From 9ab8cc6ab45df53f846725d9b446762e0b6ae804 Mon Sep 17 00:00:00 2001 From: Adam Samalik Date: Wed, 10 May 2023 10:29:45 +0200 Subject: [PATCH] import sources --- .gitignore | 1 + libica-4.0.1-annotate.patch | 19 + libica-4.1.1-revert-abi.patch | 1618 +++++++++++++++++++++++++++++++++ libica-4.1.1-shmem.patch | 35 + libica.spec | 330 +++++++ sources | 1 + 6 files changed, 2004 insertions(+) create mode 100644 .gitignore create mode 100644 libica-4.0.1-annotate.patch create mode 100644 libica-4.1.1-revert-abi.patch create mode 100644 libica-4.1.1-shmem.patch create mode 100644 libica.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..253886c --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/libica-4.1.1.tar.gz diff --git a/libica-4.0.1-annotate.patch b/libica-4.0.1-annotate.patch new file mode 100644 index 0000000..d915006 --- /dev/null +++ b/libica-4.0.1-annotate.patch @@ -0,0 +1,19 @@ +diff -up libica-4.0.1/src/Makefile.am.orig libica-4.0.1/src/Makefile.am +--- libica-4.0.1/src/Makefile.am.orig 2022-03-22 13:13:36.186395805 +0100 ++++ libica-4.0.1/src/Makefile.am 2022-03-22 13:13:55.224076905 +0100 +@@ -31,13 +31,13 @@ SOURCES_common = ica_api.c init.c icasta + include/rng.h + + libica_la_CFLAGS = ${CFLAGS_common} -DLIBNAME=\"libica\" +-libica_la_CCASFLAGS = ${AM_CFLAGS} ++libica_la_CCASFLAGS = ${AM_CFLAGS} -Wa,--generate-missing-build-notes=yes + libica_la_LIBADD = ${LIBS_common} + libica_la_LDFLAGS = ${LDFLAGS_common} + libica_la_SOURCES = ${SOURCES_common} + + libica_cex_la_CFLAGS = ${CFLAGS_common} -DNO_CPACF -DLIBNAME=\"libica-cex\" +-libica_cex_la_CCASFLAGS = ${AM_CFLAGS} ++libica_cex_la_CCASFLAGS = ${AM_CFLAGS} -Wa,--generate-missing-build-notes=yes + libica_cex_la_LIBADD = ${LIBS_common} + libica_cex_la_LDFLAGS = ${LDFLAGS_common} + libica_cex_la_SOURCES = ${SOURCES_common} diff --git a/libica-4.1.1-revert-abi.patch b/libica-4.1.1-revert-abi.patch new file mode 100644 index 0000000..abf8be2 --- /dev/null +++ b/libica-4.1.1-revert-abi.patch @@ -0,0 +1,1618 @@ +From 2945363230c1d76d21327e12995a8789ec9df514 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Dan=20Hor=C3=A1k?= +Date: Tue, 22 Mar 2022 12:43:19 +0100 +Subject: [libica PATCH 1/2] Revert "Remove deprecated API functions" + +This reverts commit 4a3a77232ee85cf9f4eb7ac2d366b613013b9048. +--- + include/ica_api.h | 230 ++++++++++++++++++++++++++++++ + libica.map | 8 ++ + src/ica_api.c | 258 ++++++++++++++++++++++++++++++++++ + src/include/s390_crypto.h | 5 - + test/Makefile.am | 11 +- + test/aes_128_test.c | 284 ++++++++++++++++++++++++++++++++++++++ + test/aes_192_test.c | 163 ++++++++++++++++++++++ + test/aes_256_test.c | 162 ++++++++++++++++++++++ + test/des_test.c | 157 +++++++++++++++++++++ + test/tdes_test.c | 148 ++++++++++++++++++++ + 10 files changed, 1418 insertions(+), 8 deletions(-) + create mode 100644 test/aes_128_test.c + create mode 100644 test/aes_192_test.c + create mode 100644 test/aes_256_test.c + create mode 100644 test/des_test.c + create mode 100644 test/tdes_test.c + +diff --git a/include/ica_api.h b/include/ica_api.h +index 0263d2f..8f7bbdb 100644 +--- a/include/ica_api.h ++++ b/include/ica_api.h +@@ -1447,6 +1447,227 @@ unsigned int ica_rsa_crt(ica_adapter_handle_t adapter_handle, + ICA_EXPORT + unsigned int ica_rsa_crt_key_check(ica_rsa_key_crt_t *rsa_key); + ++/** ++ * @deprecated, use ica_des_ecb() or ica_des_cbc() instead. ++ * ++ * Encrypt data using a single length DES key. ++ * @param mode Specifies the operational mode and must be: ++ * MODE_ECB - Use Electronic Code Book mode ++ * MODE_CBC - Use Cipher Block Chaining mode ++ * @param data_length ++ * Specifies the byte length of the input data. It has to be a multiple of the ++ * cipher block which has a size of 8 byte. ++ * @param input_data ++ * Pointer to the input data data to be encrypted. Must be a multiple of the ++ * cipher to use hw acceleration. ++ * @param iv ++ * Pointer to a valid 8 byte initialization vector when using CBC mode. ++ * @param des_key ++ * Pointer to a single length DES key. ++ * @param output_data ++ * Pointer to the buffer to contain the resulting encrypted data. Must be a ++ * multiple of the cipher block and at least as big as the buffer for ++ * input_data. ++ * ++ * @return 0 if successful. ++ * EINVAL if at least one invalid parameter is given. ++ * EIO if the operation fails. This should never happen. ++ */ ++/* XXX next major: remove */ ++ICA_EXPORT ICA_DEPRECATED ++unsigned int ica_des_encrypt(unsigned int mode, ++ unsigned int data_length, ++ unsigned char *input_data, ++ ica_des_vector_t *iv, ++ ica_des_key_single_t *des_key, ++ unsigned char *output_data); ++ ++/** ++ * @deprecated, use ica_des_ecb() or ica_des_cbc() instead. ++ * ++ * Decrypt data using a single length DES key. ++ * @param mode ++ * Specifies the operational mode and must be: ++ * MODE_ECB - Use Electronic Code Book mode ++ * MODE_CBC - Use Cipher Block Chaining mode ++ * @param data_length ++ * Specifies the byte length of the input data. It has to be a multiple of the ++ * cipher block which has a size of 8 byte. ++ * @param input_data ++ * Pointer to the input data data to be decrypted. Must be a multiple of the ++ * cipher to use hw acceleration. ++ * @param iv ++ * Pointer to a valid 8 byte initialization vector when using CBC mode. ++ * @param des_key ++ * Pointer to a single length DES key. ++ * @param output_data ++ * Pointer to the buffer to contain the resulting decrypted data. Must be a ++ * multiple of the cipher block and at least as big as the buffer for ++ * input_data. ++ * ++ * @return 0 if successful. ++ * EINVAL if at least one invalid parameter is given. ++ * EIO if the operation fails. This should never happen. ++ */ ++/* XXX next major: remove */ ++ICA_EXPORT ICA_DEPRECATED ++unsigned int ica_des_decrypt(unsigned int mode, ++ unsigned int data_length, ++ unsigned char *input_data, ++ ica_des_vector_t *iv, ++ ica_des_key_single_t *des_key, ++ unsigned char *output_data); ++ ++/** ++ * @deprecated, use ica_3des_ecb() or ica_3des_cbc() instead. ++ * ++ * Encrypt data using a triple length DES key. ++ * @param mode ++ * Specifies the operational mode and must be: ++ * MODE_ECB - Use Electronic Code Book mode ++ * MODE_CBC - Use Cipher Block Chaining mode ++ * @param data_length ++ * Specifies the byte length of the input data. It has to be a multiple of the ++ * cipher block which has a size of 8 byte. ++ * @param input_data ++ * Pointer to the input data data to be encrypted. Must be a multiple of the ++ * cipher block to use hw acceleration. ++ * @param iv ++ * Pointer to a valid 8 byte initialization vector when using CBC mode. ++ * @param des_key ++ * Pointer to a triple length DES key. ++ * @param output_data ++ * Pointer to the buffer to contain the resulting encrypted data. Must be a ++ * multiple of the cipher block and at least as big as the buffer for ++ * input_data. ++ * ++ * @return 0 if successful. ++ * EINVAL if at least one invalid parameter is given. ++ * EIO if the operation fails. This should never happen. ++ */ ++/* XXX next major: remove */ ++ICA_EXPORT ICA_DEPRECATED ++unsigned int ica_3des_encrypt(unsigned int mode, ++ unsigned int data_length, ++ unsigned char *input_data, ++ ica_des_vector_t *iv, ++ ica_des_key_triple_t *des_key, ++ unsigned char *output_data); ++ ++/** ++ * @deprecated, use ica_3des_ecb() or ica_3des_cbc() instead. ++ * ++ * Decrypt data using a triple length DES key. ++ * @param