diff --git a/icc/ICCPKG.mk b/icc/ICCPKG.mk index 14c25d7..1d98bbb 100644 --- a/icc/ICCPKG.mk +++ b/icc/ICCPKG.mk @@ -2,7 +2,7 @@ # Make file for ICCPKG components # -iccpkg: ICC_ver.txt $(ICC_ROOT)/package/ICCPKG.tar \ +iccpkg: ICC_ver.txt $(ICC_ROOT)/package/ICCPKG.tar \ $(ICC_ROOT)/package/gsk_crypto.tar $(ICC_ROOT)/package/gsk_crypto_sdk.tar \ $(ICC_ROOT)/package/jgsk_crypto.tar $(ICC_ROOT)/package/jgsk_crypto_sdk.tar diff --git a/icc/ICCencapsulator.java b/icc/ICCencapsulator.java index 155b696..42e6ed1 100644 --- a/icc/ICCencapsulator.java +++ b/icc/ICCencapsulator.java @@ -213,7 +213,7 @@ else if ( func.argumenttypes[i].indexOf("const") >= 0 ) { else { found = false; break; - } + } } } @@ -523,7 +523,7 @@ class FileType { public String prefix = ""; FileWriter writer; public String name = ""; - static final String copyrightheader = + static final String copyrightheader = "/*\n"+ "** Machine generated code: DO NOT EDIT\n"+ "**\n"+ @@ -1100,8 +1100,8 @@ class File_ICC_A_H extends FileType { public void Preamble() throws Exception { super.Preamble(); - writer.write("/*\n" + "* Function prototypes for the ICC API (ICCSDK).\n" - + "* This file is autogenerated and should only be included via icc.h.\n" + "*/\n\n"); + writer.write("/*\n" + "* Function prototypes for the ICC API (ICCSDK ICC module library)\n" + + "* This file is autogenerated and should only be included via icc.h\n" + "*/\n"); writer.write("\n#ifndef INCLUDED_ICC_A\n#define INCLUDED_ICC_A\n"); @@ -1422,7 +1422,7 @@ public void Preamble() throws Exception { pcbtype = ICCencapsulator.ICCPCB; super.Preamble(); - writer.write("/*\n" + "* Function prototypes for the ICC API (ICCSDK)\n" + writer.write("/*\n" + "* Function prototypes for the ICC API (ICCPKGSDK ICC step library)\n" + "* This file is autogenerated and should only be included via icc.h\n" + "*/\n"); writer.write("\n#ifndef INCLUDED_ICC_A\n#define INCLUDED_ICC_A\n\n"); @@ -1572,8 +1572,8 @@ public void Body(ICCFunction func) throws Exception writer.write(";\n"); if(func.isLegacy(this)) { writer.write("#if defined(HAVE_C_ICC)\n"); - func.WriteFunction(writer,ICCencapsulator.ALT_ICCPrefix,pcbtype); - writer.write(";\n"); + func.WriteFunction(writer,ICCencapsulator.ALT_ICCPrefix,pcbtype); + writer.write(";\n"); writer.write("#endif\n"); } // Is documentation available for the entry point, if so add it so GSkit's doxygen can pick it up ? @@ -1618,16 +1618,16 @@ public void Body(ICCFunction func) throws Exception writer.write("\n\t\t}\n"); if(func.isLegacy(this)) { writer.write("#if defined(HAVE_C_ICC)\n"); - writer.write("\t\tif(NULL != wpcb->Cctx) {\n"); - { + writer.write("\t\tif(NULL != wpcb->Cctx) {\n"); + { - writer.write("\t\t\t"); - if (! func.returntype.equals("void")) { - writer.write("return "); - } - func.WriteCallingFunction(writer,ICCencapsulator.ALT_ICCPrefix,"(wpcb->Cctx"); - writer.write("\n\t\t}\n"); - } + writer.write("\t\t\t"); + if (! func.returntype.equals("void")) { + writer.write("return "); + } + func.WriteCallingFunction(writer,ICCencapsulator.ALT_ICCPrefix,"(wpcb->Cctx"); + writer.write("\n\t\t}\n"); + } writer.write("#endif\n"); } else { if( !func.returntype.equals("void") && @@ -2231,7 +2231,7 @@ public void fixTypes(FileType filetype) // if we need to int k = PrependWords.words().size(); - switch (filetype.fn) { + switch(filetype.fn) { case ICC_A_C: case ICC_A_H: case ICCPKG_A_C: @@ -2745,17 +2745,17 @@ public String genReturnValue() { // Encapsulates knowledges specific to a supported OS class OS { // Extra symbols required to be exported from the file GSkit creates - private static String GSKExports[] = { + private static String GSKExports[] = { "C_GetFunctionList", - "gskiccs_SCCSInfo", - "gskiccs_Crypto_VersionInfo", - "gskiccs_path", + "gskiccs_SCCSInfo", + "gskiccs_Crypto_VersionInfo", + "gskiccs_path", "gskiccs8_path", "ICC_Init", - "Delta_T", - "Delta_res", - "Delta2Time", - "Delta_spanT", + "Delta_T", + "Delta_res", + "Delta2Time", + "Delta_spanT", "Delta_spanC", "ICC_MemCheck_start", "ICC_MemCheck_stop" /*, diff --git a/icc/Makefile b/icc/Makefile index dbf0186..070f36d 100644 --- a/icc/Makefile +++ b/icc/Makefile @@ -47,7 +47,7 @@ OFFICIAL_CFLAGS = -DICC_OFFICIAL_BUILD -DVTAG=$(VTAG) ifeq ($(findstring VS2022, $(OPSYS)), VS2022) SIGN_COMMAND = ../../signwindowsfile.ksh else -SIGN_COMMAND = /build/build/scripts/signwindowsfile.ksh +SIGN_COMMAND = /build/build/scripts/signwindowsfile.ksh endif @@ -155,7 +155,7 @@ help: @echo make targets: @echo " create_all - clean_all - scrubbed, create_all_no_legacy, create_all_FIPS" @echo " e.g: make -C icc OPSYS=WIN64_VS2022 CONFIG=debug create_all" - @echo " PQC=NONE, PQC=LIBOQS, PQC= (default LIBDKS)" + @echo " PQC=NONE, PQC=LIBDKS, PQC= (default LIBOQS)" @echo set_icc_version @echo e.g: 'make ... ICC_VERSION_VER=x ICC_VERSION_REL=y ICC_VERSION_MOD=z set_icc_version' to get "x.y.z" as version number @echo build_all @@ -182,7 +182,7 @@ API_DIR = platforms/$(OPENSSL_LIBVER)/API # tmp/dummyfile - ref platforms/1.1.1/*.mk - triggers object extract of openssl static lib $(SLIBCRYPTO) # MYOPENSSL is our local copy of openssl static linked - triggers OpenSSL build -TARGETS = $(MYOPENSSL) tmp/dummyfile \ +TARGETS = $(MYOPENSSL) tmp/dummyfile \ $(DELTA) \ $(ICCDLL_NAME) \ $(ICCDLL) \ @@ -240,7 +240,7 @@ create_openssl: $(ICC_ROOT)/openssl_source/$(OPENSSL_VER)-icc.tar.gz cd .. ; \ rm -rf x; mkdir x; cd x; \ tar xzf ../openssl_source/$(OPENSSL_VER)-icc.tar.gz ; \ - sleep 1; \ + sleep 1 ; \ mv openssl ../$(OPENSSL_VER) ; \ chmod +x ../$(OPENSSL_VER)/Configure ; \ cd ..; \ @@ -493,7 +493,7 @@ $(ICC_ROOT)/liboqs/CMakeLists.txt : mv liboqs$(LIBOQS_VER)/* . ; mv liboqs$(LIBOQS_VER)/.* . ; \ rmdir liboqs$(LIBOQS_VER) ; \ else \ - git clone https://github.com/open-quantum-safe/liboqs.git --depth 1 --branch 0.14.0 $(ICC_ROOT)/liboqs ; \ + git clone https://github.com/open-quantum-safe/liboqs.git --depth 1 --branch 0.15.0 $(ICC_ROOT)/liboqs ; \ echo liboqs > $(ICC_ROOT)/liboqs/log.txt ; \ git -C $(ICC_ROOT)/liboqs log >> $(ICC_ROOT)/liboqs/log.txt ; \ fi @@ -505,7 +505,7 @@ $(ICC_ROOT)/liboqs$(LIBOQS_VER).tar.gz: create_oqs Makefile find $(ICC_ROOT)/liboqs -name ".gitattributes" -exec rm {} + find $(ICC_ROOT)/liboqs -name ".travis" -exec rm {} + find $(ICC_ROOT)/liboqs -name "*.yml" -exec rm {} + - tar czf $(ICC_ROOT)/liboqs$(LIBDKS_VER).tar.gz $(ICC_ROOT)/liboqs + tar czf $(ICC_ROOT)/liboqs$(LIBOQS_VER).tar.gz $(ICC_ROOT)/liboqs rm_liboqs_backup: $(RM) $(ICC_ROOT)/liboqs$(LIBOQS_VER).tar.gz @@ -564,7 +564,7 @@ $(NOSHIP_RTE_DIR): $(NOSHIP_DIR) $(NOSHIP_ICC_RTE_DIR): $(NOSHIP_RTE_DIR) $(MKDIR) $@ -create_dirs: $(NOSHIP_DIR) $(NOSHIP_RTE_DIR) $(NOSHIP_ICC_RTE_DIR) $(SDK_DIR) $(ICC_RTE_DIR) $(OSSL_RTE_DIR) exports $(ICC_ROOT)/iccpkg/exports +create_dirs: $(NOSHIP_DIR) $(NOSHIP_RTE_DIR) $(NOSHIP_ICC_RTE_DIR) $(SDK_DIR) $(ICC_RTE_DIR) $(OSSL_RTE_DIR) exports $(ICC_ROOT)/iccpkg/exports $(ICC_ROOT)/iccpkg/exports_old # Forces a rebuild in case we have a leftover .o or .exe from create_all from another system clean_iccVdump: @@ -589,6 +589,9 @@ exports: $(ICC_ROOT)/iccpkg/exports: $(MKDIR) $@ +$(ICC_ROOT)/iccpkg/exports_old: + $(MKDIR) $@ + #- Build and run the code generator if necsssary #- We typically only do this on one (fast) platform as setup for the #- builds. Then copy the populated source tree to the other build machines @@ -597,6 +600,7 @@ ICCencapsulator.class: ICCencapsulator.java javac ICCencapsulator.java # the create_all_* needs to be ran manually +# create_all is part of the prebuild. If timestamps for functions.txt are changed in the copy then this will be triggered. icc_a.h icc_a.c icclib_a.h icclib_a.c: functions.txt @echo please make create_all false @@ -825,7 +829,7 @@ clean_all: clean_openssl clean clean_tools clean_pqc clean_argon -$(RM) *.0 -$(CLEAN400_ICC) -$(CLEAN400_OSSL) - -$(CLEAN400_MODS) + -$(CLEAN400_MODS) #- will need a create_all (includes patching) to get it back remove_openssl: @@ -834,8 +838,7 @@ remove_openssl: #- Clean just OpenSSL clean_openssl: -$(CLEAN_OSSL) - -$(RM) tmp/tmp/* - -$(RM) tmp/*$(OBJSUFX) tmp/dummyfile + -$(RM) -r tmp tmp32dll if [ -e Build_OSSL_Complete ] ; then rm Build_OSSL_Complete ; fi @@ -846,7 +849,8 @@ clean: clean_perf clean_pkcs11 clean_iccpkg clean_icc clean_icc_test clean_icc: -$(RM) $(TARGETS) $(LIBOBJS) $(argon2_obj) *.o *.obj $(EXTRA_FILES) $(SDK_DIR)/*.h $(ASMOBJS) -$(RM) ./openssl$(EXESUFX) $(SHLPRFX)icclib$(SHLSUFX) $(STLPRFX)icc$(STLSUFX) - -$(RM) *.so *.dylib *.dll *.sl *.x *.lib + -$(RM) *.so *.dylib *.dll *.sl *.x *.lib *.exp + -$(RM) create*.0 -$(RM) aes_gcm.* aes_ccm.* nist_algs1.c -$(RM) delta.exp -$(RM) ICCTEST_BUILT @@ -861,7 +865,7 @@ clean_icc: -find $(ICC_ROOT)/msvc -name "*.user" -exec rm {} + clean_icc_test: - if [ -d $(ICC_ROOT)/icc_test/ ] ; then \ + -if [ -d $(ICC_ROOT)/icc_test/ ] ; then \ unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ "$(MAKE)" -C $(ICC_ROOT)/icc_test clean ; \ fi @@ -871,19 +875,19 @@ clean_tools: -$(RM) $(TOOLS) clean_perf: - if [ -d $(ICC_ROOT)/iccspeed/ ] ; then \ + -if [ -d $(ICC_ROOT)/iccspeed/ ] ; then \ unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ "$(MAKE)" -C $(ICC_ROOT)/iccspeed clean ; \ fi clean_pkcs11: - if [ -d $(ICC_ROOT)/pk11/ ] ; then \ + -if [ -d $(ICC_ROOT)/pk11/ ] ; then \ unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ "$(MAKE)" -C $(ICC_ROOT)/pk11 clean ; \ fi clean_iccpkg: - if [ -d $(ICC_ROOT)/iccpkg/ ] ; then \ + -if [ -d $(ICC_ROOT)/iccpkg/ ] ; then \ unset MAKEOVERRIDES MAKELEVEL MAKEFILES ; \ "$(MAKE)" -C $(ICC_ROOT)/iccpkg clean ; \ fi @@ -891,9 +895,9 @@ clean_iccpkg: #- Clean out everything including the autogenerated files # Will need a create_all after this to get openssl back -scrubbed: clean clean_libArgon - -$(RM) $(AUTOGEN) exports/* $(ICC_ROOT)/iccpkg/exports/* ICCencapsulator.class - -$(RM) -r $(OSSL_DIR) +scrubbed: clean clean_libArgon remove_openssl + -$(RM) $(AUTOGEN) exports/* $(ICC_ROOT)/iccpkg/exports/* $(ICC_ROOT)/iccpkg/exports_old/* ICCencapsulator.class + -$(RM) -r $(ZLIB_DIR) $(ICC_ROOT)/pkcs11 #- Build ICC package files (SDK & RTE) package_all: $(ICCSDK) $(ICCRTE) @@ -935,13 +939,13 @@ TRNG_OBJS = timer_entropy$(OBJSUFX) timer_fips$(OBJSUFX) \ # $(CP) $(ICC_ROOT)/iccpkg/DilKyb/headers/mystdint.h $@ # List of objs - minus the trigger for exec on load in a shared object -LIBOBJS1 = fips$(OBJSUFX) \ +LIBOBJS1 = fips$(OBJSUFX) \ platform$(OBJSUFX) \ iccerr$(OBJSUFX) status$(OBJSUFX) \ fips-prng-RAND$(OBJSUFX) fips-prng-err$(OBJSUFX) \ SP800-90$(OBJSUFX) \ SP800-90HashData$(OBJSUFX) \ - ds$(OBJSUFX) \ + ds$(OBJSUFX) \ SP800-90Cipher$(OBJSUFX) utils$(OBJSUFX) \ SP800-90HMAC$(OBJSUFX) \ SP800-108$(OBJSUFX) \ @@ -956,21 +960,22 @@ LIBOBJS1 = fips$(OBJSUFX) \ #- define the set of objects that end up in the ICC shared library #- OSSL_XTRA_OBJ are files that massage the OpenSSL API to preserve #- the ICC API across releases -LIBOBJS = $(LIBOBJS1) platfsl$(OBJSUFX) $(OSSL_XTRA_OBJ) +LIBOBJS = $(LIBOBJS1) platfsl$(OBJSUFX) $(OSSL_XTRA_OBJ) # # Get the OpenSSL objects expanded (tmp/dummyfile) # and selectively copied # #Note: BUILD_OBJS coming from $(OPSYS)_.mk includes BASE_OBJS (from BASE_OSSL_FILES.mk) +tmp: + $(MKDIR) $@ -tmp/tmp/dummyfile: Build_OSSL_Complete tmp/dummyfile - -$(MKDIR) tmp/tmp - (cd tmp ; \ - $(CP) $(BUILD_OBJS) tmp/ ;\ - cd .. ; \ - ) - touch tmp/tmp/dummyfile +tmp/tmp: tmp + $(MKDIR) $@ + +tmp/tmp/dummyfile: tmp/tmp Build_OSSL_Complete tmp/dummyfile + cd tmp; $(CP) $(BUILD_OBJS) tmp/ + touch $@ #- Build ICC shared library module #- $(ASMOBJS) is required to cater for small assembler files @@ -983,7 +988,7 @@ $(GSK_SDK)/unstripped : $(GSK_SDK) $(MKDIR) $@ $(ICCDLL_NAME): Makefile $(PQC_TARGET) privkey.rsa icclib$(OBJSUFX) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) tmp/tmp/dummyfile signer$(EXESUFX) $(GSK_SDK)/unstripped $(ICC_RTE_DIR) $(NOSHIP_ICC_RTE_DIR) $(ARGON) - $(SLD) $(SLDFLAGS) $(ICCLIB_LNK) $(EXPORT_FLAG)$(ICCLIB_EXPFILE) icclib$(OBJSUFX) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) \ + $(SLD) $(SLDFLAGS) $(ICCLIB_LNK) $(EXPORT_FLAG)$(ICCLIB_EXPFILE) icclib$(OBJSUFX) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) \ $(ARGON) tmp/tmp/*$(OBJSUFX) $(LDLIBS) $(PQCLIBS) #- Unstripped goes into NOSHIP and sdk $(OPENSSL_PATH_SETUP) ./signer$(EXESUFX) ICCSIG.txt privkey.rsa -SELF -FILE $(ICCDLL_NAME) $(TWEAKS) "ICC_ALLOW_2KEY3DES=1" @@ -1046,10 +1051,10 @@ $(ICC_RTE_DIR)/$(SHLPRFX)icclib$(VTAG).dylib : $(ICC_RTE_DIR) $(ICCDLL_NAME) $(CP) $(ICCDLL_NAME) $@ #- Compile the ICC shared library main source -icclib$(OBJSUFX): Makefile icclib.c loaded.c loaded.h iccglobals.h platform.h iccversion.h \ - platfsl.h iccerr.h $(TRNG_DIR)/ICC_NRBG.h tracer.h icc.h icc_a.h extsig.h +icclib$(OBJSUFX): Makefile icclib.c loaded.c loaded.h platform.h iccversion.h \ + platfsl.h iccerr.h $(TRNG_DIR)/ICC_NRBG.h tracer.h extsig.h icc.h icc_a.h iccglobals.h $(CC) $(CFLAGS) -DOPSYS="\"$(OPSYS)\"" -DICCDLL_NAME="\"$(ICCDLL_NAME)\"" -DMYNAME=icclib$(VTAG) \ - -DINSTDIR=\""$(GSK_GLOBAL)"\" $(PQCINC) -I./ -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) icclib.c + -DINSTDIR=\""$(GSK_GLOBAL)"\" $(PQCINC) -I./ -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) icclib.c # Code specifically for Java/JCEPlus @@ -1062,11 +1067,11 @@ OS_helpers$(OBJSUFX): OS_helpers.c #- Note some platforms, SUN_SOL8/SUN64 AIX/AIX64 need added assembler tweaks # which affect timer_entropy.c # -TRNG_HDRS = -I./ -I$(ICC_ROOT)/$(ZLIB) -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(TRNG_DIR) -I$(API_DIR) +TRNG_HDRS = -I./ -I$(ICC_ROOT)/$(ZLIB) -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(TRNG_DIR) -I$(API_DIR) # Base routines to read TSC register equivalents # Note: Depends on asm routines in OpenSSL on some platforms -timer_entropy$(OBJSUFX): $(TRNG_DIR)/timer_entropy.c $(TRNG_DIR)/timer_entropy.h +timer_entropy$(OBJSUFX): $(TRNG_DIR)/timer_entropy.c $(TRNG_DIR)/timer_entropy.h $(CC) $(CFLAGS) $(TRNG_HDRS) $(ASM_TWEAKS) $(TRNG_DIR)/timer_entropy.c $(OUT)$@ # Conditioning for FIPS @@ -1077,7 +1082,7 @@ timer_fips$(OBJSUFX): $(TRNG_DIR)/timer_fips.c $(TRNG_DIR)/timer_entropy.h $(T # Generic personalization routines -personalise$(OBJSUFX): $(TRNG_DIR)/personalise.c $(TRNG_DIR)/personalise.h +personalise$(OBJSUFX): $(TRNG_DIR)/personalise.c $(TRNG_DIR)/personalise.h $(CC) $(CFLAGS) $(TRNG_HDRS) $(TRNG_DIR)/personalise.c $(OUT)$@ # Generic algs, pmax, AP, RC + self test @@ -1124,9 +1129,9 @@ TRNG_ALT4$(OBJSUFX): $(TRNG_DIR)/TRNG_ALT4.c $(TRNG_DIR)/timer_entropy.h $(PRN # Common code for all the TRNG's -ICC_NRBG$(OBJSUFX): $(TRNG_DIR)/ICC_NRBG.c $(TRNG_DIR)/ICC_NRBG.h \ +ICC_NRBG$(OBJSUFX): $(TRNG_DIR)/ICC_NRBG.c $(TRNG_DIR)/ICC_NRBG.h \ $(TRNG_DIR)/TRNG_FIPS.h $(TRNG_DIR)/TRNG_ALT.h $(TRNG_DIR)/TRNG_ALT4.h - $(CC) $(CFLAGS) $(TRNG_HDRS) $(TRNG_DIR)/ICC_NRBG.c + $(CC) $(CFLAGS) $(TRNG_HDRS) $(TRNG_DIR)/ICC_NRBG.c # API access direct to the TRNG's, mainly for testing @@ -1174,22 +1179,22 @@ signer$(EXESUFX): signer$(OBJSUFX) $(SLIBCRYPTO) # ref tools.mk icclib_sa uses extsig.o extsig$(OBJSUFX): extsig.c - $(CC) $(CFLAGS) -I$(SDK_DIR) -I$(OSSLINC_DIR) extsig.c + $(CC) $(CFLAGS) -I$(SDK_DIR) -I$(OSSLINC_DIR) extsig.c #- Build ICC Err code iccerr$(OBJSUFX): iccerr.c iccerr.h $(SDK_DIR)/iccglobals.h - $(CC) $(CFLAGS) -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) iccerr.c + $(CC) $(CFLAGS) -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) iccerr.c #- Build ICC status message code status$(OBJSUFX): status.c status.h icclib.h - $(CC) $(CFLAGS) -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) status.c + $(CC) $(CFLAGS) -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) status.c #- Build ICC FIPS code # include a sanity check for the pubkey.h include file - should be DER encoding - we can get a broken one on ZOSa -fips$(OBJSUFX): pubkey.h fips.c fips.h icclib.h iccerr.h $(PRNG_DIR)/fips-prng-RAND.h tracer.h +fips$(OBJSUFX): pubkey.h fips.c fips.h icclib.h iccerr.h $(PRNG_DIR)/fips-prng-RAND.h tracer.h cat pubkey.h grep " 0x30,0x82," pubkey.h - $(CC) $(CFLAGS) -I./ -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) fips.c + $(CC) $(CFLAGS) -I./ -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) fips.c #- Compile the FIPS prng code fips-prng-err$(OBJSUFX): $(PRNG_DIR)/fips-prng-err.c $(PRNG_DIR)/fips-prng-err.h @@ -1215,33 +1220,33 @@ SP800-90HMAC$(OBJSUFX): $(PRNG_DIR)/SP800-90HMAC.c \ $(CC) $(CFLAGS) -I./ -I$(ICC_ROOT)/$(ZLIB) -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) $(PRNG_DIR)/SP800-90HMAC.c ds$(OBJSUFX): $(PRNG_DIR)/ds.c $(PRNG_DIR)/ds.h - $(CC) $(CFLAGS) -I./ -I$(PRNG_DIR) $(PRNG_DIR)/ds.c + $(CC) $(CFLAGS) -I./ -I$(PRNG_DIR) $(PRNG_DIR)/ds.c utils$(OBJSUFX): $(PRNG_DIR)/utils.c $(PRNG_DIR)/utils.h - $(CC) $(CFLAGS) -I./ -I$(PRNG_DIR) $(PRNG_DIR)/utils.c + $(CC) $(CFLAGS) -I./ -I$(PRNG_DIR) $(PRNG_DIR)/utils.c # KDF's SP800-108$(OBJSUFX): SP800_108/SP800-108.c SP800_108/SP800-108.h - $(CC) $(CFLAGS) -I./ -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) SP800_108/SP800-108.c + $(CC) $(CFLAGS) -I./ -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) SP800_108/SP800-108.c # Key Wrap SP80038F$(OBJSUFX): SP800_38F/SP80038F.c SP800_38F/SP80038F.h - $(CC) $(CFLAGS) -I./ -Ifips-prng/ -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) SP800_38F/SP80038F.c + $(CC) $(CFLAGS) -I./ -Ifips-prng/ -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) SP800_38F/SP80038F.c #- Build platform dependent code platform$(OBJSUFX): platform.c platform.h - $(CC) $(CFLAGS) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) -I./ -I$(SDK_DIR)/ platform.c + $(CC) $(CFLAGS) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) -I./ -I$(SDK_DIR)/ platform.c platfsl$(OBJSUFX): platfsl.c platfsl.h platform.h - $(CC) $(CFLAGS) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I./ -I$(SDK_DIR)/ platfsl.c + $(CC) $(CFLAGS) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I./ -I$(SDK_DIR)/ platfsl.c # ICCLIB_LINK is never defined. #- Build ICC static library stub $(ICCLIB): $(MYICC)$(OBJSUFX) - $(AR) $(ARFLAGS) $(MYICC)$(OBJSUFX) $(ICCLIB_LINK) + $(AR) $(ARFLAGS) $(MYICC)$(OBJSUFX) $(ICCLIB_LINK) # Copy the ICC static library stub to the sdk directory # Done this way so we can build fat libs on OS/X without circular dependencies @@ -1258,8 +1263,8 @@ $(ICCLIB_SDK): $(ICCLIB) $(SDK_DIR) $(MYICC).c: icc.c $(CP) icc.c $@ -$(MYICC)$(OBJSUFX): $(MYICC).c icc_a.c icc.h icc_a.h platform.h iccversion.h - $(CC) $(CFLAGS) $(SDKFLAGS) -I./ -I$(OSSLINC_DIR) -I$(OSSL_DIR) $(MYICC).c $(OUT)$@ +$(MYICC)$(OBJSUFX): $(MYICC).c icc_a.c $(SDK_DIR)/icc.h $(SDK_DIR)/icc_a.h platform.h iccversion.h + $(CC) $(CFLAGS) $(SDKFLAGS) -I$(SDK_DIR)/ -I$(OSSLINC_DIR) -I$(OSSL_DIR) $(MYICC).c $(OUT)$@ # Notes: # ICCLIB is the ICC module static library (defined locally) @@ -1273,8 +1278,8 @@ $(ICCTEST): $(ICCDLL) $(ICCLIB) icctest$(OBJSUFX) #- Compile the ICC test code source -icctest$(OBJSUFX): icctest.c icc.h icc_a.h iccglobals.h - $(CC) $(CFLAGS) -I./ icctest.c +icctest$(OBJSUFX): icctest.c $(SDK_DIR)/icc.h $(SDK_DIR)/icc_a.h $(SDK_DIR)/iccglobals.h + $(CC) $(CFLAGS) -I$(SDK_DIR)/ icctest.c # libcrypto.sl.1.1.1 is another alias - usually libcrypto.sl.1.1 @@ -1282,7 +1287,7 @@ icctest$(OBJSUFX): icctest.c icc.h icc_a.h iccglobals.h $(OSSLOBJ_DIR)/$(SHLPRFX)crypto$(SHLSUFX).$(OPENSSL_LIBVER): Build_OSSL_Complete $(RM) $@ - -ln -s $(OSSLOBJ_DIR)/$(SHLPRFX)crypto$(SHLSUFX) $@ + -ln -s $(OSSLOBJ_DIR)/$(SHLPRFX)crypto$(SHLSUFX) $@ # this is in WIN_like.mk - probably should be here instead #$(ICC_ROOT)/$(OPENSSL_VER)/apps/openssl$(OBJSUFX): $(ICC_ROOT)/$(OPENSSL_VER)/apps/openssl.c @@ -1329,9 +1334,9 @@ show_config: echo "ICC VERSION = " "$(ICC_VERSION_VER).$(ICC_VERSION_REL)" echo "OPSYS = " "$(OPSYS)" echo "CONFIG = " "$(CONFIG)" - echo "BUILD = " "$(BUILD)" - echo "ZLIB = " "$(ZLIB)" - echo "XPLINK = " "$(XPLINK)" + echo "BUILD = " "$(BUILD)" + echo "ZLIB = " "$(ZLIB)" + echo "XPLINK = " "$(XPLINK)" echo "PQC_TARGET = " "$(PQC_TARGET)" echo "ARGON = " "$(ARGON)" echo "========== Directories ============" @@ -1414,9 +1419,12 @@ show_config: echo "EXTRAS = " "$(EXTRAS)" echo "TARGETS = " "$(TARGETS)" echo "MANIFESTS = " "$(MANIFESTS)" - echo "CAVSON = " "$(CAVSON)" - echo "CAVSBVT = " "$(CAVSBVT)" - echo + @echo "CAVSON = " "$(CAVSON)" + @echo "CAVSBVT = " "$(CAVSBVT)" + @echo + @echo "LIBOQS_VER = " "$(LIBOQS_VER)" + @echo "LIBDKS_VER = " "$(LIBDKS_VER)" + @echo show_ossl: @echo "E_OBJ = " "$(E_OBJ)" diff --git a/icc/fips.c b/icc/fips.c index c99c642..4b6e203 100644 --- a/icc/fips.c +++ b/icc/fips.c @@ -62,7 +62,7 @@ struct DSA_SIG_st { static void GenerateKAData(ICClib *iccLib,ICC_STATUS *stat); -#endif +#endif /* may also use this for debugging */ void iccPrintBytes(unsigned char bytes[], int len); @@ -616,7 +616,7 @@ static const unsigned char rsa_privK_ka[] = 0x71, 0x8D, 0x13, 0x84, 0xF9, 0xCB, 0x85, 0xF4, 0xBE, 0x97, 0x04, 0x37, 0xD0, 0x9F, 0x02, 0x38, 0x40, 0xDC, 0x87, 0x11, 0x42, 0x3B, 0xB5, 0x06, 0x52, 0xF2, 0xFD, 0xCD, 0x20, 0x59, 0x71, 0x8A, 0x4B, 0x1F, 0x3D, 0x75, 0xB5, 0x98, 0xE3, 0xD5, 0x32, 0x40, 0x8A, 0x88, 0xCC, 0x65, 0xFB, 0xAB}; - + /** \known Data: (aes_ka) AES-256 output */ static const unsigned char aes_ka[]= { 0x03,0x81,0x39,0x0C,0x8A,0xA4,0x68,0x79, @@ -1406,25 +1406,25 @@ static int GenerateSig(ICC_STATUS *stat,EVP_PKEY *pkey,unsigned char *sig,size_t } rc = EVP_DigestSignInit(md_ctx,&pctx,md,NULL,pkey); if (1 == rc) { - switch(flags) { - case RSA_PKCS1_PADDING: + switch (flags) { + case RSA_PKCS1_PADDING: rc = EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PADDING); - break; - case RSA_PKCS1_PSS_PADDING: + break; + case RSA_PKCS1_PSS_PADDING: rc = EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING); if (1 == rc) rc = EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, RSA_PSS_SALTLEN_AUTO); if (1 == rc) /*rc =*/ EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(pctx, md); - break; - default: - break; - } + break; + default: + break; + } } - if(1 == rc) { + if (1 == rc) { rc = EVP_SignUpdate(md_ctx,in,sizeof(in)); if (1 == rc) rc = EVP_DigestSignFinal(md_ctx,sig,sigL); } EVP_MD_CTX_free(md_ctx); - if(1 != rc) { + if (1 != rc) { #if 0 int errc = 0; char* errs = (char *)malloc(120); @@ -1475,20 +1475,20 @@ static int VerifySig(ICC_STATUS *stat,EVP_PKEY *pkey,const unsigned char *sig,si rc = -1; } else { - rc = EVP_DigestVerifyInit(md_ctx,&pctx,md,NULL,pkey); - switch(flags) { - case RSA_PKCS1_PADDING: - EVP_PKEY_CTX_set_rsa_padding(pctx,RSA_PKCS1_PADDING); - break; - case RSA_PKCS1_PSS_PADDING: - EVP_PKEY_CTX_set_rsa_padding(pctx,RSA_PKCS1_PSS_PADDING); - break; + rc = EVP_DigestVerifyInit(md_ctx, &pctx, md, NULL, pkey); + switch (flags) { + case RSA_PKCS1_PADDING: + EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PADDING); + break; + case RSA_PKCS1_PSS_PADDING: + EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING); + break; case RSA_PKCS1_OAEP_PADDING: EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_OAEP_PADDING); break; - default: - break; - } + default: + break; + } } if(1 == rc) { EVP_SignUpdate(md_ctx,tmp,sizeof(in)); @@ -1962,7 +1962,7 @@ int iccDHTest(ICC_STATUS *icc_stat) /* note that the private key is much shorter than normally used * but still g ** priv_key > p */ - priv_key = BN_new(); + priv_key = BN_new(); BN_bin2bn(dh_test_2048_priv_key,sizeof(dh_test_2048_priv_key),priv_key); pub_key = BN_new(); BN_bin2bn(dh_test_2048_pub_key, sizeof(dh_test_2048_pub_key), pub_key); @@ -3094,7 +3094,7 @@ static int KATest(ICC_STATUS *stat,EVP_PKEY *pkey, const unsigned char *sig,size @return ICC_OK or ICC_ERROR @note This is only usable with a broken RNG. We verify sig, then sign and check we get the same answer -*/ +*/ static int KATest_broken(ICC_STATUS *stat,EVP_PKEY *pkey, const unsigned char *sig,size_t outL,unsigned int flags,const char *msg,int error) { unsigned char *isig = NULL; @@ -3164,12 +3164,12 @@ static void iccRSACipherTest(ICClib *iccLib, RSA *rsa, int padding, if (ICC_ERROR != rv) { if (encWithPrivate) { - evpRC = RSA_private_encrypt(inL, in, outEncrypted, rsa, padding); - if (evpRC < 0) { - OpenSSLError(iccLib, icc_stat, __FILE__, __LINE__); - rv = ICC_ERROR; - } - } + evpRC = RSA_private_encrypt(inL, in, outEncrypted, rsa, padding); + if (evpRC < 0) { + OpenSSLError(iccLib, icc_stat, __FILE__, __LINE__); + rv = ICC_ERROR; + } + } else { evpRC = RSA_public_encrypt(inL, in, outEncrypted, rsa, padding); if (evpRC < 0) { @@ -4673,11 +4673,11 @@ void iccDoKnownAnswer(ICClib * iccLib, ICC_STATUS * icc_stat) { if (ICC_OK == icc_stat->majRC) { int encWithPrivate = 1; - tmp = RSA_key; - d2i_RSAPrivateKey(&rsaKey, &tmp, sizeof(RSA_key)); + tmp = RSA_key; + d2i_RSAPrivateKey(&rsaKey, &tmp, sizeof(RSA_key)); iccRSACipherTest(iccLib, rsaKey, 1, encWithPrivate, in, sizeof(in), rsa_privK_ka, sizeof(rsa_privK_ka), - icc_stat); + icc_stat); } if (ICC_OK == icc_stat->majRC) diff --git a/icc/functions.txt b/icc/functions.txt index a8c4a22..a798735 100644 --- a/icc/functions.txt +++ b/icc/functions.txt @@ -2816,6 +2816,10 @@ OPENSSLPREFIX=; 0abcd int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,int cmd, int p1, void *p2); +# Algorithm specific ctrl functions are not supported - use EVP_PKEY_CTX_ctrl instead. + +# 0abcd int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); + #; #! @brief Enhanced signing for the EVP layer. Needed for PSS, DSA2 ; #! @param ctx A digest context ; diff --git a/icc/icc.c b/icc/icc.c index 19e53c6..ff35260 100644 --- a/icc/icc.c +++ b/icc/icc.c @@ -48,7 +48,7 @@ const char ICC_SCCSInfo[] = "@(#)FileVersion: " ICC_PRODUCT_VERSION "\n" "@(#)LegalCopyright: Licensed Materials - Property of IBM\n" "@(#) ICC\n" - "@(#) (C) Copyright IBM Corp. 2002,2018\n" + "@(#) (C) Copyright IBM Corp. 2002,2026\n" "@(#) All Rights Reserved. US Government Users\n" "@(#) Restricted Rights - Use, duplication or disclosure\n" "@(#) restricted by GSA ADP Schedule Contract with IBM Corp.