summary: Interface library to the ICA device driver
+Group: Libraries/Crypto
+License: CPL
+Source0: %{name}-%{version}.tar.gz
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRequires: autoconf automake libtool openssl-devel
+Interface library on Linux for IBM System z to utilize CPACF
+functions and cryptographic processors.
+%package devel
+Summary: Interface library to the ICA device driver
+Group: Libraries/Crypto
+Requires: libica = %{version}-%{release}, glibc-devel
+%description devel
+Interface library on Linux for IBM System z to utilize CPACF
+functions and cryptographic processors.
+%setup -q -n %{name}-%{version}
+autoreconf --force --install
+%configure --disable-static
+make %{?_smp_mflags}
+rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+%attr(755,root,root) %{_libdir}/*
+%files devel
+* Wed Nov 11 2015 Ingo Tuchscherer <>
+- Version v2.5.0
+* Tue Jun 17 2014 Ingo Tuchscherer <>
+- Version v2.4.0
+* Wed Mar 20 2013 Ingo Tuchscherer <>
+- Version v2.3.0
+* Mon Feb 13 2012 Holger Dengler <>
+- Version v2.2.0
+* Mon Sep 12 2011 Holger Dengler <>
+- Bugfix version v2.1.1
+* Mon May 09 2011 Holger Dengler <>
+- Version v2.1.0
+* Tue Mar 05 2011 Holger Dengler <>
+- Bugfix version 2.0.6
+* Tue Mar 05 2011 Holger Dengler <>
+- Bugfix version 2.0.5
+* Thu Sep 30 2010 Rainer Wolafka <>
+- Bugfix version 2.0.4
+* Thu Apr 15 2010 Ruben Straus <>
+- Bugfixes version 2.0.3
+* Wed Aug 12 2009 Felix Beck <>
+- Bugfixes version 2.0.2
+* Wed Feb 4 2009 Felix Beck <
+- version 2.0
+* Fri Aug 4 2006 Daniel H Jones <>
+- initial file created
diff --git a/src/ b/src/
new file mode 100644
index 0000000..7c6f206
--- /dev/null
+++ b/src/
@@ -0,0 +1,20 @@
+INCLUDES = -I ./include -I ../include
+libica_la_LDFLAGS = -version-number 2:5:0 $(PACKAGE_VERSION) -lrt -lcrypto
+libica_la_SOURCES = icalinux.c ica_api.c init.c icastats_shared.c \
+ s390_rsa.c s390_crypto.c s390_common.c \
+ s390_prng.c s390_sha.c opencryptoki_api.c
+bin_PROGRAMS = icainfo icastats
+icainfo_LDADD =
+icainfo_SOURCES = icainfo.c
+icastats_LDADD =
+icastats_SOURCES = icastats.c
diff --git a/src/ica_api.c b/src/ica_api.c
new file mode 100644
index 0000000..1103f83
--- /dev/null
+++ b/src/ica_api.c
@@ -0,0 +1,1665 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Felix Beck <>
+ * Christian Maaser <>
+ * Rainer Wolafka <>
+ * Holger Dengler <>
+ * Ingo Tuchscherer <>
+ *
+ * Copyright IBM Corp. 2009, 2010, 2011, 2013
+ */
+#define __USE_GNU
+#include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/ioctl.h>
+#include <errno.h>
+#include <stdint.h>
+#include <linux/types.h>
+#include "ica_api.h"
+#include "icastats.h"
+#include "s390_rsa.h"
+#include "s390_crypto.h"
+#include "s390_sha.h"
+#include "s390_prng.h"
+#include "s390_des.h"
+#include "s390_aes.h"
+#include "s390_cmac.h"
+#include "s390_cbccs.h"
+#include "s390_ccm.h"
+#include "s390_gcm.h"
+#define DEFAULT_CRYPT_DEVICE "/udev/z90crypt"
+#define DEFAULT2_CRYPT_DEVICE "/dev/z90crypt"
+#define DEFAULT3_CRYPT_DEVICE "/dev/zcrypt"
+static unsigned int check_des_parms(unsigned int mode,
+ unsigned long data_length,
+ const unsigned char *in_data,
+ const unsigned char *iv,
+ const unsigned char *des_key,
+ const unsigned char *out_data)
+ if ((in_data == NULL) ||
+ (out_data == NULL) ||
+ (des_key == NULL))
+ return EINVAL;
+ switch (mode) {
+ case MODE_ECB:
+ if (data_length & 0x07)
+ return EINVAL;
+ break;
+ case MODE_CBC:
+ if (iv == NULL)
+ return EINVAL;
+ if (data_length & 0x07)
+ return EINVAL;
+ break;
+ case MODE_CBCCS:
+ if (iv == NULL)
+ return EINVAL;
+ if (data_length <= DES_BLOCK_SIZE)
+ return EINVAL;
+ case MODE_CFB:
+ if (iv == NULL)
+ return EINVAL;
+ break;
+ case MODE_CTR:
+ if (iv == NULL)
+ return EINVAL;
+ break;
+ case MODE_OFB:
+ if (iv == NULL)
+ return EINVAL;
+ break;
+ default:
+ /* unsupported mode */
+ return EINVAL;
+ }
+ return 0;
+static unsigned int check_aes_parms(unsigned int mode,
+ unsigned int data_length,
+ const unsigned char *in_data,
+ const unsigned char *iv,
+ unsigned int key_length,
+ const unsigned char *aes_key,
+ const unsigned char *out_data)
+ if ((in_data == NULL) ||
+ (out_data == NULL) ||
+ (aes_key == NULL))
+ return EINVAL;
+ if ((key_length != AES_KEY_LEN128) &&
+ (key_length != AES_KEY_LEN192) &&
+ (key_length != AES_KEY_LEN256))
+ return EINVAL;
+ switch (mode) {
+ case MODE_ECB:
+ if (data_length & 0x0F)
+ return EINVAL;
+ break;
+ case MODE_CBC:
+ if (iv == NULL)
+ return EINVAL;
+ if (data_length & 0x0F)
+ return EINVAL;
+ break;
+ case MODE_CBCCS:
+ if (iv == NULL)
+ return EINVAL;
+ if (data_length <= AES_BLOCK_SIZE)
+ return EINVAL;
+ case MODE_CFB:
+ if (iv == NULL)
+ return EINVAL;
+ break;
+ case MODE_CTR:
+ if (iv == NULL)
+ return EINVAL;
+ break;
+ case MODE_OFB:
+ if (iv == NULL)
+ return EINVAL;
+ break;
+ case MODE_XTS:
+ if (iv == NULL)
+ return EINVAL;
+ if (key_length == AES_KEY_LEN192)
+ return EINVAL;
+ if (data_length < AES_BLOCK_SIZE)
+ return EINVAL;
+ break;
+ case MODE_CCM:
+ case MODE_GCM:
+ if (iv == NULL)
+ return EINVAL;
+ break;
+ default:
+ /* unsupported mode */
+ return EINVAL;
+ }
+ return 0;
+static unsigned int check_cmac_parms(unsigned int block_size,
+ const unsigned char *message, unsigned int message_length,
+ unsigned char *mac, unsigned int mac_length,
+ unsigned char *keys, unsigned int key_length,
+ unsigned char *iv)
+ if (keys == NULL)
+ return EINVAL;
+ if (mac == NULL) { /* intermediate */
+ if (iv == NULL)
+ return EINVAL;
+ if (message_length % block_size)
+ return EINVAL;
+ }
+ if ((mac_length == 0) ||
+ (mac_length > block_size))
+ return EINVAL;
+ if ((message_length != 0) &&
+ (message == NULL))
+ return EINVAL;
+ switch (block_size) {
+ break;
+ if ((key_length != AES_KEY_LEN128) &&
+ (key_length != AES_KEY_LEN192) &&
+ (key_length != AES_KEY_LEN256))
+ return EINVAL;
+ break;
+ default:
+ return EINVAL;
+ }
+ return 0;
+static unsigned int check_gcm_parms(unsigned long text_length,
+ const unsigned char *aad,
+ unsigned long aad_length,
+ const unsigned char *tag, unsigned int tag_length,
+ unsigned int iv_length)
+ if ((text_length > S390_GCM_MAX_TEXT_LENGTH) ||
+ (aad_length > S390_GCM_MAX_AAD_LENGTH) ||
+ (iv_length > S390_GCM_MAX_IV_LENGTH) ||
+ (iv_length == 0))
+ return EINVAL;
+ if (tag == NULL)
+ return EINVAL;
+ switch (tag_length) {
+ case 4:
+ case 8:
+ case 12:
+ case 13:
+ case 14:
+ case 15:
+ case 16:
+ break;
+ default:
+ return EINVAL;
+ }
+ return 0;
+static unsigned int check_ccm_parms(unsigned long payload_length,
+ const unsigned char *assoc_data,
+ unsigned long assoc_data_length,
+ const unsigned char *mac,
+ unsigned int mac_length,
+ unsigned int nonce_length)
+ if ((payload_length == 0) && (assoc_data_length == 0))
+ return EINVAL;
+ if ((nonce_length > S390_CCM_MAX_NONCE_LENGTH) ||
+ (nonce_length < S390_CCM_MIN_NONCE_LENGTH))
+ return EINVAL;
+ /* if nonce_length is equal S390_CCM_MIN_NONCE_LENGTH, payload_length
+ * is only limited by the value range of its data type unsigned long
+ * and need no further checking */
+ if ((nonce_length > S390_CCM_MIN_NONCE_LENGTH) &&
+ (payload_length > ((1ull << (8*(15-nonce_length))))))
+ return EINVAL;
+ if (mac == NULL)
+ return EINVAL;
+ if ((mac_length > S390_CCM_MAX_MAC_LENGTH) ||
+ (mac_length < S390_CCM_MIN_MAC_LENGTH) ||
+ (mac_length % 2))
+ return EINVAL;
+ return 0;
+static unsigned int check_message_part(unsigned int message_part)
+ if (message_part != SHA_MSG_PART_ONLY &&
+ message_part != SHA_MSG_PART_FIRST &&
+ message_part != SHA_MSG_PART_MIDDLE &&
+ message_part != SHA_MSG_PART_FINAL)
+ return EINVAL;
+ else
+ return 0;
+unsigned int ica_open_adapter(ica_adapter_handle_t *adapter_handle)
+ char *name;
+ if (!adapter_handle)
+ return EINVAL;
+ *adapter_handle = DRIVER_NOT_LOADED;
+ name = getenv("LIBICA_CRYPT_DEVICE");
+ if (name)
+ *adapter_handle = open(name, O_RDWR);
+ else {
+ *adapter_handle = open(DEFAULT_CRYPT_DEVICE, O_RDWR);
+ if (*adapter_handle == -1)
+ *adapter_handle = open(DEFAULT2_CRYPT_DEVICE, O_RDWR);
+ if (*adapter_handle == -1)
+ *adapter_handle = open(DEFAULT3_CRYPT_DEVICE, O_RDWR);
+ }
+ if (*adapter_handle != -1) {
+ char status_mask[64];
+ /* Test if character device is accessible. */
+ if (!ioctl(*adapter_handle, Z90STAT_STATUS_MASK, &status_mask)) {
+ return 0;
+ }
+ }
+ /*
+ * Do not fail if crypto device driver is not loaded and CPACF is not
+ * available as the software fallback will still work without an adapter
+ * handle.
+ */
+ return 0;
+unsigned int ica_close_adapter(ica_adapter_handle_t adapter_handle)
+ if (adapter_handle == DRIVER_NOT_LOADED)
+ return 0;
+ if (close(adapter_handle))
+ return errno;
+ return 0;
+unsigned int ica_sha1(unsigned int message_part,
+ unsigned int input_length,
+ unsigned char *input_data,
+ sha_context_t *sha_context,
+ unsigned char *output_data)
+ int rc;
+ /* check for obvious errors in parms */
+ if ((input_data == NULL) ||
+ (sha_context == NULL) ||
+ (output_data == NULL))
+ return EINVAL;
+ /* make sure some message part is specified */
+ rc = check_message_part(message_part);
+ if (rc)
+ return rc;
+ /* check for maximum and minimum input data length */
+ /* if this is the first or middle part, the input */
+ /* data length must be a multiple of 64 bytes */
+ if ((input_length & 0x3f) &&
+ ((message_part == SHA_MSG_PART_FIRST) ||
+ (message_part == SHA_MSG_PART_MIDDLE)))
+ return EINVAL;
+ /*
+ * If this is the middle or final part, the running
+ * length should not be zero
+ */
+ rc = s390_sha1((unsigned char *) &sha_context->shaHash,
+ input_data, input_length, output_data, message_part,
+ (uint64_t *) &sha_context->runningLength);
+ if (!rc)
+ memcpy(&sha_context->shaHash, output_data, LENGTH_SHA_HASH);
+ return rc;
+unsigned int ica_sha224(unsigned int message_part,
+ unsigned int input_length,
+ unsigned char *input_data,
+ sha256_context_t *sha256_context,
+ unsigned char *output_data)
+ unsigned int rc;
+ /* check for obvious errors in parms */
+ if ((input_data == NULL) ||
+ (sha256_context == NULL) ||
+ (output_data == NULL))
+ return EINVAL;
+ /* make sure some message part is specified */
+ rc = check_message_part(message_part);
+ if (rc)
+ return rc;
+ /*
+ * for FIRST or MIDDLE calls the input
+ * data length must be a multiple of 64 bytes.
+ */
+ if (input_length & 0x3f &&
+ (message_part == SHA_MSG_PART_FIRST ||
+ message_part == SHA_MSG_PART_MIDDLE))
+ return EINVAL;
+ return s390_sha224((unsigned char *) &sha256_context->sha256Hash,
+ input_data, input_length, output_data, message_part,
+ (uint64_t *)&sha256_context->runningLength);
+unsigned int ica_sha256(unsigned int message_part,
+ unsigned int input_length,
+ unsigned char *input_data,
+ sha256_context_t *sha256_context,
+ unsigned char *output_data)
+ unsigned int rc;
+ /* check for obvious errors in parms */
+ if ((input_data == NULL) ||
+ (sha256_context == NULL) ||
+ (output_data == NULL))
+ return EINVAL;
+ /* make sure some message part is specified */
+ rc = check_message_part(message_part);
+ if (rc)
+ return rc;
+ /*
+ * for FIRST or MIDDLE calls the input
+ * data length must be a multiple of 64 bytes.
+ */
+ if (input_length & 0x3f &&
+ (message_part == SHA_MSG_PART_FIRST ||
+ message_part == SHA_MSG_PART_MIDDLE))
+ return EINVAL;
+ return s390_sha256((unsigned char *) &sha256_context->sha256Hash,
+ input_data, input_length, output_data, message_part,
+ (uint64_t *) &sha256_context->runningLength);
+unsigned int ica_sha384(unsigned int message_part,
+ uint64_t input_length,
+ unsigned char *input_data,
+ SHA512_CONTEXT *sha512_context,
+ unsigned char *output_data)
+ unsigned int rc;
+ /* check for obvious errors in parms */
+ if ((input_data == NULL) ||
+ (sha512_context == NULL) ||
+ (output_data == NULL))
+ return EINVAL;
+ /* make sure some message part is specified */
+ rc = check_message_part(message_part);
+ if (rc)
+ return rc;
+ /*
+ * for FIRST or MIDDLE calls the input
+ * data length must be a multiple of 128 bytes.
+ */
+ if (input_length & 0x7f &&
+ (message_part == SHA_MSG_PART_FIRST ||
+ message_part == SHA_MSG_PART_MIDDLE))
+ return EINVAL;
+ return s390_sha384((unsigned char *) &sha512_context->sha512Hash,
+ input_data, input_length, output_data, message_part,
+ (uint64_t *) &(sha512_context->runningLengthLow),
+ (uint64_t *) &(sha512_context->runningLengthHigh));
+unsigned int ica_sha512(unsigned int message_part,
+ uint64_t input_length,
+ unsigned char *input_data,
+ sha512_context_t *sha512_context,
+ unsigned char *output_data)
+ unsigned int rc;
+ /* check for obvious errors in parms */
+ if ((input_data == NULL) ||
+ (sha512_context == NULL) ||
+ (output_data == NULL))
+ return EINVAL;
+ /* make sure some message part is specified */
+ rc = check_message_part(message_part);
+ if (rc)
+ return rc;
+ /*
+ * for FIRST or MIDDLE calls the input
+ * data length must be a multiple of 128 bytes.
+ */
+ if (input_length & 0x7f &&
+ (message_part == SHA_MSG_PART_FIRST ||
+ message_part == SHA_MSG_PART_MIDDLE))
+ return EINVAL;
+ return s390_sha512((unsigned char *)&sha512_context->sha512Hash,
+ input_data, input_length, output_data, message_part,
+ (uint64_t *) &sha512_context->runningLengthLow,
+ (uint64_t *) &sha512_context->runningLengthHigh);
+unsigned int ica_random_number_generate(unsigned int output_length,
+ unsigned char *output_data)
+ /* check for obvious errors in parms */
+ if (output_data == NULL)
+ return EINVAL;
+ return s390_prng(output_data, output_length);
+unsigned int ica_rsa_key_generate_mod_expo(ICA_ADAPTER_HANDLE adapter_handle,
+ unsigned int modulus_bit_length,
+ ica_rsa_key_mod_expo_t *public_key,
+ ica_rsa_key_mod_expo_t *private_key)
+ if (public_key->key_length != private_key->key_length)
+ return EINVAL;
+ /* Keys should comply with modulus_bit_length */
+ if ((modulus_bit_length + 7) / 8 != public_key->key_length)
+ return EINVAL;
+ /* Minimum length for public exponent is sizeof(unsigned long) */
+ if (public_key->key_length < sizeof(unsigned long))
+ return EINVAL;
+ /* OpenSSL takes only exponents of type unsigned long, so we have to
+ * be sure that we give a value of the right size to OpenSSL.
+ */
+ unsigned int num_ignored_bytes = public_key->key_length -
+ sizeof(unsigned long);
+ unsigned char *public_exponent = public_key->exponent;
+ for (; num_ignored_bytes; --num_ignored_bytes, ++public_exponent)
+ if (*public_exponent != 0)
+ return EINVAL;
+ /* There is no need to zeroize any buffers here. This will be done in
+ * the lower routines.
+ */
+ return rsa_key_generate_mod_expo(adapter_handle, modulus_bit_length,
+ public_key, private_key);
+unsigned int ica_rsa_key_generate_crt(ICA_ADAPTER_HANDLE adapter_handle,
+ unsigned int modulus_bit_length,
+ ica_rsa_key_mod_expo_t *public_key,
+ ica_rsa_key_crt_t *private_key)
+ if (public_key->key_length != private_key->key_length)
+ return EINVAL;
+ if ((modulus_bit_length + 7) / 8 != public_key->key_length)
+ return EINVAL;
+ if (public_key->key_length < sizeof(unsigned long))
+ return EINVAL;
+ unsigned int num_ignored_bytes = public_key->key_length -
+ sizeof(unsigned long);
+ unsigned char *public_exponent = public_key->exponent;
+ for (; num_ignored_bytes; --num_ignored_bytes, ++public_exponent)
+ if (*public_exponent != 0)
+ return EINVAL;
+ /* There is no need to zeroize any buffers here. This will be done in
+ * the lower routines.
+ */
+ return rsa_key_generate_crt(adapter_handle, modulus_bit_length,
+ public_key, private_key);
+unsigned int ica_rsa_mod_expo(ICA_ADAPTER_HANDLE adapter_handle,
+ unsigned char *input_data,
+ ica_rsa_key_mod_expo_t *rsa_key,
+ unsigned char *output_data)
+ ica_rsa_modexpo_t rb;
+ int rc;
+ /* check for obvious errors in parms */
+ if (input_data == NULL || rsa_key == NULL || output_data == NULL)
+ return EINVAL;
+ /* fill driver structure */
+ rb.inputdata = (char *)input_data;
+ rb.inputdatalength = rsa_key->key_length;
+ rb.outputdata = (char *)output_data;
+ rb.outputdatalength = rsa_key->key_length;
+ rb.b_key = (char *)rsa_key->exponent;
+ rb.n_modulus = (char *)rsa_key->modulus;
+ int hardware = ALGO_SW;
+ if (adapter_handle == DRIVER_NOT_LOADED)
+ rc = rsa_mod_expo_sw(&rb);
+ else {
+ rc = ioctl(adapter_handle, ICARSAMODEXPO, &rb);
+ if (!rc)
+ hardware = ALGO_HW;
+ else
+ rc = rsa_mod_expo_sw(&rb);
+ }
+ if (rc == 0)
+ stats_increment(ICA_STATS_RSA_ME, hardware, ENCRYPT);
+ return rc;
+unsigned int ica_rsa_crt_key_check(ica_rsa_key_crt_t *rsa_key)
+ int pq_comp;
+ int keyfmt = 1;
+ BIGNUM *bn_p;
+ BIGNUM *bn_q;
+ BIGNUM *bn_invq;
+ BN_CTX *ctx;
+ unsigned char *tmp_buf = NULL;
+ /* check if p > q */
+ pq_comp = memcmp( (rsa_key->p + 8), (rsa_key->q), rsa_key->key_length/2);
+ if (pq_comp < 0) /* unprivileged key format */
+ keyfmt = 0;
+ if (!keyfmt) {
+ /* swap p and q */
+ tmp_buf = calloc(1, rsa_key->key_length/2);
+ if (!tmp_buf)
+ return ENOMEM;
+ memcpy(tmp_buf, rsa_key->p + 8, rsa_key->key_length/2);
+ memcpy(rsa_key->p + 8, rsa_key->q, rsa_key->key_length/2);
+ memcpy(rsa_key->q, tmp_buf, rsa_key->key_length/2);
+ /* swap dp and dq */
+ memcpy(tmp_buf, rsa_key->dp + 8, rsa_key->key_length/2);
+ memcpy(rsa_key->dp + 8, rsa_key->dq, rsa_key->key_length/2);
+ memcpy(rsa_key->dq, tmp_buf, rsa_key->key_length/2);
+ /* calculate new qInv */
+ bn_p = BN_new();
+ bn_q = BN_new();
+ bn_invq = BN_new();
+ ctx = BN_CTX_new();
+ BN_bin2bn(rsa_key->p, rsa_key->key_length/2+8, bn_p);
+ BN_bin2bn(rsa_key->q, rsa_key->key_length/2, bn_q);
+ /* qInv = (1/q) mod p */
+ BN_mod_inverse(bn_invq, bn_q, bn_p, ctx);
+ memset(tmp_buf, 0, rsa_key->key_length/2);
+ BN_bn2bin(bn_invq, tmp_buf);
+ memcpy(rsa_key->qInverse + 8, tmp_buf, rsa_key->key_length/2);
+ if (tmp_buf)
+ free(tmp_buf);
+ return 1;
+ }
+ return 0;
+unsigned int ica_rsa_crt(ICA_ADAPTER_HANDLE adapter_handle,
+ unsigned char *input_data,
+ ica_rsa_key_crt_t *rsa_key,
+ unsigned char *output_data)
+ ica_rsa_modexpo_crt_t rb;
+ int rc;
+ /* check for obvious errors in parms */
+ if (input_data == NULL || rsa_key == NULL || output_data == NULL)
+ return EINVAL;
+ /* fill driver structure */
+ rb.inputdata = (char *)input_data;
+ rb.inputdatalength = rsa_key->key_length;
+ rb.outputdata = (char *)output_data;
+ rb.outputdatalength = rsa_key->key_length;
+ ica_rsa_crt_key_check(rsa_key);
+ rb.np_prime = (char *)rsa_key->p;
+ rb.nq_prime = (char *)rsa_key->q;
+ rb.bp_key = (char *)rsa_key->dp;
+ rb.bq_key = (char *)rsa_key->dq;
+ rb.u_mult_inv = (char *)rsa_key->qInverse;
+ int hardware = ALGO_SW;
+ if (adapter_handle == DRIVER_NOT_LOADED)
+ rc = rsa_crt_sw(&rb);
+ else {
+ rc = ioctl(adapter_handle, ICARSACRT, &rb);
+ if(!rc)
+ hardware = ALGO_HW;
+ else
+ rc = rsa_crt_sw(&rb);
+ }
+ if (rc == 0)
+ stats_increment(ICA_STATS_RSA_CRT, hardware, ENCRYPT);
+ return rc;
+unsigned int ica_des_encrypt(unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_des_vector_t *iv,
+ ica_des_key_single_t *des_key,
+ unsigned char *output_data)
+ if (check_des_parms(mode, data_length, input_data,
+ (unsigned char *) iv, (unsigned char *) des_key,
+ output_data))
+ return EINVAL;
+ if (mode == MODE_ECB) {
+ return s390_des_ecb(DEA_ENCRYPT, data_length,
+ input_data, (unsigned char *) des_key,
+ output_data);
+ } else if (mode == MODE_CBC) {
+ return s390_des_cbc(DEA_ENCRYPT, data_length,
+ input_data, (unsigned char *) iv,
+ (unsigned char *) des_key, output_data);
+ }
+ return EINVAL;
+unsigned int ica_des_decrypt(unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_des_vector_t *iv,
+ ica_des_key_single_t *des_key,
+ unsigned char *output_data)
+ if (check_des_parms(mode, data_length, input_data,
+ (unsigned char *) iv, (unsigned char *) des_key,
+ output_data))
+ return EINVAL;
+ if (mode == MODE_ECB) {
+ return s390_des_ecb(DEA_DECRYPT, data_length,
+ input_data, (unsigned char *) des_key,
+ output_data);
+ } else if (mode == MODE_CBC) {
+ return s390_des_cbc(DEA_DECRYPT, data_length,
+ input_data, (unsigned char *) iv,
+ (unsigned char *) des_key, output_data);
+ }
+ return EINVAL;
+unsigned int ica_3des_encrypt(unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_des_vector_t *iv,
+ ica_des_key_triple_t *des_key,
+ unsigned char *output_data)
+ if (check_des_parms(mode, data_length, input_data,
+ (unsigned char *) iv, (unsigned char *) des_key,
+ output_data))
+ return EINVAL;
+ if (mode == MODE_ECB) {
+ return s390_des_ecb(TDEA_192_ENCRYPT, data_length,
+ input_data,(unsigned char *) des_key,
+ output_data);
+ } else if (mode == MODE_CBC) {
+ return s390_des_cbc(TDEA_192_ENCRYPT, data_length,
+ input_data, (unsigned char *) iv,
+ (unsigned char *) des_key, output_data);
+ }
+ return EINVAL;
+unsigned int ica_3des_decrypt(unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_des_vector_t *iv,
+ ica_des_key_triple_t *des_key,
+ unsigned char *output_data)
+ if (check_des_parms(mode, data_length, input_data,
+ (unsigned char *) iv, (unsigned char *) des_key,
+ output_data))
+ return EINVAL;
+ if (mode == MODE_ECB) {
+ return s390_des_ecb(TDEA_192_DECRYPT, data_length,
+ input_data, (unsigned char *) des_key,
+ output_data);
+ } else if (mode == MODE_CBC) {
+ return s390_des_cbc(TDEA_192_DECRYPT, data_length,
+ input_data, (unsigned char *) iv,
+ (unsigned char *) des_key, output_data);
+ }
+ return EINVAL;
+unsigned int ica_aes_encrypt(unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_aes_vector_t *iv,
+ unsigned int key_length,
+ unsigned char *aes_key,
+ unsigned char *output_data)
+ /* check for obvious errors in parms */
+ if (check_aes_parms(mode, data_length, input_data,
+ (unsigned char *) iv, key_length, aes_key,
+ output_data))
+ return EINVAL;
+ unsigned int function_code;
+ function_code = aes_directed_fc(key_length, ICA_ENCRYPT);
+ switch (mode) {
+ case MODE_CBC:
+ return s390_aes_cbc(function_code, data_length, input_data,
+ (unsigned char *) iv, aes_key,
+ output_data);
+ case MODE_ECB:
+ return s390_aes_ecb(function_code, data_length, input_data,
+ aes_key, output_data);
+ default:
+ return EINVAL;
+ }
+ return EINVAL;
+unsigned int ica_aes_decrypt(unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_aes_vector_t *iv,
+ unsigned int key_length,
+ unsigned char *aes_key,
+ unsigned char *output_data)
+ /* check for obvious errors in parms */
+ if (check_aes_parms(mode, data_length, input_data,
+ (unsigned char *) iv, key_length, aes_key,
+ output_data))
+ return EINVAL;
+ unsigned int function_code;
+ function_code = aes_directed_fc(key_length, ICA_DECRYPT);
+ switch (mode) {
+ case MODE_CBC:
+ return s390_aes_cbc(function_code, data_length, input_data,
+ (unsigned char *) iv, aes_key,
+ output_data);
+ case MODE_ECB:
+ return s390_aes_ecb(function_code, data_length, input_data,
+ aes_key, output_data);
+ default:
+ return EINVAL;
+ }
+ return EINVAL;
+unsigned int ica_des_ecb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned int direction)
+ if (check_des_parms(MODE_ECB, data_length, in_data, NULL, key, out_data))
+ return EINVAL;
+ return s390_des_ecb(des_directed_fc(direction), data_length,
+ in_data, key, out_data);
+unsigned int ica_des_cbc(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned char *iv,
+ unsigned int direction)
+ if (check_des_parms(MODE_CBC, data_length, in_data, iv, key, out_data))
+ return EINVAL;
+ return s390_des_cbc(des_directed_fc(direction), data_length,
+ in_data, iv, key, out_data);
+unsigned int ica_des_cbc_cs(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key, unsigned char *iv,
+ unsigned int direction, unsigned int variant)
+ if (check_des_parms(MODE_CBCCS, data_length, in_data, iv, key, out_data))
+ return EINVAL;
+ return s390_des_cbccs(des_directed_fc(direction),
+ in_data, out_data, data_length,
+ key, iv, variant);
+unsigned int ica_des_cfb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned char *iv, unsigned int lcfb,
+ unsigned int direction)
+ if (check_des_parms(MODE_CFB, data_length, in_data, iv, key, out_data))
+ return EINVAL;
+ /* The cipher feedback has to be between 1 and cipher block size. */
+ if ((lcfb == 0) || (lcfb > DES_BLOCK_SIZE))
+ return EINVAL;
+ return s390_des_cfb(des_directed_fc(direction), data_length,
+ in_data, iv, key, out_data, lcfb);
+unsigned int ica_des_ofb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned char *iv, unsigned int direction)
+ if (check_des_parms(MODE_OFB, data_length, in_data, iv, key, out_data))
+ return EINVAL;
+ return s390_des_ofb(des_directed_fc(direction), data_length,
+ in_data, iv, key, out_data);
+unsigned int ica_des_ctr(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key,
+ unsigned char *ctr, unsigned int ctr_width,
+ unsigned int direction)
+ if (check_des_parms(MODE_CTR, data_length, in_data, ctr, key, out_data))
+ return EINVAL;
+ if ((ctr_width & (8 - 1)) ||
+ (ctr_width < 8) ||
+ (ctr_width > (DES_BLOCK_SIZE*8)))
+ return EINVAL;
+ return s390_des_ctr(des_directed_fc(direction),
+ in_data, out_data, data_length,
+ key, ctr, ctr_width);
+unsigned int ica_des_ctrlist(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key,
+ const unsigned char *ctrlist,
+ unsigned int direction)
+ if (check_des_parms(MODE_CTR, data_length, in_data, ctrlist, key, out_data))
+ return EINVAL;
+ return s390_des_ctrlist(des_directed_fc(direction),
+ data_length, in_data, ctrlist,
+ key, out_data);
+unsigned int ica_des_cmac(const unsigned char *message, unsigned long message_length,
+ unsigned char *mac, unsigned int mac_length,
+ unsigned char *key,
+ unsigned int direction)
+ return ica_des_cmac_last(message, message_length,
+ mac, mac_length,
+ key,
+ direction);
+unsigned int ica_des_cmac_intermediate(const unsigned char *message,
+ unsigned long message_length,
+ unsigned char *key,
+ unsigned char *iv)
+ unsigned long function_code;
+ int rc;
+ if (check_cmac_parms(DES_BLOCK_SIZE,
+ message, message_length,
+ NULL, DES_BLOCK_SIZE, /* no mac available (intermediate) */
+ iv))
+ return EINVAL;
+ function_code = des_directed_fc(ICA_DECRYPT);
+ rc = s390_cmac(function_code, message, message_length,
+ DES_BLOCK_SIZE, NULL, /* no mac available (intermediate) */
+ iv);
+ if(!rc)
+ return rc;
+unsigned int ica_des_cmac_last(const unsigned char *message, unsigned long message_length,
+ unsigned char *mac, unsigned int mac_length,
+ unsigned char *key,
+ unsigned char *iv,
+ unsigned int direction)
+ unsigned char tmp_mac[DES_BLOCK_SIZE];
+ unsigned long function_code;
+ int rc;
+ if (check_cmac_parms(DES_BLOCK_SIZE,
+ message, message_length,
+ mac, mac_length,
+ iv))
+ return EINVAL;
+ function_code = des_directed_fc(direction);
+ if (direction) {
+ /* generate */
+ rc = s390_cmac(function_code, message, message_length,
+ DES_BLOCK_SIZE, key, mac_length, mac, iv);
+ if (rc)
+ return rc;
+ else
+ stats_increment(ICA_STATS_DES_CMAC, ALGO_HW, direction);
+ } else {
+ /* verify */
+ rc = s390_cmac(function_code, message, message_length,
+ DES_BLOCK_SIZE, key, mac_length, tmp_mac, iv);
+ if (rc)
+ return rc;
+ if (memcmp(tmp_mac, mac, mac_length))
+ return EFAULT;
+ else
+ stats_increment(ICA_STATS_DES_CMAC, ALGO_HW, direction);
+ }
+ return 0;
+unsigned int ica_3des_ecb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned int direction)
+ if (check_des_parms(MODE_ECB, data_length, in_data, NULL, key, out_data))
+ return EINVAL;
+ return s390_des_ecb(tdes_directed_fc(direction), data_length,
+ in_data, key, out_data);
+unsigned int ica_3des_cbc(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned char *iv,
+ unsigned int direction)
+ if (check_des_parms(MODE_CBC, data_length, in_data, iv, key, out_data))
+ return EINVAL;
+ return s390_des_cbc(tdes_directed_fc(direction), data_length,
+ in_data, iv, key, out_data);
+unsigned int ica_3des_cbc_cs(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key, unsigned char *iv,
+ unsigned int direction, unsigned int variant)
+ if (check_des_parms(MODE_CBCCS, data_length, in_data, iv, key, out_data))
+ return EINVAL;
+ return s390_des_cbccs(tdes_directed_fc(direction),
+ in_data, out_data, data_length,
+ key, iv, variant);
+unsigned int ica_3des_cfb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned char *iv, unsigned int lcfb,
+ unsigned int direction)
+ if (check_des_parms(MODE_CFB, data_length, in_data, iv, key, out_data))
+ return EINVAL;
+ /* The cipher feedback has to be between 1 and cipher block size. */
+ if ((lcfb == 0) || (lcfb > DES_BLOCK_SIZE))
+ return EINVAL;
+ return s390_des_cfb(tdes_directed_fc(direction), data_length,
+ in_data, iv, key, out_data, lcfb);
+unsigned int ica_3des_ofb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned char *iv, unsigned int direction)
+ if (check_des_parms(MODE_OFB, data_length, in_data, iv, key, out_data))
+ return EINVAL;
+ return s390_des_ofb(tdes_directed_fc(direction), data_length,
+ in_data, iv, key, out_data);
+unsigned int ica_3des_ctr(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key,
+ unsigned char *ctr, unsigned int ctr_width,
+ unsigned int direction)
+ if (check_des_parms(MODE_CTR, data_length, in_data, ctr, key, out_data))
+ return EINVAL;
+ if ((ctr_width & (8 - 1)) ||
+ (ctr_width < 8) ||
+ (ctr_width > (DES_BLOCK_SIZE*8)))
+ return EINVAL;
+ return s390_des_ctr(tdes_directed_fc(direction),
+ in_data, out_data, data_length,
+ key, ctr, ctr_width);
+unsigned int ica_3des_ctrlist(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key,
+ const unsigned char *ctrlist,
+ unsigned int direction)
+ if (check_des_parms(MODE_CTR, data_length, in_data, ctrlist, key, out_data))
+ return EINVAL;
+ return s390_des_ctrlist(tdes_directed_fc(direction),
+ data_length, in_data, ctrlist,
+ key, out_data);
+unsigned int ica_3des_cmac(const unsigned char *message, unsigned long message_length,
+ unsigned char *mac, unsigned int mac_length,
+ unsigned char *key,
+ unsigned int direction)
+ return ica_3des_cmac_last(message, message_length,
+ mac, mac_length,
+ key,
+ direction);
+unsigned int ica_3des_cmac_intermediate(const unsigned char *message,
+ unsigned long message_length,
+ unsigned char *key,
+ unsigned char *iv)
+ unsigned long function_code;
+ int rc;
+ if (check_cmac_parms(DES_BLOCK_SIZE,
+ message, message_length,
+ NULL, DES_BLOCK_SIZE, /* no mac available (intermediate) */
+ key, 3*DES_BLOCK_SIZE,
+ iv))
+ return EINVAL;
+ function_code = tdes_directed_fc(ICA_DECRYPT);
+ rc = s390_cmac(function_code, message, message_length,
+ 3*DES_BLOCK_SIZE, key,
+ DES_BLOCK_SIZE, NULL, /* no mac available (intermediate) */
+ iv);
+ if (!rc)
+ stats_increment(ICA_STATS_3DES_CMAC, ALGO_HW, DECRYPT);
+ return rc;
+unsigned int ica_3des_cmac_last(const unsigned char *message, unsigned long message_length,
+ unsigned char *mac, unsigned int mac_length,
+ unsigned char *key,
+ unsigned char *iv,
+ unsigned int direction)
+ unsigned char tmp_mac[DES_BLOCK_SIZE];
+ unsigned long function_code;
+ int rc;
+ if (check_cmac_parms(DES_BLOCK_SIZE,
+ message, message_length,
+ mac, mac_length,
+ key, 3*DES_BLOCK_SIZE,
+ iv))
+ return EINVAL;
+ function_code = tdes_directed_fc(direction);
+ if (direction) {
+ /* generate */
+ rc = s390_cmac(function_code, message, message_length,
+ 3*DES_BLOCK_SIZE, key, mac_length, mac, iv);
+ if (rc)
+ return rc;
+ else
+ stats_increment(ICA_STATS_3DES_CMAC, ALGO_HW, direction);
+ } else {
+ /* verify */
+ rc = s390_cmac(function_code, message, message_length,
+ 3*DES_BLOCK_SIZE, key, mac_length, tmp_mac, iv);
+ if (rc)
+ return rc;
+ if (memcmp(tmp_mac, mac, mac_length))
+ return EFAULT;
+ else
+ stats_increment(ICA_STATS_3DES_CMAC, ALGO_HW, direction);
+ }
+ return 0;
+unsigned int ica_aes_ecb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned int key_length,
+ unsigned int direction)
+ unsigned int function_code;
+ if (check_aes_parms(MODE_ECB, data_length, in_data, NULL, key_length,
+ key, out_data))
+ return EINVAL;
+ function_code = aes_directed_fc(key_length, direction);
+ return s390_aes_ecb(function_code, data_length, in_data, key, out_data);
+unsigned int ica_aes_cbc(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned int key_length, unsigned char *iv,
+ unsigned int direction)
+ unsigned int function_code;
+ if (check_aes_parms(MODE_CBC, data_length, in_data, iv, key_length,
+ key, out_data))
+ return EINVAL;
+ function_code = aes_directed_fc(key_length, direction);
+ return s390_aes_cbc(function_code, data_length, in_data, iv, key, out_data);
+unsigned int ica_aes_cbc_cs(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *iv,
+ unsigned int direction, unsigned int variant)
+ unsigned int function_code;
+ if (check_aes_parms(MODE_CBCCS, data_length, in_data, iv, key_length,
+ key, out_data))
+ return EINVAL;
+ function_code = aes_directed_fc(key_length, direction);
+ return s390_aes_cbccs(function_code, in_data, out_data, data_length,
+ key, key_length, iv, variant);
+unsigned int ica_aes_cfb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned int key_length, unsigned char *iv, unsigned int lcfb,
+ unsigned int direction)
+ unsigned int function_code;
+ if (check_aes_parms(MODE_CFB, data_length, in_data, iv, key_length,
+ key, out_data))
+ return EINVAL;
+ /* The cipher feedback has to be between 1 and cipher block size. */
+ if ((lcfb == 0) || (lcfb > AES_BLOCK_SIZE))
+ return EINVAL;
+ function_code = aes_directed_fc(key_length, direction);
+ return s390_aes_cfb(function_code, data_length, in_data, iv, key, out_data,
+ lcfb);
+unsigned int ica_aes_ofb(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length, unsigned char *key,
+ unsigned int key_length, unsigned char *iv,
+ unsigned int direction)
+ unsigned int function_code;
+ if (check_aes_parms(MODE_OFB, data_length, in_data, iv, key_length,
+ key, out_data))
+ return EINVAL;
+ function_code = aes_directed_fc(key_length, direction);
+ return s390_aes_ofb(function_code, data_length, in_data, iv, key, out_data);
+unsigned int ica_aes_ctr(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *ctr, unsigned int ctr_width,
+ unsigned int direction)
+ unsigned int function_code;
+ if (check_aes_parms(MODE_CTR, data_length, in_data, ctr, key_length,
+ key, out_data))
+ return EINVAL;
+ if ((ctr_width & (8 - 1)) ||
+ (ctr_width < 8) ||
+ (ctr_width > (AES_BLOCK_SIZE*8)))
+ return EINVAL;
+ function_code = aes_directed_fc(key_length, direction);
+ return s390_aes_ctr(function_code,
+ in_data, out_data, data_length,
+ key, ctr, ctr_width);
+unsigned int ica_aes_ctrlist(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key, unsigned int key_length,
+ const unsigned char *ctrlist,
+ unsigned int direction)
+ unsigned int function_code;
+ if (check_aes_parms(MODE_CTR, data_length, in_data, ctrlist, key_length,
+ key, out_data))
+ return EINVAL;
+ function_code = aes_directed_fc(key_length, direction);
+ return s390_aes_ctrlist(function_code, data_length, in_data, ctrlist,
+ key, out_data);
+unsigned int ica_aes_xts(const unsigned char *in_data, unsigned char *out_data,
+ unsigned long data_length,
+ unsigned char *key1, unsigned char *key2,
+ unsigned int key_length, unsigned char *tweak,
+ unsigned int direction)
+ unsigned int function_code;
+ if (check_aes_parms(MODE_XTS, data_length, in_data, tweak, key_length,
+ key1, out_data))
+ return EINVAL;
+ if (key2 == NULL)
+ return EINVAL;
+ switch (key_length) {
+ case AES_KEY_LEN128:
+ function_code = (direction == ICA_DECRYPT) ?
+ break;
+ case AES_KEY_LEN256:
+ function_code = (direction == ICA_DECRYPT) ?
+ break;
+ default:
+ return EINVAL;
+ }
+ return s390_aes_xts(function_code, data_length, in_data, tweak,
+ key1, key2, key_length, out_data);
+unsigned int ica_aes_cmac(const unsigned char *message, unsigned long message_length,
+ unsigned char *mac, unsigned int mac_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned int direction)
+ return ica_aes_cmac_last(message, message_length,
+ mac, mac_length,
+ key, key_length,
+ direction);
+unsigned int ica_aes_cmac_intermediate(const unsigned char *message,
+ unsigned long message_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *iv)
+ unsigned long function_code;
+ int rc;
+ if (check_cmac_parms(AES_BLOCK_SIZE,
+ message, message_length,
+ NULL, AES_BLOCK_SIZE, /* no mac available (intermediate) */
+ key, key_length,
+ iv))
+ return EINVAL;
+ function_code = aes_directed_fc(key_length, ICA_DECRYPT);
+ rc = s390_cmac(function_code, message, message_length,
+ key_length, key,
+ AES_BLOCK_SIZE, NULL, /* no mac available (intermediate) */
+ iv);
+ if (!rc)
+ return rc;
+unsigned int ica_aes_cmac_last(const unsigned char *message, unsigned long message_length,
+ unsigned char *mac, unsigned int mac_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *iv,
+ unsigned int direction)
+ unsigned char tmp_mac[AES_BLOCK_SIZE];
+ unsigned long function_code;
+ int rc;
+ if (check_cmac_parms(AES_BLOCK_SIZE,
+ message, message_length,
+ mac, mac_length,
+ key, key_length,
+ iv))
+ return EINVAL;
+ function_code = aes_directed_fc(key_length, direction);
+ if (direction) {
+ /* generate */
+ rc = s390_cmac(function_code, message, message_length,
+ key_length, key, mac_length, mac, iv);
+ if (rc)
+ return rc;
+ else
+ stats_increment(ICA_STATS_AES_CMAC, ALGO_HW, direction);
+ } else {
+ /* verify */
+ rc = s390_cmac(function_code, message, message_length,
+ key_length, key, mac_length, tmp_mac, iv);
+ if (rc)
+ return rc;
+ if (memcmp(tmp_mac, mac, mac_length))
+ return EFAULT;
+ else
+ stats_increment(ICA_STATS_AES_CMAC, ALGO_HW, direction);
+ }
+ return 0;
+unsigned int ica_aes_ccm(unsigned char *payload, unsigned long payload_length,
+ unsigned char *ciphertext_n_mac, unsigned int mac_length,
+ const unsigned char *assoc_data, unsigned long assoc_data_length,
+ const unsigned char *nonce, unsigned int nonce_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned int direction)
+ unsigned char tmp_mac[AES_BLOCK_SIZE];
+ unsigned char *mac;
+ unsigned long function_code;
+ int rc;
+ if (check_aes_parms(MODE_CCM, payload_length, payload, nonce, key_length,
+ key, ciphertext_n_mac))
+ return EINVAL;
+ if (check_ccm_parms(payload_length,
+ assoc_data, assoc_data_length,
+ ciphertext_n_mac + payload_length, mac_length,
+ nonce_length))
+ return EINVAL;
+ function_code = aes_directed_fc(key_length, direction);
+ mac = (direction == ICA_ENCRYPT) ?
+ (unsigned char *)(ciphertext_n_mac + payload_length) :
+ tmp_mac;
+ rc = s390_ccm(function_code,
+ payload, payload_length,
+ ciphertext_n_mac,
+ assoc_data, assoc_data_length,
+ nonce, nonce_length,
+ mac, mac_length,
+ key);
+ if (rc)
+ return rc;
+ if (direction == ICA_DECRYPT) {
+ /* verify */
+ if (memcmp((unsigned char *)(ciphertext_n_mac + payload_length),
+ tmp_mac, mac_length))
+ return EFAULT;
+ }
+ return 0;
+unsigned int ica_aes_gcm(unsigned char *plaintext, unsigned long plaintext_length,
+ unsigned char *ciphertext,
+ const unsigned char *iv, unsigned int iv_length,
+ const unsigned char *aad, unsigned long aad_length,
+ unsigned char *tag, unsigned int tag_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned int direction)
+ unsigned char tmp_tag[AES_BLOCK_SIZE];
+ unsigned long function_code;
+ int rc;
+ if (check_aes_parms(MODE_GCM, plaintext_length, plaintext, iv, key_length,
+ key, ciphertext))
+ return EINVAL;
+ if (check_gcm_parms(plaintext_length, aad, aad_length, tag, tag_length, iv_length))
+ return EINVAL;
+ function_code = aes_directed_fc(key_length, direction);
+ if (direction) {
+ /* encrypt & generate */
+ rc = s390_gcm(function_code,
+ plaintext, plaintext_length,
+ ciphertext,
+ iv, iv_length,
+ aad, aad_length,
+ tag, tag_length,
+ key);
+ if (rc)
+ return rc;
+ } else {
+ /* decrypt & verify */
+ rc = s390_gcm(function_code,
+ plaintext, plaintext_length,
+ ciphertext,
+ iv, iv_length,
+ aad, aad_length,
+ tmp_tag, AES_BLOCK_SIZE,
+ key);
+ if (rc)
+ return rc;
+ if (memcmp(tmp_tag, tag, tag_length))
+ return EFAULT;
+ }
+ return 0;
+unsigned int ica_aes_gcm_initialize(const unsigned char *iv,
+ unsigned int iv_length,
+ unsigned char *key,
+ unsigned int key_length,
+ unsigned char *icb,
+ unsigned char *ucb,
+ unsigned char *subkey,
+ unsigned int direction)
+ unsigned long function_code;
+ function_code = aes_directed_fc(key_length, direction);
+ return s390_gcm_initialize(function_code, iv, iv_length,
+ key, icb, ucb, subkey);
+unsigned int ica_aes_gcm_intermediate(unsigned char *plaintext,
+ unsigned long plaintext_length,
+ unsigned char *ciphertext,
+ unsigned char *cb,
+ unsigned char *aad, unsigned long aad_length,
+ unsigned char *tag, unsigned int tag_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *subkey, unsigned int direction)
+ unsigned long function_code;
+ int rc, iv_length_dummy = 12;
+ if (check_aes_parms(MODE_GCM, plaintext_length, plaintext, cb, key_length,
+ key, ciphertext))
+ return EINVAL;
+ if (check_gcm_parms(plaintext_length, aad, aad_length, tag, tag_length,
+ iv_length_dummy))
+ return EINVAL;
+ function_code = aes_directed_fc(key_length, direction);
+ if (direction) {
+ /* encrypt & generate */
+ rc = s390_gcm_intermediate(function_code, plaintext, plaintext_length,
+ ciphertext, cb, aad, aad_length, tag,
+ tag_length, key, subkey);
+ if (rc)
+ return rc;
+ } else {
+ /* decrypt & verify */
+ rc = s390_gcm_intermediate(function_code, plaintext, plaintext_length,
+ ciphertext, cb, aad, aad_length, tag,
+ AES_BLOCK_SIZE, key, subkey);
+ if (rc)
+ return rc;
+ }
+ return 0;
+unsigned int ica_aes_gcm_last( unsigned char *icb,
+ unsigned long aad_length, unsigned long ciph_length,
+ unsigned char *tag,
+ unsigned char *final_tag, unsigned int final_tag_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *subkey, unsigned int direction)
+ unsigned long function_code;
+ int rc;
+ function_code = aes_directed_fc(key_length, direction);
+ if (direction) {
+ /* encrypt & generate */
+ rc = s390_gcm_last(function_code, icb, aad_length, ciph_length,
+ tag, AES_BLOCK_SIZE, key, subkey);
+ if (rc)
+ return rc;
+ } else {
+ /* decrypt & verify */
+ rc = s390_gcm_last(function_code, icb, aad_length, ciph_length,
+ tag, AES_BLOCK_SIZE, key, subkey);
+ if (rc)
+ return rc;
+ if (memcmp(tag, final_tag, final_tag_length))
+ return EFAULT;
+ }
+ return 0;
+unsigned int ica_get_version(libica_version_info *version_info)
+#ifdef VERSION
+ int length;
+ int rc;
+ int i;
+ char *pch;
+ char *saveptr;
+ if (version_info == NULL) {
+ return EINVAL;
+ }
+ length = strnlen(VERSION, MAX_VERSION_LENGTH);
+ char buffer[length+1];
+ rc = snprintf(buffer, (length+1), "%s", VERSION);
+ if (rc <= 0) {
+ return EIO;
+ }
+ for (pch = strtok_r(buffer, ".", &saveptr), i = 1;
+ pch != NULL;
+ pch = strtok_r(NULL, ".", &saveptr), i++)
+ {
+ switch(i) {
+ case 1:
+ version_info->major_version = atoi(pch);
+ break;
+ case 2:
+ version_info->minor_version = atoi(pch);
+ break;
+ case 3:
+ version_info->fixpack_version = atoi(pch);
+ break;
+ default:
+ return EIO;
+ }
+ }
+ if (i < 3)
+ return EIO;
+ return 0;
+ /* We expect the libica version information in the format x.y.z
+ * defined in the macro VERSION as part of the build process. */
+ return EIO;
+unsigned int ica_get_functionlist(libica_func_list_element *pmech_list,
+ unsigned int *pmech_list_len)
+ return s390_get_functionlist(pmech_list, pmech_list_len);
diff --git a/src/icainfo.c b/src/icainfo.c
new file mode 100644
index 0000000..c013983
--- /dev/null
+++ b/src/icainfo.c
@@ -0,0 +1,242 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Display a list of all CP Assist for Cryptographic Function (CPACF)
+ * operations supported by libica on a system.
+ *
+ * Author(s): Ralph Wuerthner <>
+ * Holger Dengler <>
+ * Benedikt Klotz <>
+ * Ingo Tuchscherer <>
+ *
+ * Copyright IBM Corp. 2007, 2011, 2014
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <getopt.h>
+#include <libgen.h>
+#include <unistd.h>
+#include <dirent.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+#include "s390_crypto.h"
+#define CMD_NAME "icainfo"
+#define COPYRIGHT "Copyright IBM Corp. 2007, 2014."
+void print_version(void)
+ printf(CMD_NAME ": libica version " VERSION "\n" COPYRIGHT "\n");
+void print_help(char *cmd)
+ printf("Usage: %s [OPTION]\n", cmd);
+ printf
+ ("Display a list of all CP Assist for Cryptographic Function "
+ "(CPACF)\noperations supported by libica on this system.\n"
+ "\n" "Options:\n"
+ " -v, --version show version information\n"
+ " -h, --help display this help text\n");
+#define getopt_string "qvh"
+static struct option getopt_long_options[] = {
+ {"version", 0, 0, 'v'},
+ {"help", 0, 0, 'h'},
+ {0, 0, 0, 0}
+struct crypt_pair {
+ char *name;
+ int algo_id;
+static struct crypt_pair crypt_map[] = {
+ {"SHA-1", SHA1},
+ {"SHA-224", SHA224},
+ {"SHA-256", SHA256},
+ {"SHA-384", SHA384},
+ {"SHA-512", SHA512},
+ {"GHASH", G_HASH},
+ {"P_RNG", P_RNG},
+ {"RSA ME", RSA_ME},
+ {"3DES ECB", DES3_ECB},
+ {"3DES CBC", DES3_CBC},
+ {"3DES OFB", DES3_OFB},
+ {"3DES CFB", DES3_OFB},
+ {"3DES CTR", DES3_CTR},
+ {NULL,0}
+int is_crypto_card_loaded()
+ DIR* sysDir;
+ FILE *file;
+ char dev[PATH_MAX] = "/sys/devices/ap/";
+ struct dirent *direntp;
+ char *type = NULL;
+ size_t size;
+ char c;
+ if ((sysDir = opendir(dev)) == NULL )
+ return 0;
+ while((direntp = readdir(sysDir)) != NULL){
+ if(strstr(direntp->d_name, "card") != 0){
+ snprintf(dev, PATH_MAX, "/sys/devices/ap/%s/type",
+ direntp->d_name);
+ if ((file = fopen(dev, "r")) == NULL){
+ closedir(sysDir);
+ return 0;
+ }
+ if (getline(&type, &size, file) == -1){
+ fclose(file);
+ closedir(sysDir);
+ return 0;
+ }
+ /* ignore \n
+ * looking for CEX??A and CEX??C
+ * Skip type CEX??P cards
+ */
+ if (type[strlen(type)-2] == 'P'){
+ free(type);
+ type = NULL;
+ fclose(file);
+ continue;
+ }
+ free(type);
+ type = NULL;
+ fclose(file);
+ snprintf(dev, PATH_MAX, "/sys/devices/ap/%s/online",
+ direntp->d_name);
+ if ((file = fopen(dev, "r")) == NULL){
+ closedir(sysDir);
+ return 0;
+ }
+ if((c = fgetc(file)) == '1'){
+ fclose(file);
+ return 1;
+ }
+ fclose(file);
+ }
+ }
+ closedir(sysDir);
+ return 0;
+int main(int argc, char **argv)
+ int rc;
+ int index = 0;
+ unsigned int mech_len;
+ libica_func_list_element *pmech_list = NULL;
+ int flag;
+ while ((rc = getopt_long(argc, argv, getopt_string,
+ getopt_long_options, &index)) != -1) {
+ switch (rc) {
+ case 'v':
+ print_version();
+ exit(0);
+ break;
+ case 'h':
+ print_help(basename(argv[0]));
+ exit(0);
+ default:
+ fprintf(stderr, "Try '%s --help' for more"
+ " information.\n", basename(argv[0]));
+ exit(1);
+ }
+ }
+ if (optind < argc) {
+ fprintf(stderr, "%s: invalid option.\n"
+ "Try '%s --help' for more information.\n",
+ argv[0], basename(argv[0]));
+ exit(1);
+ }
+ printf("The following CP Assist for Cryptographic Function (CPACF) \n"
+ "operations are supported by libica on this system:\n");
+ if (ica_get_functionlist(NULL, &mech_len) != 0){
+ perror("get_functionlist: ");
+ return EXIT_FAILURE;
+ }
+ pmech_list = malloc(sizeof(libica_func_list_element)*mech_len);
+ if (ica_get_functionlist(pmech_list, &mech_len) != 0){
+ perror("get_functionlist: ");
+ free(pmech_list);
+ return EXIT_FAILURE;
+ }
+ flag = is_crypto_card_loaded();
+ #define CELL_SIZE 3
+ int i, j;
+ printf(" function | # hardware | #software\n");
+ printf("---------------+------------+--------------\n");
+ for(i = 0;crypt_map[i].algo_id;i++){
+ for(j=0;j<mech_len;j++){
+ if(crypt_map[i].algo_id == pmech_list[j].mech_mode_id){
+ if(flag){
+ printf("%14s | %*s | %*s\n",
+ crypt_map[i].name,
+ pmech_list[j].flags &
+ ? "yes" : "no",
+ pmech_list[j].flags & ICA_FLAG_SW
+ ? "yes" : "no");
+ } else{
+ printf("%14s | %*s | %*s\n",
+ crypt_map[i].name,
+ (pmech_list[j].flags &
+ ? "yes" : "no",
+ pmech_list[j].flags & ICA_FLAG_SW
+ ? "yes" : "no");
+ }
+ break;
+ }
+ }
+ }
+ free(pmech_list);
+ return EXIT_SUCCESS;
diff --git a/src/icalinux.c b/src/icalinux.c
new file mode 100644
index 0000000..f90aa3a
--- /dev/null
+++ b/src/icalinux.c
@@ -0,0 +1,504 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Jon Grimm <>
+ * Amuche Chukudebelu
+ * Robert Burroughs
+ * Eric Rossman <>
+ * Ralph Wuerthner <>
+ * Felix Beck <>
+ * Christian Maaser <>
+ *
+ * Copyright IBM Corp. 2001, 2005, 2008, 2009, 2011
+ */
+#include <string.h>
+#include <errno.h>
+#include <stdint.h>
+#include "ica_api.h"
+#include "s390_rsa.h"
+unsigned int icaOpenAdapter(unsigned int adapter_id,
+ ica_adapter_handle_t *adapter_handle)
+ return ica_open_adapter(adapter_handle);
+unsigned int icaCloseAdapter(ica_adapter_handle_t adapter_handle)
+ return ica_close_adapter(adapter_handle);
+unsigned int icaSha1(ica_adapter_handle_t adapter_handle,
+ unsigned int message_part,
+ unsigned int input_length,
+ unsigned char *input_data,
+ unsigned int context_length,
+ sha_context_t *sha_context,
+ unsigned int *output_length,
+ unsigned char *output_data)
+ if (output_length == NULL)
+ return EINVAL;
+ if (*output_length < SHA_HASH_LENGTH)
+ return EINVAL;
+ *output_length = SHA_HASH_LENGTH;
+ return ica_sha1(message_part, input_length, input_data,
+ sha_context, output_data);
+unsigned int icaSha224(ica_adapter_handle_t adapter_handle,
+ unsigned int message_part,
+ unsigned int input_length,
+ unsigned char *input_data,
+ unsigned int context_length,
+ sha256_context_t *sha256_context,
+ unsigned int *output_length,
+ unsigned char *output_data)
+ if (output_length == NULL)
+ return EINVAL;
+ if (*output_length < SHA224_HASH_LENGTH)
+ return EINVAL;
+ *output_length = SHA224_HASH_LENGTH;
+ return ica_sha224(message_part, input_length, input_data,
+ sha256_context, output_data);
+unsigned int icaSha256(ica_adapter_handle_t adapter_handle,
+ unsigned int message_part,
+ unsigned int input_length,
+ unsigned char *input_data,
+ unsigned int context_length,
+ sha256_context_t *sha256_context,
+ unsigned int *output_length,
+ unsigned char *output_data)
+ if (output_length == NULL)
+ return EINVAL;
+ if (*output_length < SHA256_HASH_LENGTH)
+ return EINVAL;
+ *output_length = SHA256_HASH_LENGTH;
+ return ica_sha256(message_part, input_length, input_data,
+ sha256_context, output_data);
+unsigned int icaSha384(ica_adapter_handle_t adapter_handle,
+ unsigned int message_part,
+ unsigned int input_length,
+ unsigned char *input_data,
+ unsigned int context_length,
+ sha512_context_t *sha512_context,
+ unsigned int *output_length,
+ unsigned char *output_data)
+ if (output_length == NULL)
+ return EINVAL;
+ if (*output_length < SHA384_HASH_LENGTH)
+ return EINVAL;
+ *output_length = SHA384_HASH_LENGTH;
+ return ica_sha384(message_part, input_length, input_data,
+ sha512_context, output_data);
+unsigned int icaSha512(ica_adapter_handle_t adapter_handle,
+ unsigned int message_part,
+ unsigned int input_length,
+ unsigned char *input_data,
+ unsigned int context_length,
+ sha512_context_t *sha512_context,
+ unsigned int *output_length,
+ unsigned char *output_data)
+ if (output_length == NULL)
+ return EINVAL;
+ if (*output_length < SHA512_HASH_LENGTH)
+ return EINVAL;
+ *output_length = SHA512_HASH_LENGTH;
+ return ica_sha512(message_part, input_length, input_data,
+ sha512_context, output_data);
+unsigned int icaRandomNumberGenerate(ica_adapter_handle_t adapter_handle,
+ unsigned int output_length,
+ unsigned char *output_data)
+ return ica_random_number_generate(output_length, output_data);
+unsigned int icaRsaKeyGenerateModExpo(ica_adapter_handle_t adapter_handle,
+ unsigned int modulus_bit_length,
+ unsigned int public_exp_type,
+ unsigned int *public_key_length,
+ ICA_KEY_RSA_MODEXPO *public_key,
+ unsigned int *private_key_length,
+ ICA_KEY_RSA_MODEXPO *private_key)
+ if (private_key == NULL || public_key == NULL ||
+ private_key_length == NULL || public_key_length == NULL)
+ return EINVAL;
+ public_key->modulusBitLength = modulus_bit_length;
+ private_key->modulusBitLength = modulus_bit_length;
+ unsigned int key_length = (modulus_bit_length + 7) / 8;
+ ica_rsa_key_mod_expo_t new_public_key;
+ new_public_key.key_length = key_length;
+ new_public_key.exponent = &public_key->keyRecord[0];
+ new_public_key.modulus =
+ &public_key->keyRecord[new_public_key.key_length];
+ ica_rsa_key_mod_expo_t new_private_key;
+ new_private_key.key_length = key_length;
+ new_private_key.exponent = &private_key->keyRecord[0];
+ new_private_key.modulus =
+ &private_key->keyRecord[new_private_key.key_length];
+ switch (public_exp_type) {
+ case RSA_PUBLIC_3:
+ memset(new_public_key.exponent, 0, new_public_key.key_length);
+ *(unsigned long *)((unsigned char *)new_public_key.exponent +
+ new_public_key.key_length - sizeof(unsigned long)) = 3;
+ break;
+ case RSA_PUBLIC_65537:
+ memset(new_public_key.exponent, 0, new_public_key.key_length);
+ *(unsigned long *)((unsigned char *)new_public_key.exponent +
+ new_public_key.key_length - sizeof(unsigned long))
+ = 65537;
+ break;
+ /* If random, then zero it completely for the random mode will
+ * be chosen anyway if the buffer is detected to be zeroed. */
+ memset(new_public_key.exponent, 0, new_public_key.key_length);
+ break;
+ /* Do not do anything. There is a value in the buffer, which
+ * will be used later as exponent. Choose your exponent
+ * carfully. */
+ break;
+ }
+ /* Set values in the key structs to give back to user*/
+ /* For public key */
+ public_key->nLength = key_length;
+ public_key->expLength = key_length;
+ public_key->expOffset = sizeof(ICA_KEY_RSA_MODEXPO) -
+ public_key->nOffset = public_key->expOffset + public_key->expLength;
+ public_key->keyLength = sizeof(ICA_KEY_RSA_MODEXPO);
+ /* For private key */
+ private_key->nLength = key_length;
+ private_key->expLength = key_length;
+ private_key->expOffset = sizeof(ICA_KEY_RSA_MODEXPO) -
+ public_key->nOffset = public_key->expOffset + public_key->expLength;
+ private_key->keyLength = sizeof(ICA_KEY_RSA_MODEXPO);
+ return ica_rsa_key_generate_mod_expo(adapter_handle,
+ modulus_bit_length,
+ &new_public_key,
+ &new_private_key);
+unsigned int icaRsaKeyGenerateCrt(ica_adapter_handle_t adapter_handle,
+ unsigned int modulus_bit_length,
+ unsigned int public_exp_type,
+ unsigned int *public_key_length,
+ ICA_KEY_RSA_MODEXPO *public_key,
+ unsigned int *private_key_length,
+ ICA_KEY_RSA_CRT *private_key)
+ if (private_key == NULL || public_key == NULL ||
+ private_key_length == NULL || public_key_length == NULL)
+ return EINVAL;
+ public_key->modulusBitLength = modulus_bit_length;
+ private_key->modulusBitLength = modulus_bit_length;
+ ica_rsa_key_mod_expo_t new_public_key;
+ unsigned int key_length = (modulus_bit_length + 7) / 8;
+ new_public_key.key_length = key_length;
+ new_public_key.exponent = &public_key->keyRecord[0];
+ new_public_key.modulus = &public_key->keyRecord[key_length];
+ ica_rsa_key_crt_t new_private_key;
+ new_private_key.key_length = key_length;
+ /* Different order of key parts in old structure is described in
+ * ica_api.h */
+ new_private_key.dp = &private_key->keyRecord[0];
+ new_private_key.dq = &private_key->keyRecord[key_length / 2 + 8];
+ new_private_key.p = &private_key->keyRecord[key_length + 8];
+ new_private_key.q = &private_key->keyRecord[3 * key_length / 2 + 16];
+ new_private_key.qInverse =
+ &private_key->keyRecord[2 * key_length + 16];
+ switch (public_exp_type) {
+ case RSA_PUBLIC_3:
+ memset(new_public_key.exponent, 0, new_public_key.key_length);
+ *(unsigned long *)((unsigned char *)new_public_key.exponent +
+ new_public_key.key_length - sizeof(unsigned long))
+ = 3;
+ break;
+ case RSA_PUBLIC_65537:
+ memset(new_public_key.exponent, 0, new_public_key.key_length);
+ *(unsigned long *)((unsigned char *)new_public_key.exponent +
+ new_public_key.key_length - sizeof(unsigned long))
+ = 65537;
+ break;
+ /* If random, then zero it completely for the random mode will
+ * be chosen anyway if the buffer is detected to be zeroed. */
+ memset(new_public_key.exponent, 0, new_public_key.key_length);
+ break;
+ /* Do not do anything. There is a value in the buffer, which
+ * will be used later as exponent. Choose your exponent
+ * carfully. */
+ break;
+ }
+ /* Set values in the key structs to give back to user*/
+ /* For public key */
+ public_key->nLength = key_length;
+ public_key->expLength = key_length;
+ public_key->expOffset = sizeof(ICA_KEY_RSA_MODEXPO) -
+ public_key->nOffset = public_key->expOffset + public_key->expLength;
+ public_key->keyLength = sizeof(ICA_KEY_RSA_MODEXPO);
+ /* For private key */
+ private_key->pLength = key_length / 2 + 8;
+ private_key->qLength = key_length / 2;
+ private_key->dpLength = key_length / 2 + 8;
+ private_key->dqLength = key_length / 2;
+ private_key->qInvLength = key_length / 2 + 8;
+ /* For public key */
+ private_key->dpOffset = sizeof(ICA_KEY_RSA_CRT) -
+ sizeof(ICA_KEY_RSA_CRT_REC);
+ private_key->dqOffset = private_key->dpOffset + private_key->dpLength;
+ private_key->pOffset = private_key->dqOffset + private_key->dqLength;
+ private_key->qOffset = private_key->pOffset + private_key->pLength;
+ private_key->qInvOffset = private_key->qOffset + private_key->qLength;
+ private_key->keyLength = sizeof(ICA_KEY_RSA_CRT);
+ return ica_rsa_key_generate_crt(adapter_handle, modulus_bit_length,
+ &new_public_key, &new_private_key);
+unsigned int icaRsaModExpo(ica_adapter_handle_t adapter_handle,
+ unsigned int input_length,
+ unsigned char *input_data,
+ unsigned int *output_length,
+ unsigned char *output_data)
+ if (output_data == NULL || rsa_key == NULL || output_data == NULL ||
+ output_length == NULL)
+ return EINVAL;
+ unsigned int key_length = (rsa_key->modulusBitLength + 7) / 8;
+ if (rsa_key->modulusBitLength == 0 || input_length != key_length ||
+ *output_length < input_length)
+ return EINVAL;
+ *output_length = key_length;
+ ica_rsa_key_mod_expo_t new_rsa_key;
+ new_rsa_key.key_length = key_length;
+ new_rsa_key.modulus = &rsa_key->keyRecord[new_rsa_key.key_length];
+ new_rsa_key.exponent = &rsa_key->keyRecord[0];
+ return ica_rsa_mod_expo(adapter_handle, input_data,
+ &new_rsa_key, output_data);
+unsigned int icaRsaCrt(ica_adapter_handle_t adapter_handle,
+ unsigned int input_length,
+ unsigned char *input_data,
+ ICA_KEY_RSA_CRT *rsa_key,
+ unsigned int *output_length,
+ unsigned char *output_data)
+ if (output_data == NULL || rsa_key == NULL || output_data == NULL ||
+ output_length == NULL)
+ return EINVAL;
+ unsigned int key_length = (rsa_key->modulusBitLength + 7) / 8;
+ if (rsa_key->modulusBitLength == 0 || input_length != key_length ||
+ *output_length < input_length)
+ return EINVAL;
+ *output_length = key_length;
+ ica_rsa_key_crt_t new_rsa_key;
+ new_rsa_key.key_length = key_length;
+ /* Old, complicated key structure is described in ica_api.h */
+ new_rsa_key.dp = &rsa_key->keyRecord[0];
+ new_rsa_key.dq = &rsa_key->keyRecord[key_length / 2 + 8];
+ new_rsa_key.p = &rsa_key->keyRecord[key_length + 8];
+ new_rsa_key.q = &rsa_key->keyRecord[3 * key_length / 2 + 16];
+ new_rsa_key.qInverse = &rsa_key->keyRecord[2 * key_length + 16];
+ return ica_rsa_crt(adapter_handle, input_data, &new_rsa_key,
+ output_data);
+unsigned int icaDesEncrypt(ica_adapter_handle_t adapter_handle,
+ unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_des_vector_t *iv,
+ ica_des_key_single_t *des_key,
+ unsigned int *output_length,
+ unsigned char *output_data)
+ /* Length of output data will be a multiple of the cipher block.
+ * For we check that data_length is a multiple of the cipher block,
+ * we can assign data_length to output_length.
+ */
+ if (output_length == NULL)
+ return EINVAL;
+ if (*output_length < data_length)
+ return EINVAL;
+ *output_length = data_length;
+ return ica_des_encrypt(mode, data_length, input_data, iv, des_key,
+ output_data);
+unsigned int icaDesDecrypt(ica_adapter_handle_t adapter_handle,
+ unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_des_vector_t *iv,
+ ica_des_key_single_t *des_key,
+ unsigned int *output_length,
+ unsigned char *output_data)
+ if (output_length == NULL)
+ return EINVAL;
+ if (*output_length < data_length)
+ return EINVAL;
+ *output_length = data_length;
+ return ica_des_decrypt(mode, data_length, input_data, iv, des_key,
+ output_data);
+unsigned int icaTDesEncrypt(ica_adapter_handle_t adapter_handle,
+ unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_des_vector_t *iv,
+ ica_des_key_triple_t *des_key,
+ unsigned int *output_length,
+ unsigned char *output_data)
+ if (output_length == NULL)
+ return EINVAL;
+ if (*output_length < data_length)
+ return EINVAL;
+ *output_length = data_length;
+ return ica_3des_encrypt(mode, data_length, input_data, iv, des_key,
+ output_data);
+unsigned int icaTDesDecrypt(ica_adapter_handle_t adapter_handle,
+ unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_des_vector_t *iv,
+ ica_des_key_triple_t *des_key,
+ unsigned int *output_length,
+ unsigned char *output_data)
+ if (output_length == NULL)
+ return EINVAL;
+ if (*output_length < data_length)
+ return EINVAL;
+ *output_length = data_length;
+ return ica_3des_decrypt(mode, data_length, input_data, iv, des_key,
+ output_data);
+unsigned int icaAesEncrypt(ica_adapter_handle_t adapter_handle,
+ unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_aes_vector_t *iv,
+ unsigned int key_length,
+ unsigned char *aes_key,
+ unsigned int *output_length,
+ unsigned char *output_data)
+ if (output_length == NULL)
+ return EINVAL;
+ if (*output_length < data_length)
+ return EINVAL;
+ *output_length = data_length;
+ return ica_aes_encrypt(mode, data_length, input_data, iv, key_length,
+ aes_key, output_data);
+unsigned int icaAesDecrypt(ica_adapter_handle_t adapter_handle,
+ unsigned int mode,
+ unsigned int data_length,
+ unsigned char *input_data,
+ ica_aes_vector_t *iv,
+ unsigned int key_length,
+ unsigned char *aes_key,
+ unsigned int *output_length,
+ unsigned char *output_data)
+ if (output_length == NULL)
+ return EINVAL;
+ if (*output_length < data_length)
+ return EINVAL;
+ *output_length = data_length;
+ return ica_aes_decrypt(mode, data_length, input_data, iv, key_length,
+ aes_key, output_data);
+unsigned int icaRsaModMult(ica_adapter_handle_t adapter_handle,
+ unsigned int input_length,
+ unsigned char *input_data,
+ unsigned int *output_length,
+ unsigned char *output_data)
+ ica_rsa_modmult_t rb;
+ int bytelength;
+ unsigned char pad[256];
+ unsigned char *inputdata;
+ if ((input_length < 1) ||
+ (input_length > 256) ||
+ (input_data == NULL) ||
+ (rsa_key == NULL) || (output_data == NULL))
+ return EINVAL;
+ bytelength = (rsa_key->modulusBitLength + 7) / 8;
+ if (input_length > bytelength)
+ return EINVAL;
+ if (input_length == bytelength)
+ inputdata = input_data;
+ else {
+ memset(pad, 0x00, 256);
+ memcpy(pad + bytelength - input_length, input_data,
+ input_length);
+ inputdata = pad;
+ }
+ rb.inputdata = (char *)inputdata;
+ rb.inputdatalength = bytelength;
+ rb.outputdata = (char *)output_data;
+ rb.outputdatalength = bytelength;
+ rb.b_key = (char *)&rsa_key->keyRecord[0];
+ rb.n_modulus = (char *)&rsa_key->keyRecord[bytelength];
+ return rsa_mod_mult_sw(&rb);
diff --git a/src/icastats.c b/src/icastats.c
new file mode 100644
index 0000000..61b151a
--- /dev/null
+++ b/src/icastats.c
@@ -0,0 +1,250 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors(s): Christian Maaser <>
+ * Holger Dengler <>
+ * Benedikt Klotz <>
+ * Ingo Tuchscherer <>
+ *
+ * Copyright IBM Corp. 2009, 2010, 2011, 2014
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <ctype.h>
+#include <getopt.h>
+#include <pwd.h>
+#include <libgen.h>
+#include "icastats.h"
+#define CMD_NAME "icastats"
+#define COPYRIGHT "Copyright IBM Corp. 2009, 2010, 2011, 2014."
+void print_version(void)
+ printf(CMD_NAME ": libica version " VERSION "\n" COPYRIGHT "\n");
+void print_help(char *cmd)
+ printf("Usage: %s [OPTION]\n\n", cmd);
+ printf("This command is used to indicate whether libica uses hardware crypto functions or\n"
+ "software fallbacks. It provides an overview of the algorithms with modes of operation.\n"
+ "\n"
+ "Options:\n"
+ " -r, --reset set the own function counters to zero.\n"
+ " -R, --reset-all reset the statistsics from all users. (root user only)\n"
+ " -d, --delete delete your own statistics.\n"
+ " -D, --delete-all delete the statistics from all users. (root user only)\n"
+ " -U, --user <userid> show the statistics from one user. (root user only)\n"
+ " -S, --summary show the accumulated statistics from alle users. (root user only)\n"
+ " -A, --all show the statistic tables from all users. (root user only)\n"
+ " -v, --version output version information\n"
+ " -h, --help display help information\n");
+#define getopt_string "rRdDU:SAvh"
+static struct option getopt_long_options[] = {
+ {"reset", 0, 0, 'r'},
+ {"reset-all", 0, 0, 'R'},
+ {"delete", 0, 0, 'd'},
+ {"delete-all", 0, 0, 'D'},
+ {"user", required_argument, 0, 'U'},
+ {"summary", 0, 0, 'S'},
+ {"all", 0, 0, 'A'},
+ {"version", 0, 0, 'v'},
+ {"help", 0, 0, 'h'},
+ {0, 0, 0, 0}
+const char *const STATS_DESC[ICA_NUM_STATS] = {
+#define CELL_SIZE 10
+void print_stats(stats_entry_t *stats)
+ printf(" function | # hardware | # software\n");
+ printf("--------------+--------------------------+-------------------------\n");
+ printf(" | ENC CRYPT DEC | ENC CRYPT DEC\n");
+ printf("--------------+--------------------------+-------------------------\n");
+ unsigned int i;
+ for (i = 0; i < ICA_NUM_STATS; ++i){
+ printf(" %12s | %*d | %*d\n",
+ stats[i].enc.hw,
+ stats[i].enc.sw);
+ } else{
+ printf(" %12s |%*d %*d |%*d %*d\n",
+ stats[i].enc.hw,
+ stats[i].dec.hw,
+ stats[i].enc.sw,
+ stats[i].dec.sw);
+ }
+ }
+int main(int argc, char *argv[])
+ int rc = 0;
+ int index = 0;
+ int reset = 0;
+ int delete = 0;
+ int sum = 0;
+ int user = -1;
+ int all = 0;
+ struct passwd *pswd;
+ while ((rc = getopt_long(argc, argv, getopt_string,
+ getopt_long_options, &index)) != -1) {
+ switch (rc) {
+ case 'r':
+ reset = 1;
+ break;
+ case 'R':
+ if(geteuid() != 0){
+ fprintf(stderr,"You have no rights to reset all shared memory"
+ " segments!\n");
+ return EXIT_FAILURE;
+ }
+ reset = 2;
+ break;
+ case 'd':
+ delete = 1;
+ break;
+ case 'D':
+ if(geteuid() != 0){
+ fprintf(stderr,"You have no rights to delete all shared memory"
+ " segments!\n");
+ return EXIT_FAILURE;
+ }
+ delete = 2;
+ break;
+ case 'U':
+ if((pswd = getpwnam(optarg)) == NULL){
+ fprintf(stderr, "The username %s is not known"
+ " on this system.\n", optarg );
+ return EXIT_FAILURE;
+ }
+ user = pswd->pw_uid;
+ break;
+ case 'S':
+ sum = 1;
+ break;
+ case 'A':
+ all = 1;
+ break;
+ case 'v':
+ print_version();
+ exit(0);
+ break;
+ case 'h':
+ print_help(basename(argv[0]));
+ exit(0);
+ default:
+ fprintf(stderr,
+ "Try '%s --help' for more information.\n",
+ basename(argv[0]));
+ return EXIT_FAILURE;
+ }
+ }
+ if (optind < argc) {
+ fprintf(stderr, "%s: invalid option.\n\
+ Try '%s --help' for more information.\n",
+ argv[0], basename(argv[0]));
+ return EXIT_FAILURE;
+ }
+ if(delete == 2){
+ if(delete_all() == -1){
+ perror("deleteall: ");
+ return EXIT_FAILURE;
+ }
+ return EXIT_SUCCESS;
+ } else if(delete){
+ stats_mmap(user);
+ stats_munmap(SHM_DESTROY);
+ return EXIT_SUCCESS;
+ }
+ if(all){
+ char *usr;
+ stats_entry_t *entries;
+ while((usr = get_next_usr()) != NULL){
+ if((entries = malloc(sizeof(stats_entry_t)*ICA_NUM_STATS)) == NULL){
+ perror("malloc: ");
+ return EXIT_FAILURE;
+ }
+ get_stats_data(entries);;
+ printf("user: %s\n", usr);
+ print_stats(entries);
+ free(entries);
+ }
+ return EXIT_SUCCESS;
+ }
+ if (sum){
+ stats_entry_t *entries;
+ if((entries = malloc(sizeof(stats_entry_t)*ICA_NUM_STATS)) == NULL){
+ perror("malloc: ");
+ return EXIT_FAILURE;
+ }
+ if(!get_stats_sum(entries)){
+ perror("get_stats_sum: ");
+ return EXIT_FAILURE;
+ }
+ print_stats(entries);
+ return EXIT_SUCCESS;
+ }
+ if(reset == 2){
+ while(get_next_usr() != NULL)
+ stats_reset();
+ return EXIT_SUCCESS;
+ }
+ /* Need to open shm before it can be reseted */
+ if (stats_mmap(user)) {
+ fprintf(stderr, "Could not map shared memory region to local "
+ "address space.\n");
+ return EXIT_FAILURE;
+ }
+ if (reset) {
+ stats_reset();
+ } else{
+ stats_entry_t *stats;
+ if((stats = malloc(sizeof(stats_entry_t)*ICA_NUM_STATS)) == NULL){
+ perror("malloc: ");
+ return EXIT_FAILURE;
+ }
+ get_stats_data(stats);
+ print_stats(stats);
+ }
+ return EXIT_SUCCESS;
diff --git a/src/icastats_shared.c b/src/icastats_shared.c
new file mode 100644
index 0000000..6697143
--- /dev/null
+++ b/src/icastats_shared.c
@@ -0,0 +1,314 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Christian Maaser <>
+ * Holger Dengler <>
+ * Benedikt Klotz <>
+ *
+ * Copyright IBM Corp. 2009, 2011, 2013
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <sys/types.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/file.h>
+#include <fcntl.h>
+#include <dirent.h>
+#include "icastats.h"
+#define NOT_INITIALIZED (-1)
+#define NAME_LENGHT 20
+static stats_entry_t *stats = NULL;
+volatile int stats_shm_handle = NOT_INITIALIZED;
+static void atomic_add(int *x, int i)
+ int old;
+ int new;
+ asm volatile (" l %0,%2\n"
+ "0: lr %1,%0\n"
+ " ar %1,%3\n"
+ " cs %0,%1,%2\n"
+ " jl 0b"
+ :"=&d" (old), "=&d"(new), "=Q"(*x)
+ :"d"(i), "Q"(*x)
+ :"cc", "memory");
+/* open shared memory segment
+ * Arguments:
+ * @user: if user is -1 stats_mmap will open the shared memory segent of the same
+ * user.
+ * If it is not -1, stats_mmap will treat it as uid and will open the shared memory
+ * segment of this userid
+ * return value:
+ * 0 - Success
+ * -1 - Error: See errno for errorcode
+ */
+int stats_mmap(int user)
+ if (stats == NULL) {
+ char shm_id[NAME_LENGHT];
+ sprintf(shm_id, "icastats_%d", user == -1? geteuid(): user);
+ stats_shm_handle = shm_open(shm_id, O_CREAT | O_RDWR,
+ if (stats_shm_handle == NOT_INITIALIZED)
+ return -1;
+ if (ftruncate(stats_shm_handle, STATS_SHM_SIZE) == -1)
+ return -1;
+ stats = (stats_entry_t *) mmap(NULL, STATS_SHM_SIZE, PROT_READ |
+ stats_shm_handle, 0);
+ if (stats == MAP_FAILED){
+ close(stats_shm_handle);
+ stats = NULL;
+ return -1;
+ }
+ }
+ return 0;
+/* Close and/or delete the shared memory segment
+ * Argument:
+ * @unlink - if unlink is true the shared memory segment will be
+ * deleted. If it is false it will only be closed.
+ */
+void stats_munmap(int unlink)
+ char shm_id[NAME_LENGHT];
+ sprintf(shm_id, "icastats_%d", geteuid());
+ if (stats == NULL)
+ return;
+ munmap(stats, STATS_SHM_SIZE);
+ close(stats_shm_handle);
+ stats_shm_handle = NOT_INITIALIZED;
+ if(unlink == SHM_DESTROY)
+ shm_unlink(shm_id);
+ stats = NULL;
+/* query the shared memory segment for a specific field
+ * arguments:
+ * @field - the enum of the field see icastats.h
+ * @hardware - valid values are ALGO_SW for software statistics
+ * and ALGO_HW for hardware statistics
+ * @direction - valid values are ENCRYPT and DECRYPT
+ */
+uint32_t stats_query(stats_fields_t field, int hardware, int direction)
+ if (stats == NULL)
+ return 0;
+ if (direction == ENCRYPT)
+ if (hardware == ALGO_HW)
+ return stats[field].enc.hw;
+ else
+ return stats[field].enc.sw;
+ else
+ if (hardware == ALGO_HW)
+ return stats[field].dec.hw;
+ else
+ return stats[field].dec.sw;
+/* Returns the statistic data in a stats_entry_t array
+ * @entries - Needs to be a array of size ICA_NUM_STATS.
+ */
+void get_stats_data(stats_entry_t *entries)
+ unsigned int i;
+ for(i = 0;i<ICA_NUM_STATS; i++){
+ entries[i].enc.hw = stats_query(i, ALGO_HW, ENCRYPT);
+ entries[i].enc.sw = stats_query(i, ALGO_SW, ENCRYPT);
+ entries[i].dec.hw = stats_query(i, ALGO_HW, DECRYPT);
+ entries[i].dec.sw = stats_query(i, ALGO_SW, DECRYPT);
+ }
+/* get the statistic data from all shared memory segments
+ * accumulated in one variable
+ * @sum: sum must be array of the size of ICA_NUM_STATS
+ * After a call to this function sum contains the accumulated
+ * data of all shared memory segments.
+ * Return value:
+ * 1 - Success
+ * 0 - Error, check errno!
+ */
+int get_stats_sum(stats_entry_t *sum)
+ unsigned int i;
+ struct dirent *direntp;
+ DIR *shmDir;
+ memset(sum, 0, sizeof(stats_entry_t)*ICA_NUM_STATS);
+ if((shmDir = opendir("/dev/shm")) == NULL)
+ return 0;
+ while((direntp = readdir(shmDir)) != NULL){
+ if(strstr(direntp->d_name, "icastats_") != NULL){
+ int fd;
+ stats_entry_t *tmp;
+ if((getpwuid(atoi(&direntp->d_name[9]))) == NULL){
+ closedir(shmDir);
+ return 0;
+ }
+ if ((fd = shm_open(direntp->d_name, O_RDONLY, 0)) == -1){
+ closedir(shmDir);
+ return 0;
+ }
+ if ((tmp = (stats_entry_t *)mmap(NULL, STATS_SHM_SIZE,
+ fd, 0)) == MAP_FAILED){
+ closedir(shmDir);
+ close(fd);
+ return 0;
+ }
+ for(i = 0; i<ICA_NUM_STATS; ++i){
+ sum[i].enc.hw += tmp[i].enc.hw;
+ sum[i].enc.sw += tmp[i].enc.sw;
+ sum[i].dec.hw += tmp[i].dec.hw;
+ sum[i].dec.sw += tmp[i].dec.sw;
+ }
+ munmap(tmp, STATS_SHM_SIZE);
+ close(fd);
+ }
+ }
+ closedir(shmDir);
+ return 1;
+/* Open the shared memory segment of the next user!
+ * Each call to this function will open one file of the
+ * /dev/shm directory. The function will return NULL when all files
+ * in the directory were opened.
+ * WARNING: You should never call this function only one time! Call this funtion in a loop with
+ * abort condition unequal NULL.
+ * The directory will reamin open if you don't wait for NULL!
+ * Return value:
+ * the name of the next user!
+ * It is NULL when all files were opened.
+ */
+char *get_next_usr()
+ struct dirent *direntp;
+ static DIR *shmDir = NULL;
+ /* Closes shm and set stats NULL */
+ stats_munmap(SHM_CLOSE);
+ if(shmDir == NULL){
+ if((shmDir = opendir("/dev/shm")) == NULL)
+ return NULL;
+ }
+ while((direntp = readdir(shmDir)) != NULL){
+ if(strstr(direntp->d_name, "icastats_") != NULL){
+ int uid = atoi(&direntp->d_name[9]);
+ struct passwd *pwd;
+ if((pwd = getpwuid(uid)) == NULL)
+ return NULL;
+ if(stats_mmap(uid) == -1)
+ return NULL;
+ return pwd->pw_name;
+ } else{
+ continue;
+ }
+ }
+ closedir(shmDir);
+ shmDir = NULL;
+ return NULL;
+/* increments a field of the shared memory segment
+ * arguments:
+ * @field - the enum of the field see icastats.h
+ * @hardware - valid values are ALGO_SW for software statistics
+ * and ALGO_HW for hardware statistics
+ * @direction - valid values are ENCRYPT and DECRYPT
+ */
+void stats_increment(stats_fields_t field, int hardware, int direction)
+ if (stats == NULL)
+ return;
+ if(direction == ENCRYPT)
+ if (hardware == ALGO_HW)
+ atomic_add((int *)&stats[field].enc.hw, 1);
+ else
+ atomic_add((int *)&stats[field].enc.sw, 1);
+ else
+ if (hardware == ALGO_HW)
+ atomic_add((int *)&stats[field].dec.hw, 1);
+ else
+ atomic_add((int *)&stats[field].dec.sw, 1);
+/* Reset the shared memory segment to zero
+ */
+void stats_reset()
+ if (stats == NULL)
+ return;
+ memset(stats, 0, sizeof(stats_entry_t)*ICA_NUM_STATS);
+/* Delete all shared memory segments
+ * Return values:
+ * 1 - Success
+ * 0 - Error, check errno!