mode ++ * Specifies the operational mode and must be: ++ * MODE_ECB - Use Electronic Code Book mode ++ * MODE_CBC - Use Cipher Block Chaining mode ++ * @param data_length ++ * Specifies the byte length of the input data. It has to be a multiple of the ++ * cipher block which has a size of 8 byte. ++ * @param input_data ++ * Pointer to the input data data to be decrypted. Must be a multiple of the ++ * cipher block to use hw acceleration. ++ * @param iv ++ * Pointer to a valid 8 byte initialization vector when using CBC mode. ++ * @param des_key ++ * Pointer to a triple length DES key. ++ * @param output_data ++ * Pointer to the buffer to contain the resulting decrypted data. Must be a ++ * multiple of the cipher block and at least as big as the buffer for ++ * input_data. ++ * ++ * @return 0 if successful. ++ * EINVAL if at least one invalid parameter is given. ++ * EIO if the operation fails. This should never happen. ++ */ ++/* XXX next major: remove */ ++ICA_EXPORT ICA_DEPRECATED ++unsigned int ica_3des_decrypt(unsigned int mode, ++ unsigned int data_length, ++ unsigned char *input_data, ++ ica_des_vector_t *iv, ++ ica_des_key_triple_t *des_key, ++ unsigned char *output_data); ++ ++/** ++ * @deprecated, use ica_aes_ecb() or ica_aes_cbc() instead. ++ * ++ * Encrypt data using AES (key_length is 16, 24, or 32) ++ * @param mode ++ * Specifies the operational mode and must be: ++ * MODE_ECB - Use Electronic Code Book mode ++ * MODE_CBC - Use Cipher Block Chaining mode ++ * @param data_length ++ * Specifies the byte length of the input data. Input data length has to be ++ * a multiple of the AES block length, which is 16 bytes. ++ * @param input_data ++ * Pointer to the input data data to be encrypted. Must be a multiple of the ++ * cipher block to use hw acceleration. ++ * @param iv ++ * Pointer to a valid 16 byte initialization vector when using CBC mode. ++ * @param key_length ++ * Length of the AES key being used. ++ * @param aes_key ++ * Pointer to an AES key. ++ * @param output_data ++ * Pointer to the buffer to contain the resulting encrypted data. Must be a ++ * multiple of the cipher block and at least as big as the buffer for ++ * input_data. ++ * ++ * @return 0 if successful. ++ * EINVAL if at least one invalid parameter is given. ++ * EIO if the operation fails. This should never happen. ++ */ ++/* XXX next major: remove */ ++ICA_EXPORT ICA_DEPRECATED ++unsigned int ica_aes_encrypt(unsigned int mode, ++ unsigned int data_length, ++ unsigned char *input_data, ++ ica_aes_vector_t *iv, ++ unsigned int key_length, ++ unsigned char *aes_key, ++ unsigned char *output_data); ++ ++/** ++ * @deprecated, use ica_aes_ecb() or ica_aes_cbc() instead. ++ * ++ * Decrypt data using AES (key_length is 16, 24, or 32) ++ * @param mode ++ * Specifies the operational mode and must be: ++ * MODE_ECB - Use Electronic Code Book mode ++ * MODE_CBC - Use Cipher Block Chaining mode ++ * @param data_length ++ * Specifies the byte length of the input data. Input data length has to be ++ * a multiple of the AES block length, which is 16 bytes. ++ * @param input_data ++ * Pointer to the input data to be decrypted. Must be a multiple of the ++ * cipher block to use hw acceleration. ++ * @param iv ++ * Pointer to a valid 16 byte initialization vector when using CBC mode. ++ * @param key_length ++ * Length of the AES key being used. ++ * @param aes_key ++ * Pointer to an AES key. ++ * @param output_data ++ * Pointer to the buffer to contain the resulting decrypted data. Must be a ++ * multiple of the cipher block and at least as big as the buffer for ++ * input_data. ++ * ++ * @return 0 if successful. ++ * EINVAL if at least one invalid parameter is given. ++ * EIO if the operation fails. This should never happen. ++ */ ++/* XXX next major: remove */ ++ICA_EXPORT ICA_DEPRECATED ++unsigned int ica_aes_decrypt(unsigned int mode, ++ unsigned int data_length, ++ unsigned char *input_data, ++ ica_aes_vector_t *iv, ++ unsigned int key_length, ++ unsigned char *aes_key, ++ unsigned char *output_data); ++ + /** + * Encrypt or decrypt data with an DES key using Electronic Cook Book (ECB) + * mode as described in NIST Special Publication 800-38A Chapter 6.1. +@@ -3485,6 +3706,15 @@ void ica_aes_gcm_kma_ctx_free(kma_ctx* ctx); + ICA_EXPORT + unsigned int ica_get_version(libica_version_info *version_info); + ++/* XXX next major: dont export, move to s390_crypto.h */ ++ICA_EXPORT ICA_DEPRECATED ++int s390_initialize_functionlist(void); ++ ++/* XXX next major: dont export, move to s390_crypto.h */ ++ICA_EXPORT ICA_DEPRECATED ++int s390_get_functionlist(libica_func_list_element *pmech_list, ++ unsigned int *pmech_list_len); ++ + /** + * Function that returns a list of crypto mechanisms supported by libica. + * @param pmech_list +diff --git a/libica.map b/libica.map +index 0a64d4c..0a71832 100644 +--- a/libica.map ++++ b/libica.map +@@ -3,11 +3,15 @@ LIBICA_3.0.0 { + _fini; + _init; + ++ s390_initialize_functionlist; ++ s390_get_functionlist; + ica_get_functionlist; + ica_get_version; + + ica_random_number_generate; + ++ ica_des_encrypt; ++ ica_des_decrypt; + ica_des_ecb; + ica_des_cbc; + ica_des_cbc_cs; +@@ -19,6 +23,8 @@ LIBICA_3.0.0 { + ica_des_cmac_intermediate; + ica_des_cmac_last; + ++ ica_3des_encrypt; ++ ica_3des_decrypt; + ica_3des_ecb; + ica_3des_cbc; + ica_3des_cbc_cs; +@@ -30,6 +36,8 @@ LIBICA_3.0.0 { + ica_3des_cmac_intermediate; + ica_3des_cmac_last; + ++ ica_aes_encrypt; ++ ica_aes_decrypt; + ica_aes_ecb; + ica_aes_cbc; + ica_aes_cbc_cs; +diff --git a/src/ica_api.c b/src/ica_api.c +index 42d9baf..3e13a29 100644 +--- a/src/ica_api.c ++++ b/src/ica_api.c +@@ -2436,6 +2436,264 @@ int ica_ed448_key_gen(ICA_ED448_CTX *ctx) + * + ******************************************************************************/ + ++unsigned int ica_des_encrypt(unsigned int mode, ++ unsigned int data_length, ++ unsigned char *input_data, ++ ica_des_vector_t *iv, ++ ica_des_key_single_t *des_key, ++ unsigned char *output_data) ++{ ++#ifdef NO_CPACF ++ UNUSED(mode); ++ UNUSED(data_length); ++ UNUSED(input_data); ++ UNUSED(iv); ++ UNUSED(des_key); ++ UNUSED(output_data); ++ return EPERM; ++#else ++#ifdef ICA_FIPS ++ if (fips) ++ return EACCES; ++#endif /* ICA_FIPS */ ++ ++ if (check_des_parms(mode, data_length, input_data, ++ (unsigned char *) iv, (unsigned char *) des_key, ++ output_data)) ++ return EINVAL; ++ ++ if (mode == MODE_ECB) { ++ return s390_des_ecb(DEA_ENCRYPT, data_length, ++ input_data, (unsigned char *) des_key, ++ output_data); ++ } else if (mode == MODE_CBC) { ++ return s390_des_cbc(DEA_ENCRYPT, data_length, ++ input_data, (unsigned char *) iv, ++ (unsigned char *) des_key, output_data); ++ } ++ return EINVAL; ++#endif /* NO_CPACF */ ++} ++ ++unsigned int ica_des_decrypt(unsigned int mode, ++ unsigned int data_length, ++ unsigned char *input_data, ++ ica_des_vector_t *iv, ++ ica_des_key_single_t *des_key, ++ unsigned char *output_data) ++{ ++#ifdef NO_CPACF ++ UNUSED(mode); ++ UNUSED(data_length); ++ UNUSED(input_data); ++ UNUSED(iv); ++ UNUSED(des_key); ++ UNUSED(output_data); ++ return EPERM; ++#else ++#ifdef ICA_FIPS ++ if (fips) ++ return EACCES; ++#endif /* ICA_FIPS */ ++ ++ if (check_des_parms(mode, data_length, input_data, ++ (unsigned char *) iv, (unsigned char *) des_key, ++ output_data)) ++ return EINVAL; ++ ++ if (mode == MODE_ECB) { ++ return s390_des_ecb(DEA_DECRYPT, data_length, ++ input_data, (unsigned char *) des_key, ++ output_data); ++ } else if (mode == MODE_CBC) { ++ return s390_des_cbc(DEA_DECRYPT, data_length, ++ input_data, (unsigned char *) iv, ++ (unsigned char *) des_key, output_data); ++ } ++ return EINVAL; ++#endif /* NO_CPACF */ ++} ++ ++unsigned int ica_3des_encrypt(unsigned int mode, ++ unsigned int data_length, ++ unsigned char *input_data, ++ ica_des_vector_t *iv, ++ ica_des_key_triple_t *des_key, ++ unsigned char *output_data) ++{ ++#ifdef NO_CPACF ++ UNUSED(mode); ++ UNUSED(data_length); ++ UNUSED(input_data); ++ UNUSED(iv); ++ UNUSED(des_key); ++ UNUSED(output_data); ++ return EPERM; ++#else ++#ifdef ICA_FIPS ++ if (fips >> 1) ++ return EACCES; ++ if (fips_check_3des_key(des_key)) ++ return EINVAL; ++#endif /* ICA_FIPS */ ++ ++ if (check_des_parms(mode, data_length, input_data, ++ (unsigned char *) iv, (unsigned char *) des_key, ++ output_data)) ++ return EINVAL; ++ ++ if (mode == MODE_ECB) { ++ return s390_des_ecb(TDEA_192_ENCRYPT, data_length, ++ input_data,(unsigned char *) des_key, ++ output_data); ++ } else if (mode == MODE_CBC) { ++ return s390_des_cbc(TDEA_192_ENCRYPT, data_length, ++ input_data, (unsigned char *) iv, ++ (unsigned char *) des_key, output_data); ++ } ++ return EINVAL; ++#endif /* NO_CPACF */ ++} ++ ++unsigned int ica_3des_decrypt(unsigned int mode, ++ unsigned int data_length, ++ unsigned char *input_data, ++ ica_des_vector_t *iv, ++ ica_des_key_triple_t *des_key, ++ unsigned char *output_data) ++{ ++#ifdef NO_CPACF ++ UNUSED(mode); ++ UNUSED(data_length); ++ UNUSED(input_data); ++ UNUSED(iv); ++ UNUSED(des_key); ++ UNUSED(output_data); ++ return EPERM; ++#else ++#ifdef ICA_FIPS ++ if (fips >> 1) ++ return EACCES; ++ if (fips_check_3des_key(des_key)) ++ return EINVAL; ++#endif /* ICA_FIPS */ ++ ++ if (check_des_parms(mode, data_length, input_data, ++ (unsigned char *) iv, (unsigned char *) des_key, ++ output_data)) ++ return EINVAL; ++ ++ if (mode == MODE_ECB) { ++ return s390_des_ecb(TDEA_192_DECRYPT, data_length, ++ input_data, (unsigned char *) des_key, ++ output_data); ++ } else if (mode == MODE_CBC) { ++ return s390_des_cbc(TDEA_192_DECRYPT, data_length, ++ input_data, (unsigned char *) iv, ++ (unsigned char *) des_key, output_data); ++ } ++ return EINVAL; ++#endif /* NO_CPACF */ ++} ++ ++unsigned int ica_aes_encrypt(unsigned int mode, ++ unsigned int data_length, ++ unsigned char *input_data, ++ ica_aes_vector_t *iv, ++ unsigned int key_length, ++ unsigned char *aes_key, ++ unsigned char *output_data) ++{ ++#ifdef NO_CPACF ++ UNUSED(mode); ++ UNUSED(data_length); ++ UNUSED(input_data); ++ UNUSED(iv); ++ UNUSED(key_length); ++ UNUSED(aes_key); ++ UNUSED(output_data); ++ return EPERM; ++#else ++ unsigned int function_code; ++ ++#ifdef ICA_FIPS ++ if (fips >> 1) ++ return EACCES; ++#endif /* ICA_FIPS */ ++ ++ /* check for obvious errors in parms */ ++ if (check_aes_parms(mode, data_length, input_data, ++ (unsigned char *) iv, key_length, aes_key, ++ output_data)) ++ return EINVAL; ++ ++ function_code = aes_directed_fc(key_length, ICA_ENCRYPT); ++ ++ switch (mode) { ++ case MODE_CBC: ++ return s390_aes_cbc(function_code, data_length, input_data, ++ (unsigned char *) iv, aes_key, ++ output_data); ++ case MODE_ECB: ++ return s390_aes_ecb(function_code, data_length, input_data, ++ aes_key, output_data); ++ default: ++ return EINVAL; ++ } ++ ++ return EINVAL; ++#endif /* NO_CPACF */ ++} ++ ++unsigned int ica_aes_decrypt(unsigned int mode, ++ unsigned int data_length, ++ unsigned char *input_data, ++ ica_aes_vector_t *iv, ++ unsigned int key_length, ++ unsigned char *aes_key, ++ unsigned char *output_data) ++{ ++#ifdef NO_CPACF ++ UNUSED(mode); ++ UNUSED(data_length); ++ UNUSED(input_data); ++ UNUSED(iv); ++ UNUSED(key_length); ++ UNUSED(aes_key); ++ UNUSED(output_data); ++ return EPERM; ++#else ++ unsigned int function_code; ++ ++#ifdef ICA_FIPS ++ if (fips >> 1) ++ return EACCES; ++#endif /* ICA_FIPS */ ++ ++ /* check for obvious errors in parms */ ++ if (check_aes_parms(mode, data_length, input_data, ++ (unsigned char *) iv, key_length, aes_key, ++ output_data)) ++ return EINVAL; ++ ++ function_code = aes_directed_fc(key_length, ICA_DECRYPT); ++ ++ switch (mode) { ++ case MODE_CBC: ++ return s390_aes_cbc(function_code, data_length, input_data, ++ (unsigned char *) iv, aes_key, ++ output_data); ++ case MODE_ECB: ++ return s390_aes_ecb(function_code, data_length, input_data, ++ aes_key, output_data); ++ default: ++ return EINVAL; ++ } ++ ++ return EINVAL; ++#endif /* NO_CPACF */ ++} ++ + unsigned int ica_des_ecb(const unsigned char *in_data, unsigned char *out_data, + unsigned long data_length, unsigned char *key, + unsigned int direction) +diff --git a/src/include/s390_crypto.h b/src/include/s390_crypto.h +index 49cbb09..76f530f 100644 +--- a/src/include/s390_crypto.h ++++ b/src/include/s390_crypto.h +@@ -25,11 +25,6 @@ + + #include + +-/* major 4.0: no more exported, now internal */ +-int s390_initialize_functionlist(void); +-int s390_get_functionlist(libica_func_list_element *pmech_list, +- unsigned int *pmech_list_len); +- + #ifndef OPENSSL_VERSION_PREREQ + #if defined(OPENSSL_VERSION_MAJOR) && defined(OPENSSL_VERSION_MINOR) + #define OPENSSL_VERSION_PREREQ(maj, min) \ +diff --git a/test/Makefile.am b/test/Makefile.am +index f220205..f756597 100644 +--- a/test/Makefile.am ++++ b/test/Makefile.am +@@ -7,16 +7,21 @@ get_version_test \ + rng_test \ + drbg_test \ + drbg_birthdays_test.pl \ ++des_test \ + des_ecb_test \ + des_cbc_test \ + des_ctr_test \ + des_cfb_test \ + des_ofb_test \ ++tdes_test \ + tdes_ecb_test \ + tdes_cbc_test \ + tdes_ctr_test \ + tdes_cfb_test \ + tdes_ofb_test \ ++aes_128_test \ ++aes_192_test \ ++aes_256_test \ + aes_ecb_test \ + aes_cbc_test \ + aes_ctr_test \ +@@ -71,10 +76,10 @@ get_functionlist_cex_test_SOURCES = get_functionlist_cex_test.c + get_functionlist_cex_test_LDADD = @LIBS@ ${top_builddir}/src/.libs/libica-cex.so -lcrypto -lpthread + + check_PROGRAMS = fips_test icastats_test get_functionlist_test \ +-get_version_test rng_test drbg_test drbg_birthdays_test \ ++get_version_test rng_test drbg_test drbg_birthdays_test des_test \ + des_ecb_test des_cbc_test des_ctr_test des_cfb_test des_ofb_test \ +-tdes_ecb_test tdes_cbc_test tdes_ctr_test tdes_cfb_test \ +-tdes_ofb_test aes_ecb_test \ ++tdes_test tdes_ecb_test tdes_cbc_test tdes_ctr_test tdes_cfb_test \ ++tdes_ofb_test aes_128_test aes_192_test aes_256_test aes_ecb_test \ + aes_cbc_test aes_ctr_test aes_cfb_test aes_ofb_test aes_xts_test \ + aes_gcm_test aes_gcm_kma_test cbccs_test ccm_test cmac_test sha_test \ + sha1_test sha256_test sha3_224_test sha3_256_test sha3_384_test \ +diff --git a/test/aes_128_test.c b/test/aes_128_test.c +new file mode 100644 +index 0000000..d5667bb +--- /dev/null ++++ b/test/aes_128_test.c +@@ -0,0 +1,284 @@ ++/* This program is released under the Common Public License V1.0 ++ * ++ * You should have received a copy of Common Public License V1.0 along with ++ * with this program. ++ */ ++ ++/* Copyright IBM Corp. 2005, 2009, 2011 */ ++#include ++#include ++#include ++#include ++#include ++#include ++#include "ica_api.h" ++#include ++#include ++#include "testcase.h" ++ ++unsigned char NIST_KEY1[] = { ++ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, ++ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, ++}; ++ ++unsigned char NIST_TEST_DATA[] = { ++ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, ++ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, ++}; ++ ++unsigned char NIST_TEST_RESULT[] = { ++ 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30, ++ 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a, ++}; ++ ++int test_aes128_new_api(int mode) ++{ ++ ica_aes_vector_t iv; ++ unsigned char key[AES_KEY_LEN128]; ++ int rc = 0; ++ unsigned char dec_text[sizeof(NIST_TEST_DATA)], ++ enc_text[sizeof(NIST_TEST_DATA)]; ++ ++ bzero(dec_text, sizeof(dec_text)); ++ bzero(enc_text, sizeof(enc_text)); ++ bzero(iv, sizeof(iv)); ++ bcopy(NIST_KEY1, key, sizeof(NIST_KEY1)); ++ ++ rc = ica_aes_encrypt(mode, sizeof(NIST_TEST_DATA), NIST_TEST_DATA, &iv, ++ AES_KEY_LEN128, key, enc_text); ++ if (rc) { ++ VV_(printf("key \n")); ++ dump_array((unsigned char *) key, sizeof(NIST_KEY1)); ++ VV_(printf("\nOriginal data:\n")); ++ dump_array((unsigned char *) NIST_TEST_DATA, sizeof(NIST_TEST_DATA)); ++ VV_(printf("test iv\n")); ++ dump_array((unsigned char *) &iv, sizeof(ica_aes_vector_t)); ++ VV_(printf("key\n")); ++ dump_array((unsigned char *) key, AES_KEY_LEN128); ++ VV_(printf("ica_aes_encrypt failed with errno %d (0x%x).