\n" diff --git a/icc/icc.h b/icc/icc.h index 0cc056c..ef06a08 100644 --- a/icc/icc.h +++ b/icc/icc.h @@ -286,7 +286,7 @@ typedef struct ICC_EVP_KDF_t ICC_EVP_KDF; typedef struct ICC_EVP_KDF_CTX_t ICC_EVP_KDF_CTX; /* Include autogenerated API prototypes/defines */ -#include +#include "icc_a.h" #ifdef __cplusplus } diff --git a/icc/icc_curr_version b/icc/icc_curr_version index 121b13a..53cca03 100644 --- a/icc/icc_curr_version +++ b/icc/icc_curr_version @@ -1 +1 @@ -8.9.18 +8.9.21 diff --git a/icc/icc_defs.mk b/icc/icc_defs.mk index 0b06215..662ea2c 100644 --- a/icc/icc_defs.mk +++ b/icc/icc_defs.mk @@ -22,9 +22,18 @@ DEFAULT_debug_FILES = icclib$(VTAG).pdb openssl.pdb vc90.pdb \ $(OSSL_DIR)/out32dll/libeay32.pdb DEFAULT_MANIFESTS = -OQS_K_ALGS = KEM_kyber_512;KEM_kyber_768;KEM_kyber_1024 -OQS_D_ALGS = SIG_dilithium_2;SIG_dilithium_3;SIG_dilithium_5 -OQS_S_ALGS = SIG_sphincs_shake_128s_simple;SIG_sphincs_shake_128f_simple;SIG_sphincs_shake_192s_simple;SIG_sphincs_shake_192f_simple;SIG_sphincs_shake_256s_simple;SIG_sphincs_shake_256f_simple;SIG_sphincs_sha2_128s_simple;SIG_sphincs_sha2_128f_simple;SIG_sphincs_sha2_192s_simple;SIG_sphincs_sha2_192f_simple;SIG_sphincs_sha2_256s_simple;SIG_sphincs_sha2_256f_simple +# +#cd ../liboqs && cmake -G "Unix Makefiles" -DOQS_MINIMAL_BUILD="KEM_kyber_512;KEM_kyber_768;KEM_kyber_1024;SIG_ml_dsa_44;SIG_ml_dsa_65;SIG_ml_dsa_87;SIG_sphincs_shake_128s_simple;SIG_sphincs_shake_128f_simple;SIG_sphincs_shake_192s_simple;SIG_sphincs_shake_192f_simple;SIG_sphincs_shake_256s_simple;SIG_sphincs_shake_256f_simple;SIG_sphincs_sha2_128s_simple;SIG_sphincs_sha2_128f_simple;SIG_sphincs_sha2_192s_simple;SIG_sphincs_sha2_192f_simple;SIG_sphincs_sha2_256s_simple;SIG_sphincs_sha2_256f_simple" -DOQS_BUILD_ONLY_LIB=ON -DOQS_USE_OPENSSL=OFF . +# + +#OQS_K_ALGS = KEM_kyber_512;KEM_kyber_768;KEM_kyber_1024; +OQS_K_ALGS = KEM_ml_kem_768;KEM_ml_kem_768;KEM_ml_kem_1024 +#OQS_D_ALGS = SIG_dilithium_2;SIG_dilithium_3;SIG_dilithium_5 +OQS_D_ALGS = SIG_ml_dsa_44;SIG_ml_dsa_65;SIG_ml_dsa_87 +#OQS_S_ALGS = SIG_sphincs_shake_128s_simple;SIG_sphincs_shake_128f_simple;SIG_sphincs_shake_192s_simple;SIG_sphincs_shake_192f_simple;SIG_sphincs_shake_256s_simple;SIG_sphincs_shake_256f_simple; +#OQS_S_ALGS += SIG_sphincs_sha2_128s_simple;SIG_sphincs_sha2_128f_simple;SIG_sphincs_sha2_192s_simple;SIG_sphincs_sha2_192f_simple;SIG_sphincs_sha2_256s_simple;SIG_sphincs_sha2_256f_simple +OQS_S_ALGS = SIG_slh_dsa_pure_shake_128s;SIG_slh_dsa_pure_shake_128f;SIG_slh_dsa_pure_shake_192s;SIG_slh_dsa_pure_shake_192f;SIG_slh_dsa_pure_shake_256s;SIG_slh_dsa_pure_shake_256f; +OQS_S_ALGS += SIG_slh_dsa_pure_sha2_128s;SIG_slh_dsa_pure_sha2_128f;SIG_slh_dsa_pure_sha2_192s;SIG_slh_dsa_pure_sha2_192f;SIG_slh_dsa_pure_sha2_256s;SIG_slh_dsa_pure_sha2_256f OQS_FLAGS = -DOQS_MINIMAL_BUILD="$(OQS_K_ALGS);$(OQS_D_ALGS);$(OQS_S_ALGS)" -DOQS_BUILD_ONLY_LIB=ON -DOQS_USE_OPENSSL=OFF # ICC is going to link the static lib. But applications normally link to the .dll. There is no way to build both at once so uncomment this line to get .so/.dll #OQS_FLAGS =+ -DBUILD_SHARED_LIBS=ON @@ -60,7 +69,7 @@ $(OPSYS)_MANIFESTS = $(DEFAULT_MANIFESTS) #LIBOQS stuff -LIBOQS_VER=-0.10.0 +LIBOQS_VER=-0.15.0 WIN32_LIBOQS_LIB_release=Release WIN32_LIBOQS_LIB_debug=Debug @@ -123,7 +132,7 @@ PQC_TESTS_LIBDKS=tests_dks # This just enables it per platform. PQC=xxx selects the support #PQC will be LIBDKS LIBOQS or undefined -# default to LIBDKS where PQC is enabled, set PQC=NONE on command line to disable +# default to LIBOQS where PQC is enabled, set PQC=LIBDKS or PQC=NONE on command line to change PQC=LIBDKS LINUX_PQCLIBS=$(PQCLIBS_$(PQC)) @@ -385,8 +394,14 @@ WIN64_VS2022_OSSLDLL_NAME = $(WIN32_OSSLDLL_NAME) WIN64_VS2022_MY_OSSLDLL_NAME = $(WIN32_MY_OSSLDLL_NAME) #WIN64_VS2022_OSSLINC_DIR = $(OSSL_DIR)/inc32 WIN64_VS2022_OSSLINC_DIR = $(OSSL_DIR)/include -WIN64_VS2022_BUILD_OSSL = platforms\$(OPENSSL_LIBVER)\b64_VS2022.bat $(OPENSSL_VER) $(OPENSSL_$(CONFIG)_FLAG) -WIN64_VS2022_CLEAN_OSSL = rm $(OSSL_DIR)/*.dll; rm $(OSSL_DIR)/*.ilk ; rm $(OSSL_DIR)/*/*.obj ; rm $(OSSL_DIR)/*/*/*.obj ; find . -name \*.obj -type f -delete ; rm openssl.c +WIN64_VS2022_BUILD_OSSL = cd $(OSSL_DIR); perl Configure VC-WIN64A $(OSSL_FLAGS) && ( export MAKE=nmake ; export MAKEFLAGS= ; nmake ) && \ +( mkdir tmp32dll ; \ +for x in crypto ms apps ssl crypto/async/arch crypto/ec/curve448 crypto/ec/curve448/arch_32/ ; do cp $$x/*.obj tmp32dll/ ; done ; \ +for x in crypto/*/*.obj ; do cp $$x tmp32dll/ ; done ; \ +for x in ssl/*/*.obj ; do cp $$x tmp32dll/ ; done ) + +#platforms/$(OPENSSL_LIBVER)/b64_VS2022.sh $(OPENSSL_VER) $(OPENSSL_$(CONFIG)_FLAG) +WIN64_VS2022_CLEAN_OSSL = rm $(OSSL_DIR)/*.dll; rm $(OSSL_DIR)/*.ilk ; rm $(OSSL_DIR)/*/*.obj ; rm $(OSSL_DIR)/*/*/*.obj ; find $(OSSL_DIR) -name \*.obj -type f -delete ; rm openssl.c WIN64_VS2022_release_OSSL_SUFFIX = WIN64_VS2022_debug_OSSL_SUFFIX = WIN64_VS2022_release_EXPORT = export OSSL_RELEASE=1 diff --git a/icc/icc_minor_version.h b/icc/icc_minor_version.h index b636bfa..a4df01e 100644 --- a/icc/icc_minor_version.h +++ b/icc/icc_minor_version.h @@ -1 +1 @@ -#define ICC_VERSION_MOD 18 +#define ICC_VERSION_MOD 21 diff --git a/icc/iccdef.h b/icc/iccdef.h index 562febf..ad55069 100644 --- a/icc/iccdef.h +++ b/icc/iccdef.h @@ -1,8 +1,8 @@ /************************************************************************* // Copyright IBM Corp. 2023 // -// Licensed under the Apache License 2.0 (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy +// Licensed under the Apache License 2.0 (the "License"). You may not use +// this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. *************************************************************************/ diff --git a/icc/iccerr.h b/icc/iccerr.h index 7019023..a7086fa 100644 --- a/icc/iccerr.h +++ b/icc/iccerr.h @@ -7,8 +7,8 @@ *************************************************************************/ /* -// Description: -// This incoporates ICC into the error facilities of openSSL. +// Description: +// This incoporates ICC into the error facilities of openSSL. */ #ifndef INCLUDED_ICCERR diff --git a/icc/iccglobals.h b/icc/iccglobals.h index 951f51e..b6208a0 100644 --- a/icc/iccglobals.h +++ b/icc/iccglobals.h @@ -208,10 +208,21 @@ typedef enum { /* Note that it's a const ICC_EVP_MD * that's passed or returned (return from ICC_EVP_get_digestbyname()) */ +#define ICC_EVP_PKEY_CTRL_RSA_KEYGEN_BITS (ICC_EVP_PKEY_ALG_CTRL + 3) +#define ICC_EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (ICC_EVP_PKEY_ALG_CTRL + 4) #define ICC_EVP_PKEY_CTRL_RSA_MGF1_MD (ICC_EVP_PKEY_ALG_CTRL + 5) #define ICC_EVP_PKEY_CTRL_GET_RSA_PADDING (ICC_EVP_PKEY_ALG_CTRL + 6) #define ICC_EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (ICC_EVP_PKEY_ALG_CTRL + 7) #define ICC_EVP_PKEY_CTRL_GET_RSA_MGF1_MD (ICC_EVP_PKEY_ALG_CTRL + 8) + +# define ICC_EVP_PKEY_CTRL_RSA_OAEP_MD (ICC_EVP_PKEY_ALG_CTRL + 9) +# define ICC_EVP_PKEY_CTRL_RSA_OAEP_LABEL (ICC_EVP_PKEY_ALG_CTRL + 10) + +# define ICC_EVP_PKEY_CTRL_GET_RSA_OAEP_MD (ICC_EVP_PKEY_ALG_CTRL + 11) +# define ICC_EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (ICC_EVP_PKEY_ALG_CTRL + 12) + +# define ICC_EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (ICC_EVP_PKEY_ALG_CTRL + 13) + /*! @brief Magic numbers for Diffie-Hellman key generation. These are the supported types. @@ -516,9 +527,13 @@ typedef enum { checkers will complain. To clear the callback, close the context and create a new one.*/ - + ICC_TRACE_CALLBACK = 21, /*!< Set the Trace callback in THIS context */ + ICC_MODULE_NAME = 22, /*!< ICC Module name (RO) + - FIPS: Allowed in FIPS mode + - Reason: only reads data + */ GSK_ICC_ACTIVE_LIBS = 52 /*!< Integer bit mask, the low two bits are used. Bit 0 = 1 the FIPS library is loadable Bit 1 = 1 the non-FIPS library is loadable @@ -686,4 +701,94 @@ typedef struct ICC_OSSL_PARAM_t ICC_OSSL_PARAM; } #endif +/* copies of OpenSSL's helper function macros */ + +# define ICC_EVP_PKEY_RSA_PSS NID_rsassaPss + +# define ICC_EVP_PKEY_OP_UNDEFINED 0 +# define ICC_EVP_PKEY_OP_PARAMGEN (1<<1) +# define ICC_EVP_PKEY_OP_KEYGEN (1<<2) +# define ICC_EVP_PKEY_OP_SIGN (1<<3) +# define ICC_EVP_PKEY_OP_VERIFY (1<<4) +# define ICC_EVP_PKEY_OP_VERIFYRECOVER (1<<5) +# define ICC_EVP_PKEY_OP_SIGNCTX (1<<6) +# define ICC_EVP_PKEY_OP_VERIFYCTX (1<<7) +# define ICC_EVP_PKEY_OP_ENCRYPT (1<<8) +# define ICC_EVP_PKEY_OP_DECRYPT (1<<9) +# define ICC_EVP_PKEY_OP_DERIVE (1<<10) + +# define ICC_EVP_PKEY_OP_TYPE_SIG \ + (ICC_EVP_PKEY_OP_SIGN | ICC_EVP_PKEY_OP_VERIFY | ICC_EVP_PKEY_OP_VERIFYRECOVER \ + | ICC_EVP_PKEY_OP_SIGNCTX | ICC_EVP_PKEY_OP_VERIFYCTX) +# define ICC_EVP_PKEY_OP_TYPE_CRYPT \ + (ICC_EVP_PKEY_OP_ENCRYPT | ICC_EVP_PKEY_OP_DECRYPT) + +# define ICC_EVP_PKEY_CTRL_MD 1 +# define ICC_EVP_PKEY_CTRL_GET_MD 13 + + +# define ICC_EVP_PKEY_CTX_set_rsa_padding(ctx, pctx, pad) \ + ICC_EVP_PKEY_CTX_ctrl(ctx,pctx,-1, -1, ICC_EVP_PKEY_CTRL_RSA_PADDING, pad, NULL) + +# define ICC_EVP_PKEY_CTX_get_rsa_padding(ctx, pctx, ppad) \ + ICC_EVP_PKEY_CTX_ctrl(ctx, pctx, -1, -1, ICC_EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad) + +# define ICC_EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, pctx, len) \ + ICC_EVP_PKEY_CTX_ctrl(ctx, pctx,-1, (ICC_EVP_PKEY_OP_SIGN|ICC_EVP_PKEY_OP_VERIFY), ICC_EVP_PKEY_CTRL_RSA_PSS_SALTLEN,len, NULL) + +# define ICC_EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, pctx, len) \ + ICC_EVP_PKEY_CTX_ctrl(ctx, pctx, ICC_EVP_PKEY_RSA_PSS, ICC_EVP_PKEY_OP_KEYGEN, \ + ICC_EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) + +# define ICC_EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, pctx, plen) \ + ICC_EVP_PKEY_CTX_ctrl(ctx, pctx, ICC_EVP_PKEY_RSA_PSS, (ICC_EVP_PKEY_OP_SIGN|ICC_EVP_PKEY_OP_VERIFY), \ + ICC_EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, plen) + +# define ICC_EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, pctx, bits) \ + ICC_EVP_PKEY_CTX_ctrl(ctx, pctx, ICC_EVP_PKEY_RSA, ICC_EVP_PKEY_OP_KEYGEN, \ + ICC_EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) + +# define ICC_EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pctx, pubexp) \ + ICC_EVP_PKEY_CTX_ctrl(ctx, pctx, ICC_EVP_PKEY_RSA, ICC_EVP_PKEY_OP_KEYGEN, \ + ICC_EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) + +# define ICC_EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, pctx, primes) \ + ICC_EVP_PKEY_CTX_ctrl(ctx, pctx, ICC_EVP_PKEY_RSA, ICC_EVP_PKEY_OP_KEYGEN, \ + ICC_EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, primes, NULL) + +# define ICC_EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, pctx, md) \ + ICC_EVP_PKEY_CTX_ctrl(ctx, pctx, ICC_EVP_PKEY_RSA, ICC_EVP_PKEY_OP_TYPE_SIG | ICC_EVP_PKEY_OP_TYPE_CRYPT, \ + ICC_EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +# define ICC_EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, pctx, md) \ + ICC_EVP_PKEY_CTX_ctrl(ctx, pctx, ICC_EVP_PKEY_RSA_PSS, ICC_EVP_PKEY_OP_KEYGEN, \ + ICC_EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +# define ICC_EVP_PKEY_CTX_set_rsa_oaep_md(ctx, pctx, md) \ + ICC_EVP_PKEY_CTX_ctrl(ctx, pctx, ICC_EVP_PKEY_RSA, ICC_EVP_PKEY_OP_TYPE_CRYPT, \ + ICC_EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)) + +# define ICC_EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pctx, pmd) \ + ICC_EVP_PKEY_CTX_ctrl(ctx, pctx, ICC_EVP_PKEY_RSA, ICC_EVP_PKEY_OP_TYPE_SIG | ICC_EVP_PKEY_OP_TYPE_CRYPT, \ + ICC_EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(pmd)) + +# define ICC_EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pctx, pmd) \ + ICC_EVP_PKEY_CTX_ctrl(ctx, pctx, ICC_EVP_PKEY_RSA, ICC_EVP_PKEY_OP_TYPE_CRYPT, \ + ICC_EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)(pmd)) + +# define ICC_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, pctx, l, llen) \ + ICC_EVP_PKEY_CTX_ctrl(ctx, pctx, ICC_EVP_PKEY_RSA, ICC_EVP_PKEY_OP_TYPE_CRYPT, \ + ICC_EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l)) + +# define ICC_EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, pctx, l) \ + ICC_EVP_PKEY_CTX_ctrl(ctx, pctx, ICC_EVP_PKEY_RSA, ICC_EVP_PKEY_OP_TYPE_CRYPT, \ + ICC_EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)(l)) + +# define ICC_EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, pctx, md) \ + ICC_EVP_PKEY_CTX_ctrl(ctx, pctx, ICC_EVP_PKEY_RSA_PSS, \ + ICC_EVP_PKEY_OP_KEYGEN, ICC_EVP_PKEY_CTRL_MD, \ + 0, (void *)(md)) + + + #endif /*INCLUDED_ICCGLOBALS*/ diff --git a/icc/icclib.c b/icc/icclib.c index 3d60265..a0b1790 100644 --- a/icc/icclib.c +++ b/icc/icclib.c @@ -50,7 +50,7 @@ #define V1_1_1 1 #define ICCLIB 1 -/* note - not icc.h ! */ +/* note this is the module icc_a.h - not icc.h or step library icc_a.h ! */ #include "icc_a.h" #undef ICCLIB #include "icc_common.h" @@ -688,7 +688,7 @@ void OpenCheckFiles(FILE **sigfile,FILE **self) strncat(tmppath,"/",MAX_PATH); ptr = tmppath + strlen(tmppath); #if defined(STANDALONE_ICCLIB) - strncat(tmppath,"ICCLIB_SA.txt",MAX_PATH); + strncat(tmppath,"ICCLIB_SA.txt",MAX_PATH); #else strncat(tmppath,"ICCSIG.txt",MAX_PATH); #endif @@ -696,7 +696,7 @@ void OpenCheckFiles(FILE **sigfile,FILE **self) MARK(tmppath,(*sigfile) != NULL ? "Opened ICCSIG.txt": "Failed Open ICCSIG.txt"); /** \induced 150. Signature test, fopen() failed on external file in ASCCI mode. (Differs from 151 only on Windows platforms) - */ + */ if(150 == icc_failure) { fclose(*sigfile); *sigfile = NULL; @@ -705,11 +705,11 @@ void OpenCheckFiles(FILE **sigfile,FILE **self) #if defined(_WIN32) if(NULL == *sigfile) { ptr = NULL; - FUNCTION_NAME(MYNAME,_pathW)(tmppathW,MAX_PATH-20); + FUNCTION_NAME(MYNAME,_pathW)(tmppathW,MAX_PATH-20); wcsncat(tmppathW,L"/",MAX_PATH); wptr = tmppathW + wcslen(tmppathW); # if defined(STANDALONE_ICCLIB) - wcsncat(tmppathW,L"ICCLIB_SA.txt",MAX_PATH); + wcsncat(tmppathW,L"ICCLIB_SA.txt",MAX_PATH); # else wcsncat(tmppathW,L"ICCSIG.txt",MAX_PATH); # endif @@ -1341,6 +1341,11 @@ int SetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, (char *)"Attempted to set an unsettable value ID", __FILE__, __LINE__); break; + case ICC_MODULE_NAME: + SetStatusLn(pcb, status, ICC_ERROR, ICC_UNSUPPORTED_VALUE_ID, + (char*)"Attempted to set an unsettable value ID - ICC_MODULE_NAME", __FILE__, + __LINE__); + break; case ICC_MEMORY_ALLOC: SetStatusLn(pcb, status, ICC_WARNING, ICC_VALUE_NOT_SET, (char *)"Memory callbacks are unsafe (function deprecated, " @@ -1561,10 +1566,22 @@ int GetValue (ICClib * pcb, ICC_STATUS * status,ICC_VALUE_IDS_ENUM valueID, MARK("ICC_INSTALL_PATH", (NULL != value) ? (char *)value : ""); break; case ICC_VERSION: + if (valueLength > sizeof(Global.version)) + valueLength = sizeof(Global.version); strncpy ((char *) value, Global.version,valueLength-1); ((char *)value)[valueLength - 