+ */
+int delete_all()
+ stats_munmap(SHM_DESTROY);
+ struct dirent *direntp;
+ DIR *shmDir;
+ if((shmDir = opendir("/dev/shm")) == NULL)
+ return 0;
+ while((direntp = readdir(shmDir)) != NULL){
+ if(strstr(direntp->d_name, "icastats_") != NULL){
+ if(shm_unlink(direntp->d_name) == -1)
+ return 0;
+ }
+ }
+ closedir(shmDir);
+ return 1;
diff --git a/src/include/icastats.h b/src/include/icastats.h
new file mode 100644
index 0000000..ba2f037
--- /dev/null
+++ b/src/include/icastats.h
@@ -0,0 +1,118 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Christian Maaser <>
+ * Benedikt Klotz <>
+ *
+ * Copyright IBM Corp. 2009, 2013
+ */
+#ifndef __ICA_STATS_H__
+#define __ICA_STATS_H__
+#include <stdint.h>
+typedef struct crypt_opts{
+ uint32_t hw;
+ uint32_t sw;
+} crypt_opts_t;
+typedef struct statis_entry {
+ crypt_opts_t enc;
+ crypt_opts_t dec;
+} stats_entry_t;
+typedef enum stats_fields {
+} stats_fields_t;
+#define STAT_STRINGS \
+ "SHA-1", \
+ "SHA-224", \
+ "SHA-256", \
+ "SHA-384", \
+ "SHA-512", \
+ "GHASH", \
+ "P_RNG", \
+ "RSA-ME", \
+ "RSA-CRT", \
+ "DES ECB", \
+ "DES CBC", \
+ "DES OFB", \
+ "DES CFB", \
+ "DES CTR", \
+ "DES CMAC", \
+ "3DES ECB", \
+ "3DES CBC", \
+ "3DES OFB", \
+ "3DES CFB", \
+ "3DES CTR", \
+ "3DES CMAC", \
+ "AES ECB", \
+ "AES CBC", \
+ "AES OFB", \
+ "AES CFB", \
+ "AES CTR", \
+ "AES CMAC", \
+#define STATS_SHM_SIZE (sizeof(stats_entry_t) * ICA_NUM_STATS)
+#define ENCRYPT 1
+#define DECRYPT 0
+#define ALGO_SW 0
+#define ALGO_HW 1
+#define SHM_CLOSE 0
+#define SHM_DESTROY 1
+int stats_mmap(int user);
+void stats_munmap(int unlink);
+uint32_t stats_query(stats_fields_t field, int hardware, int direction);
+void get_stats_data(stats_entry_t *entries);
+void stats_increment(stats_fields_t field, int hardware, int direction);
+int get_stats_sum(stats_entry_t *sum);
+char *get_next_usr();
+void stats_reset();
+int delete_all();
diff --git a/src/include/init.h b/src/include/init.h
new file mode 100644
index 0000000..fc60eee
--- /dev/null
+++ b/src/include/init.h
@@ -0,0 +1,26 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Felix Beck <>
+ * Christian Maaser <>
+ *
+ * Copyright IBM Corp. 2009
+ */
+#ifndef INIT_H
+#define INIT_H
+#include <signal.h>
+#include <setjmp.h>
+#define EXCEPTION_RV 20
+int begin_sigill_section(struct sigaction *oldact, sigset_t * oldset);
+void end_sigill_section(struct sigaction *oldact, sigset_t * oldset);
diff --git a/src/include/s390_aes.h b/src/include/s390_aes.h
new file mode 100644
index 0000000..a21dc4d
--- /dev/null
+++ b/src/include/s390_aes.h
@@ -0,0 +1,715 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Felix Beck <>
+ * Christian Maaser <>
+ * Holger Dengler <>
+ *
+ * Copyright IBM Corp. 2009, 2010, 2011
+ */
+#ifndef S390_AES_H
+#define S390_AES_H
+#include <openssl/aes.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#include "icastats.h"
+#include "init.h"
+#include "s390_crypto.h"
+#include "s390_ctr.h"
+#define AES_BLOCK_SIZE 16
+static inline int __s390_aes_ctrlist(unsigned int fc, unsigned long data_length,
+ const unsigned char *in_data,
+ const unsigned char *ctrlist,
+ unsigned char *key,
+ unsigned char *out_data)
+ int rc = EPERM;
+ int hardware = ALGO_HW;
+ if (*s390_msa4_functions[fc].enabled)
+ rc = s390_ctr_hw(s390_msa4_functions[fc].hw_fc,
+ data_length, in_data, key,
+ out_data, ctrlist);
+ if (rc) {
+ hardware = ALGO_SW;
+ return rc;
+ }
+ stats_increment(ICA_STATS_AES_CTR, hardware,
+ (s390_msa4_functions[fc].hw_fc &
+ return rc;
+static inline int s390_aes_ctrlist(unsigned int fc, unsigned long data_length,
+ const unsigned char *in_data,
+ const unsigned char *ctrlist,
+ unsigned char *key, unsigned char *out_data)
+ int rc = 0;
+ unsigned char rest_in_data[AES_BLOCK_SIZE];
+ unsigned char rest_out_data[AES_BLOCK_SIZE];
+ unsigned long rest_data_length;
+ unsigned long tmp_data_length;
+ rest_data_length = data_length % AES_BLOCK_SIZE;
+ tmp_data_length = data_length - rest_data_length;
+ if (tmp_data_length) {
+ rc = __s390_aes_ctrlist(fc, tmp_data_length, in_data,
+ ctrlist, key, out_data);
+ if (rc)
+ return rc;
+ }
+ if (rest_data_length) {
+ memcpy(rest_in_data, in_data + tmp_data_length,
+ rest_data_length);
+ rc = __s390_aes_ctrlist(fc, AES_BLOCK_SIZE,
+ rest_in_data,
+ ctrlist + tmp_data_length,
+ key, rest_out_data);
+ if (rc)
+ return rc;
+ memcpy(out_data + tmp_data_length,
+ rest_out_data, rest_data_length);
+ }
+ return rc;
+static inline int s390_aes_ctr(unsigned int fc, const unsigned char *in_data,
+ unsigned char *out_data, unsigned long data_length,
+ unsigned char *key, unsigned char *ctr,
+ unsigned int ctr_width)
+ const unsigned char *src;
+ unsigned char *tmp_ctrlist = NULL;
+ unsigned long chunk_length;
+ unsigned long rest_length;
+ unsigned long tmp_length;
+ int rc = 0;
+ if (data_length <= AES_BLOCK_SIZE) {
+ /* short message handling */
+ rc = s390_aes_ctrlist(fc, data_length, in_data, ctr,
+ key, out_data);
+ if (rc)
+ goto free_out;
+ ctr_inc_single(ctr, AES_BLOCK_SIZE, ctr_width);
+ return rc;
+ }
+ /* find largest possible message chunk */
+ chunk_length = NEXT_BS(data_length, AES_BLOCK_SIZE);
+ tmp_ctrlist = malloc(chunk_length);
+ /* page size chunk fall back */
+ if ((!tmp_ctrlist) && (data_length > LARGE_MSG_CHUNK)) {
+ chunk_length = LARGE_MSG_CHUNK;
+ tmp_ctrlist = malloc(chunk_length);
+ }
+ /* single block chunk fall back */
+ if (!tmp_ctrlist)
+ chunk_length = AES_BLOCK_SIZE;
+ for (src = in_data, rest_length = data_length;
+ src < (in_data + data_length);
+ src += chunk_length, out_data += chunk_length,
+ rest_length -= chunk_length) {
+ tmp_length = (rest_length < chunk_length) ?
+ rest_length : chunk_length;
+ if (tmp_ctrlist) {
+ ctr_inc_block(ctr, AES_BLOCK_SIZE, ctr_width,
+ tmp_ctrlist,
+ NEXT_BS(tmp_length, AES_BLOCK_SIZE));
+ rc = s390_aes_ctrlist(fc, tmp_length, src,
+ tmp_ctrlist, key, out_data);
+ if (rc)
+ goto free_out;
+ } else {
+ /* single block fall back */
+ rc = s390_aes_ctrlist(fc, tmp_length, src,
+ ctr, key, out_data);
+ if (rc)
+ goto free_out;
+ ctr_inc_single(ctr, AES_BLOCK_SIZE, ctr_width);
+ }
+ }
+ if (tmp_ctrlist)
+ free(tmp_ctrlist);
+ return rc;
+static inline void __memcpy_r_allign(void *dest, int dest_bs,
+ void *src, int src_bs, size_t size)
+ memcpy(dest + (dest_bs - size), src + (src_bs - size), size);
+static inline int s390_aes_ecb_hw(unsigned int function_code,
+ unsigned long input_length,
+ const unsigned char *input_data,
+ unsigned char *keys,
+ unsigned char *output_data)
+ int rc = 0;
+ rc = s390_km(function_code, keys, output_data, input_data,
+ input_length);
+ if (rc >= 0)
+ return 0;
+ else
+ return EIO;
+static inline int s390_aes_ecb_sw(unsigned int function_code,
+ unsigned long input_length,
+ const unsigned char *input_data,
+ unsigned char *keys,
+ unsigned char *output_data)
+ AES_KEY aes_key;
+ unsigned int direction;
+ unsigned int key_size = (function_code & 0x0f) *
+ sizeof(ica_aes_key_single_t);
+ if (function_code & S390_CRYPTO_DIRECTION_MASK) {
+ AES_set_decrypt_key(keys, key_size * 8, &aes_key);
+ direction = AES_DECRYPT;
+ } else {
+ AES_set_encrypt_key(keys, key_size * 8, &aes_key);
+ direction = AES_ENCRYPT;
+ }
+ int i;
+ for (i = 0; i < input_length; i += AES_BLOCK_SIZE) {
+ AES_ecb_encrypt(input_data + i, output_data + i,
+ &aes_key, direction);
+ }
+ return 0;
+static inline int s390_aes_cbc_hw(unsigned int function_code,
+ unsigned long input_length,
+ const unsigned char *input_data,
+ unsigned char *iv,
+ unsigned char *keys,
+ unsigned char *output_data)
+ struct {
+ ica_aes_vector_t iv;
+ ica_aes_key_len_256_t keys;
+ } key_buffer;
+ unsigned int key_size = (function_code & 0x0f) *
+ sizeof(ica_aes_key_single_t);
+ memcpy(&key_buffer.iv, iv, sizeof(ica_aes_vector_t));
+ memcpy(&key_buffer.keys, keys, key_size);
+ int rc = 0;
+ rc = s390_kmc(function_code, &key_buffer,
+ output_data, input_data, input_length);
+ memset(&key_buffer.keys, 0, key_size);
+ if (rc >= 0) {
+ memcpy(iv, &key_buffer.iv, sizeof(ica_aes_vector_t));
+ return 0;
+ } else
+ return EIO;
+static inline int s390_aes_cbc_sw(unsigned int function_code,
+ unsigned long input_length,
+ const unsigned char *input_data,
+ unsigned char *iv,
+ unsigned char *keys,
+ unsigned char *output_data)
+ AES_KEY aes_key;
+ unsigned int direction;
+ unsigned int key_size = (function_code & 0x0f) *
+ sizeof(ica_aes_key_single_t);
+ if (function_code & S390_CRYPTO_DIRECTION_MASK) {
+ AES_set_decrypt_key(keys, key_size * 8, &aes_key);
+ direction = AES_DECRYPT;
+ } else {
+ AES_set_encrypt_key(keys, key_size * 8, &aes_key);
+ direction = AES_ENCRYPT;
+ }
+ AES_cbc_encrypt(input_data, output_data, input_length,
+ &aes_key, (unsigned char *) iv, direction);
+ return 0;
+static inline int s390_aes_ecb(unsigned int fc, unsigned long data_length,
+ const unsigned char *in_data, unsigned char *key,
+ unsigned char *out_data)
+ int rc = 1;
+ int hardware = ALGO_HW;
+ if (*s390_kmc_functions[fc].enabled)
+ rc = s390_aes_ecb_hw(s390_kmc_functions[fc].hw_fc,
+ data_length, in_data, key,
+ out_data);
+ if (rc) {
+ rc = s390_aes_ecb_sw(s390_kmc_functions[fc].hw_fc,
+ data_length, in_data, key,
+ out_data);
+ hardware = ALGO_SW;
+ }
+ stats_increment(ICA_STATS_AES_ECB,
+ hardware,
+ (s390_kmc_functions[fc].hw_fc &
+ return rc;
+static inline int s390_aes_cbc(unsigned int fc, unsigned long data_length,
+ const unsigned char *in_data, unsigned char *iv,
+ unsigned char *key, unsigned char *out_data)
+ int rc = 1;
+ int hardware = ALGO_HW;
+ if (*s390_kmc_functions[fc].enabled)
+ rc = s390_aes_cbc_hw(s390_kmc_functions[fc].hw_fc,
+ data_length, in_data, iv, key,
+ out_data);
+ if (rc) {
+ hardware = ALGO_SW;
+ rc = s390_aes_cbc_sw(s390_kmc_functions[fc].hw_fc,
+ data_length, in_data, iv, key,
+ out_data);
+ }
+ stats_increment(ICA_STATS_AES_CBC,
+ hardware, (s390_kmc_functions[fc].hw_fc &
+ return rc;
+static inline int s390_aes_cfb_hw(unsigned int function_code,
+ unsigned long input_length,
+ const unsigned char *input_data,
+ unsigned char *iv,
+ const unsigned char *keys,
+ unsigned char *output_data,
+ unsigned int lcfb)
+ struct {
+ ica_aes_vector_t iv;
+ ica_aes_key_len_256_t keys;
+ } key_buffer;
+ unsigned int key_size = (function_code & 0x0f) *
+ sizeof(ica_aes_key_single_t);
+ memcpy(&key_buffer.iv, iv, sizeof(ica_aes_vector_t));
+ memcpy(&key_buffer.keys, keys, key_size);
+ int rc = -1;
+ rc = s390_kmf(function_code, &key_buffer,
+ output_data, input_data, input_length, &lcfb);
+ memset(&key_buffer.keys, 0, key_size);
+ if (rc >= 0) {
+ memcpy(iv, &key_buffer.iv, sizeof(ica_aes_vector_t));
+ return 0;
+ } else
+ return EIO;
+static inline int __s390_aes_cfb(unsigned int fc, unsigned long data_length,
+ const unsigned char *in_data,
+ unsigned char *iv, const unsigned char *key,
+ unsigned char *out_data, unsigned int lcfb)
+ int rc = 1;
+ int hardware = ALGO_HW;
+ if (*s390_msa4_functions[fc].enabled)
+ rc = s390_aes_cfb_hw(s390_msa4_functions[fc].hw_fc,
+ data_length, in_data, iv, key,
+ out_data, lcfb);
+ if (rc) {
+ hardware = ALGO_SW;
+ return EPERM;
+ }
+ stats_increment(ICA_STATS_AES_CFB, hardware,
+ (s390_kmc_functions[fc].hw_fc &
+ return rc;
+static inline int s390_aes_cfb(unsigned int fc, unsigned long data_length,
+ const unsigned char *in_data, unsigned char *iv,
+ const unsigned char *key, unsigned char *out_data,
+ unsigned int lcfb)
+ int rc = 0;
+ /* Temporary buffers with size of lcfb should be
+ * sufficiant, using static maximum lcfb instead. */
+ unsigned char rest_in_data[AES_BLOCK_SIZE];
+ unsigned char rest_out_data[AES_BLOCK_SIZE];
+ unsigned long rest_data_length;
+ unsigned long tmp_data_length;
+ rest_data_length = data_length % lcfb;
+ tmp_data_length = data_length - rest_data_length;
+ if (tmp_data_length) {
+ rc = __s390_aes_cfb(fc, tmp_data_length, in_data,
+ iv, key, out_data, lcfb);
+ if (rc)
+ return rc;
+ }
+ if (rest_data_length) {
+ memcpy(rest_in_data, in_data + tmp_data_length,
+ rest_data_length);
+ rc = __s390_aes_cfb(fc, AES_BLOCK_SIZE,
+ rest_in_data,
+ iv, key, rest_out_data, lcfb);
+ if (rc)
+ return rc;
+ memcpy(out_data + tmp_data_length,
+ rest_out_data, rest_data_length);
+ }
+ return rc;
+static inline int s390_aes_ofb_hw(unsigned int function_code,
+ unsigned long input_length,
+ const unsigned char *input_data,
+ unsigned char *iv,
+ const unsigned char *keys,
+ unsigned char *output_data)
+ struct {
+ ica_aes_vector_t iv;
+ ica_aes_key_len_256_t keys;
+ } key_buffer;
+ unsigned int key_size = (function_code & 0x0f) *
+ sizeof(ica_aes_key_single_t);
+ memcpy(&key_buffer.iv, iv, sizeof(ica_aes_vector_t));
+ memcpy(&key_buffer.keys, keys, key_size);
+ int rc = -1;
+ rc = s390_kmo(function_code, &key_buffer,
+ output_data, input_data, input_length);
+ memset(&key_buffer.keys, 0, key_size);
+ if (rc >= 0) {
+ memcpy(iv, &key_buffer.iv, sizeof(ica_aes_vector_t));
+ return 0;
+ } else
+ return EIO;
+static inline int __s390_aes_ofb(unsigned int fc, unsigned long input_length,
+ const unsigned char *input_data,
+ unsigned char *iv, const unsigned char *keys,
+ unsigned char *output_data)
+ int rc = EPERM;
+ int hardware = ALGO_HW;
+ if (*s390_msa4_functions[fc].enabled)
+ rc = s390_aes_ofb_hw(s390_msa4_functions[fc].hw_fc,
+ input_length, input_data, iv, keys,
+ output_data);
+ if (rc) {
+ hardware = ALGO_SW;
+ return rc;
+ }
+ stats_increment(ICA_STATS_AES_OFB, hardware,
+ (s390_kmc_functions[fc].hw_fc &
+ return rc;
+static inline int s390_aes_ofb(unsigned int fc, unsigned long data_length,
+ const unsigned char *in_data,
+ unsigned char *iv, const unsigned char *key,
+ unsigned char *out_data)
+ int rc = 0;
+ unsigned char rest_in_data[AES_BLOCK_SIZE];
+ unsigned char rest_out_data[AES_BLOCK_SIZE];
+ unsigned long rest_data_length;
+ unsigned long tmp_data_length;
+ rest_data_length = data_length % AES_BLOCK_SIZE;
+ tmp_data_length = data_length - rest_data_length;
+ if (tmp_data_length) {
+ rc = __s390_aes_ofb(fc, tmp_data_length, in_data,
+ iv, key, out_data);
+ if (rc)
+ return rc;
+ }
+ if (rest_data_length) {
+ memcpy(rest_in_data, in_data + tmp_data_length,
+ rest_data_length);
+ rc = __s390_aes_ofb(fc, AES_BLOCK_SIZE,
+ rest_in_data,
+ iv, key, rest_out_data);
+ if (rc)
+ return rc;
+ memcpy(out_data + tmp_data_length,
+ rest_out_data, rest_data_length);
+ }
+ return rc;
+static inline int s390_aes_xts_parm(unsigned long function_code,
+ unsigned int key_size, unsigned char *key,
+ unsigned char *xts_parm)
+ int rc = 0;
+ struct {
+ unsigned char keys[key_size];
+ ica_aes_vector_t tweak;
+ unsigned char block_seq[sizeof(ica_aes_vector_t)];
+ unsigned char intermediate_bit_idx[sizeof(ica_aes_vector_t)];
+ unsigned char xts_parameter[sizeof(ica_aes_vector_t)];
+ } parm_block;
+ memset(parm_block.block_seq, 0x00, sizeof(parm_block.block_seq));
+ memcpy(&parm_block.tweak, xts_parm,
+ sizeof(parm_block.tweak));
+ memcpy(&parm_block.keys, key, key_size);
+ memset(parm_block.intermediate_bit_idx, 0x00,
+ sizeof(parm_block.intermediate_bit_idx));
+ /* In PCC we do not differentiate between encryption and decryption */
+ rc = s390_pcc(function_code & 0x7f, &parm_block);
+ memset(&parm_block.keys, 0, key_size);
+ if (rc >= 0) {
+ memcpy(xts_parm, parm_block.xts_parameter,
+ sizeof(ica_aes_vector_t));
+ return 0;
+ } else
+ return EIO;
+static inline int s390_aes_xts_msg_dec(unsigned long function_code,
+ unsigned long data_length,
+ const unsigned char *in_data,
+ unsigned char *out_data, void *param,
+ unsigned int key_size)
+ int rc;
+ unsigned char tmp_in_data[AES_BLOCK_SIZE];
+ unsigned long rest_data_length;
+ unsigned long tmp_data_length;
+ struct {
+ unsigned char keys[key_size];
+ ica_aes_vector_t iv;
+ } tmp_param;
+ rest_data_length = data_length % AES_BLOCK_SIZE;
+ tmp_data_length = data_length - rest_data_length - AES_BLOCK_SIZE;
+ if (rest_data_length == 0) {
+ /* complete msg handling */
+ rc = s390_km(function_code, param,
+ out_data, in_data, data_length);
+ if (rc < 0)
+ return EIO;
+ return rc;
+ }
+ if (tmp_data_length) {
+ rc = s390_km(function_code, param,
+ out_data, in_data, tmp_data_length);
+ if (rc < 0)
+ return EIO;
+ }
+ /* backup iv n-1 */
+ memcpy(&tmp_param, param, sizeof(tmp_param));
+ /* dummy step to calculate iv n */
+ rc = s390_km(function_code, param, out_data + tmp_data_length, in_data + tmp_data_length, AES_BLOCK_SIZE);
+ if (rc < 0)
+ return EIO;
+ /* block n-1 (with iv n) */
+ rc = s390_km(function_code, param, out_data + tmp_data_length, in_data + tmp_data_length, AES_BLOCK_SIZE);
+ if (rc < 0)
+ return EIO;
+ memcpy(tmp_in_data,
+ in_data + tmp_data_length + AES_BLOCK_SIZE,
+ rest_data_length);
+ __memcpy_r_allign(tmp_in_data, AES_BLOCK_SIZE,
+ out_data + tmp_data_length, AES_BLOCK_SIZE,
+ AES_BLOCK_SIZE - rest_data_length);
+ memcpy(out_data + tmp_data_length + AES_BLOCK_SIZE,
+ out_data + tmp_data_length, rest_data_length);
+ /* block n (with iv n-1) */
+ rc = s390_km(function_code, &tmp_param,
+ out_data + tmp_data_length,
+ tmp_in_data, AES_BLOCK_SIZE);
+ if (rc < 0)
+ return EIO;
+ return rc;
+static inline int s390_aes_xts_msg_enc(unsigned long function_code,
+ unsigned long data_length,
+ const unsigned char *in_data,
+ unsigned char *out_data, void *param)
+ int rc;
+ unsigned char tmp_in_data[AES_BLOCK_SIZE];
+ unsigned long rest_data_length;
+ unsigned long tmp_data_length;
+ rest_data_length = data_length % AES_BLOCK_SIZE;
+ tmp_data_length = data_length - rest_data_length;
+ /* tmp_data_length is at least AES_BLOCK_SIZE */
+ rc = s390_km(function_code, param,
+ out_data, in_data, tmp_data_length);
+ if (rc < 0)
+ return EIO;
+ if (rest_data_length) {
+ /* XTS cipher text stealing for uncomplete blocks */
+ memcpy(tmp_in_data,
+ in_data + tmp_data_length,
+ rest_data_length);
+ __memcpy_r_allign(tmp_in_data, AES_BLOCK_SIZE,
+ out_data + (tmp_data_length - AES_BLOCK_SIZE),
+ AES_BLOCK_SIZE - rest_data_length);
+ memcpy(out_data + tmp_data_length,
+ out_data + (tmp_data_length - AES_BLOCK_SIZE),
+ rest_data_length);
+ rc = s390_km(function_code, param,
+ out_data + (tmp_data_length - AES_BLOCK_SIZE),
+ tmp_in_data, AES_BLOCK_SIZE);
+ if (rc < 0)
+ return EIO;
+ }
+ return rc;
+static inline int s390_aes_xts_hw(unsigned int function_code,
+ unsigned long input_length,
+ const unsigned char *input_data,
+ unsigned char *tweak,
+ unsigned char *key1,
+ unsigned char *key2,
+ unsigned int key_size,
+ unsigned char *output_data)
+ int rc = -1;
+ /* This works similar as AES CBC, but uses km instead of kmc. Also we
+ * need to specify the parameter block in order with key first and
+ * XTS parameter behind. */
+ struct {
+ unsigned char keys[key_size];
+ ica_aes_vector_t iv;
+ } key_buffer;
+ memcpy(key_buffer.keys, key1, key_size);
+ memcpy(&key_buffer.iv, tweak, sizeof(ica_aes_vector_t));
+ /* Get XTS parameter through PCC first. */
+ rc = s390_aes_xts_parm(function_code, key_size, key2,
+ (unsigned char *) &key_buffer.iv);
+ if (rc)
+ return EIO;
+ if (function_code & S390_CRYPTO_DIRECTION_MASK)
+ rc = s390_aes_xts_msg_dec(function_code, input_length,
+ input_data, output_data, &key_buffer,
+ key_size);
+ else
+ rc = s390_aes_xts_msg_enc(function_code, input_length,
+ input_data, output_data, &key_buffer);
+ memset(key_buffer.keys, 0, key_size);
+ /* The iv/tweak is not updated for XTS mode. */
+ if (rc < 0)
+ return EIO;
+ return 0;
+static inline int s390_aes_xts(unsigned int fc, unsigned long data_length,
+ const unsigned char *in_data, unsigned char *tweak,
+ unsigned char *key1, unsigned char *key2,
+ unsigned int key_length, unsigned char *out_data)
+ int rc = 1;
+ int hardware = ALGO_HW;
+ if (*s390_msa4_functions[fc].enabled)
+ rc = s390_aes_xts_hw(s390_msa4_functions[fc].hw_fc,
+ data_length, in_data, tweak,
+ key1, key2, key_length, out_data);
+ if (rc) {
+ hardware = ALGO_SW;
+ return rc;
+ }
+ stats_increment(ICA_STATS_AES_XTS, hardware,
+ (s390_kmc_functions[fc].hw_fc &
+ return rc;
diff --git a/src/include/s390_cbccs.h b/src/include/s390_cbccs.h
new file mode 100644
index 0000000..dd5843e
--- /dev/null
+++ b/src/include/s390_cbccs.h
@@ -0,0 +1,319 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Holger Dengler <>
+ *
+ * Copyright IBM Corp. 2011
+ */
+#include "s390_common.h"
+#ifndef S390_CBCCS_H
+#define S390_CBCCS_H
+static inline unsigned int
+cbccs_last_block_swap(unsigned char *base, unsigned long length,
+ unsigned int block_size,
+ unsigned int direction, unsigned int variant)
+ unsigned char tmp[block_size];
+ unsigned long rest_length;
+ unsigned long head_length;
+ rest_length = length % block_size;
+ switch (variant) {
+ case 1:
+ /* keep last two blocks in order */
+ break;
+ case 2:
+ /* switch order of the last two blocks if length is not
+ * a multiple of the cipher block size, otherwise keep last
+ * two blocks in order */
+ if (rest_length == 0)
+ break;
+ case 3:
+ /* always switch order of the last two blocks */
+ if (rest_length == 0)
+ rest_length = block_size;
+ head_length = length - rest_length;
+ if (direction) {
+ /* encrypt */
+ memcpy(tmp,
+ base + (head_length - block_size) + rest_length,
+ block_size);
+ memcpy(base + head_length,
+ base + (head_length - block_size),
+ rest_length);
+ memcpy(base + (head_length - block_size),
+ tmp,
+ block_size);
+ } else {
+ /*decrypt */
+ memcpy(tmp,
+ base + (head_length - block_size),
+ block_size);
+ memcpy(base + (head_length - block_size),
+ base + head_length,
+ rest_length);
+ memcpy(base + (head_length - block_size) + rest_length,
+ tmp,
+ block_size);
+ }
+ break;
+ default:
+ /* unsupported variant */
+ return EINVAL;
+ }
+ return 0;
+static inline unsigned int
+s390_des_cbccs_enc(unsigned int fc, const unsigned char *in_data,
+ unsigned char *out_data, unsigned long data_length,
+ const unsigned char *key,
+ unsigned char *iv, unsigned int variant)
+ unsigned int rc;
+ unsigned char tmp_in_data[DES_BLOCK_SIZE];
+ unsigned long rest_data_length;
+ unsigned long tmp_data_length;
+ rest_data_length = data_length % DES_BLOCK_SIZE;
+ tmp_data_length = data_length - rest_data_length;
+ /* tmp_data_length is at least DES_BLOCK_SIZE */
+ rc = s390_des_cbc(fc, tmp_data_length, in_data, iv, key, out_data);
+ if (rc)
+ return rc;
+ if (rest_data_length) {
+ /* zero padding for uncomplete last block */
+ memset(tmp_in_data, 0, DES_BLOCK_SIZE);
+ memcpy(tmp_in_data, in_data + tmp_data_length, rest_data_length);
+ rc = s390_des_cbc(fc, DES_BLOCK_SIZE, tmp_in_data, iv, key,
+ out_data + (tmp_data_length - DES_BLOCK_SIZE) +
+ rest_data_length);
+ if (rc)
+ return rc;
+ }
+ return cbccs_last_block_swap(out_data, data_length,
+static inline unsigned int
+s390_des_cbccs_dec(unsigned int fc, const unsigned char *in_data,
+ unsigned char *out_data, unsigned long data_length,
+ const unsigned char *key,
+ unsigned char *iv, unsigned int variant)
+ unsigned int rc;
+ unsigned char tmp_in_data[2* DES_BLOCK_SIZE];
+ unsigned long rest_data_length;
+ unsigned long swap_length;
+ unsigned long tmp_data_length;
+ unsigned char tmp_iv[DES_BLOCK_SIZE];
+ unsigned char tmp_out_data[DES_BLOCK_SIZE];
+ rest_data_length = data_length % DES_BLOCK_SIZE;
+ swap_length = (rest_data_length) ?
+ DES_BLOCK_SIZE + rest_data_length :
+ tmp_data_length = data_length - swap_length;
+ /* copy last 2 blocks to temporary buffer, because blocks can not
+ * be re-ordered in in_data (const) */
+ memset(tmp_in_data, 0, 2*DES_BLOCK_SIZE);
+ memcpy(tmp_in_data, in_data + tmp_data_length, swap_length);
+ rc = cbccs_last_block_swap(tmp_in_data, swap_length,
+ if (rc)
+ return rc;
+ if (rest_data_length == 0) {
+ /* complete message handling */
+ if (tmp_data_length) {
+ rc = s390_des_cbc(fc, tmp_data_length, in_data,
+ iv, key, out_data);
+ if (rc)
+ return rc;
+ }
+ return s390_des_cbc(fc, swap_length, tmp_in_data,
+ iv, key, out_data + tmp_data_length);
+ }
+ if (tmp_data_length) {
+ rc = s390_des_cbc(fc, tmp_data_length, in_data,
+ iv, key, out_data);
+ if (rc)
+ return rc;
+ }
+ /* decrypt block C(n) with zero iv */
+ memset(tmp_iv, 0, DES_BLOCK_SIZE);
+ rc = s390_des_cbc(fc, DES_BLOCK_SIZE,
+ tmp_in_data + rest_data_length,
+ tmp_iv, key, tmp_out_data);
+ if(rc)
+ return rc;
+ /* complete block C*(n-1) to C(n-1) and decrypt it */
+ memcpy_r_allign(tmp_in_data, DES_BLOCK_SIZE,
+ tmp_out_data, DES_BLOCK_SIZE,
+ DES_BLOCK_SIZE - rest_data_length);
+ rc = s390_des_cbc(fc, DES_BLOCK_SIZE, tmp_in_data,
+ iv, key, out_data + tmp_data_length);
+ if(rc)
+ return rc;
+ /* XOR tmp_out_data with C*(n-1) */
+ block_xor(out_data + tmp_data_length + DES_BLOCK_SIZE,
+ tmp_in_data, tmp_out_data, rest_data_length);
+ return 0;
+static inline unsigned int
+s390_aes_cbccs_enc(unsigned int fc, const unsigned char *in_data,
+ unsigned char *out_data, unsigned long data_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *iv, unsigned int variant)
+ unsigned int rc;
+ unsigned char tmp_in_data[AES_BLOCK_SIZE];
+ unsigned long rest_data_length;
+ unsigned long tmp_data_length;
+ rest_data_length = data_length % AES_BLOCK_SIZE;
+ tmp_data_length = data_length - rest_data_length;
+ /* tmp_data_length is at least AES_BLOCK_SIZE */
+ rc = s390_aes_cbc(fc, tmp_data_length, in_data, iv, key, out_data);
+ if (rc)
+ return rc;
+ if (rest_data_length) {
+ memset(tmp_in_data, 0, AES_BLOCK_SIZE);
+ memcpy(tmp_in_data, in_data + tmp_data_length, AES_BLOCK_SIZE);
+ rc = s390_aes_cbc(fc, AES_BLOCK_SIZE, tmp_in_data, iv, key,
+ out_data + (tmp_data_length - AES_BLOCK_SIZE) +
+ rest_data_length);
+ if (rc)
+ return rc;
+ }
+ return cbccs_last_block_swap(out_data, data_length,
+static inline unsigned int
+s390_aes_cbccs_dec(unsigned int fc, const unsigned char *in_data,
+ unsigned char *out_data, unsigned long data_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *iv, unsigned int variant)
+ unsigned int rc;
+ unsigned char tmp_in_data[2* AES_BLOCK_SIZE];
+ unsigned long rest_data_length;
+ unsigned long swap_length;
+ unsigned long tmp_data_length;
+ unsigned char tmp_iv[AES_BLOCK_SIZE];
+ unsigned char tmp_out_data[AES_BLOCK_SIZE];
+ rest_data_length = data_length % AES_BLOCK_SIZE;
+ swap_length = (rest_data_length) ?
+ (AES_BLOCK_SIZE + rest_data_length) :
+ tmp_data_length = data_length - swap_length;
+ /* copy last 2 blocks to temporary buffer, because blocks can not
+ * be re-ordered in in_data (const) */
+ memset(tmp_in_data, 0, 2* AES_BLOCK_SIZE);
+ memcpy(tmp_in_data, in_data + tmp_data_length, swap_length);
+ rc = cbccs_last_block_swap(tmp_in_data, swap_length,
+ if (rc)
+ return rc;
+ if (rest_data_length == 0) {
+ /* complete message handling */
+ if (tmp_data_length) {
+ rc = s390_aes_cbc(fc, tmp_data_length, in_data,
+ iv, key, out_data);
+ if (rc)
+ return rc;
+ }
+ return s390_aes_cbc(fc, swap_length, tmp_in_data,
+ iv, key, out_data + tmp_data_length);
+ }
+ if (tmp_data_length) {
+ rc = s390_aes_cbc(fc, tmp_data_length, in_data,
+ iv, key, out_data);
+ if (rc)
+ return rc;
+ }
+ /* decrypt block C(n) with zero iv */
+ memset(tmp_iv, 0, AES_BLOCK_SIZE);
+ rc = s390_aes_cbc(fc, AES_BLOCK_SIZE,
+ tmp_in_data + rest_data_length,
+ tmp_iv, key, tmp_out_data);
+ if(rc)
+ return rc;
+ /* complete block C*(n-1) to C(n-1) and decrypt it */
+ memcpy_r_allign(tmp_in_data, AES_BLOCK_SIZE,
+ tmp_out_data, AES_BLOCK_SIZE,
+ AES_BLOCK_SIZE - rest_data_length);
+ rc = s390_aes_cbc(fc, AES_BLOCK_SIZE, tmp_in_data,
+ iv, key, out_data + tmp_data_length);
+ if(rc)
+ return rc;
+ /* XOR tmp_out_data with C*(n-1) */
+ block_xor(out_data + tmp_data_length + AES_BLOCK_SIZE,
+ tmp_in_data, tmp_out_data, rest_data_length);
+ return 0;
+static inline int s390_des_cbccs(unsigned int fc, const unsigned char *in_data,
+ unsigned char *out_data, unsigned long data_length,
+ unsigned char *key,
+ unsigned char *iv, unsigned int variant)
+ if (s390_msa4_functions[fc].hw_fc & S390_CRYPTO_DIRECTION_MASK)
+ return s390_des_cbccs_dec(fc, in_data, out_data, data_length,
+ key, iv, variant);
+ else
+ return s390_des_cbccs_enc(fc, in_data, out_data, data_length,
+ key, iv, variant);
+static inline int s390_aes_cbccs(unsigned int fc, const unsigned char *in_data,
+ unsigned char *out_data, unsigned long data_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *iv, unsigned int variant)
+ if (s390_msa4_functions[fc].hw_fc & S390_CRYPTO_DIRECTION_MASK)
+ return s390_aes_cbccs_dec(fc, in_data, out_data, data_length,
+ key, key_length, iv, variant);
+ else
+ return s390_aes_cbccs_enc(fc, in_data, out_data, data_length,
+ key, key_length, iv, variant);
diff --git a/src/include/s390_ccm.h b/src/include/s390_ccm.h
new file mode 100644
index 0000000..628b191
--- /dev/null
+++ b/src/include/s390_ccm.h
@@ -0,0 +1,343 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Ruben Straus <>
+ * Holger Dengler <>
+ *
+ * Copyright IBM Corp. 2010
+ */
+#include "s390_common.h"
+#ifndef S390_CCM
+#define S390_CCM_H
+#define S390_CCM_MAX_NONCE_LENGTH 13
+#define S390_CCM_MIN_NONCE_LENGTH 7
+#define S390_CCM_MAX_MAC_LENGTH 16
+#define S390_CCM_MIN_MAC_LENGTH 4
+/* assoc_data first meta block with data
+ * for small assoc_data_length */
+struct meta_ad_small {
+ uint16_t length;
+ unsigned char data[14];
+} __attribute__((packed));
+/* assoc_data first meta block with prefix and data
+ * for medium assoc_data_length */
+struct meta_ad_medium {
+ unsigned char prefix[2];
+ uint32_t length;
+ unsigned char data[10];
+} __attribute__((packed));
+/* assoc_data first meta block with prefix and data
+ * for large assoc_data_length */
+struct meta_ad_large {
+ unsigned char prefix[2];
+ uint64_t length;
+ unsigned char data[6];
+} __attribute__((packed));
+/* assoc_data meta block union with size cipher block size */
+typedef union {
+ struct meta_ad_small small;
+ struct meta_ad_medium medium;
+ struct meta_ad_large large;
+} __attribute__((packed)) ad_meta_t;
+static inline unsigned int fc_to_key_length(unsigned int function_code)
+ switch(function_code | 0x7F) {
+ case S390_CRYPTO_AES_128_ENCRYPT:
+ return 128/8;
+ case S390_CRYPTO_AES_192_ENCRYPT:
+ return 192/8;
+ case S390_CRYPTO_AES_256_ENCRYPT:
+ default:
+ return 256/8;
+ }
+static inline void __compute_meta_b0(const unsigned char *nonce,
+ unsigned long nonce_length,
+ unsigned long assoc_data_length,
+ uint64_t payload_length,
+ unsigned long mac_length,
+ unsigned char *meta_b0)
+ struct {
+ uint8_t reserved :1;
+ uint8_t adata :1;
+ uint8_t t_enc :3;
+ uint8_t q_enc :3;
+ } __attribute__((packed)) meta_flags;
+ memset(meta_b0, 0x00, AES_BLOCK_SIZE);
+ /* meta flags */
+ memset(&meta_flags, 0x00, sizeof(meta_flags));
+ if (assoc_data_length)
+ meta_flags.adata = 1;
+ meta_flags.t_enc = (mac_length-2) / 2;
+ meta_flags.q_enc = (15 - nonce_length) - 1;
+ memcpy(meta_b0, &meta_flags, sizeof(meta_flags));
+ /* encoding N */
+ memcpy(meta_b0 + sizeof(meta_flags), nonce, nonce_length);
+ /* encoding Q */
+ memcpy_r_allign(meta_b0, AES_BLOCK_SIZE,
+ &payload_length, sizeof(payload_length),
+ AES_BLOCK_SIZE - (sizeof(meta_flags) + nonce_length));
+static inline void __compute_initial_ctr(const unsigned char *nonce,
+ unsigned long nonce_length,
+ unsigned long payload_length,
+ unsigned char *ctr)
+ struct {
+ uint8_t reserved :2;
+ uint8_t zero :3;
+ uint8_t q_enc :3;
+ } __attribute__((packed)) ctr_flags;
+ memset(ctr, 0x00, AES_BLOCK_SIZE);
+ memset(&ctr_flags, 0x00, sizeof(ctr_flags));
+ ctr_flags.q_enc = (15 - nonce_length) - 1;
+ memcpy(ctr, &ctr_flags, sizeof(ctr_flags));
+ memcpy(ctr + sizeof(ctr_flags), nonce, nonce_length);
+static inline unsigned int __auth_assoc_data(unsigned int function_code,
+ const unsigned char *assoc_data,
+ uint64_t assoc_data_length,
+ const unsigned char *key,
+ unsigned int key_length,
+ unsigned char *iv)
+ unsigned int rc;
+ ad_meta_t meta;
+ unsigned char *meta_data;
+ unsigned long meta_data_length;
+ unsigned char tmp_block[AES_BLOCK_SIZE];
+ const unsigned char *rest;
+ unsigned long rest_length;
+ unsigned long head_length;
+ unsigned long tail_length;
+ /* preparing first block of assoc_data */
+ if (assoc_data_length < ((1ull << 16)-(1ull << 8))) {
+ meta.small.length = assoc_data_length;
+ meta_data =;
+ meta_data_length = sizeof(;
+ } else if (assoc_data_length < (1ull << 32)) {
+ meta.medium.prefix[0] = 0xff;
+ meta.medium.prefix[1] = 0xfe;
+ meta.medium.length = assoc_data_length;
+ meta_data =;
+ meta_data_length = sizeof(;
+ } else {
+ meta.large.prefix[0] = 0xff;
+ meta.large.prefix[1] = 0xff;
+ meta.large.length = assoc_data_length;
+ meta_data =;
+ meta_data_length = sizeof(;
+ }
+ if (assoc_data_length < meta_data_length) {
+ memset(meta_data, 0x00, meta_data_length);
+ memcpy(meta_data, assoc_data, assoc_data_length);
+ rest_length = 0;
+ rest = NULL;
+ } else {
+ memcpy(meta_data, assoc_data, meta_data_length);
+ rest_length = assoc_data_length - meta_data_length;
+ rest = assoc_data + meta_data_length;
+ }
+ /* processing first block of assoc_data */
+ rc = s390_cmac(function_code,
+ (unsigned char *)&meta, AES_BLOCK_SIZE,
+ key_length, key,
+ AES_BLOCK_SIZE, NULL, /* cmac_intermediate */
+ iv);
+ if (rc)
+ return rc;
+ /* processing remaining assoc_data */
+ if (rest_length) {
+ tail_length = rest_length % AES_BLOCK_SIZE;
+ head_length = rest_length - tail_length;
+ if (head_length) {
+ rc = s390_cmac(function_code,
+ rest, head_length,
+ key_length, key,
+ AES_BLOCK_SIZE, NULL, /* cmac_intermediate */
+ iv);
+ if (rc)
+ return rc;
+ rest += head_length;
+ }
+ /* assoc_data padding */
+ if (tail_length) {
+ memset(tmp_block, 0x00, AES_BLOCK_SIZE);
+ memcpy(tmp_block, rest, tail_length);
+ rc = s390_cmac(function_code,
+ tmp_block, AES_BLOCK_SIZE,
+ key_length, key,
+ AES_BLOCK_SIZE, NULL, /* cmac_intermediate */
+ iv);
+ if (rc)
+ return rc;
+ }
+ }
+ return 0;
+static inline unsigned int s390_ccm_authenticate(unsigned int function_code,
+ const unsigned char *payload,
+ uint64_t payload_length,
+ const unsigned char *assoc_data,
+ unsigned long assoc_data_length,
+ const unsigned char *nonce,
+ unsigned int nonce_length,
+ unsigned char *tag,
+ unsigned int tag_length,
+ const unsigned char *key,
+ unsigned int key_length)
+ unsigned int rc;
+ unsigned char meta_b0[AES_BLOCK_SIZE];
+ unsigned char tmp_block[AES_BLOCK_SIZE];
+ unsigned long head_length;
+ unsigned long tail_length;
+ /* compute meta information block B0 */
+ __compute_meta_b0(nonce, nonce_length,
+ assoc_data_length, payload_length, tag_length,
+ meta_b0);
+ /* kmac of first block (intermediate) */
+ memset(tag, 0x00, AES_BLOCK_SIZE);
+ rc = s390_cmac(function_code,
+ meta_b0, AES_BLOCK_SIZE,
+ key_length, key,
+ AES_BLOCK_SIZE, NULL, /* cmac_intermediate */
+ tag);
+ if (rc)
+ return rc;
+ /* kmac of assoc_data blocks (intermediate) */
+ if (assoc_data_length) {
+ rc = __auth_assoc_data(function_code,
+ assoc_data, assoc_data_length,
+ key, key_length,
+ tag);
+ if (rc)
+ return rc;
+ }
+ /* kmac of payload (intermediate) */
+ tail_length = payload_length % AES_BLOCK_SIZE;
+ head_length = payload_length - tail_length;
+ if (head_length) {
+ rc = s390_cmac(function_code,
+ payload, head_length,
+ key_length, key,
+ AES_BLOCK_SIZE, NULL, /* cmac_intermediate */
+ tag);
+ if (rc)
+ return rc;
+ }
+ if (tail_length) {
+ memset(tmp_block, 0x00, AES_BLOCK_SIZE);
+ memcpy(tmp_block, payload + head_length, tail_length);
+ rc = s390_cmac(function_code,
+ tmp_block, AES_BLOCK_SIZE,
+ key_length, key,
+ AES_BLOCK_SIZE, NULL, /* cmac_intermediate */
+ tag);
+ if (rc)
+ return rc;
+ }
+ return 0;
+static inline unsigned int s390_ccm(unsigned int function_code,
+ unsigned char *payload, unsigned long payload_length,
+ unsigned char *ciphertext,
+ const unsigned char *assoc_data, unsigned long assoc_data_length,
+ const unsigned char *nonce, unsigned long nonce_length,
+ unsigned char *mac, unsigned long mac_length,
+ unsigned char *key)
+ unsigned char initial_ctr[AES_BLOCK_SIZE];
+ unsigned char cipher_ctr[AES_BLOCK_SIZE];
+ unsigned char tag[AES_BLOCK_SIZE];
+ unsigned int ccm_ctr_width;
+ unsigned int rc;
+ /* compute initial counter */
+ __compute_initial_ctr(nonce, nonce_length, payload_length, initial_ctr);
+ ccm_ctr_width = (15 - nonce_length) * 8;
+ if (payload_length) {
+ /* compute counter for en-/decryption */
+ memcpy(cipher_ctr, initial_ctr, AES_BLOCK_SIZE);
+ ctr_inc_single(cipher_ctr, AES_BLOCK_SIZE, ccm_ctr_width);
+ /* en-/decrypt */
+ if (function_code % 2) {
+ /* decrypt */
+ rc = s390_aes_ctr(UNDIRECTED_FC(function_code),
+ ciphertext, payload, payload_length,
+ key, cipher_ctr, ccm_ctr_width);
+ if (rc)
+ return rc;
+ } else {
+ /*encrypt */
+ rc = s390_aes_ctr(UNDIRECTED_FC(function_code),
+ payload, ciphertext, payload_length,
+ key, cipher_ctr, ccm_ctr_width);
+ if (rc)
+ return rc;
+ }
+ }
+ /* generate tag */
+ rc = s390_ccm_authenticate(UNDIRECTED_FC(function_code),
+ payload, payload_length,
+ assoc_data, assoc_data_length,
+ nonce, nonce_length,
+ tag, mac_length,
+ key, fc_to_key_length(function_code));
+ if (rc)
+ return rc;
+ /* encrypt tag into mac */
+ return s390_aes_ctr(UNDIRECTED_FC(function_code),
+ tag, mac, mac_length,
+ key, initial_ctr, ccm_ctr_width);
diff --git a/src/include/s390_cmac.h b/src/include/s390_cmac.h
new file mode 100644
index 0000000..667d16d
--- /dev/null
+++ b/src/include/s390_cmac.h
@@ -0,0 +1,194 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Ruben Straus <>
+ * Holger Dengler <>
+ *
+ * Copyright IBM Corp. 2010, 2011
+ */
+#include <string.h>
+#include <errno.h>
+#include <openssl/aes.h>
+#include "ica_api.h"
+#include "icastats.h"
+#include "init.h"
+#include "s390_crypto.h"
+#include "s390_aes.h"
+#include "s390_des.h"
+#ifndef S390_CMAC
+#define S390_CMAC_H
+#define PARM_BLOCK_SIZE 72
+typedef unsigned char parm_block_t[PARM_BLOCK_SIZE];
+struct parm_block_lookup {
+ unsigned int block_size;
+ unsigned char *base;
+ uint8_t *ml;
+ unsigned char *message;
+ unsigned char *iv;
+ unsigned char *keys;
+static inline void parm_block_lookup_init(struct parm_block_lookup *lookup,
+ parm_block_t base,
+ unsigned int block_size)
+ lookup->block_size = block_size;
+ lookup->base = base;
+ lookup->ml = (uint8_t *)base;
+ lookup->message = (unsigned char *)(base + 8);
+ lookup->iv = (unsigned char *)(lookup->message + block_size);
+ lookup->keys = (unsigned char *)(lookup->iv + block_size);
+static inline unsigned int fc_block_size(unsigned int fc)
+ unsigned int rc;
+ switch(fc) {
+ case S390_CRYPTO_TDEA_128_ENCRYPT:
+ case S390_CRYPTO_TDEA_192_ENCRYPT:
+ break;
+ case S390_CRYPTO_AES_128_ENCRYPT:
+ case S390_CRYPTO_AES_192_ENCRYPT:
+ case S390_CRYPTO_AES_256_ENCRYPT:
+ default:
+ break;
+ }
+ return rc;
+static inline void _stats_increment(unsigned int fc, int hw, int direction)
+ switch(fc) {
+ case 1:
+ case 9:
+ stats_increment(ICA_STATS_DES_CMAC, hw, direction);
+ break;
+ case 2:
+ case 3:
+ case 10:
+ case 11:
+ stats_increment(ICA_STATS_3DES_CMAC, hw, direction);
+ break;
+ case 18:
+ case 19:
+ case 20:
+ case 26:
+ case 27:
+ case 28:
+ stats_increment(ICA_STATS_AES_CMAC, hw, direction);
+ break;
+ default:
+ break;
+ }
+static inline int s390_cmac_hw(unsigned long fc,
+ const unsigned char *message,
+ unsigned long message_length,
+ unsigned int key_size, const unsigned char *key,
+ unsigned int cmac_length, unsigned char *cmac,
+ unsigned char *iv)
+ parm_block_t parm_block;
+ struct parm_block_lookup pb_lookup;
+ unsigned int length_tail;
+ unsigned long length_head;
+ int rc;
+ /* CMAC uses encrypt function code for generate and verify. */
+ memset(parm_block, 0, sizeof(parm_block));
+ parm_block_lookup_init(&pb_lookup, parm_block, fc_block_size(fc));
+ memcpy(pb_lookup.keys, key, key_size);
+ /* copy iv into param block, if available (intermediate) */
+ if (iv != NULL)
+ memcpy(pb_lookup.iv, iv, pb_lookup.block_size);
+ if (cmac == NULL) {
+ /* intermediate */
+ rc = s390_kmac(fc, pb_lookup.iv, message, message_length);
+ memset(pb_lookup.keys, 0, key_size);
+ if (rc < 0)
+ return rc;
+ _stats_increment(fc, ALGO_HW, ENCRYPT);
+ /* rescue iv for chained calls (intermediate) */
+ memcpy(iv, pb_lookup.iv, pb_lookup.block_size);
+ } else {
+ if (message_length) {
+ length_tail = message_length % pb_lookup.block_size;
+ if (length_tail)
+ length_head = message_length - length_tail;
+ else {
+ length_head = message_length - pb_lookup.block_size;
+ length_tail = pb_lookup.block_size;
+ }
+ if (length_head) {
+ rc = s390_kmac(fc, pb_lookup.iv,
+ message, length_head);
+ if (rc < 0) {
+ memset(pb_lookup.keys, 0, key_size);
+ return EIO;
+ }
+ _stats_increment(fc, ALGO_HW, ENCRYPT);
+ }
+ * = length_tail * 8; /* message length in bits */
+ memcpy(pb_lookup.message, message + length_head, length_tail);
+ }
+ /* calculate final block (last/full) */
+ rc = s390_pcc(fc, pb_lookup.base);
+ memset(pb_lookup.keys, 0, key_size);
+ if (rc < 0)
+ return EIO;
+ _stats_increment(fc, ALGO_HW, ENCRYPT);
+ memcpy(cmac, pb_lookup.iv, cmac_length);
+ }
+ return 0;
+static inline int s390_cmac(unsigned long fc,
+ const unsigned char *message,
+ unsigned long message_length,
+ unsigned int key_length, const unsigned char *key,
+ unsigned int mac_length, unsigned char *mac,
+ unsigned char *iv)
+ int rc;
+ if (*s390_msa4_functions[fc].enabled)
+ rc = s390_cmac_hw(s390_msa4_functions[fc].hw_fc,
+ message, message_length,
+ key_length, key,
+ mac_length, mac,
+ iv);
+ else {
+ return EPERM;
+ }
+ return rc;
diff --git a/src/include/s390_common.h b/src/include/s390_common.h
new file mode 100644
index 0000000..c12fac5
--- /dev/null
+++ b/src/include/s390_common.h
@@ -0,0 +1,53 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Holger Dengler <>
+ *
+ * Copyright IBM Corp. 2011
+ */
+#include <sys/types.h>
+#ifndef S390_COMMON_H
+#define S390_COMMON_H
+#define UNDIRECTED_FC(x) (((x)/2)*2)
+void ctr_inc_block(unsigned char *iv, unsigned int block_size,
+ unsigned int ctr_width, unsigned char *ctrlist,
+ unsigned long ctrlist_length);
+void ctr_inc_single(unsigned char *iv, unsigned int block_size,
+ unsigned int ctr_width);
+static inline void memcpy_r_allign(void *dest, int dest_bs,
+ void *src, int src_bs, int size)
+ memcpy(dest + (dest_bs - size), src + (src_bs - size), size);
+static inline void block_xor(unsigned char dest[],
+ unsigned char a[], unsigned char b[],
+ unsigned int length)
+ unsigned int i;
+ for (i = 0; i < length; i++) {
+ dest[i] = a[i] ^ b[i];
+ }
+typedef struct {
+ u_int64_t upper_half;
+ u_int64_t lower_half;
+} ctr128_t;
+static inline void __inc(ctr128_t *ctr)
+ if (!(++(ctr->lower_half)))
+ (ctr->upper_half)++;
+#endif /* S390_COMMON_H */
diff --git a/src/include/s390_crypto.h b/src/include/s390_crypto.h
new file mode 100644
index 0000000..0dd79af
--- /dev/null
+++ b/src/include/s390_crypto.h
@@ -0,0 +1,430 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Support for s390 cryptographic instructions.
+ *
+ * Author(s): Thomas Spatzier
+ * Jan Glauber <>
+ * Ralph Wuerthner <>
+ * Felix Beck <>
+ * Christian Maaser <>
+ * Holger Dengler <>
+ * Ingo Tuchscherer <>
+ *
+ * Copyright IBM Corp. 2007, 2009, 2011, 2013
+ */
+#include <ica_api.h>
+#ifndef S390_CRYPTO_H
+#define S390_CRYPTO_H
+#define S390_CRYPTO_TEST_MASK(mask, function) \
+ (((unsigned char *)(mask))[((function) & 0x7F) >> 3] & \
+ (0x80 >> ((function) & 0x07)))
+#define KM 1
+#define KMC 2
+#define KIMD 3
+#define MSA4 4
+#define ADAPTER 5
+enum s390_crypto_instruction {
+enum s390_crypto_function {
+ /*
+ * The S390_QUERY function is always available for all 4 KM, KMC, KIMD and
+ * KLMD instructions to query the available functions.
+ */
+ S390_CRYPTO_QUERY = 0x00,
+ /*
+ * The S390_SHA_* functions are available for KIMD and KLMD instructions.
+ */
+ S390_CRYPTO_SHA_1 = 0x01,
+ S390_CRYPTO_SHA_256 = 0x02,
+ S390_CRYPTO_SHA_512 = 0x03,
+ S390_CRYPTO_GHASH = 0x41,
+ /*
+ * The following functions are available for KM,KMC,KMF,KMO,
+ * and KMCTR instructions.
+ */
+ S390_CRYPTO_DEA_DECRYPT = 0x01 | 0x80,
+ S390_CRYPTO_TDEA_128_ENCRYPT = 0x02,
+ S390_CRYPTO_TDEA_128_DECRYPT = 0x02 | 0x80,
+ S390_CRYPTO_TDEA_192_ENCRYPT = 0x03,
+ S390_CRYPTO_TDEA_192_DECRYPT = 0x03 | 0x80,
+ S390_CRYPTO_AES_128_ENCRYPT = 0x12,
+ S390_CRYPTO_AES_128_DECRYPT = 0x12 | 0x80,
+ S390_CRYPTO_AES_192_ENCRYPT = 0x13,
+ S390_CRYPTO_AES_192_DECRYPT = 0x13 | 0x80,
+ S390_CRYPTO_AES_256_ENCRYPT = 0x14,
+ S390_CRYPTO_AES_256_DECRYPT = 0x14 | 0x80,
+ /* XTS is only available for the KM instruction */
+ S390_CRYPTO_AES_128_XTS_ENCRYPT = 0x32,
+ S390_CRYPTO_AES_128_XTS_DECRYPT = 0x32 | 0x80,
+ S390_CRYPTO_AES_256_XTS_ENCRYPT = 0x34,
+ S390_CRYPTO_AES_256_XTS_DECRYPT = 0x34 | 0x80,
+ /*
+ * The S390_PRNG is only available for the KMC instruction.
+ */
+ S390_CRYPTO_PRNG = 0x43
+unsigned int sha1_switch, sha256_switch, sha512_switch, des_switch,
+ tdes_switch, aes128_switch, aes192_switch, aes192_switch,
+ aes256_switch, prng_switch, tdea128_switch, tdea192_switch,
+ msa4_switch;
+typedef struct {
+ unsigned int dummy_fc;
+ unsigned int hw_fc;
+ unsigned int *enabled;
+} s390_supported_function_t;
+/* Append new dummy fc codes to the end of enumeration. They are used as index
+ * to get the right fc code for the hardware. */
+typedef enum {
+ SHA_1,
+ SHA_224,
+ SHA_256,
+ SHA_384,
+ SHA_512,
+} kimd_functions_t;
+typedef enum {
+} pcc_functions_t;
+s390_supported_function_t s390_kmc_functions[PRNG + 1];
+s390_supported_function_t s390_msa4_functions[AES_256_XTS_DECRYPT + 1];
+s390_supported_function_t s390_kimd_functions[GHASH + 1];
+void s390_crypto_switches_init(void);
+ * s390_pcc:
+ * @func: the function code passed to KM; see s390_kmc_func
+ * @param: address of parameter block; see POP for details on each func
+ *
+ * Executes the PCC operation of the CPU.
+ *
+ * Returns -1 for failure, 0 for the query func, number of processed
+ * bytes for encryption/decryption funcs
+ */
+static inline int s390_pcc(unsigned long func, void *param)
+ register long __func asm("0") = func;
+ register void *__param asm("1") = param;
+ asm volatile (
+ "0: .long 0xb92c0000 \n"
+ " brc 1, 0b \n"
+ :
+ : "d"(__func), "a"(__param)
+ : "cc", "memory");
+ return 0;
+ * s390_kmac:
+ * @func: the function code passed to KMAC; see s390_kmac_func
+ * @param: address of parameter block; see POP for details on each func
+ * @src: address of source memory area
+ * @src_len: length of src operand in bytes
+ *
+ * Executes the KMAC (COMPUTE MESSAGE AUTHENTICATION CODE) operation of the CPU.
+ *
+ * Returns -1 for failure, 0 for the query func, number of processed
+ * bytes for encryption/decryption funcs
+ */
+static inline int s390_kmac(unsigned long func, void *param,
+ const unsigned char *src, long src_len)
+ register long __func asm("0") = func;
+ register void *__param asm("1") = param;
+ register const unsigned char *__src asm("2") = src;
+ register long __src_len asm("3") = src_len;
+ asm volatile (
+ "0: .insn rre, 0xb91e0000,%0,%0 \n"
+ " brc 1, 0b \n"
+ : "+a"(__src), "+d"(__src_len)
+ : "d"(__func), "a"(__param)
+ : "cc", "memory");
+ return func ? src_len - __src_len : __src_len;
+ * s390_kmctr:
+ * @func: the function code passed to KMCTR; see s390_km_func
+ * @param: address of parameter block; see POP for details on each func
+ * @dest: address of destination memory area
+ * @src: address of source memory area
+ * @src_len: length of src operand in bytes
+ *
+ * Executes the KMCTR (CIPHER MESSAGE WITH COUNTER) operation of the CPU.
+ *
+ * Returns -1 for failure, 0 for the query func, number of processed
+ * bytes for encryption/decryption funcs
+ */
+static inline int s390_kmctr(unsigned long func, void *param, unsigned char *dest,
+ const unsigned char *src, long src_len,
+ unsigned char *counter)
+ register long __func asm("0") = func;
+ register void *__param asm("1") = param;
+ register const unsigned char *__src asm("2") = src;
+ register long __src_len asm("3") = src_len;
+ register unsigned char *__dest asm("4") = dest;
+ register unsigned char *__ctr asm("6") = counter;
+ asm volatile(
+ "0: .insn rrf,0xb92d0000,%2,%0,%3,0 \n"
+ "1: brc 1,0b \n"
+ : "+a" (__src), "+d" (__src_len), "+a" (__dest), "+a" (__ctr)
+ : "d" (__func), "a" (__param)
+ : "cc", "memory");
+ return func ? src_len - __src_len : __src_len;
+ * s390_kmf:
+ * @func: the function code passed to KMF; see s390_kmf_func
+ * @param: address of parameter block; see POP for details on each func
+ * @dest: address of destination memory area
+ * @src: address of source memory area
+ * @src_len: length of src operand in bytes
+ *
+ * Executes the KMF (CIPHER MESSAGE) operation of the CPU.
+ *
+ * Returns -1 for failure, 0 for the query func, number of processed
+ * bytes for encryption/decryption funcs
+ */
+static inline int s390_kmf(unsigned long func, void *param, unsigned char *dest,
+ const unsigned char *src, long src_len, unsigned int *lcfb)
+ register long __func asm("0") = ((*lcfb & 0x000000ff) << 24) | func;
+ register void *__param asm("1") = param;
+ register const unsigned char *__src asm("2") = src;
+ register long __src_len asm("3") = src_len;
+ register unsigned char *__dest asm("4") = dest;
+ asm volatile (
+ "0: .insn rre,0xb92a0000,%2,%0 \n"
+ " brc 1,0b \n"
+ : "+a"(__src), "+d"(__src_len), "+a"(__dest)
+ : "d"(__func), "a"(__param)
+ : "cc", "memory");
+ return func ? src_len - __src_len : __src_len;
+ * s390_kmo:
+ * @func: the function code passed to KMO; see s390_kmc_func
+ * @param: address of parameter block; see POP for details on each func
+ * @dest: address of destination memory area
+ * @src: address of source memory area
+ * @src_len: length of src operand in bytes
+ *
+ * Executes the KMO (CIPHER MESSAGE WITH CHAINING) operation of the CPU.
+ *
+ * Returns -1 for failure, 0 for the query func, number of processed
+ * bytes for encryption/decryption funcs
+ */
+static inline int s390_kmo(unsigned long func, void *param, unsigned char *dest,
+ const unsigned char *src, long src_len)
+ register long __func asm("0") = func;
+ register void *__param asm("1") = param;
+ register const unsigned char *__src asm("2") = src;
+ register long __src_len asm("3") = src_len;
+ register unsigned char *__dest asm("4") = dest;
+ asm volatile (
+ "0: .insn rre, 0xb92b0000,%2,%0 \n"
+ " brc 1, 0b \n"
+ : "+a"(__src), "+d"(__src_len), "+a"(__dest)
+ : "d"(__func), "a"(__param)
+ : "cc", "memory");
+ return func ? src_len - __src_len : __src_len;
+ * s390_km:
+ * @func: the function code passed to KM; see s390_km_func
+ * @param: address of parameter block; see POP for details on each func
+ * @dest: address of destination memory area
+ * @src: address of source memory area
+ * @src_len: length of src operand in bytes
+ *
+ * Executes the KM (CIPHER MESSAGE) operation of the CPU.
+ *
+ * Returns -1 for failure, 0 for the query func, number of processed
+ * bytes for encryption/decryption funcs
+ */
+static inline int s390_km(unsigned long func, void *param, unsigned char *dest,
+ const unsigned char *src, long src_len)
+ register long __func asm("0") = func;
+ register void *__param asm("1") = param;
+ register const unsigned char *__src asm("2") = src;
+ register long __src_len asm("3") = src_len;
+ register unsigned char *__dest asm("4") = dest;
+ asm volatile (
+ "0: .insn rre,0xb92e0000,%2,%0 \n" /* KM opcode */
+ " brc 1,0b \n" /* handle partial completion */
+ : "+a"(__src), "+d"(__src_len), "+a"(__dest)
+ : "d"(__func), "a"(__param)
+ : "cc", "memory");
+ return func ? src_len - __src_len : __src_len;
+ * s390_kmc:
+ * @func: the function code passed to KM; see s390_kmc_func
+ * @param: address of parameter block; see POP for details on each func
+ * @dest: address of destination memory area
+ * @src: address of source memory area
+ * @src_len: length of src operand in bytes
+ *
+ * Executes the KMC (CIPHER MESSAGE WITH CHAINING) operation of the CPU.
+ *
+ * Returns -1 for failure, 0 for the query func, number of processed
+ * bytes for encryption/decryption funcs
+ */
+static inline int s390_kmc(unsigned long func, void *param, unsigned char *dest,
+ const unsigned char *src, long src_len)
+ register long __func asm("0") = func;
+ register void *__param asm("1") = param;
+ register const unsigned char *__src asm("2") = src;
+ register long __src_len asm("3") = src_len;
+ register unsigned char *__dest asm("4") = dest;
+ asm volatile (
+ "0: .insn rre, 0xb92f0000,%2,%0 \n" /* KMC opcode */
+ " brc 1, 0b \n" /* handle partial completion */
+ : "+a"(__src), "+d"(__src_len), "+a"(__dest)
+ : "d"(__func), "a"(__param)
+ : "cc", "memory");
+ return func ? src_len - __src_len : __src_len;
+ * s390_kimd:
+ * @func: the function code passed to KM; see s390_kimd_func
+ * @param: address of parameter block; see POP for details on each func
+ * @src: address of source memory area
+ * @src_len: length of src operand in bytes
+ *
+ * of the CPU.
+ *
+ * Returns -1 for failure, 0 for the query func, number of processed
+ * bytes for digest funcs
+ */
+static inline int s390_kimd(unsigned long func, void *param,
+ const unsigned char *src, long src_len)
+ register long __func asm("0") = func;
+ register void *__param asm("1") = param;
+ register const unsigned char *__src asm("2") = src;
+ register long __src_len asm("3") = src_len;
+ asm volatile (
+ "0: .insn rre,0xb93e0000,%0,%0 \n" /* KIMD opcode */
+ " brc 1,0b \n" /* handle partial completion */
+ : "+a"(__src), "+d"(__src_len)
+ : "d"(__func), "a"(__param)
+ : "cc", "memory");
+ return func ? src_len - __src_len : __src_len;
+ * s390_klmd:
+ * @func: the function code passed to KM; see s390_klmd_func
+ * @param: address of parameter block; see POP for details on each func
+ * @src: address of source memory area
+ * @src_len: length of src operand in bytes
+ *
+ * Executes the KLMD (COMPUTE LAST MESSAGE DIGEST) operation of the CPU.
+ *
+ * Returns -1 for failure, 0 for the query func, number of processed
+ * bytes for digest funcs
+ */
+static inline int s390_klmd(unsigned long func, void *param, const unsigned char *src,
+ long src_len)
+ register long __func asm("0") = func;
+ register void *__param asm("1") = param;
+ register const unsigned char *__src asm("2") = src;
+ register long __src_len asm("3") = src_len;
+ asm volatile (
+ "0: .insn rre,0xb93f0000,%0,%0 \n" /* KLMD opcode */
+ " brc 1,0b \n" /* handle partial completion */
+ : "+a"(__src), "+d"(__src_len)
+ : "d"(__func), "a"(__param)
+ : "cc", "memory");
+ return func ? src_len - __src_len : __src_len;
+static inline int s390_stckf_hw(void *buf)
+ register int cc = 0;
+ asm volatile(".insn s,0xb27c0000,%0"
+ : "=Q" (*((unsigned long long *)buf)) : : "cc");
+ return cc;
+static inline int s390_stcke_hw(void *buf)
+ register int cc = 0;
+ asm volatile(".insn s,0xb2780000,%0"
+ : "=Q" (*((unsigned long long *)buf)) : : "cc");
+ return cc;
+static inline int s390_stck(void *buf)
+#ifdef _LINUX_S390X_
+ return s390_stckf_hw(buf);
+ return s390_stcke_hw(buf);
+static inline int __stfle(unsigned long long *list, int doublewords)
+ typedef struct { unsigned long long _[doublewords]; } addrtype;
+ register unsigned long __nr asm("0") = doublewords - 1;
+ asm volatile(".insn s,0xb2b00000,%0" /* stfle */
+ : "=m" (*(addrtype *) list), "+d" (__nr) : : "cc");
+ return __nr + 1;
diff --git a/src/include/s390_ctr.h b/src/include/s390_ctr.h
new file mode 100644
index 0000000..accc283
--- /dev/null
+++ b/src/include/s390_ctr.h
@@ -0,0 +1,37 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Felix Beck <>
+ * Holger Dengler <>
+ *
+ * Copyright IBM Corp. 2010, 2011
+ */
+#include "s390_common.h"
+#ifndef S390_CTR_H
+#define S390_CTR_H
+/* get next multiple of blocksize (bs) of n */
+#define NEXT_BS(n, bs) ((n + (bs - 1)) & (~(bs - 1)))
+#define LARGE_MSG_CHUNK 4096 /* page size */
+static inline int s390_ctr_hw(unsigned int function_code, unsigned long data_length,
+ const unsigned char *in_data, unsigned char *key,
+ unsigned char *out_data, const unsigned char *ctrlist)
+ int rc = -1;
+ rc = s390_kmctr(function_code, key, out_data, in_data,
+ data_length, (unsigned char *)ctrlist);
+ if (rc >= 0)
+ return 0;
+ else
+ return EIO;
diff --git a/src/include/s390_des.h b/src/include/s390_des.h
new file mode 100644
index 0000000..d152000
--- /dev/null
+++ b/src/include/s390_des.h
@@ -0,0 +1,596 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Felix Beck <>
+ * Christian Maaser <>
+ * Holger Dengler <>
+ *
+ * Copyright IBM Corp. 2009, 2010, 2011
+ */
+#include "s390_ctr.h"
+#include <openssl/des.h>
+#ifndef S390_DES_H
+#define S390_DES_H
+#define DES_BLOCK_SIZE 8
+static inline int s390_des_ecb_hw(unsigned int function_code, unsigned long input_length,
+ const unsigned char *input_data, unsigned char *keys,
+ unsigned char *output_data)
+ int rc = -1;
+ rc = s390_km(function_code, keys, output_data, input_data,
+ input_length);
+ if (rc >= 0)
+ return 0;
+ else
+ return EIO;
+static inline int s390_des_ecb_sw(unsigned int function_code, unsigned long input_length,
+ const unsigned char *input_data, const unsigned char *keys,
+ unsigned char *output_data)
+ DES_key_schedule key_schedule1;
+ DES_key_schedule key_schedule2;
+ DES_key_schedule key_schedule3;
+ switch (function_code & S390_CRYPTO_FUNCTION_MASK) {
+ DES_set_key_unchecked((const_DES_cblock *) keys,
+ &key_schedule1);
+ for (; input_length; input_length -= sizeof(DES_cblock)) {
+ DES_ecb_encrypt((const_DES_cblock *) input_data,
+ (DES_cblock *) output_data,
+ &key_schedule1,
+ (function_code &
+ input_data += sizeof(DES_cblock);
+ output_data += sizeof(DES_cblock);
+ }
+ break;
+ case S390_CRYPTO_TDEA_128_ENCRYPT:
+ DES_set_key_unchecked((const_DES_cblock *) keys,
+ &key_schedule1);
+ DES_set_key_unchecked((const_DES_cblock *) keys + 1,
+ &key_schedule2);
+ for (; input_length; input_length -= sizeof(DES_cblock)) {
+ DES_ecb2_encrypt((const_DES_cblock *)
+ input_data,
+ (DES_cblock *) output_data,
+ &key_schedule1, &key_schedule2,
+ (function_code &
+ input_data += sizeof(DES_cblock);
+ output_data += sizeof(DES_cblock);
+ }
+ break;
+ case S390_CRYPTO_TDEA_192_ENCRYPT:
+ DES_set_key_unchecked((const_DES_cblock *) keys,
+ &key_schedule1);
+ DES_set_key_unchecked((const_DES_cblock *) keys + 1,
+ &key_schedule2);
+ DES_set_key_unchecked((const_DES_cblock *) keys + 2,
+ &key_schedule3);
+ for (; input_length; input_length -= sizeof(DES_cblock)) {
+ DES_ecb3_encrypt((const_DES_cblock *)
+ input_data,
+ (DES_cblock *) output_data,
+ &key_schedule1, &key_schedule2,
+ &key_schedule3, (function_code &
+ input_data += sizeof(DES_cblock);
+ output_data += sizeof(DES_cblock);
+ }
+ break;
+ }
+ return 0;
+static inline int s390_des_cbc_hw(unsigned int function_code,
+ unsigned long input_length,
+ const unsigned char *input_data, unsigned char *iv,
+ const unsigned char *keys, unsigned char *output_data)
+ struct {
+ ica_des_vector_t iv;
+ ica_des_key_triple_t keys;
+ } key_buffer;
+ int rc = -1;
+ unsigned int key_size = (function_code & S390_CRYPTO_FUNCTION_MASK) *
+ sizeof(ica_des_key_single_t);
+ memcpy(&key_buffer.iv, iv, sizeof(ica_des_vector_t));
+ memcpy(&key_buffer.keys, keys, key_size);
+ rc = s390_kmc(function_code, &key_buffer, output_data,
+ input_data, input_length);
+ memset(&key_buffer.keys, 0, key_size);
+ if (rc >= 0) {
+ memcpy(iv, &key_buffer.iv, sizeof(ica_des_vector_t));
+ return 0;
+ } else
+ return EIO;
+static inline int s390_des_cbc_sw(unsigned int function_code,
+ unsigned long input_length,
+ const unsigned char *input_data, unsigned char *iv,
+ const unsigned char *keys, unsigned char *output_data)
+ DES_key_schedule key_schedule1;
+ DES_key_schedule key_schedule2;
+ DES_key_schedule key_schedule3;
+ switch (function_code & S390_CRYPTO_FUNCTION_MASK) {
+ DES_set_key_unchecked((const_DES_cblock *) keys,
+ &key_schedule1);
+ DES_ncbc_encrypt(input_data, output_data, input_length,
+ &key_schedule1, (DES_cblock *) iv,
+ (function_code & S390_CRYPTO_DIRECTION_MASK) ?
+ 0 : 1);
+ break;
+ case S390_CRYPTO_TDEA_128_ENCRYPT:
+ DES_set_key_unchecked((const_DES_cblock *) keys,
+ &key_schedule1);
+ DES_set_key_unchecked((const_DES_cblock *) keys + 1,
+ &key_schedule2);
+ DES_ede2_cbc_encrypt(input_data, output_data, input_length,
+ &key_schedule1, &key_schedule2,
+ (DES_cblock *) iv,
+ (function_code &
+ break;
+ case S390_CRYPTO_TDEA_192_ENCRYPT:
+ DES_set_key_unchecked((const_DES_cblock *) keys,
+ &key_schedule1);
+ DES_set_key_unchecked((const_DES_cblock *) keys + 1,
+ &key_schedule2);
+ DES_set_key_unchecked((const_DES_cblock *) keys + 2,
+ &key_schedule3);
+ DES_ede3_cbc_encrypt(input_data, output_data, input_length,
+ &key_schedule1, &key_schedule2,
+ &key_schedule3, (DES_cblock *) iv,
+ (function_code &
+ break;
+ };
+ return 0;
+static inline int s390_des_ecb(unsigned int fc, unsigned long data_length,
+ const unsigned char *in_data, unsigned char *key,
+ unsigned char *out_data)
+ int rc = 1;
+ int hardware = ALGO_HW;
+ if (*s390_kmc_functions[fc].enabled)
+ rc = s390_des_ecb_hw(s390_kmc_functions[fc].hw_fc,
+ data_length, in_data, key,
+ out_data);
+ if (rc) {
+ rc = s390_des_ecb_sw(s390_kmc_functions[fc].hw_fc,
+ data_length, in_data, key,
+ out_data);
+ hardware = ALGO_SW;
+ }
+ switch (s390_kmc_functions[fc].hw_fc & S390_CRYPTO_FUNCTION_MASK) {
+ stats_increment(ICA_STATS_DES_ECB, hardware,
+ (s390_kmc_functions[fc].hw_fc &
+ break;
+ case S390_CRYPTO_TDEA_128_ENCRYPT:
+ case S390_CRYPTO_TDEA_192_ENCRYPT:
+ stats_increment(ICA_STATS_3DES_ECB, hardware,
+ (s390_kmc_functions[fc].hw_fc &
+ break;
+ }
+ return rc;
+static inline int s390_des_cbc(unsigned int fc, unsigned long data_length,
+ const unsigned char *in_data, unsigned char *iv,
+ const unsigned char *key, unsigned char *out_data)
+ int rc = 1;
+ int hardware = ALGO_HW;
+ if (*s390_kmc_functions[fc].enabled)
+ rc = s390_des_cbc_hw(s390_kmc_functions[fc].hw_fc,
+ data_length, in_data, iv, key,
+ out_data);
+ if (rc) {
+ rc = s390_des_cbc_sw(s390_kmc_functions[fc].hw_fc,
+ data_length, in_data, iv, key,
+ out_data);
+ hardware = ALGO_SW;
+ }
+ switch (s390_kmc_functions[fc].hw_fc & S390_CRYPTO_FUNCTION_MASK) {
+ stats_increment(ICA_STATS_DES_CBC, hardware,
+ (s390_kmc_functions[fc].hw_fc &
+ break;
+ case S390_CRYPTO_TDEA_128_ENCRYPT:
+ case S390_CRYPTO_TDEA_192_ENCRYPT:
+ stats_increment(ICA_STATS_3DES_CBC, hardware,
+ (s390_kmc_functions[fc].hw_fc &
+ break;
+ }
+ return rc;
+static inline int s390_des_cfb_hw(unsigned int function_code,
+ unsigned long data_length,
+ const unsigned char *in_data, unsigned char *iv,
+ const unsigned char *key, unsigned char *out_data,
+ unsigned int lcfb)
+ struct {
+ ica_des_vector_t iv;
+ ica_des_key_triple_t keys;
+ } key_buffer;
+ int rc = -1;
+ unsigned int key_size = (function_code & S390_CRYPTO_FUNCTION_MASK) *
+ sizeof(ica_des_key_single_t);
+ memcpy(&key_buffer.iv, iv, sizeof(ica_des_vector_t));
+ memcpy(&key_buffer.keys, key, key_size);
+ rc = s390_kmf(function_code, &key_buffer, out_data,
+ in_data, data_length, &lcfb);
+ memset(&key_buffer.keys, 0, key_size);
+ if (rc >= 0) {
+ memcpy(iv, &key_buffer.iv, sizeof(ica_des_vector_t));
+ return 0;
+ } else
+ return EIO;
+static inline int __s390_des_cfb(unsigned int fc, unsigned long data_length,
+ const unsigned char *in_data, unsigned char *iv,
+ const unsigned char *key, unsigned char *out_data,
+ unsigned int lcfb)
+ int rc = 1;
+ int hardware = ALGO_HW;
+ if (*s390_msa4_functions[fc].enabled)
+ rc = s390_des_cfb_hw(s390_msa4_functions[fc].hw_fc,
+ data_length, in_data, iv, key,
+ out_data, lcfb);
+ if (rc) {
+ hardware = ALGO_SW;
+ return EPERM;
+ }
+ switch (s390_msa4_functions[fc].hw_fc & S390_CRYPTO_FUNCTION_MASK) {
+ stats_increment(ICA_STATS_DES_CFB, hardware,
+ (s390_msa4_functions[fc].hw_fc &
+ break;
+ case S390_CRYPTO_TDEA_128_ENCRYPT:
+ case S390_CRYPTO_TDEA_192_ENCRYPT:
+ stats_increment(ICA_STATS_3DES_CFB, hardware,
+ (s390_msa4_functions[fc].hw_fc &
+ break;
+ }
+ return rc;
+static inline int s390_des_ofb_hw(unsigned int function_code,
+ unsigned int input_length,
+ const unsigned char *input_data, unsigned char *iv,
+ const unsigned char *keys, unsigned char *output_data)
+ struct {
+ ica_des_vector_t iv;
+ ica_des_key_triple_t keys;
+ } key_buffer;
+ int rc = -1;
+ unsigned int key_size = (function_code & S390_CRYPTO_FUNCTION_MASK) *
+ sizeof(ica_des_key_single_t);
+ memcpy(&key_buffer.iv, iv, sizeof(ica_des_vector_t));
+ memcpy(&key_buffer.keys, keys, key_size);
+ rc = s390_kmo(function_code, &key_buffer, output_data,
+ input_data, input_length);
+ memset(&key_buffer.keys, 0, key_size);
+ if (rc >= 0) {
+ memcpy(iv, &key_buffer.iv, sizeof(ica_des_vector_t));
+ return 0;
+ } else
+ return EIO;
+static inline int __s390_des_ofb(unsigned int fc, unsigned int input_length,
+ const unsigned char *input_data, unsigned char *iv,
+ const unsigned char *keys, unsigned char *output_data)
+ int rc = 1;
+ int hardware = ALGO_HW;
+ if (*s390_msa4_functions[fc].enabled)
+ rc = s390_des_ofb_hw(s390_msa4_functions[fc].hw_fc,
+ input_length, input_data, iv, keys,
+ output_data);
+ if (rc) {
+ hardware = ALGO_SW;
+ return rc;
+ }
+ switch (s390_msa4_functions[fc].hw_fc & S390_CRYPTO_FUNCTION_MASK) {
+ stats_increment(ICA_STATS_DES_OFB, hardware,
+ (s390_msa4_functions[fc].hw_fc &
+ break;
+ case S390_CRYPTO_TDEA_128_ENCRYPT:
+ case S390_CRYPTO_TDEA_192_ENCRYPT:
+ stats_increment(ICA_STATS_3DES_OFB, hardware,
+ (s390_msa4_functions[fc].hw_fc &
+ break;
+ }
+ return rc;
+static inline int s390_des_cfb(unsigned int fc, unsigned long data_length,
+ const unsigned char *in_data, unsigned char *iv,
+ const unsigned char *key, unsigned char *out_data,
+ unsigned int lcfb)
+ int rc = 0;
+ /* Temporary buffers with size of lcfb should be
+ * sufficiant, using static maximun lcfb instead. */
+ unsigned char rest_in_data[DES_BLOCK_SIZE];
+ unsigned char rest_out_data[DES_BLOCK_SIZE];
+ unsigned long rest_data_length;
+ unsigned long tmp_data_length;
+ rest_data_length = data_length % lcfb;
+ tmp_data_length = data_length - rest_data_length;
+ if (tmp_data_length) {
+ rc = __s390_des_cfb(fc, tmp_data_length, in_data,
+ iv, key, out_data, lcfb);
+ if (rc)
+ return rc;
+ }
+ if (rest_data_length) {
+ memcpy(rest_in_data, in_data + tmp_data_length,
+ rest_data_length);
+ rc = __s390_des_cfb(fc, DES_BLOCK_SIZE,
+ rest_in_data,
+ iv, key, rest_out_data, lcfb);
+ if (rc)
+ return rc;
+ memcpy(out_data + tmp_data_length,
+ rest_out_data, rest_data_length);
+ }
+ return rc;
+static inline int s390_des_ofb(unsigned int fc, unsigned long data_length,
+ const unsigned char *in_data, unsigned char *iv,
+ const unsigned char *key, unsigned char *out_data)
+ int rc = 0;
+ unsigned char rest_in_data[DES_BLOCK_SIZE];
+ unsigned char rest_out_data[DES_BLOCK_SIZE];
+ unsigned long rest_data_length;
+ unsigned long tmp_data_length;
+ rest_data_length = data_length % DES_BLOCK_SIZE;
+ tmp_data_length = data_length - rest_data_length;
+ if (tmp_data_length) {
+ rc = __s390_des_ofb(fc, tmp_data_length, in_data,
+ iv, key, out_data);
+ if (rc)
+ return rc;
+ }
+ if (rest_data_length) {
+ memcpy(rest_in_data, in_data + tmp_data_length,
+ rest_data_length);
+ rc = __s390_des_ofb(fc, DES_BLOCK_SIZE,
+ rest_in_data,
+ iv, key, rest_out_data);
+ if (rc)
+ return rc;
+ memcpy(out_data + tmp_data_length,
+ rest_out_data, rest_data_length);
+ }
+ return rc;
+static inline int __s390_des_ctrlist(unsigned int fc, unsigned long data_length,
+ const unsigned char *in_data,
+ const unsigned char *ctrlist,
+ unsigned char *key,
+ unsigned char *out_data)
+ int rc = EPERM;
+ int hardware = ALGO_HW;
+ if (*s390_msa4_functions[fc].enabled)
+ rc = s390_ctr_hw(s390_msa4_functions[fc].hw_fc,
+ data_length, in_data, key,
+ out_data, ctrlist);
+ if (rc) {
+ hardware = ALGO_SW;
+ return rc;
+ }
+ switch (s390_msa4_functions[fc].hw_fc & S390_CRYPTO_FUNCTION_MASK) {
+ stats_increment(ICA_STATS_DES_CTR, hardware,
+ (s390_msa4_functions[fc].hw_fc &
+ break;
+ case S390_CRYPTO_TDEA_128_ENCRYPT:
+ case S390_CRYPTO_TDEA_192_ENCRYPT:
+ stats_increment(ICA_STATS_3DES_CTR, hardware,
+ (s390_msa4_functions[fc].hw_fc &
+ break;
+ }
+ return rc;
+static inline int s390_des_ctrlist(unsigned int fc, unsigned long data_length,
+ const unsigned char *in_data,
+ const unsigned char *ctrlist,
+ unsigned char *key, unsigned char *out_data)
+ int rc = 0;
+ unsigned char rest_in_data[DES_BLOCK_SIZE];
+ unsigned char rest_out_data[DES_BLOCK_SIZE];
+ unsigned long rest_data_length;
+ unsigned long tmp_data_length;
+ rest_data_length = data_length % DES_BLOCK_SIZE;
+ tmp_data_length = data_length - rest_data_length;
+ if (tmp_data_length) {
+ rc = __s390_des_ctrlist(fc, tmp_data_length, in_data,
+ ctrlist, key, out_data);
+ if (rc)
+ return rc;
+ }
+ if (rest_data_length) {
+ memcpy(rest_in_data, in_data + tmp_data_length,
+ rest_data_length);
+ rc = __s390_des_ctrlist(fc, DES_BLOCK_SIZE,
+ rest_in_data,
+ ctrlist + tmp_data_length,
+ key, rest_out_data);
+ if (rc)
+ return rc;
+ memcpy(out_data + tmp_data_length,
+ rest_out_data, rest_data_length);
+ }
+ return rc;
+static inline int s390_des_ctr(unsigned int fc, const unsigned char *in_data,
+ unsigned char *out_data, unsigned long data_length,
+ unsigned char *key, unsigned char *ctr,
+ unsigned int ctr_width)
+ const unsigned char *src;
+ unsigned char *tmp_ctrlist = NULL;
+ unsigned long chunk_length;
+ unsigned long rest_length;
+ unsigned long tmp_length;
+ int rc = 0;
+ if (data_length <= DES_BLOCK_SIZE) {
+ /* short message handling */
+ rc = s390_des_ctrlist(fc, data_length, in_data, ctr,
+ key, out_data);
+ if (rc)
+ goto free_out;
+ ctr_inc_single(ctr, DES_BLOCK_SIZE, ctr_width);
+ return rc;
+ }
+ /* find largest possible message chunk */
+ /* get next multiple of blocksize of data_length */
+ chunk_length = NEXT_BS(data_length, DES_BLOCK_SIZE);
+ tmp_ctrlist = malloc(chunk_length);
+ /* page size chunk fall back */
+ if ((!tmp_ctrlist) && (data_length > LARGE_MSG_CHUNK)) {
+ chunk_length = LARGE_MSG_CHUNK;
+ tmp_ctrlist = malloc(chunk_length);
+ }
+ /* single block chunk fall back */
+ if (!tmp_ctrlist)
+ chunk_length = DES_BLOCK_SIZE;
+ for (src = in_data, rest_length = data_length;
+ src < (in_data + data_length);
+ src += chunk_length, out_data += chunk_length,
+ rest_length -= chunk_length) {
+ tmp_length = (rest_length < chunk_length) ?