\n", rc, rc)); ++ return TEST_FAIL; ++ } ++ ++ if (memcmp(enc_text, NIST_TEST_RESULT, sizeof(NIST_TEST_RESULT)) != 0) { ++ VV_(printf("key \n")); ++ dump_array((unsigned char *) key, sizeof(NIST_KEY1)); ++ VV_(printf("\nOriginal data:\n")); ++ dump_array((unsigned char *) NIST_TEST_DATA, sizeof(NIST_TEST_DATA)); ++ VV_(printf("test iv\n")); ++ dump_array((unsigned char *) &iv, sizeof(ica_aes_vector_t)); ++ VV_(printf("key\n")); ++ dump_array((unsigned char *) key, AES_KEY_LEN128); ++ VV_(printf("\nEncrypted data:\n")); ++ dump_array((unsigned char *) enc_text, sizeof(enc_text)); ++ VV_(printf("This does NOT match the known result.\n")); ++ return TEST_FAIL; ++ } else { ++ VV_(printf("Yep, it's what it should be.\n")); ++ } ++ ++ bzero(iv, sizeof(iv)); ++ rc = ica_aes_decrypt(mode, sizeof(enc_text), enc_text, &iv, ++ AES_KEY_LEN128, key, dec_text); ++ if (rc) { ++ VV_(printf("key \n")); ++ dump_array((unsigned char *) key, sizeof(NIST_KEY1)); ++ VV_(printf("\nOriginal data:\n")); ++ dump_array((unsigned char *) NIST_TEST_DATA, sizeof(NIST_TEST_DATA)); ++ VV_(printf("test iv\n")); ++ dump_array((unsigned char *) &iv, sizeof(ica_aes_vector_t)); ++ VV_(printf("key\n")); ++ dump_array((unsigned char *) key, AES_KEY_LEN128); ++ VV_(printf("\nEncrypted data:\n")); ++ dump_array((unsigned char *) enc_text, sizeof(enc_text)); ++ VV_(printf("\nDecrypted data:\n")); ++ dump_array((unsigned char *) dec_text, sizeof(dec_text)); ++ VV_(printf("ica_aes_decrypt failed with errno %d (0x%x).\n", rc, rc)); ++ return TEST_FAIL; ++ } ++ ++ if (memcmp(dec_text, NIST_TEST_DATA, sizeof(NIST_TEST_DATA)) != 0) { ++ VV_(printf("This does NOT match the original data.\n")); ++ return TEST_FAIL; ++ } else { ++ VV_(printf("Successful!\n")); ++ VV_(printf("key \n")); ++ dump_array((unsigned char *) key, sizeof(NIST_KEY1)); ++ VV_(printf("\nOriginal data:\n")); ++ dump_array((unsigned char *) NIST_TEST_DATA, sizeof(NIST_TEST_DATA)); ++ VV_(printf("test iv\n")); ++ dump_array((unsigned char *) &iv, sizeof(ica_aes_vector_t)); ++ VV_(printf("key\n")); ++ dump_array((unsigned char *) key, AES_KEY_LEN128); ++ VV_(printf("\nEncrypted data:\n")); ++ dump_array((unsigned char *) enc_text, sizeof(enc_text)); ++ VV_(printf("\nDecrypted data:\n")); ++ dump_array((unsigned char *) dec_text, sizeof(dec_text)); ++ } ++ ++// Test 2 ++ ++ rc = 0; ++ bzero(dec_text, sizeof(dec_text)); ++ bzero(enc_text, sizeof(enc_text)); ++ bzero(iv, sizeof(iv)); ++ bzero(key, sizeof(key)); ++ ++ unsigned int length = 64; ++ unsigned char *decrypt = malloc(length); ++ unsigned char *encrypt = malloc(length); ++ unsigned char *original = malloc(length); ++ ica_aes_key_len_128_t key2; ++ ++ rc = ica_random_number_generate(length, original); ++ if (rc) { ++ VV_(printf("ica_random_number_generate returned rc = %i\n", rc)); ++ return TEST_FAIL; ++ } ++ ++ rc = ica_random_number_generate(AES_KEY_LEN128, (unsigned char *) &key2); ++ if (rc) { ++ VV_(printf("ica_random_number_generate returned rc = %i\n", rc)); ++ return TEST_FAIL; ++ } ++ ++ rc = ica_aes_encrypt(mode, length, original, &iv, AES_KEY_LEN128, (unsigned char *) &key2, ++ (unsigned char *) encrypt); ++ if (rc) { ++ VV_(printf("\nOriginal data:\n")); ++ dump_array((unsigned char *) original, length); ++ VV_(printf("KEY: \n")); ++ dump_array((unsigned char *) &key2, AES_KEY_LEN128); ++ VV_(printf("ica_aes_encrypt failed with errno %d (0x%x).\n", rc, rc)); ++ return TEST_FAIL; ++ } ++ ++ if (memcmp(encrypt, original, length) == 0) { ++ VV_(printf("Encrypt and original are the same.\n")); ++ return TEST_FAIL; ++ } ++ ++ bzero(iv, sizeof(iv)); ++ rc = ica_aes_decrypt(mode, length, encrypt, &iv, AES_KEY_LEN128, ++ (unsigned char *) &key2, decrypt); ++ if (rc) { ++ VV_(printf("\nOriginal data:\n")); ++ dump_array((unsigned char *) original, length); ++ VV_(printf("KEY: \n")); ++ dump_array((unsigned char *) &key2, AES_KEY_LEN128); ++ VV_(printf("\nEncrypted data:\n")); ++ dump_array((unsigned char *) encrypt, length); ++ VV_(printf("ica_aes_decrypt failed with errno %d (0x%x).\n", rc, rc)); ++ goto free; ++ } ++ ++ if (memcmp(decrypt, original, length) != 0) { ++ VV_(printf("\nOriginal data:\n")); ++ dump_array((unsigned char *) original, length); ++ VV_(printf("KEY: \n")); ++ dump_array((unsigned char *) &key2, AES_KEY_LEN128); ++ VV_(printf("\nEncrypted data:\n")); ++ dump_array((unsigned char *) encrypt, length); ++ VV_(printf("\nDecrypted data:\n")); ++ dump_array((unsigned char *) decrypt, length); ++ VV_(printf("This does NOT match the original data.\n")); ++ rc = -1; ++ goto free; ++ } ++ ++ if(memcmp(decrypt, encrypt, length) == 0) { ++ VV_(printf("\nOriginal data:\n")); ++ dump_array((unsigned char *) original, length); ++ VV_(printf("KEY: \n")); ++ dump_array((unsigned char *) &key2, AES_KEY_LEN128); ++ VV_(printf("\nEncrypted data:\n")); ++ dump_array((unsigned char *) encrypt, length); ++ VV_(printf("\nDecrypted data:\n")); ++ dump_array((unsigned char *) decrypt, length); ++ VV_(printf("decrypt and encrypt are the same\n")); ++ rc = -1; ++ goto free; ++ ++ } else { ++ VV_(printf("Successful!\n")); ++ } ++free: ++ free(original); ++ free(encrypt); ++ free(decrypt); ++ ++ if (rc) ++ return TEST_FAIL; ++ ++ return TEST_SUCC; ++} ++ ++/* ++ * Performs ECB and CBC tests. ++ */ ++int main(int argc, char **argv) ++{ ++#ifdef NO_CPACF ++ UNUSED(argc); ++ UNUSED(argv); ++ printf("Skipping AES-128 test, because CPACF support disabled via config option.\n"); ++ return TEST_SKIP; ++#else ++ unsigned int mode = 0; ++ int rc = 0; ++ int error_count = 0; ++ ++ if (argc > 1) { ++ if (strstr(argv[1], "ecb")) ++ mode = MODE_ECB; ++ if (strstr(argv[1], "cbc")) ++ mode = MODE_CBC; ++ } ++ ++ if (argc > 2) { ++ if (strstr(argv[2], "ecb")) ++ mode = MODE_ECB; ++ if (strstr(argv[2], "cbc")) ++ mode = MODE_CBC; ++ } ++ ++ set_verbosity(argc, argv); ++ ++ if (mode != 0 && mode != MODE_ECB && mode != MODE_CBC) { ++ printf("Usage: %s [ ecb | cbc ]\n", argv[0]); ++ return TEST_ERR; ++ } ++ ++ if (!mode) { ++ /* This is the standard loop that will perform all testcases */ ++ mode = 2; ++ while (mode) { ++ rc = test_aes128_new_api(mode); ++ if (rc) { ++ error_count++; ++ V_(printf ("test_aes_new_api mode = %i failed \n", mode)); ++ } ++ else { ++ V_(printf ("test_aes_new_api mode = %i finished.\n", mode)); ++ } ++ mode--; ++ } ++ if (error_count) ++ printf("%i AES-128-ECB/CBC tests failed.