1] = '\0'; MARK("ICC_VERSION",(char *)value); break; + case ICC_MODULE_NAME: + { + static const char moduleName[] = "OpenCryptographyKitC"; + if (valueLength > sizeof(moduleName)) + valueLength = sizeof(moduleName); + strncpy((char*)value, moduleName, valueLength - 1); + ((char*)value)[valueLength - 1] = '\0'; + MARK("ICC_MODULE_NAME", (char*)value); + } + break; case ICC_MEMORY_ALLOC: *(void **) value = NULL; break; @@ -3313,9 +3330,9 @@ d2i_PQCPrivateKey(EVP_PKEY* pkey, const unsigned char** pp, long length) #endif #ifdef LIBOQS -#define ICC_SIG_alg_dilithium_2 OQS_SIG_alg_dilithium_2 -#define ICC_SIG_alg_dilithium_3 OQS_SIG_alg_dilithium_3 -#define ICC_SIG_alg_dilithium_5 OQS_SIG_alg_dilithium_5 +#define ICC_SIG_alg_dilithium_2 OQS_SIG_alg_ml_dsa_44 +#define ICC_SIG_alg_dilithium_3 OQS_SIG_alg_ml_dsa_65 +#define ICC_SIG_alg_dilithium_5 OQS_SIG_alg_ml_dsa_87 #else #define ICC_SIG_alg_dilithium_2 "dilithium_2" #define ICC_SIG_alg_dilithium_3 "dilithium_3" diff --git a/icc/icctest.c b/icc/icctest.c index be6853b..123bd8e 100644 --- a/icc/icctest.c +++ b/icc/icctest.c @@ -2773,8 +2773,7 @@ static int doJavaSecPKEYAPITests(ICC_CTX *icc_ctx) retcode = ICC_EVP_PKEY_set1_RSA(icc_ctx,pkey,rsa); pctx = ICC_EVP_PKEY_CTX_new(icc_ctx,pkey,NULL); retcode = ICC_EVP_PKEY_encrypt_init(icc_ctx,pctx); - /* EVP_PKEY_CTX_set_rsa_padding(ctx, pad); Is a macro */ - ICC_EVP_PKEY_CTX_ctrl(icc_ctx,pctx,ICC_EVP_PKEY_RSA,-1,ICC_EVP_PKEY_CTRL_RSA_PADDING,ICC_RSA_NO_PADDING,NULL); + ICC_EVP_PKEY_CTX_set_rsa_padding(icc_ctx, pctx, ICC_RSA_NO_PADDING); OSSLE(icc_ctx); retcode = ICC_EVP_PKEY_encrypt_new(icc_ctx,pctx,NULL,&outlen,buf2,keylen/8); out = malloc(outlen); @@ -2905,6 +2904,31 @@ int doDualTest() { retcode = ICC_GetValue(ICC_ctx1,status,ICC_VERSION,value,ICC_VALUESIZE); printf("ICC #2 version %s\n",value); print_cfg(ICC_ctx1," "); + memset(value, 0, sizeof(value)); + { + static const char expModuleName[] = "IBM Crypto for C"; + retcode = ICC_GetValue(ICC_ctx, status, ICC_MODULE_NAME, value, ICC_VALUESIZE); + if (retcode == ICC_OK) { + printf("ICC #1 module name [%s]\n", value); + if (memcmp(value, expModuleName, sizeof(expModuleName))) { + printf("ICC #1 module name incorrect\n"); + } + } + else { + printf("ICC #1 NO module name\n"); + } + memset(value, 0, sizeof(value)); + retcode = ICC_GetValue(ICC_ctx1, status, ICC_MODULE_NAME, value, ICC_VALUESIZE); + if (retcode == ICC_OK) { + printf("ICC #2 module name [%s]\n", value); + if (memcmp(value, expModuleName, sizeof(expModuleName))) { + printf("ICC #2 module name incorrect\n"); + } + } + else { + printf("ICC #2 NO module name\n"); + } + } ICC_Cleanup(ICC_ctx,status); ICC_Cleanup(ICC_ctx1,status1); @@ -3441,6 +3465,22 @@ int doUnitTest(const char* iccPath, int test,char *fips, int unicode) version = VString2(value); printf("ICC version %s\n", value); print_cfg(ICC_ctx, " "); + { + static const char expModuleName[] = "OpenCryptographyKitC"; + value[0] = '\0'; + retcode = ICC_GetValue(ICC_ctx, status, ICC_MODULE_NAME, value, ICC_VALUESIZE); + if (retcode == ICC_OK) { + printf("ICC module name [%s]\n", value); + if (memcmp(value, expModuleName, sizeof(expModuleName))) { + printf("ICC module name incorrect\n"); + error = 1; + rv = ICC_FAILURE; + } + } + else { + printf("ICC NO module name\n"); + } + } } check_stack(0); check_stack(1); diff --git a/icc/iccversion.h b/icc/iccversion.h index b1e61e3..03ee18e 100644 --- a/icc/iccversion.h +++ b/icc/iccversion.h @@ -42,7 +42,7 @@ #define ICC_PRODUCT_NAME "ICC" #endif #if !defined(ICC_VERSION_MOD) -#define ICC_VERSION_MOD 18 +#define ICC_VERSION_MOD 21 #endif #if !defined(ICC_VERSION_FIX) #define ICC_VERSION_FIX 0 diff --git a/icc/induced.h b/icc/induced.h index a8d5ac6..ff75fb6 100644 --- a/icc/induced.h +++ b/icc/induced.h @@ -3,9 +3,9 @@ // Licensed under the Apache License 2.0 (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy // in the file LICENSE in the source distribution. -// +// // Description: -// Define flag for induced failure testing of ICC's error paths +// Define flag for induced failure testing of ICC's error paths // //----------------------------------------------------------------------------------*/ diff --git a/icc/loaded.c b/icc/loaded.c index 7ce369b..084bf16 100644 --- a/icc/loaded.c +++ b/icc/loaded.c @@ -244,7 +244,7 @@ static char *gskiccs8_loaded_from_i(struct ld_info *dllinfo,int entries) char *dirName = NULL; /*this library's initial directory name (may be relative) */ char *fname = NULL; /*this library's full path name */ - char *result = NULL; + char *result = NULL; int sts = 0; int foundit = 0; /* Set to 1 if we can actually locate a path */ char *rprv = NULL; diff --git a/icc/platforms/1.1.1/UNIX_like.mk b/icc/platforms/1.1.1/UNIX_like.mk index 98e6461..47cb549 100644 --- a/icc/platforms/1.1.1/UNIX_like.mk +++ b/icc/platforms/1.1.1/UNIX_like.mk @@ -8,12 +8,12 @@ $(ICC_RAND_OBJ): $(OSSLINC_DIR) icc_rand.c $(MYOPENSSL): $(SDK_DIR) openssl$(EXESUFX) - $(CP) openssl$(EXESUFX) $@ + $(CP) openssl$(EXESUFX) $@ openssl$(OBJSUFX): ../$(OPENSSL_VER)/apps/openssl.c $(CC) -DOPENSSL_NO_ENGINE $(CFLAGS) -I$(OSSLINC_DIR) -I$(OSSL_DIR)/apps/ -I$(OSSL_DIR) ../$(OPENSSL_VER)/apps/openssl.c -openssl$(EXESUFX): openssl$(OBJSUFX) $(E_OBJ) $(SLIBCRYPTO) $(SLIBSSL) platform$(OBJSUFX) +openssl$(EXESUFX): openssl$(OBJSUFX) Build_OSSL_Complete $(E_OBJ) $(SLIBCRYPTO) $(SLIBSSL) platform$(OBJSUFX) $(LD) $(LDFLAGS) openssl$(OBJSUFX) platform$(OBJSUFX) $(E_OBJ) $(SLIBSSL) $(OPENSSL_LIBS) $(SLIBCRYPTO) $(LDLIBS) $(STRIP) $@ diff --git a/icc/tools.mk b/icc/tools.mk index c117e32..0048c74 100644 --- a/icc/tools.mk +++ b/icc/tools.mk @@ -45,7 +45,7 @@ GENRNDFIPS_OBJS = GenRndDataFIPS$(OBJSUFX) platform$(OBJSUFX) \ #- Compile RNG data generator GenRndData$(OBJSUFX): tools/GenRndData.c - $(CC) $(CFLAGS) -I./ -I$(ZLIB_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(SDK_DIR) tools/GenRndData.c $(ASM_TWEAKS) + $(CC) $(CFLAGS) -I./ -I$(ZLIB_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(SDK_DIR) tools/GenRndData.c $(ASM_TWEAKS) GenRndData: $(GENRND_OBJS) $(SLIBCRYPTO) $(LD) $(LDFLAGS) $(GENRND_OBJS) $(LDLIBS) $(SLIBCRYPTO) @@ -80,7 +80,7 @@ GenRndData2$(OBJSUFX): tools/GenRndData2.c $(SDK_DIR)/icc.h $(SDK_DIR)/icc_a.h $ $(CC) $(CFLAGS) -I $(SDK_DIR) tools/GenRndData2.c GenRndData2$(EXESUFX): GenRndData2$(OBJSUFX) $(ICCLIB) - $(LD) $(LDFLAGS) GenRndData2$(OBJSUFX) $(ICCLIB) $(LDLIBS) + $(LD) $(LDFLAGS) GenRndData2$(OBJSUFX) $(ICCLIB) $(LDLIBS) $(SDK_DIR)/GenRndData2$(EXESUFX): $(SDK_DIR) GenRndData2$(EXESUFX) $(CP) GenRndData2$(EXESUFX) $@ diff --git a/icc_test/icc_loader.c b/icc_test/icc_loader.c index b172ffa..8624637 100644 --- a/icc_test/icc_loader.c +++ b/icc_test/icc_loader.c @@ -20,6 +20,10 @@ #include #endif +#if defined(_MSC_VER) +#define snprintf _snprintf +#endif + /* Define platform-specific macros for library handling */ #ifdef _WIN32 #define LOAD_LIBRARY(name) LoadLibraryExA(name, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) diff --git a/iccpkg/Makefile b/iccpkg/Makefile index 92ce042..d137c68 100644 --- a/iccpkg/Makefile +++ b/iccpkg/Makefile @@ -66,7 +66,7 @@ endif ifeq ($(findstring VS2022, $(OPSYS)), VS2022) SIGN_COMMAND = ../../signwindowsfile.ksh else -SIGN_COMMAND = /build/build/scripts/signwindowsfile.ksh +SIGN_COMMAND = /build/build/scripts/signwindowsfile.ksh endif # IBM Crypto for C perf tool @@ -162,7 +162,7 @@ SDK_HEADERS = $(GSK_SDK)/icc.h $(GSK_SDK)/icc_a.h $(GSK_SDK)/iccglobals.h $(GSK_ # our local dks integration and test code # sigtest and kemtest comes from here pqc_test_build: - "$(MAKE)" -C pqc all + "$(MAKE)" -C pqc all jcc_all ickc_all # only run the pqc test if we have pqc support present ifeq ($(strip $(PQCLIBS)),) @@ -456,15 +456,15 @@ clean: clean_jgsk clean_ickc -$(RM) *.o *.obj *.so *.dylib *.dll *.sl *.x *.lib -$(RM) *.ilk *.manifest *.pdb -$(RM) $(GSK_LIB) - -$(RM) $(GSK_LIB).unstripped + -$(RM) $(GSK_LIB).unstripped -$(RM) delta.exp - -$(RM) API_html/* + -$(RM) API_html/* -$(RM) -r $(GSK_SDK) -$(RM) -r $(TMP_SRC) $(TMP_OBJS) - -$(RM) exports_old/*.exp exports_old/iccstepZOS.h - "$(MAKE)" -C TOTP clean + -$(RM) exports_old/*.exp exports_old/*.def exports_old/iccstepZOS.h + -"$(MAKE)" -C TOTP clean -$(RM) Doxyfile - "$(MAKE)" -C pqc clean + -"$(MAKE)" -C pqc clean # Note: Need to rm after copy as Windows looks in the same directory as exe's @@ -512,9 +512,12 @@ cache_test$(OBJSUFX): gsk_wrap2.c gsk_wrap2_a.c $(ICC_ROOT)/icc/loaded.c name_ca # GSK_LIB and ICCPKG_LIBS is coming from gsk_crypto.mk - references the step import library # Note different from icc/icctest which links direct to the module +# Note need to copy icctest.c from ../icc/ because ../icc/icc.h and ../icc/icc_a.h (module) conflict with step library headers in $(GSK_SDK) icctest$(OBJSUFX): $(ICC_ROOT)/icc/icctest.c $(SDK_HEADERS) - $(CC) $(CFLAGS) -I$(GSK_SDK) -I$(ICC_ROOT)/icc -DICCPKG $(ICC_ROOT)/icc/icctest.c + $(CP) $(ICC_ROOT)/icc/icctest.c . + $(CC) $(CFLAGS) -I$(GSK_SDK) -I$(ICC_ROOT)/icc -DICCPKG icctest.c + $(RM) icctest.c icctest$(EXESUFX): icctest$(OBJSUFX) $(GSK_LIB) $(LD) $(LDFLAGS) icctest$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) @@ -527,7 +530,7 @@ $(GSK_SDK)/icctest$(EXESUFX): icctest$(EXESUFX) argon2_example$(EXESUFX): Argon2/argon2_example.c $(GSK_LIB) $(CC) $(CFLAGS) -I./ -I$(GSK_SDK) Argon2/argon2_example.c - $(LD) $(LDFLAGS) argon2_example$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) + $(LD) $(LDFLAGS) argon2_example$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) smalltest$(EXESUFX): $(ICC_ROOT)/icc/tools/smalltest.c $(GSK_LIB) $(CC) $(CFLAGS) -I./ -I$(GSK_SDK) -DICCPKG $(ICC_ROOT)/icc/tools/smalltest.c @@ -583,7 +586,7 @@ GenRndData2$(OBJSUFX): $(ICC_ROOT)/icc/tools/GenRndData2.c $(GSK_LIB) $(CC) $(CFLAGS) -I./ -I$(GSK_SDK) -DICCPKG $(ICC_ROOT)/icc/tools/GenRndData2.c GenRndData2$(EXESUFX): GenRndData2$(OBJSUFX) - $(LD) $(LDFLAGS) GenRndData2$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) + $(LD) $(LDFLAGS) GenRndData2$(OBJSUFX) $(ICCPKG_LIBS) $(LDLIBS) $(GSK_SDK)/GenRndData2$(EXESUFX): $(GSK_SDK) GenRndData2$(EXESUFX) $(CP) GenRndData2$(EXESUFX) $@ @@ -693,10 +696,10 @@ $(JINST_DIR)/C/icc/icclib/$(OLD_LIBICC): $(JINST_DIR)/C/icc/icclib Jruntime_setup_N: $(JINST_DIR)/N/icc/icclib/$(NEW_LIBICC) $(JINST_DIR)/N/icc/ReadMe.txt $(JINST_DIR)/N/icc/ReadMe.txt: $(JINST_DIR) $(RTE_DIR)/ReadMe.txt - -$(CP) $(RTE_DIR)/ReadMe.txt $@ + $(CP) $(RTE_DIR)/ReadMe.txt $@ $(JINST_DIR)/N/icc/icclib/$(NEW_LIBICC): $(JINST_DIR)/N/icc/icclib - -$(CP) $(RTE_DIR)/icclib/* $(JINST_DIR)/N/icc/icclib/ + $(CP) $(RTE_DIR)/icclib/* $(JINST_DIR)/N/icc/icclib/ Jruntime_setup: Jruntime_setup_C Jruntime_setup_N @@ -728,7 +731,7 @@ jcctest$(OBJSUFX): $(ICC_ROOT)/icc/icctest.c $(SDK_HEADERS) -$(RM) jcctest.c jcctest$(EXESUFX): jcctest$(OBJSUFX) $(JGSK_LIB) - $(LD) $(LDFLAGS) jcctest$(OBJSUFX) $(JCCPKG_LIBS) $(LDLIBS) + $(LD) $(LDFLAGS) jcctest$(OBJSUFX) $(JCCPKG_LIBS) $(LDLIBS) $(JGSK_SDK)/bin/jcctest$(EXESUFX): $(JGSK_SDK)/bin jcctest$(EXESUFX) $(CP) jcctest$(EXESUFX) $@ @@ -802,52 +805,56 @@ clean_ickc: # Tests. BVT -# GSK_SETUP comes from gsk_crypto.mk and sets PATH for these tests +# GSK_SETUP from gsk_crypto.mk can set the PATH for these tests if needed # ignored errors will be reported in the log # This is called from icc/Makefile:tests -PATH:=..\package\gskit_crypto;$(PATH) - -# make sure we show the log even if the test fails -log_init: - touch GSKIT_CRYPTO.log; $(RM) GSKIT_CRYPTO.log; touch GSKIT_CRYPTO.log -log_cat: - cat GSKIT_CRYPTO.log - $(RM) GSKIT_CRYPTO.log -log_rm: - -$(RM) GSKIT_CRYPTO.log - -tests: log_init chkiccload_test log_cat log_init icctest_test jcctest_test ickctest_test icctest_s_test log_cat pqc_tests + +.PHONY: jcc_log_init.% jcc_log_cat.% icc_log_init.% icc_log_cat.% + +jcc_log_init.%: + cd $(JGSK_DIR); touch GSKIT_CRYPTO.log; $(RM) GSKIT_CRYPTO.log; touch GSKIT_CRYPTO.log +jcc_log_cat.%: + cd $(JGSK_DIR); cat GSKIT_CRYPTO.log; $(RM) GSKIT_CRYPTO.log + +icc_log_init.%: + cd $(GSK_DIR); touch GSKIT_CRYPTO.log; $(RM) GSKIT_CRYPTO.log; touch GSKIT_CRYPTO.log +icc_log_cat.