+ rest_length : chunk_length;
+ if (tmp_ctrlist) {
+ ctr_inc_block(ctr, DES_BLOCK_SIZE, ctr_width,
+ tmp_ctrlist,
+ NEXT_BS(tmp_length, DES_BLOCK_SIZE));
+ rc = s390_des_ctrlist(fc, tmp_length, src,
+ tmp_ctrlist, key, out_data);
+ if (rc)
+ goto free_out;
+ } else {
+ rc = s390_des_ctrlist(fc, tmp_length, src,
+ ctr, key, out_data);
+ if (rc)
+ goto free_out;
+ ctr_inc_single(ctr, DES_BLOCK_SIZE, ctr_width);
+ }
+ }
+ if (tmp_ctrlist)
+ free(tmp_ctrlist);
+ return rc;
diff --git a/src/include/s390_gcm.h b/src/include/s390_gcm.h
new file mode 100644
index 0000000..ea64182
--- /dev/null
+++ b/src/include/s390_gcm.h
@@ -0,0 +1,436 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Felix Beck <>
+ * Holger Dengler <>
+ *
+ * Copyright IBM Corp. 2010, 2011
+ */
+#ifndef S390_GCM_H
+#define S390_GCM_H
+#define S390_GCM_MAX_TEXT_LENGTH (0x0000000fffffffe0ul) /* (2^31)-32 */
+#define S390_GCM_MAX_AAD_LENGTH (0x2000000000000000ul) /* (2^61) */
+#define S390_GCM_MAX_IV_LENGTH (0x2000000000000000ul) /* (2^61) */
+/* the recommended iv length for GCM is 96 bit or 12 byte */
+/* ctr with for GCM is specified with 32 bit */
+#define GCM_CTR_WIDTH 32
+/* Helper struct containing last uncomplete ciphertext block
+ * with padding, aad_length and ciphertext_length. */
+unsigned char zero_block[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+static unsigned char partial_j[] = {
+ 0x00, 0x00, 0x00, 0x01,
+struct pad_meta {
+ unsigned char pad[AES_BLOCK_SIZE];
+ uint64_t length_a;
+ uint64_t length_b;
+} __attribute__((packed));
+static inline int s390_ghash_hw(unsigned int fc,
+ const unsigned char *in_data,
+ unsigned long data_length,
+ unsigned char *iv,
+ const unsigned char *subkey)
+ struct {
+ unsigned char iv[AES_BLOCK_SIZE];
+ unsigned char hash_subkey[AES_BLOCK_SIZE];
+ } __attribute__((packed)) parmblock;
+ int rc = 0;
+ int hardware = ALGO_HW;
+ memcpy(parmblock.iv, iv, AES_BLOCK_SIZE);
+ memcpy(parmblock.hash_subkey, subkey, AES_BLOCK_SIZE);
+ rc = s390_kimd(fc, &parmblock, in_data, data_length);
+ if(rc == data_length) {
+ /* All data has been processed */
+ memcpy(iv, parmblock.iv, AES_BLOCK_SIZE);
+ stats_increment(ICA_STATS_GHASH, hardware, ENCRYPT);
+ return 0;
+ }
+ return EIO;
+static inline int s390_ghash(const unsigned char *in_data, unsigned long data_length,
+ const unsigned char *key, unsigned char *iv)
+ if (!s390_kimd_functions[GHASH].enabled)
+ return EPERM;
+ return s390_ghash_hw(s390_kimd_functions[GHASH].hw_fc,
+ in_data, data_length,
+ iv, key);
+static inline unsigned int __compute_j0(const unsigned char *iv,
+ unsigned int iv_length,
+ const unsigned char *subkey_h,
+ unsigned char *j0)
+ int rc;
+ struct pad_meta iv_pad_meta;
+ unsigned long head_length;
+ unsigned long tail_length;
+ /* iv_length of 12 bytes is recommended */
+ if (iv_length == GCM_RECOMMENDED_IV_LENGTH) {
+ memcpy(j0, iv, iv_length);
+ memcpy(j0 + iv_length, partial_j, sizeof(partial_j));
+ return 0;
+ }
+ memset(j0, 0x00, AES_BLOCK_SIZE);
+ memset(iv_pad_meta.pad, 0x00, sizeof(iv_pad_meta.pad));
+ iv_pad_meta.length_a = (uint64_t)0ul; /* unused for j0 */
+ iv_pad_meta.length_b = (uint64_t)(iv_length * 8ul);
+ tail_length = iv_length % AES_BLOCK_SIZE;
+ head_length = iv_length - tail_length;
+ if (head_length) {
+ rc = s390_ghash(iv, head_length, subkey_h, j0);
+ if (rc)
+ return rc;
+ }
+ if (tail_length) {
+ memcpy(iv_pad_meta.pad, iv + head_length, tail_length);
+ rc = s390_ghash((unsigned char *)&iv_pad_meta,
+ sizeof(iv_pad_meta),
+ subkey_h, j0);
+ if (rc)
+ return rc;
+ } else {
+ /* no padding necessary, only ghash meta information */
+ rc = s390_ghash((unsigned char *)&iv_pad_meta.length_a,
+ subkey_h, j0);
+ if (rc)
+ return rc;
+ }
+ return 0;
+static inline unsigned int s390_gcm_authenticate(const unsigned char *ciphertext, unsigned long text_length,
+ const unsigned char *aad, unsigned long aad_length,
+ const unsigned char *subkey_h, unsigned char *iv)
+ unsigned int rc;
+ unsigned char aad_pad[AES_BLOCK_SIZE];
+ unsigned long head_length;
+ unsigned long tail_length;
+ struct pad_meta c_pad_meta;
+ memset(iv, 0x00, AES_BLOCK_SIZE);
+ memset(c_pad_meta.pad, 0x00, sizeof(c_pad_meta.pad));
+ c_pad_meta.length_a = (uint64_t)(aad_length * 8ul);
+ c_pad_meta.length_b = (uint64_t)(text_length * 8ul);
+ if (aad_length) {
+ tail_length = aad_length % AES_BLOCK_SIZE;
+ head_length = aad_length - tail_length;
+ /* ghash aad head */
+ if (head_length) {
+ rc = s390_ghash(aad, head_length, subkey_h, iv);
+ if (rc)
+ return rc;
+ }
+ /* ghash aad tail */
+ if (tail_length) {
+ memset(aad_pad, 0x00, AES_BLOCK_SIZE);
+ memcpy(aad_pad, aad + head_length, tail_length);
+ rc = s390_ghash(aad_pad, AES_BLOCK_SIZE, subkey_h, iv);
+ if (rc)
+ return rc;
+ }
+ }
+ if (text_length) {
+ tail_length = text_length % AES_BLOCK_SIZE;
+ head_length = text_length - tail_length;
+ /* ghash ciphertext head */
+ if (head_length) {
+ rc = s390_ghash(ciphertext, head_length, subkey_h, iv);
+ if (rc)
+ return rc;
+ }
+ /* ghash ciphertext tail and meta data */
+ if (tail_length) {
+ memcpy(c_pad_meta.pad, ciphertext + head_length, tail_length);
+ rc = s390_ghash((unsigned char *)&c_pad_meta,
+ sizeof(c_pad_meta), subkey_h, iv);
+ if (rc)
+ return rc;
+ } else {
+ rc = s390_ghash((unsigned char *)&c_pad_meta.length_a,
+ AES_BLOCK_SIZE, subkey_h, iv);
+ if (rc)
+ return rc;
+ }
+ } else {
+ /* ghash meta data only */
+ rc = s390_ghash((unsigned char *)&c_pad_meta.length_a,
+ subkey_h, iv);
+ if (rc)
+ return rc;
+ }
+ return 0;
+static inline unsigned int s390_gcm_authenticate_intermediate(
+ const unsigned char *ciphertext, unsigned long text_length,
+ unsigned char *aad, unsigned long aad_length,
+ const unsigned char *subkey_h, unsigned char *iv)
+ unsigned int rc;
+ unsigned char aad_pad[AES_BLOCK_SIZE];
+ unsigned long head_length;
+ unsigned long tail_length;
+ struct pad_meta c_pad_meta;
+ memset(c_pad_meta.pad, 0x00, sizeof(c_pad_meta.pad));
+ if (aad_length) {
+ tail_length = aad_length % AES_BLOCK_SIZE;
+ head_length = aad_length - tail_length;
+ /* ghash aad head */
+ if (head_length) {
+ rc = s390_ghash(aad, head_length, subkey_h, iv);
+ if (rc)
+ return rc;
+ }
+ /* ghash aad tail */
+ if (tail_length) {
+ memset(aad_pad, 0x00, AES_BLOCK_SIZE);
+ memcpy(aad_pad, aad + head_length, tail_length);
+ rc = s390_ghash(aad_pad, AES_BLOCK_SIZE, subkey_h, iv);
+ if (rc)
+ return rc;
+ }
+ }
+ if (text_length) {
+ tail_length = text_length % AES_BLOCK_SIZE;
+ head_length = text_length - tail_length;
+ /* ghash ciphertext head */
+ if (head_length) {
+ rc = s390_ghash(ciphertext, head_length, subkey_h, iv);
+ if (rc)
+ return rc;
+ }
+ /* ghash ciphertext tail and meta data */
+ if (tail_length) {
+ memcpy(c_pad_meta.pad, ciphertext + head_length, tail_length);
+ rc = s390_ghash((unsigned char *)&c_pad_meta,
+ AES_BLOCK_SIZE, subkey_h, iv);
+ if (rc)
+ return rc;
+ }
+ }
+ return 0;
+static inline unsigned int s390_gcm_authenticate_last(
+ unsigned long aad_length, unsigned long ciph_length,
+ const unsigned char *subkey_h, unsigned char *iv)
+ unsigned int rc;
+ struct pad_meta c_pad_meta;
+ memset(c_pad_meta.pad, 0x00, sizeof(c_pad_meta.pad));
+ c_pad_meta.length_a = (uint64_t)(aad_length * 8ul);
+ c_pad_meta.length_b = (uint64_t)(ciph_length * 8ul);
+ /* ghash meta data only */
+ rc = s390_ghash((unsigned char *)&c_pad_meta.length_a,
+ subkey_h, iv);
+ if (rc)
+ return rc;
+ return 0;
+static inline int s390_gcm(unsigned int function_code,
+ unsigned char *plaintext, unsigned long text_length,
+ unsigned char *ciphertext,
+ const unsigned char *iv, unsigned long iv_length,
+ const unsigned char *aad, unsigned long aad_length,
+ unsigned char *tag, unsigned long tag_length,
+ unsigned char *key)
+ unsigned char subkey_h[AES_BLOCK_SIZE];
+ unsigned char j0[AES_BLOCK_SIZE];
+ unsigned char tmp_ctr[AES_BLOCK_SIZE];
+ /* temporary tag must be of size cipher block size */
+ unsigned char tmp_tag[AES_BLOCK_SIZE];
+ unsigned int rc;
+ if (!msa4_switch)
+ return EPERM;
+ /* calculate subkey H */
+ rc = s390_aes_ecb(UNDIRECTED_FC(function_code),
+ AES_BLOCK_SIZE, zero_block,
+ key, subkey_h);
+ if (rc)
+ return rc;
+ /* calculate initial counter, based on iv */
+ __compute_j0(iv, iv_length, subkey_h, j0);
+ /* prepate initial counter for cipher */
+ memcpy(tmp_ctr, j0, AES_BLOCK_SIZE);
+ ctr_inc_single(tmp_ctr, AES_BLOCK_SIZE, GCM_CTR_WIDTH);
+ /* en-/decrypt payload */
+ if (function_code % 2) {
+ /* decrypt */
+ rc = s390_aes_ctr(UNDIRECTED_FC(function_code),
+ ciphertext, plaintext, text_length,
+ key, tmp_ctr, GCM_CTR_WIDTH);
+ if (rc)
+ return rc;
+ } else {
+ /* encrypt */
+ rc = s390_aes_ctr(UNDIRECTED_FC(function_code),
+ plaintext, ciphertext, text_length,
+ key, tmp_ctr, GCM_CTR_WIDTH);
+ if (rc)
+ return rc;
+ }
+ /* generate authentication tag */
+ rc = s390_gcm_authenticate(ciphertext, text_length,
+ aad, aad_length,
+ subkey_h, tmp_tag);
+ if (rc)
+ return rc;
+ /* encrypt tag */
+ return s390_aes_ctr(UNDIRECTED_FC(function_code),
+ tmp_tag, tag, tag_length,
+ key, j0, GCM_CTR_WIDTH);
+static inline int s390_gcm_initialize(unsigned int function_code,
+ const unsigned char *iv,
+ unsigned long iv_length,
+ unsigned char *key,
+ unsigned char *icb,
+ unsigned char *ucb,
+ unsigned char *subkey)
+ int rc;
+ if (!icb || !ucb)
+ return -EINVAL;
+ /* calculate subkey H */
+ rc = s390_aes_ecb(UNDIRECTED_FC(function_code),
+ AES_BLOCK_SIZE, zero_block, key, subkey);
+ if (rc)
+ return rc;
+ /* calculate initial counter, based on iv */
+ __compute_j0(iv, iv_length, subkey, icb);
+ /* prepate usage counter for cipher */
+ memcpy(ucb, icb, AES_BLOCK_SIZE);
+ ctr_inc_single(ucb, AES_BLOCK_SIZE, GCM_CTR_WIDTH);
+ return 0;
+static inline int s390_gcm_intermediate(unsigned int function_code,
+ unsigned char *plaintext, unsigned long text_length,
+ unsigned char *ciphertext,
+ unsigned char *ctr,
+ unsigned char *aad, unsigned long aad_length,
+ unsigned char *tag, unsigned long tag_length,
+ unsigned char *key, unsigned char *subkey)
+ unsigned int rc;
+ if (!msa4_switch)
+ return EPERM;
+ /* en-/decrypt payload */
+ if (function_code % 2) {
+ /* decrypt */
+ rc = s390_aes_ctr(UNDIRECTED_FC(function_code), ciphertext, plaintext,
+ text_length, key, ctr, GCM_CTR_WIDTH);
+ if (rc)
+ return rc;
+ } else {
+ /* encrypt */
+ rc = s390_aes_ctr(UNDIRECTED_FC(function_code), plaintext, ciphertext,
+ text_length, key, ctr, GCM_CTR_WIDTH);
+ if (rc)
+ return rc;
+ }
+ /* generate authentication tag */
+ rc = s390_gcm_authenticate_intermediate(ciphertext, text_length,
+ aad, aad_length, subkey, tag);
+ if (rc)
+ return rc;
+ return 0;
+static inline int s390_gcm_last(unsigned int function_code, unsigned char *icb,
+ unsigned long aad_length, unsigned long ciph_length,
+ unsigned char *tag, unsigned long tag_length,
+ unsigned char *key, unsigned char *subkey)
+ unsigned char tmp_tag[AES_BLOCK_SIZE];
+ int rc;
+ /* generate authentication tag */
+ memcpy(tmp_tag, tag, tag_length);
+ rc = s390_gcm_authenticate_last(aad_length, ciph_length, subkey, tmp_tag);
+ if (rc)
+ return rc;
+ /* encrypt tag */
+ return s390_aes_ctr(UNDIRECTED_FC(function_code), tmp_tag, tag, tag_length,
+ key, icb, GCM_CTR_WIDTH);
diff --git a/src/include/s390_prng.h b/src/include/s390_prng.h
new file mode 100644
index 0000000..5219337
--- /dev/null
+++ b/src/include/s390_prng.h
@@ -0,0 +1,20 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Felix Beck <>
+ * Christian Maaser <>
+ *
+ * Copyright IBM Corp. 2009
+ */
+#ifndef S390_PRNG_H
+#define S390_PRNG_H
+int s390_prng_init(void);
+int s390_prng(unsigned char *output_data, unsigned int output_length);
diff --git a/src/include/s390_rsa.h b/src/include/s390_rsa.h
new file mode 100644
index 0000000..5867127
--- /dev/null
+++ b/src/include/s390_rsa.h
@@ -0,0 +1,44 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Felix Beck <>
+ * Christian Maaser <>
+ *
+ * Copyright IBM Corp. 2009, 2011
+ */
+#ifndef S390_RSA_H
+#define S390_RSA_H
+#include <openssl/bn.h>
+#include <asm/zcrypt.h>
+#include "ica_api.h"
+typedef struct ica_rsa_modexpo ica_rsa_modexpo_t;
+typedef struct ica_rsa_modexpo_crt ica_rsa_modexpo_crt_t;
+typedef struct ica_rsa_modexpo ica_rsa_modmult_t;
+unsigned int rsa_key_generate_mod_expo(ica_adapter_handle_t deviceHandle,
+ unsigned int modulus_bit_length,
+ ica_rsa_key_mod_expo_t *public_key,
+ ica_rsa_key_mod_expo_t *private_key);
+unsigned int ica_rsa_key_generate_crt(ica_adapter_handle_t device_handle,
+ unsigned int modulus_bit_length,
+ ica_rsa_key_mod_expo_t *public_key,
+ ica_rsa_key_crt_t *private_key);
+unsigned int rsa_key_generate_mod_expo(ica_adapter_handle_t deviceHandle,
+ unsigned int modulus_bit_length,
+ ica_rsa_key_mod_expo_t *public_key,
+ ica_rsa_key_mod_expo_t *private_key);
+unsigned int rsa_key_generate_crt(ica_adapter_handle_t deviceHandle,
+ unsigned int modulus_bit_length,
+ ica_rsa_key_mod_expo_t *public_key,
+ ica_rsa_key_crt_t *private_key);
+unsigned int rsa_crt_sw(ica_rsa_modexpo_crt_t * pCrt);
+unsigned int rsa_mod_mult_sw(ica_rsa_modmult_t * pMul);
+unsigned int rsa_mod_expo_sw(ica_rsa_modexpo_t *pMex);
diff --git a/src/include/s390_sha.h b/src/include/s390_sha.h
new file mode 100644
index 0000000..5b71d95
--- /dev/null
+++ b/src/include/s390_sha.h
@@ -0,0 +1,185 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Felix Beck <>
+ * Christian Maaser <>
+ *
+ * Copyright IBM Corp. 2009
+ */
+#ifndef S390_SHA_H
+#define S390_SHA_H
+static unsigned char SHA_1_DEFAULT_IV[] = {
+ 0x67, 0x45, 0x23, 0x01, 0xef, 0xcd, 0xab, 0x89, 0x98, 0xba, 0xdc, 0xfe,
+ 0x10, 0x32, 0x54, 0x76, 0xc3, 0xd2, 0xe1, 0xf0 };
+static unsigned char SHA_224_DEFAULT_IV[] = {
+ 0xc1, 0x05, 0x9e, 0xd8, 0x36, 0x7c, 0xd5, 0x07, 0x30, 0x70, 0xdd, 0x17,
+ 0xf7, 0x0e, 0x59, 0x39, 0xff, 0xc0, 0x0b, 0x31, 0x68, 0x58, 0x15, 0x11,
+ 0x64, 0xf9, 0x8f, 0xa7, 0xbe, 0xfa, 0x4f, 0xa4 };
+static unsigned char SHA_256_DEFAULT_IV[] = {
+ 0x6a, 0x09, 0xe6, 0x67, 0xbb, 0x67, 0xae, 0x85, 0x3c, 0x6e, 0xf3, 0x72,
+ 0xa5, 0x4f, 0xf5, 0x3a, 0x51, 0x0e, 0x52, 0x7f, 0x9b, 0x05, 0x68, 0x8c,
+ 0x1f, 0x83, 0xd9, 0xab, 0x5b, 0xe0, 0xcd, 0x19 };
+static unsigned char SHA_384_DEFAULT_IV[] = {
+ 0xcb, 0xbb, 0x9d, 0x5d, 0xc1, 0x05, 0x9e, 0xd8, 0x62, 0x9a, 0x29, 0x2a,
+ 0x36, 0x7c, 0xd5, 0x07, 0x91, 0x59, 0x01, 0x5a, 0x30, 0x70, 0xdd, 0x17,
+ 0x15, 0x2f, 0xec, 0xd8, 0xf7, 0x0e, 0x59, 0x39, 0x67, 0x33, 0x26, 0x67,
+ 0xff, 0xc0, 0x0b, 0x31, 0x8e, 0xb4, 0x4a, 0x87, 0x68, 0x58, 0x15, 0x11,
+ 0xdb, 0x0c, 0x2e, 0x0d, 0x64, 0xf9, 0x8f, 0xa7, 0x47, 0xb5, 0x48, 0x1d,
+ 0xbe, 0xfa, 0x4f, 0xa4 };
+static unsigned char SHA_512_DEFAULT_IV[] = {
+ 0x6a, 0x09, 0xe6, 0x67, 0xf3, 0xbc, 0xc9, 0x08, 0xbb, 0x67, 0xae, 0x85,
+ 0x84, 0xca, 0xa7, 0x3b, 0x3c, 0x6e, 0xf3, 0x72, 0xfe, 0x94, 0xf8, 0x2b,
+ 0xa5, 0x4f, 0xf5, 0x3a, 0x5f, 0x1d, 0x36, 0xf1, 0x51, 0x0e, 0x52, 0x7f,
+ 0xad, 0xe6, 0x82, 0xd1, 0x9b, 0x05, 0x68, 0x8c, 0x2b, 0x3e, 0x6c, 0x1f,
+ 0x1f, 0x83, 0xd9, 0xab, 0xfb, 0x41, 0xbd, 0x6b, 0x5b, 0xe0, 0xcd, 0x19,
+ 0x13, 0x7e, 0x21, 0x79 };
+typedef struct {
+ unsigned int hw_function_code;
+ unsigned int hash_length;
+ unsigned int vector_length;
+ unsigned int block_length;
+ unsigned char *default_iv;
+static const SHA_CONSTANTS sha_constants[] = {
+ {S390_CRYPTO_SHA_1, 20, 20, 64, SHA_1_DEFAULT_IV},
+ {S390_CRYPTO_SHA_256, 28, 32, 64, SHA_224_DEFAULT_IV},
+ {S390_CRYPTO_SHA_256, 32, 32, 64, SHA_256_DEFAULT_IV},
+ {S390_CRYPTO_SHA_512, 48, 64, 128, SHA_384_DEFAULT_IV},
+ {S390_CRYPTO_SHA_512, 64, 64, 128, SHA_512_DEFAULT_IV}
+int s390_sha1(unsigned char *iv, unsigned char *input_data,
+ unsigned int input_length, unsigned char *output_data,
+ unsigned int message_part, uint64_t *running_length);
+int s390_sha224(unsigned char *iv, unsigned char *input_data,
+ unsigned int input_length, unsigned char *output_data,
+ unsigned int message_part, uint64_t *running_length);
+int s390_sha256(unsigned char *iv, unsigned char *input_data,
+ unsigned int input_length, unsigned char *output_data,
+ unsigned int message_part, uint64_t *running_length);
+int s390_sha384(unsigned char *iv, unsigned char *input_data,
+ uint64_t input_length, unsigned char *output_data,
+ unsigned int message_part, uint64_t *running_length_lo,
+ uint64_t *running_length_hi);
+int s390_sha512(unsigned char *iv, unsigned char *input_data,
+ uint64_t input_length, unsigned char *output_data,
+ unsigned int message_part, uint64_t *running_length_lo,
+ uint64_t *running_length_hi);
+static inline int s390_sha_hw(unsigned char *iv, unsigned char *input_data,
+ uint64_t input_length, unsigned char *output_data,
+ unsigned int message_part, uint64_t *running_length_lo,
+ uint64_t *running_length_hi, kimd_functions_t sha_function)
+ int rc = 0;
+ uint64_t sum_lo = 0, sum_hi = 0;
+ unsigned long remnant = 0;
+ int complete_blocks_length = 0;
+ unsigned char *default_iv = sha_constants[sha_function].default_iv;
+ unsigned int hash_length = sha_constants[sha_function].hash_length;
+ unsigned int vector_length = sha_constants[sha_function].vector_length;
+ /* A internal buffer for the SHA hash and stream bit length. For SHA512
+ * this can be at most 128 byte for the hash plus 16 byte for the
+ * stream length. */
+ unsigned char shabuff[128 + 16];
+ if (input_length) {
+ remnant = input_length % sha_constants[sha_function].block_length;
+ complete_blocks_length = input_length - remnant;
+ }
+ if (message_part == SHA_MSG_PART_ONLY ||
+ message_part == SHA_MSG_PART_FIRST) {
+ memcpy(shabuff, default_iv, vector_length);
+ *running_length_lo = 0;
+ if (running_length_hi)
+ *running_length_hi = 0;
+ }
+ else
+ memcpy(shabuff, (void *)iv, vector_length);
+ sum_lo = *running_length_lo;
+ if(running_length_hi)
+ sum_hi = *running_length_hi;
+ if ((message_part == SHA_MSG_PART_FIRST ||
+ message_part == SHA_MSG_PART_MIDDLE) && (remnant != 0))
+ return EINVAL;
+ unsigned int hw_function_code;
+ hw_function_code = sha_constants[sha_function].hw_function_code;
+ if (complete_blocks_length) {
+ rc = s390_kimd(hw_function_code, shabuff, input_data,
+ complete_blocks_length);
+ if (rc > 0) {
+ /* Check for overflow in sum_lo */
+ sum_lo += rc;
+ if(sum_lo < *running_length_lo || sum_lo < rc)
+ sum_hi += 1;
+ rc = 0;
+ }
+ }
+ if (rc == 0 && (message_part == SHA_MSG_PART_ONLY ||
+ message_part == SHA_MSG_PART_FINAL)) {
+ sum_lo += (uint64_t)remnant;
+ if(sum_lo < remnant)
+ sum_hi += 1;
+ if(running_length_hi){
+ sum_hi = (sum_hi << 3) + (sum_lo >> (64 - 3));
+ sum_lo = sum_lo << 3;
+ memcpy(shabuff + vector_length,
+ (unsigned char *)&sum_hi, sizeof(sum_hi));
+ memcpy(shabuff + vector_length + sizeof(sum_hi),
+ (unsigned char *)&sum_lo, sizeof(sum_lo));
+ }
+ else {
+ sum_lo = sum_lo << 3;
+ memcpy(shabuff + vector_length,
+ (unsigned char *)&sum_lo, sizeof(sum_lo));
+ }
+ rc = s390_klmd(hw_function_code, shabuff,
+ input_data + complete_blocks_length, remnant);
+ if (rc > 0)
+ rc = 0;
+ }
+ if (rc == 0) {
+ memcpy((void *)output_data, shabuff, hash_length);
+ if (message_part != SHA_MSG_PART_FINAL &&
+ message_part != SHA_MSG_PART_ONLY) {
+ memcpy((void *)iv, shabuff, vector_length);
+ *running_length_lo = sum_lo;
+ if(running_length_hi)
+ *running_length_hi = sum_hi;
+ }
+ }
+ if (rc < 0)
+ return EIO;
+ return rc;
diff --git a/src/init.c b/src/init.c
new file mode 100644
index 0000000..f57a023
--- /dev/null
+++ b/src/init.c
@@ -0,0 +1,116 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Felix Beck <>
+ * Christian Maaser <>
+ * Ingo Tuchscherer <>
+ *
+ * Copyright IBM Corp. 2001, 2009, 2011
+ */
+#define _GNU_SOURCE
+#include <errno.h>
+#include <unistd.h>
+#include <pthread.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/rand.h>
+#include <syslog.h>
+#include "init.h"
+#include "icastats.h"
+#include "s390_prng.h"
+#include "s390_crypto.h"
+static pthread_key_t envq_key;
+static pthread_once_t envq_key_once = PTHREAD_ONCE_INIT;
+static void destroy_envq(void* envq)
+ free(envq);
+static void make_envq_key()
+ pthread_key_create(&envq_key, destroy_envq);
+static void sigill_handler(int sig)
+ jmp_buf* envq = pthread_getspecific(envq_key);
+ if (envq) {
+ longjmp(*envq, EXCEPTION_RV);
+ }
+int begin_sigill_section(struct sigaction *oldact, sigset_t *oldset)
+ struct sigaction newact;
+ sigset_t newset;
+ sigemptyset(&newset);
+ sigaddset(&newset, SIGILL);
+ sigprocmask(SIG_UNBLOCK, &newset, oldset);
+ newact.sa_handler = (void *)sigill_handler;
+ newact.sa_flags = 0;
+ sigaction(SIGILL, &newact, oldact);
+ jmp_buf* envq;
+ pthread_once(&envq_key_once, make_envq_key);
+ if ((envq = pthread_getspecific(envq_key)) == 0)
+ {
+ envq = malloc(sizeof(jmp_buf));
+ pthread_setspecific(envq_key, envq);
+ }
+ if (setjmp(*envq) != 0) {
+ end_sigill_section(oldact, oldset);
+ return -1;
+ }
+ return 0;
+void end_sigill_section(struct sigaction *oldact, sigset_t *oldset)
+ sigaction(SIGILL, oldact, 0);
+ sigprocmask(SIG_SETMASK, oldset, 0);
+void openssl_init(void)
+ static const int random_data_length = 64;
+ unsigned char random_data[random_data_length];
+ /* Counts PRNG statistic! */
+ s390_prng(random_data, random_data_length);
+ RAND_seed(random_data, random_data_length);
+/* Switches have to be done first. Otherwise we will not have hw support
+ * in initialization */
+void __attribute__ ((constructor)) icainit(void)
+ if(strcmp(program_invocation_name, "icastats")){
+ if(stats_mmap(-1) == -1){
+ syslog(LOG_INFO,
+ "Failed to access shared memory segment for libica statistics.");
+ }
+ s390_crypto_switches_init();
+ s390_prng_init();
+ s390_initialize_functionlist();
+ openssl_init();
+ }
+void __attribute__ ((destructor)) icaexit(void)
+ stats_munmap(SHM_CLOSE);
diff --git a/src/opencryptoki_api.c b/src/opencryptoki_api.c
new file mode 100644
index 0000000..7c5c1ac
--- /dev/null
+++ b/src/opencryptoki_api.c
@@ -0,0 +1,236 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Felix Beck <>
+ * Christian Maaser <>
+ *
+ * The content of this file has been moved from former icalinux.c to this file.
+ *
+ * Copyright IBM Corp. 2009
+ */
+#include <stdlib.h>
+#include "mech_types.h"
+#include "ica_api.h"
+#include "include/s390_crypto.h"
+ * item is assumed to point to the last item in the list, and will be updated
+ * by this macro.
+ */
+#define NEWMECH(mech, minkey, maxkey, flgs) \
+if (1) \
+{ \
+ item->next = malloc(sizeof(struct mech_list_item)); \
+ if (item->next == NULL) \
+ return; \
+ item = item->next; \
+ item->element.mech_type = mech; \
+ item->element.mech_info.ulMinKeySize = minkey; \
+ item->element.mech_info.ulMaxKeySize = maxkey; \
+ item->element.mech_info.flags = flgs; \
+ item->next = NULL; \
+} else (void)0
+ * Generates a list of supported mechanisms. This is the function that
+ * openCryptoki will be calling directly with a pointer to a
+ * placeholder mech_list_item struct.
+ *
+ * @param head Pointer to placeholder mech_list_item struct; this function
+ * fills in the list by tagging on newly malloc'd
+ * mech_list_item structs off of this struct.
+ */
+void generate_pkcs11_mech_list(struct mech_list_item *head)
+ struct mech_list_item *item = head;
+ ica_adapter_handle_t handle;
+ unsigned char kmc_mask[16], kimd_mask[16];
+ s390_kmc(S390_CRYPTO_QUERY, kmc_mask, NULL, NULL, 0);
+ s390_kimd(S390_CRYPTO_QUERY, kimd_mask, NULL, 0);
+ if (kimd_mask[0] & 0x40)
+ /* sha1_switch */
+ else
+ if (kimd_mask[0] & 0x20) {
+ /* sha256_switch */
+ } else {
+ }
+ if (kimd_mask[0] & 0x10) {
+ } else {
+ }
+ if (kmc_mask[8] & 0x10) {
+ /* prng_switch */
+ } else {
+ }
+ if (ica_open_adapter(&handle) == 0) { // 0 == success
+ NEWMECH(CKM_RSA_PKCS, 128, 2048,
+ NEWMECH(CKM_RSA_9796, 128, 2048,
+ NEWMECH(CKM_RSA_X_509, 128, 2048,
+ ica_close_adapter(handle);
+ }
+ if (kmc_mask[0] & 0x40) {
+ /* des_switch */
+ } else {
+ }
+ if (kmc_mask[0] & 0x10) {
+ /* tdes_switch */
+ } else {
+ }
+ if (kmc_mask[2] & 0x08) {
+ /* aes256_switch */
+ } else if (kmc_mask[2] & 0x10) {
+ /* aes192_switch */
+ } else if (kmc_mask[2] & 0x20) {
+ /* aes128_switch */
+ } else {
+ }
diff --git a/src/s390_common.c b/src/s390_common.c
new file mode 100644
index 0000000..c049c20
--- /dev/null
+++ b/src/s390_common.c
@@ -0,0 +1,75 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Holger Dengler <>
+ *
+ * Copyright IBM Corp. 2011, 2012
+ */
+#include <string.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include "ica_api.h"
+#include "icastats.h"
+#include "init.h"
+#include "s390_crypto.h"
+#include "s390_aes.h"
+#include "s390_des.h"
+#include "s390_common.h"
+void ctr_inc_block(unsigned char *iv, unsigned int block_size,
+ unsigned int ctr_width, unsigned char *ctrlist,
+ unsigned long ctrlist_length)
+ ctr128_t tmp_ctr = { 0ul, 0ul };
+ unsigned char *dest;
+ unsigned int ctr_byte_width;
+ ctr_byte_width = ctr_width / 8;
+ // init counter with iv
+ memcpy_r_allign((void *)&tmp_ctr, sizeof(tmp_ctr),
+ iv, block_size, block_size);
+ for (dest = ctrlist;
+ dest < (ctrlist + ctrlist_length);
+ dest += block_size) {
+ // copy nounce to ctrlist
+ memcpy(dest, iv, block_size - ctr_byte_width);
+ // add counter values to ctrlist
+ memcpy_r_allign(dest, block_size, (void *)&tmp_ctr,
+ sizeof(tmp_ctr), ctr_byte_width);
+ __inc(&tmp_ctr);
+ }
+ // update iv for chaining
+ memcpy_r_allign(iv, block_size, (void *)&tmp_ctr,
+ sizeof(tmp_ctr), ctr_byte_width);
+void ctr_inc_single(unsigned char *iv, unsigned int block_size,
+ unsigned int ctr_width)
+ ctr128_t tmp_ctr = { 0ul, 0ul };
+ unsigned int ctr_byte_width;
+ ctr_byte_width = ctr_width / 8;
+ // init counter with iv
+ memcpy_r_allign((void *)&tmp_ctr, sizeof(tmp_ctr), iv, block_size, block_size);
+ __inc(&tmp_ctr);
+ // update iv for chaining
+ memcpy_r_allign(iv, block_size, (void *)&tmp_ctr, sizeof(tmp_ctr), ctr_byte_width);
diff --git a/src/s390_crypto.c b/src/s390_crypto.c
new file mode 100644
index 0000000..2e7a0f5
--- /dev/null
+++ b/src/s390_crypto.c
@@ -0,0 +1,338 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Entry point for crypto graphic instructions on s390. If a instruction
+ * is not available, instruction will be simulated in software.
+ *
+ * Authors(s): Ralph Wuerthner <>
+ * Jan Glauber <>
+ * Felix Beck <>
+ * Christian Maaser <>
+ * Holger Dengler <>
+ * Ingo Tuchscherer <>
+ *
+ * Copyright IBM Copr. 2007, 2009, 2011, 2013
+ */
+#include <stdint.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include "s390_crypto.h"
+#include "init.h"
+s390_supported_function_t s390_kimd_functions[] = {
+ {SHA_1, S390_CRYPTO_SHA_1, &sha1_switch},
+ {SHA_224, S390_CRYPTO_SHA_256, &sha256_switch},
+ {SHA_256, S390_CRYPTO_SHA_256, &sha256_switch},
+ {SHA_384, S390_CRYPTO_SHA_512, &sha512_switch},
+ {SHA_512, S390_CRYPTO_SHA_512, &sha512_switch},
+ {GHASH, S390_CRYPTO_GHASH, &msa4_switch}
+s390_supported_function_t s390_kmc_functions[] = {
+ {DEA_ENCRYPT, S390_CRYPTO_DEA_ENCRYPT, &des_switch},
+ {DEA_DECRYPT, S390_CRYPTO_DEA_DECRYPT, &des_switch},
+ {TDEA_192_ENCRYPT, S390_CRYPTO_TDEA_192_ENCRYPT, &tdes_switch},
+ {TDEA_192_DECRYPT, S390_CRYPTO_TDEA_192_DECRYPT, &tdes_switch},
+ {AES_128_ENCRYPT, S390_CRYPTO_AES_128_ENCRYPT, &aes128_switch},
+ {AES_128_DECRYPT, S390_CRYPTO_AES_128_DECRYPT, &aes128_switch},
+ {AES_192_ENCRYPT, S390_CRYPTO_AES_192_ENCRYPT, &aes192_switch},
+ {AES_192_DECRYPT, S390_CRYPTO_AES_192_DECRYPT, &aes192_switch},
+ {AES_256_ENCRYPT, S390_CRYPTO_AES_256_ENCRYPT, &aes256_switch},
+ {AES_256_DECRYPT, S390_CRYPTO_AES_256_DECRYPT, &aes256_switch},
+ {AES_128_XTS_ENCRYPT, S390_CRYPTO_AES_128_XTS_ENCRYPT, &msa4_switch},
+ {AES_128_XTS_DECRYPT, S390_CRYPTO_AES_128_XTS_DECRYPT, &msa4_switch},
+ {AES_256_XTS_ENCRYPT, S390_CRYPTO_AES_256_XTS_ENCRYPT, &msa4_switch},
+ {AES_256_XTS_DECRYPT, S390_CRYPTO_AES_256_XTS_DECRYPT, &msa4_switch},
+ {PRNG, S390_CRYPTO_PRNG, &prng_switch}
+s390_supported_function_t s390_msa4_functions[] = {
+ {DEA_ENCRYPT, S390_CRYPTO_DEA_ENCRYPT, &msa4_switch},
+ {DEA_DECRYPT, S390_CRYPTO_DEA_DECRYPT, &msa4_switch},
+ {TDEA_192_ENCRYPT, S390_CRYPTO_TDEA_192_ENCRYPT, &msa4_switch},
+ {TDEA_192_DECRYPT, S390_CRYPTO_TDEA_192_DECRYPT, &msa4_switch},
+ {AES_128_ENCRYPT, S390_CRYPTO_AES_128_ENCRYPT, &msa4_switch},
+ {AES_128_DECRYPT, S390_CRYPTO_AES_128_DECRYPT, &msa4_switch},
+ {AES_192_ENCRYPT, S390_CRYPTO_AES_192_ENCRYPT, &msa4_switch},
+ {AES_192_DECRYPT, S390_CRYPTO_AES_192_DECRYPT, &msa4_switch},
+ {AES_256_ENCRYPT, S390_CRYPTO_AES_256_ENCRYPT, &msa4_switch},
+ {AES_256_DECRYPT, S390_CRYPTO_AES_256_DECRYPT, &msa4_switch},
+ {AES_128_XTS_ENCRYPT, S390_CRYPTO_AES_128_XTS_ENCRYPT, &msa4_switch},
+ {AES_128_XTS_DECRYPT, S390_CRYPTO_AES_128_XTS_DECRYPT, &msa4_switch},
+ {AES_256_XTS_ENCRYPT, S390_CRYPTO_AES_256_XTS_ENCRYPT, &msa4_switch},
+ {AES_256_XTS_DECRYPT, S390_CRYPTO_AES_256_XTS_DECRYPT, &msa4_switch}
+int read_cpuinfo(void)
+ int msa = 0;
+ FILE *handle = fopen("/proc/cpuinfo", "r");
+ if (handle) {
+ char buffer[80];
+ int i = 0;
+ while(fgets(buffer, sizeof(buffer), handle)) {
+ i++;
+ if(strstr(buffer,"features") && strstr(buffer,"msa")) {
+ msa = 1;
+ break;
+ }
+ }
+ fclose(handle);
+ }
+ return msa;
+int read_facility_bits(void)
+ int msa = 0;
+ unsigned long long facility_bits[2];
+ struct sigaction oldact;
+ sigset_t oldset;
+ int rc = -1;
+ rc = begin_sigill_section(&oldact, &oldset);
+ if (!rc) {
+ rc = __stfle(facility_bits, 2);
+ end_sigill_section(&oldact, &oldset);
+ }
+ if (rc == 2) {
+ // stfle should return 2
+ if(facility_bits[0] & (1ULL << (63 - 17)))
+ msa = 1;
+ if(facility_bits[1] & (1ULL << (127 - 77)))
+ msa = 4;
+ }
+ return msa;
+void set_switches(int msa)
+ unsigned char mask[16];
+ unsigned int n;
+ unsigned int on = 0;
+ struct sigaction oldact;
+ sigset_t oldset;
+ /* The function arrays contain integers. Thus to compute the amount of
+ * their elements the result of sizeof(*functions) has to be divided by
+ * sizeof(int).
+ * The msa4_switch will be set in the kimd function. Because this is
+ * the only switch for all MSA4 functions we just set it through the
+ * kimd query and do not need to over the whole array. Therfore there
+ * is also no distict setting of the switch needed in form
+ * msa4_switch = 1. */
+ memset(mask, 0, sizeof(mask));
+ if (msa) {
+ if (begin_sigill_section(&oldact, &oldset) == 0) {
+ s390_kmc(S390_CRYPTO_QUERY, mask, (void *) 0, (void *) 0, 0);
+ end_sigill_section(&oldact, &oldset);
+ }
+ }
+ for (n = 0; n < (sizeof(s390_kmc_functions) /
+ sizeof(s390_supported_function_t)); n++) {
+ if (S390_CRYPTO_TEST_MASK(mask, s390_kmc_functions[n].hw_fc))
+ on = 1;
+ else
+ on = 0;
+ *s390_kmc_functions[n].enabled = on;
+ }
+ if (msa) {
+ if (begin_sigill_section(&oldact, &oldset) == 0) {
+ s390_kimd(S390_CRYPTO_QUERY, mask, (void *) 0, 0);
+ end_sigill_section(&oldact, &oldset);
+ }
+ }
+ for (n = 0; n < (sizeof(s390_kimd_functions) /
+ sizeof(s390_supported_function_t)); n++) {
+ if (S390_CRYPTO_TEST_MASK(mask, s390_kimd_functions[n].hw_fc))
+ on = 1;
+ else
+ on = 0;
+ *s390_kimd_functions[n].enabled = on;
+ }
+void s390_crypto_switches_init(void)
+ /* First read cpu info to check if msa feature is available.
+ * If it is not available, execute stfle instructions to read the
+ * facility bits.
+ * If then crypto support is detected crypto functions will be queryed
+ * from the processor */
+ int msa;
+ msa = read_cpuinfo();
+ msa = read_facility_bits();
+ if (!msa)
+ msa = read_cpuinfo();
+ set_switches(msa);
+ * The first field represents the mechanism ID.
+ * The second field represents the function family type (category),
+ * The third filed represents the function code.
+ * This function code will be used later to check if HW support
+ * is available and modifies the SW/HW-support-flag.
+ * SHW - static hardware support (CPACF)
+ * DHW - dynamic hardware support (crypto adapter)
+ * SW - software support
+ * Bit field flags: [0|0|0|0|0|SHW|DHW|SW]
+ * The last filed represent the property flags
+ */
+libica_func_list_element_int icaList[] = {
+ {SHA1, KIMD, SHA_1 , ICA_FLAG_SW, 0},
+ {SHA224, KIMD, SHA_256 , ICA_FLAG_SW, 0},
+ {SHA256, KIMD, SHA_256 , ICA_FLAG_SW, 0},
+ {SHA384, KIMD, SHA_512 , ICA_FLAG_SW, 0},
+ {SHA512, KIMD, SHA_512 , ICA_FLAG_SW, 0},
+ {G_HASH, KIMD, GHASH , 0, 0},
+ {DES_CMAC, MSA4, DEA_ENCRYPT, 0, 0}, // CPACF only (MSA4)
+ {DES3_OFB, MSA4, TDEA_192_ENCRYPT, 0, 0},
+ {DES3_CFB, MSA4, TDEA_192_ENCRYPT, 0, 0},
+ {DES3_CTR, MSA4, TDEA_192_ENCRYPT, 0, 0},
+ {DES3_CMAC, MSA4, TDEA_192_ENCRYPT, 0, 0},
+ {AES_OFB, MSA4, AES_128_ENCRYPT, 0, 0},
+ {AES_CFB, MSA4, AES_128_ENCRYPT, 0, 0},
+ {AES_CTR, MSA4, AES_128_ENCRYPT, 0, 0},
+ {AES_CMAC, MSA4, AES_128_ENCRYPT, 0, 0},
+ {AES_CCM, MSA4, AES_128_ENCRYPT, 0, 0},
+ {AES_GCM, MSA4, AES_128_ENCRYPT, 0, 0},
+ {AES_XTS, MSA4, AES_128_XTS_ENCRYPT, 0, 0},
+ {RSA_ME, ADAPTER, 0, ICA_FLAG_DHW | ICA_FLAG_SW, 0x0F}, // DHW (CEX) + SW / 512,1024,2048, 4096 bit key length
+ {RSA_CRT, ADAPTER, 0, ICA_FLAG_DHW | ICA_FLAG_SW, 0x0F}, // DHW (CEX) + SW / 512,1024,2048, 4096 bit key length
+ {RSA_KEY_GEN_ME, ADAPTER, 0, ICA_FLAG_SW, 0}, // SW (openssl)
+ {RSA_KEY_GEN_CRT, ADAPTER, 0, ICA_FLAG_SW, 0}, // SW (openssl)
+/* available for the MSA4 instruction */
+/* available for the RSA instruction */
+ * initializes the libica function list
+ * Query s390_xxx_functions for each algorithm to check
+ * CPACF support and update the corresponding SHW-flags.
+ */
+int s390_initialize_functionlist() {
+ unsigned int list_len = (sizeof(icaList)/sizeof(libica_func_list_element_int)), x;
+ for (x=0; x<=list_len; x++) {
+ switch ((int)icaList[x].type) {
+ case KIMD:
+ icaList[x].flags = icaList[x].flags |
+ ((*s390_kimd_functions[icaList[x].id].enabled)? 4: 0);
+ break;
+ case KMC:
+ icaList[x].flags = icaList[x].flags |
+ ((*s390_kmc_functions[icaList[x].id].enabled)? 4: 0);
+ if (icaList[x].id == AES_128_ENCRYPT) { // check for the maximum size
+ if (*s390_kmc_functions[icaList[AES_256_ENCRYPT].id].enabled)
+ icaList[x].property = icaList[x].property | 4; // 256 bit
+ if (*s390_kmc_functions[icaList[AES_192_ENCRYPT].id].enabled)
+ icaList[x].property = icaList[x].property | 2; // 192 bit
+ if (*s390_kmc_functions[icaList[AES_128_ENCRYPT].id].enabled)
+ icaList[x].property = icaList[x].property | 1; // 128 bit
+ }
+ break;
+ case MSA4:
+ icaList[x].flags = icaList[x].flags |
+ ((*s390_msa4_functions[icaList[x].id].enabled)? 4: 0);
+ if (icaList[x].id == AES_128_ENCRYPT) { // check for the maximum size
+ if (*s390_msa4_functions[icaList[AES_256_ENCRYPT].id].enabled)
+ icaList[x].property = icaList[x].property | 4; // 256 bit
+ if (*s390_msa4_functions[icaList[AES_192_ENCRYPT].id].enabled)
+ icaList[x].property = icaList[x].property | 2; // 192 bit
+ if (*s390_msa4_functions[icaList[AES_128_ENCRYPT].id].enabled)
+ icaList[x].property = icaList[x].property | 1; // 128 bit
+ }
+ else if (icaList[x].id == AES_128_XTS_ENCRYPT) { // check for the maximum size
+ if (*s390_msa4_functions[icaList[AES_256_XTS_ENCRYPT].id].enabled)
+ icaList[x].property = icaList[x].property | 2; // 256 bit
+ if (*s390_msa4_functions[icaList[AES_128_XTS_ENCRYPT].id].enabled)
+ icaList[x].property = icaList[x].property | 1; // 128 bit
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ return 0;
+ * Function that returns a list of crypto mechanisms supported by libica.
+ * @param pmech_list
+ * Pointer to an array of libica_func_list_element
+ * If NULL, the API will return the number of elements to allocate
+ * in the @pmech_list_len parameter.
+ * If not NULL, libica will assume @pmech_list is an array that has
+ * @pmech_list_len elements.
+ * On success, @pmech_list will be filled out with the supported libica
+ * crypto mechanisms.
+ * @param pmech_list_len
+ * number of list entries
+ * On input, pointer to the number of elements allocated in the
+ * @pmech_list array.
+ * On output, @pmech_list_len will contain the number of items copied to
+ * the @pmech_list array, or the number of items libica would have returned
+ * in case the @pmech_list parameter is set to NULL.
+ *
+ * @return
+ * 0 on success
+ * EINVAL if at least one invalid parameter is given
+ *
+ * A typical usage scenario would be that an exploiter makes a first call to
+ * ica_get_functionlist() with @pmech_list set to NULL in order to determine
+ * the number of elements to allocate. This is followed by a second call to
+ * ica_get_functionlist() with a valid pointer @pmech_list to an array of
+ * libica_func_list_element structures with @pmech_list_len elements.
+ */
+int s390_get_functionlist(libica_func_list_element *pmech_list,
+ unsigned int *pmech_list_len) {
+ int x;
+ if (!pmech_list_len) {
+ return EINVAL;
+ }
+ if (!pmech_list) {
+ *pmech_list_len = sizeof(icaList)/sizeof(libica_func_list_element_int);
+ return 0;
+ }
+ else if (*pmech_list_len <
+ (sizeof(icaList)/sizeof(libica_func_list_element_int)) ) {
+ return EINVAL;
+ }
+ for (x=0; x<*pmech_list_len; x++) {
+ pmech_list[x].mech_mode_id = icaList[x].mech_mode_id;
+ pmech_list[x].flags = icaList[x].flags;
+ pmech_list[x].property = icaList[x].property;
+ }
+ return 0;
diff --git a/src/s390_prng.c b/src/s390_prng.c
new file mode 100644
index 0000000..4ea2b08
--- /dev/null
+++ b/src/s390_prng.c
@@ -0,0 +1,265 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Some parts of this file have been moved from former icalinux.c to this file.
+ *
+ * Authors: Felix Beck <>
+ * Christian Maaser <>
+ *
+ * Copyright IBM Corp. 2009, 2011
+ */
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <semaphore.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include "ica_api.h"
+#include "init.h"
+#include "s390_prng.h"
+#include "s390_crypto.h"
+#include "icastats.h"
+ * On 31 bit systems we have to use the instruction STCKE while on 64 bit
+ * systems we can use STCKF. STCKE uses a 16 byte buffer while STCKF uses
+ * an 8 byte buffer.
+ */
+#ifdef _LINUX_S390X_
+#define STCK_BUFFER 8
+#define STCK_BUFFER 16
+sem_t semaphore;
+union zprng_pb_t {
+ unsigned char ch[32];
+ uint64_t uint;
+ * Parameter block for the KMC(PRNG) instruction.
+ */
+union zprng_pb_t zPRNG_PB = {{0x0F, 0x2B, 0x8E, 0x63, 0x8C, 0x8E, 0xD2, 0x52,
+ 0x64, 0xB7, 0xA0, 0x7B, 0x75, 0x28, 0xB8, 0xF4,
+ 0x75, 0x5F, 0xD2, 0xA6, 0x8D, 0x97, 0x11, 0xFF,
+ 0x49, 0xD8, 0x23, 0xF3, 0x7E, 0x21, 0xEC, 0xA0}};
+unsigned int s390_prng_limit = 4096;
+unsigned long s390_byte_count;
+/* Static functions */
+static int s390_add_entropy(void);
+static int s390_prng_sw(unsigned char *output_data,
+ unsigned int output_length);
+static int s390_prng_hw(unsigned char *random_bytes, unsigned int num_bytes);
+static int s390_prng_seed(void *srv, unsigned int count);
+/* Constant */
+#define PRNG_BLK_SZ 8
+int s390_prng_init(void)
+ sem_init(&semaphore, 0, 1);
+ int rc = -1;
+ int handle;
+ unsigned char seed[16];
+ handle = open("/dev/hwrng", O_RDONLY);
+ if (!handle)
+ handle = open("/dev/urandom", O_RDONLY);
+ if (handle) {
+ rc = read(handle, seed, sizeof(seed));
+ if (rc != -1)
+ rc = s390_prng_seed(seed, sizeof(seed) /
+ sizeof(long long));
+ close(handle);
+ } else
+ rc = ENODEV;
+ // If the original seeding failed, we should try to stir in some
+ // entropy anyway (since we already put out a message).
+ s390_byte_count = 0;
+ if (rc < 0)
+ return EIO;
+ return rc;
+ * Adds some entropy to the system.
+ *
+ * This is called at the first request for random and again if more than ten
+ * seconds have passed since the last request for random bytes.
+ */
+static int s390_add_entropy(void)
+ unsigned char entropy[4 * STCK_BUFFER];
+ unsigned int K;
+ int rc = -1;
+ if (!prng_switch)
+ return ENOTSUP;
+ for (K = 0; K < 16; K++) {
+ if ((s390_stck(entropy + 0 * STCK_BUFFER)) ||
+ (s390_stck(entropy + 1 * STCK_BUFFER)) ||
+ (s390_stck(entropy + 2 * STCK_BUFFER)) ||
+ (s390_stck(entropy + 3 * STCK_BUFFER)) ||
+ (s390_kmc(0x43,, entropy, entropy,
+ sizeof(entropy)) < 0)) {
+ rc = -1;
+ goto out;
+ }
+ rc = 0;
+ memcpy(, entropy, sizeof(;
+ }
+ int handle;
+ unsigned char seed[32];
+ /* Add some additional entropy. If it fails, do not care here. */
+ handle = open("/dev/hwrng", O_RDONLY);
+ if (handle < 1)
+ handle = open("/dev/urandom", O_RDONLY);
+ if (handle > 0) {
+ rc = read(handle, seed, sizeof(seed));
+ if (rc != -1)
+ rc = s390_kmc(0x43,, seed, seed,
+ sizeof(seed));
+ close(handle);
+ if (rc >= 0)
+ memcpy(, seed, sizeof(seed));
+ }
+ if (rc >= 0)
+ rc = 0;
+ else
+ rc = EIO;
+ return rc;
+ * This is the function that does the heavy lifting.
+ *
+ * It is here that the PRNG is actually done.
+ */
+int s390_prng(unsigned char *output_data, unsigned int output_length)
+ int rc = 1;
+ int hardware = ALGO_HW;
+ if (prng_switch)
+ rc = s390_prng_hw(output_data, output_length);
+ if (rc) {
+ rc = s390_prng_sw(output_data, output_length);
+ hardware = ALGO_SW;
+ }
+ stats_increment(ICA_STATS_PRNG, hardware, ENCRYPT);
+ return rc;
+static int s390_prng_sw(unsigned char *output_data, unsigned int output_length)
+ ica_adapter_handle_t adapter_handle = open("/dev/urandom", O_RDONLY);
+ if (adapter_handle == -1)
+ return errno;
+ if (read(adapter_handle, output_data, output_length) == -1) {
+ close(adapter_handle);
+ return errno;
+ }
+ close(adapter_handle);
+ return 0;
+static int s390_prng_hw(unsigned char *random_bytes, unsigned int num_bytes)
+ unsigned int i, remainder;
+ unsigned char last_dw[STCK_BUFFER];
+ int rc = -1;
+ rc = 0;
+ sem_wait(&semaphore);
+ /* Add some additional entropy when the byte count is reached.*/
+ if (s390_byte_count > s390_prng_limit)
+ rc = s390_add_entropy();
+ if (!rc) {
+ /* The kmc(PRNG) instruction requires a multiple of PRNG_BLK_SZ, so we
+ * will save the remainder and then do a final chunk if we have
+ * non-zero remainder.
+ */
+ remainder = num_bytes % PRNG_BLK_SZ;
+ num_bytes -= remainder;
+ for (i = 0; !rc && i < (num_bytes / STCK_BUFFER); i++) {
+ rc = s390_stck(random_bytes + i * STCK_BUFFER);
+ }
+ if (!rc) {
+ rc = s390_kmc(S390_CRYPTO_PRNG,, random_bytes,
+ random_bytes, num_bytes);
+ if (rc > 0) {
+ s390_byte_count += rc;
+ rc = 0;
+ }
+ }
+ // If there was a remainder, we'll use an internal buffer to handle it.
+ if (!rc && remainder) {
+ rc = s390_stck(last_dw);
+ if (!rc) {
+ rc = s390_kmc(S390_CRYPTO_PRNG,, last_dw,
+ last_dw, STCK_BUFFER);
+ if (rc > 0) {
+ s390_byte_count += rc;
+ rc = 0;
+ }
+ }
+ memcpy(random_bytes + num_bytes, last_dw, remainder);
+ }
+ if (rc < 0)
+ return EIO;
+ else
+ rc = 0;
+ }
+ sem_post(&semaphore);
+ return rc;
+ * This is the function that seeds the random number generator.
+ * SRV is the source randomization value.
+ * count is the number of doublewords (8 bytes) in the SRV..
+ */
+static int s390_prng_seed(void *srv, unsigned int count)
+ int rc = -1;
+ unsigned int i;
+ if (!prng_switch)
+ return ENOTSUP;
+ // Add entropy using the source randomization value.
+ for (i = 0; i < count; i++) {
+ zPRNG_PB.uint ^= *((uint64_t *) srv + i * 8);
+ if ((rc = s390_add_entropy()))
+ break;
+ }
+ // Stir one last time.
+ rc = s390_add_entropy();
+ return rc;
diff --git a/src/s390_rsa.c b/src/s390_rsa.c
new file mode 100644
index 0000000..80c02f7
--- /dev/null
+++ b/src/s390_rsa.c
@@ -0,0 +1,893 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Felix Beck <>
+ * Christian Maaser <>
+ *
+ * Some parts of the content of this file have been moved from former
+ * icalinux.c to this file.
+ *
+ * Copyright IBM Corp. 2009, 2011
+ */
+#include <string.h>
+#include <errno.h>
+#include <stdint.h>
+#include <openssl/rsa.h>
+#include "s390_rsa.h"
+#include "s390_prng.h"
+static unsigned int mod_expo_sw(int arg_length, char *arg, int exp_length,
+ char *exp, int mod_length, char *mod,
+ int *res_length, char *res, BN_CTX *ctx);
+static unsigned int mod_mul_sw(int fc_1_length, char *fc1, int fc_2_length,
+ char *fc2, int mod_length, char *mod,
+ int *res_length, char *res, BN_CTX *ctx);
+static unsigned int mod_sw(int arg_length, char *arg, int mod_length,
+ char *mod, int *res_length, char *res, BN_CTX *ctx);
+static unsigned int add_sw(int aug_length, char *aug, int add_length,
+ char *add, int *res_length, char *res, BN_CTX *ctx);
+static unsigned int mod_sub_sw(int min_length, char *minu, int sub_length,
+ char *sub, int mod_length, char *mod,
+ int *res_length, char *res, BN_CTX * ctx);
+static unsigned int mul_sw(int fc_1_length, char *fc1, int fc_2_length,
+ char *fc2, int *res_length, char *res, BN_CTX *ctx);
+static unsigned int mod_expo_sw(int arg_length, char *arg, int exp_length,
+ char *exp, int mod_length, char *mod,
+ int *res_length, char *res, BN_CTX *ctx);
+RSA* rsa_key_generate(unsigned int modulus_bit_length,
+ unsigned long *public_exponent)
+ BN_GENCB cb;
+ if (*public_exponent == 0)
+ {
+ do {
+ s390_prng((unsigned char*)public_exponent,
+ sizeof(unsigned long));
+ } while (*public_exponent <= 2 || !(*public_exponent % 2));
+ }
+ BIGNUM *exp = BN_new();
+ RSA *rsa = RSA_new();
+ if (!exp || !rsa) {
+ if (exp)
+ BN_free(exp);
+ if (rsa)
+ RSA_free(rsa);
+ return 0;
+ }
+ BN_set_word(exp, *public_exponent);
+ BN_GENCB_set_old(&cb, NULL, NULL);
+ if (RSA_generate_key_ex(rsa, modulus_bit_length, exp, &cb)) {
+ BN_free(exp);
+ return rsa;
+ }
+ return 0;
+ * @brief Create a RSA modulus/expo key pair
+ *
+ * This function generates and returns a public/private key pair in
+ * modulus/exponent format. A completion code is returned to indicate
+ * success/failure.
+ * @param device_handle
+ * Previously opened device handle.
+ * @param modulus_bit_length
+ * Bit length of modulus to be generated.
+ * @param public_key
+ * Buffer for the public key. On output contains the public key.
+ * @param private_key
+ * Buffer of the private key. On output contains the private key.
+ *
+ * Returns 0 if successful.
+ */
+unsigned int rsa_key_generate_mod_expo(ica_adapter_handle_t deviceHandle,
+ unsigned int modulus_bit_length,
+ ica_rsa_key_mod_expo_t *public_key,
+ ica_rsa_key_mod_expo_t *private_key)
+ RSA *rsa = rsa_key_generate(modulus_bit_length,
+ (unsigned long*)(public_key->exponent +
+ public_key->key_length -
+ sizeof(unsigned long)));
+ if (!rsa)
+ return errno;
+ /* Set key buffers zero to make sure there is no
+ * unneeded junk in between.
+ */
+ memset(public_key->modulus, 0, public_key->key_length);
+ memset(private_key->modulus, 0, private_key->key_length);
+ memset(private_key->exponent, 0, private_key->key_length);
+ unsigned int bn_length = BN_num_bytes(rsa->n);
+ unsigned int offset = 0;
+ if (bn_length < public_key->key_length)
+ offset = public_key->key_length - bn_length;
+ else
+ offset = 0;
+ BN_bn2bin(rsa->n, public_key->modulus + offset);
+ memcpy(private_key->modulus, public_key->modulus,
+ public_key->key_length);
+ bn_length = BN_num_bytes(rsa->d);
+ if (bn_length < private_key->key_length)
+ offset = private_key->key_length - bn_length;
+ else
+ offset = 0;
+ BN_bn2bin(rsa->d, private_key->exponent + offset);
+ RSA_free(rsa);
+ return 0;
+ * This function generates and returns a public/private key pair in CRT format.
+ *
+ * @param device_handle
+ * Previously opened device handle.
+ * @param modulus_bit_length
+ * Bit length of modulus to be generated.
+ * @param public_key
+ * Buffer for the public key. On output contains the public key.
+ * @param private_key
+ * Buffer of the private key. On output contains the private key.
+ *
+ * Returns 0 if successful.
+ */
+unsigned int rsa_key_generate_crt(ica_adapter_handle_t deviceHandle,
+ unsigned int modulus_bit_length,
+ ica_rsa_key_mod_expo_t *public_key,
+ ica_rsa_key_crt_t *private_key)
+ RSA *rsa = rsa_key_generate(modulus_bit_length,
+ (unsigned long*)(public_key->exponent +
+ public_key->key_length -
+ sizeof(unsigned long)));
+ if (!rsa)
+ return errno;
+ /* Public exponent has already been set, no need to do this here.
+ * For public key, only modulus needs to be set.
+ */
+ memset(public_key->modulus, 0, public_key->key_length);
+ /* Make sure that key parts are copied to the end of the buffer */
+ unsigned int offset = 0;
+ unsigned int bn_length = BN_num_bytes(rsa->n);
+ if (bn_length < public_key->key_length)
+ offset = public_key->key_length - bn_length;
+ else
+ offset = 0;
+ BN_bn2bin(rsa->n, public_key->modulus + offset);
+ memset(private_key->p, 0, (private_key->key_length+1) / 2 + 8);
+ memset(private_key->q, 0, (private_key->key_length+1) / 2);
+ memset(private_key->dp, 0, (private_key->key_length+1) / 2 + 8);
+ memset(private_key->dq, 0, (private_key->key_length+1) / 2);
+ memset(private_key->qInverse, 0, (private_key->key_length+1) / 2 + 8);
+ unsigned int key_part_length = (private_key->key_length+1) / 2;
+ /* We add the "+8" because it is a requirement by the crypto adapters
+ * to have an 8 byte zero pad in the beginning of the fields for:
+ * p, dp, and qInverse.
+ */
+ /* Copy p into buffer */
+ bn_length = BN_num_bytes(rsa->p);
+ if(bn_length < key_part_length)
+ offset = key_part_length - bn_length;
+ else
+ offset = 0;
+ BN_bn2bin(rsa->p, private_key->p + 8 + offset);
+ /* Copy q into buffer */
+ bn_length = BN_num_bytes(rsa->q);
+ if(bn_length < key_part_length)
+ offset = key_part_length - bn_length;
+ else
+ offset = 0;
+ BN_bn2bin(rsa->q, private_key->q + offset);
+ /* Copy dp into buffer */
+ bn_length = BN_num_bytes(rsa->dmp1);
+ if(bn_length < key_part_length)
+ offset = key_part_length - bn_length;
+ else
+ offset = 0;
+ BN_bn2bin(rsa->dmp1, private_key->dp + 8 + offset);
+ /* Copy dq into buffer */
+ bn_length = BN_num_bytes(rsa->dmq1);
+ if(bn_length < key_part_length)
+ offset = key_part_length - bn_length;
+ else
+ offset = 0;
+ BN_bn2bin(rsa->dmq1, private_key->dq + offset);
+ /* Copy qInverse into buffer */
+ bn_length = BN_num_bytes(rsa->iqmp);
+ if(bn_length < key_part_length)
+ offset = key_part_length - bn_length;
+ else
+ offset = 0;
+ BN_bn2bin(rsa->iqmp, private_key->qInverse + 8 + offset);
+ RSA_free(rsa);
+ return 0;
+ * @deprecated Perform a modular muliplication operation in software.
+ */
+unsigned int rsa_mod_mult_sw(ica_rsa_modmult_t *pMul)
+ int rc = 0;
+ BN_CTX *ctx = NULL;
+ if ((ctx = BN_CTX_new()) == NULL) {
+ return errno;
+ }
+ rc = mod_mul_sw(pMul->inputdatalength, pMul->inputdata,
+ pMul->inputdatalength, pMul->b_key,
+ pMul->inputdatalength, pMul->n_modulus,
+ (int *)&(pMul->outputdatalength),
+ pMul->outputdata, ctx);
+ BN_CTX_free(ctx);
+ if (rc)
+ rc = EIO;
+ return rc;
+ * Perform a multiprecision modular multiplication using a multiplicand,
+ * multiplier and modulus.
+ */
+static unsigned int mod_mul_sw(int fc_1_length, char *fc1, int fc_2_length,
+ char *fc2, int mod_length, char *mod,
+ int *res_length, char *res, BN_CTX *ctx)
+ int rc = 0;
+ int ln = 0;
+ int pad = 0;
+ BIGNUM *b_fc1 = NULL;
+ BIGNUM *b_fc2 = NULL;
+ BIGNUM *b_mod = NULL;
+ BIGNUM *b_res = NULL;
+ BN_CTX_start(ctx);
+ b_fc1 = BN_CTX_get(ctx);
+ b_fc2 = BN_CTX_get(ctx);
+ b_mod = BN_CTX_get(ctx);
+ if ((b_res = BN_CTX_get(ctx)) == NULL) {
+ rc = ENOMEM;
+ goto cleanup;
+ }
+ b_fc1 = BN_bin2bn((const unsigned char *)fc1, fc_1_length, b_fc1);
+ b_fc2 = BN_bin2bn((const unsigned char *)fc2, fc_2_length, b_fc2);
+ b_mod = BN_bin2bn((const unsigned char *)mod, mod_length, b_mod);
+ if (!(BN_mod_mul(b_res, b_fc1, b_fc2, b_mod, ctx))) {
+ goto err;
+ }
+ if ((ln = BN_num_bytes(b_res)) > *res_length) {
+ rc = EIO;
+ goto cleanup;
+ }
+ if (ln)
+ pad = *res_length - ln;
+ ln = BN_bn2bin(b_res,(unsigned char *)(res + pad));
+ if (pad)
+ memset(res, 0, pad);
+ goto cleanup;
+ err:
+ rc = EIO;
+ cleanup:
+ BN_CTX_end(ctx);
+ return rc;
+ * Perform a mod expo operation using a key in modulus/exponent form, in
+ * software.
+ * @param pMex
+ * Address of an ica_rsa_modexpo_t, containing:
+ * input_length - The byte length of the input data
+ * input_data - Pointer to input data
+ * b_key - Pointer to the exponent
+ * n_modulus - Pointer to the modulus
+ * output_length - On input it contains the byte length of the output
+ * buffer. On output it contains the actual byte
+ * length of the output_data
+ * output_data - Pointer to the output buffer
+ *
+ * Returns 0 if successful.
+ */
+unsigned int rsa_mod_expo_sw(ica_rsa_modexpo_t *pMex)
+ int rc = 0;
+ BN_CTX *ctx = NULL;
+ if ((ctx = BN_CTX_new()) == NULL) {
+ return errno;
+ }
+ /* check if modulus value > data value */
+ if ((memcmp(pMex->n_modulus, pMex->inputdata,
+ pMex->inputdatalength)) <= 0)
+ return EINVAL;
+ rc = mod_expo_sw(pMex->inputdatalength, pMex->inputdata,
+ pMex->inputdatalength, pMex->b_key,
+ pMex->inputdatalength, pMex->n_modulus,
+ (int *)&(pMex->outputdatalength), pMex->outputdata, ctx);
+ BN_CTX_free(ctx);
+ if (rc == 1)
+ rc = EIO;
+ return rc;
+ * Perform a mod expo operation using a key in modulus/exponent form, in
+ * software.
+ * @param arg_length
+ * The byte length of the input data
+ * @param arg
+ * Pointer to input data
+ * @param exp_length
+ * The byte length of the exponent
+ * @param exp
+ * Pointer to the exponent
+ * @param mod_length
+ * The byte length of the modulus
+ * @param mod
+ * Pointer to the modulus
+ * @param res_length
+ * On input it points to the byte length of the output buffer. On output it
+ * points to the actual byte length of the output_data
+ * @param res
+ * Pointer to the output buffer
+ * @param ctx
+ * Pointer to a BN_CTX
+ *
+ * Returns 0 if successful BN error code if unsuccessful.
+ */
+static unsigned int mod_expo_sw(int arg_length, char *arg, int exp_length,
+ char *exp, int mod_length, char *mod,
+ int *res_length, char *res, BN_CTX *ctx)
+ int rc = 0;
+ int ln = 0;
+ int pad = 0;
+ BIGNUM *b_arg = NULL;
+ BIGNUM *b_exp = NULL;
+ BIGNUM *b_mod = NULL;
+ BIGNUM *b_res = NULL;
+ BN_CTX *mod_expo_ctx = NULL;
+ int mod_expo_rc = 1;
+ BN_CTX_start(ctx);
+ b_arg = BN_CTX_get(ctx);
+ b_exp = BN_CTX_get(ctx);
+ b_mod = BN_CTX_get(ctx);
+ if ((b_res = BN_CTX_get(ctx)) == NULL) {
+ rc = ENOMEM;
+ goto cleanup;
+ }
+ b_arg = BN_bin2bn((const unsigned char *)arg, arg_length, b_arg);
+ b_exp = BN_bin2bn((const unsigned char *)exp, exp_length, b_exp);
+ b_mod = BN_bin2bn((const unsigned char *)mod, mod_length, b_mod);
+ // Evidently BN_mod_exp gets a *lot* of temp BN's, so it
+ // needs a context all its own.
+ if ((mod_expo_ctx = BN_CTX_new()) == NULL) {
+ goto err;
+ }
+ mod_expo_rc = BN_mod_exp(b_res, b_arg, b_exp, b_mod, mod_expo_ctx);
+ BN_CTX_free(mod_expo_ctx);
+ if (!(mod_expo_rc)) {
+ goto err;
+ }
+ if ((ln = BN_num_bytes(b_res)) > *res_length) {
+ rc = 1;
+ goto cleanup;
+ }
+ if (ln)
+ pad = *res_length - ln;
+ ln = BN_bn2bin(b_res, (unsigned char *)(res + pad));
+ if (pad)
+ memset(res, 0, pad);
+ goto cleanup;
+ err:
+ rc = EIO;
+ cleanup:
+ BN_CTX_end(ctx);
+ return rc;
+ * Perform a RSA mod expo on input data using a key in CRT format, in software.
+ *
+ * @param pCrt
+ * Address of an ica_rsa_modexpo_crt_t, containing:
+ * input_length: The byte length of the input data.
+ * input_data: Pointer to input data b
+ * output_length: On input it contains the byte length of the output
+ * buffer. On output it contains the actual byte length
+ * of the output_data
+ * output_data: Pointer to the output buffer
+ * bp_key: Pointer to dp
+ * bq_key: Pointer to dq
+ * np_prime: Pointer to p
+ * nq_prime: Pointer to q
+ * u_mult_inv: Pointer to u
+ *
+ * Returns 0 if successful
+ */
+unsigned int rsa_crt_sw(ica_rsa_modexpo_crt_t * pCrt)
+ int rc = 0;
+ int long_length = 0;
+ int short_length = 0;
+ BN_CTX *ctx = NULL;
+ short_length = (pCrt->inputdatalength+1) / 2;
+ long_length = short_length + 8;
+ Use variable buffer length. Earlier version contained fixed 136byte
+ size for ir buffers. Thus the software fallback should be able to
+ handle keys of bigger size, too.
+ char ir1[long_length];
+ int ir_1_length = sizeof(ir1);
+ char ir2[long_length];
+ int ir_2_length = sizeof(ir2);
+ char temp[long_length];
+ int temp_length = sizeof(temp);
+ if ((ctx = BN_CTX_new()) == NULL) {
+ return errno;
+ }
+ memset(ir1, 0, sizeof(ir1));
+ if ((rc = mod_sw(pCrt->inputdatalength, pCrt->inputdata,
+ long_length, pCrt->np_prime, &ir_1_length, ir1, ctx)) != 0)
+ goto err;
+ memset(temp, 0, sizeof(temp));
+ if ((rc = mod_expo_sw(ir_1_length, ir1,
+ long_length, pCrt->bp_key,
+ long_length, pCrt->np_prime,
+ &temp_length, temp, ctx)) != 0)
+ goto err;
+ memset(ir1, 0, sizeof(ir1));
+ memcpy(ir1, temp, temp_length);
+ ir_1_length = temp_length;
+ memset(ir2, 0, sizeof(ir2));
+ if ((rc = mod_sw(pCrt->inputdatalength, pCrt->inputdata,
+ short_length, pCrt->nq_prime, &ir_2_length,
+ ir2, ctx)) != 0)
+ goto err;
+ temp_length = sizeof(temp);
+ memset(temp, 0, sizeof(temp));
+ if ((rc = mod_expo_sw(ir_2_length, ir2,
+ short_length, pCrt->bq_key,
+ short_length, pCrt->nq_prime,
+ &temp_length, temp, ctx)) != 0)
+ goto err;
+ memset(ir2, 0, sizeof(ir2));
+ memcpy(ir2, temp, temp_length);
+ ir_2_length = temp_length;
+ temp_length = sizeof(ir1);
+ if ((rc = mod_sub_sw(ir_1_length, ir1,
+ ir_2_length, ir2,
+ long_length, pCrt->np_prime,
+ &temp_length, ir1, ctx)) != 0) {
+ if (rc != -1) {
+ goto err;
+ } else {
+ if (ir_2_length > pCrt->outputdatalength) {
+ memcpy(pCrt->outputdata,
+ ir2 + (ir_2_length -
+ pCrt->outputdatalength),
+ pCrt->outputdatalength);
+ } else {
+ if (ir_2_length < pCrt->outputdatalength) {
+ memset(pCrt->outputdata, 0,
+ (pCrt->outputdatalength -
+ ir_2_length));
+ memcpy(pCrt->outputdata +
+ (pCrt->outputdatalength -
+ ir_2_length), ir2, ir_2_length);
+ } else {
+ memcpy(pCrt->outputdata, ir2,
+ ir_2_length);
+ }
+ }
+ rc = 0;
+ goto cleanup;
+ }
+ }
+ ir_1_length = temp_length;
+ temp_length = sizeof(temp);
+ memset(temp, 0, sizeof(temp));
+ if ((rc = mod_mul_sw(ir_1_length, ir1,
+ long_length, pCrt->u_mult_inv,
+ long_length, pCrt->np_prime,
+ &temp_length, temp, ctx)) != 0)
+ goto err;
+ if ((rc = mul_sw(temp_length, temp,
+ short_length, pCrt->nq_prime,
+ (int *)&(pCrt->outputdatalength), pCrt->outputdata, ctx)) != 0)
+ goto err;
+ if ((rc = add_sw(pCrt->outputdatalength, pCrt->outputdata,
+ ir_2_length, ir2,
+ (int *)&(pCrt->outputdatalength), pCrt->outputdata, ctx)) != 0)
+ goto err;
+ goto cleanup;
+ err:
+ rc = EIO;
+ cleanup:
+ BN_CTX_free(ctx);
+ return rc;
+ * Perform a 'residue modulo' operation using an argument and a modulus.
+ * @param arg_length The byte length of the input data
+ * @param arg Pointer to input data
+ * @param mod_length The byte length of the modulus
+ * @param mod Pointer to the modulus
+ * @param res_length
+ * On input it points to the byte length of the output buffer. On output it
+ * points to the actual byte length of the output_data.
+ * @param res Pointer to the output buffer
+ * @param ctx Pointer to a BN_CTX
+ *
+ * Returns 0 if successful, BN error code if unsuccessful
+ */
+static unsigned int mod_sw(int arg_length, char *arg, int mod_length,
+ char *mod, int *res_length, char *res, BN_CTX *ctx)
+ int rc = 0;
+ int ln = 0;
+ int pad = 0;
+ BIGNUM *b_arg = NULL;
+ BIGNUM *b_mod = NULL;
+ BIGNUM *b_res = NULL;
+ BN_CTX_start(ctx);
+ b_arg = BN_CTX_get(ctx);
+ b_mod = BN_CTX_get(ctx);
+ if ((b_res = BN_CTX_get(ctx)) == NULL) {
+ rc = -ENOMEM;
+ goto cleanup;
+ }
+ b_arg = BN_bin2bn((const unsigned char *)arg, arg_length, b_arg);
+ b_mod = BN_bin2bn((const unsigned char *)mod, mod_length, b_mod);
+ if (!(BN_mod(b_res, b_arg, b_mod, ctx))) {
+ goto err;
+ }
+ if ((ln = BN_num_bytes(b_res)) > *res_length) {
+ rc = 1;
+ goto cleanup;
+ }
+ if (ln)
+ pad = *res_length - ln;
+ ln = BN_bn2bin(b_res, (unsigned char *)(res + pad));
+ if (pad)
+ memset(res, 0, pad);
+ goto cleanup;
+ err:
+ rc = EIO;
+ cleanup:
+ BN_CTX_end(ctx);
+ return rc;
+ * Perform a multiprecision subtraction modulo a modulus using a minuend,
+ * subtrahend and modulus
+ *
+ * @param min_length The byte length of the minuend
+ * @param min Pointer to minuend
+ * @param sub_length The byte length of the subtrahend
+ * @param sub Pointer to the subtrahend
+ * @param mod_length The byte length of the modulus
+ * @param mod The modulus
+ * @param res_length
+ * On input it points to the byte length of the output buffer. On output it
+ * points to the actual byte length of the output_data
+ * @param res Pointer to the output buffer
+ * @param ctx Pointer to a BN_CTX
+ *
+ * Returns 0 if successful, BN error code if unsuccessful
+ * Process:
+ * 1) If the subtrahend exceeds the minuend, use add_sw to
+ * add the modulus to the minuend
+ * 2) Call BN_CTX_get for the minuend, subtrahend & result BN's
+ * 3) Convert the minuend and subtrahend BN's using BN_bin2bn
+ * 4) Call BN_sub
+ * 5) Convert the result from a BN to a string using BN_bn2bin
+ * 6) Call BN_free for the minuend, subtrahend and result BN's
+ */
+static unsigned int mod_sub_sw(int min_length, char *minu, int sub_length,
+ char *sub, int mod_length, char *mod,
+ int *res_length, char *res, BN_CTX * ctx)
+ int rc = 0;
+ int ln = 0;
+ int pad = 0;
+ int min_size, sub_size, dif_size;
+ BIGNUM *b_min = NULL;
+ BIGNUM *b_sub = NULL;
+ BIGNUM *b_mod = NULL;
+ BIGNUM *b_res = NULL;
+ BN_CTX_start(ctx);
+ b_min = BN_CTX_get(ctx);
+ b_sub = BN_CTX_get(ctx);
+ b_mod = BN_CTX_get(ctx);
+ if ((b_res = BN_CTX_get(ctx)) == NULL) {
+ rc = -ENOMEM;
+ goto cleanup;
+ }
+ b_min = BN_bin2bn((const unsigned char *)minu, min_length, b_min);
+ b_sub = BN_bin2bn((const unsigned char *)sub, sub_length, b_sub);
+ b_mod = BN_bin2bn((const unsigned char *)mod, mod_length, b_mod);
+ min_size = BN_num_bytes(b_min);
+ sub_size = BN_num_bytes(b_sub);
+ /* if sub == min, the result is zero, but it's an error */
+ if (sub_size == min_size) {
+ dif_size = memcmp(sub, minu, sub_length);
+ if (dif_size == 0) {
+ memset(res, 0, *res_length);
+ rc = -1;
+ goto cleanup;
+ }
+ }
+ /* if sub < min, the result is just min - sub */
+ if ((sub_size < min_size) || ((sub_size == min_size) && (dif_size < 0))) {
+ if (!(BN_sub(b_res, b_min, b_sub))) {
+ goto err;
+ }
+ } else { /* sub > min, so the result is (min + mod) - sub */
+ if (!(BN_add(b_res, b_min, b_mod))) {
+ goto err;
+ }
+ if (!(BN_sub(b_res, b_res, b_sub))) {
+ goto err;
+ }
+ }
+ if ((ln = BN_num_bytes(b_res)) > *res_length) {
+ rc = 1;
+ goto cleanup;
+ }
+ if (ln)
+ pad = *res_length - ln;
+ ln = BN_bn2bin(b_res, (unsigned char *)(res + pad));
+ if (pad)
+ memset(res, 0, pad);
+ goto cleanup;
+ err:
+ rc = EIO;
+ cleanup:
+ BN_CTX_end(ctx);
+ return rc;
+ * Perform a multiprecision addition using an augend and addend
+ * @param aug_length The byte length of the augend
+ * @param aug Pointer to augend
+ * @param add_length The byte length of the addend
+ * @param add Pointer to the addend
+ * @param res_length On input it points to the byte length of the output buffer.
+ * On output it points to the actual byte length of the
+ * output_data
+ * @param res Pointer to the output buffer
+ * @param ctx Pointer to a BN_CTX
+ *
+ * Returns 0 if successful, BN error code if unsuccessful
+ * Process:
+ * 1) Call BN_CTX_get for the augend, addend and result BN's
+ * 2) Convert the augend and addend BN's using BN_bin2bn
+ * 3) Call BN_add
+ * 4) Convert the result from a BN to a string using BN_bn2bin
+ * 5) Call BN_free for the augend, addend and result BN's
+static unsigned int add_sw(int aug_length, char *aug, int add_length,
+ char *add, int *res_length, char *res, BN_CTX *ctx)
+ int rc = 0;
+ int ln = 0;
+ int pad = 0;
+ BIGNUM *b_aug = NULL;
+ BIGNUM *b_add = NULL;
+ BIGNUM *b_res = NULL;
+ BN_CTX_start(ctx);
+ b_aug = BN_CTX_get(ctx);
+ b_add = BN_CTX_get(ctx);
+ if ((b_res = BN_CTX_get(ctx)) == NULL) {
+ rc = -ENOMEM;
+ goto cleanup;
+ }
+ b_aug = BN_bin2bn((const unsigned char *)aug, aug_length, b_aug);
+ b_add = BN_bin2bn((const unsigned char *)add, add_length, b_add);
+ if (!(BN_add(b_res, b_aug, b_add))) {
+ goto err;
+ }
+ if ((ln = BN_num_bytes(b_res)) > *res_length) {
+ rc = 1;
+ goto cleanup;
+ }
+ if (ln)
+ pad = *res_length - ln;
+ ln = BN_bn2bin(b_res, (unsigned char *)(res + pad));
+ if (pad)
+ memset(res, 0, pad);
+ goto cleanup;
+ err:
+ rc = EIO;
+ cleanup:
+ BN_CTX_end(ctx);
+ return rc;
+ * Perform a multiprecision multiply using a multiplicand and multiplier.
+ * @param fc_1_length The byte length of the multiplicand
+ * @param fc1 Pointer to multiplicand
+ * @param fc_2_length The byte length of the multiplier
+ * @param fc2 Pointer to the multiplier
+ * @param res_length
+ * On input it points to the byte length of the output buffer. On output it
+ * points to the actual byte length of the output_data.
+ * @param res Pointer to the output buffer
+ * @param ctx Pointer to a BN_CTX
+ *
+ * Returns 0 if successful, BN error code if unsuccessful
+ */
+static unsigned int mul_sw(int fc_1_length, char *fc1, int fc_2_length,
+ char *fc2, int *res_length, char *res, BN_CTX *ctx)
+ int rc = 0;
+ int ln = 0;
+ int pad = 0;
+ BIGNUM *b_fc1 = NULL;
+ BIGNUM *b_fc2 = NULL;
+ BIGNUM *b_res = NULL;
+ BN_CTX_start(ctx);
+ b_fc1 = BN_CTX_get(ctx);
+ b_fc2 = BN_CTX_get(ctx);
+ if ((b_res = BN_CTX_get(ctx)) == NULL) {
+ rc = -ENOMEM;
+ goto cleanup;
+ }
+ b_fc1 = BN_bin2bn((const unsigned char *)fc1, fc_1_length, b_fc1);
+ b_fc2 = BN_bin2bn((const unsigned char *)fc2, fc_2_length, b_fc2);
+ if (!(BN_mul(b_res, b_fc1, b_fc2, ctx))) {
+ goto err;
+ }
+ if ((ln = BN_num_bytes(b_res)) > *res_length) {
+ rc = 1;
+ goto cleanup;
+ }
+ if (ln)
+ pad = *res_length - ln;
+ ln = BN_bn2bin(b_res, (unsigned char *)(res + pad));
+ if (pad)
+ memset(res, 0, pad);
+ goto cleanup;
+ err:
+ rc = EIO;
+ cleanup:
+ BN_CTX_end(ctx);
+ return rc;
diff --git a/src/s390_sha.c b/src/s390_sha.c
new file mode 100644
index 0000000..429fb91
--- /dev/null
+++ b/src/s390_sha.c
@@ -0,0 +1,289 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * Authors: Felix Beck <>
+ * Holger Dengler <>
+ * Christian Maaser <>
+ *
+ * Copyright IBM Corp. 2009, 2011
+ */
+#include <string.h>
+#include <errno.h>
+#include <openssl/sha.h>
+#include "s390_crypto.h"
+#include "s390_sha.h"
+#include "init.h"
+#include "icastats.h"
+static int s390_sha1_sw(unsigned char *iv, unsigned char *input_data,
+ unsigned int input_length, unsigned char *output_data,
+ unsigned int message_part, uint64_t *running_length)
+ SHA_CTX ctx;
+ unsigned int vector_length = 20;
+ if (message_part == SHA_MSG_PART_ONLY ||
+ message_part == SHA_MSG_PART_FIRST) {
+ SHA1_Init(&ctx);
+ } else {
+ memcpy((unsigned char *) &ctx.Nl,
+ (unsigned char *) running_length,
+ sizeof(*running_length));
+ memcpy((unsigned char *) &ctx.h0, iv, vector_length);
+ ctx.num = 0;
+ }
+ SHA1_Update(&ctx, input_data, input_length);
+ if (message_part == SHA_MSG_PART_ONLY ||
+ message_part == SHA_MSG_PART_FINAL) {
+ SHA1_Final(output_data, &ctx);
+ } else {
+ memcpy((unsigned char *) running_length,
+ (unsigned char *) &ctx.Nl,
+ sizeof(*running_length));
+ memcpy(output_data, (unsigned char *) &ctx.h0,
+ memcpy(iv, (unsigned char *) &ctx.h0, vector_length);
+ }
+ return 0;
+static int s390_sha224_sw(unsigned char *iv, unsigned char *input_data,
+ unsigned int input_length,
+ unsigned char *output_data,
+ unsigned int message_part, uint64_t *running_length)
+ SHA256_CTX ctx;
+ unsigned int vector_length = 32;
+ if (message_part == SHA_MSG_PART_ONLY ||
+ message_part == SHA_MSG_PART_FIRST) {
+ SHA224_Init(&ctx);
+ } else {
+ ctx.Nl = *running_length;
+ memcpy((unsigned char *) &ctx.h[0], iv, vector_length);
+ ctx.md_len = SHA224_DIGEST_LENGTH;
+ ctx.num = 0;
+ }
+ SHA224_Update(&ctx, input_data, input_length);
+ if (message_part == SHA_MSG_PART_ONLY ||
+ message_part == SHA_MSG_PART_FINAL) {
+ SHA224_Final(output_data, &ctx);
+ } else {
+ *running_length = ctx.Nl;
+ memcpy(output_data, (unsigned char *) &ctx.h[0],
+ memcpy(iv, (unsigned char *) &ctx.h[0], vector_length);
+ }
+ return 0;
+static int s390_sha256_sw(unsigned char *iv, unsigned char *input_data,
+ unsigned int input_length,
+ unsigned char *output_data,
+ unsigned int message_part, uint64_t *running_length)
+ SHA256_CTX ctx;
+ unsigned int vector_length = 32;
+ if (message_part == SHA_MSG_PART_ONLY ||
+ message_part == SHA_MSG_PART_FIRST) {
+ SHA256_Init(&ctx);
+ } else {
+ ctx.Nl = *running_length;
+ memcpy((unsigned char *) &ctx.h[0], iv, vector_length);
+ ctx.md_len = SHA256_DIGEST_LENGTH;
+ ctx.num = 0;
+ }
+ SHA256_Update(&ctx, input_data, input_length);
+ if (message_part == SHA_MSG_PART_ONLY ||
+ message_part == SHA_MSG_PART_FINAL) {
+ SHA256_Final(output_data, &ctx);
+ } else {
+ *running_length = ctx.Nl;
+ memcpy(output_data, (unsigned char *) &ctx.h[0],
+ memcpy(iv, (unsigned char *) &ctx.h[0], vector_length);
+ }
+ return 0;
+static int s390_sha384_sw(unsigned char *iv, unsigned char *input_data,
+ uint64_t input_length,
+ unsigned char *output_data,
+ unsigned int message_part,
+ uint64_t *running_length_lo,
+ uint64_t *running_length_hi)
+ SHA512_CTX ctx;
+ unsigned int vector_length = 64;
+ if (message_part == SHA_MSG_PART_ONLY ||
+ message_part == SHA_MSG_PART_FIRST) {
+ SHA384_Init(&ctx);
+ } else {
+ ctx.Nl = *running_length_lo;
+ ctx.Nh = *running_length_hi;
+ ctx.num = 0;
+ ctx.md_len = SHA384_DIGEST_LENGTH;
+ memcpy((unsigned char *) &ctx.h[0], iv, vector_length);
+ }
+ SHA384_Update(&ctx, input_data, input_length);
+ if (message_part == SHA_MSG_PART_ONLY ||
+ message_part == SHA_MSG_PART_FINAL)
+ SHA384_Final(output_data, &ctx);
+ else {
+ *running_length_lo = ctx.Nl;
+ *running_length_hi = ctx.Nh;
+ memcpy(output_data, (unsigned char *) &ctx.h[0],
+ memcpy(iv, (unsigned char *) &ctx.h[0], vector_length);
+ }
+ return 0;
+int s390_sha512_sw(unsigned char *iv, unsigned char *input_data,
+ uint64_t input_length, unsigned char *output_data,
+ unsigned int message_part, uint64_t *running_length_lo,
+ uint64_t *running_length_hi)
+ SHA512_CTX ctx;
+ unsigned int vector_length = 64;
+ if (message_part == SHA_MSG_PART_ONLY || message_part == SHA_MSG_PART_FIRST) {
+ SHA512_Init(&ctx);
+ } else {
+ ctx.md_len = SHA512_DIGEST_LENGTH;
+ ctx.Nl = *running_length_lo;
+ ctx.Nh = *running_length_hi;
+ ctx.num = 0;
+ memcpy((unsigned char *) &ctx.h[0], iv, vector_length);
+ }
+ SHA512_Update(&ctx, input_data, input_length);
+ if (message_part == SHA_MSG_PART_ONLY ||
+ message_part == SHA_MSG_PART_FINAL)
+ SHA512_Final(output_data, &ctx);
+ else {
+ *running_length_lo = ctx.Nl;
+ *running_length_hi = ctx.Nh;
+ memcpy(output_data, (unsigned char *) &ctx.h[0],
+ memcpy(iv, (unsigned char *) &ctx.h[0], vector_length);
+ }
+ return 0;
+int s390_sha1(unsigned char *iv, unsigned char *input_data,
+ unsigned int input_length, unsigned char *output_data,
+ unsigned int message_part, uint64_t *running_length)
+ int rc = 1;
+ if (sha1_switch)
+ rc = s390_sha_hw(iv, input_data, input_length, output_data,
+ message_part, running_length, NULL, SHA_1);
+ if (rc) {
+ rc = s390_sha1_sw(iv, input_data, input_length, output_data,
+ message_part, running_length);
+ stats_increment(ICA_STATS_SHA1, ALGO_SW, ENCRYPT);
+ } else
+ stats_increment(ICA_STATS_SHA1, ALGO_HW, ENCRYPT);
+ return rc;
+int s390_sha224(unsigned char *iv, unsigned char *input_data,
+ unsigned int input_length, unsigned char *output_data,
+ unsigned int message_part, uint64_t *running_length)
+ int rc = 1;
+ if (sha256_switch)
+ rc = s390_sha_hw(iv, input_data, input_length, output_data,
+ message_part, running_length, NULL, SHA_224);
+ if (rc) {
+ rc = s390_sha224_sw(iv, input_data, input_length, output_data,
+ message_part, running_length);
+ stats_increment(ICA_STATS_SHA224, ALGO_SW, ENCRYPT);
+ } else
+ stats_increment(ICA_STATS_SHA224, ALGO_HW, ENCRYPT);
+ return rc;
+int s390_sha256(unsigned char *iv, unsigned char *input_data,
+ unsigned int input_length, unsigned char *output_data,
+ unsigned int message_part, uint64_t *running_length)
+ int rc = 1;
+ if (sha256_switch)
+ rc = s390_sha_hw(iv, input_data, input_length, output_data,
+ message_part, running_length, NULL, SHA_256);
+ if (rc) {
+ rc = s390_sha256_sw(iv, input_data, input_length, output_data,
+ message_part, running_length);
+ stats_increment(ICA_STATS_SHA256, ALGO_SW, ENCRYPT);
+ } else
+ stats_increment(ICA_STATS_SHA256, ALGO_HW, ENCRYPT);
+ return rc;
+int s390_sha384(unsigned char *iv, unsigned char *input_data,
+ uint64_t input_length, unsigned char *output_data,
+ unsigned int message_part, uint64_t *running_length_lo,
+ uint64_t *running_length_hi)
+ int rc = 1;
+ if (sha512_switch)
+ rc = s390_sha_hw(iv, input_data, input_length, output_data,
+ message_part, running_length_lo,
+ running_length_hi, SHA_384);
+ if (rc) {
+ rc = s390_sha384_sw(iv, input_data, input_length, output_data,
+ message_part, running_length_lo,
+ running_length_hi);
+ stats_increment(ICA_STATS_SHA384, ALGO_SW, ENCRYPT);
+ } else
+ stats_increment(ICA_STATS_SHA384, ALGO_HW, ENCRYPT);
+ return rc;
+int s390_sha512(unsigned char *iv, unsigned char *input_data,
+ uint64_t input_length, unsigned char *output_data,
+ unsigned int message_part, uint64_t *running_length_lo,
+ uint64_t *running_length_hi)
+ int rc = 1;
+ if (sha512_switch)
+ rc = s390_sha_hw(iv, input_data, input_length, output_data,
+ message_part, running_length_lo,
+ running_length_hi, SHA_512);
+ if (rc) {
+ rc = s390_sha512_sw(iv, input_data, input_length, output_data,
+ message_part, running_length_lo,
+ running_length_hi);
+ stats_increment(ICA_STATS_SHA512, ALGO_SW, ENCRYPT);
+ } else
+ stats_increment(ICA_STATS_SHA512, ALGO_HW, ENCRYPT);
+ return rc;
diff --git a/src/tests/ b/src/tests/
new file mode 100644
index 0000000..f941c49
--- /dev/null
+++ b/src/tests/
@@ -0,0 +1,39 @@
+#OPTS = -O0 -g -Wall -fprofile-arcs -ftest-coverage -fPIC
+#OPTS = -O0 -g -Wall -m31 -D_LINUX_S390_
+OPTS = -O0 -g -Wall -D_LINUX_S390_
+LIBS = -L../.libs
+INCLUDE = -I. -I../include -I../../include
+CC = gcc
+TARGETS = icastats_test \
+ libica_des_test libica_3des_test \
+ libica_aes128_test libica_aes192_test libica_aes256_test \
+ libica_sha1_test \
+ libica_sha256_test \
+ libica_rsa_test libica_rsa_key_check_test \
+ libica_rng_test libica_keygen_test \
+ test_mech_list \
+ libica_cmac_test \
+ libica_aes_xts_test libica_aes_gcm_test libica_ccm_test \
+ libica_aes_ctr_test libica_aes_ofb_test libica_aes_cfb_test \
+ libica_aes_cbc_test libica_aes_ecb_test \
+ libica_des_ctr_test libica_3des_ctr_test \
+ libica_des_cfb_test libica_3des_cfb_test \
+ libica_des_cbc_test libica_3des_cbc_test \
+ libica_des_ecb_test libica_cbccs_test libica_3des_ecb_test \
+ libica_des_ofb_test libica_3des_ofb_test \
+ libica_get_version \
+ libica_get_functionlist
+all: $(TARGETS)
+# Every target is created from a single .c file.