\n", error_count); ++ else ++ printf("All AES-128-ECB/CBC tests passed.\n"); ++ } else { ++ /* Perform only either in ECB or CBC mode */ ++ rc = test_aes128_new_api(mode); ++ if (rc) ++ printf ("test_aes_new_api mode = %i failed \n", mode); ++ else { ++ printf ("test_aes_new_api mode = %i finished.\n", mode); ++ } ++ } ++ ++ if (rc) ++ return TEST_FAIL; ++ ++ return TEST_SUCC; ++#endif /* NO_CPACF */ ++} +diff --git a/test/aes_192_test.c b/test/aes_192_test.c +new file mode 100644 +index 0000000..e803f39 +--- /dev/null ++++ b/test/aes_192_test.c +@@ -0,0 +1,163 @@ ++/* This program is released under the Common Public License V1.0 ++ * ++ * You should have received a copy of Common Public License V1.0 along with ++ * with this program. ++ */ ++ ++/* Copyright IBM Corp. 2005, 2009, 2011 */ ++#include ++#include ++#include ++#include ++#include ++#include ++#include "ica_api.h" ++#include "testcase.h" ++ ++unsigned char NIST_KEY2[] = { ++ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, ++ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, ++ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, ++}; ++ ++unsigned char NIST_TEST_DATA[] = { ++ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, ++ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, ++}; ++ ++unsigned char NIST_TEST_RESULT[] = { ++ 0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0, ++ 0x6e, 0xaf, 0x70, 0xa0, 0xec, 0x0d, 0x71, 0x91, ++}; ++ ++int test_aes192_new_api(int mode) ++{ ++ ica_aes_vector_t iv; ++ ica_aes_key_len_192_t key; ++ int rc = 0; ++ unsigned char dec_text[sizeof(NIST_TEST_DATA)], ++ enc_text[sizeof(NIST_TEST_DATA)]; ++ ++ bzero(dec_text, sizeof(dec_text)); ++ bzero(enc_text, sizeof(enc_text)); ++ bzero(iv, sizeof(iv)); ++ bcopy(NIST_KEY2, key, sizeof(NIST_KEY2)); ++ ++ rc = ica_aes_encrypt(mode, sizeof(NIST_TEST_DATA), NIST_TEST_DATA, &iv, ++ AES_KEY_LEN192, (unsigned char *) &key, enc_text); ++ if (rc) { ++ VV_(printf("\nOriginal data:\n")); ++ dump_array((unsigned char*)NIST_TEST_DATA, sizeof(NIST_TEST_DATA)); ++ VV_(printf("ica_aes_encrypt failed with errno %d (0x%x).\n", rc, rc)); ++ return TEST_FAIL; ++ } ++ ++ if (memcmp(enc_text, NIST_TEST_RESULT, sizeof(NIST_TEST_RESULT)) != 0) { ++ VV_(printf("\nOriginal data:\n")); ++ dump_array((unsigned char*)NIST_TEST_DATA, sizeof(NIST_TEST_DATA)); ++ VV_(printf("\nEncrypted data:\n")); ++ dump_array((unsigned char*)enc_text, sizeof(enc_text)); ++ VV_(printf("This does NOT match the known result.\n")); ++ return TEST_FAIL; ++ } else { ++ VV_(printf("Yep, it's what it should be.\n")); ++ } ++ ++ bzero(iv, sizeof(iv)); ++ rc = ica_aes_decrypt(mode, sizeof(enc_text), enc_text, &iv, ++ AES_KEY_LEN192, (unsigned char *) &key, dec_text); ++ if (rc != 0) { ++ VV_(printf("ica_aes_decrypt failed with errno %d (0x%x).\n", rc, rc)); ++ return TEST_FAIL; ++ } ++ ++ if (memcmp(dec_text, NIST_TEST_DATA, sizeof(NIST_TEST_DATA)) != 0) { ++ VV_(printf("\nOriginal data:\n")); ++ dump_array((unsigned char*)NIST_TEST_DATA, sizeof(NIST_TEST_DATA)); ++ VV_(printf("\nEncrypted data:\n")); ++ dump_array((unsigned char*)enc_text, sizeof(enc_text)); ++ VV_(printf("\nDecrypted data:\n")); ++ dump_array((unsigned char*)dec_text, sizeof(dec_text)); ++ VV_(printf("This does NOT match the original data.\n")); ++ return TEST_FAIL; ++ } else { ++ VV_(printf("Successful!\n")); ++ VV_(printf("\nOriginal data:\n")); ++ dump_array((unsigned char*)NIST_TEST_DATA, sizeof(NIST_TEST_DATA)); ++ VV_(printf("\nEncrypted data:\n")); ++ dump_array((unsigned char*)enc_text, sizeof(enc_text)); ++ VV_(printf("\nDecrypted data:\n")); ++ dump_array((unsigned char*)dec_text, sizeof(dec_text)); ++ } ++ ++ return TEST_SUCC; ++} ++ ++/* ++ * Performs ECB and CBC tests. ++ */ ++int main(int argc, char **argv) ++{ ++#ifdef NO_CPACF ++ UNUSED(argc); ++ UNUSED(argv); ++ printf("Skipping AES-192 test, because CPACF support disabled via config option.\n"); ++ return TEST_SKIP; ++#else ++ unsigned int mode = 0; ++ int rc = 0; ++ int error_count = 0; ++ ++ if (argc > 1) { ++ if (strstr(argv[1], "ecb")) ++ mode = MODE_ECB; ++ if (strstr(argv[1], "cbc")) ++ mode = MODE_CBC; ++ } ++ if (argc > 2) { ++ if (strstr(argv[2], "ecb")) ++ mode = MODE_ECB; ++ if (strstr(argv[2], "cbc")) ++ mode = MODE_CBC; ++ } ++ ++ set_verbosity(argc, argv); ++ ++ if (mode != 0 && mode != MODE_ECB && mode != MODE_CBC) { ++ printf("Usage: %s [ ecb | cbc ]\n", argv[0]); ++ return TEST_ERR; ++ } ++ ++ if (!mode) { ++ /* This is the standard loop that will perform all testcases */ ++ mode = 2; ++ while (mode) { ++ rc = test_aes192_new_api(mode); ++ if (rc) { ++ error_count++; ++ V_(printf ("test_aes_new_api mode = %i failed \n", mode)); ++ } else { ++ V_(printf ("test_aes_new_api mode = %i finished.\n", mode)); ++ } ++ mode--; ++ } ++ if (error_count) ++ printf("%i AES-192-ECB/CBC tests failed.\n", error_count); ++ else ++ printf("All AES-192-ECB/CBC tests passed.\n"); ++ } else { ++ /* Perform only either in ECB or CBC mode */ ++ rc = test_aes192_new_api(mode); ++ if (rc) ++ printf ("test_aes_new_api mode = %i failed \n", mode); ++ else { ++ printf ("test_aes_new_api mode = %i finished.\n", mode); ++ } ++ } ++ ++ if (rc) ++ return TEST_FAIL; ++ ++ return TEST_SUCC; ++#endif /* NO_CPACF */ ++} +diff --git a/test/aes_256_test.c b/test/aes_256_test.c +new file mode 100644 +index 0000000..30f01f0 +--- /dev/null ++++ b/test/aes_256_test.c +@@ -0,0 +1,162 @@ ++/* This program is released under the Common Public License V1.0 ++ * ++ * You should have received a copy of Common Public License V1.0 along with ++ * with this program. ++ */ ++ ++/* Copyright IBM Corp. 2005, 2009, 2011 */ ++#include ++#include ++#include ++#include ++#include ++#include ++#include "ica_api.h" ++#include "testcase.h" ++ ++unsigned char NIST_KEY3[] = { ++ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, ++ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, ++ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, ++ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, ++}; ++ ++unsigned char NIST_TEST_DATA[] = { ++ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, ++ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, ++}; ++ ++unsigned char NIST_TEST_RESULT[] = { ++ 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf, ++ 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89, ++}; ++ ++int test_aes256_new_api(int mode) ++{ ++ ica_aes_vector_t iv; ++ unsigned char key[AES_KEY_LEN256]; ++ int rc = 0; ++ unsigned char dec_text[sizeof(NIST_TEST_DATA)], ++ enc_text[sizeof(NIST_TEST_DATA)]; ++ ++ bzero(dec_text, sizeof(dec_text)); ++ bzero(enc_text, sizeof(enc_text)); ++ bzero(iv, sizeof(iv)); ++ bcopy(NIST_KEY3, key, sizeof(NIST_KEY3)); ++ ++ rc = ica_aes_encrypt(mode, sizeof(NIST_TEST_DATA), NIST_TEST_DATA, &iv, ++ AES_KEY_LEN256, key, enc_text); ++ if (rc) { ++ VV_(printf("ica_aes_encrypt failed with errno %d (0x%x).\n", rc, rc)); ++ return TEST_FAIL; ++ } ++ ++ if (memcmp(enc_text, NIST_TEST_RESULT, sizeof(NIST_TEST_RESULT)) != 0) { ++ VV_(printf("\nOriginal data:\n")); ++ dump_array((unsigned char *) NIST_TEST_DATA, sizeof(NIST_TEST_DATA)); ++ VV_(printf("\nEncrypted data:\n")); ++ dump_array((unsigned char *) enc_text, sizeof(enc_text)); ++ VV_(printf("This does NOT match the known result.\n")); ++ return TEST_FAIL; ++ } else { ++ VV_(printf("Yep, it's what it should be.