%: + cd $(GSK_DIR); cat GSKIT_CRYPTO.log; $(RM) GSKIT_CRYPTO.log + +tests: icc_log_init.1 chkiccload_test icc_log_cat.1 \ + icc_log_init.2 icctest_test ickctest_test icctest_s_test icc_log_cat.2 \ + jcc_log_init.1 jcctest_test jcc_log_cat.1 \ + pqc_tests @echo tests complete +# Windows cannot run the ./icctest from ./iccpkg. Due to the DLL Search Order on Windows, it will always pickup ./iccpkg/gsk8iccs_64.dll (Application's Directory) +# To be consistent we copy the test to the directory containing the ICC we wish to test on all platforms. e.g ../package/jgskit_crypto + +ifneq ("$(wildcard $(OPSYS)_MUPPET)", "") +CHKICCLOAD_ARGS=-f +else +CHKICCLOAD_ARGS=-f -n +endif + chkiccload_test: - $(GSK_SETUP); ./chkiccload + $(CP) ./chkiccload$(EXESUFX) $(GSK_DIR); cd $(GSK_DIR); \ + ./chkiccload$(EXESUFX) $(CHKICCLOAD_ARGS) && $(RM) chkiccload$(EXESUFX) icctest_test: - $(GSK_SETUP); ./icctest - -#LINUX - default -SYSLIBPATH=LD_LIBRARY_PATH -ifeq ($(findstring WIN, $(OPSYS)), WIN) -#WIN -SYSLIBPATH=PATH -endif -ifeq ($(findstring AIX, $(OPSYS)), AIX) -#AIX -SYSLIBPATH=LIBPATH -endif -ifeq ($(findstring OSX, $(OPSYS)), OSX) -#OSX -SYSLIBPATH=DYLD_LIBRARY_PATH -endif + $(CP) ./icctest$(EXESUFX) $(GSK_DIR); cd $(GSK_DIR); \ + ./icctest$(EXESUFX) && $(RM) icctest$(EXESUFX) jcctest_test: - cd $(JGSK_DIR); export $(SYSLIBPATH)=.; ../../iccpkg/jcctest + $(CP) ./jcctest$(EXESUFX) $(JGSK_DIR); cd $(JGSK_DIR); \ + ./jcctest$(EXESUFX) && $(RM) jcctest$(EXESUFX) ickctest_test: - cd $(GSK_DIR); export $(SYSLIBPATH)=.; ../../iccpkg/ickctest + $(CP) ./ickctest$(EXESUFX) $(GSK_DIR); cd $(GSK_DIR); \ + ./ickctest$(EXESUFX) && $(RM) ickctest$(EXESUFX) icctest_s_test: - $(GSK_SETUP); ./icctest_s + $(CP) ./icctest_s$(EXESUFX) $(GSK_DIR); cd $(GSK_DIR); \ + ./icctest_s$(EXESUFX) && $(RM) icctest_s$(EXESUFX) # # ---------------- End of JCEPlus stanzas -------------------------- @@ -923,7 +930,7 @@ show_config: echo "OSSLINC_DIR = $(OSSLINC_DIR)" echo echo "Set in gsk_crypto.mk - libs for current GSkit" - echo "GSKLIB = $(GSKLIB)" + echo "GSKLIB = $(GSKLIB)" echo "GSK_LIBNAME = $(GSK_LIBNAME)" echo "GSK_LIB = $(GSK_LIB)" echo "GSK_LIB_STATIC = $(GSK_LIB_STATIC)" diff --git a/iccpkg/chkiccload.c b/iccpkg/chkiccload.c index df7866c..bd0c241 100644 --- a/iccpkg/chkiccload.c +++ b/iccpkg/chkiccload.c @@ -4,7 +4,7 @@ Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution. - */ +*/ /* Description: Check that FIPS / non - FIPS module is present and loadable */ @@ -117,6 +117,21 @@ int doTest(int fips) rv = ICC_ERROR; } else { + static const char expModuleName[] = "OpenCryptographyKitC"; + value[0] = '\0'; + retcode = ICC_GetValue(ICC_ctx, status, ICC_MODULE_NAME, value, ICC_VALUESIZE); + if (retcode == ICC_OK) { + printf("ICC module name [%s]\n", value); + if (memcmp(value, expModuleName, sizeof(expModuleName))) { + printf("ICC module name incorrect\n"); + rv = ICC_FAILURE; + } + } + else { + printf("ICC NO module name\n"); + } + + value[0] = '\0'; retcode = ICC_GetValue(ICC_ctx, status, ICC_FIPS_APPROVED_MODE, value, ICC_VALUESIZE); rv = check_status(status, "ICC_GetValue ICC_FIPS_APPROVED_MODE", __FILE__, __LINE__); if (retcode != ICC_OK) { @@ -129,6 +144,7 @@ int doTest(int fips) rv = ICC_ERROR; } else { + value[0] = '\0'; retcode = ICC_GetValue(ICC_ctx, status, ICC_VERSION, value, ICC_VALUESIZE); rv = check_status(status, "ICC_GetValue", __FILE__, __LINE__); if (retcode != ICC_OK) { diff --git a/iccpkg/gsk_wrap2.c b/iccpkg/gsk_wrap2.c index 73e5c03..9c9b687 100644 --- a/iccpkg/gsk_wrap2.c +++ b/iccpkg/gsk_wrap2.c @@ -89,6 +89,10 @@ #include "tracer.h" #include "icc_cdefs.h" +#if defined(_MSC_VER) +#define snprintf _snprintf +#endif + static int ok_status(ICC_STATUS *status); static int default_status(ICC_STATUS *status); static int truncated_status(ICC_STATUS *status); @@ -138,7 +142,7 @@ typedef struct { #endif int is_wchar; /* Set if we were initialized via ICC_InitW() */ } WICC_CTX; - + /*! @brief This structure is anonymous as far as ICC users are concerned. It holds per-context information plus in funcs a link to more detailed internal context @@ -266,14 +270,25 @@ int ICC_LINKAGE ICC_GetValue(ICC_CTX *pcb,ICC_STATUS* status,ICC_VALUE_IDS_ENUM default: /* String values, yet another case by case switch() */ switch(valueID) { case ICC_VERSION: - rv = ok_status(status); - tmp = strlen(ICC_PRODUCT_VERSION); + rv = ok_status(status); + tmp = strlen(ICC_PRODUCT_VERSION); if(tmp >= valueLength) { - rv = truncated_status(status); + rv = truncated_status(status); } strncpy(value,ICC_PRODUCT_VERSION,valueLength); break; - case ICC_INSTALL_PATH: + case ICC_MODULE_NAME: + { + static const char moduleName[] = "IBM Crypto for C"; + rv = ok_status(status); + tmp = sizeof(moduleName); + if (tmp > valueLength) { + rv = truncated_status(status); + } + strncpy(value, moduleName, valueLength); + } + break; + case ICC_INSTALL_PATH: rv = ok_status(status); tmpp = calloc(1,ICC_VALUESIZE); if(NULL == tmpp) { @@ -323,7 +338,7 @@ int ICC_LINKAGE ICC_GetValue(ICC_CTX *pcb,ICC_STATUS* status,ICC_VALUE_IDS_ENUM void ICC_LINKAGE ICKC_GenerateRandomSeed(ICC_CTX* pcb, ICC_STATUS* status, int len, void* buffer) #else - void ICC_LINKAGE ICC_GenerateRandomSeed(ICC_CTX *pcb, ICC_STATUS *status, +void ICC_LINKAGE ICC_GenerateRandomSeed(ICC_CTX *pcb, ICC_STATUS *status, int len, void *buffer) #endif #endif @@ -401,7 +416,7 @@ const char gskiccs_SCCSInfo[] = "@(#)FileVersion: " ICC_PRODUCT_VERSION "\n" "@(#)LegalCopyright: Licensed Materials - Property of IBM\n" "@(#) ICC\n" - "@(#) (C) Copyright IBM Corp. 2002,2018\n" + "@(#) (C) Copyright IBM Corp. 2002,2026\n" "@(#) All Rights Reserved. US Government Users\n" "@(#) Restricted Rights - Use, duplication or disclosure\n" "@(#) restricted by GSA ADP Schedule Contract with IBM \n" diff --git a/iccpkg/iccpkg.mk b/iccpkg/iccpkg.mk index 4787830..dc1c1f7 100644 --- a/iccpkg/iccpkg.mk +++ b/iccpkg/iccpkg.mk @@ -110,12 +110,12 @@ SUN64_ICCAUX_EXPFILE = $(SUN_ICCAUX_EXPFILE) SUN_AMD64_ICCPKG_EXPFILE = $(SUN_ICCPKG_EXPFILE) SUN_AMD64_JCCPKG_EXPFILE = $(SUN_JCCPKG_EXPFILE) SUN_AMD64_ICKCPKG_EXPFILE = $(SUN_ICKCPKG_EXPFILE) -SUN_AMD64_ICCAUX_EXPFILE = $(SUN_ICCAUX_EXPFILE) +SUN_AMD64_ICCAUX_EXPFILE = $(SUN_ICCAUX_EXPFILE) SUN_X86_ICCPKG_EXPFILE = $(SUN_ICCPKG_EXPFILE) SUN_X86_JCCPKG_EXPFILE = $(SUN_JCCPKG_EXPFILE) SUN_X86_ICKCPKG_EXPFILE = $(SUN_ICKCPKG_EXPFILE) -SUN_X86_ICCAUX_EXPFILE = $(SUN_ICCAUX_EXPFILE) +SUN_X86_ICCAUX_EXPFILE = $(SUN_ICCAUX_EXPFILE) HPUX_ICCPKG_EXPFILE = exports/iccstephpux.exp HPUX_JCCPKG_EXPFILE = exports/jccstephpux.exp @@ -130,12 +130,12 @@ HPUX64_ICCAUX_EXPFILE = $(HPUX_ICCAUX_EXPFILE) IA64_HPUX_ICCPKG_EXPFILE = $(HPUX_ICCPKG_EXPFILE) IA64_HPUX_JCCPKG_EXPFILE = $(HPUX_JCCPKG_EXPFILE) IA64_HPUX_ICKCPKG_EXPFILE = $(HPUX_ICKCPKG_EXPFILE) -IA64_HPUX_ICCAUX_EXPFILE = $(HPUX_ICCAUX_EXPFILE) +IA64_HPUX_ICCAUX_EXPFILE = $(HPUX_ICCAUX_EXPFILE) IA64_HPUX64_ICCPKG_EXPFILE = $(HPUX_ICCPKG_EXPFILE) IA64_HPUX64_JCCPKG_EXPFILE = $(HPUX_JCCPKG_EXPFILE) IA64_HPUX64_ICKCPKG_EXPFILE = $(HPUX_ICKCPKG_EXPFILE) -IA64_HPUX64_ICCAUX_EXPFILE = $(HPUX_ICCAUX_EXPFILE) +IA64_HPUX64_ICCAUX_EXPFILE = $(HPUX_ICCAUX_EXPFILE) ICCPKG_EXPFILE = $($(OPSYS)_ICCPKG_EXPFILE) diff --git a/iccpkg/name_cache.c b/iccpkg/name_cache.c index 10cc8c2..e714be3 100644 --- a/iccpkg/name_cache.c +++ b/iccpkg/name_cache.c @@ -139,7 +139,7 @@ const ICC_EVP_CIPHER *JCC_EVP_get_cipherbyname(ICC_CTX *ctx, const char *name) #if defined(ICKC_WRAP) const ICC_EVP_CIPHER* ICKC_EVP_get_cipherbyname(ICC_CTX* ctx, const char* name) #else -const ICC_EVP_CIPHER *ICC_EVP_get_cipherbyname(ICC_CTX *ctx, const char *name) +const ICC_EVP_CIPHER *ICC_EVP_get_cipherbyname(ICC_CTX *ctx, const char *name) #endif #endif { diff --git a/iccpkg/platforms/UNIX.mk b/iccpkg/platforms/UNIX.mk index d40adad..18bd6ef 100644 --- a/iccpkg/platforms/UNIX.mk +++ b/iccpkg/platforms/UNIX.mk @@ -33,7 +33,7 @@ $(GSK_LIB_STATIC): $(GSK_SDK)/static gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ $(OLD_ICC_OBJ_AR) $(AR) $(ARFLAGS) \ gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ - $(TIMER_OBJS) $(ICC_ROOT)/icc/$(MYICC)$(OBJSUFX) $(OLD_ICC_OBJ)\ + $(TIMER_OBJS) $(ICC_ROOT)/icc/$(MYICC)$(OBJSUFX) $(OLD_ICC_OBJ) \ $(STKPK11) $(addprefix $(ICC_ROOT)/icc/,$(ZLIB_OBJ)) $(OLD_ICC_OBJ_CLEAN) diff --git a/iccpkg/platforms/WIN32_.mk b/iccpkg/platforms/WIN32_.mk index e924e10..433b702 100644 --- a/iccpkg/platforms/WIN32_.mk +++ b/iccpkg/platforms/WIN32_.mk @@ -77,13 +77,13 @@ $(ICKC_LIBNAME): $(GSK_DIR) $(GSK_SDK) ickc_wrap2$(OBJSUFX) \ echo "Authenticode signing $@" ; \ $(SIGN_COMMAND) $@ ; \ else \ - echo " $(SIGN_COMMAND) is missing skip signing $@" ;\ - fi ;\ + echo " $(SIGN_COMMAND) is missing skip signing $@" ; \ + fi ; \ ) cache_test$(EXESUFX): cache_test$(OBJSUFX) exp$(OBJSUFX) \ $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) + $(STKPK11) $(ZLIB_LIB) $(LD) cache_test$(OBJSUFX) exp$(OBJSUFX) \ $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ $(STKPK11) $(ZLIB_LIB) \ diff --git a/iccpkg/platforms/WIN64_.mk b/iccpkg/platforms/WIN64_.mk index 75a2ef0..ae9142e 100644 --- a/iccpkg/platforms/WIN64_.mk +++ b/iccpkg/platforms/WIN64_.mk @@ -27,7 +27,7 @@ $(GSK_LIBNAME): $(GSK_SDK) $(GSK_DIR) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ echo " $(SIGN_COMMAND) is missing skip signing $@" ;\ fi ;\ ) - + $(GSK_LIB_STATIC): $(GSK_SDK)/static gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ $(STKPK11) $(ZLIB_LIB) icc.res @@ -77,15 +77,15 @@ $(ICKC_LIBNAME): $(GSK_DIR) $(GSK_SDK) ickc_wrap2$(OBJSUFX) \ echo "Authenticode signing $@" ; \ $(SIGN_COMMAND) $@ ; \ else \ - echo " $(SIGN_COMMAND) is missing skip signing $@" ;\ - fi ;\ + echo " $(SIGN_COMMAND) is missing skip signing $@" ; \ + fi ; \ ) cache_test$(EXESUFX): cache_test$(OBJSUFX) exp$(OBJSUFX) \ $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) + $(STKPK11) $(ZLIB_LIB) $(LD) cache_test$(OBJSUFX) exp$(OBJSUFX) \ - $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ + $(TIMER_OBJS) $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ $(STKPK11) $(ZLIB_LIB) \ - $(LDLIBS) $(OUT) $@ + $(LDLIBS) $(OUT)$@ diff --git a/iccpkg/platforms/ZOS31_.mk b/iccpkg/platforms/ZOS31_.mk index 9c0b6df..fa0f786 100644 --- a/iccpkg/platforms/ZOS31_.mk +++ b/iccpkg/platforms/ZOS31_.mk @@ -16,7 +16,7 @@ $(GSK_LIBNAME): $(GSK_SDK) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ $(SLD) $(SLDFLAGS) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ $(TIMER_OBJS) ../icc/csvquery.o \ $(PACKAGE_DIR)/iccsdk/$(ICCLIB) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) \ + $(STKPK11) $(ZLIB_LIB) \ $(LDLIBS) $(CP) $(GSKLIB_B).x $(GSK_SDK)/ $(STRIP) $@ @@ -36,9 +36,9 @@ $(GSK_LIB_STATIC): $(GSK_SDK)/static gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ if [ -e OLD_ICC/ZOS*/iccsdk/libicc.a ] ; then chtag -r OLD_ICC/ZOS*/iccsdk/libicc.a; fi if [ -e OLD_ICC/ZOS*A*/icc/icclib/ICCSIG.txt ] ; then chtag -c ISO8859-1 OLD_ICC/ZOS*A*/icc/icclib/ICCSIG.txt; fi $(OLD_ICC_OBJ_AR) - $(AR) $(ARFLAGS) \ + $(AR) $(ARFLAGS) \ gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ - $(TIMER_OBJS) $(ICC_ROOT)/icc/$(MYICC)$(OBJSUFX) $(OLD_ICC_OBJ)\ + $(TIMER_OBJS) $(ICC_ROOT)/icc/$(MYICC)$(OBJSUFX) $(OLD_ICC_OBJ) \ $(STKPK11) $(addprefix $(ICC_ROOT)/icc/,$(ZLIB_OBJ)) ../icc/csvquery.o $(OLD_ICC_OBJ_CLEAN) diff --git a/iccpkg/platforms/ZOS_.mk b/iccpkg/platforms/ZOS_.mk index d7122b8..3d3d061 100644 --- a/iccpkg/platforms/ZOS_.mk +++ b/iccpkg/platforms/ZOS_.mk @@ -18,7 +18,7 @@ ifeq ($(strip $(IS_FIPS)),) MYICC = newicc else MYICC = icc -endif +endif ZICCOBJ = ../icc/$(MYICC)$(OBJSUFX) @@ -37,7 +37,7 @@ $(GSK_LIBNAME): $(GSK_SDK) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ $(SLD) $(SLDFLAGS) gsk_wrap2$(OBJSUFX) $(EX_OBJS) \ $(TIMER_OBJS) ../icc/csvquery_64.o \ $(ZICCOBJ) $(MUPPET) \ - $(STKPK11) $(ZLIB_LIB) \ + $(STKPK11) $(ZLIB_LIB) \ $(LDLIBS) $(CP) $(GSKLIB_B)_64.x $(GSK_SDK)/ $(STRIP) $@ diff --git a/iccpkg/pqc/kemtest.c b/iccpkg/pqc/kemtest.c index bdc473e..2ebdc5b 100644 --- a/iccpkg/pqc/kemtest.c +++ b/iccpkg/pqc/kemtest.c @@ -5,7 +5,7 @@ in the file LICENSE in the source distribution. */ - /* +/* kemtest.c */ #include @@ -22,9 +22,9 @@ #endif #if defined(_WIN32) -# include +#include #else -# include +#include #endif #if defined(JGSK_WRAP) @@ -36,7 +36,7 @@ #include "ickc_a.h" #endif #endif -# include "icc.h" +#include "icc.h" /* We want to use PKCS1 and PKCS8 encodings for i2d/d2i */ /* these are all independent bits that can be combined */ @@ -561,13 +561,13 @@ PQC_KEM_test(ICC_CTX* ctx, const char* algname, int verbose, int argc, const cha } } else { - if (verbose) { - printf("keygen\n"); - } - if ((ret_val = KEMEVP_gen(ctx, algname, &pk, &sk, encdec)) != 0) { - printf("Error: KEMEVP_gen returned <%d>\n", ret_val); - return 1; - } + if (verbose) { + printf("keygen\n"); + } + if ((ret_val = KEMEVP_gen(ctx, algname, &pk, &sk, encdec)) != 0) { + printf("Error: KEMEVP_gen returned <%d>\n", ret_val); + return 1; + } } if (verbose) { fprintf(fp_rsp, "pk encoding length = %d\n", (int)pk.der.len); @@ -699,7 +699,7 @@ void tcb(const char* val1, const char* val2) /* Main function to parse arguments and execute KEM tests */ int main(int argc, const char* argv[]) { - const char* algname = NULL; + const char* algname = NULL; const char* iccPath = NULL; kbuf pubKey = { 0,0, }; kbuf priKey = { 0,0, }; diff --git a/iccpkg/pqc/makefile b/iccpkg/pqc/makefile index 9e806e0..108f3fa 100644 --- a/iccpkg/pqc/makefile +++ b/iccpkg/pqc/makefile @@ -73,17 +73,25 @@ endif t_sshake128s: $(GSK_SETUP) ; ./sigtest -alg "SLH_DSA_SHAKE_128s" -l 10000 -t_ssha2_128s_KAT: - $(GSK_SETUP) ; ./sigtest -alg SLH_DSA_SHA2_128s -ed pkcs \ +# This line may be too long for Windows CMD so use PowerShell on Windows. Make/unix uses sh so should be OK +t_signature_KAT: + $(GSK_SETUP) ; ./sigtest -alg rsaEncryption -ed pkcs\ + -pub 30820122300D06092A864886F70D01010105000382010F003082010A0282010100BDC1ABEA412F6DC327FC7CC1C58D3AF6EC3B014BC49EE31122602D24F435860D9334D90DE68848ED79DC23F50AC7E5ACF949F994DD0C8604830397D336637D2489CDEC9856AD91D3C15D66E24045DC6FC123F30DD5556F4E9709B48274FC1EE8645F64AFD1BDDC0D7DB76E54AF79B21871FBE8E69CF3F258511D2A79254A2EF71F91D5BDA43719F043BBFE531DE23FF4E001F062020A8175E824F20DA6609B07F984CA59F9051F8FDC7B9A7C85AB96A949D723EC9D1B0CAC39CE05A7FE5662441CEDD39AAFE07828C45A7955EF96C07A5BACAAEA6257C3821F137F42785FD8EE244AB3C47FDBA7290C4E9E069CF30BE491084211CB1051B54C634636FCDFF8290203010001 \ + -pri 