+%: %.c
+ gcc $(OPTS) -o $@ $^ $(LIBS) $(INCLUDE) -lica -lcrypto
+ rm -f $(TARGETS)
+ rm -f Makefile
+ rm -f $(TARGETS)
diff --git a/src/tests/icastats_test.c b/src/tests/icastats_test.c
new file mode 100644
index 0000000..a2110c4
--- /dev/null
+++ b/src/tests/icastats_test.c
@@ -0,0 +1,822 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ **/
+/* Copyright IBM Corp. 2014 */
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <dirent.h>
+#include <string.h>
+#include "ica_api.h"
+#define DATA_LENGHT 32
+#define AES_CIPHER_BLOCK 16
+#define RSA_BYTE_LENGHT 128
+unsigned char plain_data[] = {
+ 0x55, 0x73, 0x69, 0x6e, 0x67, 0x20, 0x6c, 0x69,
+ 0x62, 0x69, 0x63, 0x61, 0x20, 0x69, 0x73, 0x20,
+ 0x73, 0x6d, 0x61, 0x72, 0x74, 0x20, 0x61, 0x6e,
+ 0x64, 0x20, 0x65, 0x61, 0x73, 0x79, 0x21, 0x00,
+int hw_flag;
+unsigned int mech_len;
+libica_func_list_element *pmech_list = NULL;
+static int handle_ica_error(int rc, char *message);
+static int is_crypto_card_loaded();
+void create_hw_info();
+int check_hw(int algo_id);
+unsigned int silent = 0;
+void check_icastats(int algo_id, char *stat);
+void des_tests(unsigned char *iv, unsigned char *cmac, unsigned char *ctr);
+void tdes_tests(unsigned char *iv, unsigned char *cmac, unsigned char *ctr);
+void sha_tests();
+void rsa_tests(ica_adapter_handle_t handle);
+void aes_tests(unsigned char *iv, unsigned char *cmac, unsigned char *ctr);
+int main (int argc, char **argv)
+ int rc = 0;
+ ica_adapter_handle_t adapter_handle;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ unsigned char *cmac;
+ unsigned char *ctr;
+ unsigned char *iv;
+ if((cmac = malloc(AES_CIPHER_BLOCK*sizeof(char))) == NULL){
+ perror("Error in malloc: ");
+ }
+ if((ctr = malloc(AES_CIPHER_BLOCK*sizeof(char))) == NULL){
+ perror("Error in malloc: ");
+ }
+ if((iv = malloc(AES_CIPHER_BLOCK*sizeof(char))) == NULL){
+ perror("Error in malloc: ");
+ }
+ /*
+ * Open crypto adapter
+ **/
+ rc = ica_open_adapter(&adapter_handle);
+ if (rc != 0) {
+ printf("ica_open_adapter failed and returned %d (0x%x).\n", rc, rc);
+ }
+ create_hw_info();
+ /*
+ * Reset Counters
+ **/
+ system("icastats -r");
+ rc = ica_random_number_generate(AES_CIPHER_BLOCK, ctr);
+ if (rc)
+ exit(handle_ica_error(rc, "ica_random_number_generate"));
+ /*
+ * Check if counter for Random operations has incremneted
+ **/
+ check_icastats(P_RNG, "P_RNG");
+ rc = ica_random_number_generate(AES_CIPHER_BLOCK, iv);
+ if (rc)
+ exit(handle_ica_error(rc, "ica_random_number_generate"));
+ /*
+ * Check counters for all crypto operations
+ **/
+ des_tests(iv, cmac, ctr);
+ tdes_tests(iv, cmac, ctr);
+ sha_tests();
+ rsa_tests(adapter_handle);
+ aes_tests(iv, cmac, ctr);
+ free(cmac);
+ free(ctr);
+ free(iv);
+ printf("All icastats testcases finished successfully\n");
+ return 0;
+int is_crypto_card_loaded()
+ DIR* sysDir;
+ FILE *file;
+ char dev[PATH_MAX] = "/sys/devices/ap/";
+ struct dirent *direntp;
+ char *type = NULL;
+ size_t size;
+ char c;
+ if ((sysDir = opendir(dev)) == NULL )
+ return 0;
+ while((direntp = readdir(sysDir)) != NULL){
+ if(strstr(direntp->d_name, "card") != 0){
+ snprintf(dev, PATH_MAX, "/sys/devices/ap/%s/type",
+ direntp->d_name);
+ if ((file = fopen(dev, "r")) == NULL){
+ closedir(sysDir);
+ return 0;
+ }
+ if (getline(&type, &size, file) == -1){
+ fclose(file);
+ closedir(sysDir);
+ return 0;
+ }
+ /* ignore \n
+ * looking for CEX??A and CEX??C
+ * Skip type CEX??P cards
+ **/
+ if (type[strlen(type)-2] == 'P'){
+ free(type);
+ type = NULL;
+ fclose(file);
+ continue;
+ }
+ free(type);
+ type = NULL;
+ fclose(file);
+ snprintf(dev, PATH_MAX, "/sys/devices/ap/%s/online",
+ direntp->d_name);
+ if ((file = fopen(dev, "r")) == NULL){
+ closedir(sysDir);
+ return 0;
+ }
+ if((c = fgetc(file)) == '1'){
+ fclose(file);
+ return 1;
+ }
+ fclose(file);
+ }
+ }
+ closedir(sysDir);
+ return 0;
+ * Create Hardware Info database
+ **/
+void create_hw_info()
+ if (ica_get_functionlist(NULL, &mech_len) != 0){
+ perror("get_functionlist: ");
+ }
+ pmech_list = malloc(sizeof(libica_func_list_element)*mech_len);
+ if (ica_get_functionlist(pmech_list, &mech_len) != 0){
+ perror("get_functionlist: ");
+ free(pmech_list);
+ }
+ hw_flag = is_crypto_card_loaded();
+ * check if a cryptp operation is supported in hardware
+ **/
+int check_hw(int algo_id)
+ int i = 0;
+ while(pmech_list[i].mech_mode_id != algo_id)
+ i++;
+ if(hw_flag){
+ if(pmech_list[i].flags & (ICA_FLAG_SHW | ICA_FLAG_DHW))
+ return 1;
+ else
+ return 0;
+ } else{
+ if(pmech_list[i].flags & ICA_FLAG_SHW)
+ return 1;
+ else
+ return 0;
+ }
+ * Check if icastats has counted correctly
+ **/
+void check_icastats(int algo_id, char *stat)
+ char awk[255];
+ FILE *fp;
+ int i, hw, enc, dec;
+ hw = check_hw(algo_id);
+ sprintf(awk, "icastats | awk '{ if($0~\"%s\") if(NR>13) print $%d,$%d;\
+ else print $%d,-1\
+ }'",
+ stat, hw?4:7, hw?5:8, hw?3:5);
+ fp = popen(awk,"r");
+ if(fp == NULL){
+ perror("error in peopen");
+ }
+ fscanf(fp, "%d %d", &enc, &dec);
+ if(dec == -1){
+ if(enc == 0){
+ printf("Test %s FAILED: Could not count crypto operations!\n",
+ stat);
+ } else if(enc > 0){
+ if (!silent)
+ printf("Test %s SUCCESS.\n", stat);
+ } else{
+ fprintf(stderr, "icastats parsing by %s FAILED!\n", stat);
+ }
+ } else{
+ if(enc > 0 && dec > 0){
+ if (!silent)
+ printf("Test %s SUCCESS.\n", stat);
+ } else if(enc == 0 && dec == 0){
+ printf("Test %s FAILED: Could not count crypto operation!\n",
+ stat);
+ } else if(enc == 0){
+ printf("Test %s FAILED: Could not count encryption operations\n",
+ stat);
+ } else if(dec == 0){
+ printf("Test %s FAILED: Could not count decryption operations\n",
+ stat);
+ } else{
+ fprintf(stderr, "icastats parsing of %s FAILED!\n", stat);
+ }
+ }
+ if((i = pclose(fp)) != 0){
+ fprintf(stderr, "awk script failed with %d", i);
+ }
+static int handle_ica_error(int rc, char *message)
+ printf("Error in %s: ", message);
+ switch (rc) {
+ case 0:
+ printf("OK\n");
+ break;
+ case EINVAL:
+ printf("Incorrect parameter.\n");
+ break;
+ case EPERM:
+ printf("Operation not permitted by Hardware.\n");
+ break;
+ case EIO:
+ printf("I/O error.\n");
+ break;
+ default:
+ perror("");
+ }
+ return rc;
+void des_tests(unsigned char *iv, unsigned char *cmac, unsigned char *ctr)
+ int rc = 0;
+ int mode;
+ unsigned char *out_buffer;
+ unsigned char *inp_buffer = plain_data;
+ unsigned char des_key[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ };
+ if((out_buffer = malloc(DATA_LENGHT*sizeof(char))) == NULL){
+ perror("Error in malloc: ");
+ }
+ system("icastats -r");
+ for(mode = 1; mode >= 0; mode--){
+ rc = ica_des_ecb(inp_buffer, out_buffer, DATA_LENGHT,
+ des_key, mode);
+ if (rc)
+ exit(handle_ica_error(rc, "ica_des_ecb"));
+ if(mode == ICA_ENCRYPT)
+ inp_buffer = out_buffer;
+ else if(mode == ICA_DECRYPT)
+ inp_buffer = plain_data;
+ }
+ check_icastats(DES_ECB, "DES ECB");
+ system("icastats -r");
+ for(mode = 1; mode >= 0; mode--){
+ rc = ica_des_cbc(inp_buffer, out_buffer, DATA_LENGHT,
+ des_key, iv, mode);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_des_ecb"));
+ if(mode == ICA_ENCRYPT)
+ inp_buffer = out_buffer;
+ else if(mode == ICA_DECRYPT)
+ inp_buffer = plain_data;
+ }
+ check_icastats(DES_CBC, "DES CBC");
+ system("icastats -r");
+ for(mode = 1; mode >= 0; mode--){
+ rc = ica_des_cfb(inp_buffer, out_buffer, DATA_LENGHT,
+ des_key, iv, DES_CIPHER_BLOCK, mode);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_des_cfb"));
+ if(mode == ICA_ENCRYPT)
+ inp_buffer = out_buffer;
+ else if(mode == ICA_DECRYPT)
+ inp_buffer = plain_data;
+ }
+ check_icastats(DES_CFB, "DES CFB");
+ system("icastats -r");
+ for(mode = 1; mode >= 0; mode--){
+ rc = ica_des_cmac(inp_buffer, DATA_LENGHT, cmac, DES_CIPHER_BLOCK,
+ des_key, mode);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_des_cmac"));
+ }
+ check_icastats(DES_CMAC, "DES CMAC");
+ system("icastats -r");
+ for(mode = 1; mode >= 0; mode--){
+ rc = ica_des_ctr(inp_buffer, out_buffer, DATA_LENGHT, des_key,
+ ctr, DES_CIPHER_BLOCK, mode);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_des_ctr"));
+ if(mode == ICA_ENCRYPT)
+ inp_buffer = out_buffer;
+ else if(mode == ICA_DECRYPT)
+ inp_buffer = plain_data;
+ }
+ check_icastats(DES_CTR, "DES CTR");
+ system("icastats -r");
+ for(mode = 1; mode >= 0; mode--){
+ rc = ica_des_ofb(inp_buffer, out_buffer, DATA_LENGHT,
+ des_key, iv, mode);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_des_ofb"));
+ if(mode == ICA_ENCRYPT)
+ inp_buffer = out_buffer;
+ else if(mode == ICA_DECRYPT)
+ inp_buffer = plain_data;
+ }
+ check_icastats(DES_OFB, "DES OFB");
+ free(out_buffer);
+void tdes_tests(unsigned char *iv, unsigned char *cmac, unsigned char *ctr)
+ int rc = 0;
+ int mode;
+ unsigned char *out_buffer;
+ unsigned char *inp_buffer = plain_data;
+ unsigned char des_key[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ };
+ if((out_buffer = malloc(DATA_LENGHT*sizeof(char))) == NULL){
+ perror("Error in malloc: ");
+ }
+ system("icastats -r");
+ for(mode = 1; mode >= 0; mode--){
+ rc = ica_3des_ecb(inp_buffer, out_buffer, DATA_LENGHT,
+ des_key, mode);
+ if (rc)
+ exit(handle_ica_error(rc, "ica_3des_ecb"));
+ if(mode == ICA_ENCRYPT)
+ inp_buffer = out_buffer;
+ else if(mode == ICA_DECRYPT)
+ inp_buffer = plain_data;
+ }
+ check_icastats(DES3_ECB, "3DES ECB");
+ system("icastats -r");
+ for(mode = 1; mode >= 0; mode--){
+ rc = ica_3des_cbc(inp_buffer, out_buffer, DATA_LENGHT,
+ des_key, iv, mode);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_3des_cbc"));
+ if(mode == ICA_ENCRYPT)
+ inp_buffer = out_buffer;
+ else if(mode == ICA_DECRYPT)
+ inp_buffer = plain_data;
+ }
+ check_icastats(DES3_CBC, "3DES CBC");
+ system("icastats -r");
+ for(mode = 1; mode >= 0; mode--){
+ rc = ica_3des_cfb(inp_buffer, out_buffer, DATA_LENGHT,
+ des_key, iv, DES_CIPHER_BLOCK, mode);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_3des_cfb"));
+ if(mode == ICA_ENCRYPT)
+ inp_buffer = out_buffer;
+ else if(mode == ICA_DECRYPT)
+ inp_buffer = plain_data;
+ }
+ check_icastats(DES3_CFB, "3DES CFB");
+ system("icastats -r");
+ for(mode = 1; mode >= 0; mode--){
+ rc = ica_3des_cmac(inp_buffer, DATA_LENGHT, cmac, DES_CIPHER_BLOCK,
+ des_key, mode);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_3des_cmac"));
+ }
+ check_icastats(DES3_CMAC, "3DES CMAC");
+ system("icastats -r");
+ for(mode = 1; mode >= 0; mode--){
+ rc = ica_3des_ctr(inp_buffer, out_buffer, DATA_LENGHT, des_key,
+ ctr, DES_CIPHER_BLOCK, mode);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_3des_ctr"));
+ if(mode == ICA_ENCRYPT)
+ inp_buffer = out_buffer;
+ else if(mode == ICA_DECRYPT)
+ inp_buffer = plain_data;
+ }
+ check_icastats(DES3_CTR, "3DES CTR");
+ system("icastats -r");
+ for(mode = 1; mode >= 0; mode--){
+ rc = ica_3des_ofb(inp_buffer, out_buffer, DATA_LENGHT,
+ des_key, iv, mode);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_3des_ofb"));
+ if(mode == ICA_ENCRYPT)
+ inp_buffer = out_buffer;
+ else if(mode == ICA_DECRYPT)
+ inp_buffer = plain_data;
+ }
+ check_icastats(DES3_OFB, "3DES OFB");
+ free(out_buffer);
+void sha_tests()
+ int rc = 0;
+ unsigned char hash[SHA512_HASH_LENGTH];
+ sha_context_t sha_context0;
+ sha256_context_t sha_context1;
+ sha512_context_t sha_context2;
+ system("icastats -r");
+ plain_data, &sha_context0, hash);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_sha1"));
+ check_icastats(SHA1, "SHA-1");
+ system("icastats -r");
+ rc = ica_sha224(SHA_MSG_PART_ONLY, DATA_LENGHT,
+ plain_data, &sha_context1, hash);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_sha224"));
+ check_icastats(SHA224, "SHA-224");
+ system("icastats -r");
+ rc = ica_sha256(SHA_MSG_PART_ONLY, DATA_LENGHT,
+ plain_data, &sha_context1, hash);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_sha256"));
+ check_icastats(SHA256, "SHA-256");
+ system("icastats -r");
+ rc = ica_sha384(SHA_MSG_PART_ONLY, DATA_LENGHT,
+ plain_data, &sha_context2, hash);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_sha384"));
+ check_icastats(SHA384, "SHA-384");
+ system("icastats -r");
+ rc = ica_sha512(SHA_MSG_PART_ONLY, DATA_LENGHT,
+ plain_data, &sha_context2, hash);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_sha512"));
+ check_icastats(SHA512, "SHA-512");
+void rsa_tests(ica_adapter_handle_t handle)
+unsigned char e[] =
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 };
+unsigned char n[] =
+ { 0xec, 0x51, 0xab, 0xa1, 0xf8, 0x40, 0x2c, 0x08,
+ 0x2e, 0x24, 0x52, 0x2e, 0x3c, 0x51, 0x6d, 0x98,
+ 0xad, 0xee, 0xc7, 0x7d, 0x00, 0xaf, 0xe1, 0xa8,
+ 0x61, 0xda, 0x32, 0x97, 0xb4, 0x32, 0x97, 0xe3,
+ 0x52, 0xda, 0x28, 0x45, 0x55, 0xc6, 0xb2, 0x46,
+ 0x65, 0x1b, 0x02, 0xcb, 0xbe, 0xf4, 0x2c, 0x6b,
+ 0x2a, 0x5f, 0xe1, 0xdf, 0xe9, 0xe3, 0xbc, 0x47,
+ 0xb7, 0x38, 0xb5, 0xa2, 0x78, 0x9d, 0x15, 0xe2,
+ 0x59, 0x81, 0x77, 0x6b, 0x6b, 0x2e, 0xa9, 0xdb,
+ 0x13, 0x26, 0x9c, 0xca, 0x5e, 0x0a, 0x1f, 0x3c,
+ 0x50, 0x9d, 0xd6, 0x79, 0x59, 0x99, 0x50, 0xe5,
+ 0x68, 0x1a, 0x98, 0xca, 0x11, 0xce, 0x37, 0x63,
+ 0x58, 0x22, 0x40, 0x19, 0x29, 0x72, 0x4c, 0x41,
+ 0x89, 0x0b, 0x56, 0x9e, 0x3e, 0xd5, 0x6d, 0x75,
+ 0x9e, 0x3f, 0x8a, 0x50, 0xf1, 0x0a, 0x59, 0x4a,
+ 0xc3, 0x59, 0x4b, 0xf6, 0xbb, 0xc9, 0xa5, 0x93 };
+unsigned char input_data[] =
+ { 0x00, 0x02, 0x08, 0x68, 0x30, 0x9a, 0x32, 0x08,
+ 0x57, 0xb0, 0x28, 0xaa, 0x76, 0x30, 0x3d, 0x84,
+ 0x5f, 0x92, 0x0d, 0x8e, 0x34, 0xe0, 0xd5, 0xcc,
+ 0x36, 0x97, 0xed, 0x00, 0x00, 0x01, 0x02, 0x03,
+ 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13,
+ 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
+ 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+ 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
+ 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
+ 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43,
+ 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b,
+ 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53,
+ 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b,
+ 0x5c, 0x5d, 0x5e, 0x5f, 0x60, 0x61, 0x62, 0x63 };
+unsigned char p[] =
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xfb, 0xb7, 0x73, 0x24, 0x42, 0xfe, 0x8f, 0x16,
+ 0xf0, 0x6e, 0x2d, 0x86, 0x22, 0x46, 0x79, 0xd1,
+ 0x58, 0x6f, 0x26, 0x24, 0x17, 0x12, 0xa3, 0x1a,
+ 0xfd, 0xf7, 0x75, 0xd4, 0xcd, 0xf9, 0xde, 0x4b,
+ 0x8c, 0xb7, 0x04, 0x5d, 0xd9, 0x18, 0xc8, 0x26,
+ 0x61, 0x54, 0xe0, 0x92, 0x2f, 0x47, 0xf7, 0x33,
+ 0xc2, 0x17, 0xd8, 0xda, 0xe0, 0x6d, 0xb6, 0x30,
+ 0xd6, 0xdc, 0xf9, 0x6a, 0x4c, 0xa1, 0xa2, 0x4b };
+unsigned char q[] =
+ { 0xf0, 0x57, 0x24, 0xf6, 0x2a, 0x5a, 0x6d, 0x8e,
+ 0xb8, 0xc6, 0x6f, 0xd2, 0xbb, 0x36, 0x4f, 0x6d,
+ 0xd8, 0xbc, 0xa7, 0x2f, 0xbd, 0x43, 0xdc, 0x9a,
+ 0x0e, 0x2a, 0x36, 0xb9, 0x21, 0x05, 0xfa, 0x22,
+ 0x6c, 0xe8, 0x22, 0x68, 0x2f, 0x1c, 0xe8, 0x27,
+ 0xc1, 0xed, 0x08, 0x7a, 0x43, 0x70, 0x7b, 0xe3,
+ 0x46, 0x74, 0x02, 0x6e, 0xb2, 0xb1, 0xeb, 0x44,
+ 0x72, 0x86, 0x0d, 0x55, 0x3b, 0xc8, 0xbc, 0xd9 };
+unsigned char dp[] =
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xa7, 0xcf, 0xa2, 0x18, 0x2c, 0xa9, 0xb4, 0xb9,
+ 0xf5, 0x9e, 0xc9, 0x04, 0x16, 0xd9, 0xa6, 0x8b,
+ 0x90, 0x4a, 0x19, 0x6d, 0x64, 0xb7, 0x17, 0x67,
+ 0x53, 0xfa, 0x4e, 0x8d, 0xde, 0xa6, 0x94, 0x32,
+ 0x5d, 0xcf, 0x58, 0x3e, 0x90, 0xbb, 0x30, 0x19,
+ 0x96, 0x38, 0x95, 0xb6, 0xca, 0x2f, 0xfa, 0x22,
+ 0x81, 0x65, 0x3b, 0x3c, 0x95, 0x9e, 0x79, 0x75,
+ 0xe4, 0x93, 0x50, 0xf1, 0x88, 0x6b, 0xc1, 0x87 };
+unsigned char dq[] =
+ { 0xa0, 0x3a, 0x18, 0xa4, 0x1c, 0x3c, 0x49, 0x09,
+ 0xd0, 0x84, 0x4a, 0x8c, 0x7c, 0xce, 0xdf, 0x9e,
+ 0x90, 0x7d, 0xc4, 0xca, 0x7e, 0x2d, 0x3d, 0xbc,
+ 0x09, 0x71, 0x79, 0xd0, 0xc0, 0xae, 0xa6, 0xc1,
+ 0x9d, 0xf0, 0x16, 0xf0, 0x1f, 0x68, 0x9a, 0xc5,
+ 0x2b, 0xf3, 0x5a, 0xfc, 0x2c, 0xf5, 0xa7, 0xec,
+ 0xd9, 0xa2, 0xac, 0x49, 0xcc, 0x76, 0x9c, 0xd8,
+ 0x4c, 0x59, 0x5e, 0x38, 0xd2, 0x85, 0xd3, 0x3b };
+unsigned char qinv[] =
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x83, 0xf1, 0xca, 0x06, 0x58, 0x4a, 0x04, 0x5e,
+ 0x96, 0xb5, 0x30, 0x32, 0x40, 0x36, 0x48, 0xb9,
+ 0x02, 0x0c, 0xe3, 0x37, 0xb7, 0x51, 0xbc, 0x22,
+ 0x26, 0x5d, 0x74, 0x03, 0x47, 0xd3, 0x33, 0x20,
+ 0x8e, 0x75, 0x62, 0xf2, 0x9d, 0x4e, 0xc8, 0x7d,
+ 0x5d, 0x8e, 0xb6, 0xd9, 0x69, 0x4a, 0x9a, 0xe1,
+ 0x36, 0x6e, 0x1c, 0xbe, 0x8a, 0x14, 0xb1, 0x85,
+ 0x39, 0x74, 0x7c, 0x25, 0xd8, 0xa4, 0x4f, 0xde };
+ unsigned char *output_data;
+ unsigned char *data = input_data;
+ int rc = 0;
+ if((output_data = malloc(RSA_BYTE_LENGHT*sizeof(char))) == NULL){
+ perror("error in malloc: ");
+ }
+ ica_rsa_key_mod_expo_t mod_expo_key= {RSA_BYTE_LENGHT, n, e};
+ ica_rsa_key_crt_t crt_key = {RSA_BYTE_LENGHT, p, q, dp, dq, qinv};
+ system("icastats -r");
+ rc = ica_rsa_mod_expo(handle, data, &mod_expo_key,
+ output_data);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_rsa_key_mod_expo"));
+ check_icastats(RSA_ME, "RSA-ME");
+ system("icastats -r");
+ rc = ica_rsa_crt(handle, data, &crt_key,
+ output_data);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_rsa_crt"));
+ check_icastats(RSA_CRT, "RSA-CRT");
+ free(output_data);
+void aes_tests(unsigned char *iv, unsigned char *cmac, unsigned char *ctr)
+ int rc = 0;
+ int mode;
+ unsigned char *output_buffer, *tag, *nonce;
+ unsigned char *input_buffer = plain_data;
+ unsigned char aes_key[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+ };
+ unsigned char tweak[] = {
+ 0x72, 0xf3, 0xb0, 0x54, 0xcb, 0xdc, 0x2f, 0x9e,
+ 0x3c, 0x5b, 0xc5, 0x51, 0xd4, 0x4d, 0xdb, 0xa0,
+ };
+ #define NONCE_LENGHT 10
+ if((nonce = malloc(NONCE_LENGHT*sizeof(char))) == NULL){
+ perror("Error in malloc: ");
+ }
+ if((tag = malloc(AES_CIPHER_BLOCK*sizeof(char))) == NULL){
+ perror("Error in malloc: ");
+ }
+ if((output_buffer = malloc((DATA_LENGHT+AES_CIPHER_BLOCK)
+ *sizeof(char))) == NULL){
+ perror("Error in malloc: ");
+ }
+ system("icastats -r");
+ for(mode = 1;mode >= 0;mode--){
+ rc = ica_aes_cbc(input_buffer, output_buffer, DATA_LENGHT,
+ aes_key, AES_KEY_LEN128, iv, mode);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_aes_cbc"));
+ if(mode == ICA_ENCRYPT)
+ input_buffer = output_buffer;
+ else if(mode == ICA_DECRYPT)
+ input_buffer = plain_data;
+ }
+ check_icastats(AES_CBC, "AES CBC");
+ system("icastats -r");
+ for(mode = 1;mode >= 0;mode--){
+ rc = ica_aes_cfb(input_buffer, output_buffer, DATA_LENGHT,
+ aes_key, AES_KEY_LEN128, iv, AES_CIPHER_BLOCK,
+ mode);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_aes_cfb"));
+ if(mode == ICA_ENCRYPT)
+ input_buffer = output_buffer;
+ else if(mode == ICA_DECRYPT)
+ input_buffer = plain_data;
+ }
+ check_icastats(AES_CFB, "AES CFB");
+ system("icastats -r");
+ for(mode = 1;mode >= 0;mode--){
+ rc = ica_aes_cmac(input_buffer, DATA_LENGHT, cmac,
+ AES_CIPHER_BLOCK, aes_key,
+ AES_KEY_LEN128, mode);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_aes_cmac"));
+ }
+ check_icastats(AES_CMAC, "AES CMAC");
+ system("icastats -r");
+ for(mode = 1;mode >= 0;mode--){
+ rc = ica_aes_ctr(input_buffer, output_buffer, DATA_LENGHT,
+ aes_key, AES_KEY_LEN128, ctr, AES_CIPHER_BLOCK,
+ mode);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_aes_ctr"));
+ if(mode == ICA_ENCRYPT)
+ input_buffer = output_buffer;
+ else if(mode == ICA_DECRYPT)
+ input_buffer = plain_data;
+ }
+ check_icastats(AES_CTR, "AES CTR");
+ system("icastats -r");
+ for(mode = 1;mode >= 0;mode--){
+ rc = ica_aes_ecb(input_buffer, output_buffer, DATA_LENGHT,
+ aes_key, AES_KEY_LEN128, mode);
+ if (rc)
+ exit(handle_ica_error(rc, "ica_aes_ecb"));
+ if(mode == ICA_ENCRYPT)
+ input_buffer = output_buffer;
+ else if(mode == ICA_DECRYPT)
+ input_buffer = plain_data;
+ }
+ check_icastats(AES_ECB, "AES ECB");
+ system("icastats -r");
+ for(mode = 1;mode >= 0;mode--){
+ rc = ica_aes_ofb(input_buffer, output_buffer, DATA_LENGHT,
+ aes_key, AES_KEY_LEN128, iv, mode);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_aes_ofb"));
+ if(mode == ICA_ENCRYPT)
+ input_buffer = output_buffer;
+ else if(mode == ICA_DECRYPT)
+ input_buffer = plain_data;
+ }
+ check_icastats(AES_OFB, "AES OFB");
+ system("icastats -r");
+ for(mode = 1;mode >= 0;mode--){
+ rc = ica_aes_xts(input_buffer, output_buffer, DATA_LENGHT,
+ aes_key, aes_key, AES_KEY_LEN128, tweak, mode);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_aes_xts"));
+ if(mode == ICA_ENCRYPT)
+ input_buffer = output_buffer;
+ else if(mode == ICA_DECRYPT)
+ input_buffer = plain_data;
+ }
+ check_icastats(AES_XTS, "AES XTS");
+ free(tag);
+ free(output_buffer);
+ free(nonce);
diff --git a/src/tests/libica_3des_cbc_test.c b/src/tests/libica_3des_cbc_test.c
new file mode 100644
index 0000000..79d283e
--- /dev/null
+++ b/src/tests/libica_3des_cbc_test.c
@@ -0,0 +1,181 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_RANDOM_TESTS 10000
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_cbc_data(unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data)
+ printf("IV \n");
+ dump_array(iv, iv_length);
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+int load_random_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length)
+ int rc;
+ rc = ica_random_number_generate(data_length, data);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(iv_length, iv);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(key_length, key);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ return rc;
+int random_3des_cbc(int iteration, int silent, unsigned int data_length)
+ unsigned int iv_length = sizeof(ica_des_vector_t);
+ unsigned int key_length = sizeof(ica_des_key_triple_t);
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ int rc = 0;
+ memset(encrypt, 0x00, data_length);
+ memset(decrypt, 0x00, data_length);
+ load_random_test_data(input_data, data_length, iv, iv_length, key,
+ key_length);
+ memcpy(tmp_iv, iv, iv_length);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i\n",
+ key_length, data_length, iv_length);
+ }
+ rc = ica_3des_cbc(input_data, encrypt, data_length, key, tmp_iv, 1);
+ if (rc) {
+ printf("ica_3des_cbc encrypt failed with rc = %i\n", rc);
+ dump_cbc_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_cbc_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (rc) {
+ printf("3DES CBC test exited after encryption\n");
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_3des_cbc(encrypt, decrypt, data_length, key, tmp_iv,
+ 0);
+ if (rc) {
+ printf("ica_3des_cbc decrypt failed with rc = %i\n", rc);
+ dump_cbc_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_cbc_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int main(int argc, char **argv)
+ // Default mode is 0. ECB,CBC and CFQ tests will be performed.
+ unsigned int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ int rc = 0;
+ int error_count = 0;
+ int iteration;
+ unsigned int data_length = sizeof(ica_des_vector_t);
+ for(iteration = 1; iteration <= NR_RANDOM_TESTS; iteration++) {
+ rc = random_3des_cbc(iteration, silent, data_length);
+ if (rc) {
+ printf("random_3des_cbc failed with rc = %i\n", rc);
+ error_count++;
+ goto out;
+ }
+ data_length += sizeof(ica_des_vector_t);
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All 3des_cbc testcases finished successfully\n");
+ return rc;
diff --git a/src/tests/libica_3des_cfb_test.c b/src/tests/libica_3des_cfb_test.c
new file mode 100644
index 0000000..44ad1e0
--- /dev/null
+++ b/src/tests/libica_3des_cfb_test.c
@@ -0,0 +1,204 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_TESTS 12
+#define NR_RANDOM_TESTS 1000
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_cfb_data(unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data)
+ printf("IV \n");
+ dump_array(iv, iv_length);
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+int load_random_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length)
+ int rc;
+ rc = ica_random_number_generate(data_length, data);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(iv_length, iv);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(key_length, key);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ return rc;
+int random_des_cfb(int iteration, int silent, unsigned int data_length,
+ unsigned int lcfb)
+ unsigned int iv_length = sizeof(ica_des_vector_t);
+ unsigned int key_length = sizeof(ica_des_key_triple_t);
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ int rc = 0;
+ memset(encrypt, 0x00, data_length);
+ memset(decrypt, 0x00, data_length);
+ load_random_test_data(input_data, data_length, iv, iv_length, key,
+ key_length);
+ memcpy(tmp_iv, iv, iv_length);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i,"
+ " lcfb = %i\n", key_length, data_length, iv_length, lcfb);
+ }
+ rc = ica_3des_cfb(input_data, encrypt, data_length, key, tmp_iv, lcfb,
+ 1);
+ if (rc) {
+ printf("ica_3des_cfb encrypt failed with rc = %i\n", rc);
+ dump_cfb_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_cfb_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (rc) {
+ printf("3DES OFB test exited after encryption\n");
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_3des_cfb(encrypt, decrypt, data_length, key, tmp_iv,
+ lcfb, 0);
+ if (rc) {
+ printf("ica_3des_cfb decrypt failed with rc = %i\n", rc);
+ dump_cfb_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_cfb_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int main(int argc, char **argv)
+ int rc = 0;
+ int error_count = 0;
+ int iteration;
+ unsigned int silent = 0;
+ unsigned int rdata;
+ unsigned int data_length = 1;
+ unsigned int lcfb = 1;
+ unsigned int j;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ for(iteration = 1; iteration <= NR_RANDOM_TESTS; iteration++) {
+ for (j = 1; j <= 2; j++) {
+ if (!(data_length % lcfb)) {
+ rc = random_des_cfb(iteration, silent, data_length, lcfb);
+ if (rc) {
+ printf("random_des_cfb failed with rc = %i\n", rc);
+ error_count++;
+ }
+ }
+ switch (j) {
+ case 1:
+ lcfb = 1;
+ break;
+ case 2:
+ lcfb = 8;
+ break;
+ }
+ }
+ // add a value between 1 and 8 to data_length
+ if (ica_random_number_generate(sizeof(rdata), (unsigned char*) &rdata)) {
+ printf("ica_random_number_generate failed with errnor = %i\n",
+ errno);
+ exit(1);
+ }
+ data_length += (rdata % 8) + 1;
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All 3des_cfb testcases finished successfully\n");
+ return rc;
diff --git a/src/tests/libica_3des_ctr_test.c b/src/tests/libica_3des_ctr_test.c
new file mode 100644
index 0000000..636c763
--- /dev/null
+++ b/src/tests/libica_3des_ctr_test.c
@@ -0,0 +1,188 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_RANDOM_TESTS 1000
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_ctr_data(unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data)
+ printf("IV \n");
+ dump_array(iv, iv_length);
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+int random_3des_ctr(int iteration, int silent, unsigned int data_length)
+ unsigned int key_length = sizeof(ica_des_key_triple_t);
+ unsigned int iv_length = sizeof(ica_des_vector_t);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i\n",
+ key_length, data_length, iv_length);
+ }
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ int rc = 0;
+ rc = ica_random_number_generate(data_length, input_data);
+ if (rc) {
+ printf("random number generate returned rc = %i, errno = %i\n", rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(iv_length, iv);
+ if (rc) {
+ printf("random number generate returned rc = %i, errno = %i\n", rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(key_length, key);
+ if (rc) {
+ printf("random number generate returned rc = %i, errno = %i\n", rc, errno);
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_3des_ctr(input_data, encrypt, data_length, key, tmp_iv,
+ 32, 1);
+ if (rc) {
+ printf("ica_3des_ctr encrypt failed with rc = %i\n", rc);
+ dump_ctr_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_ctr_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_3des_ctr(encrypt, decrypt, data_length, key, tmp_iv,
+ 32, 0);
+ if (rc) {
+ printf("ica_3des_ctr decrypt failed with rc = %i\n", rc);
+ dump_ctr_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_ctr_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int main(int argc, char **argv)
+ unsigned int silent = 0;
+ unsigned int endless = 0;
+ unsigned int data_length = 1;
+ unsigned int rdata;
+ int error_count = 0;
+ int i = 0;
+ int rc = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ if (strstr(argv[1], "endless"))
+ endless = 1;
+ }
+ if (endless) {
+ silent = 1;
+ while (1) {
+ printf("i = %i\n",i);
+ rc = random_3des_ctr(i, silent, 320);
+ if (rc) {
+ printf("kat_3des_ctr failed with rc = %i\n",
+ rc);
+ return rc;
+ } else
+ printf("kat_3des_ctr finished successfully\n");
+ i++;
+ }
+ } else {
+ silent = 1;
+ for (i = 1; i < NR_RANDOM_TESTS; i++) {
+ rc = random_3des_ctr(i, silent, data_length);
+ if (rc) {
+ printf("random_3des_ctr failed with rc = %i\n", rc);
+ error_count++;
+ }
+ // add a value between 1 and 8 to data_length
+ if (ica_random_number_generate(sizeof(rdata), (unsigned char*) &rdata)) {
+ printf("ica_random_number_generate failed with errnor = %i\n",
+ errno);
+ exit(1);
+ }
+ data_length += (rdata % 8) + 1;
+ }
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All 3des_ctr testcases finished successfully\n");
+ return rc;
diff --git a/src/tests/libica_3des_ecb_test.c b/src/tests/libica_3des_ecb_test.c
new file mode 100644
index 0000000..b5ea610
--- /dev/null
+++ b/src/tests/libica_3des_ecb_test.c
@@ -0,0 +1,320 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_TESTS 2
+#define NR_RANDOM_TESTS 10000
+/* ECB data - 1 for 3DES192 */
+unsigned char NIST_KEY_ECB_E1[] = {
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
+ 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23,
+unsigned char NIST_TEST_DATA_ECB_E1[] = {
+ 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20,
+unsigned char NIST_TEST_RESULT_ECB_E1[] = {
+ 0xCC, 0xE2, 0x1C, 0x81, 0x12, 0x25, 0x6F, 0xE6,
+/* ECB data - 2 - for 3DES128 */
+unsigned char NIST_KEY_ECB_E2[] = {
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
+ 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23,
+unsigned char NIST_TEST_DATA_ECB_E2[] = {
+ 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x66, 0x63,
+ 0x6B, 0x20, 0x62, 0x72, 0x6F, 0x77, 0x6E, 0x20,
+ 0x66, 0x6F, 0x78, 0x20, 0x6A, 0x75, 0x6D, 0x70,
+unsigned char NIST_TEST_RESULT_ECB_E2[] = {
+ 0xA8, 0x26, 0xFD, 0x8C, 0xE5, 0x3B, 0x85, 0x5F,
+ 0xCC, 0xE2, 0x1C, 0x81, 0x12, 0x25, 0x6F, 0xE6,
+ 0x68, 0xD5, 0xC0, 0x5D, 0xD9, 0xB6, 0xB9, 0x00,
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_ecb_data(unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data)
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+void get_sizes(unsigned int *data_length,
+ unsigned int *key_length, unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ *data_length = sizeof(NIST_TEST_DATA_ECB_E1);
+ *key_length = sizeof(NIST_KEY_ECB_E1);
+ break;
+ case 2:
+ *data_length = sizeof(NIST_TEST_DATA_ECB_E2);
+ *key_length = sizeof(NIST_KEY_ECB_E2);
+ break;
+ }
+void load_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *result,
+ unsigned char *key, unsigned int key_length,
+ unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ memcpy(data, NIST_TEST_DATA_ECB_E1, data_length);
+ memcpy(result, NIST_TEST_RESULT_ECB_E1, data_length);
+ memcpy(key, NIST_KEY_ECB_E1, key_length);
+ break;
+ case 2:
+ memcpy(data, NIST_TEST_DATA_ECB_E2, data_length);
+ memcpy(result, NIST_TEST_RESULT_ECB_E2, data_length);
+ memcpy(key, NIST_KEY_ECB_E2, key_length);
+ break;
+ }
+int kat_3des_ecb(int iteration, int silent)
+ unsigned int data_length;
+ unsigned int key_length;
+ get_sizes(&data_length, &key_length, iteration);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i",
+ key_length, data_length);
+ }
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ unsigned char result[data_length];
+ int rc = 0;
+ load_test_data(input_data, data_length, result, key, key_length,
+ iteration);
+ rc = ica_3des_ecb(input_data, encrypt, data_length, key, 1);
+ if (rc) {
+ printf("ica_3des_ecb encrypt failed with rc = %i\n", rc);
+ dump_ecb_data(key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_ecb_data(key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (memcmp(result, encrypt, data_length)) {
+ printf("Encryption Result does not match the known ciphertext!\n");
+ printf("Expected data:\n");
+ dump_array(result, data_length);
+ printf("Encryption Result:\n");
+ dump_array(encrypt, data_length);
+ rc++;
+ }
+ if (rc) {
+ printf("3DES ECB test exited after encryption\n");
+ return rc;
+ }
+ rc = ica_3des_ecb(encrypt, decrypt, data_length, key, 0);
+ if (rc) {
+ printf("ica_3des_ecb decrypt failed with rc = %i\n", rc);
+ dump_ecb_data(key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_ecb_data(key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int load_random_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *key, unsigned int key_length)
+ int rc;
+ rc = ica_random_number_generate(data_length, data);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(key_length, key);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ return rc;
+int random_3des_ecb(int iteration, int silent, unsigned int data_length)
+ int rc = 0;
+ unsigned int key_length = sizeof(ica_des_key_triple_t);
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ unsigned char key[key_length];
+ memset(encrypt, 0x00, data_length);
+ memset(decrypt, 0x00, data_length);
+ load_random_test_data(input_data, data_length, key, key_length);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i\n", key_length, data_length);
+ }
+ rc = ica_3des_ecb(input_data, encrypt, data_length, key, 1);
+ if (rc) {
+ printf("ica_3des_ecb encrypt failed with rc = %i\n", rc);
+ dump_ecb_data(key, key_length, input_data, data_length,
+ encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_ecb_data(key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (rc) {
+ printf("3DES ECB test exited after encryption\n");
+ return rc;
+ }
+ rc = ica_3des_ecb(encrypt, decrypt, data_length, key, 0);
+ if (rc) {
+ printf("ica_3des_ecb decrypt failed with rc = %i\n", rc);
+ dump_ecb_data(key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_ecb_data(key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ return rc;
+ }
+ return rc;
+int main(int argc, char **argv)
+ // Default mode is 0. ECB,ECB and CFQ tests will be performed.
+ unsigned int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ int rc = 0;
+ int error_count = 0;
+ int iteration;
+ unsigned int data_length = sizeof(ica_des_vector_t);
+ for(iteration = 1; iteration <= NR_TESTS; iteration++) {
+ rc = kat_3des_ecb(iteration, silent);
+ if (rc) {
+ printf("kat_3des_ecb failed with rc = %i\n", rc);
+ error_count++;
+ }
+ }
+ for(iteration = 1; iteration <= NR_RANDOM_TESTS; iteration++) {
+ int silent = 1;
+ rc = random_3des_ecb(iteration, silent, data_length);
+ if (rc) {
+ printf("random_3des_ecb failed with rc = %i\n", rc);
+ error_count++;
+ goto out;
+ }
+ data_length += sizeof(ica_des_vector_t);
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All 3des_ecb testcases finished successfully\n");
+ return rc;
diff --git a/src/tests/libica_3des_ofb_test.c b/src/tests/libica_3des_ofb_test.c
new file mode 100644
index 0000000..3b984dc
--- /dev/null
+++ b/src/tests/libica_3des_ofb_test.c
@@ -0,0 +1,186 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_RANDOM_TESTS 10000
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_ofb_data(unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data)
+ printf("IV \n");
+ dump_array(iv, iv_length);
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+int load_random_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length)
+ int rc;
+ rc = ica_random_number_generate(data_length, data);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(iv_length, iv);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(key_length, key);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ return rc;
+int random_3des_ofb(int iteration, int silent, unsigned int data_length)
+ unsigned int iv_length = sizeof(ica_des_vector_t);
+ unsigned int key_length = sizeof(ica_des_key_triple_t);
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ int rc = 0;
+ memset(encrypt, 0x00, data_length);
+ memset(decrypt, 0x00, data_length);
+ load_random_test_data(input_data, data_length, iv, iv_length, key,
+ key_length);
+ memcpy(tmp_iv, iv, iv_length);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i\n",
+ key_length, data_length, iv_length);
+ }
+ rc = ica_3des_ofb(input_data, encrypt, data_length, key, tmp_iv, 1);
+ if (rc) {
+ printf("ica_3des_ofb encrypt failed with rc = %i\n", rc);
+ dump_ofb_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_ofb_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (rc) {
+ printf("3DES OFB test exited after encryption\n");
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_3des_ofb(encrypt, decrypt, data_length, key, tmp_iv, 0);
+ if (rc) {
+ printf("ica_3des_ofb decrypt failed with rc = %i\n", rc);
+ dump_ofb_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_ofb_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int main(int argc, char **argv)
+ unsigned int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ int rc = 0;
+ int error_count = 0;
+ int iteration;
+ unsigned int rdata;
+ unsigned int data_length = 1;
+ for(iteration = 1; iteration <= NR_RANDOM_TESTS; iteration++) {
+ rc = random_3des_ofb(iteration, silent, data_length);
+ if (rc) {
+ printf("random_3des_ofb failed with rc = %i\n", rc);
+ error_count++;
+ goto out;
+ }
+ // add a value between 1 and 8 to data_length
+ if (ica_random_number_generate(sizeof(rdata), (unsigned char*) &rdata)) {
+ printf("ica_random_number_generate failed with errnor = %i\n",
+ errno);
+ exit(1);
+ }
+ data_length += (rdata % 8) + 1;
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All 3des_ofb testcases finished successfully\n");
+ return rc;
diff --git a/src/tests/libica_3des_test.c b/src/tests/libica_3des_test.c
new file mode 100644
index 0000000..baad4e9
--- /dev/null
+++ b/src/tests/libica_3des_test.c
@@ -0,0 +1,156 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2001, 2009, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include "ica_api.h"
+unsigned char NIST_KEY1[] =
+ { 0x7c, 0xa1, 0x10, 0x45, 0x4a, 0x1a, 0x6e, 0x57 };
+unsigned char NIST_KEY2[] =
+ { 0x7c, 0xa1, 0x10, 0x45, 0x4a, 0x1a, 0x6e, 0x57 };
+unsigned char NIST_KEY3[] =
+ { 0x7c, 0xa1, 0x10, 0x45, 0x4a, 0x1a, 0x6e, 0x57 };
+unsigned char NIST_TEST_DATA[] =
+ { 0x01, 0xa1, 0xd6, 0xd0, 0x39, 0x77, 0x67, 0x42 };
+unsigned char NIST_TEST_RESULT[] =
+ { 0x69, 0x0f, 0x5b, 0x0d, 0x9a, 0x26, 0x93, 0x9b };
+int silent = 1;
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+int test_3des_new_api(int mode)
+ ica_des_vector_t iv;
+ ica_des_key_triple_t key;
+ int rc = 0;
+ unsigned char dec_text[sizeof(NIST_TEST_DATA)],
+ enc_text[sizeof(NIST_TEST_DATA)];
+ bzero(dec_text, sizeof(dec_text));
+ bzero(enc_text, sizeof(enc_text));
+ bzero(iv, sizeof(iv));
+ bcopy(NIST_KEY1, key.key1, sizeof(NIST_KEY1));
+ bcopy(NIST_KEY2, key.key2, sizeof(NIST_KEY2));
+ bcopy(NIST_KEY3, key.key3, sizeof(NIST_KEY3));
+ printf("\nOriginal data:\n");
+ dump_array(NIST_TEST_DATA, sizeof(NIST_TEST_DATA));
+ rc = ica_3des_encrypt(mode, sizeof(NIST_TEST_DATA), NIST_TEST_DATA,
+ &iv, &key, enc_text);
+ if (rc != 0) {
+ printf("ica_3des_encrypt failed with errno %d (0x%x).\n", rc, rc);
+ return rc;
+ }
+ printf("\nEncrypted data:\n");
+ dump_array(enc_text, sizeof(enc_text));
+ if (memcmp(enc_text, NIST_TEST_RESULT, sizeof NIST_TEST_RESULT) != 0) {
+ printf("This does NOT match the known result.\n");
+ return -1;
+ } else {
+ printf("Yep, it's what it should be.\n");
+ }
+ bzero(iv, sizeof(iv));
+ rc = ica_3des_decrypt(mode, sizeof(enc_text), enc_text,
+ &iv, &key, dec_text);
+ if (rc != 0) {
+ printf("ica_3des_decrypt failed with errno %d (0x%x).\n", rc, rc);
+ return rc;
+ }
+ printf("\nDecrypted data:\n");
+ dump_array(dec_text, sizeof(dec_text));
+ if (memcmp(dec_text, NIST_TEST_DATA, sizeof(NIST_TEST_DATA)) != 0) {
+ printf("This does NOT match the original data.\n");
+ return -1;
+ } else {
+ printf("Successful!\n");
+ }
+ return 0;
+int main(int argc, char **argv)
+ // Default mode is 0. ECB and CBC tests will be performed.
+ unsigned int mode = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "ecb"))
+ mode = MODE_ECB;
+ if (strstr(argv[1], "cbc"))
+ mode = MODE_CBC;
+ printf("mode = %i \n", mode);
+ }
+ if (mode != 0 && mode != MODE_ECB && mode != MODE_CBC) {
+ printf("Usage: %s [ ecb | cbc ]\n", argv[0]);
+ return -1;
+ }
+ int rc = 0;
+ int error_count = 0;
+ if (!mode) {
+ /* This is the standard loop that will perform all testcases */
+ mode = 2;
+ while (mode) {
+ rc = test_3des_new_api(mode);
+ if (rc) {
+ error_count++;
+ printf ("test_des_new_api mode = %i failed \n", mode);
+ }
+ else
+ printf ("test_des_new_api mode = %i finished successfully \n", mode);
+ mode--;
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All testcases finished successfully\n");
+ } else {
+ /* Perform only either in ECB or CBC mode */
+ silent = 0;
+ rc = test_3des_new_api(mode);
+ if (rc)
+ printf ("test_des_new_api mode = %i failed \n", mode);
+ else
+ printf ("test_des_new_api mode = %i finished successfully \n", mode);
+ }
+ return rc;
diff --git a/src/tests/libica_aes128_test.c b/src/tests/libica_aes128_test.c
new file mode 100644
index 0000000..45d7508
--- /dev/null
+++ b/src/tests/libica_aes128_test.c
@@ -0,0 +1,303 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2005, 2009, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <unistd.h>
+#include "ica_api.h"
+#include <stdlib.h>
+#include <openssl/aes.h>
+int silent = 0;
+unsigned char NIST_KEY1[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+unsigned char NIST_TEST_DATA[] = {
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+unsigned char NIST_TEST_RESULT[] = {
+ 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
+ 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a,
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+int test_aes128_new_api(int mode)
+ ica_aes_vector_t iv;
+ unsigned char key[AES_KEY_LEN128];
+ int rc = 0;
+ unsigned char dec_text[sizeof(NIST_TEST_DATA)],
+ enc_text[sizeof(NIST_TEST_DATA)];
+ bzero(dec_text, sizeof(dec_text));
+ bzero(enc_text, sizeof(enc_text));
+ bzero(iv, sizeof(iv));
+ bcopy(NIST_KEY1, key, sizeof(NIST_KEY1));
+ rc = ica_aes_encrypt(mode, sizeof(NIST_TEST_DATA), NIST_TEST_DATA, &iv,
+ AES_KEY_LEN128, key, enc_text);
+ if (rc) {
+ printf("key \n");
+ dump_array((unsigned char *) key, sizeof(NIST_KEY1));
+ printf("\nOriginal data:\n");
+ dump_array((unsigned char *) NIST_TEST_DATA, sizeof(NIST_TEST_DATA));
+ printf("test iv\n");
+ dump_array((unsigned char *) &iv, sizeof(ica_aes_vector_t));
+ printf("key\n");
+ dump_array((unsigned char *) key, AES_KEY_LEN128);
+ printf("ica_aes_encrypt failed with errno %d (0x%x).\n", rc, rc);
+ return 1;
+ }
+ if (memcmp(enc_text, NIST_TEST_RESULT, sizeof(NIST_TEST_RESULT)) != 0) {
+ printf("key \n");
+ dump_array((unsigned char *) key, sizeof(NIST_KEY1));
+ printf("\nOriginal data:\n");
+ dump_array((unsigned char *) NIST_TEST_DATA, sizeof(NIST_TEST_DATA));
+ printf("test iv\n");
+ dump_array((unsigned char *) &iv, sizeof(ica_aes_vector_t));
+ printf("key\n");
+ dump_array((unsigned char *) key, AES_KEY_LEN128);
+ printf("\nEncrypted data:\n");
+ dump_array((unsigned char *) enc_text, sizeof(enc_text));
+ printf("This does NOT match the known result.\n");
+ return 1;
+ } else {
+ if (!silent) {
+ printf("Yep, it's what it should be.\n");
+ }
+ }
+ bzero(iv, sizeof(iv));
+ rc = ica_aes_decrypt(mode, sizeof(enc_text), enc_text, &iv,
+ AES_KEY_LEN128, key, dec_text);
+ if (rc) {
+ printf("key \n");
+ dump_array((unsigned char *) key, sizeof(NIST_KEY1));
+ printf("\nOriginal data:\n");
+ dump_array((unsigned char *) NIST_TEST_DATA, sizeof(NIST_TEST_DATA));
+ printf("test iv\n");
+ dump_array((unsigned char *) &iv, sizeof(ica_aes_vector_t));
+ printf("key\n");
+ dump_array((unsigned char *) key, AES_KEY_LEN128);
+ printf("\nEncrypted data:\n");
+ dump_array((unsigned char *) enc_text, sizeof(enc_text));
+ printf("\nDecrypted data:\n");
+ dump_array((unsigned char *) dec_text, sizeof(dec_text));
+ printf("ica_aes_decrypt failed with errno %d (0x%x).\n", rc, rc);
+ return 1;
+ }
+ if (memcmp(dec_text, NIST_TEST_DATA, sizeof(NIST_TEST_DATA)) != 0) {
+ printf("This does NOT match the original data.\n");
+ return 1;
+ } else {
+ if (!silent) {
+ printf("Successful!\n");
+ printf("key \n");
+ dump_array((unsigned char *) key, sizeof(NIST_KEY1));
+ printf("\nOriginal data:\n");
+ dump_array((unsigned char *) NIST_TEST_DATA, sizeof(NIST_TEST_DATA));
+ printf("test iv\n");
+ dump_array((unsigned char *) &iv, sizeof(ica_aes_vector_t));
+ printf("key\n");
+ dump_array((unsigned char *) key, AES_KEY_LEN128);
+ printf("\nEncrypted data:\n");
+ dump_array((unsigned char *) enc_text, sizeof(enc_text));
+ printf("\nDecrypted data:\n");
+ dump_array((unsigned char *) dec_text, sizeof(dec_text));
+ }
+ }
+// Test 2
+ rc = 0;
+ bzero(dec_text, sizeof(dec_text));
+ bzero(enc_text, sizeof(enc_text));
+ bzero(iv, sizeof(iv));
+ bzero(key, sizeof(key));
+ unsigned int length = 64;
+ unsigned char *decrypt = malloc(length);
+ unsigned char *encrypt = malloc(length);
+ unsigned char *original = malloc(length);
+ ica_aes_key_len_128_t key2;
+ rc = ica_random_number_generate(length, original);
+ if (rc) {
+ printf("ica_random_number_generate returned rc = %i\n", rc);
+ return rc;
+ }
+ rc = ica_random_number_generate(AES_KEY_LEN128, (unsigned char *) &key2);
+ if (rc) {
+ printf("ica_random_number_generate returned rc = %i\n", rc);
+ return rc;
+ }
+ rc = ica_aes_encrypt(mode, length, original, &iv, AES_KEY_LEN128, (unsigned char *) &key2,
+ (unsigned char *) encrypt);
+ if (rc) {
+ printf("\nOriginal data:\n");
+ dump_array((unsigned char *) original, length);
+ printf("KEY: \n");
+ dump_array((unsigned char *) &key2, AES_KEY_LEN128);
+ printf("ica_aes_encrypt failed with errno %d (0x%x).\n", rc, rc);
+ return rc;
+ }
+ if (memcmp(encrypt, original, length) == 0) {
+ printf("Encrypt and original are the same.\n");
+ return 1;
+ }
+ bzero(iv, sizeof(iv));
+ rc = ica_aes_decrypt(mode, length, encrypt, &iv, AES_KEY_LEN128,
+ (unsigned char *) &key2, decrypt);
+ if (rc) {
+ printf("\nOriginal data:\n");
+ dump_array((unsigned char *) original, length);
+ printf("KEY: \n");
+ dump_array((unsigned char *) &key2, AES_KEY_LEN128);
+ printf("\nEncrypted data:\n");
+ dump_array((unsigned char *) encrypt, length);
+ printf("ica_aes_decrypt failed with errno %d (0x%x).\n", rc, rc);
+ goto free;
+ }
+ if (memcmp(decrypt, original, length) != 0) {
+ printf("\nOriginal data:\n");
+ dump_array((unsigned char *) original, length);
+ printf("KEY: \n");
+ dump_array((unsigned char *) &key2, AES_KEY_LEN128);
+ printf("\nEncrypted data:\n");
+ dump_array((unsigned char *) encrypt, length);
+ printf("\nDecrypted data:\n");
+ dump_array((unsigned char *) decrypt, length);
+ printf("This does NOT match the original data.\n");
+ rc = -1;
+ goto free;
+ }
+ if(memcmp(decrypt, encrypt, length) == 0) {
+ printf("\nOriginal data:\n");
+ dump_array((unsigned char *) original, length);
+ printf("KEY: \n");
+ dump_array((unsigned char *) &key2, AES_KEY_LEN128);
+ printf("\nEncrypted data:\n");
+ dump_array((unsigned char *) encrypt, length);
+ printf("\nDecrypted data:\n");
+ dump_array((unsigned char *) decrypt, length);
+ printf("decrypt and encrypt are the same\n");
+ rc = -1;
+ goto free;
+ } else {
+ if (!silent) {
+ printf("Successful!\n");
+ }
+ }
+ free:
+ free(original);
+ free(encrypt);
+ free(decrypt);
+ return rc;
+int main(int argc, char **argv)
+ // Default mode is 0. ECB and CBC tests will be performed.
+ unsigned int mode = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "ecb"))
+ mode = MODE_ECB;
+ if (strstr(argv[1], "cbc"))
+ mode = MODE_CBC;
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ if (argc > 2) {
+ if (strstr(argv[2], "ecb"))
+ mode = MODE_ECB;
+ if (strstr(argv[2], "cbc"))
+ mode = MODE_CBC;
+ if (strstr(argv[2], "silent"))
+ silent = 1;
+ }
+ if (mode != 0 && mode != MODE_ECB && mode != MODE_CBC) {
+ printf("Usage: %s [ ecb | cbc ]\n", argv[0]);
+ return -1;
+ }
+ int rc = 0;
+ int error_count = 0;
+ if (!mode) {
+ // silent = 0;
+ /* This is the standard loop that will perform all testcases */
+ mode = 2;
+ while (mode) {
+ rc = test_aes128_new_api(mode);
+ if (rc) {
+ error_count++;
+ printf ("test_aes_new_api mode = %i failed \n", mode);
+ }
+ else {
+ if (!silent) {
+ printf ("test_aes_new_api mode = %i finished successfully \n", mode);
+ }
+ }
+ mode--;
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All AES128 (ECB/CBC) testcases finished successfully\n");
+ } else {
+ /* Perform only either in ECB or CBC mode */
+ rc = test_aes128_new_api(mode);
+ if (rc)
+ printf ("test_aes_new_api mode = %i failed \n", mode);
+ else {
+ if (!silent) {
+ printf ("test_aes_new_api mode = %i finished successfully \n", mode);
+ }
+ }
+ }
+ return rc;
diff --git a/src/tests/libica_aes192_test.c b/src/tests/libica_aes192_test.c
new file mode 100644
index 0000000..7cb3098
--- /dev/null
+++ b/src/tests/libica_aes192_test.c
@@ -0,0 +1,180 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2005, 2009, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+unsigned char NIST_KEY2[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+unsigned char NIST_TEST_DATA[] = {
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+unsigned char NIST_TEST_RESULT[] = {
+ 0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0,
+ 0x6e, 0xaf, 0x70, 0xa0, 0xec, 0x0d, 0x71, 0x91,
+int silent;
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+int test_aes192_new_api(int mode)
+ ica_aes_vector_t iv;
+ ica_aes_key_len_192_t key;
+ int rc = 0;
+ unsigned char dec_text[sizeof(NIST_TEST_DATA)],
+ enc_text[sizeof(NIST_TEST_DATA)];
+ bzero(dec_text, sizeof(dec_text));
+ bzero(enc_text, sizeof(enc_text));
+ bzero(iv, sizeof(iv));
+ bcopy(NIST_KEY2, key, sizeof(NIST_KEY2));
+ rc = ica_aes_encrypt(mode, sizeof(NIST_TEST_DATA), NIST_TEST_DATA, &iv,
+ AES_KEY_LEN192, (unsigned char *) &key, enc_text);
+ if (rc) {
+ printf("\nOriginal data:\n");
+ dump_array((unsigned char*)NIST_TEST_DATA, sizeof(NIST_TEST_DATA));
+ printf("ica_aes_encrypt failed with errno %d (0x%x).\n", rc, rc);
+ return rc;
+ }
+ if (memcmp(enc_text, NIST_TEST_RESULT, sizeof(NIST_TEST_RESULT)) != 0) {
+ printf("\nOriginal data:\n");
+ dump_array((unsigned char*)NIST_TEST_DATA, sizeof(NIST_TEST_DATA));
+ printf("\nEncrypted data:\n");
+ dump_array((unsigned char*)enc_text, sizeof(enc_text));
+ printf("This does NOT match the known result.\n");
+ return 1;
+ } else {
+ if (!silent) {
+ printf("Yep, it's what it should be.\n");
+ }
+ }
+ bzero(iv, sizeof(iv));
+ rc = ica_aes_decrypt(mode, sizeof(enc_text), enc_text, &iv,
+ AES_KEY_LEN192, (unsigned char *) &key, dec_text);
+ if (rc != 0) {
+ printf("ica_aes_decrypt failed with errno %d (0x%x).\n", rc, rc);
+ return 1;
+ }
+ if (memcmp(dec_text, NIST_TEST_DATA, sizeof(NIST_TEST_DATA)) != 0) {
+ printf("\nOriginal data:\n");
+ dump_array((unsigned char*)NIST_TEST_DATA, sizeof(NIST_TEST_DATA));
+ printf("\nEncrypted data:\n");
+ dump_array((unsigned char*)enc_text, sizeof(enc_text));
+ printf("\nDecrypted data:\n");
+ dump_array((unsigned char*)dec_text, sizeof(dec_text));
+ printf("This does NOT match the original data.\n");
+ return 1;
+ } else {
+ if (!silent) {
+ printf("Successful!\n");
+ printf("\nOriginal data:\n");
+ dump_array((unsigned char*)NIST_TEST_DATA, sizeof(NIST_TEST_DATA));
+ printf("\nEncrypted data:\n");
+ dump_array((unsigned char*)enc_text, sizeof(enc_text));
+ printf("\nDecrypted data:\n");
+ dump_array((unsigned char*)dec_text, sizeof(dec_text));
+ }
+ }
+ return 0;
+int main(int argc, char **argv)
+ // Default mode is 0. ECB and CBC tests will be performed.
+ unsigned int mode = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "ecb"))
+ mode = MODE_ECB;
+ if (strstr(argv[1], "cbc"))
+ mode = MODE_CBC;
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ if (argc > 2) {
+ if (strstr(argv[2], "ecb"))
+ mode = MODE_ECB;
+ if (strstr(argv[2], "cbc"))
+ mode = MODE_CBC;
+ if (strstr(argv[2], "silent"))
+ silent = 1;
+ }
+ if (mode != 0 && mode != MODE_ECB && mode != MODE_CBC) {
+ printf("Usage: %s [ ecb | cbc ]\n", argv[0]);
+ return -1;
+ }
+ int rc = 0;
+ int error_count = 0;
+ if (!mode) {
+ /* This is the standard loop that will perform all testcases */
+ mode = 2;
+ while (mode) {
+ rc = test_aes192_new_api(mode);
+ if (rc) {
+ error_count++;
+ printf ("test_aes_new_api mode = %i failed \n", mode);
+ } else {
+ if (!silent) {
+ printf ("test_aes_new_api mode = %i finished successfully \n", mode);
+ }
+ }
+ mode--;
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All AES192 (ECB/CBC) testcases finished successfully\n");
+ } else {
+ /* Perform only either in ECB or CBC mode */
+ rc = test_aes192_new_api(mode);
+ if (rc)
+ printf ("test_aes_new_api mode = %i failed \n", mode);
+ else {
+ if (!silent) {
+ printf ("test_aes_new_api mode = %i finished successfully \n", mode);
+ }
+ }
+ }
+ return rc;
diff --git a/src/tests/libica_aes256_test.c b/src/tests/libica_aes256_test.c
new file mode 100644
index 0000000..5c663a8
--- /dev/null
+++ b/src/tests/libica_aes256_test.c
@@ -0,0 +1,182 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2005, 2009, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+unsigned char NIST_KEY3[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+unsigned char NIST_TEST_DATA[] = {
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+unsigned char NIST_TEST_RESULT[] = {
+ 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
+ 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89,
+int silent;
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+int test_aes256_new_api(int mode)
+ ica_aes_vector_t iv;
+ unsigned char key[AES_KEY_LEN256];
+ int rc = 0;
+ unsigned char dec_text[sizeof(NIST_TEST_DATA)],
+ enc_text[sizeof(NIST_TEST_DATA)];
+ bzero(dec_text, sizeof(dec_text));
+ bzero(enc_text, sizeof(enc_text));
+ bzero(iv, sizeof(iv));
+ bcopy(NIST_KEY3, key, sizeof(NIST_KEY3));
+ rc = ica_aes_encrypt(mode, sizeof(NIST_TEST_DATA), NIST_TEST_DATA, &iv,
+ AES_KEY_LEN256, key, enc_text);
+ if (rc) {
+ printf("ica_aes_encrypt failed with errno %d (0x%x).\n", rc, rc);
+ return 1;
+ }
+ if (memcmp(enc_text, NIST_TEST_RESULT, sizeof(NIST_TEST_RESULT)) != 0) {
+ printf("\nOriginal data:\n");
+ dump_array((unsigned char *) NIST_TEST_DATA, sizeof(NIST_TEST_DATA));
+ printf("\nEncrypted data:\n");
+ dump_array((unsigned char *) enc_text, sizeof(enc_text));
+ printf("This does NOT match the known result.\n");
+ return 1;
+ } else {
+ if (!silent) {
+ printf("Yep, it's what it should be.\n");
+ }
+ }
+ bzero(iv, sizeof(iv));
+ rc = ica_aes_decrypt(mode, sizeof(enc_text), enc_text, &iv,
+ AES_KEY_LEN256, key, dec_text);
+ if (rc) {
+ printf("ica_aes_decrypt failed with errno %d (0x%x).\n", rc, rc);
+ return 1;
+ }
+ if (memcmp(dec_text, NIST_TEST_DATA, sizeof(NIST_TEST_DATA)) != 0) {
+ printf("\nOriginal data:\n");
+ dump_array((unsigned char *) NIST_TEST_DATA, sizeof(NIST_TEST_DATA));
+ printf("\nEncrypted data:\n");
+ dump_array((unsigned char *) enc_text, sizeof(enc_text));
+ printf("\nDecrypted data:\n");
+ dump_array((unsigned char *) dec_text, sizeof(dec_text));
+ printf("This does NOT match the original data.\n");
+ return 1;
+ } else {
+ if (!silent) {
+ printf("\nOriginal data:\n");
+ dump_array((unsigned char *) NIST_TEST_DATA, sizeof(NIST_TEST_DATA));
+ printf("\nEncrypted data:\n");
+ dump_array((unsigned char *) enc_text, sizeof(enc_text));
+ printf("\nDecrypted data:\n");
+ dump_array((unsigned char *) dec_text, sizeof(dec_text));
+ printf("Successful!\n");
+ }
+ }
+ return 0;
+int main(int argc, char **argv)
+ // Default mode is 0. ECB and CBC tests will be performed.
+ unsigned int mode = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "ecb"))
+ mode = MODE_ECB;
+ if (strstr(argv[1], "cbc"))
+ mode = MODE_CBC;
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ if (argc > 2) {
+ if (strstr(argv[2], "ecb"))
+ mode = MODE_ECB;
+ if (strstr(argv[2], "cbc"))
+ mode = MODE_CBC;
+ if (strstr(argv[2], "silent"))
+ silent = 1;
+ }
+ if (mode != 0 && mode != MODE_ECB && mode != MODE_CBC) {
+ printf("Usage: %s [ ecb | cbc ]\n", argv[0]);
+ return -1;
+ }
+ int rc = 0;
+ int error_count = 0;
+ if (!mode) {
+ /* This is the standard loop that will perform all testcases */
+ mode = 2;
+ while (mode) {
+ rc = test_aes256_new_api(mode);
+ if (rc) {
+ error_count++;
+ printf ("test_aes_new_api mode = %i failed \n", mode);
+ }
+ else {
+ if (!silent) {
+ printf ("test_aes_new_api mode = %i finished successfully \n", mode);
+ }
+ }
+ mode--;
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All AES256 (ECB/CBC) testcases finished successfully\n");
+ } else {
+ /* Perform only either in ECB or CBC mode */
+ rc = test_aes256_new_api(mode);
+ if (rc)
+ printf("test_aes_new_api mode = %i failed \n", mode);
+ else {
+ if (!silent) {
+ printf("test_aes_new_api mode = %i finished successfully \n", mode);
+ }
+ }
+ }
+ return rc;
diff --git a/src/tests/libica_aes_cbc_test.c b/src/tests/libica_aes_cbc_test.c
new file mode 100644
index 0000000..0225771
--- /dev/null
+++ b/src/tests/libica_aes_cbc_test.c
@@ -0,0 +1,649 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_TESTS 7
+#define NR_RANDOM_TESTS 10000
+/* CBC data - 1 for AES128 */
+unsigned char NIST_KEY_CBC_E1[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+unsigned char NIST_IV_CBC_E1[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+unsigned char NIST_EXPECTED_IV_CBC_E1[] = {
+ 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
+ 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
+unsigned char NIST_TEST_DATA_CBC_E1[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+unsigned char NIST_TEST_RESULT_CBC_E1[] = {
+ 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
+ 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
+/* CBC data - 2 for AES128 */
+unsigned char NIST_KEY_CBC_E2[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+unsigned char NIST_IV_CBC_E2[] = {
+ 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
+ 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
+unsigned char NIST_EXPECTED_IV_CBC_E2[] = {
+ 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
+ 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2,
+unsigned char NIST_TEST_DATA_CBC_E2[] = {
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+unsigned char NIST_TEST_RESULT_CBC_E2[] = {
+ 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
+ 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2,
+/* CBC data - 3 - for AES128 */
+unsigned char NIST_KEY_CBC_E3[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+unsigned char NIST_IV_CBC_E3[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+unsigned char NIST_EXPECTED_IV_CBC_E3[] = {
+ 0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09,
+ 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7,
+unsigned char NIST_TEST_DATA_CBC_E3[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+ 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
+unsigned char NIST_TEST_RESULT_CBC_E3[] = {
+ 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
+ 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
+ 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
+ 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2,
+ 0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b,
+ 0x71, 0x16, 0xe6, 0x9e, 0x22, 0x22, 0x95, 0x16,
+ 0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09,
+ 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7,
+/* CBC data - 4 - for AES192 */
+unsigned char NIST_KEY_CBC_E4[] = {
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
+ 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
+ 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
+unsigned char NIST_IV_CBC_E4[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+unsigned char NIST_EXPECTED_IV_CBC_E4[] = {
+ 0x4f, 0x02, 0x1d, 0xb2, 0x43, 0xbc, 0x63, 0x3d,
+ 0x71, 0x78, 0x18, 0x3a, 0x9f, 0xa0, 0x71, 0xe8,
+unsigned char NIST_TEST_DATA_CBC_E4[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+unsigned char NIST_TEST_RESULT_CBC_E4[] = {
+ 0x4f, 0x02, 0x1d, 0xb2, 0x43, 0xbc, 0x63, 0x3d,
+ 0x71, 0x78, 0x18, 0x3a, 0x9f, 0xa0, 0x71, 0xe8,
+/* CBC data 5 - for AES 192 */
+unsigned char NIST_KEY_CBC_E5[] = {
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
+ 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
+ 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
+unsigned char NIST_IV_CBC_E5[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+unsigned char NIST_EXPECTED_IV_CBC_E5[] = {
+ 0x08, 0xb0, 0xe2, 0x79, 0x88, 0x59, 0x88, 0x81,
+ 0xd9, 0x20, 0xa9, 0xe6, 0x4f, 0x56, 0x15, 0xcd,
+unsigned char NIST_TEST_DATA_CBC_E5[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+ 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
+unsigned char NIST_TEST_RESULT_CBC_E5[] = {
+ 0x4f, 0x02, 0x1d, 0xb2, 0x43, 0xbc, 0x63, 0x3d,
+ 0x71, 0x78, 0x18, 0x3a, 0x9f, 0xa0, 0x71, 0xe8,
+ 0xb4, 0xd9, 0xad, 0xa9, 0xad, 0x7d, 0xed, 0xf4,
+ 0xe5, 0xe7, 0x38, 0x76, 0x3f, 0x69, 0x14, 0x5a,
+ 0x57, 0x1b, 0x24, 0x20, 0x12, 0xfb, 0x7a, 0xe0,
+ 0x7f, 0xa9, 0xba, 0xac, 0x3d, 0xf1, 0x02, 0xe0,
+ 0x08, 0xb0, 0xe2, 0x79, 0x88, 0x59, 0x88, 0x81,
+ 0xd9, 0x20, 0xa9, 0xe6, 0x4f, 0x56, 0x15, 0xcd,
+/* CBC data 6 - for AES 256 */
+unsigned char NIST_KEY_CBC_E6[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+unsigned char NIST_IV_CBC_E6[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+unsigned char NIST_EXPECTED_IV_CBC_E6[] = {
+ 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
+ 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
+unsigned char NIST_TEST_DATA_CBC_E6[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+unsigned char NIST_TEST_RESULT_CBC_E6[] = {
+ 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
+ 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
+/* CBC data 7 - for AES 256 */
+unsigned char NIST_KEY_CBC_E7[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+unsigned char NIST_IV_CBC_E7[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+unsigned char NIST_EXPECTED_IV_CBC_E7[] = {
+ 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc,
+ 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b,
+unsigned char NIST_TEST_DATA_CBC_E7[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+ 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
+unsigned char NIST_TEST_RESULT_CBC_E7[] = {
+ 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
+ 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
+ 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
+ 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d,
+ 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf,
+ 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61,
+ 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc,
+ 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b,
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_cbc_data(unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data)
+ printf("IV \n");
+ dump_array(iv, iv_length);
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+void get_sizes(unsigned int *data_length, unsigned int *iv_length,
+ unsigned int *key_length, unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ *data_length = sizeof(NIST_TEST_DATA_CBC_E1);
+ *iv_length = sizeof(NIST_IV_CBC_E1);
+ *key_length = sizeof(NIST_KEY_CBC_E1);
+ break;
+ case 2:
+ *data_length = sizeof(NIST_TEST_DATA_CBC_E2);
+ *iv_length = sizeof(NIST_IV_CBC_E2);
+ *key_length = sizeof(NIST_KEY_CBC_E2);
+ break;
+ case 3:
+ *data_length = sizeof(NIST_TEST_DATA_CBC_E3);
+ *iv_length = sizeof(NIST_IV_CBC_E3);
+ *key_length = sizeof(NIST_KEY_CBC_E3);
+ break;
+ case 4:
+ *data_length = sizeof(NIST_TEST_DATA_CBC_E4);
+ *iv_length = sizeof(NIST_IV_CBC_E4);
+ *key_length = sizeof(NIST_KEY_CBC_E4);
+ break;
+ case 5:
+ *data_length = sizeof(NIST_TEST_DATA_CBC_E5);
+ *iv_length = sizeof(NIST_IV_CBC_E5);
+ *key_length = sizeof(NIST_KEY_CBC_E5);
+ break;
+ case 6:
+ *data_length = sizeof(NIST_TEST_DATA_CBC_E6);
+ *iv_length = sizeof(NIST_IV_CBC_E6);
+ *key_length = sizeof(NIST_KEY_CBC_E6);
+ break;
+ case 7:
+ *data_length = sizeof(NIST_TEST_DATA_CBC_E7);
+ *iv_length = sizeof(NIST_IV_CBC_E7);
+ *key_length = sizeof(NIST_KEY_CBC_E7);
+ break;
+ case 8:
+ break;
+ case 9:
+ break;
+ case 10:
+ break;
+ case 11:
+ break;
+ case 12:
+ break;
+ }
+void load_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *result,
+ unsigned char *iv, unsigned char *expected_iv,
+ unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ memcpy(data, NIST_TEST_DATA_CBC_E1, data_length);
+ memcpy(result, NIST_TEST_RESULT_CBC_E1, data_length);
+ memcpy(iv, NIST_IV_CBC_E1, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CBC_E1, iv_length);
+ memcpy(key, NIST_KEY_CBC_E1, key_length);
+ break;
+ case 2:
+ memcpy(data, NIST_TEST_DATA_CBC_E2, data_length);
+ memcpy(result, NIST_TEST_RESULT_CBC_E2, data_length);
+ memcpy(iv, NIST_IV_CBC_E2, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CBC_E2, iv_length);
+ memcpy(key, NIST_KEY_CBC_E2, key_length);
+ break;
+ case 3:
+ memcpy(data, NIST_TEST_DATA_CBC_E3, data_length);
+ memcpy(result, NIST_TEST_RESULT_CBC_E3, data_length);
+ memcpy(iv, NIST_IV_CBC_E3, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CBC_E3, iv_length);
+ memcpy(key, NIST_KEY_CBC_E3, key_length);
+ break;
+ case 4:
+ memcpy(data, NIST_TEST_DATA_CBC_E4, data_length);
+ memcpy(result, NIST_TEST_RESULT_CBC_E4, data_length);
+ memcpy(iv, NIST_IV_CBC_E4, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CBC_E4, iv_length);
+ memcpy(key, NIST_KEY_CBC_E4, key_length);
+ break;
+ case 5:
+ memcpy(data, NIST_TEST_DATA_CBC_E5, data_length);
+ memcpy(result, NIST_TEST_RESULT_CBC_E5, data_length);
+ memcpy(iv, NIST_IV_CBC_E5, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CBC_E5, iv_length);
+ memcpy(key, NIST_KEY_CBC_E5, key_length);
+ break;
+ case 6:
+ memcpy(data, NIST_TEST_DATA_CBC_E6, data_length);
+ memcpy(result, NIST_TEST_RESULT_CBC_E6, data_length);
+ memcpy(iv, NIST_IV_CBC_E6, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CBC_E6, iv_length);
+ memcpy(key, NIST_KEY_CBC_E6, key_length);
+ break;
+ case 7:
+ memcpy(data, NIST_TEST_DATA_CBC_E7, data_length);
+ memcpy(result, NIST_TEST_RESULT_CBC_E7, data_length);
+ memcpy(iv, NIST_IV_CBC_E7, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CBC_E7, iv_length);
+ memcpy(key, NIST_KEY_CBC_E7, key_length);
+ break;
+ case 8:
+ break;
+ case 9:
+ break;
+ case 10:
+ break;
+ case 11:
+ break;
+ case 12:
+ break;
+ }
+int kat_aes_cbc(int iteration, int silent)
+ unsigned int data_length;
+ unsigned int iv_length;
+ unsigned int key_length;
+ get_sizes(&data_length, &iv_length, &key_length, iteration);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i\n",
+ key_length, data_length, iv_length);
+ }
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char expected_iv[iv_length];
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ unsigned char result[data_length];
+ int rc = 0;
+ load_test_data(input_data, data_length, result, iv, expected_iv,
+ iv_length, key, key_length, iteration);
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_aes_cbc(input_data, encrypt, data_length, key, key_length,
+ tmp_iv, 1);
+ if (rc) {
+ printf("ica_aes_cbc encrypt failed with rc = %i\n", rc);
+ dump_cbc_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_cbc_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (memcmp(result, encrypt, data_length)) {
+ printf("Encryption Result does not match the known ciphertext!\n");
+ printf("Expected data:\n");
+ dump_array(result, data_length);
+ printf("Encryption Result:\n");
+ dump_array(encrypt, data_length);
+ rc++;
+ }
+ if (memcmp(expected_iv, tmp_iv, iv_length)) {
+ printf("Update of IV does not match the expected IV!\n");
+ printf("Expected IV:\n");
+ dump_array(expected_iv, iv_length);
+ printf("Updated IV:\n");
+ dump_array(tmp_iv, iv_length);
+ printf("Original IV:\n");
+ dump_array(iv, iv_length);
+ rc++;
+ }
+ if (rc) {
+ printf("AES CBC test exited after encryption\n");
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_aes_cbc(encrypt, decrypt, data_length, key, key_length,
+ tmp_iv, 0);
+ if (rc) {
+ printf("ica_aes_cbc decrypt failed with rc = %i\n", rc);
+ dump_cbc_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_cbc_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int load_random_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length)
+ int rc;
+ rc = ica_random_number_generate(data_length, data);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(iv_length, iv);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(key_length, key);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ return rc;
+int random_aes_cbc(int iteration, int silent, unsigned int data_length)
+ int i;
+ int rc = 0;
+ unsigned int iv_length = sizeof(ica_aes_vector_t);
+ unsigned int key_length = AES_KEY_LEN128;
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+for (i = 1; i <= 2; i++) {
+ unsigned char key[key_length];
+ memset(encrypt, 0x00, data_length);
+ memset(decrypt, 0x00, data_length);
+ load_random_test_data(input_data, data_length, iv, iv_length, key,
+ key_length);
+ memcpy(tmp_iv, iv, iv_length);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i\n",
+ key_length, data_length, iv_length);
+ }
+ rc = ica_aes_cbc(input_data, encrypt, data_length, key, key_length,
+ tmp_iv, 1);
+ if (rc) {
+ printf("ica_aes_cbc encrypt failed with rc = %i\n", rc);
+ dump_cbc_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_cbc_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (rc) {
+ printf("AES CBC test exited after encryption\n");
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_aes_cbc(encrypt, decrypt, data_length, key, key_length,
+ tmp_iv, 0);
+ if (rc) {
+ printf("ica_aes_cbc decrypt failed with rc = %i\n", rc);
+ dump_cbc_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_cbc_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ return rc;
+ }
+ key_length += 8;
+ return rc;
+int main(int argc, char **argv)
+ unsigned int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ int rc = 0;
+ int error_count = 0;
+ int iteration;
+ unsigned int data_length = sizeof(ica_aes_vector_t);
+ for(iteration = 1; iteration <= NR_TESTS; iteration++) {
+ rc = kat_aes_cbc(iteration, silent);
+ if (rc) {
+ printf("kat_aes_cbc failed with rc = %i\n", rc);
+ error_count++;
+ } else {
+ if (!silent) {
+ printf("kat_aes_cbc finished successfully\n");
+ }
+ }
+ }
+ for(iteration = 1; iteration <= NR_RANDOM_TESTS; iteration++) {
+ //int silent = 1;
+ rc = random_aes_cbc(iteration, silent, data_length);
+ if (rc) {
+ printf("random_aes_cbc failed with rc = %i\n", rc);
+ error_count++;
+ goto out;
+ } else {
+ if (!silent) {
+ printf("random_aes_cbc finished successfully\n");
+ }
+ }
+ data_length += sizeof(ica_aes_vector_t);
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else {
+ printf("All AES-CBC testcases finished successfully\n");
+ }
+ return rc;
diff --git a/src/tests/libica_aes_cfb_test.c b/src/tests/libica_aes_cfb_test.c
new file mode 100644
index 0000000..2663dfa
--- /dev/null
+++ b/src/tests/libica_aes_cfb_test.c
@@ -0,0 +1,832 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_TESTS 12
+#define NR_RANDOM_TESTS 1000
+/* CFB128 data -1- AES128 */
+unsigned char NIST_KEY_CFB_E1[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+unsigned char NIST_IV_CFB_E1[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+unsigned char NIST_EXPECTED_IV_CFB_E1[] = {
+ 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20,
+ 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a,
+unsigned char NIST_TEST_DATA_CFB_E1[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+unsigned char NIST_TEST_RESULT_CFB_E1[] = {
+ 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20,
+ 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a,
+unsigned int NIST_LCFB_E1 = 128 / 8;
+/* CFB128 data -2- AES128 */
+unsigned char NIST_KEY_CFB_E2[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+unsigned char NIST_IV_CFB_E2[] = {
+ 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20,
+ 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a,
+unsigned char NIST_EXPECTED_IV_CFB_E2[] = {
+ 0xc8, 0xa6, 0x45, 0x37, 0xa0, 0xb3, 0xa9, 0x3f,
+ 0xcd, 0xe3, 0xcd, 0xad, 0x9f, 0x1c, 0xe5, 0x8b,
+unsigned char NIST_TEST_DATA_CFB_E2[] = {
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+unsigned char NIST_TEST_RESULT_CFB_E2[] = {
+ 0xc8, 0xa6, 0x45, 0x37, 0xa0, 0xb3, 0xa9, 0x3f,
+ 0xcd, 0xe3, 0xcd, 0xad, 0x9f, 0x1c, 0xe5, 0x8b,
+unsigned int NIST_LCFB_E2 = 128 / 8;
+/* CFB8 data -3- AES128 */
+unsigned char NIST_KEY_CFB_E3[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+unsigned char NIST_IV_CFB_E3[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+unsigned char NIST_EXPECTED_IV_CFB_E3[] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x3b,
+unsigned char NIST_TEST_DATA_CFB_E3[] = {
+ 0x6b,
+unsigned char NIST_TEST_RESULT_CFB_E3[] = {
+ 0x3b,
+unsigned int NIST_LCFB_E3 = 8 / 8;
+/* CFB8 data -4- AES128 */
+unsigned char NIST_KEY_CFB_E4[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+unsigned char NIST_IV_CFB_E4[] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x3b,
+unsigned char NIST_EXPECTED_IV_CFB_E4[] = {
+ 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x3b, 0x79,
+unsigned char NIST_TEST_DATA_CFB_E4[] = {
+ 0xc1,
+unsigned char NIST_TEST_RESULT_CFB_E4[] = {
+ 0x79,
+unsigned int NIST_LCFB_E4 = 8 / 8;
+/* CFB 128 data -5- for AES192 */
+unsigned char NIST_KEY_CFB_E5[] = {
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
+ 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
+ 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
+unsigned char NIST_IV_CFB_E5[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+unsigned char NIST_EXPECTED_IV_CFB_E5[] = {
+ 0xcd, 0xc8, 0x0d, 0x6f, 0xdd, 0xf1, 0x8c, 0xab,
+ 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74,
+unsigned char NIST_TEST_DATA_CFB_E5[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+unsigned char NIST_TEST_RESULT_CFB_E5[] = {
+ 0xcd, 0xc8, 0x0d, 0x6f, 0xdd, 0xf1, 0x8c, 0xab,
+ 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74,
+unsigned int NIST_LCFB_E5 = 128 / 8;
+/* CFB 128 data -6- for AES192 */
+unsigned char NIST_KEY_CFB_E6[] = {
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
+ 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
+ 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
+unsigned char NIST_IV_CFB_E6[] = {
+ 0xcd, 0xc8, 0x0d, 0x6f, 0xdd, 0xf1, 0x8c, 0xab,
+ 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74,
+unsigned char NIST_EXPECTED_IV_CFB_E6[] = {
+ 0x67, 0xce, 0x7f, 0x7f, 0x81, 0x17, 0x36, 0x21,
+ 0x96, 0x1a, 0x2b, 0x70, 0x17, 0x1d, 0x3d, 0x7a,
+unsigned char NIST_TEST_DATA_CFB_E6[] = {
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+unsigned char NIST_TEST_RESULT_CFB_E6[] = {
+ 0x67, 0xce, 0x7f, 0x7f, 0x81, 0x17, 0x36, 0x21,
+ 0x96, 0x1a, 0x2b, 0x70, 0x17, 0x1d, 0x3d, 0x7a,
+unsigned int NIST_LCFB_E6 = 128 / 8;
+/* CFB 128 data -7- for AES192 */
+unsigned char NIST_KEY_CFB_E7[] = {
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
+ 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
+ 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
+unsigned char NIST_IV_CFB_E7[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+unsigned char NIST_EXPECTED_IV_CFB_E7[] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xcd,
+unsigned char NIST_TEST_DATA_CFB_E7[] = {
+ 0x6b,
+unsigned char NIST_TEST_RESULT_CFB_E7[] = {
+ 0xcd,
+unsigned int NIST_LCFB_E7 = 8 / 8;
+/* CFB 128 data -8- for AES192 */
+unsigned char NIST_KEY_CFB_E8[] = {
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
+ 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
+ 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
+unsigned char NIST_IV_CFB_E8[] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xcd,
+unsigned char NIST_EXPECTED_IV_CFB_E8[] = {
+ 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xcd, 0xa2,
+unsigned char NIST_TEST_DATA_CFB_E8[] = {
+ 0xc1,
+unsigned char NIST_TEST_RESULT_CFB_E8[] = {
+ 0xa2,
+unsigned int NIST_LCFB_E8 = 8 / 8;
+/* CFB128 data -9- for AES256 */
+unsigned char NIST_KEY_CFB_E9[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+unsigned char NIST_IV_CFB_E9[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+unsigned char NIST_EXPECTED_IV_CFB_E9[] = {
+ 0xdc, 0x7e, 0x84, 0xbf, 0xda, 0x79, 0x16, 0x4b,
+ 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60,
+unsigned char NIST_TEST_DATA_CFB_E9[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+unsigned char NIST_TEST_RESULT_CFB_E9[] = {
+ 0xdc, 0x7e, 0x84, 0xbf, 0xda, 0x79, 0x16, 0x4b,
+ 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60,
+unsigned int NIST_LCFB_E9 = 128 / 8;
+/* CFB128 data -10- for AES256 */
+unsigned char NIST_KEY_CFB_E10[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+unsigned char NIST_IV_CFB_E10[] = {
+ 0xdc, 0x7e, 0x84, 0xbf, 0xda, 0x79, 0x16, 0x4b,
+ 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60,
+unsigned char NIST_EXPECTED_IV_CFB_E10[] = {
+ 0x39, 0xff, 0xed, 0x14, 0x3b, 0x28, 0xb1, 0xc8,
+ 0x32, 0x11, 0x3c, 0x63, 0x31, 0xe5, 0x40, 0x7b,
+unsigned char NIST_TEST_DATA_CFB_E10[] = {
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+unsigned char NIST_TEST_RESULT_CFB_E10[] = {
+ 0x39, 0xff, 0xed, 0x14, 0x3b, 0x28, 0xb1, 0xc8,
+ 0x32, 0x11, 0x3c, 0x63, 0x31, 0xe5, 0x40, 0x7b,
+unsigned int NIST_LCFB_E10 = 128 / 8;
+/* CFB8 data -11- for AES256 */
+unsigned char NIST_KEY_CFB_E11[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+unsigned char NIST_IV_CFB_E11[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+unsigned char NIST_EXPECTED_IV_CFB_E11[] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xdc,
+unsigned char NIST_TEST_DATA_CFB_E11[] = {
+ 0x6b,
+unsigned char NIST_TEST_RESULT_CFB_E11[] = {
+ 0xdc,
+unsigned int NIST_LCFB_E11 = 8 / 8;
+/* CFB8 data -12- for AES256 */
+unsigned char NIST_KEY_CFB_E12[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+unsigned char NIST_IV_CFB_E12[] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xdc,
+unsigned char NIST_EXPECTED_IV_CFB_E12[] = {
+ 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+ 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xdc, 0x1f,
+unsigned char NIST_TEST_DATA_CFB_E12[] = {
+ 0xc1,
+unsigned char NIST_TEST_RESULT_CFB_E12[] = {
+ 0x1f,
+unsigned int NIST_LCFB_E12 = 8 / 8;
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_cfb_data(unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data)
+ printf("IV \n");
+ dump_array(iv, iv_length);
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+void get_sizes(unsigned int *data_length, unsigned int *iv_length,
+ unsigned int *key_length, unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ *data_length = sizeof(NIST_TEST_DATA_CFB_E1);
+ *iv_length = sizeof(NIST_IV_CFB_E1);
+ *key_length = sizeof(NIST_KEY_CFB_E1);
+ break;
+ case 2:
+ *data_length = sizeof(NIST_TEST_DATA_CFB_E2);
+ *iv_length = sizeof(NIST_IV_CFB_E2);
+ *key_length = sizeof(NIST_KEY_CFB_E2);
+ break;
+ case 3:
+ *data_length = sizeof(NIST_TEST_DATA_CFB_E3);
+ *iv_length = sizeof(NIST_IV_CFB_E3);
+ *key_length = sizeof(NIST_KEY_CFB_E3);
+ break;
+ case 4:
+ *data_length = sizeof(NIST_TEST_DATA_CFB_E4);
+ *iv_length = sizeof(NIST_IV_CFB_E4);
+ *key_length = sizeof(NIST_KEY_CFB_E4);
+ break;
+ case 5:
+ *data_length = sizeof(NIST_TEST_DATA_CFB_E5);
+ *iv_length = sizeof(NIST_IV_CFB_E5);
+ *key_length = sizeof(NIST_KEY_CFB_E5);
+ break;
+ case 6:
+ *data_length = sizeof(NIST_TEST_DATA_CFB_E6);
+ *iv_length = sizeof(NIST_IV_CFB_E6);
+ *key_length = sizeof(NIST_KEY_CFB_E6);
+ break;
+ case 7:
+ *data_length = sizeof(NIST_TEST_DATA_CFB_E7);
+ *iv_length = sizeof(NIST_IV_CFB_E7);
+ *key_length = sizeof(NIST_KEY_CFB_E7);
+ break;
+ case 8:
+ *data_length = sizeof(NIST_TEST_DATA_CFB_E8);
+ *iv_length = sizeof(NIST_IV_CFB_E8);
+ *key_length = sizeof(NIST_KEY_CFB_E8);
+ break;
+ case 9:
+ *data_length = sizeof(NIST_TEST_DATA_CFB_E9);
+ *iv_length = sizeof(NIST_IV_CFB_E9);
+ *key_length = sizeof(NIST_KEY_CFB_E9);
+ break;
+ case 10:
+ *data_length = sizeof(NIST_TEST_DATA_CFB_E10);
+ *iv_length = sizeof(NIST_IV_CFB_E10);
+ *key_length = sizeof(NIST_KEY_CFB_E10);
+ break;
+ case 11:
+ *data_length = sizeof(NIST_TEST_DATA_CFB_E11);
+ *iv_length = sizeof(NIST_IV_CFB_E11);
+ *key_length = sizeof(NIST_KEY_CFB_E11);
+ break;
+ case 12:
+ *data_length = sizeof(NIST_TEST_DATA_CFB_E12);
+ *iv_length = sizeof(NIST_IV_CFB_E12);
+ *key_length = sizeof(NIST_KEY_CFB_E12);
+ break;
+ }
+void load_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *result,
+ unsigned char *iv, unsigned char *expected_iv,
+ unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned int *lcfb, unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ memcpy(data, NIST_TEST_DATA_CFB_E1, data_length);
+ memcpy(result, NIST_TEST_RESULT_CFB_E1, data_length);
+ memcpy(iv, NIST_IV_CFB_E1, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CFB_E1, iv_length);
+ memcpy(key, NIST_KEY_CFB_E1, key_length);
+ *lcfb = NIST_LCFB_E1;
+ break;
+ case 2:
+ memcpy(data, NIST_TEST_DATA_CFB_E2, data_length);
+ memcpy(result, NIST_TEST_RESULT_CFB_E2, data_length);
+ memcpy(iv, NIST_IV_CFB_E2, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CFB_E2, iv_length);
+ memcpy(key, NIST_KEY_CFB_E2, key_length);
+ *lcfb = NIST_LCFB_E2;
+ break;
+ case 3:
+ memcpy(data, NIST_TEST_DATA_CFB_E3, data_length);
+ memcpy(result, NIST_TEST_RESULT_CFB_E3, data_length);
+ memcpy(iv, NIST_IV_CFB_E3, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CFB_E3, iv_length);
+ memcpy(key, NIST_KEY_CFB_E3, key_length);
+ *lcfb = NIST_LCFB_E3;
+ break;
+ case 4:
+ memcpy(data, NIST_TEST_DATA_CFB_E4, data_length);
+ memcpy(result, NIST_TEST_RESULT_CFB_E4, data_length);
+ memcpy(iv, NIST_IV_CFB_E4, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CFB_E4, iv_length);
+ memcpy(key, NIST_KEY_CFB_E4, key_length);
+ *lcfb = NIST_LCFB_E4;
+ break;
+ case 5:
+ memcpy(data, NIST_TEST_DATA_CFB_E5, data_length);
+ memcpy(result, NIST_TEST_RESULT_CFB_E5, data_length);
+ memcpy(iv, NIST_IV_CFB_E5, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CFB_E5, iv_length);
+ memcpy(key, NIST_KEY_CFB_E5, key_length);
+ *lcfb = NIST_LCFB_E5;
+ break;
+ case 6:
+ memcpy(data, NIST_TEST_DATA_CFB_E6, data_length);
+ memcpy(result, NIST_TEST_RESULT_CFB_E6, data_length);
+ memcpy(iv, NIST_IV_CFB_E6, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CFB_E6, iv_length);
+ memcpy(key, NIST_KEY_CFB_E6, key_length);
+ *lcfb = NIST_LCFB_E6;
+ break;
+ case 7:
+ memcpy(data, NIST_TEST_DATA_CFB_E7, data_length);
+ memcpy(result, NIST_TEST_RESULT_CFB_E7, data_length);
+ memcpy(iv, NIST_IV_CFB_E7, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CFB_E7, iv_length);
+ memcpy(key, NIST_KEY_CFB_E7, key_length);
+ *lcfb = NIST_LCFB_E7;
+ break;
+ case 8:
+ memcpy(data, NIST_TEST_DATA_CFB_E8, data_length);
+ memcpy(result, NIST_TEST_RESULT_CFB_E8, data_length);
+ memcpy(iv, NIST_IV_CFB_E8, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CFB_E8, iv_length);
+ memcpy(key, NIST_KEY_CFB_E8, key_length);
+ *lcfb = NIST_LCFB_E8;
+ break;
+ case 9:
+ memcpy(data, NIST_TEST_DATA_CFB_E9, data_length);
+ memcpy(result, NIST_TEST_RESULT_CFB_E9, data_length);
+ memcpy(iv, NIST_IV_CFB_E9, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CFB_E9, iv_length);
+ memcpy(key, NIST_KEY_CFB_E9, key_length);
+ *lcfb = NIST_LCFB_E9;
+ break;
+ case 10:
+ memcpy(data, NIST_TEST_DATA_CFB_E10, data_length);
+ memcpy(result, NIST_TEST_RESULT_CFB_E10, data_length);
+ memcpy(iv, NIST_IV_CFB_E10, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CFB_E10, iv_length);
+ memcpy(key, NIST_KEY_CFB_E10, key_length);
+ *lcfb = NIST_LCFB_E10;
+ break;
+ case 11:
+ memcpy(data, NIST_TEST_DATA_CFB_E11, data_length);
+ memcpy(result, NIST_TEST_RESULT_CFB_E11, data_length);
+ memcpy(iv, NIST_IV_CFB_E11, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CFB_E11, iv_length);
+ memcpy(key, NIST_KEY_CFB_E11, key_length);
+ *lcfb = NIST_LCFB_E11;
+ break;
+ case 12:
+ memcpy(data, NIST_TEST_DATA_CFB_E12, data_length);
+ memcpy(result, NIST_TEST_RESULT_CFB_E12, data_length);
+ memcpy(iv, NIST_IV_CFB_E12, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CFB_E12, iv_length);
+ memcpy(key, NIST_KEY_CFB_E12, key_length);
+ *lcfb = NIST_LCFB_E12;
+ break;
+ }
+int kat_aes_cfb(int iteration, int silent)
+ unsigned int data_length;
+ unsigned int iv_length;
+ unsigned int key_length;
+ get_sizes(&data_length, &iv_length, &key_length, iteration);
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char expected_iv[iv_length];
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ unsigned char result[data_length];
+ int rc = 0;
+ unsigned int lcfb;
+ memset(encrypt, 0x00, data_length);
+ memset(decrypt, 0x00, data_length);
+ load_test_data(input_data, data_length, result, iv, expected_iv,
+ iv_length, key, key_length, &lcfb, iteration);
+ memcpy(tmp_iv, iv, iv_length);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i,"
+ " lcfb = %i\n", key_length, data_length, iv_length, lcfb);
+ }
+ if (iteration == 3)
+ rc = ica_aes_cfb(input_data, encrypt, lcfb, key, key_length, tmp_iv,
+ lcfb, 1);
+ else
+ rc = ica_aes_cfb(input_data, encrypt, data_length, key, key_length,
+ tmp_iv, lcfb, 1);
+ if (rc) {
+ printf("ica_aes_cfb encrypt failed with rc = %i\n", rc);
+ dump_cfb_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_cfb_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (memcmp(result, encrypt, data_length)) {
+ printf("Encryption Result does not match the known ciphertext!\n");
+ printf("Expected data:\n");
+ dump_array(result, data_length);
+ printf("Encryption Result:\n");
+ dump_array(encrypt, data_length);
+ rc++;
+ }
+ if (memcmp(expected_iv, tmp_iv, iv_length)) {
+ printf("Update of IV does not match the expected IV!\n");
+ printf("Expected IV:\n");
+ dump_array(expected_iv, iv_length);
+ printf("Updated IV:\n");
+ dump_array(tmp_iv, iv_length);
+ printf("Original IV:\n");
+ dump_array(iv, iv_length);
+ rc++;
+ }
+ if (rc) {
+ printf("AES OFB test exited after encryption\n");
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ if (iteration == 3)
+ rc = ica_aes_cfb(encrypt, decrypt, lcfb, key, key_length, tmp_iv,
+ lcfb, 0);
+ else
+ rc = ica_aes_cfb(encrypt, decrypt, data_length, key, key_length,
+ tmp_iv, lcfb, 0);
+ if (rc) {
+ printf("ica_aes_cfb decrypt failed with rc = %i\n", rc);
+ dump_cfb_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_cfb_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int load_random_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length)
+ int rc;
+ rc = ica_random_number_generate(data_length, data);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(iv_length, iv);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(key_length, key);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ return rc;
+int random_aes_cfb(int iteration, int silent, unsigned int data_length,
+ unsigned int lcfb)
+ unsigned int iv_length = sizeof(ica_aes_vector_t);
+ unsigned int key_length = AES_KEY_LEN128;
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ int rc = 0;
+ for (key_length = AES_KEY_LEN128; key_length <= AES_KEY_LEN256; key_length += 8) {
+ memset(encrypt, 0x00, data_length);
+ memset(decrypt, 0x00, data_length);
+ load_random_test_data(input_data, data_length, iv, iv_length, key,
+ key_length);
+ memcpy(tmp_iv, iv, iv_length);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i,"
+ " lcfb = %i\n", key_length, data_length, iv_length, lcfb);
+ }
+ rc = ica_aes_cfb(input_data, encrypt, data_length, key, key_length,
+ tmp_iv, lcfb, 1);
+ if (rc) {
+ printf("ica_aes_cfb encrypt failed with rc = %i\n", rc);
+ dump_cfb_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_cfb_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (rc) {
+ printf("AES OFB test exited after encryption\n");
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_aes_cfb(encrypt, decrypt, data_length, key, key_length,
+ tmp_iv, lcfb, 0);
+ if (rc) {
+ printf("ica_aes_cfb decrypt failed with rc = %i\n", rc);
+ dump_cfb_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_cfb_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ }
+ return rc;
+int main(int argc, char **argv)
+ unsigned int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ int rc = 0;
+ int error_count = 0;
+ int iteration;
+ for(iteration = 1; iteration <= NR_TESTS; iteration++) {
+ rc = kat_aes_cfb(iteration, silent);
+ if (rc) {
+ printf("kat_aes_cfb failed with rc = %i\n", rc);
+ error_count++;
+ }
+ }
+ unsigned int data_length = 1;
+ unsigned int lcfb = 1;
+ unsigned int j;
+ unsigned int rdata;
+ for(iteration = 1; iteration <= NR_RANDOM_TESTS; iteration++) {
+ for (j = 1; j <= 3; j++) {
+ if (!(data_length % lcfb)) {
+ rc = random_aes_cfb(iteration, silent, data_length, lcfb);
+ if (rc) {
+ printf("random_aes_cfb failed with rc = %i\n", rc);
+ error_count++;
+ }
+ }
+ switch (j) {
+ case 1:
+ lcfb = 1;
+ break;
+ case 2:
+ lcfb = 8;
+ break;
+ case 3:
+ lcfb = 16;
+ break;
+ }
+ }
+ // add a value between 1 and 8 to data_length
+ if (ica_random_number_generate(sizeof(rdata), (unsigned char*) &rdata)) {
+ printf("ica_random_number_generate failed with errnor = %i\n",
+ errno);
+ exit(1);
+ }
+ data_length += (rdata % 8) + 1;
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All AES-CFB testcases finished successfully\n");
+ return rc;
diff --git a/src/tests/libica_aes_ctr_test.c b/src/tests/libica_aes_ctr_test.c
new file mode 100644
index 0000000..6195c9d
--- /dev/null
+++ b/src/tests/libica_aes_ctr_test.c
@@ -0,0 +1,661 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_TESTS 7
+#define NR_RANDOM_TESTS 1000
+/* CTR data - 1 for AES128 */
+unsigned char NIST_KEY_CTR_E1[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+unsigned char NIST_IV_CTR_E1[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
+unsigned char NIST_EXPECTED_IV_CTR_E1[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xff, 0x00,
+unsigned char NIST_TEST_DATA_CTR_E1[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+unsigned char NIST_TEST_RESULT_CTR_E1[] = {
+ 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26,
+ 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce,
+/* CTR data - 2 for AES128 */
+unsigned char NIST_KEY_CTR_E2[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+unsigned char NIST_IV_CTR_E2[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
+unsigned char NIST_EXPECTED_IV_CTR_E2[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xff, 0x03,
+unsigned char NIST_TEST_DATA_CTR_E2[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+ 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
+unsigned char NIST_TEST_RESULT_CTR_E2[] = {
+ 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26,
+ 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce,
+ 0x98, 0x06, 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff,
+ 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff,
+ 0x5a, 0xe4, 0xdf, 0x3e, 0xdb, 0xd5, 0xd3, 0x5e,
+ 0x5b, 0x4f, 0x09, 0x02, 0x0d, 0xb0, 0x3e, 0xab,
+ 0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1,
+ 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee,
+/* CTR data - 3 - for AES192 */
+unsigned char NIST_KEY_CTR_E3[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+unsigned char NIST_IV_CTR_E3[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
+unsigned char NIST_EXPECTED_IV_CTR_E3[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xff, 0x00,
+unsigned char NIST_TEST_DATA_CTR_E3[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+unsigned char NIST_TEST_RESULT_CTR_E3[] = {
+ 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5,
+ 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28,
+/* CTR data - 4 - for AES192 */
+unsigned char NIST_KEY_CTR_E4[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+unsigned char NIST_IV_CTR_E4[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xff, 0x00,
+unsigned char NIST_EXPECTED_IV_CTR_E4[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xff, 0x01,
+unsigned char NIST_TEST_DATA_CTR_E4[] = {
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+unsigned char NIST_TEST_RESULT_CTR_E4[] = {
+ 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a,
+ 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5,
+/* CTR data 5 - for AES 256 */
+unsigned char NIST_KEY_CTR_E5[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+unsigned char NIST_IV_CTR_E5[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
+unsigned char NIST_EXPECTED_IV_CTR_E5[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xff, 0x03,
+unsigned char NIST_TEST_DATA_CTR_E5[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+ 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
+unsigned char NIST_TEST_RESULT_CTR_E5[] = {
+ 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5,
+ 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28,
+ 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a,
+ 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5,
+ 0x2b, 0x09, 0x30, 0xda, 0xa2, 0x3d, 0xe9, 0x4c,
+ 0xe8, 0x70, 0x17, 0xba, 0x2d, 0x84, 0x98, 0x8d,
+ 0xdf, 0xc9, 0xc5, 0x8d, 0xb6, 0x7a, 0xad, 0xa6,
+ 0x13, 0xc2, 0xdd, 0x08, 0x45, 0x79, 0x41, 0xa6,
+/* CTR data 6 - for AES 256.