\n")); ++ } ++ ++ bzero(iv, sizeof(iv)); ++ rc = ica_aes_decrypt(mode, sizeof(enc_text), enc_text, &iv, ++ AES_KEY_LEN256, key, dec_text); ++ if (rc) { ++ VV_(printf("ica_aes_decrypt failed with errno %d (0x%x).\n", rc, rc)); ++ return TEST_FAIL; ++ } ++ ++ if (memcmp(dec_text, NIST_TEST_DATA, sizeof(NIST_TEST_DATA)) != 0) { ++ VV_(printf("\nOriginal data:\n")); ++ dump_array((unsigned char *) NIST_TEST_DATA, sizeof(NIST_TEST_DATA)); ++ VV_(printf("\nEncrypted data:\n")); ++ dump_array((unsigned char *) enc_text, sizeof(enc_text)); ++ VV_(printf("\nDecrypted data:\n")); ++ dump_array((unsigned char *) dec_text, sizeof(dec_text)); ++ VV_(printf("This does NOT match the original data.\n")); ++ return TEST_FAIL; ++ } else { ++ VV_(printf("\nOriginal data:\n")); ++ dump_array((unsigned char *) NIST_TEST_DATA, sizeof(NIST_TEST_DATA)); ++ VV_(printf("\nEncrypted data:\n")); ++ dump_array((unsigned char *) enc_text, sizeof(enc_text)); ++ VV_(printf("\nDecrypted data:\n")); ++ dump_array((unsigned char *) dec_text, sizeof(dec_text)); ++ VV_(printf("Successful!\n")); ++ } ++ ++ return TEST_SUCC; ++} ++ ++/* ++ * Performs ECB and CBC tests. ++ */ ++int main(int argc, char **argv) ++{ ++#ifdef NO_CPACF ++ UNUSED(argc); ++ UNUSED(argv); ++ printf("Skipping AES-256 test, because CPACF support disabled via config option.\n"); ++ return TEST_SKIP; ++#else ++ unsigned int mode = 0; ++ int rc = 0; ++ int error_count = 0; ++ ++ if (argc > 1) { ++ if (strstr(argv[1], "ecb")) ++ mode = MODE_ECB; ++ if (strstr(argv[1], "cbc")) ++ mode = MODE_CBC; ++ } ++ if (argc > 2) { ++ if (strstr(argv[2], "ecb")) ++ mode = MODE_ECB; ++ if (strstr(argv[2], "cbc")) ++ mode = MODE_CBC; ++ } ++ ++ set_verbosity(argc, argv); ++ ++ if (mode != 0 && mode != MODE_ECB && mode != MODE_CBC) { ++ printf("Usage: %s [ ecb | cbc ]\n", argv[0]); ++ return TEST_ERR; ++ } ++ ++ if (!mode) { ++ /* This is the standard loop that will perform all testcases */ ++ mode = 2; ++ while (mode) { ++ rc = test_aes256_new_api(mode); ++ if (rc) { ++ error_count++; ++ V_(printf ("test_aes_new_api mode = %i failed \n", mode)); ++ } ++ else { ++ V_(printf ("test_aes_new_api mode = %i finished.\n", mode)); ++ } ++ mode--; ++ } ++ if (error_count) ++ printf("%i AES-256-ECB/CBC tests failed.\n", error_count); ++ else ++ printf("All AES-256-ECB/CBC tests passed.\n"); ++ } else { ++ /* Perform only either in ECB or CBC mode */ ++ rc = test_aes256_new_api(mode); ++ if (rc) ++ printf("test_aes_new_api mode = %i failed \n", mode); ++ else ++ printf("test_aes_new_api mode = %i finished.\n", mode); ++ } ++ ++ if (rc) ++ return TEST_FAIL; ++ ++ return TEST_SUCC; ++#endif /* NO_CPACF */ ++} +diff --git a/test/des_test.c b/test/des_test.c +new file mode 100644 +index 0000000..c796792 +--- /dev/null ++++ b/test/des_test.c +@@ -0,0 +1,157 @@ ++/* This program is released under the Common Public License V1.0 ++ * ++ * You should have received a copy of Common Public License V1.0 along with ++ * with this program. ++ */ ++ ++/* Copyright IBM Corp. 2001, 2009, 2011 */ ++#include ++#include ++#include ++#include ++#include ++#include ++#include "ica_api.h" ++#include "testcase.h" ++ ++const int cipher_buf_length = 8; ++ ++unsigned char NIST_KEY1[] = ++ { 0x7c, 0xa1, 0x10, 0x45, 0x4a, 0x1a, 0x6e, 0x57 }; ++ ++unsigned char NIST_TEST_DATA[] = ++ { 0x01, 0xa1, 0xd6, 0xd0, 0x39, 0x77, 0x67, 0x42 }; ++ ++unsigned char NIST_TEST_RESULT[] = ++ { 0x69, 0x0f, 0x5b, 0x0d, 0x9a, 0x26, 0x93, 0x9b }; ++ ++int test_des_new_api(int mode) ++{ ++ ica_des_vector_t iv; ++ ica_des_key_single_t key; ++ int rc = 0; ++ unsigned char dec_text[sizeof NIST_TEST_DATA], ++ enc_text[sizeof NIST_TEST_DATA]; ++ ++ bzero(dec_text, sizeof dec_text); ++ bzero(enc_text, sizeof enc_text); ++ bzero(iv, sizeof iv); ++ bcopy(NIST_KEY1, key, sizeof NIST_KEY1); ++ ++ rc = ica_des_encrypt(mode, sizeof NIST_TEST_DATA, NIST_TEST_DATA, &iv, ++ &key, enc_text); ++ if (rc) { ++ VV_(printf("\nOriginal data:\n"); ++ dump_array(NIST_TEST_DATA, sizeof NIST_TEST_DATA)); ++ VV_(printf("ica_des_encrypt failed with errno %d (0x%x).\n", rc, rc)); ++ VV_(printf("\nEncrypted data:\n")); ++ dump_array(enc_text, sizeof enc_text); ++ return TEST_FAIL; ++ } ++ ++ if (memcmp(enc_text, NIST_TEST_RESULT, sizeof NIST_TEST_RESULT) != 0) { ++ VV_(printf("This does NOT match the known result.\n")); ++ return TEST_FAIL; ++ } else { ++ VV_(printf("Yep, it's what it should be.\n")); ++ } ++ ++ bzero(iv, sizeof iv); ++ rc = ica_des_decrypt(mode, sizeof enc_text, enc_text, &iv, &key, ++ dec_text); ++ if (rc) { ++ VV_(printf("\nOriginal data:\n")); ++ dump_array(NIST_TEST_DATA, sizeof NIST_TEST_DATA); ++ VV_(printf("ica_des_encrypt failed with errno %d (0x%x).\n", rc, rc)); ++ VV_(printf("\nEncrypted data:\n")); ++ dump_array(enc_text, sizeof enc_text); ++ VV_(printf("\nDecrypted data:\n")); ++ dump_array(dec_text, sizeof dec_text); ++ VV_(printf("ica_des_decrypt failed with errno %d (0x%x).\n", rc, rc)); ++ return TEST_FAIL; ++ } ++ ++ if (memcmp(dec_text, NIST_TEST_DATA, sizeof NIST_TEST_DATA) != 0) { ++ VV_(printf("\nOriginal data:\n")); ++ dump_array(NIST_TEST_DATA, sizeof NIST_TEST_DATA); ++ VV_(printf("ica_des_encrypt failed with errno %d (0x%x).\n", rc, rc)); ++ VV_(printf("\nEncrypted data:\n")); ++ dump_array(enc_text, sizeof enc_text); ++ VV_(printf("\nDecrypted data:\n")); ++ dump_array(dec_text, sizeof dec_text); ++ VV_(printf("This does NOT match the original data.\n")); ++ return TEST_FAIL; ++ } else { ++ VV_(printf("Successful!\n")); ++ } ++ ++ return TEST_SUCC; ++} ++ ++int main(int argc, char **argv) ++{ ++#ifdef NO_CPACF ++ UNUSED(argc); ++ UNUSED(argv); ++ printf("Skipping DES test, because CPACF support disabled via config option.\n"); ++ return TEST_SKIP; ++#else ++ unsigned int mode = 0; ++ int rc = 0; ++ int error_count = 0; ++ ++ set_verbosity(argc, argv); ++ ++#ifdef ICA_FIPS ++ if (ica_fips_status() & ICA_FIPS_MODE) { ++ printf("All DES new api tests skipped." ++ " (DES not FIPS approved)\n"); ++ return TEST_SKIP; ++ } ++#endif /* ICA_FIPS */ ++ ++ if (argc > 1) { ++ if (strstr(argv[1], "ecb")) ++ mode = MODE_ECB; ++ if (strstr(argv[1], "cbc")) ++ mode = MODE_CBC; ++ V_(printf("mode = %i \n", mode)); ++ } ++ ++ if (mode != 0 && mode != MODE_ECB && mode != MODE_CBC) { ++ printf("Usage: %s [ ecb | cbc ]\n", argv[0]); ++ return TEST_ERR; ++ } ++ if (!mode) { ++ /* This is the standard loop that will perform all testcases */ ++ mode = 2; ++ while (mode) { ++ rc = test_des_new_api(mode); ++ if (rc) { ++ error_count++; ++ V_(printf ("test_des_new_api mode = %i failed \n", mode)); ++ } ++ else { ++ V_(printf ("test_des_new_api mode = %i finished.\n", mode)); ++ } ++ mode--; ++ } ++ if (error_count) ++ printf("%i tests failed.\n", error_count); ++ else ++ printf("All tests passed.\n"); ++ } else { ++ /* Perform only either in ECB or CBC mode */ ++ rc = test_des_new_api(mode); ++ if (rc) ++ printf ("test_des_new_api mode = %i failed \n", mode); ++ else ++ printf ("test_des_new_api mode = %i finished.