308204BE020100300D06092A864886F70D0101010500048204A8308204A40201000282010100BDC1ABEA412F6DC327FC7CC1C58D3AF6EC3B014BC49EE31122602D24F435860D9334D90DE68848ED79DC23F50AC7E5ACF949F994DD0C8604830397D336637D2489CDEC9856AD91D3C15D66E24045DC6FC123F30DD5556F4E9709B48274FC1EE8645F64AFD1BDDC0D7DB76E54AF79B21871FBE8E69CF3F258511D2A79254A2EF71F91D5BDA43719F043BBFE531DE23FF4E001F062020A8175E824F20DA6609B07F984CA59F9051F8FDC7B9A7C85AB96A949D723EC9D1B0CAC39CE05A7FE5662441CEDD39AAFE07828C45A7955EF96C07A5BACAAEA6257C3821F137F42785FD8EE244AB3C47FDBA7290C4E9E069CF30BE491084211CB1051B54C634636FCDFF8290203010001028201002C2D3E1253E9B0529A69103C667B1A4AA935957827C6DBD33DDF09338CBD373FCAD127653291F0F48485C9433FA6C9244B873AD93ADB330A32DC2FC906E50399F19124EF5462A54C18BCDF7A75FF2DB240D3573F15B705AA54C478275507EB442C35FF3165919F7CEE933956F2E150A29B4ACBEE8084D49B560B05BBDD80174D9F3A1B8173173B2D9937EDAF810FC5950B0463861867C8599B7788AAA99E6F20E51B2943457E9803EC4EF770A08EF9A03948BB44F75BA55FE67DD820617507A6A42D3923C58C93A450CB3D894C05618D16DBCFFBBB24DD9DF8EC1EC53A7E5473D78FAD5619C2D9E743C9968CA1523A1115D7F9E3D14E9AE983CBD19F5B66B15902818100EDDD540AAE85D4EA0C1F81B6D2DF0B16C4C347B96A2A58C7AA2450688221948E94EA236DA61501FDEDCB43ECD15E17C895D96C0D96EA3AF49889E2EFC8D123FB5998FDF9684CCC195D3BA4A33F0922AFE1CF852F1261F187A9DEB4C8ECD1B3C1EA31C5138F4B1EAF308DB38437818D15DF75583CA3A149EE5E7B636934568FCD02818100CC395D458D93F839133381245257149AFB5987743402E0C4EE13384C114271A8B247A45721E79780062E463E17D2CEA1B369B8AE7F8C75CFC28693B84AA34CE7686B2B80CD27725C3990C4DDE2A2698AF1FBD691C20734F7742C3B0745135C2DBA786BDAE8EA11CC7D6F59767A2AD7A746149DE114914374E74A17B87FCF15CD02818100DCE001024A3D0C10A961385A4445C94E4337F28A4203409D676881220A749436322198F4609C7155125305A80A628D433DA2BFAB7ECFD21EFEE64B4CCDF526AC67EEA127CFAA407BED0F4D3A29769A37284043340AA5D85A596AEC0507A3528066B00088C12EC83775A69F63CF0705B3A1E49D22F1EEFB6FD55C4E5B8AB636A1028180326C336839D57FE2EFA7B6C9F5FE841AE3D62E0875D30415FB46098F566F964A758214C4629DA09D3E696C746643693B2965FFF02D93CB7EB963AAD344B25F097F917E5335D3F87B66C724A43811AB875FC9B32797C559C183106C9E95E27ACEDB8C61ECD1B7012001145DFD4F9A8656498A4B94C814399882869BA6B4FFB73D02818100E214ADBE18BC8C274255AC45776E2EA998CC2A79DB3B83E1E416E88440FC1184B30CB71CBE4B109752F51B0917FF3FB0EBAC3CCFFC1863D001D2E53F26A44E6201A59399F2E80B79695F01331A932C04F16371D2EDEB5A8F137DB932AB2AD16284B9D0BD9A0740A4A090301313066CC7CF5DDB3C5433FAB2DC004152CBA31F41 \ + -msg 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263 \ + -sig B8D4289C06799AF431F0A9194CA85F555E0510351E9926D47B259D4D781B967D51FAC9B46F6A7F69CAD76325DB1B36F87A88D63A7213147439C61914015254773C2689D093D2B577753F28DC1A13732A54260DF59A86BC5AEFE0F793CED715187E37E8FD495735EEA8DC40CA1792E4C842175EC6A048FAF813CD5A203ECC29FB69A62C0AD4D46B4F329AE10B2F8AD9E0B05BE91BB9882EE30190EF01B64C712BD3347F5D377BC2A538B41AC970DE8E66E15EF4F57772BDF106A173EC30D85B92C60FDBD96875B7A0E49C16E833E865A4E5CED0D0993C479B5EE6EBC263845C89EB43AF8A8EBD5957E65200ABEDBC0F4B26F97DAA1CF0EEEFFFB26AE0D56C7632 + +t_ssha2_128s_KAT_sigf: + $(GSK_SETUP) ; ./sigtest -alg "SLH_DSA_SHA2_128s" -ed pkcs \ -pub 3030300b0609608648016503040314032100823808a4bedc67e5645de3a52f2f680f76d0b7bb298c6394e7ef0d131a2723db \ -pri 3052020100300b060960864801650304031404408a04bd99b87d754bf8739bdb1063a3a130eaeccdf379579006df47eb04e1e388823808a4bedc67e5645de3a52f2f680f76d0b7bb298c6394e7ef0d131a2723db \ -msg 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263 \ - -sig FBF0263E5257C812D11CDE5B9A28D85ABB874F6AABC55A3F602DB04C146356E35C451126139B4B0D12F5EC943396639E552036DB756590553179A2456CACB19B0A9ADF5C0B65154521B99000349FBC97957EACE3B6904C39FC3012CF26ED1A9A0CDD6631424FABAD240E2393C3BFCD5857E6188E85B55F86B6B1FE7A54E46900787E6267CB4D356D9D81AC3EAFB44C89C477D0459571C3EA23A8E517BBE631B35A0A0C9D53737E71EBF0A915422FE60949AE5FE6B45781AB155CCC9CF3DE68DB4162D669E5AFD079CE4F3D60953AA0FF59D63BC86FA613D12F6D41785BEC4D961B97A64E7002E1F7CD4EB49A8454FE11AA2F9E9CA0101B01DC86CB3425533CB2F753C5F27284866A01B3D7C23A3DC58EC07ED0E81ACAA8A243273474169BFFD427E1E3C6B0A0B5388FEC59A86A2BA1DF22D08EC0E4F0CFC7444D7D09D82BE4DAFEB005F51F452967B8C56014DF6EC6794AB2BD12D0E764D0C5FE57C39FBFF199DFD44D83377A3EB459D82A605A5E572EC400EFB5011C9A11423AFFE1A54777B1C5AA5C6ECF4AEBDF070C705F9797529B9B1669E8C47FD445DD8D87B649FD9267F1666A68E16E6D9D0F65707AB560A61FB332C55A5EB67395B851F94974230B9498868A9F6811FB25A5E604122F8B44D321356EC9866052A2205DE3D48BAF16E25FB6AC31984C0B7B37DAB4A9492DC617AF38CF853D4B4FB320DBC5F2A1E8734AB53A1F3AB2CB63713BA327D7739ECAEBDF3118276D0C4C6B66D738FD4D98167B4B203FF3CEA11A4C962CCC5CD24D26A85995B7743590906A8A818EB8E8229DAE34ECF169E75317EA86C3D39CFF4CFF499CE7249FBF9410DDFC9D41831F21CCA4510AB2666D8256D230A7A041D0A04E47356D4CE1005DBD31B3AECFB22B5CC951B9FAD8E76C130A437EB4A85A2DF71560626E713D29ECA6ADF78D47AE6DFAE91A24AD12EFCDF3783CCCA81C277941074CD2EFBFE2A3B8A82D42E6D05703160CEF3F28A857717C53B78E89E1FCF8EEAEFEA11F9C00AC61465B14164C91B8393541DC53CC711EED787E25ADB2FAF19FB9107B4343AA2949E7EE3802B32D1966C58B996DEFA8A006D42C09D7ADA1C14982F8A916A55444EDD67086E611C6E8C9FD00221A167A9F256C26421A9334EFC7B89D65AEE411E178EC4145AF57792F7B90A06DF8A394E81546B627A6FF1C3F8D654B3D2DCE5534000C47DED60D47EF3E48C43114189FC3C16F574915CA378148DCA0B8B06B1DD095C57E3A7F39C27F3EAF41AFBEF06A035F101DEED2D9B4025B83F5DF02BA7B9853477A0DF8FD8D62A5F403FA76A78EFAD249637E1DAA8BD8180E3D6971003641AA62CB15BB0AD5893529E1E86E75C0839523088E803B4D56AAA25EBFFA0427BF21996D83E1F099156183101E5F31C69742D8AAEC555BDA16B34750F2FD55A084A4DE8C83B589E546594289768548BE1C6D3E9B20BAA91BFD870D646F5A5DA744E5CFF0A7CB854907D8DBC65CAC5BD0860778B0378BC7A040D0FC0751CC7C2DD52ADE90E8824F53CFAF4ADAFF3EFC6F8AB7AFA2CAFF2DDE2449A534E0AFBCCDFB09FFC176AB256C1732FB1941EA0D89EC5E11EABB0C19CB0EBBEB30C62FB076C1B883F43EB64FDE330B7DEDD1D9C5A80B105AFBAE89CFDFA1E5EE863D912333D9A2454B9093CC330C6AF7CC249EEF0711E06E3205E8A2C0029E8DAC78931A8A0FDAF45FACC7D47FFA9D6B76DF59C2020451259A4E184F516F545B104F6EB0DF2CD75C16C9BD4CF7AA75E06BB507B770885FEB4C8BFE50A6B2D21B091ED64E863FDA49A7C558D739825D4A79DF92EC07AE5E190AF950FA5B88AE9E2EC5AF57A7F30D3B175B7621A5F1F258BCF3EC7854D68EE498BAFCEA8C69611BE1B458AC9C56B9B0185BBFDC77BFA621BBB2E852F490131890004403B2DCAADBAFDB450DF512500FF280441B212468C599A3933747D07374DFD8E931198C209D489940BEA11D265CE3383DF85904D2B7D9D4C0A21062AE2AAF109013E8BFC4FD2E2A017BA56E8C5ACCDDC39F9DB8B0217DFB218E44DF092CAB04999731D9402C57D028D20A9A24AF19125E06C4CFD3BB3AB8702C265D2615CF235941089262D45ED7399A4BDA0AB25D56F9C08D8B0FE6FF89098F44B34BDC56A1F7771BE33A8802641903E059E1AB2E8ADF7B2CC0D9D2468D66802197CFA1D2AB8D24466B2877651C63576C2E2F628C3B8D1DDFBC72CEE69F1CA4FA233970F01701C452A71A937B07C08FDF2470C54D6A5FA8C3276CD7DFAF3A867B85DDF9C9660440F960F8C1EFB75BB3CFB5A31E63E7C6CACF76220EFC502D96CBADB4DA54BDB6601D4B99660DC45E91C79C9926D5A14A6DEC29E2B2264377C27BA0C56261569FD5824EDE14D70E16B52E2195CB8F7935B0AFEAC6C035B739A1AC89F6A17B0E8CE8010195F75FB224CB95BB3F50980801E86717DAE1E9474B99344580110E13496B73C970B9F8DE2F02A8D8E32BC3E8915607846F05CB747EB530296240C3749300884F018A70CE40B5E65B18F5F1C4A0DFFB9A72F834C6DA3C297EF8CC29A15823214A3C79B8AC28689DDF028D5A5639A94E7FCEC64C57D4D5042B159D67BFF484AF3D03455CF2F2A4B002546662BD12D2F190318DA521D1DF3097844642583FF5C13F32183E178EB7FB2D5A2C20FB86668C030D418748722A6383A5B40F11E862DD938DDDD5EB9E59F0C56FAB46D989684002F4AEFAFFA78F3B49BEA203E5BCE0C712E907F5C2D7292C744CF8DE03EDFA1578133B6277F984D9B7FA922D6B7807F3CBDFBF52F1AE5CF6A5310A436680A8356BF35E615D0CC27678BF42F3001384B1335075F20E49D66AC7E07ECCA89164D1D201EBD2EE8A6BA9C2CA45D1F61D333EFA7E460A584C1647EED005201A6076B152A1A84E952822C7A67BA95EE96B88AB4F6CED83AE6ED00273AAD7136A95666226093C179CAB4FE93BD0C5CCA691CF1C56280EBE800666DECDA4A2ADFFD4968FA6FFECB52A90F8E35FA4741EEF3959291A87B41A42F70DB4DDFF945713D6BAD0244DA4FBE37B061C3EC0F6E775D75238B9CC6C2D25345E4F4FAE8F950B1320E0D9908E94D36B605B8791DBD77F569547B198BC4C2903BC98E2126AF019E7F3821C2140F89217E0364BEA284E13A1226B07EDEABC8B778BCB113E99F94458A8635F845CE40F7298814B2D95A559BFAAC9FBD55EA0D92ADDAA3656CBC6E2F6C6C4DDFADBD556CFB3D9E4576202BABF198958F8DAAD4FCE819A898C3AA1671F1E331517ED9CF8E081479C47782DD95700F3487D52E9243DA36C170DC93AE70975E38763B092851EAD222026DD152EB4053352052EE99C3DA7E1D9FDFEBACA93D4F1BBAA2B83FB63859326781E96867D6C00C75F9239ABC72F914620CCB1D1A96BDC308A3CCEE13255B3096992AE356DBCB35DAE799B2543C5C0D59C31E297D39737C06D64D87BB02BCD61D394A890ACD27282C9E2655D3BD1C83316D350466B2016EC34DF4FC66216449D4835151902BFA3B997639ED46BE9ACF6618BCB8086AE5EA4E791DB3628980FD1A821544B4797C244CD05250DF6671A4768DC90A189FB33D8142E2A3B7E004650F8AC94F46B01444A94C1039C1A9D8253C76EB92A2C636CE4124B78CB0BB252A8803024CD8057E5F9FE69966E63821BFC04F75D018003ED47D37D10DCFB3E055D30B4DDA92AE63C6CA0A3943305A3566142D4DF69BCB5D9C9ADAD0E6F0D30DE1B1801A3B186B826D752116D0BC507391A57B68DF15470E706FA2C57EB840FDBA3DDBE35009C9B83B0BB6AF07C0AFC65D9CF318845D2EA07261CA1758D03FD8F7DF9FF33F4FB28139E755567FAA0AE140292E0559F54FE4BB6A2ED1AAF55BAF63B0AE89B298B4977F6AB09434347A33FCB7A87C240E3312B67068E5A9CD99D7E8743CEB903D056CA93A3E570ECA7E26C0150099D0E2E8B1DF15D357365AED49F7C60C233807581B877C5B05A151E67690EE88046B0B4F168E53D692EFC4BA0F8D6F595A6B881F27EC84B186B76AAC5CBFB87FFFC3A8161F032E5FEC3CE352F5AB0A0B6743006C0A6967DF47BE6839DB943017BB49ED5D100A97298CDFB4482086EE371DDF25EF0B414AE761B42010C1616DC593C904E1A318A1F0F5AD65C891871E57F0777ECC51DCFE6EA673367CBAD3FBE3754C05BE7D378EC1C3E3530B00BE3B277F3FC75E8AF26BE411BA8532A21238CD6254314696EBBA9BF29757F385C35A631BE73AFD33271E1EFE0C9D2DD28898ABD5481E2B732CBD4E848F2A0914F0F9802DB1D2EE47BCD31DF8CBC1C43ADF8DF0313B4ADFBCEF88ADE69F126A57D9A55542254ADF1852B8A80117411B3C149CE06E828342D9EE0A5C7C9EDF067380524391B5AECF92ABC9A48AD431007EB0A55F2DCE1116CEBBECB6183E8B9194E2DEE67D3FA6A7F4ED621C76630D7791C76004C7C2FCFAF15F4F097E9816614DBB25440D90ADFFCC6ACF56B0A2930423C48997DE335343E866DFB9C35D365469A3F9B9D9E027FC12176AE06483B9FB6A11EDBF25FD991D1DCACA593F84FBB4F756D97E16EB6CD2E94BE9C36F779F363561C57847714C50019A76D56D49CEA89F7BC1C2AC80BABB538338D0A015899D051C38851BC32DF0C8DB763AE95A0828C12EECEAAC956CA51D8D30B188F3D6D5B5BAD3A474A068312A18F7429A547642DB3E9BB5179FE07D3FB25D5905E02E1E0013B5214F782E8D0E424DB0153B0B8BB48D0BC489CD13B9810FEB491742F3BB8D02FDAD5BFEF7EB8FC72230A961A18495AE9C38722F7EF18EC6142BA1874038F8555F1B83CA490BA3DDF1055C79C58D0505C2E76BECB1ECCFE560A7A3EB61FD78A8870195F7E4084302ECB66119315FB741DDD6AEE417535863F54EBA3897DF2F10C15681AEE76EE2953F767051942DF17A48C53E4483BA8AEE91E99E988FEFC48FD56E2167E75FBCB15BB693F39A153967036D00C89A243229F5D09C17E2D08668AC38C8F4F5B4C0D78588F38652F6DD58CDE9FCD7272347543BB7185B573D745A3E52018E46EA047C65E2AD1E7D3A353B235CADB435456946821C312692B57D21524B56190B50F615DCD0341781AA6B522C9B61E37F27D728C1C742F4F70E46A8F9AAEE079B92DCD89B4C0AFB723364836F9CFBF735952BD8957DD964E9BF1CC82DF1606DD0784E9C09C3F5F05ADF9B2E5764275067E62E64EB8ACF21BBCCBDAB4B9F4365489CF4C6CEBAD9FA62CB1336E6D7A40ECA4B5F10FF4E31CCCFB388D5D32D1D62D27C4107DC85CB49D62856B1F44FBE9E0BB96CB734DF896B269562135FBD986E14BEE5D20BE822CCD3DEC7666B696C778C53BA0272AA95CFEA8ECDDC92136CA54F6152C1DD677C50351230C6F309C4E2E853410E75C4EBB80C1DC221405C8CA13420294EACDB8A67F4FF6705601431F5392476C05FA0B92428EFE63D8F0DFE3D13FCD772B57048132983FC58FFCF7F5AFCDA717AAF44746CB187D40A91E59E1A329FC9549253032BB4D9F0A86A1BA632B45CBEA568E7C1CE1DDB7F872C7940C134C2207634821DA8AAB8F327507E2C4ACB3719DBF9A9F231D985BF62F523EC877F3CFBC4661C6F791BF07BF826C7970940D92C9AC955A42CED185D9382A24CD03ABE6BB1481DB44740E3227608BBD1502E53989854C726D7486AEF83438179A0F146EA0CD2EAD911A3EFFE00D024326910A05C765A80F5309D30C3C854E699052CB34D88FFF643DE23EB38E4DF2D112828A36FA74F4E0D9E63B0675D8806D7ACB89248530ACB42ABB80F3E03D5C2C69C73DB3F0A5DE62063F6991CFDE91595DDFC54C0C422844593FBE9928B0BF9AE7F85DB8064FFF0CFF72548752BA65EA276D749E2BFE2A1526E2B14A363D689084B8C56DF5C87B27B8192F84A2E0447102F7A87254287018751B1F45347AB84D71E7BD4A687FE50EDF11C7D96D7C4855F23EA34B7C97A97FC723123466B40E1B13AB372196E9E0D7AD708FE0C52FA6C4343CA6E7B430CEACD207A6EA14E00B084A39F45C4A758728E25133B9E944EFBF93FCA9A02DADA8B5CF14AB9E686AD7CA3BEA81E15738004371343C03B1907DBC45A2596D11000BE2DB47C5505EF648F1A1118E0DA7FD599D3C0FCFD01C308F6038CFC156B01306C25768F5BF3A6E20A3D459CCD7FA956489ABB216946858EF4C46B0C6E9891776565928200792F211611B2F97B2C88E9941DB44F25101F46FA43EE3E6801B14DD2BEBF57288F94EE5C2E8447A6C6B137A4F5502227F544410D1CF8A90AAC27E553226F3A4CB9BAE8404304EB65488F3EBEDC5885C78641317AFD1E06EFCD99D5776F6BF21668B093DCCBB1FE17363FBA34E8144065D03826CAF8461EC3C369C9D72D67FDD284D222810B58564DC0969065A6365CAA52D2E48A39E166769776F8F427CF69972CCC7CA079B394BE19CE5CA8890D5F71B9CBCA8B363DCE5FCB58771FF61AD23B6D213F2CAF4AE99B770BDBDB0E1B1AACD07D4C896BF8CBCC7CD9FA88106D7B71C4EB4FE81EDFD04D72C6B1D1B63BABC517116D8D13292C2B61AA2B4DA55D292D7E6316D2DB4D2AB4582C9A9F3201A873FF94DBC1FECBCE8876FD3755D309ABA574FDF231801DFA76991884E22778B5F522F523341E416287E203D0C23508883BA07279A98F559A53B81B883D9BC0C6C2F32D177589271ED1F73142B31820AAEE365F7E2D14D1883ED0B2A58F47D511AA382C73712DBCD78366EDD79651396F42EDC010D27B5C9586C78ED23876DDD16710D058469C2F181B74BCC0141EA1B72B036BCF7ABE1A712CC12AA7683120F5B852665E11BAA2411C9FBA42F8EE085770B79A800FC9ECB000DB2C9428C83766CFC1AFE678A8459B2A72CAA72C66B0548DD6A23046D5F134CAF0FEDF8DC2C4108562DAF11C70E5EED9A02DD5B9BCA43233923BBFF42550A03DB526AB148DB043957812CBFF1C12770B7C70C2B16A339654AC323E7E338ABCDFAD2311CB42F2C25BA61ECE0C77E3C96420D37B2349F1F748E0D402876D2965BF2EAD1D28B64C83A3503DAC20016EED9D214BF35938119C32EEB653BB0ED955364F28DE86F865876BCE11F95644ACE5BDC6B99C26D5D718C514EF62C2CBC4A007116F7E8B390E4315E10BF0218B6AA08A49B5C92BA4CAA5EFC6B776E927FF65F46E1F5206C9B94918F4337AFE9482EFCED055A54CB69AAE8BBC5CD9C4C2EB24AC25260E8A7DE23AF9DA3716BBDAB101CC7A78F1F1D518AA57AE56FAF85CD5473B79A88B2C17EDAA9ECAA86168694036DA3D36875C9219CE1CA3F7A68A89BEFF2563C306DAA596B03F7F7E4017022FAE7CA1EC67EB1F8AB28A5DA28202FADD6AA74203EA79408EA634E58E5A739B4EA9D322267580058D045FEB1B52D666E2DE6C46121BB13D8D0D826C58EE7F5D49BEE3F40D75BEA1E3A6BB90256038C4B9484BDA999D90CE673475DA67B40D47C6638316169FA646F3B49049459134DC7B61D488E2873DD98B5F75F5F87AF0327FEA1082AB34150345C20094ED366148708ABD23077CF71BF99F915B7DEBC6348D33AC1D2FF687E178991B83C82743DE9547093B281951F2936560D438BB495EBDC89371879BD035B5D466EE17E1D4BE7E4E32