+ * Data is != BLOCK_SIZE */
+unsigned char NIST_KEY_CTR_E6[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+unsigned char NIST_IV_CTR_E6[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
+unsigned char NIST_EXPECTED_IV_CTR_E6[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xff, 0x03,
+unsigned char NIST_TEST_DATA_CTR_E6[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+unsigned char NIST_TEST_RESULT_CTR_E6[] = {
+ 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5,
+ 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28,
+ 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a,
+ 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5,
+ 0x2b, 0x09, 0x30, 0xda, 0xa2, 0x3d, 0xe9, 0x4c,
+ 0xe8, 0x70, 0x17, 0xba, 0x2d, 0x84, 0x98, 0x8d,
+ 0xdf, 0xc9, 0xc5, 0x8d, 0xb6, 0x7a, 0xad, 0xa6,
+/* CTR data 7 - for AES 256
+ * Counter as big as the data. Therefore the counter
+ * should not be updated. Because it is already pre
+ * computed. */
+unsigned char NIST_KEY_CTR_E7[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+unsigned char NIST_IV_CTR_E7[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xff, 0x00,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xff, 0x01,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xff, 0x02,
+unsigned char NIST_EXPECTED_IV_CTR_E7[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xff, 0x00,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xff, 0x01,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xff, 0x02,
+unsigned char NIST_TEST_DATA_CTR_E7[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+ 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
+unsigned char NIST_TEST_RESULT_CTR_E7[] = {
+ 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5,
+ 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28,
+ 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a,
+ 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5,
+ 0x2b, 0x09, 0x30, 0xda, 0xa2, 0x3d, 0xe9, 0x4c,
+ 0xe8, 0x70, 0x17, 0xba, 0x2d, 0x84, 0x98, 0x8d,
+ 0xdf, 0xc9, 0xc5, 0x8d, 0xb6, 0x7a, 0xad, 0xa6,
+ 0x13, 0xc2, 0xdd, 0x08, 0x45, 0x79, 0x41, 0xa6,
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_ctr_data(unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data)
+ printf("IV \n");
+ dump_array(iv, iv_length);
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+void get_sizes(unsigned int *data_length, unsigned int *iv_length,
+ unsigned int *key_length, unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ *data_length = sizeof(NIST_TEST_DATA_CTR_E1);
+ *iv_length = sizeof(NIST_IV_CTR_E1);
+ *key_length = sizeof(NIST_KEY_CTR_E1);
+ break;
+ case 2:
+ *data_length = sizeof(NIST_TEST_DATA_CTR_E2);
+ *iv_length = sizeof(NIST_IV_CTR_E2);
+ *key_length = sizeof(NIST_KEY_CTR_E2);
+ break;
+ case 3:
+ *data_length = sizeof(NIST_TEST_DATA_CTR_E3);
+ *iv_length = sizeof(NIST_IV_CTR_E3);
+ *key_length = sizeof(NIST_KEY_CTR_E3);
+ break;
+ case 4:
+ *data_length = sizeof(NIST_TEST_DATA_CTR_E4);
+ *iv_length = sizeof(NIST_IV_CTR_E4);
+ *key_length = sizeof(NIST_KEY_CTR_E4);
+ break;
+ case 5:
+ *data_length = sizeof(NIST_TEST_DATA_CTR_E5);
+ *iv_length = sizeof(NIST_IV_CTR_E5);
+ *key_length = sizeof(NIST_KEY_CTR_E5);
+ break;
+ case 6:
+ *data_length = sizeof(NIST_TEST_DATA_CTR_E6);
+ *iv_length = sizeof(NIST_IV_CTR_E6);
+ *key_length = sizeof(NIST_KEY_CTR_E6);
+ break;
+ case 7:
+ *data_length = sizeof(NIST_TEST_DATA_CTR_E7);
+ *iv_length = sizeof(NIST_IV_CTR_E7);
+ *key_length = sizeof(NIST_KEY_CTR_E7);
+ break;
+ }
+void load_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *result,
+ unsigned char *iv, unsigned char *expected_iv,
+ unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ memcpy(data, NIST_TEST_DATA_CTR_E1, data_length);
+ memcpy(result, NIST_TEST_RESULT_CTR_E1, data_length);
+ memcpy(iv, NIST_IV_CTR_E1, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CTR_E1, iv_length);
+ memcpy(key, NIST_KEY_CTR_E1, key_length);
+ break;
+ case 2:
+ memcpy(data, NIST_TEST_DATA_CTR_E2, data_length);
+ memcpy(result, NIST_TEST_RESULT_CTR_E2, data_length);
+ memcpy(iv, NIST_IV_CTR_E2, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CTR_E2, iv_length);
+ memcpy(key, NIST_KEY_CTR_E2, key_length);
+ break;
+ case 3:
+ memcpy(data, NIST_TEST_DATA_CTR_E3, data_length);
+ memcpy(result, NIST_TEST_RESULT_CTR_E3, data_length);
+ memcpy(iv, NIST_IV_CTR_E3, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CTR_E3, iv_length);
+ memcpy(key, NIST_KEY_CTR_E3, key_length);
+ break;
+ case 4:
+ memcpy(data, NIST_TEST_DATA_CTR_E4, data_length);
+ memcpy(result, NIST_TEST_RESULT_CTR_E4, data_length);
+ memcpy(iv, NIST_IV_CTR_E4, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CTR_E4, iv_length);
+ memcpy(key, NIST_KEY_CTR_E4, key_length);
+ break;
+ case 5:
+ memcpy(data, NIST_TEST_DATA_CTR_E5, data_length);
+ memcpy(result, NIST_TEST_RESULT_CTR_E5, data_length);
+ memcpy(iv, NIST_IV_CTR_E5, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CTR_E5, iv_length);
+ memcpy(key, NIST_KEY_CTR_E5, key_length);
+ break;
+ case 6:
+ memcpy(data, NIST_TEST_DATA_CTR_E6, data_length);
+ memcpy(result, NIST_TEST_RESULT_CTR_E6, data_length);
+ memcpy(iv, NIST_IV_CTR_E6, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CTR_E6, iv_length);
+ memcpy(key, NIST_KEY_CTR_E6, key_length);
+ break;
+ case 7:
+ memcpy(data, NIST_TEST_DATA_CTR_E7, data_length);
+ memcpy(result, NIST_TEST_RESULT_CTR_E7, data_length);
+ memcpy(iv, NIST_IV_CTR_E7, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CTR_E7, iv_length);
+ memcpy(key, NIST_KEY_CTR_E7, key_length);
+ break;
+ }
+int random_aes_ctr(int iteration, int silent, unsigned int data_length, unsigned int iv_length)
+ unsigned int key_length = AES_KEY_LEN256;
+ if (data_length % sizeof(ica_aes_vector_t))
+ iv_length = sizeof(ica_aes_vector_t);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i\n",
+ key_length, data_length, iv_length);
+ }
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ int rc = 0;
+ rc = ica_random_number_generate(data_length, input_data);
+ if (rc) {
+ printf("random number generate returned rc = %i, errno = %i\n", rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(iv_length, iv);
+ if (rc) {
+ printf("random number generate returned rc = %i, errno = %i\n", rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(key_length, key);
+ if (rc) {
+ printf("random number generate returned rc = %i, errno = %i\n", rc, errno);
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_aes_ctr(input_data, encrypt, data_length, key, key_length,
+ tmp_iv, 32, 1);
+ if (rc) {
+ printf("ica_aes_ctr encrypt failed with rc = %i\n", rc);
+ dump_ctr_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_ctr_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_aes_ctr(encrypt, decrypt, data_length, key, key_length,
+ tmp_iv, 32, 0);
+ if (rc) {
+ printf("ica_aes_ctr decrypt failed with rc = %i\n", rc);
+ dump_ctr_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_ctr_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int kat_aes_ctr(int iteration, int silent)
+ unsigned int data_length;
+ unsigned int iv_length;
+ unsigned int key_length;
+ get_sizes(&data_length, &iv_length, &key_length, iteration);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i\n",
+ key_length, data_length, iv_length);
+ }
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char expected_iv[iv_length];
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ unsigned char result[data_length];
+ int rc = 0;
+ load_test_data(input_data, data_length, result, iv, expected_iv,
+ iv_length, key, key_length, iteration);
+ memcpy(tmp_iv, iv, iv_length);
+ if (iv_length == 16)
+ rc = ica_aes_ctr(input_data, encrypt, data_length, key, key_length,
+ tmp_iv, 32, 1);
+ else
+ rc = ica_aes_ctrlist(input_data, encrypt, data_length, key, key_length,
+ tmp_iv, 1);
+ if (rc) {
+ printf("ica_aes_ctr encrypt failed with rc = %i\n", rc);
+ dump_ctr_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_ctr_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (memcmp(result, encrypt, data_length)) {
+ printf("Encryption Result does not match the known ciphertext!\n");
+ printf("Expected data:\n");
+ dump_array(result, data_length);
+ printf("Encryption Result:\n");
+ dump_array(encrypt, data_length);
+ rc++;
+ }
+ if (memcmp(expected_iv, tmp_iv, iv_length)) {
+ printf("Update of IV does not match the expected IV!\n");
+ printf("Expected IV:\n");
+ dump_array(expected_iv, iv_length);
+ printf("Updated IV:\n");
+ dump_array(tmp_iv, iv_length);
+ printf("Original IV:\n");
+ dump_array(iv, iv_length);
+ rc++;
+ }
+ if (rc) {
+ printf("AES CTR test exited after encryption\n");
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_aes_ctr(encrypt, decrypt, data_length, key, key_length,
+ tmp_iv, 32,0);
+ if (rc) {
+ printf("ica_aes_ctr decrypt failed with rc = %i\n", rc);
+ dump_ctr_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_ctr_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int main(int argc, char **argv)
+ // Default mode is 0. ECB,CBC and CFQ tests will be performed.
+ unsigned int silent = 0;
+ unsigned int endless = 0;
+ int i = 0;
+ int rc = 0;
+ int error_count = 0;
+ int iteration;
+ unsigned int data_length = 1;
+ unsigned int iv_length = sizeof(ica_aes_vector_t);
+ unsigned int rdata;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ if (strstr(argv[1], "endless"))
+ endless = 1;
+ }
+ if (!endless) {
+ // not endless mode
+ // run the verification tests with known test vectors
+ for(iteration = 1; iteration <= NR_TESTS; iteration++) {
+ rc = kat_aes_ctr(iteration, silent);
+ if (rc) {
+ printf("kat_aes_ctr failed with rc = %i\n", rc);
+ error_count++;
+ }
+ }
+ // run random tests
+ silent = 1;
+ for(iteration = 1; iteration <= NR_RANDOM_TESTS; iteration++) {
+ rc = random_aes_ctr(iteration, silent, data_length, iv_length);
+ if (rc) {
+ printf("random_aes_ctr failed with rc = %i\n", rc);
+ error_count++;
+ }
+ // add a value between 1 and 8 to data_length
+ if (ica_random_number_generate(sizeof(rdata), (unsigned char*) &rdata)) {
+ printf("ica_random_number_generate failed with errnor = %i\n",
+ errno);
+ exit(1);
+ }
+ data_length += (rdata % 8) + 1;
+ }
+ } else {
+ // endless mode
+ while (1) {
+ printf("i = %i\n",i);
+ silent = 1;
+ rc = random_aes_ctr(i, silent, 320, 320);
+ if (rc) {
+ printf("random_aes_ctr failed with rc = %i\n", rc);
+ return rc;
+ }
+ i++;
+ }
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All AES-CTR testcases finished successfully\n");
+ return rc;
diff --git a/src/tests/libica_aes_ecb_test.c b/src/tests/libica_aes_ecb_test.c
new file mode 100644
index 0000000..d88ed87
--- /dev/null
+++ b/src/tests/libica_aes_ecb_test.c
@@ -0,0 +1,511 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_TESTS 7
+#define NR_RANDOM_TESTS 10000
+/* ECB data - 1 for AES128 */
+unsigned char NIST_KEY_ECB_E1[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+unsigned char NIST_TEST_DATA_ECB_E1[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+unsigned char NIST_TEST_RESULT_ECB_E1[] = {
+ 0x3a, 0xd7, 0x7b, 0xb4, 0x0d, 0x7a, 0x36, 0x60,
+ 0xa8, 0x9e, 0xca, 0xf3, 0x24, 0x66, 0xef, 0x97,
+/* ECB data - 2 for AES128 */
+unsigned char NIST_KEY_ECB_E2[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+unsigned char NIST_TEST_DATA_ECB_E2[] = {
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+unsigned char NIST_TEST_RESULT_ECB_E2[] = {
+ 0xf5, 0xd3, 0xd5, 0x85, 0x03, 0xb9, 0x69, 0x9d,
+ 0xe7, 0x85, 0x89, 0x5a, 0x96, 0xfd, 0xba, 0xaf,
+/* ECB data - 3 - for AES128 */
+unsigned char NIST_KEY_ECB_E3[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+unsigned char NIST_TEST_DATA_ECB_E3[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+ 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
+unsigned char NIST_TEST_RESULT_ECB_E3[] = {
+ 0x3a, 0xd7, 0x7b, 0xb4, 0x0d, 0x7a, 0x36, 0x60,
+ 0xa8, 0x9e, 0xca, 0xf3, 0x24, 0x66, 0xef, 0x97,
+ 0xf5, 0xd3, 0xd5, 0x85, 0x03, 0xb9, 0x69, 0x9d,
+ 0xe7, 0x85, 0x89, 0x5a, 0x96, 0xfd, 0xba, 0xaf,
+ 0x43, 0xb1, 0xcd, 0x7f, 0x59, 0x8e, 0xce, 0x23,
+ 0x88, 0x1b, 0x00, 0xe3, 0xed, 0x03, 0x06, 0x88,
+ 0x7b, 0x0c, 0x78, 0x5e, 0x27, 0xe8, 0xad, 0x3f,
+ 0x82, 0x23, 0x20, 0x71, 0x04, 0x72, 0x5d, 0xd4,
+/* ECB data - 4 - for AES192 */
+unsigned char NIST_KEY_ECB_E4[] = {
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
+ 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
+ 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
+unsigned char NIST_TEST_DATA_ECB_E4[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+unsigned char NIST_TEST_RESULT_ECB_E4[] = {
+ 0xbd, 0x33, 0x4f, 0x1d, 0x6e, 0x45, 0xf2, 0x5f,
+ 0xf7, 0x12, 0xa2, 0x14, 0x57, 0x1f, 0xa5, 0xcc,
+/* ECB data 5 - for AES 192 */
+unsigned char NIST_KEY_ECB_E5[] = {
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
+ 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
+ 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
+unsigned char NIST_TEST_DATA_ECB_E5[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+ 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
+unsigned char NIST_TEST_RESULT_ECB_E5[] = {
+ 0xbd, 0x33, 0x4f, 0x1d, 0x6e, 0x45, 0xf2, 0x5f,
+ 0xf7, 0x12, 0xa2, 0x14, 0x57, 0x1f, 0xa5, 0xcc,
+ 0x97, 0x41, 0x04, 0x84, 0x6d, 0x0a, 0xd3, 0xad,
+ 0x77, 0x34, 0xec, 0xb3, 0xec, 0xee, 0x4e, 0xef,
+ 0xef, 0x7a, 0xfd, 0x22, 0x70, 0xe2, 0xe6, 0x0a,
+ 0xdc, 0xe0, 0xba, 0x2f, 0xac, 0xe6, 0x44, 0x4e,
+ 0x9a, 0x4b, 0x41, 0xba, 0x73, 0x8d, 0x6c, 0x72,
+ 0xfb, 0x16, 0x69, 0x16, 0x03, 0xc1, 0x8e, 0x0e,
+/* ECB data 6 - for AES 256 */
+unsigned char NIST_KEY_ECB_E6[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+unsigned char NIST_TEST_DATA_ECB_E6[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+unsigned char NIST_TEST_RESULT_ECB_E6[] = {
+ 0xf3, 0xee, 0xd1, 0xbd, 0xb5, 0xd2, 0xa0, 0x3c,
+ 0x06, 0x4b, 0x5a, 0x7e, 0x3d, 0xb1, 0x81, 0xf8,
+/* ECB data 7 - for AES 256 */
+unsigned char NIST_KEY_ECB_E7[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+unsigned char NIST_TEST_DATA_ECB_E7[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+ 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
+unsigned char NIST_TEST_RESULT_ECB_E7[] = {
+ 0xf3, 0xee, 0xd1, 0xbd, 0xb5, 0xd2, 0xa0, 0x3c,
+ 0x06, 0x4b, 0x5a, 0x7e, 0x3d, 0xb1, 0x81, 0xf8,
+ 0x59, 0x1c, 0xcb, 0x10, 0xd4, 0x10, 0xed, 0x26,
+ 0xdc, 0x5b, 0xa7, 0x4a, 0x31, 0x36, 0x28, 0x70,
+ 0xb6, 0xed, 0x21, 0xb9, 0x9c, 0xa6, 0xf4, 0xf9,
+ 0xf1, 0x53, 0xe7, 0xb1, 0xbe, 0xaf, 0xed, 0x1d,
+ 0x23, 0x30, 0x4b, 0x7a, 0x39, 0xf9, 0xf3, 0xff,
+ 0x06, 0x7d, 0x8d, 0x8f, 0x9e, 0x24, 0xec, 0xc7,
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_ecb_data(unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data)
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+void get_sizes(unsigned int *data_length,
+ unsigned int *key_length, unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ *data_length = sizeof(NIST_TEST_DATA_ECB_E1);
+ *key_length = sizeof(NIST_KEY_ECB_E1);
+ break;
+ case 2:
+ *data_length = sizeof(NIST_TEST_DATA_ECB_E2);
+ *key_length = sizeof(NIST_KEY_ECB_E2);
+ break;
+ case 3:
+ *data_length = sizeof(NIST_TEST_DATA_ECB_E3);
+ *key_length = sizeof(NIST_KEY_ECB_E3);
+ break;
+ case 4:
+ *data_length = sizeof(NIST_TEST_DATA_ECB_E4);
+ *key_length = sizeof(NIST_KEY_ECB_E4);
+ break;
+ case 5:
+ *data_length = sizeof(NIST_TEST_DATA_ECB_E5);
+ *key_length = sizeof(NIST_KEY_ECB_E5);
+ break;
+ case 6:
+ *data_length = sizeof(NIST_TEST_DATA_ECB_E6);
+ *key_length = sizeof(NIST_KEY_ECB_E6);
+ break;
+ case 7:
+ *data_length = sizeof(NIST_TEST_DATA_ECB_E7);
+ *key_length = sizeof(NIST_KEY_ECB_E7);
+ break;
+ case 8:
+ break;
+ case 9:
+ break;
+ case 10:
+ break;
+ case 11:
+ break;
+ case 12:
+ break;
+ }
+void load_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *result,
+ unsigned char *key, unsigned int key_length,
+ unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ memcpy(data, NIST_TEST_DATA_ECB_E1, data_length);
+ memcpy(result, NIST_TEST_RESULT_ECB_E1, data_length);
+ memcpy(key, NIST_KEY_ECB_E1, key_length);
+ break;
+ case 2:
+ memcpy(data, NIST_TEST_DATA_ECB_E2, data_length);
+ memcpy(result, NIST_TEST_RESULT_ECB_E2, data_length);
+ memcpy(key, NIST_KEY_ECB_E2, key_length);
+ break;
+ case 3:
+ memcpy(data, NIST_TEST_DATA_ECB_E3, data_length);
+ memcpy(result, NIST_TEST_RESULT_ECB_E3, data_length);
+ memcpy(key, NIST_KEY_ECB_E3, key_length);
+ break;
+ case 4:
+ memcpy(data, NIST_TEST_DATA_ECB_E4, data_length);
+ memcpy(result, NIST_TEST_RESULT_ECB_E4, data_length);
+ memcpy(key, NIST_KEY_ECB_E4, key_length);
+ break;
+ case 5:
+ memcpy(data, NIST_TEST_DATA_ECB_E5, data_length);
+ memcpy(result, NIST_TEST_RESULT_ECB_E5, data_length);
+ memcpy(key, NIST_KEY_ECB_E5, key_length);
+ break;
+ case 6:
+ memcpy(data, NIST_TEST_DATA_ECB_E6, data_length);
+ memcpy(result, NIST_TEST_RESULT_ECB_E6, data_length);
+ memcpy(key, NIST_KEY_ECB_E6, key_length);
+ break;
+ case 7:
+ memcpy(data, NIST_TEST_DATA_ECB_E7, data_length);
+ memcpy(result, NIST_TEST_RESULT_ECB_E7, data_length);
+ memcpy(key, NIST_KEY_ECB_E7, key_length);
+ break;
+ case 8:
+ break;
+ case 9:
+ break;
+ case 10:
+ break;
+ case 11:
+ break;
+ case 12:
+ break;
+ }
+int kat_aes_ecb(int iteration, int silent)
+ unsigned int data_length;
+ unsigned int key_length;
+ get_sizes(&data_length, &key_length, iteration);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i",
+ key_length, data_length);
+ }
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ unsigned char result[data_length];
+ int rc = 0;
+ load_test_data(input_data, data_length, result, key, key_length,
+ iteration);
+ rc = ica_aes_ecb(input_data, encrypt, data_length, key, key_length, 1);
+ if (rc) {
+ printf("ica_aes_ecb encrypt failed with rc = %i\n", rc);
+ dump_ecb_data(key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_ecb_data(key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (memcmp(result, encrypt, data_length)) {
+ printf("Encryption Result does not match the known ciphertext!\n");
+ printf("Expected data:\n");
+ dump_array(result, data_length);
+ printf("Encryption Result:\n");
+ dump_array(encrypt, data_length);
+ rc++;
+ }
+ if (rc) {
+ printf("AES ECB test exited after encryption\n");
+ return rc;
+ }
+ rc = ica_aes_ecb(encrypt, decrypt, data_length, key, key_length, 0);
+ if (rc) {
+ printf("ica_aes_ecb decrypt failed with rc = %i\n", rc);
+ dump_ecb_data(key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_ecb_data(key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int load_random_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *key, unsigned int key_length)
+ int rc;
+ rc = ica_random_number_generate(data_length, data);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(key_length, key);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ return rc;
+int random_aes_ecb(int iteration, int silent, unsigned int data_length)
+ int i;
+ int rc = 0;
+ unsigned int key_length = AES_KEY_LEN128;
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+for (i = 1; i <= 2; i++) {
+ unsigned char key[key_length];
+ memset(encrypt, 0x00, data_length);
+ memset(decrypt, 0x00, data_length);
+ load_random_test_data(input_data, data_length, key, key_length);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i\n", key_length, data_length);
+ }
+ rc = ica_aes_ecb(input_data, encrypt, data_length, key, key_length,
+ 1);
+ if (rc) {
+ printf("ica_aes_ecb encrypt failed with rc = %i\n", rc);
+ dump_ecb_data(key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_ecb_data(key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (rc) {
+ printf("AES ECB test exited after encryption\n");
+ return rc;
+ }
+ rc = ica_aes_ecb(encrypt, decrypt, data_length, key, key_length, 0);
+ if (rc) {
+ printf("ica_aes_ecb decrypt failed with rc = %i\n", rc);
+ dump_ecb_data(key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_ecb_data(key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ return rc;
+ }
+ key_length += 8;
+ return rc;
+int main(int argc, char **argv)
+ // Default mode is 0. ECB,ECB and CFQ tests will be performed.
+ unsigned int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ int rc = 0;
+ int error_count = 0;
+ int iteration;
+ unsigned int data_length = sizeof(ica_aes_vector_t);
+ for(iteration = 1; iteration <= NR_TESTS; iteration++) {
+ rc = kat_aes_ecb(iteration, silent);
+ if (rc) {
+ printf("kat_aes_ecb failed with rc = %i\n", rc);
+ error_count++;
+ }
+ }
+ for(iteration = 1; iteration <= NR_RANDOM_TESTS; iteration++) {
+ int silent = 1;
+ rc = random_aes_ecb(iteration, silent, data_length);
+ if (rc) {
+ printf("random_aes_ecb failed with rc = %i\n", rc);
+ error_count++;
+ goto out;
+ }
+ data_length += sizeof(ica_aes_vector_t);
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All AES-ECB testcases finished successfully\n");
+ return rc;
diff --git a/src/tests/libica_aes_gcm_test.c b/src/tests/libica_aes_gcm_test.c
new file mode 100644
index 0000000..d5bfb52
--- /dev/null
+++ b/src/tests/libica_aes_gcm_test.c
@@ -0,0 +1,1075 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* (C) COPYRIGHT International Business Machines Corp. 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_TESTS 12
+#define AES_BLOCK_SIZE 16
+/* GCM data - 1*/
+unsigned char NIST_KEY_GCM_E1[] = {
+ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+unsigned char NIST_TEST_DATA_GCM_E1[] = {
+ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+ 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
+unsigned char NIST_AAD_GCM_E1[] = {
+unsigned char NIST_IV_GCM_E1[] = {
+ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+ 0xde, 0xca, 0xf8, 0x88,
+unsigned char NIST_TAG_GCM_E1[] = {
+ 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
+ 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4,
+unsigned char NIST_TEST_RESULT_GCM_E1[] = {
+ 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
+ 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
+ 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
+ 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
+ 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
+ 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
+ 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
+ 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85,
+unsigned char NIST_CHUNKS_GCM_E1[] = { 16, 16, 16, 16 };
+/* GCM data - 2*/
+unsigned char NIST_KEY_GCM_E2[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_TEST_DATA_GCM_E2[] = {
+unsigned char NIST_AAD_GCM_E2[] = {
+unsigned char NIST_IV_GCM_E2[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_TAG_GCM_E2[] = {
+ 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
+ 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
+unsigned char NIST_TEST_RESULT_GCM_E2[] = {
+unsigned char NIST_CHUNKS_GCM_E2[] = { };
+/* GCM data - 3*/
+unsigned char NIST_KEY_GCM_E3[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_TEST_DATA_GCM_E3[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_AAD_GCM_E3[] = {
+unsigned char NIST_IV_GCM_E3[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_TAG_GCM_E3[] = {
+ 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
+ 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf,
+unsigned char NIST_TEST_RESULT_GCM_E3[] = {
+ 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
+ 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78,
+unsigned char NIST_CHUNKS_GCM_E3[] = { 16 };
+/* GCM data - 4*/
+unsigned char NIST_KEY_GCM_E4[] = {
+ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+unsigned char NIST_TEST_DATA_GCM_E4[] = {
+ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+ 0xba, 0x63, 0x7b, 0x39,
+unsigned char NIST_AAD_GCM_E4[] = {
+ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xab, 0xad, 0xda, 0xd2,
+unsigned char NIST_IV_GCM_E4[] = {
+ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+ 0xde, 0xca, 0xf8, 0x88,
+unsigned char NIST_TAG_GCM_E4[] = {
+ 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
+ 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47,
+unsigned char NIST_TEST_RESULT_GCM_E4[] = {
+ 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
+ 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
+ 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
+ 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
+ 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
+ 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
+ 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
+ 0x3d, 0x58, 0xe0, 0x91,
+unsigned char NIST_CHUNKS_GCM_E4[] = { 16, 16, 16, 12 };
+/* GCM data - 5 - AES 192 - Test Case 7*/
+unsigned char NIST_KEY_GCM_E5[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_TEST_DATA_GCM_E5[] = {
+unsigned char NIST_AAD_GCM_E5[] = {
+unsigned char NIST_IV_GCM_E5[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_TAG_GCM_E5[] = {
+ 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
+ 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35,
+unsigned char NIST_TEST_RESULT_GCM_E5[] = {
+unsigned char NIST_CHUNKS_GCM_E5[] = { };
+/* GCM data - 6 - AES 192 - Test Case 8*/
+unsigned char NIST_KEY_GCM_E6[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_TEST_DATA_GCM_E6[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_AAD_GCM_E6[] = {
+unsigned char NIST_IV_GCM_E6[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_TAG_GCM_E6[] = {
+ 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
+ 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb,
+unsigned char NIST_TEST_RESULT_GCM_E6[] = {
+ 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
+ 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00,
+unsigned char NIST_CHUNKS_GCM_E6[] = { 16 };
+/* GCM data - 7 - AES 192 - Test Case 9*/
+unsigned char NIST_KEY_GCM_E7[] = {
+ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+unsigned char NIST_TEST_DATA_GCM_E7[] = {
+ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+ 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
+unsigned char NIST_AAD_GCM_E7[] = {
+unsigned char NIST_IV_GCM_E7[] = {
+ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+ 0xde, 0xca, 0xf8, 0x88,
+unsigned char NIST_TAG_GCM_E7[] = {
+ 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
+ 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14,
+unsigned char NIST_TEST_RESULT_GCM_E7[] = {
+ 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
+ 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
+ 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
+ 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
+ 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
+ 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
+ 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
+ 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56,
+unsigned char NIST_CHUNKS_GCM_E7[] = { 16, 16, 16, 16 };
+/* GCM data - 8 - AES 192 - Test Case 10*/
+unsigned char NIST_KEY_GCM_E8[] = {
+ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+unsigned char NIST_TEST_DATA_GCM_E8[] = {
+ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+ 0xba, 0x63, 0x7b, 0x39,
+unsigned char NIST_AAD_GCM_E8[] = {
+ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xab, 0xad, 0xda, 0xd2,
+unsigned char NIST_IV_GCM_E8[] = {
+ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+ 0xde, 0xca, 0xf8, 0x88,
+unsigned char NIST_TAG_GCM_E8[] = {
+ 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
+ 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c,
+unsigned char NIST_TEST_RESULT_GCM_E8[] = {
+ 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
+ 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
+ 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
+ 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
+ 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
+ 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
+ 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
+ 0xcc, 0xda, 0x27, 0x10,
+unsigned char NIST_CHUNKS_GCM_E8[] = { 16, 16, 16, 12 };
+/* GCM data - 9 - AES 256 - Test Case 13*/
+unsigned char NIST_KEY_GCM_E9[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_TEST_DATA_GCM_E9[] = {
+unsigned char NIST_AAD_GCM_E9[] = {
+unsigned char NIST_IV_GCM_E9[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_TAG_GCM_E9[] = {
+ 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
+ 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b,
+unsigned char NIST_TEST_RESULT_GCM_E9[] = {
+unsigned char NIST_CHUNKS_GCM_E9[] = { };
+/* GCM data - 10 - AES 256 - Test Case 14*/
+unsigned char NIST_KEY_GCM_E10[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_TEST_DATA_GCM_E10[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_AAD_GCM_E10[] = {
+unsigned char NIST_IV_GCM_E10[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_TAG_GCM_E10[] = {
+ 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
+ 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19,
+unsigned char NIST_TEST_RESULT_GCM_E10[] = {
+ 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
+ 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18,
+unsigned char NIST_CHUNKS_GCM_E10[] = { 16 };
+/* GCM data - 11 - AES 256 - Test Case 15*/
+unsigned char NIST_KEY_GCM_E11[] = {
+ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+unsigned char NIST_TEST_DATA_GCM_E11[] = {
+ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+ 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
+unsigned char NIST_AAD_GCM_E11[] = {
+unsigned char NIST_IV_GCM_E11[] = {
+ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+ 0xde, 0xca, 0xf8, 0x88,
+unsigned char NIST_TAG_GCM_E11[] = {
+ 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
+ 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c,
+unsigned char NIST_TEST_RESULT_GCM_E11[] = {
+ 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
+ 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
+ 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+ 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
+ 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
+ 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+ 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
+ 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad,
+unsigned char NIST_CHUNKS_GCM_E11[] = { 16, 16, 16, 16 };
+/* GCM data */
+unsigned char NIST_KEY_GCM_E12[] = {
+ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+unsigned char NIST_TEST_DATA_GCM_E12[] = {
+ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+ 0xba, 0x63, 0x7b, 0x39,
+unsigned char NIST_AAD_GCM_E12[] = {
+ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xab, 0xad, 0xda, 0xd2,
+unsigned char NIST_IV_GCM_E12[] = {
+ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+ 0xde, 0xca, 0xf8, 0x88,
+unsigned char NIST_TAG_GCM_E12[] = {
+ 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
+ 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b,
+unsigned char NIST_TEST_RESULT_GCM_E12[] = {
+ 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
+ 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
+ 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+ 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
+ 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
+ 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+ 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
+ 0xbc, 0xc9, 0xf6, 0x62,
+unsigned char NIST_CHUNKS_GCM_E12[] = { 16, 16, 16, 12 };
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < ptr_end) {
+ printf("0x%02x ",*h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_gcm_data(unsigned char *iv, unsigned int iv_length,
+ unsigned char *aad, unsigned int aad_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data,
+ unsigned char *t, unsigned int t_size)
+ printf("IV \n");
+ dump_array(iv, iv_length);
+ printf("AAD \n");
+ dump_array(aad, aad_length);
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+ printf("T\n");
+ dump_array(t, t_size);
+void get_sizes(unsigned int *aad_length, unsigned int *data_length,
+ unsigned int *t_length, unsigned int *iv_length,
+ unsigned int *key_length, unsigned int *num_chunks,
+ unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ *aad_length = sizeof(NIST_AAD_GCM_E1);
+ *data_length = sizeof(NIST_TEST_DATA_GCM_E1);
+ *t_length = sizeof(NIST_TAG_GCM_E1);
+ *iv_length = sizeof(NIST_IV_GCM_E1);
+ *key_length = sizeof(NIST_KEY_GCM_E1);
+ *num_chunks = sizeof(NIST_CHUNKS_GCM_E1);
+ break;
+ case 2:
+ *aad_length = sizeof(NIST_AAD_GCM_E2);
+ *data_length = sizeof(NIST_TEST_DATA_GCM_E2);
+ *t_length = sizeof(NIST_TAG_GCM_E2);
+ *iv_length = sizeof(NIST_IV_GCM_E2);
+ *key_length = sizeof(NIST_KEY_GCM_E2);
+ *num_chunks = sizeof(NIST_CHUNKS_GCM_E2);
+ break;
+ case 3:
+ *aad_length = sizeof(NIST_AAD_GCM_E3);
+ *data_length = sizeof(NIST_TEST_DATA_GCM_E3);
+ *t_length = sizeof(NIST_TAG_GCM_E3);
+ *iv_length = sizeof(NIST_IV_GCM_E3);
+ *key_length = sizeof(NIST_KEY_GCM_E3);
+ *num_chunks = sizeof(NIST_CHUNKS_GCM_E3);
+ break;
+ case 4:
+ *aad_length = sizeof(NIST_AAD_GCM_E4);
+ *data_length = sizeof(NIST_TEST_DATA_GCM_E4);
+ *t_length = sizeof(NIST_TAG_GCM_E4);
+ *iv_length = sizeof(NIST_IV_GCM_E4);
+ *key_length = sizeof(NIST_KEY_GCM_E4);
+ *num_chunks = sizeof(NIST_CHUNKS_GCM_E4);
+ break;
+ case 5:
+ *aad_length = sizeof(NIST_AAD_GCM_E5);
+ *data_length = sizeof(NIST_TEST_DATA_GCM_E5);
+ *t_length = sizeof(NIST_TAG_GCM_E5);
+ *iv_length = sizeof(NIST_IV_GCM_E5);
+ *key_length = sizeof(NIST_KEY_GCM_E5);
+ *num_chunks = sizeof(NIST_CHUNKS_GCM_E5);
+ break;
+ case 6:
+ *aad_length = sizeof(NIST_AAD_GCM_E6);
+ *data_length = sizeof(NIST_TEST_DATA_GCM_E6);
+ *t_length = sizeof(NIST_TAG_GCM_E6);
+ *iv_length = sizeof(NIST_IV_GCM_E6);
+ *key_length = sizeof(NIST_KEY_GCM_E6);
+ *num_chunks = sizeof(NIST_CHUNKS_GCM_E6);
+ break;
+ case 7:
+ *aad_length = sizeof(NIST_AAD_GCM_E7);
+ *data_length = sizeof(NIST_TEST_DATA_GCM_E7);
+ *t_length = sizeof(NIST_TAG_GCM_E7);
+ *iv_length = sizeof(NIST_IV_GCM_E7);
+ *key_length = sizeof(NIST_KEY_GCM_E7);
+ *num_chunks = sizeof(NIST_CHUNKS_GCM_E7);
+ break;
+ case 8:
+ *aad_length = sizeof(NIST_AAD_GCM_E8);
+ *data_length = sizeof(NIST_TEST_DATA_GCM_E8);
+ *t_length = sizeof(NIST_TAG_GCM_E8);
+ *iv_length = sizeof(NIST_IV_GCM_E8);
+ *key_length = sizeof(NIST_KEY_GCM_E8);
+ *num_chunks = sizeof(NIST_CHUNKS_GCM_E8);
+ break;
+ case 9:
+ *aad_length = sizeof(NIST_AAD_GCM_E9);
+ *data_length = sizeof(NIST_TEST_DATA_GCM_E9);
+ *t_length = sizeof(NIST_TAG_GCM_E9);
+ *iv_length = sizeof(NIST_IV_GCM_E9);
+ *key_length = sizeof(NIST_KEY_GCM_E9);
+ *num_chunks = sizeof(NIST_CHUNKS_GCM_E9);
+ break;
+ case 10:
+ *aad_length = sizeof(NIST_AAD_GCM_E10);
+ *data_length = sizeof(NIST_TEST_DATA_GCM_E10);
+ *t_length = sizeof(NIST_TAG_GCM_E10);
+ *iv_length = sizeof(NIST_IV_GCM_E10);
+ *key_length = sizeof(NIST_KEY_GCM_E10);
+ *num_chunks = sizeof(NIST_CHUNKS_GCM_E10);
+ break;
+ case 11:
+ *aad_length = sizeof(NIST_AAD_GCM_E11);
+ *data_length = sizeof(NIST_TEST_DATA_GCM_E11);
+ *t_length = sizeof(NIST_TAG_GCM_E11);
+ *iv_length = sizeof(NIST_IV_GCM_E11);
+ *key_length = sizeof(NIST_KEY_GCM_E11);
+ *num_chunks = sizeof(NIST_CHUNKS_GCM_E11);
+ break;
+ case 12:
+ *aad_length = sizeof(NIST_AAD_GCM_E12);
+ *data_length = sizeof(NIST_TEST_DATA_GCM_E12);
+ *t_length = sizeof(NIST_TAG_GCM_E12);
+ *iv_length = sizeof(NIST_IV_GCM_E12);
+ *key_length = sizeof(NIST_KEY_GCM_E12);
+ *num_chunks = sizeof(NIST_CHUNKS_GCM_E12);
+ break;
+ }
+void load_test_data(unsigned char *aad, unsigned int aad_length,
+ unsigned char *data, unsigned int data_length,
+ unsigned char *result,
+ unsigned char *t, unsigned int t_length,
+ unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *chunks, unsigned int num_chunks,
+ unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ memcpy(iv, NIST_IV_GCM_E1, iv_length);
+ memcpy(aad, NIST_AAD_GCM_E1, aad_length);
+ memcpy(key, NIST_KEY_GCM_E1, key_length);
+ memcpy(data, NIST_TEST_DATA_GCM_E1, data_length);
+ memcpy(result, NIST_TEST_RESULT_GCM_E1, data_length);
+ memcpy(t, NIST_TAG_GCM_E1, t_length);
+ memcpy(chunks, NIST_CHUNKS_GCM_E1, num_chunks);
+ break;
+ case 2:
+ memcpy(iv, NIST_IV_GCM_E2, iv_length);
+ memcpy(aad, NIST_AAD_GCM_E2, aad_length);
+ memcpy(key, NIST_KEY_GCM_E2, key_length);
+ memcpy(data, NIST_TEST_DATA_GCM_E2, data_length);
+ memcpy(result, NIST_TEST_RESULT_GCM_E2, data_length);
+ memcpy(t, NIST_TAG_GCM_E2, t_length);
+ memcpy(chunks, NIST_CHUNKS_GCM_E2, num_chunks);
+ break;
+ case 3:
+ memcpy(iv, NIST_IV_GCM_E3, iv_length);
+ memcpy(aad, NIST_AAD_GCM_E3, aad_length);
+ memcpy(key, NIST_KEY_GCM_E3, key_length);
+ memcpy(data, NIST_TEST_DATA_GCM_E3, data_length);
+ memcpy(result, NIST_TEST_RESULT_GCM_E3, data_length);
+ memcpy(t, NIST_TAG_GCM_E3, t_length);
+ memcpy(chunks, NIST_CHUNKS_GCM_E3, num_chunks);
+ break;
+ case 4:
+ memcpy(iv, NIST_IV_GCM_E4, iv_length);
+ memcpy(aad, NIST_AAD_GCM_E4, aad_length);
+ memcpy(key, NIST_KEY_GCM_E4, key_length);
+ memcpy(data, NIST_TEST_DATA_GCM_E4, data_length);
+ memcpy(result, NIST_TEST_RESULT_GCM_E4, data_length);
+ memcpy(t, NIST_TAG_GCM_E4, t_length);
+ memcpy(chunks, NIST_CHUNKS_GCM_E4, num_chunks);
+ break;
+ case 5:
+ memcpy(iv, NIST_IV_GCM_E5, iv_length);
+ memcpy(aad, NIST_AAD_GCM_E5, aad_length);
+ memcpy(key, NIST_KEY_GCM_E5, key_length);
+ memcpy(data, NIST_TEST_DATA_GCM_E5, data_length);
+ memcpy(result, NIST_TEST_RESULT_GCM_E5, data_length);
+ memcpy(t, NIST_TAG_GCM_E5, t_length);
+ memcpy(chunks, NIST_CHUNKS_GCM_E5, num_chunks);
+ break;
+ case 6:
+ memcpy(iv, NIST_IV_GCM_E6, iv_length);
+ memcpy(aad, NIST_AAD_GCM_E6, aad_length);
+ memcpy(key, NIST_KEY_GCM_E6, key_length);
+ memcpy(data, NIST_TEST_DATA_GCM_E6, data_length);
+ memcpy(result, NIST_TEST_RESULT_GCM_E6, data_length);
+ memcpy(t, NIST_TAG_GCM_E6, t_length);
+ memcpy(chunks, NIST_CHUNKS_GCM_E6, num_chunks);
+ break;
+ case 7:
+ memcpy(iv, NIST_IV_GCM_E7, iv_length);
+ memcpy(aad, NIST_AAD_GCM_E7, aad_length);
+ memcpy(key, NIST_KEY_GCM_E7, key_length);
+ memcpy(data, NIST_TEST_DATA_GCM_E7, data_length);
+ memcpy(result, NIST_TEST_RESULT_GCM_E7, data_length);
+ memcpy(t, NIST_TAG_GCM_E7, t_length);
+ memcpy(chunks, NIST_CHUNKS_GCM_E7, num_chunks);
+ break;
+ case 8:
+ memcpy(iv, NIST_IV_GCM_E8, iv_length);
+ memcpy(aad, NIST_AAD_GCM_E8, aad_length);
+ memcpy(key, NIST_KEY_GCM_E8, key_length);
+ memcpy(data, NIST_TEST_DATA_GCM_E8, data_length);
+ memcpy(result, NIST_TEST_RESULT_GCM_E8, data_length);
+ memcpy(t, NIST_TAG_GCM_E8, t_length);
+ memcpy(chunks, NIST_CHUNKS_GCM_E8, num_chunks);
+ break;
+ case 9:
+ memcpy(iv, NIST_IV_GCM_E9, iv_length);
+ memcpy(aad, NIST_AAD_GCM_E9, aad_length);
+ memcpy(key, NIST_KEY_GCM_E9, key_length);
+ memcpy(data, NIST_TEST_DATA_GCM_E9, data_length);
+ memcpy(result, NIST_TEST_RESULT_GCM_E9, data_length);
+ memcpy(t, NIST_TAG_GCM_E9, t_length);
+ memcpy(chunks, NIST_CHUNKS_GCM_E9, num_chunks);
+ break;
+ case 10:
+ memcpy(iv, NIST_IV_GCM_E10, iv_length);
+ memcpy(aad, NIST_AAD_GCM_E10, aad_length);
+ memcpy(key, NIST_KEY_GCM_E10, key_length);
+ memcpy(data, NIST_TEST_DATA_GCM_E10, data_length);
+ memcpy(result, NIST_TEST_RESULT_GCM_E10, data_length);
+ memcpy(t, NIST_TAG_GCM_E10, t_length);
+ memcpy(chunks, NIST_CHUNKS_GCM_E10, num_chunks);
+ break;
+ case 11:
+ memcpy(iv, NIST_IV_GCM_E11, iv_length);
+ memcpy(aad, NIST_AAD_GCM_E11, aad_length);
+ memcpy(key, NIST_KEY_GCM_E11, key_length);
+ memcpy(data, NIST_TEST_DATA_GCM_E11, data_length);
+ memcpy(result, NIST_TEST_RESULT_GCM_E11, data_length);
+ memcpy(t, NIST_TAG_GCM_E11, t_length);
+ memcpy(chunks, NIST_CHUNKS_GCM_E11, num_chunks);
+ break;
+ case 12:
+ memcpy(iv, NIST_IV_GCM_E12, iv_length);
+ memcpy(aad, NIST_AAD_GCM_E12, aad_length);
+ memcpy(key, NIST_KEY_GCM_E12, key_length);
+ memcpy(data, NIST_TEST_DATA_GCM_E12, data_length);
+ memcpy(result, NIST_TEST_RESULT_GCM_E12, data_length);
+ memcpy(t, NIST_TAG_GCM_E12, t_length);
+ memcpy(chunks, NIST_CHUNKS_GCM_E12, num_chunks);
+ break;
+ }
+int test_gcm_kat(int iteration, int silent)
+ unsigned int aad_length;
+ unsigned int data_length;
+ unsigned int t_length;
+ unsigned int iv_length;
+ unsigned int key_length;
+ unsigned int num_chunks;
+ get_sizes(&aad_length, &data_length, &t_length, &iv_length,
+ &key_length, &num_chunks, iteration);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, tag length = %i,"
+ "iv length = %i aad_length = %i\n", key_length, data_length,
+ t_length, iv_length, aad_length);
+ }
+ unsigned char iv[iv_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ unsigned char result[data_length];
+ unsigned char aad[aad_length];
+ unsigned char key[key_length];
+ unsigned char t[t_length];
+ unsigned char t_result[t_length];
+ unsigned char chunks[num_chunks];
+ int rc = 0;
+ load_test_data(aad, aad_length, input_data, data_length, result,
+ t_result, t_length, iv, iv_length, key, key_length,
+ chunks, num_chunks, iteration);
+ rc = ica_aes_gcm(input_data, data_length,
+ encrypt,
+ iv, iv_length,
+ aad, aad_length,
+ t, t_length,
+ key, key_length,
+ 1);
+ if (rc == EPERM) {
+ printf("ica_aes_gcm returns with EPERM (%d).\n", rc);
+ printf("Operation is not permitted on this machine. Test skipped!\n");
+ return 0;
+ }
+ if (rc) {
+ printf("ica_aes_gcm encrypt failed with rc = %i\n", rc);
+ dump_gcm_data(iv, iv_length, aad, aad_length, key, key_length,
+ input_data, data_length, encrypt, t, t_length);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_gcm_data(iv, iv_length, aad, aad_length, key, key_length,
+ input_data, data_length, encrypt, t,
+ t_length);
+ }
+ if (memcmp(result, encrypt, data_length)) {
+ printf("Encryption Result does not match the known ciphertext!\n");
+ printf("Expected data:\n");
+ dump_array(result, data_length);
+ printf("Encryption Result:\n");
+ dump_array(encrypt, data_length);
+ rc++;
+ }
+ if (memcmp(t, t_result, t_length)) {
+ printf("Tag result does not match the expected tag!\n");
+ printf("Expected tag:\n");
+ dump_array(t_result, t_length);
+ printf("Tag Result:\n");
+ dump_array(t, t_length);
+ rc++;
+ }
+ if (rc) {
+ printf("GCM test exited after encryption\n");
+ return rc;
+ }
+ rc = ica_aes_gcm(decrypt, data_length,
+ encrypt,
+ iv, iv_length,
+ aad, aad_length,
+ t, t_length,
+ key, key_length,
+ 0);
+ if (rc == EPERM) {
+ printf("ica_aes_gcm returns with EPERM (%d).\n", rc);
+ printf("Operation is not permitted on this machine. Test skipped!\n");
+ return 0;
+ }
+ if (rc) {
+ printf("ica_aes_gcm decrypt failed with rc = %i\n", rc);
+ dump_gcm_data(iv, iv_length, aad, aad_length, key, key_length,
+ encrypt, data_length, decrypt, t,
+ t_length);
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_gcm_data(iv, iv_length, aad, aad_length, key, key_length,
+ encrypt, data_length, decrypt, t,
+ t_length);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ if (memcmp(t, t_result, t_length)) {
+ printf("Tag result does not match the expected tag!\n");
+ printf("Expected tag:\n");
+ dump_array(t_result, t_length);
+ printf("Tag Result:\n");
+ dump_array(t, t_length);
+ rc++;
+ }
+ return rc;
+int test_gcm_kat_update(int iteration, int silent)
+ unsigned int aad_length;
+ unsigned int aad_length_tmp;
+ unsigned int data_length;
+ unsigned int t_length;
+ unsigned int iv_length;
+ unsigned int key_length;
+ unsigned int num_chunks;
+ get_sizes(&aad_length, &data_length, &t_length, &iv_length,
+ &key_length, &num_chunks, iteration);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, tag length = %i,"
+ "iv length = %i aad_length = %i\n", key_length, data_length,
+ t_length, iv_length, aad_length);
+ }
+ unsigned char iv[iv_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ unsigned char result[data_length];
+ unsigned char aad[aad_length];
+ unsigned char key[key_length];
+ unsigned char t[t_length];
+ unsigned char t_result[t_length];
+ unsigned char chunks[num_chunks];
+ unsigned int chunk_len;
+ unsigned int offset;
+ unsigned char *chunk_data;
+ unsigned char icb[AES_BLOCK_SIZE];
+ unsigned char ucb[AES_BLOCK_SIZE];
+ unsigned char subkey[AES_BLOCK_SIZE];
+ unsigned char running_tag[AES_BLOCK_SIZE];
+ unsigned int sum_A_len;
+ unsigned int sum_C_len;
+ int rc = 0, i;
+ load_test_data(aad, aad_length, input_data, data_length, result,
+ t_result, t_length, iv, iv_length, key, key_length,
+ chunks, num_chunks, iteration);
+ aad_length_tmp = aad_length;
+ memset(running_tag, 0, AES_BLOCK_SIZE);
+ rc = ica_aes_gcm_initialize(iv, iv_length, key, key_length,
+ icb, ucb, subkey, 1);
+ offset = 0;
+ for (i = 0; i < num_chunks; i++) {
+ chunk_len = chunks[i];
+ chunk_data = input_data + offset;
+ rc = ica_aes_gcm_intermediate(chunk_data, chunk_len, encrypt + offset,
+ ucb, aad, aad_length,
+ running_tag, AES_BLOCK_SIZE,
+ key, key_length, subkey, 1);
+ /* clear aad_length after first run*/
+ aad_length = 0;
+ offset += chunk_len;
+ }
+ sum_A_len = aad_length_tmp;
+ sum_C_len = offset;
+ rc = ica_aes_gcm_last(icb, sum_A_len, sum_C_len, running_tag,
+ t, t_length, key, key_length, subkey, 1);
+ if (rc == EPERM) {
+ printf("ica_aes_gcm returns with EPERM (%d).\n", rc);
+ printf("Operation is not permitted on this machine. Test skipped!\n");
+ return 0;
+ }
+ if (rc) {
+ printf("ica_aes_gcm encrypt failed with rc = %i\n", rc);
+ dump_gcm_data(iv, iv_length, aad, aad_length, key, key_length,
+ input_data, data_length, encrypt, t, t_length);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_gcm_data(iv, iv_length, aad, aad_length, key, key_length,
+ input_data, data_length, encrypt, running_tag,
+ t_length);
+ }
+ if (memcmp(result, encrypt, data_length)) {
+ printf("Encryption Result does not match the known ciphertext!\n");
+ printf("Expected data:\n");
+ dump_array(result, data_length);
+ printf("Encryption Result:\n");
+ dump_array(encrypt, data_length);
+ rc++;
+ }
+ if (memcmp(running_tag, t_result, t_length)) {
+ printf("Tag result does not match the expected tag!\n");
+ printf("Expected tag:\n");
+ dump_array(t_result, t_length);
+ printf("Tag Result:\n");
+ dump_array(t, t_length);
+ rc++;
+ }
+ if (rc) {
+ printf("GCM test exited after encryption\n");
+ return rc;
+ }
+ aad_length = aad_length_tmp;
+ memset(running_tag, 0, AES_BLOCK_SIZE);
+ rc = ica_aes_gcm_initialize(iv, iv_length, key, key_length,
+ icb, ucb, subkey, 0);
+ offset = 0;
+ for (i = 0; i < num_chunks; i++) {
+ chunk_len = chunks[i];
+ chunk_data = encrypt + offset;
+ rc = ica_aes_gcm_intermediate(decrypt + offset, chunk_len, chunk_data,
+ ucb, aad, aad_length,
+ running_tag, AES_BLOCK_SIZE,
+ key, key_length, subkey, 0);
+ /* clear aad_length after first run*/
+ aad_length = 0;
+ offset += chunk_len;
+ }
+ sum_A_len = aad_length_tmp;
+ sum_C_len = offset;
+ rc = ica_aes_gcm_last(icb, sum_A_len, sum_C_len, running_tag,
+ t_result, t_length, key, key_length, subkey, 0);
+ if (rc == EPERM) {
+ printf("ica_aes_gcm returns with EPERM (%d).\n", rc);
+ printf("Operation is not permitted on this machine. Test skipped!\n");
+ return 0;
+ }
+ if (rc) {
+ printf("ica_aes_gcm decrypt failed with rc = %i\n", rc);
+ dump_gcm_data(iv, iv_length, aad, aad_length, key, key_length,
+ encrypt, data_length, decrypt, running_tag,
+ t_length);
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_gcm_data(iv, iv_length, aad, aad_length, key, key_length,
+ encrypt, data_length, decrypt, running_tag,
+ t_length);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ if (memcmp(running_tag, t_result, t_length)) {
+ printf("Tag result does not match the expected tag!\n");
+ printf("Expected tag:\n");
+ dump_array(t_result, t_length);
+ printf("Tag Result:\n");
+ dump_array(t, t_length);
+ rc++;
+ }
+ return rc;
+int main(int argc, char **argv)
+ // Default mode is 0. ECB,CBC and CFQ tests will be performed.
+ unsigned int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ if (argc == 3)
+ if (strstr(argv[2], "silent"))
+ silent = 1;
+ }
+ int rc = 0;
+ int error_count = 0;
+ int iteration;
+ for(iteration = 1; iteration <= NR_TESTS; iteration++) {
+ rc = test_gcm_kat(iteration, silent);
+ if (rc) {
+ printf("test_gcm_kat failed with rc = %i\n", rc);
+ error_count++;
+ }
+ rc = test_gcm_kat_update(iteration, silent);
+ if (rc) {
+ printf("test_gcm_kat_update failed with rc = %i\n", rc);
+ error_count++;
+ }
+ }
+ if (error_count)
+ printf("%i of %i testcases failed\n", error_count, iteration);
+ else
+ printf("All AES-GCM testcases finished successfully.\n");
+ return rc;
diff --git a/src/tests/libica_aes_ofb_test.c b/src/tests/libica_aes_ofb_test.c
new file mode 100644
index 0000000..717d36d
--- /dev/null
+++ b/src/tests/libica_aes_ofb_test.c
@@ -0,0 +1,555 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_TESTS 6
+#define NR_RANDOM_TESTS 10000
+/* OFB data - 1 for AES128 */
+unsigned char NIST_KEY_OFB_E1[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+unsigned char NIST_IV_OFB_E1[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+unsigned char NIST_EXPECTED_IV_OFB_E1[] = {
+ 0x50, 0xfe, 0x67, 0xcc, 0x99, 0x6d, 0x32, 0xb6,
+ 0xda, 0x09, 0x37, 0xe9, 0x9b, 0xaf, 0xec, 0x60,
+unsigned char NIST_TEST_DATA_OFB_E1[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+unsigned char NIST_TEST_RESULT_OFB_E1[] = {
+ 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20,
+ 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a,
+/* OFB data - 2 for AES128 */
+unsigned char NIST_KEY_OFB_E2[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+unsigned char NIST_IV_OFB_E2[] = {
+ 0x50, 0xfe, 0x67, 0xcc, 0x99, 0x6d, 0x32, 0xb6,
+ 0xda, 0x09, 0x37, 0xe9, 0x9b, 0xaf, 0xec, 0x60,
+unsigned char NIST_EXPECTED_IV_OFB_E2[] = {
+ 0xd9, 0xa4, 0xda, 0xda, 0x08, 0x92, 0x23, 0x9f,
+ 0x6b, 0x8b, 0x3d, 0x76, 0x80, 0xe1, 0x56, 0x74,
+unsigned char NIST_TEST_DATA_OFB_E2[] = {
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+unsigned char NIST_TEST_RESULT_OFB_E2[] = {
+ 0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03,
+ 0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25,
+/* OFB data - 3 - for AES192 */
+unsigned char NIST_KEY_OFB_E3[] = {
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
+ 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
+ 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
+unsigned char NIST_IV_OFB_E3[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+unsigned char NIST_EXPECTED_IV_OFB_E3[] = {
+ 0xa6, 0x09, 0xb3, 0x8d, 0xf3, 0xb1, 0x13, 0x3d,
+ 0xdd, 0xff, 0x27, 0x18, 0xba, 0x09, 0x56, 0x5e,
+unsigned char NIST_TEST_DATA_OFB_E3[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+unsigned char NIST_TEST_RESULT_OFB_E3[] = {
+ 0xcd, 0xc8, 0x0d, 0x6f, 0xdd, 0xf1, 0x8c, 0xab,
+ 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74,
+/* OFB data - 4 - for AES192 */
+unsigned char NIST_KEY_OFB_E4[] = {
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
+ 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
+ 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b,
+unsigned char NIST_IV_OFB_E4[] = {
+ 0xa6, 0x09, 0xb3, 0x8d, 0xf3, 0xb1, 0x13, 0x3d,
+ 0xdd, 0xff, 0x27, 0x18, 0xba, 0x09, 0x56, 0x5e,
+unsigned char NIST_EXPECTED_IV_OFB_E4[] = {
+ 0x52, 0xef, 0x01, 0xda, 0x52, 0x60, 0x2f, 0xe0,
+ 0x97, 0x5f, 0x78, 0xac, 0x84, 0xbf, 0x8a, 0x50,
+unsigned char NIST_TEST_DATA_OFB_E4[] = {
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+unsigned char NIST_TEST_RESULT_OFB_E4[] = {
+ 0xfc, 0xc2, 0x8b, 0x8d, 0x4c, 0x63, 0x83, 0x7c,
+ 0x09, 0xe8, 0x17, 0x00, 0xc1, 0x10, 0x04, 0x01,
+/* OFB data 5 - for AES 256 */
+unsigned char NIST_KEY_OFB_E5[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+unsigned char NIST_IV_OFB_E5[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+unsigned char NIST_EXPECTED_IV_OFB_E5[] = {
+ 0xb7, 0xbf, 0x3a, 0x5d, 0xf4, 0x39, 0x89, 0xdd,
+ 0x97, 0xf0, 0xfa, 0x97, 0xeb, 0xce, 0x2f, 0x4a,
+unsigned char NIST_TEST_DATA_OFB_E5[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+unsigned char NIST_TEST_RESULT_OFB_E5[] = {
+ 0xdc, 0x7e, 0x84, 0xbf, 0xda, 0x79, 0x16, 0x4b,
+ 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60,
+/* OFB data 6 - for AES 256 */
+unsigned char NIST_KEY_OFB_E6[] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4,
+unsigned char NIST_IV_OFB_E6[] = {
+ 0xb7, 0xbf, 0x3a, 0x5d, 0xf4, 0x39, 0x89, 0xdd,
+ 0x97, 0xf0, 0xfa, 0x97, 0xeb, 0xce, 0x2f, 0x4a,
+unsigned char NIST_EXPECTED_IV_OFB_E6[] = {
+ 0xe1, 0xc6, 0x56, 0x30, 0x5e, 0xd1, 0xa7, 0xa6,
+ 0x56, 0x38, 0x05, 0x74, 0x6f, 0xe0, 0x3e, 0xdc,
+unsigned char NIST_TEST_DATA_OFB_E6[] = {
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+unsigned char NIST_TEST_RESULT_OFB_E6[] = {
+ 0x4f, 0xeb, 0xdc, 0x67, 0x40, 0xd2, 0x0b, 0x3a,
+ 0xc8, 0x8f, 0x6a, 0xd8, 0x2a, 0x4f, 0xb0, 0x8d,
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_ofb_data(unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data)
+ printf("IV \n");
+ dump_array(iv, iv_length);
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+void get_sizes(unsigned int *data_length, unsigned int *iv_length,
+ unsigned int *key_length, unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ *data_length = sizeof(NIST_TEST_DATA_OFB_E1);
+ *iv_length = sizeof(NIST_IV_OFB_E1);
+ *key_length = sizeof(NIST_KEY_OFB_E1);
+ break;
+ case 2:
+ *data_length = sizeof(NIST_TEST_DATA_OFB_E2);
+ *iv_length = sizeof(NIST_IV_OFB_E2);
+ *key_length = sizeof(NIST_KEY_OFB_E2);
+ break;
+ case 3:
+ *data_length = sizeof(NIST_TEST_DATA_OFB_E3);
+ *iv_length = sizeof(NIST_IV_OFB_E3);
+ *key_length = sizeof(NIST_KEY_OFB_E3);
+ break;
+ case 4:
+ *data_length = sizeof(NIST_TEST_DATA_OFB_E4);
+ *iv_length = sizeof(NIST_IV_OFB_E4);
+ *key_length = sizeof(NIST_KEY_OFB_E4);
+ break;
+ case 5:
+ *data_length = sizeof(NIST_TEST_DATA_OFB_E5);
+ *iv_length = sizeof(NIST_IV_OFB_E5);
+ *key_length = sizeof(NIST_KEY_OFB_E5);
+ break;
+ case 6:
+ *data_length = sizeof(NIST_TEST_DATA_OFB_E6);
+ *iv_length = sizeof(NIST_IV_OFB_E6);
+ *key_length = sizeof(NIST_KEY_OFB_E6);
+ break;
+ }
+void load_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *result,
+ unsigned char *iv, unsigned char *expected_iv,
+ unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ memcpy(data, NIST_TEST_DATA_OFB_E1, data_length);
+ memcpy(result, NIST_TEST_RESULT_OFB_E1, data_length);
+ memcpy(iv, NIST_IV_OFB_E1, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_OFB_E1, iv_length);
+ memcpy(key, NIST_KEY_OFB_E1, key_length);
+ break;
+ case 2:
+ memcpy(data, NIST_TEST_DATA_OFB_E2, data_length);
+ memcpy(result, NIST_TEST_RESULT_OFB_E2, data_length);
+ memcpy(iv, NIST_IV_OFB_E2, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_OFB_E2, iv_length);
+ memcpy(key, NIST_KEY_OFB_E2, key_length);
+ break;
+ case 3:
+ memcpy(data, NIST_TEST_DATA_OFB_E3, data_length);
+ memcpy(result, NIST_TEST_RESULT_OFB_E3, data_length);
+ memcpy(iv, NIST_IV_OFB_E3, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_OFB_E3, iv_length);
+ memcpy(key, NIST_KEY_OFB_E3, key_length);
+ break;
+ case 4:
+ memcpy(data, NIST_TEST_DATA_OFB_E4, data_length);
+ memcpy(result, NIST_TEST_RESULT_OFB_E4, data_length);
+ memcpy(iv, NIST_IV_OFB_E4, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_OFB_E4, iv_length);
+ memcpy(key, NIST_KEY_OFB_E4, key_length);
+ break;
+ case 5:
+ memcpy(data, NIST_TEST_DATA_OFB_E5, data_length);
+ memcpy(result, NIST_TEST_RESULT_OFB_E5, data_length);
+ memcpy(iv, NIST_IV_OFB_E5, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_OFB_E5, iv_length);
+ memcpy(key, NIST_KEY_OFB_E5, key_length);
+ break;
+ case 6:
+ memcpy(data, NIST_TEST_DATA_OFB_E6, data_length);
+ memcpy(result, NIST_TEST_RESULT_OFB_E6, data_length);
+ memcpy(iv, NIST_IV_OFB_E6, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_OFB_E6, iv_length);
+ memcpy(key, NIST_KEY_OFB_E6, key_length);
+ break;
+ }
+int load_random_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length)
+ int rc;
+ rc = ica_random_number_generate(data_length, data);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(iv_length, iv);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(key_length, key);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ return rc;
+int random_aes_ofb(int iteration, int silent, unsigned int data_length)
+ int i;
+ int rc = 0;
+ unsigned int iv_length = sizeof(ica_aes_vector_t);
+ unsigned int key_length = AES_KEY_LEN128;
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+for (i = 0; i <= 2; i++) {
+ unsigned char key[key_length];
+ memset(encrypt, 0x00, data_length);
+ memset(decrypt, 0x00, data_length);
+ load_random_test_data(input_data, data_length, iv, iv_length, key,
+ key_length);
+ memcpy(tmp_iv, iv, iv_length);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i\n",
+ key_length, data_length, iv_length);
+ }
+ rc = ica_aes_ofb(input_data, encrypt, data_length, key, key_length,
+ tmp_iv, 1);
+ if (rc) {
+ printf("ica_aes_ofb encrypt failed with rc = %i\n", rc);
+ dump_ofb_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_ofb_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (rc) {
+ printf("AES OFB test exited after encryption\n");
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_aes_ofb(encrypt, decrypt, data_length, key, key_length,
+ tmp_iv, 0);
+ if (rc) {
+ printf("ica_aes_ofb decrypt failed with rc = %i\n", rc);
+ dump_ofb_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_ofb_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ return rc;
+ }
+ key_length += 8;
+ return rc;
+int kat_aes_ofb(int iteration, int silent)
+ unsigned int data_length;
+ unsigned int iv_length;
+ unsigned int key_length;
+ get_sizes(&data_length, &iv_length, &key_length, iteration);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i\n",
+ key_length, data_length, iv_length);
+ }
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char expected_iv[iv_length];
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ unsigned char result[data_length];
+ int rc = 0;
+ load_test_data(input_data, data_length, result, iv, expected_iv,
+ iv_length, key, key_length, iteration);
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_aes_ofb(input_data, encrypt, data_length, key, key_length,
+ tmp_iv, 1);
+ if (rc) {
+ printf("ica_aes_ofb encrypt failed with rc = %i\n", rc);
+ dump_ofb_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_ofb_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (memcmp(result, encrypt, data_length)) {
+ printf("Encryption Result does not match the known ciphertext!\n");
+ printf("Expected data:\n");
+ dump_array(result, data_length);
+ printf("Encryption Result:\n");
+ dump_array(encrypt, data_length);
+ rc++;
+ }
+ if (memcmp(expected_iv, tmp_iv, iv_length)) {
+ printf("Update of IV does not match the expected IV!\n");
+ printf("Expected IV:\n");
+ dump_array(expected_iv, iv_length);
+ printf("Updated IV:\n");
+ dump_array(tmp_iv, iv_length);
+ printf("Original IV:\n");
+ dump_array(iv, iv_length);
+ rc++;
+ }
+ if (rc) {
+ printf("AES OFB test exited after encryption\n");
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_aes_ofb(encrypt, decrypt, data_length, key, key_length,
+ tmp_iv, 0);
+ if (rc) {
+ printf("ica_aes_ofb decrypt failed with rc = %i\n", rc);
+ dump_ofb_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_ofb_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int main(int argc, char **argv)
+ int rc = 0;
+ int error_count = 0;
+ int iteration;
+ unsigned int rdata;
+ unsigned int data_length = 1;
+ unsigned int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ for(iteration = 1; iteration <= NR_TESTS; iteration++) {
+ rc = kat_aes_ofb(iteration, silent);
+ if (rc) {
+ printf("kat_aes_ofb failed with rc = %i\n", rc);
+ error_count++;
+ }
+ }
+ for(iteration = 1; iteration <= NR_RANDOM_TESTS; iteration++) {
+ int silent = 1;
+ rc = random_aes_ofb(iteration, silent, data_length);
+ if (rc) {
+ printf("random_aes_ofb failed with rc = %i\n", rc);
+ error_count++;
+ goto out;
+ }
+ // add a value between 1 and 8 to data_length
+ if (ica_random_number_generate(sizeof(rdata), (unsigned char*) &rdata)) {
+ printf("ica_random_number_generate failed with errnor = %i\n",
+ errno);
+ exit(1);
+ }
+ data_length += (rdata % 8) + 1;
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All AES-OFB testcases finished successfully\n");
+ return rc;
diff --git a/src/tests/libica_aes_xts_test.c b/src/tests/libica_aes_xts_test.c
new file mode 100644
index 0000000..0e14f4a
--- /dev/null
+++ b/src/tests/libica_aes_xts_test.c
@@ -0,0 +1,669 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have recetweaked a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_TESTS 5
+#define NR_RANDOM_TESTS 20000
+/* XTS data -1- AES128 */
+unsigned char NIST_KEY_XTS_E1[] = {
+ 0x46, 0xe6, 0xed, 0x9e, 0xf4, 0x2d, 0xcd, 0xb3,
+ 0xc8, 0x93, 0x09, 0x3c, 0x28, 0xe1, 0xfc, 0x0f,
+ 0x91, 0xf5, 0xca, 0xa3, 0xb6, 0xe0, 0xbc, 0x5a,
+ 0x14, 0xe7, 0x83, 0x21, 0x5c, 0x1d, 0x5b, 0x61,
+unsigned char NIST_TWEAK_XTS_E1[] = {
+ 0x72, 0xf3, 0xb0, 0x54, 0xcb, 0xdc, 0x2f, 0x9e,
+ 0x3c, 0x5b, 0xc5, 0x51, 0xd4, 0x4d, 0xdb, 0xa0,
+/* TWEAK should not be updated, so the exptected tweak is the same as the
+ * original TWEAK.