\n", mode); ++ } ++ ++ if (rc) ++ return TEST_FAIL; ++ ++ return TEST_SUCC; ++#endif /* NO_CPACF */ ++} +diff --git a/test/tdes_test.c b/test/tdes_test.c +new file mode 100644 +index 0000000..bfa33c2 +--- /dev/null ++++ b/test/tdes_test.c +@@ -0,0 +1,148 @@ ++/* This program is released under the Common Public License V1.0 ++ * ++ * You should have received a copy of Common Public License V1.0 along with ++ * with this program. ++ */ ++ ++/* Copyright IBM Corp. 2001, 2009, 2011 */ ++#include ++#include ++#include ++#include ++#include ++#include "ica_api.h" ++#include "testcase.h" ++ ++unsigned char KEY1[] = ++ { 0x7c, 0xa1, 0x10, 0x45, 0x4a, 0x1a, 0x6e, 0x57 }; ++ ++unsigned char KEY2[] = ++ { 0x8c, 0xa1, 0x10, 0x45, 0x4a, 0x1a, 0x6e, 0x57 }; ++ ++unsigned char KEY3[] = ++ { 0x9c, 0xa1, 0x10, 0x45, 0x4a, 0x1a, 0x6e, 0x57 }; ++ ++unsigned char TEST_DATA[] = ++ { 0x01, 0xa1, 0xd6, 0xd0, 0x39, 0x77, 0x67, 0x42 }; ++ ++unsigned char TEST_RESULT[] = ++ { 0x90, 0x9c, 0xbc, 0x01, 0xc5, 0x1f, 0x09, 0x60 }; ++ ++int test_3des_new_api(int mode) ++{ ++ ica_des_vector_t iv; ++ ica_des_key_triple_t key; ++ int rc = 0; ++ unsigned char dec_text[sizeof(TEST_DATA)], ++ enc_text[sizeof(TEST_DATA)]; ++ ++ bzero(dec_text, sizeof(dec_text)); ++ bzero(enc_text, sizeof(enc_text)); ++ bzero(iv, sizeof(iv)); ++ bcopy(KEY1, key.key1, sizeof(KEY1)); ++ bcopy(KEY2, key.key2, sizeof(KEY2)); ++ bcopy(KEY3, key.key3, sizeof(KEY3)); ++ ++ VV_(printf("\nOriginal data:\n")); ++ dump_array(TEST_DATA, sizeof(TEST_DATA)); ++ ++ rc = ica_3des_encrypt(mode, sizeof(TEST_DATA), TEST_DATA, ++ &iv, &key, enc_text); ++ if (rc != 0) { ++ VV_(printf("ica_3des_encrypt failed with errno %d (0x%x).\n", rc, rc)); ++ return TEST_FAIL; ++ } ++ ++ VV_(printf("\nEncrypted data:\n")); ++ dump_array(enc_text, sizeof(enc_text)); ++ if (memcmp(enc_text, TEST_RESULT, sizeof TEST_RESULT) != 0) { ++ VV_(printf("This does NOT match the known result.\n")); ++ return TEST_FAIL; ++ } else { ++ VV_(printf("Yep, it's what it should be.\n")); ++ } ++ ++ bzero(iv, sizeof(iv)); ++ rc = ica_3des_decrypt(mode, sizeof(enc_text), enc_text, ++ &iv, &key, dec_text); ++ if (rc != 0) { ++ VV_(printf("ica_3des_decrypt failed with errno %d (0x%x).\n", rc, rc)); ++ return TEST_FAIL; ++ } ++ ++ VV_(printf("\nDecrypted data:\n")); ++ dump_array(dec_text, sizeof(dec_text)); ++ if (memcmp(dec_text, TEST_DATA, sizeof(TEST_DATA)) != 0) { ++ VV_(printf("This does NOT match the original data.\n")); ++ return TEST_FAIL; ++ } else { ++ VV_(printf("Successful!\n")); ++ } ++ ++ return TEST_SUCC; ++} ++ ++/* ++ * Performs ECB and CBC tests. ++ */ ++int main(int argc, char **argv) ++{ ++#ifdef NO_CPACF ++ UNUSED(argc); ++ UNUSED(argv); ++ printf("Skipping TDES test, because CPACF support disabled via config option.\n"); ++ return TEST_SKIP; ++#else ++ unsigned int mode = 0; ++ int rc = 0; ++ int error_count = 0; ++ ++ if (argc > 1) { ++ if (strstr(argv[1], "ecb")) ++ mode = MODE_ECB; ++ if (strstr(argv[1], "cbc")) ++ mode = MODE_CBC; ++ V_(printf("mode = %i \n", mode)); ++ } ++ if (mode != 0 && mode != MODE_ECB && mode != MODE_CBC) { ++ printf("Usage: %s [ ecb | cbc ]\n", argv[0]); ++ return TEST_ERR; ++ } ++ ++ set_verbosity(argc, argv); ++ ++ if (!mode) { ++ /* This is the standard loop that will perform all testcases */ ++ mode = 2; ++ while (mode) { ++ rc = test_3des_new_api(mode); ++ if (rc) { ++ error_count++; ++ V_(printf ("test_des_new_api mode = %i failed \n", mode)); ++ } ++ else { ++ V_(printf ("test_des_new_api mode = %i finished.\n", mode)); ++ } ++ ++ mode--; ++ } ++ if (error_count) ++ printf("%i tests failed.\n", error_count); ++ else ++ printf("All tests passed.\n"); ++ } else { ++ /* Perform only either in ECB or CBC mode */ ++ rc = test_3des_new_api(mode); ++ if (rc) ++ printf ("test_des_new_api mode = %i failed \n", mode); ++ else ++ printf ("test_des_new_api mode = %i finished.\n", mode); ++ } ++ ++ if (rc || error_count) ++ return TEST_FAIL; ++ ++ return TEST_SUCC; ++#endif /* NO_CPACF */ ++} ++ +-- +2.38.1 + + +From 740531ec03c7dd79e185136b0b1970aa1cd1d924 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Dan=20Hor=C3=A1k?= +Date: Tue, 25 Oct 2022 13:54:11 +0200 +Subject: [libica PATCH 2/2] add back fips_check_3des_key() + +Partially revert 56b9ac0669e4d204ecb3f23e5404c2351cca96a2 by adding back +a function that's required by the previously reverted code. +--- + src/ica_api.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/ica_api.c b/src/ica_api.c +index 3e13a29..1bd81bb 100644 +--- a/src/ica_api.c ++++ b/src/ica_api.c +@@ -91,6 +91,16 @@ void ica_set_stats_mode(int stats_mode) + } + + #ifndef NO_CPACF ++#ifdef ICA_FIPS ++static unsigned int fips_check_3des_key(const ica_des_key_triple_t *key) { ++ if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LEN64) ++ | !CRYPTO_memcmp(key->key1, key->key3, DES_KEY_LEN64) ++ | !CRYPTO_memcmp(key->key2, key->key3, DES_KEY_LEN64)) ++ return EINVAL; ++ ++ return 0; ++} ++#endif + + static unsigned int check_des_parms(unsigned int mode, + unsigned long data_length, +-- +2.38.1 + diff --git a/libica-4.1.1-shmem.patch b/libica-4.1.1-shmem.patch new file mode 100644 index 0000000..0343471 --- /dev/null +++ b/libica-4.1.1-shmem.patch @@ -0,0 +1,35 @@ +From cd5b2b75554875111bf375b555ebd3b185cff1a0 Mon Sep 17 00:00:00 2001 +From: Joerg Schmidbauer +Date: Wed, 1 Feb 2023 10:54:33 +0100 +Subject: [libica PATCH] bugfix: permission denied on shared memory segments + +A change to the Linux kernel in 4.19 for added security is +changing the behavior when opening shared memory segments. +The O_CREAT flag must not be used for existing segments. + +Signed-off-by: Joerg Schmidbauer +--- + src/icastats_shared.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/icastats_shared.c b/src/icastats_shared.c +index bbc8d0e..8290239 100644 +--- a/src/icastats_shared.c ++++ b/src/icastats_shared.c +@@ -54,9 +54,10 @@ int stats_mmap(int user) + sprintf(shm_id, "icastats_%d", + user == -1 ? geteuid() : (uid_t)user); + +- stats_shm_handle = shm_open(shm_id, +- O_CREAT | O_RDWR, +- S_IRUSR | S_IWUSR); ++ stats_shm_handle = shm_open(shm_id, O_RDWR, S_IRUSR | S_IWUSR); ++ ++ if (stats_shm_handle == -1) ++ stats_shm_handle = shm_open(shm_id, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR); + + if (stats_shm_handle == -1) + return rc; +-- +2.39.1 + diff --git a/libica.spec b/libica.spec new file mode 100644 index 0000000..e2bd787 --- /dev/null +++ b/libica.spec @@ -0,0 +1,330 @@ +%global with_fips 1 +# workaround to keep ABI/soname stable at major version 3 +%global fakeversion 3:99:1 + +Summary: Library for accessing ICA hardware crypto on IBM z Systems +Name: libica +Version: 4.1.1 +Release: 2%{?dist} +License: CPL +Group: System Environment/Libraries +URL: https://github.com/opencryptoki/ +Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz +# annotate assembler source +# https://bugzilla.redhat.com/show_bug.cgi?id=1630582 +Patch0: %{name}-4.0.1-annotate.patch +# revert ABI to 3.x +# - reverted commit 4a3a77232ee85cf9f4eb7ac2d366b613013b9048 +# - partial revert of commit 56b9ac0669e4d204ecb3f23e5404c2351cca96a2 +Patch1: %{name}-4.1.1-revert-abi.patch +# fix permissions for shared memory segments +# https://bugzilla.redhat.com/show_bug.cgi?id=2167363 +Patch2: %{name}-4.1.1-shmem.patch +BuildRequires: gcc +BuildRequires: openssl +BuildRequires: openssl-devel +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +ExclusiveArch: s390 s390x + +%description +A library of functions and utilities for accessing ICA hardware crypto on +IBM z Systems. + + +%package devel +Summary: Development tools for programs to access ICA hardware crypto on IBM z Systems +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} +Requires: openssl-devel + +%description devel +The libica-devel package contains the header files and static +libraries necessary for developing programs accessing ICA hardware crypto on +IBM z Systems. + + +%prep +%autosetup -p1 + +sh ./bootstrap.sh + + +%build +%configure --disable-static \ +%if %{with_fips} + --enable-fips +%else + --disable-fips +%endif +make %{?