263B5551DD787F3F7C81D3E728C3448E63AFDA8E86F6F8C3513F09F83438B36A12573F7BCB484ACBDF09EEE04FABFD4E72268F40CBED410617285421F3B9846A7933D8FC5DF5E36A1B92D3DF6DA43B6BE4E77B158183EFD76170D2E908EE35A363AC80765383A7829DAB0AB596EFB72FA7D898D2DB632300C22A8CE3C7C0DCE993379C174802EE0B29CC9DC387227793C2B3BAFD5BCAC422B3683AD77CC1FF55F44EB10393D1B76A40FD193D4C0F3C7972FD3D6CB1CF830B3A2F7B42809FA7CD0E70E9A1C33CE73617542001BA9EE2C88A2CD4645B04314A6D3491A4267A96F26FFF24770551BD6EA5F38C59D380E81CC6982283903EDE12184A3DDB8BCFA9FBA75A633C2655331FE4B0F3EF0BE940F0E51F58A0763951A0A633E8EE1B4CD7EE629DB11D68A813C4DAAD9FAF0F96CAFD2AF4E64D304FB6EBBAB4C1FC476E0AA07ED8236E2C3950B22E1E3A393C0752A6631D5F7C0EB4366CDC369968ADF6AD8CEA4D5F120012D79914D7D938B330F496F87A32518C9676320575FF213ED3AF6770C31DCD63B8C667BD75E6CC918C3C0B4AC03DD8F0DBC141616DFC1AC7FC9CE69D5123C481E1528AAEFCAAED7D70D524709E9776E40F762500AFA18C2AB68C93A038DD493338857E42827D266C59F6EDEC1BA7341BA046BF690EC0A25BBC560096E1FD00619108C3AADDD61D5998591616F966CC74C76EC0F800E1EB411764C02567EF06227950CD367CB1751318C98046061922D50348329AAB7DA6CC77E8AB83518BBC04F1A9CC7E0B729DD65AAF979265B2CAAF071091DC69F77EC3E43DB564BD66D0E896D05CE60346648C67FDE38EBB3D0EDD7EF3FEB5CD918014788A5C8C521195D7B6FB501A2D1632FBCB477F29B09C26490B7C638A2D0BC0ECDEB632A4631CF5ACCA68BB4D6D7844B022D8DF6A8E78BB6B28D71429C4C254530DF71C717DDC70AD051F1586FD972C1FD533C9C307A32AB49FD7B44C3BD107FA62FE1A43412F8ADE7A50B524AF0DAFC4888E685F8F06BC2FE84E1854C91901CD39595D3BBC122DFCD96D620B4E46BD0EF3F6391C086539195040592FE8286C4E2E96A82BEFBB73BD268B0D4E690C025F8BF0F29034E87FA62DCC40AF1BF09B131A736CCA5E5727EA142923D54C5CCBEE2F44BC139E515A0638FEBB725AD9F2CD5D2E4BC7363A37A076226297B76EC98E3501819D512DD39B03486E1EC77AFCC3365757BF92E9A19DD94AB193ECF84ECB79074BD6BBACB27786CFDE191F34D9C664CC2E19AD767FCE3AA1C19B0DB1F7986FB54E95DF98BAE00524F31001AED7270250369C593D928223ACB597E17468F7BA4EBA4300A2B2A71BD182E2147AEBBB13A247B01B22F10BCF7660614716C531C7D625A94B38D1DE8550FAA845F2BA3700D34354740076051594793CD3D88C662D5A4D80998438E26DB36BF26942DB7601D184542B0B534F6E56EA5C354C13506FED42258BF18AB346A1F4CD56C621AF7AE1DA03DB12CCEB4D069E4AB0442F56A6DDD057C9C93C14E2EC4091F434AE7EFA277D06BBD3E0E8698ED6C928B748155B9AEE34CFF6466FDA47EDA0C9576A5F63B2F431DD90784B1ADB62FED02AFCD70F64047DAB22D02EBA73C64574523842B5E554F8347CCB6028DDC0BC5F4363E7200932388DA952ABF55A96B3ED8C0BED9CEF8E8B5D0362CFE6D74C24E25622F3B294969DF96EBA207F0C54D0C96C481342EF0800A5B8D040512343EEF39B06861276108B26280677208D9352BC7ECD7C2A9EBB62867A6281582433F075EC88BFEB36C131AD9B46832EA4FE02AC75C3C0C103D6AADFEB4E2D3CB00BD7A462C6E85F3C86FD189BFFD339252CF49F40F98CDD14C5FD5ACE2DFD275707EB5FCD29B3B3CB0DAA2190ACCCE9A088D8D03043A9D464B6A6C14207CB1B5C3B4115A162156F3CE6E35705FF66590FAE962821EB5C7CB97339F9A030B180144049E76CDD3C0680F372E5852BC0911B42893C857FB23C6A348D716A94E8E3B4539A1EC4CF6BED10983D1D824558A6A5D05EC9E59D900E48FB90A3F5BF015B1EEFA58056075D5FDB3BE68C5BBE3F96C3967FFF4F2B4957DBD0E1C9D0AE6E13DFAA09A9A984536EFE4BB3BD2E88BED93126EBBB4A318C035B06E51C1654DE03CD2ED777A7239086D582F11DF1FA9BCF1CF186B0E54AC1D616FCBDD917A0DDD4D558F791F2B2A0A96DA7DD3AF475BC3356AF829B4E3F2B8C99A9F043A38E6B3AE98FDD59F234E27B81C5E7B508EAC35F487251B28CE152F8D1E415069703AD74DC025AD5B61AB039E5F92EC2BAED3779AF205F8794CDAF08B7BE23AD16291C3A7C15E4DDFBC34DF0081248C870B2C351819E2409627514DD2DE46DE809872C7D5D8163B1C31B8E176230C0D63A6AC0ABCE40040EACE353E959CF6CEBE2FE6B8A045FD48BBD75BB5C6F70B3F054EFDD83815E351763CC5C52FD5046A00439CD8029A870B791611F25AF240ACA0F20383EEC32D1E4EFE2B22176E5D2156151602660F95C49C3AC6802398E6FB53A2D1F45071A1A0FA684418664170A88DBC45D94BF07F3E3C75470AD0A000E84E51788D32D33E11B8B142E357F5288696C4EDA59CDE15014CE280B58CE724DAE358C9E9798BA307E4131ECA21F6D7A6218AE8BBFD6FFCA78532F7060D2B7A1A70059DAAC7F79C7F5D7F613FA294E4565534E0FC8BC71920DC7170A50587000ACC6403CA4C5DD3C47120E16C9723E7887DAFF090B4016A831AFFD97B1AC540590BCB6D3BCA86E1951AFB0CD6D80E0B74E1A9DEEA6C0BB68FEA9DC6E12BBCF44470B7669BD447B742B5FA0F44B2331C201C959E43235DAD6CFA1EDCF54B437C6CEEB213BBB51FF6BAFFCC6B2689E583B80429A3C2C5C295D925634994294C529261034A9DEF392E866E9423236AEDDBC1C050F2BB5791E3AFDE65A0B64C8925ACF50DA20521D885B0D361A960F70F4DE1E93FDB587A55CC2DB3D28402ABC118BB162126E8A5EA3505D650D6541F335B08047BDEEB25C06AAE26AB79A63C4F872EF5A002725BBF6DFB87F70D77B68A93309DADA80AB8235802C7E2358FED7C1CBCA4388C8D4A700631613F59ECBA02B69B89632C3EA86E4875972030E0DA67D5DA07913DD03043CA535C4EF13BA137A260AFF5AFDD81B4FB6ABEEF456C5F7ACA8CF9509622D8F06A73F02F64570D226BF6807C11241FFD7439AC0F19BC0AB95898E14F4A4A106FF697FC3A60E4948B1516757B2493A3A4FE1A8FFAD59EE934E739CBAC958CF574A1A72B019AB2DA73822EC2693F2303FEFFC8832D12343E9593443890A1624569FF0AAB3518B3B51DEAE80A167B6D3910D5BD458CA68A028A4BA35426F2D44E5008C976BAB47124CB9993E4FBCE15EAF11C5DDC6C3C3CABC9D7832EB1D48C7A1FDFC30A6A3D89ADF885D03957A9B5A959DBC03D3CF5F825D1B2C39A8ACDE7DD6ECE5D20B85CC9658B077BD64132C2FCA455E1AA6C9A9A2800C04B53171AF71501336B29183D165AB8394CA613A514EC66AF501770C1BC167533AE360F69BC1B1B1D3EA966F6A5AB8538CDE531337F + -sigf slh_dsa_sha2_128s_sig.txt testkem: kemtest$(EXESUFX) t_kemtest t_kemtest_v t_k1024 t_k768 t_ktcb $(GSK_SETUP) ; ./kemtest -? # t_sshake128s - temporary disable -testsig: sigtest$(EXESUFX) t_sigtest_v t_srsa t_srsa_tcb t_srsa_fips t_sdsa44 t_sdsa65 +testsig: sigtest$(EXESUFX) t_sigtest_v t_srsa t_srsa_tcb t_srsa_fips t_sdsa44 t_sdsa65 t_signature_KAT t_ssha2_128s_KAT_sigf $(GSK_SETUP) ; ./sigtest -? tests: testkem tests_all_kyber testsig diff --git a/iccpkg/pqc/sigtest.c b/iccpkg/pqc/sigtest.c index 9976f6e..24bb161 100644 --- a/iccpkg/pqc/sigtest.c +++ b/iccpkg/pqc/sigtest.c @@ -5,7 +5,7 @@ in the file LICENSE in the source distribution. */ - /* +/* sigtest.c */ #include @@ -23,9 +23,9 @@ #endif #if defined(_WIN32) -# include +#include #else -# include +#include #endif # include "icc.h" @@ -63,9 +63,53 @@ ICC_Function_Table* pfn_Table = &fn_Table; /* private is none, raw or pkcs8 */ enum ed { none = 0, raw = 1, pkcs1 = 2, pkcs8 = 4 }; +/* Function to read hex string from a file */ +static char* read_hex_string_from_file(const char* filename) +{ + FILE* fp = NULL; + char* hexbuf = NULL; + long filesize = 0; + size_t bytes_read = 0; + + fp = fopen(filename, "r"); + if (!fp) { + printf("Error: Cannot open file '%s'\n", filename); + return NULL; + } + + fseek(fp, 0, SEEK_END); + filesize = ftell(fp); + fseek(fp, 0, SEEK_SET); + + if (filesize <= 0) { + printf("Error: File '%s' is empty\n", filename); + fclose(fp); + return NULL; + } + + hexbuf = (char*)malloc(filesize + 1); + if (!hexbuf) { + printf("Error: Memory allocation failed\n"); + fclose(fp); + return NULL; + } + + bytes_read = fread(hexbuf, 1, filesize, fp); + fclose(fp); + + if (bytes_read != (size_t)filesize) { + printf("Error: Failed to read file '%s'\n", filename); + free(hexbuf); + return NULL; + } + hexbuf[bytes_read] = '\0'; + + return hexbuf; +} + /* Helper function to print byte arrays in hexadecimal */ -static size_t hex2bin(unsigned char* bin, const char* hexString, size_t hexlen) +static int hex2bin(unsigned char* bin, const char* hexString, size_t hexlen) { /* note hex string may contain spaces so bin len not be exactly hex len / 2, but always less than or equal to */ unsigned char *r = bin; @@ -598,7 +642,7 @@ PQC_sign_test(ICC_CTX* ctx, const char* algname, const char* hash, int verbose, if (verbose) { printf("Algorithm : %s\n", algname); - printf("Hash : %s\n", hash? hash:"NULL"); + printf("Hash : %s\n", hash ? hash : "NULL"); } if ((pub && pub->data) && (pri && pri->data)) { @@ -621,13 +665,13 @@ PQC_sign_test(ICC_CTX* ctx, const char* algname, const char* hash, int verbose, return 1; } } - if (verbose) { + if (verbose) { fprintf(fp_rsp, "pk encoding length = %d\n", (int)pk.der.len); fprintf(fp_rsp, "pk %s\n", (encdec & pkcs1) ? "pkcs1" : "raw"); fprintBstr(fp_rsp, "", pk.der.data, pk.der.len); fprintf(fp_rsp, "sk encoding length = %d\n", (int)sk.der.len); - if (encdec & (raw | pkcs8)) { + if (encdec & (raw | pkcs8)) { fprintf(fp_rsp, "sk %s\n", (encdec & pkcs8) ? "pkcs8" : "raw"); fprintBstr(fp_rsp, "", sk.der.data, sk.der.len); } @@ -660,13 +704,13 @@ PQC_sign_test(ICC_CTX* ctx, const char* algname, const char* hash, int verbose, kbuf_dup(&signature, sig); if (!signature.data) { - if (verbose) { + if (verbose) { printf("sign\n"); - } + } if ((ret_val = SignatureEVP_sign(ctx, &signature, &sk, msg, encdec, hash)) != 0) { - printf("SignatureEVP_sign returned <%d>\n", ret_val); - return 2; - } + printf("SignatureEVP_sign returned <%d>\n", ret_val); + return 2; + } if (verbose == 2) { fprintBstr(fp_rsp, "signature =\n", signature.data, signature.len); } @@ -867,7 +911,7 @@ void tcb(const char* val1, const char* val2) static int OpenSSLError(ICC_CTX* ctx) { - unsigned long retcode = -1; + long retcode = -1; unsigned max = 5; /* may be more than one error recorded so print them all */ while (retcode) { @@ -875,7 +919,7 @@ int OpenSSLError(ICC_CTX* ctx) if (retcode) { static char buf[4096]; ICC_ERR_error_string(ctx, retcode, buf); - printf("OpenSSL error %d [%s]\n", retcode, buf); + printf("OpenSSL error %ld [%s]\n", retcode, buf); } /* infinite loop breaker */ if (max == 0) break; @@ -922,6 +966,7 @@ int main(int argc, const char *argv[]) printf(" -pri Specify private key PKCS8 encoding in hex\n"); printf(" -msg Specify message to sign hex\n"); printf(" -sig Specify signature in hex\n"); + printf(" -sigf Specify signature file containing hex data\n"); for ( j = 1; to_SIGNATURE_ALGNAME(j); j++) { printf(" %d %s\n", j, to_SIGNATURE_ALGNAME(j)); } @@ -996,13 +1041,25 @@ int main(int argc, const char *argv[]) if (msg.data) free(msg.data); msg.data = malloc(strlen(argv[i]) / 2); msg.len = hex2bin(msg.data, argv[i], strlen(argv[i])); - } + } else if (0 == strcmp(arg, "-sig")) { i++; if (sig.data) free(sig.data); sig.data = malloc(strlen(argv[i]) / 2); sig.len = hex2bin(sig.data, argv[i], strlen(argv[i])); } + else if (0 == strcmp(arg, "-sigf")) { + i++; + char* hexstr = read_hex_string_from_file(argv[i]); + if (hexstr) { + if (sig.data) free(sig.data); + sig.data = malloc(strlen(hexstr) / 2); + sig.len = hex2bin(sig.data, hexstr, strlen(hexstr)); + free(hexstr); + } else { + rv = -1; + } + } else if (0 == strcmp(arg, "-alg")) { i++; algname = argv[i]; @@ -1036,7 +1093,7 @@ int main(int argc, const char *argv[]) rv = -1; goto free_pub_pri_data; } - + if(0 != load_icc_functions(lib_handle, pfn_Table)) { printf("Failed to load functions \n"); @@ -1166,10 +1223,10 @@ int main(int argc, const char *argv[]) if (algname) { /* Execute the sigPQC_Sign_test for specified algname */ rv = PQC_sign_test(icc_ctx, algname, hash, verbose, encdec, &pubKey, &priKey, &msg, &sig); - if (rv) { - OpenSSLError(icc_ctx); - printf("%s: Error %d, try -? to get help\n", algname, rv); - } + if (rv) { + OpenSSLError(icc_ctx); + printf("%s: Error %d, try -? to get help\n", algname, rv); + } else{ printf("PQC_Sign_test for algorithm: %s successful\n", algname); } @@ -1183,6 +1240,7 @@ int main(int argc, const char *argv[]) if (rv) { OpenSSLError(icc_ctx); printf("%s: Error %d during Signature test\n", algs[i], rv); + break; } else{ printf("PQC_Sign_testfor algorithm: %s successful\n", algs[i]); diff --git a/iccpkg/pqc/slh_dsa_sha2_128s_sig.txt b/iccpkg/pqc/slh_dsa_sha2_128s_sig.txt new file mode 100644 index 0000000..5da0fdb --- /dev/null +++ b/iccpkg/pqc/slh_dsa_sha2_128s_sig.txt @@ -0,0 +1 @@ +FBF0263E5257C812D11CDE5B9A28D85ABB874F6AABC55A3F602DB04C146356E35C451126139B4B0D12F5EC943396639E552036DB756590553179A2456CACB19B0A9ADF5C0B65154521B99000349FBC97957EACE3B6904C39FC3012CF26ED1A9A0CDD6631424FABAD240E2393C3BFCD5857E6188E85B55F86B6B1FE7A54E46900787E6267CB4D356D9D81AC3EAFB44C89C477D0459571C3EA23A8E517BBE631B35A0A0C9D53737E71EBF0A915422FE60949AE5FE6B45781AB155CCC9CF3DE68DB4162D669E5AFD079CE4F3D60953AA0FF59D63BC86FA613D12F6D41785BEC4D961B97A64E7002E1F7CD4EB49A8454FE11AA2F9E9CA0101B01DC86CB3425533CB2F753C5F27284866A01B3D7C23A3DC58EC07ED0E81ACAA8A243273474169BFFD427E1E3C6B0A0B5388FEC59A86A2BA1DF22D08EC0E4F0CFC7444D7D09D82BE4DAFEB005F51F452967B8C56014DF6EC6794AB2BD12D0E764D0C5FE57C39FBFF199DFD44D83377A3EB459D82A605A5E572EC400EFB5011C9A11423AFFE1A54777B1C5AA5C6ECF4AEBDF070C705F9797529B9B1669E8C47FD445DD8D87B649FD9267F1666A68E16E6D9D0F65707AB560A61FB332C55A5EB67395B851F94974230B9498868A9F6811FB25A5E604122F8B44D321356EC9866052A2205DE3D48BAF16E25FB6AC31984C0B7B37DAB4A9492DC617AF38CF853D4B4FB320DBC5F2A1E8734AB53A1F3AB2CB63713BA327D7739ECAEBDF3118276D0C4C6B66D738FD4D98167B4B203FF3CEA11A4C962CCC5CD24D26A85995B7743590906A8A818EB8E8229DAE34ECF169E75317EA86C3D39CFF4CFF499CE7249FBF9410DDFC9D41831F21CCA4510AB2666D8256D230A7A041D0A04E47356D4CE1005DBD31B3AECFB22B5CC951B9FAD8E76C130A437EB4A85A2DF71560626E713D29ECA6ADF78D47AE6DFAE91A24AD12EFCDF3783CCCA81C277941074CD2EFBFE2A3B8A82D42E6D05703160CEF3F28A857717C53B78E89E1FCF8EEAEFEA11F9C00AC61465B14164C91B8393541DC53CC711EED787E25ADB2FAF19FB9107B4343AA2949E7EE3802B32D1966C58B996DEFA8A006D42C09D7ADA1C14982F8A916A55444EDD67086E611C6E8C9FD00221A167A9F256C26421A9334EFC7B89D65AEE411E178EC4145AF57792F7B90A06DF8A394E81546B627A6FF1C3F8D654B3D2DCE5534000C47DED60D47EF3E48C43114189FC3C16F574915CA378148DCA0B8B06B1DD095C57E3A7F39C27F3EAF41AFBEF06A035F101DEED2D9B4025B83F5DF02BA7B9853477A0DF8FD8D62A5F403FA76A78EFAD249637E1DAA8BD8180E3D6971003641AA62CB15BB0AD5893529E1E86E75C0839523088E803B4D56AAA25EBFFA0427BF21996D83E1F099156183101E5F31C69742D8AAEC555BDA16B34750F2FD55A084A4DE8C83B589E546594289768548BE1C6D3E9B20BAA91BFD870D646F5A5DA744E5CFF0A7CB854907D8DBC65CAC5BD0860778B0378BC7A040D0FC0751CC7C2DD52ADE90E8824F53CFAF4ADAFF3EFC6F8AB7AFA