+ */
+unsigned char NIST_EXPECTED_TWEAK_XTS_E1[] = {
+ 0x72, 0xf3, 0xb0, 0x54, 0xcb, 0xdc, 0x2f, 0x9e,
+ 0x3c, 0x5b, 0xc5, 0x51, 0xd4, 0x4d, 0xdb, 0xa0,
+unsigned char NIST_TEST_DATA_XTS_E1[] = {
+ 0xe3, 0x77, 0x8d, 0x68, 0xe7, 0x30, 0xef, 0x94,
+ 0x5b, 0x4a, 0xe3, 0xbc, 0x5b, 0x93, 0x6b, 0xdd,
+unsigned char NIST_TEST_RESULT_XTS_E1[] = {
+ 0x97, 0x40, 0x9f, 0x1f, 0x71, 0xae, 0x45, 0x21,
+ 0xcb, 0x49, 0xa3, 0x29, 0x73, 0xde, 0x4d, 0x05,
+/* XTS data -2- AES128 */
+unsigned char NIST_KEY_XTS_E2[] = {
+ 0x93, 0x56, 0xcd, 0xad, 0x25, 0x1a, 0xb6, 0x11,
+ 0x14, 0xce, 0xc2, 0xc4, 0x4a, 0x60, 0x92, 0xdd,
+ 0xe9, 0xf7, 0x46, 0xcc, 0x65, 0xae, 0x3b, 0xd4,
+ 0x96, 0x68, 0x64, 0xaa, 0x36, 0x26, 0xd1, 0x88,
+unsigned char NIST_TWEAK_XTS_E2[] = {
+ 0x68, 0x88, 0x27, 0x83, 0x65, 0x24, 0x36, 0xc4,
+ 0x85, 0x7a, 0x88, 0xc0, 0xc3, 0x73, 0x41, 0x7e,
+unsigned char NIST_EXPECTED_TWEAK_XTS_E2[] = {
+ 0x68, 0x88, 0x27, 0x83, 0x65, 0x24, 0x36, 0xc4,
+ 0x85, 0x7a, 0x88, 0xc0, 0xc3, 0x73, 0x41, 0x7e,
+unsigned char NIST_TEST_DATA_XTS_E2[] = {
+ 0xce, 0x17, 0x6b, 0xdd, 0xe3, 0x39, 0x50, 0x5b,
+ 0xa1, 0x5d, 0xea, 0x36, 0xd2, 0x8c, 0xe8, 0x7d,
+unsigned char NIST_TEST_RESULT_XTS_E2[] = {
+ 0x22, 0xf5, 0xf9, 0x37, 0xdf, 0xb3, 0x9e, 0x5b,
+ 0x74, 0x25, 0xed, 0x86, 0x3d, 0x31, 0x0b, 0xe1,
+/* XTS data -3- AES128 */
+unsigned char NIST_KEY_XTS_E3[] = {
+ 0x63, 0xf3, 0x6e, 0x9c, 0x39, 0x7c, 0x65, 0x23,
+ 0xc9, 0x9f, 0x16, 0x44, 0xec, 0xb1, 0xa5, 0xd9,
+ 0xbc, 0x0f, 0x2f, 0x55, 0xfb, 0xe3, 0x24, 0x44,
+ 0x4c, 0x39, 0x0f, 0xae, 0x75, 0x2a, 0xd4, 0xd7,
+unsigned char NIST_TWEAK_XTS_E3[] = {
+ 0xcd, 0xb1, 0xbd, 0x34, 0x86, 0xf3, 0x53, 0xcc,
+ 0x16, 0x0a, 0x84, 0x0b, 0xea, 0xdf, 0x03, 0x29,
+unsigned char NIST_EXPECTED_TWEAK_XTS_E3[] = {
+ 0xcd, 0xb1, 0xbd, 0x34, 0x86, 0xf3, 0x53, 0xcc,
+ 0x16, 0x0a, 0x84, 0x0b, 0xea, 0xdf, 0x03, 0x29,
+unsigned char NIST_TEST_DATA_XTS_E3[] = {
+ 0x9a, 0x01, 0x49, 0x88, 0x8b, 0xf7, 0x61, 0x60,
+ 0xa8, 0x14, 0x28, 0xbc, 0x91, 0x40, 0xec, 0xcd,
+ 0x26, 0xed, 0x18, 0x36, 0x8e, 0x24, 0xd4, 0x9b,
+ 0x9c, 0xc5, 0x12, 0x92, 0x9a, 0x88, 0xad, 0x1e,
+ 0x66, 0xc7, 0x63, 0xf4, 0xf5, 0x6b, 0x63, 0xbb,
+ 0x9d, 0xd9, 0x50, 0x8c, 0x5d, 0x4d, 0xf4, 0x65,
+ 0xad, 0x98, 0x82, 0x14, 0x82, 0xfc, 0x71, 0x94,
+ 0xee, 0x23, 0x54, 0xa3, 0xfa, 0xdc, 0xe9, 0x23,
+ 0x18, 0x54, 0x8e, 0x8c, 0xe9, 0x45, 0x20, 0x81,
+ 0x60, 0x49, 0x7b, 0x93, 0x05, 0xd9, 0xab, 0x10,
+ 0x91, 0xab, 0x41, 0xd1, 0xf0, 0x9a, 0x0c, 0x7b,
+ 0xfa, 0xf9, 0xf9, 0x4f, 0xe7, 0xc8, 0xf1, 0xea,
+ 0x96, 0x8f, 0x8f, 0x9a, 0x71, 0x3a, 0xca, 0xde,
+ 0x18, 0xb6, 0x82, 0x32, 0x10, 0x6f, 0xfd, 0x6d,
+ 0x42, 0x81, 0xe9, 0x9e, 0x11, 0xd6, 0xa4, 0x28,
+ 0xb5, 0x16, 0x53, 0xc0, 0xc7, 0xdd, 0xe5, 0xa0,
+ 0xf2, 0x73, 0xe7, 0x4f, 0xf0, 0x15, 0xce, 0x80,
+ 0x27, 0x7d, 0x74, 0x30, 0xf5, 0xda, 0xea, 0x8f,
+ 0x73, 0x40, 0x64, 0x5e, 0x0b, 0xec, 0x25, 0xf4,
+ 0x04, 0x0f, 0xa1, 0x3c, 0x0b, 0x33, 0x06, 0x93,
+ 0xb1, 0x00, 0x83, 0xa8, 0xb9, 0xbc, 0x10, 0x8f,
+ 0xe6, 0x4f, 0x3a, 0x5b, 0x61, 0x3c, 0xbb, 0x56,
+ 0x5a, 0xee, 0x2f, 0x09, 0xf5, 0xb2, 0x04, 0xae,
+ 0xe1, 0x72, 0x28, 0xfe, 0x65, 0x31, 0xc7, 0x0c,
+ 0x0e, 0xc9, 0x47, 0xd2, 0xa5, 0x14, 0x7b, 0x45,
+ 0xc5, 0x1a, 0xc7, 0xdc, 0x8e, 0x85, 0x87, 0x03,
+ 0x87, 0xeb, 0x8d, 0xb6, 0x25, 0x13, 0x68, 0x36,
+ 0x8b, 0xf5, 0xf2, 0x46, 0xb2, 0x95, 0x7d, 0xaf,
+ 0xf7, 0x02, 0xe3, 0x79, 0x02, 0x2e, 0x99, 0x16,
+ 0x17, 0x49, 0xe6, 0xbe, 0x8e, 0xb7, 0x9d, 0x51,
+ 0x97, 0x99, 0xaa, 0xe0, 0x7c, 0x18, 0x31, 0xbd,
+ 0x0e, 0xe7, 0x25, 0x50, 0xb8, 0x53, 0x33, 0xab,
+ 0x9e, 0x96, 0xa5, 0x33, 0xe2, 0x97, 0x25, 0xd7,
+ 0x02, 0x3d, 0x82, 0x1a, 0xbe, 0x1c, 0xe3, 0xa7,
+ 0x44, 0xbe, 0x02, 0xe0, 0x52, 0x56, 0x8f, 0x84,
+ 0xe6, 0xe3, 0xf7, 0x44, 0x42, 0xbb, 0xa5, 0x0d,
+ 0x02, 0xad, 0x2d, 0x6c, 0xa5, 0x8a, 0x69, 0x1f,
+ 0xd2, 0x43, 0x9a, 0xa3, 0xaf, 0x0c, 0x03, 0x3a,
+ 0x68, 0xc4, 0x38, 0xb2, 0xd9, 0xa0, 0xa0, 0x1d,
+ 0x78, 0xc4, 0xf8, 0x7c, 0x50, 0x9f, 0xea, 0x0a,
+ 0x43, 0x5b, 0xe7, 0x1b, 0xa2, 0x37, 0x06, 0xd6,
+ 0x08, 0x2d, 0xcb, 0xa6, 0x26, 0x25, 0x99, 0x9e,
+ 0xce, 0x09, 0xdf, 0xb3, 0xfc, 0xbe, 0x08, 0xeb,
+ 0xb6, 0xf2, 0x15, 0x1e, 0x2f, 0x12, 0xeb, 0xe8,
+ 0xa5, 0xbf, 0x11, 0x62, 0xc2, 0x59, 0xf2, 0x02,
+ 0xc1, 0xba, 0x47, 0x8b, 0x5f, 0x46, 0x8a, 0x28,
+ 0x69, 0xf1, 0xe7, 0x6c, 0xf5, 0xed, 0x38, 0xde,
+ 0x53, 0x86, 0x9a, 0xdc, 0x83, 0x70, 0x9e, 0x21,
+ 0xb3, 0xf8, 0xdc, 0x13, 0xba, 0x3d, 0x6a, 0xa7,
+ 0xf6, 0xb0, 0xcf, 0xb3, 0xe5, 0xa4, 0x3c, 0x23,
+ 0x72, 0xe0, 0xee, 0x60, 0x99, 0x1c, 0xe1, 0xca,
+ 0xd1, 0x22, 0xa3, 0x1d, 0x93, 0x97, 0xe3, 0x0b,
+ 0x92, 0x1f, 0xd2, 0xf6, 0xee, 0x69, 0x6e, 0x68,
+ 0x49, 0xae, 0xee, 0x29, 0xe2, 0xb4, 0x45, 0xc0,
+ 0xfd, 0x9a, 0xde, 0x65, 0x56, 0xc3, 0xc0, 0x69,
+ 0xc5, 0xd6, 0x05, 0x95, 0xab, 0xbd, 0xf5, 0xba,
+ 0xe2, 0xcc, 0xc7, 0x9a, 0x49, 0x6e, 0x83, 0xcc,
+ 0xab, 0x95, 0x74, 0x0e, 0xb8, 0xe4, 0xf2, 0x92,
+ 0x5d, 0xbf, 0x72, 0x97, 0xa8, 0xc9, 0x92, 0x75,
+ 0x6e, 0x62, 0x87, 0x0e, 0xdc, 0xe9, 0x8f, 0x6c,
+ 0xba, 0x1a, 0xa0, 0xd5, 0xb8, 0x6f, 0x09, 0x21,
+ 0x43, 0xb1, 0x6d, 0xa1, 0x44, 0x15, 0x47, 0xd1,
+ 0xd4, 0x2b, 0x80, 0x06, 0xfa, 0xce, 0x69, 0x5b,
+ 0x03, 0xfd, 0xfa, 0xe6, 0x45, 0xf9, 0x5b, 0xd6,
+unsigned char NIST_TEST_RESULT_XTS_E3[] = {
+ 0x0e, 0xee, 0xf2, 0x8c, 0xa1, 0x59, 0xb8, 0x05,
+ 0xf5, 0xc2, 0x15, 0x61, 0x05, 0x51, 0x67, 0x8a,
+ 0xb7, 0x72, 0xf2, 0x79, 0x37, 0x4f, 0xb1, 0x40,
+ 0xab, 0x55, 0x07, 0x68, 0xdb, 0x42, 0xcf, 0x6c,
+ 0xb7, 0x36, 0x37, 0x64, 0x19, 0x34, 0x19, 0x5f,
+ 0xfc, 0x08, 0xcf, 0x5a, 0x91, 0x88, 0xb8, 0x2b,
+ 0x84, 0x0a, 0x00, 0x7d, 0x52, 0x72, 0x39, 0xea,
+ 0x3f, 0x0d, 0x7d, 0xd1, 0xf2, 0x51, 0x86, 0xec,
+ 0xae, 0x30, 0x87, 0x7d, 0xad, 0xa7, 0x7f, 0x24,
+ 0x3c, 0xdd, 0xb2, 0xc8, 0x8e, 0x99, 0x04, 0x82,
+ 0x7d, 0x3e, 0x09, 0x82, 0xda, 0x0d, 0x13, 0x91,
+ 0x1d, 0x0e, 0x2d, 0xbb, 0xbb, 0x2d, 0x01, 0x6c,
+ 0xbe, 0x4d, 0x06, 0x76, 0xb1, 0x45, 0x9d, 0xa8,
+ 0xc5, 0x3a, 0x91, 0x45, 0xe8, 0x3c, 0xf4, 0x2f,
+ 0x30, 0x11, 0x2c, 0xa6, 0x5d, 0x77, 0xc8, 0x93,
+ 0x4a, 0x26, 0xee, 0x00, 0x1f, 0x39, 0x0f, 0xfc,
+ 0xc1, 0x87, 0x03, 0x66, 0x2a, 0x8f, 0x71, 0xf9,
+ 0xda, 0x0e, 0x7b, 0x68, 0xb1, 0x04, 0x3c, 0x1c,
+ 0xb5, 0x26, 0x08, 0xcf, 0x0e, 0x69, 0x51, 0x0d,
+ 0x38, 0xc8, 0x0f, 0xa0, 0x0d, 0xe4, 0x3d, 0xef,
+ 0x98, 0x4d, 0xff, 0x2f, 0x32, 0x4e, 0xcf, 0x39,
+ 0x89, 0x44, 0x53, 0xd3, 0xe0, 0x1b, 0x3d, 0x7b,
+ 0x3b, 0xc0, 0x57, 0x04, 0x9d, 0x19, 0x5c, 0x8e,
+ 0xb9, 0x3f, 0xe4, 0xd9, 0x5a, 0x83, 0x00, 0xa5,
+ 0xe6, 0x0a, 0x7c, 0x89, 0xe4, 0x0c, 0x69, 0x16,
+ 0x79, 0xfb, 0xca, 0xfa, 0xd8, 0xeb, 0x41, 0x8f,
+ 0x8d, 0x1f, 0xf7, 0xb9, 0x11, 0x75, 0xf8, 0xeb,
+ 0x3c, 0x6f, 0xf2, 0x87, 0x2d, 0x32, 0xee, 0x4c,
+ 0x57, 0x36, 0x9e, 0x61, 0xb6, 0x6d, 0x16, 0x6f,
+ 0xd0, 0xa4, 0x34, 0x57, 0x47, 0x82, 0x75, 0xfe,
+ 0x14, 0xbf, 0x34, 0x63, 0x8a, 0x9e, 0x4e, 0x1d,
+ 0x25, 0xcc, 0x5a, 0x5f, 0x9e, 0x25, 0x7e, 0x61,
+ 0x7a, 0xdc, 0xdd, 0xe6, 0x5e, 0x25, 0x57, 0x40,
+ 0x53, 0x62, 0xc8, 0x91, 0xe6, 0x54, 0x6a, 0x6d,
+ 0xee, 0xaa, 0x8f, 0xc0, 0x3b, 0x12, 0x2a, 0x55,
+ 0x87, 0x4d, 0x33, 0xe0, 0xa7, 0x73, 0x52, 0x34,
+ 0x68, 0x32, 0x5e, 0xc2, 0x4d, 0x4f, 0xaf, 0xfb,
+ 0x63, 0xc0, 0x52, 0xc8, 0x11, 0xa1, 0xc0, 0x22,
+ 0xba, 0xfc, 0xcb, 0x97, 0x98, 0x8b, 0x7e, 0x45,
+ 0x67, 0xb2, 0x47, 0xd4, 0x04, 0x4b, 0x05, 0x2f,
+ 0xf7, 0x3f, 0x4c, 0x67, 0x1d, 0x27, 0xe0, 0x52,
+ 0xe2, 0xeb, 0xc7, 0x2d, 0x00, 0x57, 0xcb, 0x21,
+ 0x7c, 0x52, 0x59, 0xb6, 0x09, 0x50, 0xe3, 0xc8,
+ 0xb3, 0xd9, 0xe3, 0xe7, 0x63, 0x0f, 0x9e, 0xcb,
+ 0xe5, 0x48, 0xb9, 0xe3, 0x62, 0x20, 0xf3, 0x3c,
+ 0x2b, 0x45, 0x68, 0x30, 0x7c, 0xd0, 0x37, 0x5b,
+ 0xba, 0x13, 0x35, 0xe5, 0x8b, 0xfb, 0xcd, 0xe8,
+ 0x5c, 0xc8, 0x4c, 0x9c, 0x9c, 0x1c, 0xe7, 0x4f,
+ 0x44, 0xb2, 0x8e, 0xa1, 0xb6, 0x97, 0x30, 0x5b,
+ 0xb6, 0xba, 0x3b, 0x46, 0x4e, 0x5a, 0xb7, 0x45,
+ 0x01, 0x29, 0x3e, 0xf9, 0x15, 0x2c, 0x0f, 0x5d,
+ 0x33, 0x07, 0xd2, 0x6a, 0x1f, 0x07, 0x41, 0xc5,
+ 0xe5, 0x72, 0x1a, 0x71, 0x3d, 0x1b, 0x86, 0xc1,
+ 0x80, 0x82, 0x11, 0xf5, 0x7a, 0xad, 0x09, 0xa9,
+ 0x50, 0xb6, 0x86, 0x30, 0xaf, 0xce, 0x4f, 0x0a,
+ 0xd9, 0xf3, 0x2e, 0x67, 0x69, 0xb5, 0xfe, 0x31,
+ 0x92, 0x9c, 0x44, 0x6f, 0x7a, 0x33, 0x55, 0xf4,
+ 0x58, 0x84, 0xc7, 0x48, 0xc9, 0x05, 0x54, 0x15,
+ 0xe6, 0x37, 0xd9, 0xad, 0x87, 0xd9, 0x4c, 0x46,
+ 0x57, 0xb1, 0xad, 0x03, 0x4c, 0xb1, 0x4d, 0x9a,
+ 0x72, 0xea, 0x74, 0x5f, 0xe5, 0x2d, 0x7a, 0x71,
+ 0x1b, 0xa4, 0x1c, 0xa0, 0x35, 0x85, 0x6a, 0x5a,
+ 0x44, 0x89, 0xa4, 0x27, 0x0b, 0xb3, 0x0d, 0x5b,
+ 0x63, 0xf4, 0x9c, 0x05, 0x12, 0xfe, 0xd4, 0xb4
+/* XTS data -4- AES256 */
+unsigned char NIST_KEY_XTS_E4[] = {
+ 0x97, 0x09, 0x8b, 0x46, 0x5a, 0x44, 0xca, 0x75,
+ 0xe7, 0xa1, 0xc2, 0xdb, 0xfc, 0x40, 0xb7, 0xa6,
+ 0x1a, 0x20, 0xe3, 0x2c, 0x6d, 0x9d, 0xbf, 0xda,
+ 0x80, 0x72, 0x6f, 0xee, 0x10, 0x54, 0x1b, 0xab,
+ 0x47, 0x54, 0x63, 0xca, 0x07, 0xc1, 0xc1, 0xe4,
+ 0x49, 0x61, 0x73, 0x32, 0x14, 0x68, 0xd1, 0xab,
+ 0x3f, 0xad, 0x8a, 0xd9, 0x1f, 0xcd, 0xc6, 0x2a,
+ 0xbe, 0x07, 0xbf, 0xf8, 0xef, 0x96, 0x1b, 0x6b,
+unsigned char NIST_TWEAK_XTS_E4[] = {
+ 0x15, 0x60, 0x1e, 0x2e, 0x35, 0x85, 0x10, 0xa0,
+ 0x9d, 0xdc, 0xa4, 0xea, 0x17, 0x51, 0xf4, 0x3c,
+unsigned char NIST_EXPECTED_TWEAK_XTS_E4[] = {
+ 0x15, 0x60, 0x1e, 0x2e, 0x35, 0x85, 0x10, 0xa0,
+ 0x9d, 0xdc, 0xa4, 0xea, 0x17, 0x51, 0xf4, 0x3c,
+unsigned char NIST_TEST_DATA_XTS_E4[] = {
+ 0xd1, 0x9c, 0xfb, 0x38, 0x3b, 0xaf, 0x87, 0x2e,
+ 0x6f, 0x12, 0x16, 0x87, 0x45, 0x1d, 0xe1, 0x5c,
+unsigned char NIST_TEST_RESULT_XTS_E4[] = {
+ 0xeb, 0x22, 0x26, 0x9b, 0x14, 0x90, 0x50, 0x27,
+ 0xdc, 0x73, 0xc4, 0xa4, 0x0f, 0x93, 0x80, 0x69,
+/* XTS data -5- AES256 */
+unsigned char NIST_KEY_XTS_E5[] = {
+ 0xfb, 0xf0, 0x77, 0x6e, 0x7d, 0xbe, 0x49, 0x10,
+ 0xfb, 0x0c, 0x12, 0x0f, 0x41, 0x85, 0x71, 0x21,
+ 0x92, 0x6c, 0x05, 0x2f, 0xd6, 0x5a, 0x27, 0x8c,
+ 0xd2, 0xf0, 0xd9, 0x8d, 0xa5, 0x4e, 0xdf, 0xd5,
+ 0x08, 0x03, 0xa4, 0x2f, 0xbe, 0x6f, 0xd1, 0x33,
+ 0x58, 0x49, 0x00, 0xe8, 0xdc, 0x7a, 0x11, 0x52,
+ 0x39, 0x1f, 0x82, 0x2d, 0x76, 0xa7, 0x56, 0x68,
+ 0xcf, 0xce, 0x7f, 0x8d, 0xde, 0x20, 0x3e, 0xc8,
+unsigned char NIST_TWEAK_XTS_E5[] = {
+ 0x39, 0x5b, 0x6a, 0xcf, 0x9a, 0xdc, 0xd2, 0x91,
+ 0xc2, 0xc9, 0x48, 0x86, 0x36, 0x33, 0xaf, 0xf8,
+unsigned char NIST_EXPECTED_TWEAK_XTS_E5[] = {
+ 0x39, 0x5b, 0x6a, 0xcf, 0x9a, 0xdc, 0xd2, 0x91,
+ 0xc2, 0xc9, 0x48, 0x86, 0x36, 0x33, 0xaf, 0xf8,
+unsigned char NIST_TEST_DATA_XTS_E5[] = {
+ 0x3e, 0x2e, 0x26, 0x9d, 0x78, 0x3a, 0x2b, 0x29,
+ 0xe8, 0x73, 0xd6, 0x73, 0x47, 0x9f, 0x51, 0x16,
+ 0x73, 0x4f, 0xe0, 0x3e, 0xe3, 0x29, 0x65, 0xed,
+ 0xc4, 0x79, 0x35, 0xc0, 0xea, 0x99, 0xa0, 0x64,
+ 0xbd, 0x44, 0x4b, 0xec, 0x12, 0x5b, 0x2c, 0x78,
+ 0x9d, 0xb9, 0xde, 0x6d, 0x18, 0x35, 0x92, 0x05,
+ 0x3b, 0x48, 0xa8, 0x77, 0xa9, 0x5a, 0xc2, 0x55,
+ 0x9c, 0x3d, 0xdf, 0xc7, 0xb4, 0xdb, 0x99, 0x07,
+unsigned char NIST_TEST_RESULT_XTS_E5[] = {
+ 0x4c, 0x70, 0xbd, 0xbb, 0x77, 0x30, 0x2b, 0x7f,
+ 0x1f, 0xdd, 0xca, 0x50, 0xdc, 0x70, 0x73, 0x1e,
+ 0x00, 0x8a, 0x26, 0x55, 0xd2, 0x2a, 0xd0, 0x20,
+ 0x0c, 0x11, 0x1f, 0xd3, 0x2a, 0x67, 0x5a, 0x7e,
+ 0x09, 0x97, 0x11, 0x43, 0x6f, 0x98, 0xd2, 0x1c,
+ 0x72, 0x77, 0x2e, 0x0d, 0xd7, 0x67, 0x2f, 0xf5,
+ 0xfd, 0x00, 0xdd, 0xcb, 0xe1, 0x1e, 0xb9, 0x7e,
+ 0x69, 0x87, 0x83, 0xbf, 0xa4, 0x05, 0x46, 0xe3,
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_xts_data(unsigned char *tweak, unsigned int tweak_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data)
+ printf("TWEAK \n");
+ dump_array(tweak, tweak_length);
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+void get_sizes(unsigned int *data_length, unsigned int *tweak_length,
+ unsigned int *key_length, unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ *data_length = sizeof(NIST_TEST_DATA_XTS_E1);
+ *tweak_length = sizeof(NIST_TWEAK_XTS_E1);
+ *key_length = sizeof(NIST_KEY_XTS_E1);
+ break;
+ case 2:
+ *data_length = sizeof(NIST_TEST_DATA_XTS_E2);
+ *tweak_length = sizeof(NIST_TWEAK_XTS_E2);
+ *key_length = sizeof(NIST_KEY_XTS_E2);
+ break;
+ case 3:
+ *data_length = sizeof(NIST_TEST_DATA_XTS_E3);
+ *tweak_length = sizeof(NIST_TWEAK_XTS_E3);
+ *key_length = sizeof(NIST_KEY_XTS_E3);
+ break;
+ case 4:
+ *data_length = sizeof(NIST_TEST_DATA_XTS_E4);
+ *tweak_length = sizeof(NIST_TWEAK_XTS_E4);
+ *key_length = sizeof(NIST_KEY_XTS_E4);
+ break;
+ case 5:
+ *data_length = sizeof(NIST_TEST_DATA_XTS_E5);
+ *tweak_length = sizeof(NIST_TWEAK_XTS_E5);
+ *key_length = sizeof(NIST_KEY_XTS_E5);
+ break;
+ }
+void load_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *result,
+ unsigned char *tweak, unsigned char *expected_tweak,
+ unsigned int tweak_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ memcpy(data, NIST_TEST_DATA_XTS_E1, data_length);
+ memcpy(result, NIST_TEST_RESULT_XTS_E1, data_length);
+ memcpy(tweak, NIST_TWEAK_XTS_E1, tweak_length);
+ memcpy(expected_tweak, NIST_EXPECTED_TWEAK_XTS_E1,
+ tweak_length);
+ memcpy(key, NIST_KEY_XTS_E1, key_length);
+ break;
+ case 2:
+ memcpy(data, NIST_TEST_DATA_XTS_E2, data_length);
+ memcpy(result, NIST_TEST_RESULT_XTS_E2, data_length);
+ memcpy(tweak, NIST_TWEAK_XTS_E2, tweak_length);
+ memcpy(expected_tweak, NIST_EXPECTED_TWEAK_XTS_E2,
+ tweak_length);
+ memcpy(key, NIST_KEY_XTS_E2, key_length);
+ break;
+ case 3:
+ memcpy(data, NIST_TEST_DATA_XTS_E3, data_length);
+ memcpy(result, NIST_TEST_RESULT_XTS_E3, data_length);
+ memcpy(tweak, NIST_TWEAK_XTS_E3, tweak_length);
+ memcpy(expected_tweak, NIST_EXPECTED_TWEAK_XTS_E3,
+ tweak_length);
+ memcpy(key, NIST_KEY_XTS_E3, key_length);
+ break;
+ case 4:
+ memcpy(data, NIST_TEST_DATA_XTS_E4, data_length);
+ memcpy(result, NIST_TEST_RESULT_XTS_E4, data_length);
+ memcpy(tweak, NIST_TWEAK_XTS_E4, tweak_length);
+ memcpy(expected_tweak, NIST_EXPECTED_TWEAK_XTS_E4,
+ tweak_length);
+ memcpy(key, NIST_KEY_XTS_E4, key_length);
+ break;
+ case 5:
+ memcpy(data, NIST_TEST_DATA_XTS_E5, data_length);
+ memcpy(result, NIST_TEST_RESULT_XTS_E5, data_length);
+ memcpy(tweak, NIST_TWEAK_XTS_E5, tweak_length);
+ memcpy(expected_tweak, NIST_EXPECTED_TWEAK_XTS_E5,
+ tweak_length);
+ memcpy(key, NIST_KEY_XTS_E5, key_length);
+ break;
+ }
+int kat_aes_xts(int iteration, int silent)
+ unsigned int data_length;
+ unsigned int tweak_length;
+ unsigned int key_length;
+ get_sizes(&data_length, &tweak_length, &key_length, iteration);
+ unsigned char tweak[tweak_length];
+ unsigned char tmp_tweak[tweak_length];
+ unsigned char expected_tweak[tweak_length];
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ unsigned char result[data_length];
+ int rc = 0;
+ memset(encrypt, 0x00, data_length);
+ memset(decrypt, 0x00, data_length);
+ load_test_data(input_data, data_length, result, tweak, expected_tweak,
+ tweak_length, key, key_length, iteration);
+ memcpy(tmp_tweak, tweak, tweak_length);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, tweak length = %i,",
+ key_length, data_length, tweak_length);
+ }
+ rc = ica_aes_xts(input_data, encrypt, data_length,
+ key, key+(key_length/2), (key_length/2),
+ tmp_tweak, 1);
+ if (rc) {
+ printf("ica_aes_xts encrypt failed with rc = %i\n", rc);
+ dump_xts_data(tweak, tweak_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_xts_data(tweak, tweak_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (memcmp(result, encrypt, data_length)) {
+ printf("Encryption Result does not match the known ciphertext!\n");
+ printf("Expected data:\n");
+ dump_array(result, data_length);
+ printf("Encryption Result:\n");
+ dump_array(encrypt, data_length);
+ rc++;
+ }
+ if (memcmp(expected_tweak, tmp_tweak, tweak_length)) {
+ printf("Update of TWEAK does not match the expected TWEAK!\n");
+ printf("Expected TWEAK:\n");
+ dump_array(expected_tweak, tweak_length);
+ printf("Updated TWEAK:\n");
+ dump_array(tmp_tweak, tweak_length);
+ printf("Original TWEAK:\n");
+ dump_array(tweak, tweak_length);
+ rc++;
+ }
+ if (rc) {
+ printf("AES XTS test exited after encryption\n");
+ return rc;
+ }
+ memcpy(tmp_tweak, tweak, tweak_length);
+ rc = ica_aes_xts(encrypt, decrypt, data_length,
+ key, key+(key_length/2), (key_length/2),
+ tmp_tweak, 0);
+ if (rc) {
+ printf("ica_aes_xts decrypt failed with rc = %i\n", rc);
+ dump_xts_data(tweak, tweak_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_xts_data(tweak, tweak_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int load_random_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length)
+ int rc;
+ rc = ica_random_number_generate(data_length, data);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(iv_length, iv);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(key_length, key);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ return rc;
+int random_aes_xts(int iteration, int silent, unsigned int data_length)
+ int i;
+ int rc = 0;
+ unsigned int iv_length = sizeof(ica_aes_vector_t);
+ unsigned int key_length = AES_KEY_LEN128 * 2;
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+for (i = 1; i <= 2; i++) {
+ unsigned char key[key_length];
+ memset(encrypt, 0x00, data_length);
+ memset(decrypt, 0x00, data_length);
+ load_random_test_data(input_data, data_length, iv, iv_length, key,
+ key_length);
+ memcpy(tmp_iv, iv, iv_length);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i\n",
+ key_length, data_length, iv_length);
+ }
+ rc = ica_aes_xts(input_data, encrypt, data_length,
+ key, key+(key_length/2), (key_length/2),
+ tmp_iv, 1);
+ if (rc) {
+ printf("ica_aes_xts encrypt failed with rc = %i\n", rc);
+ dump_xts_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_xts_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (rc) {
+ printf("AES XTS test exited after encryption\n");
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_aes_xts(encrypt, decrypt, data_length,
+ key, key+(key_length/2), (key_length/2),
+ tmp_iv, 0);
+ if (rc) {
+ printf("ica_aes_xts decrypt failed with rc = %i\n", rc);
+ dump_xts_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_xts_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ return rc;
+ }
+ key_length = AES_KEY_LEN256 * 2;
+ return rc;
+int main(int argc, char **argv)
+ unsigned int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ int rc = 0;
+ int error_count = 0;
+ int iteration;
+ unsigned int data_length = sizeof(ica_aes_vector_t);
+ for(iteration = 1; iteration <= NR_TESTS; iteration++) {
+ rc = kat_aes_xts(iteration, silent);
+ if (rc) {
+ printf("kat_aes_xts failed with rc = %i\n", rc);
+ error_count++;
+ }
+ }
+ for(iteration = 1; iteration <= NR_RANDOM_TESTS; iteration++) {
+ int silent = 1;
+ rc = random_aes_xts(iteration, silent, data_length);
+ if (rc) {
+ printf("random_aes_xts failed with rc = %i\n", rc);
+ error_count++;
+ goto out;
+ }
+ data_length += sizeof(ica_aes_vector_t) / 2;
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All AES-XTS testcases finished successfully\n");
+ return rc;
diff --git a/src/tests/libica_cbccs_test.c b/src/tests/libica_cbccs_test.c
new file mode 100644
index 0000000..741ad31
--- /dev/null
+++ b/src/tests/libica_cbccs_test.c
@@ -0,0 +1,575 @@
+/* This program is released under the Common Public License V1.0
+* You should have received a copy of Common Public License V1.0 along with
+* with this program.
+/* (C) COPYRIGHT International Business Machines Corp. 2010 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <unistd.h>
+#include "ica_api.h"
+#include <stdlib.h>
+#include <openssl/aes.h>
+/* CBC_CS data */
+unsigned char NIST_KEY[] = {
+ 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
+unsigned int key_size[6] = { 24, 24, 24, 32, 32, 32 };
+unsigned char key[6][256] = {
+ {
+ 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69,
+ 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20
+ },{
+ 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69,
+ 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20
+ },{
+ 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69,
+ 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20
+ },{
+ 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69,
+ 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
+ },{
+ 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69,
+ 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
+ },{
+ 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69,
+ 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
+ }
+unsigned char key_512[] = {
+ 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69,
+ 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69,
+ 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+ 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
+unsigned char NIST_IV[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+unsigned int NIST_TEST_DATA_LENGTH[6] = { 17, 31, 32, 47, 48, 64 };
+unsigned char NIST_TEST_DATA[6][100] = {
+ { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65, 0x20
+ },{
+ 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
+ 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20
+ },{
+ 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
+ 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43
+ },{
+ 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
+ 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
+ 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
+ 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c
+ },{
+ 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
+ 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
+ 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
+ 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20
+ },{
+ 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+ 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c,
+ 0x20, 0x47, 0x61, 0x75, 0x27, 0x73, 0x20, 0x43,
+ 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x2c, 0x20,
+ 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2c, 0x20,
+ 0x61, 0x6e, 0x64, 0x20, 0x77, 0x6f, 0x6e, 0x74,
+ 0x6f, 0x6e, 0x20, 0x73, 0x6f, 0x75, 0x70, 0x2e
+ }
+unsigned char NIST_TEST_RESULT[6][100] = {
+ {
+ 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
+ 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f, 0x97
+ },{
+ 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
+ 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
+ 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
+ },{
+ 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
+ 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
+ },{
+ 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
+ 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
+ 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
+ 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
+ },{
+ 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
+ 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
+ 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
+ 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
+ },{
+ 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+ 0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
+ 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
+ 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
+ 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
+ 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
+ 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
+ }
+unsigned char NIST_NEXT_IV[6][16] = {
+ {
+ 0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
+ 0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f
+ },{
+ 0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
+ 0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22
+ },{
+ 0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
+ 0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
+ },{
+ 0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
+ 0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e
+ },{
+ 0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
+ 0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
+ },{
+ 0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
+ 0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40
+ }
+void dump_array(char *ptr, int size)
+ char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = (unsigned char *)ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if ((i == 16) & (h <(unsigned char *)ptr_end)) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+int compare_decrypt_result_with_expected_result(
+ unsigned char *, unsigned char *,
+ unsigned int, unsigned char *,
+ unsigned int, unsigned char *,
+ unsigned int, char *,
+ unsigned int);
+inline int compare_decrypt_result_with_expected_result(
+ unsigned char * decrypt_out,
+ unsigned char * expected_result,
+ unsigned int compare_length,
+ unsigned char * key,
+ unsigned int key_length,
+ unsigned char * iv,
+ unsigned int iv_size,
+ char * out_text,
+ unsigned int test_case_number)
+ if (memcmp(decrypt_out, expected_result, compare_length) != 0) {
+ printf("This does NOT match the original data.\n");
+ printf("Test case number %i for %s with CBC_CS mode failed\n",
+ test_case_number, out_text) ;
+ printf("\nkey \n");
+ dump_array((char *) key, key_length);
+ printf("\nOriginal data:\n");
+ dump_array((char *) expected_result, compare_length);
+ printf("\ntmp iv\n");
+ dump_array((char *) iv, iv_size);
+ printf("\nExpected Result:\n");
+ dump_array((char *) expected_result, compare_length);
+ printf("\nDecrypted data:\n");
+ dump_array((char *) decrypt_out, compare_length);
+ return 1;
+ }
+ return 0;
+int test_3des_new_api(unsigned int mode, unsigned int variant, int silent)
+ /* Test 3des */
+ unsigned int iv_size = sizeof(ica_des_vector_t);
+ unsigned char iv[iv_size];
+ unsigned char tmp_iv[iv_size];
+ unsigned char enc_text[100] ,dec_text[100] ;
+ unsigned int number_of_testcases = 6;
+ int rc = 0, i = 0;
+ for (i = 0; i < number_of_testcases ; i++) {
+ memcpy(tmp_iv, NIST_IV, iv_size);
+ rc = ica_3des_cbc_cs(NIST_TEST_DATA[i], enc_text,
+ tmp_iv, 1, variant);
+ if (rc) {
+ printf("key \n");
+ dump_array((char *) key[i], 8);
+ printf("\nOriginal data:\n");
+ dump_array((char *) NIST_TEST_DATA[i],
+ printf("\ntest iv\n");
+ dump_array((char *) tmp_iv, iv_size);
+ printf("\nica_3des_cbc_cs encrypt testcase %i failed with "
+ "errno %d (0x%x).\n", i, rc, rc);
+ return 1;
+ }
+ memcpy(tmp_iv, NIST_IV, iv_size);
+ memset(dec_text,0,NIST_TEST_DATA_LENGTH[i]);
+ rc = ica_3des_cbc_cs(enc_text, dec_text,
+ tmp_iv, 0, variant);
+ if (rc) {
+ printf("key \n");
+ dump_array((char *) key[i], 8);
+ printf("\nOriginal data:\n");
+ dump_array((char *) NIST_TEST_DATA[i],
+ printf("\noriginal iv\n");
+ dump_array((char *) &iv, iv_size);
+ printf("\ntmp iv\n");
+ dump_array((char *) tmp_iv, iv_size);
+ printf("\nEncrypted data:\n");
+ dump_array((char *) enc_text, NIST_TEST_DATA_LENGTH[i]);
+ printf("\nDecrypted data:\n");
+ dump_array((char *) dec_text, NIST_TEST_DATA_LENGTH[i]);
+ printf("\nica_3des_cbc_cs decrypt testcase %i failed with "
+ "errno %d (0x%x).\n", i, rc, rc);
+ return 1;
+ }
+ if (compare_decrypt_result_with_expected_result(dec_text,
+ key[i], 24, tmp_iv, iv_size,
+ (char *) "3DES", i))
+ return 1;
+ else {
+ if (!silent) {
+ printf("Test case number %i for 3DES with CBC_CS mode was "
+ "successful!\n", i);
+ }
+ }
+ }
+ return rc;
+int test_des_new_api(unsigned int mode, unsigned int variant, int silent)
+ /* Test des */
+ unsigned int iv_size = sizeof(ica_des_vector_t);
+ unsigned char iv[iv_size];
+ unsigned char tmp_iv[iv_size];
+ unsigned char enc_text[100] ,dec_text[100] ;
+ unsigned int number_of_testcases = 6;
+ int rc = 0, i = 0;
+ for (i = 0; i < number_of_testcases ; i++) {
+ memcpy(tmp_iv, NIST_IV, iv_size);
+ rc = ica_des_cbc_cs(NIST_TEST_DATA[i], enc_text,
+ tmp_iv, 1, variant);
+ if (rc) {
+ printf("key \n");
+ dump_array((char *) key[i], 8);
+ printf("\nOriginal data:\n");
+ dump_array((char *) NIST_TEST_DATA[i],
+ printf("\ntest iv\n");
+ dump_array((char *) tmp_iv, iv_size);
+ printf("\nica_des_cbc_cs encrypt testcase %i failed with "
+ "errno %d (0x%x).\n", i, rc, rc);
+ return 1;
+ }
+ memcpy(tmp_iv, NIST_IV, iv_size);
+ memset(dec_text,0,NIST_TEST_DATA_LENGTH[i]);
+ rc = ica_des_cbc_cs(enc_text, dec_text,
+ tmp_iv, 0, variant);
+ if (rc) {
+ printf("key \n");
+ dump_array((char *) key[i], 8);
+ printf("\nOriginal data:\n");
+ dump_array((char *) NIST_TEST_DATA[i],
+ printf("\noriginal iv\n");
+ dump_array((char *) &iv, iv_size);
+ printf("\ntmp iv\n");
+ dump_array((char *) tmp_iv, iv_size);
+ printf("\nEncrypted data:\n");
+ dump_array((char *) enc_text, NIST_TEST_DATA_LENGTH[i]);
+ printf("\nDecrypted data:\n");
+ dump_array((char *) dec_text, NIST_TEST_DATA_LENGTH[i]);
+ printf("\nica_des_cbc_cs decrypt testcase %i failed with "
+ "errno %d (0x%x).\n", i, rc, rc);
+ return 1;
+ }
+ if (compare_decrypt_result_with_expected_result(
+ dec_text, NIST_TEST_DATA[i],
+ (sizeof(key[i]) / 8), tmp_iv, iv_size,
+ (char *) "DES", i))
+ return 1;
+ else {
+ if (!silent) {
+ printf("Test case number %i for DES with CBC_CS mode was "
+ "successful!\n", i);
+ }
+ }
+ }
+ return rc;
+int test_aes_new_api(unsigned int mode, unsigned int variant, int silent)
+ /* Test with 192 & 256 byte keys */
+ unsigned int iv_size = sizeof(ica_aes_vector_t);
+ unsigned char iv[iv_size];
+ unsigned char tmp_iv[iv_size];
+ char text[2][8] = {
+ { 0x41, 0x45, 0x53, 0x2d, 0x31, 0x39, 0x32, 0x00 },
+ { 0x41, 0x45, 0x53, 0x2d, 0x32, 0x35, 0x36, 0x00 }};
+ unsigned char enc_text[100] ,dec_text[100] ;
+ unsigned int number_of_testcases = 6;
+ int rc = 0, i = 0;
+ for (i = 0; i < number_of_testcases ; i++) {
+ memcpy(tmp_iv, NIST_IV, iv_size);
+ rc = ica_aes_cbc_cs(NIST_TEST_DATA[i], enc_text,
+ key_size[i], tmp_iv, 1, variant);
+ if (rc) {
+ printf("key \n");
+ dump_array((char *) key[i], key_size[i]);
+ printf("\nOriginal data:\n");
+ dump_array((char *) NIST_TEST_DATA[i],
+ printf("\ntest iv\n");
+ dump_array((char *) tmp_iv, iv_size);
+ printf("\nica_aes_cbc_cs encrypt testcase %i failed with "
+ " errno %d (0x%x).\n", i, rc, rc);
+ return 1;
+ }
+ memcpy(tmp_iv, NIST_IV, iv_size);
+ memset(dec_text,0,NIST_TEST_DATA_LENGTH[i]);
+ rc = ica_aes_cbc_cs(enc_text, dec_text,
+ key_size[i], tmp_iv, 0, variant);
+ if (rc) {
+ printf("key \n");
+ dump_array((char *) key[i], key_size[i]);
+ printf("\nOriginal data:\n");
+ dump_array((char *) NIST_TEST_DATA[i],
+ printf("\noriginal iv\n");
+ dump_array((char *) &iv, iv_size);
+ printf("\ntmp iv\n");
+ dump_array((char *) tmp_iv, iv_size);
+ printf("\nEncrypted data:\n");
+ dump_array((char *) enc_text, NIST_TEST_DATA_LENGTH[i]);
+ printf("\nDecrypted data:\n");
+ dump_array((char *) dec_text, NIST_TEST_DATA_LENGTH[i]);
+ printf("\nica_aes_cbc_cs decrypt testcase %i failed with "
+ "errno %d (0x%x).\n", i, rc, rc);
+ return 1;
+ }
+ if (compare_decrypt_result_with_expected_result(dec_text,
+ key[i], key_size[i], tmp_iv, iv_size,
+ (i < 3) ? text[0] : text[1], i))
+ return 1;
+ else {
+ if (!silent) {
+ printf("Test case number %i for %s with CBC_CS mode was "
+ "successful!\n", i, (i < 3) ? text[0] : text[1]);
+ }
+ }
+ }
+ return rc;
+int test_aes128_new_api(unsigned int mode, int silent)
+ /* AES128 Known Answer Tests*/
+ unsigned int iv_size = sizeof(ica_aes_vector_t);
+ unsigned int key_size = AES_KEY_LEN128;
+ unsigned char iv[iv_size];
+ unsigned char tmp_iv[iv_size];
+ unsigned char key[key_size];
+ unsigned char enc_text[100] ,dec_text[100] ;
+ unsigned int number_of_testcases = 6;
+ int rc = 0, i = 0;
+ memcpy(key, NIST_KEY, sizeof(key));
+ for (i = 0; i < number_of_testcases ; i++) {
+ memcpy(tmp_iv, NIST_IV, iv_size);
+ rc = ica_aes_cbc_cs(NIST_TEST_DATA[i], enc_text,
+ sizeof(key), tmp_iv, 1, ICA_CBCCS_VARIANT3);
+ if (rc) {
+ printf("key \n");
+ dump_array((char *) key, sizeof(key));
+ printf("\nOriginal data:\n");
+ dump_array((char *) NIST_TEST_DATA[i],
+ printf("\ntest iv\n");
+ dump_array((char *) tmp_iv, iv_size);
+ printf("\nica_aes_cbc_cs encrypt testcase %i failed with "
+ "errno %d (0x%x).\n", i, rc, rc);
+ return 1;
+ }
+ if (compare_decrypt_result_with_expected_result(enc_text,
+ key, sizeof(key), tmp_iv, iv_size,
+ (char *) "AES-128", i))
+ return 1;
+ if (compare_decrypt_result_with_expected_result(tmp_iv,
+ NIST_NEXT_IV[i], iv_size,
+ key, sizeof(key), tmp_iv, iv_size,
+ (char *) "AES-128", i))
+ return 1;
+ memcpy(tmp_iv, NIST_IV, iv_size);
+ memset(dec_text,0,NIST_TEST_DATA_LENGTH[i]);
+ rc = ica_aes_cbc_cs(enc_text, dec_text,
+ NIST_TEST_DATA_LENGTH[i], key, sizeof(key),
+ tmp_iv, 0, ICA_CBCCS_VARIANT3);
+ if (rc) {
+ printf("key \n");
+ dump_array((char *) key, sizeof(key));
+ printf("\nOriginal data:\n");
+ dump_array((char *) NIST_TEST_DATA[i],
+ printf("\noriginal iv\n");
+ dump_array((char *) &iv, iv_size);
+ printf("\ntmp iv\n");
+ dump_array((char *) tmp_iv, iv_size);
+ printf("\nkey\n");
+ dump_array((char *) key, sizeof(key));
+ printf("\nEncrypted data:\n");
+ dump_array((char *) enc_text, NIST_TEST_DATA_LENGTH[i]);
+ printf("\nDecrypted data:\n");
+ dump_array((char *) dec_text, NIST_TEST_DATA_LENGTH[i]);
+ printf("\nica_aes_cbc_cs decrypt testcase %i failed"
+ "with errno %d (0x%x).\n", i, rc, rc);
+ return 1;
+ }
+ if (compare_decrypt_result_with_expected_result(dec_text,
+ key, sizeof(key), tmp_iv, iv_size,
+ (char *) "AES-128", i))
+ return 1;
+ else {
+ if (!silent) {
+ printf("Test case number %i for AES-128 with CBC_CS "
+ "mode was successful!\n", i);
+ }
+ }
+ }
+ return rc;
+int main(int argc, char **argv)
+ unsigned int mode;
+ unsigned int variant;
+ int rc, error_count;
+ unsigned int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ mode = MODE_CBCCS;
+ rc = 0;
+ error_count = 0;
+ /* known answer tests for AES128 */
+ rc = test_aes128_new_api(mode, silent);
+ if (rc) {
+ error_count++;
+ printf("test_aes128_new_api for CBC_CS mode with AES-128 "
+ "failed \n");
+ return rc;
+ }
+ for (variant = ICA_CBCCS_VARIANT1;
+ variant <= ICA_CBCCS_VARIANT3;
+ variant++) {
+ if (!silent) {
+ printf("\n--- Test cycle with CBCCS variant %d ---\n", variant);
+ }
+ /* AES 192 & 256 test */
+ rc = test_aes_new_api(mode, variant, silent);
+ if (rc) {
+ error_count++;
+ printf("test_aes_new_api for CBC_CS mode with AES (192|256) "
+ "failed \n");
+ return rc;
+ }
+ /* DES tests */
+ rc = test_des_new_api(mode, variant, silent);
+ if (rc) {
+ error_count++;
+ printf("test_des_new_api for CBC_CS mode with DES "
+ "failed \n");
+ return rc;
+ }
+ /* 3DES tests */
+ rc = test_3des_new_api(mode, variant, silent);
+ if (rc) {
+ error_count++;
+ printf("test_des_new_api for CBC_CS mode with 3DES "
+ "failed \n");
+ return rc;
+ }
+ }
+ printf("All CBC-CS mode tests finished successfully\n");
+ return rc;
diff --git a/src/tests/libica_ccm_test.c b/src/tests/libica_ccm_test.c
new file mode 100644
index 0000000..dc0b02c
--- /dev/null
+++ b/src/tests/libica_ccm_test.c
@@ -0,0 +1,225 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* (C) COPYRIGHT International Business Machines Corp. 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "ica_api.h"
+#define BYTE 8
+#define NUM_CCM_TESTS 4
+unsigned char input_data[1000000];
+unsigned char parameter_block[32];
+unsigned char *to = parameter_block;
+unsigned int key_length[4] = {16, 16, 16, 16};
+unsigned char key[4][16] = {
+{0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f },
+{0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f },
+{0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f },
+{0x40,0x41,0x42,0x43,0x44,0x45,0x46,0x47,0x48,0x49,0x4a,0x4b,0x4c,0x4d,0x4e,0x4f }};
+#define CASE3_ASSOC_LEN 256
+/* Number of bytes in string for case 3 */
+unsigned int assoc_data_length[4] = {8, 16, 20, 65536};
+unsigned char assoc_data[4][65536] = {
+{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 },
+{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f },
+{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
+ 0x10,0x11,0x12,0x13 }};
+unsigned int i = 0;
+unsigned char repeated_string[256] = {
+unsigned int payload_length[4] = {4, 16, 24, 32};
+unsigned char payload[4][32] = {
+{ 0x20,0x21,0x22,0x23 },
+{ 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f},
+{ 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f,
+ 0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37 },
+{ 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f ,
+ 0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3a,0x3b,0x3c,0x3d,0x3e,0x3f }};
+unsigned char payload_after_decrypt[4][32] = {
+{ 0x20,0x21,0x22,0x23 },
+{ 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f},
+{ 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f,
+ 0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37 },
+{ 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f ,
+ 0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x3a,0x3b,0x3c,0x3d,0x3e,0x3f }};
+unsigned int nonce_length[4] = {7,8,12,13};
+unsigned char nonce[4][13] = {
+{ 0x10,0x11,0x12,0x13,0x14,0x15,0x16},
+{ 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17},
+{ 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b},
+{ 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c}};
+unsigned int cbc_mac_length[4] = {4, 6, 8, 14};
+unsigned int cipher_text_length[4] = {8, 22, 32, 46};
+unsigned char cipher_text[4][46] = {
+{ 0x71,0x62,0x01,0x5b,0x4d,0xac,0x25,0x5d },
+{ 0xd2,0xa1,0xf0,0xe0,0x51,0xea,0x5f,0x62,0x08,0x1a,0x77,0x92,0x07,0x3d,0x59,0x3d,
+ 0x1f,0xc6,0x4f,0xbf,0xac,0xcd },
+{ 0xe3,0xb2,0x01,0xa9,0xf5,0xb7,0x1a,0x7a,0x9b,0x1c,0xea,0xec,0xcd,0x97,0xe7,0x0b,
+ 0x61,0x76,0xaa,0xd9,0xa4,0x42,0x8a,0xa5,0x48,0x43,0x92,0xfb,0xc1,0xb0,0x99,0x51},
+ 0x5a,0xe0,0xfd,0x1f,0xae,0xc4,0x4c,0xc4,0x84,0x82,0x85,0x29,0x46,0x3c,0xcf,0x72,
+ 0xb4,0xac,0x6b,0xec,0x93,0xe8,0x59,0x8e,0x7f,0x0d,0xad,0xbc,0xea,0x5b}
+static void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1, trunc = 0;
+ int maxsize = 2000;
+ puts("Dump:");
+ if (size > maxsize) {
+ trunc = size - maxsize;
+ size = maxsize;
+ }
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < ptr_end) {
+ printf("0x%02x ", *h);
+ h++;
+ if (i == 8) {
+ if (h != ptr_end)
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+ if (trunc > 0)
+ printf("... %d bytes not printed\n", trunc);
+int api_ccm_test(int silent)
+ unsigned char *out_data;
+ if (!silent) {
+ printf("Test of CCM api\n");
+ }
+ while ( i < 65536 ) { // init big assoc_data
+ memcpy(assoc_data[3] + i, repeated_string, 256);
+ i= i + 256;
+ }
+ int rc = 0;
+ for (i = 0; i < NUM_CCM_TESTS; i++) {
+ if (!silent) {
+ printf("\nOriginal data for test %d:\n", i);
+ }
+ if (!(out_data = malloc(cipher_text_length[i])))
+ return EINVAL;
+ memset(out_data, 0, cipher_text_length[i]);
+ rc = (ica_aes_ccm(payload[i], payload_length[i],
+ out_data,
+ cbc_mac_length[i],
+ assoc_data[i], assoc_data_length[i],
+ nonce[i], nonce_length[i],
+ key[i], key_length[i],
+ if (rc) {
+ printf("icaccm encrypt failed with errno %d (0x%x).\n",
+ rc, rc);
+ return rc;
+ }
+ if (!silent) {
+ printf("\nOutput Cipher text for test %d:\n", i);
+ dump_array(out_data, cipher_text_length[i]);
+ printf("\nExpected Cipher Text for test %d:\n", i);
+ dump_array(cipher_text[i], cipher_text_length[i]);
+ }
+ if (memcmp(cipher_text[i], out_data, cipher_text_length[i]) != 0) {
+ printf("This does NOT match the known result.\n");
+ return 1;
+ }
+ if (!silent) {
+ printf("Yep, that's how it should be encrypted.\n");
+ }
+ // start decrypt / verify
+ memset(payload[i], 0, payload_length[i]);
+ rc = (ica_aes_ccm(out_data, payload_length[i],
+ cipher_text[i], cbc_mac_length[i],
+ assoc_data[i], assoc_data_length[i],
+ nonce[i], nonce_length[i],
+ key[i], key_length[i],
+ if (rc) {
+ printf("icaccm decrypt failed with errno %d (0x%x).\n",
+ rc,rc);
+ return rc;
+ }
+ if (!silent) {
+ printf("\nOutput payload for test %d:\n", i);
+ dump_array(out_data, payload_length[i]);
+ printf("\nExpected payload for test %d:\n", i);
+ dump_array(payload_after_decrypt[i], payload_length[i]);
+ }
+ if (memcmp(out_data, payload_after_decrypt[i],
+ payload_length[i]) == 0 ) {
+ if (!silent) {
+ printf("Yep, payload matches to original.\n");
+ }
+ } else {
+ printf("This does NOT match the known result.\n");
+ return 1;
+ }
+ free(out_data);
+ }
+ return 0;
+int main(int argc, char **argv)
+ int rc = 0;
+ int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ rc = api_ccm_test(silent);
+ if (rc) {
+ printf("api_ccm_test failed with rc = %i\n", rc);
+ return rc;
+ }
+ printf("All AES-CCM mode tests finished successfully\n");
+ return 0;
diff --git a/src/tests/libica_cmac_test.c b/src/tests/libica_cmac_test.c
new file mode 100644
index 0000000..82ec5a7
--- /dev/null
+++ b/src/tests/libica_cmac_test.c
@@ -0,0 +1,349 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "ica_api.h"
+#define BYTE 8
+#define NUM_TESTS 12
+unsigned int key_length[12] = {16, 16, 16, 16, 24, 24, 24, 24, 32, 32, 32,
+ 32};
+unsigned char key[12][32] = {{
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15,
+ 0x88, 0x09, 0xcf, 0x4f, 0x3c},{
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15,
+ 0x88, 0x09, 0xcf, 0x4f, 0x3c},{
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15,
+ 0x88, 0x09, 0xcf, 0x4f, 0x3c},{
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15,
+ 0x88, 0x09, 0xcf, 0x4f, 0x3c},{
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, 0xc8, 0x10 ,0xf3,
+ 0x2b, 0x80, 0x90, 0x79, 0xe5, 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c,
+ 0x6b, 0x7b},{
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, 0xc8, 0x10 ,0xf3,
+ 0x2b, 0x80, 0x90, 0x79, 0xe5, 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c,
+ 0x6b, 0x7b},{
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, 0xc8, 0x10 ,0xf3,
+ 0x2b, 0x80, 0x90, 0x79, 0xe5, 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c,
+ 0x6b, 0x7b},{
+ 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, 0xc8, 0x10 ,0xf3,
+ 0x2b, 0x80, 0x90, 0x79, 0xe5, 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c,
+ 0x6b, 0x7b},{
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 0x2b, 0x73, 0xae,
+ 0xf0, 0x85, 0x7d, 0x77, 0x81, 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61,
+ 0x08, 0xd7, 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4},{
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 0x2b, 0x73, 0xae,
+ 0xf0, 0x85, 0x7d, 0x77, 0x81, 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61,
+ 0x08, 0xd7, 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4},{
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 0x2b, 0x73, 0xae,
+ 0xf0, 0x85, 0x7d, 0x77, 0x81, 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61,
+ 0x08, 0xd7, 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4},{
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 0x2b, 0x73, 0xae,
+ 0xf0, 0x85, 0x7d, 0x77, 0x81, 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61,
+ 0x08, 0xd7, 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4}
+unsigned char last_block[3][16] = {{
+ 0x7d, 0xf7, 0x6b, 0x0c, 0x1a, 0xb8, 0x99, 0xb3, 0x3e, 0x42, 0xf0,
+ 0x47, 0xb9, 0x1b, 0x54, 0x6f},{
+ 0x22, 0x45, 0x2d, 0x8e, 0x49, 0xa8, 0xa5, 0x93, 0x9f, 0x73, 0x21,
+ 0xce, 0xea, 0x6d, 0x51, 0x4b},{
+ 0xe5, 0x68, 0xf6, 0x81, 0x94, 0xcf, 0x76, 0xd6, 0x17, 0x4d, 0x4c,
+ 0xc0, 0x43, 0x10, 0xa8, 0x54}
+unsigned long mlen[12] = { 0, 16, 40, 64, 0,16, 40, 64, 0, 16, 40, 64};
+unsigned char message[12][512] = {{
+ 0x00},{
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e,
+ 0x11, 0x73, 0x93, 0x17, 0x2a},{
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e,
+ 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03,
+ 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf ,0x8e, 0x51, 0x30,
+ 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11},{
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e,
+ 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03,
+ 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 0x30,
+ 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19,
+ 0x1a, 0x0a, 0x52, 0xef, 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b,
+ 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10},{
+ 0x00},{
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e,
+ 0x11, 0x73, 0x93, 0x17, 0x2a},{
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e,
+ 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03,
+ 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf ,0x8e, 0x51, 0x30,
+ 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11},{
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e,
+ 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03,
+ 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 0x30,
+ 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19,
+ 0x1a, 0x0a, 0x52, 0xef, 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b,
+ 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10},{
+ 0x00},{
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e,
+ 0x11, 0x73, 0x93, 0x17, 0x2a},{
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e,
+ 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03,
+ 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf ,0x8e, 0x51, 0x30,
+ 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11},{
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e,
+ 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03,
+ 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 0x30,
+ 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19,
+ 0x1a, 0x0a, 0x52, 0xef, 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b,
+ 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10}
+unsigned char expected_cmac[12][16] = {{
+ 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, 0x7f, 0xa3, 0x7d,
+ 0x12, 0x9b, 0x75, 0x67, 0x46},{
+ 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, 0xf7, 0x9b, 0xdd,
+ 0x9d, 0xd0, 0x4a, 0x28, 0x7c},{
+ 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, 0x30, 0xca, 0x32,
+ 0x61, 0x14, 0x97, 0xc8, 0x27},{
+ 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, 0xfc, 0x49, 0x74,
+ 0x17, 0x79, 0x36, 0x3c, 0xfe},{
+ 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, 0x31, 0xca, 0xc4,
+ 0x83, 0xde, 0x7a, 0x93, 0x67},{
+ 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, 0x06, 0x62, 0xf6,
+ 0x5e, 0x61, 0x7c, 0x51, 0x84},{
+ 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad, 0x08, 0x9a, 0x82,
+ 0xe6, 0xee, 0x90, 0x8b, 0x0e},{
+ 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, 0x4d, 0x77, 0x58,
+ 0x96, 0x59, 0xf3, 0x9a, 0x11},{
+ 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, 0xfc, 0x6b, 0x55,
+ 0x1f, 0x46, 0x67, 0xd9, 0x83},{
+ 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82, 0xbd, 0x4b, 0xf2,
+ 0x8d, 0x8c, 0x37, 0xc3, 0x5c},{
+ 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2, 0x32, 0xf5, 0xb1,
+ 0x69, 0xb9, 0xc9, 0x11, 0xe6},{
+ 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5, 0x69, 0x6a, 0x2c,
+ 0x05, 0x6c, 0x31, 0x54, 0x10}
+unsigned int ica_aes_cmac_chaining(unsigned char *, unsigned long,
+ unsigned char *, unsigned int,
+ unsigned char *, unsigned int,
+ unsigned int);
+unsigned int i = 0;
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1, trunc = 0;
+ int maxsize = 2000;
+ puts("Dump:");
+ if (size > maxsize) {
+ trunc = size - maxsize;
+ size = maxsize;
+ }
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < ptr_end) {
+ printf("0x%02x ", *h);
+ h++;
+ if (i == 16) {
+ if (h != ptr_end)
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+ if (trunc > 0)
+ printf("... %d bytes not printed\n", trunc);
+unsigned char *cmac;
+unsigned int cmac_length = 16;
+int api_cmac_test(int silent)
+ if (!silent) {
+ printf("Test of CMAC api\n");
+ }
+ int rc = 0;
+ for (i = 0 ; i < NUM_TESTS; i++) {
+ if (!(cmac = malloc(cmac_length)))
+ return EINVAL;
+ memset(cmac, 0, cmac_length);
+ rc = (ica_aes_cmac(message[i], mlen[i],
+ cmac, cmac_length,
+ key[i], key_length[i],
+ if (rc) {
+ printf("ica_aes_cmac generate failed with errno %d (0x%x)."
+ "\n",rc,rc);
+ return rc;
+ }
+ if (memcmp(cmac, expected_cmac[i], cmac_length) != 0) {
+ printf("This does NOT match the known result. "
+ "Testcase %i failed\n",i);
+ printf("\nOutput MAC for test %d:\n", i);
+ dump_array((unsigned char *)cmac, cmac_length);
+ printf("\nExpected MAC for test %d:\n", i);
+ dump_array((unsigned char *)expected_cmac[i], 16);
+ free(cmac);
+ return 1;
+ }
+ if (!silent) {
+ printf("Expected MAC has been generated.\n");
+ }
+ rc = (ica_aes_cmac(message[i], mlen[i],
+ cmac, cmac_length,
+ key[i], key_length[i],
+ if (rc) {
+ printf("ica_aes_cmac verify failed with errno %d (0x%x).\n",
+ rc, rc);
+ free(cmac);
+ return rc;
+ }
+ free(cmac);
+ if (! rc) {
+ if (!silent) {
+ printf("MAC was successful verified. testcase %i "
+ "succeeded\n",i);
+ }
+ }
+ else {
+ printf("MAC verification failed for testcase %i "
+ "with RC=%i\n",i,rc);
+ return rc;
+ }
+ }
+ return 0;
+#define AES_BLOCK_SIZE 16
+inline unsigned int ica_aes_cmac_chaining(unsigned char *in,
+ unsigned long in_length,
+ unsigned char *cmac,
+ unsigned int cmac_length,
+ unsigned char *key,
+ unsigned int key_length,
+ unsigned int direction)
+ unsigned char *last_block = NULL;
+ unsigned long tmp_length;
+ unsigned char tmp_iv[AES_BLOCK_SIZE];
+ unsigned int rc;
+ memset(tmp_iv, 0x00, AES_BLOCK_SIZE);
+ for (last_block = in, tmp_length = in_length;
+ tmp_length > (AES_BLOCK_SIZE);
+ last_block += AES_BLOCK_SIZE, tmp_length -= AES_BLOCK_SIZE) {
+ rc = ica_aes_cmac_intermediate(last_block, AES_BLOCK_SIZE,
+ key, key_length,
+ tmp_iv);
+ if (rc)
+ return rc;
+ }
+ return ica_aes_cmac_last(last_block, tmp_length,
+ cmac, cmac_length,
+ key, key_length,
+ tmp_iv,
+ direction);
+int api_cmac_chaining_test(int silent)
+ if (!silent) {
+ printf("Test of CMAC chaining api\n");
+ }
+ int rc = 0;
+ for (i = 0 ; i < NUM_TESTS; i++) {
+ if (!(cmac = malloc(cmac_length)))
+ return EINVAL;
+ memset(cmac, 0, cmac_length);
+ rc = ica_aes_cmac_chaining(message[i], mlen[i],
+ cmac, cmac_length,
+ key[i], key_length[i],
+ if (rc) {
+ printf("ica_aes_cmac chaining generate failed with errno %d (0x%x)."
+ "\n",rc,rc);
+ return rc;
+ }
+ if (memcmp(cmac, expected_cmac[i], cmac_length) != 0) {
+ printf("This does NOT match the known result. "
+ "Testcase %i failed\n",i);
+ printf("\nOutput MAC for test %d:\n", i);
+ dump_array((unsigned char *)cmac, cmac_length);
+ printf("\nExpected MAC for test %d:\n", i);
+ dump_array((unsigned char *)expected_cmac[i], 16);
+ free(cmac);
+ return 1;
+ }
+ if (!silent) {
+ printf("Expected MAC has been generated.\n");
+ }
+ rc = ica_aes_cmac_chaining(message[i], mlen[i],
+ cmac, cmac_length,
+ key[i], key_length[i],
+ if (rc) {
+ printf("ica_aes_cmac verify failed with errno %d (0x%x).\n",
+ rc, rc);
+ free(cmac);
+ return rc;
+ }
+ free(cmac);
+ if (! rc ) {
+ if (!silent) {
+ printf("MAC was successful verified. testcase %i "
+ "succeeded\n",i);
+ }
+ }
+ else {
+ printf("MAC verification failed for testcase %i "
+ "with RC=%i\n",i,rc);
+ return rc;
+ }
+ }
+ return 0;
+int main(int argc, char **argv)
+ int rc = 0;
+ int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ rc = api_cmac_test(silent);
+ if (rc) {
+ printf("api_cmac_test failed with rc = %i\n", rc);
+ return rc;
+ }
+ rc = api_cmac_chaining_test(silent);
+ if (rc) {
+ printf("api_cmac_test failed with rc = %i\n", rc);
+ return rc;
+ }
+ printf("All CMAC tests finished successfully\n");
+ return 0;
diff --git a/src/tests/libica_des_cbc_test.c b/src/tests/libica_des_cbc_test.c
new file mode 100644
index 0000000..351a42f
--- /dev/null
+++ b/src/tests/libica_des_cbc_test.c
@@ -0,0 +1,335 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_TESTS 1
+#define NR_RANDOM_TESTS 10000
+/* CBC data - 1 for DES128 */
+unsigned char NIST_KEY_CBC_E1[] = {
+ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
+unsigned char NIST_IV_CBC_E1[] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_EXPECTED_IV_CBC_E1[] = {
+ 0x95, 0xf8, 0xa5, 0xe5, 0xdd, 0x31, 0xd9, 0x00,
+unsigned char NIST_TEST_DATA_CBC_E1[] = {
+ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+unsigned char NIST_TEST_RESULT_CBC_E1[] = {
+ 0x95, 0xf8, 0xa5, 0xe5, 0xdd, 0x31, 0xd9, 0x00,
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_cbc_data(unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data)
+ printf("IV \n");
+ dump_array(iv, iv_length);
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+void get_sizes(unsigned int *data_length, unsigned int *iv_length,
+ unsigned int *key_length, unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ *data_length = sizeof(NIST_TEST_DATA_CBC_E1);
+ *iv_length = sizeof(NIST_IV_CBC_E1);
+ *key_length = sizeof(NIST_KEY_CBC_E1);
+ break;
+ }
+void load_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *result,
+ unsigned char *iv, unsigned char *expected_iv,
+ unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned int iteration)
+ switch (iteration) {
+ case 1:
+ memcpy(data, NIST_TEST_DATA_CBC_E1, data_length);
+ memcpy(result, NIST_TEST_RESULT_CBC_E1, data_length);
+ memcpy(iv, NIST_IV_CBC_E1, iv_length);
+ memcpy(expected_iv, NIST_EXPECTED_IV_CBC_E1, iv_length);
+ memcpy(key, NIST_KEY_CBC_E1, key_length);
+ break;
+ }
+int kat_des_cbc(int iteration, int silent)
+ unsigned int data_length;
+ unsigned int iv_length;
+ unsigned int key_length;
+ get_sizes(&data_length, &iv_length, &key_length, iteration);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i\n",
+ key_length, data_length, iv_length);
+ }
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char expected_iv[iv_length];
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ unsigned char result[data_length];
+ int rc = 0;
+ load_test_data(input_data, data_length, result, iv, expected_iv,
+ iv_length, key, key_length, iteration);
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_des_cbc(input_data, encrypt, data_length, key, tmp_iv, 1);
+ if (rc) {
+ printf("ica_des_cbc encrypt failed with rc = %i\n", rc);
+ dump_cbc_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_cbc_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (memcmp(result, encrypt, data_length)) {
+ printf("Encryption Result does not match the known ciphertext!\n");
+ printf("Expected data:\n");
+ dump_array(result, data_length);
+ printf("Encryption Result:\n");
+ dump_array(encrypt, data_length);
+ rc++;
+ }
+ if (memcmp(expected_iv, tmp_iv, iv_length)) {
+ printf("Update of IV does not match the expected IV!\n");
+ printf("Expected IV:\n");
+ dump_array(expected_iv, iv_length);
+ printf("Updated IV:\n");
+ dump_array(tmp_iv, iv_length);
+ printf("Original IV:\n");
+ dump_array(iv, iv_length);
+ rc++;
+ }
+ if (rc) {
+ printf("DES CBC test exited after encryption\n");
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_des_cbc(encrypt, decrypt, data_length, key, tmp_iv, 0);
+ if (rc) {
+ printf("ica_des_cbc decrypt failed with rc = %i\n", rc);
+ dump_cbc_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_cbc_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int load_random_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length)
+ int rc;
+ rc = ica_random_number_generate(data_length, data);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(iv_length, iv);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(key_length, key);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ return rc;
+int random_des_cbc(int iteration, int silent, unsigned int data_length)
+ unsigned int iv_length = sizeof(ica_des_vector_t);
+ unsigned int key_length = sizeof(ica_des_key_single_t);
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ int rc = 0;
+ memset(encrypt, 0x00, data_length);
+ memset(decrypt, 0x00, data_length);
+ load_random_test_data(input_data, data_length, iv, iv_length, key,
+ key_length);
+ memcpy(tmp_iv, iv, iv_length);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i\n",
+ key_length, data_length, iv_length);
+ }
+ rc = ica_des_cbc(input_data, encrypt, data_length, key, tmp_iv, 1);
+ if (rc) {
+ printf("ica_des_cbc encrypt failed with rc = %i\n", rc);
+ dump_cbc_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_cbc_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (rc) {
+ printf("DES CBC test exited after encryption\n");
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_des_cbc(encrypt, decrypt, data_length, key, tmp_iv, 0);
+ if (rc) {
+ printf("ica_des_cbc decrypt failed with rc = %i\n", rc);
+ dump_cbc_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_cbc_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int main(int argc, char **argv)
+ // Default mode is 0. ECB,CBC and CFQ tests will be performed.
+ unsigned int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ int rc = 0;
+ int error_count = 0;
+ int iteration;
+ unsigned int data_length = sizeof(ica_des_vector_t);
+ for(iteration = 1; iteration <= NR_TESTS; iteration++) {
+ rc = kat_des_cbc(iteration, silent);
+ if (rc) {
+ printf("kat_des_cbc failed with rc = %i\n", rc);
+ error_count++;
+ }
+ }
+ for(iteration = 1; iteration <= NR_RANDOM_TESTS; iteration++) {
+ rc = random_des_cbc(iteration, silent, data_length);
+ if (rc) {
+ printf("random_des_cbc failed with rc = %i\n", rc);
+ error_count++;
+ goto out;
+ }
+ data_length += sizeof(ica_des_vector_t);
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All DES-CBC testcases finished successfully\n");
+ return rc;
diff --git a/src/tests/libica_des_cfb_test.c b/src/tests/libica_des_cfb_test.c
new file mode 100644
index 0000000..2087852
--- /dev/null
+++ b/src/tests/libica_des_cfb_test.c
@@ -0,0 +1,204 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_TESTS 12
+#define NR_RANDOM_TESTS 1000
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_cfb_data(unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data)
+ printf("IV \n");
+ dump_array(iv, iv_length);
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+int load_random_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length)
+ int rc;
+ rc = ica_random_number_generate(data_length, data);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(iv_length, iv);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(key_length, key);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ return rc;
+int random_des_cfb(int iteration, int silent, unsigned int data_length,
+ unsigned int lcfb)
+ unsigned int iv_length = sizeof(ica_des_vector_t);
+ unsigned int key_length = sizeof(ica_des_key_single_t);
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ int rc = 0;
+ memset(encrypt, 0x00, data_length);
+ memset(decrypt, 0x00, data_length);
+ load_random_test_data(input_data, data_length, iv, iv_length, key,
+ key_length);
+ memcpy(tmp_iv, iv, iv_length);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i,"
+ " lcfb = %i\n", key_length, data_length, iv_length, lcfb);
+ }
+ rc = ica_des_cfb(input_data, encrypt, data_length, key, tmp_iv,
+ lcfb, 1);
+ if (rc) {
+ printf("ica_des_cfb encrypt failed with rc = %i\n", rc);
+ dump_cfb_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_cfb_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (rc) {
+ printf("DES OFB test exited after encryption\n");
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_des_cfb(encrypt, decrypt, data_length, key, tmp_iv,
+ lcfb, 0);
+ if (rc) {
+ printf("ica_des_cfb decrypt failed with rc = %i\n", rc);
+ dump_cfb_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_cfb_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int main(int argc, char **argv)
+ int rc = 0;
+ int error_count = 0;
+ int iteration;
+ unsigned int silent = 0;
+ unsigned int rdata;
+ unsigned int data_length = 1;
+ unsigned int lcfb = 1;
+ unsigned int j;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ for(iteration = 1; iteration <= NR_RANDOM_TESTS; iteration++) {
+ for (j = 1; j <= 2; j++) {
+ if (!(data_length % lcfb)) {
+ rc = random_des_cfb(iteration, silent, data_length, lcfb);
+ if (rc) {
+ printf("random_des_cfb failed with rc = %i\n", rc);
+ error_count++;
+ }
+ }
+ switch (j) {
+ case 1:
+ lcfb = 1;
+ break;
+ case 2:
+ lcfb = 8;
+ break;
+ }
+ }
+ // add a value between 1 and 8 to data_length
+ if (ica_random_number_generate(sizeof(rdata), (unsigned char*) &rdata)) {
+ printf("ica_random_number_generate failed with errnor = %i\n",
+ errno);
+ exit(1);
+ }
+ data_length += (rdata % 8) + 1;
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All DES-CFB testcases finished successfully\n");
+ return rc;
diff --git a/src/tests/libica_des_ctr_test.c b/src/tests/libica_des_ctr_test.c
new file mode 100644
index 0000000..8180e7e
--- /dev/null
+++ b/src/tests/libica_des_ctr_test.c
@@ -0,0 +1,197 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_RANDOM_TESTS 1000
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_ctr_data(unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data)
+ printf("IV \n");
+ dump_array(iv, iv_length);
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+int random_des_ctr(int iteration, int silent, unsigned int data_length, unsigned int iv_length)
+ unsigned int key_length = sizeof(ica_des_key_single_t);
+ if (data_length % sizeof(ica_des_vector_t))
+ iv_length = sizeof(ica_des_vector_t);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i\n",
+ key_length, data_length, iv_length);
+ }
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ int rc = 0;
+ rc = ica_random_number_generate(data_length, input_data);
+ if (rc) {
+ printf("random number generate returned rc = %i, errno = %i\n", rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(iv_length, iv);
+ if (rc) {
+ printf("random number generate returned rc = %i, errno = %i\n", rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(key_length, key);
+ if (rc) {
+ printf("random number generate returned rc = %i, errno = %i\n", rc, errno);
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_des_ctr(input_data, encrypt, data_length, key, tmp_iv,
+ 32,1);
+ if (rc) {
+ printf("ica_des_ctr encrypt failed with rc = %i\n", rc);
+ dump_ctr_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_ctr_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_des_ctr(encrypt, decrypt, data_length, key, tmp_iv,
+ 32, 0);
+ if (rc) {
+ printf("ica_des_ctr decrypt failed with rc = %i\n", rc);
+ dump_ctr_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_ctr_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int main(int argc, char **argv)
+ int rc = 0;
+ int error_count = 0;
+ int i = 0;
+ unsigned int silent = 0;
+ unsigned int endless = 0;
+ unsigned int rdata;
+ unsigned int data_length = 1;
+ unsigned int iv_length = sizeof(ica_des_key_single_t);
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ if (strstr(argv[1], "endless"))
+ endless = 1;
+ }
+ if (endless) {
+ silent = 1;
+ while (1) {
+ printf("i = %i\n",i);
+ rc = random_des_ctr(i, silent, 320, 320);
+ if (rc) {
+ printf("kat_des_ctr failed with rc = %i\n", rc);
+ return rc;
+ }
+ i++;
+ }
+ } else {
+ silent = 1;
+ for (i = 1; i < NR_RANDOM_TESTS; i++) {
+ rc = random_des_ctr(i, silent, data_length, iv_length);
+ if (rc) {
+ printf("random_des_ctr failed with rc = %i\n", rc);
+ error_count++;
+ }
+ if (!(data_length % sizeof(ica_des_key_single_t))) {
+ /* Always when the full block size is reached use a
+ * counter with the same size as the data */
+ rc = random_des_ctr(i, silent, data_length, data_length);
+ if (rc) {
+ printf("random_des_ctr failed with rc = %i\n", rc);
+ error_count++;
+ }
+ }
+ // add a value between 1 and 8 to data_length
+ if (ica_random_number_generate(sizeof(rdata), (unsigned char*) &rdata)) {
+ printf("ica_random_number_generate failed with errnor = %i\n",
+ errno);
+ exit(1);
+ }
+ data_length += (rdata % 8) + 1;
+ }
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All DES-CTR testcases finished successfully\n");
+ return rc;
diff --git a/src/tests/libica_des_ecb_test.c b/src/tests/libica_des_ecb_test.c
new file mode 100644
index 0000000..6ca81b6
--- /dev/null
+++ b/src/tests/libica_des_ecb_test.c
@@ -0,0 +1,164 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_RANDOM_TESTS 10000
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_ecb_data(unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data)
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+int load_random_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *key, unsigned int key_length)
+ int rc;
+ rc = ica_random_number_generate(data_length, data);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(key_length, key);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ return rc;
+int random_des_ecb(int iteration, int silent, unsigned int data_length)
+ int rc = 0;
+ unsigned int key_length = sizeof(ica_des_key_triple_t);
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ unsigned char key[key_length];
+ memset(encrypt, 0x00, data_length);
+ memset(decrypt, 0x00, data_length);
+ load_random_test_data(input_data, data_length, key, key_length);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i\n", key_length, data_length);
+ }
+ rc = ica_des_ecb(input_data, encrypt, data_length, key, 1);
+ if (rc) {
+ printf("ica_des_ecb encrypt failed with rc = %i\n", rc);
+ dump_ecb_data(key, key_length, input_data, data_length,
+ encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_ecb_data(key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (rc) {
+ printf("3DES ECB test exited after encryption\n");
+ return rc;
+ }
+ rc = ica_des_ecb(encrypt, decrypt, data_length, key, 0);
+ if (rc) {
+ printf("ica_des_ecb decrypt failed with rc = %i\n", rc);
+ dump_ecb_data(key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_ecb_data(key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ return rc;
+ }
+ return rc;
+int main(int argc, char **argv)
+ // Default mode is 0. ECB,ECB and CFQ tests will be performed.
+ unsigned int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ int rc = 0;
+ int error_count = 0;
+ int iteration;
+ unsigned int data_length = sizeof(ica_des_vector_t);
+ for(iteration = 1; iteration <= NR_RANDOM_TESTS; iteration++) {
+ rc = random_des_ecb(iteration, silent, data_length);
+ if (rc) {
+ printf("random_des_ecb failed with rc = %i\n", rc);
+ error_count++;
+ goto out;
+ }
+ data_length += sizeof(ica_des_vector_t);
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All DES-ECB testcases finished successfully\n");
+ return rc;
diff --git a/src/tests/libica_des_ofb_test.c b/src/tests/libica_des_ofb_test.c
new file mode 100644
index 0000000..b63a53e
--- /dev/null
+++ b/src/tests/libica_des_ofb_test.c
@@ -0,0 +1,187 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+#define NR_RANDOM_TESTS 10000
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+void dump_ofb_data(unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length,
+ unsigned char *input_data, unsigned int data_length,
+ unsigned char *output_data)
+ printf("IV \n");
+ dump_array(iv, iv_length);
+ printf("Key \n");
+ dump_array(key, key_length);
+ printf("Input Data\n");
+ dump_array(input_data, data_length);
+ printf("Output Data\n");
+ dump_array(output_data, data_length);
+int load_random_test_data(unsigned char *data, unsigned int data_length,
+ unsigned char *iv, unsigned int iv_length,
+ unsigned char *key, unsigned int key_length)
+ int rc;
+ rc = ica_random_number_generate(data_length, data);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(iv_length, iv);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ rc = ica_random_number_generate(key_length, key);
+ if (rc) {
+ printf("ica_random_number_generate with rc = %i errnor = %i\n",
+ rc, errno);
+ return rc;
+ }
+ return rc;
+int random_des_ofb(int iteration, int silent, unsigned int data_length)
+ unsigned int iv_length = sizeof(ica_des_vector_t);
+ unsigned int key_length = sizeof(ica_des_key_single_t);
+ unsigned char iv[iv_length];
+ unsigned char tmp_iv[iv_length];
+ unsigned char key[key_length];
+ unsigned char input_data[data_length];
+ unsigned char encrypt[data_length];
+ unsigned char decrypt[data_length];
+ int rc = 0;
+ memset(encrypt, 0x00, data_length);
+ memset(decrypt, 0x00, data_length);
+ load_random_test_data(input_data, data_length, iv, iv_length, key,
+ key_length);
+ memcpy(tmp_iv, iv, iv_length);
+ if (!silent) {
+ printf("Test Parameters for iteration = %i\n", iteration);
+ printf("key length = %i, data length = %i, iv length = %i\n",
+ key_length, data_length, iv_length);
+ }
+ rc = ica_des_ofb(input_data, encrypt, data_length, key, tmp_iv, 1);
+ if (rc) {
+ printf("ica_des_ofb encrypt failed with rc = %i\n", rc);
+ dump_ofb_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (!silent && !rc) {
+ printf("Encrypt:\n");
+ dump_ofb_data(iv, iv_length, key, key_length, input_data,
+ data_length, encrypt);
+ }
+ if (rc) {
+ printf("DES OFB test exited after encryption\n");
+ return rc;
+ }
+ memcpy(tmp_iv, iv, iv_length);
+ rc = ica_des_ofb(encrypt, decrypt, data_length, key, tmp_iv, 0);
+ if (rc) {
+ printf("ica_des_ofb decrypt failed with rc = %i\n", rc);
+ dump_ofb_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ return rc;
+ }
+ if (!silent && !rc) {
+ printf("Decrypt:\n");
+ dump_ofb_data(iv, iv_length, key, key_length, encrypt,
+ data_length, decrypt);
+ }
+ if (memcmp(decrypt, input_data, data_length)) {
+ printf("Decryption Result does not match the original data!\n");
+ printf("Original data:\n");
+ dump_array(input_data, data_length);
+ printf("Decryption Result:\n");
+ dump_array(decrypt, data_length);
+ rc++;
+ }
+ return rc;
+int main(int argc, char **argv)
+ unsigned int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ int rc = 0;
+ int error_count = 0;
+ int iteration;
+ unsigned int rdata;
+ unsigned int data_length = 1;
+ for(iteration = 1; iteration <= NR_RANDOM_TESTS; iteration++) {
+ rc = random_des_ofb(iteration, silent, data_length);
+ if (rc) {
+ printf("random_des_ofb failed with rc = %i\n", rc);
+ error_count++;
+ goto out;
+ }
+ // add a value between 1 and 8 to data_length
+ if (ica_random_number_generate(sizeof(rdata), (unsigned char*) &rdata)) {
+ printf("ica_random_number_generate failed with errnor = %i\n",
+ errno);
+ exit(1);
+ }
+ data_length += (rdata % 8) + 1;
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All DES-OFB testcases finished successfully\n");
+ return rc;
diff --git a/src/tests/libica_des_test.c b/src/tests/libica_des_test.c
new file mode 100644
index 0000000..37734a1
--- /dev/null
+++ b/src/tests/libica_des_test.c
@@ -0,0 +1,159 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2001, 2009, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include "ica_api.h"
+const int cipher_buf_length = 8;
+unsigned char NIST_KEY1[] =
+ { 0x7c, 0xa1, 0x10, 0x45, 0x4a, 0x1a, 0x6e, 0x57 };
+unsigned char NIST_TEST_DATA[] =
+ { 0x01, 0xa1, 0xd6, 0xd0, 0x39, 0x77, 0x67, 0x42 };
+unsigned char NIST_TEST_RESULT[] =
+ { 0x69, 0x0f, 0x5b, 0x0d, 0x9a, 0x26, 0x93, 0x9b };
+int silent = 1;
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+int test_des_new_api(int mode)
+ ica_des_vector_t iv;
+ ica_des_key_single_t key;
+ int rc = 0;
+ unsigned char dec_text[sizeof NIST_TEST_DATA],
+ enc_text[sizeof NIST_TEST_DATA];
+ bzero(dec_text, sizeof dec_text);
+ bzero(enc_text, sizeof enc_text);
+ bzero(iv, sizeof iv);
+ bcopy(NIST_KEY1, key, sizeof NIST_KEY1);
+ rc = ica_des_encrypt(mode, sizeof NIST_TEST_DATA, NIST_TEST_DATA, &iv,
+ &key, enc_text);
+ if (rc) {
+ printf("\nOriginal data:\n");
+ dump_array(NIST_TEST_DATA, sizeof NIST_TEST_DATA);
+ printf("ica_des_encrypt failed with errno %d (0x%x).\n", rc, rc);
+ printf("\nEncrypted data:\n");
+ dump_array(enc_text, sizeof enc_text);
+ return rc;
+ }
+ if (memcmp(enc_text, NIST_TEST_RESULT, sizeof NIST_TEST_RESULT) != 0) {
+ printf("This does NOT match the known result.\n");
+ return -1;
+ } else {
+ printf("Yep, it's what it should be.\n");
+ }
+ bzero(iv, sizeof iv);
+ rc = ica_des_decrypt(mode, sizeof enc_text, enc_text, &iv, &key,
+ dec_text);
+ if (rc) {
+ printf("\nOriginal data:\n");
+ dump_array(NIST_TEST_DATA, sizeof NIST_TEST_DATA);
+ printf("ica_des_encrypt failed with errno %d (0x%x).\n", rc, rc);
+ printf("\nEncrypted data:\n");
+ dump_array(enc_text, sizeof enc_text);
+ printf("\nDecrypted data:\n");
+ dump_array(dec_text, sizeof dec_text);
+ printf("ica_des_decrypt failed with errno %d (0x%x).\n", rc, rc);
+ return rc;
+ }
+ if (memcmp(dec_text, NIST_TEST_DATA, sizeof NIST_TEST_DATA) != 0) {
+ printf("\nOriginal data:\n");
+ dump_array(NIST_TEST_DATA, sizeof NIST_TEST_DATA);
+ printf("ica_des_encrypt failed with errno %d (0x%x).\n", rc, rc);
+ printf("\nEncrypted data:\n");
+ dump_array(enc_text, sizeof enc_text);
+ printf("\nDecrypted data:\n");
+ dump_array(dec_text, sizeof dec_text);
+ printf("This does NOT match the original data.\n");
+ return -1;
+ } else {
+ printf("Successful!\n");
+ }
+ return 0;
+int main(int argc, char **argv)
+ // Default mode is 0. ECB and CBC tests will be performed.
+ unsigned int mode = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "ecb"))
+ mode = MODE_ECB;
+ if (strstr(argv[1], "cbc"))
+ mode = MODE_CBC;
+ printf("mode = %i \n", mode);
+ }
+ if (mode != 0 && mode != MODE_ECB && mode != MODE_CBC) {
+ printf("Usage: %s [ ecb | cbc ]\n", argv[0]);
+ return -1;
+ }
+ int rc = 0;
+ int error_count = 0;
+ if (!mode) {
+ /* This is the standard loop that will perform all testcases */
+ mode = 2;
+ while (mode) {
+ rc = test_des_new_api(mode);
+ if (rc) {
+ error_count++;
+ printf ("test_des_new_api mode = %i failed \n", mode);
+ }
+ else
+ printf ("test_des_new_api mode = %i finished successfully \n", mode);
+ mode--;
+ }
+ if (error_count)
+ printf("%i testcases failed\n", error_count);
+ else
+ printf("All testcases finished successfully\n");
+ } else {
+ /* Perform only either in ECB or CBC mode */
+ silent = 0;
+ rc = test_des_new_api(mode);
+ if (rc)
+ printf ("test_des_new_api mode = %i failed \n", mode);
+ else
+ printf ("test_des_new_api mode = %i finished successfully \n", mode);
+ }
+ return rc;
diff --git a/src/tests/libica_get_functionlist.c b/src/tests/libica_get_functionlist.c
new file mode 100644
index 0000000..7d080b9
--- /dev/null
+++ b/src/tests/libica_get_functionlist.c
@@ -0,0 +1,76 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2013 */
+ * Test program for libica API call ica_get_version().
+ *
+ * Test 1: invalid input.
+ * Test 2: Valid input.
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include "ica_api.h"
+#include <string.h>
+int main(int argc, char **argv)
+ libica_func_list_element* libica_func_list;
+ int rc, x;
+ int failed = 0;
+ unsigned int count;
+ unsigned int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ //========== Test#1 good case ============
+ if (!silent) {
+ printf("Testing libica API ica_get_functionlist().\n");
+ }
+ rc = ica_get_functionlist(NULL, &count);
+ if (rc) {
+ printf("ica_get_functionlist failed with rc=%02x\n", rc);
+ return -1;
+ }
+ if (!silent) {
+ printf("Retrieved number of elements: %d\n", count);
+ }
+ libica_func_list = malloc(sizeof(libica_func_list_element) * count);
+ rc = ica_get_functionlist(libica_func_list, &count);
+ if (rc) {
+ printf("Retrieving function list failed with rc=%02x\n", rc);
+ failed++;
+ }
+ else {
+ if (!silent) {
+ for (x=0; x<count; x++) {
+ printf("ID: %d Flags: %d Property: %d\n",
+ libica_func_list[x].mech_mode_id,
+ libica_func_list[x].flags, libica_func_list[x].property);
+ }
+ }
+ }
+ //========== Test#2 bad parameter ============
+ rc = ica_get_functionlist(NULL, NULL);
+ if (rc != EINVAL) {
+ printf("Operation failed: Expected: %d Actual: %d\n", EINVAL, rc);
+ failed++;
+ }
+ if (failed) {
+ printf("Testcases failed!\n");
+ return 1;
+ } else {
+ printf("All ica_get_functionlist tests completed sucessfully\n");
+ return 0;
+ }
diff --git a/src/tests/libica_get_version.c b/src/tests/libica_get_version.c
new file mode 100644
index 0000000..e49eee7
--- /dev/null
+++ b/src/tests/libica_get_version.c
@@ -0,0 +1,71 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+ * Test program for libica API call ica_get_version().
+ *
+ * Test 1: invalid input.
+ * Test 2: Valid input.
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include "ica_api.h"
+#include <string.h>
+int main(int argc, char **argv)
+ libica_version_info version_info;
+ int rc;
+ int failed = 0;
+ unsigned int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ if (!silent) {
+ printf("Testing libica API ica_get_version() w/ invalid input (NULL).\n");
+ }
+ rc = ica_get_version(NULL);
+ if (rc == EINVAL) {
+ if (!silent) {
+ printf("Test successful\n");
+ }
+ }
+ else {
+ printf("Test failed: rc=%x, expected: %x \n", rc, EINVAL);
+ failed++;
+ }
+ if (!silent) {
+ printf("Testing libica API ica_get_version_() w/ valid input.\n");
+ }
+ rc = ica_get_version(&version_info);
+ if (rc == 0) {
+ if (!silent) {
+ printf("Test successful\n");
+ printf("Major_version:%d, minor_version %d, fixpack_version %d\n",
+ version_info.major_version, version_info.minor_version,
+ version_info.fixpack_version);
+ }
+ }
+ else {
+ printf("Test failed rc=%d, expected: %d \n", rc, 0);
+ failed++;
+ }
+ if (failed) {
+ printf("Failed ica_get_version tests: %d\n", failed);
+ return 1;
+ } else {
+ printf("All ica_get_version tests completed sucessfully\n");
+ return 0;
+ }
diff --git a/src/tests/libica_keygen_test.c b/src/tests/libica_keygen_test.c
new file mode 100644
index 0000000..3355d50
--- /dev/null
+++ b/src/tests/libica_keygen_test.c
@@ -0,0 +1,295 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include "ica_api.h"
+#include <sys/time.h>
+#define ZERO_PADDING 8
+#define BITSTOBYTES(bits) (((bits)+7)/8)
+#define EXPO_TYPE_3 3
+#define EXPO_TYPE_65537 65537
+#define EXPO_TYPE_R 1
+/* print error report after function return */
+static void print_error_report(unsigned int rc_sv, int errno_sv,
+ const char *func_name);
+/* print bytes in hex */
+static void dump_array(const char *array, int size);
+extern int errno;
+int main(int argc, char **argv)
+ unsigned int rc = 0, rc_test = 0, expo_type = 0, key_bit_length = 0;
+ unsigned int silent = 0;
+ struct timeval start,end;
+ if(argc < 3){
+ printf( "usage: %s <key_bit_length> (57..4096) <exponent_type> "
+ "(3, 65537 or r [random])\n", argv[0]);
+ return EXIT_FAILURE;
+ }
+ if((0 == (key_bit_length=strtol(argv[1], &argv[1], 10))) ||
+ ('\0' != *argv[1]) ){
+ printf( "error - possible values for"
+ " <key_bit_length> are integers"
+ " greater than 0.\n");
+ return EXIT_FAILURE;
+ }
+ if(BITSTOBYTES(key_bit_length) < 8){
+ printf("error - <key_bit_length> must be at least 57.\n");
+ return EXIT_FAILURE;
+ }
+ if(0 == (strcmp(argv[2], "3")))
+ expo_type = EXPO_TYPE_3;
+ else if(0 == (strcmp(argv[2], "65537")))
+ expo_type = EXPO_TYPE_65537;
+ else if(0 == (strcmp(argv[2], "r")))
+ expo_type = EXPO_TYPE_R;
+ else {
+ printf( "error - possible values for <exponent_type>"
+ " are 3, 65537 or r (random)\n");
+ return EXIT_FAILURE;
+ }
+ if (argv[3]) {
+ if (strstr(argv[3], "silent"))
+ silent = 1;
+ }
+ unsigned char ciphertext[BITSTOBYTES(key_bit_length)],
+ decrypted[BITSTOBYTES(key_bit_length)],
+ plaintext[BITSTOBYTES(key_bit_length)];
+ memset(ciphertext, 0, (size_t) BITSTOBYTES(key_bit_length));
+ memset(decrypted, 0, (size_t) BITSTOBYTES(key_bit_length));
+ memset(plaintext, 0, (size_t) BITSTOBYTES(key_bit_length));
+ unsigned char modexpo_public_e[BITSTOBYTES(key_bit_length)];
+ memset(modexpo_public_e, 0, (size_t) BITSTOBYTES(key_bit_length));
+ unsigned char modexpo_public_n[BITSTOBYTES(key_bit_length)];
+ memset(modexpo_public_n, 0, (size_t) BITSTOBYTES(key_bit_length));
+ unsigned char crt_private_p[BITSTOBYTES(key_bit_length) / 2 + 1 + ZERO_PADDING];
+ memset(crt_private_p, 0, (size_t) (BITSTOBYTES(key_bit_length) / 2 + 1 + ZERO_PADDING));
+ unsigned char crt_private_q[BITSTOBYTES(key_bit_length) / 2 + 1];
+ memset(crt_private_q, 0, (size_t) (BITSTOBYTES(key_bit_length) / 2 + 1));
+ unsigned char crt_private_dp[BITSTOBYTES(key_bit_length) / 2 + 1 + ZERO_PADDING];
+ memset(crt_private_dp, 0, (size_t) (BITSTOBYTES(key_bit_length) / 2 + 1 + ZERO_PADDING));
+ unsigned char crt_private_dq[BITSTOBYTES(key_bit_length) / 2 + 1];
+ memset(crt_private_dq, 0, (size_t) (BITSTOBYTES(key_bit_length) / 2 + 1));
+ unsigned char crt_private_inv_q[BITSTOBYTES(key_bit_length) / 2 + 1 + ZERO_PADDING];
+ memset(crt_private_inv_q, 0, (size_t) (BITSTOBYTES(key_bit_length) / 2 + 1 + ZERO_PADDING));
+ ica_rsa_key_mod_expo_t modexpo_public_key = {
+ .modulus = modexpo_public_n, .exponent = modexpo_public_e,
+ .key_length = BITSTOBYTES(key_bit_length)};
+ ica_rsa_key_crt_t crt_private_key = {
+ .p = crt_private_p, .q = crt_private_q, .dp = crt_private_dp,
+ .dq = crt_private_dq, .qInverse = crt_private_inv_q,
+ .key_length = BITSTOBYTES(key_bit_length)};
+ ica_adapter_handle_t adapter_handle = 0;
+ if (!silent) {
+ printf("[TEST RSA CRT]\n");
+ printf("generate random plaintext\t...");
+ }
+ if((rc = ica_random_number_generate(BITSTOBYTES(key_bit_length) ,plaintext)) != 0){
+ ++rc_test;
+ print_error_report(rc, errno, "ica_random_number_generate");
+ }
+ /* make sure that plaintext < modulus */
+ plaintext[0] = 0;
+ if (!silent) {
+ printf("plaintext:\n");
+ dump_array((char *)plaintext, BITSTOBYTES(key_bit_length));
+ }
+ if((rc = ica_open_adapter(&adapter_handle)) != 0){
+ ++rc_test;
+ print_error_report(rc, errno, "ica_open_adapter");
+ }
+ switch(expo_type){
+ case EXPO_TYPE_3:
+ *(unsigned long*)((unsigned char *)modexpo_public_key.exponent +
+ modexpo_public_key.key_length -
+ sizeof(unsigned long)) = (unsigned long) EXPO_TYPE_3;
+ break;
+ case EXPO_TYPE_65537:
+ *(unsigned long*)((unsigned char *)modexpo_public_key.exponent +
+ modexpo_public_key.key_length -
+ sizeof(unsigned long)) = (unsigned long) EXPO_TYPE_65537;
+ break;
+ case EXPO_TYPE_R:
+ /* .exponent element is not set here.