_smp_mflags} VERSION=%{fakeversion} + + +%install +make install DESTDIR=$RPM_BUILD_ROOT VERSION=%{fakeversion} +rm %{buildroot}%{_libdir}/libica*.la +rm %{buildroot}%{_pkgdocdir}/{INSTALL,README.md} + + +%check +# mock doesn't provide the device, so check here +# https://github.com/rpm-software-management/mock/issues/33 +if [ -c /dev/hwrng -o -c /dev/prandom ]; then + make check +fi + + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%if %{with_fips} +%define __spec_install_post \ + %{?__debug_package:%{__debug_install_post}} \ + %{__arch_install_post} \ + %{__os_install_post} \ + make fipsinstall DESTDIR=%{buildroot} VERSION=%{fakeversion} + %{nil} +%endif + +%files +%doc AUTHORS LICENSE ChangeLog +%{_bindir}/icainfo +%{_bindir}/icainfo-cex +%{_bindir}/icastats +%if %{with_fips} +%{_libdir}/.libica.*.hmac +%{_libdir}/.libica-cex.*.hmac +%endif +%{_libdir}/libica.so.* +%{_libdir}/libica-cex.so.* +%{_mandir}/man1/icainfo.1* +%{_mandir}/man1/icainfo-cex.1* +%{_mandir}/man1/icastats.1* + +%files devel +%{_includedir}/* +%{_libdir}/libica.so +%{_libdir}/libica-cex.so + + +%changelog +* Tue Feb 07 2023 Dan Horák - 4.1.1-2 +- fix permissions for shared memory segments (#2167363) +- Resolves: #2167363 + +* Tue Oct 25 2022 Dan Horák - 4.1.1-1 +- updated to 4.1.1 (#2110375) +- Resolves: #2110375 + +* Thu Jun 30 2022 Dan Horák - 4.0.2-1 +- updated to 4.0.2 (#2101766) +- Resolves: #2101766 + +* Tue Mar 22 2022 Dan Horák - 4.0.1-1 +- updated to 4.0.1 (#2043843) +- Resolves: #2043843 #2043904 + +* Tue Feb 08 2022 Dan Horák - 3.9.0-1 +- updated to 3.9.0 (#1984972) +- Resolves: #1984972 + +* Thu Jul 08 2021 Dan Horák - 3.8.0-1 +- updated to 3.8.0 (#1919224) +- make software fallback call to openSSL/libcrypto (#1922205) +- Resolves: #1919224 #1922205 + +* Mon Jul 20 2020 Dan Horák - 3.7.0-2 +- fix FIPS integrity validation (#1857130) +- Resolves: #1857130 + +* Thu May 21 2020 Dan Horák - 3.7.0-1 +- updated to 3.7.0 (#1780299) +- Resolves: #1780299 + +* Thu Jan 09 2020 Dan Horák - 3.6.1-2 +- fix overflow in icastats counters (#1789052) +- Resolves: #1789052 + +* Tue Nov 26 2019 Dan Horák - 3.6.1-1 +- updated to 3.6.1 (#1772402) +- Resolves: #1772402 + +* Tue Nov 05 2019 Dan Horák - 3.6.0-1 +- updated to 3.6.0 (#1726244) +- Resolves: #1726244, #1723862 + +* Wed Apr 24 2019 Dan Horák - 3.5.0-1 +- updated to 3.5.0 (#1666621) +- Resolves: #1666621, #1659428, #1673054 + +* Fri Sep 21 2018 Dan Horák - 3.3.3-4 +- annotate assembler file (#1630582) + +* Fri Jul 13 2018 Fedora Release Engineering - 3.3.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Jun 13 2018 Dan Horák - 3.3.3-2 +- fix executable stack in assembler code + +* Tue Jun 12 2018 Dan Horák - 3.3.3-1 +- updated to 3.3.3 + +* Tue Apr 17 2018 Dan Horák - 3.3.2-1 +- updated to 3.3.2 + +* Wed Feb 07 2018 Fedora Release Engineering - 3.2.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Sep 25 2017 Dan Horák - 3.2.0-1 +- updated to 3.2.0 + +* Mon Sep 11 2017 Dan Horák - 3.1.1-1 +- updated to 3.1.1 + +* Thu Aug 03 2017 Fedora Release Engineering - 3.0.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 3.0.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Apr 18 2017 Dan Horák - 3.0.2-3 +- update BR + +* Fri Feb 10 2017 Fedora Release Engineering - 3.0.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Jan 18 2017 Dan Horák - 3.0.2-1 +- updated to 3.0.2 + +* Fri Jan 13 2017 Dan Horák - 3.0.1-2 +- check for /dev/prandom before running the test-suite + +* Fri Jan 13 2017 Dan Horák - 3.0.1-1 +- updated to 3.0.1 + +* Tue Apr 12 2016 Dan Horák - 2.6.2-1 +- updated to 2.6.2 + +* Thu Mar 17 2016 Dan Horák - 2.6.1-1 +- updated to 2.6.1 + +* Thu Feb 04 2016 Fedora Release Engineering - 2.4.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 2.4.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Sep 01 2014 Dan Horák - 2.4.2-1 +- updated to 2.4.2 + +* Wed Jun 11 2014 Dan Horák - 2.3.0-5 +- fix build with recent kernels + +* Sat Jun 07 2014 Fedora Release Engineering - 2.3.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri Mar 14 2014 Dan Horák - 2.3.0-3 +- add post release fix (#1066014) + +* Sat Aug 03 2013 Fedora Release Engineering - 2.3.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Fri May 03 2013 Dan Horák - 2.3.0-1 +- updated to 2.3.0 + +* Thu Feb 14 2013 Fedora Release Engineering - 2.2.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Aug 17 2012 Dan Horák - 2.2.0-1 +- updated to 2.2.0 + +* Thu Jul 19 2012 Fedora Release Engineering - 2.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jan 16 2012 Dan Horák - 2.1.1-1 +- updated to 2.1.1 + +* Fri Jan 13 2012 Fedora Release Engineering - 2.1.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Jul 07 2011 Dan Horák - 2.1.0-1 +- updated to 2.1.0 with soname set back to 2.0 + +* Mon Apr 11 2011 Dan Horák - 2.0.6-1 +- updated to 2.0.6 + +* Tue Feb 08 2011 Fedora Release Engineering - 2.0.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 12 2011 Dan Horák - 2.0.4-1 +- Do not use sigill to wrap all HW instructions (#665401) +- updated to 2.0.4 + +* Tue Nov 9 2010 Dan Horák - 2.0.3-3 +- Fix the return value of old_api_sha_test() in libica_sha1_test (#624005) +- Use the right buffer length when operating in 32-bit mode (#640035) +- Resolves: #624005, #640035 + +* Fri May 21 2010 Dan Horák - 2.0.3-2 +- rebuilt with -fno-strict-aliasing (#593779) +- Resolves: #593779 + +* Thu Apr 22 2010 Dan Horák - 2.0.3-1 +- updated to 2.0.3 (#582607) +- Resolves: #582607 + +* Mon Apr 12 2010 Dan Horák - 2.0.2-3 +- add SIGILL handler for add_entropy (#581520) +- Resolves: #581520 + +* Tue Feb 16 2010 Dan Horák - 2.0.2-2 +- dropped the utils sub-package +- Related: #543948 + +* Tue Dec 08 2009 Dennis Gregorovic - 2.0.2-1.1 +- Rebuilt for RHEL 6 + +* Mon Aug 17 2009 Dan Horák - 2.0.2-1 +- update to 2.0.2 + +* Fri Jul 24 2009 Fedora Release Engineering - 2.0.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Apr 1 2009 Dan Horák - 2.0.1-1 +- update to 2.0.1 + +* Mon Mar 23 2009 Dan Horák - 2.0-1 +- update to 2.0 +- spec file cleanup before submitting to Fedora + +* Sun Sep 14 2008 Phil Knirsch - 1.3.7-8.el5 +- Added the icainfo tool to libica (#439484) + +* Tue Apr 01 2008 Phil Knirsch - 1.3.7-7.el5 +- Fixed build of libica with latest AES & SHA feature (#439390) + +* Tue Jan 15 2008 Phil Knirsch - 1.3.7-6.el5 +- Added Software Support for CP Assist Instructions AES & SHA (#318971) + +* Thu Nov 23 2006 Phil Knirsch - 1.3.7-5.el5 +- Fixed requires bug where devel packages would get wrong arch lib (#215908) + +* Fri Oct 13 2006 Phil Knirsch - 1.3.7-4 +- Fixed bug where libica fails to initialize when no crypto hardware is + available (#210504) +- Only build libica for s390(x), really only needed there. + +* Fri Sep 08 2006 Phil Knirsch - 1.3.7-3 +- Build for other archs as well due to openCryptoki requirement (#184631) + +* Fri Jul 14 2006 Tim Powers - 1.3.7-2 +- rebuild + +* Tue Jun 13 2006 Phil Knirsch - 1.3.7-1 +- Update to libica-1.3.7 final +- Fixed build on latest devel tree + +* Tue Apr 04 2006 Phil Knirsch - 1.3.6-rc3-1 +- Initial package. diff --git a/sources b/sources new file mode 100644 index 0000000..4e551a9 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (libica-4.1.1.tar.gz) = 49b9bc106e83ec8336339c783a14b8599a93b9b1061efea7354f954e59aeeb18371946a013f7aecdaf1286d77b48644ca4894c8099809753e2f21286acdf3ef5