2CAFF2DDE2449A534E0AFBCCDFB09FFC176AB256C1732FB1941EA0D89EC5E11EABB0C19CB0EBBEB30C62FB076C1B883F43EB64FDE330B7DEDD1D9C5A80B105AFBAE89CFDFA1E5EE863D912333D9A2454B9093CC330C6AF7CC249EEF0711E06E3205E8A2C0029E8DAC78931A8A0FDAF45FACC7D47FFA9D6B76DF59C2020451259A4E184F516F545B104F6EB0DF2CD75C16C9BD4CF7AA75E06BB507B770885FEB4C8BFE50A6B2D21B091ED64E863FDA49A7C558D739825D4A79DF92EC07AE5E190AF950FA5B88AE9E2EC5AF57A7F30D3B175B7621A5F1F258BCF3EC7854D68EE498BAFCEA8C69611BE1B458AC9C56B9B0185BBFDC77BFA621BBB2E852F490131890004403B2DCAADBAFDB450DF512500FF280441B212468C599A3933747D07374DFD8E931198C209D489940BEA11D265CE3383DF85904D2B7D9D4C0A21062AE2AAF109013E8BFC4FD2E2A017BA56E8C5ACCDDC39F9DB8B0217DFB218E44DF092CAB04999731D9402C57D028D20A9A24AF19125E06C4CFD3BB3AB8702C265D2615CF235941089262D45ED7399A4BDA0AB25D56F9C08D8B0FE6FF89098F44B34BDC56A1F7771BE33A8802641903E059E1AB2E8ADF7B2CC0D9D2468D66802197CFA1D2AB8D24466B2877651C63576C2E2F628C3B8D1DDFBC72CEE69F1CA4FA233970F01701C452A71A937B07C08FDF2470C54D6A5FA8C3276CD7DFAF3A867B85DDF9C9660440F960F8C1EFB75BB3CFB5A31E63E7C6CACF76220EFC502D96CBADB4DA54BDB6601D4B99660DC45E91C79C9926D5A14A6DEC29E2B2264377C27BA0C56261569FD5824EDE14D70E16B52E2195CB8F7935B0AFEAC6C035B739A1AC89F6A17B0E8CE8010195F75FB224CB95BB3F50980801E86717DAE1E9474B99344580110E13496B73C970B9F8DE2F02A8D8E32BC3E8915607846F05CB747EB530296240C3749300884F018A70CE40B5E65B18F5F1C4A0DFFB9A72F834C6DA3C297EF8CC29A15823214A3C79B8AC28689DDF028D5A5639A94E7FCEC64C57D4D5042B159D67BFF484AF3D03455CF2F2A4B002546662BD12D2F190318DA521D1DF3097844642583FF5C13F32183E178EB7FB2D5A2C20FB86668C030D418748722A6383A5B40F11E862DD938DDDD5EB9E59F0C56FAB46D989684002F4AEFAFFA78F3B49BEA203E5BCE0C712E907F5C2D7292C744CF8DE03EDFA1578133B6277F984D9B7FA922D6B7807F3CBDFBF52F1AE5CF6A5310A436680A8356BF35E615D0CC27678BF42F3001384B1335075F20E49D66AC7E07ECCA89164D1D201EBD2EE8A6BA9C2CA45D1F61D333EFA7E460A584C1647EED005201A6076B152A1A84E952822C7A67BA95EE96B88AB4F6CED83AE6ED00273AAD7136A95666226093C179CAB4FE93BD0C5CCA691CF1C56280EBE800666DECDA4A2ADFFD4968FA6FFECB52A90F8E35FA4741EEF3959291A87B41A42F70DB4DDFF945713D6BAD0244DA4FBE37B061C3EC0F6E775D75238B9CC6C2D25345E4F4FAE8F950B1320E0D9908E94D36B605B8791DBD77F569547B198BC4C2903BC98E2126AF019E7F3821C2140F89217E0364BEA284E13A1226B07EDEABC8B778BCB113E99F94458A8635F845CE40F7298814B2D95A559BFAAC9FBD55EA0D92ADDAA3656CBC6E2F6C6C4DDFADBD556CFB3D9E4576202BABF198958F8DAAD4FCE819A898C3AA1671F1E331517ED9CF8E081479C47782DD95700F3487D52E9243DA36C170DC93AE70975E38763B092851EAD222026DD152EB4053352052EE99C3DA7E1D9FDFEBACA93D4F1BBAA2B83FB63859326781E96867D6C00C75F9239ABC72F914620CCB1D1A96BDC308A3CCEE13255B3096992AE356DBCB35DAE799B2543C5C0D59C31E297D39737C06D64D87BB02BCD61D394A890ACD27282C9E2655D3BD1C83316D350466B2016EC34DF4FC66216449D4835151902BFA3B997639ED46BE9ACF6618BCB8086AE5EA4E791DB3628980FD1A821544B4797C244CD05250DF6671A4768DC90A189FB33D8142E2A3B7E004650F8AC94F46B01444A94C1039C1A9D8253C76EB92A2C636CE4124B78CB0BB252A8803024CD8057E5F9FE69966E63821BFC04F75D018003ED47D37D10DCFB3E055D30B4DDA92AE63C6CA0A3943305A3566142D4DF69BCB5D9C9ADAD0E6F0D30DE1B1801A3B186B826D752116D0BC507391A57B68DF15470E706FA2C57EB840FDBA3DDBE35009C9B83B0BB6AF07C0AFC65D9CF318845D2EA07261CA1758D03FD8F7DF9FF33F4FB28139E755567FAA0AE140292E0559F54FE4BB6A2ED1AAF55BAF63B0AE89B298B4977F6AB09434347A33FCB7A87C240E3312B67068E5A9CD99D7E8743CEB903D056CA93A3E570ECA7E26C0150099D0E2E8B1DF15D357365AED49F7C60C233807581B877C5B05A151E67690EE88046B0B4F168E53D692EFC4BA0F8D6F595A6B881F27EC84B186B76AAC5CBFB87FFFC3A8161F032E5FEC3CE352F5AB0A0B6743006C0A6967DF47BE6839DB943017BB49ED5D100A97298CDFB4482086EE371DDF25EF0B414AE761B42010C1616DC593C904E1A318A1F0F5AD65C891871E57F0777ECC51DCFE6EA673367CBAD3FBE3754C05BE7D378EC1C3E3530B00BE3B277F3FC75E8AF26BE411BA8532A21238CD6254314696EBBA9BF29757F385C35A631BE73AFD33271E1EFE0C9D2DD28898ABD5481E2B732CBD4E848F2A0914F0F9802DB1D2EE47BCD31DF8CBC1C43ADF8DF0313B4ADFBCEF88ADE69F126A57D9A55542254ADF1852B8A80117411B3C149CE06E828342D9EE0A5C7C9EDF067380524391B5AECF92ABC9A48AD431007EB0A55F2DCE1116CEBBECB6183E8B9194E2DEE67D3FA6A7F4ED621C76630D7791C76004C7C2FCFAF15F4F097E9816614DBB25440D90ADFFCC6ACF56B0A2930423C48997DE335343E866DFB9C35D365469A3F9B9D9E027FC12176AE06483B9FB6A11EDBF25FD991D1DCACA593F84FBB4F756D97E16EB6CD2E94BE9C36F779F363561C57847714C50019A76D56D49CEA89F7BC1C2AC80BABB538338D0A015899D051C38851BC32DF0C8DB763AE95A0828C12EECEAAC956CA51D8D30B188F3D6D5B5BAD3A474A068312A18F7429A547642DB3E9BB5179FE07D3FB25D5905E02E1E0013B5214F782E8D0E424DB0153B0B8BB48D0BC489CD13B9810FEB491742F3BB8D02FDAD5BFEF7EB8FC72230A961A18495AE9C38722F7EF18EC6142BA1874038F8555F1B83CA490BA3DDF1055C79C58D0505C2E76BECB1ECCFE560A7A3EB61FD78A8870195F7E4084302ECB66119315FB741DDD6AEE417535863F54EBA3897DF2F10C15681AEE76EE2953F767051942DF17A48C53E4483BA8AEE91E99E988FEFC48FD56E2167E75FBCB15BB693F39A153967036D00C89A243229F5D09C17E2D08668AC38C8F4F5B4C0D78588F38652F6DD58CDE9FCD7272347543BB7185B573D745A3E52018E46EA047C65E2AD1E7D3A353B235CADB435456946821C312692B57D21524B56190B50F615DCD0341781AA6B522C9B61E37F27D728C1C742F4F70E46A8F9AAEE079B92DCD89B4C0AFB723364836F9CFBF735952BD8957DD964E9BF1CC82DF1606DD0784E9C09C3F5F05ADF9B2E5764275067E62E64EB8ACF21BBCCBDAB4B9F4365489CF4C6CEBAD9FA62CB1336E6D7A40ECA4B5F10FF4E31CCCFB388D5D32D1D62D27C4107DC85CB49D62856B1F44FBE9E0BB96CB734DF896B269562135FBD986E14BEE5D20BE822CCD3DEC7666B696C778C53BA0272AA95CFEA8ECDDC92136CA54F6152C1DD677C50351230C6F309C4E2E853410E75C4EBB80C1DC221405C8CA13420294EACDB8A67F4FF6705601431F5392476C05FA0B92428EFE63D8F0DFE3D13FCD772B57048132983FC58FFCF7F5AFCDA717AAF44746CB187D40A91E59E1A329FC9549253032BB4D9F0A86A1BA632B45CBEA568E7C1CE1DDB7F872C7940C134C2207634821DA8AAB8F327507E2C4ACB3719DBF9A9F231D985BF62F523EC877F3CFBC4661C6F791BF07BF826C7970940D92C9AC955A42CED185D9382A24CD03ABE6BB1481DB44740E3227608BBD1502E53989854C726D7486AEF83438179A0F146EA0CD2EAD911A3EFFE00D024326910A05C765A80F5309D30C3C854E699052CB34D88FFF643DE23EB38E4DF2D112828A36FA74F4E0D9E63B0675D8806D7ACB89248530ACB42ABB80F3E03D5C2C69C73DB3F0A5DE62063F6991CFDE91595DDFC54C0C422844593FBE9928B0BF9AE7F85DB8064FFF0CFF72548752BA65EA276D749E2BFE2A1526E2B14A363D689084B8C56DF5C87B27B8192F84A2E0447102F7A87254287018751B1F45347AB84D71E7BD4A687FE50EDF11C7D96D7C4855F23EA34B7C97A97FC723123466B40E1B13AB372196E9E0D7AD708FE0C52FA6C4343CA6E7B430CEACD207A6EA14E00B084A39F45C4A758728E25133B9E944EFBF93FCA9A02DADA8B5CF14AB9E686AD7CA3BEA81E15738004371343C03B1907DBC45A2596D11000BE2DB47C5505EF648F1A1118E0DA7FD599D3C0FCFD01C308F6038CFC156B01306C25768F5BF3A6E20A3D459CCD7FA956489ABB216946858EF4C46B0C6E9891776565928200792F211611B2F97B2C88E9941DB44F25101F46FA43EE3E6801B14DD2BEBF57288F94EE5C2E8447A6C6B137A4F5502227F544410D1CF8A90AAC27E553226F3A4CB9BAE8404304EB65488F3EBEDC5885C78641317AFD1E06EFCD99D5776F6BF21668B093DCCBB1FE17363FBA34E8144065D03826CAF8461EC3C369C9D72D67FDD284D222810B58564DC0969065A6365CAA52D2E48A39E166769776F8F427CF69972CCC7CA079B394BE19CE5CA8890D5F71B9CBCA8B363DCE5FCB58771FF61AD23B6D213F2CAF4AE99B770BDBDB0E1B1AACD07D4C896BF8CBCC7CD9FA88106D7B71C4EB4FE81EDFD04D72C6B1D1B63BABC517116D8D13292C2B61AA2B4DA55D292D7E6316D2DB4D2AB4582C9A9F3201A873FF94DBC1FECBCE8876FD3755D309ABA574FDF231801DFA76991884E22778B5F522F523341E416287E203D0C23508883BA07279A98F559A53B81B883D9BC0C6C2F32D177589271ED1F73142B31820AAEE365F7E2D14D1883ED0B2A58F47D511AA382C73712DBCD78366EDD79651396F42EDC010D27B5C9586C78ED23876DDD16710D058469C2F181B74BCC0141EA1B72B036BCF7ABE1A712CC12AA7683120F5B852665E11BAA2411C9FBA42F8EE085770B79A800FC9ECB000DB2C9428C83766CFC1AFE678A8459B2A72CAA72C66B0548DD6A23046D5F134CAF0FEDF8DC2C4108562DAF11C70E5EED9A02DD5B9BCA43233923BBFF42550A03DB526AB148DB043957812CBFF1C12770B7C70C2B16A339654AC323E7E338ABCDFAD2311CB42F2C25BA61ECE0C77E3C96420D37B2349F1F748E0D402876D2965BF2EAD1D28B64C83A3503DAC20016EED9D214BF35938119C32EEB653BB0ED955364F28DE86F865876BCE11F95644ACE5BDC6B99C26D5D718C514EF62C2CBC4A007116F7E8B390E4315E10BF0218B6AA08A49B5C92BA4CAA5EFC6B776E927FF65F46E1F5206C9B94918F4337AFE9482EFCED055A54CB69AAE8BBC5CD9C4C2EB24AC25260E8A7DE23AF9DA3716BBDAB101CC7A78F1F1D518AA57AE56FAF85CD5473B79A88B2C17EDAA9ECAA86168694036DA3D36875C9219CE1CA3F7A68A89BEFF2563C306DAA596B03F7F7E4017022FAE7CA1EC67EB1F8AB28A5DA28202FADD6AA74203EA79408EA634E58E5A739B4EA9D322267580058D045FEB1B52D666E2DE6C46121BB13D8D0D826C58EE7F5D49BEE3F40D75BEA1E3A6BB90256038C4B9484BDA999D90CE673475DA67B40D47C6638316169FA646F3B49049459134DC7B61D488E2873DD98B5F75F5F87AF0327FEA1082AB34150345C20094ED366148708ABD23077CF71BF99F915B7DEBC6348D33AC1D2FF687E178991B83C82743DE9547093B281951F2936560D438BB495EBDC89371879BD035B5D466EE17E1D4BE7E4E32263B5551DD787F3F7C81D3E728C3448E63AFDA8E86F6F8C3513F09F83438B36A12573F7BCB484ACBDF09EEE04FABFD4E72268F40CBED410617285421F3B9846A7933D8FC5DF5E36A1B92D3DF6DA43B6BE4E77B158183EFD76170D2E908EE35A363AC80765383A7829DAB0AB596EFB72FA7D898D2DB632300C22A8CE3C7C0DCE993379C174802EE0B29CC9DC387227793C2B3BAFD5BCAC422B3683AD77CC1FF55F44EB10393D1B76A40FD193D4C0F3C7972FD3D6CB1CF830B3A2F7B42809FA7CD0E70E9A1C33CE73617542001BA9EE2C88A2CD4645B04314A6D3491A4267A96F26FFF24770551BD6EA5F38C59D380E81CC6982283903EDE12184A3DDB8BCFA9FBA75A633C2655331FE4B0F3EF0BE940F0E51F58A0763951A0A633E8EE1B4CD7EE629DB11D68A813C4DAAD9FAF0F96CAFD2AF4E64D304FB6EBBAB4C1FC476E0AA07ED8236E2C3950B22E1E3A393C0752A6631D5F7C0EB4366CDC369968ADF6AD8CEA4D5F120012D79914D7D938B330F496F87A32518C9676320575FF213ED3AF6770C31DCD63B8C667BD75E6CC918C3C0B4AC03DD8F0DBC141616DFC1AC7FC9CE69D5123C481E1528AAEFCAAED7D70D524709E9776E40F762500AFA18C2AB68C93A038DD493338857E42827D266C59F6EDEC1BA7341BA046BF690EC0A25BBC560096E1FD00619108C3AADDD61D5998591616F966CC74C76EC0F800E1EB411764C02567EF06227950CD367CB1751318C98046061922D50348329AAB7DA6CC77E8AB83518BBC04F1A9CC7E0B729DD65AAF979265B2CAAF071091DC69F77EC3E43DB564BD66D0E896D05CE60346648C67FDE38EBB3D0EDD7EF3FEB5CD918014788A5C8C521195D7B6FB501A2D1632FBCB477F29B09C26490B7C638A2D0BC0ECDEB632A4631CF5ACCA68BB4D6D7844B022D8DF6A8E78BB6B28D71429C4C254530DF71C717DDC70AD051F1586FD972C1FD533C9C307A32AB49FD7B44C3BD107FA62FE1A43412F8ADE7A50B524AF0DAFC4888E685F8F06BC2FE84E1854C91901CD39595D3BBC122DFCD96D620B4E46BD0EF3F6391C086539195040592FE8286C4E2E96A82BEFBB73BD268B0D4E690C025F8BF0F29034E87FA62DCC40AF1BF09B131A736CCA5E5727EA142923D54C5CCBEE2F44BC139E515A0638FEBB725AD9F2CD5D2E4BC7363A37A076226297B76EC98E3501819D512DD39B03486E1EC77AFCC3365757BF92E9A19DD94AB193ECF84ECB79074BD6BBACB27786CFDE191F34D9C664CC2E19AD767FCE3AA1C19B0DB1F7986FB54E95DF98BAE00524F31001AED7270250369C593D928223ACB597E17468F7BA4EBA4300A2B2A71BD182E2147AEBBB13A247B01B22F10BCF7660614716C531C7D625A94B38D1DE8550FAA845F2BA3700D34354740076051594793CD3D88C662D5A4D80998438E26DB36BF26942DB7601D184542B0B534F6E56EA5C354C13506FED42258BF18AB346A1F4CD56C621AF7AE1DA03DB12CCEB4D069E4AB0442F56A6DDD057C9C93C14E2EC4091F434AE7EFA277D06BBD3E0E8698ED6C928B748155B9AEE34CFF6466FDA47EDA0C9576A5F63B2F431DD90784B1ADB62FED02AFCD70F64047DAB22D02EBA73C64574523842B5E554F8347CCB6028DDC0BC5F4363E7200932388DA952ABF55A96B3ED8C0BED9CEF8E8B5D0362CFE6D74C24E25622F3B294969DF96EBA207F0C54D0C96C481342EF0800A5B8D040512343EEF39B06861276108B26280677208D9352BC7ECD7C2A9EBB62867A6281582433F075EC88BFEB36C131AD9B46832EA4FE02AC75C3C0C103D6AADFEB4E2D3CB00BD7A462C6E85F3C86FD189BFFD339252CF49F40F98CDD14C5FD5ACE2DFD275707EB5FCD29B3B3CB0DAA2190ACCCE9A088D8D03043A9D464B6A6C14207CB1B5C3B4115A162156F3CE6E35705FF66590FAE962821EB5C7CB97339F9A030B180144049E76CDD3C0680F372E5852BC0911B42893C857FB23C6A348D716A94E8E3B4539A1EC4CF6BED10983D1D824558A6A5D05EC9E59D900E48FB90A3F5BF015B1EEFA58056075D5FDB3BE68C5BBE3F96C3967FFF4F2B4957DBD0E1C9D0AE6E13DFAA09A9A984536EFE4BB3BD2E88BED93126EBBB4A318C035B06E51C1654DE03CD2ED777A7239086D582F11DF1FA9BCF1CF186B0E54AC1D616FCBDD917A0DDD4D558F791F2B2A0A96DA7DD3AF475BC3356AF829B4E3F2B8C99A9F043A38E6B3AE98FDD59F234E27B81C5E7B508EAC35F487251B28CE152F8D1E415069703AD74DC025AD5B61AB039E5F92EC2BAED3779AF205F8794CDAF08B7BE23AD16291C3A7C15E4DDFBC34DF0081248C870B2C351819E2409627514DD2DE46DE809872C7D5D8163B1C31B8E176230C0D63A6AC0ABCE40040EACE353E959CF6CEBE2FE6B8A045FD48BBD75BB5C6F70B3F054EFDD83815E351763CC5C52FD5046A00439CD8029A870B791611F25AF240ACA0F20383EEC32D1E4EFE2B22176E5D2156151602660F95C49C3AC6802398E6FB53A2D1F45071A1A0FA684418664170A88DBC45D94BF07F3E3C75470AD0A000E84E51788D32D33E11B8B142E357F5288696C4EDA59CDE15014CE280B58CE724DAE358C9E9798BA307E4131ECA21F6D7A6218AE8BBFD6FFCA78532F7060D2B7A1A70059DAAC7F79C7F5D7F613FA294E4565534E0FC8BC71920DC7170A50587000ACC6403CA4C5DD3C47120E16C9723E7887DAFF090B4016A831AFFD97B1AC540590BCB6D3BCA86E1951AFB0CD6D80E0B74E1A9DEEA6C0BB68FEA9DC6E12BBCF44470B7669BD447B742B5FA0F44B2331C201C959E43235DAD6CFA1EDCF54B437C6CEEB213BBB51FF6BAFFCC6B2689E583B80429A3C2C5C295D925634994294C529261034A9DEF392E866E9423236AEDDBC1C050F2BB5791E3AFDE65A0B64C8925ACF50DA20521D885B0D361A960F70F4DE1E93FDB587A55CC2DB3D28402ABC118BB162126E8A5EA3505D650D6541F335B08047BDEEB25C06AAE26AB79A63C4F872EF5A002725BBF6DFB87F70D77B68A93309DADA80AB8235802C7E2358FED7C1CBCA4388C8D4A700631613F59ECBA02B69B89632C3EA86E4875972030E0DA67D5DA07913DD03043CA535C4EF13BA137A260AFF5AFDD81B4FB6ABEEF456C5F7ACA8CF9509622D8F06A73F02F64570D226BF6807C11241FFD7439AC0F19BC0AB95898E14F4A4A106FF697FC3A60E4948B1516757B2493A3A4FE1A8FFAD59EE934E739CBAC958CF574A1A72B019AB2DA73822EC2693F2303FEFFC8832D12343E9593443890A1624569FF0AAB3518B3B51DEAE80A167B6D3910D5BD458CA68A028A4BA35426F2D44E5008C976BAB47124CB9993E4FBCE15EAF11C5DDC6C3C3CABC9D7832EB1D48C7A1FDFC30A6A3D89ADF885D03957A9B5A959DBC03D3CF5F825D1B2C39A8ACDE7DD6ECE5D20B85CC9658B077BD64132C2FCA455E1AA6C9A9A2800C04B53171AF71501336B29183D165AB8394CA613A514EC66AF501770C1BC167533AE360F69BC1B1B1D3EA966F6A5AB8538CDE531337F \ No newline at end of file