+ * if .exponent element is not set, ica_rsa_generate_mod_expo
+ * will randomly generate it */
+ break;
+ default:
+ printf( "error - unknown <exponent_type>\n");
+ return EXIT_FAILURE;
+ }
+ if (!silent) {
+ printf("generate keys\t\t\t...\n");
+ }
+ gettimeofday(&start, NULL);
+ if((rc = ica_rsa_key_generate_crt(adapter_handle,
+ key_bit_length,
+ &modexpo_public_key,
+ &crt_private_key)) != 0){
+ ++rc_test;
+ print_error_report(rc, errno, "ica_rsa_key_generate_crt");
+ }
+ gettimeofday(&end, NULL);
+ if (!silent)
+ printf("RSA CRT Key_gen with key length %d took: %06lu µs.\n",
+ key_bit_length, (end.tv_sec*1000000+end.tv_usec)-
+ (start.tv_sec*1000000+start.tv_usec));
+ if (!silent) {
+ printf("public key (e,n):\ne =\n");
+ dump_array((char *) (char *)modexpo_public_key.exponent,
+ BITSTOBYTES(key_bit_length));
+ printf("n =\n");
+ dump_array((char *) (char *)modexpo_public_key.modulus,
+ BITSTOBYTES(key_bit_length));
+ printf("private key (p,q,dp,dq,q^-1):\np =\n");
+ dump_array((char *) (char *) crt_private_key.p,
+ BITSTOBYTES(key_bit_length) / 2 + 1 + ZERO_PADDING);
+ printf("q =\n");
+ dump_array((char *) (char *)crt_private_key.q,
+ BITSTOBYTES(key_bit_length) / 2 + 1);
+ printf("dp =\n");
+ dump_array((char *) (char *)crt_private_key.dp,
+ BITSTOBYTES(key_bit_length) / 2 + 1 +ZERO_PADDING);
+ printf("dq =\n");
+ dump_array((char *) (char *)crt_private_key.dq,
+ BITSTOBYTES(key_bit_length) / 2 + 1);
+ printf("q^-1 =\n");
+ dump_array((char *) (char *)crt_private_key.qInverse,
+ BITSTOBYTES(key_bit_length) / 2 + 1 + ZERO_PADDING);
+ }
+ if (!silent) {
+ printf("encrypt...\n");
+ }
+ if((rc = ica_rsa_mod_expo(adapter_handle, plaintext, &modexpo_public_key,
+ ciphertext)) != 0){
+ ++rc_test;
+ print_error_report(rc, errno, "ica_rsa_mod_expo");
+ }
+ if (!silent) {
+ printf("ciphertext:\n");
+ dump_array((char *) ciphertext, BITSTOBYTES(key_bit_length));
+ }
+ if (!silent) {
+ printf("decrypt...\n");
+ }
+ if((rc = ica_rsa_crt(adapter_handle, ciphertext, &crt_private_key,
+ decrypted)) != 0){
+ ++rc_test;
+ print_error_report(rc, errno, "ica_rsa_crt");
+ }
+ if (!silent) {
+ printf("result:\n");
+ dump_array((char *) decrypted, BITSTOBYTES(key_bit_length));
+ }
+ if((rc = ica_close_adapter(adapter_handle)) != 0){
+ ++rc_test;
+ print_error_report(rc, errno, "ica_close_adapter");
+ }
+ if (!silent) {
+ printf("compare ciphertext to plaintext...\n");
+ }
+ if(memcmp(plaintext,ciphertext,BITSTOBYTES(key_bit_length)) == 0) {
+ printf("\t\tFAILED\nerror - ciphertext equals plaintext.\n");
+ ++rc_test;
+ }
+ if (!silent) {
+ printf("compare result to plaintext...\n");
+ }
+ if(memcmp(plaintext,decrypted,BITSTOBYTES(key_bit_length)) != 0) {
+ printf("\t\tFAILED\nerror - decryption result doesn't match plaintext.\n");
+ ++rc_test;
+ }
+ if(0 == rc_test)
+ printf("All Keygen tests passed successfully\n");
+ else
+ printf("Keygen tests failed: %u errors\n",rc_test);
+ return rc_test;
+static void print_error_report(unsigned int rc_sv, int errno_sv,
+ const char *func_name)
+ printf( "\t\tFAILED\nerror - %s returned %u: ", func_name, rc_sv);
+ switch (rc_sv) {
+ case EFAULT:
+ printf( "the message authentication failed.\n");
+ break;
+ case EINVAL:
+ printf( "incorrect parameter.\n");
+ break;
+ case EIO:
+ printf( "I/O error.\n");
+ break;
+ case EPERM:
+ printf(
+ "operation not permitted by hardware (CPACF).\n");
+ break;
+ case ENODEV:
+ printf( "no such device.\n");
+ break;
+ case ENOMEM:
+ printf( "not enough memory.\n");
+ break;
+ default:
+ printf(
+ "unknown return code. this shouldn't happen.\n");
+ }
+ printf( "\terrno ");
+ if (0 == errno_sv)
+ printf("not set.\n");
+ else
+ printf("set to %d: %s.\n",
+ errno_sv, strerror(errno_sv));
+static void dump_array(const char *array, int size)
+ const char *ptr;
+ int i = 1;
+ ptr = array;
+ while (ptr < array+size) {
+ printf("0x%02x ",(unsigned char ) *ptr);
+ ++ptr;
+ if (8 == i) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ if((i > 1) && (i <= 8))
+ printf("\n");
diff --git a/src/tests/libica_rng_test.c b/src/tests/libica_rng_test.c
new file mode 100644
index 0000000..5c2a1b7
--- /dev/null
+++ b/src/tests/libica_rng_test.c
@@ -0,0 +1,73 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2010, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include "ica_api.h"
+#include <string.h>
+unsigned char R[512];
+extern int errno;
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+int main(int argc, char **argv)
+ int rc;
+ ICA_ADAPTER_HANDLE adapter_handle;
+ unsigned int silent = 0;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ rc = ica_open_adapter(&adapter_handle);
+ if (rc != 0) {
+ printf("ica_open_adapter failed and returned %d (0x%x).\n", rc, rc);
+ }
+ rc = ica_random_number_generate(sizeof R, R);
+ if (rc != 0) {
+ printf("ica_random_number_generate failed and returned %d (0x%x).\n", rc, rc);
+#ifdef __s390__
+ if (rc == ENODEV)
+ printf("The usual cause of this on zSeries is that the CPACF instruction is not available.\n");
+ return -1;
+ }
+ if (!silent) {
+ dump_array(R, sizeof R);
+ printf("\nWell, does it look random?\n\n");
+ }
+ ica_close_adapter(adapter_handle);
+ printf("All DES-OFB testcases finished successfully\n");
+ return 0;
diff --git a/src/tests/libica_rsa_key_check_test.c b/src/tests/libica_rsa_key_check_test.c
new file mode 100644
index 0000000..00e07f8
--- /dev/null
+++ b/src/tests/libica_rsa_key_check_test.c
@@ -0,0 +1,127 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2001, 2015 */
+#include <fcntl.h>
+#include <memory.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <strings.h>
+#include "ica_api.h"
+#include <sys/time.h>
+#include "libica_rsa_test.h"
+extern int errno;
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+int main(int argc, char **argv)
+ int i, rc;
+ unsigned int silent = 0;
+ struct timeval start,end;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ /* Iterate over keys (1024, 2048 and 4096 bit length */
+ /* privileged keys */
+ for (i = 0; i < 3; i++) {
+ if (!silent) {
+ printf("modulus size = %d\n", RSA_BYTE_LENGHT[i]);
+ }
+ ica_rsa_key_crt_t crt_key = {RSA_BYTE_LENGHT[i], p[i], q[i], dp[i],
+ dq[i], qinv[i]};
+ gettimeofday(&start, NULL);
+ rc = ica_rsa_crt_key_check(&crt_key);
+ if(rc)
+ printf("ica_rsa_crt_key_check failed!\n");
+ gettimeofday(&end, NULL);
+ if (!silent)
+ printf("RSA CRT Key check: key[%d], l=%d (keyset I): %06lu µs.\n",
+ i, RSA_BYTE_LENGHT[i], (end.tv_sec*1000000+end.tv_usec)-
+ (start.tv_sec*1000000+start.tv_usec));
+ }
+ /* unprivileged keys */
+ for (i = 3; i < 6; i++) {
+ if (!silent) {
+ printf("modulus size = %d\n", RSA_BYTE_LENGHT[i]);
+ }
+ ica_rsa_key_crt_t crt_key = {RSA_BYTE_LENGHT[i], p[i], q[i], dp[i],
+ dq[i], qinv[i]};
+ gettimeofday(&start, NULL);
+ rc = ica_rsa_crt_key_check(&crt_key);
+ if(!rc)
+ printf("ica_rsa_crt_key_check failed!\n");
+ gettimeofday(&end, NULL);
+ if (!silent)
+ printf("RSA CRT key check: key[%d], l=%d (keyset II): %06lu µs.\n",
+ i, RSA_BYTE_LENGHT[i], (end.tv_sec*1000000+end.tv_usec)-
+ (start.tv_sec*1000000+start.tv_usec));
+ if (!silent) {
+ printf("Result of recalculated key part (qInv)\n");
+ dump_array((unsigned char *)crt_key.qInverse, RSA_BYTE_LENGHT[i]/2);
+ printf("Result of expected key part (qInv)\n");
+ dump_array((unsigned char *)qinv[i-3], RSA_BYTE_LENGHT[i]/2);
+ }
+ if( memcmp(crt_key.qInverse, qinv[i-3], RSA_BYTE_LENGHT[i]/2) != 0) {
+ printf("Calculated 'qInv' do not match. Failure!\n");
+ return -1;
+ }
+ if( memcmp(crt_key.p, p[i-3], RSA_BYTE_LENGHT[i]/2 + 8) != 0) {
+ printf("Prime 'p' do not match. Failure!\n");
+ return -1;
+ }
+ if( memcmp(crt_key.q, q[i-3], RSA_BYTE_LENGHT[i]/2) != 0) {
+ printf("Prime 'q' do not match. Failure!\n");
+ return -1;
+ }
+ if( memcmp(crt_key.dp, dp[i-3], RSA_BYTE_LENGHT[i]/2 + 8) != 0) {
+ printf("Parameter 'dp' do not match. Failure!\n");
+ return -1;
+ }
+ if( memcmp(crt_key.dq, dq[i-3], RSA_BYTE_LENGHT[i]/2) != 0) {
+ printf("Parameter 'dq' do not match. Failure!\n");
+ return -1;
+ }
+ } // end loop
+ printf("All RSA KEY Check testcases finished successfully\n");
+ return 0;
diff --git a/src/tests/libica_rsa_test.c b/src/tests/libica_rsa_test.c
new file mode 100644
index 0000000..194182d
--- /dev/null
+++ b/src/tests/libica_rsa_test.c
@@ -0,0 +1,150 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2001, 2015 */
+#include <fcntl.h>
+#include <memory.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <strings.h>
+#include "ica_api.h"
+#include <sys/time.h>
+#include "libica_rsa_test.h"
+extern int errno;
+static int handle_ica_error(int rc, char *message)
+ printf("Error in %s: ", message);
+ switch (rc) {
+ case 0:
+ printf("OK\n");
+ break;
+ case EINVAL:
+ printf("Incorrect parameter.\n");
+ break;
+ case EPERM:
+ printf("Operation not permitted by Hardware.\n");
+ break;
+ case EIO:
+ printf("I/O error.\n");
+ break;
+ default:
+ perror("");
+ }
+ return rc;
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1;
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < (unsigned char *)ptr_end) {
+ printf("0x%02x ",(unsigned char ) *h);
+ h++;
+ if (i == 8) {
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+int main(int argc, char **argv)
+ ica_adapter_handle_t adapter_handle;
+ unsigned char* my_result;
+ unsigned char* my_result2;
+ int i, rc;
+ unsigned int silent = 0;
+ struct timeval start,end;
+ if (argc > 1) {
+ if (strstr(argv[1], "silent"))
+ silent = 1;
+ }
+ rc = ica_open_adapter(&adapter_handle);
+ if (rc != 0) {
+ printf("ica_open_adapter failed and returned %d (0x%x).\n", rc, rc);
+ }
+ /* Iterate over key sizes (1024, 2048 and 4096) */
+ for (i = 0; i < 6; i++) {
+ /* encrypt with public key (ME) */
+ if (!silent) {
+ printf("modulus size = %d\n", RSA_BYTE_LENGHT[i]);
+ }
+ my_result = malloc(RESULT_LENGTH);
+ bzero(my_result, RESULT_LENGTH);
+ my_result2 = malloc(RESULT_LENGTH);
+ bzero(my_result2, RESULT_LENGTH);
+ ica_rsa_key_mod_expo_t mod_expo_key = {RSA_BYTE_LENGHT[i], n[i], e[i]};
+ rc = ica_rsa_mod_expo(adapter_handle, input_data,
+ &mod_expo_key, my_result);
+ if (rc)
+ exit(handle_ica_error(rc, "ica_rsa_key_mod_expo"));
+ if (!silent) {
+ printf("\n\n\n\n\n result of encrypt with public key\n");
+ dump_array((unsigned char *)my_result, RSA_BYTE_LENGHT[i]);
+ printf("Ciphertext \n");
+ dump_array(ciphertext[i],RSA_BYTE_LENGHT[i]);
+ }
+ if (memcmp(my_result,ciphertext[i],RSA_BYTE_LENGHT[i])){
+ printf("Ciphertext mismatch\n");
+ return -1;
+ }
+ /* decrypt with private key (CRT) */
+ ica_rsa_key_crt_t crt_key = {RSA_BYTE_LENGHT[i], p[i], q[i], dp[i],
+ dq[i], qinv[i]};
+ gettimeofday(&start, NULL);
+ rc = ica_rsa_crt(adapter_handle, ciphertext[i], &crt_key, my_result2);
+ if(rc)
+ exit(handle_ica_error(rc, "ica_rsa_crt"));
+ gettimeofday(&end, NULL);
+ if (!silent) {
+ printf("RSA decrypt with key[%d] (l=%d) took %06lu µs.\n", i,
+ RSA_BYTE_LENGHT[i], (end.tv_sec*1000000+end.tv_usec)-
+ (start.tv_sec*1000000+start.tv_usec));
+ printf("Result of decrypt\n");
+ dump_array((unsigned char *)my_result2, sizeof(input_data));
+ printf("original data\n");
+ dump_array(input_data, sizeof(input_data));
+ }
+ if (memcmp(input_data,my_result2,sizeof(input_data)) != 0) {
+ printf("Results do not match. Failure!\n");
+ return -1;
+ }
+ } // end loop
+ rc = ica_open_adapter(&adapter_handle);
+ if (rc != 0) {
+ printf("ica_close_adapter failed and returned %d (0x%x).\n", rc, rc);
+ }
+ printf("All RSA testcases finished successfully\n");
+ return 0;
diff --git a/src/tests/libica_rsa_test.h b/src/tests/libica_rsa_test.h
new file mode 100644
index 0000000..f7e2d10
--- /dev/null
+++ b/src/tests/libica_rsa_test.h
@@ -0,0 +1,2175 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2001, 2015 */
+#define RESULT_LENGTH 4096
+int RSA_BYTE_LENGHT[] = {128, 256, 512, 128, 256, 512};
+unsigned char e[6][512] =
+ /* 1024,[p>q] */{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 2048,[p>q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 4096,[p>q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03},
+ /* 1024,[p<q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 2048,[p<q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 4096,[p<q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03}};
+unsigned char n[6][512] =
+ /* 1024,[p>q] */{{0xec, 0x51, 0xab, 0xa1, 0xf8, 0x40, 0x2c, 0x08,
+ 0x2e, 0x24, 0x52, 0x2e, 0x3c, 0x51, 0x6d, 0x98,
+ 0xad, 0xee, 0xc7, 0x7d, 0x00, 0xaf, 0xe1, 0xa8,
+ 0x61, 0xda, 0x32, 0x97, 0xb4, 0x32, 0x97, 0xe3,
+ 0x52, 0xda, 0x28, 0x45, 0x55, 0xc6, 0xb2, 0x46,
+ 0x65, 0x1b, 0x02, 0xcb, 0xbe, 0xf4, 0x2c, 0x6b,
+ 0x2a, 0x5f, 0xe1, 0xdf, 0xe9, 0xe3, 0xbc, 0x47,
+ 0xb7, 0x38, 0xb5, 0xa2, 0x78, 0x9d, 0x15, 0xe2,
+ 0x59, 0x81, 0x77, 0x6b, 0x6b, 0x2e, 0xa9, 0xdb,
+ 0x13, 0x26, 0x9c, 0xca, 0x5e, 0x0a, 0x1f, 0x3c,
+ 0x50, 0x9d, 0xd6, 0x79, 0x59, 0x99, 0x50, 0xe5,
+ 0x68, 0x1a, 0x98, 0xca, 0x11, 0xce, 0x37, 0x63,
+ 0x58, 0x22, 0x40, 0x19, 0x29, 0x72, 0x4c, 0x41,
+ 0x89, 0x0b, 0x56, 0x9e, 0x3e, 0xd5, 0x6d, 0x75,
+ 0x9e, 0x3f, 0x8a, 0x50, 0xf1, 0x0a, 0x59, 0x4a,
+ 0xc3, 0x59, 0x4b, 0xf6, 0xbb, 0xc9, 0xa5, 0x93,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 2048,[p>q] */ {0xdf, 0x27, 0x1f, 0xd2, 0x5f, 0x86, 0x44, 0x49,
+ 0x6b, 0x0c, 0x81, 0xbe, 0x4b, 0xd5, 0x02, 0x97,
+ 0xef, 0x09, 0x9b, 0x00, 0x2a, 0x6f, 0xd6, 0x77,
+ 0x27, 0xeb, 0x44, 0x9c, 0xea, 0x56, 0x6e, 0xd6,
+ 0xa3, 0x98, 0x1a, 0x71, 0x31, 0x2a, 0x14, 0x1c,
+ 0xab, 0xc9, 0x81, 0x5c, 0x12, 0x09, 0xe3, 0x20,
+ 0xa2, 0x5b, 0x32, 0x46, 0x4e, 0x99, 0x99, 0xf1,
+ 0x8c, 0xa1, 0x3a, 0x9f, 0xd3, 0x89, 0x25, 0x58,
+ 0xf9, 0xe0, 0xad, 0xef, 0xdd, 0x36, 0x50, 0xdd,
+ 0x23, 0xa3, 0xf0, 0x36, 0xd6, 0x0f, 0xe3, 0x98,
+ 0x84, 0x37, 0x06, 0xa4, 0x0b, 0x0b, 0x84, 0x62,
+ 0xc8, 0xbe, 0xe3, 0xbc, 0xe1, 0x2f, 0x1f, 0x28,
+ 0x60, 0xc2, 0x44, 0x4c, 0xdc, 0x6a, 0x44, 0x47,
+ 0x6a, 0x75, 0xff, 0x4a, 0xa2, 0x42, 0x73, 0xcc,
+ 0xbe, 0x3b, 0xf8, 0x02, 0x48, 0x46, 0x5f, 0x8f,
+ 0xf8, 0xc3, 0xa7, 0xf3, 0x36, 0x7d, 0xfc, 0x0d,
+ 0xf5, 0xb6, 0x50, 0x9a, 0x4f, 0x82, 0x81, 0x1c,
+ 0xed, 0xd8, 0x1c, 0xda, 0xaa, 0x73, 0xc4, 0x91,
+ 0xda, 0x41, 0x21, 0x70, 0xd5, 0x44, 0xd4, 0xba,
+ 0x96, 0xb9, 0x7f, 0x0a, 0xfc, 0x80, 0x65, 0x49,
+ 0x8d, 0x3a, 0x49, 0xfd, 0x91, 0x09, 0x92, 0xa1,
+ 0xf0, 0x72, 0x5b, 0xe2, 0x4f, 0x46, 0x5c, 0xfe,
+ 0x7e, 0x0e, 0xab, 0xf6, 0x78, 0x99, 0x6c, 0x50,
+ 0xbc, 0x5e, 0x75, 0x24, 0xab, 0xf7, 0x3f, 0x15,
+ 0xe5, 0xbe, 0xf7, 0xd5, 0x18, 0x39, 0x4e, 0x31,
+ 0x38, 0xce, 0x49, 0x44, 0x50, 0x6a, 0xaa, 0xaf,
+ 0x3f, 0x9b, 0x23, 0x6d, 0xca, 0xb8, 0xfc, 0x00,
+ 0xf8, 0x7a, 0xf5, 0x96, 0xfd, 0xc3, 0xd9, 0xd6,
+ 0xc7, 0x5c, 0xd5, 0x08, 0x36, 0x2f, 0xae, 0x2c,
+ 0xbe, 0xdd, 0xcc, 0x4c, 0x74, 0x50, 0xb1, 0x7b,
+ 0x77, 0x6c, 0x07, 0x9e, 0xcc, 0xa1, 0xf2, 0x56,
+ 0x35, 0x1a, 0x43, 0xb9, 0x7d, 0xbe, 0x21, 0x53,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 4096,[p>q] */ {0xce, 0xb2, 0x27, 0xcb, 0xd8, 0x0c, 0xc7, 0xfc,
+ 0x52, 0xf5, 0xec, 0xfd, 0xcb, 0x87, 0xa8, 0xaa,
+ 0xba, 0xf3, 0x3b, 0xfd, 0xc1, 0x9a, 0x76, 0x20,
+ 0x8f, 0xeb, 0x22, 0xd7, 0x0c, 0x6e, 0x37, 0x6c,
+ 0xec, 0xa2, 0x98, 0xa1, 0xc0, 0xa6, 0xe6, 0xb1,
+ 0xf7, 0xdc, 0x54, 0x7b, 0x91, 0xf0, 0x9f, 0x39,
+ 0xbc, 0x01, 0xc0, 0x25, 0x7a, 0xcf, 0x61, 0x13,
+ 0xa7, 0xb8, 0x12, 0xf8, 0x4a, 0x7a, 0x7e, 0xb8,
+ 0x3f, 0x2a, 0x40, 0xb5, 0x2a, 0x5b, 0x94, 0xfd,
+ 0x34, 0x19, 0x91, 0xe6, 0x5f, 0x23, 0xb4, 0x07,
+ 0x99, 0x79, 0xd0, 0xf6, 0x22, 0xc7, 0x90, 0x88,
+ 0xfd, 0xef, 0xdb, 0x4f, 0x8a, 0x00, 0xb5, 0x7d,
+ 0xba, 0xc9, 0x14, 0x06, 0xb8, 0xa8, 0x18, 0x8f,
+ 0x52, 0xa3, 0x89, 0x9e, 0xaf, 0xe5, 0x9f, 0x38,
+ 0xac, 0x21, 0x03, 0x0c, 0xa3, 0x76, 0xfb, 0xd3,
+ 0x09, 0x75, 0xc6, 0x36, 0x1d, 0x86, 0x1d, 0x18,
+ 0xbf, 0x5c, 0xe9, 0xdd, 0x21, 0x80, 0x6d, 0xa6,
+ 0xca, 0xf8, 0x7b, 0x91, 0xa0, 0xa8, 0x42, 0x42,
+ 0x0c, 0x91, 0x25, 0xf0, 0xed, 0x46, 0x08, 0xf0,
+ 0xa0, 0x2f, 0xf2, 0x8d, 0x73, 0x53, 0x27, 0x63,
+ 0xca, 0x83, 0xe3, 0x80, 0xc0, 0xf0, 0x8f, 0x9d,
+ 0x8e, 0x45, 0x82, 0xc5, 0xe9, 0x9f, 0x48, 0xf9,
+ 0xec, 0x61, 0xe9, 0x7b, 0x47, 0xfd, 0xeb, 0xe5,
+ 0x01, 0x1b, 0xc5, 0x89, 0xf1, 0xbc, 0x3a, 0xc4,
+ 0x29, 0xc8, 0x2d, 0xb1, 0x85, 0x9b, 0x92, 0x4a,
+ 0x5a, 0xcb, 0x85, 0xe2, 0x7b, 0x15, 0x6f, 0xc2,
+ 0x62, 0xb9, 0x8c, 0x52, 0xa4, 0x13, 0x75, 0x47,
+ 0xfd, 0x6b, 0x0f, 0x59, 0xff, 0x7c, 0xdc, 0xda,
+ 0x09, 0xb8, 0x55, 0x2d, 0x63, 0x52, 0x6e, 0xff,
+ 0xaf, 0x8d, 0xb7, 0x6b, 0x80, 0x6f, 0x04, 0xe4,
+ 0x78, 0x73, 0x93, 0x87, 0x5d, 0xda, 0xd2, 0xc9,
+ 0xe5, 0x6f, 0x0b, 0xee, 0x4e, 0x86, 0x4f, 0xf4,
+ 0xd2, 0x3c, 0xf5, 0x21, 0x84, 0x7c, 0x7d, 0xb0,
+ 0x10, 0xee, 0x98, 0x7d, 0x66, 0x32, 0x19, 0xdc,
+ 0xd7, 0xf0, 0x61, 0x1c, 0xfa, 0x31, 0x14, 0x3f,
+ 0x17, 0xe8, 0xe0, 0xa5, 0xae, 0xb0, 0x8e, 0xcb,
+ 0xa6, 0x73, 0xfa, 0x32, 0xa6, 0xd5, 0x33, 0x22,
+ 0xc0, 0x3e, 0x4e, 0xc6, 0x5e, 0x9f, 0x7f, 0xcf,
+ 0xa8, 0x0d, 0x26, 0xd7, 0xee, 0xfc, 0x97, 0xbb,
+ 0xe2, 0x9a, 0xe2, 0x94, 0x82, 0xc9, 0x89, 0xcf,
+ 0xb8, 0x5d, 0x60, 0x93, 0x10, 0xa1, 0x51, 0x43,
+ 0x89, 0xba, 0x76, 0x84, 0x72, 0x2d, 0x91, 0x49,
+ 0xac, 0xd8, 0xeb, 0xa8, 0xa0, 0x0b, 0xed, 0xef,
+ 0x04, 0x7e, 0x8e, 0x85, 0x88, 0xc3, 0x53, 0x84,
+ 0x2e, 0xea, 0x85, 0xd3, 0x8b, 0x5c, 0xe5, 0xba,
+ 0xab, 0x04, 0xe8, 0xbd, 0xf1, 0x6e, 0x77, 0xbf,
+ 0x40, 0xe8, 0x9c, 0x70, 0xc0, 0xe0, 0x0b, 0x95,
+ 0x0f, 0x40, 0xfb, 0xd8, 0x37, 0x44, 0xf7, 0xfe,
+ 0x38, 0x51, 0x9c, 0x92, 0xfb, 0xc4, 0x65, 0xb5,
+ 0xda, 0xd7, 0xc7, 0x1c, 0xad, 0xb2, 0xe2, 0x5f,
+ 0x22, 0x3e, 0xae, 0x74, 0xd6, 0x77, 0x32, 0xbe,
+ 0x77, 0x42, 0x3d, 0x85, 0x71, 0x3a, 0xa0, 0xfd,
+ 0x31, 0x6f, 0x4e, 0x0b, 0xd5, 0x04, 0x57, 0xb0,
+ 0xb2, 0x2a, 0x54, 0xfa, 0x8e, 0x29, 0x23, 0x8a,
+ 0x66, 0x59, 0x25, 0x1f, 0x0c, 0x68, 0x01, 0x0a,
+ 0x6e, 0xaf, 0x8e, 0xb8, 0xd3, 0xcd, 0x79, 0x9f,
+ 0xb6, 0x58, 0x16, 0x0b, 0x0a, 0x48, 0x16, 0xf1,
+ 0x1c, 0x09, 0x80, 0x38, 0xcb, 0xe9, 0x8e, 0xf3,
+ 0xb6, 0x5b, 0x4c, 0x56, 0x2d, 0x91, 0x52, 0x50,
+ 0x1f, 0xfb, 0x41, 0xd5, 0xb3, 0x6e, 0x94, 0x27,
+ 0x48, 0xd4, 0xfa, 0xaa, 0xac, 0x01, 0x27, 0x34,
+ 0x02, 0x5c, 0xfc, 0xa0, 0xa9, 0x78, 0xeb, 0x5c,
+ 0x09, 0xeb, 0x24, 0x9e, 0x38, 0x69, 0xea, 0xfd,
+ 0x3b, 0x56, 0xa8, 0x73, 0x1d, 0x5b, 0x59, 0x07},
+ /* 1024,[p<q] */ {0xec, 0x51, 0xab, 0xa1, 0xf8, 0x40, 0x2c, 0x08,
+ 0x2e, 0x24, 0x52, 0x2e, 0x3c, 0x51, 0x6d, 0x98,
+ 0xad, 0xee, 0xc7, 0x7d, 0x00, 0xaf, 0xe1, 0xa8,
+ 0x61, 0xda, 0x32, 0x97, 0xb4, 0x32, 0x97, 0xe3,
+ 0x52, 0xda, 0x28, 0x45, 0x55, 0xc6, 0xb2, 0x46,
+ 0x65, 0x1b, 0x02, 0xcb, 0xbe, 0xf4, 0x2c, 0x6b,
+ 0x2a, 0x5f, 0xe1, 0xdf, 0xe9, 0xe3, 0xbc, 0x47,
+ 0xb7, 0x38, 0xb5, 0xa2, 0x78, 0x9d, 0x15, 0xe2,
+ 0x59, 0x81, 0x77, 0x6b, 0x6b, 0x2e, 0xa9, 0xdb,
+ 0x13, 0x26, 0x9c, 0xca, 0x5e, 0x0a, 0x1f, 0x3c,
+ 0x50, 0x9d, 0xd6, 0x79, 0x59, 0x99, 0x50, 0xe5,
+ 0x68, 0x1a, 0x98, 0xca, 0x11, 0xce, 0x37, 0x63,
+ 0x58, 0x22, 0x40, 0x19, 0x29, 0x72, 0x4c, 0x41,
+ 0x89, 0x0b, 0x56, 0x9e, 0x3e, 0xd5, 0x6d, 0x75,
+ 0x9e, 0x3f, 0x8a, 0x50, 0xf1, 0x0a, 0x59, 0x4a,
+ 0xc3, 0x59, 0x4b, 0xf6, 0xbb, 0xc9, 0xa5, 0x93,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 2048,[p<q] */ {0xdf, 0x27, 0x1f, 0xd2, 0x5f, 0x86, 0x44, 0x49,
+ 0x6b, 0x0c, 0x81, 0xbe, 0x4b, 0xd5, 0x02, 0x97,
+ 0xef, 0x09, 0x9b, 0x00, 0x2a, 0x6f, 0xd6, 0x77,
+ 0x27, 0xeb, 0x44, 0x9c, 0xea, 0x56, 0x6e, 0xd6,
+ 0xa3, 0x98, 0x1a, 0x71, 0x31, 0x2a, 0x14, 0x1c,
+ 0xab, 0xc9, 0x81, 0x5c, 0x12, 0x09, 0xe3, 0x20,
+ 0xa2, 0x5b, 0x32, 0x46, 0x4e, 0x99, 0x99, 0xf1,
+ 0x8c, 0xa1, 0x3a, 0x9f, 0xd3, 0x89, 0x25, 0x58,
+ 0xf9, 0xe0, 0xad, 0xef, 0xdd, 0x36, 0x50, 0xdd,
+ 0x23, 0xa3, 0xf0, 0x36, 0xd6, 0x0f, 0xe3, 0x98,
+ 0x84, 0x37, 0x06, 0xa4, 0x0b, 0x0b, 0x84, 0x62,
+ 0xc8, 0xbe, 0xe3, 0xbc, 0xe1, 0x2f, 0x1f, 0x28,
+ 0x60, 0xc2, 0x44, 0x4c, 0xdc, 0x6a, 0x44, 0x47,
+ 0x6a, 0x75, 0xff, 0x4a, 0xa2, 0x42, 0x73, 0xcc,
+ 0xbe, 0x3b, 0xf8, 0x02, 0x48, 0x46, 0x5f, 0x8f,
+ 0xf8, 0xc3, 0xa7, 0xf3, 0x36, 0x7d, 0xfc, 0x0d,
+ 0xf5, 0xb6, 0x50, 0x9a, 0x4f, 0x82, 0x81, 0x1c,
+ 0xed, 0xd8, 0x1c, 0xda, 0xaa, 0x73, 0xc4, 0x91,
+ 0xda, 0x41, 0x21, 0x70, 0xd5, 0x44, 0xd4, 0xba,
+ 0x96, 0xb9, 0x7f, 0x0a, 0xfc, 0x80, 0x65, 0x49,
+ 0x8d, 0x3a, 0x49, 0xfd, 0x91, 0x09, 0x92, 0xa1,
+ 0xf0, 0x72, 0x5b, 0xe2, 0x4f, 0x46, 0x5c, 0xfe,
+ 0x7e, 0x0e, 0xab, 0xf6, 0x78, 0x99, 0x6c, 0x50,
+ 0xbc, 0x5e, 0x75, 0x24, 0xab, 0xf7, 0x3f, 0x15,
+ 0xe5, 0xbe, 0xf7, 0xd5, 0x18, 0x39, 0x4e, 0x31,
+ 0x38, 0xce, 0x49, 0x44, 0x50, 0x6a, 0xaa, 0xaf,
+ 0x3f, 0x9b, 0x23, 0x6d, 0xca, 0xb8, 0xfc, 0x00,
+ 0xf8, 0x7a, 0xf5, 0x96, 0xfd, 0xc3, 0xd9, 0xd6,
+ 0xc7, 0x5c, 0xd5, 0x08, 0x36, 0x2f, 0xae, 0x2c,
+ 0xbe, 0xdd, 0xcc, 0x4c, 0x74, 0x50, 0xb1, 0x7b,
+ 0x77, 0x6c, 0x07, 0x9e, 0xcc, 0xa1, 0xf2, 0x56,
+ 0x35, 0x1a, 0x43, 0xb9, 0x7d, 0xbe, 0x21, 0x53,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 4096,[p<q] */ {0xce, 0xb2, 0x27, 0xcb, 0xd8, 0x0c, 0xc7, 0xfc,
+ 0x52, 0xf5, 0xec, 0xfd, 0xcb, 0x87, 0xa8, 0xaa,
+ 0xba, 0xf3, 0x3b, 0xfd, 0xc1, 0x9a, 0x76, 0x20,
+ 0x8f, 0xeb, 0x22, 0xd7, 0x0c, 0x6e, 0x37, 0x6c,
+ 0xec, 0xa2, 0x98, 0xa1, 0xc0, 0xa6, 0xe6, 0xb1,
+ 0xf7, 0xdc, 0x54, 0x7b, 0x91, 0xf0, 0x9f, 0x39,
+ 0xbc, 0x01, 0xc0, 0x25, 0x7a, 0xcf, 0x61, 0x13,
+ 0xa7, 0xb8, 0x12, 0xf8, 0x4a, 0x7a, 0x7e, 0xb8,
+ 0x3f, 0x2a, 0x40, 0xb5, 0x2a, 0x5b, 0x94, 0xfd,
+ 0x34, 0x19, 0x91, 0xe6, 0x5f, 0x23, 0xb4, 0x07,
+ 0x99, 0x79, 0xd0, 0xf6, 0x22, 0xc7, 0x90, 0x88,
+ 0xfd, 0xef, 0xdb, 0x4f, 0x8a, 0x00, 0xb5, 0x7d,
+ 0xba, 0xc9, 0x14, 0x06, 0xb8, 0xa8, 0x18, 0x8f,
+ 0x52, 0xa3, 0x89, 0x9e, 0xaf, 0xe5, 0x9f, 0x38,
+ 0xac, 0x21, 0x03, 0x0c, 0xa3, 0x76, 0xfb, 0xd3,
+ 0x09, 0x75, 0xc6, 0x36, 0x1d, 0x86, 0x1d, 0x18,
+ 0xbf, 0x5c, 0xe9, 0xdd, 0x21, 0x80, 0x6d, 0xa6,
+ 0xca, 0xf8, 0x7b, 0x91, 0xa0, 0xa8, 0x42, 0x42,
+ 0x0c, 0x91, 0x25, 0xf0, 0xed, 0x46, 0x08, 0xf0,
+ 0xa0, 0x2f, 0xf2, 0x8d, 0x73, 0x53, 0x27, 0x63,
+ 0xca, 0x83, 0xe3, 0x80, 0xc0, 0xf0, 0x8f, 0x9d,
+ 0x8e, 0x45, 0x82, 0xc5, 0xe9, 0x9f, 0x48, 0xf9,
+ 0xec, 0x61, 0xe9, 0x7b, 0x47, 0xfd, 0xeb, 0xe5,
+ 0x01, 0x1b, 0xc5, 0x89, 0xf1, 0xbc, 0x3a, 0xc4,
+ 0x29, 0xc8, 0x2d, 0xb1, 0x85, 0x9b, 0x92, 0x4a,
+ 0x5a, 0xcb, 0x85, 0xe2, 0x7b, 0x15, 0x6f, 0xc2,
+ 0x62, 0xb9, 0x8c, 0x52, 0xa4, 0x13, 0x75, 0x47,
+ 0xfd, 0x6b, 0x0f, 0x59, 0xff, 0x7c, 0xdc, 0xda,
+ 0x09, 0xb8, 0x55, 0x2d, 0x63, 0x52, 0x6e, 0xff,
+ 0xaf, 0x8d, 0xb7, 0x6b, 0x80, 0x6f, 0x04, 0xe4,
+ 0x78, 0x73, 0x93, 0x87, 0x5d, 0xda, 0xd2, 0xc9,
+ 0xe5, 0x6f, 0x0b, 0xee, 0x4e, 0x86, 0x4f, 0xf4,
+ 0xd2, 0x3c, 0xf5, 0x21, 0x84, 0x7c, 0x7d, 0xb0,
+ 0x10, 0xee, 0x98, 0x7d, 0x66, 0x32, 0x19, 0xdc,
+ 0xd7, 0xf0, 0x61, 0x1c, 0xfa, 0x31, 0x14, 0x3f,
+ 0x17, 0xe8, 0xe0, 0xa5, 0xae, 0xb0, 0x8e, 0xcb,
+ 0xa6, 0x73, 0xfa, 0x32, 0xa6, 0xd5, 0x33, 0x22,
+ 0xc0, 0x3e, 0x4e, 0xc6, 0x5e, 0x9f, 0x7f, 0xcf,
+ 0xa8, 0x0d, 0x26, 0xd7, 0xee, 0xfc, 0x97, 0xbb,
+ 0xe2, 0x9a, 0xe2, 0x94, 0x82, 0xc9, 0x89, 0xcf,
+ 0xb8, 0x5d, 0x60, 0x93, 0x10, 0xa1, 0x51, 0x43,
+ 0x89, 0xba, 0x76, 0x84, 0x72, 0x2d, 0x91, 0x49,
+ 0xac, 0xd8, 0xeb, 0xa8, 0xa0, 0x0b, 0xed, 0xef,
+ 0x04, 0x7e, 0x8e, 0x85, 0x88, 0xc3, 0x53, 0x84,
+ 0x2e, 0xea, 0x85, 0xd3, 0x8b, 0x5c, 0xe5, 0xba,
+ 0xab, 0x04, 0xe8, 0xbd, 0xf1, 0x6e, 0x77, 0xbf,
+ 0x40, 0xe8, 0x9c, 0x70, 0xc0, 0xe0, 0x0b, 0x95,
+ 0x0f, 0x40, 0xfb, 0xd8, 0x37, 0x44, 0xf7, 0xfe,
+ 0x38, 0x51, 0x9c, 0x92, 0xfb, 0xc4, 0x65, 0xb5,
+ 0xda, 0xd7, 0xc7, 0x1c, 0xad, 0xb2, 0xe2, 0x5f,
+ 0x22, 0x3e, 0xae, 0x74, 0xd6, 0x77, 0x32, 0xbe,
+ 0x77, 0x42, 0x3d, 0x85, 0x71, 0x3a, 0xa0, 0xfd,
+ 0x31, 0x6f, 0x4e, 0x0b, 0xd5, 0x04, 0x57, 0xb0,
+ 0xb2, 0x2a, 0x54, 0xfa, 0x8e, 0x29, 0x23, 0x8a,
+ 0x66, 0x59, 0x25, 0x1f, 0x0c, 0x68, 0x01, 0x0a,
+ 0x6e, 0xaf, 0x8e, 0xb8, 0xd3, 0xcd, 0x79, 0x9f,
+ 0xb6, 0x58, 0x16, 0x0b, 0x0a, 0x48, 0x16, 0xf1,
+ 0x1c, 0x09, 0x80, 0x38, 0xcb, 0xe9, 0x8e, 0xf3,
+ 0xb6, 0x5b, 0x4c, 0x56, 0x2d, 0x91, 0x52, 0x50,
+ 0x1f, 0xfb, 0x41, 0xd5, 0xb3, 0x6e, 0x94, 0x27,
+ 0x48, 0xd4, 0xfa, 0xaa, 0xac, 0x01, 0x27, 0x34,
+ 0x02, 0x5c, 0xfc, 0xa0, 0xa9, 0x78, 0xeb, 0x5c,
+ 0x09, 0xeb, 0x24, 0x9e, 0x38, 0x69, 0xea, 0xfd,
+ 0x3b, 0x56, 0xa8, 0x73, 0x1d, 0x5b, 0x59, 0x07}};
+unsigned char dp[6][264] =
+ /* 1024,[p>q] */{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xa7, 0xcf, 0xa2, 0x18, 0x2c, 0xa9, 0xb4, 0xb9,
+ 0xf5, 0x9e, 0xc9, 0x04, 0x16, 0xd9, 0xa6, 0x8b,
+ 0x90, 0x4a, 0x19, 0x6d, 0x64, 0xb7, 0x17, 0x67,
+ 0x53, 0xfa, 0x4e, 0x8d, 0xde, 0xa6, 0x94, 0x32,
+ 0x5d, 0xcf, 0x58, 0x3e, 0x90, 0xbb, 0x30, 0x19,
+ 0x96, 0x38, 0x95, 0xb6, 0xca, 0x2f, 0xfa, 0x22,
+ 0x81, 0x65, 0x3b, 0x3c, 0x95, 0x9e, 0x79, 0x75,
+ 0xe4, 0x93, 0x50, 0xf1, 0x88, 0x6b, 0xc1, 0x87,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 2048,[p>q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xed, 0x10, 0x2a, 0xcd, 0xb2, 0x68, 0x71, 0x53,
+ 0x4d, 0x1c, 0x41, 0x4e, 0xca, 0xd9, 0xa4, 0xd7,
+ 0x32, 0xfe, 0x95, 0xb1, 0x0e, 0xea, 0x37, 0x0d,
+ 0xa6, 0x2f, 0x05, 0xde, 0x2c, 0x39, 0x3b, 0x1a,
+ 0x63, 0x33, 0x03, 0xea, 0x74, 0x1b, 0x6b, 0x32,
+ 0x69, 0xc9, 0x7f, 0x70, 0x4b, 0x35, 0x27, 0x02,
+ 0xc9, 0xae, 0x79, 0x92, 0x2f, 0x7b, 0xe8, 0xd1,
+ 0x0d, 0xb6, 0x7f, 0x02, 0x6a, 0x81, 0x45, 0xde,
+ 0x41, 0xb3, 0x0c, 0x0a, 0x42, 0xbf, 0x92, 0x3b,
+ 0xac, 0x5f, 0x75, 0x04, 0xc2, 0x48, 0x60, 0x4b,
+ 0x9f, 0xaa, 0x57, 0xed, 0x6b, 0x32, 0x46, 0xc6,
+ 0xba, 0x15, 0x8e, 0x36, 0xc6, 0x44, 0xf8, 0xb9,
+ 0x54, 0x8f, 0xcf, 0x4f, 0x07, 0xe0, 0x54, 0xa5,
+ 0x6f, 0x76, 0x86, 0x74, 0x05, 0x44, 0x40, 0xbc,
+ 0x0d, 0xcb, 0xbc, 0x9b, 0x52, 0x8f, 0x64, 0xa0,
+ 0x17, 0x06, 0xe0, 0x5b, 0x0b, 0x91, 0x10, 0x6f,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 4096,[p>q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x9c, 0x30, 0x60, 0xcf, 0xaa, 0xed, 0x64, 0xa0,
+ 0xe2, 0xa4, 0x24, 0x0d, 0x59, 0x5f, 0x1b, 0xda,
+ 0x92, 0x6e, 0xc1, 0xb6, 0x77, 0x25, 0x26, 0x93,
+ 0xbc, 0x00, 0xba, 0xc9, 0x1c, 0x22, 0xb4, 0x91,
+ 0x31, 0x92, 0xa9, 0x97, 0xf2, 0xac, 0x68, 0x92,
+ 0x60, 0xca, 0x56, 0xc4, 0xb7, 0xc2, 0x97, 0x7b,
+ 0x5a, 0x2c, 0x99, 0x73, 0xf1, 0x20, 0x7a, 0xe4,
+ 0xa3, 0xe5, 0x9a, 0x45, 0x5f, 0xd7, 0x65, 0x62,
+ 0xbf, 0x85, 0xa1, 0x48, 0xbb, 0x6a, 0xfd, 0xd8,
+ 0x7a, 0xa5, 0x5f, 0x7b, 0xcf, 0xf7, 0x30, 0x2e,
+ 0x52, 0x61, 0x13, 0x81, 0x63, 0x73, 0x85, 0xcb,
+ 0x60, 0xdb, 0x57, 0xb2, 0xfc, 0x55, 0x6a, 0xee,
+ 0x97, 0xf4, 0x0c, 0x76, 0xd7, 0x57, 0xe1, 0x95,
+ 0xd4, 0x02, 0xc7, 0x3f, 0x8c, 0x5f, 0xe3, 0x83,
+ 0x78, 0x58, 0x5e, 0x34, 0x59, 0xfa, 0x64, 0xc8,
+ 0x26, 0x3e, 0xf3, 0x5e, 0x06, 0x96, 0xd0, 0x63,
+ 0xaa, 0x6b, 0xf0, 0x3f, 0x3c, 0x7b, 0xd9, 0x98,
+ 0x0c, 0x97, 0x49, 0xe4, 0x10, 0x5a, 0x6d, 0x57,
+ 0x46, 0x61, 0xd1, 0x78, 0x35, 0x06, 0xf0, 0x5a,
+ 0x68, 0xe1, 0xdd, 0xac, 0x3a, 0x95, 0xfb, 0x4f,
+ 0xd9, 0x46, 0x6b, 0x98, 0x55, 0x6e, 0x4b, 0x39,
+ 0x9f, 0xbb, 0x05, 0x49, 0xbf, 0x53, 0x93, 0xd4,
+ 0x39, 0xcd, 0xed, 0xa2, 0xe9, 0x02, 0x81, 0xd3,
+ 0x69, 0x08, 0x02, 0x7c, 0xa8, 0xc1, 0xd5, 0xa1,
+ 0x58, 0xe3, 0x81, 0xea, 0x8b, 0xd2, 0x23, 0x4c,
+ 0x1c, 0x99, 0x4d, 0x81, 0x8d, 0x82, 0x1e, 0x85,
+ 0xf7, 0xa9, 0xf8, 0xe6, 0x53, 0x8e, 0x85, 0xcb,
+ 0x79, 0xbb, 0x89, 0x49, 0xce, 0x3c, 0x18, 0x5d,
+ 0xa4, 0x3c, 0x8c, 0x13, 0x7c, 0xe2, 0xc6, 0x97,
+ 0xf0, 0xbe, 0xfa, 0xb6, 0x87, 0xbe, 0xc0, 0xed,
+ 0x70, 0x39, 0x8e, 0x0b, 0x23, 0xb9, 0x51, 0x83,
+ 0x38, 0xc8, 0x37, 0x3e, 0x38, 0x7a, 0x82, 0xfb},
+ /* 1024,[p<q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xa0, 0x3a, 0x18, 0xa4, 0x1c, 0x3c, 0x49, 0x09,
+ 0xd0, 0x84, 0x4a, 0x8c, 0x7c, 0xce, 0xdf, 0x9e,
+ 0x90, 0x7d, 0xc4, 0xca, 0x7e, 0x2d, 0x3d, 0xbc,
+ 0x09, 0x71, 0x79, 0xd0, 0xc0, 0xae, 0xa6, 0xc1,
+ 0x9d, 0xf0, 0x16, 0xf0, 0x1f, 0x68, 0x9a, 0xc5,
+ 0x2b, 0xf3, 0x5a, 0xfc, 0x2c, 0xf5, 0xa7, 0xec,
+ 0xd9, 0xa2, 0xac, 0x49, 0xcc, 0x76, 0x9c, 0xd8,
+ 0x4c, 0x59, 0x5e, 0x38, 0xd2, 0x85, 0xd3, 0x3b,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 2048,[p<q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x68, 0x27, 0x92, 0x4a, 0x85, 0xe8, 0x8b, 0x55,
+ 0xba, 0x00, 0xf8, 0x21, 0x91, 0x28, 0xbd, 0x37,
+ 0x24, 0xc6, 0xb7, 0xd1, 0xdf, 0xe5, 0x62, 0x9e,
+ 0xf1, 0x97, 0x92, 0x5f, 0xec, 0xaf, 0xf5, 0xed,
+ 0xb9, 0xcd, 0xf3, 0xa7, 0xbe, 0xfd, 0x8e, 0xa2,
+ 0xe8, 0xdd, 0x37, 0x07, 0x13, 0x8b, 0x3f, 0xf8,
+ 0x7c, 0x3c, 0x39, 0xc5, 0x7f, 0x43, 0x9e, 0x56,
+ 0x2e, 0x2a, 0xa8, 0x05, 0xa3, 0x9d, 0x7c, 0xd7,
+ 0x99, 0x66, 0xd2, 0xec, 0xe7, 0x84, 0x5f, 0x1d,
+ 0xbc, 0x16, 0xbe, 0xe9, 0x99, 0x99, 0xe4, 0xd0,
+ 0xbf, 0x9e, 0xec, 0xa4, 0x5f, 0xcd, 0xa8, 0xa8,
+ 0x50, 0x00, 0x35, 0xfe, 0x6b, 0x5f, 0x03, 0xbc,
+ 0x2f, 0x6d, 0x1b, 0xfc, 0x4d, 0x4d, 0x0a, 0x37,
+ 0x23, 0x96, 0x1a, 0xf0, 0xcd, 0xce, 0x4a, 0x01,
+ 0xee, 0xc8, 0x2d, 0x7f, 0x54, 0x58, 0xec, 0x19,
+ 0xe7, 0x1b, 0x90, 0xee, 0xef, 0x7d, 0xff, 0x61,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 4096,[p<q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x96, 0x91, 0xf7, 0x52, 0x11, 0xdc, 0x4a, 0x26,
+ 0xf8, 0x51, 0xa6, 0x1a, 0x75, 0xd1, 0xbe, 0x32,
+ 0xe9, 0x34, 0x39, 0x1f, 0xb3, 0x05, 0x58, 0x35,
+ 0xaa, 0x51, 0xf6, 0x53, 0x1e, 0xa5, 0x5f, 0x38,
+ 0x02, 0xa8, 0xdb, 0xa5, 0x58, 0xfc, 0x95, 0x21,
+ 0xa3, 0x6a, 0x1c, 0x4e, 0xd5, 0x64, 0x1a, 0x94,
+ 0xeb, 0xfb, 0xca, 0x56, 0x6e, 0xfc, 0xd7, 0xb1,
+ 0x82, 0x95, 0x8a, 0x8c, 0x17, 0xbd, 0x24, 0xd9,
+ 0xfd, 0xc9, 0x22, 0x3d, 0x52, 0x90, 0x44, 0xf6,
+ 0xfc, 0xb5, 0x63, 0xca, 0xc9, 0x6f, 0x9b, 0xbd,
+ 0x1d, 0x98, 0xe7, 0xe2, 0x5c, 0x5c, 0x89, 0x2f,
+ 0xdd, 0x54, 0x18, 0x78, 0xdb, 0x12, 0xf5, 0xef,
+ 0xfe, 0x4e, 0x1b, 0x9e, 0xaa, 0x3e, 0x77, 0x36,
+ 0x8e, 0xa9, 0x46, 0xb3, 0xa2, 0x45, 0x3c, 0xa4,
+ 0xb3, 0xc4, 0xf1, 0x82, 0xcc, 0x49, 0x6b, 0xaa,
+ 0xf6, 0x41, 0x1d, 0xa0, 0x12, 0x29, 0xfc, 0xcc,
+ 0xbf, 0xf4, 0xd3, 0x90, 0xe5, 0x3e, 0x77, 0x86,
+ 0x35, 0xe6, 0x76, 0xcd, 0x0c, 0xaa, 0x8c, 0xae,
+ 0xe1, 0x07, 0x7a, 0xd3, 0xd4, 0x5c, 0xa4, 0x46,
+ 0xa0, 0x46, 0xb9, 0x04, 0x08, 0x5d, 0xce, 0xc7,
+ 0x78, 0x04, 0x48, 0xde, 0x46, 0xfc, 0x6f, 0xa0,
+ 0xcf, 0x2c, 0x91, 0x87, 0xed, 0xb8, 0x51, 0xd7,
+ 0xb8, 0x0d, 0x88, 0xa3, 0xf2, 0x92, 0xdf, 0x6c,
+ 0x0e, 0x54, 0x84, 0xc0, 0x39, 0xf4, 0xf0, 0xa3,
+ 0x94, 0x42, 0xdd, 0xcb, 0x4d, 0xef, 0x74, 0x37,
+ 0x33, 0xc8, 0x96, 0x01, 0xa3, 0xda, 0x12, 0xdf,
+ 0x33, 0xf5, 0x58, 0x80, 0xc2, 0xdc, 0x8b, 0xcb,
+ 0x40, 0x7d, 0x78, 0xbb, 0x3e, 0x40, 0xa3, 0xbe,
+ 0xd2, 0x94, 0x34, 0xa0, 0x47, 0xd3, 0x3c, 0x62,
+ 0x65, 0x92, 0x5c, 0xdd, 0x3c, 0xa8, 0x4f, 0xc6,
+ 0x05, 0xa7, 0x26, 0x91, 0xd6, 0xf7, 0x8b, 0x41,
+ 0xf3, 0x52, 0x08, 0x3d, 0x95, 0x6e, 0x70, 0xff}};
+unsigned char dq[6][256] =
+ /* 1024,[p>q] */{{0xa0, 0x3a, 0x18, 0xa4, 0x1c, 0x3c, 0x49, 0x09,
+ 0xd0, 0x84, 0x4a, 0x8c, 0x7c, 0xce, 0xdf, 0x9e,
+ 0x90, 0x7d, 0xc4, 0xca, 0x7e, 0x2d, 0x3d, 0xbc,
+ 0x09, 0x71, 0x79, 0xd0, 0xc0, 0xae, 0xa6, 0xc1,
+ 0x9d, 0xf0, 0x16, 0xf0, 0x1f, 0x68, 0x9a, 0xc5,
+ 0x2b, 0xf3, 0x5a, 0xfc, 0x2c, 0xf5, 0xa7, 0xec,
+ 0xd9, 0xa2, 0xac, 0x49, 0xcc, 0x76, 0x9c, 0xd8,
+ 0x4c, 0x59, 0x5e, 0x38, 0xd2, 0x85, 0xd3, 0x3b,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 2048,[p>q] */ {0x68, 0x27, 0x92, 0x4a, 0x85, 0xe8, 0x8b, 0x55,
+ 0xba, 0x00, 0xf8, 0x21, 0x91, 0x28, 0xbd, 0x37,
+ 0x24, 0xc6, 0xb7, 0xd1, 0xdf, 0xe5, 0x62, 0x9e,
+ 0xf1, 0x97, 0x92, 0x5f, 0xec, 0xaf, 0xf5, 0xed,
+ 0xb9, 0xcd, 0xf3, 0xa7, 0xbe, 0xfd, 0x8e, 0xa2,
+ 0xe8, 0xdd, 0x37, 0x07, 0x13, 0x8b, 0x3f, 0xf8,
+ 0x7c, 0x3c, 0x39, 0xc5, 0x7f, 0x43, 0x9e, 0x56,
+ 0x2e, 0x2a, 0xa8, 0x05, 0xa3, 0x9d, 0x7c, 0xd7,
+ 0x99, 0x66, 0xd2, 0xec, 0xe7, 0x84, 0x5f, 0x1d,
+ 0xbc, 0x16, 0xbe, 0xe9, 0x99, 0x99, 0xe4, 0xd0,
+ 0xbf, 0x9e, 0xec, 0xa4, 0x5f, 0xcd, 0xa8, 0xa8,
+ 0x50, 0x00, 0x35, 0xfe, 0x6b, 0x5f, 0x03, 0xbc,
+ 0x2f, 0x6d, 0x1b, 0xfc, 0x4d, 0x4d, 0x0a, 0x37,
+ 0x23, 0x96, 0x1a, 0xf0, 0xcd, 0xce, 0x4a, 0x01,
+ 0xee, 0xc8, 0x2d, 0x7f, 0x54, 0x58, 0xec, 0x19,
+ 0xe7, 0x1b, 0x90, 0xee, 0xef, 0x7d, 0xff, 0x61,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 4096,[p>q] */ {0x96, 0x91, 0xf7, 0x52, 0x11, 0xdc, 0x4a, 0x26,
+ 0xf8, 0x51, 0xa6, 0x1a, 0x75, 0xd1, 0xbe, 0x32,
+ 0xe9, 0x34, 0x39, 0x1f, 0xb3, 0x05, 0x58, 0x35,
+ 0xaa, 0x51, 0xf6, 0x53, 0x1e, 0xa5, 0x5f, 0x38,
+ 0x02, 0xa8, 0xdb, 0xa5, 0x58, 0xfc, 0x95, 0x21,
+ 0xa3, 0x6a, 0x1c, 0x4e, 0xd5, 0x64, 0x1a, 0x94,
+ 0xeb, 0xfb, 0xca, 0x56, 0x6e, 0xfc, 0xd7, 0xb1,
+ 0x82, 0x95, 0x8a, 0x8c, 0x17, 0xbd, 0x24, 0xd9,
+ 0xfd, 0xc9, 0x22, 0x3d, 0x52, 0x90, 0x44, 0xf6,
+ 0xfc, 0xb5, 0x63, 0xca, 0xc9, 0x6f, 0x9b, 0xbd,
+ 0x1d, 0x98, 0xe7, 0xe2, 0x5c, 0x5c, 0x89, 0x2f,
+ 0xdd, 0x54, 0x18, 0x78, 0xdb, 0x12, 0xf5, 0xef,
+ 0xfe, 0x4e, 0x1b, 0x9e, 0xaa, 0x3e, 0x77, 0x36,
+ 0x8e, 0xa9, 0x46, 0xb3, 0xa2, 0x45, 0x3c, 0xa4,
+ 0xb3, 0xc4, 0xf1, 0x82, 0xcc, 0x49, 0x6b, 0xaa,
+ 0xf6, 0x41, 0x1d, 0xa0, 0x12, 0x29, 0xfc, 0xcc,
+ 0xbf, 0xf4, 0xd3, 0x90, 0xe5, 0x3e, 0x77, 0x86,
+ 0x35, 0xe6, 0x76, 0xcd, 0x0c, 0xaa, 0x8c, 0xae,
+ 0xe1, 0x07, 0x7a, 0xd3, 0xd4, 0x5c, 0xa4, 0x46,
+ 0xa0, 0x46, 0xb9, 0x04, 0x08, 0x5d, 0xce, 0xc7,
+ 0x78, 0x04, 0x48, 0xde, 0x46, 0xfc, 0x6f, 0xa0,
+ 0xcf, 0x2c, 0x91, 0x87, 0xed, 0xb8, 0x51, 0xd7,
+ 0xb8, 0x0d, 0x88, 0xa3, 0xf2, 0x92, 0xdf, 0x6c,
+ 0x0e, 0x54, 0x84, 0xc0, 0x39, 0xf4, 0xf0, 0xa3,
+ 0x94, 0x42, 0xdd, 0xcb, 0x4d, 0xef, 0x74, 0x37,
+ 0x33, 0xc8, 0x96, 0x01, 0xa3, 0xda, 0x12, 0xdf,
+ 0x33, 0xf5, 0x58, 0x80, 0xc2, 0xdc, 0x8b, 0xcb,
+ 0x40, 0x7d, 0x78, 0xbb, 0x3e, 0x40, 0xa3, 0xbe,
+ 0xd2, 0x94, 0x34, 0xa0, 0x47, 0xd3, 0x3c, 0x62,
+ 0x65, 0x92, 0x5c, 0xdd, 0x3c, 0xa8, 0x4f, 0xc6,
+ 0x05, 0xa7, 0x26, 0x91, 0xd6, 0xf7, 0x8b, 0x41,
+ 0xf3, 0x52, 0x08, 0x3d, 0x95, 0x6e, 0x70, 0xff},
+ /* 1024,[p<q] */ {0xa7, 0xcf, 0xa2, 0x18, 0x2c, 0xa9, 0xb4, 0xb9,
+ 0xf5, 0x9e, 0xc9, 0x04, 0x16, 0xd9, 0xa6, 0x8b,
+ 0x90, 0x4a, 0x19, 0x6d, 0x64, 0xb7, 0x17, 0x67,
+ 0x53, 0xfa, 0x4e, 0x8d, 0xde, 0xa6, 0x94, 0x32,
+ 0x5d, 0xcf, 0x58, 0x3e, 0x90, 0xbb, 0x30, 0x19,
+ 0x96, 0x38, 0x95, 0xb6, 0xca, 0x2f, 0xfa, 0x22,
+ 0x81, 0x65, 0x3b, 0x3c, 0x95, 0x9e, 0x79, 0x75,
+ 0xe4, 0x93, 0x50, 0xf1, 0x88, 0x6b, 0xc1, 0x87,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 2048,[p<q] */ {0xed, 0x10, 0x2a, 0xcd, 0xb2, 0x68, 0x71, 0x53,
+ 0x4d, 0x1c, 0x41, 0x4e, 0xca, 0xd9, 0xa4, 0xd7,
+ 0x32, 0xfe, 0x95, 0xb1, 0x0e, 0xea, 0x37, 0x0d,
+ 0xa6, 0x2f, 0x05, 0xde, 0x2c, 0x39, 0x3b, 0x1a,
+ 0x63, 0x33, 0x03, 0xea, 0x74, 0x1b, 0x6b, 0x32,
+ 0x69, 0xc9, 0x7f, 0x70, 0x4b, 0x35, 0x27, 0x02,
+ 0xc9, 0xae, 0x79, 0x92, 0x2f, 0x7b, 0xe8, 0xd1,
+ 0x0d, 0xb6, 0x7f, 0x02, 0x6a, 0x81, 0x45, 0xde,
+ 0x41, 0xb3, 0x0c, 0x0a, 0x42, 0xbf, 0x92, 0x3b,
+ 0xac, 0x5f, 0x75, 0x04, 0xc2, 0x48, 0x60, 0x4b,
+ 0x9f, 0xaa, 0x57, 0xed, 0x6b, 0x32, 0x46, 0xc6,
+ 0xba, 0x15, 0x8e, 0x36, 0xc6, 0x44, 0xf8, 0xb9,
+ 0x54, 0x8f, 0xcf, 0x4f, 0x07, 0xe0, 0x54, 0xa5,
+ 0x6f, 0x76, 0x86, 0x74, 0x05, 0x44, 0x40, 0xbc,
+ 0x0d, 0xcb, 0xbc, 0x9b, 0x52, 0x8f, 0x64, 0xa0,
+ 0x17, 0x06, 0xe0, 0x5b, 0x0b, 0x91, 0x10, 0x6f,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 4096,[p<q] */ {0x9c, 0x30, 0x60, 0xcf, 0xaa, 0xed, 0x64, 0xa0,
+ 0xe2, 0xa4, 0x24, 0x0d, 0x59, 0x5f, 0x1b, 0xda,
+ 0x92, 0x6e, 0xc1, 0xb6, 0x77, 0x25, 0x26, 0x93,
+ 0xbc, 0x00, 0xba, 0xc9, 0x1c, 0x22, 0xb4, 0x91,
+ 0x31, 0x92, 0xa9, 0x97, 0xf2, 0xac, 0x68, 0x92,
+ 0x60, 0xca, 0x56, 0xc4, 0xb7, 0xc2, 0x97, 0x7b,
+ 0x5a, 0x2c, 0x99, 0x73, 0xf1, 0x20, 0x7a, 0xe4,
+ 0xa3, 0xe5, 0x9a, 0x45, 0x5f, 0xd7, 0x65, 0x62,
+ 0xbf, 0x85, 0xa1, 0x48, 0xbb, 0x6a, 0xfd, 0xd8,
+ 0x7a, 0xa5, 0x5f, 0x7b, 0xcf, 0xf7, 0x30, 0x2e,
+ 0x52, 0x61, 0x13, 0x81, 0x63, 0x73, 0x85, 0xcb,
+ 0x60, 0xdb, 0x57, 0xb2, 0xfc, 0x55, 0x6a, 0xee,
+ 0x97, 0xf4, 0x0c, 0x76, 0xd7, 0x57, 0xe1, 0x95,
+ 0xd4, 0x02, 0xc7, 0x3f, 0x8c, 0x5f, 0xe3, 0x83,
+ 0x78, 0x58, 0x5e, 0x34, 0x59, 0xfa, 0x64, 0xc8,
+ 0x26, 0x3e, 0xf3, 0x5e, 0x06, 0x96, 0xd0, 0x63,
+ 0xaa, 0x6b, 0xf0, 0x3f, 0x3c, 0x7b, 0xd9, 0x98,
+ 0x0c, 0x97, 0x49, 0xe4, 0x10, 0x5a, 0x6d, 0x57,
+ 0x46, 0x61, 0xd1, 0x78, 0x35, 0x06, 0xf0, 0x5a,
+ 0x68, 0xe1, 0xdd, 0xac, 0x3a, 0x95, 0xfb, 0x4f,
+ 0xd9, 0x46, 0x6b, 0x98, 0x55, 0x6e, 0x4b, 0x39,
+ 0x9f, 0xbb, 0x05, 0x49, 0xbf, 0x53, 0x93, 0xd4,
+ 0x39, 0xcd, 0xed, 0xa2, 0xe9, 0x02, 0x81, 0xd3,
+ 0x69, 0x08, 0x02, 0x7c, 0xa8, 0xc1, 0xd5, 0xa1,
+ 0x58, 0xe3, 0x81, 0xea, 0x8b, 0xd2, 0x23, 0x4c,
+ 0x1c, 0x99, 0x4d, 0x81, 0x8d, 0x82, 0x1e, 0x85,
+ 0xf7, 0xa9, 0xf8, 0xe6, 0x53, 0x8e, 0x85, 0xcb,
+ 0x79, 0xbb, 0x89, 0x49, 0xce, 0x3c, 0x18, 0x5d,
+ 0xa4, 0x3c, 0x8c, 0x13, 0x7c, 0xe2, 0xc6, 0x97,
+ 0xf0, 0xbe, 0xfa, 0xb6, 0x87, 0xbe, 0xc0, 0xed,
+ 0x70, 0x39, 0x8e, 0x0b, 0x23, 0xb9, 0x51, 0x83,
+ 0x38, 0xc8, 0x37, 0x3e, 0x38, 0x7a, 0x82, 0xfb}};
+unsigned char p[6][264] =
+ /* 1024,[p>q] */{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xfb, 0xb7, 0x73, 0x24, 0x42, 0xfe, 0x8f, 0x16,
+ 0xf0, 0x6e, 0x2d, 0x86, 0x22, 0x46, 0x79, 0xd1,
+ 0x58, 0x6f, 0x26, 0x24, 0x17, 0x12, 0xa3, 0x1a,
+ 0xfd, 0xf7, 0x75, 0xd4, 0xcd, 0xf9, 0xde, 0x4b,
+ 0x8c, 0xb7, 0x04, 0x5d, 0xd9, 0x18, 0xc8, 0x26,
+ 0x61, 0x54, 0xe0, 0x92, 0x2f, 0x47, 0xf7, 0x33,
+ 0xc2, 0x17, 0xd8, 0xda, 0xe0, 0x6d, 0xb6, 0x30,
+ 0xd6, 0xdc, 0xf9, 0x6a, 0x4c, 0xa1, 0xa2, 0x4b,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 2048,[p>q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xf4, 0x4f, 0x5e, 0x42, 0x46, 0x39, 0x1f, 0x48,
+ 0x2b, 0x2f, 0x52, 0x96, 0xe3, 0x60, 0x2e, 0xb3,
+ 0x4a, 0xa1, 0x36, 0x42, 0x77, 0x10, 0xf7, 0xc0,
+ 0x41, 0x6d, 0x40, 0x3f, 0xd6, 0x9d, 0x4b, 0x29,
+ 0x13, 0x0c, 0xfe, 0xbe, 0xf3, 0x4e, 0x88, 0x5a,
+ 0xbd, 0xb1, 0xa8, 0xa0, 0xa5, 0xf0, 0xe9, 0xb5,
+ 0xc3, 0x3e, 0x1f, 0xc3, 0xbf, 0xc2, 0x85, 0xb1,
+ 0xae, 0x17, 0xe4, 0x0c, 0xc6, 0x7a, 0x19, 0x13,
+ 0xdd, 0x56, 0x37, 0x19, 0x81, 0x5e, 0xba, 0xf8,
+ 0x51, 0x4c, 0x2a, 0x7a, 0xa0, 0x01, 0x8e, 0x63,
+ 0xb6, 0xc6, 0x31, 0xdc, 0x31, 0x5a, 0x46, 0x23,
+ 0x57, 0x16, 0x42, 0x3d, 0x11, 0xff, 0x58, 0x03,
+ 0x4e, 0x61, 0x06, 0x45, 0x70, 0x36, 0x06, 0x91,
+ 0x9f, 0x5c, 0x7c, 0xe2, 0x66, 0x0c, 0xd1, 0x48,
+ 0xbd, 0x9e, 0xfc, 0x12, 0x3d, 0x9c, 0x54, 0xb6,
+ 0x70, 0x55, 0x90, 0xd0, 0x06, 0xcf, 0xcf, 0x3f,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 4096,[p>q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xea, 0x48, 0x91, 0x37, 0x80, 0x64, 0x16, 0xf1,
+ 0x53, 0xf6, 0x36, 0x14, 0x06, 0x0e, 0xa9, 0xc7,
+ 0xdb, 0xa6, 0x22, 0x91, 0xb2, 0xb7, 0xb9, 0xdd,
+ 0x9a, 0x01, 0x18, 0x2d, 0xaa, 0x34, 0x0e, 0xd9,
+ 0xca, 0x5b, 0xfe, 0x63, 0xec, 0x02, 0x9c, 0xdb,
+ 0x91, 0x2f, 0x82, 0x27, 0x13, 0xa3, 0xe3, 0x39,
+ 0x07, 0x42, 0xe6, 0x2d, 0xe9, 0xb0, 0xb8, 0x56,
+ 0xf5, 0xd8, 0x67, 0x68, 0x0f, 0xc3, 0x18, 0x14,
+ 0x1f, 0x48, 0x71, 0xed, 0x19, 0x20, 0x7c, 0xc4,
+ 0xb7, 0xf8, 0x0f, 0x39, 0xb7, 0xf2, 0xc8, 0x45,
+ 0x7b, 0x91, 0x9d, 0x42, 0x15, 0x2d, 0x48, 0xb1,
+ 0x11, 0x49, 0x03, 0x8c, 0x7a, 0x80, 0x20, 0x65,
+ 0xe3, 0xee, 0x12, 0xb2, 0x43, 0x03, 0xd2, 0x60,
+ 0xbe, 0x04, 0x2a, 0xdf, 0x52, 0x8f, 0xd5, 0x45,
+ 0x34, 0x84, 0x8d, 0x4e, 0x86, 0xf7, 0x97, 0x2c,
+ 0x39, 0x5e, 0x6d, 0x0d, 0x09, 0xe2, 0x38, 0x95,
+ 0x7f, 0xa1, 0xe8, 0x5e, 0xda, 0xb9, 0xc6, 0x64,
+ 0x12, 0xe2, 0xee, 0xd6, 0x18, 0x87, 0xa4, 0x02,
+ 0xe9, 0x92, 0xba, 0x34, 0x4f, 0x8a, 0x68, 0x87,
+ 0x9d, 0x52, 0xcc, 0x82, 0x57, 0xe0, 0xf8, 0xf7,
+ 0xc5, 0xe9, 0xa1, 0x64, 0x80, 0x25, 0x70, 0xd6,
+ 0x6f, 0x98, 0x87, 0xee, 0x9e, 0xfd, 0x5d, 0xbe,
+ 0x56, 0xb4, 0xe4, 0x74, 0x5d, 0x83, 0xc2, 0xbd,
+ 0x1d, 0x8c, 0x03, 0xba, 0xfd, 0x22, 0xc0, 0x72,
+ 0x05, 0x55, 0x42, 0xdf, 0xd1, 0xbb, 0x34, 0xf2,
+ 0x2a, 0xe5, 0xf4, 0x42, 0x54, 0x43, 0x2d, 0xc8,
+ 0xf3, 0x7e, 0xf5, 0x59, 0x7d, 0x55, 0xc8, 0xb1,
+ 0x36, 0x99, 0x4d, 0xee, 0xb5, 0x5a, 0x24, 0x8c,
+ 0x76, 0x5a, 0xd2, 0x1d, 0x3b, 0x54, 0x29, 0xe3,
+ 0xe9, 0x1e, 0x78, 0x11, 0xcb, 0x9e, 0x21, 0x64,
+ 0x28, 0x56, 0x55, 0x10, 0xb5, 0x95, 0xfa, 0x44,
+ 0xd5, 0x2c, 0x52, 0xdd, 0x54, 0xb7, 0xc4, 0x79},
+ /* 1024,[p<q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xf0, 0x57, 0x24, 0xf6, 0x2a, 0x5a, 0x6d, 0x8e,
+ 0xb8, 0xc6, 0x6f, 0xd2, 0xbb, 0x36, 0x4f, 0x6d,
+ 0xd8, 0xbc, 0xa7, 0x2f, 0xbd, 0x43, 0xdc, 0x9a,
+ 0x0e, 0x2a, 0x36, 0xb9, 0x21, 0x05, 0xfa, 0x22,
+ 0x6c, 0xe8, 0x22, 0x68, 0x2f, 0x1c, 0xe8, 0x27,
+ 0xc1, 0xed, 0x08, 0x7a, 0x43, 0x70, 0x7b, 0xe3,
+ 0x46, 0x74, 0x02, 0x6e, 0xb2, 0xb1, 0xeb, 0x44,
+ 0x72, 0x86, 0x0d, 0x55, 0x3b, 0xc8, 0xbc, 0xd9,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 2048,[p<q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xe9, 0xd4, 0x98, 0x41, 0xe0, 0xe0, 0xa6, 0xad,
+ 0x0d, 0x51, 0x78, 0x57, 0x13, 0x3e, 0x36, 0xdc,
+ 0x72, 0xc1, 0xbd, 0xd9, 0x0f, 0x91, 0x74, 0xb5,
+ 0x2e, 0x26, 0x57, 0x0f, 0x37, 0x36, 0x40, 0xf1,
+ 0xc1, 0x85, 0xe7, 0xea, 0x8e, 0x2e, 0xd7, 0xf1,
+ 0xe4, 0xeb, 0xb9, 0x51, 0xf7, 0x0a, 0x58, 0x02,
+ 0x36, 0x33, 0xb0, 0x09, 0x7a, 0xec, 0x67, 0xc6,
+ 0xdc, 0xb8, 0x00, 0xfc, 0x1a, 0x67, 0xf9, 0xbb,
+ 0x05, 0x63, 0x61, 0x0f, 0x08, 0xeb, 0xc8, 0x74,
+ 0x6a, 0xd1, 0x29, 0x77, 0x21, 0x36, 0xeb, 0x1d,
+ 0xda, 0xf4, 0x64, 0x36, 0x45, 0x0d, 0x31, 0x83,
+ 0x32, 0xa8, 0x49, 0x82, 0xfe, 0x5d, 0x28, 0xdb,
+ 0xe5, 0xb3, 0xe9, 0x12, 0x40, 0x7c, 0x3e, 0x0e,
+ 0x03, 0x10, 0x0d, 0x87, 0xd4, 0x36, 0xee, 0x40,
+ 0x9e, 0xec, 0x1c, 0xf8, 0x5e, 0x80, 0xab, 0xa0,
+ 0x79, 0xb2, 0xe6, 0x10, 0x6b, 0x97, 0xbc, 0xed,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 4096,[p<q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xe1, 0xda, 0xf2, 0xfb, 0x1a, 0xca, 0x6f, 0x3a,
+ 0x74, 0x7a, 0x79, 0x27, 0xb0, 0xba, 0x9d, 0x4c,
+ 0x5d, 0xce, 0x55, 0xaf, 0x8c, 0x88, 0x04, 0x50,
+ 0x7f, 0x7a, 0xf1, 0x7c, 0xad, 0xf8, 0x0e, 0xd4,
+ 0x03, 0xfd, 0x49, 0x78, 0x05, 0x7a, 0xdf, 0xb2,
+ 0x75, 0x1f, 0x2a, 0x76, 0x40, 0x16, 0x27, 0xdf,
+ 0x61, 0xf9, 0xaf, 0x81, 0xa6, 0x7b, 0x43, 0x8a,
+ 0x43, 0xe0, 0x4f, 0xd2, 0x23, 0x9b, 0xb7, 0x46,
+ 0xfc, 0xad, 0xb3, 0x5b, 0xfb, 0xd8, 0x67, 0x72,
+ 0x7b, 0x10, 0x15, 0xb0, 0x2e, 0x27, 0x69, 0x9b,
+ 0xac, 0x65, 0x5b, 0xd3, 0x8a, 0x8a, 0xcd, 0xc7,
+ 0xcb, 0xfe, 0x24, 0xb5, 0x48, 0x9c, 0x70, 0xe7,
+ 0xfd, 0x75, 0x29, 0x6d, 0xff, 0x5d, 0xb2, 0xd1,
+ 0xd5, 0xfd, 0xea, 0x0d, 0x73, 0x67, 0xda, 0xf7,
+ 0x0d, 0xa7, 0x6a, 0x44, 0x32, 0x6e, 0x21, 0x80,
+ 0x71, 0x61, 0xac, 0x70, 0x1b, 0x3e, 0xfb, 0x33,
+ 0x1f, 0xef, 0x3d, 0x59, 0x57, 0xdd, 0xb3, 0x49,
+ 0x50, 0xd9, 0xb2, 0x33, 0x92, 0xff, 0xd3, 0x06,
+ 0x51, 0x8b, 0x38, 0x3d, 0xbe, 0x8a, 0xf6, 0x69,
+ 0xf0, 0x6a, 0x15, 0x86, 0x0c, 0x8c, 0xb6, 0x2b,
+ 0x34, 0x06, 0x6d, 0x4d, 0x6a, 0x7a, 0xa7, 0x71,
+ 0x36, 0xc2, 0xda, 0x4b, 0xe4, 0x94, 0x7a, 0xc3,
+ 0x94, 0x14, 0x4c, 0xf5, 0xeb, 0xdc, 0x4f, 0x22,
+ 0x15, 0x7e, 0xc7, 0x20, 0x56, 0xef, 0x68, 0xf5,
+ 0x5e, 0x64, 0x4c, 0xb0, 0xf4, 0xe7, 0x2e, 0x52,
+ 0xcd, 0xac, 0xe1, 0x02, 0x75, 0xc7, 0x1c, 0x4e,
+ 0xcd, 0xf0, 0x04, 0xc1, 0x24, 0x4a, 0xd1, 0xb0,
+ 0xe0, 0xbc, 0x35, 0x18, 0xdd, 0x60, 0xf5, 0x9e,
+ 0x3b, 0xde, 0x4e, 0xf0, 0x6b, 0xbc, 0xda, 0x93,
+ 0x98, 0x5b, 0x8b, 0x4b, 0xda, 0xfc, 0x77, 0xa9,
+ 0x08, 0x7a, 0xb9, 0xda, 0xc2, 0x73, 0x50, 0xe2,
+ 0xec, 0xfb, 0x0c, 0x5c, 0x60, 0x25, 0xa9, 0x7f}};
+unsigned char q[6][256] =
+ /* 1024,[p>q] */{{0xf0, 0x57, 0x24, 0xf6, 0x2a, 0x5a, 0x6d, 0x8e,
+ 0xb8, 0xc6, 0x6f, 0xd2, 0xbb, 0x36, 0x4f, 0x6d,
+ 0xd8, 0xbc, 0xa7, 0x2f, 0xbd, 0x43, 0xdc, 0x9a,
+ 0x0e, 0x2a, 0x36, 0xb9, 0x21, 0x05, 0xfa, 0x22,
+ 0x6c, 0xe8, 0x22, 0x68, 0x2f, 0x1c, 0xe8, 0x27,
+ 0xc1, 0xed, 0x08, 0x7a, 0x43, 0x70, 0x7b, 0xe3,
+ 0x46, 0x74, 0x02, 0x6e, 0xb2, 0xb1, 0xeb, 0x44,
+ 0x72, 0x86, 0x0d, 0x55, 0x3b, 0xc8, 0xbc, 0xd9,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 2048,[p>q] */ {0xe9, 0xd4, 0x98, 0x41, 0xe0, 0xe0, 0xa6, 0xad,
+ 0x0d, 0x51, 0x78, 0x57, 0x13, 0x3e, 0x36, 0xdc,
+ 0x72, 0xc1, 0xbd, 0xd9, 0x0f, 0x91, 0x74, 0xb5,
+ 0x2e, 0x26, 0x57, 0x0f, 0x37, 0x36, 0x40, 0xf1,
+ 0xc1, 0x85, 0xe7, 0xea, 0x8e, 0x2e, 0xd7, 0xf1,
+ 0xe4, 0xeb, 0xb9, 0x51, 0xf7, 0x0a, 0x58, 0x02,
+ 0x36, 0x33, 0xb0, 0x09, 0x7a, 0xec, 0x67, 0xc6,
+ 0xdc, 0xb8, 0x00, 0xfc, 0x1a, 0x67, 0xf9, 0xbb,
+ 0x05, 0x63, 0x61, 0x0f, 0x08, 0xeb, 0xc8, 0x74,
+ 0x6a, 0xd1, 0x29, 0x77, 0x21, 0x36, 0xeb, 0x1d,
+ 0xda, 0xf4, 0x64, 0x36, 0x45, 0x0d, 0x31, 0x83,
+ 0x32, 0xa8, 0x49, 0x82, 0xfe, 0x5d, 0x28, 0xdb,
+ 0xe5, 0xb3, 0xe9, 0x12, 0x40, 0x7c, 0x3e, 0x0e,
+ 0x03, 0x10, 0x0d, 0x87, 0xd4, 0x36, 0xee, 0x40,
+ 0x9e, 0xec, 0x1c, 0xf8, 0x5e, 0x80, 0xab, 0xa0,
+ 0x79, 0xb2, 0xe6, 0x10, 0x6b, 0x97, 0xbc, 0xed,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 4096,[p>q] */ {0xe1, 0xda, 0xf2, 0xfb, 0x1a, 0xca, 0x6f, 0x3a,
+ 0x74, 0x7a, 0x79, 0x27, 0xb0, 0xba, 0x9d, 0x4c,
+ 0x5d, 0xce, 0x55, 0xaf, 0x8c, 0x88, 0x04, 0x50,
+ 0x7f, 0x7a, 0xf1, 0x7c, 0xad, 0xf8, 0x0e, 0xd4,
+ 0x03, 0xfd, 0x49, 0x78, 0x05, 0x7a, 0xdf, 0xb2,
+ 0x75, 0x1f, 0x2a, 0x76, 0x40, 0x16, 0x27, 0xdf,
+ 0x61, 0xf9, 0xaf, 0x81, 0xa6, 0x7b, 0x43, 0x8a,
+ 0x43, 0xe0, 0x4f, 0xd2, 0x23, 0x9b, 0xb7, 0x46,
+ 0xfc, 0xad, 0xb3, 0x5b, 0xfb, 0xd8, 0x67, 0x72,
+ 0x7b, 0x10, 0x15, 0xb0, 0x2e, 0x27, 0x69, 0x9b,
+ 0xac, 0x65, 0x5b, 0xd3, 0x8a, 0x8a, 0xcd, 0xc7,
+ 0xcb, 0xfe, 0x24, 0xb5, 0x48, 0x9c, 0x70, 0xe7,
+ 0xfd, 0x75, 0x29, 0x6d, 0xff, 0x5d, 0xb2, 0xd1,
+ 0xd5, 0xfd, 0xea, 0x0d, 0x73, 0x67, 0xda, 0xf7,
+ 0x0d, 0xa7, 0x6a, 0x44, 0x32, 0x6e, 0x21, 0x80,
+ 0x71, 0x61, 0xac, 0x70, 0x1b, 0x3e, 0xfb, 0x33,
+ 0x1f, 0xef, 0x3d, 0x59, 0x57, 0xdd, 0xb3, 0x49,
+ 0x50, 0xd9, 0xb2, 0x33, 0x92, 0xff, 0xd3, 0x06,
+ 0x51, 0x8b, 0x38, 0x3d, 0xbe, 0x8a, 0xf6, 0x69,
+ 0xf0, 0x6a, 0x15, 0x86, 0x0c, 0x8c, 0xb6, 0x2b,
+ 0x34, 0x06, 0x6d, 0x4d, 0x6a, 0x7a, 0xa7, 0x71,
+ 0x36, 0xc2, 0xda, 0x4b, 0xe4, 0x94, 0x7a, 0xc3,
+ 0x94, 0x14, 0x4c, 0xf5, 0xeb, 0xdc, 0x4f, 0x22,
+ 0x15, 0x7e, 0xc7, 0x20, 0x56, 0xef, 0x68, 0xf5,
+ 0x5e, 0x64, 0x4c, 0xb0, 0xf4, 0xe7, 0x2e, 0x52,
+ 0xcd, 0xac, 0xe1, 0x02, 0x75, 0xc7, 0x1c, 0x4e,
+ 0xcd, 0xf0, 0x04, 0xc1, 0x24, 0x4a, 0xd1, 0xb0,
+ 0xe0, 0xbc, 0x35, 0x18, 0xdd, 0x60, 0xf5, 0x9e,
+ 0x3b, 0xde, 0x4e, 0xf0, 0x6b, 0xbc, 0xda, 0x93,
+ 0x98, 0x5b, 0x8b, 0x4b, 0xda, 0xfc, 0x77, 0xa9,
+ 0x08, 0x7a, 0xb9, 0xda, 0xc2, 0x73, 0x50, 0xe2,
+ 0xec, 0xfb, 0x0c, 0x5c, 0x60, 0x25, 0xa9, 0x7f},
+ /* 1024,[p<q] */ {0xfb, 0xb7, 0x73, 0x24, 0x42, 0xfe, 0x8f, 0x16,
+ 0xf0, 0x6e, 0x2d, 0x86, 0x22, 0x46, 0x79, 0xd1,
+ 0x58, 0x6f, 0x26, 0x24, 0x17, 0x12, 0xa3, 0x1a,
+ 0xfd, 0xf7, 0x75, 0xd4, 0xcd, 0xf9, 0xde, 0x4b,
+ 0x8c, 0xb7, 0x04, 0x5d, 0xd9, 0x18, 0xc8, 0x26,
+ 0x61, 0x54, 0xe0, 0x92, 0x2f, 0x47, 0xf7, 0x33,
+ 0xc2, 0x17, 0xd8, 0xda, 0xe0, 0x6d, 0xb6, 0x30,
+ 0xd6, 0xdc, 0xf9, 0x6a, 0x4c, 0xa1, 0xa2, 0x4b,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 2048,[p<q] */ {0xf4, 0x4f, 0x5e, 0x42, 0x46, 0x39, 0x1f, 0x48,
+ 0x2b, 0x2f, 0x52, 0x96, 0xe3, 0x60, 0x2e, 0xb3,
+ 0x4a, 0xa1, 0x36, 0x42, 0x77, 0x10, 0xf7, 0xc0,
+ 0x41, 0x6d, 0x40, 0x3f, 0xd6, 0x9d, 0x4b, 0x29,
+ 0x13, 0x0c, 0xfe, 0xbe, 0xf3, 0x4e, 0x88, 0x5a,
+ 0xbd, 0xb1, 0xa8, 0xa0, 0xa5, 0xf0, 0xe9, 0xb5,
+ 0xc3, 0x3e, 0x1f, 0xc3, 0xbf, 0xc2, 0x85, 0xb1,
+ 0xae, 0x17, 0xe4, 0x0c, 0xc6, 0x7a, 0x19, 0x13,
+ 0xdd, 0x56, 0x37, 0x19, 0x81, 0x5e, 0xba, 0xf8,
+ 0x51, 0x4c, 0x2a, 0x7a, 0xa0, 0x01, 0x8e, 0x63,
+ 0xb6, 0xc6, 0x31, 0xdc, 0x31, 0x5a, 0x46, 0x23,
+ 0x57, 0x16, 0x42, 0x3d, 0x11, 0xff, 0x58, 0x03,
+ 0x4e, 0x61, 0x06, 0x45, 0x70, 0x36, 0x06, 0x91,
+ 0x9f, 0x5c, 0x7c, 0xe2, 0x66, 0x0c, 0xd1, 0x48,
+ 0xbd, 0x9e, 0xfc, 0x12, 0x3d, 0x9c, 0x54, 0xb6,
+ 0x70, 0x55, 0x90, 0xd0, 0x06, 0xcf, 0xcf, 0x3f,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 4096,[p<q] */ {0xea, 0x48, 0x91, 0x37, 0x80, 0x64, 0x16, 0xf1,
+ 0x53, 0xf6, 0x36, 0x14, 0x06, 0x0e, 0xa9, 0xc7,
+ 0xdb, 0xa6, 0x22, 0x91, 0xb2, 0xb7, 0xb9, 0xdd,
+ 0x9a, 0x01, 0x18, 0x2d, 0xaa, 0x34, 0x0e, 0xd9,
+ 0xca, 0x5b, 0xfe, 0x63, 0xec, 0x02, 0x9c, 0xdb,
+ 0x91, 0x2f, 0x82, 0x27, 0x13, 0xa3, 0xe3, 0x39,
+ 0x07, 0x42, 0xe6, 0x2d, 0xe9, 0xb0, 0xb8, 0x56,
+ 0xf5, 0xd8, 0x67, 0x68, 0x0f, 0xc3, 0x18, 0x14,
+ 0x1f, 0x48, 0x71, 0xed, 0x19, 0x20, 0x7c, 0xc4,
+ 0xb7, 0xf8, 0x0f, 0x39, 0xb7, 0xf2, 0xc8, 0x45,
+ 0x7b, 0x91, 0x9d, 0x42, 0x15, 0x2d, 0x48, 0xb1,
+ 0x11, 0x49, 0x03, 0x8c, 0x7a, 0x80, 0x20, 0x65,
+ 0xe3, 0xee, 0x12, 0xb2, 0x43, 0x03, 0xd2, 0x60,
+ 0xbe, 0x04, 0x2a, 0xdf, 0x52, 0x8f, 0xd5, 0x45,
+ 0x34, 0x84, 0x8d, 0x4e, 0x86, 0xf7, 0x97, 0x2c,
+ 0x39, 0x5e, 0x6d, 0x0d, 0x09, 0xe2, 0x38, 0x95,
+ 0x7f, 0xa1, 0xe8, 0x5e, 0xda, 0xb9, 0xc6, 0x64,
+ 0x12, 0xe2, 0xee, 0xd6, 0x18, 0x87, 0xa4, 0x02,
+ 0xe9, 0x92, 0xba, 0x34, 0x4f, 0x8a, 0x68, 0x87,
+ 0x9d, 0x52, 0xcc, 0x82, 0x57, 0xe0, 0xf8, 0xf7,
+ 0xc5, 0xe9, 0xa1, 0x64, 0x80, 0x25, 0x70, 0xd6,
+ 0x6f, 0x98, 0x87, 0xee, 0x9e, 0xfd, 0x5d, 0xbe,
+ 0x56, 0xb4, 0xe4, 0x74, 0x5d, 0x83, 0xc2, 0xbd,
+ 0x1d, 0x8c, 0x03, 0xba, 0xfd, 0x22, 0xc0, 0x72,
+ 0x05, 0x55, 0x42, 0xdf, 0xd1, 0xbb, 0x34, 0xf2,
+ 0x2a, 0xe5, 0xf4, 0x42, 0x54, 0x43, 0x2d, 0xc8,
+ 0xf3, 0x7e, 0xf5, 0x59, 0x7d, 0x55, 0xc8, 0xb1,
+ 0x36, 0x99, 0x4d, 0xee, 0xb5, 0x5a, 0x24, 0x8c,
+ 0x76, 0x5a, 0xd2, 0x1d, 0x3b, 0x54, 0x29, 0xe3,
+ 0xe9, 0x1e, 0x78, 0x11, 0xcb, 0x9e, 0x21, 0x64,
+ 0x28, 0x56, 0x55, 0x10, 0xb5, 0x95, 0xfa, 0x44,
+ 0xd5, 0x2c, 0x52, 0xdd, 0x54, 0xb7, 0xc4, 0x79}};
+unsigned char qinv[6][264] =
+ /* 1024,[p>q] */{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x83, 0xf1, 0xca, 0x06, 0x58, 0x4a, 0x04, 0x5e,
+ 0x96, 0xb5, 0x30, 0x32, 0x40, 0x36, 0x48, 0xb9,
+ 0x02, 0x0c, 0xe3, 0x37, 0xb7, 0x51, 0xbc, 0x22,
+ 0x26, 0x5d, 0x74, 0x03, 0x47, 0xd3, 0x33, 0x20,
+ 0x8e, 0x75, 0x62, 0xf2, 0x9d, 0x4e, 0xc8, 0x7d,
+ 0x5d, 0x8e, 0xb6, 0xd9, 0x69, 0x4a, 0x9a, 0xe1,
+ 0x36, 0x6e, 0x1c, 0xbe, 0x8a, 0x14, 0xb1, 0x85,
+ 0x39, 0x74, 0x7c, 0x25, 0xd8, 0xa4, 0x4f, 0xde,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 2048,[p>q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x57, 0xb7, 0x38, 0x88, 0xd1, 0x83, 0xa9, 0x9a,
+ 0x63, 0x07, 0x42, 0x22, 0x77, 0x55, 0x1a, 0x3d,
+ 0x9e, 0x18, 0xad, 0xf0, 0x6a, 0x91, 0xe8, 0xb5,
+ 0x5c, 0xef, 0xfe, 0xf9, 0x07, 0x7c, 0x84, 0x96,
+ 0x94, 0x8e, 0xcb, 0x3b, 0x16, 0xb7, 0x81, 0x55,
+ 0xcb, 0x2a, 0x3a, 0x57, 0xc1, 0x19, 0xd3, 0x79,
+ 0x95, 0x1c, 0x01, 0x0a, 0xa6, 0x35, 0xed, 0xcf,
+ 0x62, 0xd8, 0x4c, 0x5a, 0x12, 0x2a, 0x8d, 0x67,
+ 0xab, 0x5f, 0xa9, 0xe5, 0xa4, 0xa8, 0x77, 0x2a,
+ 0x1e, 0x94, 0x3b, 0xaf, 0xc7, 0x0a, 0xe3, 0xa4,
+ 0xc1, 0xf0, 0xf3, 0xa4, 0xdd, 0xff, 0xae, 0xfd,
+ 0x18, 0x92, 0xc8, 0xcb, 0x33, 0xbb, 0x0d, 0x0b,
+ 0x95, 0x90, 0xe9, 0x63, 0xa6, 0x91, 0x10, 0xfb,
+ 0x34, 0xdb, 0x7b, 0x90, 0x6f, 0xc4, 0xba, 0x28,
+ 0x36, 0x99, 0x5a, 0xac, 0x7e, 0x52, 0x74, 0x90,
+ 0xac, 0x95, 0x2a, 0x02, 0x26, 0x8a, 0x4f, 0x18,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 4096,[p>q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x27, 0x0f, 0x83, 0x44, 0x1b, 0x11, 0xce, 0x9f,
+ 0xe6, 0xdf, 0xd5, 0x1b, 0xed, 0x73, 0xea, 0x09,
+ 0x54, 0xcb, 0x47, 0xca, 0x58, 0xfa, 0x04, 0xc7,
+ 0x25, 0x68, 0xf0, 0x25, 0xfd, 0xf1, 0x30, 0x53,
+ 0x03, 0x56, 0xd9, 0x65, 0x65, 0xd4, 0x60, 0xc1,
+ 0x12, 0x90, 0x91, 0xf6, 0x3d, 0xda, 0x97, 0x6b,
+ 0xe8, 0x1b, 0x96, 0x33, 0xfb, 0x94, 0x0a, 0x8f,
+ 0x55, 0xc3, 0xbd, 0x33, 0x7b, 0x5c, 0x6b, 0x00,
+ 0x1a, 0x79, 0x2f, 0xaf, 0x13, 0x82, 0xcd, 0x5f,
+ 0xc7, 0x2a, 0x25, 0xe6, 0x93, 0xb4, 0x13, 0xa5,
+ 0x89, 0x68, 0x42, 0xce, 0xc2, 0xb0, 0xe8, 0xc4,
+ 0x94, 0x65, 0xa4, 0x04, 0x37, 0x5d, 0x49, 0xcf,
+ 0x6d, 0xeb, 0x3b, 0x89, 0x34, 0xbf, 0x78, 0x2e,
+ 0x8a, 0x34, 0x53, 0x21, 0x56, 0x97, 0xfb, 0xda,
+ 0x6b, 0x95, 0x48, 0xa0, 0x4f, 0x55, 0xa4, 0xab,
+ 0xbd, 0x14, 0xc6, 0x7b, 0xb8, 0xca, 0x1b, 0x73,
+ 0xaa, 0x5f, 0x98, 0x90, 0xe5, 0xdd, 0xb3, 0x30,
+ 0xf5, 0x9b, 0xa0, 0xe6, 0x83, 0x0b, 0xc8, 0x6f,
+ 0x70, 0x41, 0x3e, 0x18, 0xd2, 0xea, 0x57, 0xea,
+ 0xc6, 0x76, 0xaa, 0x48, 0x19, 0x1d, 0x3f, 0xff,
+ 0xa4, 0x5f, 0x01, 0x4f, 0x4b, 0x21, 0x14, 0xcf,
+ 0x83, 0x5f, 0xc1, 0xcf, 0xaf, 0x04, 0xe8, 0x8a,
+ 0xab, 0xa2, 0x53, 0xaa, 0x9e, 0x1b, 0x6d, 0x42,
+ 0xa8, 0x2b, 0x51, 0xd9, 0x28, 0x9b, 0xf7, 0xda,
+ 0xf3, 0xd7, 0x6c, 0x71, 0xbd, 0xc2, 0x27, 0x17,
+ 0x8b, 0x04, 0x46, 0xdc, 0xae, 0x79, 0x70, 0x1b,
+ 0xf0, 0x45, 0x93, 0x26, 0x60, 0x24, 0x9a, 0xc7,
+ 0xf2, 0xab, 0x9c, 0xad, 0xf6, 0xaa, 0xab, 0xfa,
+ 0xb2, 0x70, 0xec, 0x34, 0x7f, 0x75, 0x3a, 0x4c,
+ 0x3c, 0x0c, 0xe2, 0xe7, 0xad, 0x43, 0xb2, 0x66,
+ 0xe3, 0x5c, 0x23, 0x0c, 0x48, 0x4a, 0x91, 0x7c,
+ 0xb3, 0x77, 0x5c, 0x57, 0x7d, 0xbc, 0xa8, 0x2d},
+ /* 1024,[p<q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x72, 0x5b, 0xec, 0x7c, 0x5f, 0x9c, 0xa5, 0x5e,
+ 0xb7, 0xfe, 0xef, 0x67, 0x9e, 0xc4, 0xce, 0xae,
+ 0xc4, 0x4d, 0xc2, 0xd2, 0x8b, 0xbf, 0x7b, 0x36,
+ 0x45, 0x5e, 0x89, 0x89, 0x37, 0xcc, 0x60, 0x83,
+ 0x43, 0x67, 0xac, 0xf3, 0x02, 0xa0, 0xb7, 0x2d,
+ 0x19, 0x57, 0xd8, 0xf0, 0x59, 0x11, 0x91, 0x06,
+ 0x07, 0x50, 0x5c, 0x42, 0xf4, 0xe5, 0xa1, 0xee,
+ 0xc9, 0xa3, 0x0a, 0x40, 0x92, 0xe2, 0xcf, 0x72,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 2048,[p<q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x95, 0xe0, 0x94, 0xf5, 0xf7, 0x5f, 0x9e, 0x7a,
+ 0xe3, 0xe0, 0x5f, 0x09, 0xb5, 0x77, 0x81, 0x49,
+ 0x64, 0xbf, 0x0d, 0x8d, 0x65, 0xfb, 0x43, 0xf0,
+ 0xa6, 0x4d, 0x6e, 0x42, 0xbc, 0x08, 0x87, 0x21,
+ 0x75, 0x0e, 0x51, 0x53, 0x71, 0xd3, 0xb5, 0xc3,
+ 0x66, 0x72, 0xfb, 0xf9, 0x1f, 0xf6, 0x92, 0xe2,
+ 0xd6, 0x41, 0xd6, 0xf6, 0x46, 0x88, 0x22, 0x4b,
+ 0xd6, 0x46, 0xd7, 0xe6, 0xbc, 0x66, 0xea, 0x6b,
+ 0x15, 0x9d, 0xe9, 0xc3, 0x45, 0x3d, 0xe7, 0x01,
+ 0xb2, 0x3a, 0x2d, 0x59, 0xd1, 0xbb, 0x97, 0x5e,
+ 0x89, 0x13, 0xfe, 0x57, 0xdc, 0x05, 0xc6, 0xbe,
+ 0xf8, 0x34, 0x8c, 0xc5, 0xab, 0x79, 0xd0, 0xf9,
+ 0xf4, 0x58, 0xaf, 0xcd, 0xc8, 0x72, 0x84, 0x18,
+ 0x7b, 0x29, 0xa2, 0xa6, 0xbf, 0x72, 0x57, 0x8a,
+ 0xe1, 0xe9, 0x38, 0x70, 0x35, 0x1e, 0x2a, 0x5f,
+ 0xcf, 0x91, 0x62, 0x30, 0x57, 0xa6, 0x4c, 0xe4,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 4096,[p<q] */ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xbc, 0x33, 0x29, 0x91, 0x3c, 0x49, 0x8a, 0x8c,
+ 0x1f, 0x0c, 0x5e, 0x1b, 0x47, 0x96, 0x98, 0xab,
+ 0xf6, 0xb6, 0xdb, 0xf9, 0xaa, 0x86, 0xad, 0x48,
+ 0x2d, 0x59, 0xf8, 0xf4, 0xbc, 0x8c, 0x2e, 0x4d,
+ 0x52, 0x0e, 0x48, 0x03, 0xc5, 0xb9, 0x83, 0x66,
+ 0x15, 0x45, 0xff, 0x0e, 0x69, 0xe9, 0x31, 0x70,
+ 0xc5, 0x21, 0xfa, 0x8b, 0x64, 0xef, 0x4c, 0x53,
+ 0x32, 0x51, 0xe7, 0x2f, 0x70, 0x52, 0x89, 0xa2,
+ 0x2b, 0xff, 0x88, 0x9d, 0x93, 0x78, 0x33, 0x03,
+ 0x6e, 0x2a, 0xd4, 0x67, 0x3d, 0xb2, 0xa9, 0x5a,
+ 0x23, 0x3d, 0xfc, 0xaf, 0x6d, 0x41, 0x09, 0x47,
+ 0x7c, 0xa4, 0x28, 0x8b, 0x00, 0x8b, 0xc9, 0x48,
+ 0x75, 0x80, 0x4a, 0x68, 0x3a, 0x6d, 0x96, 0x46,
+ 0x37, 0xb9, 0x68, 0x01, 0x6b, 0xeb, 0x6f, 0xa9,
+ 0xf7, 0x95, 0x35, 0x05, 0xcc, 0x06, 0x33, 0x87,
+ 0x90, 0xf0, 0x1a, 0x96, 0xac, 0xa0, 0x74, 0xf4,
+ 0x27, 0xac, 0x98, 0xcc, 0x2d, 0x3a, 0x34, 0x98,
+ 0x6f, 0xe7, 0x10, 0x47, 0xbf, 0x44, 0xbb, 0xf8,
+ 0xfb, 0x81, 0x01, 0x59, 0x1e, 0x5f, 0x76, 0xef,
+ 0x7e, 0x67, 0x3e, 0x0e, 0xc2, 0xec, 0x6b, 0x45,
+ 0x1b, 0xf5, 0x16, 0xe6, 0xfe, 0xa1, 0x40, 0xce,
+ 0x9d, 0x91, 0xed, 0xdb, 0x11, 0x7a, 0xbc, 0x0a,
+ 0xc6, 0x08, 0x74, 0x02, 0x3c, 0xc8, 0x8d, 0x98,
+ 0x3d, 0x43, 0xbf, 0xe1, 0xf6, 0x77, 0x9d, 0xb3,
+ 0x1e, 0xba, 0x68, 0x48, 0x0e, 0xef, 0xa9, 0xa0,
+ 0x5c, 0xb8, 0x1e, 0x4b, 0x9f, 0x06, 0x92, 0x21,
+ 0xbf, 0xa3, 0x6d, 0x26, 0xea, 0x5b, 0xfd, 0xb8,
+ 0x85, 0x2e, 0xfe, 0xf6, 0x94, 0x82, 0xf5, 0x93,
+ 0xe6, 0x1d, 0x12, 0x63, 0xe2, 0x62, 0x0d, 0xe2,
+ 0xe3, 0x86, 0xeb, 0x66, 0x37, 0xf9, 0xaf, 0xe5,
+ 0xaf, 0x77, 0x59, 0x6f, 0x8f, 0x66, 0x64, 0x76,
+ 0x5f, 0x78, 0x47, 0x61, 0xa2, 0x06, 0x94, 0x1d}};
+unsigned char input_data[] =
+ {0x00, 0x02, 0x08, 0x68, 0x30, 0x9a, 0x32, 0x08,
+ 0x57, 0xb0, 0x28, 0xaa, 0x76, 0x30, 0x3d, 0x84,
+ 0x5f, 0x92, 0x0d, 0x8e, 0x34, 0xe0, 0xd5, 0xcc,
+ 0x36, 0x97, 0xed, 0x00, 0x00, 0x01, 0x02, 0x03,
+ 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+ 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13,
+ 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
+ 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+ 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
+ 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
+ 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43,
+ 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b,
+ 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53,
+ 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b,
+ 0x5c, 0x5d, 0x5e, 0x5f, 0x60, 0x61, 0x62, 0x63};
+unsigned char ciphertext[6][512] =
+ /* 1024,[p>q] */{{0xb2, 0xb2, 0x82, 0xd7, 0x2c, 0x6f, 0x53, 0x29,
+ 0xee, 0x4c, 0xd1, 0x77, 0xb7, 0x13, 0xf3, 0x1c,
+ 0x51, 0x60, 0xd8, 0xa9, 0x4e, 0x52, 0x72, 0x43,
+ 0x29, 0xfa, 0x51, 0xaa, 0xd8, 0xbc, 0x31, 0x21,
+ 0xe0, 0xac, 0x9b, 0x4e, 0x00, 0x94, 0xac, 0x91,
+ 0x7f, 0x1e, 0xfd, 0xfb, 0x1c, 0xfa, 0xa8, 0xe8,
+ 0x56, 0x5a, 0x01, 0x17, 0xf1, 0x5f, 0x01, 0xba,
+ 0xcd, 0x77, 0xa1, 0x8c, 0x74, 0x8a, 0xef, 0xfa,
+ 0x64, 0x58, 0x79, 0x13, 0xaa, 0x54, 0x13, 0x2b,
+ 0xaa, 0xe7, 0xc3, 0x50, 0x3b, 0x69, 0x3b, 0x0b,
+ 0x9a, 0xa9, 0x9d, 0x15, 0x8a, 0x06, 0x45, 0x71,
+ 0x40, 0x7a, 0x80, 0x85, 0x4a, 0xbe, 0x68, 0x48,
+ 0x6c, 0xe6, 0xdd, 0x96, 0xb0, 0xdc, 0xf4, 0x23,
+ 0xa8, 0xea, 0x21, 0x9f, 0xbc, 0x6b, 0x15, 0xa4,
+ 0x87, 0x6e, 0x93, 0x56, 0xae, 0xa7, 0x17, 0x4e,
+ 0xd7, 0x14, 0xe4, 0x69, 0x04, 0xd5, 0x2e, 0x62,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 2048,[p>q] */ {0x6d, 0xdc, 0x9c, 0xba, 0xd4, 0xfa, 0xfe, 0xd0,
+ 0x85, 0xd7, 0x0a, 0xc4, 0x11, 0x02, 0x07, 0x9f,
+ 0x28, 0xd2, 0x1b, 0x1f, 0xcc, 0xbb, 0x6f, 0x66,
+ 0x3a, 0xbe, 0xcb, 0xe6, 0x20, 0xee, 0x90, 0x97,
+ 0x04, 0x2c, 0xfc, 0xb9, 0x5a, 0xd3, 0x66, 0x6a,
+ 0x73, 0x6a, 0x67, 0x27, 0xee, 0x9f, 0x90, 0xcd,
+ 0x5f, 0xce, 0xcf, 0x12, 0x4e, 0x10, 0xf2, 0x2a,
+ 0x23, 0xd1, 0x5e, 0xd4, 0xad, 0xb5, 0xc5, 0x26,
+ 0xd2, 0x2f, 0x04, 0x18, 0xb5, 0xc1, 0x52, 0xeb,
+ 0x7c, 0xd4, 0x5b, 0xe8, 0x21, 0x0a, 0x53, 0x7d,
+ 0xfe, 0x64, 0x02, 0xf1, 0xb4, 0x48, 0xf2, 0x39,
+ 0x17, 0xb7, 0x60, 0x0f, 0x22, 0x7f, 0x04, 0x78,
+ 0xf1, 0x84, 0x51, 0x47, 0xec, 0xff, 0x81, 0x27,
+ 0x47, 0x88, 0x58, 0xfa, 0x26, 0xe7, 0xc3, 0x0e,
+ 0x77, 0x81, 0xa9, 0x06, 0x8d, 0x24, 0x36, 0x58,
+ 0x61, 0xe2, 0x78, 0x37, 0xe8, 0x7c, 0x6d, 0x5b,
+ 0x77, 0xeb, 0x0a, 0x56, 0xe7, 0x25, 0x9f, 0xe8,
+ 0xc0, 0x82, 0xc3, 0xf8, 0xb8, 0x1a, 0xe3, 0x60,
+ 0x65, 0x24, 0x2e, 0x0c, 0xc2, 0x74, 0xcd, 0x2a,
+ 0x03, 0xd1, 0x66, 0x7a, 0x1c, 0xe2, 0x3d, 0xc5,
+ 0xa9, 0x78, 0x5f, 0x32, 0x96, 0x8a, 0xe4, 0x11,
+ 0x97, 0x82, 0xb9, 0x11, 0x48, 0xd5, 0x3f, 0x1b,
+ 0x4d, 0xc5, 0xf7, 0x4e, 0xe7, 0x7d, 0x5a, 0xf3,
+ 0x42, 0xff, 0xf8, 0xf6, 0x8d, 0xd2, 0x22, 0x95,
+ 0xdf, 0xf2, 0x7e, 0xfc, 0x34, 0xf4, 0x6d, 0x8e,
+ 0x37, 0x02, 0x34, 0x30, 0xf8, 0x31, 0xfb, 0xa8,
+ 0x97, 0x74, 0xac, 0xf3, 0x4a, 0x67, 0x4a, 0xee,
+ 0x12, 0xed, 0x9d, 0x19, 0xcd, 0x4a, 0xe2, 0x13,
+ 0x43, 0x25, 0xf7, 0x00, 0xd8, 0xbd, 0x91, 0xc2,
+ 0x38, 0xc4, 0x68, 0xeb, 0xb1, 0x74, 0xd0, 0x8c,
+ 0xdb, 0x76, 0x79, 0xe2, 0xd0, 0x85, 0x0d, 0x03,
+ 0xdc, 0xdc, 0x8e, 0x79, 0x7f, 0xdb, 0xea, 0x36,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 4096,[p>q] */ {0xac, 0x34, 0x9f, 0xe1, 0x4d, 0x4a, 0xf8, 0x8f,
+ 0x3a, 0xa0, 0xf5, 0x78, 0xe3, 0x30, 0x7e, 0x80,
+ 0x55, 0x7a, 0x93, 0x96, 0x47, 0xb8, 0x28, 0xc7,
+ 0x34, 0x33, 0xcf, 0x97, 0x90, 0x71, 0xbc, 0xc6,
+ 0x37, 0x13, 0x8b, 0x53, 0x41, 0x51, 0x9a, 0x2e,
+ 0x4a, 0xa0, 0x6b, 0xfc, 0xc6, 0x73, 0x0a, 0x6f,
+ 0x5c, 0x09, 0xee, 0x35, 0x9d, 0xee, 0x2a, 0xbe,
+ 0x88, 0x8a, 0xbf, 0xa0, 0x60, 0xb3, 0x4b, 0x93,
+ 0x37, 0xb7, 0xb9, 0x52, 0xd5, 0x9d, 0x2b, 0xd8,
+ 0x39, 0xfe, 0x04, 0x4a, 0x97, 0x3f, 0x4a, 0xd9,
+ 0x8b, 0x27, 0x71, 0xb3, 0xbe, 0x25, 0x43, 0xd6,
+ 0xba, 0x06, 0x6c, 0x93, 0x09, 0x27, 0xf8, 0x4f,
+ 0x9a, 0x6f, 0x97, 0x23, 0x22, 0x9e, 0x51, 0x53,
+ 0x9a, 0x4c, 0x08, 0x3a, 0x78, 0x22, 0xd5, 0x7f,
+ 0xe9, 0xb1, 0x78, 0xef, 0xdc, 0x7e, 0x0c, 0x67,
+ 0x54, 0x14, 0xdd, 0x15, 0xf5, 0xc5, 0xc6, 0x4c,
+ 0x64, 0xa4, 0x70, 0x97, 0xd5, 0xfd, 0xc6, 0x8a,
+ 0x21, 0x86, 0x70, 0x93, 0xa5, 0xaa, 0x04, 0xa4,
+ 0xa6, 0xfc, 0x8b, 0x51, 0xe8, 0x64, 0x30, 0x9d,
+ 0x5c, 0x44, 0x8d, 0xab, 0xf3, 0x1a, 0x19, 0x56,
+ 0xa7, 0x87, 0xce, 0x0b, 0xb8, 0xd1, 0x84, 0xb1,
+ 0x69, 0x39, 0x34, 0x2d, 0xeb, 0x62, 0xda, 0x46,
+ 0xc8, 0xc0, 0x98, 0x0a, 0x95, 0x43, 0xc8, 0x80,
+ 0xe3, 0x45, 0x89, 0x1e, 0x27, 0x2f, 0x8e, 0x85,
+ 0x9b, 0xf8, 0xc8, 0x76, 0x1e, 0xfa, 0x67, 0x51,
+ 0xcf, 0x4f, 0x8d, 0x07, 0xb9, 0xd6, 0x93, 0xc6,
+ 0xc3, 0xd1, 0xa6, 0x8e, 0x17, 0x94, 0x88, 0x4c,
+ 0x74, 0x48, 0x97, 0x50, 0xd0, 0x1f, 0xb0, 0x6d,
+ 0xf7, 0x2c, 0xc2, 0x01, 0x0e, 0x22, 0xa1, 0xc4,
+ 0x20, 0xfd, 0xb3, 0xde, 0x0d, 0x95, 0x0c, 0xeb,
+ 0xc2, 0x63, 0x37, 0x24, 0xb7, 0xb1, 0x90, 0x6d,
+ 0xb7, 0xda, 0x19, 0x33, 0x59, 0xd7, 0x34, 0x8d,
+ 0x72, 0xd2, 0x13, 0x4d, 0xec, 0xa8, 0xf7, 0xf3,
+ 0x62, 0x6a, 0x8a, 0x37, 0x61, 0x04, 0x57, 0x82,
+ 0x83, 0xa2, 0x5c, 0xc6, 0xd4, 0x9c, 0x29, 0x92,
+ 0xa7, 0xbe, 0xf7, 0xbb, 0x98, 0x23, 0xf8, 0xc4,
+ 0x23, 0xac, 0xbd, 0xa1, 0x6e, 0xfa, 0x45, 0xfd,
+ 0x58, 0xcc, 0x67, 0xba, 0xe3, 0xd5, 0x86, 0x35,
+ 0x75, 0x58, 0x07, 0xe9, 0x42, 0x6b, 0x2f, 0x17,
+ 0xc1, 0x64, 0x10, 0xba, 0x52, 0x37, 0xaf, 0xe0,
+ 0x36, 0x9a, 0x41, 0x06, 0xa1, 0x70, 0x12, 0x27,
+ 0xf7, 0xaa, 0xee, 0x9f, 0x9c, 0x16, 0x5d, 0x30,
+ 0xb0, 0xdd, 0x9c, 0x56, 0x8b, 0x0e, 0xbb, 0xd2,
+ 0xed, 0x36, 0xa7, 0x71, 0x77, 0xb8, 0xd4, 0xcd,
+ 0xb0, 0x38, 0x26, 0x4c, 0x10, 0x5d, 0x14, 0x5b,
+ 0x18, 0xde, 0xec, 0xda, 0x3d, 0xfe, 0x18, 0x02,
+ 0x34, 0x13, 0xdb, 0x1f, 0x74, 0xc4, 0xdd, 0xbc,
+ 0xd2, 0x1a, 0x68, 0xcf, 0x96, 0x9b, 0x4e, 0xaa,
+ 0xdd, 0x47, 0x24, 0xa4, 0x1a, 0x1d, 0x5b, 0xa1,
+ 0x8e, 0xcf, 0x4a, 0x51, 0x0a, 0x7b, 0x24, 0xfc,
+ 0x54, 0x20, 0x31, 0x5a, 0x97, 0x42, 0x9d, 0x36,
+ 0x84, 0x07, 0x89, 0x3e, 0x39, 0x34, 0x5e, 0x40,
+ 0xae, 0xe7, 0xf8, 0x82, 0xd7, 0xb3, 0xa9, 0x25,
+ 0xfe, 0xc5, 0x45, 0xd5, 0xde, 0x6f, 0x02, 0x61,
+ 0x25, 0x12, 0x90, 0xfe, 0xe7, 0x10, 0x1d, 0x60,
+ 0x55, 0xf8, 0xd2, 0xff, 0x26, 0xb3, 0xbb, 0xea,
+ 0xb7, 0x6d, 0x14, 0xd9, 0x54, 0xef, 0xc3, 0x5f,
+ 0x73, 0x46, 0xdc, 0xd1, 0xfa, 0xd8, 0x31, 0xc6,
+ 0xff, 0xd8, 0xc7, 0xf7, 0x84, 0xc0, 0x87, 0x70,
+ 0x97, 0xab, 0xdf, 0xa7, 0x8c, 0x0b, 0xf1, 0xcf,
+ 0x81, 0x2a, 0xce, 0xf2, 0x02, 0xfd, 0x41, 0xb2,
+ 0x54, 0x9f, 0x49, 0x17, 0xe7, 0xbb, 0xa5, 0x37,
+ 0x6e, 0x4d, 0xeb, 0x2b, 0x62, 0x1c, 0x36, 0xb3,
+ 0x01, 0x86, 0x45, 0x82, 0xc1, 0x4f, 0x60, 0x77},
+ /* 1024,[p<q] */ {0xb2, 0xb2, 0x82, 0xd7, 0x2c, 0x6f, 0x53, 0x29,
+ 0xee, 0x4c, 0xd1, 0x77, 0xb7, 0x13, 0xf3, 0x1c,
+ 0x51, 0x60, 0xd8, 0xa9, 0x4e, 0x52, 0x72, 0x43,
+ 0x29, 0xfa, 0x51, 0xaa, 0xd8, 0xbc, 0x31, 0x21,
+ 0xe0, 0xac, 0x9b, 0x4e, 0x00, 0x94, 0xac, 0x91,
+ 0x7f, 0x1e, 0xfd, 0xfb, 0x1c, 0xfa, 0xa8, 0xe8,
+ 0x56, 0x5a, 0x01, 0x17, 0xf1, 0x5f, 0x01, 0xba,
+ 0xcd, 0x77, 0xa1, 0x8c, 0x74, 0x8a, 0xef, 0xfa,
+ 0x64, 0x58, 0x79, 0x13, 0xaa, 0x54, 0x13, 0x2b,
+ 0xaa, 0xe7, 0xc3, 0x50, 0x3b, 0x69, 0x3b, 0x0b,
+ 0x9a, 0xa9, 0x9d, 0x15, 0x8a, 0x06, 0x45, 0x71,
+ 0x40, 0x7a, 0x80, 0x85, 0x4a, 0xbe, 0x68, 0x48,
+ 0x6c, 0xe6, 0xdd, 0x96, 0xb0, 0xdc, 0xf4, 0x23,
+ 0xa8, 0xea, 0x21, 0x9f, 0xbc, 0x6b, 0x15, 0xa4,
+ 0x87, 0x6e, 0x93, 0x56, 0xae, 0xa7, 0x17, 0x4e,
+ 0xd7, 0x14, 0xe4, 0x69, 0x04, 0xd5, 0x2e, 0x62,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 2048,[p<q] */ {0x6d, 0xdc, 0x9c, 0xba, 0xd4, 0xfa, 0xfe, 0xd0,
+ 0x85, 0xd7, 0x0a, 0xc4, 0x11, 0x02, 0x07, 0x9f,
+ 0x28, 0xd2, 0x1b, 0x1f, 0xcc, 0xbb, 0x6f, 0x66,
+ 0x3a, 0xbe, 0xcb, 0xe6, 0x20, 0xee, 0x90, 0x97,
+ 0x04, 0x2c, 0xfc, 0xb9, 0x5a, 0xd3, 0x66, 0x6a,
+ 0x73, 0x6a, 0x67, 0x27, 0xee, 0x9f, 0x90, 0xcd,
+ 0x5f, 0xce, 0xcf, 0x12, 0x4e, 0x10, 0xf2, 0x2a,
+ 0x23, 0xd1, 0x5e, 0xd4, 0xad, 0xb5, 0xc5, 0x26,
+ 0xd2, 0x2f, 0x04, 0x18, 0xb5, 0xc1, 0x52, 0xeb,
+ 0x7c, 0xd4, 0x5b, 0xe8, 0x21, 0x0a, 0x53, 0x7d,
+ 0xfe, 0x64, 0x02, 0xf1, 0xb4, 0x48, 0xf2, 0x39,
+ 0x17, 0xb7, 0x60, 0x0f, 0x22, 0x7f, 0x04, 0x78,
+ 0xf1, 0x84, 0x51, 0x47, 0xec, 0xff, 0x81, 0x27,
+ 0x47, 0x88, 0x58, 0xfa, 0x26, 0xe7, 0xc3, 0x0e,
+ 0x77, 0x81, 0xa9, 0x06, 0x8d, 0x24, 0x36, 0x58,
+ 0x61, 0xe2, 0x78, 0x37, 0xe8, 0x7c, 0x6d, 0x5b,
+ 0x77, 0xeb, 0x0a, 0x56, 0xe7, 0x25, 0x9f, 0xe8,
+ 0xc0, 0x82, 0xc3, 0xf8, 0xb8, 0x1a, 0xe3, 0x60,
+ 0x65, 0x24, 0x2e, 0x0c, 0xc2, 0x74, 0xcd, 0x2a,
+ 0x03, 0xd1, 0x66, 0x7a, 0x1c, 0xe2, 0x3d, 0xc5,
+ 0xa9, 0x78, 0x5f, 0x32, 0x96, 0x8a, 0xe4, 0x11,
+ 0x97, 0x82, 0xb9, 0x11, 0x48, 0xd5, 0x3f, 0x1b,
+ 0x4d, 0xc5, 0xf7, 0x4e, 0xe7, 0x7d, 0x5a, 0xf3,
+ 0x42, 0xff, 0xf8, 0xf6, 0x8d, 0xd2, 0x22, 0x95,
+ 0xdf, 0xf2, 0x7e, 0xfc, 0x34, 0xf4, 0x6d, 0x8e,
+ 0x37, 0x02, 0x34, 0x30, 0xf8, 0x31, 0xfb, 0xa8,
+ 0x97, 0x74, 0xac, 0xf3, 0x4a, 0x67, 0x4a, 0xee,
+ 0x12, 0xed, 0x9d, 0x19, 0xcd, 0x4a, 0xe2, 0x13,
+ 0x43, 0x25, 0xf7, 0x00, 0xd8, 0xbd, 0x91, 0xc2,
+ 0x38, 0xc4, 0x68, 0xeb, 0xb1, 0x74, 0xd0, 0x8c,
+ 0xdb, 0x76, 0x79, 0xe2, 0xd0, 0x85, 0x0d, 0x03,
+ 0xdc, 0xdc, 0x8e, 0x79, 0x7f, 0xdb, 0xea, 0x36,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* 4096,[p<q] */ {0xac, 0x34, 0x9f, 0xe1, 0x4d, 0x4a, 0xf8, 0x8f,
+ 0x3a, 0xa0, 0xf5, 0x78, 0xe3, 0x30, 0x7e, 0x80,
+ 0x55, 0x7a, 0x93, 0x96, 0x47, 0xb8, 0x28, 0xc7,
+ 0x34, 0x33, 0xcf, 0x97, 0x90, 0x71, 0xbc, 0xc6,
+ 0x37, 0x13, 0x8b, 0x53, 0x41, 0x51, 0x9a, 0x2e,
+ 0x4a, 0xa0, 0x6b, 0xfc, 0xc6, 0x73, 0x0a, 0x6f,
+ 0x5c, 0x09, 0xee, 0x35, 0x9d, 0xee, 0x2a, 0xbe,
+ 0x88, 0x8a, 0xbf, 0xa0, 0x60, 0xb3, 0x4b, 0x93,
+ 0x37, 0xb7, 0xb9, 0x52, 0xd5, 0x9d, 0x2b, 0xd8,
+ 0x39, 0xfe, 0x04, 0x4a, 0x97, 0x3f, 0x4a, 0xd9,
+ 0x8b, 0x27, 0x71, 0xb3, 0xbe, 0x25, 0x43, 0xd6,
+ 0xba, 0x06, 0x6c, 0x93, 0x09, 0x27, 0xf8, 0x4f,
+ 0x9a, 0x6f, 0x97, 0x23, 0x22, 0x9e, 0x51, 0x53,
+ 0x9a, 0x4c, 0x08, 0x3a, 0x78, 0x22, 0xd5, 0x7f,
+ 0xe9, 0xb1, 0x78, 0xef, 0xdc, 0x7e, 0x0c, 0x67,
+ 0x54, 0x14, 0xdd, 0x15, 0xf5, 0xc5, 0xc6, 0x4c,
+ 0x64, 0xa4, 0x70, 0x97, 0xd5, 0xfd, 0xc6, 0x8a,
+ 0x21, 0x86, 0x70, 0x93, 0xa5, 0xaa, 0x04, 0xa4,
+ 0xa6, 0xfc, 0x8b, 0x51, 0xe8, 0x64, 0x30, 0x9d,
+ 0x5c, 0x44, 0x8d, 0xab, 0xf3, 0x1a, 0x19, 0x56,
+ 0xa7, 0x87, 0xce, 0x0b, 0xb8, 0xd1, 0x84, 0xb1,
+ 0x69, 0x39, 0x34, 0x2d, 0xeb, 0x62, 0xda, 0x46,
+ 0xc8, 0xc0, 0x98, 0x0a, 0x95, 0x43, 0xc8, 0x80,
+ 0xe3, 0x45, 0x89, 0x1e, 0x27, 0x2f, 0x8e, 0x85,
+ 0x9b, 0xf8, 0xc8, 0x76, 0x1e, 0xfa, 0x67, 0x51,
+ 0xcf, 0x4f, 0x8d, 0x07, 0xb9, 0xd6, 0x93, 0xc6,
+ 0xc3, 0xd1, 0xa6, 0x8e, 0x17, 0x94, 0x88, 0x4c,
+ 0x74, 0x48, 0x97, 0x50, 0xd0, 0x1f, 0xb0, 0x6d,
+ 0xf7, 0x2c, 0xc2, 0x01, 0x0e, 0x22, 0xa1, 0xc4,
+ 0x20, 0xfd, 0xb3, 0xde, 0x0d, 0x95, 0x0c, 0xeb,
+ 0xc2, 0x63, 0x37, 0x24, 0xb7, 0xb1, 0x90, 0x6d,
+ 0xb7, 0xda, 0x19, 0x33, 0x59, 0xd7, 0x34, 0x8d,
+ 0x72, 0xd2, 0x13, 0x4d, 0xec, 0xa8, 0xf7, 0xf3,
+ 0x62, 0x6a, 0x8a, 0x37, 0x61, 0x04, 0x57, 0x82,
+ 0x83, 0xa2, 0x5c, 0xc6, 0xd4, 0x9c, 0x29, 0x92,
+ 0xa7, 0xbe, 0xf7, 0xbb, 0x98, 0x23, 0xf8, 0xc4,
+ 0x23, 0xac, 0xbd, 0xa1, 0x6e, 0xfa, 0x45, 0xfd,
+ 0x58, 0xcc, 0x67, 0xba, 0xe3, 0xd5, 0x86, 0x35,
+ 0x75, 0x58, 0x07, 0xe9, 0x42, 0x6b, 0x2f, 0x17,
+ 0xc1, 0x64, 0x10, 0xba, 0x52, 0x37, 0xaf, 0xe0,
+ 0x36, 0x9a, 0x41, 0x06, 0xa1, 0x70, 0x12, 0x27,
+ 0xf7, 0xaa, 0xee, 0x9f, 0x9c, 0x16, 0x5d, 0x30,
+ 0xb0, 0xdd, 0x9c, 0x56, 0x8b, 0x0e, 0xbb, 0xd2,
+ 0xed, 0x36, 0xa7, 0x71, 0x77, 0xb8, 0xd4, 0xcd,
+ 0xb0, 0x38, 0x26, 0x4c, 0x10, 0x5d, 0x14, 0x5b,
+ 0x18, 0xde, 0xec, 0xda, 0x3d, 0xfe, 0x18, 0x02,
+ 0x34, 0x13, 0xdb, 0x1f, 0x74, 0xc4, 0xdd, 0xbc,
+ 0xd2, 0x1a, 0x68, 0xcf, 0x96, 0x9b, 0x4e, 0xaa,
+ 0xdd, 0x47, 0x24, 0xa4, 0x1a, 0x1d, 0x5b, 0xa1,
+ 0x8e, 0xcf, 0x4a, 0x51, 0x0a, 0x7b, 0x24, 0xfc,
+ 0x54, 0x20, 0x31, 0x5a, 0x97, 0x42, 0x9d, 0x36,
+ 0x84, 0x07, 0x89, 0x3e, 0x39, 0x34, 0x5e, 0x40,
+ 0xae, 0xe7, 0xf8, 0x82, 0xd7, 0xb3, 0xa9, 0x25,
+ 0xfe, 0xc5, 0x45, 0xd5, 0xde, 0x6f, 0x02, 0x61,
+ 0x25, 0x12, 0x90, 0xfe, 0xe7, 0x10, 0x1d, 0x60,
+ 0x55, 0xf8, 0xd2, 0xff, 0x26, 0xb3, 0xbb, 0xea,
+ 0xb7, 0x6d, 0x14, 0xd9, 0x54, 0xef, 0xc3, 0x5f,
+ 0x73, 0x46, 0xdc, 0xd1, 0xfa, 0xd8, 0x31, 0xc6,
+ 0xff, 0xd8, 0xc7, 0xf7, 0x84, 0xc0, 0x87, 0x70,
+ 0x97, 0xab, 0xdf, 0xa7, 0x8c, 0x0b, 0xf1, 0xcf,
+ 0x81, 0x2a, 0xce, 0xf2, 0x02, 0xfd, 0x41, 0xb2,
+ 0x54, 0x9f, 0x49, 0x17, 0xe7, 0xbb, 0xa5, 0x37,
+ 0x6e, 0x4d, 0xeb, 0x2b, 0x62, 0x1c, 0x36, 0xb3,
+ 0x01, 0x86, 0x45, 0x82, 0xc1, 0x4f, 0x60, 0x77}};
diff --git a/src/tests/libica_sha1_test.c b/src/tests/libica_sha1_test.c
new file mode 100644
index 0000000..da73aef
--- /dev/null
+++ b/src/tests/libica_sha1_test.c
@@ -0,0 +1,220 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2001, 2009, 2011 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include "ica_api.h"
+#define NUM_FIPS_TESTS 4
+unsigned char FIPS_TEST_DATA[NUM_FIPS_TESTS][64] = {
+ // Test 0: NULL
+ { 0x00 },
+ // Test 1: "abc"
+ { 0x61,0x62,0x63 },
+ // Test 2: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ {
+ },
+ // Test 3: 1,000,000 'a' -- don't actually use this... see the special case
+ // in the loop below.
+ {
+ },
+ // Test 0: NULL
+ 0,
+ // Test 1: "abc"
+ 3,
+ // Test 2: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ 56,
+ // Test 3: 1,000,000 'a'
+ 1000000,
+ // Hash for test 0: NULL
+ {
+ },
+ // Hash for test 1: "abc"
+ {
+ },
+ // Hash for test 2: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ {
+ },
+ // Hash for test 3: 1,000,000 'a'
+ {
+ },
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1, trunc = 0;
+ if (size > 64) {
+ trunc = size - 64;
+ size = 64;
+ }
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < ptr_end) {
+ printf("0x%02x ", *h);
+ h++;
+ if (i == 8) {
+ if (h != ptr_end)
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+ if (trunc > 0)
+ printf("... %d bytes not printed\n", trunc);
+int new_api_sha_test(void)
+ printf("Test of new sha api\n");
+ sha_context_t sha_context;
+ int rc = 0, i = 0;
+ unsigned char input_data[1000000];
+ unsigned int output_hash_length = LENGTH_SHA_HASH;
+ unsigned char output_hash[LENGTH_SHA_HASH];
+ for (i = 0; i < NUM_FIPS_TESTS; i++) {
+ // Test 3 is a special one, because we want to keep the size of the
+ // executable down, so we build it special, instead of using a static
+ if (i != 3)
+ memcpy(input_data, FIPS_TEST_DATA[i], FIPS_TEST_DATA_SIZE[i]);
+ else
+ memset(input_data, 'a', FIPS_TEST_DATA_SIZE[i]);
+ printf("\nOriginal data for test %d:\n", i);
+ dump_array(input_data, FIPS_TEST_DATA_SIZE[i]);
+ rc = ica_sha1(SHA_MSG_PART_ONLY, FIPS_TEST_DATA_SIZE[i], input_data,
+ &sha_context, output_hash);
+ if (rc != 0) {
+ printf("icaSha1 failed with errno %d (0x%x).\n", rc, rc);
+ return rc;
+ }
+ printf("\nOutput hash for test %d:\n", i);
+ dump_array(output_hash, output_hash_length);
+ if (memcmp(output_hash, FIPS_TEST_RESULT[i], LENGTH_SHA_HASH) != 0)
+ printf("This does NOT match the known result.\n");
+ else
+ printf("Yep, it's what it should be.\n");
+ }
+ // This test is the same as test 3, except that we use the SHA_CONTEXT
+ // and break it into calls of 1024 bytes each.
+ printf("\nOriginal data for test 3(chunks = 1024) is calls of 1024"
+ "'a's at a time\n");
+ while (i > 0) {
+ unsigned int sha_message_part;
+ memset(input_data, 'a', 1024);
+ if (i == FIPS_TEST_DATA_SIZE[3])
+ sha_message_part = SHA_MSG_PART_FIRST;
+ else if (i <= 1024)
+ sha_message_part = SHA_MSG_PART_FINAL;
+ else
+ sha_message_part = SHA_MSG_PART_MIDDLE;
+ rc = ica_sha1(sha_message_part, (i < 1024) ? i : 1024,
+ input_data, &sha_context, output_hash);
+ if (rc != 0) {
+ printf("ica_sha1 failed with errno %d (0x%x) on"
+ " iteration %d.\n", rc, rc, i);
+ return rc;
+ }
+ i -= 1024;
+ }
+ printf("\nOutput hash for test 3(chunks = 1024):\n");
+ dump_array(output_hash, output_hash_length);
+ if (memcmp(output_hash, FIPS_TEST_RESULT[3], LENGTH_SHA_HASH) != 0)
+ printf("This does NOT match the known result.\n");
+ else
+ printf("Yep, it's what it should be.\n");
+ // This test is the same as test 3, except that we use the SHA_CONTEXT
+ // and break it into calls of 64 bytes each.
+ printf("\nOriginal data for test 3(chunks = 64) is calls of 64 'a's at"
+ "a time\n");
+ while (i > 0) {
+ unsigned int sha_message_part;
+ memset(input_data, 'a', 64);
+ if (i == FIPS_TEST_DATA_SIZE[3])
+ sha_message_part = SHA_MSG_PART_FIRST;
+ else if (i <= 64)
+ sha_message_part = SHA_MSG_PART_FINAL;
+ else
+ sha_message_part = SHA_MSG_PART_MIDDLE;
+ rc = ica_sha1(sha_message_part, (i < 64) ? i : 64, input_data,
+ &sha_context, output_hash);
+ if (rc != 0) {
+ printf("ica_sha1 failed with errno %d (0x%x) on"
+ " iteration %d.\n", rc, rc, i);
+ return rc;
+ }
+ i -= 64;
+ }
+ printf("\nOutput hash for test 3(chunks = 64):\n");
+ dump_array(output_hash, output_hash_length);
+ if (memcmp(output_hash, FIPS_TEST_RESULT[3], LENGTH_SHA_HASH) != 0)
+ printf("This does NOT match the known result.\n");
+ else
+ printf("Yep, it's what it should be.\n");
+ printf("\nAll SHA1 tests completed successfully\n");
+ return 0;
+int main(int argc, char **argv)
+ int rc = 0;
+ rc = new_api_sha_test();
+ if (rc) {
+ printf("new_api_sha_test failed with rc = %i\n", rc);
+ return rc;
+ }
+ return 0;
diff --git a/src/tests/libica_sha256_test.c b/src/tests/libica_sha256_test.c
new file mode 100644
index 0000000..91ef7d3
--- /dev/null
+++ b/src/tests/libica_sha256_test.c
@@ -0,0 +1,209 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+/* Copyright IBM Corp. 2005, 2009, 2011 */
+/* (C) COPYRIGHT International Business Machines Corp. 2005, 2009 */
+#include <fcntl.h>
+#include <sys/errno.h>
+#include <stdio.h>
+#include <string.h>
+#include "ica_api.h"
+#define NUM_FIPS_TESTS 3
+unsigned char FIPS_TEST_DATA[NUM_FIPS_TESTS][64] = {
+ // Test 0: "abc"
+ { 0x61,0x62,0x63 },
+ // Test 1: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ {
+ },
+ // Test 2: 1,000,000 'a' -- don't actually use this... see the special case
+ // in the loop below.
+ {
+ },
+ // Test 0: "abc"
+ 3,
+ // Test 1: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ 56,
+ // Test 2: 1,000,000 'a'
+ 1000000,
+ // Hash for test 0: "abc"
+ {
+ },
+ // Hash for test 1: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ {
+ },
+ // Hash for test 2: 1,000,000 'a'
+ {
+ },
+void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1, trunc = 0;
+ if (size > 64) {
+ trunc = size - 64;
+ size = 64;
+ }
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < ptr_end) {
+ printf("0x%02x ", *h);
+ h++;
+ if (i == 8) {
+ if (h != ptr_end)
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+ if (trunc > 0)
+ printf("... %d bytes not printed\n", trunc);
+int new_api_sha256_test(void)
+ sha256_context_t sha256_context;
+ int rc = 0, i = 0;
+ unsigned char input_data[1000000];
+ unsigned int output_hash_length = LENGTH_SHA256_HASH;
+ unsigned char output_hash[LENGTH_SHA256_HASH];
+ for (i = 0; i < NUM_FIPS_TESTS; i++) {
+ // Test 2 is a special one, because we want to keep the size of the
+ // executable down, so we build it special, instead of using a static
+ if (i != 2)
+ memcpy(input_data, FIPS_TEST_DATA[i], FIPS_TEST_DATA_SIZE[i]);
+ else
+ memset(input_data, 'a', FIPS_TEST_DATA_SIZE[i]);
+ printf("\nOriginal data for test %d:\n", i);
+ dump_array(input_data, FIPS_TEST_DATA_SIZE[i]);
+ rc = ica_sha256(SHA_MSG_PART_ONLY, FIPS_TEST_DATA_SIZE[i], input_data,
+ &sha256_context, output_hash);
+ if (rc != 0) {
+ printf("icaSha256 failed with errno %d (0x%x).\n", rc, rc);
+ return rc;
+ }
+ printf("\nOutput hash for test %d:\n", i);
+ dump_array(output_hash, output_hash_length);
+ if (memcmp(output_hash, FIPS_TEST_RESULT[i], LENGTH_SHA256_HASH) != 0)
+ printf("This does NOT match the known result.\n");
+ else
+ printf("Yep, it's what it should be.\n");
+ }
+ // This test is the same as test 2, except that we use the SHA256_CONTEXT and
+ // break it into calls of 1024 bytes each.
+ printf("\nOriginal data for test 2(chunks = 1024) is calls of 1024"
+ " 'a's at a time\n");
+ while (i > 0) {
+ unsigned int sha_message_part;
+ memset(input_data, 'a', 1024);
+ if (i == FIPS_TEST_DATA_SIZE[2])
+ sha_message_part = SHA_MSG_PART_FIRST;
+ else if (i <= 1024)
+ sha_message_part = SHA_MSG_PART_FINAL;
+ else
+ sha_message_part = SHA_MSG_PART_MIDDLE;
+ rc = ica_sha256(sha_message_part, (i < 1024) ? i : 1024,
+ input_data, &sha256_context, output_hash);
+ if (rc != 0) {
+ printf("ica_sha256 failed with errno %d (0x%x) on"
+ " iteration %d.\n", rc, rc, i);
+ return rc;
+ }
+ i -= 1024;
+ }
+ printf("\nOutput hash for test 2(chunks = 1024):\n");
+ dump_array(output_hash, output_hash_length);
+ if (memcmp(output_hash, FIPS_TEST_RESULT[2], LENGTH_SHA256_HASH) != 0)
+ printf("This does NOT match the known result.\n");
+ else
+ printf("Yep, it's what it should be.\n");
+ // This test is the same as test 2, except that we use the
+ // SHA256_CONTEXT and break it into calls of 64 bytes each.
+ printf("\nOriginal data for test 2(chunks = 64) is calls of 64 'a's at"
+ " a time\n");
+ while (i > 0) {
+ unsigned int sha_message_part;
+ memset(input_data, 'a', 64);
+ if (i == FIPS_TEST_DATA_SIZE[2])
+ sha_message_part = SHA_MSG_PART_FIRST;
+ else if (i <= 64)
+ sha_message_part = SHA_MSG_PART_FINAL;
+ else
+ sha_message_part = SHA_MSG_PART_MIDDLE;
+ rc = ica_sha256(sha_message_part, (i < 64) ? i : 64,
+ input_data, &sha256_context, output_hash);
+ if (rc != 0) {
+ printf("ica_sha256 failed with errno %d (0x%x) on iteration"
+ " %d.\n", rc, rc, i);
+ return rc;
+ }
+ i -= 64;
+ }
+ printf("\nOutput hash for test 2(chunks = 64):\n");
+ dump_array(output_hash, output_hash_length);
+ if (memcmp(output_hash, FIPS_TEST_RESULT[2], LENGTH_SHA256_HASH) != 0)
+ printf("This does NOT match the known result.\n");
+ else
+ printf("Yep, it's what it should be.\n");
+ printf("\nAll SHA256 tests completed successfully\n");
+ return 0;
+int main(int argc, char **argv)
+ int rc = 0;
+ rc = new_api_sha256_test();
+ if (rc) {
+ printf("new_api_sha256_test: returned rc = %i\n", rc);
+ return rc;
+ }
+ return rc;
diff --git a/src/tests/libica_sha_test/ b/src/tests/libica_sha_test/
new file mode 100644
index 0000000..b6b4fc4
--- /dev/null
+++ b/src/tests/libica_sha_test/
@@ -0,0 +1,26 @@
+OPTS = -O0 -g -Wall -D_LINUX_S390_
+LIBS = -L../../.libs
+INCLUDE = -I. -I./include -I../../../include
+SOURCES = libica_sha_test.c queue_t.c sha_tests.c read_rsp.c
+CC = gcc
+FILES = libica_sha_test.c~ \
+ libica_sha_test.o \
+ queue_t.c~ \
+ queue_t.o \
+ include/queue_t.h~ \
+ sha_tests.c~ \
+ sha_tests.o \
+ include/sha_tests.h~ \
+ read_rsp.c~ \
+ include/read_rsp.h~ \
+ include/critical_error.h~
+ $(CC) $(OPTS) -o libica_sha_test $(SOURCES) $(LIBS) $(INCLUDE) -lica -lcrypto
+ rm -f libica_sha_test
+ rm -f Makefile
+ rm -f $(FILES)
diff --git a/src/tests/libica_sha_test/README b/src/tests/libica_sha_test/README
new file mode 100644
index 0000000..a2c8163
--- /dev/null
+++ b/src/tests/libica_sha_test/README
@@ -0,0 +1,5 @@
+usage: libica_sha_test filelist
+test for old and new libica api for sha1/224/256/384/512
+test vectors are read from .rsp files and put in the queue
+the included .rsp files are obtained from nist:
diff --git a/src/tests/libica_sha_test/include/critical_error.h b/src/tests/libica_sha_test/include/critical_error.h
new file mode 100644
index 0000000..18891a2
--- /dev/null
+++ b/src/tests/libica_sha_test/include/critical_error.h
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <stdlib.h>
+/* terminate on critical error */
+#define CRITICAL_ERROR(msg) \
+do { \
+ fprintf(stderr, "critical error in %s: " msg "\n",__func__); \
+ exit(EXIT_FAILURE); \
+} while(0)
diff --git a/src/tests/libica_sha_test/include/queue_t.h b/src/tests/libica_sha_test/include/queue_t.h
new file mode 100644
index 0000000..1ba9295
--- /dev/null
+++ b/src/tests/libica_sha_test/include/queue_t.h
@@ -0,0 +1,33 @@
+#ifndef QUEUE_T_H
+#define QUEUE_T_H
+#define NO_TYPE_SET 0
+#define NO_LENGTH_SET 0
+/* type: NO_TYPE_SET, SHA1, SHA224, SHA256, SHA384, SHA512
+ * */
+typedef struct test_t {
+ unsigned int type;
+ unsigned char *msg;
+ unsigned int msg_length;
+ unsigned char *msg_digest;
+ unsigned int msg_digest_length;
+ struct test_t *next;
+} test_t;
+test_t new_test_t(void);
+typedef struct queue_t {
+ unsigned int size;
+ unsigned int passed;
+ unsigned int failed;
+ test_t *head;
+ test_t *tail;
+} queue_t;
+queue_t new_queue_t(void);
+void push(queue_t * queue, test_t test);
diff --git a/src/tests/libica_sha_test/include/read_rsp.h b/src/tests/libica_sha_test/include/read_rsp.h
new file mode 100644
index 0000000..b4746af
--- /dev/null
+++ b/src/tests/libica_sha_test/include/read_rsp.h
@@ -0,0 +1,14 @@
+#ifndef READ_RSP_H
+#define READ_RSP_H
+#include <stdio.h>
+#include "queue_t.h"
+#define BUFFER_SIZE 32768
+extern queue_t queue;
+/* read test data from .rsp file into queue */
+int read_test_data(FILE * test_data);
diff --git a/src/tests/libica_sha_test/include/sha_tests.h b/src/tests/libica_sha_test/include/sha_tests.h
new file mode 100644
index 0000000..239f3de
--- /dev/null
+++ b/src/tests/libica_sha_test/include/sha_tests.h
@@ -0,0 +1,22 @@
+#ifndef SHA_TESTS_H
+#define SHA_TESTS_H
+#include "queue_t.h"
+int sha1_old_api_test(test_t * test);
+int sha1_new_api_test(test_t * test);
+int sha224_old_api_test(test_t * test);
+int sha224_new_api_test(test_t * test);
+int sha256_old_api_test(test_t * test);
+int sha256_new_api_test(test_t * test);
+int sha384_old_api_test(test_t * test);
+int sha384_new_api_test(test_t * test);
+int sha512_old_api_test(test_t * test);
+int sha512_new_api_test(test_t * test);
+int silent;
diff --git a/src/tests/libica_sha_test/libica_sha_test.c b/src/tests/libica_sha_test/libica_sha_test.c
new file mode 100644
index 0000000..7e6adc3
--- /dev/null
+++ b/src/tests/libica_sha_test/libica_sha_test.c
@@ -0,0 +1,115 @@
+ * usage: libica_sha_test filelist
+ * test for old and new libica api for sha1/224/256/384/512
+ * test vectors are read from .rsp files and put in the queue
+ * the included .rsp files are obtained from nist:
+ *
+ */
+#include <stdlib.h>
+#include <string.h>
+#include "ica_api.h"
+#include "sha_tests.h"
+#include "read_rsp.h"
+#include "queue_t.h"
+#include "critical_error.h"
+queue_t queue;
+int main(int argc, char *argv[])
+ test_t *curr_test;
+ FILE *test_data;
+ int i, rc, first = 1;
+ queue = new_queue_t();
+ if (argc < 2) {
+ printf("error: no input files.\n");
+ }
+ if (argv[1]) {
+ if (strstr(argv[1], "silent")) {
+ silent = 1; first = 2;
+ }
+ }
+ /* read test vectors from .rsp file(s) and put on queue */
+ for (i = first; i < argc; i++) {
+ if ((test_data = fopen(argv[i], "r")) != NULL) {
+ //printf("reading test data from %s ... ", argv[i]);
+ if (read_test_data(test_data) == EXIT_SUCCESS)
+ // printf("done.\n");
+ if ((fclose(test_data)) == EOF)
+ printf("error: couldn't close file %s.\n",
+ argv[i]);
+ } else
+ printf("error: couldn't open file %s.\n", argv[i]);
+ }
+ if (!silent) {
+ printf("%u test vectors found.\n", queue.size);
+ }
+ if (queue.size > 0)
+ if (!silent) {
+ printf("starting tests ...\n\n");
+ }
+ /* run each test in queue with new and old api */
+ for (curr_test = queue.head, i = 1; curr_test != NULL;
+ curr_test = curr_test->next, i++) {
+ if (!silent)
+ printf("test #%d : %u byte input message, ", i,
+ curr_test->msg_length);
+ switch (curr_test->type) {
+ case SHA1:
+ if (!silent)
+ printf("SHA1 ...\n");
+ rc = sha1_new_api_test(curr_test);
+ break;
+ case SHA224:
+ if (!silent)
+ printf("SHA224 ...\n");
+ rc = sha224_new_api_test(curr_test);
+ break;
+ case SHA256:
+ if (!silent)
+ printf("SHA256 ...\n");
+ rc = sha256_new_api_test(curr_test);
+ break;
+ case SHA384:
+ if (!silent)
+ printf("SHA384 ...\n");
+ rc = sha384_new_api_test(curr_test);
+ break;
+ case SHA512:
+ if (!silent)
+ printf("SHA512 ...\n");
+ rc = sha512_new_api_test(curr_test);
+ break;
+ default:
+ CRITICAL_ERROR("Unknown algorithm.\n");
+ rc = -1;
+ break;
+ }
+ if (!rc) {
+ if (!silent)
+ printf("... Passed.\n");
+ queue.passed++;
+ }
+ else {
+ printf("error: (%x).\n", rc);
+ queue.failed++;
+ }
+ }
+ if (!silent) {
+ printf("[SHA test case results: tests: %u, passed: %u, failed: %u]\n",
+ queue.passed + queue.failed, queue.passed, queue.failed);
+ }
+ else {
+ if (queue.failed == 0)
+ printf("All SHA testcases finished successfully\n");
+ else
+ printf("SHA testcases failed\n");
+ }
+ return EXIT_SUCCESS;
diff --git a/src/tests/libica_sha_test/queue_t.c b/src/tests/libica_sha_test/queue_t.c
new file mode 100644
index 0000000..4df26bc
--- /dev/null
+++ b/src/tests/libica_sha_test/queue_t.c
@@ -0,0 +1,60 @@
+#include <stdlib.h>
+#include <string.h>
+#include "queue_t.h"
+#include "critical_error.h"
+test_t new_test_t(void)
+ test_t test;
+ test.type = NO_TYPE_SET;
+ test.msg = NULL;
+ test.msg_length = 0;
+ test.msg_digest = NULL;
+ test.msg_digest_length = 0;
+ = NULL;
+ return test;
+queue_t new_queue_t(void)
+ queue_t queue;
+ queue.size = 0;
+ queue.passed = 0;
+ queue.failed = 0;
+ queue.head = NULL;
+ queue.tail = NULL;
+ return queue;
+void push(queue_t * queue, test_t test)
+ test_t *new_test;
+ if ((new_test = (test_t *) malloc(sizeof(test_t))) == NULL)
+ CRITICAL_ERROR("out of memory.");
+ new_test->type = test.type;
+ new_test->msg_length = test.msg_length;
+ new_test->msg_digest_length = test.msg_digest_length;
+ new_test->msg = (unsigned char *)malloc((size_t) test.msg_length);
+ memcpy(new_test->msg, test.msg, (size_t) test.msg_length);
+ new_test->msg_digest =
+ (unsigned char *)malloc((size_t) test.msg_digest_length);
+ memcpy(new_test->msg_digest, test.msg_digest,
+ (size_t) test.msg_digest_length);
+ new_test->next = NULL;
+ if (queue->head == NULL)
+ queue->head = new_test;
+ else
+ queue->tail->next = new_test;
+ queue->tail = new_test;
+ queue->size++;
diff --git a/src/tests/libica_sha_test/read_rsp.c b/src/tests/libica_sha_test/read_rsp.c
new file mode 100644
index 0000000..ae2c9d6
--- /dev/null
+++ b/src/tests/libica_sha_test/read_rsp.c
@@ -0,0 +1,200 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "ica_api.h"
+#include "queue_t.h"
+#include "critical_error.h"
+#include "read_rsp.h"
+static int line_to_bytes(char *line, int length);
+int read_test_data(FILE * test_data)
+ char buffer[BUFFER_SIZE];
+ enum { MSG_LENGTH, MSG, MSG_DIGEST } search_term;
+ test_t tmp_test = new_test_t();
+ unsigned int current_type = NO_TYPE_SET;
+ unsigned int current_msg_digest_length = NO_LENGTH_SET;
+ unsigned int line_number = 0;
+ char *tmp = NULL;
+ search_term = MSG_LENGTH;
+ while (fgets(buffer, (int)sizeof buffer, test_data) != NULL) {
+ line_number++;
+ /* remove comments */
+ if ((tmp = memchr(buffer, (int)'#', strlen(buffer))) != NULL)
+ memset(tmp, 0, strlen(tmp));
+ /* scan for: type/msg_digest_length */
+ if (((sscanf(buffer, "[L = %u]", &current_msg_digest_length))
+ == 1)
+ || (current_type == NO_TYPE_SET)) {
+ if (tmp_test.type != NO_TYPE_SET) {
+ printf
+ ("error:\nincorrect file format [line %u]: test type mustn't change during test definition. closing file.\n",
+ line_number);
+ return EXIT_FAILURE;
+ }
+ switch (current_msg_digest_length) {
+ continue;
+ current_type = SHA1;
+ break;
+ case SHA224_HASH_LENGTH:
+ current_type = SHA224;
+ break;
+ case SHA256_HASH_LENGTH:
+ current_type = SHA256;
+ break;
+ case SHA384_HASH_LENGTH:
+ current_type = SHA384;
+ break;
+ case SHA512_HASH_LENGTH:
+ current_type = SHA512;
+ break;
+ default:
+ CRITICAL_ERROR("this shouldn't happen.");
+ break;
+ }
+ }
+ /* scan for: 1st msg_length, 2nd msg, 3rd msg_digest. repeat */
+ switch (search_term) {
+ case MSG_LENGTH:
+ if (sscanf(buffer, "Len = %u", &tmp_test.msg_length) ==
+ 1) {
+ if ((tmp_test.msg_length % 8) != 0) {
+ printf
+ ("error:\nincorrect file format [line %u]: message bit-length must be a multiple of 8. closing file.",
+ line_number);
+ return EXIT_FAILURE;
+ }
+ tmp_test.msg_length /= 8;
+ search_term = MSG;
+ }
+ break;
+ case MSG:
+ if (sscanf(buffer, "Msg = %s", buffer) == 1) {
+ if ((int)strlen(buffer) % 2 != 0) {
+ printf
+ ("error:\nincorrect file format [line %u]: message should be bytes. closing file.\n",
+ line_number);
+ return EXIT_FAILURE;
+ }
+ if (line_to_bytes
+ (buffer,
+ (int)strlen(buffer)) == EXIT_FAILURE) {
+ printf
+ ("error:\nincorrect file format [line %u]: message contains characters different from hex values. closing file.\n",
+ line_number);
+ return EXIT_FAILURE;
+ }
+ if ((tmp_test.msg = (unsigned char *)
+ malloc((size_t) tmp_test.msg_length))
+ == NULL)
+ CRITICAL_ERROR("out of memory.");
+ memcpy(tmp_test.msg, buffer,
+ (size_t) tmp_test.msg_length);
+ search_term = MSG_DIGEST;
+ }
+ break;
+ case MSG_DIGEST:
+ if (sscanf(buffer, "MD = %s", buffer)
+ == 1) {
+ if (((int)strlen(buffer) % 2 != 0)
+ || (((int)strlen(buffer) / 2) !=
+ current_msg_digest_length)) {
+ printf
+ ("error:\nincorrect file format [line %u]: message digest length doesn't match test type. closing file.\n",
+ line_number);
+ free(tmp_test.msg);
+ return EXIT_FAILURE;
+ }
+ if (line_to_bytes
+ (buffer,
+ (int)strlen(buffer)) == EXIT_FAILURE) {
+ printf
+ ("error:\nincorrect file format [line %u]: message digest contains characters different from hex values. closing file.\n",
+ line_number);
+ free(tmp_test.msg);
+ return EXIT_FAILURE;
+ }
+ if ((tmp_test.msg_digest = (unsigned char *)
+ malloc((size_t)
+ current_msg_digest_length))
+ == NULL)
+ CRITICAL_ERROR("out of memory.");
+ memcpy(tmp_test.msg_digest, buffer,
+ (size_t) current_msg_digest_length);
+ tmp_test.type = current_type;
+ tmp_test.msg_digest_length =
+ current_msg_digest_length;
+ push(&queue, tmp_test);
+ free(tmp_test.msg);
+ free(tmp_test.msg_digest);
+ tmp_test = new_test_t();
+ search_term = MSG_LENGTH;
+ }
+ break;
+ default:
+ CRITICAL_ERROR("this shouldn't happen.");
+ break;
+ }
+ if (feof(test_data) != 0) {
+ CRITICAL_ERROR("read error.");
+ }
+ }
+ free(tmp_test.msg);
+ free(tmp_test.msg_digest);
+ if (feof(test_data) == 0) {
+ printf("error:\ndidn't reach end of file. closing file.\n");
+ return EXIT_FAILURE;
+ }
+ return EXIT_SUCCESS;
+static int line_to_bytes(char *line, int length)
+ int i;
+ unsigned char *bytes;
+ if ((bytes = (unsigned char *)
+ malloc((size_t) (length / 2))) == NULL)
+ CRITICAL_ERROR("out of memory.");
+ for (i = 0; i <= ((length / 2) - 1); i++) {
+ if (line[2 * i] >= 'a' && line[2 * i] <= 'f')
+ line[2 * i] = line[2 * i] - 'a' + (char)10;
+ else if (line[2 * i] >= '0' && line[2 * i] <= '9')
+ line[2 * i] = line[2 * i] - '0';
+ else if (line[2 * i] >= 'A' && line[2 * i] <= 'F')
+ line[2 * i] = line[2 * i] - 'A' + (char)10;
+ else {
+ free(bytes);
+ return EXIT_FAILURE;
+ }
+ bytes[i] = (unsigned char)(line[2 * i] * (char)16);
+ if (line[2 * i + 1] >= 'a' && line[2 * i + 1] <= 'f')
+ line[2 * i + 1] = line[2 * i + 1] - (char)87;
+ else if (line[2 * i + 1] >= '0' && line[2 * i + 1] <= '9')
+ line[2 * i + 1] = line[2 * i + 1] - (char)48;
+ else if (line[2 * i + 1] >= 'A' && line[2 * i + 1] <= 'F')
+ line[2 * i + 1] = line[2 * i + 1] - 'A' + (char)10;
+ else {
+ free(bytes);
+ return EXIT_FAILURE;
+ }
+ bytes[i] += (unsigned char)line[2 * i + 1];
+ }
+ memcpy(line, bytes, (size_t) (length / 2));
+ memset(line + length / 2, 0, (size_t) (length / 2 + 1));
+ free(bytes);
+ return EXIT_SUCCESS;
diff --git a/src/tests/libica_sha_test/sha_test_vectors/SHA1.txt b/src/tests/libica_sha_test/sha_test_vectors/SHA1.txt
new file mode 100644
index 0000000..a283e3f
--- /dev/null
+++ b/src/tests/libica_sha_test/sha_test_vectors/SHA1.txt
@@ -0,0 +1,36 @@
+# SHA1 tests
+[L = 20]
+Len = 0
+Msg = 00
+MD = da39a3ee5e6b4b0d3255bfef95601890afd80709
+Len = 8
+Msg = 36
+MD = c1dfd96eea8cc2b62785275bca38ac261256e278
+Len = 16
+Msg = 195a
+MD = 0a1c2d555bbe431ad6288af5a54f93e0449c9232
+Len = 32
+Msg = 549e959e
+MD = b78bae6d14338ffccfd5d5b5674a275f6ef9c717
+Len = 64
+Msg = 7e3d7b3eada98866
+MD = 24a2c34b976305277ce58c2f42d5092031572520
+Len = 128
+Msg = 3552694cdf663fd94b224747ac406aaf
+MD = a150de927454202d94e656de4c7c0ca691de955d
+Len = 256
+Msg = 0321794b739418c24e7c2e565274791c4be749752ad234ed56cb0a6347430c6b
+MD = b89962c94d60f6a332fd60f6f07d4f032a586b76
+Len = 512
+Msg = 45927e32ddf801caf35e18e7b5078b7f5435278212ec6bb99df884f49b327c6486feae46ba187dc1cc9145121e1492e6b06e9007394dc33b7748f86ac3207cfe
+MD = a70cfbfe7563dd0e665c7c6715a96a8d756950c0
diff --git a/src/tests/libica_sha_test/sha_test_vectors/SHA224.txt b/src/tests/libica_sha_test/sha_test_vectors/SHA224.txt
new file mode 100644
index 0000000..8d6b1d7
--- /dev/null
+++ b/src/tests/libica_sha_test/sha_test_vectors/SHA224.txt
@@ -0,0 +1,39 @@
+# CAVS 11.0
+# "SHA-224 ShortMsg" information
+# SHA-224 tests are configured for BYTE oriented implementations
+# Generated on Tue Mar 15 08:23:36 2011
+[L = 28]
+Len = 0
+Msg = 00
+MD = d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f
+Len = 8
+Msg = 84
+MD = 3cd36921df5d6963e73739cf4d20211e2d8877c19cff087ade9d0e3a
+Len = 16
+Msg = 5c7b
+MD = daff9bce685eb831f97fc1225b03c275a6c112e2d6e76f5faf7a36e6
+Len = 32
+Msg = 6084347e
+MD = ae57c0a6d49739ba338adfa53bdae063e5c09122b77604780a8eeaa3
+Len = 64
+Msg = 5f77b3664823c33e
+MD = bdf21ff325f754157ccf417f4855360a72e8fd117d28c8fe7da3ea38
+Len = 128
+Msg = b776708ffb91b3515ac46598ab9fa796
+MD = 427311b1d7ab2488791c4deeb4251d783fe5f9806bfdfb5188c5443d
+Len = 256
+Msg = fe1f0fb02c9011f4c8c5905934ed15136771737ce31c5859e67f235fe594f5f6
+MD = bbeaacc632c2a3db2a9b47f157ab54aa27776c6e74cf0bcaa91b06d5
+Len = 512
+Msg = a3310ba064be2e14ad32276e18cd0310c933a6e650c3c754d0243c6c61207865b4b65248f66a08edf6e0832689a9dc3a2e5d2095eeea50bd862bac88c8bd318d
+MD = b2a5586d9cbf0baa999157b4af06d88ae08d7c9faab4bc1a96829d65
diff --git a/src/tests/libica_sha_test/sha_test_vectors/SHA256.txt b/src/tests/libica_sha_test/sha_test_vectors/SHA256.txt
new file mode 100644
index 0000000..c8bc15b
--- /dev/null
+++ b/src/tests/libica_sha_test/sha_test_vectors/SHA256.txt
@@ -0,0 +1,39 @@
+# CAVS 11.0
+# "SHA-256 ShortMsg" information
+# SHA-256 tests are configured for BYTE oriented implementations
+# Generated on Tue Mar 15 08:23:38 2011
+[L = 32]
+Len = 0
+Msg = 00
+MD = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+Len = 8
+Msg = d3
+MD = 28969cdfa74a12c82f3bad960b0b000aca2ac329deea5c2328ebc6f2ba9802c1
+Len = 16
+Msg = 11af
+MD = 5ca7133fa735326081558ac312c620eeca9970d1e70a4b95533d956f072d1f98
+Len = 32
+Msg = 74ba2521
+MD = b16aa56be3880d18cd41e68384cf1ec8c17680c45a02b1575dc1518923ae8b0e
+Len = 64
+Msg = 5738c929c4f4ccb6
+MD = 963bb88f27f512777aab6c8b1a02c70ec0ad651d428f870036e1917120fb48bf
+Len = 128
+Msg = 0a27847cdc98bd6f62220b046edd762b
+MD = 80c25ec1600587e7f28b18b1b18e3cdc89928e39cab3bc25e4d4a4c139bcedc4
+Len = 256
+Msg = 09fc1accc230a205e4a208e64a8f204291f581a12756392da4b8c0cf5ef02b95
+MD = 4f44c1c7fbebb6f9601829f3897bfd650c56fa07844be76489076356ac1886a4
+Len = 512
+Msg = 5a86b737eaea8ee976a0a24da63e7ed7eefad18a101c1211e2b3650c5187c2a8a650547208251f6d4237e661c7bf4c77f335390394c37fa1a9f9be836ac28509
+MD = 42e61e174fbb3897d6dd6cef3dd2802fe67b331953b06114a65c772859dfc1aa
diff --git a/src/tests/libica_sha_test/sha_test_vectors/SHA384.txt b/src/tests/libica_sha_test/sha_test_vectors/SHA384.txt
new file mode 100644
index 0000000..6f2acb4
--- /dev/null
+++ b/src/tests/libica_sha_test/sha_test_vectors/SHA384.txt
@@ -0,0 +1,43 @@
+# CAVS 11.0
+# "SHA-384 ShortMsg" information
+# SHA-384 tests are configured for BYTE oriented implementations
+# Generated on Tue Mar 15 08:23:39 2011
+[L = 48]
+Len = 0
+Msg = 00
+MD = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b
+Len = 8
+Msg = c5
+MD = b52b72da75d0666379e20f9b4a79c33a329a01f06a2fb7865c9062a28c1de860ba432edfd86b4cb1cb8a75b46076e3b1
+Len = 16
+Msg = 6ece
+MD = 53d4773da50d8be4145d8f3a7098ff3691a554a29ae6f652cc7121eb8bc96fd2210e06ae2fa2a36c4b3b3497341e70f0
+Len = 32
+Msg = 50e3853d
+MD = 936a3c3991716ba4c413bc03de20f5ce1c63703b3a5bdb6ab558c9ff70d537e46eb4a15d9f2c85e68d8678de5682695e
+Len = 64
+Msg = de60275bdafce4b1
+MD = a3d861d866c1362423eb21c6bec8e44b74ce993c55baa2b6640567560ebecdaeda07183dbbbd95e0f522caee5ddbdaf0
+Len = 128
+Msg = e1bb967b5d379a4aa39050274d09bd93
+MD = 3b04f96965ad2fbabd4df25d5d8c95589d069c312ee48539090b2d7b495d2446c31eb2b8f8ffb3012bdce065323d9f48
+Len = 256
+Msg = be01e520e69f04174ccf95455b1c81445298264d9adc4958574a52843d95b8ba
+MD = c5cf54b8e3105b1c7bf7a43754d915b0947f28b6dc94a019182929b5c848e11441c9e4e90c7449f4c3cd12954f0f5d99
+Len = 512
+Msg = 93035d3a13ae1b06dd033e764aca0124961da79c366c6c756bc4bcc11850a3a8d120854f34290fff7c8d6d83531dbdd1e81cc4ed4246e00bd4113ef451334daa
+MD = 8d46cc84b6c2deb206aa5c861798798751a26ee74b1daf3a557c41aebd65adc027559f7cd92b255b374c83bd55568b45
+Len = 1024
+Msg = 3bf52cc5ee86b9a0190f390a5c0366a560b557000dbe5115fd9ee11630a62769011575f15881198f227876e8fe685a6939bc8b89fd48a34ec5e71e131462b2886794dffa68ccc6d564733e67ffef25e627c6f4b5460796e3bce67bf58ca6e8e555bc916a8531697ac948b90dc8616f25101db90b50c3d3dbc9e21e42ff387187
+MD = 12b6cb35eda92ee37356ddee77781a17b3d90e563824a984faffc6fdd1693bd7626039635563cfc3b9a2b00f9c65eefd
diff --git a/src/tests/libica_sha_test/sha_test_vectors/SHA512.txt b/src/tests/libica_sha_test/sha_test_vectors/SHA512.txt
new file mode 100644
index 0000000..2c5b38d
--- /dev/null
+++ b/src/tests/libica_sha_test/sha_test_vectors/SHA512.txt
@@ -0,0 +1,43 @@
+# CAVS 11.0
+# "SHA-512 ShortMsg" information
+# SHA-512 tests are configured for BYTE oriented implementations
+# Generated on Tue Mar 15 08:23:49 2011
+[L = 64]
+Len = 0
+Msg = 00
+MD = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
+Len = 8
+Msg = 21
+MD = 3831a6a6155e509dee59a7f451eb35324d8f8f2df6e3708894740f98fdee23889f4de5adb0c5010dfb555cda77c8ab5dc902094c52de3278f35a75ebc25f093a
+Len = 16
+Msg = 9083
+MD = 55586ebba48768aeb323655ab6f4298fc9f670964fc2e5f2731e34dfa4b0c09e6e1e12e3d7286b3145c61c2047fb1a2a1297f36da64160b31fa4c8c2cddd2fb4
+Len = 32
+Msg = 23be86d5
+MD = 76d42c8eadea35a69990c63a762f330614a4699977f058adb988f406fb0be8f2ea3dce3a2bbd1d827b70b9b299ae6f9e5058ee97b50bd4922d6d37ddc761f8eb
+Len = 64
+Msg = 6f8d58b7cab1888c
+MD = a3941def2803c8dfc08f20c06ba7e9a332ae0c67e47ae57365c243ef40059b11be22c91da6a80c2cff0742a8f4bcd941bdee0b861ec872b215433ce8dcf3c031
+Len = 128
+Msg = cd67bd4054aaa3baa0db178ce232fd5a
+MD = 0d8521f8f2f3900332d1a1a55c60ba81d04d28dfe8c504b6328ae787925fe0188f2ba91c3a9f0c1653c4bf0ada356455ea36fd31f8e73e3951cad4ebba8c6e04
+Len = 256
+Msg = 8ccb08d2a1a282aa8cc99902ecaf0f67a9f21cffe28005cb27fcf129e963f99d
+MD = 4551def2f9127386eea8d4dae1ea8d8e49b2add0509f27ccbce7d9e950ac7db01d5bca579c271b9f2d806730d88f58252fd0c2587851c3ac8a0e72b4e1dc0da6
+Len = 512
+Msg = c1ca70ae1279ba0b918157558b4920d6b7fba8a06be515170f202fafd36fb7f79d69fad745dba6150568db1e2b728504113eeac34f527fc82f2200b462ecbf5d
+MD = 046e46623912b3932b8d662ab42583423843206301b58bf20ab6d76fd47f1cbbcf421df536ecd7e56db5354e7e0f98822d2129c197f6f0f222b8ec5231f3967d
+Len = 1024
+Msg = fd2203e467574e834ab07c9097ae164532f24be1eb5d88f1af7748ceff0d2c67a21f4e4097f9d3bb4e9fbf97186e0db6db0100230a52b453d421f8ab9c9a6043aa3295ea20d2f06a2f37470d8a99075f1b8a8336f6228cf08b5942fc1fb4299c7d2480e8e82bce175540bdfad7752bc95b577f229515394f3ae5cec870a4b2f8
+MD = a21b1077d52b27ac545af63b32746c6e3c51cb0cb9f281eb9f3580a6d4996d5c9917d2a6e484627a9d5a06fa1b25327a9d710e027387fc3e07d7c4d14c6086cc
diff --git a/src/tests/libica_sha_test/sha_tests.c b/src/tests/libica_sha_test/sha_tests.c
new file mode 100644
index 0000000..f2cae3b
--- /dev/null
+++ b/src/tests/libica_sha_test/sha_tests.c
@@ -0,0 +1,189 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/errno.h>
+#include <fcntl.h>
+#include <string.h>
+#include "ica_api.h"
+#include "queue_t.h"
+#include "sha_tests.h"
+#include "critical_error.h"
+static void dump_array(unsigned char *ptr, unsigned int size);
+int sha1_new_api_test(test_t * test)
+ sha_context_t sha_context;
+ int rc = 0;
+ unsigned char output[LENGTH_SHA_HASH];
+ if (test->msg_digest_length != LENGTH_SHA_HASH)
+ CRITICAL_ERROR("this shouldn't happen.");
+ rc = (int)ica_sha1(SHA_MSG_PART_ONLY, test->msg_length, test->msg,
+ &sha_context, output);
+ if (rc != 0) {
+ printf("ica_sha1 failed with errno %d (0x%x).\n", rc,
+ (unsigned int)rc);
+ return rc;
+ }
+ if (!silent) {
+ printf("message digest (new api)\n");
+ dump_array(output, LENGTH_SHA_HASH);
+ }
+ if (memcmp(output, test->msg_digest, LENGTH_SHA_HASH) != 0) {
+ printf("output is not what it should be.\n");
+ return 2;
+ }
+ return 0;
+int sha224_new_api_test(test_t * test)
+ sha256_context_t sha256_context;
+ int rc = 0;
+ unsigned char output[LENGTH_SHA224_HASH];
+ if (test->msg_digest_length != LENGTH_SHA224_HASH)
+ CRITICAL_ERROR("this shouldn't happen.");
+ rc = (int)ica_sha224(SHA_MSG_PART_ONLY, test->msg_length, test->msg,
+ &sha256_context, output);
+ if (rc != 0) {
+ printf("ica_sha224 failed with errno %d (0x%x).\n", rc,
+ (unsigned int)rc);
+ return rc;
+ }
+ if (!silent) {
+ printf("message digest (new api)\n");
+ dump_array(output, LENGTH_SHA224_HASH);
+ }
+ if (memcmp(output, test->msg_digest, LENGTH_SHA224_HASH) != 0) {
+ printf("output is not what it should be.\n");
+ return 2;
+ }
+ return 0;
+int sha256_new_api_test(test_t * test)
+ sha256_context_t sha256_context;
+ int rc = 0;
+ unsigned char output[LENGTH_SHA256_HASH];
+ if (test->msg_digest_length != LENGTH_SHA256_HASH)
+ CRITICAL_ERROR("this shouldn't happen.");
+ rc = (int)ica_sha256(SHA_MSG_PART_ONLY, test->msg_length, test->msg,
+ &sha256_context, output);
+ if (rc != 0) {
+ printf("ica_sha256 failed with errno %d (0x%x).\n", rc,
+ (unsigned int)rc);
+ return rc;
+ }
+ if (!silent) {
+ printf("message digest (new api)\n");
+ dump_array(output, LENGTH_SHA256_HASH);
+ }
+ if (memcmp(output, test->msg_digest, LENGTH_SHA256_HASH) != 0) {
+ printf("output is not what it should be.\n");
+ return 2;
+ }
+ return 0;
+int sha384_new_api_test(test_t * test)
+ sha512_context_t sha512_context;
+ int rc = 0;
+ unsigned char output[LENGTH_SHA384_HASH];
+ if (test->msg_digest_length != LENGTH_SHA384_HASH)
+ CRITICAL_ERROR("this shouldn't happen.");
+ rc = (int)ica_sha384(SHA_MSG_PART_ONLY, test->msg_length, test->msg,
+ &sha512_context, output);
+ if (rc != 0) {
+ printf("ica_sha384 failed with errno %d (0x%x).\n", rc,
+ (unsigned int)rc);
+ return rc;
+ }
+ if (!silent) {
+ printf("message digest (new api)\n");
+ dump_array(output, LENGTH_SHA384_HASH);
+ }
+ if (memcmp(output, test->msg_digest, LENGTH_SHA384_HASH) != 0) {
+ printf("output is not what it should be.\n");
+ return 2;
+ }
+ return 0;
+int sha512_new_api_test(test_t * test)
+ sha512_context_t sha512_context;
+ int rc = 0;
+ unsigned char output[LENGTH_SHA512_HASH];
+ if (test->msg_digest_length != LENGTH_SHA512_HASH)
+ CRITICAL_ERROR("this shouldn't happen.");
+ rc = (int)ica_sha512(SHA_MSG_PART_ONLY, test->msg_length, test->msg,
+ &sha512_context, output);
+ if (rc != 0) {
+ printf("ica_sha512 failed with errno %d (0x%x).\n", rc,
+ (unsigned int)rc);
+ return rc;
+ }
+ if (!silent) {
+ printf("message digest (new api)\n");
+ dump_array(output, LENGTH_SHA512_HASH);
+ }
+ if (memcmp(output, test->msg_digest, LENGTH_SHA512_HASH) != 0) {
+ printf("output is not what it should be.\n");
+ return 2;
+ }
+ return 0;
+static void dump_array(unsigned char *ptr, unsigned int size)
+ unsigned char *ptr_end;
+ unsigned char *h;
+ int i = 1, trunc = 0;
+ if (size > 64) {
+ trunc = (int)size - 64;
+ size = 64;
+ }
+ h = ptr;
+ ptr_end = ptr + size;
+ while (h < ptr_end) {
+ printf("0x%02x ", (unsigned int)*h);
+ h++;
+ if (i == 8) {
+ if (h != ptr_end)
+ printf("\n");
+ i = 1;
+ } else {
+ ++i;
+ }
+ }
+ printf("\n");
+ if (trunc > 0)
+ printf("... %d bytes not printed\n", trunc);
diff --git a/src/tests/ b/src/tests/
new file mode 100755
index 0000000..e45d966
--- /dev/null
+++ b/src/tests/
@@ -0,0 +1,57 @@
+set -e
+# Libica test suite
+# Test output will be stored in suite.out
+echo -ne 'Starting libica test suite ...\n'
+echo -ne '-------------------------------------------------- (0%)\r'
+./icastats_test $silent
+echo -ne '#------------------------------------------------- (2%)\r'
+./libica_3des_cbc_test $silent
+./libica_3des_cfb_test $silent
+./libica_3des_ctr_test $silent
+./libica_3des_ecb_test $silent
+./libica_3des_ofb_test $silent
+echo -ne '#######------------------------------------------ (15%)\r'
+./libica_aes128_test $silent
+./libica_aes192_test $silent
+./libica_aes256_test $silent
+./libica_aes_cbc_test $silent
+./libica_aes_cfb_test $silent
+./libica_aes_ctr_test $silent
+./libica_aes_ecb_test $silent
+./libica_aes_gcm_test $silent
+./libica_aes_ofb_test $silent
+./libica_aes_xts_test $silent
+echo -ne '###############---------------------------------- (30%)\r'
+./libica_cbccs_test $silent
+./libica_ccm_test $silent
+./libica_cmac_test $silent
+echo -ne '######################--------------------------- (45%)\r'
+./libica_des_cbc_test $silent
+./libica_des_cfb_test $silent
+./libica_des_ctr_test $silent
+./libica_des_ecb_test $silent
+./libica_des_ofb_test $silent
+echo -ne '#############################-------------------- (60%)\r'
+./libica_get_functionlist $silent
+./libica_get_version $silent
+./libica_keygen_test 512 r $silent
+./libica_keygen_test 1024 r $silent
+./libica_keygen_test 2048 r $silent
+./libica_keygen_test 4096 r $silent
+./libica_keygen_test 1234 r $silent
+./libica_rng_test $silent
+echo -ne '#####################################------------ (70%)\r'
+./libica_rsa_test $silent
+./libica_rsa_key_check_test $silent
+echo -ne '############################################----- (80%)\r'
+./libica_sha_test/libica_sha_test $silent $PARMS
+#./libica_sha_test/libica_sha_test 'libica_sha_test/sha_test_vectors/*'
+echo -ne '################################################# (100%) Done\r'
+echo -ne '\n'
diff --git a/src/tests/test_mech_list.c b/src/tests/test_mech_list.c
new file mode 100644
index 0000000..de2f107
--- /dev/null
+++ b/src/tests/test_mech_list.c
@@ -0,0 +1,34 @@
+/* This program is released under the Common Public License V1.0
+ *
+ * You should have received a copy of Common Public License V1.0 along with
+ * with this program.
+ */
+ * This is something like what you can expect openCryptoki to do when
+ * it requests a mechanism list from your library.
+ *
+ * Copyright IBM Corp. 2005, 2009
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "mech_types.h"
+#include "ica_api.h"
+ struct mech_list_item head;
+ struct mech_list_item *item, *next;
+ generate_pkcs11_mech_list(&head);
+ item =;
+ while (item) {
+ next = item->next;
+ printf("Mechanism type: [%8lX]\n", item->element.mech_type);
+ free(item);
+ item = next;
+ }
+ return 0;